hermes-bsd/hermes_cli
Ben fc39296e1f
fix(service_manager): s6 detection works for unprivileged hermes user
PR #30136 review surfaced two issues, both rooted in the same audit gap:
docker integration tests were running as root, not the unprivileged
`hermes` user (UID 10000) that the runtime actually uses via
`s6-setuidgid hermes`. Anything that probed PID-1 state or wrote to
the s6 control surface worked as root in the tests but was inert in
production.

Fixes:

1. `_s6_running()` previously called `Path("/proc/1/exe").resolve()`,
   which is root-only readable. For UID 10000 the symlink yields
   PermissionError, `resolve()` silently returns the unresolved path,
   and `exe.name == "exe"` — so detection always returned False, the
   service-manager runtime-registration path was inert, and every
   `hermes profile create` / `hermes -p X gateway start` silently
   skipped the s6 hook. Replace with `/proc/1/comm` (world-readable)
   + `/run/s6/basedir` (s6-overlay-specific) — both required, fail
   closed.

2. `02-reconcile-profiles` now also chowns `/run/service/.s6-svscan/`
   {control,lock} to hermes so `s6-svscanctl -a/-an` works without
   root. Previously the directory chown stopped at `/run/service`
   and the FIFO inside stayed root-owned, so `register_profile_gateway`
   from hermes failed at the rescan-trigger step with EACCES — the
   wrapper in profiles.py caught the exception and printed a swallowed
   warning, so profile creation appeared to succeed while the slot
   was rolled back.

Audit changes to flush this class of bug next time:

- Add `docker_exec` / `docker_exec_sh` helpers to `tests/docker/conftest.py`
  that default to `-u hermes`. The module docstring explains why and
  flags `user="root"` as opt-in only for tests that explicitly need
  root (none currently do).
- Refactor every `docker exec` call in tests/docker/ through the new
  helpers (test_dashboard.py, test_zombie_reaping.py, test_profile_gateway.py,
  test_container_restart.py, test_s6_profile_gateway_integration.py).
- Add 5 unit tests covering `_s6_running` under various probe states
  (both signals present; comm wrong; basedir missing; PermissionError
  on /proc/1/comm; missing /proc — non-Linux). The PermissionError
  test is the explicit regression guard for the original bug.

