Nido
Operations layer above an OSS agent substrate: spend caps, replay, approvals, BYOK.
Hermes Agent gives technical builders a powerful self-hosted agent substrate, but running agents against real customer work creates an operations gap. Users need to know what an agent spent, why a run stopped, which actions need approval, and whether one project can affect another.
A useful hosted layer has to make that trust work visible before the agent is trusted with customer-facing tasks. Nido is the wedge: the control plane above the runtime, not another runtime.
Each tenant gets a provisioned Hermes instance on Fly Machines with bounded compute and filesystem blast radius. Nido owns the broker, policy, audit, replay, approvals, and billing surfaces.
Spend caps sit below the agent across tenant, agent, run, model, token, and search budgets. Approval gates sit before risky actions: external search, channel posts, destructive shell. Replay gives the answer when a customer asks what happened. BYOK pricing means customers bring model credentials and Nido charges for the managed layer around them.
- Broker-level spend caps for tenant, agent, run, model, token, and search budgets
- Replay and audit trail for model calls, tool calls, channel events, and failures
- Approval gates before high-risk actions (search, Slack posts, destructive shell)
- Per-tenant Hermes provisioning through Fly Machines with bounded blast radius
- Project workflow policy: read-only, patch-only, local worktree, staging, PR-style
- BYOK pricing with customer-owned model credentials
- Managed search and scrape routing with tenant quotas, retries, and audit visibility
Product definition + architecture in active build planning. Phase 0 validates the Hermes GUI base, then scaffolds the control plane around provisioning, broker policy, replay, and approvals. Codename until brand and trademark work is complete.