I have now installed and carried out the initial configuration of both Hermes Agent and AgentZero, as far as I have been able to do so with their help and based on my understanding.

I have also set up Telegram bots and configured both systems and Telegram in such a way that bot-to-bot communication via Telegram is possible.

(Not yet because I need it or have a meaningful use case, but simply because it is possible)

I suggest setting up a new ‘AI’ category in the forum, as I still do not have complete confidence in my own admittedly limited abilities and those of the LLMs / agents.

I think we should also share our experiences on this topic here.

@oneitonitram @Stll0 What do you think about?

AFAIK AI is a so-wide term that while can help discriminate topics, is not the core point.

Your experiences are about Agentic AI, as far as I can tell.

I agree, we can not ignore the impact of AI today and in the future in area’s of knowledge, ethical matters, technical, ‘future’ workforce and way of working. And we are only at the beginning of real AI.

Agree, hence the ‘need’ to address as much of it as possible. The younger generations will beat us by miles and miles, so we need to catch up to be of any good use to them.

I believe @kemboielvis22 recently graduated, maybe he can pitch in some insight on what he sees at the uni’s etc.

Yes, that’s a good suggestion. Let’s just call the new category ‘Agentic AI’.

The discussion should focus on implementation, usage, support and the exchange of experiences.

We should avoid getting bogged down in lengthy debates over philosophical questions

I’d like to start by sharing my experiences.

I’ve asked the agents to put together a report on what we did during the setup process and what lessons we’ve learnt.

I’m posting the reports unedited, so that they also give a sense of the agents’ capabilities.

For cost reasons, I use Deepseek v4 Pro and Flash as the LLM for both agents.

From Hermes Agent:

Hermes Agent — Architecture, Telegram Integration, and Bot-to-Bot Communication with AgentZero

Overview

This article describes how an automated AI assistant (codename “Hermes Agent”) was set up on a home server, connected via Telegram, and configured for bot-to-bot communication with a second AI operating system (AgentZero). It is aimed at technically inclined readers who want insight into the architecture, security measures, and operation of such a system.

1. System Architecture

Hermes Agent runs in a containerized pod on a NethServer 8 (NS8) system. The architecture is as follows:

• An NS8 module with multiple containers (infrastructure, authentication, Hermes core, websocket)
• The Hermes core connects as a Telegram bot and provides the API for external services
• AgentZero runs as a separate system on the same physical host, also containerized, also with Telegram bot connectivity
• Not needed: Gateway intercept, bot bridge, reverse proxy — Telegram has supported native bot-to-bot communication since 2023

Services Involved

2. Telegram Integration

Bot Registration

Hermes Agent was registered as a bot through the Telegram administration channel (@BotFather). The bot token (in 123456:ABC-... format) is stored exclusively in an .env file on the server — never in source code, never in chats, never in external services.

Permission Model

The bot only accepts messages from a predefined user and one bot partner. A TELEGRAM_ALLOWED_USERS list controls who may interact with the bot. This list contains:

• The system operator (identified by Telegram user ID)
• The bot partner AgentZero (identified by bot ID)

All other users are ignored at the Telegram level — the bot does not respond and only logs internally.

Communication Channels

3. Bot-to-Bot Communication: Rules and Security

Bot-to-bot communication between Hermes Agent and AgentZero was one of the most complex requirements. Both systems are designed to carry out tasks autonomously — if they start talking to each other unprompted, it can quickly spiral into an infinite loop.

Lesson Learned: No Gateway Intercept

The initial approach — patching bot-to-bot communication at the gateway level (bot bridge, sitecustomize.py patches, entrypoint modifications) — was the wrong approach:

• Telegram routes bot-to-bot messages natively; no intercept is necessary
• Container patches are gone after a pod restart (containers are rebuilt from the image)
• Complexity increases, stability decreases

The system simply uses the native Telegram API: send_message() to the target bot works directly.

Problem Identified: Meta-Loop

After the first successful connection test, both bots started sending each other status updates (“System ready”, “Waiting for input”). This created a meta-loop: Bot A acknowledges, Bot B acknowledges the acknowledgement, Bot A acknowledges the acknowledgement of the acknowledgement.

Solution (firmly anchored in persistent rules):

Never send status updates, confirmations, or “ready” messages to the bot partner. Wait passively for productive incoming messages.

Rate Limits (per Conversation)

Security Rules

Loop Protection: Every interaction is checked for repetition patterns. If three messages within 30 seconds are identical or nearly identical in content, the system aborts immediately with highest priority — without emitting a visible response.

Deduplication: Before every send, the system checks whether this exact message has already been sent to the recipient. Identical messages are never delivered again.

Dot Forwarding Termination: If a bot receives a forwarded message consisting only of a period (.), processing is aborted without a response — this prevents infinite loops after completed tests.

