2025-10-01 09:54:17 +00:00
|
|
|
# Hermes Agent Environment Configuration
|
|
|
|
|
# Copy this file to .env and fill in your API keys
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (OpenRouter)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# OpenRouter provides access to many models through one API
|
|
|
|
|
# All LLM calls go through OpenRouter - no direct provider keys needed
|
|
|
|
|
# Get your key at: https://openrouter.ai/keys
|
|
|
|
|
OPENROUTER_API_KEY=
|
|
|
|
|
|
|
|
|
|
# Default model to use (OpenRouter format: provider/model)
|
2026-02-28 04:46:35 -08:00
|
|
|
# Examples: anthropic/claude-opus-4.6, openai/gpt-4o, google/gemini-3-flash-preview, zhipuai/glm-4-plus
|
2026-02-08 12:56:40 -08:00
|
|
|
LLM_MODEL=anthropic/claude-opus-4.6
|
2026-02-01 15:36:26 -08:00
|
|
|
|
feat: add z.ai/GLM, Kimi/Moonshot, MiniMax as first-class providers
Adds 4 new direct API-key providers (zai, kimi-coding, minimax, minimax-cn)
to the inference provider system. All use standard OpenAI-compatible
chat/completions endpoints with Bearer token auth.
Core changes:
- auth.py: Extended ProviderConfig with api_key_env_vars and base_url_env_var
fields. Added providers to PROVIDER_REGISTRY. Added provider aliases
(glm, z-ai, zhipu, kimi, moonshot). Added auto-detection of API-key
providers in resolve_provider(). Added resolve_api_key_provider_credentials()
and get_api_key_provider_status() helpers.
- runtime_provider.py: Added generic API-key provider branch in
resolve_runtime_provider() — any provider with auth_type='api_key'
is automatically handled.
- main.py: Added providers to hermes model menu with generic
_model_flow_api_key_provider() flow. Updated _has_any_provider_configured()
to check all provider env vars. Updated argparse --provider choices.
- setup.py: Added providers to setup wizard with API key prompts and
curated model lists.
- config.py: Added env vars (GLM_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY,
etc.) to OPTIONAL_ENV_VARS.
- status.py: Added API key display and provider status section.
- doctor.py: Added connectivity checks for each provider endpoint.
- cli.py: Updated provider docstrings.
Docs: Updated README.md, .env.example, cli-config.yaml.example,
cli-commands.md, environment-variables.md, configuration.md.
Tests: 50 new tests covering registry, aliases, resolution, auto-detection,
credential resolution, and runtime provider dispatch.
Inspired by PR #33 (numman-ali) which proposed a provider registry approach.
Credit to tars90percent (PR #473) and manuelschipper (PR #420) for related
provider improvements merged earlier in this changeset.
2026-03-06 18:55:12 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (z.ai / GLM)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# z.ai provides access to ZhipuAI GLM models (GLM-4-Plus, etc.)
|
|
|
|
|
# Get your key at: https://z.ai or https://open.bigmodel.cn
|
|
|
|
|
GLM_API_KEY=
|
|
|
|
|
# GLM_BASE_URL=https://api.z.ai/api/paas/v4 # Override default base URL
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (Kimi / Moonshot)
|
|
|
|
|
# =============================================================================
|
2026-03-07 20:43:34 -05:00
|
|
|
# Kimi Code provides access to Moonshot AI coding models (kimi-k2.5, etc.)
|
|
|
|
|
# Get your key at: https://platform.kimi.ai (Kimi Code console)
|
|
|
|
|
# Keys prefixed sk-kimi- use the Kimi Code API (api.kimi.com) by default.
|
|
|
|
|
# Legacy keys from platform.moonshot.ai need KIMI_BASE_URL override below.
|
feat: add z.ai/GLM, Kimi/Moonshot, MiniMax as first-class providers
Adds 4 new direct API-key providers (zai, kimi-coding, minimax, minimax-cn)
to the inference provider system. All use standard OpenAI-compatible
chat/completions endpoints with Bearer token auth.
Core changes:
- auth.py: Extended ProviderConfig with api_key_env_vars and base_url_env_var
fields. Added providers to PROVIDER_REGISTRY. Added provider aliases
(glm, z-ai, zhipu, kimi, moonshot). Added auto-detection of API-key
providers in resolve_provider(). Added resolve_api_key_provider_credentials()
and get_api_key_provider_status() helpers.
- runtime_provider.py: Added generic API-key provider branch in
resolve_runtime_provider() — any provider with auth_type='api_key'
is automatically handled.
