8 Tiers of Hermes Agent Project Isolation

Indexado: 2026-05-21

[00:00:00]If you're running Hermes Agent across multiple projects, there is a high chance it's quietly leaking context between them and opening up security holes you have not considered yet. Out of the box, Hermes Agent is great for a single project, but as soon as you start adding multiple projects, clients, businesses, personal stuff, tools, memory, all blends into one giant mess.

[00:00:19]And this is probably something I've struggled the most with, even before Hermes, during Open Cloud days, and something I've researched and tested the most. And it looks like I'm not alone.

[00:00:29]If you'll take a look at Reddit here, there are these threads popping up all the time, people having the same problem like me, and I even answered to some of them. So, that's why in this video I wanted to address this and show you the eight tiers of Hermes Agent project and security isolation from loose, messy, and fast to fully isolated, production-ready instances. That way, you can keep your sanity and tighten up security, no matter how many projects you're juggling. And before we dive, we have wanted to mention this is not about creating this elaborate, human-like org chart for agents just because it looks cool. It's purely practical. And it's something that fits my work style and something I've tested and that works for me and my business. And hopefully, you can apply it to your business as well.

[00:01:16]Okay, so we're ready to start. We are going to go over all these eight tiers, and I'm going to go into my VS Code and show you how that works in practice and how you can set it up. And if you find value in this video, I would really appreciate it if you can subscribe and like the video, and feel free to comment if you have any better way to achieve all this, if you have any feedback, what you have tested, and any issues that you had. I'll be happy to help. We are basically trading convenience for containment and security and scalability, essentially, with each tier that we go. And you definitely don't need to over-engineer this and to make it too complicated. Start slow and see what fits you and your needs. Tier one is essentially shared everything. You just install Hermes, connect your Telegram, Discord, or Slack. You have one channel there. You can potentially upgrade it to separate channels, so these are separate sessions. But essentially, it's one same profile, same memory, same workspace, same bot credentials.

[00:02:18]Everything is in one place. And I absolutely recommend that you stay within tier one if you're just starting out and not complicate things too early.

[00:02:26]Just get your bearings, learn how the tool works, and then you can slowly progress. So, for tier two, we have per project folder structure, separate folders, separate agents.md files, so instructions for the repo, project instructions, cleaner workspace, and this is how it looks. Here, we have the project folder, and each project has its own agents.md file, and these are these instructions for this repo, and it can read all the files within this repo, but not on all of these other ones. So, if you go in here and initiate Hermes, it will read this agents file and not, for example, this one or this one or these two. And this works great if you run Hermes from the terminal, you CD into the project, and you run it there, and it respects this boundary. It doesn't go and edit files into any other projects.

[00:03:22]But if you're running it from Telegram or Discord, then you need to set something called CWD. It is this project, or actually folder, where you're running the agent from, and I like to run it from projects folder. I tell my agent when I set it up initially, "Hey, CWD into project and make it your home directory essentially." And then it has overview of all projects, and I separate it like this in by categories, and I've never had any issues where Hermes goes and edits files into a random project.

[00:03:58]It usually keeps it within the scope because it gets the context which project it's working on. And you can strengthen this further in the soul.md file and telling it not to go beyond the scope of the project it's working on and not step outside of the repo. And you can also set it in the actual agents.md repo for the project so you can have one central agents.md here that tells it which projects are available and not to step out of them when it's working inside one of them.

[00:04:33]So that's pretty much it for tier two. Now we're going to tier three, which is domain managers and shared specialists. So I call this an agency setup because you have kind of project managers and then you have specialist agents that you are reusing. I'll give you an example. I've created an investment manager because I started with my main agent and I told it, "Hey, research these stocks for me. Hey, log these things in my portfolio tracker."

[00:05:03]And then it kept adding to its memory all these investment-related things and kept deleting things about my other businesses. And that made no sense so I created the investment manager profile and then it has all the investment related memory and soul.md that is crafted for that role. And then we have specialists like researcher, verifier, coder, whatever that this manager can also call upon. So if we are working on the portfolio tracker, I don't want to work with my main agent on that. We'll work with the investment manager so that it retains the memory and structure and knowledge about how [snorts] we created this portfolio tracker so that it can work on it later on. And you can create new agents by simply telling your main agent, "Hey, I need you to create me a coder agent, copy all your authentication providers to that profile and copy all the skills."

