Agent OS Atlas
From “I use agents like a chat” to “I run operational actors”
A practical, personal atlas for building a Personal Agent OS on Hermes Agent. Local-first, security always-on: the agent model, identity, a few long-lived profiles that delegate, native Kanban orchestration, skills, tools and MCP, memory, scheduling, and messaging only at the end.
Read it as a control plane, not a course catalog.
Start with the agent model, learn the Hermes runtime, set identity, then build the core: a few long-lived profiles that delegate, native Kanban orchestration, skills, tools, and memory. Add scheduling and messaging last. Security and evaluation run through all of it.
Orientation
Where to start, what to ignore for now, and how this atlas is organized.
Start Here
The build route through the Agent OS Atlas — the order that takes you from the agent model to a working Personal Agent OS without skipping the load-bearing steps...
ExploreMust Know
The load-bearing ideas of a Personal Agent OS — the handful of truths that, once internalized, make the rest of the atlas click.
ExploreAtlas Index
Every branch of the Agent OS Atlas at a glance, grouped by build phase — from the agent model through Hermes core, actors, orchestration, skills, tools, memory...
ExploreMental Model
What a useful personal agent actually is, the observe→decide→act→verify loop, and graded autonomy with a human in the loop.
Hermes Core
Hermes as a runtime: the platform-agnostic AIAgent, entry points, the agent loop, prompt assembly, the tool registry, sessions, and terminal backends.
Identity & Context
SOUL.md vs AGENTS.md vs context files: durable identity, operating instructions, and what does NOT belong in either.
Actors & Delegation
The core branch — profiles vs subagents, the profile-vs-skill+delegation criterion, and a few persistent actors that delegate the heavy lifting.
Native Orchestration
Use and extend Hermes's native Kanban orchestrator: route work to profiles by description, with approval gates and output contracts.
Skills & Procedural Memory
Skills as procedural memory, the open standard, and the learning loop — letting the agent write its own skills, then curating them.
Capabilities
Core tools, toolsets, MCP, and plugins — the trust model and the line between read and write capabilities.
Memory & Knowledge
MEMORY.md, USER.md, session search, and Honcho — what to remember, what to prune, and shared memory across actors.
Scheduling & Automation
Cron as first-class agent tasks: fresh AIAgent per job, idempotency, delivery targets, and approval for anything sensitive.
Messaging Interface
Telegram as a control plane, only after everything is validated locally — pairing, allowlists, and securing dangerous tools.
Practical Outputs
Automations that increase capacity to find, evaluate, answer, and produce sellable outputs — all in draft and approval.
Always Active
Threat model, real isolation, draft/approval, and how you measure whether an actor actually helps before you automate it.
Agent Security & Ops
Always-active threat model. REAL isolation comes from terminal backends (Docker/SSH/Modal) plus draft/approval — profiles isolate state, not a jail. Secrets, MCP credential isolation, prompt injection, cron safety, audit logs, backups, checkpoints/rollback.
ExploreEvaluation & Observability
How you know an actor actually helps. Trajectories, logs, per-workflow success metrics, skill regressions, cost/tokens, traces. Translating observability instinct (Langfuse, OTel) to agents, and evaluating before automating.
ExploreRegistries and operating memory
Registries keep external references, docs, tools, and source material normalized behind short atomic notes.