Loading...
Loading...
Control Room template for managing Hermes agents from one VPS agent to specialist teams and orchestrated workflows
npx skill4agent add aradotso/hermes-skills hermes-agent-control-roomSkill by ara.so — Hermes Skills collection.
hermes-seohermes-devhermes-cmohermes-orchestratorssh root@YOUR_SERVER
git clone https://github.com/shannhk/hermes-agent-control-room.git /root/agent-control-room
cd /root/agent-control-room
cat docs/starter-guide.mdcreate-vpssetup-control-room# Agent workflow:
# 1. create-vps → creates Hetzner VPS, SSH key, SSH alias
# 2. setup-control-room → installs Node, Claude Code, Codex, Docker, Hermes, clones repo
# 3. SSH in and complete authsetup-control-room/root/agent-control-room~/.claude/skillsssh <alias>
claude /login
codex
hermesagent-control-room/
README.md # This file
agents/ # Per-agent folders
hermes-life/
inventory.md # Agent metadata
docker.md # Container notes
env-map.md # Secret map (no raw values)
runbook.md # Start/stop/debug procedures
backup.md # Backup plan
docs/
architecture.md # System design
levels.md # Growth stages
naming.md # Agent naming conventions
security.md # Security model
task-bus.md # Task routing spec
orchestrator.md # Orchestrator design
starter-guide.md # First steps
shared/
api-keys-sop.md # Secret management SOP
commands.md # Common commands
security.md # Security checklist
templates/
agent/ # Agent doc templates
docker/ # Docker compose templates
task-bus/ # Task bus templates
skills/ # Bundled agent skills
examples/ # Example setups per levelcd /root/agent-control-room
mkdir -p agents/hermes-life
cp templates/agent/*.md agents/hermes-life/# hermes-life Agent Inventory
**Agent Name:** hermes-life
**Role:** Personal assistant
**Port:** 3000
**Status:** Active
**Created:** 2026-05-15
**Owner:** Your Name
## Purpose
Personal Hermes agent for daily tasks, research, and file management.
## Tools
- Terminal
- File system
- Web research
- Email (via API)
## Secrets Required
- ANTHROPIC_API_KEY
- GMAIL_API_KEY (optional)# hermes-life Environment Map
**DO NOT COMMIT RAW SECRETS**
## Required Secrets
| Name | Provider | Scope | Location | Rotated |
|------|----------|-------|----------|---------|
| ANTHROPIC_API_KEY | Anthropic | Full API | /srv/hermes-life/data/.env | 2026-05-10 |
| GMAIL_API_KEY | Google | Gmail read/send | /srv/hermes-life/data/.env | Never |
## Storage Location
`/srv/hermes-life/data/.env`
## Backup Location
Encrypted backup in `/root/backups/hermes-life-env.gpg`# hermes-life Runbook
## Start Agent
```bash
cd /srv/hermes-life
docker-compose up -ddocker-compose downdocker-compose logs -fdocker-compose restartdocker-compose logs --tail=100ls -la /srv/hermes-life/data/.envgpg -d /root/backups/hermes-life-env.gpg > /srv/hermes-life/data/.envdocker-compose restart
## Runtime Split
Keep control plane separate from runtime state:
```text
/root/agent-control-room/
Control plane: docs, templates, runbooks, registry
No raw secrets
/srv/<agent-name>/data/
Runtime: .env, memory, skills, sessions, crons, logs
Raw secrets live here# Create specialist agent folders
cd /root/agent-control-room
mkdir -p agents/{hermes-seo,hermes-dev,hermes-cmo,hermes-ops}
# Copy templates
for agent in hermes-seo hermes-dev hermes-cmo hermes-ops; do
cp templates/agent/*.md agents/$agent/
donemkdir -p agents/hermes-orchestrator
cp templates/agent/*.md agents/hermes-orchestrator/# hermes-orchestrator Agent Inventory
**Agent Name:** hermes-orchestrator
**Role:** Front door / task router
**Port:** 3100
**Status:** Active
## Purpose
Routes user requests to specialist agents via the task bus.
Synthesizes results from multiple specialists.
## Tools
- File system (task bus access)
- No direct access to specialist credentials
- Read/write to `/srv/agent-bus/{inbox,working,outbox,archive}`
## Does NOT Have
- Database credentials
- API keys for specialist services
- SSH keys to other systems
## Delegation Model
1. Receives user request
2. Writes task to `/srv/agent-bus/inbox/<specialist>/`
3. Specialist picks up task, works on it, writes result to `/srv/agent-bus/outbox/`
4. Orchestrator reads result, synthesizes, responds to user# Create task bus directories
mkdir -p /srv/agent-bus/{inbox,working,outbox,archive}
mkdir -p /srv/agent-bus/inbox/{seo,dev,cmo,ops}
# Copy task bus config
cp agent-control-room/templates/task-bus/agents.yaml /srv/agent-bus/1. User → Orchestrator: "Audit SEO for example.com"
2. Orchestrator → Task Bus:
/srv/agent-bus/inbox/seo/task-001.md
---
Task: SEO audit for example.com
Requested: 2026-05-17T10:00:00Z
Requestor: User via hermes-orchestrator
---
3. hermes-seo → Picks Up Task:
Moves task-001.md to /srv/agent-bus/working/seo/
4. hermes-seo → Works:
Runs Ahrefs audit, generates report
5. hermes-seo → Completes:
/srv/agent-bus/outbox/seo/result-001.md
Moves task to /srv/agent-bus/archive/seo/
6. Orchestrator → Reads Result:
Synthesizes and responds to user/srv/agent-bus/inbox/dev/task-002.md---
task_id: task-002
specialist: dev
created: 2026-05-17T14:30:00Z
requestor: hermes-orchestrator
priority: normal
---
# Task: Add Contact Form to Website
## Requirements
- Add contact form to /contact page
- Fields: name, email, message
- POST to /api/contact endpoint
- Basic validation
## Context
User requested contact form for their business site.
