The Household Agent: A Separate System, Not an Extension of the Vault
Builds-on: the-efficiency-counterthesis Builds-on: execution-plan-phase-0-1-2 Related: the-positioning-vault-pattern Related: adhd-family-operating-manual Related: staff-engineer-job-market-2026 Informs: Projects/tech-blog, Projects/agent
Past conversations: kimi-k25-vs-claude-opus-for-coding-work, finding-cheaper-ai-models-for-software-development-at-scale, ai-acceleration-and-the-conductor-model-in-engineering
The decision
Two separate systems with a firewall between them.
| System | Path | For | Surface |
|---|---|---|---|
| Research vault | ~/Projects/research |
Ryuhei only | Obsidian + Claude Code |
| Household agent | ~/Projects/agent |
Family (Ryuhei + Polly) | Telegram bot, voice later |
The research vault is private cognitive infrastructure — career angst, BW friction, portfolio detail, friend dynamics, the macro thesis docs. It does not get shared, ported, mounted, symlinked, or read by the family agent. The household agent has no read access to ~/Projects/research. Period.
The household agent gets its own knowledge store (~/Projects/agent/vault/) that is family-only from day one. It's not an export, mirror, or subset of the research vault. It's a new thing built deliberately for shared family operations.
This kills the "port your slash commands into Hermes skills" idea from the prior revision. Skills the family agent uses are family skills (kids tracker, household calendar, grocery, school flags), not research skills (/research, /draft, /magi). Those stay in your private toolchain.
Why the separation is the load-bearing decision
Three reasons, in order of importance:
-
Privacy boundary is structural, not configurational. Folder gitignores, profile sandboxing, and prompt instructions all leak under pressure (a curious skill, a misconfigured allowlist, an LLM that decides to be helpful). Two separate project directories with two separate runtimes, two separate vault paths, and two separate API keys makes the boundary something you'd have to deliberately break, not something that drifts open.
-
Polly's interaction style isn't yours. Your style is file-system-based, slash-command-driven, written-down. Hers may not be — and that's fine. The family agent should be designed around her surface (conversational, voice/photo capture, no Obsidian) without compromising your power-user surface. Two systems lets each be optimal for its user.
-
Failure modes don't propagate. If the family agent's autonomous skill generation drifts, it can't poison the research vault. If a research vault skill leaks something sensitive, Polly never sees it. If you decide to wipe one system, the other is unaffected. The clean kill is a feature, not an afterthought.
What ~/Projects/agent is
A standalone project. Treat it like any other repo in ~/Projects/. It does not know ~/Projects/research exists.
~/Projects/agent/
├── README.md # what this is, how to run it
├── compose.yml # Hermes runtime + Telegram bot (when on VPS)
├── .env.example # Fireworks key, OAuth creds, bot tokens (committed)
├── .env # actual secrets (gitignored)
├── config/
│ ├── profiles/
│ │ ├── ryuhei.yaml # his profile config
│ │ └── polly.yaml # her profile config
│ └── allowlists.yaml # Telegram user IDs
├── skills/
│ ├── family/ # custom family skills (markdown, agentskills.io format)
│ │ ├── morning-briefing.md
│ │ ├── kids-tracker.md
│ │ ├── household-calendar.md
│ │ ├── grocery.md
│ │ └── school-flag-tracker.md
│ └── shared/ # shared utility skills
│ └── model-router.md # the differentiated post material
├── vault/ # family knowledge store (Obsidian-compatible markdown)
│ ├── kids/
│ ├── household/
│ ├── calendar/
│ └── decisions/
├── data/ # Hermes runtime data (gitignored)
│ ├── memory.db # SQLite FTS5 session index
│ ├── MEMORY.md # Layer 3 persistent memory
│ └── sessions/
└── scripts/
├── deploy.sh # rsync to VPS
└── backup.sh # vault backup (separate from research vault backup)
Runtime: Hermes Agent (Nous Research, MIT, 95K stars). Same reasoning as before — security-conservative defaults, three-layer memory, agentskills.io standard, bundled Google Workspace + Obsidian skills. Pin a release tag, upgrade on a deliberate schedule.
