Validates tool names against valid_tool_names before execution.
Both sequential and concurrent paths checked.
When model hallucinates non-existent tool:
- Logs warning with tool name
- Returns error listing available tools
- Does NOT make API call (saves budget)
Full feature census of hermes-agent codebase covering:
- Feature Matrix (memory, tools, sessions, plugins, config, gateway)
- Architecture Overview (dependency chain, data flow)
- Recent Development Activity (last 30 days, 1750+ commits)
- Overlap Analysis (what to use vs what to build)
- Contribution Roadmap (upstream vs Timmy Foundation)
Refs: #290
- Extend on_memory_write trigger in run_agent.py to fire for 'remove' action
- Holographic provider now handles 'replace' (re-adds content) and 'remove' (lowers trust on matching facts)
- Fixes orphaned facts when entries are deleted from built-in memory
Fixes#243
Phase 2 of Matrix integration — wires Hermes to any Matrix homeserver.
- docs/matrix-setup.md: step-by-step guide covering matrix.org (testing)
and self-hosted (sovereignty) options, auth methods, E2EE setup, room
config, and troubleshooting
- scripts/setup_matrix.py: interactive wizard that prompts for homeserver,
supports token/password auth, generates MATRIX_DEVICE_ID, writes
~/.hermes/.env and config.yaml, and optionally creates a test room +
sends a test message
No config.py changes needed — all Matrix env vars (MATRIX_HOMESERVER,
MATRIX_ACCESS_TOKEN, MATRIX_USER_ID, MATRIX_PASSWORD, MATRIX_ENCRYPTION,
MATRIX_DEVICE_ID, MATRIX_ALLOWED_USERS, MATRIX_HOME_ROOM, etc.) are
already registered in OPTIONAL_ENV_VARS and _EXTRA_ENV_KEYS.
Closes#271
Add scripts/memory_budget.py — a CI-friendly tool for checking and
enforcing character budgets on MEMORY.md and USER.md memory files.
Features:
- Checks MEMORY.md vs memory_char_limit (default 2200)
- Checks USER.md vs user_char_limit (default 1375)
- Estimates total injection cost (chars / ~4 chars per token)
- Alerts when approaching limits (>80% usage)
- --report flag for detailed breakdown with progress bars
- --verbose flag for per-entry details
- --enforce flag trims oldest entries to fit budget
- --json flag for machine-readable output (CI integration)
- Exit codes: 0=within budget, 1=over budget, 2=trimmed
- Suggestions for largest entries when over budget
Relates to #256
The Ollama feature commit introduced two broken `OpenAI(api_key=*** base_url=...)` calls
where `***` was a redacted variable name and the separating comma was missing.
Replace both occurrences with `api_key=api_key, base_url=base_url`.
Fixes#223
The bezalel-vps-runner is registered in host mode (:host labels)
and cannot execute Docker containers. The container pinning added
in #180 causes all Gitea CI jobs to fail immediately with:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock
Remove container: from .gitea/workflows/*.yml while keeping it in
.github/workflows/ for actual GitHub Actions runners.
Fixes CI for all open PRs and main branch pushes.
* feat: switch managed browser provider from Browserbase to Browser Use
The Nous subscription tool gateway now routes browser automation through
Browser Use instead of Browserbase. This commit:
- Adds managed Nous gateway support to BrowserUseProvider (idempotency
keys, X-BB-API-Key auth header, external_call_id persistence)
- Removes managed gateway support from BrowserbaseProvider (now
direct-only via BROWSERBASE_API_KEY/BROWSERBASE_PROJECT_ID)
- Updates browser_tool.py fallback: prefers Browser Use over Browserbase
- Updates nous_subscription.py: gateway vendor 'browser-use', auto-config
sets cloud_provider='browser-use' for new subscribers
- Updates tools_config.py: Nous Subscription entry now uses Browser Use
- Updates setup.py, cli.py, status.py, prompt_builder.py display strings
- Updates all affected tests to match new behavior
Browserbase remains fully functional for users with direct API credentials.
The change only affects the managed/subscription path.
* chore: remove redundant Browser Use hint from system prompt
* fix: upgrade Browser Use provider to v3 API
- Base URL: api/v2 -> api/v3 (v2 is legacy)
- Unified all endpoints to use native Browser Use paths:
- POST /browsers (create session, returns cdpUrl)
- PATCH /browsers/{id} with {action: stop} (close session)
- Removed managed-mode branching that used Browserbase-style
/v1/sessions paths — v3 gateway now supports /browsers directly
- Removed unused managed_mode variable in close_session
* fix(browser-use): use X-Browser-Use-API-Key header for managed mode
The managed gateway expects X-Browser-Use-API-Key, not X-BB-API-Key
(which is a Browserbase-specific header). Using the wrong header caused
a 401 AUTH_ERROR on every managed-mode browser session create.
Simplified _headers() to always use X-Browser-Use-API-Key regardless
of direct vs managed mode.
* fix(nous_subscription): browserbase explicit provider is direct-only
Since managed Nous gateway now routes through Browser Use, the
browserbase explicit provider path should not check managed_browser_available
(which resolves against the browser-use gateway). Simplified to direct-only
with managed=False.
* fix(browser-use): port missing improvements from PR #5605
- CDP URL normalization: resolve HTTP discovery URLs to websocket after
cloud provider create_session() (prevents agent-browser failures)
- Managed session payload: send timeout=5 and proxyCountryCode=us for
gateway-backed sessions (prevents billing overruns)
- Update prompt builder, browser_close schema, and module docstring to
replace remaining Browserbase references with Browser Use
- Dynamic /browser status detection via _get_cloud_provider() instead
of hardcoded env var checks (future-proof for new providers)
- Rename post_setup key from 'browserbase' to 'agent_browser'
- Update setup hint to mention Browser Use alongside Browserbase
- Add tests: CDP normalization, browserbase direct-only guard,
managed browser-use gateway, direct browserbase fallback
---------
Co-authored-by: rob-maron <132852777+rob-maron@users.noreply.github.com>
