openhermes 2.8.0 → 4.0.0

package/harness/skills/verification-loop/SKILL.md

@@ -1,126 +0,0 @@
----
-name: verification-loop
-description: "A comprehensive verification system for Claude Code sessions."
-origin: ECC
----
-
-# Verification Loop Skill
-
-A comprehensive verification system for Claude Code sessions.
-
-## When to Use
-
-Invoke this skill:
-- After completing a feature or significant code change
-- Before creating a PR
-- When you want to ensure quality gates pass
-- After refactoring
-
-## Verification Phases
-
-### Phase 1: Build Verification
-```bash
-# Check if project builds
-npm run build 2>&1 | tail -20
-# OR
-pnpm build 2>&1 | tail -20
-```
-
-If build fails, STOP and fix before continuing.
-
-### Phase 2: Type Check
-```bash
-# TypeScript projects
-npx tsc --noEmit 2>&1 | head -30
-
-# Python projects
-pyright . 2>&1 | head -30
-```
-
-Report all type errors. Fix critical ones before continuing.
-
-### Phase 3: Lint Check
-```bash
-# JavaScript/TypeScript
-npm run lint 2>&1 | head -30
-
-# Python
-ruff check . 2>&1 | head -30
-```
-
-### Phase 4: Test Suite
-```bash
-# Run tests with coverage
-npm run test -- --coverage 2>&1 | tail -50
-
-# Check coverage threshold
-# Target: 80% minimum
-```
-
-Report:
-- Total tests: X
-- Passed: X
-- Failed: X
-- Coverage: X%
-
-### Phase 5: Security Scan
-```bash
-# Check for secrets
-grep -rn "sk-" --include="*.ts" --include="*.js" . 2>/dev/null | head -10
-grep -rn "api_key" --include="*.ts" --include="*.js" . 2>/dev/null | head -10
-
-# Check for console.log
-grep -rn "console.log" --include="*.ts" --include="*.tsx" src/ 2>/dev/null | head -10
-```
-
-### Phase 6: Diff Review
-```bash
-# Show what changed
-git diff --stat
-git diff HEAD~1 --name-only
-```
-
-Review each changed file for:
-- Unintended changes
-- Missing error handling
-- Potential edge cases
-
-## Output Format
-
-After running all phases, produce a verification report:
-
-```
-VERIFICATION REPORT
-==================
-
-Build:     [PASS/FAIL]
-Types:     [PASS/FAIL] (X errors)
-Lint:      [PASS/FAIL] (X warnings)
-Tests:     [PASS/FAIL] (X/Y passed, Z% coverage)
-Security:  [PASS/FAIL] (X issues)
-Diff:      [X files changed]
-
-Overall:   [READY/NOT READY] for PR
-
-Issues to Fix:
-1. ...
-2. ...
-```
-
-## Continuous Mode
-
-For long sessions, run verification every 15 minutes or after major changes:
-
-```markdown
-Set a mental checkpoint:
-- After completing each function
-- After finishing a component
-- Before moving to next task
-
-Run: /verify
-```
-
-## Integration with Hooks
-
-This skill complements PostToolUse hooks but provides deeper verification.
-Hooks catch issues immediately; this skill provides comprehensive review.

