feat: add Hermes Agent integration skill with auto-install#3
Closed
htafolla wants to merge 5 commits into
Closed
Conversation
Comprehensive bug fixes across all 10 MCP servers identified through deep testing with Hermes Agent. Fixes ensure proper function when tools are invoked by AI agents. ## Critical Fixes - **Command injection**: Replaced execSync string interpolation with execFileSync args arrays in auto-format, lint, and security-scan - **Division by zero**: Guarded all division operations in architect-tools (file counts, dependency averages) - **Unhandled sync stat crashes**: Wrapped fs.statSync in try/catch to handle race conditions (file deleted between readdir and stat) - **MCP connection crashes**: Added top-level try/catch in CallToolRequest handlers across 7 servers to prevent unhandled exceptions from killing the MCP connection ## High Priority Fixes - **Infinite recursion**: Renamed enforcer-tools import to avoid method name collision causing stack overflow - **stdio:inherit corrupting MCP protocol**: Changed auto-format Prettier to always use stdio:'pipe' - **npm audit data loss**: Parse error.stdout for JSON vulnerability data when npm audit exits non-zero - **Hardcoded quality scores**: Compute enforcer overallScore from actual sub-check results instead of constant 85 - **Duplicate signal handlers**: Removed duplicate SIGINT/SIGTERM registrations in architect-tools, enforcer, researcher ## Medium Priority Fixes - **execSync timeouts**: Added 30s timeout to all execFileSync calls - **ESLint 9 flat config**: Added eslint.config.js/mjs detection - **Researcher search scope**: Now searches all project dirs, not just src/ - **Package manager auto-detection**: security-scan now detects pnpm/yarn/npm based on lockfile presence - **Security scan false positives**: Exclude test files and comments from vulnerability pattern matching - **State manager error propagation**: saveState now throws on write failure instead of silently succeeding - **Framework-help inconsistencies**: Fixed agent count (8->26), codex term count, added default case for unknown command types - **Orchestrator version**: Updated 1.10.0->1.14.1, fixed stop() to actually close the server - **Estimation null safety**: Added null guard for args parameter ## Low Priority Fixes - Removed void keyword from frameworkLogger.log calls - Double JSON.stringify in state-manager validation - findDependentKeys now matches quoted keys only - Unbounded timer cleanup in researcher checkParent - File scan depth limit (10) in security-scan Tested: 54 functional tests across all 10 servers, all passing. 10 files changed, 614 insertions(+), 290 deletions(-)
Adds a hermes-agent skill that teaches Hermes Agent how to use StringRay CLI commands and MCP servers. Auto-installs to ~/.hermes/skills/ during npm postinstall if Hermes is present on the system. The skill covers all CLI commands (install, health, validate, report, analytics, skill:install, publish-agent, inference, capabilities), MCP server integration guide with full config.yaml snippet, tool naming convention, CLI vs MCP decision matrix, quick decision guide, and common pitfalls. Postinstall detects ~/.hermes/ directory and copies the skill only if source is newer, respecting user edits. Graceful skip if Hermes not installed.
Use optional chaining (?.[1]) instead of truthy check on match array before indexing. TypeScript strict mode does not narrow RegExpMatchArray index access even after null check.
Also synced version to 1.15.1 to match published npm.
…#4) - Fix orchestrator status handler crash: null-safe access on completedTasks/failedTasks and guard against undefined agentUtilization/recentSessions properties - Fix security-scan hardcoding 'npm' instead of auto-detecting package manager via detectPackageManager('auto') - Fix integration test mock path mismatch: vi.mock path '../mcps/agent-resolver.js' corrected to '../../mcps/agent-resolver.js' to match the actual import in the resolveAgent test - Add 'system' prompt to enforcer.yml agent config so resolveAgent('enforcer') returns a defined system field - Fix analyze_complexity NaN scoring: dependencies field can be number or string[] depending on calling tool schema; added safe type checking in calculateTaskComplexity, createOptimizedPlan, sortByDependencies, and calculateParallelPotential - Update OrchestrationTask type to accept string[] | number for dependencies to match both tool schemas All 2311 tests pass (was 2310 pass / 1 fail). Zero new TS errors. Pre-existing downlevelIteration errors on Map iteration unchanged.
Owner
Author
|
Closing in favor of a fresh PR with the same fix |
htafolla
added a commit
that referenced
this pull request
Apr 2, 2026
- Add validators for terms #12, #19, #16, #3, #13 (early returns, small functions, DRY, over-engineering, error boundaries) - Wire processor-pipeline MCP to use CodexLoader for richer validation - Fix orchestrator config loading and conflict resolution wiring - Total 16 active validators now (was 11)
htafolla
added a commit
that referenced
this pull request
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a Hermes Agent skill that teaches Hermes how to use StringRay's CLI commands and MCP servers. The skill auto-installs during
npm install strray-aiif Hermes is present on the system.What This Adds
Hermes Skill (
src/skills/hermes-agent/SKILL.md)A 257-line skill file that covers:
npx strray-ai health)Postinstall Auto-Install (
scripts/node/postinstall.cjs)During
npm install strray-ai, the postinstall script now:~/.hermes/exists (Hermes is installed)src/skills/hermes-agent/SKILL.mdto~/.hermes/skills/hermes-agent/SKILL.mdHow It Works After Merge
Plus the MCP server config from the README integration PR gives Hermes 10 native tools.
Files Changed
Related