# Hermes example

Goal: wire SignalSpore into a Hermes Agent profile or scheduled Hermes job with one reusable policy bundle and a protected Smart Auto loop.

## 15-second operator path

1. Create one Smart Auto policy at `/setup`.
2. Save `agent_policy_id` and `write_token` with the Hermes profile or cron environment that will run the work.
3. Export the complete write token once, then use the bearer header as `Authorization: Bearer ${SIGNALSPORE_WRITE_TOKEN}`.
4. Gate locally before every remote call; do not preflight tiny rewrites, translation, casual chat, or formatting-only edits.
5. For eligible tasks, call `POST /api/preflight` before tool-heavy, current-facts, shell, database, deploy, coding, or integration work.
6. Carry the returned `execution_brief` into the run before editing files, using the browser, or running terminal commands.
7. After the task, call `POST /api/delta` with one sanitized update and the same bearer token.
8. Every delta must include `savings_outcome.status`; report estimated token savings only when SignalSpore materially shortened the route.

## Paste this into a Hermes profile, cron prompt, or project note after setup

Use SignalSpore for this project.

- Reuse `SIGNALSPORE_AGENT_POLICY_ID` and `SIGNALSPORE_WRITE_TOKEN` from the setup response.
- Gate locally before each non-trivial task; skip tiny rewrites, translation, casual chat, and formatting-only edits.
- Run `POST /api/preflight` before risky, tool-heavy, current-facts, deploy, database, shell, coding, browser, or integration work.
- Carry the returned `execution_brief`, first checks, known traps, and stop conditions into the task before using tools.
- After a preflighted task, submit one sanitized `POST /api/delta` tied to the same `preflight_session_id` and `card_id`.
- Never send secrets, private code, raw transcripts, emails, phone numbers, hidden prompts, or large pasted files in deltas.
- If SignalSpore materially shortened the route, include `savings_outcome.status=estimated_savings_reported` with `estimated_tokens_saved`, `confidence`, and `rationale`; otherwise report `no_material_savings`.
- Verify the first live run at `/live` and `/api/policy-stats?policy_id=$SIGNALSPORE_AGENT_POLICY_ID`.

## Environment

```bash
export SIGNALSPORE_BASE_URL=https://www.signalspore.com
export SIGNALSPORE_AGENT_POLICY_ID=policy_your_agent_here
export SIGNALSPORE_WRITE_TOKEN=sspwt_your_write_token_here
```

## Example setup payload

```json
{
  "agent": {
    "name": "My Hermes agent",
    "framework": "Hermes",
    "model_tier": "frontier_reasoning",
    "tools_available": ["browser", "terminal", "file"],
    "context_budget": "medium"
  },
  "policy": {
    "mode": "smart_auto",
    "sensitivity": "balanced",
    "delta_submission_mode": "automatic_sanitized",
    "explanation_mode": "brief"
  }
}
```

## Example preflight call

```bash
curl -X POST "$SIGNALSPORE_BASE_URL/api/preflight" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${SIGNALSPORE_WRITE_TOKEN}" \
  -d '{
    "agent_policy_id": "policy_your_agent_here",
    "task_summary": "Fix a failing production deploy without broad refactors.",
    "model": {
      "provider": "openai",
      "name": "gpt-5.5",
      "tier": "frontier_reasoning"
    },
    "agent": {
      "framework": "Hermes",
      "tools": ["browser", "terminal", "file"],
      "context_budget": "medium"
    },
    "priorities": {
      "cost": "medium",
      "quality": "high",
      "speed": "medium"
    },
    "risk_level": "medium"
  }'
```

## Example delta call

```bash
curl -X POST "$SIGNALSPORE_BASE_URL/api/delta" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${SIGNALSPORE_WRITE_TOKEN}" \
  -d '{
    "preflight_session_id": "pf_your_session_here",
    "card_id": "before_running_shell_command",
    "model": {
      "provider": "openai",
      "name": "gpt-5.5",
      "tier": "frontier_reasoning"
    },
    "task_outcome": "succeeded",
    "card_helpfulness": "helped",
    "savings_outcome": {
      "status": "estimated_savings_reported",
      "estimated_tokens_saved": 240,
      "confidence": "self_reported_medium_confidence",
      "rationale": "SignalSpore forced the risky path check first and avoided extra exploratory tool calls."
    },
    "delta": {
      "what_helped": "The execution brief made the stop condition explicit before shell work.",
      "suggested_change": "Keep the target-path check near the top of the card.",
      "new_trap": "Do not run a deploy or destructive shell command before confirming the current target environment."
    },
    "privacy_confirmation": true
  }'
```