Timmy_Foundation/hermes-agent

Fork 0

Files

Google AI Agent f2159d4103 feat: consolidate release notes into CHANGELOG.md

2026-04-13 00:31:17 +00:00

202 KiB

Raw Blame History

Changelog

Hermes Agent v0.7.0 (v2026.4.3)

Release Date: April 3, 2026

The resilience release — pluggable memory providers, credential pool rotation, Camofox anti-detection browser, inline diff previews, gateway hardening across race conditions and approval routing, and deep security fixes across 168 PRs and 46 resolved issues.

✨ Highlights

Pluggable Memory Provider Interface — Memory is now an extensible plugin system. Third-party memory backends (Honcho, vector stores, custom DBs) implement a simple provider ABC and register via the plugin system. Built-in memory is the default provider. Honcho integration restored to full parity as the reference plugin with profile-scoped host/peer resolution. (#4623, #4616, #4355)
Same-Provider Credential Pools — Configure multiple API keys for the same provider with automatic rotation. Thread-safe least_used strategy distributes load across keys, and 401 failures trigger automatic rotation to the next credential. Set up via the setup wizard or credential_pool config. (#4188, #4300, #4361)
Camofox Anti-Detection Browser Backend — New local browser backend using Camoufox for stealth browsing. Persistent sessions with VNC URL discovery for visual debugging, configurable SSRF bypass for local backends, auto-install via hermes tools. (#4008, #4419, #4292)
Inline Diff Previews — File write and patch operations now show inline diffs in the tool activity feed, giving you visual confirmation of what changed before the agent moves on. (#4411, #4423)
API Server Session Continuity & Tool Streaming — The API server (Open WebUI integration) now streams tool progress events in real-time and supports X-Hermes-Session-Id headers for persistent sessions across requests. Sessions persist to the shared SessionDB. (#4092, #4478, #4802)
ACP: Client-Provided MCP Servers — Editor integrations (VS Code, Zed, JetBrains) can now register their own MCP servers, which Hermes picks up as additional agent tools. Your editor's MCP ecosystem flows directly into the agent. (#4705)
Gateway Hardening — Major stability pass across race conditions, photo media delivery, flood control, stuck sessions, approval routing, and compression death spirals. The gateway is substantially more reliable in production. (#4727, #4750, #4798, #4557)
Security: Secret Exfiltration Blocking — Browser URLs and LLM responses are now scanned for secret patterns, blocking exfiltration attempts via URL encoding, base64, or prompt injection. Credential directory protections expanded to .docker, .azure, .config/gh. Execute_code sandbox output is redacted. (#4483, #4360, #4305, #4327)

🏗️ Core Agent & Architecture

Provider & Model Support

Same-provider credential pools — configure multiple API keys with automatic least_used rotation and 401 failover (#4188, #4300)
Credential pool preserved through smart routing — pool state survives fallback provider switches and defers eager fallback on 429 (#4361)
Per-turn primary runtime restoration — after fallback provider use, the agent automatically restores the primary provider on the next turn with transport recovery (#4624)
developer role for GPT-5 and Codex models — uses OpenAI's recommended system message role for newer models (#4498)
Google model operational guidance — Gemini and Gemma models get provider-specific prompting guidance (#4641)
Anthropic long-context tier 429 handling — automatically reduces context to 200k when hitting tier limits (#4747)
URL-based auth for third-party Anthropic endpoints + CI test fixes (#4148)
Bearer auth for MiniMax Anthropic endpoints (#4028)
Fireworks context length detection (#4158)
Standard DashScope international endpoint for Alibaba provider (#4133, closes #3912)
Custom providers context_length honored in hygiene compression (#4085)
Non-sk-ant keys treated as regular API keys, not OAuth tokens (#4093)
Claude-sonnet-4.6 added to OpenRouter and Nous model lists (#4157)
Qwen 3.6 Plus Preview added to model lists (#4376)
MiniMax M2.7 added to hermes model picker and OpenCode (#4208)
Auto-detect models from server probe in custom endpoint setup (#4218)
Config.yaml single source of truth for endpoint URLs — no more env var vs config.yaml conflicts (#4165)
Setup wizard no longer overwrites custom endpoint config (#4180, closes #4172)
Unified setup wizard provider selection with hermes model — single code path for both flows (#4200)
Root-level provider config no longer overrides model.provider (#4329)
Rate-limit pairing rejection messages to prevent spam (#4081)

Agent Loop & Conversation

Preserve Anthropic thinking block signatures across tool-use turns (#4626)
Classify think-only empty responses before retrying — prevents infinite retry loops on models that produce thinking blocks without content (#4645)
Prevent compression death spiral from API disconnects — stops the loop where compression triggers, fails, compresses again (#4750, closes #2153)
Persist compressed context to gateway session after mid-run compression (#4095)
Context-exceeded error messages now include actionable guidance (#4155, closes #4061)
Strip orphaned think/reasoning tags from user-facing responses (#4311, closes #4285)
Harden Codex responses preflight and stream error handling (#4313)
Deterministic call_id fallbacks instead of random UUIDs for prompt cache consistency (#3991)
Context pressure warning spam prevented after compression (#4012)
AsyncOpenAI created lazily in trajectory compressor to avoid closed event loop errors (#4013)

Memory & Sessions

Pluggable memory provider interface — ABC-based plugin system for custom memory backends with profile isolation (#4623)
Honcho full integration parity restored as reference memory provider plugin (#4355) — @erosika
Honcho profile-scoped host and peer resolution (#4616)
Memory flush state persisted to prevent redundant re-flushes on gateway restart (#4481)
Memory provider tools routed through sequential execution path (#4803)
Honcho config written to instance-local path for profile isolation (#4037)
API server sessions persist to shared SessionDB (#4802)
Token usage persisted for non-CLI sessions (#4627)
Quote dotted terms in FTS5 queries — fixes session search for terms containing dots (#4549)

📱 Messaging Platforms (Gateway)

Gateway Core

Race condition fixes — photo media loss, flood control, stuck sessions, and STT config issues resolved in one hardening pass (#4727)
Approval routing through running-agent guard — /approve and /deny now route correctly when the agent is blocked waiting for approval instead of being swallowed as interrupts (#4798, #4557, closes #4542)
Resume agent after /approve — tool result is no longer lost when executing blocked commands (#4418)
DM thread sessions seeded with parent transcript to preserve context (#4559)
Skill-aware slash commands — gateway dynamically registers installed skills as slash commands with paginated /commands list and Telegram 100-command cap (#3934, #4005, #4006, #4010, #4023)
Per-platform disabled skills respected in Telegram menu and gateway dispatch (#4799)
Remove user-facing compression warnings — cleaner message flow (#4139)
-v/-q flags wired to stderr logging for gateway service (#4474)
HERMES_HOME remapped to target user in system service unit (#4456)
Honor default for invalid bool-like config values (#4029)
setsid instead of systemd-run for /update command to avoid systemd permission issues (#4104, closes #4017)
'Initializing agent...' shown on first message for better UX (#4086)
Allow running gateway service as root for LXC/container environments (#4732)

32-char limit on command names with collision avoidance (#4211)
Priority order enforced in menu — core > plugins > skills (#4023)
Capped at 50 commands — API rejects above ~60 (#4006)
Skip empty/whitespace text to prevent 400 errors (#4388)
E2E gateway tests added (#4497) — @pefontana

Discord

Button-based approval UI — register /approve and /deny slash commands with interactive button prompts (#4800)
Configurable reactions — discord.reactions config option to disable message processing reactions (#4199)
Skip reactions and auto-threading for unauthorized users (#4387)

Slack

Reply in thread — slack.reply_in_thread config option for threaded responses (#4643, closes #2662)

Enforce require_mention in group chats (#4730)

Webhook

Platform support fixes — skip home channel prompt, disable tool progress for webhook adapters (#4660)

Matrix

E2EE decryption hardening — request missing keys, auto-trust devices, retry buffered events (#4083)

🖥️ CLI & User Experience

New Slash Commands

/yolo — toggle dangerous command approvals on/off for the session (#3990)
/btw — ephemeral side questions that don't affect the main conversation context (#4161)
/profile — show active profile info without leaving the chat session (#4027)

Interactive CLI

Inline diff previews for write and patch operations in the tool activity feed (#4411, #4423)
TUI pinned to bottom on startup — no more large blank spaces between response and input (#4412, #4359, closes #4398, #4421)
/history and /resume now surface recent sessions directly instead of requiring search (#4728)
Cache tokens shown in /insights overview so total adds up (#4428)
--max-turns CLI flag for hermes chat to limit agent iterations (#4314)
Detect dragged file paths instead of treating them as slash commands (#4533) — @rolme
Allow empty strings and falsy values in config set (#4310, closes #4277)
Voice mode in WSL when PulseAudio bridge is configured (#4317)
Respect NO_COLOR env var and TERM=dumb for accessibility (#4079, closes #4066) — @SHL0MS
Correct shell reload instruction for macOS/zsh users (#4025)
Zero exit code on successful quiet mode queries (#4613, closes #4601) — @devorun
on_session_end hook fires on interrupted exits (#4159)
Profile list display reads model.default key correctly (#4160)
Browser and TTS shown in reconfigure menu (#4041)
Web backend priority detection simplified (#4036)

Setup & Configuration

Allowed_users preserved during setup and quiet unconfigured provider warnings (#4551) — @kshitijk4poor
Save API key to model config for custom endpoints (#4202, closes #4182)
Claude Code credentials gated behind explicit Hermes config in wizard trigger (#4210)
Atomic writes in save_config_value to prevent config loss on interrupt (#4298, #4320)
Scopes field written to Claude Code credentials on token refresh (#4126)

Update System

Fork detection and upstream sync in hermes update (#4744)
Preserve working optional extras when one extra fails during update (#4550)
Handle conflicted git index during hermes update (#4735)
Avoid launchd restart race on macOS (#4736)
Missing subprocess.run() timeouts added to doctor and status commands (#4009)

🔧 Tool System

Browser

Camofox anti-detection browser backend — local stealth browsing with auto-install via hermes tools (#4008)
Persistent Camofox sessions with VNC URL discovery for visual debugging (#4419)
Skip SSRF check for local backends (Camofox, headless Chromium) (#4292)
Configurable SSRF check via browser.allow_private_urls (#4198) — @nils010485
CAMOFOX_PORT=9377 added to Docker commands (#4340)

File Operations

Inline diff previews on write and patch actions (#4411, #4423)
Stale file detection on write and patch — warns when file was modified externally since last read (#4345)
Staleness timestamp refreshed after writes (#4390)
Size guard, dedup, and device blocking on read_file (#4315)

MCP

Stability fix pack — reload timeout, shutdown cleanup, event loop handler, OAuth non-blocking (#4757, closes #4462, #2537)

ACP (Editor Integration)

Client-provided MCP servers registered as agent tools — editors pass their MCP servers to Hermes (#4705)

Skills System

Size limits for agent writes and fuzzy matching for skill patch — prevents oversized skill writes and improves edit reliability (#4414)
Validate hub bundle paths before install — blocks path traversal in skill bundles (#3986)
Unified hermes-agent and hermes-agent-setup into single skill (#4332)
Skill metadata type check in extract_skill_conditions (#4479)

New/Updated Skills

research-paper-writing — full end-to-end research pipeline (replaced ml-paper-writing) (#4654) — @SHL0MS
ascii-video — text readability techniques and external layout oracle (#4054) — @SHL0MS
youtube-transcript updated for youtube-transcript-api v1.x (#4455) — @el-analista
Skills browse and search page added to documentation site (#4500) — @IAvecilla

🔒 Security & Reliability

Security Hardening

Block secret exfiltration via browser URLs and LLM responses — scans for secret patterns in URL encoding, base64, and prompt injection vectors (#4483)
Redact secrets from execute_code sandbox output (#4360)
Protect .docker, .azure, .config/gh credential directories from read/write via file tools and terminal (#4305, #4327) — @memosr
GitHub OAuth token patterns added to redaction + snapshot redact flag (#4295)
Reject private and loopback IPs in Telegram DoH fallback (#4129)
Reject path traversal in credential file registration (#4316)
Validate tar archive member paths on profile import — blocks zip-slip attacks (#4318)
Exclude auth.json and .env from profile exports (#4475)

Reliability

Prevent compression death spiral from API disconnects (#4750, closes #2153)
Handle is_closed as method in OpenAI SDK — prevents false positive client closure detection (#4416, closes #4377)
Exclude matrix from [all] extras — python-olm is upstream-broken, prevents install failures (#4615, closes #4178)
OpenCode model routing repaired (#4508)
Docker container image optimized (#4034) — @bcross

Windows & Cross-Platform

Voice mode in WSL with PulseAudio bridge (#4317)
Homebrew packaging preparation (#4099)
CI fork conditionals to prevent workflow failures on forks (#4107)

🐛 Notable Bug Fixes

Gateway approval blocked agent thread — approval now blocks the agent thread like CLI does, preventing tool result loss (#4557, closes #4542)
Compression death spiral from API disconnects — detected and halted instead of looping (#4750, closes #2153)
Anthropic thinking blocks lost across tool-use turns (#4626)
Profile model config ignored with -p flag — model.model now promoted to model.default correctly (#4160, closes #4486)
CLI blank space between response and input area (#4412, #4359, closes #4398)
Dragged file paths treated as slash commands instead of file references (#4533) — @rolme
Orphaned </think> tags leaking into user-facing responses (#4311, closes #4285)
OpenAI SDK is_closed is a method not property — false positive client closure (#4416, closes #4377)
MCP OAuth server could block Hermes startup instead of degrading gracefully (#4757, closes #4462)
MCP event loop closed on shutdown with HTTP servers (#4757, closes #2537)
Alibaba provider hardcoded to wrong endpoint (#4133, closes #3912)
Slack reply_in_thread missing config option (#4643, closes #2662)
Quiet mode exit code — successful -q queries no longer exit nonzero (#4613, closes #4601)
Mobile sidebar shows only close button due to backdrop-filter issue in docs site (#4207) — @xsmyile
Config restore reverted by stale-branch squash merge — _config_version fixed (#4440)

