Hermes Vault · Update Log
Update complete
Local Kanban patch kept

Last updated: 28 June 2026, 04:28 BST

Hermes Update Log, Boyd's System
v0.17.0 to v0.17.0

261 mainline commits pulled after release v2026.6.19. Same public version, current upstream head. The useful part: safer backups, steadier gateway, better provider routing, stronger MCP/cron behaviour, and one local Kanban decision to make.

Current upstream
2ecca1e7d
Main decision
Keep setup. Formalise Kanban patch.
261commits pulled
3.9 GBforced backup
0.6.8CuaDriver now
2 fileslocal Kanban patch

Executive Summary

This update keeps Hermes on public version v0.17.0, but moves the code from 3e99ec0ff to 2ecca1e7d. Most of the update is reliability work. The one item that actually changes how we should maintain the system is Kanban.

To-do: Needs maintenance

Kanban moved forward upstream. Our swarm skill patch still works, but it is now the main local update risk.

Good, no action

Backups now capture more system state, gateway is steadier, provider routing is safer, and security redaction improved.

What changes next

Add a maintenance task to review the Kanban patch and decide whether it becomes config, upstream code, or documented local extension.

This is not a recommendation to redesign Hermes. Keep the current setup. The point is to stop burying real maintenance work inside update notes.

Decisions Needed

Top Maintenance Changes

Kanban and multi-agent workBlocked work now has clearer reasons and loop protection. Our swarm patch still works, but it needs a deliberate maintenance decision.action

What changed: Upstream Kanban added typed block reasons and protection against unblock loops. In plain English, blocked cards can carry a clearer reason, and Hermes has a guard against work bouncing between blocked and unblocked without progress.

What our local patch does: Our current patch adds swarm creation flags for explicit verifier and synthesizer skills: --verifier-skill, --synthesizer-skill, and --no-default-stage-skills.

What this means: Upstream has not fully replaced our patch. The patch still compiles and the flags still appear in hermes kanban swarm --help. But Kanban is now moving fast enough that this patch should stop being treated as a casual local edit.

Maintenance task: Review the Kanban patch and choose one path: make it supported config, upstream it, or document it as a permanent local extension with a regression check in the Hermes update process.
Update backupsRollback is closer to putting the working system back, not just the code. No process change beyond keeping forced backups for risky updates.better

What changed: Pre-update backups now include more of the state that makes Hermes feel like our operating system: project database files, Kanban boards, sibling stores, response store, memory store, and verification evidence.

What this means: Rollback should now restore more of the useful working context, not just the application code.

Action: No big process change. Keep the existing update gate. Still force a manual backup when the repo is dirty or when incoming changes touch Kanban, projects, gateway, providers, cron, MCP, or local patches.
Maintenance trackingReal system follow-ups should become maintenance tasks, not loose ideas or buried report bullets.watch

What changed: This report surfaced a better rule for future updates: if an update creates system work, that work should go into a maintenance lane.

What this means: The Kanban patch review is not a random idea. It is maintenance. Future reports should extract these items explicitly and feed them into the maintenance workflow or cron-backed planning process.

Action: After this report shape is approved, save the report template and add a maintenance-task extraction step to future Hermes update reports.

Useful Improvements, No Decision Needed

Provider, MoA, and routingWhen Hermes says use this model through this provider, it is less likely to accidentally send the job through the wrong lane.better

What changed: Hermes fixed several places where model routing could silently point at the wrong thing. MoA now resolves work to the real aggregator model, Codex slots stay routed through Codex, reference and aggregator models call through their real providers, context window sizing comes from the aggregator, provider switching reloads credentials, and OpenRouter sort options are checked before request dispatch.

What this means for us: This supports the current subscription-first setup. No provider rethink is needed.

Action: None for Boyd. If we run provider smokes later, Anthropic means the paid Anthropic API route. It does not mean Claude Code / CLA unless explicitly stated.
Gateway, Telegram, and deliveryFewer Telegram went weird failures, fewer duplicate or self-triggered messages, fewer gateway stalls when model or restart behaviour changes.better

What changed: Telegram update queues survive reconnects better, Hermes filters out the bot's own messages, delivery can use @username chat IDs, oversized Telegram videos are guarded, and gateway model switching no longer blocks the main event loop.

What this means for us: Telegram stays the main command surface. The update makes that path less fragile.

