feat(skills): action env wiring + new service_agent module #127

Closed

mik-tf wants to merge 2 commits from development_mik_action_envs into development

pull from: development_mik_action_envs

merge into: lhumina_code:development

lhumina_code:development

lhumina_code:development_fix_livekit_config_consistency_153

lhumina_code:develop_hero_claude

lhumina_code:fix/client-root-scope-hint-151

lhumina_code:main

Conversation 2 Commits 2 Files changed 5 +212 -5

mik-tf commented 2026-04-25 16:43:06 +00:00

Owner

Copy link

Closes the §4.4 manual hero_proc action.set patches in DEPLOYMENT_NU_HERO_OS.md by having each service module forward env-overridable values into the action records when service_complete runs.

Changes

New tools/modules/services/service_agent.nu

Full lifecycle module (install/start/stop/status) for hero_agent. Until this landed, hero_agent had no nu-shell installer at all on development — only the docker-era TOML in hero_demo/services/hero_agent.toml.

Action env wires:

• AIBROKER_API_ENDPOINT — defaults to http+unix://$sock_base/hero_aibroker/rpc.sock so the LLM routes through hero_aibroker (Claude); operators can override to OpenRouter direct URL
• OSIS_URL, OSIS_CONTEXT — conversation/message persistence (defaults match the docker-era TOML)
• OPENROUTER_API_KEY / GROQ_API_KEY — forwarded from invoking shell
• HERO_AGENT_AIBROKER_MODELS — comma-separated model list (env-overridable)
• ENABLE_TELEGRAM / TELEGRAM_TOKEN — optional Telegram channel
• Standard HERO_AGENT_DATA_DIR / WORKSPACE_DIR / SKILLS_DIR / SOCKET paths derived from svc_home

Wired into mod.nu exports + service_install_all and service_complete in packages.nu.

service_biz.nu

HERO0_BASE_URL on hero_biz_ui is now env-overridable. Default http://127.0.0.1:6666/hero_osis/ui matches local-dev hero_router. Operators set HERO0_BASE_URL=http://10.1.2.2:9990/hero_osis/ui in env.sh on TF Grid VMs where hero_router moves to port 9990 to free 9988 for nginx basic auth (runbook §4.4 + §12.1).

service_router.nu

New env-driven defaults for --address and --ui-port flags:

• HERO_ROUTER_ADDRESS — TF Grid private IP (e.g. 10.1.2.2); falls back to mycelium auto-detect if unset
• HERO_ROUTER_UI_PORT — TCP port (e.g. 9990); falls back to --port (default 9988) if unset

This lets service_complete drive the TF Grid binding without per-call CLI args.

Validation

Every changed module loads under nu -c "use ...". Runtime validation requires a TF Grid VM (no opportunity to test locally without spinning up infra).

Tracker

home#185.

Signed-off-by: mik-tf

Closes the §4.4 manual `hero_proc action.set` patches in [DEPLOYMENT_NU_HERO_OS.md](https://forge.ourworld.tf/lhumina_code/hero_demo/src/branch/development/docs/ops/DEPLOYMENT_NU_HERO_OS.md) by having each service module forward env-overridable values into the action records when `service_complete` runs. ## Changes ### New `tools/modules/services/service_agent.nu` Full lifecycle module (install/start/stop/status) for hero_agent. Until this landed, hero_agent had **no nu-shell installer at all** on `development` — only the docker-era TOML in `hero_demo/services/hero_agent.toml`. Action env wires: - `AIBROKER_API_ENDPOINT` — defaults to `http+unix://$sock_base/hero_aibroker/rpc.sock` so the LLM routes through hero_aibroker (Claude); operators can override to OpenRouter direct URL - `OSIS_URL`, `OSIS_CONTEXT` — conversation/message persistence (defaults match the docker-era TOML) - `OPENROUTER_API_KEY` / `GROQ_API_KEY` — forwarded from invoking shell - `HERO_AGENT_AIBROKER_MODELS` — comma-separated model list (env-overridable) - `ENABLE_TELEGRAM` / `TELEGRAM_TOKEN` — optional Telegram channel - Standard `HERO_AGENT_DATA_DIR` / `WORKSPACE_DIR` / `SKILLS_DIR` / `SOCKET` paths derived from `svc_home` Wired into `mod.nu` exports + `service_install_all` and `service_complete` in `packages.nu`. ### `service_biz.nu` `HERO0_BASE_URL` on `hero_biz_ui` is now env-overridable. Default `http://127.0.0.1:6666/hero_osis/ui` matches local-dev hero_router. Operators set `HERO0_BASE_URL=http://10.1.2.2:9990/hero_osis/ui` in `env.sh` on TF Grid VMs where hero_router moves to port 9990 to free 9988 for nginx basic auth (runbook §4.4 + §12.1). ### `service_router.nu` New env-driven defaults for `--address` and `--ui-port` flags: - `HERO_ROUTER_ADDRESS` — TF Grid private IP (e.g. `10.1.2.2`); falls back to mycelium auto-detect if unset - `HERO_ROUTER_UI_PORT` — TCP port (e.g. `9990`); falls back to `--port` (default 9988) if unset This lets `service_complete` drive the TF Grid binding without per-call CLI args. ## Validation Every changed module loads under `nu -c "use ..."`. Runtime validation requires a TF Grid VM (no opportunity to test locally without spinning up infra). ## Tracker [home#185](https://forge.ourworld.tf/lhumina_code/home/issues/185). Signed-off-by: mik-tf

