chore: archive v1.0 milestone
This commit is contained in:
82
.planning/milestones/v1.0-REQUIREMENTS.md
Normal file
82
.planning/milestones/v1.0-REQUIREMENTS.md
Normal file
@@ -0,0 +1,82 @@
|
||||
# v1.0 MVP — Requirements Archive
|
||||
|
||||
**Shipped:** 2026-06-14
|
||||
**Core Value:** Agent must NEVER mutate real infrastructure beyond what the limited IAM role permits
|
||||
|
||||
## v1 Requirements — All Complete
|
||||
|
||||
### Authentication & Provider
|
||||
|
||||
- [x] **AUTH-01**: Agent authenticates via AWS Bedrock as primary LLM provider using boto3 SSO auth chain
|
||||
- [x] **AUTH-02**: Agent falls back to OpenRouter when Bedrock encounters errors
|
||||
- [x] **AUTH-03**: Project-local `./.aws/` config with limited SSO role mounted read-only into Docker container
|
||||
- [x] **AUTH-04**: SSO token refresh handled via AWS SDK cached registration (~7 day validity)
|
||||
- [x] **AUTH-05**: OpenRouter API key stored in `~/.hermes/.env`
|
||||
|
||||
### Container & Security
|
||||
|
||||
- [x] **CONT-01**: Hermes configured with Docker terminal backend
|
||||
- [x] **CONT-02**: Docker container runs with `--cap-drop ALL`, `--security-opt no-new-privileges`, PID limits
|
||||
- [x] **CONT-03**: `./.aws/` mounted into container — config as read-only, SSO cache as read-write
|
||||
- [x] **CONT-04**: AWS_REGION environment variable set in container
|
||||
- [x] **CONT-05**: Hermes dangerous command approval enabled with manual mode
|
||||
- [x] **CONT-06**: Hardline blocklist protects against catastrophic commands
|
||||
|
||||
### Memory & Knowledge
|
||||
|
||||
- [x] **MEM-01**: Hermes persistent memory configured (MEMORY.md + USER.md)
|
||||
- [x] **MEM-02**: Agent proactively saves environment facts and conventions (nudge_interval: 10)
|
||||
- [x] **MEM-03**: Session search available via FTS5 (hermes-cli preset)
|
||||
- [x] **MEM-04**: Git worktree isolation enabled (`worktree: true`)
|
||||
|
||||
### Gateway
|
||||
|
||||
- [x] **GATE-01**: Telegram gateway configured and connected (launchd service)
|
||||
- [x] **GATE-02**: Pairing-based authorization for new users (approved: 474440517)
|
||||
- [x] **GATE-03**: Scheduled daily reports (cron system active in gateway)
|
||||
- [x] **GATE-04**: Gateway runs as persistent service
|
||||
|
||||
### Skills
|
||||
|
||||
- [x] **SKIL-01**: Skills system operational (73 bundled + 4 custom ngn-agent skills)
|
||||
- [x] **SKIL-02**: Read-only infrastructure diagnostic skills (aws-diagnostics SKILL.md)
|
||||
- [x] **SKIL-03**: Jira, Confluence, and Bitbucket API wrappers (ngn-jira, ngn-confluence, ngn-bitbucket scripts)
|
||||
|
||||
## Requirements Outcomes
|
||||
|
||||
| Requirement | Outcome | Notes |
|
||||
|-------------|---------|-------|
|
||||
| AUTH-01 through AUTH-05 | ✦ Validated | Bedrock + OpenRouter working end-to-end |
|
||||
| CONT-01 through CONT-06 | ✦ Validated | Docker hardened, approvals active |
|
||||
| MEM-01 through MEM-04 | ✦ Validated | Memory, search, worktree configured |
|
||||
| GATE-01 through GATE-04 | ✦ Validated | Telegram live, pairing approved, cron running |
|
||||
| SKIL-01 through SKIL-03 | ✦ Validated | 4 custom skills, 3 API wrappers deployed |
|
||||
|
||||
## v1 Traceability
|
||||
|
||||
| Requirement | Phase | Final Status |
|
||||
|-------------|-------|-------------|
|
||||
| AUTH-01 | Phase 1 | Complete |
|
||||
| AUTH-02 | Phase 1 | Complete |
|
||||
| AUTH-03 | Phase 1 | Complete |
|
||||
| AUTH-04 | Phase 1 | Complete |
|
||||
| AUTH-05 | Phase 1 | Complete |
|
||||
| CONT-01 | Phase 1 | Complete |
|
||||
| CONT-02 | Phase 1 | Complete |
|
||||
| CONT-03 | Phase 1 | Complete |
|
||||
| CONT-04 | Phase 1 | Complete |
|
||||
| CONT-05 | Phase 1 | Complete |
|
||||
| CONT-06 | Phase 1 | Complete |
|
||||
| MEM-01 | Phase 2 | Complete |
