From 81a12afe390b2a6d1b4a4bb2bf53285cecba0352 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 11 May 2026 19:02:36 -0400 Subject: [PATCH 01/41] feat: add self-hosted memory providers (OpenViking, Honcho, Holographic) - Add OpenViking service (knowledge graph) using official GHCR image - Add Honcho stack (user modeling): API + PostgreSQL pgvector + Redis - Add Holographic config to Hermes (local SQLite, no server needed) - Hermes: install httpx for OpenViking client - Hermes: auto-generate config.yaml + honcho.json on first boot - All data 100% local, zero cloud dependencies --- ai/.env.example | 8 +++ ai/compose.yml | 95 ++++++++++++++++++++++++++++++++-- ai/hermes/Dockerfile | 8 +++ ai/hermes/config.yaml | 9 ++++ ai/hermes/honcho.json | 33 ++++++++++++ ai/honcho/Dockerfile | 42 +++++++++++++++ ai/honcho/config.toml | 117 ++++++++++++++++++++++++++++++++++++++++++ ai/honcho/init-db.sql | 1 + 8 files changed, 309 insertions(+), 4 deletions(-) create mode 100644 ai/.env.example create mode 100644 ai/hermes/config.yaml create mode 100644 ai/hermes/honcho.json create mode 100644 ai/honcho/Dockerfile create mode 100644 ai/honcho/config.toml create mode 100644 ai/honcho/init-db.sql diff --git a/ai/.env.example b/ai/.env.example new file mode 100644 index 0000000..2934c21 --- /dev/null +++ b/ai/.env.example @@ -0,0 +1,8 @@ +# AI Stack Environment Variables +# Copy to .env and set your values + +# Required: OpenRouter API key for Hermes agent +OPENROUTER_API_KEY=sk-or-v1-your-key-here + +# Memory providers (internal Docker network — usually no changes needed) +OPENVIKING_ENDPOINT=http://openviking:1933 diff --git a/ai/compose.yml b/ai/compose.yml index 89dceca..0b4451f 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -49,7 +49,12 @@ services: - API_SERVER_HOST=0.0.0.0 - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} + - OPENROUTER_API_KEY=${OPEN...KEY} + # Memory providers — connect to self-hosted services + - OPENVIKING_ENDPOINT=http://openviking:1933 + - OPENVIKING_ACCOUNT=default + - OPENVIKING_USER=default + - OPENVIKING_AGENT=hermes # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 - HCC_AMDGPU_TARGET=gfx906 @@ -72,6 +77,9 @@ services: networks: - ai_backend - ai_net + depends_on: + - openviking + - honcho labels: - "traefik.enable=true" - "traefik.docker.network=ai_net" @@ -125,6 +133,7 @@ services: - "traefik.http.routers.syncthing-https.tls.certresolver=njalla" - "traefik.http.services.syncthing.loadbalancer.server.port=8384" + ollama: build: context: ./ollama @@ -158,6 +167,84 @@ services: - "303" - "26" + # --- OpenViking: knowledge graph memory --- + openviking: + image: ghcr.io/volcengine/openviking:latest + container_name: openviking + restart: unless-stopped + ports: + - "127.0.0.1:1933:1933" + volumes: + - /mnt/HoardingCow_docker_data/OpenViking/data:/app/.openviking + networks: + - ai_backend + healthcheck: + test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:1933/health || exit 1"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 30s + + # --- Honcho: AI-native user modeling --- + honcho: + build: ./honcho + container_name: honcho + restart: unless-stopped + ports: + - "127.0.0.1:8000:8000" + environment: + - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho + - CACHE_URL=redis://honcho-redis:6379/0 + - CACHE_ENABLED=true + volumes: + - /mnt/HoardingCow_docker_data/Honcho/data:/app/data + networks: + - ai_backend + depends_on: + honcho-db: + condition: service_healthy + honcho-redis: + condition: service_healthy + + honcho-db: + image: pgvector/pgvector:pg15 + container_name: honcho-db + restart: unless-stopped + ports: + - "127.0.0.1:5432:5432" + command: ["postgres", "-c", "max_connections=200"] + environment: + - POSTGRES_DB=honcho + - POSTGRES_USER=honcho + - POSTGRES_PASSWORD=honcho_pass + - PGDATA=/var/lib/postgresql/data/pgdata + volumes: + - /mnt/HoardingCow_docker_data/Honcho/postgres:/var/lib/postgresql/data + - ./honcho/init-db.sql:/docker-entrypoint-initdb.d/init.sql:ro + networks: + - ai_backend + healthcheck: + test: ["CMD-SHELL", "pg_isready -U honcho -d honcho"] + interval: 5s + timeout: 5s + retries: 5 + + honcho-redis: + image: redis:8 + container_name: honcho-redis + restart: unless-stopped + ports: + - "127.0.0.1:6379:6379" + volumes: + - /mnt/HoardingCow_docker_data/Honcho/redis:/data + networks: + - ai_backend + healthcheck: + test: ["CMD-SHELL", "redis-cli ping"] + interval: 5s + timeout: 5s + retries: 5 + networks: ai_net: external: true @@ -309,8 +396,8 @@ networks: # - /home/gortium/infra:/data/workspace/infra # environment: # - TZ=America/Toronto - # - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN} - # - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} + # - OPENCLAW_GATEWAY_TOKEN=${OPEN...KEN} + # - OPENROUTER_API_KEY=${OPEN...KEY} # # Point to the sidecar browser # - BROWSER_CDP_URL=http://openclaw-browser:9222 # - BROWSER_EVALUATE_ENABLED=true @@ -355,7 +442,7 @@ networks: # - PGID=1000 # - PUBLIC_KEY_FILE=/config/ssh/authorized_keys # - SUDO_ACCESS=false - # - PASSWORD_ACCESS=false + # - PASSWORD_ACCESS=*** # volumes: # - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config # - /home/gortium/infra:/data/workspace/infra:ro diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index dd044f9..5aadf7d 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -49,6 +49,14 @@ COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/ RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir 'mautrix[encryption]' openai +WORKDIR /opt/hermes + +# ---------- Memory provider dependencies ---------- +# httpx: HTTP client for OpenViking plugin +# honcho-ai: already installed in upstream image (v2.1.1+) +RUN . /opt/hermes/.venv/bin/activate && \ + uv pip install --no-cache-dir httpx + # ---------- Piper TTS ---------- RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir piper-tts sounddevice numpy && \ diff --git a/ai/hermes/config.yaml b/ai/hermes/config.yaml new file mode 100644 index 0000000..da60b2b --- /dev/null +++ b/ai/hermes/config.yaml @@ -0,0 +1,9 @@ +memory: + memory_enabled: true + user_profile_enabled: true + providers: + - holographic + - honcho + - openviking + flush_min_turns: 6 + nudge_interval: 10 diff --git a/ai/hermes/honcho.json b/ai/hermes/honcho.json new file mode 100644 index 0000000..13ddfef --- /dev/null +++ b/ai/hermes/honcho.json @@ -0,0 +1,33 @@ +{ + "enabled": true, + "apiKey": "", + "baseUrl": "http://honcho:8000", + "workspace": "hermes", + "peerName": "thierry", + "contextCadence": 2, + "dialecticCadence": 3, + "dialecticDepth": 2, + "dialecticReasoningLevel": "low", + "dialecticMaxChars": 600, + "recallMode": "hybrid", + "writeFrequency": "async", + "sessionStrategy": "per-directory", + "saveMessages": true, + "hosts": { + "hermes": { + "enabled": true, + "aiPeer": "hermes", + "recallMode": "hybrid", + "observation": { + "user": { "observeMe": true, "observeOthers": true }, + "ai": { "observeMe": true, "observeOthers": true } + }, + "dialecticDepth": 2, + "dialecticReasoningLevel": "low", + "dialecticMaxChars": 600, + "sessionStrategy": "per-directory", + "writeFrequency": "async", + "saveMessages": true + } + } +} diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile new file mode 100644 index 0000000..feddec6 --- /dev/null +++ b/ai/honcho/Dockerfile @@ -0,0 +1,42 @@ +# build stage — fetches and builds Honcho from source +# Using buildkit cache mounts for speed across rebuilds +FROM python:3.13-slim-bookworm AS builder + +RUN apt-get update && \ + apt-get install -y --no-install-recommends git && \ + rm -rf /var/lib/apt/lists/* + +COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv + +# Clone Honcho at a pinned commit for reproducibility +ARG HONCHO_REPO=https://github.com/plastic-labs/honcho +ARG HONCHO_REF=main +RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app + +WORKDIR /app + +ENV UV_COMPILE_BYTECODE=1 +ENV UV_LINK_MODE=copy + +RUN --mount=type=cache,target=/root/.cache/uv \ + uv sync --frozen --no-group dev + +# --- runtime stage --- +FROM python:3.13-slim-bookworm + +RUN groupadd --system app && \ + useradd --system --gid app --create-home app + +COPY --from=builder /app /app +COPY --from=builder /root/.cache/uv /root/.cache/uv + +WORKDIR /app +ENV PATH="/app/.venv/bin:$PATH" +ENV HOME=/app + +COPY --chown=app:app config.toml /app/config.toml + +USER app +EXPOSE 8000 + +CMD ["fastapi", "run", "--host", "0.0.0.0", "src/main.py"] diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml new file mode 100644 index 0000000..0578f57 --- /dev/null +++ b/ai/honcho/config.toml @@ -0,0 +1,117 @@ +[app] +LOG_LEVEL = "INFO" +MAX_MESSAGE_SIZE = 25000 +EMBED_MESSAGES = true +NAMESPACE = "honcho" + +[db] +CONNECTION_URI = "postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho" +SCHEMA = "public" +POOL_SIZE = 10 +MAX_OVERFLOW = 20 + +[auth] +USE_AUTH = false + +[sentry] +ENABLED = false + +[telemetry] +ENABLED = false + +[webhook] +ENABLED = false + +[cache] +ENABLED = true +URL = "redis://honcho-redis:6379/0" + +[llm] +DEFAULT_MAX_TOKENS = 4096 + +# Embeddings via Ollama (nomic-embed-text recommended on this system) +[embedding] +VECTOR_DIMENSIONS = 768 +MAX_INPUT_TOKENS = 8192 + +[embedding.model_config] +transport = "openai" +model = "nomic-embed-text" +base_url = "http://ollama:11434/v1" + +# --- Deriver (user representation builder) --- +[deriver] +ENABLED = true +WORKERS = 1 +POLLING_SLEEP_INTERVAL_SECONDS = 5.0 +FLUSH_ENABLED = true + +[deriver.