fix(hermes): set file permissions so sandbox user can read copied files

[ericksoa]

Summary

Fix Hermes Dockerfile build failure caused by missing file permissions on copied files.
The sandbox user could not read generate-config.ts or the plugin directory, causing
EACCES at build time. Also add CI coverage so Hermes Dockerfile regressions are caught
on every PR.

Related Issue

Fixes #2191

Changes

• Add chmod 444 on /opt/nemoclaw-generate-config.ts after COPY (fixes the reported EACCES)
• Add chmod -R a+rX on /opt/nemoclaw-hermes-plugin/ after COPY (same class of bug)
• Add build-hermes-sandbox-image job to sandbox-images-and-e2e.yaml — builds the
  Hermes image on every PR and verifies file permissions with test -r / test -x checks
• Add resolve-hermes-base-image composite action (mirrors resolve-sandbox-base-image)
• Add build-and-push-hermes job to base-image.yaml — publishes Hermes base image to
  GHCR when agents/hermes/Dockerfile.base changes on main

Type of Change

• Code change (feature, bug fix, or refactor)

Verification

• npx prek run --all-files passes
• No secrets, API keys, or credentials committed
• hadolint passes on modified Dockerfile

Signed-off-by: Aaron Erickson aerickson@nvidia.com

Summary by CodeRabbit

• New Features

  • Added an action to resolve the Hermes sandbox base image with a fallback when needed
  • Added a Hermes production image build and validation workflow that ensures runtime files and executables are accessible

• Chores

  • Split base image build to manage Hermes separately
  • Hardened file permissions for Hermes plugin components and made config generation output read-only

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a composite GitHub Action to resolve a Hermes sandbox base image (pull or build fallback), extends CI to build/push a Hermes base image, adds a job that builds a Hermes sandbox image using the resolved base and verifies sandbox user file access, and hardens Hermes Dockerfile file permissions.

Changes

Cohort / File(s)	Summary
Hermes Dockerfile Permission Hardening agents/hermes/Dockerfile	Adjusts file permissions for Hermes plugin files: makes plugin files world-readable/executable (preserving directory execute bits) and sets generate-config.ts to read-only (0444).
Base Image Resolution Action .github/actions/resolve-hermes-base-image/action.yaml	New composite action resolve-hermes-base-image that attempts to pull ghcr.io/nvidia/nemoclaw/hermes-sandbox-base:latest; on pull failure emits a workflow warning and builds a local fallback image (nemoclaw-hermes-base-local) from agents/hermes/Dockerfile.base, then writes HERMES_BASE_IMAGE to GITHUB_ENV.
Base Image Build Workflow .github/workflows/base-image.yaml	Adds build-and-push-hermes job triggered on changes to agents/hermes/Dockerfile.base; sets up QEMU/Buildx, logs into GHCR, and builds/pushes multi-arch ghcr.io/nvidia/nemoclaw/hermes-sandbox-base (tags: latest, short SHA).
Hermes Sandbox Image Build & Validation .github/workflows/sandbox-images-and-e2e.yaml	Adds build-hermes-sandbox-image job that builds a production Hermes sandbox image using HERMES_BASE_IMAGE and validates that the sandbox user can access expected config/plugins/blueprint files and execute Hermes binaries.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant Action as resolve-hermes-base-image
    participant GHCR as GHCR Registry
    participant Docker as Docker Build
    participant Env as GITHUB_ENV

    GH->>Action: invoke resolve-hermes-base-image
    Action->>GHCR: attempt pull ghcr.io/nvidia/nemoclaw/hermes-sandbox-base:latest
    alt pull succeeds
        GHCR-->>Action: pull success
        Action->>Env: write HERMES_BASE_IMAGE=ghcr.io/nvidia/nemoclaw/hermes-sandbox-base:latest
    else pull fails
        GHCR-->>Action: pull failed
        Action->>GH: emit workflow warning
        Action->>Docker: build image nemoclaw-hermes-base-local (agents/hermes/Dockerfile.base)
        Docker-->>Action: build complete
        Action->>Env: write HERMES_BASE_IMAGE=nemoclaw-hermes-base-local
    end
    Env-->>GH: HERMES_BASE_IMAGE available
    GH->>Docker: build hermes sandbox image using HERMES_BASE_IMAGE
    Docker->>Docker: verify sandbox user file access and Hermes binary executability
    Docker-->>GH: build & validation complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through layers, fixed bits with a cheer,
Pulled a base, or built one when absent here.
Sandbox can read, binaries can run,
A little rabbit dance—CI's job is done! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing file permissions on copied files so the sandbox user can read them.
Linked Issues check	✅ Passed	The PR successfully implements all objectives from issue #2191: fixes file permissions on copied Dockerfile files, adds verification job, and implements fallback base image resolution.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing #2191: Dockerfile permission fixes, CI jobs for verification, and base image resolution infrastructure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/2191-hermes-dockerfile-permissions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/base-image.yaml (1)

92-133: Decouple Hermes publishing from OpenClaw manual dispatch.

build-and-push-hermes currently runs on workflow_dispatch as well. Since dispatch input is OpenClaw-specific, this introduces unnecessary coupling and can fail manual OpenClaw rebuilds for Hermes-only reasons. Consider scoping Hermes publish to push-triggered runs.

Proposed minimal change

   build-and-push-hermes:
-    if: github.repository == 'NVIDIA/NemoClaw'
+    if: github.repository == 'NVIDIA/NemoClaw' && github.event_name == 'push'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/base-image.yaml around lines 92 - 133, The
build-and-push-hermes job is currently running for manual workflow_dispatch runs
and is coupled to OpenClaw inputs; update its run condition so it only triggers
on repository push events (and still restrict to the NVIDIA/NemoClaw repo).
Modify the job's if expression for build-and-push-hermes to require
github.event_name == 'push' (e.g., if: github.repository == 'NVIDIA/NemoClaw' &&
github.event_name == 'push') so Hermes publishing is skipped for
workflow_dispatch/manual OpenClaw dispatches while preserving the repo guard.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/base-image.yaml:
- Around line 92-133: The build-and-push-hermes job is currently running for
manual workflow_dispatch runs and is coupled to OpenClaw inputs; update its run
condition so it only triggers on repository push events (and still restrict to
the NVIDIA/NemoClaw repo). Modify the job's if expression for
build-and-push-hermes to require github.event_name == 'push' (e.g., if:
github.repository == 'NVIDIA/NemoClaw' && github.event_name == 'push') so Hermes
publishing is skipped for workflow_dispatch/manual OpenClaw dispatches while
preserving the repo guard.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3b946c66-fec9-4d39-b482-a16a0e1fc00a

📥 Commits

Reviewing files that changed from the base of the PR and between 0d0dff2 and 20b7f43.

📒 Files selected for processing (1)

• .github/workflows/base-image.yaml