Hermes won't allow any network requests because of security | Nous Research | Page 1

turbid wagon Apr 22, 2026, 3:45 PM

#

By default, Hermes blocks requests from the agent if they seem to target local IP addresses:

Blocked: URL targets a private or internal network address

However, I think that should be a switch/env variable and not a hardcoded default since on some networks like ones with openwrt/proxies, all domains will return as local ip addresses on resolve:

> nslookup nousresearch.com
Server:        127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:    nousresearch.com
Address: 198.18.23.183

Could this be implemented? Or is the issue in something else? Is there a workaround?

thin quail Apr 22, 2026, 4:06 PM

#

hey

#

https://github.com/NousResearch/hermes-agent/pull/14054

GitHub

feat(security): add global toggle for private/internal URL resoluti...

Problem
Users on networks where DNS resolves external domains to private IP ranges are completely blocked from using Hermes's web tools, browser, vision URL fetching, and gateway media down...

#

try this PR and lmk @turbid wagon

turbid wagon Apr 22, 2026, 4:08 PM

#

thin quail try this PR and lmk <@303835545317015552>

will do 🫡

thin quail Apr 22, 2026, 4:30 PM

#

turbid wagon will do 🫡

let me know once you verify the testing, ill merge it to main

turbid wagon Apr 22, 2026, 4:31 PM

#

thin quail let me know once you verify the testing, ill merge it to main

building the docker image rn to swap it in my setup

turbid wagon Apr 22, 2026, 4:52 PM

#

@thin quail seems to be working! tested with an env variable, requests go through now. amazing!

#

thank you!

#

i guess opening support threads works better than issues 😭 maybe ill even be able to get REAP gemma working too

thin quail Apr 22, 2026, 4:54 PM

#

turbid wagon i guess opening support threads works better than issues 😭 maybe ill even be a...

haha not really, i prefer discord threads because its much easier to interact with the users and get feedback from them on fixes and issues

thin quail Apr 22, 2026, 4:54 PM

#

thin quail https://github.com/NousResearch/hermes-agent/pull/14054

@river zinc review and merge bossman 🫡

turbid wagon Apr 22, 2026, 4:56 PM

#

thin quail <@387972437901312000> review and merge bossman 🫡

i do have a question though

#

are hostnames like metadata.goog blocked by safety rules before dns resolution?

#

since on networks like mine they, too, will resolve to a valid openwrt network address

#

so its obviously sensible to block it before it resolves

thin quail Apr 22, 2026, 5:10 PM

#

turbid wagon are hostnames like `metadata.goog` blocked by safety rules before dns resolution...

yes, exactly right. the hostname check runs first, before DNS ever fires

#

Here's the order in is_safe_url():
1. Parse URL → extract hostname
2. Check hostname against _BLOCKED_HOSTNAMES ← blocks here, returns False immediately
3. (never reached) DNS resolution via getaddrinfo
4. (never reached) IP check

#

so metadata.google.internal and metadata.goog are rejected purely on the string match, they never hit DNS at all, which means your OpenWrt resolver never gets a chance to return a routable 198.18.x.x address for them.

The _ALWAYS_BLOCKED_IPS list (169.254.169.254, fd00:ec2::254) is the second layer that catches the case where someone uses a different hostname that resolves to the metadata IP. on your network that particular check would be less useful since everything resolves to a local address anyway, but the hostname block is the one that matters for you and it fires before resolution

#Hermes won't allow any network requests because of security