2025-10-01 09:54:17 +00:00
|
|
|
# Hermes Agent Environment Configuration
|
|
|
|
|
# Copy this file to .env and fill in your API keys
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (OpenRouter)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# OpenRouter provides access to many models through one API
|
|
|
|
|
# All LLM calls go through OpenRouter - no direct provider keys needed
|
|
|
|
|
# Get your key at: https://openrouter.ai/keys
|
|
|
|
|
OPENROUTER_API_KEY=
|
|
|
|
|
|
|
|
|
|
# Default model to use (OpenRouter format: provider/model)
|
2026-02-28 04:46:35 -08:00
|
|
|
# Examples: anthropic/claude-opus-4.6, openai/gpt-4o, google/gemini-3-flash-preview, zhipuai/glm-4-plus
|
2026-02-08 12:56:40 -08:00
|
|
|
LLM_MODEL=anthropic/claude-opus-4.6
|
2026-02-01 15:36:26 -08:00
|
|
|
|
feat: add z.ai/GLM, Kimi/Moonshot, MiniMax as first-class providers
Adds 4 new direct API-key providers (zai, kimi-coding, minimax, minimax-cn)
to the inference provider system. All use standard OpenAI-compatible
chat/completions endpoints with Bearer token auth.
Core changes:
- auth.py: Extended ProviderConfig with api_key_env_vars and base_url_env_var
fields. Added providers to PROVIDER_REGISTRY. Added provider aliases
(glm, z-ai, zhipu, kimi, moonshot). Added auto-detection of API-key
providers in resolve_provider(). Added resolve_api_key_provider_credentials()
and get_api_key_provider_status() helpers.
- runtime_provider.py: Added generic API-key provider branch in
resolve_runtime_provider() — any provider with auth_type='api_key'
is automatically handled.
- main.py: Added providers to hermes model menu with generic
_model_flow_api_key_provider() flow. Updated _has_any_provider_configured()
to check all provider env vars. Updated argparse --provider choices.
- setup.py: Added providers to setup wizard with API key prompts and
curated model lists.
- config.py: Added env vars (GLM_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY,
etc.) to OPTIONAL_ENV_VARS.
- status.py: Added API key display and provider status section.
- doctor.py: Added connectivity checks for each provider endpoint.
- cli.py: Updated provider docstrings.
Docs: Updated README.md, .env.example, cli-config.yaml.example,
cli-commands.md, environment-variables.md, configuration.md.
Tests: 50 new tests covering registry, aliases, resolution, auto-detection,
credential resolution, and runtime provider dispatch.
Inspired by PR #33 (numman-ali) which proposed a provider registry approach.
Credit to tars90percent (PR #473) and manuelschipper (PR #420) for related
provider improvements merged earlier in this changeset.
2026-03-06 18:55:12 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (z.ai / GLM)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# z.ai provides access to ZhipuAI GLM models (GLM-4-Plus, etc.)
|
|
|
|
|
# Get your key at: https://z.ai or https://open.bigmodel.cn
|
|
|
|
|
GLM_API_KEY=
|
|
|
|
|
# GLM_BASE_URL=https://api.z.ai/api/paas/v4 # Override default base URL
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (Kimi / Moonshot)
|
|
|
|
|
# =============================================================================
|
2026-03-07 20:43:34 -05:00
|
|
|
# Kimi Code provides access to Moonshot AI coding models (kimi-k2.5, etc.)
|
|
|
|
|
# Get your key at: https://platform.kimi.ai (Kimi Code console)
|
|
|
|
|
# Keys prefixed sk-kimi- use the Kimi Code API (api.kimi.com) by default.
|
|
|
|
|
# Legacy keys from platform.moonshot.ai need KIMI_BASE_URL override below.
|
feat: add z.ai/GLM, Kimi/Moonshot, MiniMax as first-class providers
Adds 4 new direct API-key providers (zai, kimi-coding, minimax, minimax-cn)
to the inference provider system. All use standard OpenAI-compatible
chat/completions endpoints with Bearer token auth.