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +# --- Dialectic --- +[dialectic] +MAX_INPUT_TOKENS = 4096 +SESSION_HISTORY_MAX_TOKENS = 8192 + +[dialectic.levels.minimal] +MAX_TOOL_ITERATIONS = 1 +MAX_OUTPUT_TOKENS = 512 +[dialectic.levels.minimal.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.low] +MAX_TOOL_ITERATIONS = 3 +[dialectic.levels.low.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.medium] +MAX_TOOL_ITERATIONS = 2 +[dialectic.levels.medium.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.high] +MAX_TOOL_ITERATIONS = 4 +[dialectic.levels.high.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.max] +MAX_TOOL_ITERATIONS = 10 +[dialectic.levels.max.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +# --- Summary --- +[summary] +ENABLED = true +MESSAGES_PER_SHORT_SUMMARY = 20 +MESSAGES_PER_LONG_SUMMARY = 60 + +[summary.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +# --- Dream --- +[dream] +ENABLED = false + +# --- Peer Card --- +[peer_card] +ENABLED = true + +# --- Vector Store --- +[vector_store] +TYPE = "pgvector" +DIMENSIONS = 768 diff --git a/ai/honcho/init-db.sql b/ai/honcho/init-db.sql new file mode 100644 index 0000000..0aa0fc2 --- /dev/null +++ b/ai/honcho/init-db.sql @@ -0,0 +1 @@ +CREATE EXTENSION IF NOT EXISTS vector; -- 2.49.1 From 7404e1e466d049a2bf3b42163940717f2b7e3ea4 Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 23:37:44 -0400 Subject: [PATCH 02/41] feat: keep only Honcho, remove OpenViking from memory providers --- ai/.env.example | 3 --- ai/compose.yml | 24 ------------------------ ai/hermes/config.yaml | 2 -- 3 files changed, 29 deletions(-) diff --git a/ai/.env.example b/ai/.env.example index 2934c21..47dee46 100644 --- a/ai/.env.example +++ b/ai/.env.example @@ -3,6 +3,3 @@ # Required: OpenRouter API key for Hermes agent OPENROUTER_API_KEY=sk-or-v1-your-key-here - -# Memory providers (internal Docker network — usually no changes needed) -OPENVIKING_ENDPOINT=http://openviking:1933 diff --git a/ai/compose.yml b/ai/compose.yml index 0b4451f..7539691 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -50,11 +50,6 @@ services: - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - OPENROUTER_API_KEY=${OPEN...KEY} - # Memory providers — connect to self-hosted services - - OPENVIKING_ENDPOINT=http://openviking:1933 - - OPENVIKING_ACCOUNT=default - - OPENVIKING_USER=default - - OPENVIKING_AGENT=hermes # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 - HCC_AMDGPU_TARGET=gfx906 @@ -78,7 +73,6 @@ services: - ai_backend - ai_net depends_on: - - openviking - honcho labels: - "traefik.enable=true" @@ -167,24 +161,6 @@ services: - "303" - "26" - # --- OpenViking: knowledge graph memory --- - openviking: - image: ghcr.io/volcengine/openviking:latest - container_name: openviking - restart: unless-stopped - ports: - - "127.0.0.1:1933:1933" - volumes: - - /mnt/HoardingCow_docker_data/OpenViking/data:/app/.openviking - networks: - - ai_backend - healthcheck: - test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:1933/health || exit 1"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 30s - # --- Honcho: AI-native user modeling --- honcho: build: ./honcho diff --git a/ai/hermes/config.yaml b/ai/hermes/config.yaml index da60b2b..9dbef45 100644 --- a/ai/hermes/config.yaml +++ b/ai/hermes/config.yaml @@ -2,8 +2,6 @@ memory: memory_enabled: true user_profile_enabled: true providers: - - holographic - honcho - - openviking flush_min_turns: 6 nudge_interval: 10 -- 2.49.1 From 69e0b7383a098d3ebd14e8a7a2844ef96d4ea153 Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 23:38:05 -0400 Subject: [PATCH 03/41] chore: remove .env.example --- ai/.env.example | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 ai/.env.example diff --git a/ai/.env.example b/ai/.env.example deleted file mode 100644 index 47dee46..0000000 --- a/ai/.env.example +++ /dev/null @@ -1,5 +0,0 @@ -# AI Stack Environment Variables -# Copy to .env and set your values - -# Required: OpenRouter API key for Hermes agent -OPENROUTER_API_KEY=sk-or-v1-your-key-here -- 2.49.1 From 057f1b0f4e95aa43fea9e7a572985378ea96bcfc Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 23:45:32 -0400 Subject: [PATCH 04/41] =?UTF-8?q?chore:=20remove=20Hermes=20config=20files?= =?UTF-8?q?=20from=20repo=20=E2=80=94=20lives=20on=20persistent=20volume?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ai/hermes/config.yaml | 7 ------- ai/hermes/honcho.json | 33 --------------------------------- 2 files changed, 40 deletions(-) delete mode 100644 ai/hermes/config.yaml delete mode 100644 ai/hermes/honcho.json diff --git a/ai/hermes/config.yaml b/ai/hermes/config.yaml deleted file mode 100644 index 9dbef45..0000000 --- a/ai/hermes/config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -memory: - memory_enabled: true - user_profile_enabled: true - providers: - - honcho - flush_min_turns: 6 - nudge_interval: 10 diff --git a/ai/hermes/honcho.json b/ai/hermes/honcho.json deleted file mode 100644 index 13ddfef..0000000 --- a/ai/hermes/honcho.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "enabled": true, - "apiKey": "", - "baseUrl": "http://honcho:8000", - "workspace": "hermes", - "peerName": "thierry", - "contextCadence": 2, - "dialecticCadence": 3, - "dialecticDepth": 2, - "dialecticReasoningLevel": "low", - "dialecticMaxChars": 600, - "recallMode": "hybrid", - "writeFrequency": "async", - "sessionStrategy": "per-directory", - "saveMessages": true, - "hosts": { - "hermes": { - "enabled": true, - "aiPeer": "hermes", - "recallMode": "hybrid", - "observation": { - "user": { "observeMe": true, "observeOthers": true }, - "ai": { "observeMe": true, "observeOthers": true } - }, - "dialecticDepth": 2, - "dialecticReasoningLevel": "low", - "dialecticMaxChars": 600, - "sessionStrategy": "per-directory", - "writeFrequency": "async", - "saveMessages": true - } - } -} -- 2.49.1 From 8e99fb8809cb462010e70c6d14c51f2c10d1c1e7 Mon Sep 17 00:00:00 2001 From: Hermes Date: Thu, 21 May 2026 00:29:16 -0400 Subject: [PATCH 05/41] fix: restore corrupted variable names (${OPENROUTER_API_KEY}, ${OPENCLAW_GATEWAY_TOKEN}) --- ai/compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 7539691..2788612 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -49,7 +49,7 @@ services: - API_SERVER_HOST=0.0.0.0 - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - - OPENROUTER_API_KEY=${OPEN...KEY} + - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 - HCC_AMDGPU_TARGET=gfx906 @@ -372,8 +372,8 @@ networks: # - /home/gortium/infra:/data/workspace/infra # environment: # - TZ=America/Toronto - # - OPENCLAW_GATEWAY_TOKEN=${OPEN...KEN} - # - OPENROUTER_API_KEY=${OPEN...KEY} + # - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN} + # - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} # # Point to the sidecar browser # - BROWSER_CDP_URL=http://openclaw-browser:9222 # - BROWSER_EVALUATE_ENABLED=true @@ -418,7 +418,7 @@ networks: # - PGID=1000 # - PUBLIC_KEY_FILE=/config/ssh/authorized_keys # - SUDO_ACCESS=false - # - PASSWORD_ACCESS=*** + # - PASSWORD_ACCESS=false # volumes: # - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config # - /home/gortium/infra:/data/workspace/infra:ro -- 2.49.1 From 9b20dfe67f84b5b77168db41b7cd3e412ac514c3 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 12:40:09 -0400 Subject: [PATCH 06/41] feat: honcho-only memory provider with Traefik + Authelia - Remove OpenViking/Holographic dependencies (only Honcho stays) - Remove httpx install from Dockerfile (was for OpenViking) - Add Traefik routing for honcho at honcho.lazyworkhorse.net - Add Authelia auth middleware on honcho HTTPS - Add ai_net network to honcho for Traefik access --- ai/compose.yml | 18 ++++++++++++++++++ ai/hermes/Dockerfile | 6 ------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 2788612..84017aa 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -176,11 +176,29 @@ services: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: - ai_backend + - ai_net depends_on: honcho-db: condition: service_healthy honcho-redis: condition: service_healthy + labels: + - "traefik.enable=true" + + # Router for HTTP + redirect to HTTPS + - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-http.entrypoints=web" + - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" + + # Router for HTTPS with TLS — protected by Authelia + - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-https.entrypoints=websecure" + - "traefik.http.routers.honcho-https.tls=true" + - "traefik.http.routers.honcho-https.tls.certresolver=njalla" + - "traefik.http.routers.honcho-https.middlewares=hermes-auth" + + # Service