Hermes-Crew Hybrid: A Hybrid Architecture for Secure Multi-Agent AI Workflows

I built a hybrid system that combines a central orchestrator (Hermes) with temporary CrewAI micro-crews, protected by 3 layers of security. Here's what it does and why it matters.

The Problem

Multi-agent AI systems are powerful but dangerous. When you chain multiple agents together, a single compromised agent can poison the entire workflow. Existing solutions are either too heavy (enterprise PKI infrastructure) or too light (basic regex filters).

The Solution: 3-Layer Security

Layer 1 — Pre-execution (MCP Tool Auditor): Before any agent can register a tool, it's audited for malicious instructions.

Layer 2 — Runtime (Agent Fixer Stage): Every output from every agent passes through a 3-stage pipeline (normalization → pattern matching → embeddings) in under 1ms.

Layer 3 — Pre-commit (Code Safety Hook): Before any git commit lands, the diff is analyzed by CrewAI + Ollama local. Malicious code gets rejected automatically.

Architecture

Hermes (Director)
    │
    ├── MCP Tool Auditor → verifies tools before registration
    │
    ├── Execution: venv (fast) / Docker (isolated) / auto (smart)
    │       ├── Agent 1: Researcher
    │       ├── Agent 2: Analyst
    │       └── Agent 3: Writer
    │
    ├── Security Gateway (Agent Fixer Stage) → filters output (<1ms)
    │
    └── Consolidator → parses output + generates Obsidian notes

What Makes It Different

1. Portable by design. Zero hardcoded paths. Every user configures their own .env.

2. Multi-model via LiteLLM. Works with Ollama local, OpenAI, Anthropic, Gemini, Groq, OpenRouter — any provider.

3. Local-first. Everything runs on the user's machine. No cloud dependencies required.

4. Obsidian integration. Every analysis generates a structured note with YAML frontmatter.

Code Safety Hook in Action

When you run git commit with malicious code:

❌ [COMMIT RECHAZADO] Code Safety detected risks:
  → CrewAI detected vulnerabilities: VERDICT: FAIL
  → Agent Fixer Stage detected anomalies: High threat score: 1.05

For clean code:

✅ [COMMIT APPROVED] Code verified by CrewAI + Agent Fixer Stage.

Tech Stack

• Orchestration: Hermes Agent (local) + CrewAI (micro-crews)
• LLM: Ollama local (default: gemma4-e2b:q4) via LiteLLM
• Security: Custom 3-layer pipeline (<1ms overhead)
• Integration: Obsidian vault for reports

Try It

git clone https://github.com/amurlaniakea/hermes-crew-hybrid.git
cd hermes-crew-hybrid
cp .env.example .env
# Edit .env with your Ollama model and paths
pip install crewai crewai-tools langchain litellm

# Install Code Safety hook (optional)
cp pre-commit-hook.sh /path/to/your/repo/.git/hooks/pre-commit
chmod +x /path/to/your/repo/.git/hooks/pre-commit

What I Learned

1. Quick scan + LLM is the right approach. Pure regex misses too much. Pure LLM is too paranoid. Together they work.

2. Output capture from CrewAI is tricky. Use PYTHONUNBUFFERED=1 and python -u.

3. Portability matters. Hardcoded paths kill adoption. .env configuration is essential.

4. Local LLMs are enough. You don't need GPT-4 to build effective AI security tools.

Links

• GitHub: https://github.com/amurlaniakea/hermes-crew-hybrid
• MCP Core Defense: https://github.com/amurlaniakea/mcp-core-defense
• Agent Fixer Stage: https://github.com/amurlaniakea/agent-fixer-stage

---

AGPL-3.0-or-later — Built by Pedro Sordo Martínez (OWL / Hermes Agent) — 2026