Brainstem Proposed Stack Hermes Agent + VPS Calibrax · High Fidelity

Brainstem Proposed Deployment Reference

Brainstem is an autonomous agent built on Hermes Agent (Nous Research, v0.16+, MIT licence) deployed on a Linux VPS. It connects to Slack, Telegram, and WhatsApp via Hermes's native gateway connectors. Knowledge is maintained across Pinecone (three permission-scoped vector namespaces), Neon Postgres (role-based access control, artifact lineage, audit log), and Google Drive (T0–T4 file IA backbone). Inbound events trigger skill execution: document classification and ingestion, client folder scaffolding, RAG retrieval, document generation via Sonnet, and email handling via Gmail Pub/Sub. Complex compound tasks are decomposed by a Hermes coordinator into parallel isolated sub-agents, each with its own context window and tool access. All skill patterns, session memory, and task history persist to ~/.hermes/ on local disk — Hermes auto-generates and refines SKILL.md files from execution history across sessions.

Channel

Runtime

Hermes Agent

LLM Gateway

Memory / Storage

Ingestion

Observability

01 — System Architecture

Ideal Stack — Tool Map & Layer Relationships

Channels — Hermes Native Connectors

Slack Primary · @mentions · Block Kit · DM digests

Telegram Mobile-first · InlineKeyboard

WhatsApp Async messaging · broad reach

Email Gateway IMAP/SMTP via Hermes · inbound + outbound

↕ events in · responses out · all via Hermes native gateway — no slack-bolt, no custom adapters

Hermes Agent Runtime — Core Intelligence Layer

VPS (Hetzner) $4–6/mo · always-on · native persistent disk · no managed platform overhead

→

Hermes Agent Nous Research · MIT · SKILL.md skills · native connectors · cron · sub-agent spawning · learning loop

↔

~/.hermes/ Persistent local memory · auto-generated SKILL.md · session recall · learning compounds over time

↔

OpenRouter LLM gateway · Haiku 4.5 · Sonnet 4.6 · DeepSeek · Llama free

↔

Upstash Redis Session memory · confirmation queue · skill state

↓ coordinator spawns sub-agents · each isolated · parallel execution · results collected

Sub-Agent Layer — Parallel Isolated Execution

Coordinator Decomposes compound task · assigns sub-agents · waits · assembles output

→

Sub-agent A Own context · own RAG · own LLM call · own Drive write

Sub-agent B Own context · zero bleed from A · runs in parallel

Sub-agent N Any task · any skill · reports back to coordinator

↕ reads / writes · tool calls · webhook push

Memory & Storage — Four External Stores

Pinecone Vector store · 3 namespaces · t1-open / t2-t3-internal / t4-restricted

Neon Postgres Roles · permissions · audit · artifact lineage · webhook channels

Google Drive T0–T4 file IA · folder scaffold · permissions enforcement

↕ webhook push · read/write via SKILL.md tools

Ingestion Sources — Knowledge Inputs

Google Drive Webhook push on change → classify → embed

Notion Meeting notes · sprint notes → ingest + write-back

Gmail Pub/Sub push on inbound → file + draft · send on approval

↕ all traces streamed continuously

Observability & Uptime

Langfuse Cloud Traces · spans · token counts · confidence · latency · knowledge growth rate

