Deep dive
Claude Code + Hermes Agent Setup: Dynamic Workflows, Skill Bundles & New Security
Claude Code handles deep code building while Hermes Agent provides persistent memory and growing skills — combining them gives you a coding agent that never forgets your project context. This video covers installation of both tools, how dynamic workflows spawn parallel sub-agents, skill bundles for one-command setup, and four new Hermes security and productivity upgrades.
"Claude Code + Hermes Agent Setup Is WILD" by Julian Goldie SEO — Watch on YouTube →
Key Takeaways
- Claude Code is Anthropic's terminal-based coding agent — reads your whole project, writes and changes files, runs tests, and fixes its own mistakes. You talk to it in plain English.
- Hermes (from Nous Research) is a persistent memory agent — it remembers past work, builds reusable skills from what you do, and can run on a small cloud server reachable from Telegram or terminal.
- Combining them covers both roles: Hermes holds long-term context and project history; Claude Code does the heavy file editing and code execution.
- If you've previously used OpenClaw, Hermes can import your existing settings, memories, and skills automatically during setup.
- Dynamic workflows spin up many sub-agents in parallel from a single plain-English mission. The Bun project creator used this to rewrite 750,000 lines of code across 11 days with hundreds of simultaneous agents and reviewers.
- Skill bundles load a full group of related skills in one command (e.g., all browser automation skills at once), replacing the one-by-one skill activation workflow.
- New Hermes update brings: memory search 4,500× faster (no AI model call); API keys stored securely via Bitwarden Secrets Manager; prompt injection guard to block hidden instructions; push notifications to phone, watch, or desktop when a job completes.
Commands & Setup Steps
# 1. Install Claude Code (Mac, Windows, or Linux)
# Get the one-line installer from the Claude Code docs
# After install, navigate to your project folder and run:
claude
# 2. Install Hermes Agent (Nous Research one-line installer)
# Run the installer — it handles all dependencies automatically
# Then run the setup wizard to pick your model and enable tools
# 3. Connect Hermes to a model provider
# Option A: Nous Research portal (open-source models)
# Option B: Any API-compatible model you already use
# 4. Import from OpenClaw (if applicable)
# During Hermes setup wizard, choose "import from OpenClaw"
# Migrates settings, memories, and skills automatically
# 5. Load a skill bundle (example: browser automation)
# In Hermes: Skills → Bundles → select bundle → Load
# Activates the full set of related skills in one step
# 6. Use dynamic workflows (Claude Code)
# Type a plain-English mission in Claude Code, e.g.:
# "Build me a content plan and blog for a site about AI agents"
# Claude Code spawns parallel sub-agents and shows a live map
Deep dive: who owns what
The video frames this as an "Agent OS," but the reason the pairing works is a clean division of responsibility. Run them as two roles, not two copies of the same thing:
| Concern | Claude Code | Hermes |
|---|---|---|
| Editing files & running tests | Owns it — lives in the repo, makes changes, runs the build. | Doesn't touch the working tree. |
| Long-term project memory | Per-session; CLAUDE.md for durable facts. | Owns it — ~/.hermes/memory.db + ~/.hermes/workspace/MEMORY.md persist across machines and weeks. |
| Always-on / unattended work | Interactive; you drive it. | Owns it — runs as a service, reachable from Telegram/Discord, fires push notifications on completion. |
| Reusable skills | Project .claude/skills/. | Owns the library — skill bundles load a whole group at once. |
The handoff to avoid duplication: Hermes remembers, Claude Code builds. Hermes accumulates "this project uses Bun, deploys to Netlify, the auth module is fragile" over time; Claude Code consumes that context at the start of each coding session instead of re-discovering it.
Config: wire Hermes memory into Claude Code over MCP
The durable way to connect the two is the Model Context Protocol — expose Hermes's memory as an MCP server and let Claude Code read it as a tool. First enable the endpoint in Hermes (it rides on the dashboard port, 9119):
# ~/.hermes/config.yaml
mcp:
enabled: true
bind: 127.0.0.1:9119 # localhost only — do not expose publicly
expose:
- memory_search # query past project context
- memory_read # read workspace/MEMORY.md
Restart the service and confirm it's listening:
systemctl --user restart hermes-agent
curl -s http://localhost:9119/mcp/health # expect: {"status":"ok"}
Then register it with Claude Code. Commit this to .mcp.json at the repo root so the whole team shares it:
// .mcp.json
{
"mcpServers": {
"hermes-memory": {
"type": "sse",
"url": "http://localhost:9119/mcp"
}
}
}
Finally, tell Claude Code to actually use it. A few lines in CLAUDE.md turn the connection into a habit rather than something you remember to invoke:
# CLAUDE.md
## Project memory
Before starting a task, call the `hermes-memory` MCP tool `memory_search`
to load prior decisions about this codebase. Treat anything it returns as
established context — don't re-derive it. After a non-trivial change, note
the decision back so Hermes can persist it.
Now Claude Code opens each session already knowing your project's history, and Hermes keeps a record that survives /clear, a new laptop, or a week away. See the Hermes memory guide and MCP tools reference for the full surface.
Security: the four upgrades, and how to verify them
The new Hermes release tightens four things the video lists — but "it has a feature" and "it's configured correctly on your box" are different claims. Check each:
- Secrets in Bitwarden, not plaintext. Confirm no real keys sit in
~/.hermes/.env— it should hold a Bitwarden reference, not the secret itself. Grep for anything that looks like a live key before you commit anything. - Prompt-injection guard. It blocks hidden instructions in fetched web pages and files. Keep it on; it's the main defence when Hermes reads untrusted content on your behalf.
- Localhost-only MCP bind. The
bind: 127.0.0.1above matters — an MCP memory server reachable from the open internet is a data-exfiltration path. Never bind it to0.0.0.0without an auth proxy in front. - Push notifications as an audit trail. They're a convenience, but they also tell you the moment an unattended job did something you didn't expect — treat an unexpected "job complete" ping as a signal to go look.
For the full hardening checklist, see our Hermes security guide.
Errors & Fixes
| Symptom | Cause | Fix |
|---|---|---|
Claude Code doesn't see the hermes-memory tool |
.mcp.json server isn't approved, or the endpoint isn't up. |
Run /mcp in Claude Code to approve the server; confirm curl localhost:9119/mcp/health returns ok first. |
| Sub-agents from a "dynamic workflow" stall partway | Hundreds of parallel agents exhausted your model provider's rate limit. | Cap concurrency in the mission prompt, or point Hermes at a higher-tier key; watch journalctl --user -u hermes-agent -f for 429s. |
| OpenClaw import brought over stale or wrong memories | The import is a one-time copy; it doesn't reconcile contradictions. | Prune ~/.hermes/workspace/MEMORY.md after import — delete anything no longer true rather than letting it mislead later sessions. |
| Memory search returns nothing for a project you've worked on | You're searching from a different workspace, or the DB path moved. | Verify ~/.hermes/memory.db is the one in use (HERMES_DB_URL overrides it); re-index if you migrated machines. |





