From 146add2a64e077db5be1f735a9e332fbc6045c30 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 13:34:12 -0400 Subject: [PATCH 1/3] fix: use full hermes path and gosu in multi-gateway launcher MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use /opt/hermes/.venv/bin/hermes (full path) — not on PATH before entrypoint.sh sources the venv - Wrap with gosu hermes to avoid root guard in gateway run - Add error check if hermes binary doesn't exist --- run-multi-gateways.sh | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100755 run-multi-gateways.sh diff --git a/run-multi-gateways.sh b/run-multi-gateways.sh new file mode 100755 index 0000000..cedf365 --- /dev/null +++ b/run-multi-gateways.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Multi-gateway launcher for HERMES_PROFILES env var. +# Reads comma-separated profile names, spawns one gateway per profile. +# Designed to run before the main entrypoint — gateways run in background. +set -e + +if [ -z "${HERMES_PROFILES}" ]; then + echo "HERMES_PROFILES not set — skipping multi-gateway launch" + exit 0 +fi + +# Source venv to make 'hermes' available (entrypoint.sh sources it later, +# but we need it NOW for the background gateways) +HERMES_BIN="/opt/hermes/.venv/bin/hermes" +if [ ! -x "$HERMES_BIN" ]; then + echo "ERROR: hermes binary not found at $HERMES_BIN" + exit 1 +fi + +mkdir -p /opt/data/logs + +IFS=',' read -ra PROFILES <<< "${HERMES_PROFILES}" +for profile in "${PROFILES[@]}"; do + profile="$(echo "${profile}" | xargs)" # trim whitespace + [ -z "${profile}" ] && continue + + echo "Starting gateway for profile: ${profile}" + API_SERVER_ENABLED=false \ + nohup gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \ + >> "/opt/data/logs/gateway-${profile}.log" 2>&1 & +done + +echo "All gateways launched: ${HERMES_PROFILES}" From 645d519030a9a78ddac75ee6e224d1948b67dec6 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 13:52:05 -0400 Subject: [PATCH 2/3] fix: use env to force API_SERVER_ENABLED=false in multi-gateway launcher Shell prefix didn't work with nohup+gosu chain - Docker compose env var API_SERVER_ENABLED=true leaked through. Using 'env' command guarantees the override is in the child process env. --- run-multi-gateways.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/run-multi-gateways.sh b/run-multi-gateways.sh index cedf365..26db250 100755 --- a/run-multi-gateways.sh +++ b/run-multi-gateways.sh @@ -25,8 +25,7 @@ for profile in "${PROFILES[@]}"; do [ -z "${profile}" ] && continue echo "Starting gateway for profile: ${profile}" - API_SERVER_ENABLED=false \ - nohup gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \ + nohup env API_SERVER_ENABLED=false gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \ >> "/opt/data/logs/gateway-${profile}.log" 2>&1 & done From e8075fb71bf317878ef52d53b3e825e2b4e3bae9 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 13:53:53 -0400 Subject: [PATCH 3/3] fix: also clear API_SERVER_KEY for profile gateways Line 1521 in gateway/config.py: if api_server_enabled or api_server_key: The compose.yml sets API_SERVER_KEY=hermes_local_key, which was enough to enable the API server even with API_SERVER_ENABLED=false. --- run-multi-gateways.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-multi-gateways.sh b/run-multi-gateways.sh index 26db250..f23ac78 100755 --- a/run-multi-gateways.sh +++ b/run-multi-gateways.sh @@ -25,7 +25,7 @@ for profile in "${PROFILES[@]}"; do [ -z "${profile}" ] && continue echo "Starting gateway for profile: ${profile}" - nohup env API_SERVER_ENABLED=false gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \ + nohup env API_SERVER_ENABLED=false API_SERVER_KEY= gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \ >> "/opt/data/logs/gateway-${profile}.log" 2>&1 & done