Fix Docker backend on macOS and subagent auth for Nous Portal by rsavitt · Pull Request #46 · NousResearch/hermes-agent

rsavitt · 2026-02-26T03:31:52Z

Summary

Docker backend fixes (macOS)

Fix undefined effective_image variable in Docker backend — only the Modal backend defines this; use image directly
Skip --storage-opt size=N on macOS — Docker Desktop doesn't support this flag (requires overlay2 with xfs backing)
Fix invalid working directory ~ — Docker requires absolute paths for -w; default to /root and translate ~ from callers

Subagent auth fix (Nous Portal)

Propagate parent API key to child agents in delegate_task — without this, subagents fall back to the empty OPENROUTER_API_KEY env var when using Nous Portal, causing "No pricing available" / "Unknown model" errors on every delegation

Test plan

Verify hermes with terminal.backend: docker works on macOS (Docker Desktop)
Verify Docker backend still works on Linux (where --storage-opt is supported)
Verify persistent and non-persistent container modes both start successfully
Verify subagent delegation works with Nous Portal provider
Verify subagent delegation still works with OpenRouter provider

🤖 Generated with Claude Code

Three issues prevented the Docker terminal backend from working: 1. `effective_image` was referenced but never defined — only the Modal backend sets this variable. Use `image` directly instead. 2. `--storage-opt size=N` is unsupported on Docker Desktop for Mac (requires overlay2 with xfs backing). Skip the flag on Darwin. 3. Docker requires absolute paths for `-w` (working directory) but the default cwd was `~`, which Docker does not expand. Default to `/root` and translate any `~` passed in from callers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

When using Nous Portal (or any non-OpenRouter provider), child agents spawned by delegate_task failed with "No pricing available" or "Unknown model" errors because they had no valid API key. The delegate tool passed base_url but not api_key to child AIAgent instances. Without an explicit key, children fell back to the empty OPENROUTER_API_KEY env var, causing auth failures. Extract the parent's API key from _client_kwargs and pass it through. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

… context files The security scanner (skills_guard.py) was only wired into the hub install path. All other write paths to persistent state — skills created by the agent, memory entries, cron prompts, and context files — bypassed it entirely. This closes those gaps: - file_operations: deny-list blocks writes to ~/.ssh, ~/.aws, ~/.hermes/.env, etc. - code_execution_tool: filter secret env vars from sandbox child process - skill_manager_tool: wire scan_skill() into create/edit/patch/write_file with rollback - skills_guard: add "agent-created" trust level (same policy as community) - memory_tool: scan content for injection/exfil before system prompt injection - prompt_builder: scan AGENTS.md, .cursorrules, SOUL.md for prompt injection - cronjob_tools: scan cron prompts for critical threats before scheduling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

teknium1 · 2026-02-26T07:17:22Z

LGTM

Raeli Savitt and others added 2 commits February 25, 2026 22:31

rsavitt changed the title ~~Fix Docker backend failures on macOS~~ Feb 26, 2026

Raeli Savitt and others added 2 commits February 25, 2026 23:43

Merge branch 'main' into fix/docker-backend-macos

faa185e

teknium1 merged commit 8463b7e into NousResearch:main Feb 26, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Docker backend on macOS and subagent auth for Nous Portal#46

Fix Docker backend on macOS and subagent auth for Nous Portal#46
teknium1 merged 4 commits intoNousResearch:mainfrom
rsavitt:fix/docker-backend-macos

rsavitt commented Feb 26, 2026 •

edited

Loading

teknium1 commented Feb 26, 2026

Labels

2 participants

Conversation

rsavitt commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!