Documentation Accuracy Review

Review Date: April 30, 2026
Reviewer: AI Code Review
Scope: All user-facing documentation including README.md, docs/, .env.example, and inline code comments
Status: ⚠️ CORRECTIONS REQUIRED

Executive Summary

A comprehensive documentation accuracy review has been completed covering 23 markdown files and configuration examples. The review identified 8 critical inaccuracies, 3 medium-priority inconsistencies, and 4 areas of redundancy that should be addressed before v1.0 release.

Key Findings:

  • Overall quality is high — documentation is comprehensive and well-structured
  • ⚠️ Outdated metrics — test count and coverage statistics are stale
  • ⚠️ Docker image inconsistency — actual docker-compose.yml differs from documentation examples
  • ⚠️ API schema mismatches — documented API responses don’t match actual FastAPI response models
  • ℹ️ Redundancy present — some content is duplicated across multiple files (acceptable for user guidance)

Recommendation: Address all HIGH priority issues before v1.0 release. MEDIUM and LOW issues can be deferred to v1.1.

Issues Found

HIGH Priority (Must Fix for v1.0)

H1. Outdated Test Count in README.md

Location: README.md

Issue: Documentation states “344 tests passing” but actual test count is 403 tests (397 after alert factory tests, then 403 after low-priority defensive coding tests #12-15).

Evidence:


$ pytest --collect-only -q
403 tests collected in 0.99s

Impact: Users may question the quality/completeness of testing suite.

Fix Required:


-## 🧪 Test Coverage
-
-- **344 tests passing** including 130+ API security tests
+## 🧪 Test Coverage
+
+- **403 tests passing** including 130+ API security tests

Fix Applied: ✅ README.md updated to 403 tests on May 1, 2026 (following completion of defensive coding low-priority items)

Files to Update:

  • README.md (Line ~200) — ✅ UPDATED

H2. Docker Image Reference Inconsistency

Location:

Issue: The actual docker-compose.yml uses registry.greenflametech.net/hermes:latest as the default image, but all documentation tells users to use ghcr.io/fabell4/hermes:latest.

Evidence:

# Actual docker-compose.yml (line 4)
image: ${HERMES_IMAGE:-registry.greenflametech.net/hermes:latest}


# Documentation in README.md and getting-started.md
curl -o docker-compose.yml https://raw.githubusercontent.com/fabell4/hermes/main/docker-compose.yml
# This will download a file that points to registry.greenflametech.net, not ghcr.io

Impact: Users following the “Quick Start” will get a private registry image by default, which may require authentication or be inaccessible.

Fix Options:

Option A (Recommended): Update docker-compose.yml to use public registry as default:


-image: ${HERMES_IMAGE:-registry.greenflametech.net/hermes:latest}
+image: ${HERMES_IMAGE:-ghcr.io/fabell4/hermes:latest}

Option B: Update all documentation to match current docker-compose.yml (not recommended for public users).

Files to Update:

  • docker-compose.yml (Lines 4, 48) — Change default image
  • OR update all documentation examples to clarify the private registry requirement

H3. API Response Schema Mismatch — PUT /api/config

Location: docs/api-reference.md

Issue: Documented response structure doesn’t match actual FastAPI response model.

Documented Response:


{
  "status": "success",
  "message": "Configuration updated successfully",
  "config": {
    "speedtest_interval_minutes": 30,
    "enabled_exporters": ["csv", "sqlite", "prometheus", "loki"]
  }
}

Actual Response (from src/api/routes/config.py):


class RuntimeConfigSchema(BaseModel):
    interval_minutes: int = Field(ge=5, le=1440)
    enabled_exporters: list[str]
    scanning_enabled: bool

@router.put("/config")
def update_config(body: RuntimeConfigSchema) -> RuntimeConfigSchema:
    # Returns RuntimeConfigSchema directly, not a wrapper object

Actual Response:


{
  "interval_minutes": 30,
  "enabled_exporters": ["csv", "sqlite"],
  "scanning_enabled": true
}

Impact: Users following API documentation will write incorrect client code.

