hermes-render/render.yaml at main · render-examples/hermes-render · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# yaml-language-server: $schema=https://render.com/schema/render.yaml.json
#
# Hermes Agent on Render
# https://github.com/NousResearch/hermes-agent
#
# Single web service running the upstream Docker image. The container runs
# the gateway as the foreground process and the dashboard as a background
# side-process (HERMES_DASHBOARD=1). Render's public URL serves the
# dashboard on port 10000; persistent state lives on a 5 GB disk mounted
# at /opt/data, which is the upstream HERMES_HOME default.
#
# Pinned to a specific tag so deploys are reproducible. To update Hermes,
# bump the image tag and trigger a deploy.

services:
  - type: web
    name: hermes
    runtime: image
    region: oregon
    plan: standard
    image:
      url: docker.io/nousresearch/hermes-agent:v2026.5.7
    # On Render, `dockerCommand` replaces both the image's CMD AND its
    # ENTRYPOINT. We replicate the upstream ENTRYPOINT chain (tini →
    # entrypoint.sh) and pass `gateway run` as the foreground subcommand.
    # The two `touch` lines and the `chown -R` work around upstream
    # bugs that prevent the in-browser Chat tab from connecting:
    #
    #   1. `chown -R hermes:hermes /opt/hermes/ui-tui /opt/hermes/node_modules`
    #      Workaround for issue #20500: in older v2026.x images the
    #      tree shipped root-owned but the dashboard runs as hermes.
    #      Fixed in v2026.5.7's Dockerfile, but harmless to repeat.
    #
    #   2. `touch .../packages/hermes-ink/dist/ink-bundle.js`
    #      The Python staleness check in hermes_cli/main.py looks for
    #      `dist/ink-bundle.js`, but `@hermes/ink`'s build script is
    #      `esbuild src/entry-exports.ts --outdir=dist`, which only
    #      produces `dist/entry-exports.js`. The expected `ink-bundle.js`
    #      is never created, so `_hermes_ink_bundle_stale()` always
    #      returns True. Every /api/pty connection then triggers a
    #      runtime `npm run build` that takes 28+ seconds, which exceeds
    #      Render/Cloudflare's WebSocket-upgrade idle timeout, and the
    #      Chat tab fails with HTTP 500. Touching the expected path
    #      makes the staleness check return False instantly.
    #
    #   3. `touch /opt/hermes/ui-tui/dist/entry.js`
    #      Bumps the entry.js mtime above any source `.ts/.tsx` file,
    #      so `_tui_build_needed()` also short-circuits. Without this,
    #      mtime drift between Docker layer commits triggers another
    #      runtime build for the same reason as above.
    dockerCommand: /bin/sh -c touch /opt/hermes/ui-tui/packages/hermes-ink/dist/ink-bundle.js /opt/hermes/ui-tui/dist/entry.js && chown -R hermes:hermes /opt/hermes/ui-tui /opt/hermes/node_modules && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh gateway run
    autoDeployTrigger: off
    healthCheckPath: /api/status

    disk:
      name: hermes-data
      mountPath: /opt/data
      sizeGB: 5

    envVars:
      # The Blueprint only carries vars that change how the container boots.
      # All provider keys, tool keys, and chat platform tokens are set
      # through the Hermes dashboard (API Keys tab), which writes them to
      # /opt/data/.env on the persistent disk.

      # Dashboard side-process. The entrypoint backgrounds `hermes dashboard`
      # before exec'ing `gateway run` whenever HERMES_DASHBOARD is truthy.
      # HERMES_DASHBOARD_HOST=0.0.0.0 makes the entrypoint pass --insecure
      # so the dashboard accepts non-loopback binds.
      - key: HERMES_DASHBOARD
        value: "1"
      - key: HERMES_DASHBOARD_HOST
        value: "0.0.0.0"
      - key: HERMES_DASHBOARD_PORT
        value: "10000"
      # Exposes a Chat tab in the dashboard that embeds the full Hermes TUI
      # over a server-side PTY + xterm.js. This is how you chat with the
      # agent without a real terminal on the host side.
      - key: HERMES_DASHBOARD_TUI
        value: "1"

      # Generated once at first deploy. Reuse this value as API_SERVER_KEY
      # in the dashboard if you later opt into the OpenAI-compatible API
      # server (API_SERVER_ENABLED=true).
      - key: HERMES_GATEWAY_TOKEN
        generateValue: true