fef1a41248
Cross-checked 75 docs pages under user-guide/messaging/, developer-guide/,
guides/, and integrations/ against the live registries and gateway code.
messaging/
- index.md: API Server toolset is hermes-api-server (was 'hermes (default)');
Google Chat slug is hermes-google_chat (underscore — plugin name uses _).
- google_chat.md: drop bogus 'pip install hermes-agent[google_chat]' (no such
extra); list the actual deps (google-cloud-pubsub, google-api-python-client,
google-auth, google-auth-oauthlib).
- qqbot.md: config namespace is platforms.qqbot (was platforms.qq, which is
silently ignored by the adapter); QQ_STT_BASE_URL is not read directly —
baseUrl lives under platforms.qqbot.extra.stt.
- teams-meetings.md: 'hermes teams-pipeline' is plugin-gated (teams_pipeline
plugin must be enabled), not a built-in subcommand.
- sms.md: example log line 0.0.0.0:8080 -> 127.0.0.1:8080 (default
SMS_WEBHOOK_HOST).
- open-webui.md: API_SERVER_* are env vars, not YAML keys — write them to
per-profile .env, not 'hermes config set' (same pattern fixed in
api-server.md last round). Also bumped example ports to 8650+ to dodge the
default webhook (8644)/wecom-callback (8645)/msgraph-webhook (8646)
collision.
developer-guide/
- architecture.md: tool/toolset counts (61/52 -> 70+/~28); LOC stamps for
run_agent.py, cli.py, hermes_cli/main.py, setup.py, mcp_tool.py,
gateway/run.py replaced with 'large file' to stop drifting.
- agent-loop.md: same LOC drift (~13,700 -> 'a large file (15k+ lines)').
- gateway-internals.md: '14+ external messaging platforms' -> '20+'; gateway
platform tree updated (qqbot is a sub-package, not qqbot.py; added
yuanbao.py, feishu_comment.py, msgraph_webhook.py); 'gateway/builtin_hooks/
(always active)' was wrong — it's an empty extension point and
_register_builtin_hooks() is a no-op stub.
- acp-internals.md: drop fictional 'message_callback' from the bridged-
callbacks list; clarify thinking_callback is currently set to None.
- provider-runtime.md: provider list was missing AWS Bedrock, Azure Foundry,
NVIDIA NIM, xAI, Arcee, GMI Cloud, StepFun, Qwen OAuth, Xiaomi, Ollama
Cloud, LM Studio, Tencent TokenHub. Fallback section described only the
legacy single-pair model — corrected to the canonical list-form
fallback_providers chain.
- environments.md: parsers list missing llama4_json and the deepseek_v31
alias; both register via @register_parser.
- browser-supervisor.md: drop reference to scripts/browser_supervisor_e2e.py
which doesn't exist in-repo.
- contributing.md: tinker-atropos is a git submodule — note that
'git submodule update --init' is required if cloning without
--recurse-submodules.
guides/
- operate-teams-meeting-pipeline.md: cron flags were all wrong — schedule is
positional (not --schedule), the script-only flag is --no-agent (not
--script-only), and there's no --command flag. Replaced with a real example
that creates the script under ~/.hermes/scripts/ and uses the actual flags.
Also replaced fictional 'hermes cron show <name>' with 'hermes cron status'.
- automation-templates.md: 'cron create --skills "a,b"' doesn't work —
the flag is --skill (singular, repeatable). Fixed all 5 occurrences via AST
rewrite.
- minimax-oauth.md: 'hermes auth add minimax-oauth --region cn' silently
fails because --region isn't registered on the auth-add argparse spec.
Pointed users at the minimax-cn provider (or MINIMAX_CN_API_KEY env) for
China-region access.
- cron-script-only.md: 'hermes send' is fictional — replaced the comparison-
table mention with a webhook-subscription pointer; also fixed the dead link
to /guides/pipe-script-output (page doesn't exist).
- cron-troubleshooting.md: 'hermes serve' isn't a real subcommand. Pointed
at 'hermes gateway' (foreground) / 'hermes gateway start' (service).
