Pluginify provider/platform/terminal backends

Move provider adapters (anthropic, bedrock, azure-foundry), platform adapters (telegram, slack, discord, feishu, dingtalk, matrix), and terminal backends (daytona, modal, vercel) into standalone uv workspace plugin packages under plugins/. Wire-format code shared between core and providers lives in agent/anthropic_format.py + agent/anthropic_aux.py + agent/transports/. No plugin→plugin deps; shared wire-format code belongs in core. CI: uv sync --all-extras for all plugin deps including matrix. [all] extra intentionally excludes lazy-installable deps.
2026-06-11 20:58:51 +08:00 · 2026-06-02 15:26:29 -04:00
1004 changed files with 17963 additions and 146315 deletions
--- a/.env.example
+++ b/.env.example
@@ -417,9 +417,9 @@ IMAGE_TOOLS_DEBUG=false
 # Default STT provider is "local" (faster-whisper) — runs on your machine, no API key needed.
 # Install with: pip install faster-whisper
 # Model downloads automatically on first use (~150 MB for "base").
-# To use cloud providers instead, set GROQ_API_KEY, VOICE_TOOLS_OPENAI_KEY, or ELEVENLABS_API_KEY above.
-# Provider priority: local > groq > openai > mistral > xai > elevenlabs
-# Configure in config.yaml: stt.provider: local | groq | openai | mistral | xai | elevenlabs
+# To use cloud providers instead, set GROQ_API_KEY or VOICE_TOOLS_OPENAI_KEY above.
+# Provider priority: local > groq > openai
+# Configure in config.yaml: stt.provider: local | groq | openai

 # =============================================================================
 # STT ADVANCED OVERRIDES (optional)
@@ -427,12 +427,10 @@ IMAGE_TOOLS_DEBUG=false
 # Override default STT models per provider (normally set via stt.model in config.yaml)
 # STT_GROQ_MODEL=whisper-large-v3-turbo
 # STT_OPENAI_MODEL=whisper-1
-# STT_ELEVENLABS_MODEL=scribe_v2

 # Override STT provider endpoints (for proxies or self-hosted instances)
 # GROQ_BASE_URL=https://api.groq.com/openai/v1
 # STT_OPENAI_BASE_URL=https://api.openai.com/v1
-# ELEVENLABS_STT_BASE_URL=https://api.elevenlabs.io/v1

 # =============================================================================
 # MICROSOFT TEAMS INTEGRATION
--- a/.github/workflows/build-windows-installer.yml
+++ b/.github/workflows/build-windows-installer.yml
@@ -1,100 +0,0 @@
-name: Build Windows Installer
-
-on:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  # Gate: workflow_dispatch is already restricted to users with write access,
-  # but we want ADMIN-only. Explicitly check the triggering actor's repo
-  # permission via the API and fail fast for anyone below admin.
-  authorize:
-    name: Authorize (admins only)
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - name: Check actor is a repo admin
-        env:
-          GH_TOKEN: ${{ github.token }}
-          ACTOR: ${{ github.actor }}
-        run: |
-          set -euo pipefail
-          perm=$(gh api \
-            "repos/${{ github.repository }}/collaborators/${ACTOR}/permission" \
-            --jq '.permission')
-          echo "Actor '${ACTOR}' has permission: ${perm}"
-          if [ "${perm}" != "admin" ]; then
-            echo "::error::'${ACTOR}' is not a repo admin (permission=${perm}). Refusing to build/sign."
-            exit 1
-          fi
-          echo "Authorized: '${ACTOR}' is an admin."
-
-  build:
-    name: Hermes-Setup.exe
-    needs: authorize
-    runs-on: windows-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      # Required for OIDC auth to Azure (azure/login federated credentials).
-      id-token: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-
-      - name: Setup Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020  # v4
-        with:
-          node-version: 22
-          cache: npm
-
-      - name: Install npm dependencies
-        run: npm ci
-
-      - name: Setup Rust
-        uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8  # stable
-
-      - name: Cache Rust targets
-        uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32  # v2
-        with:
-          workspaces: apps/bootstrap-installer/src-tauri
-
-      - name: Build installer
-        run: npm run tauri:build
-        working-directory: apps/bootstrap-installer
-
-      - name: Azure login (OIDC)
-        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5  # v2
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-      - name: Sign Hermes-Setup.exe with Azure Artifact Signing
-        uses: azure/artifact-signing-action@c7ab2a863ab5f9a846ddb8265964877ef296ee82  # v2
-        with:
-          endpoint: ${{ vars.AZURE_SIGNING_ENDPOINT }}
-          signing-account-name: ${{ vars.AZURE_SIGNING_ACCOUNT_NAME }}
-          certificate-profile-name: ${{ vars.AZURE_SIGNING_CERTIFICATE_PROFILE }}
-          # Sign both the raw exe and the bundled NSIS installer.
-          files-folder: ${{ github.workspace }}\apps\bootstrap-installer\src-tauri\target\release
-          files-folder-filter: exe
-          files-folder-recurse: true
-          file-digest: SHA256
-          timestamp-rfc3161: http://timestamp.acs.microsoft.com
-          timestamp-digest: SHA256
-
-      - name: Upload NSIS installer
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
-        with:
-          name: Hermes-Setup-installer
-          path: apps/bootstrap-installer/src-tauri/target/release/bundle/nsis/*.exe
-
-      - name: Upload raw exe
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
-        with:
-          name: Hermes-Setup-exe
-          path: apps/bootstrap-installer/src-tauri/target/release/Hermes-Setup.exe
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -26,10 +26,6 @@ on:

 permissions:
  contents: read
-  # Needed so the arm64 job can push/pull its registry-backed build cache
-  # to ghcr.io (cache-to/cache-from type=registry).  See the build-arm64
-  # job for why registry cache replaced the gha cache on that arch.
-  packages: write

