Skip to main content

A persistent, risk-aware engineering protocol for Hermes Agent

Project description

HARDPROOF

Software has to earn done.

CI License

Alpha software. v0.1.0 is a public alpha. Latest development is v0.2.0 Gatehouse. Commands, schemas, and contracts may change before v1.0.0. Install from GitHub; PyPI publication is pending.

Hardproof gives coding agents a persistent, risk-aware engineering process that turns ambiguous software requests into reviewed, verified results while preserving the evidence behind every completion claim.

A persistent, risk-aware engineering protocol for Hermes Agent.

Current Status

Release Version Status
Public alpha v0.1.0 Core Heat Released
Active development v0.2.0 Gatehouse Task 8 (stage-graph configuration) next

Install and enable

From GitHub (only option until PyPI publication):

hermes plugins install asimons81/hardproof --enable

From PyPI (not yet published -- this will work once the package is uploaded):

pip install hardproof
hermes plugins enable hardproof

Plugins remain opt-in under Hermes configuration. Hardproof does not edit global instructions or install skills into the user's global skill directory.

First run

Start in a Git repository with at least one commit:

/hardproof start standard Build API-key rotation with rollback support
/hardproof status

The equivalent terminal surface is:

hermes hardproof start standard "Build API-key rotation with rollback support"
hermes hardproof status

Hardproof stores state under .hardproof/, adds that directory to the repository-local Git exclude file when necessary, and injects compact stage context into bound Hermes sessions.

Profiles

Quick supports low-risk localized work with recorded skips and at least one fresh verification check. Use for typo fixes, doc updates, or one-line changes.

Standard requires discovery, design and plan artifacts, human design and plan approvals, tracked implementation, review, fresh verification, delivery, and a learning decision. Use for feature work, refactors, or multi-file changes.

Critical adds destructive-action approvals, at least two checks, rollback and risk material, fail-closed mutation policy, and human completion approval. Use for auth changes, data migrations, or production configuration.

No profile permits completion without fresh successful evidence.

Architecture

Hardproof is a standalone Python package discovered through the hermes_agent.plugins entry-point group. It uses only the public Hermes registration, hook, command, skill, and dispatch APIs.

  1. Plugin layer -- registers slash commands, CLI commands, six tools, lifecycle hooks, and nine namespaced skills
  2. Domain layer -- run profiles, stages, transitions, approval gates, and immutable event models
  3. Policy layer -- stage-aware mutation rules, tool policies, and human-required approval escalation
  4. Storage layer -- project-local SQLite database with forward-only migrations plus human-readable artifacts under .hardproof/runs/<run-id>/
  5. Verification layer -- workspace-bound evidence with Git HEAD capture, binary diff freshness checks, and redacted output recording

See architecture, protocol profiles, and compatibility.

Verification Evidence

Hardproof requires fresh, workspace-bound evidence before any run can complete. Verification checks run through Hermes in the current working directory, capturing:

  • Git HEAD commit hash at the time of verification
  • Binary diff against the working tree to detect uncommitted changes
  • Redacted, size-bounded output from each configured check
  • Strict exit-code evaluation (only explicit zero passes)

Evidence is recorded in the run ledger and included in every completion report. Stale evidence -- evidence recorded against a different workspace state -- is flagged and cannot satisfy completion gates.

Security Boundary

Hardproof coordinates engineering process; it is not a security sandbox. Policy hooks do not replace OS permissions, protected branches, sandboxing, isolation, or human code review.

Protections included:

  • Force pushes and destructive Git operations are blocked
  • Recognized destructive actions are blocked or require human approval
  • Source mutation is stage-aware (locked in later stages)
  • Human-only approval gates prevent model self-approval
  • Policy decisions are recorded with cryptographic hashes of arguments and configuration

See SECURITY.md and the security model.

