Why use Agent Approve with Hermes if Hermes already works through Telegram, Discord, or Slack?

Those are communication channels, not a governance layer. Agent Approve adds supervision for prompts, tool calls, responses, and approvals so you can see what happened and decide which actions run automatically versus which ones should require approval — whether the turn started from chat, cron, a gateway webhook, or the CLI.

What does Agent Approve add when I am not at the terminal?

The hardest behavior to spot is what Hermes is doing while you are not actively talking to it — scheduled jobs, gateway sessions, subagent runs. Agent Approve gives you a phone-side view of every prompt and tool call as it happens, push notifications when sensitive actions need a decision, and an activity history you can scroll back through.

How does this fit with Smart Mode?

They stack. Leave Smart Mode on for the low-risk commands it auto-approves locally and the obviously dangerous ones it denies. Agent Approve handles the gray-area cases on your phone, applies the same allowlist and denylist across all your agents, and adds Apple Watch notifications. The two run in series — our `pre_tool_call` hook fires before Hermes' approval prompt.

Does this work in gateway mode?

Yes. The plugin runs in both CLI and gateway modes. Follow-up input from your phone is queued via `ctx.inject_message()` either way, so you can steer the agent from your iPhone even when the conversation started on Telegram or Discord.

All agents

Agent Approve for Hermes

Supervise Hermes from your phone with guardrails, approvals, and activity monitoring

Autonomous agentPlugin integration

Agent Approve adds a supervision layer for your Hermes setup. See every prompt, tool call, and response, catch drift early, and require approval before sensitive actions run — all from your iPhone or Apple Watch.

Push notifications keep you informed when Hermes is active outside your immediate attention, whether the run was triggered from a Telegram or Discord message, a scheduled cron job, a gateway webhook, or a delegated subagent. You can stay in control without reopening a terminal.

The same guardrails, activity history, and approval workflow extend across Hermes, OpenClaw, Cursor, Claude Code, Gemini CLI, Codex, Pi, OpenCode, and Copilot.

Install Hermes

Quick start

Download Agent Approve from the App Store and complete onboarding.

Run npx agentapprove on your machine and select Hermes.

The installer runs pip install --user agentapprove and hermes plugins enable agentapprove for you.

Scan the QR code to pair, then start using Hermes — approval requests arrive on your phone.

Install command

npx agentapprove

Agent Approve config: ~/.agentapprove/

Hermes hook config: ~/.hermes/config.yaml

agentapprovev0.1.24

Recommended configuration

•Requires Python 3.10 or newer and pip (or pipx as a fallback). The installer detects your Python and uses pip install --user so it never needs sudo.
•For unattended runs, the plugin blocks on pre_tool_call until Agent Approve returns a decision or the configured timeout is reached.

Capabilities

Approval requests

Follow-up commands

Voice input

Activity monitoring

Push notifications

MCP tool tracking

Good to know

Autonomous supervision – Scheduled runs, gateway sessions, and subagent delegations all happen without a human at the terminal. Agent Approve sees when the agent triggers, what it does, and lets you decide which actions run automatically versus which ones need approval.

Cross-channel monitoring – The same approval flow covers prompts, tool calls, and responses no matter how the run started — Telegram, Discord, Slack, email, cron, gateway webhook, or the CLI.

Push for unattended runs – When a cron job or gateway message wakes Hermes up while you are away, push notifications surface it on your phone and Apple Watch so sensitive tool calls can wait for a tap.

Drift detection – Useful when the concern is not only command approval but drift: is Hermes staying on goal, being manipulated by an incoming message, or responding in ways you do not want?

Stacks with Smart Mode – Leave Smart Mode on for local low-risk auto-approvals; Agent Approve handles the gray-area cases on your phone with shared policy across all your agents.

Follow-up commands – On post_llm_call, the plugin polls Agent Approve for any reply you typed on your phone and pushes it as the next user turn via ctx.inject_message() — same UX as Claude Code, works in both CLI and gateway mode.

Voice input – Especially useful when the agent is running headlessly on a server or gateway.

Bulk command parsing – Policy evaluation splits shell commands chained with && into individual sub-commands evaluated independently. A dangerous command like rm -rf hidden as the third step in a chain is caught even when the batch starts with safe commands.

Stay up to date – Run npx agentapprove again to update the plugin, or upgrade directly with pip install --user --upgrade agentapprove.

Use cases

Monitor Hermes activity from your phone when it triggers from Telegram, Discord, Slack, cron, gateway webhook, or another automation surface.

Require approval before Hermes executes or sends something sensitive, while still letting safe routines continue automatically.

Catch drift early by keeping tabs on prompts, tool calls, and responses when you are not actively talking to the agent.

Track Hermes prompts, tool calls, subagent delegations, approvals, and follow-up decisions in one activity history.

Apply the same deny rules to Hermes that you use for OpenClaw, Cursor, Claude Code, Gemini CLI, Codex, Pi, OpenCode, and Copilot.

Questions about Hermes

A few common questions about how Agent Approve fits alongside Hermes.

More guides

View all supported agents Frequently asked questions Get help