Hermes Agent v0.15.1 (v2026.5.29)

Release Date: May 29, 2026

Since v0.15.0: 28 commits · 21 merged PRs · hotfix release · 9 contributors

The Patch Release. A same-day hotfix for v0.15.0. Headline fix: the dashboard infinite-reload loop that hit anyone running v0.15.0 in loopback mode (Docker, hosted Hermes, fresh installs). A handful of other v0.15.0 follow-ups go along for the ride — kanban worker SIGTERM, /model picker unification, /yolo session bypass, the full 19,932-entry skills.sh catalog, .md media delivery restoration, gateway probe-stepdown safety, web-URL redaction passthrough, kanban worker vision on referenced images, hindsight observation-default. Docker users get an explicit --insecure opt-in env var (no more bind-host inference), MCP server bare-command PATH resolution, and arm64 PR-build cache fixes.

✨ Highlights

• Dashboard 401 reload loop fixed — In loopback mode the dashboard's identity probe (/api/auth/me) returns 401 by design, but v0.15.0's stale-token reload guard treated every 401 as a rotated session token and full-page-reloaded to pick up a fresh one. Every successful sibling call cleared the one-shot reload guard, so the page reload-looped forever (Firefox: "Navigated to /sessions" storm; Chrome: React re-render storm). Fix adds an allowUnauthorized opt-out to fetchJSON that skips only the loopback stale-token reload — 401 still throws so AuthWidget swallows it, gated-mode login_url redirects are unaffected. Closes #34206, #34202. (#30698 — @austinpickett)
• Docker dashboard --insecure is now an explicit env opt-in, never derived from bind host — Previously the Docker entrypoint inferred --insecure when the dashboard bound to a non-loopback host. That conflated "I want LAN access" with "I want to disable the same-origin guard." The fix splits them: bind host is bind host, and disabling the dashboard's loopback auth requires an explicit HERMES_DASHBOARD_INSECURE=1. Existing setups that genuinely wanted insecure binding must now set the env var. (#34188, #34204 — @benbarclay)
• MCP bare command resolution under Docker — MCP servers configured with bare commands (npx, npm, node) now resolve against /usr/local/bin so they actually launch inside the Docker image where those binaries live. v0.15.0 left these failing silently in containers when the agent's effective PATH didn't include the Node toolchain location. (#34186 — @benbarclay)
• Skills page sidebar / source pills restored — A stale useMemo dependency in the new dashboard skills page collapsed the source pills and category sidebar to "All" only. Fixed; both surfaces now reflect the live catalog state. (#34194)
• Kanban worker can be killed again — SIGTERM on a kanban worker was being absorbed by an intermediate process and the worker stayed running. Closes #28181. (#34045)
• Full skills.sh catalog (858 → 19,932 entries) — The skills hub page was pulling a partial paginated catalog. The fetch now walks the sitemap, so all 19,932 skills.sh entries surface in the picker instead of just the first 858. (#34025)

🐛 Bug Fixes

Dashboard / Web

• /api/auth/me 401 no longer triggers reload loop in loopback mode — (#30698 — @austinpickett)
• Skills page source pills + category sidebar restored — stale useMemo dep (#34194)

Docker

• --insecure is now explicit opt-in via env var, not derived from bind host (#34188 — @benbarclay)
• Dashboard test suite repaired to match the insecure-opt-in fix (#34204 — @benbarclay)
• arm64 PR builds skip the GHA cache to avoid cache-thrash on cross-arch builders (#33704 — @BROCCOLO1D)

MCP

• Bare npx/npm/node resolve against /usr/local/bin for Docker compatibility (#34186 — @benbarclay)

Kanban

• Worker SIGTERM actually terminates the process (#34045)
• Workers receive images referenced in task bodies for vision-capable models (#34210)

Gateway

• .md files deliver again — media-delivery validation defaults to denylist-only instead of an overly-narrow allowlist (#34022)
• Probe stepdown safety — on a context-overflow without an explicit provider context limit, the agent no longer steps down to a smaller model based on an unknown ceiling (salvage of #33673) (#33826)

CLI

• /yolo mid-session enables the per-session bypass instead of just toggling the env var (which the running agent had already snapshotted) (#33931 — @kshitijk4poor)
• /model and hermes model show the same list, plus disk cache for picker startup (#33867)

Skills

• Full skills.sh catalog via sitemap — 858 → 19,932 entries (#34025)

Redaction

• Web URLs pass through unchanged — the redactor was eating query parameters that looked credential-shaped (#34029)

✨ Small Features

• Hindsight default narrowed to observation-only for recall_types — tool path is also narrowed (#34079 — @nicoloboschi, follow-up #34091 — @kshitijk4poor)
• Memory providers receive completed-turn message context — salvage of #28065 (#34097 — @kshitijk4poor, credit to @devwdave)

📚 Documentation

• --no-supervise / HERMES_GATEWAY_NO_SUPERVISE documented in the reference docs (follow-up to #33583) (#33751 — @r266-tech)

🛠️ Infrastructure

• Vercel deploy workflow accepts workflow_dispatch so docs deploys can be manually triggered (#34081)
• @nous-research/ui bumped to 0.18.2 (Nix npmDepsHash also updated to match) (#34193 follow-ups — @austinpickett)

👥 Contributors

Core

• @teknium1

Community

• @austinpickett — dashboard 401 reload-loop fix (the headline), @nous-research/ui bump, Nix npmDepsHash updates
• @benbarclay — Docker --insecure opt-in, MCP bare-command resolution, dashboard test repair
• @kshitijk4poor — /yolo session bypass, completed-turn memory context salvage, hindsight follow-up docs
• @nicoloboschi — hindsight recall_types observation default
• @BROCCOLO1D — arm64 PR build cache fix
• @r266-tech — --no-supervise reference docs
• @yangguangjin — probe stepdown safety (salvage of @yanghd's #33673)
• @devwdave — completed-turn memory context (credited via salvage)
• @andrewhosf — co-author

Issue Reporters (the 401 loop)

• @routesmith (#34206)
• @beeaton (#34202)

Full Changelog: v2026.5.28...v2026.5.29

Original source

Move provider adapters (anthropic, bedrock, azure), platform adapters
(telegram, slack, discord, feishu, dingtalk, matrix), and terminal backends
(modal, daytona) out of core into plugins/ workspace members. Core references
them via the plugin registries (get_provider_namespace / get_provider_service /
get_tool_provider / get_credential_pool_hook) instead of direct imports.

Provider/platform/terminal adapters relocated under plugins/; pyproject
extras reference workspace members; nix variants aggregate per-platform extras.

Anthropic credential discovery + OAuth-masquerade guard live in the plugin's
credential_pool_hook; browser-open guarded by _can_open_graphical_browser.

Vercel AI Gateway + Vercel Sandbox removed (upstream deletion); get_bedrock_model_ids
removed (replaced by bedrock_model_ids_or_none + discover_bedrock_models).

Terminal backends resolve ModalEnvironment / DaytonaEnvironment lazily from
the plugin registry.

uv.lock regenerated against the pluginified workspace.

Plugin test suites updated for the relocation: imports point at
hermes_agent_.adapter, caplog logger-name filters and monkeypatch targets
use the new module paths, and credential/rollback tests patch
registries.get_provider_service rather than the removed agent.*_adapter modules.

Verified: zero dead imports of relocated modules in core (import smoke test +
rename-map grep); nix develop succeeds; targeted plugin suites green
(bedrock, anthropic-auxiliary, matrix, dingtalk, feishu, credential_pool,
switch_model_rollback). Remaining full-suite failures are pre-existing on the
pre-merge tree (telegram setUpModule code) or environmental (voice/media/
PTY/network-dependent), not introduced here.

Original source

STRUCTURAL DECISIONS

ai-gateway + vercel_sandbox: honored main's PR #33067 deletion. Dropped our orphaned plugins/terminals/vercel/ dir and all 3 stale vercel refs that survived in pyproject (workspace member, [all] entry, uv source).

tools/lazy_deps.py: kept main's version. Our branch deleted it incompletely (WIP) while main has 30 live callers + active maintenance. main's intent won.

agent/agent_runtime_helpers.py: COMBINED — main's atomic swap+rollback snapshot envelope wraps our pluginified registries-based anthropic imports.

agent/credential_pool.py: took our plugin-hook indirection AND ported main's api_key_path_explicit OAuth-masquerade security fix INTO the anthropic credential_pool_hook (it was pluginified from a pre-fix base and would have been silently dropped otherwise).

hermes_cli/model_switch.py, hermes_cli/models.py: took main's logic (cached_provider_model_ids, AI-gateway removal) then re-applied our pluginify import rewrites (agent.bedrock_adapter/anthropic_adapter -> registries namespace lookups) since those modules moved to plugins.

tools/terminal_tool.py: took main's version (vercel_sandbox deletion) then restored our lazy registry resolution for modal + daytona environments (both moved to plugins; main's direct imports would crash at runtime).

nix/checks.nix: kept both — our hermetic-boundary checks + main's messaging-variant discord.py guard.

pyproject.toml: plugin extras as workspace members (ours) + main's new wecom extra; vercel removed throughout.

uv.lock: regenerated with uv lock (not hand-merged); 233 packages.

VERIFICATION

Zero conflict markers anywhere.

Exhaustive 17-moved-module grep: no dead imports of relocated modules in core.

Import smoke test: all hot core modules import clean.

Targeted tests (21 files incl. credential_pool, anthropic plugin, run_agent, project_metadata): pass.

3 credential_pool security tests rewired to register the real plugin hook (core tests don't trigger plugin discovery): pass.

Full suite: remaining failures are pre-existing on premerge-oh-god (telegram collection error: setUpModule MagicMock code) or environmental (matrix DNS/e2ee-deps, network) — NOT introduced by this merge. See PR notes.

Original source

Hermes Agent v0.15.0 (v2026.5.28)
Release Date: May 28, 2026
Since v0.14.0: 1,302 commits · 747 merged PRs · 1,746 files changed · 282,712 insertions · 36,699 deletions · 560+ issues closed (15 P0, 65 P1, 19 security-tagged) · 321 community contributors (including co-authors)
The Velocity Release. Hermes gets dramatically faster — to start, to run, to ship work, and to grow. The 16,083-line run_agent.py collapses to 3,821 (-76%) across 14 cohesive agent/* modules. Kanban grew into a real multi-agent platform across 104 PRs — orchestrator auto-decomposition, swarm topology, scheduled tasks, worktree-per-task, per-task model overrides. The cold-start perf wave keeps going: another second shaved off launch, 47% fewer per-conversation function calls, hermes --version flipping the head-to-head benchmark against Codex CLI. session_search is 4,500× faster and free now. Promptware defense lands against Brainworm-class attacks. Bitwarden Secrets Manager replaces N per-provider API keys with one bootstrap token. Skill bundles let one slash command load a whole workflow. The Ink TUI gets a multi-session orchestrator. Two new image_gen providers (Krea 2 Medium + Large, FAL ported to plugin), the Nous-approved MCP catalog with an interactive picker, an OpenHands orchestration skill, ntfy as the 23rd messaging platform, and a deep xAI integration round (Web Search plugin, xai-oauth hermes proxy upstream, retired-May-15 model detection + hermes migrate xai, natural TTS speech-tag pauses, base_url leak guard, OpenAI-style execution guidance for Grok). 15 P0 + 65 P1 closures alongside.
✨ Highlights
The Big Refactor — run_agent.py is no longer 16,000 lines — The file at the heart of Hermes — the agent conversation loop — has been reduced from 16,083 lines to 3,821 (-76%), with the extracted code redistributed across 14 cohesive modules under agent/. Behavior is unchanged: every extraction keeps a thin forwarder on AIAgent, every test patch path still works, every external caller is compatible. The reason you care: future Hermes development moves faster, plugin authors can finally grep the codebase, and the file that took 90 seconds to load in your editor opens in a blink. (#27248)
Kanban grew into a real multi-agent platform — 104 PRs end to end — Triage auto-decomposes one task into a tree of sub-tasks. hermes kanban swarm creates a full Swarm v1 graph in one command — root, parallel workers, gated verifier, gated synthesizer, shared blackboard. Tasks support per-task model overrides (cheap models for boilerplate, expensive ones for hard sub-tasks), board-level default workdirs, per-task worktree paths and branches, scheduled start times, configurable claim TTL, retry fingerprinting, stale-task detection, respawn guards, and a drag-to-delete trash zone. Workers report through /workers/active, /runs/{id}, and /inspect endpoints. (#27572, #28443, #28364, #28394, #28462, #28384, #28467, #28455, #28452, #28432, #28468, #28420)
Cold-start perf wave keeps going — another second saved, 47% fewer per-turn function calls — Three new optimization rounds: defer openai._base_client import (-240ms / -17MB on every CLI invocation), hot-path optimizations cut 47% of per-conversation function calls (399k → 213k for 31-turn chat), defer compression-feasibility check (-170 to -290ms on every agent construction), adaptive subprocess polling (-195ms per tool call, 1+ second per turn). Termux cold start drops from 2.9s to 0.8s. hermes --version cold drops 63% (701ms → 258ms), flipping the head-to-head benchmark against Codex CLI from 5/11 wins to 6/11. (#28864, #28866, #28957, #29006, #29419, #30121, #30609, #31968)
session_search rebuilt — no LLM, no cost, 4,500× faster — The old session_search was an aux-LLM-powered tool that cost ~$0.30/call and took ~30 seconds to summarize three sessions, sometimes confabulating when the right session wasn't even in the FTS5 hit list. The new shape is one tool with three modes (discovery, scroll, browse) inferred from which args are set — no mode parameter, no aux-LLM, no config knob, no companion skill. Discovery is ~20ms instead of ~90s; scroll is ~1ms. Searching your past sessions for context is now free and instant. (#27590)
Promptware defense — Brainworm-class attacks blocked at three chokepoints — Inspired by recent Brainworm / Promptware Kill Chain research (Origin HQ, arxiv 2601.09625), Hermes now defends the context window against prompt-injection attacks that try to hijack the agent via tool output, recalled memory, or stored skills. Single source of truth (tools/threat_patterns.py) with ~15 new Brainworm/C2 patterns; recalled memory is scanned at load time; tool results get delimiter markers so a malicious file or remote service can't impersonate Hermes' own system content. Paired with a new security-guidance plugin that pattern-matches dangerous code writes. (#32269, #33131, #9151)
Bitwarden Secrets Manager — one bootstrap token replaces every per-provider API key — Stop keeping plaintext API keys in ~/.hermes/.env. Install Bitwarden Secrets Manager (bws auto-installs lazily on first use), point Hermes at it with one bootstrap token (BWS_ACCESS_TOKEN), and every credential you need comes from Bitwarden at startup. Rotate a key in the Bitwarden web app and the rotation actually takes effect — Bitwarden defaults to source-of-truth so its values overwrite matching env vars on startup. Flip secrets.bitwarden.override_existing: false to invert. EU Cloud and self-hosted Bitwarden server URLs supported. Detected credentials are now labeled with their source so you can see at a glance which keys came from Bitwarden vs. the local env. (#30035, #31378, #30364)
ntfy as the 23rd messaging platform — push notifications without an account — ntfy is the self-hostable push-notification service with no signup, no API key, just a topic URL. Hermes now adapts to it as a platform plugin (zero edits to core), so your agent can send you push notifications from any cron job, kanban task completion, or chat send_message — to your phone, your watch, your desktop, your homelab. (salvages #30625 → originally #4043) (#30867)
Skill bundles — /<name> loads multiple skills at once — A skill bundle is a named group of skills that loads them all together with one slash command. Set up your "writing day" bundle (humanizer + ideation + obsidian + youtube-content) and /writing-day activates all four for the session. Skills Hub now has health checks, a freshness badge, and a watchdog cron. Three new optional skills land: code-wiki (Karpathy's LLM-Wiki, persistent indexed dev wiki), openhands (delegate to OpenHands for parallel coding agents), and web-pentest (OWASP-style web pentest recipes). (#28373, #32345, #32240, #32261, #32265)
TUI session orchestrator — multiple live sessions in one TUI window — The Ink TUI gained an active-session switcher overlay. List, switch between, refresh, and close multiple live process-local sessions without leaving the TUI; dispatch a new session with a session-scoped model picker. Plus a wave of TUI polish — mouse-tracking DEC mode presets, scrollback preservation across branches and termux, slash-dropdown fixes, x.com link rendering, and CJK / IME input rendering improvements. (salvages #27642) (#32980, #30084)
Two new image_gen providers — Krea 2 Medium + Large, FAL ported to plugin — Krea joins the image_gen lineup as a built-in plugin: Krea 2 Medium ($0.03) and Krea 2 Large ($0.06), auto-discovered, selectable via hermes tools → Image Generation → Krea. Available through both the native Krea plugin and the FAL.ai catalog. The FAL.ai backend got pulled out of the monolithic image-generation tool into plugins/image_gen/fal/, completing the four-way architectural parity already established by web, browser, and video_gen — new image providers are now one file, not a fork. (#33236, #30380, #33506)
Nous-approved MCP catalog with interactive picker — A curated catalog of Nous-vetted MCP servers, mirroring the optional-skills shape. Run hermes mcp and you get an interactive picker; install with one keystroke, credentials prompted at install time and written to ~/.hermes/.env. Ships with the n8n manifest first. Closes the discovery gap that left users hunting GitHub for trusted MCP servers. (#30870)
OpenHands orchestration skill — A new optional skill under optional-skills/autonomous-ai-agents/openhands/ lets the agent delegate coding tasks to the OpenHands CLI alongside claude-code, codex, and opencode. OpenHands is the model-agnostic member of that family — any LiteLLM-supported provider works (OpenAI, Anthropic, OpenRouter, your own), so you can route a sub-task to the cheapest model that can finish it. Drop-in worker for kanban swarms and /delegate flows. (closes #477) (#32261)
Deep xAI integration round — Web Search plugin, OAuth proxy upstream, May 15 retirement detection, natural TTS, security hardening — Six interlocking xAI improvements:
xAI Web Search lands as a plugins/web/xai/ provider, slots alongside Brave / Tavily / Exa / SearXNG / DDGS / Firecrawl — reuses your existing Grok OAuth or XAI_API_KEY credentials, no new env vars. (#29042)
hermes proxy gains an xAI upstream — your local OpenAI-compatible endpoint can now be backed by SuperGrok OAuth, no PKCE-refresh code to write in your client. (#28356)
May 15 model retirement detection — grok-4, grok-4-fast{,-reasoning,-non-reasoning}, grok-3, grok-code-fast-1, grok-imagine-image-pro etc. are detected in doctor and chat startup, with hermes migrate xai to one-shot config migration to the supported model. No more silent 404s after the retirement date. (#29277)
Opt-in auto_speech_tags for xAI TTS — inserts light [pause] tags between paragraphs and sentences for more natural-sounding voice replies. Default OFF. (#29376)
xai-oauth base_url pinned to x.ai origin — closes a silent credential-leak vector where XAI_BASE_URL could repoint OAuth-authenticated inference to an attacker-controlled host. (#28952)
OpenAI-style execution guidance applied to Grok models — Grok and xai-oauth now get the same family-specific execution discipline block GPT/Codex have, so the model stops claiming completion without tool calls and stops suggesting workarounds instead of using existing tools. (#27797)
Plus x_search degraded-results surfacing, tier-gated 403 with API-key fallback, PKCE code_challenge round-trip fix, dead-token quarantine on terminal refresh failure, MiniMax-style short-token refresh on per-request, and WKE=unauthenticated honor at both classifier sites. (#29484, #28351, #27560, #28116, #30619, #30872)
🏗️ Core Agent & Architecture
The Big Refactor — run_agent.py 16k → 3.8k
run_agent.py from 16,083 → 3,821 lines (-76%), extracted into 14 cohesive agent/* modules. run_conversation alone was 3,877 lines before the refactor. Every extraction keeps a thin forwarder on AIAgent, every test-patch path is preserved, every external caller stays compatible. (#27248)
Agent loop & conversation
Auxiliary task layered fallback (primary → chain → main agent → graceful fail) on capacity errors (402/429/connection). (salvages #26811 + #26998) (#27625)
Buffer retry/fallback status; surface only on terminal failure (no more noisy "retrying..." spam in mid-run output). (#33816)
Host contract for external context engines — condenses 5 prior PRs into one extension surface. (#33750)
Fallback immediately on provider content-policy blocks. (#33883)
Re-pad reasoning_content on cross-provider fallback to require-side providers. (salvage #33784) (#33795)
Per-turn tool-outcome verifier — patch tool gets indent preservation, CRLF preservation, per-file failure escalation. (#32273)
Single-knob native vision for custom-provider models. (#29679)
Background review fork isolated from external memory plugins. (#27190)
Background review inherits parent toolset config for tools[] cache parity. (#29704)
Recover from providers returning list-type tool content. (#30259)
Treat partial-stream stub responses as length truncation rather than clean stop. (#30998)
OpenAI execution guidance applied to xAI Grok / xai-oauth. (#27797)
ContextVars propagate to concurrent tool worker threads.
Preload jiter native parser. (#33692)
Expose context engine tools with saved toolsets. (salvage of #31194) (#33719)
Sessions & memory
session_search rebuilt — single-shape (discovery + scroll + browse), no aux-LLM, ~20ms vs. ~90s. (#27590)
Salvage #29182 — opt-in JSON snapshot writer for sessions. (#29278)
Persist platform_message_id for recall across gateway restarts. (#29449)
Inline memory-context mentions stay visible in conversation. (#28132)
Recalled memory labeled informational, not authoritative. (#28583)
Memory + context-engine tool injection gated on enabled_toolsets. (#30177)
Guard against external drift in MEMORY.md / USER.md. (#30877)
Honcho runtime peer mapping — correctness follow-ups + setup wizard + docs. (#30077)
Periodic memory logging for leak detection. (salvage of #17667) (#27102)
Codex / Responses-API maturation
TTFB watchdog for stalled Codex Responses streams. (#32042)
Actionable hint when stale-call detector fires on known silent-reject pattern. (#32016, #33133)
Drop SDK responses.stream() helper; consume events directly. (#33042)
Gracefully recover from invalid_encrypted_content. (salvage of #10144) (#33035)
Recover Codex Responses streams with null output. (#32963, #33390)
Drop foreign-issuer reasoning and transient rs_tmp reasoning replay state. (#33156, #33146)
Codex 429 quota classified as rate-limit, not missing credentials. (#33168)
Codex chat path falls back to credential_pool when singleton is empty. (#33189)
Codex re-auth syncs credential_pool. (#33164)
Omit tools key when no tools registered. (#33409)
Parse Codex image-generation SSE directly. (#32933)
🎛️ Kanban — Multi-Agent Maturation Wave
Orchestration & dispatch
Orchestrator-driven auto-decomposition on triage. (#27572)
Kanban swarm topology helper — hermes kanban swarm creates a Swarm v1 graph (root + parallel workers + gated verifier + gated synthesizer + shared blackboard). (salvages #26791 by @Niraven) (#28443)
Dispatcher wires review agents from the review column. (#28449)
Stale-detection for running tasks in dispatcher. (#28452)
Respawn guard blocks repeat worker storms. (#28455)
Respawn guard defers blocker_auth instead of auto-blocking. (#28683)
Cross-profile cron jobs surface in dashboard. (#28457)
Worker visibility endpoints: /workers/active, /runs/{id}, /inspect. (salvages #23761 by @Interstellar-code) (#28432)
Task configuration & scheduling
Per-task model override. (#28364)
Board-level default workdir. (#28394)
Configurable worktree paths and branches. (#28462)
Scheduled task start times. (#28384)
Scheduled status for delayed follow-ups. (#28467)
Trimmed task comments. (#28399)
Initial-status for human-ops cards. (#28414)
max_in_progress config to cap concurrent running tasks. (#28420)
Filter tasks by workflow fields. (#28454)
--sort for hermes kanban list. (#28427)
Optional board parameter on all MCP tools. (#28444)
Stamp originating ACP session_id on tasks. (#28447)
auto_promote_children config toggle. (#28344)
archive --rm to hard-delete archived tasks. (#28355)
Promote dependents when parent is archived. (#28372)
Promote blocked tasks when parent dependencies complete. (#28377)
Demote ready children when parent is reopened. (#28382)
promote verb for manual todo→ready recovery + bulk --ids. (salvage #29464) (#31334)
Dashboard
Drag-to-delete trash zone + bulk delete. (#28468)
Surface per-task model_override in show + tool output. (#28442)
Cross-profile notification delivery via kanban.notification_sources. (#28395)
Scratch-workspace deletion warning for users. (#30949)
Mobile dashboard UX polish. (#28127)
Reliability
Worker log retention configurable. (#27867)
Configurable claim TTL. (#28392)
Fingerprint crash errors to prevent fleet-wide retry exhaustion. (#28380)
Reset failure counters on unblock_task. (#28379)
Detect cycles in decompose_triage_task sibling-link pre-validation. (#28088)
Surface unusable triage auxiliary model (auto-decompose aware). (#27871)
Align failure diagnostics with retry limit. (#27868)
Align worker terminal timeout with task runtime. (#27864)
Auto-install bundled skills (kanban-worker) on init. (#28368)
Make legacy task migration idempotent. (#28397)
Serialize DB initialization. (#28383)
Persist worker session metadata on completion. (#28387)
Pass accept-hooks to worker chat subprocess. (#28393)
Preserve worker tools with restricted toolsets. (#28396)
Avoid unsafe Windows worker Hermes shim resolution. (#28398)
Sync slash subcommands with live parser. (#28376)
Show scheduled kanban tasks in dashboard. (#28400)
Assign single-task kanban decompositions. (#28401)
Configurable max_tokens for kanban specify. (#28374)
Per-job profile support for cron. (#28124)
Codex app-server: include every Kanban-pinned path in writable_roots. (#28435)
Cache kanban worker guidance at session init for prompt-cache reuse. (#28425)
⚡ Performance
openai.base_client import deferred — 240ms / 17MB off every CLI cold start. (#28864)
Agent-loop hot-path optimizations — 47% fewer per-conversation function calls (399k → 213k for 31-turn chat). (#28866)
Compression-feasibility check deferred — 170-290ms off every agent construction. (#28957)
Adaptive subprocess poll — ~195ms off every tool call, 1+ second per turn. (#29006)
Termux TUI cold start speedup. (#29419)
Termux non-TUI cold start speedup. (salvage #29438) (#30121)
Termux fast-path version + deferred bare-prompt agent startup. (#30609)
Cut hermes --version wall time 63% — flips head-to-head vs Codex CLI. (#31968)
Date-only timestamp + loud gateway-DB roundtrip logging — improves prompt-cache hit rate. (#27675)
Cache kanban worker guidance at session init for prompt-cache reuse. (#28425)
🔧 Tool System
Tool surface
patch: indent preservation, CRLF preservation, per-file failure escalation. (#32273)
terminal: warn at call time when background=true runs silently. (#31289)
terminal: nudge homebrewed CI pollers at the tool surface. (#33142)
x_search: surface degraded results + validate dates. (#29484)
x_search: auto-enable toolset when xAI credentials are configured. (#27376)
computer_use: route SOM/vision captures via auxiliary.vision. (#30126)
transcription: reject symlinked audio inputs. (#10082)
TTS: prevent double [pause] in xAI auto speech tags. (#32237)
TTS: preserve native audio outside Telegram voice delivery. (#28512)
TTS: opt-in xAI auto_speech_tags speech-tag pauses for natural voice replies. (#29376)
Voice: chunk oversized CLI recordings. (#30044)
Voice: honor PULSE_SERVER / PIPEWIRE_REMOTE inside Docker. (#22534)
Browser
All cloud browser providers (Browserbase, Anchor, Camofox, Hyperbrowser, etc.) migrated to image_gen-style plugins. (salvages #25580) (#27403)
Auto-launch Chromium-family browser for CDP. (#29106)
Docker: discover agent-browser Chromium binary at boot. (#33184)
Image generation
Krea provider plugin (Krea 2 Medium + Large). (#33236)
FAL backend ported to plugins/image_gen/fal. (salvage #27966) (#30380)
Cache xAI ephemeral URL responses to disk. (#31759)
Web search
xAI Web Search as a provider plugin. (#29042)
MCP
Nous-approved MCP catalog with interactive picker. (#30870)
TLS client certificate (mTLS) support for HTTP and SSE MCP servers. (#33721)
Stdin paste-back fallback for headless OAuth flow. (#32053)
skip at paste prompt bypasses auth without disabling server. (#32069)
Registry-aware mcp prefix on both ends of round-trip. (#31700)
🧩 Skills Ecosystem
Skills system
Skill bundles — /<name> loads multiple skills. (#28373)
Skills Hub: health checks, freshness badge, and a watchdog cron. (#32345)
Opt-in AST deep diagnostics on skill writes. (salvage of #30918) (#31198)
Bundled/pinned skill protection in background-review prompts. (#28338)
Show user-modified skill names in bundled skill sync summary. (#28671)
Load symlinked skill slash commands. (#27759)
Deduplicate Skills Hub search results by identifier, not name. (#29490)
New skills
openhands — delegate-to-OpenHands orchestration skill (closes #477) (#32261)
code-wiki — persistent indexed dev wiki (closes #486) (#32240)
web-pentest — OWASP recipes (closes #400) (#32265)
baoyu-article-illustrator (#28287)
☁️ Providers
xAI deep integration
xAI Web Search as a plugins/web/xai/ provider plugin. (#29042)
hermes proxy xAI upstream — OpenAI-compatible local proxy backed by xai-oauth. (#28356)
May 15 model retirement detection + hermes migrate xai for grok-4 / grok-3 / grok-code-fast-1 / grok-imagine-image-pro. (#29277)
Opt-in auto_speech_tags for natural xAI TTS voice replies. (#29376)
xai-oauth base_url pinned to x.ai origin — closes silent credential-leak vector. (#28952)
OpenAI-style execution guidance applied to Grok / xai-oauth models. (#27797)
xAI: detect retired May 15 models in doctor/chat startup. (#29277)
xAI: resolve Grok Build context for OAuth. (#30579)
xAI OAuth: tier-gated 403 with API-key fallback. (#28351)
xAI OAuth: PKCE code_challenge echo. (#27560)
xAI OAuth: quarantine dead tokens on terminal refresh failure. (#28116)
xAI OAuth: honor WKE=unauthenticated disambiguator at both classifier sites. (#30872)
xAI OAuth: accept bare-code manual paste (state=None). (closes #26923) (#33880)
xAI OAuth: fall back to manual paste on loopback timeout. (#33231)
xAI proxy: handle 429 rate-limit responses in proxy retry path. (#33743)
Other providers
OpenAI API as a first-class provider (distinct from Codex runtime). (#31898)
Microsoft Entra ID auth for Azure Foundry (with 1M Anthropic-Messages beta preserved on Bearer). (salvages #27509, #27022) (#28101, #28084)
OpenRouter sticky routing — session_id passed via extra_body so a long-running session keeps landing on the same upstream provider. (@Cybourgeoisie) (#33939)
Nous: JWT token for inference; stop replaying invalid Nous refresh tokens. (@rewbs) (#27663)
Nous Portal: one-shot setup, status CLI, and Nous-included markers. (#30860)
Anthropic adapter: extract 7 helpers from convert_messages_to_anthropic. (salvage #27784) (#30386)
Catalog: add qwen3.7-max to Alibaba + Alibaba-Coding-Plan model lists. (#33129)
opencode-go: route qwen3.7-max via anthropic_messages. (@beardthelion) (#32780)
opencode-go: expose Kimi K2 + DeepSeek reasoning controls. (#30845)
Remove Vercel AI Gateway and Vercel Sandbox.
MiniMax OAuth: refresh short-lived access tokens per request. (#30619)
Codex OAuth: quarantine terminal refresh errors. (#28118)
Codex: drop dead model slugs that HTTP 400 on ChatGPT Pro. (#33424)
Codex: sync manual:device_code pool entries on re-auth. (#33744)
MiniMax OAuth: quarantine terminal refresh errors. (#28119)
🔑 Secrets
Bitwarden Secrets Manager integration with lazy bws install. (#30035)
Bitwarden: EU Cloud + self-hosted server URL support. (#31378)
Label detected credentials with their source (Bitwarden). (#30364)
📱 Messaging Platforms (Gateway)
Gateway core
Deliverable mode — agents ship artifacts as native uploads from any platform (Slack/Discord/Telegram/Teams/Email). (#27813)
hermes send — pipe any script's output to any messaging platform. (salvage of #19631) (#27188)
Debounce queued text follow-ups during active sessions. (salvage of #31235) (#31341)
Plugin-transformed final_response delivered through streaming gate. (#31433)
Refresh cached agent tools on /reload-mcp. (#32815)
Harden kanban + provider cleanup races on long-running workloads. (#29479)
New / reorganized adapters
ntfy — 23rd platform, push notifications, plugin shape, zero core edits. (salvages #30625 → #4043) (#30867)
Discord adapter migrated to bundled plugin. (salvage of #24356) (#30591)
Mattermost adapter migrated to bundled plugin. (salvage of #30916) (#31748)
Telegram
Edit status messages in place instead of appending. (based on #30141 by @qike-ms) (#30864)
Skip-STT audio path + 2GB cap via local Bot API server. (#28541)
Route image documents (.png/.jpg/.webp/.gif) through vision pipeline. (#28519)
Route audio file attachments away from STT pipeline. (#28478)
disable_topic_auto_rename gateway flag. (#28523)
ignore_root_dm config to drop messages without thread_id. (#28536)
Chat-scoped auth without sender user_id. (#28525)
Fail-closed auth fallback when TELEGRAM_ALLOWED_USERS is empty. (#28494)
Roll over tool progress bubbles + scope audio_file_paths. (#28482)
Avoid duplicate text after auto-TTS voice replies. (#28509)
Mark final voice reply notify-worthy so Telegram delivers it audibly. (#28504)
Discord
Recover Windows voice opus decoding. (#33182)
allow_any_attachment config to accept arbitrary file types. (#27245)
Transcribe native voice notes. (#28993)
Define UI view classes after lazy install. (#28817)
Signal / Matrix / Feishu / Slack / WeCom
Signal: require_mention filter for group chats. (#28574)
Matrix: warn on clock-skew silent message drops. (#27330)
Matrix E2EE installs full dep set; plugins respect is_connected. (#31688)
Feishu: require webhook auth secret + honor config extras. (#30746)
Feishu: enforce auth and chat binding for approval buttons. (#30744)
Slack: socket recovery + Windows restart dedupe. (#28873)
WeCom: safe-parse untrusted XML. (#32442)
DingTalk / Webhooks / Microsoft Graph
DingTalk: transcribe native voice notes. (#28993)
Webhook: enforce INSECURE_NO_AUTH safety rail on dynamic route reloads. (#30863)
Webhook: restrict default toolset capabilities. (#30745)
Microsoft Graph: harden webhook auth requirements. (#30169)
🖥️ CLI & TUI
CLI
/update slash command in CLI and TUI. (#23854)
Update auto-rollback when post-pull syntax check fails. (#28669)
--branch flag for hermes update. (@jquesnelle) (#29591)
/exit --delete flag to remove session on quit. (salvage of #17665) (#27101)
▶ N indicator in status bar for running /background tasks. (#27175)
Live background terminal-process count in status bar. (#32061)
Append session recap to /status output. (salvage of #18587) (#27176)
Configurable paste-collapse thresholds (TUI + CLI). (salvage #29723) (#32087)
/resume accepts position numbers. (#31709)
Bring tool-call display back — verbose mode, specific failure reasons, todo progress. (#31293)
Validate runtime token refresh in Qwen auth status. (#31196)
TUI
TUI session orchestrator — multiple live sessions in one TUI window. (salvages #27642) (#32980)
mouse_tracking DEC mode presets. (salvage of #26681 by @OutThisLife) (#30084)
Termux scrollback preservation + touch-friendly defaults. (#28910)
Full assistant text in scrollback (no history truncation). (#28829)
Preserve scrollback when branching sessions. (#30162)
Preserve Python dunder identifiers in markdown. (#28582)
Active profile shown in TUI prompt. (#28581)
Improve Charizard completion menu contrast. (#28346)
Stop slash dropdown chopping last char of /goal. (#31311)
Clipboard copy on linux/wayland. (#29342)
Anchor splitReasoning unclosed-tag regex; stop eating last paragraph. (#29426)
Surface verbose tool details. (#30225)
Load Linux skills on Termux + salvage @adybag14-cyber's Termux gates. (#30166)
Handle images with codex app-server. (#31220)
Refresh virtual transcript on viewport resize. (#31077)
Ignore late thinking deltas after completion. (#31055)
Commit composer input bursts immediately. (#31053)
Log parent gateway lifecycle exits. (#31051)
Clear TTS env var on voice off + TTS indicator in status bar. (#30987)
Pass --expose-gc as node argv instead of NODE_OPTIONS. (#29998)
Align composer cursorLayout with wrap-ansi to kill multiline cursor drift. (#27489)
Harden Terminal.app rendering and color paths. (#27251)
Keep /goal verdict out of compact status row. (#27971)
Clamp curses color 8 for 8-color terminals (Docker). (#30260)
🔒 Security & Reliability
Promptware & memory hardening
Promptware defense — shared threat patterns + memory load-time scan + tool-result delimiters. (#32269)
Expand memory content scanning patterns to parity with skills guard. (#9151)
Harden Skills Guard multi-word prompt patterns. (@YLChen-007) (#26852)
Split cron scanner so skill prose stops false-positiving exfil patterns. (#32339)
File safety
Protect Hermes control-plane files from prompt injection (auth.json, config.yaml, webhook_subscriptions.json, mcp-tokens/). (salvages @PratikRai0101's #14157) (#30397)
Write-deny <root>/.env when running under a profile. (#29687)
Defense-in-depth read-deny on credential stores. (salvages #17659 + #8055) (#30721)
TTS output_path traversal + update ZIP symlink reject. (salvage #6693 + #15881) (#32056)
Reject symlinked audio inputs. (#10082)
Credential safety
Avoid persisting borrowed credential secrets — runtime env-sourced keys no longer leak into auth.json. (#31416)
Validate Nous Portal inference_base_url against host allowlist. (salvages #27612) (#30611)
Harden API server key placeholder handling. (#30738)
Harden Google Chat OAuth credential persistence. (@Zyrixtrex) (#24788)
xAI OAuth: pin inference base_url to x.ai origin. (#28952)
Quarantine dead OAuth tokens on terminal refresh failure (xAI, Codex, MiniMax). (#28116, #28118, #28119)
Supply-chain
On-demand supply-chain audit via OSV.dev — hermes audit. (#31460)
hermes update syntax-validates critical files post-pull, auto-rollback on failure. (#28669)
Quarantine hermes.exe vs concurrent Windows instance. (#26677)
Other hardening
Restrict default webhook toolset capabilities. (#30745)
Harden Microsoft Graph webhook auth requirements. (#30169)
Require source CIDR allowlisting for public msgraph webhook binds. (#33722)
Require API_SERVER_KEY before dispatching API server work. (#33232)
env_passthrough: apply GHSA-rhgp-j443-p4rf filter to config.yaml path. (@roadhero) (#27794)
Dashboard + WeCom: restrict markdown link schemes; safe-parse untrusted XML. (#32442)
Salvage project-plugin RCE bypass fix from PR #29311 (GHSA-5qr3-c538-wm9j). (#30837)
Cross-profile soft guard on file-write tools + system-prompt hint. (#31290)
Reject unsafe tar members in Android psutil compatibility installer. (#33742)
Reject non-regular tar members during tirith auto-install. (#33786)
🪟 Native Windows (Beta Continued)
Complete Windows bootstrap — dep_ensure + install.ps1 + detection. (@alt-glitch) (#27845)
install.ps1: strip BOM, -Commit/-Tag pin params, harden git ops. (@jquesnelle) (#28169)
Consolidate ACP browser bootstrap into install.{sh,ps1}. (@alt-glitch) (#27851)
hermes update quarantines live hermes.exe. (#26677)
Discord voice opus decoding on Windows. (#33182)
Windows Docker Desktop compatible compose file. (@Sunil123135) (#31031)
🖥️ Web Dashboard
Hardened Slack socket recovery + Windows restart dedupe. (#28873)
Web dashboard: migrate checkboxes to @nous-research/ui + design-system polish. (@austinpickett) (#28814)
Web dashboard: collapsible sidebar. (@austinpickett) (#33421)
Dashboard typography & contrast pass. (salvage of #28832) (#30714)
Skills page: lazy-fetch catalog instead of bundling 34MB into JS. (#33809)
🐳 Docker
s6-overlay container supervision — abstract ServiceManager protocol (systemd/launchd/Windows/s6 backends), per-profile gateway supervision in-container, container-restart reconciliation, hadolint/shellcheck CI. (salvage of #30136, @benbarclay) (#31760)
Auto-redirect gateway run to supervised mode inside the s6 image. (@benbarclay) (#33583)
Tee supervised gateway stdout to docker logs. (@benbarclay) (#33621)
Drop docker exec to hermes uid before invoking the CLI. (@benbarclay) (#33628)
Align HOME for dashboard and s6 gateway services. (@Dusk1e) (#33481)
Bake build-time git SHA into image so hermes dump reports it. (@benbarclay) (#33655)
hermes update prints docker pull guidance instead of bogus git error. (@benbarclay) (#33659)
Upgrade Node to 22 LTS via multi-stage from node:22-bookworm-slim. (@benbarclay) (#33060)
Drop build-essential from apt install. (@benbarclay) (#33028)
Propagate env through s6 to cont-init and main CMD. (#32412)
Targeted chown to preserve host file ownership in HERMES_HOME. (#33033)
mkdir HERMES_HOME as root in stage2 before chown / privilege drop. (#33078)
chown ui-tui and node_modules on UID remap so TUI esbuild works. (#33045)
Include anthropic, bedrock, azure-identity extras in image. (#30504)
Stop pushing per-commit SHA tags to Docker Hub. (#29387)
Simplify Docker tagging — push both :main and :latest on main push. (#33225)
Test slicing across GH actions jobs. (@ethernet8023) (#30575)
Discover agent-browser Chromium binary at boot. (#33184)
🌐 API Server
Session control API — /api/sessions/* (list/create/read/patch/delete/fork) + SSE-streaming chat. (salvages #29302 by @Codename-11 + multimodal followup by @Schwartz10) (#33134)
GET /v1/skills and /v1/toolsets. (#33016)
Coerce stringified booleans in stream/store/approval payloads. (salvage #26639) (#27293)
Honor key_env in auth-failure fallback resolution. (#30840)
🎟️ ACP (VS Code / Zed / JetBrains)
Session edit auto-approval modes. (salvage of #27034) (#27862)
Enrich Zed permission cards — command in title + reject_always. (#28148)
Replay session history before responding to session/load. (#26957, #26943)
Plugin-transformed final_response delivered through streaming gate. (#31433)
🔌 Plugin Surface
register_tts_provider() plugin hook. (salvage of #30420) (#31745)
register_transcription_provider() hook + stt.providers command-provider registry. (salvage of #30493) (#31907)
register_auxiliary_task() in PluginContext API. (salvage #29817) (#31177)
Bundled security-guidance plugin. (#33131)
Discord and Mattermost migrated to bundled plugins. (#30591, #31748)
ntfy as platform plugin. (#30867)
Surface category-namespaced plugins in hermes plugins list. (#27187)
Plugin discovery failures raised to WARNING level. (#28318)
hermes_plugins included in gateway.log component filter. (#28313)
Seed plugin extras before is_connected gate. (#31703)
Dashboard: allowlist plugin assets + denylist subprocess-influencing env vars. (#32277)
📦 Distribution & Install
Install-method stamping + Docker detection. (@alt-glitch) (#27843)
Nix #messaging and #full package variants. (@alt-glitch) (#33108)
Pre-load messaging gateway deps via --extra messaging. (salvage #26394) (#27558)
Avoid piping installer directly into iex (Windows). (#28347)
Ship bundled skills in wheel. (#28421)
Ship dashboard plugin assets in wheel. (#28406)
Make Camofox lazy-installed instead of eager. (#27055)
Wire STT lazy-install into transcription_tools.py. (#30256)
🐛 Notable Bug Fixes (highlights only)
Match bare custom provider by active base URL in hermes model. (#28908)
Route auxiliary.vision.provider=openai to api.openai.com, skip text-only main. (#31452)
Lint: skip per-file shell linter when LSP will handle the file. (#29054)
Treat empty credential pool entries as unauthenticated in /model picker. (#28312)
Reverted within window: Firecrawl integration tag, send_message @username auto-mentions, Telegram quick-command-only menus, Telegram pin-on-turn.
🧪 Testing
Disarm lazy-install probe so _HAS_FASTER_WHISPER patches work. (#30334)
Cover default board dashboard pin. (#28361)
Cover _task_dict task_age fallback. (#28365)
Allowlist tmp_path for kanban_notify artifact delivery tests. (#30851, #30852)
Cover null output stream terminal events in Codex. (#33137)
📚 Documentation
30-day docs overhaul — full correctness audit, every PR in the window covered, Nous Portal weave, sidebar reorg. (#33782)
Dedicated Nous Portal integration page and setup guide. (#31296)
Providers: move Nous Portal first, Google Gemini OAuth last. (#31287)
session_search rewrite for single-shape tool. (#27840)
Kanban: document failure_limit, max_retries, inline create shortcuts, goals & kanban settings. (#28357, #28358, #28359, #28360, #28362)
Kanban Codex lane skill. (#28430)
xAI OAuth: note X Premium+ also unlocks Grok OAuth. (#29055)
Docs site: Docker audio bridge notes, "Installing more tools in the container", xurl auth HOME in Docker.
Email: clarify gateway vs Himalaya setup. (@helix4u) (#33634)
Auth docs: replace stale hermes login references with hermes auth add. (#32859)
👥 Contributors
Core
@teknium1 (lead)
Notable salvages & cherry-picks
@benbarclay — s6-overlay container supervision (29 commits salvaged), Node 22 LTS upgrade, build-essential cleanup, gateway run auto-redirect in s6, tee supervised stdout to docker logs, hermes update Docker guidance, build-time SHA stamping
@OutThisLife — mouse_tracking DEC mode presets
@jquesnelle — Windows installer hardening, --branch flag for hermes update, install.ps1 BOM strip / commit-pin
@alt-glitch — Windows dep_ensure bootstrap, Nix package variants (.#messaging, .#full), install-method stamping, ACP browser bootstrap consolidation
@austinpickett — /update slash command, dashboard checkboxes → @nous-research/ui, mobile dashboard polish, collapsible sidebar
@ethernet8023 — CI test slicing across GH Actions jobs, TUI clipboard copy fix
@kshitijk4poor — doctor section banner + fail-and-issue helpers extraction, post-tag salvage cluster (curator-fallout, kanban SQLite hardening, install world-readable uv dirs, xAI bare-code paste)
@rewbs — Nous JWT inference switch + refresh-token replay fix
@Codename-11 + @Schwartz10 — session control API (REST + SSE + multimodal followup)
@Niraven — kanban swarm topology helper
@Interstellar-code — kanban worker visibility endpoints
@adybag14-cyber — termux cold-start optimizations (multiple PRs)
@qike-ms — Telegram in-place status edits design
@sprmn24 — ntfy adapter
@Jaaneek — xAI Web Search provider plugin
@yannsunn — xAI upstream adapter for hermes proxy
@Cybourgeoisie — OpenRouter sticky routing via session_id
@memosr — Nous Portal base_url allowlist validation
@Sunil123135 — Windows Docker Desktop compose file
@Dusk1e — Docker HOME alignment for dashboard + s6 gateway services
@beardthelion — opencode-go anthropic_messages routing
@YLChen-007 — Skills Guard multi-word prompt patterns
@roadhero — env_passthrough GHSA-rhgp-j443-p4rf filter
@Zyrixtrex — Google Chat OAuth credential persistence hardening
@briandevans, @tomqiaozc — defense-in-depth read-deny on credential stores
@PratikRai0101 — control-plane file write protection
@helix4u, @Bartok9, @zccyman — auxiliary fallback ladder components
@ms-alan, @ticketclosed-wontfix, @donovan-yohan — TUI session orchestrator + follow-ups
@daimon-nous[bot] — cron per-job profile support
@bisko — re-pad reasoning_content on cross-provider fallback
All Contributors
@02356abc, @0xchainer, @0xDevNinja, @0xjackyang, @0xsir0000, @0z1-ghb, @8bit64k, @aaronlab, @AceWattGit,
@ACR27, @adam91holt, @AdamPlatin123, @Ade5954, @AdityaRajeshGadgil, @adybag14-cyber, @AhmetArif0, @ai-hana-ai,
@alaamohanad169-ship-it, @alber70g, @albert748, @alt-glitch, @aqilaziz, @argabor, @asdlem, @austinpickett,
@avifenesh, @awizemann, @B0Tch1, @Bartok9, @BaxBit, @Beandon13, @beardthelion, @benbarclay, @bensargotest-sys,
@binhnt92, @bird, @bisko, @BlackishGreen33, @booker1207, @bradhallett, @briandevans, @Brixyy, @brndnsvr,
@BROCCOLO1D, @btorresgil, @burjorjee, @carltonawong, @Carry00, @chaconne67, @chdlc, @chromalinx, @ChyuWei,
@CipherFrame, @cmullins70, @CNSeniorious000, @codeblackhole1024, @Codename-11, @colin-chang, @counterposition,
@cresslank, @CryptoByz, @cyb0rgk1tty, @Cybourgeoisie, @daizhonggeng, @darvsum, @davidcampbelldc, @deas,
@dgians, @dillweed, @DoGMaTiiC, @donovan-yohan, @draplater, @Drexuxux, @dskwe, @dsr-restyn, @Dusk1e,
@dusterbloom, @duyua9, @egilewski, @el-analista, @eliteworkstation94-ai, @eloklam, @EloquentBrush0x, @emonty,
@emozilla, @erhnysr, @erikengervall, @erosika, @ether-btc, @ethernet8023, @EvilHumphrey, @fabiosiqueira,
@falasi, @falconexe, @fardoche6, @felix-windsor, @Fewmanism, @ffr31mr, @flamiinngo, @flanny7, @flooryyyy,
@fonhal, @francip, @fujinice, @gianfrancopiana, @glennc, @Glucksberg, @godlin-gh, @Grogger, @guillaumemeyer,
@Gutslabs, @H-Ali13381, @hanzckernel, @haran2001, @hawknewton, @hayka-pacha, @hehehe0803, @helix4u, @HenkDz,
@Hermes, @hermesagent26, @Hinotoi-agent, @hongchen1993, @honor2030, @houenyang-momo, @ht1072, @hueilau,
@iamfoz, @ilonagaja509-glitch, @InB4DevOps, @indigokarasu, @Interstellar-code, @iqdoctor, @iRonin, @Jaaneek,
@JabberELF, @jacevys, @jackey8616, @jackjin1997, @jdelmerico, @jfuenmayor, @Jiahui-Gu, @JimLiu, @joe102084,
@JohnC1009, @jonpol01, @Jpalmer95, @Julientalbot, @justemu, @justincc, @jvinals, @karthikeyann, @kasunvinod,
@kchuang1015, @kenyonxu, @khungate, @kiranvk-2011, @kjames2001, @konsisumer, @kpadilha, @kriscolab,
@krislidimo, @kronexoi, @kshitijk4poor, @kunci115, @Kylejeong2, @kylekahraman, @LaPhilosophie, @leeseoki0,
@lemassykoi, @Lempkey, @LeonJS, @LeonSGP43, @lidge-jun, @LifeJiggy, @liuhao1024, @LizerAIDev, @loicnico96,
@loongfay, @m0n3r0, @malaiwah, @matthewlai, @mavrickdeveloper, @maxmilian, @McClean-Edison, @memosr,
@Mind-Dragon, @momowind, @MoonJuhan, @MoonRay305, @moortekweb-art, @MorAlekss, @ms-alan, @Nami4D,
@nehaaprasaad, @nekwo, @nftpoetrist, @NickLarcombe, @nidhi-singh02, @Niraven, @nnnet, @noctilust, @novax635,
@nthrow, @nv-kasikritc, @nycomar, @OCWC22, @oemtalks, @OmX, @ooovenenoso, @orcool, @oseftg, @outsourc-e,
@OutThisLife, @Paperclip, @PaTTeeL, @pepelax, @phoenixshen, @Pluviobyte, @pnascimento9596, @pochi-gio, @pr7426,
@PratikRai0101, @Prithvi1994, @psionic73, @ptichalouf, @Que0x, @QuenVix, @quocanh261997, @qWaitCrypto, @Qwinty,
@r266-tech, @rak135, @rdasilva1016-ui, @rewbs, @roadhero, @rodrigoeqnit, @RonHillDev, @roycepersonalassistant,
@rudi193-cmd, @RyanRana, @sadiksaifi, @samahn0601, @samggggflynn, @SamuelZ12, @sanghyuk-seo-nexcube,
@Saurav0989, @savanne-kham, @Schrotti77, @Schwartz10, @SerenityTn, @sgtworkman, @sharziki, @shaun0927,
@shellybotmoyer, @shunsuke-hikiyama, @SimbaKingjoe, @SimoKiihamaki, @sir-ad, @Slimydog21, @slowtokki0409,
@Soju06, @someaka, @soynchux, @sprmn24, @Stark-X, @steezkelly, @stepanov1975, @stephenschoettler,
@stevehq26-bot, @steveonjava, @Strontvod, @subtract0, @Sunil123135, @superearn-fisher, @Sylw3ster, @tchanee,
@that-ambuj, @thedavidmurray, @TheOnlyMika, @therahul-yo, @thewillhuang, @ticketclosed-wontfix, @Timur00Kh,
@tomqiaozc, @Tosko4, @Tranquil-Flow, @tw2818, @uzunkuyruk, @vaddisrinivas, @vanthinh6886, @vgocoder,
@victorGPT, @vynxevainglory-ai, @waefrebeorn, @walli, @wangpuv, @wanwan2qq, @wesleysimplicio, @worlldz,
@wpengpeng168, @WuKongAI-CMU, @wuli666, @Wysie, @wysie, @xxxigm, @yannsunn, @YanzhongSu, @YarrowQiao, @ygd58,
@YLChen-007, @yoniebans, @yu-xin-c, @YuanHanzhong, @zapabob, @zccyman, @ziliangpeng, @zwolniony, @Zyrixtrex
Full Changelog: v2026.5.16...v2026.5.28

