-
-
Notifications
You must be signed in to change notification settings - Fork 0
Architecture
This page is explanatory. Canonical references include
docs/repo-architecture.md,docs/repo-mapping.md,docs/headroom-kag-selective-retrieval.md, anddocs/self-update-capability.md.
MiniCISO is a reproducible overlay on top of Hermes Agent. The project keeps Hermes as an upstream dependency and versions MiniCISO prompts, profiles, templates, and policies separately.
The runtime is pinned through config/hermes-version.env, which records the Hermes release, resolved commit, and installer hashes used by bootstrap.
The overlay manages a public set of named profiles, including a dedicated chief-of-staff coordinator and several specialized SMEs.
chief-of-staff is the orchestration layer. It handles intake, assigns or delegates analysis, enforces boundaries, and returns the final user-facing synthesis.
SMEs focus on narrower domains. Delegation exists to improve analysis quality and avoid overloading one prompt with every responsibility.
The overlay expects a shared workspace for inputs, drafts, QA, reports, and templates. Public repo content remains sanitized; live local artifacts stay out of the repository.
flowchart LR
U[User] --> C[chief-of-staff]
C --> E[Evidence collection]
E --> R[Selective retrieval / Headroom]
R --> S[Specialized SME analysis]
S --> X[Cross-SME correlation]
X --> Q[security-qa]
Q --> C
C --> F[Final synthesis]
MiniCISO uses hypothesis-oriented selection when large structured artifacts would otherwise dominate context cost. The retrieval pack supports reasoning, but raw-authoritative review still governs final claims.
Headroom is the current selection-first mechanism for structural indexing, query shaping, retrieval-pack generation, and shadow-mode comparison with the raw flow.
The architecture includes a mandatory QA gate for final MiniCISO outputs and a separate GO / RESEARCH / NO-GO gate for external findings.
The repository can publish selected non-secret runtime artifacts back into the public overlay through an allowlisted export flow with diff review.
Key boundaries include:
- public repository content versus private local state;
- evidence versus inference;
- passive recon versus validated findings;
- authorized versus unauthorized offensive activity.
Secrets, sessions, memories, logs, raw evidence, and unsanitized triage material do not belong in the public repo or wiki.