mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00

docs: comprehensive 2-week sweep of feature/PR coverage gaps (#28497 )

Catch the website docs up to two weeks of merged work (May 4 – May 18, 2026,
roughly 1,080 PRs). The audit found ~50 user-visible features that had landed
in code with no docs footprint, plus a handful of stale pages. This PR closes
every gap the scan turned up.

New pages
- user-guide/features/deliverable-mode.md — extension list, agent triggers,
  kanban_complete artifacts pattern, [[as_document]] override (PR #27813).
- developer-guide/web-search-provider-plugin.md — authoring guide modeled on
  image-gen-provider-plugin, covering brave_free / ddgs / etc. (PR #25448).

Providers / auth
- Rename "Alibaba Cloud" → "Qwen Cloud (Alibaba DashScope)" everywhere the
  display label shows up; provider id stays `alibaba` (PR #24835).
- Document OAuth refresh-token quarantine for xAI / MiniMax / Codex (PRs
  #28116 / #28118 / #28119).
- Document Nous JWT minting from refresh token + invalid-refresh quarantine
  + cross-profile shared token store (PRs #27663 / #19712).
- Add `## Microsoft Entra ID authentication (keyless)` section to
  azure-foundry guide — DefaultAzureCredential, RBAC, OpenAI + Anthropic
  routing details (PR #28101 / #9df9816da).
- Custom providers `api_mode` is now prompted-and-persisted, not just URL
  autodetected (PR #25068).
- Delegation honours `api_mode` + auto-detects anthropic_messages base URLs
  (PR #26824).
- `x_search` auto-enables when xAI credentials are present (PR #27376).
- Add `xAI Grok OAuth (SuperGrok)` row to providers headline table (PR
  #26534).
- NVIDIA NIM billing-origin header is set automatically (PR #26585).

Windows / installer
- `install.ps1`: document `-Commit <sha>` and `-Tag <v>` pin params plus
  the BOM-strip / git-retry hardening (PR #28169).
- Document Hermes Desktop thin installer + first-launch bootstrap (PR
  #27822).
- Document `dep_ensure` Windows bootstrap (PR #27845).
- Document install-method auto-detection (pip / git / homebrew / nixos) and
  the matching update command (PR #27843).

Gateway / messaging
- `/platform list|pause|resume` full description + circuit-breaker
  semantics (PR #26600).
- Slack / Matrix / Mattermost get parallel `allowed_channels` /
  `allowed_rooms` allowlist sections matching Telegram/Discord/DingTalk
  (PR #21251).
- Discord `allow_any_attachment` + `max_attachment_bytes` (config and env
  vars) (PR #27245).
- Discord clarify-choice button rendering (PR #25485).
- Telegram `guest_mode` @mention bypass for allowlisted groups (PR
  #22759).
- Telegram `notifications` mode (`important` vs `all`) (PR #22793).
- `[[as_document]]` skill / response directive for forcing
  document-style media delivery (PR #21210).

CLI / TUI
- `/new [name]` argument (PR #19637).
- `/subgoal` user-supplied criteria appended to `/goal` (PR #25449).
- `/exit --delete` flag confirmation prompts for destructive slash
  commands (PR #22687).
- Status-bar additions: ▶ N background indicator (PR #27175), context
  compression count (PR #21218), YOLO mode banner+statusbar warning (PR
  #26238).
- `display.timestamps` + `docker_extra_args` config keys (PR #23599).
- TUI collapsible startup banner sections (PR #20625).
- `HERMES_SESSION_ID` exported to tool subprocesses (PR #23847).

i18n
- Refresh display.language locale list from 8 → 16 (en, zh, zh-hant, ja,
  de, es, fr, tr, uk, af, ko, it, ga, pt, ru, hu) — matches
  `agent/i18n.py:SUPPORTED_LANGUAGES`.

