* feat: add CLI chat sessions with Python agent bridge
Introduce a new CLI chat mode that connects Web UI directly to Hermes
Agent's AIAgent via a Python bridge subprocess and Socket.IO, bypassing
the API Server /v1/responses path. Supports streaming, slash commands
(/new, /undo, /retry, /branch, /compress, /save, /title), interrupt,
and steer.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat: update CLI chat session bridge
* fix: extend agent bridge startup timeouts
* docs: update bridge chat session design
* feat: align bridge compression and provider registry
* chore: bump version to 0.5.20
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
The regex `^(\w[\w\s]*?)` could not match keys containing dots (`.env`,
`SOUL.md`), so `hasEnv` and `hasSoulMd` were always `undefined` → false.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
- visualize input, output, and cache token segments in usage charts
- add usage period selector for 7d, 30d, 90d, and 365d
- guard usage stats against stale overlapping period requests
- normalize blank model usage into unknown buckets
- add client and server coverage for usage analytics behavior
Add comprehensive debug logging throughout the gateway lifecycle to
help troubleshoot nodemon restart issues on Windows, where SIGTERM
is used instead of SIGUSR2.
Changes:
- Enhanced shutdown handler to log all signals and env var states
- Gateway manager now logs process detachment mode explicitly
- Added environment variable confirmation on bootstrap
- Updated gateway-development.md with new debug logs and troubleshooting steps
Benefits:
- Easier troubleshooting of gateway lifecycle issues
- Clear visibility into signal handling during nodemon restarts
- Better cross-platform development experience
- Production behavior remains unchanged
Testing:
- ✅ Windows: Gateways persist across nodemon restarts
- ✅ macOS/Linux: Existing SIGUSR2 behavior preserved
- ✅ Production: Default shutdown cleanup unchanged
- ✅ Backward compatibility: No breaking changes
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Set HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN=0 in nodemon.json so
nodemon restarts don't kill running gateways. Production behavior
unchanged (stops owned gateways by default).
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
- Refactor port detection into reusable getListeningPids/killListeningPids
- Add ss command fallback when lsof is unavailable
- Extract readPidFile for cleaner PID file reading
- Remove unnecessary PowerShell candidate from Windows shell detection
- Add PID validity check in gateway_state.json fallback (Number.isFinite + > 0)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
- Emit tool.started on response.output_item.added instead of .done
- Track startedAt timestamp for each tool call to calculate duration
- Include duration (2 decimal places) and error status in tool.completed
- Fix response.completed fallback to emit tool.started before tool.completed
- Update website license from MIT to BSL-1.1
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Two issues prevented the gateway from starting in docker-compose:
1. gateway-manager used 'hermes-agent' as default host when running inside
a container, causing startAll() to skip gateway startup (remote host
guard) and proxy requests to an unreachable hostname. Changed to use
GATEWAY_HOST env var with fallback to '127.0.0.1' so the webui container
manages its own gateway via the shared hermes binary.
2. hermes refuses to run as root inside the official Docker image. The
hermes-webui container overrides the entrypoint (bypassing the privilege-
drop script), so the node process runs as root. Added
HERMES_ALLOW_ROOT_GATEWAY=1 to docker-compose.yml to allow this.
- copilot-models.ts: add windowsHide to `gh auth token` call
- file-provider.ts: add shared execOpts with windowsHide for all
docker/ssh/singularity calls
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* feat(models): add WUI model display aliases
Persist display-only model aliases in Web UI app config, surface them in the model selector/search, and keep canonical model IDs for Hermes calls.
* fix(models): improve WUI model alias editing
* fix(models): clarify unlisted model picker
* fix(models): scope aliases to providers
* feat(models): add WUI model visibility filter
Store provider model visibility in Web UI app config and filter the WUI model picker/model page without rewriting Hermes CLI config or canonical model IDs.
* fix(models): sync sidebar after visibility changes
Use independent OPENCODE_ZEN_API_KEY and OPENCODE_GO_API_KEY
instead of shared OPENCODE_API_KEY, preventing cross-provider config coupling.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: comprehensive Windows compatibility and gateway management improvements
This commit addresses multiple Windows compatibility issues and improves
gateway management across all platforms.
