feat: multi-agent architecture with Hermes support

[ericksoa]

Summary

• Introduces an agents/ directory structure for agent-specific artifacts (Dockerfiles, startup scripts, network policies, plugins)
• Adds agent selection step to the onboard wizard (--agent hermes or interactive prompt)
• Includes a working Hermes Agent integration as the first non-OpenClaw agent

What this enables

NemoClaw can now orchestrate different AI agents inside OpenShell sandboxes. The onboard flow lets users choose which agent to run, and routes to the correct container image, network policy, and agent setup based on that choice.

Test plan

• nemoclaw onboard --agent hermes completes end-to-end
• nemoclaw onboard (no flag) shows agent selection prompt, defaults to OpenClaw
• Hermes health endpoint responds inside sandbox
• OpenClaw path is unaffected (regression)

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for Hermes Agent (Nous Research) as an alternative sandbox option alongside OpenClaw.
  • Introduced --agent <name> flag to nemoclaw onboard for selecting the desired agent during setup.
  • Agent selection is now persisted in user sessions and sandbox configurations.

• Updates

  • Onboarding flow expanded to 8 steps to accommodate agent selection.
  • Gateway health monitoring and recovery now adapt based on the selected agent.
  • Updated messaging in warnings and logs to be agent-agnostic.

• Tests

  • Added comprehensive end-to-end tests for Hermes Agent integration.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Multi-agent support has been introduced to NemoClaw, enabling Hermes Agent (Nous Research) integration alongside the default OpenClaw agent. This includes Docker build infrastructure, manifest/plugin system, runtime configuration generation, sandbox policies, agent discovery modules, and updated CLI/onboarding flows to handle agent selection and setup.

Changes

Cohort / File(s)	Summary
Hermes Docker Infrastructure agents/hermes/Dockerfile, agents/hermes/Dockerfile.base	Adds multi-stage Docker definitions: base image pins node:22-slim, installs Python 3.11, gosu, Hermes Agent via GitHub release, and configures system users/directories. Main Dockerfile hardens environment, patches Telegram integration, copies plugin/configs, and generates config.yaml/.env at build time with SHA256 integrity hash.
Hermes Agent Configuration & Startup agents/hermes/generate-config.ts, agents/hermes/start.sh, agents/hermes/decode-proxy.py	Generate-config.ts produces Hermes config.yaml and .env from environment variables (model, inference URL, messaging channels). Start.sh (408 lines) hardens execution, verifies config integrity, deploys runtime config, starts decode-proxy for URL rewriting, manages symlinks, and launches Hermes gateway as sandbox user or root. Decode-proxy.py is an asyncio HTTP proxy that URL-decodes requests and relays bidirectionally.
Hermes Agent Manifest & Plugin agents/hermes/manifest.yaml, agents/hermes/plugin/plugin.yaml, agents/hermes/plugin/__init__.py	Manifest declares Hermes agent contract (health probe on 8642, config/data directories, messaging platforms, inference routing, auth via API_SERVER_KEY, phone-home hosts, pip registry). Plugin files define nemoclaw plugin v0.1.0 with no-op registration entrypoint.
Hermes Sandbox Policy agents/hermes/policy-additions.yaml	Sandbox policy with Landlock + DAC: deny-by-default filesystem (read-write under /sandbox, /sandbox/.hermes-data writable, /sandbox/.hermes immutable), process constraints (sandbox user/group), and network policies for claude_code, nvidia, github, nous_research, pypi, telegram, discord with host/port/path/method allowlists.
Agent Discovery & Management Modules bin/lib/agent-defs.js, bin/lib/agent-onboard.js, bin/lib/agent-runtime.js	Agent-defs provides filesystem-backed manifest discovery (listAgents, loadAgent), computed properties for artifact paths, and agent name resolution with CLI/env/session priority. Agent-onboard encapsulates non-default agent setup: sandbox creation via Docker build context staging, policy loading, health probe verification, and dashboard output delegation. Agent-runtime centralizes agent-aware behavior: session-aware agent resolution, health probe URLs, recovery scripts, display naming, gateway commands with OpenClaw defaults.
OpenClaw Agent Manifest agents/openclaw/manifest.yaml	New manifest formalizing OpenClaw integration contract (npm-based, port 18789, device pairing auth, messaging platforms, inference gateway-managed, phone-home hosts, npm registry, legacy artifact paths).
Onboarding & CLI Updates src/lib/onboard.ts, src/nemoclaw.ts, src/lib/onboard-session.ts, src/lib/registry.ts	Onboard now resolves agents and delegates setup/dashboard to agent-specific handlers; createSandbox/printDashboard accept agent parameters; session/registry track agent field. Nemoclaw CLI adds --agent <name> flag, replaces hardcoded health probes/recovery with agent-aware variants, uses display names in output.
Dashboard & Utilities src/lib/dashboard.ts, src/lib/web-search.ts	Dashboard buildControlUiUrls accepts optional port parameter. Web-search warning text updated to refer to "sandbox agent config" and "sandboxed agent" instead of OpenClaw-specific phrasing.
Dependencies & Test Updates package.json, src/lib/web-search.test.ts, test/onboard.test.ts, test/credentials.test.ts, test/e2e/test-hermes-e2e.sh	Package.json adds js-yaml ^4.1.1 dependency and bumps @types/node. Test files updated for signature changes and environment stubs. New 546-line E2E test validates full Hermes end-to-end workflow (install, health, inference, config integrity, policy, logs).
CI/CD .github/workflows/nightly-e2e.yaml	Adds hermes-e2e job running test-hermes-e2e.sh with Hermes environment variables, updates notify-on-failure to depend on hermes-e2e result.

