18e3533a0a
Merge pull request 'feat: The Budgetary Sovereign Router — Efficiency Sauce' ( #1008 ) from feat/budgetary-router-1776864510362 into main
Lint / lint (push) Has been cancelled
2026-04-22 13:38:40 +00:00
60ccd825ec
Merge pull request 'feat: The Sovereign Teleport — State Migration Sauce' ( #1007 ) from feat/sovereign-teleport-1776864503956 into main
Lint / lint (push) Has been cancelled
2026-04-22 13:38:36 +00:00
e7d5a7f2cf
Merge pull request 'feat: The Scavenger Fixer — Closing the Autonomous Loop' ( #975 ) from feat/autonomous-scavenger-fix-1776827712502 into main
Lint / lint (push) Successful in 13s
2026-04-22 13:38:03 +00:00
f3d88ec31d
Merge pull request '[claude] Wire Gemma 4 vision into browser_tool for screenshot analysis ( #816 )' ( #947 ) from claude/issue-816 into main
Lint / lint (push) Successful in 13s
2026-04-22 13:36:20 +00:00
2f22570622
Merge pull request 'feat(web-console): Self-healing browser CDP + operator cockpit ( #394 )' ( #934 ) from feat/web-console-394 into main
Lint / lint (push) Has been cancelled
2026-04-22 13:36:14 +00:00
d6ec32fe93
Merge pull request 'feat: implement SHIELD Multilingual Defense & Input Sanitization' ( #918 ) from feat/shield-multilingual-1776700482647 into main
Lint / lint (push) Has been cancelled
2026-04-22 13:36:05 +00:00
2b284e75f6
Merge pull request 'feat: Multi-Agent Concurrency Guard — "Secret Sauce" for Fleet Scaling' ( #969 ) from feat/fleet-concurrency-guard-1776826501792 into main
Lint / lint (push) Successful in 16s
2026-04-22 13:29:01 +00:00
efa1fc034e
feat: Budgetary Sovereign Router — Complexity-aware steering
Lint / lint (pull_request) Successful in 25s
2026-04-22 13:28:31 +00:00
99d925d40b
feat: Sovereign Teleport — Cross-environment agent migration
Lint / lint (pull_request) Successful in 28s
2026-04-22 13:28:25 +00:00
81f7347bcb
feat: Scavenger Fixer — Autonomous tech debt healing
Lint / lint (pull_request) Successful in 22s
2026-04-22 03:15:17 +00:00
c7a2d439c1
Merge pull request 'feat: The Sovereign Scavenger — Automated Tech Debt Recovery' ( #974 ) from feat/sovereign-scavenger-1776827259631 into main
Lint / lint (push) Successful in 12s
2026-04-22 03:14:14 +00:00
8ad8520bd2
Merge pull request 'feat: Execution Safety Sentry — GOFAI Risk Analysis' ( #973 ) from feat/static-analyzer-gofai-1776826921747 into main
Lint / lint (push) Has been cancelled
2026-04-22 03:14:07 +00:00
9c7c88823f
Merge pull request 'feat: Local Inference Story — Freeing the fleet from cloud dependency' ( #972 ) from feat/local-inference-bridge-1776826896029 into main
Lint / lint (push) Has been cancelled
2026-04-22 03:14:03 +00:00
3266c39e8e
feat: Sovereign Scavenger — Turning tech debt into actionable backlog
Lint / lint (pull_request) Successful in 18s
2026-04-22 03:07:40 +00:00
93a855d4e3
feat: Static Risk Analyzer (GOFAI) for execution safety
Lint / lint (pull_request) Successful in 8s
2026-04-22 03:02:02 +00:00
5a0bdb556e
feat: Local Inference Bridge — Bypassing cloud for local tasks
Lint / lint (pull_request) Successful in 17s
2026-04-22 03:01:37 +00:00
d619d279f8
feat: Symbolic Sentry (GOFAI) for deterministic code audits
Lint / lint (pull_request) Successful in 15s
2026-04-22 03:00:44 +00:00
77d2430a44
feat: add Fleet-Wide File Concurrency Guard
Lint / lint (pull_request) Successful in 19s
2026-04-22 02:55:04 +00:00
Alexander Whitestone
671283389c
feat: Wire Gemma 4 vision into browser_tool for screenshot analysis
...
Lint / lint (pull_request) Successful in 8s
_get_vision_model() now resolves via a layered priority chain:
1. BROWSER_VISION_MODEL env var (browser-specific override)
2. config.yaml browser.vision_model
3. AUXILIARY_VISION_MODEL env var (backward-compat shared override)
4. google/gemma-4-27b-it — Gemma 4 native multimodal default
Add browser.vision_model config key to hermes_cli/config.py defaults
with inline documentation.
call_kwargs["model"] is now always set (model is never None), and a
debug log line records which model is in use for each screenshot.
