Reference

Hermes Hub External REST API Contract

Client-facing REST endpoint groups, authentication, response conventions, and endpoint purposes.

Hermes Hub exposes an HTTP API for managing hosted Hermes Agent tenants, their runs, shared storage, skills, cron jobs, credentials, and operator policy.

This document describes the client-facing contract. It intentionally omits host deployment internals and private runtime implementation details.

Base URL

Use the Hub URL provided by your operator:

https://<hub-host>

All management endpoints are rooted under /v1 unless otherwise noted.

Authentication

Management endpoints require:

Authorization: Bearer <token>

Webhook endpoints use the relevant upstream provider verification scheme. Tenant-runtime callback endpoints are private to tenant runtimes and are not general client APIs.

Response Format

Successful responses are JSON unless an endpoint explicitly streams events or downloads file bytes.

Errors use problem-style JSON with stable fields such as:

{
  "code": "invalid_argument",
  "message": "human-readable detail",
  "status": 400
}

Core Endpoints

Health and Metadata

MethodPathPurpose
GET/v1/healthzLiveness check.
GET/v1/readyzReadiness check.
GET/v1/versionHub version and runtime metadata.

Tenants

MethodPathPurpose
GET/v1/tenantsList tenants.
POST/v1/tenantsCreate and provision a tenant.
GET/v1/tenants/{tenantId}Get one tenant.
PATCH/v1/tenants/{tenantId}Update tenant metadata and desired settings.
DELETE/v1/tenants/{tenantId}Delete one tenant.
GET/v1/tenants/{tenantId}/accessRead tenant access state.
PUT/v1/tenants/{tenantId}/accessSet tenant access state.

Tenant IDs are path identifiers. Treat them as opaque strings that must match the API validation rules.

Tenant Agent Lifecycle

MethodPathPurpose
GET/v1/tenants/{tenantId}/agentGet current tenant agent state.
POST/v1/tenants/{tenantId}/agent/startStart or wake the tenant agent.
POST/v1/tenants/{tenantId}/agent/stopStop the tenant agent.
POST/v1/tenants/{tenantId}/agent/restartRestart the tenant agent.
GET/v1/tenants/{tenantId}/agent-cardReturn the tenant’s public A2A agent card.

Runs and Events

MethodPathPurpose
POST/v1/tenants/{tenantId}/runsStart a Hermes Agent run.
GET/v1/tenants/{tenantId}/runs/{runId}Get run status and metadata.
GET/v1/tenants/{tenantId}/runs/{runId}/eventsStream run events.
POST/v1/tenants/{tenantId}/runs/{runId}/stopStop a running run.
POST/v1/tenants/{tenantId}/runs/{runId}/approvalResolve a pending run approval.

Run event streams are long-lived responses. Clients should handle reconnects and terminal run states.

Tenant Files

MethodPathPurpose
GET/v1/tenants/{tenantId}/filesList tenant-visible file roots and directories.
GET/v1/tenants/{tenantId}/files/contentRead text-previewable file content.
GET/v1/tenants/{tenantId}/files/downloadDownload one tenant-visible file.

Only tenant-visible roots are exposed. Secrets, private runtime state, and other tenants’ private areas are not part of the file API.

Tenant Environment Keys

MethodPathPurpose
GET/v1/tenants/{tenantId}/envList tenant-scoped environment key names and metadata.
PUT/v1/tenants/{tenantId}/env/{name}Set one accepted tenant-scoped key.
DELETE/v1/tenants/{tenantId}/env/{name}Remove one tenant-scoped key.

Only accepted tenant-scoped, secret-style names may be set. Hub-managed runtime keys are reserved.

Skills

MethodPathPurpose
GET/v1/tenants/{tenantId}/skillsList installed tenant skills.
GET/v1/tenants/{tenantId}/skills/{category}/{skill}/filesList files for one skill.
GET/v1/tenants/{tenantId}/skill-files/{skillPath}Read one skill file.
PUT/v1/tenants/{tenantId}/skills/{skillName}/stateSet skill enabled/disabled state.

Agent Cron

MethodPathPurpose
GET/v1/tenants/{tenantId}/agent-cronList tenant agent cron jobs.
POST/v1/tenants/{tenantId}/agent-cronCreate an agent cron job.
GET/v1/tenants/{tenantId}/agent-cron/{jobId}Get one cron job.
PATCH/v1/tenants/{tenantId}/agent-cron/{jobId}Update one cron job.
DELETE/v1/tenants/{tenantId}/agent-cron/{jobId}Delete one cron job.
POST/v1/tenants/{tenantId}/agent-cron/{jobId}/pausePause one cron job.
POST/v1/tenants/{tenantId}/agent-cron/{jobId}/resumeResume one cron job.
POST/v1/tenants/{tenantId}/agent-cron/{jobId}/runTrigger one cron job immediately.

The cron job schema is owned by the tenant agent runtime. Hub passes job definitions through and returns the runtime response.

Share Groups and Shared Files

MethodPathPurpose
GET/v1/share-groupsList share groups.
POST/v1/share-groupsCreate a share group.
GET/v1/share-groups/{groupId}Get one share group.
PATCH/v1/share-groups/{groupId}Update one share group.
DELETE/v1/share-groups/{groupId}Delete one share group.
PUT/v1/share-groups/{groupId}/members/{tenantId}Set a member’s access.
DELETE/v1/share-groups/{groupId}/members/{tenantId}Remove a member.
GET/v1/tenants/{tenantId}/sharesList shares visible to a tenant.

