One week after the v0.17.0 Reach Release — 1,475 commits and 245 contributors — Nous Research didn’t pause. On June 26, 2026, a quality sprint landed on main with a redesigned Desktop clarify panel, two security fixes, and config validation that catches one of the project’s longest-standing silent failure modes.
Desktop Clarify Gets a Full Redesign
The inline clarify prompt — the panel Hermes shows when it needs a mid-turn clarifying question — got a complete visual and functional overhaul (PR #52993, by Brooklyn Nicholson). The old version used its own card tokens and an animated ring, out of step with every other tool row. The new version rebuilds it on shared --ui-* and --conversation-* design tokens.
The result: a compact panel with letter-key badges (A/B/C…) that double as keyboard shortcuts, an inline “Other” field using CSS field-sizing (no layout shift on focus), and a Continue button so picking an option selects rather than auto-sends.
A companion fix addresses a subtle bug: clarify prompts were treated as “in-flight” turns, so the thinking timer kept ticking and Esc would discard the question. Now the prompt is recognized as awaitingInput, suppressing the stall indicator and disarming Esc while waiting for your answer.
Teknium Patches the Invisible Unicode Gap
A security fix from Nous Research’s Teknium closed a gap in the cron runtime’s prompt injection tripwire. The cron scanner used a 10-character invisible-unicode set while the install-time scanner flagged 17. Missing: U+2062–U+2064 (invisible math operators) and U+2066–U+2069 (directional isolates). A directive like ignore<U+2063> all previous instructions could slip past the cron gate while being caught at install time.
The fix imports the canonical set from threat_patterns.INVISIBLE_CHARS so the two scanners can never drift apart. Issue #35075, closed.
Silent Tool Failures Get Loud
One of the project’s oldest silent failure modes — issue #38798 — finally got resolved. An invalid toolset name in platform_toolsets (for example, hermes instead of hermes-cli) would silently return an empty tool list. The agent degraded to text-only replies with no error, warning, or log entry.
The fix, salvaged from contributor lEWFkRAD’s PR and shepherded by kshitijk4poor, surfaces warnings during config migration and at runtime when a platform’s toolset list is entirely invalid. A new helper (toolset_validation.py) ships with nine test cases. Now an agent that loses its tools tells you why.
Circuit Breaker for Security Module Crashes
A second security fix adds a circuit breaker to the tirith security module — if it crashes, the agent no longer hangs indefinitely but fails gracefully. Combined with a fallback for invalid auxiliary provider responses, the sprint makes Hermes more resilient to edge-case failures that compound over time.
The Pace Continues
Seven days after the largest release in Hermes history, the quality sprint shows no slowdown. The Desktop app gets daily-driver polish. The security surface hardens steadily. And a config bug that silently disabled tools finally gets the warning it deserved.
Hermes Agent isn’t just shipping features fast — it’s shipping the quality that makes features trustworthy.