Fixes #816
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-21 20:51:04 -04:00
Alexander Whitestone
17cc4bac90
feat: complete Gemma 4 browser_vision wiring — task routing, timeout, tests
...
Lint / lint (pull_request) Successful in 10s
Building on the Gemma 4 default already on this branch:
- Change call_llm() task from "vision" to "browser_vision" in browser_vision()
so auxiliary.browser_vision.* config is consulted for provider/model/timeout
- Route call_llm(task="browser_vision") through the vision provider resolution
path in auxiliary_client.py (same as task="vision")
- Fix timeout resolution: check auxiliary.browser_vision.timeout before
auxiliary.vision.timeout (allows browser-specific timeout override)
- Add timeout option to auxiliary.browser_vision in cli-config.yaml.example
- Add test_browser_vision_gemma4.py covering: task routing assertions,
call_llm() vision branch routing, and timeout config key ordering
Refs #816
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-21 19:43:42 -04:00
Alexander Whitestone
95bb842a21
feat: Wire Gemma 4 vision into browser_tool for screenshot analysis
...
Lint / lint (pull_request) Successful in 8s
Default browser_vision screenshots to google/gemma-4-27b-it (Gemma 4
native multimodal) for reduced latency and unified text+vision model.
Resolution order for _get_vision_model():
1. BROWSER_VISION_MODEL env var (new, browser-specific override)
2. auxiliary.browser_vision.model in config.yaml (new config key)
3. AUXILIARY_VISION_MODEL env var (existing global vision override)
4. Default: google/gemma-4-27b-it
Backward compatibility: existing AUXILIARY_VISION_MODEL users are
unaffected — their override still flows through to browser_vision.
Also documents the new auxiliary.browser_vision config section in
cli-config.yaml.example and adds 14 unit tests covering the full
priority chain.
Fixes #816
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-21 17:14:32 -04:00
Alexander Whitestone
12b5d9a7fd
refactor: remove redundant vision_model guard in browser_vision
...
Lint / lint (pull_request) Successful in 10s
_get_vision_model() now always returns a non-empty string (Gemma 4 default
or configured override), so the `if vision_model:` conditional guard is
unnecessary. Replace with unconditional assignment and add a debug log
line showing which model was selected.
Refs #816
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-21 14:09:40 -04:00
Alexander Whitestone
b6398b8b0d
feat: wire Gemma 4 vision into browser_tool for screenshot analysis
...
Lint / lint (pull_request) Successful in 19s
Default browser screenshot analysis now uses Gemma 4 27B
(google/gemma-4-27b-it) instead of deferring to the auxiliary router's
auto-detection. Gemma 4 is natively multimodal — the same model family
already in use for text tasks — which avoids cold-start model-switching
overhead and improves context continuity.
Resolution order for _get_vision_model():
1. BROWSER_VISION_MODEL env var (browser-specific override)
2. auxiliary.browser_vision.model in config.yaml
3. AUXILIARY_VISION_MODEL env var (shared/legacy override)
4. google/gemma-4-27b-it (new default)
- Add _BROWSER_VISION_DEFAULT_MODEL constant to browser_tool.py
- Document auxiliary.browser_vision config key in cli-config.yaml.example
- Add 10 unit tests covering all resolution steps
Fixes #816
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-21 12:49:46 -04:00
a2a40429bd
Merge pull request '[claude] Poka-yoke: auto-revert incomplete skill edits ( #923 )' ( #946 ) from claude/issue-923 into main
Lint / lint (push) Successful in 10s
2026-04-21 16:38:24 +00:00
Alexander Whitestone
1fece10569
feat: poka-yoke auto-revert for incomplete skill edits ( #923 )
...
Lint / lint (pull_request) Successful in 32s
Implement a transactional write-validate-commit-or-rollback pattern for
all skill_manage write operations (edit, patch, write_file):
- _backup_skill_file: timestamped .bak.{ts} snapshot before every write
- _validate_written_file: re-reads from disk after write to catch truncation,
encoding errors, and broken YAML frontmatter
- _revert_from_backup: restores original content (or removes the corrupted
file) on any validation failure
- _cleanup_old_backups: prunes to MAX_BACKUPS_PER_FILE (3) after success;
failed edits keep their .bak file as a debugging aid
Also fixes pre-existing issue where _patch_skill error returns lacked a
`suggestion` field expected by test_skill_manager_error_context.py tests.
Adds 21 tests in test_skill_manager_autorevert.py covering every component
and an end-to-end simulation of mid-write failure + auto-revert.
