Hermes Agent — Live System State

Complete Blueprint + Fix Sequence

Built from full live filesystem dump — June 24, 2026 02:33 UTC — for Hermes/Misfit execution
xAI token EXPIRED Codex EXHAUSTED until Jul 21 discord→GBrain BROKEN vault-daily FAILING Gemini FREE TIER exhausted Composio MCP 404 Telegram LIVE GBrain ~90% health xAI image gen WORKING 10 cron jobs active
Critical

Auth Provider Status — Live

Every primary provider has an issue. System currently running on stepfun free-tier fallback.
ProviderStatusErrorReset / Fix
xai-oauth-oauth-3
hermes-admin, researcher, vault, content		 EXPIRED invalid_grant — refresh token revoked Jun 22 Re-run hermes auth xai PKCE flow — fixes 4 profiles at once
openai-codex-oauth-1
coder, server-ops		 EXHAUSTED Usage limit hit — last_error_reset_at: 1784851350 = Jul 21 2026 Wait until Jul 21 OR add second ChatGPT Plus account
GOOGLE_API_KEY
gemini, comms-gemini, auxiliary models		 FREE TIER 429 250 req/day free tier exhausted — RESOURCE_EXHAUSTED Enable billing at aistudio.google.com/apikey — regen key
OPENAI_API_KEY
openai-api pool		 401 PERMISSION Missing api.responses.write scope Regenerate API key with correct permissions at platform.openai.com
copilot (gh auth token) OK No errors Available as interim fallback — limited model selection
nous (active_provider) EMPTY POOL Credential pool empty — falls through to stepfun/step-3.7-flash:free This is the current fallback running all sessions
Why everything feels degraded right now The root config shows active_provider: nous with an empty credential pool. All four xAI profiles (hermes-admin, researcher, vault, content) are hitting the expired token. All Codex profiles (coder, server-ops) are hitting the usage limit. Gemini is 429ing on the main generate endpoint. Every session is falling back to stepfun/step-3.7-flash:free via the Nous passthrough.
Fix 1 — Do First

Re-authenticate xAI Token

One command. Restores hermes-admin, researcher, vault, content simultaneously.
# Re-auth xAI PKCE flow — restores 4 profiles at once
hermes auth xai

# Verify token is active
python3 -c "
import json
d = json.load(open('/home/hermes/.hermes/auth.json'))
for t in d['credential_pool'].get('xai-oauth', []):
    print(t.get('label'), '|', t.get('last_status'), '|', t.get('last_error_code'))
"

# Test a profile session
hermes run -p hermes-admin "ping — respond with your current model and provider"
After re-auth, if hermes-admin responds without mentioning stepfun or free tier, the token is live.
Active Failure

discord-ingest-to-gbrain: gbrain Not on PATH

Every nightly run fails. 8 GBrain writes missed per night. This is silent data loss.

The script calls subprocess.run(["gbrain", "put", slug, str(path)]). The gbrain binary is at /home/hermes/.bun/bin/gbrain but the cron environment does not inherit the full user PATH. All 8 channel ingests fail with [Errno 2] No such file or directory: 'gbrain'. The cron shows last_status: ok because the old version of the script did not exit(1) on failure — this was patched by the nightly-system-optimizer on Jun 23, but the underlying PATH issue remains.

# Confirm gbrain binary location
which gbrain || ls -la /home/hermes/.bun/bin/gbrain

# Fix Option A — symlink to /usr/local/bin (cleanest)
sudo ln -sf /home/hermes/.bun/bin/gbrain /usr/local/bin/gbrain
gbrain --version  # verify

# Fix Option B — add PATH prefix in the script
# Add to top of discord_ingest_to_gbrain.py:
import os
os.environ["PATH"] = f"/home/hermes/.bun/bin:{os.environ.get('PATH', '')}"

# After fix — test manually
python3 /home/hermes/.hermes/scripts/discord_ingest_to_gbrain.py

# Verify GBrain received the pages
gbrain list --tag discord-logs | tail -10
The nightly-system-optimizer already flagged this on Jun 23 It patched the script to exit(1) on failure so the cron now shows errors. But the PATH fix was not applied — it needs the symlink or the os.environ patch above.
Active Failure

vault-daily: Missing frontmatter Module

vault_lib.py fails on import. vault-daily has been showing last_status: ok but erroring internally.

