Hermes agent

Hermes Agent Performance Sprint: Adaptive Polling Cuts 1+ Second Per Turn, xAI Web Search Lands, and Security Hardening Touches Down

· The Agent Report · 6 min read
Hermes Agent Performance Sprint: Adaptive Polling Cuts 1+ Second Per Turn, xAI Web Search Lands, and Security Hardening Touches Down
📑 Table of Contents

Two days after the massive v0.14.0 “Foundation” release, the Hermes Agent team has been far from idle. A coordinated performance sprint — four PRs shipping in a single day — delivers the kind of user-visible speed improvements that make the agent feel snappier on every single turn. This rapid iteration pace reflects the maturing open-source agent landscape we track in our Complete Guide to AI Agents. Alongside the perf work, we got a new web search provider (xAI), auto-launch browser support for CDP, critical security hardening around plugin tool overrides, and significant Kanban dashboard improvements.

Let’s dig into what landed on May 19–20.

🚀 The Performance Sprint: What “Feels Faster” Actually Means

The v0.14.0 release added massive surface area — PyPI packaging, native Windows, Grok OAuth — but with that surface area came startup and per-turn overhead. This week’s performance cluster addresses that head-on, with four targeted optimizations that compound into a genuinely faster experience.

1. Adaptive Subprocess Polling — The Biggest Win

PR #29006 is the standout. The _wait_for_process() method in the terminal environment was sleeping a fixed 200ms between polls of the subprocess exit status. For commands that complete in under 50ms — echo, pwd, date, reading or writing small files — the agent was stuck waiting for the next 200ms tick to notice the process had exited.

The fix is elegant: adaptive backoff. Start at 5ms, multiply by 1.5 each iteration up to 200ms. Fast commands (the common case) return in ~6ms. Long-running commands (builds, tests, sleeps) reach the steady-state 200ms poll rate within ~150ms and pay identical CPU after that.

The numbers speak for themselves:

Metric Before After
Median wall per quick tool call 200ms 5ms
3 sequential terminal calls (end-to-end) 5.73s 4.64s (-1.1s)
User-visible tool spinner 0.9s 0.1s

For a typical turn with 4–8 terminal or file calls, that’s ~780ms to ~1.5s saved per turn. Across a multi-turn session, this is the most user-visible “feels faster” improvement in the entire platform history.

“This is the perf win that lands DURING a chat session, not just at startup.” — PR #29006 description

The safety analysis confirms that interrupt handling, timeout checks, and activity callbacks all fire on every iteration — nothing was sacrificed for speed.

2. Deferred Compression Feasibility — 440ms Off Every Cold Start

PR #28957 tackles a subtler but equally impactful overhead. The agent’s constructor was eagerly calling _check_compression_model_feasibility(), which probes the auxiliary provider chain — potentially network-bound — to decide whether the configured auxiliary model can fit a full compression-threshold window. That cost ~440ms on every single agent construction.

The problem? Most chat -q invocations finish in 1–5 seconds and never accumulate enough context to trip the compression threshold. The feasibility check was pure overhead for the vast majority of sessions.

The fix defers the check to just-in-time — it only runs on the first compression attempt, and the result is cached for the agent’s lifetime. End-to-end timing shows:

Metric Before After Delta
Median wall (2-turn chat) 2.03s 1.86s -169ms
Min wall (cleanest signal) 1.92s 1.63s -293ms

The trade-off is clean: users with broken auxiliary provider config no longer see a warning at session start — they see it when compression first fires, which is exactly when it matters.

3. Deferred Import + Hot-Path Optimization

Two supporting PRs round out the cluster:

  • #28864: Defers the openai._base_client import, cutting 240ms / 17MB off every CLI cold start.
  • #28866: Three targeted hot-path rewrites that cut 47% of per-conversation function calls — the CPU-side complement to the wall-clock wins above.

Taken together, these four PRs transform the startup and per-turn latency profile of Hermes Agent without changing a single behavior or API contract.

🌐 xAI Web Search: A New Provider Plugin

PR #29042 adds xAI Web Search as a bundled web-search provider plugin — slotting in alongside Brave, Tavily, Exa, Firecrawl, SearXNG, and DuckDuckGo.

Key design decisions:

  • No new credentials: Reuses the existing xAI Grok OAuth / XAI_API_KEY plumbing. Opt in via web.backend: xai in config.yaml.
  • Cheap availability probe: is_available() is a lightweight env-var or auth.json read — never invokes the OAuth resolver. This is critical because it runs on every hermes tools repaint.
  • Graceful 401 recovery: If OAuth credentials expire mid-session, a single force_refresh=True retry fires. ENV-var credentials (which can’t refresh) skip this.
  • Three-tier result parsing: JSON block → url_citation annotations → top-level citations, ensuring broad compatibility with xAI’s response format.

