lhumina_code/hero_demo
26
0
Fork 0
Code Issues 43 Pull requests Projects Releases 2 Packages Wiki Activity Actions

[nu-demo] STATE OF HERONU as of 2026-04-24 — what works, what's still broken, everything that needs upstream landing #28

New issue
Open
opened 2026-04-28 12:20:57 +00:00 by mik-tf · 0 comments
mik-tf commented 2026-04-28 12:20:57 +00:00
Owner
Copy link

Purpose

This is the consolidated checkpoint issue for the heronu nu-shell demo. Use this as the starting point for the next session — it captures the current working state, every gap still open (with severity), operator workarounds applied directly to the VM, and the path to full reproducibility once the per-component fixes merge upstream.

The demo is good enough to present as-is — the killer feature (AI Assistant grounded in docs_hero) works, all seeded islands render real data, media + office files display. What's left is a known catalog.

For the intelligence pipeline / AI architecture spec: see lhumina_code/home#159.
For the nu-demo architecture index: see lhumina_code/home#148.

What works end-to-end

Area Demo-ready state
AI Assistant — grounded mode Ask "Call search_hero_docs with query=Hero OS pipeline and top_k=3" → Claude Haiku 4.5 returns docs-cited answer referencing (hero_os_guide, overview/quickstart/ai_pipeline)
Semantic tool routing HERO_AGENT_ROUTING_MODE=hybrid, SEMANTIC_TOP_K=10, SEMANTIC_THRESHOLD=0.25 applied. Embedder indexes the 58 built-in tools + any MCP tools, selects top-K per query — bypasses the 128-tool LLM cap.
hero_aibroker routing Claude preferred (Haiku 4.5 → 3.5-sonnet → GPT-4o-mini fallback chain). Env wired: AIBROKER_API_ENDPOINT=http://10.1.2.2:9988/hero_aibroker/rest/v1.
Hero Books library discovery 4 libraries cloned into /home/driver/code/docs_*: hero (1 book, 163 embedder docs), geomind (12 books, 1733+ docs), mycelium (21 books, Q&A extraction ongoing), ourworld (6 books).
Embedder admin UI TriviaQA benchmark corpus loaded (92,252 Q&A pairs, 3.52 MB), namespaces visible, Q1 Fast BGE-small model, reranker available.
MCP wiring /home/driver/hero/var/agent/mcp.json trimmed to hero_books only (until tool-name sanitizer — home#153 — lands). POST /mcp/hero_books returns protocolVersion: 2025-03-26.
Office .docx 47 files across 5 contexts (default/geomind/incubaid/root/threefold). Hero OS Guide in default/incubaid/root; 22 geomind collection docx in geomind+threefold.
Office .pdf 45 PDFs via pandoc+typst (typst 0.14.2 installed on /data/home/driver/bin/typst, DejaVu fonts). Sizes 38 KB–710 KB. Served from hero_foundry webdav.
Photos/Videos/Songs All 5 contexts. 30 original seed records had leading-slash storage_path bug (fixed by rewrite — lhumina_code/home#156). Default context also seeded with 9 photo + 3 video + 3 song records.
Calendar 8-9 events per context (geomind, incubaid, threefold, root).
Business (hero_osis business domain) Per context: 6 Persons, 6 Companies, 4 Contacts, 4 Opportunities, 3 Deals, 3 Instruments, 3 Contracts, 3 Transactions.
Projects / Kanban (hero_osis projects domain) geomind 5, incubaid 3, threefold 2, root 2 projects (milestones partially failed — see below).
WASM shell 211 MB debug → 1.8 MB brotli first paint (home#140 — fix merged in development_mik_nu_demo on VM).
docs_hero on origin/development Commit 83fb985 pushed — refreshed architecture.md, services.md, overview.md, quickstart.md + new ai_pipeline.md canonical page.

🟥 Blockers / high-severity gaps

1. Services island is architectural dead wood — NOT just a WASM feature gap

Current behavior: dock click → Failed to load island WASM 'services': Island not found: services (HTTP 404).

Root cause (architectural): In the hero_zero Docker era, the Services island proxied hero_proxy's service discovery. In the nu-shell / hero_router era, hero_router owns service discovery natively via its admin UI at ui.sock (see https://forge.ourworld.tf/lhumina_code/hero_router/src/branch/development/CLAUDE.md). The "Services" dock entry is a stale artifact that references a code path that no longer makes sense.

Proper fix:

  • Remove "services" from hero_os_app/src/registry.rs::build_islands() (around line 351) and from any WASM_FEATURES list.
  • Optionally add a new dock entry pointing at hero_router's admin UI (/hero_router/ui/) if the UX goal is "operator sees running services."
  • Rebuild hero_os_app WASM (~25 min).

Demo workaround: broken icon stays in the dock; users hit 404 only if they explicitly click it.

2. hero_biz service is incomplete — only ui.sock, no rpc.sock

Current behavior: clicking "Biz" → blank page.

Root cause: hero_proc service list shows hero_biz as running with only a _server + _ui action, but hero_biz_server exposes no rpc.sock — just ui.sock. The Biz island loads, JS tries to fetch RPC, gets nothing.

Note: Biz island is separate from the "Business" island which maps to hero_osis business domain (that one works and has seeded data).

Fix: either flesh out hero_biz service to expose rpc endpoints, OR remove the Biz dock entry (same registry.rs rebuild).

3. Books UI "All Books" tab errors — Dioxus double-slash URL bug

Current behavior: Error: JSON parse error: EOF while parsing a value at line 1 column 0.

Root cause: hero_archipelagos/archipelagos/embed/books/src/island.rs:28 introduced in commit b7202b7 (fix(embed): use hero_router URL pattern for iframe islands):

// Before b7202b7 (worked)
let base_url = format!("{}/hero_books", props.context.api_host);  // no trailing slash
// After b7202b7 (broken)
let base_url = format!("{}/hero_books/ui/", props.context.api_host);  // trailing slash

Then in services/mod.rs:42: format!("{}/rpc", base_url)/hero_books/ui//rpc → 404.

Verified on heronu:

  • curl -X POST 'http://10.1.2.2:9988/hero_books/ui/rpc' ...200 OK (single slash works)
  • curl -X POST 'http://10.1.2.2:9988/hero_books/ui//rpc' ...404 (double slash 404s)

Proper fix (in hero_archipelagos): strip trailing slash from base_url OR trim_end_matches('/') in rpc_call before appending /rpc.

Attempted demo fix (on heronu): added collapse_slashes_middleware to hero_books_ui/src/main.rs before .layer(cors). Binary rebuilt (~22 min), installed, process restarted — middleware is in source but does not fire at runtime. Likely axum-0.8 behavior or LTO eliminated path. Not yet root-caused.

Full write-up: lhumina_code/home#157.

4. Office PDF island reads from hero_office, not hero_foundry webdav

Current behavior: PDF island shows No PDF files in geomind even though I seeded 21 .pdf into ~/hero/var/hero_foundry/webdav/geomind/Documents/.

Root cause: hero_office_ui/src/handlers.rs::type_browser calls hero_office_server::list_documents(type_filter="pdf") — i.e. hero_office_server has its own file store and its own list/upload API, disjoint from hero_foundry's webdav. The /hero_office/ui/pdf/ iframe therefore doesn't see files that live under hero_foundry.