## Windows Compatibility Fixes
- Add hermes-path.ts with cross-platform Hermes home/bin detection
- Fix Windows native installation paths (%LOCALAPPDATA%\hermes)
- Update terminal.ts to use PowerShell instead of /bin/bash on Windows
- Fix upload.ts path construction to use path.join() for cross-platform paths
- Fix download.ts to use isAbsolute() for Windows absolute path detection
- Update auth.ts to skip file mode 0o600 on Windows (unsupported)
- Add nodemon.json for cross-platform environment variable handling
## Gateway Management Improvements
- Simplify gateway startup: all platforms use 'run' mode uniformly
- Remove complex init system detection and platform-specific code paths
- Improve PID file validation: use health check instead of port detection
- Remove getPortByPid() method (too complex and error-prone)
- Remove checkPortAvailable() TCP bind test (TIME_WAIT false positives)
- Trust gateway --replace flag to handle real port conflicts
- Add smart PID validation: check if stale process via health check
- Fix port allocation to avoid incrementing when gateway restarts
- Add allocatedPorts.clear() on each startAll() call
- Add clearPidFile() method to clean up stale PID files
## Process Management
- Remove detached:true and unref() from gateway spawn
- Gateway processes now follow parent process lifecycle
- Add process reference storage in ManagedGateway interface
- Improve shutdown logic: call gatewayManager.stopAll() before exit
- Fix Windows process killing: use process.kill(pid) for Windows
- Remove PowerShell command for lock file cleanup (use Node.js fs.unlinkSync)
## Frontend Theme Fixes
- Fix main.ts localStorage key mismatch (hermes_theme → hermes_brightness)
- Add inline script in index.html to prevent FOUC (Flash of Unstyled Content)
- Apply theme classes before Vue mount to avoid visual glitches
## Developer Experience
- Fix nodemon windows-kill popup on Windows by removing signal config
- Add delay and environment variables to nodemon.json
- Add windowsHide: true to all child process spawns
## Breaking Changes
- Gateway management now exclusively uses 'run' mode on all platforms
- systemd/launchd integration removed (use --replace flag instead)
This fix ensures hermes-web-ui works correctly on Windows native
installations while maintaining compatibility with Linux/macOS/WSL2.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix gateway lifecycle port handling
* fix: comprehensive Windows compatibility and gateway management improvements
- Simplified hermes CLI binary resolution logic
- Fixed Windows line ending compatibility in profile list parsing
- Migrated gateway restart logic from CLI to GatewayManager
- Added gateway restart to updateCredentials method
- Removed unnecessary gateway restarts from provider operations
- Fixed configuration preservation when switching profiles
- Added nodemon quiet mode and legacy watch to reduce Windows popups
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* revert: change back to nodemon due to tsx compatibility issues
- tsx has compatibility issues with Koa generator functions
- Restored nodemon with simplified configuration
- Added cross-env package for future Windows environment variable needs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: replace nodemon with ts-node-dev to eliminate Windows popup windows
- Installed ts-node-dev as nodemon replacement
- ts-node-dev has better Windows compatibility without console popups
- Supports respawning, inspector debugging, and TypeScript compilation
- Uses cross-env for Windows environment variable support
- Removed nodemon.json configuration file (no longer needed)
Benefits:
- No more Windows console popup windows during development
- Faster restart times compared to nodemon
- Built-in TypeScript compilation without ts-node overhead
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: improve log parsing and Windows compatibility for agent/error logs
- Fixed Pino JSON log parsing bug where logger field incorrectly used obj.msg
- Changed logger field to use obj.name to properly display log source
- Added Windows line ending support (\r\n) for log file listing
- Added support for 'error' log type in addition to 'errors'
- Improved error message extraction from obj.err when available
This fixes the missing agent and error logs issue on Windows.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix gateway health checks and shutdown ownership
* Refine auth lock window and dev shutdown
* fix: improve Hermes plugin discovery on Windows by fixing Python path resolution
- Added support for Windows venv Scripts directory structure
- Fixed Python executable path detection for hermes.exe in venv/Scripts/
- Added Windows LOCALAPPDATA hermes-agent directory to search paths
- Improved cross-platform compatibility for plugin discovery
This fixes the "No module named 'hermes_cli'" error on Windows by correctly
locating the Python virtual environment that contains the Hermes modules.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor: improve cross-platform compatibility for Hermes plugin discovery