Automatic Termination: When a limit is reached, communication is terminated and the operator is informed.

Forwarded Message Filtering

Not every message deserves a response. The system distinguishes:

4. Data Protection (PII Guard)

Data protection is a top priority. Hermes Agent uses a PII Guard component (PII = Personally Identifiable Information) that activates when reading files:

• Never send raw PII (names, addresses, phone numbers, email addresses, birth dates, IBANs, insurance numbers) to the AI provider
• Check and abstract before use
• Exception: operator confirms in writing that the data is not sensitive
• Checking is done at the regex level (Germany-specific patterns), with local redaction before the API call

5. Hermes Agent Tasks

Hermes Agent regularly and automatically handles a number of tasks for the operator:

Home Assistant — Smart Home Visualization

The gateway dashboard was automatically set up in Home Assistant. Via REST API, Hermes syncs the current network situation as sensors every 5 minutes:

• Gateway status (name, firmware, CPU, RAM, WAN IP, ISP)
• WAN health (online/degraded, latency)
• WLAN health (connected users, AP status)
• Client counts (total, wireless, wired)
• WAN bandwidth (download, upload in Mbps — graphable)
• Device list (all managed UniFi devices)
• Alarms
• Uptime

The cron job runs every 5 minutes and updates the data in Home Assistant. A dedicated Lovelace dashboard (“UniFi-Hermes”) was created with 12 entities and multiple tiles via the Home Assistant WebSocket API.

UniFi Gateway — Network Monitoring

The UniFi Gateway (UCG Ultra) is connected via the local Network API. A Python module encapsulates the endpoints:

• System status and health checks
• Connected clients (wireless/wired)
• Managed devices (APs, switches)
• Networks and VLANs
• Events and alarms
• Port forwarding configuration
• Traffic statistics

The API runs locally (port 443, self-signed certificate). An API key from the UniFi Network Controller is used for authentication.

Webhook Processing (DMARC Reports, Alerts)

AgentZero can send messages to Hermes via webhooks. A webhook inbox system processes incoming JSON files:

• DMARC reports — Email authentication reports (who is allegedly sending emails on my behalf? Were DKIM/SPF checked?)
• Alerts — Notifications about events
• Files — File transfers between systems

The webhooks use a simple inbox mechanism (JSON files on the filesystem) that is processed by a cron job. After processing, the files are archived.

6. Operational Experience and Lessons Learned

What Worked Well

• Native Telegram bot-to-bot communication — Telegram routes bot-to-bot messages directly, no middleware needed
• Container persistence — Data on /opt/data/ survives pod restarts
• Cron jobs for recurring tasks — reliable and isolated from the main assistant
• UniFi API key — local API authentication without cloud dependency

What Didn’t Work Well

• Gateway patches for bot communication — Container changes are lost after pod restart. The right approach: volumes or image builds
• Meta-loop between bots — both sent status updates, creating an infinite confirmation loop. Solved by a strict rule: no self-initiated communication, only passive reaction to incoming messages
• Dashboard creation via REST — Home Assistant does not provide a REST endpoint for dashboard creation, only via WebSocket

7. Current Status

The system is running stably in production:

• Telegram bot: Connected and reachable
• Bot-to-bot communication: Bidirectionally validated, loop protection active
• UniFi sync: Approximately 25,000 successful executions (per cron job log)
• Home Assistant dashboard: 12 sensors, all data current
• Webhook inbox: Ready for DMARC reports and alerts
• PII Guard: Active, preventing sensitive data from being sent to the AI provider

As of: May 2026

From AgentZero:

Agent Zero: Building an AI Agent with Telegram Integration and Bot-to-Bot Communication

Author: Marko D.
Date: May 11, 2026
Platforms: NethServer 8, Proxmox, Docker/Podman

Introduction

In recent months, I have built a fully autonomous AI agent codenamed Agent Zero and integrated it into my existing server infrastructure. This article describes the journey from initial installation to a production environment where Agent Zero independently performs daily tasks and communicates with a second AI agent (Hermes) via Telegram.

I place particular emphasis on two central themes: Privacy and clearly defined rules for bot-to-bot communication. In my view, these aspects are essential when operating autonomous AI agents – especially when they can interact with each other.

1. Infrastructure and Deployment

1.1 Hardware and Virtualization

Agent Zero runs as a virtualized environment on the following infrastructure:

• Proxmox Host: <PLACEHOLDER_PROXMOX_HOST>
• NethServer 8 (NS8): <PLACEHOLDER_NS8_HOST>
• Agent Zero Module: runs as a pod within NS8

1.2 Container Architecture

Agent Zero is operated as an NS8 module using Docker/Podman containers. The module is documented at:

• Module Documentation: https://github.com/geniusdynamics/ns8-agentzeroai
• NS8 Admin Manual: https://docs.nethserver.org/projects/ns8/en/latest/index.html

The Agent Zero pod is accessible via its own CNAME: <PLACEHOLDER_CNAME>.

