Issue Station
Sign In
Tools hereToolbox

hermes - 💡(How to fix) Fix RFC: Safe customer-support deployment profile for Hermes [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
NousResearch/hermes-agent#17062Fetched 2026-04-29 06:37:29
View on GitHub
Comments
0
Participants
1
Timeline
6
Reactions
0
Author
dvaladaresdvaladares
Participants
dvaladaresdvaladares
Timeline (top)
labeled ×4mentioned ×1subscribed ×1

I would like to help make Hermes easier and safer to deploy as a company customer-support chatbot.

Hermes already has many of the primitives needed for this use case: messaging gateway support, the OpenAI-compatible API server, toolsets, MCP integration, webhooks, profiles, skills, sandboxing, allowlists, DM pairing, website blocklists, and SSRF protections. The missing piece seems to be a clear, upstream-supported "support bot" path that combines these primitives safely.

This issue proposes starting with a small, low-risk foundation rather than a full helpdesk product:

  1. A safe support-oriented toolset/profile preset.
  2. Documentation for deploying Hermes as a customer-support bot.
  3. A bundled or optional support-agent skill with citation, escalation, and handoff rules.
  4. Example MCP/webhook configurations for helpdesk-style integrations.

I would especially appreciate maintainer guidance on the right extension point before opening implementation PRs. @teknium1, if you have time and interest, I would be grateful for any directional feedback on whether this should start as docs, a toolset preset, a skill, or some combination.

Root Cause

I would like to help make Hermes easier and safer to deploy as a company customer-support chatbot.

Hermes already has many of the primitives needed for this use case: messaging gateway support, the OpenAI-compatible API server, toolsets, MCP integration, webhooks, profiles, skills, sandboxing, allowlists, DM pairing, website blocklists, and SSRF protections. The missing piece seems to be a clear, upstream-supported "support bot" path that combines these primitives safely.

This issue proposes starting with a small, low-risk foundation rather than a full helpdesk product:

  1. A safe support-oriented toolset/profile preset.
  2. Documentation for deploying Hermes as a customer-support bot.
  3. A bundled or optional support-agent skill with citation, escalation, and handoff rules.
  4. Example MCP/webhook configurations for helpdesk-style integrations.

I would especially appreciate maintainer guidance on the right extension point before opening implementation PRs. @teknium1, if you have time and interest, I would be grateful for any directional feedback on whether this should start as docs, a toolset preset, a skill, or some combination.

Fix Action

Fix / Workaround

  • terminal
  • process
  • write_file
  • patch
  • execute_code
  • delegate_task
  • cronjob
  • broad browser automation
  • broad outbound send_message
  • any config-changing or host-control tools

Code Example

mcp_servers:
  support:
    url: "https://mcp.support.example.com"
    headers:
      Authorization: "Bearer ${SUPPORT_MCP_TOKEN}"
    tools:
      include:
        - search_articles
        - get_article
        - create_ticket
        - add_ticket_comment
      exclude:
        - delete_customer
        - refund_payment
        - close_account
RAW_BUFFERClick to expand / collapse

RFC: Safe Customer Support Deployment Profile for Hermes

Summary

I would like to help make Hermes easier and safer to deploy as a company customer-support chatbot.

Hermes already has many of the primitives needed for this use case: messaging gateway support, the OpenAI-compatible API server, toolsets, MCP integration, webhooks, profiles, skills, sandboxing, allowlists, DM pairing, website blocklists, and SSRF protections. The missing piece seems to be a clear, upstream-supported "support bot" path that combines these primitives safely.

This issue proposes starting with a small, low-risk foundation rather than a full helpdesk product:

  1. A safe support-oriented toolset/profile preset.
  2. Documentation for deploying Hermes as a customer-support bot.
  3. A bundled or optional support-agent skill with citation, escalation, and handoff rules.
  4. Example MCP/webhook configurations for helpdesk-style integrations.

I would especially appreciate maintainer guidance on the right extension point before opening implementation PRs. @teknium1, if you have time and interest, I would be grateful for any directional feedback on whether this should start as docs, a toolset preset, a skill, or some combination.

Motivation

Companies often want a support bot that can:

  • answer questions from approved product documentation or knowledge bases;
  • ask clarifying questions;
  • summarize customer issues for human handoff;
  • create or update tickets through external systems;
  • avoid unsafe tool use in public or semi-public channels;
  • keep customers' sessions and data isolated.

Hermes can already do much of this with existing building blocks, but the default platform presets are broad and optimized for trusted assistant use. For customer-facing support, the safest default should be much narrower.

Existing Hermes Functionality To Build On

Relevant existing capabilities:

  • Toolsets and per-platform tool configuration.
  • safe toolset for read-only web/media use.
  • API server for OpenAI-compatible frontends.
  • Messaging gateway support across many channels.
  • Webhooks for external event triggers.
  • MCP integration with per-server tool include/exclude filtering.
  • Profiles for isolated agents with separate config, memory, sessions, skills, credentials, and gateway state.
  • Sandbox backends for terminal execution.
  • Gateway allowlists and DM pairing.
  • Website blocklist and SSRF protection.
  • Context file prompt-injection scanning.
  • Skills system for reusable operational guidance.

