Issue Station
Sign In
Tools hereToolbox

hermes - ✅(Solved) Fix [Bug]: Docker with HERMES_UID; permissions issue with Dashboard chat [1 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
NousResearch/hermes-agent#23402Fetched 2026-05-11 03:29:39
View on GitHub
Comments
0
Participants
1
Timeline
5
Reactions
0
Author
mmartialmmartial
Participants
mmartialmmartial
Timeline (top)
labeled ×4cross-referenced ×1

Error Message

[dashboard] ✘ [ERROR] Failed to write to output file: open /opt/hermes/ui-tui/packages/hermes-ink/dist/entry-exports.js: permission denied [dashboard] 1 error Chat Unavailable error in WebUI and TUI build failed and [ERROR] Failed to write to output file: open /opt/hermes/ui-tui/packages/hermes-ink/dist/entry-exports.js: permission denied

Additional Logs / Traceback (optional)

Root Cause

Root Cause Analysis (optional)

Fix Action

Fix / Workaround

--- agent.log (last 200 lines) --- 2026-05-10 15:43:50,710 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 15:43:50,713 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 15:43:50,715 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 15:43:51,406 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled 2026-05-10 15:43:51,455 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/hermes-achievements/ 2026-05-10 15:43:51,517 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/kanban/ 2026-05-10 15:43:51,518 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks. 2026-05-10 15:44:00,722 INFO tools.tirith_security: tirith not found — downloading latest release for x86_64-unknown-linux-gnu... 2026-05-10 15:44:00,751 INFO gateway.run: Starting Hermes Gateway... 2026-05-10 15:44:00,751 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions 2026-05-10 15:44:00,756 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90) 2026-05-10 15:44:00,756 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery) 2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id). 2026-05-10 15:44:00,861 INFO gateway.run: Connecting to api_server... 2026-05-10 15:44:00,867 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent) 2026-05-10 15:44:00,871 INFO gateway.run: ✓ api_server connected 2026-05-10 15:44:00,874 INFO gateway.run: Gateway running with 1 platform(s) 2026-05-10 15:44:00,880 INFO gateway.run: Channel directory built: 0 target(s) 2026-05-10 15:44:01,242 INFO tools.tirith_security: cosign not on PATH — installing tirith with SHA-256 verification only (install cosign for full supply chain verification) 2026-05-10 15:44:01,464 INFO tools.tirith_security: tirith installed to /home/hermes/.hermes/bin/tirith (SHA-256 only) 2026-05-10 15:44:01,883 INFO gateway.run: Press Ctrl+C to stop 2026-05-10 15:44:01,889 INFO gateway.run: Cron ticker started (interval=60s) 2026-05-10 15:44:05,339 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 15:44:05,342 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 15:44:05,344 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 15:44:05,915 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled 2026-05-10 15:44:06,695 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env 2026-05-10 15:44:06,922 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s) 2026-05-10 15:45:05,135 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-5 (_build):23211048224448 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano 2026-05-10 15:45:05,684 INFO agent.auxiliary_client: Vision auto-detect: using main provider openrouter (openai/gpt-5.4-nano) 2026-05-10 15:45:05,729 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano) 2026-05-10 15:45:07,694 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env 2026-05-10 15:45:08,385 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 15:45:08,387 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 15:45:08,389 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 15:45:08,767 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled 2026-05-10 15:45:36,194 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-9 (_build):23211016181440 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano 2026-05-10 15:45:36,215 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano) 2026-05-10 15:45:38,156 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env 2026-05-10 15:45:38,856 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 15:45:38,859 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 15:45:38,860 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 15:45:39,212 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled 2026-05-10 16:00:04,181 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 16:00:04,183 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 16:00:04,185 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 16:00:04,894 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled 2026-05-10 16:00:04,931 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/hermes-achievements/ 2026-05-10 16:00:04,987 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/kanban/ 2026-05-10 16:00:04,988 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks. 2026-05-10 16:00:07,238 INFO gateway.run: Starting Hermes Gateway... 2026-05-10 16:00:07,238 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions 2026-05-10 16:00:07,243 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90) 2026-05-10 16:00:07,243 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery) 2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id). 2026-05-10 16:00:07,345 INFO gateway.run: Connecting to api_server... 2026-05-10 16:00:07,353 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent) 2026-05-10 16:00:07,358 INFO gateway.run: ✓ api_server connected 2026-05-10 16:00:07,360 INFO gateway.run: Gateway running with 1 platform(s) 2026-05-10 16:00:07,367 INFO gateway.run: Channel directory built: 0 target(s) 2026-05-10 16:00:08,096 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 16:00:08,098 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 16:00:08,100 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 16:00:08,369 INFO gateway.run: Press Ctrl+C to stop 2026-05-10 16:00:08,376 INFO gateway.run: Cron ticker started (interval=60s) 2026-05-10 16:00:08,667 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled 2026-05-10 16:00:13,401 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s) 2026-05-10 16:00:15,793 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env 2026-05-10 16:00:17,399 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-3 (_build):23350332069568 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano 2026-05-10 16:00:17,834 INFO agent.auxiliary_client: Vision auto-detect: using main provider openrouter (openai/gpt-5.4-nano) 2026-05-10 16:00:17,902 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano) 2026-05-10 16:00:19,875 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env 2026-05-10 16:00:20,705 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai 2026-05-10 16:00:20,707 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex 2026-05-10 16:00:20,708 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai 2026-05-10 16:00:21,088 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled

