Files
hermes-control-panel/docs/superpowers/plans/2026-06-08-portainer-hermes-runtime.md
T

2.0 KiB

Portainer Hermes Runtime Implementation Plan

For agentic workers: REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (- [ ]) syntax for tracking.

Goal: Bake Hermes into the image while preserving optional host-mounted provider authentication state.

Architecture: Install a pinned Hermes revision at /opt/hermes-agent, route all Hermes-backed services through a validating entrypoint, and retain host bind mounts only for mutable state and provider authentication.

Tech Stack: Docker, Docker Compose, Bash, Node.js 20, Python 3.11, node:test


Task 1: Deployment Contract Tests

Files:

  • Modify: test/compose-contract.test.cjs

  • Create: test/docker-entrypoint.test.cjs

  • Assert Compose uses /opt/hermes-agent/venv/bin/hermes.

  • Assert the four native state paths remain host bind mounts.

  • Assert empty state is initialized without requiring provider auth.

  • Assert existing config is preserved.

Task 2: Baked Hermes Runtime

Files:

  • Modify: Dockerfile

  • Create: docker-entrypoint.sh

  • Install Python, Git, and build dependencies.

  • Clone the pinned Hermes revision into /opt/hermes-agent.

  • Create the Hermes virtual environment and install Hermes.

  • Validate the executable during image build.

  • Add startup validation and missing-config initialization.

Task 3: Compose and Documentation

Files:

  • Modify: docker-compose.yml

  • Modify: .env.example

  • Modify: README.md

  • Point all services at the baked executable.

  • Retain configurable host bind mounts for mutable provider state.

  • Document that provider directories may be empty.

  • Document Portainer rebuild and NPM forwarding settings.

Task 4: Verification

  • Run focused deployment tests.
  • Run npm test.
  • Run npm run check.
  • Build the Docker image.
  • Run the built image with empty temporary bind mounts and verify /health.