Dockerfile

# Build stage: clone and install Hermes Agent + WebUI dependencies
FROM python:3.12-slim AS builder

WORKDIR /build

# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    git \
    && rm -rf /var/lib/apt/lists/*

# Install uv system-wide
# hadolint ignore=DL4006
RUN curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh

# Clone Hermes Agent at a pinned commit
ARG HERMES_AGENT_VERSION=v2026.6.5
RUN git clone --depth 1 --branch ${HERMES_AGENT_VERSION} \
    https://github.com/NousResearch/hermes-agent.git /build/hermes-agent

# Clone Hermes WebUI at a pinned commit
ARG HERMES_WEBUI_VERSION=v0.51.350
RUN git clone --depth 1 --branch ${HERMES_WEBUI_VERSION} \
    https://github.com/nesquena/hermes-webui.git /build/hermes-webui

# Create a shared venv and install both projects
# hadolint ignore=DL3059
RUN uv venv /build/venv
ENV VIRTUAL_ENV=/build/venv
ENV PATH="/build/venv/bin:$PATH"

# Install hermes-agent with all extras (includes ML/agent deps)
# hadolint ignore=DL3013,DL3059
RUN uv pip install \
    "/build/hermes-agent[all]"

# Install hermes-webui deps (pyyaml + cryptography)
# hadolint ignore=DL3059
RUN uv pip install \
    -r /build/hermes-webui/requirements.txt

# Install uv in the venv so the webui server can use it for profile/skill management
# hadolint ignore=DL3059
RUN uv pip install \
    "uv>=0.6.0"

# Runtime stage
FROM python:3.12-slim

WORKDIR /app

# hadolint ignore=DL3008
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    git \
    openssh-client \
    && rm -rf /var/lib/apt/lists/*

# Copy the virtual environment and source trees from builder
COPY --from=builder /build/venv /opt/venv
COPY --from=builder /build/hermes-agent /opt/hermes-agent
COPY --from=builder /build/hermes-webui /app

# Set environment
ENV PATH="/opt/venv/bin:$PATH" \
    VIRTUAL_ENV=/opt/venv \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PYTHONIOENCODING=utf-8

# Tell the WebUI where to find the agent
ENV HERMES_WEBUI_AGENT_DIR=/opt/hermes-agent \
    HERMES_WEBUI_HOST=0.0.0.0 \
    HERMES_WEBUI_PORT=8787 \
    HERMES_WEBUI_STATE_DIR=/home/hermes/.hermes/webui \
    HERMES_WEBUI_DEFAULT_WORKSPACE=/workspace \
    HERMES_HOME=/home/hermes/.hermes

# Create non-root user
RUN useradd --create-home --shell /bin/bash hermes \
    && mkdir -p /workspace \
    && chown -R hermes:hermes /app /opt/venv /opt/hermes-agent /workspace /home/hermes

USER hermes

EXPOSE 8787

HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
    CMD curl -f http://localhost:8787/health || exit 1

# Run the WebUI server (which runs Hermes Agent in-process)
CMD ["python", "/app/server.py"]
feat: init 2026-06-16 10:58:51 -04:00			`# Build stage: clone and install Hermes Agent + WebUI dependencies`
			`FROM python:3.12-slim AS builder`

			`WORKDIR /build`

			`# hadolint ignore=DL3008`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`ca-certificates \`
			`curl \`
			`git \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Install uv system-wide`
			`# hadolint ignore=DL4006`
			`RUN curl -LsSf https://astral.sh/uv/install.sh \| env UV_INSTALL_DIR=/usr/local/bin sh`

			`# Clone Hermes Agent at a pinned commit`
			`ARG HERMES_AGENT_VERSION=v2026.6.5`
			`RUN git clone --depth 1 --branch ${HERMES_AGENT_VERSION} \`
			`https://github.com/NousResearch/hermes-agent.git /build/hermes-agent`

			`# Clone Hermes WebUI at a pinned commit`
			`ARG HERMES_WEBUI_VERSION=v0.51.350`
			`RUN git clone --depth 1 --branch ${HERMES_WEBUI_VERSION} \`
			`https://github.com/nesquena/hermes-webui.git /build/hermes-webui`

			`# Create a shared venv and install both projects`
			`# hadolint ignore=DL3059`
			`RUN uv venv /build/venv`
			`ENV VIRTUAL_ENV=/build/venv`
			`ENV PATH="/build/venv/bin:$PATH"`

			`# Install hermes-agent with all extras (includes ML/agent deps)`
			`# hadolint ignore=DL3013,DL3059`
			`RUN uv pip install \`
			`"/build/hermes-agent[all]"`

			`# Install hermes-webui deps (pyyaml + cryptography)`
			`# hadolint ignore=DL3059`
			`RUN uv pip install \`
			`-r /build/hermes-webui/requirements.txt`

			`# Install uv in the venv so the webui server can use it for profile/skill management`
			`# hadolint ignore=DL3059`
			`RUN uv pip install \`
			`"uv>=0.6.0"`

			`# Runtime stage`
			`FROM python:3.12-slim`

			`WORKDIR /app`

			`# hadolint ignore=DL3008`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`ca-certificates \`
			`curl \`
			`git \`
			`openssh-client \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Copy the virtual environment and source trees from builder`
			`COPY --from=builder /build/venv /opt/venv`
			`COPY --from=builder /build/hermes-agent /opt/hermes-agent`
			`COPY --from=builder /build/hermes-webui /app`

			`# Set environment`
			`ENV PATH="/opt/venv/bin:$PATH" \`
			`VIRTUAL_ENV=/opt/venv \`
			`PYTHONDONTWRITEBYTECODE=1 \`
			`PYTHONUNBUFFERED=1 \`
			`PYTHONIOENCODING=utf-8`

			`# Tell the WebUI where to find the agent`
			`ENV HERMES_WEBUI_AGENT_DIR=/opt/hermes-agent \`
			`HERMES_WEBUI_HOST=0.0.0.0 \`
			`HERMES_WEBUI_PORT=8787 \`
			`HERMES_WEBUI_STATE_DIR=/home/hermes/.hermes/webui \`
			`HERMES_WEBUI_DEFAULT_WORKSPACE=/workspace \`
			`HERMES_HOME=/home/hermes/.hermes`

			`# Create non-root user`
			`RUN useradd --create-home --shell /bin/bash hermes \`
			`&& mkdir -p /workspace \`
			`&& chown -R hermes:hermes /app /opt/venv /opt/hermes-agent /workspace /home/hermes`

			`USER hermes`

			`EXPOSE 8787`

			`HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \`
			`CMD curl -f http://localhost:8787/health \|\| exit 1`

			`# Run the WebUI server (which runs Hermes Agent in-process)`
			`CMD ["python", "/app/server.py"]`