c6575df927
* feat(moa): expose MoA presets as selectable virtual models Reconstructed onto current main (PR #46081's base had diverged with no common ancestor, marking the PR dirty so CI never dispatched). MoA is now a virtual provider: each named preset is a selectable model under provider 'moa', and the preset's aggregator is the acting model that answers and calls tools. Reference models fan out in parallel via a bounded ThreadPoolExecutor (the same batch pattern delegate_task uses) — all references dispatched at once, collected when every one finishes, then handed to the aggregator. Output order is preserved, failures and the MoA-recursion guard stay isolated per reference. - Removed the old mixture_of_agents model tool and moa toolset. - Added moa as a virtual provider in the provider/model inventory. - /moa is shortcut behavior over model selection (default preset / named preset / one-shot prompt). - Dashboard + Desktop manage named presets; presets appear in model pickers. - Parallel reference fan-out in agent/moa_loop.py with regression test. * fix(moa): thread moa_config through _run_agent to _run_agent_inner The reconstructed gateway MoA wiring declared moa_config on _run_agent (the profile-scoping wrapper) and used it inside _run_agent_inner, but the wrapper never forwarded it — _run_agent_inner had no such parameter, so the runtime hit NameError: name 'moa_config' is not defined on the compression-failure session sync path. Add moa_config to _run_agent_inner's signature and forward it from both wrapper call sites (multiplex and non-multiplex). Caught by tests/gateway/test_compression_failure_session_sync.py on CI shard test(4). * fix(moa): classify moa as a virtual provider in the catalog The moa virtual provider has no PROVIDER_REGISTRY/ProviderProfile entry, so provider_catalog() fell through to the default auth_type="api_key" with no env vars — tripping two catalog invariants: - test_provider_catalog: api_key providers must expose a credential env var - test_provider_parity: every hermes-model provider must be desktop-configurable moa already declares auth_type="virtual" in HERMES_OVERLAYS; consult that overlay as an auth_type fallback so the catalog reports moa as virtual (no real credential, no network endpoint). Exempt virtual providers from the desktop parity union check the same way 'custom' is exempt — derived from the catalog, not a hardcoded slug, so future virtual providers are covered too.
7.6 KiB
| sidebar_position | title | description |
|---|---|---|
| 1 | Tools & Toolsets | Overview of Hermes Agent's tools — what's available, how toolsets work, and terminal backends |
Tools & Toolsets
Tools are functions that extend the agent's capabilities. They're organized into logical toolsets that can be enabled or disabled per platform.
Available Tools
Hermes ships with a broad built-in tool registry covering web search, browser automation, terminal execution, file editing, memory, delegation, RL training, messaging delivery, Home Assistant, and more.
:::note
Honcho cross-session memory is available as a memory provider plugin (plugins/memory/honcho/), not as a built-in toolset. See Plugins for installation.
:::
High-level categories:
| Category | Examples | Description |
|---|---|---|
| Web | web_search, web_extract |
Search the web and extract page content. |
| X Search | x_search |
Search X (Twitter) posts and threads via xAI's built-in x_search Responses tool — gated on xAI credentials (SuperGrok OAuth or XAI_API_KEY); off by default, opt in via hermes tools → 🐦 X (Twitter) Search. |
| Terminal & Files | terminal, process, read_file, patch |
Execute commands and manipulate files. |
| Browser | browser_navigate, browser_snapshot, browser_vision |
Interactive browser automation with text and vision support. |
| Media | vision_analyze, image_generate, text_to_speech |
Multimodal analysis and generation. |
| Agent orchestration | todo, clarify, execute_code, delegate_task |
Planning, clarification, code execution, and subagent delegation. |
| Memory & recall | memory, session_search |
Persistent memory and session search. |
| Automation & delivery | cronjob, send_message |
Scheduled tasks with create/list/update/pause/resume/run/remove actions, plus outbound messaging delivery. |
| Integrations | ha_*, MCP server tools |
Home Assistant, MCP, and other integrations. |
For the authoritative code-derived registry, see Built-in Tools Reference and Toolsets Reference.
:::tip Nous Tool Gateway
Paid Nous Portal subscribers can use web search, image generation, TTS, and browser automation through the Tool Gateway — no separate API keys needed. Run hermes model to enable it, or configure individual tools with hermes tools.