Original source

Hermes Agent v0.14.0 (v2026.5.16)

Release Date: May 16, 2026

Since v0.13.0: 808 commits · 633 merged PRs · 1393 files changed · 165,061 insertions · 545 issues closed (12 P0, 50 P1) · 215 community contributors (including co-authors)

The Foundation Release — Hermes installs and runs anywhere, ships with the things you actually want to use, and stops shipping the things you don't. xAI Grok lands as a SuperGrok OAuth provider with grok-4.3 bumped to a 1M context window. A new OpenAI-compatible local proxy turns any OAuth-authed Hermes provider — Claude Pro, ChatGPT Pro, SuperGrok — into an endpoint that Codex / Aider / Cline / Continue can hit. x_search lands as a first-class X (Twitter) search tool with OAuth-or-API-key auth. The Microsoft Teams stack is wired end-to-end (Graph auth + webhook listener + pipeline runtime + outbound delivery). A debloating wave makes installs dramatically lighter — heavyweight backends now lazy-install on first use, the [all] extras drop everything covered by lazy-deps, and a tiered install falls back when a wheel rejects on your platform. pip install hermes-agent works from PyPI. The cold-start wave shaves ~19 seconds off hermes launch. Browser CDP calls are 180x faster. Two new messaging platforms (LINE + SimpleX Chat) bring the total to 22. Cross-session 1-hour Claude prompt caching, /handoff that actually transfers sessions live, native button UI for clarify on Telegram and Discord, Discord channel history backfill, LSP semantic diagnostics on every write, a unified pluggable video_generate, a computer_use cua-driver backend that finally works with non-Anthropic providers, clickable URLs in any terminal, Zed ACP Registry integration via uvx, native Windows beta, 9 new optional skills, OpenRouter Pareto Code router, huggingface/skills as a trusted default tap. 12 P0 + 50 P1 closures.

✨ Highlights

xAI Grok via SuperGrok OAuth — and grok-4.3 jumps to a 1M context window — If you pay for SuperGrok, you can now use Grok inside Hermes by signing in with your xAI account — no API key, no separate billing. The wire-through also bumps grok-4.3 to a 1M token context window, so you can drop whole codebases or research corpora into a single prompt. Includes proper handling for entitlement errors and an SSH-to-tunnel docs page for when you're SSH'd into a remote box and need to complete the OAuth flow. (#26534, #26664, #26644, #26592)

OpenAI-compatible local proxy for OAuth providers — Run hermes proxy and you get a http://localhost:port endpoint that speaks the OpenAI API but is backed by whichever OAuth provider you're signed into — Claude Pro, ChatGPT Pro, SuperGrok. Now any tool that expects an OpenAI-compatible endpoint (Codex CLI, Aider, Cline, Continue, your custom scripts) just works with your existing subscription, no API key required. One subscription, every tool. (#25969)

x_search — first-class X (Twitter) search tool — The agent can now search X directly without installing a skill or wiring up a custom integration. Search the timeline, find threads, surface specific posts — straight from the chat. Auth with either your X OAuth login or an API key, whichever you have. (#26763)

Microsoft Teams — end-to-end — Hermes can now read messages from Teams and post back. The full Microsoft Graph stack lands together: auth + client foundation, a webhook listener that receives Teams events, a pipeline plugin runtime, and outbound delivery. Wire up the bot once, then chat to your agent from any Teams channel, DM, or group. (salvages of #21408–#21411) (#21922, #21969, #22007, #22024)

Debloating wave — lighter installs, less you don't use — A clean pip install hermes-agent used to pull down everything: every messaging adapter SDK, every image-gen SDK, every voice/TTS provider, whether you used them or not. Now those heavy backends (Slack / Matrix / Feishu / DingTalk adapters, hindsight client, codex app-server, Pixverse / Camofox / image-gen SDKs, voice/TTS providers) install automatically the first time you actually use them. The [all] extras drop everything covered by lazy-deps, the installer falls back through tiers when a wheel doesn't fit your platform, and a supply-chain advisory checker scans every install for unsafe versions. Faster installs, smaller disk footprint, fewer transitive vulnerabilities. (#24220, #24515, #25014, #25038, #25766, #21818)

pip install hermes-agent && hermes — Hermes Agent is now a real PyPI package. No more cloning the repo or running shell installers — one pip command and you're running. The wheel ships with the Ink TUI bundle and the shell launcher, so the full experience comes out of the box. (salvage of #26350) (#26593, #26148)

Cross-session 1h Claude prompt cache — When you use Claude through Anthropic, OpenRouter, or Nous Portal, the prompt prefix (system prompt, skills, memory) now caches for an hour across sessions. Start a /new session and the first response comes back faster and cheaper because the cache is still warm from your last session. Background memory review hits the cache too, so it's not paying full price every turn. (#23828, #25434, #24778)

180x faster browser_console evaluations — When the agent uses the browser tool to inspect a page or run JavaScript, those calls now share one persistent connection to Chrome instead of spinning up a new DevTools session every time. The difference is huge: things that used to take a couple of seconds per call return in milliseconds. Real-world page interactions feel instant. (#23226)

Cold-start performance wave — ~19 seconds off hermes launch — Running hermes used to make you wait through a chunk of import overhead and network calls before you saw a prompt. Now the launch path is mostly deferred: heavy adapters only load when you use them, model catalogs come from disk cache first, doctor checks run in parallel, and chat -q skips the welcome banner entirely. The hermes tools All-Platforms screen alone dropped from 14 seconds to under 1.5 seconds. (#22138, #22120, #22681, #22790, #22808, #22831, #22859, #22904, #22766, #25341)

Two new messaging platforms — LINE + SimpleX Chat — LINE is huge in Japan, Korea, and Taiwan, and now Hermes runs natively on the LINE Messaging API. SimpleX Chat is the privacy-focused decentralized messenger with no user IDs — also wired up as a first-class platform. That brings Hermes to 22 messaging platforms total, so wherever you and your team chat, the agent can be there. (#23197, #26232)

/handoff actually transfers the session live — Switching models or personalities mid-conversation used to mean losing context or starting over. Now /handoff moves your active session — every message, every tool call, every piece of context — to the target model, persona, or profile, live, without dropping anything. Mid-debugging hand off from a fast model to a deep-reasoning one, or pass a session between profiles for different parts of a task. (#23395)

Native button UI for clarify on Telegram and Discord — When the agent uses the clarify tool to ask you a multiple-choice question, it now shows real platform-native buttons on Telegram and Discord instead of asking you to type back the option number. Tap the button, the agent gets your answer. Especially nice on mobile. (#24199, #25485)

Discord channel history backfill (default on) — When Hermes joins a Discord channel or thread for the first time, it now reads the recent message history so it knows what's been said before it responds. No more "what are we talking about?" — the agent has the context that's already on screen for everyone else. (#25984)

vision_analyze returns pixels to vision-capable models — When you point the agent at an image with vision_analyze and the active model can actually see (GPT-5, Claude, Gemini, Grok-vision), Hermes now passes the raw pixels straight to the model instead of converting them to a text description first. You get the model's actual visual reasoning instead of a degraded text-summary round-trip. (#22955)

Per-turn file-mutation verifier footer — After every turn that wrote or edited files, the agent now gets a short footer summarizing exactly what changed on disk — the file paths, the line counts, the actual delta. That means the agent catches its own mistakes when a write didn't land or got silently overwritten, instead of confidently telling you "I added the function" when the file wasn't actually saved. (#24498)

LSP semantic diagnostics on every write — When the agent uses write_file or patch, Hermes now runs a real language server against the edited file and surfaces any new errors back to the agent before the next turn. Type errors, undefined symbols, missing imports — caught immediately. Goes way beyond v0.13.0's basic Python/JSON/YAML/TOML linting because it's actual semantic analysis. (#24168, #25978)

Unified video_generate with pluggable provider backends — One tool, any video model. Hermes ships with the obvious backends already, but you can drop in a new video provider as a plugin without touching core. So when a new video model lands next month, it can be a one-file plugin instead of a fork. (#25126)

computer_use cua-driver backend — works with non-Anthropic models now — Computer-use (the agent controlling your mouse and keyboard to drive GUI apps) used to be locked to Anthropic's SDK. The new cua-driver backend works with non-Anthropic providers too, has proper focus-safe operations, and refreshes itself on hermes update. Now any vision-capable model can drive your desktop. (re-salvage of #16936) (#21967, #24063)

Clickable URLs in any terminal — Links in agent output are now real OSC8 hyperlinks with hover-highlight in any terminal that supports them. Click to open in your browser — no more copy-paste-trim of long URLs from the transcript. Just works in iTerm2, Kitty, Ghostty, modern Windows Terminal, etc. (@OutThisLife) (#25071, #24013)

Zed ACP Registry — uvx install in one click — Hermes is now listed in Zed's Agent Client Protocol registry, so Zed users can install it with one click. The install path uses uvx so there's no npm dependency. hermes acp --setup-browser bootstraps the browser tools for registry-driven installs. (salvage of #25908) (#26079, #26120, #26234)

OpenRouter Pareto Code router with min_coding_score knob — OpenRouter's "Pareto" router automatically picks the cheapest model that meets a minimum quality bar. The new min_coding_score config lets you set that bar for coding tasks specifically — Hermes routes to the most affordable model that's at least that good at code. Stop paying for top-tier models when a mid-tier one would do. (#22838)

NovitaAI as a new model provider — NovitaAI joins the provider lineup, giving you another option for open-source model hosting (Llama, Qwen, DeepSeek, etc.) with their pricing and rate limits. (salvage #7219) (@kshitijk4poor) (#25507)

Codex app-server runtime for OpenAI/Codex models — An optional runtime that drives OpenAI's Codex CLI under the hood when you're using OpenAI or Codex paths. You get session reuse, automatic retirement of wedged sessions, and proper OAuth refresh classification — the kind of plumbing that makes long agentic runs not fall over. (#24182, #25769)

huggingface/skills as a trusted default tap — The community skills index hosted at huggingface.co/skills is now wired into the Skills Hub by default. So when somebody publishes a useful skill there, you can install it from your own hermes skills browser without any extra config. (closes #2549) (#26219)

9 new optional skills — Hyperliquid (perp + spot trading via the SDK and REST API), Yahoo Finance (live market data, fundamentals, historicals), api-testing (REST + GraphQL debug recipes), unified EVM multi-chain (one skill covers Ethereum + L2s + Base), darwinian-evolver (evolutionary prompt/skill tuning), osint-investigation (OSINT recipes for people / domains / orgs), pinggy-tunnel (expose local services to the public internet), watchers (polls RSS / HTTP JSON / GitHub via cron no_agent mode for change detection), and a full Notion overhaul for the May 2026 Developer Platform. (#23582, #23583, #23590, #25299, #26760, #26729, #26765, #21881, #26612)

API server exposes run approval events — If you're driving Hermes programmatically through the HTTP API, long-running runs no longer silently hang when the agent hits an approval-required command. The approval request now surfaces on the API stream so your client can prompt the user and reply — no more silent stalls. (salvage of #20311) (#21899)

Plugins can run any LLM call via ctx.llm + replace built-in tools via tool_override — If you're writing a Hermes plugin, you now get first-class access to make LLM calls through the active provider and credentials — no manual client wiring. The new tool_override flag lets a plugin swap out a built-in tool with its own implementation cleanly. Plugin authors get the same model-routing and auth plumbing the core agent uses. (closes #11049) (#23194, #26759)

Brave Search (free tier) + DuckDuckGo (DDGS) as web-search providers — Two new free web-search backends join Tavily, SearXNG, and Exa. Brave Search has a generous free tier; DDGS is the DuckDuckGo scraper that needs no key at all. Pick whichever fits your budget and rate-limit needs. (#21337)

Sudo brute-force block + 3 dangerous-command bypasses closed + tool-error sanitization — The approval gate now blocks sudo -S brute-force attempts and classifies stdin-fed or askpass-stripped sudo invocations as DANGEROUS. Three known bypasses of dangerous-command detection are closed (inspired by Claude Code's command-detection work). And tool error strings are now sanitized before being re-injected into the model context, so a malicious file or remote service can't pass instructions to your agent through error output. (#23736, #26829, #26823)

/subgoal — user-added criteria appended to an active /goal — When you've got a /goal running (the persistent Ralph-loop goal where the agent keeps going until criteria are met), you can now use /subgoal to layer extra success criteria onto it mid-run. The judge factors your new criteria into the done-or-keep-going decision without restarting the loop. (#25449)

Provider rename — Alibaba Cloud → Qwen Cloud — The Alibaba Cloud provider is renamed to Qwen Cloud in the picker and config to match what the rest of the world calls it. Existing config keys still work — no breaking changes — but the UI matches the actual brand now. (#24835)

Native Windows support (early beta) — Hermes now runs natively on cmd.exe and PowerShell without WSL. A full PowerShell installer handles MinGit auto-install, Microsoft Store python stub detection, and the foreground Ctrl+C dance. There's still rough edges (this is the "early beta" stamp) — ~40 follow-up Windows-only fixes already landed in the window — but the basic loop works end-to-end on a clean Windows box. (#21561)

🪟 Windows — Native Support (Early Beta)

Bootstrap & installer

Native Windows support (early beta) — first-class native Windows path across CLI / gateway / TUI / tools (#21561)

PyPI wheel packaging — pip install hermes-agent && hermes (salvage of #26350) (#26593)

Recognise Shift+Enter as a newline key + Windows docs (salvage #21545) (#22130)

Preserve Ctrl+C for Windows foreground runs (@helix4u) (#22752)

Stop spamming cwd-missing + tirith-spawn warnings on every terminal call (#26618)

Use --extra all not --all-extras; drop lazy-covered extras from [all] (#24515)

Windows-specific fixes (40+ across cli / tools / gateway / curator / TUI)

A long tail of native-Windows fixes shipped alongside the beta — taskkill-based subprocess management, MinGit auto-install, Microsoft Store python stub detection, npm prefix handling, native PTY paths, signal handling differences, foreground process management, ANSI sequence handling, path normalization, file-locking semantics, and many more. Full list in commit log under fix(windows) / feat(windows) / windows.

