Reference

Hermes Hub MCP Contract

MCP endpoint, transport, authentication, tools, inputs, and safety notes.

Hermes Hub exposes a Model Context Protocol (MCP) endpoint that maps MCP tools onto supported Hub REST operations.

Endpoint

https://<hub-host>/mcp

Standalone deployments may expose a different host or port, but the MCP path is still /mcp.

Transport

Hermes Hub uses MCP Streamable HTTP:

  • GET /mcp for server-sent event streams.
  • POST /mcp for JSON-RPC messages.
  • DELETE /mcp for session teardown.

Authentication

HTTP MCP requests require:

Authorization: Bearer <token>

The token must authorize Hub management operations. Do not send tenant runtime keys to the MCP endpoint.

Tool Response Shape

Tools return MCP text content containing JSON from the underlying Hub operation. An empty successful REST response is returned as:

{"ok": true}

Tenant Management Tools

list_tenants

Lists all tenants. Secret keys are redacted.

Input: {}.

get_tenant

Gets one tenant.

Input:

{"tenant_id": "tenant_123"}

create_tenant

Creates a tenant. The input body follows the REST CreateTenantRequest shape. Common fields include id, displayName, agent, storage, browser, and flavor.

update_tenant

Updates mutable tenant fields. Only supplied fields are changed.

Input includes tenant_id plus fields from the REST UpdateTenantRequest shape.

delete_tenant

Deletes one tenant.

Input:

{"tenant_id": "tenant_123"}

set_tenant_access

Sets tenant access to active or blocked.

Input includes tenant_id plus the REST access update fields such as status, message, and reason.

Tenant Skill Tools

list_tenant_skills

Lists installed skills for a tenant, grouped by category.

Input:

{"tenant_id": "tenant_123"}

list_tenant_skill_files

Lists files belonging to one skill.

Input:

{
  "tenant_id": "tenant_123",
  "category": "content",
  "skill": "writer"
}

get_tenant_skill_file

Reads one tenant skill file.

Input:

{
  "tenant_id": "tenant_123",
  "path": "content/writer/SKILL.md"
}

Share Filesystem Tools

These tools operate on department or team shares visible to a tenant. Read-only tools require membership. Mutating tools require write access.

list_shares

Lists department shares a tenant can access.

Input:

{"tenant_id": "tenant_123"}

list_share_files

Lists files in a share.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": ""
}

read_share_file

Reads a text file from a share.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": "notes/report.md",
  "offset": 0,
  "limit": 200
}

offset and limit are optional. limit: 0 returns all content allowed by the server.

stat_share_path

Stats a share path.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": "notes/report.md"
}

grep_share

Searches a share with a Go regular expression.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": "notes",
  "pattern": "invoice|receipt",
  "max": 50,
  "ignore_case": true
}

find_share_files

Finds share paths by optional glob pattern.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": ".",
  "name": "*.md",
  "max": 100
}

write_share_file

Writes or appends a file. Requires write access.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": "notes/report.md",
  "content": "text",
  "mode": "overwrite"
}

mode may be omitted for overwrite or set to append.

make_share_dir

Creates a directory. Requires write access.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": "notes"
}

move_share_path

Moves a file or directory inside a share. Requires write access.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "from": "draft.md",
  "to": "archive/draft.md"
}

remove_share_path

Removes a share path. Requires write access.

Input:

{
  "tenant_id": "tenant_123",
  "group_id": "division1",
  "path": "archive/draft.md",
  "recursive": false
}

recursive is required for non-empty directories.

Agent Cron Tools

list_tenant_crons

Lists tenant agent cron jobs.

Input:

{"tenant_id": "tenant_123"}

get_tenant_cron

Gets one cron job.

Input:

{
  "tenant_id": "tenant_123",
  "job_id": "job_123"
}

create_tenant_cron

Creates an agent cron job. The job object follows the active Hermes Agent cron schema.

Input:

{
  "tenant_id": "tenant_123",
  "job": {
    "name": "Daily summary",
    "schedule": "0 9 * * *",
    "prompt": "Summarize yesterday's updates"
  }
}

update_tenant_cron

Patches an existing cron job.

Input:

{
  "tenant_id": "tenant_123",
  "job_id": "job_123",
  "patch": {
    "enabled": false
  }
}

delete_tenant_cron

Deletes one cron job.

Input:

{
  "tenant_id": "tenant_123",
  "job_id": "job_123"
}

pause_tenant_cron

Pauses one cron job.

Input:

{
  "tenant_id": "tenant_123",
  "job_id": "job_123"
}

resume_tenant_cron

Resumes one cron job.

Input:

{
  "tenant_id": "tenant_123",
  "job_id": "job_123"
}

run_tenant_cron

Triggers one cron job immediately.

Input:

{
  "tenant_id": "tenant_123",
  "job_id": "job_123"
}

Settings Tools

get_tenant_impact_config

Gets the tenant-impacting Hub configuration view.

Input: {}.

patch_tenant_impact_config

Patches tenant-impacting configuration.

Input:

{"patch": {"feature": {"enabled": true}}}

The patch shape is defined by the Hub configuration schema.

get_agent_policy

Gets the hub-wide agent policy.

Input: {}.

put_agent_policy

Replaces the hub-wide agent policy document.

Input:

{"policy": {"features": {"enabled": []}}}

get_agent_specialization

Gets hosted-agent specialization text and status.

Input: {}.

put_agent_specialization

Sets hosted-agent specialization text.

Input:

{"content": "Default hosted-agent instructions."}

Context Sync Tool

sync_context

Copies a tenant context folder to a destination directory reachable by the MCP server process.

Input:

{
  "tenant_id": "tenant_123",
  "destination": "/sync/tenant_123",
  "dry_run": true,
  "delete": false
}

dry_run previews changes. delete removes destination files that are missing from the source and is permitted only when the server has been configured with an allowlisted destination root.

Safety Notes

  • Do not include bearer tokens in prompts, logs, or persisted MCP transcripts.
  • Treat all tool responses as tenant or operator data.
  • Use read-only tools first when exploring.
  • Mutating share tools require write access and should be used only for intentional updates.