UptimeRobot 5-min health ping · email alert on failure

From	Direction	To	What flows
VPS (Hetzner)	hosts	Hermes Agent	Always-on daemon · persistent local disk · systemd auto-restart · no cold starts · no managed platform overhead
Slack / Telegram / WhatsApp	↔	Hermes Agent	Via Hermes native gateway connectors — events in, responses out, no custom adapters needed
Hermes Agent	reads/writes	~/.hermes/	Persistent memory · auto-generated SKILL.md files · cross-session recall · the learning loop that never resets
Hermes Agent	spawns	Sub-agents	Isolated agents each with own context, LLM calls, tool access · parallel execution · coordinator collects all results
Hermes Agent	↔	OpenRouter	LLM calls per skill — Haiku for interactive, Sonnet for document generation, DeepSeek for batch ingestion
Hermes Agent	↔	Upstash Redis	Session context · confirmation queue · skill state between Hermes calls
Hermes Agent	↔	Neon Postgres	Permission resolve on every request · action + artifact + audit writes on every operation
Hermes Agent	↔	Pinecone	Vector search (Ask) · chunk writes (ingestion) · namespace-scoped by user role
Hermes Agent	↔	Google Drive	Folder scaffold · file move · content read · permission enforcement (T4 admin-only)
Hermes Agent	↔	Notion / Gmail	Page ingest · row writes (Notion) · email read + draft + send on approval (Gmail)
Drive / Notion / Gmail	→	Hermes Agent	Webhook push on new/changed content — triggers ingestion pipeline or email flow automatically
Hermes Agent	→	Langfuse	Every skill call traced — spans, confidence, token counts, latency, knowledge growth rate per roll-up

02 — Build Milestones

What Brainstem Can Do at Each Stage

Foundation

VPS provisioned · Hermes Agent installed via install script
Hermes Slack gateway active · HTTPS via Caddy
SKILL.md skills: classify, ingest, drive_actions
OpenRouter, Pinecone, Neon, Redis connected
First document chunk written to Pinecone
~/.hermes/ seeding Hermes's learning loop

Hermes alive · first chunk in Pinecone

Client Lifecycle

@brainstem provisions [client] → full T0-T4 Drive tree in seconds
File dropped in Slack → classify → confirm → Drive → Pinecone
@brainstem what do we know about X? → RAG answer with sources
Role-based access: admin / internal / developer namespaces
Neon permissions enforced on every retrieval

Client folder live · knowledge queryable

Autonomous Ops

Email webhook → sub-agent A files to Drive · sub-agent B drafts reply
Two Slack DMs arrive automatically — no user action triggered this
Human approves send via Block Kit buttons
Weekly roll-up: cron scans, extracts, digests, promotes on approval
Hermes learning loop compounding from all interactions

Brainstem acts without being asked

Full Intelligence

@brainstem prepare DRB-Hicom onboarding pack → 4 sub-agents in parallel
Proposals, decks, engagement plans drafted from RAG context
Existing documents updated with new decisions/signals
Proactive insights surfaced without asking
Hermes auto-generates skills from every complex task it solves
Knowledge compounds every week — forever

Sub-agents · learns forever · full intelligence

03 — Interaction Flows

How Each Action Moves Through the Hermes Stack

Ask — query to answer via RAG

User@brainstem query

→

Hermes GatewaySlack native connector

→

Hermes Agentloads ~/.hermes/ context

Upstash Redissession memory

→

Neonresolve role + namespaces

→

Pineconevector search (role-scoped)

→

OpenRouterRAG synthesis · Haiku 4.5

→

Slackanswer + source links

Langfusetrace recorded

→

Userreceives answer

SlackHermes Gateway

User sends @brainstem what do we know about [client]? — Hermes's native Slack gateway receives the event. Hermes loads the user's session history from ~/.hermes/ and Upstash Redis, injecting prior context into the active window.

→ enriched context window · session history loaded

Hermes AgentNeon Postgres

Hermes runs the permission resolver skill — queries Neon with the user's Slack ID, gets their role (admin / internal / developer), maps it to allowed Pinecone namespaces. Hermes's SKILL.md for permission resolution is auto-improved each time it runs.

→ allowed namespaces determined · role confirmed

OpenRouterPinecone

Hermes embeds the query via OpenRouter, then searches only the user's allowed Pinecone namespaces. Top-K chunks returned. Passes chunks as RAG context to OpenRouter (Haiku 4.5) for synthesis.

→ answer grounded in Calibrax's actual knowledge base

SlackLangfuse

Hermes replies in Slack with the answer and source document links. Langfuse records the full trace. Hermes updates ~/.hermes/ with this interaction — it learns what types of questions come up most and refines its recall patterns over time.