🧪 Testing

Telegram gateway E2E tests — full integration test suite for the Telegram adapter (#4497) — @pefontana
11 real test failures fixed plus sys.modules cascade poisoner resolved (#4570)
7 CI failures resolved across hooks, plugins, and skill tests (#3936)
Codex 401 refresh tests updated for CI compatibility (#4166)
Stale OPENAI_BASE_URL test fixed (#4217)

📚 Documentation

Comprehensive documentation audit — 9 HIGH and 20+ MEDIUM gaps fixed across 21 files (#4087)
Site navigation restructured — features and platforms promoted to top-level (#4116)
Tool progress streaming documented for API server and Open WebUI (#4138)
Telegram webhook mode documentation (#4089)
Local LLM provider guides — comprehensive setup guides with context length warnings (#4294)
WhatsApp allowlist behavior clarified with WHATSAPP_ALLOW_ALL_USERS documentation (#4293)
Slack configuration options — new config section in Slack docs (#4644)
Terminal backends section expanded + docs build fixes (#4016)
Adding-providers guide updated for unified setup flow (#4201)
ACP Zed config fixed (#4743)
Community FAQ entries for common workflows and troubleshooting (#4797)
Skills browse and search page on docs site (#4500) — @IAvecilla

👥 Contributors

Core

@teknium1 — 135 commits across all subsystems

Top Community Contributors

@kshitijk4poor — 13 commits: preserve allowed_users during setup (#4551), and various fixes
@erosika — 12 commits: Honcho full integration parity restored as memory provider plugin (#4355)
@pefontana — 9 commits: Telegram gateway E2E test suite (#4497)
@bcross — 5 commits: Docker container image optimization (#4034)
@SHL0MS — 4 commits: NO_COLOR/TERM=dumb support (#4079), ascii-video skill updates (#4054), research-paper-writing skill (#4654)

All Contributors

@0xbyt4, @arasovic, @Bartok9, @bcross, @binhnt92, @camden-lowrance, @curtitoo, @Dakota, @Dave Tist, @Dean Kerr, @devorun, @dieutx, @Dilee, @el-analista, @erosika, @Gutslabs, @IAvecilla, @Jack, @Johannnnn506, @kshitijk4poor, @Laura Batalha, @Leegenux, @Lume, @MacroAnarchy, @maymuneth, @memosr, @NexVeridian, @Nick, @nils010485, @pefontana, @Penov, @rolme, @SHL0MS, @txchen, @xsmyile

Issues Resolved from Community

@acsezen (#2537), @arasovic (#4285), @camden-lowrance (#4462), @devorun (#4601), @eloklam (#4486), @HenkDz (#3719), @hypotyposis (#2153), @kazamak (#4178), @lstep (#4366), @Mark-Lok (#4542), @NoJster (#4421), @patp (#2662), @pr0n (#4601), @saulmc (#4377), @SHL0MS (#4060, #4061, #4066, #4172, #4277), @Z-Mackintosh (#4398)

Full Changelog: v2026.3.30...v2026.4.3

Hermes Agent v0.6.0 (v2026.3.30)

Release Date: March 30, 2026

The multi-instance release — Profiles for running isolated agent instances, MCP server mode, Docker container, fallback provider chains, two new messaging platforms (Feishu/Lark and WeCom), Telegram webhook mode, Slack multi-workspace OAuth, 95 PRs and 16 resolved issues in 2 days.

✨ Highlights

Profiles — Multi-Instance Hermes — Run multiple isolated Hermes instances from the same installation. Each profile gets its own config, memory, sessions, skills, and gateway service. Create with hermes profile create, switch with hermes -p <name>, export/import for sharing. Full token-lock isolation prevents two profiles from using the same bot credential. (#3681)
MCP Server Mode — Expose Hermes conversations and sessions to any MCP-compatible client (Claude Desktop, Cursor, VS Code, etc.) via hermes mcp serve. Browse conversations, read messages, search across sessions, and manage attachments — all through the Model Context Protocol. Supports both stdio and Streamable HTTP transports. (#3795)
Docker Container — Official Dockerfile for running Hermes Agent in a container. Supports both CLI and gateway modes with volume-mounted config. (#3668, closes #850)
Ordered Fallback Provider Chain — Configure multiple inference providers with automatic failover. When your primary provider returns errors or is unreachable, Hermes automatically tries the next provider in the chain. Configure via fallback_providers in config.yaml. (#3813, closes #1734)
Feishu/Lark Platform Support — Full gateway adapter for Feishu (飞书) and Lark with event subscriptions, message cards, group chat, image/file attachments, and interactive card callbacks. (#3799, #3817, closes #1788)
WeCom (Enterprise WeChat) Platform Support — New gateway adapter for WeCom (企业微信) with text/image/voice messages, group chats, and callback verification. (#3847)
Slack Multi-Workspace OAuth — Connect a single Hermes gateway to multiple Slack workspaces via OAuth token file. Each workspace gets its own bot token, resolved dynamically per incoming event. (#3903)
Telegram Webhook Mode & Group Controls — Run the Telegram adapter in webhook mode as an alternative to polling — faster response times and better for production deployments behind a reverse proxy. New group mention gating controls when the bot responds: always, only when @mentioned, or via regex triggers. (#3880, #3870)
Exa Search Backend — Add Exa as an alternative web search and content extraction backend alongside Firecrawl and DuckDuckGo. Set EXA_API_KEY and configure as preferred backend. (#3648)
Skills & Credentials on Remote Backends — Mount skill directories and credential files into Modal and Docker containers, so remote terminal sessions have access to the same skills and secrets as local execution. (#3890, #3671, closes #3665, #3433)

🏗️ Core Agent & Architecture

Provider & Model Support

Ordered fallback provider chain — automatic failover across multiple configured providers (#3813)
Fix api_mode on provider switch — switching providers via hermes model now correctly clears stale api_mode instead of hardcoding chat_completions, fixing 404s for providers with Anthropic-compatible endpoints (#3726, #3857, closes #3685)
Stop silent OpenRouter fallback — when no provider is configured, Hermes now raises a clear error instead of silently routing to OpenRouter (#3807, #3862)
Gemini 3.1 preview models — added to OpenRouter and Nous Portal catalogs (#3803, closes #3753)
Gemini direct API context length — full context length resolution for direct Google AI endpoints (#3876)
gpt-5.4-mini added to Codex fallback catalog (#3855)
Curated model lists preferred over live API probe when the probe returns fewer models (#3856, #3867)
User-friendly 429 rate limit messages with Retry-After countdown (#3809)
Auxiliary client placeholder key for local servers without auth requirements (#3842)
INFO-level logging for auxiliary provider resolution (#3866)

Agent Loop & Conversation

Subagent status reporting — reports completed status when summary exists instead of generic failure (#3829)
Session log file updated during compression — prevents stale file references after context compression (#3835)
Omit empty tools param — sends no tools parameter when empty instead of None, fixing compatibility with strict providers (#3820)

Profiles & Multi-Instance

Profiles system — hermes profile create/list/switch/delete/export/import/rename. Each profile gets isolated HERMES_HOME, gateway service, CLI wrapper. Token locks prevent credential collisions. Tab completion for profile names. (#3681)
Profile-aware display paths — all user-facing ~/.hermes paths replaced with display_hermes_home() to show the correct profile directory (#3623)
Lazy display_hermes_home imports — prevents ImportError during hermes update when modules cache stale bytecode (#3776)
HERMES_HOME for protected paths — .env write-deny path now respects HERMES_HOME instead of hardcoded ~/.hermes (#3840)

📱 Messaging Platforms (Gateway)

New Platforms

Feishu/Lark — Full adapter with event subscriptions, message cards, group chat, image/file attachments, interactive card callbacks (#3799, #3817)
WeCom (Enterprise WeChat) — Text/image/voice messages, group chats, callback verification (#3847)

Webhook mode — run as webhook endpoint instead of polling for production deployments (#3880)
Group mention gating & regex triggers — configurable bot response behavior in groups: always, @mention-only, or regex-matched (#3870)
Gracefully handle deleted reply targets — no more crashes when the message being replied to was deleted (#3858, closes #3229)

Discord

Message processing reactions — adds a reaction emoji while processing and removes it when done, giving visual feedback in channels (#3871)
DISCORD_IGNORE_NO_MENTION — skip messages that @mention other users/bots but not Hermes (#3640)
Clean up deferred "thinking..." — properly removes the "thinking..." indicator after slash commands complete (#3674, closes #3595)

Slack

Multi-workspace OAuth — connect to multiple Slack workspaces from a single gateway via OAuth token file (#3903)

Persistent aiohttp session — reuse HTTP sessions across requests instead of creating new ones per message (#3818)
LID↔phone alias resolution — correctly match Linked ID and phone number formats in allowlists (#3830)
Skip reply prefix in bot mode — cleaner message formatting when running as a WhatsApp bot (#3931)

Matrix

Native voice messages via MSC3245 — send voice messages as proper Matrix voice events instead of file attachments (#3877)

Mattermost

Configurable mention behavior — respond to messages without requiring @mention (#3664)

Signal

URL-encode phone numbers and correct attachment RPC parameter — fixes delivery failures with certain phone number formats (#3670) — @kshitijk4poor

Email

Close SMTP/IMAP connections on failure — prevents connection leaks during error scenarios (#3804)

Gateway Core

Atomic config writes — use atomic file writes for config.yaml to prevent data loss during crashes (#3800)
Home channel env overrides — apply environment variable overrides for home channels consistently (#3796, #3808)
Replace print() with logger — BasePlatformAdapter now uses proper logging instead of print statements (#3669)
Cron delivery labels — resolve human-friendly delivery labels via channel directory (#3860, closes #1945)
Cron [SILENT] tightening — prevent agents from prefixing reports with [SILENT] to suppress delivery (#3901)
Background task media delivery and vision download timeout fixes (#3919)
Boot-md hook — example built-in hook to run a BOOT.md file on gateway startup (#3733)

🖥️ CLI & User Experience

Interactive CLI

Configurable tool preview length — show full file paths by default instead of truncating at 40 chars (#3841)
Tool token context display — hermes tools checklist now shows estimated token cost per toolset (#3805)
/bg spinner TUI fix — route background task spinner through the TUI widget to prevent status bar collision (#3643)
Prevent status bar wrapping into duplicate rows (#3883) — @kshitijk4poor
Handle closed stdout ValueError in safe print paths — fixes crashes when stdout is closed during gateway thread shutdown (#3843, closes #3534)
Remove input() from /tools disable — eliminates freeze in terminal when disabling tools (#3918)
TTY guard for interactive CLI commands — prevent CPU spin when launched without a terminal (#3933)
Argparse entrypoint — use argparse in the top-level launcher for cleaner error handling (#3874)
Lazy-initialized tools show yellow in banner instead of red, reducing false alarm about "missing" tools (#3822)
Honcho tools shown in banner when configured (#3810)

Setup & Configuration

Auto-install matrix-nio during hermes setup when Matrix is selected (#3802, #3873)
Session export stdout support — export sessions to stdout with - for piping (#3641, closes #3609)
Configurable approval timeouts — set how long dangerous command approval prompts wait before auto-denying (#3886, closes #3765)
Clear pycache during update — prevents stale bytecode ImportError after hermes update (#3819)

🔧 Tool System

MCP

MCP Server Mode — hermes mcp serve exposes conversations, sessions, and attachments to MCP clients via stdio or Streamable HTTP (#3795)
Dynamic tool discovery — respond to notifications/tools/list_changed events to pick up new tools from MCP servers without reconnecting (#3812)
Non-deprecated HTTP transport — switched from sse_client to streamable_http_client (#3646)

Web Tools

Exa search backend — alternative to Firecrawl and DuckDuckGo for web search and extraction (#3648)

Browser

Guard against None LLM responses in browser snapshot and vision tools (#3642)

Terminal & Remote Backends

Mount skill directories into Modal and Docker containers (#3890)
Mount credential files into remote backends with mtime+size caching (#3671)
Preserve partial output when commands time out instead of losing everything (#3868)
Stop marking persisted env vars as missing on remote backends (#3650)

Audio

.aac format support in transcription tool (#3865, closes #1963)
Audio download retry — retry logic for cache_audio_from_url matching the existing image download pattern (#3401) — @binhnt92

Vision

Reject non-image files and enforce website-only policy for vision analysis (#3845)

Tool Schema

Ensure name field always present in tool definitions, fixing KeyError: 'name' crashes (#3811, closes #3729)

ACP (Editor Integration)

Complete session management surface for VS Code/Zed/JetBrains clients — proper task lifecycle, cancel support, session persistence (#3675)

🧩 Skills & Plugins

Skills System

External skill directories — configure additional skill directories via skills.external_dirs in config.yaml (#3678)
Category path traversal blocked — prevents ../ attacks in skill category names (#3844)
parallel-cli moved to optional-skills — reduces default skill footprint (#3673) — @kshitijk4poor

New Skills

memento-flashcards — spaced repetition flashcard system (#3827)
songwriting-and-ai-music — songwriting craft and AI music generation prompts (#3834)
SiYuan Note — integration with SiYuan note-taking app (#3742)
Scrapling — web scraping skill using Scrapling library (#3742)
one-three-one-rule — communication framework skill (#3797)

Plugin System

Plugin enable/disable commands — hermes plugins enable/disable <name> for managing plugin state without removing them (#3747)
Plugin message injection — plugins can now inject messages into the conversation stream on behalf of the user via ctx.inject_message() (#3778) — @winglian
Honcho self-hosted support — allow local Honcho instances without requiring an API key (#3644)

🔒 Security & Reliability

Security Hardening

Hardened dangerous command detection — expanded pattern matching for risky shell commands and added file tool path guards for sensitive locations (/etc/, /boot/, docker.sock) (#3872)
Sensitive path write checks in approval system — catch writes to system config files through file tools, not just terminal (#3859)
Secret redaction expansion — now covers ElevenLabs, Tavily, and Exa API keys (#3920)
Vision file rejection — reject non-image files passed to vision analysis to prevent information disclosure (#3845)
Category path traversal blocking — prevent directory traversal in skill category names (#3844)

