Skip to content

fix(hermes): host-side chown for CRD child agent PVCs on Linux k3d#511

Open
HananINouman wants to merge 1 commit into
mainfrom
fix/crd-agent-hermes-pvc-chown
Open

fix(hermes): host-side chown for CRD child agent PVCs on Linux k3d#511
HananINouman wants to merge 1 commit into
mainfrom
fix/crd-agent-hermes-pvc-chown

Conversation

@HananINouman
Copy link
Copy Markdown
Contributor

@HananINouman HananINouman commented May 22, 2026

PR #481 only repaired hermes- volumes after hermes.Sync (master agent). Child agents live under agent- and are provisioned by the controller or agent-factory without that path, so hermes-data stayed 1000:1000 while Hermes runs as 10000:10000 and crash-looped on Permission denied under /data/.hermes.

Extend EnsureHermesDataPVCOwnership to agent-/hermes-data, call it from obol agent new and obol sell demo quant, and add obol agent repair-perms for factory-only creates that cannot docker-exec the k3d node from in-cluster.

Summary

What changed:

Why it matters:

Risk level:

Commit under test:

Base branch:

Scope

  • Code
  • Charts / manifests
  • Flows / QA scripts
  • Docs / skills
  • Images / dependencies
  • Other:

Validation

CI checks:

Check Status Link

Unit tests:

<!-- command, result, commit/SHA -->

Integration tests:

<!-- command, result, commit/SHA -->

Flow tests:

Flow Network QA machine label Worktree Result Artifacts

Release smoke:

<!-- command, flags, result -->

Live Chain Evidence

Do not include private keys, seed phrases, passwords, hostnames, personal paths, or raw bearer tokens.

Network:

RPC/provider:

Facilitator:

Contracts and tokens:

Name Address Version / notes

Wallet roles:

Role Address Source
Alice / seller / register
Bob / buyer / payer
Facilitator / receiver

Balances:

Token Address Before After Expected delta Actual delta

Transaction receipts:

Purpose Tx hash From To Amount / event Status
ERC-8004 registration
Metadata / service offer
Approval / permit
Purchase request
Settlement transfer

Runtime Evidence

QA environment:

Item Value
OS / arch
Backend
Tool versions
QA agent/model

Images:

Component Image Tag / digest Source

Kubernetes / stack:

Item Value
Stack IDs
Namespaces
Pod readiness
Cleanup result

Model and routing:

Item Value
Agent/model used
LiteLLM route
Paid endpoint status
Auth token source

Artifacts and logs:

Artifact Location / link Notes

Demo readiness:

Item Status Notes
Seller visible / registered
Buyer discovery works
Paid route works
Settlement visible on-chain

Review Notes

Known gaps:

Follow-ups:

Reviewer focus:

@HananINouman @cursoragent
fix(hermes): host-side chown for CRD child agent PVCs on Linux k3d
0905188 
PR #481 only repaired hermes-<id> volumes after hermes.Sync (master agent).
Child agents live under agent-<name> and are provisioned by the controller or
agent-factory without that path, so hermes-data stayed 1000:1000 while Hermes
runs as 10000:10000 and crash-looped on Permission denied under /data/.hermes.

Extend EnsureHermesDataPVCOwnership to agent-<name>/hermes-data, call it from
obol agent new and obol sell demo quant, and add obol agent repair-perms for
factory-only creates that cannot docker-exec the k3d node from in-cluster.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HananINouman