 # Concurrency: push/release runs are NEVER cancelled so every merge gets
 # its own image.  PR runs reuse a PR-scoped group with
@@ -200,34 +196,11 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f  # v3

-      # Log in to ghcr.io so the registry-backed build cache below can be
-      # read (cache-from) on every event and written (cache-to) on
-      # push/release.  Uses the workflow's GITHUB_TOKEN, which is valid for
-      # the whole job — unlike the gha cache backend's short-lived Azure SAS
-      # token, which expired mid-build on slow cold-cache arm64 runs and
-      # crashed the build before the smoke test (the reason the gha cache
-      # was removed from arm64 PRs in the first place).
-      - name: Log in to ghcr.io (build cache)
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121  # v4.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Build once, load into the local daemon for smoke testing.
-      #
-      # PR builds use the registry-backed cache READ-ONLY (cache-from only):
-      # they pull warm layers pushed by the most recent main build but never
-      # write, so rapid PR pushes don't race on cache writes or pollute the
-      # cache ref.  This restores warm-cache speed to arm64 PR builds (which
-      # were running fully uncached and were ~45% slower than amd64, making
-      # them the job most often cancelled on supersede).
-      #
-      # Registry cache (type=registry on ghcr.io) is used instead of the gha
-      # cache that previously broke here: its credential is the job-lifetime
-      # GITHUB_TOKEN, not a short-lived SAS token, so the cold-build-outlives-
-      # token failure mode cannot recur.
-      - name: Build image (arm64, smoke test, cache read-only PR)
+      # Build once, load into the local daemon for smoke testing. PR arm64
+      # builds deliberately avoid the gha cache: cold-cache arm64 builds can
+      # outlive GitHub's short-lived Azure cache SAS token, then fail while
+      # reading or writing cache blobs before the smoke test can run.
+      - name: Build image (arm64, smoke test, uncached PR)
        if: github.event_name == 'pull_request'
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f  # v7.1.0
        with:
@@ -238,11 +211,9 @@ jobs:
          tags: ${{ env.IMAGE_NAME }}:test
          build-args: |
            HERMES_GIT_SHA=${{ github.sha }}
-          cache-from: type=registry,ref=ghcr.io/nousresearch/hermes-agent:buildcache-arm64

-      # Main/release builds read AND write the registry cache so the digest
-      # push below reuses layers from this smoke-test build, and so the next
-      # PR/main build starts warm.
+      # Main/release builds still use the per-arch gha cache so the digest
+      # push below can reuse layers from this smoke-test build.
      - name: Build image (arm64, smoke test, cached publish)
        if: github.event_name != 'pull_request'
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f  # v7.1.0
@@ -254,8 +225,8 @@ jobs:
          tags: ${{ env.IMAGE_NAME }}:test
          build-args: |
            HERMES_GIT_SHA=${{ github.sha }}
-          cache-from: type=registry,ref=ghcr.io/nousresearch/hermes-agent:buildcache-arm64
-          cache-to: type=registry,ref=ghcr.io/nousresearch/hermes-agent:buildcache-arm64,mode=max
+          cache-from: type=gha,scope=docker-arm64
+          cache-to: type=gha,mode=max,scope=docker-arm64

      - name: Smoke test image
        uses: ./.github/actions/hermes-smoke-test
@@ -282,8 +253,8 @@ jobs:
          build-args: |
            HERMES_GIT_SHA=${{ github.sha }}
          outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
-          cache-from: type=registry,ref=ghcr.io/nousresearch/hermes-agent:buildcache-arm64
-          cache-to: type=registry,ref=ghcr.io/nousresearch/hermes-agent:buildcache-arm64,mode=max
+          cache-from: type=gha,scope=docker-arm64
+          cache-to: type=gha,mode=max,scope=docker-arm64

      - name: Export digest
        if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'release'
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -200,3 +200,22 @@ jobs:

      - name: Run footgun checker
        run: python scripts/check-windows-footguns.py --all
+
+  plugin-isolation:
+    # Enforce that core code and core tests never import from plugin packages.
+    # Core must interact with plugins exclusively through the registry layer.
+    # See scripts/check_no_plugin_imports_in_core.py for the rule list.
+    name: Plugin isolation (blocking)
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v5
+        with:
+          python-version: "3.11"
+
+      - name: Run plugin isolation checker
+        run: python scripts/check_no_plugin_imports_in_core.py
--- a/.github/workflows/nix-lockfile-fix.yml
+++ b/.github/workflows/nix-lockfile-fix.yml
@@ -6,8 +6,8 @@ on:
    paths:
      - 'ui-tui/package-lock.json'
      - 'ui-tui/package.json'
-      - 'apps/dashboard/package-lock.json'
-      - 'apps/dashboard/package.json'
+      - 'web/package-lock.json'
+      - 'web/package.json'
  workflow_dispatch:
    inputs:
      pr_number:
@@ -28,7 +28,7 @@ concurrency:
 jobs:
  # ── Auto-fix on main ───────────────────────────────────────────────
  # Fires when a push to main touches package.json or package-lock.json
-  # in ui-tui/ or apps/dashboard/. Runs fix-lockfiles and pushes the hash
+  # in ui-tui/ or web/. Runs fix-lockfiles and pushes the hash
  # update commit directly to main so Nix builds never stay broken.
  #
  # Safety invariants:
@@ -110,7 +110,7 @@ jobs:
            # run recompute from the correct package-lock state.
            pkg_changed="$(git diff --name-only "$BASE_SHA"..origin/main -- \
              'ui-tui/package-lock.json' 'ui-tui/package.json' \
-              'apps/dashboard/package-lock.json' 'apps/dashboard/package.json' || true)"
+              'web/package-lock.json' 'web/package.json' || true)"
            if [ -n "$pkg_changed" ]; then
              echo "::warning::Package files changed since hash computation — aborting; a fresh run will recompute"
              exit 0
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -63,7 +63,7 @@ jobs:
        run: |
          uv venv .venv --python 3.11
          source .venv/bin/activate
-          uv pip install -e ".[all,dev]"
+          uv sync --all-extras

