AI agents might sound intimidating, but they're actually pretty easy to understand from a high level once you get the hang of them. All it takes is learning a few key terms, and you can master the fundamentals of agents and how they work.
In our Agents 101 livestream, Corey and I spent two hours defining the terms, showing real workflows, answering beginner questions, and explaining how tools like ChatGPT, Claude, Make, Zapier Agents, n8n, ClickUp, Codex, Claude Code, and Cloudflare Workers all fit together.
This article is the companion guide to that stream. It reorganizes the stream and the live-chat into a skimmable walkthrough, with major concepts linked to the exact moment they came up in the video.
The idea here is that you can read this article as a step-by-step guide to help you navigate the stream, and build on top of what we covered there.
Now, if you are newer than new to AI, you'll want to start with our previous guide first: AI for Total Beginners. That episode covers the basics of using AI tools, and actually goes deeper into some of the things we mention but don't elaborate on in this stream (skills, scheduled tasks, etc). This one covers what happens when those tools start using other tools.
The big idea here: Chatbots answer questions. Automations follow recipes. Agents work toward a goal using context, tools, instructions, and when necessary, your explicit approval.
- First up, the TL;DR
- What an AI agent actually is
- The core agent terms
- The setup terms that confuse everyone
- Automation vs. agent: the useful distinction
- Grant's Make workflow
- What an agent node adds
- Zapier, Make, and n8n
- Corey's ClickUp demo
- The beginner path: start with one tool
- Codex, Claude Code, and agentic coding tools
- Safety, cost, permissions, and data controls
- Back-channel Q&A:
- Questions we couldn't answer live
- Your first agent ideas
- Advanced companion: Claude Managed Agents explained
- Advanced companion: Hermes Agent explained
- Glossary of Agent terms
- What to watch next
First up, the TL;DR
Here are the key moments from the stream, timestamped so you can jump around:
- What an AI agent is (3:22): Grant defines an agent as AI that can pursue a goal, use tools, work with context, and ask for approval before important actions.
- Chatbots vs. automations vs. agents (5:19): Chatbots answer questions, automations follow recipes, and agents do work toward a goal.
- Context explained (6:39): Context is the information the agent can see, from documents and email to calendar events and past work.
- Tools explained (7:32): Tools are apps or actions an agent can use, like Gmail, Slack, Google Drive, web search, or a spreadsheet.
- Triggers explained (11:05): A trigger starts the workflow.
- Human in the loop (12:39): A person should approve important actions before the agent sends, posts, updates, deletes, or pays.
- Guardrails explained (14:37): Guardrails are limits like “draft only,” “ask before sending,” “use approved sources,” and “never delete anything.”
- Scaffolding and harness (17:34): Scaffolding is the support structure around the agent; the harness is the system that runs and controls it.
- API explained (18:17): An API is how one app lets another app talk to it.
- API key explained (20:38): An API key is a password-like credential that lets a workflow use an app or model.
- Are Zapier, Make, and n8n still useful? (24:55): Native AI apps are getting stronger, but workflow tools still matter when you need predictable integrations.
- Webhook explained (26:59): A webhook is the doorbell that wakes up an agent or automation when something happens.
- JSON explained (29:13): JSON is a labeled box of data that apps use to pass structured information around.
- MCP and connectors explained (34:06): MCP is a standard way for AI tools to connect to apps, data, and services.
- Model selection matters (38:07): Match the model to the job so you avoid wasting money or usage limits.
- “This is overwhelming” (41:24): Grant pauses to re-ground the episode for beginners.
- Grant's Make workflow (44:26): A real example of using Google Sheets, Perplexity, Claude, and routing logic to sort AI news.
- Agent node walkthrough (58:18): The workflow shifts from fixed automation to a true agent layer.
- What a node is (1:00:03): A node is a step in the workflow.
- Adding context and tools (1:01:46): An agent can receive knowledge, documents, files, tools, and MCP servers.
- MCP vs. Zapier (1:04:48): MCP can expose tools to an AI so it can decide which approved tool to use.
- Codex and Claude Code (1:07:10): Coding agents are useful outside coding because they can research, write, and automate recurring work.
- Zapier agent demo (1:07:30): Grant uses a natural-language prompt to build an agent-like workflow.
- Cost question (1:12:51): How many tools do you need to pay for?
- ClickUp demo (1:16:19): Corey asks ClickUp to create an agent that checks incomplete tasks once a day.
- Beginner overwhelm, again (1:21:26): The simplest path is to start with one tool you already use.
- AI as a thinking partner (1:30:19): Corey explains how AI can broaden what you learn if you stay intellectually engaged.
- Codex automations (1:30:59): Corey shows the automation area inside Codex.
- Default vs. full permissions (1:32:42): Full access can create, delete, and touch files, so default permissions are safer for beginners.
- Plan mode explained (1:35:48): Plan mode lets the agent think through the workflow before implementing it.
- Subscription limits vs. API tokens (1:38:27): Subscriptions have usage limits; APIs usually charge per token.
- Codex automation vs. Cloudflare Worker (1:40:27): Codex automations are for recurring AI work; Cloudflare Workers are for production software work.
- Data controls (1:46:45): Turn off “Improve the model for everyone” if you do not want your chats used for training.
- API key safety story (1:53:22): A viewer shares a painful lesson about pasting keys into a model.
- Hermes and managed agents (1:54:24): Grant previews the more advanced agent tooling frontier.
What an AI agent actually is
The cleanest definition came near the beginning:
An agent is AI that can pursue a goal, use tools, work with context, and ask for approval before important actions.
That definition does a lot of work.
A normal chatbot waits for you to type something. It answers, and then it waits again. A workflow automation follows a fixed recipe: when X happens, do Y. An agent sits between those two ideas. You give it a goal, tell it what information it can use, give it a few tools, and define where it needs approval.
Corey put the difference plainly in the stream: chatbots answer, automations follow recipes, and agents work toward a goal.
One viewer asked whether an agent should be called “AI,” “GenAI,” or “agentic AI.” The practical answer: call it an AI agent. Generative AI is usually the model inside the agent. Agentic AI is the broader category. “AI agent” is the clearest beginner label.
A simple example:
- Chatbot: “Summarize this email.”
- Automation: “When a form is submitted, add the response to a spreadsheet.”
- Agent: “When a new lead comes in, research the company, score the fit, draft a reply, and ask me before sending.”
Good agents need supervision. The goal is supervised leverage, not handing the keys to a very confident intern with perfect typing speed.
The core agent terms
Most people get lost because the terms arrive all at once. Here is the beginner map.
Goal
The goal is the outcome you want. In the stream, the recurring examples were things like:
- Prep me for this meeting.
- Sort new AI news into newsletter categories.
- Check my ClickUp list every morning.
- Find three AI news stories every day and email them to me.
A goal gives the agent direction. Without a goal, it has no finish line.
Context
Context is the information the agent can see. That can include your prompt, documents, calendar events, emails, prior chats, spreadsheet rows, ClickUp tasks, or CRM records.
Context is also where most beginner workflows improve fastest. If the agent gives a generic answer, the fix is usually better context, not a fancier prompt.
Tools
Tools are apps or actions the agent can use. Web search is a tool. Gmail is a tool. Slack is a tool. Google Sheets is a tool. ClickUp is a tool.
This is the first big mental shift: when an AI uses a tool, it moves from “answering” toward “doing.”
Trigger
A trigger starts the workflow. A trigger can be a new email, a form submission, a scheduled time, a Slack message, a new spreadsheet row, or you manually pressing “run.”
Beginner translation: the trigger is the moment the agent wakes up.
Action
An action is what the agent can do. Examples include drafting a reply, creating a task, updating a status, searching a doc, sending a Slack message, or adding a row to a sheet.
Actions are where permissions matter. Reading is safer than writing. Drafting is safer than sending. Summarizing is safer than deleting.
