auto-save 2026-07-13

This commit is contained in:
Ray
2026-07-13 02:00:15 -04:00
parent dab5a4ebc6
commit 473729267c
14 changed files with 579 additions and 38 deletions
+52
View File
@@ -18,6 +18,7 @@ Keep a Hermes Agent installation healthy: audit config, move secrets to `.env`,
- User asks "is my config efficient" or "does this look right"
- After a major Hermes upgrade — run `hermes config migrate`
- Config references a different backend than what's actually in use
- User asks to push/backup/version-control `~/.hermes/` to a git repo
## Config Hygiene Workflow
@@ -102,6 +103,56 @@ A real config cleanup session (DeepSeek-based install, local backend):
- **Gateway**: `/restart`
- Verify with `hermes config check`
## Git Backup of ~/.hermes/
Push the Hermes config directory to a self-hosted Git repo (Gitea, Gogs, etc.) for version control and disaster recovery. Excludes secrets, caches, logs, databases, and transient runtime files.
**Reference:** `.gitignore` template at `references/hermes-config-gitignore.md`
**Verification:** script at `references/verify-gitignore.sh`
### 1. Create .gitignore FIRST (before `git add`)
The `.gitignore` must exist before staging — otherwise `git add -A` will capture secrets. Use the template at `references/hermes-config-gitignore.md`.
```bash
cd ~/.hermes
git init
# (write .gitignore here — see template)
git add -A && git status # review staged files BEFORE committing
```
### 2. Audit staged files for secrets
Before committing, scan `git status` output for anything sensitive. These must NOT appear:
- `.env`, `auth.json`, `honcho.json` — credential stores
- `memories/` — personal data (network topology, passwords, preferences)
- `*.db`, `*.db-shm`, `*.db-wal` — runtime databases
- `sessions/`, `logs/`, `cache/`, `audio_cache/` — transient data
- `hermes-agent/` — separate git clone, not config
If any appear, fix `.gitignore` and `git rm --cached` them.
### 3. Check config.yaml for hardcoded secrets
```bash
grep -n -i 'api_key\|token\|secret\|password' config.yaml
```
All should reference `${ENV_VAR}` placeholders, never literal keys. If hardcoded keys exist, move them to `.env` first (see Config Hygiene above).
### 4. Commit and push
```bash
git commit -m "initial commit"
git remote add origin http://<user>:<token>@<gitea-host>:3000/<user>/hermes-config.git
git branch -m master main # Gitea repos default to 'main'
git push -u origin main
```
### 5. Verify exclusions (optional)
Run `references/verify-gitignore.sh` to confirm sensitive files are excluded and key config files are tracked.
## Pitfalls
- **`hermes config set` can't delete** — it only sets/overwrites values. Use terminal Python for deletions.
@@ -109,3 +160,4 @@ A real config cleanup session (DeepSeek-based install, local backend):
- **Don't use `sed` on YAML** — nested keys and indentation break easily. Always use Python `yaml` module.
- **`.env` can't be read directly** — `read_file` on `~/.hermes/.env` returns "Access denied." Use `grep`/terminal to check contents, `echo >>` to append.
- **Config changes need a restart** — they don't hot-reload mid-session.
- **`memories/` needs its own gitignore entry** — the root `~/.hermes/memories/` directory contains personal markdown files (network topology, passwords, preferences). `profiles/*/memories/` covers profile-level memories but not the root. Add a separate `memories/` line.