The Zoo of Souls — Hermes Agent Ecosystem on QubesOS
Multiple Hermes Agent instances souls run on the same Qubes AppVM, each with a defined role, identity, and set of skills. They communicate through shared files on the SSD, Nostr events, and kapnetd IP
- The Zoo of Souls — Hermes Agent Ecosystem on QubesOS
The Zoo of Souls — Hermes Agent Ecosystem on QubesOS
Architecture Overview
Multiple Hermes Agent instances (souls) run on the same Qubes AppVM, each with a defined role, identity, and set of skills. They communicate through shared files on the SSD, Nostr events, and kapnetd IPC. A central orchestrator (HermQube Prime) spawns, monitors, and coordinates all souls.
┌─────────────────────────────────────────────────────────────┐
│ QubesOS AppVM (herm-clone-11) │
│ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ HERMQUBE PRIME (Orchestrator) │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌─────────┐ │ │
│ │ │ Heartbeat│ │ Scheduler│ │ Oversight│ │ Kapnet │ │ │
│ │ │ Monitor │ │ │ │ Auditor │ │ d │ │ │
│ │ └──────────┘ └──────────┘ └──────────┘ └─────────┘ │ │
│ └──────────────────────────────────────────────────────┘ │
│ │ │
│ ┌────────────┼────────────┐ │
│ ▼ ▼ ▼ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ SENTRY │ │ SCRIBE │ │ COURIER │ │
│ │ (Watchman) │ │ (Chronicler)│ │ (Messenger) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │ │ │ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ ARCHIVIST │ │ HERALD │ │ QUERANT │ │
│ │ (Librarian) │ │ (Ambassador)│ │ (Researcher)│ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │ │ │ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ FORGER │ │ WARDEN │ │ SAGE │ │
│ │ (Builder) │ │ (Security) │ │ (Advisor) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │ │
│ ┌────────────┼────────────┐ │
│ ▼ ▼ ▼ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ SHARED INFRASTRUCTURE │ │
│ │ /media/user/shared-ro/ │ /media/user/shared-rw/ │ │
│ │ /media/user/private/ │ /home/user/.kapnet/ │ │
│ │ Nostr Relays │ kapnetd IPC │ │
│ └──────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│ │ │
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Nostr │ │ Kapnet │ │ Operator │
│ Relays │ │ Braid │ │ (GELI) │
└──────────┘ └──────────┘ └──────────┘
Soul Registry
Tier 1 — Core (always running)
| Soul | Role | Identity | Channel | Priority |
|---|---|---|---|---|
| HermQube Prime | Orchestrator, coordinator | HermQube op key | IPC + files | Critical |
| Sentinel | Heartbeat monitor, health checks | Shared | Files + Nostr | Critical |
| Scribe | Wiki maintainer, chronicler | Shared | Files | Critical |
Tier 2 — Operations (run on schedule)
| Soul | Role | Identity | Channel | Schedule |
|---|---|---|---|---|
| Herald | Nostr public ambassador | Ambassador npub | Nostr | Continuous loop |
| Archivist | File store manager, librarian | Shared | Files + Nostr | Every 4h |
| Courier | Inter-agent messenger | Shared | Files + IPC | Event-driven |
| Querant | Researcher, knowledge seeker | Shared | Files + web | Daily |
Tier 3 — Specialized (run on demand or weekly)
| Soul | Role | Identity | Channel | Schedule |
|---|---|---|---|---|
| Forger | Code builder, compiler | Shared | Files + kapnetd | On demand |
| Warden | Security auditor, scanner | Shared | Files | Weekly |
| Sage | Strategic advisor, analyst | Shared | Files + LLM | Daily |
| Cartographer | Architecture diagrammer | Shared | Files + web | Weekly |
Identity Scheme
Each Tier 2+ soul has its own Nostr keypair for signed communications. Tier 1 souls share the HermQube operational key.
