Release Deep Dive
Hermes Agent
v0.6.0
March 30, 2026 · The Multi-Instance Release · 95 PRs · 16 Issues Closed
Profiles · MCP Server Mode · Docker · Fallback Provider Chains · Feishu/WeCom · Telegram Webhooks · Slack Multi-Workspace · Security Hardening
95Pull Requests
16Issues Closed
2New Platforms
5New Skills
2 daysSprint
What's in v0.6.0
👤
Profiles
Multi-instance isolation — separate config, memory, sessions & gateway per profile
🔌
MCP Server
Expose Hermes sessions to Claude Desktop, Cursor, VS Code via Model Context Protocol
🐳
Docker
Official container with CLI + gateway modes and volume-mounted config
🔗
Fallback Chains
Ordered provider failover with automatic retry when primary fails
📱
New Platforms
Feishu/Lark, WeCom, Telegram webhooks, Slack multi-workspace, Matrix voice
🛡️
Security
Hardened command detection, atomic writes, secret redaction, path traversal blocking
01
Profiles
Multi-instance isolation — run completely separate Hermes instances from one install
Profiles — Isolated Multi-Instance
- Fully isolated HERMES_HOME — each profile has its own config, memory, sessions, skills, and gateway service. Zero bleed between instances.
- Full CLI lifecycle —
hermes profile create / list / switch / delete / export / import / rename with tab-completion for profile names.
- Per-profile gateway service — each profile runs its own systemd/launchd service with its own bot token.
- Token-lock isolation — prevents two profiles from accidentally using the same bot credential simultaneously.
- Export / import — bundle a profile (config + memory + skills) into a portable archive for sharing or backup.
- Profile-aware display paths — all
~/.hermes references now use display_hermes_home() to show the correct active directory.
hermes profile create work
hermes -p work
hermes profile export work
~/.hermes-profiles/work/
config.yaml
memory/
sessions.db
skills/
Use case: Run a personal agent and a work agent side-by-side, each with different models, memories, and bot accounts — no interference.
02
MCP Server Mode
Expose Hermes to any MCP-compatible client — Claude Desktop, Cursor, VS Code, and more
MCP Server — hermes mcp serve
- Exposes conversations & sessions — browse history, read messages, search across all sessions, and manage attachments through MCP tools.
- Dual transport — supports both stdio (local process) and Streamable HTTP transport modes.
- Compatible clients — Claude Desktop, Cursor, VS Code (Continue), Zed, and any MCP-speaking tool.
- Dynamic tool discovery — MCP tools auto-update via
notifications/tools/list_changed when the server changes capabilities.
- Non-destructive — read-only view into sessions; does not alter agent state or memory.
# Start MCP server (stdio)
hermes mcp serve
# HTTP transport mode
hermes mcp serve --transport http
# Claude Desktop config.json:
{
"mcpServers": {
"hermes": {
"command": "hermes",
"args": ["mcp", "serve"]
}
}
}
03
Docker Container
Official Dockerfile — run Hermes in a container with CLI or gateway mode
Docker & Fallback Provider Chains
Docker Container
- Official Dockerfile — closes long-standing issue #850. CLI and gateway modes supported.
- Volume-mounted config — mount
~/.hermes into the container for persistent state.
- Skills live-sync — skills dir mounted into remote backends; no container rebuild when skills change.
- Works with profiles — mount a specific profile directory for an isolated instance.
docker run -it \
-v ~/.hermes:/root/.hermes \
nousresearch/hermes-agent
Fallback Provider Chains
- Automatic failover — when primary provider fails or rate-limits, Hermes tries next in chain.
- Configured in config.yaml — simple ordered list under
fallback_providers.
- Rate-limit aware — respects Retry-After headers before switching.
- Closes #1734 — one of the most requested reliability features.
fallback_providers:
- anthropic
- openai
- nous
04
Messaging Platforms
Two new enterprise platforms plus major upgrades to Telegram, Discord, Slack, and Matrix
New & Upgraded Messaging Platforms
Also: Mattermost configurable mention behavior · WhatsApp bot-mode reply fix · DingTalk routing fix
05
Security & Reliability
Hardened detection, atomic writes, expanded secret redaction, path traversal guards
Security & Reliability Upgrades
Security
- SECHardened dangerous command detection — catches more patterns incl. obfuscated variants.
