Hi maintainers — this is not a security report, just a friendly architecture-quality audit note from hermescheck, a repo scanner for AI agent/runtime systems.
I ran a narrow runtime-oriented pass against get-convex/agent and three implementation-level themes looked worth sharing:
- Timeout cleanup appears incomplete around cached agent/session state, which may let a timed-out run leave behind stale control-plane objects before the next turn.
- Context memory growth looks easier to accumulate than to page or prune, so long-running threads may benefit from a clearer paging / retention contract.
- Tool/retrieval execution paths would be easier to reason about in production if capability boundaries and retrieval governance were documented and enforced more explicitly.
This may be noisy or already planned, so please feel free to close if it is not useful. If helpful, I can rerun with an even tighter runtime-only scope and share a cleaner evidence slice.
Hi maintainers — this is not a security report, just a friendly architecture-quality audit note from hermescheck, a repo scanner for AI agent/runtime systems.
I ran a narrow runtime-oriented pass against
get-convex/agentand three implementation-level themes looked worth sharing:This may be noisy or already planned, so please feel free to close if it is not useful. If helpful, I can rerun with an even tighter runtime-only scope and share a cleaner evidence slice.