Core changes:
- auth.py: Extended ProviderConfig with api_key_env_vars and base_url_env_var
fields. Added providers to PROVIDER_REGISTRY. Added provider aliases
(glm, z-ai, zhipu, kimi, moonshot). Added auto-detection of API-key
providers in resolve_provider(). Added resolve_api_key_provider_credentials()
and get_api_key_provider_status() helpers.
- runtime_provider.py: Added generic API-key provider branch in
resolve_runtime_provider() — any provider with auth_type='api_key'
is automatically handled.
- main.py: Added providers to hermes model menu with generic
_model_flow_api_key_provider() flow. Updated _has_any_provider_configured()
to check all provider env vars. Updated argparse --provider choices.
- setup.py: Added providers to setup wizard with API key prompts and
curated model lists.
- config.py: Added env vars (GLM_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY,
etc.) to OPTIONAL_ENV_VARS.
- status.py: Added API key display and provider status section.
- doctor.py: Added connectivity checks for each provider endpoint.
- cli.py: Updated provider docstrings.
Docs: Updated README.md, .env.example, cli-config.yaml.example,
cli-commands.md, environment-variables.md, configuration.md.
Tests: 50 new tests covering registry, aliases, resolution, auto-detection,
credential resolution, and runtime provider dispatch.
Inspired by PR #33 (numman-ali) which proposed a provider registry approach.
Credit to tars90percent (PR #473) and manuelschipper (PR #420) for related
provider improvements merged earlier in this changeset.
2026-03-06 18:55:12 -08:00
|
|
|
KIMI_API_KEY=
|
2026-03-07 20:43:34 -05:00
|
|
|
# KIMI_BASE_URL=https://api.kimi.com/coding/v1 # Default for sk-kimi- keys
|
|
|
|
|
# KIMI_BASE_URL=https://api.moonshot.ai/v1 # For legacy Moonshot keys
|
|
|
|
|
# KIMI_BASE_URL=https://api.moonshot.cn/v1 # For Moonshot China keys
|
feat: add z.ai/GLM, Kimi/Moonshot, MiniMax as first-class providers
Adds 4 new direct API-key providers (zai, kimi-coding, minimax, minimax-cn)
to the inference provider system. All use standard OpenAI-compatible
chat/completions endpoints with Bearer token auth.
Core changes:
- auth.py: Extended ProviderConfig with api_key_env_vars and base_url_env_var
fields. Added providers to PROVIDER_REGISTRY. Added provider aliases
(glm, z-ai, zhipu, kimi, moonshot). Added auto-detection of API-key
providers in resolve_provider(). Added resolve_api_key_provider_credentials()
and get_api_key_provider_status() helpers.
- runtime_provider.py: Added generic API-key provider branch in
resolve_runtime_provider() — any provider with auth_type='api_key'
is automatically handled.
- main.py: Added providers to hermes model menu with generic
_model_flow_api_key_provider() flow. Updated _has_any_provider_configured()
to check all provider env vars. Updated argparse --provider choices.
- setup.py: Added providers to setup wizard with API key prompts and
curated model lists.
- config.py: Added env vars (GLM_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY,
etc.) to OPTIONAL_ENV_VARS.
- status.py: Added API key display and provider status section.
- doctor.py: Added connectivity checks for each provider endpoint.
- cli.py: Updated provider docstrings.
Docs: Updated README.md, .env.example, cli-config.yaml.example,
cli-commands.md, environment-variables.md, configuration.md.
Tests: 50 new tests covering registry, aliases, resolution, auto-detection,
credential resolution, and runtime provider dispatch.
Inspired by PR #33 (numman-ali) which proposed a provider registry approach.
Credit to tars90percent (PR #473) and manuelschipper (PR #420) for related
provider improvements merged earlier in this changeset.