      - name: Run tests (slice ${{ matrix.slice }}/6)
        # Per-file isolation via scripts/run_tests_parallel.py: discovers
@@ -169,7 +169,7 @@ jobs:
        run: |
          uv venv .venv --python 3.11
          source .venv/bin/activate
-          uv pip install -e ".[all,dev]"
+          uv sync --all-extras

      - name: Run e2e tests
        run: |
--- a/.gitignore
+++ b/.gitignore
@@ -48,7 +48,7 @@ agent-browser/
 privvy*
 images/
 __pycache__/
-hermes_agent.egg-info/
+*.egg-info
 wandb/
 testlogs

@@ -63,10 +63,6 @@ environments/benchmarks/evals/

 # Web UI build output
 hermes_cli/web_dist/
-apps/desktop/build/
-apps/desktop/dist/
-apps/desktop/release/
-apps/desktop/*.tsbuildinfo

 # Web UI assets — synced from @nous-research/ui at build time via
 # `npm run sync-assets` (see web/package.json).
@@ -89,20 +85,9 @@ website/static/api/skills-index.json
 website/static/api/skills.json
 website/static/api/skills-meta.json
 models-dev-upstream/
-
-# Local editor / agent tooling (machine-specific; keep in global config, not the repo)
-.codex/
-.cursor/
-.gemini/
-.zed/
-.mcp.json
-opencode.json
-config/mcporter.json
-
 hermes_cli/tui_dist/*
 hermes_cli/scripts/
-docs/superpowers/*
-# Working directory for the Hermes Agent's session state (~/.hermes/ at runtime;
+docs/superpowers/*# Working directory for the Hermes Agent's session state (~/.hermes/ at runtime;
 # also created in-repo when an agent operates in this checkout). Plans, audit
 # logs, and per-session caches are never artifacts of the codebase.
 .hermes/
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -2,8 +2,6 @@

 Instructions for AI coding assistants and developers working on the hermes-agent codebase.

-**Never give up on the right solution.**
-
 ## Development Environment

 ```bash
@@ -31,7 +29,9 @@ hermes-agent/
 ├── hermes_constants.py   # get_hermes_home(), display_hermes_home() — profile-aware paths
 ├── hermes_logging.py     # setup_logging() — agent.log / errors.log / gateway.log (profile-aware)
 ├── batch_runner.py       # Parallel batch processing
+├── _build_backend.py     # Custom PEP 517 build backend — inlines plugin deps at wheel build time
 ├── agent/                # Agent internals (provider adapters, memory, caching, compression, etc.)
+│   └── plugin_registries.py  # Typed capability registries (auth, transport, platform, tool, model_metadata)
 ├── hermes_cli/           # CLI subcommands, setup wizard, plugins loader, skin engine
 ├── tools/                # Tool implementations — auto-discovered via tools/registry.py
 │   └── environments/     # Terminal backends (local, docker, ssh, modal, daytona, singularity)
@@ -41,16 +41,20 @@ hermes-agent/
 │   │                     #   dingtalk, wecom, weixin, feishu, qqbot, bluebubbles,
 │   │                     #   yuanbao, webhook, api_server, ...). See ADDING_A_PLATFORM.md.
 │   └── builtin_hooks/    # Extension point for always-registered gateway hooks (none shipped)
-├── plugins/              # Plugin system (see "Plugins" section below)
+├── plugins/              # Plugin packages — uv workspace members (see "Plugins" section)
+│   ├── model-providers/  # anthropic, bedrock, azure-foundry (own pyproject.toml each)
+│   ├── platforms/        # telegram, slack, discord, feishu, dingtalk, matrix
+│   ├── tts/              # Text-to-speech plugin
+│   ├── stt/              # Speech-to-text plugin
+│   ├── image_gen/        # FAL image generation
+│   ├── terminals/        # daytona, modal, vercel
+│   ├── web/              # exa, firecrawl, parallel
 │   ├── memory/           # Memory-provider plugins (honcho, mem0, supermemory, ...)
 │   ├── context_engine/   # Context-engine plugins
-│   ├── model-providers/  # Inference backend plugins (openrouter, anthropic, gmi, ...)
 │   ├── kanban/           # Multi-agent board dispatcher + worker plugin
 │   ├── hermes-achievements/  # Gamified achievement tracking
 │   ├── observability/    # Metrics / traces / logs plugin
-│   ├── image_gen/        # Image-generation providers
-│   └── <others>/         # disk-cleanup, google_meet, platforms, spotify,
-│                         #   strike-freedom-cockpit, ...
+│   └── <others>/         # dashboard, google_meet, spotify, strike-freedom-cockpit, ...
 ├── optional-skills/      # Heavier/niche skills shipped but NOT active by default
 ├── skills/               # Built-in skills bundled with the repo
 ├── ui-tui/               # Ink (React) terminal UI — `hermes --tui`
@@ -68,29 +72,6 @@ hermes-agent/
 `gateway.log` when running the gateway. Profile-aware via `get_hermes_home()`.
 Browse with `hermes logs [--follow] [--level ...] [--session ...]`.

-## TypeScript Style
-
-Applies to TypeScript across Hermes: desktop, TUI, website, and future TS packages.
-
- Prefer small nanostores over component state when state is shared, reused, or read by distant UI.
- Let each feature own its atoms. Chat state belongs near chat, shell state near shell, shared state in `src/store`.
- Components that render from an atom should use `useStore`. Non-rendering actions should read with `$atom.get()`.
- Do not pass state through three components when the leaf can subscribe to the atom.
- Keep persistence beside the atom that owns it.
- Keep route roots thin. They compose routes and shell; they should not become controllers.
- No monolithic hooks. A hook should own one narrow job.
- Prefer colocated action modules over hidden god hooks.
- If a callback is pure side effect, use the terse void form:
-  `onState={st => void setGatewayState(st)}`.
- Async UI handlers should make intent explicit:
-  `onClick={() => void save()}`.
- Prefer interfaces for public props and shared object shapes. Avoid `type X = { ... }` for object props.
- Extend React primitives for props: `React.ComponentProps<'button'>`, `React.ComponentProps<typeof Dialog>`, `Omit<...>`, `Pick<...>`.
- Table-driven beats condition ladders when mapping ids, routes, or views.
- `src/app` owns routes, pages, and page-specific components.
- `src/store` owns shared atoms.
- `src/lib` owns shared pure helpers.
-
 ## File Dependency Chain

 ```
@@ -511,9 +492,102 @@ Activate with `/skin cyberpunk` or `display.skin: cyberpunk` in config.yaml.

