Hermes Agent

How-To Guide

Hermes Tirith — Security Approval Workflow

Set up Tirith approval workflows so Hermes asks permission before running dangerous or sensitive commands.

Quick answer

Tirith is Hermes' approval system: when enabled, dangerous actions like file deletion, shell execution, or side-effecting API calls pause for your explicit approval before running. It's the line between a convenient agent and an unsupervised one with shell access — enable it on anything that touches real systems.

Tirith is Hermes's approval system — when enabled, dangerous commands like file deletion, shell execution, or API calls with side effects require your explicit approval before running. It's the difference between a powerful agent and an unsupervised one.

Deploy Hermes faster with FlyHermes

Managed cloud · API costs included · Skill library · Cancel anytime

Before you start:

  • Hermes Agent installed
  • A messaging channel configured (Telegram recommended for mobile approvals)
  • 'tirith: enabled: true' in config.yaml

Steps

  1. 1

    Enable Tirith

    Set tirith: enabled: true in config.yaml to activate the approval system

  2. 2

    Configure approval rules

    Define which commands need approval: shell execution, file deletion, API calls with side effects

  3. 3

    Set approval channel

    Choose where approval requests appear — Telegram, Discord, or CLI

  4. 4

    Approve or deny

    When Hermes needs approval, tap Approve or Deny on the inline button or reply /approve

  5. 5

    Configure auto-approve rules

    Set safe patterns that auto-approve: read-only commands, specific directories, trusted tools

Pro Tips

  • 💡Set up Tirith approvals on Telegram so you can approve commands from your phone wherever you are — tap Approve or Deny on the inline buttons
  • 💡Use auto-approve rules for safe read-only operations — 'ls', 'cat', and 'grep' don't need human approval
  • 💡Set a timeout for pending approvals (e.g. 5 minutes) — Hermes will deny and report back if you don't respond in time

Troubleshooting

Approval buttons not appearing in Telegram

Check that your Telegram bot has inline keyboard permissions. The bot token in config.yaml must match the bot you're messaging. Try /start in the bot chat to reinitialize.

Hermes runs commands without asking for approval

Check that 'tirith: enabled: true' is at the top level of config.yaml, not nested under another key. Run 'hermes config show | grep tirith' to verify it's being read.

Auto-approve rules are too permissive

Review your auto-approve patterns for overly broad matches. Prefer allowlisting specific safe commands over pattern wildcards.

FAQ

What does Tirith actually gate?

Dangerous, irreversible, or side-effecting actions — deleting files, running shell commands, calling APIs that change state. Those pause for your approval; safe reads proceed normally.

Should I always run Tirith?

Enable it wherever the agent touches real systems or runs unattended-but-reachable. Turn it down only in fully sandboxed, throwaway environments where mistakes can't cause harm.

Does Tirith slow the agent down?

It adds an approval step on risky actions, which is the point. For autonomous workflows, scope approvals to genuinely dangerous operations so routine work still flows.

Related Guides