PROD Hermes Workspace
76 pages 76 clean 0 need attention
Page navigation 76

Project

Domains

Folders · apps/

Folders · docs/

Folders · knowledge/

Folders · ops/

Folders · packages/

Folders · scripts/

Folders · tests/

Folders · pods/

Folders · tools/

Shared

Metadata clean
Route
/knowledge/portal/project/folders/ops/scripts
Source
knowledge/portal/project/folders/ops/scripts.md
Covered files
0
Last generated
unknown

ops/scripts/

State: folder wiki page generated by deterministic sync

Folder: ops/scripts/

What

ops/scripts/ contains operational automation scripts (drift checks, probes, safety checks). This boundary currently has 18 direct file(s) and 0 direct subfolder(s).

Does

It packages operational runbooks, scripts, and deployment artifacts for runtime stewardship (dominant direct file kinds: .py:17, .md:1).

Why

Operational clarity is required for recoverability, incident response, and safe production changes.

Subfolders

  • (no direct subfolders)

Files

  • README.md — What: ops/scripts/ contains operational automation scripts (drift checks, probes, safety checks). This boundary currently has 18 direct file(s) and 0 direct subfolder(s). Does: It packages operational runbooks, scripts, and deployment artifacts for runtime stewardship (dominant direct file kinds: .py:17, .md:1). Why: Operational clarity is required for recoverability, incident response, and safe production changes.
  • backup_restore_drill.py — What: Backup/restore drill execution and cadence scheduler for resilience verification. Does: Restores the latest SQLite backup into a disposable path, verifies schema/row-count/checksum integrity, and manages due/skip state for automated scheduler ticks. Why: Keeps restore confidence checks repeatable without introducing hidden runtime daemons or non-contract side paths.
  • compose_secrets_materialize.py — What: Compose-lane SOPS+Age secret materialization utility. Does: Decrypts lane-specific encrypted dotenv payloads into compose env_file targets with strict path/permission guardrails. Why: Keeps DEV/PROD compose lanes fed by encrypted-in-repo secrets while preventing plaintext secret commits.
  • degraded_mode_drill.py — What: Python module for degraded mode drill behavior in ops/scripts/degraded_mode_drill.py. Does: Implements runtime logic, API contracts, or automation helpers used by this lane. Why: Concentrates boundary logic so agents can reason about impact quickly.
  • dev_lane_latency_contract.py — What: Python module for dev lane latency contract behavior in ops/scripts/dev_lane_latency_contract.py. Does: Implements runtime logic, API contracts, or automation helpers used by this lane. Why: Concentrates boundary logic so agents can reason about impact quickly.
  • env_isolation_check.py — What: Environment isolation gate checks for Portal promotion and Hermes role lanes. Does: Verifies DEV/PROD compose separation and validates DEV/TEST Hermes lane matrix + port/state bindings against shared PROD runtime state. Why: Prevents false promotion proof when lane config can collide with or accidentally touch PROD state.
  • gemma4_benchmark.py — What: Gemma 4 benchmark and readiness evidence collector for target hardware. Does: Benchmarks a selected Gemma profile, optionally pulls missing variants when explicitly enabled, and writes latency/throughput/RAM evidence. Why: Implements TASK-222 with grounded runtime proof while keeping heavyweight model validation operator-gated.
  • lane_supervisor_template_parity.py — What: Machine-readable lane supervisor process template parity gate. Does: Compares the committed process template contract surface to runtime lane supervisor manifest defaults. Why: Lets CI/operators fail fast on drift without changing the manifest or health contracts.
  • legacy_artifact_report.py — What: Legacy artifact segregation report generator. Does: Audits configured legacy roots and emits deterministic archive-policy report JSON. Why: Supports TASK-143 decommission readiness with explicit legacy segregation evidence.
  • nginx_tls_contract_check.py — What: Runtime verifier for nginx TLS/certbot/security-header and streaming contract. Does: Probes nginx/certbot state, HTTPS certificates and headers, redirect behavior, and key paths (/threads, /api/dashboard/stream) via nginx. Why: Provides deterministic TASK-241 evidence and concrete blocker reporting without guessing.
  • ollama_warmup.py — What: Ollama warmup + fallback readiness matrix check. Does: Verifies pinned models are available, performs one-shot warmup per pinned model, and writes a JSON readiness report. Why: Implements TASK-151 boot-time diagnostics with deterministic operator evidence.
  • portal_drift_check.py — What: Python module for portal drift check behavior in ops/scripts/portal_drift_check.py. Does: Implements runtime logic, API contracts, or automation helpers used by this lane. Why: Concentrates boundary logic so agents can reason about impact quickly.
  • portal_smoke_probe.py — What: Python module for portal smoke probe behavior in ops/scripts/portal_smoke_probe.py. Does: Implements runtime logic, API contracts, or automation helpers used by this lane. Why: Concentrates boundary logic so agents can reason about impact quickly.
  • role_config_template_parity.py — What: Machine-readable role config template parity gate for Hermes role lanes. Does: Validates required config/env fields and environment overlays for a lane home against the committed TASK-153 template contract. Why: Surfaces drift with expected/actual diffs before launch so DEV/PROD overlays stay isolated and reproducible.
  • secrets_inventory_check.py — What: Validation script for Portal/Hermes secrets inventory contract. Does: Verifies inventory runbook presence, required sections, and absence of obvious secret literals. Why: Keeps migration security documentation deterministic and prevents accidental secret leakage in docs.
  • task217_role_pack_filesystem_migrate.py — What: Task-217 role-pack filesystem migration runner for Hermes dev/test homes. Does: Copies v1 role-pack assets into each role home, writes bounded MEMORY.md content, and generates AGENTS.md-equivalent context indexes. Why: Makes role-pack migration reproducible with one deterministic command and machine-readable report output.
  • tokscale_refresh.py — What: Tokscale refresh script for Portal. Does: Generates a fresh Tokscale Hermes usage payload and ingests it into Portal's dashboard DB. Why: Keeps Portal token dashboards backed by durable Tokscale snapshots without manual JSON copying.
  • tokscale_report.py — What: Tokscale-backed Hermes usage report generator. Does: Runs Tokscale against the local Hermes session store across multiple time windows and writes a deterministic JSON artifact for Portal dashboards. Why: Gives Portal real Hermes-side usage data without making dashboard views shell out to Tokscale on every request.