fix(hermes): apply saved plugin config at runtime

[msnandhis]

Summary

• load Hermes saved agentmemory.json config when the provider initializes
• apply the saved URL and secret to runtime API calls when env vars are absent
• keep env/dotenv values as higher-priority overrides
• cover malformed saved config fallback behavior

Fixes #658.

Validation

• python3 -m py_compile integrations/hermes/__init__.py
• npm test -- test/integration-plaintext-http.test.ts test/hermes-plugin.test.ts
• npm run build
• npm test
• git diff --check

Summary by CodeRabbit

• New Features

  • Configuration can be loaded from saved config files (with environment overrides) and a Hermes-home location.

• Improvements

  • Authentication (secret) is now applied consistently across all API operations.
  • Graceful fallback to defaults when saved configurations are missing or malformed.
  • HTTPS enforcement checks enhanced for remote requests.

• Tests

  • Expanded integration tests covering config loading, overrides, HTTPS enforcement, and fallback behavior.

[vercel]

@msnandhis is attempting to deploy a commit to the rohitg00's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 414e3581-ce21-4ef7-b598-b49ea98c443b

📥 Commits

Reviewing files that changed from the base of the PR and between 536e11b and e14e20c.

📒 Files selected for processing (2)

• integrations/hermes/__init__.py
• test/integration-plaintext-http.test.ts

---

📝 Walkthrough

Walkthrough

The Hermes integration resolves AgentMemory base URL and auth secret from preloaded dotenv/env or a saved ~/.hermes/agentmemory.json, stores the resolved secret on the provider instance, and forwards that secret into all synchronous and background API calls; tests validate resolution, override, HTTPS guard, and malformed-config fallback.

Changes

Hermes saved config resolution and secret propagation

Layer / File(s)	Summary
Config resolution and import-time setup integrations/hermes/__init__.py	Import-time flag records whether AGENTMEMORY_URL was present (including dotenv). New helpers locate agentmemory.json, parse saved url/secret, and compute the effective base URL and secret by merging saved config, env/dotenv, and defaults.
Background API helper extension integrations/hermes/__init__.py	Background _api_bg now accepts a secret argument and forwards it into _api via thread kwargs so background tasks include Authorization when configured.
Provider initialization with resolved config integrations/hermes/__init__.py	is_available() validates using the resolved base URL. initialize() resolves and stores _base and _secret, applies the plaintext/HTTPS guard with the resolved secret, and starts the session using _api(..., secret=self._secret).
Config persistence, context, and prefetch wiring integrations/hermes/__init__.py	save_config() persists agentmemory.json under the provided Hermes home and records self._hermes_home. system_prompt_block() and prefetch/queue_prefetch call agentmemory endpoints with secret=self._secret.
Memory tool handlers propagate secret integrations/hermes/__init__.py	Tool paths for memory_recall, memory_save, and memory_search now pass secret into their _api calls.
Session events and memory-write observation integrations/hermes/__init__.py	sync_turn() sends observe events via background _api_bg with secret. on_session_end(), on_pre_compress(), and on_memory_write() call their endpoints with the resolved secret.
Integration test coverage test/integration-plaintext-http.test.ts	Tests added to validate HTTPS guard behavior, loading a saved Hermes config when env vars are absent, env var override of saved config for init and API calls, is_available() using provided Hermes home, and fallback behavior when agentmemory.json is malformed.

Sequence Diagram(s)

sequenceDiagram
  participant Client as Hermes Client
  participant Provider as AgentMemoryProvider
  participant EnvVars as Environment / preloaded dotenv
  participant ConfigFile as ~/.hermes/agentmemory.json
  participant API as _api/_api_bg
  participant Server as AgentMemory Server

  Client->>Provider: initialize()
  Provider->>EnvVars: check AGENTMEMORY_URL/SECRET
  alt env vars/dotenv present
    EnvVars-->>Provider: env/dotenv values
  else env vars absent
    Provider->>ConfigFile: read agentmemory.json
    ConfigFile-->>Provider: saved url + secret (if valid)
  end
  Provider->>Provider: store resolved _base and self._secret
  Provider->>Provider: apply HTTPS/plaintext guard using self._secret
  Provider->>API: _api(endpoint, secret=self._secret)
  API->>Server: HTTP request with Authorization header (if secret present)
  Server-->>API: response
  API-->>Provider: return result

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• rohitg00/agentmemory#643: Also modifies import-time dotenv/AGENTMEMORY_URL initialization in integrations/hermes/__init__.py.
• rohitg00/agentmemory#315: Related changes around plaintext-bearer/HTTPS guard behavior and runtime validation connected to secret propagation.

Poem

🐇 I dug a little hole for a secret that's true,
Saved it in ~/.hermes so runtime can view.
Now every API call hums with a tiny key,
No more lost configs — the server agrees with me! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(hermes): apply saved plugin config at runtime' directly and clearly summarizes the main change—making saved Hermes config apply at runtime.
Linked Issues check	✅ Passed	The PR comprehensively addresses all coding requirements from issue #658: loads saved agentmemory.json config, applies URL/secret at runtime, preserves env/dotenv overrides, and implements fallback for malformed config.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to resolving issue #658: modifying Hermes plugin initialization to load/apply saved config, and adding integration tests to validate the behavior.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@integrations/hermes/__init__.py`:
- Around line 228-231: is_available() currently calls _resolve_base_url() which
reads the process HOME and ignores the provider's saved hermes home; update
is_available() to honor the provider's saved value (self._hermes_home) by
passing it into the resolver or by resolving the base URL using
self._hermes_home before calling _validate_url; reference the methods
is_available, _resolve_base_url, save_config and initialize and ensure the same
hermes_home used by initialize/save_config is used for the availability check.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 884554dc-186b-4c29-a99d-f8439d48000b

📥 Commits

Reviewing files that changed from the base of the PR and between 6939d4a and 536e11b.

📒 Files selected for processing (2)

• integrations/hermes/__init__.py
• test/integration-plaintext-http.test.ts