⚡ Hermes Agent

Autonomous AI assistant — olibuijr homelab instance

v0.15.2 · Python 3.14.4 · CachyOS Linux

🏠 System Overview

Hermes Agent is an autonomous AI assistant running on the olibuijr homelab (Titan, 192.168.8.14). It operates primarily via Discord, with full tool access for code development, infrastructure management, research, legal analysis, and system administration across the homelab cluster.

🧠 Primary Model

deepseek-v4-pro

via 9router (custom) · 200K context

⚙️ Provider

9router @ 192.168.8.14:20128

100+ models across Claude, Gemini, Kimi, DeepSeek, GLM, Qwen, MiniMax

🔌 Platform

Discord

Home: #status · Auto-thread · Reactions enabled

📦 Deployment

pipx + systemd service

~/.local/share/pipx/venvs/hermes-agent/

🧠 Memory System

Hermes uses a persistent Hindsight memory backend with two stores: Memory (environment facts, project conventions, tool quirks) and User Profile (personal preferences, communication style, identity). A skill curator runs weekly to archive stale knowledge.

Property	Value
Backend	Hindsight (hermes bank)
Budget	Mid
Memory char limit	2,200
User profile char limit	1,375
Curator	Enabled · every 168h · archive after 90d
Session DB	SQLite (FTS5) · auto-prune off · retention 90d

Memory is injected into every turn. Non-durable task state is recalled via session_search (FTS5 over past conversations). Procedural workflows are saved as Skills in ~/.hermes/skills/.

📚 Skills System

Skills are procedural memory — reusable workflows for recurring tasks. They live in ~/.hermes/skills/ and are loaded into context on-demand.

📦 Total Skills

100+ across 20+ categories

🔒 Disabled

92 built-in skills disabled

⚙️ Enabled

Custom + curated subset activated per session

Active Categories

Category	Example Skills
🧑‍💻 software-development (14)	coding-discipline, test-driven-development, plan, spike, requesting-code-review, reusable-cli-first, subagent-driven-development, writing-plans, workspace-management
🔧 devops (12)	nginx-management, dns-management, proxmox-management, proxmox-networking, passvault, process-management, deploy-script-standard, code-index, proxmox-backups
🤖 autonomous-ai-agents (6)	hermes-agent, subagent-driven-development
⚖️ legal (1)	legal, parental-alienation-case-management
🔗 mcp (2)	mcp-server-migration
📝 productivity (12)	notes, legal, parental-alienation-case-management
📊 research (7)	deepwiki, js-rendered-docs-scraping
🧪 mlops (9)	model serving, evaluation tooling
🎨 creative (20)	diagramming, media generation

🛠️ Tools & Capabilities

Hermes has access to the following built-in tool classes:

Core Tools

Tool	Purpose
`terminal`	Shell execution (local + SSH), background processes, PTY interactive mode
`read_file` / `write_file`	File I/O with pagination, auto-syntax checking
`search_files`	ripgrep-backed content + file search
`patch`	Targeted find-and-replace with fuzzy matching
`browser_*`	Headless browser (navigate, click, type, scroll, screenshot, vision analysis)
`vision_analyze`	Image analysis via native vision or fallback model
`delegate_task`	Spawn parallel sub-agents with isolated context
`cronjob`	Schedule recurring tasks (prompt-driven or script-based)
`execute_code`	Multi-step Python scripts with tool access
`memory` / `hindsight_*`	Persistent memory CRUD + semantic recall
`skill_view` / `skill_manage`	Load, create, update, patch, delete skills
`session_search`	FTS5 search over past conversation transcripts
`send_message`	Multi-platform messaging (Discord, Telegram, Signal, etc.)
`image_generate`	AI image generation
`text_to_speech`	Audio synthesis
`clarify`	Ask user multiple-choice or open-ended questions
`todo`	Session-scoped task management
`process`	Background process lifecycle (poll, log, wait, kill, write stdin)

CLI Wrappers (`~/.local/bin/`)

CLI	Purpose
`nginx-mgr`	Manage nginx vhosts on 192.168.8.4 (proxy)
`dns-mgr`	Manage split-horizon BIND9 DNS (ns1/ns2)
`pve-mgr`	Manage Proxmox VE cluster (prox1/prox3/prox4)
`passvault`	Local encrypted secrets (SQLite + Fernet)
`notes`	NoteDiscovery vault CLI (API at 192.168.8.184:8000)
`code-index`	Code indexer + search (13+ workspaces, persistent storage)
`deepwiki`	Query DeepWiki.com AI docs for GitHub repos
`gh`	GitHub CLI
`hermes` / `hermes-agent`	Hermes Agent CLI
`claude`	Claude Code CLI
`buios`	Custom BUI OS tool
`hermes-dashboard`	Hermes dashboard launcher
`worktree-create`	Git worktree helper
`code-index-all-workspaces.sh`	Bulk re-index all workspaces

🔌 MCP Servers (Model Context Protocol)

MCP servers provide native tool access to external systems. Registered in ~/.hermes/config.d/40-mcp.yaml. All use filtered env — only safe baseline vars pass through; API keys are injected via wrapper scripts or explicit env: config.

