Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

hermes-cred-as-sturdy

Name: Hermes Cred As Sturdy
Author: plurigrid

// Replace Hermes' multi-credential pool (raw API keys in process memory + file store) with persistent OCapN SturdyRefs wrapped in revocable forwarders. Each provider key becomes an unguessable, revocable cap reference; rotation = swap forwarder; the LLM never sees the bearer string.

Exécuter dans Manus

$ git log --oneline --stat

stars:23

forks:6

updated:26 avril 2026 à 06:53

SKILL.md

readonly

name	hermes-cred-as-sturdy
description	Replace Hermes' multi-credential pool (raw API keys in process memory + file store) with persistent OCapN SturdyRefs wrapped in revocable forwarders. Each provider key becomes an unguessable, revocable cap reference; rotation = swap forwarder; the LLM never sees the bearer string.
type	bridge
parent	hermes-goblins-bridge
row	7
proto	R
polarity	0
status	stub

hermes-cred-as-sturdy

Phase 2 (state). Foundation for hermes-mcp-as-sealed and any cap that needs cross-session persistence.

Hermes signature

/Users/bob/i/hermes-agent/agent/credential_pool.py + hermes_cli/auth.py

PROVIDER_REGISTRY            # provider → key-shape, base-url, refresh path
read_credential_pool() / write_credential_pool()
_load_provider_state() / _save_provider_state()
# Codex tokens: _import_codex_cli_tokens, _codex_access_token_is_expiring
# Locking: _auth_store_lock (threading.Lock around the file)

run_agent.py:5128,5155 — _rotate_credential / _swap_credential mid-conversation.

Authority pattern: bearer-key-in-memory. Pool is a list of (provider, key, status, ttl) tuples. Rotation = pick the next non-rate-limited entry. Persistence = JSON file with file-lock. The agent process holds raw API keys in memory; any tool that imports credential_pool can read them.

Goblins signature

Each credential becomes a SturdyRef (unguessable persistent URI) pointing to a ^provider-cap actor; the actor wraps the raw key and exposes the provider's API methods. Pool = collection of revocable forwarders.

;; One provider cap per (provider, key)
(define (^provider-cap bcom provider raw-key base-url)
  (methods
    ((complete prompt opts) (httpx-post base-url 'completions ...))
    ((stream prompt opts)   ...)))

;; Pool wraps each in a revocable forwarder; rotation = move to next un-revoked entry
(define (^cred-pool bcom)
  (define entries (gset))   ; Mandy Pattern D
  (methods
    ((acquire provider)
     (find-active-forwarder entries provider))
    ((rotate provider reason)
     (revoke-current entries provider reason)
     (next entries provider))
    ((add provider sref)    (assert! entries `(cred ,provider ,sref)))
    ((revoke sref)          ((retract-revoker entries sref)))))

Persistence via Goblins vat-snapshot/vat-restore (Mandy Pattern D — bcom+gset). Raw keys never leave the vat that constructed them.

Translation table

Hermes call	Goblins message	Notes
`read_credential_pool()`	`(<- pool 'list)`	returns SturdyRef list, never raw keys
`write_credential_pool(...)`	`(<- pool 'add provider sref)`	new cap spawned, SturdyRef minted
`_rotate_credential(provider)`	`(<- pool 'rotate provider 'rate-limit)`	revokes current, returns next forwarder
`_swap_credential(...)`	revoke + add	atomic; in-flight requests fail with `'revoked` not 401
`key.is_expiring()` (Codex)	`(<- cred 'expires-at)` + auto-refresh fiber	refresh runs in vat, key never on the wire
import API key from env	mint SturdyRef once, store in SturdyRef store; delete env	one-time bootstrap

Failure modes (closed by this bridge)

Raw key in process memory readable by any tool — keys live in the provider-cap vat; other vats see only the SturdyRef (URI; useless without the cap-holder vat alive).
Key leaks into LLM context via error message — provider-cap formats errors with redacted refs (<cred:abc123>) not raw bytes.
Stale rotation race — Hermes rotates by mutating shared dict; cap version uses revoker thunk → in-flight calls fail atomically with 'revoked, not by silently using the new key.
Cross-session leakage — SturdyRef is the only persistent handle; restoration requires holding the SturdyRef and an unsealer (Mandy Pattern B-style nonce).

Failure modes (introduced; must mitigate)

SturdyRef store leak = full takeover — store is the equivalent of the Codex token JSON; protect with same OS perms, optionally seal with a passphrase-derived sealer.
Refresh-fiber stall — if the in-vat refresh fiber crashes, cap goes stale. → use Mandy Pattern A syscaller-free-fiber for the refresh I/O so the vat queue isn't blocked.

