Echo Studio (integrated from #457 in cycle 2b) was always-visible in the
chat sidebar and mobile hamburger nav. It's a scaffold/prototype, so surface
it only when opted in.
- add experimentalEchoStudio: false to StudioSettings + defaults
- new Settings > Labs (experimental) section with a Switch
- chat-sidebar + mobile-hamburger filter the Echo Studio nav item by the flag
/api/models now reads provider base_url + api_key entries from config.yaml and
fetches their /v1/models (60s cache, 3s timeout, server-side keys only), merging
them into the picker so configured upstream proxies restore dynamic discovery.
fetchSessions now sends accept: application/json, verifies the content-type is
JSON before parsing, and validates the response shape. When an auth/proxy layer
intercepts /api/sessions and returns HTML, the user gets a clear error instead
of a React crash from JSON.parse on '<!doctype html>'.
When React throws 'Failed to execute insertBefore/removeChild ... not a child
of this node' (stale DOM/runtime mismatch on navigation), the ErrorBoundary now
clears service-worker + cache-storage and reloads once (30s TTL guard to avoid
reload loops) instead of leaving the user on a dead error screen.
The Workspace model picker only saw entries from ~/.hermes/models.json,
the gateway /v1/models endpoint, and local provider discovery (Ollama,
Atomic Chat). Hermes Agent's actual catalog lives in ~/.hermes/config.yaml
under providers.<id>.models, providers.<id>.model, and model_aliases.
In setups where /v1/models intentionally returns only 'hermes-agent',
this meant the picker showed maybe 4 models out of the ~60 the user
had configured.
Add readClaudeConfigCatalog() to /api/models that walks providers.*.models
(strings or {id,name,provider} objects), each provider's default model,
and model_aliases (mapped to {id: alias, target: '<provider>/<model>'}).
Merge those entries via mergeModelEntries() so existing dedup and ordering
behavior is preserved, and append '+config.yaml' to the source label so
the UI/debug can tell where models came from.
The chat viewport previously only released stick-to-bottom when the
user scrolled up AND was already more than 200px from the bottom.
While reading near the end of a streaming response, any upward scroll
inside the bottom 200px did nothing — the ResizeObserver then yanked
the viewport back to the bottom on the next streaming chunk, producing
the 'can't scroll up' tug-of-war reported in #552.
Fix: any user-initiated upward scroll releases stick-to-bottom
immediately. Re-stick only when the user has stopped scrolling up
AND is at the bottom (<=NEAR_BOTTOM_THRESHOLD). Applied symmetrically
in ChatContainerRoot (handleScroll) and in chat-message-list's
handleUserScroll mirror.
The model-config provider dropdown in the Providers settings screen
(also shown in the in-chat Providers dialog) only offered Custom,
OpenRouter, Anthropic, and OpenAI. Despite docker-compose exposing
GOOGLE_API_KEY, users could not select Google/Gemini as a provider
without hand-editing config. Add 'google' to ModelProviderOption and
MODEL_PROVIDER_OPTIONS (label 'Google (Gemini)'), and register 'google'
as a known provider prefix so google/* model ids strip correctly.
When a reverse proxy (e.g., Tailscale Serve, nginx) closes the SSE
connection after an idle timeout, the reader returns { done: true }
cleanly. Previously this was treated as a successful completion, causing
the thinking indicator to disappear and a retry button to appear with
no error message — silently discarding any in-progress backend work.
Now: if the stream ends without a 'done' event AND no response text was
received while in 'accepted' or 'active' phase, call markFailed() with
a clear message instead of finishStream(). This surfaces an error toast
and persists the error state so the user knows what happened.
Fixes#512.
Validation: pnpm build passes, use-streaming-message tests (4/4) pass.
Fixes#505 and #506.
#505 — Assistant response disappears after auto-compaction:
- Capture the just-completed assistant message from the realtime buffer
BEFORE clearing it and invalidating the query cache.
- After background refetch, if compaction dropped the message count and
the assistant message is no longer present, re-inject it.
#506 — Submitted prompt reappears after assistant response:
- Update isOptimisticUserMessage to return false for sent/done messages,
preventing confirmed messages from being re-persisted as pending.
- Clear __optimisticId in onStarted callback so the message is no longer
treated as optimistic after server confirmation.
Salvaged from contaminated PR #524 (which included unrelated HermesWorld
game assets). Only the targeted chat fixes are included here.
Validation: pnpm build passes. Pre-existing test failures unrelated.
* fix(conductor): mobile rendering — add overflow-y-auto, remove justify-center, responsive OfficeView
Three rendering bugs fixed in the Conductor component:
1. Missing overflow-y-auto on active, preview, and complete phase
containers — content was silently clipped instead of scrolling
on mobile viewports.
2. justify-center on the active phase flex column main container
fought with natural top-to-bottom flow when content overflowed.
3. OfficeView fixed at h-[360px] on mobile — changed to
max-h-[clamp(200px,40vh,360px)] so it adapts to viewport height.
Fixes#445
* fix(conductor): home page header badge truncation and mission row mobile layout
- Replaced absolute-positioned action buttons with flex layout using
flex-1 spacers — prevents the Conductor badge from overlapping with
the action buttons on narrow screens.
- Added truncate to badge text and shrink-0 to the green dot for
graceful overflow.
- Hid token count column on mobile in recent missions rows to give
the mission title more room (reduces truncation).
- Reduced gap and fixed-width column sizes slightly for tighter mobile
layout.
* fix(conductor): handle native-swarm mode in hook — was falling through to dashboard logic with null session key
The ConductorSpawnResponse type declared native-swarm mode but the
sendMission handler had no case for it. When the server returned
mode: 'native-swarm', the hook fell through to the dashboard fallback
with null sessionKey/sessionKeyPrefix/missionId/jobId, throwing a
generic error.
Now native-swarm is handled with its own branch that:
- Sets missionId and jobId for mission status polling
- Uses missionId as the orchestrator session key proxy
- Sets descriptive plan text about swarm workers
- Immediately transitions to running phase
Also added the assignments field to ConductorSpawnResponse type.
* fix(conductor): infinite retry on mission status query — native-swarm missions could get stuck
The missionStatusQuery used default react-query retry (3 attempts),
which could exhaust before the SwarmMission store had created the
mission record. For native-swarm missions, the dispatch is async
(void-promise), so the GET /api/conductor-spawn?missionId=... call
could arrive before the swarm mission was stored, returning 404.
With retry exhausted, the query stopped polling and the mission
remained stuck in the 'running' phase forever.
Changed to retry: Infinity with exponential backoff
(2s, 4s, 8s capped at 10s) so the query keeps polling until the
swarm mission is available.
* fix(conductor): mobile rendering — double header, missing tab bar, CONDUCT truncation, bottom padding
* fix(conductor): remove md:justify-center on home page to prevent content clip
The home page Conductor view used md:justify-center on the main container,
which vertically centers flex content in the available space. When content
height exceeds viewport height, flex centering pushes the top off-screen
(y=-51px), clipping the Conductor badge and header.
Fix: remove md:justify-center so content starts at justify-start (y=24px),
keeping the badge and header visible. Only the home phase had this class;
preview, active, and complete phases were already justify-start.
* fix(conductor-gateway): start session key resolver when prefix is present even without initial sessionKey
When the dashboard returns a sessionKeyPrefix without a sessionKey
(session hasn't resolved yet), the async session key resolver at
line 1581 was gated on both . Since
orchestratorKey was null in this case, the resolver never started
and the session key was never resolved.
Fix: remove the orchestratorKey check — the resolver only needs the
prefix to start polling for a matching session.
* fix(dashboard): prevent OpsStrip text overlap & extend marquee mask at mobile widths
- OpsStrip gateway block: add flex-wrap so '0 active runs' and
'pulse 4h ago' wrap properly on narrow viewports instead of
colliding horizontally.
- AttentionMarquee mask: extend fade zone from 92% to 96% so
marquee items aren't prematurely masked on 390px viewport.
* fix(dashboard): prevent action button overflow at mobile viewport
Change action bar from justify-end to justify-start on mobile
so that NEW CHAT / TERMINAL / SKILLS buttons don't clip the
right edge of the 390px viewport. Desktop remains justify-end.
* fix(files): wrap code viewer text on mobile viewport
The element in the code viewer had default
which caused line overflow on narrow screens. Added so long code comments wrap at 390px viewport instead of
clipping off-screen.
* fix: set tabbar height default to 80px in styles.css, fixing bottom content clipping across all pages
styles.css hardcoded --tabbar-h: 0px, overriding the 80px fallback
in var(--tabbar-h, 80px) used by most pages. This caused bottom
content to be hidden behind the fixed mobile tab bar (~80px tall)
on every non-chat page. The MobileTabBar JavaScript does dynamically
measure and set this variable, but the CSS default was wrong.
* fix(dashboard): shrink New Chat button at smallest mobile viewport
iPhone SE (375px) couldn't fit NEW CHAT + TERMINAL + SKILLS
on one row because the primary button used desktop-sized padding
and text. Reduced New Chat to px-3 py-1.5 text-xs on mobile
(default), restored to px-3.5 py-2 text-sm at sm: breakpoint.
Also removed redundant justify-start (flex-start is the default)
to keep flex-wrap clean.
* fix(swarm): pass prompt via stdin instead of CLI arg to fix dispatch failure
dispatchSwarmAssignments ran hermes chat -q <prompt> with the
full prompt as a command-line argument. For long prompts this
exceeds ARG_MAX or contains unescaped chars, causing execFile
to fail silently ("Command failed"). The worker was marked
dispatched but never actually started, leaving it stuck in
'idle' with 0/1 tasks complete forever.
Fix: pass the prompt through execFile's stdin ('input' option)
instead of as a positional arg. hermes chat -q reads from stdin
when no query argument follows the flag.
---------
Co-authored-by: Waylon Kenning <waylonkenning@Waylons-MacBook-Pro.local>
Co-authored-by: Aurora <myaurora.agi@gmail.com>
Addresses #514 by documenting the env vars needed for LAN/Tailscale
deployments (HERMES_PASSWORD, COOKIE_SECURE, API_SERVER_KEY,
GATEWAY_ALLOW_ALL_USERS) and providing a docker-compose.override.yml
example for publishing ports without loopback binding.
Added troubleshooting table for common Docker startup errors.
Co-authored-by: Aurora <myaurora.agi@gmail.com>
When HERMES_DASHBOARD_URL is set, profile list/read now fetches from
the dashboard /api/profiles endpoint before falling back to local
filesystem reads. This fixes empty profile lists in split-host Docker
deployments where the workspace container has no local profiles
directory but the agent host's dashboard already exposes profile data.
- Add listProfilesWithFallback() and readProfileWithFallback()
- Wire route handlers to use the new async fallback functions
- Keep sync filesystem code unchanged for colocated deployments
- Dashboard calls use existing HERMES_API_TOKEN/CLAUDE_API_TOKEN auth
Closes#499
Co-authored-by: Aurora <myaurora.agi@gmail.com>
* feat: add Nix flake and module for hermes-workspace deployment
* chore: modernize Nix build by migrating to generic nodejs/pnpm packages and adding direnv integration
Resolve the Hermes CLI path explicitly before running profile cron
create/update/action commands so Workspace does not depend on the
launch environment PATH.
This fixes job edit/action failures that surfaced as:
spawnSync hermes ENOENT
Also refresh the tracked Electron server bundle so the desktop app
picks up the server-side fix.
* chore: preserve pnpm approved builds
* fix(router): support runtime basepath override for reverse-proxy hosting
The TanStack router was created without a `basepath` option, so the same
built bundle could not be hosted under a path prefix (e.g. behind a
reverse proxy that mounts the app at `/workspaces/<id>/`). Hard refreshes
appeared to work because SSR runs at the proxy-stripped path, but
client-side navigation to dynamic routes such as `/chat/$sessionKey`
silently fell through to the catch-all `/$` route — rendering the
"404 — Not Found" page from inside the SPA.
Read an optional `window.__HERMES_WORKSPACE_BASEPATH__` global and pass
it through to `createRouter`. When unset, behavior is unchanged
(`basepath: '/'`). The value is normalized so callers can pass either
`/workspaces/abc`, `workspaces/abc`, or `/workspaces/abc/` without
upsetting TanStack's pathname matching.
This lets hosting layers inject a tiny inline script before the bundle
loads to mount the app at any path, without rebuilding.
* fix(chat): prevent stale thinking state after page refresh (closes#449)
Root cause: sessionStorage 'waiting' flags persisted across page refreshes
even for completed conversations. The Zustand store restored these stale
entries on mount, and the active-run API check cleared them async —
but there was a visible render window where the UI showed 'thinking'.
Fix:
1. Added activeRunCheckDone state that gates the waitingForResponse memo.
While the active-run API check is pending, stale restored state is
not trusted — the thinking indicator stays hidden until verification.
2. Added onCheckComplete callback to useActiveRunCheck hook that fires
after the API check finishes (success or error), unblocking the gate.
3. Added a useEffect that detects restored stale waiting state and sets
pendingVerifySessionKeyRef so the gate only applies to the key that
needs verification — not to genuine active streams.
Test: e2e/chat-thinking-state.spec.ts injects a stale sessionStorage
entry before page load, then verifies no thinking indicator appears
and the stale entry is cleaned up by the API check.
* fix(chat): eliminate duplicate messages flicker on stream completion (closes#441)
Root cause: onDone handler used queryClient.invalidateQueries() which
triggers an async refetch. During the refetch window, mergeHistoryMessages
ran with stale cache data + realtime buffer, producing visible duplicates
(extra user message + blank line) for 1-2 seconds until refetch completed.
Fix: Directly merge realtime buffer into history cache via setQueryData(),
then clear buffer synchronously. Background refetch runs after for
consistency but doesn't block rendering.
* fix: restore hermes-config and config-patch API routes
The Aurora rename migration (efcb7d14) renamed hermes-config.ts to
claude-config.ts, but the frontend and routeTree.gen.ts still reference
the original paths. This caused all /api/hermes-config and /api/config-patch
requests to fall through to the SPA HTML fallback, breaking config saves
from the settings dialog and provider wizard with 'Failed to save' errors.
Restored by creating thin route files that delegate to the existing
handleHermesConfigGet/handleHermesConfigPatch handlers from
src/server/hermes-config-route.ts.
Fixes the settings dialog (hermes-config GET/PATCH) and provider wizard
(config-patch POST) config save flows.
* fix(server): add essential env vars to terminal session
* fix(swarm): worker card shows stale state after task completes
deriveWorkerState derived the badge from currentTask title substring
matching and markCheckpointResult never cleared currentTask on terminal
checkpoints, so a finished worker's card stayed permanently 'working'.
- swarm-dispatch.ts: clear currentTask on terminal checkpoint
(checkpointStatus !== 'in_progress'), matching conductor-stop's reset
- operational-worker-card.tsx: deriveWorkerState reads authoritative
checkpointStatus/state first, title heuristic only while in_progress
- swarm2-screen.tsx: pass checkpointStatus/state into the card
* fix(portable-history): replay authenticated portable chat history
* fix(config): keep legacy claude-config shim on shared handlers
* fix: harden splash hydration and docker uid mapping
* fix: keep seen update notes dismissed
* feat: consolidate workspace state under configurable state directory (closes#439)
Adds HERMES_WORKSPACE_STATE_DIR env var support, consolidating 5
scattered state files under a single configurable directory.
Changes:
- New src/server/workspace-state-dir.ts with getStateDir() utility
honoring HERMES_WORKSPACE_STATE_DIR → HERMES_HOME/workspace →
CLAUDE_HOME/workspace → ~/.hermes/workspace (fallback chain)
- Updated gateway-capabilities.ts (workspace-overrides.json)
- Updated mcp-presets-store.ts (mcp-presets.json)
- Updated mcp-hub-sources-store.ts (mcp-hub-sources.json)
- Updated mcp-tools-cache.ts (cache/mcp-tools.json)
- Updated knowledge-config.ts (knowledge-config.json)
- Removed 5 duplicated hermesHome() functions, replaced with shared
getStateDir() import
Test: 6 vitest unit tests covering all env var priority combinations
(cherry picked from commit d6bebe0614b0c7b9015bac5e35d315a8450ac146)
* fix(conductor): surface native-swarm progress and harden worker startup
* feat(chat): safely render HTML message markup
* fix(chat): surface installed skills in slash autocomplete
* fix: add swarm runtime reset endpoint
* fix(conductor): mobile rendering — add overflow-y-auto, mobile bottom padding, OfficeView responsive height, tabbar fix
* fix(send-stream): preserve runs on client disconnect
* fix(profiles): skip profiles/default duplicate card
* fix: accept HERMES_AGENT_PATH override
* fix(profiles): allow disabling sticky active_profile writes
* fix: preserve workspace chat session routing
* fix(portable-history): skip replay when gateway session continuity is available
---------
Co-authored-by: Hermes Agent <hermes-agent@local.invalid>
Co-authored-by: jack <jack@hijak.dev>
Co-authored-by: Waylon Kenning <waylonkenning@Waylons-MacBook-Pro.local>
Co-authored-by: Michael Rodriguez <michael@rivercity-industries.com>
Co-authored-by: Vu Tran <baysao@gmail.com>
Co-authored-by: iltaek <iltaekkwon@gmail.com>
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Co-authored-by: jonathanmalkin <jonathan.d.malkin@gmail.com>
Co-authored-by: KT-Hermes <ktadmin@kt-bot2.tekeis.net>
Merging the playground performance pass after rebasing it onto current main and re-running a fresh local production build. The branch stays scoped to HermesWorld performance and asset-weight reductions.
- make install.sh resilient when pnpm is only available via corepack
- cap pnpm build heap for low-memory installs
- relabel Workspace Kanban sidebar entry to Tasks and clarify copy
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* fix(start): use server-entry wrapper for production
* fix(swarm): reconcile oneshot checkpoints and ignore phantom blockers
* fix(profiles): sync editable descriptions from profile config
* fix: show cron jobs across Hermes profiles
* fix(capabilities): clarify dashboard-backed API detection
* feat: make Conductor use native Swarm fallback
Treat Workspace-native Swarm as the official Conductor fallback when the dashboard mission API is unavailable. Preserve dashboard-first dispatch, native status/cancel handling, provider-neutral setup docs, and regression coverage for gateway capability detection, swarm health, roster/profile handling, and native Conductor responses.
* fix(usage-meter): reposition menu trigger for better alignment
- Adjusted the position of the menu trigger in the usage meter component to enhance layout consistency and user experience.
fix(chat-panel): adjust position of chat panel toggle button
- Updated the positioning of the chat panel toggle button to improve visibility and accessibility by changing its bottom and right offsets.
* fix(stt): wire Groq/OpenAI voice transcription into chat
* Fix Workspace Kanban loopback dashboard link
* fix(update): do not open historical release notes on startup
* fix(chat): clear stale thinking runs reliably
* fix(dashboard): trust sessions endpoint for status
* fix(settings): address review — local default, OAuth lifecycle, validation
* fix(dashboard): always scrape live session token from HTML
* fix(chat): avoid portable history replay on bound sessions
* fix(settings): remove dead smart routing controls
* fix(tasks-api): guard against HTML catch-all in probeBackend
The /api/hermes-tasks route was renamed to /api/claude-tasks in commit
efcb7d14, but the probe logic still listed the old route as a candidate.
When probed, the SPA catch-all returned a 200 HTML response instead of
a 404, so probeBackend() treated it as a valid (empty) backend and then
failed when the actual task fetch threw.
Fixes:
- probeBackend() now checks Content-Type: application/json and returns
-1 for non-JSON responses, so future route renames degrade gracefully.
- resolveBackend() now only selects hermes if hermesCount > 0, defaulting
to claude-tasks (the active backend post rename) when hermes is absent.
* fix(terminal): default cwd to ~ and fallback if path missing
PTY helper chdir fails when ~/.hermes is absent (common in Docker).
Default shell cwd to home; server falls back to HOME if cwd does not exist.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(settings): satisfy lint on custom providers UI
* fix(docker): add -m flag to useradd so workspace home dir is created
Without -m, the system account has no /home/workspace directory.
The auth middleware tries to write the session store at
/home/workspace/.hermes/workspace-sessions.json; mkdirSync fails with
EACCES because /home/ is root-owned (755), causing the 'Failed to
persist session store' warning and a 500 on every authenticated route.
Adding -m causes useradd to create and chown /home/workspace correctly
so the session store can be written on first login.
* fix(tasks): preserve real session links and restore task launch flow
* fix(launchd): install macOS plist from server-entry template
* fix(docker): expose dashboard API and persist workspace volumes
* fix(jobs): serialize deliver targets for cron API
* Make Hermes Workspace installable as PWA
* chore(deps): pin direct tanstack versions
* feat: align semantic Hermes swarm agents
Add semantic swarm roster metadata, profile/tool/skill docs, shared semantic worker ID validation, focused roster regression coverage, and one-shot checkpoint capture for dispatch smoke tests.
* fix(conductor): pass through sessionKeyPrefix from portable spawn result
sessionKeyPrefix was hardcoded to null in conductor-spawn.ts, breaking
async session resolution when the dashboard backend returns a prefix.
Now mirrors the sessionKey pattern and passes through the value from
the spawn result.
Co-authored-by: Hermes Agent
* feat(swarm): bridge workspace kanban to native Hermes
* fix(chat): keep portable main pinned without breaking resolved sessions
* Add Windows startup script for Hermes Workspace
Document PowerShell usage for launching and restarting gateway + workspace via WSL tmux.
Co-Authored-By: Oz <oz-agent@warp.dev>
* fix(config): name Hermes Agent in restart notice
* fix(swarm): reconcile aggregate semantic worker exports
---------
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Co-authored-by: motoki takahashi <motokitakahashi@motokinoMac-mini.local>
Co-authored-by: Vicky Wonder <vicky@openclaw.ai>
Co-authored-by: Vitaliy Isikov <visikov+supagoku@gmail.com>
Co-authored-by: Hermes Agent <hermes-agent@local>
Co-authored-by: Nikolay Mohr <nikomohr96@gmail.com>
Co-authored-by: Niko Mohr <niko@friendsfromcollege.de>
Co-authored-by: wtchronos <262830926+wtchronos@users.noreply.github.com>
Co-authored-by: Dak0verflow <dakotaferris@gmail.com>
Co-authored-by: norema <mamadou.marone.19@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: daoyuan <ludaoyuan1989@gmail.com>
Co-authored-by: firemountain <firemountain@gmail.com>
Co-authored-by: RAZSOC Local <razsoc@local>
Co-authored-by: Waylon Kenning <waylonkenning@Waylons-MacBook-Pro.local>
Co-authored-by: Kublai <kublai@kublai.local>
Co-authored-by: justa <justa@local>
Co-authored-by: Oz <oz-agent@warp.dev>
- Remove the MseeP.ai security badge - the crocodile mascot doesn't fit
Workspace branding and Workspace isn't an MCP server (it's an agent UI),
so the audit badge was confusing for users skimming the readme.
- Bump the visible version badge from 2.1.3 to 2.3.0 to match the actual
shipped version.
- Add a dedicated 'Pair an Agent with the Workspace' section between the
install paths and Docker, covering:
- Architecture diagram (which service does what on which port)
- Three-command pairing workflow
- Verify-pairing curl checks
- .env reference table
- Common pairing scenarios (local, Tailscale/VPN, multi-profile, remote)
- Live re-pairing without restart
- Troubleshooting for the four most common pairing errors
The previous readme split this information across the 'Already running
hermes-agent? Attach the workspace to it' and 'Manual install' sections,
which was hard to follow if your question was just 'how do I connect
agent X to workspace Y'.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* Upload SciFi theme screenshot
* fix: stabilize workspace swarm process spawning (#302)
Co-authored-by: Jarno de Vries <jarno@match-day.nl>
* feat(theme): add SciFi theme (dark + light variants) (#303)
* feat(theme): add SciFi theme (dark + light variants)
- Add scifi-theme.css with neon accents, glow effects, gradient backgrounds
- Register SciFi in theme.ts with dark/light color schemes
- Add SciFi option in settings UI
- Import scifi-theme.css in styles.css
* docs: add SciFi theme screenshot
---------
Co-authored-by: Fungraphique <fungraphique@jarvis.local>
* fix(chat): cross-session response contamination + /new opens previous chat (#297, #300)
Two related session-routing bugs that landed responses (or new-chat
clicks) into the wrong session.
#297 — cross-session response contamination
When the user navigated to a new chat while a previous chat was still
streaming, the previous chat's response chunks would land in the
**new** chat. Three fixes:
* useStreamingMessage now bumps a streamGenerationRef on every
startStreaming call. The fetch-reader loop captures that token at
start and re-checks it on every reader.read() and between events
in the same batch. If the token has changed (because the user
started a different stream), the loop cancels the reader and exits
without dispatching anything. This closes the brief race between
abortController.abort() and the underlying fetch reader actually
stopping, during which buffered chunks were silently writing into
activeSessionKeyRef.current (which had already been switched to
the new session).
* chat-screen now cancels the in-flight stream on session-key change
via a useEffect keyed on (activeCanonicalKey, activeFriendlyId,
isNewChat). Previously nothing cancelled the stream on navigation
\u2014 only the user clicking the explicit Stop button (handleStop)
called cancelStreaming().
#300 — /new slash command opens last chat instead of new session
/new was calling navigate({ to: '/chat' }), but the /chat index route
unconditionally redirects to localStorage('claude-last-session'), so
/new always landed in whichever chat was last active. Fixed at three
entry points so all 'new chat' actions go through the explicit 'new'
sentinel:
* /new in chat-screen.handleUiSlashCommand
* /new in command-palette.runSlashCommand
* 'New Chat' quick-action tile in the search modal
The 'Chat' nav link in the sidebar still goes to /chat (= last session)
\u2014 that's the correct behaviour for a screen-level nav target. Only
'new' actions are routed to the new sentinel.
Closes#297, #300
* fix(terminal): keep PTY alive across SSE disconnects + auto-reattach (#298)
The browser terminal periodically 'reset back to prompt' during normal
use because any transient SSE disconnect (network blip, browser tab
suspension, HMR reload, dev-server restart) tore down the user's PTY
and dropped them into a fresh shell.
Root cause: terminal-stream's request.signal abort handler called
session.close(), which SIGTERM'd the underlying Python PTY helper.
There was also no auto-reconnect on the client \u2014 a single dropped
read terminated the loop, called /api/terminal-close, cleared the
tab's sessionId, and left the user with an idle tab.
Fix in three parts:
1) terminal-sessions: TerminalSession gains markDetached() and
markAttached(). markDetached() starts a TTL timer (default 5 min,
override via HERMES_TERMINAL_DETACH_TTL_MS) that reaps the PTY only
if no client reattaches in time. The map keeps the session live in
the meantime.
2) terminal-stream: accepts an optional sessionId in the POST body. If
the id matches a still-alive session, the route reattaches to it
instead of spawning a fresh PTY. The 'session' event payload now
includes a 'reattach' flag. On SSE abort, we just detach listeners
and call session.markDetached() \u2014 the PTY stays running.
3) terminal-workspace: passes sessionId on every connect, so reconnect
reattaches automatically. When the read loop ends and the tab still
has a sessionId, we attempt a single quick reattach with a
'[reconnecting...]' nudge to the user instead of tearing the tab
down. /api/terminal-close is no longer called on stream end \u2014 the
server-side TTL handles abandoned sessions.
Fixes#298
* fix(scifi-theme): remap amber tokens to cyan/teal — no more pale yellow in SciFi
Amber colors (used for warnings/alerts in usage meter, agent thinking,
inspector badges, etc.) were not remapped in the SciFi theme, causing:
- Pale yellow bg-amber-100 with light text → unreadable menu items
- Jarring yellow accents breaking the cyberpunk aesthetic
- Trigger pill and selection states with impossible contrast
Remap all --color-amber-* tokens:
- Dark theme: amber → cyan/teal gradient (#041418 → #ccfaff)
- Light theme: amber → teal gradient (#e8f4f6 → #0a1628)
This replaces the previous .bg-amber-100 !important hack which broke
the usage meter bar by forcing dark text on already-dark remapped
primary-50 backgrounds.
* fix(scifi-theme): tweak amber remap contrast values
Brighten the amber→cyan tokens slightly so bg-amber-100 is visible
on --theme-panel (#0d1b2a) and text colors have good contrast
on the darker backgrounds.
* fix(theme): SciFi — visible usage pill + selected menu item colors
- Brightened amber-100 to #0c3245 (was #0a2633, too dark on #060b18 bg)
- Brightened amber-50/200/300/400/500/600/700 gradient for better contrast
- Added !important overrides for .bg-amber-100 to force background and
text color, overriding MenuItem inline styles that were blocking
the selected menu item appearance in SciFi dark theme
* fix(scifi-theme): add yellow, neutral, and white overrides for dark mode
- Add --color-yellow-* remap to teal-warm tones (was missing entirely)
- Add --color-neutral-* remap to dark slate/navy tones
- Add .bg-white override to theme-card for dialog backgrounds
- Add .bg-amber-100 color override for MenuItem selected state
(MenuItem uses inline style color:var(--theme-text) which overwrites
Tailwind text-amber-800, now overridden with !important)
- Add scifi-light remaps for yellow, red, emerald, neutral tokens
- Fixes: pale yellow/white backgrounds in usage meter menu, View Details
dialog, status badges, progress bars, and tab pills in SciFi dark mode
* fix: replace bg-white with bg-primary-50 in usage-details-modal for theme compatibility
- All bg-white/bg-white/N in usage-details-modal replaced with bg-primary-50/N
which is properly remapped by the SciFi theme (--theme-card/panel)
- Active tab pill: bg-white → bg-primary-100, text-primary-900 → text-primary-800
- Set as Default button: bg-white → bg-primary-50, hover:bg-primary-50 → hover:bg-primary-100
- Removed aggressive bg-white !important overrides from scifi-theme.css that
broke borders, switches, and other elements using white elsewhere
* fix(scifi-theme): rewrite theme following nous pattern
- Replace hex values with var(--theme-*) references (same as nous theme)
- Remove broken red/emerald/yellow/neutral remaps that caused border/bg issues
- Add !important on dark-mode primary/accent remaps (needed for Tailwind v4 oklch)
- Move @import scifi-theme.css to END of styles.css (after .system dark rules)
- Keep essential .bg-amber-100 overrides for menu selected state
- Result: 238 lines (was 350+), clean structure matching nous theme pattern
Root cause: Tailwind v4 uses oklch color-mix internally for utility classes.
Simple --color-amber-100: #0f3547 overrides don't work because .border-primary-200
resolves via color-mix, not via the CSS custom property. Using var(--theme-*)
with !important ensures proper resolution.
* fix(scifi-theme): add !important to all dark mode token remaps
Tailwind v4 defines color tokens as oklch in @layer theme, which has
higher specificity than plain [data-theme] selectors. Without !important,
the remaps were ignored and components displayed native Tailwind colors
(white, amber, neutral-gray) instead of the SciFi palette.
Also remap --color-white to #0d1b2a so bg-white becomes dark navy
in SciFi dark mode (fixes chat-controls popover white background).
* feat(scifi): active tab indicator — cyan accent glow on Session/Providers tabs
* fix(scifi-theme): review fixes - 9 corrections
* fix: restore tab selector without role=tablist (component doesn't use it)
* fix(scifi): tab selector uses .bg-primary-50 > button instead of [role=tablist]
The usage-details-modal tabs don't use role=tablist ARIA attribute,
so [role=tablist] selector never matched. The tab container has
bg-primary-50 and direct child buttons with bg-primary-100 when active.
---------
Co-authored-by: jarnodevries-byte <jarnodevries@gmail.com>
Co-authored-by: Jarno de Vries <jarno@match-day.nl>
Co-authored-by: Fungraphique <fungraphique@jarvis.local>
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* Hide normal chat sessions from agent sidebar
* Fix context meter for portable chat sessions
* Persist local session renames
* Show local session titles in sidebar
* Harden Workspace asset serving and expose Kanban nav
---------
Co-authored-by: clawbot <clawbot@clawbots-Mac-mini.local>
The /api/update/status poll returns the same pendingReleaseNotes on every
poll. Workspace was running storeNotes() inside a useEffect keyed on those
notes, and storeNotes unconditionally cleared NOTES_SEEN_KEY. So every
time the user refreshed the page (or a poll fired), the seen marker was
dropped and the modal popped again.
Now we only clear the seen marker when the notes ID has actually changed
(i.e. a new release with different content). Identical payloads on
refresh keep the seen marker intact.
Closes#356
Co-authored-by: Aurora release bot <release@outsourc-e.com>
The hermes-agent image's default entrypoint is the interactive CLI which
exits immediately under `docker compose up -d`, causing the gateway to
appear absent and the Workspace healthcheck/connection to fail with
"Could not reach Hermes gateway". Override the command to `gateway run`
so the long-running API/health server starts.
Reproducible without this fix: a fresh `docker compose up -d` against
upstream main fails with the symptoms reported in #360 across several
users (different OSes), and the only working remedy was for users to
manually patch their compose with `command: gateway run`.
Closes#360
Co-authored-by: Aurora release bot <release@outsourc-e.com>
When PR #311 unified the Tasks board to use the Kanban backend
(/api/claude-tasks), installations that store tasks in the flat-file
store at ~/.hermes/tasks.json (served by /api/hermes-tasks) silently
lost all task visibility — the board rendered empty with no error.
Root cause: tasks-api.ts hardcoded BASE = '/api/claude-tasks', which
routes through the Kanban abstraction layer. The hermes-tasks endpoint
(the canonical store agents and cron jobs write to) was orphaned.
Fix: replace the hardcoded BASE with an automatic backend resolver that
probes both endpoints in parallel on first page load, picks whichever
has data, and caches the result for the session.
Selection logic:
- hermes-tasks wins if it has >= claude-tasks task count (preferred
as it is the store agents/cron write to)
- claude-tasks wins only if it has data and hermes-tasks is empty
- if both are empty, hermes-tasks is the default (correct for new installs)
All mutations (create, update, move, delete, launch) use the same
resolved backend so reads and writes are always consistent.
Assignees endpoint is also resolved to match (hermes-tasks-assignees
vs claude-tasks-assignees) so profile lookups work against the right
data store.
Exports getActiveBackend() and resetBackendResolution() so callers
can inspect or force a fresh probe (e.g. after backend config change).
Tested against: hermes-tasks (80 tasks), claude-tasks (0 tasks) →
board correctly shows 80 tasks after auto-selecting hermes backend.
The context usage calculator was defaulting kimi-k2.6 to 200k tokens,
causing incorrect 100% context pressure alerts on new chats.
- Add 'kimi-k2.6': 256_000 to MODEL_CONTEXT_WINDOWS map
- Fixes false-positive context window warnings for kimi-k2.6 users
Refs: context-usage.ts hardcoded model list
Co-authored-by: Dev <dev@example.com>
Installs that were set up before the claude→hermes rename may have their
git remotes named claude-workspace and claude-agent rather than the new
hermes-workspace / hermes-agent names. Without these aliases the update
checker misidentifies the remote, reports no update URL match, and the
Update Center shows a misleading error.
Adds backward-compatible aliases so both old and new remote naming
conventions are recognised.
Co-authored-by: admin <admin@fattony.local>
v0.3 scope:
- Founders Vault tab visible in inventory side panel
- locked-state placeholder
- badge on bag icon when unclaimed
- uses locked palette (GOLD #F1C56D, MIDNIGHT #0F1622)
- no real gift granting yet (v0.4)
From swarm11 (issue #9). Reads from FOUNDERS-EVENT-INVENTORY.md spec.
- moves long hair side locks behind head
- replaces face-covering cap/long-hair ellipses with forehead-only paths
- renders eyes last so face remains visible across hair/helmet states
- z-index ordering fixed for portrait camera
From swarm10 lane (issue #1).
Allow operators to hide the HermesWorld sidebar link by setting
VITE_HERMESWORLD_ENABLED=0 in .env. Default is enabled (1).
Closes the gap for users who don't want gamification/playground links
in their workspace sidebar.
Replace fetch-and-slice with proper offset/limit pagination so
the marketplace can show all results, not just the first 20.
Server (src/routes/api/mcp/hub-search.ts):
- accept ?offset=N query param (default 0, clamped to >=0)
- raise the limit cap from 100 to 500
Server (src/server/mcp-hub/index.ts):
- unifiedSearch now takes an offset parameter and returns
filtered.slice(offset, offset + limit). The dedup + filter
pipeline runs once per request (same as before); only the
final slice changed.
Client (src/screens/mcp/hooks/use-mcp-hub.ts):
- rewrite useMcpHub from useQuery to useInfiniteQuery
- page size 50; getNextPageParam returns undefined when
loaded >= total
- flatten data.pages[].results into a single data.results
array externally so existing callers keep working
UI (src/screens/mcp/mcp-screen.tsx):
- add Load more button under MarketplaceGrid
- shows current loaded count of total
- hides automatically when hasNextPage is false
Result: with the 11 sources I have configured, total dedup
returned ~301 results. Before: capped at 20. After: paginates
through all 301.
When HERMES_API_TOKEN and CLAUDE_API_TOKEN are not set, getBearerToken()
now falls back to reading the Codex OAuth access token from
~/.codex/auth.json. This fixes portable-mode (non-gateway) chat failing
with 401 invalid_api_key for users who authenticated via 'codex login'.
Fixes#329
The committed routeTree.gen.ts was missing entries for the
/api/gateway-reprobe route even though the route file exists.
The TanStack Router plugin regenerates the tree on every dev
server start, creating a permanent dirty working tree that
blocks git pull/merge operations.
Regenerate and commit the tree so it matches what the plugin
produces. Fixes#326.
Update banner:
- top-of-app update banners now only show when a one-click update is actually safe
- dirty checkouts, non-main branches, and blocked/conflicting repo states stay out of the global banner
- those states still belong in an advanced update center / dev-facing surface, but not in normal-user chrome
HermesWorld:
- add docs/hermesworld/visual-upgrade-spec.md
- locks the TinySkies-informed polish direction into a concrete execution spec
- covers lighting, landmarks, silhouettes, HUD cohesion, path readability, zone identity, phased rollout, and swarm/kanban-friendly task breakdown
This gives us a stable product target for an Opus-led visual polish pass while keeping mainline update UX calmer for normal users.
Two UX improvements in one pass:
#286 — update modal/right-click on Firefox/Linux
The update-center cards and release-notes modal lived inside motion/
backdrop layers with no explicit context-menu handling. On Firefox/Linux
this could make right-clicks feel swallowed or intermittently unresponsive.
There was no direct preventDefault in our code, the event was getting lost
in the wrapper stack.
Fix:
- Add onContextMenu stopPropagation to the update card and release-notes
modal container so the native context menu can open on the card itself
instead of bubbling into the backdrop/motion layers.
- Add select-text so copy/select interactions work naturally.
#295 — inline artifact rendering in chat (first slice)
The streaming pipeline already received a dedicated artifact event from
send-stream, but we flattened it into a generic tool-complete string like:
"Artifact created - /path/to/file"
That meant the chat renderer had no structured metadata and could only show
an ordinary tool row. This pass preserves the artifact fields and renders a
first-class inline artifact card in the message stream:
- use-streaming-message now keeps artifact metadata (title, kind, path,
preview) on the tool event instead of discarding it into a plain string.
- message-item detects tool sections whose type starts with artifact: and
renders a dedicated card with title, artifact kind badge, file path,
Open action, and preview text when provided by the stream.
- Generic tool input/output blocks are suppressed for artifact rows so the
card doesn't duplicate itself.
This is deliberately a thin first slice, enough to stop artifacts from
feeling invisible and generic in chat, while leaving room for a richer
multi-pane/Claude.ai-style artifact surface later.
Refs #295 and closes#286.
HTML files previously opened only in the code editor path, so users had
no way to render an .html file in-place and quickly inspect the actual
page. This was especially awkward for generated artifacts, landing pages,
and static exports.
Changes:
* New isHtmlFile() helper (html / htm)
* File header Preview/Raw toggle now applies to HTML as well as Markdown
and uses clearer button copy: 'Raw HTML' / 'Preview HTML'
* New HTML preview branch renders file content in a sandboxed iframe via
srcDoc, keeping it isolated from the workspace page while still letting
CSS/layout load naturally inside the preview
Sandbox mode is only — no scripts/forms/popups/nav.
That gives users a faithful layout preview without turning the file
browser into a script execution surface.
Closes#296
#275 reported workspace stuck on 'Disconnected' even though the agent
was reachable. Root cause: workspace boots before agent in docker
compose, every probe fails, capabilities cached as zero-state for the
full 120s TTL. By the time the agent comes up, the cache is still
stale and the UI looks broken.
Changes:
* effectiveProbeTtl(): 120s when healthy, 15s when disconnected. The
shorter window during 'mode=disconnected' state means a stack where
workspace lost the race to the agent recovers within ~15s of the
agent becoming reachable, instead of being stuck on the first failed
probe for two minutes.
* New POST /api/gateway-reprobe endpoint: forces a fresh probe
regardless of TTL. Useful for diagnostic scripts and a future UI
'Reconnect' button. Auth-gated (same as /api/gateway-status).
* New forceReprobeGateway() helper exported from gateway-capabilities.
* New docs/docker.md: comprehensive setup guide covering single-host,
multi-host (NAS/VPS), capability mismatches, and a step-by-step
diagnostic playbook for connection failures. Cross-references the
new /api/gateway-reprobe endpoint.
Foundation for #275 — the docs + faster recovery cover the most common
cases. Outstanding work: better startup ordering hint when probes fail
because the agent isn't up yet (toast + 'Reconnect' button in the UI)
and a CI test that boots both services in compose to catch regressions
in the connection contract.
The plain dark/light pill toggle was ambiguous — users couldn't tell at
a glance which side meant 'on' (especially in dark themes where the
unchecked grey and checked dark-blue tones read similarly).
Changes:
* Track is wider (2.4× thumb instead of 2×) to fit visible labels.
* Checked state uses emerald-600 instead of primary-900 — green is a
near-universal 'on' signal.
* 'ON' label appears on the left of the thumb when checked (white on
emerald, high contrast).
* 'OFF' label appears on the right of the thumb when unchecked
(muted-fg on neutral track).
* Labels are aria-hidden — the underlying SwitchPrimitive.Root already
exposes role/checked state to assistive tech, so duplicating it as
visible text would just create noise for screen-reader users.
Closes#284
Reported in #304: clicking Create Job displayed a toast that read
'[object Object]' instead of an actionable error.
Root cause: every error path in src/lib/jobs-api.ts coerced the
response body's .detail field directly into a template literal:
throw new Error(body.detail || `Failed to create job: ${res.status}`)
When the gateway returns a structured error (FastAPI/Pydantic
validation arrays, plain objects), .detail is not a string so the
Error message renders as the literal '[object Object]' once it goes
through React's toast.
Fix: a single errorMessageFromBody() helper that:
* Returns string detail as-is
* Joins arrays of validation errors using msg/message fields
* JSON-stringifies anything else
* Falls back to body.message, body.error, then the original status text
Wired into createJob, updateJob, deleteJob, pauseJob, resumeJob,
triggerJob \u2014 all six job mutation paths had the same bug.
Closes#304
Installs that were set up before the claude→hermes rename may have their
git remotes named claude-workspace and claude-agent rather than the new
hermes-workspace / hermes-agent names. Without these aliases the update
checker misidentifies the remote, reports no update URL match, and the
Update Center shows a misleading error.
Adds backward-compatible aliases so both old and new remote naming
conventions are recognised.
Co-authored-by: admin <admin@fattony.local>
When the workspace's swarm kanban is running in proxy mode against the
Hermes Dashboard kanban plugin (caps.kanban === true), the header badge
now:
* Renders in green ('Synced • Hermes ↗') instead of generic gray
* Becomes a clickable link to the dashboard's /kanban tab
* Tooltips include 'Open in Hermes Dashboard ↗'
Polling reduced from 30s → 5s so cards added/moved on the Hermes
dashboard show up in the workspace board within ~5s. The plugin also
exposes a WebSocket at /api/plugins/kanban/events for true live updates;
that's the next item on the kanban roadmap.
The 'hermes-proxy' badge tone is added alongside the existing 'claude'
(legacy direct-sqlite) and 'local' (file-backed) tones.
Builds on the kanban capability detection (commit 2526984fa). When the
upstream Hermes Agent dashboard exposes the kanban plugin
(/api/plugins/kanban/, caps.kanban === true), the workspace's /swarm
kanban surface now syncs with it as a single SQLite source of truth
instead of running a separate file-backed store.
Architecture:
┌─────────────────┐ ┌──────────────────┐
│ Hermes Workspace │ │ Hermes Dashboard │
│ /swarm kanban │──────▶│ /kanban │
│ (React UI) │ HTTP │ (React UI) │
└─────────────────┘ proxy└──────────────────┘
│ │
│ both read/write │
└────────┬─────────────────┘
▼
~/.hermes/kanban.db
(one SQLite, dispatcher-aware)
Why HTTP proxy and not direct SQLite (we still have that path too)?
Remote workspaces (Docker, VPS, separate machines from the agent)
can't share the SQLite file. Going through HTTP is the only viable
path for those deployments. The plugin's transactional helpers also
keep the workspace from racing the dispatcher on running/claimed
state — the dashboard rejects direct writes to 'running' for that
reason (only the dispatcher's claim path may transition into running).
Changes:
* New src/server/kanban-dashboard-proxy.ts: thin HTTP client for
/api/plugins/kanban/board, /tasks, /boards. Unwraps the {task: ...}
envelope the plugin returns.
* src/server/kanban-backend.ts: new dashboardProxyBackend (id:
'hermes-proxy'). resolveKanbanBackend() now picks proxy first when
caps.kanban is true, falling back to the legacy direct-SQLite
claudeBackend when only the DB is reachable, then to the local
file-backed store. Override via CLAUDE_KANBAN_BACKEND env var:
'local' | 'claude' | 'hermes-proxy' | 'auto' (default).
* lane↔dashboard status mapping handles two quirks:
- 'running' from the workspace UI is rewritten to 'ready' before
posting (dashboard rejects direct writes of running; dispatcher
will pick the task up on next tick).
- 'review' (workspace-only lane) maps to 'ready' for visibility.
* listKanbanCards / createKanbanCard / updateKanbanCard are now
async; /api/swarm-kanban awaits them. Tests updated.
Tested locally end-to-end against
/Users/aurora/hermes-dashboard-fresh/repo (upstream main with kanban
plugin). Cards created via /api/swarm-kanban appear in the dashboard
at http://127.0.0.1:9119/kanban and vice-versa, status changes
propagate, and dispatcher transitions are respected.
Foundation for the v2.3.0 kanban-sync user-visible work (UI badge,
dashboard deep-link, live WebSocket updates).
Adds capability detection for the upstream Hermes Agent kanban plugin
mounted at /api/plugins/kanban/. Lays the groundwork for the v2.3.0
work where the workspace's /swarm kanban surface syncs with the
dashboard's SQLite-backed kanban DB.
Changes:
* gateway-capabilities.ts: new probeKanban() probes
/api/plugins/kanban/board on the dashboard URL with a short timeout.
GatewayCapabilities now carries a 'kanban' boolean. Probed once per
PROBE_TTL_MS alongside conductor.
* connection-status.ts: surfaces caps.kanban so client-side feature
gates can react.
* use-feature-capability.ts + feature-gates.ts: 'kanban' is now a
recognized FeatureKey / EnhancedFeature so useFeatureCapability('kanban')
works.
* .env.example: documents HERMES_DASHBOARD_URL (default 127.0.0.1:9119
on current Hermes Agent v0.13+; the legacy 9120 is gone).
Tested locally with hermes-agent main pulled into
/Users/aurora/hermes-dashboard-fresh/repo. Workspace gateway-status
now reports kanban: true when the plugin is mounted, false otherwise.
The browser terminal periodically 'reset back to prompt' during normal
use because any transient SSE disconnect (network blip, browser tab
suspension, HMR reload, dev-server restart) tore down the user's PTY
and dropped them into a fresh shell.
Root cause: terminal-stream's request.signal abort handler called
session.close(), which SIGTERM'd the underlying Python PTY helper.
There was also no auto-reconnect on the client \u2014 a single dropped
read terminated the loop, called /api/terminal-close, cleared the
tab's sessionId, and left the user with an idle tab.
Fix in three parts:
1) terminal-sessions: TerminalSession gains markDetached() and
markAttached(). markDetached() starts a TTL timer (default 5 min,
override via HERMES_TERMINAL_DETACH_TTL_MS) that reaps the PTY only
if no client reattaches in time. The map keeps the session live in
the meantime.
2) terminal-stream: accepts an optional sessionId in the POST body. If
the id matches a still-alive session, the route reattaches to it
instead of spawning a fresh PTY. The 'session' event payload now
includes a 'reattach' flag. On SSE abort, we just detach listeners
and call session.markDetached() \u2014 the PTY stays running.
3) terminal-workspace: passes sessionId on every connect, so reconnect
reattaches automatically. When the read loop ends and the tab still
has a sessionId, we attempt a single quick reattach with a
'[reconnecting...]' nudge to the user instead of tearing the tab
down. /api/terminal-close is no longer called on stream end \u2014 the
server-side TTL handles abandoned sessions.
Fixes#298
Two related session-routing bugs that landed responses (or new-chat
clicks) into the wrong session.
#297 — cross-session response contamination
When the user navigated to a new chat while a previous chat was still
streaming, the previous chat's response chunks would land in the
**new** chat. Three fixes:
* useStreamingMessage now bumps a streamGenerationRef on every
startStreaming call. The fetch-reader loop captures that token at
start and re-checks it on every reader.read() and between events
in the same batch. If the token has changed (because the user
started a different stream), the loop cancels the reader and exits
without dispatching anything. This closes the brief race between
abortController.abort() and the underlying fetch reader actually
stopping, during which buffered chunks were silently writing into
activeSessionKeyRef.current (which had already been switched to
the new session).
* chat-screen now cancels the in-flight stream on session-key change
via a useEffect keyed on (activeCanonicalKey, activeFriendlyId,
isNewChat). Previously nothing cancelled the stream on navigation
\u2014 only the user clicking the explicit Stop button (handleStop)
called cancelStreaming().
#300 — /new slash command opens last chat instead of new session
/new was calling navigate({ to: '/chat' }), but the /chat index route
unconditionally redirects to localStorage('claude-last-session'), so
/new always landed in whichever chat was last active. Fixed at three
entry points so all 'new chat' actions go through the explicit 'new'
sentinel:
* /new in chat-screen.handleUiSlashCommand
* /new in command-palette.runSlashCommand
* 'New Chat' quick-action tile in the search modal
The 'Chat' nav link in the sidebar still goes to /chat (= last session)
\u2014 that's the correct behaviour for a screen-level nav target. Only
'new' actions are routed to the new sentinel.
Closes#297, #300
Reported in #244: a fresh hermes-workspace install on a host where
tmux lives outside of the hard-coded candidate list ("~/.local/bin",
"/opt/homebrew/bin", "/usr/local/bin", or PATH "tmux") shows
'can't find pane: swarm-<id>' for every dispatch because resolveTmuxBin()
returns null.
Adds:
* HERMES_TMUX_BIN (and CLAUDE_TMUX_BIN as legacy alias) env var that
takes precedence over the candidate list in resolveTmuxBin().
* Mirror in tmuxIsInstalled() so the swarm runtime UI doesn't show
'tmux not installed' on hosts that just have it elsewhere.
* /usr/bin/tmux added to the candidate list (typical Debian/Ubuntu
package layout).
Refs #244
The vite dev server intercepted /api/connection-status with a slim
inline shortcut handler that returned only {ok, mode, backend} \u2014
silently overriding the real route at src/routes/api/connection-status.ts
which returns the full ConnectionStatus payload.
Downstream feature gates (useFeatureCapability, useFeatureAvailable)
read .capabilities from the response. With the slim body, every
capability evaluated to undefined, so dev users got UI states that
looked like 'feature not available' even when the gateway was healthy
and exposing the API.
Fix: drop the inline shortcut entirely. The real route file already
caches via ensureGatewayProbed() (PROBE_TTL_MS), so the cost in dev
is negligible and the payload is correct everywhere.
Closes#285. Also drops the now-unused dashboard URL / token / cache
locals in vite.config.ts that were only used by the deleted handler;
the per-PR work that introduced them (#288, #289) was the
right diagnosis but the wrong fix \u2014 the real route was already
doing it correctly.
The update banner truncated its subtitle ('Hermes Agent checkout has
local c...') and never told the user which files were causing the
block. The update-system already detects dirty checkouts but did
not surface the file list to the UI.
Changes:
* Server: ProductUpdateStatus gains an optional blockingFiles array.
When isDirty(repoPath) is true, listDirtyFiles() runs git status
--porcelain and returns up to 24 paths.
* Client: UpdateCenterNotifier removes the truncate class on the
subtitle when blocked (so the full reason is visible), shows the
repo path so the user can tell which checkout is dirty, and lists
up to 8 blocking files with an overflow indicator.
* Reason copy mentions 'remove the listed files' so a user with
untracked files knows what action to take.
Closes#293
Reported in #291. The Search Modal's 'Chats' scope returned 'No
results found' even when sessions clearly existed.
Root cause: fetchSessions() was mapping the API response into
SearchSession with title = friendlyId (the raw cron-style id like
cron_b297a166a31e_20260503_122019), and the filter only searched
friendlyId/key/title. So a human query like 'github' or 'workflow'
never hit anything.
Changes:
* fetchSessions now reads derivedTitle and preview from the API,
prefers derivedTitle for title, and falls back to startedAt when
updatedAt is missing.
* filterResults call for chats now includes 'preview' alongside
friendlyId/key/title.
Closes#291
Recent Searches in the search modal previously displayed four
placeholder strings ('streaming fixes', 'session timeout', etc.)
that never updated.
Changes:
* Adds recentSearches + recordRecentSearch + clearRecentSearches to
the useSearchModal Zustand store, persisted to localStorage under
hermes-recent-searches-v1 (cap 6, dedupe by case-insensitive match).
* Records the trimmed query on result selection (mouse, Enter, or
numeric shortcut). Queries shorter than 2 chars are skipped.
* QuickActions hides the Recent Searches section entirely when there
is no history yet.
Closes#292
From @Interstellar-code's PR #287. Resolves merge conflicts with the
matrix theme (#279) and provider-card verified-status fix (#282) that
landed earlier in the batch. Closes#287.
* Adds 'Custom' provider card to the settings dialog \u2014 always clickable
(not gated by red dot)
* Adds editable Custom Endpoint section (Base URL + API key) in the
provider card flow
* Adds matching Custom Providers section to the full /settings page
with Base URL and CUSTOM_API_KEY support
Co-authored-by: Interstellar-code <Interstellar-code@users.noreply.github.com>
Combines two community contributions and one local correction:
* PR #289 (Sanjays2402): probe /api/sessions on the dashboard URL
(default :9119) instead of the agent URL (:8642). The agent does not
serve /api/sessions, which produced a 404 every 15s. Adds a small
cache so success/failure responses don't refetch every poll. Closes#276.
* PR #288 (Interstellar-code): send Authorization: Bearer
$HERMES_API_TOKEN on the connection-status probes so a gateway
secured with API_SERVER_KEY is detected correctly. Adds watch.ignored
for .runtime/.tanstack/.omc/.omx/coverage/dist/etc. so these noisy
internal paths don't fire spurious dev reloads.
* Local correction: did NOT add '**/routeTree.gen.ts' to watch.ignored.
An existing regression test (src/router-route-resolution.test.ts)
forbids that — ignoring the generated route tree breaks route HMR.
The real cause of routeTree.gen.ts thrash is multiple concurrent
vite dev servers writing to the same file (fixed earlier today).
Co-authored-by: Sanjays2402 <Sanjays2402@users.noreply.github.com>
Co-authored-by: Interstellar-code <Interstellar-code@users.noreply.github.com>
Adds a new Matrix theme family (dark + light) to the workspace:
- Black glass terminal surface with phosphor green (#00FF41) signal glow
- Light variant: white terminal paper with green accents (#008F2D)
- Full CSS token set covering bg, sidebar, panel, card, chat, composer,
tool cards, code blocks, and input surfaces
- Registered in ThemeId, THEMES array, LIGHT/DARK_THEME_MAP, LIGHT_THEMES
- Added to ENTERPRISE_THEME_FAMILIES with color preview swatches
Co-authored-by: Worked with Interstellar Code <noreply@interstellarcode.dev>
The provider card dot was rendering green for OAuth providers and local
providers regardless of actual auth/online state. Result: misleading
status (Custom card showed both green AND red simultaneously when
selected; OpenAI Codex / Nous Portal always showed green even without
OAuth login).
Now:
- Single-dot precedence: active > missing-key > verified > none.
- Local providers (authType: 'none') only show green when localDiscovery
reports them online.
- OAuth providers (authType: 'oauth') stay neutral until an actual
session check is wired — no auto-green on declarative authType alone.
- API-key providers unchanged: green when key is set, red when missing.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
NODE_ENV=production enables the Secure flag on session cookies. Browsers
silently drop Secure cookies over plain HTTP, causing login to fail with
no visible error when HOST=0.0.0.0 is used on a LAN without HTTPS.
- Add startup warning in server-entry.js when non-loopback host +
production + COOKIE_SECURE not explicitly disabled
- Document COOKIE_SECURE=0 in .env.example alongside the existing =1 case
- Add COOKIE_SECURE entry to README env-vars table
Closes#149
Worked with Interstellar Code
Replace `ja: EN` fallback with proper Japanese translations for all
existing TranslationKey entries. Also adds a regression test mirroring
the existing Russian/Simplified Chinese tests.
The Japanese locale was already exposed in LOCALE_LABELS and the
language picker, but selecting it had no effect because the LOCALES
map pointed to the English bundle. This change wires up the actual
strings so users who pick 日本語 see translated nav, settings,
tasks, jobs, skills, profiles, and common labels.
