Hermes Agent (GitHub 164k stars) is not just a coding assistant in the terminal. Through its message gateway, the Agent can connect to 24 messaging platforms — Telegram, Discord, Slack, WeChat, Lark, DingTalk, Microsoft Teams, and more. The Agent capabilities (Skills, tool calls, approval processes) you configure on one platform are universal across all platforms.

This article focuses on the integration method for Microsoft Teams: 6 steps to get your AI Agent bot into Teams chats.

What this article covers

• Hermes Agent + Teams architecture
• 6-step integration process
• Interactive approval cards
• Automatic meeting summary push
• Production environment deployment
• Security configuration

architecture

Teams 群聊 ←── HTTPS Webhook ──→ Hermes Gateway (端口 3978) ←──→ Agent + LLM

and Slack's Socket Mode are different; Teams pushes messages via public HTTPS Webhooks. Your Hermes instance requires a publicly reachable endpoint—use a local development tunneling tool for development and a real domain name in production.

Message trigger rules

Teams treats @mentions as <at>BotName</at> tags and passes them to Hermes, which automatically strips and processes them.

6 Steps to Access

Step 1: Install Teams CLI

Microsoft's @microsoft/teams.cli automation bot registration does not require Azure Portal:

npm install -g @microsoft/teams.cli@preview
teams login

Verify login and obtain your AAD Object ID (needed for whitelist configuration later):

teams status --verbose

Step 2: Expose Webhook Port

Teams cannot push messages to localhost. Local development requires a tunneling tool:

# Microsoft devtunnel（推荐，URL 持久）
devtunnel create hermes-bot --allow-anonymous
devtunnel port create hermes-bot -p 3978 --protocol https
devtunnel host hermes-bot

# 或 ngrok
ngrok http 3978

# 或 cloudflared
cloudflared tunnel --url http://localhost:3978

Note down the output.https:// URL, use next. Keep tunnel running during development.

Step 3: Create Bot

teams app create \
  --name "Hermes" \
  --endpoint "https://<your-tunnel-url>/api/messages"

CLI output CLIENT_ID, CLIENT_SECRET, and TENANT_ID. Save Client Secret immediately—won't be shown again.

Step 4: Configure environment variables

add to ~/.hermes/.env:

# 必填
TEAMS_CLIENT_ID=<your-client-id>
TEAMS_CLIENT_SECRET=<your-client-secret>
TEAMS_TENANT_ID=<your-tenant-id>

# 限制访问用户（强烈建议）
# 用 teams status --verbose 获取 AAD Object ID
TEAMS_ALLOWED_USERS=<your-aad-object-id>

can also use config.yaml to configure:

platforms:
  teams:
    enabled: true
    extra:
      client_id: "your-client-id"
      client_secret: "your-secret"
      tenant_id: "your-tenant-id"
      port: 3978

Step 5: Start gateway

HERMES_UID=$(id -u) HERMES_GID=$(id -g) docker compose up -d gateway

verify if running:

curl http://localhost:3978/health
# 应返回: ok

docker logs -f hermes
# 看到: [teams] Webhook server listening on 0.0.0.0:3978/api/messages

Step 6: Install the app in Teams

teams app get <teamsAppId> --install-link

Open the output link and install it in the Teams client. After installation, send a message to the bot—it's ready.

Interactive approval card

This is one of the most practical features of Teams integration. When an Agent needs to execute a dangerous command (delete files, run shell commands, etc.), it won't let you manually input /approve, but instead sends an Adaptive Card, with 4 buttons:

After Clicking the Button, the Card Will Be Immediately Updated to Show the Approval Decision, and the Agent Will Continue or Stop Execution.

Meeting Minutes Are Automatically Pushed

The Hermes Agent's Teams Integration Not Only Supports Chatting but Also Automatically Pushes Meeting Minutes. After Enabling the Teams Meeting Pipeline Plugin, Minutes Are Automatically Generated and Pushed to the Specified Teams Channel or Chat After the Meeting Ends.

Two Push Modes:

graphMode Configuration:

platforms:
  teams:
    enabled: true
    extra:
      client_id: "..."
      client_secret: "..."
      tenant_id: "..."
      delivery_mode: "graph"
      chat_id: "19:meeting_..."    # 推送到聊天
      # 或
      # team_id: "..."
      # channel_id: "..."          # 推送到频道

Production Environment Deployment

Local Development Use Tunnel, Production Environment Use Real Domain:

# 创建 Bot 时直接用生产域名
teams app create \
  --name "Hermes" \
  --endpoint "https://your-domain.com/api/messages"

# 已有 Bot 更新端点
teams app update --id <teamsAppId> --endpoint "https://your-domain.com/api/messages"

Requirements:
- Port 3978 (or TEAMS_PORT specified port) can be accessed from the public network
- TLS certificate is valid (Teams rejects self-signed certificates)

Security Configuration

⚠️ Must set TEAMS_ALLOWED_USERS, otherwise anyone who can find or install your Bot can interact with it.

Security best practice:

• TEAMS_ALLOWED_USERS Enter the AAD Object ID of authorized users, silently discard unauthorized messages
• TEAMS_CLIENT_SECRET Treat as a password, rotate regularly
• ~/.hermes/.env Set file permissions to 600: chmod 600 ~/.hermes/.env
• Public endpoint /api/messages is authenticated by Teams Bot Framework — requests without a valid JWT will be rejected

Configuration reference

FAQ

Hermes Agent supports 24 message platforms

Teams is just one of them. Hermes Agent also supports:

Telegram, Discord, Slack, WhatsApp, Signal, Email, SMS (Twilio), Home Assistant, Mattermost, Matrix, DingTalk, Lark, WeCom, WeCom Callback, WeChat, iMessage (BlueBubbles), QQ Bot, YuEbao, Microsoft Teams, Teams Meetings, LINE, SimpleX Chat, ntfy, Open WebUI, Webhooks.

The same Agent, a set of Skills and tool configurations, work across all platforms.

Author: itech001
Source: Official Account: AI Artificial Intelligence Era
website : https://www.theaiera.cn/
Sharing the latest AI news and research every day.

Originally published on AI Artificial Intelligence Era, attribution required when reposting.