add support for Hermes

[peterj]

adds support for running Hermes agents

[chromatic-com]

Warning

Testing paused

Monthly snapshot limit reached. Update your plan to get more snapshots and resume testing.

[Copilot]

Pull request overview

This PR adds Hermes as a first-class AgentHarness backend across the UI, CRDs, and the Go OpenShell backend integration, including updated Slack/Telegram channel semantics and improved SSH terminal session handling via OpenShell’s ForwardTcp.

Changes:

• Extend AgentHarness backend support to include hermes (UI selection, icons/labels, CRD enum, server-side backend wiring).
• Add Hermes-specific bootstrap/policy logic (base image, network + filesystem policy, config/env bootstrap, gateway startup).
• Refactor OpenShell provider/messaging credential handling (gateway provider upsert helpers, messaging provider upserts, SSH terminal remote-command resolution + ForwardTcp tunnel).

Reviewed changes

Copilot reviewed 59 out of 69 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
ui/src/lib/openshellSandboxAgents.ts	Adds harnessBackend query param support for OpenShell terminal links.
ui/src/lib/openClawSandboxForm.ts	Adds backend-aware Slack/Hermes fields and CR draft building logic.
ui/src/lib/agentHarness.ts	Adds hermes to known backends and introduces default SSH launch command + icon.
ui/src/lib/tests/openClawSandboxForm.test.ts	Adds test ensuring Hermes Slack fields serialize correctly.
ui/src/components/AgentsProvider.tsx	Threads harness backend into OpenClaw form validation.
ui/src/components/AgentListView.tsx	Displays harness-specific icon and passes backend to terminal link builder.
ui/src/components/AgentCard.tsx	Displays harness-specific icon and passes backend to terminal link builder.
ui/src/components/agent-form/OpenClawSandboxFields.tsx	Renders Hermes-specific Slack fields and backend-specific hints/validation UI.
ui/src/app/openshell/OpenshellTerminalPage.tsx	Uses harnessBackend to choose default remote command; waits for server “ready”.
ui/src/app/agents/new-harness/page.tsx	Adds Hermes option and sets Hermes default sandbox image when selected.
ui/src/app/actions/agents.ts	Passes backend into sandbox CR draft builder.
helm/kagent-crds/templates/kagent.dev_agentharnesses.yaml	Updates CRD schema for hermes backend + Slack allowed users/home channel fields.
go/core/pkg/sandboxbackend/openshell/translate.go	Refactors provider sync to use new upsert helper.
go/core/pkg/sandboxbackend/openshell/translate_test.go	Adds Hermes policy/image tests and improves Slack WSS endpoint assertions.
go/core/pkg/sandboxbackend/openshell/ssh_terminal.go	Adds backend-aware SSH remote command resolver (plain shell vs CLI).
go/core/pkg/sandboxbackend/openshell/ssh_terminal_test.go	Unit tests for SSH remote command resolution behavior.
go/core/pkg/sandboxbackend/openshell/providers.go	Introduces reusable gateway provider upsert helpers.
go/core/pkg/sandboxbackend/openshell/policy.go	Adds Hermes policy branch and Hermes-specific allowedDomains binaries.
go/core/pkg/sandboxbackend/openshell/openshell.go	Simplifies backend struct by removing per-backend create callback field.
go/core/pkg/sandboxbackend/openshell/openshell_test.go	Enhances fake gateway provider behavior; tests messaging providers + image pinning.
go/core/pkg/sandboxbackend/openshell/openclaw/ssh_test.go	Adds test for OpenClaw default SSH launch command.
go/core/pkg/sandboxbackend/openshell/openclaw/resolve.go	Removes legacy resolve/env helpers (moved/refactored).
go/core/pkg/sandboxbackend/openshell/openclaw/policy.go	Updates Slack endpoints to explicit websocket protocol + credential rewrite flags.
go/core/pkg/sandboxbackend/openshell/openclaw/defaults.go	Centralizes OpenClaw defaults (API key env var, SSH launch cmd, placeholders).
go/core/pkg/sandboxbackend/openshell/openclaw/credentials.go	Removes legacy per-channel secret env var logic (replaced by channels package).
go/core/pkg/sandboxbackend/openshell/openclaw/constants.go	Moves NemoClaw base image constant into openclaw package.
go/core/pkg/sandboxbackend/openshell/openclaw/channels.go	Refactors channel resolution/bootstrap to use shared channels resolver.
go/core/pkg/sandboxbackend/openshell/openclaw/bootstrap_test.go	Updates tests to match new credential placeholder + env key behavior.
go/core/pkg/sandboxbackend/openshell/openclaw.go	Uses shared ensure helper; upserts messaging providers; attaches providers on create.
go/core/pkg/sandboxbackend/openshell/messaging_providers.go	Adds messaging provider upsert logic (gateway providers derived from channels).
go/core/pkg/sandboxbackend/openshell/hermes/ssh.go	Adds Hermes default SSH launch command.
go/core/pkg/sandboxbackend/openshell/hermes/ssh_test.go	Tests Hermes default SSH launch command.
