
Hermes Event Hooks Operations Guide
Hermes provides three hook systems for different lifecycle jobs: gateway hooks, plugin hooks, and shell hooks. The right choice depends on where the behavior must run and whether it needs to observe, transform, or block an action.
Official documentation: https://hermes-agent.nousresearch.com/docs/user-guide/features/hooks
Choose the smallest hook surface
- Gateway hooks live under
~/.hermes/hooks/and react to messaging-gateway events such as startup, session changes, agent steps, and slash commands. - Plugin hooks are registered in code and can run in both CLI and gateway sessions. They fit reusable metrics, tool interception, and guardrails.
- Shell hooks are configured in
config.yamland call reviewed scripts for tasks such as context injection, formatting, validation, or blocking.
Use a hook only when an event must trigger behavior automatically. A normal skill or explicit command is easier to inspect when automation is not required.
Safe rollout checklist
- [ ] Name the exact lifecycle event and expected payload.
- [ ] Keep the handler narrow, fast, and idempotent.
- [ ] Store reviewed shell scripts in a dedicated auditable directory.
- [ ] Bound network timeouts and avoid putting long work on the event path.
- [ ] Redact message bodies, user identifiers, and tool results before external logging.
- [ ] Decide whether failure should block, warn, or continue.
- [ ] Test with synthetic payloads before relying on live events.
Consent and non-interactive runs
Shell-hook consent is keyed to the event and exact command string. Non-interactive gateway, cron, or CI runs cannot answer a first-use prompt, so operators must establish consent deliberately and verify it rather than assuming a new hook loaded. Script edits are not automatically re-approved because consent follows the command string, not a content hash.
Useful operator checks include hermes hooks list, hermes hooks test <event>, and hermes hooks doctor. The doctor checks details such as executability, consent state, JSON output, modification drift, and rough runtime.
Pitfalls
- Treating hook input as trusted because it came through an authenticated gateway.
- Writing full prompts, private messages, or credentials to a convenience log.
- Running expensive network or agent work synchronously inside a hot lifecycle event.
- Auto-accepting hooks broadly without reviewing the scripts they execute.
- Assuming a gateway hook also runs in the CLI.
- Using a hook to hide business logic that belongs in a visible runbook or skill.
Verification steps
- List hooks and confirm the intended event matcher and consent status.
- Fire a synthetic event with a clearly fake payload.
- Verify the parsed result and any expected side effect.
- Run
hermes hooks doctorafter script edits. - Restart the relevant runtime and confirm one event produces one result.
- Inspect logs for private data, duplicate execution, timeouts, and unexpected blocks.
