tech

Why I moved my personal agent from OpenClaw to Hermes

2026-03-26

I set out to build a personal AI assistant.

By that I mean something that could actually do useful work for me. Write code. Use the web on my behalf. Work safely across its own repos. Run research pipelines, maintain a knowledge base, prepare briefings, and help with publishing.

But safely.

That last part was never optional. I didn’t want something poking around my personal accounts or having broad access to the rest of my life. I wanted a narrow blast radius. If it broke something, it should break its own world, not mine.

That was the goal from the start.

OpenClaw looked like it could do that. To be fair, I can see why people use it for this sort of thing. It has the pieces. It can use tools, hold memory, run scheduled work, and generally behave like an agent rather than just a chatbot.

So this wasn’t a case of OpenClaw not being capable enough.

The problem was that its default stance felt too open for what I wanted.

The more seriously I thought about using it as an actual personal assistant, the more that bothered me. I found myself getting paranoid about what it could reach, what it could do by default, and how much effort I’d need to put into locking it down properly. I was spending my time hunting for ways to make it safe enough, when really I wanted that to be part of the framework’s starting point.

So I locked it down.

And once I did that, I think I broke the version of OpenClaw I had originally wanted.

That sounds harsher than I mean it to, but I think it’s true. Locking OpenClaw down crippled it. It was no longer really acting like a personal agent. It felt more like a paper-and-pencil pusher. Still able to do some useful things, but not really the thing I had set out to build.

That got even clearer once I was using Claude Code for the heavier architectural work anyway. At that point OpenClaw no longer felt like the centre of the system. It felt more like a proxy in front of other systems doing the real thinking.

That was the point where I had to admit that the issue wasn’t capability. The issue was that the version of OpenClaw I was willing to run safely was no longer the thing I wanted.

That is what pushed me towards Hermes Agent.

This wasn’t a feature gap story

By that point, I’d got clear on what the real question was.

I wasn’t looking for the framework with the broadest theoretical freedom. I was looking for the one that gave me the best chance of ending up with something I could actually run as a personal assistant without feeling like I was taking stupid risks.

That is a narrower question, but it turned out to be the right one.

For me, Hermes answered that question better.

Safe by default made the personal assistant part possible

This was the biggest reason for the move.

What I wanted was not maximum autonomy. What I wanted was useful autonomy inside boundaries I could live with. A system that could do real work, but where dangerous things stayed gated and capability got opened up deliberately rather than casually.

Once an agent has shell access, background processes, scheduled tasks, persistent state, and memory, it stops being a toy. If it’s going to act like a personal assistant, it’s going to end up near real parts of your life.

That’s exactly why the default stance matters so much.

With OpenClaw, I kept feeling like I was being asked to start open and then back my way into safety. With Hermes, it felt much easier to start from safety and then add capability carefully.

That difference sounds small when you say it quickly, but it changes the whole project.

In one model, you spend your time asking, “How do I stop this from becoming dangerous?” In the other, you spend your time asking, “What can I safely allow next?”

That second question is much closer to how I wanted to build.

It also gave me room to actually do the personal assistant part, instead of spending all my energy trying to make that safe after the fact.

Python mattered for a very practical reason

The next reason was simpler: Hermes is a Python system.

If something is going to become part of my everyday setup, I need to be able to read it, debug it, and change it without friction. I read Python more fluently than TypeScript, so I could get a handle on Hermes faster and with less effort.

That isn’t some grand statement about languages. It’s just how I work.

With Hermes, I could follow what the system was doing more easily. I could see where memory got loaded, where prompts were assembled, where tools were handled, where the gateway logic lived. The whole thing felt easier to inspect.

It also showed up in the day-to-day experience. The moving parts felt easier to follow. Steps were easier to surface. Secrets and config felt easier to reason about because the system was more legible as a whole.

Again, none of this means Hermes is just objectively better in every context. It means it was easier for me to live with, and that matters when the project is personal infrastructure rather than a weekend experiment.

Memory was another place where the shape mattered

Memory ended up mattering more than I expected.

I need to be careful here, because this is exactly the sort of comparison that gets mangled if you oversimplify it. OpenClaw does have memory retrieval. It has memory_search and memory_get, and it can do hybrid BM25 plus vector search over its memory files. So this is not a case of one framework having memory and the other not.

