mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-17 09:41:58 +00:00
e1338265c1
Bring 313 commits of upstream main into the bb/gui dashboard
refactor branch. Eight conflicts resolved by hand, the rest
auto-merged. One missing class (_StreamErrorEvent) restored from
main after the auto-merger dropped it.
Conflict resolutions:
apps/dashboard/README.md take HEAD: main's text described
the pre-rename web/ layout that
bb/gui refactored away.
apps/dashboard/package.json combine: keep HEAD's @hermes/shared
workspace dep, take main's
@nous-research/ui 0.16.0 bump.
apps/dashboard/package-lock.json regenerate via
npm install --package-lock-only.
Root lock also regenerated; only
dashboard and apps/desktop entries
moved (apps/desktop version 0.0.1 →
0.0.2 to match bb/gui's
package.json bump).
apps/dashboard/src/pages/ take main (4 hunks): text-xs
EnvPage.tsx replaces text-[0.65rem] per the
typography rule HEAD's own README
documents.
hermes_cli/gateway.py take main (2 hunks): Discord
setup metadata moved to plugin
(architectural migration); s6
service-manager dispatch helpers
additive.
hermes_cli/main.py combine (2 hunks): take main's
Termux-aware
_sync_bundled_skills_for_startup;
combine gui + portal subcommands
in the known-subcommand list.
hermes_cli/web_server.py mixed (10 hunks):
- take main on _PUBLIC_API_PATHS
(bb/gui's own test asserts the
rescan endpoint must require auth)
- combine WS helpers: keep HEAD's
_ws_client_label + main's
Host/Origin guard + composing
_ws_request_is_allowed
- take HEAD's debug-level broadcast
drop log (matches the comment
"subscriber went away mid-send")
- take main's _safe_plugin_api_relpath
GHSA-5qr3-c538-wm9j fix and the
paired discovery-time validation
- take main's {name:path} route
converter for plugin visibility
tui_gateway/server.py take main: PR #31379's verbose-
args gating supersedes HEAD's
unconditional args dump on
tool.start.
Post-merge restoration:
run_agent.py restored class _StreamErrorEvent
(40 lines, from origin/main:288).
Auto-merge silently dropped it,
breaking imports in
agent/codex_runtime.py and three
test files
(test_codex_xai_oauth_recovery.py,
test_streaming.py). Restored
verbatim from main.
Sanity checks:
* git diff --check / --cached --check: clean (no stray markers)
* ast.parse + import on all touched .py files: clean
* targeted pytest on resolved files: 756 passed, 1 pre-existing
Windows-curses failure unrelated to the merge
* full pytest_parallel run: 105 files / 391 failures vs baseline
98 files / 346. Differential vs origin/bb/gui shows all 11
"new" failure files come from main's added tests/code and
reproduce identically against origin/main on the same Windows
host (pure Windows path-separator / perms / git-bash issues
in upstream tests, not merge regressions). 4 baseline
failures fixed: 3 in test_codex_xai_oauth_recovery (the
_StreamErrorEvent restoration), 1 each in test_pairing,
test_runner_startup_failures, test_stream_consumer.
* sentinel-token sweep on main's eight largest commits:
every audited symbol present in the merged tree at expected
counts (TTSProvider 61, NtfyAdapter 29, S6ServiceManager 70,
install_bws 12, security_audit 16, register_image_gen_provider
23, list_profile_gateways 22, DISCORD_FREE_RESPONSE_CHANNELS
48, …).
* byte-diff sweep: 30/30 sampled main-only-modified files
byte-identical to origin/main; the four bb/gui-only files
that drifted (i18n/types.ts, i18n/ru.ts, ThemeSwitcher.tsx,
ToolCall.tsx) correctly absorbed main's web/ → apps/dashboard/
edits through git's rename detection (main's added lines all
present, removed lines all absent).
45 lines
2.1 KiB
Text
Executable file
45 lines
2.1 KiB
Text
Executable file
#!/command/with-contenv sh
|
|
# shellcheck shell=sh
|
|
# Container-boot reconciliation of per-profile gateway s6 services.
|
|
#
|
|
# Runs as root after 01-hermes-setup (the stage2 hook) has chowned
|
|
# the volume and seeded $HERMES_HOME, but before s6-rc starts user
|
|
# services. /etc/cont-init.d/* scripts run in lexicographic order,
|
|
# so the `02-` prefix guarantees ordering.
|
|
#
|
|
# Service directories under /run/service/ live on tmpfs and are
|
|
# wiped on every container restart. Profile directories under
|
|
# $HERMES_HOME/profiles/ live on the persistent VOLUME. This script
|
|
# walks the persistent profiles, recreates the s6 service slots,
|
|
# and auto-starts only those whose last recorded state was
|
|
# `running` — see hermes_cli/container_boot.py.
|
|
#
|
|
# Phase 4 also needs hermes-user writes to /run/service/ (so the
|
|
# profile create/delete hooks can register/unregister at runtime),
|
|
# so we chown the scandir before invoking the reconciler. We
|
|
# additionally chown the s6-svscan control FIFO so the hermes user
|
|
# can send rescan signals via ``s6-svscanctl -a``; without this the
|
|
# entire runtime-registration path is inert under UID 10000 (the
|
|
# Python wrapper catches the resulting EACCES, prints a warning,
|
|
# and swallows the failure).
|
|
set -e
|
|
|
|
# Make the dynamic scandir hermes-writable. The directory itself
|
|
# starts root-owned by s6-overlay.
|
|
chown hermes:hermes /run/service 2>/dev/null || true
|
|
|
|
# Make the svscan control FIFO hermes-writable so s6-svscanctl -a
|
|
# / -an work for the hermes user. The FIFO is created by s6-svscan
|
|
# at PID-1 startup, so by the time this cont-init.d script runs it
|
|
# already exists. Both ``control`` and ``lock`` need to be writable
|
|
# for the various svscanctl operations; the directory itself stays
|
|
# root-owned (we only need to touch the two FIFOs/locks inside).
|
|
if [ -d /run/service/.s6-svscan ]; then
|
|
for entry in control lock; do
|
|
if [ -e "/run/service/.s6-svscan/$entry" ]; then
|
|
chown hermes:hermes "/run/service/.s6-svscan/$entry" 2>/dev/null || true
|
|
fi
|
|
done
|
|
fi
|
|
|
|
exec s6-setuidgid hermes /opt/hermes/.venv/bin/python -m hermes_cli.container_boot
|