DEV Community: TechsphereX AI

Hermes Directory Structure Template

TechsphereX AI — Thu, 21 May 2026 00:40:43 +0000

Hermes Directory Structure Template

This repository provides a standardized filesystem layout template for the ~/.hermes folder, organized systematically by purpose. It serves as a boilerplate for configuring, extending, and managing Hermes AI agents.

Filesystem Layout

~/.hermes/
├── config.yaml                 # Main configuration
├── .env                        # API keys and secrets
├── auth.json                   # OAuth provider credentials
├── SOUL.md                     # Agent identity (slot #1 in system prompt)
├── memories/
│   ├── MEMORY.md               # Persistent agent facts
│   └── USER.md                 # User model
├── skills/                     # All skills (bundled, hub, agent-created)
│   ├── mlops/
│   │   ├── axolotl/
│   │   │   ├── SKILL.md        # The system prompt for the skill
│   │   │   ├── references/     # Docs the agent reads
│   │   │   └── scripts/        # Executable helpers
│   │   └── vllm/
│   ├── devops/
│   └── .hub/                   # Skills Hub state
├── sessions/                   # Per-platform session metadata
├── state.db                    # SQLite session store with FTS5
├── cron/
│   ├── jobs.json               # Scheduled jobs
│   └── output/                 # Cron run outputs
├── plugins/                    # Custom plugins
├── hooks/                      # Lifecycle hooks
├── skins/                      # CLI themes
└── logs/
    ├── agent.log               # Core agent diagnostics
    ├── gateway.log             # Gateway traffic logs
    └── errors.log              # Error tracking

Component Breakdown

1. Configuration

Core files that the agent boots from on every single run.

config.yaml: Handles global settings, model endpoints, and operational parameters.
.env: Local environment variables dedicated to sensitive API keys and tokens.
auth.json: Manages active OAuth tokens and multi-provider credentials.
SOUL.md: Defines the core identity, behavioral constraints, and personality baseline of the agent.

2. Knowledge

Persistent memory layers that span across all active communication channels and sessions.

MEMORY.md: Fact base and long-term world knowledge collected by the agent.
USER.md: Profile, preferences, and behavioral insights compiled about the user.

3. Capabilities (Skills)

Modular skill packs that grant specific executable abilities to the agent. Skills can be built-in, downloaded via the Hub, or dynamically generated by the agent itself.

Each individual skill follows a strict internal structure:

SKILL.md: The technical system prompt instructing the agent how and when to invoke the skill.
references/: Contextual documentation, API specs, or reference guides required by the skill.
scripts/: Executable automation code, binaries, or helper tools that the skill triggers.

4. Runtime State

Tracks ephemeral execution data and platform alignment.

sessions/: Stores metadata partitioned by specific platforms (e.g., Slack, Discord, Terminal).
state.db: Embedded SQLite database utilizing FTS5 extension for ultra-fast, full-text historical search.

5. Automation

Allows the agent to execute periodic, autonomous operations without explicit user invocation.

cron/jobs.json: Defines schedules, intervals, and target functions for background tasks.
cron/output/: Captures execution logs and standard output so the agent can audit its own background tasks.

6. Extension

The dedicated customization surface area for advanced customization.

plugins/: Standalone logic blocks that extend core architectural capabilities.
hooks/: Interceptors for system lifecycle events (e.g., pre-boot, post-response).
skins/: Custom visual definitions and styling sheets for the command-line interface.

7. Observability

Dedicated diagnostics system for error isolation, routine auditing, and debugging.

Logs are separated by subsystem (agent.log, gateway.log, errors.log) to streamline stack trace analysis.

Getting Started

To initialize this structure locally inside your environment, clone this template directly into your home directory or target path:

git clone https://github.com/KhaiTrang1995/hermes-structure.git ~/.hermes

How I Discovered and Deobfuscated a Hidden PHP Backdoor on My Server

TechsphereX AI — Sat, 16 May 2026 06:31:42 +0000

As developers and system architects, we often secure our code but neglect the silent threats lurking in old directories or clever obfuscations. Recently, I caught a stealthy PHP backdoor ([random_name].php) embedded in a system.

Instead of just deleting it, I decided to perform a full reverse engineering to understand exactly how it works, how it bypasses scanners, and how it maintains persistence on a server.

Here is a quick summary of what I found during the analysis.

🔍 The Anatomy of the Malware
At first glance, the file was heavily obfuscated using multiple layers of encoding to look like harmless gibberish. However, the core mechanism relied on a classic but dangerous pattern:

PHP
// The malicious pattern used to execute hidden code
eval(base64_decode($_POST['encoded_payload']));
Key Techniques Used by the Attacker:
Layered Obfuscation: The code utilized deep base64 nesting combined with string manipulation functions to evade signature-based security scanners.

