From 33bc1a3b5827ecbb15bba49e2d79b1c688f7d48b Mon Sep 17 00:00:00 2001 From: teknium1 Date: Wed, 25 Feb 2026 10:38:55 -0800 Subject: [PATCH] docs: add sandboxed terminal usage recommendations to README - Introduced a new section in the README outlining the benefits and configurations for running Hermes with a sandboxed terminal backend. - Provided examples for SSH, Docker, and Modal cloud sandbox setups to enhance security and isolation during command execution. --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 2466c8d7b..3fad6325b 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,27 @@ hermes tools # See all available tools This lets you switch between **Nous Portal** (subscription), **OpenRouter** (200+ models, pay-per-use), or a **custom endpoint** (VLLM, SGLang, any OpenAI-compatible API) at any time. +### 🔒 Recommended: Run with a Sandboxed Terminal + +By default, Hermes runs commands directly on your machine (`local` backend). For safer use we recommend running with a **sandboxed terminal backend** so the agent **cannot access its own code, config, or API keys**: + +```bash +# Option A: SSH into a separate machine (recommended for production) +hermes config set terminal.backend ssh +hermes config set TERMINAL_SSH_HOST my-server.example.com +hermes config set TERMINAL_SSH_USER myuser + +# Option B: Docker container (good for local isolation) +hermes config set terminal.backend docker + +# Option C: Modal cloud sandbox (serverless, no infra to manage) +hermes config set terminal.backend modal +``` + +All container/remote backends support **persistent workspaces** — installed packages, files, and state survive across sessions. The agent gets a full working environment but can't read `~/.hermes/.env`, modify its own source code, or access your host filesystem. + +See [Terminal & Process Management](#-terminal--process-management) for full configuration options. + --- ## Updating