A coding agent CLI that's containerized by default. Every command runs inside a Docker container, nothing touches your host. No approval prompts, no "are you sure?" dialogs. Just let it work.
Containerized by default — The agent runs inside Docker containers with full control: installing packages, editing files, running builds. Your host machine stays untouched. No permission prompts, ever.
Multi-provider — Use Anthropic, OpenAI, Gemini, or Grok. Switch models on the fly.
Self-building dev environments — Need Python but it's not installed? herm extends its own container by writing Dockerfiles dynamically. Dev environments are scoped per project (git repo) and survive container restarts — the rebuilt image persists across sessions.
100% open-source — Everything is open, including the system prompts. No hidden instructions, no black boxes. Read them, fork them, change them.
- macOS or Linux (arm64 and amd64)
- Docker installed and running
curl -fsSL https://raw.githubusercontent.com/aduermael/herm/main/install.sh | bashbrew tap aduermael/herm
brew install hermRequires Go 1.24+.
git clone https://github.com/aduermael/herm
cd herm
go build -o herm ./cmd/herm
./hermhermYou'll need an API key for at least one provider (Anthropic, OpenAI, Grok, or Gemini) — add it via the CLI on first run.
Rough priority order — subject to change.
- Credential-free third-party APIs — let herm call any external API without ever seeing your credentials.
- Benchmarks — measure herm against Claude Code and other coding agents on standard coding tasks.
- Skills &
herm.md— first-class skills and a project config file. Optional import from other agents' configs (e.g.CLAUDE.md). - PR review bot — a herm bot that reviews pull requests.
- Dynamic model list — pick up newly released models without updating herm.
herm/
├── cmd/
│ ├── herm/ Main application
│ │ ├── prompts/ System prompt templates (embedded)
│ │ └── dockerfiles/ Base container definition (embedded)
│ └── debug/ Debug utilities
├── .herm/
│ └── skills/ Skill definitions (e.g. devenv)
├── img/ Demo assets
├── plans/ Project planning docs
├── go.mod
├── LICENSE
└── README.md
go test ./...How is it different from Claude Code?
Claude Code runs directly on your host and needs your approval for every potentially dangerous action. herm runs everything in containers, so the agent can act freely without risking your system. herm also supports multiple model providers and ships its system prompts in the open.
How is it different from OpenCode?
OpenCode is a great terminal AI assistant, but it runs on your host like most coding agents. herm's core idea is that containerization should be the default — not an afterthought. If the agent can't break anything, you don't need permission prompts.
How is it different from Pi Coding Agent?
Pi focuses on extensibility through TypeScript plugins and a large ecosystem of community packages. herm takes a different bet: safety through containerization. Instead of asking users to manage permissions, herm sandboxes everything by default so the agent can operate autonomously.
What is the logo supposed to represent?
It's an hermit crab called Herm, short for Herman. It represents the hermetic nature of the agent — everything sealed inside its shell.
herm is built on top of langdag, a Go library for managing LLM conversations as directed acyclic graphs with multi-provider support. This project originally started as a way to dogfood langdag.
Join the Discord to chat, ask questions, or share feedback.