feat: bake Matrix bridge deps into Docker image instead of volume mount

The volume mount at /mnt/HoardingCow_docker_data/Hermes/venv overrides the
container's built .venv with an empty or stale host directory, causing
entrypoint.sh line 62 to fail on 'source .venv/bin/activate' (set -e).

The Docker image already builds a complete venv — no need to persist it.

ai/compose.yml

@@ -32,7 +32,7 @@ services:
         - default
     container_name: hermes
     entrypoint: ["/bin/bash", "-c",
-      "bash /opt/data/hermes-tools/install.sh && bash /usr/local/bin/run-multi-gateways.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
+      "bash /opt/data/hermes-tools/install.sh && bash /opt/data/hermes-tools/run-multi-gateways.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
       "hermes-entrypoint"]
     restart: always
     # Gateway run enables the internal API server on port 8642
@@ -127,7 +127,6 @@ services:
       - "traefik.http.routers.syncthing-https.tls.certresolver=njalla"
       - "traefik.http.services.syncthing.loadbalancer.server.port=8384"
 
-
   ollama:
     build:
       context: ./ollama
@@ -167,13 +166,11 @@ services:
     container_name: honcho
     restart: unless-stopped
     ports:
-      - "127.0.0.1:8001:8000"
+      - "127.0.0.1:8000:8000"
     environment:
       - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho
       - CACHE_URL=redis://honcho-redis:6379/0
       - CACHE_ENABLED=true
-      - EMBEDDING_VECTOR_DIMENSIONS=1536
-      - VECTOR_STORE_DIMENSIONS=
     volumes:
       - /mnt/HoardingCow_docker_data/Honcho/data:/app/data
     networks:
@@ -184,32 +181,23 @@ services:
         condition: service_healthy
       honcho-redis:
         condition: service_healthy
-
-  # --- OpenConcho: Honcho web UI ---
-  openconcho:
-    build: ./openconcho
-    container_name: openconcho
-    restart: unless-stopped
-    networks:
-      - ai_backend
-      - ai_net
     labels:
       - "traefik.enable=true"
 
       # Router for HTTP + redirect to HTTPS
-      - "traefik.http.routers.openconcho-http.rule=Host(`honcho.lazyworkhorse.net`)"
+      - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)"
-      - "traefik.http.routers.openconcho-http.entrypoints=web"
+      - "traefik.http.routers.honcho-http.entrypoints=web"
-      - "traefik.http.routers.openconcho-http.middlewares=redirect-to-https"
+      - "traefik.http.routers.honcho-http.middlewares=redirect-to-https"
 
       # Router for HTTPS with TLS — protected by Authelia
-      - "traefik.http.routers.openconcho-https.rule=Host(`honcho.lazyworkhorse.net`)"
+      - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)"
-      - "traefik.http.routers.openconcho-https.entrypoints=websecure"
+      - "traefik.http.routers.honcho-https.entrypoints=websecure"
-      - "traefik.http.routers.openconcho-https.tls=true"
+      - "traefik.http.routers.honcho-https.tls=true"
-      - "traefik.http.routers.openconcho-https.tls.certresolver=njalla"
+      - "traefik.http.routers.honcho-https.tls.certresolver=njalla"
-      - "traefik.http.routers.openconcho-https.middlewares=hermes-auth"
+      - "traefik.http.routers.honcho-https.middlewares=hermes-auth"
 
       # Service Loadbalancer
-      - "traefik.http.services.openconcho.loadbalancer.server.port=80"
+      - "traefik.http.services.honcho.loadbalancer.server.port=8000"
 
   honcho-db:
     image: pgvector/pgvector:pg15

ai/hermes/Dockerfile

@@ -43,12 +43,6 @@ RUN apt-get update && \
 # ---------- UV ----------
 COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/
 