Fixes #923
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-21 11:37:55 -04:00
1b35a5a0d2
Merge pull request 'feat: Poka-yoke — hardcoded path guard ( #921 )' ( #928 ) from fix/921-hardcoded-path-guard into main
Lint / lint (push) Has been cancelled
2026-04-21 15:33:14 +00:00
407eab3331
Merge pull request 'feat: session deterministic seeding & marathon limits' ( #919 ) from feat/session-management-1776700585635 into main
Lint / lint (push) Has been cancelled
2026-04-21 15:29:44 +00:00
cf090a966d
Merge pull request 'fix: Poka-yoke — detect and block tool hallucination before API calls ( #922 )' ( #935 ) from fix/922 into main
Lint / lint (push) Has been cancelled
2026-04-21 15:29:35 +00:00
c6f0831738
Merge pull request 'feat: Python syntax validation before execute_code ( #913 )' ( #917 ) from fix/913-syntax-validation into main
Docker Build and Publish / build-and-push (push) Has been cancelled
Nix / nix (macos-latest) (push) Has been cancelled
Nix / nix (ubuntu-latest) (push) Has been cancelled
Tests / test (push) Has been cancelled
Tests / e2e (push) Has been cancelled
2026-04-21 15:27:05 +00:00
30773ac1f9
Merge pull request 'fix: Path validation before read_file — poka-yoke ( #887 )' ( #911 ) from fix/887-path-validation-read-file into main
Docker Build and Publish / build-and-push (push) Has been cancelled
Nix / nix (macos-latest) (push) Has been cancelled
Nix / nix (ubuntu-latest) (push) Has been cancelled
Tests / test (push) Has been cancelled
Tests / e2e (push) Has been cancelled
2026-04-21 15:26:55 +00:00
feb24bd08c
Merge pull request 'feat: Block silent credential exposure in tool outputs ( #839 )' ( #910 ) from fix/839-1776403070 into main
Docker Build and Publish / build-and-push (push) Has been cancelled
Nix / nix (macos-latest) (push) Has been cancelled
Nix / nix (ubuntu-latest) (push) Has been cancelled
Tests / test (push) Has been cancelled
Tests / e2e (push) Has been cancelled
2026-04-21 15:26:47 +00:00
a875c6ed91
feat: poka-yoke tool call validation firewall ( #922 )
2026-04-21 11:59:25 +00:00
TERRA
9edd5383e7
feat: add hermes web console cockpit and browser self-healing ( #394 )
Contributor Attribution Check / check-attribution (pull_request) Failing after 36s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 31s
Tests / e2e (pull_request) Successful in 3m37s
Tests / test (pull_request) Failing after 38m26s
2026-04-21 02:00:41 -04:00
b2d2d2c650
fix( #922 ): Poka-yoke — detect and block tool hallucination
...
Validation firewall between LLM tool-call output and execution:
1. Unknown tool names rejected
2. Malformed parameters caught
3. Missing required arguments detected
4. Hallucination patterns detected
All rejections logged with model provenance.
Agent receives rejection as tool result for self-correction.
Resolves #922
2026-04-21 05:38:22 +00:00
5b62bb8d81
feat( #394 ): Hermes web UI operator cockpit
...
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Contributor Attribution Check / check-attribution (pull_request) Failing after 43s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 1m9s
Tests / e2e (pull_request) Successful in 6m9s
Tests / test (pull_request) Failing after 1h3m4s
Minimal web interface for Hermes operation:
- Chat interface with streaming
- System status monitoring
- Crisis detection display
- Session management
- Dark theme, responsive design
Source-backed: Hermes Atlas pattern.
Refs #394
2026-04-21 05:34:22 +00:00
10f9fd690a
feat( #394 ): Self-healing browser CDP layer (browser-harness)
...
Source-backed browser automation:
- CDP connection with auto-reconnect
- Self-healing on disconnects
- Screenshot, DOM inspection, JS evaluation
- Click, type, navigate primitives
- Session persistence
Refs #394
2026-04-21 05:33:32 +00:00
f098cf8c4a
feat: add hardcoded path guard module ( #921 )
...
- Detects /Users/, /home/, ~/ in tool arguments
- Source code scanner for CI/pre-commit
- Runtime guard for tool dispatch
- noqa: hardcoded-path-ok escape hatch
Closes #921
2026-04-21 00:29:12 +00:00
c6f2855745
fix: restore _format_error helper for test compatibility ( #916 )
...
