Problem
On 2026-05-14, the Hermes container was rebuilt (upstream sync) without taking a volume snapshot first. The original Docker volume was replaced, causing total loss of bot memory: sessions, cron jobs, persona, learned protocols.
This must never happen again. Hermes needs — and NanoClaw will need — a formal backup & restore procedure for Docker volumes.
Requirements
Pre-Rebuild (Mandatory Before Any docker compose build / Container Recreation)
-
Snapshot the Docker volume to a tarball on the host:
docker run --rm \
-v <volume-name>:/data:ro \
-v /backup/hermes:/backup \
alpine tar czf /backup/hermes-pre-rebuild-$(date +%Y%m%d-%H%M%S).tar.gz -C / data
-
Verify the snapshot (file exists, non-zero size, readable)
-
Export state.db separately as a quick-restore point:
docker exec hermes python3 -c "
import shutil
shutil.copy('/opt/data/state.db', '/opt/data/state.db.pre-rebuild')
"
-
Only then: proceed with rebuild
Post-Rebuild (Restore Procedure)
-
Restore configs from roosync-cluster/config/ (repo copy):
config.yaml → fix model/provider/base_url/compression.env.template → restore Telegram allowlists
-
Run hermes-restore-config.sh (handles base_url contamination, model fix, ownership)
-
Restore state.db from snapshot if session history is needed:
docker run --rm \
-v <volume-name>:/data \
-v /backup/hermes:/backup \
alpine sh -c "cd /data && tar xzf /backup/hermes-pre-rebuild-YYYYMMDD-HHMMSS.tar.gz --strip-components=1"
-
Verify: model config, Telegram connectivity, MCP bridges, cron jobs
Automation
Safety Checklist (Human Gate)
Before any destructive Docker operation on ANY bot container:
Related
Problem
On 2026-05-14, the Hermes container was rebuilt (upstream sync) without taking a volume snapshot first. The original Docker volume was replaced, causing total loss of bot memory: sessions, cron jobs, persona, learned protocols.
This must never happen again. Hermes needs — and NanoClaw will need — a formal backup & restore procedure for Docker volumes.
Requirements
Pre-Rebuild (Mandatory Before Any
docker compose build/ Container Recreation)Snapshot the Docker volume to a tarball on the host:
Verify the snapshot (file exists, non-zero size, readable)
Export state.db separately as a quick-restore point:
Only then: proceed with rebuild
Post-Rebuild (Restore Procedure)
Restore configs from
roosync-cluster/config/(repo copy):config.yaml→ fix model/provider/base_url/compression.env.template→ restore Telegram allowlistsRun
hermes-restore-config.sh(handles base_url contamination, model fix, ownership)Restore state.db from snapshot if session history is needed:
Verify: model config, Telegram connectivity, MCP bridges, cron jobs
Automation
roosync-cluster/scripts/hermes-backup.shroosync-cluster/scripts/hermes-restore-config.sh(exists, needs base_url check added)Safety Checklist (Human Gate)
Before any destructive Docker operation on ANY bot container:
roosync-cluster/config/).env.secretsis currentRelated
feedback_hermes_docker.mdlesson fix: align threading docstring with implementation NousResearch/hermes-agent#27