{"slug": "show-hn-fleet-a-local-first-console-for-managing-dockerized-hermes-ai-agents", "title": "Show HN: Fleet – a local-first console for managing Dockerized Hermes AI Agents", "summary": "Fleet, a local-first web console for managing Dockerized Hermes AI agents, has been released as an open-source tool. It enables operators to create, configure, monitor, and operate Hermes and Nemo Hermes agents across trusted machines from a single dashboard. The tool keeps runtime state and secrets local by default, supporting features like service health monitoring, chat sessions, and backups.", "body_md": "Fleet is a local-first web console for creating, configuring, monitoring, and operating Dockerized Hermes agents across one or more trusted machines.\n\nIt is primarily built for Hermes Agent and the NVIDIA-focused Hermes variant, Nemo Hermes. Standard Hermes agents are the default path; Nemo Hermes agents are supported when the `nemohermes`\n\nrunner is available or automatic installation is enabled.\n\nIt gives a single operator view for the parts that become noisy once you run more than one agent: service health, provider defaults, shared credentials, chat sessions, browser sidecars, VNC, terminal access, local web publishing, backups, restores, clones, remote nodes, and setup readiness.\n\nFleet is designed for technical operators running personal or team-controlled agent infrastructure on a workstation, homelab, VPN, or trusted LAN. Runtime state and secrets stay local by default; the repository keeps source code separate from `.env`\n\n, `runtime/`\n\n, `data/`\n\n, `logs/`\n\n, `secrets/`\n\n, and `vendor/hermes-agent/`\n\n.\n\n- Creates Hermes Docker agents from a repeatable local baseline.\n- Creates Nemo Hermes sandbox agents when the\n`nemohermes`\n\nrunner is available or auto-install is enabled. - Coordinates local agents and trusted remote Fleet nodes from the same dashboard.\n- Shows agent state, service counts, health, memory readiness, gateway diagnostics, drift, and update status.\n- Opens agent chat, session history, dashboard, VNC, local web preview, and container terminal surfaces.\n- Saves fleet-wide provider defaults for OpenAI Codex, Ollama, Custom endpoints, and OpenRouter.\n- Stores shared provider credentials in ignored local files and syncs them into selected agents.\n- Supports Codex device login and controlled sync of Codex auth state into agents.\n- Creates Telegram-enabled agents through the onboarding pairing flow.\n- Publishes static files from each agent workspace through a per-agent webhost sidecar.\n- Backs up, restores, and clones agents while excluding secrets unless an operator explicitly opts in.\n- Runs release and setup audits that keep runtime state, tokens, logs, and oversized source files out of git.\n\n- Node.js 20+ and npm 10+\n- Docker with Docker Compose v2\n- git, when Fleet should clone the default Hermes source checkout automatically\n- Optional:\n`nemohermes`\n\non`PATH`\n\nfor Nemo Hermes sandbox agents\n\nThe onboarding screen checks these requirements. From a terminal, run the same check with:\n\n```\nnpm run init:baseline\nnpm run setup\nnpm start\n```\n\nOpen:\n\n```\nhttp://127.0.0.1:5180\n```\n\n`npm run setup`\n\nprepares ignored runtime folders, creates `.env`\n\nwhen missing, fixes executable bits on wrapper scripts, installs npm dependencies when needed, clones the configured Hermes source when it is missing, and runs the baseline check. New env files bind the console to `0.0.0.0`\n\nso trusted LAN machines can reach it, and setup prompts for or generates `HERMES_CONSOLE_TOKEN`\n\nbecause LAN-visible consoles must use API auth.\n\n`npm start`\n\nruns the baseline check, builds the frontend, and serves the production app from the Express server.\n\nFrom the console host itself, open `http://127.0.0.1:5180`\n\n. From another trusted LAN machine, open `http://:5180`\n\nand enter the console token when prompted. To keep Fleet local-only, set `HERMES_CONSOLE_HOST=127.0.0.1`\n\nin `.env`\n\n.