Reference

Hermes Agent Tenant Environment

Tenant-visible paths, environment variables, LLM access, browser access, skills, and cron.

This document describes what is available from inside a hosted Hermes tenant agent. It is a client-facing runtime contract and intentionally avoids host isolation implementation details.

Paths

~

The agent’s home directory is private to the tenant. It is the default location for tool configuration, SSH client configuration, shell dotfiles, and other per-tenant runtime state.

~/workspace

~/workspace is the tenant’s durable working area when Hub storage is enabled. Use it for artifacts that should be visible to users or survive across runs:

  • reports
  • images
  • generated documents
  • datasets
  • build outputs
  • files referenced in final answers

When an agent creates a downloadable artifact, it should place the final file under ~/workspace and reference that path, for example:

Download: ~/workspace/report.pdf

The Hub can convert tenant-visible artifact references into signed download links for users.

~/company

~/company is the tenant-facing company or team storage view when enabled.

There are two possible shapes:

  • Org-wide access: ~/company shows the company storage tree.
  • Scoped team access: ~/company contains only the teams or departments that the tenant can access.

Treat content in ~/company as shared input. Do not put tenant secrets, private browser state, credentials, or private memory there.

Important Environment Variables

VariableMeaning
HERMES_TENANT_IDCurrent tenant id.
HOMETenant home directory.
HERMES_HOMETenant runtime root. Use HOME, ~/workspace, and ~/company for normal file work.
HERMES_WORKSPACEAbsolute path backing ~/workspace, when storage is enabled.
HERMES_COMPANY_ROOTAbsolute path backing ~/company, when company/team storage is available.
HERMES_TEAMSComma-separated team grants such as teams/division1:write, when scoped team storage is available.
HERMES_SHARED_STORAGE_ACCESSOrg-wide company storage access: read or write, when available.
HERMES_SHARED_ROOT_WRITABLEWhether the tenant can create entries directly in the company storage root.
HERMES_BROWSER_ENABLEDtrue when browser support is enabled.
CAMOFOX_URLLocal browser automation endpoint, only when browser support is enabled.
HERMES_PUBLIC_HOSTPublic host for the tenant, when configured.
HERMES_AGENT_VERSIONActive Hermes Agent version label.

Additional provider keys or managed-secret stubs may be present when configured by the operator. Agents must treat them as secrets.

LLM and Vision Access

Agents should use the provided codex launcher on PATH for LLM calls. The launcher is configured by the Hub and handles the tenant’s provider routing.

Advanced clients may see these variables:

VariableMeaning
HERMES_HUB_CODEX_PROXY_BASE_URLHub-managed LLM proxy base URL for this tenant.
HERMES_HUB_CODEX_MODELDefault text model.
HERMES_HUB_VISION_PROXY_BASE_URLHub-managed vision proxy base URL for this tenant.
HERMES_HUB_VISION_MODELDefault vision model.
HERMES_HUB_TENANT_RUNTIME_KEYTenant runtime credential. Never print, log, or transmit it.

Browser Access

When browser support is enabled:

  • CAMOFOX_URL points to the tenant’s browser automation endpoint.
  • Browser profile, cookies, and local storage are tenant-private runtime state.
  • Agents should not copy browser state into ~/workspace or ~/company.

Skills

Installed skills are available to the tenant runtime. Agents can discover and use skills according to the active Hermes Agent skill mechanism and the Hub’s enabled policy.

Cron

Tenant cron jobs are managed through the Hub API and MCP tools. Cron jobs run as tenant agent work and should write user-visible outputs under ~/workspace when users need access to the result.

File Handling Rules

  • Use ~/workspace for final user artifacts.
  • Use ~/company for shared company/team material only.
  • Do not put secrets in shared storage.
  • Do not print raw environment variables.
  • Do not expose tenant runtime credentials.
  • Prefer tenant-visible paths in final answers.