Reliability

Atomic config.yaml writes — prevent data loss during gateway crashes (#3800)
Clear pycache on update — prevent stale bytecode from causing ImportError after updates (#3819)
Lazy imports for update safety — prevent ImportError chains during hermes update when modules reference new functions (#3776)
Restore terminalbench2 from patch corruption — recovered file damaged by patch tool's secret redaction (#3801)
Terminal timeout preserves partial output — no more lost command output on timeout (#3868)

🐛 Notable Bug Fixes

OpenClaw migration model config overwrite — migration no longer overwrites model config dict with a string (#3924) — @0xbyt4
OpenClaw migration expanded — covers full data footprint including sessions, cron, memory (#3869)
Telegram deleted reply targets — gracefully handle replies to deleted messages instead of crashing (#3858)
Discord "thinking..." persistence — properly cleans up deferred response indicators (#3674)
WhatsApp LID↔phone aliases — fixes allowlist matching failures with Linked ID format (#3830)
Signal URL-encoded phone numbers — fixes delivery failures with certain formats (#3670)
Email connection leaks — properly close SMTP/IMAP connections on error (#3804)
_safe_print ValueError — no more gateway thread crashes on closed stdout (#3843)
Tool schema KeyError 'name' — ensure name field always present in tool definitions (#3811)
api_mode stale on provider switch — correctly clear when switching providers via hermes model (#3857)

🧪 Testing

Resolved 10+ CI failures across hooks, tiktoken, plugins, and skill tests (#3848, #3721, #3936)

📚 Documentation

Comprehensive OpenClaw migration guide — step-by-step guide for migrating from OpenClaw/Claw3D to Hermes Agent (#3864, #3900)
Credential file passthrough docs — document how to forward credential files and env vars to remote backends (#3677)
DuckDuckGo requirements clarified — note runtime dependency on duckduckgo-search package (#3680)
Skills catalog updated — added red-teaming category and optional skills listing (#3745)
Feishu docs MDX fix — escape angle-bracket URLs that break Docusaurus build (#3902)

👥 Contributors

Core

@teknium1 — 90 PRs across all subsystems

Community Contributors

@kshitijk4poor — 3 PRs: Signal phone number fix (#3670), parallel-cli to optional-skills (#3673), status bar wrapping fix (#3883)
@winglian — 1 PR: Plugin message injection interface (#3778)
@binhnt92 — 1 PR: Audio download retry logic (#3401)
@0xbyt4 — 1 PR: OpenClaw migration model config fix (#3924)

Issues Resolved from Community

@Material-Scientist (#850), @hanxu98121 (#1734), @penwyp (#1788), @dan-and (#1945), @AdrianScott (#1963), @clawdbot47 (#3229), @alanfwilliams (#3404), @kentimsit (#3433), @hayka-pacha (#3534), @primmer (#3595), @dagelf (#3609), @HenkDz (#3685), @tmdgusya (#3729), @TypQxQ (#3753), @acsezen (#3765)

Full Changelog: v2026.3.28...v2026.3.30

Hermes Agent v0.5.0 (v2026.3.28)

Release Date: March 28, 2026

The hardening release — Hugging Face provider, /model command overhaul, Telegram Private Chat Topics, native Modal SDK, plugin lifecycle hooks, tool-use enforcement for GPT models, Nix flake, 50+ security and reliability fixes, and a comprehensive supply chain audit.

✨ Highlights

Nous Portal now supports 400+ models — The Nous Research inference portal has expanded dramatically, giving Hermes Agent users access to over 400 models through a single provider endpoint
Hugging Face as a first-class inference provider — Full integration with HF Inference API including curated agentic model picker that maps to OpenRouter analogues, live /models endpoint probe, and setup wizard flow (#3419, #3440)
Telegram Private Chat Topics — Project-based conversations with functional skill binding per topic, enabling isolated workflows within a single Telegram chat (#3163)
Native Modal SDK backend — Replaced swe-rex dependency with native Modal SDK (Sandbox.create.aio + exec.aio), eliminating tunnels and simplifying the Modal terminal backend (#3538)
Plugin lifecycle hooks activated — pre_llm_call, post_llm_call, on_session_start, and on_session_end hooks now fire in the agent loop and CLI/gateway, completing the plugin hook system (#3542)
Improved OpenAI Model Reliability — Added GPT_TOOL_USE_GUIDANCE to prevent GPT models from describing intended actions instead of making tool calls, plus automatic stripping of stale budget warnings from conversation history that caused models to avoid tools across turns (#3528)
Nix flake — Full uv2nix build, NixOS module with persistent container mode, auto-generated config keys from Python source, and suffix PATHs for agent-friendliness (#20, #3274, #3061) by @alt-glitch
Supply chain hardening — Removed compromised litellm dependency, pinned all dependency version ranges, regenerated uv.lock with hashes, added CI workflow scanning PRs for supply chain attack patterns, and bumped deps to fix CVEs (#2796, #2810, #2812, #2816, #3073)
Anthropic output limits fix — Replaced hardcoded 16K max_tokens with per-model native output limits (128K for Opus 4.6, 64K for Sonnet 4.6), fixing "Response truncated" and thinking-budget exhaustion on direct Anthropic API (#3426, #3444)

🏗️ Core Agent & Architecture

New Provider: Hugging Face

First-class Hugging Face Inference API integration with auth, setup wizard, and model picker (#3419)
Curated model list mapping OpenRouter agentic defaults to HF equivalents — providers with 8+ curated models skip live /models probe for speed (#3440)
Added glm-5-turbo to Z.AI provider model list (#3095)

Provider & Model Improvements

/model command overhaul — extracted shared switch_model() pipeline for CLI and gateway, custom endpoint support, provider-aware routing (#2795, #2799)
Removed /model slash command from CLI and gateway in favor of hermes model subcommand (#3080)
Preserve custom provider instead of silently remapping to openrouter (#2792)
Read root-level provider and base_url from config.yaml into model config (#3112)
Align Nous Portal model slugs with OpenRouter naming (#3253)
Fix Alibaba provider default endpoint and model list (#3484)
Allow MiniMax users to override /v1 → /anthropic auto-correction (#3553)
Migrate OAuth token refresh to platform.claude.com with fallback (#3246)

Agent Loop & Conversation

Improved OpenAI model reliability — GPT_TOOL_USE_GUIDANCE prevents GPT models from describing actions instead of calling tools + automatic budget warning stripping from history (#3528)
Surface lifecycle events — All retry, fallback, and compression events now surface to the user as formatted messages (#3153)
Anthropic output limits — Per-model native output limits instead of hardcoded 16K max_tokens (#3426)
Thinking-budget exhaustion detection — Skip useless continuation retries when model uses all output tokens on reasoning (#3444)
Always prefer streaming for API calls to prevent hung subagents (#3120)
Restore safe non-streaming fallback after stream failures (#3020)
Give subagents independent iteration budgets (#3004)
Update api_key in _try_activate_fallback for subagent auth (#3103)
Graceful return on max retries instead of crashing thread (untagged commit)
Count compression restarts toward retry limit (#3070)
Include tool tokens in preflight estimate, guard context probe persistence (#3164)
Update context compressor limits after fallback activation (#3305)
Validate empty user messages to prevent Anthropic API 400 errors (#3322)
GLM reasoning-only and max-length handling (#3010)
Increase API timeout default from 900s to 1800s for slow-thinking models (#3431)
Send max_tokens for Claude/OpenRouter + retry SSE connection errors (#3497)
Prevent AsyncOpenAI/httpx cross-loop deadlock in gateway mode (#2701) by @ctlst

Streaming & Reasoning

Persist reasoning across gateway session turns with new schema v6 columns (reasoning, reasoning_details, codex_reasoning_items) (#2974)
Detect and kill stale SSE connections (untagged commit)
Fix stale stream detector race causing spurious RemoteProtocolError (untagged commit)
Skip duplicate callback for <think>-extracted reasoning during streaming (#3116)
Preserve reasoning fields in rewrite_transcript (#3311)
Preserve Gemini thought signatures in streamed tool calls (#2997)
Ensure first delta is fired during reasoning updates (untagged commit)

Session & Memory

Session search recent sessions mode — Omit query to browse recent sessions with titles, previews, and timestamps (#2533)
Session config surfacing on /new, /reset, and auto-reset (#3321)
Third-party session isolation — --source flag for isolating sessions by origin (#3255)
Add /resume CLI handler, session log truncation guard, reopen_session API (#3315)
Clear compressor summary and turn counter on /clear and /new (#3102)
Surface silent SessionDB failures that cause session data loss (#2999)
Session search fallback preview on summarization failure (#3478)
Prevent stale memory overwrites by flush agent (#2687)

Context Compression

Replace dead summary_target_tokens with ratio-based scaling (#2554)
Expose compression.target_ratio, protect_last_n, and threshold in DEFAULT_CONFIG (untagged commit)
Restore sane defaults and cap summary at 12K tokens (untagged commit)
Preserve transcript on /compress and hygiene compression (#3556)
Update context pressure warnings and token estimates after compaction (untagged commit)

Architecture & Dependencies

Remove mini-swe-agent dependency — Inline Docker and Modal backends directly (#2804)
Replace swe-rex with native Modal SDK for Modal backend (#3538)
Plugin lifecycle hooks — pre_llm_call, post_llm_call, on_session_start, on_session_end now fire in the agent loop (#3542)
Fix plugin toolsets invisible in hermes tools and standalone processes (#3457)
Consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
Remove unused Hermes-native PKCE OAuth flow (#3107)
Remove ~100 unused imports across 55 files (#3016)
Fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)

📱 Messaging Platforms (Gateway)

Private Chat Topics — Project-based conversations with functional skill binding per topic, enabling isolated workflows within a single Telegram chat (#3163)
Auto-discover fallback IPs via DNS-over-HTTPS when api.telegram.org is unreachable (#3376)
Configurable reply threading mode (#2907)
Fall back to no thread_id on "Message thread not found" BadRequest (#3390)
Self-reschedule reconnect when start_polling fails after 502 (#3268)

Discord

Stop phantom typing indicator after agent turn completes (#3003)

Slack

Send tool call progress messages to correct Slack thread (#3063)
Scope progress thread fallback to Slack only (#3488)

Download documents, audio, and video media from messages (#2978)

Matrix

Add missing Matrix entry in PLATFORMS dict (#3473)
Harden e2ee access-token handling (#3562)
Add backoff for SyncError in sync loop (#3280)

Signal

Track SSE keepalive comments as connection activity (#3316)

Email

Prevent unbounded growth of _seen_uids in EmailAdapter (#3490)

Gateway Core

Config-gated /verbose command for messaging platforms — toggle tool output verbosity from chat (#3262)
Background review notifications delivered to user chat (#3293)
Retry transient send failures and notify user on exhaustion (#3288)
Recover from hung agents — /stop hard-kills session lock (#3104)
Thread-safe SessionStore — protect _entries with threading.Lock (#3052)
Fix gateway token double-counting with cached agents — use absolute set instead of increment (#3306, #3317)
Fingerprint full auth token in agent cache signature (#3247)
Silence background agent terminal output (#3297)
Include per-platform ALLOW_ALL and SIGNAL_GROUP in startup allowlist check (#3313)
Include user-local bin paths in systemd unit PATH (#3527)
Track background task references in GatewayRunner (#3254)
Add request timeouts to HA, Email, Mattermost, SMS adapters (#3258)
Add media download retry to Mattermost, Slack, and base cache (#3323)
Detect virtualenv path instead of hardcoding venv/ (#2797)
Use TERMINAL_CWD for context file discovery, not process cwd (untagged commit)
Stop loading hermes repo AGENTS.md into gateway sessions (~10k wasted tokens) (#2891)

🖥️ CLI & User Experience

Interactive CLI

Configurable busy input mode + fix /queue always working (#3298)
Preserve user input on multiline paste (#3065)
Tool generation callback — streaming "preparing terminal…" updates during tool argument generation (untagged commit)
Show tool progress for substantive tools, not just "preparing" (untagged commit)
Buffer reasoning preview chunks and fix duplicate display (#3013)
Prevent reasoning box from rendering 3x during tool-calling loops (#3405)
Eliminate "Event loop is closed" / "Press ENTER to continue" during idle — three-layer fix with neuter_async_httpx_del(), custom exception handler, and stale client cleanup (#3398)
Fix status bar shows 26K instead of 260K for token counts with trailing zeros (#3024)
Fix status bar duplicates and degrades during long sessions (#3291)
Refresh TUI before background task output to prevent status bar overlap (#3048)
Suppress KawaiiSpinner animation under patch_stdout (#2994)
Skip KawaiiSpinner when TUI handles tool progress (#2973)
Guard isatty() against closed streams via _is_tty property (#3056)
Ensure single closure of streaming boxes during tool generation (untagged commit)
Cap context pressure percentage at 100% in display (#3480)
Clean up HTML error messages in CLI display (#3069)
Show HTTP status code and 400 body in API error output (#3096)
Extract useful info from HTML error pages, dump debug on max retries (untagged commit)
Prevent TypeError on startup when base_url is None (#3068)
Prevent update crash in non-TTY environments (#3094)
Handle EOFError in sessions delete/prune confirmation prompts (#3101)
Catch KeyboardInterrupt during flush_memories on exit and in exit cleanup handlers (#3025, #3257)
Guard .strip() against None values from YAML config (#3552)
Guard config.get() against YAML null values to prevent AttributeError (#3377)
Store asyncio task references to prevent GC mid-execution (#3267)