 ## Plugins

-Hermes has two plugin surfaces. Both live under `plugins/` in the repo so
-repo-shipped plugins can be discovered alongside user-installed ones in
-`~/.hermes/plugins/` and pip-installed entry points.
+Hermes uses a **plugin-first architecture**: every optional capability (model
+providers, platform adapters, TTS/STT, terminal backends, image generation)
+lives in its own installable Python package under `plugins/`. The core
+codebase (`agent/`, `hermes_cli/`, `gateway/`, `tools/`) **never** imports
+from a `hermes_agent_*` plugin package directly. Instead, plugins register
+their capabilities into typed registries during `register()`, and the core
+queries those registries at runtime.
+
+Full architecture doc: `website/docs/developer-guide/plugin-architecture.md`
+
+### Workspace layout
+
+All 21 builtin plugins are uv workspace members — each has its own
+`pyproject.toml` (single source of truth for deps), `plugin.yaml`
+(directory-scanner manifest for dev mode), and `hermes_agent_<name>/` package
+with `register(ctx)`:
+
+```
+plugins/
+├── model-providers/        # anthropic, bedrock, azure-foundry
+├── platforms/              # telegram, slack, discord, feishu, dingtalk, matrix
+├── tts/                    # text-to-speech (Edge TTS + ElevenLabs)
+├── stt/                    # speech-to-text
+├── image_gen/fal_pkg/      # FAL image generation
+├── terminals/              # daytona, modal, vercel
+├── web/                    # exa, firecrawl, parallel
+├── memory/                 # honcho, hindsight
+├── dashboard/              # streamlit dashboard
+└── hermes-achievements/    # gamified achievement tracking
+```
+
+### The hermetic core boundary
+
+Core code MUST NOT import from `hermes_agent_*` packages. Instead it queries
+typed registries in `agent/plugin_registries.py`:
+
+```python
+# ❌ BAD — core directly imports plugin
+from hermes_agent_bedrock import has_aws_credentials
+
+# ✅ GOOD — core queries the registry
+from agent.plugin_registries import registries
+bedrock_auth = registries.get_auth_provider("bedrock")
+```
+
+Registry types: `auth_providers`, `transport_builders`, `platform_adapters`,
+`tool_providers`, `model_metadata`, `credential_pools`.
+
+Each plugin's `register(ctx)` populates the registries via `ctx.register_*()`:
+- `ctx.register_auth_provider(name, provider, ...)`
+- `ctx.register_transport(name, builder, ...)`
+- `ctx.register_platform(name, label, adapter_factory, check_fn, ...)`
+- `ctx.register_tool_provider(entry, ...)`
+- `ctx.register_model_metadata(entry, ...)`
+- `ctx.register_credential_pool(entry, ...)`
+- Plus existing: `register_tool()`, `register_hook()`, `register_cli_command()`,
+  `register_tts_provider()`, `register_transcription_provider()`,
+  `register_image_gen_provider()`, `register_video_gen_provider()`,
+  `register_context_engine()`
+
+### Plugin discovery
+
+Three discovery paths (same as before, now workspace-aware):
+1. **Directory scanner** — `plugins/`, `~/.hermes/plugins/`, `.hermes/plugins/`
+   (looks for `plugin.yaml`)
+2. **Entry points** — `[project.entry-points."hermes_agent.plugins"]`
+3. **uv workspace** — `uv sync --extra <name>` installs the plugin into venv
+
+### Dependency management
+
+- Each plugin's `pyproject.toml` is the **only** place its deps are declared
+- Root `pyproject.toml` maps extras to workspace members:
+  `telegram = ["hermes-agent-telegram"]`
+- `uv.lock` resolves the whole workspace (236 packages)
+- No `LAZY_DEPS`, no `ensure()`, no runtime `pip install`
+- Custom PEP 517 build backend (`_build_backend.py`) inlines plugin deps
+  at wheel build time for PyPI publishing
+
+### NixOS
+
+`loadWorkspace` discovers all workspace members from `uv.lock` automatically.
+`mkVirtualEnv { hermes-agent = ["all"] }` installs all plugins. Select specific
+plugins with `extraDependencyGroups = ["telegram", "anthropic"]`.
+
+### Tests
+
+Plugin tests live in `plugins/<category>/<name>/tests/`. The test runner
+discovers both `tests/` and `plugins/`. Running plugin tests requires the
+plugin to be installed (`uv sync --extra <name>`).
+
+### The rule
+
+**If it can be a plugin, it must be a plugin.** Adding optional capabilities
+to core files is a code review rejection. If the plugin surface doesn't
+support what you need, extend the surface (new registry type, new hook, new
+`ctx` method) — don't inline the capability.