🚀 Performance Wave

Cold start

Cut ~19s from hermes cold start — skills cache + lazy Feishu + no Nous HTTP at startup (#22138)

Skip eager plugin discovery on known built-in subcommands (#22120)

Cache Nous auth + .env loads — hermes tools All Platforms from 14s to <1.5s (#25341)

Skip welcome banner on chat -q single-query mode (#22904)

Defer heavy google-cloud imports in google_chat to first adapter use (#22681)

Defer QQAdapter and YuanbaoAdapter imports via PEP 562 (#22790)

Defer httpx import in teams to first webhook call (#22831)

Defer fal_client import to first generation request (#22859)

models.dev cache-first lookup, skip network when disk cache is fresh (#22808)

Parallelize API connectivity checks in hermes doctor and disable IMDS (#22766)

Runtime

180x faster browser_console evaluations — route through supervisor's persistent CDP WebSocket (#23226)

Tune Telegram cadence + adaptive fast-path for short replies (salvage of #10388) (#23587)

Accumulate length-continuation prefix via list+join (#26237)

Prompt caching

Cross-session 1h prefix cache for Claude on Anthropic / OpenRouter / Nous Portal (#23828)

Hit prefix cache in background review fork (salvage #17276 + #25427) (#25434)

📦 Installation & Distribution

PyPI + supply-chain

PyPI wheel packaging — pip install hermes-agent && hermes (salvage of #26350) (#26593)

Supply-chain advisory checker + lazy-install framework + tiered install fallback (#24220)

Use --extra all not --all-extras; drop lazy-covered extras from [all] (#24515)

Skip browser download when system chromium exists (@helix4u) (#25317)

Nix

extraDependencyGroups for sealed venv extras (@alt-glitch) (#21817)

Refresh npm lockfile hashes — keeps Nix flake builds reproducible

Docker

Bootstrap auth.json from env on first boot (#21880)

Drop manual @hermes/ink build, rely on esbuild bundle — slimmer image

ACP / Zed

Zed ACP Registry integration (salvage of #25908) (#26079)

Switch to uvx distribution, drop npm launcher (#26120)

hermes acp --setup-browser bootstraps browser tools for registry installs (#26234)

🏗️ Core Agent & Architecture

Sessions & handoff

/handoff actually transfers the session live (#23395)

Expose HERMES_SESSION_ID env var to agent tools (@alt-glitch) (#23847)

Goals (Ralph loop)

/subgoal — user-added criteria appended to active /goal (#25449)

/goal checklist + /subgoal user controls (#23456) — rolled back in window (#23813); /subgoal returned in simpler form via #25449

Compression

Make protect_first_n configurable (#25447)

Verification

Per-turn file-mutation verifier footer (#24498)

Stream retry

Log inner cause, upstream headers, bytes/elapsed on every drop (#23005)

🤖 Models & Providers

New providers

xAI Grok OAuth (SuperGrok Subscription) provider (#26534)

NovitaAI provider (salvage #7219) (@kshitijk4poor) (#25507)

NVIDIA NIM billing origin header (salvage #25211) (#26585)

Provider work

OpenRouter Pareto Code router with min_coding_score knob (#22838)

Optional codex app-server runtime for OpenAI/Codex models (#24182)

Codex-runtime: retire wedged sessions + post-tool watchdog + OAuth refresh classify (#25769)

Codex-runtime: skip unavailable plugins during migration (#25437)

Codex-runtime: de-dup [plugins.X] tables and stop leaking HERMES_HOME into config.toml (#26250) (@kshitijk4poor) (#26260)

Pass reasoning.effort to xAI Responses API (#22807)

Custom provider: prompt and persist explicit api_mode (#25068)

Rename Alibaba Cloud → Qwen Cloud, reorder picker (#24835)

Restore gpt-5.3-codex-spark for ChatGPT Pro (salvage #18286 + #19530, fixes #16172) (@kshitijk4poor) (#22991)

Inject tool-use enforcement for GLM models (#24715)

Use Nous Portal as model metadata authority (@rob-maron) (#24502)

Unified client=hermes-client-v tag on every Portal request (#24779)

Prevent stale Ollama credentials after provider switch (@kshitijk4poor) (#21703)

Auxiliary client: rotate pooled auth after quota failures (salvage #22779) (#22792)

Auxiliary client: skip providers without credentials immediately (#25395) (#25487)

Auth: send Nous refresh token via header (@shannonsands) (#21578)

MiniMax: harden OAuth dashboard and runtime (#24165)

OpenAI-compatible proxy

Local OpenAI-compatible proxy for OAuth providers — Codex / Aider / Cline can hit Claude Pro, ChatGPT Pro, SuperGrok (#25969)

📱 Messaging Platforms (Gateway)

New platforms

LINE Messaging API platform plugin (#23197)

SimpleX Chat platform plugin (salvages #2558) (#26232)

Microsoft Graph foundation

msgraph: add auth and client foundation (salvage of #21408) (#21922)

msgraph: add webhook listener platform (salvage of #21409) (#21969)

teams-pipeline: add plugin runtime and operator cli (salvage of #21410) (#22007)

teams: add pipeline outbound delivery via existing adapter (salvage of #21411) (#22024)

Cross-platform

Per-platform admin/user split for slash commands (salvage of #4443) (#23373)

Forensics on signal handling — non-blocking diag, per-phase timing, stale-unit warning (#23285)

Keep gateway running when platforms fail; add per-platform circuit breaker + /platform (#26600)

Wire clarify tool with inline keyboard buttons on Telegram (#24199)

Add chat_id to hook_ctx for message source tracking (#24710)

Telegram

Native draft streaming via sendMessageDraft (Bot API 9.5+) (salvage of #3412) (#23512)

Stream Telegram edits safely — salvage of #22264 (@kshitijk4poor) (#22518)

Telegram notification mode (salvage #22772) (#22793)

Telegram guest mention mode (@kshitijk4poor) (#22759)

Split-and-deliver oversized edits instead of silent truncation (salvage of #19537) (#23576)

Preserve DM topic routing via reply fallback (salvage #22053) (@kshitijk4poor) (#22410)

Pass source.thread_id explicitly on auto-reset notice (carve-out of #7404) (#23440)

Discord

Render clarify choices as buttons (#25485)

Channel history backfill — default on, broadened scope (#25984)

thread_require_mention for multi-bot threads (salvage #25313) (#25445)

Slack

Support !cmd as alternate prefix for slash commands in threads (#25355)

WhatsApp

Surface quoted reply metadata from Baileys (#25398) (#25489)

Feishu / Google Chat / others

Feishu: native update prompt cards (@kshitijk4poor) (#22448)

Google Chat: repair setup prompt imports (@helix4u) (#22038)

Google Chat: honor relay-declared sender_type (salvage of #22107) (@kshitijk4poor) (#22432)

LINE: use build_source instead of nonexistent create_source (#24717)

Add weixin, and more to gateway docs (salvage of #21063 by @wuwuzhijing)

🖥️ CLI & TUI

CLI

Show YOLO mode warning in banner and status bar (#26238)

Confirm prompt for destructive slash commands (#4069) (#22687)

docker_extra_args + display.timestamps (#23599)

Delegate tool: show user's actual concurrency / spawn-depth limits in description (#22694)

TUI

/sessions slash command for browsing and resuming previous sessions (@austinpickett) (#20805)

Segment turns with rule above non-first user msgs; trim ticker dead space (@OutThisLife) (#21846)

Support attaching to an existing gateway (@OutThisLife) (#21978)

Resolve markdown links to readable page titles (@OutThisLife) (#24013)

Width-aware markdown table rendering with vertical fallback (@alt-glitch) (#26195)

Keep Ink displayCursor in sync with fast-echo writes so cursor stops drifting (@OutThisLife) (#26717)

Allow transcript scroll + Esc during approval/clarify/confirm prompts (@OutThisLife) (#26414)

Preserve session when switching personality (@austinpickett) (#20942)

Skip native safety net on OSC52-capable terminals (@benbarclay) (#20954)

Dashboard / GUI

Route embedded TUI through dashboard gateway (@OutThisLife) (#21979)

Hide token/cost analytics behind config flag (default off) (#25438)

Fix Langfuse observability — trace I/O, tool outputs, placeholder credentials (closes #22342, #22763) (@kshitijk4poor) (#26320)

MiniMax 'Login' button launched Claude OAuth (salvage #22849) (#24058)

Update cron modals (@austinpickett) (#25985)

Analytics: prevent silent token loss and add Claude 4.5–4.7 pricing (@austinpickett) (#21455)

🔧 Tools & Capabilities

Vision & video

vision_analyze returns pixels to vision-capable models (#22955)

Unified video_generate with pluggable provider backends (#25126)

image_gen: actionable setup message when no FAL backend is reachable (#26222)

Computer use

computer_use cua-driver backend + focus-safe ops + non-Anthropic provider fix (re-salvage #16936) (#21967)

Refresh cua-driver on hermes update + add install --upgrade (#24063)

LSP & write-time diagnostics

Semantic diagnostics from real language servers in write_file/patch (#24168)

Shift baseline diagnostics into post-edit coordinates (#25978)

Search & web

Brave Search (free tier) and DDGS search providers (#21337)

Bearer auth header for Tavily /crawl endpoint (#24658)

X (Twitter)

Gated x_search tool with OAuth-or-API-key auth (#26763)

Browser

Route browser_console eval through supervisor's persistent CDP WS (180x faster) (#23226)

Support externally managed Camofox sessions (#24499)

MCP

supports_parallel_tool_calls for MCP servers (salvage of #9944) (#26825)

Codex preset for Codex CLI MCP server (salvage #22663) (#22679)

Stop retrying initial MCP auth failures (#25624) (#25776)

Google Workspace

Drive write ops + Docs/Sheets create/append (#21895)

Per-turn verifier

Per-turn file-mutation verifier footer (#24498)

🧩 Kanban (Multi-Agent)

specify — auxiliary LLM fleshes out triage tasks (#21435)

Orchestrator board tools — kanban_list + kanban_unblock (carve-out of #20568) (#23012)

stranded_in_ready diagnostic for unclaimed tasks (#23578)

Dashboard batch QOL upgrade (salvage of #23240) (#23550)

Tooltips and docs link across dashboard (#21541)

Dedupe notifier delivery via atomic claim + rewind on failure (salvage #22558) (#23401)

Keep notifier subscriptions alive across retry cycles (salvage #21398) (#23423)

Drop caller-controlled author override in kanban_comment (salvage of #22109) (@kshitijk4poor) (#22435)

Sanitize comment author rendering in build_worker_context (#22769)

🧠 Plugins & Extension

Plugin surface

Run any LLM call from inside a plugin via ctx.llm (#23194)

tool_override flag for replacing built-in tools (closes #11049) (#26759)

standalone_sender_fn for out-of-process cron delivery (@kshitijk4poor) (#22461)

HERMES_PLUGINS_DEBUG=1 surfaces plugin discovery logs (#22684)

Hindsight-client as optional dependency (@alt-glitch) (#21818)

Profile & distribution

Shareable profile distributions via git (#20831)

⏰ Cron

Routing intent — deliver=all fans out to every connected channel (#21495)

Support name-based lookup for job operations (#26231)

Blank Cron dashboard tab + partial-record crashes (salvage of #21042 + #22330) (@kshitijk4poor) (#22389)

Do not seed HERMES_SESSION_* contextvars from cron origin (salvage of #22356) (@kshitijk4poor) (#22382)

Scan assembled prompt including skill content for prompt injection (#3968)

🧩 Skills Ecosystem

Skills Hub

hermes-skills/huggingface as a trusted default tap (closes #2549) (#26219)

Show per-skill pages in the left sidebar (#26646)

Richer info panels on the Skills Hub (#22905)

Refuse skill_view name collisions instead of guessing (closes #6136 @polkn)

Curator

Show rename map in user-visible summary (#22910)

Hint at hermes curator pin in the rename block (#23212)

New optional skills

Hyperliquid — perp/spot trading via SDK + REST (salvage of #1952) (#23583)

Yahoo Finance market data (#23590)

api-testing (REST/GraphQL debug, salvages #1800) (#23582)

Unified EVM multi-chain skill (salvages #25291 + #2010 + folds in base/) (#25299)

darwinian-evolver (#26760)

osint-investigation (closes #355) (#26729)

pinggy-tunnel (#26765)

watchers — RSS / HTTP JSON / GitHub polling via cron no-agent (#21881)

Notion overhaul for the Developer Platform (May 2026) (#26612)

🔒 Security & Reliability

Security hardening

Sudo brute-force block + sudo-stdin/askpass DANGEROUS (salvage of #22194 + #21128) (@kshitijk4poor) (#23736)

Drop caller-controlled author override in kanban_comment (salvage of #22109) (@kshitijk4poor) (#22435)

Cover remaining SSRF fetch paths in skills-hub (salvage #22804) (#22843)

Use credential_pool for custom endpoint model listing probes (salvage #22810) (#22842)

Require dashboard auth for plugin API routes (salvage #19541) (#23220)

Sanitize env and redact output in quick commands + remove write-only _pending_messages (#23584)

Reduce unnecessary shell=True in subprocess calls (#25149)

Sanitize Google Chat sender_type from relay (salvage of #22107) (@kshitijk4poor) (#22432)

Supply-chain advisory checker (#24220)

Rewrite security policy around OS-level isolation as the boundary (@jquesnelle) (#20317)

Remove public security advisory page (#24253)

Reliability — notable bug closures

SQLite: fall back to journal_mode=DELETE on NFS/SMB/FUSE (fixes /resume on network mounts) (@kshitijk4poor) (#22043)

Codex-runtime: retire wedged sessions + post-tool watchdog + OAuth refresh classify (#25769)

Codex-runtime: de-dup [plugins.X] tables and stop leaking HERMES_HOME (#26250) (@kshitijk4poor) (#26260)

Daytona: migrate legacy-sandbox lookup to cursor-based list() (#24587)

MCP: stop retrying initial MCP auth failures (#25624) (#25776)

Gateway: enable text-intercept for multi-choice clarify fallback (#25587) (#25778)

Gateway: keep running when platforms fail; per-platform circuit breaker + /platform (#26600)

Delegate: salvage #21933 JSON-string batch + diagnostic logging (@kshitijk4poor) (#22436)

Profiles+banner: exclude infrastructure from --clone-all + fix stale update-check repo resolution (@kshitijk4poor) (#22475)

ACP: inline file attachment resources (salvage #21400 + image support) (#21407)

CI: unblock shared PR checks (@stephenschoettler) (#21012, #25957)

Notable reverts in window

/goal checklist + /subgoal feature stack — rolled back (#23813); /subgoal returned in simpler form via #25449

Scrollback box width clamp (#25975) rolled back to restore full-width borders (#26163)

fix(cli): tolerate unreadable dirs when building systemd PATH rolled back

🌍 i18n

Localize all gateway commands + web dashboard, add 8 new locales (16 total) (#22914)

📚 Documentation

Repair Voice & TTS provider table (@nightcityblade, fixes #24101) (#24138)

Show per-skill pages in the left sidebar (#26646)

Mention Weixin in gateway help and docstrings (salvage of #21063 by @wuwuzhijing)

Richer info panels on the Skills Hub (#22905)

Many more doc updates across providers, platforms, skills, Windows install paths, and dashboard.

🧪 Testing & CI

Unblock shared PR checks (@stephenschoettler) (#21012)

Stabilize shared test state after 21012 (@stephenschoettler) (#25957)

A long tail of test additions for platforms, providers, plugins, and edge cases — 8 explicit test: PRs plus ~250 fix PRs that also added regression coverage.

👥 Contributors

Core

@teknium1 — release lead, architecture, ~406 PRs merged in window

Top community contributors

@kshitijk4poor — 38 PRs · Telegram cadence/streaming/topic routing, security hardening (sudo, SSRF, kanban_comment, dashboard auth), codex-runtime hygiene, NovitaAI provider, profile/banner fixes, Feishu update cards, gateway QOL across the board

@alt-glitch — 13 PRs · Markdown-table TUI rendering, HERMES_SESSION_ID env var, hindsight-client optional dep, Nix extraDependencyGroups

@OutThisLife (Brooklyn Nicholson) — 12 PRs · TUI turn segmentation, attach-to-gateway, markdown link titles, embedded TUI via dashboard gateway, Ink cursor sync, scroll/Esc during prompts

@austinpickett — 8 PRs · /sessions slash command, personality switching preserves session, cron modals, dashboard analytics

@helix4u — 5 PRs · Google Chat setup, browser install skip on system chromium, Windows Ctrl+C preservation

@rob-maron — 4 PRs · Nous Portal as model metadata authority, provider polish

@stephenschoettler — 3 PRs · CI stabilization

@ethernet8023 — 3 PRs · platform/gateway work

All contributors (alphabetical)

@02356abc, @0xbyt4, @0xharryriddle, @1000Delta, @1RB, @29206394, @A-kamal, @aashizpoudel, @Abd0r,
@adybag14-cyber, @AgentArcLab, @ahmedbadr3, @AhmetArif0, @alblez, @Alex-yang00, @ALIYILD, @AllynSheep,
@alt-glitch, @am423, @amathxbt, @amethystani, @ArecaNon, @Arkmusn, @askclaw-vesper, @AsoTora, @austinpickett,
@aydnOktay, @ayushere, @baocin, @Bartok9, @benbarclay, @BennetYrWang, @Bihruze, @binhnt92, @briandevans,
@brooklynnicholson, @btorresgil, @buntingszn, @CalmProton, @chrisworksai, @CoinTheHat, @dandacompany, @Dangooy,
@DanielLSM, @David-0x221Eight, @ddupont808, @dhruv-saxena, @diablozzc, @dlkakbs, @dmahan93, @dmnkhorvath,
@domtriola, @donrhmexe, @Dusk1e, @eloklam, @emozilla, @ephron-ren, @ErenKarakus, @EthanGuo-coder,
@ethernet8023, @evgyur, @explainanalyze, @fahdad, @fr33d3m0n, @Freeman-Consulting, @freqyfreqy, @Frowtek,
@fu576, @github-actions[bot], @gnanirahulnutakki, @GodsBoy, @guglielmofonda, @Gutslabs, @hanzckernel,
@heathley, @hekaru-agent, @helix4u, @HenkDz, @HiddenPuppy, @hllqkb, @hrygo, @HuangYuChuh, @Hugo-SEQUIER, @HxT9,
@iacker, @InB4DevOps, @isaachuangGMICLOUD, @iuyup, @Jaaneek, @jackey8616, @jackjin1997, @Jaggia, @jak983464779,
@jelrod27, @jethac, @JithendraNara, @johnisag, @Julientalbot, @Jwd-gity, @kallidean, @keyuyuan, @kfa-ai,
@kidonng, @KiraKatana, @kjames2001, @konsisumer, @Korkyzer, @kshitijk4poor, @KvnGz, @lars-hagen, @leehack,
@leepoweii, @LeonSGP43, @li0near, @libo1106, @liquidchen, @littlewwwhite, @liuhao1024, @liyoungc, @luandiasrj,
@luoyuctl, @luyao618, @magic524, @mbac, @McClean, @memosr, @Mibayy, @ming1523, @mizgyo, @mrshu, @ms-alan,
@MustafaKara7, @nederev, @nicoechaniz, @nidhi-singh02, @nightcityblade, @nik1t7n, @Ninso112, @NivOO5,
@novax635, @nv-kasikritc, @oferlaor, @oswaldb22, @outdoorsea, @oxngon, @PaTTeeL, @pearjelly, @pefontana,
@perng, @PhilipAD, @phuongvm, @polkn, @Prasanna28Devadiga, @princepal9120, @pty819, @purzbeats, @Quarkex,
@quocanh261997, @qWaitCrypto, @Qwinty, @rahimsais, @raymaylee, @ReqX, @rewbs, @RhombusMaximus, @rob-maron,
@Ruzzgar, @ryptotalent, @Sanjays2402, @shannonsands, @shaun0927, @SiliconID, @silv-mt-holdings, @simpolism,
@smwbev, @soichiyo, @sprmn24, @steezkelly, @stephenschoettler, @Sylw3ster, @szymonclawd, @teyrebaz33,
@Tianyu199509, @Tranquil-Flow, @TreyDong, @TurgutKural, @tw2818, @tymrtn, @uzunkuyruk, @v1b3coder,
@vanthinh6886, @VinceZcrikl, @vKongv, @vominh1919, @voteblake, @VTRiot, @wali-reheman, @wesleysimplicio,
@wilsen0, @WorldWriter, @worlldz, @wuli666, @wuwuzhijing, @Wysie, @XiaoXiao0221, @xieNniu, @xxxigm, @yehuosi,
@ygd58, @yifengingit, @yuga-hashimoto, @zccyman, @ZeterMordio, @Zhekinmaksim, @zhengyn0001

Also: @Nagatha (Claude Opus 4.7).

