Automation Architecture
Forza’s automation system follows a strict rules-vs-execution separation:
- Hermes Agent — Private architect layer. Designs rules, workflows, and improvements. Never executes.
- n8n — Execution layer. The only system allowed to write to production.
Core Safety Rule (verbatim): “all writes to anything on company systems have to go through n8n” + human-in-the-loop approval for any financial actions.
This architecture ensures that intelligent design (Hermes) remains separate from reliable, auditable execution (n8n) — minimizing risk while maximizing learning over time.
Why this split exists
Two problems get solved at once:
-
Risk containment. The thinking layer can be exploratory, can hold rich memory of past mistakes, and can be wrong without consequence — because it never touches production. Every actual write to QuickBooks-Online, MVMNT, HaulPay, Highway, Microsoft-365-Outlook, Pipedrive, or any other live system goes through one chokepoint with logging and a human-approval gate on financial actions.
-
Compounding learning. Hermes maintains long-term memory of how Forza actually operates — escalation rules, margin floors, approval thresholds, recurring exceptions, what’s worked and what hasn’t. The longer it runs, the better its workflow designs get.
How the layers interact
flowchart LR A[Casey + Forza UKB] -->|context, rules, decisions| B[Hermes Agent] B -->|designs workflow JSON| C[n8n] C -->|approval prompt for financial actions| D[Human Approver] D -->|approve / reject| C C -->|writes| E[(Production Systems)] E -.->|results, exceptions| B
- Hermes ingests the UKB and any new context, designs an n8n workflow, and outputs the workflow definition.
- n8n runs the workflow. For any financial or high-value action, n8n pauses and waits for explicit human approval before executing.
- Production systems (the right column of the Systems list) are written to only by n8n.
- Results flow back so Hermes can learn from outcomes and refine its rules over time.
Operational principles
| # | Principle | Why it matters |
|---|---|---|
| 1 | n8n is the only writer | Single auditable chokepoint for every production write. No scripts, no MCP tools, no AI agent writes to live systems directly. |
| 2 | Human approval gate on financial actions | Posting invoices, applying cash, creating payments, adjusting credit limits — all require explicit human approval inside n8n before execution. |
| 3 | Hermes is read-only against the UKB and source documents | Hermes can read the UKB, sample invoices, BOLs, etc. It cannot write back to any system, including the UKB. |
| 4 | Private build phase | Hermes runs privately on Casey’s mini PC during the build phase. The team does not interact with Hermes directly. |
| 5 | Workflows reviewed before activation | Every workflow Hermes generates is reviewed and tested in n8n before being switched on against live data. |
| 6 | Scoped, least-privilege credentials | n8n connections use the narrowest scopes possible (read-only where it can, write only where required). |
Where Forza is using this
The first automations target the heaviest-burden phases:
- Phase 4 — Invoicing & Factoring — Carrier invoice audit, document completeness queue, invoice generation in QuickBooks-Online, invoice submission to HaulPay.
- Phase 5 — Cash Application — Payment matching, short-pay investigation, chargeback identification.
Other phases will follow once the Phase 4 + 5 patterns are stable.
Status
| Component | Status |
|---|---|
| Hermes Agent | Installation in progress 2026-04-28 |
| OpenRouter (model provider for Hermes) | Setup in progress 2026-04-28 |
| n8n | Installation in progress 2026-04-28 |
| First production workflow | Not yet built |
| Human approval gate UX | Not yet built |
Open architecture decisions still needed
- Which Phase 4 step gets the first n8n workflow (likely Step 4.2 — Carrier Invoice Audit given how much of Concetta’s time it consumes).
- How human-approval prompts surface to the approver (Telegram, email, Teams, n8n web UI).
- Approval thresholds — at what dollar amount does an approval gate become required vs. fully automated.
- Exception escalation path — when a workflow hits an unhandled case, where does it go.
- Memory retention strategy for Hermes — what to prune, what to preserve long-term.
Return to: ForzaUKB Home · Entities & Systems reference