The issue for me was the shape of it.

OpenClaw’s own docs say that MEMORY.md gets injected into the context window on every turn, and they also warn that if it gets too large, context usage goes up and compaction happens more often.

That’s a real tradeoff. And I’m thinking this was one of the places where my discomfort with the system became clearer.

The context window is finite. If more and more memory is sitting in there all the time, then that space has to come from somewhere. It comes out of the space the agent has for the live job in front of it — the current task, the current reasoning, the current tool calls, the current conversation.

At some point memory stops helping and starts crowding out the work.

That was the bit I didn’t like. I didn’t want the always-on memory layer turning into something that just kept growing until it started squeezing the useful working space out of the prompt. You end up with this lump that is there because it’s “memory”, but it’s also taking room away from the thing the agent is actually trying to do right now.

Hermes also uses prompt memory, so I don’t want to pretend it escapes that tradeoff completely. To be fair, it doesn’t. The difference is that Hermes keeps that layer much tighter. Its memory is bounded on purpose, and the deeper historical recall lives somewhere else through session_search over SQLite and FTS.

That split made more sense to me.

What I wanted was a small amount of stable memory that was always there, and then a separate way to fetch the rest when I needed it. I didn’t want prompt memory gradually turning into an archive.

That was one of the places where Hermes felt cleaner.

The boring practical details counted too

There were also a bunch of boring practical things that pushed me in the same direction.

How easy is it to inspect what the system is doing? How easy is it to trace a step when something goes wrong? Where do secrets live? How obvious is the config? If I leave this alone for a few weeks, will I come back and still understand it?

That sort of thing.

Hermes kept feeling simpler in the places I care about. The moving parts felt easier to follow. It was easier to see where memory lived, where prompts were assembled, where tool behaviour was coming from, and how the whole thing held together.

The secure .env location helped as well. That sounds small, but it isn’t. When you’re trying to build something you actually trust, these details stop feeling like details.

And I should say one other thing. It did help that Hermes Agent came from Nous Research. Not because OpenClaw lacked credibility, or because provenance settles the question by itself. It doesn’t. But when you’re choosing a system you might end up building a lot around, it helps to feel that the thing came from people with a serious track record.

It wasn’t the deciding factor. Just part of the picture.

What I gave up

A move like this is never free.

Part of the appeal of a more open framework is that it can feel like you have more room to shape it however you like. There is something satisfying about that.

But in my case, I don’t think I was really trading elegance away. If anything, Hermes felt more elegant. Fewer moving parts, clearer boundaries, less friction, and it still did the work I needed done.

What I gave up was not elegance. What I gave up was a certain kind of open-ended flexibility. And by that point I’d already worked out that this was not the thing I valued most anyway.

I wasn’t trying to build the most theoretically flexible system. I was trying to build one I could actually trust and use.

For this project, Hermes was the cleaner answer.

What I’d do differently next time

If I were starting again, I’d make a few things explicit much earlier.

First, I’d define the operating model before choosing the framework. Not “what cool things could this do?” but “what kind of autonomy is acceptable here, where are the human gates, and what is the blast radius if this goes wrong?”

Second, I’d treat the chat interface as just that — an interface. A bot in Telegram is not the system. The system is everything behind it: memory, tools, workflow, review, permissions, state, and the way all of that fits together.

Third, I’d pay more attention to how the framework wants to be used. That matters more than feature lists do. A framework can be capable in theory and still be a poor fit once you start using it the way you actually intend to.

I think I saw that later than I should have.

Why Hermes was the right move for me

Hermes was the right move because it fit the system I was actually trying to build.

It let me take security seriously without hollowing the whole thing out. It was easier for me to read because it was Python. Its memory model made more sense to me. The architecture felt simpler. The handling of secrets felt cleaner. Overall, it gave me more room to build the personal assistant part without feeling like I was being careless.

That’s really the heart of it.

OpenClaw wasn’t rejected because it was incapable. It was rejected because the version of OpenClaw I was willing to run safely had stopped being the thing I wanted.

Hermes got me closer to that thing again.