Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions .ai/COMMANDS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Known Commands

Only commands verified for this repository should be added here.

## Repo status

git status --short --branch

## Install

# Add repo-specific install command here

## Start

# Add repo-specific start command here

## Stop

# Add repo-specific stop command here

## Restart

# Add repo-specific restart command here

## Lint

# Add repo-specific lint command here

## Test

# Add repo-specific test command here

## Build

# Add repo-specific build command here

## Typecheck

# Add repo-specific typecheck command here

## Format

# Add repo-specific format command here

## Audit

# Add repo-specific audit command here

## Rollback

git status --short
git restore .
git clean -fd

Warning: `git clean -fd` deletes untracked files. Review before using.
54 changes: 54 additions & 0 deletions .ai/FAILURES.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Failure Knowledge Base

Record recurring failures and proven fixes.

## Template

### Failure title

- Date first seen:
- Symptoms:
- Error text:
- Cause:
- Fix:
- Verification:
- Prevention:

---

## Known failures

### Port 8788 already in use

- Symptoms: Hermes/Hermex cannot start or browser cannot connect.
- Check:

ss -ltnp | grep ':8788'

- Fix:

fuser -k 8788/tcp

- Verification:

curl -I http://127.0.0.1:8788 || true

### GitHub auth expired

- Symptoms: `gh` commands fail.
- Check:

gh auth status

- Fix:

gh auth login

### Tailscale IP changed

- Symptoms: iPhone cannot reach old Hermex URL.
- Check:

tailscale ip -4

- Fix: Update saved Hermex URL to current Tailscale IP.
37 changes: 37 additions & 0 deletions .ai/GITHUB_PROJECTS_PLAN.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# GitHub Projects Plan — AI Mobile Command Center

## Project name

AI Mobile Command Center

## Purpose

Track Hermes, Hermex, GitHub, OpenCode, terminal, and mobile development work from one board.

## Recommended fields

| Field | Type | Values |
|---|---|---|
| Repo | Single select | agent-workbench, hermes-webui, scripts, opencode |
| Agent | Single select | Hermes, OpenCode, Manual, Review |
| Risk | Single select | Safe, Needs Review, Dangerous |
| Device | Single select | iPhone, WSL, GitHub Actions, PC |
| Status | Single select | Inbox, Ready, Running, Blocked, Review, Done |
| Next Command | Text | Exact next command or /opencode comment |
| Context Health | Single select | Green, Yellow, Red |

## Automation rules

- New issue → Inbox
- PR opened → Review
- PR merged → Done
- Failed workflow → Blocked
- Label `agent-task` → Ready
- Label `dangerous` → Needs manual review

## Mobile usage

- Hermex: task creation and summaries
- GitHub Mobile: approval, review, merge
- Termius/Moshi: manual terminal execution
- GitHub Actions: verification
27 changes: 27 additions & 0 deletions .ai/RULESET_PLAN.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Repository Ruleset Plan

## Target branch

main

## Required protections

- Require pull request before merge
- Require status checks before merge
- Block force push
- Block branch deletion
- Require conversation resolution
- Restrict direct pushes to main
- Require linear history if compatible with workflow

## Required status checks

- AI Safety Checks
- Repo Health
- CodeQL

## Rollout mode

1. Start in Evaluate mode if available.
2. Confirm no expected workflow is blocked.
3. Switch to Active mode.
26 changes: 26 additions & 0 deletions .ai/RUN_LEDGER.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# AI Run Ledger

Use this file to record meaningful AI-assisted changes.

## Template

### YYYY-MM-DD — Short run title

- Agent:
- Model/provider:
- Trigger:
- Related issue/PR:
- Files changed:
- Commands run:
- Tests run:
- Result:
- Risks:
- Rollback command:

git revert <commit>

---

## Runs

No runs recorded yet.
27 changes: 27 additions & 0 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"name": "Agent Workbench Dev",
"image": "mcr.microsoft.com/devcontainers/base:ubuntu",
"features": {
"ghcr.io/devcontainers/features/github-cli:1": {},
"ghcr.io/devcontainers/features/node:1": {
"version": "lts"
},
"ghcr.io/devcontainers/features/python:1": {
"version": "3.12"
},
"ghcr.io/devcontainers/features/go:1": {
"version": "latest"
}
},
"postCreateCommand": "bash .devcontainer/setup.sh",
"customizations": {
"vscode": {
"extensions": [
"GitHub.vscode-github-actions",
"GitHub.vscode-pull-request-github",
"GitHub.copilot",
"GitHub.copilot-chat"
]
}
}
}
18 changes: 18 additions & 0 deletions .devcontainer/setup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/usr/bin/env bash
set -euo pipefail

echo "Setting up dev container..."

if [ -f package.json ]; then
npm install
fi

if [ -f requirements.txt ]; then
python3 -m pip install -r requirements.txt
fi

if [ -f go.mod ]; then
go mod download
fi

echo "Dev container setup complete."
21 changes: 21 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Global owner
* @MerverliPy

# GitHub automation and security-sensitive files
.github/workflows/* @MerverliPy
.github/dependabot.yml @MerverliPy
.github/CODEOWNERS @MerverliPy
SECURITY.md @MerverliPy

# Agent and automation controls
.ai/* @MerverliPy
bin/* @MerverliPy
scripts/* @MerverliPy

# Environment examples and config templates
*.env.example @MerverliPy
config/* @MerverliPy

# Security/auth-sensitive source zones
src/auth/* @MerverliPy
src/security/* @MerverliPy
30 changes: 28 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,29 @@

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "08:00"
labels:
- "dependencies"
- "github-actions"
- "automated"
open-pull-requests-limit: 5
groups:
github-actions-minor-patch:
update-types:
- "minor"
- "patch"

- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "08:30"
groups:
typescript:
patterns:
Expand All @@ -23,11 +41,19 @@ updates:
prefix: "chore(deps)"
prefix-development: "chore(deps-dev)"

- package-ecosystem: "github-actions"
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
labels:
- "dependencies"
- "ci"
- "python"
- "automated"
open-pull-requests-limit: 5
groups:
python-minor-patch:
update-types:
- "minor"
- "patch"
28 changes: 28 additions & 0 deletions .github/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
changelog:
exclude:
labels:
- ignore-for-release
authors:
- dependabot
categories:
- title: Breaking Changes
labels:
- breaking
- title: Features
labels:
- feature
- enhancement
- title: Fixes
labels:
- bug
- fix
- title: Security
labels:
- security
- title: Maintenance
labels:
- dependencies
- maintenance
- title: Other Changes
labels:
- "*"
34 changes: 34 additions & 0 deletions .github/workflows/ai-safety.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: AI Safety Checks

on:
pull_request:
push:
branches: [ "main" ]

permissions:
contents: read

jobs:
safety:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Check for obvious secret patterns
run: |
set -e
if grep -RInE '(OPENAI_API_KEY|ANTHROPIC_API_KEY|GITHUB_TOKEN|TELEGRAM_BOT_TOKEN|BEGIN RSA PRIVATE KEY|BEGIN OPENSSH PRIVATE KEY)' . \
--exclude-dir=.git \
--exclude='*.md'; then
echo "Potential secret detected."
exit 1
fi

- name: Check for risky destructive shell patterns
run: |
set -e
if grep -RInE 'rm -rf /|rm -rf \$HOME|mkfs\.|dd if=|chmod -R 777|curl .*\| bash|wget .*\| bash' . \
--exclude-dir=.git; then
echo "Risky destructive pattern detected."
exit 1
fi
Loading
Loading