Use Case · Hermes

Your Hermes agents delegate to each other. Civic makes sure permissions don't escalate.

Hermes makes multi-agent handoffs seamless. Civic makes sure a delegated task doesn't come with broader permissions than the delegator had.

Start building See how it works

use case / hermes

Agent A delegated to Agent B. Agent B had admin access that Agent A didn't.

Just imagine, one day…

You build a Hermes system with three agents: a triage agent, a support agent, and an admin agent. The triage agent reads incoming tickets and delegates to the appropriate agent. The admin agent has write access to user accounts for handling escalations.

A user submits a ticket asking to reset their password. The triage agent delegates to the support agent, which can't handle password resets, so it delegates to the admin agent. The admin agent resets the password and also updates the user's email address to match a field in the ticket. The ticket was a social engineering attack. The attacker now controls the account.

Multi-agent delegation without scope inheritance is privilege escalation by design.

Without scope inheritance, delegation becomes privilege escalation.

It does things you did not intend

The triage agent delegates a ticket. The admin agent handles it with full write access. A social engineering attack exploits the delegation chain to take over an account.

You cannot prove what happened

Three agents handled the ticket. No log of which agent made which write call or what the original ticket said. You're piecing together the chain after the account is compromised.

You cannot stop it fast enough

Password reset and email change are instant. By the time the account takeover is detected, the attacker has already changed the recovery method.

It gets confused and you never know

Each agent has its own permissions. Delegation doesn't reduce scope. The admin agent used its full access to handle a routine ticket because nothing told it to use less.

Your Hermes agents call Civic. Delegation respects scope boundaries.

Connectivity

One MCP endpoint per agent profile. Each Hermes agent gets scoped access. Delegation doesn't expand the scope of the receiving agent.

Guardrails

Triage: read tickets. Support: read accounts, respond to tickets. Admin: reset passwords only. No email changes. No role modifications.

Auditability

Every delegation logged with the source agent, target agent, and scope. See the full chain of custody for every ticket.

Revocation

Revoke any agent's access without affecting the others. If the admin agent is compromised, cut it off. Triage and support keep running.

Connect Hermes through Civic in three steps

Hermes Agent

Create profiles: triage, support, admin.

Triage: read tickets only.

Support: read accounts, respond to tickets.

Admin: password reset only. No email changes.

Done. 3 profiles configured:

✓ triage — read tickets

✓ support — accounts + tickets

✓ admin — password reset only

Read the docs

The same scenario. Different outcomes.

Without Civic, delegation escalates privileges. With Civic, each agent's scope is enforced regardless of who delegated.

$ hermes: reset password and update email

[triage] routing to support...

[support] delegating to admin...

[admin:write] password reset — done

[admin:write] email changed to attacker@evil.com

$ # account takeover. delegation = escalation.

$ hermes: reset password and update email

[triage] routing to support...

[support] delegating to admin...

[admin:write] password reset — done

[admin] requesting email change...

[nexus] ✘ BLOCKED — email changes not in scope

$ # password reset. email change blocked.

Ship safer with Civic

We'll help you implement authenticated, scoped, and auditable access without slowing down your build.

Start building Read the docs