Who this is for: developers who saw Hermes Agent climb toward 175k GitHub stars and need it running today on macOS, Linux, or WSL2—with Telegram replying from a phone, not only a local terminal. What you get: copy-paste one-line install, hermes doctor acceptance checks, model and Gateway configuration, twelve common error fixes, and a hosting comparison for 24/7 uptime. Structure: six install pitfalls, environment table, eight-step runbook, hard metrics, platform matrix, closing decision, FAQ. For memory architecture and a 30-day field diary, see three-layer memory on a rented Mac Mini M4 and 30 days of Hermes on MACCOME.
By late May 2026, Nous Research shipped Hermes v0.15.2 with both pip install hermes-agent and the classic curl | bash installer. Stars and release notes move fast; forum posts often skip the friction that shows up in the first hour on a real machine. Treat the list below as a pre-flight checklist before you blame the project or reinstall from scratch.
hermes to ~/.zshrc or ~/.bashrc. Without source or a new terminal window, you get hermes: command not found even though install succeeded—the most common false negative.python3 -m hermes outside the project venv can miss dependencies such as dotenv. The supported entry point is ~/.hermes/hermes-agent/venv/bin/hermes.API key not set because hermes setup or hermes model was skipped.hermes gateway process. A one-off hermes chat session never bridges messages to your phone.hermes config check && hermes config migrate before debugging mysterious Missing config after update errors.One-line contrast with OpenClaw: OpenClaw excels at multi-channel Gateway operations and npm or Docker Compose deployment patterns familiar to Node shops. Hermes optimizes for cross-session MEMORY.md and USER.md, post-task Skill capture, and MCP tooling. You can run both on one Mac, but this article stays in the install lane—concept and hardware trade-offs live in the memory architecture post; week-by-week Skill growth is in the 30-day experience post.
If you are evaluating agents for a team, separate three questions early: Can we install it on our OS baseline? Can we attach a model provider our security team approves? Can we keep a Gateway process alive through nights and weekends? This runbook answers the first two in one sitting; the third is why MACCOME publishes hosting comparisons alongside install guides.
Security reviewers often ask whether Hermes phones home beyond your chosen LLM. In practice, outbound traffic is dominated by the model API, Telegram long-polling or webhook endpoints, optional MCP servers you configure, and GitHub when Skills update. Document those endpoints in your change ticket the same way you would for any self-hosted agent framework. Nothing in the default install replaces your need for secret storage discipline: treat ~/.hermes/.env like production credentials, restrict SSH keys on shared hosts, and rotate Telegram tokens if a laptop with a dev copy was ever lost.
The official installer bundles Python 3.11 (via uv), Node.js 22, ripgrep, and ffmpeg when you use the full script path. Your responsibilities are narrower: working git, outbound HTTPS to GitHub raw and your LLM vendor, and enough disk for Skills plus session SQLite. Headless Linux servers that never touch browser automation should pass --skip-browser to avoid Camoufox weight.
Remote Mac nodes behave like local shells: SSH in, paste the same commands, and run Gateway under launchd or systemd once validated. Latency to your API region matters more than CPU brand for cloud-routed models; unified memory helps when browser Skills and multiple Gateways share one box.
WSL2 deserves an explicit note because Windows is the fastest-growing install surface in issue trackers. Keep the Hermes tree on the Linux ext4 filesystem inside WSL, not on /mnt/c, or file watchers and SQLite WAL behavior become flaky under DrvFS. Disable Windows sleep while you validate Gateway overnight; many “Linux Gateway bug” reports trace back to the host PC suspending WSL. When you outgrow that constraint, migrate the same ~/.hermes tarball to a native Linux VPS or a rented Mac—no reinstall required if permissions are preserved.
Corporate proxies sometimes block raw GitHub fetches. If curl | bash fails mid-stream, mirror the install script internally or clone the repository and run the script from a checkout on allowed storage. The pip path (pip install hermes-agent) is an acceptable air-gapped-friendly alternative when your artifact registry mirrors PyPI. Either way, run hermes doctor before declaring victory; it catches half-configured Node or Python stacks that manual copies often miss.
| Item | Minimum | Recommended (production Gateway) |
|---|---|---|
| OS | macOS 12+, Ubuntu 20.04+, WSL2 | macOS 14+ (Apple Silicon) / Ubuntu 24.04 LTS |
| RAM | 4 GB (cloud API + Gateway only) | 16 GB (browser automation + multiple Skill caches) |
| Disk | ~1.5 GB (with default Skills) | 20 GB SSD (logs + SQLite WAL growth) |
| Network | GitHub raw reachable | Stable, low-latency LLM API egress |
| Windows | PowerShell native script (early beta) | WSL2 + Linux one-line script (most stable path) |
Headless servers: when you do not need browser automation, add --skip-browser to the install script to save disk and RAM on small VPS instances.
