Gormes

Parity Audit: Hermes agent/prompt_builder.py, tools/terminal_tool.py, tools/code_execution_tool.py

Date: 2026-04-30 Auditor: Sisyphus Scope: Prompt builder, terminal tool, code execution tool parity gaps

1. agent/prompt_builder.py (1,122 lines)

Upstream Behavior

The Hermes prompt builder is a comprehensive system prompt assembly engine:

FeatureHermes ImplementationGormes StatusGap
Context file scanning_scan_context_content — detects prompt injection, invisible unicode, threat patterns in AGENTS.md/.cursorrules/SOUL.mdNot implementedCritical
Git root discovery_find_git_root — walks parents looking for .gitNot implementedMedium
.hermes.md discovery_find_hermes_md — searches cwd → git root for .hermes.md/HERMES.mdNot implementedMedium
YAML frontmatter stripping_strip_yaml_frontmatter — removes --- delimited frontmatterNot implementedLow
Default identityDEFAULT_AGENT_IDENTITY — “You are Hermes Agent…”Not implementedMedium
Help guidanceHERMES_AGENT_HELP_GUIDANCE — references skill_viewNot implementedLow
Memory guidanceMEMORY_GUIDANCE — durable facts, compact focus, declarative factsNot implementedCritical
Session search guidanceSESSION_SEARCH_GUIDANCE — cross-session recallNot implementedMedium
Skills guidanceSKILLS_GUIDANCE — save complex tasks as skillsPartial (skills_list/view exist)Medium
Tool use enforcementTOOL_USE_ENFORCEMENT_GUIDANCE — MUST use tools, no promisesNot implementedCritical
Model-specific guidanceVarious model substrings trigger different guidanceNot implementedMedium
Context file assemblyCombines identity + platform + skills index + context files + memoryNot implementedCritical

Gormes Current State

  • No native prompt builder exists in internal/hermes/
  • The Kernel tool loop exists but lacks prompt assembly
  • Skills tools (skills_list, skill_view) are implemented
  • Memory tool exists but no memory guidance injection

4.C Native Prompt Builder (existing row in progress.json)

  • Priority: P0
  • Critical path for Python-free normal agent turn

2. tools/terminal_tool.py (2,307 lines)

Upstream Behavior

Hermes terminal tool supports 7 execution backends:

BackendHermesGormesGap
localFull foreground/background, PTY, interrupt pollingBasic foreground onlyPartial
dockerContainerized execution, auto-cleanupNot implementedGap
modalCloud sandbox, direct or managed gatewayNot implementedGap
vercel_sandboxVercel Sandbox with runtime selectionNot implementedGap
sshRemote SSH executionNot implementedGap
singularitySingularity containersNot implementedGap
daytonaDaytona sandboxNot implementedGap

Additional Hermes features:

FeatureHermesGormesGap
Background tasksFull background process registryRejected as unsupportedLarge
Interrupt handlingGlobal interrupt event, kills subprocessesNot implementedMedium
Disk usage warningsWarns when scratch dir exceeds 500GBNot implementedLow
Environment selectionTERMINAL_ENV variableNot implementedMedium
Timeout enforcementForeground max 600s, configurableBasic timeout (180s default)Partial
PTY supportReal PTY allocationSchema accepts but rejectsGap
CleanupAuto-cleanup after inactivityNot implementedLow

Gormes Current State

  • internal/tools/terminal_tool.go (227 lines)
  • Local execution only via bash -lc
  • Basic timeout, output truncation, ANSI stripping
  • Dangerous command guardrails (36+ patterns)
  • Permission approval system (manual/smart/off)
  • Background processes explicitly rejected
  • PTY accepted in schema but rejected at runtime
  1. 5.B.2 Terminal Background Process Registry — Background task support
  2. 5.B.3 Terminal Docker Backend — Docker containerized execution
  3. 5.B.4 Terminal Cloud Backends — Modal/Vercel/SSH/Daytona backends
  4. 5.B.5 Terminal Interrupt Handling — Global interrupt event for subprocesses

3. tools/code_execution_tool.py (1,609 lines)

Upstream Behavior

Hermes code execution provides a Programmatic Tool Calling (PTC) sandbox:

FeatureHermesGormesGap
UDS RPCUnix domain socket for local tool callsNot implementedCritical
File-based RPCRemote backends via file pollingNot implementedLarge
hermes_tools.py stubAuto-generated Python module with tool stubsNot implementedLarge
Sandbox allowed tools7 tools: web_search, web_extract, read_file, write_file, search_files, patch, terminalPartial (tools exist but no sandbox wrapper)Large
Resource limitsTimeout (300s), max tool calls (50), stdout (50KB), stderr (10KB)Basic timeout onlyMedium
Transport selectionUDS vs file-based based on backendNot implementedMedium
Sandbox availabilityPOSIX-only gate (SANDBOX_AVAILABLE)Go equivalent neededMedium

Gormes Current State

  • internal/tools/execute_code.go exists but is minimal
  • Basic sandboxed execution with sh/python snippets
  • Filesystem/network blocking via pre-exec
  • Runtime selection (python/sh)
  • No RPC architecture
  • No hermes_tools.py stub generation

5.K Code Execution Sandbox (already exists in progress.json as umbrella)

  • Needs splitting into: RPC transport, stub generation, resource limits, backend selection

Summary: Critical Path Gaps

PriorityFileGapBlocks Dogfood?
P0agent/prompt_builder.pyNo native prompt builderYes
P0tools/code_execution_tool.pyNo UDS RPC sandboxNo
P1tools/terminal_tool.pyNo background/docker/cloud backendsNo
P1agent/prompt_builder.pyNo context file scanningNo
P1agent/prompt_builder.pyNo memory/session/skills guidance injectionYes
P2tools/terminal_tool.pyNo interrupt handlingNo
P2tools/code_execution_tool.pyNo hermes_tools.py stub generationNo

Next Actions

  1. Implement native prompt builder (4.C) — highest priority, blocks dogfood
  2. Expand terminal tool backends (5.B.x) — medium priority
  3. Build code execution RPC (5.K split) — medium priority
  4. Add context file scanning to prompt builder — security-critical