Overview
Hermes Agent is the Chief of Staff — the single orchestrator that owns Discord, cron scheduling, memory, skills, and all user interaction. OpenClaw is the execution layer — 6 specialized subagents that perform research, writing, security, monitoring, coding, and financial analysis on command.
Nothing starts in OpenClaw. Everything initiates and terminates in Hermes.
┌─────────────────────────────────────────────────────────────┐
│ Discord (Big Kel) │
│ ↕ │
│ Hermes Agent (McGwire) │
│ ├── Gateway (nohup, port 9119 dashboard) │
│ ├── 11 Cron Jobs (energy, market, garden, security, etc.) │
│ ├── Skills (energy-report, market-prep, garden, blog, etc.)│
│ ├── MCP Servers: │
│ │ ├── openclaw-bridge → OpenClaw subagents │
│ │ ├── homeassistant → HA REST API │
│ │ ├── github → GitHub API │
│ │ ├── fetch → HTTP fetch │
│ │ ├── filesystem → local file access │
│ │ └── omi → Omi voice memos │
│ └── Google Workspace OAuth (Gmail, Sheets, Calendar, etc.) │
│ │
│ OpenClaw Gateway (McGwire, port 18789, localhost only) │
│ ├── Scout (research, web search, HA queries) │
│ ├── Rider (writing, HTML emails, blog articles) │
│ ├── Warner (security scanning, CVE monitoring) │
│ ├── Argus (infrastructure monitoring, health checks) │
│ ├── Cody (coding, scripting, debugging) │
│ └── Ledger (financial analysis, portfolio management) │
│ │
│ Ollama (McGwire localhost:11434) │
│ └── gemma4:e4b (9.6GB, smart routing for simple queries) │
│ │
│ Solar Services (McGwire, nohup) │
│ ├── EG4 MQTT Bridge → HA via MQTT │
│ ├── Tigo CCA Poller → HA via MQTT │
│ └── EG4 Charger Webhook (port 8321) │
├─────────────────────────────────────────────────────────────┤
│ Musial (192.168.0.31) — NVIDIA GB10, 128GB │
│ ├── Ollama (cloud models + deepseek-r1:70b local) │
│ │ ├── deepseek-v3.2:cloud (Hermes primary) │
│ │ ├── qwen3-coder-next:cloud (Cody primary) │
│ │ ├── glm-5.1:cloud (Scout/Warner/Argus primary) │
│ │ ├── minimax-m2.7:cloud (Rider/Ledger fallback) │
│ │ └── kimi-k2.5:cloud (available) │
│ ├── Docker: Nextcloud, Immich, Pi-hole, Teslamate, │
│ │ Grafana, Homebridge, Homepage, Cloudflared, │
│ │ Stock Dashboard, Nebula Sync │
│ └── Health Check (crontab, every 30 min) │
├─────────────────────────────────────────────────────────────┤
│ Other Infrastructure │
│ ├── Pi-hole Primary (192.168.0.3) — DNS + DHCP │
│ ├── Home Assistant (192.168.0.50) — Automation │
│ ├── pfSense (192.168.0.1) — Router/Firewall │
│ ├── Proxmox (192.168.0.2) — Hypervisor │
│ ├── Molina (192.168.0.6) — Tailscale Gateway │
│ └── VPS (76.13.30.67) — Traefik, bigkel.tech │
└─────────────────────────────────────────────────────────────┘
Machine Inventory
McGwire (192.168.0.25) — Apple M4 Pro, 64GB
Role: Orchestration hub, agent gateway, solar monitoring
| Service | Type | Port/Path |
|---|---|---|
| Hermes Gateway | nohup process | Discord bot "Brock#2925" |
| Hermes Dashboard | nohup process | localhost:9119 |
| OpenClaw Gateway | nohup process | localhost:18789 |
| Ollama | system service | localhost:11434 (gemma4:e4b) |
| EG4 MQTT Bridge | nohup process | → MQTT 192.168.0.50:1883 |
| Tigo CCA Poller | nohup process | → MQTT 192.168.0.50:1883 |
| EG4 Charger Webhook | nohup process | localhost:8321 |
| Retirement Dashboard | LaunchAgent | localhost:8090 |
| UniFi Controller | Docker (OrbStack) | 8080/8443/3478 |
| Homepage | Docker (OrbStack) | 3001 |
Startup: ~/.zprofile runs solar services, Hermes dashboard, OpenClaw gateway on login.
