Hermes adds structured HTTP and argv tools to escape the bash-quoting trap
The strongest Hermes update in this window is a practical tool-runtime fix: stop forcing every machine-shaped action through `bash -c`. PR #25861 adds a structured `http` tool using `httpx.Client` with explicit method, URL, headers, JSON/body, params, and timeout fields, after production telemetry showed a single apostrophe in a JSON payload breaking shell quoting and triggering repeated retries. PR #25864 adds an argv-list form to the terminal tool so commands can run with `shell=False` and byte-for-byte arguments instead of a shell-safe string. PR #25862 then teaches the existing terminal path to recognize bash parse errors such as unexpected EOF and return an actionable hint pointing to the structured HTTP tool or safer quoting forms. The surrounding reliability work is also operator-relevant: issue #25859 documents two separate clarify timeout keys that make CLI/TUI sessions auto-decide after 120 seconds even when gateway clarify timeout is raised; PR #25856 fixes Telegram slash-confirm previews that silently fail on Markdown-sensitive characters; #25857 keeps migrated Codex `default_permissions` as a true top-level TOML key; #25858 skips admin-gated LiteLLM `/v1/models/{model}` probes for unrecognized servers; and #25624 stops deterministic MCP OAuth failures from repeatedly opening browser auth flows.
Shell quoting is a bad serialization layer for agent tool calls. Moving HTTP and argv-shaped work into structured arguments reduces retry loops, accidental command mutation, and approval ambiguity, while the clarify and Telegram fixes target the moments where users are waiting for the agent to ask or confirm something.
- PR #25861 says production telemetry saw JSON apostrophes break `bash -c` quoting and repeatedly retry a PATCH flow
- PR #25864 adds an `argv` sibling parameter that runs with `subprocess.Popen(..., shell=False)`
- PR #25862 detects terminal parser failures with return code 2 and returns an `_hint` toward structured tools or safer quoting
- Issue #25859 documents `agent.clarify_timeout` for Gateway and `clarify.timeout` for CLI/TUI with different defaults, 600 vs 120 seconds
- PR #25856 escapes Telegram slash-confirm previews through `format_message()` after raw Markdown caused swallowed `BadRequest` errors
- PR #25857 prevents Codex `default_permissions` from being nested under the previous TOML table during migration
- PR #25858 avoids LiteLLM proxy-admin model-detail probes on every turn for unrecognized local servers
- PR #25624 treats initial MCP OAuth/auth failures as terminal for that connection attempt instead of retrying browser prompts
- Structured tools change model habits; prompts and examples need to teach when to avoid raw terminal strings
- The argv path still executes commands, so approval display should show exact argv elements clearly
- Clarify timeout behavior remains split until configuration and docs are unified