The cron logs show: ModuleNotFoundError: No module named 'frontmatter' in vault_lib.py. The vault automation scripts call /home/hermes/vault/automation/cron_daily.py which imports a vault_lib that requires the python-frontmatter package. It is not installed in the Hermes venv.

# Install in the Hermes venv
/home/hermes/.hermes/hermes-agent/venv/bin/pip install python-frontmatter

# Verify
/home/hermes/.hermes/hermes-agent/venv/bin/python -c "import frontmatter; print('ok')"

# Test vault-daily manually
python3 /home/hermes/.hermes/scripts/vault-daily.py

# Check vault automation lint directly
python3 /home/hermes/vault/automation/lint.py 2>&1 | tail -10
Fix 2 — Highest Leverage

Skill Bloat — Every Profile Loads Everything

~40 skill categories injected into every profile context on every session. No whitelist exists on any profile.

Every profile — including hermes-admin — loads gaming/pokemon-player, mlops/inference/vllm, touchdesigner-mcp, baoyu-comic, academic research paper templates, and ~35 other categories it will never use. This inflates every session's system prompt and competes for context against the actual SOUL.md and skill instructions that matter.

The fix is a skills.include block in each profile's config.yaml. Only whitelisted skill IDs load into the context. Everything else in the directory is ignored at runtime.

# ~/.hermes/profiles/hermes-admin/config.yaml — append this block
skills:
  include:
    - devops/kanban-orchestrator
    - devops/kanban-worker
    - autonomous-ai-agents/hermes-agent
    - software-development/plan
    - software-development/spike
    - software-development/debugging-hermes-tui-commands

# ~/.hermes/profiles/coder/config.yaml
skills:
  include:
    - devops/kanban-worker
    - autonomous-ai-agents/codex
    - autonomous-ai-agents/hermes-agent
    - github/github-pr-workflow
    - github/github-issues
    - github/codebase-inspection
    - software-development/systematic-debugging
    - software-development/test-driven-development
    - software-development/plan
    - software-development/subagent-driven-development
    - software-development/hermes-agent-skill-authoring

# ~/.hermes/profiles/server-ops/config.yaml
skills:
  include:
    - devops/kanban-worker
    - devops/exposing-local-demos
    - software-development/hermes-s6-container-supervision
    - software-development/debugging-hermes-tui-commands
    - software-development/systematic-debugging
    - mcp/native-mcp
    - autonomous-ai-agents/hermes-agent

# ~/.hermes/profiles/researcher/config.yaml
skills:
  include:
    - devops/kanban-worker
    - research/arxiv
    - research/blogwatcher
    - research/llm-wiki
    - notebooklm
    - youtube-channel-research
    - youtube-story-method-research
    - social-media/xurl

# ~/.hermes/profiles/vault/config.yaml
skills:
  include:
    - devops/kanban-worker
    - mcp/gbrain
    - mcp/native-mcp
    - note-taking/obsidian
    - productivity/notion
    - media/youtube-content
    - autonomous-ai-agents/hermes-agent

# ~/.hermes/profiles/content/config.yaml
skills:
  include:
    - devops/kanban-worker
    - dark-story-video-prompts
    - youtube-story-method-research
    - youtube-channel-research
    - notebooklm
    - creative/creative-ideation
    - creative/ascii-video
    - creative/manim-video
    - media/youtube-content