Privacy

Hardproof has no telemetry, no analytics, no accounts, no hosted dependencies, no remote asset fetching, and no automatic update checks. Normal local operation makes no intentional network request. Verification output is redacted and size-bounded. Policy events store argument keys and hashes rather than raw values. Nothing phones home.

Known Limitations in v0.1.0

  • Policy hooks coordinate process but are not a security sandbox or complete shell parser
  • Managed runs require a Git worktree for workspace-bound freshness evidence
  • Local compatibility evidence covers Hermes Agent 0.18.2 on native Windows; other OS support is CI-enforced
  • Gatehouse policy features (configurable rules, waivers, risk suggestions) ship in v0.2.0

Roadmap

Version Codename Focus
v0.1.0 Core Heat Standalone plugin, durable stages, SQLite state, approvals, skills, fresh evidence, reports
v0.2.0 Gatehouse Explainable configurable policy, scoped waivers, risk suggestions, language packs
v0.3.0 Workcells Dependency-aware task waves, resumable subagent implementers
v0.4.0 Challenge Chamber Independent specialized reviewers, severity, fix/re-review loops
v0.5.0 Isolation Branches, worktrees, baseline proof, rollback, backend adapters
v0.6.0 Tempering Human-approved provenance-linked learning proposals
v0.7.0 Control Room Cross-surface continuity, timeline, notifications, local dashboard
v0.8.0 Protocol SDK Frozen documented policy, validator, evidence, report interfaces
v0.9.0 Hardening Migration rehearsals, recovery, concurrency, performance, security scenarios
v1.0.0 Proven Stable public contracts, multi-repo validation across OS and backend targets

See ROADMAP.md. A release advances only after its tests, migrations, security review, compatibility evidence, documentation, and package artifacts pass.

Contributing

Start with CONTRIBUTING.md, GOVERNANCE.md, and CODE_OF_CONDUCT.md. Design changes use ADRs; breaking protocol changes require a public RFC issue. Contributions use the Developer Certificate of Origin rather than a CLA.

Inspiration

Hardproof acknowledges conceptual inspiration while maintaining a strict clean-room boundary. See INSPIRATION.md.

License

Apache-2.0. See LICENSE and NOTICE.

Affiliation

Hardproof is independent open-source software. It is not affiliated with, endorsed by, or sponsored by Hermes Agent, Nous Research, Atlassian, or any other organization.


Topics: hermes-agent coding-agents agentic-coding software-engineering verification developer-tools open-source python

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hardproof-0.1.1.tar.gz (57.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hardproof-0.1.1-py3-none-any.whl (74.9 kB view details)

Uploaded Python 3

File details

Details for the file hardproof-0.1.1.tar.gz.

File metadata

  • Download URL: hardproof-0.1.1.tar.gz
  • Upload date:
  • Size: 57.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hardproof-0.1.1.tar.gz
Algorithm Hash digest
SHA256 4b2234f4310e5a59cf13e3d85267c79b0a877c3545a1d2ed4ad9c0cbd8384ac7
MD5 0fa2d84637dbe13e4173e3824b5c7fde
BLAKE2b-256 4d776be634050f98369531ad0fe2b0b9d39a790af6ab6f03c534823fd5e5577e

See more details on using hashes here.

Provenance

The following attestation bundles were made for hardproof-0.1.1.tar.gz:

Publisher: release.yml on asimons81/hardproof

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file hardproof-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: hardproof-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 74.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hardproof-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 c7fab03e4ef7d482e8c83dababe5f3c5b9f33e1347c74a23230f297a04f1a0c9
MD5 945aad3f46bc0c00f84cbc6c32c3f5f0
BLAKE2b-256 5f35216e1c2ba8036347f4f5f3006a8223b0a8451f0d86eb5599f16372b064e8

See more details on using hashes here.

Provenance

The following attestation bundles were made for hardproof-0.1.1-py3-none-any.whl:

Publisher: release.yml on asimons81/hardproof

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page