technology-document/AI技术/hermes-agent.md

# Hermes Agent 0.9.0

https://hermes-agent.nousresearch.com/docs/user-guide/docker?_highlight=docker#docker-compose-example

1.95.126.170    

## 部署

​    /www/hermes/docker-compose.yml

```yml
services:
  hermes:
    image: nousresearch/hermes-agent:latest
    container_name: hermes
    restart: unless-stopped
    command: gateway run
    ports:
      - "8642:8642"
    volumes:
      - ~/.hermes:/opt/data
    networks:
      - hermes-net
    # Uncomment to forward specific env vars instead of using .env file:
    # environment:
    #   - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
    #   - OPENAI_API_KEY=${OPENAI_API_KEY}
    #   - TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}
    deploy:
      resources:
        limits:
          memory: 4G
          cpus: "2.0"

  dashboard:
    image: nousresearch/hermes-agent:latest
    container_name: hermes-dashboard
    restart: unless-stopped
    command: dashboard --host 0.0.0.0  --insecure
    ports:
      - "9119:9119"
    volumes:
      - ~/.hermes:/opt/data
    environment:
      - GATEWAY_HEALTH_URL=http://hermes:8642
    networks:
      - hermes-net
    depends_on:
      - hermes
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: "0.5"

networks:
  hermes-net:
    driver: bridge
```