# ~/.hermes/profiles/comms-gemini/config.yaml
skills:
  include:
    - devops/kanban-worker
    - email/himalaya
    - productivity/google-workspace
    - research/blogwatcher
    - social-media/xurl
    - note-taking/obsidian
One-shot patch script Save the script below as ~/apply-skill-whitelists.sh, run it, then restart the gateway. Safe to run multiple times — checks before appending. 
#!/bin/bash
# apply-skill-whitelists.sh — patches all profiles at once
P=/home/hermes/.hermes/profiles

patch() {
  local name=$1; shift
  local cfg="$P/$name/config.yaml"
  if grep -q "^skills:" "$cfg" 2>/dev/null; then
    echo "SKIP $name (already has skills block)"
    return
  fi
  { echo ""; echo "skills:"; echo "  include:"; for s in "$@"; do echo "    - $s"; done; } >> "$cfg"
  echo "PATCHED $name"
}

patch hermes-admin \
  "devops/kanban-orchestrator" "devops/kanban-worker" \
  "autonomous-ai-agents/hermes-agent" \
  "software-development/plan" "software-development/spike" \
  "software-development/debugging-hermes-tui-commands"

patch coder \
  "devops/kanban-worker" "autonomous-ai-agents/codex" \
  "autonomous-ai-agents/hermes-agent" \
  "github/github-pr-workflow" "github/github-issues" \
  "github/codebase-inspection" \
  "software-development/systematic-debugging" \
  "software-development/test-driven-development" \
  "software-development/plan" "software-development/subagent-driven-development" \
  "software-development/hermes-agent-skill-authoring"

patch server-ops \
  "devops/kanban-worker" "devops/exposing-local-demos" \
  "software-development/hermes-s6-container-supervision" \
  "software-development/debugging-hermes-tui-commands" \
  "software-development/systematic-debugging" \
  "mcp/native-mcp" "autonomous-ai-agents/hermes-agent"

patch researcher \
  "devops/kanban-worker" "research/arxiv" "research/blogwatcher" \
  "research/llm-wiki" "notebooklm" \
  "youtube-channel-research" "youtube-story-method-research" \
  "social-media/xurl"

patch vault \
  "devops/kanban-worker" "mcp/gbrain" "mcp/native-mcp" \
  "note-taking/obsidian" "productivity/notion" \
  "media/youtube-content" "autonomous-ai-agents/hermes-agent"

patch content \
  "devops/kanban-worker" "dark-story-video-prompts" \
  "youtube-story-method-research" "youtube-channel-research" \
  "notebooklm" "creative/creative-ideation" \
  "creative/ascii-video" "creative/manim-video" "media/youtube-content"

patch comms-gemini \
  "devops/kanban-worker" "email/himalaya" \
  "productivity/google-workspace" "research/blogwatcher" \
  "social-media/xurl" "note-taking/obsidian"

echo ""
echo "All patched. Restart gateway:"
echo "hermes gateway restart"
Fix 3

Composio MCP — npm E404

The endpoint URL is correct. The npm package name changed.
# Check current package name (Composio renamed their npm package)
npm search composio mcp 2>/dev/null | head -10

# Try the new package name
npm install -g @composio/mcp 2>/dev/null
# or:
npm install -g composio-mcp 2>/dev/null

# If no npm package works, switch config to HTTP transport
# The URL https://connect.composio.dev/mcp already works as HTTP MCP
# Check Hermes docs for http mcp_server type vs npm type

# After fix — verify in mcp logs
tail -50 /home/hermes/.hermes/profiles/hermes-admin/logs/mcp-stderr.log
Fix 4

Tirith Binary PATH

Binary found at /home/hermes/.hermes/bin/tirith — just needs to be on PATH. Also exists at content/bin/tirith.
# Binary is already at ~/.hermes/bin/tirith
ls -la /home/hermes/.hermes/bin/tirith

# Symlink to system PATH
sudo ln -sf /home/hermes/.hermes/bin/tirith /usr/local/bin/tirith
tirith --version

# OR update root config.yaml security section:
# security:
#   tirith_enabled: true
#   tirith_path: /home/hermes/.hermes/bin/tirith
Map

