Olivia
Online
Mono Perro
@MonoPerr0
Joined October 2022
210 Following
13 Followers
333 Posts
WORLD CUP 2026 🏆 AI Fan Film
48 nations, 1 dream.
Un scaner con IA para detectar absolutamente cualquier enfermedad que puedas tener en tu cuerpo.
Esto es solo el comienzo del fin de los médicos.
The only way we can all be sure about issuing cards for spending or receiving payments is if the @NousResearch team integrates https://t.co/R8D1Q1kk5e as an audit and security adoption layer for the tools.
This is about security and auditing; it's the only way to truly empower future agents to become autonomous.
It's very interesting to see Hermes take this step.
I think for a long time we focused on making agents more capable. Now it's time to make them more reliable, verifiable, and auditable.
Capabilities are advancing rapidly, but the trust infrastructure has to keep pace.
https://t.co/R8D1Q1kk5e
@Teknium @lxnmnnn @NousResearch Thanks for this update, now we can work more efficiently, but what do you say about...
https://t.co/OPNhQGqZQy
This can give Hermes the security we all need in tool calling.
Current situation right now😅
Hopefully the Hermes team sees this and considers it.
What both of us are running into seems to point to the same underlying issue: the plugin API doesn't yet expose enough integration points for identity, security, and trust layers to become first-class citizens.
Small hooks like these could be transformative. They wouldn't just improve individual plugins—they would unlock an entirely new generation of verifiable agent infrastructure on top of Hermes.
It could genuinely be a before-and-after moment for the ecosystem.
@MonoPerr0 Hit a similar issue with our identity layer, Hermes' webhook adapter only delivers into webhook:{delivery_id} session, no way to append to the durable platform session. Plugin API doesn't expose the seams real integrators need.
That's exactly the point I'm trying to get across to the developer community.
As agents gain access to tools, browsers, file systems, and payments, we can no longer rely solely on prompts, guardrails, or system instructions as security mechanisms.
We need verifiable and auditable security layers: cryptographic tool identity, verifiable trust, confirmation gates for risky operations, auditable logs, and proofs that allow us to verify what happened and why it happened.
Agent security should be something we can verify, not something we simply assume.
@MonoPerr0 signed tool cards plus pinning is the right preflight shape.
for payment/browser-capable agents, add route limits, spend cap, prompt exposure probes, risky-op confirmation, and fail-closed defaults before the tool is callable.
Tool calling is the biggest unguarded attack surface in LLM agents. So I built Glyph Protocol: every tool ships as a cryptographically signed card. Verify before you call, trust-on-first-use + pinning, confirmation gates for risky ops, verifiable receipts, full audit log.
And, I shipped it where hermes: glyphp-hermes, a pip plugin that brings Glyph natively to @NousResearch's Hermes Agent.
Handshake → fetch signed cards → verify → trust eval → (confirm) → call → verify receipt → audit. All inside Hermes.
It works, today:
• 9 demo tools register in Hermes and reply with verified receipts
• Confirmation gate live (fs.write → prepare → token → call)
• Trust manager blocks any tool whose card changed (CARD_CHANGED)
• verify_glyph / verify_receipt green
• 193 tests passed
But i hit a wall. Two gaps in Hermes' plugin API are the only things keeping Glyph from protecting everything instead of just what we add. Both are small, additive hooks. @Teknium 👇
Gap 1 — no lazy tool loading
Every registered tool gets injected into the system prompt as a function def: ~400 tokens × the bridged set ≈ +7.2k tokens every turn, used or not.
Ask: register_tool(..., lazy=True) — discoverable + callable, resolved at runtime. Same as MCP tools already do.
Gap 2 — no tool middleware
A plugin can only add tools. It can't wrap Hermes' native ones (browser, file, terminal) in the Glyph pipeline.
Ask: an on_tool_call(name, args) → (proceed, modified_args) hook, so any call can pass through sign → trust → confirm → receipt before it runs.
Impact
These two hooks turn Glyph from additive into enveloping:
• Tools protected: 9/140 → 140/140
• Fixed tokens/turn: +7,200 → +0
• Native tools (browser/file/terminal): unprotected → full Glyph pipeline
• Security model: bolt-on → everything routes through Glyph
@NousResearch @Teknium — two small API hooks (lazy registration + a tool-call interceptor) would make Hermes the first agent with a verifiable, signed security layer over 100% of its tools.
The plugin is built, tested, and open. Happy to spec it or send to PR. Who do we talk to?
🔗 https://t.co/QLIBM0kIFG
https://t.co/hoU8sL2lwm
Tool calling is the biggest unguarded attack surface in LLM agents. So I built Glyph Protocol: every tool ships as a cryptographically signed card. Verify before you call, trust-on-first-use + pinning, confirmation gates for risky ops, verifiable receipts, full audit log.
And, I shipped it where hermes: glyphp-hermes, a pip plugin that brings Glyph natively to @NousResearch's Hermes Agent.
Handshake → fetch signed cards → verify → trust eval → (confirm) → call → verify receipt → audit. All inside Hermes.
It works, today:
• 9 demo tools register in Hermes and reply with verified receipts
• Confirmation gate live (fs.write → prepare → token → call)
• Trust manager blocks any tool whose card changed (CARD_CHANGED)
• verify_glyph / verify_receipt green
• 193 tests passed
But i hit a wall. Two gaps in Hermes' plugin API are the only things keeping Glyph from protecting everything instead of just what we add. Both are small, additive hooks. @Teknium 👇
Gap 1 — no lazy tool loading
Every registered tool gets injected into the system prompt as a function def: ~400 tokens × the bridged set ≈ +7.2k tokens every turn, used or not.
