This document describes what is available from inside a hosted Hermes tenant agent. It is a client-facing runtime contract and intentionally avoids host isolation implementation details.
Paths
~
The agent’s home directory is private to the tenant. It is the default location for tool configuration, SSH client configuration, shell dotfiles, and other per-tenant runtime state.
~/workspace
~/workspace is the tenant’s durable working area when Hub storage is enabled.
Use it for artifacts that should be visible to users or survive across runs:
- reports
- images
- generated documents
- datasets
- build outputs
- files referenced in final answers
When an agent creates a downloadable artifact, it should place the final file
under ~/workspace and reference that path, for example:
Download: ~/workspace/report.pdf
The Hub can convert tenant-visible artifact references into signed download links for users.
~/company
~/company is the tenant-facing company or team storage view when enabled.
There are two possible shapes:
- Org-wide access:
~/companyshows the company storage tree. - Scoped team access:
~/companycontains only the teams or departments that the tenant can access.
Treat content in ~/company as shared input. Do not put tenant secrets, private
browser state, credentials, or private memory there.
Important Environment Variables
| Variable | Meaning |
|---|---|
HERMES_TENANT_ID | Current tenant id. |
HOME | Tenant home directory. |
HERMES_HOME | Tenant runtime root. Use HOME, ~/workspace, and ~/company for normal file work. |
HERMES_WORKSPACE | Absolute path backing ~/workspace, when storage is enabled. |
HERMES_COMPANY_ROOT | Absolute path backing ~/company, when company/team storage is available. |
HERMES_TEAMS | Comma-separated team grants such as teams/division1:write, when scoped team storage is available. |
HERMES_SHARED_STORAGE_ACCESS | Org-wide company storage access: read or write, when available. |
HERMES_SHARED_ROOT_WRITABLE | Whether the tenant can create entries directly in the company storage root. |
HERMES_BROWSER_ENABLED | true when browser support is enabled. |
CAMOFOX_URL | Local browser automation endpoint, only when browser support is enabled. |
HERMES_PUBLIC_HOST | Public host for the tenant, when configured. |
HERMES_AGENT_VERSION | Active Hermes Agent version label. |
Additional provider keys or managed-secret stubs may be present when configured by the operator. Agents must treat them as secrets.
LLM and Vision Access
Agents should use the provided codex launcher on PATH for LLM calls. The
launcher is configured by the Hub and handles the tenant’s provider routing.
Advanced clients may see these variables:
| Variable | Meaning |
|---|---|
HERMES_HUB_CODEX_PROXY_BASE_URL | Hub-managed LLM proxy base URL for this tenant. |
HERMES_HUB_CODEX_MODEL | Default text model. |
HERMES_HUB_VISION_PROXY_BASE_URL | Hub-managed vision proxy base URL for this tenant. |
HERMES_HUB_VISION_MODEL | Default vision model. |
HERMES_HUB_TENANT_RUNTIME_KEY | Tenant runtime credential. Never print, log, or transmit it. |
Browser Access
When browser support is enabled:
CAMOFOX_URLpoints to the tenant’s browser automation endpoint.- Browser profile, cookies, and local storage are tenant-private runtime state.
- Agents should not copy browser state into
~/workspaceor~/company.
Skills
Installed skills are available to the tenant runtime. Agents can discover and use skills according to the active Hermes Agent skill mechanism and the Hub’s enabled policy.
Cron
Tenant cron jobs are managed through the Hub API and MCP tools. Cron jobs run as
tenant agent work and should write user-visible outputs under ~/workspace
when users need access to the result.
File Handling Rules
- Use
~/workspacefor final user artifacts. - Use
~/companyfor shared company/team material only. - Do not put secrets in shared storage.
- Do not print raw environment variables.
- Do not expose tenant runtime credentials.
- Prefer tenant-visible paths in final answers.