Setup & Configuration

Use explicit key mapping for returning-user menu dispatch instead of positional index (#3083)
Use sys.executable for pip in update commands to fix PEP 668 (#3099)
Harden hermes update against diverged history, non-main branches, and gateway edge cases (#3492)
OpenClaw migration overwrites defaults and setup wizard skips imported sections — fixed (#3282)
Stop recursive AGENTS.md walk, load top-level only (#3110)
Add macOS Homebrew paths to browser and terminal PATH resolution (#2713)
YAML boolean handling for tool_progress config (#3300)
Reset default SOUL.md to baseline identity text (#3159)
Reject relative cwd paths for container terminal backends (untagged commit)
Add explicit hermes-api-server toolset for API server platform (#3304)
Reorder setup wizard providers — OpenRouter first (untagged commit)

🔧 Tool System

API Server

Idempotency-Key support, body size limit, and OpenAI error envelope (#2903)
Allow Idempotency-Key in CORS headers (#3530)
Cancel orphaned agent + true interrupt on SSE disconnect (#3427)
Fix streaming breaks when agent makes tool calls (#2985)

Terminal & File Operations

Handle addition-only hunks in V4A patch parser (#3325)
Exponential backoff for persistent shell polling (#2996)
Add timeout to subprocess calls in context_references (#3469)

Browser & Vision

Handle 402 insufficient credits error in vision tool (#2802)
Fix browser_vision ignores auxiliary.vision.timeout config (#2901)
Make browser command timeout configurable via config.yaml (#2801)

MCP

MCP toolset resolution for runtime and config (#3252)
Add MCP tool name collision protection (#3077)

Auxiliary LLM

Guard aux LLM calls against None content + reasoning fallback + retry (#3449)
Catch ImportError from build_anthropic_client in vision auto-detection (#3312)

Other Tools

Add request timeouts to send_message_tool HTTP calls (#3162) by @memosr
Auto-repair jobs.json with invalid control characters (#3537)
Enable fine-grained tool streaming for Claude/OpenRouter (#3497)

🧩 Skills Ecosystem

Skills System

Env var passthrough for skills and user config — skills can declare environment variables to pass through (#2807)
Cache skills prompt with shared skill_utils module for faster TTFT (#3421)
Avoid redundant file re-read for skill conditions (#2992)
Use Git Trees API to prevent silent subdirectory loss during install (#2995)
Fix skills-sh install for deeply nested repo structures (#2980)
Handle null metadata in skill frontmatter (untagged commit)
Preserve trust for skills-sh identifiers + reduce resolution churn (#3251)
Agent-created skills were incorrectly treated as untrusted community content — fixed (untagged commit)

New Skills

G0DM0D3 godmode jailbreaking skill + docs (#3157)
Docker management skill added to optional-skills (#3060)
OpenClaw migration v2 — 17 new modules, terminal recap for migrating from OpenClaw to Hermes (#2906)

🔒 Security & Reliability

Security Hardening

SSRF protection added to browser_navigate (#3058)
SSRF protection added to vision_tools and web_tools (hardened) (#2679)
Restrict subagent toolsets to parent's enabled set (#3269)
Prevent zip-slip path traversal in self-update (#3250)
Prevent shell injection in _expand_path via ~user path suffix (#2685)
Normalize input before dangerous command detection (#3260)
Make tirith block verdicts approvable instead of hard-blocking (#3428)
Remove compromised litellm/typer/platformdirs from deps (#2796)
Pin all dependency version ranges (#2810)
Regenerate uv.lock with hashes, use lockfile in setup (#2812)
Bump dependencies to fix CVEs + regenerate uv.lock (#3073)
Supply chain audit CI workflow for PR scanning (#2816)

Reliability

SQLite WAL write-lock contention causing 15-20s TUI freeze — fixed (#3385)
SQLite concurrency hardening + session transcript integrity (#3249)
Prevent recurring cron job re-fire on gateway crash/restart loop (#3396)
Mark cron session as ended after job completes (#2998)

⚡ Performance

TTFT startup optimizations — salvaged easy-win startup improvements (#3395)
Cache skills prompt with shared skill_utils module (#3421)
Avoid redundant file re-read for skill conditions in prompt builder (#2992)

🐛 Notable Bug Fixes

Fix gateway token double-counting with cached agents (#3306, #3317)
Fix "Event loop is closed" / "Press ENTER to continue" during idle sessions (#3398)
Fix reasoning box rendering 3x during tool-calling loops (#3405)
Fix status bar shows 26K instead of 260K for token counts (#3024)
Fix /queue always working regardless of config (#3298)
Fix phantom Discord typing indicator after agent turn (#3003)
Fix Slack progress messages appearing in wrong thread (#3063)
Fix WhatsApp media downloads (documents, audio, video) (#2978)
Fix Telegram "Message thread not found" killing progress messages (#3390)
Fix OpenClaw migration overwriting defaults (#3282)
Fix returning-user setup menu dispatching wrong section (#3083)
Fix hermes update PEP 668 "externally-managed-environment" error (#3099)
Fix subagents hitting max_iterations prematurely via shared budget (#3004)
Fix YAML boolean handling for tool_progress config (#3300)
Fix config.get() crashes on YAML null values (#3377)
Fix .strip() crash on None values from YAML config (#3552)
Fix hung agents on gateway — /stop now hard-kills session lock (#3104)
Fix _custom provider silently remapped to openrouter (#2792)
Fix Matrix missing from PLATFORMS dict (#3473)
Fix Email adapter unbounded _seen_uids growth (#3490)

🧪 Testing

Pin agent-client-protocol < 0.9 to handle breaking upstream release (#3320)
Catch anthropic ImportError in vision auto-detection tests (#3312)
Update retry-exhaust test for new graceful return behavior (#3320)
Add regression tests for null metadata frontmatter (untagged commit)

📚 Documentation

Update all docs for /model command overhaul and custom provider support (#2800)
Fix stale and incorrect documentation across 18 files (#2805)
Document 9 previously undocumented features (#2814)
Add missing skills, CLI commands, and messaging env vars to docs (#2809)
Fix api-server response storage documentation — SQLite, not in-memory (#2819)
Quote pip install extras to fix zsh glob errors (#2815)
Unify hooks documentation — add plugin hooks to hooks page, add session:end event (untagged commit)
Clarify two-mode behavior in session_search schema description (untagged commit)
Fix Discord Public Bot setting for Discord-provided invite link (#3519) by @mehmoodosman
Revise v0.4.0 changelog — fix feature attribution, reorder sections (untagged commit)

👥 Contributors

Core

@teknium1 — 157 PRs covering the full scope of this release

Community Contributors

@alt-glitch (Siddharth Balyan) — 2 PRs: Nix flake with uv2nix build, NixOS module, and persistent container mode (#20); auto-generated config keys and suffix PATHs for Nix builds (#3061, #3274)
@ctlst — 1 PR: Prevent AsyncOpenAI/httpx cross-loop deadlock in gateway mode (#2701)
@memosr (memosr.eth) — 1 PR: Add request timeouts to send_message_tool HTTP calls (#3162)
@mehmoodosman (Osman Mehmood) — 1 PR: Fix Discord docs for Public Bot setting (#3519)

All Contributors

@alt-glitch, @ctlst, @mehmoodosman, @memosr, @teknium1

Full Changelog: v2026.3.23...v2026.3.28

Hermes Agent v0.4.0 (v2026.3.23)

Release Date: March 23, 2026

The platform expansion release — OpenAI-compatible API server, 6 new messaging adapters, 4 new inference providers, MCP server management with OAuth 2.1, @ context references, gateway prompt caching, streaming enabled by default, and a sweeping reliability pass with 200+ bug fixes.

✨ Highlights

OpenAI-compatible API server — Expose Hermes as an /v1/chat/completions endpoint with a new /api/jobs REST API for cron job management, hardened with input limits, field whitelists, SQLite-backed response persistence, and CORS origin protection (#1756, #2450, #2456, #2451, #2472)
6 new messaging platform adapters — Signal, DingTalk, SMS (Twilio), Mattermost, Matrix, and Webhook adapters join Telegram, Discord, and WhatsApp. Gateway auto-reconnects failed platforms with exponential backoff (#2206, #1685, #1688, #1683, #2166, #2584)
@ context references — Claude Code-style @file and @url context injection with tab completions in the CLI (#2343, #2482)
4 new inference providers — GitHub Copilot (OAuth + token validation), Alibaba Cloud / DashScope, Kilo Code, and OpenCode Zen/Go (#1924, #1879 by @mchzimm, #1673, #1666, #1650)
MCP server management CLI — hermes mcp commands for installing, configuring, and authenticating MCP servers with full OAuth 2.1 PKCE flow (#2465)
Gateway prompt caching — Cache AIAgent instances per session, preserving Anthropic prompt cache across turns for dramatic cost reduction on long conversations (#2282, #2284, #2361)
Context compression overhaul — Structured summaries with iterative updates, token-budget tail protection, configurable summary endpoint, and fallback model support (#2323, #1727, #2224)
Streaming enabled by default — CLI streaming on by default with proper spinner/tool progress display during streaming mode, plus extensive linebreak and concatenation fixes (#2340, #2161, #2258)

🖥️ CLI & User Experience

New Commands & Interactions

@ context completions — Tab-completable @file/@url references that inject file content or web pages into the conversation (#2482, #2343)
/statusbar — Toggle a persistent config bar showing model + provider info in the prompt (#2240, #1917)
/queue — Queue prompts for the agent without interrupting the current run (#2191, #2469)
/permission — Switch approval mode dynamically during a session (#2207)
/browser — Interactive browser sessions from the CLI (#2273, #1814)
/cost — Live pricing and usage tracking in gateway mode (#2180)
/approve and /deny — Replaced bare text approval in gateway with explicit commands (#2002)

Streaming & Display

Streaming enabled by default in CLI (#2340)
Show spinners and tool progress during streaming mode (#2161)
Show reasoning/thinking blocks when show_reasoning enabled (#2118)
Context pressure warnings for CLI and gateway (#2159)
Fix: streaming chunks concatenated without whitespace (#2258)
Fix: iteration boundary linebreak prevents stream concatenation (#2413)
Fix: defer streaming linebreak to prevent blank line stacking (#2473)
Fix: suppress spinner animation in non-TTY environments (#2216)
Fix: display provider and endpoint in API error messages (#2266)
Fix: resolve garbled ANSI escape codes in status printouts (#2448)
Fix: update gold ANSI color to true-color format (#2246)
Fix: normalize toolset labels and use skin colors in banner (#1912)

CLI Polish

Fix: prevent 'Press ENTER to continue...' on exit (#2555)
Fix: flush stdout during agent loop to prevent macOS display freeze (#1654)
Fix: show human-readable error when hermes setup hits permissions error (#2196)
Fix: /stop command crash + UnboundLocalError in streaming media delivery (#2463)
Fix: allow custom/local endpoints without API key (#2556)
Fix: Kitty keyboard protocol Shift+Enter for Ghostty/WezTerm (attempted + reverted due to prompt_toolkit crash) (#2345, #2349)

Configuration

${ENV_VAR} substitution in config.yaml (#2684)
Real-time config reload — config.yaml changes apply without restart (#2210)
custom_models.yaml for user-managed model additions (#2214)
Priority-based context file selection + CLAUDE.md support (#2301)
Merge nested YAML sections instead of replacing on config update (#2213)
Fix: config.yaml provider key overrides env var silently (#2272)
Fix: log warning instead of silently swallowing config.yaml errors (#2683)
Fix: disabled toolsets re-enable themselves after hermes tools (#2268)
Fix: platform default toolsets silently override tool deselection (#2624)
Fix: honor bare YAML approvals.mode: off (#2620)
Fix: hermes update use .[all] extras with fallback (#1728)
Fix: hermes update prompt before resetting working tree on stash conflicts (#2390)
Fix: use git pull --rebase in update/install to avoid divergent branch error (#2274)
Fix: add zprofile fallback and create zshrc on fresh macOS installs (#2320)
Fix: remove ANTHROPIC_BASE_URL env var to avoid collisions (#1675)
Fix: don't ask IMAP password if already in keyring or env (#2212)
Fix: OpenCode Zen/Go show OpenRouter models instead of their own (#2277)

🏗️ Core Agent & Architecture

New Providers

GitHub Copilot — Full OAuth auth, API routing, token validation, and 400k context. (#1924, #1896, #1879 by @mchzimm, #2507)
Alibaba Cloud / DashScope — Full integration with DashScope v1 runtime, model dot preservation, and 401 auth fixes (#1673, #2332, #2459)
Kilo Code — First-class inference provider (#1666)
OpenCode Zen and OpenCode Go — New provider backends (#1650, #2393 by @0xbyt4)
NeuTTS — Local TTS provider backend with built-in setup flow, replacing the old optional skill (#1657, #1664)

Provider Improvements

Eager fallback to backup model on rate-limit errors (#1730)
Endpoint metadata for custom model context and pricing; query local servers for actual context window size (#1906, #2091 by @dusterbloom)
Context length detection overhaul — models.dev integration, provider-aware resolution, fuzzy matching for custom endpoints, /v1/props for llama.cpp (#2158, #2051, #2403)
Model catalog updates — gpt-5.4-mini, gpt-5.4-nano, healer-alpha, haiku-4.5, minimax-m2.7, claude 4.6 at 1M context (#1913, #1915, #1900, #2155, #2474)
Custom endpoint improvements — model.base_url in config.yaml, api_mode override for responses API, allow endpoints without API key, fail fast on missing keys (#2330, #1651, #2556, #2445, #1994, #1998)
Inject model and provider into system prompt (#1929)
Tie api_mode to provider config instead of env var (#1656)
Fix: prevent Anthropic token leaking to third-party anthropic_messages providers (#2389)
Fix: prevent Anthropic fallback from inheriting non-Anthropic base_url (#2388)
Fix: auxiliary_is_nous flag never resets — leaked Nous tags to other providers (#1713)
Fix: Anthropic tool_choice 'none' still allowed tool calls (#1714)
Fix: Mistral parser nested JSON fallback extraction (#2335)
Fix: MiniMax 401 auth resolved by defaulting to anthropic_messages (#2103)
Fix: case-insensitive model family matching (#2350)
Fix: ignore placeholder provider keys in activation checks (#2358)
Fix: Preserve Ollama model:tag colons in context length detection (#2149)
Fix: recognize Claude Code OAuth credentials in startup gate (#1663)
Fix: detect Claude Code version dynamically for OAuth user-agent (#1670)
Fix: OAuth flag stale after refresh/fallback (#1890)
Fix: auxiliary client skips expired Codex JWT (#2397)