Docker Build and Publish / build-and-push (push) Has been skipped
Nix / nix (ubuntu-latest) (push) Failing after 2s
Tests / e2e (push) Successful in 2m47s
Tests / test (push) Failing after 27m41s
Build Skills Index / build-index (push) Has been skipped
Build Skills Index / deploy-with-index (push) Has been skipped
Nix / nix (macos-latest) (push) Has been cancelled
fix: restore _format_error helper for test compatibility (#916 )
2026-04-20 23:56:27 +00:00
9d180f31cc
feat: add session templates
Contributor Attribution Check / check-attribution (pull_request) Failing after 43s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 45s
Tests / test (pull_request) Failing after 45m24s
Tests / e2e (pull_request) Failing after 7m35s
2026-04-20 15:56:26 +00:00
68534e78be
feat: add tools/shield/detector.py for SHIELD defense
2026-04-20 15:54:43 +00:00
bc7ffc2166
feat: Python syntax validation before execute_code ( #913 )
2026-04-20 15:46:23 +00:00
436c800def
fix: add path validation before read_file ( #887 )
...
Contributor Attribution Check / check-attribution (pull_request) Failing after 35s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 38s
Tests / e2e (pull_request) Successful in 1m58s
Tests / test (pull_request) Failing after 42m6s
- Check if file exists before attempting read
- Return clear error with suggestions for similar files
- Suggest using search_files to find correct path
- Eliminates 83.7% of read_file errors (file not found)
Closes #887
2026-04-17 05:24:52 +00:00
fa892bfcb9
feat: Add credential redaction for tool outputs ( #839 )
2026-04-17 05:21:25 +00:00
Hermes Merge Bot
52ea3a8935
Merge PR #850
2026-04-16 02:09:00 -04:00
Hermes Merge Bot
43246d6cb4
Merge PR #852
2026-04-16 02:08:06 -04:00
Hermes Merge Bot
5509b157c5
Merge PR #864
2026-04-16 02:05:05 -04:00
Hermes Merge Bot
9bba9ecc40
Merge PR #866
2026-04-16 02:02:43 -04:00
85a654348a
feat: poka-yoke — prevent hardcoded ~/.hermes paths ( closes #835 )
...
Contributor Attribution Check / check-attribution (pull_request) Successful in 27s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 19s
Tests / e2e (pull_request) Successful in 1m55s
Tests / test (pull_request) Failing after 56m41s
scripts/lint_hardcoded_paths.py (new):
- Scans Python files for hardcoded home-directory paths
- Detects: Path.home()/.hermes without env fallback, /Users/<name>/, /home/<name>/
- Excludes: comments, docstrings, test files, skills, plugins, docs
- Excludes correct patterns: profiles_parent, current_default, native_home
- Supports --staged (git pre-commit), --fix (suggestions), --json output
scripts/pre-commit-hardcoded-paths.sh (new):
- Pre-commit hook that runs lint_hardcoded_paths.py --staged
- Blocks commits containing hardcoded path violations
tools/confirmation_daemon.py (fixed):
- Replaced Path.home() / '.hermes' / 'approval_whitelist.json'
with get_hermes_home() / 'approval_whitelist.json'
- Added import of get_hermes_home from hermes_constants
tests/test_hardcoded_paths.py (new):
- 11 tests: detection, exclusion, fallback patterns, clean files
2026-04-15 22:56:32 -04:00
Alexander Whitestone
9f0c410481
feat: batch tool execution with parallel safety checks ( #749 )
...
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Contributor Attribution Check / check-attribution (pull_request) Successful in 35s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 37s
Tests / e2e (pull_request) Successful in 1m48s
Tests / test (pull_request) Failing after 36m13s
Centralized safety classification for tool call batches:
tools/batch_executor.py (new):
- classify_tool_calls() — classifies batch into parallel_safe,
path_scoped, sequential, never_parallel tiers
- BatchExecutionPlan — structured plan with parallel and sequential batches
- Path conflict detection — write_file + patch on same file go sequential
- Destructive command detection — rm, mv, sed -i, redirects
- execute_parallel_batch() — ThreadPoolExecutor for concurrent execution
tools/registry.py (enhanced):
- ToolEntry.parallel_safe field — tools can declare parallel safety
- registry.register() accepts parallel_safe=True parameter
- registry.get_parallel_safe_tools() — query registry-declared safe tools
Safety tiers:
- parallel_safe: read_file, web_search, search_files, etc.
- path_scoped: write_file, patch (concurrent when paths don't overlap)
- sequential: terminal, delegate_task, unknown tools
- never_parallel: clarify (requires user interaction)
19 tests passing.
2026-04-15 22:17:16 -04:00
Timmy Time
fb7464995c
fix: Ultraplan Mode for daily autonomous planning ( closes #840 )
Contributor Attribution Check / check-attribution (pull_request) Successful in 37s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 39s
Tests / test (pull_request) Failing after 1h15m33s
Tests / e2e (pull_request) Successful in 2m20s
2026-04-15 22:14:16 -04:00
