lhumina_research/hero_demo
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 2 Packages Wiki Activity Actions

setup-binaries.sh does not pre-populate CODEROOT/BUILDDIR/FORGE_TOKEN-deployer-context hero_proc secrets that deployer + downstream services require #67

New issue
Open
opened 2026-05-25 16:17:48 +00:00 by mik-tf · 1 comment
mik-tf commented 2026-05-25 16:17:48 +00:00
Copy link

setup-binaries.sh installs the 35-component demo set and starts services, but does NOT pre-populate the hero_proc secrets that hero_tfgrid_deployer_server (and likely other services) require at startup.

Reproduced live at s158 admin VM bootstrap:

  1. hero_tfgrid_deployer_server panicked on startup with: web server exited unexpectedly: build AppState failed: ForgeClient::connect_with_secret(\"deployer\", \"FORGE_TOKEN\"): forge environment error: PATH_CODE not in hero_proc: hero_proc secret CODEROOT exists but its value is empty.
  2. Setting core/CODEROOT did NOT fix it — the deployer reads the BARE key CODEROOT (no context prefix), which is a separate slot from core/CODEROOT. Lesson #N: hero_proc supports both <key> and <context>/<key> slots and they are NOT the same.
  3. Needed: hero_proc secret set CODEROOT /home/driver/hero/code (bare key in default context) + BUILDDIR /home/driver/hero/build + FORGE_TOKEN <token> --context deployer.

Fix candidates: (a) setup-binaries.sh pre-populates the canonical 9 secrets (CODEROOT, BUILDDIR, FORGEJO_TOKEN, FORGE_TOKEN, deployer/FORGE_TOKEN, TFGRID_NETWORK, TFGRID_NODE_IDS, TFGRID_MNEMONIC, HERO_PROXY_SEED_GATEWAY_LISTENER) at install time. (b) Document the required secret matrix prominently in DEPLOYMENT_NU_HERO_OS.md.

s158 also surfaced the bare-vs-prefixed slot ambiguity as a separate lesson worth adding to the herolib_base + hero_proc_secrets_and_meta skills.

setup-binaries.sh installs the 35-component demo set and starts services, but does NOT pre-populate the hero_proc secrets that `hero_tfgrid_deployer_server` (and likely other services) require at startup. Reproduced live at s158 admin VM bootstrap: 1. `hero_tfgrid_deployer_server` panicked on startup with: `web server exited unexpectedly: build AppState failed: ForgeClient::connect_with_secret(\"deployer\", \"FORGE_TOKEN\"): forge environment error: PATH_CODE not in hero_proc: hero_proc secret CODEROOT exists but its value is empty.` 2. Setting `core/CODEROOT` did NOT fix it — the deployer reads the BARE key `CODEROOT` (no context prefix), which is a separate slot from `core/CODEROOT`. Lesson #N: hero_proc supports both `<key>` and `<context>/<key>` slots and they are NOT the same. 3. Needed: `hero_proc secret set CODEROOT /home/driver/hero/code` (bare key in default context) + `BUILDDIR /home/driver/hero/build` + `FORGE_TOKEN <token> --context deployer`. Fix candidates: (a) setup-binaries.sh pre-populates the canonical 9 secrets (CODEROOT, BUILDDIR, FORGEJO_TOKEN, FORGE_TOKEN, deployer/FORGE_TOKEN, TFGRID_NETWORK, TFGRID_NODE_IDS, TFGRID_MNEMONIC, HERO_PROXY_SEED_GATEWAY_LISTENER) at install time. (b) Document the required secret matrix prominently in DEPLOYMENT_NU_HERO_OS.md. s158 also surfaced the bare-vs-prefixed slot ambiguity as a separate lesson worth adding to the herolib_base + hero_proc_secrets_and_meta skills.
mik-tf commented 2026-05-26 02:38:10 +00:00
Author
Copy link

Partial-progress note: hero_demo 8b8a27a adds one pre-population line to setup-binaries.sh for HERO_BOOKS_DEFAULT_REPOS, mirroring the existing EMBEDDER_MODEL_SIZE pattern just above it. This is the same shape #67 asks for, applied to a new variable.

The broader request in #67 (pre-populating CODEROOT, BUILDDIR, FORGE_TOKEN, etc.) stays open. The hero_books-only line shipped today is a useful template for the rest of the variables.

Partial-progress note: [hero_demo `8b8a27a`](https://forge.ourworld.tf/lhumina_code/hero_demo/commit/8b8a27a) adds one pre-population line to `setup-binaries.sh` for `HERO_BOOKS_DEFAULT_REPOS`, mirroring the existing `EMBEDDER_MODEL_SIZE` pattern just above it. This is the same shape #67 asks for, applied to a new variable. The broader request in #67 (pre-populating `CODEROOT`, `BUILDDIR`, `FORGE_TOKEN`, etc.) stays open. The hero_books-only line shipped today is a useful template for the rest of the variables.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
development
v0.9.3-dev
v0.9.0-dev
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_research/hero_demo#67
No description provided.