Fix Required: Update API reference to match actual response schema:


-**Response:**
-```json
-{
-  "status": "success",
-  "message": "Configuration updated successfully",
-  "config": {
-    "speedtest_interval_minutes": 30,
-    "enabled_exporters": ["csv", "sqlite", "prometheus", "loki"]
-  }
-}
-```
+**Response:**
+```json
+{
+  "interval_minutes": 30,
+  "enabled_exporters": ["csv", "sqlite"],
+  "scanning_enabled": true
+}
+```

Files to Update:

  • docs/api-reference.md (Lines ~340-370)

H4. API Response Schema Mismatch — POST /api/trigger

Location: docs/api-reference.md

Issue: Documented response uses "status": "triggered" but actual code returns "status": "started" or "status": "already_running".

Documented Response:


{
  "status": "triggered",
  "message": "Speed test will run shortly"
}

Actual Response (from src/api/routes/trigger.py):


class TriggerResponse(BaseModel):
    status: Literal["started", "already_running"]

@router.post("/trigger")
def trigger_test() -> TriggerResponse:
    if not acquired:
        return TriggerResponse(status="already_running")
    return TriggerResponse(status="started")

Actual Response:


{
  "status": "started"
}

OR


{
  "status": "already_running"
}

Impact: API documentation misleads users about response format.

Fix Required:


-**Response:**
-```json
-{
-  "status": "triggered",
-  "message": "Speed test will run shortly"
-}
-```
+**Response:**
+```json
+{
+  "status": "started"
+}
+```
+
+OR if test is already running:
+
+```json
+{
+  "status": "already_running"
+}
+```

Files to Update:

  • docs/api-reference.md (Lines ~310-320)

H5. API Endpoint Missing from Documentation — GET /api/trigger/status

Location: docs/api-reference.md

Issue: The GET /api/trigger/status endpoint exists in code but has incomplete documentation.

Evidence:

# src/api/routes/trigger.py
@router.get("/trigger/status")
def get_test_status() -> dict[str, bool]:
    """Check if a speed test is currently running."""
    return {"is_running": _test_lock.locked()}

Current Documentation (Line ~260):

### Check Trigger Status

Check if a speed test is currently running.

**Request:**

```http

GET /api/trigger/status

Response:


{
  "running": false,
  "last_trigger_time": "2026-04-29T11:55:00Z"
}

```text
```n
**Actual Response:**

```json

{
  "is_running": false
}

Impact: Documentation shows fields that don’t exist (last_trigger_time).

Fix Required:


-**Response:**
-```json
-{
-  "running": false,
-  "last_trigger_time": "2026-04-29T11:55:00Z"
-}
-```
+**Response:**
+```json
+{
+  "is_running": false
+}
+```

Files to Update:

  • docs/api-reference.md (Lines ~260-280)

H6. Validation Range Mismatch — interval_minutes

Location: docs/api-reference.md

Issue: Documentation states “must be between 1 and 1440” but actual validation is ge=5, le=1440.

Documented:

- `speedtest_interval_minutes` must be between 1 and 1440 (24 hours)

Actual Code:

# src/api/routes/config.py
class RuntimeConfigSchema(BaseModel):
    interval_minutes: int = Field(ge=5, le=1440)  # Minimum is 5, not 1

Impact: Users may attempt to set interval to 1-4 minutes and receive validation errors not mentioned in docs.

Fix Required:


-**Validation:**
-- `speedtest_interval_minutes` must be between 1 and 1440 (24 hours)
+**Validation:**
+- `interval_minutes` must be between 5 and 1440 minutes (5 minutes to 24 hours)

Files to Update:

  • docs/api-reference.md (Line ~360)

MEDIUM Priority (Should Fix for v1.0)

M1. Quick Start URLs Point to Public Repo

Location: README.md, docs/getting-started.md

Issue: Quick Start instructions tell users to download files from https://raw.githubusercontent.com/fabell4/hermes/main/ but this appears to be a placeholder or example URL.