--- gateway.log (last 100 lines) --- 2026-05-10 15:44:00,751 INFO gateway.run: Starting Hermes Gateway... 2026-05-10 15:44:00,751 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions 2026-05-10 15:44:00,756 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90) 2026-05-10 15:44:00,756 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery) 2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id). 2026-05-10 15:44:00,861 INFO gateway.run: Connecting to api_server... 2026-05-10 15:44:00,867 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent) 2026-05-10 15:44:00,871 INFO gateway.run: ✓ api_server connected 2026-05-10 15:44:00,874 INFO gateway.run: Gateway running with 1 platform(s) 2026-05-10 15:44:00,880 INFO gateway.run: Channel directory built: 0 target(s) 2026-05-10 15:44:01,883 INFO gateway.run: Press Ctrl+C to stop 2026-05-10 15:44:01,889 INFO gateway.run: Cron ticker started (interval=60s) 2026-05-10 15:44:06,922 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s) 2026-05-10 16:00:07,238 INFO gateway.run: Starting Hermes Gateway... 2026-05-10 16:00:07,238 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions 2026-05-10 16:00:07,243 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90) 2026-05-10 16:00:07,243 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery) 2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id). 2026-05-10 16:00:07,345 INFO gateway.run: Connecting to api_server... 2026-05-10 16:00:07,353 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent) 2026-05-10 16:00:07,358 INFO gateway.run: ✓ api_server connected 2026-05-10 16:00:07,360 INFO gateway.run: Gateway running with 1 platform(s) 2026-05-10 16:00:07,367 INFO gateway.run: Channel directory built: 0 target(s) 2026-05-10 16:00:08,369 INFO gateway.run: Press Ctrl+C to stop 2026-05-10 16:00:08,376 INFO gateway.run: Cron ticker started (interval=60s) 2026-05-10 16:00:13,401 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)

PR fix notes

PR #23497: fix(docker): repair dashboard runtime perms for remapped uid

Description (problem / solution / changelog)

What does this PR do?

Fixes the Docker entrypoint so remapping the runtime user with HERMES_UID / HERMES_GID also repairs ownership on the install-tree directories that the dashboard/TUI still needs to write into at runtime. Without this, dashboard chat startup can fail with permission denied under /opt/hermes/ui-tui/... even though HERMES_HOME itself is writable.

Related Issue

Fixes #23402

Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✨ New feature (non-breaking change that adds functionality)
  • 🔒 Security fix
  • 📝 Documentation update
  • ✅ Tests (adding or improving test coverage)
  • ♻️ Refactor (no behavior change)
  • 🎯 New skill (bundled or hub)

Changes Made

  • extend docker/entrypoint.sh to repair ownership on the runtime-mutable install dirs under /opt/hermes before dropping privileges
  • keep the repair scope narrow to ui-tui and node_modules instead of recursively chowning the entire install tree
  • add tests/tools/test_docker_entrypoint_runtime_perms.py as a regression guard for custom HERMES_UID deployments

How to Test

  1. uv run --frozen pytest -q -o addopts='' tests/tools/test_docker_entrypoint_runtime_perms.py tests/tools/test_dockerfile_node_modules_perms.py
  2. uv run --frozen ruff check tests/tools/test_docker_entrypoint_runtime_perms.py tests/tools/test_dockerfile_node_modules_perms.py
  3. bash -n docker/entrypoint.sh

Checklist

Code

  • I've read the Contributing Guide
  • My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
  • I searched for existing PRs to make sure this isn't a duplicate
  • My PR contains only changes related to this fix/feature (no unrelated commits)
  • I've run pytest tests/ -q and all tests pass
  • I've added tests for my changes (required for bug fixes, strongly encouraged for features)
  • I've tested on my platform: macOS 15.x

Documentation & Housekeeping

  • I've updated relevant documentation (README, docs/, docstrings) — or N/A
  • I've updated cli-config.yaml.example if I added/changed config keys — or N/A
  • I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
  • I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
  • I've updated tool descriptions/schemas if I changed tool behavior — or N/A

Screenshots / Logs

  • targeted pytest: 2 passed
  • ruff check: passed
  • bash -n docker/entrypoint.sh: passed
  • collect-only smoke: 2 tests collected
  • repo-wide pytest tests/ -q was not used as the merge gate here; this PR is scoped to the Docker entrypoint + regression contract tests

Changed files

  • docker/entrypoint.sh (modified, +25/-0)
  • tests/tools/test_docker_entrypoint_runtime_perms.py (added, +31/-0)

Code Example

docker run
  -d
  --name='HermesAgent'
  -e TZ="America/New_York"
  -e 'API_SERVER_ENABLED'='true'
  -e 'API_SERVER_HOST'='0.0.0.0'
  -e 'API_SERVER_KEY'='bd3db74dd31a13c4f23c137eca542a1ae76d403d5dc6453926820e9e7b9e28a4'
  -e 'API_SERVER_CORS_ORIGINS'='*'
  -e 'HERMES_DASHBOARD'='true'
  -e 'HERMES_DASHBOARD_HOST'='0.0.0.0'
  -e 'HERMES_DASHBOARD_TUI'='1'
  -e 'HERMES_UID'='99'
  -e 'HERMES_GID'='100'
  -e 'HERMES_HOME'='/home/hermes/.hermes'
  -p '8642:8642/tcp'
  -p '9119:9119/tcp'
  -v '/mnt/user/appdata/hermes-agent/hermes-home':'/home/hermes/.hermes':'rw'
  -v 'hermes_shared_volume':'/opt/hermes':'rw' 'nousresearch/hermes-agent:latest' gateway run

---

Changing hermes UID to 99
Changing hermes GID to 100
Fixing ownership of /home/hermes/.hermes to hermes (99)
Dropping root privileges
Syncing bundled skills into ~/.hermes/skills/ ...