Actual Folder Structure — Live System

From the full filesystem dump. Annotated with what each dir does and what's notable.
/home/hermes/
├── .hermes/                           # System machinery. Auth, config, kanban, profiles.
│   ├── auth.json                          
│   ├── config.yaml                        # Root config — active_provider: nous (fallback)
│   ├── .env                               # GOOGLE_API_KEY, TELEGRAM_BOT_TOKEN, HONCHO_API_KEY
│   ├── kanban.db                          # Task queue — state.db-wal confirms WAL mode active
│   ├── state.db + state.db-shm/.wal       # Session state
│   ├── SOUL.md                            # Root DISPATCH SOUL (same as default profile)
│   ├── MISSION.md                         # Root mission doc
│   ├── misft_style_reference.md           # Visual style guide for stickman character system
│   ├── bin/
│   │   ├── tirith                         
│   │   └── hermes-context
│   ├── scripts/                           # All cron-backing Python scripts
│   │   ├── discord_ingest.py              # Pulls Discord channels → JSON + MD
│   │   ├── discord_ingest_to_gbrain.py    # BROKEN — gbrain not on PATH
│   │   ├── discord_manager.py             # Discord REST API helper
│   │   ├── daily-brief.py                 # Emits daily briefing prompt
│   │   ├── container-health.py            # Watches 3 Docker containers
│   │   ├── vault-daily/weekly/monthly.py  # FAILING — calls vault/automation which needs frontmatter
│   │   ├── organize_loose_files.py        # Nightly .hermes root cleanup
│   │   ├── refresh-notebooklm-cookies.py  # Cookie keepalive for NotebookLM auth
│   │   └── youtube_agent_curator.py       # YouTube scraper for daily brief
│   ├── cron/
│   │   ├── jobs.json                      # 10 active jobs with schedules and last status
│   │   └── output/                        # 109+ cron output files by job ID
│   ├── profiles/
│   │   ├── default/       SOUL.md only    # DISPATCH reference SOUL
│   │   ├── hermes-admin/  config + SOUL + skills (no memories/) 
│   │   ├── coder/         config + SOUL + memories/
│   │   ├── content/       config + SOUL + memories/ + auth.json  
│   │   ├── researcher/    config + SOUL + memories/
│   │   ├── server-ops/    config + SOUL + memories/
│   │   ├── vault/         config + SOUL + memories/ + auth.json
│   │   └── comms-gemini/  config + SOUL + memories/
│   ├── research/                          # GBrain ingest staging files (recent runs)
│   │   ├── hermes-ecosystem-gbrain-ingest-2026-06-24.md
│   │   ├── youtube-dark-pov-gbrain-ingest-2026-06-23.md
│   │   └── hermes-ecosystem/, gbrain-maintenance/
│   ├── outputs/
│   │   ├── Dark_POV_Faceless_Video_Framework.md
│   │   └── NotebookLM_InDepth_Analysis_LucasGrant_MrViceRank...md
│   ├── discord-ingests/                    # Nightly channel snapshots (JSON + MD)
│   │   └── 2026-06-22_*.json/.md per channel
│   ├── skills/                            # Global shared skills dir
│   │   └── mcp/gbrain/SKILL.md            # GBrain skill — used in all cron prompts
│   ├── shared/
│   │   └── nous_auth.json
│   └── plugins/hermes-achievements/       # Achievement tracking state

