hermes-bsd/docker-compose.yml

#
# docker-compose.yml for Hermes Agent
#
# Usage:
#   HERMES_UID=$(id -u) HERMES_GID=$(id -g) docker compose up -d
#
# Set HERMES_UID / HERMES_GID to the host user that owns ~/.hermes so
# files created inside the container stay readable/writable on the host.
# The s6-overlay stage2 hook remaps the internal `hermes` user to these
# values via usermod/groupmod; each supervised service then drops to that
# user via `s6-setuidgid`.
#
# Security notes:
#   - The dashboard service binds to 127.0.0.1 by default. It stores API
#     keys; exposing it on LAN without auth is unsafe. If you want remote
#     access, use an SSH tunnel or put it behind a reverse proxy that
#     adds authentication — do NOT pass --insecure --host 0.0.0.0.
#   - If you override entrypoint, keep /opt/hermes/docker/entrypoint.sh in
#     the command chain. It drops root to the hermes user before gateway
#     files such as gateway.lock are created.
#   - The gateway's API server is off unless you uncomment API_SERVER_KEY
#     and API_SERVER_HOST. See docs/user-guide/api-server.md before doing
#     this on an internet-facing host.
#
services:
  gateway:
    build: .
    image: hermes-agent
    container_name: hermes
    restart: unless-stopped
    network_mode: host
    volumes:
      - ~/.hermes:/opt/data
    environment:
      - HERMES_UID=${HERMES_UID:-10000}
      - HERMES_GID=${HERMES_GID:-10000}
      # To expose the OpenAI-compatible API server beyond localhost,
      # uncomment BOTH lines (API_SERVER_KEY is mandatory for auth):
      # - API_SERVER_HOST=0.0.0.0
      # - API_SERVER_KEY=${API_SERVER_KEY}
      # Microsoft Teams — uncomment and fill in to enable Teams gateway.
      # Register your bot at https://dev.botframework.com/ to get these values.
      # - TEAMS_CLIENT_ID=${TEAMS_CLIENT_ID}
      # - TEAMS_CLIENT_SECRET=${TEAMS_CLIENT_SECRET}
      # - TEAMS_TENANT_ID=${TEAMS_TENANT_ID}
      # - TEAMS_ALLOWED_USERS=${TEAMS_ALLOWED_USERS}
      # - TEAMS_PORT=${TEAMS_PORT:-3978}
      # Google Chat — uncomment and fill in to enable the Google Chat gateway.
      # See website/docs/user-guide/messaging/google_chat.md for the full setup.
      # The SA JSON path must point to a file mounted into the container —
      # add a volume entry above (e.g. ``- ~/.hermes/google-chat-sa.json:/secrets/google-chat-sa.json:ro``)
      # then set GOOGLE_CHAT_SERVICE_ACCOUNT_JSON to that mount path.
      # - GOOGLE_CHAT_PROJECT_ID=${GOOGLE_CHAT_PROJECT_ID}
      # - GOOGLE_CHAT_SUBSCRIPTION_NAME=${GOOGLE_CHAT_SUBSCRIPTION_NAME}
      # - GOOGLE_CHAT_SERVICE_ACCOUNT_JSON=${GOOGLE_CHAT_SERVICE_ACCOUNT_JSON}
      # - GOOGLE_CHAT_ALLOWED_USERS=${GOOGLE_CHAT_ALLOWED_USERS}
    command: ["gateway", "run"]

  dashboard:
    image: hermes-agent
    container_name: hermes-dashboard
    restart: unless-stopped
    network_mode: host
    depends_on:
      - gateway
    volumes:
      - ~/.hermes:/opt/data
    environment:
      - HERMES_UID=${HERMES_UID:-10000}
      - HERMES_GID=${HERMES_GID:-10000}
    # Localhost-only. For remote access, tunnel via `ssh -L 9119:localhost:9119`.
    command: ["dashboard", "--host", "127.0.0.1", "--no-open"]
fix(docker): safer docker-compose defaults for UID and dashboard bind Follow-up to salvaged PR #13483: - Default HERMES_UID/HERMES_GID to 10000 (matches Dockerfile's useradd and the entrypoint's default) instead of 1001. Users should set these to their own id -u / id -g; document that in the header. - Dashboard service: bind to 127.0.0.1 without --insecure by default. The dashboard stores API keys; the original compose file exposed it on 0.0.0.0 with auth explicitly disabled, which the dashboard's own --insecure help text flags as DANGEROUS. - Add header comments explaining HERMES_UID usage, the dashboard security posture, and how to expose the API server safely. 2026-04-24 04:46:57 -07:00			`#`
			`# docker-compose.yml for Hermes Agent`
			`#`
			`# Usage:`
			`# HERMES_UID=$(id -u) HERMES_GID=$(id -g) docker compose up -d`
			`#`
			`# Set HERMES_UID / HERMES_GID to the host user that owns ~/.hermes so`
			`# files created inside the container stay readable/writable on the host.`
feat(docker): remove gosu from bundled image; s6-setuidgid handles privilege drop The s6-overlay migration replaced every runtime use of gosu with s6-setuidgid (in stage2-hook.sh, main-wrapper.sh, per-service run scripts, and cont-init.d hooks), but the gosu binary itself was still being copied into the image from tianon/gosu, and several comments across the repo still pointed to it. Image changes: - Drop the FROM tianon/gosu:1.19-trixie AS gosu_source stage - Drop the COPY --from=gosu_source /gosu /usr/local/bin/ layer - Net: one fewer base-image pull, ~12-15 MB layer eliminated Documentation/comment refresh (no behavior change): - Dockerfile: update root-user rationale comment + cont-init.d comment - docker/main-wrapper.sh: drop "pre-s6 contract (gosu drop)" reference - docker-compose.yml: update UID/GID remap comment - .hadolint.yaml: update DL3002 ignore rationale - website/docs/user-guide/docker.md: privilege-drop helper is s6-setuidgid now - hermes_cli/config.py: docker_run_as_host_user docstring tools/environments/docker.py runs arbitrary user images via the terminal backend, not the bundled Hermes image. It still needs SETUID/ SETGID caps so user images that use gosu/su/s6-setuidgid all work. Renamed the cap-list constant _GOSU_CAP_ARGS → _PRIVDROP_CAP_ARGS and updated comments to list s6-setuidgid alongside the others as examples. The matching test (test_security_args_include_setuid_setgid_for_gosu_drop → test_security_args_include_setuid_setgid_for_privdrop) was renamed and its docstring updated; behavior is unchanged. Verification: - hadolint clean against .hadolint.yaml - shellcheck clean against all docker/ shell scripts - Image rebuilt successfully (sha 1a090924ccea) - Docker harness: 19 passed in 41.87s (every Phase 0 test + Phase 4 per-profile-gateway lifecycle + container-restart reconciliation) - tests/tools/test_docker_environment.py: 23 passed (rename did not break test discovery; pre-existing unrelated mock warning) The plan document (docs/plans/2026-05-07-s6-overlay-dynamic-subagent-gateways.md) intentionally retains its historical references to gosu — it describes the pre-s6 entrypoint as background for understanding the migration. 2026-05-22 10:43:57 +10:00			# The s6-overlay stage2 hook remaps the internal `hermes` user to these
