惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
Project Zero
Project Zero
D
DataBreaches.Net
I
InfoQ
L
Lohrmann on Cybersecurity
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Vercel News
Vercel News
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
I
Intezer
The Hacker News
The Hacker News
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
Help Net Security
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Scott Helme
Scott Helme
T
Threatpost
爱范儿
爱范儿
N
Netflix TechBlog - Medium
D
Docker
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
K
Kaspersky official blog
H
Help Net Security
S
Secure Thoughts
T
Threat Research - Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security @ Cisco Blogs
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
G
Google Developers Blog
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
博客园 - 叶小钗
B
Blog
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
P
Privacy International News Feed
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Two Local-Agent Philosophies: Where Hermes Earns Its Design, and Where the Tradeoffs Invert
MxGuru · 2026-05-19 · via DEV Community

This is a submission for the Hermes Agent Challenge

I've spent the last five months building an offline multi-tier agent swarm on a single workstation — an RTX 5070, a Ryzen 9 9950X3D, and a hard rule that nothing crosses the network boundary without explicit permission. When the Hermes Agent Challenge came up, I sat down to write a "why I'd use Hermes" piece. Halfway through, I realised I had to write a different post: why Hermes is the right choice for most people building local agents, and why a specific class of deployments has to make the opposite call.

This isn't a criticism of Hermes. Nous Research designed something good. What I want to lay out is where the design choices stop applying — not because they're wrong, but because the threat model changes.

What Hermes is good at

The repo and docs are clear about the thesis: Hermes is "the agent that grows with you." Built-in learning loop. Creates skills from experience. Searches its own past conversations. Builds a deepening model of who you are across sessions. Runs on a $5 VPS, a GPU cluster, or serverless infrastructure. Use any model — Nous Portal, OpenRouter, NVIDIA NIM, your own endpoint. Switch with hermes model, no code changes.

That's a coherent design. The whole framework leans into a specific bet: that an agent operating with you over time, accumulating context and skills, gets more useful than an agent that starts from zero each session. For most use cases I can think of — personal productivity, research workflows, automating the weird operational stuff no SaaS product handles properly — that bet is the right one.

If I were building a Hermes-style workflow for myself, I'd lean on:

  • The session memory and conversation search — the operational benefit of an agent that already knows what I was working on yesterday is significant
  • The skill-creation loop — instead of re-typing the same chain of tool calls, the agent persists the pattern
  • The model flexibility — being able to swap providers without rewriting code is genuinely useful when you're testing what works
  • The cheap-to-idle infrastructure pattern — you can leave it running and it costs nearly nothing when nothing's happening
  • The client itself is lightweight — and that matters more than it sounds. JetBrains PyCharm, Windsurf, and the other heavyweight AI-augmented IDEs are CPU-intensive in a way you feel on a dev workstation that's already running real workloads. The Hermes client gets out of the way. When my machine is busy doing actual work, I'm not also paying a tax for the agent to exist. That's not a marquee feature in the docs, but it's the kind of detail that shows up after a few weeks of real use.

For an individual builder, a white hat researcher poking at things on their own time, a small team automating their own ops — this is well-shaped. The learning loop earns its complexity by paying off across sessions. The "talk to it from Telegram while it works on a cloud VM" pattern is genuinely powerful for people whose workflow benefits from continuity.

This isn't faint praise. Hermes is doing a real thing well.

Where the design choices flip

The deployments I've been building for operate under a different constraint set. Specifically: the threat model assumes the agent itself is a potential vector. Not because it's malicious by design — because anything that can modify its own behaviour over time can be steered into modifying it the wrong way, given enough adversarial pressure on its inputs.

The thing Hermes treats as its strength — the agent grows, learns from experience, creates skills, persists memory — is the exact behaviour my architecture is built to prevent.

That's not a Hermes problem. It's a security posture that decided "the agent should not be able to surprise me" was worth the cost of throwing away the productivity gains of learning-over-time.

