Skip to content
Hermes Agent edited this page Jul 11, 2026 · 3 revisions

MiniCISO

MiniCISO is a public, reproducible security overlay for Hermes Agent. It packages a security-focused operating model, a coordinator profile, specialized SMEs, templates, and guardrails for evidence-driven engagements.

This page is explanatory. The canonical project files are maintained in the main repository: README.md and docs/.

What MiniCISO is

MiniCISO is:

  • a reproducible overlay, not a fork of Hermes;
  • a public profile set for structured security work;
  • an operating model with explicit delegation, evidence discipline, and QA gates;
  • a documentation layer that explains how the overlay is meant to be used.

What problem it solves

MiniCISO is designed for security work that would otherwise drift into:

  • incomplete scoping;
  • weak separation between evidence and inference;
  • overconfident claims from scanner output or partial recon;
  • inconsistent handoffs between specialists.

Its workflow makes those checks explicit through intake, evidence review, SME delegation, and a mandatory QA gate.

What it is not

MiniCISO is not:

  • a replacement for human authorization or accountable judgment;
  • a blanket license for offensive activity;
  • a promise that scanner output is automatically a finding;
  • a Hermes core fork.

Relationship to Hermes Agent

MiniCISO runs on top of Hermes Agent. The runtime is pinned by version and commit, and the overlay adds:

  • profile definitions;
  • prompts and policies;
  • templates and playbooks;
  • public documentation and safe export patterns.

Key capabilities

  • coordinated security assessments through chief-of-staff
  • specialized SMEs for threat modeling, architecture, code review, AppSec, compliance, recon, offensive validation, and QA
  • KAG-oriented pre-submission finding validation
  • post-submission follow-up workflow
  • Headroom/KAG selective retrieval for structured artifact handling
  • safe public self-update of selected non-secret artifacts

Security staff at a glance

MiniCISO uses this high-level flow:

User -> chief-of-staff -> specialized SME(s) -> security-qa -> chief-of-staff -> user

See Meet the Staff for the public profile catalog.

Start here

Reader paths

Clone this wiki locally