NousResearch/hermes-agent · Weekly · Jul 06, 2026 - Jul 12, 2026

Hermes Agent Weekly Highlights: July 6–12, 2026 — MCP reliability, session management overhaul, and major TTFT improvements

Commits summarized
686
Period
Jul 06 - Jul 12, 2026
Published
Jul 13, 2026

Hermes Agent Weekly Highlights: July 6–12, 2026

Who should read this: Developers running Hermes gateway in production, teams relying on MCP servers, anyone debugging multiplex profile routing, and operators managing large session histories. This was a 686-commit week; the post highlights the most impactful changes drawn from the available commit summaries.

Performance: First-token latency cut ~80% across all platforms

perf: cut first-turn time-to-first-token by ~80% (all platforms)59332

Four independent pre-request stalls were eliminated from the critical path between prompt submission and the first streamed token:

  • Discord capability detection — a blocking HTTPS call that could take up to 5 seconds on cold processes is now non-blocking, with memory cache → 24h disk cache → permissive default + background detection.
  • Ollama /api/show probe — known non-Ollama providers now skip the probe entirely (was 0.3s per fresh process).
  • env_probe subprocess sweep — now warmed off-thread during agent init instead of blocking the first system prompt build (~0.5s).
  • MCP import gate — the between-turns MCP refresh no longer imports the full mcp package when zero servers are configured (~0.4s).

CLI additionally pre-imports run_agent + openai off-thread during the idle banner window. Measured cold first turn dropped from 4.3s → 0.9s (~80%).

CLI perception improvements (Round 2)

perf(cli): TTFT round 259389

  • show_reasoning default ON — no more spinner during thinking-model reasoning phases.
  • Partial-line streaming — long paragraphs now flush as tokens arrive instead of waiting for the first \n.
  • hermes_time timezone resolution — now uses read_raw_config (mtime-cached + libyaml C loader), dropping first system prompt build from 320ms → ~155ms.

MCP (Model Context Protocol): Reliability overhaul

A coordinated set of fixes landed to make MCP server connections far more resilient:

Park-and-revive improvements

  • Park after initial connect failures — servers that can't connect on startup are parked (deregistered) instead of holding the agent startup forever. — 2ea03d8c
  • Self-probe parked servers — parked servers now wake every 300s to attempt revival, with a timed wait instead of infinite parking. — e412316b
  • Re-register tools after revival — freshly discovered tools are now registered when _ready is set and the registry entry is empty. — cdbdcd64
  • Reset reconnect retry counter after successful session — local retries promoted to instance attribute, reset at all 4 session-establishment sites to prevent permanent parking from transient blips. — e3347008
  • Wake stale cached servers on session startupregister_mcp_servers now nudges cached entries with None session via _signal_reconnect. — 43a42563
  • Reconnect stale MCP sessions before retry — circuit-breaker now iterates and reconnects. — 27beeb18

Preflight and connection fixes

  • Skip preflight for SPA servers — new skip_preflight: true config option for servers serving HTML on GET (e.g. Spring Boot apps with React frontends). POST JSON-RPC works fine; GET returns HTML. — 549def3a
  • POST probe fallback — preflight now tries a lightweight JSON-RPC initialize POST before rejecting endpoints whose HEAD/GET returns a non-MCP content type. — 32c1c47e

Connect timeout alignment

  • Honor configured connect_timeout on MCP OAuth login_reauth_oauth_server now passes the server-level timeout with a 180s floor for interactive login. — a3483680
  • CLI --connect-timeout flag — new flag for hermes mcp add persists as the server's connect_timeout. — d52d2973
  • Align floor at 315s — CLI and GUI OAuth login floors now match the 300s callback window + headroom. — f26ae4f6

Gateway & Multiplex Profile Fixes

Routing: secondary profiles now route through their own adapter

Critical fix — 53 instances of self.adapters.get(source.platform) were replaced with self._adapter_for_source(source) across gateway/run.py. In multiplex mode, secondary profiles (lars, kira, jonas, caro) were sending responses through the default profile's bot token on ALL response paths — streaming, sending, media delivery, voice, typing indicators, queue operations. — 8a9bc38c

Fail-closed adapter for unregistered profiles

When a stamped secondary profile has no _profile_adapters entry, the gateway now returns None instead of falling back to the default profile's adapter — preventing reply leaks to the wrong bot. — ab70551b

Multiplex profile config isolation

  • Read nested multiplex_profilesload_gateway_config() now correctly reads the flag from the nested gateway: section, matching the form written by hermes config set. — d3602e63
  • Environment isolation — secondary profile adapter startup no longer inherits default-profile platform tokens or port-binding enables. — 0f154e78

Session Management: Prune & Archive Overhaul

feat(sessions): full filter surface for prune + bulk archive subcommand040a5e30

The session pruning system received a major upgrade:

