Sókrates Wiki

Hermes Agent Framework

3 min read

Hermes Agent Framework

Summary

The Hermes Agent, developed by Nous Research, is the primary autonomous orchestration and channel I/O layer of the Sokrates project. It functions as a persistent, self-improving entity that decouples advanced reasoning from hardware constraints, utilizing a tripartite cognitive architecture (SOUL, USER, and MEMORY) and a modular execution backend to perform complex digital tasks across various messaging platforms.

Details

The Hermes Agent represents a shift from stateless LLM interactions to persistent autonomous workflows. Within the Sokrates stack, it is deployed as a NixOS systemd service (via the nix-hermes module) and serves as the interface between human operators and the underlying intelligence infrastructure.

Configuration and Execution Backends

Hermes utilizes a deterministic configuration hierarchy to manage operational settings and secrets:

  1. CLI Arguments: Highest priority for single-session overrides.
  2. ~/.hermes/config.yaml: The master record for non-secret settings (model routing, MCP definitions).
  3. ~/.hermes/.env: Secure storage for API keys and cryptographic tokens.
  4. System Defaults: Hardcoded fallback values.

The agent supports six execution topologies (terminal backends) to balance performance and security:

  • local: Zero isolation; direct host access (used for dev/testing).
  • docker: High isolation; the baseline for production, restricted by container boundaries.
  • ssh: Executes commands on a remote server, isolating the agent from its own source code.
  • singularity: Used for HPC environments without root privileges.
  • modal/daytona: Cloud-native serverless sandboxing.

Cognitive Architecture

Hermes maintains state through three primary markdown-based cognitive files, which are injected into the system prompt:

  • SOUL.md: The identity protocol. It defines the agent’s persona, decision-making frameworks, and behavioral constraints.
  • USER.md: A dynamic profile (limited to ~1,375 characters) that tracks operator preferences and dialectic modeling.
  • MEMORY.md: A persistent record (limited to ~2,200 characters) of environmental facts, architectural patterns, and procedural lessons.

To manage these limits, Hermes uses an LLM-driven condenser to summarize conversations. It also employs an SQLite FTS5 mechanism for full-text search across historical session trajectories.

Skills and Tool Integration

The “Skills System” allows Hermes to autonomously generate executable protocols. When a complex task is completed successfully, the agent can distill the trajectory into a SKILL.md file stored in ~/.hermes/skills/. These skills are then accessible via slash commands (e.g., /deploy-staging).

Hermes interfaces with external systems through:

  • Native Toolsets: Including web_search, browserbase (for interactive web navigation), and filesystem manipulation (patch, read_file).
  • Model Context Protocol (MCP): Supports both Stdio (local subprocesses) and HTTP/Remote (microservices) integrations, allowing the agent to discover and use external tools dynamically.

Security and Orchestration

Security is enforced by Tirith, a pre-execution command scanning layer that intercepts dangerous patterns (e.g., rm -rf or DROP TABLE) and requires operator approval. In the Sokrates project, Hermes is further constrained by nftables, ensuring it has no access to customer credentials stored in the Eidos intelligence directory.

For complex workflows, Hermes uses the delegate_task tool to spawn ephemeral subagents. This allows for task decomposition, where a primary orchestrator manages specialized child agents (e.g., a “researcher” or “coder”) in isolated environments, synthesizing their outputs into a final result.

Graph View

Backlinks