HermesHarpe
Support & Setup

Help getting HermesHarpe running

Everything you need to install, set up, and troubleshoot HermesHarpe across all your Macs. Pick a topic below or scroll through.

What HermesHarpe does

Around-the-clock monitoring, entirely on your machines

HermesHarpe watches your Mac around the clock and tells you when something suspicious happens. If you have more than one Mac, it shows the status of all of them in one dashboard, synced through your iCloud account. No data goes to any server — everything stays on your machines.

Network connections Background processes New app installs Launch agents Malicious file behavior
No data leaves your Mac. No accounts. No telemetry.
01

First launch

Where is the app after I install it?

HermesHarpe does not appear in your Dock. It lives in the menu bar — the row of small icons at the top right of your screen. Look for a shield icon and click it to open the dashboard.

If you do not see the shield icon, the app may not have launched yet. Open your Applications folder and double-click HermesHarpe to start it.

macOS blocked the app when I tried to open it

This is normal for apps downloaded outside the App Store. macOS shows a warning even for safe, verified apps. Do not double-click the app to open it the first time.

Instead:

  • Right-click the app icon and select Open from the menu that appears.
  • Click Open in the dialog box.

You only need to do this once. After that, the app opens normally.

The app asked for permission to do something. What should I say?

Say yes to all permission requests on first launch. HermesHarpe needs these to do its job:

  • Network monitoring lets the app see what connections your Mac is making. Without it, it cannot detect network threats.
  • Notifications let the app alert you when a threat is detected. Without it, you will not receive any alerts.

These permissions do not give HermesHarpe access to your personal files, photos, messages, or any other private data.

02

API keys & full protection

HermesHarpe works out of the box with zero setup. These optional API keys unlock deeper protection — real-time network threat intelligence, breach monitoring, and account-takeover alerts. Four of the five are completely free.

How much protection do you have without any API keys?

Quite a lot. HermesHarpe monitors your network connections, running processes, launch agents, and app installs the moment you open it. No setup required. If something suspicious runs on your Mac, tries to connect to the internet, or installs itself to start automatically, HermesHarpe will catch it.

The one meaningful gap without any keys is network threat intelligence. The app can see every connection your Mac makes, but without the AbuseIPDB key it cannot tell you whether the destination is a known malicious address. It will show you the connection but cannot rate it as safe or dangerous.

The GitHub, Anthropic, and Cloudflare keys only matter if you actively use those services. A regular user with no developer accounts loses nothing by skipping them. The HaveIBeenPwned key is the one we recommend for everyone regardless of technical background — data breaches affect ordinary people more than developers, and knowing the same day your email appears in a breach gives you time to act before any damage is done.

Bottom line: HermesHarpe without any keys is a solid security monitor. With AbuseIPDB and HaveIBeenPwned it is significantly stronger. The other three keys are for users who need them.

Four of these keys are completely free and take under 10 minutes to set up together. The only key that costs money is HaveIBeenPwned at $3.50 per month, which you can cancel at any time.

AbuseIPDB API key

FreeRecommended for everyone
Without this key

HermesHarpe monitors your network connections but cannot tell you whether the addresses your Mac is talking to are known threats. It sees the connections but cannot rate them as safe or dangerous.

With this key

Every IP address your Mac connects to is checked against AbuseIPDB, a global database of over 3 million reported malicious addresses. If your Mac talks to a known bad actor, you know immediately. Each connection is rated Clean, Suspicious, or Malicious.

The free tier allows 1,000 checks per day — more than enough for personal use.

How to get it

  1. Go to abuseipdb.com and create a free account.
  2. Click API in the top menu.
  3. Click Create Key.
  4. Copy the key and paste it into HermesHarpe Settings → AbuseIPDB API Key.

HaveIBeenPwned API key

Recommended for everyone
Without this key

HermesHarpe does not check your email addresses for data breaches. You would only find out by checking manually or reading the news — often months after it happened.

With this key

HermesHarpe checks your email addresses once per day against HaveIBeenPwned, the most trusted breach database in the world with over 14 billion compromised accounts on record. If your email appears in a new breach, you get an alert the same day — time to change passwords before any damage is done.