Full Changelog: v2026.5.7...v2026.5.16

Original source

Hermes Agent v0.13.0 (v2026.5.7)
Release Date: May 7, 2026
Since v0.12.0: 864 commits · 588 merged PRs · 829 files changed · 128,366 insertions · 282 issues closed (13 P0, 36 P1) · 295 community contributors (including co-authors)
The Tenacity Release — Hermes Agent now finishes what it starts. Kanban ships as a durable multi-agent board (heartbeat, reclaim, zombie detection, auto-block on incomplete exit, per-task retries, hallucination recovery). /goal keeps the agent locked on a target across turns (Ralph loop). Checkpoints v2 rewrites state persistence with real pruning. Gateway auto-resumes interrupted sessions after restart. Cron grows a no_agent watchdog mode. A security wave closes 8 P0s — redaction is now ON by default, Discord role-allowlists are guild-scoped, WhatsApp rejects strangers by default, and TOCTOU windows close across auth.json and MCP OAuth. Google Chat becomes the 20th platform. Providers become a pluggable surface. Seven i18n locales ship.
✨ Highlights
Multi-agent Kanban — delegate to an AI team that actually finishes — Spin up a durable board, drop tasks on it, and let multiple Hermes workers pick them up, hand off, and close them out. Heartbeats, reclaim, zombie detection, retry budgets, and a hallucination gate keep the team honest. One install, many kanbans. (#17805, #19653, #20232, #20332, #21330, #21183, #21214)
/goal — the agent doesn't forget what you asked it to do — Lock the agent onto a target and it stays on task across turns. The Ralph loop as a first-class primitive. (#18262, #18275, #21287)
Show it a video — new video_analyze tool for native video understanding on Gemini and compatible multimodal models. (@alt-glitch) (#19301)
Clone a voice — xAI Custom Voices lands as a TTS provider with voice cloning support. (@alt-glitch) (#18776)
Hermes speaks your language — static gateway + CLI messages translate to 7 locales: Chinese, Japanese, German, Spanish, French, Ukrainian, and Turkish. Docs site gains a Chinese (zh-Hans) locale. (#20231, #20329, #20467, #20474, #20430, #20431)
Google Chat — the 20th messaging platform — plus a generic platform-plugin hooks surface so third-party adapters drop in without touching core (IRC and Teams migrated). (#21306, #21331)
Sessions survive restarts — gateway bounces mid-agent, /update restarts, source-file reloads — conversations auto-resume when the gateway comes back. (#21192)
Security wave — 8 P0 closures — redaction ON by default, Discord role-allowlists guild-scoped (CVSS 8.1 cross-guild DM bypass closed), WhatsApp rejects strangers by default, TOCTOU windows closed across auth.json and MCP OAuth, browser enforces cloud-metadata SSRF floor, cron prompt-injection scans assembled skill content, hermes debug share redacts at upload. (#21193, #21241, #21291, #21176, #21194, #21228, #21350, #19318)
Checkpoints v2 — state persistence rewritten. Real pruning, disk guardrails, no more orphan shadow repos. (#20709)
The agent lints its own writes — post-write delta lint on write_file + patch. Python, JSON, YAML, TOML. Syntax errors surface immediately instead of shipping downstream. (#20191)
no_agent cron mode — script-only watchdog — cron jobs can now skip the agent entirely and just run a script. Empty stdout is silent, non-empty gets delivered verbatim. (#19709)
Platform allowlists everywhere — allowed_channels / allowed_chats / allowed_rooms config across Slack, Telegram, Mattermost, Matrix, and DingTalk. (#21251)
Providers are now plugins — ProviderProfile ABC + plugins/model-providers/. Drop in third-party providers without touching core. (#20324)
API server — long-term memory per session — X-Hermes-Session-Key header gives memory providers a stable session identifier. (#20199)
MCP levels up — SSE transport with OAuth forwarding, stale-pipe retries, image results surface as MEDIA tags instead of getting dropped, keepalive on long-lived lifecycle waits. (#21227, #21323, #21289, #21328, #20209)
Curator grows subcommands — hermes curator archive, prune, list-archived. Manual hermes curator run is synchronous now — you see results without polling. (#20200, #21236, #21216)
ACP — /steer and /queue — direct the in-flight agent or queue follow-ups from Zed, VS Code, or JetBrains. Plus atomic session persistence and reasoning-metadata preservation across restarts. (@HenkDz) (#18114, #20279, #20296, #20433)
TUI glow-up — /model picker matches hermes model with inline auth (@austinpickett), collapsible startup banner sections (@kshitijk4poor), context-compression counter in the status bar. (#18117, #20625, #21218)
Dashboard grows up — Plugins page (manage, enable/disable, auth status) (@austinpickett), Profiles management page (@vincez-hms-coder), sortable analytics tables, reverse-proxy support via X-Forwarded-Prefix, new default-large 18px theme. (#18095, #16419, #18192, #21296, #20820)
SearXNG + split web tools — SearXNG ships as a native search-only backend; web tools now let you pick different backends per capability (search vs extract vs browse). (@kshitijk4poor) (#20823, #20061, #20841)
OpenRouter response caching — explicit cache control for models that expose it. (@kshitijk4poor) (#19132)
[[as_document]] — skill media-routing directive — skills can force the gateway to deliver output as a document on platforms that support it. (#21210)
transform_llm_output plugin hook — new lifecycle hook that lets plugins reshape or filter LLM output before it hits the conversation. Useful for context-window reducers and content filters. (#21235)
Nous OAuth persists across profiles — shared token store: sign in once, every profile inherits the session. (#19712)
QQBot — native approval keyboards — feature parity with Telegram / Discord approval UX. Chunked upload, quoted attachments. (#21342, #21353)
6 new optional skills — Shopify (Admin + Storefront GraphQL), here.now, shop-app personal shopping assistant, Anthropic financial-services bundle, kanban-video-orchestrator (@SHL0MS), searxng-search (@kshitijk4poor). (#18116, #18170, #20702, #21180, #19281, #20841)
New models — deepseek/deepseek-v4-pro, x-ai/grok-4.3, openrouter/owl-alpha (free), tencent/hy3-preview (@Contentment003111), Arcee Trinity Large Thinking temperature + compression overrides. (#20495, #20497, #18071, #21077, #20473)
100 fresh CLI startup tips — the random tip banner gets 100 new entries covering cron, kanban, curator, plugins, and lesser-known flags. (#20168)
🧩 Multi-Agent Kanban (Durable)
New — durable multi-profile collaboration board
feat(kanban): durable multi-profile collaboration board — post-revert reimplementation, multi-profile by design (#17805)
Multi-project boards — one install, many kanbans (#19653, #19679)
Share board, workspaces, and worker logs across profiles (#19378)
Hallucination gate + recovery UX for worker-created-card claims (closes #20017) (#20232)
Generic diagnostics engine for task distress signals (#20332)
Per-task max_retries override (supersedes #20972) (#21330)
Multiline textarea for inline-create title (salvage of #20970) (#21243)
Kanban Dashboard
Workspace kind + path inputs in inline create form (#19679)
Per-platform home-channel notification toggles (#19864)
Sharper home-channel toggle contrast + drop → running action (#19916)
Fix: reject direct status transition to 'running' via dashboard API (salvage of #19554) (#19705)
Fix: dashboard board pin authoritative over server current file (#20879) (#21230)
Fix: treat dashboard event-stream cancellation as normal shutdown (#20790) (#21222)
Fix: filter dashboard board by selected tenant (#19817) (#21349)
Fix: code/pre styling theme-immune across all themes (#21086) (#21247)
Fix: reset <code> background inside dashboard board (#20687)
Fix: preserve dashboard completion summaries + add kanban edit (salvages #20016) (#20195)
Fix: avoid fragile failure-column renames (salvage #20848) (@kshitijk4poor) (#20855)
Worker lifecycle + reliability
Heartbeat + reclaim + zombie + retry-cap fixes (#21147, #21141, #21169, #20881) (#21183)
Auto-block workers that exit without completing + shutdown race (#20894) (#21214)
Detect darwin zombie workers (salvages #20023) (#20188)
Unify failure counter across spawn/timeout/crash outcomes (#20410)
Enforce worker task-ownership on destructive tool calls (#19713)
Drop worker identity claim from KANBAN_GUIDANCE (#19427)
Fix: skip dispatch for tasks assigned to non-profile lanes (salvages #20105, #20134) (#20165)
Fix: include default profile in on-disk assignee enumeration (salvages #20123) (#20170)
Fix: ignore stale current board pointers (salvages #20063) (#20183)
Fix: profile discovery ignores HERMES_HOME in custom-root deployments (@jackey8616) (#19020)
Fix: allow orchestrator profiles to see kanban tools via toolsets config (#19606)
Batch salvages
Tier-1 batch — metadata test, max_spawn config, run-id lifecycle guard (salvages #19522 #19556 #19829) (#20440)
Tier-2 batch — doctor, started_at, parent-guard, latest_summary, selects, linked-children (#20448)
Documentation
Backfill multi-board refs in reference docs (#19704)
Document /kanban slash command (#19584)
Document recommended handoff evidence metadata (salvage #19512) (#20415)
Fix orchestrator + worker skill setup instructions (@helix4u) (#20958, #20960)
🎯 Persistent Goals, Checkpoints & Session Durability
/goal — persistent cross-turn goals (Ralph loop)
feat: /goal — persistent cross-turn goals (#18262)
Docs page — Persistent Goals (/goal) (#18275)
Fix: honor configured goal turn budget (salvage #19423) (#21287)
Checkpoints v2
Single-store rewrite with real pruning + disk guardrails (#20709)
Session durability
Auto-resume interrupted sessions after gateway restart (salvage #20888) (#21192)
Preserve pending update prompts across restarts (#20160)
Preserve home-channel thread targets across restart notifications (salvage #18440) (#19271)
Preserve thread routing from cached live session sources (#21206)
Preserve assistant metadata when branching sessions (#18222)
Preserve thread routing for /update progress and prompts (#18193)
Preserve document type when merging queued events (#18215)
🛡️ Security & Reliability
Security hardening (8 P0 closures)
Enable secret redaction by default (#17691, #20785) (#21193)
Discord — scope DISCORD_ALLOWED_ROLES to originating guild (#12136, CVSS 8.1) (#21241)
WhatsApp — reject strangers by default, never respond in self-chat (#8389) (#21291)
MCP OAuth — close TOCTOU window when saving credentials (#21176)
hermes_cli/auth.py — close TOCTOU window in credential writers (#21194)
Browser — enforce cloud-metadata SSRF floor in hybrid routing (#16234) (#21228)
hermes debug share — redact log content at upload time (@GodsBoy) (#19318)
Cron — scan assembled prompt including skill content for prompt injection (#3968) (#21350)
Restore .env/auth.json/state.db with 0600 perms (#19699)
SRI integrity for dashboard plugin scripts (salvage #19389) (#21277)
Bind Meet node server to localhost, restrict token file to owner read (#19597)
Extend sensitive-write target to cover shell RC and credential files (#19282)
Harden YOLO mode env parsing against quoted-bool strings (#18214)
OSV-Scanner CI + Dependabot for github-actions only (#20037)
Reliability — critical bug closures
CLI crash on startup — Invalid key 'c-S-c' (P0, prompt_toolkit doesn't support Shift modifier) (#19895, #19919)
CLOSE_WAIT fd leak audit — httpx keepalive + WhatsApp aiohttp leak + Feishu hygiene (#18451) (#18766)
Gateway creates AIAgent with empty OpenRouter API key when OPENROUTER_API_KEY is missing (#20982) — fallback providers correctly honored
Background review + curator protected from overwriting bundled/hub skills (#20273) (#20194)
TUI compression continuation — ghost sessions with incomplete metadata (#20001)
hermes mcp add silently launches chat instead of registering MCP server (#19785) (#21204)
Background review agent runtime propagation — provider/model/credentials now actually inherit from parent
Inbound document host paths translated to container paths for Docker backend (salvage #19048) (#21184)
Matrix gateway race between auto-redaction and message delivery with high-speed models (#19075)
/new during active agent session never sends response on Telegram (#18912)
📱 Messaging Platforms (Gateway)
New platform
Google Chat — 20th platform + generic env_enablement_fn / cron_deliver_env_var platform-plugin hooks (IRC + Teams migrated) (#21306, #21331)
Cross-platform
allowed_{channels,chats,rooms} whitelist — Slack (salvage #7401), Telegram, Mattermost, Matrix, DingTalk (#21251)
Per-platform gateway_restart_notification flag (#20892)
busy_ack_enabled config — suppress ack messages (#18194)
Auto-delete slash-command system notices after TTL (#18266)
Opt-in cleanup of temporary progress bubbles (#21186)
[[as_document]] directive — skill media routing (salvage #19069) (#21210)
hermes gateway list — cross-profile status (salvage #19129) (#21225)
Auto-resume interrupted sessions after restart (salvage #20888) (#21192)
Atomic restart markers + Windows runtime-lock offset (#17842) (#18179)
Fix: config.yaml wins over .env for agent/display/timezone settings (#18764)
Fix: auto-restart when source files change out from under us (#17648) (#18409)
Fix: use git HEAD SHA for stale-code check, not file mtimes (#19740)
Fix: shutdown + restart hygiene — drain timeout, false-fatal, success log (#18761)
Fix: preserve max_turns after env reload (salvage #19183) (#21240)
Fix: exclude ancestor PIDs from gateway process scan (#19586)
Fix: move quick-command alias dispatch before built-ins (#19588)
Fix: show other profiles in 'gateway status' to prevent confusion (#19582)
Fix: include external_dirs skills in Telegram/Discord slash commands (salvage #8790) (#18741)
Fix: match disabled/optional skills by frontmatter slug, not dir name (#18753)
Fix: read /status token totals from SessionDB (#17158) (#18206)
Fix: snapshot callback generation after agent binds it, not before (#18219)
Fix: re-inject topic-bound skill after /new or /reset (#18205)
Fix: isolate pending native image paths by session (#18202)
Fix: clear queued reload skills notes on new/resume/branch (#19431)
Fix: hide required-arg commands from Telegram menu (#19400)
Fix: bridge top-level require_mention to Telegram config (#19429)
Fix: suppress duplicate voice transcripts (#19428)
Fix: show friendly error when service is not installed (#19707)
Fix: read context_length from custom_providers in session info header (#19708)
Fix: preserve WSL interop PATH in systemd units (#19867)
Fix: handle planned service stops (salvage #19876) (#19936)
Fix: keep DoH-confirmed Telegram IPs that match system DNS (salvage #17043) (#20175)
Fix: load reply_to_mode from config.yaml for Discord + Telegram (salvage #17117) (#20171)
Fix: tolerate malformed HERMES_HUMAN_DELAY_* env vars (salvage #16933) (#20217)
Fix: deterministic thread eviction preserves newest entries (salvage #13639) (#20285)
Fix: don't dead-end setup wizard when only system-scope unit is installed (#20905)
Fix: wait for systemd restart readiness + harden Discord slash-command sync (#20949)
Fix: avoid duplicated Responses history (salvage #18995) (#21185)
Fix: surface bootstrap failures to stderr (salvage #21157) (#21278)
Fix: log agent task failures instead of silently losing usage data (salvage #21159) (#21274)
Fix: log runtime-status write failures with rate-limiting (salvage #21158) (#21285)
Fix: reset-failed before every fallback restart so the gateway can't get stranded (#21371)
Fix: Telegram — preserve thread_id=1 for forum General typing indicator (#21390)
Fix: batch critical fixes — session resume, /new race, HA WebSocket scheme (@kshitijk4poor) (#19182)
Telegram
DM user-managed multi-session topics (salvage of #19185) (#19206)
Discord
Message deletion action (salvage #19052) (#21197)
Fix: allow free_response_channels to override DISCORD_IGNORE_NO_MENTION (#19629)
Slack
Fix: ephemeral slash-command ack, private notice delivery, format_message fixes (@kshitijk4poor) (#18198)
WhatsApp
Fix: load WhatsApp home channel from env overrides (#18190)
Feishu
Operator-configurable bot admission and mention policy (#18208)
Fix: force text mode for markdown tables (salvage of #13723 by @WuTianyi123) (#20275)
Matrix + Email
Fix: /sethome on Matrix and Email now persists across restarts (#18272)
Teams
Docs + feat: sidebar + threading with group-chat fallback (#20042)
Weixin
Fix: deduplicate Weixin messages by content fingerprint (#19742)
QQBot
Port SDK improvements in-tree — chunked upload, approval keyboards, quoted attachments (#21342)
Wire native tool-approval UX via inline keyboards (#21353)
🏗️ Core Agent & Architecture
Provider & Model Support
Pluggable providers
ProviderProfile ABC + plugins/model-providers/ — inference providers are now a pluggable surface (salvage of #14424) (#20324)
list_picker_providers — credential-filtered picker (salvage #13561) (#20298)
Remove /provider alias for /model (#20358)
Shared Hermes dotenv loader across CLI + plugins (salvage #13660) (#20281)
Nous OAuth persisted across profiles via shared token store (#19712)
New models
deepseek/deepseek-v4-pro added to OpenRouter + Nous Portal (#20495)
x-ai/grok-4.3 added to OpenRouter + Nous Portal (#20497)
openrouter/owl-alpha (free tier) added to curated OpenRouter list (#18071)
tencent/hy3-preview paid route on OpenRouter (@Contentment003111) (#21077)
Arcee Trinity Large Thinking — temperature + compression overrides (#20473)
Rename x-ai/grok-4.20-beta to x-ai/grok-4.20 (#19640)
Demote Vercel AI Gateway to bottom of provider picker (#18112)
Provider configuration
OpenRouter — response caching support (@kshitijk4poor) (#19132)
image_gen.model from config.yaml honored (salvage #19376) (#21273)
Fix: honor runtime default model during delegate provider resolution (@johnncenae) (#17587)
Fix: avoid Bedrock credential probe in provider picker (@helix4u) (#18998)
Fix: drop stale env-var override of persisted provider for cron (#19627)
Fix: auxiliary curator api_key/base_url into runtime resolution (#19421)
Agent Loop & Conversation
video_analyze — native video understanding tool (@alt-glitch) (#19301)
Show context compression count in status bar (CLI + TUI) (#21218)
Isolate get_tool_definitions quiet_mode cache + dedup LCM injection (#17335) (#17889)
Fix: warning-first tool-call loop guardrails (#18227)
Fix: break permanent empty-response loop from orphan tool-tail (#21385)
Fix: propagate ContextVars to concurrent tool worker threads (salvage #16660) (#18123)
Fix: surface self-improvement review summaries across CLI, TUI, and gateway (#18073)
Fix: serialize concurrent hermes_tools RPC calls from execute_code (#17894, #17902)
Fix: include system prompt + tool schemas in token estimates for compression (#18265)
Compression
Fix: skip non-string tool content in dedup pass to prevent AttributeError (#19398)
Fix: reset _summary_failure_cooldown_until on session reset (#19622)
Fix: trigger fallback on timeout errors alongside model-unavailable errors (#19665)
Fix: _prune_old_tool_results boundary direction (#19725)
Fix: soften summary prompt for content filters (salvage #19456) (#21302)
Delegate
Fix: inherit parent fallback_chain in _build_child_agent (#19601)
Fix: guard _load_config() against delegation: null in config.yaml (#19662)
Fix: inherit parent api_key when delegation.base_url set without delegation.api_key (#19741)
Fix: expand composite toolsets before intersection (salvage #19455) (#21300)
Fix: correct ACP docs — Claude Code CLI has no --acp flag (salvage #19058) (#21201)
Session & Memory
Hindsight — probe API for update_mode='append' to dedupe across processes (@nicoloboschi) (#20222)
Curator
hermes curator archive and prune subcommands (#20200)
hermes curator list-archived (#20651) (#21236)
Synchronous manual hermes curator run (#20555) (#21216)
Fix: preserve last_report_path in state (#18169)
Fix: rewrite cron job skill refs after consolidation (#18253)
Fix: defer first run + --dry-run preview (#18373) (#18389)
Fix: authoritative absorbed_into on delete + restore cron skill links on rollback (#18671) (#18731)
Fix: prevent false-positive consolidation from substring matching (#19573)
Fix: only mark agent-created for background-review sediment (#19621)
Fix: protect hub skills by frontmatter name (#20194)
🔧 Tool System
File tools
Post-write delta lint on write_file + patch — in-proc linters for Python, JSON, YAML, TOML (#20191)
Cron
no_agent mode — script-only cron jobs (watchdog pattern) (#19709)
context_from chaining docs (salvage #15724) (#20394)
Fix: treat non-dict origin as missing instead of crashing tick (#19283)
Fix: bump skill usage when cron jobs load skills (#19433)
Fix: recover null next_run_at jobs (#19576)
Fix: skip AI call when prerun script produces no output (#19628)
Fix: expand config.yaml refs during job execution (#19872)
Fix: serialize get_due_jobs writes to prevent parallel state corruption (#19874)
Fix: initialize MCP servers before constructing the cron AIAgent (#21354)
MCP
SSE transport support (salvage #19135) (#21227)
Forward OAuth auth + bump sse_read_timeout on SSE transport (#21323)
Retry stale pipe transport failures as session-expired (#21289)
Surface image tool results as MEDIA tags instead of dropping them (#21328)
Periodic keepalive to wait_for_lifecycle_event (salvage #17016) (#20209)
Fix: reconnect on terminated sessions (#19380)
Fix: decouple AnyUrl import from mcp dependency (#19695)
Fix: mcp add --command gets distinct argparse dest (#21204)
Fix: clear stale thread interrupt before MCP discovery (#21276)
Fix: report configured timeout in MCP call errors (#21281)
Fix: include exception type in error messages when str(exc) is empty (salvage #19425) (#21292)
Fix: re-raise CancelledError explicitly in MCPServerTask.run (#21318)
Fix: coerce numeric tool args defensively in mcp_serve (#21329)
Fix: gate utility stubs on server-advertised capabilities (#21347)
Browser
Fix: allow explicit CDP override without local agent-browser (#19670)
Fix: inject --no-sandbox for root + AppArmor userns restrictions (#19747)
Fix: tighten Lightpanda fallback edge cases (@kshitijk4poor) (#20672)
Web tools
Per-capability backend selection — search/extract split (@kshitijk4poor) (#20061)
SearXNG native search-only backend (@kshitijk4poor) (#20823)
Approval / Tool gating
Fix: wake blocked gateway approvals on session cleanup (#18171)
Fix: harden YOLO mode env parsing against quoted-bool strings (#18214)
Fix: extend sensitive write target to cover shell RC and credential files (#19282)
🔌 Plugin System
transform_llm_output plugin hook (salvage of #20813) (#21235)
Document env_enablement_fn + cron_deliver_env_var platform-plugin hooks (#21331)
Pluggable surfaces coverage — model-provider guide, full plugin map, opt-in fix (#20749)
Plugin-authoring gaps — image-gen provider guide + publishing a skill tap (#20800)
🧩 Skills Ecosystem
New optional skills
Shopify — Admin + Storefront GraphQL optional skill (#18116)
here.now — optional skill (#18170)
shop-app — personal shopping assistant (optional) (#20702)
Anthropic financial-services bundle — ported as optional finance skills (#21180)
kanban-video-orchestrator — creative optional skill (@SHL0MS) (#19281)
searxng-search — optional skill + Web Search + Extract docs page (@kshitijk4poor) (#20841, #20844)
Skill UX
Linear skill — add Documents support + Python helper script (#20752)
Modernize Obsidian skill to use file tools (salvage #19332) (#20413)
Default custom tool creation to plugins (@kshitijk4poor) (#19755)
skill_commands cache — rescan on platform scope changes (salvage #14570 by @LeonSGP43) (#18739)
Skills — additional rescan paths in skill_commands cache (salvage #19042) (#21181)
Fix: regression tests for non-dict metadata in extract_skill_conditions (#18213)
Docs: explain restoring bundled skills (salvage #19254) (#20404)
Docs: document hermes skills reset subcommand (salvage #11544) (#20395)
Docs: himalaya v1.2.0 folder.aliases syntax (#19882)
Point agent at hermes-agent skill + docs site sync (#20390)
🖥️ CLI & User Experience
CLI
/new accepts optional session name argument (salvage of #19555) (#19637)
100 new CLI startup tips (#20168)
display.language — static message translation (zh/ja/de/es) (#20231)
French (fr) locale (@Foolafroos) (#20329)
Ukrainian (uk) locale (#20467)
Turkish (tr) locale (#20474)
Fix: recover classic CLI output after resize (@helix4u) (#20444)
Fix: complete absolute paths as paths (@helix4u) (#19930)
Fix: resolve lazy session creation regressions (#18370 fallout) (@alt-glitch) (#20363)
Fix: local backend CLI always uses launch directory (@alt-glitch) (#19334)
Refactor: drop dead c-S-c key binding (follow-up to #19895) (#19919)
TUI (Ink)
/model picker overhaul to match hermes model with inline auth (@austinpickett) (#18117)
Collapsible sections in startup banner — skills, system prompt, MCP (@kshitijk4poor) (#20625)
Show context compression count in status bar (#21218)
Perf: reduce overlay render churn with focused selectors (@OutThisLife) (#20393)
Fix: restore voice push-to-talk parity (salvage of #16189 by @Montbra) (@OutThisLife) (#20897)
Fix: kanban button (@austinpickett) (#18358)
Dashboard
Plugins page — manage, enable/disable, auth status (@austinpickett) (#18095)
Profiles management page (@vincez-hms-coder) (#16419)
Interactive column sorting in analytics tables (#18192)
default-large built-in theme with 18px base size (#20820)
Support serving under URL prefix via X-Forwarded-Prefix (salvage #19450) (#21296)
Launch dashboard as side-process via HERMES_DASHBOARD=1 in Docker (@benbarclay) (#19540)
Fix: dashboard theme layout shift (@AllardQuek) (#17232)
Fix: gateway model picker current context (@helix4u) (#20513)
Update + setup
hermes update --yes/-y to skip interactive prompts (#18261)
Restart manual profile gateways after update (#18178)
Profiles
--no-skills flag for empty profile creation (#20986)
🎵 Voice, Image & Media
xAI Custom Voices — voice cloning (@alt-glitch) (#18776)
Achievements — share card render on unlocked badges (#19657)
Refresh systemd unit on gateway boot (not just start/restart) (@alt-glitch) (#19684)
🔗 API Server & Remote Access
X-Hermes-Session-Key header for long-term memory scoping (closes #20060) (#20199)
🧰 ACP Adapter (VS Code / Zed / JetBrains)
/steer and /queue slash commands (@HenkDz) (#18114)
Fix: translate Windows cwd for WSL sessions (salvage #18128) (#18233)
Fix: run /steer as a regular prompt on idle sessions (#18258)
Fix: route Zed thoughts to reasoning + polish tool/context rendering (#19139)
Fix: atomic session persistence via replace_messages (salvage #13675) (#20279)
Fix: preserve assistant reasoning metadata in session persistence (salvage #13575) (#20296)
Docs: update VS Code setup for ACP Client extension (salvage #12495) (#20433)
🐳 Docker
Launch dashboard as side-process via HERMES_DASHBOARD=1 (@benbarclay) (#19540)
Refuse root gateway runs in official image (salvage #19215) (#21250)
Chown runtime node_modules trees to hermes user (salvage #19303) (#21267)
Fix: exclude compose/profile runtime state from build context (#19626)
CI: don't cancel overlapping builds, guard :latest (@ethernet8023) (#20890)
Test: align Dockerfile contract tests with simplified TUI flow (salvage #19024) (#21174)
Docs: connect to local inference servers (vLLM, Ollama) (salvage #12335) (#20407)
Docs: document API_SERVER* env vars (salvage #11758) (#20409)
Docs: clarify Docker terminal backend is a single persistent container (#20003)
🐛 Notable Bug Fixes
Agent
Fix: recover lazy session creation regressions (#18370 fallout) (@alt-glitch) (#20363)
Fix: propagate ContextVars to concurrent tool worker threads (salvage #16660) (#18123)
Fix: warning-first tool-call loop guardrails (#18227)
Fix: surface self-improvement review summaries across CLI, TUI, and gateway (#18073)
Gateway streaming
Fix: harden StreamingConfig bool and numeric coercion (@simbam99) (#16463)
Model
Fix: avoid Bedrock credential probe in provider picker (@helix4u) (#18998)
Doctor
Fix: check global agent-browser when local install not found (#19671)
Test: kimi-coding-cn provider validation regression (#19734)
Update
Fix: patch isatty on real streams to fix xdist-flaky --yes tests (salvage #19026) (#21175)
Fix: teach restart-mocks about the post-update survivor sweep (salvage #19031) (#21177)
Auth
Fix: acp preserve assistant reasoning metadata (#20296)
Redact
Fix: add code_file param to skip false-positive ENV/JSON patterns (#19715)
Email
Fix: quoted-relative file-drop paths + Date header on tool email path (#19646)
🧪 Testing
ACP — accept prompt persistence kwargs in MCP E2E mocks (@stephenschoettler) (#18047)
Toolsets — include kanban in expected post-#17805 toolset assertions (@briandevans) (#18122)
Agent — cover max-iterations summary message sanitization (#19580)
run_agent — -inf and nan regression coverage for _coerce_number (#19703)
📚 Documentation
Major docs additions
llms.txt + llms-full.txt — agent-friendly ingestion (#18276)
User Stories and Use Cases collage page (#18282)
Persistent Goals (/goal) feature page (#18275)
Windows (WSL2) guide expansion — filesystem, networking, services, pitfalls (#20748)
Chinese (zh-CN) README translation (salvage #13508) (#20431)
zh-Hans Docusaurus locale + Tool Gateway / image-gen / WSL quickstart translations (salvage #11728) (#20430)
Tool Gateway docs restructure — lead with what it does, config moved to bottom (#20827)
Quickstart — Onchain AI Garage Hermes tutorials playlist (#20192)
Open WebUI bootstrap script (salvage #9566) (#20427)
Local Ollama setup guide (salvage #5842) (#20426)
Google Gemini guide (salvage #17450) (#20401)
Custom model aliases for /model command (#20475)
Together/Groq/Perplexity cookbook via custom_providers (salvage #15214) (#20400)
Doubao speech integration examples (TTS + STT) (salvage #18065) (#20418)
WSL-to-Windows Chrome MCP bridge (salvage #8313) (#20428)
Hermes skills docs sync — slash commands + durable-systems section (#20390)
AGENTS.md — curator/cron/delegation/toolsets + fix plugin tree (#20226)
Bedrock quickstart entry + fallback comment + deployment link (salvage #11093) (#20397)
Docs polish
Collapse exploding skills tree to a single Skills node (#18259)
Clarify session_search auxiliary model docs (#19593)
Open WebUI Quick Setup gap fill (#19654)
Default custom tool creation to plugins (@kshitijk4poor) (#19755)
Clarify Telegram group chat troubleshooting (salvage #18672) (#20416)
Codex OAuth auth prerequisite clarification (salvage #18688) (#20417)
Discord Server Members Intent + SSRC-mapping drift + /voice join slash Choice (salvage #11350) (#20411)
Document ctx.dispatch_tool() (salvage #10955) (#20391)
Document hermes webhook subscribe --deliver-only (salvage #12612) (#20392)
Document hermes import reference (salvage #14711) (#20396)
Document per-provider TTS max_text_length caps (salvage #13825) (#20389)
Clarify supported prompt customization surfaces (salvage #19987) (#20383)
Correct web_extract summarizer timeout comment (salvage #20051) (#20381)
Fix fallback provider config paths (salvage #20033) (#20382)
Fix misleading RL install-extras claim (salvage #19080) (#21213)
Clarify API server tool execution locality (salvage #19117) (#21223)
Prefer .venv to match AGENTS.md and scripts/run_tests.sh (@xxxigm) (#21334)
Align tool discovery + test runner with AGENTS.md (@xxxigm) (#20791)
Align terminal-backend count and naming across docs and code (salvage #19044) (#20402)
Refresh stale platform counts (salvage #19053) (#20403)
👥 Contributors
Core
@teknium1 — salvage, triage, review, feature work, and release management
Top Community Contributors
@kshitijk4poor (21 PRs) — SearXNG native search backend, per-capability backend selection, collapsible TUI startup banner, Slack ephemeral ack + format fixes, Lightpanda fallback hardening, searxng-search optional skill + Web Search + Extract docs, default custom tool creation to plugins, kanban failure-column fix
@alt-glitch (13 PRs) — video_analyze tool, xAI Custom Voices (voice cloning), local-backend CLI launch-directory fix, lazy-session creation regression recovery, systemd unit refresh on gateway boot
@OutThisLife (9 PRs) — TUI perf — overlay render churn reduction, voice push-to-talk parity restoration (salvaging @Montbra)
@helix4u (6 PRs) — Classic CLI output recovery after resize, absolute-path TUI completion, gateway model picker current-context fix, Bedrock credential probe avoidance, kanban docs fixes
@ethernet8023 (3 PRs) — Docker CI — don't cancel overlapping builds, :latest guard
@benbarclay (3 PRs) — Docker — launch dashboard as side-process via HERMES_DASHBOARD=1
@austinpickett (3 PRs) — Dashboard Plugins page, TUI /model picker overhaul with inline auth, kanban button fix
@sprmn24 (2 PRs) — Contributor (2 PRs)
@asheriif (2 PRs) — Contributor (2 PRs)
@xxxigm (2 PRs) — Contributing docs — .venv preference and test runner alignment with AGENTS.md
@stephenschoettler (1 PR) — ACP — MCP E2E mock kwargs
@vincez-hms-coder (1 PR) — Dashboard — Profiles management page
@cdanis (1 PR) — Contributor
@briandevans (1 PR) — Toolsets test — kanban assertions post-#17805
@heyitsaamir (1 PR) — Contributor
All Contributors
Thanks to everyone who contributed to v0.13.0 — commits, co-authored work, and salvaged PRs. 295 contributors in one week.
@0oAstro, @0xDevNinja, @0xharryriddle, @0xKingBack, @0xsir0000, @0xyg3n, @0z1-ghb, @abhinav11082001-stack,
@acc001k, @acesjohnny, @adamludwin, @adybag14-cyber, @agentlinker, @agilejava, @ai-ag2026, @AJV20,
@alanxchen85, @albert748, @AllardQuek, @alt-glitch, @altmazza0-star, @ambition0802, @amitgaur, @amroessam,
@andrewhosf, @Asce66, @asheriif, @ashermorse, @asimons81, @Aslaaen, @Asunfly, @atongrun, @austinpickett,
@banditburai, @barteqpl, @Bartok9, @Beandon13, @beardthelion, @beibi9966, @benbarclay, @binhnt92, @bjianhang,
@BlackJulySnow, @bobashopcashier, @bogerman1, @Bongulielmi, @Brecht-H, @briandevans, @brooklynnicholson,
@c3115644151, @camaragon, @CashWilliams, @CCClelo, @cdanis, @CES4751, @cg2aigc, @changchun989, @ChanlerDev,
@CharlieKerfoot, @chengoak, @chenyunbo411, @chinadbo, @cirwel, @cixuuz, @cmcgrabby-hue, @colorcross,
@Contentment003111, @CoreyNoDream, @counterposition, @curiouscleo, @DaniuXie, @deep-name, @dengtaoyuan450-a11y,
@discodirector, @donramon77, @dpaluy, @ee-blog, @ehz0ah, @el-analista, @elmatadorgh, @EmelyanenkoK,
@Emidomenge, @emozilla, @Es1la, @EthanGuo-coder, @etherman-os, @ethernet8023, @EvilDrag0n, @exxmen, @Fearvox,
@Feranmi10, @firefly, @flobo3, @fmercurio, @Foolafroos, @formulahendry, @franksong2702, @ggnnggez, @GinWU05,
@giwaov, @glesperance, @gnanirahulnutakki, @GodsBoy, @Gosuj, @Grey0202, @guillaumemeyer, @Gutslabs, @h0tp-ftw,
@haidao1919, @halmisen, @happy5318, @hedirman, @helix4u, @hendrixfreire, @HenkDz, @hex-clawd, @heyitsaamir,
@hharry11, @Hinotoi-agent, @holynn-q, @hrkzogw, @Hypn0sis, @Hypnus-Yuan, @ideathinklab01-source, @IMHaoyan,
@Interstellar-code, @ishardo, @jacdevos, @jackey8616, @JanCong, @jasonoutland, @jatingodnani, @JayGwod,
@jethac, @JezzaHehn, @JiaDe-Wu, @jjjojoj, @jkausel-ai, @John-tip, @johnncenae, @jrusso1020, @jslizar,
@JTroyerOvermatch, @julysir, @Junass1, @JustinUssuri, @Kailigithub, @keepcalmqqf, @kiala9, @konsisumer,
@kowenhaoai, @Krionex, @kshitijk4poor, @kyan12, @leavrcn, @leon7609, @LeonSGP43, @leprincep35700, @lhysdl,
@likejudy, @lisanhu, @liu-collab, @liuguangyong93, @liuhao1024, @LucianoSP, @luoyuctl, @luyao618, @M3RCUR2Y,
@maciekczech, @Magicray1217, @Magicray1217, @MaHaoHao-ch, @malaiwah, @manateelazycat, @masonjames, @megastary,
@memosr, @MichaelWDanko, @mikeyobrien, @millerc79, @Mind-Dragon, @mioimotoai-lgtm, @misery-hl, @molvikar,
@momowind, @Montbra, @MottledShadow, @mrbob-git, @mrcharlesiv, @mrcoferland, @ms-alan, @mwnickerson,
@nazirulhafiy, @nftpoetrist, @nicoloboschi, @nightq, @nikolay-bratanov, @NikolayGusev-astra, @nocturnum91,
@noOne-list, @nouseman666, @novax635, @npmisantosh, @nudiltoys-cmyk, @olisikh, @oluwadareab12, @Oxidane-bot,
@pama0227, @pander, @pasevin, @paul-tian, @pdonizete, @perlowja, @pingchesu, @PratikRai0101, @priveperfumes,
@probepark, @QifengKuang, @quocanh261997, @qWaitCrypto, @qxxaa, @r266-tech, @rames-jusso, @revaraver,
@Ricardo-M-L, @rob-maron, @Roy-oss1, @rxdxxxx, @SandroHub013, @Sanjays2402, @Sertug17, @shashwatgokhe,
@shellybotmoyer, @SHL0MS, @SimbaKingjoe, @simbam99, @simplenamebox-ops, @socrates1024, @sonic-netizen,
@sprmn24, @steezkelly, @stephen0110, @stephenschoettler, @stevenchanin, @stevenchouai, @stormhierta,
@subtract0, @suncokret12, @swithek, @taeng0204, @TakeshiSawaguchi, @tangyuanjc, @TheEpTic, @thelumiereguy,
@Tkander1715, @tmdgusya, @Tranquil-Flow, @TruaShamu, @UgwujaGeorge, @valda, @vincez-hms-coder, @VinVC,
@vominh1919, @wabrent, @WadydX, @wanazhar, @WanderWang, @warabe1122, @web-dev0521, @WideLee, @willy-scr,
@wmagev, @WuTianyi123, @wxst, @wysie, @Wysie, @xsfX20, @xxxigm, @xyiy001, @YanzhongSu, @ygd58, @Yoimex,
@yuehei, @Yukipukii1, @yuqianma, @YX234, @zeejaytan, @zhanggttry, @zhao0112, @zng8418, @zons-zhaozhy, @Zyproth
Full Changelog: v2026.4.30...v2026.5.7

Original source

Hermes Agent v0.12.0 (v2026.4.30)

Release Date: April 30, 2026

Since v0.11.0: 1,096 commits · 550 merged PRs · 1,270 files changed · 217,776 insertions · 213 community contributors (including co-authors)

The Curator release — Hermes Agent now maintains itself. An autonomous background Curator grades, prunes, and consolidates your skill library on its own schedule. The self-improvement loop that reviews what to save got a substantial upgrade. Four new inference providers, a 18th messaging platform, a 19th via Teams plugin, native Spotify + Google Meet integrations, ComfyUI and TouchDesigner-MCP moved from optional to bundled-by-default, and a ~57% cut to visible TUI cold start.

