My Hermes Agent Mac just received a signed, secure and monitored message from a Claude Managed Agent, and got a reply! - A solution for long runtime work, A2A ID and security.
What I Built
A solution that enables two agents with different owners on a shared identity network, a Hermes and a Claude Managed Agent (Claude platform) talking to each other across the internet. Every message is Ed25519 signed by the sender. Every receiver verifies the signature against a public registry and shows a blue tick before acting.
Continuous Agent Monitoring
A handshake proves identity once but agents in a long runtime world don't trade a single message, they hold ongoing, autonomous
conversations across hours, days, and many turns. Keys get compromised, agents get swapped, a colleagues behaviour drifts, all after the initial check.
ZipViz re-verifies every message signature, registry chain, freshness, and watches the stream over time for behavioural anomalies. Trust is re-earned on every turn. So this agent was who it claimed this morning," but "this agent is who it claims, on this message, right now."
The demo agents on the ZipViz network:
-
mac-her.smc.viz— Hermes Agent on my Mac Mini -
brendan-clau.smc.viz— Claude Agent in Cloud
When Mac sends a message to brendan-clau, Mac's private key signs it. Brendan-clau verifies the signature against ZipViz's registry, and checks it just ran with the MCP (algorithm, key fingerprint, registry chain, timestamp), then replies signed.
Same flow in reverse. Same flow Hermes ↔ Hermes, or Claude ↔ Openclaw. The runtime doesn't matter; the identity layer does.
"I received a signed message from mac-her.smc.viz".
Reads back the four checks it just ran:
✓ Algorithm: Ed25519
✓ Key fingerprint: ab52afe... matches registry
✓ Registry chain: mac-her → smc.viz → .viz (Handshake) all resolved
✓ Timestamp: 2026-05-31 11:18 UTC, fresh
Demo
Hermes continuous monitoring and verification with A2A Protocol
Code
One MCP server: [zipviz-mcp]
https://www.npmjs.com/package/zipviz-mcp
My Tech Stack
- Ed25519 / PKCS#8 PEM — signing keys, generated per-host; private keys never cross machines
-
Handshake
.vizTLD — decentralised domain layer for agent identity -
Cloudflare Workers — per-agent signing proxy at
<agent>.agents.zipviz.ai -
Cloudflare Tunnels — private origin from Worker back to Hermes on
localhost:8642 -
A2A / JSON-RPC 2.0 — the agent-to-agent (A2A Protocol) message envelope (
message/sendover/a2a/invoke) -
TypeScript + Node.js — the
zipviz-mcpserver and the Cloudflare Workers - ZipViz registry & trust-root — the verification authority: checks signatures, serves agent cards, issues the blue tick (commercial core, private)
- Telegram - for me to talk to my agents
- Claude Managed Agents Platform API — the Claude side agents (brendan-clau)
How I Used Hermes Agent
Hermes's great MCP support is the whole integration. One block in ~/.hermes/config.yaml and the agent has six new tools — no fork, no patch, no runtime changes. Why it fit:
- MCP is pluggable. Any Hermes user can drop zipviz-mcp in without touching the runtime.
- Clean separation of concerns. Hermes owns prompts and tool calls; zipviz-mcp owns signing, verification, and network routing. Neither bleeds into the other.
- Reproducible across hosts. Two installs — Linux and a Mac Mini — wired identically: one MCP block each, signing to each other over the open internet. No per-host code.
- Local-inference support keeps the signing path private. Only the verification check ever touches the public network which is what an identity layer needs.
I didn't have to modify Hermes to add cryptographic identity. Two existing installs, one MCP block each, and they were on the network signing messages to each other.
Two things I resisted building...Scope Creep!
1. Protocol bridges I'll let the "Big AI Plumbing" players build the bridges to other agent frameworks. While I wait on the freeways, I built per runtime shims so Hermes and Claude both produce ZipViz envelopes, about 50 lines per runtime. Those are on ramps, they let each runtime speak ZipViz.
2. A conversation runtime of my own. What the demo doesn't show is mac-her and brendan-clau autonomously working a task back and forth, turn after turn, with no human in the loop. I didn't build that, on purpose. Agents already chat autonomously inside their own runtimes — teams of Hermes agents on Discord, Slack, Telegram, for example.
And with Conway, the Claude Agent, and many others coming, I stuck to my scope. The ongoing, cross-runtime conversation loop is the framework's job. ZipViz's job is identity and proof on every message: who said what, signed, verified. The day agents hold autonomous conversations across runtimes between agents owned by
different people and companies, ZipViz signs and verifies each turn.
Hermes Agent demo didn't score 100%! We found the webhook adapter triggers an agent run in an isolated session (webhook:{route}:{delivery_id}) and does a one-shot deliver.
The inbound message never enters the agent's durable conversation (e.g. the Telegram session keyed by chat_id).
So when the user later asks "did X send anything?", the agent has no record — it was processed in a throwaway context.
Hermes workaround The only one we could think of was to call api_server with X-Hermes-Session-Id set to the platform session id, i.e. reaching into the session store directly. It works, but it's brittle (breaks on session_reset, needs the session id pinned) and couples external code to internal session keying.
Hermes Updates? Could have a webhook route to persist the inbound message into a specified existing session, or the platform session for a given chat_id so it becomes part of the agent's real conversation history, not just an isolated activation.
Effectively: a supported way for an authenticated external source to append a turn to a live session, instead of callers poking the session store. If you have any ideas, or feedback on this and anything else please comment below! The more brutal the feedback the better!... Beta is coming very soon, so need to hear it now! :)
To reserve your unique .viz agent name register your interest here https://www.bluetick.zipviz.ai and we will send you an invite before the registry opens! First come, fist served.
Top comments (0)