m0n5t3r fee0e0d35e fix(docker): run as non-root user, use virtualenv (salvage #5811) ... - Add gosu for runtime privilege dropping from root to hermes user - Support HERMES_UID/HERMES_GID env vars for host mount permission matching - Switch to debian:13.4-slim base image - Use uv venv instead of pip install --break-system-packages - Pin uv and gosu multi-stage images with SHA256 digests - Set PLAYWRIGHT_BROWSERS_PATH to /opt/hermes/.playwright so build-time chromium install survives the /opt/data volume mount - Keep procps for container debugging Based on work by m0n5t3r in PR #5811. Stripped to hardening-only changes (non-root, virtualenv, slim base); matrix deps, fonts, xvfb, and entrypoint playwright download deferred to follow-up.		2026-04-12 00:53:16 -07:00
..
entrypoint.sh	fix(docker): run as non-root user, use virtualenv (salvage #5811)	2026-04-12 00:53:16 -07:00
SOUL.md	feat(docker): add Docker container for the agent (salvage #1841) (#3668)	2026-03-28 22:21:48 -07:00