# Hermes Agent — Docker Compose Stack
# Brings up the agent + messaging gateway as a single unit.
#
# Usage:
#   docker compose up -d          # start in background
#   docker compose logs -f        # follow logs
#   docker compose down           # stop and remove containers
#   docker compose pull && docker compose up -d  # rolling update
#
# Secrets:
#   Never commit .env to version control. Copy .env.example → .env and fill it in.
#   See DEPLOY.md for the full environment-variable reference.

services:
  hermes:
    image: ghcr.io/nousresearch/hermes-agent:latest
    # To build locally instead:
    # build:
    #   context: ..
    #   dockerfile: ../Dockerfile
    container_name: hermes-agent
    restart: unless-stopped

    # Bind-mount the data volume so state (sessions, logs, memories, cron)
    # survives container replacement.
    volumes:
      - hermes_data:/opt/data

    # Load secrets from the .env file next to docker-compose.yml.
    # The file is bind-mounted at runtime; it is NOT baked into the image.
    env_file:
      - ../.env

    environment:
      # Override the data directory so it always points at the volume.
      HERMES_HOME: /opt/data

    # Expose the OpenAI-compatible API server (if api_server platform enabled).
    # Comment out or remove if you are not using the API server.
    ports:
      - "127.0.0.1:8642:8642"

    healthcheck:
      # Hits the API server's /health endpoint.  The gateway writes its own
      # health state to /opt/data/gateway_state.json — checked by the
      # health-check script in scripts/deploy-validate.
      test: ["CMD", "python3", "-c",
             "import urllib.request; urllib.request.urlopen('http://localhost:8642/health', timeout=5)"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s

    # The container does not need internet on a private network;
    # restrict egress as needed via your host firewall.
    networks:
      - hermes_net

    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "5"

    # Resource limits: tune for your VPS size.
    # 2 GB RAM and 1.5 CPUs work for most conversational workloads.
    deploy:
      resources:
        limits:
          cpus: "1.5"
          memory: 2G
        reservations:
          memory: 512M

volumes:
  hermes_data:
    # Named volume — Docker manages the lifecycle.
    # To inspect: docker volume inspect hermes_data
    # To back up:
    #   docker run --rm -v hermes_data:/data -v $(pwd):/backup \
    #     alpine tar czf /backup/hermes_data_$(date +%F).tar.gz /data

networks:
  hermes_net:
    driver: bridge