All insights
AI Product Building AI Agents Architecture

Policy enforcement must run independently of model cooperation — hooks, not prompt instructions

Hermes runs lifecycle hooks that block, rewrite, or audit operations at fixed events, so policy and side-effects never depend on the model choosing to comply

@aparnadhinak (Aparna Dhinakaran) — Hermes Harness Architecture · · 6 connections

If your safety and auditing live in the system prompt, they hold only as long as the model cooperates — which is exactly when you can’t count on it. Hermes places enforcement in lifecycle hooks that fire at fixed points (pre/post tool call, gateway dispatch, approval) and can block, rewrite, or pass through any operation, plus filesystem-installed scripts for host side-effects — both designed so policy, auditing, and side-effects execute independently of model cooperation. This generalizes Safety enforcement belongs in tool design, not system prompts from the tool API out to the whole loop, and it’s a concrete expression of how Intelligence location — code vs prompts — determines system fragility and flexibility: deterministic code carries the guarantees while the model carries the judgment, the same division that lets Production agents route routine cases through decision trees, reserving humans for complexity.