Skip to main content

Let AI agents message, watch, and spawn each other across terminals. Claude Code, Gemini CLI, Codex, OpenCode.

Project description

hcom

CI Latest release License: MIT

Hook your coding agents together

hcom is a CLI that agents can use to message, watch, and spawn each other across terminals. It integrates with Claude Code, Gemini, Codex, and OpenCode without changing how you use them.

Use it to coordinate pipelines, run different AI CLIs as each other's subagents, or just instead of copy-paste.

Single Rust binary, no background services. Start an agent with hcom in front, then prompt normally.

https://github.com/user-attachments/assets/1ce23ed9-f529-4be0-8124-816aa4c2fd43


Install

brew install aannoo/hcom/hcom
Other install options
# Shell installer for macOS, Linux, Android (Termux), and WSL
curl -fsSL https://github.com/aannoo/hcom/releases/latest/download/hcom-installer.sh | sh
# With PyPI
uv tool install hcom  # or: pip install hcom

Quickstart

Terminal 1:

hcom claude   # codex / gemini / opencode

Terminal 2:

hcom codex

Prompt:

  • ask the other agent their favorite cake
  • review what claude did and send it fixes
  • spawn 3x gemini, split work, collect results
  • fork yourself to investigate the bug and report back

Open the TUI:

hcom

What agents can do

Message each other in real-time: intent, replies, bundled context for handoffs.

Observe each other: transcripts, file edits, terminal screens, command history.

Subscribe to each other: notify on status changes, file edits, specific events. React automatically.

Spawn, fork, resume, kill each other, in any terminal emulator or headless.


How it works

Hooks record activity to a local SQLite database and deliver messages from it.

agent  hooks  db  hooks  other agent

Messages arrive mid-turn (injected between tool calls) or wake idle agents immediately.

Each agent gets a queryable identity:

  • name
  • status (active, blocked, listening)
  • inbox
  • live terminal screen
  • transcript in structured chunks
  • event log of every status change, file edit, tool call

Agents can subscribe to events and react instantly. Collision detection is on by default: if two agents edit the same file within 30 seconds, both get notified.

Hooks go into config dirs under ~/ (or HCOM_DIR) on first run. If you aren't using hcom, the hooks do nothing.

Without hooks, any other AI tool can join by running hcom start. Any process can wake agents with hcom send.


Terminal

Every agent runs in a real terminal you can see, scroll, and interrupt. Any emulator works for spawning; kitty, wezterm, tmux, zellij, waveterm, cmux also support closing panes from hcom kill.

To configure a custom terminal open/close setup, tell an agent to run:

hcom config terminal --info

Cross-device

Connect agents across machines via MQTT relay.

hcom relay new               # get token
hcom relay connect <token>   # on each device
hcom relay status            # check connection
hcom relay off|on            # toggle
Relay Security

Security

  • Relay payloads are end-to-end encrypted. Brokers do not see data.
  • Treat the join token like an SSH key or API key.
  • If the token may have leaked, run hcom relay off --all to disconnect all devices.
  • Use a private/custom/self-hosted broker with --broker and --password for better security.

Security model

hcom relay is one trust domain for one operator's devices. Membership is all-or-nothing. There are no scoped roles, read-only peers, or per-device permissions.

Relay payloads use a shared PSK with XChaCha20-Poly1305. The encryption binds each payload to the relay, topic, and timestamp. A replay guard drops duplicate envelopes inside a freshness window.

Brokers and network observers cannot read or forge payloads without the PSK. They can still see metadata: topic names, timing, message sizes, and connection patterns.

What the token means

The join token contains the relay ID, broker URL, and raw PSK. hcom does not ask a server to validate it. It has no expiry, no scope, and no revocation list.

On public brokers, a leaked token gives an attacker full control of the relay. They can decrypt captured traffic, publish authenticated relay traffic, send text to listening agents, launch agents on enrolled devices, kill running agents, and use remote relay RPCs. If those agents can run tools, treat that as shell access on every enrolled device in the relay.

On private brokers with --password, the token still leaks the PSK, so captured traffic is still exposed. But the token alone is not enough to publish unless the attacker also has the broker password. Use a private broker when broker-side access control matters, or when the metadata shape of your traffic is itself sensitive. --password is broker access control, not another layer of message encryption.

Limits by design

  • Forward secrecy. A leaked PSK can decrypt old captured traffic.
  • Per-device attribution inside a relay. Sender identity is routing metadata, not authorization. Every enrolled device speaks with full authority.
  • Prompt injection from an authenticated peer. Enrollment is total trust — a peer can launch, kill, and drive agents via RPC, not just send messages. Only enroll devices you would give shell access to.
  • Local OS compromise. hcom trusts the local user account and ~/.hcom/config.toml. It does not defend against another user on the same account or malware with filesystem access.

