From e607982b21cbd6cdb1a54b37abe3b56d79dfabcc Mon Sep 17 00:00:00 2001
From: Hermes <hermes@lazyworkhorse.net>
Date: Tue, 12 May 2026 14:47:34 -0400
Subject: [PATCH] refactor: chown tools dir at build time instead of root at
 runtime

---
 ai/compose.yml       | 1 -
 ai/hermes/Dockerfile | 4 ++++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ai/compose.yml b/ai/compose.yml
index 163196a..aca3347 100644
--- a/ai/compose.yml
+++ b/ai/compose.yml
@@ -31,7 +31,6 @@ services:
       ssh:
         - default
     container_name: hermes
-    user: root
     entrypoint: ["/bin/bash", "-c",
       "bash /opt/data/hermes-tools/install.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
       "hermes-entrypoint"]
diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile
index 263a24b..1debe81 100644
--- a/ai/hermes/Dockerfile
+++ b/ai/hermes/Dockerfile
@@ -68,4 +68,8 @@ ENV PATH="/opt/data/.local/bin:${PATH}"
 # Point browser tool to Playwright's Chromium (already in base image)
 ENV CHROME_EXECUTABLE=/opt/hermes/.playwright/chromium/chrome-linux/chrome
 
+# Ensure tools directory and toolsets.py are writable by the hermes runtime user
+# so custom tools can be injected from the persistent volume at startup.
+RUN chown -R hermes:hermes /opt/hermes/tools /opt/hermes/toolsets.py
+
 VOLUME [ "/opt/data" ]
\ No newline at end of file