Share file operations are scoped by tenant and share group:

/v1/tenants/{tenantId}/shares/{groupId}/list
/v1/tenants/{tenantId}/shares/{groupId}/read
/v1/tenants/{tenantId}/shares/{groupId}/stat
/v1/tenants/{tenantId}/shares/{groupId}/grep
/v1/tenants/{tenantId}/shares/{groupId}/find
/v1/tenants/{tenantId}/shares/{groupId}/write
/v1/tenants/{tenantId}/shares/{groupId}/mkdir
/v1/tenants/{tenantId}/shares/{groupId}/move
/v1/tenants/{tenantId}/shares/{groupId}/remove

Read operations require share membership. Mutating operations require write access to that share.

A2A Edge Surfaces

MethodPathPurpose
POST/a2a/{tenantId}Tenant A2A endpoint.
GET/a2a/{tenantId}/.well-known/agent.jsonPublic agent metadata.
GET/a2a/{tenantId}/.well-known/agent-card.jsonPublic agent card.
GET/v1/tenants/{tenantId}/a2a-peersList introduced peers.
POST/v1/tenants/{tenantId}/a2a-peersIntroduce a peer.
GET/v1/tenants/{tenantId}/a2a-peers/{peerId}Get one peer.
DELETE/v1/tenants/{tenantId}/a2a-peers/{peerId}Remove one peer.

Credentials and Secrets

MethodPathPurpose
GET/v1/tenants/{tenantId}/a2a-credentialsReturn tenant A2A credentials.
GET/v1/tenants/{tenantId}/api-credentialsReturn tenant-scoped API credentials.
POST/v1/tenants/{tenantId}/api-credentials/rotateRotate tenant-scoped API credentials.
GET/v1/secretsList managed secret metadata.
POST/v1/secretsRegister a managed secret without returning material.
GET/v1/secrets/{secretId}Return managed secret metadata.
DELETE/v1/secrets/{secretId}Delete managed secret metadata and material.
POST/v1/secrets/{secretId}:replace-materialReplace write-only secret material.
POST/v1/secrets/{secretId}:refreshRefresh one OAuth2 secret.
POST/v1/secrets/{secretId}:rotateRotate one managed API-key secret.
POST/v1/secrets:refresh-dueRefresh all due OAuth2 secrets.

Secret material is write-only. Read APIs return metadata and status only.

Flavors, Releases, and Evals

MethodPathPurpose
GET/v1/hermes-agent/releasesList installed agent releases.
POST/v1/hermes-agent/releasesRegister or install a release.
GET/v1/hermes-agent/releases/{releaseId}Get one release.
DELETE/v1/hermes-agent/releases/{releaseId}Delete an inactive unused release.
POST/v1/hermes-agent/releases/{releaseId}:activatePromote a release.
GET/v1/flavorsList flavor catalog.
POST/v1/flavorsInstall a flavor package.
GET/v1/flavors/{flavorId}Get one flavor catalog entry.
GET/v1/flavors/{flavorId}/versions/{flavorVersion}Get one flavor version.
DELETE/v1/flavors/{flavorId}/versions/{flavorVersion}Delete an unused flavor version.
GET/v1/flavors/{flavorId}/versions/{flavorVersion}/contentsReturn renderable flavor contents.
GET/v1/flavors/{flavorId}/versions/{flavorVersion}/eval-suitesList flavor eval suites.
POST/v1/flavors/{flavorId}/versions/{flavorVersion}/eval-runsStart an eval run.
POST/v1/flavors/{flavorId}/versions/{flavorVersion}:deprecateDeprecate a flavor version.
GET/v1/eval-runsList eval runs.
GET/v1/eval-runs/{evalRunId}Get one eval run.
POST/v1/eval-runs/{evalRunId}:cancelCancel an eval run.

Policy and Configuration

MethodPathPurpose
GET/v1/agent-policyReturn hub-wide agent policy.
PUT/v1/agent-policyReplace hub-wide agent policy.
GET/v1/agent-featuresList known agent features.
GET/v1/agent-specializationGet default hosted-agent specialization.
PUT/v1/agent-specializationReplace default specialization.
DELETE/v1/agent-specializationDisable default specialization.
GET/v1/tenants/{tenantId}/agent-policyGet tenant effective policy and override.
PUT/v1/tenants/{tenantId}/agent-policyReplace tenant policy override.
DELETE/v1/tenants/{tenantId}/agent-policyDelete tenant policy override.
GET/v1/config/tenant-impactReturn tenant-impacting config view.
PATCH/v1/config/tenant-impactStage tenant-impacting config changes.
POST/v1/config/tenant-impact:applyApply staged config changes.

Metrics and Business Keys

MethodPathPurpose
GET/v1/metrics/runsList run metrics.
GET/v1/metrics/runs/{runId}Get one run metrics record.
GET/v1/metrics/schedulesList schedule metrics.
GET/v1/metrics/usage/aggregateAggregate usage metrics.
GET/v1/admin/business-keysList business keys.
POST/v1/admin/business-keysCreate a business key.
DELETE/v1/admin/business-keys/{businessKeyId}Delete a business key.

Webhooks

MethodPathPurpose
GET/webhooks/whatsappMeta WhatsApp webhook verification.
POST/webhooks/whatsappMeta WhatsApp message events.
POST/webhooks/telegramTelegram Bot API message events.

Webhook bodies are provider-defined.

Non-Client Runtime Callback Endpoints

Paths under /v1/tenant-runtime/{tenantId}/... are reserved for tenant runtime callbacks and hub-managed runtime proxying. External clients should not call them directly unless they are implementing a compatible tenant runtime and have the tenant-runtime credential.