Docs

Managing your agent computer

Your settings and credentials

Understand each local-console setting, where credentials live, what backups include, and what information is safe to share with support.

By Jimmy HuangLast updated July 17, 2026

Most MangoTart configuration lives on the device, not in your account on mangot.art. The local console is the place to choose a model, connect accounts and tools, manage the agent's memory and schedules, and control device-level settings.

This guide is the map of those controls. For the underlying data boundary, read Privacy, security, and permissions.

Where settings live

MangoTart has two management surfaces with different jobs:

SurfaceWhat it managesWhat it does not manage
Local MangoTart ConsoleAgent, provider, connection, browser, network, security, update, and backup settingsOrders, account ownership, or cloud-backup downloads for a damaged device
Your account on mangot.artAccount and device ownership, orders, device status, and encrypted cloud-backup downloadsYour model selection, API keys, bot tokens, browser sessions, memory, or schedules

If the device is offline, the website cannot remotely edit its agent configuration. Provider and connection credentials are entered through the local console and remain part of the device's local state unless a configured external service receives them as part of its own authorization flow.

Configuration map

The console groups daily controls by purpose:

Console pageWhat you controlImportant boundary
Model providerProvider login or API key, active model, and connection testModel requests and relevant context go to the provider you select
VoiceSpeech-to-text provider and its required keyAudio sent for transcription follows that provider's policy
SkillsInstalled skills, enabled state, and optional official skillsA skill may require a separate key or external account
MemoryAgent identity, long-term memory, and user-profile filesThis is user content that can directly affect future responses
SchedulesRecurring jobs, timing, and delivery targetTime zone and destination must be correct for unattended work
MessagingChat platforms, bot/account credentials, pairing, and allowed usersDifferent chats still use one underlying agent trust boundary
EmailMailboxes and provider-specific app passwords or authorization codesConnect only mailboxes the agent is allowed to read and act on
SMSTwilio account, sender identity, drafts, approvals, and repliesCarrier, registration, and per-message charges remain with Twilio
BrowserSigned-in website sessions in the built-in browserBrowser cookies and sessions are powerful credentials and are not in Hermes backups
MCPMCP servers, transport details, enabled state, tests, and removalA connected server can receive the data required by its tool calls
KeysAPI keys used by tools and skillsThe page shows configuration status without acting as a raw secret-file editor
Wi-FiWireless region, saved networks, and active connectionChanging networks can immediately disconnect the console you are using
SSH keysPublic keys allowed to access the deviceNever upload or paste an SSH private key
SystemVersions, time zone, command approval, session expiry, backups, PIN, dashboard lock, restarts, and resetSome actions pause the agent, disconnect the device, or permanently erase local state

The Overview page is the quickest place to confirm whether the agent, provider, browser, and messaging connection are healthy before changing anything.

Credentials and secret values

Use the dedicated page for each kind of credential:

  • model login and model API keys belong on Model provider;
  • bot tokens and messaging-account secrets belong on Messaging;
  • mailbox and Twilio credentials belong on Email and SMS;
  • tool and skill API keys belong on Keys; and
  • website logins stay inside the Browser profile.

The console deliberately does not provide a general-purpose editor for Hermes config.yaml or .env. Dedicated forms restrict changes to supported settings, and secret fields should not be treated as a way to retrieve a stored key later.

If a credential may have leaked, replace or revoke it at the issuing provider—not only on MangoTart—then enter the replacement on the correct console page and test the connection.

Support never needs your secret values

Do not send API keys, OAuth codes, bot tokens, mailbox passwords, Twilio auth tokens, your management PIN, pairing codes, cloud-backup password, browser cookies, an SSH private key, or a backup archive to support.

What a backup carries

Hermes backups preserve supported agent state, including memory, skills, chat state, schedules, agent configuration, and credentials held in Hermes state. This makes a backup sensitive even when its filename looks ordinary.

They do not carry the browser profile or signed-in website sessions. Device-level state—such as MangoTart identity, Wi-Fi, the management PIN and dashboard lock, SSH access, the operating system, and the private support-network identity—is also separate from the Hermes backup.

After a restore, test the model and messaging connections, review schedules and security controls, and sign back into required websites. See Backup, restore, and migration for the complete procedure.

Before making changes

For a provider switch, migration, or other change that affects several workflows:

  1. Confirm the current agent is healthy on Overview.
  2. Note the active provider, model, time zone, connected channels, and important schedules. Do not copy secret values into your notes.
  3. Create a fresh backup before a high-impact change.
  4. Change one area at a time and use the page's test action when available.
  5. Restart the agent only when the console asks you to or the changed setting requires it.
  6. Send a simple test message and verify one scheduled or tool-based workflow before considering the change complete.

This sequence makes it much easier to identify which change caused a failure.

What to send support

Useful, non-secret diagnostic information includes:

  • device serial and hostname;
  • MangoTart and Hermes versions shown in System;
  • provider and model names, without the key or authorization code;
  • the affected console page, messaging platform, tool, or skill;
  • the exact error text and the time it happened, including your time zone;
  • the steps that reproduce the issue; and
  • a screenshot after cropping or covering credentials, personal messages, email addresses, phone numbers, and account identifiers.

Share conversation content or files only when they are necessary to reproduce the problem and you have checked what personal information they contain. Start with the smallest useful example.

What MangoTart deliberately does not expose

The console is not a generic Hermes configuration editor. It exposes settings that are understandable and safe to manage as dedicated controls, while deployment, sandbox, internal timeout, routing, and other operator-level parameters remain managed by the Agent OS.

MCP is broader because it has a dedicated connection manager, but it still uses structured fields and supported actions rather than raw file editing. This boundary reduces invalid combinations, accidental secret disclosure, and upgrades that fail because of an old hand-edited setting.

If a guide tells you to edit raw Hermes files over SSH, check with MangoTart support before applying it to a production device. The upstream option may be valid while still conflicting with the supported Agent OS baseline.

A simple review routine

Every month—and after changing a provider or important account—check:

  1. Overview for failed services or disconnected components.
  2. Model provider and your main messaging channel with a real test.
  3. Schedules for stale jobs, destinations, and time zone.
  4. Skills, MCP, and Keys for connections you no longer use.
  5. Browser for signed-in accounts the agent no longer needs.
  6. System for backup success, command-approval mode, dashboard lock, and available updates.

Remove unused access instead of leaving it configured indefinitely. If something fails, use Troubleshooting before resetting or restoring the device.