How-To Guide
Hermes Tirith — Security Approval Workflow
Set up Tirith approval workflows so Hermes asks permission before running dangerous or sensitive commands.
Quick answer
Tirith is Hermes' approval system: when enabled, dangerous actions like file deletion, shell execution, or side-effecting API calls pause for your explicit approval before running. It's the line between a convenient agent and an unsupervised one with shell access — enable it on anything that touches real systems.
Tirith is Hermes's approval system — when enabled, dangerous commands like file deletion, shell execution, or API calls with side effects require your explicit approval before running. It's the difference between a powerful agent and an unsupervised one.
Managed cloud · API costs included · Skill library · Cancel anytime
Before you start:
- ☑Hermes Agent installed
- ☑A messaging channel configured (Telegram recommended for mobile approvals)
- ☑'tirith: enabled: true' in config.yaml
Steps
- 1
Enable Tirith
Set tirith: enabled: true in config.yaml to activate the approval system
- 2
Configure approval rules
Define which commands need approval: shell execution, file deletion, API calls with side effects
- 3
Set approval channel
Choose where approval requests appear — Telegram, Discord, or CLI
- 4
Approve or deny
When Hermes needs approval, tap Approve or Deny on the inline button or reply /approve
- 5
Configure auto-approve rules
Set safe patterns that auto-approve: read-only commands, specific directories, trusted tools
Pro Tips
- 💡Set up Tirith approvals on Telegram so you can approve commands from your phone wherever you are — tap Approve or Deny on the inline buttons
- 💡Use auto-approve rules for safe read-only operations — 'ls', 'cat', and 'grep' don't need human approval
- 💡Set a timeout for pending approvals (e.g. 5 minutes) — Hermes will deny and report back if you don't respond in time
Troubleshooting
❌ Approval buttons not appearing in Telegram
✅ Check that your Telegram bot has inline keyboard permissions. The bot token in config.yaml must match the bot you're messaging. Try /start in the bot chat to reinitialize.
❌ Hermes runs commands without asking for approval
✅ Check that 'tirith: enabled: true' is at the top level of config.yaml, not nested under another key. Run 'hermes config show | grep tirith' to verify it's being read.
❌ Auto-approve rules are too permissive
✅ Review your auto-approve patterns for overly broad matches. Prefer allowlisting specific safe commands over pattern wildcards.
FAQ
What does Tirith actually gate?
Dangerous, irreversible, or side-effecting actions — deleting files, running shell commands, calling APIs that change state. Those pause for your approval; safe reads proceed normally.
Should I always run Tirith?
Enable it wherever the agent touches real systems or runs unattended-but-reachable. Turn it down only in fully sandboxed, throwaway environments where mistakes can't cause harm.
Does Tirith slow the agent down?
It adds an approval step on risky actions, which is the point. For autonomous workflows, scope approvals to genuinely dangerous operations so routine work still flows.