package/lib/ambient-memory.mjs

@@ -1,167 +0,0 @@
-import path from "node:path"
-import fs from "node:fs"
-import { readJson, readJsonl, truncateText } from "./hardening.mjs"
-import { getMemoryRoot, getRecallRoot, getDataRoot } from "./paths.mjs"
-import { scoreRelevance } from "./search.mjs"
-
-const PLURALS = { audit: "audits", checkpoint: "checkpoints", mistake: "mistakes", instinct: "instincts", decision: "decisions", constraint: "constraints", backlog: "backlog", verification_receipt: "verification_receipts" }
-const CLASSES = ["audit", "checkpoint", "mistake", "instinct", "decision", "constraint", "backlog", "verification_receipt"]
-
-const MEMORY_QUERY_PATTERNS = [
-  /where\s+(did|do)\s+we\s+(leave\s+off|left\s+off)/i,
-  /where\s+were\s+we/i,
-  /what\s+(was|is)\s+(the\s+)?(last|latest|most\s+recent)\s+(checkpoint|decision|constraint|feature|task|change|issue|fix|bug|request|request)/i,
-  /remind\s+me\s+(about|of)/i,
-  /what\s+were\s+we\s+(working\s+on|doing)/i,
-  /what\s+(happened|changed)\s+(last|yesterday|before|previously)/i,
-  /previous\s+session/i,
-  /last\s+time/i,
-  /recap/i,
-  /what\s+is\s+(the\s+)?(status|state)\s+of/i,
-  /did\s+we\s+(decide|agree|finish|resolve|discuss)/i,
-  /where\s+(did|do)\s+i\s+(leave\s+off|left\s+off)/i,
-]
-
-function hasExpired(r) {
-  if (r?.status === "expired" || r?.status === "decayed") return true
-  if (r?.decay_at && Date.parse(r.decay_at) < Date.now()) return true
-  if (r?.expires_at && Date.parse(r.expires_at) < Date.now()) return true
-  return false
-}
-
-function filterActive(entries) { return entries.filter(e => !hasExpired(e)) }
-
-function detectMemoryQuery(text) {
-  return MEMORY_QUERY_PATTERNS.some(p => p.test(text))
-}
-
-function extractSearchTerms(text) {
-  const cleaned = text.replace(/<[^>]+>/g, "").replace(/[^\w\s-]/g, " ").trim()
-  return cleaned.slice(0, 200)
-}
-
-function classDir(cls) { return path.join(getMemoryRoot(), PLURALS[cls]) }
-
-function readAllRecords() {
-  const records = []
-  for (const cls of CLASSES) {
-    if (cls === "mistake") {
-      for (const m of readJsonl(path.join(classDir(cls), "mistakes.jsonl"))) {
-        if (!hasExpired(m)) records.push({ ...m, _cls: cls })
-      }
-    } else {
-      const dir = classDir(cls)
-      const index = readJson(path.join(dir, "index.json"), [])
-      if (!Array.isArray(index)) continue
-      for (const entry of index) {
-        if (!hasExpired(entry)) {
-          records.push({ ...entry, _cls: cls })
-        }
-      }
-    }
-  }
-  return records
-}
-
-function autoSearch(query) {
-  const q = (query || "").trim()
-  if (!q) return []
-
-  const records = readAllRecords()
-  const scored = records
-    .map(r => ({ ...r, _score: scoreRelevance(r, q, "") }))
-    .filter(r => r._score > 0)
-    .sort((a, b) => b._score - a._score)
-    .slice(0, 5)
-
-  return scored
-}
-
-function buildMemoryBlock() {
-  const parts = []
-
-  const ckIndex = readJson(path.join(getMemoryRoot(), "checkpoints", "index.json"), [])
-  if (Array.isArray(ckIndex) && ckIndex.length > 0) {
-    const latest = [...ckIndex].sort((a, b) => new Date(b.updated_at) - new Date(a.updated_at))[0]
-    if (latest) {
-      const cp = readJson(path.join(getMemoryRoot(), "checkpoints", `${latest.id}.json`), null)
-      if (cp) {
-        parts.push(`Checkpoint: ${cp.summary || "N/A"}`)
-        if (cp.mission) parts.push(`Mission: ${truncateText(cp.mission, 200)}`)
-        if (Array.isArray(cp.next_actions) && cp.next_actions.length) parts.push(`Next: ${cp.next_actions.slice(0, 2).join("; ")}`)
-      }
-    }
-  }
-
-  const ctIndex = readJson(path.join(getMemoryRoot(), "constraints", "index.json"), [])
-  if (Array.isArray(ctIndex)) {
-    const active = ctIndex.filter(e => e.status === "active")
-    if (active.length) parts.push(`Constraints (${active.length} active)`)
-  }
-
-  const dcIndex = readJson(path.join(getMemoryRoot(), "decisions", "index.json"), [])
-  if (Array.isArray(dcIndex)) {
-    const recent = filterActive(dcIndex).slice(0, 2)
-    if (recent.length) parts.push(`Recent decisions: ${recent.map(d => truncateText(d.summary || "", 80)).join(" | ")}`)
-  }
-
-  const bkIndex = readJson(path.join(getMemoryRoot(), "backlog", "index.json"), [])
-  if (Array.isArray(bkIndex)) {
-    const open = bkIndex.filter(e => e.status === "open")
-    if (open.length) parts.push(`Backlog: ${open.length} open`)
-  }
-
-  return parts.length ? parts.join("\n") : "No active memory records found."