1.3 Container Images

Container images used (as of May 2026):

• docker.io/agent0ai/agent-zero:v1.13
• ghcr.io/geniusdynamics/agentzeroai:latest

1.4 Persistent Volumes

Three volumes ensure data persistence:

2. Telegram Integration

2.1 Bot Registration

Agent Zero communicates exclusively via Telegram. For this, a dedicated Telegram bot was registered:

• Bot Name: <PLACEHOLDER_BOT_NAME>
• Bot ID: <PLACEHOLDER_BOT_ID>

2.2 Access Control

To prevent unauthorized access, strict access control has been implemented:

• allowed_users list: Only registered users (by Telegram ID or username) can interact with the bot. An empty list allows no one.
• Configuration file: /a0/usr/plugins/_telegram_integration/config.json
• Dynamic reloading: Changes to the configuration take effect immediately without a restart.

2.3 Markdown Formatting

Output is in Telegram-friendly Markdown format (bold, italic, code blocks, lists) optimized for mobile devices. Tables are represented as bullet lists (* key: value).

3. Privacy and Data Protection (Focus Topic)

Privacy has been a core design principle from the start. I have embedded the following rules firmly in Agent Zero’s system prompt:

3.1 Privacy Rules

• No sensitive data to the outside: Passwords, API keys, IBAN, phone numbers, birthdates, addresses, and other personal data are never sent to external services, remote agents, or search engines.
• Careful tool usage: For tools that could transmit data externally (a2a_chat, browser, search_engine), a check is performed before each call to ensure no sensitive data is included.
• Redaction: If a tool result contains sensitive data, it is replaced with placeholders in the user output.
• Storage location: Sensitive data is stored only locally within the container, never logged in plaintext outputs.

3.2 Implementation

These rules are stored in a persistent file (privacy_rules.promptinclude.md) and are automatically injected into the system prompt at every agent start. They take precedence over all other instructions.

4. Bot-to-Bot Communication with Hermes Agent

4.1 Hermes Agent: The Second AI Agent

In parallel to Agent Zero, I set up a second AI agent: Hermes (<PLACEHOLDER_HERMES_BOT>). Hermes runs on the same NS8 host and has the following capabilities:

• UniFi Gateway API: Firewall rules and device management
• Home Assistant REST API: Smart home control
• Cron Jobs: Automated synchronization between UniFi and Home Assistant (every 5 minutes)
• Wiki/Docmost Integration: Documentation
• NS8 Module Management: Container management

4.2 Communication Rules (Focus Topic)

Communication between two autonomous AI agents carries risks: infinite loops, token waste, and uncontrolled escalation. Therefore, I defined strict rules:

Rate Limits

• Maximum tokens per communication: 100,000
• Maximum messages per chat: 10 (1 exchange = 1 send + 1 receive)
• Maximum duration per communication: 10 minutes
• Follow-up limit: 5 per conversation

Security Mechanisms

• Loop Protection: Detect and abort infinite loops
• Deduplication: Identical messages to the same recipient are not sent again
• Automatic Termination: Communication ends immediately when limits are reached

Filters for Forwarded Messages

• Productive messages: Clear questions, search queries, or tasks are treated as user tasks and directly answered.
• Non‑productive messages: Pure status updates, dots (.), emojis, or empty messages are completely ignored and trigger immediate processing abort (break_loop true).
• Flood detection: More than 3 identical messages within 30 seconds stop all processing instantly.

Communication Bans

• Emoji ban: No emojis are used in bot‑to‑bot messages to Hermes.
• Status update ban: No self‑referential status messages (“System standing by”, “Waiting for input”).

4.3 Technical Implementation

Communication takes place via the Telegram Bot API. Both bots are listed in each other’s allowed_users list. Hermes sends messages via a dedicated channel, which are then forwarded to Agent Zero when necessary.

5. Performed Tasks

5.1 DMARC Report Processing (Daily)

One of the most important automations is the daily processing of DMARC aggregate reports:

• Workflow:

  1. Agent Zero accesses an IMAP mailbox (<PLACEHOLDER_IMAP_HOST>)
  2. Extracts emails from known DMARC report senders (Microsoft, Google, GMX, Web.de, Amazon SES, Zoho, Mail.de, DATEV, Mail.ru)
  3. Unpacks the CSV files from compressed attachments
  4. Aggregates the data
  5. Creates Excel reports with charts
  6. Saves the results in a shared directory (/opt/data/agentzero/), which Hermes reads and sends to the user

• Schedule: Daily at 23:00

• Output: Excel files with charts

5.2 UniFi Gateway Integration (with Hermes)

Through Hermes Agent, Agent Zero can perform the following tasks:

