Inventory a live Hermes installation on disk and create a sanitized backup repo of config, skills, memory, and restore scripts without leaking secrets or blindly committing runtime state.
Use this when you need to back up or migrate a live Hermes installation to a Git repo.
Goal:
Start by inspecting the real Hermes home and related config paths. On this machine the key locations were:
/root/.hermes/config.yaml/root/.hermes/.env/root/.hermes/skills//root/.hermes/memories/MEMORY.md/root/.hermes/memories/USER.md/root/.hermes/SOUL.md/root/.hermes/state.db/root/.hermes/processes.json/root/.hermes/channel_directory.json/root/.hermes/gateway_state.json/root/.hermes/pairing//root/.config/systemd/user/hermes-gateway.service/root/.config/himalaya/config.tomlAlso check whether Hermes runtime was installed under something like:
/root/.hermes/hermes-agent/root/.hermes/nodeThose are usually reinstallable runtime/code, not backup targets.
For this Hermes install:
/root/.hermes/state.dbmessagesmessages_fts*sessionsschema_versiontodos tableDo not assume old docs are correct about paths like ~/.hermes/sessions/ or ~/.hermes/logs/ — inspect the live disk layout instead.
config.yaml with all API keys/tokens/password-like fields blanked.env.example containing env var names only, never valuesskills/ treeMEMORY.md, USER.md, SOUL.mdhermes-gateway.service.env/root/.config/himalaya/config.toml)/root/.hermes/node//root/.hermes/cache//root/.hermes/whatsapp/bridge.log/root/projects/* and /root/repos/*state.dbprocesses.jsonchannel_directory.jsongateway_state.jsonpairing/*Reason: these often contain sensitive conversation history, runtime state, approval mappings, or secrets.
hermes-build/
README.md
.gitignore
config/
config.yaml
.env.example
memory/
MEMORY.md
USER.md
SOUL.md
skills/
service/
hermes-gateway.service
docs/
INVENTORY.md
scripts/
setup.sh
export_live_state.sh
config.yamlstate.db schema before deciding what to back upapi_key, token, secret, password, and provider-specific variants.env, export only variable names into .env.exampleconfig/config.yamlconfig/.env.exampledocs/INVENTORY.md with absolute paths and include/exclude decisionsscripts/setup.sh to restore sanitized config into $HERMES_HOMEscripts/export_live_state.sh for optional encrypted state exportfeat: add sanitized Hermes config backupA practical restore script should:
$HERMES_HOME, $HERMES_HOME/memories, $HERMES_HOME/skillsskills/ into Hermes home.env from .env.example if missingIf full disaster recovery is needed, export these to a separate directory:
/root/.hermes/state.db/root/.hermes/processes.json/root/.hermes/channel_directory.json/root/.hermes/gateway_state.json/root/.hermes/pairing/Then encrypt that export before storing it anywhere.
state.db.env even to a private repohimalaya/config.toml if it contains Gmail credentials/app passwordsnode, virtualenvs, binaries) as if they were configpairing/*.json; they can contain approval/account mappingsBefore pushing, confirm:
config/config.yaml has blanked secret fieldsconfig/.env.example contains only keys, not values$HERMES_HOME, not hardcoded assumptions unless explicitly intended