Done: 0 new, 0 updated, 87 unchanged. 87 total bundled.
Starting hermes dashboard on 0.0.0.0:9119 (background)
[dashboard]   Hermes Web UI → http://0.0.0.0:9119
┌─────────────────────────────────────────────────────────┐
│           ⚕ Hermes Gateway Starting...├─────────────────────────────────────────────────────────┤
Messaging platforms + cron scheduler                    │
Press Ctrl+C to stop                                   │
└─────────────────────────────────────────────────────────┘

WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
[dashboard] TUI build failed.
[dashboard] > hermes-tui@0.0.1 build
[dashboard] > npm run build --prefix packages/hermes-ink && tsc -p tsconfig.build.json && npm run build:compile && chmod +x dist/entry.js
[dashboard]
[dashboard]
[dashboard] > @hermes/ink@0.0.1 build
[dashboard] > esbuild src/entry-exports.ts --bundle --platform=node --format=esm --packages=external --outdir=dist
[dashboard]
[dashboard][ERROR] Failed to write to output file: open /opt/hermes/ui-tui/packages/hermes-ink/dist/entry-exports.js: permission denied
[dashboard]
[dashboard] 1 error
[dashboard]
[dashboard]   dist/entry-exports.js  418.8kb
[dashboard]
[dashboard]Done in 23ms

---

docker exec --user 99:100 -it HermesAgent bash
hermes@bbdb66ceeede:/opt/hermes$ ls -al
total 3140
drwxr-xr-x 1 root  root     1508 May 10 15:43 .
drwxr-xr-x 1 root  root       20 May  9 03:58 ..
-rw-r--r-- 1 10000 10000     609 May 10 15:13 .dockerignore
-rw-r--r-- 1 10000 10000   21610 May 10 15:13 .env.example
-rw-r--r-- 1 10000 10000     193 May 10 15:13 .envrc
-rw-r--r-- 1 10000 10000     120 May 10 15:13 .gitattributes
-rw-r--r-- 1 10000 10000    5743 May 10 15:13 .mailmap
drwxr-xr-x 1 10000 10000      80 May 10 15:43 .plans
drwxr-xr-x 1 root  root       90 May 10 15:43 .playwright
drwxr-xr-x 1 root  root      106 May 10 15:43 .venv
-rw-r--r-- 1 10000 10000    5654 May 10 15:13 Dockerfile
-rw-r--r-- 1 10000 10000    1070 May 10 15:13 LICENSE
-rw-r--r-- 1 10000 10000      87 May 10 15:13 MANIFEST.in
-rw-r--r-- 1 root  root        0 May  9 20:57 README.md
drwxr-xr-x 1 10000 10000     174 May 10 15:43 acp_adapter
drwxr-xr-x 1 10000 10000      36 May 10 15:43 acp_registry
drwxr-xr-x 1 10000 10000    1828 May 10 15:43 agent
drwxr-xr-x 1 10000 10000      20 May 10 15:43 assets
-rw-r--r-- 1 10000 10000   56265 May 10 15:13 batch_runner.py
-rw-r--r-- 1 10000 10000   55068 May 10 15:13 cli-config.yaml.example
-rw-r--r-- 1 10000 10000  588188 May 10 15:13 cli.py
-rw-r--r-- 1 10000 10000     407 May 10 15:13 constraints-termux.txt
drwxr-xr-x 1 10000 10000      60 May 10 15:43 cron
drwxr-xr-x 1 10000 10000     182 May 10 15:43 datagen-config-examples
drwxr-xr-x 1 10000 10000      40 May 10 15:43 docker
-rw-r--r-- 1 10000 10000    3095 May 10 15:13 docker-compose.yml
drwxr-xr-x 1 10000 10000      60 May 10 15:43 docs
drwxr-xr-x 1 10000 10000     342 May 10 15:43 environments
-rw-r--r-- 1 10000 10000    5199 May 10 15:13 flake.lock
-rw-r--r-- 1 10000 10000    1106 May 10 15:13 flake.nix
drwxr-xr-x 1 10000 10000     576 May 10 15:43 gateway
-rwxr-xr-x 1 10000 10000     262 May 10 15:13 hermes
drwxr-xr-x 1 root  root      160 May 10 15:43 hermes_agent.egg-info
-rw-r--r-- 1 10000 10000    5397 May 10 15:13 hermes_bootstrap.py
drwxr-xr-x 1 10000 10000    1844 May 10 15:43 hermes_cli
-rw-r--r-- 1 10000 10000   12918 May 10 15:13 hermes_constants.py
-rw-r--r-- 1 10000 10000   13566 May 10 15:13 hermes_logging.py
-rw-r--r-- 1 10000 10000  122766 May 10 15:13 hermes_state.py
-rw-r--r-- 1 10000 10000    3227 May 10 15:13 hermes_time.py
drwxr-xr-x 1 10000 10000     234 May 10 15:43 locales
-rw-r--r-- 1 10000 10000   31690 May 10 15:13 mcp_serve.py
-rw-r--r-- 1 10000 10000   28449 May 10 15:13 mini_swe_runner.py
-rw-r--r-- 1 10000 10000   37777 May 10 15:13 model_tools.py
drwxr-xr-x 1 10000 10000     260 May 10 15:43 nix
drwxr-xr-x 1 10000 10000    4130 May 10 15:43 node_modules
drwxr-xr-x 1 10000 10000     312 May 10 15:43 optional-skills
-rw-r--r-- 1 10000 10000   94861 May 10 15:13 package-lock.json
-rw-r--r-- 1 10000 10000     783 May 10 15:13 package.json
drwxr-xr-x 1 10000 10000      16 May 10 15:43 packaging
drwxr-xr-x 1 10000 10000      48 May 10 15:43 plans
drwxr-xr-x 1 10000 10000     292 May 10 15:43 plugins
drwxr-xr-x 1 10000 10000      54 May 10 15:43 providers
-rw-r--r-- 1 10000 10000    9186 May 10 15:13 pyproject.toml
-rw-r--r-- 1 10000 10000   16282 May 10 15:13 rl_cli.py
-rw-r--r-- 1 10000 10000  787829 May 10 15:13 run_agent.py
drwxr-xr-x 1 10000 10000     700 May 10 15:43 scripts
-rwxr-xr-x 1 10000 10000   14932 May 10 15:13 setup-hermes.sh
drwxr-xr-x 1 10000 10000     446 May 10 15:43 skills
drwxr-xr-x 1 10000 10000    3354 May 10 15:43 tests
drwxr-xr-x 1 10000 10000     198 May 10 15:43 tinker-atropos
drwxr-xr-x 1 10000 10000    2626 May 10 15:43 tools
-rw-r--r-- 1 10000 10000   12332 May 10 15:13 toolset_distributions.py
-rw-r--r-- 1 10000 10000   28524 May 10 15:13 toolsets.py
-rw-r--r-- 1 10000 10000   65331 May 10 15:13 trajectory_compressor.py
drwxr-xr-x 1 10000 10000     174 May 10 15:43 tui_gateway
drwxr-xr-x 1 10000 10000     366 May 10 15:43 ui-tui
-rw-r--r-- 1 10000 10000   12547 May 10 15:13 utils.py
-rw-r--r-- 1 10000 10000 1086268 May 10 15:13 uv.lock
drwxr-xr-x 1 10000 10000     294 May 10 15:43 web
drwxr-xr-x 1 10000 10000     232 May 10 15:43 website

