hermes-web-ui
agent
Fail
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 176 GitHub stars
Code Fail
- execSync — Synchronous shell command execution in bin/hermes-web-ui.mjs
- process.env — Environment variable access in bin/hermes-web-ui.mjs
- network request — Outbound network request in package.json
- process.env — Environment variable access in server/src/config.ts
- network request — Outbound network request in server/src/index.ts
- network request — Outbound network request in server/src/routes/filesystem.ts
- network request — Outbound network request in server/src/routes/proxy-handler.ts
- process.env — Environment variable access in server/src/routes/terminal.ts
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides a comprehensive web dashboard for managing the Hermes AI agent. It allows users to handle multi-platform chat sessions, monitor usage analytics, configure platform channels like Discord and Telegram, and manage scheduled cron jobs from a single interface.
Security Assessment
Risk Rating: Medium. The application requires careful configuration as it handles sensitive operations. It actively accesses environment variables to manage credentials and makes several outbound network requests, which is expected for a tool communicating across multiple external platforms. A significant security finding is its use of synchronous shell command execution in its core binary. While potentially necessary for terminal routing or application management, unfiltered shell execution creates a potential attack surface for command injection if exposed. The tool reads and writes directly to local configuration files (`~/.hermes/auth.json`, etc.), meaning it regularly accesses sensitive data like API keys and platform tokens. However, no hardcoded secrets or overly dangerous system permissions were detected during the scan.
Quality Assessment
The project demonstrates strong community interest and excellent maintenance health, evidenced by 176 GitHub stars and a very recent last push (zero days ago). The README is detailed and clearly outlines the extensive feature set. However, the repository completely lacks a valid license file. Even though the README features a broken badge link to a license, the actual rule-based scan confirms it is missing. This is a critical oversight for an open-source project, as it legally prevents other developers or organizations from safely using, modifying, or distributing the code.
Verdict
Use with caution — the active shell execution and missing license require strict security review before deployment.
This tool provides a comprehensive web dashboard for managing the Hermes AI agent. It allows users to handle multi-platform chat sessions, monitor usage analytics, configure platform channels like Discord and Telegram, and manage scheduled cron jobs from a single interface.
Security Assessment
Risk Rating: Medium. The application requires careful configuration as it handles sensitive operations. It actively accesses environment variables to manage credentials and makes several outbound network requests, which is expected for a tool communicating across multiple external platforms. A significant security finding is its use of synchronous shell command execution in its core binary. While potentially necessary for terminal routing or application management, unfiltered shell execution creates a potential attack surface for command injection if exposed. The tool reads and writes directly to local configuration files (`~/.hermes/auth.json`, etc.), meaning it regularly accesses sensitive data like API keys and platform tokens. However, no hardcoded secrets or overly dangerous system permissions were detected during the scan.
Quality Assessment
The project demonstrates strong community interest and excellent maintenance health, evidenced by 176 GitHub stars and a very recent last push (zero days ago). The README is detailed and clearly outlines the extensive feature set. However, the repository completely lacks a valid license file. Even though the README features a broken badge link to a license, the actual rule-based scan confirms it is missing. This is a critical oversight for an open-source project, as it legally prevents other developers or organizations from safely using, modifying, or distributing the code.
Verdict
Use with caution — the active shell execution and missing license require strict security review before deployment.
Web dashboard for Hermes Agent — multi-platform AI chat, session management, scheduled jobs, usage analytics & channel configuration (Telegram, Discord, Slack, WhatsApp)
README.md
Hermes Web UI
A full-featured web dashboard for Hermes Agent.
Manage AI chat sessions, monitor usage & costs, configure platform channels,
schedule cron jobs, browse skills — all from a clean, responsive web interface.