Vault path: OBSIDIAN_VAULT_PATH=~/Projects/agent/vault. The Obsidian skill operates against this and only this. It cannot see ~/Projects/research.
Models: Kimi K2.5 via Fireworks default, Sonnet 4.6 escape hatch via the model-router skill, Gemini Flash for triage. Same routing pattern as before — this is the differentiated skill worth contributing back.
Surfaces:
- Polly: Telegram bot. iOS Shortcuts → HTTP endpoint to Hermes for voice/photo capture (v2).
- Ryuhei: same Telegram bot (with his profile activated by user-ID routing) + optional CLI access from his laptop for admin and skill authoring.
Deployment: $5–12/mo VPS (DigitalOcean / Hetzner). Two Telegram bots — one per profile, both gated by user-ID allowlist. Single Hermes process, separate profile dirs (~/.hermes/ryuhei/ and ~/.hermes/polly/).
Cost ceiling: ~$25/mo total ($5–12 VPS + $5–15 API). Kill criterion if it ever climbs above $50/mo without producing the post.
What lives in the family vault
This is a design conversation with Polly, not a config decision. The contents matter more than the folder structure.
In scope (proposed — confirm with her):
- Kids: Niko's school flag tracking and follow-ups, Hugo's milestones, allergies, pediatrician notes, daycare contacts, backup care list (already drafted in your research vault as shoreline-toddler-care-backup-map — this gets a family-friendly version copied here, not the original)
- Household: recurring tasks, chores, who-does-what, vendor contacts (plumber, HVAC, garage door), home maintenance schedule
- Calendar: shared events, family planning, travel, school year calendar
- Decisions: things the two of you agreed on, with date and rationale (replaces "did we already decide this?" friction)
- Shopping/meals: grocery, recurring orders, meal planning when you do it
Explicitly out of scope (stays in your research vault or your head):
- Career thinking, BW friction, job search
- Portfolio detail (household-level finance summaries OK; positions and account specifics no)
- Marriage dynamics processing
- Friend dynamics
- The macro thesis docs, the Sigil strategy docs, anything tagged
personal/self-reflectionin research
Polly's private space: if she wants one. TBD with her. If yes, it's a third zone — ~/Projects/agent/vault/polly-private/ or her own separate setup. Not your problem to design unilaterally.
Buildout plan
Five evenings, each sized for ADHD-compatible focus blocks. Stop at any one and the previous evening's work still stands on its own.
Evening 1: Scaffold + local Hermes (you alone)
mkdir ~/Projects/agent && cd ~/Projects/agent && git init- Install Hermes per quickstart, point at
~/Projects/agent/vault(empty),ryuheiprofile only - Wire Fireworks/Kimi as default model
- First test: have it write a markdown note about today's calendar
Evening 2: Family Google Workspace skill (you alone)
- Set up a new Google Cloud project specifically for the family agent (not your existing one)
- OAuth into a Workspace account you both have access to (probably your account, since calendar lives there)
- Bundled Hermes Google Workspace skill activates: Gmail / Calendar / Drive
- First useful skill: morning-briefing.md — calendar + flagged emails for today
Evening 3: Design conversation with Polly (no code)
- Walk her through what this is and what it isn't
- Ask the three pre-checks from the prior thread: does she want to write or just get answers? Telegram-only or vault visibility? What's off-limits?
- Co-design the
vault/folder structure together - Seed
vault/kids/,vault/household/,vault/calendar/with 3–5 docs each — actual family content, not placeholder
Evening 4: Polly's profile + Telegram bot (you alone, after design)
- Create her Telegram bot (
@BotFather) - Configure
pollyprofile with allowlist of her user ID - Test from her phone — she can ask "what's on the calendar today?" and "what was the deal with Niko's school report?"
