# Cross-Session Project + Memory Audit Protocol Use when Germaine asks to review recent conversations, audit past work, reconcile inconsistent memory, or inventory current projects. ## Trigger phrases - "take a look at my conversations over the week" - "audit past work" - "current projects need to be audited" - "memories are not consistent" - "what have we been working on" ## Source order 1. Verify the session database is readable: `/root/.hermes/state.db` with SQLite `PRAGMA quick_check` or `integrity_check`. 2. Pull recent sessions grouped by date/source from `sessions` + `messages`. 3. Read project/reference sources that already summarize work: - `/root/.hermes/projects-log.md` - `/root/projects/` project folders - `/root/.hermes/references/*audit*`, `*inventory*`, `*plan*`, and issue logs 4. Read current durable memory files and fact store when memory consistency is in scope: - `/root/.hermes/memories/MEMORY.md` - `/root/.hermes/memories/USER.md` - fact store entries, if available 5. Inspect active cron jobs when the week involved automation/model/config changes. 6. Use `session_search` for targeted evidence windows, not as the only inventory source. ## Audit output shape Keep Telegram output compact: - **Scope reviewed:** date range, source DB, integrity status - **Current projects found:** grouped list - **Memory issues:** stale facts, duplicates, secrets, procedural content in memory, junk facts - **Highest-risk audit targets:** Critical / High / Medium - **What was not changed:** explicitly state read-only if no modifications were made ## Verification rules - Do not treat subagent summaries as proof. Check DB, files, cron state, or live systems yourself before reporting success. - If a subagent returns generic output or claims no access despite being given local paths, reject it and complete or re-delegate the work. - Prefer evidence handles: session IDs, file paths, job IDs, timestamps. - Never say a project is complete based only on `/root/.hermes/projects-log.md`; treat it as a lead for verification. ## Common findings to check - Memory duplicates after consolidation cron - Plaintext secrets/API keys in memory/fact store - Stale server inventory after migrations/rebalances - Model/delegation config drift after model changes - Cron jobs pinned to stale or paid models - Subagent claims about deployments, S3 uploads, email sends, DNS, or service health