hermes attestation guardian draft history

Module History: Hermes Attestation Guardian Draft (Archived)

Purpose

This page preserves the original planning draft that led to hermes-attestation-guardian v0.0.1. It is historical context, not current behavior contract.

Status

Draft date: 2026-04-15
Current status: implemented in repository as skills/hermes-attestation-guardian v0.0.1
Source of truth for live behavior: skill code, tests, and wiki/modules/hermes-attestation-guardian.md

What the draft got right

Hermes-only positioning (not OpenClaw hook runtime scope).
Fail-closed verification as a core requirement.
Deterministic attestation and digest binding requirements.
Baseline-vs-current drift detection with severity ranking.
Safe cron automation expectations (explicit apply, non-destructive defaults).

Original design intent (summarized)

Identity and scope

Name should clearly indicate Hermes scope and guardian role.
Metadata should make platform targeting explicit.

Security outcomes

Snapshot posture and integrity-sensitive inputs.
Detect risky toggles, verification regressions, and trust/file drift.
Prioritize high-signal alerts for operators.

Alignment rules

Keep side effects under Hermes paths.
Avoid destructive remediation in MVP.
Keep operator-facing criticality clear.

Packaging/release compatibility

Match ClawSec skill metadata and changelog requirements.
Ensure local validation and test gates pass before release.

Delegate implementation scope

Build generator, verifier, diff logic, cron helper, and tests.
Keep docs aligned to implemented behavior.

What changed from draft to implementation

Implementation hardened path-scope checks (including symlink-aware escape defense).
Verifier baseline trust was made explicit and fail-closed before diffing.
Cron managed-marker parser hardened to fail closed on malformed marker structure.
Wiki documentation now maps each PR claim to wiring and tests with human-readable operator guidance.

Where to look now

Live module documentation:
- wiki/modules/hermes-attestation-guardian.md
Live skill implementation:
- skills/hermes-attestation-guardian/
Validation tests:
- skills/hermes-attestation-guardian/test/

hermes attestation guardian draft history

Module History: Hermes Attestation Guardian Draft (Archived)

Purpose

Status

What the draft got right

Original design intent (summarized)

What changed from draft to implementation

Where to look now

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!