-
-
Notifications
You must be signed in to change notification settings - Fork 0
Home
MiniCISO is a public, reproducible security overlay for Hermes Agent. It packages a security-focused operating model, a coordinator profile, specialized SMEs, templates, and guardrails for evidence-driven engagements.
This page is explanatory. The canonical project files are maintained in the main repository: README.md and
docs/.
MiniCISO is:
- a reproducible overlay, not a fork of Hermes;
- a public profile set for structured security work;
- an operating model with explicit delegation, evidence discipline, and QA gates;
- a documentation and tooling layer that stays versioned with the overlay.
Security work often degrades when context is incomplete, evidence is mixed with inference, or intermediate analysis bypasses quality review. MiniCISO tries to reduce those failure modes by making the workflow explicit:
- intake and scoping before conclusions;
- evidence collection before narrative;
- SME specialization instead of one undifferentiated generalist;
- mandatory Security QA before final delivery.
MiniCISO is not:
- a replacement for human authorization or accountable judgment;
- a blanket license for offensive activity;
- a promise that scanner output is automatically a finding;
- a Hermes core fork.
MiniCISO runs on top of Hermes Agent. The runtime is pinned by version and commit, and the overlay adds:
- profile definitions;
- prompts and policies;
- templates and playbooks;
- public documentation and safe export patterns.
- coordinated security assessments through
chief-of-staff - specialized SMEs for threat modeling, architecture, code review, AppSec, compliance, recon, offensive validation, and QA
- KAG-oriented pre-submission finding validation
- post-submission follow-up workflow
- Headroom/KAG selective retrieval for structured artifact handling
- safe public self-update of selected non-secret artifacts
MiniCISO uses this high-level flow:
User -> chief-of-staff -> specialized SME(s) -> security-qa -> chief-of-staff -> user
See Meet the Staff for the public profile catalog.