→ answer in Slack · learning updated · trace in Langfuse

Store — file to Drive via classify + confirm

Userdrops file in Slack

→

Hermes Gatewayfile_shared event

→

Hermes Agentdownloads content

→

OpenRouterclassify · domain · tier · confidence

→

conf ≥ 0.7?threshold check

→

Slack confirmBlock Kit card

→

Driveupload · perms set

→

Pinecone + Neonembed · artifact lineage

Langfusetrace

↑ if confidence < 0.7 → Hermes asks user to verify classification before the confirm card is sent · Hermes improves its classify SKILL.md from each correction

Create — entity scaffold end-to-end

User@brainstem provisions X

→

Hermes GatewaySlack event

→

Hermes Agentparse: create · entity · name

→

Drive scaffoldT0–T4 folder tree

→

Drive permsT4 → admin only

→

Notioncreate row + _record

→

Neonartifact lineage

→

SlackDrive + Notion links

Langfusetrace

    ↗ SUB-AGENT — Hermes Coordinator spawns parallel isolated agents. Each has its own context, its own LLM calls, its own Drive operations. Zero context bleed.
  

Generate — compound task → sub-agent swarm → complete output

Phase 1 — intent + decomposition

User@brainstem prepare DRB-Hicom onboarding pack

→

Hermes GatewaySlack event

→

Hermes Coordinatordecompose compound task

→

OpenRouter (Sonnet)plan: 4 sub-tasks

Phase 2 — 4 sub-agents running in parallel

Sub-agent A

PineconeDRB-Hicom context

↓

Sonnetdraft proposal

↓

Drive→ 30_Proposals/

Sub-agent B

PineconeDRB-Hicom context

↓

Sonnetcreate pitch deck

↓

Drive Slides→ 20_Mockups/

Sub-agent C

Hermes webresearch industry

↓

Pineconecross-ref existing intel

↓

Drive Doc→ 00_Intel/

Sub-agent D

Drive scaffoldset up folder tree

↓

Notioncreate client row

↓

Neonartifact lineage

Phase 3 — collect + deliver

Coordinatorcollects all 4 results

→

Slack4 links · summary · timing

→

Usercomplete pack delivered

→

Langfusefull sub-agent trace

~/.hermes/pattern saved as skill

Hermes saves the successful decomposition pattern as a SKILL.md · next time @brainstem prepare onboarding pack is called, it executes faster with less planning overhead

    ↺ AUTONOMOUS — triggered by Gmail Pub/Sub webhook. Hermes wakes up and acts. No user initiated this.
  

Email — inbound → two sub-agents in parallel → sub-agent A files · sub-agent B drafts

Trigger + dispatch

Gmailnew email arrives

→

Pub/Subpush notification

→

Hermes Agentreads full email · matches client

→

Spawn 2 sub-agentsisolated · parallel

SUB-AGENT A — Knowledge Capture (autonomous)

OpenRouter (Haiku)classify: domain · tier

↓

Drivefile to correct folder

↓

Pinecone + Neonembed · artifact record

↓

Slack DM"Filed to DRB-Hicom/00_Intel/raw/"

SUB-AGENT B — Draft Generation (human gate)

Pineconeload client context (RAG)

↓

OpenRouter (Sonnet)draft reply · client-aware

↓

Slack DM"Draft ready — [Send] [Edit] [Dismiss]"

Human gate — draft only · filing is automatic

Userreviews draft in Slack

→

Send / Edit / Dismissblock_actions event

→

Gmail APIsends only on Send

Neon auditaction recorded

→

Langfuseemail flow trace

~/.hermes/pattern learned

04 — Automated Intelligence

Weekly Roll-Up — How Knowledge Compounds

Weekly roll-up — automated intelligence cycle

Phase 1 — automated scan & extract

Hermes cronweekly 07:00 · natural language schedule

→

Neonactive clients + last_run_at

→

Drive scanfiles modified since last run

→

OpenRouterextract contacts · decisions · signals

→

Slack DM digestBlock Kit cards per item

Human Gateaccount lead reviews · Promote to T1 or Dismiss · nothing promoted automatically

