website/docs/user-guide/features/context-references.md
Type @ followed by a reference to inject content directly into your message. Hermes expands the reference inline and appends the content under an --- Attached Context --- section.
| Syntax | Description |
|---|---|
@file:path/to/file.py | Inject file contents |
@file:path/to/file.py:10-25 | Inject specific line range (1-indexed, inclusive) |
@folder:path/to/dir | Inject directory tree listing with file metadata |
@diff | Inject git diff (unstaged working tree changes) |
@staged | Inject git diff --staged (staged changes) |
@git:5 | Inject last N commits with patches (max 10) |
@url:https://example.com | Fetch and inject web page content |
Review @file:src/main.py and suggest improvements
What changed? @diff
Compare @file:old_config.yaml and @file:new_config.yaml
What's in @folder:src/components?
Summarize this article @url:https://arxiv.org/abs/2301.00001
Multiple references work in a single message:
Check @file:main.py, and also @file:test.py.
Trailing punctuation (,, ., ;, !, ?) is automatically stripped from reference values.
In the interactive CLI, typing @ triggers autocomplete:
@ shows all reference types (@diff, @staged, @file:, @folder:, @git:, @url:)@file: and @folder: trigger filesystem path completion with file size metadata@ followed by partial text shows matching files and folders from the current directoryThe @file: reference supports line ranges for precise content injection:
@file:src/main.py:42 # Single line 42
@file:src/main.py:10-25 # Lines 10 through 25 (inclusive)
Lines are 1-indexed. Invalid ranges are silently ignored (full file is returned).
Context references are bounded to prevent overwhelming the model's context window:
| Threshold | Value | Behavior |
|---|---|---|
| Soft limit | 25% of context length | Warning appended, expansion proceeds |
| Hard limit | 50% of context length | Expansion refused, original message returned unchanged |
| Folder entries | 200 files max | Excess entries replaced with - ... |
| Git commits | 10 max | @git:N clamped to range [1, 10] |
These paths are always blocked from @file: references to prevent credential exposure:
~/.ssh/id_rsa, ~/.ssh/id_ed25519, ~/.ssh/authorized_keys, ~/.ssh/config~/.bashrc, ~/.zshrc, ~/.profile, ~/.bash_profile, ~/.zprofile~/.netrc, ~/.pgpass, ~/.npmrc, ~/.pypirc$HERMES_HOME/.envThese directories are fully blocked (any file inside):
~/.ssh/, ~/.aws/, ~/.gnupg/, ~/.kube/, $HERMES_HOME/skills/.hub/All paths are resolved relative to the working directory. References that resolve outside the allowed workspace root are rejected.
Binary files are detected via MIME type and null-byte scanning. Known text extensions (.py, .md, .json, .yaml, .toml, .js, .ts, etc.) bypass MIME-based detection. Binary files are rejected with a warning.
Context references are primarily a CLI feature. They work in the interactive CLI where @ triggers tab completion and references are expanded before the message is sent to the agent.
In messaging platforms (Telegram, Discord, etc.), the @ syntax is not expanded by the gateway — messages are passed through as-is. The agent itself can still reference files via the read_file, search_files, and web_extract tools.
When conversation context is compressed, the expanded reference content is included in the compression summary. This means:
@file: contribute to context usage@file:main.py:100-200) to inject only relevant sections# Code review workflow
Review @diff and check for security issues
# Debug with context
This test is failing. Here's the test @file:tests/test_auth.py
and the implementation @file:src/auth.py:50-80
# Project exploration
What does this project do? @folder:src @file:README.md
# Research
Compare the approaches in @url:https://arxiv.org/abs/2301.00001
and @url:https://arxiv.org/abs/2301.00002
Invalid references produce inline warnings rather than failures:
| Condition | Behavior |
|---|---|
| File not found | Warning: "file not found" |
| Binary file | Warning: "binary files are not supported" |
| Folder not found | Warning: "folder not found" |
| Git command fails | Warning with git stderr |
| URL returns no content | Warning: "no content extracted" |
| Sensitive path | Warning: "path is a sensitive credential file" |
| Path outside workspace | Warning: "path is outside the allowed workspace" |