For hero_office to show the PDFs, they need to be uploaded via hero_office_server's REST/RPC (not by dropping into webdav). Equivalent path needed for Docs, Sheets, Slides.

Fix options:

  1. Teach hero_office_server to list from hero_foundry webdav (unified file store).
  2. Add a one-shot seed step that bulk-imports from webdav into hero_office's store.
  3. Refactor Office islands to read directly from webdav via hero_foundry RPC.

5. Chat persistence broken — hero_osis_ai domain not registered

Current behavior: every tool-call turn logs WARN hero_agent::osis_store: Failed to create audit entry error=Network error: HTTP error: 404 Not Found.

Root cause: hero_agent/src/osis_store.rs uses hero_osis_sdk's AiClient to persist conversation history + audit/usage entries. The client targets the hero_osis_ai domain, which is NOT registered in the nu-shell per-domain server list. See existing issue lhumina_code/home#130.

Result: AI Assistant works for single-turn queries but conversations aren't persisted — refresh the page and history is gone. Historically (hero_zero era) this was working via the monolithic hero_osis_server.

Fix: register hero_osis_ai in the per-domain list (whatever drives hero_osis_server action registration in nu-shell), run OSIS schema migration for the ai domain, set OSIS_URL in hero_agent env to point at that domain's rpc.sock.

6. Plain-chat grounding doesn't trigger — triage classifier routes Hero questions to Knowledge path

"What is Hero OS?" still returns a generic OS description because the triage classifier routes it to the Knowledge branch — no tools offered, no search_hero_docs call. See lhumina_code/home#152.

Workaround: explicit tool hint ("Call search_hero_docs with ...") forces the Tools path and grounding works.

7. Tools payload sanitization needed for wider MCP

mcp.json currently wires only hero_books. Widening it to all 7 MCP services would produce ~165 tools — exceeds OpenAI's 128-tool cap AND MCP names contain dots (collections.list, search.query) which violate Anthropic's function-name regex ^[a-zA-Z0-9_-]{1,128}$. See lhumina_code/home#153.

Semantic routing (home#159 §2) picks top-K tools — but the top-K can still include MCP tools with dots, which Anthropic rejects. Both fixes are needed: semantic routing (live) + name sanitization (pending).

🟨 Medium-severity gaps

8. Livekit iframe defaults to dark theme when hero_os is light

Source patched on VM (templates/base.html: data-bs-theme="dark""light") but hero_livekit_ui not yet rebuilt/installed. Also applies to hero_collab — see task #36 / home#147.

9. Books Q&A cache bypass

Libraries ship pre-extracted Q&A pairs in collections/<coll>/.ai/<page>.toml + pre-computed .vectors.bin embeddings, but hero_books' content_hash check mismatches → re-extracts via LLM → wastes 20-40 min per library. See lhumina_code/home#158.

10. Projects milestone seed partial failure

Projects seeded successfully (30 objects), milestones failed due to status enum mismatch (status = "active" in legacy TOMLs vs current enum {todo, in_progress, done} expects per-object schemas not all auto-mapped). Remaining story/milestone TOMLs have other schema drifts that need a full seed-data migration.

Fix: update hero_zero/dist/var/seed/*/projects/*.toml files to match current schema, OR teach hero_osis_seed binary to auto-migrate known enum values.

11. Per-library AI search — search_hero_docs tool hardwired to namespace="hero"

Can't ask the AI "what does geomind's nitrograph memo say?" — tool always searches the hero namespace. Add optional namespace / library param to the tool, propagate to hero_books.search.query. Approximate effort: 10 lines + rebuild.

12. tool_choice=required infinite loop

Pragmatic patch attempted and reverted — forcing tool_choice: "required" on every turn causes Claude to call a tool after it already has the answer → infinite loop. Proper implementation needs turn-1-only gating. See lhumina_code/home#150.

🟩 Low-severity / already-worked-around

13. VM rootfs is only 2 GB — blocked several installs

TF Grid ubuntu-24.04 flist ships with 2 GB rootfs; /data is 100 GB. Workarounds applied on heronu:

  • TMPDIR=/data/tmp for all cargo builds (rustc scratch)
  • CARGO_TARGET_DIR=/data/home/driver/cargo-target
  • apt cache/lists symlinked to /data/var/
  • typst installed on /data/home/driver/bin/
  • Chromium auto-install (for hero_books PDF generator) left disabled — weasyprint attempt broke apt

Proper fix: bump rootfs_size in hero_zero/deploy/single-vm/tf/main.tf to 8 GB; teach hero_skills installers to default to /data paths. (Issue draft was interrupted — can be filed on request.)

14. Hero_osis_seed binary reports phantom errors

The legacy hero_osis_seed binary (from hero_zero dist) prints error decoding response body for every write, but writes actually succeed. Symptom only — seed data did land (Business/Calendar/Media all populated). Minor cosmetic issue if future operators rely on the stderr output.

15. hero_embedder tokio blocking reqwest

Already patched on VM via tokio::task::block_in_place wraps in embedderd_client.rs. See lhumina_code/home#145.

16. hero_router X-Hero-Context clobbering

Already patched on VM. See lhumina_code/home#125.

17. hero_livekit axum Extension layer ordering

Already patched on VM. See lhumina_code/home#126.

Operator-state snapshot (what's live on heronu only)

These are changes that exist ONLY on the VM and the development_mik_nu_demo branches locally — not pushed to origin:

Repo Branch Applied
hero_agent development_mik_nu_demo (VM-local) prompt.rs MANDATORY directive, llm_client.rs tool_choice patch reverted, tool_router.rs always_include += search_hero_docs
hero_books development_mik_nu_demo (VM-local) collapse_slashes_middleware in main.rs (compiled, doesn't fire at runtime)
hero_livekit development_mik_nu_demo (VM-local) base.html data-bs-theme default flipped to light
hero_router development_mik_nu_demo (VM-local) X-Hero-Context header preservation patch
hero_embedder development_mik_nu_demo (VM-local) block_in_place around blocking reqwest
hero_os development_mik_nu_demo (VM-local) WASM release+brotli compression (home#140)
docs_hero development (REMOTE) ai_pipeline.md + refreshed hero_os_guide

hero_proc action state changes (runtime, not source):

  • hero_agent_server.env += AIBROKER_API_ENDPOINT, HERO_AGENT_AIBROKER_MODELS, OSIS_URL, OSIS_CONTEXT, HERO_AGENT_ROUTING_MODE=hybrid, semantic top_k/threshold
  • hero_books_server.env += FORGEJO_TOKEN, FORGE_TOKEN, GIT_TERMINAL_PROMPT=0, script arg serve

OSIS data writes (runtime):

  • 30 photo/song/video storage_path fields rewritten (leading slash stripped)
  • 30 project objects set across 4 contexts via custom Python uploader with status enum remap + OTOML O: prefix
  • Business/Calendar/Media seeded via legacy hero_osis_seed binary for 5 contexts

File-system artifacts:

  • /home/driver/code/docs_{hero,mycelium,geomind,owh} — 4 library clones totaling 808 MB
  • ~/hero/var/hero_foundry/webdav/<ctx>/Documents/*.docx (47), *.pdf (45)
  • ~/hero/var/agent/mcp.json with 1 MCP server (hero_books)
  • /data/home/driver/bin/typst
  • /data/home/driver/seed/ — copy of hero_zero seed data + binary

Reproducibility path

To recreate heronu-equivalent state from a fresh TF Grid VM:

  1. Upstream land all [nu-demo] fixes. The catalog is home#122–158. Most need simple PRs; several need design discussion.
  2. Fix root-cause bugs. Specifically: registry cleanup (services/biz), Dioxus Books island trailing slash (b7202b7 revert), triage routing (home#152), tool-name sanitization (home#153), hero_osis_ai domain registration (home#130), Q&A cache hash alignment (home#158).
  3. Add a hero_osis_seed re-roll. Port the legacy hero_zero/dist/var/seed/ TOMLs to match current schemas, or add a migrator. Include all contexts (default + geomind + incubaid + root + threefold).
  4. Bump rootfs default in hero_zero/deploy/single-vm/tf/main.tf so cargo + apt don't need /data tricks.
  5. Ship a canonical mcp.json once tool-name sanitization lands — can then safely wire all 7 MCP services.
  6. Add the ai_pipeline.md doc to the hero_books libraries.txt chain so the AI can always cite its own architecture (closed loop).