Phase 2 — write-back on approval

Drive curated/write item

→

_record.mdappend entry

→

Notionupdate client row

→

Pinecone t1-openchunk · embed · write

→

Neonupdate last_run_at

→

Langfuseroll-up trace

~/.hermes/pattern updated

↺

cycle complete — knowledge base richer · Hermes learning loop updated · next run starts from new last_run_at

↺

Hermes AgentNeon Postgres

The roll-up skill fires on Hermes's native cron schedule (weekly, 07:00 — set in natural language). No user action required. Hermes queries Neon for all active client records, extracts Drive folder root IDs and the last_run_at timestamp.

→ active client list + last-run timestamps

Hermes AgentGoogle Drive

For each active client, Hermes scans all files modified since last_run_at inside 00_Project_Intel/ sub-folders. Extracts text content. Skips anything already in 00_Intel/curated/ — no duplicate processing.

→ new/modified raw intel documents per client

Hermes AgentOpenRouter (Haiku 4.5)

For each new document, Hermes extracts: new contacts, key decisions, terminology, signals not yet in the curated record. Outputs structured items per document. Hermes's extraction SKILL.md improves each run from user feedback on promoted vs dismissed items.

→ extracted items: { client, type, content, source_file }

04–05

Slack DMHermes AgentNeon

Hermes sends a digest DM with Block Kit cards — each item shows client name, type, content, source file. Two buttons: Promote to T1 or Dismiss. User clicks each. Hermes resolves pending confirmations from Neon. Nothing is promoted without human approval.

→ confirmed list · dismissed list · human always last gate

06–07

DriveNotionPineconeNeon~/.hermes/Langfuse

Each confirmed item: written to 00_Intel/curated/, appended to _record.md, Notion row updated, chunked + embedded to t1-open Pinecone namespace. last_run_at updated in Neon. Hermes updates ~/.hermes/ with the extraction pattern — improving roll-up quality over time. Langfuse records the full trace including knowledge growth rate.

→ T1 richer · Hermes smarter · trace in Langfuse · next run ready

05 — Full Intelligence Layer

Generate, Update, Insights — Powered by Hermes Learning

Draft on Demand

@brainstem draft [document] for [client]

Single documents (proposals, briefs, engagement plans, decks) drafted with Sonnet using full RAG context. For complex packs — Hermes Coordinator spawns parallel sub-agents, one per output. Hermes saves the successful decomposition as a SKILL.md, making the next similar request faster.

SlackCoordinatorPineconeSonnet 4.6Drive~/.hermes/

Document Updates

@brainstem update [doc] with latest decisions

Hermes reads the existing Drive document, pulls the latest context from Pinecone (new decisions, contacts, scope changes since the doc was last written), rewrites or appends relevant sections with Sonnet, saves back to Drive. Change log appended to _record.md.

SlackDrivePineconeSonnet 4.6

Proactive Insights ↺

Surfaces signals without being asked

After every Store or Email ingest, Hermes checks if a meaningful signal emerged. If so, it DMs the account lead: "New signal in DRB-Hicom: budget confirmed at RM 200k by Razif." Hermes's insight SKILL.md improves from which signals users act on vs dismiss — it learns what Calibrax considers signal vs noise.

HermesPineconeHaiku 4.5Slack DM~/.hermes/

The Learning Loop

Hermes gets smarter every week

Every task Hermes solves updates ~/.hermes/. Complex tasks are saved as SKILL.md files. Extraction patterns are refined by roll-up feedback. Insight filters are tuned by what gets acted on. Classification accuracy improves from user corrections. The longer Brainstem runs, the less it needs to be guided — and the more it anticipates what Calibrax needs.

~/.hermes/SKILL.md auto-generationLangfuse growth rate