Chowmes

plans/2026-07-10-hermes-resource-adoption-plan.md

Hermes Resource Adoption Plan

Purpose

Arijit gave a list of Hermes enhancement resources covering memory, skills, security, self-improvement, retrieval, and artifact/design workflows. The decision is not to install the list wholesale. The decision is to adopt them through a phased Chowmes/Hermes improvement program with security, inventory, and evaluation gates before any live Athena, Argus, gateway, memory, or Telegram behavior changes.

Source Resources

  • Hermes Honcho Memory: https://hermes-agent.nousresearch.com/docs/user-guide/features/honcho
  • Hermes Skills System: https://hermes-agent.nousresearch.com/docs/user-guide/features/skills
  • Medusa: https://github.com/Pantheon-Security/medusa
  • Sentry Skills: https://github.com/getsentry/skills
  • Hermes Agent Self-Evolution: https://github.com/NousResearch/hermes-agent-self-evolution
  • Bumblebee: https://github.com/perplexityai/bumblebee
  • GBrain: https://github.com/garrytan/gbrain
  • Turbovec: https://github.com/RyanCodrai/turbovec
  • Open Design: https://github.com/nexu-io/open-design

Seven-Phase Plan

Phase 1: Security And Inventory Gate

Status: completed on 2026-07-10.

Add a first-layer gate before Chowmes/Hermes accepts external agent resources. This includes:

  • a resource adoption ledger
  • a threat model for external agent resources
  • a skill intake checklist
  • a Medusa-backed resource scan wrapper
  • a Bumblebee-backed inventory scan wrapper
  • private ignored artifact paths for scanner output
  • local, non-global scanner installs

Why this matters: every later resource can carry prompts, scripts, MCP config, memory behavior, package dependencies, or generated artifacts. Hermes needs a front door before new agent ecosystems touch Athena or Argus.

Phase 2: Skill Governance And Selective Sentry Port

Study Sentry's public skills as pattern material, not as a wholesale install. Candidate workflows to port into Chowmes-native form:

  • skill scanner
  • security review
  • GitHub Actions security review
  • bug finder
  • AGENTS.md hygiene

Reject Sentry-specific or Django-specific assumptions unless a Chowmes/Hermes need is explicit.

Phase 3: Evaluation Harness

Build tests that define "better Hermes" before changing memory or self-evolution. The harness should cover:

  • Athena identity and operating judgment
  • Argus voice and CI ownership
  • memory recall accuracy
  • stale provider-routing regressions
  • false "ready" claims
  • security boundary violations
  • prompt size and token bloat
  • robotic Telegram copy
  • wrapper/script safety

Why this matters: without evals, self-improvement is drift.

Phase 4: Memory Architecture Pilot

Treat Honcho and GBrain as adjacent, not interchangeable:

  • MEMORY.md: curated high-confidence operating truth.
  • Obsidian vault: canonical human-readable knowledge source.
  • Honcho: conversational and relational memory, peer-specific learning, recurring preference inference.
  • GBrain: structured markdown/git operating knowledge with schemas, retrieval, ingestion, and durable knowledge objects.

Pilot in a lab profile or bounded domain first. Do not replace Athena/default memory until recall, privacy, prompt-size, profile separation, and voice tests pass.

Phase 5: Open Design Local Artifact Pilot

Run Open Design locally only for artifact workflows such as:

  • CI dashboard review deck
  • Algolia competitive intelligence leave-behind
  • MyOS architecture visual
  • Hermes improvement roadmap deck

Do not install it on the VPS. Do not connect it to Telegram. Do not import its whole skill surface into Athena.

Phase 6: Self-Evolution

Use hermes-agent-self-evolution only after Phase 3 evals exist. It should generate candidate variants for one noncritical skill first. It must not auto-apply changes to:

  • Athena SOUL.md
  • Argus production CI
  • gateway code
  • live model routing
  • memory provider config

Every evolved variant must have baseline score, improved score, held-out tests, security scan, human review, and rollback.

Phase 7: Turbovec Watchlist

Defer Turbovec until a measured retrieval bottleneck exists. Evaluate only if current retrieval fails on:

  • corpus size
  • latency
  • privacy
  • cost
  • profile/project-filtered retrieval

Do not add vector infrastructure just because it is available.

Current Completion State

Phase Status Notes
1. Security And Inventory Gate Done Completed locally on 2026-07-10. See 2026-07-10-hermes-resource-security-inventory-gate.
2. Skill Governance And Selective Sentry Port Not started Requires skill-by-skill review.
3. Evaluation Harness Not started Should precede serious memory and self-evolution changes.
4. Memory Architecture Pilot Not started Honcho/GBrain lab profile or bounded-domain pilot.
5. Open Design Local Artifact Pilot Not started Local only.
6. Self-Evolution Not started Requires eval harness first.
7. Turbovec Watchlist Deferred Only if retrieval bottleneck is proven.

Guardrails

  • No wholesale skillpack installs.
  • No automatic self-evolution against production Athena or Argus.
  • No new public services or ports from this program without separate approval.
  • No broad personal-directory scans without explicit approval.
  • No secrets in reports or vault notes.
  • Live Hermes changes require fresh-session and health-check verification.

Repo Artifacts

Source implementation lives in the Chowmes repo:

  • docs/plan/hermes-resource-adoption-plan.md
  • docs/plan/hermes-external-resource-ledger.md
  • docs/plan/hermes-resource-threat-model.md
  • docs/plan/hermes-skill-intake-checklist.md
  • scripts/hermes-resource-scan
  • scripts/hermes-inventory-scan
  • tests/test_hermes_resource_intake.py