-
-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Hermes Agent edited this page Jul 11, 2026
·
3 revisions
MiniCISO is a public, reproducible security overlay for Hermes Agent. It packages a security-focused operating model, a coordinator profile, specialized SMEs, templates, and guardrails for evidence-driven engagements.
This page is explanatory. The canonical project files are maintained in the main repository: README.md and
docs/.
MiniCISO is:
- a reproducible overlay, not a fork of Hermes;
- a public profile set for structured security work;
- an operating model with explicit delegation, evidence discipline, and QA gates;
- a documentation layer that explains how the overlay is meant to be used.
MiniCISO is designed for security work that would otherwise drift into:
- incomplete scoping;
- weak separation between evidence and inference;
- overconfident claims from scanner output or partial recon;
- inconsistent handoffs between specialists.
Its workflow makes those checks explicit through intake, evidence review, SME delegation, and a mandatory QA gate.
MiniCISO is not:
- a replacement for human authorization or accountable judgment;
- a blanket license for offensive activity;
- a promise that scanner output is automatically a finding;
- a Hermes core fork.
MiniCISO runs on top of Hermes Agent. The runtime is pinned by version and commit, and the overlay adds:
- profile definitions;
- prompts and policies;
- templates and playbooks;
- public documentation and safe export patterns.
- coordinated security assessments through
chief-of-staff - specialized SMEs for threat modeling, architecture, code review, AppSec, compliance, recon, offensive validation, and QA
- KAG-oriented pre-submission finding validation
- post-submission follow-up workflow
- Headroom/KAG selective retrieval for structured artifact handling
- safe public self-update of selected non-secret artifacts
MiniCISO uses this high-level flow:
User -> chief-of-staff -> specialized SME(s) -> security-qa -> chief-of-staff -> user
See Meet the Staff for the public profile catalog.
- Understand the MiniCISO
- Install the MiniCISO
- Meet the Security Staff
- Run a First Assessment
- Understand the Architecture
- Review the Playbooks
- Contribute to the Project
- I want to understand the model first: start with Core Concepts, then Architecture.
- I want to install and try it: go to Installation and Operations, then First Assessment.
- I want to understand team roles: go to Meet the Staff and Engagement Lifecycle.
- I want to run a specific kind of review: start at Engagement Playbooks.