Hermes exposes another last-mile boundary problem: system notices and background memory need tenant-aware gates

The shared theme is boundary discipline after the visible answer is done. Messaging gateways need to know which notices are safe for customers, and background reviewers need to inherit the same profile scope as the user-visible run. Otherwise “helpful” platform messages or memory maintenance can leak implementation details, confuse clients, or write private context into the wrong home. That is a real production concern for agencies and teams running one agent stack across several channels or profiles.

• PR #24365 lists concrete leaked WhatsApp / Discord messages, including no-home-channel notices, session resets, dangerous-command approval prompts, and assistant narration
• The same PR implements suppress_system_messages checks in the gateway paths that previously required manual deployment patches
• PR #24392 identifies a WebUI race where process-level HERMES_HOME is restored before a background review thread constructs its AIAgent
• PR #24392 adds a thread-local Hermes home override so post-turn background review stays scoped to the parent run profile
• PR #24376 reuses display.bell_on_complete to alert CLI users when dangerous command approval is waiting

• These are open PRs rather than a tagged Hermes release
• suppress_system_messages must be tested per platform because each gateway path can have its own delivery helper
• Profile-home isolation reduces one race but teams still need explicit tenant separation, backup review, and audit trails for shared installations