#!/bin/bash
# Startup permission fix for the Hermes data volume.
# Runs as root before the entrypoint drops to the hermes user.
# Fixes files that were created by root (host agent, cron jobs, etc.)
# becoming inaccessible to the hermes runtime user.
set -e

HERMES_HOME="${HERMES_HOME:-/opt/data}"

# Fix ownership on critical writable directories so hermes user can access them
chown -R hermes:hermes \
  "$HERMES_HOME/sessions" \
  "$HERMES_HOME/checkpoints" \
  "$HERMES_HOME/skills" \
  "$HERMES_HOME/memories" \
  "$HERMES_HOME/workspace" \
  "$HERMES_HOME/pastes" \
  "$HERMES_HOME/logs" \
  "$HERMES_HOME/cron" \
  "$HERMES_HOME/plans" \
  "$HERMES_HOME/hooks" \
  "$HERMES_HOME/cache" \
  2>/dev/null || true

# Also fix the data volume root if it's wrong
if [ "$(stat -c %u "$HERMES_HOME" 2>/dev/null)" != "$(id -u hermes)" ]; then
  chown hermes:hermes "$HERMES_HOME" 2>/dev/null || true
fi

# Now chain to the real entrypoint
exec /opt/hermes/docker/entrypoint.sh "$@"