From 6b33c3099ad8af7c89e83f9d3f4ced9e02d1b53d Mon Sep 17 00:00:00 2001
From: Hermes <hermes@lazyworkhorse.net>
Date: Tue, 19 May 2026 20:03:34 -0400
Subject: [PATCH] feat: add Hermes Workspace alongside existing Hermes Agent

- Add HERMES_DASHBOARD=1 env vars to existing hermes service
  (enables multi-agent dashboard API on port 9119)
- Add healthcheck to hermes service (required for workspace dep)
- Add hermes-workspace service (ghcr.io/outsourc-e/hermes-workspace:latest)
  - Connects to existing gateway at hermes:8642 and dashboard at hermes:9119
  - Shares Hermes data volume for config/sessions/skills/memory
  - Exposed via Traefik at workspace.lazyworkhorse.net (port 3000)
  - Requires HERMES_WORKSPACE_PASSWORD in .env (agenix)
- Networks: ai_backend + ai_net (for Traefik)
---
 ai/compose.yml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/ai/compose.yml b/ai/compose.yml
index 1db7831..265f725 100644
--- a/ai/compose.yml
+++ b/ai/compose.yml
@@ -52,6 +52,10 @@ services:
       - ROCR_VISIBLE_DEVICES=0,1
       - HSA_ENABLE_SDMA=0
       - TZ=America/Montreal
+      # Hermes Workspace dashboard (port 9119) — enables multi-agent web UI
+      - HERMES_DASHBOARD=1
+      - HERMES_DASHBOARD_HOST=0.0.0.0
+      - HERMES_DASHBOARD_PORT=9119
     volumes:
       - /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
       # Syncthing-shared org files — read-only view of user's agenda
@@ -66,6 +70,12 @@ services:
       - "26"
     networks:
       - ai_backend
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://localhost:8642/health && curl -fsS http://localhost:9119/api/status || exit 1"]
+      interval: 15s
+      timeout: 5s
+      retries: 5
+      start_period: 60s
 
   syncthing:
     image: syncthing/syncthing:latest
@@ -129,6 +139,46 @@ services:
       - "303"
       - "26"
 
+  # ── Hermes Workspace ──────────────────────────────────────────
+  # Web UI for Hermes Agent — chat, memory, skills, terminal,
+  # multi-agent swarm orchestration. Connects to the existing
+  # hermes gateway (port 8642) and dashboard (port 9119).
+  hermes-workspace:
+    image: ghcr.io/outsourc-e/hermes-workspace:latest
+    container_name: hermes-workspace
+    restart: unless-stopped
+    depends_on:
+      hermes:
+        condition: service_healthy
+    environment:
+      HERMES_API_URL: http://hermes:8642
+      HERMES_DASHBOARD_URL: http://hermes:9119
+      HERMES_API_TOKEN: ${API_SERVER_KEY}
+      HERMES_PASSWORD: ${HERMES_WORKSPACE_PASSWORD:?must be set}
+      COOKIE_SECURE: "1"
+    volumes:
+      # Share the same Hermes data — workspace reads config, sessions,
+      # skills, memory from the agent's persistent volume
+      - /mnt/HoardingCow_docker_data/Hermes/data:/home/workspace/.hermes
+    networks:
+      - ai_backend
+      - ai_net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=ai_net"
+
+      - "traefik.http.routers.workspace-http.rule=Host(`workspace.lazyworkhorse.net`)"
+      - "traefik.http.routers.workspace-http.entrypoints=web"
+      - "traefik.http.routers.workspace-http.middlewares=redirect-to-https"
+
+      - "traefik.http.routers.workspace-https.rule=Host(`workspace.lazyworkhorse.net`)"
+      - "traefik.http.routers.workspace-https.entrypoints=websecure"
+      - "traefik.http.routers.workspace-https.tls=true"
+      - "traefik.http.routers.workspace-https.tls.certresolver=njalla"
+
+      - "traefik.http.services.workspace.loadbalancer.server.port=3000"
+# ─────────────────────────────────────────────────────────────
+
 networks:
   ai_net:
     external: true