npm install -g hermes-web-ui && hermes-web-ui start
Mobile
Features
AI Chat
- Real-time streaming via SSE with async run support
- Multi-session management — create, rename, delete, switch between sessions
- Session grouping by source (Telegram, Discord, Slack, etc.) with collapsible accordion
- Markdown rendering with syntax highlighting and code copy
- Tool call detail expansion (arguments / result)
- File upload support
- Global model selector — discovers models from
~/.hermes/auth.jsoncredential pool - Per-session model display badge and context token usage
Platform Channels
Unified configuration for 8 platforms in one page:
| Platform | Features |
|---|---|
| Telegram | Bot token, mention control, reactions, free-response chats |
| Discord | Bot token, mention, auto-thread, reactions, channel allow/ignore lists |
| Slack | Bot token, mention control, bot message handling |
| Enable/disable, mention control, mention patterns | |
| Matrix | Access token, homeserver, auto-thread, DM mention threads |
| Feishu (Lark) | App ID / Secret, mention control |
| QR code login (scan in browser, auto-save credentials) | |
| WeCom | Bot ID / Secret |
- Credential management writes to
~/.hermes/.env - Channel behavior settings write to
~/.hermes/config.yaml - Auto gateway restart on config change
- Per-platform configured/unconfigured status detection
Usage Analytics
- Total token usage breakdown (input / output)
- Session count with daily average
- Estimated cost tracking & cache hit rate
- Model usage distribution chart
- 30-day daily trend (bar chart + data table)
Scheduled Jobs
- Create, edit, pause, resume, delete cron jobs
- Trigger immediate execution
- Cron expression quick presets
Model Management
- Auto-discover models from credential pool (
~/.hermes/auth.json) - Fetch available models from each provider endpoint (
/v1/models) - Add custom OpenAI-compatible providers
- Provider-level model grouping
Skills & Memory
- Browse and search installed skills
- View skill details and attached files
- User notes and profile management
Logs
- View agent / gateway / error logs
- Filter by log level, log file, and keyword
- Structured log parsing with HTTP access log highlighting
Settings
- Display (streaming, compact mode, reasoning, cost display)
- Agent (max turns, timeout, tool enforcement)
- Memory (enable/disable, char limits)
- Session reset (idle timeout, scheduled reset)
- Privacy (PII redaction)
- API server configuration
Quick Start
npm (Recommended)
npm install -g hermes-web-ui
hermes-web-ui start
One-line Setup (Auto-detect OS)
Automatically installs Node.js (if missing) and hermes-web-ui on Debian/Ubuntu/macOS:
bash <(curl -fsSL https://cdn.jsdelivr.net/gh/EKKOLearnAI/hermes-web-ui@main/scripts/setup.sh)
WSL
bash <(curl -fsSL https://cdn.jsdelivr.net/gh/EKKOLearnAI/hermes-web-ui@main/scripts/setup.sh)
hermes-web-ui start
WSL auto-detects and uses
hermes gateway runfor background startup (no launchd/systemd).
CLI Commands
| Command | Description |
|---|---|
hermes-web-ui start |
Start in background (daemon mode) |
hermes-web-ui start --port 9000 |
Start on custom port |
hermes-web-ui stop |
Stop background process |
hermes-web-ui restart |
Restart background process |
hermes-web-ui status |
Check if running |
hermes-web-ui update |
Update to latest version & restart |
hermes-web-ui -v |
Show version number |
hermes-web-ui -h |
Show help message |
Auto Configuration
On startup the BFF server automatically:
- Validates
~/.hermes/config.yamland fills missingapi_serverfields - Backs up original config to
config.yaml.bakif modified - Detects and starts the gateway if needed
- Resolves port conflicts (kills stale processes)
- Opens browser on successful startup
Development
git clone https://github.com/EKKOLearnAI/hermes-web-ui.git
cd hermes-web-ui
npm install
npm run dev
- Frontend: http://localhost:5173
- BFF Server: http://localhost:8648 (proxies to Hermes on 8642)
npm run build # outputs to dist/
Architecture
Browser → BFF (Koa, :8648) → Hermes API (:8642)
↓
Hermes CLI (sessions, logs, version)
↓
~/.hermes/config.yaml (channel behavior)
~/.hermes/.env (platform credentials)
Tencent iLink API (WeChat QR login)
The BFF layer handles API proxy, SSE streaming, file upload, session CRUD via CLI, config/credential management, WeChat QR login, model discovery, skills/memory management, log reading, and static file serving.
Tech Stack
Frontend: Vue 3 + TypeScript + Vite + Naive UI + Pinia + Vue Router + vue-i18n + SCSS + markdown-it + highlight.js
Backend: Koa 2 (BFF server) + node-pty (web terminal)
License
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found