- main.py: Added providers to hermes model menu with generic
_model_flow_api_key_provider() flow. Updated _has_any_provider_configured()
to check all provider env vars. Updated argparse --provider choices.
- setup.py: Added providers to setup wizard with API key prompts and
curated model lists.
- config.py: Added env vars (GLM_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY,
etc.) to OPTIONAL_ENV_VARS.
- status.py: Added API key display and provider status section.
- doctor.py: Added connectivity checks for each provider endpoint.
- cli.py: Updated provider docstrings.
Docs: Updated README.md, .env.example, cli-config.yaml.example,
cli-commands.md, environment-variables.md, configuration.md.
Tests: 50 new tests covering registry, aliases, resolution, auto-detection,
credential resolution, and runtime provider dispatch.
Inspired by PR #33 (numman-ali) which proposed a provider registry approach.
Credit to tars90percent (PR #473) and manuelschipper (PR #420) for related
provider improvements merged earlier in this changeset.
2026-03-06 18:55:12 -08:00
|
|
|
KIMI_API_KEY=
|
2026-03-07 20:43:34 -05:00
|
|
|
# KIMI_BASE_URL=https://api.kimi.com/coding/v1 # Default for sk-kimi- keys
|
|
|
|
|
# KIMI_BASE_URL=https://api.moonshot.ai/v1 # For legacy Moonshot keys
|
|
|
|
|
# KIMI_BASE_URL=https://api.moonshot.cn/v1 # For Moonshot China keys
|
feat: add z.ai/GLM, Kimi/Moonshot, MiniMax as first-class providers
Adds 4 new direct API-key providers (zai, kimi-coding, minimax, minimax-cn)
to the inference provider system. All use standard OpenAI-compatible
chat/completions endpoints with Bearer token auth.
Core changes:
- auth.py: Extended ProviderConfig with api_key_env_vars and base_url_env_var
fields. Added providers to PROVIDER_REGISTRY. Added provider aliases
(glm, z-ai, zhipu, kimi, moonshot). Added auto-detection of API-key
providers in resolve_provider(). Added resolve_api_key_provider_credentials()
and get_api_key_provider_status() helpers.
- runtime_provider.py: Added generic API-key provider branch in
resolve_runtime_provider() — any provider with auth_type='api_key'
is automatically handled.
- main.py: Added providers to hermes model menu with generic
_model_flow_api_key_provider() flow. Updated _has_any_provider_configured()
to check all provider env vars. Updated argparse --provider choices.
- setup.py: Added providers to setup wizard with API key prompts and
curated model lists.
- config.py: Added env vars (GLM_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY,
etc.) to OPTIONAL_ENV_VARS.
- status.py: Added API key display and provider status section.
- doctor.py: Added connectivity checks for each provider endpoint.
- cli.py: Updated provider docstrings.
Docs: Updated README.md, .env.example, cli-config.yaml.example,
cli-commands.md, environment-variables.md, configuration.md.
Tests: 50 new tests covering registry, aliases, resolution, auto-detection,
credential resolution, and runtime provider dispatch.
Inspired by PR #33 (numman-ali) which proposed a provider registry approach.
Credit to tars90percent (PR #473) and manuelschipper (PR #420) for related
provider improvements merged earlier in this changeset.
2026-03-06 18:55:12 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (MiniMax)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# MiniMax provides access to MiniMax models (global endpoint)
|
|
|
|
|
# Get your key at: https://www.minimax.io
|
|
|
|
|
MINIMAX_API_KEY=
|
|
|
|
|
# MINIMAX_BASE_URL=https://api.minimax.io/v1 # Override default base URL
|
|
|
|
|
|
|
|
|
|
# MiniMax China endpoint (for users in mainland China)
|
|
|
|
|
MINIMAX_CN_API_KEY=
|
|
|
|
|
# MINIMAX_CN_BASE_URL=https://api.minimaxi.com/v1 # Override default base URL
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
2026-03-17 02:02:43 -07:00
|
|
|
# LLM PROVIDER (OpenCode Zen)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# OpenCode Zen provides curated, tested models (GPT, Claude, Gemini, MiniMax, GLM, Kimi)
|
|
|
|
|
# Pay-as-you-go pricing. Get your key at: https://opencode.ai/auth
|
|
|
|
|
OPENCODE_ZEN_API_KEY=
|
|
|
|
|
# OPENCODE_ZEN_BASE_URL=https://opencode.ai/zen/v1 # Override default base URL
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# LLM PROVIDER (OpenCode Go)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# OpenCode Go provides access to open models (GLM-5, Kimi K2.5, MiniMax M2.5)
|
|
|
|
|
# $10/month subscription. Get your key at: https://opencode.ai/auth
|
|
|
|
|
OPENCODE_GO_API_KEY=
|
|
|
|
|
# OPENCODE_GO_BASE_URL=https://opencode.ai/zen/go/v1 # Override default base URL
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
2026-02-01 15:36:26 -08:00
|
|
|
# TOOL API KEYS
|
|
|
|
|
# =============================================================================
|
|
|
|
|
|
feat(web): add Parallel as alternative web search/extract backend (#1696)
* feat(web): add Parallel as alternative web search/extract backend
Adds Parallel (parallel.ai) as a drop-in alternative to Firecrawl for
web_search and web_extract tools using the official parallel-web SDK.
