docs: complete Daytona backend documentation coverage

Update all remaining files that enumerate terminal backends to include Daytona. Covers security docs (bypass info, backend comparison table), environment variables reference (DAYTONA_API_KEY, TERMINAL_DAYTONA_IMAGE, container resources header), AGENTS.md (architecture tree, config keys), environments/README.md, hermes_base_env.py field description, and various module docstrings. Follow-up to PR #451 merge.
2026-04-25 00:51:20 +00:00 · 2026-03-06 03:37:05 -08:00 · 2026-03-06 03:37:05 -08:00 · 8481fdcf08
commit 8481fdcf08
parent 39299e2de4
9 changed files with 23 additions and 17 deletions
--- a/website/docs/reference/environment-variables.md
+++ b/website/docs/reference/environment-variables.md
@ -44,6 +44,7 @@ All variables go in `~/.hermes/.env`. You can also set them with `hermes config
 | `HONCHO_API_KEY` | Cross-session user modeling ([honcho.dev](https://honcho.dev/)) |
 | `TINKER_API_KEY` | RL training ([tinker-console.thinkingmachines.ai](https://tinker-console.thinkingmachines.ai/)) |
 | `WANDB_API_KEY` | RL training metrics ([wandb.ai](https://wandb.ai/)) |
+| `DAYTONA_API_KEY` | Daytona cloud sandboxes ([daytona.io](https://daytona.io/)) |

 ## Terminal Backend

@ -54,6 +55,7 @@ All variables go in `~/.hermes/.env`. You can also set them with `hermes config
 | `TERMINAL_DOCKER_VOLUMES` | Additional Docker volume mounts (comma-separated `host:container` pairs) |
 | `TERMINAL_SINGULARITY_IMAGE` | Singularity image or `.sif` path |
 | `TERMINAL_MODAL_IMAGE` | Modal container image |
+| `TERMINAL_DAYTONA_IMAGE` | Daytona sandbox image |
 | `TERMINAL_TIMEOUT` | Command timeout in seconds |
 | `TERMINAL_LIFETIME_SECONDS` | Max lifetime for terminal sessions in seconds |
 | `TERMINAL_CWD` | Working directory for all terminal sessions |
@ -68,7 +70,7 @@ All variables go in `~/.hermes/.env`. You can also set them with `hermes config
 | `TERMINAL_SSH_PORT` | SSH port (default: 22) |
 | `TERMINAL_SSH_KEY` | Path to private key |

-## Container Resources (Docker, Singularity, Modal)
+## Container Resources (Docker, Singularity, Modal, Daytona)

 | Variable | Description |
 |----------|-------------|
--- a/website/docs/user-guide/features/tools.md
+++ b/website/docs/user-guide/features/tools.md
@ -13,7 +13,7 @@ Tools are functions that extend the agent's capabilities. They're organized into
 | Category | Tools | Description |
 |----------|-------|-------------|
 | **Web** | `web_search`, `web_extract` | Search the web, extract page content |
-| **Terminal** | `terminal`, `process` | Execute commands (local/docker/singularity/modal/ssh backends), manage background processes |
+| **Terminal** | `terminal`, `process` | Execute commands (local/docker/singularity/modal/daytona/ssh backends), manage background processes |
 | **File** | `read_file`, `write_file`, `patch`, `search_files` | Read, write, edit, and search files |
 | **Browser** | `browser_navigate`, `browser_click`, `browser_type`, etc. | Full browser automation via Browserbase |
 | **Vision** | `vision_analyze` | Image analysis via multimodal models |
@ -115,7 +115,7 @@ Configure CPU, memory, disk, and persistence for all container backends:

 ```yaml
 terminal:
-  backend: docker  # or singularity, modal
+  backend: docker  # or singularity, modal, daytona
  container_cpu: 1              # CPU cores (default: 1)
  container_memory: 5120        # Memory in MB (default: 5GB)
  container_disk: 51200         # Disk in MB (default: 50GB)
--- a/website/docs/user-guide/security.md
+++ b/website/docs/user-guide/security.md
@ -45,7 +45,7 @@ The following patterns trigger approval prompts (defined in `tools/approval.py`)
 | Fork bomb patterns | Fork bombs |

 :::info
-**Container bypass**: When running in `docker`, `singularity`, or `modal` backends, dangerous command checks are **skipped** because the container itself is the security boundary. Destructive commands inside a container can't harm the host.
+**Container bypass**: When running in `docker`, `singularity`, `modal`, or `daytona` backends, dangerous command checks are **skipped** because the container itself is the security boundary. Destructive commands inside a container can't harm the host.
 :::

 ### Approval Flow (CLI)
@ -224,7 +224,7 @@ terminal:
 - **Ephemeral mode** (`container_persistent: false`): Uses tmpfs for workspace — everything is lost on cleanup

 :::tip
-For production gateway deployments, use `docker` or `modal` backend to isolate agent commands from your host system. This eliminates the need for dangerous command approval entirely.
+For production gateway deployments, use `docker`, `modal`, or `daytona` backend to isolate agent commands from your host system. This eliminates the need for dangerous command approval entirely.
 :::

 ## Terminal Backend Security Comparison
@ -236,6 +236,7 @@ For production gateway deployments, use `docker` or `modal` backend to isolate a
 | **docker** | Container | ❌ Skipped (container is boundary) | Production gateway |
 | **singularity** | Container | ❌ Skipped | HPC environments |
 | **modal** | Cloud sandbox | ❌ Skipped | Scalable cloud isolation |
+| **daytona** | Cloud sandbox | ❌ Skipped | Persistent cloud workspaces |

 ## MCP Credential Handling