Musial (192.168.0.31) — NVIDIA GB10 DGX Spark, 128GB
Role: LLM inference, Docker services, cloud model routing
| Service | Type | Port |
|---|---|---|
| Ollama | systemd | 11434 |
| Nextcloud AIO | Docker | 11001 (app), 8090 (mgmt) |
| Immich | Docker | 2283 |
| Pi-hole Secondary | Docker (host network) | 53, 8080 |
| Teslamate | Docker | 4000 |
| Grafana | Docker | 3000 |
| Homebridge | Docker (host network) | 8581 |
| Homepage | Docker | 3001 |
| Stock Dashboard | Docker | 8501 |
| Cloudflared | Docker | — |
| Nebula Sync | Docker | — |
Crontab: Backup scripts (3 AM), Hermes health check (every 30 min at :30)
Model Configuration
Hermes Agent Models
| Role | Model | Provider | Notes |
|---|---|---|---|
| Primary | deepseek-v3.2:cloud | Musial Ollama → cloud | All complex tasks |
| Smart routing | gemma4:e4b | McGwire local | Simple Discord responses (<28 words) |
| Delegation | qwen3-coder-next:cloud | Musial Ollama → cloud | Subagent tasks |
| Fallback | minimax-m2.7:cloud | Musial Ollama → cloud | If primary unavailable |
OpenClaw Agent Models
| Agent | Primary | Fallback |
|---|---|---|
| Scout | glm-5.1:cloud | deepseek-v3.2:cloud |
| Rider | deepseek-v3.2:cloud | minimax-m2.7:cloud |
| Warner | glm-5.1:cloud | deepseek-v3.2:cloud |
| Argus | glm-5.1:cloud | deepseek-v3.2:cloud |
| Cody | qwen3-coder-next:cloud | deepseek-v3.2:cloud |
| Ledger | deepseek-v3.2:cloud | minimax-m2.7:cloud |
File System Layout
McGwire Internal SSD (1TB)
~/.hermes/
├── hermes-agent/ # Hermes installation (venv, code)
├── scripts/ # All automation scripts
│ ├── energy-report/ # Energy report pipeline
│ ├── market_prep/ # Market prep + reconciliation
│ ├── robinhood-ingestion/
│ ├── audible-ingestion/
│ ├── infrastructure_monitor/ # Argus monitor
│ ├── security_audit/
│ ├── security_intel/ # Warner scanner
│ ├── hermes_health/ # Health check
│ ├── eg4/ # EG4 inverter scripts
│ ├── tigo/ # Tigo CCA poller
│ └── start_solar_services.sh
├── skills/ # Hermes skill definitions
│ ├── daily-energy-report/
│ ├── market-prep/
│ ├── garden-report/
│ ├── audible-ingestion/
│ ├── robinhood-ingestion/
│ ├── argus/
│ ├── warner/
│ ├── hermes-health/
│ ├── solar-inverters/
│ ├── retirement-dashboard/
│ └── blog-publish/
├── cache/ # Weather cache, etc.
└── config.yaml # CLI config
~/.openclaw/
├── openclaw.json # OpenClaw config (agents, models, gateway)
└── agents/ # Agent session data (legacy, some still used)
~/homepage/config/ # Homepage dashboard configMcGwire External SSD (/Volumes/McGwire, 4.5TB)
/Volumes/McGwire/
├── hermes/ # HERMES_HOME
│ ├── config.yaml # Gateway config
│ ├── .env # Secrets (HASS_TOKEN, DISCORD_TOKEN, etc.)
│ ├── auth.json # Hermes auth
│ ├── google_token.json # Google OAuth token
│ ├── google_client_secret.json
│ ├── logs/ # Gateway + agent logs
│ ├── sessions/ # Chat sessions
│ ├── skills/ # Symlinks to ~/.hermes/skills/
│ └── state.db # Hermes state database
│
├── openclaw/ # OpenClaw data
│ ├── agents/ # Agent definitions
│ │ ├── scout/agent/AGENTS.md
│ │ ├── rider/agent/AGENTS.md
│ │ ├── warner/agent/AGENTS.md
│ │ ├── argus/agent/AGENTS.md
│ │ ├── cody/agent/AGENTS.md
│ │ └── ledger/agent/AGENTS.md
│ ├── workspace-scout/ # Per-agent workspaces + skills
│ ├── workspace-rider/
│ ├── workspace-warner/
│ ├── workspace-argus/
│ ├── workspace-cody/
│ ├── workspace-ledger/
│ ├── mcp-bridge/ # MCP server (openclaw_mcp_server.py)
│ ├── scripts/ # Utility scripts (scan_skill.sh)
│ └── logs/ # OpenClaw gateway logsCredentials & Secrets
| Secret | Location | Permissions | Purpose |
|---|---|---|---|
| HA Token | ~/.HA_TOKEN |
600 | Home Assistant API |
| AgentMail Key | ~/.AGENTMAIL_API_KEY |
600 | Email sending |
| AgentMail Config | ~/.agentmail_config |
600 | Market prep email |
| EG4 Credentials | ~/.eg4_credentials |
600 | EG4 cloud API |
| Google OAuth | /Volumes/McGwire/hermes/google_token.json |
600 | Gmail, Sheets, etc. |
| Google Client Secret | /Volumes/McGwire/hermes/google_client_secret.json |
600 | OAuth client |
| Hermes .env | /Volumes/McGwire/hermes/.env |
600 | HASS_TOKEN, DISCORD_TOKEN |
| OpenClaw Config | ~/.openclaw/openclaw.json |
— | Contains Ollama cloud API key, Slack tokens (disabled) |
Cron Jobs (Hermes)
| Job | Schedule | Route | Delivery |
|---|---|---|---|