- Backend selection via WEB_SEARCH_BACKEND env var (auto/parallel/firecrawl)
- Auto mode prefers Firecrawl when both keys present; Parallel when sole backend
- web_crawl remains Firecrawl-only with clear error when unavailable
- Lazy SDK imports, interrupt support, singleton clients
- 16 new unit tests for backend selection and client config
Co-authored-by: s-jag <s-jag@users.noreply.github.com>
* fix: add PARALLEL_API_KEY to config registry and fix web_crawl policy tests
Follow-up for Parallel backend integration:
- Add PARALLEL_API_KEY to OPTIONAL_ENV_VARS (hermes doctor, env blocklist)
- Add to set_config_value api_keys list (hermes config set)
- Add to doctor keys display
- Fix 2 web_crawl policy tests that didn't set FIRECRAWL_API_KEY
(needed now that web_crawl has a Firecrawl availability guard)
* refactor: explicit backend selection via hermes tools, not auto-detect
Replace the auto-detect backend selection with explicit user choice:
- hermes tools saves WEB_SEARCH_BACKEND to .env when user picks a provider
- _get_backend() reads the explicit choice first
- Fallback only for manual/legacy config (uses whichever key is present)
- _is_provider_active() shows [active] for the selected web backend
- Updated tests, docs, and .env.example to remove 'auto' mode language
* refactor: use config.yaml for web backend, not env var
Match the TTS/browser pattern — web.backend is stored in config.yaml
(set by hermes tools), not as a WEB_SEARCH_BACKEND env var.
- _load_web_config() reads web: section from config.yaml
- _get_backend() reads web.backend from config, falls back to key detection
- _configure_provider() saves to config dict (saved to config.yaml)
- _is_provider_active() reads from config dict
- Removed WEB_SEARCH_BACKEND from .env.example, set_config_value, docs
- Updated all tests to mock _load_web_config instead of env vars
---------
Co-authored-by: s-jag <s-jag@users.noreply.github.com>
2026-03-17 04:02:02 -07:00
|
|
|
# Parallel API Key - AI-native web search and extract
|
|
|
|
|
# Get at: https://parallel.ai
|
|
|
|
|
PARALLEL_API_KEY=
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# Firecrawl API Key - Web search, extract, and crawl
|
|
|
|
|
# Get at: https://firecrawl.dev/
|
|
|
|
|
FIRECRAWL_API_KEY=
|
|
|
|
|
|
feat(web): add Parallel as alternative web search/extract backend (#1696)
* feat(web): add Parallel as alternative web search/extract backend
Adds Parallel (parallel.ai) as a drop-in alternative to Firecrawl for
web_search and web_extract tools using the official parallel-web SDK.
- Backend selection via WEB_SEARCH_BACKEND env var (auto/parallel/firecrawl)
- Auto mode prefers Firecrawl when both keys present; Parallel when sole backend
- web_crawl remains Firecrawl-only with clear error when unavailable
- Lazy SDK imports, interrupt support, singleton clients
- 16 new unit tests for backend selection and client config
Co-authored-by: s-jag <s-jag@users.noreply.github.com>
* fix: add PARALLEL_API_KEY to config registry and fix web_crawl policy tests
Follow-up for Parallel backend integration:
- Add PARALLEL_API_KEY to OPTIONAL_ENV_VARS (hermes doctor, env blocklist)
- Add to set_config_value api_keys list (hermes config set)
- Add to doctor keys display
- Fix 2 web_crawl policy tests that didn't set FIRECRAWL_API_KEY
(needed now that web_crawl has a Firecrawl availability guard)
* refactor: explicit backend selection via hermes tools, not auto-detect
Replace the auto-detect backend selection with explicit user choice:
- hermes tools saves WEB_SEARCH_BACKEND to .env when user picks a provider
- _get_backend() reads the explicit choice first
- Fallback only for manual/legacy config (uses whichever key is present)
- _is_provider_active() shows [active] for the selected web backend
- Updated tests, docs, and .env.example to remove 'auto' mode language
* refactor: use config.yaml for web backend, not env var
Match the TTS/browser pattern — web.backend is stored in config.yaml
(set by hermes tools), not as a WEB_SEARCH_BACKEND env var.
