Appearance
Toolsets & approval
Toolsets group related tools. Approval settings control what Hermes can do without asking.
Command approval
For offline agents with shell access, I keep approvals on. Hermes uses an approvals.mode setting:
yaml
approvals:
mode: manual # manual | smart | offHermes shows flagged commands and waits for your OK before running them. Critical when the agent has access to your real filesystem.
Approval modes
| Mode | Behavior |
|---|---|
manual (default) | Prompt before any command flagged as dangerous |
smart | LLM classifier judges risk; auto-runs clearly safe commands, prompts on genuinely destructive ones |
off | Skip all approval checks (equivalent to --yolo / HERMES_YOLO_MODE). Sandboxed environments only |
smart is a good middle ground once you trust your setup: it reduces approval fatigue while still catching rm -rf, DROP TABLE, and similar. You can also toggle at runtime with /yolo or per-command by approving the prompt.
Container isolation
Hermes supports multiple terminal backends for safer execution:
| Backend | Use case |
|---|---|
| local | Direct on your machine (my laptop setup) |
| Docker | Sandboxed container |
| SSH | Remote server |
| Daytona / Modal | Cloud serverless |
For local offline work, the local backend with approvals.mode: manual is the practical balance.
Disabling toolsets for offline
If you're fully offline, disable web-dependent toolsets to prevent the agent from trying (and failing) to reach the internet. Use agent.disabled_toolsets, which removes them across the CLI and every gateway platform:
yaml
agent:
disabled_toolsets:
- web # no web_search / web_extract
- browser # no browser automation
- image_gen # no image generationThis saves context tokens and reduces confusion. For finer, per-platform control, use the interactive hermes tools UI or the in-session /tools disable <name> command.
Common toolset names
file, terminal, web, search, browser, vision, image_gen, memory, skills, delegation, code_execution, cronjob, session_search, tts, todo. See the official Toolsets Reference for the full list.
Real scenario
I once asked Hermes to "check the latest npm version of vitepress." Offline, it tried web search, failed, and wasted a tool round. After disabling web toolsets, it correctly said "I can't reach the internet" and suggested npm view vitepress version instead (which also needs network, but the point stands: configure toolsets to match your environment).
Next: MCP integration.