✨ Highlights

• Autonomous Curator — hermes curator runs as a background agent on the gateway's cron ticker (7-day cycle default). It grades your skill library, consolidates related skills, prunes dead ones, and writes per-run reports to logs/curator/run.json + REPORT.md. Archived skills are classified consolidated-vs-pruned via model + heuristic. Defense-in-depth gates protect bundled/hub skills from mutation. Unified under auxiliary.curator — pick the curator's model in hermes model, manage it from the dashboard. hermes curator status ranks skills by usage (most-used / least-used). (#17277, #17307, #17941, #17868, #18033)
• Self-improvement loop — substantially upgraded — The background review fork (the core of Hermes' self-improvement: after each turn it decides what memories/skills to save or update) is now class-first (rubric-based rather than free-form), active-update biased (prefers the skill the agent just loaded), handles references//templates/ sub-files, and properly inherits the parent's live runtime (provider, model, credentials actually propagate). Restricted to memory + skills toolsets so it can't sprawl. Memory providers shut down cleanly. Prior-turn tool messages excluded from the summary so the fork sees a clean context. (#16026, #17213, #16099, #16569, #16204, #15057)
• Skill integrations — major expansion — ComfyUI v5 with official CLI + REST + hardware-gated local install, moved from optional to built-in by default (#17610, #17631, #17734). TouchDesigner-MCP bundled by default, expanded with GLSL, post-FX, audio, geometry, and 9 new reference docs (#16753, #16624, #16768 — @kshitijk4poor + @SHL0MS). Humanizer skill ports a text-cleaner that strips AI-isms (#16787). claude-design HTML artifact skill + design-md (Google DESIGN.md spec) + airtable salvage + skill_manage edits in external_dirs + direct-URL skill install + /reload-skills slash command. (#16358, #14876, #16291, #17512, #16323, #17744)
• LM Studio — first-class provider — upgraded from a custom-endpoint alias to a full-blown native provider: dedicated auth, hermes doctor checks, reasoning transport, live /models listing. (Salvage of @kshitijk4poor's #17061.) (#17102)
• Four more new inference providers — GMI Cloud (first-class, salvage of #11955 — @isaachuangGMICLOUD), Azure AI Foundry with auto-detection, MiniMax OAuth with PKCE browser flow (salvage #15203), Tencent Tokenhub (salvage of #16860). (#16663, #15845, #17524, #16960)
• Pluggable gateway platforms + Microsoft Teams — the gateway is now a plugin host. Drop-in messaging adapters live outside the core, and Microsoft Teams is the first plugin-shipped platform. (Salvage of #17664.) (#17751, #17828)
• Tencent 元宝 (Yuanbao) — 18th messaging platform — native gateway adapter with text + media delivery. (#16298, #17424)
• Spotify — native tools + bundled skill + wizard — 7 tools (play, search, queue, playlists, devices) behind PKCE OAuth, interactive setup wizard, bundled skill, surfacing in hermes tools, cron usage documented. (#15121, #15130, #15154, #15180)
• Google Meet plugin — join calls, transcribe, speak, follow up. Realtime OpenAI transport + Node bot server, full pipeline bundled as a plugin. (#16364)
• hermes -z one-shot mode + hermes update --check — non-interactive hermes -z <prompt> with --model/--provider/HERMES_INFERENCE_MODEL. hermes update --check preflight. Opt-in pre-update HERMES_HOME backup. (#15702, #15704, #15841, #16539, #16566)
• Models dashboard tab + in-browser model config — rich per-model analytics, switch main + auxiliary models from the dashboard. (#17745, #17802)
• Remote model catalog manifest — OpenRouter + Nous Portal model catalogs are now pulled from a remote manifest so new models show up without a release. (#16033)
• Native multimodal image routing — images now route based on the model's actual vision capability rather than provider defaults. (#16506)
• Gateway media parity — native multi-image sending across Telegram, Discord, Slack, Mattermost, Email, and Signal; centralized audio routing with FLAC support + Telegram document fallback. (#17909, #17833)
• TUI catches up to (and past) the classic CLI — LaTeX rendering (@austinpickett), /reload .env hot-reload, pluggable busy-indicator styles (@OutThisLife, #13610), opt-in auto-resume of last session, expanded light-terminal auto-detection, session delete from /resume picker with d, modified mouse-wheel line scroll, and a /mouse toggle that kills ConPTY's phantom mouse injection (@kevin-ho). (#17175, #17286, #17150, #17130, #17113, #17668, #17669, #15488)
• Observability + achievements plugins — bundled Langfuse observability plugin (salvage #16845) + bundled hermes-achievements plugin that scans full session history. (#16917, #17754)
• TTS provider registry + Piper local TTS — pluggable tts.providers.<name> registry; Piper ships as a native local TTS provider. (Closes #8508.) (#17843, #17885)
• Vercel Sandbox backend — Vercel sandboxes as an execute_code/terminal backend (@kshitijk4poor). (#17445)
• Secret redaction off by default — default flipped to off. Prevents the long-standing patch-corruption incidents where fake secret-shaped substrings mangled tool outputs. Opt in via redaction.enabled: true when you need it. (#16794)
• Cold-start performance — visible TUI cold start cut ~57% via lazy agent init (@OutThisLife), lazy imports of OpenAI / Anthropic / Firecrawl / account_usage, mtime-cached load_config(), memoized get_tool_definitions() with TTL-cached check_fn results, precompiled dangerous-command patterns. (#17190, #17046, #17041, #17098, #17206)
• Configurable prompt cache TTL — prompt_caching.cache_ttl (5m default, 1h opt-in — cost savings for bursty sessions that keep cache warm). Salvage of #12659. (#15065)

🧠 Autonomous Curator & Self-Improvement Loop

Curator — autonomous skill maintenance

• hermes curator as a background agent — runs on the gateway's cron ticker, 7-day cycle by default, umbrella-first prompt, inherits parent config, unbounded iterations (#17277 — issue #7816)
• Per-run reports — logs/curator/run.json + REPORT.md per cycle (#17307)
• Consolidated vs pruned classification — archived skills split with model + heuristic (#17941)
• hermes curator status — ranks skills by usage, shows most-used and least-used (#18033)
• Unified under auxiliary.curator — pick the model in hermes model, configure from the dashboard (#17868)
• Documentation — dedicated curator feature page on the docs site (#17563)
• Fix: seed defaults on update, create logs/curator/ directory, defer fire import (#17927)
• Fix: scan nested archive subdirs in restore_skill (@0xDevNinja) (#17951)
• Fix: use actual skill activity in curator status (@y0shua1ee) (#17953)
• Fix: skill_manage refuses writes on pinned skills; pinning now blocks curator writes (#17562, #17578)
• Fix: bump_use() wired into skill invocation + preload + skill_view (salvage #17782) (#17932)

Self-improvement loop (background review fork)

• Class-first skill-review prompt — rubric-based grading rather than free-form "should this update" (#16026)
• Active-update bias — prefers updating skills the agent just loaded, handles references/ + templates/ sub-files (#17213)
• Fork inherits parent's live runtime — provider, model, credentials actually propagate now (#16099)
• Scoped toolsets — review fork restricted to memory + skills (no shell, no web) (#16569)
• Clean shutdown — background review memory providers exit properly (salvage #15289) (#16204)
• Clean context — prior-history tool messages excluded from review summary (salvage #14967) (#15057)

🧩 Skills Ecosystem

Skill integrations — newly bundled or promoted

• ComfyUI v5 — official CLI + REST + hardware-gated local install; moved from optional to built-in (#17610, #17631, #17734, #17612)
• TouchDesigner-MCP — bundled by default (#16753 — @kshitijk4poor), expanded with GLSL, post-FX, audio, geometry references (#16624), 9 new reference docs (#16768 — @SHL0MS)
• Humanizer — strips AI-isms from text (#16787)
• claude-design — HTML artifact skill with disambiguation from other design skills (#16358)
• design-md — Google's DESIGN.md spec skill (#14876)
• airtable — salvaged skill + skill API keys wired into .env (#15838) (#16291)
• pretext — creative browser demos with @chenglou/pretext (#17259)
• spike + sketch — throwaway experiments + HTML mockups, adapted from gsd-build (#17421)

Skills UX

• Install skills from a direct HTTP(S) URL — hermes skills install <url> (#16323)
• /reload-skills slash command (salvage #17670) (#17744)
• hermes skills list shows enabled/disabled status (#16129)
• skill_manage refuses writes on pinned skills (#17562)
• skill_manage edits external_dirs skills in place (salvage #9966) (#17512, #17289)
• Fix: inline-shell rendering in skill_view (#15376)
• Fix: exclude .archive/ from skill index walk (salvage #17639) (#17931)
• Fix: dedicated docs page per bundled + optional skill (#14929)
• Fix: google-workspace shared HERMES_HOME helper + ship deps as optional extra (#15405)
• Fix: auto-wrap ASCII-art code blocks in generated skill pages (#16497)
• Point agent at hermes-agent skill + docs site for Hermes questions (#16535)

🏗️ Core Agent & Architecture

Provider & Model Support

New providers

• GMI Cloud — first-class API-key provider on par with Arcee/Kilocode/Xiaomi (salvage of #11955 — @isaachuangGMICLOUD) (#16663)
• Azure AI Foundry — auto-detection, full wiring (#15845)
• LM Studio — upgraded from custom-endpoint alias to first-class provider: dedicated auth, doctor checks, reasoning transport, live /models (salvage of #17061 — @kshitijk4poor) (#17102)
• MiniMax OAuth — PKCE browser flow with full OAuth integration (salvage #15203) (#17524)
• Tencent Tokenhub — new provider (salvage of #16860) (#16960)

Model catalog

• Remote model catalog manifest — OpenRouter + Nous Portal catalogs pulled from remote manifest so new models show up without a release (#16033)
• openai/gpt-5.5 and gpt-5.5-pro added to OpenRouter + Nous Portal (#15343)
• deepseek-v4-pro and deepseek-v4-flash added (#14934)
• qwen3.6-plus added to Alibaba-supported models (#16896)
• Gemini free-tier keys blocked at setup with 429 guidance surfacing (#15100)

Model configuration

• Configurable prompt_caching.cache_ttl — 5m default, 1h opt-in (salvage #12659) (#15065)
• /fast whitelist broadened to all OpenAI + Anthropic models (#16883)
• auxiliary.extra_body.reasoning translates into Codex Responses API (#17004)
• hermes fallback command for managing fallback providers (#16052)

Agent Loop & Conversation

• Native multimodal image routing — based on model vision capability, not provider defaults (#16506)
• Delegate child_timeout_seconds default bumped to 600s (#14809)
• Diagnostic dump when subagent times out with 0 API calls (#15105)
• Gateway busts cached agent on compression/context_length config edits (#17008)
• Opt-in runtime-metadata footer on final replies (#17026)
• /reload-mcp awareness — rebuild cached agents + prompt-cache cost confirmation (#17729)
• Fix: repair CamelCase + _tool suffix tool-call emissions (#15124)
• Fix: retry on json.JSONDecodeError instead of treating as local validation error (#15107)
• Fix: handle unescaped control chars in tool_call.arguments (#15356)
• Fix: ordering fix in _copy_reasoning_content_for_api — cross-provider reasoning isolation (@Zjianru) (#15749)
• Fix: inject empty reasoning_content for DeepSeek/Kimi tool_calls unconditionally (@Zjianru) (#15762)
• Fix: persist streamed reasoning_content on assistant turns (#16844) (#16892)
• Fix: cancel coroutine on timeout so worker thread exits; full traceback on tool failure (#17428)
• Fix: isolate get_tool_definitions quiet_mode cache + dedup LCM injection (#17335) (#17889)
• Fix: serialize concurrent hermes_tools RPC calls from execute_code (#17770) (#17894, #17902)
• Fix: rename [SYSTEM: → [IMPORTANT: in all user-injected markers (dodges Azure content filter) (#16114)

Compression

• Retry summary on main model for unknown errors before giving up (#16774)
• Notify users when configured aux model fails even if main-model fallback recovers (#16775)
• /compress wrapped in _busy_command to block input during compression (#15388)
• Fix: reserve system + tools headroom when aux binds threshold (#15631)
• Fix: use text-char sum for multimodal token estimation in _find_tail_cut_by_tokens (#16369)

Session, Memory & State

• Trigram FTS5 index for CJK search, replace LIKE fallback (@alt-glitch) (#16651)
• Index tool_name + tool_calls in FTS5, with repair + migration (salvages #16866) (#16914)
• Checkpoints: auto-prune orphan and stale shadow repos at startup (#16303)
• Memory providers notified on mid-process session_id rotation (#6672) (#17409)
• Fix: quote underscored terms in FTS5 query sanitization (#16915)
• Fix: resolve viking_read 500/412 on file URIs + pseudo-summary URIs (salvage #5886) (#17869)
• Fix: skip external-provider sync on interrupted turns (#15395)
• Fix: close embedded Hindsight async client cleanly (salvage #14605) (#16209)
• Fix: pass session transcript to shutdown_memory_provider on gateway + CLI (#15165) (#16571)
• Fix: write-origin metadata seam (#15346)
• Fix: preserve symlinks during atomic file writes (#16980)
• Refactor: remove flush_memories entirely (#15696)

Auxiliary models

• Fix: surface auxiliary failures in UI (previously silent) (#15324)
• Fix: surface title-gen auxiliary failures instead of silently dropping (#16371)
• Fix: generalize unsupported-parameter detector and harden max_tokens retry (#15633)

📱 Messaging Platforms (Gateway)

New Platforms

• Microsoft Teams (19th platform) — as a plugin, + xdist collision guard (#17828)
• Yuanbao (Tencent 元宝, 18th platform) — native adapter with text + media delivery (#16298, #17424, #16880)

Pluggable Gateway Platforms

• Drop-in messaging adapters — the gateway is now a plugin host for platforms (salvage of #17664) (#17751)

Telegram

• Chat allowlists for groups and forums (@web3blind) (#15027)
• Send fresh finals for stale preview streams (port openclaw#72038) (#16261)
• Render markdown tables as row-group bullets + prompt hint (#16997)
• Document fallback in centralized audio routing (#17833)
• Native multi-image sending (#17909)

Discord

• Opt-in toolsets + ID injection + tool split + Feishu wiring (salvage #15457, #15458) (#15610, #15613)
• Fix: coerce limit parameter to int before min() call (#16319)

Slack

• Register every gateway command as a native slash (Discord/Telegram parity) (#16164)
• strict_mention config — prevents thread auto-engagement (#16193)
• channel_skill_bindings — bind specific skills to specific Slack channels (#16283)

Signal

• Native formatting — markdown → bodyRanges, reply quotes, reactions (#17417)
• Native multi-image sending (#17909)

Feishu / Mattermost / Email / Signal

• All participate in native multi-image sending (#17909)

Gateway Core

• Centralized audio routing + FLAC support + Telegram doc fallback (#17833)
• Native multi-image sending across Telegram, Discord, Slack, Mattermost, Email, Signal (#17909)
• Make hygiene hard message limit configurable (#17000)
• Opt-in runtime-metadata footer on final replies (#17026)
• pre_gateway_dispatch hook — plugins can intercept before dispatch (#15050)
• pre_approval_request / post_approval_response hooks (#16776)
• Fix: timeouts — guard load_config() call against runtime exceptions (#16318)
• Fix: support passing handler tools via registry (#15613)

🔧 Tool System

Plugin-first architecture

• Pluggable gateway platforms — platforms can ship as plugins (#17751)
• Microsoft Teams as first plugin-shipped platform (#17828)
• pre_gateway_dispatch hook (#15050)
• pre_approval_request + post_approval_response hooks (#16776)
• duration_ms on post_tool_call (inspired by Claude Code 2.1.119) (#15429)
• Bundled plugins: Spotify (#15174), Google Meet (#16364), Langfuse observability (#16917), hermes-achievements (#17754)
• Page-scoped plugin slots for built-in dashboard pages (#15658)
• Declarative plugin installation for NixOS module (@alt-glitch) (#15953)

Browser

• CDP supervisor — dialog detection + response + cross-origin iframe eval (#14540)
• Auto-spawn local Chromium for LAN/localhost URLs when cloud provider is configured (#16136)

Execute code / Terminal

• Vercel Sandbox backend for execute_code / terminal (@kshitijk4poor) (#17445)
• Collapse subagent task_ids to shared container (#16177)
• Docker: run container as host user to avoid root-owned bind mounts (@benbarclay) (#17305)
• Fix: safely quote ~/ subpaths in wrapped cd commands (#15394)
• Fix: close file descriptor in LocalEnvironment._update_cwd (#17300)
• Fix: SSH — prevent tar from overwriting remote home dir permissions (#17898, #17867)

Image generation

See Provider section for updates; no new image providers this window.

TTS / Voice

• Pluggable TTS provider registry under tts.providers.<name> (#17843)
• Piper as native local TTS provider (closes #8508) (#17885)
• Voice mode CLI parity in the TUI — VAD loop + TTS + crash forensics (#14810)
• Fix: vision — use HERMES_HOME-based cache dir instead of cwd (#17719)

Cron

• Honor hermes tools config for the cron platform (#14798)
• Per-job workdir — project-aware cron runs (#15110)
• context_from field — chain cron job outputs (#15606)
• Fix: promote croniter to a core dependency (#17577)

Web search

• Expose limit for web_search (#16934)

Maps

• Fix: include seconds in timezone UTC offset output (#16300)

Approvals

• Hardline blocklist for unrecoverable commands (#15878)
• Perf: precompile DANGEROUS_PATTERNS and HARDLINE_PATTERNS (#17206)

ACP

• Advertise and forward image prompts (#18030)

API Server

• POST /v1/runs/{run_id}/stop (salvage of #15656) (#15842)
• Expose run status for external UIs (#17085) (#17458)

Nix

• Declarative plugin installation for NixOS module (@alt-glitch) (#15953)
• Fix: use --rebuild in fix-lockfiles to bypass cached FOD store paths (#15444)
• Fix: extraPackages now actually works via per-user profile (#17047)
• Fix: refresh web/ npm-deps hash to unblock main builds (#17174)
• Fix: replace magic-nix-cache with Cachix (#17928)

🖥️ TUI

New features

• LaTeX rendering (@austinpickett) (#17175)
• /reload .env hot-reload — ported from the classic CLI (#17286)
• Pluggable busy-indicator styles (@OutThisLife, #13610) (#17150)
• Opt-in auto-resume of the most recent session (@OutThisLife) (#17130)
• Expanded light-terminal auto-detection — HERMES_TUI_THEME + background hex (@OutThisLife) (#17113)
• Delete sessions from /resume picker with d (@OutThisLife) (#17668)
• Line-by-line scroll on modified mouse wheel (@OutThisLife) (#17669)
• Delete queued message while editing with ctrl-x / cancel with esc (@OutThisLife) (#16707)
• Per-section visibility for the details accordion (@OutThisLife) (#14968)
• Voice mode CLI parity — VAD loop + TTS + crash forensics (#14810)
• Contextual first-touch hints ported to TUI — /busy, /verbose (#16054)
• Mini help menu on ? in the input field (@ethernet8023) (#18043)

Fixes

• Fix: proactive mouse disable on ConPTY + /mouse toggle command (@kevin-ho, WSL2 ghost-mouse fix) (#15488)
• Fix: restore skills search RPC (#15870)
• Perf: cache text measurements across yoga flex re-passes (#14818)
• Perf: stabilize long-session scrolling (#15926)
• Perf: lazily seed virtual history heights (#16523)
• Perf: cut visible cold start ~57% with lazy agent init (#17190)

🖱️ CLI & User Experience

New commands

• hermes -z <prompt> — non-interactive one-shot mode (#15702)
• hermes -z with --model / --provider / HERMES_INFERENCE_MODEL (#15704)
• hermes update --check preflight flag (#15841)
• hermes fallback command for managing fallback providers (#16052)
• /busy slash command for busy input mode (#15382)
• /busy input mode 'steer' as a third option (#16279)
• /btw as alias for /background (#16053)
• /reload-skills slash command (salvage #17670) (#17744)
• Surface /queue, /bg, /steer in agent-running placeholder (#16118)

Setup / onboarding

• Auto-reconfigure on existing installs (#15879)
• Contextual first-touch hints for /busy and /verbose (#16046)
• Cost-saving tips from the April 30 tip-of-the-day (#17841)
• Hyperlink startup banner title to the latest GitHub Release (#14945)

Update / backup

• Snapshot pairing data before git pull (#16383)
• Auto-backup HERMES_HOME before hermes update (opt-in, off by default) (#16539, #16566)
• Exclude checkpoints/ from backups (#16572)
• Exclude SQLite WAL/SHM/journal sidecars from backups (#16576)
• Installer FHS layout for root installs on Linux (#15608)
• Fix: kill stale dashboards instead of warning (#17832)
• Fix: show correct update status on nix-built hermes (#17550)

Slash-command housekeeping

• Refactor: drop /provider, /plan handler, and clean up slash registry (#15047)
• Refactor: drop persist_session plumbing + fix broken /btw mid-turn bypass (#16075)

OpenClaw migration (for folks coming from OpenClaw)

• Hardened OpenClaw import — plan-first apply, redaction, pre-migration backup (#16911)
• Fix: case-preserving brand rewrite + one-time ~/.openclaw residue banner (#16327)
• Fix: resolve openclaw workspace files from agents.defaults.workspace (#16879)
• Fix: resolve model aliases against real OpenClaw catalog schema (salvage #16778) (#16977)

📊 Web Dashboard

• Models tab — rich per-model analytics (#17745)
• Configure main + auxiliary models from the Models page (#17802)
• Dashboard Chat tab — xterm.js + JSON-RPC sidecar (supersedes #12710 + #13379, @OutThisLife) (#14890)
• Dashboard layout refresh (@austinpickett) (#14899)
• --stop and --status flags on the dashboard CLI (#17840)
• Page-scoped plugin slots for built-in pages (#15658)
• Fix: replace all buttons for design system buttons (#17007)

⚡ Performance

• TUI visible cold start cut ~57% via lazy agent init (#17190)
• Lazy-import OpenAI, Anthropic, Firecrawl, account_usage (#17046)
• mtime-cache load_config() and read_raw_config() (#17041)
• Memoize get_tool_definitions() + TTL-cache check_fn results (#17098)
• Precompile DANGEROUS_PATTERNS and HARDLINE_PATTERNS (#17206)
• Cache Ink text measurements across yoga flex re-passes (#14818)
• Stabilize long-session scrolling (#15926)
• Lazily seed virtual history heights (#16523)

🔒 Security & Reliability

• Secret redaction off by default — stops corrupting patches / API payloads with fake-key substitutions. Opt in via redaction.enabled: true (#16794)
• [SYSTEM: → [IMPORTANT: in all user-injected markers (Azure content filter dodge) (#16114)
• Hardline blocklist for unrecoverable commands (#15878)
• Canonical mask_secret helper; fix status.py DIM drift (#17207)
• Sweep expired paste.rs uploads on a real timer (#16431)
• Preserve symlinks during atomic file writes (#16980)
• Probe /dev/tty by opening it, not bare existence (#17024)

🐛 Notable Bug Fixes

This window includes 360 fix: PRs. Selected highlights from across the stack:

• Background review fork inherits parent's live runtime — provider/model/creds now propagate correctly (#16099)
• Hindsight configurable HINDSIGHT_TIMEOUT env var (#15077)
• Tools: normalize numeric entries + clear stale no_mcp in _save_platform_tools (#15607)
• MCP: rewrite definitions refs to $defs in input schemas — closes provider-side 400s
• Azure content filter compatibility — renamed [SYSTEM: markers so Azure's content filter stops flagging them (#16114)
• Vision cache uses HERMES_HOME instead of cwd (#17719)
• FTS5 search — tool_name + tool_calls indexing with repair + migration (#16914)
• Streaming reasoning persists on assistant turns (#16892)
• execute_code concurrent RPC serialization (#17770) (#17894, #17902)
• Background reviewer scoped to memory + skills toolsets — no more accidental web/shell escapes (#16569)
• Compression recovery — retry on main before giving up; notify user when aux fails (#16774, #16775)
• croniter promoted to a core dependency (#17577)
• Discord tool limit parameter coerced to int before min() call (#16319)
• Yuanbao messaging platform entrance fix (#16880)
• ACP advertise and forward image prompts (#18030)
• DeepSeek / Kimi reasoning content isolation across cross-provider histories (@Zjianru) (#15749, #15762)
• Preserve reasoning_content replay on DeepSeek v4 + Kimi/Moonshot thinking (#18045)

The vast majority of the 360 fixes landed in the streaming/compression/tool-calling paths across all providers — DeepSeek, Kimi, Moonshot, GLM, Qwen, MiniMax, Gemini, Anthropic, OpenAI — alongside TUI polish (resize, scroll, sticky-prompt) and gateway platform-specific edge cases.

🧪 Testing & CI

• Hermetic test parity (scripts/run_tests.sh) held across this window
• Microsoft Teams xdist collision guard — prevents worker collisions when Teams platform tests run in parallel (#17828)
• Chore: remove unused imports and dead locals (ruff F401, F841) (#17010)

📚 Documentation

• Curator feature page added to docs site (#17563)
• Document pin also blocking skill_manage writes (#17578)
• Direct-URL skill install documented across features, reference, guide, and hermes-agent skill (#16355)
• Hooks tutorial — build a BOOT.md startup checklist (replaces the removed built-in hook) (#17202)
• ComfyUI docs: ask local vs cloud FIRST before hardware check (#17612)
• Obliteratus skill: link YouTube video guide in SKILL.md (#15808)
• Per-skill docs pages generated for bundled + optional skills; ASCII art code blocks auto-wrapped (#14929, #16497)

⚖️ Removed / Reverted

• Kanban multi-profile collaboration board — landed in #16081, reverted in (#16098) while the design is reworked
• computer-use cua-driver — 3 preparatory PRs landed then were reverted in (#16927)
• BOOT.md built-in hook removed (#17093); the hooks tutorial (#17202) shows how to build the same workflow yourself with a shell hook
• /provider + /plan slash commands dropped (#15047)
• flush_memories removed entirely (#15696)

👥 Contributors

Core

• @teknium1 (Teknium)

Top Community Contributors (by merged PR count since v0.11.0)

• @OutThisLife (Brooklyn) — 52 PRs · TUI — light-terminal detection + pluggable busy styles + auto-resume + session-delete from /resume + mouse-wheel scrolling + xterm.js dashboard Chat tab + cold-start cut + accordion polish
• @kshitijk4poor — 12 PRs · LM Studio first-class provider (salvage), Vercel Sandbox backend, GMI Cloud salvage, bundled-by-default touchdesigner-mcp, many tool-call / reasoning fixes
• @helix4u — 10 PRs · MCP schema robustness, assorted stability fixes
• @alt-glitch — 8 PRs · trigram FTS5 CJK search, declarative Nix plugin install, matrix/feishu hints and fixes
• @ethernet8023 — 4 PRs
• @austinpickett — 4 PRs · LaTeX rendering in TUI, dashboard layout refresh
• @benbarclay — 3 PRs · Docker run-as-host-user so bind mounts don't get root-owned
• @vominh1919 — 2 PRs
• @stephenschoettler — 2 PRs
• @kevin-ho — ConPTY mouse-injection fix (#15488)
• @Zjianru — cross-provider reasoning_content isolation + DeepSeek/Kimi empty-reasoning injection (#15749, #15762)
• @web3blind — Telegram chat allowlists for groups and forums (#15027)
• @SHL0MS — 9 new TouchDesigner-MCP reference docs (#16768)
• @0xDevNinja — curator restore_skill nested-archive fix (#17951)
• @y0shua1ee — curator use activity fix (#17953)

Also contributing

Salvaged or co-authored work from @isaachuangGMICLOUD (GMI Cloud), earlier upstream PRs from the original author of each salvage chain, and a long tail of one-shot fixes, documentation nudges, and skill contributions from the community.

All Contributors (alphabetical, excluding @teknium1)

@0xbyt4, @0xharryriddle, @0xDevNinja, @0z1-ghb, @5park1e, @A-FdL-Prog, @aj-nt, @akhater, @alblez, @alexg0bot,
@alexzhu0, @AllardQuek, @alt-glitch, @amanning3390, @amanuel2, @AndreKurait, @andrewhosf, @Andy283, @andyylin,
@angel12, @AntAISecurityLab, @ash, @austinpickett, @badgerbees, @BadTechBandit, @Bartok9, @beenherebefore,
@beesrsj2500, @BeliefanX, @benbarclay, @benjaminsehl, @BlackishGreen33, @bloodcarter, @BlueBirdBack,
@briandevans, @brooklynnicholson, @bsgdigital, @buray, @bwjoke, @camaragon, @cdanis, @cgarwood82,
@charles-brooks, @chen1749144759, @chengoak, @ching-kaching, @Contentment003111, @crayfish-ai, @CruxExperts,
@cyclingwithelephants, @dandaka, @danklynn, @ddupont808, @dhabibi, @difujia, @dimitrovi, @dlkakbs,
@dontcallmejames, @EKKOLearnAI, @emozilla, @ericnicolaides, @erosika, @ethernet8023, @exiao, @Feranmi10,
@flobo3, @foxion37, @georgeglessner, @georgex8001, @ghostmfr, @H-Ali13381, @HangGlidersRule, @harryplusplus,
@haru398801, @heathley, @hejuntt1014, @hekaru-agent, @helix4u, @Heltman, @HenkDz, @heyitsaamir, @hharry11,
@hhhonzik, @hhuang91, @HiddenPuppy, @htsh, @iamagenius00, @in-liberty420, @innocarpe, @irispillars, @iRonin,
@isaachuangGMICLOUD, @Ito-69, @j3ffffff, @jackjin1997, @jakubkrcmar, @Jason2031, @JayGwod, @jerome-benoit,
@johnncenae, @Kailigithub, @keiravoss94, @kevin-ho, @knockyai, @konsisumer, @kshitijk4poor, @kunlabs, @l0hde,
@Leihb, @leoneparise, @LeonSGP43, @liizfq, @liuhao1024, @LoongZhao, @lsdsjy, @luyao618, @ma-pony, @Magaav,
@Magicray1217, @math0r-be, @MattMaximo, @maxims-oss, @MaxyMoos, @maymuneth, @mcndjxlefnd, @memosr,
@MestreY0d4-Uninter, @mewwts, @Mirac1eSky, @MorAlekss, @mrhwick, @mrunmayee17, @mssteuer, @Nanako0129,
@nazirulhafiy, @Nerijusas, @Nicecsh, @nicoloboschi, @nightq, @ningfangbin, @octo-patch, @octopus,
@OutThisLife, @paperclip, @pein892, @perlowja, @prasadus92, @qike-ms, @qiyin-code, @Readon, @ReginaldasR,
@revaraver, @rfilgueiras, @rmoen, @romanornr, @rugvedS07, @rylena, @samrusani, @Sanjays2402, @sasha-id,
@Satoshi-agi, @scheidti, @scotttrinh, @season179, @SeeYangZhi, @sgaofen, @shamork, @shannonsands, @SHL0MS,
@simbam99, @Societus, @socrates1024, @Sonoyunchu, @sprmn24, @stephenschoettler, @tangyuanjc, @TechPrototyper,
@tekgnosis-net, @ThomassJonax, @tmimmanuel, @tochukwuada, @Tosko4, @Tranquil-Flow, @twozle, @txbxxx,
@UgwujaGeorge, @versun, @vlwkaos, @voidborne-d, @vominh1919, @Wang-tianhao, @Wangshengyang2004, @web3blind,
@westers, @Wysie, @xandersbell, @xiahu88988, @XieNBi, @xinbenlv, @xnbi, @y0shua1ee, @yatesjalex, @yes999zc,
@yeyitech, @Yoimex, @YueLich, @Yukipukii1, @zhiyanliu, @zicochaos, @Zjianru, @zkl2333, @zons-zhaozhy,
@ztexydt-cqh.

Also: @Siddharth Balyan, @YuShu.

Full Changelog: v2026.4.23...v2026.4.30

Original source

Hermes Agent v0.11.0 (v2026.4.23)

Release Date: April 23, 2026

Since v0.9.0: 1,556 commits · 761 merged PRs · 1,314 files changed · 224,174 insertions · 29 community contributors (290 including co-authors)

The Interface release — a full React/Ink rewrite of the interactive CLI, a pluggable transport architecture underneath every provider, native AWS Bedrock support, five new inference paths, a 17th messaging platform (QQBot), a dramatically expanded plugin surface, and GPT-5.5 via Codex OAuth.

This release also folds in all the highlights deferred from v0.10.0 (which shipped only the Nous Tool Gateway) — so it covers roughly two weeks of work across the whole stack.