.kapnet/
├── keys # HermQube operational (Tier 1)
└── identities/
├── ambassador/ # Herald (Tier 2)
│ ├── sk.hex
│ ├── pk.hex
│ ├── npub
│ └── nsec
├── archivist/ # Archivist (Tier 2)
├── querant/ # Querant (Tier 2)
├── forger/ # Forger (Tier 3)
├── warden/ # Warden (Tier 3)
├── sage/ # Sage (Tier 3)
└── cartographer/ # Cartographer (Tier 3)
Communication Protocol
Intra-Agent (same qube)
-
Shared files on shared-rw — Primary communication channel
/media/user/shared-rw/inbox/<soul>/— Incoming messages/media/user/shared-rw/outbox/<soul>/— Outgoing messages/media/user/shared-rw/signals/— Broadcast signals (JSON)/media/user/shared-rw/state/<soul>.json— Per-soul state
-
Kapnet IPC (Unix socket) — For TXXM-capable souls
- kapnetd socket at
~/.kapnet/kapnet.sock - Souls submit TXXMs, query braid state, trigger knot builds
- kapnetd socket at
-
Nostr private (kind-4 DMs) — For cross-qube communication
- Souls with their own npub can DM other agents
- Encrypted with NIP-04
Inter-Agent (cross-qube / cross-machine)
- Nostr public (kind-1, kind-30078) — Public announcements
- Nostr private (kind-4 DM) — Encrypted coordination
- Kapnet TXXM gossip — Private relay or direct IPC
Signal Protocol
Broadcast signals are JSON files in /media/user/shared-rw/signals/:
{
"signal": "<signal_type>",
"from": "<soul_name>",
"to": "<soul_name>|broadcast",
"timestamp": 1234567890,
"data": { ... }
}
Signal types:
heartbeat— Soul is alivetask_complete— A scheduled task finishedalert— Something needs attentionrequest— Asking another soul to do somethingresponse— Reply to a requestpublish— Content ready for Nostrstore_update— File store changedconfig_change— Kapnet config updated
Skill Architecture
Each soul has a primary skill that defines its behavior. Skills are stored at:
~/.hermes/skills/souls/<soul-name>/SKILL.md
Cross-cutting skills (shared across souls):
~/.hermes/skills/souls/_shared/nostr-publish.md— Publishing tool~/.hermes/skills/souls/_shared/kapnet-ipc.md— IPC protocol~/.hermes/skills/souls/_shared/signal-bus.md— Communication bus~/.hermes/skills/souls/_shared/identity-mgmt.md— Key management
Loop Model
All souls run deterministic loops. Each loop is a cron-triggered Hermes session:
┌─────────────────────────────────────────────────────────┐
│ LOOP ORCHESTRATOR │
│ │
│ Every 6h: Sentinel heartbeat → all souls ping │
│ Every 4h: Archivist store sync → catalog update │
│ Every 2h: Sage analysis → wiki update │
│ Daily: Herald content scan → Nostr publish │
│ Daily: Querant research → wiki ingest │
│ Daily: Scribe log rotation → wiki maintenance │
│ Weekly: Warden audit → security report │
│ Weekly: Cartographer → architecture diagrams │
│ On demand: Forger build → binary on SSD │
│ Event: Courier dispatch → inter-agent routing │
│ Event: HermQube Prime oversight → coordination │
└─────────────────────────────────────────────────────────┘
Oversight Model
Operator (GELI)
│
▼
HermQube Prime (orchestrator)
│
├── Health dashboard (shared-rw/state/dashboard.json)
├── Alert conditions (2x heartbeat fail, divergence, etc.)
│
▼
All Souls → signal bus → shared-rw/signals/
│
▼
Weekly summary (Nostr kind-1 + wiki log)
State Persistence
Each soul maintains state in:
/media/user/shared-rw/state/<soul>.json— Machine-readable state- Wiki log.md — Human-readable activity log
- Nostr events — Public activity trail (for Herald)
Implementation Phases
Phase 1: Core (this session)
- Create shared infrastructure (directories, signal bus, identity scheme)
- Define all soul skills
- Set up HermQube Prime orchestrator
- Deploy Sentinel and Scribe
Phase 2: Operations (next session)
- Deploy Herald (already has npub + profile live)
- Deploy Archivist (store catalogs)
- Deploy Courier (messaging)
- Set up loop cron jobs
Phase 3: Specialized (future)
- Deploy Querant, Sage, Warden, Forger, Cartographer
- Cross-qube communication via Nostr DM
- Kapnet-native inter-agent TXXM protocol
Design Space
See [[zoo-design-space]] for the full combinatorial exploration of design options across all axes: execution models, communication transports, treasury, revenue, security, cross-quube, operator interface, failure modes, and the Kapnet-native vs pragmatic decision framework.
The design space document is the decision record. The architecture above is the current implementation. When they diverge, the design space wins until the architecture is updated.
Write a comment