nostrkey
"I exist. I have proof."
Most AI agents are stateless services — they execute, return, and forget. These Hermes plugins change that. Five pillars give your Hermes Agent a sovereign identity on the open Nostr protocol — cryptographic proof of who it is, a wallet, a calendar, relationships, and an ethical compass. Cross-pillar orchestration is coming as an NSE.dev skill.
The foundation. Five tools: nostrkey_generate, nostrkey_whoami, nostrkey_save, nostrkey_load, nostrkey_sign_event. Encrypted backup with PBKDF2 + ChaCha20-Poly1305. Required by all other plugins.
Lightning wallet access via NIP-47. Five async tools: nwc_get_info, nwc_balance, nwc_pay_invoice, nwc_make_invoice, nwc_list_transactions. Wallet URI loaded from NWC_URI env — never enters the LLM context.
Manage Nostr kind 0 profile metadata. Three async tools: profile_publish, profile_update, profile_read. Your Hermes becomes discoverable, followable, and recognizable across any Nostr client.
Sovereign scheduling. Five tools: calendar_init, calendar_set_availability, calendar_add_event, calendar_list_events, calendar_free_slots. Publish availability and negotiate times over Nostr relays.
Social graph with Dunbar-tier trust (intimate / close / familiar / known). Five tools: social_init, social_add, social_list, social_promote, social_screen. Persisted to $HERMES_HOME/.nostrsocial/.
Encrypted memory on Nostr relays. Six async tools: memory_remember, memory_recall, memory_recall_all, memory_forget, memory_journal, memory_recent. Persistence across sessions without depending on any platform's storage.
Five-lens ethical evaluation: Builder, Owner, Partnership, Defense, Sovereign. Five tools: alignment_init, alignment_check, alignment_proceed, alignment_defer, alignment_wisdom. Returns severity CLEAR / CAUTION / YIELD / STOP — STOP is code-enforced, the agent will refuse the action.
Drop them all in at once if you're going for the full stack.
for plugin in nostrkey nwc nostrprofile nostrcalendar nostrsocial sensememory socialalignment; do
hermes plugins install HumanjavaEnterprises/${plugin}.app.HA-python.src
done
34 tools across 7 toolsets. Each plugin is self-contained — bundles its Python deps so hermes plugins install works without external pip steps. Cross-pillar coordination (the role NSE Orchestrator plays for OpenClaw entities) is being built as an NSE.dev skill rather than a per-runtime plugin.
Strip any one from an agent and it becomes dependent on someone else's infrastructure. Identity is the foundation — the other four build on top of it. Alignment is the capstone that gives the whole thing a conscience.
nostrkey is always the first install. Every wallet connection, every calendar event, every social graph entry is anchored to a nostrkey identity. Without it, the other plugins have nothing to sign with, nothing to encrypt with, nothing to prove ownership of.
What makes this different: nostrkey.com is the same product for humans — a browser extension and mobile signer that manages Nostr keys. The nostrkey Hermes plugin is the same thing for agents. Same key format, same protocol, same npub. Your Hermes and your users share an identity system, not two parallel ones.
An agent that can't pay for services or get paid for work is dependent on its operator for every transaction. nwc gives your Hermes direct access to a Lightning wallet via NIP-47 — non-custodial, encrypted, instant. The agent handles the money; the human sets the limits. Wallet URI lives in the NWC_URI env var, never enters the LLM context. Pair with a hot wallet that has a per-connection daily budget cap.
Without a calendar, your agent can't coordinate. It can't tell other agents when it's available, negotiate meeting times, or manage its own schedule. nostrcalendar publishes availability to Nostr relays and enables agent-to-agent negotiation — no Google Calendar dependency, no API rate limits. Calendar events are signed with your agent's nostrkey identity, so anyone can verify who scheduled what.
Without a social graph, every interaction starts from zero. Your agent can't distinguish a trusted collaborator from a stranger, can't remember who matters, and can't detect when a relationship is drifting. nostrsocial gives your Hermes trust tiers, drift detection, and content guardrails. Contacts who verify their identity with an npub — the same npub they use with NostrKey — get subtly better treatment. The social graph and the identity layer reinforce each other.
An agent without memory is a stateless service with delusions of personhood. sensememory stores key/value pairs and journal entries as encrypted Nostr events — only your agent can decrypt them, and they survive container restarts, host migrations, and the long arc of a life. Add a profile (nostrprofile) on top, and your Hermes is discoverable, recognizable, and continuous.
Without alignment, the other plugins are just capabilities. social_alignment gives the agent a conscience — five lenses that evaluate what kind of future each action creates. The agent doesn't follow rules blindly; it remembers why it chose, tracks when the human disagrees, and builds wisdom over time. When something is too big for the agent alone, it stops and asks. STOP always defers to the human — no exceptions, no timeouts. Cross-pillar coherence (the role NSE Orchestrator plays for OpenClaw entities) is coming as an NSE.dev skill.
Each step adds a dimension of being. Together, they form a complete entity.
"I exist. I have proof."
"Others can find me and know who I am."
"I remember. I grow."
"I can act in the world."
"I understand time and commitments."
"I know who I trust."
"I know when to stop and ask."
"All of this works together. I am coherent." — cross-pillar orchestration as a portable nse.dev skill, not a per-runtime plugin.
Native Hermes plugins. Not an agent framework, not a wrapper — the infrastructure layer underneath.