mik-tf added 1 commit 2026-04-25 16:43:06 +00:00

feat(skills): wire action env vars + new service_agent module ... 16a11d58d0

Closes the §4.4 manual `hero_proc action.set` patches in the runbook by
having each service module forward env-overridable values into the
action records when service_complete runs.

- New tools/modules/services/service_agent.nu — full lifecycle module
  (install/start/stop/status) for hero_agent.  Action env wires
  AIBROKER_API_ENDPOINT (defaults to http+unix path of hero_aibroker's
  rpc.sock — routes LLM through aibroker for Claude), OSIS_URL,
  OSIS_CONTEXT, OPENROUTER_API_KEY/GROQ_API_KEY (forwarded), Telegram
  channel knobs, and HERO_AGENT_AIBROKER_MODELS.  Wired into mod.nu +
  service_install_all/service_complete in packages.nu.  Until this
  module landed, hero_agent had NO nu-shell installer at all on
  development.

- service_biz.nu — HERO0_BASE_URL on hero_biz_ui is now env-overridable
  (default http://127.0.0.1:6666/hero_osis/ui for local dev; operators
  set HERO0_BASE_URL=http://10.1.2.2:9990/hero_osis/ui in env.sh on
  TF Grid VMs where hero_router moves to port 9990).

- service_router.nu — HERO_ROUTER_ADDRESS + HERO_ROUTER_UI_PORT env
  vars now feed into the start command's --address/--ui-port flag
  defaults.  Lets service_complete drive the TF Grid binding
  (10.1.2.2:9990) without per-call CLI args.

Validation: every changed module loads under `nu -c "use ..."`.
Runtime validation requires a TF Grid VM.

Tracker: lhumina_code/home#185

Signed-off-by: mik-tf

mik-tf referenced this pull request from a commit 2026-04-25 16:48:36 +00:00

feat(skills): basic_auth_setup helper for nginx + htpasswd demo gate

mik-tf referenced this pull request 2026-04-25 16:48:36 +00:00

feat(skills): basic_auth_setup helper for nginx + htpasswd demo gate #129

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 16:55:47 +00:00

[Phase 2] Codify demo-VM hotfixes into upstream code — clean runbook, no manual steps #185

mik-tf added 1 commit 2026-04-25 20:24:13 +00:00

fix(skills): correct AIBROKER_API_ENDPOINT scheme + derive HERO0_BASE_URL from router env ... a15781f6ed

Caught during prod-readiness audit before merge:

1. service_agent AIBROKER_API_ENDPOINT — was http+unix://...rpc.sock
   default. Wrong: hero_agent's LLM client (llm_client.rs) uses
   reqwest, which is TCP-HTTP only and does NOT speak Unix sockets.
   Fixed default to http://$HERO_ROUTER_ADDRESS:$HERO_ROUTER_UI_PORT/
   hero_aibroker/rest/v1 — matches what hero_demo's hero_agent.toml
   does (modulo stale port).

