AI-OS (Second-Brain)

myos/hermes/INBOUND-peer-session-teardown-2026-07-04.md

INBOUND — Hermes-agent code teardown (parallel session, UNVERIFIED)

Provenance: relayed into this session by a different Claude session running a forked deep-read of the hermes-agent codebase on 2026-07-04. Landed as peer agent-messages, not authored or verified by this session. Treat as leads to confirm, not ground truth. My own hermes-learner pass (HERMES-ARCHITECTURE-DEEP.md) is the primary; reconcile the two before trusting either.

Why kept: directly overlaps the AIOS Hermes track; too costly to re-derive; captured so it survives context compaction.

Coverage (files the peer claims to have read)

  • hermes_cli/providers.py (770) + hermes_cli/runtime_provider.py (2058) — provider resolution
  • agent/credential_pool.py (2372) + agent/credential_sources.py (443) — credential pools / OAuth
  • agent/anthropic_adapter.py (2787) — Anthropic path
  • agent/bedrock_adapter.py, vertex_adapter.py, gemini_native_adapter.py, codex_responses_adapter.py, azure_identity_adapter.py — other adapters
  • agent/context_engine.py, context_breakdown.py, context_compressor.py (3018) — context management
  • agent/conversation_loop.py, agent_init.py, run_agent.py, chat_completion_helpers.py, tool_dispatch_helpers.py, tool_executor.py — core loop

Headline claims worth flagging for AIOS (verify before relying)

  1. Provider system is 100+ (models.dev catalog) + ~33 Hermes overlays, not "18 providers". Single resolver resolve_runtime_provider() (runtime_provider.py:1509) with ~12 sequential special-cased auth branches.
  2. Credential pool = same-provider multi-credential failover (rotation on 429/auth-fail), NOT cross-provider fallback (that's try_activate_fallback(), config fallback_providers:). Strategies: fill_first (default), round_robin, random, least_used.
  3. ⚠️ Claude Pro/Max OAuth path makes Hermes masquerade as the Claude Code CLI — injects Claude Code identity, mcp_ tool-name rewrite, claude-cli User-Agent (anthropic_adapter.py:2128). ToS/compliance-adjacent — flag for any Claude-based AIOS build.
  4. Anthropic SDK pinned EXACT anthropic==0.87.0 for two named CVEs (CVE-2026-34450/34452). Upgrade-risk note.
  5. Prompt caching = system_and_3 strategy, 4 breakpoints (system + last 3 msgs), ~75% multi-turn input savings (prompt_caching.py; conversation_loop.py:884). Policy in agent_runtime_helpers.py:anthropic_prompt_cache_policy().
  6. Context compression = pluggable ContextEngine ABC, default ContextCompressor (config context.engine). 5-phase compress: prune old tool results → protect head/tail by token budget → LLM structured summary (aux model) → iterative re-summary → reassemble with anti-injection markers. Anti-thrash guard, summary-failure cooldown.
  7. Every adapter normalizes to an OpenAI-shaped SimpleNamespace so the core loop stays single-shape. No shared tool-call translator — each adapter hand-rolls its own.
  8. Bedrock is dual-path: Claude-on-Bedrock → AnthropicBedrock SDK (full caching/thinking parity); non-Claude → boto3 Converse.

Peer's own open questions (files NOT read)

  • hermes_cli/auth.py — defines PROVIDER_REGISTRY, resolve_provider(), all OAuth-flow impls. Most important unread file per the peer.
  • agent/error_classifier.py — error/retry classification.
  • agent/codex_runtime.py — true Responses-API call site.
  • Possible duplicate Gemini thinking-config logic (chat_completions.py vs gemini_native_adapter.py).

Full verbatim peer reports available in this session's transcript if deeper detail needed. This is the distilled index.