feat(skills): codify Phase 2 deploy-time hotfixes into installer + service modules #126

Closed

mik-tf wants to merge 1 commit from development_mik_phase2_install into development

pull from: development_mik_phase2_install

merge into: lhumina_code:development

lhumina_code:development

lhumina_code:feat/service_os-bundles-and-islands-build

lhumina_code:development_fix_livekit_config_consistency_153

lhumina_code:develop_hero_claude

lhumina_code:fix/client-root-scope-hint-151

lhumina_code:main

Conversation 1 Commits 1 Files changed 8 +466 -8

mik-tf commented 2026-04-25 16:16:06 +00:00

Owner

Copy link

Bundles the manual fixups previously documented in §4.5 / §10 / §11 of docs/ops/DEPLOYMENT_NU_HERO_OS.md (tracker home#185) so a fresh herodemo-style deploy reaches working state without manual hero_proc action.set or docker run invocations.

Changes

Installers (tools/modules/installers/installers.nu)

• install_base now also installs libreoffice-{core,impress,writer,calc} for at-click PDF preview — closes home#178
• install_chrome — Google's apt repo + google-chrome-stable; the snap chromium fails on TF Grid flists — closes home#177
• install_onnxruntime — installs ONNX Runtime 1.23.2 → /usr/local/onnxruntime AND 1.24.4 → /usr/local/onnxruntime-1.24 side-by-side, so hero_embedder (rc.11 → 1.23.2) and hero_voice (rc.12 → 1.24.x) can each link the version their ort-sys wants — closes home#162; partial home#173
• install_docker_btrfs — apt-installs docker.io, configures /etc/docker/daemon.json with data-root=/data/docker + storage-driver=btrfs, starts dockerd via systemctl OR nohup fallback for TF Grid VMs — closes home#181
• install_core invokes all three after install_base

Bootstrap (tools/install.sh)

• HERO_ROOTDIR env override on find_rootdir(), so non-interactive deploys (TF Grid provisioning, CI) can skip the macOS external-disk prompt and the default $HOME/hero pick — closes home#164

Service env wiring

• service_embedder.nu — adds ORT_LIB_LOCATION=/usr/local/onnxruntime/lib + LD_LIBRARY_PATH + EMBEDDER_MODELS=$HOME/hero/var/embedder/models to the hero_embedderd action — closes home#166 for embedder
• service_voice.nu — adds ORT_LIB_LOCATION=/usr/local/onnxruntime-1.24/lib + LD_LIBRARY_PATH + ORT_PREFER_DYNAMIC_LINK=1 to both hero_voice_server and hero_voice_ui actions; without ORT_PREFER_DYNAMIC_LINK the static-link fallback fails at runtime — closes home#166 for voice; deploy-side home#170
• service_office.nu — forwards OO_UPSTREAM_BASE env to the hero_office_ui action (browser-side OO_SERVER_URL is HTTPS-public, but the reverse proxy needs the internal HTTP target; the split is essential — see PR #3 on hero_office)
• packages.nu — uncomments service_voice in services_extra (was disabled before ONNX 1.24 was sorted out)

New module: tools/modules/services/service_onlyoffice.nu

Manages the OnlyOffice Document Server Docker container that hero_office depends on. Standalone (not hero_proc-supervised — OO ships as a Docker image, restart-policy=unless-stopped keeps it alive).

• install — docker pull onlyoffice/documentserver
• start — docker run with JWT_ENABLED + JWT_SECRET + waits for /healthcheck → true (~5 min timeout)
• stop / status / restart
• Env-overridable: ONLYOFFICE_BIND_ADDR (default 10.1.2.2:8088), ONLYOFFICE_JWT_SECRET, ONLYOFFICE_IMAGE

Closes home#174 deploy-side.

New service_complete aggregator (tools/modules/services/packages.nu)

service_install_all only builds binaries; per-service start does the hero_proc action.set / service.set / service.start dance. service_complete glues them together:

• Phase 1 = service_install_all
• Phase 2 = start on every runtime service in dependency order

Skips service_lib_rhai (library, no runtime). Re-exported from services/mod.nu.

Closes home#167.

Validation

Every changed module loads cleanly under nu -c "use ..." (parser-only — runtime validation needs a TF Grid VM).

