--- title: >- Hermes Agent Builds Itself While You Sleep: The Complete Guide to the 9-Hour Overnight Workflow summary: >- A full hour-by-hour map of the autonomous overnight cycle — from session close and self-improvement to knowledge ingestion, the morning briefing, the infrastructure behind it, and the security layers that make unattended operation safe. author: YanXbt authorUrl: 'https://x.com/IBuzovskyi' category: Automation difficulty: Advanced readingTime: 5 date: '2026-06-17' tags: - overnight - cron - automation - self-improvement - monitoring - kanban - security integrations: - Hermes Agent - Telegram - Slack - Discord - config.yaml --- Most AI agents wait for you to type. Hermes does something none of the others do: it gets smarter overnight. Between 11PM and 8AM, a properly configured setup monitors systems, ingests knowledge, completes scheduled work, refines its own skills, and lands a briefing in your Telegram by morning — for $7–30/month in infrastructure. This guide maps the full 9-hour cycle hour by hour, the infrastructure that makes it possible, what you review when you wake up, how to troubleshoot, the security layers that keep autonomous operation safe, and a realistic Day 1 → Month 1 timeline. All details are verified against Hermes Agent v0.16.0 "The Surface Release" (June 5, 2026). ## Why "While You Sleep" Is Not Marketing Most agents are reactive — you type, they respond, they sit idle the rest of the time. Hermes is architected differently. Three properties make overnight operation real: - **Persistent gateway process** — runs as a system service and never sleeps - **Cron daemon with a 60-second tick** — executes scheduled work - **Self-improvement loop** — refines skills after completed tasks This is concrete infrastructure running concrete jobs against concrete data, not "AI that pretends to work overnight." ## The 24-Hour Timeline ### 23:00 — Session close Your last conversation ends and the session closes cleanly. SessionDB persists conversation state. The memory loop scans the day's exchanges, extracts durable facts, and writes to `MEMORY.md` and `USER.md` (capped at roughly 800 and 500 tokens respectively). ### 23:30 — Self-improvement loop Completed tasks are reviewed in a background fork. Patterns that worked get saved as skills in `~/.hermes/skills/`. The agent does not announce this — you wake up to find new procedures in your skill library. (This is Loop 3 of the 8 nested loops Hermes runs in parallel.) ### 00:00 — Curator check Every 7 days the Curator wakes between sessions, scans `~/.hermes/skills/`, identifies redundant or stale procedures, and archives unused skills to `.archive/` (recoverable). Hub-installed skills stay off-limits, so the library stays clean without manual work. ### 02:00 — Competitive intel cron A cron job fires a Python script that scrapes competitor pricing pages and diffs against last week's snapshot. If nothing changed: `{"wakeAgent": false}` — zero LLM tokens spent. If something changed, the agent wakes, reads the diff, writes a summary to your wiki, and drafts a Telegram alert for the morning. ### 03:00 — Knowledge ingestion The LLM Wiki ingest cron runs. Hermes ships a bundled `llm-wiki` skill based on Andrej Karpathy's LLM Wiki pattern: a self-improving knowledge base of interlinked markdown files. Unlike RAG (which rediscovers knowledge every query), the wiki compiles knowledge once and keeps it current — cross-references stay linked and contradictions get flagged automatically. The cron pulls articles you saved during the day from a watch folder, indexes them into your Obsidian-compatible wiki, and updates affected pages. Set `WIKI_PATH` in `~/.hermes/.env` (defaults to `~/wiki`). ### 04:00 — Scheduled reports Weekly performance reviews, monthly billing summaries, and daily uptime reports. Most use `no_agent` mode (pure Python scripts, zero LLM cost). Output streams to Telegram or Slack via the gateway REST endpoints. ### 06:00 — Morning briefing prep A cron job assembles your briefing — overnight cron results, Kanban board state, new wiki entries, top calendar items, anything flagged urgent. This draft goes through the agent because it needs reasoning. ### 07:00 — Kanban dispatcher The dispatcher has been running every 60 seconds all night: zombie task detection, heartbeat tracking, retry budgets. Any tasks in "Ready" state get assigned to available workers. ### 08:00 — Briefing lands Your Telegram pings: 5 bullets max — what changed overnight, what needs attention, what's on the calendar, and token cost so far this month. You pour coffee, read the brief, and decide what matters. ## What You Review in the Morning The whole point of overnight automation is that mornings should be short — five surfaces, 7–10 minutes total. 1. **Telegram briefing (2 min)** — top 3 urgent items, overnight changes needing a decision, calendar highlights, monthly token spend, anything that triggered `wakeAgent`. Reply to act immediately. 2. **Kanban board (2 min)** — `hermes dashboard → Kanban`. Scan four columns: **Blocked** (your input required, handle first), **In Progress**, **Ready**, and **Done**. Anything you move to Ready gets picked up within 60 seconds. 