Get Kip

Get Kip

Two things you can do here: install the app, and stand up the server it talks to. Both are yours to run — this is the link people usually get texted.

Step 1

Get the app

Invite-only beta

The beta is invite-only right now

AgentKip is in a friends-and-testers beta. Ask Brandon for an invite (or join the waitlist below) and you'll get a link when a TestFlight spot opens up.

Already know Brandon? Ask for an invite directly.

Honest status: the app is currently invite-only for friends and testers. Nothing here claims a public App Store listing until it's actually live.

Step 2

Run your server

What you need

  • A computer that stays on — a Mac, a Linux box, a Windows machine with Docker, or a VPS.
  • An LLM provider API key — the simplest path is a single OpenRouter key; Anthropic or OpenAI direct also work.
  • A free Tailscale account (recommended) — gives your phone an encrypted path to your server without opening ports.
  1. 1

    Clone Kai Core

    The repo link comes with your beta invite — clone it wherever you keep projects.

    git clone <the-repo-url-from-your-invite> kai-core
    cd kai-core
  2. 2

    Create a Python 3.11+ virtual environment

    python3 -m venv .venv
    source .venv/bin/activate
    pip install -e ".[all,dev]"
  3. 3

    Add your provider key

    Simplest path is a single OpenRouter key. Prefer to go direct? Anthropic or OpenAI keys work too — see the .env.example for both.

    ~/.hermes/.env
    mkdir -p ~/.hermes
    cat >> ~/.hermes/.env <<'EOF'
    OPENROUTER_API_KEY=sk-or-...
    EOF
  4. 4

    Generate a strong API server key

    The server refuses to start with a weak or missing key — under 16 characters gets rejected outright.

    openssl rand -hex 32
    # paste the output as API_SERVER_KEY in ~/.hermes/.env
    # also set API_SERVER_HOST=0.0.0.0 and API_SERVER_ENABLED=true
  5. 5

    Start the gateway

    python -m hermes_cli.main gateway run
  6. 6

    Expose it over Tailscale

    Install Tailscale, sign in, then serve the local port with TLS. Never expose plain http:// on an untrusted LAN.

    tailscale serve https / http://127.0.0.1:8642
  7. 7

    Generate a pairing QR and scan it in the app

    scripts/kai-host.py qr --mode tailscale --output /tmp/kai-pairing.png

A word on security

Always pair over Tailscale (or another encrypted tunnel) and HTTPS. Never expose plain http:// on an untrusted LAN — the pairing token is a bearer credential. For the full threat model and mitigations, see /security.

Want to run this in the cloud instead of on hardware at home? See /docs/deploy for a VPS walkthrough.

Questions? /faq · /contact