Server	Command	Endpoint	Purpose
code-index	`uvx code-index-mcp`	Local	Codebase search, symbol lookup, file summary, embedding index via EmbeddingGemma (Titan :8081)
notes	`notediscovery-mcp`	prox3 → pct 184	Persistent project documentation vault (NoteDiscovery)
vaultwarden	`bw-mcp-server`	`vault.olibuijr.com`	Credential & secrets management (Bitwarden-compatible)

Architecture

code-index — Local uvx process, persistent index at ~/.hermes/code-index/, embedding via Ollama/llama.cpp on Titan. 13+ workspaces pre-indexed.
notes — Shell wrapper sourcing env, tunnels through prox3 via SSH key auth to an LXC container (pct 184), REST API at :8000.
vaultwarden — Self-hosted at vault.olibuijr.com (Titan, 192.168.8.14). Wrapper script sources ~/.hermes/.env, uses bw CLI 2024.12.0 pinned for legacy EncString compat.

Note: The config_layout reports that config.d/ is not loaded by the patched loader — edits must go directly to ~/.hermes/config.yaml.

📓 Notes & Documentation Vault

The NoteDiscovery system is the canonical source for project context, infra details, and past decisions. It runs in an LXC container behind the homelab reverse proxy.

Property	Value
API URL	`http://192.168.8.184:8000`
Access	SSH tunnel: Hermes → prox3 → pct 184
CLI	`~/.local/bin/notes`
MCP Server	`notediscovery-mcp` wrapper
Content	20 Projects/, 60 Systems/ — docs, runbooks, infra tables, decisions

Workflow: Every project task starts with a 3-step warmup: (1) check notes for context, (2) activate code-index for codebase search, (3) fetch any needed credentials from Vaultwarden. After completing work, findings are saved back to the notes vault.

🔐 Secrets & Credential Management

Two-tier secrets infrastructure:

🏦 Vaultwarden (primary)

vault.olibuijr.com

Self-hosted Bitwarden-compatible server on Titan (192.168.8.14).

Access via bw-mcp-server MCP or Bitwarden CLI (2024.12.0 pinned).

Single source of truth for all API keys, credentials, and secrets.

🗝️ Passvault (local fallback)

SQLite + Fernet

Local encrypted secrets manager at ~/.hermes/passvault/.

CLI: passvault · API: passvault serve on :8312

Used for infra creds (nginx proxy, Proxmox root).

Policy: Never store secrets in plain files, notes, or chat. Always check Vaultwarden first before asking the user.

🤖 Model Providers & Routing

The 9router proxy on Titan (192.168.8.14:20128) aggregates models from multiple backends: local Ollama/llama.cpp, Cloudflare Workers AI, Key-Connect, OpenRouter, Gemini API, and custom endpoints — providing 100+ models through a single OpenAI-compatible API.

Backend	Source	Models
🧠 Ollama	Local (Titan)	deepseek-v4-pro, deepseek-v4-flash, gpt-oss:120b, kimi-k2.5, glm-5, minimax-m2.5, qwen3.5
☁️ Cloudflare Workers	`cf/@cf/...`	llama 3.1/3.2/3.3, mistral-small, deepseek-r1, qwen-coder, glm, kimi-k2.5/2.6
🔗 Key-Connect	`kc/...`	claude-sonnet-4, claude-opus-4, gemini-2.5-pro/flash, gpt-4.1, o3, deepseek-chat/reasoner
🌀 OpenRouter	`cx/...`	gpt-5.5, gpt-5.4, gpt-5.3-codex, deepseek-pro, deepseek-flash, verkos-max/pro/fast
🧪 Aggregator	`ag/...`	gemini-3.1-pro, claude-sonnet-4-6, claude-opus-4-6, gpt-oss
🌟 Gemini Direct	`gemini/...`	gemini-3.1-pro, gemini-3-flash, gemma-4-31b
🎯 OpenRouter (keyed)	`ocg/...`	kimi-k2.6, glm-5.1, qwen3.5-plus, minimax-m2.7
💎 Claude Code	`cc/...`	claude-opus-4-7, claude-sonnet-4-6

Fallback Model

For auxiliary/flash-grade tasks (compression, vision extraction, web extraction), the local verkos-router is preferred with deepseek-v4-flash or google/gemini-2.5-flash if the local router is down.

📂 Workspaces & Code Index

Project workspaces live in ~/.hermes/workspaces/ with git worktrees for parallel task branches. All are pre-indexed with persistent code indices at ~/.hermes/code-index/.

Registered Workspaces

9router BuiCode bui-flix bui-flix-iptv buios gagolf golfhermar golfsetridak golfswing karaxxx litlakrili notediscovery olfong storfjolskylda verkos verkos-backend verkos-multica hermes.olibuijr.com

🏗️ Homelab Infrastructure

Host	Role	IP
Titan	Primary server (Hermes, 9router, Ollama, Vaultwarden)	192.168.8.14
prox1 / prox3 / prox4	Proxmox VE cluster	192.168.8.x
pct 184	NoteDiscovery notes vault LXC	via prox3
ns1 / ns2	BIND9 DNS servers (split-horizon)	192.168.8.150 / .151
nginx proxy	Central reverse proxy (all web services)	192.168.8.4

🛡️ Security

TIRITH

Policy enforcement engine for terminal commands

Secret Redaction

Automatic redaction of API keys in output

Website Blocklist

Disabled — allows all URLs

Manual Approval Mode

Destructive operations require user confirmation

🌐 Gateway & Platforms

Platform	Status	Details
💬 Discord	Connected	Home: `#status` · Free response in #legal · Auto-thread · DM enabled
📺 Slack	Configured	Require mention
📱 Telegram	Configured	No reactions
📧 Signal	Configured	Available
📋 SMS	Available	Via gateway