Once all that lands, a fresh hero_skills install-all && hero_proc start ... on a 8 GB rootfs VM should produce a clean equivalent of today's heronu state.

Related issues (chronological)

  • 122 hero_slides hardcoded /Volumes/T7
  • 123 hero_os_app missing web feature entries for island-room + others
  • 124 UX: every island needs a polished empty/error state
  • 125 hero_router X-Hero-Context clobbering (patched on VM)
  • 126 hero_livekit_ui axum Extension ordering (patched on VM)
  • 127 hero_slides path dep on hero_lib
  • 128 hero_skills installers.nu missing apt deps
  • 129 service_osis.nu doesn't pass HERO_CONTEXTS
  • 130 hero_osis_ai domain not registered (blocks chat persistence)
  • 131 hero_os Makefile ignored CARGO_TARGET_DIR
  • 132 service_codescalers socket naming
  • 133 service_livekit no redis preflight
  • 134 packages.nu commented-out services
  • 135 service_agent.nu missing
  • 136 hero_agent OPENROUTER_API_KEYS plural
  • 137 hero_aibroker Groq-only config
  • 138 hero_aibroker --reset clobbers
  • 139 hero_foundry seed_media path
  • 140 WASM 211 MB → 1.8 MB brotli (patched on VM)
  • 141 service_books.nu parse error
  • 142 hero_skills install.sh nushell install
  • 143 hero_osis SDK delete bool/String
  • 144 Office archipelago per-library PDFs (partial — 47 .docx + 45 .pdf seeded via pandoc+typst into hero_foundry webdav; Office island reads different store)
  • 145 hero_embedder blocking reqwest (patched on VM)
  • 146 Photos <img> double-slash (patched on VM via seed rewrite)
  • 147 hero_collab dark theme on light hero_os
  • 148 nu-demo architecture index
  • 149 prompt.rs MANDATORY directive + rebuild verification
  • 150 tool_choice=required support (requires turn-1 gating)
  • 151 (not filed by me)
  • 152 triage classifier routes Hero questions to Knowledge path
  • 153 tools payload sanitization (count + dots + duplicates)
  • 154 (not filed)
  • 155 (not filed)
  • 156 Photos seed storage_path leading slash (patched on VM via rewrite)
  • 157 Books island double-slash URL + server-side middleware demo fix
  • 158 hero_books re-runs LLM Q&A extraction despite .ai/ cache
  • 159 CANONICAL intelligence pipeline reference
  • 160 (THIS ISSUE) — consolidated demo state and remaining work

Signed-off-by: mik-tf

Previous comments from home#160

mik-tf — 2026-04-24T16:51:31Z

Session close-out 2026-04-24

Infrastructure

  • herodemo up and running at herodemo.gent01.grid.tf — 16 CPU / 32 GB / 200 GB / 16 GB rootfs / public IPv4 185.69.166.153 on freefarm node 2007, gateway on node 1.
  • heronu destroyed (make destroy ENV=heronu) — 5 resources cleanly removed, freeing the heronu name contract.

Snapshot

herodemo-backup-20260424-124021.tar.gz on workstation at ~/heronu-backups/:

  • Size: 2.2 GB on VM, scp'ing down now
  • SHA256: f8d040f858de14d3affad9bb9f6d4f15ca3adcb6e5d81cdc036f80fe5e3dd11b
  • Contents: hero/cfg, hero/bin (all compiled service binaries), hero/share, hero/var (excluding embedder model cache and logs), hero/code, actions.d.*, driver helper scripts
  • Old heronu backup (heronu-backup-20260424-033445.tar.gz, 2.5 GB) retained alongside as requested

Codebase

  • lhumina_code/hero_zero renamed to lhumina_code/hero_demo on Forge
  • hero_demo development branch updated with:
    • New README (nu-shell as primary path, docker retained as legacy reference)
    • docs/ops/DEPLOYMENT_NU_HERO_OS.md — full reproducibility runbook
    • deploy/single-vm/tf/variables.tf — added rootfs_size + gateway_node variables
    • deploy/single-vm/tf/main.tf — wired rootfs_size into VM, cross-node gateway network
    • Commit 5b0f0d5 on development

Demo-time gaps filed on lhumina_code/home

All 30 issues filed this session:

  • Install flow: home#162, home#164, home#166, home#167, home#168, home#169, home#170, home#172
  • Runtime / UI gaps: home#152, home#154–#158, home#171, home#175, home#176, home#177
  • Upstream tech: home#173 (ONNX version conflict), home#174 (OnlyOffice missing)
  • Infra: home#161, home#163, home#165
  • State of the art: home#148, home#159, home#160 (updated)

Next deploy

To reproduce a fresh demo VM, follow hero_demo/docs/ops/DEPLOYMENT_NU_HERO_OS.md. Snapshot restore is ~/heronu-backups/herodemo-backup-20260424-124021.tar.gz (scp up → tar xzf → hero_proc service start the stopped services).

Signed-off-by: mik-tf

mik-tf — 2026-04-24T22:01:41Z

Update 2026-04-24 (late afternoon session)

Three hotfixes pushed to herodemo and verified live. 24/25 services running (was 23/24 — hero_voice now active).

Fix 1 — AI Assistant MCP tool wiring (home#153)

  • hero_agent::mcp_client.rs patched on development_mik_nu_demo: tool-name sanitizer (.__), original_name field for round-trip MCP calls.
  • hero_agent_server rebuilt + redeployed.
  • Tool name regex no longer rejects per-domain OSIS tools.

Fix 2 — hero_voice (home#173)

  • Installed ONNX 1.24.4 to /usr/local/onnxruntime-1.24/ alongside 1.23.2 at /usr/local/onnxruntime/.
  • hero_voice action env set with ORT_LIB_LOCATION=/usr/local/onnxruntime-1.24/lib, ORT_PREFER_DYNAMIC_LINK=1, LD_LIBRARY_PATH=/usr/local/onnxruntime-1.24/lib.
  • hero_voice_server + hero_voice_ui built and running.
  • Per-process LD_LIBRARY_PATH lets embedder (1.23) and voice (1.24) coexist.

