455b0c87b1
feat: add cost and safety guardrails
Forge CI / smoke-and-build (pull_request) Failing after 31s
2026-04-13 00:31:51 +00:00
669c25b2bb
fix: move TEST_OPTIMIZATION_GUIDE.md to docs/reports/
2026-04-13 00:31:49 +00:00
4f2e75f228
fix: move TEST_OPTIMIZATION_GUIDE.md to docs/reports/
2026-04-13 00:31:48 +00:00
6da28ef92d
fix: move TEST_ANALYSIS_REPORT.md to docs/reports/
2026-04-13 00:31:46 +00:00
bb905d3bf9
fix: move TEST_ANALYSIS_REPORT.md to docs/reports/
2026-04-13 00:31:44 +00:00
51c20bb6c6
fix: move SECURITY_MITIGATION_ROADMAP.md to docs/reports/
2026-04-13 00:31:42 +00:00
df8e87bf7c
fix: move SECURITY_MITIGATION_ROADMAP.md to docs/reports/
2026-04-13 00:31:41 +00:00
8495bff72f
fix: move SECURITY_FIXES_CHECKLIST.md to docs/reports/
2026-04-13 00:31:39 +00:00
90c9549408
fix: move SECURITY_FIXES_CHECKLIST.md to docs/reports/
2026-04-13 00:31:36 +00:00
ee1ce608b2
fix: move SECURITY_AUDIT_REPORT.md to docs/reports/
2026-04-13 00:31:34 +00:00
32f0065ad0
fix: move SECURITY_AUDIT_REPORT.md to docs/reports/
2026-04-13 00:31:31 +00:00
703e3f2676
fix: move PERFORMANCE_OPTIMIZATIONS.md to docs/reports/
2026-04-13 00:31:29 +00:00
4d78858180
fix: move PERFORMANCE_OPTIMIZATIONS.md to docs/reports/
2026-04-13 00:31:27 +00:00
e8cf56b25b
fix: move PERFORMANCE_HOTSPOTS_QUICKREF.md to docs/reports/
2026-04-13 00:31:24 +00:00
6e846fa082
fix: move PERFORMANCE_HOTSPOTS_QUICKREF.md to docs/reports/
2026-04-13 00:31:23 +00:00
b1faef42f6
fix: move PERFORMANCE_ANALYSIS_REPORT.md to docs/reports/
2026-04-13 00:31:21 +00:00
aa71670f8d
fix: move PERFORMANCE_ANALYSIS_REPORT.md to docs/reports/
2026-04-13 00:31:19 +00:00
f2159d4103
feat: consolidate release notes into CHANGELOG.md
2026-04-13 00:31:17 +00:00
359ca0491f
fix: move RELEASE_v0.2.0.md to CHANGELOG.md
2026-04-13 00:31:15 +00:00
eae08e8c01
fix: move RELEASE_v0.3.0.md to CHANGELOG.md
2026-04-13 00:31:13 +00:00
4c3dbfe51f
fix: move RELEASE_v0.4.0.md to CHANGELOG.md
2026-04-13 00:31:11 +00:00
d3e92f2b2d
fix: move RELEASE_v0.5.0.md to CHANGELOG.md
2026-04-13 00:31:08 +00:00
e301dd97e5
fix: move RELEASE_v0.6.0.md to CHANGELOG.md
2026-04-13 00:31:06 +00:00
26a41b84b6
fix: move RELEASE_v0.7.0.md to CHANGELOG.md
2026-04-13 00:31:03 +00:00
f6d2f36a34
Merge pull request '[SECURITY] Provider Allowlist Guard — runtime banned-provider enforcement' ( #302 ) from perplexity/provider-allowlist into main
Forge CI / smoke-and-build (push) Failing after 25s
2026-04-13 00:27:18 +00:00
986076b808
Add provider allowlist guard — runtime enforcement of banned providers
Forge CI / smoke-and-build (pull_request) Failing after 29s
2026-04-13 00:27:10 +00:00
47c510c6f3
Merge pull request 'feat: poka-yoke: block tool hallucination ( #294 )' ( #301 ) from fix/json-repair-for-tool-calls into main
Forge CI / smoke-and-build (push) Failing after 27s
2026-04-12 22:55:40 +00:00
Alexander Whitestone
a318c389fe
feat: poka-yoke: block tool hallucination before API calls ( #294 )
...
Forge CI / smoke-and-build (pull_request) Failing after 25s
Validates tool names against valid_tool_names before execution.
Both sequential and concurrent paths checked.
When model hallucinates non-existent tool:
- Logs warning with tool name
- Returns error listing available tools
- Does NOT make API call (saves budget)
2026-04-12 18:55:27 -04:00
851f5601cf
Merge pull request 'fix: repair malformed tool call JSON ( closes #292 )' ( #300 ) from fix/json-repair-for-tool-calls into main
Forge CI / smoke-and-build (push) Failing after 30s
2026-04-12 16:09:39 +00:00
Alexander Whitestone
cdde3b27c1
fix: repair malformed tool call JSON ( closes #292 )
...
