4258 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Hermes Merge Bot	52ea3a8935	Merge PR #850	2026-04-16 02:09:00 -04:00
Hermes Merge Bot	43246d6cb4	Merge PR #852	2026-04-16 02:08:06 -04:00
Hermes Merge Bot	20c5e237a7	Merge PR #861	2026-04-16 02:06:36 -04:00
Hermes Merge Bot	a0f4d10a7f	Merge PR #855	2026-04-16 02:06:17 -04:00
Hermes Merge Bot	bc5d1cf6ff	Merge PR #863	2026-04-16 02:05:44 -04:00
Hermes Merge Bot	dff451081d	Merge PR #856	2026-04-16 02:05:42 -04:00
Hermes Merge Bot	5509b157c5	Merge PR #864	2026-04-16 02:05:05 -04:00
Hermes Merge Bot	fcc322fb81	Merge PR #867	2026-04-16 02:03:23 -04:00
Hermes Merge Bot	9bba9ecc40	Merge PR #866	2026-04-16 02:02:43 -04:00
Hermes Merge Bot	05086e58ea	Merge PR #871	2026-04-16 02:00:55 -04:00
Hermes Merge Bot	7af6889767	Merge PR #869	2026-04-16 02:00:49 -04:00
Alexander Whitestone	5022db9d7b	Merge pull request 'feat: self-modifying agent that improves its own prompts (#813)' (#897) from fix/813 into main	2026-04-16 05:29:11 +00:00
Alexander Whitestone	0f61474b74	Merge pull request 'feat: MCP server — expose hermes tools to fleet peers (#803)' (#896) from fix/803 into main ... Auto-merged PR #896: feat: MCP server — expose hermes tools to fleet peers (#803)	2026-04-16 05:24:27 +00:00
Alexander Whitestone	a528bd5b1b	fix: use .get() for env_vars key in _show_tool_availability_warnings ... Fixes KeyError: 'missing_vars' crash on CLI startup when toolsets are unavailable. registry.py returns dicts with 'env_vars' key, but _show_tool_availability_warnings() was accessing 'missing_vars' directly. Now uses .get("env_vars") or .get("missing_vars") to handle both key names, consistent with how doctor.py already handles this. Fixes #834 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 01:23:48 -04:00
Alexander Whitestone	e63cdaf16f	feat: self-modifying agent that improves its own prompts (#813) ... Resolves #813. Agent analyzes session transcripts for failure patterns and generates prompt patches to prevent future failures. agent/self_modify.py (PromptLearner class): - analyze_session(): detects 5 failure types from transcripts: retry_loop, timeout, hallucination, context_loss, tool_failure - generate_patches(): converts patterns to prompt patches with confidence scoring (frequency-based) - apply_patches(): appends learned rules to system prompt with backup and rollback support - learn_from_session(): full cycle analyze → patch → apply Failures → patterns → patches → improved prompts → fewer failures. Safety: patches only ADD rules (append-only), never remove. Rollback: restores from timestamped backup.	2026-04-16 01:23:48 -04:00
Alexander Whitestone	2b7b12baf9	feat: MCP server — expose hermes tools to fleet peers (#803) ... Resolves #803. Standalone MCP server that exposes safe hermes tools to other fleet agents. scripts/mcp_server.py: - Exposes: terminal, file_read, file_search, web_search, session_search - Blocks: approval, delegate, memory, config, cron, send_message - Terminal uses approval.py dangerous command detection - Auth via Bearer token (MCP_AUTH_KEY) - HTTP endpoints: GET /mcp/tools, POST /mcp/tools/call, GET /health Usage: python scripts/mcp_server.py --port 8081 --auth-key SECRET curl http://localhost:8081/mcp/tools curl -X POST http://localhost:8081/mcp/tools/call -d {"name":"file_read","arguments":{"path":"README.md"}}	2026-04-16 01:10:00 -04:00
Alexander Whitestone	6b40c5db7a	fix: use env_vars key in _show_tool_availability_warnings to prevent KeyError ... registry.py:check_tool_availability() returns unavailable dicts with key "env_vars", but _show_tool_availability_warnings() in cli.py was accessing u["missing_vars"] causing a KeyError crashing CLI startup whenever any toolset was disabled. Fix matches how doctor.py already handles the same data. Fixes #834 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 00:42:03 -04:00
Google AI Agent	5a24894f78	fix: update hermes_cli/web_server.py for agent card discovery	2026-04-16 03:45:04 +00:00
Google AI Agent	a474eb8459	fix: add agent/agent_card.py for agent card discovery	2026-04-16 03:45:01 +00:00
