2026 Hermes Agent Mac Setup Checklist:
What to Prepare Before Your Weekend Install
Installing Hermes Agent on an M-series Mac for the first time in 2026, the painful surprises are rarely the install command itself—they are wrong runtimes, missing API keys, permission dialogs you skipped, or a gateway that dies when Terminal closes. “Installed successfully” and “runs reliably long-term” are not the same thing. This checklist follows the official docs from before your first curl through launchd persistence and a 24-hour watch list, so a weekend install becomes verifiable, recoverable, and sustainable. (Verified 2026-05-23.)
For a quick trial, follow the official Quickstart. If you want Hermes to stay useful on your Mac, work through the checklist below before you run the installer.
1Before you install: hardware, system, and backup
| Check | Recommendation | Verify |
|---|---|---|
| Chip / OS | Apple Silicon or Intel Mac; macOS with Xcode Command Line Tools | uname -m, sw_vers |
| RAM / disk | ≥16 GB RAM recommended; reserve ≥5 GB (including Skills cache) | Activity Monitor / df -h ~ |
| Network | Reach GitHub raw and your chosen LLM API endpoints | curl -I https://github.com |
| Account | Local admin (PATH, Full Disk Access, etc.) | System Settings → Users & Groups |
| Backup | Time Machine or export a ~/.hermes snapshot |
Run one restore drill |
2Prepare dependencies: Git is the only prerequisite
Per the Installation guide, the one-line installer automatically provisions uv, Python 3.11, Node.js v22, ripgrep, and ffmpeg—you do not need Homebrew Python or Node first. Confirm Git is ready:
- →Git:
git --versionshould print a version; install Xcode CLT before you start, not mid-install. - →Shell: default zsh; after install run
source ~/.zshrcto refresh PATH. - →Optional Nix: Nix users follow the Nix setup guide instead of the curl installer—pick one path.
3Prepare accounts and secrets
The installer will configure an LLM provider; having keys ready avoids half-finished runs:
- →At least one API key from OpenRouter, Anthropic, OpenAI, or another supported provider.
- →Store secrets in
~/.hermes/.envand runchmod 600 ~/.hermes/.env. - →Never commit keys to project Git; use
TELEGRAM_ALLOWED_USERSand similar allowlists—avoidGATEWAY_ALLOW_ALL_USERS=true.
approvals.mode: manual). Do not enable YOLO in production; prefer a docker terminal backend for isolation when possible.
4Create a safe workspace
Official per-user layout: code at ~/.hermes/hermes-agent/, data under ~/.hermes/ (config, logs, pairing, sandboxes).
- →Use a dedicated subdirectory as the agent workspace—do not grant the entire home folder.
- →Logs:
~/.hermes/logs/(Gateway writesgateway.log). - →Custom install path: set
HERMES_INSTALL_DIR=...before running the installer (see official docs).
5Install & first run
Install (minimum viable):
Then source ~/.zshrc → hermes or hermes setup → hermes model.
First-run verification:
- ✓
which hermes→~/.local/bin/hermes - ✓
hermes doctorshows no blockers (missing API key will suggesthermes model) - ✓Send a real prompt and confirm model replies and tool calls
- ✓If you enable file or terminal tools, grant Full Disk Access and related permissions in System Settings as needed
6Keep it running: launchd persistence
Running hermes in a Terminal window only lasts for that session; the messaging gateway needs a daemon:
- 1After CLI is stable:
hermes gateway setup(configure Telegram, Discord, Slack, etc. per the current support list) - 2
hermes gateway install→ plist at~/Library/LaunchAgents/ai.hermes.gateway.plist - 3
hermes gateway start→hermes gateway status - 4Logs:
tail -f ~/.hermes/logs/gateway.log - 5After installing new Homebrew or nvm tools, rerun
hermes gateway installto refresh PATH in the plist
7Recovery: what to check when install fails
| Symptom | Check first |
|---|---|
hermes: command not found |
Shell PATH → source ~/.zshrc |
| API calls fail | hermes model / hermes config check |
| Gateway will not start | hermes gateway status, logs, platform tokens and allowlists |
| Service gone after reboot | Did you only run foreground hermes gateway without gateway install? |
| WhatsApp missing node/ffmpeg | Rerun hermes gateway install to refresh plist PATH |
| Config broken after update | hermes config migrate, hermes update |
824-hour watch list
- ①Reboot the Mac →
hermes gateway statusstill shows running - ②Drop network for 5 minutes, restore, and see whether the gateway recovers or needs a manual start
- ③Spot-check
~/.hermes/logs/for error stacks - ④Review LLM billing so tool loops do not spike cost
- ⑤Trigger one risky command on purpose and confirm approval still works
9Mac mini is a better fit for 24/7 agents
Hermes gateways, BlueBubbles bridges, and local toolchains all assume a stable macOS host. Mac mini M4 pairs Apple Silicon unified memory with roughly 4 W idle draw—ideal as a quiet home or small-team agent node: native Unix, Homebrew, Docker, and launchd without WSL; Gatekeeper and FileVault shrink long-term exposure; crash rates stay lower than many Windows boxes at the same price, which matters for unattended gateways.
If you are turning this checklist into a “installed Saturday, online Monday” agent host, Mac mini M4 is a strong value starting point—get one now and run Hermes on hardware built for always-on work.
- ①Before install: hardware, network, backup
- ②Install: one-line script +
hermes doctor - ③First run: model, chat, permissions
- ④Keep running:
gateway install+ launchd - ⑤Recovery: PATH → API → gateway → logs