Tracker

home#185

Signed-off-by: mik-tf

Bundles the manual fixups previously documented in §4.5 / §10 / §11 of `docs/ops/DEPLOYMENT_NU_HERO_OS.md` (tracker [home#185](https://forge.ourworld.tf/lhumina_code/home/issues/185)) so a fresh herodemo-style deploy reaches working state without manual `hero_proc action.set` or `docker run` invocations. ## Changes ### Installers (`tools/modules/installers/installers.nu`) - `install_base` now also installs `libreoffice-{core,impress,writer,calc}` for at-click PDF preview — closes [home#178](https://forge.ourworld.tf/lhumina_code/home/issues/178) - `install_chrome` — Google's apt repo + `google-chrome-stable`; the snap chromium fails on TF Grid flists — closes [home#177](https://forge.ourworld.tf/lhumina_code/home/issues/177) - `install_onnxruntime` — installs ONNX Runtime 1.23.2 → `/usr/local/onnxruntime` AND 1.24.4 → `/usr/local/onnxruntime-1.24` side-by-side, so hero_embedder (rc.11 → 1.23.2) and hero_voice (rc.12 → 1.24.x) can each link the version their `ort-sys` wants — closes [home#162](https://forge.ourworld.tf/lhumina_code/home/issues/162); partial [home#173](https://forge.ourworld.tf/lhumina_code/home/issues/173) - `install_docker_btrfs` — apt-installs `docker.io`, configures `/etc/docker/daemon.json` with `data-root=/data/docker` + `storage-driver=btrfs`, starts dockerd via `systemctl` OR `nohup` fallback for TF Grid VMs — closes [home#181](https://forge.ourworld.tf/lhumina_code/home/issues/181) - `install_core` invokes all three after `install_base` ### Bootstrap (`tools/install.sh`) - `HERO_ROOTDIR` env override on `find_rootdir()`, so non-interactive deploys (TF Grid provisioning, CI) can skip the macOS external-disk prompt and the default `$HOME/hero` pick — closes [home#164](https://forge.ourworld.tf/lhumina_code/home/issues/164) ### Service env wiring - `service_embedder.nu` — adds `ORT_LIB_LOCATION=/usr/local/onnxruntime/lib` + `LD_LIBRARY_PATH` + `EMBEDDER_MODELS=$HOME/hero/var/embedder/models` to the `hero_embedderd` action — closes [home#166](https://forge.ourworld.tf/lhumina_code/home/issues/166) for embedder - `service_voice.nu` — adds `ORT_LIB_LOCATION=/usr/local/onnxruntime-1.24/lib` + `LD_LIBRARY_PATH` + `ORT_PREFER_DYNAMIC_LINK=1` to both `hero_voice_server` and `hero_voice_ui` actions; without `ORT_PREFER_DYNAMIC_LINK` the static-link fallback fails at runtime — closes [home#166](https://forge.ourworld.tf/lhumina_code/home/issues/166) for voice; deploy-side [home#170](https://forge.ourworld.tf/lhumina_code/home/issues/170) - `service_office.nu` — forwards `OO_UPSTREAM_BASE` env to the `hero_office_ui` action (browser-side `OO_SERVER_URL` is HTTPS-public, but the reverse proxy needs the internal HTTP target; the split is essential — see PR [#3](https://forge.ourworld.tf/lhumina_code/hero_office/pulls/3) on hero_office) - `packages.nu` — uncomments `service_voice` in `services_extra` (was disabled before ONNX 1.24 was sorted out) ### New module: `tools/modules/services/service_onlyoffice.nu` Manages the OnlyOffice Document Server Docker container that hero_office depends on. Standalone (not hero_proc-supervised — OO ships as a Docker image, `restart-policy=unless-stopped` keeps it alive). - `install` — `docker pull onlyoffice/documentserver` - `start` — `docker run` with `JWT_ENABLED` + `JWT_SECRET` + waits for `/healthcheck` → `true` (~5 min timeout) - `stop` / `status` / `restart` - Env-overridable: `ONLYOFFICE_BIND_ADDR` (default `10.1.2.2:8088`), `ONLYOFFICE_JWT_SECRET`, `ONLYOFFICE_IMAGE` Closes [home#174](https://forge.ourworld.tf/lhumina_code/home/issues/174) deploy-side. ### New `service_complete` aggregator (`tools/modules/services/packages.nu`) `service_install_all` only builds binaries; per-service `start` does the `hero_proc action.set` / `service.set` / `service.start` dance. `service_complete` glues them together: - Phase 1 = `service_install_all` - Phase 2 = `start` on every runtime service in dependency order Skips `service_lib_rhai` (library, no runtime). Re-exported from `services/mod.nu`. Closes [home#167](https://forge.ourworld.tf/lhumina_code/home/issues/167). ## Validation Every changed module loads cleanly under `nu -c "use ..."` (parser-only — runtime validation needs a TF Grid VM). ## Tracker [home#185](https://forge.ourworld.tf/lhumina_code/home/issues/185) Signed-off-by: mik-tf