2026-03-06 18:55:12 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (MiniMax)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# MiniMax provides access to MiniMax models (global endpoint)
|
|
|
|
|
# Get your key at: https://www.minimax.io
|
|
|
|
|
MINIMAX_API_KEY=
|
|
|
|
|
# MINIMAX_BASE_URL=https://api.minimax.io/v1 # Override default base URL
|
|
|
|
|
|
|
|
|
|
# MiniMax China endpoint (for users in mainland China)
|
|
|
|
|
MINIMAX_CN_API_KEY=
|
|
|
|
|
# MINIMAX_CN_BASE_URL=https://api.minimaxi.com/v1 # Override default base URL
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# TOOL API KEYS
|
|
|
|
|
# =============================================================================
|
|
|
|
|
|
|
|
|
|
# Firecrawl API Key - Web search, extract, and crawl
|
|
|
|
|
# Get at: https://firecrawl.dev/
|
|
|
|
|
FIRECRAWL_API_KEY=
|
|
|
|
|
|
|
|
|
|
# FAL.ai API Key - Image generation
|
|
|
|
|
# Get at: https://fal.ai/
|
|
|
|
|
FAL_KEY=
|
|
|
|
|
|
2026-02-27 23:41:08 -08:00
|
|
|
# Honcho - Cross-session AI-native user modeling (optional)
|
|
|
|
|
# Builds a persistent understanding of the user across sessions and tools.
|
|
|
|
|
# Get at: https://app.honcho.dev
|
|
|
|
|
# Also requires ~/.honcho/config.json with enabled=true (see README).
|
|
|
|
|
HONCHO_API_KEY=
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# TERMINAL TOOL CONFIGURATION (mini-swe-agent backend)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Backend type: "local", "singularity", "docker", "modal", or "ssh"
|
2026-02-26 20:05:35 -08:00
|
|
|
# Terminal backend is configured in ~/.hermes/config.yaml (terminal.backend).
|
|
|
|
|
# Use 'hermes setup' or 'hermes config set terminal.backend docker' to change.
|
|
|
|
|
# Supported: local, docker, singularity, modal, ssh
|
|
|
|
|
#
|
|
|
|
|
# Only override here if you need to force a backend without touching config.yaml:
|
|
|
|
|
# TERMINAL_ENV=local
|
2026-02-03 10:46:23 -08:00
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# Container images (for singularity/docker/modal backends)
|
2026-02-26 20:05:35 -08:00
|
|
|
# TERMINAL_DOCKER_IMAGE=nikolaik/python-nodejs:python3.11-nodejs20
|
|
|
|
|
# TERMINAL_SINGULARITY_IMAGE=docker://nikolaik/python-nodejs:python3.11-nodejs20
|
2026-02-12 10:07:03 -08:00
|
|
|
TERMINAL_MODAL_IMAGE=nikolaik/python-nodejs:python3.11-nodejs20
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
|
2026-02-08 12:56:40 -08:00
|
|
|
# Working directory for terminal commands
|
2026-02-16 22:31:41 -08:00
|
|
|
# For local backend: "." means current directory (resolved automatically)
|
|
|
|
|
# For remote backends (ssh/docker/modal/singularity): use an absolute path
|
|
|
|
|
# INSIDE the target environment, or leave unset for the backend's default
|
|
|
|
|
# (/root for modal, / for docker, ~ for ssh). Do NOT use a host-local path.
|
2026-02-08 12:56:40 -08:00
|
|
|
# Usually managed by config.yaml (terminal.cwd) — uncomment to override
|
|
|
|
|
# TERMINAL_CWD=.
|
2026-02-01 15:36:26 -08:00
|
|
|
|
|
|
|
|
# Default command timeout in seconds
|
|
|
|
|
TERMINAL_TIMEOUT=60
|
|
|
|
|
|
|
|
|
|
# Cleanup inactive environments after this many seconds
|
|
|
|
|
TERMINAL_LIFETIME_SECONDS=300
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SSH REMOTE EXECUTION (for TERMINAL_ENV=ssh)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Run terminal commands on a remote server via SSH.