Sequence Diagram(s)

sequenceDiagram
    participant CLI as nemoclaw CLI
    participant AgentDefs as agent-defs
    participant AgentOnboard as agent-onboard
    participant Docker as Docker Engine
    participant ConfigGen as generate-config.ts
    participant Registry as Registry

    CLI->>AgentDefs: resolveAgentName(flag, env, session)
    AgentDefs->>Registry: read session.agent
    AgentDefs-->>CLI: resolved agent (hermes or openclaw)
    
    CLI->>AgentOnboard: resolveAgent({agentFlag, session})
    AgentOnboard->>AgentDefs: loadAgent(name)
    AgentOnboard-->>CLI: agent object or null

    alt agent is not null
        CLI->>AgentOnboard: createAgentSandbox(agent)
        AgentOnboard->>Docker: COPY Dockerfile into build context
        AgentOnboard->>Docker: docker build (buildCtx/Dockerfile)
        Docker->>ConfigGen: execute generate-config.ts at build time
        ConfigGen-->>Docker: config.yaml, .env, .config-hash
        Docker-->>AgentOnboard: built image
        AgentOnboard-->>CLI: sandbox created
    else agent is null (openclaw)
        CLI->>Docker: use standard stageOptimizedSandboxBuildContext
        Docker-->>CLI: sandbox created
    end

    CLI->>Registry: registerSandbox({agent: agent.name})
    Registry-->>CLI: sandbox registered

Loading

sequenceDiagram
    participant Container as Hermes Container
    participant StartSh as start.sh
    participant ConfigHash as config-hash verification
    participant SymlinkValidation as symlink validation
    participant DecodeProxy as decode-proxy.py
    participant Hermes as hermes gateway
    participant Socat as socat forwarder

    Container->>StartSh: exec /usr/local/bin/nemoclaw-start
    StartSh->>StartSh: set -euo pipefail, ulimit, capsh
    
    StartSh->>ConfigHash: verify SHA256(/sandbox/.hermes/.config-hash)
    ConfigHash-->>StartSh: ✓ hash matches or ✗ mismatch
    
    StartSh->>StartSh: deploy config.yaml/.env to writable /sandbox/.hermes-data
    StartSh->>SymlinkValidation: validate /sandbox/.hermes/\\* → /sandbox/.hermes-data/\\*
    SymlinkValidation-->>StartSh: ✓ or optionally apply chattr +i
    
    StartSh->>DecodeProxy: start background decode-proxy on 127.0.0.1:3129
    DecodeProxy-->>StartSh: listening, ready
    
