hermes-action-bridge
Allows delegation of real-world actions to Hermes Agent, including research, scheduling, browser workflows, messaging, and skill execution, through a configurable bridge.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@hermes-action-bridgeFind the best next action from this repository context."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Hermes Action Bridge
A configurable bridge that lets external agents delegate real-world actions to Hermes Agent without reimplementing Hermes skills, tools, platform integrations, browser automation, cron jobs, or messaging flows.
Use it from Claude Code, Codex, Cursor, CI jobs, shell scripts, or any MCP-capable client.
external agent -> hermes-action -> Hermes Agent -> skills/tools/integrationsWhy this exists
Coding agents are good at understanding a repository. They should not duplicate your automation stack.
If an agent needs to do something outside its local coding session — research, schedule a job, open a browser workflow, send a message, prepare a social post, use a Hermes skill, or coordinate with a messaging gateway — it can delegate that request to Hermes through this bridge.
Related MCP server: Tesseron
Features
Generic
hermes-action runcommand for one-shot delegation.Configurable presets for skills, toolsets, provider/model, profile, source, and max turns.
Safety policy that can downgrade risky
executerequests torequest-approval, with optional per-preset overrides.Explicit
--yolomode for users who intentionally want to bypass bridge-level policy.Context file injection with a per-file cap and a configurable aggregate budget (clear error instead of a cryptic
E2BIG).Automatic large-context delivery: an oversized prompt is handed to Hermes through a secure temp file instead of overflowing the command line.
Per-run timeouts (configurable, with per-mode defaults) that always reap the Hermes child process.
Dry-run mode for debugging the exact Hermes command, prompt, and computed prompt size.
Minimal MCP server exposing delegation tools:
hermes_run,hermes_plan,hermes_presets, andhermes_status.No project-specific assumptions. All behavior is configured through YAML and CLI flags.
Requirements
Node.js 20 or newer.
Hermes Agent installed and available as
hermes, or configured with a custom command path.
Check Hermes:
hermes --versionInstallation
Install from npm:
npm install -g hermes-action-bridgeThen check it works:
hermes-action --version
hermes-action doctorgit clone https://github.com/TheBlueHouse75/hermes-action-bridge.git
cd hermes-action-bridge
npm install
npm run build
npm linkQuick start
Create a config file in your project:
hermes-action initAsk Hermes for a safe plan:
hermes-action run --mode plan "Find the best next action from this repository context."Delegate with a context file:
hermes-action run \
--preset research \
--context ./notes.md \
"Analyze this and return the next concrete action."Run a dry-run to inspect what will be sent to Hermes:
hermes-action run --dry-run --json "Summarize this project."Execution modes
plan: Hermes returns a plan only. No side effects.draft: Hermes produces an artifact only. No external side effects.execute: Hermes may execute allowed actions, while still following Hermes' own safety rules.request-approval: Hermes prepares the action and asks the human for approval before irreversible external effects.
If the bridge detects a risky request in execute mode, it can automatically switch to request-approval unless YOLO is enabled.
Risk categories:
publish_externalsend_messagesend_emaildeletepaymentgit_pushcredential_change
YOLO mode
YOLO mode is off by default.
hermes-action run --yolo --mode execute "Do the task now."YOLO only bypasses the bridge policy. It does not remove Hermes Agent's own safety rules, provider/tool approval prompts, or platform constraints.
Use it only when the caller and environment are trusted.
Configuration
hermes-action loads config in this order:
CLI flags > project .hermes-action.yaml > user config > built-in defaultsUser config path:
~/.config/hermes-action/config.yamlProject config path:
.hermes-action.yamlExample:
runtime:
adapter: hermes-cli
command: hermes
# Aggregate budget across all --context files, in bytes (default ~768 KiB).
# Raising this above ~896 KiB switches large prompts to temp-file delivery.
max_context_bytes: 786432
# Optional overall per-run timeout in seconds. When unset, per-mode defaults
# apply: 180s for plan/draft, 600s for execute/request-approval.
# timeout_seconds: 600
defaults:
mode: plan
source: external-agent
max_turns: 30
preset: default
presets:
default:
description: No extra skills or toolsets. Uses the active Hermes profile.
skills: []
toolsets: []
research:
description: General research and synthesis.
skills: []
toolsets: [web, terminal, file]
# Per-preset override: relax approvals for a trusted preset.
# An empty list never downgrades execute to request-approval.
# require_approval_for: []
coding:
description: Repository inspection and runtime validation.
skills: [developer-assurance-and-validation, runtime-debugging]
toolsets: [terminal, file]
policy:
yolo: false
# Global default; a preset's own require_approval_for takes precedence when set.
require_approval_for:
- publish_external
- send_message
- send_email
- delete
- payment
- git_push
- credential_changeLimits, timeouts, and large context
The bridge builds one prompt envelope (policy header + your request + every <context> block) and hands it to Hermes. Two guardrails keep that reliable:
Aggregate context budget (
runtime.max_context_bytes, default ~768 KiB, plus a fixed 250 KiB per-file cap). Exceeding it fails fast with an actionable message —Context total N bytes exceeds the limit ... Split your handoff or raise runtime.max_context_bytes.— instead of a crypticE2BIGspawn crash. The default leaves headroom under the operating system's argument-size limit.Large-context delivery. If you raise the budget and the envelope grows past ~896 KiB, the adapter writes it to a
0600temp file and tells Hermes to read that file (injecting afiletoolset for the call). This sidesteps the OS argument limit. Two caveats: it adds one tool-calling turn, and the real ceiling becomes the model's context window — a multi-megabyte file may only be partially read. The temp file is removed after the run; only an uncatchable kill of the bridge process itself could leave it behind (mitigated by the0600mode and the OS temp reaper).