\n\nFor active development:\n\n```\nnpm run dev\n```\n\nThe API runs on `http://127.0.0.1:5180`\n\n; the Vite frontend runs on `http://127.0.0.1:5200`\n\nand proxies `/api`\n\nto the API server. In dev mode, Vite listens on `0.0.0.0`\n\nby default so LAN clients redirected by the API can reach the frontend; set `HERMES_CONSOLE_DEV_HOST=127.0.0.1`\n\nfor local-only development.\n\n- Run\n`npm run setup`\n\n. - Open\n`http://127.0.0.1:5180`\n\n. - Review setup checks on the onboarding screen.\n- Open\n**Fleet settings** and choose a provider default. - Add shared credentials or complete Codex device login if your selected provider needs auth.\n- Create an agent from the dashboard.\n- Open the agent detail view for chat, lifecycle, gateway, terminal, crons, credentials, and diagnostics.\n\nBy default, Fleet clones Hermes source into `vendor/hermes-agent`\n\nfrom `HERMES_AGENT_REPO_URL`\n\n. To use a checkout somewhere else, set:\n\n```\nHERMES_AGENT_SRC=/path/to/hermes-agent\n```\n\nTo disable automatic source download:\n\n```\nHERMES_AGENT_AUTO_CLONE=0\n```\n\n[Documentation index](/matt454/agent-fleet-console/blob/main/docs/index.md)[Getting started](/matt454/agent-fleet-console/blob/main/docs/getting-started.md)[Operator guide](/matt454/agent-fleet-console/blob/main/docs/operator-guide.md)[Configuration reference](/matt454/agent-fleet-console/blob/main/docs/configuration.md)[API reference](/matt454/agent-fleet-console/blob/main/docs/api-reference.md)[Codebase guide](/matt454/agent-fleet-console/blob/main/docs/codebase.md)[Implementation patterns](/matt454/agent-fleet-console/blob/main/docs/patterns.md)[Release checklist](/matt454/agent-fleet-console/blob/main/docs/release-checklist.md)[Security policy](/matt454/agent-fleet-console/blob/main/SECURITY.md)[Contributing guide](/matt454/agent-fleet-console/blob/main/CONTRIBUTING.md)[Support guide](/matt454/agent-fleet-console/blob/main/SUPPORT.md)\n\n```\nnpm run setup # prepare local runtime state and dependencies\nnpm start # build and serve the production console\nnpm run dev # run API and Vite dev server\nnpm run init:baseline # check local setup readiness\nnpm run check # TypeScript type check\nnpm test # run node test suite\nnpm run build # production frontend build\nnpm run audit:release # repository hygiene audit\nnpm run release:check # full release gate\nnpm run knip # unused-code audit\n```\n\nFleet also includes repo-local wrappers:\n\n```\nbin/hermes-console\nbin/hermes-docker status \nbin/hermes-docker logs \nbin/hermes-docker shell \nbin/hermes-docker restart \nbin/hermes-docker update \nbin/hermes-docker delete \n```\n\nUse the UI for normal operation. Use the wrappers when you need a direct terminal escape hatch for local Docker agents.\n\nFleet reads process env first, then these files when present:\n\n`runtime/.env`\n\n`.env`\n\n`HERMES_CONSOLE_ENV_FILE`\n\n`/.env`\n\nwhen`HERMES_INSTANCES_ROOT`\n\nis external\n\nExisting process environment variables win over `.env`\n\nvalues. If a shell profile, service manager, or `launchctl`\n\nexport still sets `HERMES_CONSOLE_HOST=127.0.0.1`\n\n, Fleet will stay loopback-only even when `.env`\n\nsays `0.0.0.0`\n\n.\n\nThe most important local settings are:\n\n```\nHERMES_INSTANCES_ROOT=./runtime\nHERMES_DOCKER_BIN=./bin/hermes-docker\nHERMES_AGENT_SRC=./vendor/hermes-agent\nHERMES_AGENT_AUTO_CLONE=1\nHERMES_CAMOFOX_CONTEXT=./docker/camofox\nHERMES_WEBHOST_CONTEXT=./docker/webhost\nHERMES_CONSOLE_HOST=0.0.0.0\nHERMES_CONSOLE_PORT=5180\nHERMES_CONSOLE_DATA_DIR=./data\nHERMES_CONSOLE_SECRETS_DIR=./secrets\nHERMES_CONSOLE_REQUIRE_AUTH=1\n```\n\nFor a remote Fleet node, the base URL entered in **Fleet settings -> Fleet nodes** should use the remote machine's LAN address, for example `http://192.168.3.232:5180`\n\n, plus the same bearer token stored in that remote node's `.env`\n\n.\n\nFleet-wide provider defaults and shared credentials are managed from **Fleet settings** and stored in ignored files:\n\n```\nsecrets/global-provider.json\nsecrets/global-credentials.env\nsecrets/global-oauth/\nsecrets/global-sync.json\n```\n\nPer-agent config lives under each agent folder:\n\n```\n/\n home/\n .env\n config.yaml\n SOUL.md\n workspace/\n HERMES_WEB.md\n web/\n instance.env\n compose.yaml\n```\n\nSee [Configuration reference](/matt454/agent-fleet-console/blob/main/docs/configuration.md) for the full environment and storage guide.