Known follow-up: the per-service `supervise/control` FIFO inside each
`/run/service/gateway-<profile>/supervise/` is created root-owned by
s6-supervise (which runs as root because s6-svscan is PID 1). `s6-svc
-u/-d/-t` from the hermes user will get EACCES on those. The audit
under `-u hermes` will reveal this in lifecycle tests — surfacing the
issue cleanly so it can be fixed in a focused follow-up (likely via a
small SUID helper or a polling chown loop in cont-init.d). The
detection + svscanctl fixes here are independent and complete on
their own.
2026-05-24 18:05:33 -07:00
..
proxy fix(security): validate Nous Portal inference_base_url against host allowlist 2026-05-22 14:17:40 -07:00
__init__.py
_parser.py Fix CLI verbose tool progress config fallback 2026-05-23 21:03:51 -07:00
_subprocess_compat.py
auth.py security: harden API server key placeholder handling (#30738) 2026-05-24 04:25:32 -07:00
auth_commands.py feat(cli): wire --manual-paste into `hermes auth add and hermes model` 2026-05-18 20:10:52 -07:00
azure_detect.py
backup.py
banner.py
browser_connect.py feat: auto-launch Chromium-family browser for CDP 2026-05-19 22:34:05 -07:00
bundles.py feat(skills): add skill bundles — alias /<name> loads multiple skills (#28373) 2026-05-18 21:38:05 -07:00
callbacks.py
checkpoints.py
claw.py
cli_output.py
clipboard.py
codex_models.py
codex_runtime_plugin_migration.py
codex_runtime_switch.py
colors.py
commands.py feat(skills): add opt-in AST deep diagnostics 2026-05-23 17:47:26 -07:00
completion.py
config.py feat(docker): remove gosu from bundled image; s6-setuidgid handles privilege drop 2026-05-24 18:05:33 -07:00
container_boot.py feat(docker): per-profile s6 supervision + container-restart reconciliation 2026-05-24 18:05:33 -07:00
copilot_auth.py
cron.py
curator.py
curses_ui.py fix(cli): clamp curses color 8 for 8-color terminals (Docker) 2026-05-21 23:40:58 -07:00
debug.py fix(debug): redact BlueBubbles webhook secrets 2026-05-24 15:43:48 -07:00
default_soul.py
dep_ensure.py
dingtalk_auth.py
doctor.py docs(s6): document container supervision; doctor + skill + user-guide updates 2026-05-24 18:05:33 -07:00
dump.py fix(skills): prune dependency/venv dirs from all skill scanners (#30042) 2026-05-21 14:18:02 -07:00
env_loader.py feat(secrets/bitwarden): EU Cloud + self-hosted server URL support (#31378) 2026-05-24 02:19:57 -07:00
fallback_cmd.py fix(fallback): merge fallback_providers with legacy fallback_model configurations 2026-05-23 05:24:57 -07:00
fallback_config.py fix(fallback): merge fallback_providers with legacy fallback_model configurations 2026-05-23 05:24:57 -07:00
gateway.py docs(s6): document container supervision; doctor + skill + user-guide updates 2026-05-24 18:05:33 -07:00
gateway_windows.py fix(gateway-windows): atomic write for .cmd and startup launcher scripts 2026-05-23 02:30:41 -07:00
goals.py
hooks.py
inventory.py
kanban.py feat(kanban): --ids bulk promote + AUTHOR_MAP entry for #29464 2026-05-23 23:10:36 -07:00
kanban_db.py fix(kanban): scratch tasks must not inherit board.default_workdir (#28818) 2026-05-24 15:48:58 -07:00
kanban_decompose.py fix: assign single-task kanban decompositions 2026-05-18 20:26:02 -07:00
kanban_diagnostics.py fix(kanban): honor severity thresholds in diagnostics 2026-05-18 20:47:01 -07:00
kanban_specify.py fix(cli): make kanban specify max_tokens configurable 2026-05-18 20:15:20 -07:00
kanban_swarm.py feat(cli): add kanban swarm topology helper 2026-05-18 21:10:12 -07:00
logs.py
main.py feat(security): on-demand supply-chain audit via OSV.dev (#31460) 2026-05-24 15:15:16 -07:00
mcp_config.py
memory_setup.py
migrate.py feat(cli): hermes migrate xai [--apply] [--no-backup] 2026-05-20 09:18:23 -07:00
model_catalog.py
model_normalize.py
model_switch.py fix(model-switch): mark bare custom provider as current 2026-05-19 10:57:35 -07:00
models.py
nous_subscription.py
oneshot.py fix(provider): make config.yaml model.provider the single source of truth (#31222) 2026-05-23 18:18:41 -07:00
pairing.py
platforms.py
plugins.py feat(tts): add register_tts_provider() plugin hook (closes #30398) 2026-05-24 18:04:54 -07:00
plugins_cmd.py fix(plugins): widen _sanitize_plugin_name for category-namespaced names 2026-05-22 19:50:32 -07:00
portal_cli.py feat(portal): one-shot setup, status CLI, and Nous-included markers (#30860) 2026-05-23 02:39:09 -07:00
profile_describer.py fix(skills): prune dependency/venv dirs from all skill scanners (#30042) 2026-05-21 14:18:02 -07:00
profile_distribution.py fix(skills): prune dependency/venv dirs from all skill scanners (#30042) 2026-05-21 14:18:02 -07:00
profiles.py feat(docker): per-profile s6 supervision + container-restart reconciliation 2026-05-24 18:05:33 -07:00
providers.py
pt_input_extras.py
pty_bridge.py
relaunch.py
runtime_provider.py fix(custom): pass custom provider extra body 2026-05-21 07:48:53 -07:00
secrets_cli.py feat(secrets/bitwarden): EU Cloud + self-hosted server URL support (#31378) 2026-05-24 02:19:57 -07:00
security_advisories.py
security_audit.py feat(security): on-demand supply-chain audit via OSV.dev (#31460) 2026-05-24 15:15:16 -07:00
send_cmd.py
service_manager.py fix(service_manager): s6 detection works for unprivileged hermes user 2026-05-24 18:05:33 -07:00
session_recap.py
setup.py fix(matrix,gateway): Matrix E2EE installs full dep set; plugins respect is_connected 2026-05-24 15:16:03 -07:00
skills_config.py
skills_hub.py refactor(skills): slim AST diagnostic to single entry point 2026-05-23 17:47:26 -07:00
skin_engine.py
slack_cli.py
status.py refactor(ntfy): convert built-in adapter to platform plugin 2026-05-23 16:13:01 -07:00
stdio.py
timeouts.py perf(agent-loop): cut 47% of per-conversation function calls via 3 targeted hot-path optimizations (#28866) 2026-05-19 14:25:10 -07:00
tips.py feat: auto-launch Chromium-family browser for CDP 2026-05-19 22:34:05 -07:00
tools_config.py feat(tts): add register_tts_provider() plugin hook (closes #30398) 2026-05-24 18:04:54 -07:00
uninstall.py docs(windows): avoid piping installer directly into iex 2026-05-18 20:05:47 -07:00
vercel_auth.py
voice.py
web_server.py Protect dashboard OAuth credentials with the same file-safety guarantees as other auth paths 2026-05-24 17:47:24 -07:00
webhook.py fix(state): restrict sensitive store file permissions 2026-05-24 04:55:18 -07:00
xai_retirement.py fix(xai): align migrate retirement map with docs 2026-05-20 09:18:23 -07:00