hermes - 💡(How to fix) Fix [BUG] Agents do not respect workspace boundaries, scatter files across entire filesystem [1 participants]

Problem

Hermes agents do not stay within their designated workspace boundaries. Despite clear instructions about folder structures and project organization, agents wander the entire machine, creating files in arbitrary locations, leaving "carnage" everywhere, and wasting significant time on filesystem searches instead of productive work.

Symptoms

1. Files created outside project boundaries: Agents create temp files, shell scripts, and cron job scripts in locations that have nothing to do with the task at hand
2. Shell commands search entire machine: Instead of working within the designated project folder, agents run grep and find across the whole filesystem, wasting hours of compute time on mini Macs
3. Temp files and scripts scattered everywhere: Agent leaves behind temporary files, scripts, and artifacts in random locations across the filesystem
4. Rules not followed: Despite clear conventions (one file, one function, one export), agents ignore these and do things their own way
5. Multi-machine issue: The problem occurs on multiple Hermes installs across different computers — not isolated to one setup

Expected Behavior

• Agents should work primarily within the project folder or explicitly designated directories
• Temp files and scripts should be created in designated temp locations, not scattered across the filesystem
• Agents should respect the "one file, one function, one export" convention
• Filesystem searches should be scoped to relevant directories, not the entire machine

Impact

• Severe efficiency loss: Agents spend hours doing filesystem searches instead of actual work
• Machine pollution: Home directories and project folders are cluttered with stray files
• Broken conventions: Code quality rules (single responsibility per file) are ignored
• Wasted compute: Mini Macs especially suffer from full-machine grep/find operations

Root Cause

The terminal tool does not enforce workspace boundaries. When agents use cd to change directories, they can navigate anywhere on the filesystem and all subsequent file operations happen outside the intended scope. There is no isolation or sandboxing of the agent's working directory.

Suggested Fixes

1. Workspace pinning: Allow configuration of a "allowed workspace root" — any file operations outside this boundary should be blocked or require explicit user approval
2. Temp directory enforcement: Force all temp file creation through a designated temp directory with automatic cleanup
3. Scope-aware search tools: The grep/search tools should default to the current project directory, not traverse upward to / or $HOME
4. Working directory reset: After each agent task, reset working directory to the project root to prevent drift

notes

• Hermes: Constantly wandering, leaving mess, breaking conventions

This is a systemic issue affecting multiple installations and is severely impacting efficiency.