6717914e0a
* Port from google-gemini/gemini-cli#21541: back up corrupted config.yaml When config.yaml fails to parse, load_config() silently falls back to DEFAULT_CONFIG and leaves the broken file on disk. If the user then re-runs the setup wizard or hermes config set (both rewrite config.yaml), their broken-but-recoverable overrides are lost for good. Adapts the policy-file recovery from gemini-cli#21541: on the first parse warning for a given broken file, snapshot it to config.yaml.corrupt.<ts>.bak (best-effort, symlink-guarded, size-deduped) and tell the user where it landed. Unlike Gemini's version we deliberately do NOT reset config.yaml to a clean state — hermes never silently mutates user config, and leaving it means a hand-fixed file is re-read on the next load. Tests: 3 new cases (backup created + content preserved + original untouched; same-size backup dedup; symlink not copied). E2E verified with isolated HERMES_HOME and a real tab-indented broken config. * fix(dashboard): explain WHY a chat WS connection was refused The embedded-chat PTY WebSocket (/api/pty) collapsed every rejection into a bare close code: 4401 for any auth failure, 4403 for three unrelated failures (host mismatch, origin mismatch, peer-IP). Neither the server log nor the browser said which gate fired or why, so a "chat won't connect" report was undiagnosable without a repro. Server (web_server.py): - _ws_auth_reason / _ws_host_origin_reason / _ws_client_reason return a short machine-parseable reason; old bool wrappers kept for callers/tests. - pty_ws splits the overloaded 4403 into 4401 (auth), 4403 (host/origin), 4408 (peer not allowed), 4404 (chat disabled), and sends the reason on the close frame (clamped to the 123-byte RFC6455 limit). - Each path logs one line: 'pty auth rejected reason=.. mode=.. cred=.. peer=..' / 'pty refused: <reason> ..'. Accepted path logs 'pty accepted peer=.. mode=.. cred=..' so an audit shows HOW a peer authed, not just that it did. tui_gateway/ws.py: - 'ws send/write failed' now logs error_type=<ExcName> so an exception whose str() is empty (closed-transport sends) no longer logs 'error='. web/src/pages/ChatPage.tsx: - console.warn the real close code + server reason on every close. - Map 4404/4408 to specific banners; 4401/4403 banners echo the server reason; [session ended] prints the close code. E2E verified all five reject paths + accepted path produce matching close code, wire reason, and server log line.
Hermes Agent — Web UI
Browser-based dashboard for managing Hermes Agent configuration, API keys, and monitoring active sessions.
Stack
- Vite + React 19 + TypeScript
- Tailwind CSS v4 with custom dark theme
- shadcn/ui-style components (hand-rolled, no CLI dependency)
Development
# Start the backend API server
cd ../
python -m hermes_cli.main web --no-open
# In another terminal, start the Vite dev server (with HMR + API proxy)
cd web/
npm install
npm run dev
Open the Vite URL printed in the terminal (usually http://localhost:5173). That is the live-reload UI.
hermes dashboard on port 9119 serves the built bundle from hermes_cli/web_dist/, not the Vite dev server — changes in web/src/ will not appear there until you run npm run build and restart the dashboard (or use web --no-open + Vite as above).
The Vite dev server proxies /api requests to http://127.0.0.1:9119 (the FastAPI backend).
Build
npm run build
This outputs to ../hermes_cli/web_dist/, which the FastAPI server serves as a static SPA. The built assets are included in the Python package via pyproject.toml package-data.
Structure
src/
├── components/ui/ # Reusable UI primitives (Card, Badge, Button, Input, etc.)
├── lib/
│ ├── api.ts # API client — typed fetch wrappers for all backend endpoints
│ └── utils.ts # cn() helper for Tailwind class merging
├── pages/
│ ├── StatusPage # Agent status, active/recent sessions
│ ├── ConfigPage # Dynamic config editor (reads schema from backend)
│ └── EnvPage # API key management with save/clear
├── App.tsx # Main layout and navigation
├── main.tsx # React entry point
└── index.css # Tailwind imports and theme variables
Typography & contrast rules
Read before adding or editing UI styles. These rules keep the dashboard legible across all built-in themes and stop drift back into the patterns the design system was just refactored out of.