---

[hermes debug share: log content redacted at upload time. run with --no-redact to disable]
--- hermes dump ---
version:          0.13.0 (2026.5.7) [(unknown)]
os:               Linux 6.12.87-Unraid x86_64
python:           3.13.5
openai_sdk:       2.24.0
profile:          default
hermes_home:      /home/hermes/.hermes
model:            openai/gpt-5.4-nano
provider:         openrouter
terminal:         local

api_keys:
  openrouter           set
  openai               not set
  anthropic            not set
  anthropic_token      not set
  nous                 not set
  google/gemini        not set
  gemini               not set
  glm/zai              not set
  zai                  not set
  kimi                 not set
  minimax              not set
  deepseek             not set
  dashscope            not set
  huggingface          not set
  nvidia               not set
  ai_gateway           not set
  opencode_zen         not set
  opencode_go          not set
  kilocode             not set
  firecrawl            not set
  tavily               not set
  browserbase          not set
  fal                  not set
  elevenlabs           not set
  github               not set

features:
  toolsets:           hermes-cli
  mcp_servers:        0
  memory_provider:    built-in
  gateway:            running (docker (foreground), pid 7)
  platforms:          none
  cron_jobs:          0
  skills:             87

config_overrides:
  agent.max_turns: 60
  display.streaming: True
--- end dump ---