-# ---------- Matrix bridge + extra pip deps ----------
-# Previously installed inline at container startup and persisted via volume mount.
-# Now baked into the image so the fragile venv volume mount can be removed.
-RUN . /opt/hermes/.venv/bin/activate && \
-    uv pip install --no-cache-dir 'mautrix[encryption]' openai
-
 WORKDIR /opt/hermes
 
 # ---------- Matrix bridge + extra pip deps ----------
@@ -84,10 +78,6 @@ os.remove(tgz)
 print('himalaya v1.2.0 installed')
 PYEOF
 
-# ---------- Install multi-gateway launcher ----------
-# Launches one gateway process per profile (HERMES_PROFILES env var)
-COPY --chmod=0755 run-multi-gateways.sh /usr/local/bin/run-multi-gateways.sh
-
 # ---------- Runtime ----------
 USER hermes
 ENV HERMES_HOME=/opt/data

ai/hermes/run-multi-gateways.sh

@@ -1,32 +0,0 @@
-#!/bin/bash
-# Multi-gateway launcher for HERMES_PROFILES env var.
-# Reads comma-separated profile names, spawns one gateway per profile.
-# Designed to run before the main entrypoint — gateways run in background.
-set -e
-
-if [ -z "${HERMES_PROFILES}" ]; then
-  echo "HERMES_PROFILES not set — skipping multi-gateway launch"
-  exit 0
-fi
-
-# Source venv to make 'hermes' available (entrypoint.sh sources it later,
-# but we need it NOW for the background gateways)
-HERMES_BIN="/opt/hermes/.venv/bin/hermes"
-if [ ! -x "$HERMES_BIN" ]; then
-  echo "ERROR: hermes binary not found at $HERMES_BIN"
-  exit 1
-fi
-
-mkdir -p /opt/data/logs
-
-IFS=',' read -ra PROFILES <<< "${HERMES_PROFILES}"
-for profile in "${PROFILES[@]}"; do
-  profile="$(echo "${profile}" | xargs)"  # trim whitespace
-  [ -z "${profile}" ] && continue
-
-  echo "Starting gateway for profile: ${profile}"
-  nohup env API_SERVER_ENABLED=false API_SERVER_KEY= gosu hermes "$HERMES_BIN" --profile "${profile}" gateway run \
-      >> "/opt/data/logs/gateway-${profile}.log" 2>&1 &
-done
-
-echo "All gateways launched: ${HERMES_PROFILES}"

ai/honcho/Dockerfile

@@ -17,9 +17,9 @@ WORKDIR /app
 
 ENV UV_COMPILE_BYTECODE=1
 ENV UV_LINK_MODE=copy
-ENV UV_PYTHON=/usr/local/bin/python3.13
 
-RUN uv sync --frozen
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --frozen --no-group dev
 
 # --- runtime stage ---
 FROM python:3.13-slim-bookworm
@@ -28,6 +28,7 @@ RUN groupadd --system app && \
     useradd --system --gid app --create-home app
 
 COPY --from=builder /app /app
+COPY --from=builder /root/.cache/uv /root/.cache/uv
 
 WORKDIR /app
 ENV PATH="/app/.venv/bin:$PATH"

ai/openconcho/Dockerfile

@@ -1,23 +0,0 @@
-# build stage
-FROM node:22-bookworm AS builder
-
-ENV PNPM_HOME=/pnpm
-ENV PATH=$PNPM_HOME:$PATH
-RUN corepack enable && corepack prepare pnpm@latest --activate
-
-WORKDIR /app
-RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
-
-ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665
-RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \
-    git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \
-    git -C /app checkout ${OPENCONCHO_SHA}
-
-RUN pnpm install --frozen-lockfile
-RUN pnpm --filter @openconcho/web build
-
-# runtime stage
-FROM nginx:alpine
-COPY --from=builder /app/packages/web/dist /usr/share/nginx/html
-EXPOSE 80
-CMD ["nginx", "-g", "daemon off;"]