Forge CI / smoke-and-build (pull_request) Failing after 27s
Adds json-repair library to fix 1400+ JSON parse failures.
Wraps all json.loads() calls on tool call arguments with
repair_json() to handle trailing commas, single quotes,
missing braces, and unquoted keys.
Tested: 7/7 common LLM JSON error patterns repaired.
Impact: eliminates wasted inference turns from parse failures.
2026-04-12 08:16:40 -04:00
9e96e51afd
Merge pull request 'docs: Hermes Agent Feature Census — Know Thy Agent ( #290 )' ( #291 ) from census/feature-inventory into main
Forge CI / smoke-and-build (push) Failing after 24s
2026-04-11 09:31:46 +00:00
Alexander Whitestone
5e13fd2a5f
docs: Hermes Agent Feature Census — complete inventory
...
Forge CI / smoke-and-build (pull_request) Failing after 24s
Full feature census of hermes-agent codebase covering:
- Feature Matrix (memory, tools, sessions, plugins, config, gateway)
- Architecture Overview (dependency chain, data flow)
- Recent Development Activity (last 30 days, 1750+ commits)
- Overlap Analysis (what to use vs what to build)
- Contribution Roadmap (upstream vs Timmy Foundation)
Refs: #290
2026-04-11 05:03:51 -04:00
04c017bcb3
fix: CI stability — reduce deps, increase timeout
Forge CI / smoke-and-build (push) Failing after 28s
2026-04-11 00:32:20 +00:00
4c2ac7b644
Merge pull request 'fix(memory): add remove action to on_memory_write bridge' ( #277 ) from keymaxx/mimoomni/243 into main
...
Forge CI / smoke-and-build (push) Failing after 45s
Auto-merged by Timmy
2026-04-10 20:59:47 +00:00
8202649ca0
fix(memory): add remove action to on_memory_write bridge
...
Forge CI / smoke-and-build (pull_request) Successful in 43s
- Extend on_memory_write trigger in run_agent.py to fire for 'remove' action
- Holographic provider now handles 'replace' (re-adds content) and 'remove' (lowers trust on matching facts)
- Fixes orphaned facts when entries are deleted from built-in memory
Fixes #243
2026-04-10 15:31:45 -04:00
f5f028d981
auto-merge PR #276
Forge CI / smoke-and-build (push) Failing after 42s
2026-04-10 19:03:02 +00:00
Alexander Whitestone
a703fb823c
docs: add Matrix integration setup guide and interactive script
...
Forge CI / smoke-and-build (pull_request) Failing after 36s
Phase 2 of Matrix integration — wires Hermes to any Matrix homeserver.
- docs/matrix-setup.md: step-by-step guide covering matrix.org (testing)
and self-hosted (sovereignty) options, auth methods, E2EE setup, room
config, and troubleshooting
- scripts/setup_matrix.py: interactive wizard that prompts for homeserver,
supports token/password auth, generates MATRIX_DEVICE_ID, writes
~/.hermes/.env and config.yaml, and optionally creates a test room +
sends a test message
No config.py changes needed — all Matrix env vars (MATRIX_HOMESERVER,
MATRIX_ACCESS_TOKEN, MATRIX_USER_ID, MATRIX_PASSWORD, MATRIX_ENCRYPTION,
MATRIX_DEVICE_ID, MATRIX_ALLOWED_USERS, MATRIX_HOME_ROOM, etc.) are
already registered in OPTIONAL_ENV_VARS and _EXTRA_ENV_KEYS.
Closes #271
2026-04-10 07:46:42 -04:00
a89dae9942
[auto-merge] browser integration PoC
...
Forge CI / smoke-and-build (push) Failing after 38s
Notebook CI / notebook-smoke (push) Failing after 7s
Auto-merged by PR review bot: browser integration PoC
2026-04-10 11:44:56 +00:00
Alexander Whitestone
f85c07551a
feat: browser integration analysis + PoC tool ( #262 )
...
Forge CI / smoke-and-build (pull_request) Failing after 36s
Add docs/browser-integration-analysis.md:
- Technical analysis of Browser Use, Graphify, and Multica for Hermes
- Integration paths, security considerations, performance characteristics
- Clear recommendations: Browser Use (integrate), Graphify (investigate),
Multica (skip)
- Phased integration roadmap
Add tools/browser_use_tool.py:
- Wraps browser-use library as Hermes tool (toolset: browser_use)
- Three tools: browser_use_run, browser_use_extract, browser_use_compare
- Autonomous multi-step browser automation from natural language tasks
- Integrates with existing url_safety and website_policy security modules
- Supports both local Playwright and cloud execution modes
- Follows existing tool registration pattern (registry.register)
Refs: #262
2026-04-10 07:10:29 -04:00
f81c60a5b3
Merge pull request 'docs: Improve KNOWN_VIOLATIONS justifications for SOUL.md alignment' ( #267 ) from feature/improve-sovereignty-justification into main
...