- _load_web_config() reads web: section from config.yaml
- _get_backend() reads web.backend from config, falls back to key detection
- _configure_provider() saves to config dict (saved to config.yaml)
- _is_provider_active() reads from config dict
- Removed WEB_SEARCH_BACKEND from .env.example, set_config_value, docs
- Updated all tests to mock _load_web_config instead of env vars
---------
Co-authored-by: s-jag <s-jag@users.noreply.github.com>
2026-03-17 04:02:02 -07:00
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# FAL.ai API Key - Image generation
|
|
|
|
|
# Get at: https://fal.ai/
|
|
|
|
|
FAL_KEY=
|
|
|
|
|
|
2026-02-27 23:41:08 -08:00
|
|
|
# Honcho - Cross-session AI-native user modeling (optional)
|
|
|
|
|
# Builds a persistent understanding of the user across sessions and tools.
|
|
|
|
|
# Get at: https://app.honcho.dev
|
|
|
|
|
# Also requires ~/.honcho/config.json with enabled=true (see README).
|
|
|
|
|
HONCHO_API_KEY=
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# TERMINAL TOOL CONFIGURATION (mini-swe-agent backend)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Backend type: "local", "singularity", "docker", "modal", or "ssh"
|
2026-02-26 20:05:35 -08:00
|
|
|
# Terminal backend is configured in ~/.hermes/config.yaml (terminal.backend).
|
|
|
|
|
# Use 'hermes setup' or 'hermes config set terminal.backend docker' to change.
|
|
|
|
|
# Supported: local, docker, singularity, modal, ssh
|
|
|
|
|
#
|
|
|
|
|
# Only override here if you need to force a backend without touching config.yaml:
|
|
|
|
|
# TERMINAL_ENV=local
|
2026-02-03 10:46:23 -08:00
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# Container images (for singularity/docker/modal backends)
|
2026-02-26 20:05:35 -08:00
|
|
|
# TERMINAL_DOCKER_IMAGE=nikolaik/python-nodejs:python3.11-nodejs20
|
|
|
|
|
# TERMINAL_SINGULARITY_IMAGE=docker://nikolaik/python-nodejs:python3.11-nodejs20
|
2026-02-12 10:07:03 -08:00
|
|
|
TERMINAL_MODAL_IMAGE=nikolaik/python-nodejs:python3.11-nodejs20
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
|
2026-02-08 12:56:40 -08:00
|
|
|
# Working directory for terminal commands
|
2026-02-16 22:31:41 -08:00
|
|
|
# For local backend: "." means current directory (resolved automatically)
|
|
|
|
|
# For remote backends (ssh/docker/modal/singularity): use an absolute path
|
|
|
|
|
# INSIDE the target environment, or leave unset for the backend's default
|
|
|
|
|
# (/root for modal, / for docker, ~ for ssh). Do NOT use a host-local path.
|
2026-02-08 12:56:40 -08:00
|
|
|
# Usually managed by config.yaml (terminal.cwd) — uncomment to override
|
|
|
|
|
# TERMINAL_CWD=.
|
2026-02-01 15:36:26 -08:00
|
|
|
|
|
|
|
|
# Default command timeout in seconds
|
|
|
|
|
TERMINAL_TIMEOUT=60
|
|
|
|
|
|
|
|
|
|
# Cleanup inactive environments after this many seconds
|
|
|
|
|
TERMINAL_LIFETIME_SECONDS=300
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SSH REMOTE EXECUTION (for TERMINAL_ENV=ssh)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Run terminal commands on a remote server via SSH.