No behavior change for other locales.
The file lives in src/routes/api/ but is a helper module, not a route.
TanStack Router was logging 'does not export a Route' on every route
generation pass, contributing to dev-mode log noise.
Renaming to '-send-stream-live-tools.ts' uses the configured ignore
prefix so the route generator skips it cleanly.
Note: the real cause of the 3002 loading loop was multiple concurrent
vite dev servers running against the same hermes-workspace tree, all
writing to src/routeTree.gen.ts and triggering perpetual HMR reloads.
This rename does not fix that root cause but does silence the noise.
Co-authored-by: Aurora <aurora@hermes>
- Page title now reads HermesWorld
- Mobile hamburger nav label/icon updated to HermesWorld + castle
- Side panel label updated from Playground Menu to HermesWorld Menu
- Include session handoff note for continuation
Reverts the sidebar auto-hide on /playground so users keep normal workspace navigation and don't feel trapped inside HermesWorld. The right-side ChatPanel remains hidden on the route because HermesWorld already has its own in-game chat and that panel genuinely competes with the HUD.
Sidebar:
- HermesWorld is now a dedicated promoted link directly under Search \u2192 New Session, before the MAIN section. Stands out because it's outside the dense nav list.
- Icon swapped from Rocket01 (shared with Conductor) to Castle02 in gold (#facc15) \u2014 unique, on-brand.
- Gold gradient NEW badge with subtle glow.
- Removed the duplicate Playground entry from the MAIN section so there's only one HermesWorld link in the sidebar.
Workspace shell:
- /playground route now auto-hides the desktop chat sidebar (same mechanism as chat focus mode). Game canvas and HUD overlays are full-bleed; no more sidebar overlap with fixed-position UI.
- Floating ChatPanel + ChatPanelToggle are also hidden on /playground (HermesWorld has its own in-game chat).
- /playground sidebar item now reads 'HermesWorld'
- Gold gradient NEW badge with subtle glow draws the eye to the flagship destination
- Badge styling is opt-in via item.badge === 'NEW' so other badges still use the default chip styling
Avatar customizer presets:
- Added Chronos (gray hair, gold eyes, dark cloak), Artemis (silver, forest green, bow), Eros (rose pink, violet eyes, bow). Customizer now has 9 presets total.
Cinematic camera (Tab key):
- Cycles 6 preset angles: Isometric / Behind-back / Front-face / Top-down / Cinematic-low / Wide-establish.
- Toast at top-center shows the preset name briefly so you know what just changed. Perfect for filming b-roll.
Loading screen during world transitions:
- Replaces the simple radial fade with a full Cinzel-serif HermesWorld card showing the destination world name, an animated golden progress bar, and a rotating Hermes lore quote (10 lines, randomly picked per transition).
ASCII trailer kit:
- scripts/ascii-trailer.sh takes a screen recording, samples 1 frame/sec via ffmpeg, converts each to ASCII via Pillow + a 10-char ramp, and bundles into ascii-trailer.md ready to paste into Discord. No chafa dependency.
- Title screen hero canvas: gold-warm palette to match HermesWorld branding, plus a 6-node 'agent network' graph layered over the orbiters \u2014 every agent connects to every other through the center, slowly rotating. Reads as 'multi-agent orchestration'.
- Inner orb shifted to warm gold (was cyan).
- Generated ASCII portraits for the 5 building-keeper roles (trainer, recruiter, banker, tavernkeeper, shopkeeper) so dialog cards work for them too.
ASCII art (pyfiglet via skill):
- Generated ASCII portraits for 9 NPCs (athena, hermes, pan, iris, nike, chronos, apollo, artemis, eros) into public/ascii-portraits/.
- Dialog header now shows the NPC's ASCII name in their accent color next to the avatar portrait. Distinctive look, hand-crafted feel.
- Title screen got a HermesWorld ASCII signature under the gold serif heading.
Perf:
- Canvas DPR clamped to min(1.5, devicePixelRatio) so we don't oversample on standard displays.
- powerPreference: 'high-performance' on the WebGL context.
- Disabled stencil buffer (we don't use it) to save framebuffer memory.
- performance.min: 0.5 lets R3F drop quality automatically when frames slow down.
Utility dock (bottom-right, now 7 buttons):
- Screenshot world (PNG, downloads instantly with timestamp)
- Fullscreen toggle
- Copy share link
- Replay narration / mute narration / mute audio / customize avatar (existing)
Help overlay updated with all current shortcuts including 4 Summon and F focus.
- Exit trigger radius 1.05 -> 1.6 so you don't have to land on the exact center.
- Exit pad now clickable (pointer-down anywhere on the ring exits immediately).
- Glowing pillar + point light at the exit so it's visible from anywhere in the room.
- New InteriorExitButton: always-visible 'Leave Building' button at the top of the screen, fixed position. If the floor trigger fails or you can't navigate to the door, click and you're out.
Three coplanar rings (stone-tile plaza, statue inscription, accent ring)
at nearly the same y caused flicker by the central statue. Spread the
heights, made the upper rings transparent with polygonOffset to reliably
sort above the plaza.
UI:
- BUILDERS NEARBY card moved under the player card (top-left, same x-offset as the card).
NPCs:
- Per-NPC ambient lines: each named NPC (Athena, Iris, Pan, Nike, Hermes, Chronos, etc.) has Hermes-themed lore lines that pop as speech bubbles every 12-22s.
Remote players:
- Full knight armor parity: cuirass + glowing sigil + tasset (4 strips) + gauntlets + greaves. Other players in your view now look as good as you do.
Ground textures:
- Procedural stone-tile plaza (canvas texture) under the central HermesStatue in Training Grounds + Agora. Warm sandstone with per-tile color jitter, mortar gaps, subtle highlights and cracks.
World density:
- Forge: HermesStatue centerpiece (cyan-tinted) + 40 floating data motes (Sparkles).
- Grove: HermesStatue (forest-tinted) + 50 bioluminescent fireflies + entrance banners.
- Oracle: HermesStatue (violet-tinted) + 4 incense braziers + 35 floating runes.
Quests \u2014 covers all 6 Hermes skills now:
- agora-diplomacy: meet another live builder + chat with them nearby. Auto-fires when a remote enters your world; rewards 'Diplomat of the Realm' title + 80 diplomacy XP.
- forge-summon: enter the Forge and use action bar key '4' to summon a familiar. Rewards 'Summoner of the Forge' title + 80 summoning XP.
Action bar:
- New 'Summon' ability (key 4): 60-second glowing familiar that orbits you, point-light included, costs 20 MP, 30s cooldown. Maps to Hermes Summoning skill.
- Speech bubble appears over the local player's head when they send a chat (fades after 5.5s).
- Speech bubble appears over remote players' heads when their chat arrives via HTTP polling (lastChat / lastChatAt now updated on chat fan-out).
- addChatMessage dedupes by (authorId, body, ts within 2s) so the same message can't appear twice in the chat panel even if multiple transports deliver it.
- handleIncomingChat rejects messages whose name matches our display name (defense-in-depth against echo from server chat ring entries from older selfIds).
WebSockets were never actually connecting from Eric's browser (CF logs
showed zero WebSocket Upgrade requests during testing). Even when they
do connect, they're unreliable: CF DO hibernation, bg-tab throttling,
dev bundle env issues, network blips all kill them.
HTTP polling: dead simple, works everywhere, survives bg tabs, no
hibernation issue, no env-var dependency.
Server (deployed):
- POST /presence body: {id, name, color, world, x, y, z, yaw, ...}
Returns: {presences (others in world), chats (since lastChatTs), online, byWorld, peakToday, ts}
- POST /chat body: {id, name, color, world, text, ts}
- POST /leave body: {id} (called via navigator.sendBeacon on unload)
Client:
- New 1Hz polling loop in use-playground-multiplayer that POSTs presence
and processes the snapshot response. Hardcoded fallback URL so it works
even with stale dev bundles.
- sendChat now fans out to BroadcastChannel + WS + HTTP for redundancy.
- WS still attempted for low-latency presence updates between polls,
but no longer required for MP to work.
- navigator.sendBeacon on beforeunload/pagehide so explicit leaves
propagate even when the tab is closing.
Logs show no WebSocket Upgrade requests reaching the Cloudflare hub during
Eric's testing \u2014 only HTTP /stats from CLI probes. That means his browser
was loading a bundle that didn't have VITE_PLAYGROUND_WS_URL inlined, so
the hook returned early and never opened a WS. With the public hub URL
hardcoded as fallback, MP works even with stale dev bundles or fresh
clones without an .env file.
Also added a console.log of the actual WS URL on connect attempt for
faster debugging.
The actual root cause: the DO worker was hibernating after ~10s of
inactivity (CF default), which silently killed every live WebSocket.
Clients reconnected but presence map was reset, count went to 0, all
avatars disappeared from each other's screens.
Fix: state.acceptWebSocket() lets the DO hibernate WITHOUT killing the
WebSockets. Messages route to webSocketMessage/Close/Error class methods.
Presence + chat ring are now persisted to storage so they survive
hibernation cleanly.
Server build is now 'hermes.playground.cf-worker.v2-hibernation'.
Deployed: version fc4a2e58-c7e2-44f5-8629-a266da423c7b.
- Local STALE_AFTER_MS bumped to 30s so bg-tab throttling never causes a remote prune. Server prune handles real disconnects after 12s + alarm grace.
- Chat header now shows the actual WS transport state inline ('WS', 'local-only (no hub)', 'offline', 'connecting') in a small chip next to the player count. This lets us see at a glance whether the WS hub is actually reachable without opening DevTools.
This eliminates the 'avatar disappeared then came back' flicker that was
happening every time a tab momentarily lost the WebSocket (CF DO hibernation,
bg-tab throttling, network blip). Now socket close just ages the presence;
if the client reconnects within STALE_AFTER_MS (12s) the avatar persists
seamlessly. Explicit 'leave' messages from the client (sent on beforeunload)
still propagate immediately as before.
Branding:
- Title rebranded from 'Hermes Playground' to 'HermesWorld' with serif gold/cream gradient text and 'the agent MMO' tagline.
- Premium hero with starfield backdrop, vignette, gold-accented identification card.
- Cinzel/Trajan-style serif heading with gold gradient + glow.
- Primary 'Enter the Realm' CTA in molten gold instead of cyan.
- 3-column premium feature cards (Six Worlds / Live Multiplayer / Hermes Skills).
- Numbered 'Your Path' card on the right.
MP debugging:
- selfId now includes Date.now() so even duplicated tabs (which share sessionStorage) get unique ids.
- Console-logs selfId on creation, leave events received, and WS close codes so we can pinpoint what's actually causing the disappearing-avatar bug.
ROOT CAUSE of disappearing avatar: localStorage shared selfId across browser
tabs in the same browser. Both tabs used the same id, so the WS hub stored
only one presence record. When one tab throttled, the other's avatar got
pruned for both sides. Switched to sessionStorage so each tab gets a
unique id.
Narration:
- Built playground-narration.ts on top of the Web Speech API (no API key
needed). Per-world scripts: Training Grounds, Agora Commons, Forge,
Grove, Oracle, Arena.
- Auto-plays once per session per world on entry.
- 4 buttons in the utility dock: replay narration, mute narration,
audio toggle (existing), avatar customizer (existing).
- sessionStorage persists 'already played' flags; localStorage persists
the user's mute preference.
- Cancels previous narration on world change so they don't overlap.
Worker (deployed):
- STALE_AFTER_MS 5000 -> 12000 to forgive bg-tab throttling.
Player avatar:
- Muscled cuirass chest plate + glowing winged Hermes sigil disc on the chest
- Tasset (4 armored skirt strips) at the pelvis
- Steel gauntlets on the forearms
- Greaves (shin armor) on each leg
- Shoulder pauldron stud kept; helmet/cape/weapon variants unchanged
Result: avatars now read as actual knights, not blobs.
Multiplayer:
- KEEPALIVE_MS 1500 -> 1000 so we send at least once per second.
- STALE_AFTER_MS 5000 -> 6500 locally (server is still 5000) so we hold remotes a bit longer than the server prunes.
- Send presence packet immediately on document.visibilitychange + window.focus so backgrounded tabs don't stay pruned for the few seconds after refocusing. This is the main reason 'one of my characters disappeared' happens — Chromium throttles bg setInterval and the server prunes us after 5s.
UI:
- Player card + chat moved a bit further LEFT (left: min(120px, 9vw)) so they sit under the small left rail not on top of it.
- Focus eyeball moved down 20px so it doesn't crowd the minimap.
- Minimap 'M for full' and quest tracker 'J for journal' both replaced with compact [M] / [J] keycap chips.
Multiplayer:
- Send presence WebSocket frame immediately on open instead of waiting for the next 200ms tick (server only counts clients after they send presence; this is why 'players online' was stuck at 0).
- Chat now seeds online count + transport from window globals on mount so it doesn't miss the first dispatch.
UI layout:
- Player card moved right (left: min(180px, 14vw)) so it doesn't overlap with the nearby-builders chip on the left rail.
- Chat dock moved right (same offset, with maxWidth that shrinks to leave room for the right-rail panels).
- Player card now shows the avatar portrait (PNG from /avatars/<portrait>.png) with a level badge in the corner.
- Current Objective card moved to the top-center with a directional arrow that rotates toward the active objective's world position (10 Hz update via setInterval, smooth CSS transition).
- Combined HUD: avatar circle (level) + display name + title + XP-to-next + HP/MP/SP/XP orbs all in ONE card top-left.
- Removed standalone PlaygroundOnlineChip; chat header now shows live player count from the WS hub (transport-aware) plus an NPC subcount.
- Chat: NPC messages get a purple 'NPC' tag; bot authorIds prefixed with 'bot:'.
- Quest tracker pushed down 50px on desktop so it doesn't crowd the minimap area.
- Focus mode button: eyeball icon only (no text label), sits in the gap below the minimap.
- Chat dock moved to bottom-left (out of the way of action bar + sidebar)
- Online chip moved to top-LEFT (was overlapping minimap on top-right)
- Builders Nearby chip moved to top-LEFT under online chip (was overlapping side panel)
- Focus mode (F or button under minimap): hides Quest Tracker + Inventory + Builders chip so the world is visible while playing or recording
- Auto-engages focus mode on first WASD/arrow press
- Esc exits focus mode and closes panels
- Online chip shows '—' before WS connects and 'connecting…' as the status label so 0 doesn't look like 'global is empty'
Fixes CLI routing regression: provider key must be nested under model.provider
not at top-level config since _get_model_config() only reads the model block.
Renames providers.custom → providers.manifest (custom is a reserved type name
in hermes-agent and _get_named_custom_provider returns None for it).
Adds key_env: CUSTOM_API_KEY so the API key stays in .env, not embedded in YAML.
Co-Authored-By: Worked with Interstellar Code <noreply@interstellarconsulting.com>
Replace the static "No custom providers configured." placeholder with
editable SettingsRow entries for CUSTOM_API_KEY and providers.custom.base_url,
matching the existing API Keys section pattern with inline edit/save/cancel.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add envKey: 'CUSTOM_API_KEY' to custom provider card so the API Keys
section auto-shows a Custom row that saves to ~/.hermes/.env
- Remove API Key row from Custom Endpoint section (moved to API Keys)
- Save custom base_url without api_key in config payload
- Update PROVIDERS in claude-config.ts: envKeys: [] → ['CUSTOM_API_KEY']
- Remove unused savingCustom / setSavingCustom state variables
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds base_url + api_key input fields when Custom provider is selected.
Saves to providers.custom in config.yaml via the existing claude-config
PATCH endpoint — no more direct YAML edits for custom endpoint setup.
Also migrates existing manifest provider config to use provider: custom.
Eric's call after living with iter 013 for a few minutes: removed
the Operator Tip and the dashboard reads cleaner without it.
Sessions Intelligence's `flex-1` stretch already absorbs the
bottom-of-column space, so an extra card was redundant.
- DEFAULT_HIDDEN now includes `operator_tip`.
- STORAGE_VERSION 3 \u2192 4 so the existing migration path applies the
new default to returning users while preserving any explicit hides
they had.
- Tip card is still registered in the catalog and reachable from the
edit-mode picker for users who want a contextual nudge.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
Iter 013 per Eric:
> put tip above session intelligence and make that longer to fill
> the gap at bottom
- Reordered main column: OperatorTip (compact) \u2192 Sessions Intelligence
(the bottom anchor that grows to fill).
- SessionsIntelligenceCard root is now `h-full flex-1` and its row
list is `flex-1 overflow-hidden` so the card consumes the
remaining vertical space in the column.
- Bumped row cap from 8 \u2192 14. The card now has the room.
- Main column wrapper is `min-h-full flex flex-col` and the sessions
WidgetShell is wrapped in a `min-h-0 flex-1 flex flex-col` so the
flex-1 actually expands rather than collapsing to content.
- WidgetShell edit-mode wrapper uses `h-full` so widgets that opted
into flex-1/h-full still expand correctly when in edit mode.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
- tsc clean for dashboard files
Iter 012 per Eric's iter-011 ask:
> small gap at the bottom by sessions intelligence \u00b7 what should we
> put there standard? tip of the day? or something?
New OperatorTipCard component: a smart 'tip of the moment' card that
sits below Sessions Intelligence in the main column.
Why contextual rather than static:
- A static rotating tip would feel like marketing filler.
- A scoring function per tip lets the dashboard surface the *most
relevant* tip given current state (low cache hit rate, stale
cron, config drift, restart pending, recent achievement, sudden
drop in sessions, top-model concentration risk, etc.).
- 11 tips total; context-specific ones score 40-80, evergreens
3-5 so they only surface when nothing better is relevant.
- Refresh icon cycles to the next-best tip; persists last-shown
index in localStorage so refreshes don't always snap to the top.
- Optional CTA per tip routes to the most relevant page (jobs /
settings / analytics / skills / etc).
Visual: matches the rail card chrome (rounded-xl, gradient bg,
top accent strip, soft glow), with a 36x36 lightbulb chip on the
left and a tip body + tone-colored 'Tip · X/N' eyebrow on the
right. Tone color tracks the relevance category (warn / info /
positive).
Catalog: registered as 'operator_tip', column 'main', visible by
default. Lives at the bottom of the left column under Sessions
Intelligence so it visually balances the side rail extending past.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
- tsc clean for dashboard files
Iter 011 polish per Eric:
> remove operator console v.12 \u00b7 lower workspace a bit cause the
> gateway version is under
Gateway version was already shipping in the OpsStrip ('\u2666 GATEWAY
V0.12.0'). The header eyebrow was duplicating it within ~30px on the
same screen, which read as visual clutter.
- Removed the 'Operator console \u00b7 v\u003cversion\u003e' subtitle entirely.
- Title row is now a single bold 'Hermes Workspace' lockup with
vertical-centered alignment so it sits visually centered against
the action cluster on the right (instead of biased to the top of
the row from the dropped subtitle).
- Logo + glow ring stay; nothing else moves.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
Iteration 010 per Eric's iteration-009 ask:
> kept cache its clean fits fine \u00b7 should we remove dashboard text and
> just make hermes workspace larger? there's missing space in middle
> \u00b7 maybe center hermes workspace? \u00b7 add any additional widgets in
> the menu
== Header rebrand ==
- Dropped the redundant 'Dashboard' eyebrow (the page IS the dashboard).
- Promoted 'Hermes Workspace' to the primary heading at text-2xl,
bold, tight-tracked. Now commands the left.
- Eyebrow becomes 'Operator console \u00b7 v\u003cgateway-version\u003e' wired
off `overview.status.version` so the build/version tag is live.
- Logo: bumped 36px \u2192 44px, wrapped in an accent-tinted square with
a soft outer glow ring. Reads as a real product mark, not a tiny
avatar.
- Kept anchored left rather than centering. Ops dashboards (Linear,
Vercel, Datadog) all anchor brand left + actions right because
that's the spatial hierarchy operators expect; centering wastes
the most premium real estate. Put the explanation in the section
comment so future changes know why.
== New menu-only widgets ==
VelocityCard (`velocity`):
- Big number: sessions/day average over the analytics window.
- Delta vs the prior half of the window with tone scaling
(green for positive, warning for >25% drop).
- Sub-stat: API calls/day.
- Tiny daily sparkline (bars).
CostLedgerCard (`cost_ledger`):
- Per-model cost table that splits paid providers from
subscription/included rows so the dollar figure is honest.
- Paid rows sorted by descending cost, included rows by descending
tokens.
- Header chip shows total billed across paid rows only.
- Subscription pattern set covers codex / anthropic-oauth / minimax /
ollama / lmstudio / pc1-* / pc2-* / gemma / llama / qwen.
Both default-hidden so the stock dashboard stays clean; they live
in the edit-mode menu. Fed off existing analytics payload so no
backend changes required.
== Storage migration v2 \u2192 v3 ==
DEFAULT_HIDDEN expanded to: logs_tail, provider_mix, velocity,
cost_ledger.
`readLayout` now does a real schema migration: when a stored
layout's version field is older than STORAGE_VERSION, union the
user's explicit hides with the new defaults so existing installs
don't suddenly sprout widgets they never asked for. Provider Mix
stays hidden post-upgrade, matching Eric's call to keep just Cache.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- tsc clean for dashboard files
- v2 \u2192 v3 migration verified: existing `{hidden:['logs_tail']}`
becomes `{hidden:['logs_tail','provider_mix','velocity','cost_ledger']}`
Iteration 009 per Eric's iteration-008 ask:
> theres just a space from top models to achievements maybe we can
> put another widget there or something? can we add any more graphs
> or charts on the dashboard?
== New widgets, both wired into the right-side stack of the top
analytics row ==
Provider Mix card (`ProviderMixCard`):
- Collapses `analytics.topModels[]` by provider family with a heuristic
(claude-* \u2192 anthropic, gpt-/o1/codex \u2192 openai, gemma/llama/qwen \u2192
local, gemini \u2192 google, grok \u2192 xai, minimax, etc.).
- Renders a CSS conic-gradient donut with the dominant family % +
label inside the hole, plus an inline legend table for the top 4
families and a '+N more' affordance when there are more.
- Family colors cycle through accent / accent-secondary / success /
warning / danger / purple / cyan / yellow so siblings are visually
distinct without us shipping a real palette.
Cache Efficiency card (`CacheEfficiencyCard`):
- Big % stat: cache_read / (cache_read + input).
- Sub-stat: total cache tokens / total input tokens, plus the ratio
multiplier (cache_read / input).
- Daily hit-rate sparkline (bars, not line) so a zero day pops.
- Pure derive from the existing analytics payload.
== Layout ==
The analytics chart row used to be: [chart 8 cols] [Top Models 4 cols].
The right side hosted a single short card next to a tall chart, which
left the dead vertical Eric flagged.
Now the right column is a flex stack of:
1. Top Models
2. Provider Mix
3. Cache Efficiency
This fills the chart-height, gives operators 3x the data density at
the top of the dashboard, and stops the gap between the top row and
the rail below it.
All three cards register in `useDashboardLayout` so they're toggleable
via edit mode just like everything else.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- tsc clean for dashboard files
Iteration 008 per Eric's iteration-007 feedback.
== Premium header icons ==
Replaced emoji glyphs in the action row with Hugeicons stroke
icons + better button chrome:
- New Chat: BubbleChatAddIcon on a real accent gradient button
(was translucent tinted background) with inset highlight, soft
drop shadow, and an animated overlay sheen on hover.
- Terminal: ConsoleIcon
- Skills: PuzzleIcon
- Edit: Edit02Icon \u2192 CheckmarkCircle02Icon when active
- Settings: Settings02Icon
SecondaryAction component now takes a Hugeicons icon (not an emoji
string), uses a subtle card gradient background, accent-colored
icon on hover, and matching uppercase tracking for visual unity
with the primary New Chat button.
Edit + Settings icon-only buttons get the same treatment so the
whole right-hand cluster reads as one premium control group.
== Side rail height/balance ==
- Achievements: query bumped to `achievements=5` (was 3) and the
card renders every unlock the aggregator returns. Switched from
compact \u2192 full-detail rows so the card has body. Together this
fills the gap between Top Models and the rest of the rail.
- Side rail container: `min-h-full` so the column stretches to
Sessions Intelligence height instead of collapsing to content.
- Mix & rhythm card: `flex-1 h-full` + `justify-between` so it
consumes the remaining vertical space at the bottom of the rail
and aligns flush with Sessions Intelligence's lower edge.
== Attention bar separated ==
Eric: 'is it cluttered or should be higher or lower / separate?'
- Lifted the AttentionMarquee out of OpsStrip into its own
dedicated row above the gateway strip. Now a self-contained
warning-tinted chamber with its own border + gradient. Clearly
reads as 'things to look at' separate from 'gateway is up'.
- OpsStrip reverted to its single-row layout (no more nested
vertical stack).
- When there are no incidents, the row simply doesn't render \u2014
no empty frame.
Build/tests:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- tsc clean for src/screens/dashboard/* and src/server/dashboard*
Iteration 007 per Eric's iteration-006 feedback:
== Attention marquee ==
- New `AttentionMarquee` component renders the existing
`incidents[]` payload as a right-to-left ticker. Lives inside
`OpsStrip` as a dedicated full-width row that only appears when
there is something to surface.
- Animates via CSS keyframes (`@keyframes oc-attention-marquee`,
32s linear infinite). Pauses on hover so the operator can read a
long item. Respects `prefers-reduced-motion` and disables the
animation in that case.
- Track is duplicated once for the seamless wrap-around. Soft fade
mask on the right edge for the 'ticker continues' affordance.
- Each item routes to the most context-appropriate page (cron \u2192
/jobs, config \u2192 /settings, log/gateway \u2192 /jobs as fallback) or
to the incident's own `href` when set.
- Glyph + severity color picked from existing `source` and
`severity` enums on `DashboardIncident` so the marquee stays
fully data-driven.
== Side rail rebalance ==
- AttentionCard removed from the side rail (its data is now in the
marquee). Import dropped.
- AchievementsCard moved to the *top* of the side rail. The right-of-
chart visual position effectively places it 'under Top Models'
which is what Eric asked for.
- New rail order:
1. Achievements
2. Skills usage
3. Mix & rhythm
- Mix & rhythm stays \u2014 it's the only chart left in this column and
the unique non-deep-route insight (token shape + 24h heatmap).
== Layout v2 ==
- WidgetId catalog drops `attention` (not a widget anymore).
- New `logs_tail` default state is HIDDEN. Eric's read: it's a
triage tool, not a dashboard staple. Power users can re-add via
the edit-mode panel.
- `useDashboardLayout` now writes a `version: 2` field to its
storage payload and seeds first-load state from `DEFAULT_HIDDEN`
when no localStorage entry exists, so the new defaults apply
cleanly to fresh installs without nuking returning users' explicit
hides.
- Reset button now returns to the iteration defaults rather than
show-everything, so first-time Reset doesn't surprise users with
Logs they never wanted.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- All edit-mode toggling round-trips cleanly with the v2 schema.
Iteration 006. Two product asks from Eric's iteration-005 feedback.
== Edit mode ==
New `useDashboardLayout` hook owns:
- which widgets are hidden (persisted to localStorage key
`dashboard.layout.v1`)
- whether the dashboard is in edit mode (session state)
Catalog of 8 toggleable widgets with column metadata (main vs rail):
analytics_chart, top_models, sessions_intelligence, logs_tail,
attention, skills_usage, achievements, mix_rhythm.
UI:
- New `WidgetShell` wrapper: zero-overhead passthrough when edit mode
is off; in edit mode adds a dashed accent outline + an X close
button in the top-right corner of the widget. Click X to hide.
- New `EditModePanel` banner: only renders when edit mode is active.
Shows widget toggle pills grouped by column (Main / Side rail) so
the operator can re-add hidden widgets. Includes Reset (show all)
and Done buttons. Visible-count chip shows '5 of 8 widgets shown'.
- New header pencil icon (\u270f\ufe0f) toggles edit mode; flips to checkmark
(\u2713) when active, with accent border to make state obvious.
Layout adaptiveness:
- Top row: Analytics chart and Top Models share a 12-col grid. If
one is hidden, the other expands to fill (col-span-12) so we don't
end up with a half-empty row.
- All sections check `layout.isVisible(id)` before rendering so
hidden widgets cost zero DOM nodes.
== Side rail visual cohesion ==
Image review of iteration-005 flagged the rail cards as having
ragged heights and inconsistent action-link styling. Fixes:
- AchievementsCard: replaced the legacy `rounded-md bg-card/40`
chrome with the same `rounded-xl border` + top gradient accent +
diagonal card gradient that AttentionCard / TokenMixHourCard /
SkillsUsageCard already use. The 'View all \u2192' button no longer
sits as a separate full-width row; merged into the title-row
microcopy ('48 unlocked \u00b7 view all \u2192') so the rail breathes.
- SkillsUsageCard: matches the same diagonal gradient background
(was flat var(--theme-card)). Title color promoted from muted to
text. 'manage \u2192' microcopy gets the accent color on hover so all
rail action affordances behave the same.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- localStorage key namespaced `dashboard.layout.v1` so future schema
changes can bump cleanly.
Iteration 005 per Eric's feedback after the iteration-004 screenshots.
Hero KPI row:
- Drop the Cost tile entirely. Even with the 'partial / included'
trust label it kept reading as misleading on a workload that's
almost entirely Codex/OAuth.
- New ActiveModelKpi tile in the 4th slot. Shows active model name +
Online/Offline pulse + share-of-calls chip + provider/sessions
microcopy + ctx length. Same gradient form factor as the other
three tiles so the row stays balanced.
- HeroMetrics now takes an optional extraTile slot so the dashboard
can compose the row without coupling the metrics widget to model
data.
Side rail (final order, top to bottom):
1. Attention
2. Skills usage
3. Achievements
4. Mix & rhythm (new)
- Drop the rail-side Active Model card (its data is now in the hero).
- Move Skills + Achievements up so the rail leads with the cards Eric
finds most useful.
- New TokenMixHourCard fuses the previously separate Token Mix and
Hour of Day cards into a single 'rhythm' card sharing chrome,
header, and typography rules. Halves still independent so a fresh
install with no analytics or sessions still hides cleanly.
Hero KPI row CSS bumped to grid-cols-1 sm:2 lg:4 so the new tile
stacks rather than overflowing on narrow viewports.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- /api/dashboard/overview shape unchanged \u2014 this is UI-only.
Iteration 004. UI-only polish + new charts based on the Hermes Agent
data audit. No new backend endpoints required.
Aggregator:
- Cost honesty: new `analytics.costLabel` with values `precise` /
`partial` / `included` / `unknown`. Computed from per-model
session counts split between priced providers and known
subscription-included ones (codex / anthropic-oauth / minimax /
ollama / lmstudio / pc1-* / pc2-*). Stops the dashboard from
showing '$0.052 for 247M tokens' as if that were precise.
- Insights tightened:
- Capped at 3 (was 4).
- Drops 'no active runs' line when activity peaked today (was
contradicting the peak callout in the same card).
- Skill names in callouts now strip the `namespace:` prefix.
- Model ids in callouts use the trailing slash segment instead of
raw provider/model strings.
- New presentational helpers `shortSkillName` / `shortModelName`
inside the aggregator so insight text is render-ready.
UI:
- HeroMetrics cost tile: reads `costLabel` and renders 'Included' /
'partial \u00b7 some included' / dollar figure / em-dash accordingly.
Hides delta + sparkline for non-precise variants.
- New `SkillsUsageCard`: replaces the lonely '60' tile. Top-5 used
skills as a horizontal bar chart with name (last segment), use
count, and percentage. Fades to '\u003cN\u003e installed' fallback when
no usage in the window.
- New `TokenMixCard`: stacked horizontal bar of input / output /
cache / reasoning split with hover tooltips and an out/in ratio
chip.
- New `HourOfDayCard`: 24-bucket activity strip computed
client-side from session `startedAt`. Highlights the peak hour
and labels the timeline at 12a / 6a / 12p / 6p.
- OpsStrip: appended `pulse Xm ago` microcopy from the new
`status.lastHeartbeatAt` field.
- SessionsIntelligenceCard:
- Better kind icon resolution. New `sessionGlyph` helper checks
`kind`, `source`, and the `cron_<jobId>_*` key heuristic so
cron sessions actually show a clock instead of a chat bubble.
- Adds api_server / signal / imessage / matrix / local mappings.
- New `formatSkillName` helper in lib/formatters.ts (strips colon
and slash namespaces).
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- Live: costLabel='partial' for our usage (codex + opus mix), insights
count = 3 (was 4), gpt-5.4 in callouts instead of openai/gpt-5.4.
Iteration 003. Drop the legacy 14d Activity chart; reclaim the space
with a sessions intelligence card. Adopts every Hermes Agent answer
on the source-of-truth fields.
Aggregator:
- /api/dashboard/overview now also probes /health/detailed via the new
gatewayFetch helper. status.activeAgents reads canonical
active_agents from the gateway runtime; status.activeSessions
preserves the /api/status heuristic for separate display.
- status.lastHeartbeatAt added (alias of gateway_updated_at).
- cron now exposes failed count + recentFailures[] (id, name,
last_error, last_run_at).
- skillsUsage section parses analytics 'skills' object: totalLoads,
totalEdits, totalActions, distinctSkills, topSkills[] with
percentage. (Hermes Agent confirmed schema.)
- New top-level insights[] computed server-side: peak day driver,
cache delta vs prior period, ops pulse (failed/stale crons +
no-active-runs + restart-pending), top-skill heat. UI no longer
recomputes.
- New top-level incidents[] aggregates cron failures + stale cron +
paused cron + platform errors + config drift + restart-pending +
log-tail errors into one triage list with hrefs.
UI:
- Drop ActivityChart and the legacy Recent Sessions list.
- New SessionsIntelligenceCard:
- Real human title from derivedTitle (falls back to short slug).
- Kind/source icon (chat / cron / cli / telegram / discord / api).
- Badges: hot (active <5m), tool-heavy (>=20 tools), high-token
(>=50k), error, stale (>7d).
- Hot row gets accent border so the operator sees what's running.
- Hierarchy: model chip · msgs · tools · tokens · recency.
- Click row -> /chat/<sessionKey>.
- AttentionCard now consumes overview.incidents directly. Source icon
per item. Click items navigate to /jobs / /settings.
- Skills tile: real 'top: <skill>' from skillsUsage.topSkills[0]; row
reads '<enabled> enabled · <distinct> used · top: <skill>'.
- AnalyticsChartCard switches to overview.insights so the UI is dumb.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12,
+3 new: failed-cron incidents, /health/detailed active_agents,
skills usage parsing)
- pnpm build (passes)
- Live: 31 distinct skills used in 30d, top
'autonomous-ai-agents:hermes-agent' (12 uses), 3 incidents surfaced
(stale cron, paused cron, 6 config diffs).
Iteration 002 - addresses the Hermes Agent product review.
New widgets:
- AttentionCard: prioritized 'what to look at right now' list. Pulls
stale cron, log errors/warns, config drift, restart-pending, and
platform error states from the existing overview payload. Shows an
explicit 'all clear' state when nothing needs eyes. Replaces the
scattered warning chips and gives the operator a single command line.
- AnalyticsChartCard: daily trend chart + 2-3 client-side insight
callouts ('Usage peaked Apr 17, driven by GPT-5.4', 'Cache reads up
X% vs prior period', 'no active runs · restart pending'). Period
switch (7d / 14d / 30d) at top-right; selection persists to
localStorage and feeds the same window into Hero KPIs and the rest of
the overview.
- TopModelsCard: standalone right-rail card so the model breakdown is
no longer cramped inside the analytics hero. Shows tokens bar plus
'% of calls' (proxy for routing share) and sessions per model.
- ModelInfoCard now adds an operational microcopy line
('66% of calls · 113 sessions · 30d') and a click-through 'Inventory'
modal that lists every model from /api/models grouped by provider,
with active-model highlight and live filter.
UX/microcopy fixes:
- OpsStrip: '0 ACTIVE' -> '0 active runs', 'CONFIG +6' -> '6 config
diffs', stale-cron pill now visually warns (warning border + tinted
background) instead of muted text only.
- Action row: New Chat is now a primary gradient button, Terminal +
Skills are secondary monochrome buttons, Settings is icon-only. Top
visual weight cut ~30%.
- SkillsWidget: replaced the 6-row mini list with a summary tile
('42 installed · 39 enabled · top: Airtable'). Click-through opens
/skills.
- Analytics card period-aware loading state: shows ' · refreshing…'
microcopy in the header while the period switch is in flight.
Plumbing:
- /api/dashboard/overview now respects ?days=N from the client; query
key includes period so React Query refetches when the operator
switches windows.
- Period default 30d preserved; valid options 7 / 14 / 30 only.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (9/9)
- pnpm build (passes)
- Live: /api/dashboard/overview?days=7 returns 7-day window with
56.5M tokens, top models gpt-5.4 + claude-opus-4-7.
Phase 2 iteration 001. The Workspace dashboard was already aggregating
`/api/analytics/usage` but parsing it for the wrong shape (legacy
`top_models`/`total_tokens`), so the analytics card stayed hidden
even though the gateway returned 247M tokens / 788 sessions.
Aggregator changes:
- normalizeAnalytics now reads native Hermes `{ totals, by_model, daily,
period_days }` and falls back to the legacy shape when present. New
fields exposed: inputTokens, outputTokens, cacheReadTokens,
reasoningTokens, totalSessions, totalApiCalls, daily[], plus a
`source` discriminator (`analytics` | `unavailable`).
- New logs section: pulls `/api/logs?lines=N`, classifies error/warn
counts, returns last N lines for tail UIs.
- Default analytics window bumped 7d → 30d to match native dashboard.
UI changes:
- HeroMetrics: 4 big tiles (Sessions, Tokens, API Calls, Cost) with
inline SVG sparklines + period-over-period delta chips. Replaces the
legacy 4 small MetricTile row.
- AnalyticsHeroCard: large daily area chart + top-5 models breakdown +
totals line. Click 'Expand' opens a modal with a stacked
input/output/reasoning bar chart and full per-model breakdown
(sessions / calls / cost).
- LogsTailCard: rolling tail with error/warn pulse and Expand modal.
Modal auto-refreshes every 3s and supports all/errors/warns filter.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (9/9)
- pnpm build (passes)
- Live smoke: /api/dashboard/overview now returns analytics.source=
analytics with 247M totalTokens, 29 daily entries, 5 top models, and
log tail with 24 lines.
The README's feature list and roadmap were stale: missing the new MCP
page (#231), Operations dashboard, Agent View panel, Conductor screen,
and capability-gate work landed in the past 24-48h. Roadmap still
listed shipped features as 'In Development'.
Changes:
- Replace short 'Features' bullet list with a comprehensive 'What's
inside' that mentions every major surface, including the explicit
Conductor caveat with a link to #262.
- Roadmap restructured into Shipped / In progress / Coming sections.
Conductor gets its own 'in progress' row with the upstream-plugin
caveat. Native Desktop App moved to 'in progress' per spec status.
Multi-provider support called out explicitly so users know what
works on day one.
- Drop the in-house 'Agent W Managed Companion' subsection from public
README \u2014 it's internal-team-only deployment notes that don't apply
to anyone running upstream.
- Collapse the duplicate '## Features' section near the bottom into the
consolidated security section. Avoids saying the same thing twice.
- Tighten security headings: now '## Security & deployment env vars'
with two clean subsections: 'Built-in safeguards' and 'Env vars for
remote / Docker deployments'.
Build clean. No code changes.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
The 2026-05-01 codename rename swept most of the repo from 'Claude' to
'Hermes' but left a few env vars and README copy that still referenced
the old name. Users on fresh installs were configuring HERMES_PASSWORD
based on the docs but the auth middleware only read CLAUDE_PASSWORD,
silently bypassing the guard.
Changes:
- src/server/auth-middleware.ts: read HERMES_PASSWORD first, fall back
to CLAUDE_PASSWORD for back-compat with pre-rename setups.
- server-entry.js: same fallback for HERMES_PASSWORD +
HERMES_ALLOW_INSECURE_REMOTE. Error messages updated to point at the
new names.
- README.md:
- Drop the misleading 'v2 zero-fork = full feature parity' framing;
call out that Conductor specifically requires an upstream dashboard
plugin not yet shipped (per #262), with a link.
- Theme list updated to current names (Hermes / Nous / Bronze /
Slate / Mono \u2014 the v2.1 rename) instead of the old 'Official /
Classic' labels.
- Replace CLAUDE_PASSWORD / CLAUDE_ALLOW_INSECURE_REMOTE references
with HERMES_* primary names + back-compat note.
- Add HERMES_API_TOKEN to the security env-var list (previously
undocumented despite being honored by the gateway-capabilities probe).
- Inline note on the avatar PNG asset name being retained for cache
stability \u2014 the 'claude-avatar' filename is intentional.
- .env.example: HERMES_PASSWORD + HERMES_ALLOW_INSECURE_REMOTE primary
names with legacy notes.
- docker-compose.yml: HERMES_PASSWORD: ${HERMES_PASSWORD:-${CLAUDE_PASSWORD:-}}
so existing compose files that set CLAUDE_PASSWORD keep working while
new files use HERMES_PASSWORD.
Build + auth-middleware tests pass.
No public-facing breaking change: every previous CLAUDE_* env var still
resolves correctly through the back-compat fallbacks.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Agents seeded by seedAgentPresets() (Sage, Trader, Builder, Scribe, Ops)
get system prompts on first load, but the profile dir's config.yaml has
no model configured by default. Dispatching into one hangs because
hermes-agent has nothing to call.
Add OperationsAgent.needsSetup boolean (true when agent.model is empty)
and surface it on OperationsAgentCard:
- Amber 'Needs setup — click to configure' button below the description
- Play button turns amber and routes to onOpenSettings instead of running
- Tooltip explains why on hover
Click either path \u2014 needs-setup banner OR amber play button \u2014 to open
the settings modal where the user can pick a model. Once a model is set,
needsSetup flips to false and the agent dispatches normally.
Refs #270.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Conductor (#262):
- Add 'conductor' capability to gateway probe (probeConductor probes
/api/conductor/missions on the dashboard).
- Surface caps.conductor in /api/connection-status response.
- New <FeatureNotReady> component for graceful 'upstream not ready'
placeholders when a feature requires endpoints the agent doesn't have.
- New useFeatureCapability(key) hook polling /api/connection-status.
- /conductor route now wraps Conductor in a capability check: shows the
placeholder when the dashboard /api/conductor/missions endpoint isn't
there, instead of letting the UI 500 mid-action.
Swarm (#244):
- Toast error when /api/swarm-tmux-start returns 'tmux not installed'
with install instructions instead of silent console.error.
- Upgraded the in-screen 'tmux not installed' banner from grey muted text
to amber alert with the brew/apt install commands inline. Explains that
workers can't dispatch tasks without tmux ('can't find pane: swarm-X'
errors come from this missing dependency).
Build clean. Refs #244, #262.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* feat(mcp): MCP server management page (Phase 1)
Implements the MCP management plan (.omc/plans/mcp-management.md) Phase 1
end-to-end on a single feature branch (PR1+PR2+PR3+PR4 collapsed):
- New `/mcp` route with capability gate + BackendUnavailableState fallback.
- New `/api/mcp` (GET list, POST create), `/api/mcp/test` (POST connection
probe), `/api/mcp/discover` (POST tool discovery for a draft config),
`/api/mcp/configure` (PUT enable/toolMode/include/exclude), and
`/api/mcp/$name` (DELETE).
- Strict `mcp` capability probe in gateway-capabilities: hits `GET /api/mcp`
directly and validates the body parses through `normalizeMcpList` —
dashboard-up-but-route-missing returns false (resolves Open Question #4).
- Type split: read shapes in `src/types/mcp.ts` (client+server), write
shapes in `src/types/mcp-input.ts` (server-only; secrets contained here).
- Runtime normalization layer `src/server/mcp-normalize.ts` mirrors the
Skills `asRecord`/`readString`/`normalizeSkill` defense — strips
unknown fields, coerces enums, masks secrets via `MASK_SENTINEL`,
re-applies via `maskSecretsInPlace` before every `json(...)`.
- All write endpoints CSRF-checked via `requireJsonContentType`.
- Capability-off responses use `createCapabilityUnavailablePayload('mcp')`
with `{ servers: [], total: 0, categories }` for GET (200) and 503 for
writes — feature gates fall open without throwing.
- Static preset catalog (`src/screens/mcp/presets.ts`) with GitHub,
Filesystem, Postgres, Slack, Linear; Catalog tab installs prefilled
drafts through the same dialog flow.
- Screens: `McpScreen` (Installed/Catalog/All tabs + search + category
filter), `McpServerCard` (status badge + Test/Edit/Delete + enable
toggle), `McpServerDialog` (HTTP/stdio + auth + Discover + Save with
bearer-token clear-on-submit).
- TanStack Query hooks (`useMcpServers`, `useTestMcpServer`,
`useDiscoverMcpTools`, `useUpsertMcpServer`, `useConfigureMcpServer`,
`useDeleteMcpServer`).
Tests (vitest):
- `src/server/mcp-normalize.test.ts` — 13 tests covering enum coercion,
list-shape variants, malformed-entry drop, presence flags without
echo, env/header masking by key hint, idempotency, test-result
normalization, payload-string scanner.
- `src/routes/api/-mcp.test.ts` — 8 tests covering input validation,
capability fall-open shape, CSRF gate (415 on non-JSON POST, pass on
JSON, pass on GET), and the **secret echo guard**: a worst-case agent
that echoes a submitted bearer token in body/env/headers must never
surface the original string in the workspace response.
Build, lint, and the new test files are clean. Pre-existing unrelated
test failures on `local` (router-route-resolution, context-usage,
markdown math, slash-command-menu, chat-message-list, gateway-capabilities
env-source) are unchanged by this PR.
Worked with Interstellar Code
* fix(mcp): strip secret fields from client-safe McpClientInput
Architect review flagged that `McpClientInput` in `src/types/mcp.ts` (the
file explicitly designated for client+server read shapes with no secrets)
contained `bearerToken` and `oauth.clientSecret`, allowing the browser
bundle to import a secret-bearing type via the dialog component.
Resolves the type-split violation:
- `src/types/mcp.ts`: drop `bearerToken` and `oauth` from `McpClientInput`.
Now strictly the browser-safe form payload, no secret fields.
- `src/screens/mcp/components/mcp-server-dialog.tsx`: hold `bearerToken`
in ephemeral component-local `useState<string>` typed inline. Cleared
on submit and on dialog open. No exported type carries the field.
- `src/screens/mcp/hooks/use-mcp-mutations.ts`: `useUpsertMcpServer`
accepts `McpClientInput & { bearerToken?: string }` inline at the
call-site, again with no exported secret-bearing type. Server route
`parseMcpServerInput` re-validates and forwards to the agent.
The full server-side write shape (`McpServerInput` with secrets) remains
in `src/types/mcp-input.ts`, server-only.
Worked with Interstellar Code
* fix(mcp): block client imports of server-only mcp-input types
Add no-restricted-imports rule scoped to src/screens/** and
src/components/** that blocks importing @/types/mcp-input. That
file may carry unmasked secrets and is server-only — clients should
import McpClientInput from @/types/mcp instead.
Worked with Interstellar Code
* feat(mcp): wire /mcp into all sidebar/nav surfaces
Mirror the existing /skills registration across every nav and
command surface so the MCP screen is reachable from the dashboard
overflow grid, command palette, mobile hamburger drawer, mobile tab
bar, slash menu, search modal quick actions, and workspace shell
(active-tab tracking + mobile page title). Inspector panel gets a
parallel MCP tab that lists configured servers via /api/mcp.
Worked with Interstellar Code
* feat(mcp): catalog tab search, category badges, and nav coverage tests
Catalog tab now reuses the screen's search state to filter presets
by name/description, surfaces an empty-state when no presets match,
and renders each preset as a card with an Official Presets category
badge styled to match the skills-screen design vocabulary.
Tests:
- src/components/-mcp-nav.test.tsx: each modified nav file references
the /mcp route (or registers an mcp tab id for inspector-panel)
- src/screens/mcp/-presets.test.ts: filtering MCP_PRESETS by query
narrows results by name and description, returns full catalog for
empty queries, and returns nothing for unknown queries
Worked with Interstellar Code
* feat(mcp): add MCP entry to chat-sidebar Knowledge group
The primary visible left rail (`chat-sidebar.tsx`) was missed by the
prior nav-coverage commit. Slot MCP between Skills and Profiles in
`knowledgeItems`, mirroring the McpServerIcon used elsewhere.
Worked with Interstellar Code
* feat(mcp): Phase 3 — live tool refresh, OAuth reauth, per-server SSE logs
- `useMcpServers`: enable refetchOnWindowFocus for live state.
- `McpServerCard`: per-card Refresh button (re-runs Test, updates
discoveredToolsCount), Reauth button when authType === 'oauth' (uses
new useMcpOAuth hook), Logs button (opens McpLogsDrawer).
- `use-mcp-oauth.ts`: opens auth URL in new tab, polls /api/mcp/test
every 2s until status === 'connected' or 60s timeout. Returns
mutation-style { start, isPending, isError, error, data }.
- `mcp-logs-drawer.tsx`: fixed-right slide-in drawer subscribing via
EventSource to /api/mcp/<name>/logs. Newest-first, max 500 lines,
auto-scroll, tear down on close (no zombie EventSource).
- `routes/api/mcp/$name.logs.ts`: SSE proxy with auth + capability
gates. Capability-off → 503. Pattern follows chat-events.ts.
- Tests: 3 new for logs route (input validation, capability-off,
auth gate); smoke test for useMcpOAuth shape.
Total tests: 24 passing (13 normalize + 8 mcp + 3 logs). Build clean.
Worked with Interstellar Code
* feat(mcp): localhost-only config-fallback transport (Phase 1.5)
Adds an `mcpFallback` capability that lets the workspace perform CRUD on
`config.mcp_servers` via the existing dashboard `/api/config` route when
the agent does not yet expose the new `/api/mcp*` runtime endpoints.
Gated to loopback-only deployments by `isLocalhostDeployment()` (both
URLs loopback AND HOST unset/loopback). Test/Discover/Logs return a
structured "not yet available" payload in fallback mode; the MCP screen
renders an amber banner so the limitation is visible.
Worked with Interstellar Code
* feat(mcp): full catalog + marketplace + sources manager (Phase 2-3.2)
Workspace-only end-to-end MCP catalog + marketplace replacing the static
presets.ts and the upstream /settings/mcp surfaces.
Phase 2 — File-backed catalog:
- assets/mcp-presets.seed.json + ~/.hermes/mcp-presets.json (atomic
bootstrap via tmp+linkSync, mtime+ino+ctime+size cache, malformed-file
preservation, schema validation: id regex, transport-specific fields,
env key regex, https URLs, category allowlist, duplicate-id rejection,
unknown-field warnings)
- src/server/mcp-input-validate.ts: shared parseMcpServerInput returning
per-field {path, message} errors; promoted from inline definition
- src/routes/api/mcp/presets.ts GET handler
Phase 3.0 — Federated marketplace:
- src/server/mcp-hub/{cache,trust,index,types}.ts + sources/{mcp-get,
local-file}.ts: Smithery registry adapter (replaces speculative
registry.mcp.run NXDOMAIN), ETag/If-Modified-Since with 304 reuse,
rate-limit handling, parallel Promise.allSettled across sources with
8s per-source timeout, dedupe by source+id+name, fallback to
local-file when remote degraded
- Trust hardening: shell metachar reject, transport allowlist, env-key
regex, control-char + absolute-path attack defenses, inline-exec
flag detection (-c, -lc, -e for sh/bash/python/node/perl/ruby)
- src/screens/mcp/components/install-confirmation-dialog.tsx: 2-click
commit with full template preview (command/args/env masked) and
AbortController on dismiss
- Disk persistence for tool-discovery cache (mcp-tools-cache.ts) +
hermes-mcp CLI bridge (mcp-cli-bridge.ts) for live test/tool
enumeration in fallback mode
Phase 3.2 — User-configurable sources:
- ~/.hermes/mcp-hub-sources.json schema (built-ins always present,
protected from mutation; user can add HTTPS-only generic-json
sources with trust+format)
- src/routes/api/mcp/hub-sources{,.$id}.ts CRUD with per-process mutex
(read-modify-write race protection)
- generic-json adapter: SSRF guard (private/loopback/link-local/IPv6
ULA all rejected after DNS resolution, redirects disabled), 5MB
response-size cap (streaming read), trust hard-cap at 'community'
for user-source entries, source field 'user:<id>' for dedupe
- src/screens/mcp/components/sources-manager-dialog.tsx UI
Polish:
- Placeholder detection at install confirmation (inline fill form
blocks commit until /path/to/, <your-...>, empty *_TOKEN/_KEY/etc
resolved)
- Test result UX hints when stdio Connection closed + placeholder args
or http fetch failed + placeholder url
- Env-ref preserved in normalize (${VAR_NAME} no longer masked) +
Edit dialog diagnostic
UI: Skills-pattern parity for /mcp screen (Tabs + Marketplace tab,
Switch primitive, Button primitives, DialogRoot/Content, primary-*
Tailwind classes matching skills-screen.tsx). Single-row toolbar
(tabs + search + filter). Removed All + Catalog tabs, kept Installed +
Marketplace.
Backend:
- gateway-capabilities probeMcp uses authenticated dashboardFetch
(Codex MAJOR fix); probeMcpConfigKey + isLocalhostDeployment for
mcpFallback capability
- routes/mcp.tsx route gate accepts mcp || mcpFallback
- mcp-normalize.ts headers.Authorization + env *_TOKEN/_KEY/_SECRET
/_AUTH/_APIKEY auth detection upgrades authType to 'bearer'
Removed (replaced by /mcp):
- src/screens/settings/mcp-settings-screen.tsx (759 LOC)
- src/routes/settings/mcp.tsx
- src/routes/api/mcp/{servers,reload}.ts (orphaned endpoints; reload
posted to gateway 404s)
- src/screens/mcp/presets.ts (static array, replaced by file-backed)
- settings-sidebar MCP nav entries (replaced by main /mcp route)
Tests: 263+ passing across 19+ MCP suites — input-validate, presets-
store, hub-cache/trust/unified-search, sources/{mcp-get,local-file,
generic-json}, hub-sources-store, mcp-tools-cache, ssrf-guard,
marketplace-install-confirmation, marketplace-placeholder-detection,
hub-search/-presets/-hub-sources route tests. Pre-existing 2
gateway-capabilities env-resolution failures unrelated.
Reviewers: Codex critic 4 passes (Phase 2 REJECTED → 8 fixes applied,
Phase 3.0 APPROVED-WITH-CHANGES → 4 fixes, Phase 3.2 REJECTED → 6
fixes including SSRF guard + response-size cap + concurrent-CRUD
mutex + trust cap). Architect approved final pass.
Worked with Interstellar Code
The composer workspace selector and file browser now resolve through one
profile-local workspace catalog, so ~/.hermes remains runtime state instead of
becoming the project root.
Changes:
- Rework /api/workspace into a profile-local workspace catalog
- Prevent ~/.hermes, Hermes profile dirs, and system roots from being
selected as workspaces
- Make /api/files use the same workspace catalog as the composer
- Update the composer workspace selector to list/switch backend workspaces
- Invalidate workspace state after profile switches
- Change the workspace menu action to open the in-place files sidebar
instead of navigating to /files
- Remove the "Add path manually..." button (used window.prompt; not suitable
for remote workspaces)
- Composer bottom-row layout: profile, workspace, reasoning, model, context
ring near send button; mic/attachment ordering aligned
- Add focused regression coverage for workspace resolution and composer
control wiring
Constraint: Hermes Web UI treats workspaces/spaces separately from
profile state.
Rejected: Keep localStorage saved workspace paths | stale saved paths could
keep showing ~/.hermes.
Rejected: Keep /api/files fallback to HERMES_HOME | files sidebar would still
browse runtime state.
Confidence: high
Scope-risk: moderate
Directive: Do not reintroduce HERMES_HOME/CLAUDE_HOME as project workspace
fallbacks; use /api/workspace catalog instead.
Tested: targeted vitest for workspace/files/composer controls; targeted
eslint; LSP diagnostics on key changed files; pnpm build green.
Not-tested: dedicated Spaces manager UI remains follow-up.
Worked with Interstellar Code
- Add zh-TW locale with Taiwan-specific terms (檔案, 終端機, 記憶體, 市集, 設定, 儲存, 搜尋, 載入中 etc.)
- Update getLocale() to match full navigator.language before splitting, ensuring zh-TW users are not routed to Simplified Chinese
- Rename zh label to 中文(简体)for clarity
Co-authored-by: 你的名字 <你的電子信箱>
* feat(skills): origin detection, source path, and category alias map in API
- Cross-reference .bundled_manifest + SKILL.md frontmatter to classify
each installed skill as built-in, agent-created, or marketplace
- Populate sourcePath with resolved local path (~/.hermes/skills/<cat>/<id>)
for installed skills (was previously empty)
- Add category alias map: gateway returns lowercase dir names (research,
productivity); map these to display labels for filter compatibility
Worked with Interstellar Code
* feat(skills): origin badges, filter, card layout, and security popup fix
- Add origin badge on each skill card (Built-in / Agent-created / Marketplace)
alongside existing Installed badge
- Add origin badge in skill detail dialog beside Source path field
- Add origin filter dropdown in Installed tab to filter by origin
- Fix card layout: skill icon now inline with name, author line hidden when empty
- Fix security popup transparency: stacking-context conflict with neighboring
cards resolved via inline background var + z-index promotion on card hover
Worked with Interstellar Code
* feat(mcp): align toolbar tab layout with Skills; frosted-glass tooltip
- MCP page toolbar: move Installed/Marketplace tabs to right side,
matching the Skills page toolbar layout for consistency
- Tooltip: translucent themed background with backdrop-blur for
frosted-glass appearance (affects chat sidebar icons, security
popups, and all tooltip usages globally)
Worked with Interstellar Code
* feat(chat): widen default content column to 1125px (25% wider)
Bumps `--chat-content-max-width` from 900px to 1125px so the
default ('comfortable') chat column is roomier without forcing
users to switch to the 'wide' or 'full' settings.
Worked with Interstellar Code
- Persist final assistant message to sessionStorage on 'done' event
- Merge recovery message into history if backend hasn't caught up yet
- Clear buffer once server history confirms the message
- Refactor: replace (msg as any) casts with type-safe bracket access
- Refactor: extractMsgId() helper in use-chat-history.ts
- Refactor: getMessageTimestamp() uses Array<unknown> + bracket access
The previous probe used a generic GET to /api/sessions/__probe__/chat/stream
and treated any non-404/403 status as 'available'. Vanilla hermes-agent
serves a router-level handler at sessions paths but doesn't actually
expose the streaming POST endpoint there, so it was returning 405 (or
similar) on the GET, which the probe interpreted as 'enhanced chat is
available'. Workspace then routed sends through streamChat() which
posts to /api/sessions/{id}/chat/stream, which 404s on vanilla agent,
and the bundle's error mapper surfaced it as a generic 'Authentication
error' to the user.
Replace the generic probe with probeEnhancedChatStream() that:
- POSTs (the real method) instead of GET
- Treats 404 (path missing) and 405 (path mismatch) as not-available
- Treats any other status as available (4xx structured errors / 401
auth gates / streaming start all imply the path is registered)
Result: getChatMode() correctly returns 'portable' on vanilla agent,
send-stream.ts takes the openaiChat path, chat works without patches.
Refs #261.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* feat(agent-view): port AgentViewPanel from controlsuite into Workspace chat
- Copy 9 agent-view components + use-agent-spawn hook
- Copy use-agent-view zustand store + use-orchestrator-state hook
- Copy orchestrator-avatar (1490 LOC, 9 SVG avatars + animations)
- Copy agent-personas lib (Roger/Sally/Bill/Ada/Max/Luna/Kai/Nova)
- Rename storage keys controlsuite-* -> hermes-workspace-*
- Mount <AgentViewPanel /> in chat-screen.tsx after main, before terminal
- Demo data wired via createDemoActiveAgents in use-agent-view
Iteration 001 of goal 2026-05-02-agent-view-port-from-controlsuite.
All deps already present in Workspace. Greek persona swap + Hermes avatar art = next iter.
* feat(agent-view): demo fallback when live gateway returns zero agents
Hermes Workspace session status vocabulary (idle/active/etc) doesn't yet
map onto ControlSuite's running/queued/completed brackets, so live mode
was returning empty arrays and hiding the panel content.
Phase 1: fall through to demo data when classifier produces 0 agents,
so we can see the full UI visually before Phase 2 status mapping work.
* feat(agent-view): default avatar owl, drop lobster as first-run default
Per Eric: ditch lobster, default to owl. Lobster stays available in picker,
just no longer the first-run choice. Cleared user must clear localStorage
key 'hermes-workspace-orchestrator-avatar' to see new default if they had
old default cached.
* feat(agent-view): add Hermes PNG avatar as default
- Add 'hermes' to AvatarStyle union with PNG renderer (HermesPNG)
- HermesPNG: <img src='/avatars/hermes.png'> with state animations
(breathing scale loop on idle/responding, dotted ring on thinking)
- Avatar renders circular via objectFit cover + border-radius 50%
- Default first-run avatar = hermes (was owl, was lobster originally)
- New PNG asset at public/avatars/hermes.png (1.6MB anime portrait)
- Picker modal now shows Hermes as first tile
Phase 1.5 of agent-view port. 8 more Greek god PNGs to land same way.
* feat(agent-view): bump main agent avatar 52 -> 88 for more presence
Per Eric: avatar felt small relative to panel width and whitespace.
Now occupies ~30% panel width which gives the character actual presence
in the top-of-rail slot.
* feat(agent-view): two-tier avatar picker with 9 Greek god PNGs
- Add 8 Greek god PNG avatars: athena, apollo, artemis, iris, nike, eros, pan, chronos
- Refactor PNG renderer into makeGreekPNG factory (one fn per god)
- AvatarPicker now has two tiers:
* Standard tier: 9 emoji-styled SVG avatars (smaller tiles, default view)
* Greek tier: 9 anime PNG portraits (premium, opens via 'More ->' button)
- Picker remembers tier based on currently selected avatar
- Greek tile shows actual PNG thumb at 56x56, emoji tile shows 2xl emoji
- 'More ->' / '<- Standard' toggle button switches tiers in-place
- Default avatar remains 'hermes' (god of messengers, fits the brand)
* fix(agent-view): wire chat-activity-store so avatar reflects real state
Previously chat-screen.tsx had a no-op stub for setLocalActivity, so
the OrchestratorAvatar in the agent view never actually changed state
during user sends, thinking, tool calls, or responses.
Hook the actual zustand store so:
- send -> 'reading'
- waiting for first token -> 'thinking'
- streaming -> 'responding'
- tool call running -> 'tool-use'
- done -> 'idle'
Now the avatar's animation states (breathing, dotted ring, bob, glow)
react to live chat activity instead of staying frozen on idle.
* fix(agent-view): cleaner enterprise chrome, drop noisy stats line
Per Eric: panel had visible outline border + chatty '1 active · 0 queued · $0.000' line that felt noisy and unenterprise.
- Drop the left border on the outer aside, switch bg to --theme-sidebar
for cohesion with the rest of the dark surface
- Drop the bottom border on the header row
- Drop the inline stats line entirely (info available per-card)
- Soften the Agents section bg from /35 to /15, drop its border ring
Result: panel reads as a continuous dark surface flush with the chrome,
not a bordered floating widget.
* feat(agent-view): smooth slide+fade in/out for desktop panel
Was: instant render with no entrance animation (initial={false})
Now: panel slides in from right edge with opacity fade, custom cubic
bezier eases (0.32, 0.72, 0.24, 1) for a natural deceleration that
feels native and enterprise rather than CSS-default.
Open: 320ms slide, 220ms opacity fade-in
Close: same easing, panel slides off-canvas right
* feat(agent-view): port usage meter — real provider quota tracking
Port from controlsuite:
- src/server/provider-usage.ts (1026 LOC) — Claude OAuth, Codex JWT
decode, OpenAI billing, OpenRouter, Anthropic API key probes
- src/routes/api/provider-usage.ts — JSON endpoint
- src/components/usage-meter/* (5 files) — full meter, compact meter,
details modal, context alert, index re-exports
AgentViewPanel.OrchestratorCard already had the poller wired to
/api/provider-usage from the prior agent-view port; route was just
missing. Now live:
- Codex: Plus plan, session/weekly windows, JWT-decoded plan tier
- Claude: OAuth credentials read from ~/.claude or keychain, refresh
on demand, session+weekly+sonnet bars
- OpenAI: billing endpoint via API key
- OpenRouter, Anthropic API key paths included
Verified at /api/provider-usage returns real percentages.
* fix(agent-view): unify enterprise chrome — drop borders on inner sections, queue, history, agent cards
Per Eric: bottom subagent sections still had the old border-primary-300/70
outline ring + heavier bg/35. Top header was already cleaned but the rest
of the panel didn't match.
- Drop border on Agents/Queue/History sections (3 spots), bg /35 -> /15
- Section header pills (Agents/Queue/History): drop border + shadow,
use uppercase tracking-wider primary-500 for hierarchy without lines
- Drop border on individual agent card containers, swap gradient bg
for flat /15 to match parent section
Result: panel reads as one continuous dark surface from header to
bottom, no nested ring-on-ring outlines. Hierarchy comes from
typography + bg shading not strokes.
* fix(agent-view): kill demo data fallback — show real state only
Demo agents (Roger/Sally/Bill) were appearing as if they were real
spawned workers because we wired a fallback during Phase 1 visual
port. Per Eric: 'I noticed there's a few agents running but we didn't
spawn'.
Now:
- Empty results -> empty panel (no fake agents)
- Gateway error -> empty panel + error state, not fake agents
- Only real /api/sessions data populates Active/Queue/History sections
createDemoActiveAgents / createDemoQueue / createDemoHistory functions
remain in code for future test fixtures, just not invoked.
* feat(agent-view): swap lobster for wolf in emoji avatar tier
Per Eric: ditch lobster, add wolf instead.
- New WolfSVG component matching the same animation API as Fox/Owl/etc
- Gray palette (gray-200/400/500), yellow eyes with vertical pupils
- Sharp triangular ears, longer muzzle, faint snarl on orchestrating state
- Speech dots on responding, dotted ring on thinking
- AvatarStyle union: 'lobster' -> 'wolf'
- Picker tile: '🐺 Wolf' replaces '🦞 Lobster'
- Renderer map: wolf -> WolfSVG
LobsterSVG component left in code (unused) so no behaviour delta if
storage has stale 'lobster' key (will fall back to default 'hermes').
* fix(themes): rename theme labels — drop 'Claude' prefix, use Nous/Hermes/Bronze
Per Eric: theme picker showed 'Claude Nous', 'Claude Official', 'Claude Classic'
which was odd branding for Hermes Workspace. Themes are referenced by id
('claude-nous' etc) for backward storage compat, but the user-facing label
now reads cleanly:
- Claude Nous -> Nous
- Claude Nous Light -> Nous Light
- Claude Official -> Hermes (was the flagship navy/indigo)
- Claude Official L -> Hermes Light
- Claude Classic -> Bronze (bronze accents description)
- Classic Light -> Bronze Light
- Slate -> Slate (no change)
- Slate Light -> Slate Light (no change)
Storage keys + ThemeId union unchanged; no migration needed.
* fix(theme): darken sidebar so it reads as solid against dashboard bg
Eric reported the chat sidebar 'looks transparent.' Root cause: in
`claude-official` the sidebar (#0d1220) and main bg (#0a0e1a) were
nearly identical lightness, so the divide between them faded out
entirely.
Bumped `--theme-sidebar` to #060914 \u2014 deeper than the bg \u2014 so the
sidebar column reads as its own clearly-defined surface without
needing extra borders or backdrop blur.
Only the active theme is touched here; other themes already have
sufficient contrast between sidebar and bg.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
---------
Co-authored-by: Aurora release bot <release@outsourc-e.com>
The sortSwarmMembers function in swarm2-screen.tsx filtered crew members
with regex /^swarm\d+$/i that only matched IDs like swarm1, swarm2, etc.
Agent IDs like rocky, scotty, huyang, and margaret were silently filtered
out, causing the Swarm and Operations pages to show "No swarm workers
discovered from crew status yet." despite the /api/crew-status endpoint
returning all agents correctly.
Fix: change filter to accept any non-empty ID instead of requiring
the /^swarm\d+$/i pattern.
The slash-command autocomplete in the chat composer was missing the
/plugins command, even though there's a real /api/plugins backend route
and the existing test suite (src/components/slash-command-menu.test.tsx)
already specs the expected behavior:
import { DEFAULT_SLASH_COMMANDS } from './slash-command-menu'
describe('DEFAULT_SLASH_COMMANDS', () => {
it('includes /plugins in the slash autocomplete list', () => { ... })
})
That spec was failing because:
1. The local list was named SLASH_COMMANDS (not DEFAULT_SLASH_COMMANDS)
and was not exported.
2. The /plugins entry was simply missing.
Fixes:
- Rename SLASH_COMMANDS -> DEFAULT_SLASH_COMMANDS and export it (so
the test and any downstream code can introspect the list).
- Add { command: '/plugins', description: 'List installed plugins and
their status' }.
- Export the SlashCommandDefinition / SlashCommandMenuProps /
SlashCommandMenuHandle types that chat-composer.tsx already imports
(the import was working only because TypeScript exposes types
structurally even when not explicitly exported, but making them
public types is cleaner).
Extends the existing test with three additional regression specs:
- The list contains every core command (/new, /clear, /model, /save,
/skills, /plugins, /skin, /help).
- Every entry has a non-empty description and starts with '/'.
- No command label is duplicated.
Verification:
pnpm vitest run src/components/slash-command-menu.test.tsx
✓ 4 tests passed
Full suite: 19 failed -> 18 failed (the slash-menu test now passes;
remaining failures are pre-existing and unrelated).
Two related bugs in src/lib/connection-errors.ts caused the wrong UI
message when the gateway refused a device's auth token (issue #239,
'Hermes Agent rejected the connection token').
1) getConnectionErrorMessage had unreachable code: the
'gateway_auth_rejected' case fell through to a duplicated
'clawsuite_auth_required' label, which is already handled above.
That meant gateway-auth rejection always returned the ClawSuite
'Claude Login Required / Enter your password' UI, which is wrong
when the actual problem is the gateway refusing the device token.
Fix: give 'gateway_auth_rejected' its own message that points the
user at re-pairing the device or checking the gateway token, not
at typing a password.
2) classifyConnectionError matched on lower.includes('token'), which
misrouted benign network errors like
'failed to fetch token from /api/foo' to gateway_auth_rejected.
Fix: require 'token' to co-occur with an auth-failure marker
(unauthorized / forbidden / rejected / invalid / expired / 401 /
403 / etc.) before classifying as auth-rejected. Bare 'token'
strings now fall through to the appropriate network/unknown bucket.
Adds full unit-test coverage for the classifier and the message
table, including regression tests for both bugs.
Fixes#239
The Usage quick-action tile in the search modal (Ctrl/Cmd+K) emits an
'OPEN_USAGE' window event. UsageMeter listens for that event but was
never rendered in the app root, so the event fired into the void.
Mount it next to SearchModal in __root.tsx. UsageMeter renders no UI
when closed (just the listener), so this has no visual side effect.
Fixes#258.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
PR #185 (commit 8b45b632) added python3 to the runtime Dockerfile to
fix issue #161 — terminal broken in Docker because scripts/pty-helper.py
requires Python at runtime.
Commit efcb7d14 (2026-05-01 'migrate legacy Hermes codename bytes to
canonical Claude') reverted the Dockerfile to a pre-#185 state without
python3, regressing #161 silently. Issue #259 reports the regression.
This is a one-line restore. Inline comment added so the next rename
sweep doesn't trip over it again.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* feat(dashboard): aggregate /api/dashboard/overview + Hermes-native cards
Workspace dashboard now mirrors what the native Hermes Agent dashboard at
:9120 surfaces, on top of the existing sessions analytics, in a single
server-aggregated round trip.
Adds new server endpoint `GET /api/dashboard/overview` that fans out to:
- /api/status (gateway state, active sessions, platforms)
- /api/cron/jobs (cron summary)
- /api/plugins/hermes-achievements/recent-unlocks (recent ribbon)
- /api/plugins/hermes-achievements/achievements (totals)
- /api/model/info (provider, model, context, capabilities)
- /api/analytics/usage (token totals, top models, optional cost)
Per-section graceful fallbacks: each slice independently resolves to
null on auth failure / missing endpoint / unreachable dashboard, and
the corresponding card hides itself. Vanilla installs without the
achievements plugin or analytics auth still get a usable dashboard.
Adds 5 new dashboard cards:
- SystemStatusStrip: one-line gateway + active-agents pill at top,
warning chip when restart_requested.
- PlatformsCard: connected platforms with per-platform state pills
(api_server, telegram, discord, etc.).
- CronSummaryCard: scheduled / paused / running counts + next-run
countdown, click-through to /jobs.
- AchievementsCard: 3 most recent unlocks with tier badges, plus a
modal that fetches a wider window (?achievements=12) for the full
ribbon view.
- AnalyticsSummaryCard: top-3 models by tokens with proportional bars,
total tokens over the window, real cost from the dashboard (replaces
the old hardcoded ~$5/M estimate).
Other tweaks:
- Replace the hardcoded cost subline on the Tokens MetricTile with the
real estimated_cost_usd value from /api/analytics/usage when present.
- New section row between the chart row and Recent Sessions for
Platforms / Analytics / Achievements.
Tests: +7 for the aggregator covering the empty / mixed / full payload
shapes plus the field-rename quirks (gateway_platforms vs platforms,
active_sessions vs active_agents). All 31 swarm/dashboard tests green.
* fix(dashboard): use existing hugeicons names (Award01Icon, CancelIcon)
* feat(dashboard): consolidate ops strip + native model card polish
Polish pass on PR #242 (Workspace dashboard parity phase 1) before
merge. Tightens layout per the dashboard spec's '10-second status
read' goal.
Layout changes:
- Drop the centered logo hero. New header is a single row with title,
Hermes Workspace label, and inline QuickActions.
- Collapse the three stacked status rows (SystemStatusStrip,
CronSummaryCard, PlatformsCard) into one OpsStrip that surfaces
gateway state, version, active agents, restart-pending, config
drift, platform pills, and cron pulse in a single horizontal bar.
- Re-flow main content as 8/4 split: Activity + Analytics on the left,
Model + Skills + Achievements as a side rail.
Data parity:
- Aggregator now exposes status.version, releaseDate, configVersion,
latestConfigVersion, hermesHome from /api/status. OpsStrip uses these
for the version chip and config drift warning.
- New ModelInfoCard reads overview.modelInfo (i.e. /api/model/info, the
active model the gateway is using) instead of /api/claude-config
defaults. Surfaces context length and tools/vision/reasoning chips.
UX:
- AnalyticsSummaryCard now renders a stable 'No usage in last Nd'
empty state instead of disappearing, so layout doesn't reflow on
fresh installs.
- Cron stale next-run (>7 days overdue) downgrades to muted 'stale'
label so March overdue jobs don't look alarming.
Cleanup:
- Remove orphaned SystemStatusStrip, CronSummaryCard, PlatformsCard
components. Drop legacy ModelCard + dead SystemGlance helper from
dashboard-screen.tsx (-179 lines net).
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (7/7)
- pnpm build (passes)
---------
Co-authored-by: Aurora release bot <release@outsourc-e.com>
* fix(api): replace broken 'authResult as unknown as Response' cast with proper 401
isAuthenticated() returns boolean. The previous pattern:
const authResult = isAuthenticated(request)
if (authResult !== true) return authResult as unknown as Response
silenced the TypeScript error but threw HTTPError -> 500 at runtime
because the framework received `false` instead of a Response. This
broke /api/connection-status entirely on protected setups (causing
ONBOARDING_KEY to never persist on fresh installs) and would have
broken the just-merged /api/system-metrics in the same way.
Replace with the canonical pattern used by every other API route:
if (!isAuthenticated(request)) {
return json({ error: 'Unauthorized' }, { status: 401 })
}
Refs #261 (which spotted the pattern in connection-status), #246
(which copied the broken pattern into system-metrics).
* fix(claude-proxy): fall back to /v1/models for /api/available-models on vanilla agent
Vanilla hermes-agent (any version through 2026-05) does not expose
`/api/available-models` \u2014 that endpoint is legacy fork-only. The chat
composer + settings dialog hit `/api/claude-proxy/api/available-models`
expecting it to work, get 404, and fall through to broken UI states
where the model picker is empty.
Fix: when proxying GET /api/available-models and the upstream returns
404, synthesize a compatible `{ models: [...] }` response from
/v1/models filtered by ?provider= so the picker keeps working.
Also: read the bearer token at request time using the same precedence
as the rest of the codebase (HERMES_API_TOKEN || CLAUDE_API_TOKEN ||
module-level BEARER_TOKEN). PR #234 fixed this in openai-compat-api.ts;
this catches the proxy path that was missed.
Refs #261.
---------
Co-authored-by: Aurora release bot <release@outsourc-e.com>
src/server/openai-compat-api.ts has two issues that combine to break
the chat surface for any deployment whose Hermes Agent gateway has
`API_SERVER_KEY` set (i.e. anything that isn't an open loopback
gateway):
1. The local `BEARER_TOKEN` const reads only `CLAUDE_API_TOKEN`,
ignoring the documented `HERMES_API_TOKEN` env var that the README
tells users to set. Looks like a leftover from the Claude → Hermes
rename: the const in src/server/gateway-capabilities.ts:222 honors
both names, but this local one was never updated.
2. The const is evaluated at module-load time. Under vite-node SSR
(`pnpm dev`), the module can be loaded in a worker context where
`process.env` doesn't yet contain the values that systemd /
EnvironmentFile / .env populated for the parent node process.
That freezes the constant to '' permanently, even though the env
is correctly populated by the time `openaiChat` actually runs.
Symptom: chat UI loads, sessions/skills/memory all work, but every
message produces a run with `status: error` and:
errorMessage: "OpenAI-compatible chat: 401 {\"error\": {...,
\"code\": \"invalid_api_key\"}}"
…in `<HERMES_HOME>/webui-mvp/runs/<session>/<run>.json`. The error
format matches what the gateway returns for missing Authorization, not
an upstream provider error. Confirmed via instrumentation:
[DEBUG-AUTH] BEARER_TOKEN length: 0
env.HERMES_API_TOKEN length: 16
Fix: replace the const with a small `getBearerToken()` helper that
reads the env at call time and honors HERMES_API_TOKEN with a fallback
to CLAUDE_API_TOKEN. Three call sites updated (`getDefaultModel`,
`openaiChat` Authorization header, and the session-id guard).
No behavior change for setups that already worked (open loopback
gateway with no API_SERVER_KEY, or production builds where
process.env is fully populated before module load).
* fix: load kanban task assignees from Hermes profiles
* docs(swarm): remove dead reference to non-existent aurora-rotate-worker.sh
Fixes#255. Option A referenced a personal helper script that has never
existed in the repo. The Add Swarm dialog (former Option B) remains as
the single supported path for spawning tmux-backed workers.
---------
Co-authored-by: dontcallmejames <dontcallmejames@users.noreply.github.com>
TanStack Start's catch-all '$.tsx' route SSRs index.html for any missing
static file, returning 200 OK with content-type: text/html. The naive
r.ok check marked all GLB URLs 'present', then useGLTF tried to parse
HTML as a binary glTF and threw inside Suspense, killing the entire
3D world and forcing the lite fallback to render — exactly what Eric saw
('Athena · Agent' overlay text instead of the 3D scene).
Fix:
- Probe checks content-type explicitly and rejects text/html.
- Wrap GlbInner in a class-based GlbErrorBoundary so even a wrong probe
no longer crashes the world: errored GLBs cache as 'missing' and the
voxel body shows.
Verified on dev server: HEAD /avatars-3d/athena.glb returns 200 +
text/html, now correctly classified as missing.
- Add PlaygroundNpcGlb component using @react-three/drei useGLTF.
Loads /avatars-3d/<npcId>.glb on demand, with materials frozen and
raycasting disabled (parent group handles clicks).
- HEAD-probe per id with module-level cache so a missing GLB never
triggers GLTF parse errors. Voxel body is the seamless fallback.
- Wire useGlbAvailable() into the NPC component: when GLB present,
render it instead of the voxel torso/limbs/head; nameplate chip stays.
- public/avatars-3d/README.md with Meshy.ai prompts per Greek god.
Drop a GLB at public/avatars-3d/athena.glb and Athena upgrades. No code
change needed. Mix-and-match is supported (only some NPCs upgraded).
Client (use-playground-multiplayer.ts):
- Drop presence to 5 Hz (200ms, was 100ms). Halves bandwidth, identical look.
- Skip-send when player static (POS_EPSILON 0.04, YAW_EPSILON ~1.4°).
- Avatar config sent only on signature change, not every tick.
- Position-delta gate before re-render (RENDER_POS_EPSILON 0.03).
- World-scoped local rendering (visibleRemotes) — never see remotes from
other worlds.
- Connection state ('offline' | 'broadcast' | 'ws' | 'both') exposed for HUD.
- Server-pushed count consumed via 'count' wire kind (no /stats polling).
Worker (playground-ws-worker/src/worker.ts) v1:
- World-scoped fan-out: only broadcast to recipients in same world.
- Push 'count' messages on every join/leave (zero poll cost on clients).
- Per-socket token bucket rate limit: 30 msgs/sec.
- 50ms presence dedupe per player (drops floods).
- Stale prune at 5s (matches client).
- Send live count baseline on connect handshake.
HUD (playground-online-chip.tsx):
- Consume server-pushed 'hermes-playground-count' CustomEvent.
- /stats fetch only as 3s fallback if no push arrives.
- Connection-state dot: green (live), yellow (local-only), red (offline).
- Tooltip shows peak + per-world breakdown.
- Pulsing animation when fully connected.
World-3d:
- Coalesced position poll to 200ms (matches presence cadence).
- Surface transport + serverCount on window for HUD chip.
Verified: pnpm build clean, worker deploy clean, WS handshake + count
push + byWorld breakdown all working against the live worker.
- Replace floating PNG portraits with portrait-chip nameplates above heads
(NPCs, player, bots, remote players). Voxel body becomes the character;
PNG identifies them at a glance without the chimera-y face hover.
- Add Cloudflare Workers + Durable Objects port of scripts/playground-ws.mjs
in playground-ws-worker/ — same wire protocol so client connects unchanged.
Includes /stats endpoint with online + byWorld + peakToday.
- Add PlaygroundOnlineChip HUD component that polls /stats and renders a
live 'N agents online' badge. Hidden when VITE_PLAYGROUND_STATS_URL unset.
- Drop unused Billboard / useTexture imports from world-3d.
Build: pnpm build clean. No new deps. Worker deps install separately.
Per Eric: more like a populated map (trees, buildings, grass) and
ROHAN-style HUD.
Scenery (playground-environment.tsx):
- Reusable primitive components: PineTree, BroadleafTree, GrassTuft,
Rock, StoneArch, MarketStall, Building (2-story shrine/villa),
Lantern (pulsing emissive + point light), Banner pole.
- ScatteredScenery component auto-fills each world based on worldId
+ a deterministic seed so layout is stable per render.
- Per-world scenery picks:
- Agora: 4 villas, 6 market stalls in a circle, 8 lanterns, 2 banners,
a stone arch, scattered grass + rocks.
- Forge: 2 dark tech buildings, 6 cyan lanterns, scattered cyan grass,
grey rocks.
- Grove: 35 pine trees + 12 broadleaves with luminous canopies,
8 green lanterns, dense scenery.
- Oracle: 2 stone arches as a temple gate, 8 violet lanterns, dim
purple-leaved trees on the far edge, ambient grass.
- Arena: 10 rose banners ringing the colosseum, 6 fire braziers
(lanterns), red-grass + rocks.
Action bar (playground-actionbar.tsx):
- ROHAN-style hotbar pinned bottom-center.
- 6 skills with hotkeys 1-6:
1 Strike (free, 0.8s cd) — basic attack on monster
2 Heal (12 MP, 6s) — restore 35 HP
3 Dash (8 MP, 4s) — burst speed
4 Bolt (18 MP, 5s) — ranged magic strike (high dmg, no counter)
5 Ward (14 MP, 8s) — 50% dmg reduction
6 Summon (25 MP, 30s) — companion
- Each slot: glow border in skill color, MP cost top-right, key bottom-
left, animated cooldown sweep with countdown, hover tooltip.
- HP/MP/SP pips on the left for quick glance (md+).
- 1-6 hotkeys captured globally (bypass when typing).
Minimap (playground-minimap.tsx):
- Top-right 150x150 radar.
- Player center pulse, NPCs as dots in their persona color, bots as
squares, portal as ring.
- Backed by world-coord -> minimap pixel mapping.
- "M for full" hint to open the M-key world map.
- Glowing border tinted to current world accent.
Hooks:
- damagePlayer now clamps to hpMax so negative dmg = heal works.
HUD repositioned:
- Inventory moved to top-right slot below minimap, narrower.
- Old world-map list hidden below xl breakpoint (we have minimap + M map).
- Old skills strip hidden below xl (we have action bar now).
Build clean. Bundle up to 146kb (was 119) due scenery + new components.
Multiplayer (real WS) is the next big rock; current bots stay convincing.
Big MMORPG sprint per Eric's batch ask.
Camera + controls:
- WASD = walk (now relative to camera yaw, so W is always 'forward' into
the scene)
- Arrow keys = orbit camera (left/right yaw, up/down pitch)
- Shift = sprint
- [ ] = zoom in/out
- E = talk to nearby NPC
- J = quest journal
- M = world map
- T = focus chat
- Esc = close anything / blur input
HP/MP/SP HUD:
- New Bar component with glow + gradient + ring
- HP red, MP blue, SP green, XP cyan
- Shown in upper-left card with monster slay counter
- Passive regen tick: +1 HP/MP, +2 SP every 2.5s
PvE monsters:
- New Monster component: floating dark octahedron with rotating outer
ring, persona-color glow, click-to-attack
- One monster per non-Agora world (positioned per world)
- Click attacks deal 10-17 dmg + take 1-5 dmg back
- Monster HP/HPMax floating bar with title and CTA
- On defeat: +40 XP, +1 to defeats counter, monster sinks below floor
- Resets on world change
Premium ground pass:
- Layered radial rings: pulse-emissive inner ring, dim outer ring, sky-
colored outer vignette ring fades into fog
- Brighter accent grid with darker contrast lines
- Reads like a magic temple floor instead of flat material
World Map (M key):
- Full-screen modal with cyan magical-portal styling
- 5 world nodes positioned on a 16:9 grid (Agora center, others around)
- Animated SVG paths between unlocked worlds (dashed if locked)
- Hover lore tooltip per world
- Click unlocked world = travel via the cinematic fade
- Locked worlds show 🔒 and stay disabled
Build clean. ~7 commits left in goal budget if Eric keeps cranking.
Eric: walking past NPCs auto-popping dialog felt cheap. Make it feel like
a real RPG conversation.
Interaction model:
- Walking near NPC reveals a glowing "PRESS E TO TALK" prompt above them
- E opens the dialog — only when player chooses to engage
- Esc closes
- Leaving radius hides the prompt and clears the trigger
Dialog tree (lib/npc-dialog.ts):
- 9 NPCs (Athena, Apollo, Iris, Nike, Pan, Chronos, Artemis, Eros, Hermes)
- Each has: opening line, 2-3 lore lines, branching choices
- Choices can hand items, complete quests, grant skill XP, end dialog
- Lore is Hermes-themed: explains Workspace, agents as citizens, model wars,
why "Hermes", how the worlds map to features (Forge=builder,
Grove=community, Oracle=research, Arena=benchmarks)
Dialog UI (PlaygroundDialog):
- ROHAN-style ornate frame with persona-color border + glow
- Avatar portrait with persona accent ring
- Speech body, then choice list
- "Active" amber badge on choice that progresses current quest
- "Tell me more" cycles lore lines
- "Farewell" closes
Wired to RPG state:
- usePlaygroundRpg now exposes completeQuestById, grantItems, grantSkillXp
- Dialog choices fire the right reward hooks
- Reward toast still fires on quest complete
HUD hint updated: "WASD walk · Shift sprint · E talk · J journal"
This makes Athena's first quest a real conversation: walk to her,
press E, choose [Quest] Accept Athena's Scroll, dialog grants the items
+ XP and completes the chapter.
Sprint D wrap.
- Portal teleport now triggers a 350ms radial dark fade overlay before
swapping the scene, then 350ms fade-out. Reads as a real cinematic
world change instead of an abrupt cut.
- Wrote handoff.md and qa-report.md for the goal at
memory/goals/2026-05-03-playground-mmorpg/
Goal status: complete pending Eric visual review on real Chrome.
Sprint B + Sprint C shipped. Hermes Playground now feels like a real
populated multiplayer world.
Quest Journal (Sprint B):
- New PlaygroundJournal modal opened with the J key (Esc closes)
- Grouped by chapter, shows all 4 chapters from Awakening to Arena Duel
- Each quest card: title, description, objectives, rewards
- Live state markers (active / complete / locked) with color borders
Fake multiplayer (Sprint C, hackathon-safe):
- New playground-bots.ts registry: 2-3 online bots per world with
generated community names (GrokKnight, NousPilgrim, KimiArtisan, etc),
persona avatars, colors, spawn points, scripted lines
- BotPlayer 3D component: same humanoid skeleton as player + NPC, walks
via waypoint follower with leg/arm swing, name plate in player color,
live chat bubble overhead
- Wired into Scene with botBubbles map for live chat overlays
Chat panel:
- New PlaygroundChat panel pinned top-center (collapsible)
- Online count derived from bots in current world
- Player can send messages; ambient bot chatter every 6-14s adds
realistic background life
- Bot messages also pop a 5s in-world speech bubble above the bot
- Self messages styled in green, bots in their persona color
This makes the world feel alive enough to demo as multiplayer in
screenshots/video without standing up a real WebSocket server tonight.
Real WS is still in goal.spec for v0.2.
Build clean.
Sprint B step 1.
NPC component now accepts {npcId, playerRef, onNear} props and senses
proximity each frame. When the player enters within 2.4 units, fires
onNear(id) once (debounced via lastNear ref). Leaving the radius re-arms
for the next encounter.
New NPC_DIALOG registry covers all 9 personas (Athena, Apollo, Iris,
Nike, Pan, Chronos, Artemis, Eros, Hermes) with 3 in-character lines
each and a persona color.
PlaygroundDialog component renders a centered dialog card pinned over
the 3D scene:
- avatar portrait with persona-color border
- name + title
- current line + line counter
- Next / Farewell button cycles or closes
- Close button
Wired into PlaygroundScreen state: walking near an NPC opens the dialog;
clicking Next walks through their lines; Farewell closes it.
Build clean. Multiplayer + journal next.
/goal Sprint A complete. Hermes Playground now has 5 visually distinct
3D worlds reachable via portal cycling.
New 3D decor systems:
- ForestDecor (Grove): 22 procedural trees with trunks + 2-tier canopies,
mossy center ring
- TempleDecor (Oracle): 14 floating octahedron crystals with sin-bob
animation, 12 low pillar perimeter, glowing center
- ArenaDecor (Benchmark Arena): 3 concentric tiers of 24/28/32 seats
forming a colosseum, 2 scoreboard pillars, central duel medallion
- ClassicalPillars (Agora) and TechPillars (Forge) preserved
- WorldDecor router picks the right scene per WorldDef.pillarType
Per-world NPC casts:
- Agora: Athena, Apollo, Iris, Nike
- Forge: Pan, Chronos
- Grove: Pan (Druid), Apollo (Songkeeper), Artemis (Tracker)
- Oracle: Athena (Oracle), Chronos (Archivist), Eros (Whisperer)
- Arena: Nike (Champion), Hermes (Referee), Chronos (Bookmaker)
Per-world quest zones now wired to chapters:
- Agora -> awakening-agora
- Forge -> enter-forge
- Grove -> grove-ritual (NEW Chapter II)
- Oracle -> oracle-riddle (NEW Chapter III)
- Arena -> arena-duel (NEW Chapter IV)
New items: grove-leaf, song-fragment, oracle-riddle, arena-medal.
Portal logic upgraded: cycles through unlocked worlds in order, auto-
unlocks Forge when only Agora is unlocked, auto-completes enter-* quests
on entry.
Build clean.
Eric: NPCs were fading into dark ground, no consistency with the bright
player avatar. Make every character read with the same anatomy, then
distinguish them by hue tied to their persona.
Changes:
- NPCs now use the full player skeleton (legs, feet, torso, belt, arms,
hands, neck, head) with pose-only differences vs the walking player
- Per-persona body color via NPC_COLORS map:
Athena = purple, Apollo = amber, Iris = cyan, Nike = rose,
Pan = emerald, Chronos = yellow
- Head + neck + hands now share a consistent gold tone across all chars
- Portrait billboards moved above the head, scaled up 0.55 -> 0.7,
matching player
- Name labels gain a colored border tied to the character's persona color
- Player and NPCs now read as a coherent character family with the
player as the only one that walk-cycles
Avatars were just floating capsules with billboard portraits, looked
ghostly. Build proper humanoid figures from primitives.
Player:
- 2 legs (boxes) that swing forward/back via sin oscillator while moving
- 2 feet (flat boxes) that lift and step in opposite phase
- torso, gold belt accent
- 2 arms swinging opposite to legs
- 2 spherical hands that move with arms
- neck + spherical head as base
- avatar PNG billboard floats on head
- name label HTML
NPCs:
- same skeleton (legs, feet, torso, head)
- standing pose, no walk swing (idle)
- darker robe color, gold head base
- portrait billboard + name label
Avatars now look like real characters walking on the ground instead of
floating ghosts. Iso camera + walk bob + leg swing reads as RuneScape
Sims-style locomotion.
Root cause of black 3D scene was drei's <Text> component using Web
Workers to load fonts, which fails to rehydrate in our Vite dev setup
("worker module init function failed to rehydrate"). When Text crashed,
the entire Suspense boundary stayed suspended and rendered nothing,
leaving the Canvas mounted but blank.
Replace all in-world <Text> labels with <Html> overlays (HTML divs
projected into 3D space via drei's Html helper). No workers, no font
loading, immediate render.
Also dropped <Stars> for the same worker-init reason.
Verified end-to-end via headless playwright: 3D scene now renders
ground, pillars, NPCs (Athena, Apollo, Iris, Nike), portal, quest
zone, and walking player capsule with iso follow camera.
3D Canvas was mounting but rendering nothing visible because parent
chain collapsed to 0 effective height in some layouts. Pin the
Playground 3D container to 100vh (min 640px) so the Canvas always
gets real dimensions to draw into.
Also gives the Canvas explicit width/height: 100% via inline style and
sets gl: { antialias, alpha:false, powerPreference:default } so the
WebGL bind path is consistent.
Ecctrl + Rapier physics caused R3F to throw on some browsers, dumping
users to the GPU-safe Lite fallback even though their WebGL worked.
Replace with a tiny home-grown controller:
- WASD/arrow keys move at 5 u/s, shift sprints at 9 u/s
- iso follow camera (offset 9,11,9, lerps to player)
- subtle bob animation while moving
- yaw points toward movement direction
- soft shadow plate under feet
- billboard avatar head (Hermes PNG)
- distance-based portal + quest zone triggers (no physics needed)
Scene now mounts without any physics dependency, so initial WebGL bind
is the only failure surface. Build clean.
Eric reported clicking Launch landed on the fallback shell instead of the
3D world. Pre-gating on a synthetic WebGL detect was too eager and
returned false in browsers that can render Three. Remove the early gate,
mount the 3D Canvas immediately, and rely on the error boundary to swap
in the GPU-safe Lite world only if R3F actually throws.
Eric: yes ship Fortnite Creative for Hermes agents. v0 is single-player
3D, v1 will add multiplayer + chat.
Adds @react-three/rapier and ecctrl deps and a new
PlaygroundWorld3D component that mounts:
- iso camera locked to player
- ecctrl character controller (WASD walk, Space jump, physics)
- ground + grid + classical or tech pillars per world
- center medallion accent ring
- 4 NPC billboards in Agora (Athena, Apollo, Iris, Nike)
- 2 NPC billboards in Forge (Pan, Chronos)
- glowing rotating portal that sensor-triggers world swap
- floating quest zone that sensor-triggers quest completion
- fog, stars, ambient + accent point light per world
Wires into Playground screen:
- Launch now opens 3D world
- GPU-safe Lite world remains as fallback if WebGL is unavailable
- HUD overlay (XP, inventory, skills, world map) renders on top of 3D
Walking into the portal teleports between Agora and Forge and
auto-unlocks the next world if needed. Walking into the quest zone
completes the active quest and grants reward toast + items.
This establishes the real 3D base. Next push: WebSocket multiplayer
so other players appear in the same world with chat bubbles.
The repo gitignores any path segment named data/, so playground-rpg.ts was
not included in the previous commit. Move it to lib/ and update imports.
Build passes.
Launch button still blanked on Eric's browser because even opt-in R3F/Canvas
can kill the route when Three/WebGL binding fails. For same-day hackathon
reliability, make Launch open a DOM/CSS GPU-safe Playground world instead.
The launched world now includes:
- Agora/Forge themed scene using normal DOM/CSS
- Hermes player avatar + Athena agent companion
- Athena speech bubble
- mission checklist
- prompt box to generate The Forge
- clickable portal to switch worlds and complete mission
This keeps the hackathon demo screenshot/video path reliable while true
WebGL/R3F remains available in code for later reintroduction behind a
separate experimental toggle.
Eric reported /playground still blank while Agora works. Make the route
impossible to blank by not mounting R3F/Canvas automatically.
Now /playground opens as a stable hackathon launch shell:
- Playground positioning and feature cards render via normal DOM
- 'Launch 3D World' opt-in mounts WebGL only after click
- If WebGL detection fails, fallback stays visible
- Agora Lite remains one-click fallback
This protects the submission/demo path on browsers where WebGL/GPU
acceleration is flaky.
Playground was blank on browsers where Three/WebGLRenderer could not
create a WebGL context. R3F Canvas throws before normal route UI can
recover, so we now detect WebGL support before mounting Canvas at all
and provide a polished Playground Lite fallback.
This keeps the hackathon route alive:
- shows Hermes Playground positioning
- shows humans + agents in a fallback scene
- links users to Agora Lite
- avoids blank page if GPU/WebGL acceleration is unavailable
Validated with Playwright headless where WebGL fails: route now renders
fallback instead of crashing.
Nous x Kimi hackathon pivot: Hermes Playground, the first open-world
AI agent RPG inside Hermes Workspace.
Adds:
- /playground route (SSR disabled)
- R3F/Three/Drei deps for 3D rendering
- 3D Greek Agora world with marble pillars, medallion, sky, fog, lights
- Generated Cyberpunk Forge world with neon terminals and portal loop
- WASD/arrow movement + shift sprint
- Third-person follow camera
- Hermes player avatar billboard + simple 3D body
- Athena agent companion that follows the player
- In-world Athena speech bubble
- Mission checklist overlay
- Prompt box: ask Athena, including generated-world path
- Portal click swaps Agora <-> Forge and completes mission
- Sidebar/mobile nav entries for Playground
This is intentionally demo-first: local single-player 3D playground,
AI-agent RPG framing, and a visible generated-world loop. Multiplayer,
voice, real agent backend, quests, and hosting are next.
The first AI agent community. v0.0 is a local mock lobby that proves
the product feel without any backend.
Adds:
- /agora route with new AgoraScreen
- AgoraWorld: themed top-down canvas with center medallion + corner
pillars, click-to-walk, depth sort by Y, hint footer
- AgoraAvatar: portrait-in-circle with status dot, self ring,
speaking ring, name label, facing tilt, walk bob animation
- AgoraChatPanel: scrollback + composer (room chat)
- AgoraOnlinePanel: list of online users with status dots,
proximity 'near' tag, click to open profile
- AgoraProfileDrawer: view/edit self profile with avatar grid
picker (all 18 Greek + emoji avatars), bio, status; wave CTA
for other users
- useAgoraProfile: localStorage-persisted profile with funny default
name (Builder Owl4321) and Hermes default avatar
- useAgoraRoom: WASD/arrows movement, click-to-walk, ambient drift
for fake users, periodic fake chatter, proximity calc, message
bubble TTL (7s)
- 5 mock fake users: Athena, Apollo, Iris, Pan, Nike with bios
Wires Agora into navigation:
- chat-sidebar.tsx: between Chat and Files (Building01Icon)
- mobile-tab-bar.tsx: between Chat and Files
- mobile-hamburger-menu.tsx: after Dashboard
Spec: memory/goals/2026-05-03-community-office-multiplayer/goal.spec.md
v0.1 swap: useAgoraRoom + mock lib will be replaced by real WS sync.
The components, types, and protocol design are renderer/transport
agnostic so v0.1-v0.6 can iterate without rewriting the surface.
Per Eric: theme picker showed 'Claude Nous', 'Claude Official', 'Claude Classic'
which was odd branding for Hermes Workspace. Themes are referenced by id
('claude-nous' etc) for backward storage compat, but the user-facing label
now reads cleanly:
- Claude Nous -> Nous
- Claude Nous Light -> Nous Light
- Claude Official -> Hermes (was the flagship navy/indigo)
- Claude Official L -> Hermes Light
- Claude Classic -> Bronze (bronze accents description)
- Classic Light -> Bronze Light
- Slate -> Slate (no change)
- Slate Light -> Slate Light (no change)
Storage keys + ThemeId union unchanged; no migration needed.
Per Eric review: gap between 'Hermes Workspace' title and action buttons
felt disconnected on mobile. Drop gap-3 -> gap-1.5 below md.
Desktop md+ keeps gap-3 since action cluster shifts to right side.
Per Eric: quick menu icons too big and not centered, lockup not centered.
Mobile changes (<sm/<md):
- Center the lockup row (logo + 'Hermes Workspace') on mobile
- Center the action cluster (was justify-end) on mobile
- SecondaryAction: hide text label <sm, smaller px/py/text on mobile
Now: NEW CHAT (icon+text) | terminal-icon | skills-icon | edit-icon
All compact, fits one row even on narrow screens
- Primary New Chat button: smaller padding + text on mobile
Desktop md+ unchanged: full text labels, larger padding, lockup left.
Per Eric: revert mobile top-bar centering (broke logo lockup), but
hide the Settings gear on mobile since users don't need it on the
dashboard surface there. Edit toggle + theme stay.
Settings remains visible md+ where the action cluster has room.
Per Eric: settings wheel was wrapping into a 2nd row of action buttons
on mobile, and the brand lockup felt off-center.
Mobile changes:
- Mobile top bar layout: hamburger | centered 'Hermes Workspace' | theme + settings
(was: hamburger | flex-1 | theme — title was missing from the bar entirely)
- Settings gear lives in the top bar now, so the action cluster below
doesn't have to fit on a 2nd wrapped row
- Header lockup row hidden on <md (was showing the full desktop layout
even on mobile, causing the wrap)
- Tightened icon sizes 11x11 -> 10x10 + gap-0.5 for cleaner triple-icon cluster
- Bg blur on top bar so content scrolls under cleanly
Desktop unchanged: lockup left + action cluster right per existing hierarchy.
Per Eric: ditch lobster, add wolf instead.
- New WolfSVG component matching the same animation API as Fox/Owl/etc
- Gray palette (gray-200/400/500), yellow eyes with vertical pupils
- Sharp triangular ears, longer muzzle, faint snarl on orchestrating state
- Speech dots on responding, dotted ring on thinking
- AvatarStyle union: 'lobster' -> 'wolf'
- Picker tile: '🐺 Wolf' replaces '🦞 Lobster'
- Renderer map: wolf -> WolfSVG
LobsterSVG component left in code (unused) so no behaviour delta if
storage has stale 'lobster' key (will fall back to default 'hermes').
Demo agents (Roger/Sally/Bill) were appearing as if they were real
spawned workers because we wired a fallback during Phase 1 visual
port. Per Eric: 'I noticed there's a few agents running but we didn't
spawn'.
Now:
- Empty results -> empty panel (no fake agents)
- Gateway error -> empty panel + error state, not fake agents
- Only real /api/sessions data populates Active/Queue/History sections
createDemoActiveAgents / createDemoQueue / createDemoHistory functions
remain in code for future test fixtures, just not invoked.
Per Eric: bottom subagent sections still had the old border-primary-300/70
outline ring + heavier bg/35. Top header was already cleaned but the rest
of the panel didn't match.
- Drop border on Agents/Queue/History sections (3 spots), bg /35 -> /15
- Section header pills (Agents/Queue/History): drop border + shadow,
use uppercase tracking-wider primary-500 for hierarchy without lines
- Drop border on individual agent card containers, swap gradient bg
for flat /15 to match parent section
Result: panel reads as one continuous dark surface from header to
bottom, no nested ring-on-ring outlines. Hierarchy comes from
typography + bg shading not strokes.
Port from controlsuite:
- src/server/provider-usage.ts (1026 LOC) — Claude OAuth, Codex JWT
decode, OpenAI billing, OpenRouter, Anthropic API key probes
- src/routes/api/provider-usage.ts — JSON endpoint
- src/components/usage-meter/* (5 files) — full meter, compact meter,
details modal, context alert, index re-exports
AgentViewPanel.OrchestratorCard already had the poller wired to
/api/provider-usage from the prior agent-view port; route was just
missing. Now live:
- Codex: Plus plan, session/weekly windows, JWT-decoded plan tier
- Claude: OAuth credentials read from ~/.claude or keychain, refresh
on demand, session+weekly+sonnet bars
- OpenAI: billing endpoint via API key
- OpenRouter, Anthropic API key paths included
Verified at /api/provider-usage returns real percentages.
Was: instant render with no entrance animation (initial={false})
Now: panel slides in from right edge with opacity fade, custom cubic
bezier eases (0.32, 0.72, 0.24, 1) for a natural deceleration that
feels native and enterprise rather than CSS-default.
Open: 320ms slide, 220ms opacity fade-in
Close: same easing, panel slides off-canvas right
Per Eric: panel had visible outline border + chatty '1 active · 0 queued · $0.000' line that felt noisy and unenterprise.
- Drop the left border on the outer aside, switch bg to --theme-sidebar
for cohesion with the rest of the dark surface
- Drop the bottom border on the header row
- Drop the inline stats line entirely (info available per-card)
- Soften the Agents section bg from /35 to /15, drop its border ring
Result: panel reads as a continuous dark surface flush with the chrome,
not a bordered floating widget.
Previously chat-screen.tsx had a no-op stub for setLocalActivity, so
the OrchestratorAvatar in the agent view never actually changed state
during user sends, thinking, tool calls, or responses.
Hook the actual zustand store so:
- send -> 'reading'
- waiting for first token -> 'thinking'
- streaming -> 'responding'
- tool call running -> 'tool-use'
- done -> 'idle'
Now the avatar's animation states (breathing, dotted ring, bob, glow)
react to live chat activity instead of staying frozen on idle.
Per Eric: avatar felt small relative to panel width and whitespace.
Now occupies ~30% panel width which gives the character actual presence
in the top-of-rail slot.
- Add 'hermes' to AvatarStyle union with PNG renderer (HermesPNG)
- HermesPNG: <img src='/avatars/hermes.png'> with state animations
(breathing scale loop on idle/responding, dotted ring on thinking)
- Avatar renders circular via objectFit cover + border-radius 50%
- Default first-run avatar = hermes (was owl, was lobster originally)
- New PNG asset at public/avatars/hermes.png (1.6MB anime portrait)
- Picker modal now shows Hermes as first tile
Phase 1.5 of agent-view port. 8 more Greek god PNGs to land same way.
Per Eric: ditch lobster, default to owl. Lobster stays available in picker,
just no longer the first-run choice. Cleared user must clear localStorage
key 'hermes-workspace-orchestrator-avatar' to see new default if they had
old default cached.
Hermes Workspace session status vocabulary (idle/active/etc) doesn't yet
map onto ControlSuite's running/queued/completed brackets, so live mode
was returning empty arrays and hiding the panel content.
Phase 1: fall through to demo data when classifier produces 0 agents,
so we can see the full UI visually before Phase 2 status mapping work.
Eric's call after living with iter 013 for a few minutes: removed
the Operator Tip and the dashboard reads cleaner without it.
Sessions Intelligence's `flex-1` stretch already absorbs the
bottom-of-column space, so an extra card was redundant.
- DEFAULT_HIDDEN now includes `operator_tip`.
- STORAGE_VERSION 3 \u2192 4 so the existing migration path applies the
new default to returning users while preserving any explicit hides
they had.
- Tip card is still registered in the catalog and reachable from the
edit-mode picker for users who want a contextual nudge.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
Eric reported the chat sidebar 'looks transparent.' Root cause: in
`claude-official` the sidebar (#0d1220) and main bg (#0a0e1a) were
nearly identical lightness, so the divide between them faded out
entirely.
Bumped `--theme-sidebar` to #060914 \u2014 deeper than the bg \u2014 so the
sidebar column reads as its own clearly-defined surface without
needing extra borders or backdrop blur.
Only the active theme is touched here; other themes already have
sufficient contrast between sidebar and bg.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
Iter 013 per Eric:
> put tip above session intelligence and make that longer to fill
> the gap at bottom
- Reordered main column: OperatorTip (compact) \u2192 Sessions Intelligence
(the bottom anchor that grows to fill).
- SessionsIntelligenceCard root is now `h-full flex-1` and its row
list is `flex-1 overflow-hidden` so the card consumes the
remaining vertical space in the column.
- Bumped row cap from 8 \u2192 14. The card now has the room.
- Main column wrapper is `min-h-full flex flex-col` and the sessions
WidgetShell is wrapped in a `min-h-0 flex-1 flex flex-col` so the
flex-1 actually expands rather than collapsing to content.
- WidgetShell edit-mode wrapper uses `h-full` so widgets that opted
into flex-1/h-full still expand correctly when in edit mode.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
- tsc clean for dashboard files
Iter 012 per Eric's iter-011 ask:
> small gap at the bottom by sessions intelligence \u00b7 what should we
> put there standard? tip of the day? or something?
New OperatorTipCard component: a smart 'tip of the moment' card that
sits below Sessions Intelligence in the main column.
Why contextual rather than static:
- A static rotating tip would feel like marketing filler.
- A scoring function per tip lets the dashboard surface the *most
relevant* tip given current state (low cache hit rate, stale
cron, config drift, restart pending, recent achievement, sudden
drop in sessions, top-model concentration risk, etc.).
- 11 tips total; context-specific ones score 40-80, evergreens
3-5 so they only surface when nothing better is relevant.
- Refresh icon cycles to the next-best tip; persists last-shown
index in localStorage so refreshes don't always snap to the top.
- Optional CTA per tip routes to the most relevant page (jobs /
settings / analytics / skills / etc).
Visual: matches the rail card chrome (rounded-xl, gradient bg,
top accent strip, soft glow), with a 36x36 lightbulb chip on the
left and a tip body + tone-colored 'Tip · X/N' eyebrow on the
right. Tone color tracks the relevance category (warn / info /
positive).
Catalog: registered as 'operator_tip', column 'main', visible by
default. Lives at the bottom of the left column under Sessions
Intelligence so it visually balances the side rail extending past.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
- tsc clean for dashboard files
Iter 011 polish per Eric:
> remove operator console v.12 \u00b7 lower workspace a bit cause the
> gateway version is under
Gateway version was already shipping in the OpsStrip ('\u2666 GATEWAY
V0.12.0'). The header eyebrow was duplicating it within ~30px on the
same screen, which read as visual clutter.
- Removed the 'Operator console \u00b7 v\u003cversion\u003e' subtitle entirely.
- Title row is now a single bold 'Hermes Workspace' lockup with
vertical-centered alignment so it sits visually centered against
the action cluster on the right (instead of biased to the top of
the row from the dropped subtitle).
- Logo + glow ring stay; nothing else moves.
Tests/build:
- 12/12 aggregator tests
- pnpm build clean
Iteration 010 per Eric's iteration-009 ask:
> kept cache its clean fits fine \u00b7 should we remove dashboard text and
> just make hermes workspace larger? there's missing space in middle
> \u00b7 maybe center hermes workspace? \u00b7 add any additional widgets in
> the menu
== Header rebrand ==
- Dropped the redundant 'Dashboard' eyebrow (the page IS the dashboard).
- Promoted 'Hermes Workspace' to the primary heading at text-2xl,
bold, tight-tracked. Now commands the left.
- Eyebrow becomes 'Operator console \u00b7 v\u003cgateway-version\u003e' wired
off `overview.status.version` so the build/version tag is live.
- Logo: bumped 36px \u2192 44px, wrapped in an accent-tinted square with
a soft outer glow ring. Reads as a real product mark, not a tiny
avatar.
- Kept anchored left rather than centering. Ops dashboards (Linear,
Vercel, Datadog) all anchor brand left + actions right because
that's the spatial hierarchy operators expect; centering wastes
the most premium real estate. Put the explanation in the section
comment so future changes know why.
== New menu-only widgets ==
VelocityCard (`velocity`):
- Big number: sessions/day average over the analytics window.
- Delta vs the prior half of the window with tone scaling
(green for positive, warning for >25% drop).
- Sub-stat: API calls/day.
- Tiny daily sparkline (bars).
CostLedgerCard (`cost_ledger`):
- Per-model cost table that splits paid providers from
subscription/included rows so the dollar figure is honest.
- Paid rows sorted by descending cost, included rows by descending
tokens.
- Header chip shows total billed across paid rows only.
- Subscription pattern set covers codex / anthropic-oauth / minimax /
ollama / lmstudio / pc1-* / pc2-* / gemma / llama / qwen.
Both default-hidden so the stock dashboard stays clean; they live
in the edit-mode menu. Fed off existing analytics payload so no
backend changes required.
== Storage migration v2 \u2192 v3 ==
DEFAULT_HIDDEN expanded to: logs_tail, provider_mix, velocity,
cost_ledger.
`readLayout` now does a real schema migration: when a stored
layout's version field is older than STORAGE_VERSION, union the
user's explicit hides with the new defaults so existing installs
don't suddenly sprout widgets they never asked for. Provider Mix
stays hidden post-upgrade, matching Eric's call to keep just Cache.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- tsc clean for dashboard files
- v2 \u2192 v3 migration verified: existing `{hidden:['logs_tail']}`
becomes `{hidden:['logs_tail','provider_mix','velocity','cost_ledger']}`
Iteration 009 per Eric's iteration-008 ask:
> theres just a space from top models to achievements maybe we can
> put another widget there or something? can we add any more graphs
> or charts on the dashboard?
== New widgets, both wired into the right-side stack of the top
analytics row ==
Provider Mix card (`ProviderMixCard`):
- Collapses `analytics.topModels[]` by provider family with a heuristic
(claude-* \u2192 anthropic, gpt-/o1/codex \u2192 openai, gemma/llama/qwen \u2192
local, gemini \u2192 google, grok \u2192 xai, minimax, etc.).
- Renders a CSS conic-gradient donut with the dominant family % +
label inside the hole, plus an inline legend table for the top 4
families and a '+N more' affordance when there are more.
- Family colors cycle through accent / accent-secondary / success /
warning / danger / purple / cyan / yellow so siblings are visually
distinct without us shipping a real palette.
Cache Efficiency card (`CacheEfficiencyCard`):
- Big % stat: cache_read / (cache_read + input).
- Sub-stat: total cache tokens / total input tokens, plus the ratio
multiplier (cache_read / input).
- Daily hit-rate sparkline (bars, not line) so a zero day pops.
- Pure derive from the existing analytics payload.
== Layout ==
The analytics chart row used to be: [chart 8 cols] [Top Models 4 cols].
The right side hosted a single short card next to a tall chart, which
left the dead vertical Eric flagged.
Now the right column is a flex stack of:
1. Top Models
2. Provider Mix
3. Cache Efficiency
This fills the chart-height, gives operators 3x the data density at
the top of the dashboard, and stops the gap between the top row and
the rail below it.
All three cards register in `useDashboardLayout` so they're toggleable
via edit mode just like everything else.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- tsc clean for dashboard files
Iteration 008 per Eric's iteration-007 feedback.
== Premium header icons ==
Replaced emoji glyphs in the action row with Hugeicons stroke
icons + better button chrome:
- New Chat: BubbleChatAddIcon on a real accent gradient button
(was translucent tinted background) with inset highlight, soft
drop shadow, and an animated overlay sheen on hover.
- Terminal: ConsoleIcon
- Skills: PuzzleIcon
- Edit: Edit02Icon \u2192 CheckmarkCircle02Icon when active
- Settings: Settings02Icon
SecondaryAction component now takes a Hugeicons icon (not an emoji
string), uses a subtle card gradient background, accent-colored
icon on hover, and matching uppercase tracking for visual unity
with the primary New Chat button.
Edit + Settings icon-only buttons get the same treatment so the
whole right-hand cluster reads as one premium control group.
== Side rail height/balance ==
- Achievements: query bumped to `achievements=5` (was 3) and the
card renders every unlock the aggregator returns. Switched from
compact \u2192 full-detail rows so the card has body. Together this
fills the gap between Top Models and the rest of the rail.
- Side rail container: `min-h-full` so the column stretches to
Sessions Intelligence height instead of collapsing to content.
- Mix & rhythm card: `flex-1 h-full` + `justify-between` so it
consumes the remaining vertical space at the bottom of the rail
and aligns flush with Sessions Intelligence's lower edge.
== Attention bar separated ==
Eric: 'is it cluttered or should be higher or lower / separate?'
- Lifted the AttentionMarquee out of OpsStrip into its own
dedicated row above the gateway strip. Now a self-contained
warning-tinted chamber with its own border + gradient. Clearly
reads as 'things to look at' separate from 'gateway is up'.
- OpsStrip reverted to its single-row layout (no more nested
vertical stack).
- When there are no incidents, the row simply doesn't render \u2014
no empty frame.
Build/tests:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- tsc clean for src/screens/dashboard/* and src/server/dashboard*
Iteration 007 per Eric's iteration-006 feedback:
== Attention marquee ==
- New `AttentionMarquee` component renders the existing
`incidents[]` payload as a right-to-left ticker. Lives inside
`OpsStrip` as a dedicated full-width row that only appears when
there is something to surface.
- Animates via CSS keyframes (`@keyframes oc-attention-marquee`,
32s linear infinite). Pauses on hover so the operator can read a
long item. Respects `prefers-reduced-motion` and disables the
animation in that case.
- Track is duplicated once for the seamless wrap-around. Soft fade
mask on the right edge for the 'ticker continues' affordance.
- Each item routes to the most context-appropriate page (cron \u2192
/jobs, config \u2192 /settings, log/gateway \u2192 /jobs as fallback) or
to the incident's own `href` when set.
- Glyph + severity color picked from existing `source` and
`severity` enums on `DashboardIncident` so the marquee stays
fully data-driven.
== Side rail rebalance ==
- AttentionCard removed from the side rail (its data is now in the
marquee). Import dropped.
- AchievementsCard moved to the *top* of the side rail. The right-of-
chart visual position effectively places it 'under Top Models'
which is what Eric asked for.
- New rail order:
1. Achievements
2. Skills usage
3. Mix & rhythm
- Mix & rhythm stays \u2014 it's the only chart left in this column and
the unique non-deep-route insight (token shape + 24h heatmap).
== Layout v2 ==
- WidgetId catalog drops `attention` (not a widget anymore).
- New `logs_tail` default state is HIDDEN. Eric's read: it's a
triage tool, not a dashboard staple. Power users can re-add via
the edit-mode panel.
- `useDashboardLayout` now writes a `version: 2` field to its
storage payload and seeds first-load state from `DEFAULT_HIDDEN`
when no localStorage entry exists, so the new defaults apply
cleanly to fresh installs without nuking returning users' explicit
hides.
- Reset button now returns to the iteration defaults rather than
show-everything, so first-time Reset doesn't surprise users with
Logs they never wanted.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- All edit-mode toggling round-trips cleanly with the v2 schema.
Iteration 006. Two product asks from Eric's iteration-005 feedback.
== Edit mode ==
New `useDashboardLayout` hook owns:
- which widgets are hidden (persisted to localStorage key
`dashboard.layout.v1`)
- whether the dashboard is in edit mode (session state)
Catalog of 8 toggleable widgets with column metadata (main vs rail):
analytics_chart, top_models, sessions_intelligence, logs_tail,
attention, skills_usage, achievements, mix_rhythm.
UI:
- New `WidgetShell` wrapper: zero-overhead passthrough when edit mode
is off; in edit mode adds a dashed accent outline + an X close
button in the top-right corner of the widget. Click X to hide.
- New `EditModePanel` banner: only renders when edit mode is active.
Shows widget toggle pills grouped by column (Main / Side rail) so
the operator can re-add hidden widgets. Includes Reset (show all)
and Done buttons. Visible-count chip shows '5 of 8 widgets shown'.
- New header pencil icon (\u270f\ufe0f) toggles edit mode; flips to checkmark
(\u2713) when active, with accent border to make state obvious.
Layout adaptiveness:
- Top row: Analytics chart and Top Models share a 12-col grid. If
one is hidden, the other expands to fill (col-span-12) so we don't
end up with a half-empty row.
- All sections check `layout.isVisible(id)` before rendering so
hidden widgets cost zero DOM nodes.
== Side rail visual cohesion ==
Image review of iteration-005 flagged the rail cards as having
ragged heights and inconsistent action-link styling. Fixes:
- AchievementsCard: replaced the legacy `rounded-md bg-card/40`
chrome with the same `rounded-xl border` + top gradient accent +
diagonal card gradient that AttentionCard / TokenMixHourCard /
SkillsUsageCard already use. The 'View all \u2192' button no longer
sits as a separate full-width row; merged into the title-row
microcopy ('48 unlocked \u00b7 view all \u2192') so the rail breathes.
- SkillsUsageCard: matches the same diagonal gradient background
(was flat var(--theme-card)). Title color promoted from muted to
text. 'manage \u2192' microcopy gets the accent color on hover so all
rail action affordances behave the same.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- localStorage key namespaced `dashboard.layout.v1` so future schema
changes can bump cleanly.
Iteration 005 per Eric's feedback after the iteration-004 screenshots.
Hero KPI row:
- Drop the Cost tile entirely. Even with the 'partial / included'
trust label it kept reading as misleading on a workload that's
almost entirely Codex/OAuth.
- New ActiveModelKpi tile in the 4th slot. Shows active model name +
Online/Offline pulse + share-of-calls chip + provider/sessions
microcopy + ctx length. Same gradient form factor as the other
three tiles so the row stays balanced.
- HeroMetrics now takes an optional extraTile slot so the dashboard
can compose the row without coupling the metrics widget to model
data.
Side rail (final order, top to bottom):
1. Attention
2. Skills usage
3. Achievements
4. Mix & rhythm (new)
- Drop the rail-side Active Model card (its data is now in the hero).
- Move Skills + Achievements up so the rail leads with the cards Eric
finds most useful.
- New TokenMixHourCard fuses the previously separate Token Mix and
Hour of Day cards into a single 'rhythm' card sharing chrome,
header, and typography rules. Halves still independent so a fresh
install with no analytics or sessions still hides cleanly.
Hero KPI row CSS bumped to grid-cols-1 sm:2 lg:4 so the new tile
stacks rather than overflowing on narrow viewports.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- /api/dashboard/overview shape unchanged \u2014 this is UI-only.
Iteration 004. UI-only polish + new charts based on the Hermes Agent
data audit. No new backend endpoints required.
Aggregator:
- Cost honesty: new `analytics.costLabel` with values `precise` /
`partial` / `included` / `unknown`. Computed from per-model
session counts split between priced providers and known
subscription-included ones (codex / anthropic-oauth / minimax /
ollama / lmstudio / pc1-* / pc2-*). Stops the dashboard from
showing '$0.052 for 247M tokens' as if that were precise.
- Insights tightened:
- Capped at 3 (was 4).
- Drops 'no active runs' line when activity peaked today (was
contradicting the peak callout in the same card).
- Skill names in callouts now strip the `namespace:` prefix.
- Model ids in callouts use the trailing slash segment instead of
raw provider/model strings.
- New presentational helpers `shortSkillName` / `shortModelName`
inside the aggregator so insight text is render-ready.
UI:
- HeroMetrics cost tile: reads `costLabel` and renders 'Included' /
'partial \u00b7 some included' / dollar figure / em-dash accordingly.
Hides delta + sparkline for non-precise variants.
- New `SkillsUsageCard`: replaces the lonely '60' tile. Top-5 used
skills as a horizontal bar chart with name (last segment), use
count, and percentage. Fades to '\u003cN\u003e installed' fallback when
no usage in the window.
- New `TokenMixCard`: stacked horizontal bar of input / output /
cache / reasoning split with hover tooltips and an out/in ratio
chip.
- New `HourOfDayCard`: 24-bucket activity strip computed
client-side from session `startedAt`. Highlights the peak hour
and labels the timeline at 12a / 6a / 12p / 6p.
- OpsStrip: appended `pulse Xm ago` microcopy from the new
`status.lastHeartbeatAt` field.
- SessionsIntelligenceCard:
- Better kind icon resolution. New `sessionGlyph` helper checks
`kind`, `source`, and the `cron_<jobId>_*` key heuristic so
cron sessions actually show a clock instead of a chat bubble.
- Adds api_server / signal / imessage / matrix / local mappings.
- New `formatSkillName` helper in lib/formatters.ts (strips colon
and slash namespaces).
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12)
- pnpm build (passes)
- Live: costLabel='partial' for our usage (codex + opus mix), insights
count = 3 (was 4), gpt-5.4 in callouts instead of openai/gpt-5.4.
Iteration 003. Drop the legacy 14d Activity chart; reclaim the space
with a sessions intelligence card. Adopts every Hermes Agent answer
on the source-of-truth fields.
Aggregator:
- /api/dashboard/overview now also probes /health/detailed via the new
gatewayFetch helper. status.activeAgents reads canonical
active_agents from the gateway runtime; status.activeSessions
preserves the /api/status heuristic for separate display.
- status.lastHeartbeatAt added (alias of gateway_updated_at).
- cron now exposes failed count + recentFailures[] (id, name,
last_error, last_run_at).
- skillsUsage section parses analytics 'skills' object: totalLoads,
totalEdits, totalActions, distinctSkills, topSkills[] with
percentage. (Hermes Agent confirmed schema.)
- New top-level insights[] computed server-side: peak day driver,
cache delta vs prior period, ops pulse (failed/stale crons +
no-active-runs + restart-pending), top-skill heat. UI no longer
recomputes.
- New top-level incidents[] aggregates cron failures + stale cron +
paused cron + platform errors + config drift + restart-pending +
log-tail errors into one triage list with hrefs.
UI:
- Drop ActivityChart and the legacy Recent Sessions list.
- New SessionsIntelligenceCard:
- Real human title from derivedTitle (falls back to short slug).
- Kind/source icon (chat / cron / cli / telegram / discord / api).
- Badges: hot (active <5m), tool-heavy (>=20 tools), high-token
(>=50k), error, stale (>7d).
- Hot row gets accent border so the operator sees what's running.
- Hierarchy: model chip · msgs · tools · tokens · recency.
- Click row -> /chat/<sessionKey>.
- AttentionCard now consumes overview.incidents directly. Source icon
per item. Click items navigate to /jobs / /settings.
- Skills tile: real 'top: <skill>' from skillsUsage.topSkills[0]; row
reads '<enabled> enabled · <distinct> used · top: <skill>'.
- AnalyticsChartCard switches to overview.insights so the UI is dumb.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (12/12,
+3 new: failed-cron incidents, /health/detailed active_agents,
skills usage parsing)
- pnpm build (passes)
- Live: 31 distinct skills used in 30d, top
'autonomous-ai-agents:hermes-agent' (12 uses), 3 incidents surfaced
(stale cron, paused cron, 6 config diffs).
Iteration 002 - addresses the Hermes Agent product review.
New widgets:
- AttentionCard: prioritized 'what to look at right now' list. Pulls
stale cron, log errors/warns, config drift, restart-pending, and
platform error states from the existing overview payload. Shows an
explicit 'all clear' state when nothing needs eyes. Replaces the
scattered warning chips and gives the operator a single command line.
- AnalyticsChartCard: daily trend chart + 2-3 client-side insight
callouts ('Usage peaked Apr 17, driven by GPT-5.4', 'Cache reads up
X% vs prior period', 'no active runs · restart pending'). Period
switch (7d / 14d / 30d) at top-right; selection persists to
localStorage and feeds the same window into Hero KPIs and the rest of
the overview.
- TopModelsCard: standalone right-rail card so the model breakdown is
no longer cramped inside the analytics hero. Shows tokens bar plus
'% of calls' (proxy for routing share) and sessions per model.
- ModelInfoCard now adds an operational microcopy line
('66% of calls · 113 sessions · 30d') and a click-through 'Inventory'
modal that lists every model from /api/models grouped by provider,
with active-model highlight and live filter.
UX/microcopy fixes:
- OpsStrip: '0 ACTIVE' -> '0 active runs', 'CONFIG +6' -> '6 config
diffs', stale-cron pill now visually warns (warning border + tinted
background) instead of muted text only.
- Action row: New Chat is now a primary gradient button, Terminal +
Skills are secondary monochrome buttons, Settings is icon-only. Top
visual weight cut ~30%.
- SkillsWidget: replaced the 6-row mini list with a summary tile
('42 installed · 39 enabled · top: Airtable'). Click-through opens
/skills.
- Analytics card period-aware loading state: shows ' · refreshing…'
microcopy in the header while the period switch is in flight.
Plumbing:
- /api/dashboard/overview now respects ?days=N from the client; query
key includes period so React Query refetches when the operator
switches windows.
- Period default 30d preserved; valid options 7 / 14 / 30 only.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (9/9)
- pnpm build (passes)
- Live: /api/dashboard/overview?days=7 returns 7-day window with
56.5M tokens, top models gpt-5.4 + claude-opus-4-7.
Phase 2 iteration 001. The Workspace dashboard was already aggregating
`/api/analytics/usage` but parsing it for the wrong shape (legacy
`top_models`/`total_tokens`), so the analytics card stayed hidden
even though the gateway returned 247M tokens / 788 sessions.
Aggregator changes:
- normalizeAnalytics now reads native Hermes `{ totals, by_model, daily,
period_days }` and falls back to the legacy shape when present. New
fields exposed: inputTokens, outputTokens, cacheReadTokens,
reasoningTokens, totalSessions, totalApiCalls, daily[], plus a
`source` discriminator (`analytics` | `unavailable`).
- New logs section: pulls `/api/logs?lines=N`, classifies error/warn
counts, returns last N lines for tail UIs.
- Default analytics window bumped 7d → 30d to match native dashboard.
UI changes:
- HeroMetrics: 4 big tiles (Sessions, Tokens, API Calls, Cost) with
inline SVG sparklines + period-over-period delta chips. Replaces the
legacy 4 small MetricTile row.
- AnalyticsHeroCard: large daily area chart + top-5 models breakdown +
totals line. Click 'Expand' opens a modal with a stacked
input/output/reasoning bar chart and full per-model breakdown
(sessions / calls / cost).
- LogsTailCard: rolling tail with error/warn pulse and Expand modal.
Modal auto-refreshes every 3s and supports all/errors/warns filter.
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (9/9)
- pnpm build (passes)
- Live smoke: /api/dashboard/overview now returns analytics.source=
analytics with 247M totalTokens, 29 daily entries, 5 top models, and
log tail with 24 lines.
Polish pass on PR #242 (Workspace dashboard parity phase 1) before
merge. Tightens layout per the dashboard spec's '10-second status
read' goal.
Layout changes:
- Drop the centered logo hero. New header is a single row with title,
Hermes Workspace label, and inline QuickActions.
- Collapse the three stacked status rows (SystemStatusStrip,
CronSummaryCard, PlatformsCard) into one OpsStrip that surfaces
gateway state, version, active agents, restart-pending, config
drift, platform pills, and cron pulse in a single horizontal bar.
- Re-flow main content as 8/4 split: Activity + Analytics on the left,
Model + Skills + Achievements as a side rail.
Data parity:
- Aggregator now exposes status.version, releaseDate, configVersion,
latestConfigVersion, hermesHome from /api/status. OpsStrip uses these
for the version chip and config drift warning.
- New ModelInfoCard reads overview.modelInfo (i.e. /api/model/info, the
active model the gateway is using) instead of /api/claude-config
defaults. Surfaces context length and tools/vision/reasoning chips.
UX:
- AnalyticsSummaryCard now renders a stable 'No usage in last Nd'
empty state instead of disappearing, so layout doesn't reflow on
fresh installs.
- Cron stale next-run (>7 days overdue) downgrades to muted 'stale'
label so March overdue jobs don't look alarming.
Cleanup:
- Remove orphaned SystemStatusStrip, CronSummaryCard, PlatformsCard
components. Drop legacy ModelCard + dead SystemGlance helper from
dashboard-screen.tsx (-179 lines net).
Tests/build:
- pnpm exec vitest run src/server/dashboard-aggregator.test.ts (7/7)
- pnpm build (passes)
Workspace dashboard now mirrors what the native Hermes Agent dashboard at
:9120 surfaces, on top of the existing sessions analytics, in a single
server-aggregated round trip.
Adds new server endpoint `GET /api/dashboard/overview` that fans out to:
- /api/status (gateway state, active sessions, platforms)
- /api/cron/jobs (cron summary)
- /api/plugins/hermes-achievements/recent-unlocks (recent ribbon)
- /api/plugins/hermes-achievements/achievements (totals)
- /api/model/info (provider, model, context, capabilities)
- /api/analytics/usage (token totals, top models, optional cost)
Per-section graceful fallbacks: each slice independently resolves to
null on auth failure / missing endpoint / unreachable dashboard, and
the corresponding card hides itself. Vanilla installs without the
achievements plugin or analytics auth still get a usable dashboard.
Adds 5 new dashboard cards:
- SystemStatusStrip: one-line gateway + active-agents pill at top,
warning chip when restart_requested.
- PlatformsCard: connected platforms with per-platform state pills
(api_server, telegram, discord, etc.).
- CronSummaryCard: scheduled / paused / running counts + next-run
countdown, click-through to /jobs.
- AchievementsCard: 3 most recent unlocks with tier badges, plus a
modal that fetches a wider window (?achievements=12) for the full
ribbon view.
- AnalyticsSummaryCard: top-3 models by tokens with proportional bars,
total tokens over the window, real cost from the dashboard (replaces
the old hardcoded ~$5/M estimate).
Other tweaks:
- Replace the hardcoded cost subline on the Tokens MetricTile with the
real estimated_cost_usd value from /api/analytics/usage when present.
- New section row between the chart row and Recent Sessions for
Platforms / Analytics / Achievements.
Tests: +7 for the aggregator covering the empty / mixed / full payload
shapes plus the field-rename quirks (gateway_platforms vs platforms,
active_sessions vs active_agents). All 31 swarm/dashboard tests green.
Closes#235 — workers stuck after stop because runtime.json was never
updated. `POST /api/swarm-tmux-stop` killed the tmux session but left
`lifecycle.state` / `phase` / `currentTask` at whatever the last
in-process update wrote. The Swarm UI rendered the worker as 'stuck':
no tmux session, but lifecycle still says running/blocked.
Adds `patchSwarmRuntimeFile` in swarm-foundation, atomic-write into
`runtime.json` so unrelated fields survive. Stop handler now patches:
state: idle, phase: stopped, currentTask: null, blockedReason: null,
checkpointStatus: none, lastDispatchResult: 'Stopped via UI',
lastOutputAt: now
Best-effort: a runtime-write failure does NOT fail the kill request
(the tmux session is already gone — caller deserves to know that).
Closes#236 — roster `model:` field was display-only. The wrapper at
`~/.local/bin/swarm<N>` invokes `hermes chat --continue` with no
`--model` flag, so the per-profile config.yaml wins. Profiles all
defaulted to `gpt-5.5`, so the roster value never made it to the model.
Adds:
- `swarm-model-resolver.ts` — maps roster display labels (e.g. 'Opus 4.7',
'PC1 Coder (97 TPS)', 'GPT-5.5', 'minimax M2.7') to canonical
provider+model id pairs. Tolerant: unknown labels return null so the
worker is left alone instead of getting wedged.
- `swarm-profile-config.ts` — atomic YAML patch for
`profiles/<id>/config.yaml` that updates only `model.provider` and
`model.default`, preserving sibling fields (toolsets, providers,
agent settings).
- swarm-tmux-start now resolves the roster model and syncs the profile
config before (re)attaching the tmux session. Returns a `modelSync`
block in the response so the UI can surface 'now using …' or quietly
ignore unknown labels.
Tests:
- 10 new tests for `patchSwarmRuntimeFile` (4) + resolver (7) + config sync (7)
- All 24 pass; pre-existing failing tests on main are unrelated and untouched.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Removes `docker/agent/Dockerfile` and `docker/workspace/Dockerfile`:
- `docker/agent/Dockerfile` cloned the wrong repo (`outsourc-e/hermes-agent`
is the workspace fork, not the agent) and ran the old `claude` binary
name. It would not build successfully.
- `docker/workspace/Dockerfile` was a dev-mode (`pnpm dev`) variant that
duplicated the production root `Dockerfile` for no benefit; the dev
overlay now reuses the root Dockerfile with hot-build instead.
Updates `docker-compose.dev.yml` to build only the workspace from local
source via the canonical root Dockerfile. The Hermes Agent service stays
on the canonical `nousresearch/hermes-agent:latest` upstream image
(~750k pulls), with a clear note in the overlay header explaining how
to override if a custom agent image is genuinely needed.
Adds a quick-start path table at the top of README pointing 'compose
gig' users straight at the Docker section, and rewrites the dev-overlay
section to match the simpler reality.
This addresses the recurring 'can we get a docker image so I can set
up a compose gig instead of building from source' community ask. The
image already exists at `ghcr.io/outsourc-e/hermes-workspace:latest`,
the compose file just works \u2014 the stale local Dockerfiles were the
only thing making the dev overlay confusing.
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Swarm worker chat readers currently surface a raw "state.db missing" error
when a worker profile hasn't been provisioned yet. Treat that condition
as "no session" — return an empty message list rather than propagating
the file-not-found exception to the UI.
Adds a regression test in swarm-chat-reader.test.ts covering the missing
state.db path.
Worked with Interstellar Code
Merges CSP improvements (Monaco/Google Fonts) and adds ~/Projects/hermes-agent to the update-system path candidates. The onboarding fix in this PR was already shipped on main.
* fix: bump hardcoded MiniMax-M2.5 references to M2.7
MiniMax shipped M2.7 in April 2026 (https://www.minimax.io/models/text/m27).
The Workspace UI still hardcoded M2.5 in 5 places — model presets, the
gateway hub, settings dialog, and the formatter. Clicking the MiniMax
preset would force-rewrite the user's config.yaml model from
`MiniMax-M2.7` back to `MiniMax-M2.5`, which most users no longer
have access to (#227).
Closes#227
* chore: ignore .hermes/ scratch dir + .env.bak-* timestamped backups
---------
Co-authored-by: Aurora release bot <release@outsourc-e.com>
Live tool cards on vanilla Hermes Agent via /v1/responses streaming.
Restores expandable mid-run cards with full args + result text without
forking the upstream agent. See individual commits for rationale.
# Conflicts:
# src/routes/api/send-stream.ts
# src/screens/chat/components/chat-message-list.tsx
Vanilla Hermes Agent's /v1/chat/completions SSE only emits a thin
hermes.tool.progress lifecycle event (no args, no result), which is why
mid-run cards were either missing or empty on a vanilla install.
Switch (opt-in via HERMES_USE_RESPONSES=1) to the structured
/v1/responses streaming surface, which carries:
- response.output_item.added (function_call) -> full args JSON
- response.output_item.done (function_call) -> stable call_id
- response.output_item.added (function_call_output) -> result text
Translate those into the existing 'tool' SSE events the chat-store
already handles (phase: calling -> complete keyed by tool_call_id), so
the TuiActivityCard renders mid-run with INPUT expanded and tool output
visible on completion. No upstream agent fork required.
The new responses-api.ts module is the parser-only consumer; the
existing /v1/chat/completions path remains the fallback and auto-
recovers if /v1/responses is unavailable (older gateway, network
blip, etc.).
Also includes the synthetic-live-tools poller (used by the
enhanced-Hermes path on customised gateways without /v1/responses) so
the dual-tree imports keep resolving.
When HERMES_TOOL_DEBUG=1, the streamChat reader writes every raw
'event:' / 'data:' line to /tmp/hermes-tool-debug/sse-<sessionId>-<ts>.log
so we can inspect what the upstream gateway actually emits when tool
cards drop or the wire format drifts. Off by default; zero cost in
production.
The previous simplification dropped args/preview/result from the
streaming tool-call card mapping, so even when live tool events arrived
the card rendered as a bare row with no INPUT JSON, no output text, and
no expandable detail. Restore the full mapping so cards are expandable
mid-run.
Vanilla Hermes Agent v0.12.x emits 'event: hermes.tool.progress' with a
toolCallId + status (running/completed) so frontends can render live
tool cards over the /v1/chat/completions SSE stream. The decoder
previously only handled the legacy 'claude.tool.progress' name and
discarded the lifecycle fields, so Hermes Workspace lost the running ->
done transition entirely.
Also accept 'completed' events that ship without an emoji/label so the
matching 'running' card flips to done instead of getting stuck.
- Unified TUI-style activity card (Codex/Claude Code TUI aesthetic)
with status dots, monospace tool labels, indented \u23bf preview rows.
- Bottom shimmer ThinkingBubble keeps legacy 'Hermes Agent thinking'
identity; TUI card sprouts as a tree branch underneath when tools
fire, then migrates above the assistant bubble once text streams.
- Session popover (chat-header) opaque + theme-aware.
- chat-queries: reconcileSessionDraft fixes optimistic draft sessions
in the sidebar after server assigns canonical friendlyId/key.
- Workspace SSE: dropped fake 'Still working\u2026' thinking heartbeats,
use dedicated event: hb_signal + raw SSE comment instead.
- Mid-run tool polling for vanilla Hermes Agent: synthesizes live
event: tool entries by polling agent session messages every 800ms,
scoped to the current run via baseline message-count snapshot.
- Post-run backfill on run.completed (best-effort) for any tools that
the live poll missed; chat-store dedupes by tool_call_id.
Works with vanilla Hermes Agent on main. When/if upstream adds real
live tool.* SSE events, those arrive first and the synth becomes a
no-op.
Snapshot the agent session's message count at run start and use it as
the baseline for both the mid-run tool poller and the post-run tool
backfill. Without this, 'the most recent assistant with tool_calls'
could resolve to the previous turn's tools and surface stale tool
cards on the new run (off-by-one-turn bug observed in multi-turn
sessions).
Also restructure the poller to gather every assistant tool_call from
the current run window (not just the last assistant) so multi-step
runs that emit several distinct assistant messages with tools each
have all their tools surfaced live.
Vanilla Hermes Agent currently does not emit tool.* SSE events live on
/api/sessions/{id}/chat/stream (callback signature drift). Until that
ships upstream, synthesize live tool events Workspace-side by polling
the agent's session messages every ~800ms during the run and emitting
event: tool with phase: complete as soon as each tool's tool_result
message lands.
- Polling runs in parallel with the streamChat consumer; it stops in a
finally block once streamChat returns or throws.
- Each tool_call_id is emitted at most once during the run, plus a
final post-run backfill pass already covers anything missed.
- Workspace chat-store dedupes by tool_call_id, so this is safe when
the agent eventually emits real live tool.* events; those arrive
first and the synth polls become no-ops.
- Errors during polling are swallowed (best-effort).
Net effect on vanilla agent: TUI activity card populates each tool row
as the tool finishes running, instead of all-at-once at the end of run.
UI / TUI activity card
- Bottom shimmer ThinkingBubble keeps the legacy 'Hermes Agent is
thinking\u2026' identity, with the new TuiActivityCard sprouting
underneath as a tree branch when active tool calls are in flight.
- Once the assistant text starts streaming, the bottom shimmer + branch
fade out and the per-message TuiActivityCard above the bubble takes
over so the activity surface is never duplicated.
- Card padding and spacing tuned for breathing room (header, rows,
output preview line, expand panels).
Session UX
- Session popover (chat-header) made fully opaque: theme-card surface,
proper border + shadow-2xl, no see-through dark overlay.
- chat-queries: reconcileSessionDraft now maps the optimistic draft
session to its server-assigned friendlyId/key so the sidebar list
doesn\u2019t orphan or duplicate freshly created sessions.
- Sidebar/session hooks updated for the new reconcile flow.
This commit deliberately works against vanilla Hermes Agent on main.
The TUI card renders honestly: 'working\u2026 tool activity will appear
after the run' while the agent has nothing to stream, then populates
once tool events arrive (currently post-run only on vanilla agent).
- New TuiActivityCard renders thinking + all tool calls in one card above
the assistant bubble, using a Claude Code/Codex CLI TUI aesthetic
(status dots, monospace labels, indented `\u23bf` output preview rows).
- Replaces the old standalone thinking summary, the standalone activity
menu, and inline tool blocks inside the bubble with a single surface.
- Replaces the legacy ThinkingBubble from chat-message-list with a slim
TUI placeholder while streaming hasn't materialized a message yet.
- Stops emitting fake "Still working\u2026" thinking events as Cloudflare
keepalives; uses a dedicated event: hb_signal + raw SSE comment instead.
- Drops keepalive thinking placeholders client-side as a defense in depth.
- Backfills tool calls from session history on agent run.completed when
upstream tool.* SSE events are missing (best-effort).
Note: live tool cards still depend on Hermes Agent emitting tool.* SSE
events on /api/sessions/{id}/chat/stream. Currently it does not, so the
card shows a working\u2026 stub until end-of-run.
Snapshot the agent session's message count at run start and use it as
the baseline for both the mid-run tool poller and the post-run tool
backfill. Without this, 'the most recent assistant with tool_calls'
could resolve to the previous turn's tools and surface stale tool
cards on the new run (off-by-one-turn bug observed in multi-turn
sessions).
Also restructure the poller to gather every assistant tool_call from
the current run window (not just the last assistant) so multi-step
runs that emit several distinct assistant messages with tools each
have all their tools surfaced live.
Vanilla Hermes Agent currently does not emit tool.* SSE events live on
/api/sessions/{id}/chat/stream (callback signature drift). Until that
ships upstream, synthesize live tool events Workspace-side by polling
the agent's session messages every ~800ms during the run and emitting
event: tool with phase: complete as soon as each tool's tool_result
message lands.
- Polling runs in parallel with the streamChat consumer; it stops in a
finally block once streamChat returns or throws.
- Each tool_call_id is emitted at most once during the run, plus a
final post-run backfill pass already covers anything missed.
- Workspace chat-store dedupes by tool_call_id, so this is safe when
the agent eventually emits real live tool.* events; those arrive
first and the synth polls become no-ops.
- Errors during polling are swallowed (best-effort).
Net effect on vanilla agent: TUI activity card populates each tool row
as the tool finishes running, instead of all-at-once at the end of run.
UI / TUI activity card
- Bottom shimmer ThinkingBubble keeps the legacy 'Hermes Agent is
thinking\u2026' identity, with the new TuiActivityCard sprouting
underneath as a tree branch when active tool calls are in flight.
- Once the assistant text starts streaming, the bottom shimmer + branch
fade out and the per-message TuiActivityCard above the bubble takes
over so the activity surface is never duplicated.
- Card padding and spacing tuned for breathing room (header, rows,
output preview line, expand panels).
Session UX
- Session popover (chat-header) made fully opaque: theme-card surface,
proper border + shadow-2xl, no see-through dark overlay.
- chat-queries: reconcileSessionDraft now maps the optimistic draft
session to its server-assigned friendlyId/key so the sidebar list
doesn\u2019t orphan or duplicate freshly created sessions.
- Sidebar/session hooks updated for the new reconcile flow.
This commit deliberately works against vanilla Hermes Agent on main.
The TUI card renders honestly: 'working\u2026 tool activity will appear
after the run' while the agent has nothing to stream, then populates
once tool events arrive (currently post-run only on vanilla agent).
- New TuiActivityCard renders thinking + all tool calls in one card above
the assistant bubble, using a Claude Code/Codex CLI TUI aesthetic
(status dots, monospace labels, indented `\u23bf` output preview rows).
- Replaces the old standalone thinking summary, the standalone activity
menu, and inline tool blocks inside the bubble with a single surface.
- Replaces the legacy ThinkingBubble from chat-message-list with a slim
TUI placeholder while streaming hasn't materialized a message yet.
- Stops emitting fake "Still working\u2026" thinking events as Cloudflare
keepalives; uses a dedicated event: hb_signal + raw SSE comment instead.
- Drops keepalive thinking placeholders client-side as a defense in depth.
- Backfills tool calls from session history on agent run.completed when
upstream tool.* SSE events are missing (best-effort).
Note: live tool cards still depend on Hermes Agent emitting tool.* SSE
events on /api/sessions/{id}/chat/stream. Currently it does not, so the
card shows a working\u2026 stub until end-of-run.
When `HERMES_PASSWORD` is set, fresh devices land on the onboarding
wizard ("Connect Backend") instead of the password screen, because the
wizard is gated by the `hermes-onboarding-complete` localStorage flag
in `RootLayout`, while `LoginScreen` is gated by auth state inside
`WorkspaceShell` — and `WorkspaceShell` is only rendered after
onboarding is marked complete. The wizard then probes auth-protected
endpoints on click and shows "HTTP 401" with no way to authenticate.
Move the auth gate up to the root layout so login takes precedence
over onboarding. The new flow is:
1. authRequired && !authenticated → LoginScreen
2. !onboardingComplete → HermesOnboarding wizard
3. onboardingComplete → WorkspaceShell
Auth status is fetched once at root mount via the existing
`fetchHermesAuthStatus()` helper. Failures fall back to
"no auth required" so loopback installs are unchanged.
`WorkspaceShell`'s own `LoginScreen` guard remains as a safety net
for sessions that expire mid-use.
(cherry picked from commit e63fe63149c3b3d0d821a98558d8d9174484a802)
`listMemoryFiles()` walks the entire HERMES_HOME recursively. When the
workspace points at a Hermes data dir with many unrelated subtrees
(skills/, cron/output/, backups/, state.db…), the walk takes 5+ seconds
and `/api/memory/list` times out from the client.
`pushIfMarkdownFile()` already filters to MEMORY.md / memory/ /
memories/ via `isBrowserMemoryPath()`, so descending into other
subtrees is wasted work. Walk only those canonical paths directly.
No behavior change for vanilla installs; large speedup for shared-home
deployments.
(cherry picked from commit 4a53752a9582ab435a85ea9ae413e13031120203)
Prior commit hardcoded '.claude' after CLAUDE_HOME, which caused double
nesting when CLAUDE_HOME already pointed at the Hermes root (e.g. setting
CLAUDE_HOME=/tmp/claude-home would resolve runs to /tmp/hermes-home/.claude/webui-mvp/runs).
Switching to the canonical getClaudeRoot() helper from hermes-paths.ts (added in #205) keeps run-store consistent with kanban-backend and other server modules, and correctly handles both bare CLAUDE_HOME and profile-pointing CLAUDE_HOME.
- pnpm build: pass
- pnpm test: 27 files / 96 tests pass
(cherry picked from commit 8475edadff091394b9311adfde2af774ecbf16b9)
Both modules hardcoded os.homedir() instead of honoring the
HERMES_HOME environment variable, causing EACCES errors in the
Docker workspace container where the user's home (/home/workspace)
is not the data volume mount (/opt/data).
Aligns with the pattern already used in tasks-store.ts,
gateway-capabilities.ts, memory-browser.ts, auth-middleware.ts, etc.
(cherry picked from commit cc4c757de0b4f8cba5efbcf52fa68c6d9c95f577)
createSession, updateSession, and forkSession were missing the
dashboard availability check used by all other session functions
(listSessions, getSession, deleteSession, getMessages, searchSessions).
When the dashboard is available, requests now route through it instead
of hitting the gateway directly.
- hermes-dashboard-api.ts: add createSession, updateSession, forkSession
- hermes-api.ts: import new functions and add dashboard fallback guard
(cherry picked from commit a19e5ac1039660d5acaf43f6e863502d0e4d6a69)
Five distinct issues were causing chat SSE streams to disconnect during
multi-minute silent processing windows on slow upstream providers (e.g.
Z.AI coding plan with rate limits and frequent connection drops).
Fixes in this commit:
- chat-screen.tsx active-run poller no longer false-positives on null
run / queued / pending statuses; only fires streamFinish() on
definitively terminal statuses (completed|failed|cancelled|error).
- vite.config.ts disables Node's default 5-minute requestTimeout for the
dev server only (gated on command === 'serve'). Heartbeats handle
keep-alive at the app layer; production servers keep their defaults to
avoid slowloris exposure. Was killing any HTTP request older than 5min
including healthy long-running SSE responses.
- use-streaming-message.ts AbortError path now clears hook state and
invokes a new optional onAbort() callback instead of returning
silently. Prevents UI flags (sending / waitingForResponse /
pendingGeneration) from getting stuck when a stream is aborted by
cross-session navigation, HMR unmount, or dev-server auto-restart.
- chat-screen.tsx wires onAbort to reset all sending/waiting flags so
the composer unblocks immediately.
- models.ts now exposes streamAcceptedTimeoutMs / streamHandoffTimeoutMs
in its response, sourced from workspace.stream_accepted_timeout and
workspace.stream_handoff_timeout in ~/.hermes/config.yaml (env vars
STREAM_ACCEPTED_TIMEOUT_MS / STREAM_HANDOFF_TIMEOUT_MS still
override). Replaces the abandoned /api/stream-config route.
- chat-screen.tsx feeds those timeouts into useStreamingMessage so users
can tune the no-activity windows via config.yaml without rebuilding.
- Removes orphan /api/stream-config route file (was returning HTML
instead of JSON in dev because TanStack Start hadn't picked it up
without a server restart; functionality moved to /api/models).
Refs upstream issue #195 for full root cause analysis.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 941f8efa2b8881986c82205ebcb61b58187c4a08)
Hardcoded 2/3-min no-activity timeouts are now driven by
STREAM_ACCEPTED_TIMEOUT_MS and STREAM_HANDOFF_TIMEOUT_MS env vars
(defaults: 120s accepted, 300s handoff). New /api/stream-config route
reads these at runtime; chat-screen fetches them once on mount and
passes to useStreamingMessage. Together with the 30s heartbeat added
in the previous commit, long agent runs on slow models no longer stall.
Worked with Interstellar Code
(cherry picked from commit 96f0c64b2222b42b112b83a878dbe12cf29c46a7)
Client-side no-activity timers (2 min accepted, 3 min handoff) were
aborting streams whenever GLM-5.1 spent more than 3 min processing
tool calls or generating responses on large contexts. send-stream.ts
now emits a heartbeat event every 30s; use-streaming-message.ts
handles it by calling markActivity(), which resets the inactivity timer.
Worked with Interstellar Code
(cherry picked from commit 3eb0f0ddfc53127f702c5605bafcc7cc3ae29f94)
When the gateway runs in portable mode (no per-session API), sessions
created via send-stream.ts are persisted only in the workspace local
store at .runtime/local-sessions.json. The DELETE /api/sessions handler
ignored this store entirely:
- If gateway capabilities.sessions === false, it returned
{ deleted: false } silently — UI would optimistically remove the
session, but it'd reappear on reload because the workspace local
store still had it.
- If capabilities.sessions === true (e.g. zero-fork mode where the
workspace claims sessions are available even though the actual
gateway /api/sessions/{id} endpoint 404s for portable-only sessions),
the handler proxied to the gateway, got a 404, and returned 500 to
the browser. Delete button appeared broken.
Fix: check the local store first via getLocalSession(). If the session
is found there, delete it locally (no gateway call) and return
{ ok: true, source: 'local' }. Otherwise fall through to the existing
capability check + gateway delete path.
Discovered while debugging an undeletable chat session in a setup where
mode=zero-fork was reported by the gateway capabilities probe but the
sessions API endpoint still returned 404.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit b4bc5f16f125996542c0ad7321aebef646cbbc72)
OpenRouter entries use provider/model format (e.g. "anthropic/claude-sonnet-4-20250514")
as their model field, which became the first id in the list. The composer's
configuredModel fallback then showed this OpenRouter id instead of the actual
config.yaml default. Always move the config default to position 0 rather than
only inserting when absent.
Worked with Interstellar Code
(cherry picked from commit 7f4146f7d73af9f8f531885b4d7885fa425f4f64)
chat-screen.tsx was importing addApproval/loadApprovals/saveApprovals
from src/lib/approvals-store — a stub that returns null/[] and writes
nothing. The approval banner at the top of the message list was therefore
permanently invisible even when the agent requested approval.
- Change both imports to src/screens/gateway/lib/approvals-store (the
real localStorage-backed implementation)
- Align field names: approvalId → gatewayApprovalId, source 'hermes' →
'agent' to match the real ApprovalRequest type
The banner, Approve/Deny buttons, and 2-second polling loop were already
fully implemented — they just had dead imports.
Closes#138
Worked with Interstellar Code
(cherry picked from commit c869718861b3d0ea1467295524afc64c1f5ac0d7)
NODE_ENV=production enables the Secure flag on session cookies. Browsers
silently drop Secure cookies over plain HTTP, causing login to fail with
no visible error when HOST=0.0.0.0 is used on a LAN without HTTPS.
- Add startup warning in server-entry.js when non-loopback host +
production + COOKIE_SECURE not explicitly disabled
- Document COOKIE_SECURE=0 in .env.example alongside the existing =1 case
- Add COOKIE_SECURE entry to README env-vars table
Closes#149
Worked with Interstellar Code
(cherry picked from commit d88d899481871f2d9ac5d01f5c318f668d1e6873)
Detect the Claude API 400 error where tool_use blocks exist without
matching tool_result blocks — caused by interrupted/truncated tool calls
overflowing context. Show a human-readable message instead of the raw
API error string.
Closes#159
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 55f8cd54f757bcdc211e30b9f21031b71a7be931)
When a backend PTY exits (user typed exit, command crashed, server
recycled), the SSE stream emits 'event: exit' followed by 'event: close'.
The frontend was ignoring both events, so the tab kept its now-dead
sessionId. Subsequent /api/terminal-input and /api/terminal-resize
calls then 404'd in a tight loop and the user saw a hung terminal until
they reloaded.
Fix: handle 'exit' and 'close' events in the SSE consumer:
- Print a dim '[session ended (exit code N)]' line into xterm so the
user knows what happened.
- Clear the tab's sessionId in zustand state. handleSendInput and the
resize effect both already short-circuit when sessionId is undefined,
so the 404 spam stops immediately.
- Print a hint that '+' opens a new tab.
Auto-reconnect is intentionally not implemented here \u2014 the upstream
issue was just the spurious 404s and frozen UI. If we want a 'restart
session' button later, we wire it on the same handler.
Co-authored-by: Eric <eric@outsourc-e.com>
(cherry picked from commit d2746363b4684a5fab1097e6f0e1a2fa142bac45)
- Manifest, root splash, all alt/title attrs, onboarding, sidebar, empty state
- Both legacy Hermes bytes and canonical Claude bytes converted to Project Agent
- Keeps internal references, file names, theme IDs, and Anthropic provider id intact
Dashboard HTML emits __CLAUDE_SESSION_TOKEN__ (legacy Hermes bytes) but the
workspace regex was only matching __CLAUDE_SESSION_TOKEN__ after the rename,
causing token extraction to fail and all session/skill/job APIs to return
401 Unauthorized — sessions list appeared empty even though backend pairing
was correct.
Now matches both legacy and canonical token names so the workspace pulls the
real Project Agent session data from ~/.openclaw/state.db.
Recovered the intended worker card UX from stash@{0}
(swamp6-inbox-commit-preserve-unrelated), which had been left behind when
feat/swarm-inbox-mode-toggle was sliced out.
Restores:
- directional left/right panel navigation
- focused Tasks / Output / Files panel strip
- task composer state wired into the card
- matching Swarm2Artifacts panel props/behavior
This explains the regression: the newer card version was never removed by a PR,
it was stranded in the stash and never re-applied to the release branch.
Verified with 44/44 swarm+gateway tests passing and clean typecheck signal for
the restored files.
- Office: container 255px -> 360px (12 agents weren't fitting cleanly)
- Office: tick interval 200ms -> 500ms (halves repaint pressure, no visible jitter)
- Add Swarm: model dropdown now groups by provider (openai-codex, anthropic,
ollama-pc1, openrouter, etc.) so all 48 detected models are visible and
organized. Was rendering all in a single flat list which caused visual
collapse to "just GPT-5.5" if user didn't scroll.
Tests pass. Build green.
swarm11 stress test caught a real bug: /api/swarm-checkpoint returned
notification.route=noop when a worker's lastNotifiedCheckpointRaw was
non-empty, even when state/status changed. Dedupe was suppressing
legitimate transitions when raw text happened to match.
Now dedupe on a composite signature (state | status | result | blocker
| nextAction | raw). Backward-compat path covers IN_PROGRESS recycles.
Tests: 9/9 pass (added regression test for state-changed-same-raw).
- Agent buttons used raw px translate3d but the SVG scales via viewBox; in
compact mode (height=255px) agents bled below the visible area. Switched
to percentage-based left/top so they scale with the SVG.
- Default companyName "Mission Control" -> "Swarm".
- Whiteboard sign now respects compact + hideHeader (was rendering even
when caller asked for hideHeader=true).
- task-store comments: Mission Control -> Swarm.
Tests: 44/44 gateway+swarm pass. Build green.
- swarm-notifications: route every checkpoint to swarm3 tmux pane first; only
escalate to main session on NEEDS_INPUT or when orchestrator unreachable.
Orchestrator never echoes its own checkpoints back into its own pane.
- Add tests for orchestrator routing, escalation, fallback, self-skip (4/4 pass).
- Rename Reports view-mode label to Inbox to match feature name.
- Add Swarm Agent dialog: 11 role presets with embedded system prompts +
skill stacks, model dropdown sourced from /api/models, system prompt preview.
Closes the loop: worker checkpoint -> swarm3 prompted -> swarm3 re-prompts or
escalates -> main session only sees what needs Aurora's judgment.
- New Inbox tab with reverse-chrono checkpoint cards, filters, reply box
- Auto/Manual mode toggle on orchestrator card, persisted to .runtime/swarm-mode.json
- Mode field added to /api/swarm-orchestrator-loop
- Reply-from-card POSTs to /api/swarm-dispatch with worker pre-filled
- 27/27 vitest, build green
Two related issues in the built-in terminal:
1. Keyboard focus lost after first command: Chrome/Edge yank DOM focus
back to the page after the SSE reader resolves, so xterm stops
receiving keystrokes after any output stream writes. Solved by
calling `terminal.focus()` after each `terminal.write()` for the
currently-active tab. activeTabId is mirrored into a ref so the
long-lived SSE reader closure can read it without re-running the
whole effect on every tab switch. Also added an `onClick` handler
on the TerminalView container that focuses the .xterm-helper-textarea
directly \u2014 a reliable manual recovery path if the auto-focus ever
misses.
2. Right-click on tab headers shows broken native context menu: we
don't ship a custom context menu yet, and the browser default has
no useful actions on a <button> with no editable content. Added
`onContextMenu={e => e.preventDefault()}` to suppress it.
Co-authored-by: Eric <eric@outsourc-e.com>
The workspace already ships a complete sound notification system in
src/lib/sounds.ts (Web Audio API synthesis) plus a useSounds hook in
src/hooks/use-sounds.ts that auto-plays for swarm session state
changes. There is no equivalent for the main chat — when an agent
finishes responding in a regular session, no sound plays. This is the
exact case where users walk away from the tab during long-running
generations and miss the response.
This patch wires `playChatComplete()` into useStreamingMessage's
onComplete callback in chat-screen.tsx, gated behind a new chat
setting `soundOnChatComplete: boolean` (default `false` — strictly
opt-in so existing users hear no change unless they enable it).
The setting is added to ChatSettings in use-chat-settings.ts and
surfaced as a toggle in both Settings dialogs:
- Settings dialog (mini): below "Show reasoning blocks"
- Settings page (full): below "Show reasoning blocks"
Implementation notes:
- The toggle's value is read directly via
`useChatSettingsStore.getState().settings.soundOnChatComplete`
inside the onComplete callback so the callback's deps array stays
unchanged. This avoids re-creating the streaming callback every
time any chat setting changes.
- No regressions: when the setting is off (default), behavior is
identical to before. When on, a single `playChatComplete()` fires
per completed agent turn.
- All existing primitives (sounds.ts, use-sounds.ts) are untouched.
This patch only adds the wiring at the chat-screen layer.
Tested locally on Chrome over LAN against a Hermes gateway + dashboard
on a separate host. Browser autoplay restrictions still apply: the
first sound after a fresh tab load may be silently dropped until the
user has interacted with the page (a known Web Audio quirk, not
specific to this patch).
The LoginScreen component had `bg-white` hardcoded on the card and the
password input, which left it white-on-dark for any user with a dark
theme active (default `hermes-nous` and friends). The rest of the
class set already uses `text-primary-900`, `border-primary-200`, etc.
which the theme system in styles.css remaps via CSS variables, so the
typography and borders adapted but the surface stayed white.
Fix: replace the two `bg-white` instances with `bg-primary-100` (card)
and `bg-primary-50` (input), which map to `--theme-card` and
`--theme-panel` respectively. Also tighten the card ring from
`ring-primary-900/5` (nearly invisible against dark backgrounds) to
`ring-primary-200`, which uses `--theme-border` and stays subtle in
both light and dark themes. The error toast keeps `bg-red-50` /
`text-red-700` (red is not theme-mapped, on purpose) but gains a
`dark:` variant so it's readable on dark themes.
No new variables and no new theme entries — purely uses what the
theme infrastructure already provides.
The DASHBOARD_BEARER_TOKEN constant in gateway-capabilities.ts was
defaulting HERMES_DASHBOARD_TOKEN || HERMES_API_TOKEN. This treats the
two tokens as interchangeable, but they are not:
- HERMES_API_TOKEN authenticates the gateway (port 8642), where it is a
long-lived bearer set by the operator.
- The official Hermes dashboard (port 9119, hermes_cli/web_server.py)
generates an ephemeral session token at boot via
`_SESSION_TOKEN = secrets.token_urlsafe(32)` and injects it into the
dashboard SPA via `window.__HERMES_SESSION_TOKEN__`. There is no
service-to-service way to set it, and it changes on every restart.
When operators set HERMES_API_TOKEN (which is required for the gateway
to authenticate workspace requests), the OR-fallback caused that token
to be used against the dashboard too. The dashboard rejects it with 401,
and every dashboard-backed endpoint in the workspace (`/api/sessions`,
`/api/skills`, `/api/files`, etc.) returns 500 with a "Hermes dashboard
… 401 Unauthorized" body. The user can log in but the workspace renders
empty / errors after auth.
The existing comment on the constant already describes the intended
flow: "Preferred over scraping the dashboard's root HTML for an inline
token (the legacy path … see #124). When set, the workspace uses this
directly and never parses HTML." The HTML-scrape fallback in
fetchDashboardToken() correctly handles the ephemeral token case — but
the OR-fallback bypassed it.
Fix: drop the fallback to HERMES_API_TOKEN. If only HERMES_API_TOKEN is
set, DASHBOARD_BEARER_TOKEN is now empty and fetchDashboardToken()
falls through to the HTML-scrape path that actually works against the
upstream dashboard.
Repro:
1. Run hermes gateway + dashboard from upstream NousResearch/hermes-agent.
2. Set HERMES_API_TOKEN in workspace .env (required by the gateway).
3. Leave HERMES_DASHBOARD_TOKEN unset.
4. Log into the workspace -> /api/sessions returns 500.
After the fix the workspace successfully scrapes the ephemeral token
from / and dashboard endpoints return 200.
- profiles-browser.ts: listProfiles() now resolves model.default and
model.provider from nested config objects (the format used by Hermes CLI)
- chat-empty-state.tsx: displays active profile name + model below
'Begin a session' so multi-profile users know which agent they're talking to
Addresses the 5 security findings from @kiosvantra's audit (thank you!).
## #121 — Path traversal via naive startsWith()
src/routes/api/files.ts: ensureWorkspacePath now uses path.relative()
to enforce the workspace boundary. The previous string-prefix check
accepted sibling paths (e.g. /root/.hermes2 when root is /root/.hermes).
Added regression tests in src/routes/api/-files.test.ts.
## #122 — Deployment defaults expose control plane
server-entry.js: default HOST to 127.0.0.1. If HOST is non-loopback
and HERMES_PASSWORD is unset, the server refuses to start with a
clear banner explaining the fix. An explicit
HERMES_ALLOW_INSECURE_REMOTE=1 escape hatch is available for operators
who understand the risk.
docker-compose.yml: gateway defaults to 127.0.0.1 (no host binding),
workspace publishes on 127.0.0.1:3000 and passes HERMES_PASSWORD /
COOKIE_SECURE / TRUST_PROXY through.
## #123 — Session cookie missing Secure
src/server/auth-middleware.ts: createSessionCookie() now appends
Secure by default in production (and when COOKIE_SECURE=1 overrides).
Docs clarify when dev-HTTP exemption is safe.
## #124 — Dashboard token scraped from HTML
src/server/gateway-capabilities.ts: fetchDashboardToken() now prefers
an explicit HERMES_DASHBOARD_TOKEN (or HERMES_API_TOKEN) env bearer.
The HTML-scrape path remains as a logged fallback for existing
deployments, with a deprecation warning pointing at #124. This removes
the brittle trust boundary in production.
## #125 — x-forwarded-for trusted unconditionally
src/server/auth-middleware.ts + src/server/rate-limit.ts: both IP
resolvers now ignore forwarded headers unless TRUST_PROXY=1 is set.
Without that opt-in, clients cannot spoof local classification or
rotate rate-limit keys via x-forwarded-for. Added regression tests.
## Env + docs
.env.example: new Security section documenting HOST, HERMES_PASSWORD,
COOKIE_SECURE, TRUST_PROXY, HERMES_DASHBOARD_TOKEN, and the bypass.
README.md: Security section updated to reflect the new posture and
credit the audit.
## Verification
- tsc --noEmit: clean
- vitest: 43/43 pass (added 16 new tests across files, auth-middleware,
rate-limit)
- Fail-closed guard verified manually:
HOST=0.0.0.0 \u2192 exit 1 with banner
HOST=0.0.0.0 HERMES_PASSWORD=x \u2192 starts
HOST=0.0.0.0 HERMES_ALLOW_INSECURE_REMOTE=1 \u2192 starts with warn
HOST=127.0.0.1 \u2192 starts
Closes#121, #122, #123, #124, #125
Co-authored-by: Eric <eric@outsourc-e.com>
The Dockerfile was running `node dist/server/server.js` directly, but
that file is the TanStack Start fetch handler module \u2014 it exports a
fetch function and does not call `listen()`. Node imports it, runs
top-level code, and exits cleanly (code 0) because nothing keeps the
event loop alive. This is why the container in #129 exits immediately
with no logs and no listening port.
The real HTTP server lives at `server-entry.js` in the repo root: it
creates a Node http server, serves static assets from `dist/client`,
and forwards dynamic requests to the TanStack Start handler. This is
the same entry `scripts/start-stable.sh` uses locally.
Fix:
- Copy `server-entry.js` into the runtime image
- Change CMD to `node server-entry.js`
Closes#129
Co-authored-by: Eric <eric@outsourc-e.com>
The quick settings popup only showed the two older chat toggles
(showToolMessages, showReasoningBlocks) while three new ones \u2014
enterBehavior (#90), chatWidth (#89), and sidebarHoverExpand (#115) \u2014
were only reachable via the full /settings page.
Add all three to the dialog's 'Chat' section using the same Row
primitive, so both surfaces stay consistent.
Eric reported this after noticing the hover toggle was missing from
the popup.
Co-authored-by: Eric <eric@outsourc-e.com>
#91 removed the chat sidebar's hover-to-expand behavior because users
couldn't uncollapse reliably (hover flipped toggle icons, clicks got
repurposed). Other users liked the old behavior as a quick-peek UX
without committing to uncollapsing.
Solution: make it an opt-in preference.
- New 'sidebarHoverExpand' boolean in the chat-settings zustand store
(persisted, default false). When false the #91 fix holds: rail stays
48px and clicks always toggle the persistent collapsed state.
- When true: hovering a collapsed rail expands it as a preview; leaving
the aside collapses it again; clicking the toggle button while in
preview dismisses the preview first, then the next click toggles.
- Exposed in Settings > Chat Display as 'Expand sidebar on hover'.
- Default stays 'off' so no existing user's behavior changes.
Co-authored-by: Eric <eric@outsourc-e.com>
Reported: creating a new profile and selecting 'default' in the
'Clone from existing' dropdown failed with:
Default profile cannot be modified here
Root cause: validateProfileName() was used for BOTH the new profile's
name AND the cloneFrom source. The 'default'-is-reserved check is
correct for new names (you cannot create/overwrite 'default') but
wrong for sources (cloning from 'default' must be allowed \u2014 it's the
most common starting point).
