3.5 KiB
3.5 KiB
v1.0 MVP — Requirements Archive
Shipped: 2026-06-14 Core Value: Agent must NEVER mutate real infrastructure beyond what the limited IAM role permits
v1 Requirements — All Complete
Authentication & Provider
- AUTH-01: Agent authenticates via AWS Bedrock as primary LLM provider using boto3 SSO auth chain
- AUTH-02: Agent falls back to OpenRouter when Bedrock encounters errors
- AUTH-03: Project-local
./.aws/config with limited SSO role mounted read-only into Docker container - AUTH-04: SSO token refresh handled via AWS SDK cached registration (~7 day validity)
- AUTH-05: OpenRouter API key stored in
~/.hermes/.env
Container & Security
- CONT-01: Hermes configured with Docker terminal backend
- CONT-02: Docker container runs with
--cap-drop ALL,--security-opt no-new-privileges, PID limits - CONT-03:
./.aws/mounted into container — config as read-only, SSO cache as read-write - CONT-04: AWS_REGION environment variable set in container
- CONT-05: Hermes dangerous command approval enabled with manual mode
- CONT-06: Hardline blocklist protects against catastrophic commands
Memory & Knowledge
- MEM-01: Hermes persistent memory configured (MEMORY.md + USER.md)
- MEM-02: Agent proactively saves environment facts and conventions (nudge_interval: 10)
- MEM-03: Session search available via FTS5 (hermes-cli preset)
- MEM-04: Git worktree isolation enabled (
worktree: true)
Gateway
- GATE-01: Telegram gateway configured and connected (launchd service)
- GATE-02: Pairing-based authorization for new users (approved: 474440517)
- GATE-03: Scheduled daily reports (cron system active in gateway)
- GATE-04: Gateway runs as persistent service
Skills
- SKIL-01: Skills system operational (73 bundled + 4 custom ngn-agent skills)
- SKIL-02: Read-only infrastructure diagnostic skills (aws-diagnostics SKILL.md)
- SKIL-03: Jira, Confluence, and Bitbucket API wrappers (ngn-jira, ngn-confluence, ngn-bitbucket scripts)
Requirements Outcomes
| Requirement | Outcome | Notes |
|---|---|---|
| AUTH-01 through AUTH-05 | ✦ Validated | Bedrock + OpenRouter working end-to-end |
| CONT-01 through CONT-06 | ✦ Validated | Docker hardened, approvals active |
| MEM-01 through MEM-04 | ✦ Validated | Memory, search, worktree configured |
| GATE-01 through GATE-04 | ✦ Validated | Telegram live, pairing approved, cron running |
| SKIL-01 through SKIL-03 | ✦ Validated | 4 custom skills, 3 API wrappers deployed |
v1 Traceability
| Requirement | Phase | Final Status |
|---|---|---|
| AUTH-01 | Phase 1 | Complete |
| AUTH-02 | Phase 1 | Complete |
| AUTH-03 | Phase 1 | Complete |
| AUTH-04 | Phase 1 | Complete |
| AUTH-05 | Phase 1 | Complete |
| CONT-01 | Phase 1 | Complete |
| CONT-02 | Phase 1 | Complete |
| CONT-03 | Phase 1 | Complete |
| CONT-04 | Phase 1 | Complete |
| CONT-05 | Phase 1 | Complete |
| CONT-06 | Phase 1 | Complete |
| MEM-01 | Phase 2 | Complete |
| MEM-02 | Phase 2 | Complete |
| MEM-03 | Phase 2 | Complete |
| MEM-04 | Phase 2 | Complete |
| GATE-01 | Phase 3 | Complete |
| GATE-02 | Phase 3 | Complete |
| GATE-03 | Phase 3 | Complete |
| GATE-04 | Phase 3 | Complete |
| SKIL-01 | Phase 4 | Complete |
| SKIL-02 | Phase 4 | Complete |
| SKIL-03 | Phase 4 | Complete |
Coverage: 22/22 v1 requirements complete ✓