Human in the loop
Human in the loop means a person approves important actions. Corey and Grant recommended this especially before sends, posts, payments, updates, deletes, and other changes that affect real people or real systems.
The simplest beginner rule: let agents read and draft freely inside safe boundaries. Require approval before anything leaves the building.
Guardrails
Guardrails are the limits that keep the agent useful. Good guardrails sound boring because they are practical:
- Draft only.
- Ask before sending.
- Use only approved documents.
- Never delete records.
- Only check this week's calendar.
- Flag uncertainty instead of guessing.
That last one is underrated. Agents can confidently make the wrong move, so guardrails should include what the agent should do when it is unsure.
Scaffolding and harness
A viewer asked about scaffolding and harness, which are useful terms once you start building.
Scaffolding is the support structure around the model: instructions, tools, memory, workflow steps, retrieval, guardrails, approval rules, and error handling.
Harness is the system that runs and controls the agent. It connects tools, passes data in and out, logs what happened, manages retries, and helps test whether the agent did the right thing.
Another viewer noted that “context engineering is scaffolding too.” That is a useful way to think about it. Context engineering means choosing the right information at the right time so the agent has what it needs without drowning in irrelevant data.
A simple way to remember it: scaffolding makes the agent capable. The harness keeps it controlled.
The setup terms that confuse everyone
Agent setup terms sound like developer jargon. Most of them are simple once you connect them to a workflow.
API
An API is the official way one app lets another app talk to it. A viewer in chat expanded the acronym correctly: application programming interface.
In agent terms, APIs are how an agent can safely use tools like Gmail, Slack, Google Sheets, Salesforce, ClickUp, or a database.
Plain English: an API is the menu of what another app allows. The agent can order only what the menu exposes.
API key
An API key is a password-like credential. It proves the agent or workflow has permission to use a tool or model.
Plain English: an API key is the badge that lets the agent into the building.
Back-channel context: Someone asked whether API keys have a fixed length. The safest answer is no. Key formats vary by provider. Treat every API key like a password, regardless of how long it is.
Do not paste API keys into random chats, screenshots, public docs, or demo videos. For serious workflows, store them in a secrets manager such as AWS Secrets Manager, Cloudflare Workers secrets, or the credential vault inside your workflow platform.
Webhook
A webhook is an automatic alert one app sends to another app when something happens.
Corey described it as the doorbell that wakes up your agent. Another viewer put it even shorter: “push instead of pull.” Instead of asking a server again and again whether anything changed, the webhook pushes a message when the event occurs.
Example: someone fills out a form. The form tool sends a webhook to Make or n8n. That webhook starts an agent that researches the company, scores the lead, and drafts a reply.
JSON
JSON is a structured format apps use to pass information around.
Plain English: JSON is a labeled box of data.
{ "name": "Corey", "task": "Review overdue ClickUp tasks", "priority": "High"}
You do not need to become a coder to benefit from knowing JSON. You mainly need to recognize that tools are passing labeled pieces of information between steps.
During the stream, we shared this quick primer for anyone who wants to get comfortable reading it: What is JSON? Explained in 5 minutes.
MCP
MCP stands for Model Context Protocol. Anthropic describes MCP as an open standard for connecting AI assistants to systems where data lives, including content repositories, business tools, and development environments.
The popular metaphor is “USB-C for AI tools.” That works because MCP gives AI apps a more consistent way to plug into tools, files, databases, and services.
Beginner translation: MCP is one way to give the agent an approved tool menu.
Connector
A connector is the user-friendly version most people will see. You connect Gmail, Drive, Slack, ClickUp, or another tool, and the agent gets approved capabilities through that connection.
For example, Claude Code says MCP can let Claude read design docs in Google Drive, update Jira tickets, pull data from Slack, or use custom tooling when configured safely.
Back-channel context: Viewers asked “MCP vs. plugins?” and “What do MCP connectors give that Zapier can't?” A clean beginner answer: plugins package capabilities for a product. MCP is a connection standard. Zapier is a workflow platform. They overlap, but they live at different layers.
Automation vs. agent: the useful distinction
One of the most useful moments in the stream was the distinction between automation and agents.
- Automation: Follows the same recipe every time.
- Agent: Works toward a goal and can decide which approved step or tool to use next.
That difference matters when you choose what to build.
Use automation when the steps are predictable: “When an invoice arrives, save the attachment to this folder and add a row to this spreadsheet.”
Use an agent when the work has variability: “When a customer writes in, figure out what they need, check the knowledge base, draft the right reply, and ask for approval if the issue is sensitive.”
A viewer asked whether Make and n8n are still relevant now that Claude, ChatGPT, Perplexity, and other native AI apps can do more. Yes. Native AI apps are getting stronger, but automation platforms still offer broad integrations, visual debugging, predictable execution, and more control over the exact workflow.
Grant's Make workflow
At 44:26, Grant opened an older Make workflow we used for newsletter production. It started with links in a Google Sheet, sent them through Perplexity for source context, passed that research to Claude, and routed each item into newsletter categories.
The actual task was simple: we read a flood of AI news every day. The workflow helped classify and draft around that flood.
The important pattern:
- Trigger: A new row appears in a Google Sheet, or Grant manually clicks run.
- Context: The link and metadata in the sheet.
- Tools: Google Sheets, Perplexity, Claude, and routing logic.
- Action: Sort the item into a newsletter category and write a first pass.
- Guardrail: Process a limited number of rows at a time and send output back for review.
Back-channel context: Viewers wanted to see the actual fields and asked what populated the Google Sheet. In that example, Grant still populated it manually because news judgment is hard to automate cleanly. A future version could use scheduled agents to search trusted sources, de-duplicate links, and add candidate stories to the sheet for human review.
This is also where the “boring first agent” advice comes from. Grant did not start by asking AI to “run the newsletter.” He started with one painful subtask: classify and draft around links we already collected.
For viewers who want to learn Make, the best follow-up resource is Make Academy. Make describes it as a free, self-paced learning platform, and it now includes agent-focused learning paths.
What an agent node adds
At 58:18, Grant showed how a workflow can move from fixed automation to an agent node.
A node is one step in a workflow. In Make, Zapier, and n8n, the canvas is a series of nodes connected together.
A normal node might say: “Send this email.”
An agent node might say: “Read this input, decide what matters, use the approved tools, draft the right next step, and explain what you did.”
That agent node can receive:
- Instructions: The role, goal, and rules.
- Inputs: The data coming from the trigger.
- Knowledge: Files, docs, policies, examples, or style guides.
- Tools: Search, Gmail, Sheets, Slack, HTTP calls, or internal systems.
- MCP servers: More advanced connectors that expose tools and data.
- Outputs: The next step, such as a draft, task, Slack update, or database row.
The beginner mistake is opening a giant tool menu and trying to pick from it cold. The better path is to write the workflow in plain English first, then ask AI to help you choose the minimum tools needed.
I want to build a safe agent workflow for this task:[describe the repetitive task]The tools I already use are:[apps]The agent should be allowed to:[read, draft, classify, summarize]The agent should ask before:[sending, deleting, posting, updating records]Turn this into a simple workflow with trigger, context, tools, actions, guardrails, and approval steps.
Zapier, Make, and n8n
At 1:07:30, Grant demoed how Zapier can generate an agent-like workflow from a natural-language prompt. Instead of manually wiring every node, you can increasingly describe the outcome and let the platform draft the workflow.
The three tools overlap, but they have different sweet spots:
- Zapier Agents: Usually the easiest entry point for non-technical users who want to connect common apps. Zapier says agents can work across 9,000+ apps.
- Make: Strong visual workflow builder for business processes where you want to see and control each step. Make says it connects 3,000+ prebuilt apps and now supports AI agents and agentic automation.
- n8n: More builder-friendly and developer-friendly. n8n emphasizes visible agent reasoning, custom code, self-hosting, human-in-the-loop approvals, structured inputs and outputs, and MCP support.