3. **New skills review (1–2 min)** — `hermes skills --new` lists skills created in the last 24 hours. For each, ask: is it accurate, and should it run automatically or require approval? Bad skills get reused if you don't catch them early. 4. **Wiki additions (1–2 min)** — `ls ~/wiki/*.md -lt | head`. Skim new entries, contradictions the agent surfaced, and topics large enough to need a parent page. 5. **`/usage` check (30 sec)** — token spend today, this week, this month, compared against budget. ### The morning shortcut command Set a custom `/morning` command in your `SOUL.md` (or as a skill) that runs all five reviews and outputs one concise summary. Define it once, use it daily. Most days this is 7–10 minutes total; bad days 15–20 when something needs real attention. ## The Infrastructure That Makes This Work Five components running persistently: - **VPS or local machine running 24/7** — a Hetzner CX22 (~$7/month) handles the load. A local Mac Mini works but breaks if you lose power. - **Gateway as a system service** — runs through systemd (Linux), launchd (macOS), or Hermes's installed-service mode, surviving reboots. - **Cron daemon (60s tick)** — built into the gateway, fires scheduled jobs. - **Persistent storage** — `~/.hermes/` holds sessions, memory, skills, and the kanban DB, and survives restarts. Backups are just file copies. - **At least one messaging platform** — Telegram is fastest to set up; Discord and Slack work the same way. ### The Desktop app changes the morning workflow v0.16.0 "The Surface Release" shipped a native Electron app for macOS, Linux, and Windows. For a "while you sleep" setup it lets you connect to a **remote Hermes gateway** (your VPS runs 24/7; the Desktop app connects via OAuth or username/password to the same memory, skills, and sessions), run **concurrent multi-profile sessions** in separate tabs, **self-update in-app** without SSHing into the VPS, and **drag-and-drop files** back into chat for analysis. The Desktop app is a control surface — it does not replace the gateway on your VPS. ## How to Set Up "While You Sleep" Mode Without Mistakes Most overnight problems come from setup choices, not running operations. Five configurations prevent issues before they start. ### 1. Set hard token caps before the first cron fires ```yaml budget: daily_max_usd: 10 session_max_usd: 2 monthly_max_usd: 200 ``` The agent stops when it hits the limit. Set these *before* you create cron jobs, not after a surprise bill. ### 2. Use wakeAgent for every monitoring cron Default monitoring jobs to `wakeAgent` mode rather than full agent runs — the script detects change for free, and the agent only fires when something actually happened. ```bash /cron add "every 1h" \ --script check-something.py \ --prompt "[only runs if script says wakeAgent: true]" ``` Rule of thumb: if a cron job runs more than once per hour, it should have a `wakeAgent` gate. ### 3. Configure checkpoints before letting the agent touch files ```yaml checkpoints: enabled: true max_snapshots: 20 max_file_size_mb: 10 retention_days: 7 ``` The agent snapshots your directory before changes; `/rollback` restores state. Without checkpoints enabled, you cannot undo what the agent did overnight. ### 4. Write restrictions into SOUL.md before enabling autonomy The restrictions section of `SOUL.md` is your defense — and it must be specific. Vague rules ("be careful with my data") get ignored; specific ones get followed: ```markdown ## Restrictions Never deploy to production without me approving the diff. Never run `rm -rf` or destructive commands. Never spend more than $5 on a single API call. Never send messages to anyone except via my approved channels. Never modify files outside ~/projects/ without confirmation. Never push to a git remote autonomously. ``` ### 5. Set approval mode to smart for sensitive profiles ```yaml safety: approval_mode: smart redact_secrets: true ``` Smart mode uses an auxiliary model to classify risk. Risky actions arrive on Telegram with Approve/Reject buttons, so you stay in control of decisions that matter while the agent handles routine work. ### The order of setup matters Run setup in this order to avoid expensive mistakes: - **Day 0:** Install Hermes, write `SOUL.md` with restrictions, set budget caps, enable checkpoints - **Day 1:** Connect Telegram, test with manual tasks (no cron yet) - **Day 2:** Add ONE simple cron job (morning brief) - **Day 3–7:** Verify it runs cleanly for a week - **Week 2:** Add monitoring crons with `wakeAgent` gates - **Week 3+:** Expand based on what worked The most expensive mistakes happen when people skip Day 2–7 and create 10 cron jobs on day one. Start small, verify, expand. ## Overnight Troubleshooting Five things that break in real setups, each with the fix. **"Briefing didn't arrive"** — `hermes gateway status`. If the gateway crashed overnight, crons that compose messages through the agent fail silently. Fix: run the gateway as a systemd/launchd service so it auto-restarts. **"Cron fired but nothing happened"** — `hermes cron list` and `hermes logs --since 12h`. Common causes: script timeout (default 120s), a `wakeAgent` gate that returned false when it should have returned true, or an expired API key (`hermes doctor`). **"Agent did something