All insights
AI Product Building AI Agents Architecture

Unattended agent jobs must run through the same permission machinery as interactive sessions

Hermes makes cron a first-class subsystem — scheduled jobs are gated by the same permissions, delivered through the same paths, and isolated per profile, instead of living as peripheral scripts

@aparnadhinak (Aparna Dhinakaran) — Hermes Harness Architecture · · 5 connections

The usual pattern is to bolt unattended automation on as scripts that bypass the safety machinery built for interactive use — exactly where an unsupervised agent is most dangerous. Hermes instead makes cron a first-class subsystem: scheduled jobs are durable, gated by the same permissions as interactive sessions, delivered through the same gateway paths, and isolated per profile. Forcing unattended operation through the main architecture rather than the periphery is the operational form of why Safety enforcement belongs in tool design, not system prompts and a precondition for being able to Detect everything, notify selectively — the observability-to-notification ratio determines system trust over autonomous runs. It depends on the fact that Sessions are runtime infrastructure, not just resumable transcripts and shares the principle that Policy enforcement must run independently of model cooperation — hooks, not prompt instructions.