feat(hermes): Add Hermes Mnemosyne tool whitelist

[timbeaulac]

Summary

Adds a provider-local memory.mnemosyne.tools allowlist for Hermes Mnemosyne tool exposure, matching the direction discussed in #358.

Explicitly implements AxDSan’s requested shape from #358: filter before registration, loud unknown-tool validation, and both Hermes provider paths updated in sync.

This implementation is intentionally count-agnostic: it filters the live ALL_TOOL_SCHEMAS list rather than assuming 15, 23, 26, or 33 tools. I verified the branch against current upstream origin/main / latest release v3.10.0, where the full Hermes tool surface is in the low 30s.

Behavior:

• Omitted / null config preserves existing behavior and exposes all Mnemosyne Hermes tools.
• tools: [] exposes no Mnemosyne tools while preserving the provider memory context / prefetch surface.
• Non-empty tools exposes only the listed tools, in listed order.
• Unknown tool names fail loudly with a clear ValueError from schema registration.
• has_tool() and handle_tool_call() share the same filtered surface, so filtered-out tools are not accepted by direct routing.
• Both Hermes provider surfaces are updated in sync:
  • hermes_memory_provider/__init__.py
  • integrations/hermes/src/mnemosyne_hermes/__init__.py

Tests

Local targeted checks passed:

python3 -m py_compile hermes_memory_provider/__init__.py integrations/hermes/src/mnemosyne_hermes/__init__.py tests/test_hermes_provider_parity.py
python3 -m pytest tests/test_hermes_provider_parity.py -q
# 13 passed

PYTHONPATH="$PWD/integrations/hermes/src:$PWD" python3 -m pytest tests/test_hermes_memory_provider.py tests/test_provider_all_15_tools.py tests/test_reflection_guardrails.py tests/test_hermes_provider_parity.py integrations/hermes/tests/test_canonical_tools.py integrations/hermes/tests/test_prefetch_hardening.py integrations/hermes/tests/test_system_prompt.py tests/test_persona_adapter.py -q
# 136 passed

GitHub Actions passed on PR #364 after isolating the parity test imports so they do not pollute the rest of the suite:

• build
• docs-check
• test (3.10)
• test (3.11)
• test (3.12)
• test (3.13)

Related

• Addresses Feature: Configurable tool whitelist to reduce system prompt token usage #358

[AxDSan]

Sorry for the delay, was IRL busy the last few days.

@timbeaulac clean implementation of #358. The shape matches what we discussed: filter before registration, loud unknown-tool validation, both provider surfaces updated in sync. The count-agnostic filter against live ALL_TOOL_SCHEMAS is the right call here since the tool surface churns between releases.

What I verified:

• py_compile clean on both provider inits and the parity test.
• The filter semantics: omitted/null preserves all, [] exposes none while keeping provider context, non-empty list restricts to listed tools in listed order, unknown names raise ValueError at schema registration. Reads exactly like the spec.
• has_tool() and handle_tool_call() share the filtered surface, so direct routing does not bypass the allowlist. Good.
• CI green: docs-check and test on 3.10/3.11/3.12/3.13 all SUCCESS after the parity-test import isolation fix.

LGTM with one ask:

CHANGELOG entry. New user-facing config knob (memory.mnemosyne.tools) deserves a one-line [Unreleased] entry under the next version block. No version bump asked since this is opt-in and additive: existing deployments with no tools key see no behavior change, and the worst-case failure (unknown tool name) is loud at registration time.

Refreshing the parity-test note: that import-isolation tweak is the kind of fix that lands in a PR and then quietly breaks the next contributor's local test run because they don't know to set the PYTHONPATH. Worth promoting it to a conftest.py or a fixture so it is automatic. Optional, not a blocker for this PR.

Closing #358 cleanly.

[timbeaulac]

Thanks — and no worries at all on timing. Appreciate the careful review.

I added the [Unreleased] changelog entry for memory.mnemosyne.tools, rebased on current main, and confirmed CI is green again across docs-check, build, and Python 3.10–3.13.

I’ll leave the conftest.py / fixture cleanup as follow-up unless you’d prefer it folded into this PR.