diff --git a/cli-config.yaml.example b/cli-config.yaml.example index 81a47dcc665..bfecaed6a49 100644 --- a/cli-config.yaml.example +++ b/cli-config.yaml.example @@ -1124,6 +1124,27 @@ display: # hooks_auto_accept: false +# ============================================================================= +# Update Behavior +# ============================================================================= +updates: + # Create a full HERMES_HOME zip before every `hermes update`. + # Backups land in ~/.hermes/backups/ and can be restored with `hermes import`. + # Off by default because large homes can add minutes to every update. + pre_update_backup: false + + # Number of pre-update backup zips to retain. + backup_keep: 5 + + # What non-interactive updates do with local source edits in the Hermes repo. + # Interactive terminal updates always prompt before restoring the autostash. + # + # stash - auto-stash before pull, then auto-restore after success (default) + # discard - drop the update-created stash after success; use only on managed + # installs where local source edits should not persist + non_interactive_local_changes: "stash" + + # ============================================================================= # Web Dashboard # ============================================================================= diff --git a/website/docs/reference/cli-commands.md b/website/docs/reference/cli-commands.md index c80a2fde933..0e5c719522a 100644 --- a/website/docs/reference/cli-commands.md +++ b/website/docs/reference/cli-commands.md @@ -1445,6 +1445,8 @@ Pulls the latest `hermes-agent` code and reinstalls dependencies in your venv, t **pip installs:** `hermes update` detects pip-based installations automatically — it queries PyPI for the latest release and runs `pip install --upgrade hermes-agent` instead of `git pull`. PyPI releases track tagged versions (major/minor releases), not every commit on `main`. Use `--check` to see if a newer PyPI release is available without installing. +**git installs:** `hermes update` pulls the configured update branch (default: `main`). If your checkout is on another branch, Hermes may check out the update branch before pulling. Commit branch work before updating when you want to keep it outside the update autostash flow. + | Option | Description | |--------|-------------| | `--gateway` | Internal mode used by the messaging `/update` command. Uses file-based IPC for prompts and progress streaming instead of reading from terminal stdin. Not a gateway restart flag. | @@ -1456,6 +1458,8 @@ Pulls the latest `hermes-agent` code and reinstalls dependencies in your venv, t Additional behavior: - **Gateway restart.** After a successful update, Hermes attempts to restart all running gateway profiles automatically so they pick up the new code. Use `hermes gateway restart` when you want to restart a gateway without applying an update. +- **Local source changes.** For git installs, dirty tracked files and untracked files are auto-stashed before branch checkout or pull (`git stash push --include-untracked`). Interactive terminal updates ask before restoring the stash. Non-interactive updates restore it by default; set `updates.non_interactive_local_changes: discard` only on managed installs where local source edits should be thrown away after a successful pull. If stash restore conflicts or the pull fails, the stash is left in place for manual recovery. +- **npm lockfile churn.** Before stashing or switching branches, Hermes makes a best-effort cleanup of tracked `package-lock.json` diffs produced by npm install/build steps. Commit or manually stash intentional lockfile edits before running `hermes update`. - **Pairing data snapshot.** Even when `--backup` is off, `hermes update` takes a lightweight snapshot of `~/.hermes/pairing/` and the Feishu comment rules before `git pull`. You can roll it back with `hermes backup restore --state pre-update` if a pull rewrites a file you were editing. - **Legacy `hermes.service` warning.** If Hermes detects a pre-rename `hermes.service` systemd unit (instead of the current `hermes-gateway.service`), it prints a one-time migration hint so you can avoid flap-loop issues. - **Exit codes.** `0` on success, `1` on pull/install/post-install errors, `2` on unexpected working-tree changes that block `git pull`. diff --git a/website/docs/user-guide/configuration.md b/website/docs/user-guide/configuration.md index b5eccbbefda..2bbce3f7f81 100644 --- a/website/docs/user-guide/configuration.md +++ b/website/docs/user-guide/configuration.md @@ -85,6 +85,21 @@ You can also set `providers..stale_timeout_seconds` for the non-streaming st Leaving these unset keeps the legacy defaults (`HERMES_API_TIMEOUT=1800`s, `HERMES_API_CALL_STALE_TIMEOUT=300`s, native Anthropic 900s). Not currently wired for AWS Bedrock (both `bedrock_converse` and AnthropicBedrock SDK paths use boto3 with its own timeout configuration). See the commented example in [`cli-config.yaml.example`](https://github.com/NousResearch/hermes-agent/blob/main/cli-config.yaml.example). +## Update Behavior + +`hermes update` settings live under `updates` in `config.yaml`: + +```yaml +updates: + pre_update_backup: false # Create a full HERMES_HOME zip before every update + backup_keep: 5 # Keep this many pre-update backup zips + non_interactive_local_changes: stash # stash | discard +``` + +For git installs, Hermes auto-stashes dirty tracked files and untracked files before checking out the update branch or pulling. Interactive terminal updates prompt before restoring that stash. Non-interactive updates (desktop/chat app, gateway, or `--yes`) use `updates.non_interactive_local_changes`: `stash` restores local source edits after a successful pull, while `discard` drops the update-created stash after a successful pull. Use `discard` only on managed installs where local source edits are never meant to persist. + +Before that stash step, Hermes also restores tracked `package-lock.json` diffs left by npm install/build churn. Commit or manually stash intentional lockfile edits before updating. + ## Terminal Backend Configuration Hermes supports six terminal backends. Each determines where the agent's shell commands actually execute — your local machine, a Docker container, a remote server via SSH, a Modal cloud sandbox (direct or via the Nous-managed gateway), a Daytona workspace, or a Singularity/Apptainer container.