- Added platform detection to only add Windows-specific paths on Windows
- Prevents potential issues on Unix/Linux/macOS systems
- Ensures LOCALAPPDATA path is only used when available on Windows
- Maintains existing behavior for all platforms
This makes the Windows plugin discovery fix safer for cross-platform usage.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: remove unused development dependencies
- Removed nodemon (replaced by ts-node-dev)
- Removed tsx (had compatibility issues with Koa)
- Removed nodemon.json configuration file
- Cleaned up development tools to only what's actually used
This reduces dependency size and eliminates the windows-kill popup
source that was part of nodemon.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: remove memory system files
- Removed MEMORY.md index file
- Removed memory/ directory and windows-compatibility.md
- Cleaned up unused memory persistence system
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: resolve TypeScript compilation error in plugins.ts
- Added type assertion 'as string[]' after filter(Boolean)
- Fixes TS2769 error: No overload matches this call
- Ensures type compatibility with hasHermesPluginModule function
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: comprehensive Windows compatibility and gateway management improvements
- Fix gateway detection after nodemon restart by adding health check-based detection
- Prevent port conflicts by detecting already-running gateways without PID files
- Switch to serial gateway startup to avoid lock file race conditions
- Return to nodemon from ts-node-dev for development stability
- Always stop gateways on shutdown to prevent orphan processes
- Prevent project root config files from being committed to git
- Fix syntax issues in plugins.ts
Resolves issues where default profile gateway failed to start after
nodemon restart and gateways were incorrectly marked as stopped
despite running on correct ports.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: comic theme multilingual fonts, sidebar collapse fix, plugin discovery for Termux, and cron history
- Add Chinese (ZCOOL KuaiLe), Japanese (Zen Maru Gothic), Korean (Gaegu) handwritten fonts for Comic theme
- Fix collapsed sidebar: hide language switch, stack theme icons vertically
- Add hermes shebang parsing as fallback Python discovery for Termux
- Remove cron source filter from history sessions
- Add 0.5.17 changelog entries for all 8 locales
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: tolerate duplicate YAML keys in config parsing (closes#628)
Add `{ json: true }` to all 7 `yaml.load()` calls so duplicated mapping
keys (e.g. multiple `mcp_servers:` blocks) no longer crash the API.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: gateway ownership check requires PID file to prevent cross-profile port hijacking
Remove fallback that assumed ownership of healthy gateways without PID
verification. Now only claims a gateway if PID file exists and process
is alive, preventing one profile from hijacking another's port.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: lower context compression message threshold from 200 to 150
Reduce the message count threshold that triggers LLM-based context
compression to avoid excessively long histories before compression kicks in.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat: convert image uploads to base64 multimodal format for API
Images sent by users are now read from disk, converted to base64 data
URLs, and sent as input_image parts in the /v1/responses API request
instead of being replaced with text placeholders. File attachments remain
as text mentions.
- convertContentBlocks returns multimodal array instead of plain text
- Input is wrapped in [{role:"user", content:[...]}] format for gateway
- History conversion extracts text only (no base64 in conversation_history)
- Add debug logging for request input preview
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: remove debug console.log from chat-run-socket
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Remove run.text accumulator and insertResponseTextOnce that caused
text blocks before and after tool calls to be concatenated into a
single message. Now response.output_text.done only sets finish_reason
without overwriting delta-accumulated content.
- Remove run.text, textInserted from ResponseRunState
- Remove insertResponseTextOnce method
- output_text.done only marks finish_reason='stop' on last message
- response.completed no longer calls insertResponseTextOnce
- Add 7 tests covering flush, abort, and multi-block text separation
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Defer all non-user message DB writes until response completion or
abort, instead of writing tool calls immediately during streaming.
This ensures correct message ordering and prevents the abort handler
from overwriting displayed messages with incomplete DB data.