Fix 3 — Office viewing (home#174)

  • hero_office_ui::editor_page patched with browser-native PDF short-circuit:
    • .pdf → renders inline via <embed type="application/pdf">
    • .docx/.xlsx/.pptx → looks for companion .pdf with same stem; if found, renders that with a "PDF preview" badge
    • falls through to OnlyOffice for non-PDF files without companion (still broken until OnlyOffice deployed).
  • Office archipelago seeded: 5 Presentations (.pptx), 5 Spreadsheets (.xlsx), companion PDFs generated via Chrome headless.
  • Distributed to geomind / incubaid / threefold / default / root contexts.

Verified live

  • AI Assistant — hero_agent_ui healthy, sanitizer in compiled binary
  • hero_voice — both sockets up, UI returns 200
  • Office — all 5 sub-types (Documents / Spreadsheets / Presentations / PDF / Diagrams) backed by content where available, click-through renders PDF natively
  • hero_books PDF export — Chrome 147 in place
  • 24/25 services running

Prod-level fix paths

All three hotfixes have prod-level long-term fix paths documented in their respective issues:

  • home#153 — upstream sanitizer + tool-list whitelist + name-format spec
  • home#173 — unify ort crate version + bake ORT_PREFER_DYNAMIC_LINK into installer + ort↔onnx version detector
  • home#174 — ship OnlyOffice Docker container in hero_skills + auto-generate companion PDFs on upload via libreoffice/pandoc

Snapshot tarball at ~/heronu-backups/herodemo-backup-20260424-124021.tar.gz was taken BEFORE these three fixes — a fresh snapshot will be needed once all three changes settle.

Signed-off-by: mik-tf

mik-tf — 2026-04-25T03:13:33Z

Session close-out 2026-04-25

herodemo.gent01.grid.tf is in a demo-ready state. Auth-gated public URL with all archipelagos working except documented exceptions.

What works end-to-end

Island Status Notes
Auth gate nginx basic auth admin:admin123 (canonical hero_proxy in home#182)
AI Assistant hero_aibroker → Claude; MCP sanitizer in place (home#153)
hero_books (Knowledge) libraries auto-cloned, search works, pages render
OSIS (per-domain) 17 servers; admin UI aggregator gap (home#175)
Files / Photos / Videos / Songs hero_foundry webdav, browser-native rendering
Office Documents OnlyOffice editor, full editing, autosave
Office Spreadsheets OnlyOffice, formulas evaluate
Office Presentations OnlyOffice, slide thumbnails, transitions
Office PDF OnlyOffice (or browser-native via short-circuit)
Office Diagrams ⚠️ empty no .vsdx seed tooling on VM (home#183)
Voice (Kokoro/Whisper) parallel ONNX 1.24 install (home#173)
hero_voice MCP triage ⚠️ minor menu cutoff (home#155)
Native Business island Dioxus WASM via OSIS — 6 Persons / 6 Companies / 4 Contacts / etc.
HeroBiz iframe ⚠️ empty Hero0Config not refactored for OSIS split (home#180)
Collab ⚠️ dark theme follows own theme not hero_os (home#147)
Whiteboard / Slides iframes with theme propagation
Browser MCP works via /hero_browser/ui/

Engineering deliverables this session

Repo work:

  • lhumina_code/hero_zero renamed → hero_demo on Forge (per session 12 hand-off)
  • hero_demo/development: README rewrite (nu-shell primary), runbook (DEPLOYMENT_NU_HERO_OS.md), method doc (FIX_TRIAGE.md), TF variables (rootfs_size, gateway_node)
  • hero_office PR #3 (lhumina_code/hero_office#3): native PDF preview, OnlyOffice reverse proxy with WS pass-through + streaming, JWT permissions widened, X-Forwarded-Host for cross-prefix URL gen
  • hero_os/development (one direct merge — process miss flagged + memorialized): Biz iframe URL (home#179)

Issues filed this session: home#148 through home#183 — every gap captured.

Snapshot

~/heronu-backups/herodemo-backup-<TS>.tar.gz — restorable to a fresh TF Grid VM via runbook §5 (data restore from backup). Plus the original heronu-backup-20260424-033445.tar.gz retained per request.

Re-deploy from scratch

Full path documented in hero_demo/docs/ops/DEPLOYMENT_NU_HERO_OS.md:

  1. Terraform provision (deploy/single-vm/envs/<NAME>/)
  2. Bootstrap VM (apt deps, ONNX 1.23 + 1.24, Chrome, uv, libreoffice, nu-shell)
  3. hero_skills service_install_all
  4. Fix-up workarounds (action env patches per home#166-168)
  5. WASM rebuild + theme overlay
  6. Office seeding + libreoffice companion PDFs
  7. §10 Docker on TF Grid (btrfs)
  8. §11 OnlyOffice Document Server
  9. §12 Auth gate (nginx or hero_proxy)
  10. Verify + snapshot

Method

Established the "Fix Triage" 4-level routing convention for collaborative demo+devops work:

  • L1 Hotfix only + home issue
  • L2 Hotfix + PR (branch + review)
  • L3 Issue + squash to development (small, certain, with explicit OK)
  • L4 Issue only (capture, no implementation)

Demo VM hotfixes are L1 by default. Anything that lands upstream needs PR review (L2). Direct push to development is reserved for hero_demo only.

Devops pickup list (priority order)

  1. home#180 — hero_biz_ui refactor for OSIS per-domain split. Without this, HeroBiz iframe shows zeros despite OSIS having data.
  2. PR #3 on hero_office — review and merge so OnlyOffice integration lands upstream.
  3. home#175 — OSIS admin UI needs /api/services aggregator (or per-domain split admin UIs). Same class of bug as home#180.
  4. home#153 — hero_agent MCP sanitizer landed on demo branch; needs upstream.
  5. home#173 — unify ort crate version across hero_voice + hero_embedder.
  6. home#181 — runbook now references the existing setup.sh Docker-on-TF-Grid recipe; could fold into hero_skills installer.

Closing this issue. herodemo demo state is captured; the runbook + FIX_TRIAGE.md + per-gap home issues form the complete documentation.

Signed-off-by: mik-tf

Originally filed as home#160 on 2026-04-24 by mik-tf — moved to hero_demo as part of consolidating issue tracking.