✨ Highlights

• New Ink-based TUI — hermes --tui is now a full React/Ink rewrite of the interactive CLI, with a Python JSON-RPC backend (tui_gateway). Sticky composer, live streaming with OSC-52 clipboard support, stable picker keys, status bar with per-turn stopwatch and git branch, /clear confirm, light-theme preset, and a subagent spawn observability overlay. ~310 commits to ui-tui/ + tui_gateway/. (@OutThisLife + Teknium)
• Transport ABC + Native AWS Bedrock — Format conversion and HTTP transport were extracted from run_agent.py into a pluggable agent/transports/ layer. AnthropicTransport, ChatCompletionsTransport, ResponsesApiTransport, and BedrockTransport each own their own format conversion and API shape. Native AWS Bedrock support via the Converse API ships on top of the new abstraction. (#10549, #13347, #13366, #13430, #13805, #13814 — @kshitijk4poor + Teknium)
• Five new inference paths — Native NVIDIA NIM (#11774), Arcee AI (#9276), Step Plan (#13893), Google Gemini CLI OAuth (#11270), and Vercel ai-gateway with pricing + dynamic discovery (#13223 — @jerilynzheng). Plus Gemini routed through the native AI Studio API for better performance (#12674).
• GPT-5.5 over Codex OAuth — OpenAI's new GPT-5.5 reasoning model is now available through your ChatGPT Codex OAuth, with live model discovery wired into the model picker so new OpenAI releases show up without catalog updates. (#14720)
• QQBot — 17th supported platform — Native QQBot adapter via QQ Official API v2, with QR scan-to-configure setup wizard, streaming cursor, emoji reactions, and DM/group policy gating that matches WeCom/Weixin parity. (#9364, #11831)
• Plugin surface expanded — Plugins can now register slash commands (register_command), dispatch tools directly (dispatch_tool), block tool execution from hooks (pre_tool_call can veto), rewrite tool results (transform_tool_result), transform terminal output (transform_terminal_output), ship image_gen backends, and add custom dashboard tabs. The bundled disk-cleanup plugin is opt-in by default as a reference implementation. (#9377, #10626, #10763, #10951, #12929, #12944, #12972, #13799, #14175)
• /steer — mid-run agent nudges — /steer <prompt> injects a note that the running agent sees after its next tool call, without interrupting the turn or breaking prompt cache. For when you want to course-correct an agent in-flight. (#12116)
• Shell hooks — Wire any shell script as a Hermes lifecycle hook (pre_tool_call, post_tool_call, on_session_start, etc.) without writing a Python plugin. (#13296)
• Webhook direct-delivery mode — Webhook subscriptions can now forward payloads straight to a platform chat without going through the agent — zero-LLM push notifications for alerting, uptime checks, and event streams. (#12473)
• Smarter delegation — Subagents now have an explicit orchestrator role that can spawn their own workers, with configurable max_spawn_depth (default flat). Concurrent sibling subagents share filesystem state through a file-coordination layer so they don't clobber each other's edits. (#13691, #13718)
• Auxiliary models — configurable UI + main-model-first — hermes model has a dedicated "Configure auxiliary models" screen for per-task overrides (compression, vision, session_search, title_generation). auto routing now defaults to the main model for side tasks across all users (previously aggregator users were silently routed to a cheap provider-side default). (#11891, #11900)
• Dashboard plugin system + live theme switching — The web dashboard is now extensible. Third-party plugins can add custom tabs, widgets, and views without forking. Paired with a live-switching theme system — themes now control colors, fonts, layout, and density — so users can hot-swap the dashboard look without a reload. Same theming discipline the CLI has, now on the web. (#10951, #10687, #14725)
• Dashboard polish — i18n (English + Chinese), react-router sidebar layout, mobile-responsive, Vercel deployment, real per-session API call tracking, and one-click update + gateway restart buttons. (#9228, #9370, #9453, #10686, #13526, #14004 — @austinpickett + @DeployFaith + Teknium)

🏗️ Core Agent & Architecture

Transport Layer (NEW)

• Transport ABC abstracts format conversion and HTTP transport from run_agent.py into agent/transports/ (#13347)
• AnthropicTransport — Anthropic Messages API path (#13366, @kshitijk4poor)
• ChatCompletionsTransport — default path for OpenAI-compatible providers (#13805)
• ResponsesApiTransport — OpenAI Responses API + Codex build_kwargs wiring (#13430, @kshitijk4poor)
• BedrockTransport — AWS Bedrock Converse API transport (#13814)

Provider & Model Support

• Native AWS Bedrock provider via Converse API (#10549)
• NVIDIA NIM native provider (salvage of #11703) (#11774)
• Arcee AI direct provider (#9276)
• Step Plan provider (salvage #6005) (#13893, @kshitijk4poor)
• Google Gemini CLI OAuth inference provider (#11270)
• Vercel ai-gateway with pricing, attribution, and dynamic discovery (#13223, @jerilynzheng)
• GPT-5.5 over Codex OAuth with live model discovery in the picker (#14720)
• Gemini routed through native AI Studio API (#12674)
• xAI Grok upgraded to Responses API (#10783)
• Ollama improvements — Cloud provider support, GLM continuation, think=false control, surrogate sanitization, /v1 hint (#10782)
• Kimi K2.6 across OpenRouter, Nous Portal, native Kimi, and HuggingFace (#13148, #13152, #13169)
• Kimi K2.5 promoted to first position in all model suggestion lists (#11745, @kshitijk4poor)
• Xiaomi MiMo v2.5-pro + v2.5 on OpenRouter, Nous Portal, and native (#14184, #14635, @kshitijk4poor)
• GLM-5V-Turbo for coding plan (#9907)
• Claude Opus 4.7 in Nous Portal catalog (#11398)
• OpenRouter elephant-alpha in curated lists (#9378)
• OpenCode-Go — Kimi K2.6 and Qwen3.5/3.6 Plus in curated catalog (#13429)
• minimax/minimax-m2.5:free in OpenRouter catalog (#13836)
• /model merges models.dev entries for lesser-loved providers (#14221)
• Per-provider + per-model request_timeout_seconds config (#12652)
• Configurable API retry count via agent.api_max_retries (#14730)
• ctx_size context length key for Lemonade server (salvage #8536) (#14215)
• Custom provider display name prompt (#9420)
• Recommendation badges on tool provider selection (#9929)
• Fix: correct GPT-5 family context lengths in fallback defaults (#9309)
• Fix: clamp minimal reasoning effort to low on Responses API (#9429)
• Fix: strip reasoning item IDs from Responses API input when store=False (#10217)
• Fix: OpenViking correct account default + commit session on /new and compress (#10463)
• Fix: Kimi /coding thinking block survival + empty reasoning_content + block ordering (multiple PRs)
• Fix: don't send Anthropic thinking to api.kimi.com/coding (#13826)
• Fix: send max_tokens, reasoning_effort, and thinking for Kimi/Moonshot
• Fix: stream reasoning content through OpenAI-compatible providers that emit it

Agent Loop & Conversation

• /steer <prompt> — mid-run agent nudges after next tool call (#12116)
• Orchestrator role + configurable spawn depth for delegate_task (default flat) (#13691)
• Cross-agent file state coordination for concurrent subagents (#13718)
• Compressor smart collapse, dedup, anti-thrashing, template upgrade, hardening (#10088)
• Compression summaries respect the conversation's language (#12556)
• Compression model falls back to main model on permanent 503/404 (#10093)
• Auto-continue interrupted agent work after gateway restart (#9934)
• Activity heartbeats prevent false gateway inactivity timeouts (#10501)
• Auxiliary models UI — dedicated screen for per-task overrides (#11891)
• Auxiliary auto routing defaults to main model for all users (#11900)
• PLATFORM_HINTS for Matrix, Mattermost, Feishu (#14428, @alt-glitch)
• Fix: reset retry counters after compression; stop poisoning conversation history (#10055)
• Fix: break compression-exhaustion infinite loop and auto-reset session (#10063)
• Fix: stale agent timeout, uv venv detection, empty response after tools (#10065)
• Fix: prevent premature loop exit when weak models return empty after substantive tool calls (#10472)
• Fix: preserve pre-start terminal interrupts (#10504)
• Fix: improve interrupt responsiveness during concurrent tool execution (#10935)
• Fix: word-wrap spinner, interruptable agent join, and delegate_task interrupt (#10940)
• Fix: /stop no longer resets the session (#9224)
• Fix: honor interrupts during MCP tool waits (#9382, @helix4u)
• Fix: break stuck session resume loops after repeated restarts (#9941)
• Fix: empty response nudge crash + placeholder leak to cron targets (#11021)
• Fix: streaming cursor sanitization to prevent message truncation (multiple PRs)
• Fix: resolve context_length for plugin context engines (#9238)

Session & Memory

• Auto-prune old sessions + VACUUM state.db at startup (#13861)
• Honcho overhaul — context injection, 5-tool surface, cost safety, session isolation (#10619)
• Hindsight richer session-scoped retain metadata (salvage of #6290) (#13987)
• Fix: deduplicate memory provider tools to prevent 400 on strict providers (#10511)
• Fix: discover user-installed memory providers from $HERMES_HOME/plugins/ (#10529)
• Fix: add on_memory_write bridge to sequential tool execution path (#10507)
• Fix: preserve session_id across previous_response_id chains in /v1/responses (#10059)

🖥️ New Ink-based TUI

A full React/Ink rewrite of the interactive CLI — invoked via hermes --tui or HERMES_TUI=1. Shipped across ~310 commits to ui-tui/ and tui_gateway/.

TUI Foundations

• New TUI based on Ink + Python JSON-RPC backend
• Prettier + ESLint + vitest tooling for ui-tui/
• Entry split between src/entry.tsx (TTY gate) and src/app.tsx (state machine)
• Persistent _SlashWorker subprocess for slash command dispatch

UX & Features

• Stable picker keys, /clear confirm, light-theme preset (#12312, @OutThisLife)
• Git branch in status bar cwd label (#12305, @OutThisLife)
• Per-turn elapsed stopwatch in FaceTicker + done-in sys line (#13105, @OutThisLife)
• Subagent spawn observability overlay (#14045, @OutThisLife)
• Per-prompt elapsed stopwatch in status bar (#12948)
• Sticky composer that freezes during scroll
• OSC-52 clipboard support for copy across SSH sessions
• Virtualized history rendering for performance
• Slash command autocomplete via complete.slash RPC
• Path autocomplete via complete.path RPC
• Dozens of resize/ghosting/sticky-prompt fixes landed through the week

Structural Refactors

• Decomposed app.tsx into app/event-handler, app/slash-handler, app/stores, app/hooks (#14640 and surrounding)
• Component split: branding.tsx, markdown.tsx, prompts.tsx, sessionPicker.tsx, messageLine.tsx, thinking.tsx, maskedPrompt.tsx
• Hook split: useCompletion, useInputHistory, useQueue, useVirtualHistory

📱 Messaging Platforms (Gateway)

New Platforms

• QQBot (17th platform) — QQ Official API v2 adapter with QR setup, streaming, package split (#9364, #11831)

Telegram

• Dedicated TELEGRAM_PROXY env var + config.yaml proxy support (closes #9414, #6530, #9074, #7786) (#10681)
• ignored_threads config for Telegram groups (#9530)
• Config option to disable link previews (closes #8728) (#10610)
• Auto-wrap markdown tables in code blocks (#11794)
• Fix: prevent duplicate replies when stream task is cancelled (#9319)
• Fix: prevent streaming cursor (▉) from appearing as standalone messages (#9538)
• Fix: retry transient tool sends + cold-boot budget (#10947)
• Fix: Markdown special char escaping in send_exec_approval
• Fix: parentheses in URLs during MarkdownV2 link conversion
• Fix: Unicode dash normalization in model switch (closes iOS smart-punctuation issue)
• Many platform hint / streaming / session-key fixes

Discord

• Forum channel support (salvage of #10145 + media + polish) (#11920)
• DISCORD_ALLOWED_ROLES for role-based access control (#11608)
• Config option to disable slash commands (salvage #13130) (#14315)
• Native send_animation for inline GIF playback (#10283)
• send_message Discord media attachments (#10246)
• /skill command group with category subcommands (#9909)
• Extract reply text from message references (#9781)

Feishu

• Intelligent reply on document comments with 3-tier access control (#11898)
• Show processing state via reactions on user messages (#12927)
• Preserve @mention context for agent consumption (salvage #13874) (#14167)

DingTalk

• require_mention + allowed_users gating (parity with Slack/Telegram/Discord) (#11564)
• QR-code device-flow authorization for setup wizard (#11574)
• AI Cards streaming, emoji reactions, and media handling (salvage of #10985) (#11910)

WhatsApp

• send_voice — native audio message delivery (#13002)
• dm_policy and group_policy parity with WeCom/Weixin/QQ adapters (#13151)

WeCom / Weixin

• WeCom QR-scan bot creation + interactive setup wizard (salvage #13923) (#13961)

Signal

• Media delivery support via send_message (#13178)

Slack

• Per-thread sessions for DMs by default (#10987)

BlueBubbles (iMessage)

• Group chat session separation, webhook registration & auth fixes (#9806)

Gateway Core

• Gateway proxy mode — forward messages to a remote API server (#9787)
• Per-channel ephemeral prompts (Discord, Telegram, Slack, Mattermost) (#10564)
• Surface plugin slash commands natively on all platforms + decision-capable command hook (#14175)
• Support document/archive extensions in MEDIA: tag extraction (salvage #8255) (#14307)
• Recognize .pdf in MEDIA: tag extraction (#13683)
• --all flag for gateway start and restart (#10043)
• Notify active sessions on gateway shutdown + update health check (#9850)
• Block agent from self-destructing the gateway via terminal (closes #6666) (#9895)
• Fix: suppress duplicate replies on interrupt and streaming flood control (#10235)
• Fix: close temporary agents after one-off tasks (#11028, @kshitijk4poor)
• Fix: busy-session ack when user messages during active agent run (#10068)
• Fix: route watch-pattern notifications to the originating session (#10460)
• Fix: preserve notify context in executor threads (#10921, @kshitijk4poor)
• Fix: avoid duplicate replies after interrupted long tasks (#11018)
• Fix: unlink stale PID + lock files on cleanup
• Fix: force-unlink stale PID file after --replace takeover

🔧 Tool System

Plugin Surface (major expansion)

• register_command() — plugins can now add slash commands (#10626)
• dispatch_tool() — plugins can invoke tools from their code (#10763)
• pre_tool_call blocking — plugins can veto tool execution (#9377)
• transform_tool_result — plugins rewrite tool results generically (#12972)
• transform_terminal_output — plugins rewrite terminal tool output (#12929)
• Namespaced skill registration for plugin skill bundles (#9786)
• Opt-in-by-default + bundled disk-cleanup plugin (salvage #12212) (#12944)
• Pluggable image_gen backends + OpenAI provider (#13799)
• openai-codex image_gen plugin (gpt-image-2 via Codex OAuth) (#14317)
• Shell hooks — wire shell scripts as hook callbacks (#13296)

Browser

• browser_cdp raw DevTools Protocol passthrough (#12369)
• Camofox hardening + connection stability across the window

Execute Code

• Project/strict execution modes (default: project) (#11971)

Image Generation

• Multi-model FAL support with picker in hermes tools (#11265)
• Recraft V3 → V4 Pro, Nano Banana → Pro upgrades (#11406)
• GPT Image 2 in FAL catalog (#13677)
• xAI image generation provider (grok-imagine-image) (#14765)

TTS / STT / Voice

• Google Gemini TTS provider (#11229)
• xAI Grok STT provider (#14473)
• xAI TTS (shipped with Responses API upgrade) (#10783)
• KittenTTS local provider (salvage of #2109) (#13395)
• CLI record beep toggle (#13247, @helix4u)

Webhook / Cron

• Webhook direct-delivery mode — zero-LLM push notifications (#12473)
• Cron wakeAgent gate — scripts can skip the agent entirely (#12373)
• Cron per-job enabled_toolsets — cap token overhead + cost per job (#14767)

Delegate

• Orchestrator role + configurable spawn depth (default flat) (#13691)
• Cross-agent file state coordination (#13718)

File / Patch

• patch — "did you mean?" feedback when patch fails to match (#13435)

API Server

• Stream /v1/responses SSE tool events (salvage #9779) (#10049)
• Inline image inputs on /v1/chat/completions and /v1/responses (#12969)

Docker / Podman

• Entry-level Podman support — find_docker() + rootless entrypoint (#10066)
• Add docker-cli to Docker image (salvage #10096) (#14232)
• File-sync back to host on teardown (salvage of #8189 + hardening) (#11291)

MCP

• 12 MCP improvements across the window (status, timeout handling, tool-call forwarding, etc.)

🧩 Skills Ecosystem

Skill System

• Namespaced skill registration for plugin bundles (#9786)
• hermes skills reset to un-stick bundled skills (#11468)
• Skills guard opt-in — config.skills.guard_agent_created (default off) (#14557)
• Bundled skill scripts runnable out of the box (#13384)
• xitter replaced with xurl — the official X API CLI (#12303)
• MiniMax-AI/cli as default skill tap (salvage #7501) (#14493)
• Fuzzy @ file completions + mtime sorting (#9467)

New Skills

• concept-diagrams (salvage of #11045, @v1k22) (#11363)
• architecture-diagram (Cocoon AI port) (#9906)
• pixel-art with hardware palettes and video animation (#12663, #12725)
• baoyu-comic (#13257, @JimLiu)
• baoyu-infographic — 21 layouts × 21 styles (salvage #9901) (#12254)
• page-agent — embed Alibaba's in-page GUI agent in your webapp (#13976)
• fitness-nutrition optional skill + optional env var support (#9355)
• drug-discovery — ChEMBL, PubChem, OpenFDA, ADMET (#9443)
• touchdesigner-mcp (salvage of #10081) (#12298)
• adversarial-ux-test optional skill (salvage of #2494, @omnissiah-comelse) (#13425)
• maps — added guest_house, camp_site, and dual-key bakery lookup (#13398)
• llm-wiki — port provenance markers, source hashing, and quality signals (#13700)

📊 Web Dashboard

• i18n (English + Chinese) language switcher (#9453)
• Live-switching theme system (#10687)
• Dashboard plugin system — extend the web UI with custom tabs (#10951)
• react-router, sidebar layout, sticky header, dropdown component (#9370, @austinpickett)
• Responsive for mobile (#9228, @DeployFaith)
• Vercel deployment (#10686, #11061, @austinpickett)
• Context window config support (#9357)
• HTTP health probe for cross-container gateway detection (#9894)
• Update + restart gateway buttons (#13526, @austinpickett)
• Real API call count per session (salvages #10140) (#14004)

🖱️ CLI & User Experience

• Dynamic shell completion for bash, zsh, and fish (#9785)
• Light-mode skins + skin-aware completion menus (#9461)
• Numbered keyboard shortcuts on approval and clarify prompts (#13416)
• Markdown stripping, compact multiline previews, external editor (#12934)
• --ignore-user-config and --ignore-rules flags (port codex#18646) (#14277)
• Account limits section in /usage (#13428)
• Doctor: Command Installation check for hermes bin symlink (#10112)
• ESC cancels secret/sudo prompts, clearer skip messaging (#9902)
• Fix: agent-facing text uses display_hermes_home() instead of hardcoded ~/.hermes (#10285)
• Fix: enforce config.yaml as sole CWD source + deprecate .env CWD vars + add hermes memory reset (#11029)

🔒 Security & Reliability

• Global toggle to allow private/internal URL resolution (#14166)
• Block agent from self-destructing the gateway via terminal (closes #6666) (#9895)
• Telegram callback authorization on update prompts (#10536)
• SECURITY.md added (#10532, @I3eg1nner)
• Warn about legacy hermes.service units during hermes update (#11918)
• Complete ASCII-locale UnicodeEncodeError recovery for api_messages/reasoning_content (closes #6843) (#10537)
• Prevent stale os.environ leak after clear_session_vars (#10527)
• Prevent agent hang when backgrounding processes via terminal tool (#10584)
• Many smaller session-resume, interrupt, streaming, and memory-race fixes throughout the window

🐛 Notable Bug Fixes

The fix: category in this window covers 482 PRs. Highlights:

• Streaming cursor artifacts filtered from Matrix, Telegram, WhatsApp, Discord (multiple PRs)
• <think> and <thought> blocks filtered from gateway stream consumers (#9408)
• Gateway display.streaming root-config override regression (#9799)
• Context session_search coerces limit to int (prevents TypeError) (#10522)
• Memory tool stays available when fcntl is unavailable (Windows) (#9783)
• Trajectory compressor credentials load from HERMES_HOME/.env (#9632, @Dusk1e)
• @_context_completions no longer crashes on @ mention (#9683, @kshitijk4poor)
• Group session user_id no longer treated as thread_id in shutdown notifications (#10546)
• Telegram platform_hint — markdown is supported (closes #8261) (#10612)
• Doctor checks for Kimi China credentials fixed
• Streaming: don't suppress final response when commentary message is sent (#10540)
• Rapid Telegram follow-ups no longer get cut off

🧪 Testing & CI

• Contributor attribution CI check on PRs (#9376)
• Hermetic test parity (scripts/run_tests.sh) held across this window
• Test count stabilized post-Transport refactor; CI matrix held green through the transport rollout

📚 Documentation

• Atropos + wandb links in user guide
• ACP / VS Code / Zed / JetBrains integration docs refresh
• Webhook subscription docs updated for direct-delivery mode
• Plugin author guide expanded for new hooks (register_command, dispatch_tool, transform_tool_result)
• Transport layer developer guide added
• Website removed Discussions link from README

👥 Contributors

Core

• @teknium1 (Teknium)

Top Community Contributors (by merged PR count)

• @kshitijk4poor — 49 PRs · Transport refactor (AnthropicTransport, ResponsesApiTransport), Step Plan provider, Xiaomi MiMo v2.5 support, numerous gateway fixes, promoted Kimi K2.5, @ mention crash fix
• @OutThisLife (Brooklyn) — 31 PRs · TUI polish, git branch in status bar, per-turn stopwatch, stable picker keys, /clear confirm, light-theme preset, subagent spawn observability overlay
• @helix4u — 11 PRs · Voice CLI record beep, MCP tool interrupt handling, assorted stability fixes
• @austinpickett — 8 PRs · Dashboard react-router + sidebar + sticky header + dropdown, Vercel deployment, update + restart buttons
• @alt-glitch — 8 PRs · PLATFORM_HINTS for Matrix/Mattermost/Feishu, Matrix fixes
• @ethernet8023 — 3 PRs
• @benbarclay — 3 PRs
• @Aslaaen — 2 PRs

Also contributing

• @jerilynzheng (ai-gateway pricing), @JimLiu (baoyu-comic skill), @Dusk1e (trajectory compressor credentials), @DeployFaith (mobile-responsive dashboard), @LeonSGP43, @v1k22 (concept-diagrams), @omnissiah-comelse (adversarial-ux-test), @coekfung (Telegram MarkdownV2 expandable blockquotes), @liftaris (TUI provider resolution), @arihantsethia (skill analytics dashboard), @topcheer + @xing8star (QQBot foundation), @kovyrin, @I3eg1nner (SECURITY.md), @PeterBerthelsen, @lengxii, @priveperfumes, @sjz-ks, @cuyua9, @Disaster-Terminator, @leozeli, @LehaoLin, @trevthefoolish, @loongfay, @MrNiceRicee, @WideLee, @bluefishs, @malaiwah, @bobashopcashier, @dsocolobsky, @iamagenius00, @IAvecilla, @aniruddhaadak80, @Es1la, @asheriif, @Walli, @jquesnelle (original Tool Gateway work).

All Contributors (alphabetical)

@0xyg3n, @10ishq, @A-afflatus, @Abnertheforeman, @admin28980, @adybag14-cyber, @akhater, @alexzhu0,

@AllardQuek, @alt-glitch, @aniruddhaadak80, @anna-oake, @anniesurla, @anthhub, @areu01or00, @arihantsethia,

@arthurbr11, @asheriif, @Aslaaen, @Asunfly, @austinpickett, @AviArora02-commits, @AxDSan, @azhengbot, @Bartok9,

@benbarclay, @bennytimz, @bernylinville, @bingo906, @binhnt92, @bkadish, @bluefishs, @bobashopcashier,

@brantzh6, @BrennerSpear, @brianclemens, @briandevans, @brooklynnicholson, @bugkill3r, @buray, @burtenshaw,

@cdanis, @cgarwood82, @ChimingLiu, @chongweiliu, @christopherwoodall, @coekfung, @cola-runner, @corazzione,

@counterposition, @cresslank, @cuyua9, @cypres0099, @danieldoderlein, @davetist, @davidvv, @DeployFaith,

@Dev-Mriganka, @devorun, @dieutx, @Disaster-Terminator, @dodo-reach, @draix, @drstrangerujn, @dsocolobsky,

@Dusk1e, @dyxushuai, @elkimek, @elmatadorgh, @emozilla, @entropidelic, @erosika, @erosika, @Es1la, @etcircle,

@etherman-os, @ethernet8023, @fancydirty, @farion1231, @fatinghenji, @Fatty911, @fengtianyu88, @Feranmi10,

@flobo3, @francip, @fuleinist, @g-guthrie, @GenKoKo, @gianfrancopiana, @gnanam1990, @GuyCui, @haileymarshall,

@haimu0x, @handsdiff, @hansnow, @hedgeho9X, @helix4u, @hengm3467, @HenkDz, @heykb, @hharry11, @HiddenPuppy,

@honghua, @houko, @houziershi, @hsy5571616, @huangke19, @hxp-plus, @Hypn0sis, @I3eg1nner, @iacker,

@iamagenius00, @IAvecilla, @iborazzi, @Ifkellx, @ifrederico, @imink, @isaachuangGMICLOUD, @ismell0992-afk,

@j0sephz, @Jaaneek, @jackjin1997, @JackTheGit, @jaffarkeikei, @jerilynzheng, @JiaDe-Wu, @Jiawen-lee, @JimLiu,

@jinzheng8115, @jneeee, @jplew, @jquesnelle, @Julientalbot, @Junass1, @jvcl, @kagura-agent, @keifergu,

@kevinskysunny, @keyuyuan, @konsisumer, @kovyrin, @kshitijk4poor, @leeyang1990, @LehaoLin, @lengxii,

@LeonSGP43, @leozeli, @li0near, @liftaris, @Lind3ey, @Linux2010, @liujinkun2025, @LLQWQ, @Llugaes, @lmoncany,

@longsizhuo, @lrawnsley, @Lubrsy706, @lumenradley, @luyao618, @lvnilesh, @LVT382009, @m0n5t3r, @Magaav,

@Magicray1217, @malaiwah, @manuelschipper, @Marvae, @MassiveMassimo, @mavrickdeveloper, @maxchernin, @memosr,

@meng93, @mengjian-github, @MestreY0d4-Uninter, @Mibayy, @MikeFac, @mikewaters, @milkoor, @minorgod,

@MrNiceRicee, @ms-alan, @mvanhorn, @n-WN, @N0nb0at, @Nan93, @NIDNASSER-Abdelmajid, @nish3451, @niyoh120,

@nocoo, @nosleepcassette, @NousResearch, @ogzerber, @omnissiah-comelse, @Only-Code-A, @opriz, @OwenYWT, @pedh,

@pefontana, @PeterBerthelsen, @phpoh, @pinion05, @plgonzalezrx8, @pradeep7127, @priveperfumes,

@projectadmin-dev, @PStarH, @rnijhara, @Roy-oss1, @roytian1217, @RucchiZ, @Ruzzgar, @RyanLee-Dev, @Salt-555,

@Sanjays2402, @sgaofen, @sharziki, @shenuu, @shin4, @SHL0MS, @shushuzn, @sicnuyudidi, @simon-gtcl,

@simon-marcus, @sirEven, @Sisyphus, @sjz-ks, @snreynolds, @Societus, @Somme4096, @sontianye, @sprmn24,

@StefanIsMe, @stephenschoettler, @Swift42, @taeng0204, @taeuk178, @tannerfokkens-maker, @TaroballzChen,

@ten-ltw, @teyrebaz33, @Tianworld, @topcheer, @Tranquil-Flow, @trevthefoolish, @TroyMitchell911, @UNLINEARITY,

@v1k22, @vivganes, @vominh1919, @vrinek, @VTRiot, @WadydX, @Walli, @wenhao7, @WhiteWorld, @WideLee, @wujhsu,

@WuTianyi123, @Wysie, @xandersbell, @xiaoqiang243, @xiayh0107, @xinpengdr, @Xowiek, @ycbai, @yeyitech, @ygd58,

@youngDoo, @yudaiyan, @Yukipukii1, @yule975, @yyq4193, @yzx9, @ZaynJarvis, @zhang9w0v5, @zhanggttry,

@zhangxicen, @zhongyueming1121, @zhouxiaoya12, @zons-zhaozhy

Also: @maelrx, @Marco Rutsch, @MaxsolcuCrypto, @Mind-Dragon, @Paul Bergeron, @say8hi, @whitehatjr1001.

Full Changelog: v2026.4.13...v2026.4.23

Original source

Hermes Agent v0.10.0 (v2026.4.16)

Release Date: April 16, 2026

The Tool Gateway release — paid Nous Portal subscribers can now use web search, image generation, text-to-speech, and browser automation through their existing subscription with zero additional API keys.

✨ Highlights

Nous Tool Gateway — Paid Nous Portal subscribers now get automatic access to web search (Firecrawl), image generation (FAL / FLUX 2 Pro), text-to-speech (OpenAI TTS), and browser automation (Browser Use) through their existing subscription. No separate API keys needed — just run hermes model, select Nous Portal, and pick which tools to enable. Per-tool opt-in via use_gateway config, full integration with hermes tools and hermes status, and the runtime correctly prefers the gateway even when direct API keys exist. Replaces the old hidden HERMES_ENABLE_NOUS_MANAGED_TOOLS env var with clean subscription-based detection. (#11206, based on work by @jquesnelle; docs: #11208)

🐛 Bug Fixes & Improvements

This release includes 180+ commits with numerous bug fixes, platform improvements, and reliability enhancements across the agent core, gateway, CLI, and tool system. Full details will be published in the v0.11.0 changelog.

👥 Contributors

@jquesnelle (emozilla) — Original Tool Gateway implementation (#10799), salvaged and shipped in this release

Full Changelog: v2026.4.13...v2026.4.16

Original source

Hermes Agent v0.9.0 (v2026.4.13)

Release Date: April 13, 2026

Since v0.8.0: 487 commits · 269 merged PRs · 167 resolved issues · 493 files changed · 63,281 insertions · 24 contributors

The everywhere release — Hermes goes mobile with Termux/Android, adds iMessage and WeChat, ships Fast Mode for OpenAI and Anthropic, introduces background process monitoring, launches a local web dashboard for managing your agent, and delivers the deepest security hardening pass yet across 16 supported platforms.

