feat(hermes): enable dashboard (HERMES_DASHBOARD=1) + Authelia auth

The chown -R hermes:hermes was running as non-root user 'hermes'
since USER hermes was set earlier. The new upstream base image
(v0.12.0+) has tools/ owned by root, so the chown fails.
Previous base image happened to have tools/ owned by hermes,
making the chown a silent no-op.

ai/Dockerfile

@@ -1,65 +0,0 @@
-FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
-FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
-FROM debian:13.4
-
-# Disable Python stdout buffering to ensure logs are printed immediately
-ENV PYTHONUNBUFFERED=1
-
-# Store Playwright browsers outside the volume mount so the build-time
-# install survives the /opt/data volume overlay at runtime.
-ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
-
-# Install system dependencies in one layer, clear APT cache
-# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.)
-# that would otherwise accumulate when hermes runs as PID 1. See #15012.
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-        build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
-        curl poppler-utils imagemagick emacs-nox \
-        texlive-latex-base texlive-latex-extra texlive-fonts-recommended texlive-xetex texlive-science && \
-    rm -rf /var/lib/apt/lists/*
-
-# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
-RUN useradd -u 10000 -m -d /opt/data hermes
-
-COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
-COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
-
-WORKDIR /opt/hermes
-
-# ---------- Layer-cached dependency install ----------
-# Copy only package manifests first so npm install + Playwright are cached
-# unless the lockfiles themselves change.
-COPY package.json package-lock.json ./
-COPY web/package.json web/package-lock.json web/
-
-RUN npm install --prefer-offline --no-audit && \
-    npx playwright install --with-deps chromium --only-shell && \
-    (cd web && npm install --prefer-offline --no-audit) && \
-    npm cache clean --force
-
-# ---------- Source code ----------
-# .dockerignore excludes node_modules, so the installs above survive.
-COPY --chown=hermes:hermes . .
-
-# Build web dashboard (Vite outputs to hermes_cli/web_dist/)
-RUN cd web && npm run build
-
-# ---------- Permissions ----------
-# Make install dir world-readable so any HERMES_UID can read it at runtime.
-# The venv needs to be traversable too.
-USER root
-RUN chmod -R a+rX /opt/hermes
-# Start as root so the entrypoint can usermod/groupmod + gosu.
-# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
-
-# ---------- Python virtualenv ----------
-RUN uv venv && \
-    uv pip install --no-cache-dir -e ".[all]"
-
-# ---------- Runtime ----------
-ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
-ENV HERMES_HOME=/opt/data
-ENV PATH="/opt/data/.local/bin:${PATH}"
-VOLUME [ "/opt/data" ]
-ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]

ai/compose.yml

@@ -39,6 +39,7 @@ services:
     command: gateway run
     environment:
       - OLLAMA_HOST=http://ollama:11434
+      - HERMES_DASHBOARD=1
       - API_SERVER_ENABLED=true
       - API_SERVER_PORT=8642
       - API_SERVER_HOST=0.0.0.0
@@ -66,6 +67,30 @@ services:
       - "26"
     networks:
       - ai_backend
+      - ai_net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=ai_net"
+
+      # Router for HTTP + redirection to HTTPS
+      - "traefik.http.routers.hermes-web-http.rule=Host(`hermes.lazyworkhorse.net`)"
+      - "traefik.http.routers.hermes-web-http.entrypoints=web"
+      - "traefik.http.routers.hermes-web-http.middlewares=redirect-to-https"
+
+      # Router for HTTPS with TLS — protected by Authelia
+      - "traefik.http.routers.hermes-web-https.rule=Host(`hermes.lazyworkhorse.net`)"
+      - "traefik.http.routers.hermes-web-https.entrypoints=websecure"
+      - "traefik.http.routers.hermes-web-https.tls=true"
+      - "traefik.http.routers.hermes-web-https.tls.certresolver=njalla"
+      - "traefik.http.routers.hermes-web-https.middlewares=hermes-auth"
+
+      # Authelia forwardAuth
+      - "traefik.http.middlewares.hermes-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lazyworkhorse.net/"
+      - "traefik.http.middlewares.hermes-auth.forwardauth.trustforwardheader=true"
+      - "traefik.http.middlewares.hermes-auth.forwardauth.authresponseheaders=X-Forwarded-User,X-Forwarded-Groups"
+
+      # Service Loadbalancer (dashboard port 9119)
+      - "traefik.http.services.hermes-web.loadbalancer.server.port=9119"
 
   syncthing:
     image: syncthing/syncthing:latest

ai/hermes/Dockerfile

@@ -20,16 +20,10 @@ RUN --mount=type=ssh \
     GIT_SSH_COMMAND='ssh -p 2222 -o StrictHostKeyChecking=no' \
     git clone --depth 1 --branch main \
     git@code.lazyworkhorse.net:gortium/hermes-agent.git fork && \
-    rsync -a --delete fork/ /opt/hermes/ \
-      --exclude node_modules \
-      --exclude .venv \
-      --exclude .git && \
+    rm -rf fork/node_modules fork/.venv fork/.git && \
+    cp -a fork/. /opt/hermes/ && \
     rm -rf /tmp/fork /root/.ssh/
 
