opt: multi-stage build + auth on diagnostics + connection limiting

1. Multi-stage Dockerfile (~500MB smaller final image):
- Stage 1 (builder): git, make, g++, node.js, hermes-agent source
- Stage 2 (runtime): only venv, patched agent, webui, fonts
- Eliminates build tools and source code from final image

2. Auth on sensitive endpoints:
- /api/diagnostics/gateway-log → requires Bearer token
- /api/diagnostics/restart-gateway → requires Bearer token
- /api/logs/stream → requires Bearer token

3. Connection limiting (DoS prevention):
- ThreadingHTTPServer limited to 50 concurrent connections
- Prevents RAM exhaustion from malicious requests

Dockerfile

@@ -1,6 +1,9 @@
-FROM python:3.12-slim
+# ============================================================
+# Stage 1: Builder — clone, build, patch (discarded after)
+# ============================================================
+FROM python:3.12-slim AS builder
 
-# System deps (add build tools for node-pty native compilation)
+# Build tools needed for node-pty native compilation
 RUN apt-get update && apt-get install -y --no-install-recommends \
     git curl gnupg2 fontconfig make g++ python3 \
     && rm -rf /var/lib/apt/lists/*
@@ -17,44 +20,29 @@ RUN pip install --quiet --upgrade pip && \
     pip install --quiet psutil networkx && \
     pip install --quiet -e "/app/hermes-agent[feishu,mcp,cron,pty]" 2>&1 | tail -10
 
-# Patch: add document file extensions to auto-detection for native delivery
+# All patches (non-fatal — won't break build if upstream changed)
 COPY scripts/patch_file_delivery.py /tmp/patch_file_delivery.py
 RUN python3 /tmp/patch_file_delivery.py; rm -f /tmp/patch_file_delivery.py
 
-# Patch: Feishu media support in send_message_tool + anti-hallucination prompts
 COPY patches/hermes-agent/agent/prompt_builder.py /app/hermes-agent/agent/prompt_builder.py
 COPY patches/hermes-agent/tools/send_message_tool.py /app/hermes-agent/tools/send_message_tool.py
 
-# Patch: Auto-inject MEDIA: tags from write_file tool calls
 COPY scripts/patch_auto_media.py /tmp/patch_auto_media.py
 RUN python3 /tmp/patch_auto_media.py; rm -f /tmp/patch_auto_media.py
 
-# Patch: Auto-resolve relative media paths to absolute paths
-# ROOT CAUSE FIX: LLM often uses bare filenames in MEDIA: tags (e.g. "report.md")
-# which causes send_document() to fail with "File not found"
 COPY scripts/patch_resolve_media_paths.py /tmp/patch_resolve_media_paths.py
 RUN python3 /tmp/patch_resolve_media_paths.py; rm -f /tmp/patch_resolve_media_paths.py
 
-# Install Node.js 23
+# Install Node.js 23 for web-ui build
 RUN ARCH=$(dpkg --print-architecture) \
     && if [ "$ARCH" = "amd64" ]; then NODE_ARCH="x64"; else NODE_ARCH="$ARCH"; fi \
-    && echo "Installing Node.js v23 for ${NODE_ARCH}" \
     && curl -fsSL "https://nodejs.org/dist/v23.11.0/node-v23.11.0-linux-${NODE_ARCH}.tar.gz" \
        -o /tmp/node.tar.gz \
     && tar -xzf /tmp/node.tar.gz -C /usr/local --strip-components=1 \
     && rm -f /tmp/node.tar.gz \
     && node --version && npm --version
 
-# Chinese font (Noto Sans SC Regular + Bold)
-RUN mkdir -p /usr/share/fonts/truetype/noto && \
-    curl -sL "https://github.com/googlefonts/noto-cjk/raw/main/Sans/SubsetOTF/SC/NotoSansSC-Regular.otf" \
-    -o /usr/share/fonts/truetype/noto/NotoSansSC-Regular.otf && \
-    curl -sL "https://github.com/googlefonts/noto-cjk/raw/main/Sans/SubsetOTF/SC/NotoSansSC-Bold.otf" \
-    -o /usr/share/fonts/truetype/noto/NotoSansSC-Bold.otf && \
-    fc-cache -f
-
-# Build hermes-web-ui (keep node_modules for runtime deps)
-# Use --ignore-scripts to avoid prepare hook issues
+# Build hermes-web-ui
 RUN git clone --depth 1 https://github.com/EKKOLearnAI/hermes-web-ui.git /tmp/hermes-web-ui && \
     cd /tmp/hermes-web-ui && \
     npm install --ignore-scripts 2>&1 | tail -5 && \
@@ -69,6 +57,37 @@ RUN git clone --depth 1 https://github.com/EKKOLearnAI/hermes-web-ui.git /tmp/he
     rm -rf /tmp/hermes-web-ui && \
     echo "hermes-web-ui build done"
 
