Skip to main content

Run the Hermes AI Agent on Acurast

This example runs Hermes — an open-source autonomous AI agent by Nous Research — on an Acurast processor, exposed over the Acurast Tunnel two ways at once:

  • primary connection → the Hermes WebUI (HTTP on 8787). Open the tunnel URL in a browser for the full chat / sessions / scheduled-jobs UI.
  • secondary connection → SSH (Dropbear on 2222) for the hermes CLI or debugging.

1. Get the repo and open the example

git clone https://github.com/Acurast/acurast-example-apps.git
cd acurast-example-apps/apps/app-cargo-hermes

Hermes — an autonomous AI agent by Nous Research

2. What's in the app/ folder

FilePurpose
start.shEntrypoint. Phase 1: installs Dropbear + git, builds the getifaddrs shim, starts SSH and the tunnel. Phase 2: runs the official Hermes installer, pins it to OpenRouter, starts the WebUI on loopback 8787 and the Hermes gateway (the cron scheduler). SSH comes up first so a slow Phase 2 is still debuggable.
tunnel.pyOpens the reverse tunnel — primary → WebUI (8787), secondary → SSH (2222).
getifaddrs_override.cPRoot shim.
callback.shPOSTs log / started / error (and webui_password) events to your CALLBACK_URL.

3. (Optional) Use your own domain

By default the tunnel serves on https://<clientId>.acu.run, with a Let's Encrypt certificate provisioned automatically — nothing to set up. To use your own domain suffix instead, do the one-time DNS setup (a wildcard record and an _acu TXT record) from the Tunnel Quick Start (step 2) and set DOMAIN_SUFFIX_MAINNET/_CANARY below.

4. Configure .env

cp .env.example .env
VariableRequiredWhat to set
ACURAST_MNEMONICDeployer seed phrase. Never commit it.
OPENROUTER_API_KEYYour OpenRouter API key — Hermes is pinned to provider=openrouter.
NETWORKcanary or mainnet. Must match acurast.json.
DOMAIN_SUFFIX_MAINNET / _CANARYoptionalOnly for a custom domain. Leave unset to serve on acu.run. If set, use the one matching NETWORK and add it to includeEnvironmentVariables.
HERMES_MODELoptionalOpenRouter model id (default openai/gpt-4o-mini).
HERMES_WEBUI_PASSWORDoptionalProtects the public WebUI. If unset, start.sh generates a strong one and reports it as the webui_password event — the URL is never left open.
SSH_PASSWORDoptionalRoot SSH password. Defaults to password — set a strong value.
CALLBACK_URLoptionalLifecycle-event webhook. Use webhook.watch.

Getting a CALLBACK_URL from webhook.watch

Open webhook.watch, grab the unique inspector URL, and paste it into CALLBACK_URL. The started event delivers the WebUI URL and SSH command — and, if you didn't set one, the auto-generated HERMES_WEBUI_PASSWORD arrives as a webui_password event.

Editing the .env: OPENROUTER_API_KEY, HERMES_MODEL, HERMES_WEBUI_PASSWORD, SSH_PASSWORD

5. A glance at acurast.json

  • runtime: "Shell" on a proot-distro Ubuntu image.
  • execution: onetime, maxExecutionTimeInMs: 14400000 (a 4-hour window — the installer downloads a fair amount, so give it time).
  • minProcessorVersions.android: "1.26.0" (tunnel support).
  • includeEnvironmentVariables: CALLBACK_URL, NETWORK, SSH_PASSWORD, OPENROUTER_API_KEY, HERMES_MODEL, HERMES_WEBUI_PASSWORD.

6. Deploy

npm i
npm run deploy # runs `acurast deploy`

The CLI shows the reward market and a suggested price — accept it and confirm.

`acurast deploy` — accept the suggested fee

Then watch webhook.watch. After the (fairly long) install, the started event arrives with the WebUI URL and the SSH connect command.

The started event in webhook.watch — Hermes tunnel is up


Part 2 — Talking to the agent

Open the WebUI

Open the url from the started event and authenticate with your HERMES_WEBUI_PASSWORD (or the auto-generated one from the webui_password event). You land in the Hermes chat.

The Hermes WebUI chat, running on the processor

Give it a recurring task

Hermes isn't just a chat box — the gateway runs a cron scheduler, so you can ask it to do things on a schedule. In the demo it's asked to "every day at 8AM, go to Hacker News and summarize the top posts", and it confirms it created a recurring job — which now shows up in the sidebar.

Hermes confirms the recurring Hacker News job it scheduled

You can open the job to see its cron schedule, prompt, and run history — an autonomous agent ticking away on a phone.

The &quot;Daily Hacker News Summary&quot; scheduled job detail

SSH for the CLI

Need the hermes CLI? Run the connect command from the started event and authenticate with SSH_PASSWORD:

ssh -o ProxyCommand='openssl s_client -quiet \
-servername <secondaryClientId>.acu.run \
-connect <secondaryClientId>.acu.run:443' \
root@<secondaryClientId>

The session is ephemeral — memory and skills are lost when the deployment ends.