| energy-snapshot-hourly | 0 * * * * |
Direct script | origin |
| morning-energy-report | 0 7 * * * |
Direct script | origin |
| evening-energy-report | 0 19 * * * |
Direct script | origin |
| market-prep-daily | 15 9 * * 1-5 |
Script (Robinhood→Reconcile→Report) | Discord |
| audible-ingestion | 0 5,17 * * * |
Direct script | Discord |
| robinhood-ingestion | 30 9,16 * * 1-5 |
Direct script | Discord |
| garden-report-tuesday | 0 7 * * 2 |
Scout→Rider→Hermes sends | origin |
| garden-report-friday | 0 16 * * 5 |
Scout→Rider→Hermes sends | origin |
| warner-security-scan | 0 6 * * * |
Warner agent | origin |
| docker-lab-maintenance | 15 3 * * * |
Argus→Cody | origin |
| linux-weekly-maintenance | 0 2 * * 0 |
Argus→Cody | origin |
MCP Bridge (Hermes ↔ OpenClaw)
Server: /Volumes/McGwire/openclaw/mcp-bridge/openclaw_mcp_server.py
Transport: stdio (Hermes spawns the process on demand)
Auth: OpenClaw gateway token in ~/.openclaw/openclaw.json
Tools Exposed
| Tool | Description | Example |
|---|---|---|
openclaw_spawn |
Send task to a subagent, get result | openclaw_spawn(agent="scout", task="query HA for battery SOC") |
openclaw_agents |
List available agents and models | openclaw_agents() |
openclaw_sessions |
List recent sessions for an agent | openclaw_sessions(agent="scout") |
How Hermes Calls OpenClaw
- User says something in Discord → Hermes decides it needs a subagent
- Hermes calls MCP tool:
openclaw_spawn(agent="scout", task="...") - MCP server runs:
openclaw agent --agent scout --message "..." - OpenClaw spawns Scout with its model (glm-5.1:cloud via musial)
- Scout executes tools (terminal, web, file) and returns result
- MCP server returns result to Hermes
- Hermes synthesizes and responds in Discord
Agent Skills (ClawHub)
| Agent | Skills Installed |
|---|---|
| Scout | in-depth-research, web-scraper-jina, home-assistant, github-cli, agentic-workflow-automation |
| Rider | human-writing, book-writing |
| Warner | security-scan, macos-security-scan |
| Argus | homelab-cluster, docker-essentials, home-assistant |
| Cody | code-review-fix, docker-compose, github-cli |
| Ledger | financial-analyst, financial-tracker |
Security: All skills scanned with /Volumes/McGwire/openclaw/scripts/scan_skill.sh before installation.
Known Issues & Workarounds
| Issue | Workaround |
|---|---|
| Hermes launchd EX_CONFIG (78) | Use nohup + watchdog instead of LaunchAgent. Filed NousResearch/hermes-agent#5589 |
| macOS LaunchAgents can't reach MQTT | Solar services run via nohup from interactive shell, not launchd |
| gemma4:e4b too small for agent tasks | Cloud models (glm-5, deepseek-v3.2) for all OpenClaw agents |
| OpenClaw session locks | Clear with find ~/.openclaw/agents -name "*.lock" -delete |
| Musial DNS (systemd-resolved dies) | /etc/resolv.conf points directly to Pi-hole (192.168.0.3) + Google (8.8.8.8) |
| Two config files in Hermes | ~/.hermes/config.yaml (CLI) and /Volumes/McGwire/hermes/config.yaml (gateway) — keep in sync |
| Python 3.9 vs 3.11 | Always use ~/.hermes/hermes-agent/venv/bin/python for scripts needing f-string features |
| Docker path on McGwire | ~/.orbstack/bin/docker (not in default PATH for SSH/launchd) |
Quick Reference Commands
# Restart Hermes gateway
pkill -f 'hermes_cli.main gateway'; sleep 3
HERMES_HOME=/Volumes/McGwire/hermes nohup ~/.hermes/hermes-agent/venv/bin/python -m hermes_cli.main gateway run --replace >> /Volumes/McGwire/hermes/logs/gateway.log 2>> /Volumes/McGwire/hermes/logs/errors.log &
# Restart OpenClaw gateway
pkill -f 'openclaw-gateway'; sleep 3
nohup openclaw gateway --allow-unconfigured > /Volumes/McGwire/openclaw/logs/gateway.log 2>&1 &
# Restart solar services
bash ~/.hermes/scripts/start_solar_services.sh
# Clear OpenClaw session locks
find ~/.openclaw/agents -name "*.lock" -delete
# SSH tunnel for Hermes dashboard
ssh -L 9119:localhost:9119 mcgwire
# Then open http://localhost:9119
# Test an OpenClaw agent
openclaw agent --agent scout --message "test"
# Hermes cron list
~/.hermes/hermes-agent/venv/bin/hermes cron list
# Check all running services
ps aux | grep -E 'hermes_cli|openclaw-gateway|eg4_mqtt|tigo_local|eg4_charger' | grep -v grep
# Scan a ClawHub skill before installing
bash /Volumes/McGwire/openclaw/scripts/scan_skill.sh /path/to/skill