hermes/svrnty-hermes-webui-plugin
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
058d67b459
svrnty-hermes-webui-plugin/routes/vault_status.py
Svrnty c1e3fa1af0
All checks were successful
plugin-tests / test (push) Successful in 25s
Details
feat(plugin): Phase 2 partial — vault_status migrated + brand skin moved + eval suite (P2.B/C, P3.A/B) 
Lands the easy migrations + the automation skeleton. STT migration deferred
to Phase 2.1 (it touches the streaming engine + bootstrap JS — needs a new
streaming_hook public-API method OR forced-internal CONNECTION-MAP entries).

Migrated to plugin:
  routes/vault_status.py    GET /api/vault/status (from fork commit 3e2c74f3)
  static/{app.js,app.css,fonts/}  brand skin (from hermes-ext/)

Plugin auto-loaded by hermes-webui when HERMES_WEBUI_PYTHON_PLUGIN is set;
register_static + inject_stylesheet + inject_script wire the URL contract at
/plugins/svrnty/{app.css,app.js} per protocol §14 (Q5).

Automation skeleton:
  Makefile                          one-liner targets: test · map · sync-upstream · smoke
  scripts/boot-smoke.py             start upstream+plugin, curl every endpoint
  scripts/upstream-sync.py          fetch tags + run matrix + JSON report
  tests/evals/test_features.py      4 evals (loader contract · vault payload · brand URL contract · forced-internal=0)
  tests/unit/test_brand_skin.py     4 asset-presence + wiring tests
  tests/unit/test_vault_status.py   3 handler tests (register, success, error)

CONNECTION-MAP.md: 0 forced-internal dependencies; plugin uses only public API.
AST script timestamp removed so map-check is deterministic.

Tests: 11/11 PASS (4 evals + 7 unit). Integration tests deferred until
boot-smoke runs against a live hermes-webui (Phase 2.D + 2.E gate).

Deferred to next session:
  P2.A  STT migration (needs streaming_hook design — see routes/transcribe.py)
  P2.D  Revert 4 fork feature commits — needs STT migration first
  P2.E  Archive hermes-ext repo — gated on P2.D
  P2.F  Live boot smoke against real webui

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 10:02:47 -04:00

48 lines
1.7 KiB
Python
Raw Blame History

"""GET /api/vault/status — list credctl-managed secrets.
Migrated from hermes-webui fork commit 3e2c74f3 per Phase 2 of the
SVRNTY-HERMES Plugin Protocol. Reports each vault entry's presence (no values
ever leave the vault — secrets stay opaque to the LLM by design).
Public API surface used: api.register_route, api.logger.
No forced internal dependencies — uses subprocess to call credctl directly.
"""
import json
import os
import subprocess
_DEFAULT_CREDCTL = "/home/svrnty/workspaces/cortex/L6-svrnty.core-credentials/credctl"
def register(api):
"""Wire the GET /api/vault/status route."""
log = api.logger("svrnty.routes.vault_status")
api.register_route("/api/vault/status", "GET", _handle_vault_status)
log.info("vault status endpoint registered")
def _handle_vault_status(handler, parsed):
"""Handler signature matches the plugin loader contract."""
credctl = os.environ.get("CREDCTL", _DEFAULT_CREDCTL)
names = []
try:
out = subprocess.run(
[credctl, "list"],
capture_output=True, text=True, timeout=5,
)
names = [
line.strip() for line in out.stdout.splitlines()
if line.strip() and not line.startswith("credentials:")
]
except Exception:
names = []
payload = json.dumps({"secrets": [{"name": n} for n in names]})
body = payload.encode("utf-8")
handler.send_response(200)
handler.send_header("Content-Type", "application/json; charset=utf-8")
handler.send_header("Content-Length", str(len(body)))
handler.send_header("Cache-Control", "no-store")
handler.end_headers()
handler.wfile.write(body)
return True
Reference in New Issue View Git Blame Copy Permalink