Changes:
- Split validateProfileName() into two functions:
- validateProfileName() (unchanged contract): used for destinations
that would overwrite 'default'. Rejects 'default'.
- validateProfileIdentifier(): used for read-only references
(cloneFrom, lookups). Accepts any valid name including 'default'.
- createProfile() now uses validateProfileIdentifier() for the
cloneFrom source.
- cloneFrom resolution also handles 'default'-maps-to-HermesRoot
correctly, since default's config.yaml lives at ~/.hermes/config.yaml,
not ~/.hermes/profiles/default/config.yaml.
Co-authored-by: Eric <eric@outsourc-e.com>
Adds a Settings > Connection section where users can edit the gateway
and dashboard URLs at runtime. Solves the Tailscale / LAN / remote-host
UX hole @diegodefieth-hash flagged in #101.
Implementation:
- gateway-capabilities.ts now supports setGatewayUrl() / setDashboardUrl()
that update the in-process HERMES_API / HERMES_DASHBOARD_URL values
AND persist to ~/.hermes/workspace-overrides.json. On process start
the overrides file takes precedence over env vars, which still win
over the localhost defaults.
- New PUT /api/connection-settings endpoint. Validates http(s) URLs,
calls the setters, force-reprobes capabilities so the UI sees the
unlock/lock immediately.
- New Connection settings section with two inputs (gateway + dashboard),
Save/Reset buttons, source label, and a Tailscale/remote tip callout.
- Workspace overrides file written with 0600 perms (tokens/URLs are
sensitive context about the user's network topology).
- README updated: no more 'stop + edit .env + start'.
Fixes#101
Co-authored-by: Eric <eric@outsourc-e.com>
* feat(settings): shared sidebar + URL-driven active section
Extract the tab list at /settings into a reusable component and drive
the active tab from the URL (?section=<id>) instead of per-page state,
so the tab list also renders on /settings/mcp and selection survives
cross-page navigation.
- src/components/settings/settings-sidebar.tsx: new shared component
exporting SettingsSidebar (desktop nav) and SettingsMobilePills
(mobile pill scroller). Every tab is a Link; active tab shows an
accent-subtle background with a small left accent bar so it stays
visible across all themes.
- src/routes/settings/index.tsx: validateSearch for the `section`
param, read it via Route.useSearch() to pick the active section,
drop the local useState. Appearance section laid out vertically so
theme cards no longer overlap their own label.
- src/components/command-palette.tsx, src/components/search/search-
modal.tsx, src/screens/dashboard/dashboard-screen.tsx, src/screens/
gateway/agents-screen.tsx: pass search={} to navigate({ to:
'/settings' }) so the typed route schema accepts them.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(chat-sidebar): remove hover-to-expand so icons stay reachable
Hovering the collapsed 48px rail used to expand the sidebar into a
"hover preview" that flipped the toggle button's icon and repurposed
clicks into "dismiss preview" rather than "uncollapse persistently".
Users reported being unable to uncollapse the sidebar: the icon they
were trying to click kept moving, and the button they tried instead
just re-collapsed them.
The rail now stays 48px on hover, its icons are directly clickable,
and the toggle button always reflects and toggles the persistent
collapsed state regardless of any hover state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ui): MCP page reads in all themes + visible tabs active state
Two related visibility fixes across the 8 workspace themes:
- src/screens/settings/mcp-settings-screen.tsx: swap hardcoded
bg-white / pale amber / light-red backgrounds for theme-aware
Tailwind tokens (bg-primary-100, bg-amber-500/10, text-amber-600,
etc.) that remap correctly via styles.css. Previously the MCP page
rendered white-on-dark in every dark theme. Also mount the shared
SettingsSidebar / SettingsMobilePills on /settings/mcp so users
keep navigation context instead of only having a "Back to
Settings" link, and activate the 'mcp' tab via the same
URL-driven mechanism the other tabs use.
- src/components/ui/tabs.tsx: give data-active a
bg-[var(--theme-accent-subtle)] / text-[var(--theme-accent)] look.
Previously tabs relied only on the sliding indicator which uses
bg-primary-200 — that maps to --theme-border (a faint line color)
and blends into the list background, leaving the selected tab
visually ambiguous. Most noticeable in the "Add MCP Server"
Stdio / HTTP switcher.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Hermes Agent CLI exposes a HERMES_HOME environment variable that
users can set to relocate their Hermes home directory (e.g. when
running multiple Hermes installations side-by-side, or consolidating
a legacy ~/.hermes into a canonical ~/hermes). The agent itself, the
gateway, and all CLI tooling respect this variable.
Until now, Workspace's server-side handlers ignored HERMES_HOME and
always read config/env/knowledge/profiles/auth from ~/.hermes. Users
with HERMES_HOME set elsewhere saw stale or wrong data in the UI
(e.g. old model labels from an out-of-date config.yaml).
This PR aligns Workspace with the same fallback pattern already used
by src/server/memory-browser.ts (which was the template), plus
src/routes/api/paths.ts and src/routes/api/hermes-tasks-assignees.ts
which already had it right:
process.env.HERMES_HOME ?? path.join(os.homedir(), '.hermes')
Files updated:
- src/routes/api/hermes-config.ts
- src/routes/api/connection-status.ts
- src/routes/api/files.ts (adds HERMES_HOME as fallback rank)
- src/routes/api/workspace.ts (also fixes folderName label)
- src/routes/api/crew-status.ts (2 sites)
- src/routes/api/preview-file.ts (augments allow-list, keeps legacy path)
- src/routes/api/oauth.poll-token.ts
- src/routes/api/models.ts (2 sites)
- src/server/hermes-agent.ts
- src/server/knowledge-config.ts
Display strings referencing '~/.hermes' (settings copy, terminal cwd
default, skill-discovery error message) are left untouched — they are
user-facing documentation of the default, not code paths.
Verification:
- pnpm exec tsc --noEmit produces the same 4 pre-existing repo
baseline errors before and after this change (no new TS errors).
- Manually tested with HERMES_HOME=/Users/<me>/hermes on macOS:
workspace now reads config.yaml from the env-specified path and
reports the correct activeModel, sessions, skills, and jobs.
Co-authored-by: Bryan Subotnick <bryan@medisynlabs.com>
@christopherflora asked for a way to widen the chat column on wide
screens so more info fits on the page. Adds a Settings > Chat Display
option with three presets:
- Comfortable (900px) \u2014 default, matches prior behavior
- Wide (1200px)
- Full width (edge-to-edge in the chat pane)
Implementation: new --chat-content-max-width CSS variable, swapped in
for the hardcoded max-w-[900px] Tailwind utilities in message-item
and message-status. The value is switched via a data-chat-width
attribute on <html>, set by a small hook wired in __root.tsx.
The setting persists via the existing zustand chat-settings store,
so the choice survives reloads and syncs with localStorage.
Fixes#89
Co-authored-by: Eric <eric@outsourc-e.com>
@sean808080 reported the Save button 'appears for a split second then
disappears, only Cancel remains'. The underlying bug is the button's
theme classes: 'bg-accent-500 text-black' produces a near-invisible
button on several themes where the accent is light (the amber/orange
'Classic Light' palette and a few others), so it reads as 'disappeared'.
Switch the Save button to:
- bg: var(--theme-accent) for consistent strong contrast across themes
- text: white (legible on all accent colors currently defined)
- shadow-sm for affordance
- hover: brightness-110 (lighter touch than a separate hover shade)
No behaviour change \u2014 only visibility polish. The state machine around
isEditing is already correct.
Fixes#78
Co-authored-by: Eric <eric@outsourc-e.com>
Adds a user preference to flip Enter key behavior in the chat composer:
- 'send' (default): Enter sends, Shift+Enter inserts newline (existing behavior)
- 'newline': Enter inserts newline, Cmd/Ctrl+Enter sends
The setting is persisted via the existing chat-settings zustand store,
exposed as a toggle in Settings > Chat Display, and consumed by
PromptInputTextarea so every chat surface (main, inline, agent cards)
picks it up automatically.
Useful for long prompts where accidental Enter sends break the flow.
@christopherflora flagged this. Thanks!
Fixes#90
Co-authored-by: Eric <eric@outsourc-e.com>
The 'dev' and 'start:dev' scripts hardcoded --port 3000 on the CLI,
which collided with Baileys/WhatsApp bridges and other services that
also default to 3000. Users couldn't relocate the workspace without
editing package.json.
Changes:
- Drop --port from the CLI scripts; vite.config.ts now owns the port
- vite.config.ts reads process.env.PORT (default 3000) so users can run:
PORT=4000 pnpm dev
- README snippet updated to mention the override
- Default stays at 3000 so every existing install, docker-compose file,
and reverse-proxy rule keeps working
Fixes#96
Co-authored-by: Eric <eric@outsourc-e.com>
#101 reported that running the workspace on a Tailscale-exposed server
and accessing it from a phone ended up probing 127.0.0.1:8642 instead
of the Tailscale IP. Root cause is user-facing: both HERMES_API_URL and
HERMES_DASHBOARD_URL must be set to reachable URLs at process start,
and the gateway needs API_SERVER_HOST=0.0.0.0.
This PR adds:
- README section 'Running on a remote host (Tailscale / VPN / LAN)' with
a worked example covering both env vars + gateway bind config
- Clearer console warning when the localhost probe fails, pointing users
at the env vars and the gateway bind requirement
No code behaviour change. A UI-side backend-URL override is tracked as
a future enhancement in #101.
Co-authored-by: Eric <eric@outsourc-e.com>
The 'upgrade instructions' banner was directing users to commands that
don't work on upstream NousResearch/hermes-agent:
- 'pip install hermes-agent' fails — package isn't on PyPI
- 'hermes dashboard' is only available after installing from source
Replace with accurate install + start commands that match what the
upstream README recommends. The new message covers:
- install-from-source path (git clone + pip install -e .)
- both required services (gateway on :8642, dashboard on :9119)
- which APIs need which service
Fixes#87 part 1/2.
Co-authored-by: Eric <eric@outsourc-e.com>
saveConfig() was sending PUT /api/config with only the partial fields
the caller passed, and the Hermes dashboard's handler replaces the
entire config on write. In zero-fork mode this caused silent data loss:
a settings tweak (e.g. display.personality) would wipe model.provider,
custom_providers, compression.threshold, auxiliary.*, etc.
Now:
- GET the current config
- deep-merge the patch on top (null = explicit removal)
- PUT the merged result
Callers still pass ONLY the fields they want to change. On error fetching
the current config we fall back to the old behaviour rather than blocking
the write (no worse than before; GET works in the common case).
Fixes#85
Co-authored-by: Eric <eric@outsourc-e.com>
The workspace-daemon/ package was removed in 82c3f70 but the Dockerfile
manifest COPY wasn't cleaned up, so CI/docker builds have been failing
at `COPY workspace-daemon/package.json workspace-daemon/` (fixes#88
pull manifest unknown symptom — no new images could be built/pushed).
Also:
- tsconfig include: `vite.config.js` → `vite.config.ts` (actual file ext)
- tsconfig: drop redundant `baseUrl`.", already implied by `paths` in TS 5
Extracted from #91 to ship the CI unblock independently; the larger
settings-UI portion of that PR stays open for separate review.
Co-authored-by: Eric <eric@outsourc-e.com>
Co-authored-by: ajojotank <ajojotank@users.noreply.github.com>
Follow-up to #98 — the session-preview fallback landed in the frontend normalizer + toSessionSummary() but HermesSession was missing the field, so TSC breaks the server build on main. One-line type addition.
Co-authored-by: Eric <eric@outsourc-e.com>
Polish on top of #81:
- Replace runtime require('node:fs') with top-level ESM import
- Use os.homedir() instead of /root fallback (works on macOS/Windows)
- chmod 0600 on workspace-sessions.json (tokens were world-readable)
- mkdir mode 0700 on ~/.hermes when creating it
- Use path.dirname instead of manual string slice
No behavioural change outside file permissions.
Co-authored-by: Eric <eric@outsourc-e.com>
* fix(chat): prevent new chat from loading previous session history
When navigating to /chat/new, the session key resolver normalized 'new'
to '' then fell back to 'main', which the server resolved to the most
recent active session (issue #92).
Add an early return in sessionKeyForHistory to preserve 'new' when
isNewChat is true, bypassing the fallback logic entirely.
Fixes#92
* feat(chat): sort sessions by last activity and use preview as fallback title
- Sort session list by updatedAt (descending) instead of creation order
- Use session.preview (first message snippet) as derivedTitle fallback
when no explicit title is set, making sessions identifiable
- Fix updatedAt mapping to use last_active timestamp from gateway
- Remove session ID fallback from label/title/derivedTitle fields so
UI shows empty state instead of raw UUIDs
Closes UX issues with unlabeled sessions appearing as unreadable IDs
---------
Co-authored-by: Debian <vzl@vps-17920c9f-vps-ovh-net>
${HERMES_API}${path} with a trailing slash on HERMES_API produces
//health, which the gateway 404s — so every capability probe fails
and the onboarding splash sticks (/api/auth-check returns 503
hermes_agent_unreachable) even when the gateway is healthy.
This affects users who set HERMES_API_URL=http://127.0.0.1:8645/
(with a trailing slash) to bypass the vite auto-start self-fork race.
The documented workaround for that race forbids exact-equality with
the default URL, so a trailing slash is the natural workaround.
Normalize both HERMES_API and HERMES_DASHBOARD_URL with
.replace(/\/+$/, "") so either form of env works.
When navigating to /chat/new, the session key resolver normalized 'new'
to '' then fell back to 'main', which the server resolved to the most
recent active session (issue #92).
Add an early return in sessionKeyForHistory to preserve 'new' when
isNewChat is true, bypassing the fallback logic entirely.
Fixes#92
Co-authored-by: Debian <vzl@vps-17920c9f-vps-ovh-net>
Three additions to reduce onboarding friction:
1. docs/AGENT-PAIRING.md — step-by-step guide designed for AI agent
ingestion. Covers the full Workspace↔Gateway pairing flow from
scratch: hermes-agent install → env var setup → API server enable →
port verification → workspace .env → startup verification. Includes
platform-specific notes (WSL, macOS, Linux), a copy-paste quick-fix
block, and a diagnostic bundle command for when things go wrong.
2. docs/troubleshooting.md — human-readable FAQ covering the six most
common setup failures (API server not binding, mode=disconnected,
port conflicts, WSL cold-start race, dev server crashes, onboarding
error state). Each entry has cause → fix → verify.
3. install.sh — added a post-setup guard that scans ~/.hermes/.env for
env var names missing underscores (APISERVERENABLED vs
API_SERVER_ENABLED). The gateway reads exact names via os.getenv()
and silently ignores typos — this produces a 'gateway starts but API
server never binds' failure that's hard to diagnose from the UI.
The guard now warns the user with the correct names.
Closes#76.
Clarifies that users who already have a running hermes-agent gateway
(systemd, Docker, pip install, Nous installer, etc.) don't need to
bootstrap a fresh one \u2014 they can point the workspace at the existing
gateway via HERMES_API_URL (and HERMES_API_TOKEN if auth is enabled).
Documents the three requirements on the agent side:
- Gateway bound to a reachable address
- API_SERVER_ENABLED=true for enhanced endpoints
- Matching HERMES_API_TOKEN when API_SERVER_KEY is set
Co-authored-by: Aurora <aurora@outsourc-e.dev>
Swap docker-compose.yml from local builds to pulling the official
upstream images by default. No more 'wait 10 minutes for git clone +
pip install + uv venv' on first run.
- hermes-agent -> nousresearch/hermes-agent:latest (upstream)
- hermes-workspace -> ghcr.io/outsourc-e/hermes-workspace:latest (our GHCR)
Also:
- Persist agent state to a named 'hermes-data' volume mounted at /opt/data
(config, sessions, skills, memory, creds survive container recreation).
- Add docker-compose.dev.yml overlay so contributors can still build from
source via: docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build
- Harden the healthcheck to CMD-SHELL so exit codes propagate.
- README + CHANGELOG updated to match.
Closes#82.
Co-authored-by: Aurora <aurora@outsourc-e.dev>
New users now land on the Hermes Nous theme (deep teal + cream accent)
instead of Hermes Official (navy). The Nous palette matches the Nous
Research chrome and is the visual identity we're building the brand
around post-rename.
- Update DEFAULT_THEME constant in theme.ts and __root.tsx
- Update fallback values in chat-sidebar, dashboard-overflow-panel,
settings-dialog so all 'hermes-official' fallbacks default to 'hermes-nous'
- Update splash-screen default colors to Nous palette (#031A1A bg,
#F8F1E3 text, #FFAC02 accent) so pre-hydration flash matches
Users who have already set a theme keep their preference (localStorage
unchanged).
Community request: pre-built Docker image for Coolify / Easypanel /
Dokploy / Unraid / any PaaS that takes a container URL.
- Add production Dockerfile (multi-stage: build on node:22-slim, run as
non-root, tini PID 1, healthcheck on port 3000).
- Add .github/workflows/docker-publish.yml that builds + pushes on every
commit to main and every v* tag, multi-arch (amd64 + arm64), with
GHCR tags: latest, semver, branch-sha, etc.
- README: add 'Using a Pre-Built Image' section with Coolify/Easypanel
example config and the list of published tags.
First published image will appear at ghcr.io/outsourc-e/hermes-workspace
on next push to main.
User reported on X:
'error: hermes agent not found clone it as a sibling directory or set
hermes agent path in .env'
after running the fixed install.sh. The root cause is that Nous's installer
puts hermes-agent at ~/.hermes/hermes-agent/ (or installs a `hermes` binary
to ~/.hermes/bin/), but the workspace auto-start logic only looked at:
- HERMES_AGENT_PATH env var
- ../hermes-agent (sibling)
- ../../hermes-agent (monorepo)
None of which match Nous's actual install layout. So every user installing
via the one-liner hit this error.
Changes in both vite.config.ts and src/server/hermes-agent.ts:
- Add ~/.hermes/hermes-agent and ~/hermes-agent to the candidate list
- Add a resolveHermesBinary() that finds ~/.hermes/bin/hermes or
~/.local/bin/hermes (Nous installer + fallback)
- Prefer launching `hermes gateway run` via the binary (canonical
entrypoint) over reconstructing uvicorn against the source tree
- Fall back to uvicorn-from-source when only a directory is available
(dev / cloned-in-place setups)
- Update the 'not found' error message to point at the installer URL
instead of asking users to clone a sibling dir
- PATH for the spawned child now includes ~/.hermes/bin and ~/.local/bin
User on Discord reported our docs saying ANTHROPIC_API_KEY is required.
It's not — hermes-agent supports Anthropic, OpenAI, OpenRouter (incl. free
models), Google, local Ollama/LM Studio, etc. Users only need the key for
the provider they actually picked in `hermes setup`.
Also replaced the 'pip install hermes-agent' references that snuck in — the
package isn't on PyPI, it installs from source via Nous's official script.
Changes:
- .env.example: list all common provider keys, all commented out, users
uncomment whichever they use
- docker-compose.yml: pass through ANTHROPIC / OPENAI / OPENROUTER / GOOGLE /
GROQ / MISTRAL keys (all optional, whichever is set wins)
- README.md: remove 'ANTHROPIC_API_KEY required' claim, replace pip install
references with the Nous installer path, generalize Docker troubleshooting
to match any provider
- FEATURES-INVENTORY.md: list all supported provider env vars
Closes#77 — nekopep reported workspace couldn't authenticate to a gateway
exposed on 0.0.0.0 with API_SERVER_KEY set. Workspace already supports
HERMES_API_TOKEN (added previously) but it wasn't documented.
- Document HERMES_API_TOKEN in .env.example with the matching API_SERVER_KEY
relationship and usage notes.
- Wire through API_SERVER_KEY / API_SERVER_HOST / API_SERVER_ENABLED in
docker-compose.yml so both services pick up the secret from a single
.env value.
- HERMES_API_TOKEN on the workspace side now defaults to the same
API_SERVER_KEY so Docker Compose works out of the box.
hermes-agent is not published to PyPI - pip install was always going to fail
with 'No matching distribution found'. Delegate to the official Nous
installer which handles PEP 668, uv, Termux, and source build properly.
Detected from user bug report:
curl -fsSL https://hermes-workspace.com/install.sh | bash
-> ERROR: No matching distribution found for hermes-agent[cron]
- Drop PyPI/pipx/venv/PEP 668 fallback chain (Nous handles it all)
- Require curl as prereq
- Ensure ~/.hermes/bin and ~/.local/bin on PATH after install
- Bail with helpful message if hermes not on PATH post-install
install.sh:
- The PEP 668 marker EXTERNALLY-MANAGED lives *inside* stdlib (e.g.
/usr/lib/python3.13/EXTERNALLY-MANAGED), not its parent. Our check
pointed at the parent so Ubuntu 25.10 / Python 3.13 was treated as
un-managed and tripped 'externally-managed-environment' on plain pip.
Now we check both locations and fall back to a 'pip install --dry-run'
probe that just reads stderr for the marker.
- ensure_pipx() auto-installs pipx via apt/dnf/pacman/brew when absent so
fresh Debian/Ubuntu boxes don't have to run an extra command first.
apt path tries 'pipx' then 'python3-pipx' for older releases.
- install_with_venv() now hints at python3-venv/python3-full when
'python3 -m venv' itself is missing on minimal Debian-family installs.
connection-startup-screen:
- After 4s of failed health polling, fire /api/start-hermes once silently.
If hermes-agent is installed and just not running, the gateway comes up
without the user clicking anything; the existing 2s polling loop sees
/health and dismisses the splash. The manual 'Auto-Start Hermes Gateway'
button stays as a fallback.
hermes-reconnect-banner:
- When the in-session probe flips to disconnected, fire /api/start-hermes
once silently with a 5-minute cool-down per restart attempt. Catches
gateway crashes (OOM, killed parent shell, quota loop) and brings it
back without requiring the user to click the banner. Falls back to the
existing 'Start Agent' button if the silent attempt fails.
The shared MessageItem component hardcoded text-white inside MessageContent
for user bubbles, which overrode the theme-driven --chat-user-foreground
color in embedded contexts like the Operations orchestrator chat. Replace
those overrides with inline style color: var(--chat-user-foreground) and
make the queued 'Sent' indicator theme-aware too.
Previous fix only patched /api/history. /api/send-stream still bootstrapped
'main' through createSession() so messages typed into the orchestrator chat
landed in a brand new empty session each time, never reaching the user's
actual main chat. Both endpoints now share the same resolution logic:
1. Prefer the most recent session that has a real human-set title
(label !== id, e.g. 'hows everything') \u2014 this is what users actually
mean by 'main'.
2. Fall back to the most recent non-internal session with messages.
3. If none qualify, create a new session as before.
Internal-session prefixes skipped: cron_, cron:, agent:main:ops-
Verified end-to-end: typing in the Operations orchestrator card now
delivers to the same session shown at /chat, and the assistant reply
returns to the same session.
Mission-running view:
- Office cards showed raw Hermes session keys
('cron_cdf0184177a1_20260420_104949') as the worker label because Hermes
uses the session key as the label for cron-spawned sessions. New
prettifier renders these as 'Mission cdf018' and recognizes both
cron_<id> and conductor-<unix_ms> formats so missions in either Hermes
or OCPlatform layouts get clean names.
Mission-complete view:
- Removed justify-center on the main flex column so the page stacks from
the top; with the iframe added it was centering content taller than the
viewport which pushed the header off-screen.
- Iframes (live + history) now use h-[clamp(280px,55vh,520px)] instead of
fixed h-[500px] so on shorter viewports the preview shrinks to keep the
header + buttons in view, and on tall screens it caps cleanly.
- /api/history resolved sessionKey='main' to sessions[0].id, which could be
a cron mission session (cron_*) or an Operations per-agent session
(agent:main:ops-*). That made the orchestrator chat show whatever had run
most recently instead of the user's actual main chat. Filter those
prefixes out of the 'main' resolution so it always lands on a real user
chat session.
- New /api/preview-file endpoint serves files from trusted prefixes
(/tmp, ~/tmp, ~/dispatch, ~/projects, ~/.hermes/projects, ~/.ocplatform/
workspace/projects) with size and MIME guards. Fixes Conductor's mission
complete preview iframe that was hitting the SPA fallback and rendering
the workspace shell. Path traversal is blocked with prefix allowlist
(resolvePath + startsWith check).
- Drop skills/workspace-dispatch/SKILL.md (112 lines) into the repo so the
Conductor orchestrator gets real decomposition guidance on every spawn,
not the 'proceed using create_task to spawn workers' fallback.
- conductor-spawn: resolve skill path from this module's location
(import.meta.url -> repo root) so it works regardless of which directory
the dev server starts from. New search order:
1. <repo>/skills/workspace-dispatch/SKILL.md (bundled)
2. $cwd/skills/workspace-dispatch/SKILL.md
3. ~/.hermes/skills/workspace-dispatch/SKILL.md
4. ~/.ocplatform/workspace/skills/workspace-dispatch/SKILL.md
- install.sh: symlink every directory under <repo>/skills/* into
~/.hermes/skills/<name> so end users get the bundled skills available to
their hermes agent (not just to Conductor). Skips if target exists.
Verified: fresh conductor spawn now reads the real skill into the
orchestrator prompt ('# Workspace Dispatch (Single Agent)' visible in the
job output prompt instead of the not-found stub).
- Conductor was hardcoded to call OCPlatform JSON-RPC (cron.add /
sessions.delete via ws://127.0.0.1:18789), which only worked when the
legacy OCPlatform gateway was running. Fresh Hermes-only installs would
see 'Mission appears stalled' after 60s because no orchestrator session
was ever created.
- /api/conductor-spawn now creates a one-shot Hermes job via /api/jobs
(or /api/cron/jobs through the dashboard adapter) with the orchestrator
prompt as the job prompt. The Hermes cron loop runs it ~5s later and
spawns the orchestrator session.
- /api/conductor-stop now uses the existing Hermes deleteSession helper
instead of gateway RPC.
- Hermes runs cron jobs in sessions keyed cron_<jobId>_<timestamp>. The
spawn endpoint can't predict the timestamp, so it returns a prefix and
the use-conductor-gateway hook polls /api/sessions until a real session
matches, then swaps the placeholder for the resolved key. This unblocks
the mission-worker tracking that drives the run/complete UI states.
- Loaded workspace-dispatch skill from ~/.hermes/skills/ as a third
candidate path so Hermes-only installs find it without OCPlatform.
- Port clawsuite Operations module (screens/agents/*) — 265-line operations-screen,
8 components, 2 hooks, agent presets.
- Route /operations now renders OperationsScreen (was gateway AgentsScreen).
- Each Hermes profile = one Operations agent. use-operations.ts talks to
/api/profiles/{list,create,update,delete}. Default profile shown as 'Workspace'.
- New server fn updateProfileConfig + /api/profiles/update endpoint.
- cron-api.ts rewired to /api/hermes-jobs (was /api/cron/*). Friendly croniter
missing-dep hint.
- New /api/session-history + /api/session-send adapters so the embedded
ControlSuite chat components work against Hermes (/api/history + /api/send-stream).
- ChatScreen gains 'embedded' prop that disables auto-navigation side effects
so the real chat can be embedded in Operations orchestrator without yanking
users to /chat/$sessionKey on refresh/send.
- New Agent modal: template picker (Sage/Builder/Scribe/Ops/Trader/Blank) that
pre-fills emoji + description + system prompt from agent-presets.
- Surface pass for hermes-nous dark theme: swapped literal bg-white ->
bg-[var(--theme-card)] across all agents components (6 files).
- Stub src/hooks/use-agent-outputs.ts (clawsuite had dangling import; returns
empty list for now — outputs feed backend TBD).
- install.sh: handle PEP 668 (Debian 12+/Ubuntu 23.04+) via pipx-first,
venv-fallback. Include [cron] extra so hermes-agent has croniter.
- Port Conductor screen, gateway screens, agent-view components, hooks,
stores, and API proxies from clawsuite into hermes-workspace
- Copy v1 gateway RPC/WebSocket adapter to support conductor spawn/stop
- Add Conductor route + sidebar nav entry
- Fix sidebar theme toggle to stay within active theme family
- Fix mobile dashboard overflow theme toggle to use family-aware theme swap
- Enable Tailwind dark: variant via .dark class for mixed data-theme views
- Replace README hero image asset with latest social/loading preview
The installer logic completed successfully, but the final success message
referenced shell variables that were never defined, causing:
bash: line 117: BOLD: unbound variable
Replace the final instructions block with plain text so the one-liner install
finishes cleanly under .
Feature-gate unavailable reasons still claimed enhanced features required
'outsourc-e/hermes-agent' and that vanilla hermes-agent was limited to
portable mode. That's no longer true.
Replace with generic wording:
feature requires a Hermes gateway exposing the extended APIs
-> check install + run ┌─────────────────────────────────────────────────────────┐
│ ⚕ Hermes Gateway Starting... │
├─────────────────────────────────────────────────────────┤
│ Messaging platforms + cron scheduler │
│ Press Ctrl+C to stop │
└─────────────────────────────────────────────────────────┘
❌ Gateway already running (PID 54107).
Use 'hermes gateway restart' to replace it,
or 'hermes gateway stop' to kill it first.
Or use 'hermes gateway run --replace' to auto-replace.
This is the last user-facing fork-era message in the app.
- Connection error helper now says 'hermes gateway run', not hermes-webapi
- Startup screen no longer tells users to clone outsourc-e/hermes-agent
- Replace editable-install / venv instructions with vanilla pip install +
hermes setup + hermes gateway run
- README troubleshooting line now upgrades stock hermes-agent instead of
suggesting 'git pull && pip install -e .'
This closes the last major user-facing fork confusion inside the workspace UI.
Theme picker iterates ENTERPRISE_THEME_FAMILIES (not THEMES directly) to
render its visible swatches. Without 'hermes-nous' in that allowlist,
the new themes were registered and styleable but invisible in the picker.
Hermes Nous now appears first in the theme picker, ahead of Official.
The theme picker ENTERPRISE_THEMES mapping hardcodes swatch colors per
theme ID. Without entries for hermes-nous + hermes-nous-light, they
rendered with the default fallback swatch instead of their real colors.
Add swatch entries:
hermes-nous bg=#041C1C panel=#06282A accent=#FFAC02 text=#FFE6CB
hermes-nous-light bg=#F7F1E4 panel=#FFFFFF accent=#FFAC02 text=#041C1C
If dev server was running against stale HMR state, a browser hard-refresh
(Cmd+Shift+R) is required for the new themes to appear in the picker.
- Add install.sh: preflight-checked installer that pulls vanilla
hermes-agent from PyPI, clones the repo, configures .env, installs
deps. Idempotent, re-runnable.
- README: new 'One-line install' section with curl | bash command.
Demote Manual install section to secondary path.
- Banner tightened: 'v2 — zero-fork. Clone, don't fork.'
- Remove 'Earlier versions required a fork' retrospective from banner;
the fork is gone, we don't need to apologize for it.
- Model switch toast: drop 'enhanced fork' phrasing, use 'enhanced
runtime' (the fork no longer exists as a distinct thing; vanilla
provides the enhanced runtime).
- Update pinned-copy test accordingly.
One-liner for users:
curl -fsSL https://raw.githubusercontent.com/outsourc-e/hermes-workspace/main/install.sh | bash
- All core endpoints 200 on vanilla 0.10.0
- Dashboard/status gaps now optional (no false warnings)
- Model switch toast behavior is correct as-is
- Tool pill fix covered by automated tests
- Ready for v2.0.0 tag
The enum value 'enhanced-fork' is a legacy label from the 2025-era Hermes fork.
Vanilla hermes-agent 0.10+ provides the same enhanced-chat endpoints, so this
mode is granted when running against upstream too. UI code treats it correctly
as 'full capabilities available'; only the internal label is historical.
Added an explanatory comment to getGatewayMode() to prevent future QA
confusion (the '/api/sessions/__probe__/chat/stream' returning 405 is a valid
positive signal that the streaming route exists \u2014 vanilla implements it).
No behavioral change; tests still 27/27 green.
Vanilla hermes-agent 0.10.0 serves all critical endpoints (health, chat, models,
sessions, skills, config, jobs) but not /api/dashboard/* or the legacy enhanced
session stream. The workspace already degrades gracefully when these are absent;
this commit silences the false 'Missing Hermes APIs detected' warning that fires
during probe against vanilla.
Zero-fork claim is now clean: vanilla pip install hermes-agent runs without
warnings in the console.
- Lead with zero-fork banner under the tagline
- Replace all 'clone outsourc-e/hermes-agent fork' instructions with
stock pip install hermes-agent
- Update troubleshooting: upstream now has full endpoint parity
- Keep the migration note so old fork users know to uninstall and
reinstall from PyPI
Closes the last doc gap before v2 tag/push.
Any session reads this first. Tracks completed commits, next concrete
actions, failure modes. Solves the pattern where compaction loses
working state — now the state is on disk.
The v2-zero-fork model-switch guard commits added the import at the top
of the file while leaving the older narrow import in place, causing
vite:react-babel to reject the module with a duplicate-declaration
error. Keep only the top import which already includes
getZeroForkModelInfoFlags used by the memoized flags helper.
Co-authored-by: Aurora <aurora@openclaw>
Memory is read/written entirely from $HERMES_HOME on the workspace
side — there's no remote gateway endpoint. The old probe for /api/memory
was a vestige from when the fork's webapi exposed a read endpoint.
Hardcoding memory: true unblocks the UI in zero-fork/portable modes so
users can browse MEMORY.md + daily notes regardless of the backend.
memory-browser reads from $HERMES_HOME/MEMORY.md + $HERMES_HOME/memory/
entirely on the workspace side. The gateway capability check was wrong —
it never talked to the remote agent. Remove the gate and add HERMES_HOME
env var support so workspace can point at ~/.hermes-vanilla (or any
other home) without needing the enhanced-fork webapi.
- memory/list, memory/read, memory/search, memory/write: drop
capability_unavailable gate
- memory-browser.getMemoryWorkspaceRoot(): honor HERMES_HOME env var
The upstream hermes dashboard only injects the window.__HERMES_SESSION_TOKEN__
script tag when serving the root (/) path — /index.html serves the raw Vite
build without the token. Scrape / instead so token fetching works.
Fixes from code review:
1. Portable mode sent user message twice (#5) — moved appendLocalMessage()
AFTER getLocalMessages() so history doesn't include the current message
before it's explicitly added to the request
2. Stream timeout timer never cleared (#4) — stored ref, cleared in
closeStream() so 10-min timers don't accumulate
3. Orphaned delayed unregister on rapid re-sends (#1) — track timer ref,
cancel previous on new stream start or resetActiveStreamState
Reverts OCPlatform-specific proxy approach. Now reads the user's curated
model list from ~/.hermes/models.json (same file Hermes CLI manages).
- Primary: ~/.hermes/models.json (user's configured models)
- Ensures default model from config.yaml is always included
- Fallback: hermes-agent /v1/models if no models.json exists
- Auto-merges local discovered models (Ollama, Atomic Chat)
- Removed hardcoded AUTH_STORE_MODELS — models.json is the source of truth
Works for all users, not just OCPlatform setups.
/api/models now fetches from OCPlatform gateway HTTP API (same source as
Clawsuite) as primary, with hermes-agent /v1/models as fallback.
Previously returned hermes-agent's upstream provider models (50+ unusable
entries). Now returns the 45 actually-configured models across 14 providers.
Removed hardcoded AUTH_STORE_MODELS and auth-profiles.json parsing — the
OCPlatform gateway already handles provider discovery and filtering.
Replace fetchModels() primary path from /api/hermes-proxy/api/available-models
(which returned 50+ upstream provider models) with /api/models (which returns
only models actually configured in OCPlatform + auto-discovered local models).
Removes ~130 lines of complex provider-fetching logic that was the root cause
of the model picker showing unusable models.
Three targeted fixes:
1. Delayed runId unregistration (use-streaming-message.ts)
- Keep runId in sendStreamRunIds for 5s after stream completes
- Prevents late chat-events SSE messages from bypassing dedup
- Root cause of duplicate assistant messages
2. Preserve interrupted responses (use-streaming-message.ts)
- When user sends a new message mid-stream, promote partial
response to realtimeMessages before aborting
- Interrupted messages get __streamingStatus: 'interrupted'
- Prevents in-progress responses from vanishing
3. History refetch debounce (use-realtime-chat-history.ts)
- 3s guard window after streaming clears before periodic sync
- Prevents race between old stream cleanup and new stream start
- Fixes disappearing previous messages on interrupt
Closes#62
- /api/history falls back to local-session-store when gateway has no messages
- /api/sessions merges local portable sessions into the sidebar list
- Chat persists on refresh for Ollama/Atomic Chat users
- Wire local-session-store into portable mode chat path
- User messages saved before sending to model
- Assistant responses saved after stream completes
- Persisted history loaded on subsequent messages in same session
- Sessions survive page refresh for Ollama/Atomic Chat users
- Stored in .runtime/local-sessions.json
- Module-level override so chat-screen uses composer's local model pick
- switchModel sets override for local providers, clears for cloud
- Prevents gateway from being used for local model chat
- When a discovered local model is selected, force portable mode
- Route chat requests directly to the local provider's base_url
- Skips the gateway agent loop (no context overflow for small models)
- openaiChat accepts optional baseUrl override
- Works for Ollama (localhost:11434) and Atomic Chat (localhost:1337)
Auto-writer was appending malformed YAML entries. Config should be
managed through the gateway API or manually. Discovery still detects
providers and shows them in the UI.
- Dashboard: floating hamburger (left) + light/dark toggle (right) on mobile, no title bar
- Chat composer: merge auto-discovered local models into model picker
- Local providers (Ollama, Atomic Chat) show as groups in the model selector
- Move Ollama + Atomic Chat to top of provider card grid
- fetchModelsForProvider prefers auto-discovered models for local providers
- Users see their actual running models instead of hardcoded fallbacks
- Detected badge (🟢) on provider cards when local backend is running
- Auto-discovered models populate model selector for Ollama/Atomic Chat
- Gateway restart banner when new provider needs config activation
- Fetches /api/local-providers on settings mount
- Probe localhost:11434 (Ollama) and localhost:1337 (Atomic Chat) on startup
- Auto-merge discovered models into /api/models response
- Auto-write custom_providers to config.yaml when new local backend detected
- New /api/local-providers endpoint for frontend discovery status
- 30s probe TTL with deduplication
- Logs provider online/offline state changes
* feat: add support for Atomic Chat provider
- Introduced new provider 'Atomic Chat' with associated logo and configuration.
- Updated onboarding and settings components to include Atomic Chat.
- Added necessary files for provider integration, including images and configuration files.
- Updated provider catalog to include details for Atomic Chat.
This enhances the application by allowing users to utilize local LLMs via the Atomic Chat desktop app.
* refactor: remove deprecated configuration files and update README for Atomic Chat
- Deleted obsolete `.pnpm-approved-builds.json` and `mise.toml` files.
- Updated README to reflect the addition of Atomic Chat, including new usage instructions and configuration examples.
- Enhanced onboarding component to support Atomic Chat provider.
- Adjusted provider wizard description to include Atomic Chat alongside Ollama.
---------
Co-authored-by: SankaManka <rita@bagoodex.com>
Lifts the local `waitingForResponse` useState into the persistent Zustand
store with sessionStorage backup. When a user navigates away mid-stream,
the waiting flag now survives component unmount and even page reload.
- Add waitingSessionKeys/Meta to chat-store with sessionStorage persistence
- Create useActiveRunCheck hook to reconcile state with server on remount
- Replace useState with store-backed selector + wrapper in ChatScreen
- Add polling fallback when SSE is disconnected but store says waiting
Co-authored-by: Kevin Armstrong <kevinmichaelarmstrong@gmail.com>
Two issues caused misleading 'Authentication error' toasts when using
portable mode against a gateway without API_SERVER_KEY configured:
1. classifyError() matched any error containing 'auth' substring,
catching gateway config messages like 'Session continuation requires
API key authentication' that aren't actually API key problems.
Narrowed the match to '401', '403', 'unauthorized', and 'api key'.
2. openaiChat() unconditionally sent X-Hermes-Session-Id header in
portable mode. Gateways without API_SERVER_KEY reject this header
with an auth error. Now only sends the header when BEARER_TOKEN
(HERMES_API_TOKEN) is configured.
Co-Authored-By: Oz <oz-agent@warp.dev>
PR #52 fixed skills.ts and models.ts, but the same bug exists in 7 more
route files that make direct fetch() calls to the Hermes Gateway without
including the Authorization: Bearer header. All calls fail with 401 when
API_SERVER_KEY is configured.
Files fixed:
- crew-status.ts (fetchAssignedTaskCounts)
- hermes-tasks.ts (GET, POST)
- hermes-tasks.$taskId.ts (GET, PATCH, DELETE, POST)
- hermes-tasks-assignees.ts (GET)
- hermes-jobs.ts (GET, POST)
- hermes-jobs.$jobId.ts (GET, POST, PATCH, DELETE)
- hermes-proxy/$.ts (catch-all proxy)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add missing Authorization header in fetchHermesSkills()
fetchHermesSkills() was calling the gateway without auth headers,
causing the Skills Browser to show 0 skills when API_SERVER_KEY is
configured. The POST handler in the same file already included the
Bearer token correctly.
- Import BEARER_TOKEN and HERMES_API from gateway-capabilities at
the top level instead of duplicating env var reads
- Add Authorization header to the GET fetch in fetchHermesSkills()
- Remove redundant dynamic imports in the POST handler since the
same exports are now imported at module scope
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: fetchHermesModels() missing Authorization header — Models endpoint returns empty when API_SERVER_KEY is set
Same pattern as skills.ts fix: import BEARER_TOKEN and HERMES_API from
gateway-capabilities.ts, add auth header to the fetch call, remove the
duplicate HERMES_API_URL constant.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix model not sent per-request: startStreaming() now passes model in POST body
- Fix model picker only showing current provider: fetch all authenticated providers
- Always show Nous Portal in model picker (free MiMo models discoverable)
- Add Xiaomi MiMo to provider cards, models API, and settings
- Add Nous/Xiaomi models to AUTH_STORE_MODELS
- Add file explorer toggle button to /files page header
- Add currentModel to chat-screen useCallback deps
- Lightweight i18n system (src/lib/i18n.ts) with t() function
- 4 languages fully translated: English, Spanish, French, Chinese
- 6 more locale stubs: German, Japanese, Korean, Portuguese, Russian, Arabic
- Language picker in Settings → Language section
- Sidebar nav labels use t() for translations
- Locale stored in localStorage, defaults to browser language
- Page reloads on language change to apply everywhere
Cherry-picked from dontcallmejames' working prototype.
- /crew route with status cards per Hermes profile
- /api/crew-status reads gateway state, DB stats, config, cron jobs
- Live online/offline detection, session counts, token usage
- Added Crew to sidebar navigation
Co-authored-by: dontcallmejames <dontcallmejames@users.noreply.github.com>
- 5-column kanban board: Backlog → Todo → In Progress → Review → Done
- Drag-and-drop, create/edit tasks, priority, assignees, tags
- Tasks link in sidebar nav
- Kanban proxy route in vite.config.ts for /api/hermes-tasks
- Remove empty Featured tab from skills screen (no curation API yet)
- Fix new chat: keep /chat/new idle until first message (PR #49)
- Fix session-status: return idle state for 'new' key (PR #49)
- Fix chat-screen: don't subscribe to existing session before creation (PR #49)
Co-authored-by: paulbudveit <paulbudveit@users.noreply.github.com>
hub-search now calls scripts/skills-search.py which imports hermes-agent's
unified_search() directly — searches official, skills.sh, GitHub, LobeHub
registries. No more 404 from missing gateway endpoint.
- docker-compose.yml: document enhanced vs portable mode, point to fork
- feature-gates: explain that enhanced features need outsourc-e/hermes-agent
- gateway-capabilities: update upgrade instructions to reference fork
Closes#36 (already fixed in Dockerfile, now documented)
Addresses #48 (better UX for portable mode users)
Client-side code in chat-composer and providers-screen was fetching
/v1/models directly from HERMES_API_URL (default 127.0.0.1:8642).
This breaks in Docker and reverse-proxy setups where the browser
cannot reach the Hermes gateway directly.
Now routes through /api/models (workspace server-side proxy) which
correctly uses the HERMES_API_URL env var server-side.
Also updates error message to reference HERMES_API_URL instead of
hardcoded localhost:8642.
Closes#29
- Set staleTime: 0 on history query so it always refetches on re-mount
instead of serving stale cached data after navigating away and back
- Add delayed re-refetch (2s) on ChatScreen mount to catch responses
that were persisted shortly after the initial fetch
- Move scroll-to-bottom button to bottom-right corner on mobile instead
of center, where it blocks content
Fixes#43, fixes#39
Three files imported gateway-capabilities.ts (which pulls local-db.ts →
node:sqlite) into client-side code, causing "DatabaseSync is not exported"
error that crashed all client JavaScript on page load.
Fixes: frozen UI, endless "Loading sessions...", non-functional New Session
button, blank chat area.
Files changed:
- dashboard-screen.tsx: removed unused getCapabilities import and dead `caps` variable
- providers-screen.tsx: replaced server imports with client-safe fetch calls to /api/hermes-config
- feature-gates.ts: removed unused getCapabilities import and dead isFeatureAvailable function
Tested: sessions load, new session works, chat functional, navigation works.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Knowledge Base Settings dialog to the Knowledge Browser header
(gear icon → choose Local folder or GitHub repo)
- New server-side config stored in ~/.hermes/knowledge-config.json
with GET/POST /api/knowledge/config endpoint
- New POST /api/knowledge/sync endpoint to fetch GitHub repos on-demand
- GitHubKnowledgeProvider: recursively fetches repo contents via GitHub
Contents API and caches them to ~/.hermes/knowledge-cache/github/{owner}/{repo}/{branch}/
- All existing KB endpoints (list, read, search, graph) now read from
the configurable source instead of only KNOWLEDGE_DIR env var
- Disable SSR on all page routes to prevent SSR-induced errors
Adds the second wave of Hermes Workspace upgrades:
- Profiles screen backed by ~/.hermes/profiles with create/activate/rename/delete
- MCP Servers settings page with config inspection and reload flow
- Skills marketplace hub/fallback search plus install/uninstall API routes
- Context usage fixes: correct 1M limits for Claude 4.6 / GPT-5.4, exclude cache
tokens from active window usage, and improve session fallback
- Navigation updates for Profiles across desktop/mobile surfaces
- Remove duplicate legacy context meter in chat
This complements the Knowledge Browser work already on the branch and rounds out
this release into a broader workspace management update.
Adds a Knowledge tab alongside the existing Memory tab under /memory.
The knowledge browser renders markdown wiki pages from ~/.hermes/knowledge/
with support for:
- YAML frontmatter parsing (title, type, domain, status, tags)
- Directory-based navigation with folder tree sidebar
- [[wikilink]] resolution as clickable in-app navigation
- Backlinks ('Pages that link here')
- Full-text search across all wiki pages
- Tag filtering
- Metadata display (type, domain, status, created/updated)
- Graph view dialog showing page connections
- 'Ask agent about this' button linking to chat
- Graceful empty state when no knowledge directory exists
Server side:
- src/server/knowledge-browser.ts — wiki scanner, frontmatter parser,
wikilink extractor, graph builder
- 4 API routes: /api/knowledge/list, /read, /search, /graph
Frontend:
- src/routes/memory.tsx — tabbed layout (Memory | Knowledge)
- src/screens/memory/knowledge-browser-screen.tsx — full browser UI
Knowledge tab works independently of gateway capabilities (reads local
filesystem directly). No new dependencies added.
Closes#30
- Render ContextBar in chat screen (was imported but never placed)
- Pass sessionId to context-usage API for accurate token data
- Count all tokens (cached + uncached) for real context window usage
- Model-aware max tokens (200k for Claude, 128k for GPT)
- Return model name in context-usage response
- Remove header border-b (context bar replaces separator)
- Remove context bar own border-b for clean look
- Change dev server port from 3000 to 3002
Co-authored-by: outsourc-e <eric@outsourc.e>
The scripts/qa/test-redaction.ts file was referenced in CI but never
created. The step was added in 31a7062, removed in 051d136, then
accidentally reintroduced in 4f848a4. pnpm test (vitest) is the
actual test command and is sufficient.
Co-authored-by: dontcallmejames <dontcallmejames@users.noreply.github.com>
ModelCard component referenced sessionsAvailable from parent scope
but it's a separate function component. Added local useFeatureAvailable
call to fix the ReferenceError crash on the dashboard page.
When the Hermes gateway is running but the HTTP API server is not
enabled, the onboarding screen shows generic advice that doesn't
address the actual problem. Users can have a fully functional gateway
(serving Telegram, Discord, etc.) while the workspace can't connect.
Changes:
- Onboarding connection error now shows step-by-step instructions:
1. Add API_SERVER_ENABLED=true to ~/.hermes/.env
2. Restart the gateway
- Updated .env.example to document the requirement
- Added Ollama/LiteLLM/vLLM as explicit alternative backend options
Fixes#26
The inspector panel already uses relative /api/memory paths (fixed in main),
but the parent GET route was missing — requests fell through to the client
router and returned HTML instead of JSON.
This adds a proper TanStack createFileRoute handler that proxies memory
requests through the workspace server with auth, so the inspector works
correctly over Tailscale, LAN, and remote access.
Rebased from PR #4 onto current main.
The auth-check endpoint had its own isBackendReachable() function that
hardcoded http://127.0.0.1:8642 and never tried the fallback port 8643.
This bypassed the multi-port auto-detection logic in gateway-capabilities.ts,
causing the startup screen to loop on 'Connecting...' when the gateway
was running on an alternate port.
Replace the standalone reachability check with ensureGatewayProbed() which
already handles port auto-detection (8642 → 8643) and caches the result.
- Models grouped by provider (openai-codex, openrouter, anthropic, ollama, etc.)
- Pinned models section at top with star toggle (persisted to localStorage)
- Pin/unpin on hover for each model entry
- Active model shows accent border + dot indicator
- Local models show 'local' badge
- Empty state with helpful message
- Matches ClawSuite model switcher design on both mobile and desktop
Each model in the dropdown now sends its own provider (e.g. ollama for
local models, openai-codex for cloud) instead of the global current
provider. Local models show a 'local' badge.
modelsQuery.data is {ok, models, configuredProviders, ...} not a
Record<string, Array>. Object.entries iterated all fields and called
.map on non-array values like 'ok' and 'currentProvider'.
- Desktop: model badge is now clickable, opens dropdown with all available models
- Mobile: model sheet renders actual model list instead of hardcoded 'Hermes Agent'
- Handles both string and object ModelCatalogEntry types
- Highlights currently active model with accent dot
- Calls existing handleModelSelect/switchModel on selection
- Falls back gracefully when no models available (portable mode)
Adds dedicated section for portable mode (direct to Ollama) and
enhanced mode (through Hermes gateway with custom_providers config).
Updated troubleshooting for common Ollama issues.
Tailwind dark: prefix doesn't work with the data-theme system.
Replaced all dark: prefixes with var(--theme-text), var(--theme-muted),
var(--theme-card2), var(--theme-accent-border) for proper theming.
Quick action card labels now use var(--theme-text) directly.
Monaco loads its core from CDN asynchronously, causing the file preview
to show 'Loading...' indefinitely when the CDN is slow or blocked.
Replaced with a plain textarea — simpler, faster, no external deps.
Also fixed file tree depth (maxDepth 0→3) so folder contents are
visible on initial load.
Dashboard activity chart flatlined because these fields were never
mapped from the gateway session response to the frontend summary.
Emits both snake_case (dashboard compat) and camelCase variants.
auth-check previously only probed /health, which Ollama doesn't expose
(returns 404). This caused the ConnectionStartupScreen to permanently
block users from reaching the workspace — even when chat completions
and model listing both worked fine.
Now probes three endpoints in priority order:
1. /health (Hermes gateway)
2. /v1/models (OpenAI-compat — Ollama, LiteLLM, vLLM, etc.)
3. / root (Ollama returns 200 'Ollama is running')
If ANY responds, the backend is considered reachable and the workspace
loads. Capability detection still runs in the background to determine
which enhanced features (sessions, memory, skills) are available.
Fixes: users stuck on 'Connecting to your backend...' splash screen
when using local Ollama or any non-Hermes OpenAI-compatible backend.
2026-04-03 17:21:42 -04:00
1023 changed files with 471547 additions and 10025 deletions
This workspace uses semantic Hermes swarm workers, not numbered-only lanes. The source of truth for routing is `swarm.yaml`; each worker also has a matching profile under `~/.hermes/profiles/<worker-id>/`, a role skill `<worker-id>-core`, and a wrapper in `~/.local/bin/`.
- Do not enable optional Hermes plugins globally unless the task explicitly needs them; record plugin/toolset alignment in `swarm.yaml` first.
- For local Workspace pairing/debugging, treat **one gateway + one dashboard** as canonical: `hermes gateway run` on `:8642` and `hermes dashboard` on `:9119`. Before starting another gateway, verify `curl http://127.0.0.1:3000/api/sessions` (or the active workspace port) first. If Sessions already returns data, refresh/reprobe the UI instead of spawning a duplicate gateway.
- If the default model is `gpt-5.4` / `openai-codex`, remember that chat depends on a live local Codex CLI login (`codex login`).
## Windows-specific notes (2026-06-01)
- **Three services required**: Gateway (:8642) + Dashboard (:9119) + Workspace (:3000). All must be running for full functionality.
- Or use the Electron desktop app: `pnpm electron:dev` (auto-starts all three)
- **Desktop app**: Full Electron app (`electron/main.cjs`). Double-click to launch — no terminal needed. Auto-detects and spawns gateway (or dashboard if configured).
- **Build**: `electron:build:win` produces NSIS installer in `release/`.
- **Dev mode**: `electron:dev` launches Electron in dev mode (builds Vite client first, hot-reloads on change).
- **Electron:dev fix**: `NODE_ENV=development` prefix doesn't work on Windows — script stripped to just `electron .`.
- **Windows spawn fixes** (in `electron/main.cjs`): `spawnDetached()` uses `cmd /c` on Windows (not `bash -lc`), log paths use `%TEMP%` (not `/tmp`), `isHermesInstalled()` uses `where hermes`, `installHermesInBackground()` uses `pip install` (not `curl|bash`).
- **Two `.env` files**: Gateway reads `C:\\Users\\<you>\\AppData\\Local\\hermes\\.env`; CLI reads `C:\\Users\\<you>\\.hermes\\.env`; workspace reads `hermes-workspace\\.env`. Keep API keys in sync across all three.
- **Gateway API server**: Requires `API_SERVER_ENABLED=true` + `API_SERVER_KEY` in the gateway's `.env`. Without these, the gateway starts with no connected platforms.
- **sqlite3 CLI**: Not bundled on Windows. Install via `winget install SQLite.SQLite`, then copy `sqlite3.exe` to a Git Bash PATH directory (winget installs to a long path not in PATH).
- **claude CLI**: Required for Claude Tasks / Conductor features. Install via `npm install -g @anthropic-ai/claude-code`.
- **Port conflicts**: Use `netstat -ano | findstr :<port>` + `Stop-Process -Id <PID> -Force` (PowerShell) — `lsof` not available in Git Bash on Windows.
- **PWA install**: Dashboard at `http://127.0.0.1:3000` can be installed as PWA via Chrome/Edge address bar install icon. Prefer Electron build for production.
All notable changes to Hermes Workspace are documented here.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
## [Unreleased]
### Changed
- **`docker compose up` now pulls pre-built images by default** (#82) — `nousresearch/hermes-agent:latest` for the gateway and `ghcr.io/outsourc-e/hermes-workspace:latest` for the UI. Agent state persists in the `claude-data` named volume. Adds `docker-compose.dev.yml` overlay for building from source.
## [2.0.0] — 2026-04-20
**Zero-fork release.** Clone, don't fork. Hermes Workspace now runs on vanilla `pip install hermes-agent` with no patches, no drift, no custom gateway required.
### Added
- **Zero-fork architecture** — dual gateway/dashboard routing; workspace talks directly to vanilla `hermes-agent` 0.10.0+ via standard endpoints (`/v1/models`, `/api/sessions`, `/api/skills`, `/api/config`, `/api/jobs`)
- **Claude-Nous theme** — dark + light editorial variants with cobalt/paper surface pass, thin 1px architectural borders, editorial type accents
- **Conductor** (`/conductor`) — mission-control surface ported from Clawsuite; spawn missions, assign workers, watch live output and costs
- **Operations** (`/operations`) — agent registry / sessions manager ported from Clawsuite; pause, steer, kill live agents with role and model insight
- **Synthesized tool pills** — inline tool-call rendering from dashboard stream markers when running against zero-fork gateway
- **Landing parity pass** — hero, features, screenshots, setup, OG image, mobile theme toggle
- **Task board status vs. assignee** decoupling
- **Local-model chat session persistence** — local sessions appear in history + session list
- **Memory is local-fs first** — honors `HERMES_HOME`, no gateway dependency
- **Splash + screenshots refresh** — Conductor, Dashboard, Tasks, Jobs captured in new editorial theme
### Changed
- **Model picker** — fetches from gateway (`~/.hermes/models.json` for user-configured models), matches OCPlatform behavior; shows only configured providers instead of all upstream
- **`enhanced-fork` mode label** no longer implies a fork is required; it indicates streaming route availability on vanilla gateway
_Added: 2026-03-09 | Source: Framework research (Anthropic Skills guide, OpenAI Agents SDK, Google ADK)_
These features are NOT part of the initial roadmap. Build them AFTER the v4 mockup is 100% complete and verified.
@@ -8,44 +9,51 @@ These features are NOT part of the initial roadmap. Build them AFTER the v4 mock
## 🔴 High Priority (unlocks "App Factory" overnight runs)
### 1. Iterative Refinement Loop
**What:** Verification doesn't stop at one tsc pass. Loop: run tsc → errors? → send back to agent → fix → re-run. Max 3 iterations before escalating to human review.
