Sókrates Wiki

Upstream Nix-Hermes-Agent Build Fixes and Forking

2 min read

Upstream Nix-Hermes-Agent Build Fixes and Forking

Summary

This process documents the identification and resolution of critical build failures in the nix-hermes-agent dependency. The resolution involved debugging Nix sandbox test failures, filing upstream issues and pull requests, and temporarily forking the repository to unblock the Sokrates development pipeline.

Details

During the integration and deployment of the Hermes Agent within the Sokrates NixOS environment, the build process encountered persistent failures related to the apscheduler package. Specifically, python3.12-apscheduler-3.11.2 failed its test suite when executed within the Nix build sandbox. These failures were identified as upstream issues within nixpkgs, specifically concerning processpool signal handling which behaves differently in the restricted environment of a Nix build compared to a standard execution environment.

The investigation revealed that while the nix-hermes-agent’s package.nix already contained overrides for several broken packages (such as sanic and cherrypy), it lacked a similar override for apscheduler. Because the agent pins its own version of nixpkgs, the Sokrates team could not easily fix this from the top-level flake without modifying the agent’s internal package definition.

Simultaneously, a second bug was identified regarding “Skills” permissions. The agent’s code utilized copy_tree, which internally calls rmtree on destination paths. When these paths pointed to the Nix store—which is read-only—the process would crash with a PermissionError.

Remediation Steps

To resolve these blockers, the following workflow was executed:

  1. Issue Tracking: Formal issues were filed against the upstream repository at 0xrsydn/nix-hermes-agent (Issue #2), documenting both the apscheduler test failures and the Skills PermissionError.
  2. Upstream Contribution: A Pull Request (PR #3) was submitted to the nix-hermes-agent repository. The fix for the build failure involved adding doCheck = false to the apscheduler override in package.nix, bypassing the problematic sandbox tests.
  3. Forking and Unblocking: To avoid waiting for upstream maintainer approval, the Sokrates team forked the nix-hermes-agent repository.
  4. Flake Update: The Sokrates project flake was updated to point its nix-hermes input to the fix branch of the fork. This allowed the sokrates-dev and sokrates-box builds to proceed immediately.

This process highlights the “upstream-first” philosophy of the Sokrates project, where bugs in dependencies are fixed at the source while maintaining local velocity through Nix’s flexible input shadowing.

Graph View