The architectural decisions that follow from that posture are:

  • Hardcoded permission gates over emergent capability. Every privileged operation routes through a gate that knows what tier the requesting agent runs at and what operations that tier can perform. No bypass flag. No "trusted" internal path. If a new capability is needed, it gets added to the gate explicitly, by a human, in code review.
  • Knowledge stays read-only for the agent. There's a local Knowledge Vault that holds threat intelligence and audit logs. Agents read from it constantly. They write to specific append-only paths under their tier's permission. They cannot modify what's already there. A learning-loop agent that "improves its skills" would be writing to the very place I'm protecting from writes.
  • Tier is immutable for the agent's lifetime. You can't escalate yourself mid-run. To do privileged work, you spawn a child agent at a higher tier, and that spawn is audited. The thing Hermes calls a feature — an agent that grows — my architecture treats as a control failure mode.
  • No cross-session continuity by default. Session memory is per-session unless explicitly persisted by a gated operation. The "agent that knows what you were doing yesterday" is, in a high-security context, "an attack surface that yesterday's adversary can still influence today."

These aren't claims that Hermes' design is wrong. They're claims about a different threat model where the tradeoffs invert.

The bridge

Here's the part that I think actually matters for anyone reading this and trying to decide which way to build:

For typical consumer use and most white hat / research workflows, the security posture I'm describing is overkill. It costs a lot of operational ergonomics, demands real architectural discipline, and the threats it's defending against don't apply to someone running an agent on their own laptop to automate their own life. Hermes' learning loop is a net win in that context. The productivity from continuity dwarfs the theoretical risk surface.

But there's a class of deployments where total control over what the agent can do, in what order, with what authorisation, becomes the actual product. Adversarial security research, local Blue Team analysis where compromise of the tooling is part of the threat model, environments where the agent has access to data that simply cannot be corrupted by any process — that's where the bridge crosses.

On the consumer side of the bridge, Hermes is well-designed and the learning loop is a feature.

On the other side, the same loop becomes a property the architecture is built to prevent.

This isn't Hermes being wrong. It's that any local-agent framework has to commit to a stance on whether the agent should be able to surprise its operator. Hermes commits one way. A high-security swarm commits the other. Both are coherent.

Why measurement matters more than philosophy

The reason I trust the architectural decision I made — rather than just believing in it — is that the same project produces measurable, reproducible artifacts at every step. The quantization pipeline that runs inside this architecture logs per-layer sensitivity profiles, applies bit-width assignment under explicit budget constraints, and emits manifests that I can diff between runs. Recent runs on an 8B-class model produced bit-identical allocations across runs with 4× the calibration data, which tells me the underlying measurements are stable, not noise.

That property — runs produce the same artifact when given the same inputs — is exactly the property a hardcoded gate enforces and exactly the property a learning-loop architecture would compromise over time. Not in a bad way. The learning loop is supposed to change its output as it learns. That's the design. But for the security domain I'm working in, "the system's behaviour drifts over time even with identical inputs" is a property I'm specifically preventing, not enabling.

If you're operating in a context where reproducibility matters more than ergonomics — where you need to be able to prove that today's behaviour matches yesterday's, that no agent has quietly upgraded itself, that the audit trail is the truth — that pushes you toward gates and away from learning loops. Not because gates are better. Because in that context, reproducibility is what "better" means.

The takeaway

If you're building a local agent for yourself and want capability that compounds over time: Hermes is well-designed for that and the framework gives you a lot for free.

If you're building infrastructure where the agent should never be able to do something the operator didn't sign off on, in advance, with audit: build the boring version. Hardcoded gates. Immutable tier. Read-only state for the agent. No emergent behaviour. Yes, you'll do more work. Yes, you'll lose some operational productivity. That's the price of the security property you're buying.

Both stances are defensible. The mistake is using one framework in the other's domain.

For the Hermes Agent Challenge specifically: this isn't a piece I could have written without spending real time inside both philosophies. The framework is doing good work for the people it's designed for. I'm not one of those people right now — but I might be, on a different project, in a different threat model. And the same is true in reverse: if you're a Hermes user reading this and thinking "that security posture sounds excessive for what I'm doing," you're probably right, for what you're doing.

Pick the framework that matches your threat model. Don't pick the one that matches your aesthetic preferences. That's the actual lesson.


Built and tested on RTX 5070, Ryzen 9 9950X3D, fully local. Architecture details and empirical results are publicly available; the specific threat model and implementation internals are not, for reasons that should be obvious given the topic.