Source: raw/Hermes_Agent_MCP_Catalog_Guide_NEW.md — YouTube creator walkthrough (IMO8ooIqONM, Ron/Shawn).
Hermes now ships a built-in MCP catalog: a one-command way to install MCP servers the Nous Research team has reviewed, instead of hunting down GitHub repos and hand-pasting JSON into config.yaml. It trades a little breadth (only vetted servers are listed) for a lot less setup friction and a real security gate. At launch the catalog exposes Linear and n8n (GitHub is in the optional-MCPs directory but disabled for now). Aimed squarely at newer/casual users — experienced operators already wire their own.
Key Takeaways
- The four commands to remember:
hermes update— also pulls the latest catalog manifests.hermes mcp(orhermes mcp catalog) — lists the approved servers.hermes mcp install <name>— installs one (only works for catalog entries).hermes mcp configure <name>— opens the tool checklist to add/remove permissions later.
- Why it exists: the old way — find a random MCP server, copy command/args/env into
config.yaml, manage the API keys yourself, and hope the code is safe — is friction and an attack surface. The catalog wires the config automatically, prompts only for credentials, and exposes only what you whitelist. - Security model: only entries in the repo’s
optional-MCPsdirectory make the catalog, and every manifest is gated by PR review into the official Hermes repo — the Nous team inspects source + bootstrap commands before it ships. Manifests declare their source URL so you can inspect what you’re about to run, and you whitelist individual tools at install time rather than exposing a server’s whole surface. - Never auto-updates. Catalog entries don’t refresh silently — you run
hermes updateto sync new manifests, thenhermes mcp installto pick them up. (So when GitHub graduates from disabled to listed, it’shermes update→hermes mcp install github.) - Linear (OAuth):
hermes mcp install linear→ click the OAuth link → tool checklist (find/create issues checked by default, delete workspace unchecked) → tokens cached at~/.hermes/mcp-tokens/linear.json. Re-tune anytime withhermes mcp configure linear. Lets Hermes search issues, create tickets, and manage projects in natural language from any channel. - n8n:
hermes mcp install n8n→ prompts for base URL + API key (written to~/.hermes/.envautomatically) → Hermes probes the instance for available tools (workflows, executions) and you pick which the agent can touch. Framed as a way to bring existing n8n workflows “back to life” under an agent harness. - Recommended posture: start from the catalog to get a feel for MCP safely, then expand to custom servers once comfortable.
Why it matters
MCP is the integration substrate for Hermes (every new integration tends to ship as an MCP server or a skill wrapping one — see user stories), but the install-and-trust step has been the friction-and-risk bottleneck. A PR-reviewed catalog with per-tool whitelisting is the same “vetted surface + least privilege” discipline the Hermes Security Model applies elsewhere, packaged as a beginner-safe install path. It’s the Hermes counterpart to the curated/vetted MCP discovery problem the wiki tracks in Essential MCP Servers — except the gate is a maintainer PR review rather than the operator’s own judgment. Ships as part of the v0.15 release wave.
Try It
hermes updatethenhermes mcpto see the current catalog (Linear + n8n at launch).- Install Linear via OAuth:
hermes mcp install linear, authenticate, then uncheck destructive tools (e.g. delete-workspace) at the checklist before finishing. - If you have an existing n8n instance,
hermes mcp install n8n, supply base URL + API key, and whitelist only the workflows/executions tools you want the agent to drive. - Re-audit permissions later with
hermes mcp configure <name>— treat the tool checklist as a least-privilege control, not a one-time setup.
Related
- Hermes Agent v0.15 — The Velocity Release — the release wave this feature ships in.
- Hermes Security Model — the credential-scoping + least-privilege discipline the catalog’s per-tool whitelisting extends.
- Hermes Skill Bundles — the other “make capability explicit and composable” Hermes feature.
- Hermes Codex App-Server Runtime — the bidirectional MCP-callback runtime that also reaches Hermes-side tools.
- Essential MCP Servers — the broader MCP-server landscape the catalog curates a vetted slice of.
Open Questions
- The cadence and criteria for adding servers to the
optional-MCPscatalog (and when GitHub flips from disabled to listed) aren’t specified — worth tracking as the catalog grows. - Whether catalog manifests can be self-hosted/forked for org-internal vetted servers (vs only the Nous-reviewed list) is unaddressed in the source.