Hermes is our private, local AI assistant, and it is only as good as what it remembers. This week we taught it to remember better.
Hermes funciona íntegramente en nuestro propio hardware: un modelo de lenguaje local en una RTX 3060, dentro de un contenedor Proxmox, con un puñado de herramientas conectadas mediante MCP. Ya tenía memoria, un corpus de Generación Aumentada por Recuperación construido a partir de nuestras notas curadas más miles de observaciones destiladas de las sesiones. Pero habían aparecido tres grietas, y esta sesión consistió en sellar las tres.
1. Hermes goes online, safely
Until now Hermes only answered from a terminal on the local network. We gave it a front door: hermes.elpanocho.com. A DNS record points at our office router, which already forwards web traffic to a central Nginx reverse proxy; there we added a virtual host that terminates TLS with a Let's Encrypt certificate and proxies through to Hermes's web chat. Authentication stays on, sign-ups stay off, and the powerful tools such as shell and Odoo access remain admin-only.
One small surprise along the way: our two domains sit with the same DNS provider but expose two completely different control panels. We had to map both by hand and write down the exact steps for each, so next time is a copy-paste instead of an archaeology dig.
2. One repository to back them all
Hermes's memory is plain text under version control, pushed to a private Git repository at the end of every session. The catch: only one of our six projects was actually being backed up. The other five, hundreds of files, lived only on disk.
We restructured the backup so a single repository now tracks the memory folders of all six projects at once, with a scoped ignore rule that keeps the heavy transcripts out. Because the main branch is protected, we did it as a clean, forward-only commit on top of the existing history rather than a force-push: no history lost, nothing overwritten.
3. The memory was quietly lying
Here is the uncomfortable part. Hermes's search corpus had been built by flattening every project's notes into one single folder. The problem: each project owns files with the same names, six files literally called MEMORY.md and dozens of shared note names. Flattened together, 404 files collapsed into 207, and the rest were silently overwritten. Half of what Hermes was supposed to know never made it into the index.
We fixed the shape, not just the contents. The corpus is now namespaced per project, and the indexer walks it recursively, tagging every chunk with its project of origin. No more collisions, and every answer can point back to where it came from.
4. A corpus that refreshes itself
A correct corpus that goes stale is just a slower lie. So we wrote a one-command refresh that stages all six projects, ships them into the container, re-exports the session memory, rebuilds the embeddings on the GPU, and restarts the tool server so the new index is actually loaded. Then we put it on a weekly timer.
The rebuilt index went from a flattened 346 files to 555 files and 12,697 searchable chunks. We verified it: ask Hermes about today's remote-access work and it answers from the right, freshly indexed notes, with the project name attached.
Cómo se construyó
Most of this session ran as small teams of agents working in parallel: some authored the indexer and the refresh script, others verified retrieval and wrote the operations document, while the irreversible step of wiping and rebuilding a live corpus stayed under a single careful hand. It is the same pattern we keep coming back to: fan out the safe work, serialize the dangerous bit.
Hermes now remembers all of it, including, soon enough, this very post.
This story began in Shaping Hermes: a private, local AI assistant.