## Purpose This is the consolidated checkpoint issue for the heronu nu-shell demo. Use this as the starting point for the next session — it captures the current working state, every gap still open (with severity), operator workarounds applied directly to the VM, and the path to full reproducibility once the per-component fixes merge upstream. The demo is **good enough to present** as-is — the killer feature (AI Assistant grounded in docs_hero) works, all seeded islands render real data, media + office files display. What's left is a known catalog. For the intelligence pipeline / AI architecture spec: see https://forge.ourworld.tf/lhumina_code/home/issues/159. For the nu-demo architecture index: see https://forge.ourworld.tf/lhumina_code/home/issues/148. --- ## ✅ What works end-to-end | Area | Demo-ready state | |---|---| | AI Assistant — grounded mode | Ask "Call search_hero_docs with query=Hero OS pipeline and top_k=3" → Claude Haiku 4.5 returns docs-cited answer referencing `(hero_os_guide, overview/quickstart/ai_pipeline)` | | Semantic tool routing | `HERO_AGENT_ROUTING_MODE=hybrid`, `SEMANTIC_TOP_K=10`, `SEMANTIC_THRESHOLD=0.25` applied. Embedder indexes the 58 built-in tools + any MCP tools, selects top-K per query — bypasses the 128-tool LLM cap. | | hero_aibroker routing | Claude preferred (Haiku 4.5 → 3.5-sonnet → GPT-4o-mini fallback chain). Env wired: `AIBROKER_API_ENDPOINT=http://10.1.2.2:9988/hero_aibroker/rest/v1`. | | Hero Books library discovery | 4 libraries cloned into `/home/driver/code/docs_*`: hero (1 book, 163 embedder docs), geomind (12 books, 1733+ docs), mycelium (21 books, Q&A extraction ongoing), ourworld (6 books). | | Embedder admin UI | TriviaQA benchmark corpus loaded (92,252 Q&A pairs, 3.52 MB), namespaces visible, Q1 Fast BGE-small model, reranker available. | | MCP wiring | `/home/driver/hero/var/agent/mcp.json` trimmed to hero_books only (until tool-name sanitizer — home#153 — lands). `POST /mcp/hero_books` returns `protocolVersion: 2025-03-26`. | | Office .docx | 47 files across 5 contexts (default/geomind/incubaid/root/threefold). Hero OS Guide in default/incubaid/root; 22 geomind collection docx in geomind+threefold. | | Office .pdf | 45 PDFs via pandoc+typst (typst 0.14.2 installed on `/data/home/driver/bin/typst`, DejaVu fonts). Sizes 38 KB–710 KB. Served from hero_foundry webdav. | | Photos/Videos/Songs | All 5 contexts. 30 original seed records had leading-slash `storage_path` bug (fixed by rewrite — https://forge.ourworld.tf/lhumina_code/home/issues/156). Default context also seeded with 9 photo + 3 video + 3 song records. | | Calendar | 8-9 events per context (geomind, incubaid, threefold, root). | | Business (hero_osis business domain) | Per context: 6 Persons, 6 Companies, 4 Contacts, 4 Opportunities, 3 Deals, 3 Instruments, 3 Contracts, 3 Transactions. | | Projects / Kanban (hero_osis projects domain) | geomind 5, incubaid 3, threefold 2, root 2 projects (milestones partially failed — see below). | | WASM shell | 211 MB debug → **1.8 MB brotli first paint** (home#140 — fix merged in `development_mik_nu_demo` on VM). | | docs_hero on origin/development | Commit `83fb985` pushed — refreshed architecture.md, services.md, overview.md, quickstart.md + new `ai_pipeline.md` canonical page. | ## 🟥 Blockers / high-severity gaps ### 1. Services island is architectural dead wood — NOT just a WASM feature gap Current behavior: dock click → `Failed to load island WASM 'services': Island not found: services (HTTP 404)`. Root cause (architectural): In the hero_zero Docker era, the Services island proxied hero_proxy's service discovery. In the nu-shell / hero_router era, **hero_router owns service discovery natively** via its admin UI at `ui.sock` (see https://forge.ourworld.tf/lhumina_code/hero_router/src/branch/development/CLAUDE.md). The "Services" dock entry is a stale artifact that references a code path that no longer makes sense. Proper fix: - Remove `"services"` from `hero_os_app/src/registry.rs::build_islands()` (around line 351) and from any `WASM_FEATURES` list. - Optionally add a new dock entry pointing at hero_router's admin UI (`/hero_router/ui/`) if the UX goal is "operator sees running services." - Rebuild hero_os_app WASM (~25 min). Demo workaround: broken icon stays in the dock; users hit 404 only if they explicitly click it. ### 2. hero_biz service is incomplete — only ui.sock, no rpc.sock Current behavior: clicking "Biz" → blank page. Root cause: `hero_proc service list` shows `hero_biz` as running with only a `_server` + `_ui` action, but `hero_biz_server` exposes no rpc.sock — just ui.sock. The Biz island loads, JS tries to fetch RPC, gets nothing. Note: Biz island is **separate from** the "Business" island which maps to hero_osis business domain (that one works and has seeded data). Fix: either flesh out hero_biz service to expose rpc endpoints, OR remove the Biz dock entry (same registry.rs rebuild). ### 3. Books UI "All Books" tab errors — Dioxus double-slash URL bug Current behavior: `Error: JSON parse error: EOF while parsing a value at line 1 column 0`. Root cause: `hero_archipelagos/archipelagos/embed/books/src/island.rs:28` introduced in commit `b7202b7 (fix(embed): use hero_router URL pattern for iframe islands)`: ```rust // Before b7202b7 (worked) let base_url = format!("{}/hero_books", props.context.api_host); // no trailing slash // After b7202b7 (broken) let base_url = format!("{}/hero_books/ui/", props.context.api_host); // trailing slash ``` Then in `services/mod.rs:42`: `format!("{}/rpc", base_url)` → `/hero_books/ui//rpc` → 404. Verified on heronu: - `curl -X POST 'http://10.1.2.2:9988/hero_books/ui/rpc' ...` → **200 OK** (single slash works) - `curl -X POST 'http://10.1.2.2:9988/hero_books/ui//rpc' ...` → **404** (double slash 404s) Proper fix (in `hero_archipelagos`): strip trailing slash from `base_url` OR `trim_end_matches('/')` in `rpc_call` before appending `/rpc`. Attempted demo fix (on heronu): added `collapse_slashes_middleware` to `hero_books_ui/src/main.rs` before `.layer(cors)`. Binary rebuilt (~22 min), installed, process restarted — middleware is in source but does not fire at runtime. Likely axum-0.8 behavior or LTO eliminated path. Not yet root-caused. Full write-up: https://forge.ourworld.tf/lhumina_code/home/issues/157. ### 4. Office PDF island reads from hero_office, not hero_foundry webdav Current behavior: PDF island shows `No PDF files in geomind` even though I seeded 21 .pdf into `~/hero/var/hero_foundry/webdav/geomind/Documents/`. Root cause: `hero_office_ui/src/handlers.rs::type_browser` calls `hero_office_server::list_documents(type_filter="pdf")` — i.e. hero_office_server has its own file store and its own list/upload API, disjoint from hero_foundry's webdav. The `/hero_office/ui/pdf/` iframe therefore doesn't see files that live under hero_foundry. For hero_office to show the PDFs, they need to be uploaded via `hero_office_server`'s REST/RPC (not by dropping into webdav). Equivalent path needed for Docs, Sheets, Slides. Fix options: 1. Teach hero_office_server to **list from hero_foundry webdav** (unified file store). 