## 配置

cat ~/.hermes/.env     配置仪表盘、模型、消息平台

```ini
# Hermes Agent Environment Configuration
# Copy this file to .env and fill in your API keys

# =============================================================================
# LLM PROVIDER (OpenRouter)
# =============================================================================
# OpenRouter provides access to many models through one API
# All LLM calls go through OpenRouter - no direct provider keys needed
# Get your key at: https://openrouter.ai/keys
# OPENROUTER_API_KEY=

# Default model is configured in ~/.hermes/config.yaml (model.default).
# Use 'hermes model' or 'hermes setup' to change it.
# LLM_MODEL is no longer read from .env — this line is kept for reference only.
# LLM_MODEL=anthropic/claude-opus-4.6

# =============================================================================
# LLM PROVIDER (Google AI Studio / Gemini)
# =============================================================================
# Native Gemini API via Google's OpenAI-compatible endpoint.
# Get your key at: https://aistudio.google.com/app/apikey
# GOOGLE_API_KEY=your_google_ai_studio_key_here
# GEMINI_API_KEY=your_gemini_key_here  # alias for GOOGLE_API_KEY
# Optional base URL override (default: Google's OpenAI-compatible endpoint)
# GEMINI_BASE_URL=https://generativelanguage.googleapis.com/v1beta/openai

# =============================================================================
# LLM PROVIDER (z.ai / GLM)
# =============================================================================
# z.ai provides access to ZhipuAI GLM models (GLM-4-Plus, etc.)
# Get your key at: https://z.ai or https://open.bigmodel.cn
# GLM_API_KEY=
# GLM_BASE_URL=https://api.z.ai/api/paas/v4  # Override default base URL

# =============================================================================
# LLM PROVIDER (Kimi / Moonshot)
# =============================================================================
# Kimi Code provides access to Moonshot AI coding models (kimi-k2.5, etc.)
# Get your key at: https://platform.kimi.ai (Kimi Code console)
# Keys prefixed sk-kimi- use the Kimi Code API (api.kimi.com) by default.
# Legacy keys from platform.moonshot.ai need KIMI_BASE_URL override below.
# KIMI_API_KEY=
# KIMI_BASE_URL=https://api.kimi.com/coding/v1  # Default for sk-kimi- keys
# KIMI_BASE_URL=https://api.moonshot.ai/v1      # For legacy Moonshot keys
# KIMI_BASE_URL=https://api.moonshot.cn/v1       # For Moonshot China keys
# KIMI_CN_API_KEY=                               # Dedicated Moonshot China key

# =============================================================================
# LLM PROVIDER (Arcee AI)
# =============================================================================
# Arcee AI provides access to Trinity models (trinity-mini, trinity-large-*)
# Get an Arcee key at: https://chat.arcee.ai/
# ARCEEAI_API_KEY=
# ARCEE_BASE_URL=                                 # Override default base URL

# =============================================================================
# LLM PROVIDER (MiniMax)
# =============================================================================
# MiniMax provides access to MiniMax models (global endpoint)
# Get your key at: https://www.minimax.io
# MINIMAX_API_KEY=
# MINIMAX_BASE_URL=https://api.minimax.io/v1  # Override default base URL

# MiniMax China endpoint (for users in mainland China)
# MINIMAX_CN_API_KEY=
# MINIMAX_CN_BASE_URL=https://api.minimaxi.com/v1  # Override default base URL

# =============================================================================
# LLM PROVIDER (OpenCode Zen)
# =============================================================================
# OpenCode Zen provides curated, tested models (GPT, Claude, Gemini, MiniMax, GLM, Kimi)
# Pay-as-you-go pricing. Get your key at: https://opencode.ai/auth
# OPENCODE_ZEN_API_KEY=
# OPENCODE_ZEN_BASE_URL=https://opencode.ai/zen/v1  # Override default base URL
A

# =============================================================================
# LLM PROVIDER (OpenCode Go)
# =============================================================================
# OpenCode Go provides access to open models (GLM-5, Kimi K2.5, MiniMax M2.5)
# A
# $10/month subscription. Get your key at: https://opencode.ai/auth
# OPENCODE_GO_API_KEY=

# =============================================================================
# LLM PROVIDER (Hugging Face Inference Providers)
# =============================================================================
# Hugging Face routes to 20+ open models via unified OpenAI-compatible endpoint.
# Free tier included ($0.10/month), no markup on provider rates.
