HERMES_HOME and the active Hermes profile, falling back to ~/.hermes on macOS/Linux or %LOCALAPPDATA%\hermes on Windows. It previews every change before applying, redacts secrets in plans and reports, and writes a verified OpenClaw backup before it touches anything. An explicit --from path always wins.
Imports require a fresh OpenClaw setup. If you already have local OpenClaw state, reset config, credentials, sessions, and the workspace first, or use
openclaw migrate apply hermes directly with --overwrite after reviewing the plan.Two ways to import
- Onboarding wizard
- CLI
Detects the active Hermes home/profile and shows a preview before applying.Or point at a specific source:
What gets imported
Model configuration
Model configuration
- Default model selection from Hermes
config.yaml. - Configured model providers and custom endpoints from
model,providers, andcustom_providers, including current Hermes Chat Completions, Codex Responses, and Anthropic Messages transports.
MCP servers
MCP servers
MCP server definitions from
mcp_servers or mcp.servers, including disabled state, timeouts, parallel-tool support, OAuth scope, compatible TLS fields, and native/resource/prompt tool policy. Literal environment variables and headers require credential-import consent. Hermes-only lifecycle, sampling, elicitation, preflight, keepalive, CA-bundle, password-protected client-key, and pre-registered OAuth-client settings become manual-review items instead of invalid OpenClaw config.Workspace files
Workspace files
SOUL.mdandAGENTS.mdare copied into the OpenClaw agent workspace.memories/MEMORY.mdandmemories/USER.mdare appended to the matching OpenClaw memory files instead of overwriting them.
Memory configuration
Memory configuration
Memory config defaults for OpenClaw file memory. External memory providers such as Honcho are recorded as archive or manual-review items so you can move them deliberately.
Skills
Skills
Skills with a
SKILL.md file anywhere under skills/ are discovered recursively, flattened into the OpenClaw workspace skill directory, and copied with their support files. Per-skill config values from skills.config are preserved.Auth credentials
Auth credentials
Interactive
openclaw migrate asks before importing auth credentials, with yes selected by default. Accepted imports include current Hermes OpenAI Codex OAuth entries, OpenCode OpenAI OAuth and GitHub Copilot entries, and the supported Hermes .env keys. Use --include-secrets for non-interactive import, --no-auth-credentials to skip credentials, or onboarding’s --import-secrets flag. After importing Hermes OAuth, do not keep Hermes and OpenClaw using the same refresh grant; reauthenticate one side before running both.What stays archive-only
The provider copies these into the migration report directory for manual review, but does not load them into live OpenClaw config or credentials:plugins/sessions/logs/cron/mcp-tokens/plans/,workspace/,skins/, andkanban/pairing/andplatforms/stores, plus gateway routing/process statestate.db,hermes_state.db,projects.db,response_store.db,memory_store.db,verification_evidence.db,kanban.db, andretaindb_queue.db
Recommended flow
1
Preview the plan
2
Apply with backup
--yes to answer the credential prompt interactively, or add --include-secrets to include supported credentials in an unattended run.3
Run doctor
4
Restart and verify
Conflict handling
Apply refuses to continue when the plan reports conflicts (a file or config value already exists at the target). Conflicts are unusual on a fresh install. They typically show up when you re-run the import against a setup that already has user edits. If a conflict surfaces mid-apply (for example, an unexpected race on a config file), that item is reported as a conflict while independent files, skills, credentials, archives, and config entries continue. Resolve the conflicted item and rerun the import; identical memory imports are idempotent.Secrets
Interactiveopenclaw migrate asks whether to import detected auth credentials, with yes selected by default.
- Accepting imports current Hermes OpenAI Codex OAuth entries, OpenCode OpenAI OAuth and GitHub Copilot entries, and the supported
.envkeys. - Use
--no-auth-credentials, or answer no at the prompt, to import non-secret state only. - Use
--include-secretsto import credentials in an unattended--yesrun. - Use the onboarding wizard’s
--import-secretsflag to import credentials from the wizard.
JSON output for automation
--json and no --yes, apply prints the plan and does not mutate state — the safest mode for CI and shared scripts.
Troubleshooting
Apply refuses with conflicts
Apply refuses with conflicts
Inspect the plan output. Each conflict identifies the source path and the existing target. Decide per item whether to skip, edit the target, or rerun with
--overwrite.Hermes lives outside ~/.hermes
Hermes lives outside ~/.hermes
Pass
--from /actual/path (CLI) or --import-source /actual/path (onboarding).Onboarding refuses to import on an existing setup
Onboarding refuses to import on an existing setup
Onboarding imports require a fresh setup. Either reset state and re-onboard, or use
openclaw migrate apply hermes directly, which supports --overwrite and explicit backup control.API keys did not import
API keys did not import
Interactive
openclaw migrate imports API keys only when you accept the credential prompt. Non-interactive --yes runs need --include-secrets; onboarding imports need --import-secrets. Only the supported .env keys are recognized — other .env variables are ignored.Related
openclaw migrate: full CLI reference, plugin contract, and JSON shapes.- Onboarding: wizard flow and non-interactive flags.
- Migrating: move an OpenClaw install between machines.
- Doctor: post-migration health check.
- Agent workspace: where
SOUL.md,AGENTS.md, and memory files live.