--- agent.log (last 200 lines) ---
2026-05-10 15:43:50,710 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:43:50,713 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:43:50,715 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:43:51,406 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 15:43:51,455 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/hermes-achievements/
2026-05-10 15:43:51,517 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/kanban/
2026-05-10 15:43:51,518 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 15:44:00,722 INFO tools.tirith_security: tirith not found — downloading latest release for x86_64-unknown-linux-gnu...
2026-05-10 15:44:00,751 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 15:44:00,751 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 15:44:00,756 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 15:44:00,756 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 15:44:00,861 INFO gateway.run: Connecting to api_server...
2026-05-10 15:44:00,867 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 15:44:00,871 INFO gateway.run: ✓ api_server connected
2026-05-10 15:44:00,874 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 15:44:00,880 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 15:44:01,242 INFO tools.tirith_security: cosign not on PATH — installing tirith with SHA-256 verification only (install cosign for full supply chain verification)
2026-05-10 15:44:01,464 INFO tools.tirith_security: tirith installed to /home/hermes/.hermes/bin/tirith (SHA-256 only)
2026-05-10 15:44:01,883 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 15:44:01,889 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 15:44:05,339 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:44:05,342 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:44:05,344 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:44:05,915 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 15:44:06,695 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 15:44:06,922 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)
2026-05-10 15:45:05,135 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-5 (_build):23211048224448 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano
2026-05-10 15:45:05,684 INFO agent.auxiliary_client: Vision auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 15:45:05,729 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 15:45:07,694 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 15:45:08,385 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:45:08,387 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:45:08,389 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:45:08,767 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 15:45:36,194 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-9 (_build):23211016181440 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano
2026-05-10 15:45:36,215 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 15:45:38,156 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 15:45:38,856 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:45:38,859 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:45:38,860 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:45:39,212 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 16:00:04,181 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 16:00:04,183 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 16:00:04,185 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 16:00:04,894 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 16:00:04,931 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/hermes-achievements/
2026-05-10 16:00:04,987 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/kanban/
2026-05-10 16:00:04,988 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 16:00:07,238 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 16:00:07,238 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 16:00:07,243 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 16:00:07,243 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 16:00:07,345 INFO gateway.run: Connecting to api_server...
2026-05-10 16:00:07,353 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 16:00:07,358 INFO gateway.run: ✓ api_server connected
2026-05-10 16:00:07,360 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 16:00:07,367 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 16:00:08,096 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 16:00:08,098 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 16:00:08,100 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 16:00:08,369 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 16:00:08,376 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 16:00:08,667 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 16:00:13,401 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)
2026-05-10 16:00:15,793 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 16:00:17,399 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-3 (_build):23350332069568 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano
2026-05-10 16:00:17,834 INFO agent.auxiliary_client: Vision auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 16:00:17,902 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 16:00:19,875 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 16:00:20,705 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 16:00:20,707 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 16:00:20,708 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 16:00:21,088 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled

--- errors.log (last 100 lines) ---
2026-05-10 15:43:51,518 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 16:00:04,988 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).

--- gateway.log (last 100 lines) ---
2026-05-10 15:44:00,751 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 15:44:00,751 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 15:44:00,756 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 15:44:00,756 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 15:44:00,861 INFO gateway.run: Connecting to api_server...
2026-05-10 15:44:00,867 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 15:44:00,871 INFO gateway.run: ✓ api_server connected
2026-05-10 15:44:00,874 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 15:44:00,880 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 15:44:01,883 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 15:44:01,889 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 15:44:06,922 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)
2026-05-10 16:00:07,238 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 16:00:07,238 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 16:00:07,243 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 16:00:07,243 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 16:00:07,345 INFO gateway.run: Connecting to api_server...
2026-05-10 16:00:07,353 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 16:00:07,358 INFO gateway.run: ✓ api_server connected
2026-05-10 16:00:07,360 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 16:00:07,367 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 16:00:08,369 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 16:00:08,376 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 16:00:13,401 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)

---

docker exec --user 99:100 -it HermesAgent bash
hermes@6ebaef4a77c7:/opt/hermes$ source .venv/bin/activate
(hermes-agent) hermes@6ebaef4a77c7:/opt/hermes$ hermes version
Hermes Agent v0.13.0 (2026.5.7)
Project: /opt/hermes
Python: 3.13.5
OpenAI SDK: 2.24.0
RAW_BUFFERClick to expand / collapse

Bug Description

Attempting to update my Unraid Template (https://github.com/mmartial/unraid-templates/blob/main/templates/hermes-agent.xml) to reflect new guidelines from https://hermes-agent.nousresearch.com/docs/user-guide/docker

I tried to use the Chat feature within a newly started container and encounter permission denied errors. The container is started using HERMES_UID and HERMES_GID, with a Docker shared volume at /opt/hermes to interface with the Hermes WebUI.

Steps to Reproduce

  1. Simplified Unraid template docker run:
docker run
  -d
  --name='HermesAgent'
  -e TZ="America/New_York"
  -e 'API_SERVER_ENABLED'='true'
  -e 'API_SERVER_HOST'='0.0.0.0'
  -e 'API_SERVER_KEY'='bd3db74dd31a13c4f23c137eca542a1ae76d403d5dc6453926820e9e7b9e28a4'
  -e 'API_SERVER_CORS_ORIGINS'='*'
  -e 'HERMES_DASHBOARD'='true'
  -e 'HERMES_DASHBOARD_HOST'='0.0.0.0'
  -e 'HERMES_DASHBOARD_TUI'='1'
  -e 'HERMES_UID'='99'
  -e 'HERMES_GID'='100'
  -e 'HERMES_HOME'='/home/hermes/.hermes'
  -p '8642:8642/tcp'
  -p '9119:9119/tcp'
  -v '/mnt/user/appdata/hermes-agent/hermes-home':'/home/hermes/.hermes':'rw'
  -v 'hermes_shared_volume':'/opt/hermes':'rw' 'nousresearch/hermes-agent:latest' gateway run

  1. Configure an OpenRouter key

  2. Attempt to use the Chat interface in the Dashboard

  3. Unable to use Chat

    <img width="290" height="206" alt="Image" src="https://github.com/user-attachments/assets/c0708f86-0231-4c40-a1f6-37be6a1e49f1" />

  4. Log from docker logs HermesAgent

Changing hermes UID to 99
Changing hermes GID to 100
Fixing ownership of /home/hermes/.hermes to hermes (99)
Dropping root privileges
Syncing bundled skills into ~/.hermes/skills/ ...