  • hermes sessions prune now supports keyword filters that AND together: started_before/started_after, title_like, end_reason, cwd_prefix, min/max_messages, archived tri-state.
  • New hermes sessions archive — non-destructive bulk soft-hide with the same filter surface, idempotent.
  • Extended filters--model, --provider, --user, --chat-id, --chat-type, --branch, --min/--max-tokens, --min/--max-cost, --min/--max-tool-calls. — second commit in same PR.
  • Any filter matches all ages — providing any filter (including --source) now suppresses the implicit 90-day default. Preview shows match count plus oldest/newest session start times. — 845a2b81
  • Dashboard /api/sessions/prune API mirrors all semantics.

Routing Index: SQLite Primary, JSON Legacy Mirror

refactor(gateway): move routing index to state.db, make sessions.json optional94205a11

The gateway routing index (session_key → SessionEntry) now lives in a gateway_routing table in state.db as the primary store. sessions.json is demoted to an optional legacy mirror controlled by gateway.write_sessions_json (default true for compat). Rehydration is now lossless even with sessions.json deleted — suspended, resume_pending, model_override, and token state all round-trip through the DB.

Auxiliary & Provider Configuration

API key inheritance fixes

  • Same-host gatemodel.api_key is inherited by auxiliary tasks only when the aux base_url resolves to the same hostname as the main model's — preventing cross-host credential leaks. — ede7e316
  • Custom endpoint key inheritance — when auxiliary task has provider=custom with empty api_key, the new _read_main_api_key() consults runtime override then config.yaml — fixing 401 errors on self-hosted gateways. — 8e09afda
  • Named custom provider reuse — auxiliary client now reuses the main agent's resolved credentials for named custom providers (custom:<name>), fixing all auxiliary tasks (title gen, compression, vision, session search) that were left credential-less. — 92da7a99
  • Refactored client-build pathresolve_provider_client() main_runtime custom-endpoint reuse folded into the shared block, eliminating 35-line header-shaping duplication. — 571f2a7f

Platform-Specific Fixes

WhatsApp Bridge

  • Inbound media download failure containmentsaveMedia() now catches download/write failures and surfaces [<type> could not be downloaded] in the event body instead of silently dropping the entire upsert batch. Port of nanoclaw#2895's never-silently-drop guarantee. — 6fad6f1d

Photon Sidecar

  • Auto-reinstall stale deps — detects when package-lock.json is newer than node_modules/.package-lock.json and runs npm ci before spawning, fixing the "dead iMessage forever" bug after pin bumps. — 3cd93f6a
  • Sidecar dep self-heal timeout — npm commands now bounded at 600s to prevent holding the photon connect path hostage. — 127d2ee8

Webhook Body Limits (Security)

Several platforms received bounded webhook body readers to prevent OOM:

Desktop (Windows)

  • Broken venv escapeunwrapWindowsVenvHermesCommand now probes the venv Python before returning it, so the resolver falls through to the bootstrap installer when a partial update leaves the venv broken. — 3c2f628f
  • Update marker pre-write — prevents backend respawn during Windows update by writing the marker before the quit dwell. — d00c7193

Agent & CLI

  • Strip empty tool_calls arrays — pre-API sanitizer now drops tool_calls: [] before sending to strict OpenAI-compatible providers like DeepSeek v4, preventing unrecoverable HTTP 400 errors. — a7932d86
  • Prompt-size respects platform toolsetshermes prompt-size now resolves platform-specific toolsets and honors agent.disabled_toolsets, fixing the discrepancy where reported tools exceeded actual session tools. — fe8d02ce
  • Skills Hub Brotli fix — centralized skills index now requests gzip, deflate instead of brotli, fixing blank "Browse Hub" pages on fresh deployments. — 590a1933

Cron

  • Reject stale one-shot jobscreate_job now rejects one-shot schedules whose compute_next_run is past ONESHOT_GRACE_SECONDS. Same guard applied to update_job. Both raise before any disk write. — 848089ac, 4976d3c3

Chore & Infrastructure

  • Tests pinned for flake prevention (random tip in topic-mode test, frozen-clock MCP tests, MagicMock profile attributes)
  • Multiple AUTHOR_MAP entries for PR salvage attribution
  • CRLF→LF normalization in desktop update-marker files
  • Documentation updates for MCP skip_preflight, configuration accuracy, and session prune filters

Highlights from ~200 commit summaries out of 686 total commits in the period. Full changelog available in the commit history.

Repository updates

Follow future updates

Get generated NousResearch/hermes-agent development summaries by email, or follow the weekly and monthly RSS feeds.

Sign in to subscribe by email. RSS feeds are public.

Sign in to subscribe