I didn't expect"** — `/rollback` restores the last file checkpoint (`/rollback 3` goes back three). Then update `SOUL.md` restrictions to prevent it next time. **"Token spend is way higher than expected"** — `/usage` and `hermes prompt-size`. Usual culprits: `SOUL.md` grew too large (you pay for it every turn), a cron is `wakeAgent=true` when it should be false, or sub-agent delegation went deep (each child is its own session cost). **"Kanban tasks stuck in Running"** — the dispatcher detects zombies every 60 seconds, but you can manually reclaim with `hermes kanban reclaim `, or `hermes kanban pause` / `resume` to investigate. ## Telegram, Slack, or Discord All three use the same gateway, commands, and cron delivery — pick the one your team already lives in. - **Telegram (fastest):** `hermes gateway setup` → pick Telegram → message @BotFather → `/newbot` → paste token. Best for solo founders and mobile-first workflows. - **Slack (best for teams):** create an app at api.slack.com/apps, install to workspace, paste tokens. Deliver to channels with `--deliver slack:#engineering` or `--deliver slack:@username`. - **Discord (best for communities):** create an application at discord.com/developers, paste the bot token, invite to your server. The agent can even join live voice calls. A single cron job can fan out to multiple platforms — the agent generates one response and both receive it: ```bash /cron add "every day 8am" \ --prompt "Morning brief" \ --deliver telegram \ --deliver slack:#ops ``` ## Security: Five Layers That Keep It Safe The agent runs while you sleep, so protection matters more than people think. Five layers: 1. **SOUL.md restrictions** — hard rules become hard rules during autonomous runs, and they're scanned for prompt injection on load. 2. **Approval gates** — `approval_mode: smart` plus `redact_secrets` and `browser_private_urls` send risky actions to your home channel with Approve/Reject buttons. 3. **Checkpoints** — directory snapshots before file changes mean `/rollback` can always restore state. 4. **Token budget cap** — a hard `daily_max_usd` / `session_max_usd` means a runaway cron can spend $X but not $X+1. 5. **Docker or VPS isolation** — running in a container or separate VPS limits blast radius to only what you mounted. Together these make autonomous overnight operation safe enough to actually use. Without them you wake up worried; with them you wake up curious. ## The Realistic Timeline The compounding is real but measurable on a normal timeline. | Stage | What you have | What it feels like | | --- | --- | --- | | **Day 1** | Gateway + Telegram, 1–3 crons, empty skill library and `MEMORY.md`, starter `SOUL.md` | A basic brief. Useful but not impressive — the agent knows almost nothing about you yet. | | **Week 2** | 5–10 crons, 8–12 self-created skills, `MEMORY.md` with 1500–2000 chars, wiki with 20–50 entries | Briefings reference *your* projects and deadlines. First "okay, this is different" moment. | | **Month 1** | 12–15 crons, 20–30 skills, full memory + dialed-in `USER.md`, wiki with 100–200 cross-referenced entries, Curator has pruned 5–10 stale skills | Briefings surface patterns you didn't notice; the agent suggests crons you didn't think to add. | A Day 30 agent makes decisions a Day 1 agent could not — same model, same setup, different output quality because the system accumulated context. ## Realistic Overnight Costs Token math for a typical setup: ~5 `wakeAgent` crons through the night (most fire on `wakeAgent: false` at zero LLM cost), 1–2 firing on actual changes (5–15K tokens each), morning briefing generation (10–20K tokens), and background self-improvement work. - **Realistic overnight token spend:** 30–60K tokens - **At Claude Sonnet pricing:** ~$0.20–0.40 per night - **At GPT-5.5 via Codex (included):** $0 - **Plus VPS:** ~$7/month → total infrastructure $7–25/month A virtual assistant doing the same work costs $500–2000/month. ## Setup Checklist Six steps to "while you sleep" mode: 1. Deploy a VPS (Hetzner CX22, ~$7/month) 2. Install Hermes via the one-command install script 3. Run `hermes setup --portal` for the fastest model + tools + gateway path 4. Set `SOUL.md` with clear restrictions 5. Connect Telegram as your home channel for briefings 6. Add 3 starter cron jobs — morning brief, competitor scan, weekly review That gets you to Day 1. Week 2 happens by using it. Month 1 happens because the system keeps running. ## The Compounding Point The reason "while you sleep" isn't a gimmick: every overnight cycle adds something the next cycle can use. A new skill from yesterday accelerates a task next week. A memory entry from this morning sharpens tomorrow's brief. A wiki entry from Tuesday catches a contradiction on Thursday. A reactive AI tool resets every conversation — Hermes resets nothing. The state on Day 30 is the accumulated result of small, mostly invisible improvements from Days 1–29. That's what "the agent that grows with you" means in practice. --- *Written by [YanXbt](https://x.com/IBuzovskyi). Extended versions of his articles are on his [Substack](https://substack.com/@yanxbt). All technical details verified against Hermes Agent v0.16.0 "The Surface Release" (June 5, 2026) documentation.*