Forge CI / smoke-and-build (push) Failing after 41s
Merge PR #267 : docs: Improve KNOWN_VIOLATIONS justifications for SOUL.md alignment
2026-04-10 09:35:51 +00:00
01977f28fb
docs: improve KNOWN_VIOLATIONS justifications in verify_memory_sovereignty.py
Forge CI / smoke-and-build (pull_request) Failing after 36s
2026-04-10 00:12:42 -04:00
a055e68ebf
Merge pull request #265
...
Forge CI / smoke-and-build (push) Failing after 43s
Merged PR #265
2026-04-10 03:44:23 +00:00
f6c9ecb893
Merge pull request #264
...
Forge CI / smoke-and-build (push) Has been cancelled
Merged PR #264
2026-04-10 03:44:19 +00:00
549431bb81
Merge pull request #259
...
Forge CI / smoke-and-build (push) Has been cancelled
Merged PR #259
2026-04-10 03:44:16 +00:00
43dc2d21f2
Merge pull request #263
...
Forge CI / smoke-and-build (push) Has been cancelled
Merged PR #263
2026-04-10 03:44:04 +00:00
2948d010b7
Merge pull request #266
...
Forge CI / smoke-and-build (push) Has been cancelled
Merged PR #266
2026-04-10 03:44:00 +00:00
Alexander Whitestone
0d92b9ad15
feat(scripts): add memory budget enforcement tool ( #256 )
...
Forge CI / smoke-and-build (pull_request) Successful in 40s
Add scripts/memory_budget.py — a CI-friendly tool for checking and
enforcing character budgets on MEMORY.md and USER.md memory files.
Features:
- Checks MEMORY.md vs memory_char_limit (default 2200)
- Checks USER.md vs user_char_limit (default 1375)
- Estimates total injection cost (chars / ~4 chars per token)
- Alerts when approaching limits (>80% usage)
- --report flag for detailed breakdown with progress bars
- --verbose flag for per-entry details
- --enforce flag trims oldest entries to fit budget
- --json flag for machine-readable output (CI integration)
- Exit codes: 0=within budget, 1=over budget, 2=trimmed
- Suggestions for largest entries when over budget
Relates to #256
2026-04-09 21:13:01 -04:00
Alexander Whitestone
2e37ff638a
Add memory sovereignty verification script ( #257 )
...
Forge CI / smoke-and-build (pull_request) Successful in 39s
CI check that scans all memory-path code for network dependencies.
Scans 8 memory-related files:
- tools/memory_tool.py (MEMORY.md/USER.md store)
- hermes_state.py (SQLite session store)
- tools/session_search_tool.py (FTS5 session search)
- tools/graph_store.py (knowledge graph)
- tools/temporal_kg_tool.py (temporal KG tool)
- agent/temporal_knowledge_graph.py (temporal triple store)
- tools/skills_tool.py (skill listing/viewing)
- tools/skills_sync.py (bundled skill syncing)
Verifies no HTTP/HTTPS calls, no external API usage, and no
network dependencies in the core memory read/write path.
Reports violations with file:line references. Exit 0 if sovereign,
exit 1 if violations found. Suitable for CI integration.
2026-04-09 21:07:03 -04:00
Alexander Whitestone
815160bd6f
burn: add Memory Architecture Guide ( closes #263 , #258 )
...
Forge CI / smoke-and-build (pull_request) Successful in 1m3s
Developer-facing guide covering all four memory tiers:
- Built-in memory (MEMORY.md/USER.md) with frozen snapshot pattern
- Session search (FTS5 + Gemini Flash summarization)
- Skills as procedural memory
- External memory provider plugin architecture
Includes data lifecycle, security guarantees, code paths,
configuration reference, and troubleshooting.
2026-04-09 20:51:45 -04:00
Alexander Whitestone
511eacb573
docs: add Memory Architecture Guide
...
Forge CI / smoke-and-build (pull_request) Successful in 47s
Comprehensive guide covering the Hermes memory system:
- Built-in memory (MEMORY.md / USER.md) with frozen snapshot pattern
- Session search (FTS5 + Gemini Flash summarization)
- Skills as procedural memory
- External memory providers (8 plugins)
- System interaction flow and data lifecycle
- Best practices for what to save/skip
- Privacy and data locality guarantees
- Configuration reference (char limits, nudge interval, flush settings)
- Troubleshooting common issues
Closes #258
2026-04-09 12:45:48 -04:00