Action: None for Boyd. Mikey should treat fresh gateway errors as signal and ignore old pre-restart noise unless it repeats.
Security, approval, and redactionFewer secrets in logs, fewer approval prompts going to the wrong session, less chance a background helper edits a protected skill.better

What changed: Hermes masks more password-like config keys, respects tirith_fail_open=false when Tirith import fails, fixes approval prompt routing across concurrent sessions, redacts browser typed text more aggressively, protects pinned skills in background review, and tightens curator write guards.

Action: No change. Keep the current approval-heavy posture.
MCP, cron, and session searchConnected tools should get stuck less often, cron should stay cleaner per profile, and search should show less scheduled-job noise.better

What changed: MCP got fixes for dead transports, stale OAuth registrations, and background discovery prompts. Cron got clearer per-profile isolation and better restore detection. Session search now ranks interactive sessions above cron noise.

Action: No user-facing change. If the live tool list looks stale, use hermes mcp test <name> as the local ground truth.
Desktop, web UI, and computer-useThe UI surfaces moved forward, and the background computer-use driver is newer.better

What changed: The update rebuilt the web UI, rebuilt the packaged Desktop app, and upgraded CuaDriver from 0.6.5 to 0.6.8.

Action: No workflow change. Keep Desktop optional. If computer-use acts weird later, run hermes computer-use doctor before changing permissions by hand.

What Was Done

Update task logThe update ran, the local Kanban patch survived, and the system checks passed. Expand only if you need the audit trail.passed
  • Updated Hermes Agent from 3e99ec0ff to 2ecca1e7d. Public version remains v0.17.0.
  • Forced manual backup because the repo was dirty and upstream touched sensitive areas. Backup saved at ~/.hermes/backups/pre-update-2026-06-27-225937.zip.
  • Backed up the local Kanban patch at ~/.hermes/backups/hermes-update-20260627-225918/local-kanban-diff.patch.
  • Restored the local Kanban patch and verified compile/import plus hermes kanban swarm --help.
  • Gateway restarted under launchd and Telegram connected at 23:07:47 BST.
  • Camofox localhost bind, profile skill symlinks, Context7 MCP, and Linear MCP tested clean after update.
  • CuaDriver upgraded from 0.6.5 to 0.6.8.
  • Claude/Anthropic paid/API smokes were skipped by design because BB approved update verification, not paid provider testing.

Historical Update Reports

2026-06-27v0.17.0 to v0.17.0 mainline update 3e99ec0ff to 2ecca1e7d, 261 commits 261 commits, same public version. Kanban patch kept and verified. One open item: formal decision on the Kanban patch path. outstanding
What Changed

Upstream Kanban added typed block reasons and loop protection. Backups now include project databases, Kanban boards, sibling stores, response store, memory store, and verification evidence. Gateway model-switching no longer blocks the event loop. Security redaction expanded. CuaDriver upgraded from 0.6.5 to 0.6.8.

Impact

Kanban patch kept and verified. Rollback coverage is now more complete. No other process changes.

Decisions and Actions
  • outstanding Kanban patch formal review: Mikey prepares, Boyd decides path after review.
  • resolved Report template: JSON source and renderer now exist. Future reports should be generated, not hand-authored.
Update Log
  • 261 commits from 3e99ec0ff to 2ecca1e7d. Public version remains v0.17.0.
  • Pre-update: two dirty Kanban files. Local patch backed up at ~/.hermes/backups/hermes-update-20260627-225918/local-kanban-diff.patch.
  • Backup: ~/.hermes/backups/pre-update-2026-06-27-225937.zip, 3.9 GB. Snapshot 20260627-220547-pre-update.
  • Update: Python dependencies refreshed, web UI built, desktop packaged app rebuilt, CuaDriver upgraded to 0.6.8, bundled skills synced, gateway restarted.
  • Post-update verified: Hermes v0.17.0 at upstream 2ecca1e7d, Camofox localhost bind intact, profile symlinks intact, gateway launchd supervision healthy, Telegram connected, Context7 MCP passed, Linear MCP passed, Kanban patch compiles and imports.
  • Clean-up: desktop build dirtied apps/desktop/electron/main.cjs with bundled output. That source file was reverted. The desktop packaged app remains built.
  • Skipped by design: Claude/Anthropic checks and live provider smokes. Separate approval required for paid/API smokes.
2026-06-23v0.17.0 to v0.17.0 mainline update 5a53e0f0f to 5ecf3bf0e, 361 commits 361 commits, same version. Cron timeout watch carried from before this update. No Boyd decisions needed. monitor
What Changed

361 commits pulled. Package-lock.json was dirty pre-update. Incoming changes touched the Anthropic adapter. CuaDriver upgraded to 0.6.5. Python dependencies refreshed, web UI and desktop app rebuilt.