## Expected Deliverables
- Updated HTML/CSS
- Form validation script
- Deployed to staging/srv/agent-bus/outbox/dev/result-002.md---
task_id: task-002
specialist: dev
completed: 2026-05-17T15:45:00Z
status: success
---
# Result: Contact Form Added
## What Was Done
- Created /contact.html with form fields
- Added client-side validation in contact.js
- Configured backend endpoint at /api/contact
- Deployed to staging: https://staging.example.com/contact
## Files Changed
- /public/contact.html (new)
- /public/js/contact.js (new)
- /api/contact.js (new)
## Testing
- Tested form submission
- Verified email delivery
- Checked validation for all fields
## Next Steps
User can review at staging URL. Ready for production deploy on approval.version: '3.8'
services:
hermes-orchestrator:
image: hermes-agent:latest
container_name: hermes-orchestrator
restart: unless-stopped
ports:
- "3100:3000"
volumes:
- /srv/hermes-orchestrator/data:/app/data
- /srv/agent-bus:/srv/agent-bus
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- AGENT_ROLE=orchestrator
- TASK_BUS_PATH=/srv/agent-bus
networks:
- agent-net
networks:
agent-net:
driver: bridge# Store secrets in per-agent .env files
/srv/hermes-life/data/.env
/srv/hermes-seo/data/.env
/srv/hermes-dev/data/.env
# Backup encrypted
gpg -c /srv/hermes-life/data/.env -o /root/backups/hermes-life-env.gpg
# Never commit to git
echo "*.env" >> /root/agent-control-room/.gitignore❌ BAD: Orchestrator has all API keys
✅ GOOD: Each specialist has only its scoped keys
hermes-seo:
- AHREFS_API_KEY
- GOOGLE_SEARCH_CONSOLE_KEY
hermes-dev:
- GITHUB_TOKEN
- DEPLOY_KEY
hermes-orchestrator:
- ANTHROPIC_API_KEY (for LLM)
- NO access to specialist service APIs# Check exposed ports
ss -tulpn | grep LISTEN
# Use firewall for non-orchestrator agents
ufw allow 3100/tcp # orchestrator only
ufw deny 3001/tcp # hermes-seo (internal only)
ufw deny 3002/tcp # hermes-dev (internal only)| Skill | Purpose |
|---|---|
| Create Hetzner VPS, SSH key, SSH alias |
| Bootstrap VPS with Node, Docker, Hermes, Control Room |
| Manage Control Room docs and agent folders |
| Route tasks from orchestrator to specialists |
| Maintain agent registry |
| Design and audit per-agent backups |
| Check ports, dashboards, SSH, Docker, secrets |
| Plan recurring multi-agent workflows |
setup-control-room~/.claude/skills/# Update Control Room repo
cd /root/agent-control-room
git pull
# Register new agent
mkdir -p agents/hermes-newagent
cp templates/agent/*.md agents/hermes-newagent/
# List all agents
ls agents/
# View agent inventory
cat agents/hermes-seo/inventory.md# Start agent
cd /srv/hermes-seo
docker-compose up -d
# View logs
docker-compose logs -f
# Restart agent
docker-compose restart
# Stop agent
docker-compose down# Create task for specialist
cat > /srv/agent-bus/inbox/seo/task-003.md <<EOF
---
task_id: task-003
specialist: seo
created: $(date -Iseconds)
requestor: manual
---
# Task: Run SEO audit for newsite.com
EOF
# Check task status
ls /srv/agent-bus/working/seo/
ls /srv/agent-bus/outbox/seo/
# Archive completed tasks
mv /srv/agent-bus/outbox/seo/* /srv/agent-bus/archive/seo/# Check Docker logs
docker-compose logs --tail=50
# Verify .env exists
ls -la /srv/<agent-name>/data/.env
# Check port conflicts
ss -tulpn | grep <port>
# Restart Docker
systemctl restart docker
docker-compose up -d# Verify task bus directories exist
ls -la /srv/agent-bus/inbox/
# Check permissions
chmod -R 755 /srv/agent-bus
# Verify agents.yaml
cat /srv/agent-bus/agents.yaml# Check .env file
cat /srv/<agent-name>/data/.env | grep API_KEY
# Restore from backup
gpg -d /root/backups/<agent-name>-env.gpg > /srv/<agent-name>/data/.env
# Restart agent
cd /srv/<agent-name>
docker-compose restart# Check task format
cat /srv/agent-bus/inbox/<specialist>/task-*.md
# Verify specialist is running
docker ps | grep hermes-<specialist>
# Check specialist logs
cd /srv/hermes-<specialist>
docker-compose logs --tail=100/root/agent-control-roomagents/hermes-life/# docker-compose.yml
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- GITHUB_TOKEN=${GITHUB_TOKEN}
- DATABASE_URL=${DATABASE_URL}/srv/<agent-name>/data/.envANTHROPIC_API_KEY=sk-ant-...
GITHUB_TOKEN=ghp_...
DATABASE_URL=postgresql://...vim /root/agent-control-room/agents/hermes-seo/runbook.mdcurl http://localhost:3001 # hermes-seo
curl http://localhost:3002 # hermes-devcurl http://localhost:3100 -d "Audit SEO for example.com"
# Orchestrator → Task Bus → Specialist → Result → Orchestrator → You