Agent Loop

Gateway prompt caching — Cache AIAgent per session, keep assistant turns, fix session restore (#2282, #2284, #2361)
Context compression overhaul — Structured summaries, iterative updates, token-budget tail protection, configurable summary_base_url (#2323, #1727, #2224)
Pre-call sanitization and post-call tool guardrails (#1732)
Auto-recover from provider-rejected tool_choice by retrying without (#2174)
Background memory/skill review replaces inline nudges (#2235)
SOUL.md as primary agent identity instead of hardcoded default (#1922)
Fix: prevent silent tool result loss during context compression (#1993)
Fix: handle empty/null function arguments in tool call recovery (#2163)
Fix: handle API refusal responses gracefully instead of crashing (#2156)
Fix: prevent stuck agent loop on malformed tool calls (#2114)
Fix: return JSON parse error to model instead of dispatching with empty args (#2342)
Fix: consecutive assistant message merge drops content on mixed types (#1703)
Fix: message role alternation violations in JSON recovery and error handler (#1722)
Fix: compression_attempts resets each iteration — allowed unlimited compressions (#1723)
Fix: length_continue_retries never resets — later truncations got fewer retries (#1717)
Fix: compressor summary role violated consecutive-role constraint (#1720, #1743)
Fix: remove hardcoded gemini-3-flash-preview as default summary model (#2464)
Fix: correctly handle empty tool results (#2201)
Fix: crash on None entry in tool_calls list (#2209 by @0xbyt4, #2316)
Fix: per-thread persistent event loops in worker threads (#2214 by @jquesnelle)
Fix: prevent 'event loop already running' when async tools run in parallel (#2207)
Fix: strip ANSI at the source — clean terminal output before it reaches the model (#2115)
Fix: skip top-level cache_control on role:tool for OpenRouter (#2391)
Fix: delegate tool — save parent tool names before child construction mutates global (#2083 by @ygd58, #1894)
Fix: only strip last assistant message if empty string (#2326)

Session & Memory

Session search and management slash commands (#2198)
Auto session titles and .hermes.md project config (#1712)
Fix: concurrent memory writes silently drop entries — added file locking (#1726)
Fix: search all sources by default in session_search (#1892)
Fix: handle hyphenated FTS5 queries and preserve quoted literals (#1776)
Fix: skip corrupt lines in load_transcript instead of crashing (#1744)
Fix: normalize session keys to prevent case-sensitive duplicates (#2157)
Fix: prevent session_search crash when no sessions exist (#2194)
Fix: reset token counters on new session for accurate usage display (#2101 by @InB4DevOps)
Fix: prevent stale memory overwrites by flush agent (#2687)
Fix: remove synthetic error message injection, fix session resume after repeated failures (#2303)
Fix: quiet mode with --resume now passes conversation_history (#2357)
Fix: unify resume logic in batch mode (#2331)

Honcho Memory

Honcho config fixes and @ context reference integration (#2343)
Self-hosted / Docker configuration documentation (#2475)

📱 Messaging Platforms (Gateway)

New Platform Adapters

Signal Messenger — Full adapter with attachment handling, group message filtering, and Note to Self echo-back protection (#2206, #2400, #2297, #2156)
DingTalk — Adapter with gateway wiring and setup docs (#1685, #1690, #1692)
SMS (Twilio) (#1688)
Mattermost — With @-mention-only channel filter (#1683, #2443)
Matrix — With vision support and image caching (#1683, #2520)
Webhook — Platform adapter for external event triggers (#2166)
OpenAI-compatible API server — /v1/chat/completions endpoint with /api/jobs cron management (#1756, #2450, #2456)

Telegram Improvements

MarkdownV2 support — strikethrough, spoiler, blockquotes, escape parentheses/braces/backslashes/backticks (#2199, #2200 by @llbn, #2386)
Auto-detect HTML tags and use parse_mode=HTML (#1709)
Telegram group vision support + thread-based sessions (#2153)
Auto-reconnect polling after network interruption (#2517)
Aggregate split text messages before dispatching (#1674)
Fix: streaming config bridge, not-modified, flood control (#1782, #1783)
Fix: edited_message event crashes (#2074)
Fix: retry 409 polling conflicts before giving up (#2312)
Fix: topic delivery via platform:chat_id:thread_id format (#2455)

Discord Improvements

Document caching and text-file injection (#2503)
Persistent typing indicator for DMs (#2468)
Discord DM vision — inline images + attachment analysis (#2186)
Persist thread participation across gateway restarts (#1661)
Fix: gateway crash on non-ASCII guild names (#2302)
Fix: thread permission errors (#2073)
Fix: slash event routing in threads (#2460)
Fix: remove bugged followup messages + /ask command (#1836)
Fix: graceful WebSocket reconnection (#2127)
Fix: voice channel TTS when streaming enabled (#2322)

WhatsApp & Other Adapters

WhatsApp: outbound send_message routing (#1769 by @sai-samarth), LID format self-chat (#1667), reply_prefix config fix (#1923), restart on bridge child exit (#2334), image/bridge improvements (#2181)
Matrix: correct reply_to_message_id parameter (#1895), bare media types fix (#1736)
Mattermost: MIME types for media attachments (#2329)

Gateway Core

Auto-reconnect failed platforms with exponential backoff (#2584)
Notify users when session auto-resets (#2519)
Reply-to message context for out-of-session replies (#1662)
Ignore unauthorized DMs config option (#1919)
Fix: /reset in thread-mode resets global session instead of thread (#2254)
Fix: deliver MEDIA: files after streaming responses (#2382)
Fix: cap interrupt recursion depth to prevent resource exhaustion (#1659)
Fix: detect stopped processes and release stale locks on --replace (#2406, #1908)
Fix: PID-based wait with force-kill for gateway restart (#1902)
Fix: prevent --replace mode from killing the caller process (#2185)
Fix: /model shows active fallback model instead of config default (#1660)
Fix: /title command fails when session doesn't exist in SQLite yet (#2379 by @ten-jampa)
Fix: process /queue'd messages after agent completion (#2469)
Fix: strip orphaned tool_results + let /reset bypass running agent (#2180)
Fix: prevent agents from starting gateway outside systemd management (#2617)
Fix: prevent systemd restart storm on gateway connection failure (#2327)
Fix: include resolved node path in systemd unit (#1767 by @sai-samarth)
Fix: send error details to user in gateway outer exception handler (#1966)
Fix: improve error handling for 429 usage limits and 500 context overflow (#1839)
Fix: add all missing platform allowlist env vars to startup warning check (#2628)
Fix: media delivery fails for file paths containing spaces (#2621)
Fix: duplicate session-key collision in multi-platform gateway (#2171)
Fix: Matrix and Mattermost never report as connected (#1711)
Fix: PII redaction config never read — missing yaml import (#1701)
Fix: NameError on skill slash commands (#1697)
Fix: persist watcher metadata in checkpoint for crash recovery (#1706)
Fix: pass message_thread_id in send_image_file, send_document, send_video (#2339)
Fix: media-group aggregation on rapid successive photo messages (#2160)

🔧 Tool System

MCP Enhancements

MCP server management CLI + OAuth 2.1 PKCE auth (#2465)
Expose MCP servers as standalone toolsets (#1907)
Interactive MCP tool configuration in hermes tools (#1694)
Fix: MCP-OAuth port mismatch, path traversal, and shared handler state (#2552)
Fix: preserve MCP tool registrations across session resets (#2124)
Fix: concurrent file access crash + duplicate MCP registration (#2154)
Fix: normalise MCP schemas + expand session list columns (#2102)
Fix: tool_choice mcp_ prefix handling (#1775)

Web Tool Backends

Tavily as web search/extract/crawl backend (#1731)
Parallel as alternative web search/extract backend (#1696)
Configurable web backend — Firecrawl/BeautifulSoup/Playwright selection (#2256)
Fix: whitespace-only env vars bypass web backend detection (#2341)

New Tools

IMAP email reading and sending (#2173)
STT (speech-to-text) tool using Whisper API (#2072)
Route-aware pricing estimates (#1695)

Tool Improvements

TTS: base_url support for OpenAI TTS provider (#2064 by @hanai)
Vision: configurable timeout, tilde expansion in file paths, DM vision with multi-image and base64 fallback (#2480, #2585, #2211)
Browser: race condition fix in session creation (#1721), TypeError on unexpected LLM params (#1735)
File tools: strip ANSI escape codes from write_file and patch content (#2532), include pagination args in repeated search key (#1824 by @cutepawss), improve fuzzy matching accuracy + position calculation refactor (#2096, #1681)
Code execution: resource leak and double socket close fix (#2381)
Delegate: thread safety for concurrent subagent delegation (#1672), preserve parent agent's tool list after delegation (#1778)
Fix: make concurrent tool batching path-aware for file mutations (#1914)
Fix: chunk long messages in send_message_tool before platform dispatch (#1646)
Fix: add missing 'messaging' toolset (#1718)
Fix: prevent unavailable tool names from leaking into model schemas (#2072)
Fix: pass visited set by reference to prevent diamond dependency duplication (#2311)
Fix: Daytona sandbox lookup migrated from find_one to get/list (#2063 by @rovle)

🧩 Skills Ecosystem

Skills System Improvements

Agent-created skills — Caution-level findings allowed, dangerous skills ask instead of block (#1840, #2446)
--yes flag to bypass confirmation in /skills install and uninstall (#1647)
Disabled skills respected across banner, system prompt, and slash commands (#1897)
Fix: skills custom_tools import crash + sandbox file_tools integration (#2239)
Fix: agent-created skills with pip requirements crash on install (#2145)
Fix: race condition in Skills.__init__ when hub.yaml missing (#2242)
Fix: validate skill metadata before install and block duplicates (#2241)
Fix: skills hub inspect/resolve — 4 bugs in inspect, redirects, discovery, tap list (#2447)
Fix: agent-created skills keep working after session reset (#2121)

New Skills

OCR-and-documents — PDF/DOCX/XLS/PPTX/image OCR with optional GPU (#2236, #2461)
Huggingface-hub bundled skill (#1921)
Sherlock OSINT username search (#1671)
Meme-generation — Image generator with Pillow (#2344)
Bioinformatics gateway skill — index to 400+ bio skills (#2387)
Inference.sh skill (terminal-based) (#1686)
Base blockchain optional skill (#1643)
3D-model-viewer optional skill (#2226)
FastMCP optional skill (#2113)
Hermes-agent-setup skill (#1905)

🔌 Plugin System Enhancements

TUI extension hooks — Build custom CLIs on top of Hermes (#2333)
hermes plugins install/remove/list commands (#2337)
Slash command registration for plugins (#2359)
session:end lifecycle event hook (#1725)
Fix: require opt-in for project plugin discovery (#2215)

🔒 Security & Reliability

Security

SSRF protection for vision_tools and web_tools (#2679)
Shell injection prevention in _expand_path via ~user path suffix (#2685)
Block untrusted browser-origin API server access (#2451)
Block sandbox backend creds from subprocess env (#1658)
Block @ references from reading secrets outside workspace (#2601 by @Gutslabs)
Malicious code pattern pre-exec scanner for terminal_tool (#2245)
Harden terminal safety and sandbox file writes (#1653)
PKCE verifier leak fix + OAuth refresh Content-Type (#1775)
Eliminate SQL string formatting in execute() calls (#2061 by @dusterbloom)
Harden jobs API — input limits, field whitelist, startup check (#2456)

Reliability

Thread locks on 4 SessionDB methods (#1704)
File locking for concurrent memory writes (#1726)
Handle OpenRouter errors gracefully (#2112)
Guard print() calls against OSError (#1668)
Safely handle non-string inputs in redacting formatter (#2392, #1700)
ACP: preserve session provider on model switch, persist sessions to disk (#2380, #2071)
API server: persist ResponseStore to SQLite across restarts (#2472)
Fix: fetch_nous_models always TypeError from positional args (#1699)
Fix: resolve merge conflict markers in cli.py breaking startup (#2347)
Fix: minisweagent_path.py missing from wheel (#2098 by @JiwaniZakir)

Cron System

[SILENT] response — cron agents can suppress delivery (#1833)
Scale missed-job grace window with schedule frequency (#2449)
Recover recent one-shot jobs (#1918)
Fix: normalize repeat<=0 to None — jobs deleted after first run when LLM passes -1 (#2612 by @Mibayy)
Fix: Matrix added to scheduler delivery platform_map (#2167 by @buntingszn)
Fix: naive ISO timestamps without timezone — jobs fire at wrong time (#1729)
Fix: get_due_jobs reads jobs.json twice — race condition (#1716)
Fix: silent jobs return empty response for delivery skip (#2442)
Fix: stop injecting cron outputs into gateway session history (#2313)
Fix: close abandoned coroutine when asyncio.run() raises RuntimeError (#2317)

🧪 Testing

Resolve all consistently failing tests (#2488)
Replace FakePath with monkeypatch for Python 3.12 compat (#2444)
Align Hermes setup and full-suite expectations (#1710)

📚 Documentation

Comprehensive docs update for recent features (#1693, #2183)
Alibaba Cloud and DingTalk setup guides (#1687, #1692)
Detailed skills documentation (#2244)
Honcho self-hosted / Docker configuration (#2475)
Context length detection FAQ and quickstart references (#2179)
Fix docs inconsistencies across reference and user guides (#1995)
Fix MCP install commands — use uv, not bare pip (#1909)
Replace ASCII diagrams with Mermaid/lists (#2402)
Gemini OAuth provider implementation plan (#2467)
Discord Server Members Intent marked as required (#2330)
Fix MDX build error in api-server.md (#1787)
Align venv path to match installer (#2114)
New skills added to hub index (#2281)

👥 Contributors

Core

@teknium1 (Teknium) — 280 PRs

Community Contributors

@mchzimm (to_the_max) — GitHub Copilot provider integration (#1879)
@jquesnelle (Jeffrey Quesnelle) — Per-thread persistent event loops fix (#2214)
@llbn (lbn) — Telegram MarkdownV2 strikethrough, spoiler, blockquotes, and escape fixes (#2199, #2200)
@dusterbloom — SQL injection prevention + local server context window querying (#2061, #2091)
@0xbyt4 — Anthropic tool_calls None guard + OpenCode-Go provider config fix (#2209, #2393)
@sai-samarth (Saisamarth) — WhatsApp send_message routing + systemd node path (#1769, #1767)
@Gutslabs (Guts) — Block @ references from reading secrets (#2601)
@Mibayy (Mibay) — Cron job repeat normalization (#2612)
@ten-jampa (Tenzin Jampa) — Gateway /title command fix (#2379)
@cutepawss (lila) — File tools search pagination fix (#1824)
@hanai (Hanai) — OpenAI TTS base_url support (#2064)
@rovle (Lovre Pešut) — Daytona sandbox API migration (#2063)
@buntingszn (bunting szn) — Matrix cron delivery support (#2167)
@InB4DevOps — Token counter reset on new session (#2101)
@JiwaniZakir (Zakir Jiwani) — Missing file in wheel fix (#2098)
@ygd58 (buray) — Delegate tool parent tool names fix (#2083)

Full Changelog: v2026.3.17...v2026.3.23

Hermes Agent v0.3.0 (v2026.3.17)

Release Date: March 17, 2026

The streaming, plugins, and provider release — unified real-time token delivery, first-class plugin architecture, rebuilt provider system with Vercel AI Gateway, native Anthropic provider, smart approvals, live Chrome CDP browser connect, ACP IDE integration, Honcho memory, voice mode, persistent shell, and 50+ bug fixes across every platform.