Impact

No local patches affected. Cron runs from before this update showed network timeouts. Reassessment scheduled after next cron runs.

Decisions and Actions
  • monitor Cron and network timeout watch: Mikey monitors after next scheduled runs. Not a Boyd action.
Update Log
  • 361 commits from 5a53e0f0f to 5ecf3bf0e. Public version remains v0.17.0.
  • Pre-update: one dirty file, package-lock.json. Incoming touched agent/anthropic_adapter.py, so manual backup was forced.
  • Backup: ~/.hermes/backups/pre-update-2026-06-23-160840.zip, 2.7 GB. Snapshot 20260623-151120-pre-update.
  • Update: Python dependencies refreshed, web UI built, desktop packaged app rebuilt, CuaDriver upgraded to 0.6.5, bundled skills synced.
  • Post-update verified: Hermes v0.17.0 at upstream 5ecf3bf0, repo clean, Camofox localhost bind intact, Camofox health OK, profile symlinks intact, gateway restarted under launchd, Telegram connected, Context7 MCP lookup passed, local MCP list passed.
  • Skipped by design: Claude/Anthropic checks and live provider smokes.
  • Watch: cron jobs active, but multiple last runs show network/timeouts from before this update. Reassess after next scheduled runs.
2026-06-19v0.16.0 to v0.17.0 509 commits Version bump to v0.17.0 via 509 commits. All provider checks passed. Follow-up fixes done same session. No open items. resolved
What Changed

Released hermes-agent==0.17.0. 509 commits pulled. Web UI rebuilt. Desktop packaged app rebuilt. CuaDriver upgraded to 0.5.7. SOP hook-table drift found and fixed. SOP updated to exclude Claude/Anthropic unless BB explicitly requests.

Impact

Major version jump. No breaking changes to Boyd's setup. OpenAI Codex and Kimi provider checks passed. Follow-up fixes completed in the same session.

Decisions and Actions
  • resolved CuaDriver daemon started and permissions verified.
  • resolved Cron jobs checked active.
  • resolved SOP hook-table drift fixed. Hermes update SOP now excludes Claude/Anthropic unless BB explicitly asks.
Update Log
  • 509 commits pulled locally, release v2026.6.19.
  • Pre-update: clean repo. Active provider openai-codex / gpt-5.5. Manual snapshot 20260619-215158-pre-update.
  • Backup: ~/.hermes/backups/pre-update-2026-06-19-225453.zip.
  • Update: Python package installed as hermes-agent==0.17.0, web UI built, desktop packaged app rebuilt, CuaDriver upgraded to 0.5.7, gateway restarted.
  • Post-update verified: Hermes v0.17.0, repo clean, Camofox localhost bind intact, profile symlinks intact, gateway loaded and Telegram connected, delegation smoke passed, Context7 MCP lookup passed, Kanban schema scan clean.
  • Provider checks: OpenAI Codex gpt-5.5 returned OK. Kimi kimi-k2.6 returned OK. OpenRouter smoke skipped (per-token, not required by SOP).
  • Excluded: Claude/Anthropic live checks and auth work. BB does not want Claude touched during ordinary Hermes updates.
  • Follow-up fixes done: CuaDriver daemon started and permissions verified. Cron jobs checked active. SOP hook-table drift fixed. Audit logged.
2026-06-14v0.16.0 to v0.16.0, 416 commits 6110aed9b to 4e6d05c6a, 416 commits 416 commits, same version. All checks passed. Three follow-up items all resolved later in the same period. resolved
What Changed

416 commits, same version tag, fast-forward from 6110aed9b to 4e6d05c6a. Pre-update zip backup created.

Impact

Camofox localhost patch intact, 7 profile symlinks intact, gateway service loaded, Telegram connected. Stitch MCP was not configured at this point.