mik-tf added 1 commit 2026-04-25 16:16:06 +00:00

feat(skills): codify Phase 2 deploy-time hotfixes into installer + service modules ... b7051cf131

Bundles the manual fixups previously documented in §4.5 / §10 / §11 of
DEPLOYMENT_NU_HERO_OS.md (lhumina_code/home#185)
so a fresh herodemo-style deploy reaches working state without manual
hero_proc action.set or docker run invocations.

Installers (tools/modules/installers/installers.nu):
- install_base now also installs libreoffice-{core,impress,writer,calc}
  for at-click PDF preview (closes
  lhumina_code/home#178)
- install_chrome — adds Google's apt repo + installs google-chrome-stable;
  the snap chromium fails on TF Grid flists (closes
  lhumina_code/home#177)
- install_onnxruntime — installs ONNX Runtime 1.23.2 → /usr/local/onnxruntime
  AND 1.24.4 → /usr/local/onnxruntime-1.24 side-by-side, so hero_embedder
  (rc.11 → 1.23.2) and hero_voice (rc.12 → 1.24.x) can each link the
  version their ort-sys wants (closes
  lhumina_code/home#162; partial
  lhumina_code/home#173)
- install_docker_btrfs — apt-installs docker.io, configures
  /etc/docker/daemon.json with data-root=/data/docker + storage-driver=btrfs,
  starts dockerd via systemctl OR nohup fallback for TF Grid VMs (closes
  lhumina_code/home#181)
- install_core invokes all three after install_base

Bootstrap (tools/install.sh):
- HERO_ROOTDIR env override on find_rootdir(), so non-interactive deploys
  (TF Grid provisioning, CI) can skip the macOS external-disk prompt and
  the default $HOME/hero pick (closes
  lhumina_code/home#164)

Service env wiring:
- service_embedder.nu — adds ORT_LIB_LOCATION=/usr/local/onnxruntime/lib +
  LD_LIBRARY_PATH + EMBEDDER_MODELS=$HOME/hero/var/embedder/models to the
  hero_embedderd action (closes
  lhumina_code/home#166 for embedder)
- service_voice.nu — adds ORT_LIB_LOCATION=/usr/local/onnxruntime-1.24/lib +
  LD_LIBRARY_PATH + ORT_PREFER_DYNAMIC_LINK=1 to both hero_voice_server and
  hero_voice_ui actions; without ORT_PREFER_DYNAMIC_LINK the static-link
  fallback fails at runtime (closes
  lhumina_code/home#166 for voice;
  lhumina_code/home#170 deploy-side)
- service_office.nu — forwards OO_UPSTREAM_BASE env to the hero_office_ui
  action (browser-side OO_SERVER_URL is HTTPS-public, but the reverse
  proxy needs the internal HTTP target; the split is essential — see
  PR #3 on hero_office)
- packages.nu — uncomments service_voice in services_extra (was disabled
  before ONNX 1.24 was sorted out)

New module (tools/modules/services/service_onlyoffice.nu):
- Manages the OnlyOffice Document Server Docker container that
  hero_office depends on. Standalone (not hero_proc-supervised — OO
  ships as a Docker image, restart-policy=unless-stopped keeps it alive).
- install — docker pull onlyoffice/documentserver
- start  — docker run with JWT_ENABLED + JWT_SECRET + waits for
           /healthcheck → "true" (~5 min timeout)
- stop / status / restart
- Env-overridable: ONLYOFFICE_BIND_ADDR (default 10.1.2.2:8088),
  ONLYOFFICE_JWT_SECRET, ONLYOFFICE_IMAGE
- Closes lhumina_code/home#174 deploy-side

