feat: hive peer store with crypto signing, mDNS discovery, gossip protocol#369
Merged
Conversation
520584d to
7fd406d
Compare
…, violation persistence
- Guard violation counter with JSONL persistence (~/.b00t/guard-violations.jsonl)
- 🦨→💩 escalation: Warn→Block when violation_count >= repeat_threshold
- check_guards() auto-persists violations on every match
- K0mmand3rStage guards: pattern = { stage = "pre_parse" } in hive-guards.hive.toml
- parser_stages wired into KmdLine::parse() at 7 phases
- b00t-ast CLI binary: b00t-ast dir <path> [--format json|mcp|counts]
- b00t-py: guard_check, emoji_lookup, register_stage_guard bindings
- KmdLine fields made pub for serde serialization
- Schema datums moved to _b00t_/schema/ (uppercase convention)
- k0mmand3r crate edition 2024, clean lints
- Rust 2024: #![allow]→removed, set_var unsafe wrappers
- b00t_env_backend.py promoted from DESIGN to working Python backend
- Hermes backend symlinked: just hermes-backend-enable
…ite patch Vendor submodule pointing to PromptExecution/hermes-agent-b00t on feat/pre-tool-rewrite-hook branch. Contains the get_pre_tool_call_directives() patch required for b00t guard interposition via Hermes plugin hooks. Upstream PR: NousResearch/hermes-agent#19305 Internal PR: PromptExecution/hermes-agent-b00t#1
…ventional commits New hive guards block or warn before git commands reach the shell: - BLOCK: git checkout main/master — use feature branches - BLOCK: git push origin main — use PRs instead - BLOCK: git merge main — use gh pr merge - WARN: git checkout -b without type/ — use feat/fix/chore/ prefix - WARN: git commit -m without colon — use Conventional Commits format
- Registered regex_match(cmd, pattern) on Rhai engine in hive.rs for future guard pattern matching - Added 5 SCM guards to hive-guards.hive.toml: BLOCK: git checkout main/master, git push origin main, git merge main WARN: branch without type/ prefix, commit without conventional format - All guards use simple cmd.contains() — readable, no escaping hell
Bumps vendor/hermes-agent-b00t to include the new plugins/b00t/ directory with pre_tool_call hook that routes terminal commands through b00t hive run --dry-run guard evaluation.
fcd3926 to
6e0bacf
Compare
Owner
Author
|
@copilot MECE good-faith critical review of code only |
Agent-Logs-Url: https://github.com/elasticdotventures/_b00t_/sessions/b13588c4-07c5-4b06-8575-5be55c579fb1 Co-authored-by: elasticdotventures <35611074+elasticdotventures@users.noreply.github.com>
Copilot stopped work on behalf of
elasticdotventures due to an error
May 4, 2026 03:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hive peer discovery and trust infrastructure:
Cryptographic Peer Store
HiveIdentity(auto-generated keypair at~/.b00t/hive-identity.key)IrontologyPeerStorewith SQLite backend, FactRecord modelPeerStoretrait withFilePeerStorebootstrap fallbackmDNS Discovery & Gossip
b00t hive peers discover— real mDNS LAN scan viamdns-sdcrateadvertise_hive_peer()— register this node as_b00t-hive._tcp.localgossip_with_peer()— query random peer's list, merge unknown peersstart_gossip_loop()— background anti-entropy convergenceCLI & UX
b00t hive peers add <id> <address>— register in signed ledgerb00t hive peers remove <id>— remove from ledgerb00t hive peers prune --older-than 30d— garbage collect stale peersb00t hive peers list --health— parallel health checks on all peers--dry-runmodeTemplate Engine
{{ jinja }}expression resolution in.tomllmdconfigs via Terahostname()andenv(name='VAR')template functionsDependencies Added
mdns-sd(mDNS discovery)ed25519-dalek+sha2+hex+zeroize(crypto signing)rand(random peer selection for gossip)