a7eb436959
feat(setup): add SSO refresh script and cron job
2026-06-21 20:31:13 +08:00
607f3bffb6
chore: optimize docker image (3 layers), update registry tag, update state
2026-06-16 00:11:03 +08:00
4520237754
docs(09-tooling-portable-setup-02): complete portable setup script plan
...
- Created 1340-line standalone setup-ngn-agent.sh with argument parsing,
prereq checks, masked secret prompts, config generation, embedded skills/scripts,
cron registration, and gateway restart offer
- All 3 tasks committed atomically
2026-06-15 23:31:30 +08:00
5a8c18380e
feat(09-tooling-portable-setup-02): implement file/cron setup — scripts, skills, cron jobs, gateway restart
...
- write_session_init_script: mount verification via shell_init_files (D-10)
- write_archive_script: DRY_RUN=true archive script for stale sessions (D-10)
- write_jira_skill, write_aws_skill, write_confluence_skill, write_bitbucket_skill, write_session_skill: all 5 skills with 2 reference files embedded as heredocs
- register_cron_jobs: 3 cron jobs via hermes cron create (ngn-daily-report, ngn-weekly-stale-summary, ngn-weekly-archive)
- offer_gateway_restart: prompt to restart Hermes gateway at end
- Main execution block [1/14] through [14/14] with progress indicators
- Best-effort error handling for non-critical steps
- D-10 referenced throughout for traceability
2026-06-15 23:30:27 +08:00
9da972842d
feat(09-tooling-portable-setup-02): implement config generation — config.yaml, .env, hindsight/config.json
...
- generate_config_yaml: hermes config set for scalars, Python yaml for arrays
- Fallback to sed-based heredoc when Python yaml module unavailable
- generate_env_file: writes secrets and DEFAULT_REPOS with chmod 600 (T-09-06)
- generate_hindsight_config: exact local_embedded config (D-10)
- generate_cron_env_config: cron.env.JIRA_EMAIL and JIRA_API_TOKEN
- D-10 referenced in comments for each section
2026-06-15 23:27:10 +08:00
2de51b119c
feat(09-tooling-portable-setup-02): create setup script skeleton with args, prereqs, and interactive prompts
...
- Script header with D-06 through D-10 references and snapshot date
- getopts argument parsing with defaults for all 9 parameters
- Usage display with -h flag
- Prerequisite checks (Hermes CLI, Docker, SSH keys, repo paths)
- prompt_secret function for masked input (T-09-05 mitigation)
- Directory creation for scripts, hindsight, skills, archive
- Backup existing config.yaml before modification (T-09-07 mitigation)
2026-06-15 23:26:34 +08:00
7ea639567d
docs(09-tooling-portable-setup-01): add self-check to SUMMARY.md
2026-06-15 23:25:23 +08:00
717bb6f35b
docs(09-tooling-portable-setup-01): complete custom Docker image plan
...
- SUMMARY.md with deviations, decisions, and verified tool versions
2026-06-15 23:25:11 +08:00
cc1da75700
docs(09-tooling-portable-setup-01): add D-04/D-05 references to build.sh header
2026-06-15 23:24:18 +08:00
2797a64b28
feat(09-tooling-portable-setup-01): create build.sh and verify image builds with all 5 tools
...
- build.sh: single-command entry point (D-04/D-05)
- Architecture detection for AWS CLI and pup (x86_64 + arm64/aarch64)
- Fixed terraform version string to use -1 suffix
- Fixed helm version from 4.2.1 to 4.2.0 (actual repo version)
- Fixed lsb_release issue by sourcing /etc/os-release directly
- Verified: aws-cli 2.35.4, terraform 1.15.6, helm 4.2.0, kubectl 1.36.2, pup 1.1.0
- All tools run natively on ARM64 (Apple Silicon)
2026-06-15 23:24:02 +08:00
78fd4002fd
feat(09-tooling-portable-setup-01): create Dockerfile with version-pinned tool installations
...
- FROM nikolaik/python-nodejs:python3.11-nodejs20 with deprecation comment
- ARGs for version pinning (terraform 1.15.6, helm 4.2.1, kubectl 1.36.1, pup 1.1.0)
- System dependencies: curl, ca-certificates, unzip, gnupg, wget
- AWS CLI v2 via official curl/unzip/install method
- Terraform via HashiCorp apt repo (version-pinned)
- kubectl via Google Kubernetes apt repo (NOT version-pinned)
- Helm via Buildkite apt repo (version-pinned)
- Datadog CLI (pup) via GitHub releases binary download
- All downloads over HTTPS with GPG key verification (T-09-01)
- No COPY . (T-09-02 mitigation)
- D-01 through D-03 referenced in comments
- --no-install-recommends and apt list cleanup
2026-06-15 23:18:47 +08:00
a8f55ff572
docs(09): resolve open questions in RESEARCH.md
2026-06-15 23:15:59 +08:00
d727c4dbce
docs(09): create phase plan — custom Docker image + portable setup script
...