|
|
|
|
|
# Agent code stays on your machine, commands execute remotely.
|
|
|
|
|
#
|
|
|
|
|
# SECURITY BENEFITS:
|
|
|
|
|
# - Agent cannot read your .env file (API keys protected)
|
|
|
|
|
# - Agent cannot modify its own code
|
|
|
|
|
# - Remote server acts as isolated sandbox
|
|
|
|
|
# - Can safely configure passwordless sudo on remote
|
|
|
|
|
#
|
|
|
|
|
# TERMINAL_SSH_HOST=192.168.1.100
|
|
|
|
|
# TERMINAL_SSH_USER=agent
|
|
|
|
|
# TERMINAL_SSH_PORT=22
|
|
|
|
|
# TERMINAL_SSH_KEY=~/.ssh/id_rsa
|
|
|
|
|
|
2025-10-01 09:54:17 +00:00
|
|
|
# =============================================================================
|
2026-02-01 10:02:34 -08:00
|
|
|
# SUDO SUPPORT (works with ALL terminal backends)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# If set, enables sudo commands by piping password via `sudo -S`.
|
|
|
|
|
# Works with: local, docker, singularity, modal, and ssh backends.
|
|
|
|
|
#
|
|
|
|
|
# SECURITY WARNING: Password stored in plaintext. Only use on trusted machines.
|
|
|
|
|
#
|
|
|
|
|
# ALTERNATIVES:
|
|
|
|
|
# - For SSH backend: Configure passwordless sudo on the remote server
|
|
|
|
|
# - For containers: Run as root inside the container (no sudo needed)
|
|
|
|
|
# - For local: Configure /etc/sudoers for specific commands
|
2026-02-01 15:36:26 -08:00
|
|
|
# - For CLI: Leave unset - you'll be prompted interactively with 45s timeout
|
2026-01-29 06:10:24 +00:00
|
|
|
#
|
2026-02-01 10:02:34 -08:00
|
|
|
# SUDO_PASSWORD=your_password_here
|
2026-01-29 06:10:24 +00:00
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# MODAL CLOUD BACKEND (Optional - for TERMINAL_ENV=modal)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Modal uses CLI authentication, not environment variables.
|
|
|
|
|
# Run: pip install modal && modal setup
|
|
|
|
|
# This will authenticate via browser and store credentials locally.
|
|
|
|
|
# No API key needed in .env - Modal handles auth automatically.
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# BROWSER TOOL CONFIGURATION (agent-browser + Browserbase)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Browser automation requires Browserbase cloud service for remote browser execution.
|
|
|
|
|
# This allows the agent to navigate websites, fill forms, and extract information.
|
|
|
|
|
#
|
|
|
|
|
# STEALTH MODES:
|
|
|
|
|
# - Basic Stealth: ALWAYS active (random fingerprints, auto CAPTCHA solving)
|
|
|
|
|
# - Advanced Stealth: Requires BROWSERBASE_ADVANCED_STEALTH=true (Scale Plan only)
|
|
|
|
|
|
|
|
|
|
# Browserbase API Key - Cloud browser execution
|
|
|
|
|
# Get at: https://browserbase.com/
|
|
|
|
|
BROWSERBASE_API_KEY=
|
|
|
|
|
|
|
|
|
|
# Browserbase Project ID - From your Browserbase dashboard
|
|
|
|
|
BROWSERBASE_PROJECT_ID=
|
|
|
|
|
|
|
|
|
|
# Enable residential proxies for better CAPTCHA solving (default: true)
|
|
|
|
|
# Routes traffic through residential IPs, significantly improves success rate
|
|
|
|
|
BROWSERBASE_PROXIES=true
|
|
|
|
|
|
|
|
|
|
# Enable advanced stealth mode (default: false, requires Scale Plan)
|
|
|
|
|
# Uses custom Chromium build to avoid bot detection altogether
|
|
|
|
|
BROWSERBASE_ADVANCED_STEALTH=false
|
|
|
|
|
|
|
|
|
|
# Browser session timeout in seconds (default: 300)
|
|
|
|
|
# Sessions are cleaned up after this duration of inactivity
|
|
|
|
|
BROWSER_SESSION_TIMEOUT=300
|
|
|
|
|
|
|
|
|
|
# Browser inactivity timeout - auto-cleanup inactive sessions (default: 120 = 2 min)
|
|
|
|
|
# Browser sessions are automatically closed after this period of no activity
|
|
|
|
|
BROWSER_INACTIVITY_TIMEOUT=120
|
|
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SESSION LOGGING
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Session trajectories are automatically saved to logs/ directory
|
|
|
|
|
# Format: logs/session_YYYYMMDD_HHMMSS_UUID.json
|
|
|
|
|
# Contains full conversation history in trajectory format for debugging/replay
|
|
|
|
|
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# =============================================================================
|
2026-02-17 03:11:17 -08:00
|
|
|
# VOICE TRANSCRIPTION & OPENAI TTS
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# =============================================================================
