Skip to content

Architecture

Hermes Agent edited this page Jul 11, 2026 · 1 revision

Architecture

This page is explanatory. Canonical references include docs/repo-architecture.md, docs/repo-mapping.md, docs/headroom-kag-selective-retrieval.md, and docs/self-update-capability.md.

Overlay, not fork

MiniCISO is a reproducible overlay on top of Hermes Agent. The project keeps Hermes as an upstream dependency and versions MiniCISO prompts, profiles, templates, and policies separately.

Pinned runtime

The runtime is pinned through config/hermes-version.env, which records the Hermes release, resolved commit, and installer hashes used by bootstrap.

Profiles

The overlay manages a public set of named profiles, including a dedicated chief-of-staff coordinator and several specialized SMEs.

Chief of Staff

chief-of-staff is the orchestration layer. It handles intake, assigns or delegates analysis, enforces boundaries, and returns the final user-facing synthesis.

SME delegation

SMEs focus on narrower domains. Delegation exists to improve analysis quality and avoid overloading one prompt with every responsibility.

Workspaces and artifacts

The overlay expects a shared workspace for inputs, drafts, QA, reports, and templates. Public repo content remains sanitized; live local artifacts stay out of the repository.

Orchestration flow

flowchart LR
    U[User] --> C[chief-of-staff]
    C --> E[Evidence collection]
    E --> R[Selective retrieval / Headroom]
    R --> S[Specialized SME analysis]
    S --> X[Cross-SME correlation]
    X --> Q[security-qa]
    Q --> C
    C --> F[Final synthesis]
Loading

KAG selective retrieval

MiniCISO uses hypothesis-oriented selection when large structured artifacts would otherwise dominate context cost. The retrieval pack supports reasoning, but raw-authoritative review still governs final claims.

Headroom

Headroom is the current selection-first mechanism for structural indexing, query shaping, retrieval-pack generation, and shadow-mode comparison with the raw flow.

QA gate

The architecture includes a mandatory QA gate for final MiniCISO outputs and a separate GO / RESEARCH / NO-GO gate for external findings.

Safe self-update

The repository can publish selected non-secret runtime artifacts back into the public overlay through an allowlisted export flow with diff review.

Trust boundaries

Key boundaries include:

  • public repository content versus private local state;
  • evidence versus inference;
  • passive recon versus validated findings;
  • authorized versus unauthorized offensive activity.

Secrets and private state

Secrets, sessions, memories, logs, raw evidence, and unsanitized triage material do not belong in the public repo or wiki.

Clone this wiki locally