Skip to content

Read-Only Hermes Vault Access + Context Packet Intake

Created: 2026-06-30 for PAR-226.

Decision

  • ~/hermes-vault on the Hermes machine remains the canonical writable vault.
  • External machines and agents get read-only access only.
  • External machines submit context packets into PCM review; they do not write directly to the vault.

Renderer choice

Chosen v1 renderer: MkDocs Material.

Why:

  • Already installed in the Hermes venv.
  • Builds locally with no Node/Quartz bootstrap.
  • Mobile-friendly theme and built-in search.
  • Simple static output in ~/hermes-vault/.site.
  • Easy to serve behind Tailscale or Cloudflare Access.

Rejected/deferred for v1:

  • Quartz: better Obsidian/backlink fidelity, but extra Node project setup and more moving parts. Keep as v2 if backlinks/graph become important.
  • GitHub as primary surface: useful backup, bad human access surface for mobile reading.

Auth/access boundary

Preferred initial boundary: Tailscale-only.

  • Bind any local static server to the Tailscale IP or localhost behind a Tailscale-accessible reverse proxy.
  • Do not expose the vault to the public internet.
  • Cloudflare Access is acceptable later if Adam wants browser access without Tailscale.

Suggested local serve command:

cd ~/hermes-vault
mkdocs build
python3 -m http.server 8008 --directory .site --bind 127.0.0.1

For persistent serving, wrap that command in systemd user service or Caddy/nginx behind Tailscale. Do not start it from the Slack gateway thread without telling Adam first if it would require gateway/service changes.

Git backup/sync path

The vault is already a Git repo with private remote:

origin git@github.com:parrottpy/hermes-vault.git

Operational rule:

  1. Hermes writes/promotes to ~/hermes-vault.
  2. Hermes commits vault changes locally.
  3. Hermes pushes to the private GitHub backup remote.
  4. Git remains backup/recovery/sync plumbing, not the primary reading surface.

Do not create writable clones on work machines. Use web rendering or curated context packs instead.

Context packet intake

Template:

  • ~/hermes-vault/Templates/Context-Packet-Template.md

Ingest command:

python3 ~/.hermes/scripts/ingest_context_packet.py /path/to/context-packet.md

This creates:

  • raw copy: ~/.hermes/context-inbox/raw/context-packets/YYYY-MM-DD/<slug>-<hash>.md
  • PCM candidate: ~/.hermes/context-inbox/incoming/context-packets/YYYY-MM-DD/<slug>-<hash>.yaml

Then the existing PCM digest/review flow handles review/promote decisions:

cd ~/projects/prefect-flows
python scripts/pcm_weekly_review.py --dry-run
python scripts/pcm_weekly_review.py --decisions-file /path/to/decisions.yaml

External machine rules

  • Work machine: read web vault or curated pack only; do not clone/write full vault.
  • Claude Code/work agent: produce one daily context packet using the template.
  • Phone: submit a short packet via Slack/message/file if needed; Hermes ingests it.
  • Secrets/tokens never go in context packets.
  • Work-sensitive context should be marked work-sensitive and defaults to review-required/raw-only unless Adam approves promotion.

Follow-up options

  • Add Cloudflare Access deployment if Adam wants browser access outside Tailscale.
  • Add a Slack/file watcher or email ingest job that saves attachments and calls ingest_context_packet.py automatically.
  • Revisit Quartz if backlinks/graph become essential.