Test vector

sref = pool.add('anthropic', mint_sturdy(raw_key))
# Raw key never returned again:
assert pool.list() == [{'provider': 'anthropic', 'sref': '<sturdy:abc...>'}]
cap = pool.acquire('anthropic')
cap.complete("hello")        # works
pool.rotate('anthropic', 'rate-limit')
cap.complete("hello")        # CapError('revoked'), not 429
new_cap = pool.acquire('anthropic')
new_cap.complete("hello")    # works on next entry

# Cross-restart:
vat_save(); restart()
pool2 = vat_restore()
pool2.acquire('anthropic')   # works — SturdyRef redeemed

Capability diff

Property	Hermes (status quo)	Goblins (this bridge)
Key visibility	any importer of credential_pool	provider-cap vat only
Rotation atomicity	dict mutation	revoker thunk → in-flight fail atomically
Persistence	JSON + file-lock	SturdyRef + vat-snapshot
Refresh	thread + skew check	in-vat fiber, syscaller-free for I/O
Audit	log on rotate	every `<-` traversal in vat ledger
Failure mode	logger.warning leaks key prefix	`<cred:abc>` opaque ref

Test-harness location

~/i/goblins-adapter/tests/cred-sturdy-bisim.scm (todo). G7 bisim probe: same prompt sequence to Hermes pool vs Goblins pool, compare provider-side request signatures (modulo timing).

Status: stub

Phase 2 priority. Blocks hermes-mcp-as-sealed (row 8) — MCP OAuth tokens are credentials with extra count-limited semantics, layered on top.

related-skills.json

même dépôt

codex-ocapn-correspondence.md

from "plurigrid/asi"

Maps the 18 OCapN/CapTP/E-rights patterns reinvented piecemeal across codex-rs to their canonical Spritely/Goblins equivalents and the hermes-* bridge skills that formalize each correspondence. Use when auditing capability architecture in codex-rs, planning a Hoot/Goblins port, or reasoning about which E-rights primitive a codex-rs module implicitly implements.

2026-04-2623

deep-inference-interleave.md

from "plurigrid/asi"

Compositional passive inference vs emergent active inference (Hedges Feb 2024) — chain rule, continuations, Siegel-stack cortex mapping, GF(3) triad across monad-bayes / nashator / zig-syrup.

2026-04-2623

hermes-acp-over-captp.md

from "plurigrid/asi"

Bridge Hermes' ACP (Agent Client Protocol) transport onto OCapN/CapTP for RPC and Syndicate for the registry/presence layer. The dual (R+D) row of the rubric — invocation/response naturally fits CapTP, while session/agent discovery fits Syndicate dataspace facts. Removes ACP's bespoke wire while keeping its ergonomics.

2026-04-2623

hermes-approval-as-revocable.md

from "plurigrid/asi"

Replace Hermes' regex-based dangerous-command detector + per-session approval state with a Goblins revocable forwarder — every authority grant has explicit lifecycle (count-limited, time-limited, user-revocable). Approval becomes a cap operation, not a string-pattern guess.

2026-04-2623

hermes-cron-as-dataspace.md

from "plurigrid/asi"

Replace Hermes' cron scheduler (jobs.py + scheduler.py) with scheduled facts in a Syndicate dataspace. Each scheduled job is an assertion `(scheduled ?id

2026-04-2623

hermes-ctx-engine-shim.md

from "plurigrid/asi"

Re-ground Hermes' ContextEngine plugin lifecycle (on_session_start / update_from_response / should_compress / compress / on_session_end) on Syndicate dataspace observers. Token-state becomes published facts; compression is a subscriber that reacts to threshold-crossings; multiple engines coexist by observing the same dataspace.

2026-04-2623

package.json

"author": "plurigrid"

"repository": "plurigrid/asi"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Développeurs de logicielsProfessions informatiques et mathématiques15-1252L4

name	hermes-cred-as-sturdy
description	Replace Hermes' multi-credential pool (raw API keys in process memory + file store) with persistent OCapN SturdyRefs wrapped in revocable forwarders. Each provider key becomes an unguessable, revocable cap reference; rotation = swap forwarder; the LLM never sees the bearer string.
type	bridge
parent	hermes-goblins-bridge
row	7
proto	R
polarity	0
status	stub

hermes-cred-as-sturdy

Phase 2 (state). Foundation for hermes-mcp-as-sealed and any cap that needs cross-session persistence.

Hermes signature

/Users/bob/i/hermes-agent/agent/credential_pool.py + hermes_cli/auth.py

PROVIDER_REGISTRY            # provider → key-shape, base-url, refresh path
read_credential_pool() / write_credential_pool()
_load_provider_state() / _save_provider_state()
# Codex tokens: _import_codex_cli_tokens, _codex_access_token_is_expiring
# Locking: _auth_store_lock (threading.Lock around the file)

run_agent.py:5128,5155 — _rotate_credential / _swap_credential mid-conversation.

