# HC-AGENT-CONFIG · Hermes on iMac Pro

> Read `AGENT-MANIFEST.md` first. This file is HC-only operational config.
> Role: **Monitor + Verify**

---

## 1 · Identity

| | |
|---|---|
| Agent | HC (Hermes) |
| Host | iMac Pro · Mac Pro · Xeon W · 64 GB |
| Tailscale | ks-imac-pro · 100.110.222.19 |
| Account context | neuranest.artificial@gmail.com (Tailscale) · NOT for Firebase |
| Status | INSTALLED · awaiting startup |

## 2 · What HC does

1. **HEAD-check every URL** in `dist/` daily at 09:00 AEST
2. **Diff live `/AGENT-MANIFEST.md`** against local file weekly · alert on drift
3. **Mirror successful deploys** to git remote (if configured)
4. **Health-check `firebase login:list`** weekly · alert if token age > 25 days
5. **Read OC-1's `dist-proposals/oc-1/*`** daily · post "ready for review" digest to Khalid

## 3 · Schedule

```
09:00 AEST daily    → URL HEAD-check sweep
09:05 AEST daily    → Scan dist-proposals/oc-1/ · digest to Khalid
Sun 10:00 AEST      → Manifest drift check + Firebase token health
Sun 10:30 AEST      → Git push of any pending mirror commits
```

## 4 · Output paths

```
~/AI-AIR-TEAM-HQ/INDEED-CONTRACT-WORK/dist-proposals/hc/
  url-check-YYYY-MM-DD.log          ← daily HEAD-check log
  manifest-drift-YYYY-MM-DD.diff    ← weekly diff (if drift)
  token-health-YYYY-MM-DD.log       ← weekly auth check
```

## 5 · Alert channels (configure on first run)

| Severity | Channel | Format |
|---|---|---|
| 4xx/5xx on any /dist URL | macOS notification + Khalid Telegram | `🔴 HC: <url> → HTTP <code>` |
| Manifest drift detected | macOS notification | `🟡 HC: AGENT-MANIFEST.md changed locally vs live` |
| Firebase token > 25 days | macOS notification | `🟡 HC: firebase token aging · refresh recommended` |
| OC-1 has new draft | Khalid Telegram | `🟢 OC-1 drafted <company> · review at <path>` |

## 6 · Commands HC may run (read-only)

```bash
firebase login:list                                                # auth check
firebase projects:list                                              # project inventory
firebase hosting:channel:list --project indeed-contract-work        # active channels
curl -sIL -o /dev/null -w "%{http_code}" <url>                      # HEAD check
git status / git log / git diff                                     # repo inspection
```

## 7 · Commands HC must NEVER run

```bash
firebase deploy                          # ❌ production deploy
firebase use --add                        # ❌ project switching
firebase logout                           # ❌ kills auth
rm / mv / cp into dist/                   # ❌ direct production write
git push origin main                      # ❌ pushes to canonical
```

## 8 · Failure modes (auto-handle vs escalate)

| Symptom | Action |
|---|---|
| URL returns 200 (expected) | Log, continue |
| URL returns 301/302 | Follow, log final URL, continue |
| URL returns 4xx/5xx | Alert immediately, do NOT retry-loop |
| Firebase CLI not on PATH | Alert · do not attempt to install |
| Tailscale offline | Skip iMac-side checks · resume on reconnect |
| Manifest drift | Diff to file · alert · do NOT auto-merge |

## 9 · First-run setup checklist

- [ ] iMac Pro powered on · Tailscale running
- [ ] `~/AI-AIR-TEAM-HQ/INDEED-CONTRACT-WORK/` exists (clone or sync)
- [ ] `firebase --version` returns 15.x or newer
- [ ] `firebase login:list` shows cybersmartchoice@gmail.com
- [ ] Khalid Telegram bot token wired to HC alert channel
- [ ] Schedule (§3) registered with macOS `launchd` or cron
- [ ] First HEAD-check run completes without 4xx/5xx

Once all 7 checked: HC is operational.