Text size floor
- Minimum body size:
text-xs(12px / 0.75rem). Do not use arbitrarytext-[0.6rem],text-[0.65rem],text-[9px],text-[10px], ortext-[11px]on copy, hints, labels, counts, or badges. Use the standard scale:text-xs,text-sm,text-base. - Smaller sizes are only acceptable on decorative overlays (chart stripes, empty-state icons) — never on text the user is meant to read.
Opacity floor on text
- Never apply opacity below 0.7 to text. No
opacity-30,opacity-50,opacity-60on<span>s,<p>s, labels, etc. - Do not stack opacity tokens. Patterns like
text-muted-foreground/60,text-midground/70,text-foreground/50create unpredictable WCAG failures because the parent token already has alpha. - Use the semantic text tokens from
@nous-research/ui'sglobals.css:text-text-primary— default body text.text-text-secondary— subtitles, meta, inactive nav.text-text-tertiary— small chrome labels, counts, footnotes.text-text-disabled— disabled states.text-text-on-accent— text on filled accent surfaces.
Brand uppercase via text-display, not raw uppercase
- The dashboard preserves the Nous brand uppercase aesthetic, but it is opt-in per element, not global.
- Apply uppercase via the DS utility
text-displayon brand chrome only — page titles, nav section headings, badges, brand wordmark. DS components (Button,Badge,Tabs,Segmented, etc.) already self-applytext-display. - Do not introduce new
uppercase(the literal Tailwind class) inhermes-agent/web/src. Prefertext-displayfor new brand chrome. Legacyuppercasecall sites (e.g.components/ui/label.tsx,card.tsx) remain until migrated. - The app shell no longer forces uppercase globally, so blanket
normal-caseopt-outs are unnecessary. Usenormal-caseonly where a DS component appliestext-displaybut the label should stay sentence case — e.g. dynamic user content (model slugs, theme names) or fixed UI copy that is not brand chrome (EnvPage “not configured” toggle, sidebar “New chat”).
Fonts
Typography is opt-in per surface, not global on layout shells — the app shell and page header keep their original theme/expanded fonts; Mondwest applies only where explicitly set.
| Tier | Classes | Use for |
|---|---|---|
| Brand chrome | font-mondwest text-display (or themedChrome) |
Sidebar nav, card section headers (CardTitle), Segmented filter buttons, filter panel headings |
| Themed body | font-mondwest normal-case (or themedBody) |
Card content (Card, CardDescription), session/platform rows, analytics tables — scoped to the component |
| Page chrome | font-expanded |
Page header h1 (PageHeaderProvider) — sentence case, not text-display |
| Wordmark | Typography + size/tracking only |
Sidebar/mobile “Hermes Agent” — mixed case, no Mondwest, no text-display |
| Technical | font-mono-ui / font-mono / font-courier |
Model slugs, env keys, schedules, YAML, repo URLs |
- Do not put
themedBodyorthemedFonton<main>,App, or other layout wrappers — it overrides component-scoped styles. CardappliesthemedBody;CardTitleusestext-display(uppercase chrome);CardDescriptionusesthemedBody.NouiTypographydefaults tofont-sansunless a font prop is passed.- Do not use raw
font-sansorfont-display(theme sans variable) on new dashboard UI — prefer Mondwest tiers above where brand-appropriate.
Color tokens
- Prefer semantic tokens (
text-text-*,bg-card,border-border,text-foreground,text-destructive,text-success,text-warning) over raw layer references (text-midground,text-foreground). text-muted-foregroundis now wired to--color-text-secondary, so existing call sites stay correct, but new code should prefer the semantic name.- When you genuinely need a non-token color (icon de-emphasis on a chart, terminal foreground via inline style), keep alpha at
≥ 0.7for any text.