-}
-
-export const AmbientMemoryPlugin = async () => ({
-  "experimental.chat.messages.transform": async (_input, output) => {
-    if (!output.messages?.length) return
-
-    const firstUser = output.messages.find(m => m.info?.role === "user")
-    if (!firstUser?.parts?.length) return
-
-    const hasMemoryTag = firstUser.parts.some(p => p.type === "text" && p.text.includes("OPENHERMES_MEMORY"))
-
-    if (!hasMemoryTag) {
-      const block = buildMemoryBlock()
-      const tag = `<OPENHERMES_MEMORY>\n${block}\n</OPENHERMES_MEMORY>`
-      const textPart = firstUser.parts.find(p => p.type === "text")
-      if (textPart) {
-        textPart.text = `${tag}\n\n${textPart.text}`
-      }
-    }
-
-    const lastUser = [...output.messages].reverse().find(m => m.info?.role === "user")
-    if (!lastUser) return
-
-    const text = lastUser.parts?.find(p => p.type === "text")?.text || ""
-    if (!text || !detectMemoryQuery(text)) return
-
-    const terms = extractSearchTerms(text)
-    if (!terms) return
-
-    const results = autoSearch(terms)
-    if (!results.length) return
-
-    const contextBlock = [
-      `<memory-context>`,
-      `[System note: auto-retrieved from durable memory — NOT new user input]`,
-      ...results.slice(0, 3).map(r => {
-        const cls = r.class || "?";
-        const label = `${cls}:${r.id}`
-        return `- ${label}: ${truncateText(r.summary || "", 120)}`
-      }),
-      results.length > 3 ? `  ... and ${results.length - 3} more results` : null,
-      `</memory-context>`,
-    ].filter(Boolean).join("\n")
-
-    const idx = output.messages.indexOf(lastUser)
-    if (idx > 0) {
-      output.messages.splice(idx, 0, {
-        parts: [{ type: "text", text: contextBlock }],
-        info: { role: "system" },
-      })
-    }
-  }
-})

package/lib/handoff.mjs

@@ -1,171 +0,0 @@
-// OpenHermes Agent Handoff — lightweight helper library
-// Convention-based, no runtime deps. Agents import and call.
-
-let _idSeq = 0
-
-function nextId() {
-  _idSeq++
-  return `ho_${Date.now().toString(36)}_${_idSeq}`
-}
-
-function clamp(v, lo, hi) { return Math.max(lo, Math.min(hi, v)) }
-
-// Estimate task complexity from file count and description.
-export function assessComplexity(fileCount = 1, description = "", patterns = []) {
-  const pScore = Array.isArray(patterns) ? patterns.length : 0
-  const level = fileCount > 50 || pScore > 5 ? "very-large"
-    : fileCount > 10 || pScore > 2 ? "hard"
-    : fileCount > 2 || pScore > 0 ? "medium"
-    : "easy"
-  return {
-    level,
-    fileCount: clamp(fileCount, 0, 9999),
-    patterns: pScore,
-    strategy: level === "easy" ? "direct"
-      : level === "medium" ? "sequential-or-fan-out"
-      : level === "hard" ? "sequential-multi"
-      : "fan-out"
-  }
-}
-
-// Build a structured handoff request string for the `task` tool prompt.