 ### General plugins (`hermes_cli/plugins.py` + `plugins/<name>/`)

@@ -556,9 +630,14 @@ providers don't clutter `hermes --help`.
 **Rule (Teknium, May 2026):** plugins MUST NOT modify core files
 (`run_agent.py`, `cli.py`, `gateway/run.py`, `hermes_cli/main.py`, etc.).
 If a plugin needs a capability the framework doesn't expose, expand the
-generic plugin surface (new hook, new ctx method) — never hardcode
-plugin-specific logic into core. PR #5295 removed 95 lines of hardcoded
-honcho argparse from `main.py` for exactly this reason.
+generic plugin surface (new hook, new ctx method, new registry type) — never
+hardcode plugin-specific logic into core. PR #5295 removed 95 lines of
+hardcoded honcho argparse from `main.py` for exactly this reason.
+
+**Hermetic core boundary (May 2026):** core code (`agent/`, `hermes_cli/`,
+`gateway/`, `tools/`) MUST NOT import from `hermes_agent_*` plugin packages.
+Use the typed registries in `agent/plugin_registries.py` instead. See the
+**Plugins** section below for the full list of registry types.

 **No new in-tree memory providers (policy, May 2026):** the set of
 built-in memory providers under `plugins/memory/` is closed. New memory
@@ -1036,40 +1115,41 @@ def profile_env(tmp_path, monkeypatch):

 ## Testing

-**ALWAYS use `scripts/run_tests.sh`** — do not call `pytest` directly. The script enforces
-hermetic environment parity with CI (unset credential vars, TZ=UTC, LANG=C.UTF-8,
-`-n auto` xdist workers, in-tree subprocess-isolation plugin). Direct `pytest`
-on a 16+ core developer machine with API keys set diverges from CI in ways
-that have caused multiple "works locally, fails in CI" incidents (and the reverse).
+**ALWAYS use `scripts/run_tests.sh`** — do NOT call `pytest` directly on a directory.
+The script enforces hermetic environment parity with CI and provides per-file
+process isolation that prevents registry singleton / module-level state leakage
+between test files.

 ```bash
 scripts/run_tests.sh                                  # full suite, CI-parity
 scripts/run_tests.sh tests/gateway/                   # one directory
+scripts/run_tests.sh tests/agent/test_foo.py          # one file
 scripts/run_tests.sh tests/agent/test_foo.py::test_x  # one test
 scripts/run_tests.sh -v --tb=long                     # pass-through pytest flags
-scripts/run_tests.sh --no-isolate tests/foo/          # disable subprocess isolation (faster, for debugging)
 ```

-### Subprocess-per-test isolation
+For a **single test file or specific test**, bare `pytest` is fine:

-Every test runs in a freshly-spawned Python subprocess via the in-tree plugin
-at `tests/_isolate_plugin.py`. This means module-level dicts/sets and
-ContextVars from one test cannot leak into the next — the historic
-`_reset_module_state` autouse fixture is gone.
+```bash
+nix run nixpkgs#uv -- run python -m pytest tests/agent/test_foo.py -q
+nix run nixpkgs#uv -- run python -m pytest tests/agent/test_foo.py::test_x --tb=short
+```

-Implementation notes:
+Running bare `pytest` on a directory (e.g. `pytest tests/`) will print a warning
+from `conftest.py` telling you to use the script instead.

- The plugin uses `multiprocessing.get_context("spawn")`, which works on
-  Linux, macOS, and Windows alike (POSIX `fork` is not used).
- Per-test overhead is ~0.5–1.0s (Python startup + pytest collection). xdist
-  parallelism amortizes this across cores; on a 20-core box the full suite
-  finishes in roughly the same wall time as before, but flake-free.
- `isolate_timeout` (configured in `pyproject.toml`) caps each test at 30s.
-  Hangs are killed and surfaced as a failure report.
- Pass `--no-isolate` to disable isolation — useful when debugging a single
-  test interactively, or when you specifically want to verify state leakage.
- The plugin disables itself in child processes (sentinel envvar
-  `HERMES_ISOLATE_CHILD=1`), so there's no fork-bomb risk.
+### Per-file process isolation
+
+`scripts/run_tests.sh` calls `scripts/run_tests_parallel.py`, which spawns one
+`python -m pytest <file>` subprocess per test **file** (not per test), giving each
+a fresh Python interpreter. This means module-level dicts/sets, ContextVars, and
+registry singletons from one test file cannot leak into another — no shared state
+between files, no xdist required.
+
+`HERMES_PARALLEL_RUNNER=1` is set in each subprocess so `conftest.py` knows tests
+are running under the managed runner. If you need to suppress the bare-pytest
+directory warning in a special case, set this variable yourself — but prefer the
+script.

 ### Why the wrapper (and why the old "just call pytest" doesn't work)

@@ -1081,31 +1161,13 @@ Five real sources of local-vs-CI drift the script closes:
 | HOME / `~/.hermes/` | Your real config+auth.json | Temp dir per test |
 | Timezone | Local TZ (PDT etc.) | UTC |
 | Locale | Whatever is set | C.UTF-8 |
-| xdist workers | `-n auto` = all cores | `-n auto` (safe — subprocess isolation prevents cross-worker flakes) |
+| File isolation | Shared interpreter — state leaks between files | One subprocess per file |

-`tests/conftest.py` also enforces points 1-4 as an autouse fixture so ANY pytest
-invocation (including IDE integrations) gets hermetic behavior — but the wrapper
-is belt-and-suspenders.
+`tests/conftest.py` also enforces the credential/TZ/locale points as an autouse
+fixture so ANY pytest invocation (including IDE integrations) gets hermetic
+behavior — but the wrapper adds per-file process isolation on top.

-### Running without the wrapper (only if you must)
-
-If you can't use the wrapper (e.g. inside an IDE that shells pytest directly),
-at minimum activate the venv. The isolation plugin loads automatically from
-`addopts` in `pyproject.toml`, so you get the same per-test process isolation
-either way.
-
-```bash
-source .venv/bin/activate   # or: source venv/bin/activate
-python -m pytest tests/ -q
-```
-
-If you need to bypass isolation for fast feedback while debugging:
-
-```bash
-python -m pytest tests/agent/test_foo.py -q --no-isolate
-```
-
-Always run the full suite before pushing changes.
+Always run the full suite via `scripts/run_tests.sh` before pushing changes.