Phase 9 splits into two independent Wave 1 plans:
- 09-01: Custom Hermes Docker image (ngn-agent:latest) with aws-cli,
terraform, helm, kubectl, and datadog CLI (pup), version-pinned
- 09-02: Portable setup-ngn-agent.sh with argument parsing,
prerequisite checks, interactive secret prompts, config generation,
skill/script embedding, and cron registration
Also marks Phase 8 as complete (cron reporting shipped 2026-06-15).
2026-06-15 23:13:35 +08:00
43a689f3f5
docs(phase-09): research tooling and portable setup
2026-06-15 23:10:24 +08:00
61014f5ee9
docs(09): capture phase context
2026-06-15 23:03:06 +08:00
8ef7340108
docs(08-cron-reporting): complete weekly stale summary + archive cron plan
...
- ngn-weekly-stale-summary: skill-backed cron at Sunday 20:00 SGT
- ngn-weekly-archive: no_agent cron at Sunday 20:05 SGT (5 min after summary)
- Both registered, verified, test-run successful
2026-06-15 22:47:54 +08:00
2faeb0aaee
feat(08-cron-reporting): register weekly archive cron ngn-weekly-archive
...
- --no-agent with --script archive-stale-sessions.sh for deterministic CLI archive
- Schedule: 5 20 * * 0 (Sunday 20:05 SGT — 5 min after summary to avoid race condition)
- Delivery: telegram (script stdout delivered verbatim)
- Cron job ID: 79f728c7e5a3
2026-06-15 22:47:23 +08:00
90214dd20d
feat(08-cron-reporting): register weekly stale summary cron ngn-weekly-stale-summary
...
- --skill session for session structure understanding and Jira key discovery via hindsight_recall
- Schedule: 0 20 * * 0 (Sunday 20:00 SGT)
- Delivery: telegram to TELEGRAM_HOME_CHANNEL
- Prompt instructs agent to: export stale sessions via JSONL, discover Jira keys via hindsight_recall,
compose Telegram summary without Jira mutations (D-10, D-15)
- Cron job ID: 88889d10d634
2026-06-15 22:47:08 +08:00
07e09bc397
docs(08-cron-reporting): complete archive script and daily report cron plan
2026-06-15 22:46:11 +08:00
8db45eb347
feat(08-cron-reporting): register daily report cron job ngn-daily-report
...
- Registered hermes cron job 'ngn-daily-report'
- Schedule: 0 9 * * * (daily at 09:00 SGT)
- Delivery: telegram (TELEGRAM_HOME_CHANNEL)
- Skills: session + jira-query (skill-backed)
- Prompt instructs agent to: enumerate active sessions via JSONL export,
find Jira tickets via hindsight_recall, add progress comments via ngn-jira,
compose Telegram summary
- Verified with hermes cron list and test-run
2026-06-15 22:45:34 +08:00
47d0b80be8
feat(08-cron-reporting): create archive-stale-sessions.sh with dry-run toggle
...
- Created ~/.hermes/scripts/archive-stale-sessions.sh (1146 bytes, executable)
- Script has DRY_RUN=true safe default (export only, no prune)
- Export uses date-stamped JSONL filename
- Prune gated behind DRY_RUN=false with --older-than 30 --yes
- set -euo pipefail strict error handling
- Created ~/.hermes/archive/sessions/ archive directory
- Progress echo statements for Telegram delivery
2026-06-15 22:45:14 +08:00
63230edf4d
docs(08): resolve open questions in RESEARCH.md
2026-06-15 22:42:04 +08:00
2be5783897
docs(08): create phase 8 cron reporting plans
...
- 08-01-PLAN.md: Archive script (DRY_RUN toggle) + daily report cron (skill-backed)
- 08-02-PLAN.md: Weekly stale summary cron + weekly archive cron (no_agent)
- ROADMAP.md: Updated Phase 8 plans count to 2
Covers CRON-01 (daily report), CRON-02 (stale archive script+cron),
CRON-03 (Jira integration in daily/weekly reports).
2026-06-15 22:39:18 +08:00
7755cbe3d1
docs(08): capture phase context
2026-06-15 21:46:33 +08:00
099f8addc7
docs: add phase 9 — tooling & portable setup, mark phases 5-7 complete
2026-06-15 21:07:59 +08:00
5d7232ec31
docs(07-main-session-skill): complete session skill plan
...