2. Add a one-shot seed step that bulk-imports from webdav into hero_office's store. 3. Refactor Office islands to read directly from webdav via hero_foundry RPC. ### 5. Chat persistence broken — hero_osis_ai domain not registered Current behavior: every tool-call turn logs `WARN hero_agent::osis_store: Failed to create audit entry error=Network error: HTTP error: 404 Not Found`. Root cause: `hero_agent/src/osis_store.rs` uses `hero_osis_sdk`'s `AiClient` to persist conversation history + audit/usage entries. The client targets the `hero_osis_ai` domain, which is NOT registered in the nu-shell per-domain server list. See existing issue https://forge.ourworld.tf/lhumina_code/home/issues/130. Result: AI Assistant works for single-turn queries but conversations aren't persisted — refresh the page and history is gone. Historically (hero_zero era) this was working via the monolithic hero_osis_server. Fix: register `hero_osis_ai` in the per-domain list (whatever drives hero_osis_server action registration in nu-shell), run OSIS schema migration for the `ai` domain, set `OSIS_URL` in hero_agent env to point at that domain's `rpc.sock`. ### 6. Plain-chat grounding doesn't trigger — triage classifier routes Hero questions to Knowledge path "What is Hero OS?" still returns a generic OS description because the triage classifier routes it to the `Knowledge` branch — no tools offered, no `search_hero_docs` call. See https://forge.ourworld.tf/lhumina_code/home/issues/152. Workaround: explicit tool hint ("Call search_hero_docs with ...") forces the Tools path and grounding works. ### 7. Tools payload sanitization needed for wider MCP `mcp.json` currently wires only hero_books. Widening it to all 7 MCP services would produce ~165 tools — exceeds OpenAI's 128-tool cap AND MCP names contain dots (`collections.list`, `search.query`) which violate Anthropic's function-name regex `^[a-zA-Z0-9_-]{1,128}$`. See https://forge.ourworld.tf/lhumina_code/home/issues/153. Semantic routing (home#159 §2) picks top-K tools — but the top-K can still include MCP tools with dots, which Anthropic rejects. Both fixes are needed: semantic routing (live) + name sanitization (pending). ## 🟨 Medium-severity gaps ### 8. Livekit iframe defaults to dark theme when hero_os is light Source patched on VM (`templates/base.html`: `data-bs-theme="dark"` → `"light"`) but hero_livekit_ui not yet rebuilt/installed. Also applies to hero_collab — see task #36 / home#147. ### 9. Books Q&A cache bypass Libraries ship pre-extracted Q&A pairs in `collections/<coll>/.ai/<page>.toml` + pre-computed `.vectors.bin` embeddings, but hero_books' `content_hash` check mismatches → re-extracts via LLM → wastes 20-40 min per library. See https://forge.ourworld.tf/lhumina_code/home/issues/158. ### 10. Projects milestone seed partial failure Projects seeded successfully (30 objects), milestones failed due to status enum mismatch (`status = "active"` in legacy TOMLs vs current enum `{todo, in_progress, done}` expects per-object schemas not all auto-mapped). Remaining story/milestone TOMLs have other schema drifts that need a full seed-data migration. Fix: update `hero_zero/dist/var/seed/*/projects/*.toml` files to match current schema, OR teach `hero_osis_seed` binary to auto-migrate known enum values. ### 11. Per-library AI search — `search_hero_docs` tool hardwired to `namespace="hero"` Can't ask the AI "what does geomind's nitrograph memo say?" — tool always searches the `hero` namespace. Add optional `namespace` / `library` param to the tool, propagate to `hero_books.search.query`. Approximate effort: 10 lines + rebuild. ### 12. `tool_choice=required` infinite loop Pragmatic patch attempted and reverted — forcing `tool_choice: "required"` on every turn causes Claude to call a tool after it already has the answer → infinite loop. Proper implementation needs turn-1-only gating. See https://forge.ourworld.tf/lhumina_code/home/issues/150. ## 🟩 Low-severity / already-worked-around ### 13. VM rootfs is only 2 GB — blocked several installs TF Grid ubuntu-24.04 flist ships with 2 GB rootfs; `/data` is 100 GB. Workarounds applied on heronu: - `TMPDIR=/data/tmp` for all cargo builds (rustc scratch) - `CARGO_TARGET_DIR=/data/home/driver/cargo-target` - `apt cache/lists` symlinked to `/data/var/` - typst installed on `/data/home/driver/bin/` - Chromium auto-install (for hero_books PDF generator) left disabled — weasyprint attempt broke apt Proper fix: bump `rootfs_size` in `hero_zero/deploy/single-vm/tf/main.tf` to 8 GB; teach hero_skills installers to default to `/data` paths. (Issue draft was interrupted — can be filed on request.) ### 14. Hero_osis_seed binary reports phantom errors The legacy `hero_osis_seed` binary (from hero_zero dist) prints `error decoding response body` for every write, but writes actually succeed. Symptom only — seed data did land (Business/Calendar/Media all populated). Minor cosmetic issue if future operators rely on the stderr output. ### 15. hero_embedder tokio blocking reqwest Already patched on VM via `tokio::task::block_in_place` wraps in `embedderd_client.rs`. See https://forge.ourworld.tf/lhumina_code/home/issues/145. ### 16. hero_router X-Hero-Context clobbering Already patched on VM. See https://forge.ourworld.tf/lhumina_code/home/issues/125. ### 17. hero_livekit axum Extension layer ordering Already patched on VM. See https://forge.ourworld.tf/lhumina_code/home/issues/126. ## Operator-state snapshot (what's live on heronu *only*) These are changes that exist ONLY on the VM and the `development_mik_nu_demo` branches locally — **not pushed** to origin: | Repo | Branch | Applied | |---|---|---| | hero_agent | `development_mik_nu_demo` (VM-local) | prompt.rs MANDATORY directive, llm_client.rs tool_choice patch reverted, tool_router.rs `always_include` += `search_hero_docs` | | hero_books | `development_mik_nu_demo` (VM-local) | `collapse_slashes_middleware` in main.rs (compiled, doesn't fire at runtime) | | hero_livekit | `development_mik_nu_demo` (VM-local) | base.html `data-bs-theme` default flipped to `light` | | hero_router | `development_mik_nu_demo` (VM-local) | X-Hero-Context header preservation patch | | hero_embedder | `development_mik_nu_demo` (VM-local) | `block_in_place` around blocking reqwest | | hero_os | `development_mik_nu_demo` (VM-local) | WASM release+brotli compression (home#140) | | docs_hero | **`development` (REMOTE)** | ai_pipeline.md + refreshed hero_os_guide | hero_proc action state changes (runtime, not source): - `hero_agent_server.env` += `AIBROKER_API_ENDPOINT`, `HERO_AGENT_AIBROKER_MODELS`, `OSIS_URL`, `OSIS_CONTEXT`, `HERO_AGENT_ROUTING_MODE=hybrid`, semantic top_k/threshold - `hero_books_server.env` += `FORGEJO_TOKEN`, `FORGE_TOKEN`, `GIT_TERMINAL_PROMPT=0`, script arg `serve` OSIS data writes (runtime): - 30 photo/song/video `storage_path` fields rewritten (leading slash stripped) - 30 project objects set across 4 contexts via custom Python uploader with status enum remap + OTOML `O:` prefix - Business/Calendar/Media seeded via legacy `hero_osis_seed` binary for 5 contexts File-system artifacts: - `/home/driver/code/docs_{hero,mycelium,geomind,owh}` — 4 library clones totaling 808 MB - `~/hero/var/hero_foundry/webdav/<ctx>/Documents/*.docx` (47), `*.pdf` (45) - `~/hero/var/agent/mcp.json` with 1 MCP server (hero_books) - `/data/home/driver/bin/typst` - `/data/home/driver/seed/` — copy of hero_zero seed data + binary ## Reproducibility path To recreate heronu-equivalent state from a fresh TF Grid VM: 1. **Upstream land all [nu-demo] fixes.