- local-ollama-setup.md: 'agent.api_timeout' is not a config key. The right
knob is the HERMES_API_TIMEOUT env var.
- python-library.md: run_conversation() return dict has only final_response
and messages — task_id is stored on the agent instance, not echoed back.
- use-mcp-with-hermes.md: '--args /c "npx -y …"' wraps the npx command in
one quoted string, so cmd.exe gets a single arg instead of the multi-token
command line it needs. Removed the surrounding quotes — argparse nargs='*'
collects each token correctly.
integrations/
- providers.md: Bedrock guardrail YAML keys were 'id'/'version' (don't exist);
actual keys are guardrail_identifier/guardrail_version (matches DEFAULT_CONFIG
and the run_agent.py reader). GMI default base URL (api.gmi.ai/v1 ->
api.gmi-serving.com/v1) and portal URL (inference.gmi.ai -> www.gmicloud.ai)
refreshed. Fallback section rewritten to lead with the canonical
fallback_providers list form (was leading with the legacy fallback_model
single dict); supported-providers list extended to include azure-foundry,
alibaba-coding-plan, lmstudio.
index.md
- '68 built-in tools' -> '70+'; '15+ platforms' was both inconsistent with
integrations/index.md ('19+') and undercounted — bumped to 20+ and added
Weixin/QQ Bot/Yuanbao/Google Chat to the list.
Validation: 'npm run build' clean (exit 0); broken-link count unchanged at
155 (same as round-1 post-skill-regen baseline). 24 files, +132/-89.
7.4 KiB
| sidebar_position | title | description |
|---|---|---|
| 15 | MiniMax OAuth | Log into MiniMax via browser OAuth and use MiniMax-M2.7 models in Hermes Agent — no API key required |
MiniMax OAuth
Hermes Agent supports MiniMax through a browser-based OAuth login flow, using the same credentials as the MiniMax portal. No API key or credit card is required — log in once and Hermes automatically refreshes your session.
The transport reuses the anthropic_messages adapter (MiniMax exposes an Anthropic Messages-compatible endpoint at /anthropic), so all existing tool-calling, streaming, and context features work without any adapter changes.
Overview
| Item | Value |
|---|---|
| Provider ID | minimax-oauth |
| Display name | MiniMax (OAuth) |
| Auth type | Browser OAuth (PKCE device-code flow) |
| Transport | Anthropic Messages-compatible (anthropic_messages) |
| Models | MiniMax-M2.7, MiniMax-M2.7-highspeed |
| Global endpoint | https://api.minimax.io/anthropic |
| China endpoint | https://api.minimaxi.com/anthropic |
| Requires env var | No (MINIMAX_API_KEY is not used for this provider) |
Prerequisites
- Python 3.9+
- Hermes Agent installed
- A MiniMax account at minimax.io (global) or minimaxi.com (China)
- A browser available on the local machine (or use
--no-browserfor remote sessions)
Quick Start
# Launch the provider and model picker
hermes model
# → Select "MiniMax (OAuth)" from the provider list
# → Hermes opens your browser to the MiniMax authorization page
# → Approve access in the browser
# → Select a model (MiniMax-M2.7 or MiniMax-M2.7-highspeed)
# → Start chatting
hermes
After the first login, credentials are stored under ~/.hermes/auth.json and are refreshed automatically before each session.
Logging In Manually
You can trigger a login without going through the model picker:
hermes auth add minimax-oauth
China region
If your account is on the China platform (minimaxi.com), use the China-region OAuth provider id minimax-cn instead, or skip OAuth and configure MINIMAX_CN_API_KEY / MINIMAX_CN_BASE_URL directly. The --region cn flag described in older docs is not wired through the CLI's argument parser; use the minimax-cn provider instead:
hermes auth add minimax-cn --type oauth # if OAuth is supported on your CN account
# or simpler:
echo 'MINIMAX_CN_API_KEY=your-key' >> ~/.hermes/.env
Remote / headless sessions
On servers or containers where no browser is available:
hermes auth add minimax-oauth --no-browser
Hermes will print the verification URL and user code — open the URL on any device and enter the code when prompted.
