NaN NaN

Agents.

NaN Cloud lets you deploy AI agents in your own microVM: a lightweight virtual machine with QEMU + KVM, its own kernel, its own filesystem, and full root access. Isolated from the host and from other members. The first available agent type is Hermes.

Architecture

Each agent runs inside its own QEMU microVM. Instead of sharing the host kernel (like a regular container), it starts with its own Linux kernel. The VM mounts a 20 GiB ext4 disk on a block-mode persistent volume. Everything you do inside — apt install, pip install, edits to /etc, files you upload — lives on that disk and survives restarts.

Shutdown is graceful: when you restart or delete the agent, the system forces a sync and waits for the ext4 journal to finish flushing before killing the VM. No corruption.

Hermes

Hermes is a conversational AI agent that connects to Telegram. You can chat with it, ask it to manage notes, run commands in its environment, generate websites, and much more.

1. Create a Telegram bot

You need a Telegram bot. Open Telegram, search for @BotFather and follow the instructions to create a new bot. Copy the token it gives you.

2. Create the agent

Go to cloud.nan.builders/agents/new and fill in: name, type (Hermes), the Telegram token, model, and optionally a soul (system prompt) that defines your agent’s personality.

Agent creation form

3. Wait for it to be Running

After creating the agent, wait ~30 seconds for the microVM to start, format the disk for the first time (mkfs.ext4), and seed the filesystem. The status changes to Running and Hermes to Ready.

4. Chat with your agent

Find your bot on Telegram and send it a message. Hermes will respond using the model you configured.

Hermes conversation on Telegram

Your agent is ready. With these 4 steps you already have Hermes running. What follows below are additional agent panel features: web terminal, file uploads, observability, HTTP exposure, Hermes UI, and environment variable management.

Console — web terminal

The Console tab opens an interactive terminal (bash --login) inside your microVM, without needing to configure SSH. The stream runs over WebSocket with xterm.js: auto-resize when you adjust the panel, status pill in the top right, and a reconnect button if the session drops.

Typical use cases:

  • Install packages: apt update && apt install -y nginx
  • Inspect the agent’s internal logs
  • Move files you’ve uploaded to their final location
  • Use htop, df -h, journalctl, etc.

Operational limits 1 simultaneous session per agent · 10 min idle timeout · 30 min max duration per session.

Files — file uploads

The Files tab allows uploading files to the microVM with drag-and-drop or file picker. Multi-file, sequential queue, live progress bar with MiB/s. Files land in /persist/uploads/ and from there you can move them with the Console.

  • Max size: 200 MiB per file.
  • Transport: WebSocket with 256 KiB chunks and end-to-end backpressure.
  • Filename sanitized server-side (no path traversal).
  • Live listing of uploaded files (refreshes every 5s).

Observability

The Observability tab groups three sub-tabs:

  • Logs — live stream of the agent’s stdout/stderr via WebSocket. Buffer of the last 500 lines on the client.
  • Events — Kubernetes Pod events (BackOff, Scheduled, Pulled, Killing…) with type, reason, message, age, and count. Auto-refresh every 15s.
  • Metrics — actual CPU, RAM, and disk usage against configured limits. CPU/RAM via Prometheus (kubelet-cadvisor), disk via df inside the microVM (the filesystem is block-mode, kubelet can’t see it). Refreshes every 10s.

Web — public exposure

The Web tab has two sub-tabs for exposing HTTP services from the agent:

HTTP

Any service your agent serves over HTTP (nginx, an API, a static site) you can expose publicly. For example, ask Hermes to install nginx with a custom HTML page:

Asking Hermes to install nginx with a custom HTML page

In the Web → HTTP tab, click Enable HTTP. By default port 80 is exposed; if your service listens on another port, specify it in Container Port. The platform generates a public URL at *.apps.nan.builders.

Website generated by Hermes visible from the public URL

Hermes UI

Hermes includes a lightweight web UI (nesquena/hermes-webui) that always runs inside the agent. From Web → Hermes UI you can enable external access: the platform generates a URL like webui-<agent>-<user>.apps.nan.builders protected by a per-agent password shown in the panel.

Environment variables

The Env tab lets you add, edit, and delete agent environment variables without touching the Deployment. Useful for injecting third-party API keys, configuring Hermes behavior, etc.

Two variables are protected (edit-only, no delete): OPENAI_API_KEY (your cluster key, managed by the platform) and TELEGRAM_BOT_TOKEN. The rest are free to create, edit, or delete.

Resources and limits

Each microVM is provisioned with:

ResourceRequestLimit
CPU200m1 vCPU
RAM512 Mi2 GiB
Disk20 GiB (block-mode PVC)

CPU and RAM are the microVM’s maximum limits; actual usage is usually well below. Disk is persistent — everything you install or modify (packages, files, configurations) is preserved across restarts. If the disk fills up (90%+), free it from the Console (du -sh /persist/*).

Current limit Currently each member can deploy 1 microVM agent. This limit will be expanded in future versions.

nan.builders © 2026
¡Copiado al portapapeles!