-# ---------- Rebuild web UI ----------
-# Source files changed; node_modules (from base image) reused.
-RUN cd /opt/hermes && npm run build
-
 # ---------- Reinstall Python package (editable) ----------
 # Picks up source changes from our fork.
 RUN . /opt/hermes/.venv/bin/activate && \
@@ -75,10 +69,6 @@ os.remove(tgz)
 print('himalaya v1.2.0 installed')
 PYEOF
 
-# ---------- Install himalaya-ro wrapper ----------
-COPY --chmod=0755 himalaya-ro.sh /usr/local/bin/himalaya-ro
-
-
 # ---------- Runtime ----------
 USER hermes
 ENV HERMES_HOME=/opt/data
@@ -88,6 +78,7 @@ ENV CHROME_EXECUTABLE=/opt/hermes/.playwright/chromium/chrome-linux/chrome
 
 # Ensure tools directory and toolsets.py are writable by the hermes runtime user
 # so custom tools can be injected from the persistent volume at startup.
+USER root
 RUN chown -R hermes:hermes /opt/hermes/tools /opt/hermes/toolsets.py
 
 VOLUME [ "/opt/data" ]

ai/hermes/himalaya-ro.sh

@@ -1,73 +0,0 @@
-#!/usr/bin/env bash
-# ─────────────────────────────────────────────────────────────
-# himalaya-ro — Read-only wrapper for himalaya
-#
-# Blocks destructive commands and logs audit trail.
-# Pass-through for read-only commands (list, read, search).
-#
-# Usage:  himalaya-ro [options] <command> [args...]
-#
-# Install: place in PATH before the real himalaya, or use
-#          `ln -sf himalaya-ro /usr/local/bin/himalaya`
-# ─────────────────────────────────────────────────────────────
-set -o pipefail
-
-# ── Configuration ───────────────────────────────────────────
-HIMALAYA_BIN="${HIMALAYA_BIN:-/usr/local/bin/himalaya}"
-AUDIT_LOG="${HIMALAYA_AUDIT_LOG:-/var/log/himalaya-audit.log}"
-
-# ── Destructive commands we block ──────────────────────────
-BLOCKED_CMDS=(
-  "message move"
-  "message delete"
-  "message copy"
-  "flag add"
-  "flag remove"
-  "folder create"
-  "folder delete"
-  "folder rename"
-  "template send"
-  "account configure"
-  "account delete"
-)
-
-# ── Determine the subcommand being invoked ─────────────────
-# Strip leading options (--account, --output, etc.) to find the verb
-ARGS=()
-SKIP_NEXT=false
-for arg in "$@"; do
-  if $SKIP_NEXT; then
-    SKIP_NEXT=false
-    continue
-  fi
-  if [[ "$arg" == --* ]]; then
-    case "$arg" in
-      --account|--output|--page|--page-size|--folder|--color|--format)
-        SKIP_NEXT=true ;;
-    esac
-    continue
-  fi
-  ARGS+=("$arg")
-done
-
-# Build subcommand string and check against blocklist
-CMD_STR=""
-for ((i=0; i<${#ARGS[@]}; i++)); do
-  if [ -z "$CMD_STR" ]; then
-    CMD_STR="${ARGS[$i]}"
-  else
-    CMD_STR="$CMD_STR ${ARGS[$i]}"
-  fi
-  for blocked in "${BLOCKED_CMDS[@]}"; do
-    if [[ "$CMD_STR" == "$blocked" ]]; then
-      TS=$(date '+%Y-%m-%d %H:%M:%S')
-      echo "[AUDIT] $TS BLOCKED: himalaya $*" >> "$AUDIT_LOG"
-      echo "ERROR: Command 'himalaya $CMD_STR ...' is blocked by read-only policy." >&2
-      echo "       Audit log: $AUDIT_LOG" >&2
-      exit 100
-    fi
-  done
-done
-
-# ── Allow pass-through ─────────────────────────────────────
-exec "$HIMALAYA_BIN" "$@"