Hermes Web Dashboard: The AI Control Center Has Arrived
The era of managing AI agents solely through terminal commands and YAML files is coming to an end. With the release of its Web Dashboard, Hermes — the self-improving AI agent from Nous Research — has crossed a threshold that separates experimental tools from production infrastructure. Run hermes dashboard, and the browser opens to a live operations console at http://127.0.0.1:9119. From there, every session, every cron job, every API key, every skill, every log line, and every configuration field is accessible — without touching a single config file.
This is not a cosmetic feature. It is a signal of where AI agent infrastructure is headed: from developer-only CLIs to operator-ready control centers.
From CLI to Control Center: What Has Changed
Hermes started as a terminal-first agent: a self-improving loop that creates skills from experience, searches its own conversation history via FTS5, and executes cron-scheduled automations via Telegram, Discord, Slack, and WhatsApp from a single gateway process.
This architecture already distinguished it from one-shot coding assistants. But the gap between a powerful CLI agent and a production-ready system is always the same: Observability and Operator Access. If something goes wrong at 2 a.m., you don't want to SSH into a server and sift through grep log files. You want a status page.
The Hermes Web Dashboard closes this gap. Built on FastAPI (backend) and a Vite/React/TypeScript/Tailwind frontend, it runs entirely on localhost — not a byte leaves the machine unless you explicitly bind to 0.0.0.0 with the --insecure flag. The default stance is: operator visibility, zero network exposure.
What is available on port 9119:
- Status Page — Live overview of agent version, gateway status (running/stopped, PID), connected platform states, session count (active in the last 5 minutes), and the 20 latest sessions with model, message count, token consumption, and conversation previews. Auto-refresh every 5 seconds.
- Chat Tab — the complete Hermes TUI (same interface as
hermes --tui) directly in the browser via xterm.js with WebGL rendering. Slash commands, tool-call cards, approval prompts — everything works identically because the dashboard runs the real TUI binary and streams ANSI output via a WebSocket. - Configuration Editor — a form-based interface for all 150+ configuration fields. Model, Terminal Backend (local/Docker/SSH/Modal/Daytona), Approval Modes (ask/yolo/deny), Memory Provider, Delegation Limits — organized in tabs with dropdowns for known values.
- API Keys Manager — manage the
.envfile in the browser. Keys are grouped by category (LLM providers, Tool APIs, Messaging Platform Tokens, Agent Settings) with obscured previews, provider login links, and a delete action per key. - Sessions Browser — searchable (FTS5, full-text across all message content), expandable session history with role-color-coded messages, collapsible tool-call blocks, and a resume button that opens the session with
--resumein the Chat Tab. - Log Viewer — filtering by file (Agent, Error, Gateway), Level (DEBUG/INFO/WARNING/ERROR), and Component (Gateway, Agent, Tools, CLI, Cron). Live tail every 5 seconds.
This is what a production-ready AI control center looks like — not a chat widget, but an operations dashboard.
Why CLIs Reach Their Limits with Long-Running Agents
Single-session coding assistants like Claude Code and Codex are optimized for one context: a developer at the terminal solving a specific problem. Hermes is built for a different use case: an agent that runs unattended, performs scheduled work, manages cross-platform conversations, and improves itself between sessions.
This design enforces different requirements:
Cron Visibility. If a scheduled task fails at midnight, you need to know. The Cron page of the dashboard lists every scheduled job, its last runtime, output, and next trigger — without opening a Cron file.
Credential Governance. A long-running agent collects API keys: model providers, tool integrations, messaging tokens. The API Keys page displays them all in one place with masked previews and delete actions per key.
Session Archeology. An agent that communicates via Telegram, Discord, and CLI generates session history that is practically unsearchable in a flat file. The Sessions browser makes this history queryable and resumable.
Approval-Mode Management. The Configuration page contains Approval-Mode settings (ask, yolo, deny) that determine whether the agent executes dangerous commands autonomously or requests human confirmation. This is a governance decision, not a developer preference — and it belongs in a UI that non-developers can review.
The dashboard doesn't inherently make Hermes more secure or performant. It makes the agent's behavior visible and controllable — which is a prerequisite for trusting long-running automation.