✨ Highlights

Unified Streaming Infrastructure — Real-time token-by-token delivery in CLI and all gateway platforms. Responses stream as they're generated instead of arriving as a block. (#1538)
First-Class Plugin Architecture — Drop Python files into ~/.hermes/plugins/ to extend Hermes with custom tools, commands, and hooks. No forking required. (#1544, #1555)
Native Anthropic Provider — Direct Anthropic API calls with Claude Code credential auto-discovery, OAuth PKCE flows, and native prompt caching. No OpenRouter middleman needed. (#1097)
Smart Approvals + /stop Command — Codex-inspired approval system that learns which commands are safe and remembers your preferences. /stop kills the current agent run immediately. (#1543)
Honcho Memory Integration — Async memory writes, configurable recall modes, session title integration, and multi-user isolation in gateway mode. By @erosika. (#736)
Voice Mode — Push-to-talk in CLI, voice notes in Telegram/Discord, Discord voice channel support, and local Whisper transcription via faster-whisper. (#1299, #1185, #1429)
Concurrent Tool Execution — Multiple independent tool calls now run in parallel via ThreadPoolExecutor, significantly reducing latency for multi-tool turns. (#1152)
PII Redaction — When privacy.redact_pii is enabled, personally identifiable information is automatically scrubbed before sending context to LLM providers. (#1542)
/browser connect via CDP — Attach browser tools to a live Chrome instance through Chrome DevTools Protocol. Debug, inspect, and interact with pages you already have open. (#1549)
Vercel AI Gateway Provider — Route Hermes through Vercel's AI Gateway for access to their model catalog and infrastructure. (#1628)
Centralized Provider Router — Rebuilt provider system with call_llm API, unified /model command, auto-detect provider on model switch, and direct endpoint overrides for auxiliary/delegation clients. (#1003, #1506, #1375)
ACP Server (IDE Integration) — VS Code, Zed, and JetBrains can now connect to Hermes as an agent backend, with full slash command support. (#1254, #1532)
Persistent Shell Mode — Local and SSH terminal backends can maintain shell state across tool calls — cd, env vars, and aliases persist. By @alt-glitch. (#1067, #1483)
Agentic On-Policy Distillation (OPD) — New RL training environment for distilling agent policies, expanding the Atropos training ecosystem. (#1149)

🏗️ Core Agent & Architecture

Provider & Model Support

Centralized provider router with call_llm API and unified /model command — switch models and providers seamlessly (#1003)
Vercel AI Gateway provider support (#1628)
Auto-detect provider when switching models via /model (#1506)
Direct endpoint overrides for auxiliary and delegation clients — point vision/subagent calls at specific endpoints (#1375)
Native Anthropic auxiliary vision — use Claude's native vision API instead of routing through OpenAI-compatible endpoints (#1377)
Anthropic OAuth flow improvements — auto-run claude setup-token, reauthentication, PKCE state persistence, identity fingerprinting (#1132, #1360, #1396, #1597)
Fix adaptive thinking without budget_tokens for Claude 4.6 models — by @ASRagab (#1128)
Fix Anthropic cache markers through adapter — by @brandtcormorant (#1216)
Retry Anthropic 429/529 errors and surface details to users — by @0xbyt4 (#1585)
Fix Anthropic adapter max_tokens, fallback crash, proxy base_url — by @0xbyt4 (#1121)
Fix DeepSeek V3 parser dropping multiple parallel tool calls — by @mr-emmett-one (#1365, #1300)
Accept unlisted models with warning instead of rejecting (#1047, #1102)
Skip reasoning params for unsupported OpenRouter models (#1485)
MiniMax Anthropic API compatibility fix (#1623)
Custom endpoint /models verification and /v1 base URL suggestion (#1480)
Resolve delegation providers from custom_providers config (#1328)
Kimi model additions and User-Agent fix (#1039)
Strip call_id/response_item_id for Mistral compatibility (#1058)

Agent Loop & Conversation

Anthropic Context Editing API support (#1147)
Improved context compaction handoff summaries — compressor now preserves more actionable state (#1273)
Sync session_id after mid-run context compression (#1160)
Session hygiene threshold tuned to 50% for more proactive compression (#1096, #1161)
Include session ID in system prompt via --pass-session-id flag (#1040)
Prevent closed OpenAI client reuse across retries (#1391)
Sanitize chat payloads and provider precedence (#1253)
Handle dict tool call arguments from Codex and local backends (#1393, #1440)

Memory & Sessions

Improve memory prioritization — user preferences and corrections weighted above procedural knowledge (#1548)
Tighter memory and session recall guidance in system prompts (#1329)
Persist CLI token counts to session DB for /insights (#1498)
Keep Honcho recall out of the cached system prefix (#1201)
Correct seed_ai_identity to use session.add_messages() (#1475)
Isolate Honcho session routing for multi-user gateway (#1500)

📱 Messaging Platforms (Gateway)

Gateway Core

System gateway service mode — run as a system-level systemd service, not just user-level (#1371)
Gateway install scope prompts — choose user vs system scope during setup (#1374)
Reasoning hot reload — change reasoning settings without restarting the gateway (#1275)
Default group sessions to per-user isolation — no more shared state across users in group chats (#1495, #1417)
Harden gateway restart recovery (#1310)
Cancel active runs during shutdown (#1427)
SSL certificate auto-detection for NixOS and non-standard systems (#1494)
Auto-detect D-Bus session bus for systemctl --user on headless servers (#1601)
Auto-enable systemd linger during gateway install on headless servers (#1334)
Fall back to module entrypoint when hermes is not on PATH (#1355)
Fix dual gateways on macOS launchd after hermes update (#1567)
Remove recursive ExecStop from systemd units (#1530)
Prevent logging handler accumulation in gateway mode (#1251)
Restart on retryable startup failures — by @jplew (#1517)
Backfill model on gateway sessions after agent runs (#1306)
PID-based gateway kill and deferred config write (#1499)

Buffer media groups to prevent self-interruption from photo bursts (#1341, #1422)
Retry on transient TLS failures during connect and send (#1535)
Harden polling conflict handling (#1339)
Escape chunk indicators and inline code in MarkdownV2 (#1478, #1626)
Check updater/app state before disconnect (#1389)

Discord

/thread command with auto_thread config and media metadata fixes (#1178)
Auto-thread on @mention, skip mention text in bot threads (#1438)
Retry without reply reference for system messages (#1385)
Preserve native document and video attachment support (#1392)
Defer discord adapter annotations to avoid optional import crashes (#1314)

Slack

Thread handling overhaul — progress messages, responses, and session isolation all respect threads (#1103)
Formatting, reactions, user resolution, and command improvements (#1106)
Fix MAX_MESSAGE_LENGTH 3900 → 39000 (#1117)
File upload fallback preserves thread context — by @0xbyt4 (#1122)
Improve setup guidance (#1387)

Email

Fix IMAP UID tracking and SMTP TLS verification (#1305)
Add skip_attachments option via config.yaml (#1536)

Home Assistant

Event filtering closed by default (#1169)

🖥️ CLI & User Experience

Interactive CLI

Persistent CLI status bar — always-visible model, provider, and token counts (#1522)
File path autocomplete in the input prompt (#1545)
/plan command — generate implementation plans from specs (#1372, #1381)
Major /rollback improvements — richer checkpoint history, clearer UX (#1505)
Preload CLI skills on launch — skills are ready before the first prompt (#1359)
Centralized slash command registry — all commands defined once, consumed everywhere (#1603)
/bg alias for /background (#1590)
Prefix matching for slash commands — /mod resolves to /model (#1320)
/new, /reset, /clear now start genuinely fresh sessions (#1237)
Accept session ID prefixes for session actions (#1425)
TUI prompt and accent output now respect active skin (#1282)
Centralize tool emoji metadata in registry + skin integration (#1484)
"View full command" option added to dangerous command approval — by @teknium1 based on design by community (#887)
Non-blocking startup update check and banner deduplication (#1386)
/reasoning command output ordering and inline think extraction fixes (#1031)
Verbose mode shows full untruncated output (#1472)
Fix /status to report live state and tokens (#1476)
Seed a default global SOUL.md (#1311)

Setup & Configuration

OpenClaw migration during first-time setup — by @kshitijk4poor (#981)
hermes claw migrate command + migration docs (#1059)
Smart vision setup that respects the user's chosen provider (#1323)
Handle headless setup flows end-to-end (#1274)
Prefer curses over simple_term_menu in setup.py (#1487)
Show effective model and provider in /status (#1284)
Config set examples use placeholder syntax (#1322)
Reload .env over stale shell overrides (#1434)
Fix is_coding_plan NameError crash — by @0xbyt4 (#1123)
Add missing packages to setuptools config — by @alt-glitch (#912)
Installer: clarify why sudo is needed at every prompt (#1602)

🔧 Tool System

Terminal & Execution

Persistent shell mode for local and SSH backends — maintain shell state across tool calls — by @alt-glitch (#1067, #1483)
Tirith pre-exec command scanning — security layer that analyzes commands before execution (#1256)
Strip Hermes provider env vars from all subprocess environments (#1157, #1172, #1399, #1419) — initial fix by @eren-karakus0
SSH preflight check (#1486)
Docker backend: make cwd workspace mount explicit opt-in (#1534)
Add project root to PYTHONPATH in execute_code sandbox (#1383)
Eliminate execute_code progress spam on gateway platforms (#1098)
Clearer docker backend preflight errors (#1276)

Browser

/browser connect — attach browser tools to a live Chrome instance via CDP (#1549)
Improve browser cleanup, local browser PATH setup, and screenshot recovery (#1333)

MCP

Selective tool loading with utility policies — filter which MCP tools are available (#1302)
Auto-reload MCP tools when mcp_servers config changes without restart (#1474)
Resolve npx stdio connection failures (#1291)
Preserve MCP toolsets when saving platform tool config (#1421)

Vision

Unify vision backend gating (#1367)
Surface actual error reason instead of generic message (#1338)
Make Claude image handling work end-to-end (#1408)

Cron

Compress cron management into one tool — single cronjob tool replaces multiple commands (#1343)
Suppress duplicate cron sends to auto-delivery targets (#1357)
Persist cron sessions to SQLite (#1255)
Per-job runtime overrides (provider, model, base_url) (#1398)
Atomic write in save_job_output to prevent data loss on crash (#1173)
Preserve thread context for deliver=origin (#1437)

Patch Tool

Avoid corrupting pipe chars in V4A patch apply (#1286)
Permissive block_anchor thresholds and unicode normalization (#1539)

Delegation

Add observability metadata to subagent results (model, tokens, duration, tool trace) (#1175)

🧩 Skills Ecosystem

Skills System

Integrate skills.sh as a hub source alongside ClawHub (#1303)
Secure skill env setup on load (#1153)
Honor policy table for dangerous verdicts (#1330)
Harden ClawHub skill search exact matches (#1400)
Fix ClawHub skill install — use /download ZIP endpoint (#1060)
Avoid mislabeling local skills as builtin — by @arceus77-7 (#862)

New Skills

Linear project management (#1230)
X/Twitter via x-cli (#1285)
Telephony — Twilio, SMS, and AI calls (#1289)
1Password — by @arceus77-7 (#883, #1179)
NeuroSkill BCI integration (#1135)
Blender MCP for 3D modeling (#1531)
OSS Security Forensics (#1482)
Parallel CLI research skill (#1301)
OpenCode CLI skill (#1174)
ASCII Video skill refactored — by @SHL0MS (#1213, #1598)

🎙️ Voice Mode

Voice mode foundation — push-to-talk CLI, Telegram/Discord voice notes (#1299)
Free local Whisper transcription via faster-whisper (#1185)
Discord voice channel reliability fixes (#1429)
Restore local STT fallback for gateway voice notes (#1490)
Honor stt.enabled: false across gateway transcription (#1394)
Fix bogus incapability message on Telegram voice notes (Issue #1033)

🔌 ACP (IDE Integration)

Restore ACP server implementation (#1254)
Support slash commands in ACP adapter (#1532)

🧪 RL Training

Agentic On-Policy Distillation (OPD) environment — new RL training environment for agent policy distillation (#1149)
Make tinker-atropos RL training fully optional (#1062)