The practical rule: use Zapier for the shortest path, Make for visual control, n8n when you want deeper customization or self-hosting.
Someone asked whether Make is available as a desktop Mac app. Treat Make as browser-based tool unless Make announces otherwise. If you prefer a desktop feel, you can pin it as a browser app, but the normal Make experience runs in the web app. Far as we know, anyway.
Corey's ClickUp demo
At 1:16:19, Corey showed a simple ClickUp example: create an agent that checks incomplete tasks once a day.
That is a perfect beginner use case because the context already lives in one place:
- Tasks
- Owners
- Due dates
- Statuses
- Comments
- Docs
- Project history
The agent does not need to understand your entire company. It needs to answer one bounded question: “What needs attention today?”
Useful ClickUp-style prompts:
Review this project and give me a simple status update. Include what is done, what is blocked, what is overdue, and the three most important next actions.
Find the tasks most likely to delay this project. Explain why each one is risky, who owns it, and what should happen next.
Draft a weekly project update using the current tasks, comments, and due dates. Use this format: wins, risks, blockers, next steps, and decisions needed.
Notice the pattern: read, summarize, draft, recommend. Those are good first agent actions. Editing task records, moving deadlines, or notifying clients should come later and require approval.
The beginner path: start with one tool
At 1:21:26, the chat pushed us back toward true beginner needs. That was useful.
The best first path is not “learn every platform.” It is:
- Pick one tool you already use.
- Pick one repetitive, low-risk task inside that tool.
- Describe the goal, context, trigger, tools, allowed actions, and approval step.
- Build the smallest version.
- Run it manually before scheduling it.
For most people, that first tool is probably ChatGPT, Claude, Gmail, Google Drive, Outlook, ClickUp, Notion, Slack, Zapier, Make, or n8n.
A viewer suggested a great process: map the workflow before building. They talked through a studio-rental process with ChatGPT, then used Claude to make a visual workflow. That is the right instinct. Map the work before you automate the work.
Beginner homework: Pick one annoying task. Write it as “when this happens, I want help doing that.” Then ask AI to turn it into a safe workflow.
Codex, Claude Code, and agentic coding tools
At 1:07:10, Corey pointed out that Codex and Claude Code are useful even if you do not think of yourself as a programmer.
OpenAI describes Codex as a cloud-based software engineering agent that can work on tasks in isolated environments, read and edit files, run commands, provide logs, and return changes for review. OpenAI also noted that Codex became available to ChatGPT Plus users in a June 2025 update.
Anthropic describes Claude Code as an agentic coding tool that reads your codebase, edits files, runs commands, and integrates with development tools. It can also schedule recurring tasks, use MCP, connect to tools, and run from the terminal, IDE, desktop app, browser, or Slack.
That makes these tools feel “technical,” but the pattern is broader:
- Research a folder and summarize what changed.
- Convert a messy CSV into a clean report.
- Rename files based on a rule.
- Draft documentation from existing code or notes.
- Run a recurring check and report back.
- Build a small internal app from a plain-English spec.
At 1:35:48, Corey explained plan mode. Plan mode is useful because it lets the agent inspect and reason before it edits. Claude Code's permissions docs describe plan mode as allowing file reads and read-only shell commands while preventing source-file edits.
A viewer joked about dangerous terminal commands after someone typed a destructive command in chat. The real lesson: permission modes matter. Use plan mode, read-only access, containers, and explicit deny rules before you hand an agent full access to files or shell commands.
Safety, cost, permissions, and data controls
Agents make the old AI safety advice more practical and more urgent. The core rule is still simple: least privilege first.
Use the smallest permission that works
Start read-only. Then allow drafts. Then allow writes only after you understand the failure modes.
Claude Code's permission docs are a useful mental model. Read-only actions do not require approval, while shell commands and file modifications do. Claude Code also supports allow, ask, and deny rules, and recommends using full bypass permissions only in isolated environments such as containers or VMs.
Understand subscription usage vs. API usage
At 1:38:27, Grant and Corey clarified a common confusion from chat: ChatGPT-style subscriptions and API usage are different.
- Consumer chat subscription: You usually see usage limits or message caps, but you are not manually paying for each token.
- API usage: You usually pay based on usage, often measured in tokens or model calls.
OpenAI says API traffic and business products such as ChatGPT Business and ChatGPT Enterprise are not used to train models by default unless an organization explicitly opts in. For consumer services like ChatGPT and Codex, OpenAI says content may be used to train models unless users opt out through data controls.
Keep model choice boring
Several viewers asked how to manage model costs. The answer is model routing, not always using the biggest model.
- Use smaller, faster models for classification, extraction, and formatting.
- Use stronger models for reasoning, writing judgment, complex coding, or messy ambiguity.
- Use local models for privacy-sensitive experiments when quality demands are modest.
- Set budgets and alerts wherever your API provider allows them.
Good places to practice model selection include Google AI Studio, which lets developers try Gemini models and get API keys, and OpenRouter, which offers a unified API across many models and can handle fallbacks and cost-effective routing.
Know when local or privacy-first tools help
During the stream, we linked to LM Studio and Proton Lumo. LM Studio is useful if you want to run local models on your own hardware. Proton Lumo is a privacy-first AI assistant that says it keeps no logs of your prompts or replies and does not use your data to train models.
Neither replaces good judgment. Local models can be weaker or slower. Privacy-first hosted tools still require you to understand what you are uploading and whether the tool is appropriate for business-sensitive data.
Back-channel Q&A:
Is an agent an "AI", "GenAI", or "agentic AI"?
Agentic AI is closest, but just call it an AI agent (keep it simple, silly!). Generative AI is usually the model that produces text, images, code, or analysis inside the system. Agentic AI describes the broader category of systems that can take goal-directed actions. An agent is an agent.
Are Zapier, Make, and n8n still relevant?
Yes. Native AI environments are better than they were, but workflow platforms still win when you need broad app integrations, visual traces, repeatable triggers, and predictable business logic. A native chat tool is often the best place to prototype. Zapier, Make, and n8n are often better places to operationalize.
What is your best daily use of agents?
The best daily use is usually a morning-prep or triage workflow. Corey mentioned workflows that help get the day in order. Grant's example was a news workflow that turns a pile of links into sorted newsletter candidates. The pattern is the same: use agents to prepare the work, then keep the human in charge of judgment. Grant also uses agents to build software but that's not necessarily a beginner use-case.
Should students learn automation and agentic AI?
Yes, but focus on durable concepts instead of tool hype. Students should understand goals, context, tools, APIs, privacy, verification, and human review. The career skill is not “I know one automation platform.” The career skill is “I can map a process, identify the safe parts to automate, and supervise AI responsibly.”
Is ChatGPT better for non-technical users than Claude?
For many beginners, ChatGPT feels more approachable. Claude often feels strong for long documents, structured reasoning, and writing workflows. The best beginner advice is to start with whichever tool feels easiest, then learn the shared mental model: goal, context, tools, action, approval.
Can Codex be used through ChatGPT?
Yes. OpenAI says Codex is accessible through the ChatGPT sidebar, and OpenAI's June 2025 update made Codex available to ChatGPT Plus users. Availability can vary by plan and region, so check your ChatGPT sidebar or Codex settings.
Can AI read physical pages in a PDF?
Sometimes. If a PDF contains selectable text, AI tools can usually read it. If it is scanned pages or photos, you need OCR, which stands for optical character recognition. For higher-stakes documents, run OCR first, spot-check several pages, and keep the original scan attached for verification.
Can agents help with creative judgment?
Yes, if you define the taste first. A creative judgment agent needs examples of work you like, examples you reject, your aesthetic rules, and a rubric for tone drift. Ask it to flag weak options and explain why. Keep final creative decisions human.
