> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase40-session05-command-endpoint/tasks.md).

# Task Checklist

**Session ID**: `phase40-session05-command-endpoint` **Total Tasks**: 20 **Estimated Duration**: 3-4 hours **Created**: 2026-07-03

***

Legend: `[x]` completed; `[ ]` pending; `[P]` parallelizable; `[SNNMM]` session ref; `TNNN` task ID.

***

## Setup (3 tasks)

* [x] T001 \[S4005] Verify Session 03 and Session 04 handoff artifacts, current worktree status, and command endpoint owners (`.spec_system/specs/phase40-session04-chat-overrides-and-runtime/IMPLEMENTATION_SUMMARY.md`)
* [x] T002 \[S4005] Run focused baseline bridge, sanitizer, parser, and hook tests before edits (`bunx vitest run scripts/lib/__tests__/sanitize.test.ts scripts/lib/__tests__/hermes-admin-bridge.test.ts src/lib/__tests__/hermes-admin-types.test.ts src/hooks/__tests__/use-hermes-admin.test.tsx`)
* [x] T003 \[S4005] Inspect current admin bridge endpoint registration, Hermes resolver, executor, hook, parser, and sanitizer owners before edits (`scripts/lib/hermes-admin-bridge.ts`)

***

## Foundation (5 tasks)

* [x] T004 \[S4005] \[P] Add typed Hermes command names, request shape, response shape, and parser with exhaustive command handling (`src/lib/hermes-admin-types.ts`)
* [x] T005 \[S4005] \[P] Add command parser tests for valid responses, malformed fields, unknown command names, and controlled parse failures (`src/lib/__tests__/hermes-admin-types.test.ts`)
* [x] T006 \[S4005] Add bridge command allowlist metadata for argv, labels, timeouts, and update confirmation with schema-validated input and explicit error mapping (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T007 \[S4005] Refactor Hermes source-entrypoint and CLI fallback resolution so chat and command subcommands share one resolution path without changing chat argv ordering (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T008 \[S4005] Add command-output sanitizer fixtures and extend shared redaction only for proven gaps while preserving safe command, provider, and model words (`scripts/lib/sanitize.ts`)

***

## Implementation (7 tasks)

* [x] T009 \[S4005] Register POST `/__hermes_cmd` in the Hermes admin endpoint list with loopback, Host-header, token, admin, method, and body-size gates enforced at the bridge boundary (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T010 \[S4005] Implement command request parsing for allowlisted commands and `update` confirmation before spawn with schema-validated input and explicit error mapping (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T011 \[S4005] Execute allowed Hermes commands through non-shell argv arrays, terminal-safe env flags, stripped inherited Python env, output caps, and per-command timeouts with timeout and failure-path handling (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T012 \[S4005] Map success, non-zero exit, spawn failure, missing binary, and timeout results to sanitized typed JSON responses without reporting partial timed-out output as success (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T013 \[S4005] Add `useHermesAdmin` command mutation state and `runCommand` action with duplicate-trigger prevention while in-flight (`src/hooks/use-hermes-admin.ts`)
* [x] T014 \[S4005] Expose command action views in the hook result while preserving disabled, token-failure, offline, and admin-disabled behavior (`src/hooks/use-hermes-admin.ts`)
* [x] T015 \[S4005] Preserve existing chat, mission, Pantheon, document, image, and Obsidian admin behavior after endpoint and resolver changes (`scripts/lib/hermes-admin-bridge.ts`)

***

## Testing (5 tasks)

* [x] T016 \[S4005] Add Hermes admin bridge tests for `/__hermes_cmd` gates, invalid method, invalid token, admin-disabled, invalid JSON, unknown command, and missing update confirmation (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)
* [x] T017 \[S4005] Add Hermes admin bridge tests for source-entrypoint argv, CLI fallback argv, env cleanup, allowlisted command timeouts, and update `--yes` confirmation (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)
* [x] T018 \[S4005] Add Hermes admin bridge and sanitizer tests for timeout failure, non-zero exit, missing binary, redacted stdout/stderr/failure detail, and safe non-secret output (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)
* [x] T019 \[S4005] Add hook tests for `runCommand`, confirmation payloads, disabled/token/offline views, duplicate-trigger prevention while in-flight, parser failures, and sanitized response consumption (`src/hooks/__tests__/use-hermes-admin.test.tsx`)
* [x] T020 \[S4005] Run the focused command endpoint suite plus script typecheck, app typecheck, and diff whitespace validation (`bunx vitest run scripts/lib/__tests__/sanitize.test.ts scripts/lib/__tests__/hermes-admin-bridge.test.ts src/lib/__tests__/hermes-admin-types.test.ts src/hooks/__tests__/use-hermes-admin.test.tsx && bun run typecheck:scripts && bun run typecheck && git diff --check`)

***

## Completion Checklist

* [x] All tasks marked `[x]`
* [x] All tests and checks passing
* [x] All files ASCII-encoded with LF line endings
* [x] implementation-notes.md updated
* [x] Ready for `creview` (next step in the implement -> creview -> validate sequence)

***

## Next Steps

Run the `creview` workflow step.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase40-session05-command-endpoint/tasks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
