Operator Login Shell
Auth, runtime routing, and safe operator access for xNova.
First runtime targets are xgerrit and xhella. LibreChat, Hermes, and broker actions stay behind auth, policy, and audit gates.
Runtime posture
- Hermes stays vanilla; xNova extends through plugins, tools, gateways, MCP, and sidecars.
- LibreChat stays behind auth/proxy and is not the identity master.
- No browser-to-shell, browser-to-sudo, or browser-to-Docker bridge.
- Broker and agent actions start read-only, dry-run, policy-gated, and audited.
- xgerrit and xhella runtimes stay separated.