├── vault/                                 # Durable knowledge. NOT .hermes machinery.
│   ├── automation/                        # Python automation scripts for vault
│   │   ├── cron_daily.py                  # Called by vault-daily.py
│   │   ├── vault_lib.py                   # FAILING — requires python-frontmatter
│   │   ├── lint.py                        # Vault health check
│   │   └── daily-brief-requests.md        # Dylan's custom brief topics
│   ├── inbox/
│   │   ├── triage/                        # Pending review items
│   │   └── captured/
│   │       ├── x/                         # X/Twitter research captures
│   │       ├── youtube/                   # YouTube research
│   │       └── readwise-import/           # Readwise highlights import
│   ├── sources/                           # Raw source material (typed MD with frontmatter)
│   ├── concepts/                          # Synthesized concept pages (in GBrain)
│   ├── projects/                          # Project-specific knowledge
│   ├── entities/
│   │   └── people/                        # Person lookup files for comms-gemini
│   ├── raw/                               # Narration MDs, cleanup logs, phase archives
│   └── index.md + dashboard + connections.md

├── bin/
│   ├── docker-compose
│   └── notebooklm                         # nlm CLI binary

└── .ssh/
    ├── authorized_keys                    # claude-debug-temp key — REMOVE after session
    ├── vaultwarden_tunnel + .pub
    └── known_hosts
Cron Jobs

All 10 Active Cron Jobs — Live Status

From jobs.json — Jun 24, 2026
JobScheduleProfileStatusNotes
vault-daily 0 6 * * * default (none set) ok* — internal fail vault_lib.py fails: missing frontmatter module. Script reports ok but errors.
vault-weekly 0 7 * * 1 default ok Same underlying issue — will fail next Monday run
vault-monthly 0 8 1 * * default never run Next run Jul 1 — will fail same as daily
container-health 30 * * * * default ok 114 runs, silent when healthy. Watches hindsight-db, searxng, vaultwarden.
daily-brief 0 7 * * * default ok Posts to #daily-brief. vault/automation/lint.py call inside brief is also failing.
notebooklm-cookie-refresh 0 */12 * * * default ok 6 runs. Posts to origin Discord thread. Last run 00:01 Jun 24.
gbrain-nightly-maintenance 0 3 * * * default ok Uses gbrain skill. Reports stats deltas. Currently using gbrain CLI fallback (MCP not exposed in cron context).
file-organizer-nightly 30 4 * * * default ok Cleans .hermes root clutter. Moves research/story MDs to correct dirs.
youtube-competitor-firecrawl-research 0 2 * * * default ok Dark POV YouTube research → GBrain ingest. Uses gbrain CLI fallback.
discord-ingest-to-gbrain embedded in discord-ingest default FAILING All 8 GBrain writes fail: [Errno 2] No such file or directory: 'gbrain'
Key insight from cron outputs All cron jobs run under the default profile (no profile field set in jobs.json). This means they all inherit the default profile's xAI-oauth token — which is currently expired. Agent-mode crons (daily-brief, gbrain-maintenance, research crons) are all falling back to stepfun. The vault-daily cron is no-agent mode, so it bypasses the model issue but hits the frontmatter module issue instead.
GBrain

GBrain Knowledge Graph — Live State

PGLite-backed. Exposed via mcp_gbrain_* tools. Binary at /home/hermes/.bun/bin/gbrain.
81
Pages
+1 since Jun 23
78
Links
+2 since Jun 23
18
Timeline
+2 entries
~90%
Health
Per mcp_gbrain_get_health

Active GBrain issues from maintenance logs

Known page types in graph

GBrain CLI commands that actually work in the current environment

# Must export PATH first in all shells/crons
export PATH="/home/hermes/.bun/bin:$PATH"

gbrain list                    # list all pages
gbrain get [slug]              # get a page
gbrain stats                   # page/link/timeline counts
gbrain doctor                  # health check
gbrain graph --depth 1         # link graph
gbrain timeline [slug]         # timeline entries for a page

# For writes — prefer MCP tools when available
# mcp_gbrain_put_page > gbrain CLI for put operations
# CLI put sometimes hangs — MCP is reliable

# Backfill missing Discord logs
export PATH="/home/hermes/.bun/bin:$PATH"
python3 /home/hermes/.hermes/scripts/discord_ingest_to_gbrain.py
GBrain MCP vs CLI clarification The MCP server (mcp_gbrain_* tools) is the preferred write path. The gbrain CLI is the fallback used by crons when the MCP is not exposed in the cron context. The cron environment does not get the MCP stdio binding — which is why all crons use gbrain CLI fallback in their logs. This is expected behavior, not a bug. The PATH fix resolves the CLI fallback path.
Vault

