hermes-config/skills/devops/hermes-config-management/SKILL.md

name, description, version, author, tags, triggers, references, templates

name	description	version	author	tags	triggers	references	templates
hermes-config-management	Hermes Agent configuration management: memory providers, git-backed config backup, DB snapshot strategies, disaster recovery.	1.0.0	Hermes Agent	hermes configuration backup memory gitea sqlite recovery	back up hermes config memory provider setup switch memory provider hermes disaster recovery hermes gitea backup holographic memory hermes db snapshot	references/memory-provider-comparison.md references/gitea-backup-setup.md	templates/dot-gitignore.md

Hermes Config Management

System administration procedures for the Hermes Agent installation: memory provider selection, configuration backup, database snapshot strategy, and disaster recovery.

Memory Provider Selection

Built-in (always active)

Two files at ~/.hermes/memories/:

• MEMORY.md — 2,200 char limit, agent's personal notes
• USER.md — 1,375 char limit, user profile

Injected into every session's system prompt as a frozen snapshot. Managed via the memory tool (add/replace/remove).

When to use a different provider: the built-in is adequate for light use but fills quickly (~3-4 sessions of heavy interaction). Use an external provider when you regularly hit 90%+ capacity.

External Providers

Only one external provider can be active at a time. The built-in always stays active alongside.

For the full comparison table, see references/memory-provider-comparison.md.

Recommended for homelab (free/self-hosted): Holographic — SQLite-backed, zero dependencies, no API keys, no servers, no LLM costs. Full FTS5 search, trust scoring, entity resolution.

Pitfalls:

• Setting memory.provider: honcho with an empty honcho: {} block — reads return empty, writes fail silently.
• External providers still require an LLM API key if they do their own inference (Honcho, Hindsight embedded). Holographic and chronological built-in do not.

Switch Provider

hermes memory setup                    # interactive picker
hermes config set memory.provider NAME # or manual
hermes memory status                   # verify

Changes take effect on next session start (/reset).

Built-in Memory Sizing with External Provider

When an external provider is active, the built-in should hold only always-in-context essentials — things that need to be in every session's face without retrieval cost. Let the external provider handle deep facts (API endpoints, cron job IDs, copy-paste conventions).

Strategy:

• MEMORY.md: persona/SOUL.md location, active provider, high-level homelab overview, memory rules
• USER.md: values, timezone, ops style, current reading
• Move environment facts (API tokens, service endpoints, cron job details) to external provider — they're retrievable on demand

Target: 1,500–1,700 total chars across both files, well under the 3,575 combined limit.

Git-Backed Configuration Backup

The entire ~/.hermes/ directory can be version-controlled, excluding secrets and ephemeral data.

.gitignore Strategy

See templates/dot-gitignore.md for the canonical .gitignore template.

Key exclusion rules:

• Secrets: .env, auth.json, honcho.json
• Runtime: logs/, cache/, sessions/, state-snapshots/, checkpoints/, plugins/
• Binaries: node/, bin/, lsp/, hermes-agent/, platforms/
• SQLite DBs: memory_store.db, state.db, state.db-* (handled by cron snapshot)
• Locks: *.lock, gateway.pid, gateway_state.json, processes.json
• Generated: .install_method, .update_check, models_dev_cache.json, interrupt_debug.log
• Backups: *.bak.*
• Git creds: .git-credentials

Initialize Repo

cd ~/.hermes
git init
git branch -m main
git add .gitignore README.md config.yaml SOUL.md memories/ skills/ scripts/ cron/ \
        kanban.db reading_*.json channel_directory.json
git commit -m "init: hermes agent config, skills, memories, and scripts"
git remote add origin https://gitea.example.com/user/hermes-config.git
git config credential.helper 'store --file ~/.hermes/.git-credentials'
echo "https://user:token@gitea.example.com" > ~/.hermes/.git-credentials
chmod 600 ~/.hermes/.git-credentials
git push -u origin main

Pitfalls:

• Git prompt creds fail in non-interactive terminal (No such device or address). Use token-in-credential-store or token-in-remote-URL.
• Skills directory is large (~15M with bundled skills). Still worth tracking — one-command recovery.
• Set git user.email and user.name immediately to avoid noisy commit warnings.

SQLite Database Backup

SQLite databases (memory_store.db, state.db) are binary files. Git handles binary diffs poorly, so use a no_agent cron job instead.

Snapshot Script

Place at ~/.hermes/scripts/snapshot_hermes_db.sh:

#!/bin/bash
HERMES_HOME="${HERMES_HOME:-$HOME/.hermes}"
BACKUP_DIR="$HERMES_HOME/backups"
RETENTION_DAYS=30
mkdir -p "$BACKUP_DIR"
DATE=$(date +%Y%m%d_%H%M%S)
for db in memory_store.db state.db; do
  SRC="$HERMES_HOME/$db"
  [ -f "$SRC" ] && cp "$SRC" "$BACKUP_DIR/${db%.db}_${DATE}.db" && echo "backed up $db" || echo "skipping $db"
done
find "$BACKUP_DIR" -name '*.db' -type f -mtime +$RETENTION_DAYS -delete
echo "snapshot complete: $(date)"

Create Cron Job

hermes cron create \
  --name daily-db-snapshot \
  --schedule "0 4 * * *" \
  --script scripts/snapshot_hermes_db.sh \
  --no-agent

The no_agent flag makes this a pure shell-script job — zero token cost, just copies files.

Disaster Recovery

On a fresh machine:

# 1. Install Hermes
curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash

# 2. Clone config repo
cd ~/.hermes
git init
git remote add origin https://gitea.example.com/user/hermes-config.git
git pull origin main

# 3. Restore secrets — copy .env and auth.json back from safe backup
#    .env needs: OPENROUTER_API_KEY, MATRIX_ACCESS_TOKEN, etc.
#    auth.json holds OAuth tokens

# 4. Restore SQLite DBs from latest snapshot in backups/

# 5. Verify skills loaded
hermes skills list

# 6. Cron jobs auto-load from cron/jobs.json
hermes cron list

# 7. Start gateway
hermes gateway run

Pitfalls

• Don't put .env or auth.json in git — matrix tokens, API keys, OAuth tokens are in plaintext.
• Token auth for Gitea: use HTTPS token in credential store, not SSH deploy keys. Private keys get redacted by Hermes.
• SQLite DBs change on every session — daily snapshot is sufficient; more frequent adds no value.
• Built-in memory still matters even with an external provider — it's the privileged always-in-context slot. Use it wisely.
• hermes-agent skill is bundled/protected — you can't patch it. This skill fills the gaps the bundled skill doesn't cover (backup, recovery, provider comparisons).