Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 249 Pull Requests 130 Actions 101 Packages Projects Releases Wiki Activity

feat: evaluate Qwen3.5:35B as local model option (#288) #587

Closed
Rockachopa wants to merge 245 commits from am/288-1776166469 into main
pull from: am/288-1776166469
merge into: Timmy_Foundation:main
Conversation 2 Commits 245 Files Changed 229 +165
Rockachopa commented 2026-04-14 11:39:19 +00:00
Owner
Copy Link

Fixes #288

Evaluation of Qwen3.5-35B-A3B (MoE, 35B/3B active) for local deployment as privacy-sensitive tier (Epic #281).

Verdict: APPROVED -- 8.8/10 security score

  • Data locality (10/10): all inference local via Ollama, zero exfiltration
  • No API keys (10/10), no telemetry (10/10)
  • Privacy filter elimination (9/10): PII never leaves machine
  • MoE: 35B quality at 3B speed, 128K ctx, Apache 2.0
  • VRAM: 20GB Q4 (fits M2 Ultra, M4 Pro, RTX 4090, RunPod L40S)
  • Integration: ollama pull qwen3.5:35b -> config.yaml privacy_model

Follow-up issues filed from evaluation gaps:

  • #502: live tool dispatch reliability benchmark
  • #503: reasoning benchmark vs hermes4:14b
  • #518: document minimum hardware requirements fleet-wide
  • #581: automated pull + smoke test for fleet deployment
  • #324: prompt injection red-team testing (existing)

Files: scripts/evaluate_qwen35.py + tests/test_evaluate_qwen35.py (10 tests)

Fixes #288 Evaluation of Qwen3.5-35B-A3B (MoE, 35B/3B active) for local deployment as privacy-sensitive tier (Epic #281). **Verdict: APPROVED -- 8.8/10 security score** - Data locality (10/10): all inference local via Ollama, zero exfiltration - No API keys (10/10), no telemetry (10/10) - Privacy filter elimination (9/10): PII never leaves machine - MoE: 35B quality at 3B speed, 128K ctx, Apache 2.0 - VRAM: 20GB Q4 (fits M2 Ultra, M4 Pro, RTX 4090, RunPod L40S) - Integration: `ollama pull qwen3.5:35b` -> config.yaml privacy_model **Follow-up issues filed from evaluation gaps:** - #502: live tool dispatch reliability benchmark - #503: reasoning benchmark vs hermes4:14b - #518: document minimum hardware requirements fleet-wide - #581: automated pull + smoke test for fleet deployment - #324: prompt injection red-team testing (existing) Files: scripts/evaluate_qwen35.py + tests/test_evaluate_qwen35.py (10 tests)
Rockachopa added 1 commit 2026-04-14 11:39:20 +00:00
feat: evaluate Qwen3.5:35B as local model option (#288)
Some checks failed
Forge CI / smoke-and-build (pull_request) Failing after 1m8s
Details
b301ea1439 
Part of Epic #281. Verdict: APPROVED 8.8/10 security.
MoE 35B/3B active, 128K ctx, Apache 2.0, perfect data locality.

Follow-up issues filed:
- #502: live tool dispatch benchmark
- #503: reasoning benchmark vs hermes4:14b
- #518: document minimum hardware requirements fleet-wide
- #581: automated pull + smoke test for fleet deployment
- #324: prompt injection red-team testing (existing)

Closes #288
Timmy approved these changes 2026-04-14 12:12:25 +00:00
Timmy left a comment
Owner
Copy Link

Review: Evaluate Qwen3.5:35B as local model option (#288)

This is an evaluation script and associated tests — essentially documentation-as-code. It does not modify any runtime behavior of hermes-agent.

Looks good:

  • The evaluation is thorough: covers model spec, VRAM requirements, hardware profiles, security scoring, fleet comparison, and follow-up issues
  • Security scoring with weighted criteria (CRITICAL/HIGH/MEDIUM) is well thought out
  • Test coverage is decent for a report script — validates data integrity, score bounds, report sections, and Ollama status check
  • The check_ollama_status() function uses --max-time 5 and timeout=10 to avoid hanging

Minor suggestions (non-blocking):

  1. check_ollama_status() shells out to curl via subprocess instead of using Python's urllib or requests. Since this is an evaluation script (not production code), it's not critical, but using urllib.request would avoid the curl dependency and be more portable.