Act as my creative review assistant.Use this taste profile:[describe what good looks like]Use these rejection rules:[bad shots, weak prompts, tone drift, cliches, overused effects]Review the following options. Rank them, explain what to cut, and suggest one revision for the strongest option. Do not generate final work yet.
You can also save these preferences in a skill file or in an agents.md file so you don't have to repeat yourself and instead just direct the agent where to look.
Does AI enhance cognitive skills or weaken them?
It depends on how you use it. A viewer framed AI as collaborating with a smart friend. That is the right idea. If you ask AI to replace your thinking, your skill in an area can atrophy. If you use AI to challenge your assumptions, test your logic, and show alternate approaches, it can improve your thinking process.
Here is my current thinking:[paste your reasoning]Challenge it. Identify weak assumptions, missing evidence, and the three questions I should answer before deciding. Then give me one stronger version of my argument.
Questions we couldn't answer live
Is it safer to use an LLM through the API or through chat?
For business-sensitive work, the API or a business-tier product usually gives you clearer data controls. OpenAI says it does not train on API inputs and outputs or ChatGPT Business / Enterprise content by default unless an organization opts in. Consumer ChatGPT content may be used to train models unless you opt out, and Codex has separate training controls for full environments.
The bigger safety question is access. A chat with no connectors can only use what you paste. An agent with Gmail, Drive, filesystem, shell, or CRM access can touch real systems. Use the strictest account type and the smallest permissions that accomplish the task.
What do MCP connectors give you that Zapier can't?
MCP gives an AI model a standardized way to discover and use approved tools. Zapier gives you a workflow platform with thousands of integrations, triggers, logs, and business-automation patterns.
Use MCP when you want the model to choose among approved tools inside an AI assistant or coding environment. Use Zapier when you want a visible, deterministic workflow across business apps. Use both when Zapier handles the business process and MCP gives the model controlled access to special tools.
MCP vs. CLI: when should you use each?
Use a CLI when you know the exact operation and want the computer to run it. Use MCP when you want an AI assistant to safely access a menu of approved tools.
- CLI: “Run this script, export this file, convert these images, deploy this project.”
- MCP: “Let the agent search docs, create tickets, inspect a repo, or call approved internal tools.”
A good production setup often uses both. The agent decides what is needed, then the harness or workflow runs safe commands with tight permissions.
What are good resources for AI with GIS, ArcGIS Pro, and Google Earth?
For ArcGIS users, the most practical path is ArcGIS API for Python, ArcGIS Pro geoprocessing tools, and Jupyter notebooks. Use AI to help write Python, explain geoprocessing steps, generate ModelBuilder logic, document workflows, and QA map outputs. Keep the actual spatial analysis grounded in GIS tools and human review.
For Google Earth workflows, separate visualization from analysis:
- Google Earth / KML: Good for viewing, presenting, and sharing geographic layers.
- Google Earth Engine: Better for large-scale geospatial processing. Google describes Earth Engine as a public data catalog, compute infrastructure, geospatial APIs, and interactive app server with JavaScript, Python, and REST APIs.
Beginner GIS agent idea: ask the agent to turn a plain-English request into a step-by-step GIS workflow, then have a human GIS user run or approve the actual operations.
How is a Codex automation different from a Cloudflare Worker?
A Codex automation is for recurring AI work: review, classify, generate, refactor, summarize, or investigate. A Cloudflare Worker is production software. Cloudflare describes Workers as a serverless platform for building, deploying, and scaling apps across Cloudflare's global network with no infrastructure to manage.
Use a Worker when the logic is stable and should run reliably: receive a webhook, validate JSON, call an API, update a database, or respond to a request. Use Codex or Claude Code when the work needs interpretation, coding judgment, investigation, or revision.
A strong hybrid pattern: use an agent to design or update the Worker, then let the Worker run the production process.
Can Cloudflare Workers replace Zapier?
For developers, sometimes. Workers can be dramatically cheaper at scale because you pay for compute and requests instead of per-task automation pricing. Cloudflare's free plan includes 100,000 requests per day, while the paid plan includes 10 million requests per month plus overage pricing.
The tradeoff is maintenance and price. Zapier sells convenience, app connectors, monitoring, and non-developer usability, but you pay per zap. Workers give you control, but you own the code, logs, failures, credentials, retries, and edge cases.
Can I build a small-business bookkeeping agent with receipt photos and QuickBooks?
Yes, with guardrails. The safe version is a receipt-prep agent, not a fully autonomous bookkeeper.
It can:
- Read receipt photos with OCR.
- Extract merchant, date, total, tax, payment method, and category.
- Flag low-confidence fields.
- Attach the image to a draft expense record.
- Send anything uncertain to a human or bookkeeper.
It should not quietly file taxes, change your chart of accounts, reconcile bank transactions, or submit anything final without review. Bookkeeping agents are useful because receipts are repetitive. They are risky because small errors compound. Use wisely and keep a human in the loop. One thing you could do is start by building a skill file to do all of those things using Claude Cowork or Codex (read our AI for beginners article for more on that).
How should I protect intellectual property and personal information?
Use account-level controls, legal agreements, and workflow design together.
- Use business or enterprise plans for sensitive company work.
- Turn off training for consumer chat accounts when available.
- Use temporary chats for sensitive one-off questions when appropriate.
- Minimize the data the agent can see.
- Do not connect everything “for convenience.”
- Use read-only connectors first.
- Store secrets in proper secret managers.
- Review vendor terms, data-retention settings, and compliance docs before uploading sensitive data.
Also, telling a chatbot “do not train on my data” inside a chat is not a reliable privacy control. Use the product's actual data-control settings or a business agreement.
What should I do after an API key leak?
Rotate the key immediately. Then check logs, revoke old credentials, audit what the key could access, and set tighter scopes before issuing a new one.
A viewer shared a painful example of an Amazon SES key getting stolen and sending a huge number of emails from their domain. That is exactly why secrets belong in systems like AWS Secrets Manager, Cloudflare secrets, GitHub secrets, or your workflow tool's credential vault.
What about Manus, GenSpark, Hermes, and OpenClaw?
Treat these as more agentic interfaces for doing multi-step work. Manus and GenSpark aim to make agentic research, browsing, and task execution feel easier for end users. OpenClaw and Hermes-style harnesses sit closer to the advanced builder frontier.
The practical beginner answer: try user-friendly agent tools for research and task drafts, but be more cautious with tools that can run locally, execute commands, touch files, or connect to many accounts. More autonomy means more capability and more blast radius.
Can Hermes or an agent harness choose the best model for the task?
Yes, if the harness supports routing logic, but “best” has to be defined. You might optimize for cost, speed, reasoning quality, code ability, long context, privacy, or tool reliability.
A good routing policy sounds like this:
- Use a cheap model for classification and formatting.
- Use a stronger model for writing, reasoning, or ambiguous decisions.
- Use a coding model when file edits or tests are involved.
- Escalate to a human when confidence is low or the action is high-risk.
If you need help comparing cost vs performance across a variety of tasks, Artificial Analysis is a great resource.
What should beginners do first if everything feels overwhelming?
Pick a free or already-paid tool. Pick one task. Avoid connecting private accounts on day one. Build a manual version before a scheduled version.
Try this:
I am new to AI agents. Help me design one safe beginner workflow using only [tool I already use].The task I want help with is:[task]Make the first version read-only or draft-only. Include the trigger, context, tools, actions, guardrails, and what I should review before trusting it.
Your first agent ideas
The best first agent is boring, safe, and useful. Look for repetitive, text-heavy work where mistakes are low-cost because a human reviews the output.
1. Meeting prep agent
- Goal: Prepare a short briefing before a meeting.
- Context: Calendar invite, agenda, notes, recent emails, project tasks.
- Output: Meeting brief, three questions, agenda, follow-up draft.
- Guardrail: Draft only. No sending.