Alexander Whitestone	3238cf4eb1	feat: Tool investigation report + Mem0 local provider (#842) ... ## Investigation Report - docs/tool-investigation-2026-04-15.md: Full report analyzing 414 tools from awesome-ai-tools. Top 5 recommendations with integration paths. - docs/plans/awesome-ai-tools-integration.md: Implementation tracking plan. ## Mem0 Local Provider (P1) - plugins/memory/mem0_local/: New ChromaDB-backed memory provider. No API key required - fully sovereign. Compatible tool schemas with cloud Mem0 (mem0_profile, mem0_search, mem0_conclude). - Pattern-based fact extraction from conversations. - Deterministic dedup via content hashing. - Circuit breaker for resilience. - tests/plugins/memory/test_mem0_local.py: Full test coverage. ## Issues Filed - #857: LightRAG integration (P2) - #858: n8n workflow orchestration (P3) - #859: RAGFlow document understanding (P4) - #860: tensorzero LLMOps evaluation (P3) Closes #842	2026-04-15 23:04:41 -04:00
Timmy	eed87e454e	test: Benchmark Gemma 4 vision accuracy vs current approach (#817) ... Vision benchmark suite comparing Gemma 4 (google/gemma-4-27b-it) vs current Gemini 3 Flash Preview (google/gemini-3-flash-preview). Metrics: - OCR accuracy (character + word overlap) - Description completeness (keyword coverage) - Structural quality (length, sentences, numbers) - Latency (ms per image) - Token usage - Consistency across runs Features: - 24 diverse test images (screenshots, diagrams, photos, charts) - Category-specific evaluation prompts - Automated verdict with composite scoring - JSON + markdown report output - 28 unit tests passing Usage: python benchmarks/vision_benchmark.py --images benchmarks/test_images.json python benchmarks/vision_benchmark.py --url https://example.com/img.png python benchmarks/vision_benchmark.py --generate-dataset Closes #817.	2026-04-15 23:02:02 -04:00
Alexander Whitestone	f03709aa29	test: crisis hook integration tests with agent loop (#707) ... 10 integration tests verifying crisis detection works correctly when called from the agent conversation flow: - scan_user_message detects CRITICAL/HIGH/MEDIUM/LOW levels - Safe messages pass through without triggering - Tool handler returns valid JSON - Compassion injection includes 988 lifeline for CRITICAL/HIGH - Case insensitive detection - Empty/None text handled gracefully - False positive resistance on common non-crisis phrases - Config check returns bool - Callable from agent context (not just isolation tests)	2026-04-15 23:00:12 -04:00
Alexander Whitestone	4d8e004b5f	fix: extend JSON repair to remaining json.loads sites in run_agent.py ... Adds `repair_and_load_json()` to utils.py using the `json_repair` library as a fallback when `json.loads()` fails. Replaces 8 non-hot-path json.loads sites identified in issue #809: - L2250: trajectory/sanitization message content parsing - L2500: tool_call dict reconstruction in trajectory conversion - L2535: tool_content parsing (JSON-like strings in tool responses) - L2888: session log file loading (with warning on unrecoverable parse) - L3119: todo content parsing in message processing - L5963: vision result_json parsing - L6761: memory flush tool call argument parsing - L8300: cache serialization tool call args normalization Each site uses an appropriate default ({} for tool args, None/continue for content parsing) and a context label for debug tracing. Fixes #809	2026-04-15 22:56:39 -04:00
PRIMA	85a654348a	feat: poka-yoke — prevent hardcoded ~/.hermes paths (closes #835) ... scripts/lint_hardcoded_paths.py (new): - Scans Python files for hardcoded home-directory paths - Detects: Path.home()/.hermes without env fallback, /Users/<name>/, /home/<name>/ - Excludes: comments, docstrings, test files, skills, plugins, docs - Excludes correct patterns: profiles_parent, current_default, native_home - Supports --staged (git pre-commit), --fix (suggestions), --json output scripts/pre-commit-hardcoded-paths.sh (new): - Pre-commit hook that runs lint_hardcoded_paths.py --staged - Blocks commits containing hardcoded path violations tools/confirmation_daemon.py (fixed): - Replaced Path.home() / '.hermes' / 'approval_whitelist.json' with get_hermes_home() / 'approval_whitelist.json' - Added import of get_hermes_home from hermes_constants tests/test_hardcoded_paths.py (new): - 11 tests: detection, exclusion, fallback patterns, clean files	2026-04-15 22:56:32 -04:00
Alexander Whitestone	fc0d8fe5e9	fix: extend JSON repair to ALL remaining json.loads sites (#809)	2026-04-16 02:53:41 +00:00
