0 Docker on Docker with Zero Footprint

If you want absolutely nothing on your Mac's hard drive except Ollama—no project files, no GitHub downloads, and no Hermes settings folders—we have to change one thing from the previous step.

Instead of saving Hermes' memory to a folder on your Mac (like ~/.hermes), we will create a Docker Volume. Think of a Docker Volume as a hidden, encrypted vault that lives entirely inside the Docker engine. Your Mac's operating system doesn't even know what's inside it.

Here is exactly how to set up this ultimate, zero-footprint architecture where only Ollama touches your Mac:

Step 1: Start Ollama on the Mac (Your "Brain")¶

This is the only thing running on your actual Mac.

Open your Terminal and make sure your model is running:

ollama run qwen2.5-coder

(Leave this running and open a new Terminal window for the next steps).

Step 2: Create the Hidden Docker Vault¶

Instead of making a folder on your Mac, tell Docker to create an isolated storage vault for Hermes to remember its settings.

In your new Terminal, run:

docker volume create hermes_vault

Your Mac cannot easily browse this vault. It exists purely within Docker's isolated matrix.

Step 3: Run the Setup (100% Inside Docker)¶

Now we pull the Hermes Agent and attach it to the vault. Paste this command:

docker run -it --rm \

-v hermes_vault:/opt/data \

nousresearch/hermes-agent setup

During the setup wizard:

Provider: Select Local / Ollama.
URL: Tell it how to find the brain on your Mac by typing exactly this:

http://host.docker.internal:11434

Step 4: Launch the Agent with "Sibling Sandbox" Powers¶

Now, launch Hermes using the vault we created, and give it the "keys" to Docker (the Docker socket) so it can build quarantine zones for the GitHub repos.

docker run -it --rm --name my-agent1 --user=0\

-v myagent:/opt/data \ -v /Users/feng/AI_Sandbox:/Users/feng/AI_Sandbox \

-v /var/run/docker.sock:/var/run/docker.sock \

nousresearch/hermes-agent gateway

docker run --privileged -d --name my-agent1 \

--restart=always \

--user=0 \

-v /Users/feng/AI_Sandbox:/Users/feng/AI_Sandbox \

-v myagent:/opt/data \

-v /var/run/docker.sock:/var/run/docker.sock \

nousresearch/hermes-agent gateway

How This Architecture Works (The "Zero Consequence" Guarantee):¶

When you tell Hermes inside the terminal: "Download this GitHub repo and run it."

The Request: Hermes (living inside Docker) reaches out through host.docker.internal to ask Ollama (on your Mac) how to write the code.
The Execution: Hermes uses the /var/run/docker.sock bridge to command Docker Desktop: "Build a completely new Docker container next to me."
The Sandbox: Docker creates a new container. Hermes downloads the GitHub code directly into that container.

Where are the files?

They are inside Docker. If the GitHub app writes 10,000 junk files, creates a virus, or breaks the operating system, it only breaks the temporary sandbox container.

When you are done, you close the terminal. The sandbox is destroyed. Your Mac's file system is 100% untouched, and you have zero leftover junk files on your hard drive. You achieve complete isolation.