2. Inbox triage agent
- Goal: Sort emails into urgent, waiting, FYI, delegate, and needs review.
- Context: Recent inbox messages and your reply preferences.
- Output: Sorted list and draft replies.
- Guardrail: Ask before sending.
3. ClickUp project update agent
- Goal: Summarize overdue work, blockers, risks, and next steps.
- Context: Tasks, owners, due dates, comments, docs, and statuses.
- Output: Weekly update for Slack or stakeholders.
- Guardrail: Ask before editing tasks.
4. Lead research agent
- Goal: Research new inbound leads and draft personalized follow-up.
- Context: Form submission, company website, CRM fields, approved sales docs.
- Output: Fit score, summary, and email draft.
- Guardrail: Ask before contacting the lead.
5. Research brief agent
- Goal: Turn links and docs into a short brief.
- Context: Approved sources, reading list, company docs.
- Output: Summary, key claims, open questions, and suggested next reads.
- Guardrail: Cite sources and flag uncertainty.
6. Content repurposing agent
- Goal: Turn one recording, transcript, or post into multiple formats.
- Context: Transcript, brand voice, examples, target channels.
- Output: Newsletter blurb, LinkedIn post, YouTube description, and short clips list.
- Guardrail: Keep claims tied to the source transcript.
7. Personal admin agent
- Goal: Turn notes, calendar items, and reminders into a daily plan.
- Context: Calendar, notes, task list, preferences.
- Output: Morning plan with priority order.
- Guardrail: Never move meetings or send messages without approval.
8. Receipt-prep agent
- Goal: Extract fields from receipts and prepare draft expense entries.
- Context: Receipt image, category list, vendor rules, accounting policy.
- Output: Draft category, total, tax, date, merchant, and confidence score.
- Guardrail: Human review before posting to accounting software.
9. Creative review agent
- Goal: Help reject weak shots, weak prompts, or tone drift.
- Context: Taste profile, examples, rejection rules, target audience.
- Output: Ranked options, critique, and revision suggestions.
- Guardrail: The artist makes the final call.
Now, let's dive into the two topics we couldn't cover in time on the stream: Managed Agents and Personal Agents.
Advanced companion: Claude Managed Agents explained
This is the more advanced companion section for readers who finished the above Agents 101 guide and want to see how the same concepts become production infrastructure.
Agents 101 gives you the raw ingredients of working with agents: you need a goal, context, tools, actions, triggers, guardrails, and a human approval step for critical use-cases.
Claude Managed Agents is what happens when those ingredients become infrastructure that you then deploy for others to use. Instead of asking every developer to build the agent loop, host the sandbox, wire up tool execution, store session history, stream events, manage credentials, and debug long-running jobs themselves, Anthropic provides a managed harness for running Claude as an autonomous agent.
That makes managed agents the natural end point of our beginner livestream. We started with the question, “what is an agent?” Managed agents answer the follow-up question: “What does it take to run one reliably after you've got the demo to work?" Keep in mind, Managed Agents is Anthropic's built-in solution, and Anthropic is kinda like the premium option, so if you're looking for something cheaper, you can check out the Hermes Agent explainer below this.
The beginner version: A managed agent is an AI worker whose brain, tools, working space, memory, permissions, and activity log are packaged into a system you can start up, monitor, interrupt, resume, and ship all by yourself.
What managed agents are
A managed agent is a production-ready agent setup where the platform handles the machinery around the model.
In the basic API version of AI, your app sends a prompt and gets a response. That is great when you want a model to answer, classify, summarize, or generate something in a single request.
But an agent needs more than that. It has to keep track of the task, call tools, receive tool results, decide what to do next, handle errors, remember what happened, and sometimes run for minutes or hours. In the “Ship your first Managed Agent” walkthrough from Anthropic, Anthropic explains the progression this way:
- Messages API: raw model access, where developers manage the surrounding agent loop themselves.
- Agent SDK: a harness for calling Claude Code-style agents, while developers still manage hosting and scaling.
- Claude Managed Agents: a managed harness with sandboxing, tool runtime, observability, context management, and infrastructure handled by Anthropic.
Put more simply: the model is still the thinking engine, but the managed agent is the whole workbench around it.
Why managed agents exist
The reason managed agents exist is simple: real agents need a lot of scaffolding.
During the beginner stream, we used “scaffolding” to mean all the support structures around an agent: instructions, guardrails, permissions, context, memory, tools, and the runtime that lets the agent keep working. In the official engineering write-up, Anthropic calls this a harness.
That harness matters because agent behavior changes as models improve. Anthropic gives one revealing example: Claude Sonnet 4.5 sometimes showed “context anxiety,” where it wrapped up tasks early as it approached the end of its context window. Anthropic added harness-level mitigations, then found the behavior disappeared with Claude Opus 4.5. The workaround became dead weight.
That is the core infrastructure lesson: if you hand-build an agent harness around today's model quirks, you may have to rebuild it when the next model gets smarter. This is also famously why your workflows break every time there's a new model update.
Managed agents are designed to separate the stable pieces from the pieces that can evolve. You define the agent's job, tools, context, permissions, and environment. The platform can improve the harness underneath.
The mental model: brain, hands, session, events
The easiest way to understand managed agents is to split the system into four parts.
1. The brain
The brain is Claude plus the agent harness. This is where reasoning happens. It reads the task, decides which tools to call, processes results, and decides what should happen next.
2. The hands
The hands are the execution environments and tools. That could be a sandboxed container, a file system, a web fetch tool, a bash command, a custom tool, or an MCP server connected to something like Linear, Figma, GitHub, Datadog, or an internal system.
3. The session
The session is the durable record of the work. Anthropic's docs define a session as a running agent instance within an environment. The engineering post goes deeper: a session is an append-only log of everything that happened.
That means the session is bigger than the model's current context window. Claude can read slices of the session history, resume work, recover from failure, and keep the task moving without relying on one fragile container staying alive.
4. The events
Events are the messages and state changes moving through the session. A user message is an event. A tool call is an event. A tool result is an event. A status update is an event. A session lifecycle change is an event.
In the incident-response demo, Anthropic explains that managed agents speak in events, rather than simple “tokens in, answer out” requests. That is why the UI can stream what the agent is doing, and why the console can show a detailed timeline of the agent's work.
The simple picture: the brain thinks, the hands act, the session remembers, and events show what happened.
How Claude Managed Agents work
Claude Managed Agents is built around four core objects: agents, environments, sessions, and events.
Agent
The agent is the definition of the worker. It includes the model, system prompt, tools, MCP servers, and skills.
In the first workshop demo, the agent is an SRE agent. Its job is to investigate incidents. It gets a simple system prompt and tools for metrics, recent deployments, diffs, and logs.
In the production-ready demo, the agent can use a Linear MCP connection, memory stores, and multiple subagents that specialize in different parts of a deal-analysis workflow.
Environment
The environment defines where the agent does work. Anthropic's docs describe this as either an Anthropic-managed cloud container or a self-hosted sandbox on your own infrastructure.
This matters because agents often need a real working space. They may need to read files, run commands, edit code, fetch web content, or interact with private systems.
In the environment section of the first demo, Anthropic shows a cloud environment with network settings. You can allow broad network access or restrict the agent to specific sites and URLs.
Session
A session connects a specific agent to a specific environment for a specific task. It is the running instance of the agent.
In the incident demo, the session binds the SRE agent, the environment, and the uploaded log file. Once the session starts, Claude can inspect logs, call tools, stream results, and keep the investigation alive.
Events
Events are how the application and the agent communicate. Your app sends user events. The agent emits response events, tool-call events, status events, and session events. The stream can be shown to a user, logged for observability, or used to trigger follow-up behavior.
The production-ready demo breaks events into user events, agent events, session events, and span events. That sounds technical, but the purpose is practical: you want to know what the agent is doing, when something starts, when something ends, when it needs approval, and when it hits an error.
