#!/bin/bash
# Startup permission fix for the Hermes data volume.
# Runs as root before the entrypoint drops to the hermes user.
# Fixes files that were created by root (host agent, cron jobs, etc.)
# becoming inaccessible to the hermes runtime user.
set -e

HERMES_HOME="${HERMES_HOME:-/opt/data}"

# Fix ownership on critical writable directories so hermes user can access them
chown -R hermes:hermes \
  "$HERMES_HOME/sessions" \
  "$HERMES_HOME/checkpoints" \
  "$HERMES_HOME/skills" \
  "$HERMES_HOME/memories" \
  "$HERMES_HOME/workspace" \
  "$HERMES_HOME/pastes" \
  "$HERMES_HOME/logs" \
  "$HERMES_HOME/cron" \
  "$HERMES_HOME/plans" \
  "$HERMES_HOME/hooks" \
  "$HERMES_HOME/cache" \
  2>/dev/null || true

# Also fix the data volume root if it's wrong
if [ "$(stat -c %u "$HERMES_HOME" 2>/dev/null)" != "$(id -u hermes)" ]; then
  chown hermes:hermes "$HERMES_HOME" 2>/dev/null || true
fi

# ---------- Patch tts_tool.py: replace Edge TTS with Piper ----------
# Runs at startup so the patch is applied even if the Python package is
# updated (e.g. via pip upgrade on the volume).  Idempotent -- if the
# patch is already applied the script does nothing.
PATCH_SCRIPT="/opt/hermes/patch_tts_tool.py"
if [ -f "$PATCH_SCRIPT" ]; then
  echo "Applying TTS patch (Piper only, no Edge fallback)..."
  /opt/hermes/.venv/bin/python3 "$PATCH_SCRIPT" 2>&1 || true
fi

# Now chain to the real entrypoint
exec /opt/hermes/docker/entrypoint.sh "$@"