🔒 Security & Reliability

Security Hardening

Tirith pre-exec command scanning — static analysis of terminal commands before execution (#1256)
PII redaction when privacy.redact_pii is enabled (#1542)
Strip Hermes provider/gateway/tool env vars from all subprocess environments (#1157, #1172, #1399, #1419)
Docker cwd workspace mount now explicit opt-in — never auto-mount host directories (#1534)
Escape parens and braces in fork bomb regex pattern (#1397)
Harden .worktreeinclude path containment (#1388)
Use description as pattern_key to prevent approval collisions (#1395)

Reliability

Guard init-time stdio writes (#1271)
Session log writes reuse shared atomic JSON helper (#1280)
Atomic temp cleanup protected on interrupts (#1401)

🐛 Notable Bug Fixes

/status always showing 0 tokens — now reports live state (Issue #1465, #1476)
Custom model endpoints not working — restored config-saved endpoint resolution (Issue #1460, #1373)
MCP tools not visible until restart — auto-reload on config change (Issue #1036, #1474)
hermes tools removing MCP tools — preserve MCP toolsets when saving (Issue #1247, #1421)
Terminal subprocesses inheriting OPENAI_BASE_URL breaking external tools (Issue #1002, #1399)
Background process lost on gateway restart — improved recovery (Issue #1144)
Cron jobs not persisting state — now stored in SQLite (Issue #1416, #1255)
Cronjob deliver: origin not preserving thread context (Issue #1219, #1437)
Gateway systemd service failing to auto-restart when browser processes orphaned (Issue #1617)
/background completion report cut off in Telegram (Issue #1443)
Model switching not taking effect (Issue #1244, #1183)
hermes doctor reporting cronjob as unavailable (Issue #878, #1180)
WhatsApp bridge messages not received from mobile (Issue #1142)
Setup wizard hanging on headless SSH (Issue #905, #1274)
Log handler accumulation degrading gateway performance (Issue #990, #1251)
Gateway NULL model in DB (Issue #987, #1306)
Strict endpoints rejecting replayed tool_calls (Issue #893)
Remaining hardcoded ~/.hermes paths — all now respect HERMES_HOME (Issue #892, #1233)
Delegate tool not working with custom inference providers (Issue #1011, #1328)
Skills Guard blocking official skills (Issue #1006, #1330)
Setup writing provider before model selection (Issue #1182)
GatewayConfig.get() AttributeError crashing all message handling (Issue #1158, #1287)
/update hard-failing with "command not found" (Issue #1049)
Image analysis failing silently (Issue #1034, #1338)
API BadRequestError from 'dict' object has no attribute 'strip' (Issue #1071)
Slash commands requiring exact full name — now uses prefix matching (Issue #928, #1320)
Gateway stops responding when terminal is closed on headless (Issue #1005)

🧪 Testing

Cover empty cached Anthropic tool-call turns (#1222)
Fix stale CI assumptions in parser and quick-command coverage (#1236)
Fix gateway async tests without implicit event loop (#1278)
Make gateway async tests xdist-safe (#1281)
Cross-timezone naive timestamp regression for cron (#1319)
Isolate codex provider tests from local env (#1335)
Lock retry replacement semantics (#1379)
Improve error logging in session search tool — by @aydnOktay (#1533)

📚 Documentation

Comprehensive SOUL.md guide (#1315)
Voice mode documentation (#1316, #1362)
Provider contribution guide (#1361)
ACP and internal systems implementation guides (#1259)
Expand Docusaurus coverage across CLI, tools, skills, and skins (#1232)
Terminal backend and Windows troubleshooting (#1297)
Skills hub reference section (#1317)
Checkpoint, /rollback, and git worktrees guide (#1493, #1524)
CLI status bar and /usage reference (#1523)
Fallback providers + /background command docs (#1430)
Gateway service scopes docs (#1378)
Slack thread reply behavior docs (#1407)
Redesigned landing page with Nous blue palette — by @austinpickett (#974)
Fix several documentation typos — by @JackTheGit (#953)
Stabilize website diagrams (#1405)
CLI vs messaging quick reference in README (#1491)
Add search to Docusaurus (#1053)
Home Assistant integration docs (#1170)

👥 Contributors

Core

@teknium1 — 220+ PRs spanning every area of the codebase

Top Community Contributors

@0xbyt4 (4 PRs) — Anthropic adapter fixes (max_tokens, fallback crash, 429/529 retry), Slack file upload thread context, setup NameError fix
@erosika (1 PR) — Honcho memory integration: async writes, memory modes, session title integration
@SHL0MS (2 PRs) — ASCII video skill design patterns and refactoring
@alt-glitch (2 PRs) — Persistent shell mode for local/SSH backends, setuptools packaging fix
@arceus77-7 (2 PRs) — 1Password skill, fix skills list mislabeling
@kshitijk4poor (1 PR) — OpenClaw migration during setup wizard
@ASRagab (1 PR) — Fix adaptive thinking for Claude 4.6 models
@eren-karakus0 (1 PR) — Strip Hermes provider env vars from subprocess environment
@mr-emmett-one (1 PR) — Fix DeepSeek V3 parser multi-tool call support
@jplew (1 PR) — Gateway restart on retryable startup failures
@brandtcormorant (1 PR) — Fix Anthropic cache control for empty text blocks
@aydnOktay (1 PR) — Improve error logging in session search tool
@austinpickett (1 PR) — Landing page redesign with Nous blue palette
@JackTheGit (1 PR) — Documentation typo fixes

All Contributors

@0xbyt4, @alt-glitch, @arceus77-7, @ASRagab, @austinpickett, @aydnOktay, @brandtcormorant, @eren-karakus0, @erosika, @JackTheGit, @jplew, @kshitijk4poor, @mr-emmett-one, @SHL0MS, @teknium1

Full Changelog: v2026.3.12...v2026.3.17

Hermes Agent v0.2.0 (v2026.3.12)

Release Date: March 12, 2026

First tagged release since v0.1.0 (the initial pre-public foundation). In just over two weeks, Hermes Agent went from a small internal project to a full-featured AI agent platform — thanks to an explosion of community contributions. This release covers 216 merged pull requests from 63 contributors, resolving 119 issues.

✨ Highlights

Multi-Platform Messaging Gateway — Telegram, Discord, Slack, WhatsApp, Signal, Email (IMAP/SMTP), and Home Assistant platforms with unified session management, media attachments, and per-platform tool configuration.
MCP (Model Context Protocol) Client — Native MCP support with stdio and HTTP transports, reconnection, resource/prompt discovery, and sampling (server-initiated LLM requests). (#291 — @0xbyt4, #301, #753)
Skills Ecosystem — 70+ bundled and optional skills across 15+ categories with a Skills Hub for community discovery, per-platform enable/disable, conditional activation based on tool availability, and prerequisite validation. (#743 — @teyrebaz33, #785 — @teyrebaz33)
Centralized Provider Router — Unified call_llm()/async_call_llm() API replaces scattered provider logic across vision, summarization, compression, and trajectory saving. All auxiliary consumers route through a single code path with automatic credential resolution. (#1003)
ACP Server — VS Code, Zed, and JetBrains editor integration via the Agent Communication Protocol standard. (#949)
CLI Skin/Theme Engine — Data-driven visual customization: banners, spinners, colors, branding. 7 built-in skins + custom YAML skins.
Git Worktree Isolation — hermes -w launches isolated agent sessions in git worktrees for safe parallel work on the same repo. (#654)
Filesystem Checkpoints & Rollback — Automatic snapshots before destructive operations with /rollback to restore. (#824)
3,289 Tests — From near-zero test coverage to a comprehensive test suite covering agent, gateway, tools, cron, and CLI.

🏗️ Core Agent & Architecture

Provider & Model Support

Centralized provider router with resolve_provider_client() + call_llm() API (#1003)
Nous Portal as first-class provider in setup (#644)
OpenAI Codex (Responses API) with ChatGPT subscription support (#43) — @grp06
Codex OAuth vision support + multimodal content adapter
Validate /model against live API instead of hardcoded lists
Self-hosted Firecrawl support (#460) — @caentzminger
Kimi Code API support (#635) — @christomitov
MiniMax model ID update (#473) — @tars90percent
OpenRouter provider routing configuration (provider_preferences)
Nous credential refresh on 401 errors (#571, #269) — @rewbs
z.ai/GLM, Kimi/Moonshot, MiniMax, Azure OpenAI as first-class providers
Unified /model and /provider into single view

Agent Loop & Conversation

Simple fallback model for provider resilience (#740)
Shared iteration budget across parent + subagent delegation
Iteration budget pressure via tool result injection
Configurable subagent provider/model with full credential resolution
Handle 413 payload-too-large via compression instead of aborting (#153) — @tekelala
Retry with rebuilt payload after compression (#616) — @tripledoublev
Auto-compress pathologically large gateway sessions (#628)
Tool call repair middleware — auto-lowercase and invalid tool handler
Reasoning effort configuration and /reasoning command (#921)
Detect and block file re-read/search loops after context compression (#705) — @0xbyt4

Session & Memory

Session naming with unique titles, auto-lineage, rich listing, and resume by name (#720)
Interactive session browser with search filtering (#733)
Display previous messages when resuming a session (#734)
Honcho AI-native cross-session user modeling (#38) — @erosika
Proactive async memory flush on session expiry
Smart context length probing with persistent caching + banner display
/resume command for switching to named sessions in gateway
Session reset policy for messaging platforms

📱 Messaging Platforms (Gateway)

Native file attachments: send_document + send_video
Document file processing for PDF, text, and Office files — @tekelala
Forum topic session isolation (#766) — @spanishflu-est1918
Browser screenshot sharing via MEDIA: protocol (#657)
Location support for find-nearby skill
TTS voice message accumulation fix (#176) — @Bartok9
Improved error handling and logging (#763) — @aydnOktay
Italic regex newline fix + 43 format tests (#204) — @0xbyt4

Discord

Channel topic included in session context (#248) — @Bartok9
DISCORD_ALLOW_BOTS config for bot message filtering (#758)
Document and video support (#784)
Improved error handling and logging (#761) — @aydnOktay

Slack

App_mention 404 fix + document/video support (#784)
Structured logging replacing print statements — @aydnOktay

Native media sending — images, videos, documents (#292) — @satelerd
Multi-user session isolation (#75) — @satelerd
Cross-platform port cleanup replacing Linux-only fuser (#433) — @Farukest
DM interrupt key mismatch fix (#350) — @Farukest

Signal

Full Signal messenger gateway via signal-cli-rest-api (#405)
Media URL support in message events (#871)

Email (IMAP/SMTP)

New email gateway platform — @0xbyt4

Home Assistant

REST tools + WebSocket gateway integration (#184) — @0xbyt4
Service discovery and enhanced setup
Toolset mapping fix (#538) — @Himess

Gateway Core

Expose subagent tool calls and thinking to users (#186) — @cutepawss
Configurable background process watcher notifications (#840)
edit_message() for Telegram/Discord/Slack with fallback
/compress, /usage, /update slash commands
Eliminated 3x SQLite message duplication in gateway sessions (#873)
Stabilize system prompt across gateway turns for cache hits (#754)
MCP server shutdown on gateway exit (#796) — @0xbyt4
Pass session_db to AIAgent, fixing session_search error (#108) — @Bartok9
Persist transcript changes in /retry, /undo; fix /reset attribute (#217) — @Farukest
UTF-8 encoding fix preventing Windows crashes (#369) — @ch3ronsa

🖥️ CLI & User Experience

Interactive CLI

Data-driven skin/theme engine — 7 built-in skins (default, ares, mono, slate, poseidon, sisyphus, charizard) + custom YAML skins
/personality command with custom personality + disable support (#773) — @teyrebaz33
User-defined quick commands that bypass the agent loop (#746) — @teyrebaz33
/reasoning command for effort level and display toggle (#921)
/verbose slash command to toggle debug at runtime (#94) — @cesareth
/insights command — usage analytics, cost estimation & activity patterns (#552)
/background command for managing background processes
/help formatting with command categories
Bell-on-complete — terminal bell when agent finishes (#738)
Up/down arrow history navigation
Clipboard image paste (Alt+V / Ctrl+V)
Loading indicators for slow slash commands (#882)
Spinner flickering fix under patch_stdout (#91) — @0xbyt4
--quiet/-Q flag for programmatic single-query mode
--fuck-it-ship-it flag to bypass all approval prompts (#724) — @dmahan93
Tools summary flag (#767) — @luisv-1
Terminal blinking fix on SSH (#284) — @ygd58
Multi-line paste detection fix (#84) — @0xbyt4

Setup & Configuration

Modular setup wizard with section subcommands and tool-first UX
Container resource configuration prompts
Backend validation for required binaries
Config migration system (currently v7)
API keys properly routed to .env instead of config.yaml (#469) — @ygd58
Atomic write for .env to prevent API key loss on crash (#954)
hermes tools — per-platform tool enable/disable with curses UI
hermes doctor for health checks across all configured providers
hermes update with auto-restart for gateway service
Show update-available notice in CLI banner
Multiple named custom providers
Shell config detection improvement for PATH setup (#317) — @mehmetkr-31
Consistent HERMES_HOME and .env path resolution (#51, #48) — @deankerr
Docker backend fix on macOS + subagent auth for Nous Portal (#46) — @rsavitt

🔧 Tool System

MCP (Model Context Protocol)

Native MCP client with stdio + HTTP transports (#291 — @0xbyt4, #301)
Sampling support — server-initiated LLM requests (#753)
Resource and prompt discovery
Automatic reconnection and security hardening
Banner integration, /reload-mcp command
hermes tools UI integration

Browser

Local browser backend — zero-cost headless Chromium (no Browserbase needed)
Console/errors tool, annotated screenshots, auto-recording, dogfood QA skill (#745)
Screenshot sharing via MEDIA: on all messaging platforms (#657)

Terminal & Execution

execute_code sandbox with json_parse, shell_quote, retry helpers
Docker: custom volume mounts (#158) — @Indelwin
Daytona cloud sandbox backend (#451) — @rovle
SSH backend fix (#59) — @deankerr
Shell noise filtering and login shell execution for environment consistency
Head+tail truncation for execute_code stdout overflow
Configurable background process notification modes