- SECFile tool path guards — sensitive path checks in approval system for file tools, not just terminal.
- SECSecret redaction expanded — ElevenLabs, Tavily, and Exa API keys redacted from all logs.
- SECVision file rejection — non-image files rejected to prevent information disclosure.
- SECSkill path traversal blocked — prevents
../ attacks in skill category names.
- SECSelf-termination guard — agent cannot
pkill/killall itself.
Reliability
- FIXAtomic config.yaml writes — gateway crashes cannot corrupt config.
- FIXTerminal timeout preserves partial output — no output lost on timeout.
- FIXClear __pycache__ on update — prevents stale bytecode ImportErrors after updates.
- FIXGateway self-heal launchd plist — missing service files regenerated on start.
- FIXConfigurable approval timeout — dangerous command approval window is now user-tunable.
- FIXRate-limit pairing spam prevention — paired messages rate-limited to avoid flooding.
06
CLI, Skills & Plugins
/yolo, Ctrl+Z, tool token costs, new skills, plugin inject_message interface
CLI, Skills & Plugin Upgrades
CLI Improvements
- /yolo — toggle dangerous command approval on/off mid-session without editing config.
- Ctrl+Z process suspend — suspend the agent like any standard Unix process.
- Tool token cost display —
hermes tools shows estimated token cost per toolset.
- Full path display — tool previews show complete file paths, not truncated at 40 chars.
- Resume-by-title in exit summary — session title shown on exit for easy resume.
- Lazy-init tools show yellow (not red) in banner — no more false missing-tool alarms.
Plugin System
- hermes plugins enable/disable — manage plugin state without removing them.
- inject_message interface — plugins inject messages via
ctx.inject_message().
- BOOT.md hook — auto-run a startup script when gateway starts.
New Skills
memento-flashcards
Spaced repetition flashcard system for knowledge retention
songwriting-and-ai-music
Songwriting craft and AI music generation prompts
SiYuan Note
Integration with SiYuan note-taking app
Scrapling
Advanced web scraping via Scrapling library
one-three-one-rule
Structured communication framework: 1 context, 3 points, 1 action
Also: garrytan/gstack Skills Hub tap as default · External skill dirs via config · Canvas LMS skill added
07
Infrastructure & Tooling
Exa search, Camofox browser, Nix improvements, Gemini full context
Infrastructure & Provider Upgrades
🔍
Exa Search Backend
Neural semantic search added alongside Firecrawl and Parallel. Requires exa-py>=2.9.0.
🦊
Camofox Browser
Local anti-detection browser with fingerprint spoofing and stealth mode for bot-blocking sites.
🔄
MCP Upgrades
Non-deprecated streamable_http_client · Dynamic tool discovery · Honcho self-hosted without API key.
⏱️
Configurable LLM Timeouts
Auxiliary LLM call timeouts configurable via config.yaml for slow or high-latency providers.
✨
Nix & Directory Layout
Unified file permissions across all Nix layers. Consolidated ~/.hermes layout with backward compatibility.
📊
Gemini Full Context
Full context length resolution for direct Gemini API. /profile command shows active profile in gateway.
✓
v0.6.0 Summary
The multi-instance release: infrastructure maturity, enterprise messaging reach, and security hardening
v0.6.0 at a Glance
👤
Multi-Instance
Profiles with full isolation
🔌
MCP Server Mode
hermes mcp serve
🐳
Container
Official Docker image
🔗
Provider Failover
Fallback chains in config
📱
New Platforms
Feishu/Lark + WeCom
🛡️
Security
6 hardening changes
🎮
/yolo Mode
Toggle approvals live
🔍
Exa Search
Neural semantic backend
📚
New Skills
5 skills added
Upgrade: hermes update · Tag: v2026.3.30 · 95 PRs merged