Skip to content
MyAI Guide
Newsletter
Featurehermes-agent

Hermes Agent v0.5.0 expands to 400+ models and adds supply-chain hardening

By Harsh Desai

TL;DR

Hermes Agent v0.5.0 (The Hardening Release) shipped March 28, 2026. Nous Portal now routes to 400+ models through one endpoint. Hugging Face becomes a first-class inference provider. Telegram gets private chat topics with per-topic skill binding. Plugin lifecycle hooks activate. Supply-chain hardening removes a compromised dep, pins version ranges, and adds CI scanning.

What changed

What shipped

Hermes Agent v0.5.0 (The Hardening Release) on March 28, 2026.

400+ models on Nous Portal

Nous Portal now routes to 400+ models through a single provider endpoint. One subscription, one integration, the full frontier model market. This is Hermes's answer to OpenRouter for subscribers who want the managed option.

Hugging Face as first-class provider

Hugging Face is now a first-class inference provider rather than a workaround. A setup wizard walks you through API key entry, a live /models endpoint probe confirms connectivity, and a curated agentic model picker maps HF models to their OpenRouter analogues so you can pick the right one for the task.

Telegram private chat topics

Telegram now supports project-based conversations with functional skill binding per topic. Run your work project in one topic, your personal assistant in another, your finance agent in a third, all inside one chat. Each topic gets its own skill context and isolated workflow.

Plugin lifecycle hooks

Four plugin hooks activated in the agent loop and CLI/gateway:

  1. pre_llm_call: run before any LLM call, good for token budgeting or redaction.
  2. post_llm_call: run after, good for logging or validation.
  3. on_session_start: initialisation tasks when a new session begins.
  4. on_session_end: cleanup when a session ends.

Supply-chain hardening

  • Removed the compromised litellm dependency.
  • Pinned all dep version ranges (no more "install what's latest" surprises).
  • Regenerated uv.lock with hashes for reproducible builds.
  • Added CI scan for supply-chain attack patterns.

Given the 2025 litellm compromise, this is a deliberate response: no external dependency whose security posture you cannot verify.

Availability

Standard upgrade path. The litellm removal is transparent (existing calls route through Hermes's native provider interfaces).

Who this matters for

  • Vibe Builder: 400+ models through one Nous Portal subscription. Telegram private chat topics let you organise your agent into per-project contexts without multiple bots.
  • Basic User: Supply-chain hardening is the invisible win. Keep using Hermes; it is safer against dependency-chain attacks after v0.5.0.
  • Developer: Plugin lifecycle hooks (pre/post LLM, session start/end) let you add PII redaction, token budgeting, or logging without forking. Pinned dep version ranges and hashed uv.lock for reproducible builds.

What to watch next

The supply-chain hardening is the story most people will skip over. Removing litellm is not a small call: litellm is widely used as the "adapter for every model provider" library, and dropping it means Hermes had to implement its own adapter layer for every provider. The team made that choice deliberately after the 2025 litellm compromise. For anyone running Hermes against production data, this is the risk-posture move that matters most.

Nous Portal at 400+ models is the subscription economics play. One subscription, one integration, access to the full frontier model market: this is Hermes's answer to OpenRouter for users who prefer the managed path. The pricing determines whether it becomes the default choice or stays a convenience option, but the architecture is ready.

Telegram private chat topics is a surprisingly powerful UX pattern. Rather than spinning up multiple bots (one per project), you spin up one bot and give it topic-scoped memory and skills. For anyone using Telegram as their primary Hermes interface, this is the organising primitive that was missing.

Plugin lifecycle hooks are the extensibility foundation the ecosystem needs. Pre and post LLM hooks let you implement token budgeting, PII redaction, logging, cost tracking, all without modifying Hermes itself. Expect a wave of community plugins exploiting these hooks in the coming weeks.

by Harsh Desai

Source:github.com

About hermes-agent

View the full hermes-agent page →All hermes-agent updates

More from hermes-agent

  • Feature
    Hermes Agent v0.4.0 adds OpenAI-compatible API, 6 messaging platforms, and @file context

    Hermes Agent v0.4.0 (The Platform Expansion Release) shipped March 24, 2026. It exposes Hermes as a drop-in OpenAI-compatible /v1/chat/completions endpoint, adds 6 new messaging adapters (Signal, DingTalk, SMS via Twilio, Mattermost, Matrix, Webhook) bringing the count to 9, introduces @file and @url context injection, adds 4 new inference providers, and enables gateway prompt caching by default.

  • Feature
    Hermes Agent v0.6.0 lands profiles, MCP server mode, and official Docker container

    Hermes Agent v0.6.0 (The Multi-Instance Release) shipped March 30, 2026. Profiles let you run multiple isolated Hermes instances from one install. MCP Server Mode exposes the agent's conversations and sessions to Claude Desktop, Cursor, VS Code, and any MCP client. Official Docker container, two new messaging platforms (Feishu/Lark, WeCom), and an ordered fallback provider chain round out the release.

  • Feature
    Hermes Agent v0.7.0 adds pluggable memory, credential pools, and Camofox stealth browser

    Hermes Agent v0.7.0 (The Resilience Release) dropped April 3, 2026. It opens memory as an extensible plugin system (Honcho as the reference implementation), adds same-provider credential pools with automatic 401 rotation, integrates the Camofox anti-detection browser, and exposes ACP so VS Code, Zed, and JetBrains can register their MCP servers through the agent.