Hardcoded 2/3-min no-activity timeouts are now driven by STREAM_ACCEPTED_TIMEOUT_MS and STREAM_HANDOFF_TIMEOUT_MS env vars (defaults: 120s accepted, 300s handoff). New /api/stream-config route reads these at runtime; chat-screen fetches them once on mount and passes to useStreamingMessage. Together with the 30s heartbeat added in the previous commit, long agent runs on slow models no longer stall. Worked with Interstellar Code (cherry picked from commit 96f0c64b2222b42b112b83a878dbe12cf29c46a7)
116 lines
5.5 KiB
Plaintext
116 lines
5.5 KiB
Plaintext
# Hermes Workspace — Environment Variables
|
|
#
|
|
# Copy this to .env and adjust as needed:
|
|
# cp .env.example .env
|
|
|
|
# ═══════════════════════════════════════════════════════════════
|
|
# LLM Provider — pick ONE (you don't need all of them)
|
|
# ═══════════════════════════════════════════════════════════════
|
|
# hermes-agent supports many providers. For Docker Compose the agent
|
|
# container needs the key for whichever provider you configured in
|
|
# ~/.hermes/config.yaml. Common options:
|
|
#
|
|
# Anthropic (Claude): https://console.anthropic.com/settings/keys
|
|
# OpenAI (GPT / o-series): https://platform.openai.com/api-keys
|
|
# OpenRouter (many models, free tier available): https://openrouter.ai/keys
|
|
# Google (Gemini): https://aistudio.google.com/app/apikey
|
|
# Ollama / local: No key needed — just run `ollama serve`
|
|
#
|
|
# Uncomment ONLY the key(s) for the providers you actually use.
|
|
|
|
# ANTHROPIC_API_KEY=sk-ant-...
|
|
# OPENAI_API_KEY=sk-...
|
|
# OPENROUTER_API_KEY=sk-or-v1-...
|
|
# GOOGLE_API_KEY=AIza...
|
|
|
|
# ═══════════════════════════════════════════════════════════════
|
|
# Optional: Hermes Agent Connection
|
|
# ═══════════════════════════════════════════════════════════════
|
|
|
|
# Hermes Agent WebAPI URL (default: http://127.0.0.1:8642)
|
|
# - For Docker: Uses http://hermes-agent:8642 automatically
|
|
# - For local dev: Set to http://127.0.0.1:8642
|
|
# IMPORTANT: The Hermes Agent gateway HTTP API server is opt-in.
|
|
# Add API_SERVER_ENABLED=true to ~/.hermes/.env and restart the gateway.
|
|
# Without it, the gateway serves messaging platforms but not port 8642.
|
|
# HERMES_API_URL=http://127.0.0.1:8642
|
|
|
|
# Hermes Agent API token — required when the gateway is authenticated
|
|
# (e.g. Docker deployments exposing API_SERVER_HOST=0.0.0.0).
|
|
#
|
|
# When your Hermes Agent gateway has API_SERVER_KEY set, workspace must send the
|
|
# SAME value as HERMES_API_TOKEN here, or requests will be rejected with 401.
|
|
#
|
|
# ~/.hermes/.env: API_SERVER_KEY=<your-secret>
|
|
# hermes-workspace/.env: HERMES_API_TOKEN=<same-secret>
|
|
#
|
|
# Leave unset for local loopback gateways that don't set API_SERVER_KEY.
|
|
# HERMES_API_TOKEN=your-gateway-secret
|
|
|
|
# Hermes Agent directory (auto-detected if sibling to workspace)
|
|
# Set this if hermes-agent is installed elsewhere
|
|
# HERMES_AGENT_PATH=/path/to/hermes-agent
|
|
|
|
# Server port (default: 3002)
|
|
# PORT=3002
|
|
|
|
# ══════════════════════════════════════════════════════════════
|
|
# Security
|
|
# ══════════════════════════════════════════════════════════════
|
|
|
|
# Bind address (default: 127.0.0.1)
|
|
#
|
|
# The workspace exposes terminals, file read/write, agent control, and job
|
|
# management. Off-loopback exposure is opt-in. Set HOST=0.0.0.0 only if you
|
|
# *also* set CLAUDE_PASSWORD below. Without a password, the server refuses
|
|
# to start on a non-loopback host.
|
|
# HOST=127.0.0.1
|
|
|
|
# Workspace session password (required for any remote deployment)
|
|
#
|
|
# Enables password protection of the web UI. Tokens are stored encrypted
|
|
# in ~/.hermes/workspace-sessions.json. Pick a strong secret (32+ chars).
|
|
# CLAUDE_PASSWORD=change-me-to-a-strong-secret
|
|
|
|
# Cookie Secure flag (default: on in production, off in dev)
|
|
#
|
|
# Set to 1 to force the Secure attribute on session cookies even when
|
|
# NODE_ENV is not production — useful when terminating TLS at a reverse
|
|
# proxy.
|
|
# COOKIE_SECURE=1
|
|
#
|
|
# Set to 0 when running a plain-HTTP LAN deployment (HOST=0.0.0.0 without
|
|
# HTTPS). NODE_ENV=production enables Secure cookies by default; browsers
|
|
# silently drop Secure cookies over http://, causing login to silently fail.
|
|
# COOKIE_SECURE=0
|
|
|
|
# Trust proxy-forwarded headers (default: off)
|
|
#
|
|
# When running behind a trusted reverse proxy (Traefik, Nginx, Cloudflare,
|
|
# Tailscale Serve) that sanitizes x-forwarded-for / x-real-ip, set to 1 so
|
|
# that local-request classification and rate-limiting use the real client IP
|
|
# instead of the proxy's. Leaving this off on a direct-exposure deployment
|
|
# is the safe default — otherwise clients can spoof their IP.
|
|
# TRUST_PROXY=1
|
|
|
|
# SSE stream activity timeouts (optional)
|
|
#
|
|
# How long the browser waits without any event before marking a run as stalled.
|
|
# The built-in 30s heartbeat resets these timers during normal operation, so
|
|
# these only fire when the gateway is genuinely unresponsive.
|
|
# Values are in milliseconds. Defaults: 120000 (accepted), 300000 (handoff).
|
|
# STREAM_ACCEPTED_TIMEOUT_MS=120000
|
|
# STREAM_HANDOFF_TIMEOUT_MS=300000
|
|
|
|
# Dashboard API bearer token (optional)
|
|
#
|
|
# Preferred over the legacy HTML-scrape token flow. Set this to a dashboard
|
|
# bearer and the workspace uses it directly for dashboard API calls (see #124).
|
|
# HERMES_DASHBOARD_TOKEN=
|
|
|
|
# Bypass fail-closed startup guard (NOT recommended)
|
|
#
|
|
# If you understand the risks and want to run the workspace on 0.0.0.0
|
|
# without a password (e.g. behind a custom auth layer), set this to 1.
|
|
# CLAUDE_ALLOW_INSECURE_REMOTE=0
|