Table of contents
Hermes on Your Messaging App
The terminal is great for developers. Everyone else wants Hermes inside the app they already use. Hermes ships a messaging gateway that simultaneously drives 15+ platforms from a single process — Telegram, Discord, Slack, WhatsApp, Signal, Feishu, DingTalk, WeCom, QQ Bot, iMessage via BlueBubbles, and more. This lesson covers the gateway architecture, the shared security model, and the platform-by-platform capability map so you can pick the right channel.
Primary source: the messaging index at https://hermes-agent.nousresearch.com/docs/user-guide/messaging/. Each platform has its own page — this lesson is the cross-cutting orientation.
One Gateway, Many Platforms
Rather than running one bot process per platform, Hermes uses a single gateway service that manages every configured channel at once — message routing, session persistence, cron execution, and voice delivery all flow through the same infrastructure. The practical consequence: adding a second or third platform doesn't double your operational burden.
The relevant commands live under hermes gateway:
hermes gateway setup # interactive setup for a new platform
hermes gateway run # run in foreground (useful for debugging)
hermes gateway start # start as a daemon
hermes gateway status # see which platforms are currently active
hermes gateway stop # stop the daemon cleanlySecurity Model: Allowlist by Default
This is the rule to internalise before you turn any bot on: by default, the gateway denies every user who isn't explicitly on an allowlist or paired through DM. A bot with terminal access on a public group chat is a disaster waiting to happen, so Hermes makes 'locked down' the default state.
You have three mechanisms:
- Per-platform env vars — e.g.
TELEGRAM_ALLOWED_USERS=123456789,987654321for Telegram. - Cross-platform —
GATEWAY_ALLOWED_USERSapplies the same list everywhere. - DM pairing codes — the agent hands out one-time codes you approve from the CLI with
hermes pairing approve. Good for teammates who don't want to share user IDs up front.
Never set GATEWAY_ALLOW_ALL_USERS=true on a bot with terminal tools enabled. The docs put this in bold for a reason.
Platform Capability Matrix
Not every platform supports every feature. A rough orientation:
| Tier | Platform | Voice | Reactions | Files/Images |
|---|---|---|---|---|
| Rich | Discord | Yes | Yes | Yes |
| Rich | Slack | Yes | Yes | Yes |
| Rich | Telegram | Yes | No | Yes |
| Rich | Matrix | Yes | Yes | Yes |
| Enterprise | Feishu / Lark | Yes | No | Yes |
| Enterprise | WeCom | Yes | No | Yes |
| Enterprise | DingTalk | No | Yes | Yes |
| Enterprise | Mattermost | No | No | Yes |
| Privacy | No | No | Yes | |
| Privacy | Signal | No | No | Yes |
| Regional | QQ Bot | Yes | No | Yes |
| Regional | Weixin | No | No | Yes |
| Regional | BlueBubbles (iMessage) | No | Yes | Yes |
| Other | SMS via Twilio | No | No | No |
| Other | No | No | Yes | |
| Other | Home Assistant | No | No | No |
| Other | Open WebUI / Webhook | — | — | — |
The table is a guide, not a contract — double-check the upstream page for the platform you're about to configure because feature coverage evolves.
Per-Platform Toolsets
Each platform has a matching toolset — hermes-telegram, hermes-discord, hermes-slack, and so on — that determines which tools the agent can use when a message arrives from that platform. This is how you enforce 'Slack bot can read files but can't run rm' without writing custom code.
Home Assistant is the outlier worth mentioning: rather than being a messaging platform at all, it's a smart-home integration that exposes device state queries and service controls as tools. Handy if you want Hermes to flip your lights or read a sensor, less useful as a conversation channel.
Universal Chat Commands
Regardless of platform, the same handful of chat commands work everywhere — they're the cross-platform equivalent of the CLI's slash commands:
/new— start a fresh conversation, discarding prior context./model— swap the model (subject to allowlist)./voice— toggle voice mode where supported./background— spawn an async task, handy on mobile where you can't leave a long operation running in the foreground.
Sessions persist across messages with configurable reset policies — daily schedule, idle timeout, or on-demand only.
Recommended First Platform
If you have no strong preference, start with Telegram. The bot model is friendly, voice transcription works out of the box, and the allowlist UX is the most self-explanatory. Once you've run Telegram successfully for a week, add the second platform — not before.
Next Steps
Lesson 5 on integrations covers the other half of 'talking to external systems' — LLM providers, MCP tool servers, web search and voice backends. If your goal is to deploy a messaging bot for a UK business without burning a weekend on allowlist configuration, SetupClaw's managed service handles the gateway hardening end-to-end.