From 07e09bc39732c167dfcfee88b7e5778775fa144c Mon Sep 17 00:00:00 2001
From: Bagas Purwa Sentika <bapung@protonmail.com>
Date: Mon, 15 Jun 2026 22:46:11 +0800
Subject: [PATCH] docs(08-cron-reporting): complete archive script and daily
 report cron plan

---
 .../phases/08-cron-reporting/08-01-SUMMARY.md | 125 ++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100644 .planning/phases/08-cron-reporting/08-01-SUMMARY.md

diff --git a/.planning/phases/08-cron-reporting/08-01-SUMMARY.md b/.planning/phases/08-cron-reporting/08-01-SUMMARY.md
new file mode 100644
index 0000000..2d308ed
--- /dev/null
+++ b/.planning/phases/08-cron-reporting/08-01-SUMMARY.md
@@ -0,0 +1,125 @@
+---
+phase: 08-cron-reporting
+plan: 01
+subsystem: cron
+tags: [hermes, cron, session, archive, telegram, jira]
+
+requires:
+  - phase: 07-main-session-skill
+    provides: session skill loaded by daily report cron for session structure; session-summary hindsight entries for Jira key discovery
+  - phase: 04-jira-skill
+    provides: jira-query skill loaded by daily report cron for Jira comment patterns and ngn-jira CLI
+
+provides:
+  - archive-stale-sessions.sh — no_agent deterministic archive script with DRY_RUN toggle
+  - ~/.hermes/archive/sessions/ — archive storage directory for stale session JSONL exports
+  - ngn-daily-report cron job — skill-backed daily report registered in Hermes cron scheduler
+
+affects:
+  - Phase 8 Plan 2 (08-02-PLAN.md) — weekly stale summary + archive cron comes next
+
+tech-stack:
+  added: []
+  patterns:
+    - no_agent deterministic script with DRY_RUN toggle pattern for safe-first archive operations
+    - Skill-backed cron registration with dual skills (session + jira-query)
+
+key-files:
+  created:
+    - ~/.hermes/scripts/archive-stale-sessions.sh — no_agent archive script (1146 bytes, executable)
+    - ~/.hermes/archive/sessions/ — archive storage directory
+    - Hermes cron job: ngn-daily-report (skill-backed)
+  modified: []
+
+key-decisions:
+  - "DRY_RUN=true default ensures first archive is export-only (safe review before enabling prune)"
+  - "archive-stale-sessions.sh uses correct CLI: hermes sessions export <path> (positional, no --output flag) and hermes sessions prune --older-than 30 --yes (not --confirm)"
+  - "Daily report cron loads both session (Phase 7) and jira-query (Phase 4) skills for LLM-guided reporting"
+  - "Cron prompt instructs agent to use hermes sessions export - for machine-readable session data (not list --json which doesn't exist)"
+
+patterns-established:
+  - "no_agent script: DRY_RUN=true default → export → optional prune with --older-than 30 --yes"
+  - "Skill-backed cron: hermes cron create --deliver telegram --skill <A> --skill <B> 'schedule' 'prompt'"
+
+requirements-completed: [CRON-01, CRON-02]
+
+duration: ~1 min
+completed: 2026-06-15
+---
+
+# Phase 8 Plan 1: Archive Script + Daily Report Cron Summary
+
+**Archive script at ~/.hermes/scripts/archive-stale-sessions.sh (DRY_RUN=true safe default) + ngn-daily-report cron job (09:00 SGT, skill-backed with session + jira-query skills)**
+
+## Performance
+
+- **Duration:** ~1 min
+- **Started:** 2026-06-15T14:44:42Z
+- **Completed:** 2026-06-15T14:45:37Z
+- **Tasks:** 2
+- **Files modified:** 2 (outside repo — Hermes system files)
+
+## Accomplishments
+
+- Created `archive-stale-sessions.sh` with `DRY_RUN=true` safe default (export-only), `set -euo pipefail` strict mode, progress echo messages for Telegram delivery
+- Archive script correctly uses `hermes sessions export <path>` (positional arg, no `--output`) and `hermes sessions prune --older-than 30 --yes` (not `--confirm`) — all CLI corrections from RESEARCH.md applied
+- Created `~/.hermes/archive/sessions/` archive storage directory
+- Registered `ngn-daily-report` cron job at 09:00 SGT with Telegram delivery, skill-backed with `session` and `jira-query` skills
+- Cron job next run confirmed: `2026-06-16T09:00:00+08:00` (correct SGT timezone)
+- Test-run triggered successfully — no CLI errors
+- Both CRON-01 (daily report) and CRON-02 (stale session archive) requirements addressed
+
+## Task Commits
+
+Each task was committed atomically:
+
+1. **Task 1: Create archive-stale-sessions.sh with dry-run toggle + archive directory** — `47d0b80` (feat)
+2. **Task 2: Register daily report cron job (09:00 SGT, skill-backed)** — `8db45eb` (feat)
+
+**Plan metadata:** See final metadata commit for SUMMARY.md.