|
|
|
|
|
# Agent code stays on your machine, commands execute remotely.
|
|
|
|
|
#
|
|
|
|
|
# SECURITY BENEFITS:
|
|
|
|
|
# - Agent cannot read your .env file (API keys protected)
|
|
|
|
|
# - Agent cannot modify its own code
|
|
|
|
|
# - Remote server acts as isolated sandbox
|
|
|
|
|
# - Can safely configure passwordless sudo on remote
|
|
|
|
|
#
|
|
|
|
|
# TERMINAL_SSH_HOST=192.168.1.100
|
|
|
|
|
# TERMINAL_SSH_USER=agent
|
|
|
|
|
# TERMINAL_SSH_PORT=22
|
|
|
|
|
# TERMINAL_SSH_KEY=~/.ssh/id_rsa
|
|
|
|
|
|
2025-10-01 09:54:17 +00:00
|
|
|
# =============================================================================
|
2026-02-01 10:02:34 -08:00
|
|
|
# SUDO SUPPORT (works with ALL terminal backends)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# If set, enables sudo commands by piping password via `sudo -S`.
|
|
|
|
|
# Works with: local, docker, singularity, modal, and ssh backends.
|
|
|
|
|
#
|
|
|
|
|
# SECURITY WARNING: Password stored in plaintext. Only use on trusted machines.
|
|
|
|
|
#
|
|
|
|
|
# ALTERNATIVES:
|
|
|
|
|
# - For SSH backend: Configure passwordless sudo on the remote server
|
|
|
|
|
# - For containers: Run as root inside the container (no sudo needed)
|
|
|
|
|
# - For local: Configure /etc/sudoers for specific commands
|
2026-02-01 15:36:26 -08:00
|
|
|
# - For CLI: Leave unset - you'll be prompted interactively with 45s timeout
|
2026-01-29 06:10:24 +00:00
|
|
|
#
|
2026-02-01 10:02:34 -08:00
|
|
|
# SUDO_PASSWORD=your_password_here
|
2026-01-29 06:10:24 +00:00
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# MODAL CLOUD BACKEND (Optional - for TERMINAL_ENV=modal)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Modal uses CLI authentication, not environment variables.
|
|
|
|
|
# Run: pip install modal && modal setup
|
|
|
|
|
# This will authenticate via browser and store credentials locally.
|
|
|
|
|
# No API key needed in .env - Modal handles auth automatically.
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# BROWSER TOOL CONFIGURATION (agent-browser + Browserbase)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Browser automation requires Browserbase cloud service for remote browser execution.
|
|
|
|
|
# This allows the agent to navigate websites, fill forms, and extract information.
|
|
|
|
|
#
|
|
|
|
|
# STEALTH MODES:
|
|
|
|
|
# - Basic Stealth: ALWAYS active (random fingerprints, auto CAPTCHA solving)
|
|
|
|
|
# - Advanced Stealth: Requires BROWSERBASE_ADVANCED_STEALTH=true (Scale Plan only)
|
|
|
|
|
|
|
|
|
|
# Browserbase API Key - Cloud browser execution
|
|
|
|
|
# Get at: https://browserbase.com/
|
|
|
|
|
BROWSERBASE_API_KEY=
|
|
|
|
|
|
|
|
|
|
# Browserbase Project ID - From your Browserbase dashboard
|
|
|
|
|
BROWSERBASE_PROJECT_ID=
|
|
|
|
|
|
|
|
|
|
# Enable residential proxies for better CAPTCHA solving (default: true)
|
|
|
|
|
# Routes traffic through residential IPs, significantly improves success rate
|
|
|
|
|
BROWSERBASE_PROXIES=true
|
|
|
|
|
|
|
|
|
|
# Enable advanced stealth mode (default: false, requires Scale Plan)
|
|
|
|
|
# Uses custom Chromium build to avoid bot detection altogether
|
|
|
|
|
BROWSERBASE_ADVANCED_STEALTH=false
|
|
|
|
|
|
|
|
|
|
# Browser session timeout in seconds (default: 300)
|
|
|
|
|
# Sessions are cleaned up after this duration of inactivity
|
|
|
|
|
BROWSER_SESSION_TIMEOUT=300
|
|
|
|
|
|
|
|
|
|
# Browser inactivity timeout - auto-cleanup inactive sessions (default: 120 = 2 min)
|
|
|
|
|
# Browser sessions are automatically closed after this period of no activity
|
|
|
|
|
BROWSER_INACTIVITY_TIMEOUT=120
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SESSION LOGGING
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Session trajectories are automatically saved to logs/ directory
|
|
|
|
|
# Format: logs/session_YYYYMMDD_HHMMSS_UUID.json
|
|
|
|
|
# Contains full conversation history in trajectory format for debugging/replay
|
|
|
|
|
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# =============================================================================
|
2026-02-17 03:11:17 -08:00
|
|
|
# VOICE TRANSCRIPTION & OPENAI TTS
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# =============================================================================
