Add modular group-chat mention routing helpers for the reserved @all token, route it to every non-sender agent, and strip routing tokens before model input.
Expose @all in mention autocomplete, highlight it in group messages, reserve literal all agent names, and cover boundary/partial-match regressions with tests.
* feat: support profile-aware group chat bridge flows
* feat: route cron jobs through hermes cli
* Fix group chat routing and isolate bridge tests
* Add Grok image-to-video media skill
* Default Grok videos to media directory
* Fix bridge profile fallback and cron repeat clearing
* Refine bridge chat and gateway platform handling
* Filter bridge tool-call text deltas
* Preserve structured bridge chat history
* Prepare beta release build artifacts
* Fix Windows run profile resolution
* Fix Windows path compatibility checks
* Fix profile-scoped model page display
* Hide Windows subprocess windows for jobs and updates
* Hide Windows file backend subprocess windows
* Avoid Windows gateway restart lock conflicts
* Treat Windows gateway lock as running on startup
* Force release Windows gateway lock on restart
* Tighten Windows gateway lock cleanup
* Update chat e2e source expectation
* Bump package version to 0.5.30
---------
Co-authored-by: Codex <codex@openai.com>
- custom_providers: always use user's base_url instead of
PROVIDER_PRESETS matching by name that overwrites local URLs
- JobFormModal: dynamically add connected platform channels
(Telegram, Discord, Slack, WhatsApp, Matrix, WeChat, WeCom,
Feishu, DingTalk) to job deliver target dropdown
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Revert the dynamic import() for i18n locales and highlight.js core+
registration from #696. Dynamic imports create separate chunk files
that cause 404 errors for users after updating when the browser still
references old chunk hashes.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* feat(bridge): refactor compression to use DB history and add structured logging
- Extract buildDbHistory() to share message loading between buildCompressedHistory and forceCompressBridgeHistory
- forceCompressBridgeHistory now reads from local DB instead of using Python-provided messages, ensuring consistency with api_server path
- Pass sessionId to compressor for snapshot-aware compression
- Add force_compress flag to bridge chat requests
- Add bridgeLogger structured logging for compression lifecycle
- Simplify schemas, session-sync, and providers
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix bridge compression history handling
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* feat: add CLI chat sessions with Python agent bridge
Introduce a new CLI chat mode that connects Web UI directly to Hermes
Agent's AIAgent via a Python bridge subprocess and Socket.IO, bypassing
the API Server /v1/responses path. Supports streaming, slash commands
(/new, /undo, /retry, /branch, /compress, /save, /title), interrupt,
and steer.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* feat: update CLI chat session bridge
* fix: extend agent bridge startup timeouts
* docs: update bridge chat session design
* feat: align bridge compression and provider registry
* chore: bump version to 0.5.20
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
- visualize input, output, and cache token segments in usage charts
- add usage period selector for 7d, 30d, 90d, and 365d
- guard usage stats against stale overlapping period requests
- normalize blank model usage into unknown buckets
- add client and server coverage for usage analytics behavior
* feat(models): add WUI model display aliases
Persist display-only model aliases in Web UI app config, surface them in the model selector/search, and keep canonical model IDs for Hermes calls.
* fix(models): improve WUI model alias editing
* fix(models): clarify unlisted model picker
* fix(models): scope aliases to providers
* feat(models): add WUI model visibility filter
Store provider model visibility in Web UI app config and filter the WUI model picker/model page without rewriting Hermes CLI config or canonical model IDs.
* fix(models): sync sidebar after visibility changes
* feat: add comic/doodle theme style with local font
Add a new "comic" theme style that applies hand-drawn aesthetics (Comic Neue
font, bold borders, heavy font weight) while keeping the original light/dark
background colors. Font files are bundled locally to avoid Google Fonts CDN
dependency.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: update DisplaySettings to use renamed theme API and update brand assets
Rename mode/setMode/ThemeMode to brightness/setBrightness/BrightnessMode
to match the refactored useTheme composable. Update favicon and logo.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
- Fix kanban loading spinner flickering on auto-refresh (silent mode)
- Fix group chat room-list transparent background on mobile
- Fix group chat sidebar auto-opening on mobile entry
- Fix page-header title overlapped by hamburger button on mobile
- Move hamburger button position to top: 10px
- Add changelog note about upgrading hermes-agent for kanban support
- Add i18n translations for all 8 locales
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix: support run approval prompts in chat
* fix(chat): render approval prompts
* fix(chat): dedupe approval pattern labels
* chore: sync approval flow with current main
- update Hermes Agent approval support guidance to PR #21899
- initialize Hermes table schemas in session-sync tests
* feat: add IP-based login brute-force protection
- Per-IP rate limiting: 3 failed login attempts locks the IP for 1 hour
- Separate counters for password login and token auth
- Global safety net: 20 req/min, hard lock after 50 total failures
- Persistent lock state to ~/.hermes-web-ui/.login-lock.json (survives restarts)
- Manual unlock: edit or delete the lock file
- Frontend handles 429/503 responses with localized error messages
- i18n support for 8 languages
* feat: add locked IP management endpoint and UI
- GET /api/auth/locked-ips: list all currently locked IPs (protected)
- DELETE /api/auth/locked-ips/:ip: unlock a specific IP (protected)
- DELETE /api/auth/locked-ips: unlock all IPs (protected)
- AccountSettings: shows locked IPs with remaining time, unlock buttons
- i18n support for 8 languages
- Clean up stale .js artifacts, add .gitignore rule
* fix: cross-type IP lock and IPv6-compatible unlock route
- Password and token login now share IP lock state: if an IP is locked
by either method, ALL auth methods are blocked for that IP
- Changed unlock endpoint from path param to query param (?ip=xxx) to
support IPv6 addresses containing colons
- Merged unlockIp and unlockAll into a single handler
* chore: increase global login rate limit from 20 to 100 requests per minute
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: ekko <fqsy1416@gmail.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
FUN-Codex: add GPT models (5.5, 5.4, 5.4-mini, 5.3-codex, 5.3-codex-spark)
FUN-Claude: replace with actual Claude models from API (opus-4-7 down to 3-5-haiku)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
TerminalPanel was connecting on mount even when the drawer was closed
and the terminal tab was inactive. Combined with reconnectAttempts
resetting on every ws.onopen, this caused infinite reconnection loops
that spawned PTY processes until system limits were hit.
- Pass `visible` prop to TerminalPanel, only connect when terminal tab
is actually shown
- Move reconnectAttempts reset from ws.onopen to "created" handler so
only successful PTY creation resets the counter
- Remove unused onMounted import
Fixes#509
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
ekko