Evidence:

# These URLs are referenced throughout documentation
curl -o docker-compose.yml https://raw.githubusercontent.com/fabell4/hermes/main/docker-compose.yml
curl -o .env https://raw.githubusercontent.com/fabell4/hermes/main/.env.example

Question: Is github.com/fabell4/hermes the actual public repository URL, or is this a placeholder?

Impact: If URLs are incorrect, users cannot follow Quick Start instructions.

Action Required: Verify that these URLs are correct and accessible. If this is a private project, update instructions to use alternative distribution method (e.g., release artifacts, manual file copy).

M2. Streamlit References in TODO.md

Location: TODO.md

Issue: TODO.md contains references to deprecated Streamlit functionality under “Archived” section, which is good, but there’s also a VS Code task named “Run Hermes UI” that references Streamlit.

Evidence:

# TODO.md line references
- `streamlit_app.py` — original web UI; decommissioned in favor of React frontend

VS Code tasks.json:


{
  "label": "Run Hermes UI",
  "type": "shell",
  "command": "..."
}

Impact: Minor confusion about whether Streamlit is still supported.

Fix Required: Remove or rename the “Run Hermes UI” task if it references Streamlit. Update any documentation that mentions Streamlit unless it’s explicitly in the “Archived” section.

M3. Page Size Limit Discrepancy

Location: docs/api-reference.md

Issue: Documentation states “max: 1000” but actual code enforces le=500.

Documented:

- `page_size` (optional, default: `50`) — Results per page (max: 1000)

Actual Code:

# src/api/routes/results.py
def get_results(
    page: Annotated[int, Query(ge=1)] = 1,
    page_size: Annotated[int, Query(ge=1, le=500)] = 50,  # Max is 500, not 1000
)

Impact: Users may attempt to request 1000 results and receive validation errors.

Fix Required:


-- `page_size` (optional, default: `50`) — Results per page (max: 1000)
+- `page_size` (optional, default: `50`) — Results per page (max: 500)

Files to Update:

  • docs/api-reference.md (Line ~66)

LOW Priority (Can Defer to v1.1)

L1. Redundant Feature Descriptions

Location: Multiple files describe the same features

Examples:

  • Alert configuration is described in:
    • README.md (brief overview)
    • docs/alerts.md (comprehensive guide)
    • docs/getting-started.md (setup instructions)
    • .env.example (inline comments)
  • Security features are described in:
    • README.md (feature list)
    • docs/security.md (comprehensive guide)
    • docs/SECURITY-AUDIT.md (audit report)
    • docs/SECURITY-ENHANCEMENTS.md (implementation details)

Analysis: This redundancy is intentional and appropriate for user documentation. Each file serves a different audience:

  • README: Quick feature overview for evaluating the project
  • Feature guides: Detailed setup and configuration
  • Audit reports: Deep technical analysis for security researchers

Recommendation: NO CHANGES REQUIRED. Redundancy is acceptable when it improves user experience and serves different use cases.

L2. Architecture Diagram May Be Outdated — ✅ COMPLETED

Location: docs/architecture.md

Issue: Architecture diagram shows two containers but doesn’t explicitly mention that they run the same Docker image.

