Skip to content

JarrodWoodard/verity

Repository files navigation

Verity

A privacy-hardened, self-developing fork of NousResearch/hermes-agent.

Three guarantees:

  1. No behavioral instructions from upstream are injected unless they pass through Verity's review. Verity overrides the system prompt; the agent runs under Verity's identity, not Hermes' default.

  2. No outbound network calls without explicit permission. Only the LLM provider you configured (default: local Ollama or MiniMax) is reachable. Phone-home surfaces in upstream Hermes are stripped via patches; a Python-level netlock catches anything patches miss; an OS-level airgap (with sudo) blocks subprocess-bypass.

  3. Verity can develop itself. Snapshots before every change, tests in an isolated worktree, git tags for rollback. Changes that break tests are discarded.

Install

Requires Hermes already installed (the standard Hermes CLI install).

git clone https://github.com/JarrodWoodard/verity
cd verity
python3 install.py                          # apply patches + install netlock
python3 main.py --check                     # validate config
python3 main.py                             # launch Hermes through Verity

To run in an airgapped network namespace (Layer 3):

sudo bash scripts/airgap.sh                  # full Layer 3 enforcement
bash scripts/airgap.sh --check              # dry-run pre-flight

Layout

verity/
├── install.py            — bootstrap: apply patches, install netlock, write manifest
├── main.py               — entrypoint; validates config, sets VERITY_SYSTEM_PROMPT, launches Hermes
├── selfdev.py            — Phase 4: snapshot → isolate → test → promote → rollback
├── update.py             — Phase 5: absorb new Hermes releases (3-way merge + audit)
├── netlock.py            — Layer 2: Python-level egress filter (urllib, httpx, requests, aiohttp, websockets, socket)
├── system_prompt.md      — Verity's identity block (prepended to agent prompt)
├── toolsets.yaml         — default-deny toolset list
├── providers.yaml        — provider + network allowlist
├── patches/              — 11 numbered patches (9 real + 1 no-op + 1 placeholder)
├── scripts/
│   ├── PINNED-REF        — Hermes SHA we test against
│   ├── regen-vendor.sh   — creates tmp worktree for patch generation
│   ├── airgap.sh         — Layer 3: OS-level network namespace + iptables
│   └── verity-supervisor.sh — pidfile-based supervised restart
├── tests/                — canned test batteries for selfdev/update
├── docs/
│   ├── PLAN.md           — overall strategy + 6 phases
│   ├── AUDIT-FINDINGS.md — code-level audit
│   └── SMOKE-TEST-REPORT.md — end-to-end live test results
├── audit/
│   └── NETWORK-SINKS.md  — every Hermes egress site, classified
└── .selfdev/             — transient: manifests, agent-authored tests

Three-layer privacy guarantee

Layer File What it does
1. Source patches patches/*.patch Strip C1/C2/C3/C4 egress sites from Hermes source
2. Python netlock netlock.py Monkeypatch urllib/httpx/requests/aiohttp/websockets/socket to refuse non-allowlisted destinations
3. OS airgap scripts/airgap.sh unshare -n + iptables: deny everything except allowlisted IPs

Any one layer alone is not sufficient. All three together hold.

Self-development

Verity can change itself safely:

# Make a change to a Verity file
# Then run selfdev to test and promote:
python3 selfdev.py run "describe what you changed"

# See version history:
python3 selfdev.py list

# Rollback if needed:
python3 selfdev.py rollback verity-v3

Update from upstream

When Nous ships a new Hermes release:

python3 update.py run upstream/main    # or a specific SHA

This applies Verity's patches (with 3-way merge fallback), audits new egress sites, and refuses to update if any patch fails to apply.

Verification

python3 main.py --check                 # Phase 2: config validates
bash scripts/airgap.sh --check          # Phase 3: namespace setup OK
python3 selfdev.py status               # Phase 4: selfdev state
python3 update.py --help                # Phase 5: update CLI surface

See docs/SMOKE-TEST-REPORT.md for the end-to-end live test that confirmed all five phases working against a real Hermes install with a real MiniMax-M3 LLM call.

License

Verity is licensed under the same terms as upstream Hermes (MIT). Patches in patches/ are derivative works of MIT-licensed code.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors