diff --git a/.env.example b/.env.example
index c3bc18f..53eeaad 100644
--- a/.env.example
+++ b/.env.example
@@ -152,8 +152,11 @@ DEFAULT_MODEL=local-chat
 # HF_TOKEN: managed via SOPS at secrets/hf_token.sops.
 # Edit with: sops secrets/hf_token.sops
 # Decrypted runtime path: ~/.ai-toolkit/runtime/secrets/hf_token
-# Mounted into ops-controller, dashboard, gguf-puller, comfyui-model-puller,
-# and comfyui as /run/secrets/hf_token (see HF_TOKEN_FILE in compose).
+# Mounted into ops-controller, dashboard, comfyui-model-puller, and comfyui as
+# /run/secrets/hf_token (see HF_TOKEN_FILE in compose).
+# gguf-puller instead reads the optional HF_TOKEN env var (set it here or in your
+# shell for gated repos); left empty it pulls public GGUF repos token-free, so a
+# missing/SOPS-unavailable secret no longer hard-fails `compose run gguf-puller`.
 # See docs/runbooks/secrets.md.
 
 # GITHUB_PERSONAL_ACCESS_TOKEN: managed via SOPS at secrets/github_pat.sops.
diff --git a/docker-compose.yml b/docker-compose.yml
index 09847ba..aa9a10c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -422,13 +422,16 @@ services:
     image: python:3.12-slim
     restart: "no"
     environment:
-      - HF_TOKEN_FILE=/run/secrets/hf_token
+      # Optional HF token via env (set HF_TOKEN in .env for gated repos); empty by
+      # default so public repos pull token-free. Replaces the file secret, which
+      # made `compose run gguf-puller` hard-fail whenever the SOPS-managed secret
+      # file was absent or its ${HOME} source mis-resolved under a Hermes-invoked
+      # compose subprocess. pull_gguf_models.py reads HF_TOKEN when the file is absent.
+      - HF_TOKEN=${HF_TOKEN:-}
       - GGUF_MODELS=${GGUF_MODELS:-}
     volumes:
       - ${BASE_PATH:-.}/models/gguf:/models
       - ${BASE_PATH:-.}/scripts:/scripts:ro
-    secrets:
-      - hf_token
     command: ["sh", "-c", "pip install -q huggingface_hub && python3 /scripts/pull_gguf_models.py"]
     networks:
       - frontend