Bug-review patch for the public Olympus release.

Fixed:

• Malformed skill usage timestamps no longer break /overview or /tuning.
• Malformed skill usage counts and session numeric fields now degrade to 0 instead of raising.
• JSON-style secret assignments in local error strings are redacted.

Added regression coverage:

• malformed skill usage metadata
• malformed session numeric metadata
• JSON-style secret redaction

Verification run before release:

• npm run verify
• npm run test:visual
• npm run test:live
• npm run test:performance
• npm run test:security
• npm run test:desktop
• npm audit --audit-level=moderate

Known caveat:

• Hermes Desktop still reports no dashboard plugin-tab route signal yet. Olympus remains verified through the Hermes web dashboard until Desktop plugin-tab parity lands.

Public launch polish for Olympus, the read-only HermesOS Agent Monitor.

What changed:

• Added a live dashboard screenshot to the README.
• Rewrote install as a clear clone, npm install, run dev, open dashboard flow.
• Added discovery topics for agent monitor, Hermes Agent, AI agents, plugin, and operations.

Install locally:

git clone https://github.com/AIEngineerX/Olympus.git
cd Olympus
npm ci
npm run dev

Then open:

http://127.0.0.1:9119/olympus

Verification run before release:

• npm run verify
• npm run test:visual
• npm run test:live
• npm run test:performance
• npm run test:security
• npm run test:desktop
• npm audit --audit-level=moderate

Known caveat:

• Hermes Desktop currently has native routes but no dashboard plugin-tab route signal yet, so Olympus is verified through the Hermes web dashboard until Desktop plugin-tab parity lands.

Changelog

All notable changes to Olympus are documented here. The format is based on
Keep a Changelog, and this project
follows Semantic Versioning.

1.0.0 - 2026年06月07日

First public release. Olympus is a read-only HermesOS Agent Monitor dashboard
plugin: it reads local Hermes runtime evidence, ranks what needs attention,
explains the reason, and links to the Hermes page that owns each fix. It stays
read-only — it never mutates tasks, profiles, cron, gateways, routes, memory,
credentials, or config.

Added

• Read-only plugin API: GET /health, GET /overview, GET /tuning, mounted
  by Hermes at /api/plugins/olympus/ behind the dashboard session-token flow.
• Transparent readiness score with a full deduction breakdown and methodology.
• Agent Monitor: speed, tokens, loop pressure, context pressure, reliability
  risk, and the top tuning actions.
• Tuning queue: ranked recommendations, each with the evidence behind it and
  a handoff link to the Hermes-owned page.
• Skill Coverage and Skill Hygiene: zero-skill profiles, forced-skill
  work, stale / never-used / recently-patched skills, hub trust and install-scan
  gaps, and stored skill audit status when Hermes records it locally.
• Profile Fitness: per-profile readiness from workload, routing, gateway
  state, cron load, failures, loop and context pressure.
• Pantheon (accessible): keyboard-operable profile map with trigger lanes
  and an activity feed.
• Kanban Intelligence and Trace Spine: board pressure, workers, retries,
  assignee load, and correlation across sessions, tasks, runs, and events using
  hashed refs (no transcript content).
• Tool Policy & Aux Cost: config-posture security signals (browser privacy
  flags, loop-stop guardrails, auxiliary route cost visibility, fallback route
  audit) from safe config structure only.
• Performance Tracking, Evidence Sources, and Production Diagnostics
  for an auditable, budgeted read model.
• Deterministic ops evals: reliability, routing, skill-use, and efficiency
  signals labeled as operational evals (not answer-quality judgments).

Security & privacy

• Read-only by default; no mutation, credential-reveal, or shell-execution routes.
• SQLite opened read-only; secret-like text redacted before it is returned.
• Session, cron, Kanban run, worker, and event identifiers use hashed public refs
  by default. Local labels and paths are hidden unless
  OLYMPUS_EXPOSE_LOCAL_LABELS=1 is set on a private machine.

Tests & CI

• Python unit tests: privacy contract, skill hygiene, trace spine, and ops evals
  (real SQLite fixtures, no mocks).
• Smoke suites: visual fixtures, live render, payload security, response-budget
  performance, and a Hermes Desktop preflight.
• verify workflow runs backend compile, backend unit tests, frontend parse,
  whitespace check, and the visual smoke on push and pull request.