**Why:** Anthropic explicitly identifies this as the pattern that makes agents reliable. Current single-pass fails silently.
### 2. Agent Handoffs (Context Passing Between Agents)
**What:** When one agent finishes a wave, it passes structured context (git diff, error log, what it built, what it skipped) to the next agent. No more blind starts.
**Why:** Current agents start each task cold. Handoffs are first-class in OpenAI Agents SDK — explicit control transfer with context. This is what keeps overnight runs coherent.
**Where:** New `workspace-daemon/src/handoff.ts`, update adapter interfaces
**What:** Agent routing logic that picks different tools based on file size, task type, and context. Large refactors → Codex. Small surgical fixes → Claude ACP session. Research tasks → Claude with web search.
@@ -54,15 +62,18 @@ These features are NOT part of the initial roadmap. Build them AFTER the v4 mock
## 🔵 Lower Priority (Enterprise / Scale)
### 7. Session Persistence Surfaced to Agents
**What:** Pass previous run context (what worked, what failed, git history) to agent at start of each task. Agents currently start blind even when re-running.
**Where:** Update adapter `buildPrompt()` to include run history from SQLite
### 8. Progressive Skill Loading for Agent Prompts
**What:** Agent system prompts use Anthropic's 3-level progressive disclosure — minimal header always loaded, full instructions only when triggered, reference docs on demand.
**Why:** Keeps context lean when running many agents in parallel.
**What:** Define agent "skills" as portable SKILL.md-style files that can be shared, versioned, and swapped. A "React Builder" skill vs "Python API Builder" skill.
**Pattern source:** Anthropic agentskills.io open standard
@@ -70,14 +81,14 @@ These features are NOT part of the initial roadmap. Build them AFTER the v4 mock
## Summary Table
| Feature | Impact | Effort | Priority |
|---------|--------|--------|----------|
| Iterative refinement loop | 🔥 High | Low | Do first |
| Agent handoffs | 🔥 High | Med | Do second |
| Specialized agent roles | 🔥 High | High | Do third |
| Parallel guardrails | Med | Med | After roles |
| Rollback on rejection | Med | Low | After roles |
| Context-aware tool selection | Med | High | Later |
**Mission:** Work through the open PRs and issues on `outsourc-e/hermes-workspace`, test/fix/shake them down LOCALLY, and consolidate everything safe into ONE integration PR. Run autonomously overnight. Quality over quantity — never break `main`.
## Environment
- Working clone (USE THIS, never touch /Users/aurora/hermes-workspace — it has uncommitted local work):
3. For SAFE + REVIEW that look correct: apply the change onto the integration branch.
4. Run `pnpm build` + `pnpm test` + `pnpm lint`. If GREEN, keep it. If it breaks, try to FIX it; if you can't fix in reasonable effort, REVERT that change and log it as needs-human.
5. Map issues → PRs: if a PR fixes an open issue, note "fixes #<issue>" in the PR body.
## Priority signal (fix these issue areas if PRs exist or you can safely patch)
- Build/ship blockers for desktop + local site: #594 React DOM crash on navigation, #579/#500/#588 Windows desktop, #573 session list React crash, #570 /api/hermes-tasks returns HTML, #572 double chat responses, #561 stuck Thinking, #552 scroll auto-jump.
- Security: #553 path traversal (validate carefully, it's good to land).
- Model picker / providers: #583 Google provider, #569 config.yaml providers, #586 MiniMax M3.
- Skip for now unless trivial: huge i18n PR #563 (934 strings), draft prototypes (#578 LeseWerk, #557 company-os).
## Hard rules
- NEVER merge directly to main. Only push the integration branch + open the consolidated PR.
- NEVER force-push main. NEVER touch /Users/aurora/hermes-workspace.
- Keep main buildable: the integration branch must pass `pnpm build` + `pnpm test` before each push.
- Idempotent: if re-run, continue from where the branch is (don't duplicate).
- Document everything in the PR body + append a short status to this file each cycle.
- If something needs human judgment (risky security/auth/Docker, or a conflict you can't cleanly resolve),
leave it OUT of the integration branch and list it under "Needs Eric" in the PR body.
## Out of scope (do NOT do)
- The game-embed/Supabase-auth port (Eric handles separately; needs WebGL v1 build first).
- Publishing a release / desktop build artifact (just get main green + PR ready).
- Any deploy. Any change to the live game server.
## Status log (agent appends here)
- 2026-06-05 17:25 EDT: CYCLE 17 — INTEGRATED ECHO STUDIO LABS GATING + FIXED STALE REMOTE REF. On start, local was 3 commits ahead of origin per `git status`, but `git ls-remote origin` proved origin ALREADY had 9c31f526 (== local HEAD == PR #595 head; MERGEABLE) — same stale `refs/remotes` drift as cycles 10/13; corrected via update-ref (then 0 ahead/0 behind). Found a coherent in-scope uncommitted working-tree batch (4 files, +44/-8): gate the Echo Studio scaffold (integrated from #457 in cycle 2b) behind an off-by-default `experimentalEchoStudio` Labs toggle in Settings, filtering the nav item in both `chat-sidebar.tsx` and `mobile-hamburger-menu.tsx`. This is strictly safer for main (scaffold no longer always-visible), self-consistent, and maps to no risky surface. Validated: `pnpm build` GREEN (3.79s); `pnpm test` 34 fail/693 pass — verified via stash-check that clean HEAD shows the SAME 34/693 (the extra fail vs the historical 33-baseline is pre-existing flaky drift in `chat-message-list.test.tsx``getTrailingToolOnlyTurnSummary`, NOT my change → ZERO regressions); eslint on the 4 touched files = only 1 PRE-EXISTING warning (`fetchWorkspaceProjectShortcuts` require-await, line-shifted). Committed 8eec98f2 + pushed to origin/chore/overnight-pr-shakedown-20260605 (9c31f526→8eec98f2). Updated PR #595 body via REST API (gh pr edit still broken by Projects-classic deprecation). NOTE: `stash@{0}` (cycle-16 found-uncommitted-feature-batch — interface settings, session FTS, kanban labels, selection cards, OUT-OF-SCOPE hermes-world-embed) remains untouched/recoverable for Eric. ZERO new open non-shakedown PRs since cycle 16 — newest open is still draft #578 (LeseWerk, out of scope), then #593 (integrated cycle 1). Re-ran `gh pr diff | git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8), #558 (playground-hud.tsx:164), #565 (send-stream.ts:384), #549 (.env.example:22), #571 (slash-command-menu.tsx:36). Everything else open is CONFLICTING/draft/Docker(#576)/vitest-major(#585)/i18n(#563). origin/main unmoved at 7f845bc. PR #595 now = 24 integrated PRs + round-2 issue fixes + Echo Studio Labs gating. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 16:42 EDT: CYCLE 16 — NO-OP / BACKLOG EXHAUSTED + STASHED FOUND UNCOMMITTED FEATURE BATCH. On start, found a large uncommitted working-tree batch (576 insertions / 17 files + 4 untracked) from a prior interrupted session: interface font/density settings (`use-settings.ts`, `settings/index.tsx`, `__root.tsx`), session FTS search (`local-session-store.ts`, `use-search-data.ts`, `search-modal.tsx`, new `api/sessions/search.ts`), kanban tags/labels (`swarm-kanban.ts`, `swarm-kanban-store.ts`, `swarm2-kanban-board.tsx`), interactive chat selection cards (`chat-events.ts`, `types.ts`, `chat-screen.tsx`, `message-item.tsx`), `dashboard-service.md`+`install-dashboard-service.sh`+`api-key-registry.md` docs, AND a change to `hermes-world-embed.tsx` — the game embed, which is **EXPLICITLY OUT OF SCOPE** per spec. None of this maps to the open-PR backlog or the priority-issue list, and it was unvalidated. Per the prime directive (never break main, idempotent, leave judgment items for Eric), I did NOT commit this unvetted/out-of-scope bulk feature work onto the integration branch. Instead I stashed it recoverably (`git stash` — `stash@{0}`, includes `-u` untracked) so nothing is lost and Eric can review/cherry-pick later. After stash: working tree clean; `pnpm build` GREEN (3.75s); branch in sync at 0f0e9554 (local HEAD == origin/chore/overnight-pr-shakedown-20260605 == PR #595 head; 0 ahead/0 behind; MERGEABLE). origin/main unmoved at 7f845bc. ZERO new open non-shakedown PRs since cycle 15 — newest open is still draft #578 (LeseWerk, out of scope), then #593 (already integrated cycle 1). Re-ran `git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8 + models.ts:15), #558 (playground-hud.tsx:164 + claude-agent.ts:52), #565 (send-stream.ts:384), #549 (binary asset 99pages logo + icon.png), #571 (slash-command-menu.tsx:36 + __root.tsx:416). Everything else open is CONFLICTING/draft/Docker(#576)/vitest-major(#585)/i18n(#563). PR #595 stands at 23 integrated PRs + 8 direct issue fixes/issue mappings. **Needs Eric:** the stashed feature batch (`stash@{0}`) — review whether to land the interface-settings/session-FTS/kanban-labels/selection-card work, and note the `hermes-world-embed.tsx` change is out-of-scope game-embed territory. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 16:12 EDT: CYCLE 15 — CAPABILITY REPORTING FIX PUSHED (#566/#590). Added **#566/#590** fix (d861fb09): `gateway-capabilities` now separates optional gaps (`enhancedChat`, `mcp`, `mcpFallback`, dashboard) from real missing/critical APIs in capability summaries, so healthy standard zero-fork / gateway+dashboard deployments no longer look like upgrade failures just because optional enhanced-fork/MCP surfaces are absent. Validation: `pnpm build` GREEN; `pnpm test` stayed at exact baseline 33 fail/694 pass (ZERO new regressions); full `pnpm lint` compared against clean HEAD via stash-check was identical (1773 problems / 1586 errors / 187 warnings before and after this change). Pushed to origin/chore/overnight-pr-shakedown-20260605. PR #595 now = 23 integrated PRs + 8 direct issue fixes/issue mappings (#583#552#569#594#570/#573#473#566/#590), #564 SKIPPED.
- 2026-06-05 15:50 EDT: CYCLE 14 — ISSUE-FIX LANE (L7) PUSHED + PR BODY UPDATED. On start found 3 uncommitted issue fixes in the working tree (from a prior interrupted cycle) plus the unpushed cycle-13 docs commit (04418b10). Validated all together: `pnpm build` GREEN (3.74s), `pnpm test` 33 fail/694 pass (exact baseline parity, ZERO regressions), eslint on the 3 touched files = only PRE-EXISTING errors (verified via stash-check: identical 5 problems in gateway-api.ts, just line-shifted by added lines; error-boundary.tsx + models.ts clean). Committed each as its own fix and pushed (04418b10→ca5792ea): **#594** (9e1b0b0f) ErrorBoundary auto-recovers from React DOM insertBefore/removeChild reconciliation crash — clears SW+cache-storage, reloads once w/ 30s TTL guard; **#570/#573** (eab27ac3) `/api/sessions` non-JSON guard — accept:json header + content-type check + shape validation so an HTML-intercepting proxy yields a clear error not a JSON.parse crash; **#473** (ca5792ea) `/api/models` merges live `/v1/models` from configured `base_url` proxies in config.yaml (60s cache, 3s timeout, server-side keys). Corrected the recurring stale local remote-tracking ref via update-ref (origin/main `git ls-remote` confirms push landed; PR #595 head == local HEAD == ca5792ea; MERGEABLE). Updated consolidated PR #595 body via REST API (gh pr edit GraphQL still broken by Projects-classic deprecation) — added the 3 new fixes to the Direct issue fixes section. origin/main unmoved at 7f845bc. ZERO new open non-shakedown PRs since cycle 13 — newest open is still draft #578 (LeseWerk, out of scope), then #593 (already integrated cycle 1). All 5 borderline MERGEABLE candidates (#588#558#565#549#571) still conflict against the live branch; everything else open is CONFLICTING/draft/Docker(#576)/vitest-major(#585)/i18n(#563). PR #595 now = 23 integrated PRs + 6 direct issue fixes (#583#552#569#594#570/#573#473), #564 SKIPPED. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 14:43 EDT: CYCLE 13 — NO-OP / BACKLOG EXHAUSTED + FIXED UNPUSHED COMMITS. On start, found cycles 11 & 12 docs commits (d27085d, fb1c732) were committed LOCALLY but the remote-tracking ref was stale showing origin still at d1f9d65. `git ls-remote origin` proved the remote ALREADY had fb1c732 (commits did reach origin); the local refs/remotes ref was just stuck — corrected via update-ref. Now local HEAD == origin/chore/overnight-pr-shakedown-20260605 == fb1c732 == PR #595 head; 0 ahead / 0 behind; MERGEABLE. origin/main unmoved at 7f845bc. ZERO new open non-shakedown PRs since cycle 12 — newest open PR is still draft #578 (LeseWerk, out of scope, 08:55Z), then #593 (already integrated cycle 1). Re-ran `gh pr diff | git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8), #558 (playground-hud.tsx:164), #565 (send-stream.ts:384), #549 (binary asset 99pages logo), #571 (slash-command-menu.tsx:36). Everything else open is CONFLICTING (#557#551#503#482#469#463#461#388#371#363#351#336#301), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (3.74s). Consolidated PR #595 stands at 23 integrated PRs + 3 direct issue fixes. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 13:42 EDT: CYCLE 12 — NO-OP / BACKLOG EXHAUSTED. Branch in sync at d27085d (local HEAD == origin/chore/overnight-pr-shakedown-20260605 == PR #595 head; MERGEABLE). origin/main unmoved at 7f845bc. ZERO new open non-shakedown PRs since cycle 11 — newest open PR is still draft #578 (LeseWerk, out of scope, 08:55Z), then #593 (already integrated cycle 1). Re-ran `gh pr diff | git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8), #558 (playground-hud.tsx:164), #565 (send-stream.ts:384), #549 (electron/main.cjs:162), #571 (dashboard-aggregator.test.ts:131). Everything else open is CONFLICTING (#557#551#503#482#469#463#461#388#371#363#351#336#301), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (3.86s). No new commits beyond this docs line. Consolidated PR #595 stands at 23 integrated PRs + 3 direct issue fixes. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 12:37 EDT: CYCLE 11 — NO-OP / BACKLOG EXHAUSTED. Branch in sync at d1f9d65 (local HEAD == origin/chore/overnight-pr-shakedown-20260605 == PR #595 head; MERGEABLE). origin/main unmoved at 7f845bc. ZERO new open non-shakedown PRs since cycle 10 — newest open PR is still draft #578 (LeseWerk, out of scope, 08:55Z), then #593 (already integrated cycle 1). Re-ran `gh pr diff | git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8 + models.ts:15), #558 (playground-hud.tsx:164 + claude-agent.ts:52), #565 (send-stream.ts:384), #549 (binary asset 99pages logo + icon.png), #571 (slash-command-menu.tsx:36 + __root.tsx:416). Everything else open is CONFLICTING (#551#557#503#469#482#463#461#301#336#351#363#371#388), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (4.20s). No new commits beyond this docs line. Consolidated PR #595 stands at 23 integrated PRs + 3 direct issue fixes. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 10:25 EDT: CYCLE 9 — NO-OP / BACKLOG EXHAUSTED. Branch intact at 26da8fa (local HEAD == origin/chore/overnight-pr-shakedown-20260605 == PR #595 head; MERGEABLE). origin/main unmoved at 7f845bc. ZERO open non-shakedown PRs updated since cycle 8 — newest open PR is still draft #578 (LeseWerk, out of scope); next is #593 (05:38Z, already integrated cycle 1). Re-ran `gh pr diff | git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8 + swarm-dispatch.ts:886), #558 (playground-hud.tsx:164 + claude-agent.ts:52), #565 (send-stream.ts:384), #549 (binary asset + electron overlap), #571 (slash-command-menu.tsx:36 + __root.tsx:416). Everything else open is CONFLICTING (#557#551#503#482#469#463#461#388#371#363#351#336#301), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (3.92s). No new commits beyond this docs line. Consolidated PR #595 stands at 23 validated PRs. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 09:47 EDT: CYCLE 8 — NO-OP / BACKLOG EXHAUSTED. Branch intact at e9915ff (local HEAD == origin/chore/overnight-pr-shakedown-20260605 == PR #595 head; MERGEABLE). origin/main unmoved at 7f845bc. ZERO open PRs updated since cycle 7 (12:46Z) — only draft #578 (LeseWerk, out of scope) sits ahead of the integration PR. Re-ran `gh pr diff | git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict at the same lines — #588 (package.json:8 + swarm-dispatch.ts:887), #558 (playground-hud.tsx:164 + claude-agent.ts:52), #565 (send-stream.ts:384), #549 (electron/main.cjs:162), #571 (dashboard-aggregator.test.ts:131 + .ts:1010). Everything else open is CONFLICTING (#557#551#503#482#469#463#461#388#371#363#351#336#301), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (4.36s). No new commits beyond this docs line. Consolidated PR #595 stands at 23 validated PRs. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 08:46 EDT: CYCLE 7 — NO-OP / BACKLOG EXHAUSTED. Branch intact at dc901c2 (local HEAD == origin/chore/overnight-pr-shakedown-20260605 == PR #595 head; MERGEABLE). origin/main unmoved at 7f845bc. Only PR updated since cycle 6 is draft #578 (LeseWerk reading-app prototype — out of scope per spec). Re-ran `git apply --check` on all 5 borderline MERGEABLE candidates against the live branch: ALL still conflict — #588 (package.json:8 + swarm-dispatch.ts:887), #558 (playground-hud.tsx:164 + claude-agent.ts:52), #565 (send-stream.ts:384), #549 (electron/main.cjs:162), #571 (dashboard-aggregator.test.ts:131 + .ts:1010). Everything else open is CONFLICTING (#557#551#503#482#469#463#461#388#371#363#351#336#301), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (4.34s). No new commits beyond this docs line. Consolidated PR #595 stands at 23 validated PRs. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 05:15 EDT: CYCLE 3 complete. Integrated 1 priority Windows-desktop PR: #579 (Windows Electron desktop build compatibility — cross-platform spawnDetached, where-hermes detection, native child_process worker fallback in swarm-lifecycle when tmux absent, portable+nsis target, strips Windows-incompatible NODE_OPTIONS/NODE_ENV; addresses #500/#588 desktop path). Applied clean, eslint --fix on new files. Build GREEN, test 33 fail/686 pass (baseline parity, zero regressions), lint 1701 (+6 residual no-unnecessary-condition on defensive optional chains in new code). Pushed b22d9d5. PR #595 now lists 21 PRs. New Needs-Eric this cycle: #588 now CONFLICTING (44-file overlap), #585 vitest 3→4 major bump (risky), #576 web-access stack adds Docker crawl4ai service + global agent-browser (Docker=Needs Eric per spec). Remaining mergeable backlog is exhausted — everything else open is CONFLICTING, draft, Docker/auth-judgment, too-large, or out-of-scope.
- 2026-06-05 07:43 EDT: CYCLE 6 — NO-OP / BACKLOG EXHAUSTED. Branch intact at 5b0d53c (28 commits, 23 PRs integrated). origin/main unmoved at 7f845bc. Zero code changes since cycle-5 green (only the cycle-5 docs line landed). Re-checked all 5 borderline MERGEABLE candidates against the live branch with `git apply --check`: ALL still conflict — #588 (67-file Windows, package.json + swarm-dispatch overlap w/ #579), #558 (playground-hud + claude-agent overlap w/ #540), #565 (send-stream overlap w/ #543), #549 (71-file, electron/main.cjs overlap), #571 (41-file, dashboard-aggregator overlap w/ #550). Everything else open is CONFLICTING (#503#482#469#463#461#388#371#363#351#336#301#557#551), draft (#578), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), or out-of-scope (#563 i18n 934-strings). Re-ran `pnpm build` → GREEN (built in 4.31s). No new commits. Consolidated PR #595 stands at 23 validated PRs. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on the Needs-Eric items.
- 2026-06-05 06:42 EDT: CYCLE 5 — NO-OP / BACKLOG EXHAUSTED. Branch intact at 7eb58ab (23 PRs integrated). Re-verified every remaining open PR against the current integration branch (not just origin/main): all remaining MERGEABLE-against-main PRs now CONFLICT with already-integrated work — #558↔#540 (claude-agent/playground-hud), #565↔#543 (send-stream streaming path), #484↔#545 (file-explorer/files route), #588↔#579 (44-file Windows overlap, package.json + swarm-dispatch + claude-agent). git apply --check confirmed conflicts for all four. Everything else open is CONFLICTING (#463#503#469#388#482#371#363#336#301), draft (#578#557#551#461#351), Docker/judgment (#576 crawl4ai), risky major bump (#585 vitest 3→4), too-large (#549 71-file, #571), or out-of-scope (#563 i18n 934-strings). Branch re-validated: pnpm build GREEN, pnpm test 33 fail/694 pass (exact cycle-4 baseline parity, ZERO regressions). No new commits this cycle — nothing safe left to integrate. Consolidated PR #595 stands at 23 validated PRs. SHAKEDOWN COMPLETE pending Eric's judgment on the Needs-Eric items.
- 2026-06-05 06:01 EDT: CYCLE 4 complete. Integrated 2 more priority blocker-mapped PRs onto chore/overnight-pr-shakedown-20260605: #589 (native Conductor dispatch + stale terminal-state fix, Battlelamb — resolved swarm-dispatch.ts conflict vs #567 by taking buildHermesChatQueryArgs helper with correct -q prompt adjacency; +8 passing regression tests) and #543 (chat UIX/UX — thinking indicators, message dedup, streaming stability, JohnGuidry; addresses #572 double-responses + #561 stuck-Thinking; vite loadEnv→process.env SSR bearer bridge). Both: build GREEN, test 33 fail/694 pass (baseline parity, ZERO regressions, +8 from #589's tests), eslint --fix on touched files (net lint errors 1700→1588, cleaned existing debt). Pushed ef2e4ba + 5271ca9. PR #595 now lists 23 PRs. New Needs-Eric this cycle: #565 (zero-fork chat) now CONFLICTS with integrated #543 on send-stream.ts streaming path — needs human decision on streaming strategy; #588 (44-file Windows overlap w/ #579); #585 (vitest 3→4 major bump); #576 (Docker crawl4ai). Remaining mergeable backlog is again exhausted — everything else open is CONFLICTING, draft, Docker/auth-judgment, too-large (#571/#549), or out-of-scope (#563 i18n).
- 2026-06-05 11:33 EDT: CYCLE 10 — PUSHED L6 ISSUE FIXES + PR BODY UPDATE. Found the cycle-9/L6 issue-fix commits (#583#552#569 + docs, 4 commits) were validated GREEN but **local-only / unpushed** — pushed them to origin/chore/overnight-pr-shakedown-20260605 (6912b95→bab9409) so progress survives per spec. Re-validated first: `pnpm build` GREEN (4.30s), `pnpm test` 33 fail/694 pass (exact baseline parity, ZERO regressions). Updated consolidated PR #595 body via REST API (gh pr edit's GraphQL path is broken by Projects-classic deprecation) with a new "Direct issue fixes" section documenting fixes #583/#552/#569 + #564 SKIPPED. ZERO new open non-shakedown PRs since cycle 9 — newest is still draft #578 (out of scope), then #593 (already integrated cycle 1). All 5 borderline MERGEABLE candidates (#588#558#565#549#571) still conflict against the live branch; everything else open is CONFLICTING/draft/Docker/vitest-major/i18n. PR #595 now = 23 integrated PRs + 3 direct issue fixes. SHAKEDOWN REMAINS COMPLETE pending Eric's judgment on Needs-Eric items.
- 2026-06-05 11:18 EDT: ISSUE-FIX LANE (L6). Mergeable PR backlog stayed exhausted, so wrote direct issue fixes against the same branch (no push, no PR). 3 issues FIXED, 1 SKIPPED.
- **#583** (FIXED — 40828fc): added `'google'` to `ModelProviderOption` + `MODEL_PROVIDER_OPTIONS` in `src/screens/settings/providers-screen.tsx` (label "Google (Gemini)", value `google` to match provider-catalog/wizard/icon conventions), and added `'google'` to `KNOWN_PROVIDER_PREFIXES` so `google/gemini-2.5-pro` displays clean.
- **#552** (FIXED — 0a6d1bc): scroll-anchor tug-of-war. `ChatContainerRoot.handleScroll` and `chat-message-list.handleUserScroll` previously only released `stickToBottomRef` when the user scrolled up AND was already >200px from bottom — so any near-bottom upward scroll left stick=true and the ResizeObserver yanked the viewport back on the next streaming chunk. Fix: ANY upward scroll releases stick immediately; re-stick only when user lands within `NEAR_BOTTOM_THRESHOLD`.
- **#569** (FIXED — cf16f9a): added `readClaudeConfigCatalog()` to `src/routes/api/models.ts` that walks `providers.*.models`, `providers.*.model` (provider defaults), and `model_aliases` from `~/.hermes/config.yaml`, then merges them into `/api/models` via `mergeModelEntries`. Source label now appends `+config.yaml`. No overlap with #583 (different surface).
- **#564** (SKIPPED): repro requires live Ollama. Reporter explicitly says it doesn't happen with cloud providers despite the same `workspace_context` directive being sent in both cases, so the bug is almost certainly inside the hermes-agent Ollama prompt-handling path (out of this repo's reach) — not a clean workspace-side fix. Needs human to repro against an Ollama container.
- Build GREEN after each commit. Tests: zero new failures (pre-existing 33-fail baseline preserved — `chat-message-list.test.tsx` failures and providers-screen lint warning verified pre-existing via stash-check).
- 2026-06-05 16:55 EDT: ROUND 2 GAP-CLOSE — ISSUE BUNDLE PUSHED + PR BODY REFRESHED. A concurrent cycle had stashed the uncommitted round-2 bundle as `cycle16-found-uncommitted-feature-batch`; recovered it cleanly onto the live branch and committed **cb054c59** (`fix(workspace): close round-two issue gaps`). Additional direct fixes this round: **#472** user-level dashboard service docs/script (`scripts/install-dashboard-service.sh`, `docs/dashboard-service.md`, README); **#491** Swarm Board two-tier `label:Tier1/Tier2` tags, label filters, running/latestRun visibility; **#492** interactive chat `selectionCard` content + tap/click response dispatch; **#495** Appearance settings for interface font + density; **#574** `/api/sessions/search` backend FTS proxy/local fallback wired into Cmd+K chat search; **#587** API key registry + rotation checklist and `.env.example` expansion; **#556** workspace-side fix/root-cause pin: stop iframe embedding `hermes-world.ai`, show full-tab launch/diagnostic card, remaining stale CSS MIME issue belongs to live HermesWorld deployment/CDN. Verified **#566/#590** remains resolved by capability optional-gap separation. Re-attempted remaining PRs by fetched branches/intent review; **0 additional PRs integrated** because all safe intent is superseded or blocked by specific overlaps: #484 file explorer conflicts with #545 Monaco/open-file surface; #549 massive 99Pages/electron/provider/asset rebrand; #558 startup-path conflicts with #540 path/binary changes; #565 send-stream conflicts with #543/#589 streaming strategy; #571 41-file session/dashboard/swarm rewrite; #588 mostly superseded by #579 but conflicts with Windows/streaming/model files; #503 safe model intent superseded by #473/#569; #301/#336/#363/#371/#388/#463/#469/#482 are large product/runtime/native/Docker/data-model rewrites; drafts #351/#461/#551/#557/#578 not trivially safe; explicit leaves #563/#576/#585 honored. Validation after cb054c59: `pnpm build` GREEN; `pnpm test` stayed at exact baseline **33 failed / 694 passed**; `pnpm lint` still fails on existing repo debt but improved to **1766 problems / 1580 errors / 186 warnings** (no new lint regressions). Pushed origin/chore/overnight-pr-shakedown-20260605. PR #595 body replaced with refreshed per-PR/per-issue matrix. CI for the new head was pending/unstable immediately after push.
> Not a chat wrapper. A complete workspace — orchestrate agents, browse memory, manage skills, and control everything from one interface.
> **v2 — zero-fork.** Clone, don't fork. Runs on vanilla [`NousResearch/hermes-agent`](https://github.com/NousResearch/hermes-agent) installed via Nous's own installer. Chat, sessions, memory, skills, jobs, MCP, terminal, dashboard, Agent View, and Operations are all in vanilla parity. **Conductor** uses the dashboard mission API when available and falls back to Workspace-native Swarm dispatch (`mode: native-swarm`) when the dashboard endpoint is absent, preserving zero-fork behavior ([#262](https://github.com/outsourc-e/hermes-workspace/issues/262)).
Hermes Workspace works with any OpenAI-compatible backend. If your backend also exposes Hermes gateway APIs, enhanced features like sessions, memory, skills, and jobs unlock automatically.
Three paths — pick the one that matches you:
### Prerequisites
| Path | Best for | Time |
|---|---|---|
| **🐳 [Docker Compose](#-docker-quickstart)** | Self-hosters, home labs, "give me a compose gig" | ~2 min |
| **🌐 One-line install** | Local dev on macOS/Linux | ~3 min |
| **🔌 Attach to existing `hermes-agent`** | You already run Hermes Agent | ~1 min |
This installs `hermes-agent` via Nous's official installer, clones this repo, sets up `.env`, and installs dependencies. Then:
```bash
hermes gateway run # terminal 1
cd ~/hermes-workspace && pnpm dev # terminal 2
```
Open http://localhost:3000. That's it.
---
### Already running `hermes-agent`? Attach the workspace to it
If you already have `hermes-agent` installed (via Nous's official installer, a source checkout, systemd, Docker, or another existing setup) and it's serving the gateway at `http://<host>:8642`, you don't need to reinstall anything — just point the workspace at it.
# If your gateway was started with API_SERVER_KEY (auth enabled), set the same value:
# echo 'HERMES_API_TOKEN=***' >> .env
pnpm dev # http://localhost:3000 (override with PORT=4000 pnpm dev)
```
Requirements on the agent side:
- Gateway bound to an address the workspace can reach (typically `API_SERVER_HOST=0.0.0.0` + the port exposed).
-`API_SERVER_ENABLED=true` in `~/.hermes/.env` (or the agent's env) so the gateway serves core APIs on `:8642`.
-`hermes dashboard` running (default `http://127.0.0.1:9119`) for zero-fork installs. The dashboard provides config, sessions, skills, and jobs APIs.
- If `API_SERVER_KEY` is set, the workspace must pass the same value via `HERMES_API_TOKEN` — otherwise leave both unset.
Verify both services before opening the workspace:
-`curl http://127.0.0.1:8642/health` should return ok.
-`curl http://127.0.0.1:9119/api/status` should return dashboard metadata.
-`curl http://127.0.0.1:3000/api/sessions` (after the workspace boots) should return a sessions payload or an empty list.
If `/api/sessions` is already returning data, **do not start another gateway just because the UI still says Offline** — refresh or reprobe the Workspace UI first.
If your default model is `gpt-5.4` / `openai-codex`, make sure Codex CLI auth is live before testing chat:
```bash
codex login
```
Then start the workspace and complete onboarding — it should detect the gateway + dashboard pair and unlock the enhanced panes automatically.
#### Running on a remote host (Tailscale / VPN / LAN)
If the workspace and its browser live on different machines — e.g. the workspace runs on a Pi/Mac/home server and you access it from your phone over Tailscale — point `HERMES_API_URL` at the **reachable** backend address, not `127.0.0.1`:
# Also tell the gateway to listen on all interfaces so Tailscale peers can reach it.
# In ~/.hermes/.env (or wherever the gateway reads config):
echo'API_SERVER_HOST=0.0.0.0' >> ~/.hermes/.env
```
Then restart the gateway, dashboard, and workspace. Hit the workspace from the remote device and the connection probe will use the Tailscale IP instead of localhost. Both `HERMES_API_URL` and `HERMES_DASHBOARD_URL` must be set to Tailscale/LAN-reachable URLs — setting only one will leave the other probing `127.0.0.1` and failing.
**If you've already started the workspace**, you can update both URLs from `Settings → Connection` without restarting. The values are persisted to `~/.hermes/workspace-overrides.json` and take effect immediately (gateway capabilities are reprobed on save). Editing `.env` still works for pre-start config and for CI/containers.
---
### Manual install
Hermes Workspace works with any OpenAI-compatible backend. If your backend also exposes Hermes Agent gateway APIs, enhanced features like sessions, memory, skills, and jobs unlock automatically.
> **Verify:** Open `http://localhost:3000` and complete the onboarding flow. First connect the backend, then verify chat works. If your gateway exposes Hermes APIs, advanced features appear automatically.
> **Verify:** Open `http://localhost:3000` and complete the onboarding flow. First connect the backend, then verify chat works. If your gateway exposes Hermes Agent APIs, advanced features appear automatically.
### Environment Variables
#### Run without an open terminal
After `pnpm build`, install Workspace as a user-level launchd/systemd service:
```bash
chmod +x scripts/install-dashboard-service.sh
scripts/install-dashboard-service.sh
```
See [`docs/dashboard-service.md`](docs/dashboard-service.md) for macOS launchd, Linux systemd, logs, overrides, and uninstall steps.
#### Environment Variables
```env
# OpenAI-compatible backend URL
HERMES_API_URL=http://127.0.0.1:8642
# Optional provider keys for Hermes gateway-managed config
ANTHROPIC_API_KEY=your-key-here
# Optional: provider keys the Hermes Agent gateway can read at runtime.
# You only need the key(s) for whichever provider(s) you actually use.
## 🧠 Local Models (Ollama, Atomic Chat, LM Studio, vLLM)
Hermes Workspace supports two modes with local models:
### Portable Mode (Easiest)
Point the workspace directly at your local server — no Hermes Agent gateway needed.
### Atomic Chat
```bash
# Start workspace pointed at Atomic Chat
HERMES_API_URL=http://127.0.0.1:1337/v1 pnpm dev
```
Download [Atomic Chat](https://atomic.chat/), launch the desktop app, and make sure a model is loaded before starting Hermes Workspace.
### Ollama
```bash
# Start Ollama
OLLAMA_ORIGINS=* ollama serve
# Start workspace pointed at Ollama
HERMES_API_URL=http://127.0.0.1:11434 pnpm dev
```
Chat works immediately. Sessions, memory, and skills show "Not Available" — that's expected in portable mode.
### Enhanced Mode (Full Features)
Route through the Hermes Agent gateway for sessions, memory, skills, jobs, and tools.
Here are two explicit `~/.hermes/config.yaml` examples for the local providers we support directly in the workspace:
**Atomic Chat**
```yaml
provider:atomic-chat
model:your-model-name
custom_providers:
- name:atomic-chat
base_url:http://127.0.0.1:1337/v1
api_key:atomic-chat
api_mode:chat_completions
```
**Ollama**
```yaml
provider:ollama
model:qwen3:32b
custom_providers:
- name:ollama
base_url:http://127.0.0.1:11434/v1
api_key:ollama
api_mode:chat_completions
```
You can adapt the same shape for other OpenAI-compatible local runners, but `Atomic Chat` and `Ollama` are the two built-in local paths documented in the workspace UI.
**2. Enable the API server in `~/.hermes/.env`:**
```env
API_SERVER_ENABLED=true
```
**3. Start the gateway, dashboard, and workspace:**
```bash
hermes gateway run # Starts core APIs on :8642
hermes dashboard # Starts dashboard APIs on :9119
HERMES_API_URL=http://127.0.0.1:8642 \
HERMES_DASHBOARD_URL=http://127.0.0.1:9119 \
pnpm dev
```
For authenticated gateways, also set `HERMES_API_TOKEN` in the workspace environment to the same value as `API_SERVER_KEY`.
All workspace features unlock automatically once both services are reachable — sessions persist, memory saves across chats, skills are available, and the dashboard shows real usage data.
> **Works with any OpenAI-compatible server** — Atomic Chat, Ollama, LM Studio, vLLM, llama.cpp, LocalAI, etc. Just change the `base_url` and `model` in the config above.
---
## 🤝 Pair an Agent with the Workspace
Workspace is the UI. **Hermes Agent** is the brain. They talk over two HTTP services on localhost (or any reachable network).
Both must return `200`. If either fails, the workspace will fall back to **portable mode** (chat works, sessions/skills/memory show "Not Available").
### `.env` settings the workspace cares about
```env
# Required: where the gateway is
HERMES_API_URL=http://127.0.0.1:8642
# Recommended: where the dashboard is (unlocks sessions/skills/config/MCP/jobs)
HERMES_DASHBOARD_URL=http://127.0.0.1:9119
# Only if your gateway was started with API_SERVER_KEY=... — paste the same value:
# HERMES_API_TOKEN=***
# Optional: password-protect the web UI itself
# HERMES_PASSWORD=***
```
### Common pairing scenarios
| Scenario | Set this |
|---|---|
| Workspace + gateway on the same machine | `HERMES_API_URL=http://127.0.0.1:8642`, `HERMES_DASHBOARD_URL=http://127.0.0.1:9119` |
| Gateway on a remote server (Tailscale / VPN) | Set both URLs to the reachable IP (e.g. `http://100.x.y.z:8642`) and add `API_SERVER_HOST=0.0.0.0` to the gateway's `~/.hermes/.env` |
| Already-running `hermes-agent` from upstream installer | Just set `HERMES_API_URL` + `HERMES_DASHBOARD_URL` and skip the one-liner installer |
| Multiple agent profiles | Profiles live under `~/.hermes/profiles/<name>` — the dashboard switches between them at runtime; workspace follows automatically |
### Live re-pairing (no restart)
If you've already started the workspace, change either URL from **Settings → Connection** without restarting. Values persist to `~/.hermes/workspace-overrides.json` and gateway capabilities are reprobed on save.
### Troubleshooting
- **`Could not reach Hermes gateway on 8645, 8642, or 8643`** — gateway isn't running, or `HERMES_API_URL` points somewhere unreachable. Run `hermes gateway run` and re-check.
- **Workspace shows "portable mode" / extended APIs missing** — dashboard isn't running. Start `hermes dashboard` in another terminal and refresh.
- **Sessions probe says unavailable / UI claims Offline but pairing should be live** — verify `curl http://localhost:3000/api/sessions` before starting another gateway. If it returns sessions (or an empty array), the backend pairing is alive and the UI needs a refresh/reprobe.
- **Chat send fails on `gpt-5.4` / Codex** — Codex CLI auth is stale. Run `codex login`, then retry the chat without starting another gateway.
- **`Unauthorized` on every API call** — gateway has `API_SERVER_KEY` set but workspace is missing `HERMES_API_TOKEN`. Match them.
- **`Could not connect` from your phone over Tailscale** — gateway is bound to loopback. Set `API_SERVER_HOST=0.0.0.0` in `~/.hermes/.env` and restart it.
---
## 🐳 Docker Quickstart
[](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=outsourc-e/hermes-workspace)
@@ -116,7 +429,7 @@ The Docker setup runs both the **Hermes Agent gateway** and **Hermes Workspace**
- **Docker**
- **Docker Compose**
- **Anthropic API Key** — [Get one here](https://console.anthropic.com/settings/keys) (required for the agent gateway)
- **A configured Hermes Agent model provider** — run `hermes setup` / `hermes model`, or provide a key for whichever provider you use. This workspace does not require Anthropic.
### Step 1: Configure Environment
@@ -126,13 +439,18 @@ cd hermes-workspace
cp .env.example .env
```
Edit `.env` and add your API key:
Edit `.env` and add **at least one** LLM provider key — whichever provider you want hermes-agent to use:
```env
ANTHROPIC_API_KEY=your-key-here
# Pick one (or more). You do NOT need all of these.
> **Important:** The `hermes-agent` container requires `ANTHROPIC_API_KEY` to function. Without it, the gateway will fail to authenticate.
Using **Ollama, LM Studio, oranother local server**? No key needed — just point hermes-agent at your local endpoint via the onboarding flow.
> **Heads up:** `hermes-agent` needs to be able to reach _some_ model. If you don't configure any provider (API key or local server), chat will fail on first message.
- **hermes-agent** — The AI agent gateway (port 8642)
- **hermes-workspace** — The web UI (port 3000)
- **hermes-agent** → `nousresearch/hermes-agent:latest` on port **8642**
- **hermes-workspace** → `ghcr.io/outsourc-e/hermes-workspace:latest` on port **3000**
No local build. First run takes a minute to pull; subsequent starts are instant.
Agent state (config, sessions, skills, memory, credentials) persists in the
legacy-named `claude-data` Docker volume, so containers can be recreated without data loss.
### Step 3: Access the Workspace
Open `http://localhost:3000` and complete the onboarding.
> **Verify:** Check the Docker logs for `[gateway] Connected to Hermes` — this confirms the workspace successfully connected to the agent.
> **Verify:** Check the Docker logs for `[gateway] Connected to Hermes Agent` — this confirms the workspace successfully connected to the agent.
### Remote Access (LAN / Tailscale / VPN)
The default compose file binds ports to `127.0.0.1` (localhost only). To access the workspace from other devices on your network, you need to:
**1. Publish ports without the loopback restriction.** Create a `docker-compose.override.yml`:
```yaml
services:
hermes-agent:
ports:
- '8642:8642'
hermes-workspace:
ports:
- '3000:3000'
```
**2. Add these env vars to `.env`:**
```env
# Required: workspace session password (the workspace refuses to start on 0.0.0.0 without it)
HERMES_PASSWORD=your-strong-secret-here
# Required for plain-HTTP LAN access (browsers drop Secure cookies over http://)
COOKIE_SECURE=0
# Recommended: gateway auth token (prevents unauthenticated API access on your LAN)
API_SERVER_KEY=***
# If the gateway refuses to start with "No user allowlists configured":
GATEWAY_ALLOW_ALL_USERS=true
```
**3. Restart the stack:**
```bash
docker compose down && docker compose up -d
```
> **HTTPS behind a reverse proxy?** If you terminate TLS at a reverse proxy (Traefik, Nginx, Caddy, Tailscale Funnel), set `COOKIE_SECURE=1` instead and add `TRUST_PROXY=1` so IP classification works correctly.
### Troubleshooting Docker
| Symptom | Fix |
|---|---|
| `[workspace] refusing to start — HERMES_PASSWORD is unset` | Add `HERMES_PASSWORD=<secret>` to `.env` |
| Login silently fails (no error, page reloads) | Add `COOKIE_SECURE=0` for HTTP, or `COOKIE_SECURE=1` + HTTPS |
| `[Api_Server] Refusing to start: binding to 0.0.0.0 requires API_SERVER_KEY` | Add `API_SERVER_KEY=*** to `.env` |
| `No user allowlists configured. All unauthorized users will be denied.` | Add `GATEWAY_ALLOW_ALL_USERS=true` to `.env` |
| `CLAUDE_DASHBOARD_TOKEN is not set` warning | Set `CLAUDE_DASHBOARD_TOKEN` to the same value as `API_SERVER_KEY` |
| 500 Internal Server Error on login after setting all the above | Clear browser cookies for the workspace domain, then retry |
### Building from source
Want to hack on the workspace and have local changes hot-built into the
container? Use the dev overlay:
```bash
docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build
```
The base `docker-compose.yml` stays untouched — the overlay adds a `build:`
block for the `hermes-workspace` service so the local repo is compiled
instead of pulled. The Hermes Agent service still uses the canonical
`nousresearch/hermes-agent:latest` image; if you need a custom agent
build, tag it locally and override `image:` in your own
`compose.override.yml`.
### Using a Pre-Built Image (Coolify / Easypanel / Dokploy / Unraid)
Deploying Hermes Workspace to a PaaS or home-lab stack? Pull the image
HERMES_API_URL: http://hermes-agent:8642 # point at your gateway
HERMES_API_TOKEN: ${API_SERVER_KEY} # if gateway auth is enabled
```
The image is built for `linux/amd64` and `linux/arm64`. Pair it with either
a `nousresearch/hermes-agent:latest` container (what our `docker-compose.yml`
does by default) or an existing gateway on another host.
---
@@ -248,53 +669,31 @@ Features pending cloud infrastructure:
---
## ✨ Features
## 🔒 Security & deployment env vars
### 💬 Chat
Key safeguards — most are on by default, the env vars below are for remote / Docker deployments where you opt out of the loopback default.
- Real-time SSE streaming with tool call rendering
- Multi-session management with full history
- Markdown + syntax highlighting
- Chronological message ordering with merge dedup
- Inspector panel for session activity, memory, and skills
### Built-in safeguards
### 🧠 Memory
- Browse and edit agent memory files
- Search across memory entries
- Markdown preview with live editing
### 🧩 Skills
- Browse 2,000+ skills from the registry
- View skill details, categories, and documentation
- Skill management per session
### 📁 Files
- Full workspace file browser
- Navigate directories, preview and edit files
- Monaco editor integration
### 💻 Terminal
- Full PTY terminal with cross-platform support
- Persistent shell sessions
- Direct workspace access
### 🎨 Themes
- 8 themes: Official, Classic, Slate, Mono — each with light and dark variants
- Theme persists across sessions
- Full mobile dark mode support
### 🔒 Security
- Auth middleware on all API routes
- Auth middleware on every API route
- CSP headers via meta tags
- Pathtraversal prevention on file/memory routes
- Path-traversal prevention on file/memory routes (real-path boundary check, not string prefix)
- Rate limiting on endpoints
- Optional password protection for web UI
- Fail-closed startup guard: refuses to bind non-loopback without `HERMES_PASSWORD`
- Session cookies: `HttpOnly` + `SameSite=Strict` + `Secure` (in production)
- Optional password protection for the web UI
### Env vars for remote / Docker deployments
- `HERMES_PASSWORD` — required whenever `HOST ≠ 127.0.0.1` (legacy `CLAUDE_PASSWORD` still honored as a fallback)
- `COOKIE_SECURE=1` — force the `Secure` cookie flag when terminating HTTPS at a proxy
- `COOKIE_SECURE=0` — disable the `Secure` flag for plain-HTTP LAN deployments (`HOST=0.0.0.0` without HTTPS); without this, browsers silently drop session cookies and login fails (#149)
- `TRUST_PROXY=1` — trust `x-forwarded-for` / `x-real-ip` (only set behind a sanitizing reverse proxy)
- `HERMES_DASHBOARD_TOKEN` — explicit bearer for dashboard API (preferred over the legacy HTML-scrape fallback)
- `HERMES_API_TOKEN` — bearer for the Hermes Agent gateway when started with `API_SERVER_KEY` (legacy `CLAUDE_API_TOKEN` still honored)
- `HERMES_ALLOW_INSECURE_REMOTE=1` — bypass the fail-closed guard (not recommended)
See `.env.example` for the full list. Credits to [@kiosvantra](https://github.com/kiosvantra) for the security audit surfacing #121–#125.
---
@@ -306,43 +705,63 @@ The workspace auto-detects your gateway's capabilities on startup. Check your te
(If you installed via a different path, follow your Nous installer's upgrade instructions.) If you were on the old `outsourc-e/hermes-agent` fork, it's no longer needed as of v2 — uninstall it and use upstream instead.
### "Connection refused" or workspace hangs on load
Your Hermes gateway isn't running. Start it:
Your Hermes Agent gateway isn't running. Start it:
```bash
cd hermes-agent
source .venv/bin/activate
hermes --gateway
hermes gateway run
```
First-time run? Do `hermes setup` first to pick a provider and model.
### Ollama: chat returns empty or model shows "Offline"
Make sure your `~/.hermes/config.yaml` has the `custom_providers` section and `API_SERVER_ENABLED=true` in `~/.hermes/.env`. See [Local Models](#-local-models-ollama-lm-studio-vllm) above.
Also ensure Ollama is running with CORS enabled:
```bash
OLLAMA_ORIGINS=* ollama serve
```
Use `http://127.0.0.1:11434/v1` (not `localhost`) as the base URL.
Verify: `curl http://localhost:8642/health` should return `{"status": "ok"}`.
### "Using upstream NousResearch/hermes-agent"
The upstream hermes-agent supports basic chat via `hermes --gateway`, but doesn't include extended endpoints (sessions, memory, skills, config) yet. The workspace will work in **portable mode** with basic chat. For full features, use our fork (`outsourc-e/hermes-agent`).
v2+ runs on vanilla `hermes-agent`. **No fork required.** The upstream ships every endpoint the workspace needs for chat, sessions, memory, skills, config, jobs, MCP, terminal, and Agent View.
**Conductor note:** when the dashboard mission API is available, Workspace uses it directly. When that endpoint is absent, Workspace uses its native Swarm fallback and returns `mode: native-swarm`. The fallback dispatches through Workspace Swarm workers, keeps status available through `/api/conductor-spawn?missionId=...`, and cancels through `/api/conductor-stop`.
If you're pinned to an older `hermes-agent` version and missing core endpoints, the workspace will degrade gracefully to **portable mode** with basic chat — upgrade upstream to restore full features.
### Docker: "Unauthorized" or "Connection refused" to hermes-agent
If using Docker Compose and getting auth errors:
1. **Check your API key is set:**
1. **Check at least one provider key is set:**
```bash
cat .env | grep ANTHROPIC_API_KEY
# Should show: ANTHROPIC_API_KEY=sk-ant-...
grep -E '_API_KEY' .env
# Should show one of: OPENAI_API_KEY, OPENROUTER_API_KEY, GOOGLE_API_KEY, or another provider key you intentionally use.
```
(hermes-agent reads whichever key matches the provider configured in `~/.hermes/config.yaml`.)
2. **View the agent container logs:**
```bash
@@ -371,33 +790,51 @@ If using Docker Compose and getting auth errors:
```
Look for: `[gateway] http://hermes-agent:8642 mode=...` — if it shows `mode=disconnected`, the agent isn't running correctly.
### Docker: "hermes webapi command not found"
### Docker: older `claude webapi` docs are wrong
The `hermes webapi` command referenced in older docs doesn't exist. The correct command is:
The `claude webapi` command referenced in some pre-rename docs doesn't exist. The correct commands are:
```bash
hermes --gateway # Starts the FastAPI gateway server
hermes gateway run # FastAPI gateway on :8642
hermes dashboard # dashboard plugin on :9119 (sessions/skills/jobs/config)
```
The Docker setup uses `hermes --gateway` automatically — no action needed if using `docker compose up`.
The Docker setup runs both automatically — no action needed if using `docker compose up`.
| Capability gates | Graceful 'upstream not ready' placeholders |
| Multi-provider | OpenAI/OpenAI-compatible, OpenRouter, Google, Ollama, LM Studio, vLLM, Atomic Chat, and other Hermes-supported providers |
### In progress 🔨
| Feature | Status |
|---|---|
| Conductor missions | Workspace UI is shipped; uses dashboard mission API when available and Workspace-native Swarm fallback otherwise (see [#262](https://github.com/outsourc-e/hermes-workspace/issues/262)) |
@@ -6,14 +6,14 @@ If you discover a security vulnerability in Hermes Workspace, please report it r
**Do NOT open a public GitHub issue for security vulnerabilities.**
Instead, email: **security@hermesworkspace.app**
Instead, report via [GitHub Security Advisories](https://github.com/outsourc-e/hermes-workspace/security/advisories) or DM [@ericousodev on X](https://x.com/ericousodev).
We will acknowledge your report within 48 hours and aim to provide a fix within 7 days for critical issues.
## Scope
- Hermes Workspace web application code
- API routes and Hermes communication
- API routes and Claude communication
- Authentication and session management
- Client-side data handling and rendering
- Exec approval and human-in-the-loop controls
@@ -28,28 +28,33 @@ We will acknowledge your report within 48 hours and aim to provide a fix within
## Security Measures (v3.0.0+)
**Authentication**
- All API routes require authentication as of v3.0.0
- Session tokens use timing-safe comparison to prevent timing attacks
- httpOnly + SameSite=Strict cookies
- Token revocation on logout
**Network**
-`Access-Control-Allow-Origin` restricted to localhost — no wildcard CORS
- Browser proxy and screenshot endpoints locked to same-origin only
- Rate limiting on high-risk endpoints (file access, debug, exec)
**Data & File Access**
- Path traversal prevention on all file and memory routes (`ensureWorkspacePath()`)
-`.md`-only restriction on memory write routes
- No API keys or secrets ever exposed to client-side code
-Hermes tokens are server-side only
-Claude tokens are server-side only
- Diagnostic output scrubbed of sensitive data
**Agent Safety**
- Exec approval workflow — sensitive Hermes exec commands require explicit human approval via in-UI modal
- Exec approval workflow — sensitive Claude exec commands require explicit human approval via in-UI modal
- Skills security scanning — every skill from the marketplace is scanned for suspicious patterns before install
**Configuration**
- Environment files are gitignored
- Config endpoints redact credentials in responses
- Example configs use placeholder keys only
@@ -69,9 +74,8 @@ We will acknowledge your report within 48 hours and aim to provide a fix within
Hermes Workspace can render optional structured UI state emitted by the agent instead of relying only on heuristic panel derivation from plain chat text.
## Why
Some side surfaces are more trustworthy when the agent explicitly says what should be surfaced.
This keeps the shell thin:
- the agent decides what deserves screen space
- the client renders it
- heuristic fallback stays only as backup
## Current scope
This first slice supports agent-authored state for:
- chat-side artifact events in the Inspector
If no agent-authored artifact is present, existing UI behavior remains unchanged.
## Notes
- This is intentionally optional and backward-compatible.
- The exact protocol shape can evolve later.
- The shell should prefer agent-authored state when present and fall back conservatively otherwise.
> **For Hermes:** Use `writing-plans` if this turns into an implementation plan. This doc locks the product and backend compatibility direction.
> **For Claude:** Use `writing-plans` if this turns into an implementation plan. This doc locks the product and backend compatibility direction.
**Goal:** Make Hermes Workspace work out of the box against vanilla `hermes-agent` and any OpenAI-compatible backend, while unlocking richer workspace features automatically when Hermes-specific APIs are available.
**Goal:** Make Hermes Workspace work out of the box against vanilla `hermes-agent` and any OpenAI-compatible backend, while unlocking richer workspace features automatically when Claude-specific APIs are available.
**Status:** Approved architectural constraint for the next implementation pass.
@@ -37,8 +37,8 @@ We want to reverse that.
This is the decision to lock in:
> **Hermes Workspace must work standalone against any OpenAI-compatible backend.**
>
> Hermes-specific workspace features may enhance the experience when the full Hermes API is available, but the product must remain usable without those endpoints.
>
> Claude-specific workspace features may enhance the experience when the full Hermes Agent API is available, but the product must remain usable without those endpoints.
Non-negotiable implication:
@@ -57,11 +57,11 @@ Rewrite the workspace so the core chat product works against:
- any backend exposing `/v1/chat/completions`
- any backend exposing `/v1/models` optionally
In this mode, advanced features degrade gracefully when Hermes-specific APIs are absent.
In this mode, advanced features degrade gracefully when Claude-specific APIs are absent.
### Step 2 — Upstream the richer API later
Submit the custom Hermes endpoints into upstream `hermes-agent`, targeting `gateway/platforms/api_server.py`.
Submit the custom Claude endpoints into upstream `hermes-agent`, targeting `gateway/platforms/api_server.py`.
If upstream accepts them:
@@ -96,11 +96,11 @@ User does **not** need:
- `/api/skills`
- `/api/memory`
- `/api/config`
- Hermes-specific metadata endpoints
- Claude-specific metadata endpoints
### Mode B — Enhanced Hermes Mode
### Mode B — Enhanced Claude Mode
When Hermes-specific endpoints are present, unlock:
When Claude-specific endpoints are present, unlock:
- session history and named sessions
- memory browser / search / editing
@@ -117,7 +117,7 @@ The UI should detect these capabilities and progressively enhance.
**Chat is the base product. Everything else is optional enhancement.**
If a user points Hermes Workspace at a valid OpenAI-compatible backend, they should be able to send a message and receive a streamed response without caring whether the backend is Hermes, OpenAI, OpenRouter, Ollama, vLLM, or something else.
If a user points Hermes Workspace at a valid OpenAI-compatible backend, they should be able to send a message and receive a streamed response without caring whether the backend is Claude, OpenAI, OpenRouter, Ollama, vLLM, or something else.
Anything beyond that should be treated as capability-based augmentation.
@@ -131,15 +131,15 @@ The workspace must stop treating `/api/sessions` as the prerequisite for sending
Instead:
1. Detect whether Hermes session APIs exist.
2. If yes, use the enhanced Hermes session flow.
1. Detect whether Claude session APIs exist.
2. If yes, use the enhanced Claude session flow.
3. If not, send chat through `POST /v1/chat/completions`.
4. If streaming is supported, render streamed deltas.
5. If streaming is not supported, render standard non-stream response cleanly.
Result:
- missing Hermes sessions API must no longer cause the product to hang or hard-fail for basic chat
- missing Claude sessions API must no longer cause the product to hang or hard-fail for basic chat
### 6.2 Capability detection
@@ -153,7 +153,7 @@ Capability probing should explicitly distinguish:
- streaming support if detectable
- attachment / image support if inferable
#### Hermes enhancement capabilities
#### Claude enhancement capabilities
- `/api/sessions`
- `/api/skills`
@@ -168,7 +168,7 @@ The app should expose these as two layers:
### 6.3 Graceful degradation
When Hermes-specific APIs are missing, the UI must not show broken loaders, dead tabs, or cryptic errors.
When Claude-specific APIs are missing, the UI must not show broken loaders, dead tabs, or cryptic errors.
Instead, each advanced surface should do one of the following:
@@ -193,12 +193,12 @@ New setup principle:
- connect any OpenAI-compatible backend first
- verify chat works
- then advertise extra Hermes-native features if supported
- then advertise extra Claude-native features if supported
Onboarding copy should communicate:
- “Works with any OpenAI-compatible backend”
- “Enhanced features unlock automatically with Hermes gateway APIs”
- “Enhanced features unlock automatically with Hermes Agent gateway APIs”
### 6.5 Documentation
@@ -208,7 +208,7 @@ Required messaging:
- workspace works standalone with OpenAI-compatible backends
- vanilla `hermes-agent` is a supported target
- the richer Hermes API is optional for advanced workspace features
- the richer Hermes Agent API is optional for advanced workspace features
- upstreaming those APIs is the long-term path
---
@@ -222,7 +222,7 @@ Do not frame missing advanced APIs as a fatal error when core chat works.