Tools / features
- `vision_analyze` native-pixel passthrough for vision-capable callers,
  with auxiliary text-describer fallback (PR #22955).
- `session_search` rewrite to the single-shape tool (discovery / scroll /
  browse modes) (PRs #27590 / #27840).
- Clarify MCP transport scope: client supports stdio + SSE; embedded
  `hermes mcp serve` is stdio-only (PR #21227).
- Web search backends table: add Brave Search (free tier) and DDGS rows
  (PR #21337).
- ACP session-scoped edit auto-approval modes (PR #27862).
- Curator rename map in the user-visible per-run summary (PR #22910).
- Prompt caching feature page reference in features/overview.md — Claude
  cross-session 1-hour prefix cache on native Anthropic / OpenRouter /
  Nous Portal (PR #23828).
- Cron per-job profile parameter (PR #28124).
- `--no-skills` flag for `hermes profile create` (PR #20986).

Build
- Verified with `npm run build` in `website/`; both `en` and `zh-Hans`
  locales compile. Remaining broken-link/anchor warnings are pre-existing
  (`rl-training.md` from learning-path / overview; the
  zh-Hans translation lag the docs skill already calls out).

2026-05-18 23:55:25 -07:00

7.7 KiB

Raw Blame History

sidebar_position	title	description
15	MiniMax OAuth	Log into MiniMax via browser OAuth and use MiniMax-M2.7 models in Hermes Agent — no API key required

MiniMax OAuth

Hermes Agent supports MiniMax through a browser-based OAuth login flow, using the same credentials as the MiniMax portal. No API key or credit card is required — log in once and Hermes automatically refreshes your session.

The transport reuses the anthropic_messages adapter (MiniMax exposes an Anthropic Messages-compatible endpoint at /anthropic), so all existing tool-calling, streaming, and context features work without any adapter changes.

Overview

Item	Value
Provider ID	`minimax-oauth`
Display name	MiniMax (OAuth)
Auth type	Browser OAuth (PKCE device-code flow)
Transport	Anthropic Messages-compatible (`anthropic_messages`)
Models	`MiniMax-M2.7`, `MiniMax-M2.7-highspeed`
Global endpoint	`https://api.minimax.io/anthropic`
China endpoint	`https://api.minimaxi.com/anthropic`
Requires env var	No (`MINIMAX_API_KEY` is not used for this provider)

Prerequisites

Python 3.9+
Hermes Agent installed
A MiniMax account at minimax.io (global) or minimaxi.com (China)
A browser available on the local machine (or use --no-browser for remote sessions)

Quick Start

# Launch the provider and model picker
hermes model
# → Select "MiniMax (OAuth)" from the provider list
# → Hermes opens your browser to the MiniMax authorization page
# → Approve access in the browser
# → Select a model (MiniMax-M2.7 or MiniMax-M2.7-highspeed)
# → Start chatting

hermes

After the first login, credentials are stored under ~/.hermes/auth.json and are refreshed automatically before each session.

Logging In Manually

You can trigger a login without going through the model picker:

hermes auth add minimax-oauth

China region

If your account is on the China platform (minimaxi.com), use the China-region OAuth provider id minimax-cn instead, or skip OAuth and configure MINIMAX_CN_API_KEY / MINIMAX_CN_BASE_URL directly. The --region cn flag described in older docs is not wired through the CLI's argument parser; use the minimax-cn provider instead:

hermes auth add minimax-cn --type oauth   # if OAuth is supported on your CN account
# or simpler:
echo 'MINIMAX_CN_API_KEY=your-key' >> ~/.hermes/.env

Remote / headless sessions

On servers or containers where no browser is available:

hermes auth add minimax-oauth --no-browser

Hermes will print the verification URL and user code — open the URL on any device and enter the code when prompted.

The OAuth Flow

Hermes implements a PKCE device-code flow against the MiniMax OAuth endpoints:

Hermes generates a PKCE verifier / challenge pair and a random state value.
It POSTs to {base_url}/oauth/code with the challenge and receives a user_code and verification_uri.
Your browser opens verification_uri. If prompted, enter the user_code.
Hermes polls {base_url}/oauth/token until the token arrives (or the deadline passes).
Tokens (access_token, refresh_token, expiry) are saved to ~/.hermes/auth.json under the minimax-oauth key.