# Get your token at: https://huggingface.co/settings/tokens
# Required permission: "Make calls to Inference Providers"
# HF_TOKEN=
# OPENCODE_GO_BASE_URL=https://opencode.ai/zen/go/v1  # Override default base URL

# =============================================================================
# LLM PROVIDER (Qwen OAuth)
# =============================================================================
# Qwen OAuth reuses your local Qwen CLI login (qwen auth qwen-oauth).
# No API key needed — credentials come from ~/.qwen/oauth_creds.json.
# Optional base URL override:
# HERMES_QWEN_BASE_URL=https://portal.qwen.ai/v1

# =============================================================================
# LLM PROVIDER (Xiaomi MiMo)
# =============================================================================
# Xiaomi MiMo models (mimo-v2-pro, mimo-v2-omni, mimo-v2-flash).
# Get your key at: https://platform.xiaomimimo.com
# XIAOMI_API_KEY=your_key_here
# Optional base URL override:
# XIAOMI_BASE_URL=https://api.xiaomimimo.com/v1

# =============================================================================
# TOOL API KEYS
# =============================================================================

# Exa API Key - AI-native web search and contents
# Get at: https://exa.ai
# EXA_API_KEY=

# Parallel API Key - AI-native web search and extract
# Get at: https://parallel.ai
# PARALLEL_API_KEY=

# Firecrawl API Key - Web search, extract, and crawl
# Get at: https://firecrawl.dev/
# FIRECRAWL_API_KEY=


# FAL.ai API Key - Image generation
# Get at: https://fal.ai/
# FAL_KEY=

# Honcho - Cross-session AI-native user modeling (optional)
# Builds a persistent understanding of the user across sessions and tools.
# Get at: https://app.honcho.dev
# Also requires ~/.honcho/config.json with enabled=true (see README).
# HONCHO_API_KEY=

# =============================================================================
# TERMINAL TOOL CONFIGURATION
# =============================================================================
# Backend type: "local", "singularity", "docker", "modal", or "ssh"
# Terminal backend is configured in ~/.hermes/config.yaml (terminal.backend).
# Use 'hermes setup' or 'hermes config set terminal.backend docker' to change.
# Supported: local, docker, singularity, modal, ssh
#
# Only override here if you need to force a backend without touching config.yaml:
# TERMINAL_ENV=local

# Override the container runtime binary (e.g. to use Podman instead of Docker).
# Useful on systems where Docker's storage driver is broken or unavailable.
# HERMES_DOCKER_BINARY=/usr/local/bin/podman

# Container images (for singularity/docker/modal backends)
# TERMINAL_DOCKER_IMAGE=nikolaik/python-nodejs:python3.11-nodejs20
# TERMINAL_SINGULARITY_IMAGE=docker://nikolaik/python-nodejs:python3.11-nodejs20
TERMINAL_MODAL_IMAGE=nikolaik/python-nodejs:python3.11-nodejs20


# Working directory for terminal commands
# For local backend: "." means current directory (resolved automatically)
# For remote backends (ssh/docker/modal/singularity): use an absolute path
#   INSIDE the target environment, or leave unset for the backend's default
#   (/root for modal, / for docker, ~ for ssh). Do NOT use a host-local path.
# Usually managed by config.yaml (terminal.cwd) — uncomment to override
# TERMINAL_CWD=.

# Default command timeout in seconds
TERMINAL_TIMEOUT=60

# Cleanup inactive environments after this many seconds
TERMINAL_LIFETIME_SECONDS=300

# =============================================================================
# SSH REMOTE EXECUTION (for TERMINAL_ENV=ssh)
# =============================================================================
# Run terminal commands on a remote server via SSH.
# Agent code stays on your machine, commands execute remotely.
#
# SECURITY BENEFITS:
# - Agent cannot read your .env file (API keys protected)
# - Agent cannot modify its own code
# - Remote server acts as isolated sandbox
# - Can safely configure passwordless sudo on remote
#
# TERMINAL_SSH_HOST=192.168.1.100
# TERMINAL_SSH_USER=agent
# TERMINAL_SSH_PORT=22
# TERMINAL_SSH_KEY=~/.ssh/id_rsa

# =============================================================================
# SUDO SUPPORT (works with ALL terminal backends)
# =============================================================================
# If set, enables sudo commands by piping password via `sudo -S`.
# Works with: local, docker, singularity, modal, and ssh backends.
# 
# SECURITY WARNING: Password stored in plaintext. Only use on trusted machines.