|
2026-02-17 03:11:17 -08:00
|
|
|
# Required for voice message transcription (Whisper) and OpenAI TTS voices.
|
|
|
|
|
# Uses OpenAI's API directly (not via OpenRouter).
|
2026-02-23 23:21:33 +00:00
|
|
|
# Named VOICE_TOOLS_OPENAI_KEY to avoid interference with OpenRouter.
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# Get at: https://platform.openai.com/api-keys
|
2026-02-23 23:21:33 +00:00
|
|
|
VOICE_TOOLS_OPENAI_KEY=
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SLACK INTEGRATION
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Slack Bot Token - From Slack App settings (OAuth & Permissions)
|
|
|
|
|
# Get at: https://api.slack.com/apps
|
|
|
|
|
# SLACK_BOT_TOKEN=xoxb-...
|
|
|
|
|
|
|
|
|
|
# Slack App Token - For Socket Mode (App-Level Tokens in Slack App settings)
|
|
|
|
|
# SLACK_APP_TOKEN=xapp-...
|
|
|
|
|
|
|
|
|
|
# Slack allowed users (comma-separated Slack user IDs)
|
|
|
|
|
# SLACK_ALLOWED_USERS=
|
|
|
|
|
|
2026-02-25 21:04:36 -08:00
|
|
|
# WhatsApp (built-in Baileys bridge — run `hermes whatsapp` to pair)
|
|
|
|
|
# WHATSAPP_ENABLED=false
|
|
|
|
|
# WHATSAPP_ALLOWED_USERS=15551234567
|
|
|
|
|
|
refactor: deduplicate toolsets, unify async bridging, fix approval race condition, harden security
- Replace 4 copy-pasted messaging platform toolsets with shared _HERMES_CORE_TOOLS list
- Consolidate 5 ad-hoc async-bridging patterns into single _run_async() in model_tools.py
- Removes deprecated get_event_loop()/set_event_loop() calls
- Makes all tool handlers self-protecting regardless of caller's event loop state
- RL handler refactored from if/elif chain to dispatch dict
- Fix exec approval race condition: replace module-level globals with thread-safe
per-session tools/approval.py (submit_pending, pop_pending, approve_session, is_approved)
- Session A approving "rm" no longer approves it for all other sessions
- Fix config deep merge: user overriding tts.elevenlabs.voice_id no longer clobbers
tts.elevenlabs.model_id; migration detection now recurses to arbitrary depth
- Gateway default-deny: unauthenticated users denied unless GATEWAY_ALLOW_ALL_USERS=true
- Add 10 dangerous command patterns: rm --recursive, bash -c, python -e, curl|bash,
xargs rm, find -delete
- Sanitize gateway error messages: users see generic message, full traceback goes to logs
2026-02-21 18:28:49 -08:00
|
|
|
# Gateway-wide: allow ALL users without an allowlist (default: false = deny)
|
|
|
|
|
# Only set to true if you intentionally want open access.
|
|
|
|
|
# GATEWAY_ALLOW_ALL_USERS=false
|
|
|
|
|
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# RESPONSE PACING
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Human-like delays between message chunks on messaging platforms.