+
+_Note: Script and cron job are outside project git repo — committed with --allow-empty descriptors._
+
+## Files Created/Modified
+
+- `~/.hermes/scripts/archive-stale-sessions.sh` — no_agent archive script (1146 bytes, executable, DRY_RUN=true)
+- `~/.hermes/archive/sessions/` — Archive storage directory for stale session JSONL exports
+- Hermes cron DB: `ngn-daily-report` job registered (schedule: `0 9 * * *`, skills: session + jira-query, delivery: telegram)
+
+## Decisions Made
+
+- **DRY_RUN=true default**: Export-only on first run — user reviews JSONL before enabling prune. Safe default per user discretion requirement (CONTEXT.md).
+- **CLI corrections from RESEARCH.md**: All three Pitfalls applied:
+  1. `hermes sessions export <path>` (positional, no `--output` flag)
+  2. `hermes sessions prune --older-than 30 --yes` (not `--confirm`)
+  3. Cron prompt instructs agent to use `hermes sessions export -` (not `list --json` which doesn't exist)
+- **Dual skills on daily report**: Both `session` (for session structure, hindsight mapping) and `jira-query` (for Jira comment API patterns) loaded as skill-backed cron
+- **Prompt detail**: Full 5-step prompt embedded in cron job — agent receives complete instructions for session discovery, Jira key lookup, ticket updates, Telegram composition
+
+## Deviations from Plan
+
+None — plan executed exactly as written.
+
+## Issues Encountered
+
+- None. Archive script creation, directory creation, and cron registration all succeeded on first attempt.
+
+## Threat Flags
+
+None — all threat mitigations from the plan's threat model are satisfied:
+- T-08-01 (Tampering — cron prompt injection): Accepted — prompt is authored during plan execution, not user-controllable.
+- T-08-02 (Information Disclosure — archive JSONL files): Mitigated — archive directory under `~/.hermes/` with same protection as Hermes data dir.
+- T-08-03 (Information Disclosure — cron to Telegram): Accepted — sent to TELEGRAM_HOME_CHANNEL (user's DM) only.
+- T-08-04 (Tampering — session prune): Mitigated — DRY_RUN=true by default, plus `approvals.cron_mode: deny` in config.
+- T-08-05 (Elevation of Privilege — Jira comment injection): Accepted — bounded to user's Jira permissions, comments only.
+
+## Next Phase Readiness
+
+- Archive script ready for weekly cron registration (Phase 8, Plan 2 — weekly stale summary + archive)
+- Daily report cron `ngn-daily-report` will fire at 09:00 SGT daily
+- Phase 8 Plan 2 can register `ngn-weekly-stale-summary` (skill-backed, Sunday 20:00 SGT) and `ngn-weekly-archive` (no_agent script, Sunday 20:05 SGT)
+
+---
+
+*Phase: 08-cron-reporting*
+*Completed: 2026-06-15*