你现在先要判断,不急着改
你想先看 gateway、approval、terminal、MCP、secret 和网站拦截策略的当前状态,还没准备好做文件变更。
Hermes Lite vs Core 先看清,还是直接开始整改
Hermes Lite vs Core Start with visibility, or move straight to remediation
当你还在判断问题范围时,Lite 通常足够。当你已经知道问题存在,只是不想继续靠手改推进,Core 才是更合适的下一步。
Lite is usually enough when you still need scope and confidence. Core becomes the better path when you already know the problems are real and you do not want to keep pushing changes by hand.
Lite 负责看清问题,Core 负责把整改做短做稳
Lite shows the problem clearly. Core makes remediation shorter and steadier.
快速判断
QUICK DECISION
你已经知道问题在哪,只想更稳地做完整改
你不想继续靠手改、记忆和临时回退来推进环境收敛,需要一条更短、可恢复的执行路径。
You need visibility first, not file changes
You want to inspect gateway, approval, terminal, MCP, secrets, and website blocklist posture before you decide whether the environment should be changed.
You already know the issues and want a steadier fix path
You do not want to keep relying on hand-edits, memory-based rollback, and scattered remediation steps. You want a shorter, recoverable execution path.
功能对比
FEATURE COMPARISON
| 维度 | Hermes Lite | Hermes Core |
|---|---|---|
| 定位 | 只读基线审计 | 计划优先整改路径 |
| 文件改动 | 无 | 有,但先备份 |
| 输出内容 | 发现项、严重度、人工工作量 | 计划、执行、备份、恢复、剩余问题 |
| 适合阶段 | 先判断是否需要动手 | 已经决定要完成整改 |
| 风险控制 | 只读边界,本身风险极低 | Backup-before-write,Restore 可用 |
| 主要价值 | 把漂移和问题讲清楚 | 把整改动作做短、做稳、做可恢复 |
| 何时升级 | 发现项越来越多,但你还在手改 | 你已经不想再用 YAML 手术和记忆式回退维持环境 |
| Dimension | Hermes Lite | Hermes Core |
|---|---|---|
| Positioning | Read-only baseline audit | Plan-first remediation path |
| Touches files | No | Yes, with backup first |
| Output | Findings, severity, manual effort | Plan, apply path, backup, restore, residual issues |
| Best stage | You are still deciding whether change is needed | You already know remediation needs to happen |
| Risk control | Read-only by design | Backup-before-write with restore available |
| Main value | Makes the drift and problem surface obvious | Makes remediation shorter, steadier, and recoverable |
| Upgrade trigger | You keep finding issues but still fix everything manually | You no longer want the environment to depend on YAML surgery and memory-based rollback |
什么时候 Lite 足够
WHEN LITE IS ENOUGH
你先想看清问题范围
你需要知道当前环境是否偏离了更稳的基线,但还没准备好做任何文件改动。
你现在只接受只读检查
你希望先拿到判断,再决定是否进入整改,不想在第一步就触碰配置文件。
你仍愿意自己手工处理
你还有时间逐项核对文档、编辑配置、自己设计回退动作。
You need scope before you need action
You want to know whether the current environment has drifted away from a safer baseline, but you are not ready to change files yet.
You only want read-only safety right now
You want a decision first and remediation later. The first step still needs to stay strictly non-mutating.
You still accept manual remediation
You still have the time to cross-check docs, edit configuration by hand, and design your own rollback path.
什么时候该升级到 Core
WHEN TO MOVE TO CORE
你已经知道哪里有问题
再多一份只读报告不会改变事实。你需要的是执行路径,而不是继续停在诊断阶段。
你不信任手工回退
你不希望 approval、ENV、allowlist 或 blocklist 的变更继续依赖记忆式恢复。
你要反复做这件事
当整改动作开始变成反复执行的工作,Core 的价值会比 Lite 更快放大。
You already know what is wrong
Another read-only report will not change the reality. You need execution, not one more diagnostic pass.
You do not trust manual rollback anymore
You do not want approval, ENV, allowlist, or blocklist changes to depend on memory-based recovery.
You need repeatability
When remediation becomes recurring operator work, Core becomes materially more valuable than staying read-only.
Lite 找到问题,不等于 Lite 替你完成整改。Core 的价值不是“再看一次发现项”,而是更短、更稳、可恢复的执行路径。
Lite finding the issues does not mean Lite finishes the remediation. The value in Core is not another findings pass. It is the shorter, steadier, recoverable execution path.