Unattended agent jobs must run through the same permission machinery as interactive sessions
Hermes makes cron a first-class subsystem — scheduled jobs are gated by the same permissions, delivered through the same paths, and isolated per profile, instead of living as peripheral scripts
@aparnadhinak (Aparna Dhinakaran) — Hermes Harness Architecture · · 5 connections
Connected Insights
References (4)
→ Detect everything, notify selectively — the observability-to-notification ratio determines system trust → Policy enforcement must run independently of model cooperation — hooks, not prompt instructions → Safety enforcement belongs in tool design, not system prompts → Sessions are runtime infrastructure, not just resumable transcripts