Every run is bounded by a timeout (default 180s for plan/draft, 600s for execute/request-approval). Override per run with --timeout <seconds> or globally with runtime.timeout_seconds. On expiry the Hermes child is sent SIGTERM, then SIGKILL after a short grace, and the result is marked as timed out.
hermes-action doctor prints the effective limits, and hermes-action run --dry-run --json reports the computed prompt size (promptBytes, promptChars) and whether delivery would use argv or a temp-file.
CLI reference
hermes-action init [--file .hermes-action.yaml] [--force]
hermes-action run [options] "request"
hermes-action presets [--json]
hermes-action status [--json]
hermes-action mcp
hermes-action install <claude-code|codex|all|mcp> [options]
hermes-action uninstall <claude-code|codex|all|mcp> [options]
hermes-action doctor [--json] [--probe]Common run options:
--mode <plan|draft|execute|request-approval>
--preset <name>
--context <path...>
--config <path>
--profile <name>
--provider <name>
--model <name>
--max-turns <number>
--timeout <seconds>
--source <name>
--yolo
--dry-run
--jsonNative agent skills
Instead of pasting instructions by hand, install a native skill so Claude Code and Codex know when to delegate to Hermes. The skill is the same open-standard SKILL.md for both agents; the CLI stays the deterministic execution layer.
hermes-action doctor # check Node, Hermes, agents, and installed skills
hermes-action install all # ~/.claude/skills and ~/.codex/skills
hermes-action install claude-code --print # preview, write nothing
hermes-action install codex --project-hint # also add a marker block to AGENTS.md
hermes-action uninstall allInstall behavior is safe by default: it never modifies CLAUDE.md / AGENTS.md unless you pass --project-hint, refuses to overwrite a file it did not generate, and is idempotent. Use --project for a project-local skill and --dry-run to preview operations.
The generated skill is shown in examples/claude-code/SKILL.md. Project-hint usage is documented in examples/claude-code/CLAUDE.md and examples/codex/AGENTS.md.
Codex plugin (one-line install)
Codex users can install the delegation skill and the MCP server together as a plugin:
codex plugin marketplace add TheBlueHouse75/hermes-action-bridge
codex plugin add hermes-action@hermes-action-bridgeThis registers the hermes-action MCP server and the Hermes delegation skill in Codex. Hermes Agent must be installed locally — the plugin runs npx -y hermes-action-bridge mcp.
MCP configuration
Print the config snippet for your client (Claude Code / Cursor / VS Code use JSON; Codex uses TOML):
hermes-action install mcpFor Claude Code, write or merge the project .mcp.json directly (preserving other servers):
hermes-action install mcp --writeOr configure it by hand:
{
"mcpServers": {
"hermes-action": {
"command": "hermes-action",
"args": ["mcp"]
}
}
}Direct delegation
You can always call the bridge directly, without a skill:
hermes-action run --mode plan "Ask Hermes what should happen next."
hermes-action run \
--preset coding \
--context ./codex-notes.md \
"Use Hermes to validate this plan and identify missing runtime checks."MCP tools
Run:
hermes-action mcpExposed tools:
hermes_run: delegate a request to Hermes.hermes_plan: shortcut forhermes_runwithmode=plan.hermes_presets: list configured presets.hermes_status: check the configured Hermes runtime command.
The MCP surface is intentionally small. The bridge delegates to Hermes instead of exposing every Hermes tool one by one.
Development
npm install
npm run build
npm run test
npm run checkFunctional tests use a fake Hermes binary to verify command construction, prompt wrapping, risk policy, and YOLO behavior without spending LLM credits.
Documentation
Architecture: module map, config precedence, modes, policy, and MCP design.
Functional testing: automated tests and live smoke-test procedures.
Contributing: local setup, development rules, and release checklist.
Changelog: release history.
Security policy: how to report a vulnerability.
Security notes
Do not put secrets in
.hermes-action.yaml.Keep provider credentials in Hermes Agent, your OS keychain, or the relevant platform's secure store.
Use
request-approvalfor public posting, outbound email/messages, deletes, payments, credential changes, and git pushes.Treat
--yoloas a trusted-local-mode escape hatch, not as a default.
Also by the author
Built by Cyril Guilleminot, who also makes offline-first voice tools:
Weesper Neon Flow — speak text into any app at 3× typing speed, fully offline (macOS & Windows).
Weesper Transcribe — offline transcription on the macOS App Store.
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/TheBlueHouse75/hermes-action-bridge'
If you have feedback or need assistance with the MCP directory API, please join our Discord server