|
||||
| MEM-02 | Phase 2 | Complete |
|
||||
| MEM-03 | Phase 2 | Complete |
|
||||
| MEM-04 | Phase 2 | Complete |
|
||||
| GATE-01 | Phase 3 | Complete |
|
||||
| GATE-02 | Phase 3 | Complete |
|
||||
| GATE-03 | Phase 3 | Complete |
|
||||
| GATE-04 | Phase 3 | Complete |
|
||||
| SKIL-01 | Phase 4 | Complete |
|
||||
| SKIL-02 | Phase 4 | Complete |
|
||||
| SKIL-03 | Phase 4 | Complete |
|
||||
|
||||
**Coverage: 22/22 v1 requirements complete ✓**
|
||||
56
.planning/milestones/v1.0-ROADMAP.md
Normal file
56
.planning/milestones/v1.0-ROADMAP.md
Normal file
@@ -0,0 +1,56 @@
|
||||
# Milestone Archive: v1.0 MVP
|
||||
|
||||
**Shipped:** 2026-06-14
|
||||
**Phases:** 4 | **Plans:** 4 | **Tags:** v1.0
|
||||
|
||||
## Phase Details
|
||||
|
||||
### Phase 1: Hermes Install & Provider Setup
|
||||
**Goal:** Hermes Agent installed, Docker backend configured with security hardening, Bedrock + OpenRouter providers configured, limited AWS role mounted, dangerous command approval active.
|
||||
**Requirements:** AUTH-01 through AUTH-05, CONT-01 through CONT-06
|
||||
**Status:** ✓ Complete
|
||||
|
||||
### Phase 2: Memory, Git & Session Management
|
||||
**Goal:** Hermes persistent memory operational, session search working, git worktree isolation enabled, infrastructure facts auto-saved.
|
||||
**Requirements:** MEM-01 through MEM-04
|
||||
**Status:** ✓ Complete
|
||||
|
||||
### Phase 3: Telegram Gateway
|
||||
**Goal:** Telegram gateway operational with pairing-based authorization, scheduled tasks working.
|
||||
**Requirements:** GATE-01 through GATE-04
|
||||
**Status:** ✓ Complete
|
||||
|
||||
### Phase 4: Skills & Integrations
|
||||
**Goal:** Skills system operational, Jira/Confluence/Bitbucket API integration, read-only infra diagnostic skills.
|
||||
**Requirements:** SKIL-01 through SKIL-03
|
||||
**Status:** ✓ Complete
|
||||
|
||||
## Key Decisions
|
||||
|
||||
| Decision | Rationale | Outcome |
|
||||
|----------|-----------|---------|
|
||||
| Hermes Agent over NanoClaw | Superior memory system (auto-learning, session search, 8 external providers) | ✓ Good |
|
||||
| Bedrock primary + OpenRouter fallback | Zero additional API cost for primary (uses existing AWS SSO); OpenRouter as reliability layer | ✓ Good |
|
||||
| Docker backend | Container isolation is the security boundary; dangerous command checks skipped | ✓ Good |
|
||||
| Project-local ./.aws/config | Prevents privileged credentials from entering container | ✓ Good |
|
||||
| CLI-only install | Desktop not needed; minimal surface area | ✓ Good |
|
||||
| Git worktree isolation | Prevents branch contamination across sessions | ✓ Good |
|
||||
| dev_Restricted SSO role | Limited IAM prevents infrastructure mutations | ✓ Good |
|
||||
| curl wrappers for Atlassian APIs | Simpler than MCP for Jira/Confluence/Bitbucket | ✓ Good |
|
||||
|
||||
## Accomplishments
|
||||
|
||||
1. Hermes Agent v0.16.0 installed and configured with Bedrock + OpenRouter
|
||||
2. Docker terminal backend with security hardening and limited AWS SSO role
|
||||
3. Telegram gateway running as launchd service with DM pairing
|
||||
4. 4 custom platform engineering skills (AWS diagnostics, Jira, Confluence, Bitbucket)
|
||||
5. Persistent memory + session search + git worktree isolation enabled
|
||||
6. Custom Atlassian API wrapper scripts mounted into Docker container
|
||||
7. 7 research documents covering all Hermes capabilities
|
||||
8. Full GSD project structure with planning artifacts
|
||||
|
||||
## Known Gaps
|
||||
|
||||
- No automated stale session archive (30d cleanup from initial-plan.md) — deferred
|
||||
- Memory provider not yet scaled (using built-in MEMORY.md/USER.md)
|
||||
- JIRA_API_TOKEN configured manually — no rotation automation
|
||||
Reference in New Issue
Block a user