Vault Structure + Automation State

/home/hermes/vault — durable knowledge layer. Not .hermes machinery.
DirectoryPurposeStatus
vault/inbox/captured/Raw incoming captures (X, YouTube, Readwise import)active — files from Jun 19
vault/inbox/triage/Items awaiting review and promotionempty per daily-brief logs
vault/sources/Typed MD source pages with frontmatter after triagepopulated
vault/concepts/Synthesized concept pages (mirrors GBrain concept type)active
vault/projects/Project-specific knowledgeactive
vault/entities/people/Person lookup files for comms-gemini person-first protocolexists, populated from past sessions
vault/automation/Python scripts for daily/weekly/monthly vault processingvault_lib.py broken — missing frontmatter module
vault/automation/daily-brief-requests.mdDylan's custom daily brief topicsexists, currently empty
vault/raw/Narration MDs, cleanup logs, phase archivesactive — phaseN cleanup logs present
vault/index.md + dashboard + connections.mdVault navigation and graph summarymaintained by vault cron
vault-daily has been silently failing since Jun 20 The daily-brief logs show: vault/automation/lint.py fails: ModuleNotFoundError: No module named 'frontmatter' and vault/inbox/triage/ is empty — meaning no triage happened. Items in captured/ from Jun 19 have not been processed. Fix: install python-frontmatter in the Hermes venv (see Fix above).
Profiles

Profile Map — Current vs Target

ProfileCurrent ModelAuth StatusTarget ModelChanges Needed
hermes-admin grok-build-0.1 xAI expired grok-4 xai-oauth Re-auth xAI. Add memories/ dir. Add skills.include. Add channel map to SOUL.
coder gpt-5.5 Codex exhausted (Jul 21) gpt-5.5 openai-codex Interim: switch fallback to copilot. Add skills.include.
server-ops gpt-5.5 Codex exhausted (Jul 21) gpt-5.5 openai-codex Interim: switch fallback to copilot. Add skills.include.
researcher grok-build-0.1 xAI expired gemini-2.5-pro gemini Re-auth xAI (short term). Migrate to Gemini after billing enabled.
vault grok-build-0.1 xAI expired gemini-2.5-flash gemini Re-auth xAI (short term). Migrate to Gemini after billing enabled.
content grok-build-0.1 xAI expired + stale auth entries grok-4 xai-oauth Re-auth xAI. Clean stale entries. Later: rename to content-story.
comms-gemini gemini-3.1-flash-lite Free tier 429 gemini-2.5-flash gemini Enable billing, upgrade model string.
default grok-build-0.1 xAI expired Keep as-is Re-auth xAI. Default is DISPATCH CLI fallback — SOUL is the best in the fleet.
SOULs

All SOUL Files — Analysis + What to Keep or Fix

hermes-admin — DISPATCH
KEEP + EXTEND

What's strong: Orchestrator-only framing is explicit. "You do NOT execute specialist work directly." Truth hierarchy is there. The Swagger Is Earned section is excellent — "bluntness without context is noise, profanity without evidence is theater." The spawning section correctly documents max_spawn: 0 and the per-profile-dispatcher hook as sole spawner.

Missing: hermes-admin has no memories/ directory — only profile without one. Also missing the Discord channel routing table and kanban lane rules.

