Summary
Two related bugs share the same root cause: Hermes does not define a per-profile HOME directory, which breaks the expected isolation between profiles and causes tool configuration to be lost on Docker container updates.
Bug 1 — Docker: system tool configuration is not persisted
The official Docker setup documents /opt/data (mapped to ~/.hermes/) as the persistent volume. A reasonable user expects this to be sufficient to survive container updates.
However, many system tools write their configuration to /root/ instead of /opt/data/, and /root/ is not persisted:
git → /root/.gitconfig, /root/.git-credentialsssh → /root/.ssh/gh, gcloud, npm, and others → /root/.config/...
Actual behavior: after docker pull + container recreate, all tool configuration is lost even though Hermes-specific data in /opt/data survives.
Expected behavior: the official setup should either persist tool configuration or document clearly that /root/ must be mounted separately.
Current workaround: mounting /root as an additional Docker volume. This works but is not clean — it mixes system paths with user data and can cause compatibility issues across container version upgrades.
Bug 2 — Profiles: system credentials are shared across all profiles
The profiles documentation presents profiles as a way to run multiple independent agents on the same machine. A reasonable user expects profiles to be isolated from each other, including credentials and system tool configuration.
What is isolated per profile ✅
config.yaml, .env, SOUL.mdmemories/, sessions/, skills/, cron/, state.db
What is NOT isolated (shared across all profiles) ❌
/root/.gitconfig → all profiles share the same git identity/root/.ssh/ → all profiles share the same SSH keys/root/.config/ → all profiles share tool credentials
Actual behavior: it is impossible to run two profiles with different git identities, SSH keys, or tool credentials simultaneously.
Expected behavior: profiles should isolate system-level configuration, or the documentation should clearly state that profiles do not provide system-level isolation.
Root cause
Both bugs have the same cause: Hermes runs all profiles as root with HOME=/root hardcoded and does not set a per-profile HOME. All system tools therefore write to the same /root/ directory regardless of which profile is running.
Proposed fix
Set HOME per profile to a path inside the profile's persistent directory:
HOME=/opt/data/profiles/{profile_name}/home
Or for the default/single profile:
This would fix both bugs at once:
- Docker persistence: system tools write to
$HOME inside the volume → survives container updates ✅
- Profile isolation: each profile has its own
$HOME → credentials and configs are isolated ✅
Known limitations
Setting $HOME covers the majority of common tools (git, ssh, npm, pip, gh...) but is not a complete solution. Some programs resolve the home directory via getpwuid(getuid()) at runtime, which always returns /root for the root user regardless of the $HOME environment variable. A fully complete solution would require running each profile under a different system UID. We raise this so the team can evaluate the right level of isolation to target.
Alternative (partial fix)
If changing HOME globally is not feasible, allowing per-profile environment variable overrides in config.yaml would partially address the issue:
env:
GIT_CONFIG_GLOBAL: /opt/data/profiles/work/home/.gitconfig
SSH_AUTH_SOCK: /opt/data/profiles/work/home/.ssh/agent.sock
This does not solve the Docker persistence problem and requires users to configure each tool manually, but would at least allow basic credential isolation per profile.
Environment
- Hermes Agent running in Docker (official image)
- Docker volume:
~/.hermes:/opt/data
- Multiple profiles intended for different agent identities
- Tools used:
git, gh, ssh, and others that write to /root/
Summary
Two related bugs share the same root cause: Hermes does not define a per-profile
HOMEdirectory, which breaks the expected isolation between profiles and causes tool configuration to be lost on Docker container updates.Bug 1 — Docker: system tool configuration is not persisted
The official Docker setup documents
/opt/data(mapped to~/.hermes/) as the persistent volume. A reasonable user expects this to be sufficient to survive container updates.However, many system tools write their configuration to
/root/instead of/opt/data/, and/root/is not persisted:git→/root/.gitconfig,/root/.git-credentialsssh→/root/.ssh/gh,gcloud,npm, and others →/root/.config/...Actual behavior: after
docker pull+ container recreate, all tool configuration is lost even though Hermes-specific data in/opt/datasurvives.Expected behavior: the official setup should either persist tool configuration or document clearly that
/root/must be mounted separately.Current workaround: mounting
/rootas an additional Docker volume. This works but is not clean — it mixes system paths with user data and can cause compatibility issues across container version upgrades.Bug 2 — Profiles: system credentials are shared across all profiles
The profiles documentation presents profiles as a way to run multiple independent agents on the same machine. A reasonable user expects profiles to be isolated from each other, including credentials and system tool configuration.
What is isolated per profile ✅
config.yaml,.env,SOUL.mdmemories/,sessions/,skills/,cron/,state.dbWhat is NOT isolated (shared across all profiles) ❌
/root/.gitconfig→ all profiles share the same git identity/root/.ssh/→ all profiles share the same SSH keys/root/.config/→ all profiles share tool credentialsActual behavior: it is impossible to run two profiles with different git identities, SSH keys, or tool credentials simultaneously.
Expected behavior: profiles should isolate system-level configuration, or the documentation should clearly state that profiles do not provide system-level isolation.
Root cause
Both bugs have the same cause: Hermes runs all profiles as
rootwithHOME=/roothardcoded and does not set a per-profileHOME. All system tools therefore write to the same/root/directory regardless of which profile is running.Proposed fix
Set
HOMEper profile to a path inside the profile's persistent directory:Or for the default/single profile:
This would fix both bugs at once:
$HOMEinside the volume → survives container updates ✅$HOME→ credentials and configs are isolated ✅Known limitations
Setting
$HOMEcovers the majority of common tools (git, ssh, npm, pip, gh...) but is not a complete solution. Some programs resolve the home directory viagetpwuid(getuid())at runtime, which always returns/rootfor the root user regardless of the$HOMEenvironment variable. A fully complete solution would require running each profile under a different system UID. We raise this so the team can evaluate the right level of isolation to target.Alternative (partial fix)
If changing
HOMEglobally is not feasible, allowing per-profile environment variable overrides inconfig.yamlwould partially address the issue:This does not solve the Docker persistence problem and requires users to configure each tool manually, but would at least allow basic credential isolation per profile.
Environment
~/.hermes:/opt/datagit,gh,ssh, and others that write to/root/