Two Competing Philosophies for AI Agent Control
OpenClaw and Hermes represent two competing AI agent control philosophies: one treats the gateway that connects an agent to users and tools as the main control surface, while the other treats persistent memory and learned context as the primary mechanism for governing autonomous behaviour and decision-making. Both sit atop language models to turn them into autonomous systems that can run continuously, store context, and call tools without user supervision. OpenClaw, often described as a gateway-first harness, routes a single agent across channels like WhatsApp, Slack, and Teams while platform vendors wrap it with identity and policy. Hermes Agent, by contrast, is a memory-first harness that keeps layered, long-lived context on a developer’s work, skills, and preferences across sessions. The emerging debate is not over which model to use, but over where the most powerful and safest control point in autonomous AI agents should live.
OpenClaw: Gateway-First Control and Platform Integration
OpenClaw focuses on the gateway as the primary AI agent control surface, connecting a single agent to dozens of existing communication channels and tools. Its design is built for breadth, with a central gateway and the ClawHub skills marketplace providing thousands of community skills. According to The New Stack, the project reached around 380,000 GitHub stars by late June, highlighting its visibility among developers. Platform vendors have moved quickly to wrap this breadth in stronger agent governance models. Nvidia wraps OpenClaw inside NemoClaw, an OpenShell runtime that sandboxes each agent and enforces policy from outside the agent. Microsoft runs OpenClaw natively inside Windows execution containers and ties agents like Scout to Entra identity, Teams, Outlook, and SharePoint. This gateway-first approach gives enterprises a single, governed AI agent that staff can reach from their existing tools, while security teams define which folders, mailboxes, or channels each agent may access.
Hermes: Memory-First Control and Developer Autonomy
Hermes Agent takes the opposite path, treating memory as the main AI safety mechanism and control channel for autonomous behaviour. Released by Nous Research under an MIT license, Hermes is designed to run persistently on infrastructure the developer owns, such as a VPS, home server, or laptop. Its defining feature is layered, persistent memory that survives across sessions, allowing the agent to build up knowledge of a developer’s projects, tools, and habits. Instead of prioritising multi-channel gateways, Hermes prioritises context retention, incremental skill development, and personal autonomy. It learns from repeated tasks, refines its own internal skills, and uses that memory to make more informed decisions over time. This memory-first architecture means agent governance models are embedded in what the agent remembers, how it updates those memories, and what rules it applies when reusing them, rather than being enforced mainly at the interface boundary between the agent and external systems.
Why Platform Vendors Want Both Models
Platform vendors are converging on a hybrid view: gateway-based AI agent control is useful but incomplete without deeper memory-based constraints, and vice versa. Microsoft’s Windows platform strategy shows this clearly. The Microsoft Execution Containers (MXC) SDK offers a policy-driven execution layer that controls process isolation, session isolation, micro virtual machines, and Linux containers for agents. Defender and Purview add observability, audit trails, and protections against threats like prompt injection. These gateway-side controls limit what agents can touch and how they connect to networks or files. At the same time, vendors recognise that meaningful autonomous agent security also depends on what the agent learns and retains. Memory-based approaches like Hermes can enforce rules inside the agent’s decision loop, shaping what it considers acceptable actions even before an external policy blocks them. Platforms want agents whose external connections are tightly governed while their internal memories and skills follow consistent, inspectable rules.
Safety, Transparency, and the Future of Agent Governance
The tension between OpenClaw’s gateway-first model and Hermes’ memory-first model reflects deeper questions about AI agent control and safety. Gateway controls, like those in MXC or NemoClaw, are attractive because they sit outside the agent and can be managed centrally, integrated with identities, audit logs, and existing security tools. But they can miss subtle harms when an agent’s internal memory, goals, or skills drift into unsafe territory, especially if outbound network filtering or policy schemas are still maturing. Memory-based controls help address this by shaping how agents represent tasks, prioritize actions, and learn from feedback, yet they are harder for IT teams to inspect and govern at scale. The future of agent governance models will likely blend both: external gateways that enforce least-privilege access and observability, and internal memory policies that keep autonomous decision-making aligned with human expectations for safety, transparency, and accountable behaviour.
