What is Hermes Agent? An operator's introduction

When customers ask "what AI is in there?" the honest answer has two layers: the model (a frontier LLM, swappable per deployment) and the runtime(the program that wraps that model and turns it into something usable as an agent). The runtime we've standardised on is Hermes Agent from Nous Research.

This isn't a sponsored post — we just operate enough of these to have an opinion. Here's why we picked it, what it does well, and what running it in production actually involves.

What Hermes Agent is

At its core, Hermes is a Python program that:

• Connects to a model provider (Nous Portal by default, but plug- compatible with a wide list of providers via a clean adapter layer).
• Exposes a gateway service that ingests messages from platforms — Telegram, Slack, Discord, WhatsApp, and a few web surfaces — and routes them into a conversation loop.
• Equips the model with a curated tool library: web search, web extraction, image generation, file operations, shell execution (gated behind approval), and many more. About 30 are active in a typical deployment; the broader registry has 60+.
• Loads skills — pre-built bundles of behaviour the agent can invoke (planning, coding, summarisation, even red-teaming if you intentionally leave it in).
• Maintains state: conversation sessions, long-term memories the agent has chosen to save, and a per-deployment system context file (often called SOUL.md) describing the agent's purpose and constraints.

Why we picked it

The agent space is crowded. We chose Hermes for a few specific reasons:

• It's open source.Your deployment isn't locked to us. If we vanish, the agent keeps running — same code, self-hosted.
• It has a real approval model. Manual approval for destructive commands, file-edit checkpoints, an explicit confirmation step for slash commands. Not bolted on; built in.
• It treats tools as first-class. Adding or disabling a tool is a config change, not a fork.
• It's reasonable to operate. The gateway runs under systemd, state is on disk in known locations, upgrades are a clean checkout swap. Nothing exotic.
• It cooperates with multiple platforms. The same agent can be reachable on Telegram and Slack and Discord simultaneously, with platform-aware pairing flows.

What it doesn't do

Being honest about scope:

• It doesn't hold your hand on hosting. You — or someone like us — has to actually run the box. The agent assumes a Unix environment, a model provider key (or OAuth), and basic operational competence.
• It doesn't come with a hardened deployment template out of the box. That's the gap we fill.
• It isn't a multi-tenant SaaS product. One process per deployment, one home directory of state. (For us, that's a feature, not a bug — see why single-tenant matters.)

What running it well looks like

From the operator's side, a healthy Hermes deployment has:

• A version pin you trust, kept current by a snapshot-first update path. New versions can introduce subtle behaviour changes; you want a rollback story before you ever need it.
• Sensible defaults locked in: approval mode manual, destructive slash confirm on, file checkpoints on. The agent runs as a non-privileged user; even if it's exploited, the blast radius is small.
• A backup strategy that picks the right directories (memory, sessions, state DB) and explicitly excludes the dangerous ones (secrets, OAuth tokens, the giant venv). Restoration is rehearsed.
• A health check the agent doesn't police itself with — an external watchdog catching the cases where the gateway is up but the agent is wedged.
• A clear model + tool configuration that survives upstream default drift. We deep-merge our config into the agent's, so changes upstream don't silently flip our defaults.

Why this matters for customers

You don't need to know any of this to use your agent. But when something looks weird and someone says "the model generated something it shouldn't have" or "the bot stopped responding," you'll be glad the layers underneath are legible. Open-source runtime, documented directories, scripted operations, a known-good template — that's what makes "managed" mean something rather than being a polite word for "please trust us."