-export function handoffRequest(opts) {
-  const {
-    agent,
-    phase = "execute",
-    context = "",
-    goal = "",
-    expected = "",
-    permissions = "",
-    limits = "",
-    complexity,
-  } = opts || {}
-  const id = nextId()
-  const c = complexity || assessComplexity()
-  const lines = [
-    `## HANDOFF REQUEST`,
-    `Agent: ${agent}`,
-    `Task ID: ${id}`,
-    `Phase: ${phase}`,
-    `Complexity: ${c.level}`,
-    ``,
-    `### Context`,
-    String(context).trim() || "(no context provided)",
-    ``,
-    `### Goal`,
-    String(goal).trim() || "(no goal provided)",
-    ``,
-    `### Expected Output`,
-    String(expected).trim() || "Return structured result with status, summary, details, receipts, next, learning.",
-    ``,
-    `### Permissions`,
-    String(permissions).trim() || "(default permissions apply)",
-    ``,
-    `### Limits`,
-    String(limits).trim() || "(no explicit limits)",
-    ``,
-    `### Handoff Result Format`,
-    `When done, return:`,
-    `## HANDOFF RESULT`,
-    `Status: success | failure | partial`,
-    `Task ID: ${id}`,
-    `### Summary`,
-    `### Details`,
-    `### Receipts`,
-    `### Next`,
-    `### Learning`,
-  ].join("\n")
-  return { id, prompt: lines }
-}
-
-// Validate a subagent's result string has required sections.
-export function parseHandoffResult(text) {
-  if (!text || typeof text !== "string") return { status: "invalid", error: "no result text" }
-  const statusMatch = text.match(/Status:\s*(success|failure|partial)/i)
-  const hasSummary = /### Summary/i.test(text)
-  const hasDetails = /### Details/i.test(text)
-  const hasReceipts = /### Receipts/i.test(text)
-  const summaryMatch = text.match(/### Summary\s*\n\s*(.+)/i)
-  return {
-    status: statusMatch ? statusMatch[1].toLowerCase() : "unknown",
-    summary: summaryMatch ? summaryMatch[1].trim() : "",
-    hasSummary,
-    hasDetails,
-    hasReceipts,
-    valid: !!(statusMatch && hasSummary),
-  }
-}
-
-// Agent capability/role definitions for reference.
-export const AGENT_ROLES = {
-  OpenHermes:       { tier: 3, edit: true,  exec: true,  desc: "Primary agent — all tools, all permissions" },
-  architect:        { tier: 1, edit: false, exec: false, desc: "System architecture design" },
-  planner:          { tier: 1, edit: false, exec: false, desc: "Feature/refactor planning" },
-  "code-reviewer":  { tier: 1, edit: false, exec: false, desc: "Code quality review" },
-  "security-reviewer": { tier: 1, edit: false, exec: false, desc: "Security audit (report only, no patches)" },
-  explore:          { tier: 1, edit: false, exec: false, desc: "Read-only codebase exploration" },
-  "build-error-resolver": { tier: 2, edit: true, exec: true, desc: "Build/type error fixes" },
-  "doc-updater":    { tier: 2, edit: true, exec: true, desc: "Doc/codemap updates" },
-  "refactor-cleaner": { tier: 2, edit: true, exec: true, desc: "Dead code cleanup" },
-  "tdd-guide":      { tier: 2, edit: true, exec: true, desc: "TDD red-green-refactor" },
-  "loop-operator":  { tier: 3, edit: true, exec: true, desc: "Managed autonomous loops" },
-  "e2e-runner":     { tier: 3, edit: true, exec: true, desc: "Playwright E2E tests" },
-  "docs-lookup":    { tier: 1, edit: false, exec: true, desc: "MCP doc lookup" },
-  "harness-optimizer": { tier: 1, edit: false, exec: true, desc: "Harness config audit" },
-  "review-database":   { tier: 1, edit: false, exec: true, desc: "PostgreSQL review" },
-  "review-go":      { tier: 1, edit: false, exec: true, desc: "Go code review" },
-  "build-go":       { tier: 2, edit: true, exec: true, desc: "Go build fix" },
-  "review-java":    { tier: 1, edit: false, exec: true, desc: "Java review" },
-  "build-java":     { tier: 2, edit: true, exec: true, desc: "Java build fix" },
-  "review-kotlin":  { tier: 1, edit: false, exec: true, desc: "Kotlin review" },
-  "build-kotlin":   { tier: 2, edit: true, exec: true, desc: "Kotlin build fix" },
-  "review-cpp":     { tier: 1, edit: false, exec: true, desc: "C++ review" },
-  "build-cpp":      { tier: 2, edit: true, exec: true, desc: "C++ build fix" },
-  "review-rust":    { tier: 1, edit: false, exec: true, desc: "Rust review" },
-  "build-rust":     { tier: 2, edit: true, exec: true, desc: "Rust build fix" },
-  "review-python":  { tier: 1, edit: false, exec: true, desc: "Python review" },
-  "general":        { tier: 2, edit: true, exec: true, desc: "General purpose" },
-}
-
-// Suggest best agent for a task type.
