Home / Safety & Troubleshooting

Start Safe

The security answer is not panic, and it is not recklessness. It is boundaries, backups, and judgment.

Hermes is powerful because it can act on your computer. That power deserves respect — not fear, not carelessness.

Core Safety Rules

Start Low-Risk

Begin with notes, outlines, research, and drafts. Expand to file edits and automations after you understand how the agent behaves.

Keep Backups

Your creative work is irreplaceable. Use Time Machine, cloud sync, or git. Never let the agent be your only copy of anything important.

No Secrets in Chats

Don't paste API keys, passwords, bank info, or private tokens into agent conversations. Use environment variables and config files instead.

Keep Approvals On

Leave manual approval prompts enabled until you understand what the agent will do without asking. Expand authority after trust is earned.

No Casual Destructive Commands

Don't ask the agent to delete files, overwrite projects, or run system commands you don't understand. Read before you approve.

Expand Gradually

Add tools, permissions, and automations one at a time. Each new capability is a new boundary to understand.

Recommended Safety Config

Run these after initial setup to enable sensible defaults.

hermes config set approvals.mode manual
hermes config set security.redact_secrets true
  • Manual approvals — Hermes asks before executing terminal commands, file writes, and other actions
  • Secret redaction — attempts to scrub secrets from logs and outputs

Tool Expansion Order

Start with tools that make the agent useful and safe. Add flashy tools after you have a workflow.

PhaseToolsWhy
Day 1file, terminal, memory, skillsRead/write your workspace, remember context
Week 1web/search, browser, cronResearch, scheduling, proactive briefs
Laterimage gen, video gen, TTS, computer useAfter keys, billing, and trust are established

Verification Checklist

Run through this after setup and again whenever something feels off.

  • hermes doctor — no critical errors
  • hermes status — agent and gateway running
  • hermes gateway status — Telegram connected
  • hermes tools list — expected tools enabled, nothing unexpected
  • hermes cron list — scheduled jobs match what you intended
  • Approvals mode is manual
  • Secret redaction is enabled
  • Creative OS folder exists and is backed up
  • Test: ask Hermes to recall your onboarding context
  • Test: send a Telegram message and confirm response

Troubleshooting

Install fails or hermes doctor reports errors

Re-run the install script. Check that you have a supported OS and required dependencies (Node, etc.). Read the error output — hermes doctor usually tells you exactly what's missing.

curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash
hermes doctor

Model / provider won't connect

Run hermes model and re-select your provider. For Nous Portal, complete the browser login flow. For API providers, confirm your API key is set. Model availability on free tiers can change — verify in the portal.

hermes model
hermes status

Telegram bot not responding

  1. Confirm bot token is correct (from @BotFather)
  2. Run hermes gateway status — should show running
  3. Restart: hermes gateway stop then hermes gateway start
  4. Send a message to your bot in Telegram (not in a group first — test 1:1)
hermes gateway setup
hermes gateway install
hermes gateway start
hermes gateway status

Agent forgot my context

Check that memory tools are enabled. Re-paste the onboarding prompt. Confirm your Creative OS folder and MEMORY.md exist. Ask Hermes explicitly to save durable facts.

Cron job not firing

hermes cron list
hermes cron status

Verify the schedule exists, the gateway is running, and the time zone matches your expectation. Re-create the cron if needed.

Agent did something unexpected

This is why manual approvals exist. Review what was approved. Tighten tool access. Reduce scope. Start with read-only tasks until behavior is predictable. Run your verification loop before you trust the output.

When Things Go Wrong

Recovery steps

  1. Stop the gateway: hermes gateway stop
  2. Restore files from backup if needed
  3. Run hermes doctor to diagnose
  4. Review recent agent actions and approvals
  5. Re-enable manual approvals if you disabled them
  6. Restart with reduced tool access and narrower scope
Back to Setup → Verification Loop Prompts