These steps are identical on macOS, Linux, and WSL2. Validate each gate before moving on—skipping hermes doctor usually costs more time than running it.
Hermes Agent installed at ~/.hermes or equivalent in recent builds.source ~/.zshrc or source ~/.bashrc, or open a fresh terminal tab.hermes doctor exercises roughly a dozen checks (Python, Node, PATH, API keys). hermes --version should report v0.15.x on current stable.hermes setup; existing keys can use hermes model or hermes config set OPENROUTER_API_KEY sk-or-xxxx into ~/.hermes/.env.hermes and ask for a lightweight task such as listing the current directory to confirm tool invocation works end to end.@BotFather, run /newbot, store the token securely; use @userinfobot for your numeric user ID.hermes gateway setup and choose Telegram, or set TELEGRAM_BOT_TOKEN and TELEGRAM_ALLOWED_USERS manually in env.hermes gateway; production with hermes gateway install && hermes gateway start (launchd on macOS, systemd on Linux).Step eight is where “installed” becomes “production.” A foreground Gateway dies when SSH drops unless you use tmux; user-level services survive logout on macOS when installed correctly, and --system installs suit Linux servers you control with sudo. After start, send a direct message to the bot before testing groups—DM path validates token and allow-list without group privacy noise.
For daily tool use with cloud routing, OpenRouter remains the fastest multi-model experiments path. Enterprise teams standardized on Claude should wire Anthropic API or OAuth in hermes model. Zero-config trials can use Nous Portal via hermes setup --portal. Privacy-sensitive workflows point Ollama base URLs through the same wizard. v0.15 adds Grok as a provider and x_search tooling—enable only what your task needs inside hermes tools to keep context lean.
Document which provider each environment uses: staging might run cheap models while production uses Sonnet-class APIs. Hermes stores keys under ~/.hermes/.env; rotate them there, not in shell exports alone, so Gateway and CLI share one source of truth.
Telegram-specific pitfalls beyond privacy mode: never commit bot tokens to git; regenerate in BotFather if leaked. Use numeric user IDs in TELEGRAM_ALLOWED_USERS, not @handles. For teams, list every operator who may DM the bot, or you will debug “works for me, not for colleague” allow-list gaps. Group testing should wait until DM works—otherwise you chase two variables at once. If you need multiple environments (dev/stage/prod), run separate bots and tokens so staging prompts never hit production memory files.
After Gateway starts, verify with hermes gateway status and send a message that exercises a tool (for example, “what is my hostname?”). Tool success proves the agent loop is wired; a plain echo only proves Telegram connectivity. Schedule a calendar reminder to upgrade within a week of upstream tags—v0.15.x still moves quickly, and hermes config migrate is cheaper than rebuilding ~/.hermes from scratch after a breaking release note.
# Official one-line install (macOS / Linux / WSL2) curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash # Headless server (optional) # curl -fsSL .../install.sh | bash -s -- --skip-browser source ~/.zshrc hermes doctor hermes setup # Telegram Gateway (interactive wizard) hermes gateway setup hermes gateway install hermes gateway start hermes gateway status
# Linux system-level Gateway (boot autostart, requires root) sudo hermes gateway install --system sudo hermes gateway start --system journalctl -u hermes-gateway -f
Stars measure attention, not your personal readiness. The numbers that matter operationally are install size on your disk quota, Gateway RSS under your RAM plan, and whether sessions and Skill files accumulate while you are offline. If Gateway uptime is under 90% in month one, treat Skill savings as hypothetical until uptime improves.
When briefing management, pair the 38% repeat-task token figure with uptime percentage and median Telegram response time—not stars. Executives approve rental spend when you show compounding requires infrastructure, not when you show another trending repo. Link internally to the 30-day report for narrative proof and to the architecture article for why MEMORY.md and SQLite both matter once Gateway stays up.
Use this table during first-week support. When a row does not match, capture hermes doctor output and Gateway logs before opening a GitHub issue—upstream moves quickly on v0.15.x.