			`# values via usermod/groupmod; each supervised service then drops to that`
			# user via `s6-setuidgid`.
fix(docker): safer docker-compose defaults for UID and dashboard bind Follow-up to salvaged PR #13483: - Default HERMES_UID/HERMES_GID to 10000 (matches Dockerfile's useradd and the entrypoint's default) instead of 1001. Users should set these to their own id -u / id -g; document that in the header. - Dashboard service: bind to 127.0.0.1 without --insecure by default. The dashboard stores API keys; the original compose file exposed it on 0.0.0.0 with auth explicitly disabled, which the dashboard's own --insecure help text flags as DANGEROUS. - Add header comments explaining HERMES_UID usage, the dashboard security posture, and how to expose the API server safely. 2026-04-24 04:46:57 -07:00			`#`
			`# Security notes:`
			`# - The dashboard service binds to 127.0.0.1 by default. It stores API`
			`# keys; exposing it on LAN without auth is unsafe. If you want remote`
			`# access, use an SSH tunnel or put it behind a reverse proxy that`
			`# adds authentication — do NOT pass --insecure --host 0.0.0.0.`
fix(docker): refuse root gateway runs in official image 2026-05-03 20:56:08 +08:00			`# - If you override entrypoint, keep /opt/hermes/docker/entrypoint.sh in`
			`# the command chain. It drops root to the hermes user before gateway`
			`# files such as gateway.lock are created.`
fix(docker): safer docker-compose defaults for UID and dashboard bind Follow-up to salvaged PR #13483: - Default HERMES_UID/HERMES_GID to 10000 (matches Dockerfile's useradd and the entrypoint's default) instead of 1001. Users should set these to their own id -u / id -g; document that in the header. - Dashboard service: bind to 127.0.0.1 without --insecure by default. The dashboard stores API keys; the original compose file exposed it on 0.0.0.0 with auth explicitly disabled, which the dashboard's own --insecure help text flags as DANGEROUS. - Add header comments explaining HERMES_UID usage, the dashboard security posture, and how to expose the API server safely. 2026-04-24 04:46:57 -07:00			`# - The gateway's API server is off unless you uncomment API_SERVER_KEY`
			`# and API_SERVER_HOST. See docs/user-guide/api-server.md before doing`
			`# this on an internet-facing host.`
			`#`
fix(docker): fix HERMES_UID permission handling and add docker-compose.yml - Remove 'USER hermes' from Dockerfile so entrypoint runs as root and can usermod/groupmod before gosu drop. Add chmod -R a+rX /opt/hermes so any remapped UID can read the install directory. - Fix entrypoint chown logic: always chown -R when HERMES_UID is remapped from default 10000, not just when top-level dir ownership mismatches. - Add docker-compose.yml with gateway + dashboard services. - Add .hermes to .gitignore. 2026-04-21 19:12:15 +08:00			`services:`
			`gateway:`
			`build: .`
			`image: hermes-agent`
			`container_name: hermes`
			`restart: unless-stopped`
			`network_mode: host`
			`volumes:`
			`- ~/.hermes:/opt/data`
			`environment:`
fix(docker): safer docker-compose defaults for UID and dashboard bind Follow-up to salvaged PR #13483: - Default HERMES_UID/HERMES_GID to 10000 (matches Dockerfile's useradd and the entrypoint's default) instead of 1001. Users should set these to their own id -u / id -g; document that in the header. - Dashboard service: bind to 127.0.0.1 without --insecure by default. The dashboard stores API keys; the original compose file exposed it on 0.0.0.0 with auth explicitly disabled, which the dashboard's own --insecure help text flags as DANGEROUS. - Add header comments explaining HERMES_UID usage, the dashboard security posture, and how to expose the API server safely. 2026-04-24 04:46:57 -07:00			`- HERMES_UID=${HERMES_UID:-10000}`
			`- HERMES_GID=${HERMES_GID:-10000}`
			`# To expose the OpenAI-compatible API server beyond localhost,`