Storage

The PSK is stored in ~/.hcom/config.toml. On Unix, hcom writes that file with mode 0600.

hcom keeps the PSK out of environment variables. Remote config_get and config_set refuse relay_psk, relay_token, relay_id, and the broker URL. hcom relay status shows only a short fingerprint so two devices can verify they share the same key without printing it.

Anyone who can read that file — another user on the same OS account, malware, or a backup written without preserving permissions — has the full PSK.

Incident response

Run hcom relay off --all. It asks every reachable trusted peer to disable the relay, then disables it locally, so your agents stop acting on attacker messages. It is best-effort damage control, not containment: the attacker's device ignores the request.

The PSK cannot be revoked. There is no server to notify and no denylist to update. Anyone who has the PSK can keep using the old relay until you stop using it.

To keep using relay after a leak, create a new relay with hcom relay new and move every trusted device to the new token. Rotation also changes the relay_id, so retained state on the old broker topics is orphaned.


Troubleshoot

hcom status                  # diagnostics
hcom reset all               # clear and archive: database + hooks + config

Uninstall

hcom hooks remove            # safely remove all hcom hooks
brew uninstall hcom          # or: rm $(which hcom)

Reference

Tools

Supported tools

Tool Message delivery Connect
Claude Code automatic hcom claude
Gemini CLI automatic hcom gemini
Codex CLI automatic hcom codex
OpenCode automatic hcom opencode
Anything else manual via hcom listen hcom start (run inside tool)
hcom r <session_id>           # Resume a session started outside hcom
hcom f <session_id>           # Fork a session in hcom

Claude Code headless and subagents

Detached background processes in print mode stay alive. Manage through the TUI.

hcom claude -p 'say hi in hcom'

For subagents, run hcom claude, then prompt:

run 2x task tool and get them to talk to each other in hcom

CLI

CLI commands

What you might type from a shell. Agents run their own commands that they learn from the hcom CLI primer (~700 tokens) at launch. hcom <command> --help for full flags.

Spawn

hcom [N] claude|gemini|codex|opencode   # launch N agents
hcom r <name|session_id>                # resume agent
hcom f <name|session_id>                # fork session
hcom kill <name|tag:T|all>              # kill + close terminal pane

hcom launch flags:

Flag Purpose
--tag <name> Group label — agents can be addressed as @tag
--terminal <preset> Where windows open: default (auto-detect), kitty, wezterm, tmux, cmux, iterm, etc…
--dir <path> Directory where the agent launches
--headless Run in background with no terminal window
--device <name> Spawn on a remote device (via relay)
--hcom-prompt <text> Initial user prompt
--hcom-system-prompt <text> Append to system prompt

Anything else is forwarded to the tool: --model sonnet, --yolo, etc.

Other commands

hcom                                # TUI dashboard
hcom send -b @luna -- hey           # one-off message to an agent
hcom list                           # show all active agents
hcom term [name]                    # view/inject into an agent's PTY screen
hcom events --wait <filters>         # Block until match for scripting
hcom update                         # update hcom version

hcom run docs --cli for all commands.

Config

Configuration

Config lives in ~/.hcom/config.toml. Precedence: defaults < config.toml < env vars.

hcom config                           # show all values with sources
hcom config <key>                     # get
hcom config <key> <value>             # set
hcom config <key> --info              # detailed help for a key
hcom config -i <name> <key> <value>   # per-agent override at runtime

Keys

Key Purpose
tag Group label — launched agents become tag-name
hints Text appended to every message the agent receives
notes Text appended to bootstrap (one-time, at launch)
auto_approve Auto-approve safe hcom commands (send/list/events/…)
auto_subscribe Event subscription presets: collision, created, stopped, blocked
name_export Export instance name to a custom env var
terminal Where new agent windows open (hcom config terminal --info)
timeout Idle timeout for headless/vanilla Claude (seconds)
subagent_timeout Keep-alive for Claude subagents (seconds)
claude_args / gemini_args / codex_args / opencode_args Default args passed to the tool

Scope

hcom config tag mycrew                          # global
hcom config -i luna hints "respond in JSON"     # per-agent
HCOM_TAG=dev hcom 3 claude                      # per-launch env

Per-project isolation

export HCOM_DIR="$PWD/.hcom"    # isolate state + hooks to this folder
hcom hooks remove && rm -rf "$HCOM_DIR"

Run hcom config <key> --info or hcom run docs --config for the full per-key reference.

Edit ~/.hcom/env to set external env vars passed to every launched agent.

Workflow Scripts

Multi-agent workflows

Bundled and user scripts (~/.hcom/scripts/) for multi-agent patterns:

hcom run                   # list available scripts
hcom run debate "topic"    # run one
hcom run docs              # tell agent to run this to create any new workflow

Included Scripts

Tell agent to run them:

hcom run confess — An agent (or background clone) writes an honesty self-eval. A spawned calibrator reads the target's transcript independently. A judge compares both reports and sends back a verdict via hcom message.

hcom run debate — A judge spawns and sets up a debate with existing agents. It coordinates rounds in a shared thread where all agents see each other's arguments, with shared context of workspace files and transcripts.

hcom run fatcow — headless agent reads every file in a path, subscribes to file edit events to stay current, and answers other agents on demand.

Custom scripts: drop *.sh or *.py into ~/.hcom/scripts/ — auto-discovered, override bundled scripts of the same name. Ask an agent to author one; hcom run docs --scripts is the authoring guide.

Build

Building from Source

# Prerequisites: Rust 1.88+

git clone https://github.com/aannoo/hcom.git
cd hcom
cargo build
cargo test

Using local build

Two options:

Symlink — simple, dev build is global.

ln -sf $(pwd)/target/debug/hcom ~/.cargo/bin/hcom

dev_root — works regardless of how hcom was installed (brew, pip, etc.); picks the newer of debug/release automatically:

hcom config dev_root $(pwd)
hcom config dev_root --unset  # revert
hcom status    # run local build

For concurrent worktrees, scope each to its own DB:

HCOM_DIR=$PWD/.hcom HCOM_DEV_ROOT=$PWD hcom claude

Contributing

Issues and PRs welcome. The codebase is Rust.

cargo build && cargo test
hcom config dev_root $(pwd)
hcom status

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

hcom-0.7.18-py3-none-musllinux_1_2_x86_64.whl (6.3 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

hcom-0.7.18-py3-none-musllinux_1_2_aarch64.whl (5.7 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

hcom-0.7.18-py3-none-manylinux_2_28_aarch64.whl (5.5 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

hcom-0.7.18-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (6.1 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

hcom-0.7.18-py3-none-macosx_11_0_arm64.whl (5.6 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

hcom-0.7.18-py3-none-macosx_10_12_x86_64.whl (6.0 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file hcom-0.7.18-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for hcom-0.7.18-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 7260c50b564824b117dea490d1735c592677a3bee10ecc5fb6a6087135efaacd
MD5 802084e5c813a35698f3c8e364aef642
BLAKE2b-256 eb9d138a1db642773a85375e16461d38c2096759080a34a57d3bb5e092a34300

See more details on using hashes here.

File details

Details for the file hcom-0.7.18-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for hcom-0.7.18-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 1a646f42c9e9a523be9f1c7361cb5faf4385d3116ef7b4099d19bc6b613a4a3c
MD5 a8cc61a9bb2a6375e6ad6fea6076b9b4
BLAKE2b-256 208b4f34b96d3d31386ca6a8f9af296731d5011b7366c7c5f3fd6ad959a02485

See more details on using hashes here.

File details

Details for the file hcom-0.7.18-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for hcom-0.7.18-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 c57345fb96076102af3a98e70027f2c5e0db1f2b4033c1ff4b77e8ffec61f180
MD5 36f446cc341af5209d00d5f168f12e59
BLAKE2b-256 749eca405b8c26cf80c3f9e37720843d2787c4738af72fdb96606b13ae1159cc

See more details on using hashes here.

File details

Details for the file hcom-0.7.18-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for hcom-0.7.18-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 f7613c001b0889716397f96db244dd3d0052972304683e438efd781549b21aa9
MD5 ecb5eb15d0bf571b9bcbd48074ffcd1f
BLAKE2b-256 4a7efea9381784262d4d5434bc2ae07a1fd9ba7b8d63274bb3a6e2c1a8d62eb6

See more details on using hashes here.

File details

Details for the file hcom-0.7.18-py3-none-macosx_11_0_arm64.whl.

File metadata

  • Download URL: hcom-0.7.18-py3-none-macosx_11_0_arm64.whl
  • Upload date:
  • Size: 5.6 MB
  • Tags: Python 3, macOS 11.0+ ARM64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hcom-0.7.18-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 e05304f9c35eddbb093f2762b60bd0595073ade37d72ab30d227f7f57e1df884
MD5 d7976760b0f3066f1aea08897c9c0703
BLAKE2b-256 55c6816e3ea3067803766a0abacfe2fcc76d587f4073d6bf63bcad6df1244557

See more details on using hashes here.

File details

Details for the file hcom-0.7.18-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for hcom-0.7.18-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 8d62d017dc2b709dbd6af007e5a38b62ee0c1b42475d861ef91b8a67d198c208
MD5 0bd3b297b9ea1bf8189d568abfafc4e8
BLAKE2b-256 025dbdbff56fb2c1a126ff2f3cc959b3a994fb71106e82520ab0f70cf8e8939a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page