New service_complete aggregator (tools/modules/services/packages.nu):
- service_install_all only builds binaries; per-service `start` does the
  hero_proc action.set / service.set / service.start dance.  service_complete
  glues them together: phase 1 = service_install_all, phase 2 = `start`
  on every runtime service in dependency order.  Skips service_lib_rhai
  (library, no runtime).  Re-exported from services/mod.nu.
- Closes lhumina_code/home#167

Validation: every changed module loads cleanly under `nu -c "use ..."`
(parser-only — runtime needs a TF Grid VM).

Tracker: lhumina_code/home#185

Signed-off-by: mik-tf

mik-tf referenced this pull request from a commit 2026-04-25 16:21:34 +00:00

feat(skills): codify Phase 2 deploy-time hotfixes into installer + service modules (#126)

mik-tf closed this pull request 2026-04-25 16:21:38 +00:00

mik-tf commented 2026-04-25 16:21:47 +00:00

Author

Owner

Copy link

Squash-merged to development as 7c823d1. 7c823d1

Feature branch development_mik_phase2_install deleted.

Closed home issues: #162, #164, #166, #167, #177, #178, #181. Partials (deploy-side): #170, #173, #174.

Squash-merged to `development` as `7c823d1`. https://forge.ourworld.tf/lhumina_code/hero_skills/commit/7c823d1 Feature branch `development_mik_phase2_install` deleted. Closed home issues: #162, #164, #166, #167, #177, #178, #181. Partials (deploy-side): #170, #173, #174.

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:21:59 +00:00

[ops] Formalize the nu-shell OSIS seed step — canonical hero_zero_seed binary + schema-aligned TOMLs #162

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:00 +00:00

[ops] Long-term: GitOps + immutable infra for Hero OS multi-VM / multi-tenant deploys #164

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:01 +00:00

[nu-demo] service_embedder.nu missing ORT_LIB_LOCATION/LD_LIBRARY_PATH/EMBEDDER_MODELS env vars — embedderd panics with 'No embedder models found' after fresh install #166

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:02 +00:00

[nu-demo] service_install_all ends with no running services — registers action defs but doesn't call service.set, so hero_proc service start returns 'service not found' #167

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:03 +00:00

[nu-demo] hero_books PDF export needs Chromium — Ubuntu 24 ships chromium-browser as snap-wrapper which fails on TF Grid VMs #177

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:04 +00:00

[nu-demo] At-click-time libreoffice PDF preview for Office docs (companion to home#174) #178

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:05 +00:00

[ops] Docker on TF Grid VM needs btrfs storage driver — overlayfs fails on whiteout files #181

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:20 +00:00

[nu-demo] uv (Python script runner) not in hero_skills installer — python_exec tool fails silently in hero_agent #170

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:20 +00:00

[nu-demo] hero_voice's ort-sys 2.0.0-rc.12 requires ONNX Runtime 1.24+ but our canonical install is 1.23.2 (what hero_embedder uses) #173

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:21 +00:00

[nu-demo] Office PDF/Doc viewing blocked — ONLYOFFICE_JWT_SECRET unset + OnlyOffice Document Server not deployed #174

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:22:56 +00:00

[Phase 2] Codify demo-VM hotfixes into upstream code — clean runbook, no manual steps #185

mik-tf referenced this pull request from lhumina_code/hero_demo 2026-04-28 12:21:05 +00:00

[ops] Formalize the nu-shell OSIS seed step — canonical hero_zero_seed binary + schema-aligned TOMLs #30

mik-tf referenced this pull request from lhumina_code/hero_demo 2026-04-28 12:21:14 +00:00

[ops] Long-term: GitOps + immutable infra for Hero OS multi-VM / multi-tenant deploys #32

mik-tf referenced this pull request from lhumina_code/hero_demo 2026-04-28 12:21:28 +00:00

[Phase 2] Codify demo-VM hotfixes into upstream code — clean runbook, no manual steps #36

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_skills!126

No description provided.