How to use managed agents
The workflow looks like this:
- Create the agent: choose the model, write the system prompt, define tools, attach MCP servers, add skills, and set permission policies.
- Create the environment: choose a managed cloud container or a self-hosted sandbox. Configure network access and installed packages.
- Start a session: connect the agent to the environment and attach any resources the task needs, like files or repositories.
- Send events: send the user's request, tool results, confirmations, or interruptions as events.
- Stream responses: show the agent's work as it happens, including messages, tool calls, and status updates.
- Monitor and steer: use the console, event logs, permissions, and interrupts to debug or redirect the agent.
- Persist, resume, or delete: keep sessions alive for long work, resume later, or delete sessions and uploaded files when you no longer need them.
That is the production version of the formula we used in the livestream (plus a sandbox to run the thing in):
Goal
+ Context
+ Tools
+ Actions
+ Guardrails
+ Human approval= A managed agent session you can run, monitor, and resume
The key shift is that you are no longer thinking only in prompts. You are designing a small operating system for a piece of work.
Two examples from Anthropic's demos
Example 1: An incident-investigator agent
In “Ship your first Managed Agent”, Anthropic builds an incident-response agent. The scenario is the classic developer nightmare: something breaks, P99 latency jumps to roughly 10x baseline, and someone needs to figure out why.
The agent gets:
- A system prompt that tells it to act like an SRE agent.
- Logs and metrics as context.
- Tools for recent deployments, diffs, and metrics.
- A session that streams every tool call and response.
- A front-end view where the user can watch the investigation unfold.
By the end of the run, the agent identifies a likely database pool exhaustion problem, connects it to a recent code change, rules out other causes, and recommends actions. Anthropic points out that the same pattern could go further: with codebase access, the agent could suggest a fix, open a PR, and move from diagnosis to remediation.
The important beginner takeaway is that this is every Agents 101 term in one place. The trigger is the incident. The goal is the investigation. The context is logs and metrics. The tools are deployment and diff lookups. The guardrail is that the demo stops at recommendations. The human remains the reviewer before production changes happen.
Example 2: A deal-analysis agent with subagents
In “Build a production-ready agent with Claude Managed Agents”, Anthropic shows a mock M&A-style workflow. A main agent evaluates fake companies using files, Linear data, memory stores, outcomes, and subagents.
The useful idea here is delegation. Instead of one agent stuffing every detail into one context window, the coordinator can spin up specialized agents. One might focus on macro trends. Another might focus on financial analysis. Another might inspect operational risks. Each has its own context window, tools, and thread of work.
That makes multi-agent orchestration easier to understand: it is a way to split complex work into smaller jobs, then bring the results back to the main agent.
The advanced pieces: subagents, memory, outcomes, vaults, and webhooks
Let's break all those terms down one at a time.
Subagents
Subagents let a main agent delegate pieces of work to other agents. This helps with parallelization and context management. In the production-ready demo, the console shows several agents running at once, each with its own horizontal activity line.
For non-developers, the best analogy is a project lead assigning work to specialists. The lead keeps the final goal in mind. The specialists investigate smaller pieces.
Memory
Memory stores let agents carry useful information across sessions. Anthropic also describes a “dreaming” service, where Claude can review memory logs and decide what is worth keeping for future work.
This is especially useful when an agent should learn from corrections. For example: “Next time, use our shorter stakeholder update format,” or “When reviewing design shots, flag lighting drift before composition.”
Outcomes
Outcomes let you define a desired result and a rubric. The agent can then iterate against that rubric instead of merely completing a sequence of tool calls.
That is a big conceptual upgrade. You can say, “produce a decision brief that satisfies these criteria,” rather than “call these five tools in this order.”
Vaults
Vaults store credentials outside the sandbox and outside Claude's context window. This matters because API keys and OAuth tokens are sensitive. The engineering post explains that credentials can be stored in a secure vault, and Claude can call tools through a proxy without seeing the underlying token.
That answers one of the biggest fears from the live chat: “What happens if I give an agent access to important systems?” The better production pattern is to avoid showing the model raw secrets at all.
Webhooks
Webhooks can wake up or resume an agent when something happens. In the first demo recap, Anthropic explains that an external event can trigger or resume a session.
That connects directly to the beginner explanation from the stream: a webhook is the doorbell. In a managed-agent setup, the doorbell can wake a long-running session that already has memory, tools, permissions, and durable history.
Connecting the dots between this and Agents 101
Managed agents are the advanced version of every concept from the beginner stream.
- Goal: the task you delegate to the session, or the outcome rubric you want the agent to satisfy.
- Context: prompts, files, repositories, previous session events, memory stores, and tool results.
- Tools: built-in tools like bash, file operations, web search, web fetch, MCP servers, and custom tools.
- API: the endpoints you use to create agents, environments, sessions, events, vaults, and memory stores.
- API key: the credential used to access the Claude API, plus separate credentials stored in vaults for external systems.
- JSON: the structured shape of tool definitions, tool results, events, and configuration.
- Webhook: a way to wake, resume, or steer a session when an external event happens.
- MCP: the connector layer that exposes tools and data sources to the agent.
- Guardrails: tool permissions, network allowlists, confirmation events, and human approval policies.
- Human in the loop: confirmations and permission policies for actions that need review.
- Scaffolding: the harness, sandbox, session log, memory, observability, and permissions around the agent.
When to use managed agents
Managed agents make the most sense when the work is long-running, stateful, tool-heavy, or needs production-grade control.
Good fits include:
- Incident investigation across logs, metrics, deployments, and code.
- Codebase work that needs files, shell commands, repositories, PRs, and review.
- Research workflows that require multiple tools, files, sources, and checkpoints.
- Business operations workflows where the agent needs to read private systems and draft next steps.
- Project-management agents that monitor tasks, blockers, comments, and status changes.
- Customer-support agents that use approved docs, search internal systems, and draft responses for approval.
- Creative-review agents that compare outputs against a defined style rubric.
Use a simpler automation tool when the job is short, deterministic, and mostly app-to-app routing. Make, Zapier, n8n, and Cloudflare Workers still shine when the workflow is “when X happens, do Y.”
Reach for managed agents when the workflow is closer to: “when X happens, investigate, decide which tools matter, keep a record, ask for approval where needed, and continue until the outcome is good enough.”
What to watch out for
It is still developer infrastructure
Managed agents make production agents easier to build, but they are still API-driven. A non-technical person (like you, perhaps?) can understand the model, but a team usually needs a developer to wire it into a real product. We've also heard reports of most successful AI-first companies having their dev teams create shared agents that the whole team can use individually.
That's what our team at TA did; our tech team created a central "Technology Advice" connector with all our connections wired into it via a Cloudflare worker so that we can use our company resources via chat, but manage it behind single sign on authorization.
Data retention matters
Anthropic's docs say Claude Managed Agents is stateful by design. Sessions store conversation history, container state, and outputs server-side. The same docs say Managed Agents is currently outside Zero Data Retention and HIPAA BAA coverage, though users can delete sessions and uploaded files through the API. This is one reason why you would want to use something like this when making agents for external-facing agents.
In general though, this matters for teams handling sensitive data. Before shipping, decide what data the agent can see, how long sessions should live, what gets deleted, and which systems require stricter controls.
Permissions should start narrow
Give the agent read access before write access. Require confirmation for sends, deletes, payments, production changes, database writes, and anything customer-facing.
In the production-ready demo, Anthropic emphasizes per-tool permission controls. Some tools can auto-execute. Riskier tools can require explicit user approval.
Observability is part of the product
With agents, the user experience includes watching what the agent is doing. The console view is useful because it shows tool calls, event streams, subagent activity, errors, and timing.
For production, this is more than debugging. It is how users build trust.
Resources to watch next
- Claude Managed Agents overview: the official docs for the core concepts, supported tools, beta access, data-retention caveats, and rate limits.
