# v1.0 MVP — Requirements Archive

**Shipped:** 2026-06-14
**Core Value:** Agent must NEVER mutate real infrastructure beyond what the limited IAM role permits

## v1 Requirements — All Complete

### Authentication & Provider

- [x] **AUTH-01**: Agent authenticates via AWS Bedrock as primary LLM provider using boto3 SSO auth chain
- [x] **AUTH-02**: Agent falls back to OpenRouter when Bedrock encounters errors
- [x] **AUTH-03**: Project-local `./.aws/` config with limited SSO role mounted read-only into Docker container
- [x] **AUTH-04**: SSO token refresh handled via AWS SDK cached registration (~7 day validity)
- [x] **AUTH-05**: OpenRouter API key stored in `~/.hermes/.env`

### Container & Security

- [x] **CONT-01**: Hermes configured with Docker terminal backend
- [x] **CONT-02**: Docker container runs with `--cap-drop ALL`, `--security-opt no-new-privileges`, PID limits
- [x] **CONT-03**: `./.aws/` mounted into container — config as read-only, SSO cache as read-write
- [x] **CONT-04**: AWS_REGION environment variable set in container
- [x] **CONT-05**: Hermes dangerous command approval enabled with manual mode
- [x] **CONT-06**: Hardline blocklist protects against catastrophic commands

### Memory & Knowledge

- [x] **MEM-01**: Hermes persistent memory configured (MEMORY.md + USER.md)
- [x] **MEM-02**: Agent proactively saves environment facts and conventions (nudge_interval: 10)
- [x] **MEM-03**: Session search available via FTS5 (hermes-cli preset)
- [x] **MEM-04**: Git worktree isolation enabled (`worktree: true`)

### Gateway

- [x] **GATE-01**: Telegram gateway configured and connected (launchd service)
- [x] **GATE-02**: Pairing-based authorization for new users (approved: 474440517)
- [x] **GATE-03**: Scheduled daily reports (cron system active in gateway)
- [x] **GATE-04**: Gateway runs as persistent service

### Skills

- [x] **SKIL-01**: Skills system operational (73 bundled + 4 custom ngn-agent skills)
- [x] **SKIL-02**: Read-only infrastructure diagnostic skills (aws-diagnostics SKILL.md)
- [x] **SKIL-03**: Jira, Confluence, and Bitbucket API wrappers (ngn-jira, ngn-confluence, ngn-bitbucket scripts)

## Requirements Outcomes

| Requirement | Outcome | Notes |
|-------------|---------|-------|
| AUTH-01 through AUTH-05 | ✦ Validated | Bedrock + OpenRouter working end-to-end |
| CONT-01 through CONT-06 | ✦ Validated | Docker hardened, approvals active |
| MEM-01 through MEM-04 | ✦ Validated | Memory, search, worktree configured |
| GATE-01 through GATE-04 | ✦ Validated | Telegram live, pairing approved, cron running |
| SKIL-01 through SKIL-03 | ✦ Validated | 4 custom skills, 3 API wrappers deployed |

## v1 Traceability

| Requirement | Phase | Final Status |
|-------------|-------|-------------|
| AUTH-01 | Phase 1 | Complete |
| AUTH-02 | Phase 1 | Complete |
| AUTH-03 | Phase 1 | Complete |
| AUTH-04 | Phase 1 | Complete |
| AUTH-05 | Phase 1 | Complete |
| CONT-01 | Phase 1 | Complete |
| CONT-02 | Phase 1 | Complete |
| CONT-03 | Phase 1 | Complete |
| CONT-04 | Phase 1 | Complete |
| CONT-05 | Phase 1 | Complete |
| CONT-06 | Phase 1 | Complete |
| MEM-01 | Phase 2 | Complete |
| MEM-02 | Phase 2 | Complete |
| MEM-03 | Phase 2 | Complete |
| MEM-04 | Phase 2 | Complete |
| GATE-01 | Phase 3 | Complete |
| GATE-02 | Phase 3 | Complete |
| GATE-03 | Phase 3 | Complete |
| GATE-04 | Phase 3 | Complete |
| SKIL-01 | Phase 4 | Complete |
| SKIL-02 | Phase 4 | Complete |
| SKIL-03 | Phase 4 | Complete |

**Coverage: 22/22 v1 requirements complete ✓**