feat(container): add agent profile abstraction for Hermes support#36
Merged
nnemirovsky merged 2 commits intomainfrom May 7, 2026
Merged
feat(container): add agent profile abstraction for Hermes support#36nnemirovsky merged 2 commits intomainfrom
nnemirovsky merged 2 commits intomainfrom
Conversation
Introduce AgentProfile so container managers (Docker, Apple Container, tart) stay agent-agnostic. Each profile carries the env file path, secrets-reload command, and MCP wiring command for one agent runtime. OpenclawProfile preserves existing behavior (default). HermesProfile targets nousresearch/hermes-agent: writes phantom tokens to ~/.hermes/.env and patches mcp_servers in ~/.hermes/config.yaml via a small embedded python+pyyaml script. Hermes has no in-place reload; ReloadCmd is nil and ReloadSecrets logs a notice. Selectable via --agent (or SLUICE_AGENT_PROFILE).
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Introduces an AgentProfile abstraction so container managers can target multiple agents (default openclaw, plus new hermes) without hardcoded env/reload/MCP wiring behavior.
Changes:
- Add
AgentProfileregistry with OpenClaw + Hermes implementations (env path, reload, MCP wiring). - Thread the selected profile through Docker/Apple/tart managers and CLI via
--agent/SLUICE_AGENT_PROFILE. - Expand docs and add unit tests covering profile resolution, Hermes wiring, and Docker behavior per profile.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/container/types.go | Generalize env injection script to be profile-driven (env file path). |
| internal/container/tart.go | Add profile plumbing; make reload + MCP wiring profile-specific. |
| internal/container/docker.go | Add profile plumbing; make env/reload/wire behavior profile-specific. |
| internal/container/apple.go | Add profile plumbing; make env/reload/wire behavior profile-specific. |
| internal/container/agent_profile.go | Introduce AgentProfile, built-in OpenClaw/Hermes profiles, and Hermes YAML wiring script. |
| internal/container/agent_profile_test.go | Add tests for profile resolution and profile command/script expectations. |
| internal/container/docker_test.go | Add Docker manager tests validating Hermes-specific env path + MCP wiring behavior. |
| cmd/sluice/main.go | Add --agent flag, resolve profile early, and pass it into managers/VM setup. |
| README.md | Update positioning to “AI Agents” and document agent profiles table + Hermes caveats. |
| CLAUDE.md | Document --agent and the Agent Profiles abstraction + Hermes caveats. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…rmat - Sort known profiles in ProfileFromName error message for stable output. - Validate AgentProfile.EnvFileRelPath before interpolating into the shell snippet to block command injection via dynamic profiles. - Gate the exit-137 swallow in DockerManager.WireMCPGateway to the openclaw profile so a real OOM under hermes is not masked. - gofumpt -w across files unchanged on main; CI pinned to gofumpt@latest pulled in v0.10.0 with stricter rules.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sluice's container managers (Docker, Apple Container, tart) had
~/.openclaw/.env,secrets.reload, andwire-mcphardcoded. This PR introduces anAgentProfileso the same managers can target other agents.Two profiles ship in this PR:
openclaw(default) keeps existing behavior. Env file stays at~/.openclaw/.env. Reload and MCP wiring still go through the openclaw gateway WebSocket RPC.hermestargets nousresearch/hermes-agent. Env file is~/.hermes/.env. MCP wiring patchesmcp_servers.<name>.urlin~/.hermes/config.yamlvia a small embeddedpython3+pyyamlscript. Hermes has no documented in-place secret reload, soReloadCmdis nil andReloadSecretslogs a notice and returns without erroring.Selectable via
--agent <name>(orSLUICE_AGENT_PROFILE). Default isopenclaw, so existing setups need no changes.Adding a third profile is a single edit to
internal/container/agent_profile.go.Caveats for the Hermes profile
/reload-mcpslash command after wiring. The operator restarts Hermes once after sluice first writes the config, or runs/reload-mcpfrom the chat session.Test plan
go build ./...go test ./...(2431 passed across 13 packages)gofumpt -lcleango vet ./...cleangolangci-lint run ./internal/container/ ./cmd/sluice/cleanProfileFromName, the Hermes env script path, and the Docker manager under both profiles