Alexander Whitestone	13ef670c05	feat: session compaction with fact extraction (#748) ... Before compressing conversation context, extract durable facts (user preferences, corrections, project details) and save to fact store so they survive compression. New agent/session_compactor.py: - extract_facts_from_messages(): scans user messages for preferences, corrections, project/infra facts using regex - 3 pattern categories: user_pref (5 patterns), correction (3 patterns), project (4 patterns) - ExtractedFact: category, entity, content, confidence, source_turn - save_facts_to_store(): saves to fact store (callback or auto-detect) - extract_and_save_facts(): one-call extraction + persistence - Deduplication by category+content - Skips tool results, short messages, system messages - format_facts_summary(): human-readable summary Tests: tests/test_session_compactor.py (9 tests) Closes #748	2026-04-15 22:41:54 -04:00
Alexander Whitestone	4752a0085e	fix: extend JSON repair to remaining json.loads sites in run_agent.py (#809)	2026-04-16 02:40:51 +00:00
Alexander Whitestone	b26a6ec23b	feat: add repair_and_load_json() to utils.py (#809)	2026-04-16 02:38:01 +00:00
Alexander Whitestone	9f0c410481	feat: batch tool execution with parallel safety checks (#749) ... Centralized safety classification for tool call batches: tools/batch_executor.py (new): - classify_tool_calls() — classifies batch into parallel_safe, path_scoped, sequential, never_parallel tiers - BatchExecutionPlan — structured plan with parallel and sequential batches - Path conflict detection — write_file + patch on same file go sequential - Destructive command detection — rm, mv, sed -i, redirects - execute_parallel_batch() — ThreadPoolExecutor for concurrent execution tools/registry.py (enhanced): - ToolEntry.parallel_safe field — tools can declare parallel safety - registry.register() accepts parallel_safe=True parameter - registry.get_parallel_safe_tools() — query registry-declared safe tools Safety tiers: - parallel_safe: read_file, web_search, search_files, etc. - path_scoped: write_file, patch (concurrent when paths don't overlap) - sequential: terminal, delegate_task, unknown tools - never_parallel: clarify (requires user interaction) 19 tests passing.	2026-04-15 22:17:16 -04:00
Alexander Whitestone	b34b5b293d	test: add tests for tool hallucination prevention (#836)	2026-04-16 02:15:59 +00:00
Alexander Whitestone	05f9d2b009	feat: integrate poka-yoke validation into tool dispatch (#836) ... - Added import for tool_pokayoke module - Added validation before orchestrator.dispatch calls - Auto-corrects tool names and parameters - Returns structured errors with suggestions - Circuit breaker for consecutive failures Closes #836	2026-04-16 02:15:17 +00:00
Timmy Time	fb7464995c	fix: Ultraplan Mode for daily autonomous planning (closes #840)	2026-04-15 22:14:16 -04:00
Alexander Whitestone	8ef766beac	feat: add tool hallucination prevention module (#836) ... - Validates tool names against registered tools - Auto-corrects parameter names within Levenshtein distance 1 - Circuit breaker for consecutive failures (threshold: 3) - Structured error messages with suggestions Closes #836	2026-04-16 02:10:39 +00:00
Alexander Whitestone	db72e908f7	Merge pull request 'feat(security): implement Vitalik's secure LLM patterns — privacy filter + confirmation daemon [resolves merge conflict]' (#830) from feat/vitalik-secure-llm-1776303263 into main ... Vitalik's secure LLM patterns — privacy filter + confirmation daemon Clean rebase of #397 onto current main. Resolves merge conflicts in tools/approval.py.	2026-04-16 01:36:58 +00:00
Alexander Whitestone	b82b760d5d	feat: add Vitalik's threat model patterns to DANGEROUS_PATTERNS	2026-04-16 01:35:49 +00:00
Alexander Whitestone	d8d7846897	feat: add tests/tools/test_confirmation_daemon.py from PR #397	2026-04-16 01:35:24 +00:00
Alexander Whitestone	6840d05554	feat: add tests/agent/test_privacy_filter.py from PR #397	2026-04-16 01:35:21 +00:00
Alexander Whitestone	8abe59ed95	feat: add tools/confirmation_daemon.py from PR #397	2026-04-16 01:35:18 +00:00
Alexander Whitestone	435d790201	feat: add agent/privacy_filter.py from PR #397	2026-04-16 01:35:14 +00:00
Alexander Whitestone	30afd529ac	feat: add crisis detection tool — the-door integration (#141) ... New tool: tools/crisis_tool.py - Wraps the-door's canonical crisis detection (detect.py) - Scans user messages for despair/suicidal ideation - Classifies into NONE/LOW/MEDIUM/HIGH/CRITICAL tiers - Provides recommended actions per tier - Gateway hook: scan_user_message() for pre-API-call detection - System prompt injection: compassion_injection based on crisis level - Optional escalation logging to crisis_escalations.jsonl - Optional bridge API POST for HIGH+ (configurable via CRISIS_BRIDGE_URL) - Configurable via crisis_detection: true/false in config.yaml - Follows the-door design principles: never computes life value, never suggests death, errs on side of higher risk Also: tests/test_crisis_tool.py (9 tests, all passing)	2026-04-15 21:00:06 -04:00