- The agent answers from
vault/, not from any of your private memory
Evening 5: Deploy + the differentiated skill (you alone)
- VPS provisioning, rsync deploy script, systemd unit
- Both bots online, vault syncs from your laptop via private git remote (one-way push)
- Author
model-router.mdskill — Gemini Flash classifier → Kimi/Sonnet/Haiku dispatch - Start logging routing decisions for the post
After: write the post
Updated angle given the separation: "I built a family AI agent in a separate folder from my private vault — here's the firewall and why it matters." Or: "How I gave my wife a way into family memory without sharing my brain."
This is a sharper post than either of the prior angles. The privacy story is what differentiates — Nori does it as SaaS, Hermes profiles isolate at runtime, but nobody's writing about project-level firewalls as a personal-agent design pattern. The skill you'd contribute back to the agentskills.io standard is the multi-user/multi-vault routing pattern.
What changes vs the prior plan
| Prior plan | This plan |
|---|---|
| Adopt Hermes; port slash commands and vault into it | Adopt Hermes; deliberately do not port the vault. Family agent has its own vault. |
| Single project at the boundary of personal and family | Two projects with a structural firewall |
~/.hermes/skills/ mixes research and family skills |
~/Projects/agent/skills/ is family-only; research-grade skills (research, draft, magi) stay in ~/Projects/research/.claude/commands/ |
| Polly added in v2 with shared/private memory tiers | Polly added in v1 (Evening 4) because the family agent is her tool too — designed for two from the start |
| Kill criterion: skills authored + post drafted by week 4 | Same. Plus: cost ceiling $50/mo. Plus: research vault remains untouched (architectural kill criterion). |
Risks specific to the separated design
-
Drift back to one vault. Once you have a family vault running, you'll be tempted to "just sync this one note over." Don't. The firewall is only a firewall if it's absolute. If a piece of information needs to live in both vaults, write it twice — the cost of the duplication is what enforces the boundary.
-
Family vault becomes write-only. If neither of you actually queries it, it's just digital paperwork. The agent's value is retrieval over the family knowledge, not capture for its own sake. Track this: if after a month nobody's asked the agent anything that depended on
vault/content, the vault structure is wrong, not the system. -
Polly's surface fails the friction test. Telegram is the cheapest path; voice via iOS Shortcuts is the bigger unlock. Watch the actual usage pattern at week 2 and add voice if the typing friction is killing adoption.
-
Autonomous skill generation in the family agent. Higher stakes than for your private agent — these skills act on shared family data. Mitigation: disable autonomous skill generation in the
pollyandryuheifamily profiles. Skills only via human authoring with you as the reviewer. You can keep autonomous-gen on in a separate, non-family Hermes profile if you want to play with it. -
Vault content leaks to model providers. Every Hermes call sends active context to Fireworks/Anthropic. Mitigation: keep medical, financial-detail, and any explicitly-private content out of the family vault. The agent reads what's in
vault/. What's not invault/is invisible to it.
How this slots into the rest of the plan
| Asset | How the separated agent feeds it |
|---|---|
| [[execution-plan-phase-0-1-2 | Execution plan]] |
| Projects/tech-blog | The "two-vault firewall" post + the model-router skill on GitHub |
| Projects/sigil | Reference architecture for any Sigil multi-tenant work — same problem (isolation between tenants' specs) |
| [[adhd-family-operating-manual | ADHD family ops]] |
| Workshop with Dan (project_workshop_cofounder) | Concrete reference architecture for "personal agent done right" — privacy story is the curriculum hook |
| Job search (staff-engineer-job-market-2026) | Two GitHub repos (agent + the contributed skill) + post = real signal |
Sources
- Hermes Agent — GitHub (Nous Research)
- Hermes Agent Architecture docs
- Hermes Agent — Profiles for multi-user
- Hermes Agent — Telegram team setup tutorial
- Hermes Agent — Google Workspace skill
- OpenClaw vs. Hermes Agent — The New Stack (security comparison)
- Agent Skills standard (agentskills.io)
- Collaborative Memory: Multi-User Memory Sharing in LLM Agents (arxiv)
- Kimi K2.5 on Fireworks AI