 ### Don't write change-detector tests

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -121,12 +121,11 @@ hermes chat -q "Hello"
 ### Run tests

 ```bash
-# Preferred — matches CI (hermetic env, 4 xdist workers); see AGENTS.md
+# Preferred — matches CI (hermetic env, per-file process isolation); see AGENTS.md
 scripts/run_tests.sh

-# Alternative (activate the venv first). The wrapper is still recommended
-# for parity with GitHub Actions before you open a PR:
-pytest tests/ -v
+# For a single file or specific test, bare pytest is also fine:
+# python -m pytest tests/agent/test_foo.py -q
 ```

 ---
@@ -857,7 +856,7 @@ refactor/description   # Code restructuring

 ### Before submitting

-1. **Run tests**: `scripts/run_tests.sh` (recommended; same as CI) or `pytest tests/ -v` with the project venv activated
+1. **Run tests**: `scripts/run_tests.sh` (recommended; same as CI — hermetic env + per-file process isolation)
 2. **Test manually**: Run `hermes` and exercise the code path you changed
 3. **Check cross-platform impact**: If you touch file I/O, process management, or terminal handling, consider macOS, Linux, and WSL2
 4. **Keep PRs focused**: One logical change per PR. Don't mix a bug fix with a refactor with a new feature.
--- a/48
+++ b/48
@@ -25,7 +25,7 @@ ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
 # hermes process, the dashboard, and per-profile gateways.
 RUN apt-get update && \
    apt-get install -y --no-install-recommends \
-    ca-certificates curl iputils-ping python3 python-is-python3 ripgrep ffmpeg gcc python3-dev python3-venv libffi-dev procps git openssh-client docker-cli xz-utils && \
+    ca-certificates curl iputils-ping python3 python-is-python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli xz-utils && \
    rm -rf /var/lib/apt/lists/*

 # ---------- s6-overlay install ----------
@@ -73,17 +73,7 @@ RUN set -eu; \
    tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz; \
    tar -C / -Jxpf /tmp/s6-overlay-arch.tar.xz; \
    tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz; \
-    rm /tmp/s6-overlay-*.tar.xz /tmp/s6-overlay.sha256; \
-    # #34192: backward-compat shim for orchestration templates that still\
-    # reference the legacy /usr/bin/tini entrypoint (e.g. Hostinger's\
-    # 'Hermes WebUI' catalog). The image has moved to s6-overlay /init\
-    # as PID 1 (see ENTRYPOINT below + the migration comment at the top\
-    # of this file), but external wrappers pinned to /usr/bin/tini will\
-    # crash with 'tini: No such file or directory' on startup. The shim\
-    # symlinks /usr/bin/tini -> /init so legacy wrappers exec the right\
-    # PID-1 reaper without behavior change for users on the current\
-    # ENTRYPOINT. Safe to drop once the affected catalogs are updated.\
-    ln -sf /init /usr/bin/tini
+    rm /tmp/s6-overlay-*.tar.xz /tmp/s6-overlay.sha256

 # Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
 RUN useradd -u 10000 -m -d /opt/data hermes
@@ -146,13 +136,16 @@ RUN npm install --prefer-offline --no-audit && \
 # frontend stats the readme path during dep resolution, so we `touch` an
 # empty placeholder — the real README is restored by `COPY . .` below.
 #
-# `uv sync --frozen --no-install-project --extra all --extra messaging`
+# `uv sync --frozen --no-install-project --extra all --extra telegram
+# --extra slack --extra discord --extra feishu --extra dingtalk`
 # installs the deps reachable through the composite `[all]` extra
 # (handpicked set intended for the production image), plus gateway
 # messaging adapters that should work in the published image without a
-# first-boot lazy install.  We do NOT use `--all-extras`:
+# first-boot lazy install.  The `[all]` extra already includes
+# telegram, slack, discord, feishu, dingtalk.  We do NOT use `--all-extras`:
 # that would pull in `[rl]` (atroposlib + tinker + torch + wandb from
-# git), `[yc-bench]` (another git dep), and `[termux-all]` (Android
+# git), `[yc-bench]` (another git dep), `[matrix]` (python-olm, no
+# wheel on all platforms), and `[termux-all]` (Android
 # redundancy), none of which belong in the published container.
 #
 # Provider packages (anthropic, bedrock, azure-identity) are included
@@ -161,8 +154,31 @@ RUN npm install --prefer-offline --no-audit && \
 #
 # The editable link is created after the source copy below.
 COPY pyproject.toml uv.lock ./
+# Workspace member pyproject.toml files must be present for uv to resolve
+# the plugin extras.  We copy the minimal structure needed; full source
+# comes in the source COPY below.
+COPY plugins/dashboard/pyproject.toml plugins/dashboard/
+COPY plugins/image_gen/fal_pkg/pyproject.toml plugins/image_gen/fal_pkg/
+COPY plugins/memory/hindsight/pyproject.toml plugins/memory/hindsight/
+COPY plugins/memory/honcho/pyproject.toml plugins/memory/honcho/
+COPY plugins/model-providers/anthropic/pyproject.toml plugins/model-providers/anthropic/
+COPY plugins/model-providers/azure-foundry/pyproject.toml plugins/model-providers/azure-foundry/
+COPY plugins/model-providers/bedrock/pyproject.toml plugins/model-providers/bedrock/
+COPY plugins/platforms/dingtalk/pyproject.toml plugins/platforms/dingtalk/
+COPY plugins/platforms/discord/pyproject.toml plugins/platforms/discord/
+COPY plugins/platforms/feishu/pyproject.toml plugins/platforms/feishu/
+COPY plugins/platforms/matrix/pyproject.toml plugins/platforms/matrix/
+COPY plugins/platforms/slack/pyproject.toml plugins/platforms/slack/
+COPY plugins/platforms/telegram/pyproject.toml plugins/platforms/telegram/
+COPY plugins/stt/pyproject.toml plugins/stt/
+COPY plugins/terminals/daytona/pyproject.toml plugins/terminals/daytona/
+COPY plugins/terminals/modal/pyproject.toml plugins/terminals/modal/
+COPY plugins/tts/pyproject.toml plugins/tts/
+COPY plugins/web/exa/pyproject.toml plugins/web/exa/
+COPY plugins/web/firecrawl/pyproject.toml plugins/web/firecrawl/
+COPY plugins/web/parallel/pyproject.toml plugins/web/parallel/
 RUN touch ./README.md
-RUN uv sync --frozen --no-install-project --extra all --extra messaging --extra anthropic --extra bedrock --extra azure-identity
+RUN uv sync --frozen --no-install-project --extra all --extra anthropic --extra bedrock --extra azure-identity

 # ---------- Source code ----------
 # .dockerignore excludes node_modules, so the installs above survive.
--- a/README.md
+++ b/README.md
@@ -36,9 +36,9 @@ Use any model you want — [Nous Portal](https://portal.nousresearch.com), [Open
 curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash
 ```

-### Windows (native, PowerShell)
+### Windows (native, PowerShell) — Early Beta

-> **Heads up:** Native Windows runs Hermes without WSL — CLI, gateway, TUI, and tools all work natively. If you'd rather use WSL2, the Linux/macOS one-liner above works there too. Found a bug? Please [file issues](https://github.com/NousResearch/hermes-agent/issues).
+> **Heads up:** Native Windows support is **early beta**. It installs and runs, but hasn't been road-tested as broadly as our Linux/macOS/WSL2 paths. Please [file issues](https://github.com/NousResearch/hermes-agent/issues) when you hit rough edges. For the most battle-tested Windows setup today, run the Linux/macOS one-liner above inside **WSL2**.

 Run this in PowerShell:

@@ -46,13 +46,13 @@ Run this in PowerShell:
 iex (irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1)
 ```

-The installer handles everything: uv, Python 3.11, Node.js, ripgrep, ffmpeg, **and a portable Git Bash** (MinGit, unpacked to `%LOCALAPPDATA%\hermes\git` — no admin required, completely isolated from any system Git install). Hermes uses this bundled Git Bash to run shell commands.
+The installer handles everything: uv, Python 3.11, Node.js, ripgrep, ffmpeg, **and a portable Git Bash** (MinGit, unpacked to `%LOCALAPPDATA%\hermes\git` — no admin required, completely isolated from any system Git install).  Hermes uses this bundled Git Bash to run shell commands.

-If you already have Git installed, the installer detects it and uses that instead. Otherwise a ~45MB MinGit download is all you need — it won't touch or interfere with any system Git.
+If you already have Git installed, the installer detects it and uses that instead.  Otherwise a ~45MB MinGit download is all you need — it won't touch or interfere with any system Git.

 > **Android / Termux:** The tested manual path is documented in the [Termux guide](https://hermes-agent.nousresearch.com/docs/getting-started/termux). On Termux, Hermes installs a curated `.[termux]` extra because the full `.[all]` extra currently pulls Android-incompatible voice dependencies.
 >
-> **Windows:** Native Windows is fully supported — the PowerShell one-liner above installs everything. If you'd rather use WSL2, the Linux command works there too. Native Windows install lives under `%LOCALAPPDATA%\hermes`; WSL2 installs under `~/.hermes` as on Linux.  The only Hermes feature that currently needs WSL2 specifically is the browser-based dashboard chat pane (it uses a POSIX PTY — classic CLI and gateway both run natively).
+> **Windows:** Native Windows is supported as an **early beta** — the PowerShell one-liner above installs everything, but expect rough edges and please file issues when you hit them. If you'd rather use WSL2 (our most battle-tested Windows path), the Linux command works there too. Native Windows install lives under `%LOCALAPPDATA%\hermes`; WSL2 installs under `~/.hermes` as on Linux.  The only Hermes feature that currently needs WSL2 specifically is the browser-based dashboard chat pane (it uses a POSIX PTY — classic CLI and gateway both run natively).

 After installation:

@@ -104,17 +104,17 @@ You can still bring your own keys per-tool whenever you want — the gateway is

 Hermes has two entry points: start the terminal UI with `hermes`, or run the gateway and talk to it from Telegram, Discord, Slack, WhatsApp, Signal, or Email. Once you're in a conversation, many slash commands are shared across both interfaces.

-| Action                         | CLI                                           | Messaging platforms                                                              |
-| ------------------------------ | --------------------------------------------- | -------------------------------------------------------------------------------- |
-| Start chatting                 | `hermes`                                      | Run `hermes gateway setup` + `hermes gateway start`, then send the bot a message |
-| Start fresh conversation       | `/new` or `/reset`                            | `/new` or `/reset`                                                               |
-| Change model                   | `/model [provider:model]`                     | `/model [provider:model]`                                                        |
-| Set a personality              | `/personality [name]`                         | `/personality [name]`                                                            |
-| Retry or undo the last turn    | `/retry`, `/undo`                             | `/retry`, `/undo`                                                                |
-| Compress context / check usage | `/compress`, `/usage`, `/insights [--days N]` | `/compress`, `/usage`, `/insights [days]`                                        |
-| Browse skills                  | `/skills` or `/<skill-name>`                  | `/<skill-name>`                                                                  |
-| Interrupt current work         | `Ctrl+C` or send a new message                | `/stop` or send a new message                                                    |
-| Platform-specific status       | `/platforms`                                  | `/status`, `/sethome`                                                            |
+| Action | CLI | Messaging platforms |
+|---------|-----|---------------------|
+| Start chatting | `hermes` | Run `hermes gateway setup` + `hermes gateway start`, then send the bot a message |
+| Start fresh conversation | `/new` or `/reset` | `/new` or `/reset` |
+| Change model | `/model [provider:model]` | `/model [provider:model]` |
+| Set a personality | `/personality [name]` | `/personality [name]` |
+| Retry or undo the last turn | `/retry`, `/undo` | `/retry`, `/undo` |
+| Compress context / check usage | `/compress`, `/usage`, `/insights [--days N]` | `/compress`, `/usage`, `/insights [days]` |
+| Browse skills | `/skills` or `/<skill-name>` | `/<skill-name>` |
+| Interrupt current work | `Ctrl+C` or send a new message | `/stop` or send a new message |
+| Platform-specific status | `/platforms` | `/status`, `/sethome` |

 For the full command lists, see the [CLI guide](https://hermes-agent.nousresearch.com/docs/user-guide/cli) and the [Messaging Gateway guide](https://hermes-agent.nousresearch.com/docs/user-guide/messaging).