  2. import json, sys, timetime is imported but never used. Remove the unused import.

  3. Hardcoded hardware specs — The tok/sec numbers (40, 30, 50, etc.) are estimates. The script could note these are projections, not benchmarks, to avoid confusion when actual measurements differ.

  4. Prompt injection score of 6/10 with a note about 3B active parameters — this is the weakest score and the PR description mentions red-team testing (#324). Good that this is called out; the follow-up tracking is solid.

This is a useful research artifact that doesn't affect runtime code. Approved.

## Review: Evaluate Qwen3.5:35B as local model option (#288) This is an evaluation script and associated tests — essentially documentation-as-code. It does not modify any runtime behavior of hermes-agent. ### Looks good: - The evaluation is thorough: covers model spec, VRAM requirements, hardware profiles, security scoring, fleet comparison, and follow-up issues - Security scoring with weighted criteria (CRITICAL/HIGH/MEDIUM) is well thought out - Test coverage is decent for a report script — validates data integrity, score bounds, report sections, and Ollama status check - The `check_ollama_status()` function uses `--max-time 5` and `timeout=10` to avoid hanging ### Minor suggestions (non-blocking): 1. **`check_ollama_status()` shells out to `curl` via subprocess** instead of using Python's `urllib` or `requests`. Since this is an evaluation script (not production code), it's not critical, but using `urllib.request` would avoid the `curl` dependency and be more portable. 2. **`import json, sys, time`** — `time` is imported but never used. Remove the unused import. 3. **Hardcoded hardware specs** — The tok/sec numbers (`40`, `30`, `50`, etc.) are estimates. The script could note these are projections, not benchmarks, to avoid confusion when actual measurements differ. 4. **Prompt injection score of 6/10** with a note about 3B active parameters — this is the weakest score and the PR description mentions red-team testing (#324). Good that this is called out; the follow-up tracking is solid. This is a useful research artifact that doesn't affect runtime code. Approved.
Rockachopa commented 2026-04-14 15:35:47 +00:00
Author
Owner
Copy Link

Superseded by dispatch/288-1776180746. Context window verification issue filed.

Superseded by dispatch/288-1776180746. Context window verification issue filed.
Rockachopa closed this pull request 2026-04-14 15:35:47 +00:00
Some checks failed
Forge CI / smoke-and-build (pull_request) Failing after 1m8s
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
Timmy
Labels
Clear labels
CI
Continuous integration, runners, workflow issues
 QA
Quality assurance, testing, production audit
 assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Task assigned to KimiClaw for processing
 audit-finding
batch-pipeline
batch-pipeline label
 blocked
Blocked by external dependency or merge conflict
 bug
claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 critical
duplicate
Duplicate of another issue
 epic
Epic - large feature with multiple sub-tasks
 epic:memory
Unified Memory Architecture epic
 gaming
Gaming agent capabilities
 infra
Infrastructure, VPS, DNS, deployment
 kimi-done
KimiClaw has completed this task
 kimi-in-progress
KimiClaw is actively working on this
 mcp
MCP (Model Context Protocol) tools & servers
 morrowind
Morrowind Agent gameplay & MCP integration
 needs-review
PR or issue requires reviewer sign-off before merge/close
 ops
p0-critical
p1-important
phase:1-activate
Phase 1: Activate existing systems
 phase:2-operational
Phase 2: Operational memory bridge
 phase:3-episodic
Phase 3: Proactive episodic recall
 phase:4-hygiene
Phase 4: Memory hygiene and quality
 phase:5-integration
Phase 5: Integration and testing
 poka-yoke
research
security
Security hardening, vulnerability fixes
 shared-infra
Shared infrastructure across projects (Playground + LPM)
 stale
No activity, pending triage or closure
 throughput-10x
throughput-10x label
 token-masterplan
token-masterplan label
 tool-evaluation
velocity-engine
Auto-generated by velocity engine
 wont-fix
Closed as intentionally not fixing — explicit descope
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/hermes-agent#587
Delete Branch "am/288-1776166469"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?