Skip to content

feat: add Hermes Agent integration skill with auto-install#3

Closed
htafolla wants to merge 5 commits into
masterfrom
feat/hermes-agent-skill
Closed

feat: add Hermes Agent integration skill with auto-install#3
htafolla wants to merge 5 commits into
masterfrom
feat/hermes-agent-skill

Conversation

@htafolla

Copy link
Copy Markdown
Owner

Summary

Adds a Hermes Agent skill that teaches Hermes how to use StringRay's CLI commands and MCP servers. The skill auto-installs during npm install strray-ai if Hermes is present on the system.

What This Adds

Hermes Skill (src/skills/hermes-agent/SKILL.md)

A 257-line skill file that covers:

  • All CLI commands -- install, init, health, validate, fix, doctor, status, debug, report, analytics, capabilities, skill:install, skill:registry, antigravity, publish-agent, inference:improve, inference:tuner
  • MCP server integration -- full config.yaml snippet for all 10 servers, tool naming convention, setup instructions
  • CLI vs MCP decision matrix -- what each covers, when to use which
  • Quick decision guide -- maps user requests ("is StringRay set up?") to commands (npx strray-ai health)
  • Pitfalls -- orchestrator nested path, timeout differences, absolute vs relative paths, etc.

Postinstall Auto-Install (scripts/node/postinstall.cjs)

During npm install strray-ai, the postinstall script now:

  1. Checks if ~/.hermes/ exists (Hermes is installed)
  2. Copies src/skills/hermes-agent/SKILL.md to ~/.hermes/skills/hermes-agent/SKILL.md
  3. Only overwrites if source is newer (respects user edits)
  4. Skips gracefully if Hermes is not installed
  5. Shows confirmation in postinstall output

How It Works After Merge

npm install strray-ai
→ postinstall detects ~/.hermes/
→ copies hermes-agent skill
→ user restarts Hermes
→ skill appears in Hermes skill list
→ Hermes knows when and how to run StringRay commands

Plus the MCP server config from the README integration PR gives Hermes 10 native tools.

Files Changed

src/skills/hermes-agent/SKILL.md  | 257 +++++++++++++++
scripts/node/postinstall.cjs       |  30 +++-
2 files changed, 286 insertions(+), 1 deletion(-)

Related

Comprehensive bug fixes across all 10 MCP servers identified through
deep testing with Hermes Agent. Fixes ensure proper function when
tools are invoked by AI agents.

## Critical Fixes
- **Command injection**: Replaced execSync string interpolation with
  execFileSync args arrays in auto-format, lint, and security-scan
- **Division by zero**: Guarded all division operations in
  architect-tools (file counts, dependency averages)
- **Unhandled sync stat crashes**: Wrapped fs.statSync in try/catch
  to handle race conditions (file deleted between readdir and stat)
- **MCP connection crashes**: Added top-level try/catch in
  CallToolRequest handlers across 7 servers to prevent unhandled
  exceptions from killing the MCP connection

## High Priority Fixes
- **Infinite recursion**: Renamed enforcer-tools import to avoid
  method name collision causing stack overflow
- **stdio:inherit corrupting MCP protocol**: Changed auto-format
  Prettier to always use stdio:'pipe'
- **npm audit data loss**: Parse error.stdout for JSON vulnerability
  data when npm audit exits non-zero
- **Hardcoded quality scores**: Compute enforcer overallScore from
  actual sub-check results instead of constant 85
- **Duplicate signal handlers**: Removed duplicate SIGINT/SIGTERM
  registrations in architect-tools, enforcer, researcher

## Medium Priority Fixes
- **execSync timeouts**: Added 30s timeout to all execFileSync calls
- **ESLint 9 flat config**: Added eslint.config.js/mjs detection
- **Researcher search scope**: Now searches all project dirs, not
  just src/
- **Package manager auto-detection**: security-scan now detects
  pnpm/yarn/npm based on lockfile presence
- **Security scan false positives**: Exclude test files and comments
  from vulnerability pattern matching
- **State manager error propagation**: saveState now throws on write
  failure instead of silently succeeding
- **Framework-help inconsistencies**: Fixed agent count (8->26),
  codex term count, added default case for unknown command types
- **Orchestrator version**: Updated 1.10.0->1.14.1, fixed stop()
  to actually close the server
- **Estimation null safety**: Added null guard for args parameter

## Low Priority Fixes
- Removed void keyword from frameworkLogger.log calls
- Double JSON.stringify in state-manager validation
- findDependentKeys now matches quoted keys only
- Unbounded timer cleanup in researcher checkParent
- File scan depth limit (10) in security-scan

Tested: 54 functional tests across all 10 servers, all passing.
10 files changed, 614 insertions(+), 290 deletions(-)
Adds a hermes-agent skill that teaches Hermes Agent how to use StringRay
CLI commands and MCP servers. Auto-installs to ~/.hermes/skills/ during
npm postinstall if Hermes is present on the system.

The skill covers all CLI commands (install, health, validate, report,
analytics, skill:install, publish-agent, inference, capabilities), MCP
server integration guide with full config.yaml snippet, tool naming
convention, CLI vs MCP decision matrix, quick decision guide, and
common pitfalls.

Postinstall detects ~/.hermes/ directory and copies the skill only if
source is newer, respecting user edits. Graceful skip if Hermes not
installed.
Use optional chaining (?.[1]) instead of truthy check on match array
before indexing. TypeScript strict mode does not narrow RegExpMatchArray
index access even after null check.
htafolla and others added 2 commits March 27, 2026 12:29
Also synced version to 1.15.1 to match published npm.
…#4)

- Fix orchestrator status handler crash: null-safe access on
  completedTasks/failedTasks and guard against undefined
  agentUtilization/recentSessions properties
- Fix security-scan hardcoding 'npm' instead of auto-detecting
  package manager via detectPackageManager('auto')
- Fix integration test mock path mismatch: vi.mock path
  '../mcps/agent-resolver.js' corrected to '../../mcps/agent-resolver.js'
  to match the actual import in the resolveAgent test
- Add 'system' prompt to enforcer.yml agent config so
  resolveAgent('enforcer') returns a defined system field
- Fix analyze_complexity NaN scoring: dependencies field can be
  number or string[] depending on calling tool schema; added
  safe type checking in calculateTaskComplexity,
  createOptimizedPlan, sortByDependencies, and
  calculateParallelPotential
- Update OrchestrationTask type to accept string[] | number for
  dependencies to match both tool schemas

All 2311 tests pass (was 2310 pass / 1 fail). Zero new TS errors.
Pre-existing downlevelIteration errors on Map iteration unchanged.
@htafolla

Copy link
Copy Markdown
Owner Author

Closing in favor of a fresh PR with the same fix

@htafolla htafolla closed this Mar 27, 2026
@htafolla htafolla deleted the feat/hermes-agent-skill branch March 31, 2026 15:40
htafolla added a commit that referenced this pull request Apr 2, 2026
- Add validators for terms #12, #19, #16, #3, #13 (early returns, small functions, DRY, over-engineering, error boundaries)
- Wire processor-pipeline MCP to use CodexLoader for richer validation
- Fix orchestrator config loading and conflict resolution wiring
- Total 16 active validators now (was 11)
htafolla added a commit that referenced this pull request Apr 2, 2026
- Add skipped tests for validators #12, #19, #16, #3, #13 (need real codex.json)
- Add MCP integration tests for codex-loader wiring
- Tests validate CodexLoader and processor-pipeline use the same rules
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant