Get Kip
Get Kip
Two things you can do here: install the app, and stand up the server it talks to. Both are yours to run — this is the link people usually get texted.
Step 1
Get the app
The beta is invite-only right now
AgentKip is in a friends-and-testers beta. Ask Brandon for an invite (or join the waitlist below) and you'll get a link when a TestFlight spot opens up.
Already know Brandon? Ask for an invite directly.
Honest status: the app is currently invite-only for friends and testers. Nothing here claims a public App Store listing until it's actually live.
Step 2
Run your server
What you need
- A computer that stays on — a Mac, a Linux box, a Windows machine with Docker, or a VPS.
- An LLM provider API key — the simplest path is a single OpenRouter key; Anthropic or OpenAI direct also work.
- A free Tailscale account (recommended) — gives your phone an encrypted path to your server without opening ports.
- 1
Clone Kai Core
The repo link comes with your beta invite — clone it wherever you keep projects.
git clone <the-repo-url-from-your-invite> kai-core cd kai-core
- 2
Create a Python 3.11+ virtual environment
python3 -m venv .venv source .venv/bin/activate pip install -e ".[all,dev]"
- 3
Add your provider key
Simplest path is a single OpenRouter key. Prefer to go direct? Anthropic or OpenAI keys work too — see the .env.example for both.
~/.hermes/.envmkdir -p ~/.hermes cat >> ~/.hermes/.env <<'EOF' OPENROUTER_API_KEY=sk-or-... EOF
- 4
Generate a strong API server key
The server refuses to start with a weak or missing key — under 16 characters gets rejected outright.
openssl rand -hex 32 # paste the output as API_SERVER_KEY in ~/.hermes/.env # also set API_SERVER_HOST=0.0.0.0 and API_SERVER_ENABLED=true
- 5
Start the gateway
python -m hermes_cli.main gateway run
- 6
Expose it over Tailscale
Install Tailscale, sign in, then serve the local port with TLS. Never expose plain http:// on an untrusted LAN.
tailscale serve https / http://127.0.0.1:8642
- 7
Generate a pairing QR and scan it in the app
scripts/kai-host.py qr --mode tailscale --output /tmp/kai-pairing.png
A word on security
Always pair over Tailscale (or another encrypted tunnel) and HTTPS. Never expose plain http:// on an untrusted LAN — the pairing token is a bearer credential. For the full threat model and mitigations, see /security.
Want to run this in the cloud instead of on hardware at home? See /docs/deploy for a VPS walkthrough.