- Scaling Managed Agents: Anthropic's engineering explanation of why it separated the brain, hands, and session log.
- Ship your first Managed Agent: the hands-on incident-investigator workshop.
- Build a production-ready agent with Claude Managed Agents: the more advanced demo with sessions, subagents, memory, outcomes, vaults, and console observability.
What this means
The big shift is that agents are becoming durable systems.
Managed agents package the invisible work around the model: the loop, the sandbox, the session log, the memory, the tools, the credential boundary, the event stream, and the observability layer.
For beginners, the important lesson is conceptual: an agent is only as useful as the system around it. For builders, the practical lesson is that the harness is now becoming a platform layer.
How much of this will stay developer-only? Today, managed agents look like API infrastructure. Tomorrow, the same pattern may show up inside business tools as a friendly button that says, “Create agent.” OpenAI's Workspace Agents is an early version of that, but to my knowledge, there is no such thing as a hosted workspace agent... yet.
Advanced companion: Hermes Agent explained
The other agent we mentioned on the stream towards the end of the video was Hermes Agent, the personal-agent version of the whole Agents 101 stack. If you're familiar with OpenClaw, you can think of Hermes as similar. Grant called Hermes the Claude to OpenClaw's OpenAI: there's more of the creators' specific taste in the design and implementation of the agent, for better or worse.
Like Managed Agents, Hermes turns the same Agents 101 ingredients into a long-running assistant that lives on infrastructure you control, talks to you through apps like Telegram or Slack, remembers what it learns, writes its own reusable skills, and can run scheduled work while you are away.
The simple version: Hermes is a self-improving personal agent. You give it a place to run, a model to think with, channels to reach you, tools it can use, memory it can update, and scheduled jobs it can repeat.
The official docs call Hermes a self-improving agent with a built-in learning loop. Its website says it can live on your server, remember what it learns, generate persistent skills, run scheduled automations, delegate to subagents, and use sandboxed backends like your own local sandbox, Docker, SSH, Singularity, and Modal.
That makes Hermes different from the managed-agent option above because it's more like a personal agent. Claude Managed Agents is a developer platform for building production agents into an app. Hermes is closer to a personal operating layer: one agent you train, message, route work to, and keep refining over time.
The useful mental model
Think of Hermes as five layers working together:
- Memory: the durable facts it should carry forward, usually stored in markdown files like
user.mdandmemory.md. - Skills: reusable playbooks for doing work the same way next time.
- Soul: the agent's voice, style, preferences, and default behavior.
- Crons: scheduled automations that make the agent proactive.
- Session recall: searchable history so the agent can remember old conversations, links, decisions, and projects.
That is the core reason people get excited about Hermes. A normal chatbot starts from the current conversation. Hermes is designed to become more useful as you use it, because the agent can persist memory, improve skills, and search its own past work.
How Hermes works under the hood
At a high level, Hermes has four practical pieces:
- The agent: the reasoning loop that reads your message, chooses tools, calls skills, updates memory, and decides what to do next.
- The model provider: the model Hermes uses to think, such as Nous Portal, OpenRouter, OpenAI, Anthropic, xAI, Hugging Face, or another endpoint.
- The gateway: the messaging layer that lets you talk to the agent from Telegram, Discord, Slack, WhatsApp, Signal, Email, CLI, or another interface.
- The terminal backend: the execution environment where Hermes can run commands, scripts, and code.
The terminal backend is the part beginners should treat with the most respect. If Hermes can run commands, it needs a safe place to run them. Matt Palmer's deployment masterclass shows one strong pattern: put the chat UI and Hermes gateway behind Cloudflare Access, run the agent on Fly.io, and send command execution to Modal sandboxes so code runs in an isolated environment. The exact stack is optional. The principle matters: separate the agent from the place where risky code runs.
That is the same safety pattern we discussed throughout the livestream: give the agent enough access to be useful, then make every dangerous path narrower.
How to set Hermes up
There are three common paths.
Path 1: local or basic install
The official path is straightforward: install Hermes with the one-line script, then run setup.
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bashhermes setup
During setup, you choose a model provider, connect a messaging platform, and decide which tools or plugins to enable. Alex's installation walkthrough covers the basic install flow, while his model-selection section walks through the trade-off between premium models, subscription-based options, and cheaper model routes. The docs also list hermes setup --portal as a fast path that uses Nous Portal OAuth for a model plus web search, image generation, text-to-speech, and browser tools.
Path 2: VPS install
The VPS path is the “cloud personal assistant” route. You rent a small server, install Hermes there, connect Telegram, and keep it online. Nate Herk's VPS setup walks through the server path, then shows how to connect Telegram during onboarding, create a GitHub backup and first cron job, and keep Hermes's state recoverable.
The beginner move is to create a private GitHub repo and ask Hermes to back up its safe state every night. That way, if the VPS breaks, you can move the important memory, skills, and configuration to a fresh instance.
Path 3: managed deployment with sandboxing
Matt Palmer's deployment masterclass uses a more serious architecture:
- Hermes deployment template for the repo, introduced before the repo setup and environment configuration section.
- Fly.io for the Hermes gateway and Open WebUI, deployed in the Hermes and Open WebUI setup section.
- Modal for isolated command execution, explained in the Hermes + Modal architecture section and tested in the sandbox execution demo.
- Cloudflare Access for authentication, rate limiting, and protection from the public internet, configured during the Zero Trust + GitHub OIDC setup.
- OpenRouter for model access through one API key.
This path takes longer, but it teaches the right production instinct: isolate the chat interface, the agent gateway, and the sandbox where code runs.
What to do first after setup
Treat Hermes like a new assistant on day one.
First, tell it who you are, what you are working on, what your goals are, how you like updates, what tools you use, and what you want it to avoid. Then ask it to save the durable parts to memory.
Second, create one recurring task. Alex Finn's “first things to do” section uses a good first prompt:
I want you to schedule a task for yourself to do every single night at 2 a.m. It should be a micro app, UI, or system that helps us get closer to my personal goals and ambitions. It should save us time, make us more productive, or be generally useful. Make sure this is scheduled for every single night at 2 a.m.
Third, set up a backup. Ask Hermes to create a private GitHub repo, add a safe .gitignore, and create a nightly sync skill that pushes safe changes without secrets. Nate's GitHub backup section is the cleanest walkthrough of that pattern.
Fourth, ask Hermes to explain its own setup back to you. The best beginner move is often: “Tell me what tools you have, what memory files you use, where your config lives, and what commands I should know.”
The dashboard, Kanban board, and mission control
The Hermes dashboard gives you a visual place to inspect models, crons, skills, plugins, profiles, the Kanban board, and connected channels.
The Kanban board is especially useful because it turns a pile of tasks into a multi-agent work queue. You can drop tasks into triage, and Hermes can break them into subtasks, move them forward, and assign work to agents.
Mission control is the next step. The idea is to ask Hermes to build a custom dashboard for your own workflow. That could include a memory wiki, a content pipeline, a docs library, a project tracker, or a page that shows what each agent is doing. It sounds fancy, but the prompt is simple:
Build me a mission control dashboard for my Hermes agent. Start with a memory page, a docs page, a cron overview, and a task pipeline. Keep it simple, then tell me what you need from me to improve it.
The best beginner use cases
Hermes is strongest when the work is repeatable, personal, and context-heavy.
- Daily tutor: give Hermes educational videos, have it extract the concepts, then schedule daily reminders and quizzes, like Alex's video-transcript tutor example.
- Research assistant: ask it to collect links, summarize sources, and save the reusable research process as a skill.
- Device admin: use a private network like Tailscale so Hermes can help move files across devices, with careful permissions. Alex's device-admin use case shows the basic idea.
- Session recall: ask what you discussed last week, what business ideas you saved last month, or which links you shared in a prior session. Alex's session-recall section explains why this feels different from ordinary chatbot memory.