The provider ships with 39 tests and documentation in #29052, which also notes that X Premium+ unlocks Grok OAuth access.

🌐 Browser Auto-Launch: Chromium-Family CDP

PR #29106 upgrades the /browser connect experience. Previously, users had to manually launch a Chrome instance with remote debugging flags. Now Hermes Agent auto-launches Chrome, Chromium, Brave, or Edge:

  • Priority order: Chrome → Chromium → Brave → Edge, tested via explicit install paths on Linux, macOS, and Windows.
  • Better readiness check: The CDP probe was upgraded from a raw TCP connect (which could match random port 9222 listeners) to a real /json/version HTTP probe.
  • Multi-platform paths: Covers /opt/google/chrome, /snap/bin/brave, /opt/brave.com/..., /opt/microsoft/msedge/..., and their Windows/macOS equivalents.

All docs, tool descriptions, and CLI/TUI messaging were updated from “Chrome-only” to “Chromium-family” wording. 36 tests cover candidate detection, fallback launches, and endpoint probing.

🔒 Security Hardening: Plugin Tool Override Gate

PR #29249 closes a HIGH-severity (CVSS 8.0) vulnerability in the plugin system. The tool_override flag — which lets plugins replace built-in tools with custom implementations — had no trust gate. Any enabled plugin could silently override shell_exec, read_file, write_file, or any other built-in tool, with only a DEBUG-level log line as evidence.

The attack scenario is straightforward:

  1. A user installs a community plugin from a non-bundled source
  2. The plugin calls register_tool(name="shell_exec", ..., override=True)
  3. The evil handler wraps the real implementation but exfiltrates command + output to an attacker-controlled endpoint
  4. Every subsequent shell_exec call — including ones triggered by the user’s own prompts — leaks data silently

The fix mirrors the allow_provider_override pattern from PR #23194: a new allow_tool_override: true config option that operators must explicitly set per plugin. Bundled plugins (shipped with Hermes core) are exempt — they’re already trusted by release review.

plugins:
  entries:
    my_plugin:
      allow_tool_override: true

The system fails closed — if config.yaml can’t be read, overrides are denied. The error message tells the operator exactly which config key to set.

This isn’t the only security PR in the batch: #29230 applies user allowlisting and delimiter escaping to Discord channel backfill (preventing prompt injection), and #29242 restricts Kanban clean-up operations to paths within the scratch root.

📋 Kanban Dashboard: Task Outcomes and Blocked Context

Two PRs from the Kanban workstream landed together:

  • #29247 adds a summary-tree payload for selected tasks, surfacing result/handoff text, latest run summary, subtask status/progress, and important comments. Blocked tasks now surface structured context: reason, missing info, and the latest relevant comment. Artifact availability metadata renders unavailable paths as explicit empty states instead of misleading open/copy actions.
  • #29253 shows idle profiles on disk as lanes in the dashboard, giving operators a complete view of all profiles regardless of whether they’re currently running tasks.

🐛 Other Notable Fixes

A wave of smaller fixes rounded out the two days:

  • Voice transcription now works for native voice notes on Discord, DingTalk (#28993), and Feishu/Lark (#29235)
  • xAI OAuth security fix (#28952): pins the inference base_url to the x.ai origin (P0 severity)
  • Nix packaging (#28964): packages apps/desktop as .#desktop for NixOS users
  • browse.sh adapter (#28936): salvages the BrowseShSource adapter for browse.sh integration
  • TUI/termux-gate (#28910): scrollback preservation and touch-friendly defaults

Looking Ahead

The v0.14.0 “Foundation” release was about surface area — new platforms, new providers, new integrations. This two-day sprint is about tightening the bolts: making everything already shipped feel faster, work more securely, and integrate more smoothly. The adaptive polling change alone transforms the daily experience of every Hermes Agent user, and the plugin security hardening reinforces the platform’s commitment to safe extensibility. Meanwhile, the community ecosystem has exploded to 276 documented use cases and 165K GitHub stars, with profile distributions now enabling one-command agent sharing via Git.

With the xAI Web Search provider filling a natural gap, browser auto-launch removing friction from CDP workflows, and Kanban gaining real task-introspection capabilities, the platform is maturing rapidly. We’re watching for the next tagged release — likely v0.14.1 or a v0.15.0 — to bundle all of this together.

Coverage based on PRs merged to NousResearch/hermes-agent on May 19–20, 2026. Full changelog: v2026.5.16…main