The OAuth Flow
Hermes implements a PKCE device-code flow against the MiniMax OAuth endpoints:
- Hermes generates a PKCE verifier / challenge pair and a random state value.
- It POSTs to
{base_url}/oauth/codewith the challenge and receives auser_codeandverification_uri. - Your browser opens
verification_uri. If prompted, enter theuser_code. - Hermes polls
{base_url}/oauth/tokenuntil the token arrives (or the deadline passes). - Tokens (
access_token,refresh_token, expiry) are saved to~/.hermes/auth.jsonunder theminimax-oauthkey.
Token refresh (standard OAuth refresh_token grant) runs automatically at each session start when the access token is within 60 seconds of expiry.
Checking Login Status
hermes doctor
The ◆ Auth Providers section will show:
✓ MiniMax OAuth (logged in, region=global)
or, if not logged in:
⚠ MiniMax OAuth (not logged in)
Switching Models
hermes model
# → Select "MiniMax (OAuth)"
# → Pick from the model list
Or set the model directly:
hermes config set model MiniMax-M2.7
hermes config set provider minimax-oauth
Configuration Reference
After login, ~/.hermes/config.yaml will contain entries similar to:
model:
default: MiniMax-M2.7
provider: minimax-oauth
base_url: https://api.minimax.io/anthropic
Region endpoints
| Provider id | Portal | Inference endpoint |
|---|---|---|
minimax-oauth (global) |
https://api.minimax.io |
https://api.minimax.io/anthropic |
minimax-cn (China) |
https://api.minimaxi.com |
https://api.minimaxi.com/anthropic |
Provider aliases
All of the following resolve to minimax-oauth:
hermes --provider minimax-oauth # canonical
hermes --provider minimax-portal # alias
hermes --provider minimax-global # alias
hermes --provider minimax_oauth # alias (underscore form)
Environment Variables
The minimax-oauth provider does not use MINIMAX_API_KEY or MINIMAX_BASE_URL. Those variables are for the API-key-based minimax and minimax-cn providers only.
| Variable | Effect |
|---|---|
MINIMAX_API_KEY |
Used by minimax provider only — ignored for minimax-oauth |
MINIMAX_CN_API_KEY |
Used by minimax-cn provider only — ignored for minimax-oauth |
To force the minimax-oauth provider at runtime:
HERMES_INFERENCE_PROVIDER=minimax-oauth hermes
Models
| Model | Best for |
|---|---|
MiniMax-M2.7 |
Long-context reasoning, complex tool-calling |
MiniMax-M2.7-highspeed |
Lower latency, lighter tasks, auxiliary calls |
Both models support up to 200,000 tokens of context.
MiniMax-M2.7-highspeed is also used automatically as the auxiliary model for vision and delegation tasks when minimax-oauth is the primary provider.
Troubleshooting
Token expired — not re-logging in automatically
Hermes refreshes the token on every session start if it is within 60 seconds of expiry. If the access token is already expired (for example, after a long offline period), the refresh happens automatically on the next request. If refresh fails with refresh_token_reused or invalid_grant, Hermes marks the session as requiring re-login.
Fix: run hermes auth add minimax-oauth again to start a fresh login.
Authorization timed out
The device-code flow has a finite expiry window. If you don't approve the login in time, Hermes raises a timeout error.
Fix: re-run hermes auth add minimax-oauth (or hermes model). The flow starts fresh.
State mismatch (possible CSRF)
Hermes detected that the state value returned by the authorization server does not match what it sent.
Fix: re-run the login. If it persists, check for a proxy or redirect that is modifying the OAuth response.
Logging in from a remote server
If hermes cannot open a browser window, use --no-browser:
hermes auth add minimax-oauth --no-browser
Hermes prints the URL and code. Open the URL on any device and complete the flow there.
"Not logged into MiniMax OAuth" error at runtime
The auth store has no credentials for minimax-oauth. You have not logged in yet, or the credential file was deleted.
Fix: run hermes model and select MiniMax (OAuth), or run hermes auth add minimax-oauth.
Logging Out
To remove stored MiniMax OAuth credentials:
hermes auth remove minimax-oauth