Hidden Tar Extraction: Deep inside the encoded strings, the malware contained a compressed TAR structure. Once triggered, it extracts a full-featured web shell into the server directories.

SSH Persistence: The ultimate goal wasn't just to execute commands once—the script was designed to inject malicious public keys into the server's ~/.ssh/authorized_keys file, granting the attacker permanent, direct SSH access without leaving a footprint in the web logs.

🛠️ How to Protect Your System
If you suspect your server has been compromised, simply deleting the .php file might not be enough. You need to:

Check your ~/.ssh/authorized_keys for unauthorized entries.

Audit your system cronjobs to ensure the malware doesn't have a re-infection script scheduled.

Implement strict file permissions (chmod 644 for files, 755 for directories) and disable dangerous PHP functions like eval(), exec(), and passthru() in your php.ini.

📖 Read the Full Deep Dive
I have documented the complete step-by-step deobfuscation process, the code breakdown, directory structures, and full remediation steps on GitHub.

👉 See full analysis and source code breakdown here:

https://github.com/KhaiTrang1995/Malware-Analysis-Reports-PHP-Backdoor

Alternatively, you can view the repository directly:

KhaiTrang1995 / Malware-Analysis-Reports-PHP-Backdoor

Malware-Analysis-Reports-PHP-Backdoor

🔴 Malware Analysis Report: `[random_name].php`

Classification: PHP Web Shell (Backdoor)
Risk Level: CRITICAL
Disguise: "PHP File Manager ver 1.5"
File Size: ~82 KB / 2,010 lines
Date Analyzed: 2026-05-16

Caution

DO NOT EXECUTE THIS FILE. It is a fully weaponized PHP web shell capable of complete server takeover. This document is for forensic analysis and educational purposes only.

View on GitHub

Tags: #php #security #devsecops #malware

Deconstructing Claude Code Architecture: A Deep Dive into Multi-Agent Orchestration

TechsphereX AI — Tue, 12 May 2026 04:27:49 +0000

The landscape of AI coding assistants is shifting rapidly from simple autocomplete tools to autonomous, multi-agent systems. Recently, I’ve been analyzing the architecture behind Claude Code, and it’s a masterclass in orchestrating complex coding tasks, managing huge contexts, and optimizing for performance.

If you are fascinated by AI system design, prompt architectures, or just want to know how the magic happens under the hood, let's break down this architecture map.

To explore a more detailed and interactive version of this architecture, you can check out my dedicated page here: Claude Code Architecture Breakdown.

The Core: The Master Agent Loop

At the heart of the system is the Master Agent Loop. Unlike linear scripts, this loop operates on a continuous cycle of Perception → Action → Observation. It constantly evaluates the current state of the workspace, decides on the next logical step, executes it, and observes the result before moving forward.

This loop acts as the central brain, but what makes it truly scalable is how it delegates tasks.

1. The Knowledge Layer: Taming the Context Window

Handling massive codebases requires smart context management. You can't just dump 100,000 lines of code into a prompt and expect good results. Claude Code handles this elegantly:

Context Compressor: Uses a 3-layer compression system (hitting a 92% threshold) to keep the token usage lean without losing crucial logic. It writes state directly to an .agent_memory.md file.
Skill Registry & Memory Store: Injects specific "skills" on-demand rather than bloating the system prompt. It also persists memory across sessions, meaning the agent remembers the quirks of your project.

2. Execution Layer & Performance Tricks

This is where the actual "coding" happens, and it's optimized for speed and cost.

Prompt Cache: This is arguably the most critical feature for high-performance AI agents. By utilizing stable prefix reuse, the system drops API costs down to ~10%. When you are running continuous loops, caching is the difference between a viable product and an instant budget drain.
Streaming Runtime & Tool Dispatch: Supports real-time, parallel execution with dedicated handlers for specific bash commands, read/write operations, and AST parsing (grep/glob).

3. The Multi-Agent Layer: Divide and Conquer

When a task is too big for a single loop, the Master Agent spawns Subagents.

Isolated Contexts: Each subagent gets a clean, isolated context to prevent hallucination cross-contamination.
FSM Protocol & Redis Pub/Sub: Subagents communicate via "Teammate Mailboxes" (using Redis-like pub/sub mechanisms) and follow a strict Finite State Machine protocol (IDLE → REQUEST → WAIT → RESPOND).
Zero-Conflict Execution: Through the Worktree Isolator, tasks are executed on per-task branches with atomic locks, ensuring that multiple agents don't overwrite each other's code.

4. Integration via MCP

The system leans heavily on the Model Context Protocol (MCP) runtime to auto-discover tools and interface safely with the local Filesystem, Git repositories, or custom external servers.

Final Thoughts

What stands out to me about the Claude Code architecture is how much it mirrors modern distributed backend systems. It treats AI generation not as a single API call, but as a coordinated fleet of microservices (agents) managing state, caching aggressively, and communicating asynchronously.