Alexander Whitestone	a244b157be	bench: add Gemma 4 vs mimo-v2-pro tool calling benchmark (#796) ... 100-call regression test across 7 tool categories: - File operations (20): read_file, write_file, search_files - Terminal commands (20): shell execution - Web search (15): web_search - Code execution (15): execute_code - Browser automation (10): browser_navigate - Delegation (10): delegate_task - MCP tools (10): mcp_list/read/call Metrics tracked: - Schema parse success (valid JSON tool calls) - Tool name accuracy (correct tool selected) - Arguments accuracy (required args present) - Average latency per call Usage: python3 benchmarks/tool_call_benchmark.py --model nous:xiaomi/mimo-v2-pro python3 benchmarks/tool_call_benchmark.py --model ollama/gemma4:latest python3 benchmarks/tool_call_benchmark.py --compare	2026-04-15 18:56:35 -04:00
Timmy Time	d86359cbb2	Merge pull request 'feat: robust tool orchestration and circuit breaking' (#811) from feat/robust-tool-orchestration-1776268138150 into main	2026-04-15 16:03:07 +00:00
Google AI Agent	f264b55b29	refactor: use ToolOrchestrator for robust tool execution	2026-04-15 15:49:02 +00:00
Google AI Agent	dfe23f66b1	feat: add ToolOrchestrator with circuit breaker	2026-04-15 15:49:00 +00:00
Teknium	722331a57d	fix: replace hardcoded ~/.hermes with display_hermes_home() in agent-facing text (#10285) ... Tool schema descriptions and tool return values contained hardcoded ~/.hermes paths that the model sees and uses. When HERMES_HOME is set to a custom path (Docker containers, profiles), the agent would still reference ~/.hermes — looking at the wrong directory. Fixes 6 locations across 5 files: - tools/tts_tool.py: output_path schema description - tools/cronjob_tools.py: script path schema description - tools/skill_manager_tool.py: skill_manage schema description - tools/skills_tool.py: two tool return messages - agent/skill_commands.py: skill config injection text All now use display_hermes_home() which resolves to the actual HERMES_HOME path (e.g. /opt/data for Docker, ~/.hermes/profiles/X for profiles, ~/.hermes for default). Reported by: Sandeep Narahari (PrithviDevs)	2026-04-15 04:57:55 -07:00
sprmn24	41e2d61b3f	feat(discord): add native send_animation for inline GIF playback	2026-04-15 04:51:27 -07:00
Teknium	4da598b48a	docs: clarify hermes model vs /model — two commands, two purposes (#10276) ... Users are confused about the difference between `hermes model` (terminal command for full provider setup) and `/model` (session command for switching between already-configured providers). This distinction was not documented anywhere. Changes across 4 doc pages: - cli-commands.md: Added warning callout explaining the difference, added --global flag docs, added 'only see OpenRouter models?' info box - slash-commands.md: Added notes on both TUI and messaging /model entries that /model only switches between configured providers - providers.md: Added 'Two Commands for Model Management' comparison table near top of page, added warning callout in switching section - faq.md: Added new FAQ entry '/model only shows one provider' with quick reference table Prompted by user feedback in Discord — new users consistently hit this confusion when trying to add providers from inside a session.	2026-04-15 04:39:34 -07:00
asheriif	33ae403890	fix(gateway): fix matrix lingering typing indicator	2026-04-15 04:16:16 -07:00
Teknium	47e6ea84bb	fix: file handle bug, warning text, and tests for Discord media send ... - Fix file handle closed before POST: nest session.post() inside the 'with open()' block so aiohttp can read the file during upload - Update warning text to include weixin (also supports media delivery) - Add 8 unit tests covering: text+media, media-only, missing files, upload failures, multiple files, and _send_to_platform routing	2026-04-15 04:16:06 -07:00
sprmn24	4bcb2f2d26	feat(send_message): add native media attachment support for Discord ... Previously send_message only supported media delivery for Telegram. Discord users received a warning that media was omitted. - Add media_files parameter to _send_discord() - Upload media via Discord multipart/form-data API (files[0] field) - Handle Discord in _send_to_platform() same way as Telegram block - Remove Discord from generic chunk loop (now handled above) - Update error/warning strings to mention telegram and discord	2026-04-15 04:16:06 -07:00