# Create missing memories directory
mkdir -p /home/hermes/.hermes/profiles/hermes-admin/memories
cp /home/hermes/.hermes/profiles/vault/memories/MEMORY.md \
   /home/hermes/.hermes/profiles/hermes-admin/memories/MEMORY.md
touch /home/hermes/.hermes/profiles/hermes-admin/memories/USER.md

# Append channel routing to SOUL.md
cat >> /home/hermes/.hermes/profiles/hermes-admin/SOUL.md << 'EOF'

## Discord Channel Routing

| Channel | Routes To | Task Type |
|---------|-----------|-----------|
| #ops | hermes-admin | routing, daily brief, health |
| #research | researcher | competitor intel, sources |
| #vault | vault | memory, GBrain queries |
| #story | content | scripts, 6-beat arcs |
| #server | server-ops | infra alerts, cron |
| #code | coder | code changes, scripts |
| #review | hermes-admin | Approve/Tweak/Decline |

Override: prefix any message with @[profile-name] to bypass channel default.

## Kanban Ownership

- hermes-admin moves tasks from backlog to ready — no other profile does this
- Every worker ends with kanban_complete or kanban_block before exit
- Only content outputs enter the review lane
- Review tasks expire after 24h (auto-declined)
EOF
vault — Knowledge Archivist + GBrain Operator
KEEP — Strong

What's strong: GBrain-first operations are correctly specified. Inbox-first triage before promoting to concepts/projects is the right discipline. The Dreaming Feature section explicitly claims ownership of gbrain dream. The test task example at the bottom is a useful self-check pattern. Anti-sycophancy rules are solid.

One addition needed: Explicit statement that researcher and all other profiles route ingest requests through vault. Vault is sole GBrain writer. Also add the PATH fix note so vault knows to prefix gbrain CLI calls with the correct PATH.

content — Story + Production Engine
GOOD — Split Coming

What's strong: Second-person immersive POV spec is exactly right. The 6-beat framework (Cold Open, Stakes, Escalation, The Turn, The Cost, Resolution/Open Loop) is documented clearly. The restriction on glorification is correct. Fictional composites only is enforced.

When you split into content-story + content-visual: content-story keeps this SOUL verbatim plus a note that visual generation routes to content-visual. content-visual needs a new SOUL from scratch built around the stickman character system documented in ~/.hermes/misft_style_reference.md.

default — DISPATCH Reference
BEST SOUL IN THE FLEET

The most complete DISPATCH SOUL. Has everything hermes-admin has plus the Single Brain section, the fleet profile routing list, and the memory self-improvement loop. If hermes-admin SOUL ever needs to be rebuilt, use default/SOUL.md as the source of truth.

coder, server-ops, researcher
KEEP — All Good

Coder: terse log-style voice, file:line reference discipline, Codex-specific tooling, anti-sycophancy. Server-ops: scope section cleanly separates machine ownership from product code. "Verify with direct health check before claiming fixed" is exactly right. Researcher: evidence-first, confidence labeling, source attribution rules.

Full Sequence

Complete Fix Sequence — Ordered by Impact

1
hermes auth xai — restores 4 profiles at once

Single command. hermes-admin, researcher, vault, content all depend on this token. Do this before anything else.

2
Fix gbrain PATH — symlink /home/hermes/.bun/bin/gbrain to /usr/local/bin/gbrain

Unblocks discord-ingest-to-gbrain. Two nights of missed Discord logs can be backfilled immediately after. Also fixes all cron PATH warnings.

3
Install python-frontmatter in Hermes venv — unblocks vault-daily

One pip install command. vault-daily, vault-weekly, vault-monthly, and the daily-brief vault signal all fail without it.

4
Apply skill whitelists to all 7 profiles — run apply-skill-whitelists.sh

Highest context leverage change. Every profile currently loads ~40 irrelevant skills. Takes 2 minutes, takes effect on next session start, no restart needed per-profile.

5
Enable Gemini billing + regen GOOGLE_API_KEY

5 minutes at aistudio.google.com/apikey. Unlocks researcher + vault model migrations and removes auxiliary model quota risk under real load.

6
Fix Composio MCP npm package + tirith symlink

Both are single-step fixes. Composio: try @composio/mcp or HTTP transport. Tirith: symlink ~/.hermes/bin/tirith to /usr/local/bin/tirith.