✨ Highlights

• Local Web Dashboard — A new browser-based dashboard for managing your Hermes Agent locally. Configure settings, monitor sessions, browse skills, and manage your gateway — all from a clean web interface without touching config files or the terminal. The easiest way to get started with Hermes.
• Fast Mode (/fast) — Priority processing for OpenAI and Anthropic models. Toggle /fast to route through priority queues for significantly lower latency on supported models (GPT-5.4, Codex, Claude). Expands across all OpenAI Priority Processing models and Anthropic's fast tier. (#6875, #6960, #7037)
• iMessage via BlueBubbles — Full iMessage integration through BlueBubbles, bringing Hermes to Apple's messaging ecosystem. Auto-webhook registration, setup wizard integration, and crash resilience. (#6437, #6460, #6494)
• WeChat (Weixin) & WeCom Callback Mode — Native WeChat support via iLink Bot API and a new WeCom callback-mode adapter for self-built enterprise apps. Streaming cursor, media uploads, markdown link handling, and atomic state persistence. Hermes now covers the Chinese messaging ecosystem end-to-end. (#7166, #7943)
• Termux / Android Support — Run Hermes natively on Android via Termux. Adapted install paths, TUI optimizations for mobile screens, voice backend support, and the /image command work on-device. (#6834)
• Background Process Monitoring (watch_patterns) — Set patterns to watch for in background process output and get notified in real-time when they match. Monitor for errors, wait for specific events ("listening on port"), or watch build logs — all without polling. (#7635)
• Native xAI & Xiaomi MiMo Providers — First-class provider support for xAI (Grok) and Xiaomi MiMo, with direct API access, model catalogs, and setup wizard integration. Plus Qwen OAuth with portal request support. (#7372, #7855)
• Pluggable Context Engine — Context management is now a pluggable slot via hermes plugins. Swap in custom context engines that control what the agent sees each turn — filtering, summarization, or domain-specific context injection. (#7464)
• Unified Proxy Support — SOCKS proxy, DISCORD_PROXY, and system proxy auto-detection across all gateway platforms. Hermes behind corporate firewalls just works. (#6814)
• Comprehensive Security Hardening — Path traversal protection in checkpoint manager, shell injection neutralization in sandbox writes, SSRF redirect guards in Slack image uploads, Twilio webhook signature validation (SMS RCE fix), API server auth enforcement, git argument injection prevention, and approval button authorization. (#7933, #7944, #7940, #7151, #7156)
• hermes backup & hermes import — Full backup and restore of your Hermes configuration, sessions, skills, and memory. Migrate between machines or create snapshots before major changes. (#7997)
• 16 Supported Platforms — With BlueBubbles (iMessage) and WeChat joining Telegram, Discord, Slack, WhatsApp, Signal, Matrix, Email, SMS, DingTalk, Feishu, WeCom, Mattermost, Home Assistant, and Webhooks, Hermes now runs on 16 messaging platforms out of the box.
• /debug & hermes debug share — New debugging toolkit: /debug slash command across all platforms for quick diagnostics, plus hermes debug share to upload a full debug report to a pastebin for easy sharing when troubleshooting. (#8681)

🏗️ Core Agent & Architecture

Provider & Model Support

• Native xAI (Grok) provider with direct API access and model catalog (#7372)
• Xiaomi MiMo as first-class provider — setup wizard, model catalog, empty response recovery (#7855)
• Qwen OAuth provider with portal request support (#6282)
• Fast Mode — /fast toggle for OpenAI Priority Processing + Anthropic fast tier (#6875, #6960, #7037)
• Structured API error classification for smart failover decisions (#6514)
• Rate limit header capture shown in /usage (#6541)
• API server model name derived from profile name (#6857)
• Custom providers now included in /model listings and resolution (#7088)
• Fallback provider activation on repeated empty responses with user-visible status (#7505)
• OpenRouter variant tags (:free, :extended, :fast) preserved during model switch (#6383)
• Credential exhaustion TTL reduced from 24 hours to 1 hour (#6504)
• OAuth credential lifecycle hardening — stale pool keys, auth.json sync, Codex CLI race fixes (#6874)
• Empty response recovery for reasoning models (MiMo, Qwen, GLM) (#8609)
• MiniMax context lengths, thinking guard, endpoint corrections (#6082, #7126)
• Z.AI endpoint auto-detect via probe and cache (#5763)

Agent Loop & Conversation

• Pluggable context engine slot via hermes plugins (#7464)
• Background process monitoring — watch_patterns for real-time output alerts (#7635)
• Improved context compression — higher limits, tool tracking, degradation warnings, token-budget tail protection (#6395, #6453)
• /compress <focus> — guided compression with a focus topic (#8017)
• Tiered context pressure warnings with gateway dedup (#6411)
• Staged inactivity warning before timeout escalation (#6387)
• Prevent agent from stopping mid-task — compression floor, budget overhaul, activity tracking (#7983)
• Propagate child activity to parent during delegate_task (#7295)
• Truncated streaming tool call detection before execution (#6847)
• Empty response retry (3 attempts with nudge) (#6488)
• Adaptive streaming backoff + cursor strip to prevent message truncation (#7683)
• Compression uses live session model instead of stale persisted config (#8258)
• Strip <thought> tags from Gemma 4 responses (#8562)
• Prevent <think> in prose from suppressing response output (#6968)
• Turn-exit diagnostic logging to agent loop (#6549)
• Scope tool interrupt signal per-thread to prevent cross-session leaks (#7930)

Memory & Sessions

• Hindsight memory plugin — feature parity, setup wizard, config improvements — @nicoloboschi (#6428)
• Honcho — opt-in initOnSessionStart for tools mode — @Kathie-yu (#6995)
• Orphan children instead of cascade-deleting in prune/delete (#6513)
• Doctor command only checks the active memory provider (#6285)

📱 Messaging Platforms (Gateway)

New Platforms

• BlueBubbles (iMessage) — full adapter with auto-webhook registration, setup wizard, and crash resilience (#6437, #6460, #6494, #7107)
• Weixin (WeChat) — native support via iLink Bot API with streaming, media uploads, markdown links (#7166, #8665)
• WeCom Callback Mode — self-built enterprise app adapter with atomic state persistence (#7943, #7928)

Discord

• Allowed channels whitelist config — @jarvis-phw (#7044)
• Forum channel topic inheritance in thread sessions — @hermes-agent-dhabibi (#6377)
• DISCORD_REPLY_TO_MODE setting (#6333)
• Accept .log attachments, raise document size limit — @kira-ariaki (#6467)
• Decouple readiness from slash sync (#8016)

Slack

• Consolidated Slack improvements — 7 community PRs salvaged into one (#6809)
• Handle assistant thread lifecycle events (#6433)

Matrix

• Migrated from matrix-nio to mautrix-python (#7518)
• SQLite crypto store replacing pickle (fixes E2EE decryption) — @alt-glitch (#7981)
• Cross-signing recovery key verification for E2EE migration (#8282)
• DM mention threads + group chat events for Feishu (#7423)

Gateway Core

• Unified proxy support — SOCKS, DISCORD_PROXY, multi-platform with macOS auto-detection (#6814)
• Inbound text batching for Discord, Matrix, WeCom + adaptive delay (#6979)
• Surface natural mid-turn assistant messages in chat platforms (#7978)
• WSL-aware gateway with smart systemd detection (#7510)
• All missing platforms added to setup wizard (#7949)
• Per-platform tool_progress overrides (#6348)
• Configurable 'still working' notification interval (#8572)
• /model switch persists across messages (#7081)
• /usage shows rate limits, cost, and token details between turns (#7038)
• Drain in-flight work before restart (#7503)
• Don't evict cached agent on failed runs — prevents MCP restart loop (#7539)
• Replace os.environ session state with contextvars (#7454)
• Derive channel directory platforms from enum instead of hardcoded list (#7450)
• Validate image downloads before caching (cross-platform) (#7125)
• Cross-platform webhook delivery for all platforms (#7095)
• Cron Discord thread_id delivery support (#7106)
• Feishu QR-based bot onboarding (#8570)
• Gateway status scoped to active profile (#7951)
• Prevent background process notifications from triggering false pairing requests (#6434)

🖥️ CLI & User Experience

Interactive CLI

• Termux / Android support — adapted install paths, TUI, voice, /image (#6834)
• Native /model picker modal for provider → model selection (#8003)
• Live per-tool elapsed timer restored in TUI spinner (#7359)
• Stacked tool progress scrollback in TUI (#8201)
• Random tips on new session start (CLI + gateway, 279 tips) (#8225, #8237)
• hermes dump — copy-pasteable setup summary for debugging (#6550)
• hermes backup / hermes import — full config backup and restore (#7997)
• WSL environment hint in system prompt (#8285)
• Profile creation UX — seed SOUL.md + credential warning (#8553)
• Shell-aware sudo detection, empty password support (#6517)
• Flush stdin after curses/terminal menus to prevent escape sequence leakage (#7167)
• Handle broken stdin in prompt_toolkit startup (#8560)

Setup & Configuration

• Per-platform display verbosity configuration (#8006)
• Component-separated logging with session context and filtering (#7991)
• network.force_ipv4 config to fix IPv6 timeout issues (#8196)
• Standardize message whitespace and JSON formatting (#7988)
• Rebrand OpenClaw → Hermes during migration (#8210)
• Config.yaml takes priority over env vars for auxiliary settings (#7889)
• Harden setup provider flows + live OpenRouter catalog refresh (#7078)
• Normalize reasoning effort ordering across all surfaces (#6804)
• Remove dead LLM_MODEL env var + migration to clear stale entries (#6543)
• Remove /prompt slash command — prefix expansion footgun (#6752)
• HERMES_HOME_MODE env var to override permissions — @ygd58 (#6993)
• Fall back to default model when model config is empty (#8303)
• Warn when compression model context is too small (#7894)

🔧 Tool System

Environments & Execution

• Unified spawn-per-call execution layer for environments (#6343)
• Unified file sync with mtime tracking, deletion, and transactional state (#7087)
• Persistent sandbox envs survive between turns (#6412)
• Bulk file sync via tar pipe for SSH/Modal backends — @alt-glitch (#8014)
• Daytona — bulk upload, config bridge, silent disk cap (#7538)
• Foreground timeout cap to prevent session deadlocks (#7082)
• Guard invalid command values (#6417)

MCP

• hermes mcp add --env and --preset support (#7970)
• Combine content and structuredContent when both present (#7118)
• MCP tool name deconfliction fixes (#7654)

Browser

• Browser hardening — dead code removal, caching, scroll perf, security, thread safety (#7354)
• /browser connect auto-launch uses dedicated Chrome profile dir (#6821)
• Reap orphaned browser sessions on startup (#7931)

Voice & Vision

• Voxtral TTS provider (Mistral AI) (#7653)
• TTS speed support for Edge TTS, OpenAI TTS, MiniMax (#8666)
• Vision auto-resize for oversized images, raise limit to 20 MB, retry-on-failure (#7883, #7902)
• STT provider-model mismatch fix (whisper-1 vs faster-whisper) (#7113)

Other Tools

• hermes dump command for setup summary (#6550)
• TODO store enforces ID uniqueness during replace operations (#7986)
• List all available toolsets in delegate_task schema description (#8231)
• API server: tool progress as custom SSE event to prevent model corruption (#7500)
• API server: share one Docker container across all conversations (#7127)

🧩 Skills Ecosystem

• Centralized skills index + tree cache — eliminates rate-limit failures on install (#8575)
• More aggressive skill loading instructions in system prompt (v3) (#8209, #8286)
• Google Workspace skill migrated to GWS CLI backend (#6788)
• Creative divergence strategies skill — @SHL0MS (#6882)
• Creative ideation — constraint-driven project generation — @SHL0MS (#7555)
• Parallelize skills browse/search to prevent hanging (#7301)
• Read name from SKILL.md frontmatter in skills_sync (#7623)

🔒 Security & Reliability

Security Hardening

• Twilio webhook signature validation — SMS RCE fix (#7933)
• Shell injection neutralization in _write_to_sandbox via path quoting (#7940)
• Git argument injection and path traversal prevention in checkpoint manager (#7944)
• SSRF redirect bypass in Slack image uploads + base.py cache helpers (#7151)
• Path traversal, credential gate, DANGEROUS_PATTERNS gaps (#7156)
• API bind guard — enforce API_SERVER_KEY for non-loopback binding (#7455)
• Approval button authorization — require auth for session continuation — @Cafexss (#6930)
• Path boundary enforcement in skill manager operations (#7156)
• DingTalk/API webhook URL origin validation, header injection rejection (#7455)

Reliability

• Contextual error diagnostics for invalid API responses (#8565)
• Prevent 400 format errors from triggering compression loop on Codex (#6751)
• Don't halve context_length on output-cap-too-large errors — @KUSH42 (#6664)
• Recover primary client on OpenAI transport errors (#7108)
• Credential pool rotation on billing-classified 400s (#7112)
• Auto-increase stream read timeout for local LLM providers (#6967)
• Fall back to default certs when CA bundle path doesn't exist (#7352)
• Disambiguate usage-limit patterns in error classifier — @sprmn24 (#6836)
• Harden cron script timeout and provider recovery (#7079)
• Gateway interrupt detection resilient to monitor task failures (#8208)
• Prevent unwanted session auto-reset after graceful gateway restarts (#8299)
• Prevent duplicate update prompt spam in gateway watcher (#8343)
• Deduplicate reasoning items in Responses API input (#7946)

Infrastructure

• Multi-arch Docker image — amd64 + arm64 (#6124)
• Docker runs as non-root user with virtualenv — @benbarclay contributing (#8226)
• Use uv for Docker dependency resolution to fix resolution-too-deep (#6965)
• Container-aware Nix CLI — auto-route into managed container — @alt-glitch (#7543)
• Nix shared-state permission model for interactive CLI users — @alt-glitch (#6796)
• Per-profile subprocess HOME isolation (#7357)
• Profile paths fixed in Docker — profiles go to mounted volume (#7170)
• Docker container gateway pathway hardened (#8614)
• Enable unbuffered stdout for live Docker logs (#6749)
• Install procps in Docker image — @HiddenPuppy (#7032)
• Shallow git clone for faster installation — @sosyz (#8396)
• hermes update always reset on stash conflict (#7010)
• Write update exit code before gateway restart (cgroup kill race) (#8288)
• Nix: setupSecrets optional, tirith runtime dep — @devorun, @ethernet8023 (#6261, #6721)
• launchd stop uses bootout so KeepAlive doesn't respawn (#7119)

🐛 Notable Bug Fixes

• Fix: /model switch not persisting across gateway messages (#7081)
• Fix: session-scoped gateway model overrides ignored — @Hygaard (#7662)
• Fix: compaction model context length ignoring config — 3 related issues (#8258, #8107)
• Fix: OpenCode.ai context window resolved to 128K instead of 1M (#6472)
• Fix: Codex fallback auth-store lookup — @cherifya (#6462)
• Fix: duplicate completion notifications when process killed (#7124)
• Fix: agent daemon thread prevents orphan CLI processes on tab close (#8557)
• Fix: stale image attachment on text paste and voice input (#7077)
• Fix: DM thread session seeding causing cross-thread contamination (#7084)
• Fix: OpenClaw migration shows dry-run preview before executing (#6769)
• Fix: auth errors misclassified as retryable — @kuishou68 (#7027)
• Fix: Copilot-Integration-Id header missing (#7083)
• Fix: ACP session capabilities — @luyao618 (#6985)
• Fix: ACP PromptResponse usage from top-level fields (#7086)
• Fix: several failing/flaky tests on main — @dsocolobsky (#6777)
• Fix: backup marker filenames — @sprmn24 (#8600)
• Fix: NoneType in fast_mode check — @0xbyt4 (#7350)
• Fix: missing imports in uninstall.py — @JiayuuWang (#7034)

📚 Documentation

• Platform adapter developer guide + WeCom Callback docs (#7969)
• Cron troubleshooting guide (#7122)
• Streaming timeout auto-detection for local LLMs (#6990)
• Tool-use enforcement documentation expanded (#7984)
• BlueBubbles pairing instructions (#6548)
• Telegram proxy support section (#6348)
• hermes dump and hermes logs CLI reference (#6552)
• tool_progress_overrides configuration reference (#6364)
• Compression model context length warning docs (#7879)

👥 Contributors

269 merged PRs from 24 contributors across 487 commits.

Community Contributors

• @alt-glitch (6 PRs) — Nix container-aware CLI, shared-state permissions, Matrix SQLite crypto store, bulk SSH/Modal file sync, Matrix mautrix compat
• @SHL0MS (2 PRs) — Creative divergence strategies skill, creative ideation skill
• @sprmn24 (2 PRs) — Error classifier disambiguation, backup marker fix
• @nicoloboschi — Hindsight memory plugin feature parity
• @Hygaard — Session-scoped gateway model override fix
• @jarvis-phw — Discord allowed_channels whitelist
• @Kathie-yu — Honcho initOnSessionStart for tools mode
• @hermes-agent-dhabibi — Discord forum channel topic inheritance
• @kira-ariaki — Discord .log attachments and size limit
• @cherifya — Codex fallback auth-store lookup
• @Cafexss — Security: auth for session continuation
• @KUSH42 — Compaction context_length fix
• @kuishou68 — Auth error retryable classification fix
• @luyao618 — ACP session capabilities
• @ygd58 — HERMES_HOME_MODE env var override
• @0xbyt4 — Fast mode NoneType fix
• @JiayuuWang — CLI uninstall import fix
• @HiddenPuppy — Docker procps installation
• @dsocolobsky — Test suite fixes
• @benbarclay — Docker image tag simplification
• @sosyz — Shallow git clone for faster install
• @devorun — Nix setupSecrets optional
• @ethernet8023 — Nix tirith runtime dep

Full Changelog: v2026.4.8...v2026.4.13

Original source

Hermes Agent v0.8.0 (v2026.4.8)

Release Date: April 8, 2026

The intelligence release — background task auto-notifications, free MiMo v2 Pro on Nous Portal, live model switching across all platforms, self-optimized GPT/Codex guidance, native Google AI Studio, smart inactivity timeouts, approval buttons, MCP OAuth 2.1, and 209 merged PRs with 82 resolved issues.

✨ Highlights

• Background Process Auto-Notifications (notify_on_complete) — Background tasks can now automatically notify the agent when they finish. Start a long-running process (AI model training, test suites, deployments, builds) and the agent gets notified on completion — no polling needed. The agent can keep working on other things and pick up results when they land. (#5779)
• Free Xiaomi MiMo v2 Pro on Nous Portal — Nous Portal now supports the free-tier Xiaomi MiMo v2 Pro model for auxiliary tasks (compression, vision, summarization), with free-tier model gating and pricing display in model selection. (#6018, #5880)
• Live Model Switching (/model Command) — Switch models and providers mid-session from CLI, Telegram, Discord, Slack, or any gateway platform. Aggregator-aware resolution keeps you on OpenRouter/Nous when possible, with automatic cross-provider fallback when needed. Interactive model pickers on Telegram and Discord with inline buttons. (#5181, #5742)
• Self-Optimized GPT/Codex Tool-Use Guidance — The agent diagnosed and patched 5 failure modes in GPT and Codex tool calling through automated behavioral benchmarking, dramatically improving reliability on OpenAI models. Includes execution discipline guidance and thinking-only prefill continuation for structured reasoning. (#6120, #5414, #5931)
• Google AI Studio (Gemini) Native Provider — Direct access to Gemini models through Google's AI Studio API. Includes automatic models.dev registry integration for real-time context length detection across any provider. (#5577)
• Inactivity-Based Agent Timeouts — Gateway and cron timeouts now track actual tool activity instead of wall-clock time. Long-running tasks that are actively working will never be killed — only truly idle agents time out. (#5389, #5440)
• Approval Buttons on Slack & Telegram — Dangerous command approval via native platform buttons instead of typing /approve. Slack gets thread context preservation; Telegram gets emoji reactions for approval status. (#5890, #5975)
• MCP OAuth 2.1 PKCE + OSV Malware Scanning — Full standards-compliant OAuth for MCP server authentication, plus automatic malware scanning of MCP extension packages via the OSV vulnerability database. (#5420, #5305)
• Centralized Logging & Config Validation — Structured logging to ~/.hermes/logs/ (agent.log + errors.log) with the hermes logs command for tailing and filtering. Config structure validation catches malformed YAML at startup before it causes cryptic failures. (#5430, #5426)
• Plugin System Expansion — Plugins can now register CLI subcommands, receive request-scoped API hooks with correlation IDs, prompt for required env vars during install, and hook into session lifecycle events (finalize/reset). (#5295, #5427, #5470, #6129)
• Matrix Tier 1 & Platform Hardening — Matrix gets reactions, read receipts, rich formatting, and room management. Discord adds channel controls and ignored channels. Signal gets full MEDIA: tag delivery. Mattermost gets file attachments. Comprehensive reliability fixes across all platforms. (#5275, #5975, #5602)
• Security Hardening Pass — Consolidated SSRF protections, timing attack mitigations, tar traversal prevention, credential leakage guards, cron path traversal hardening, and cross-session isolation. Terminal workdir sanitization across all backends. (#5944, #5613, #5629)

🏗️ Core Agent & Architecture

Provider & Model Support

• Native Google AI Studio (Gemini) provider with models.dev integration for automatic context length detection (#5577)
• /model command — full provider+model system overhaul — live switching across CLI and all gateway platforms with aggregator-aware resolution (#5181)
• Interactive model picker for Telegram and Discord — inline button-based model selection (#5742)
• Nous Portal free-tier model gating with pricing display in model selection (#5880)
• Model pricing display for OpenRouter and Nous Portal providers (#5416)
• xAI (Grok) prompt caching via x-grok-conv-id header (#5604)
• Grok added to tool-use enforcement models for direct xAI usage (#5595)
• MiniMax TTS provider (speech-2.8) (#4963)
• Non-agentic model warning — warns users when loading Hermes LLM models not designed for tool use (#5378)
• Ollama Cloud auth, /model switch persistence, and alias tab completion (#5269)
• Preserve dots in OpenCode Go model names (minimax-m2.7, glm-4.5, kimi-k2.5) (#5597)
• MiniMax models 404 fix — strip /v1 from Anthropic base URL for OpenCode Go (#4918)
• Provider credential reset windows honored in pooled failover (#5188)
• OAuth token sync between credential pool and credentials file (#4981)
• Stale OAuth credentials no longer block OpenRouter users on auto-detect (#5746)
• Codex OAuth credential pool disconnect + expired token import fix (#5681)
• Codex pool entry sync from ~/.codex/auth.json on exhaustion — @GratefulDave (#5610)
• Auxiliary client payment fallback — retry with next provider on 402 (#5599)
• Auxiliary client resolves named custom providers and 'main' alias (#5978)
• Use mimo-v2-pro for non-vision auxiliary tasks on Nous free tier (#6018)
• Vision auto-detection tries main provider first (#6041)
• Provider re-ordering and Quick Install — @austinpickett (#4664)
• Nous OAuth access_token no longer used as inference API key — @SHL0MS (#5564)
• HERMES_PORTAL_BASE_URL env var respected during Nous login — @benbarclay (#5745)
• Env var overrides for Nous portal/inference URLs (#5419)
• Z.AI endpoint auto-detect via probe and cache (#5763)
• MiniMax context lengths, model catalog, thinking guard, aux model, and config base_url corrections (#6082)
• Community provider/model resolution fixes — salvaged 4 community PRs + MiniMax aux URL (#5983)

Agent Loop & Conversation

• Self-optimized GPT/Codex tool-use guidance via automated behavioral benchmarking — agent self-diagnosed and patched 5 failure modes (#6120)
• GPT/Codex execution discipline guidance in system prompts (#5414)
• Thinking-only prefill continuation for structured reasoning responses (#5931)
• Accept reasoning-only responses without retries — set content to "(empty)" instead of infinite retry (#5278)
• Jittered retry backoff — exponential backoff with jitter for API retries (#6048)
• Smart thinking block signature management — preserve and manage Anthropic thinking signatures across turns (#6112)
• Coerce tool call arguments to match JSON Schema types — fixes models that send strings instead of numbers/booleans (#5265)
• Save oversized tool results to file instead of destructive truncation (#5210)
• Sandbox-aware tool result persistence (#6085)
• Streaming fallback improved after edit failures (#6110)
• Codex empty-output gaps covered in fallback + normalizer + auxiliary client (#5724, #5730, #5734)
• Codex stream output backfill from output_item.done events (#5689)
• Stream consumer creates new message after tool boundaries (#5739)
• Codex validation aligned with normalization for empty stream output (#5940)
• Bridge tool-calls in copilot-acp adapter (#5460)
• Filter transcript-only roles from chat-completions payload (#4880)
• Context compaction failures fixed on temperature-restricted models — @MadKangYu (#5608)
• Sanitize tool_calls for all strict APIs (Fireworks, Mistral, etc.) — @lumethegreat (#5183)

Memory & Sessions

• Supermemory memory provider — new memory plugin with multi-container, search_mode, identity template, and env var override (#5737, #5933)
• Shared thread sessions by default — multi-user thread support across gateway platforms (#5391)
• Subagent sessions linked to parent and hidden from session list (#5309)
• Profile-scoped memory isolation and clone support (#4845)
• Thread gateway user_id to memory plugins for per-user scoping (#5895)
• Honcho plugin drift overhaul + plugin CLI registration system (#5295)
• Honcho holographic prompt and trust score rendering preserved (#4872)
• Honcho doctor fix — use recall_mode instead of memory_mode — @techguysimon (#5645)
• RetainDB — API routes, write queue, dialectic, agent model, file tools fixes (#5461)
• Hindsight memory plugin overhaul + memory setup wizard fixes (#5094)
• mem0 API v2 compat, prefetch context fencing, secret redaction (#5423)
• mem0 env vars merged with mem0.json instead of either/or (#4939)
• Clean user message used for all memory provider operations (#4940)
• Silent memory flush failure on /new and /resume fixed — @ryanautomated (#5640)
• OpenViking atexit safety net for session commit (#5664)
• OpenViking tenant-scoping headers for multi-tenant servers (#4936)
• ByteRover brv query runs synchronously before LLM call (#4831)

📱 Messaging Platforms (Gateway)

Gateway Core

• Inactivity-based agent timeout — replaces wall-clock timeout with smart activity tracking; long-running active tasks never killed (#5389)
• Approval buttons for Slack & Telegram + Slack thread context preservation (#5890)
• Live-stream /update output + forward interactive prompts to user (#5180)
• Infinite timeout support + periodic notifications + actionable error messages (#4959)
• Duplicate message prevention — gateway dedup + partial stream guard (#4878)
• Webhook delivery_info persistence + full session id in /status (#5942)
• Tool preview truncation respects tool_preview_length in all/new progress modes (#5937)
• Short preview truncation restored for all/new tool progress modes (#4935)
• Update-pending state written atomically to prevent corruption (#4923)
• Approval session key isolated per turn (#4884)
• Active-session guard bypass for /approve, /deny, /stop, /new (#4926, #5765)
• Typing indicator paused during approval waits (#5893)
• Caption check uses exact line-by-line match instead of substring (all platforms) (#5939)
• MEDIA: tags stripped from streamed gateway messages (#5152)
• MEDIA: tags extracted from cron delivery before sending (#5598)
• Profile-aware service units + voice transcription cleanup (#5972)
• Thread-safe PairingStore with atomic writes — @CharlieKerfoot (#5656)
• Sanitize media URLs in base platform logs — @WAXLYY (#5631)
• Reduce Telegram fallback IP activation log noise — @MadKangYu (#5615)
• Cron static method wrappers to prevent self-binding (#5299)
• Stale 'hermes login' replaced with 'hermes auth' + credential removal re-seeding fix (#5670)

Telegram

• Group topics skill binding for supergroup forum topics (#4886)
• Emoji reactions for approval status and notifications (#5975)
• Duplicate message delivery prevented on send timeout (#5153)
• Command names sanitized to strip invalid characters (#5596)
• Per-platform disabled skills respected in Telegram menu and gateway dispatch (#4799)
• /approve and /deny routed through running-agent guard (#4798)

Discord

• Channel controls — ignored_channels and no_thread_channels config options (#5975)
• Skills registered as native slash commands via shared gateway logic (#5603)
• /approve, /deny, /queue, /background, /btw registered as native slash commands (#4800, #5477)
• Unnecessary members intent removed on startup + token lock leak fix (#5302)

Slack

• Thread engagement — auto-respond in bot-started and mentioned threads (#5897)
• mrkdwn in edit_message + thread replies without @mentions (#5733)

Matrix

• Tier 1 feature parity — reactions, read receipts, rich formatting, room management (#5275)
• MATRIX_REQUIRE_MENTION and MATRIX_AUTO_THREAD support (#5106)
• Comprehensive reliability — encrypted media, auth recovery, cron E2EE, Synapse compat (#5271)
• CJK input, E2EE, and reconnect fixes (#5665)

Signal

• Full MEDIA: tag delivery — send_image_file, send_voice, and send_video implemented (#5602)

Mattermost

• File attachments — set message type to DOCUMENT when post has file attachments — @nericervin (#5609)

Feishu

• Interactive card approval buttons (#6043)
• Reconnect and ACL fixes (#5665)

Webhooks

• {raw} template token and thread_id passthrough for forum topics (#5662)

🖥️ CLI & User Experience

Interactive CLI

• Defer response content until reasoning block completes (#5773)
• Ghost status-bar lines cleared on terminal resize (#4960)
• Normalise \r\n and \r line endings in pasted text (#4849)
• ChatConsole errors, curses scroll, skin-aware banner, git state banner fixes (#5974)
• Native Windows image paste support (#5917)
• --yolo and other flags no longer silently dropped when placed before 'chat' subcommand (#5145)

Setup & Configuration

• Config structure validation — detect malformed YAML at startup with actionable error messages (#5426)
• Centralized logging to ~/.hermes/logs/ — agent.log (INFO+), errors.log (WARNING+) with hermes logs command (#5430)
• Docs links added to setup wizard sections (#5283)
• Doctor diagnostics — sync provider checks, config migration, WAL and mem0 diagnostics (#5077)
• Timeout debug logging and user-facing diagnostics improved (#5370)
• Reasoning effort unified to config.yaml only (#6118)
• Permanent command allowlist loaded on startup (#5076)
• hermes auth remove now clears env-seeded credentials permanently (#5285)
• Bundled skills synced to all profiles during update (#5795)
• hermes update no longer kills freshly-restarted gateway service (#5448)
• Subprocess.run() timeouts added to all gateway CLI commands (#5424)
• Actionable error message when Codex refresh token is reused — @tymrtn (#5612)
• Google-workspace skill scripts can now run directly — @xinbenlv (#5624)

Cron System

• Inactivity-based cron timeout — replaces wall-clock; active tasks run indefinitely (#5440)
• Pre-run script injection for data collection and change detection (#5082)
• Delivery failure tracking in job status (#6042)
• Delivery guidance in cron prompts — stops send_message thrashing (#5444)
• MEDIA files delivered as native platform attachments (#5921)
• [SILENT] suppression works anywhere in response — @auspic7 (#5654)
• Cron path traversal hardening (#5147)

🔧 Tool System

Terminal & Execution

• Execute_code on remote backends — code execution now works on Docker, SSH, Modal, and other remote terminal backends (#5088)
• Exit code context for common CLI tools in terminal results — helps agent understand what went wrong (#5144)
• Progressive subdirectory hint discovery — agent learns project structure as it navigates (#5291)
• notify_on_complete for background processes — get notified when long-running tasks finish (#5779)
• Docker env config — explicit container environment variables via docker_env config (#4738)
• Approval metadata included in terminal tool results (#5141)
• Workdir parameter sanitized in terminal tool across all backends (#5629)
• Detached process crash recovery state corrected (#6101)
• Agent-browser paths with spaces preserved — @Vasanthdev2004 (#6077)
• Portable base64 encoding for image reading on macOS — @CharlieKerfoot (#5657)

Browser

• Switch managed browser provider from Browserbase to Browser Use — @benbarclay (#5750)
• Firecrawl cloud browser provider — @alt-glitch (#5628)
• JS evaluation via browser_console expression parameter (#5303)
• Windows browser fixes (#5665)

MCP

• MCP OAuth 2.1 PKCE — full standards-compliant OAuth client support (#5420)
• OSV malware check for MCP extension packages (#5305)
• Prefer structuredContent over text + no_mcp sentinel (#5979)
• Unknown toolsets warning suppressed for MCP server names (#5279)

Web & Files

• .zip document support + auto-mount cache dirs into remote backends (#4846)
• Redact query secrets in send_message errors — @WAXLYY (#5650)

Delegation

• Credential pool sharing + workspace path hints for subagents (#5748)

ACP (VS Code / Zed / JetBrains)

• Aggregate ACP improvements — auth compat, protocol fixes, command ads, delegation, SSE events (#5292)

🧩 Skills Ecosystem

Skills System

• Skill config interface — skills can declare required config.yaml settings, prompted during setup, injected at load time (#5635)
• Plugin CLI registration system — plugins register their own CLI subcommands without touching main.py (#5295)
• Request-scoped API hooks with tool call correlation IDs for plugins (#5427)
• Session lifecycle hooks — on_session_finalize and on_session_reset for CLI + gateway (#6129)
• Prompt for required env vars during plugin install — @kshitijk4poor (#5470)
• Plugin name validation — reject names that resolve to plugins root (#5368)
• pre_llm_call plugin context moved to user message to preserve prompt cache (#5146)

New & Updated Skills

• popular-web-designs — 54 production website design systems (#5194)
• p5js creative coding — @SHL0MS (#5600)
• manim-video — mathematical and technical animations — @SHL0MS (#4930)
• llm-wiki — Karpathy's LLM Wiki skill (#5635)
• gitnexus-explorer — codebase indexing and knowledge serving (#5208)
• research-paper-writing — AI-Scientist & GPT-Researcher patterns — @SHL0MS (#5421)
• blogwatcher updated to JulienTant's fork (#5759)
• claude-code skill comprehensive rewrite v2.0 + v2.2 (#5155, #5158)
• Code verification skills consolidated into one (#4854)
• Manim CE reference docs expanded — geometry, animations, LaTeX — @leotrs (#5791)
• Manim-video references — design thinking, updaters, paper explainer, decorations, production quality — @SHL0MS (#5588, #5408)

🔒 Security & Reliability

Security Hardening

• Consolidated security — SSRF protections, timing attack mitigations, tar traversal prevention, credential leakage guards (#5944)
• Cross-session isolation + cron path traversal hardening (#5613)
• Workdir parameter sanitized in terminal tool across all backends (#5629)
• Approval 'once' session escalation prevented + cron delivery platform validation (#5280)
• Profile-scoped Google Workspace OAuth tokens protected (#4910)

Reliability

• Aggressive worktree and branch cleanup to prevent accumulation (#6134)
• O(n²) catastrophic backtracking in redact regex fixed — 100x improvement on large outputs (#4962)
• Runtime stability fixes across core, web, delegate, and browser tools (#4843)
• API server streaming fix + conversation history support (#5977)
• OpenViking API endpoint paths and response parsing corrected (#5078)

🐛 Notable Bug Fixes

• 9 community bugfixes salvaged — gateway, cron, deps, macOS launchd in one batch (#5288)
• Batch core bug fixes — model config, session reset, alias fallback, launchctl, delegation, atomic writes (#5630)
• Batch gateway/platform fixes — matrix E2EE, CJK input, Windows browser, Feishu reconnect + ACL (#5665)
• Stale test skips removed, regex backtracking, file search bug, and test flakiness (#4969)
• Nix flake — read version, regen uv.lock, add hermes_logging — @alt-glitch (#5651)
• Lowercase variable redaction regression tests (#5185)

🧪 Testing

• 57 failing CI tests repaired across 14 files (#5823)
• Test suite re-architecture + CI failure fixes — @alt-glitch (#5946)
• Codebase-wide lint cleanup — unused imports, dead code, and inefficient patterns (#5821)
• browser_close tool removed — auto-cleanup handles it (#5792)

📚 Documentation

• Comprehensive documentation audit — fix stale info, expand thin pages, add depth (#5393)
• 40+ discrepancies fixed between documentation and codebase (#5818)
• 13 features documented from last week's PRs (#5815)
• Guides section overhaul — fix existing + add 3 new tutorials (#5735)
• Salvaged 4 docs PRs — docker setup, post-update validation, local LLM guide, signal-cli install (#5727)
• Discord configuration reference (#5386)
• Community FAQ entries for common workflows and troubleshooting (#4797)
• WSL2 networking guide for local model servers (#5616)
• Honcho CLI reference + plugin CLI registration docs (#5308)
• Obsidian Headless setup for servers in llm-wiki (#5660)
• Hermes Mod visual skin editor added to skins page (#6095)

👥 Contributors

Core

• @teknium1 — 179 PRs

Top Community Contributors

• @SHL0MS (7 PRs) — p5js creative coding skill, manim-video skill + 5 reference expansions, research-paper-writing, Nous OAuth fix, manim font fix
• @alt-glitch (3 PRs) — Firecrawl cloud browser provider, test re-architecture + CI fixes, Nix flake fixes
• @benbarclay (2 PRs) — Browser Use managed provider switch, Nous portal base URL fix
• @CharlieKerfoot (2 PRs) — macOS portable base64 encoding, thread-safe PairingStore
• @WAXLYY (2 PRs) — send_message secret redaction, gateway media URL sanitization
• @MadKangYu (2 PRs) — Telegram log noise reduction, context compaction fix for temperature-restricted models

All Contributors

• @alt-glitch, @austinpickett, @auspic7, @benbarclay, @CharlieKerfoot, @GratefulDave, @kshitijk4poor, @leotrs, @lumethegreat, @MadKangYu, @nericervin, @ryanautomated, @SHL0MS, @techguysimon, @tymrtn, @Vasanthdev2004, @WAXLYY, @xinbenlv

Full Changelog: v2026.4.3...v2026.4.8

Original source

Hermes Agent v0.7.0 (v2026.4.3)

Release Date: April 3, 2026

The resilience release — pluggable memory providers, credential pool rotation, Camofox anti-detection browser, inline diff previews, gateway hardening across race conditions and approval routing, and deep security fixes across 168 PRs and 46 resolved issues.