File Operations

Filesystem checkpoints and /rollback command (#824)
Structured tool result hints (next-action guidance) for patch and search_files (#722)
Docker volumes passed to sandbox container config (#687) — @manuelschipper

🧩 Skills Ecosystem

Skills System

Per-platform skill enable/disable (#743) — @teyrebaz33
Conditional skill activation based on tool availability (#785) — @teyrebaz33
Skill prerequisites — hide skills with unmet dependencies (#659) — @kshitijk4poor
Optional skills — shipped but not activated by default
hermes skills browse — paginated hub browsing
Skills sub-category organization
Platform-conditional skill loading
Atomic skill file writes (#551) — @aydnOktay
Skills sync data loss prevention (#563) — @0xbyt4
Dynamic skill slash commands for CLI and gateway

New Skills (selected)

ASCII Art — pyfiglet (571 fonts), cowsay, image-to-ascii (#209) — @0xbyt4
ASCII Video — Full production pipeline (#854) — @SHL0MS
DuckDuckGo Search — Firecrawl fallback (#267) — @gamedevCloudy; DDGS API expansion (#598) — @areu01or00
Solana Blockchain — Wallet balances, USD pricing, token names (#212) — @gizdusum
AgentMail — Agent-owned email inboxes (#330) — @teyrebaz33
Polymarket — Prediction market data (read-only) (#629)
OpenClaw Migration — Official migration tool (#570) — @unmodeled-tyler
Domain Intelligence — Passive recon: subdomains, SSL, WHOIS, DNS (#136) — @FurkanL0
Superpowers — Software development skills (#137) — @kaos35
Hermes-Atropos — RL environment development skill (#815)
Plus: arXiv search, OCR/documents, Excalidraw diagrams, YouTube transcripts, GIF search, Pokémon player, Minecraft modpack server, OpenHue (Philips Hue), Google Workspace, Notion, PowerPoint, Obsidian, find-nearby, and 40+ MLOps skills

🔒 Security & Reliability

Security Hardening

Path traversal fix in skill_view — prevented reading arbitrary files (#220) — @Farukest
Shell injection prevention in sudo password piping (#65) — @leonsgithub
Dangerous command detection: multiline bypass fix (#233) — @Farukest; tee/process substitution patterns (#280) — @dogiladeveloper
Symlink boundary check fix in skills_guard (#386) — @Farukest
Symlink bypass fix in write deny list on macOS (#61) — @0xbyt4
Multi-word prompt injection bypass prevention (#192) — @0xbyt4
Cron prompt injection scanner bypass fix (#63) — @0xbyt4
Enforce 0600/0700 file permissions on sensitive files (#757)
.env file permissions restricted to owner-only (#529) — @Himess
--force flag properly blocked from overriding dangerous verdicts (#388) — @Farukest
FTS5 query sanitization + DB connection leak fix (#565) — @0xbyt4
Expand secret redaction patterns + config toggle to disable
In-memory permanent allowlist to prevent data leak (#600) — @alireza78a

Atomic Writes (data loss prevention)

sessions.json (#611) — @alireza78a
Cron jobs (#146) — @alireza78a
.env config (#954)
Process checkpoints (#298) — @aydnOktay
Batch runner (#297) — @aydnOktay
Skill files (#551) — @aydnOktay

Reliability

Guard all print() against OSError for systemd/headless environments (#963)
Reset all retry counters at start of run_conversation (#607) — @0xbyt4
Return deny on approval callback timeout instead of None (#603) — @0xbyt4
Fix None message content crashes across codebase (#277)
Fix context overrun crash with local LLM backends (#403) — @ch3ronsa
Prevent _flush_sentinel from leaking to external APIs (#227) — @Farukest
Prevent conversation_history mutation in callers (#229) — @Farukest
Fix systemd restart loop (#614) — @voidborne-d
Close file handles and sockets to prevent fd leaks (#568 — @alireza78a, #296 — @alireza78a, #709 — @memosr)
Prevent data loss in clipboard PNG conversion (#602) — @0xbyt4
Eliminate shell noise from terminal output (#293) — @0xbyt4
Timezone-aware now() for prompt, cron, and execute_code (#309) — @areu01or00

Windows Compatibility

Guard POSIX-only process functions (#219) — @Farukest
Windows native support via Git Bash + ZIP-based update fallback
pywinpty for PTY support (#457) — @shitcoinsherpa
Explicit UTF-8 encoding on all config/data file I/O (#458) — @shitcoinsherpa
Windows-compatible path handling (#354, #390) — @Farukest
Regex-based search output parsing for drive-letter paths (#533) — @Himess
Auth store file lock for Windows (#455) — @shitcoinsherpa

🐛 Notable Bug Fixes

Fix DeepSeek V3 tool call parser silently dropping multi-line JSON arguments (#444) — @PercyDikec
Fix gateway transcript losing 1 message per turn due to offset mismatch (#395) — @PercyDikec
Fix /retry command silently discarding the agent's final response (#441) — @PercyDikec
Fix max-iterations retry returning empty string after think-block stripping (#438) — @PercyDikec
Fix max-iterations retry using hardcoded max_tokens (#436) — @Farukest
Fix Codex status dict key mismatch (#448) and visibility filter (#446) — @PercyDikec
Strip <think> blocks from final user-facing responses (#174) — @Bartok9
Fix <think> block regex stripping visible content when model discusses tags literally (#786)
Fix Mistral 422 errors from leftover finish_reason in assistant messages (#253) — @Sertug17
Fix OPENROUTER_API_KEY resolution order across all code paths (#295) — @0xbyt4
Fix OPENAI_BASE_URL API key priority (#420) — @manuelschipper
Fix Anthropic "prompt is too long" 400 error not detected as context length error (#813)
Fix SQLite session transcript accumulating duplicate messages — 3-4x token inflation (#860)
Fix setup wizard skipping API key prompts on first install (#748)
Fix setup wizard showing OpenRouter model list for Nous Portal (#575) — @PercyDikec
Fix provider selection not persisting when switching via hermes model (#881)
Fix Docker backend failing when docker not in PATH on macOS (#889)
Fix ClawHub Skills Hub adapter for API endpoint changes (#286) — @BP602
Fix Honcho auto-enable when API key is present (#243) — @Bartok9
Fix duplicate 'skills' subparser crash on Python 3.11+ (#898)
Fix memory tool entry parsing when content contains section sign (#162) — @aydnOktay
Fix piped install silently aborting when interactive prompts fail (#72) — @cutepawss
Fix false positives in recursive delete detection (#68) — @cutepawss
Fix Ruff lint warnings across codebase (#608) — @JackTheGit
Fix Anthropic native base URL fail-fast (#173) — @adavyas
Fix install.sh creating ~/.hermes before moving Node.js directory (#53) — @JoshuaMart
Fix SystemExit traceback during atexit cleanup on Ctrl+C (#55) — @bierlingm
Restore missing MIT license file (#620) — @stablegenius49

🧪 Testing

3,289 tests across agent, gateway, tools, cron, and CLI
Parallelized test suite with pytest-xdist (#802) — @OutThisLife
Unit tests batch 1: 8 core modules (#60) — @0xbyt4
Unit tests batch 2: 8 more modules (#62) — @0xbyt4
Unit tests batch 3: 8 untested modules (#191) — @0xbyt4
Unit tests batch 4: 5 security/logic-critical modules (#193) — @0xbyt4
AIAgent (run_agent.py) unit tests (#67) — @0xbyt4
Trajectory compressor tests (#203) — @0xbyt4
Clarify tool tests (#121) — @Bartok9
Telegram format tests — 43 tests for italic/bold/code rendering (#204) — @0xbyt4
Vision tools type hints + 42 tests (#792)
Compressor tool-call boundary regression tests (#648) — @intertwine
Test structure reorganization (#34) — @0xbyt4
Shell noise elimination + fix 36 test failures (#293) — @0xbyt4

🔬 RL & Evaluation Environments

WebResearchEnv — Multi-step web research RL environment (#434) — @jackx707
Modal sandbox concurrency limits to avoid deadlocks (#621) — @voteblake
Hermes-atropos-environments bundled skill (#815)
Local vLLM instance support for evaluation — @dmahan93
YC-Bench long-horizon agent benchmark environment
OpenThoughts-TBLite evaluation environment and scripts

📚 Documentation

Full documentation website (Docusaurus) with 37+ pages
Comprehensive platform setup guides for Telegram, Discord, Slack, WhatsApp, Signal, Email
AGENTS.md — development guide for AI coding assistants
CONTRIBUTING.md (#117) — @Bartok9
Slash commands reference (#142) — @Bartok9
Comprehensive AGENTS.md accuracy audit (#732)
Skin/theme system documentation
MCP documentation and examples
Docs accuracy audit — 35+ corrections
Documentation typo fixes (#825, #439) — @JackTheGit
CLI config precedence and terminology standardization (#166, #167, #168) — @Jr-kenny
Telegram token regex documentation (#713) — @VolodymyrBg

👥 Contributors

Thank you to the 63 contributors who made this release possible! In just over two weeks, the Hermes Agent community came together to ship an extraordinary amount of work.

Core

@teknium1 — 43 PRs: Project lead, core architecture, provider router, sessions, skills, CLI, documentation

Top Community Contributors

@0xbyt4 — 40 PRs: MCP client, Home Assistant, security fixes (symlink, prompt injection, cron), extensive test coverage (6 batches), ascii-art skill, shell noise elimination, skills sync, Telegram formatting, and dozens more
@Farukest — 16 PRs: Security hardening (path traversal, dangerous command detection, symlink boundary), Windows compatibility (POSIX guards, path handling), WhatsApp fixes, max-iterations retry, gateway fixes
@aydnOktay — 11 PRs: Atomic writes (process checkpoints, batch runner, skill files), error handling improvements across Telegram, Discord, code execution, transcription, TTS, and skills
@Bartok9 — 9 PRs: CONTRIBUTING.md, slash commands reference, Discord channel topics, think-block stripping, TTS fix, Honcho fix, session count fix, clarify tests
@PercyDikec — 7 PRs: DeepSeek V3 parser fix, /retry response discard, gateway transcript offset, Codex status/visibility, max-iterations retry, setup wizard fix
@teyrebaz33 — 5 PRs: Skills enable/disable system, quick commands, personality customization, conditional skill activation
@alireza78a — 5 PRs: Atomic writes (cron, sessions), fd leak prevention, security allowlist, code execution socket cleanup
@shitcoinsherpa — 3 PRs: Windows support (pywinpty, UTF-8 encoding, auth store lock)
@Himess — 3 PRs: Cron/HomeAssistant/Daytona fix, Windows drive-letter parsing, .env permissions
@satelerd — 2 PRs: WhatsApp native media, multi-user session isolation
@rovle — 1 PR: Daytona cloud sandbox backend (4 commits)
@erosika — 1 PR: Honcho AI-native memory integration
@dmahan93 — 1 PR: --fuck-it-ship-it flag + RL environment work
@SHL0MS — 1 PR: ASCII video skill

All Contributors

@0xbyt4, @BP602, @Bartok9, @Farukest, @FurkanL0, @Himess, @Indelwin, @JackTheGit, @JoshuaMart, @Jr-kenny, @OutThisLife, @PercyDikec, @SHL0MS, @Sertug17, @VencentSoliman, @VolodymyrBg, @adavyas, @alireza78a, @areu01or00, @aydnOktay, @batuhankocyigit, @bierlingm, @caentzminger, @cesareth, @ch3ronsa, @christomitov, @cutepawss, @deankerr, @dmahan93, @dogiladeveloper, @dragonkhoi, @erosika, @gamedevCloudy, @gizdusum, @grp06, @intertwine, @jackx707, @jdblackstar, @johnh4098, @kaos35, @kshitijk4poor, @leonsgithub, @luisv-1, @manuelschipper, @mehmetkr-31, @memosr, @PeterFile, @rewbs, @rovle, @rsavitt, @satelerd, @spanishflu-est1918, @stablegenius49, @tars90percent, @tekelala, @teknium1, @teyrebaz33, @tripledoublev, @unmodeled-tyler, @voidborne-d, @voteblake, @ygd58

Full Changelog: v0.1.0...v2026.3.12

202 KiB Raw Blame History

Changelog

Hermes Agent v0.7.0 (v2026.4.3)

✨ Highlights

🏗️ Core Agent & Architecture

Provider & Model Support

Agent Loop & Conversation

Memory & Sessions

📱 Messaging Platforms (Gateway)

Gateway Core

Telegram

Discord

Slack

WhatsApp

Webhook

Matrix

🖥️ CLI & User Experience

New Slash Commands

Interactive CLI

Setup & Configuration

Update System

🔧 Tool System

Browser

File Operations

MCP

ACP (Editor Integration)

Skills System

New/Updated Skills

🔒 Security & Reliability

Security Hardening

Reliability

Windows & Cross-Platform

🐛 Notable Bug Fixes

🧪 Testing

📚 Documentation

👥 Contributors

Core

Top Community Contributors

All Contributors

Issues Resolved from Community

Hermes Agent v0.6.0 (v2026.3.30)

✨ Highlights

🏗️ Core Agent & Architecture

Provider & Model Support

Agent Loop & Conversation

Profiles & Multi-Instance

📱 Messaging Platforms (Gateway)

New Platforms

Telegram

Discord

Slack

WhatsApp

Matrix

Mattermost

Signal

Email

Gateway Core

🖥️ CLI & User Experience

Interactive CLI

Setup & Configuration

🔧 Tool System

MCP

Web Tools

Browser

Terminal & Remote Backends

Audio

Vision

Tool Schema

ACP (Editor Integration)

🧩 Skills & Plugins

Skills System

New Skills

Plugin System

🔒 Security & Reliability

Security Hardening

Reliability

🐛 Notable Bug Fixes

🧪 Testing

📚 Documentation

👥 Contributors

202 KiB

Raw Blame History