hermes - 💡(How to fix) Fix Installer: add a non-sudo Playwright/browser install mode for production service users

Problem or Use Case

I run Hermes Agent on a VPS with a dedicated non-sudo service user.

Deployment model:

• human admin user: installs system packages and manages firewall/systemd
• Hermes service user: runs Hermes Gateway and owns Hermes runtime state
• the Hermes service user intentionally has no sudo privileges
• the Hermes service user is not in the docker group
• execution uses the Hermes Docker backend with rootless Podman

In this model, browser/Playwright system dependencies are host-admin responsibilities. They can be installed separately by the admin user through explicit sudo steps.

The problem is that the one-line installer can reach the Playwright/Chromium setup step and attempt to install system dependencies through sudo.

Example installer output:

Installing browser engine (Playwright Chromium)...
Playwright may request sudo to install browser system dependencies (shared libraries).
Installing dependencies...
Switching to root user to install dependencies...
[sudo] password for <service-user>:

For a dedicated non-sudo service user, this either hangs, fails, or leaves a partial install state.

This is expected from a least-privilege security perspective. The service user should not have sudo. The Hermes installer should still be able to install the core agent under a non-sudo service user without requiring Playwright system dependency installation.

Proposed Solution

Please add a supported installer option that separates Hermes core installation from Playwright/browser system dependency installation.

The exact flag or environment variable name is not important. Any of the following would solve the problem:

INSTALL_PLAYWRIGHT_DEPS=0 bash install.sh

or:

SKIP_PLAYWRIGHT_DEPS=1 bash install.sh

or CLI flags such as:

bash install.sh --skip-browser
bash install.sh --skip-playwright
bash install.sh --playwright-no-with-deps
bash install.sh --browser-install-mode=none
bash install.sh --browser-install-mode=chromium-only
bash install.sh --browser-install-mode=with-deps

The important behavior is:

1. Install Hermes Agent normally.
2. Do not invoke sudo from the installer unless explicitly requested.
3. Do not run npx playwright install --with-deps chromium unless explicitly requested.
4. Allow an admin to install system dependencies separately.
5. Optionally allow the non-sudo service user to run only:

npx playwright install chromium

after system dependencies are already present.

Ideally, the installer would support three browser install modes:

• none: do not install browser tooling during agent install
• chromium-only: install the Playwright-managed Chromium binary without system dependencies
• with-deps: install Chromium and system dependencies, current one-click behavior

Alternatives Considered

I considered installing Playwright/Chromium system dependencies manually before running the Hermes installer.

That works for the system packages, but it does not fully solve the installer problem if the installer still calls Playwright with --with-deps, because Playwright can still attempt to invoke sudo from the non-sudo service user.

I also considered temporarily giving the Hermes service user sudo privileges, but that breaks the least-privilege deployment model and is not desirable for production-like VPS deployments.

Another workaround is to download install.sh, patch the Playwright command from:

npx playwright install --with-deps chromium

to:

npx playwright install chromium

or skip the browser step entirely.

That workaround is acceptable for local testing, but it would be better to have an official supported installer flag or environment variable.

Feature Type

CLI improvement

Scope

Small (single file, < 50 lines)

Contribution

• I'd like to implement this myself and submit a PR

Debug Report (optional)