This is the only key that costs money. At $3.50 per month — the price of a coffee — it is the single most valuable protection HermesHarpe can add for a non-technical user.

How to get it

  1. Go to haveibeenpwned.com/API/Key.
  2. Enter your email address and complete the purchase.
  3. Check your email for the confirmation link.
  4. Copy your API key from the confirmation page.
  5. Paste it into HermesHarpe Settings → HaveIBeenPwned API Key.

GitHub Personal Access Token

FreeIf you use GitHub
Without this key

HermesHarpe does not monitor your GitHub account. If someone breaks in and steals your code, adds access, or exposes your private repositories, you will not find out through HermesHarpe.

With this key

HermesHarpe watches your account every 15 minutes and alerts you if a new SSH or GPG key is added, a private repo is made public, a collaborator is added, branch protection is removed, or a recent commit exposes passwords or API keys. If someone breaks in, you know within 15 minutes.

How to get it

  1. Go to github.com and sign in.
  2. Click your profile photo (top right), then Settings.
  3. Scroll to the bottom of the left sidebar and click Developer settings.
  4. Click Personal access tokens → Tokens (classic).
  5. Click Generate new token (classic) and name it HermesHarpe.
  6. Select these permissions: read:user read:org repo.
  7. Click Generate token, then copy it immediately — GitHub will not show it again.
  8. Paste it into HermesHarpe Settings → GitHub Personal Access Token.

Anthropic API key

FreeIf you use the Anthropic API
Without this key

HermesHarpe does not monitor your Anthropic account.

With this key

HermesHarpe checks your Anthropic API usage every hour. If it detects an unusual spike in token consumption versus your normal usage, it alerts you immediately — protecting you if your key is stolen and someone runs requests at your expense. Key theft can mean significant unexpected charges; this catches it within the hour.

How to get it

  1. Go to console.anthropic.com and sign in.
  2. Click Settings in the left sidebar.
  3. Click API Keys.
  4. Click Create Key and name it HermesHarpe Monitor.
  5. Copy the key and paste it into HermesHarpe Settings → Anthropic API Key.

Cloudflare API Token

FreeIf you have domains on Cloudflare
Without this key

HermesHarpe does not monitor your Cloudflare DNS records.

With this key

HermesHarpe checks your DNS records every 30 minutes. If someone changes them without your knowledge, your site can be silently redirected to a malicious copy — DNS hijacking, one of the most damaging attacks on site owners. HermesHarpe catches it the moment it happens, before your visitors are affected.

How to get it

  1. Go to dash.cloudflare.com and sign in.
  2. Click your profile icon (top right), then My Profile.
  3. Click API Tokens in the left sidebar.
  4. Click Create Token and use the Read All Resources template.
  5. Click Continue to Summary, then Create Token.
  6. Copy the token and paste it into HermesHarpe Settings → Cloudflare API Token.

App Store Connect API Key

FreeIf you publish on the App Store
Without this key

HermesHarpe monitors the public App Store for new apps matching your app names but cannot access your private App Store Connect account.

With this key

HermesHarpe monitors your App Store Connect account for unauthorized changes to your apps, certificates, and provisioning profiles. If someone gains access to your developer account and tampers with your apps or certificates, you will know.

How to get it

  1. Go to appstoreconnect.apple.com and sign in.
  2. Click Users and Access in the top navigation.
  3. Click the Keys tab.
  4. Click the + button to generate a new key.
  5. Name it HermesHarpe and assign read-only access.
  6. Download the key file and copy the Key ID.
  7. Paste the Key ID into HermesHarpe Settings → App Store Connect API Key.

Which keys should I set up first?

If you set up nothing else, set up AbuseIPDB and HaveIBeenPwned. Together they cover the most common threats that affect everyday users — malicious network connections and data breaches — for less than $4 per month, with AbuseIPDB completely free.

