~/.hermes, previews every change before applying, redacts secrets in plans and reports, and writes a verified OpenClaw backup before it touches anything.
Imports require a fresh OpenClaw setup. If you already have local OpenClaw state, reset config, credentials, sessions, and the workspace first, or use
openclaw migrate apply hermes directly with --overwrite after reviewing the plan.Two ways to import
- Onboarding wizard
- CLI
Detects Hermes at Or point at a specific source:
~/.hermes and shows a preview before applying.What gets imported
Model configuration
Model configuration
- Default model selection from Hermes
config.yaml. - Configured model providers and custom OpenAI-compatible endpoints from
providersandcustom_providers.
MCP servers
MCP servers
MCP server definitions from
mcp_servers or mcp.servers.Workspace files
Workspace files
SOUL.mdandAGENTS.mdare copied into the OpenClaw agent workspace.memories/MEMORY.mdandmemories/USER.mdare appended to the matching OpenClaw memory files instead of overwriting them.
Memory configuration
Memory configuration
Memory config defaults for OpenClaw file memory. External memory providers such as Honcho are recorded as archive or manual-review items so you can move them deliberately.
Skills
Skills
Skills with a
SKILL.md file under skills/<name>/ are copied, along with per-skill config values from skills.config.Auth credentials
Auth credentials
Interactive
openclaw migrate asks before importing auth credentials, with yes selected by default. Accepting imports OpenCode OpenAI OAuth and GitHub Copilot entries from OpenCode’s auth.json, plus the supported Hermes .env keys. Hermes’s own auth.json OAuth entries are legacy state: they surface as a manual reauth/doctor item instead of importing into live auth. Use --include-secrets to import credentials in a non-interactive run, --no-auth-credentials to skip credential import entirely, or the onboarding wizard’s --import-secrets flag.What stays archive-only
The provider copies these into the migration report directory for manual review, but does not load them into live OpenClaw config or credentials:plugins/sessions/logs/cron/mcp-tokens/state.db
Recommended flow
Preview the plan
Apply with backup
--yes to answer the credential prompt interactively, or add --include-secrets to include supported credentials in an unattended run.Run doctor
Conflict handling
Apply refuses to continue when the plan reports conflicts (a file or config value already exists at the target). Conflicts are unusual on a fresh install. They typically show up when you re-run the import against a setup that already has user edits. If a conflict surfaces mid-apply (for example, an unexpected race on a config file), Hermes marks remaining dependent config items asskipped with reason blocked by earlier apply conflict instead of writing them partially. The migration report records each blocked item so you can resolve the original conflict and rerun the import.
Secrets
Interactiveopenclaw migrate asks whether to import detected auth credentials, with yes selected by default.
- Accepting imports OpenCode OpenAI OAuth and GitHub Copilot entries from OpenCode’s
auth.json, plus the supported.envkeys. Hermes’s ownauth.jsonOAuth entries are reported for manual OpenAI reauth or doctor repair instead. - Use
--no-auth-credentials, or answer no at the prompt, to import non-secret state only. - Use
--include-secretsto import credentials in an unattended--yesrun. - Use the onboarding wizard’s
--import-secretsflag to import credentials from the wizard.
JSON output for automation
--json and no --yes, apply prints the plan and does not mutate state — the safest mode for CI and shared scripts.
Troubleshooting
Apply refuses with conflicts
Apply refuses with conflicts
Inspect the plan output. Each conflict identifies the source path and the existing target. Decide per item whether to skip, edit the target, or rerun with
--overwrite.Hermes lives outside ~/.hermes
Hermes lives outside ~/.hermes
Pass
--from /actual/path (CLI) or --import-source /actual/path (onboarding).Onboarding refuses to import on an existing setup
Onboarding refuses to import on an existing setup
Onboarding imports require a fresh setup. Either reset state and re-onboard, or use
openclaw migrate apply hermes directly, which supports --overwrite and explicit backup control.API keys did not import
API keys did not import
Interactive
openclaw migrate imports API keys only when you accept the credential prompt. Non-interactive --yes runs need --include-secrets; onboarding imports need --import-secrets. Only the supported .env keys are recognized — other .env variables are ignored.Related
openclaw migrate: full CLI reference, plugin contract, and JSON shapes.- Onboarding: wizard flow and non-interactive flags.
- Migrating: move an OpenClaw install between machines.
- Doctor: post-migration health check.
- Agent workspace: where
SOUL.md,AGENTS.md, and memory files live.