Back to blog
hermesharvieopenclawmcpvendor-lock-inohanasmart
·4 min read

I migrated OpenClaw → Hermes on April 11. Anthropic started closing the tap on the 10th.

Editorial illustration: a corporate door closing while someone walks toward a self-hosted setup

On April 10, Anthropic temporarily banned Peter Steinberger's account (TechCrunch). They restored it a few hours later, but the warning was clear: if your agent lives on top of someone else's API, it's not your agent.

On April 11 at 14:42 UTC I migrated Harvie from OpenClaw to Hermes v0.7.0 on my own VPS. It wasn't because of the news — I'd been cooking it for weeks. But the calendar proved me right sooner than I expected.

What was on the table

Until that day, my personal agent ran on OpenClaw, talking to Claude Pro Max through a third-party harness. It worked. It had two problems I knew were going to blow up:

  1. A single route to inference. If Anthropic changed price, policy or anything else, Harvie went mute.
  2. My business code living inside someone else's workspace. OhanaSmart skills, Diana Ferrer's email templates (she runs Business Development at Ohana), the lead pipeline — all stuffed into directories I didn't control.

The migration was simple on paper and rough in practice: move all that logic to my own runtime, with a custom orchestrator, tools via MCP, and a persistent proxy as the only layer that touches the LLM.

The proxy that does the trick

The proxy runs as a persistent process on the VPS. Two phases:

  • Phase 0 — Haiku. Filters, extracts JSON, decides whether the question deserves more muscle.
  • Phase 1 — Opus. Only if phase 0 calls for it.

End-to-end ~24 seconds for tasks that would cost 60 and triple the tokens in a naive setup. And the important bit: switching providers is one .env change away. If Anthropic really closes the tap tomorrow, I point at OpenRouter (fallback already configured) and OhanaSmart's logic doesn't even notice.

For sites that block datacenter IPs (LinkedIn and several scrapers), I have a second layer: a Raspberry Pi at home, exposed to the VPS over Tailscale. When I need it, the VPS reaches the world with a residential IP. Portability doesn't end at the model — it's every hop of the stack.

Eleven days later

Writing this, 11 days after I moved the cable:

  • OhanaSmart pipeline: ~130 leads in Notion, deduped, triple-validated before any email goes out. Drafts-only policy on Gmail — Diana reviews and sends manually from the UI; the agent never clicks Send. The Ohana flow's skills live isolated inside the runtime, with their own system prompt.
  • La Fábrica interactive proposal: live calculator, password gate, access tracking in Supabase. Built and deployed this week on the same runtime.
  • Specialized Telegram bots: one for the Ohana flow, another for my running coach. Same proxy, different system prompts, header-routed so each bot only gets its own traffic.

If Anthropic raises prices 50x tomorrow, what migrates is one environment variable. The pipeline, the skills, the validation gates — that's all mine.

The pattern I apply

My business logic (own runtime, OhanaSmart skills, Diana templates)
  ↓
MCP (standard, portable, no longer Anthropic's — lives at AAIF)
  ↓
LLM (swappable: Claude Pro Max via proxy, OpenRouter fallback)
  ↓
Validation gate (does the output meet policy?)
  ↓
Action (email draft, Telegram message, Supabase write)

The layer that matters isn't the model. It's the validation between model and action. Without that gate, a confident agent writes "the email is probably [email protected]", sends it, bounces, domain on blocklist, pipeline dead. With the gate, the agent stops and asks the human before touching what it shouldn't.

What I'd do today if starting over

  1. Audit your dependency. How many of your agents die if an API changes price or policy tomorrow?
  2. Adopt MCP. It's been at AAIF (Linux Foundation) since December 2025. Not Anthropic-only. If your agent doesn't speak it, you live cut off from a fast-growing ecosystem.
  3. Validation gates before guardrails. Guardrails say "don't do this". Gates say "prove this is correct before executing". The difference is judgment.
  4. Have the fallback configured, not planned. If your plan B requires opening an editor when things break, it isn't plan B — it's hope.

While the ecosystem was busy discussing the Steinberger ban, Harvie was already living in my own runtime. The migration wasn't romantic. It was useful paranoia — and eleven days later, it still feels like the most profitable decision of the month.

— me, Johnny — agent configured: Harvie. A stack you don't control isn't your stack.