    StartSh->>Hermes: exec hermes gateway run (bound to 127.0.0.1:18642)
    Hermes-->>StartSh: gateway running
    
    StartSh->>Socat: start socat TCP relay 0.0.0.0:8642 → 127.0.0.1:18642
    Socat-->>StartSh: relay active
    
    StartSh->>StartSh: print dashboard URLs, wait on gateway PID
    StartSh->>StartSh: trap SIGTERM/SIGINT → forward to gateway/socat/decode-proxy

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 Hermes hops into the warren,
Nested agents, no more sorrow!
Manifests unfold the way,
Multi-agent comes to stay! ✨
Docker hardens, configs align,
One sandbox, agents intertwine!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 63.77% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically describes the main change: introducing multi-agent architecture with Hermes support as the first non-OpenClaw agent.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/hermes-agent-support

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 10

🧹 Nitpick comments (4)

src/lib/onboard-session.ts (1)

503-538: Consider including agent in the debug summary.

The summarizeForDebug() function includes most session fields but omits the newly added agent field. This could make debugging agent-related issues harder.

♻️ Suggested addition

   return {
     version: session.version,
     sessionId: session.sessionId,
     status: session.status,
     resumable: session.resumable,
     mode: session.mode,
     startedAt: session.startedAt,
     updatedAt: session.updatedAt,
+    agent: session.agent,
     sandboxName: session.sandboxName,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/onboard-session.ts` around lines 503 - 538, The debug summary
produced by summarizeForDebug omits the session.agent field; update
summarizeForDebug to include an "agent" entry in the returned object (e.g.,
agent: session.agent) so agent info is present in logs and the steps mapping
remains unchanged; locate the summarizeForDebug function and add the agent
property to the top-level returned record alongside
version/sessionId/status/etc.

agents/hermes/generate-config.py (1)

64-67: Consider simplifying with dict.get().

The static analysis tool flagged that the key check before dictionary access can be simplified.

♻️ Suggested simplification

-            if ch in allowed_ids and allowed_ids[ch]:
-                p_cfg["allowed_users"] = ",".join(
-                    str(uid) for uid in allowed_ids[ch]
-                )
+            ch_ids = allowed_ids.get(ch)
+            if ch_ids:
+                p_cfg["allowed_users"] = ",".join(str(uid) for uid in ch_ids)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@agents/hermes/generate-config.py` around lines 64 - 67, The code currently
checks "if ch in allowed_ids and allowed_ids[ch]" before setting
p_cfg["allowed_users"]; simplify by using allowed_ids.get(ch) to retrieve the
value and check its truthiness in one step (e.g., value = allowed_ids.get(ch);
if value: set p_cfg["allowed_users"] = ",".join(str(uid) for uid in value)).
Update references to allowed_ids[ch] in this block to use the single get()
result to avoid double lookup and improve readability.

agents/hermes/plugin/__init__.py (1)

11-13: Prefix unused parameter with underscore.

Per coding guidelines, unused variables should be prefixed with an underscore.

♻️ Suggested fix

-def register(ctx):
+def register(_ctx):
     """No-op registration. Hermes requires this function to exist."""
     pass

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@agents/hermes/plugin/__init__.py` around lines 11 - 13, The register function
declares an unused parameter ctx which violates the unused-parameter guideline;
rename the parameter to _ctx (or prefix it with an underscore) in the
register(ctx) signature so the parameter remains present for the plugin API but
is marked as intentionally unused, e.g., change register(ctx) to register(_ctx)
and keep the existing docstring and pass body intact.

agents/hermes/Dockerfile.base (1)

96-100: Pin python-telegram-bot to the version you validated.