|
2026-02-17 03:11:17 -08:00
|
|
|
# Required for voice message transcription (Whisper) and OpenAI TTS voices.
|
|
|
|
|
# Uses OpenAI's API directly (not via OpenRouter).
|
2026-02-23 23:21:33 +00:00
|
|
|
# Named VOICE_TOOLS_OPENAI_KEY to avoid interference with OpenRouter.
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# Get at: https://platform.openai.com/api-keys
|
2026-02-23 23:21:33 +00:00
|
|
|
VOICE_TOOLS_OPENAI_KEY=
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SLACK INTEGRATION
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Slack Bot Token - From Slack App settings (OAuth & Permissions)
|
|
|
|
|
# Get at: https://api.slack.com/apps
|
|
|
|
|
# SLACK_BOT_TOKEN=xoxb-...
|
|
|
|
|
|
|
|
|
|
# Slack App Token - For Socket Mode (App-Level Tokens in Slack App settings)
|
|
|
|
|
# SLACK_APP_TOKEN=xapp-...
|
|
|
|
|
|
|
|
|
|
# Slack allowed users (comma-separated Slack user IDs)
|
|
|
|
|
# SLACK_ALLOWED_USERS=
|
|
|
|
|
|
2026-02-25 21:04:36 -08:00
|
|
|
# WhatsApp (built-in Baileys bridge — run `hermes whatsapp` to pair)
|
|
|
|
|
# WHATSAPP_ENABLED=false
|
|
|
|
|
# WHATSAPP_ALLOWED_USERS=15551234567
|
|
|
|
|
|
feat: add email gateway platform (IMAP/SMTP)
Allow users to interact with Hermes by sending and receiving emails.
Uses IMAP polling for incoming messages and SMTP for replies with
proper threading (In-Reply-To, References headers).
Integrates with all 14 gateway extension points: config, adapter
factory, authorization, send_message tool, cron delivery, toolsets,
prompt hints, channel directory, setup wizard, status display, and
env example.
65 tests covering config, parsing, dispatch, threading, IMAP fetch,
SMTP send, attachments, and all integration points.
2026-03-10 03:15:38 +03:00
|
|
|
# Email (IMAP/SMTP — send and receive emails as Hermes)
|
|
|
|
|
# For Gmail: enable 2FA → create App Password at https://myaccount.google.com/apppasswords
|
|
|
|
|
# EMAIL_ADDRESS=hermes@gmail.com
|
|
|
|
|
# EMAIL_PASSWORD=xxxx xxxx xxxx xxxx
|
|
|
|
|
# EMAIL_IMAP_HOST=imap.gmail.com
|
|
|
|
|
# EMAIL_IMAP_PORT=993
|
|
|
|
|
# EMAIL_SMTP_HOST=smtp.gmail.com
|
|
|
|
|
# EMAIL_SMTP_PORT=587
|
|
|
|
|
# EMAIL_POLL_INTERVAL=15
|
|
|
|
|
# EMAIL_ALLOWED_USERS=your@email.com
|
|
|
|
|
# EMAIL_HOME_ADDRESS=your@email.com
|
|
|
|
|
|
refactor: deduplicate toolsets, unify async bridging, fix approval race condition, harden security
- Replace 4 copy-pasted messaging platform toolsets with shared _HERMES_CORE_TOOLS list
- Consolidate 5 ad-hoc async-bridging patterns into single _run_async() in model_tools.py
- Removes deprecated get_event_loop()/set_event_loop() calls
- Makes all tool handlers self-protecting regardless of caller's event loop state
- RL handler refactored from if/elif chain to dispatch dict
- Fix exec approval race condition: replace module-level globals with thread-safe
per-session tools/approval.py (submit_pending, pop_pending, approve_session, is_approved)
- Session A approving "rm" no longer approves it for all other sessions
- Fix config deep merge: user overriding tts.elevenlabs.voice_id no longer clobbers
tts.elevenlabs.model_id; migration detection now recurses to arbitrary depth
- Gateway default-deny: unauthenticated users denied unless GATEWAY_ALLOW_ALL_USERS=true
- Add 10 dangerous command patterns: rm --recursive, bash -c, python -e, curl|bash,
xargs rm, find -delete
- Sanitize gateway error messages: users see generic message, full traceback goes to logs
