بنقرة واحدة
nightly-backup
Run `hermes backup`, encrypt, upload to remote storage, prune old backups
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Run `hermes backup`, encrypt, upload to remote storage, prune old backups
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | nightly-backup |
| description | Run `hermes backup`, encrypt, upload to remote storage, prune old backups |
| when_to_use | ["Scheduled nightly via cron","User requests an explicit backup","Before a risky config change"] |
| toolsets | ["terminal","file"] |
| parameters | {"remote":{"type":"string","description":"Remote target. Supports s3://bucket/prefix, b2://bucket/prefix, ssh://user@host:/path, or \"local\"","default":"local"},"retain_days":{"type":"integer","default":30}} |
Thin wrapper around hermes backup + encryption + optional remote upload + retention.
Snapshot. Run:
hermes backup --output /tmp/hermes-backup-$(date +%Y%m%d-%H%M%S).tar
This bundles config, sessions, skills, memory, and cron entries per Part 16.
Encrypt. Use age (if available) or gpg symmetric:
BACKUP_PASSPHRASE=$(hermes secrets get BACKUP_PASSPHRASE)
age -p -o /tmp/hermes-backup-*.tar.age /tmp/hermes-backup-*.tar
# or
gpg --batch --yes --symmetric --cipher-algo AES256 \
--passphrase "$BACKUP_PASSPHRASE" \
/tmp/hermes-backup-*.tar
shred -u /tmp/hermes-backup-*.tar
Upload. Based on remote: parameter:
s3://… → aws s3 cp <file> s3://bucket/prefix/b2://… → rclone copy <file> b2:bucket/prefix/ssh://… → rsync -av <file> user@host:/path/local → move to ~/.hermes/backups/Prune. Delete anything older than retain_days:
s3: use S3 lifecycle policy if possible; otherwise aws s3 ls + age filterb2: rclone delete --min-age ${retain_days}d b2:bucket/prefix/ssh: ssh host "find /path -mtime +${retain_days} -delete"local: find ~/.hermes/backups -mtime +${retain_days} -deleteVerify. Download a random recent backup and test-decrypt:
age -d -i ~/.age-backup-key backup.tar.age > /tmp/verify.tar && tar tf /tmp/verify.tar | head -5
Fail loud if the verification fails — a backup you can't restore is not a backup.
Report. Send a line to your configured notify: channel:
✔ hermes backup 2026-04-17 — 284 MB, uploaded to s3://backups/hermes/, pruned 3 old
On failure, send 🔴 with the specific error and skip pruning (keep old backups until the new one succeeds).
# ~/.hermes/cron.yaml
- name: nightly-backup
schedule: "0 3 * * *"
task: /nightly-backup s3://my-backups/hermes/ 30
notify: telegram_private
.env plaintext — hermes backup already excludes it. If you're using a fork, verify with tar tf backup.tar | grep .env and bail if it appears..env), otherwise a stolen Hermes host gets both.skills/security/rotate-secrets.Build human-readable release notes from a range of commits or merged PRs
Produce a weekly "What's new in Hermes" digest by summarizing merged PRs + active issues from NousResearch/hermes-agent
Sweep inbox (email + Slack + Telegram DMs) and produce a prioritized action list with suggested replies
Prepare a 1-page brief for an upcoming meeting by combining calendar context, recent threads with attendees, and relevant docs
Classify incoming messages from public channels as spam / prompt-injection-attempt / genuine; quarantine risky ones
Delegate a PR review to Claude Code with a scoped read-only GitHub PAT