Current Text:

### Data Flow

```mermaid

flowchart TD
    subgraph API_CONTAINER["hermes-api container"]
    ...

Observation: The diagrams are accurate but could be enhanced with a note that both containers use the same image with different command arguments.

Impact: Minor — users may not realize it’s a single multi-use image.

Recommendation: Add a clarifying note to the Architecture section:

**Note:** Both containers use the same Docker image (`hermes:latest`) but with different entry point commands:
- hermes-scheduler: `python -m src.main` (background worker)
- hermes-api: Default CMD runs FastAPI server

Status:COMPLETED on May 1, 2026 — Note added to docs/architecture.md line 117

L3. Missing Docker Image Build Instructions — ✅ COMPLETED

Location: docs/getting-started.md

Issue: Documentation shows how to use pre-built images but doesn’t explain how to build locally.

Impact: Developers wanting to build from source must infer from Dockerfile.

Recommendation: Add a “Building from Source” section to getting-started.md:

## Building from Source

To build the Docker image locally:

```bash

docker build -t hermes:local .
docker compose up -d  # Uses local image if HERMES_IMAGE not set

For development without Docker:


python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python -m src.main

```text

Status:COMPLETED on May 1, 2026 — Section added to docs/getting-started.md line 176 — — ✅ COMPLETED

Location: docs/alerts.md

Issue: Alert test notifications have a 10-second global cooldown, but this is only documented in api-reference.md under “Test Alert Notification” endpoint.

Evidence:

# src/api/routes/alerts.py (line ~450)
_last_test_alert_time: float = 0.0
_TEST_ALERT_COOLDOWN_SECONDS: int = 10

Impact: Users testing alerts via UI may not understand why rapid test attempts fail.

Recommendation: Add a note to docs/alerts.md:

### Testing Alerts

After configuring providers, use the **"Send Test Notification"** button in the UI to verify settings.

**Note:** Test notifications have a 10-second cooldown to prevent spam. If you attempt multiple tests rapidly, you'll see a "Rate limited" error. Wait 10 seconds and try again.

Status:COMPLETED on May 1, 2026 — Note added to docs/alerts.md line 276ote:** Test notifications have a 10-second cooldown to prevent spam. If you attempt multiple tests rapidly, you’ll see a “Rate limited” error. Wait 10 seconds and try again.

```

Completeness Assessment

✅ Well-Documented Areas

  1. Security Features — Comprehensive coverage across multiple documents
  2. Alert Configuration — Step-by-step guides for each provider
  3. API Reference — Nearly complete (aside from schema mismatches noted above)
  4. Deployment — Docker Compose setup well-explained
  5. Environment Variables — Exhaustive coverage in .env.example

⚠️ Areas Needing More Documentation

  1. Manual Deployment (Non-Docker) — Systemd service files, manual installation steps
  2. Upgrading Between Versions — Migration guides, breaking changes
  3. Backup and Restore — How to backup runtime_config.json, hermes.db, logs
  4. Performance Tuning — Database optimization, exporter performance, memory usage
  5. Troubleshooting Guide — More common error scenarios and solutions

📊 Documentation Coverage by Component

Component Coverage Quality Notes
Core Features 95% Excellent All exporters and runner well-documented
REST API 85% Good Schema mismatches need fixing
Alert System 95% Excellent Comprehensive provider guides
Security 100% Excellent Multiple audit reports, best practices
Deployment 90% Excellent Docker well-covered, manual setup sparse
Configuration 95% Excellent .env.example is thorough
Troubleshooting 70% Good Basic scenarios covered, could expand
Development 80% Good Setup covered, architecture explained

Redundancy Analysis

Acceptable Redundancy (Keep As-Is)

The following content appears in multiple places but serves different purposes:

  1. Quick Start in README and getting-started.md
    • README: High-level overview for project evaluation
    • getting-started.md: Detailed step-by-step instructions
    • Verdict: Keep both
  2. Security features in README, security.md, and audit reports
    • README: Feature list for potential users
    • security.md: Best practices and configuration guide
    • SECURITY-AUDIT.md: Technical audit for security researchers
    • Verdict: Keep all three
  3. Environment variables in .env.example and getting-started.md
    • .env.example: Inline comments for quick reference
    • getting-started.md: Context and usage examples
    • Verdict: Keep both

Unnecessary Redundancy (Consider Consolidating)

