PR #17674: fix(docker): chown .venv to hermes user for plugin installs (#17636)

• Repository: NousResearch/hermes-agent
• Author: Tranquil-Flow
• State: open | merged: False
• Link: https://github.com/NousResearch/hermes-agent/pull/17674

Description (problem / solution / changelog)

What does this PR do?

`uv venv` and `uv pip install --no-cache-dir -e ".[all]"` ran while the build was still `USER root`, so `/opt/hermes/.venv` ended up root-owned. When the container started as the unprivileged `hermes` user (the default for `docker compose up` and `docker run`), `hermes memory setup`, `hermes skills install`, and any other path that called `uv pip install --python /opt/hermes/.venv/bin/python ...` failed with `EACCES` on the venv's site-packages directory:

``` ⚠ Failed to install hindsight-client>=0.4.22 error: Failed to create directory `/opt/hermes/.venv/lib/python3.13/site-packages/hindsight_client_api` Caused by: Permission denied (os error 13) ```

This means no plugin install path (memory plugins, knowledge bases, hub-installed skills) works under Docker out-of-the-box.

Two-part fix:

1. Dockerfile: `chown -R hermes:hermes /opt/hermes/.venv` immediately after `uv pip install` so the default uid-10000 case works without any `HERMES_UID` override.
2. `docker/entrypoint.sh`: extend the existing `$HERMES_HOME` chown block to also chown `$INSTALL_DIR/.venv` whenever the entrypoint remaps the hermes UID/GID. Without this, the build-time chown becomes stale as soon as someone runs `HERMES_UID=$(id -u) docker compose up` (the documented `docker-compose.yml` pattern) and the bug returns.

Related Issue

Fixes #17636

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• `Dockerfile`: the `Python virtualenv` RUN step now ends with `chown -R hermes:hermes /opt/hermes/.venv` (3-line diff incl. comment).
• `docker/entrypoint.sh`: the existing `if [ "$needs_chown" = true ]` block now also chowns `$INSTALL_DIR/.venv` after `$HERMES_HOME`. The new step uses the same `2>/dev/null || echo Warning…` pattern as the existing chown for rootless-Podman compatibility.
• `tests/tools/test_dockerfile_venv_perms.py`: two new contract tests (`test_dockerfile_makes_venv_writable_by_hermes_user`, `test_entrypoint_rechowns_venv_when_hermes_uid_is_remapped`) that mirror the line-number-agnostic style of `test_dockerfile_pid1_reaping.py`. Both tests fail on main and pass with this fix.

How to Test

1. Without HERMES_UID override (default case): ``` docker build -t hermes-agent . docker run --rm -d --name hermes hermes-agent sleep infinity docker exec -it -u hermes hermes /opt/hermes/.venv/bin/hermes memory setup ``` This currently fails on main with `Failed to create directory ... Permission denied`. With this PR, the install proceeds.

2. With HERMES_UID override (`docker compose` default pattern): ``` HERMES_UID=$(id -u) HERMES_GID=$(id -g) docker compose up -d docker exec -it -u hermes hermes hermes memory setup ``` The entrypoint logs `Fixing ownership of /opt/data ...` and the new `chown of /opt/hermes/.venv` step. `uv pip install` works.

3. Contract tests: ``` pytest tests/tools/test_dockerfile_venv_perms.py tests/tools/test_dockerfile_pid1_reaping.py -v ``` 8 pass (2 new + 6 existing). The 2 new tests fail without this fix.

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (`fix(scope):`, `feat(scope):`, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run `pytest tests/tools/test_dockerfile_venv_perms.py tests/tools/test_dockerfile_pid1_reaping.py -q` and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: macOS 15.x (Dockerfile linting + contract tests; Docker exec verification noted above)

Documentation & Housekeeping

• I've updated relevant documentation (README, `docs/`, docstrings) — or N/A
• I've updated `cli-config.yaml.example` if I added/changed config keys — or N/A
• I've updated `CONTRIBUTING.md` or `AGENTS.md` if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A. Rootless Podman is preserved by reusing the existing `2>/dev/null || echo Warning…` pattern.
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

Changed files

• Dockerfile (modified, +4/-1)
• docker/entrypoint.sh (modified, +5/-0)
• tests/tools/test_dockerfile_venv_perms.py (added, +125/-0)