From a2170374d42df1024637422f442630f85e8d8130 Mon Sep 17 00:00:00 2001
From: Hermes Bot <hermes@ordo-ai-stack.local>
Date: Sat, 20 Jun 2026 14:28:29 -0400
Subject: [PATCH] gguf-puller: pull public GGUF repos without the HF token
 secret
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The gguf-puller service declared the SOPS-managed `hf_token` Docker secret
(file: ${HOME}/.ai-toolkit/runtime/secrets/hf_token). When that file is absent
— or when its ${HOME} source mis-resolves inside a Hermes/ops-controller
compose subprocess — `docker compose run gguf-puller` aborts before the script
runs, so even public-repo pulls fail.

pull_gguf_models.py already falls back to the HF_TOKEN env var and downloads
public repos anonymously. Swap the file secret for an optional
`HF_TOKEN=${HF_TOKEN:-}` env on gguf-puller only: empty by default (public pulls
work token-free, never hard-fails), set HF_TOKEN in .env for gated repos. The
runtime services (ops-controller, dashboard, comfyui, comfyui-model-puller)
keep the SOPS file secret unchanged.

Validated: `docker compose --profile models run --rm gguf-puller` with no secret
and no HF_TOKEN pulls a public GGUF successfully (exit 0).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .env.example       | 7 +++++--
 docker-compose.yml | 9 ++++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/.env.example b/.env.example
index c3bc18f..53eeaad 100644
--- a/.env.example
+++ b/.env.example
@@ -152,8 +152,11 @@ DEFAULT_MODEL=local-chat
 # HF_TOKEN: managed via SOPS at secrets/hf_token.sops.
 # Edit with: sops secrets/hf_token.sops
 # Decrypted runtime path: ~/.ai-toolkit/runtime/secrets/hf_token
-# Mounted into ops-controller, dashboard, gguf-puller, comfyui-model-puller,
-# and comfyui as /run/secrets/hf_token (see HF_TOKEN_FILE in compose).
+# Mounted into ops-controller, dashboard, comfyui-model-puller, and comfyui as
+# /run/secrets/hf_token (see HF_TOKEN_FILE in compose).
+# gguf-puller instead reads the optional HF_TOKEN env var (set it here or in your
+# shell for gated repos); left empty it pulls public GGUF repos token-free, so a
+# missing/SOPS-unavailable secret no longer hard-fails `compose run gguf-puller`.
 # See docs/runbooks/secrets.md.
 
 # GITHUB_PERSONAL_ACCESS_TOKEN: managed via SOPS at secrets/github_pat.sops.
diff --git a/docker-compose.yml b/docker-compose.yml
index 09847ba..aa9a10c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -422,13 +422,16 @@ services:
     image: python:3.12-slim
     restart: "no"
     environment:
-      - HF_TOKEN_FILE=/run/secrets/hf_token
+      # Optional HF token via env (set HF_TOKEN in .env for gated repos); empty by
+      # default so public repos pull token-free. Replaces the file secret, which
+      # made `compose run gguf-puller` hard-fail whenever the SOPS-managed secret
+      # file was absent or its ${HOME} source mis-resolved under a Hermes-invoked
+      # compose subprocess. pull_gguf_models.py reads HF_TOKEN when the file is absent.
+      - HF_TOKEN=${HF_TOKEN:-}
       - GGUF_MODELS=${GGUF_MODELS:-}
     volumes:
       - ${BASE_PATH:-.}/models/gguf:/models
       - ${BASE_PATH:-.}/scripts:/scripts:ro
-    secrets:
-      - hf_token
     command: ["sh", "-c", "pip install -q huggingface_hub && python3 /scripts/pull_gguf_models.py"]
     networks:
       - frontend