[00:06:05]You don't need to have all the skills for all profiles, and it's a topic for another video, but essentially copies the whole profile and adapts the sole.md file to that role. Or you can do it manually by typing Hermes profile create coder or investment agent and then going through the setup like you did with the main agent. I think just telling your main agent to create it is much more simple, and you can even create a separate bot key so that you have a direct line to this agent, or you can just communicate with your main agent to the specialist, orchestrator, or manager. So, this agent has a direct line with me because I don't want to talk to you my main agent about investments, so I just talk to this one, which is cleverly named Warren, about any investment stuff, logging portfolio changes, and so on. So, that wraps it up for the agency style setup, and then we can transition to tier four, which is domain manager and domain specialists. So, instead of sharing all the specialist agents, we're creating domain-specific specialists. For example, I have my investment researcher because researching X for AI news is totally different than researching stocks. And this researcher has specific sole crafted for this role and specific instructions and skills for that role that my ordinary researcher doesn't need. And And would definitely not copy all my agents into each project because that's a lot of maintenance and there is absolutely no need unless you really need separate skills, tools, and memory that's isolated from the rest of the specialists. So, that wraps it up for the tier four managers and the main specialists and then we transition to tier five which is a transition from project management into security. What do you get by creating a separate operating system user? Well, it's still the same physical machine but you create separation between the users and you can have different SSH keys, different Hermes folder, different ENV files. And you generally don't want to run Hermes on your main user that's also an admin.

[00:08:30]So, you can create something like this which is a standard user, it's not an admin and it can run perfectly well like that. And it still provides some sort of isolation from your main user.

[00:08:44]And it is just recommended to do anyway.

[00:08:47]T6 is isolated runtime, Docker or virtual machines. Docker is usually dependency isolation, it's not really that much of a security isolation and it does stop context from leaking. So, if you're running each agent in a separate Docker container, it prevents leakage.

[00:09:04]So, this is great from that regard. I don't personally use it. I'm considering using VMs instead of spawning VPSs all the time but generally virtual machine is a better containment for security reasons than Docker. And if you believe that your instance is compromised in any way, you can just nuke that environment and it'll be gone and usually it'll protect your main machine from any harm. And we're coming to the tier seven which is a separate VPS or separate machine, it can be a Mac Mini for that specific agent or specific project. So, if you have a public-facing agent or a long-running agent that do scraping, that have like long-running tasks that you want to separate from your main agent, we call that dirty tasks like scraping, or it's a client agent or separate business. I have a separate instance for my business Press Wiz, so I keep that completely separate, separate keys for that. So, it's more like tier eight, I would say, which we'll get to that. But, your main agent can also have SSH access to this VPS.

[00:10:14]You don't have to do it if you want more isolation, but essentially, you can have your main agent control this sub-agent that is on its separate office or separate VPS.

[00:10:26]And to give you an example how this works, if we go in here and type Hermes, we'll just ask it, "Hey, can you SSH into Expert Wiz instance and tell me if the connection works?"

[00:10:39]It's not expert, it's Expats, but whatever. So, I don't have to SSH into each one of these instances, I can have my main instance that's very isolated and doesn't do any risky things control all other VPS instances apart from the tier eight instances, which I keep separate.

[00:11:03]But, this is probably the best and something I use very often. And tier eight is for very important production instances, fully locked down, repos are scoped, channels are scoped, risky actions require approval, logs, and all the APIs are separate. So, even if something happens, none of your other projects are affected. And also, if something happens on those projects, this very important instance will not be affected. And what I believe is the final boss of agent isolation and security is running something like this.

[00:11:38]It's called agent vault. It allows you to completely separate your secrets and keys from your Hermes agent, which can read your plain text in V file and secrets and then leak it in logs, unwillingly of course, but leak it in logs or in chat and then it can be exposed that way. With this, you're basically running all your secrets in one VPS, then Hermes agent never sees those in plain text and just pulls the secrets from there. That's TLDR.

[00:12:12]Basically, I'm testing this right now. I want to test it thoroughly, set it all up, and then make a video for you. So, please subscribe if you haven't, so you can see that when it's ready. And I learned that from Jake. I spoke to Jake on X, and he actually has a great YouTube channel. You should subscribe there, too, and follow his videos.

[00:12:31]Really interesting. And he will help me out with the whole setup, so I can prepare it and then film the video for you guys. So, I will leave all of these resources in the description, so you can check it out. And I think this wraps it up for this video. I hope you found it useful, and if you have any questions, let me know. Let's connect on X or LinkedIn, whatever is your platform.

[00:12:54]Leave a comment here on YouTube. And let me know if you have any questions, issues, or any better idea of how to organize and set the whole thing up.

[00:13:03]Thank you so much.