2026-02-21 18:28:49 -08:00
|
|
|
# Gateway-wide: allow ALL users without an allowlist (default: false = deny)
|
|
|
|
|
# Only set to true if you intentionally want open access.
|
|
|
|
|
# GATEWAY_ALLOW_ALL_USERS=false
|
|
|
|
|
|
Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks
Major feature additions inspired by OpenClaw/ClawdBot integration analysis:
Voice Message Transcription (STT):
- Auto-transcribe voice/audio messages via OpenAI Whisper API
- Download voice to ~/.hermes/audio_cache/ on Telegram/Discord/WhatsApp
- Inject transcript as text so all models can understand voice input
- Configurable model (whisper-1, gpt-4o-mini-transcribe, gpt-4o-transcribe)
Telegram Sticker Understanding:
- Describe static stickers via vision tool with JSON-backed cache
- Cache keyed by file_unique_id avoids redundant API calls
- Animated/video stickers get emoji-based fallback description
Discord Rich UX:
- Native slash commands (/ask, /reset, /status, /stop) via app_commands
- Button-based exec approvals (Allow Once / Always Allow / Deny)
- ExecApprovalView with user authorization and timeout handling
Slack Integration:
- Full SlackAdapter using slack-bolt with Socket Mode
- DMs, channel messages (mention-gated), /hermes slash command
- File attachment handling with bot-token-authenticated downloads
DM Pairing System:
- Code-based user authorization as alternative to static allowlists
- 8-char codes from unambiguous alphabet, 1-hour expiry
- Rate limiting, lockout after failed attempts, chmod 0600 on data
- CLI: hermes pairing list/approve/revoke/clear-pending
Event Hook System:
- File-based hook discovery from ~/.hermes/hooks/
- HOOK.yaml + handler.py per hook, sync/async handler support
- Events: gateway:startup, session:start/reset, agent:start/step/end
- Wildcard matching (command:* catches all command events)
Cross-Channel Messaging:
- send_message agent tool for delivering to any connected platform
- Enables cron job delivery and cross-platform notifications
Human-Like Response Pacing:
- Configurable delays between message chunks (off/natural/custom)
- HERMES_HUMAN_DELAY_MODE env var with min/max ms settings
Warm Injection Message Style:
- Retrofitted image vision messages with friendly kawaii-consistent tone
- All new injection messages (STT, stickers, errors) use warm style
Also: updated config migration to prompt for optional keys interactively,
bumped config version, updated README, AGENTS.md, .env.example,
cli-config.yaml.example, install scripts, pyproject.toml, and toolsets.
2026-02-15 21:38:59 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# RESPONSE PACING
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Human-like delays between message chunks on messaging platforms.
|
|
|
|
|
# Makes the bot feel less robotic.
|
|
|
|
|
# HERMES_HUMAN_DELAY_MODE=off # off | natural | custom
|
|
|
|
|
# HERMES_HUMAN_DELAY_MIN_MS=800 # Min delay in ms (custom mode)
|
|
|
|
|
# HERMES_HUMAN_DELAY_MAX_MS=2500 # Max delay in ms (custom mode)
|
|
|
|
|
|
2026-02-01 15:36:26 -08:00
|
|
|
# =============================================================================
|
|
|
|
|
# DEBUG OPTIONS
|
|
|
|
|
# =============================================================================
|
|
|
|
|
WEB_TOOLS_DEBUG=false
|
|
|
|
|
VISION_TOOLS_DEBUG=false
|
|
|
|
|
MOA_TOOLS_DEBUG=false
|
|
|
|
|
IMAGE_TOOLS_DEBUG=false
|
2026-02-01 18:01:31 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# CONTEXT COMPRESSION (Auto-shrinks long conversations)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# When conversation approaches model's context limit, middle turns are
|
|
|
|
|
# automatically summarized to free up space.
|
|
|
|
|
#
|
2026-02-28 04:46:35 -08:00
|
|
|
# Context compression is configured in ~/.hermes/config.yaml under compression:
|
2026-02-01 18:01:31 -08:00
|
|
|
# CONTEXT_COMPRESSION_ENABLED=true # Enable auto-compression (default: true)
|
|
|
|
|
# CONTEXT_COMPRESSION_THRESHOLD=0.85 # Compress at 85% of context limit
|
2026-02-28 04:46:35 -08:00
|
|
|
# Model is set via compression.summary_model in config.yaml (default: google/gemini-3-flash-preview)
|
2026-02-04 09:36:51 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# RL TRAINING (Tinker + Atropos)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Run reinforcement learning training on language models using the Tinker API.