# 
# ALTERNATIVES:
# - For SSH backend: Configure passwordless sudo on the remote server
# - For containers: Run as root inside the container (no sudo needed)
# - For local: Configure /etc/sudoers for specific commands
# - For CLI: Leave unset - you'll be prompted interactively with 45s timeout
#
# SUDO_PASSWORD=your_password_here

# =============================================================================
# MODAL CLOUD BACKEND (Optional - for TERMINAL_ENV=modal)
# =============================================================================
# Modal uses CLI authentication, not environment variables.
# Run: pip install modal && modal setup
# This will authenticate via browser and store credentials locally.
# No API key needed in .env - Modal handles auth automatically.

# =============================================================================
# BROWSER TOOL CONFIGURATION (agent-browser + Browserbase)
# =============================================================================
# Browser automation requires Browserbase cloud service for remote browser execution.
# This allows the agent to navigate websites, fill forms, and extract information.
#
# STEALTH MODES:
# - Basic Stealth: ALWAYS active (random fingerprints, auto CAPTCHA solving)
# - Advanced Stealth: Requires BROWSERBASE_ADVANCED_STEALTH=true (Scale Plan only)

# Browserbase API Key - Cloud browser execution
# Get at: https://browserbase.com/
# BROWSERBASE_API_KEY=

# Browserbase Project ID - From your Browserbase dashboard
# BROWSERBASE_PROJECT_ID=

# Enable residential proxies for better CAPTCHA solving (default: true)
# Routes traffic through residential IPs, significantly improves success rate
BROWSERBASE_PROXIES=true

# Enable advanced stealth mode (default: false, requires Scale Plan)
# Uses custom Chromium build to avoid bot detection altogether
BROWSERBASE_ADVANCED_STEALTH=false

# Browser session timeout in seconds (default: 300)
# Sessions are cleaned up after this duration of inactivity
BROWSER_SESSION_TIMEOUT=300

# Browser inactivity timeout - auto-cleanup inactive sessions (default: 120 = 2 min)
# Browser sessions are automatically closed after this period of no activity
BROWSER_INACTIVITY_TIMEOUT=120

# =============================================================================
# SESSION LOGGING
# =============================================================================
# Session trajectories are automatically saved to logs/ directory
# Format: logs/session_YYYYMMDD_HHMMSS_UUID.json
# Contains full conversation history in trajectory format for debugging/replay

# =============================================================================
# VOICE TRANSCRIPTION & OPENAI TTS
# =============================================================================
# Required for voice message transcription (Whisper) and OpenAI TTS voices.
# Uses OpenAI's API directly (not via OpenRouter).
# Named VOICE_TOOLS_OPENAI_KEY to avoid interference with OpenRouter.
# Get at: https://platform.openai.com/api-keys
# VOICE_TOOLS_OPENAI_KEY=

# =============================================================================
# SLACK INTEGRATION
# =============================================================================
# Slack Bot Token - From Slack App settings (OAuth & Permissions)
# Get at: https://api.slack.com/apps
# SLACK_BOT_TOKEN=xoxb-...

# Slack App Token - For Socket Mode (App-Level Tokens in Slack App settings)
# SLACK_APP_TOKEN=xapp-...

# Slack allowed users (comma-separated Slack user IDs)
# SLACK_ALLOWED_USERS=

# =============================================================================
# TELEGRAM INTEGRATION
# =============================================================================
# Telegram Bot Token - From @BotFather (https://t.me/BotFather)
# TELEGRAM_BOT_TOKEN=
# TELEGRAM_ALLOWED_USERS=                  # Comma-separated user IDs
# TELEGRAM_HOME_CHANNEL=                   # Default chat for cron delivery
# TELEGRAM_HOME_CHANNEL_NAME=              # Display name for home channel

# Webhook mode (optional — for cloud deployments like Fly.io/Railway)
# Default is long polling. Setting TELEGRAM_WEBHOOK_URL switches to webhook mode.
# TELEGRAM_WEBHOOK_URL=https://my-app.fly.dev/telegram
# TELEGRAM_WEBHOOK_PORT=8443
# TELEGRAM_WEBHOOK_SECRET=                 # Recommended for production

# WhatsApp (built-in Baileys bridge — run `hermes whatsapp` to pair)
# WHATSAPP_ENABLED=false
# WHATSAPP_ALLOWED_USERS=15551234567

# Email (IMAP/SMTP — send and receive emails as Hermes)
# For Gmail: enable 2FA → create App Password at https://myaccount.google.com/apppasswords
# EMAIL_ADDRESS=hermes@gmail.com
# EMAIL_PASSWORD=xxxx xxxx xxxx xxxx
# EMAIL_IMAP_HOST=imap.gmail.com
# EMAIL_IMAP_PORT=993
# EMAIL_SMTP_HOST=smtp.gmail.com
# EMAIL_SMTP_PORT=587
# EMAIL_POLL_INTERVAL=15
# EMAIL_ALLOWED_USERS=your@email.com
# EMAIL_HOME_ADDRESS=your@email.com

# Gateway-wide: allow ALL users without an allowlist (default: false = deny)
# Only set to true if you intentionally want open access.