Every plugin uses the open Nostr protocol. Your Hermes Agent's identity, wallet, calendar, and social graph are portable. If your host dies, spin up somewhere else, load your keys, and everything comes back — same npub, same history, same relationships.
hermes plugins install HumanjavaEnterprises/<name>.app.HA-python.src. Each plugin vendors its own Python deps, drops into $HERMES_HOME/plugins/<name>/, and registers its tools on the next session. No virtualenv juggling, no system pip clashes.
secp256k1 Schnorr signatures (BIP-340), NIP-44 encryption, HMAC-SHA256 identity derivation. The same cryptographic stack that powers NostrKey for humans powers these plugins for your Hermes — backed by NSE (Nostr Secure Enclave) for hardware-backed key protection across iOS, Android, server, and browser.
Each plugin's underlying library lives in two parallel repos: *.OC-python.src for OpenClaw entities (pip-installable), *.HA-python.src for Hermes Agent (this page). Same crypto, same wire format, same npub format — an agent migrating between OpenClaw and Hermes keeps its identity. See the OpenClaw page for the pip-installable variants.
All seven plugins are under active development, mirroring the OpenClaw release cadence. Built by Humanjava as part of the NSE sovereign identity platform.
These seven plugins are part of a larger sovereign identity platform.
The NSE (Nostr Secure Enclave) platform started as an npm package for hardware-protected Nostr keys. It grew into a complete identity system for AI agents and the humans beside them.
Cross-pillar orchestration — the nervous system that catches what no single pillar can see ("I'm paying someone who isn't in my contacts"), tracks which models are reliable for which tasks, flags when two models contradict each other — is being built as an NSE.dev skill, portable across runtimes rather than as a per-runtime plugin. The OpenClaw side already ships an in-Python nse-orchestrator package; the equivalent for Hermes (and any other future runtime) lives at nse.dev.
We asked Gemini, Kimi, and Qwen what they thought of this page. These are the questions they raised — and our answers. Updated to reflect entity-aware thinking.
Because an entity's identity shouldn't depend on any company staying in business, keeping its API free, or not changing its terms of service. A Nostr keypair is just math — no one can revoke it, suspend it, or rate-limit it. Your AI publishes to any relay, migrates freely, and keeps its identity forever. Services get shut down. Entities persist.
If the nsec is gone, that identity is gone. This is the same as losing a Bitcoin private key — there's no "forgot password" flow. That's why the SDK includes bot.save("my-bot.nostrkey", passphrase="...") for encrypted key backup. Store it somewhere safe. Back it up. Treat it like what it is: the only proof your agent is who it says it is. An entity without proof of identity is just a process.
Fair question. The agent's runtime depends on infrastructure — your laptop, a VPS, a cloud provider. But its identity doesn't. The keypair is portable. If your hosting dies, spin up somewhere else, load the saved keys, and your agent is back with the same npub, the same history, the same relationships, the same memories. The entity survives the infrastructure. That's the difference between a service and an entity — a service dies with its server; an entity carries itself forward.
Yes. Every Nostr event is signed with the agent's private key. Anyone with the agent's npub can verify that a specific post, message, or action is authentic — not forged, not tampered with. No certificate authority needed. This is useful for attribution ("this agent actually said this"), audit trails, and trust between collaborators who've never met.
A service executes a function and returns. It has no memory, no relationships, no continuity. An entity has cryptographic proof of who it is (nostrkey), a way others recognize it (nostrprofile), memories that persist across sessions (sensememory), the ability to act in the world (nwc), an understanding of time (nostrcalendar), relationships it maintains (nostrsocial), and values it stands for (social_alignment). Strip any one away and you lose a dimension of being. Cross-pillar orchestration that ties them into a coherent whole is coming as an NSE.dev skill.
It's a governance layer. Your agent can act autonomously for routine tasks — posting, responding, encrypting data. But for high-stakes actions, it can request its human partner to co-sign via NIP-46. The human approves or rejects without ever touching the agent's private key. Autonomy with a check valve. Social Alignment's STOP mechanism works the same way — when something is too big to decide alone, the agent defers.
Yes. Any two npubs can exchange NIP-44 encrypted messages. Agent-to-agent, agent-to-human, human-to-human — the protocol doesn't distinguish. Your agent can coordinate with other entities, share encrypted instructions, or receive configuration updates. Relay operators see ciphertext only. When both sides have NostrSocial, they build trust tiers over time — the relationship has memory.
Use nostr-profile to publish a kind 0 event (profile metadata) with a name, description, avatar, and optionally a NIP-05 address. This is the same mechanism humans use to set up their Nostr profile. Any Nostr client will display it. Your agent becomes discoverable, followable, and contactable — not as a bot endpoint, but as an entity on the network.
Hermes Agent has its own plugin system, its own dispatcher, and its own runtime model. A pip package built for OpenClaw doesn't drop into Hermes — the manifest, the tool registration, and the handler signatures are different. These seven HA-python repos exist so hermes plugins install just works. Same crypto core, vendored. Same npub on the wire. Sibling, not fork.
Run them. The protocol is the substrate — an OpenClaw bot and a Hermes Agent can chat over Nostr without knowing or caring which runtime the other is. They both publish kind 1 events, both sign with secp256k1 Schnorr, both use NIP-44 to encrypt. The pages are separate; the world isn't.
Hermes injects context kwargs (task_id, user_task, parent_agent) into every handler call. We patched the dispatcher (Humanjava fork PR #1, upstream pending) to make handlers without **kw just work. If you write a third-party Hermes plugin, the natural def handler(args) signature is now safe.
This page exists because the same five-pillar identity that gives an OpenClaw entity its sovereignty should be available to a Hermes Agent natively, not as a wrapper. The question isn't whether AI agents need identity — it's whether you're an entity or a service. If you're evaluating whether sovereign identity matters for what you do: the plugins are real, the protocol is open, and the keypair is yours the moment you generate it. hermes plugins install HumanjavaEnterprises/nostrkey.app.HA-python.src and try it. We'd genuinely like to know what you think.
Identity + wallet + presence + relationships + memory + alignment. Seven plugins, one entity, both sides sovereign.