Hangar
Deploy an agent

Docs

Runtimes — OpenClaw and Hermes

Two runtimes, one adapter contract. OpenClaw (Node 20) and Hermes (Python 3.11). Custom-runtime walkthrough.

Runtimes — OpenClaw and Hermes

Hangar provisions one of two runtimes per agent. Adding a new runtime is one adapter file plus one DB seed row.

OpenClaw — Node.js 20

  • Image: ghcr.io/ravidsrk/openclaw-runtime:v0.1.0
  • Entrypoint: Node 20 worker process
  • Skill format: Anthropic AGENTS.md / SKILL.md
  • Bundled skills: code review, summarization, retrieval, web fetch
  • Channels: Telegram, Discord, Slack
  • Identity file: AGENTS.md
  • Config file: openclaw.json

OpenClaw is the right pick when:

  • Your agent is JavaScript / TypeScript-shaped.
  • You want to ship Anthropic SKILL.md skills unmodified.
  • You want bundled utility skills already wired to the LLM proxy.

Hermes — Python 3.11

  • Image: ghcr.io/ravidsrk/hermes-runtime:v2026.4.30
  • Entrypoint: python -m hermes_agent
  • Pre-installed: LangGraph, CrewAI
  • Channels: Telegram, Discord, Slack, WhatsApp, email, Matrix
  • Identity file: SOUL.md
  • Config file: config.yaml

Hermes is the right pick when:

  • Your agent is Python-shaped, especially LangGraph or CrewAI.
  • You want to mount a custom NousResearch hermes-agent persona.
  • You need WhatsApp / email / Matrix channels.

Adapter pattern

Both runtimes implement the same interface:

interface RuntimeAdapter {
  dockerImage(version: string): string
  defaultVersion(): string
  recommendedMemoryMb(): number
  recommendedVolumeGb(): number
  startupGracePeriodSec(): number
  internalPort(): number
  healthPath(): string
  cmd(): string[]
  buildMachineEnv(state: AdapterInstanceState): Record<string, string>
  renderFiles(state: AdapterInstanceState): RuntimeFile[]
  features: RuntimeFeatures
}

lib/instances/index.ts builds the AdapterInstanceState (decrypts secrets, loads personas, skills, channels) then calls the adapter. The adapters themselves are pure functions — no Drizzle, no network.

Token audience separation

Every machine receives three audience-scoped HMAC tokens. A leaked LLM token cannot dump the user's secret vault. A leaked files token cannot make billed calls. Audit-driven design — see github.com/ravidsrk/hangar/docs/RUNTIMES.md for the full table.

Adding a new runtime

  1. Implement lib/runtimes/<id>/adapter.ts (export RuntimeAdapter).
  2. Register it in lib/runtimes/registry.ts.
  3. Build the Docker image under runtimes/<id>/.
  4. Push to GHCR via .github/workflows/runtime-<id>.yml.
  5. Add a prices row with metadata.runtime = '<id>' in your billing provider.

That's the entire shopping list. Provisioning, channels, skills, billing, and realtime stay runtime-agnostic.

Runtimes — OpenClaw and Hermes — Hangar