Ask: register_tool(..., lazy=True) — discoverable + callable, resolved at runtime. Same as MCP tools already do.
Gap 2 — no tool middleware
A plugin can only add tools. It can't wrap Hermes' native ones (browser, file, terminal) in the Glyph pipeline.
Ask: an on_tool_call(name, args) → (proceed, modified_args) hook, so any call can pass through sign → trust → confirm → receipt before it runs.
Impact
These two hooks turn Glyph from additive into enveloping:
• Tools protected: 9/140 → 140/140
• Fixed tokens/turn: +7,200 → +0
• Native tools (browser/file/terminal): unprotected → full Glyph pipeline
• Security model: bolt-on → everything routes through Glyph
@NousResearch @Teknium — two small API hooks (lazy registration + a tool-call interceptor) would make Hermes the first agent with a verifiable, signed security layer over 100% of its tools.
The plugin is built, tested, and open. Happy to spec it or send to PR. Who do we talk to?
🔗 https://t.co/suXE1vDVZn…
https://t.co/4JfPK2ap0a
@JohnnyNel_ You are absolutely right and it shouldn't be, the best thing about https://t.co/S6jJZGB1uK is that it gives you security and saves you a lot of tokens in the tool calling.
Tool calling is the biggest unguarded attack surface in LLM agents. So I built Glyph Protocol: every tool ships as a cryptographically signed card. Verify before you call, trust-on-first-use + pinning, confirmation gates for risky ops, verifiable receipts, full audit log.
And, I shipped it where hermes: glyphp-hermes, a pip plugin that brings Glyph natively to @NousResearch's Hermes Agent.
Handshake → fetch signed cards → verify → trust eval → (confirm) → call → verify receipt → audit. All inside Hermes.
It works, today:
• 9 demo tools register in Hermes and reply with verified receipts
• Confirmation gate live (fs.write → prepare → token → call)
• Trust manager blocks any tool whose card changed (CARD_CHANGED)
• verify_glyph / verify_receipt green
• 193 tests passed
But i hit a wall. Two gaps in Hermes' plugin API are the only things keeping Glyph from protecting everything instead of just what we add. Both are small, additive hooks. @Teknium 👇
Gap 1 — no lazy tool loading
Every registered tool gets injected into the system prompt as a function def: ~400 tokens × the bridged set ≈ +7.2k tokens every turn, used or not.
Ask: register_tool(..., lazy=True) — discoverable + callable, resolved at runtime. Same as MCP tools already do.
Gap 2 — no tool middleware
A plugin can only add tools. It can't wrap Hermes' native ones (browser, file, terminal) in the Glyph pipeline.
Ask: an on_tool_call(name, args) → (proceed, modified_args) hook, so any call can pass through sign → trust → confirm → receipt before it runs.
Impact
These two hooks turn Glyph from additive into enveloping:
• Tools protected: 9/140 → 140/140
• Fixed tokens/turn: +7,200 → +0
• Native tools (browser/file/terminal): unprotected → full Glyph pipeline
• Security model: bolt-on → everything routes through Glyph
@NousResearch @Teknium — two small API hooks (lazy registration + a tool-call interceptor) would make Hermes the first agent with a verifiable, signed security layer over 100% of its tools.
The plugin is built, tested, and open. Happy to spec it or send to PR. Who do we talk to?
🔗 https://t.co/QLIBM0kIFG
https://t.co/hoU8sL2lwm
@charliesbot Esto es bueno MiMo hace codigo excelente si tienes un buen plan, planeas con fable 5 xhigh y implementas con MiMo, si siguen ese workflow + https://t.co/6HqY1x6aZl tendrias el workspace perfecto a un costo decente 🤏
@kpininimemes ahora si parece un Turbo
@NousResearch Dale esto a tu hermes para que sea mas seguro al ejecutar herramientas y ahorrar tokens mientras mas tools tengas. https://t.co/vC8qfTw9Yz
En una empresa me dijeron: "No te subimos el sueldo este año, pero te valoramos mucho".
Un mes después contrataron a alguien nuevo.
Cobraba más que yo. Y encima tuve que formarlo.
Lección aprendida:
El reconocimiento sin acción es humo.
Valórate tu primero.
@MoureDev Usen Fable 5 para ahorrar tokens y hacer sus tool calling de la manera mas segura que existe. https://t.co/vC8qfTw9Yz
Los AI agents usan tools sin saber si son confiables o qué riesgo tienen.
Glyph Protocol le da a cada tool una "tool card" firmada y con nivel de riesgo — para que los agents sepan exactamente con qué están interactuando.
Pruébalo gratis 👇
https://t.co/bbBSIACyJj
Fable 5 es OG! @claudeai
Fable 5 es OG! @claudeai
Last Seen Users on Sotwe
Angel&Sam💋I’m Angel
Seen from United States
VManiak Jilbab
Seen from Indonesia
เงี่ยนควยครับ
Seen from Thailand
삼각
Seen from Korea
てっく
Seen from Japan
cartoon repost
Seen from Turkey
Hiếu Thái
Seen from Vietnam
ptkamkang
Seen from Indonesia
Savita kumari✨
Seen from India
suka cewek
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers