Hermes is tightening the places where profiles, skills, and voice sessions can corrupt agent behavior
The freshest Hermes activity is a useful cluster for anyone relying on profiles and skills rather than a single vanilla agent. PR #25150 fixes a destructive profile install/update path: `_copy_dist_payload` used `rmtree` plus `copytree`, so updating a distribution could delete locally installed skills even though a distribution-owned manifest existed. Issue #25113 and PR #25143 cover the other side of skill hygiene: `.bak-*` and backup directories could be discovered as real skills, so a stale v2 backup could load instead of the live v3 skill. PR #25151 adds `HERMES_REAL_HOME` for subprocesses because profile isolation intentionally rewrites `HOME`, but helpers that need the real `~/.hermes` path were resolving the isolated profile home instead. PR #25142 fixes a voice-input failure mode where STT setup chatter was injected into the LLM-visible prompt and persisted in history, causing later successful voice messages to keep receiving irrelevant STT setup replies. Around the edge, #25132 gates Telegram profile bots by allowed forum topics, #25149 removes unnecessary `shell=True` from non-user-authored subprocess calls, and #25144 adds a CI detector for KeyboardInterrupt cleanup regressions.
Profiles and skills are where Hermes becomes personal and team-specific. That also makes them high-risk: deleting a local skill, loading a stale backup, hiding the real home from subprocesses, or persisting failure instructions into chat history can quietly change how the agent behaves. These fixes matter because they protect accumulated operator work, not just one runtime feature.
- PR #25150 says profile install/update used rmtree plus copytree and could delete local skills; it replaces this with additive recursive copy
- Issue #25113 documents backup skill directories such as `.bak-20260510` being discovered before live skills; PR #25143 excludes .bak, .backup, backup, and __pycache__ paths
- PR #25151 injects HERMES_REAL_HOME into execute_code, local terminal/run_env, and Copilot ACP subprocess environments
- PR #25142 reports production behavior where one STT failure made later successful voice turns keep talking about Whisper / Vosk setup because failure templates were persisted in prompt history
- PR #25132 adds Telegram allowed_topics gates for multi-profile forum groups; PR #25149 reduces shell=True in non-user-authored subprocess calls; PR #25144 adds a shutdown cleanup KeyboardInterrupt detector
- Most changes are PRs, so check whether your installed Hermes build includes them before assuming protection
- Additive profile updates preserve local files, but teams still need policy for removing obsolete local skills
- Voice prompt-history cleanup may require starting fresh sessions if previous STT failure text is already persisted