|
|
|
|
|
# Makes the bot feel less robotic.
|
|
|
|
|
# HERMES_HUMAN_DELAY_MODE=off # off | natural | custom
|
|
|
|
|
# HERMES_HUMAN_DELAY_MIN_MS=800 # Min delay in ms (custom mode)
|
|
|
|
|
# HERMES_HUMAN_DELAY_MAX_MS=2500 # Max delay in ms (custom mode)
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# DEBUG OPTIONS
|
|
|
|
|
# =============================================================================
|
|
|
|
|
WEB_TOOLS_DEBUG=false
|
|
|
|
|
VISION_TOOLS_DEBUG=false
|
|
|
|
|
MOA_TOOLS_DEBUG=false
|
|
|
|
|
IMAGE_TOOLS_DEBUG=false
|
2026-02-01 18:01:31 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# CONTEXT COMPRESSION (Auto-shrinks long conversations)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# When conversation approaches model's context limit, middle turns are
|
|
|
|
|
# automatically summarized to free up space.
|
|
|
|
|
#
|
2026-02-28 04:46:35 -08:00
|
|
|
# Context compression is configured in ~/.hermes/config.yaml under compression:
|
2026-02-01 18:01:31 -08:00
|
|
|
# CONTEXT_COMPRESSION_ENABLED=true # Enable auto-compression (default: true)
|
|
|
|
|
# CONTEXT_COMPRESSION_THRESHOLD=0.85 # Compress at 85% of context limit
|
2026-02-28 04:46:35 -08:00
|
|
|
# Model is set via compression.summary_model in config.yaml (default: google/gemini-3-flash-preview)
|
2026-02-04 09:36:51 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# RL TRAINING (Tinker + Atropos)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Run reinforcement learning training on language models using the Tinker API.
|
|
|
|
|
# Requires the rl-server to be running (from tinker-atropos package).
|
|
|
|
|
|
|
|
|
|
# Tinker API Key - RL training service
|
|
|
|
|
# Get at: https://tinker-console.thinkingmachines.ai/keys
|
|
|
|
|
TINKER_API_KEY=
|
|
|
|
|
|
|
|
|
|
# Weights & Biases API Key - Experiment tracking and metrics
|
|
|
|
|
# Get at: https://wandb.ai/authorize
|
|
|
|
|
WANDB_API_KEY=
|
|
|
|
|
|
|
|
|
|
# RL API Server URL (default: http://localhost:8080)
|
|
|
|
|
# Change if running the rl-server on a different host/port
|
|
|
|
|
# RL_API_URL=http://localhost:8080
|
Add Skills Hub — universal skill search, install, and management from online registries
Implements the Hermes Skills Hub with agentskills.io spec compliance,
multi-registry skill discovery, security scanning, and user-driven
management via CLI and /skills slash command.
Core features:
- Security scanner (tools/skills_guard.py): 120 threat patterns across
12 categories, trust-aware install policy (builtin/trusted/community),
structural checks, unicode injection detection, LLM audit pass
- Hub client (tools/skills_hub.py): GitHub, ClawHub, Claude Code
marketplace, and LobeHub source adapters with shared GitHubAuth
(PAT + gh CLI + GitHub App), lock file provenance tracking, quarantine
flow, and unified search across all sources
- CLI interface (hermes_cli/skills_hub.py): search, install, inspect,
list, audit, uninstall, publish (GitHub PR), snapshot export/import,
and tap management — powers both `hermes skills` and `/skills`
Spec conformance (Phase 0):
- Upgraded frontmatter parser to yaml.safe_load with fallback
- Migrated 39 SKILL.md files: tags/related_skills to metadata.hermes.*
- Added assets/ directory support and compatibility/metadata fields
- Excluded .hub/ from skill discovery in skills_tool.py
Updated 13 config/doc files including README, AGENTS.md, .env.example,
setup wizard, doctor, status, pyproject.toml, and docs.
2026-02-18 16:09:05 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SKILLS HUB (GitHub integration for skill search/install/publish)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
|
|
|
|
|
# GitHub Personal Access Token — for higher API rate limits on skill search/install
|
|
|
|
|
# Get at: https://github.com/settings/tokens (Fine-grained recommended)
|
|
|
|
|
# GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
|
|
|
|
|
|
|
|
|
|
# GitHub App credentials (optional — for bot identity on PRs)
|
|
|
|
|
# GITHUB_APP_ID=
|
|
|
|
|
# GITHUB_APP_PRIVATE_KEY_PATH=
|
|
|
|
|
# GITHUB_APP_INSTALLATION_ID=
|