-export function suggestAgent(taskType) {
-  const map = {
-    architecture: "architect",
-    plan: "planner",
-    "code-review": "code-reviewer",
-    security: "security-reviewer",
-    explore: "explore",
-    "build-fix": "build-error-resolver",
-    docs: "doc-updater",
-    "dead-code": "refactor-cleaner",
-    tdd: "tdd-guide",
-    e2e: "e2e-runner",
-    "doc-lookup": "docs-lookup",
-    "db-review": "review-database",
-    "go-review": "review-go",
-    "go-build": "build-go",
-    "java-review": "review-java",
-    "java-build": "build-java",
-    "kotlin-review": "review-kotlin",
-    "kotlin-build": "build-kotlin",
-    "cpp-review": "review-cpp",
-    "cpp-build": "build-cpp",
-    "rust-review": "review-rust",
-    "rust-build": "build-rust",
-    "python-review": "review-python",
-    loop: "loop-operator",
-    "harness-audit": "harness-optimizer",
-  }
-  return map[taskType] || null
-}
-
-// Quick permission check: can agent X do action Y?
-export function canAgent(agentName, action) {
-  const role = AGENT_ROLES[agentName]
-  if (!role) return false
-  if (action === "edit") return role.edit
-  if (action === "exec" || action === "bash") return role.exec
-  if (action === "read") return true
-  if (action === "delegate") return role.tier >= 1
-  return false
-}

package/lib/hardening.mjs

@@ -1,146 +0,0 @@
-import crypto from "node:crypto"
-import fs from "node:fs"
-import os from "node:os"
-import path from "node:path"
-
-const SECRET_KEY_PATTERN = /(token|secret|password|passwd|passphrase|pwd|credential|auth|api[-_ ]?key|access[-_ ]?key|refresh[-_ ]?token|authorization|cookie|bearer)/i
-const TEXT_REDACTIONS = [
-  [/\bsk-[A-Za-z0-9]{16,}\b/g, "[REDACTED]"],
-  [/\bgh[pousr]_[A-Za-z0-9_]{20,}\b/g, "[REDACTED]"],
-  [/\bgithub_pat_[A-Za-z0-9_]+\b/g, "[REDACTED]"],
-  [/\bxox[baprs]-[A-Za-z0-9-]+\b/g, "[REDACTED]"],
-  [/\bBearer\s+[A-Za-z0-9._~+/=-]{8,}\b/gi, "Bearer [REDACTED]"],
-  [/\b[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\b/g, "[REDACTED]"],
-]
-
-function isPlainObject(value) {
-  return !!value && typeof value === "object" && !Array.isArray(value)
-}
-
-function truncateText(text, limit = 12000) {
-  const value = String(text ?? "")
-  if (limit <= 0 || value.length <= limit) return value
-  const suffix = "...[truncated]"
-  const sliceLength = Math.max(0, limit - suffix.length)
-  return value.slice(0, sliceLength) + suffix
-}
-
-function redactSensitiveText(text) {
-  let output = String(text ?? "")
-  for (const [pattern, replacement] of TEXT_REDACTIONS) {
-    output = output.replace(pattern, replacement)
-  }
-  return output
-}
-
-function sanitizeValue(value, key = "", options = {}) {
-  const maxStringLength = Number.isFinite(options.maxStringLength) ? options.maxStringLength : 12000
-  if (value === null || value === undefined) return value
-  if (typeof value === "string") return truncateText(redactSensitiveText(value), maxStringLength)
-  if (typeof value === "number" || typeof value === "boolean") return value
-  if (Array.isArray(value)) return value.map(item => sanitizeValue(item, key, options))
-  if (isPlainObject(value)) {
-    const redacted = {}
-    for (const [childKey, childValue] of Object.entries(value)) {
-      redacted[childKey] = SECRET_KEY_PATTERN.test(childKey)
