Security
Hermes Agent is designed with a defense in depth security model. This page covers every security boundary — from command approval to container isolation to user
Hermes Agent is designed with a defense-in-depth security model. This page covers every security boundary — from command approval to container isolation to user authorization on messaging platforms. The security model has seven layers: 1. User authorization — who can talk to the agent (allowlists, DM pairing) 2. …
What this page covers
- Overview
- Dangerous Command Approval
- Approval Modes
- YOLO Mode
- Hardline Blocklist (Always-On Floor)
- Approval Timeout
- What Triggers Approval
- Approval Flow (CLI)
- Approval Flow (Gateway/Messaging)
- Permanent Allowlist
- User Authorization (Gateway)
- Authorization Check Order
- Platform Allowlists
- DM Pairing System
- Container Isolation
- Docker Security Flags
- Resource Limits
- Filesystem Persistence
- Terminal Backend Security Comparison
- Environment Variable Passthrough {#environment-variable-passthrough}
- How It Works
- Credential File Passthrough (OAuth tokens, etc.) {#credential-file-passthrough}
- What Each Sandbox Filters
- Security Considerations
- MCP Credential Handling
- Safe Environment Variables
- Credential Redaction
- Website Access Policy
- SSRF Protection
- Tirith Pre-Exec Security Scanning
- Context File Injection Protection
- Best Practices for Production Deployment
- Gateway Deployment Checklist
- Securing API Keys
- Network Isolation
- Supply-chain advisory checking
- Lazy install of optional dependencies
Section outline mirrored from the official Hermes Agent documentation. Follow any heading to read the complete text on the source site.
More in Using Hermes
CLI Interface
Hermes Agent's CLI is a full terminal user interface (TUI) — not a web UI. It features multiline editing, slash command autocomplete, conversation history, inte
TUI
The TUI is the modern front end for Hermes — a terminal UI backed by the same Python runtime as the Classic CLI. Same agent, same sessions, same slash commands;
Configuration
All settings are stored in the directory for easy access. TIP — Easiest path to a working Run — one OAuth gets you a model provider and all four Tool Gateway to
Configuring Models
Configuring Models Hermes uses two kinds of model slots: Main model — what the agent thinks with. Every user message, every tool call loop, every streamed respo
Sessions
Hermes Agent automatically saves every conversation as a session. Sessions enable conversation resume, cross session search, and full conversation history manag
Profiles: Running Multiple Agents
Profiles: Running Multiple Agents Run multiple independent Hermes agents on the same machine — each with its own config, API keys, memory, sessions, skills, and