- Content pipeline: have Hermes turn rough ideas into outlines, scripts, thumbnails, posts, and publishing checklists.
- Nightly backup: have it sync safe memory and skill changes to a private GitHub repo, following Nate's first-cron walkthrough.
- Weekly audit: have it check stale tasks, broken crons, unused API keys, or security settings.
The test is simple: would a sharp assistant get better at this task if they watched you do it ten times? If yes, Hermes is a good fit.
Security advice that will keep you out of trouble
The weakest Hermes setup is one giant agent with every API key, every device, every file, every cron, and no isolation. That is convenient until one mistake has too much blast radius. Nate's best-practices section makes the same point through scoped accounts, named API keys, and firewall checks.
Use this checklist instead:
- Give each agent only what it needs. A content agent does not need QuickBooks. A finance agent does not need your YouTube channel keys.
- Keep secrets out of chat. Put API keys in environment variables, a proper secret manager, or Bitwarden Secrets Manager where supported.
- Name API keys by agent. You should know which agent is spending money or calling which service.
- Use separate accounts when it helps. Agent email, agent GitHub, agent calendar, or scoped service accounts can reduce risk.
- Use Docker, Modal, or another isolated backend for command execution. Running everything on your main machine is easy, but isolation is safer.
- Gate public interfaces. Put web UIs behind Cloudflare Access or a similar authentication layer.
- Audit memory and skills. Memory and skills are Hermes's advantage, but stale memory creates weird behavior. Bad skills repeat bad process.
- Ask before destructive actions. Anything that sends, deletes, pays, publishes, rotates credentials, or changes production data should require approval.
The practical framing: treat Hermes like a talented intern with shell access. Give it work. Watch what it does. Train it. Keep the keys scoped.
When to create more than one Hermes agent
Start with one. Split later.
Create a second Hermes agent when a role needs its own memory, tools, credentials, schedule, or audience. Nate's scaling section gives the clean decision tree: split when the role needs separate memory, tools, credentials, schedule, or audience.
- A content Hermes for newsletters, scripts, social posts, and YouTube comments.
- A finance Hermes for receipts, bookkeeping, invoices, and QuickBooks workflows.
- A dev Hermes for GitHub, local repos, tests, deployments, and bug triage.
- A research Hermes for sources, reading lists, papers, and citation memory.
Avoid the mega-agent trap. One agent with every skill and every key gets harder to debug. Smaller role-based agents are easier to reason about, easier to secure, and easier to replace.
What beginners should remember
Hermes is exciting because it makes an agent feel less like an app and more like a growing work companion. The same words from the beginner stream all show up here:
- Goal: what you want Hermes to accomplish.
- Context: your memory files, past sessions, docs, links, tools, and preferences.
- Tools: browser, terminal, image generation, web search, messaging, APIs, and plugins.
- Trigger: a Telegram message, a dashboard task, a cron job, or an external event.
- Action: a script, file edit, message, report, backup, or generated artifact.
- Human in the loop: your approval step before risky work.
- Guardrails: permissions, scoped keys, Cloudflare Access, sandboxing, and rules in memory or skills.
That is why Hermes belongs near the end of this guide. It is the “now put it all together” agent.
What changed in Hermes v0.15.0
The v0.15.0 Velocity Release is worth calling out because it shifts Hermes from “cool personal agent experiment” toward “personal agent platform.”
The big changes:
- The agent loop got smaller and easier to maintain:
run_agent.pywent from 16,083 lines to 3,821 lines, split across 14 modules. - Kanban became a multi-agent work system: triage can decompose a task into subtasks, assign workers, use per-task model overrides, schedule starts, and manage worktrees.
- Cold starts improved: the release says
hermes --versioncold start dropped from 701ms to 258ms, with other per-turn and Termux improvements. - Session search got rebuilt: the release says session discovery moved from roughly 90 seconds to about 20ms, with no auxiliary LLM call and no extra cost.
- Promptware defenses landed: Hermes now scans recalled memory and tool output for prompt-injection patterns and wraps tool results in delimiters.
- Secrets management got cleaner: Bitwarden Secrets Manager can replace scattered plaintext API keys with one bootstrap token.
- Skills and MCP got more mature: skill bundles load multiple skills with one slash command, and Hermes added a Nous-approved MCP catalog with an interactive picker.
For beginners, the practical takeaway is simple: Hermes is moving fast, and the biggest improvements are in the places that matter for daily use: speed, memory search, Kanban orchestration, credentials, and safety.
Hermes vs. Claude Code vs. Claude Managed Agents vs. OpenClaw
Use the tools by job shape:
- Claude Code / Codex: best when you are sitting down for focused coding, debugging, refactoring, or building a real app.
- Claude Managed Agents: best when a developer team wants to build a reliable production agent into a product.
- Hermes: best when you want a personal agent that remembers your work, talks to you from messaging apps, runs scheduled tasks, and improves its own skills.
- OpenClaw: similar personal-agent idea, right now at least, Hermes is a lighter, faster, and currently easier to keep stable version of OpenClaw, so try Hermes if you haven't used OpenClaw before.
The easiest way to separate them: Claude Code is your workshop. Managed Agents is the factory floor. Hermes is your always-on chief of staff. And any automations you do in Make or Zapier are like one-off recipes you can cook up as needed.
Resources
- Hermes Agent homepage
- Hermes Agent docs
- Hermes Agent GitHub repo
- Hermes Agent v0.15.0 Velocity Release
- Hermes Agent deployment masterclass: architecture overview
- Deployment masterclass: repo setup and environment configuration
- Deployment masterclass: Cloudflare Zero Trust setup
- Deployment masterclass: Modal sandbox execution test
- Hermes Agent deployment template
- Tailscale
- OpenRouter
- Modal
- Fly.io
- Cloudflare Access
- Open WebUI
Glossary of Agent terms
- Agent: AI that works toward a goal using context, tools, instructions, and approval rules.
- Automation: A fixed workflow that follows the same recipe each time.
- Goal: The outcome the agent is trying to complete.
- Context: The information the agent can see.
- Tool: An app, function, or action the agent can use.
- Trigger: The event that starts the workflow.
- Action: Something the agent can do through a tool.
- Human in the loop: A person reviews or approves important actions.
- Guardrail: A rule that limits what the agent can do.
- Permission: The access level the agent has.
- API: The official way one app lets another app talk to it.
- API key: A password-like credential for using an app or model.
- Webhook: An automatic alert sent when something happens.
- JSON: A structured data format with labeled fields.
- MCP: A standard way for AI tools to connect to apps, services, and data.
- Connector: A prebuilt app connection that exposes approved tools.
- Node: One step in a workflow.
- Scaffolding: The support structure that makes a model act like an agent.
- Harness: The software setup that runs, connects, controls, and logs the agent.
- CLI: A command-line interface for controlling software through text commands.
- OCR: Optical character recognition, which turns scanned images of text into machine-readable text.
- Secrets manager: A secure place to store credentials such as API keys.
What to watch next
Automation tools like Make, Zapier, and n8n are still valuable because they connect apps, show workflow logic visually, and make structured business processes easier to debug. Native AI environments like ChatGPT, Claude, Codex, and Claude Code are becoming powerful enough to absorb more of that work directly, though.
For beginners, the right answer is practical. Start where your work already lives. Keep the first workflow boring. Give the agent a clear goal, narrow context, safe tools, and a human approval step. Once it saves time without creating drama, expand from there.
The future of agents will probably arrive as a thousand small workflow improvements before it feels like a sci-fi coworker. That is the better version. Most people do not need a digital employee. They need Monday morning to stop arriving with 43 small tasks already on fire.
Homework: Pick one repetitive task this week. Write the goal, context, trigger, tools, allowed actions, and approval step. Then ask your AI assistant to turn that into a safe first agent workflow.