\n\nFleet binds to `0.0.0.0`\n\nby default so trusted LAN Fleet nodes can reach it. Keep API auth enabled and set:\n\n```\nHERMES_CONSOLE_TOKEN=\nHERMES_CONSOLE_REQUIRE_AUTH=1\n```\n\nThe server refuses non-loopback binds unless `HERMES_CONSOLE_TOKEN`\n\nis set. `npm run setup`\n\nprompts for or generates a token when LAN binding or required auth needs one. For local-only use, set `HERMES_CONSOLE_HOST=127.0.0.1`\n\n.\n\nTreat Fleet as a control plane. It can start and stop containers, open terminals, sync credentials, restore backups, create agents, proxy remote node actions, and optionally run self-update commands. Keep individual Hermes dashboards, Camofox VNC endpoints, and agent webhosts private unless you intentionally protect and expose them.\n\nFleet Nodes let one console coordinate other Fleet consoles on trusted machines. Add remote consoles in **Fleet settings -> Fleet nodes** with a label, base URL, optional bearer token, and enabled state.\n\nThe dashboard then merges local and remote agents, shows the host for each row, and routes create, start, stop, restart, update, delete, clone, backup, chat, gateway, terminal, and detail actions through the selected node.\n\nRemote node bearer tokens are redacted in API responses but stored locally in `data/fleet.db`\n\n; keep `data/`\n\nprivate and use disk encryption on shared machines.\n\nFleet writes backups to:\n\n```\ndata/backups/\n```\n\nBackups include agent config, selected workspace files, provider defaults, and a manifest. Secrets such as `home/.env`\n\n, global credentials, OAuth state, token-like files, and generated runtime secrets are excluded unless an operator explicitly enables secret export.\n\nRestore uses a local `.tar.gz`\n\narchive path on the console host. Restored agents receive fresh generated ports and runtime secrets. Clone duplicates a local agent into a new name and can optionally include workspace files and local per-agent credentials.\n\n```\nbin/ fleet wrapper scripts used by the app\ndocker/camofox/ Camofox sidecar image context\ndocker/webhost/ Node.js static webhost sidecar image context\nserver/ Express API, services, SQLite, terminal websocket\nsrc/ React frontend, UI state, styles, shared models\nscripts/ setup, baseline, release audit, dev/start orchestration\ndocs/ user, operator, API, and maintainer documentation\nruntime/ ignored default Hermes instance root\ndata/ ignored SQLite database and local control state\nlogs/ ignored local process logs\nsecrets/ ignored global provider credentials and OAuth state\nvendor/hermes-agent/ ignored optional Hermes source checkout/package\n```\n\nBefore publishing or opening a pull request:\n\n```\nnpm run release:check\ngit status --short\n```\n\nFor setup, onboarding, Docker, or environment changes, also run:\n\n```\nnpm run init:baseline -- --json\n```\n\nThe release gate runs type checking, tests, production build, repository hygiene audit, production dependency audit, and unused-code audit. See [Release checklist](/matt454/agent-fleet-console/blob/main/docs/release-checklist.md) for the manual review list.", "url": "https://wpnews.pro/news/show-hn-fleet-a-local-first-console-for-managing-dockerized-hermes-ai-agents", "canonical_source": "https://github.com/matt454/agent-fleet-console", "published_at": "2026-06-29 20:31:10+00:00", "updated_at": "2026-06-29 20:52:01.833115+00:00", "lang": "en", "topics": ["ai-agents", "developer-tools", "ai-infrastructure"], "entities": ["Fleet", "Hermes Agent", "Nemo Hermes", "OpenAI Codex", "Ollama", "OpenRouter", "Docker", "Node.js"], "alternates": {"html": "https://wpnews.pro/news/show-hn-fleet-a-local-first-console-for-managing-dockerized-hermes-ai-agents", "markdown": "https://wpnews.pro/news/show-hn-fleet-a-local-first-console-for-managing-dockerized-hermes-ai-agents.md", "text": "https://wpnews.pro/news/show-hn-fleet-a-local-first-console-for-managing-dockerized-hermes-ai-agents.txt", "jsonld": "https://wpnews.pro/news/show-hn-fleet-a-local-first-console-for-managing-dockerized-hermes-ai-agents.jsonld"}}