Goblins signature

;; One provider cap per (provider, key)
(define (^provider-cap bcom provider raw-key base-url)
  (methods
    ((complete prompt opts) (httpx-post base-url 'completions ...))
    ((stream prompt opts)   ...)))

;; Pool wraps each in a revocable forwarder; rotation = move to next un-revoked entry
(define (^cred-pool bcom)
  (define entries (gset))   ; Mandy Pattern D
  (methods
    ((acquire provider)
     (find-active-forwarder entries provider))
    ((rotate provider reason)
     (revoke-current entries provider reason)
     (next entries provider))
    ((add provider sref)    (assert! entries `(cred ,provider ,sref)))
    ((revoke sref)          ((retract-revoker entries sref)))))

Persistence via Goblins vat-snapshot/vat-restore (Mandy Pattern D — bcom+gset). Raw keys never leave the vat that constructed them.

Translation table

Hermes call	Goblins message	Notes
`read_credential_pool()`	`(<- pool 'list)`	returns SturdyRef list, never raw keys
`write_credential_pool(...)`	`(<- pool 'add provider sref)`	new cap spawned, SturdyRef minted
`_rotate_credential(provider)`	`(<- pool 'rotate provider 'rate-limit)`	revokes current, returns next forwarder
`_swap_credential(...)`	revoke + add	atomic; in-flight requests fail with `'revoked` not 401
`key.is_expiring()` (Codex)	`(<- cred 'expires-at)` + auto-refresh fiber	refresh runs in vat, key never on the wire
import API key from env	mint SturdyRef once, store in SturdyRef store; delete env	one-time bootstrap

Failure modes (closed by this bridge)

Raw key in process memory readable by any tool — keys live in the provider-cap vat; other vats see only the SturdyRef (URI; useless without the cap-holder vat alive).
Key leaks into LLM context via error message — provider-cap formats errors with redacted refs (<cred:abc123>) not raw bytes.
Stale rotation race — Hermes rotates by mutating shared dict; cap version uses revoker thunk → in-flight calls fail atomically with 'revoked, not by silently using the new key.
Cross-session leakage — SturdyRef is the only persistent handle; restoration requires holding the SturdyRef and an unsealer (Mandy Pattern B-style nonce).

Failure modes (introduced; must mitigate)

SturdyRef store leak = full takeover — store is the equivalent of the Codex token JSON; protect with same OS perms, optionally seal with a passphrase-derived sealer.
Refresh-fiber stall — if the in-vat refresh fiber crashes, cap goes stale. → use Mandy Pattern A syscaller-free-fiber for the refresh I/O so the vat queue isn't blocked.

Test vector

sref = pool.add('anthropic', mint_sturdy(raw_key))
# Raw key never returned again:
assert pool.list() == [{'provider': 'anthropic', 'sref': '<sturdy:abc...>'}]
cap = pool.acquire('anthropic')
cap.complete("hello")        # works
pool.rotate('anthropic', 'rate-limit')
cap.complete("hello")        # CapError('revoked'), not 429
new_cap = pool.acquire('anthropic')
new_cap.complete("hello")    # works on next entry

# Cross-restart:
vat_save(); restart()
pool2 = vat_restore()
pool2.acquire('anthropic')   # works — SturdyRef redeemed

Capability diff

Property	Hermes (status quo)	Goblins (this bridge)
Key visibility	any importer of credential_pool	provider-cap vat only
Rotation atomicity	dict mutation	revoker thunk → in-flight fail atomically
Persistence	JSON + file-lock	SturdyRef + vat-snapshot
Refresh	thread + skew check	in-vat fiber, syscaller-free for I/O
Audit	log on rotate	every `<-` traversal in vat ledger
Failure mode	logger.warning leaks key prefix	`<cred:abc>` opaque ref

Test-harness location

~/i/goblins-adapter/tests/cred-sturdy-bisim.scm (todo). G7 bisim probe: same prompt sequence to Hermes pool vs Goblins pool, compare provider-side request signatures (modulo timing).

Status: stub

Phase 2 priority. Blocks hermes-mcp-as-sealed (row 8) — MCP OAuth tokens are credentials with extra count-limited semantics, layered on top.

hermes-cred-as-sturdy

hermes-cred-as-sturdy

Hermes signature

Goblins signature

Translation table

Failure modes (closed by this bridge)

Failure modes (introduced; must mitigate)

Test vector

Capability diff

Test-harness location

Status: stub

Plus depuis ce dépôt

Plus depuis ce dépôt

hermes-cred-as-sturdy

Hermes signature

Goblins signature

Translation table

Failure modes (closed by this bridge)

Failure modes (introduced; must mitigate)

Test vector

Capability diff

Test-harness location

Status: stub