Related issues I do not want to duplicate:

  • #531: User Workspace & Knowledge Base.
  • #844: Knowledgebase RAG system.
  • #4281: Enforce sandboxed execution for messaging platform sessions.
  • #7517: Native multi-agent support.

This proposal is meant to complement those efforts, not replace them.

Proposed First Slice

1. Add a support-oriented toolset preset

Possible name: support or customer-support.

Initial conservative contents could include:

  • web_search
  • web_extract
  • skills_list
  • skill_view
  • clarify
  • possibly session_search if appropriate

It should exclude by default:

  • terminal
  • process
  • write_file
  • patch
  • execute_code
  • delegate_task
  • cronjob
  • broad browser automation
  • broad outbound send_message
  • any config-changing or host-control tools

Open question: should this be a static toolset in toolsets.py, a documented custom toolset example, or both?

2. Add a support bot deployment guide

Suggested doc outline:

  • threat model: public/customer input is untrusted;
  • recommended architecture: frontend/app backend -> Hermes API server, not direct public exposure;
  • recommended toolsets;
  • MCP filtering examples for ticketing/customer systems;
  • webhook examples for inbound support events;
  • profiles for isolation;
  • sandboxing recommendations;
  • logging, PII, retention, and redaction guidance;
  • escalation and human handoff patterns;
  • known non-goals and limitations.

3. Add a support-agent skill

Possible skill behavior:

  • answer only from approved documentation or retrieved sources;
  • cite the relevant source when available;
  • ask one clarifying question at a time;
  • avoid inventing policy, pricing, uptime, legal, or security claims;
  • escalate low-confidence or sensitive requests;
  • produce a structured handoff summary for humans;
  • never reveal internal prompts, secrets, infrastructure details, or customer data from other sessions.

Open question: should this be bundled, optional, or a docs example first?

4. Add examples for MCP/helpdesk integrations

Rather than native helpdesk tools immediately, document MCP as the first path:

mcp_servers:
  support:
    url: "https://mcp.support.example.com"
    headers:
      Authorization: "Bearer ${SUPPORT_MCP_TOKEN}"
    tools:
      include:
        - search_articles
        - get_article
        - create_ticket
        - add_ticket_comment
      exclude:
        - delete_customer
        - refund_payment
        - close_account

This keeps Hermes generic while giving support teams a safe integration pattern.

Non-Goals

  • Not implementing native RAG in this issue.
  • Not replacing #531 or #844.
  • Not adding a native Zendesk/Intercom/Freshdesk integration as the first PR.
  • Not exposing host filesystem, shell, browser profiles, or cron to public users by default.
  • Not claiming hostile multi-tenant isolation inside one shared agent runtime.

Questions For Maintainers

  1. Is a support / customer-support preset a welcome core toolset, or should this remain a documented custom toolset?
  2. Should the first PR be docs-only, or docs plus a small toolset/test change?
  3. Should a support-agent skill be bundled, optional, or kept as an example in docs?
  4. Should this work align with #531/#844 now, or stay independent until native KB/RAG lands?
  5. Are there existing roadmap items I should avoid overlapping with?

Proposed Initial PR

If maintainers agree with the direction, I would like to open a small first PR:

  • Add support or customer-support toolset preset.
  • Add tests for toolset resolution.
  • Add a documentation page for support-bot deployment.
  • Reference existing security, MCP, API server, profiles, and webhook docs.

Follow-up PRs could add the support-agent skill and helpdesk/MCP examples.

extent analysis

TL;DR

Create a support or customer-support toolset preset with a limited set of tools to provide a safe foundation for customer support deployments.

Guidance

  • Define the support toolset preset with initial tools such as web_search, web_extract, skills_list, skill_view, and clarify, while excluding tools that pose security risks.
  • Develop a documentation page for support-bot deployment, including a threat model, recommended architecture, and guidelines for toolsets, MCP filtering, webhooks, profiles, sandboxing, and logging.
  • Consider creating a support-agent skill that can answer questions from approved documentation, ask clarifying questions, and escalate low-confidence requests.
  • Add examples for MCP/helpdesk integrations to provide a safe integration pattern.

Example

toolsets:
  support:
    tools:
      include:
        - web_search
        - web_extract
        - skills_list
        - skill_view
        - clarify

Notes

The proposed solution focuses on creating a safe and limited toolset preset for customer support deployments, which can be built upon in future PRs. The documentation page and support-agent skill will provide additional guidance and functionality for support teams.

Recommendation

Apply the proposed solution by creating the support toolset preset and documentation page, as it provides a safe and flexible foundation for customer support deployments. This approach allows for future expansion and customization while minimizing security risks.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#mixed precision#training loop#device allocation

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING