Safe Local Terminal Operations
Terminal access is powerful because it lets Rocky inspect real files, run tests, build artifacts, and deploy. That same power requires discipline.
Official Hermes Agent docs: https://hermes-agent.nousresearch.com/docs/reference/tools-reference
Read-first checklist
- Inspect the working directory and relevant files before editing.
- Use file search and file readers instead of dumping large files into logs.
- Prefer targeted patches over broad rewrites when changing existing code.
- Run commands in the project directory, not an assumed location.
- Keep generated QA artifacts out of deploy contexts when possible.
Commands that deserve extra care
- Recursive delete or move commands.
- Git reset, force push, or branch rewrites.
- Secret printing commands.
- Production deploy commands.
- Package manager operations that can rewrite many files.
- Long-running servers or watchers that need process tracking.
Output discipline
A command returning zero is useful evidence, but it is not always enough. For visual pages, inspect screenshots. For live deployments, fetch the mapped domain. For file writes, read or parse the file afterward.
Pitfalls
- Running commands from the wrong directory.
- Letting a terminal pager hang an automated session.
- Printing secrets or environment files into logs.
- Using shell-level backgrounding instead of tracked background processes.
- Assuming the host system matches a remembered user profile.
Verification steps
- Check the command exit code and relevant stdout/stderr.
- Re-run a narrower command if output is ambiguous.
- Confirm changed files parse or build.
- Confirm production changes from the outside, not only from local command output.