The Three Patterns for Agentic Operations
Hermes isn't the only project thinking about this layer. By 2026, three distinct patterns for managing AI agents have emerged:
1. Hosted Control Planes (Claude Code, Codex) Anthropic and OpenAI offer managed interfaces — the Claude Code desktop application, the Codex workspace UI — that completely abstract away the infrastructure. Sessions are managed server-side, billing is consumption-based, and you interact via the provider's UI or API. The trade-off: zero operational overhead, but opaque governance and vendor lock-in.
2. Spec-Driven Orchestration (OpenAI Symphony) OpenAI's Apache-licensed Symphony specification transforms issue trackers into long-running Codex work queues. It defines the orchestration layer — State Machines, Approval Gates, isolated Workspaces, Token Accounting — but leaves the control plane to the implementer. The spec is powerful; the operational interface is your own problem.
3. Self-Hosted Agent Dashboards (Hermes) Hermes gives you the agent runtime and the operational interface in a single installation. You own the infrastructure, the logs, the credentials, and the session history. The dashboard runs on localhost by default. You decide what runs, when, and with what permissions.
None of these options is universally correct. But for teams processing sensitive data, operating in regulated environments, or running high-frequency background automations, self-hosted control isn't an option — it's a compliance requirement.
At Context Studios, we're building on self-hosted agentic infrastructure for precisely this reason: If agent actions touch production systems or customer data, you need a complete audit trail that you own.
Enterprise Checklist: Before the Dashboard Controls Agents
A web dashboard for your own agent is a new attack surface. Before Hermes is used in a multi-user or production context, these controls should be validated:
| Control | Hermes Implementation | Your Action |
|---|---|---|
| Network Exposure | Localhost only by default (127.0.0.1:9119) | Ensure that --host is never set to 0.0.0.0 in production |
| Path Traversal Protection | Path traversal guard in the backend | Verify with API extensions |
| Credential Storage | .env file on disk, no in-memory secrets manager | Rotate API keys when personnel changes |
| Approval Mode | ask/yolo/deny per command | Set deny for dangerous commands in team environments |
| Session Export | Available in the UI | Define retention and deletion policy |
| Audit Logs | Gateway + Agent + Error log files, filterable | Forward to centralized log management (e.g. Datadog, Loki) |
| TUI Access Control | Dashboard session token; no multi-user auth yet | Do not expose to untrusted networks |
The critical gap in the current release: The dashboard has no multi-user authentication. It is authenticated by a single session token, which is adequate for a single operator on localhost. Teams sharing a server must add a reverse proxy with auth (nginx + htpasswd, Tailscale, or a VPN) before multi-user use.
FAQ
What is the Hermes Web Dashboard?
The Hermes Web Dashboard is a browser-based control center for the Hermes AI Agent, started with hermes dashboard. It runs on localhost (port 9119 by default) and provides a UI for monitoring sessions, managing API keys, editing configurations, viewing logs, managing scheduled tasks, and running the Hermes TUI in the browser — without terminals or config files.
Is the Hermes Dashboard secure by default?
Yes, with limitations. By default, it binds to 127.0.0.1, so it is only accessible from the local machine. The --insecure flag allows binding to 0.0.0.0, which exposes it on the network and should never be used without a firewall and reverse proxy with authentication. The current release does not have a multi-user auth system, so shared server deployments require additional access controls.
Does the Dashboard need to be installed separately?
Yes. The Web Dashboard is an optional extra — pip install 'hermes-agent[web,pty]' — not included in the standard install. The web extra adds FastAPI and Uvicorn. The pty extra adds pseudo-terminal support for the in-browser chat tab. pip install 'hermes-agent[all]' covers both, along with messaging and voice dependencies.
Can the Dashboard manage Cron schedules?
Yes. The Hermes Dashboard includes a Cron page for viewing scheduled tasks, their last run output, scheduling, and next trigger. Cron jobs can be created and managed through the Dashboard interface, and the integrated Hermes scheduler supports delivering results to any connected messaging platform (Telegram, Discord, Slack, WhatsApp, Signal).
What is an AI "Control Plane"?
An AI agent control plane is the operational layer that sits above the agent's core reasoning loop — it manages scheduling, observability, credential management, session history, approval workflows, and configuration governance. Without a control plane, operators must manage agents via terminal commands and log files, which does not scale for teams or production environments. The Hermes Dashboard is an example of an emerging control plane pattern for self-hosted agents.