Done: 0 new, 0 updated, 87 unchanged. 87 total bundled.
Starting hermes dashboard on 0.0.0.0:9119 (background)
[dashboard]   Hermes Web UI → http://0.0.0.0:9119
┌─────────────────────────────────────────────────────────┐
│           ⚕ Hermes Gateway Starting...                 │
├─────────────────────────────────────────────────────────┤
│  Messaging platforms + cron scheduler                    │
│  Press Ctrl+C to stop                                   │
└─────────────────────────────────────────────────────────┘

WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
[dashboard] TUI build failed.
[dashboard] > [email protected] build
[dashboard] > npm run build --prefix packages/hermes-ink && tsc -p tsconfig.build.json && npm run build:compile && chmod +x dist/entry.js
[dashboard]
[dashboard]
[dashboard] > @hermes/[email protected] build
[dashboard] > esbuild src/entry-exports.ts --bundle --platform=node --format=esm --packages=external --outdir=dist
[dashboard]
[dashboard] ✘ [ERROR] Failed to write to output file: open /opt/hermes/ui-tui/packages/hermes-ink/dist/entry-exports.js: permission denied
[dashboard]
[dashboard] 1 error
[dashboard]
[dashboard]   dist/entry-exports.js  418.8kb
[dashboard]
[dashboard] ⚡ Done in 23ms

I also note that the files in /opt/hermes are not owned by 99:100 as expected:

docker exec --user 99:100 -it HermesAgent bash
hermes@bbdb66ceeede:/opt/hermes$ ls -al
total 3140
drwxr-xr-x 1 root  root     1508 May 10 15:43 .
drwxr-xr-x 1 root  root       20 May  9 03:58 ..
-rw-r--r-- 1 10000 10000     609 May 10 15:13 .dockerignore
-rw-r--r-- 1 10000 10000   21610 May 10 15:13 .env.example
-rw-r--r-- 1 10000 10000     193 May 10 15:13 .envrc
-rw-r--r-- 1 10000 10000     120 May 10 15:13 .gitattributes
-rw-r--r-- 1 10000 10000    5743 May 10 15:13 .mailmap
drwxr-xr-x 1 10000 10000      80 May 10 15:43 .plans
drwxr-xr-x 1 root  root       90 May 10 15:43 .playwright
drwxr-xr-x 1 root  root      106 May 10 15:43 .venv
-rw-r--r-- 1 10000 10000    5654 May 10 15:13 Dockerfile
-rw-r--r-- 1 10000 10000    1070 May 10 15:13 LICENSE
-rw-r--r-- 1 10000 10000      87 May 10 15:13 MANIFEST.in
-rw-r--r-- 1 root  root        0 May  9 20:57 README.md
drwxr-xr-x 1 10000 10000     174 May 10 15:43 acp_adapter
drwxr-xr-x 1 10000 10000      36 May 10 15:43 acp_registry
drwxr-xr-x 1 10000 10000    1828 May 10 15:43 agent
drwxr-xr-x 1 10000 10000      20 May 10 15:43 assets
-rw-r--r-- 1 10000 10000   56265 May 10 15:13 batch_runner.py
-rw-r--r-- 1 10000 10000   55068 May 10 15:13 cli-config.yaml.example
-rw-r--r-- 1 10000 10000  588188 May 10 15:13 cli.py
-rw-r--r-- 1 10000 10000     407 May 10 15:13 constraints-termux.txt
drwxr-xr-x 1 10000 10000      60 May 10 15:43 cron
drwxr-xr-x 1 10000 10000     182 May 10 15:43 datagen-config-examples
drwxr-xr-x 1 10000 10000      40 May 10 15:43 docker
-rw-r--r-- 1 10000 10000    3095 May 10 15:13 docker-compose.yml
drwxr-xr-x 1 10000 10000      60 May 10 15:43 docs
drwxr-xr-x 1 10000 10000     342 May 10 15:43 environments
-rw-r--r-- 1 10000 10000    5199 May 10 15:13 flake.lock
-rw-r--r-- 1 10000 10000    1106 May 10 15:13 flake.nix
drwxr-xr-x 1 10000 10000     576 May 10 15:43 gateway
-rwxr-xr-x 1 10000 10000     262 May 10 15:13 hermes
drwxr-xr-x 1 root  root      160 May 10 15:43 hermes_agent.egg-info
-rw-r--r-- 1 10000 10000    5397 May 10 15:13 hermes_bootstrap.py
drwxr-xr-x 1 10000 10000    1844 May 10 15:43 hermes_cli
-rw-r--r-- 1 10000 10000   12918 May 10 15:13 hermes_constants.py
-rw-r--r-- 1 10000 10000   13566 May 10 15:13 hermes_logging.py
-rw-r--r-- 1 10000 10000  122766 May 10 15:13 hermes_state.py
-rw-r--r-- 1 10000 10000    3227 May 10 15:13 hermes_time.py
drwxr-xr-x 1 10000 10000     234 May 10 15:43 locales
-rw-r--r-- 1 10000 10000   31690 May 10 15:13 mcp_serve.py
-rw-r--r-- 1 10000 10000   28449 May 10 15:13 mini_swe_runner.py
-rw-r--r-- 1 10000 10000   37777 May 10 15:13 model_tools.py
drwxr-xr-x 1 10000 10000     260 May 10 15:43 nix
drwxr-xr-x 1 10000 10000    4130 May 10 15:43 node_modules
drwxr-xr-x 1 10000 10000     312 May 10 15:43 optional-skills
-rw-r--r-- 1 10000 10000   94861 May 10 15:13 package-lock.json
-rw-r--r-- 1 10000 10000     783 May 10 15:13 package.json
drwxr-xr-x 1 10000 10000      16 May 10 15:43 packaging
drwxr-xr-x 1 10000 10000      48 May 10 15:43 plans
drwxr-xr-x 1 10000 10000     292 May 10 15:43 plugins
drwxr-xr-x 1 10000 10000      54 May 10 15:43 providers
-rw-r--r-- 1 10000 10000    9186 May 10 15:13 pyproject.toml
-rw-r--r-- 1 10000 10000   16282 May 10 15:13 rl_cli.py
-rw-r--r-- 1 10000 10000  787829 May 10 15:13 run_agent.py
drwxr-xr-x 1 10000 10000     700 May 10 15:43 scripts
-rwxr-xr-x 1 10000 10000   14932 May 10 15:13 setup-hermes.sh
drwxr-xr-x 1 10000 10000     446 May 10 15:43 skills
drwxr-xr-x 1 10000 10000    3354 May 10 15:43 tests
drwxr-xr-x 1 10000 10000     198 May 10 15:43 tinker-atropos
drwxr-xr-x 1 10000 10000    2626 May 10 15:43 tools
-rw-r--r-- 1 10000 10000   12332 May 10 15:13 toolset_distributions.py
-rw-r--r-- 1 10000 10000   28524 May 10 15:13 toolsets.py
-rw-r--r-- 1 10000 10000   65331 May 10 15:13 trajectory_compressor.py
drwxr-xr-x 1 10000 10000     174 May 10 15:43 tui_gateway
drwxr-xr-x 1 10000 10000     366 May 10 15:43 ui-tui
-rw-r--r-- 1 10000 10000   12547 May 10 15:13 utils.py
-rw-r--r-- 1 10000 10000 1086268 May 10 15:13 uv.lock
drwxr-xr-x 1 10000 10000     294 May 10 15:43 web
drwxr-xr-x 1 10000 10000     232 May 10 15:43 website