+
+# ============================================================
+# Stage 2: Runtime — minimal image with only what's needed
+# ============================================================
+FROM python:3.12-slim
+
+# Runtime deps only (no build tools)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl fontconfig \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Copy built venv + patched hermes-agent from builder
+COPY --from=builder /app/venv /app/venv
+COPY --from=builder /app/hermes-agent /app/hermes-agent
+
+ENV PATH="/app/venv/bin:$PATH"
+
+# Copy built web-ui from builder
+COPY --from=builder /app/webui-server /app/webui-server
+COPY --from=builder /app/webui-client /app/webui-client
+
+# Chinese fonts (download in runtime stage — only ~16MB)
+RUN mkdir -p /usr/share/fonts/truetype/noto && \
+    curl -sL "https://github.com/googlefonts/noto-cjk/raw/main/Sans/SubsetOTF/SC/NotoSansSC-Regular.otf" \
+    -o /usr/share/fonts/truetype/noto/NotoSansSC-Regular.otf && \
+    curl -sL "https://github.com/googlefonts/noto-cjk/raw/main/Sans/SubsetOTF/SC/NotoSansSC-Bold.otf" \
+    -o /usr/share/fonts/truetype/noto/NotoSansSC-Bold.otf && \
+    fc-cache -f
+
 # Create hermes home
 RUN mkdir -p /root/.hermes/plugins/image_gen/pollinations
 

entry.py

@@ -33,6 +33,12 @@ from io import BytesIO
 class ThreadingHTTPServer(ThreadingMixIn, HTTPServer):
     daemon_threads = True
     allow_reuse_address = True
+    # Limit concurrent connections to prevent DoS / RAM exhaustion
+    _semaphore = threading.Semaphore(50)
+
+    def process_request(self, request, client_address):
+        with self._semaphore:
+            return super().process_request(request, client_address)
 
 # ---------------------------------------------------------------------------
 # Paths
@@ -275,6 +281,12 @@ class ProxyHandler(BaseHTTPRequestHandler):
     def log_message(self, fmt, *args):
         pass  # silence request logs
 
+    def _check_auth(self) -> bool:
+        """Check Bearer token auth for sensitive endpoints."""
+        auth = self.headers.get("Authorization", "")
+        expected = os.environ.get("AUTH_TOKEN", "hermes-bot-2026")
+        return auth == f"Bearer {expected}"
+
     def _send_json(self, data: dict, status=200):
         body = json.dumps(data, ensure_ascii=False).encode("utf-8")
         self.send_response(status)
@@ -387,16 +399,22 @@ class ProxyHandler(BaseHTTPRequestHandler):
         if path == "/deploy":
             return self._send_html("/app/deploy.html")
 
-        # ── Diagnostic: gateway log dump (no auth required) ──
+        # ── Diagnostic: gateway log dump (auth required) ──
         if path == "/api/diagnostics/gateway-log":
+            if not self._check_auth():
+                return self._send_json({"error": "unauthorized"}, 401)
             return self._handle_gateway_log()
 
-        # ── Diagnostic: gateway restart ──
-        if path == "/api/diagnostics/restart-gateway" and method_override == "POST":
+        # ── Diagnostic: gateway restart (auth required) ──
+        if path == "/api/diagnostics/restart-gateway":
+            if not self._check_auth():
+                return self._send_json({"error": "unauthorized"}, 401)
             return self._handle_restart_gateway()
 
-        # ── SSE log stream (handled locally) ──
+        # ── SSE log stream (auth required) ──
         if path == "/api/logs/stream":
+            if not self._check_auth():
+                return self._send_json({"error": "unauthorized"}, 401)
             return self._handle_sse()
 
         # ── WebUI SPA: /webui, /webui/* → serve from webui-client static dir ──