HermesClaw secures Hermes Agent via kernel sandbox

HermesClaw is a bridge between high-capability agents and hard-sec sandbox infrastructure, solving the "rogue agent" problem at the OS level.

• –Kernel-level enforcement via Landlock and Seccomp means security isn't just a "prompt instruction" but an immutable OS constraint.
• –Persistent memory via local Markdown files solves the "goldfish memory" problem typical of session-based agents.
• –Hot-swappable security presets (strict, gateway, permissive) allow developers to adjust agent autonomy on the fly without restarts.
• –Universal Docker support brings NVIDIA's OpenShell-style isolation to macOS and non-NVIDIA Linux users.
• –Integration of 40+ tools and MCP servers makes it one of the most capable local-first agent frameworks available.