When Hermes executes a terminal command, where does it actually run? That depends on your terminal backend configuration. Hermes supports six backends, each with different security, isolation, and capability tradeoffs.
The Six Backends
| Backend | Runs On | Best For |
|---|---|---|
| local | Your machine | Development, personal use |
| docker | Container | Sandboxing, CI/CD |
| ssh | Remote server | Security, powerful hardware |
| modal | Cloud VM | GPU, serverless, scaling |
| daytona | Cloud workspace | Teams, persistence |
| singularity | HPC container | Clusters, research |
Backend Comparison
Security Isolation
Local: [LOW] Agent has full machine access
Docker: [HIGH] Container isolation, dropped caps
SSH: [HIGH] Agent code stays local, execution remote
Modal: [HIGH] Ephemeral cloud VMs
Daytona: [HIGH] Managed cloud workspaces
Singularity: [HIGH] No root, user-level container
Access to Local Files
Local: ✓ Full access
Docker: ◐ Only mounted directories
SSH: ✗ Remote files only
Modal: ✗ Cloud storage only
Daytona: ◐ Workspace files
Singularity: ◐ Bound directories
Cost
Local: Free (your hardware)
Docker: Free (local containers)
SSH: Free (if you have a server)
Modal: Pay-per-use ($0.01+/min)
Daytona: Subscription based
Singularity: Free (uses HPC allocation)
When to Use Each
Local (Default)
Commands run directly on your machine. Fast, simple, full access.
Use when: Personal development, trusted tasks, maximum speed.
Avoid when: Running untrusted code, need isolation.
Docker
Commands run in an isolated container. Agent can't access your filesystem, API keys, or system files unless explicitly mounted.
Use when: Sandboxing, reproducible environments, CI/CD pipelines.
Configuration:
terminal:
backend: docker
docker_image: nikolaik/python-nodejs:python3.11-nodejs20
container_memory: 5120 # 5GB
container_persistent: true
SSH
The most secure option. Agent code stays on your machine, commands execute on a remote server. The agent can't read its own .env or modify its own code.
Use when: Maximum security, using remote GPU servers, keeping secrets protected.
Configuration:
terminal:
backend: ssh
ssh_host: my-server.com
ssh_user: agent
ssh_key: ~/.ssh/id_rsa
cwd: /home/agent/workspace
Modal
Serverless cloud execution. Containers spin up on demand, hibernate when idle. GPU access available.
Use when: Need GPU, variable workloads, pay-per-use pricing.
Configuration:
terminal:
backend: modal
modal_image: nikolaik/python-nodejs:python3.11-nodejs20
container_cpu: 2
container_memory: 8192
Daytona
Managed cloud development environments. Persistent workspaces with team collaboration features.
Use when: Team environments, need persistence, want managed infrastructure.
Singularity/Apptainer
HPC-focused container runtime. Runs without root access, perfect for shared compute clusters.
Use when: University clusters, research computing, HPC environments.
Resource Limits
All container backends support resource limits:
terminal:
container_cpu: 2 # CPU cores
container_memory: 5120 # MB (5GB)
container_disk: 51200 # MB (50GB)
container_persistent: true # Keep filesystem
Switching Backends
Change at runtime:
hermes config set terminal.backend docker
hermes config set terminal.backend ssh
Or in config.yaml:
terminal:
backend: docker # local | docker | ssh | modal | daytona | singularity