  1. Alert configuration examples
    • Currently duplicated in:
      • alerts.md (comprehensive guide)
      • getting-started.md (brief setup section)
      • .env.example (environment variables)

    • Recommendation: Keep all three but ensure consistency. Add cross-references to reduce duplication:

      For comprehensive alert setup guides, see [Alert Configuration](/alerts.html).
  2. Docker image references
    • Appears in: README, getting-started.md, architecture.md, docker-compose.yml
    • Recommendation: Standardize on one image reference pattern, use cross-references elsewhere

Recommendations for v1.0 Release

Must Fix Before Release (HIGH Priority)

  1. ✅ Update test count in README.md (344 → 403 via 397)
  2. ✅ Fix Docker image reference in docker-compose.yml OR update all docs to match current file
  3. ✅ Correct API response schemas in api-reference.md (PUT /api/config, POST /api/trigger, GET /api/trigger/status)
  4. ✅ Fix validation range documentation (interval_minutes minimum is 5, not 1)
  5. ✅ Fix page_size limit documentation (500, not 1000)
  6. ✅ Fix L2-L4 low-priority documentation items (completed May 1, 2026)

Should Fix Before Release (MEDIUM Priority)

  1. ⚠️ Verify Quick Start URLs are accessible (github.com/fabell4/hermes)
  2. ⚠️ Remove Streamlit references from VS Code tasks if outdated

Can Defer to v1.1 (LOW Priority)

  1. ✅ Add “Building from Source” section to getting-started.md (COMPLETED May 1, 2026)
  2. ✅ Add note about test alert cooldown to alerts.md (COMPLETED May 1, 2026)
  3. ✅ Add clarifying note to architecture.md about single-image deployment (COMPLETED May 1, 2026)

Implementation Plan

Phase 1: Critical Fixes (2-3 hours)

  1. Update README.md statistics:
    • Test count: 344 → 403 (via 397) ✅
    • Coverage: Verify current % and update if changed ✅
  2. Fix docker-compose.yml:
    • Change default image to ghcr.io/fabell4/hermes:latest
    • OR add documentation explaining private registry requirement
  3. Correct API documentation:
    • Fix PUT /api/config response schema
    • Fix POST /api/trigger response schema
    • Fix GET /api/trigger/status response schema
    • Fix validation ranges (interval_minutes, page_size)

Phase 2: Consistency Improvements (1-2 hours)

  1. Verify URL accessibility:
    • Test all https://raw.githubusercontent.com/fabell4/hermes/... URLs
    • Update if incorrect or add authentication notes
  2. Clean up Streamlit references:
    • Check VS Code tasks.json
    • Ensure TODO.md “Archived” section is clear

Phase 3: Enhancements (Deferred to v1.1)

  1. Add missing documentation:
    • Building from source guide
    • Upgrade/migration guide
    • Performance tuning guide
    • Expanded troubleshooting

Sign-Off

Review Status: ⚠️ CORRECTIONS REQUIRED

Issues Summary:

  • 🔴 6 HIGH priority issues — Must fix before v1.0 release
  • 🟡 3 MEDIUM priority issues — Should fix before v1.0 release
  • 🔵 4 LOW priority issues — Can defer to v1.1

Overall Assessment: Documentation quality is very good with comprehensive coverage of features, security, and deployment. The identified issues are primarily stale metrics and API schema mismatches that can be quickly corrected. No major structural or completeness problems found.

Recommendation: APPROVED FOR v1.0 AFTER IMPLEMENTING HIGH PRIORITY FIXES (estimated 2-3 hours of work).

Next Steps:

  1. Address all HIGH priority issues listed above
  2. Update TODO.md to mark “Documentation accuracy” as complete
  3. Run verification tests to confirm API docs match actual responses
  4. Tag documentation review as complete in release checklist

Review completed: April 30, 2026
Reviewed files: 23 markdown files, 1 docker-compose.yml, 1 .env.example, 50+ source code files for API validation