Expected Behavior

Ability to use Chat

Actual Behavior

Chat Unavailable error in WebUI and TUI build failed and [ERROR] Failed to write to output file: open /opt/hermes/ui-tui/packages/hermes-ink/dist/entry-exports.js: permission denied

Affected Component

Setup / Installation

Messaging Platform (if gateway-related)

N/A (CLI only)

Debug Report

[hermes debug share: log content redacted at upload time. run with --no-redact to disable]
--- hermes dump ---
version:          0.13.0 (2026.5.7) [(unknown)]
os:               Linux 6.12.87-Unraid x86_64
python:           3.13.5
openai_sdk:       2.24.0
profile:          default
hermes_home:      /home/hermes/.hermes
model:            openai/gpt-5.4-nano
provider:         openrouter
terminal:         local

api_keys:
  openrouter           set
  openai               not set
  anthropic            not set
  anthropic_token      not set
  nous                 not set
  google/gemini        not set
  gemini               not set
  glm/zai              not set
  zai                  not set
  kimi                 not set
  minimax              not set
  deepseek             not set
  dashscope            not set
  huggingface          not set
  nvidia               not set
  ai_gateway           not set
  opencode_zen         not set
  opencode_go          not set
  kilocode             not set
  firecrawl            not set
  tavily               not set
  browserbase          not set
  fal                  not set
  elevenlabs           not set
  github               not set

features:
  toolsets:           hermes-cli
  mcp_servers:        0
  memory_provider:    built-in
  gateway:            running (docker (foreground), pid 7)
  platforms:          none
  cron_jobs:          0
  skills:             87

config_overrides:
  agent.max_turns: 60
  display.streaming: True
--- end dump ---