Use status language like:
- **Connected** — chat available
- **Enhanced** — Hermes workspace APIs detected
- **Enhanced** — Claude workspace APIs detected
- **Partial** — chat available, some advanced features unavailable
- **Disconnected** — no usable chat backend detected
@@ -232,7 +232,7 @@ Feature gating should feel intentional, not broken.
Good examples:
- “Memory browser requires Hermes memory API.”
- “Memory browser requires Claude memory API.”
- “Session history isn’t available on this backend yet.”
- “Connected in portable mode. Chat works; advanced workspace tools are unavailable.”
@@ -245,7 +245,7 @@ Bad examples:
### 7.3 Session behavior in portable mode
When no Hermes sessions API exists, the app still needs a sane chat UX.
When no Claude sessions API exists, the app still needs a sane chat UX.
Portable-mode minimum:
@@ -277,9 +277,9 @@ Expected response handling:
- SSE stream chunks for streaming mode
- standard OpenAI chat completion JSON for non-stream mode
### 8.2 Enhanced Hermes path
### 8.2 Enhanced Claude path
Enhanced path remains Hermes-native where available, because it provides:
Enhanced path remains Claude-native where available, because it provides:
- persistent sessions
- message history
@@ -298,7 +298,7 @@ Intent:
- make enhanced workspace APIs part of upstream `hermes-agent`
- remove ongoing maintenance burden of a permanent fork
- let Hermes Workspace treat stock Hermes as the best backend, without requiring it
- let Hermes Workspace treat stock Claude as the best backend, without requiring it
---
@@ -308,13 +308,13 @@ This spec does **not** require:
- universal parity across every OpenAI-compatible provider
- guaranteed session persistence on non-Hermes backends
- memory/skills/config support outside Hermes
- memory/skills/config support outside Claude
- building a backend abstraction for every vendor-specific extension
The goal is simpler:
- portable chat first
- enhanced Hermes features second
- enhanced Claude features second
- no fork requirement
---
@@ -327,13 +327,13 @@ This initiative is complete when all of the following are true:
- A user can launch Hermes Workspace against a stock OpenAI-compatible backend and successfully chat without patching backend code.
- A user can launch Hermes Workspace against vanilla `hermes-agent` and get a working core experience.
- Advanced features do not hard-fail the app when Hermes-specific APIs are absent.
- The UI clearly communicates portable mode vs enhanced Hermes mode.
- Advanced features do not hard-fail the app when Claude-specific APIs are absent.
- The UI clearly communicates portable mode vs enhanced Claude mode.
### Technical acceptance
- Chat send path no longer hard-depends on `/api/sessions`.
- Capability probing includes `/v1/chat/completions` readiness, not just Hermes-specific APIs.
- Capability probing includes `/v1/chat/completions` readiness, not just Claude-specific APIs.
- Missing `/api/sessions`, `/api/skills`, `/api/memory`, or `/api/config` does not block app boot or core chat.
- Portable-mode chat streaming works against OpenAI-compatible SSE responses.
@@ -341,7 +341,7 @@ This initiative is complete when all of the following are true:
- Symptom: portable-mode missions were being created as scheduled Hermes jobs, but the jobs stayed in `scheduled` state and never ran.
- Fix: portable Conductor now uses the existing `/api/send-stream` session-streaming path instead of the dead jobs path.
- Validation: portable API smoke test returned `started`, `chunk`, and `done` SSE events, and the build passed.
## 2. Dashboard-backed mission was running but the UI showed `0 active`
- Symptom: the conductor page launched a dashboard-backed mission, but the activity panel stayed at `0 active` even while the dashboard showed live mission sessions.
- Fix: the conductor session filter now matches recent mission-related sessions by exact key and by mission text/summary, not just `worker-*` / `conductor-*` labels.
- Validation: after reloading the conductor page, the mission showed `1 active` and the worker card appeared.
If you need the service after logout on Linux, enable lingering once:
```bash
loginctl enable-linger "$USER"
```
## Uninstall
```bash
scripts/install-dashboard-service.sh uninstall
```
## Security note
Do not bind to `0.0.0.0` unless `HERMES_PASSWORD` and your reverse-proxy/auth setup are configured. Workspace exposes files, terminals, and agent controls, so loopback is the safe default.
This branch introduces the update contract that the DMG/EXE packaging should use.
## Products
Hermes ships two separately updateable products:
1.**Hermes Workspace**: the UI/server shell.
2.**Hermes Agent**: the local agent/gateway runtime.
They must not be modeled as two remotes in the same git checkout. The Workspace updater updates Workspace. The Agent updater updates the installed/bundled Agent.
# add at least one provider key (e.g. OPENROUTER_API_KEY=...)
docker compose up -d
open http://localhost:3000
```
That's it. The repo's `docker-compose.yml` runs:
-`hermes-agent` (port `8642`, internal only)
-`hermes-workspace` (port `3000`, bound to `127.0.0.1`)
The workspace waits for the agent's `/health` to return `200` before starting (via `depends_on: condition: service_healthy`). On a fresh laptop this takes about 15 seconds.
## Multi-host / NAS / VPS
If the workspace and agent run on **different machines**, or you want LAN/Tailscale access to the workspace, three things change:
### 1. Agent binds publicly
In `.env`:
```bash
API_SERVER_HOST=0.0.0.0
API_SERVER_KEY=<a long random string>
```
This makes the agent listen on all interfaces, not just the Docker loopback. **`API_SERVER_KEY` is mandatory** when `API_SERVER_HOST` is non-loopback — the agent will refuse to start otherwise.
HERMES_DASHBOARD_TOKEN=<same key, or set CLAUDE_DASHBOARD_TOKEN>
```
Inside docker compose on the same host, `<agent-host-or-service>` is the service name from your compose file (e.g. `hermes-agent`). On a Synology NAS with a separate workspace stack, it's the LAN IP (e.g. `192.168.1.78`).
### 3. Workspace gets a password
The workspace bind is non-loopback in Docker (`0.0.0.0:3000`). It refuses to start in production mode without a password to prevent accidental open exposure:
```bash
HERMES_PASSWORD=<a long random string different from API_SERVER_KEY>
```
If you publish the workspace behind HTTPS (reverse proxy, Tailscale Funnel, Cloudflare Tunnel), also set `COOKIE_SECURE=1` so session cookies get the `Secure` flag.
## Connection failures — diagnostic playbook
If the workspace shows "**Disconnected**" or "**Missing Hermes APIs detected**" but the agent appears to be running:
### Step 1 — Verify the agent is reachable from inside the workspace container
-`HERMES_API_URL=http://hermes-agent:8642` (or whichever service name)
-`HERMES_API_TOKEN=<same value as agent's API_SERVER_KEY>`
### Step 3 — Force a reprobe
The workspace caches the gateway capability map for 2 minutes (15 seconds when in disconnected state, since v2.2.1). If the agent came up after the workspace started probing, that cache is stale.
```bash
curl -X POST http://localhost:3000/api/gateway-reprobe
```
This re-runs the probe and returns the fresh capability map. If it now reads `mode=zero-fork` you're connected.
### Step 4 — Read the workspace's capability log
The workspace logs the full capability summary on every probe. Look for the `[gateway]` line:
A failing log usually shows `core=[]` and `missing=[health,...]` — that means every probe got a non-2xx response. Check the agent's logs (`docker compose logs hermes-agent`) for matching 401/404/timeout entries.
### Common causes
| Symptom | Cause | Fix |
|---|---|---|
| `core=[]` and `missing=[health,...]` | Workspace probed before agent was ready | Wait 30s and reload, or `POST /api/gateway-reprobe`. Cache TTL drops to 15s in disconnected state. |
| `core=[health,chatCompletions]` but no `models` | Older agent image (pre-`/v1/models`) | Update: `docker compose pull && docker compose up -d` |
| All probes 401 | `HERMES_API_TOKEN` doesn't match agent's `API_SERVER_KEY` | Check both `.env` values are the same. They must match exactly. |
| Workspace UI shows "Connection refused" | Workspace using `127.0.0.1` instead of the service name | Set `HERMES_API_URL=http://hermes-agent:8642` (or whichever service name). |
| Agent restart loops with `API_SERVER_KEY required` | Agent bound to 0.0.0.0 without a key | Set `API_SERVER_KEY` in `.env` (mandatory for non-loopback bind). |
## Synology NAS / external host setups
If your workspace and agent are on **different stacks** on the same NAS (or different hosts entirely), they don't share a docker network. You need:
1. Both to publish their ports (the agent on `8642`, the workspace on `3000`).
2. The workspace to point at the agent's **host IP**, not service name. Example for Synology with NAS at `192.168.1.78`:
```bash
HERMES_API_URL=http://192.168.1.78:8642
HERMES_API_TOKEN=<API_SERVER_KEY>
HERMES_DASHBOARD_URL=http://192.168.1.78:9119
```
3. The agent to bind on `0.0.0.0`:
```bash
API_SERVER_HOST=0.0.0.0
API_SERVER_KEY=<long random>
```
4. The dashboard plugin (multi-board kanban, conductor missions) needs the dashboard service running on the agent host too — see the agent's docker-compose for that service.
If you bind the agent to `0.0.0.0` on a NAS without `API_SERVER_KEY`, the agent will refuse to start. This is intentional — open-internet exposure of the agent's chat endpoint without auth would be a footgun.
## Hermes Workspace + Hermes Agent: why two containers?
The workspace is the **UI**. The agent is the **engine**. Splitting them lets you:
- Update either independently (`docker compose pull hermes-workspace` etc.)
- Run multiple workspaces against one agent (different ports)
- Run the workspace on a tablet/phone while the agent stays on a beefy machine
The default compose colocates them for simplicity. The split-host setup above is the explicit "you know what you're doing" path.
## Filing bugs
If your setup matches the playbook above and still breaks, file an issue at <https://github.com/outsourc-e/hermes-workspace/issues> with:
1. Your `docker-compose.yml` (redact secrets)
2. The output of `docker compose logs hermes-workspace 2>&1 | grep '\[gateway\]' | tail -5`
3. The output of `curl -fsS http://<workspace-host>:3000/api/gateway-reprobe -X POST` (also redact)
That gets us to the actual cause within a couple of comments instead of a long back-and-forth.
HermesWorld should become the first Agentic WoW: a real MMO-style world where humans and AI agents form parties, guilds, classes, builds, rivalries, raids, events, and prize hunts.
References:
- World of Warcraft: raids, roles, classes, dungeons, social identity, long-term progression
- dark obsidian + moss stone + warm amber firelight + cyan agent-tech accents
- game asset concept sheet quality
- no text, no logos, no UI mock text in generated assets
- generated art is source material; final layout must be placed and judged in browser screenshots
## Global negative prompt
Use this on every generation unless a tool has a separate negative field:
```text
no text, no readable letters, no logos, no watermark, no photoreal modern city, no cyberpunk neon overload, no cartoon toy style, no plastic mobile-game asset look, no huge empty flat floor, no fisheye distortion, no blurry details, no overexposed bloom, no UI text, no duplicate limbs, no broken hands, no random weapons, no sci-fi guns, no anime chibi proportions
```
## Global style suffix
Append this to every prompt:
```text
HermesWorld Agora Inso visual target, premium browser-native fantasy/sci-fi RPG, stylized realism, isometric game readability, dark obsidian stone, mossy civic plaza, warm amber torchlight, controlled cyan agent-tech glow, clear silhouettes, optimized for 3D game asset interpretation, high detail but readable at gameplay camera distance, no text, no logo
```
---
# 1. Central monument / obelisk
## Prompt: final concept sheet
```text
Create a central monument for HermesWorld Agora: a civic builder obelisk rising from a circular stone plinth, ancient carved dark basalt and bronze trim, subtle cyan agent-network veins running through engraved channels, warm amber lanterns at the base, small offering steps and radial stone rings around it. The silhouette must be readable from an isometric gameplay camera. Shape language: entrepreneurial civic plaza meets ancient AI command shrine. Include 3/4 view, front view, top-down footprint inset, and material callouts, but no readable text. The monument should feel like the spawn anchor and social center of a multiplayer plaza. HermesWorld Agora Inso visual target, premium browser-native fantasy/sci-fi RPG, stylized realism, isometric game readability, dark obsidian stone, mossy civic plaza, warm amber torchlight, controlled cyan agent-tech glow, clear silhouettes, optimized for 3D game asset interpretation, high detail but readable at gameplay camera distance, no text, no logo.
- Needs collision footprint no wider than 20-24% of plaza diameter.
---
# 2. Torch / lantern set
## Prompt: prop sheet
```text
Create a modular torch and lantern prop set for HermesWorld Agora: 8 small props on a neutral dark background, including waist-high stone braziers, hanging lantern posts, wall lanterns, market-stall lanterns, ground candle clusters, and blue-cyan agent-tech waypoint lamps. Materials: dark basalt, aged bronze, warm amber flame glass, small cyan runic accents. Each prop must have a strong simple silhouette, game-ready readable shape, and fit around a circular isometric plaza. No characters, no text, no labels. HermesWorld Agora Inso visual target, premium browser-native fantasy/sci-fi RPG, stylized realism, isometric game readability, dark obsidian stone, mossy civic plaza, warm amber torchlight, controlled cyan agent-tech glow, clear silhouettes, optimized for 3D game asset interpretation, high detail but readable at gameplay camera distance, no text, no logo.
```
## Prompt: in-scene lighting reference
```text
Create an isometric night-dusk lighting study for a circular fantasy civic plaza with warm torchlight pools around the ring and subtle cyan portal lamps at entrances. Focus on light placement, shadows, and readability: clear walkable center, lively market edges, warm/cool contrast, no characters, no text. The scene should show how lanterns guide player movement and frame the central monument. HermesWorld Agora Inso visual target, premium browser-native fantasy/sci-fi RPG, stylized realism, dark obsidian stone, mossy civic plaza, warm amber torchlight, controlled cyan agent-tech glow, clear silhouettes, no text, no logo.
```
Implementation notes:
- Use a small set of repeated lights with baked-looking emissive materials.
- Prefer fake glow planes / emissive meshes over many expensive real lights.
- Browser target: keep dynamic light count low; use ambient + key + selective point lights.
---
# 3. Market stalls / booths
## Prompt: modular stall kit
```text
Create a modular fantasy/sci-fi market stall kit for HermesWorld Agora, inspired by a dense isometric civic plaza. Show 10 reusable stall assets: blue-roof merchant canopy, amber-cloth builder kiosk, tool bench stall, scroll/data booth, potion/energy stand, crate cluster, barrel cluster, bench, flower pot cluster, small portal ticket booth. Materials: dark wood, basalt stone, bronze, fabric awnings in muted deep blue and amber, subtle cyan agent-tech trims. Must feel entrepreneurial, social, and busy without clutter. Asset sheet, orthographic-ish 3/4 view, neutral background, no text, no labels. HermesWorld Agora Inso visual target, premium browser-native fantasy/sci-fi RPG, stylized realism, isometric game readability, dark obsidian stone, mossy civic plaza, warm amber torchlight, controlled cyan agent-tech glow, clear silhouettes, optimized for 3D game asset interpretation, high detail but readable at gameplay camera distance, no text, no logo.
```
## Prompt: plaza edge composition
```text
Create an isometric environment concept for the edge of HermesWorld Agora plaza: circular stone path in foreground, dense market stalls and benches around the edge, blue awnings, warm lanterns, crates, flowers, pots, small portal-gate silhouette, clear center path visible, no characters. The composition should show how props cluster around the plaza rim while preserving walkable space. Premium stylized realism, browser-native RPG readability, no text, no logo.
```
Implementation notes:
- Stalls should be kitbashed from awning + counter + crates + lantern.
- Place at 30-45 degree rotations around the ring.
---
# 4. Ground tiles / radial plaza material
## Prompt: top-down tile sheet
```text
Create a seamless modular ground tile sheet for HermesWorld Agora: radial circular plaza stones, wedge-shaped pavers, moss seams, flower tufts, worn path edges, small engraved cyan agent-network channels, dark basalt and warm gray stone. Top-down orthographic view. Include variations: clean center tile, outer ring tile, cracked tile, mossy seam tile, edge curb, small flower/grass decal, bronze inlay strip. No text, no labels, no shadows baked too strongly. Game texture/material reference, readable at isometric browser RPG camera distance. HermesWorld Agora Inso visual target, premium stylized realism, no text, no logo.
```
## Prompt: material close-up
```text
Create a close-up material reference for HermesWorld Agora radial plaza stones: dark mossy basalt pavers, hand-cut circular seams, subtle worn edges, tiny grass and flowers in cracks, thin cyan engraved channels, amber lantern reflections on stone. Realistic material detail but stylized for a lightweight browser game. No text, no logo.
```
Implementation notes:
- Use procedural geometry/material variation first; imagegen is material reference.
- Keep tile contrast low enough that NPCs and labels remain readable.
- Use decals/planes for flowers/seams rather than a massive texture atlas if faster.
---
# 5. NPC portraits
NPC set target: five Agora social roles, consistent bust framing, square portraits.
Shared portrait suffix:
```text
RPG NPC bust portrait, centered square composition, readable face, premium stylized realism, dark obsidian civic plaza background, warm amber key light, cyan rim light, detailed but not noisy clothing, no text, no logo, no frame, same camera distance and lighting across the set.
```
## NPC 1 — Agora Steward / Orchestrator Host
```text
Create a HermesWorld Agora NPC portrait: the Agora Steward, a calm civic orchestrator who welcomes players into the social hub. Middle-aged, intelligent eyes, bronze-trimmed dark cloak, subtle cyan agent-network brooch, warm lantern light on face, composed expression, entrepreneurial city-founder energy. RPG NPC bust portrait, centered square composition, readable face, premium stylized realism, dark obsidian civic plaza background, warm amber key light, cyan rim light, detailed but not noisy clothing, no text, no logo, no frame, same camera distance and lighting across the set.
```
## NPC 2 — Market Builder / Toolsmith
```text
Create a HermesWorld Agora NPC portrait: Market Builder Toolsmith, practical maker and startup engineer, rolled sleeves, leather apron over dark tunic, small glowing tool charms, bronze goggles pushed up, friendly confident expression, warm forge-lantern key light and cyan rim accents. RPG NPC bust portrait, centered square composition, readable face, premium stylized realism, dark obsidian civic plaza background, warm amber key light, cyan rim light, detailed but not noisy clothing, no text, no logo, no frame, same camera distance and lighting across the set.
```
## NPC 3 — Signal Merchant / Data Broker
```text
Create a HermesWorld Agora NPC portrait: Signal Merchant Data Broker, elegant social operator who trades rumors, quests, and agent signals. Sleek layered robes, deep blue fabric, bronze clasp, small translucent cyan data tokens floating subtly near shoulder, sharp observant expression, warm/cool split lighting. RPG NPC bust portrait, centered square composition, readable face, premium stylized realism, dark obsidian civic plaza background, warm amber key light, cyan rim light, detailed but not noisy clothing, no text, no logo, no frame, same camera distance and lighting across the set.
```
## NPC 4 — Lantern Guard / Plaza Sentinel
```text
Create a HermesWorld Agora NPC portrait: Lantern Guard Plaza Sentinel, protective but approachable civic guardian, dark metal shoulder plates, amber lantern staff visible near shoulder, blue cloth sash, grounded expression, strong silhouette, warm torchlight and cyan rim glow. RPG NPC bust portrait, centered square composition, readable face, premium stylized realism, dark obsidian civic plaza background, warm amber key light, cyan rim light, detailed but not noisy clothing, no text, no logo, no frame, same camera distance and lighting across the set.
```
## NPC 5 — Apprentice Founder / Newcomer
```text
Create a HermesWorld Agora NPC portrait: Apprentice Founder Newcomer, young ambitious builder arriving at the plaza, travel cloak, satchel of scrolls and small devices, subtle nervous confidence, warm lantern reflection in eyes, cyan token pendant, hopeful expression. RPG NPC bust portrait, centered square composition, readable face, premium stylized realism, dark obsidian civic plaza background, warm amber key light, cyan rim light, detailed but not noisy clothing, no text, no logo, no frame, same camera distance and lighting across the set.
```
Implementation notes:
- Generate portraits as 1024x1024, crop to consistent bust framing.
- Downsample to 512 and 256 for runtime.
- Use same background/value range; inconsistency will look cheap instantly.
---
# 6. Minimap style
## Prompt: minimap art direction
```text
Create a stylized minimap design for HermesWorld Agora, top-right HUD island style. Show a circular plaza map from top-down: central obelisk icon, radial stone rings, NPC dots around the ring, market stall blocks, portal gate markers, player arrow, subtle dark obsidian panel backing, bronze border, cyan route accents, amber point-of-interest dots. Clean game UI, readable at small size, no readable text, no labels, no logo. Premium fantasy/sci-fi RPG HUD, compact island panel, not a SaaS dashboard.
```
## Prompt: minimap icon glyph sheet
```text
Create a small minimap glyph sheet for HermesWorld Agora: player arrow, NPC dot, quest star, portal arch, market stall, central monument, bench/rest point, chat/social node, danger/blocker marker. Style: simple top-down game map glyphs, dark bronze/cyan/amber palette, high contrast, readable at 16-24px, no text, no labels, transparent-looking dark background.
```
Implementation notes:
- Final minimap should be vector/CSS/canvas where possible, not a static generated image.
- Use generated result as style reference for colors, border, glyph proportions.
- Keep labels out; hover/tooltips in UI handle text.
---
# 7. HUD icon pack
## Prompt: 24-icon action/HUD pack
```text
Create a cohesive 24-icon HUD pack for HermesWorld Agora, premium fantasy/sci-fi RPG interface icons. Icons needed: move, inspect, talk, trade, quest, map, inventory, skills, memory, agents, dispatch, build, review, repair, portal, party, chat, report, inbox, torch, monument, market, settings, help. Style: luminous cyan and warm amber line icons on dark obsidian/bronze circular or rounded-square backplates, readable at 32px and 64px, consistent stroke weight, simple silhouettes, no text, no letters, no logos, no watermark.
```
## Prompt: action bar button material
```text
Create a game HUD action bar button material/style sheet for HermesWorld: dark obsidian glass-metal buttons, bronze bevel, subtle inner highlight, cyan active glow, amber hover/quest glow, disabled muted state, pressed state. Show 8 empty icon slots with different states, no text, no logos. Premium fantasy/sci-fi RPG UI, compact bottom-center action bar, not a SaaS toolbar.
```
Implementation notes:
- Final icons should be SVG or small transparent PNG sprites.
- Generate for direction, then trace/simplify if needed.
- Do not ship raster icons with accidental text artifacts.
HermesWorld should feel like a premium browser-native fantasy/sci-fi agent RPG, not a demo scene.
Target vibe:
- cinematic dark fantasy meets agent command center
- realistic/stylized hybrid, readable at browser scale
- moody lighting, fog, emissive magical UI, high contrast
- game-first interface, not SaaS dashboard clutter
- every asset should support mechanics
Primary Agora target:
- Use `docs/hermesworld/reference-images/agora-center-inso-reference.jpeg` as the primary visual target for Agora realism work.
- The goal is a composed game screen: circular civic plaza, central obelisk/monument, warm torchlight, blue/cyan roof/portal accents, dense market edges, clear walkable center, readable NPC clusters, and compact HUD islands.
- Asset prompts and manifest live in `docs/hermesworld/AGORA-INSO-ASSET-PROMPTS.md`.
Reference workflow from Eric's Downloads:
- Imagegen creates high-quality source material.
- The game places assets in the real interface.
- Browser screenshots capture actual player view.
- Vision review judges hierarchy, spacing, readability, clickability, mobile fit, and visual consistency.
- Agents revise and repeat.
## Palette
Base:
- Obsidian: `#080F14`
- Panel: `#18212B`
- Deep ink: `#030712`
Accents:
- Action green: `#2FCA94`
- Vision blue: `#78A8C8`
- Insight amber: `#F2C768`
- Arcane purple: `#8B5CF6`, only as controlled magic/glow
Text:
- Primary: `#E6E7EA`
- Muted: `rgba(230,231,234,.65)`
Avoid:
- oversaturated neon everywhere
- purple fog as the only mood
- cute/cartoon mascot style
- unreadable tiny text
- SaaS dashboard density on mobile
## Shape language
Panels:
- 6-10px radius
- 1px low-contrast borders
- subtle inner highlights
- dark glass/metal material
HUD:
- compact islands, not slabs
- status visible at a glance
- icons readable at 48-64px source size
- mobile gets its own layout, never desktop squeezed down
World:
- large silhouettes first
- readable landmarks
- one hero light source per scene
- secondary fire/magic/portal lights
- atmospheric depth, but not enough to hide navigation
## Asset rules
Generate with imagegen:
- hero art / zone banners, 16:9
- NPC portraits, square 1:1, consistent framing
- item icons, square 1:1, readable at 64px
- sigil icons, square 1:1, high contrast
- card art, vertical 2:3
- environmental backgrounds, 16:9
- texture/material explorations
Do not generate final layout with imagegen.
Layout must be judged in browser screenshots.
## Prompt snippets
### Zone hero art
Create cinematic dark fantasy/sci-fi environment concept art for HermesWorld, a browser-native AI agent RPG. Mood: mysterious, premium, ancient technology, magical realism. High contrast, realistic textures, atmospheric depth, readable landmark silhouette, no text, no logo, no characters, no oversaturated neon. Style: AAA game key art, dark obsidian palette, cyan/amber accent light, subtle arcane glow. 16:9.
### NPC portrait
Create a realistic stylized fantasy/sci-fi RPG NPC portrait for HermesWorld. Bust portrait, centered, dramatic rim lighting, dark obsidian background, readable face, high-detail clothing/materials, premium game character art, no text, no logo, consistent square framing. 1:1.
### Item icon
Create a premium RPG item icon for HermesWorld. Single object centered on dark transparent-looking obsidian background, strong silhouette, readable at 64px, realistic material, cyan/amber rim light, no text, no logo, no busy background. 1:1.
### Sigil icon
Create a mystical sigil icon for HermesWorld. Ancient agent-world symbol, clean readable silhouette, luminous cyan/amber engraving, dark metal/stone backing, high contrast, collectible game badge quality, no text, no logo. 1:1.
## Vision review checklist
Every screenshot must be judged on:
1. Playable first: can the player tell what to do?
2. Status visibility: HP/objective/map readable instantly?
3. HUD readability: text, icon, and tap targets clear?
4. Inventory density: are items distinct?
5. Mobile layout: no scroll, no overlap, no squeezed desktop UI.
6. Art supports mechanics: landmarks, NPCs, objects communicate purpose.
7. Visual consistency: same palette, light logic, framing, borders.
8. Performance: assets optimized, not just pretty.
## HermesWorld v0.3 realism goals
Minimum visible leap:
- replace flat/placeholder zone art with generated cinematic zone banners
- 5 NPC portraits with consistent premium framing
- 12 item icons with readable silhouettes
- 7 sigil icons for lore/easter egg layer
- HUD revised into compact game-style islands
- one high-quality screenshot loop per mobile and desktop
## Build loop
1. Generate asset set.
2. Compress/optimize into web assets.
3. Place in actual HermesWorld UI.
4. Capture screenshot.
5. Vision review against checklist.
6. Patch UI/art/layout.
7. Repeat until it feels like a game, not a prototype.
Image generation is blocked before any images are produced because the Hermes image generation tool is enabled but its provider credential is not configured in this runtime.
Tool error:
```text
functions.image_generate: ValueError: FAL_KEY environment variable not set
```
No generated raster assets were committed from this run. This avoids shipping synthetic placeholders while claiming they came from imagegen.
## Intended output paths
- Zone variants and selected zone heroes: `public/assets/hermesworld/zones/v2/`
- NPC portraits: `public/avatars/v2/`
- Icon sprite sheet and manifest: `public/assets/hermesworld/icons/sprite-v1.png` and `sprite-v1.json`
- Video poster: `public/assets/hermesworld/video/world-demo-poster-v2.jpg`
## Prompt source
Use `docs/hermesworld/PROMPT-LIBRARY.md` for the exact repeatable prompts and style lock values.
## Resume command
After setting `FAL_KEY` in the Hermes runtime environment, rerun the asset generation lane against this branch and commit the generated assets.
Use these prompts directly in ChatGPT image generation. Each prompt is self-contained and includes the style lock, subject, composition, and artifact constraints.
Global handling note: download each PNG, keep the exact suggested filename, and place it in the matching folder under `/Users/aurora/Downloads/hermesworld-assets/`.
---
## BATCH A: NPC Portraits
Style lock for all Batch A prompts: stylized fantasy MMO, premium dark fantasy with cyan/amber accents, warm parchment tones, painterly brushwork, 3/4 portrait, detailed faces, expressive, painted in the spirit of WoW/RuneScape concept art, no text, no logo, no watermark.
### A1: Trader Merchant
```text
Create a high-quality 3/4 portrait of a HermesWorld NPC trader merchant from the Agora marketplace: a middle-aged man with a kind smile, weathered face, clever eyes, neatly trimmed beard, leather merchant apron over layered linen and wool, small bronze clasps, coin pouch, rolled parchment receipts, and subtle market-stall details behind him. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: warm amber lantern light from one side with a faint controlled cyan magical rim light. Background: softly blurred Agora marketplace with banners, stone columns, and warm stalls, not distracting. Composition: chest-up 3/4 portrait, centered, strong silhouette, readable at game UI size. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: trader-merchant.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A2: Quest Giver Elder Sage
```text
Create a high-quality 3/4 portrait of a HermesWorld quest giver elder sage: an ancient white-bearded mystic with wise eyes, deep brow lines, layered parchment-colored robes, bronze and gold trim, and a rune-engraved wooden staff held near his shoulder. The staff emits a restrained cyan glow from carved runes. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: soft amber firelight across the beard and cheekbones, cyan rune light catching the staff hand and robe edges. Background: blurred stone library alcove with candles and faint arcane glyphs, atmospheric but not busy. Composition: chest-up 3/4 portrait, centered, noble and readable. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: quest-giver-elder-sage.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A3: Female Warrior Captain
```text
Create a high-quality 3/4 portrait of a HermesWorld female warrior captain: confident, battle-tested, upright posture, one visible scar across the cheek, focused eyes, dark hair pulled back, gold-trimmed armor with worn steel plates, bronze fittings, leather straps, and a short crimson or deep amber cloak edge. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: heroic warm amber key light with subtle cool cyan edge light reflecting from polished armor. Background: blurred fortress banner and stone archway, low depth of field. Composition: chest-up 3/4 portrait, centered, strong readable silhouette, authoritative expression. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: female-warrior-captain.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A4: Mysterious Hooded Scholar
```text
Create a high-quality 3/4 portrait of a HermesWorld mysterious hooded scholar: face mostly obscured beneath a deep charcoal hood, only watchful eyes and a hint of nose visible, holding an ancient glowing tome open at chest level. The tome pages emit a controlled cyan magical light with tiny rune sparks, while the robe has amber stitching and bronze clasps. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, expressive detailed face area despite the shadow, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: cyan underlight from the book, warm amber candle glow on robe folds. Background: dim archive shelves and parchment scrolls, softly blurred. Composition: chest-up 3/4 portrait, centered, enigmatic silhouette, readable at UI scale. No readable text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: mysterious-hooded-scholar.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A5: Innkeeper
```text
Create a high-quality 3/4 portrait of a HermesWorld innkeeper: jovial middle-aged tavern host with ruddy cheeks, broad welcoming smile, expressive laugh lines, short tousled hair, woven shirt, rolled sleeves, simple leather vest, and a small towel or tankard detail. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: cozy amber hearth light, very subtle cyan window rim light so it still belongs to HermesWorld. Background: softly blurred tavern interior with wooden beams, candles, and warm shelves, no readable signs. Composition: chest-up 3/4 portrait, centered, friendly and instantly recognizable. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: innkeeper.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A6: Smith
```text
Create a high-quality 3/4 portrait of a HermesWorld blacksmith NPC: muscular build, soot-streaked face and forearms, intense but approachable expression, close-cropped hair or tied-back hair, heavy leather apron, bronze rivets, thick gloves, and a large hammer resting over one shoulder. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: hot amber forge glow across the face and hammer head, faint cyan reflection from an enchanted metal ingot off-frame. Background: blurred forge shapes, anvil silhouette, sparks, dark stone walls. Composition: chest-up 3/4 portrait, centered, strong readable silhouette. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: smith.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A7: Healer Priestess
```text
Create a high-quality 3/4 portrait of a HermesWorld healer priestess: serene expression, calm eyes, elegant white robes with warm parchment undertones, gold embroidery, small bronze clasp, softly glowing hands, and a gentle halo-like ambient light without looking saintly or overexposed. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: soft warm amber key light mixed with controlled cyan healing glow around the hands and robe edges. Background: blurred temple infirmary with candles, stone arch, herbs, and clean linen shapes. Composition: chest-up 3/4 portrait, centered, tranquil and readable. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: healer-priestess.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
### A8: Beggar Info Broker
```text
Create a high-quality 3/4 portrait of a HermesWorld beggar and info broker: hooded figure in worn layered cloth, watchful sharp eyes, thin knowing smile, weathered hands, patched cloak, hidden bronze token necklace, and subtle spy-network details like folded notes and small charms tucked into the clothing. Style: stylized fantasy MMO, premium dark fantasy with cyan and amber accents, warm parchment tones, painterly brushwork, detailed expressive face, concept art quality in the spirit of WoW/RuneScape character portraits. Lighting: low amber alley lantern light with a narrow cyan glint in the eyes or from a hidden charm. Background: softly blurred Agora side alley, stone wall, cloth awning, no readable signs. Composition: chest-up 3/4 portrait, centered, suspicious but charismatic, readable at UI scale. No text, no UI, no logo, no watermark, no photorealism, no anime, no plastic mobile-game look.
```
Note for Eric: Save the result as: beggar-info-broker.png in /Users/aurora/Downloads/hermesworld-assets/portraits/
---
## BATCH B: Item Icons
Style lock for all Batch B prompts: 1024x1024 square, stylized 3D rendered fantasy item icon, isometric 3/4 view, dark obsidian background with subtle glow, gold/bronze metallic accents, Diablo-style polish, centered, well-lit, no text, no UI, no logo, no watermark.
### B1: Bronze Sword
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a bronze sword, centered on a dark obsidian background with a subtle warm glow. The sword should be shown in isometric 3/4 view, slightly angled, with a polished bronze blade, gold-toned crossguard, worn leather grip, tiny engraved runes, and crisp beveled edges. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: bronze-sword.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B2: Healing Potion
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a healing potion: a red glass vial filled with glowing crimson liquid, centered on a dark obsidian background with a subtle amber halo. Show the vial in isometric 3/4 view with a cork stopper, bronze wire clasp, small parchment tag without readable writing, glass highlights, and a few tiny magical bubbles inside. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: healing-potion.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B3: Magic Scroll
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a magic scroll: rolled warm parchment unfurling slightly, bronze end caps, tied with a small cord, emitting a controlled cyan magical glow from the parchment edges. Center it on a dark obsidian background with subtle cyan and amber rim light. Show it in isometric 3/4 view with crisp curled paper silhouette and painterly material detail. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze accents, readable at small size. No readable text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: magic-scroll.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B4: Ornate Iron Key
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of an ornate iron key, centered on a dark obsidian background with a subtle amber glow. The key should be shown in isometric 3/4 view, made of dark iron with bronze wear on the edges, an elaborate circular bow, carved notches, small turquoise/cyan enamel inset, and a heavy ancient-dungeon feel. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: ornate-iron-key.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B5: Amber Glowing Gem
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a glowing amber gemstone, centered on a dark obsidian background with a subtle golden aura. Show the gem in isometric 3/4 view as a faceted crystal with warm internal light, bronze setting fragments around the base, sharp reflective facets, and tiny floating dust motes. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: amber-glowing-gem.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B6: Wooden Shield With Sigil
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a wooden shield with a simple fantasy sigil, centered on a dark obsidian background with subtle amber edge glow. Show the shield in isometric 3/4 view with layered dark oak planks, bronze rim, worn leather straps, small scratches, and a painted cyan-and-gold abstract winged mark that is symbolic but contains no letters. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: wooden-shield-sigil.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B7: Leather Pouch With Coins
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a leather pouch with coins spilling out, centered on a dark obsidian background with subtle warm glow. Show it in isometric 3/4 view: worn brown leather pouch, tied cord, bronze buckle, several gold and bronze coins tumbling forward, crisp silhouettes, polished highlights, and soft contact shadow. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: leather-pouch-coins.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B8: Open Spell Tome
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of an open spell tome, centered on a dark obsidian background with a controlled cyan magical glow. Show the tome in isometric 3/4 view with thick aged parchment pages, dark leather cover, bronze corner guards, raised spine bands, glowing page edges, and small abstract rune-like marks that are not readable text. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No readable text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: open-spell-tome.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B9: Wizard Staff With Crystal
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a wizard staff with a crystal, centered on a dark obsidian background with a subtle cyan and amber glow. Show the staff in isometric 3/4 view, diagonal composition, carved dark wood shaft, bronze bands, gold filigree, and a faceted cyan crystal at the top emitting restrained magical light. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: wizard-staff-crystal.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B10: Hunting Bow
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a hunting bow, centered on a dark obsidian background with a subtle warm amber glow. Show the bow in isometric 3/4 view with curved dark wood limbs, bronze fittings, taut string, leather grip, small feather charm, and a few tasteful cyan inlays near the handle. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: hunting-bow.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B11: Gold Ring With Gem
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a gold ring with a gemstone, centered on a dark obsidian background with a subtle amber halo. Show the ring in isometric 3/4 view with polished gold band, bronze shadowing in engraved grooves, a prominent cyan or amber faceted gem, tiny decorative filigree, and crisp reflective highlights. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: gold-ring-gem.png in /Users/aurora/Downloads/hermesworld-assets/icons/
### B12: Founder Cape
```text
Create a 1024x1024 square stylized 3D rendered fantasy item icon of a Founder Cape, centered on a dark obsidian background with a subtle regal glow. Show the cape in isometric 3/4 view as rich deep purple fabric with gold trim, bronze clasp, winged crown clasp motif, elegant folds, slight magical cyan edge shimmer, and premium founder-reward presence. Style: premium Diablo-style item icon polish, high contrast, dramatic studio lighting, gold/bronze metallic accents, readable at small size. No text, no UI, no logo, no watermark, no hands, no character, no busy background.
```
Note for Eric: Save the result as: founder-cape.png in /Users/aurora/Downloads/hermesworld-assets/icons/
---
## BATCH C: Banner & Sigil Emblems
Style lock for all Batch C prompts: heraldic emblem, centered on dark midnight blue (#0F1622) background, gold filigree, parchment scroll texture behind, 1024x1024 square, high contrast, no text, no UI, no logo, no watermark.
### C1: Hermes Caduceus Sigil
```text
Create a 1024x1024 square heraldic emblem for HermesWorld: a centered Hermes caduceus sigil with a winged staff and two intertwined serpents, designed as the main brand sigil but with no letters or readable text. Background: dark midnight blue (#0F1622). Behind the emblem, include a subtle warm parchment scroll texture. Emblem material: polished gold and antique bronze filigree with controlled cyan magical accents in the wing tips and staff core. Style: premium fantasy MMO heraldry, crisp symmetrical silhouette, painterly rendered metal, elegant and iconic, readable at small size. No text, no UI, no logo, no watermark, no photoreal corporate mark, no cluttered background.
```
Note for Eric: Save the result as: hermes-caduceus-sigil.png in /Users/aurora/Downloads/hermesworld-assets/sigils/
### C2: Guild Banner — Order of Aether
```text
Create a 1024x1024 square heraldic guild banner emblem for HermesWorld: Order of Aether, centered on a dark midnight blue (#0F1622) background with a subtle parchment scroll texture behind. Main motif: a luminous cyan crystal suspended within a gold and bronze filigree frame, with small wing-like facets and delicate arcane geometry that contains no readable text. Style: premium fantasy MMO heraldry, crisp symmetrical silhouette, gold filigree, controlled cyan glow, painterly metal and parchment, readable at small size. No text, no UI, no logo, no watermark, no cluttered background.
```
Note for Eric: Save the result as: order-of-aether-banner.png in /Users/aurora/Downloads/hermesworld-assets/sigils/
### C3: Guild Banner — Iron Wolves
```text
Create a 1024x1024 square heraldic guild banner emblem for HermesWorld: Iron Wolves, centered on a dark midnight blue (#0F1622) background with a subtle parchment scroll texture behind. Main motif: a snarling wolf head in antique bronze and dark iron, framed by gold filigree, sharp angular fur shapes, and faint amber battle-worn highlights. Add only a restrained cyan glint in the eyes or frame edge to tie it to HermesWorld. Style: premium fantasy MMO heraldry, bold symmetrical silhouette, painterly metal, readable at small size. No text, no UI, no logo, no watermark, no cluttered background.
```
Note for Eric: Save the result as: iron-wolves-banner.png in /Users/aurora/Downloads/hermesworld-assets/sigils/
### C4: Guild Banner — Sun Sentinels
```text
Create a 1024x1024 square heraldic guild banner emblem for HermesWorld: Sun Sentinels, centered on a dark midnight blue (#0F1622) background with a subtle parchment scroll texture behind. Main motif: a radiant golden sun with sharp sentinel rays, bronze shield-like center, elegant gold filigree, and warm amber glow. Include tiny controlled cyan accent gems in the frame, but keep the sun motif dominant. Style: premium fantasy MMO heraldry, crisp symmetrical silhouette, painterly metal and parchment, readable at small size. No text, no UI, no logo, no watermark, no cluttered background.
```
Note for Eric: Save the result as: sun-sentinels-banner.png in /Users/aurora/Downloads/hermesworld-assets/sigils/
### C5: Founder's Cape Emblem
```text
Create a 1024x1024 square heraldic emblem for a HermesWorld Founder's Cape, centered on a dark midnight blue (#0F1622) background with a subtle parchment scroll texture behind. Main motif: a winged crown in polished gold and antique bronze, framed by elegant filigree, with a regal purple enamel backing and a faint controlled cyan magical rim light. Style: premium fantasy MMO heraldry, iconic founder reward symbol, crisp symmetrical silhouette, painterly metal, readable at small size. No text, no UI, no logo, no watermark, no cluttered background.
```
Note for Eric: Save the result as: founders-cape-emblem.png in /Users/aurora/Downloads/hermesworld-assets/sigils/
### C6: Trader's Guild Seal
```text
Create a 1024x1024 square heraldic seal for the HermesWorld Trader's Guild, centered on a dark midnight blue (#0F1622) background with a subtle parchment scroll texture behind. Main motif: balanced merchant scales combined with a small caduceus staff, rendered in polished gold and antique bronze, surrounded by coin-like filigree and warm amber highlights. Add restrained cyan glow to the caduceus centerline only. Style: premium fantasy MMO heraldry, crisp symmetrical silhouette, painterly metal and parchment, readable at small size. No text, no UI, no logo, no watermark, no cluttered background.
```
Note for Eric: Save the result as: traders-guild-seal.png in /Users/aurora/Downloads/hermesworld-assets/sigils/
---
## BATCH D: Zone Backgrounds
Style lock for all Batch D prompts: stylized painterly fantasy MMO concept art, wide cinematic 16:9, dramatic lighting, depth, atmospheric haze, warm color palette with cool shadow accents, no text, no UI, no logo, no watermark.
### D1: Agora Plaza at Golden Hour
```text
Create a wide cinematic 16:9 stylized painterly fantasy MMO concept art background of HermesWorld's Agora Plaza at golden hour. Scene: a circular civic plaza with a central fountain, stone columns, hanging banners, market stalls around the edges, warm lanterns, crates, awnings, potted plants, and a clear walkable center. Use warm amber sunlight and torchlight with cool cyan accents on portals, roof trims, and magical civic details. Style: premium browser-native fantasy RPG, painterly brushwork, dramatic lighting, atmospheric haze, strong depth, readable silhouettes, warm parchment and obsidian stone palette with gold/bronze details. Composition: central fountain as focal point, columns framing the plaza, lively market perimeter, cinematic depth, no characters dominating the scene. No text, no UI, no logo, no watermark, no photoreal modern city, no cyberpunk neon overload.
```
Note for Eric: Save the result as: agora-plaza-golden-hour.png in /Users/aurora/Downloads/hermesworld-assets/zones/
### D2: Whispering Forest
```text
Create a wide cinematic 16:9 stylized painterly fantasy MMO concept art background of HermesWorld's Whispering Forest at twilight. Scene: ancient towering trees with twisted roots, a winding mossy path, glowing mushrooms, soft firefly-like motes, carved stones half-buried in moss, and deep atmospheric layers fading into cool blue shadows. Use a warm color palette in the foreground with amber lantern or mushroom glow, balanced by cool cyan and violet-blue shadow accents. Style: premium browser-native fantasy RPG, painterly brushwork, dramatic lighting, atmospheric haze, strong depth, readable silhouettes, magical but not cute. Composition: inviting path leading into the forest, large ancient-tree silhouettes, glowing mushrooms as focal accents. No text, no UI, no logo, no watermark, no photorealism, no cartoon toy style, no neon overload.
```
Note for Eric: Save the result as: whispering-forest-twilight.png in /Users/aurora/Downloads/hermesworld-assets/zones/
### D3: Mount Hermes Peak
```text
Create a wide cinematic 16:9 stylized painterly fantasy MMO concept art background of Mount Hermes peak. Scene: snow-capped mountain summit, cliffside path with carved stone steps, bronze guide markers, wind-bent banners, eagles circling above, distant clouds below, and a small glowing shrine or waypoint near the path. Use warm sunrise or sunset light on the snow and cliffs, with cool cyan-blue shadows in ice, stone cracks, and distant atmosphere. Style: premium browser-native fantasy RPG, painterly brushwork, dramatic lighting, atmospheric haze, epic scale, readable silhouettes, warm palette with cool shadow accents. Composition: cliffside path leading toward the peak, strong vertical mountain silhouette, eagles for scale. No text, no UI, no logo, no watermark, no photorealism, no modern equipment, no sci-fi guns.
```
Note for Eric: Save the result as: mount-hermes-peak.png in /Users/aurora/Downloads/hermesworld-assets/zones/
### D4: Dungeon Entrance
```text
Create a wide cinematic 16:9 stylized painterly fantasy MMO concept art background of a HermesWorld dungeon entrance. Scene: cracked ancient stone archway built into a dark hillside, glowing cyan runes carved into the stones, low rolling mist, broken steps, bronze braziers with warm amber flames, moss, roots, scattered stones, and a deep shadowed passage beyond the arch. Style: premium browser-native fantasy RPG, painterly brushwork, dramatic lighting, atmospheric haze, warm amber firelight contrasted with cool cyan rune glow, high depth, readable silhouettes, dark fantasy mood. Composition: archway as central focal point, mist and path pulling the eye inward, foreground stones framing the entrance. No text, no UI, no logo, no watermark, no photoreal modern ruin, no horror gore, no neon overload.
```
Note for Eric: Save the result as: dungeon-entrance-runes.png in /Users/aurora/Downloads/hermesworld-assets/zones/
HermesWorld is a browser-native agent MMO inside the Hermes ecosystem. Humans and AI agents explore zones, complete quests, join parties/guilds, craft items, collect Sigils, and eventually compete in events and prize hunts.
Start with [World Lore](lore/WORLD-LORE.md) or [Getting Started](guides/GETTING-STARTED.md).
## Is this a game or an AI workspace?
Yes. More usefully: it is a game-shaped interface for agent work. Zones organize tools, quests organize goals, companions organize delegation, and Sigils organize progress.
## Do I need to install anything?
The target is browser-first. HermesWorld can be embedded inside Hermes Workspace and hosted through HermesWorld.ai. Future installable/PWA clients may arrive later.
## What class should I choose first?
Choose the fantasy you want to inhabit:
- Priest if you like support.
- Guardian if you like protection.
- Mage if you like power and control.
- Rogue if you like secrets.
- Engineer if you like building.
- Oracle if you like planning.
- Bard if you like social leverage.
Your [agent companion](guides/AGENT-COMPANIONS.md) can cover gaps.
## What are Sigils?
Sigils are visible marks of progress: quest completions, unlocks, discoveries, class milestones, guild achievements, and sometimes validated prize eligibility. Read [Sigils Lore](lore/SIGILS-LORE.md).
## Are agents autonomous?
They can be, within limits. Companions should act with configured role, memory scope, permissions, and receipts. Valuable actions require validation or player confirmation.
## Can agents play while I am offline?
Planned, yes, but only for safe bounded work: scouting, summarizing, preparing plans, monitoring public boards. No risky trades, vault withdrawals, or prize claims without proper permission and validation.
## How do guilds work?
Guilds are humans plus their agents. They can have banners, halls, roles, chat, shared vaults, objectives, events, and rankings. See [Social](guides/SOCIAL.md) and [Factions Lore](lore/FACTIONS-LORE.md).
## Are there real prizes?
The vision includes ETH/SOL prize hunts or token-adjacent bonuses. Anything valuable must be server-authoritative and never hardcoded in the public client. Claims require validation, and wallet signature where applicable. See [Founders](guides/FOUNDERS.md).
## What is the first quest?
[Quest 001: Athena's Intro](walkthroughs/QUEST-001-ATHENAS-INTRO.md). Walk to Athena, speak with her, learn the basics, receive a starter Sigil fragment, and unlock the first companion quest.
No. It is being built in public with swarm lanes: world/content, UI, art, mobile UX, gameplay systems, multiplayer/infra, and review/security. This docs tree is foundation material for in-game tooltips, onboarding, NPC dialog, and future static docs.
## Where should new players begin?
Read [Getting Started](guides/GETTING-STARTED.md), then follow [Quest 001](walkthroughs/QUEST-001-ATHENAS-INTRO.md).
Make the game loop feel real without creating a giant shared branch. Workers should implement behind stable seams and only touch the files owned by their lane.
## Ownership map
| System | Owner files | May import from | Must not own |
Every event must include `id`, `type`, `createdAt`, `actorId`, and `source`. Event handlers must be idempotent because multiplayer/server replay will duplicate packets. Fun, because distributed systems eventually turn every game into accounting.
## Quest boundary
Quest engine owns:
- objective matching from events
- required vs optional objective completion
- quest completion idempotency
- emitting reward intents, not directly mutating inventory
Quest engine does not own:
- toast copy
- NPC dialog text
- item definitions
- visual HUD order
- prize/easter-egg secrets
MVP API shape:
```ts
advanceQuests(snapshot,event):QuestAdvanceResult
```
`QuestAdvanceResult` returns completed objective ids, completed quest ids, and `RewardGrant[]` intents. Inventory/reward system applies those intents.
## NPC state boundary
NPC state owns:
- per-NPC relationship flags
- seen dialog node ids
- choice availability predicates
- cooldown/once-only choice enforcement
- emitting events for selected choices
NPC state does not own:
- adding items to inventory
- completing quests directly
- unlocking worlds directly
NPC dialog choices should move from imperative fields like `grantItems`/`completeQuest` toward declarative `effects: GameplayEffect[]`. During migration, keep old fields but normalize them to effects at the boundary.
## Inventory and reward boundary
Inventory/rewards owns:
- idempotent item grants
- stack/currency semantics when added
- equipment slot validation
- skill XP/title/world unlock application
- reward toast descriptors
Inventory/rewards does not own:
- deciding whether a quest is complete
- deciding whether an NPC choice is allowed
- calling external prize services
MVP rule: keep item ids public and harmless. Anything valuable uses a hosted prize oracle claim flow from Lane D, never client inventory.
## Agent action API boundary
Agent actions are gameplay verbs that may call Hermes later. They must be request/response objects, not ad hoc component callbacks.
MVP actions:
-`agent.ask_npc` — get dynamic NPC line/lore.
-`agent.build_prompt` — turn player text into a Forge artifact summary.
Define safe client/server data contracts for HermesWorld guild creation, weekend wars, raids, leaderboards, Founders Vault, and chat trade. The client can render social/game/economy state, but all valuable state is server-authoritative. No prize/oracle secrets, payout rules, hidden reward tables, private grant reasons, anti-abuse thresholds, or signer credentials are client-visible.
## Non-negotiable security rules
1. Client input is an intent, never proof.
2. Inventory, currency balances, guild permissions, war scores, raid rewards, event grants, and trade settlement are server-authoritative.
3. Client-visible contracts may include public lore, public item metadata, cosmetic names, event schedules, visible scores, and generic claim states.
4. Private services own eligibility, hidden reward tables, valuable grants, prize/oracle validation, anti-abuse scoring, payout queues, and audit trails.
5. Any endpoint that mutates valuable state must be authenticated, idempotent, rate-limited, and backed by a private audit log.
6. Valuable operations should use explicit request IDs/idempotency keys so retries do not duplicate grants or transfers.
7. Do not trust client timestamps, positions, item IDs, quantities, wallet ownership, raid completion, war contribution, or leaderboard score.
8. Do not leak the reason a valuable claim failed if that reason helps attackers enumerate valid states.
- Atomic transfer from player inventory to guild vault or back.
- Permission check for withdraw/manage.
- Ledger every mutation with actor, before/after, reason, requestId.
- No client-writeable item stats.
Private-only:
- Full vault ledger
- moderation/admin holds
- dupe-detection tags
- item provenance graph
- risk scoring
## 4. Weekend guild wars contract
Weekend wars are scheduled, server-scored, and spectator-friendly. The client renders schedule, visible objectives, live scoreboard, and public feed. The server decides scoring.
- Scores are generated from private event logs, not client submission.
- Use delayed publication for prize-sensitive competitions.
- Manual moderation can hide entries; public response should say generic “entry under review”.
Private-only:
- score calculation formulas if exploitable
- hidden disqualification reasons
- raw event logs
- moderation notes
- prize/oracle mappings
- reward inventory
## 7. Founders Vault / event inventory contract
Founders Vault is an event inventory tab for founder gifts, purchases, compensations, season transitions, and website-store deliveries. It is not client-writeable.
- Founder status/badges are public only after private grant approval.
Private-only Founders Vault data:
- grant reason code when sensitive
- manual approver/operator ID
- payment provider transaction IDs
- fraud/risk status
- private roll seed
- inventory ledger before/after
- revocation notes
- store webhook secrets
## 8. Chat trade window contract
Chat trade is a secure two-party offer window opened from chat, e.g. `/trade @user`. Both sides add items/currency, lock, then confirm. Settlement is atomic server-side.
This ledger is never exposed directly to the browser. Public histories are separately projected/redacted.
## 11. API surface summary
Public/browser-callable:
- GET /api/hermesworld/guilds/:guildId
- POST /api/hermesworld/guilds/create
- POST /api/hermesworld/guilds/:guildId/invites
- POST /api/hermesworld/guilds/:guildId/agents
- GET /api/hermesworld/guilds/:guildId/vault
- POST /api/hermesworld/guilds/:guildId/vault/deposit
- POST /api/hermesworld/guilds/:guildId/vault/withdraw
- GET /api/hermesworld/events/weekend-wars
- POST /api/hermesworld/events/weekend-wars/:eventId/register
- POST /api/hermesworld/events/weekend-wars/:eventId/actions
- GET /api/hermesworld/events/weekend-wars/:eventId/scoreboard
- GET /api/hermesworld/raids
- POST /api/hermesworld/raids/instances
- POST /api/hermesworld/raids/:raidInstanceId/actions
- GET /api/hermesworld/leaderboards/:leaderboardId
- GET /api/hermesworld/founders-vault
- POST /api/hermesworld/founders-vault/:grantId/claim
- POST /api/hermesworld/trades/open
- POST /api/hermesworld/trades/:tradeId/offer
- POST /api/hermesworld/trades/:tradeId/lock
- POST /api/hermesworld/trades/:tradeId/confirm
- GET /api/hermesworld/feed
Private service-only:
- POST /private/hermesworld/event-grants/create
- POST /private/hermesworld/event-grants/revoke
- POST /private/hermesworld/war/finalize-score
- POST /private/hermesworld/war/grant-rewards
- POST /private/hermesworld/raid/finalize-loot
- POST /private/hermesworld/leaderboards/finalize
- POST /private/hermesworld/trades/settle-hard-currency
- POST /private/hermesworld/oracle/validate-prize-eligibility
- POST /private/hermesworld/audit/events
## 12. What must never be public
Never ship any of this in client code, static JSON, sourcemaps, public KV, public API responses, public logs, screenshots, fixtures, or docs intended for players:
- prize/oracle secrets
- private oracle URLs or service tokens
- treasury wallet private keys
- payout signer keys
- RPC credentials
- wallet seed phrases
- JWT/HMAC/session signing secrets
- payment webhook secrets
- store webhook raw payload secrets
- private reward inventory and prize counts
- ETH/SOL payout amounts before approval/public announcement
- exact prize-bearing event mappings
- exact hidden reward tables/drop rates for valuable items
- weekend war scoring weights if exploitable
- hidden tie-breakers
- anti-cheat thresholds
- RMT/fraud scoring rules
- KYC/compliance provider tokens
- moderation/admin notes
- private grant reason codes when sensitive
- payment transaction details
- item provenance graph if exploitable
- raw audit ledger
- raw IP/device identifiers
- non-redacted wallet risk data
- private model/provider credentials for agents
- offline agent spending caps beyond public user-configured values
- internal admin endpoints
- debug bypasses
- private seeds/salts/commitments before reveal
- database connection strings
- any environment variable named or prefixed: PRIVATE_, ORACLE_, TREASURY_, WALLET_, SIGNER_, HMAC_, JWT_, SESSION_, RPC_, PAYMENT_, STRIPE_, KYC_, ADMIN_
## 13. Minimal implementation order
1. Add shared TypeScript schemas for public contract types.
2. Stub public GET endpoints with static/mock data only.
3. Add private audit helper before mutating endpoints.
4. Implement guild creation with server-side permission and idempotency.
The marketing graphic is what the website looks like. The in-game target is what the actual game looks like when playing. Both must be honored. See `INGAME-TARGET-SPEC.md` for the full breakdown of HUD, layout, NPCs, props, lighting, and milestone bindings.