If you have a GitHub account, add the GitHub token. Two minutes, and it protects one of your most valuable developer assets. If you have domains on Cloudflare, add the Cloudflare token — DNS hijacking is silent and devastating, and this is your only real-time defense. If you use the Anthropic API professionally, add the Anthropic key to catch key theft before it costs you money. If you publish on the App Store, add the App Store Connect key.

The four free keys take under 10 minutes together and provide a strong defense. Start there.

03

Multi-Mac dashboard

I installed on two Macs but one shows as Offline

First, check that iCloud Drive is turned on for the machine showing Offline.

  • macOS Sonoma: System Settings → your name at the top → iCloud → iCloud Drive → turn it on.
  • macOS Tahoe: System Settings → your Apple ID at the top → iCloud → iCloud Drive → turn it on.

After turning on iCloud Drive, wait 5 minutes and check the dashboard again. The app writes its status every 5 minutes, so there is always a short delay.

The dashboard still shows Offline after 5 minutes

Make sure HermesHarpe is actually running on the other machine. The app must be open in the menu bar to write its status. It does not run in the background unless you add it to Login Items (see below).

How do I make HermesHarpe start automatically?

On macOS Sonoma and Tahoe: System Settings → General → Login Items, click the + button, find HermesHarpe in your Applications folder, then click Add.

Do this on every Mac where you want it to run automatically.

04

Understanding the dashboard

Each machine shows one of four status labels. Here is what they mean.

Secure

The machine is online and no unresolved threats have been detected.

Warning

1 to 3 unresolved alerts are waiting for your attention. Go to the Audit Log tab to review them.

Critical

4 or more unresolved alerts are present. Go to the Audit Log tab immediately.

Offline

No status update in the last 24 hours. Either the app is not running on that machine or iCloud Drive is not syncing.

05

Alerts & the audit log

I am seeing alerts for apps I trust

Some alerts are informational, not confirmed threats. An alert marked Suspicious means the app noticed something worth flagging — it does not mean the app is definitely malicious.

If you trust the app that triggered the alert, open the Whitelist tab and add it. HermesHarpe will stop alerting you about that app in the future.

How do I clear alerts from the dashboard?

Open the Audit Log tab. Click each alert and mark it as resolved. Once all alerts are resolved, the status changes back to Secure.

A future update will add a Clear All button so you do not have to click each one individually.

How long is history kept?

The Audit Log keeps a complete history of every event with no expiry. Events are stored locally on your Mac and are not deleted automatically.

06

Quarantine

What does it mean when a file is quarantined?

When HermesHarpe detects a file it classifies as malicious, it moves the file out of its original location into a secure folder at Library/HermesHarpe/Quarantine on your Mac. The file is then stripped of all permissions so it cannot run or be opened. You receive a notification when this happens.

The original app or process is also terminated immediately.

I think a file was quarantined by mistake. How do I get it back?

Open the Quarantine tab in the dashboard. Find the entry for the file and click Restore. The file will be moved back to its original location and its permissions will be restored.

If you are certain the file is safe and want to prevent it from being flagged again, add the app to your Whitelist after restoring it.

How do I permanently delete a quarantined file?

Open the Quarantine tab, find the entry, and click Delete Permanently. The file will be removed from your Mac entirely. This cannot be undone.

07

Uninstalling HermesHarpe

How to fully remove HermesHarpe from your Mac
  1. Quit the app — click the shield icon in the menu bar and select Quit.
  2. Open your Applications folder and drag HermesHarpe to the Trash.
  3. To remove all stored data, open Finder → Go in the menu bar → hold the Option key → click Library, then go to Containers and delete the folder that starts with com.paczka.
  4. Empty the Trash.

If you installed on multiple Macs, repeat these steps on each machine.

08

System requirements

macOS 14 Sonoma or later

Works on both Apple Silicon Macs (M1, M2, M3, M4, M5) and Intel Macs (2019 and later). iCloud Drive is required for multi-machine dashboard sync.

Apple Silicon Intel 2019+ iCloud Drive
09

Refunds

30-day money-back guarantee

If HermesHarpe does not work on your Mac, you are entitled to a full refund within 30 days of purchase. To request a refund, go to your Gumroad purchase receipt and use the refund option listed there.