			`# uncomment BOTH lines (API_SERVER_KEY is mandatory for auth):`
fix(docker): fix HERMES_UID permission handling and add docker-compose.yml - Remove 'USER hermes' from Dockerfile so entrypoint runs as root and can usermod/groupmod before gosu drop. Add chmod -R a+rX /opt/hermes so any remapped UID can read the install directory. - Fix entrypoint chown logic: always chown -R when HERMES_UID is remapped from default 10000, not just when top-level dir ownership mismatches. - Add docker-compose.yml with gateway + dashboard services. - Add .hermes to .gitignore. 2026-04-21 19:12:15 +08:00			`# - API_SERVER_HOST=0.0.0.0`
			`# - API_SERVER_KEY=${API_SERVER_KEY}`
feat(teams): add Microsoft Teams platform adapter as a plugin Hello! I am the maintainer of the microsoft-teams-apps Python SDK and I built this Teams adapter to integrate Microsoft Teams into Hermes. Adds a `plugins/platforms/teams` platform plugin using the new PlatformRegistry system from #17751. The adapter self-registers via `register(ctx)` — no hardcoding in run.py, toolsets.py, or any other core file. Key features: - Supports personal DMs, group chats, and channel posts - Adaptive Card approval prompts with in-place button replacement (Allow Once / Allow Session / Always Allow / Deny) - aiohttp webhook server bridged from the Teams SDK to avoid the fastapi/uvicorn dependency - ConversationReference caching for correct proactive sends in non-DM chats - `interactive_setup()` for `hermes gateway setup` integration - `platform_hint` for LLM context (Teams markdown subset) - 34 tests covering adapter init, send, message handling, and plugin registration Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-30 05:03:38 +00:00			`# Microsoft Teams — uncomment and fill in to enable Teams gateway.`
			`# Register your bot at https://dev.botframework.com/ to get these values.`
			`# - TEAMS_CLIENT_ID=${TEAMS_CLIENT_ID}`
			`# - TEAMS_CLIENT_SECRET=${TEAMS_CLIENT_SECRET}`
			`# - TEAMS_TENANT_ID=${TEAMS_TENANT_ID}`
			`# - TEAMS_ALLOWED_USERS=${TEAMS_ALLOWED_USERS}`
fix(teams): pipe TEAMS_PORT through docker-compose properly Was hardcoded to 3978; use ${TEAMS_PORT:-3978} so a custom port set in .env is actually passed into the container. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-01 00:39:46 +00:00			`# - TEAMS_PORT=${TEAMS_PORT:-3978}`
feat(plugins/google_chat): Google Chat platform adapter as a bundled plugin Adds Google Chat as a new gateway platform, shipped under plugins/platforms/google_chat/ following the canonical bundled-plugin pattern (Teams, IRC). Rewired from the original PR #18425 to use the new env_enablement_fn + cron_deliver_env_var plugin interfaces landed in the preceding commit, so the adapter touches ZERO core files. What it does: - Inbound DM + group messages via Cloud Pub/Sub pull subscription (no public URL needed), with attachments (PDFs, images, audio, video) downloaded through an SSRF-guarded Google-host allowlist. - Outbound text replies with the 'Hermes is thinking…' patch-in-place pattern — no tombstones. - Native file attachment delivery via per-user OAuth. Google Chat's media.upload endpoint rejects service-account auth, so each user runs /setup-files once in their own DM to grant chat.messages.create for themselves; the adapter then uploads as them. Tokens stored per email at ~/.hermes/google_chat_user_tokens/<email>.json. - Thread isolation: side-threads get isolated sessions, top-level DM messages share one continuous session. Persistent thread-count store survives gateway restart. - Supervisor reconnect with exponential backoff. - Multi-user out of the box. How it plugs in (no core edits): - env_enablement_fn seeds PlatformConfig.extra with project_id, subscription_name, service_account_json, and the home_channel dict (which the core hook turns into a HomeChannel dataclass). Reads GOOGLE_CHAT_PROJECT_ID (falls back to GOOGLE_CLOUD_PROJECT), GOOGLE_CHAT_SUBSCRIPTION_NAME (falls