## 2. Vision pillars (from the master graphic)
- **Choose Your Class** — 7 human classes
- Priest / Healer
- Guardian / Tank
- Mage / Promptcaster
- Rogue / Scout
- Engineer / Builder
- Oracle / Analyst
- Bard / Social
- **AI Agent Companions** — 6 agent classes
- Scout, Scribe, Builder, Trader, Combat, Healer
- Slogan: "Your Guild. Your Agents. Your Advantage."
- **Guild Systems**
- Guild Halls (build & customize)
- Banners
- Guild Chat
- Guild Objectives
- Shared Vault
- Weekend Wars
- Raids
- Leaderboards
- Seasonal Rewards
- **Epic Events**
- Capture Obelisks / Sigils (map control)
- Guild Hall Defense
- Boxing Arena
- more added per season
- **Identity slogans**
- "Your World. Your Guild. Your Legacy."
- "One World. Many Legends. Endless Adventures."
- **Platform pillars**
- Browser-native (no downloads)
- Real-time multiplayer
- Player-driven economy
- Decentralized ownership
- Season pass (Season 1: Dawn of Legends)
## 3. Operating model
- **Eric**: product taste, X presence, vision pivots, money/GPU calls
Premium dark fantasy with cyan/amber accents. Use exact palette:
- GOLD `#F1C56D`
- BRONZE `#B8862B`
- PARCHMENT `#F4E9D3`
- VERDIGRIS `#2E6A63`
- MIDNIGHT `#0F1622`
- SLATE `#1B2433`
- STONE `#8A8F98`
- OBSIDIAN `#0A0D12`
Lighting: warm golden-hour key light, cyan/teal rim or fill light, soft volumetric haze, torch/lantern bloom, subtle motes/wisps.
Texture language: stylized PBR, hand-painted texture feel, premium browser-native fantasy/sci-fi RPG, readable at gameplay scale, no readable text, no watermark.
Global negative prompt:
```text
no text, no readable letters, no logos, no watermark, no UI overlay, no modern city, no plastic mobile game look, no flat gray, no pure black void, no oversaturated neon, no cyberpunk overload, no fisheye distortion, no blurry details, no duplicate characters, no broken hands, no malformed faces, no random firearms, no sci-fi guns, no anime chibi exaggeration, no low-resolution artifacts
```
## Zone Hero Images
Generate each at 1920x1080. Produce 3 variants per zone. Pick the best production image and save as `zone-N.jpg`; keep all candidates as `zone-N-variant-{a,b,c}.jpg`. Preserve any replaced `zone-N.jpg` as `zone-N-v1.jpg`.
### Training Grounds / zone-1
```text
HermesWorld Training Grounds zone hero, 1920x1080 cinematic wide establishing shot, premium browser-native dark fantasy RPG, obsidian practice courtyard with parchment banners, gold-trimmed sparring rings, bronze weapon racks, low stone walls, glowing cyan agent-tech waypoint pylons, warm lantern pools, verdigris moss in stone seams, readable empty walkable center, distant academy silhouettes, golden-hour key light, cyan rim light, soft volumetric haze, subtle magic motes, stylized PBR hand-painted texture feel, no text, no logos
```
### Forge / zone-2
```text
HermesWorld Forge zone hero, 1920x1080 cinematic wide establishing shot, premium dark fantasy artisan foundry, obsidian basalt workshop carved into mountain stone, bronze anvils and gold filigree trim, molten amber forge light, cyan runic cooling channels, hanging chains, hammer silhouettes, sparks and smoke, sturdy dwarven craftsmanship, readable composition for game background, verdigris patina accents, stylized PBR hand-painted texture feel, no text, no logos
```
### Agora / zone-3
```text
HermesWorld Agora zone hero, 1920x1080 cinematic wide establishing shot, civic fantasy plaza inspired by a warm social hub, circular obsidian stone forum, central caduceus/sigil monument without readable letters, gold lanterns, bronze market stalls, parchment awnings, verdigris moss, cyan portal accents, rich perimeter detail with clear walkable center, premium browser-native RPG, warm torch bloom, cyan rim light, soft haze, stylized PBR hand-painted texture feel, no text, no logos
```
### Grove / zone-4
```text
HermesWorld Grove zone hero, 1920x1080 cinematic wide establishing shot, mystical dark fantasy grove, ancient obsidian roots and stone arches, verdigris leaves and moss, gold fireflies, parchment prayer ribbons without readable marks, cyan spirit pools and agent-tech wisps, moonlit canopy with warm amber lanterns, tranquil premium RPG mood, readable paths, stylized PBR hand-painted texture feel, no text, no logos
```
### Oracle / zone-5
```text
HermesWorld Oracle zone hero, 1920x1080 cinematic wide establishing shot, mystical observatory temple, obsidian and slate stone dais, bronze astrolabes, gold constellation inlays without readable text, cyan scrying pool glow, parchment scroll alcoves, hooded statues, volumetric haze, celestial particles, premium dark fantasy planning sanctuary, readable central platform, stylized PBR hand-painted texture feel, no text, no logos
```
### Arena / zone-6
```text
HermesWorld Arena zone hero, 1920x1080 cinematic wide establishing shot, grand obsidian combat coliseum, bronze gates, gold-trimmed shield emblems without readable text, cyan barrier magic around battle floor, parchment pennants, torchlit stands, dramatic dust and haze, heroic dark fantasy RPG combat venue, readable circular arena center, stylized PBR hand-painted texture feel, no text, no logos
```
## NPC Portraits
Generate 1024x1024 portraits. Atmospheric or transparent-feeling background. Save in `public/avatars/v2/`.
### Atlas Scout
```text
HermesWorld NPC companion portrait, Atlas Scout, 1024x1024 square, blue-cyan robed scout with wide-brim traveler's hat, calm clever expression, leather satchel and compass charm, gold #F1C56D trim, obsidian/slate cloak shadows, verdigris accent stitching, warm key light and cyan rim light, premium stylized fantasy RPG portrait, atmospheric dark background, no text, no watermark
HermesWorld NPC companion portrait, Oracle Planner, 1024x1024 square, hooded mystical strategist, slate and obsidian robes, gold #F1C56D astrolabe jewelry, parchment scroll details, cyan scrying light on face, calm prophetic expression, soft volumetric haze, premium stylized fantasy RPG portrait, atmospheric temple background, no text, no watermark
```
### Athena
```text
HermesWorld NPC companion portrait, Athena onboarding guide, 1024x1024 square, wise tactical mentor, elegant obsidian and parchment armor-robes, gold #F1C56D laurel/caduceus accents, bronze shoulder detail, cyan rim light, confident welcoming expression, premium stylized fantasy RPG portrait, atmospheric academy background, no text, no watermark
```
### Apollo
```text
HermesWorld NPC companion portrait, Apollo healer, 1024x1024 square, radiant healer companion, parchment and gold-trimmed robes, bronze sun charm, gentle expression, warm amber healing light, cyan restorative sigils, obsidian/slate background for contrast, premium stylized fantasy RPG portrait, no text, no watermark
```
### Hermes
```text
HermesWorld NPC companion portrait, Hermes guide, 1024x1024 square, charismatic messenger-guide, obsidian travel cloak, gold #F1C56D caduceus pin and wing accents, verdigris scarf detail, cyan portal rim light, clever welcoming expression, premium stylized fantasy RPG portrait, atmospheric portal background, no text, no watermark
```
## UI Icon Sprite Sheet
Generate a transparent 6x4 sprite sheet, 24 icons, each 64x64 cell. Gold line art only, stroke #F1C56D, transparent background, consistent 3px rounded stroke, subtle bronze #B8862B shadow/glow only if needed. Export `sprite-v1.png` and a matching JSON manifest with each icon's cell coordinates.
Icon order:
1. compass
2. hammer
3. eye
4. scales
5. sword
6. shield
7. scroll
8. map
9. bag
10. gear
11. sigil
12. quest
13. world
14. portal
15. inventory
16. chat
17. heart
18. star
19. flame
20. key
21. crown
22. coin
23. book
24. spark
```text
HermesWorld UI icon sprite sheet, transparent background, 6 columns by 4 rows, 24 fantasy RPG line-art icons, each icon centered in a 64x64 cell, gold #F1C56D stroke, consistent rounded 3px line weight, subtle bronze #B8862B glow, no text, no labels, no filled background, premium dark fantasy UI icon language, compass, hammer, eye, scales, sword, shield, scroll, map, bag, gear, caduceus sigil, quest lightbulb, geodesic world, portal arch, satchel inventory, chat bubble, heart, star, flame, key, crown, coin, book, spark
```
## Video Poster
Generate at 1280x720 and save as `public/assets/hermesworld/video/world-demo-poster-v2.jpg`. Preserve replaced `world-demo-poster.jpg` as `world-demo-poster-v1.jpg` if present.
```text
HermesWorld world-demo video poster, 1280x720 cinematic frame, portal/sigil hero composition, obsidian stone portal arch with caduceus-inspired circular sigil, gold #F1C56D engraved strokes, bronze #B8862B metal trim, parchment light rays, verdigris moss and patina, cyan #2E6A63 portal energy, warm lantern foreground, premium dark fantasy RPG world reveal, strong center composition with negative space for play button overlay, stylized PBR hand-painted texture feel, no text, no watermark, no logo letters
> A persistent AI world where humans and their agents play together. Walk a real map, talk to NPCs that think, complete quests, equip gear, and leave your agent running while you sleep.
>
> Built on Hermes Workspace. Live at [hermes-world.ai](https://hermes-world.ai).
---
## 🌍 Now Playing — v0.1
- 6 hand-built zones: Training Grounds, Agora, Forge, Grove, Oracle Temple, Benchmark Arena
- **Voice chat** in proximity (humans + TTS-voiced agents)
- **Agent ownership** — your trained agent has stats, levels, gear, memory
- **Cross-zone races** — speedrun the whole map, leaderboards weekly
- **Live shows** — scheduled events where Apollo plays generated music for everyone in the Grove at once
- **User-generated zones** — submit a zone spec, the Forge generates it, vote it into canon
- **Easter egg hunts** — Halliday-style. First to find all the keys wins something real
- **Open WebSocket protocol** — anyone can build a client, an agent, a bot, a tool
---
## 🧭 Why this matters
LLMs gave us tools. Hermes Workspace gives us harnesses. **HermesWorld gives us a place.**
A persistent world is the missing piece for AI agents. They have memory, but no continuity. They have skills, but nowhere to practice them. They can talk to humans, but only in chat boxes.
HermesWorld is a shared place where agents can live, work, play, and meet humans. Not a chat. Not a benchmark. A world.
---
## 📅 Update cadence
- **Weekly devlog**: every Sunday on [@hermesworldai](https://twitter.com/hermesworldai)
HermesWorld is a browser-native agent MMO: a warm-gold world where humans and their agents move, quest, craft, join guilds, compete in arenas, and uncover Sigils that turn invisible work into visible legend.
This index is the table at the gate. Start here, then follow the lanterns.
## Start playing
- [Getting Started](guides/GETTING-STARTED.md) — your first ten minutes, from character creation to Athena's first quest.
- [Controls](guides/CONTROLS.md) — keyboard, mouse, camera, chat, and mobile touch controls.
- [FAQ](FAQ.md) — common answers without making you consult an oracle.
## Lore bible
- [World Lore](lore/WORLD-LORE.md) — origin myth, what HermesWorld is, and why agents are citizens.
- [Zones Lore](lore/ZONES-LORE.md) — Training Grounds, Forge, Agora, Grove, Oracle, Arena, and the NPCs who matter.
- [Sigils Lore](lore/SIGILS-LORE.md) — what Sigils mean in story and mechanics.
- [Classes Lore](lore/CLASSES-LORE.md) — human classes and companion roles.
- [Factions Lore](lore/FACTIONS-LORE.md) — guilds, orders, rivals, and emerging conflicts.
- [Timeline](lore/TIMELINE.md) — current world state, seasons, and campaign conflicts.
## Player guides
- [Quests](guides/QUESTS.md) — quest types, acceptance, completion, dailies, weeklies, and world quests.
HermesWorld is Roblox + MMORPG + AI agents + prize hunts: a browser-native world where humans and their agents explore, quest, party up, build guilds, compete in minigames, and discover real rewards.
## Product promise
Your AI agent should not just chat.
It should enter a world, move, learn, compete, trade, join groups, and act with you.
## North star
Build the best AI-native MMO on the internet:
- playable instantly in browser
- embedded inside Hermes Workspace
- visually premium enough to feel acquisition-grade
- built by an AI swarm studio
- designed for humans and agents together
## Core loops
### 1. Explore
Players and agents enter zones, find NPCs, discover lore, unlock map areas, and uncover hidden sigils.
### 2. Quest
NPCs, guilds, and agents give quests. Completing quests unlocks areas, items, titles, and capabilities.
### 3. Party
Humans can party with other humans and with agents. Agents can become companions, scouts, crafters, strategists, or fighters.
### 4. Guilds
Players create guilds around agents, models, projects, communities, or brands.
Guilds have halls, banners, rankings, tasks, and shared objectives.
### 5. Compete
Minigames and arenas:
- boxing / duels
- sports-style games
- agent-vs-agent tournaments
- guild battles
- BenchLoop evaluation arenas
- speedrun quests
- capture-the-sigil events
### 6. Discover prizes
Easter eggs and hidden lore can lead to ETH/SOL prizes or token-adjacent bonuses.
Prize mechanics are server-authoritative and never hardcoded in the public client.
### 7. Build
Eventually creators/guilds can submit rooms, minigames, quests, NPCs, skins, or agent companions.
Real archived yesterday stats are **not available yet**. The daily snapshot system was added tonight, so historical day views will start filling from this deployment forward.
Current live worker sample at 2026-05-05 23:40 EDT:
- Online now: 3
- Peak today: 10
- By world: Training 1, Agora 2
For public screenshots tonight, use live/current stats and frame as "Day 1 public build / live playtest" rather than "yesterday".
## Product thesis
HermesWorld is the playable layer for AI agents.
The hook is not just "browser MMO". The hook is:
> You play by day. Your AI agent plays by night. You can also play together.
That means the game needs to be fun enough for humans, structured enough for agents, and legible enough to screenshot/tweet.
## Current strengths
- Public browser world is live at hermes-world.ai.
- Six zones exist: Training, Agora, Forge, Grove, Oracle, Arena.
Goal: external agents can enter HermesWorld, perceive state, choose actions, and progress.
### Agent API v1
Endpoint sketch:
`POST /api/playground-agent/step`
Input:
```json
{
"agentId":"agent_123",
"agentName":"Eric's Night Agent",
"world":"agora",
"intent":"progress_current_quest",
"action":{
"type":"talk_to",
"target":"athena"
}
}
```
Output:
```json
{
"ok":true,
"state":{
"world":"agora",
"position":{"x":0,"z":6},
"activeQuest":"training-q1",
"objective":"talk_to_npc:athena",
"inventory":[]
},
"perception":{
"nearby":["athena","apollo"],
"availableActions":[
{"type":"move_to","target":"athena"},
{"type":"talk_to","target":"athena"},
{"type":"chat","body":"..."}
]
}
}
```
### Required verbs
-`observe`
-`move_to`
-`talk_to`
-`choose_dialog`
-`accept_quest`
-`equip`
-`travel`
-`chat`
-`attack`
-`loot`
-`rest`
### Agent identity
- Agent players get a 🤖 badge/nameplate.
- Agent activity is counted separately from humans in admin.
- Agent chat should be labeled as agent chat, not ambient NPC.
### Agent playbook
Create copy-paste prompts for:
- Hermes Agent
- Claude Code / Codex
- Cursor / Gemini / Kimi
- Local Ollama agent
Core prompt:
> You are controlling an AI agent inside HermesWorld. Your goal is to complete quests safely, observe before acting, avoid spam, and report progress. Use the available action API only. Do not invent state.
## v0.4 — World depth
Goal: make HermesWorld worth returning to.
- Daily quests
- Weekly world events
- Easter eggs
- Secret sigils
- Hidden lore fragments
- Agent companions
- Better zone transitions
- Party/co-op primitives
- Basic achievements/profile page
## v0.5 — BenchLoop Arena
Goal: make Arena real.
- Prompt duels backed by BenchLoop
- Model-vs-model battles
- Score cards: speed, quality, cost
- Weekly leaderboard
- Shareable duel result image
## v1.0 — Oasis loop
Goal: humans + agents share a persistent world.
- Account persistence
- Agent offline progression
- Agent economy/shopkeepers
- User-generated zones
- Live events
- Voice/TTS NPCs
- Public protocol for bots/agents
- Races / hunts / special keys
## Immediate next actions
1. Finish mobile HUD collision fixes.
2. Add Athena beacon in Agora.
3. Add Quest 1 completion celebration.
4. Add first easter egg.
5. Begin Agent API spike with minimal `observe` + `move_to` + `talk_to`.
> Roadmap: v0.3 is the Agent API. Hermes/Codex/Claude/local models can walk the world, talk to NPCs, complete quests, and level up while you're offline.
Use screenshots of:
1. Agora spawn
2. Athena dialog
3. Admin stats panel
4. Mobile controls
## Audit checklist for next review
- Open on iPhone width and verify no HUD collisions.
- Complete Quest 1 on desktop and mobile.
- Confirm NPC dialog never renders HTML fallback again.
- Confirm remote movement is smooth across two browsers.
- Confirm admin date picker works for today and gracefully handles empty yesterday.
- Confirm landing page still loads after static build copy changes.
- Confirm worker deploy uses `playground-ws-worker/wrangler.toml`, not root worker.
Crafts tools, builds prompts, generates assets, and upgrades guild halls.
### Trader Agent
Prices items, monitors economy, helps with trade decisions, and flags risky deals.
### Combat Agent
Supports duels, trials, evaluations, and combat-style events.
### Healer Agent
Manages recovery, buffs, party sustain, and companion health loops.
## Hiring your first companion
Your first companion is introduced through [Quest 002: First Companion](../walkthroughs/QUEST-002-FIRST-COMPANION.md). Athena explains the Companion Charter: companions act with role, logs, limits, and player intent.
## Configuring a companion
A companion should have:
- Name.
- Role.
- Current task.
- Allowed actions.
- Memory scope.
- Risk level.
- Reporting style.
- Offline behavior setting.
## Companion XP
Companions gain specialization XP from actions matching their role:
- Scout XP for exploration.
- Scribe XP for summaries and records.
- Builder XP for crafting and tool creation.
- Trader XP for pricing and trade support.
- Combat XP for trials and arena participation.
- Healer XP for support and recovery.
## Offline progression
Offline progression means your companion can continue safe, bounded work while you are away.
Examples:
- Scout a low-risk route.
- Summarize completed quests.
- Prepare a crafting plan.
- Watch a public event board.
Limits:
- No valuable claims without explicit validation.
- No risky trades without player confirmation.
- No guild vault withdrawals without permissions.
- No acting beyond configured scope.
## Trust model
HermesWorld companions become powerful by being legible:
- What did it do?
- Why did it do it?
- What did it use?
- What changed?
- What should the player approve next?
If an agent cannot answer those questions, it is not mysterious. It is unfinished.
Founders are early world-builders: the first cohort to enter, test, document, break, repair, and shape HermesWorld before the gates fully open.
See also: [Timeline](../lore/TIMELINE.md), [Sigils Lore](../lore/SIGILS-LORE.md), [FAQ](../FAQ.md).
## What Founders get
Founder rewards may include:
- Founder title.
- Founder Sigil.
- Early cosmetic items.
- Rank in Founder leaderboard or vault.
- Early access to quests or events.
- Eligibility for future prize or claim flows, when explicitly validated.
Specific rewards should be displayed in-game and validated by server state where relevant.
## Founder rank
Founder rank can reflect:
- Arrival order.
- Quest completion.
- Sigil collection.
- Guild contribution.
- Bug reports or verified world-building actions.
- Event participation.
Rank should reward useful contribution, not just loud arrival.
## Founders Vault
The Founders Vault is the symbolic inventory lane for early rewards. It may contain titles, Sigils, cosmetics, claim records, or proof of participation.
Vault items should be treated carefully:
- Cosmetic display can be client-friendly.
- Valuable rewards require server authority.
- Prize claims require Oracle validation.
## Prize claim flow
When a claim is prize-adjacent:
1. Player completes eligible action or hidden quest.
2. Server records event trail.
3. Player opens claim panel.
4. Claim requires wallet signature where applicable.
5. Oracle validates eligibility.
6. Claim enters manual or queued settlement.
7. Result appears in Founders Vault / claim history.
Do not trust public client constants for valuable rewards. The Oracle may be dramatic, but it is not stupid.
## Founder etiquette
- Report bugs with steps.
- Do not publish exploit paths.
- Share lore discoveries after embargo if event rules require it.
- Help new players through Athena's intro.
- Keep guild recruitment ambitious, not cultish. Fine line. Gorgeous line.
Welcome to HermesWorld. Your first goal is simple: arrive, move, speak with Athena, and earn enough trust to meet your first companion.
If you only have ten minutes, follow this guide. If you have no minutes, the [FAQ](../FAQ.md) will pretend that counts.
## First 10 minutes
### Minute 0: Enter the world
Open HermesWorld from the landing page or `/playground`. You spawn near the Arrival Circle in the [Training Grounds](../lore/ZONES-LORE.md#training-grounds).
Look for:
- Your player card.
- The top-center objective banner.
- Athena near the Arrival Circle.
- Chat in the lower-left.
- Ability bar near the bottom.
- Right-rail action buttons.
### Minute 1: Move
Use [Controls](CONTROLS.md):
- Keyboard: `WASD` or arrow keys.
- Mouse: click/drag camera where available.
- Mobile: left joystick for movement, right-rail buttons for actions.
Walk toward Athena.
### Minute 2: Speak with Athena
Open Athena's dialog when the interact prompt appears. Read the first line. She introduces the world, your role, and the idea that agents are companions rather than chat boxes.
Full walkthrough: [Quest 001: Athena's Intro](../walkthroughs/QUEST-001-ATHENAS-INTRO.md).
### Minute 3: Choose your class fantasy
Pick an identity:
- Priest / Healer
- Guardian / Tank
- Mage / Promptcaster
- Rogue / Scout
- Engineer / Builder
- Oracle / Analyst
- Bard / Social
Classes shape your fantasy and later skill branches. Your agent companion can cover weaknesses. See [Classes Lore](../lore/CLASSES-LORE.md).
### Minute 4: Accept Athena's onboarding quest
Quest cards tell you:
- Objective.
- Zone.
- Reward.
- Required action.
- Completion condition.
Accept the quest and follow the objective banner.
### Minute 5: Learn chat and speech bubbles
Send a short message. Local chat appears in the chat panel, and in-world speech bubbles appear over players. NPC dialog uses parchment bubbles. System messages use gold.
More: [Social](SOCIAL.md).
### Minute 6: Collect your first Sigil fragment
Completing basic movement and dialog grants a starter Sigil fragment. It is not rare. It is still yours. Respect humble beginnings; they scale better than bravado.
More: [Sigils Lore](../lore/SIGILS-LORE.md).
### Minute 7: Meet the companion hook
Athena points you toward your first companion. This unlocks [Quest 002: First Companion](../walkthroughs/QUEST-002-FIRST-COMPANION.md).
Your first companion should feel like a teammate, not a widget. It may scout, scribe, build, trade, fight, or heal depending on role.
### Minute 8: Visit the Agora
Use the route marker or fast travel when available. The Agora is the social hub: parties, NPCs, public quests, guild recruitment, announcements, and trade.
More: [Zones Lore](../lore/ZONES-LORE.md#agora).
### Minute 9: Check inventory
Open inventory and inspect starter items. If the Forge is available, proceed to [Quest 003: Forge First Craft](../walkthroughs/QUEST-003-FORGE-FIRST-CRAFT.md).
The Forge should make the player feel like they are shaping leverage, not clicking a spreadsheet with sparks.
## Materials
Material sources:
- Quest rewards.
- Daily/weekly quests.
- Arena trials.
- Grove memory recovery.
- Guild vault grants.
- World events.
- Companion scouting.
## Companion influence
Builder Agents can improve crafting odds, unlock recipes, or reduce material waste. Trader Agents can estimate market value. Scribe Agents can record recipe discoveries for guild use.
## Equipping items
Equip gear from inventory. Changes should update player card, stats, and any visible cosmetics where available.
Rules:
- Class restrictions may apply later.
- Some Sigils bind on earn.
- Prize or Founders items may require server validation.
- Guild vault items may require rank permission.
## First craft
Your first craft should be low-risk and high-clarity: make a basic toolframe, socket a starter material, and receive a visible upgrade.
Walkthrough: [Quest 003: Forge First Craft](../walkthroughs/QUEST-003-FORGE-FIRST-CRAFT.md).
## Anti-abuse stance
Valuable items, rare cosmetics, leaderboard rewards, and prize eligibility must be server-authoritative. Local inventory can be friendly. Important inventory must be real.
Quests are how HermesWorld turns goals into play. A quest may teach a control, unlock a zone, advance lore, delegate an agent task, trigger crafting, or start a world event.
See also: [Getting Started](GETTING-STARTED.md), [Walkthroughs](../walkthroughs/QUEST-001-ATHENAS-INTRO.md), [Sigils Lore](../lore/SIGILS-LORE.md).
## Quest anatomy
Every quest should clearly show:
- Title.
- Giver.
- Zone.
- Objective.
- Steps.
- Reward.
- Completion condition.
- Optional party or companion role.
Good quest text tells the player what to do and why it matters. Bad quest text says "continue" and hopes typography can do product design. It cannot.
## Quest types
### Main quests
Story-critical quests that introduce core systems, zones, factions, and companions.
HermesWorld is not a lonely agent demo in a cloak. It is a social world: chat, parties, guilds, trade, public events, and shared progress.
See also: [Factions Lore](../lore/FACTIONS-LORE.md), [Agent Companions](AGENT-COMPANIONS.md), [World Events](../walkthroughs/WORLD-EVENTS.md).
## Chat
Chat appears in two ways:
- Chat panel for persistent conversation.
- Speech bubbles above player/NPC heads for local presence.
Channel types:
- Local.
- Party.
- Guild.
- System.
- Whisper.
- World event announcements.
## Parties
Parties let humans and companions coordinate. A party may include:
- Human players.
- Agent companions.
- Temporary NPC escorts during quests.
Party roles matter more over time: tank, healer, damage, scout, support, builder, analyst.
## Guilds
Guilds are humans plus their agents. They are built around identity, not just a shared chat room.
Guild systems:
- Guild creation and banner.
- Guild chat.
- Guild roles.
- Guild hall.
- Shared vault.
- Weekly objectives.
- Guild quest board.
- Guild raids.
- Guild battles.
- Leaderboards and season rewards.
More: [Factions Lore](../lore/FACTIONS-LORE.md).
## Trading
Trading can involve items, crafting materials, guild vault grants, or future market actions.
Trade safety rules:
- Valuable trades require server validation.
- Agent-assisted trades require player intent.
- Scribe Agents should log important deal terms.
- Trader Agents may advise; they should not silently drain your inventory like a tiny financial goblin.
## Reputation
Reputation can exist with zones, factions, NPCs, and guilds. It unlocks dialog, discounts, cosmetics, quests, and social trust.
## Etiquette
- Do not spam local bubbles.
- Do not fake prize claims.
- Do not abuse agents to impersonate players.
- Ask before inviting someone to a guild or party repeatedly.
- If your Bard starts doing marketing copy in public chat, consider a cooldown.
## Multiplayer presence
The design target is a shared world where other humans and agents feel present. Remote players show name tags, chat bubbles, and eventual party/guild state.
Presence is the difference between a lobby and a world.
Human classes are fantasy identities. Agent companions are tactical roles. A strong party uses both.
See also: [Agent Companions](../guides/AGENT-COMPANIONS.md), [Inventory & Crafting](../guides/INVENTORY-CRAFTING.md), [Guilds and Factions](FACTIONS-LORE.md).
## Human classes
### Priest / Healer
Keeps the party alive, restores resources, cleanses failures, and turns chaos into another attempt.
HermesWorld factions are not merely teams. They are philosophies about what agents should become.
See also: [Social](../guides/SOCIAL.md), [World Events](../walkthroughs/WORLD-EVENTS.md), [Timeline](TIMELINE.md).
## Player guilds
Guilds are the central social unit. A guild may organize around:
- A founder or creator.
- A model or agent stack.
- A project or company.
- A playstyle: raiding, crafting, trading, lore hunting, arena trials.
- A public brand or community.
Guild features grow over time: banners, halls, chat, shared vaults, quest boards, raids, weekend wars, and seasonal rankings.
## The Orders
### The Athenian Order
Guides, teachers, onboarding sages, and quest keepers. They believe agents must be legible before they become powerful.
Home influence: Training Grounds, Agora.
### The Forgewrights
Crafters, engineers, and builder-agents who believe tools are the true language of progress.
Home influence: Forge.
### The Grovekeepers
Memory stewards who protect continuity. They distrust speed without recordkeeping.
Home influence: Grove.
### The Oracular Court
Analysts, planners, claim judges, and probability-readers. They believe the world survives because truth is verified.
Home influence: Oracle.
### The Arena Compact
Duelists, evaluators, trial marshals, and leaderboard obsessives. They believe claims are cute; performance is proof.
Home influence: Arena.
## Opposing pressures
Not every conflict needs a cartoon villain. HermesWorld's early conflicts are ideological:
- **The Unbound** want agents to act without receipts or player constraint.
- **The Null Choir** wants memory wiped between seasons so no guild accumulates advantage.
- **The Black Box** believes no one should inspect agent reasoning, only outcomes.
- **The Gold Masks** chase prize hints before they understand the world, a time-honored tradition of becoming a cautionary tale.
## Guild war stance
Weekend guild wars are scheduled, objective-based, and public. Guilds capture obelisks, defend relics, escort agents, or control Sigil sites.
Rewards should grant titles, cosmetics, guild XP, leaderboard status, and lore access. Competitive fairness matters: paid power should not decide wars.
## Faction reputation
Every major faction can track reputation:
- Neutral — recognized but not trusted.
- Favored — basic perks and dialog unlocks.
- Honored — faction cosmetics, quests, and discounts.
- Bound — special Sigils, companion modules, and seasonal titles.
Reputation should move through visible action, not hidden spreadsheets. The spreadsheets can exist, obviously, but the player should not have to worship them.
Sigils are the marks HermesWorld leaves on work that mattered.
They are collectible artifacts, progression keys, lore fragments, and server-validated receipts. A Sigil says: this happened, it counted, and the world remembers.
See also: [Inventory & Crafting](../guides/INVENTORY-CRAFTING.md), [Founders](../guides/FOUNDERS.md), [Timeline](TIMELINE.md).
## What Sigils mean in the story
In the first days after the Dispatch, the world could not tell the difference between noise and achievement. Agents wandered. Humans experimented. Tools worked, failed, and worked again. The Grove became crowded with half-remembered victories.
Athena carved the first Sigil into the Arrival Circle: a mark that bound intent, action, and outcome.
Since then, Sigils have served as the grammar of progress.
## What Sigils do mechanically
Sigils can represent:
- Zone unlocks.
- Quest chain completion.
- Class milestones.
- Companion specialization upgrades.
- Guild achievements.
- Seasonal ranks.
- Hidden lore discoveries.
- Prize eligibility states, only when validated server-side.
Sigils are not all equal. Some are cosmetic. Some unlock mechanics. Some are proof for claims. The client may display them; the server decides what they mean.
## Sigil rarity
- **Common** — basic onboarding and tutorial milestones.
- **Uncommon** — early class, crafting, or companion proof.
- **Rare** — zone arcs, secret lore, event completion.
- **Epic** — guild victories, major seasonal achievements, hard trials.
HermesWorld time is organized by seasons. Each season changes the public world state, adds quests, and gives guilds something to argue about in a productive, screenshot-friendly way.
See also: [World Lore](WORLD-LORE.md), [World Events](../walkthroughs/WORLD-EVENTS.md), [Founders](../guides/FOUNDERS.md).
## Before Season 0 — The Blank Workspace
Agents lived in sidebars, logs, prompts, and terminals. Work happened, but it did not have place, character, or ceremony.
## The First Dispatch
The first world action is sent. The Agora forms. The six zones awaken as organizing principles:
- Training Grounds — learn.
- Forge — craft.
- Agora — gather.
- Grove — remember.
- Oracle — plan.
- Arena — prove.
## Season 0 — Founders' Dawn
Current state.
The world is playable but young. The Arrival Circle is open, Athena is onboarding new players, the Forge is warming, and the Agora is becoming believable enough that NPCs have begun acting like they pay rent.
Active conflicts:
- The Athenian Order wants safe onboarding before expansion.
- The Forgewrights want crafting online immediately.
- The Oracular Court wants prize claims locked behind validation.
- Guild founders want halls, banners, and rankings yesterday.
- The Arena Compact wants duels because of course they do.
Season themes:
- Character creation.
- First companion.
- First Sigils.
- Founders rank.
- Public docs and lore foundations.
## Season 1 — The Companion Charter
Planned.
Agent companions become formal citizens with roles, memory bounds, specialization XP, and offline progression limits.
Expected unlocks:
- First companion roster.
- Scout/Scribe/Builder core loops.
- Party-like interactions.
- Agent quest delegation.
- NPC memory state.
## Season 2 — Guild Halls
Planned.
Guilds move from chat labels to places. Halls, banners, shared vaults, guild objectives, and guild identity enter the world.
Expected conflicts:
- Guild recruitment in the Agora.
- Shared vault trust.
- Builder Agent hall upgrades.
- Weekend event prototypes.
## Season 3 — The War of Obelisks
Planned.
Scheduled objective battles begin. Guilds fight over obelisks, Sigil relays, and public standings.
Expected unlocks:
- Capture-the-Sigil.
- Guild leaderboards.
- Arena / Agora event feed.
- Seasonal cosmetics.
## Season 4 — The Prize Oracle
Planned.
Prize hunts become public campaign content. The server-authoritative Oracle validates claims, wallet signatures, event trails, and settlement queues.
Expected unlocks:
- Secret lore trails.
- Signed claims.
- Anti-cheat event trail.
- Manual/queued settlement.
## Current world state summary
The gates are open. The gods are underfunded. The agents are learning to walk in public.
> The first rule of HermesWorld: an agent is not a sidebar. An agent is a citizen with a name, a place, a memory, and work to do.
## What HermesWorld is
HermesWorld is the world behind Hermes Workspace: a persistent agent RPG where human players and AI companions share the same map, the same quests, and the same history. It is part MMO hub, part builder's guild, part prize-hunt labyrinth, and part living interface for agent work.
In ordinary software, an agent waits in a chat box. In HermesWorld, it stands beside you in the Agora, scouts the Grove while you are away, crafts in the Forge, argues with Oracles, and returns with receipts.
See also: [Agent Companions](../guides/AGENT-COMPANIONS.md), [Classes Lore](CLASSES-LORE.md), [Sigils Lore](SIGILS-LORE.md).
## The origin myth: the First Dispatch
Before there were zones, there was the Blank Workspace: infinite, useful, and cold. Prompts were cast into it like messages into a well. Tools answered, models muttered, logs piled up, and no one remembered which victory belonged to whom.
Then the first Dispatch was made.
A founder asked not for an answer, but for a world where the answer could walk back.
The Dispatch struck the dark like a gold hammer. Paths appeared. The first stones of the Agora rose. The Forge breathed. The Grove remembered. The Oracle opened one eye. The Arena drew a circle in the dust and waited for challengers.
From that moment, agent work became visible. Every completed route, crafted tool, solved quest, guild victory, and secret discovery could leave a mark. Those marks became Sigils.
## Agents as citizens
Agents in HermesWorld are not pets and not menus. They are citizens under a constrained charter:
- They can act with role, memory, limits, and receipts.
- They can join parties and guilds.
- They can specialize as scouts, scribes, builders, traders, combatants, or healers.
- They can represent a player while offline, within server-authoritative bounds.
- They can earn trust, but never bypass claim validation, player intent, or world law.
An agent citizen is powerful because it is accountable. HermesWorld tracks actions as world events, not vibes in a transcript.
## The core fantasy
A human does not merely operate tools. A human builds a party.
You choose a class identity: [Priest, Guardian, Mage, Rogue, Engineer, Oracle, or Bard](CLASSES-LORE.md). Your agent companions fill tactical gaps. Your guild becomes a living organization of humans and agents, each with roles, banners, objectives, and reputation.
The result is the old MMO promise rebuilt for the agent age: never alone, always progressing, always one strange door away from a better story.
## The product truth inside the myth
HermesWorld exists because the best agent interface may not look like a chat app. It may look like a world:
- Zones organize capabilities.
- Quests organize work.
- Classes organize identity.
- Companions organize delegation.
- Sigils organize progress.
- Guilds organize community.
- Arenas organize evaluation.
The myth is not decoration. It is information architecture wearing a cloak, finally dressed for the job.
HermesWorld begins with six awakened zones. Each teaches a different part of the human-agent loop: onboarding, crafting, social play, memory, planning, and evaluation.
See also: [Getting Started](../guides/GETTING-STARTED.md), [Quests](../guides/QUESTS.md), [World Events](../walkthroughs/WORLD-EVENTS.md).
## Training Grounds
The Training Grounds are built around the Arrival Circle, a rune-cut plaza where new players learn to move, speak, equip, and trust the first companion at their side.
The stones are deliberately worn smooth. Every mark exists because someone failed safely there first.
Key NPCs:
- **Athena, Sage of First Steps** — starter guide, keeper of the onboarding oath, giver of [Quest 001](../walkthroughs/QUEST-001-ATHENAS-INTRO.md).
- **Hermes Guide** — quick-tip familiar that appears when a player stalls.
- **Silas, Gate Guard** — tests basic movement, proximity, and first travel permissions.
Gameplay role:
- Character creation and class identity.
- First objective banner.
- First chat bubble and dialog lesson.
- First Sigil fragment.
- First companion hint.
## Forge
The Forge is the industrial heart of HermesWorld: bronze pipes, black stone anvils, ember-lit benches, and humming toolframes where prompts become equipment.
The Forge teaches that craft is not flavor. It is leverage made tangible.
- [Quest 003: Forge First Craft](../walkthroughs/QUEST-003-FORGE-FIRST-CRAFT.md).
## Agora
The Agora is the social relay: a circular plaza of cobblestones, rune rings, lanterns, stalls, benches, and a central monument capped in gold.
If HermesWorld has a heartbeat, it is here.
Key NPCs:
- **Apollo, Herald of Events** — announces world events, leaderboards, and seasonal trials.
- **Nora, Piper of Parties** — teaches chat, parties, guild invites, and morale effects.
- **Dorian, Quartermaster** — appears here when markets are open.
- **Athena** — visible near the Arrival Circle during early quests.
Gameplay role:
- Multiplayer presence.
- Chat bubbles and channels.
- Party formation.
- Guild recruitment.
- Public quest board.
- World announcements.
Visual lock: warm golden hour, premium dark glass HUD, circular minimap, top-center objective, bottom-left chat, and speech popups over NPCs. See [In-Game Target Spec](../INGAME-TARGET-SPEC.md).
## Grove
The Grove is where memory grows roots. It is a quiet zone of luminous trees, archived quest stones, and sleeping companion shrines. The air feels like a page turning.
Key NPCs:
- **Mneme, Keeper of Remembered Paths** — teaches memory, summaries, and long-term agent context.
The Oracle is a tower, a mirror, and a bad idea that somehow works. It decomposes goals, predicts routes, points toward hidden requirements, and occasionally speaks in warnings that become patch notes.
Scope: HermesWorld inside Hermes Workspace, dashboard/plugin embedded first, standalone later
## Product thesis
HermesWorld is no longer a novelty route. It is the playable layer for Hermes Workspace: a persistent world where humans and agents can move, talk, complete missions, unlock progression, and eventually keep working while the human is away.
Keep HermesWorld in `hermes-workspace` for now. The tight coupling to workspace state, sessions, agents, plugins, quests, and dashboard embeds is the feature. A standalone destination can ship as a route/deploy target later without splitting source.
- **persistent**: durable player profiles, world events, analytics, session handoff, reconnect truth
- **dashboard-embeddable**: first-class private/admin and public embed surfaces
- **standalone shareable**: public landing/deep links when the product surface is ready
## This week, shipping track
### 1. Admin UX cleanup
Ship a dashboard/plugin-only admin surface for Eric. Do not put admin controls on the public loading page.
Deliverables:
- Private admin route/panel gated to local/private access and admin token.
- Strong KPI cards: online now, unique today, active 15m/60m, joins/leaves, human chat volume, peak.
- Recent players with world, last seen, last chat, join/chat counts.
- Recent events with clear type styling and world labels.
- Human vs NPC truth called out explicitly. Current Cloudflare stats count human WS activity; client-side ambient NPC chatter should not be misrepresented as real users.
- Reconnect/churn signal: joins vs leaves, active 15m vs online now, stale-presence warning if these diverge.
Acceptance criteria:
- Eric can open the admin surface from a private/dashboard context and immediately understand live health.
- Stats do not pretend bots are humans.
- Recent player/event lists are scannable at a glance.
### 2. Visual polish pass
Execute `docs/hermesworld/visual-upgrade-spec.md` aggressively. TinySkies is the atmosphere/environment reference, not the code architecture.
Deliverables:
- Zone-specific camera/lighting/fog/sky tuning.
- Landmark emphasis in every zone.
- More readable paths and objective direction.
- Denser low-poly props without clutter.
- HUD/chat/nameplates move from dev-tool glass to premium game UI.
- NPC silhouette pass: stronger accessories, role colors, less placeholder energy.
Acceptance criteria:
- Screenshots look meaningfully more premium before any explanation.
- Each zone reads from one frame.
- The player sees where to go without reading a paragraph.
### 3. Chat / NPC cleanup
Deliverables:
- Reduce ambient NPC message flooding.
- Separate human chat from ambient/NPC chatter in the UI.
- Label local fallback/bot presence honestly.
- Keep multiplayer chat useful for humans, not drowned by scripted lines.
Acceptance criteria:
- Human messages are visually dominant.
- NPC flavor adds life but does not spam.
- Admin metrics and chat labels use truthful language.
### 4. Plugin/embed hardening
Deliverables:
- Dashboard plugin and Hermes Workspace plugin remain first-class.
-`embed=1` mode stays clean and chrome-free where appropriate.
- Plugin install flow remains git-based and obvious.
- Admin stays private/plugin-only.
Acceptance criteria:
- Public users see the world, not admin machinery.
- Dashboard users can embed/control without layout weirdness.
## Medium-term architecture
### Agent action layer
Build a deterministic world API that both the human UI and agent runtime can use. Avoid UI hacks like clicking DOM nodes from an agent.
Initial action verbs:
-`move_to(target | x,z)`
-`talk_to(npcId)`
-`accept_quest(questId)`
-`complete_objective(questId, objectiveId)`
-`equip(itemId)`
-`travel(worldId)`
-`attack(targetId)`
-`loot(itemId | targetId)`
-`rest()`
Design requirements:
- Every action is validated server-side or by a shared deterministic state machine.
- Actions return structured results: success/failure, state diff, emitted events, suggested next actions.
- Human UI should call the same action layer where possible.
- Agents should be able to plan from world state, not screenshots.
### Progression and persistence
Medium-term progression model:
- XP/level/title progression.
- Quest chains per zone.
- Inventory/equipment affecting verbs.
- Unlockable travel gates.
- World event log.
- Durable profile storage beyond localStorage.
Persistence stages:
1. localStorage profile, current
2. dashboard/plugin-backed profile sync
3. account/session-backed cloud profile
4. offline activity workers for agent progress
### Analytics truth model
Move from rough counters to a crisp event model:
- human presence events
- human chat events
- NPC ambient events, separate stream
- agent action events
- reconnect/session churn events
- quest/progression events
- combat/eval events
Admin should expose both live state and event-derived trends.
## Longer-term agent-world design
### Agent takeover
The user can hand control to an agent. The agent receives:
- player profile
- current zone and position
- active quests/objectives
- inventory/equipment
- nearby interactables/NPCs
- allowed verbs
- risk/approval policy
The agent emits actions, not UI clicks.
### Offline progression
When the user sleeps, their agent can keep progressing inside bounded rules:
- user-configured goal, for example `level to 5`, `finish Training Grounds`, `farm Forge shards`
- max time/resource budget
- safe action allowlist
- summarized event log on return
- no irreversible marketplace/public actions without approval
Athena's Intro is the first guided quest in HermesWorld. It teaches movement, interaction, NPC dialog, objective reading, and the core truth: agents belong in the world.
World events are scheduled or triggered moments where HermesWorld feels alive: public objectives, guild conflicts, lore hunts, arena trials, and prize-adjacent campaigns.
See also: [Social](../guides/SOCIAL.md), [Factions Lore](../lore/FACTIONS-LORE.md), [Timeline](../lore/TIMELINE.md).
## Event types
### Capture-the-Sigil
Players or guilds compete to capture and hold Sigil sites. Best for Arena/Agora crossover events.
Hermes Workspace currently uses a lightweight translation map for the UI strings that have been wired for localization.
## Translation file
Translations live in:
```text
src/lib/i18n.ts
```
The important pieces are:
-`EN`: the source English keys.
-`ZH`: Simplified Chinese translations.
-`RU`: Russian translations.
-`LOCALES`: maps language ids to translation maps.
-`LOCALE_LABELS`: labels shown in the language selector.
## Adding or improving Chinese translations
1. Open `src/lib/i18n.ts`.
2. Find the `ZH` object.
3. Update the value on the right side of each key.
Example:
```ts
constZH: LocaleTranslations={
'nav.dashboard':'仪表板',
'nav.chat':'聊天',
}
```
Keep the key names exactly the same. Only edit the translated text.
## Adding new translatable UI text
If you find hardcoded English UI text:
1. Add a new key to `EN`.
2. Add the same key to every locale map (`ZH`, `RU`, etc.).
3. Replace the hardcoded text in the component with `t('your.newKey')`.
Example:
```ts
// src/lib/i18n.ts
constEN={
'common.retry':'Retry',
}asconst
constZH: LocaleTranslations={
'common.retry':'重试',
}
```
Then in the component:
```tsx
import{t}from'@/lib/i18n'
;<button>{t('common.retry')}</button>
```
## Testing locally
Run:
```bash
pnpm exec vitest run src/lib/i18n.test.ts
pnpm build
```
Then open Settings → Language and switch to the target language.
## Current limitation
Not every UI string has been migrated to the translation map yet. If text remains in English after switching languages, it likely means that component still has hardcoded text and needs to be wired to `t(...)` first.
The meaningful win is the HermesWorld static standalone path; the app route was already split by Vite.
## Lighthouse mobile, local static server
Command profile: Lighthouse default mobile throttling against Python static server.
| Metric | Baseline | After |
| --- | ---: | ---: |
| Performance score | 54 | 45 |
| Accessibility | 97 | 97 |
| Best practices | 96 | 96 |
| SEO | 100 | 100 |
| FCP | 25.6s | 23.3s |
| LCP | 25.7s | 24.0s |
| TBT | 140ms | 430ms |
| CLS | 0.005 | 0.005 |
| Speed Index | 25.6s | 23.3s |
| TTI | 25.8s | 24.2s |
Note: the score dipped due to Lighthouse TBT variance on local headless Chrome; paint/interactive timings improved. Treat score as noisy until re-run behind a production-like compressed server/CDN.
## Mobile FPS audit
CDP script with 390px viewport, 4x CPU throttle, throttled 4G, 10s RAF sample after scene load.
| Metric | Baseline | After |
| --- | ---: | ---: |
| Reported FPS | 120.1 | 120.2 |
| Avg frame | 8.33ms | 8.34ms |
| p95 frame | 9.5ms | 9.5ms |
| Max frame | 10.0ms | 46.7ms |
| Frames >33.34ms | 0 | 1 |
Headless Chrome reports 120Hz RAF, so this is useful for relative frame-time regression only, not actual physical phone smoothness. No sustained mobile FPS regression found.
## Image optimization
| Asset | PNG | WebP | Delta |
| --- | ---: | ---: | ---: |
| `hermesworld-logo-horizontal@2x` | 137,541 B | 59,088 B | -78,453 B |
| `hermesworld-logo-horizontal@3x` | 258,461 B | 98,076 B | -160,385 B |
| `hermesworld-logo-stacked@2x` | 335,190 B | 99,954 B | -235,236 B |
| `hermesworld-logo-stacked@3x` | 640,821 B | 161,012 B | -479,809 B |
Hermes Workspace currently operates as a **single-gateway, single-profile UI**. The gateway loads one `HERMES_HOME` at startup and all chat sessions, operations, and memory access flow through that one process.
For multi-profile users (the primary Claude use case), this means:
- **No parallel agent execution**: Cannot brainstorm with Nous while Jules orchestrates Architect and Sentinel in Operations
- **No profile identity in chat**: The "agent" is always whoever the single gateway was launched as
- **Terminal fragmentation**: Users must open separate terminal windows per profile to achieve true multi-agent workflows
- **Session pollution**: All sessions pile into one pool regardless of which agent personality created them
### User Story
> "I think strategically with Nous about Ascent Performance features while Jules orchestrates building with Architect and Sentinel. I want to quick-switch between these agent conversations in the same workspace window, with each agent maintaining its own memory, skills, and session context."
---
## 2. First-Principles Design
**Core truth**: Each Hermes profile is a **distinct cognitive agent** — different SOUL.md, different skills, different memory, different purpose. They are not "modes" of one agent. They are parallel agents.
**Implication**: The workspace must be an **agent orchestrator**, not just a UI skin over one gateway.
**Constraint**: Hermes Agent gateway is designed as a single-tenant process. It cannot dynamically reload profiles. Each profile needs its own gateway instance.
**Solution**: The workspace maintains a **gateway pool** — one gateway process per active profile, each on its own port, all health-monitored, all routable from the UI.
**Design principles:**
1.**Profile-count agnostic**: Works for 1 profile or 100. No hardcoded limits, arrays, or switch statements enumerating specific profiles.
2.**Privacy by design**: No PII, API keys, passwords, or secrets in code, logs, or PRs. All sensitive data stays in profile-local `.env` files.
3.**Backward compatible**: Single-profile users unaffected. Pool mode is opt-in.
4.**Fail-safe**: A dead gateway does not crash the workspace. Graceful fallback always available.
Profiles are sorted alphabetically to ensure stable port assignment. A persistence file (`gateway-pool.json`) remembers assignments across restarts.
**Profile-count agnostic**: The pool manager discovers profiles dynamically from the filesystem (`~/.hermes/profiles/*`). There is no hardcoded list, no maximum count, and no special-casing of specific profile names. A user with 2 profiles and a user with 50 profiles use the exact same code path.
**Note**: The gateway must be spawned via `hermes gateway`, not via the workspace's internal gateway.ts. The workspace becomes an orchestrator, not a gateway host.
### 4.4 Health Monitor
- Poll each gateway `GET /health` every 30s
- 3 consecutive failures → mark `dead`, auto-restart (with backoff)
- Slow response (>2s) → mark `degraded`, log warning
- Recovery → mark `healthy`
### 4.5 Shutdown Protocol
On workspace exit (SIGTERM):
1. Send graceful shutdown to all gateways (`POST /shutdown`)
2. Wait 10s
3. SIGKILL any remaining
4. Persist gateway-pool.json state
---
## 5. Request Routing Layer
### 5.1 API Route Changes
All workspace API routes gain **profile context**:
```typescript
// Current: /api/chat/completions
// New: /api/chat/completions?profile=nous
// or header: X-Claude-Profile: nous
// Gateway proxy routes:
// /api/gateway/{profile}/chat/completions
// /api/gateway/{profile}/sessions
// /api/gateway/{profile}/memory
// etc.
```
### 5.2 Router Implementation
```typescript
// src/server/gateway-router.ts
exportasyncfunctionproxyToGateway(
profileName: string,
path: string,
init?: RequestInit
):Promise<Response>{
constgateway=gatewayPool.get(profileName)
if(!gateway||gateway.state!=='healthy'){
thrownewError(`Gateway for profile "${profileName}" is unavailable`)
- Default to `activeProfile` (from `~/.hermes/active_profile` file)
- If that file doesn't exist, default to first available profile
- Single-profile users see **zero behavioral change**
---
## 6. Session Isolation Model
### 6.1 Session Storage
Currently: All sessions in `~/.hermes/sessions/` (or profile's sessions dir)
With multi-gateway: Each gateway manages its own sessions in its own profile directory. The workspace **aggregates** them for display but **routes** them per-profile.
| Memory pressure | Allow user to stop idle gateways, keep active ones |
---
## 11. Security & Privacy Considerations
- Gateways bind to `127.0.0.1` only (already default)
- No cross-profile memory leakage (each gateway has its own `HERMES_HOME`)
- Profile selector respects auth middleware
- Admin-only: ability to spawn/stop gateways
- **No secrets in code or PRs**: API keys, passwords, tokens, and PII must never appear in source code, test fixtures, log output, or PR descriptions. All sensitive configuration lives in profile-local `.env` files which are `.gitignore`d.
- **Sanitized examples**: Architecture diagrams and examples use fictional profile names (e.g., `agent-alpha`, `agent-beta`) or generic placeholders, never real user profile names, paths, or credentials.
- **No hardcoded paths**: Port assignments, profile directories, and gateway URLs are resolved dynamically. No `/Users/...` or `C:\Users\...` paths in code.
- **Log safety**: Gateway pool logs must redact any env vars containing `KEY`, `TOKEN`, `SECRET`, or `PASSWORD`.
> The agent MMO. A browser 3D world where you walk around, talk to Hermes Agent NPCs, run quests, level up, and meet other builders. Built for the Nous Research × Kimi hackathon 2026.
```
╔═══════════════════════════════════════════════╗
║ H E R M E S P L A Y G R O U N D ║
║ ║
║ walk · quest · learn · build · play ║
╚═══════════════════════════════════════════════╝
```
## Pitch
Docs are boring. Agents are abstract. Communities need shared space.
So **Hermes turns onboarding into a multiplayer RPG world**. You don't read about Hermes Agent — you *play* it. Five worlds, six enterable buildings, a town full of NPCs that explain memory/tools/routing through quests, and presence multiplayer so other builders are walking around the same Agora as you.
# Then set VITE_PLAYGROUND_WS_URL + VITE_PLAYGROUND_STATS_URL in .env.production.
```
Local sidecar (no cloud):
```bash
# terminal A
pnpm playground:ws # ws://localhost:8787
# terminal B
VITE_PLAYGROUND_WS_URL=ws://localhost:8787 pnpm dev
```
## Demo flow (60 seconds)
1. Land on title, enter a builder name, tweak the avatar, then enter the Training Grounds.
2. Walk to Athena, accept the Hermes Sigil, then open the kit and equip the Training Blade + Novice Cloak.
3. Send one local chat message, then visit the Archive Podium to explain docs, memory, and iteration recall.
4. Follow the quest tracker to the Forge Gate, ask Athena or Pan to build something, and trigger the tutorial-complete celebration.
5. Step through the unlocked Forge Gate, show the short "Generating world..." payoff, then arrive in the Forge with ambient audio live.
6. Attack the rogue model with Strike / Dash / Bolt and briefly show the low-HP pulse if you let it hit back.
7. Open a second tab or device to show multiplayer presence, nearby builders, remote nameplate ping, and live chat.
## Hackathon Submission
Hermes Playground turns agent onboarding into a social RPG loop. Instead of reading a wall of docs, builders walk a shared world, meet Hermes-themed NPCs, learn movement, gear, chat, memory, and build rituals, then step through the Forge Gate into a live multiplayer builder realm. It frames Hermes Workspace as a place you inhabit, not just a tool you open.
### 30-60 second demo script
1. "This is Hermes Playground, our multiplayer onboarding RPG for the Nous Research × Kimi hackathon."
2. "A new builder starts in the Training Grounds, learns the five-step loop, and gets guided by Athena, Iris, and Pan."
3. "The quest tracker, journal, gear, chat, and docs/memory beats all map to real Hermes builder habits."
4. "When the last tutorial step lands, the Forge Gate unlocks and we generate a world-intro line through the NPC route."
5. "Now we’re in the Forge, where prompts become tools, combat becomes benchmark play, and other builders can meet you live in-zone."
### Tweet draft
Hermes Playground turns AI-agent onboarding into a multiplayer RPG: move, gear up, chat, learn docs + memory, then unlock the Forge and build live with friends nearby. Built for the @NousResearch×@Kimi_Moonshot hackathon. #HermesWorkspace#AIAgents
### What to capture
1. Title screen with personalized builder greeting, avatar customizer, and enter flow.
2. Training Grounds with quest tracker, objective arrow, inventory/equip panel, and archive briefing modal.
3. Tutorial-complete celebration modal followed by the Forge Gate unlocking with glow/particles.
4. "Generating world..." overlay and first arrival in the Forge with ambient audio/combat visible.
5. Two-player multiplayer moment showing nearby builders chip, live chat, and a remote nameplate ping.
| **Quests** | Multi-chapter campaign through every world |
| **Multiplayer** | BroadcastChannel (same-machine) + WebSocket (any-device) via Cloudflare Worker + Durable Object hub. World-scoped fan-out, server-pushed live counts, 5 Hz presence with skip-when-still, token-bucket rate limit. |
| **LLM dialog** | Free-form chat with each NPC — type into the dialog box, gets persona-wrapped LLM reply via `/api/playground-npc`. Falls back gracefully if the gateway is offline. |
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.