Decisions and Actions
  • resolved Gateway launchd plist: now current.
  • resolved Telegram retry patch: absorbed upstream, no longer a local concern.
  • resolved Orchestrator merge: not needed. Boyd's overlay loads the stock playbook correctly.
Update Log
  • 416 commits, same version tag, fast-forward from 6110aed9b to 4e6d05c6a.
  • Pre-update: clean repo. Pre-update zip backup created at ~/.hermes/backups/pre-update-2026-06-14-202134.zip.
  • Post-update verified: Camofox localhost patch intact, 7 profile symlinks intact, gateway service loaded, Telegram connected.
  • Provider checks: OpenAI Codex, Kimi, delegation, and Context7 passed. Stitch MCP was not configured.
  • Resolved later: gateway launchd plist is now current. Telegram retry patch was absorbed upstream. Orchestrator merge is no longer needed because Boyd's overlay loads the stock playbook.
2026-06-10v0.16.0 to v0.16.0, 530 commits 5af899c7c to 6110aed9b, 530 commits 530 commits, same version. Gateway fell back to background process due to launchd bootstrap exit 5. Telegram reconnected. Drift items found and all resolved by 2026-06-14. resolved
What Changed

530 commits between 5af899c7c and 6110aed9b. Gateway fell back to background process because launchd bootstrap hit exit 5. Telegram reconnected and cron ticker ran.

Impact

Drift discovered: launchd plist stale, Telegram pause patch clobbered, degraded-send-path patch absorbed upstream. All resolved by the 2026-06-14 update session. SOP changed to make Claude smokes opt-in.

Decisions and Actions
  • resolved launchd plist stale: resolved by 2026-06-14.
  • resolved Telegram pause patch clobbered: absorbed upstream, resolved.
  • resolved Degraded-send-path patch: absorbed upstream, resolved.
  • resolved Claude Code CLI smoke and Hermes Anthropic smoke: opted out by SOP change.
Update Log
  • 530 commits between 5af899c7c and 6110aed9b.
  • Pre-update: clean repo. Auth had healthy Keychain and file credentials. Snapshot 20260610-191100-pre-update2 saved.
  • Update: gateway fell back to background process because launchd bootstrap hit exit 5. Telegram reconnected and cron ticker ran.
  • Post-update verified: Camofox localhost patch intact, 7 profile symlinks intact, gateway and Telegram reconnected.
  • Skipped per BB: Claude Code CLI smoke and Hermes Anthropic smoke. SOP changed to make Claude smokes opt-in by default.
  • Drift found: launchd plist stale, Telegram pause patch clobbered, degraded-send-path patch absorbed upstream. All resolved by 2026-06-14.
2026-06-06v0.15.1 to v0.16.0 227 commits Version bump to v0.16.0. Claude OAuth was expired; fixed during the update. All items resolved. resolved
What Changed

227 commits, tag v2026.6.5. Claude OAuth expired, only env-var credential active. Dirty repo had prompt_caching.py and package-lock noise.

Impact

Interactive Claude login ran during update. SOP-001 rewritten to use interactive login path and drop setup-token. Kanban orchestrator drift found but resolved: stock playbook load was correct, no full merge needed.

Decisions and Actions
  • resolved Claude OAuth expired: fixed. Interactive login ran, SOP-001 rewritten to use that path.
  • resolved Kanban orchestrator drift: stock playbook load resolves it. No full merge needed.
  • resolved launchd plist refreshed.
Update Log
  • 227 commits, tag v2026.6.5.
  • Pre-update: Claude OAuth expired, only env-var credential active. Dirty repo had prompt_caching.py and package-lock noise.
  • Auth fix: ran interactive Claude login, mirror, reset. SOP-001 rewritten to use that path and drop setup-token.
  • Update: clean pull after auto-stash. Pre-update zip backup created.
  • Post-update verified: Camofox localhost bind, 7 profile symlinks, gateway plus Telegram, Claude Code CLI smoke, launchd plist refresh.
  • Drift found: kanban orchestrator stock version moved ahead of Boyd's overlay. Later review found the overlay correctly loads the stock playbook, so no full merge was needed.
SOP reference: This report is generated as part of 40-Projects/claude-oauth-safety-guardrails/sops/update-gate.md. The stable URL is https://hermes-vault.pages.dev/briefs/hermes-update/.