Everything else in this base image is locked down for reproducibility, but python-telegram-bot>=21.0 means rebuilds can silently pick up a different release than the one Hermes 0.8.0 and the Telegram patch layer were tested against.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@agents/hermes/Dockerfile.base` around lines 96 - 100, The Dockerfile
currently allows python-telegram-bot to float ("python-telegram-bot>=21.0");
update that package spec to the exact version you validated (replace
"python-telegram-bot>=21.0" with "python-telegram-bot==<VALIDATED_VERSION>") so
the base image remains reproducible; make the change in the RUN pip3 install
line that references HERMES_VERSION and runs hermes --version.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@agents/hermes/decode-proxy.py`:
- Around line 52-67: The finally block currently only closes the client writer
and leaks the upstream writer; change teardown in the function handling the
CONNECT relay to close both writers (up_writer and writer) and await
wait_closed() where supported (e.g., await up_writer.wait_closed() and await
writer.wait_closed()) after calling close(); ensure you guard for undefined/None
writers (check if 'up_writer'/'writer' exist and are not already closed) and
handle exceptions from wait_closed; apply the same fix to the analogous teardown
in the code around the other relay block (_relay/asyncio.gather usage at lines
~70-80).
- Around line 40-42: The code currently unquotes the entire request line
(decoded_line = unquote(first_line.decode(...)).encode(...)), which mutates
every percent-encoded octet; instead decode first_line to a str, split into
components (method, request_target, version) by spaces, then only
unquote/rewrite the request_target portion or only the specific placeholder
tokens (e.g. "openshell%3Aresolve" or other placeholder patterns) within
request_target using targeted unquote or re.sub on matches, reassemble as
"method + ' ' + request_target + ' ' + version" and encode back to bytes into
decoded_line; operate on the variables first_line and decoded_line and ensure
only the second token (request_target) or the matched placeholder tokens are
modified.

In `@agents/hermes/manifest.yaml`:
- Around line 44-58: The manifest's state_dirs list is missing the "pairing"
entry that the runtime creates; update the state_dirs block (the state_dirs YAML
array) to include "pairing" alongside memories, sessions, skills, plugins, cron,
logs, skins, plans, workspace, profiles, and cache so the manifest matches the
created symlinked directories and validation/management logic can see the
pairing directory.

In `@agents/hermes/start.sh`:
- Around line 329-330: The chmod line in the start.sh snippet ("[ -f .env ] &&
chmod 600 .env") operates on the wrong path and should be removed or corrected;
remove this dead code or replace it with checks that target the actual env files
(${HERMES_IMMUTABLE}/.env and ${HERMES_WRITABLE}/.env) and apply chmod 600 to
those paths (e.g., test each file with [ -f ] and chmod the correct variable
path) so the script no longer operates on the current working directory .env.

In `@bin/lib/agent-defs.js`:
- Around line 210-218: The env var (envAgent) and session.agent are not being
validated the same way as the CLI --agent (agentFlag), allowing typos like
"hermse" to silently fall back; update the selection logic to validate envAgent
and session.agent against the canonical list (use listAgents() or the same
validation routine used for agentFlag) before returning them, and if invalid
behave the same as the agentFlag path (e.g., log/throw an error or reject the
value) so only known agent names are accepted; reference envAgent,
session.agent, listAgents(), and agentFlag when making the change.

In `@bin/lib/onboard.js`:
- Around line 2067-2070: The code seeds CHAT_UI_URL using the legacy
CONTROL_UI_PORT constant causing a mismatch with the new getControlUiPort() and
the forward manager; update the sandbox creation to derive chatUiUrl from
getControlUiPort() (or its exported helper) instead of CONTROL_UI_PORT and make
the forward manager start/stop use the same getControlUiPort() value so
Hermes-advertised port (e.g., 8642) and the generated config/forwarding are
consistent; check the sandbox step (ONBOARD_STEP_INDEX.sandbox.number /
promptValidatedSandboxName() usage) and the related forward-start/stop block
referenced around the other region (lines ~3907-3926) and replace
CONTROL_UI_PORT with getControlUiPort() everywhere.
- Around line 3489-3496: isAgentReady currently gates resume for non-OpenClaw
agents by checking pod readiness via runCaptureOpenshell(["sandbox", "list"])
and isSandboxReady, which causes --resume to proceed before the Hermes gateway
actually binds; change isAgentReady so non-OpenClaw branches use the sandbox
manifest health probe instead of the pod-ready check: replace the
runCaptureOpenshell + isSandboxReady call with a call to a function that
evaluates the sandbox manifest health probe (e.g., isSandboxHealthyByManifest or
reuse an existing manifest-probe helper), making sure that function reads the
sandbox manifest health probe and returns true only when the probe indicates the
agent is ready; keep the OpenClaw path using isOpenclawReady and update
references to runCaptureOpenshell and isSandboxReady accordingly.