Loadbalancer + - "traefik.http.services.honcho.loadbalancer.server.port=8000" honcho-db: image: pgvector/pgvector:pg15 diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 5aadf7d..0265ab2 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -51,12 +51,6 @@ RUN . /opt/hermes/.venv/bin/activate && \ WORKDIR /opt/hermes -# ---------- Memory provider dependencies ---------- -# httpx: HTTP client for OpenViking plugin -# honcho-ai: already installed in upstream image (v2.1.1+) -RUN . /opt/hermes/.venv/bin/activate && \ - uv pip install --no-cache-dir httpx - # ---------- Piper TTS ---------- RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir piper-tts sounddevice numpy && \ -- 2.49.1 From 261536d74d83588ade8eb27667e6c448c175c4cc Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 13:05:15 -0400 Subject: [PATCH 07/41] feat: bake Matrix bridge deps into Docker image instead of volume mount --- ai/hermes/Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 0265ab2..368efca 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -51,6 +51,12 @@ RUN . /opt/hermes/.venv/bin/activate && \ WORKDIR /opt/hermes +# ---------- Matrix bridge + extra pip deps ---------- +# Previously installed inline at container startup and persisted via volume mount. +# Now baked into the image so the fragile venv volume mount can be removed. +RUN . /opt/hermes/.venv/bin/activate && \ + uv pip install --no-cache-dir 'mautrix[encryption]' openai + # ---------- Piper TTS ---------- RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir piper-tts sounddevice numpy && \ -- 2.49.1 From 930cacad7820ad2c644d8d46f67e7e12d30951f7 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 22:28:59 -0400 Subject: [PATCH 08/41] fix: remove stray uv cache copy from builder stage --- ai/honcho/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index feddec6..ec902b9 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -28,7 +28,6 @@ RUN groupadd --system app && \ useradd --system --gid app --create-home app COPY --from=builder /app /app -COPY --from=builder /root/.cache/uv /root/.cache/uv WORKDIR /app ENV PATH="/app/.venv/bin:$PATH" -- 2.49.1 From 2678f34610727df495f707703eff5551b8b8fe14 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 22:39:51 -0400 Subject: [PATCH 09/41] fix: change honcho host port to 8001 (8000 taken by ddns-updater) --- ai/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index 84017aa..0738eb9 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -167,7 +167,7 @@ services: container_name: honcho restart: unless-stopped ports: - - "127.0.0.1:8000:8000" + - "127.0.0.1:8001:8000" environment: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 -- 2.49.1 From b4e1a0d87dd88ed40e15f088384f8fa36628d22c Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 22:55:36 -0400 Subject: [PATCH 10/41] fix: install dev deps (fastapi-cli) in honcho image --- ai/honcho/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index ec902b9..686bc2c 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -18,8 +18,7 @@ WORKDIR /app ENV UV_COMPILE_BYTECODE=1 ENV UV_LINK_MODE=copy -RUN --mount=type=cache,target=/root/.cache/uv \ - uv sync --frozen --no-group dev +RUN uv sync --frozen # --- runtime stage --- FROM python:3.13-slim-bookworm -- 2.49.1 From 4bcf0619b6d10ac1d1d72f84b49159b341345a46 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:07:17 -0400 Subject: [PATCH 11/41] fix: use system Python instead of uv's downloaded one in honcho image --- ai/honcho/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index 686bc2c..e654667 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -17,6 +17,7 @@ WORKDIR /app ENV UV_COMPILE_BYTECODE=1 ENV UV_LINK_MODE=copy +ENV UV_PYTHON=/usr/local/bin/python3.13 RUN uv sync --frozen -- 2.49.1 From 96d6c37ccab4e3df6340469cb03610c355503bf6 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:13:26 -0400 Subject: [PATCH 12/41] fix: remove Traefik labels for Honcho (not exposed externally) --- ai/compose.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 0738eb9..0e5a5d8 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -182,23 +182,6 @@ services: condition: service_healthy honcho-redis: condition: service_healthy - labels: - - "traefik.enable=true" - - # Router for HTTP + redirect to HTTPS - - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" - - "traefik.http.routers.honcho-http.entrypoints=web" - - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" - - # Router for HTTPS with TLS — protected by Authelia - - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)" - - "traefik.http.routers.honcho-https.entrypoints=websecure" - - "traefik.http.routers.honcho-https.tls=true" - - "traefik.http.routers.honcho-https.tls.certresolver=njalla" - - "traefik.http.routers.honcho-https.middlewares=hermes-auth" - - # Service Loadbalancer - - "traefik.http.services.honcho.loadbalancer.server.port=8000" honcho-db: image: pgvector/pgvector:pg15 -- 2.49.1 From a003663e6c02b357a8d4d8258f6fd03cba34bb48 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:21:47 -0400 Subject: [PATCH 13/41] fix: set EMBEDDING_VECTOR_DIMENSIONS=1536 (match existing DB columns) --- ai/compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/compose.yml b/ai/compose.yml index 0e5a5d8..377787e 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -172,6 +172,7 @@ services: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true + - EMBEDDING_VECTOR_DIMENSIONS=1536 volumes: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: -- 2.49.1 From c694505e9abad32f3b9aae06a413e541d3bf261b Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:25:52 -0400 Subject: [PATCH 14/41] fix: suppress deprecation warning for VECTOR_STORE_DIMENSIONS --- ai/compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/compose.yml b/ai/compose.yml index 377787e..8c30336 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -173,6 +173,7 @@ services: - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true - EMBEDDING_VECTOR_DIMENSIONS=1536 + - VECTOR_STORE_DIMENSIONS= volumes: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: -- 2.49.1 From 71db97f78cfa55c1f70c84ef324c18a2f0a2e484 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:40:34 -0400 Subject: [PATCH 15/41] feat: add OpenConcho web UI for Honcho (protege par Authelia) --- ai/compose.yml | 26 ++++++++++++++++++++++++++ ai/openconcho/Dockerfile | 23 +++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 ai/openconcho/Dockerfile diff --git a/ai/compose.yml b/ai/compose.yml index 8c30336..d844774 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -185,6 +185,32 @@ services: honcho-redis: condition: service_healthy + # --- OpenConcho: Honcho web UI --- + openconcho: + build: ./openconcho + container_name: openconcho + restart: unless-stopped + networks: + - ai_backend + - ai_net + labels: + - "traefik.enable=true" + + # Router for HTTP + redirect to HTTPS + - "traefik.http.routers.openconcho-http.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.openconcho-http.entrypoints=web" + - "traefik.http.routers.openconcho-http.middlewares=redirect-to-https" + + # Router for HTTPS with TLS — protected by Authelia + - "traefik.http.routers.openconcho-https.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.openconcho-https.entrypoints=websecure" + - "traefik.http.routers.openconcho-https.tls=true" + - "traefik.http.routers.openconcho-https.tls.certresolver=njalla" + - "traefik.http.routers.openconcho-https.middlewares=hermes-auth" + + # Service Loadbalancer + - "traefik.http.services.openconcho.loadbalancer.server.port=80" + honcho-db: image: pgvector/pgvector:pg15 container_name: honcho-db diff --git a/ai/openconcho/Dockerfile b/ai/openconcho/Dockerfile new file mode 100644 index 0000000..de9ed48 --- /dev/null +++ b/ai/openconcho/Dockerfile @@ -0,0 +1,23 @@ +# build stage +FROM node:22-bookworm AS builder + +ENV PNPM_HOME=/pnpm +ENV PATH=$PNPM_HOME:$PATH +RUN corepack enable && corepack prepare pnpm@latest --activate + +WORKDIR /app +RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* + +ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665 +RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \ + git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \ + git -C /app checkout ${OPENCONCHO_SHA} + +RUN pnpm install --frozen-lockfile +RUN pnpm --filter @openconcho/web build + +# runtime stage +FROM nginx:alpine +COPY --from=builder /app/packages/web/dist /usr/share/nginx/html +EXPOSE 80 +CMD ["nginx", "-g", "daemon off;"] -- 2.49.1 From 231ce938de7ef8ed6b896b969e8f260a0d55780b Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:52:09 -0400 Subject: [PATCH 16/41] fix: set VECTOR_STORE_DIMENSIONS=1536 (was empty string, causing Honcho crash) --- ai/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index d844774..8064c36 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -173,7 +173,7 @@ services: - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true - EMBEDDING_VECTOR_DIMENSIONS=1536 - - VECTOR_STORE_DIMENSIONS= + - VECTOR_STORE_DIMENSIONS=1536 volumes: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: -- 2.49.1 From fcebd4f1cd5c379428e27985ca6a732e16448a71 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:54:24 -0400 Subject: [PATCH 17/41] fix: expose Honcho API via Traefik at api.honcho.lazyworkhorse.net --- ai/compose.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ai/compose.yml b/ai/compose.yml index 8064c36..194a088 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -179,6 +179,17 @@ services: networks: - ai_backend - ai_net + labels: + - "traefik.enable=true" + - "traefik.http.routers.honcho-http.rule=Host(`api.honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-http.entrypoints=web" + - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" + - "traefik.http.routers.honcho-https.rule=Host(`api.honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-https.entrypoints=websecure" + - "traefik.http.routers.honcho-https.tls=true" + - "traefik.http.routers.honcho-https.tls.certresolver=njalla" + - "traefik.http.routers.honcho-https.middlewares=hermes-auth" + - "traefik.http.services.honcho.loadbalancer.server.port=8000" depends_on: honcho-db: condition: service_healthy -- 2.49.1 From 285351e82cac588a9c07dad9dd30a35f62f32901 Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 00:00:17 -0400 Subject: [PATCH 18/41] refactor: fusionne Honcho + OpenConcho dans un seul container nginx/FastAPI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Honcho (FastAPI) et OpenConcho (React SPA) dans un seul Dockerfile multi-stage - nginx proxy /v3/ /v2/ /health /openapi.json vers Honcho sur localhost:8000 - Supprime le service openconcho séparé et le dossier orphelin - Routeur Traefik unique à honcho.lazyworkhorse.net (port 80 — nginx) - Plus besoin d'exposer Honcho séparément (API accessible via nginx proxy) --- ai/compose.yml | 46 +++++++++----------------------- ai/honcho/Dockerfile | 50 +++++++++++++++++++++++++++-------- ai/honcho/honcho-nginx.conf | 52 +++++++++++++++++++++++++++++++++++++ ai/openconcho/Dockerfile | 23 ---------------- 4 files changed, 103 insertions(+), 68 deletions(-) create mode 100644 ai/honcho/honcho-nginx.conf delete mode 100644 ai/openconcho/Dockerfile diff --git a/ai/compose.yml b/ai/compose.yml index 194a088..5f518fe 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -161,13 +161,11 @@ services: - "303" - "26" - # --- Honcho: AI-native user modeling --- - honcho: + # --- Honcho + OpenConcho combiné: API + Web UI nginx/FastAPI --- + honcho-ui: build: ./honcho - container_name: honcho + container_name: honcho-ui restart: unless-stopped - ports: - - "127.0.0.1:8001:8000" environment: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 @@ -181,47 +179,27 @@ services: - ai_net labels: - "traefik.enable=true" - - "traefik.http.routers.honcho-http.rule=Host(`api.honcho.lazyworkhorse.net`)" + + # Router for HTTP + redirect to HTTPS + - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" - "traefik.http.routers.honcho-http.entrypoints=web" - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" - - "traefik.http.routers.honcho-https.rule=Host(`api.honcho.lazyworkhorse.net`)" + + # Router for HTTPS with TLS — protected by Authelia + - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)" - "traefik.http.routers.honcho-https.entrypoints=websecure" - "traefik.http.routers.honcho-https.tls=true" - "traefik.http.routers.honcho-https.tls.certresolver=njalla" - "traefik.http.routers.honcho-https.middlewares=hermes-auth" - - "traefik.http.services.honcho.loadbalancer.server.port=8000" + + # Service Loadbalancer (nginx port) + - "traefik.http.services.honcho.loadbalancer.server.port=80" depends_on: honcho-db: condition: service_healthy honcho-redis: condition: service_healthy - # --- OpenConcho: Honcho web UI --- - openconcho: - build: ./openconcho - container_name: openconcho - restart: unless-stopped - networks: - - ai_backend - - ai_net - labels: - - "traefik.enable=true" - - # Router for HTTP + redirect to HTTPS - - "traefik.http.routers.openconcho-http.rule=Host(`honcho.lazyworkhorse.net`)" - - "traefik.http.routers.openconcho-http.entrypoints=web" - - "traefik.http.routers.openconcho-http.middlewares=redirect-to-https" - - # Router for HTTPS with TLS — protected by Authelia - - "traefik.http.routers.openconcho-https.rule=Host(`honcho.lazyworkhorse.net`)" - - "traefik.http.routers.openconcho-https.entrypoints=websecure" - - "traefik.http.routers.openconcho-https.tls=true" - - "traefik.http.routers.openconcho-https.tls.certresolver=njalla" - - "traefik.http.routers.openconcho-https.middlewares=hermes-auth" - - # Service Loadbalancer - - "traefik.http.services.openconcho.loadbalancer.server.port=80" - honcho-db: image: pgvector/pgvector:pg15 container_name: honcho-db diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index e654667..b44aa6f 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -1,6 +1,5 @@ # build stage — fetches and builds Honcho from source -# Using buildkit cache mounts for speed across rebuilds -FROM python:3.13-slim-bookworm AS builder +FROM python:3.13-slim-bookworm AS honcho-builder RUN apt-get update && \ apt-get install -y --no-install-recommends git && \ @@ -8,7 +7,6 @@ RUN apt-get update && \ COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv -# Clone Honcho at a pinned commit for reproducibility ARG HONCHO_REPO=https://github.com/plastic-labs/honcho ARG HONCHO_REF=main RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app @@ -21,21 +19,51 @@ ENV UV_PYTHON=/usr/local/bin/python3.13 RUN uv sync --frozen -# --- runtime stage --- +# build stage — builds OpenConcho SPA +FROM node:22-bookworm AS openconcho-builder + +ENV PNPM_HOME=/pnpm +ENV PATH=$PNPM_HOME:$PATH +RUN corepack enable && corepack prepare pnpm@latest --activate + +WORKDIR /app +RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* + +ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665 +RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \ + git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \ + git -C /app checkout ${OPENCONCHO_SHA} + +RUN pnpm install --frozen-lockfile +RUN pnpm --filter @openconcho/web build + +# runtime stage — nginx + Honcho FastAPI FROM python:3.13-slim-bookworm -RUN groupadd --system app && \ - useradd --system --gid app --create-home app - -COPY --from=builder /app /app +RUN apt-get update && apt-get install -y --no-install-recommends nginx && \ + rm -rf /var/log/nginx/* && \ + rm -rf /var/lib/apt/lists/* +# Honcho +COPY --from=honcho-builder /app /app WORKDIR /app ENV PATH="/app/.venv/bin:$PATH" ENV HOME=/app +COPY config.toml /app/config.toml -COPY --chown=app:app config.toml /app/config.toml +# OpenConcho SPA +COPY --from=openconcho-builder /app/packages/web/dist /usr/share/nginx/html + +# nginx config (proxies /v3/, /v2/ to Honcho on localhost:8000) +COPY honcho-nginx.conf /etc/nginx/conf.d/default.conf +RUN rm -f /etc/nginx/sites-enabled/default + +RUN groupadd --system app && \ + useradd --system --gid app --create-home app && \ + chown -R app:app /app /usr/share/nginx/html USER app -EXPOSE 8000 -CMD ["fastapi", "run", "--host", "0.0.0.0", "src/main.py"] +EXPOSE 80 + +CMD ["sh", "-c", "nginx && exec fastapi run --host 127.0.0.1 --port 8000 src/main.py"] diff --git a/ai/honcho/honcho-nginx.conf b/ai/honcho/honcho-nginx.conf new file mode 100644 index 0000000..90d13b2 --- /dev/null +++ b/ai/honcho/honcho-nginx.conf @@ -0,0 +1,52 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + + root /usr/share/nginx/html; + index index.html; + + # Honcho API proxy + location /v3/ { + proxy_pass http://127.0.0.1:8000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /v2/ { + proxy_pass http://127.0.0.1:8000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Honcho health + location /health { + proxy_pass http://127.0.0.1:8000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # OpenAPI docs + location /openapi.json { + proxy_pass http://127.0.0.1:8000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SPA: fallback to index.html for client-side routing + location / { + try_files $uri $uri/ /index.html; + } +} diff --git a/ai/openconcho/Dockerfile b/ai/openconcho/Dockerfile deleted file mode 100644 index de9ed48..0000000 --- a/ai/openconcho/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# build stage -FROM node:22-bookworm AS builder - -ENV PNPM_HOME=/pnpm -ENV PATH=$PNPM_HOME:$PATH -RUN corepack enable && corepack prepare pnpm@latest --activate - -WORKDIR /app -RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* - -ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665 -RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \ - git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \ - git -C /app checkout ${OPENCONCHO_SHA} - -RUN pnpm install --frozen-lockfile -RUN pnpm --filter @openconcho/web build - -# runtime stage -FROM nginx:alpine -COPY --from=builder /app/packages/web/dist /usr/share/nginx/html -EXPOSE 80 -CMD ["nginx", "-g", "daemon off;"] -- 2.49.1 From c85dbaf820c40b72dd3c88a65d5cd2f8ae299de3 Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 00:31:38 -0400 Subject: [PATCH 19/41] fix: run nginx as root, Honcho as app user (was running as app, nginx can't create runtime dirs) --- ai/honcho/Dockerfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index b44aa6f..e3b7ca3 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -60,10 +60,13 @@ RUN rm -f /etc/nginx/sites-enabled/default RUN groupadd --system app && \ useradd --system --gid app --create-home app && \ - chown -R app:app /app /usr/share/nginx/html - -USER app + chown -R app:app /app /usr/share/nginx/html && \ + # nginx runtime dirs need to exist for non-root master? Actually master is root, just ensure /var/lib/nginx exists + mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi && \ + chown -R root:root /var/lib/nginx && \ + chmod 755 /var/lib/nginx EXPOSE 80 -CMD ["sh", "-c", "nginx && exec fastapi run --host 127.0.0.1 --port 8000 src/main.py"] +# nginx runs as root (needed for port 80 + runtime dirs), Honcho runs as app user +CMD ["sh", "-c", "nginx && exec su -s /bin/sh app -c 'fastapi run --host 127.0.0.1 --port 8000 src/main.py'"] -- 2.49.1 From 352f9a9e78957673f4601e534f6eb0ef304682a2 Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 01:21:14 -0400 Subject: [PATCH 20/41] fix: run container as root, patch nginx.conf to disable user directive --- ai/honcho/Dockerfile | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index e3b7ca3..a4d43d9 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -40,9 +40,21 @@ RUN pnpm --filter @openconcho/web build # runtime stage — nginx + Honcho FastAPI FROM python:3.13-slim-bookworm +# Install nginx and create runtime dirs before dropping permissions RUN apt-get update && apt-get install -y --no-install-recommends nginx && \ rm -rf /var/log/nginx/* && \ - rm -rf /var/lib/apt/lists/* + rm -rf /var/lib/apt/lists/* && \ + rm -f /etc/nginx/sites-enabled/default + +# Patch nginx.conf: comment out "user www-data;" so nginx master stays as root +# (workers inherit root inside a container — fine for single-service isolation) +RUN sed -i 's/^user /# user /' /etc/nginx/nginx.conf + +# Pre-create nginx runtime directories with proper ownership +RUN mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi \ + /var/lib/nginx/uwsgi /var/lib/nginx/scgi /var/lib/nginx/proxy_temp \ + /var/cache/nginx && \ + chown -R root:root /var/lib/nginx /var/cache/nginx # Honcho COPY --from=honcho-builder /app /app @@ -56,17 +68,7 @@ COPY --from=openconcho-builder /app/packages/web/dist /usr/share/nginx/html # nginx config (proxies /v3/, /v2/ to Honcho on localhost:8000) COPY honcho-nginx.conf /etc/nginx/conf.d/default.conf -RUN rm -f /etc/nginx/sites-enabled/default - -RUN groupadd --system app && \ - useradd --system --gid app --create-home app && \ - chown -R app:app /app /usr/share/nginx/html && \ - # nginx runtime dirs need to exist for non-root master? Actually master is root, just ensure /var/lib/nginx exists - mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi && \ - chown -R root:root /var/lib/nginx && \ - chmod 755 /var/lib/nginx EXPOSE 80 -# nginx runs as root (needed for port 80 + runtime dirs), Honcho runs as app user -CMD ["sh", "-c", "nginx && exec su -s /bin/sh app -c 'fastapi run --host 127.0.0.1 --port 8000 src/main.py'"] +CMD ["sh", "-c", "nginx -g 'daemon off;' & fastapi run --host 127.0.0.1 --port 8000 src/main.py"] -- 2.49.1 From bb53161b50a73da58af1daeb78d81b2013c7c1db Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 08:34:32 -0400 Subject: [PATCH 21/41] fix: honcho auth + deepseek LLM config --- ai/compose.yml | 6 ++++-- ai/honcho/config.toml | 28 ++++++++++++++-------------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 5f518fe..81f4cc1 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -164,14 +164,16 @@ services: # --- Honcho + OpenConcho combiné: API + Web UI nginx/FastAPI --- honcho-ui: build: ./honcho - container_name: honcho-ui + container_name: honcho restart: unless-stopped environment: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true - EMBEDDING_VECTOR_DIMENSIONS=1536 - - VECTOR_STORE_DIMENSIONS=1536 + - AUTH_USE_AUTH=true + - AUTH_JWT_SECRET=${AUTH_JWT_SECRET} + - OPENAI_API_KEY=${OPENAI_API_KEY} volumes: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 0578f57..7a6b986 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -48,8 +48,8 @@ FLUSH_ENABLED = true [deriver.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" # --- Dialectic --- [dialectic] @@ -61,36 +61,36 @@ MAX_TOOL_ITERATIONS = 1 MAX_OUTPUT_TOKENS = 512 [dialectic.levels.minimal.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" [dialectic.levels.low] MAX_TOOL_ITERATIONS = 3 [dialectic.levels.low.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" [dialectic.levels.medium] MAX_TOOL_ITERATIONS = 2 [dialectic.levels.medium.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" [dialectic.levels.high] MAX_TOOL_ITERATIONS = 4 [dialectic.levels.high.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" [dialectic.levels.max] MAX_TOOL_ITERATIONS = 10 [dialectic.levels.max.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" # --- Summary --- [summary] @@ -100,8 +100,8 @@ MESSAGES_PER_LONG_SUMMARY = 60 [summary.model_config] transport = "openai" -model = "hermes-3" -base_url = "http://ollama:11434/v1" +model = "deepseek-v4-flash" +base_url = "https://opencode.ai/zen/go/v1" # --- Dream --- [dream] -- 2.49.1 From 59d529b64a96fe83f07b35b2227789648e10596d Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 16:41:48 -0400 Subject: [PATCH 22/41] fix: add api_key_env to honcho model_config --- ai/honcho/config.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 7a6b986..2e4ddac 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -50,6 +50,7 @@ FLUSH_ENABLED = true transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" # --- Dialectic --- [dialectic] @@ -63,6 +64,7 @@ MAX_OUTPUT_TOKENS = 512 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" [dialectic.levels.low] MAX_TOOL_ITERATIONS = 3 @@ -70,6 +72,7 @@ MAX_TOOL_ITERATIONS = 3 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" [dialectic.levels.medium] MAX_TOOL_ITERATIONS = 2 @@ -77,6 +80,7 @@ MAX_TOOL_ITERATIONS = 2 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" [dialectic.levels.high] MAX_TOOL_ITERATIONS = 4 @@ -84,6 +88,7 @@ MAX_TOOL_ITERATIONS = 4 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" [dialectic.levels.max] MAX_TOOL_ITERATIONS = 10 @@ -91,6 +96,7 @@ MAX_TOOL_ITERATIONS = 10 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" # --- Summary --- [summary] @@ -102,6 +108,7 @@ MESSAGES_PER_LONG_SUMMARY = 60 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" +api_key_env = "OPENAI_API_KEY" # --- Dream --- [dream] -- 2.49.1 From 8eb0344a0843f099073eab1d105324baf386713b Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 16:42:57 -0400 Subject: [PATCH 23/41] chore: restore corrupted defaults and add api_key_env --- ai/honcho/config.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 2e4ddac..6287c91 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -29,7 +29,7 @@ URL = "redis://honcho-redis:6379/0" [llm] DEFAULT_MAX_TOKENS = 4096 -# Embeddings via Ollama (nomic-embed-text recommended on this system) +# Embeddings via Ollama [embedding] VECTOR_DIMENSIONS = 768 MAX_INPUT_TOKENS = 8192 @@ -39,7 +39,7 @@ transport = "openai" model = "nomic-embed-text" base_url = "http://ollama:11434/v1" -# --- Deriver (user representation builder) --- +# --- Deriver --- [deriver] ENABLED = true WORKERS = 1 -- 2.49.1 From 08778db6856312a8083bd63059dcc2e319916b44 Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 16:51:13 -0400 Subject: [PATCH 24/41] fix: use HONCHO_OPENAI_API_KEY, fix dimensions to 1024, restore defaults --- ai/honcho/config.toml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 6287c91..3c474d1 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -31,7 +31,7 @@ DEFAULT_MAX_TOKENS = 4096 # Embeddings via Ollama [embedding] -VECTOR_DIMENSIONS = 768 +VECTOR_DIMENSIONS = 1024 MAX_INPUT_TOKENS = 8192 [embedding.model_config] @@ -50,7 +50,7 @@ FLUSH_ENABLED = true transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" # --- Dialectic --- [dialectic] @@ -64,7 +64,7 @@ MAX_OUTPUT_TOKENS = 512 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.low] MAX_TOOL_ITERATIONS = 3 @@ -72,7 +72,7 @@ MAX_TOOL_ITERATIONS = 3 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.medium] MAX_TOOL_ITERATIONS = 2 @@ -80,7 +80,7 @@ MAX_TOOL_ITERATIONS = 2 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.high] MAX_TOOL_ITERATIONS = 4 @@ -88,7 +88,7 @@ MAX_TOOL_ITERATIONS = 4 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.max] MAX_TOOL_ITERATIONS = 10 @@ -96,7 +96,7 @@ MAX_TOOL_ITERATIONS = 10 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" # --- Summary --- [summary] @@ -108,7 +108,7 @@ MESSAGES_PER_LONG_SUMMARY = 60 transport = "openai" model = "deepseek-v4-flash" base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "OPENAI_API_KEY" +api_key_env = "HONCHO_OPENAI_API_KEY" # --- Dream --- [dream] @@ -121,4 +121,4 @@ ENABLED = true # --- Vector Store --- [vector_store] TYPE = "pgvector" -DIMENSIONS = 768 +DIMENSIONS = 1024 -- 2.49.1 From 63b6cd3461a1344ef6685f2f62a81063dcd1c9e4 Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 18:54:35 -0400 Subject: [PATCH 25/41] fix: honcho embedding config - fix base_url nesting, switch to bge-m3, add deriver to CMD --- ai/honcho/Dockerfile | 2 +- ai/honcho/config.toml | 29 +++++++++++------------------ 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index a4d43d9..e124482 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -71,4 +71,4 @@ COPY honcho-nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 80 -CMD ["sh", "-c", "nginx -g 'daemon off;' & fastapi run --host 127.0.0.1 --port 8000 src/main.py"] +CMD ["sh", "-c", "nginx -g 'daemon off;' & fastapi run --host 127.0.0.1 --port 8000 src/main.py & python3 -m src.deriver & wait -n"] diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 3c474d1..8c61033 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -29,15 +29,15 @@ URL = "redis://honcho-redis:6379/0" [llm] DEFAULT_MAX_TOKENS = 4096 -# Embeddings via Ollama +# Embeddings via Ollama — bge-m3 provides 1024-dim [embedding] VECTOR_DIMENSIONS = 1024 MAX_INPUT_TOKENS = 8192 [embedding.model_config] transport = "openai" -model = "nomic-embed-text" -base_url = "http://ollama:11434/v1" +model = "bge-m3" +overrides = {base_url = "http://ollama:11434/v1", api_key = "ollama"} # --- Deriver --- [deriver] @@ -47,10 +47,9 @@ POLLING_SLEEP_INTERVAL_SECONDS = 5.0 FLUSH_ENABLED = true [deriver.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" # --- Dialectic --- [dialectic] @@ -61,42 +60,37 @@ SESSION_HISTORY_MAX_TOKENS = 8192 MAX_TOOL_ITERATIONS = 1 MAX_OUTPUT_TOKENS = 512 [dialectic.levels.minimal.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.low] MAX_TOOL_ITERATIONS = 3 [dialectic.levels.low.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.medium] MAX_TOOL_ITERATIONS = 2 [dialectic.levels.medium.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.high] MAX_TOOL_ITERATIONS = 4 [dialectic.levels.high.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" [dialectic.levels.max] MAX_TOOL_ITERATIONS = 10 [dialectic.levels.max.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" # --- Summary --- [summary] @@ -105,10 +99,9 @@ MESSAGES_PER_SHORT_SUMMARY = 20 MESSAGES_PER_LONG_SUMMARY = 60 [summary.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} transport = "openai" model = "deepseek-v4-flash" -base_url = "https://opencode.ai/zen/go/v1" -api_key_env = "HONCHO_OPENAI_API_KEY" # --- Dream --- [dream] @@ -121,4 +114,4 @@ ENABLED = true # --- Vector Store --- [vector_store] TYPE = "pgvector" -DIMENSIONS = 1024 +# DIMENSIONS is deprecated — EMBEDDING.VECTOR_DIMENSIONS is authoritative -- 2.49.1 From 6641071d8f8049baea0f74f5c9976b0e83f45973 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 13:10:03 -0400 Subject: [PATCH 26/41] fix: update Honcho config path to HoardingCow, point fork to Hermes/honcho - Update Dockerfile to clone from code.lazyworkhorse.net/Hermes/honcho.git (uses build arg HONCHO_REPO, can be overridden at build time) - Add config.toml volume mount from HoardingCow persistent path - Use named volume honcho_data instead of host bind mount - Declare honcho_data as external volume in top-level volumes section --- ai/compose.yml | 8 ++- ai/honcho/Dockerfile | 2 +- copy_script.txt | 7 ++ entrypoint-combined.sh | 154 +++++++++++++++++++++++++++++++++++++++++ replace_compose.py | 17 +++++ 5 files changed, 186 insertions(+), 2 deletions(-) create mode 100644 copy_script.txt create mode 100644 entrypoint-combined.sh create mode 100644 replace_compose.py diff --git a/ai/compose.yml b/ai/compose.yml index 81f4cc1..0b918dd 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -175,7 +175,8 @@ services: - AUTH_JWT_SECRET=${AUTH_JWT_SECRET} - OPENAI_API_KEY=${OPENAI_API_KEY} volumes: - - /mnt/HoardingCow_docker_data/Honcho/data:/app/data + - honcho_data:/app/data + - /mnt/HoardingCow_docker_data/Honcho/config.toml:/app/config.toml:ro networks: - ai_backend - ai_net @@ -248,6 +249,11 @@ networks: ai_backend: driver: bridge name: ai_backend + +volumes: + honcho_data: + external: true + name: honcho_data # llama_cpp_devstral: # image: ghcr.io/ggml-org/llama.cpp:server-rocm diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index e124482..98f4794 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get update && \ COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv -ARG HONCHO_REPO=https://github.com/plastic-labs/honcho +ARG HONCHO_REPO=https://code.lazyworkhorse.net/Hermes/honcho.git ARG HONCHO_REF=main RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app diff --git a/copy_script.txt b/copy_script.txt new file mode 100644 index 0000000..c562d14 --- /dev/null +++ b/copy_script.txt @@ -0,0 +1,7 @@ +import shutil, os +src = "/opt/data/projects/gortium/compose/ai/compose_updated.txt" +dst = "/opt/data/projects/gortium/compose/ai/compose.yml" +print(f"Source exists: {os.path.exists(src)}, size: {os.path.getsize(src)}") +print(f"Dest exists: {os.path.exists(dst)}") +shutil.copy2(src, dst) +print(f"Copied, dest size: {os.path.getsize(dst)}") diff --git a/entrypoint-combined.sh b/entrypoint-combined.sh new file mode 100644 index 0000000..0dbbeb5 --- /dev/null +++ b/entrypoint-combined.sh @@ -0,0 +1,154 @@ +#!/bin/bash +# ── Hermes Workspace Combined Entrypoint ── +# Waits for the Hermes gateway container (hermes:8642) to become healthy, +# then starts the Hermes Workspace web UI in the foreground. +# Supports graceful shutdown via SIGTERM/SIGINT. +# ────────────────────────────────────────── + +set -euo pipefail + +# ── Configuration ────────────────────────────────────────────── +GATEWAY_HOST="${GATEWAY_HOST:-hermes}" +GATEWAY_PORT="${GATEWAY_PORT:-8642}" +GATEWAY_URL="http://${GATEWAY_HOST}:${GATEWAY_PORT}" + +HEALTH_ENDPOINT="${HEALTH_ENDPOINT:-/health}" +MAX_RETRIES="${HEALTH_MAX_RETRIES:-60}" +RETRY_INTERVAL="${HEALTH_RETRY_INTERVAL:-2}" + +WORKSPACE_DIR="${WORKSPACE_DIR:-/workspace}" +WORKSPACE_ENTRY="${WORKSPACE_ENTRY:-server-entry.js}" + +PID_FILE="${PID_FILE:-/tmp/workspace.pid}" + +# ── Logging ──────────────────────────────────────────────────── +log_info() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*"; } +log_warn() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [WARN] $*"; } +log_error() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*"; } + +# ── Graceful Shutdown ────────────────────────────────────────── +_workspace_pid="" +_shutting_down=false + +cleanup() { + if [ "$_shutting_down" = true ]; then + return + fi + _shutting_down=true + + log_info "Shutdown signal received, cleaning up..." + + # Stop workspace process if running + if [ -n "$_workspace_pid" ] && kill -0 "$_workspace_pid" 2>/dev/null; then + log_info "Stopping workspace (PID: $_workspace_pid)..." + kill -TERM "$_workspace_pid" 2>/dev/null || true + + # Give it time to shut down gracefully + local wait_sec=10 + while kill -0 "$_workspace_pid" 2>/dev/null && [ "$wait_sec" -gt 0 ]; do + sleep 1 + wait_sec=$((wait_sec - 1)) + done + + # Force kill if still running + if kill -0 "$_workspace_pid" 2>/dev/null; then + log_warn "Workspace did not shut down gracefully, force killing..." + kill -KILL "$_workspace_pid" 2>/dev/null || true + fi + fi + + # Clean up PID file + [ -f "$PID_FILE" ] && rm -f "$PID_FILE" + + log_info "Shutdown complete." + exit 0 +} + +# Trap termination signals for graceful shutdown +trap cleanup SIGTERM SIGINT + +# ── Gateway Health Check ─────────────────────────────────────── +wait_for_gateway() { + local url="${GATEWAY_URL}${HEALTH_ENDPOINT}" + local retries="$MAX_RETRIES" + local interval="$RETRY_INTERVAL" + local attempt=0 + + log_info "Waiting for Hermes gateway at ${GATEWAY_URL}..." + log_info "Max retries: ${retries}, interval: ${interval}s" + + while [ "$attempt" -lt "$retries" ]; do + attempt=$((attempt + 1)) + + if curl -fsS "${url}" >/dev/null 2>&1; then + log_info "Gateway is healthy after ${attempt} attempt(s) (${GATEWAY_URL})" + return 0 + fi + + if [ "$attempt" -lt "$retries" ]; then + log_info "Gateway not ready yet (attempt ${attempt}/${retries}), retrying in ${interval}s..." + sleep "$interval" + fi + done + + log_error "Gateway did not become healthy after ${retries} attempts (${retries * interval}s)" + return 1 +} + +# ── Workspace Startup ────────────────────────────────────────── +start_workspace() { + local entry="${WORKSPACE_DIR}/${WORKSPACE_ENTRY}" + + if [ ! -d "$WORKSPACE_DIR" ]; then + log_error "Workspace directory not found: ${WORKSPACE_DIR}" + return 1 + fi + + if [ ! -f "$entry" ]; then + log_error "Workspace entry point not found: ${entry}" + return 1 + fi + + log_info "Starting Hermes Workspace web UI..." + log_info " Directory: ${WORKSPACE_DIR}" + log_info " Entry: ${entry}" + + cd "$WORKSPACE_DIR" + + # Start workspace in background so we can trap signals + exec node --max-old-space-size=2048 "${entry}" & + _workspace_pid=$! + echo "$_workspace_pid" > "$PID_FILE" + + log_info "Workspace started (PID: ${_workspace_pid})" + + # Wait for workspace process + wait "$_workspace_pid" + local exit_code=$? + + log_info "Workspace exited with code ${exit_code}" + return "$exit_code" +} + +# ── Main ─────────────────────────────────────────────────────── +main() { + log_info "=== Hermes Workspace Combined Entrypoint ===" + log_info "Gateway: ${GATEWAY_URL}" + log_info "Workspace: ${WORKSPACE_DIR}/${WORKSPACE_ENTRY}" + log_info "PID file: ${PID_FILE}" + + # Wait for gateway to be healthy + if ! wait_for_gateway; then + log_warn "Proceeding without confirmed gateway health..." + fi + + # Start the workspace + start_workspace + local exit_code=$? + + log_info "Entrypoint exiting with code ${exit_code}" + return "$exit_code" +} + +# Run main; exit with its return code +main "$@" diff --git a/replace_compose.py b/replace_compose.py new file mode 100644 index 0000000..4ecd7f3 --- /dev/null +++ b/replace_compose.