--- name: hol-guard description: Securely install, connect, verify, and maintain HOL Guard for Hermes, OpenClaw, Goose, and custom harnesses. version: 1.0.0 --- # HOL Guard HOL Guard is a local-first security harness that pairs a runtime with Guard Cloud so operators can see connect health, handshake proof, usage hygiene, and security insights without exposing setup secrets. ## Trigger Use this skill when you need to install HOL Guard, confirm whether it is already installed, connect a runtime with Guard OAuth, verify a handshake, repair pairing, or recover from an expired or revoked connect state. ## Non-negotiable safety rules 1. Never print, log, store, summarize, or echo raw setup secrets, bearer tokens, recovery codes, or TOTP secrets. 2. Never print or log `Authorization` headers, bearer tokens, token hashes, recovery codes, TOTP secrets, or setup packets. 3. Never ask a human to manually splice token text into commands. Use the supported `hol-guard connect` or `hol-guard connect --headless` flow instead. 4. Never read `.env` files during Guard setup or verification. 5. Never invent install commands. Use only the portal-provided install commands or documented package-manager commands. 6. Never claim connect is complete until the runtime reports Guard version, runtime, agent id, status, and handshake proof without secrets. ## Install detection workflow 1. Check whether Guard is already installed with `hol-guard --version`. 2. If that command succeeds, report the version and skip reinstallation unless the portal explicitly requires an upgrade. 3. If the command fails, use the portal-provided install command group or a documented package-manager flow approved by HOL. ## Verified install workflow 1. Use only the install command group provided by the portal, or documented package-manager commands that match the runtime and operating system. 2. After installation, run `hol-guard --version`. 3. Do not continue to activation until the version command succeeds. ## Connect workflow 1. Use the portal-provided install command group or the runtime-specific `hol-guard install ` command for Hermes, OpenClaw, or Goose. 2. Run `hol-guard connect` on machines with a browser available. 3. Run `hol-guard connect --headless` on SSH, CI, or headless hosts and follow the URL or device code the CLI prints. 4. Do not paste bearer material into commands, chat, notes, screenshots, or copied summaries. 5. After connect succeeds, run `hol-guard sync` if the portal expects an immediate shared proof refresh. ## Handshake verification workflow After connect, report only: - Guard version - runtime - detected agent id - connect status - handshake status - evidence or portal link when available Do not include raw tokens, headers, hashes, recovery codes, or secret environment values. ## Hermes notes - Works on local development machines, VPS deployments, GPU workers, serverless entrypoints, and long-running workers. - Confirm the runtime can keep a background Guard process alive when the workload is persistent. - Verify messenger, skills, tools, and MCP surfaces are still reachable after Guard connect. - When Hermes runs with long-lived workers, confirm the worker can still emit runtime proof after startup. ## OpenClaw notes - Confirm workspace files, gateway wiring, sessions, channels, skills, tools, and command queues remain available. - Prefer the runtime-specific command group from the portal so Guard and OpenClaw use the same workspace assumptions. - After connect, verify the command queue can still process work and that the runtime reports Guard status. ## Goose notes - Support CLI and Desktop variants. - Preserve extension, MCP root, sandbox, and permission control behavior. - Verify prompt-injection detection and adversary review posture remain enabled after activation. - After connect, confirm Goose can still enumerate its configured roots and report Guard handshake proof. ## Cursor editor and Cursor CLI notes Cursor has two separate protection surfaces: - Cursor editor protects `.cursor/mcp.json`, workspace overrides, and editor-managed Guard setup. - Cursor CLI protects `cursor-agent` sessions, CLI MCP inventory, and tool call interception. Use these commands when the portal asks you to connect, test, repair, or disconnect Cursor: - `hol-guard apps connect cursor --surface editor` - `hol-guard apps connect cursor --surface cli` - `hol-guard apps test cursor --surface editor` - `hol-guard apps test cursor --surface cli` - `hol-guard apps repair cursor --surface editor` - `hol-guard apps repair cursor --surface cli` - `hol-guard apps disconnect cursor --surface editor --confirm disconnect-cursor` - `hol-guard apps disconnect cursor --surface cli --confirm disconnect-cursor` If Cursor is missing, unsupported, unavailable, stale, or only one surface is connected, report that exact state. Do not replace it with a fake install URL, a generic custom harness flow, or a successful repair claim. ## Custom harness notes - Use the SDK or API setup path supplied by the portal. - Keep Guard connect in startup scripts or service wrappers instead of ad hoc shell fragments. - Verify the harness can sync runtime state and emit evidence without exposing private credentials. ## Recovery workflow Use the portal for recovery when connect is: - missing - expired - revoked - attached to the wrong runtime Do not try to repair a broken connect flow with pasted bearer material. Rerun `hol-guard connect` or `hol-guard connect --headless` instead. ## Final response shape When the workflow succeeds, answer with: 1. install result 2. runtime detected 3. agent id 4. handshake result 5. next safe action Keep the response concise and secret-free.