Token refresh (standard OAuth refresh_token grant) runs automatically at each session start when the access token is within 60 seconds of expiry.

hermes doctor

The ◆ Auth Providers section will show:

✓ MiniMax OAuth  (logged in, region=global)

or, if not logged in:

⚠ MiniMax OAuth  (not logged in)

Switching Models

hermes model
# → Select "MiniMax (OAuth)"
# → Pick from the model list

Or set the model directly:

hermes config set model MiniMax-M2.7
hermes config set provider minimax-oauth

Configuration Reference

After login, ~/.hermes/config.yaml will contain entries similar to:

model:
  default: MiniMax-M2.7
  provider: minimax-oauth
  base_url: https://api.minimax.io/anthropic

Region endpoints

Provider id	Portal	Inference endpoint
`minimax-oauth` (global)	`https://api.minimax.io`	`https://api.minimax.io/anthropic`
`minimax-cn` (China)	`https://api.minimaxi.com`	`https://api.minimaxi.com/anthropic`

Provider aliases

All of the following resolve to minimax-oauth:

hermes --provider minimax-oauth    # canonical
hermes --provider minimax-portal   # alias
hermes --provider minimax-global   # alias
hermes --provider minimax_oauth    # alias (underscore form)

Environment Variables

The minimax-oauth provider does not use MINIMAX_API_KEY or MINIMAX_BASE_URL. Those variables are for the API-key-based minimax and minimax-cn providers only.

Variable	Effect
`MINIMAX_API_KEY`	Used by `minimax` provider only — ignored for `minimax-oauth`
`MINIMAX_CN_API_KEY`	Used by `minimax-cn` provider only — ignored for `minimax-oauth`

To force the minimax-oauth provider at runtime:

HERMES_INFERENCE_PROVIDER=minimax-oauth hermes

Models

Model	Best for
`MiniMax-M2.7`	Long-context reasoning, complex tool-calling
`MiniMax-M2.7-highspeed`	Lower latency, lighter tasks, auxiliary calls

Both models support up to 200,000 tokens of context.

MiniMax-M2.7-highspeed is also used automatically as the auxiliary model for vision and delegation tasks when minimax-oauth is the primary provider.

Troubleshooting

Token expired — not re-logging in automatically

Hermes refreshes the token on every session start if it is within 60 seconds of expiry. If the access token is already expired (for example, after a long offline period), the refresh happens automatically on the next request. If refresh fails with refresh_token_reused or invalid_grant, Hermes marks the session as requiring re-login.

When the refresh failure is terminal (HTTP 4xx, invalid_grant, revoked grant, etc.), Hermes marks the refresh token as dead and quarantines it locally so it doesn't keep replaying the doomed exchange. The agent surfaces a single "re-authentication required" message and stays out of the way until you log in again.

Fix: run hermes auth add minimax-oauth again to start a fresh login. The quarantine clears on the next successful exchange.

Authorization timed out

The device-code flow has a finite expiry window. If you don't approve the login in time, Hermes raises a timeout error.

Fix: re-run hermes auth add minimax-oauth (or hermes model). The flow starts fresh.

State mismatch (possible CSRF)

Hermes detected that the state value returned by the authorization server does not match what it sent.

Fix: re-run the login. If it persists, check for a proxy or redirect that is modifying the OAuth response.

Logging in from a remote server

If hermes cannot open a browser window, use --no-browser:

hermes auth add minimax-oauth --no-browser

Hermes prints the URL and code. Open the URL on any device and complete the flow there.

"Not logged into MiniMax OAuth" error at runtime

The auth store has no credentials for minimax-oauth. You have not logged in yet, or the credential file was deleted.

Fix: run hermes model and select MiniMax (OAuth), or run hermes auth add minimax-oauth.

Logging Out

To remove stored MiniMax OAuth credentials:

hermes auth remove minimax-oauth

7.7 KiB Raw Blame History