Backend Architecture

Deployment of Hermes Agent on Ubuntu 24.04 LTS and Abstraction of System Management via AI Gateway

This article details the deployment procedures for Hermes Agent in an Ubuntu 24.04 LTS environment and the process of building a natural language-based system management infrastructure via OpenAI Codex.

4 minutes read
日本語

Building Hermes Agent on Ubuntu 24.04 LTS: Automating System Management with AI Gateway

As infrastructure scales, manual CLI operations involve increased cognitive load and the risk of human error. Especially in complex security audits and environment setup, introducing an AI Gateway that converts natural language intent into precise shell commands or code execution is key to improving operational efficiency. This article details the implementation process for building Hermes Agent linked with OpenAI Codex on Ubuntu 24.04 LTS to automate system management in a secure sandbox environment.

1. System Environment Specifications

To ensure stable operation of Hermes Agent, the following runtimes and dependencies are defined. These are the minimum requirements to maintain system integrity.

  • OS: Ubuntu 24.04 LTS (Noble Numbat)
  • Python Runtime: Python 3.12
  • JavaScript Runtime: Node.js 22 LTS (NodeSource)
  • AI Integration: OpenAI Codex (OAuth Authentication)
  • Toolchain: pipx (Isolated management of CLI tools)

2. Provisioning Dependency Packages

First, synchronize system packages and install utilities such as ripgrep and ffmpeg used by Hermes Agent for internal processing. This provides the agent with context for file searching and media processing.

sudo apt update
sudo apt full-upgrade -y
sudo apt install -y curl git python3 python3-pip python3-venv pipx ripgrep ffmpeg

3. Building the Node.js 22 LTS Runtime

Hermes Agent requires the latest LTS features; therefore, Node.js 22 is introduced using NodeSource instead of the standard Ubuntu repositories. This ensures optimization of asynchronous processing and the application of security patches.

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs

4. Installation and Initialization of Hermes Agent

Use pipx to maintain binary independence without polluting the global Python environment. Execution in an isolated environment is a best practice to avoid dependency conflicts.

# Deploy binary
pipx install hermes-agent

# Automatically configure and apply path settings
pipx ensurepath
source ~/.bashrc

# Verify installation
hermes --version

Next, perform AI model integration and backend configuration. This process establishes a secure communication channel with OpenAI Codex.

# Run the initial setup wizard
hermes postinstall

# Select model (Select OpenAI Codex and complete OAuth authentication)
hermes model

5. Defining Workspace and Execution Context

Set the boundary conditions for when Hermes Agent executes commands. This configuration adopts the Local backend, allowing direct access to the host OS, to ensure operational flexibility.

  • Terminal Backend: Local (Allows direct execution on the host)
  • Working Directory: For security reasons, it is recommended to create a dedicated sandbox directory (e.g., ~/hermes-workspace).
mkdir -p ~/hermes-workspace

6. Troubleshooting

The following troubleshooting steps address common friction points encountered during deployment to reduce debugging time during environment setup.

  • PATH not reflected: 🛠️ If the hermes command is not recognized after pipx install, check if ~/.local/bin is included in $PATH. The shell must be restarted after running pipx ensurepath.
  • Node.js version mismatch: ⚠️ If previous versions remain, Hermes internal modules may not function correctly. Verify that the version is 22.x using node -v.
  • OAuth authentication failure: 💡 If browser-based authentication times out in headless environments, use port forwarding to complete authentication via a browser on a local PC.

7. Operational Verification

After deployment is complete, verify that the agent can correctly access system resources. Verification of runtime responsiveness is performed by executing the validation command.

$ hermes --version
hermes-agent v1.x.x (Ubuntu 24.04 optimized)

$ hermes run "Check the current SSH configuration for security vulnerabilities"
[Hermes] Analyzing /etc/ssh/sshd_config...
[Hermes] Found: PermitRootLogin is set to yes. Recommendation: Change to no.
[Hermes] Found: PasswordAuthentication is enabled. Recommendation: Use SSH keys.

$ ls -ld ~/hermes-workspace
drwxr-xr-x 2 user user 4096 Jun 25 2026 /home/user/hermes-workspace

Operational Notes

By introducing Hermes Agent to Ubuntu 24.04 LTS, abstracted system operations via natural language become possible. However, when using the Local backend, the agent has the same privileges as the executing user. Therefore, combining access restrictions outside the specified workspace with regular auditing of execution logs is a mandatory requirement for safe operation in production environments.

© 2026 K-Life Hack | Systems Architecture & DevOps
Built with Hugo
Theme Stack designed by Jimmy
Privacy Policy Disclaimer Contact