集成指南
clavitor + Hermes Agent
Nous Research's open-source autonomous agent runs on your server, remembers what it learns, and gets more capable the longer it runs. Pair it with Clavitor so every credential it touches is scoped, audited, and revocable.
What Hermes sees
共享字段
Hermes reads these via the CLI skill to navigate, deploy, and authenticate.
- API keys (OpenRouter, model providers, GitHub, AWS, Stripe...)
- SSH 主机凭证
- 数据库连接字符串
- TOTP 种子——按需获取实时双因素认证码
- 服务账户密码
What Hermes never sees
个人字段
使用您的指纹、面容或安全密钥在客户端进行加密。服务器仅存储密文。无密钥,则无法访问。
- 信用卡号及 CVV
- 护照及政府身份证件
- 恢复码及助记词
- 社会安全号码
- 银行账户详情
Hermes runs on your server. So does the CLI.
Hermes installs with one curl on Linux, macOS, or WSL2. It runs continuously, holds curated memory across sessions, and auto-creates skills. Drop the Clavitor CLI on the same host and any skill that needs a credential calls it.
1. Create an agent token
Open your vault → Agents → Create. Name it "Hermes" and choose which entries it can access. Copy the setup token.
Each agent gets its own scope, rate limits, and audit lineage. Hermes runs as one agent identity; the audit log tags every access as cli:hermes.
2. Initialize the CLI on the Hermes host
$ echo "$CLAVITOR_TOKEN" | clavitor-cli init
3. Resolve credentials inside a skill
Any Hermes skill (Python, Bash, anything it shells out to) reads credentials at the moment it needs them. The secret never lives in Hermes's memory or in its skill source code:
# Inside a Hermes skill
import subprocess
key = subprocess.check_output(
["clavitor-cli", "get", "OpenRouter", "--field", "key"]
).decode().strip()
# Use key, scrub it after the callGateways — Telegram, Discord, Slack, WhatsApp, Signal
Hermes connects to messaging platforms through a single gateway process. Store the platform tokens in Clavitor instead of in Hermes config files. Render the gateway config at startup:
{
"telegram": { "token": "clavitor://Hermes Gateway/telegram_bot_token" },
"discord": { "token": "clavitor://Hermes Gateway/discord_bot_token" },
"slack": { "token": "clavitor://Hermes Gateway/slack_bot_token" }
}$ clavitor-cli render hermes-gateway.json | hermes-agent start --config -
The committed template carries clavitor:// references; the resolved JSON lives only in the pipe between render and hermes-agent. Secrets never touch disk.
Browser automation with the proxy
Hermes can drive a real browser — navigate, click, type, screenshot. When a workflow signs into an external API, point Hermes at the Clavitor proxy and write the credential as a reference in the request header. The agent and the browser never see the secret:
$ export HTTPS_PROXY=http://localhost:1983 $ hermes-agent task "post a status update to our CMS" # Hermes's HTTP calls go through the proxy. # The CMS auth header is set to clavitor://Client CMS/api_key; # the proxy resolves it on the wire.
Hermes Memory + Clavitor Memory
Hermes has its own curated long-term memory. Use Clavitor's encrypted Memory entries for anything Hermes shouldn't keep in its own store — recovery procedures, customer-specific runbooks, anything that should survive a fresh Hermes install:
# From any Hermes skill
$ clavitor-cli memory put --title "Deploy runbook" \
--content "$(cat deploy-runbook.md)"
# Later — recall by semantic similarity, not keyword
$ clavitor-cli memory search "how do we roll back the API gateway?"Clavitor Memory is end-to-end encrypted, syncs across devices, and the vault searches by vector without ever decrypting the text. Hermes adds the embedding when it writes; Hermes sends an embedding when it queries.
所有访问操作均会被记录
The audit log records which agent accessed which credential, when, and from where. Hermes activity is distinguishable from human activity on every line.
# TIME ACTION ENTRY ACTOR 2026-03-08 10:23:14 read openrouter cli:hermes 2026-03-08 10:23:15 read telegram-bot cli:hermes 2026-03-08 11:45:02 read aws-production cli:deploy-agent 2026-03-08 14:12:33 render - cli:hermes