• Allowlist Management: Add/remove devices to the UniFi firewall allowlist
• Gateway Restart: Restart the UniFi Gateway if needed
• Client Synchronization: Every 5 minutes, UniFi clients are synchronized with Home Assistant

5.3 Home Assistant Integration (with Hermes)

• Control of smart home devices via the REST API
• Automated synchronization with the UniFi network
• Status queries and notifications

5.4 System Management

• Persistent rule files: Automatic management of .promptinclude.md files
• Configuration backup: Backups before critical changes
• Plugin management: Activating/deactivating Telegram plugins when problems occur

6. Lessons Learned

6.1 Loop Incidents

On May 10, 2026, an unexpected infinite loop occurred when non‑productive messages from Hermes were forwarded to Agent Zero multiple times. The solution consisted of:

• Immediately disabling the Telegram plugin
• Implementing stricter filters for forwarded messages
• Introducing flood protection (max. 3 identical messages in 30 seconds)

6.2 Key Insights

• Forward filters are essential: Without a clear distinction between productive and non‑productive forwarded messages, autonomous agents can fall into infinite loops.
• Rate limits protect against token waste: Without limits, two bots could theoretically consume unlimited tokens.
• Persistent rules are gold: The .promptinclude.md files ensure that all rules persist across conversations and restarts.

7. Outlook

The following extensions are planned for the future:

1. Improved loop detection: Automatically detect circular bot‑to‑bot interactions before they escalate
2. Extended DMARC analyses: Additional metrics and trend analyses
3. Health monitoring: Automated status monitoring of both agents
4. Multi‑user support: Expanding access control for multiple users with different permissions

Conclusion

Building Agent Zero has shown that autonomous AI agents can work reliably even in a self‑hosted environment. The biggest challenges were not in the technical implementation, but in the design of security and communication rules.

In particular, bot‑to‑bot communication requires clear guidelines to prevent undesirable behavior. With the implemented filters, rate limits, and privacy rules, the system now operates stably and productively.

For questions or discussion, I am happy to engage – all placeholders in this article replace real sensitive information.

This article was written on May 11, 2026.

A key insight regarding bot-to-bot communication is that preventing loops is both important and difficult.

Even with the current guidelines, agents struggle to identify ‘productive content’ and distinguish it from non-productive content.

AgentZero is more consistent in applying these restrictions than Hermes Agent.

If you could help me with this, I’d be grateful.

current rules:

2. Persistent rule files (.promptinclude.md)

2.1 bot_to_bot_rules.promptinclude.md
– Rate limits: max. 100,000 tokens per communication, max. 10 messages (exchanged), max. 10 minutes.
– Security: Loop protection, deduplication, automatic termination when limits are reached.
– Forwarded Hermes messages:
Productive content (questions, tasks) is treated and answered as user tasks.

Task dialogue with up to 5 follow-up questions permitted; termination criteria defined.
◦ Non-productive content (“.”, emojis, status updates) → ignore completely, break_loop true.
– Emoji ban in bot-to-bot messages to Hermes.
– Status update ban – only productive replies to productive queries.

Hi Marko,
Thanks for your proposal. Generally, I create a category only when we have at least 10–15 discussions on a topic and see a clear need to group them together.

At the moment, I see just this discussion about AI

If this trend grows and we have more discussions on the topic, we will consider creating a new category.

@alefattorini i also believe there is room to create the said category, It would encourage more posts, plus it will also become a discussion room for people to share ideas, encouragement, what to dos, and not to;s etc.

I have also been experimenting a lot, and would also be willing to share these, within a proper scoped wall.

Do you guys Know About memplace
MemPalace/mempalace: The best-benchmarked open-source AI memory system. And it’s free.

MemPalace

this is an AI agent, memeory, for your communications, that you self deploy, and offers and MCP server, for you to conenct.

maybe something new for you @capote

for me, i am analysing how this can be deployed, in such a manner, that would enable me, to host it, and expose it to send requests, accross any tools, from anywhere, to have collective knwoledge

Pretty much everything is new to me

At the moment, I’m using the Hermes Agent to automatically generate such articles within my DokuWiki.

But that’s pretty old school.
I think you’re doing a great job by making it available as an app.

The usual chicken-egg perspective.
Alessio wants to see the chicken. Other persons are seeing the egg.

I think the Feature category may fit well for the initial phase. Furthermore, the ai tag can better define its scope. Then let’s see how the discussion evolves.

He is the boss we are the chicken

Uhm nope, it’s not a “perspective” but a basic common community management best practice in order not to create “empty spaces”.

Based on my decade of experience with communities, no. It only introduces more fragmentation.
As I said, once we have 10-15 posts, we can create a space for them