fix(hermes-workspace): add HOST/ENV vars, drop redundant nodejs install

- Add ENV HOST=0.0.0.0 so workspace listens on all interfaces
  (required for Traefik reverse proxy to reach it)
- Add ENV NODE_ENV=production for production-mode optimizations
- Remove apt-get install of nodejs (already in base image,
  apt version would be older and could conflict)
- Only install tmux and curl in the workspace layer
- entrypoint-combined.sh: rewritten with proper logging,
  graceful shutdown, configurable gateway health check

ai/hermes-workspace/Dockerfile

@@ -29,10 +29,12 @@ RUN pnpm install --frozen-lockfile && pnpm build
 # ---------- Stage 2: Hermes Agent + Workspace runtime ----------
 FROM nousresearch/hermes-agent:latest
 
-# ---------- Install Node.js + tmux for Workspace + Swarm ----------
+# ---------- Install tmux for Swarm workers + curl for health checks ----------
+# Note: Node.js is already shipped with the base hermets-agent image; apt's nodejs
+# would be older. Only add what's missing.
 USER root
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    nodejs tmux ca-certificates curl \
+    tmux curl \
     && rm -rf /var/lib/apt/lists/*
 
 # ---------- Overlay our forked Hermes source ----------
@@ -115,6 +117,8 @@ USER hermes
 ENV HERMES_HOME=/opt/data
 ENV PATH="/opt/data/.local/bin:${PATH}"
 ENV CHROME_EXECUTABLE=/opt/hermes/.playwright/chromium/chrome-linux/chrome
+ENV HOST=0.0.0.0
+ENV NODE_ENV=production
 
 RUN chown -R hermes:hermes /opt/hermes/tools /opt/hermes/toolsets.py