back to GOOGLE_CHAT_SUBSCRIPTION), GOOGLE_CHAT_SERVICE_ACCOUNT_JSON (falls back to GOOGLE_APPLICATION_CREDENTIALS), GOOGLE_CHAT_HOME_CHANNEL. - cron_deliver_env_var='GOOGLE_CHAT_HOME_CHANNEL' gets cron delivery for free — cron/scheduler.py consults the platform registry for any name not in its hardcoded built-in sets. - plugin.yaml's rich requires_env / optional_env blocks auto-populate OPTIONAL_ENV_VARS via the new hermes_cli/config.py injector, so 'hermes config' UI surfaces them with description / url / prompt / password metadata. - Module-level Platform('google_chat') call in adapter.py triggers the Platform._missing_() registration so Platform.GOOGLE_CHAT attribute access works without an enum entry. Distribution: ships inside the existing hermes-agent package. Users opt in via 'pip install hermes-agent[google_chat]' and follow the 8-step GCP walkthrough at website/docs/user-guide/messaging/google_chat.md. Test coverage: 153 tests in tests/gateway/test_google_chat.py, all passing. Spans platform registration, env config loading, Pub/Sub envelope routing, outbound send + chunking + typing patch-in-place, attachment send paths, SSRF guard, thread/session model, supervisor reconnect, authorization, per-user OAuth, and the new plugin-registry cron delivery wiring. Credit: adapter + OAuth + tests + docs authored by @donramon77 (PR #18425). Rewire onto the new plugin hooks + salvage commit by Teknium. Co-Authored-By: Ramón Fernández <112875006+donramon77@users.noreply.github.com> 2026-05-07 06:41:48 -07:00			`# Google Chat — uncomment and fill in to enable the Google Chat gateway.`
			`# See website/docs/user-guide/messaging/google_chat.md for the full setup.`
			`# The SA JSON path must point to a file mounted into the container —`
			# add a volume entry above (e.g. ``- ~/.hermes/google-chat-sa.json:/secrets/google-chat-sa.json:ro``)
			`# then set GOOGLE_CHAT_SERVICE_ACCOUNT_JSON to that mount path.`
			`# - GOOGLE_CHAT_PROJECT_ID=${GOOGLE_CHAT_PROJECT_ID}`
			`# - GOOGLE_CHAT_SUBSCRIPTION_NAME=${GOOGLE_CHAT_SUBSCRIPTION_NAME}`
			`# - GOOGLE_CHAT_SERVICE_ACCOUNT_JSON=${GOOGLE_CHAT_SERVICE_ACCOUNT_JSON}`
			`# - GOOGLE_CHAT_ALLOWED_USERS=${GOOGLE_CHAT_ALLOWED_USERS}`
fix(docker): fix HERMES_UID permission handling and add docker-compose.yml - Remove 'USER hermes' from Dockerfile so entrypoint runs as root and can usermod/groupmod before gosu drop. Add chmod -R a+rX /opt/hermes so any remapped UID can read the install directory. - Fix entrypoint chown logic: always chown -R when HERMES_UID is remapped from default 10000, not just when top-level dir ownership mismatches. - Add docker-compose.yml with gateway + dashboard services. - Add .hermes to .gitignore. 2026-04-21 19:12:15 +08:00			`command: ["gateway", "run"]`

			`dashboard:`
			`image: hermes-agent`
			`container_name: hermes-dashboard`
			`restart: unless-stopped`
			`network_mode: host`
			`depends_on:`
			`- gateway`
			`volumes:`
			`- ~/.hermes:/opt/data`
			`environment:`
fix(docker): safer docker-compose defaults for UID and dashboard bind Follow-up to salvaged PR #13483: - Default HERMES_UID/HERMES_GID to 10000 (matches Dockerfile's useradd and the entrypoint's default) instead of 1001. Users should set these to their own id -u / id -g; document that in the header. - Dashboard service: bind to 127.0.0.1 without --insecure by default. The dashboard stores API keys; the original compose file exposed it on 0.0.0.0 with auth explicitly disabled, which the dashboard's own --insecure help text flags as DANGEROUS. - Add header comments explaining HERMES_UID usage, the dashboard security posture, and how to expose the API server safely. 2026-04-24 04:46:57 -07:00			`- HERMES_UID=${HERMES_UID:-10000}`
			`- HERMES_GID=${HERMES_GID:-10000}`
			# Localhost-only. For remote access, tunnel via `ssh -L 9119:localhost:9119`.
			`command: ["dashboard", "--host", "127.0.0.1", "--no-open"]`