mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-10 08:32:09 +00:00
8eedb50bce
Hermes-Setup.exe is a small signed Rust+Tauri binary that drives
scripts/install.ps1 stage-by-stage with a native UI matching the
desktop's design language. Replaces the chicken-and-egg pattern of
shipping a 200MB Electron app whose first launch existed only to
run install.ps1.
The architecture:
Rust backend (src-tauri/):
bootstrap.rs orchestrator -- Tauri commands, stage iteration
install_script.rs resolve install.ps1 (dev checkout, cache, GitHub raw)
powershell.rs spawn powershell, line-stream stdout/stderr, parse JSON
events.rs BootstrapEvent types -- mirror bootstrap-runner.cjs
paths.rs HERMES_HOME resolution + tracing log setup
build.rs bakes BUILD_PIN_COMMIT / BUILD_PIN_BRANCH from
'git rev-parse HEAD' at compile time
React frontend (src/):
Tauri webview rendering 4 screens (welcome / progress / success /
failure), driven by nanostores subscribing to the Rust event stream.
Visual layer reuses the desktop's styles.css wholesale via @import
so the installer and desktop never drift visually.
Distribution:
targets = ['app', 'dmg', 'appimage'] -- no NSIS/MSI wrapper. The
raw target/release/Hermes-Setup.exe IS the artifact on Windows;
.dmg + .app on macOS; AppImage on Linux. One file, double-click,
no installer-installing-an-installer pattern.
Compile-time pinning:
build.rs reads 'git rev-parse HEAD' and emits
cargo:rustc-env=BUILD_PIN_COMMIT=<sha> + BUILD_PIN_BRANCH=<branch>.
bootstrap.rs's option_env!() picks these up so the binary fetches
install.ps1 from the exact SHA it was tested against. CI / release
builds can override via HERMES_BUILD_PIN_COMMIT env var.
Windows manifest:
hermes-setup.manifest declares level='asInvoker' so the
productName 'Hermes Setup' doesn't trip Windows's installer-
detection heuristic and refuse to launch without elevation.
Also declares PerMonitorV2 DPI + UTF-8 active code page + Common
Controls v6.
Limitations of this initial version:
* No code signing -- Windows SmartScreen will warn once on Hermes-Setup.exe
('More info -> Run anyway'). The downstream binaries it produces
(Hermes.exe in win-unpacked/, the hermes CLI) are locally-built and
therefore don't carry MOTW, so they launch without SmartScreen
intervention. Cert procurement tracked separately.
* macOS and Linux build paths defined but untested -- Windows-only V1.
75 lines
2.1 KiB
TOML
75 lines
2.1 KiB
TOML
[package]
|
|
name = "hermes-bootstrap"
|
|
version = "0.0.1"
|
|
description = "Hermes Setup — signed installer that drives scripts/install.ps1"
|
|
authors = ["Nous Research <info@nousresearch.com>"]
|
|
edition = "2021"
|
|
rust-version = "1.77"
|
|
|
|
# Rename the output binary so the distributed artifact is literally
|
|
# `Hermes-Setup.exe` on disk — not `hermes-bootstrap.exe`. Grandma sees
|
|
# what we hand her, period. Tauri honors [[bin]] over [package].name
|
|
# for the produced executable name.
|
|
[[bin]]
|
|
name = "Hermes-Setup"
|
|
path = "src/main.rs"
|
|
|
|
# The library target name MUST match the `withGlobalTauri` binding name that
|
|
# tauri.conf.json's `app.windows[].label` references. We don't ship a separate
|
|
# lib for now; everything is in src/.
|
|
[lib]
|
|
name = "hermes_bootstrap_lib"
|
|
crate-type = ["staticlib", "cdylib", "rlib"]
|
|
|
|
[build-dependencies]
|
|
tauri-build = { version = "2", features = [] }
|
|
|
|
[dependencies]
|
|
# Tauri runtime + plugins
|
|
tauri = { version = "2", features = [] }
|
|
tauri-plugin-dialog = "2"
|
|
tauri-plugin-opener = "2"
|
|
tauri-plugin-process = "2"
|
|
tauri-plugin-shell = "2"
|
|
|
|
# Async + IO
|
|
tokio = { version = "1", features = ["full"] }
|
|
futures = "0.3"
|
|
|
|
# Serialization
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
|
|
# HTTP — rustls so we don't need OpenSSL on the build box
|
|
reqwest = { version = "0.12", default-features = false, features = ["rustls-tls", "stream"] }
|
|
|
|
# Logging — emitted to a file under HERMES_HOME/logs/ and (optionally) the
|
|
# webview console via Tauri's event channel.
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
|
|
tracing-appender = "0.2"
|
|
|
|
# Paths + utils
|
|
dirs = "5"
|
|
which = "6"
|
|
anyhow = "1"
|
|
thiserror = "1"
|
|
once_cell = "1"
|
|
uuid = { version = "1", features = ["v4"] }
|
|
|
|
# Process control on Windows (CREATE_NO_WINDOW etc.)
|
|
[target.'cfg(windows)'.dependencies]
|
|
windows-sys = { version = "0.59", features = [
|
|
"Win32_Foundation",
|
|
"Win32_System_Threading",
|
|
"Win32_System_Console",
|
|
"Win32_UI_WindowsAndMessaging",
|
|
] }
|
|
|
|
[profile.release]
|
|
# A 5-10MB signed installer is the goal. LTO + size-opt + single codegen unit.
|
|
panic = "abort"
|
|
codegen-units = 1
|
|
lto = true
|
|
opt-level = "s"
|
|
strip = true
|