|
|
|
|
|
# Requires the rl-server to be running (from tinker-atropos package).
|
|
|
|
|
|
|
|
|
|
# Tinker API Key - RL training service
|
|
|
|
|
# Get at: https://tinker-console.thinkingmachines.ai/keys
|
|
|
|
|
TINKER_API_KEY=
|
|
|
|
|
|
|
|
|
|
# Weights & Biases API Key - Experiment tracking and metrics
|
|
|
|
|
# Get at: https://wandb.ai/authorize
|
|
|
|
|
WANDB_API_KEY=
|
|
|
|
|
|
|
|
|
|
# RL API Server URL (default: http://localhost:8080)
|
|
|
|
|
# Change if running the rl-server on a different host/port
|
|
|
|
|
# RL_API_URL=http://localhost:8080
|
Add Skills Hub — universal skill search, install, and management from online registries
Implements the Hermes Skills Hub with agentskills.io spec compliance,
multi-registry skill discovery, security scanning, and user-driven
management via CLI and /skills slash command.
Core features:
- Security scanner (tools/skills_guard.py): 120 threat patterns across
12 categories, trust-aware install policy (builtin/trusted/community),
structural checks, unicode injection detection, LLM audit pass
- Hub client (tools/skills_hub.py): GitHub, ClawHub, Claude Code
marketplace, and LobeHub source adapters with shared GitHubAuth
(PAT + gh CLI + GitHub App), lock file provenance tracking, quarantine
flow, and unified search across all sources
- CLI interface (hermes_cli/skills_hub.py): search, install, inspect,
list, audit, uninstall, publish (GitHub PR), snapshot export/import,
and tap management — powers both `hermes skills` and `/skills`
Spec conformance (Phase 0):
- Upgraded frontmatter parser to yaml.safe_load with fallback
- Migrated 39 SKILL.md files: tags/related_skills to metadata.hermes.*
- Added assets/ directory support and compatibility/metadata fields
- Excluded .hub/ from skill discovery in skills_tool.py
Updated 13 config/doc files including README, AGENTS.md, .env.example,
setup wizard, doctor, status, pyproject.toml, and docs.
2026-02-18 16:09:05 -08:00
|
|
|
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# SKILLS HUB (GitHub integration for skill search/install/publish)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
|
|
|
|
|
# GitHub Personal Access Token — for higher API rate limits on skill search/install
|
|
|
|
|
# Get at: https://github.com/settings/tokens (Fine-grained recommended)
|
|
|
|
|
# GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
|
|
|
|
|
|
|
|
|
|
# GitHub App credentials (optional — for bot identity on PRs)
|
|
|
|
|
# GITHUB_APP_ID=
|
|
|
|
|
# GITHUB_APP_PRIVATE_KEY_PATH=
|
|
|
|
|
# GITHUB_APP_INSTALLATION_ID=
|
2026-03-03 17:17:40 +03:00
|
|
|
|
|
|
|
|
# Groq API key (free tier — used for Whisper STT in voice mode)
|
|
|
|
|
# GROQ_API_KEY=
|
2026-03-12 00:20:20 +03:00
|
|
|
|
2026-03-13 23:33:16 +03:00
|
|
|
# =============================================================================
|
|
|
|
|
# STT PROVIDER SELECTION
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Default STT provider is "local" (faster-whisper) — runs on your machine, no API key needed.
|
|
|
|
|
# Install with: pip install faster-whisper
|
|
|
|
|
# Model downloads automatically on first use (~150 MB for "base").
|
|
|
|
|
# To use cloud providers instead, set GROQ_API_KEY or VOICE_TOOLS_OPENAI_KEY above.
|
|
|
|
|
# Provider priority: local > groq > openai
|
|
|
|
|
# Configure in config.yaml: stt.provider: local | groq | openai
|
|
|
|
|
|
2026-03-12 00:20:20 +03:00
|
|
|
# =============================================================================
|
|
|
|
|
# STT ADVANCED OVERRIDES (optional)
|
|
|
|
|
# =============================================================================
|
|
|
|
|
# Override default STT models per provider (normally set via stt.model in config.yaml)
|
|
|
|
|
# STT_GROQ_MODEL=whisper-large-v3-turbo
|
|
|
|
|
# STT_OPENAI_MODEL=whisper-1
|
|
|
|
|
|
|
|
|
|
# Override STT provider endpoints (for proxies or self-hosted instances)
|
|
|
|
|
# GROQ_BASE_URL=https://api.groq.com/openai/v1
|
|
|
|
|
# STT_OPENAI_BASE_URL=https://api.openai.com/v1
|