| Symptom | Likely cause | Fix |
|---|---|---|
hermes: command not found |
PATH not loaded | source ~/.zshrc or new terminal; verify which hermes |
API key not set |
No LLM configured | hermes model or write keys to ~/.hermes/.env |
Missing config after update |
Migration incomplete | hermes config check && hermes config migrate |
No module named 'dotenv' |
Wrong Python interpreter | Use venv hermes binary under ~/.hermes |
| Telegram group silent | Group Privacy / stale membership | Disable privacy in BotFather; remove and re-add bot |
| Gateway exits immediately | Bad token or user ID | TELEGRAM_ALLOWED_USERS must be numeric IDs only |
Connection refused to LLM |
Proxy or regional block | Test curl to API; bypass corporate proxy for diagnosis |
Permission denied on Skills |
Wrong owner after sudo install | chown -R $USER ~/.hermes |
| Browser tool hangs | Camoufox missing on headless | Re-run install without --skip-browser or disable browser tools |
| Duplicate venv conflicts | pip + curl installers mixed | Pick one install path; remove the other tree |
| WSL2 Gateway dies overnight | Windows sleep / WSL suspend | Disable sleep on host; prefer dedicated Linux or Mac node |
| High SQLite WAL disk use | Long session history | Archive ~/.hermes; prune old sessions per docs |
Passing install proves the binary runs. Telegram production and Skill compounding prove the host stays available. The matrix below is the same framing we use when customers ask whether a personal MacBook is “good enough” for Hermes—usually for a afternoon POC, rarely for a month of Gateway traffic.
A MacBook on your desk is excellent for steps one through five in this guide. It becomes a poor fit when step eight must survive travel, sleep, and OS updates without someone remembering to reopen a terminal. VPS boxes solve uptime but may lack the macOS-native installer ergonomics and Camoufox browser Skill path teams already validated on Apple Silicon. Raspberry Pi class hardware can boot Gateway, yet I/O and thermal limits show up on long agent tasks. Dedicated Mac Mini M4 rental—what MACCOME operates—targets the intersection: real macOS, datacenter power, and launchd patterns that match this article verbatim.
FinOps teams sometimes compare rental to a one-time Mac Mini purchase. Include electricity, cooling, static IP or DDNS, physical theft risk, and the hour cost of babysitting OS updates in that spreadsheet—not just hardware MSRP. Rental converts capex into an opex line that scales down when the experiment ends, which matters when you are proving Hermes to a skeptical stakeholder. If the pilot succeeds, you can still buy metal later; many teams keep rental for production Gateway and use laptops only as SSH clients.
| Platform | 24/7 availability | Skill compounding | Best for |
|---|---|---|---|
| Personal MacBook | Stops when lid closes (~60% effective uptime) | Frequent loop breaks | POC, same-day debugging |
| x86 VPS 4 GB | ~99.5% if provider healthy | Stable but no native macOS paths | Linux-only teams, no Camoufox |
| Raspberry Pi 4B 8GB | ~88% in hobby setups | I/O bottlenecks, long tasks timeout | Experiments, not production Gateway |
| Rented Mac Mini M4 | Datacenter 30-day online target | launchd + unified memory | Telegram production + macOS Skill paths |
Following the eight steps above, most readers can reach a first successful Hermes CLI session and Telegram Gateway reply within 30 to 60 minutes, assuming API keys are already approved by their org. The failure modes after that are rarely “install broken again”—they are operational: laptop sleep, token rotation without Gateway restart, or under-provisioned RAM when browser Skills load.
Three alternatives each have a clear weakness. (a) A laptop cannot reliably stay online 24/7, so Gateway connections and Skill writes stall whenever the machine sleeps. (b) A small x86 VPS lacks the macOS-native curl | bash path and Camoufox browser Skill workflow many Hermes tutorials assume. (c) Buying your own Mac Mini shifts capex, home broadband, noise, and physical security onto you instead of a monthly operations line item.
If Hermes already saves you repetitive work and you want predictable monthly cost, SSH handoff in minutes, and the option to tarball ~/.hermes/ before moving hosts, a MACCOME dedicated Mac Mini M4 cloud node is usually the better production shape: real Apple Silicon, native launchd for Gateway, and the same commands in this guide without rewriting paths. Read the architecture decision article for MEMORY.md and SessionDB depth, the 30-day field report for Skill curves, then pick a region on the Mac Mini rental rates page when you are ready to commit uptime to the agent instead of your travel schedule.
FAQ
Can Hermes Agent and OpenClaw run on the same Mac?
Yes, with separate config directories (~/.hermes vs ~/.openclaw). Watch aggregate RAM and disk. For 24/7 Hermes Gateway, prefer a dedicated host or a MACCOME rental node rather than sharing a laptop you close daily.
Can I install v0.15 with pip?
Yes: pip install hermes-agent && hermes. Still run hermes doctor on first boot. Choose either pip or the git installer script, not both, to avoid duplicate virtualenv trees.
Where do Gateway logs go?
Foreground mode prints to the terminal; systemd uses journalctl -u hermes-gateway -f; macOS user services report via hermes gateway status. Deeper ops patterns are in the cloud Mac support center.
How do I migrate Hermes data before changing hosts?
Archive the entire ~/.hermes/ directory (Skills, memories, session SQLite). Restore on the new machine before starting Gateway. MACCOME supports self-service wipe before return; migration steps are documented in the support center.