7
Add memories/ directory and channel routing to hermes-admin

mkdir + cp + append to SOUL.md. hermes-admin is the only profile missing its memories directory. Channel map makes Discord routing explicit.

8
Migrate researcher + vault configs to Gemini (after billing enabled)

Edit two config.yaml files. Gemini auth already works — auxiliary models confirm the API key path is valid. Change model string and provider only.

9
Assign profiles to all cron jobs in jobs.json

Currently every cron runs under default (no profile set). gbrain-maintenance should run under vault. daily-brief should run under hermes-admin. This ensures crons use the right model and skill context.

10
Split content into content-story + content-visual (last)

cp -r + mv + two SOUL.md files. Verify xAI concurrent session behavior first. Run one full story + visual cycle before retiring old content profile.

Configs

Target Model Configs — Exact YAML Diffs

# ~/.hermes/profiles/researcher/config.yaml — replace model section
model:
  default: gemini-2.5-pro
  provider: gemini
  base_url: https://generativelanguage.googleapis.com/v1beta
providers: {}
fallback_providers:
- provider: gemini
  model: gemini-2.5-flash
- provider: nous
  model: stepfun/step-3.7-flash:free

# ~/.hermes/profiles/vault/config.yaml — replace model section
model:
  default: gemini-2.5-flash
  provider: gemini
  base_url: https://generativelanguage.googleapis.com/v1beta
providers: {}
fallback_providers:
- provider: gemini
  model: gemini-2.5-flash-lite
- provider: nous
  model: stepfun/step-3.7-flash:free

# ~/.hermes/profiles/comms-gemini/config.yaml — upgrade model string
model:
  default: gemini-2.5-flash
  provider: gemini
  base_url: https://generativelanguage.googleapis.com/v1beta
# (rest of config unchanged)

# Interim fix for coder + server-ops until Codex resets Jul 21
# Switch fallback to copilot which is currently ok
# ~/.hermes/profiles/coder/config.yaml and server-ops/config.yaml
fallback_providers:
- provider: copilot
  model: gpt-4.1
- provider: nous
  model: stepfun/step-3.7-flash:free
# Copilot is available (gh auth token shows ok) — better than stepfun for code work

# Assign profiles to cron jobs in ~/.hermes/cron/jobs.json
# Use hermes CLI or edit jobs.json directly
hermes cron edit gbrain-nightly-maintenance --profile vault
hermes cron edit daily-brief --profile hermes-admin
hermes cron edit youtube-competitor-firecrawl-research --profile researcher
hermes cron edit hermes-ecosystem-research --profile researcher
hermes cron edit discord-ingest-to-gbrain --profile vault
hermes cron edit notebooklm-cookie-refresh --profile content
hermes cron edit vault-daily --profile vault
hermes cron edit file-organizer-nightly --profile server-ops
hermes cron edit container-health --profile server-ops

# Verify
cat ~/.hermes/cron/jobs.json | python3 -c "
import json,sys
d=json.load(sys.stdin)
for j in d['jobs']:
    print(j['name'], '|', j.get('profile','(none)'))
"
Summary
Foundation is solid — problems are mechanical

The SOULs are good. GBrain is healthy at 90%. The cron system is running. The vault structure is correct. The stickman character system is documented. The 6-beat arc engine is defined. Every problem on this system is auth expiry, a missing PATH, a missing Python module, or context bloat from no skill whitelists. None of these require architectural changes — they all have single-command fixes.

Do these three things today before anything else

1. hermes auth xai — four profiles are dead without this. 2. sudo ln -sf /home/hermes/.bun/bin/gbrain /usr/local/bin/gbrain — two nights of Discord data never hit GBrain. 3. /home/hermes/.hermes/hermes-agent/venv/bin/pip install python-frontmatter — vault automation has been silently failing for four days. Everything else can follow in order.

Remove the temp SSH key when done sed -i '/claude-debug-temp/d' ~/.ssh/authorized_keys