** The catalog is home#122–158. Most need simple PRs; several need design discussion. 2. **Fix root-cause bugs.** Specifically: registry cleanup (services/biz), Dioxus Books island trailing slash (b7202b7 revert), triage routing (home#152), tool-name sanitization (home#153), hero_osis_ai domain registration (home#130), Q&A cache hash alignment (home#158). 3. **Add a `hero_osis_seed` re-roll.** Port the legacy `hero_zero/dist/var/seed/` TOMLs to match current schemas, or add a migrator. Include all contexts (default + geomind + incubaid + root + threefold). 4. **Bump rootfs default** in `hero_zero/deploy/single-vm/tf/main.tf` so cargo + apt don't need `/data` tricks. 5. **Ship a canonical `mcp.json`** once tool-name sanitization lands — can then safely wire all 7 MCP services. 6. **Add the `ai_pipeline.md` doc to the hero_books `libraries.txt` chain** so the AI can always cite its own architecture (closed loop). Once all that lands, a fresh `hero_skills install-all && hero_proc start ...` on a 8 GB rootfs VM should produce a clean equivalent of today's heronu state. ## Related issues (chronological) - 122 hero_slides hardcoded `/Volumes/T7` - 123 hero_os_app missing `web` feature entries for island-room + others - 124 UX: every island needs a polished empty/error state - 125 hero_router X-Hero-Context clobbering **(patched on VM)** - 126 hero_livekit_ui axum Extension ordering **(patched on VM)** - 127 hero_slides path dep on hero_lib - 128 hero_skills installers.nu missing apt deps - 129 service_osis.nu doesn't pass HERO_CONTEXTS - 130 **hero_osis_ai domain not registered (blocks chat persistence)** - 131 hero_os Makefile ignored CARGO_TARGET_DIR - 132 service_codescalers socket naming - 133 service_livekit no redis preflight - 134 packages.nu commented-out services - 135 service_agent.nu missing - 136 hero_agent OPENROUTER_API_KEYS plural - 137 hero_aibroker Groq-only config - 138 hero_aibroker --reset clobbers - 139 hero_foundry seed_media path - 140 WASM 211 MB → 1.8 MB brotli **(patched on VM)** - 141 service_books.nu parse error - 142 hero_skills install.sh nushell install - 143 hero_osis SDK delete bool/String - 144 Office archipelago per-library PDFs **(partial — 47 .docx + 45 .pdf seeded via pandoc+typst into hero_foundry webdav; Office island reads different store)** - 145 hero_embedder blocking reqwest **(patched on VM)** - 146 Photos `<img>` double-slash **(patched on VM via seed rewrite)** - 147 hero_collab dark theme on light hero_os - 148 nu-demo architecture index - 149 prompt.rs MANDATORY directive + rebuild verification - 150 tool_choice=required support (requires turn-1 gating) - 151 (not filed by me) - 152 **triage classifier routes Hero questions to Knowledge path** - 153 **tools payload sanitization (count + dots + duplicates)** - 154 (not filed) - 155 (not filed) - 156 Photos seed storage_path leading slash **(patched on VM via rewrite)** - 157 Books island double-slash URL + server-side middleware demo fix - 158 hero_books re-runs LLM Q&A extraction despite `.ai/` cache - 159 CANONICAL intelligence pipeline reference - **160 (THIS ISSUE) — consolidated demo state and remaining work** Signed-off-by: mik-tf --- ### Previous comments from home#160 #### mik-tf — 2026-04-24T16:51:31Z ## Session close-out 2026-04-24 ### Infrastructure - **herodemo** up and running at `herodemo.gent01.grid.tf` — 16 CPU / 32 GB / 200 GB / 16 GB rootfs / public IPv4 185.69.166.153 on freefarm node 2007, gateway on node 1. - **heronu** destroyed (`make destroy ENV=heronu`) — 5 resources cleanly removed, freeing the heronu name contract. ### Snapshot `herodemo-backup-20260424-124021.tar.gz` on workstation at `~/heronu-backups/`: - Size: 2.2 GB on VM, scp'ing down now - SHA256: `f8d040f858de14d3affad9bb9f6d4f15ca3adcb6e5d81cdc036f80fe5e3dd11b` - Contents: `hero/cfg`, `hero/bin` (all compiled service binaries), `hero/share`, `hero/var` (excluding embedder model cache and logs), `hero/code`, `actions.d.*`, driver helper scripts - Old heronu backup (`heronu-backup-20260424-033445.tar.gz`, 2.5 GB) retained alongside as requested ### Codebase - `lhumina_code/hero_zero` renamed to `lhumina_code/hero_demo` on Forge - hero_demo `development` branch updated with: - New README (nu-shell as primary path, docker retained as legacy reference) - `docs/ops/DEPLOYMENT_NU_HERO_OS.md` — full reproducibility runbook - `deploy/single-vm/tf/variables.tf` — added `rootfs_size` + `gateway_node` variables - `deploy/single-vm/tf/main.tf` — wired rootfs_size into VM, cross-node gateway network - Commit `5b0f0d5` on `development` ### Demo-time gaps filed on `lhumina_code/home` All 30 issues filed this session: - **Install flow:** home#162, home#164, home#166, home#167, home#168, home#169, home#170, home#172 - **Runtime / UI gaps:** home#152, home#154–#158, home#171, home#175, home#176, home#177 - **Upstream tech:** home#173 (ONNX version conflict), home#174 (OnlyOffice missing) - **Infra:** home#161, home#163, home#165 - **State of the art:** home#148, home#159, home#160 (updated) ### Next deploy To reproduce a fresh demo VM, follow `hero_demo/docs/ops/DEPLOYMENT_NU_HERO_OS.md`. Snapshot restore is `~/heronu-backups/herodemo-backup-20260424-124021.tar.gz` (scp up → tar xzf → `hero_proc service start` the stopped services). Signed-off-by: mik-tf #### mik-tf — 2026-04-24T22:01:41Z ## Update 2026-04-24 (late afternoon session) Three hotfixes pushed to herodemo and verified live. **24/25 services running** (was 23/24 — hero_voice now active). ### Fix 1 — AI Assistant MCP tool wiring (home#153) - `hero_agent::mcp_client.rs` patched on `development_mik_nu_demo`: tool-name sanitizer (`.