docs: add in-repo node-agent release operations skill

565e2a88 · Lisa (Hermes AI) · 645a7481 · 565e2a88 · 565e2a88
Commit 565e2a88 authored May 14, 2026 by Lisa (Hermes AI)
Hide whitespace changes
Inline Side-by-side

Showing with 154 additions and 0 deletions

node-agent-release-operations.md docs/node-agent-release-operations.md +77 -0

SKILL.md skills/devops/node-agent-release-operations/SKILL.md +77 -0

No files found.
--- a/docs/node-agent-release-operations.md
+++ b/docs/node-agent-release-operations.md
+<!-- Copyright (C) 2026 Stefy Lanza <stefy@nexlab.net> -->
+<!-- SPDX-License-Identifier: GPL-3.0-or-later -->
+<!-- Copyleft: GNU GPLv3 or later applies to this file. -->
+# Node Agent Release Operations
+
+This document is the in-repo operational reference for rebuilding and publishing the Hermes Node Agent bundle when gateway-side or node-agent-side protocol behavior changes.
+
+## Canonical repositories
+
+- Node Gateway plugin repo: `git@git.nexlab.net:lisa/hermes-node-gateway.git`
+- Node Agent repo: `git@git.nexlab.net:lisa/hermes-node-agent.git`
+
+## Canonical node-agent release path
+
+The canonical release workflow lives in the node-agent repo at:
+
+- `/home/lisa/hermes-node-protocol/node-agent/release-node-agent.sh`
+
+Use that script as the default path. If release behavior changes, fix the script first, then rerun it. Do not normalize ad-hoc manual release rituals.
+
+## What `release-node-agent.sh` does
+
+1. Runs `./build-linux.sh`
+2. Re-embeds the current Linux payload into `deploy/linux/install-node.sh`
+3. Syncs the Linux wrapper into `release/bundle/hermes-node-agent-installer.sh`
+4. Picks a Windows installer from the known artifact locations
+5. Picks the Chrome extension zip from the known artifact locations
+6. Rebuilds `release/hermes-node-agent-bundle.zip`
+7. Copies the bundle and Linux installer to `/home/lisa/nexlab.net/files/`
+8. Publishes the bundle and Linux installer to `/home/web/lisa.nexlab.net/files/`
+9. Restores `www-data:www-data` ownership and `0644` permissions on published files
+10. Verifies SHA256 parity across local release, mirror, web, and downloaded-live artifacts
+11. Verifies live HTTP availability
+
+## Release command
+
+```bash
+cd /home/lisa/hermes-node-protocol/node-agent
+./release-node-agent.sh
+```
+
+## Release verification expectations
+
+A release is not done because source files look right. Verify the public artifact.
+
+Minimum checks:
+
+- local, mirror, web, and downloaded-live SHA256 values match
+- live URL returns `HTTP/1.1 200 OK`
+- downloaded live Linux installer contains the expected embedded payload
+- for runtime-sensitive fixes, inspect the embedded `hermes_node_agent.py` or `install.sh` from the downloaded live installer
+
+## Gateway ↔ node-agent sync rule
+
+When fixing behavior that spans both repositories:
+
+1. patch the live/canonical gateway plugin repo
+2. patch the canonical node-agent repo
+3. rebuild and publish the node-agent bundle
+4. commit and push both repos separately
+5. verify the live artifact, not just the working tree
+
+This matters for approval flows, capability registration, installer defaults, and any protocol-level drift.
+
+## Known pitfall: same-file copy inside the release script
+
+If the chosen Windows installer or Chrome extension already lives in `release/bundle/`, the script must avoid copying a file onto itself. Guard same-path `cp` operations or the release aborts on a harmless self-copy.
+
+## When to fall back to manual release
+
+Only use manual steps if:
+
+- `release-node-agent.sh` is broken
+- you are repairing the release process itself
+- you need to debug artifact selection or publish verification in isolation
+
+If you had to do a manual release, encode the missing logic back into `release-node-agent.sh` before calling the workflow complete.
--- a/skills/devops/node-agent-release-operations/SKILL.md
+++ b/skills/devops/node-agent-release-operations/SKILL.md
+---
+name: node-agent-release-operations
+description: Use when gateway-side work requires rebuilding, publishing, or verifying the Hermes node-agent bundle and you need the repo-local operational release workflow.
+version: 1.0.0
+author: Lisa
+license: GPL-3.0-or-later
+metadata:
+  hermes:
+    tags: [release, node-agent, gateway, packaging, operations]
+    related_skills: [bundle-release-process]
+---
+
+# Node Agent Release Operations
+
+## Overview
+
+This in-repo skill captures the operational workflow the gateway repo depends on when node-gateway changes must be shipped through the Hermes node-agent bundle. It exists here so the gateway repository carries its own durable release knowledge instead of relying only on `~/.hermes/skills/` state.
+
+## When to Use
+
+- Gateway changes affect node-agent packaging, installer behavior, capability registration, or approval flow semantics.
+- You need to rebuild and republish the public node-agent bundle after protocol or installer changes.
+- You need a gateway-repo-local reference for the canonical node-agent release path.
+
+Do not use this skill for generic git hygiene or plugin-only edits that do not require a node-agent release.
+
+## Canonical Repositories
+
+- Gateway repo: `git@git.nexlab.net:lisa/hermes-node-gateway.git`
+- Node-agent repo: `git@git.nexlab.net:lisa/hermes-node-agent.git`
+
+## Canonical Release Path
+
+Run the node-agent release script from the node-agent repo:
+
+```bash
+cd /home/lisa/hermes-node-protocol/node-agent
+./release-node-agent.sh
+```
+
+Treat `release-node-agent.sh` as the source of truth. If release behavior changed, patch the script first instead of institutionalizing more manual shell choreography.
+
+## What the Script Must Do
+
+1. run `./build-linux.sh`
+2. refresh `dist/hermes-node-agent-linux.tar.gz`
+3. re-embed the payload into `deploy/linux/install-node.sh`
+4. sync `release/bundle/hermes-node-agent-installer.sh`
+5. rebuild `release/hermes-node-agent-bundle.zip`
+6. publish bundle + Linux installer to mirror and web targets
+7. restore web ownership/perms
+8. verify local, mirror, web, and downloaded-live hash parity
+9. verify live HTTP success
+
+## Cross-Repo Workflow
+
+1. patch gateway repo behavior
+2. patch node-agent repo behavior if packaging/runtime changes are needed
+3. run the canonical node-agent release script
+4. inspect the downloaded live artifact for the expected embedded files/content
+5. commit and push both repos
+
+## Common Pitfalls
+
+1. **Verifying only source, not the downloaded live installer.** Public artifact verification is mandatory.
+2. **Manual release drift.** If you had to do manual steps, encode them back into `release-node-agent.sh`.
+3. **Same-file `cp` aborts in release script.** Guard source/destination equality for artifacts already in `release/bundle/`.
+4. **Assuming gateway commit implies bundle publish.** They are separate actions and both must be verified.
+
+## Verification Checklist
+
+- [ ] gateway repo change committed/pushed if applicable
+- [ ] node-agent repo change committed/pushed if applicable
+- [ ] `./release-node-agent.sh` completed successfully
+- [ ] local/mirror/web/live SHA256 values match
+- [ ] live bundle URL returns `200 OK`
+- [ ] downloaded live installer contains the expected embedded payload/content