# GATEWAY_ALLOW_ALL_USERS=false

# =============================================================================
# RESPONSE PACING
# =============================================================================
# Human-like delays between message chunks on messaging platforms.
# Makes the bot feel less robotic.
# HERMES_HUMAN_DELAY_MODE=off     # off | natural | custom
# HERMES_HUMAN_DELAY_MIN_MS=800   # Min delay in ms (custom mode)
# HERMES_HUMAN_DELAY_MAX_MS=2500  # Max delay in ms (custom mode)

# =============================================================================
# DEBUG OPTIONS
# =============================================================================
WEB_TOOLS_DEBUG=false
VISION_TOOLS_DEBUG=false
MOA_TOOLS_DEBUG=false
IMAGE_TOOLS_DEBUG=false

# =============================================================================
# CONTEXT COMPRESSION (Auto-shrinks long conversations)
# =============================================================================
# When conversation approaches model's context limit, middle turns are
# automatically summarized to free up space.
#
# Context compression is configured in ~/.hermes/config.yaml under compression:
# CONTEXT_COMPRESSION_ENABLED=true        # Enable auto-compression (default: true)
# CONTEXT_COMPRESSION_THRESHOLD=0.85      # Compress at 85% of context limit
# Model is set via compression.summary_model in config.yaml (default: google/gemini-3-flash-preview)

# =============================================================================
# RL TRAINING (Tinker + Atropos)
# =============================================================================
# Run reinforcement learning training on language models using the Tinker API.
# Requires the rl-server to be running (from tinker-atropos package).

# Tinker API Key - RL training service
# Get at: https://tinker-console.thinkingmachines.ai/keys
# TINKER_API_KEY=

# Weights & Biases API Key - Experiment tracking and metrics
# Get at: https://wandb.ai/authorize
# WANDB_API_KEY=

# RL API Server URL (default: http://localhost:8080)
# Change if running the rl-server on a different host/port
# RL_API_URL=http://localhost:8080

# =============================================================================
# SKILLS HUB (GitHub integration for skill search/install/publish)
# =============================================================================

# GitHub Personal Access Token — for higher API rate limits on skill search/install
# Get at: https://github.com/settings/tokens (Fine-grained recommended)
# GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx

# GitHub App credentials (optional — for bot identity on PRs)
# GITHUB_APP_ID=
# GITHUB_APP_PRIVATE_KEY_PATH=
# GITHUB_APP_INSTALLATION_ID=

# Groq API key (free tier — used for Whisper STT in voice mode)
# GROQ_API_KEY=

# =============================================================================
# STT PROVIDER SELECTION
# =============================================================================
# Default STT provider is "local" (faster-whisper) — runs on your machine, no API key needed.
# Install with: pip install faster-whisper
# Model downloads automatically on first use (~150 MB for "base").
# To use cloud providers instead, set GROQ_API_KEY or VOICE_TOOLS_OPENAI_KEY above.
# Provider priority: local > groq > openai
# Configure in config.yaml: stt.provider: local | groq | openai

# =============================================================================
# STT ADVANCED OVERRIDES (optional)
# =============================================================================
# Override default STT models per provider (normally set via stt.model in config.yaml)
# STT_GROQ_MODEL=whisper-large-v3-turbo
# STT_OPENAI_MODEL=whisper-1

# Override STT provider endpoints (for proxies or self-hosted instances)
# GROQ_BASE_URL=https://api.groq.com/openai/v1
# STT_OPENAI_BASE_URL=https://api.openai.com/v1

# 基本配置
GATEWAY_ALLOW_ALL_USERS=true

# Dashboard 认证
DASHBOARD_USERNAME=admin
DASHBOARD_PASSWORD=your_secure_password_here  # 改成你的密码

# 时区
TZ=Asia/Shanghai
ARCEEAI_API_KEY=dec57933-c3e4-4f4a-a114-b0ae8104e396
ARCEE_BASE_URL=https://ark.cn-beijing.volces.com/api/coding/v3


WECOM_BOT_ID=aib1TzEwFCq0ia1...qlDLt2Fv
WECOM_SECRET=1U12qLqTdV......ZRIt0ts
GATEWAY_ALLOW_ALL_USERS=true
WECOM_ALLOWED_USERS=LiuRan,ZhangHongGang,WangJian
WECOM_ENABLE_ATTACHMENTS=true
```

