feat: add base image Dockerfile with curl, poppler-utils, imagemagick

PR 1 of 5 — minimal base image on debian:13.4 with:
- uv (from astral-sh/uv:latest)
- curl
- poppler-utils (pdftotext, pdfinfo, pdftoppm)
- imagemagick (convert, identify)

Verified all tools report version on build.

ai/Dockerfile

@@ -0,0 +1,23 @@
+FROM debian:13.4
+
+# Install uv (Python package manager), curl, poppler-utils, and imagemagick
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        curl \
+        poppler-utils \
+        imagemagick && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install uv if not already present (debian:13.4 doesn't ship it)
+COPY --from=ghcr.io/astral-sh/uv:latest /usr/local/bin/uv /usr/local/bin/uv
+RUN uv --version
+
+# Verify all expected tools are available
+RUN curl --version && \
+    pdftotext -v 2>&1 | head -1 && \
+    pdfinfo -v 2>&1 | head -1 && \
+    pdftoppm -v 2>&1 | head -1 && \
+    convert --version | head -1 && \
+    identify --version | head -1
+
+CMD ["/bin/bash"]

ai/compose.yml

@@ -52,10 +52,6 @@ services:
       - ROCR_VISIBLE_DEVICES=0,1
       - HSA_ENABLE_SDMA=0
       - TZ=America/Montreal
-      # Hermes Workspace dashboard (port 9119) — enables multi-agent web UI
-      - HERMES_DASHBOARD=1
-      - HERMES_DASHBOARD_HOST=0.0.0.0
-      - HERMES_DASHBOARD_PORT=9119
     volumes:
       - /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
       # Syncthing-shared org files — read-only view of user's agenda
@@ -70,12 +66,6 @@ services:
       - "26"
     networks:
       - ai_backend
-    healthcheck:
-      test: ["CMD-SHELL", "curl -fsS http://localhost:8642/health && curl -fsS http://localhost:9119/api/status || exit 1"]
-      interval: 15s
-      timeout: 5s
-      retries: 5
-      start_period: 60s
 
   syncthing:
     image: syncthing/syncthing:latest
@@ -139,45 +129,21 @@ services:
       - "303"
       - "26"
 
-  # ── Hermes Workspace ──────────────────────────────────────────
+  paperclip-db:
-  # Web UI for Hermes Agent — chat, memory, skills, terminal,
+    image: postgres:17
-  # multi-agent swarm orchestration. Connects to the existing
+    container_name: paperclip-db
-  # hermes gateway (port 8642) and dashboard (port 9119).
+    restart: always
-  hermes-workspace:
-    image: ghcr.io/outsourc-e/hermes-workspace:latest
-    container_name: hermes-workspace
-    restart: unless-stopped
-    depends_on:
-      hermes:
-        condition: service_healthy
     environment:
-      HERMES_API_URL: http://hermes:8642
+      - POSTGRES_PASSWORD=${PAPERCLIP_DB_PASSWORD}
-      HERMES_DASHBOARD_URL: http://hermes:9119
+    healthcheck:
-      HERMES_API_TOKEN: ${API_SERVER_KEY}
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      HERMES_PASSWORD: ${HERMES_WORKSPACE_PASSWORD:?must be set}
+      interval: 5s
-      COOKIE_SECURE: "1"
+      timeout: 5s
+      retries: 10
     volumes:
-      # Share the same Hermes data — workspace reads config, sessions,
+      - /mnt/HoardingCow_docker_data/Paperclip/db:/var/lib/postgresql/data
-      # skills, memory from the agent's persistent volume
-      - /mnt/HoardingCow_docker_data/Hermes/data:/home/workspace/.hermes
     networks:
       - ai_backend
-      - ai_net
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=ai_net"
-
-      - "traefik.http.routers.workspace-http.rule=Host(`workspace.lazyworkhorse.net`)"
-      - "traefik.http.routers.workspace-http.entrypoints=web"
-      - "traefik.http.routers.workspace-http.middlewares=redirect-to-https"
-
-      - "traefik.http.routers.workspace-https.rule=Host(`workspace.lazyworkhorse.net`)"
-      - "traefik.http.routers.workspace-https.entrypoints=websecure"
-      - "traefik.http.routers.workspace-https.tls=true"
-      - "traefik.http.routers.workspace-https.tls.certresolver=njalla"
-
-      - "traefik.http.services.workspace.loadbalancer.server.port=3000"
-# ─────────────────────────────────────────────────────────────
 
 networks:
   ai_net: