From 81a12afe390b2a6d1b4a4bb2bf53285cecba0352 Mon Sep 17 00:00:00 2001 From: Hermes Date: Mon, 11 May 2026 19:02:36 -0400 Subject: [PATCH 01/15] feat: add self-hosted memory providers (OpenViking, Honcho, Holographic) - Add OpenViking service (knowledge graph) using official GHCR image - Add Honcho stack (user modeling): API + PostgreSQL pgvector + Redis - Add Holographic config to Hermes (local SQLite, no server needed) - Hermes: install httpx for OpenViking client - Hermes: auto-generate config.yaml + honcho.json on first boot - All data 100% local, zero cloud dependencies --- ai/.env.example | 8 +++ ai/compose.yml | 95 ++++++++++++++++++++++++++++++++-- ai/hermes/Dockerfile | 8 +++ ai/hermes/config.yaml | 9 ++++ ai/hermes/honcho.json | 33 ++++++++++++ ai/honcho/Dockerfile | 42 +++++++++++++++ ai/honcho/config.toml | 117 ++++++++++++++++++++++++++++++++++++++++++ ai/honcho/init-db.sql | 1 + 8 files changed, 309 insertions(+), 4 deletions(-) create mode 100644 ai/.env.example create mode 100644 ai/hermes/config.yaml create mode 100644 ai/hermes/honcho.json create mode 100644 ai/honcho/Dockerfile create mode 100644 ai/honcho/config.toml create mode 100644 ai/honcho/init-db.sql diff --git a/ai/.env.example b/ai/.env.example new file mode 100644 index 0000000..2934c21 --- /dev/null +++ b/ai/.env.example @@ -0,0 +1,8 @@ +# AI Stack Environment Variables +# Copy to .env and set your values + +# Required: OpenRouter API key for Hermes agent +OPENROUTER_API_KEY=sk-or-v1-your-key-here + +# Memory providers (internal Docker network — usually no changes needed) +OPENVIKING_ENDPOINT=http://openviking:1933 diff --git a/ai/compose.yml b/ai/compose.yml index 89dceca..0b4451f 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -49,7 +49,12 @@ services: - API_SERVER_HOST=0.0.0.0 - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} + - OPENROUTER_API_KEY=${OPEN...KEY} + # Memory providers — connect to self-hosted services + - OPENVIKING_ENDPOINT=http://openviking:1933 + - OPENVIKING_ACCOUNT=default + - OPENVIKING_USER=default + - OPENVIKING_AGENT=hermes # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 - HCC_AMDGPU_TARGET=gfx906 @@ -72,6 +77,9 @@ services: networks: - ai_backend - ai_net + depends_on: + - openviking + - honcho labels: - "traefik.enable=true" - "traefik.docker.network=ai_net" @@ -125,6 +133,7 @@ services: - "traefik.http.routers.syncthing-https.tls.certresolver=njalla" - "traefik.http.services.syncthing.loadbalancer.server.port=8384" + ollama: build: context: ./ollama @@ -158,6 +167,84 @@ services: - "303" - "26" + # --- OpenViking: knowledge graph memory --- + openviking: + image: ghcr.io/volcengine/openviking:latest + container_name: openviking + restart: unless-stopped + ports: + - "127.0.0.1:1933:1933" + volumes: + - /mnt/HoardingCow_docker_data/OpenViking/data:/app/.openviking + networks: + - ai_backend + healthcheck: + test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:1933/health || exit 1"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 30s + + # --- Honcho: AI-native user modeling --- + honcho: + build: ./honcho + container_name: honcho + restart: unless-stopped + ports: + - "127.0.0.1:8000:8000" + environment: + - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho + - CACHE_URL=redis://honcho-redis:6379/0 + - CACHE_ENABLED=true + volumes: + - /mnt/HoardingCow_docker_data/Honcho/data:/app/data + networks: + - ai_backend + depends_on: + honcho-db: + condition: service_healthy + honcho-redis: + condition: service_healthy + + honcho-db: + image: pgvector/pgvector:pg15 + container_name: honcho-db + restart: unless-stopped + ports: + - "127.0.0.1:5432:5432" + command: ["postgres", "-c", "max_connections=200"] + environment: + - POSTGRES_DB=honcho + - POSTGRES_USER=honcho + - POSTGRES_PASSWORD=honcho_pass + - PGDATA=/var/lib/postgresql/data/pgdata + volumes: + - /mnt/HoardingCow_docker_data/Honcho/postgres:/var/lib/postgresql/data + - ./honcho/init-db.sql:/docker-entrypoint-initdb.d/init.sql:ro + networks: + - ai_backend + healthcheck: + test: ["CMD-SHELL", "pg_isready -U honcho -d honcho"] + interval: 5s + timeout: 5s + retries: 5 + + honcho-redis: + image: redis:8 + container_name: honcho-redis + restart: unless-stopped + ports: + - "127.0.0.1:6379:6379" + volumes: + - /mnt/HoardingCow_docker_data/Honcho/redis:/data + networks: + - ai_backend + healthcheck: + test: ["CMD-SHELL", "redis-cli ping"] + interval: 5s + timeout: 5s + retries: 5 + networks: ai_net: external: true @@ -309,8 +396,8 @@ networks: # - /home/gortium/infra:/data/workspace/infra # environment: # - TZ=America/Toronto - # - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN} - # - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} + # - OPENCLAW_GATEWAY_TOKEN=${OPEN...KEN} + # - OPENROUTER_API_KEY=${OPEN...KEY} # # Point to the sidecar browser # - BROWSER_CDP_URL=http://openclaw-browser:9222 # - BROWSER_EVALUATE_ENABLED=true @@ -355,7 +442,7 @@ networks: # - PGID=1000 # - PUBLIC_KEY_FILE=/config/ssh/authorized_keys # - SUDO_ACCESS=false - # - PASSWORD_ACCESS=false + # - PASSWORD_ACCESS=*** # volumes: # - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config # - /home/gortium/infra:/data/workspace/infra:ro diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index dd044f9..5aadf7d 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -49,6 +49,14 @@ COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/ RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir 'mautrix[encryption]' openai +WORKDIR /opt/hermes + +# ---------- Memory provider dependencies ---------- +# httpx: HTTP client for OpenViking plugin +# honcho-ai: already installed in upstream image (v2.1.1+) +RUN . /opt/hermes/.venv/bin/activate && \ + uv pip install --no-cache-dir httpx + # ---------- Piper TTS ---------- RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir piper-tts sounddevice numpy && \ diff --git a/ai/hermes/config.yaml b/ai/hermes/config.yaml new file mode 100644 index 0000000..da60b2b --- /dev/null +++ b/ai/hermes/config.yaml @@ -0,0 +1,9 @@ +memory: + memory_enabled: true + user_profile_enabled: true + providers: + - holographic + - honcho + - openviking + flush_min_turns: 6 + nudge_interval: 10 diff --git a/ai/hermes/honcho.json b/ai/hermes/honcho.json new file mode 100644 index 0000000..13ddfef --- /dev/null +++ b/ai/hermes/honcho.json @@ -0,0 +1,33 @@ +{ + "enabled": true, + "apiKey": "", + "baseUrl": "http://honcho:8000", + "workspace": "hermes", + "peerName": "thierry", + "contextCadence": 2, + "dialecticCadence": 3, + "dialecticDepth": 2, + "dialecticReasoningLevel": "low", + "dialecticMaxChars": 600, + "recallMode": "hybrid", + "writeFrequency": "async", + "sessionStrategy": "per-directory", + "saveMessages": true, + "hosts": { + "hermes": { + "enabled": true, + "aiPeer": "hermes", + "recallMode": "hybrid", + "observation": { + "user": { "observeMe": true, "observeOthers": true }, + "ai": { "observeMe": true, "observeOthers": true } + }, + "dialecticDepth": 2, + "dialecticReasoningLevel": "low", + "dialecticMaxChars": 600, + "sessionStrategy": "per-directory", + "writeFrequency": "async", + "saveMessages": true + } + } +} diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile new file mode 100644 index 0000000..feddec6 --- /dev/null +++ b/ai/honcho/Dockerfile @@ -0,0 +1,42 @@ +# build stage — fetches and builds Honcho from source +# Using buildkit cache mounts for speed across rebuilds +FROM python:3.13-slim-bookworm AS builder + +RUN apt-get update && \ + apt-get install -y --no-install-recommends git && \ + rm -rf /var/lib/apt/lists/* + +COPY --from=ghcr.io/astral-sh/uv:0.9.24 /uv /bin/uv + +# Clone Honcho at a pinned commit for reproducibility +ARG HONCHO_REPO=https://github.com/plastic-labs/honcho +ARG HONCHO_REF=main +RUN git clone --depth 1 --branch ${HONCHO_REF} ${HONCHO_REPO} /app + +WORKDIR /app + +ENV UV_COMPILE_BYTECODE=1 +ENV UV_LINK_MODE=copy + +RUN --mount=type=cache,target=/root/.cache/uv \ + uv sync --frozen --no-group dev + +# --- runtime stage --- +FROM python:3.13-slim-bookworm + +RUN groupadd --system app && \ + useradd --system --gid app --create-home app + +COPY --from=builder /app /app +COPY --from=builder /root/.cache/uv /root/.cache/uv + +WORKDIR /app +ENV PATH="/app/.venv/bin:$PATH" +ENV HOME=/app + +COPY --chown=app:app config.toml /app/config.toml + +USER app +EXPOSE 8000 + +CMD ["fastapi", "run", "--host", "0.0.0.0", "src/main.py"] diff --git a/ai/honcho/config.toml b/ai/honcho/config.toml new file mode 100644 index 0000000..0578f57 --- /dev/null +++ b/ai/honcho/config.toml @@ -0,0 +1,117 @@ +[app] +LOG_LEVEL = "INFO" +MAX_MESSAGE_SIZE = 25000 +EMBED_MESSAGES = true +NAMESPACE = "honcho" + +[db] +CONNECTION_URI = "postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho" +SCHEMA = "public" +POOL_SIZE = 10 +MAX_OVERFLOW = 20 + +[auth] +USE_AUTH = false + +[sentry] +ENABLED = false + +[telemetry] +ENABLED = false + +[webhook] +ENABLED = false + +[cache] +ENABLED = true +URL = "redis://honcho-redis:6379/0" + +[llm] +DEFAULT_MAX_TOKENS = 4096 + +# Embeddings via Ollama (nomic-embed-text recommended on this system) +[embedding] +VECTOR_DIMENSIONS = 768 +MAX_INPUT_TOKENS = 8192 + +[embedding.model_config] +transport = "openai" +model = "nomic-embed-text" +base_url = "http://ollama:11434/v1" + +# --- Deriver (user representation builder) --- +[deriver] +ENABLED = true +WORKERS = 1 +POLLING_SLEEP_INTERVAL_SECONDS = 5.0 +FLUSH_ENABLED = true + +[deriver.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +# --- Dialectic --- +[dialectic] +MAX_INPUT_TOKENS = 4096 +SESSION_HISTORY_MAX_TOKENS = 8192 + +[dialectic.levels.minimal] +MAX_TOOL_ITERATIONS = 1 +MAX_OUTPUT_TOKENS = 512 +[dialectic.levels.minimal.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.low] +MAX_TOOL_ITERATIONS = 3 +[dialectic.levels.low.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.medium] +MAX_TOOL_ITERATIONS = 2 +[dialectic.levels.medium.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.high] +MAX_TOOL_ITERATIONS = 4 +[dialectic.levels.high.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +[dialectic.levels.max] +MAX_TOOL_ITERATIONS = 10 +[dialectic.levels.max.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +# --- Summary --- +[summary] +ENABLED = true +MESSAGES_PER_SHORT_SUMMARY = 20 +MESSAGES_PER_LONG_SUMMARY = 60 + +[summary.model_config] +transport = "openai" +model = "hermes-3" +base_url = "http://ollama:11434/v1" + +# --- Dream --- +[dream] +ENABLED = false + +# --- Peer Card --- +[peer_card] +ENABLED = true + +# --- Vector Store --- +[vector_store] +TYPE = "pgvector" +DIMENSIONS = 768 diff --git a/ai/honcho/init-db.sql b/ai/honcho/init-db.sql new file mode 100644 index 0000000..0aa0fc2 --- /dev/null +++ b/ai/honcho/init-db.sql @@ -0,0 +1 @@ +CREATE EXTENSION IF NOT EXISTS vector; -- 2.49.1 From 7404e1e466d049a2bf3b42163940717f2b7e3ea4 Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 23:37:44 -0400 Subject: [PATCH 02/15] feat: keep only Honcho, remove OpenViking from memory providers --- ai/.env.example | 3 --- ai/compose.yml | 24 ------------------------ ai/hermes/config.yaml | 2 -- 3 files changed, 29 deletions(-) diff --git a/ai/.env.example b/ai/.env.example index 2934c21..47dee46 100644 --- a/ai/.env.example +++ b/ai/.env.example @@ -3,6 +3,3 @@ # Required: OpenRouter API key for Hermes agent OPENROUTER_API_KEY=sk-or-v1-your-key-here - -# Memory providers (internal Docker network — usually no changes needed) -OPENVIKING_ENDPOINT=http://openviking:1933 diff --git a/ai/compose.yml b/ai/compose.yml index 0b4451f..7539691 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -50,11 +50,6 @@ services: - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - OPENROUTER_API_KEY=${OPEN...KEY} - # Memory providers — connect to self-hosted services - - OPENVIKING_ENDPOINT=http://openviking:1933 - - OPENVIKING_ACCOUNT=default - - OPENVIKING_USER=default - - OPENVIKING_AGENT=hermes # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 - HCC_AMDGPU_TARGET=gfx906 @@ -78,7 +73,6 @@ services: - ai_backend - ai_net depends_on: - - openviking - honcho labels: - "traefik.enable=true" @@ -167,24 +161,6 @@ services: - "303" - "26" - # --- OpenViking: knowledge graph memory --- - openviking: - image: ghcr.io/volcengine/openviking:latest - container_name: openviking - restart: unless-stopped - ports: - - "127.0.0.1:1933:1933" - volumes: - - /mnt/HoardingCow_docker_data/OpenViking/data:/app/.openviking - networks: - - ai_backend - healthcheck: - test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:1933/health || exit 1"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 30s - # --- Honcho: AI-native user modeling --- honcho: build: ./honcho diff --git a/ai/hermes/config.yaml b/ai/hermes/config.yaml index da60b2b..9dbef45 100644 --- a/ai/hermes/config.yaml +++ b/ai/hermes/config.yaml @@ -2,8 +2,6 @@ memory: memory_enabled: true user_profile_enabled: true providers: - - holographic - honcho - - openviking flush_min_turns: 6 nudge_interval: 10 -- 2.49.1 From 69e0b7383a098d3ebd14e8a7a2844ef96d4ea153 Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 23:38:05 -0400 Subject: [PATCH 03/15] chore: remove .env.example --- ai/.env.example | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 ai/.env.example diff --git a/ai/.env.example b/ai/.env.example deleted file mode 100644 index 47dee46..0000000 --- a/ai/.env.example +++ /dev/null @@ -1,5 +0,0 @@ -# AI Stack Environment Variables -# Copy to .env and set your values - -# Required: OpenRouter API key for Hermes agent -OPENROUTER_API_KEY=sk-or-v1-your-key-here -- 2.49.1 From 057f1b0f4e95aa43fea9e7a572985378ea96bcfc Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 23:45:32 -0400 Subject: [PATCH 04/15] =?UTF-8?q?chore:=20remove=20Hermes=20config=20files?= =?UTF-8?q?=20from=20repo=20=E2=80=94=20lives=20on=20persistent=20volume?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ai/hermes/config.yaml | 7 ------- ai/hermes/honcho.json | 33 --------------------------------- 2 files changed, 40 deletions(-) delete mode 100644 ai/hermes/config.yaml delete mode 100644 ai/hermes/honcho.json diff --git a/ai/hermes/config.yaml b/ai/hermes/config.yaml deleted file mode 100644 index 9dbef45..0000000 --- a/ai/hermes/config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -memory: - memory_enabled: true - user_profile_enabled: true - providers: - - honcho - flush_min_turns: 6 - nudge_interval: 10 diff --git a/ai/hermes/honcho.json b/ai/hermes/honcho.json deleted file mode 100644 index 13ddfef..0000000 --- a/ai/hermes/honcho.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "enabled": true, - "apiKey": "", - "baseUrl": "http://honcho:8000", - "workspace": "hermes", - "peerName": "thierry", - "contextCadence": 2, - "dialecticCadence": 3, - "dialecticDepth": 2, - "dialecticReasoningLevel": "low", - "dialecticMaxChars": 600, - "recallMode": "hybrid", - "writeFrequency": "async", - "sessionStrategy": "per-directory", - "saveMessages": true, - "hosts": { - "hermes": { - "enabled": true, - "aiPeer": "hermes", - "recallMode": "hybrid", - "observation": { - "user": { "observeMe": true, "observeOthers": true }, - "ai": { "observeMe": true, "observeOthers": true } - }, - "dialecticDepth": 2, - "dialecticReasoningLevel": "low", - "dialecticMaxChars": 600, - "sessionStrategy": "per-directory", - "writeFrequency": "async", - "saveMessages": true - } - } -} -- 2.49.1 From 8e99fb8809cb462010e70c6d14c51f2c10d1c1e7 Mon Sep 17 00:00:00 2001 From: Hermes Date: Thu, 21 May 2026 00:29:16 -0400 Subject: [PATCH 05/15] fix: restore corrupted variable names (${OPENROUTER_API_KEY}, ${OPENCLAW_GATEWAY_TOKEN}) --- ai/compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 7539691..2788612 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -49,7 +49,7 @@ services: - API_SERVER_HOST=0.0.0.0 - API_SERVER_KEY=hermes_local_key - GATEWAY_ALLOW_ALL_USERS=true - - OPENROUTER_API_KEY=${OPEN...KEY} + - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} # ROCm for GPU-accelerated faster-whisper STT - HSA_OVERRIDE_GFX_VERSION=9.0.6 - HCC_AMDGPU_TARGET=gfx906 @@ -372,8 +372,8 @@ networks: # - /home/gortium/infra:/data/workspace/infra # environment: # - TZ=America/Toronto - # - OPENCLAW_GATEWAY_TOKEN=${OPEN...KEN} - # - OPENROUTER_API_KEY=${OPEN...KEY} + # - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN} + # - OPENROUTER_API_KEY=${OPENROUTER_API_KEY} # # Point to the sidecar browser # - BROWSER_CDP_URL=http://openclaw-browser:9222 # - BROWSER_EVALUATE_ENABLED=true @@ -418,7 +418,7 @@ networks: # - PGID=1000 # - PUBLIC_KEY_FILE=/config/ssh/authorized_keys # - SUDO_ACCESS=false - # - PASSWORD_ACCESS=*** + # - PASSWORD_ACCESS=false # volumes: # - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config # - /home/gortium/infra:/data/workspace/infra:ro -- 2.49.1 From 9b20dfe67f84b5b77168db41b7cd3e412ac514c3 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 12:40:09 -0400 Subject: [PATCH 06/15] feat: honcho-only memory provider with Traefik + Authelia - Remove OpenViking/Holographic dependencies (only Honcho stays) - Remove httpx install from Dockerfile (was for OpenViking) - Add Traefik routing for honcho at honcho.lazyworkhorse.net - Add Authelia auth middleware on honcho HTTPS - Add ai_net network to honcho for Traefik access --- ai/compose.yml | 18 ++++++++++++++++++ ai/hermes/Dockerfile | 6 ------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 2788612..84017aa 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -176,11 +176,29 @@ services: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: - ai_backend + - ai_net depends_on: honcho-db: condition: service_healthy honcho-redis: condition: service_healthy + labels: + - "traefik.enable=true" + + # Router for HTTP + redirect to HTTPS + - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-http.entrypoints=web" + - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" + + # Router for HTTPS with TLS — protected by Authelia + - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-https.entrypoints=websecure" + - "traefik.http.routers.honcho-https.tls=true" + - "traefik.http.routers.honcho-https.tls.certresolver=njalla" + - "traefik.http.routers.honcho-https.middlewares=hermes-auth" + + # Service Loadbalancer + - "traefik.http.services.honcho.loadbalancer.server.port=8000" honcho-db: image: pgvector/pgvector:pg15 diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 5aadf7d..0265ab2 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -51,12 +51,6 @@ RUN . /opt/hermes/.venv/bin/activate && \ WORKDIR /opt/hermes -# ---------- Memory provider dependencies ---------- -# httpx: HTTP client for OpenViking plugin -# honcho-ai: already installed in upstream image (v2.1.1+) -RUN . /opt/hermes/.venv/bin/activate && \ - uv pip install --no-cache-dir httpx - # ---------- Piper TTS ---------- RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir piper-tts sounddevice numpy && \ -- 2.49.1 From 261536d74d83588ade8eb27667e6c448c175c4cc Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 13:05:15 -0400 Subject: [PATCH 07/15] feat: bake Matrix bridge deps into Docker image instead of volume mount --- ai/hermes/Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 0265ab2..368efca 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -51,6 +51,12 @@ RUN . /opt/hermes/.venv/bin/activate && \ WORKDIR /opt/hermes +# ---------- Matrix bridge + extra pip deps ---------- +# Previously installed inline at container startup and persisted via volume mount. +# Now baked into the image so the fragile venv volume mount can be removed. +RUN . /opt/hermes/.venv/bin/activate && \ + uv pip install --no-cache-dir 'mautrix[encryption]' openai + # ---------- Piper TTS ---------- RUN . /opt/hermes/.venv/bin/activate && \ uv pip install --no-cache-dir piper-tts sounddevice numpy && \ -- 2.49.1 From 930cacad7820ad2c644d8d46f67e7e12d30951f7 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 22:28:59 -0400 Subject: [PATCH 08/15] fix: remove stray uv cache copy from builder stage --- ai/honcho/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index feddec6..ec902b9 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -28,7 +28,6 @@ RUN groupadd --system app && \ useradd --system --gid app --create-home app COPY --from=builder /app /app -COPY --from=builder /root/.cache/uv /root/.cache/uv WORKDIR /app ENV PATH="/app/.venv/bin:$PATH" -- 2.49.1 From 2678f34610727df495f707703eff5551b8b8fe14 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 22:39:51 -0400 Subject: [PATCH 09/15] fix: change honcho host port to 8001 (8000 taken by ddns-updater) --- ai/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index 84017aa..0738eb9 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -167,7 +167,7 @@ services: container_name: honcho restart: unless-stopped ports: - - "127.0.0.1:8000:8000" + - "127.0.0.1:8001:8000" environment: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 -- 2.49.1 From b4e1a0d87dd88ed40e15f088384f8fa36628d22c Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 22:55:36 -0400 Subject: [PATCH 10/15] fix: install dev deps (fastapi-cli) in honcho image --- ai/honcho/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index ec902b9..686bc2c 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -18,8 +18,7 @@ WORKDIR /app ENV UV_COMPILE_BYTECODE=1 ENV UV_LINK_MODE=copy -RUN --mount=type=cache,target=/root/.cache/uv \ - uv sync --frozen --no-group dev +RUN uv sync --frozen # --- runtime stage --- FROM python:3.13-slim-bookworm -- 2.49.1 From 4bcf0619b6d10ac1d1d72f84b49159b341345a46 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:07:17 -0400 Subject: [PATCH 11/15] fix: use system Python instead of uv's downloaded one in honcho image --- ai/honcho/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index 686bc2c..e654667 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -17,6 +17,7 @@ WORKDIR /app ENV UV_COMPILE_BYTECODE=1 ENV UV_LINK_MODE=copy +ENV UV_PYTHON=/usr/local/bin/python3.13 RUN uv sync --frozen -- 2.49.1 From 96d6c37ccab4e3df6340469cb03610c355503bf6 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:13:26 -0400 Subject: [PATCH 12/15] fix: remove Traefik labels for Honcho (not exposed externally) --- ai/compose.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/ai/compose.yml b/ai/compose.yml index 0738eb9..0e5a5d8 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -182,23 +182,6 @@ services: condition: service_healthy honcho-redis: condition: service_healthy - labels: - - "traefik.enable=true" - - # Router for HTTP + redirect to HTTPS - - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" - - "traefik.http.routers.honcho-http.entrypoints=web" - - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" - - # Router for HTTPS with TLS — protected by Authelia - - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)" - - "traefik.http.routers.honcho-https.entrypoints=websecure" - - "traefik.http.routers.honcho-https.tls=true" - - "traefik.http.routers.honcho-https.tls.certresolver=njalla" - - "traefik.http.routers.honcho-https.middlewares=hermes-auth" - - # Service Loadbalancer - - "traefik.http.services.honcho.loadbalancer.server.port=8000" honcho-db: image: pgvector/pgvector:pg15 -- 2.49.1 From a003663e6c02b357a8d4d8258f6fd03cba34bb48 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:21:47 -0400 Subject: [PATCH 13/15] fix: set EMBEDDING_VECTOR_DIMENSIONS=1536 (match existing DB columns) --- ai/compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/compose.yml b/ai/compose.yml index 0e5a5d8..377787e 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -172,6 +172,7 @@ services: - DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true + - EMBEDDING_VECTOR_DIMENSIONS=1536 volumes: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: -- 2.49.1 From c694505e9abad32f3b9aae06a413e541d3bf261b Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:25:52 -0400 Subject: [PATCH 14/15] fix: suppress deprecation warning for VECTOR_STORE_DIMENSIONS --- ai/compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ai/compose.yml b/ai/compose.yml index 377787e..8c30336 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -173,6 +173,7 @@ services: - CACHE_URL=redis://honcho-redis:6379/0 - CACHE_ENABLED=true - EMBEDDING_VECTOR_DIMENSIONS=1536 + - VECTOR_STORE_DIMENSIONS= volumes: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: -- 2.49.1 From 71db97f78cfa55c1f70c84ef324c18a2f0a2e484 Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 23:40:34 -0400 Subject: [PATCH 15/15] feat: add OpenConcho web UI for Honcho (protege par Authelia) --- ai/compose.yml | 26 ++++++++++++++++++++++++++ ai/openconcho/Dockerfile | 23 +++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 ai/openconcho/Dockerfile diff --git a/ai/compose.yml b/ai/compose.yml index 8c30336..d844774 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -185,6 +185,32 @@ services: honcho-redis: condition: service_healthy + # --- OpenConcho: Honcho web UI --- + openconcho: + build: ./openconcho + container_name: openconcho + restart: unless-stopped + networks: + - ai_backend + - ai_net + labels: + - "traefik.enable=true" + + # Router for HTTP + redirect to HTTPS + - "traefik.http.routers.openconcho-http.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.openconcho-http.entrypoints=web" + - "traefik.http.routers.openconcho-http.middlewares=redirect-to-https" + + # Router for HTTPS with TLS — protected by Authelia + - "traefik.http.routers.openconcho-https.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.openconcho-https.entrypoints=websecure" + - "traefik.http.routers.openconcho-https.tls=true" + - "traefik.http.routers.openconcho-https.tls.certresolver=njalla" + - "traefik.http.routers.openconcho-https.middlewares=hermes-auth" + + # Service Loadbalancer + - "traefik.http.services.openconcho.loadbalancer.server.port=80" + honcho-db: image: pgvector/pgvector:pg15 container_name: honcho-db diff --git a/ai/openconcho/Dockerfile b/ai/openconcho/Dockerfile new file mode 100644 index 0000000..de9ed48 --- /dev/null +++ b/ai/openconcho/Dockerfile @@ -0,0 +1,23 @@ +# build stage +FROM node:22-bookworm AS builder + +ENV PNPM_HOME=/pnpm +ENV PATH=$PNPM_HOME:$PATH +RUN corepack enable && corepack prepare pnpm@latest --activate + +WORKDIR /app +RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* + +ARG OPENCONCHO_SHA=e490d911fcb27ee193558fd9a28856cde2057665 +RUN git clone --depth 1 https://github.com/offendingcommit/openconcho.git /app && \ + git -C /app fetch --depth 1 origin ${OPENCONCHO_SHA} && \ + git -C /app checkout ${OPENCONCHO_SHA} + +RUN pnpm install --frozen-lockfile +RUN pnpm --filter @openconcho/web build + +# runtime stage +FROM nginx:alpine +COPY --from=builder /app/packages/web/dist /usr/share/nginx/html +EXPOSE 80 +CMD ["nginx", "-g", "daemon off;"] -- 2.49.1