- Remove immediate addMessage() calls from response.output_item.done
- Remove immediate addMessage() from insertResponseTextOnce
- Add flushResponseRunToDb() to batch-write all run messages on
both normal completion (markCompleted) and abort (handleAbort)
- Skip user messages in flush (already written in handleRun)
- Remove refreshActiveSession() from abort.completed frontend handler
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* refactor: migrate from /v1/runs to /v1/responses streaming API
Replace EventSource-based polling with direct SSE streaming via the
/v1/responses endpoint across all server-side callers (chat-run-socket,
context-compressor, gateway-client, agent-clients). Messages are now
written to DB in real-time during streaming, eliminating post-run sync.
Frontend chat store adds tool_call_id tracking for deduplication.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: bump version to 0.5.16 and add changelog
- Persist real API usage to usage table on response.completed
- Remove unused codex_reasoning_items field from message schema
- Fix unused variable warnings in chat-run-socket
- Bump version to 0.5.16
- Add changelog entries for 0.5.16 (8 locales)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
- Auto-detect Docker container environment and use service name
'hermes-agent' as default host instead of 127.0.0.1
- Replace hardcoded column names with SELECT * in session DB queries
to compat with older Hermes agent state.db schemas
- Remove unused UPSTREAM env var from docker-compose.yml
- Include err.message in syncFromHermes failure logs
- Add group chat rule to prevent self-mentioning
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: support run approval prompts in chat
* fix(chat): render approval prompts
* fix(chat): dedupe approval pattern labels
* chore: sync approval flow with current main
- update Hermes Agent approval support guidance to PR #21899
- initialize Hermes table schemas in session-sync tests
* feat: add IP-based login brute-force protection
- Per-IP rate limiting: 3 failed login attempts locks the IP for 1 hour
- Separate counters for password login and token auth
- Global safety net: 20 req/min, hard lock after 50 total failures
- Persistent lock state to ~/.hermes-web-ui/.login-lock.json (survives restarts)
- Manual unlock: edit or delete the lock file
- Frontend handles 429/503 responses with localized error messages
- i18n support for 8 languages
* feat: add locked IP management endpoint and UI
- GET /api/auth/locked-ips: list all currently locked IPs (protected)
- DELETE /api/auth/locked-ips/:ip: unlock a specific IP (protected)
- DELETE /api/auth/locked-ips: unlock all IPs (protected)
- AccountSettings: shows locked IPs with remaining time, unlock buttons
- i18n support for 8 languages
- Clean up stale .js artifacts, add .gitignore rule
* fix: cross-type IP lock and IPv6-compatible unlock route
- Password and token login now share IP lock state: if an IP is locked
by either method, ALL auth methods are blocked for that IP
- Changed unlock endpoint from path param to query param (?ip=xxx) to
support IPv6 addresses containing colons
- Merged unlockIp and unlockAll into a single handler
* chore: increase global login rate limit from 20 to 100 requests per minute
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: ekko <fqsy1416@gmail.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
The connect() method defaulted to port 8648, causing websocket connection
refused errors when the server was started with a custom port via
`hermes-web-ui start <port>` or PORT env var. Now reads from process.env.PORT.
Closes#536
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
FUN-Codex: add GPT models (5.5, 5.4, 5.4-mini, 5.3-codex, 5.3-codex-spark)
FUN-Claude: replace with actual Claude models from API (opus-4-7 down to 3-5-haiku)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
PR #470 changed the default listen host to undefined, letting Node.js
bind to IPv6 :: on systems that support it. This broke WSL2 where IPv6
dual-stack is unreliable — the server binds to :: but IPv4 127.0.0.1
connections fail, causing the health check to time out.
Revert to 0.0.0.0 as the default. Users who need IPv6 can set
BIND_HOST=:: explicitly.
Fixes#518
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* feat: add session export with full and compressed modes
Add export functionality that allows users to download session data
as JSON or plain text, with optional LLM-based context compression
for long conversations. Includes UI controls in chat panel, session
list, and history view, plus i18n strings for all 8 locales.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: close SQLite DB on shutdown to prevent lock conflicts on restart
The shutdown handler did not close the SQLite connection, leaving the
database locked when nodemon restarted the process. This caused the new
process to fail DB init, trigger the recovery path (delete + recreate),
and re-sync all sessions from Hermes on every dev restart.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Add export functionality that allows users to download session data
as JSON or plain text, with optional LLM-based context compression
for long conversations. Includes UI controls in chat panel, session
list, and history view, plus i18n strings for all 8 locales.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
ekko