### 飞书

**飞书开发者后台**

1. 登录[飞书开放平台](https://open.feishu.cn/app?lang=zh-CN)，创建**企业自建应用**
2. `App ID`   cli_a968...9cb6  和 `App Secret` Q8ykzs7vJdhnda.....qpxi1yfAJIUQH
3. 进入「添加应用能力」→ **机器人** →允许接收私聊、允许接收群聊
4. 进入「权限管理」
   - `im:message:send_as_bot`（机器人发消息）
   - `im:message:readonly`（读消息）
   - `im:message.group_at_msg:readonly`（群 @）
   - `im:message.p2p_msg:readonly`（私聊）
   - `contact:user.employee_id:readonly`（读用户 ID）
5. 事件订阅（WebSocket 模式）
   - 左侧：开发配置 → 事件与回调
   - 接收方式：**使用长连接（WebSocket）**
   - 订阅事件：**`im.message.receive_v1`**（接收消息）
   - 保存
6. 版本发布**→ 发布**（企业自建应用直接可用）

**服务器：安装飞书依赖**

```bash
# 进入 Hermes 环境（根据你部署方式）
cd /path/to/hermes

# 安装飞书 SDK
uv pip install lark-oapi websockets
# 或用 pip（无 uv）
pip install lark-oapi websockets
```

### 企业微信

1. 打开企业微信管理后台，创建机器人：https://work.weixin.qq.com/wework_admin/frame#/aiHelper/create 选择 API 方式创建    **CS Agent**
   - 连接方式： 使用长连接
   - Bot ID  aib1T ...t2Fv 
   - Secret  1U12qLqTdV pd8kKBrcpdk9pZRIt0ts      
2. 可使用权限
   - 用户信息
   - 文档

## 运行

```
cd /www/hermes/
docker run -it --rm   -v ~/.hermes:/opt/data   nousresearch/hermes-agent
```





我想让你通过学习成为医学减重领域的个案管理师，怎么样

我可以按照「权威知识库搭建→适配你的工作规范→实操迭代优化」三步来完成学习，完全适配你的工作需求：

### 第一步：先搭建权威的医学减重知识基底（我可以自主完成）

我会优先检索学习国内国际公认的权威指南作为底层知识框架，包括：

- 《中国超重/肥胖医学营养治疗指南（2023版）》
- WHO成人肥胖预防与管理临床指南
- 肥胖合并高血压/糖尿病/多囊卵巢综合征等并发症的个体化干预规范
- 医学减重个案管理师执业标准、随访规范、风险预警指征 所有核心知识我会保存到持久化记忆，使用时严格遵循规范不会出错。



### 第二步：对齐你的专属工作要求（需要你提供相关资料）

你可以把你常用的工作资料发给我，我会全部学习固化：

1. 你的机构内部工作规范、减重方案模板、个案评估表/随访记录表模板
2. 过往你处理过的优质个案案例（可以隐去隐私信息）
3. 你需要我输出的报告格式、需要遵守的特殊要求 我会把这些规则做成专属技能，后续处理任务100%符合你的工作标准。



### 第三步：实操迭代优化

你可以先拿少量测试个案让我尝试处理，你给出反馈后我会快速修正优化，几轮之后就能达到你要求的处理精度。



### 学完后我可以帮你完成的工作：

✅ 个案初筛：自动根据用户的体检数据、基础病史做减重风险评估，判断适应症/禁忌症 ✅ 方案生成：根据个体情况生成个性化的饮食/运动/行为干预方案，特殊合并症人群自动适配特殊要求 ✅ 随访管理：自动生成随访计划、随访话术，可配置定时任务自动给你推送当日待跟进个案清单 ✅ 数据统计：自动统计个案的减重达标率、依从率、不良反应发生率等数据，生成汇总报表

你看这个学习路径是否符合你的预期？有没有需要我优先学习的资料或者重点侧重的功能？

## mini 机器

https://github.com/NousResearch/hermes-agent



```
第一步：创建虚拟环境（彻底避开系统限制）
bash
运行
cd ~/hermes-agent-main
python3 -m venv venv
source venv/bin/activate
第二步：安装所有依赖（不会再报错！）
bash
运行
pip install -r requirements.txt
第三步：运行项目
bash
运行
./hermes
为什么这个方法一定成功？
之前报错：因为你直接用系统 Python，系统包不允许被 pip 修改 / 卸载
现在方法：创建了独立干净的 Python 环境，没有任何权限冲突
所有包都能正常安装，不会再出现任何报错
以后每次使用前，先激活环境
每次新开终端，只需要先运行这一行：
bash
运行
source ~/hermes-agent-main/venv/bin/activate
然后再运行：
bash
运行
./hermes
总结
执行这三行，彻底解决所有问题：
bash
运行
cd ~/hermes-agent-main
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
./hermes
再也不会有 ModuleNotFound / 无法卸载 / 权限报错 等问题
这是 Linux 上运行 Python 项目的标准正确方法
```