Nous ResearchHermes Agent
Deploy Now

Docker Setup

·hermes agent dockerdockersecuritysandbox

Run Hermes Agent in Docker the right way — full sandboxed setup with persistent storage, volumes, and a clean upgrade path.

Want to try Hermes Agent yourself?

Try Hermes Free → Deploy in 60 seconds

Docker provides isolation for Hermes terminal operations — safer for autonomous agents. Here is how to set it up.

Why Docker

Docker gives you isolation that cloud tools like ChatGPT or Devin can't offer — your agent runs on your own hardware.

  • Sandboxed terminal commands
  • Read-only root filesystem (configurable)
  • Dropped Linux capabilities
  • Namespace isolation
  • Tirith security module integration

The trade-off: slightly more resource overhead. The gain: much safer autonomous operation.

Install Docker

On Mac: Docker Desktop On Linux: sudo apt install docker.io then sudo usermod -aG docker $USER

Verify: docker --version

Configure Hermes to Use Docker

hermes config set terminal.backend docker

Verify:

hermes config show | grep -A2 terminal

Docker Compose Example

For persistent volumes:

version: '3'
services:
  hermes:
    image: ghcr.io/nousresearch/hermes-agent:latest
    volumes:
      - ./data:/root/.hermes
    environment:
      - HERMES_MODEL_PROVIDER=openrouter
    stdin_open: true
    tty: true

Run: docker-compose up -d

Container Hardening

Hermes Docker mode uses security best practices:

  • Read-only root: Filesystem is read-only except where write needed
  • Dropped capabilities: Removes dangerous kernel access
  • Namespace isolation: Container has its own process/network space

This limits damage if the agent runs a compromised command.

Tirith Security Module

Tirith is Hermes' security layer. For Docker:

  • Commands scanned before execution
  • Blocked patterns: prompt injection, credential theft, backdoors
  • Docker sandbox adds additional isolation

Configure Tirith in config.yaml:

security:
  tirith:
    enabled: true
    block_patterns:
      - credential_exfiltration
      - prompt_injection

Common Issues

Docker not found

Ensure Docker is installed and running. docker ps to verify.

Permission denied

Add your user to the docker group: sudo usermod -aG docker $USER, then log out/in.

Container keeps restarting

Check logs: docker logs [container]

Alternatives

  • Local terminal: Default, no isolation
  • Docker: Good isolation, moderate overhead
  • SSH: Run on remote server
  • Daytona/Modal: Serverless, hibernates when idle

Sandboxed code execution via Docker

Setup guide VPS hosting

FAQ

Does Docker slow down the agent? Minimal overhead for most tasks. Noticeable for heavy file operations.

How to use Docker with Hermes

flyhermes.ai

Frequently Asked Questions

What security benefits does Docker provide for Hermes?

Docker sandboxes Hermes terminal operations with a read-only root filesystem (configurable), dropped Linux capabilities that remove dangerous kernel access, and namespace isolation for process and network space. This limits potential damage if the agent executes a compromised or adversarial command.

How do I configure Hermes to use Docker as its execution backend?

Run `hermes config set terminal.backend docker` and verify with `hermes config show | grep -A2 terminal`. Docker must be installed and running — verify with `docker ps`. Add yourself to the docker group with `sudo usermod -aG docker $USER` if you get permission errors.

Does Docker noticeably slow down Hermes?

For most tasks, the overhead is minimal — a few seconds on container startup and slightly more resource usage. You notice it most during heavy file operations or rapid tool-calling sequences. The security isolation is worth the overhead for autonomous operation.

How do I persist Hermes data when running in Docker?

Use Docker volumes or bind mounts in your docker-compose configuration — map a host directory like ./data:/root/.hermes to persist memory, skills, sessions, and config across container restarts and upgrades. Without this, data is lost when the container is removed.

What is the Tirith security module and how does it work with Docker?

Tirith is Hermes's built-in security layer that scans commands for prompt injection, credential exfiltration, and SSH backdoor patterns before execution. In Docker mode, Tirith adds another defense line — even if a malicious command bypasses the sandbox, Tirith blocks execution if it matches known attack signatures.

Ready to Run Your Own AI Agent?

Self-host Hermes in 60 seconds. No credit card, no cloud lock-in.

Deploy Hermes Free →

Related Posts

blog/hermes agent setup guideblog/hermes agent vps hosting