:::
Using Toolsets
# Use specific toolsets
hermes chat --toolsets "web,terminal"
# See all available tools
hermes tools
# Configure tools per platform (interactive)
hermes tools
Common toolsets include web, search, terminal, file, browser, vision, image_gen, skills, tts, todo, memory, session_search, cronjob, code_execution, delegation, clarify, homeassistant, messaging, spotify, discord, discord_admin, debugging, and safe.
See Toolsets Reference for the full set, including platform presets such as hermes-cli, hermes-telegram, and dynamic MCP toolsets like mcp-<server>.
Terminal Backends
The terminal tool can execute commands in different environments:
| Backend | Description | Use Case |
|---|---|---|
local |
Run on your machine (default) | Development, trusted tasks |
docker |
Isolated containers | Security, reproducibility |
ssh |
Remote server | Sandboxing, keep agent away from its own code |
singularity |
HPC containers | Cluster computing, rootless |
modal |
Cloud execution | Serverless, scale |
daytona |
Cloud sandbox workspace | Persistent remote dev environments |
Configuration
# In ~/.hermes/config.yaml
terminal:
backend: local # or: docker, ssh, singularity, modal, daytona
cwd: "." # Working directory
timeout: 180 # Command timeout in seconds
Docker Backend
terminal:
backend: docker
docker_image: python:3.11-slim
One persistent container, shared across the whole process. Hermes starts a single long-lived container on first use (docker run -d ... sleep 2h) and routes every terminal, file, and execute_code call through docker exec into that same container. Working-directory changes, installed packages, environment tweaks, and files written to /workspace all carry over from one tool call to the next, across /new, /reset, and delegate_task subagents, for the lifetime of the Hermes process. The container is stopped and removed on shutdown.
This means the Docker backend behaves like a persistent sandbox VM, not a fresh container per command. If you pip install foo once, it's there for the rest of the session. If you cd /workspace/project, subsequent ls calls see that directory. See Configuration → Docker Backend for the full lifecycle details and the container_persistent flag that controls whether /workspace and /root survive across Hermes restarts.
SSH Backend
Recommended for security — agent can't modify its own code:
terminal:
backend: ssh
# Set credentials in ~/.hermes/.env
TERMINAL_SSH_HOST=my-server.example.com
TERMINAL_SSH_USER=myuser
TERMINAL_SSH_KEY=~/.ssh/id_rsa
Singularity/Apptainer
# Pre-build SIF for parallel workers
apptainer build ~/python.sif docker://python:3.11-slim
# Configure
hermes config set terminal.backend singularity
hermes config set terminal.singularity_image ~/python.sif
Modal (Serverless Cloud)
uv pip install modal
modal setup
hermes config set terminal.backend modal
Container Resources
Configure CPU, memory, disk, and persistence for all container backends:
terminal:
backend: docker # or singularity, modal, daytona
container_cpu: 1 # CPU cores (default: 1)
container_memory: 5120 # Memory in MB (default: 5GB)
container_disk: 51200 # Disk in MB (default: 50GB)
container_persistent: true # Persist filesystem across sessions (default: true)
When container_persistent: true, installed packages, files, and config survive across sessions.
Container Security
All container backends run with security hardening:
- Read-only root filesystem (Docker)
- All Linux capabilities dropped
- No privilege escalation
- PID limits (256 processes)
- Full namespace isolation
- Persistent workspace via volumes, not writable root layer
Docker can optionally receive an explicit env allowlist via terminal.docker_forward_env, but forwarded variables are visible to commands inside the container and should be treated as exposed to that session.
Background Process Management
Start background processes and manage them:
terminal(command="pytest -v tests/", background=true)
# Returns: {"session_id": "proc_abc123", "pid": 12345}
# Then manage with the process tool:
process(action="list") # Show all running processes
process(action="poll", session_id="proc_abc123") # Check status
process(action="wait", session_id="proc_abc123") # Block until done
process(action="log", session_id="proc_abc123") # Full output
process(action="kill", session_id="proc_abc123") # Terminate
process(action="write", session_id="proc_abc123", data="y") # Send input
PTY mode (pty=true) enables interactive CLI tools like Codex and Claude Code.
Sudo Support
If a command needs sudo, you'll be prompted for your password (cached for the session). Or set SUDO_PASSWORD in ~/.hermes/.env.
:::warning
On messaging platforms, if sudo fails, the output includes a tip to add SUDO_PASSWORD to ~/.hermes/.env.
:::