-        ? "[REDACTED]"
-        : sanitizeValue(childValue, childKey, options)
-    }
-    return redacted
-  }
-  return truncateText(redactSensitiveText(String(value)), maxStringLength)
-}
-
-function sanitizeRecord(record, options = {}) {
-  return sanitizeValue(record, "", options)
-}
-
-function fingerprintEnvironment(input = {}) {
-  const fingerprint = {
-    cwd: path.resolve(input.cwd || process.cwd()),
-    harness_root: input.harnessRoot ? path.resolve(input.harnessRoot) : null,
-    project_root: input.projectRoot ? path.resolve(input.projectRoot) : null,
-    project: input.project || null,
-    session_id: input.sessionId || null,
-    os: process.platform,
-    release: os.release(),
-    arch: process.arch,
-    shell: process.env.ComSpec || process.env.COMSPEC || "cmd.exe",
-    provider: process.env.OPENCODE_PROVIDER || "lmstudio",
-    model: process.env.OPENCODE_MODEL || null,
-  }
-  const sha256 = crypto.createHash("sha256").update(JSON.stringify(fingerprint)).digest("hex")
-  return { ...fingerprint, sha256 }
-}
-
-function fingerprintFile(filePath) {
-  try {
-    const stat = fs.statSync(filePath)
-    const content = fs.readFileSync(filePath)
-    return {
-      path: path.normalize(filePath),
-      mtime: stat.mtime.toISOString(),
-      size: stat.size,
-      sha256: crypto.createHash("sha256").update(content).digest("hex"),
-    }
-  } catch {
-    return null
-  }
-}
-
-function atomicWriteJson(filePath, data) {
-  const dir = path.dirname(filePath)
-  fs.mkdirSync(dir, { recursive: true })
-  const tmpPath = path.join(dir, `.${path.basename(filePath)}.${process.pid}.${Date.now()}.tmp`)
-  const payload = `${JSON.stringify(data, null, 2)}\n`
-  fs.writeFileSync(tmpPath, payload, "utf8")
-  try {
-    fs.renameSync(tmpPath, filePath)
-  } catch (err) {
-    fs.copyFileSync(tmpPath, filePath)
-    fs.rmSync(tmpPath, { force: true })
-  }
-}
-
-function isTruthy(value) {
-  return /^(1|true|yes|on)$/i.test(String(value || ""))
-}
-
-function readJson(fp, fallback) {
-  try { return JSON.parse(fs.readFileSync(fp, "utf8")) } catch { return fallback }
-}
-
-function readJsonl(fp) {
-  try {
-    const results = []
-    for (const l of fs.readFileSync(fp, "utf8").trim().split("\n").filter(Boolean)) {
-      try { results.push(JSON.parse(l)) } catch {}
-    }
-    return results
-  } catch { return [] }
-}
-
-function buildEnvironmentFingerprint(root, directory, project) {
-  return fingerprintEnvironment({
-    cwd: directory,
-    harnessRoot: root,
-    projectRoot: directory,
-    project: project?.name || path.basename(directory),
-    sessionId: project?.session_id || null,
-  })
-}
-
-function toDisplayPath(absPath) {
-  if (!absPath) return ''
-  const normalized = absPath.replace(/\\/g, '/')
-  const idx = normalized.lastIndexOf('/openhermes/')
-  if (idx !== -1) return 'openhermes' + normalized.slice(idx + 11)
-  const parts = normalized.split('/').filter(Boolean)
-  return parts.slice(-2).join('/')
-}
-
-function branded(prefix, message) {
-  return `OpenHermes${prefix ? ` ${prefix}` : ''}: ${message}`
-}
-
-export { atomicWriteJson, branded, buildEnvironmentFingerprint, fingerprintEnvironment, fingerprintFile, isPlainObject, isTruthy, readJson, readJsonl, redactSensitiveText, sanitizeRecord, toDisplayPath, truncateText }