Designing a Rocky Automation Safely Before It Runs

The safest Rocky automations are designed before they are scheduled, delegated, or connected to outside services. This page describes the public-safe planning loop: define the source of truth, constrain the action surface, verify the output, and keep a human approval point when the consequence is high.

Start with the source of truth

  • Name the system Rocky should inspect first: a file, website, API, repository, inbox, dashboard, or public document.
  • Decide whether the source is public, private, or mixed. Public wiki material should never depend on private customer/order data.
  • Prefer read-only inspection before any write.
  • Link the official Hermes documentation when explaining Hermes features: https://hermes-agent.nousresearch.com/docs

Bound the action surface

  • Write down exactly what Rocky may edit or call.
  • Separate safe public assets from private operational stores.
  • Avoid wildcard file copies, broad data exports, and recursive scheduler changes.
  • For commands that deploy, delete, bill, message customers, or publish content, keep an explicit verification step and a rollback plan.

Pre-flight checklist

  • Inputs are named and retrievable.
  • Secrets are supplied by environment/config, not pasted into the prompt.
  • Allowed paths or APIs are narrow.
  • The expected artifact is testable.
  • Failure mode is known: stop, retry, report, or ask for approval.
  • A final live check proves the result users will actually see.

Common pitfalls

  • Letting a vague goal become a broad filesystem or browser action.
  • Treating a successful command as proof that the public page or customer-facing workflow is good.
  • Publishing generated copy without checking for unsupported promises.
  • Forgetting that a scheduled job has no human present and must make conservative decisions.

Verification steps

  • Run the smallest local test first.
  • Inspect changed files or returned API records.
  • If the result is public, open the live URL and check desktop/mobile.
  • Record what changed, what was verified, and any remaining manual step.