--- agent.log (last 200 lines) ---
2026-05-10 15:43:50,710 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:43:50,713 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:43:50,715 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:43:51,406 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 15:43:51,455 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/hermes-achievements/
2026-05-10 15:43:51,517 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/kanban/
2026-05-10 15:43:51,518 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 15:44:00,722 INFO tools.tirith_security: tirith not found — downloading latest release for x86_64-unknown-linux-gnu...
2026-05-10 15:44:00,751 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 15:44:00,751 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 15:44:00,756 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 15:44:00,756 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 15:44:00,861 INFO gateway.run: Connecting to api_server...
2026-05-10 15:44:00,867 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 15:44:00,871 INFO gateway.run: ✓ api_server connected
2026-05-10 15:44:00,874 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 15:44:00,880 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 15:44:01,242 INFO tools.tirith_security: cosign not on PATH — installing tirith with SHA-256 verification only (install cosign for full supply chain verification)
2026-05-10 15:44:01,464 INFO tools.tirith_security: tirith installed to /home/hermes/.hermes/bin/tirith (SHA-256 only)
2026-05-10 15:44:01,883 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 15:44:01,889 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 15:44:05,339 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:44:05,342 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:44:05,344 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:44:05,915 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 15:44:06,695 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 15:44:06,922 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)
2026-05-10 15:45:05,135 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-5 (_build):23211048224448 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano
2026-05-10 15:45:05,684 INFO agent.auxiliary_client: Vision auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 15:45:05,729 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 15:45:07,694 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 15:45:08,385 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:45:08,387 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:45:08,389 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:45:08,767 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 15:45:36,194 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-9 (_build):23211016181440 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano
2026-05-10 15:45:36,215 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 15:45:38,156 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 15:45:38,856 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 15:45:38,859 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 15:45:38,860 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 15:45:39,212 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 16:00:04,181 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 16:00:04,183 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 16:00:04,185 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 16:00:04,894 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 16:00:04,931 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/hermes-achievements/
2026-05-10 16:00:04,987 INFO hermes_cli.web_server: Mounted plugin API routes: /api/plugins/kanban/
2026-05-10 16:00:04,988 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 16:00:07,238 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 16:00:07,238 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 16:00:07,243 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 16:00:07,243 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 16:00:07,345 INFO gateway.run: Connecting to api_server...
2026-05-10 16:00:07,353 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 16:00:07,358 INFO gateway.run: ✓ api_server connected
2026-05-10 16:00:07,360 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 16:00:07,367 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 16:00:08,096 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 16:00:08,098 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 16:00:08,100 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 16:00:08,369 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 16:00:08,376 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 16:00:08,667 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled
2026-05-10 16:00:13,401 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)
2026-05-10 16:00:15,793 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 16:00:17,399 INFO run_agent: OpenAI client created (agent_init, shared=True) thread=Thread-3 (_build):23350332069568 provider=openrouter base_url=https://openrouter.ai/api/v1 model=openai/gpt-5.4-nano
2026-05-10 16:00:17,834 INFO agent.auxiliary_client: Vision auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 16:00:17,902 INFO agent.auxiliary_client: Auxiliary auto-detect: using main provider openrouter (openai/gpt-5.4-nano)
2026-05-10 16:00:19,875 INFO run_agent: Loaded environment variables from /home/hermes/.hermes/.env
2026-05-10 16:00:20,705 INFO hermes_cli.plugins: Plugin 'openai' registered image_gen provider: openai
2026-05-10 16:00:20,707 INFO hermes_cli.plugins: Plugin 'openai-codex' registered image_gen provider: openai-codex
2026-05-10 16:00:20,708 INFO hermes_cli.plugins: Plugin 'xai' registered image_gen provider: xai
2026-05-10 16:00:21,088 INFO hermes_cli.plugins: Plugin discovery complete: 12 found, 8 enabled

--- errors.log (last 100 lines) ---
2026-05-10 15:43:51,518 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 16:00:04,988 WARNING hermes_cli.web_server: Binding to 0.0.0.0 with --insecure — the dashboard has no robust authentication. Only use on trusted networks.
2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).

--- gateway.log (last 100 lines) ---
2026-05-10 15:44:00,751 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 15:44:00,751 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 15:44:00,756 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 15:44:00,756 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 15:44:00,768 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 15:44:00,861 INFO gateway.run: Connecting to api_server...
2026-05-10 15:44:00,867 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 15:44:00,871 INFO gateway.run: ✓ api_server connected
2026-05-10 15:44:00,874 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 15:44:00,880 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 15:44:01,883 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 15:44:01,889 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 15:44:06,922 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)
2026-05-10 16:00:07,238 INFO gateway.run: Starting Hermes Gateway...
2026-05-10 16:00:07,238 INFO gateway.run: Session storage: /home/hermes/.hermes/sessions
2026-05-10 16:00:07,243 INFO gateway.run: Agent budget: max_iterations=60 (agent.max_turns from config.yaml, or HERMES_MAX_ITERATIONS from .env, or default 90)
2026-05-10 16:00:07,243 INFO gateway.run: Secret redaction: ENABLED (tool output, logs, and chat responses are scrubbed before delivery)
2026-05-10 16:00:07,254 WARNING gateway.run: No user allowlists configured. All unauthorized users will be denied. Set GATEWAY_ALLOW_ALL_USERS=true in ~/.hermes/.env to allow open access, or configure platform allowlists (e.g., TELEGRAM_ALLOWED_USERS=your_id).
2026-05-10 16:00:07,345 INFO gateway.run: Connecting to api_server...
2026-05-10 16:00:07,353 INFO gateway.platforms.api_server: [Api_Server] API server listening on http://0.0.0.0:8642 (model: hermes-agent)
2026-05-10 16:00:07,358 INFO gateway.run: ✓ api_server connected
2026-05-10 16:00:07,360 INFO gateway.run: Gateway running with 1 platform(s)
2026-05-10 16:00:07,367 INFO gateway.run: Channel directory built: 0 target(s)
2026-05-10 16:00:08,369 INFO gateway.run: Press Ctrl+C to stop
2026-05-10 16:00:08,376 INFO gateway.run: Cron ticker started (interval=60s)
2026-05-10 16:00:13,401 INFO gateway.run: kanban dispatcher: embedded in gateway (interval=60.0s)

Operating System

Unraid (Slackware host)

Python Version

3.13.5 (from container)

Hermes Version

0.13.0 (2026.5.7)

Additional Logs / Traceback (optional)

docker exec --user 99:100 -it HermesAgent bash
hermes@6ebaef4a77c7:/opt/hermes$ source .venv/bin/activate
(hermes-agent) hermes@6ebaef4a77c7:/opt/hermes$ hermes version
Hermes Agent v0.13.0 (2026.5.7)
Project: /opt/hermes
Python: 3.13.5
OpenAI SDK: 2.24.0

Root Cause Analysis (optional)

No response

Proposed Fix (optional)

No response

Are you willing to submit a PR for this?

  • I'd like to fix this myself and submit a PR

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#installation#callback error#memory management#environment variable

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

hermes - ✅(Solved) Fix [Bug]: Docker with HERMES_UID; permissions issue with Dashboard chat [1 pull requests, 1 participants]