✨ Highlights

Pluggable Memory Provider Interface — Memory is now an extensible plugin system. Third-party memory backends (Honcho, vector stores, custom DBs) implement a simple provider ABC and register via the plugin system. Built-in memory is the default provider. Honcho integration restored to full parity as the reference plugin with profile-scoped host/peer resolution. (#4623, #4616, #4355)

Same-Provider Credential Pools — Configure multiple API keys for the same provider with automatic rotation. Thread-safe least_used strategy distributes load across keys, and 401 failures trigger automatic rotation to the next credential. Set up via the setup wizard or credential_pool config. (#4188, #4300, #4361)

Camofox Anti-Detection Browser Backend — New local browser backend using Camoufox for stealth browsing. Persistent sessions with VNC URL discovery for visual debugging, configurable SSRF bypass for local backends, auto-install via hermes tools. (#4008, #4419, #4292)

Inline Diff Previews — File write and patch operations now show inline diffs in the tool activity feed, giving you visual confirmation of what changed before the agent moves on. (#4411, #4423)

API Server Session Continuity & Tool Streaming — The API server (Open WebUI integration) now streams tool progress events in real-time and supports X-Hermes-Session-Id headers for persistent sessions across requests. Sessions persist to the shared SessionDB. (#4092, #4478, #4802)

ACP: Client-Provided MCP Servers — Editor integrations (VS Code, Zed, JetBrains) can now register their own MCP servers, which Hermes picks up as additional agent tools. Your editor's MCP ecosystem flows directly into the agent. (#4705)

Gateway Hardening — Major stability pass across race conditions, photo media delivery, flood control, stuck sessions, approval routing, and compression death spirals. The gateway is substantially more reliable in production. (#4727, #4750, #4798, #4557)

Security: Secret Exfiltration Blocking — Browser URLs and LLM responses are now scanned for secret patterns, blocking exfiltration attempts via URL encoding, base64, or prompt injection. Credential directory protections expanded to .docker, .azure, .config/gh. Execute_code sandbox output is redacted. (#4483, #4360, #4305, #4327)

🏗️ Core Agent & Architecture

Provider & Model Support

Same-provider credential pools — configure multiple API keys with automatic least_used rotation and 401 failover (#4188, #4300)

Credential pool preserved through smart routing — pool state survives fallback provider switches and defers eager fallback on 429 (#4361)

Per-turn primary runtime restoration — after fallback provider use, the agent automatically restores the primary provider on the next turn with transport recovery (#4624)

developer role for GPT-5 and Codex models — uses OpenAI's recommended system message role for newer models (#4498)

Google model operational guidance — Gemini and Gemma models get provider-specific prompting guidance (#4641)

Anthropic long-context tier 429 handling — automatically reduces context to 200k when hitting tier limits (#4747)

URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148)

Bearer auth for MiniMax Anthropic endpoints (#4028)

Fireworks context length detection (#4158)

Standard DashScope international endpoint for Alibaba provider (#4133, closes #3912)

Custom providers context_length honored in hygiene compression (#4085)

Non-sk-ant keys treated as regular API keys, not OAuth tokens (#4093)

Claude-sonnet-4.6 added to OpenRouter and Nous model lists (#4157)

Qwen 3.6 Plus Preview added to model lists (#4376)

MiniMax M2.7 added to hermes model picker and OpenCode (#4208)

Auto-detect models from server probe in custom endpoint setup (#4218)

Config.yaml single source of truth for endpoint URLs — no more env var vs config.yaml conflicts (#4165)

Setup wizard no longer overwrites custom endpoint config (#4180, closes #4172)

Unified setup wizard provider selection with hermes model — single code path for both flows (#4200)

Root-level provider config no longer overrides model.provider (#4329)

Rate-limit pairing rejection messages to prevent spam (#4081)

Agent Loop & Conversation

Preserve Anthropic thinking block signatures across tool-use turns (#4626)

Classify think-only empty responses before retrying — prevents infinite retry loops on models that produce thinking blocks without content (#4645)

Prevent compression death spiral from API disconnects — stops the loop where compression triggers, fails, compresses again (#4750, closes #2153)

Persist compressed context to gateway session after mid-run compression (#4095)

Context-exceeded error messages now include actionable guidance (#4155, closes #4061)

Strip orphaned think/reasoning tags from user-facing responses (#4311, closes #4285)

Harden Codex responses preflight and stream error handling (#4313)

Deterministic call_id fallbacks instead of random UUIDs for prompt cache consistency (#3991)

Context pressure warning spam prevented after compression (#4012)

AsyncOpenAI created lazily in trajectory compressor to avoid closed event loop errors (#4013)

Memory & Sessions

Pluggable memory provider interface — ABC-based plugin system for custom memory backends with profile isolation (#4623)

Honcho full integration parity restored as reference memory provider plugin (#4355) — @erosika

Honcho profile-scoped host and peer resolution (#4616)

Memory flush state persisted to prevent redundant re-flushes on gateway restart (#4481)

Memory provider tools routed through sequential execution path (#4803)

Honcho config written to instance-local path for profile isolation (#4037)

API server sessions persist to shared SessionDB (#4802)

Token usage persisted for non-CLI sessions (#4627)

Quote dotted terms in FTS5 queries — fixes session search for terms containing dots (#4549)

📱 Messaging Platforms (Gateway)

Gateway Core

Race condition fixes — photo media loss, flood control, stuck sessions, and STT config issues resolved in one hardening pass (#4727)

Approval routing through running-agent guard — /approve and /deny now route correctly when the agent is blocked waiting for approval instead of being swallowed as interrupts (#4798, #4557, closes #4542)

Resume agent after /approve — tool result is no longer lost when executing blocked commands (#4418)

DM thread sessions seeded with parent transcript to preserve context (#4559)

Skill-aware slash commands — gateway dynamically registers installed skills as slash commands with paginated /commands list and Telegram 100-command cap (#3934, #4005, #4006, #4010, #4023)

Per-platform disabled skills respected in Telegram menu and gateway dispatch (#4799)

Remove user-facing compression warnings — cleaner message flow (#4139)

-v/-q flags wired to stderr logging for gateway service (#4474)

HERMES_HOME remapped to target user in system service unit (#4456)

Honor default for invalid bool-like config values (#4029)

setsid instead of systemd-run for /update command to avoid systemd permission issues (#4104, closes #4017)

'Initializing agent...' shown on first message for better UX (#4086)

Allow running gateway service as root for LXC/container environments (#4732)

Telegram

32-char limit on command names with collision avoidance (#4211)

Priority order enforced in menu — core > plugins > skills (#4023)

Capped at 50 commands — API rejects above ~60 (#4006)

Skip empty/whitespace text to prevent 400 errors (#4388)

E2E gateway tests added (#4497) — @pefontana

Discord

Button-based approval UI — register /approve and /deny slash commands with interactive button prompts (#4800)

Configurable reactions — discord.reactions config option to disable message processing reactions (#4199)

Skip reactions and auto-threading for unauthorized users (#4387)

Slack

Reply in thread — slack.reply_in_thread config option for threaded responses (#4643, closes #2662)

WhatsApp

Enforce require_mention in group chats (#4730)

Webhook

Platform support fixes — skip home channel prompt, disable tool progress for webhook adapters (#4660)

Matrix

E2EE decryption hardening — request missing keys, auto-trust devices, retry buffered events (#4083)

🖥️ CLI & User Experience

New Slash Commands

/yolo — toggle dangerous command approvals on/off for the session (#3990)

/btw — ephemeral side questions that don't affect the main conversation context (#4161)

/profile — show active profile info without leaving the chat session (#4027)

Interactive CLI

Inline diff previews for write and patch operations in the tool activity feed (#4411, #4423)

TUI pinned to bottom on startup — no more large blank spaces between response and input (#4412, #4359, closes #4398, #4421)

/history and /resume now surface recent sessions directly instead of requiring search (#4728)

Cache tokens shown in /insights overview so total adds up (#4428)

--max-turns CLI flag for hermes chat to limit agent iterations (#4314)

Detect dragged file paths instead of treating them as slash commands (#4533) — @rolme

Allow empty strings and falsy values in config set (#4310, closes #4277)

Voice mode in WSL when PulseAudio bridge is configured (#4317)

Respect NO_COLOR env var and TERM=dumb for accessibility (#4079, closes #4066) — @SHL0MS

Correct shell reload instruction for macOS/zsh users (#4025)

Zero exit code on successful quiet mode queries (#4613, closes #4601) — @devorun

on_session_end hook fires on interrupted exits (#4159)

Profile list display reads model.default key correctly (#4160)

Browser and TTS shown in reconfigure menu (#4041)

Web backend priority detection simplified (#4036)

Setup & Configuration

Allowed_users preserved during setup and quiet unconfigured provider warnings (#4551) — @kshitijk4poor

Save API key to model config for custom endpoints (#4202, closes #4182)

Claude Code credentials gated behind explicit Hermes config in wizard trigger (#4210)

Atomic writes in save_config_value to prevent config loss on interrupt (#4298, #4320)

Scopes field written to Claude Code credentials on token refresh (#4126)

Update System

Fork detection and upstream sync in hermes update (#4744)

Preserve working optional extras when one extra fails during update (#4550)

Handle conflicted git index during hermes update (#4735)

Avoid launchd restart race on macOS (#4736)

Missing subprocess.run() timeouts added to doctor and status commands (#4009)

🔧 Tool System

Browser

Camofox anti-detection browser backend — local stealth browsing with auto-install via hermes tools (#4008)

Persistent Camofox sessions with VNC URL discovery for visual debugging (#4419)

Skip SSRF check for local backends (Camofox, headless Chromium) (#4292)

Configurable SSRF check via browser.allow_private_urls (#4198) — @nils010485

CAMOFOX_PORT=9377 added to Docker commands (#4340)

File Operations

Inline diff previews on write and patch actions (#4411, #4423)

Stale file detection on write and patch — warns when file was modified externally since last read (#4345)

Staleness timestamp refreshed after writes (#4390)

Size guard, dedup, and device blocking on read_file (#4315)

MCP

Stability fix pack — reload timeout, shutdown cleanup, event loop handler, OAuth non-blocking (#4757, closes #4462, #2537)

ACP (Editor Integration)

Client-provided MCP servers registered as agent tools — editors pass their MCP servers to Hermes (#4705)

Skills System

Size limits for agent writes and fuzzy matching for skill patch — prevents oversized skill writes and improves edit reliability (#4414)

Validate hub bundle paths before install — blocks path traversal in skill bundles (#3986)

Unified hermes-agent and hermes-agent-setup into single skill (#4332)

Skill metadata type check in extract_skill_conditions (#4479)

New/Updated Skills

research-paper-writing — full end-to-end research pipeline (replaced ml-paper-writing) (#4654) — @SHL0MS

ascii-video — text readability techniques and external layout oracle (#4054) — @SHL0MS

youtube-transcript updated for youtube-transcript-api v1.x (#4455) — @el-analista

Skills browse and search page added to documentation site (#4500) — @IAvecilla

🔒 Security & Reliability

Security Hardening

Block secret exfiltration via browser URLs and LLM responses — scans for secret patterns in URL encoding, base64, and prompt injection vectors (#4483)

Redact secrets from execute_code sandbox output (#4360)

Protect .docker, .azure, .config/gh credential directories from read/write via file tools and terminal (#4305, #4327) — @memosr

GitHub OAuth token patterns added to redaction + snapshot redact flag (#4295)

Reject private and loopback IPs in Telegram DoH fallback (#4129)

Reject path traversal in credential file registration (#4316)

Validate tar archive member paths on profile import — blocks zip-slip attacks (#4318)

Exclude auth.json and .env from profile exports (#4475)

Reliability

Prevent compression death spiral from API disconnects (#4750, closes #2153)

Handle is_closed as method in OpenAI SDK — prevents false positive client closure detection (#4416, closes #4377)

Exclude matrix from [all] extras — python-olm is upstream-broken, prevents install failures (#4615, closes #4178)

OpenCode model routing repaired (#4508)

Docker container image optimized (#4034) — @bcross

Windows & Cross-Platform

Voice mode in WSL with PulseAudio bridge (#4317)

Homebrew packaging preparation (#4099)

CI fork conditionals to prevent workflow failures on forks (#4107)

🐛 Notable Bug Fixes

Gateway approval blocked agent thread — approval now blocks the agent thread like CLI does, preventing tool result loss (#4557, closes #4542)

Compression death spiral from API disconnects — detected and halted instead of looping (#4750, closes #2153)

Anthropic thinking blocks lost across tool-use turns (#4626)

Profile model config ignored with -p flag — model.model now promoted to model.default correctly (#4160, closes #4486)

CLI blank space between response and input area (#4412, #4359, closes #4398)

Dragged file paths treated as slash commands instead of file references (#4533) — @rolme

Orphaned </think> tags leaking into user-facing responses (#4311, closes #4285)

OpenAI SDK is_closed is a method not property — false positive client closure (#4416, closes #4377)

MCP OAuth server could block Hermes startup instead of degrading gracefully (#4757, closes #4462)

MCP event loop closed on shutdown with HTTP servers (#4757, closes #2537)

Alibaba provider hardcoded to wrong endpoint (#4133, closes #3912)

Slack reply_in_thread missing config option (#4643, closes #2662)

Quiet mode exit code — successful -q queries no longer exit nonzero (#4613, closes #4601)

Mobile sidebar shows only close button due to backdrop-filter issue in docs site (#4207) — @xsmyile

Config restore reverted by stale-branch squash merge — _config_version fixed (#4440)

🧪 Testing

Telegram gateway E2E tests — full integration test suite for the Telegram adapter (#4497) — @pefontana

11 real test failures fixed plus sys.modules cascade poisoner resolved (#4570)

7 CI failures resolved across hooks, plugins, and skill tests (#3936)

Codex 401 refresh tests updated for CI compatibility (#4166)

Stale OPENAI_BASE_URL test fixed (#4217)

📚 Documentation

Comprehensive documentation audit — 9 HIGH and 20+ MEDIUM gaps fixed across 21 files (#4087)

Site navigation restructured — features and platforms promoted to top-level (#4116)

Tool progress streaming documented for API server and Open WebUI (#4138)

Telegram webhook mode documentation (#4089)

Local LLM provider guides — comprehensive setup guides with context length warnings (#4294)

WhatsApp allowlist behavior clarified with WHATSAPP_ALLOW_ALL_USERS documentation (#4293)

Slack configuration options — new config section in Slack docs (#4644)

Terminal backends section expanded + docs build fixes (#4016)

Adding-providers guide updated for unified setup flow (#4201)

ACP Zed config fixed (#4743)

Community FAQ entries for common workflows and troubleshooting (#4797)

Skills browse and search page on docs site (#4500) — @IAvecilla

👥 Contributors

Core

@teknium1 — 135 commits across all subsystems

Top Community Contributors

@kshitijk4poor — 13 commits: preserve allowed_users during setup (#4551), and various fixes

@erosika — 12 commits: Honcho full integration parity restored as memory provider plugin (#4355)

@pefontana — 9 commits: Telegram gateway E2E test suite (#4497)

@bcross — 5 commits: Docker container image optimization (#4034)

@SHL0MS — 4 commits: NO_COLOR/TERM=dumb support (#4079), ascii-video skill updates (#4054), research-paper-writing skill (#4654)

All Contributors

@0xbyt4, @arasovic, @Bartok9, @bcross, @binhnt92, @camden-lowrance, @curtitoo, @dakota, @dave Tist, @dean Kerr, @devorun, @dieutx, @dilee, @el-analista, @erosika, @Gutslabs, @IAvecilla, @jack, @Johannnnn506, @kshitijk4poor, @Laura Batalha, @Leegenux, @lume, @MacroAnarchy, @maymuneth, @memosr, @NexVeridian, @nick, @nils010485, @pefontana, @PeNov, @rolme, @SHL0MS, @txchen, @xsmyile

Issues Resolved from Community

@acsezen (#2537), @arasovic (#4285), @camden-lowrance (#4462), @devorun (#4601), @eloklam (#4486), @HenkDz (#3719), @hypotyposis (#2153), @kazamak (#4178), @lstep (#4366), @Mark-Lok (#4542), @NoJster (#4421), @patp (#2662), @pr0n (#4601), @saulmc (#4377), @SHL0MS (#4060, #4061, #4066, #4172, #4277), @Z-Mackintosh (#4398)

Full Changelog: v2026.3.30...v2026.4.3

Original source

Hermes Agent v0.6.0 (v2026.3.30)

Release Date: March 30, 2026

The multi-instance release — Profiles for running isolated agent instances, MCP server mode, Docker container, fallback provider chains, two new messaging platforms (Feishu/Lark and WeCom), Telegram webhook mode, Slack multi-workspace OAuth, 95 PRs and 16 resolved issues in 2 days.

✨ Highlights

Profiles — Multi-Instance Hermes — Run multiple isolated Hermes instances from the same installation. Each profile gets its own config, memory, sessions, skills, and gateway service. Create with hermes profile create, switch with hermes -p <name>, export/import for sharing. Full token-lock isolation prevents two profiles from using the same bot credential. (#3681)

MCP Server Mode — Expose Hermes conversations and sessions to any MCP-compatible client (Claude Desktop, Cursor, VS Code, etc.) via hermes mcp serve. Browse conversations, read messages, search across sessions, and manage attachments — all through the Model Context Protocol. Supports both stdio and Streamable HTTP transports. (#3795)

Docker Container — Official Dockerfile for running Hermes Agent in a container. Supports both CLI and gateway modes with volume-mounted config. (#3668, closes #850)

Ordered Fallback Provider Chain — Configure multiple inference providers with automatic failover. When your primary provider returns errors or is unreachable, Hermes automatically tries the next provider in the chain. Configure via fallback_providers in config.yaml. (#3813, closes #1734)

Feishu/Lark Platform Support — Full gateway adapter for Feishu (飞书) and Lark with event subscriptions, message cards, group chat, image/file attachments, and interactive card callbacks. (#3799, #3817, closes #1788)

WeCom (Enterprise WeChat) Platform Support — New gateway adapter for WeCom (企业微信) with text/image/voice messages, group chats, and callback verification. (#3847)

Slack Multi-Workspace OAuth — Connect a single Hermes gateway to multiple Slack workspaces via OAuth token file. Each workspace gets its own bot token, resolved dynamically per incoming event. (#3903)

Telegram Webhook Mode & Group Controls — Run the Telegram adapter in webhook mode as an alternative to polling — faster response times and better for production deployments behind a reverse proxy. New group mention gating controls when the bot responds: always, only when @mentioned, or via regex triggers. (#3880, #3870)

Exa Search Backend — Add Exa as an alternative web search and content extraction backend alongside Firecrawl and DuckDuckGo. Set EXA_API_KEY and configure as preferred backend. (#3648)

Skills & Credentials on Remote Backends — Mount skill directories and credential files into Modal and Docker containers, so remote terminal sessions have access to the same skills and secrets as local execution. (#3890, #3671, closes #3665, #3433)

🏗️ Core Agent & Architecture

Provider & Model Support

Ordered fallback provider chain — automatic failover across multiple configured providers (#3813)

Fix api_mode on provider switch — switching providers via hermes model now correctly clears stale api_mode instead of hardcoding chat_completions, fixing 404s for providers with Anthropic-compatible endpoints (#3726, #3857, closes #3685)

Stop silent OpenRouter fallback — when no provider is configured, Hermes now raises a clear error instead of silently routing to OpenRouter (#3807, #3862)

Gemini 3.1 preview models — added to OpenRouter and Nous Portal catalogs (#3803, closes #3753)

Gemini direct API context length — full context length resolution for direct Google AI endpoints (#3876)

gpt-5.4-mini added to Codex fallback catalog (#3855)

Curated model lists preferred over live API probe when the probe returns fewer models (#3856, #3867)

User-friendly 429 rate limit messages with Retry-After countdown (#3809)

Auxiliary client placeholder key for local servers without auth requirements (#3842)

INFO-level logging for auxiliary provider resolution (#3866)

Agent Loop & Conversation

Subagent status reporting — reports completed status when summary exists instead of generic failure (#3829)

Session log file updated during compression — prevents stale file references after context compression (#3835)

Omit empty tools param — sends no tools parameter when empty instead of None, fixing compatibility with strict providers (#3820)

Profiles & Multi-Instance

Profiles system — hermes profile create/list/switch/delete/export/import/rename. Each profile gets isolated HERMES_HOME, gateway service, CLI wrapper. Token locks prevent credential collisions. Tab completion for profile names. (#3681)

Profile-aware display paths — all user-facing ~/.hermes paths replaced with display_hermes_home() to show the correct profile directory (#3623)

Lazy display_hermes_home imports — prevents ImportError during hermes update when modules cache stale bytecode (#3776)

HERMES_HOME for protected paths — .env write-deny path now respects HERMES_HOME instead of hardcoded ~/.hermes (#3840)

📱 Messaging Platforms (Gateway)

New Platforms

Feishu/Lark — Full adapter with event subscriptions, message cards, group chat, image/file attachments, interactive card callbacks (#3799, #3817)

WeCom (Enterprise WeChat) — Text/image/voice messages, group chats, callback verification (#3847)

Telegram

Webhook mode — run as webhook endpoint instead of polling for production deployments (#3880)

Group mention gating & regex triggers — configurable bot response behavior in groups: always, @mention-only, or regex-matched (#3870)

Gracefully handle deleted reply targets — no more crashes when the message being replied to was deleted (#3858, closes #3229)

Discord

Message processing reactions — adds a reaction emoji while processing and removes it when done, giving visual feedback in channels (#3871)

DISCORD_IGNORE_NO_MENTION — skip messages that @mention other users/bots but not Hermes (#3640)

Clean up deferred "thinking..." — properly removes the "thinking..." indicator after slash commands complete (#3674, closes #3595)

Slack

Multi-workspace OAuth — connect to multiple Slack workspaces from a single gateway via OAuth token file (#3903)

WhatsApp

Persistent aiohttp session — reuse HTTP sessions across requests instead of creating new ones per message (#3818)

LID↔phone alias resolution — correctly match Linked ID and phone number formats in allowlists (#3830)

Skip reply prefix in bot mode — cleaner message formatting when running as a WhatsApp bot (#3931)

Matrix

Native voice messages via MSC3245 — send voice messages as proper Matrix voice events instead of file attachments (#3877)

Mattermost

Configurable mention behavior — respond to messages without requiring @mention (#3664)

Signal

URL-encode phone numbers and correct attachment RPC parameter — fixes delivery failures with certain phone number formats (#3670) — @kshitijk4poor

Email

Close SMTP/IMAP connections on failure — prevents connection leaks during error scenarios (#3804)

Gateway Core

Atomic config writes — use atomic file writes for config.yaml to prevent data loss during crashes (#3800)

Home channel env overrides — apply environment variable overrides for home channels consistently (#3796, #3808)

Replace print() with logger — BasePlatformAdapter now uses proper logging instead of print statements (#3669)

Cron delivery labels — resolve human-friendly delivery labels via channel directory (#3860, closes #1945)

Cron [SILENT] tightening — prevent agents from prefixing reports with [SILENT] to suppress delivery (#3901)

Background task media delivery and vision download timeout fixes (#3919)

Boot-md hook — example built-in hook to run a BOOT.md file on gateway startup (#3733)

🖥️ CLI & User Experience

Interactive CLI

Configurable tool preview length — show full file paths by default instead of truncating at 40 chars (#3841)

Tool token context display — hermes tools checklist now shows estimated token cost per toolset (#3805)

/bg spinner TUI fix — route background task spinner through the TUI widget to prevent status bar collision (#3643)

Prevent status bar wrapping into duplicate rows (#3883) — @kshitijk4poor

Handle closed stdout ValueError in safe print paths — fixes crashes when stdout is closed during gateway thread shutdown (#3843, closes #3534)

Remove input() from /tools disable — eliminates freeze in terminal when disabling tools (#3918)

TTY guard for interactive CLI commands — prevent CPU spin when launched without a terminal (#3933)

Argparse entrypoint — use argparse in the top-level launcher for cleaner error handling (#3874)

Lazy-initialized tools show yellow in banner instead of red, reducing false alarm about "missing" tools (#3822)

Honcho tools shown in banner when configured (#3810)

Setup & Configuration

Auto-install matrix-nio during hermes setup when Matrix is selected (#3802, #3873)

Session export stdout support — export sessions to stdout with - for piping (#3641, closes #3609)

Configurable approval timeouts — set how long dangerous command approval prompts wait before auto-denying (#3886, closes #3765)

Clear pycache during update — prevents stale bytecode ImportError after hermes update (#3819)

🔧 Tool System

MCP

MCP Server Mode — hermes mcp serve exposes conversations, sessions, and attachments to MCP clients via stdio or Streamable HTTP (#3795)

Dynamic tool discovery — respond to notifications/tools/list_changed events to pick up new tools from MCP servers without reconnecting (#3812)

Non-deprecated HTTP transport — switched from sse_client to streamable_http_client (#3646)

Web Tools

Exa search backend — alternative to Firecrawl and DuckDuckGo for web search and extraction (#3648)

Browser

Guard against None LLM responses in browser snapshot and vision tools (#3642)

Terminal & Remote Backends

Mount skill directories into Modal and Docker containers (#3890)

Mount credential files into remote backends with mtime+size caching (#3671)

Preserve partial output when commands time out instead of losing everything (#3868)

Stop marking persisted env vars as missing on remote backends (#3650)

Audio

.aac format support in transcription tool (#3865, closes #1963)

Audio download retry — retry logic for cache_audio_from_url matching the existing image download pattern (#3401) — @binhnt92

Vision

Reject non-image files and enforce website-only policy for vision analysis (#3845)

Tool Schema

Ensure name field always present in tool definitions, fixing KeyError: 'name' crashes (#3811, closes #3729)

ACP (Editor Integration)

Complete session management surface for VS Code/Zed/JetBrains clients — proper task lifecycle, cancel support, session persistence (#3675)

🧩 Skills & Plugins

Skills System

External skill directories — configure additional skill directories via skills.external_dirs in config.yaml (#3678)

Category path traversal blocked — prevents ../ attacks in skill category names (#3844)

parallel-cli moved to optional-skills — reduces default skill footprint (#3673) — @kshitijk4poor

New Skills

memento-flashcards — spaced repetition flashcard system (#3827)

songwriting-and-ai-music — songwriting craft and AI music generation prompts (#3834)

SiYuan Note — integration with SiYuan note-taking app (#3742)

Scrapling — web scraping skill using Scrapling library (#3742)

one-three-one-rule — communication framework skill (#3797)

Plugin System

Plugin enable/disable commands — hermes plugins enable/disable <name> for managing plugin state without removing them (#3747)

Plugin message injection — plugins can now inject messages into the conversation stream on behalf of the user via ctx.inject_message() (#3778) — @winglian

Honcho self-hosted support — allow local Honcho instances without requiring an API key (#3644)

🔒 Security & Reliability

Security Hardening

Hardened dangerous command detection — expanded pattern matching for risky shell commands and added file tool path guards for sensitive locations (/etc/, /boot/, docker.sock) (#3872)

Sensitive path write checks in approval system — catch writes to system config files through file tools, not just terminal (#3859)

Secret redaction expansion — now covers ElevenLabs, Tavily, and Exa API keys (#3920)

Vision file rejection — reject non-image files passed to vision analysis to prevent information disclosure (#3845)

Category path traversal blocking — prevent directory traversal in skill category names (#3844)

Reliability

Atomic config.yaml writes — prevent data loss during gateway crashes (#3800)

Clear pycache on update — prevent stale bytecode from causing ImportError after updates (#3819)

Lazy imports for update safety — prevent ImportError chains during hermes update when modules reference new functions (#3776)

Restore terminalbench2 from patch corruption — recovered file damaged by patch tool's secret redaction (#3801)

Terminal timeout preserves partial output — no more lost command output on timeout (#3868)

🐛 Notable Bug Fixes

OpenClaw migration model config overwrite — migration no longer overwrites model config dict with a string (#3924) — @0xbyt4

OpenClaw migration expanded — covers full data footprint including sessions, cron, memory (#3869)

Telegram deleted reply targets — gracefully handle replies to deleted messages instead of crashing (#3858)

Discord "thinking..." persistence — properly cleans up deferred response indicators (#3674)

WhatsApp LID↔phone aliases — fixes allowlist matching failures with Linked ID format (#3830)

Signal URL-encoded phone numbers — fixes delivery failures with certain formats (#3670)

Email connection leaks — properly close SMTP/IMAP connections on error (#3804)

_safe_print ValueError — no more gateway thread crashes on closed stdout (#3843)

Tool schema KeyError 'name' — ensure name field always present in tool definitions (#3811)

api_mode stale on provider switch — correctly clear when switching providers via hermes model (#3857)

🧪 Testing

Resolved 10+ CI failures across hooks, tiktoken, plugins, and skill tests (#3848, #3721, #3936)

📚 Documentation

Comprehensive OpenClaw migration guide — step-by-step guide for migrating from OpenClaw/Claw3D to Hermes Agent (#3864, #3900)

Credential file passthrough docs — document how to forward credential files and env vars to remote backends (#3677)

DuckDuckGo requirements clarified — note runtime dependency on duckduckgo-search package (#3680)

Skills catalog updated — added red-teaming category and optional skills listing (#3745)

Feishu docs MDX fix — escape angle-bracket URLs that break Docusaurus build (#3902)

👥 Contributors

Core

@teknium1 — 90 PRs across all subsystems

Community Contributors

@kshitijk4poor — 3 PRs: Signal phone number fix (#3670), parallel-cli to optional-skills (#3673), status bar wrapping fix (#3883)

@winglian — 1 PR: Plugin message injection interface (#3778)

@binhnt92 — 1 PR: Audio download retry logic (#3401)

@0xbyt4 — 1 PR: OpenClaw migration model config fix (#3924)

Issues Resolved from Community

@Material-Scientist (#850), @hanxu98121 (#1734), @penwyp (#1788), @dan-and (#1945), @AdrianScott (#1963), @clawdbot47 (#3229), @alanfwilliams (#3404), @kentimsit (#3433), @hayka-pacha (#3534), @primmer (#3595), @dagelf (#3609), @HenkDz (#3685), @tmdgusya (#3729), @TypQxQ (#3753), @acsezen (#3765)

Full Changelog: v2026.3.28...v2026.3.30

Original source