Inactive Hermes Host Preparation

This package is designed for the existing GCE VM that hosts the n8n project. It deliberately stops before any agent activation or integration.

Current Deployment Status

Remote preparation was completed on the confirmed GCE host:

• Project: n8n-hosting-452913
• Instance: instance-20250306-165614
• Zone: us-central1-c
• SSH: admin@34.27.189.109 with ~/.ssh/easier_validation_gce_ed25519
• Prepared path: /srv/easier-hermes
• Durable ops package path: /srv/easier-hermes/ops
• Hermes source: /srv/easier-hermes/source/hermes-agent, pinned to v2026.5.16

No Hermes image, container, port, gateway, connector, provider credential or cron job was created.

Preparation Boundary

Running prepare-hermes-host.sh on the VM will:

• record a small Docker/disk/memory preflight report;
• create /srv/easier-hermes/{source,data,vault,audit};
• clone the official Hermes source at tag v2026.5.16;
• optionally build a local Docker image from that pinned source only when HERMES_BUILD_IMAGE=1 is set;
• copy an inactive Hermes configuration and empty Obsidian vault skeleton if they do not yet exist.

The eventual Hermes process runs inside its own locked-down container. Its terminal backend is therefore local inside that container; the package does not grant access to the host Docker socket or the existing n8n containers.

It will not:

• start a Hermes container;
• call a model provider or request credentials;
• expose an API port;
• start the messaging gateway;
• configure MCP, n8n, Notion or any external integration;
• index, read or ingest business information;
• change the existing n8n containers or network.

Intended Transfer and Preparation

The initial preparation has already been run with image building disabled:

sudo HERMES_BUILD_IMAGE=0 bash ./prepare-hermes-host.sh

The image build is intentionally off by default. On the current e2-medium host, building should wait until there is enough disk/memory headroom or a quiet maintenance window.

The Compose service is protected by the activate profile. This command is safe to use for validation because it renders configuration without starting Hermes:

docker compose -f ./compose.yaml --profile activate config

Do not run docker compose --profile activate up or rebuild the image until the activation phase has been reviewed, credentials have been configured outside the vault, backups are established and tool permissions are chosen.

Later Activation Checklist

1. Check existing n8n containers, volumes, resource utilisation, firewall and snapshot/backup state on the actual instance.
2. Decide how the Obsidian vault syncs to the server and is backed up.
3. Review config/config.yaml.template and replace it deliberately.
4. Configure a model provider interactively without placing secrets in this workspace or the vault.
5. Test Hermes on public/synthetic notes in CLI mode only.
6. Evaluate QMD retrieval after real vault material is present.
7. Consider integrations individually, read-only first and with approval before any external side effect.