From a0bffe7a4f6acd4f7717fb751744cb9e917f9484 Mon Sep 17 00:00:00 2001
From: Stephen Chin <steveonjava@gmail.com>
Date: Sun, 3 May 2026 15:22:11 -0700
Subject: [PATCH] feat(hermesagent): replace shim+system-unit pattern with
 hermes-native user services
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous approach used a /usr/bin/hermes shim to proxy commands from root
to the hermes user, and a hand-crafted system-level systemd unit for the
gateway. This worked for the default profile but broke down for named profiles:

- hermes profile create <name> generates an alias script in
  ~/.local/bin/<name> that calls hermes with -p <name>. These aliases live
  in the hermes user's PATH, not root's, so root could not invoke them.
- Maintaining parity would require per-profile shims, a watcher daemon to
  create/remove them, and system-unit mirrors for each profile gateway — all
  of which would need to stay in sync with hermes internals across updates.

New approach — work with hermes, not around it:

- loginctl enable-linger hermes: ensures the hermes user's systemd session
  starts at boot and persists without login. All user-unit gateways (default
  and per-profile) now survive reboots automatically.
- Gateway service management delegated entirely to hermes: 'hermes gateway
  install' / 'hermes setup' create and enable the user unit natively.
  The install script no longer pre-installs the gateway; hermes prompts the
  user to do so at the end of 'hermes setup'.
- hermes-dashboard.service remains a system unit (no native install command
  exists for it). Its After= no longer references hermes-gateway.service
  since there is no system-unit gateway to depend on.
- /usr/bin/hermes shim removed. Root is guided to 'su - hermes' via a two-
  line /etc/profile.d/hermes-hint.sh message on login, with a one-liner to
  make the switch automatic. Once logged in as hermes, all hermes commands,
  profile aliases, and gateway management work natively.
- update_script simplified: only hermes-dashboard (our unit) is stopped and
  restarted. hermes update --yes handles gateway service lifecycle itself.
---
 ct/hermesagent.sh              |  3 +--
 install/hermesagent-install.sh | 44 ++++++----------------------------
 2 files changed, 8 insertions(+), 39 deletions(-)

diff --git a/ct/hermesagent.sh b/ct/hermesagent.sh
index b9f2b5b0..cd71e1b3 100644
--- a/ct/hermesagent.sh
+++ b/ct/hermesagent.sh
@@ -31,7 +31,6 @@ function update_script() {
 
   msg_info "Stopping Services"
   systemctl stop hermes-dashboard
-  systemctl stop hermes-gateway
   msg_ok "Stopped Services"
 
   msg_info "Updating ${APP}"
@@ -43,7 +42,6 @@ function update_script() {
   msg_ok "Updated ${APP}"
 
   msg_info "Starting Services"
-  systemctl start hermes-gateway
   systemctl start hermes-dashboard
   msg_ok "Started Services"
   msg_ok "Updated successfully!"
@@ -58,6 +56,7 @@ msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Connect via SSH and configure your LLM provider:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}ssh root@${IP}${CL}"
+echo -e "${TAB}${BGN}su - hermes${CL}"
 echo -e "${TAB}${BGN}hermes setup${CL}"
 echo -e "${INFO}${YW} API Server (OpenAI-compatible):${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8642/v1${CL}"
diff --git a/install/hermesagent-install.sh b/install/hermesagent-install.sh
index 9c4dcf12..3e4d58bd 100644
--- a/install/hermesagent-install.sh
+++ b/install/hermesagent-install.sh
@@ -22,6 +22,7 @@ NODE_VERSION="22" setup_nodejs
 
 msg_info "Creating Hermes User"
 useradd -m -s /bin/bash hermes
+loginctl enable-linger hermes
 msg_ok "Created Hermes User"
 
 msg_info "Installing Hermes Agent"
@@ -60,38 +61,11 @@ chmod 750 /home/hermes
 chmod 700 /home/hermes/.hermes
 msg_ok "Configured API Server"
 
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/hermes-gateway.service
-[Unit]
-Description=Hermes Agent Gateway
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-User=hermes
-Group=hermes
-UMask=0077
-WorkingDirectory=/home/hermes
-ExecStart=/home/hermes/.local/bin/hermes gateway run --replace
-Environment="HERMES_HOME=/home/hermes/.hermes"
-Environment="HOME=/home/hermes"
-Restart=on-failure
-RestartSec=5
-ProtectProc=invisible
-ProcSubset=pid
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now hermes-gateway
-msg_ok "Created Service"
-
 msg_info "Creating Dashboard Service"
 cat <<EOF >/etc/systemd/system/hermes-dashboard.service
 [Unit]
 Description=Hermes Agent Web Dashboard
-After=network-online.target hermes-gateway.service
+After=network-online.target
 Wants=network-online.target
 
 [Service]
@@ -116,18 +90,14 @@ EOF
 systemctl enable -q --now hermes-dashboard
 msg_ok "Created Dashboard Service"
 
-msg_info "Creating Hermes Shim"
-cat <<'EOF' >/usr/bin/hermes
-#!/bin/bash
-cd /home/hermes
+msg_info "Configuring Login Guidance"
+cat <<'EOF' >/etc/profile.d/hermes-hint.sh
 if [[ "$(id -u)" -eq 0 ]]; then
-  exec runuser -u hermes -- /home/hermes/.local/bin/hermes "$@"
-else
-  exec /home/hermes/.local/bin/hermes "$@"
+  echo "  Run 'su - hermes' to manage Hermes Agent and profiles."
+  echo "  To auto-switch on login: echo 'exec su - hermes' >> /root/.bash_profile"
 fi
 EOF
-chmod +x /usr/bin/hermes
-msg_ok "Created Hermes Shim"
+msg_ok "Configured Login Guidance"
 
 motd_ssh
 customize