Building systems like this requires a deep understanding of both LLM limitations and robust software engineering principles.

What are your thoughts on multi-agent architectures? Have you tried implementing similar context compression or caching tricks in your own AI setups? Let's discuss in the comments!

👉 Don't forget to check out the full architecture details here: khaitrang1995.github.io/claude-code-architecture

Stop your AI Coding Agent from making the same mistake twice

TechsphereX AI — Thu, 07 May 2026 13:01:26 +0000

Building TechSphereX Studio: Giving AI Agents a Memory
Have you ever found yourself correcting GitHub Copilot or Cursor for the exact same bug or architectural pattern you fixed last week?

As AI agents become more integrated into our workflows, they often lack the "institutional memory" of our specific team's codebase, security standards, and past hard-learned lessons.

That’s why I built TechSphereX Studio — an AI Experience Engine that intercepts AI actions and provides real-time, context-aware suggestions.

✨ What is TechSphereX Studio?

It is a self-learning system designed to act as a bridge between your AI agent and your team's accumulated knowledge base.

The 3-Layer Intercept Pipeline:

L1 (Read-only Filter): Instantly skips non-destructive actions like ls or cat (< 1ms).

L2 (Semantic Search): Uses vector embeddings (Qdrant) to find relevant past "experiences" (< 50ms).

L3 (LLM Anti-Noise): A local LLM (via Ollama) filters out irrelevant results to ensure high-quality suggestions (< 500ms).

🛠 The "Polyglot" Tech Stack

One of the most exciting parts of this project was working across multiple languages in a single monorepo:

🐍 Python (FastAPI + Qdrant): The core engine handling the AI pipeline and vector database.

🦀 Rust (Tauri 2.0): Powering a high-performance native desktop dashboard.

⚛️ React 19 + Vite 6: A modern UI for managing "experiences" and viewing KPIs.

📘 TypeScript: Used for the VS Code Extension, CLI tool, and shared SDK.

🏗 Architecture at a Glance

The system is designed to be modular. Whether you are using the VS Code Extension, the CLI, or the Desktop App, everything communicates with the central FastAPI engine.

graph TD
    EXT["VS Code Extension"] --> API["FastAPI Core"]
    CLI["CLI Tool"] --> API
    DESK["Tauri Desktop"] --> API
    API --> QDRANT[("Qdrant Vector DB")]

🚀 How it works with your AI Agent

Once you start the engine and configure your agent (Copilot, Cursor, Gemini, or Claude), the magic happens:

You: "Create a database connection."

Agent: Queries TechSphereX POST /api/intercept.

Engine: Returns suggestions like "⚠️ CRITICAL: Use Singleton Pattern for DB connections."

Agent: Writes the code correctly the first time. ✅

🛡 Overcoming Challenges: The Windows Defender Issue
Bundling a Python AI engine into a Windows .exe using PyInstaller came with a surprise: False Positives. Because the bootloader extracts files to %TEMP% and contains ML libraries like PyTorch, some AVs flag it. I’ve documented my mitigation steps (disabling UPX, adding PE metadata) in the README to help others facing the same struggle!

📂 Open Source & Future

This project is currently in v0.1 and is fully open-source. Upcoming features include:

Team sync for cloud experience sharing.

Native hooks for Copilot PreToolUse/PostToolUse.

JetBrains plugin support.

Check out the repo here: https://github.com/KhaiTrang1995/techspherex-studio

I'd love to hear your thoughts! How are you managing "knowledge" with your AI agents?

AI #OpenSource #Python #Rust #TypeScript #Productivity

DEV Community: TechsphereX AI

Hermes Directory Structure Template

Hermes Directory Structure Template

Filesystem Layout

Component Breakdown

1. Configuration

2. Knowledge

3. Capabilities (Skills)

4. Runtime State

5. Automation

6. Extension

7. Observability

Getting Started

How I Discovered and Deobfuscated a Hidden PHP Backdoor on My Server

KhaiTrang1995 / Malware-Analysis-Reports-PHP-Backdoor

Malware-Analysis-Reports-PHP-Backdoor

🔴 Malware Analysis Report: [random_name].php

Table of Contents

Deconstructing Claude Code Architecture: A Deep Dive into Multi-Agent Orchestration

The Core: The Master Agent Loop

1. The Knowledge Layer: Taming the Context Window

2. Execution Layer & Performance Tricks

3. The Multi-Agent Layer: Divide and Conquer

4. Integration via MCP

Final Thoughts

Stop your AI Coding Agent from making the same mistake twice

✨ What is TechSphereX Studio?

The 3-Layer Intercept Pipeline:

🛠 The "Polyglot" Tech Stack

🏗 Architecture at a Glance

🚀 How it works with your AI Agent

📂 Open Source & Future

AI #OpenSource #Python #Rust #TypeScript #Productivity

🔴 Malware Analysis Report: `[random_name].php`