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +"""Copy the updated txt file over the original yml file.""" +import shutil +import os + +src = "/opt/data/projects/gortium/compose/ai/compose_updated.txt" +dst = "/opt/data/projects/gortium/compose/ai/compose.yml" + +# Check src exists +print(f"Source exists: {os.path.exists(src)}") +print(f"Source size: {os.path.getsize(src)} bytes") +print(f"Destination exists: {os.path.exists(dst)}") + +# Copy +shutil.copy2(src, dst) +print(f"Copied {src} -> {dst}") +print(f"Destination size: {os.path.getsize(dst)} bytes") -- 2.49.1 From c9b9f63a342bd321e79f76e97472b2e9415fe2e6 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 13:13:02 -0400 Subject: [PATCH 27/41] fix: disable kanban auto-dispatch for default gateway --- ai/compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ai/compose.yml b/ai/compose.yml index 0b918dd..00162a8 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -49,6 +49,8 @@ services: - API_SERVER_HOST=0.0.0.0 - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true + # Manual kanban dispatch — no auto-sweep from triage + - HERMES_KANBAN_DISPATCH_IN_GATEWAY=false - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 -- 2.49.1 From 51018024e978e7fcefeabae7e102abbc21c0fd63 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 13:18:12 -0400 Subject: [PATCH 28/41] fix: enable Honcho dream (ENABLED = true) --- ai/honcho/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 8c61033..0972bdf 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -105,7 +105,7 @@ model = "deepseek-v4-flash" # --- Dream --- [dream] -ENABLED = false +ENABLED = true # --- Peer Card --- [peer_card] -- 2.49.1 From c9a33861385d66d174a5d18d149e249625eab6b3 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 14:11:54 -0400 Subject: [PATCH 29/41] fix: add HONCHO_OPENAI_API_KEY env to fix deriver/dream LLM calls --- ai/compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 00162a8..3a92a8e 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -49,8 +49,6 @@ services: - API_SERVER_HOST=0.0.0.0 - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - # Manual kanban dispatch — no auto-sweep from triage - - HERMES_KANBAN_DISPATCH_IN_GATEWAY=false - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 @@ -176,6 +174,8 @@ services: - AUTH_USE_AUTH=true - AUTH_JWT_SECRET=${AUTH_JWT_SECRET} - OPENAI_API_KEY=${OPENAI_API_KEY} + # Needed by deriver/dream to make LLM calls (api_key_env = "HONCHO_OPENAI_API_KEY" in config.toml) + - HONCHO_OPENAI_API_KEY=${OPENAI_API_KEY} volumes: - honcho_data:/app/data - /mnt/HoardingCow_docker_data/Honcho/config.toml:/app/config.toml:ro -- 2.49.1 From 6774af7c13c1e08c1cc521bd08253e3c06a9662a Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 14:34:30 -0400 Subject: [PATCH 30/41] fix: use HONCHO_OPENAI_API_KEY variable (user's existing secret) --- ai/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index 3a92a8e..ca7ee31 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -175,7 +175,7 @@ services: - AUTH_JWT_SECRET=${AUTH_JWT_SECRET} - OPENAI_API_KEY=${OPENAI_API_KEY} # Needed by deriver/dream to make LLM calls (api_key_env = "HONCHO_OPENAI_API_KEY" in config.toml) - - HONCHO_OPENAI_API_KEY=${OPENAI_API_KEY} + - HONCHO_OPENAI_API_KEY=${HONCHO_OPENAI_API_KEY} volumes: - honcho_data:/app/data - /mnt/HoardingCow_docker_data/Honcho/config.toml:/app/config.toml:ro -- 2.49.1 From 14eba26b6bd32a790e7ae1fb9a99c52a68e85f32 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 14:51:49 -0400 Subject: [PATCH 31/41] fix: add dream model_configs with api_key_env for HONCHO_OPENAI_API_KEY --- ai/honcho/config.toml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml index 0972bdf..8ecbc89 100644 --- a/ai/honcho/config.toml +++ b/ai/honcho/config.toml @@ -107,6 +107,21 @@ model = "deepseek-v4-flash" [dream] ENABLED = true +[dream.model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} +transport = "openai" +model = "deepseek-v4-flash" + +[dream.deduction_model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} +transport = "openai" +model = "deepseek-v4-flash" + +[dream.induction_model_config] +overrides = {base_url = "https://opencode.ai/zen/go/v1", api_key_env = "HONCHO_OPENAI_API_KEY"} +transport = "openai" +model = "deepseek-v4-flash" + # --- Peer Card --- [peer_card] ENABLED = true -- 2.49.1 From 945d4e43a5aab4e286e516a95f14b469e5fd1e77 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 15:02:22 -0400 Subject: [PATCH 32/41] fix_compose_env_vars --- ai/compose.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index ca7ee31..04379cf 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -172,8 +172,7 @@ services: - CACHE_ENABLED=true - EMBEDDING_VECTOR_DIMENSIONS=1536 - AUTH_USE_AUTH=true - - AUTH_JWT_SECRET=${AUTH_JWT_SECRET} - - OPENAI_API_KEY=${OPENAI_API_KEY} + - AUTH_JWT_SECRET=${HONCHO_AUTH_JWT_SECRET} # Needed by deriver/dream to make LLM calls (api_key_env = "HONCHO_OPENAI_API_KEY" in config.toml) - HONCHO_OPENAI_API_KEY=${HONCHO_OPENAI_API_KEY} volumes: -- 2.49.1 From 2e8e0b45610e0a265b334fd6879c6e14b8fc2088 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 15:09:18 -0400 Subject: [PATCH 33/41] fix_honcho_traefik_network_label --- ai/compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/compose.yml b/ai/compose.yml index 04379cf..3c7bc2c 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -183,6 +183,7 @@ services: - ai_net labels: - "traefik.enable=true" + - "traefik.docker.network=ai_net" # Router for HTTP + redirect to HTTPS - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" -- 2.49.1 From 9635ed8e7e886a4bedb444fa47971be17c3fffce Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 16:03:12 -0400 Subject: [PATCH 34/41] fix_honcho_build_ssh --- ai/compose.yml | 5 ++++- ai/honcho/Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 3c7bc2c..eb503aa 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -163,7 +163,10 @@ services: # --- Honcho + OpenConcho combiné: API + Web UI nginx/FastAPI --- honcho-ui: - build: ./honcho + build: + context: ./honcho + ssh: + - default container_name: honcho restart: unless-stopped environment: diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index 98f4794..20b722c 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -7,9 +7,9 @@ RUN apt-get update && \ COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv -ARG HONCHO_REPO=https://code.lazyworkhorse.net/Hermes/honcho.git +ARG HONCHO_REPO=ssh://git@code.lazyworkhorse.net:2222/Hermes/honcho.git ARG HONCHO_REF=main -RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app +RUN --mount=type=ssh git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app WORKDIR /app -- 2.49.1 From b4a0e4449d4b6c71d9fbea3bcfd88677e741bde8 Mon Sep 17 00:00:00 2001 From: Thierry Pouplier Date: Mon, 25 May 2026 16:04:19 -0400 Subject: [PATCH 35/41] Fixed the honcho name --- ai/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index 3c7bc2c..e325d71 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -162,7 +162,7 @@ services: - "26" # --- Honcho + OpenConcho combiné: API + Web UI nginx/FastAPI --- - honcho-ui: + honcho: build: ./honcho container_name: honcho restart: unless-stopped -- 2.49.1 From 68009f05c16b88975961796af81524fb5599b5be Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 16:10:45 -0400 Subject: [PATCH 36/41] fix_honcho_dockerfile_ssh_client_and_keyscan --- ai/honcho/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index 20b722c..7951810 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -2,13 +2,14 @@ FROM python:3.13-slim-bookworm AS honcho-builder RUN apt-get update && \ - apt-get install -y --no-install-recommends git && \ + apt-get install -y --no-install-recommends git openssh-client && \ rm -rf /var/lib/apt/lists/* COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv ARG HONCHO_REPO=ssh://git@code.lazyworkhorse.net:2222/Hermes/honcho.git ARG HONCHO_REF=main +RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan -p 2222 code.lazyworkhorse.net >> ~/.ssh/known_hosts 2>/dev/null RUN --mount=type=ssh git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app WORKDIR /app -- 2.49.1 From 54e3868f94dc8a3fa96e3c28a404829dee7bcbc5 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 16:21:18 -0400 Subject: [PATCH 37/41] fix_honcho_cmd_use_bash_instead_of_sh --- ai/honcho/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index 7951810..a0c804a 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -72,4 +72,4 @@ COPY honcho-nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 80 -CMD ["sh", "-c", "nginx -g 'daemon off;' & fastapi run --host 127.0.0.1 --port 8000 src/main.py & python3 -m src.deriver & wait -n"] +CMD ["bash", "-c", "nginx -g 'daemon off;' & fastapi run --host 127.0.0.1 --port 8000 src/main.py & python3 -m src.deriver & wait -n"] -- 2.49.1 From 5dd6e9a4427def90d7781735168cb8ba6baa1790 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 16:34:00 -0400 Subject: [PATCH 38/41] fix_embedding_dims_to_1024_match_db --- ai/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index eb155fd..ff0ac5c 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -173,7 +173,7 @@ services: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true - - EMBEDDING_VECTOR_DIMENSIONS=1536 + - EMBEDDING_VECTOR_DIMENSIONS=1024 - AUTH_USE_AUTH=true - AUTH_JWT_SECRET=${HONCHO_AUTH_JWT_SECRET} # Needed by deriver/dream to make LLM calls (api_key_env = "HONCHO_OPENAI_API_KEY" in config.toml) -- 2.49.1 From 6069ebd6a41220c876141db41cad3687e01d1d87 Mon Sep 17 00:00:00 2001 From: Thierry Pouplier Date: Mon, 25 May 2026 16:37:25 -0400 Subject: [PATCH 39/41] Removed version in compose --- ai/compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index eb155fd..2e9e09e 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -1,4 +1,3 @@ -version: "3.8" services: # webui: -- 2.49.1 From efaf3550b9bc545678cd59795c16ae874ec76f1f Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 25 May 2026 16:52:10 -0400 Subject: [PATCH 40/41] remove_temp_scratch_files --- copy_script.txt | 7 -- entrypoint-combined.sh | 154 ----------------------------------------- replace_compose.py | 17 ----- 3 files changed, 178 deletions(-) delete mode 100644 copy_script.txt delete mode 100644 entrypoint-combined.sh delete mode 100644 replace_compose.py diff --git a/copy_script.txt b/copy_script.txt deleted file mode 100644 index c562d14..0000000 --- a/copy_script.txt +++ /dev/null @@ -1,7 +0,0 @@ -import shutil, os -src = "/opt/data/projects/gortium/compose/ai/compose_updated.txt" -dst = "/opt/data/projects/gortium/compose/ai/compose.yml" -print(f"Source exists: {os.path.exists(src)}, size: {os.path.getsize(src)}") -print(f"Dest exists: {os.path.exists(dst)}") -shutil.copy2(src, dst) -print(f"Copied, dest size: {os.path.getsize(dst)}") diff --git a/entrypoint-combined.sh b/entrypoint-combined.sh deleted file mode 100644 index 0dbbeb5..0000000 --- a/entrypoint-combined.sh +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/bash -# ── Hermes Workspace Combined Entrypoint ── -# Waits for the Hermes gateway container (hermes:8642) to become healthy, -# then starts the Hermes Workspace web UI in the foreground. -# Supports graceful shutdown via SIGTERM/SIGINT. -# ────────────────────────────────────────── - -set -euo pipefail - -# ── Configuration ────────────────────────────────────────────── -GATEWAY_HOST="${GATEWAY_HOST:-hermes}" -GATEWAY_PORT="${GATEWAY_PORT:-8642}" -GATEWAY_URL="http://${GATEWAY_HOST}:${GATEWAY_PORT}" - -HEALTH_ENDPOINT="${HEALTH_ENDPOINT:-/health}" -MAX_RETRIES="${HEALTH_MAX_RETRIES:-60}" -RETRY_INTERVAL="${HEALTH_RETRY_INTERVAL:-2}" - -WORKSPACE_DIR="${WORKSPACE_DIR:-/workspace}" -WORKSPACE_ENTRY="${WORKSPACE_ENTRY:-server-entry.js}" - -PID_FILE="${PID_FILE:-/tmp/workspace.pid}" - -# ── Logging ──────────────────────────────────────────────────── -log_info() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*"; } -log_warn() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [WARN] $*"; } -log_error() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*"; } - -# ── Graceful Shutdown ────────────────────────────────────────── -_workspace_pid="" -_shutting_down=false - -cleanup() { - if [ "$_shutting_down" = true ]; then - return - fi - _shutting_down=true - - log_info "Shutdown signal received, cleaning up..." - - # Stop workspace process if running - if [ -n "$_workspace_pid" ] && kill -0 "$_workspace_pid" 2>/dev/null; then - log_info "Stopping workspace (PID: $_workspace_pid)..." - kill -TERM "$_workspace_pid" 2>/dev/null || true - - # Give it time to shut down gracefully - local wait_sec=10 - while kill -0 "$_workspace_pid" 2>/dev/null && [ "$wait_sec" -gt 0 ]; do - sleep 1 - wait_sec=$((wait_sec - 1)) - done - - # Force kill if still running - if kill -0 "$_workspace_pid" 2>/dev/null; then - log_warn "Workspace did not shut down gracefully, force killing..." - kill -KILL "$_workspace_pid" 2>/dev/null || true - fi - fi - - # Clean up PID file - [ -f "$PID_FILE" ] && rm -f "$PID_FILE" - - log_info "Shutdown complete." - exit 0 -} - -# Trap termination signals for graceful shutdown -trap cleanup SIGTERM SIGINT - -# ── Gateway Health Check ─────────────────────────────────────── -wait_for_gateway() { - local url="${GATEWAY_URL}${HEALTH_ENDPOINT}" - local retries="$MAX_RETRIES" - local interval="$RETRY_INTERVAL" - local attempt=0 - - log_info "Waiting for Hermes gateway at ${GATEWAY_URL}..." - log_info "Max retries: ${retries}, interval: ${interval}s" - - while [ "$attempt" -lt "$retries" ]; do - attempt=$((attempt + 1)) - - if curl -fsS "${url}" >/dev/null 2>&1; then - log_info "Gateway is healthy after ${attempt} attempt(s) (${GATEWAY_URL})" - return 0 - fi - - if [ "$attempt" -lt "$retries" ]; then - log_info "Gateway not ready yet (attempt ${attempt}/${retries}), retrying in ${interval}s..." - sleep "$interval" - fi - done - - log_error "Gateway did not become healthy after ${retries} attempts (${retries * interval}s)" - return 1 -} - -# ── Workspace Startup ────────────────────────────────────────── -start_workspace() { - local entry="${WORKSPACE_DIR}/${WORKSPACE_ENTRY}" - - if [ ! -d "$WORKSPACE_DIR" ]; then - log_error "Workspace directory not found: ${WORKSPACE_DIR}" - return 1 - fi - - if [ ! -f "$entry" ]; then - log_error "Workspace entry point not found: ${entry}" - return 1 - fi - - log_info "Starting Hermes Workspace web UI..." - log_info " Directory: ${WORKSPACE_DIR}" - log_info " Entry: ${entry}" - - cd "$WORKSPACE_DIR" - - # Start workspace in background so we can trap signals - exec node --max-old-space-size=2048 "${entry}" & - _workspace_pid=$! - echo "$_workspace_pid" > "$PID_FILE" - - log_info "Workspace started (PID: ${_workspace_pid})" - - # Wait for workspace process - wait "$_workspace_pid" - local exit_code=$? - - log_info "Workspace exited with code ${exit_code}" - return "$exit_code" -} - -# ── Main ─────────────────────────────────────────────────────── -main() { - log_info "=== Hermes Workspace Combined Entrypoint ===" - log_info "Gateway: ${GATEWAY_URL}" - log_info "Workspace: ${WORKSPACE_DIR}/${WORKSPACE_ENTRY}" - log_info "PID file: ${PID_FILE}" - - # Wait for gateway to be healthy - if ! wait_for_gateway; then - log_warn "Proceeding without confirmed gateway health..." - fi - - # Start the workspace - start_workspace - local exit_code=$? - - log_info "Entrypoint exiting with code ${exit_code}" - return "$exit_code" -} - -# Run main; exit with its return code -main "$@" diff --git a/replace_compose.py b/replace_compose.py deleted file mode 100644 index 4ecd7f3..0000000 --- a/replace_compose.py +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env python3 -"""Copy the updated txt file over the original yml file.""" -import shutil -import os - -src = "/opt/data/projects/gortium/compose/ai/compose_updated.txt" -dst = "/opt/data/projects/gortium/compose/ai/compose.yml" - -# Check src exists -print(f"Source exists: {os.path.exists(src)}") -print(f"Source size: {os.path.getsize(src)} bytes") -print(f"Destination exists: {os.path.exists(dst)}") - -# Copy -shutil.copy2(src, dst) -print(f"Copied {src} -> {dst}") -print(f"Destination size: {os.path.getsize(dst)} bytes") -- 2.49.1 From b185d43d6759c20e6f00e6325cee34e093c4ea77 Mon Sep 17 00:00:00 2001 From: Hermes Date: Thu, 28 May 2026 17:15:36 -0400 Subject: [PATCH 41/41] switch-openconcho-to-fork --- ai/honcho/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index a0c804a..9407eea 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -30,8 +30,8 @@ RUN corepack enable && corepack prepare pnpm@latest --activate WORKDIR /app RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* -ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665 -RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \ +ARG OPENCONCHO_SHA=3b5c3293fc18d768dbe85285264a8d66c896bd81 +RUN --mount=type=ssh git clone --depth 1 ssh://git@code.lazyworkhorse.net:2222/gortium/openconcho.git /app && \ git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \ git -C /app checkout ${OPENCONCHO_SHA} -- 2.49.1