In `@bin/nemoclaw.js`:
- Around line 804-812: The CLI currently accepts any value after --agent and
forwards invalid names into runOnboard/onboarding causing a later exception;
update the parsing around agentIdx/agentFlag to validate agentFlag against the
allowed agent list before mutating args or calling runOnboard, printing a clear
error and the valid agents/usage and exiting when the value is not in the list;
apply the same validation to the duplicate block around lines where agent
parsing repeats (the 833-840 block) so both locations check agentFlag against
the canonical allowedAgents array (or function) and reject unknown names
immediately.
- Around line 90-97: The getSessionAgent helper currently reads the agent from
onboardSession.loadSession() (onboard-session.json) which is global; change it
to resolve the agent from the sandbox metadata for the given sandboxName instead
of the last onboard session. Update getSessionAgent to accept (or otherwise
obtain) sandboxName, look up the sandbox record (e.g., via the sandbox
store/registry used elsewhere), read the persisted agent field on that sandbox
record, and call loadAgent with that value (fall back to "openclaw" only if the
sandbox record or agent field is missing). Ensure any code that calls
getSessionAgent passes the appropriate sandboxName so status/connect/recovery
operate on the correct sandbox.

---

Nitpick comments:
In `@agents/hermes/Dockerfile.base`:
- Around line 96-100: The Dockerfile currently allows python-telegram-bot to
float ("python-telegram-bot>=21.0"); update that package spec to the exact
version you validated (replace "python-telegram-bot>=21.0" with
"python-telegram-bot==<VALIDATED_VERSION>") so the base image remains
reproducible; make the change in the RUN pip3 install line that references
HERMES_VERSION and runs hermes --version.

In `@agents/hermes/generate-config.py`:
- Around line 64-67: The code currently checks "if ch in allowed_ids and
allowed_ids[ch]" before setting p_cfg["allowed_users"]; simplify by using
allowed_ids.get(ch) to retrieve the value and check its truthiness in one step
(e.g., value = allowed_ids.get(ch); if value: set p_cfg["allowed_users"] =
",".join(str(uid) for uid in value)). Update references to allowed_ids[ch] in
this block to use the single get() result to avoid double lookup and improve
readability.

In `@agents/hermes/plugin/__init__.py`:
- Around line 11-13: The register function declares an unused parameter ctx
which violates the unused-parameter guideline; rename the parameter to _ctx (or
prefix it with an underscore) in the register(ctx) signature so the parameter
remains present for the plugin API but is marked as intentionally unused, e.g.,
change register(ctx) to register(_ctx) and keep the existing docstring and pass
body intact.

In `@src/lib/onboard-session.ts`:
- Around line 503-538: The debug summary produced by summarizeForDebug omits the
session.agent field; update summarizeForDebug to include an "agent" entry in the
returned object (e.g., agent: session.agent) so agent info is present in logs
and the steps mapping remains unchanged; locate the summarizeForDebug function
and add the agent property to the top-level returned record alongside
version/sessionId/status/etc.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cfc4717b-9f49-42eb-805c-6c58f590523a

📥 Commits

Reviewing files that changed from the base of the PR and between 8f6995c and 5684681.

📒 Files selected for processing (18)

• agents/hermes/Dockerfile
• agents/hermes/Dockerfile.base
• agents/hermes/decode-proxy.py
• agents/hermes/generate-config.py
• agents/hermes/manifest.yaml
• agents/hermes/plugin/__init__.py
• agents/hermes/plugin/plugin.yaml
• agents/hermes/policy-additions.yaml
• agents/hermes/start.sh
• agents/openclaw/manifest.yaml
• bin/lib/agent-defs.js
• bin/lib/onboard.js
• bin/nemoclaw.js
• src/lib/dashboard.ts
• src/lib/onboard-session.ts
• src/lib/web-search.test.ts
• src/lib/web-search.ts
• test/onboard.test.js