2. service_biz HERO0_BASE_URL + service_agent OSIS_URL — was hardcoded
   to :6666, which is NOT the hero_router default (9988). The legacy
   hero_demo TOMLs pinned :6666 but the hero_router server has
   defaulted to 9988 for some time, so those TOMLs are stale. Fixed
   both defaults to derive from HERO_ROUTER_ADDRESS + HERO_ROUTER_UI_PORT
   so the URL stays in sync with where the router actually binds.
   Direct env override (HERO0_BASE_URL / OSIS_URL / AIBROKER_API_ENDPOINT)
   still wins.

These are both correctness fixes — not just nicer defaults.  Without
fix 1 hero_agent silently falls through to OpenRouter direct (since
the broker URL is unreachable), defeating the point of the broker.
Without fix 2 hero_biz_ui's /hero0 surface returns 404 against an
unbound port.

Validation: nu -c "use tools/modules/services *" parses cleanly.

mik-tf commented 2026-04-25 20:24:24 +00:00

Author

Owner

Copy link

Pre-merge audit caught two correctness bugs in this PR — pushed a15781f:

1. AIBROKER_API_ENDPOINT scheme. Default was http+unix://...rpc.sock. hero_agent uses reqwest (TCP-HTTP only — see hero_agent/crates/hero_agent/src/llm_client.rs); it does NOT speak Unix sockets. With the wrong scheme, hero_agent silently falls through to OpenRouter direct, defeating the broker. Fixed default to http://$HERO_ROUTER_ADDRESS:$HERO_ROUTER_UI_PORT/hero_aibroker/rest/v1.

2. HERO0_BASE_URL + OSIS_URL stale port. Defaults were :6666 (copied from the legacy hero_demo TOML). hero_router has defaulted to :9988 for some time. Without the fix, hero_biz_ui’s /hero0 surface 404s against an unbound port. Fixed both to derive from HERO_ROUTER_ADDRESS + HERO_ROUTER_UI_PORT env, with direct override still winning.

Both are correctness fixes, not stylistic — without them the deploy would look-good-on-paper but actually be broken at runtime.

Pre-merge audit caught two correctness bugs in this PR — pushed `a15781f`: 1. **`AIBROKER_API_ENDPOINT` scheme.** Default was `http+unix://...rpc.sock`. hero_agent uses `reqwest` (TCP-HTTP only — see `hero_agent/crates/hero_agent/src/llm_client.rs`); it does NOT speak Unix sockets. With the wrong scheme, `hero_agent` silently falls through to OpenRouter direct, defeating the broker. Fixed default to `http://$HERO_ROUTER_ADDRESS:$HERO_ROUTER_UI_PORT/hero_aibroker/rest/v1`. 2. **`HERO0_BASE_URL` + `OSIS_URL` stale port.** Defaults were `:6666` (copied from the legacy `hero_demo` TOML). hero_router has defaulted to `:9988` for some time. Without the fix, `hero_biz_ui`’s `/hero0` surface 404s against an unbound port. Fixed both to derive from `HERO_ROUTER_ADDRESS` + `HERO_ROUTER_UI_PORT` env, with direct override still winning. Both are correctness fixes, not stylistic — without them the deploy would look-good-on-paper but actually be broken at runtime.

mik-tf referenced this pull request from a commit 2026-04-25 20:33:27 +00:00

feat(skills): wire action env vars + new service_agent module (#127)

mik-tf closed this pull request 2026-04-25 20:33:28 +00:00

mik-tf commented 2026-04-25 20:35:11 +00:00

Author

Owner

Copy link

Squash-merged to development as 60375f4. Branch deleted.

Squash-merged to `development` as [`60375f4`](https://forge.ourworld.tf/lhumina_code/hero_skills/commit/60375f4). Branch deleted.

mik-tf referenced this pull request from lhumina_code/home 2026-04-25 20:39:11 +00:00

[Phase 2] Codify demo-VM hotfixes into upstream code — clean runbook, no manual steps #185

mik-tf referenced this pull request from lhumina_code/hero_demo 2026-04-28 12:21:28 +00:00

[Phase 2] Codify demo-VM hotfixes into upstream code — clean runbook, no manual steps #36

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_skills!127

No description provided.