- Created ~/.hermes/skills/ngn-agent/session/SKILL.md (249 lines)
- 7-step session lifecycle: hindsight recall, Jira prompt, Confluence prompt, work, Jira update, Confluence update, automatic hindsight save
- All 14 decisions D-01 through D-14 implemented
- All threat mitigations (T-07-01, T-07-02, T-07-03) in place
- Skill discoverable via hermes skills list as 'session' under 'ngn-agent'
2026-06-15 20:27:59 +08:00
17cd0b64aa
docs(07): resolve open questions in RESEARCH.md
2026-06-15 20:24:44 +08:00
38a0d1af6d
docs(07): create phase plan for Main Session Skill
...
- 1 plan (07-01-PLAN.md) — creates session/SKILL.md
- Single-file SKILL.md at ~/.hermes/skills/ngn-agent/session/
- Covers SKIL-04 with 7-step lifecycle procedure
- All 14 locked decisions (D-01 through D-14) embedded
- Deferred ideas scoped to Phase 8
2026-06-15 20:22:39 +08:00
d494b274d9
docs(phase-07): research session skill patterns
2026-06-15 20:19:55 +08:00
e227c70c5e
docs(state): record phase 7 context session
2026-06-15 20:14:02 +08:00
e4d7f34112
docs(07): capture phase context
2026-06-15 20:13:52 +08:00
6d3fbde186
docs(06-default-repos-ssh-mount): complete 06-01 plan — SUMMARY.md
...
Default repos and SSH key mounts verified end-to-end.
2026-06-15 20:06:29 +08:00
2ca590edeb
test(06-default-repos-ssh-mount): verify end-to-end — SSH auth, repo mounts, clone
...
End-to-end Docker verification confirmed:
- SSH keys mounted (:ro) and Bitbucket auth succeeds
- All 3 DEFAULT_REPOS mounted at /workspace/<name> with .git present
- session-init.sh runs and reports all repos verified
- On-demand git clone works (REPO-02 capability)
- Parent /workspace mount is :rw (subpath mounts work)
- Automated verification: 5/5 tests PASS
2026-06-15 20:05:53 +08:00
2c3e96b982
feat(06-default-repos-ssh-mount): add DEFAULT_REPOS to .env and update config.yaml
...
- Added DEFAULT_REPOS=rai-ops,rai-deployment,rai-devtools to ~/.hermes/.env
- Added 4 SSH key mounts (:ro) to docker_volumes: id_ed25519razer, id_rsa, config, known_hosts
- Added 3 repo mounts (:rw) to docker_volumes: rai-ops, rai-deployment, rai-devtools
- Set shell_init_files to ['/usr/local/bin/session-init.sh']
- Added DEFAULT_REPOS to docker_forward_env
- Verified YAML validity, all mounts correct, original entries preserved
2026-06-15 20:05:07 +08:00
ea56c05257
feat(06-default-repos-ssh-mount): create session-init.sh mount verification script
...
- Non-blocking shell script that verifies DEFAULT_REPOS mounts at session start
- Uses set -uo pipefail (NOT set -e) for graceful handling of missing repos
- Reads DEFAULT_REPOS from environment, splits comma-separated list
- Checks /workspace/<repo>/.git for each repo (not just directory existence)
- Always exits 0 — session starts regardless of mount status
- Located at ~/.hermes/scripts/session-init.sh (outside repo)
2026-06-15 20:04:18 +08:00
42ad94600b
docs(06): create phase 6 plan — SSH mount, repo volumes, session-init
2026-06-14 22:14:22 +08:00
0abadd2743
docs(phase-6): research default repos and SSH mount
2026-06-14 22:12:04 +08:00
1f32ff64ea
docs(state): record phase 6 context session
2026-06-14 21:57:43 +08:00
e2ad336039
docs(06): capture phase context
2026-06-14 21:57:33 +08:00
871a933f0f
docs(05-hindsight-memory-provider-01): complete hindsight memory provider activation plan
2026-06-14 20:29:08 +08:00
6e02a00b54
docs(05): create phase 5 plan — Hindsight Memory Provider
2026-06-14 20:19:31 +08:00
0c890a65d5
docs(state): record phase 5 context session
2026-06-14 18:18:09 +08:00
6545eb5cbf
docs(05): capture phase context
2026-06-14 18:17:59 +08:00
99015d3327
docs: create milestone v1.1 roadmap (4 phases)
2026-06-14 18:09:56 +08:00
719fb1e07a
docs: define milestone v1.1 requirements
2026-06-14 18:06:39 +08:00
4b58964a12
docs: complete v1.1 research synthesis for session lifecycle, memory & reporting
2026-06-14 13:53:55 +08:00
b5e7008314
docs: start milestone v1.1 Session Lifecycle, Memory & Reporting
2026-06-14 13:46:42 +08:00
b47dae4836
chore: remove REQUIREMENTS.md for v1.0 milestone
2026-06-14 13:18:22 +08:00
d6b98d47b4
chore: archive v1.0 milestone
2026-06-14 13:18:03 +08:00
10ea0dd58a
fix: remove Library cache from tracking, update gitignore
2026-06-14 12:51:10 +08:00