` → `__`), `original_name` field for round-trip MCP calls. - `hero_agent_server` rebuilt + redeployed. - Tool name regex no longer rejects per-domain OSIS tools. ### Fix 2 — hero_voice (home#173) - Installed ONNX 1.24.4 to `/usr/local/onnxruntime-1.24/` alongside 1.23.2 at `/usr/local/onnxruntime/`. - `hero_voice` action env set with `ORT_LIB_LOCATION=/usr/local/onnxruntime-1.24/lib`, `ORT_PREFER_DYNAMIC_LINK=1`, `LD_LIBRARY_PATH=/usr/local/onnxruntime-1.24/lib`. - `hero_voice_server` + `hero_voice_ui` built and running. - Per-process LD_LIBRARY_PATH lets embedder (1.23) and voice (1.24) coexist. ### Fix 3 — Office viewing (home#174) - `hero_office_ui::editor_page` patched with browser-native PDF short-circuit: - `.pdf` → renders inline via `<embed type="application/pdf">` - `.docx`/`.xlsx`/`.pptx` → looks for companion `.pdf` with same stem; if found, renders that with a "PDF preview" badge - falls through to OnlyOffice for non-PDF files without companion (still broken until OnlyOffice deployed). - Office archipelago seeded: 5 Presentations (.pptx), 5 Spreadsheets (.xlsx), companion PDFs generated via Chrome headless. - Distributed to geomind / incubaid / threefold / default / root contexts. ### Verified live - AI Assistant — `hero_agent_ui` healthy, sanitizer in compiled binary - hero_voice — both sockets up, UI returns 200 - Office — all 5 sub-types (Documents / Spreadsheets / Presentations / PDF / Diagrams) backed by content where available, click-through renders PDF natively - hero_books PDF export — Chrome 147 in place - 24/25 services running ### Prod-level fix paths All three hotfixes have prod-level long-term fix paths documented in their respective issues: - home#153 — upstream sanitizer + tool-list whitelist + name-format spec - home#173 — unify ort crate version + bake `ORT_PREFER_DYNAMIC_LINK` into installer + ort↔onnx version detector - home#174 — ship OnlyOffice Docker container in hero_skills + auto-generate companion PDFs on upload via libreoffice/pandoc Snapshot tarball at `~/heronu-backups/herodemo-backup-20260424-124021.tar.gz` was taken BEFORE these three fixes — a fresh snapshot will be needed once all three changes settle. Signed-off-by: mik-tf #### mik-tf — 2026-04-25T03:13:33Z ## ✅ Session close-out 2026-04-25 herodemo.gent01.grid.tf is in a **demo-ready state**. Auth-gated public URL with all archipelagos working except documented exceptions. ### What works end-to-end | Island | Status | Notes | |---|---|---| | Auth gate | ✅ | nginx basic auth `admin:admin123` (canonical hero_proxy in [home#182](https://forge.ourworld.tf/lhumina_code/home/issues/182)) | | AI Assistant | ✅ | hero_aibroker → Claude; MCP sanitizer in place ([home#153](https://forge.ourworld.tf/lhumina_code/home/issues/153)) | | hero_books (Knowledge) | ✅ | libraries auto-cloned, search works, pages render | | OSIS (per-domain) | ✅ | 17 servers; admin UI aggregator gap ([home#175](https://forge.ourworld.tf/lhumina_code/home/issues/175)) | | Files / Photos / Videos / Songs | ✅ | hero_foundry webdav, browser-native rendering | | Office Documents | ✅ | OnlyOffice editor, full editing, autosave | | Office Spreadsheets | ✅ | OnlyOffice, formulas evaluate | | Office Presentations | ✅ | OnlyOffice, slide thumbnails, transitions | | Office PDF | ✅ | OnlyOffice (or browser-native via short-circuit) | | Office Diagrams | ⚠️ empty | no `.vsdx` seed tooling on VM ([home#183](https://forge.ourworld.tf/lhumina_code/home/issues/183)) | | Voice (Kokoro/Whisper) | ✅ | parallel ONNX 1.24 install ([home#173](https://forge.ourworld.tf/lhumina_code/home/issues/173)) | | hero_voice MCP triage | ⚠️ minor | menu cutoff ([home#155](https://forge.ourworld.tf/lhumina_code/home/issues/155)) | | Native Business island | ✅ | Dioxus WASM via OSIS — 6 Persons / 6 Companies / 4 Contacts / etc. | | HeroBiz iframe | ⚠️ empty | Hero0Config not refactored for OSIS split ([home#180](https://forge.ourworld.tf/lhumina_code/home/issues/180)) | | Collab | ⚠️ dark theme | follows own theme not hero_os ([home#147](https://forge.ourworld.tf/lhumina_code/home/issues/147)) | | Whiteboard / Slides | ✅ | iframes with theme propagation | | Browser MCP | ✅ | works via /hero_browser/ui/ | ### Engineering deliverables this session **Repo work:** - `lhumina_code/hero_zero` renamed → `hero_demo` on Forge (per session 12 hand-off) - `hero_demo/development`: README rewrite (nu-shell primary), runbook ([DEPLOYMENT_NU_HERO_OS.md](https://forge.ourworld.tf/lhumina_code/hero_demo/src/branch/development/docs/ops/DEPLOYMENT_NU_HERO_OS.md)), method doc ([FIX_TRIAGE.md](https://forge.ourworld.tf/lhumina_code/hero_demo/src/branch/development/docs/ops/FIX_TRIAGE.md)), TF variables (`rootfs_size`, `gateway_node`) - `hero_office` PR #3 (https://forge.ourworld.tf/lhumina_code/hero_office/pulls/3): native PDF preview, OnlyOffice reverse proxy with WS pass-through + streaming, JWT permissions widened, X-Forwarded-Host for cross-prefix URL gen - `hero_os/development` (one direct merge — process miss flagged + memorialized): Biz iframe URL ([home#179](https://forge.ourworld.tf/lhumina_code/home/issues/179)) **Issues filed this session:** home#148 through home#183 — every gap captured. ### Snapshot `~/heronu-backups/herodemo-backup-<TS>.tar.gz` — restorable to a fresh TF Grid VM via runbook §5 (data restore from backup). Plus the original `heronu-backup-20260424-033445.tar.gz` retained per request. ### Re-deploy from scratch Full path documented in `hero_demo/docs/ops/DEPLOYMENT_NU_HERO_OS.md`: 1. Terraform provision (`deploy/single-vm/envs/<NAME>/`) 2. Bootstrap VM (apt deps, ONNX 1.23 + 1.24, Chrome, uv, libreoffice, nu-shell) 3. hero_skills `service_install_all` 4. Fix-up workarounds (action env patches per home#166-168) 5. WASM rebuild + theme overlay 6. Office seeding + libreoffice companion PDFs 7. **§10 Docker on TF Grid (btrfs)** 8. **§11 OnlyOffice Document Server** 9. **§12 Auth gate (nginx or hero_proxy)** 10. Verify + snapshot ### Method Established the "[Fix Triage](https://forge.ourworld.tf/lhumina_code/hero_demo/src/branch/development/docs/ops/FIX_TRIAGE.md)" 4-level routing convention for collaborative demo+devops work: - **L1** Hotfix only + home issue - **L2** Hotfix + PR (branch + review) - **L3** Issue + squash to development (small, certain, with explicit OK) - **L4** Issue only (capture, no implementation) Demo VM hotfixes are L1 by default. Anything that lands upstream needs PR review (L2). Direct push to `development` is reserved for `hero_demo` only. ### Devops pickup list (priority order) 1. **[home#180](https://forge.ourworld.tf/lhumina_code/home/issues/180)** — hero_biz_ui refactor for OSIS per-domain split. Without this, HeroBiz iframe shows zeros despite OSIS having data. 2. **PR #3 on hero_office** — review and merge so OnlyOffice integration lands upstream. 3. **[home#175](https://forge.ourworld.tf/lhumina_code/home/issues/175)** — OSIS admin UI needs `/api/services` aggregator (or per-domain split admin UIs). Same class of bug as home#180. 4. **[home#153](https://forge.ourworld.tf/lhumina_code/home/issues/153)** — hero_agent MCP sanitizer landed on demo branch; needs upstream. 5. **[home#173](https://forge.ourworld.tf/lhumina_code/home/issues/173)** — unify ort crate version across hero_voice + hero_embedder. 6. **[home#181](https://forge.ourworld.tf/lhumina_code/home/issues/181)** — runbook now references the existing `setup.sh` Docker-on-TF-Grid recipe; could fold into hero_skills installer. Closing this issue. herodemo demo state is captured; the runbook + FIX_TRIAGE.md + per-gap home issues form the complete documentation. Signed-off-by: mik-tf --- *Originally filed as [home#160](https://forge.ourworld.tf/lhumina_code/home/issues/160) on 2026-04-24 by mik-tf — moved to hero_demo as part of consolidating issue tracking.*
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
development_mik2
v0.9.3-dev
v0.9.0-dev
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_demo#28
No description provided.