go/core/pkg/sandboxbackend/openshell/hermes/policy.go	Adds Hermes baseline sandbox policy + channel policy fragments.
go/core/pkg/sandboxbackend/openshell/hermes/policy_test.go	Tests Hermes policy baseline and channel fragments.
go/core/pkg/sandboxbackend/openshell/hermes/messaging_providers_test.go	Tests Hermes messaging provider defs derived from resolved channels.
go/core/pkg/sandboxbackend/openshell/hermes/constants.go	Adds Hermes image/ports/config constants.
go/core/pkg/sandboxbackend/openshell/hermes/channels.go	Adds Hermes messaging state adapter over shared channel resolution.
go/core/pkg/sandboxbackend/openshell/hermes/bootstrap.go	Adds Hermes bootstrap artifact generation (config.yaml + .env).
go/core/pkg/sandboxbackend/openshell/hermes/bootstrap_test.go	Tests Hermes bootstrap artifacts and env file contents.
go/core/pkg/sandboxbackend/openshell/hermes.go	Implements Hermes backend ensure + on-ready bootstrap and gateway startup.
go/core/pkg/sandboxbackend/openshell/channels/resolve.go	Introduces shared channel credential resolution for OpenClaw/Hermes.
go/core/pkg/sandboxbackend/openshell/channels/providers.go	Adds provider naming + provider-def generation for messaging bridges.
go/core/pkg/sandboxbackend/openshell/channels/providers_test.go	Tests provider-def generation.
go/core/pkg/sandboxbackend/openshell/channels/placeholders.go	Adds standardized OpenShell resolve placeholders (incl. Slack token shapes).
go/core/pkg/sandboxbackend/openshell/channels/envkeys.go	Defines standard env var keys used for messaging credentials.
go/core/pkg/sandboxbackend/openshell/channels/credentials.go	Adds shared credential resolution + allowed-user parsing utilities.
go/core/pkg/sandboxbackend/openshell/agent_harness_ensure.go	Adds shared ensure flow (model sync + provider upsert + create request build).
go/core/pkg/app/app.go	Registers Hermes backend in the OpenShell harness backend map.
go/core/internal/httpserver/handlers/sandbox_ssh.go	Switches SSH tunnel to OpenShell ForwardTcp; adds backend-aware remote command selection.
go/core/internal/httpserver/handlers/sandbox_ssh_test.go	Removes HTTP CONNECT tunnel tests and legacy remote command resolver test.
go/core/internal/httpserver/handlers/sandbox_ssh_forward_test.go	Adds unit tests for ForwardTcp init framing and conn adapter read/write behavior.
go/core/internal/httpserver/handlers/agents.go	Treats any known backend as a harness agent in list/delete flows.
go/core/internal/httpserver/handlers/agents_test.go	Adds test for creating Hermes AgentHarness.
go/api/v1alpha2/zz_generated.deepcopy.go	Adds deepcopy support for new Slack fields.
go/api/v1alpha2/agentharness_types.go	Extends backend enum; adds Slack allowed users/home channel fields + helper predicate.
go/api/openshell/proto/sandbox.proto	Extends policy schema (websocket/graphql support, credential rewrite flags, provider env revision).
go/api/openshell/proto/openshell.proto	Adds ForwardTcp, sandbox provider attach/detach/list, services APIs, provider profile APIs, GPU device field, etc.
go/api/openshell/proto/datamodel.proto	Adds resource_version to ObjectMeta.
go/api/openshell/proto/compute_driver.proto	Adds GPU count/capability fields and GPU device selection.
go/api/openshell/gen/sandboxv1/sandbox.pb.go	Regenerates Go bindings for sandbox proto schema changes.
go/api/openshell/gen/openshelltestv1/test.pb.go	Regenerates test proto bindings.
go/api/openshell/gen/inferencev1/inference.pb.go	Regenerates inference proto bindings.
go/api/openshell/gen/inferencev1/inference_grpc.pb.go	Regenerates inference gRPC bindings.
go/api/openshell/gen/datamodelv1/datamodel.pb.go	Regenerates datamodel proto bindings.
go/api/openshell/gen/computev1/compute_driver.pb.go	Regenerates compute driver proto bindings (structpb + gpu fields).
go/api/openshell/gen/computev1/compute_driver_grpc.pb.go	Regenerates compute driver gRPC bindings.
go/api/config/crd/bases/kagent.dev_agentharnesses.yaml	Updates CRD base manifest for hermes backend + Slack new fields.

Files not reviewed (9)

• go/api/openshell/gen/computev1/compute_driver.pb.go: Language not supported
• go/api/openshell/gen/computev1/compute_driver_grpc.pb.go: Language not supported
• go/api/openshell/gen/datamodelv1/datamodel.pb.go: Language not supported
• go/api/openshell/gen/inferencev1/inference.pb.go: Language not supported
• go/api/openshell/gen/inferencev1/inference_grpc.pb.go: Language not supported
• go/api/openshell/gen/openshelltestv1/test.pb.go: Language not supported
• go/api/openshell/gen/openshellv1/openshell_grpc.pb.go: Language not supported
• go/api/openshell/gen/sandboxv1/sandbox.pb.go: Language not supported
• go/api/v1alpha2/zz_generated.deepcopy.go: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.