@@ -124,23 +124,23 @@ For the full command lists, see the [CLI guide](https://hermes-agent.nousresearc

 All documentation lives at **[hermes-agent.nousresearch.com/docs](https://hermes-agent.nousresearch.com/docs/)**:

-| Section                                                                                             | What's Covered                                             |
-| --------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- |
-| [Quickstart](https://hermes-agent.nousresearch.com/docs/getting-started/quickstart)                 | Install → setup → first conversation in 2 minutes          |
-| [CLI Usage](https://hermes-agent.nousresearch.com/docs/user-guide/cli)                              | Commands, keybindings, personalities, sessions             |
-| [Configuration](https://hermes-agent.nousresearch.com/docs/user-guide/configuration)                | Config file, providers, models, all options                |
-| [Messaging Gateway](https://hermes-agent.nousresearch.com/docs/user-guide/messaging)                | Telegram, Discord, Slack, WhatsApp, Signal, Home Assistant |
-| [Security](https://hermes-agent.nousresearch.com/docs/user-guide/security)                          | Command approval, DM pairing, container isolation          |
-| [Tools & Toolsets](https://hermes-agent.nousresearch.com/docs/user-guide/features/tools)            | 40+ tools, toolset system, terminal backends               |
-| [Skills System](https://hermes-agent.nousresearch.com/docs/user-guide/features/skills)              | Procedural memory, Skills Hub, creating skills             |
-| [Memory](https://hermes-agent.nousresearch.com/docs/user-guide/features/memory)                     | Persistent memory, user profiles, best practices           |
-| [MCP Integration](https://hermes-agent.nousresearch.com/docs/user-guide/features/mcp)               | Connect any MCP server for extended capabilities           |
-| [Cron Scheduling](https://hermes-agent.nousresearch.com/docs/user-guide/features/cron)              | Scheduled tasks with platform delivery                     |
-| [Context Files](https://hermes-agent.nousresearch.com/docs/user-guide/features/context-files)       | Project context that shapes every conversation             |
-| [Architecture](https://hermes-agent.nousresearch.com/docs/developer-guide/architecture)             | Project structure, agent loop, key classes                 |
-| [Contributing](https://hermes-agent.nousresearch.com/docs/developer-guide/contributing)             | Development setup, PR process, code style                  |
-| [CLI Reference](https://hermes-agent.nousresearch.com/docs/reference/cli-commands)                  | All commands and flags                                     |
-| [Environment Variables](https://hermes-agent.nousresearch.com/docs/reference/environment-variables) | Complete env var reference                                 |
+| Section | What's Covered |
+|---------|---------------|
+| [Quickstart](https://hermes-agent.nousresearch.com/docs/getting-started/quickstart) | Install → setup → first conversation in 2 minutes |
+| [CLI Usage](https://hermes-agent.nousresearch.com/docs/user-guide/cli) | Commands, keybindings, personalities, sessions |
+| [Configuration](https://hermes-agent.nousresearch.com/docs/user-guide/configuration) | Config file, providers, models, all options |
+| [Messaging Gateway](https://hermes-agent.nousresearch.com/docs/user-guide/messaging) | Telegram, Discord, Slack, WhatsApp, Signal, Home Assistant |
+| [Security](https://hermes-agent.nousresearch.com/docs/user-guide/security) | Command approval, DM pairing, container isolation |
+| [Tools & Toolsets](https://hermes-agent.nousresearch.com/docs/user-guide/features/tools) | 40+ tools, toolset system, terminal backends |
+| [Skills System](https://hermes-agent.nousresearch.com/docs/user-guide/features/skills) | Procedural memory, Skills Hub, creating skills |
+| [Memory](https://hermes-agent.nousresearch.com/docs/user-guide/features/memory) | Persistent memory, user profiles, best practices |
+| [MCP Integration](https://hermes-agent.nousresearch.com/docs/user-guide/features/mcp) | Connect any MCP server for extended capabilities |
+| [Cron Scheduling](https://hermes-agent.nousresearch.com/docs/user-guide/features/cron) | Scheduled tasks with platform delivery |
+| [Context Files](https://hermes-agent.nousresearch.com/docs/user-guide/features/context-files) | Project context that shapes every conversation |
+| [Architecture](https://hermes-agent.nousresearch.com/docs/developer-guide/architecture) | Project structure, agent loop, key classes |
+| [Contributing](https://hermes-agent.nousresearch.com/docs/developer-guide/contributing) | Development setup, PR process, code style |
+| [CLI Reference](https://hermes-agent.nousresearch.com/docs/reference/cli-commands) | All commands and flags |
+| [Environment Variables](https://hermes-agent.nousresearch.com/docs/reference/environment-variables) | Complete env var reference |

 ---

@@ -160,7 +160,6 @@ hermes claw migrate --overwrite  # Overwrite existing conflicts
 ```

 What gets imported:
-
 - **SOUL.md** — persona file
 - **Memories** — MEMORY.md and USER.md entries
 - **Skills** — user-created skills → `~/.hermes/skills/openclaw-imports/`
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -179,7 +179,7 @@ curl -LsSf https://astral.sh/uv/install.sh | sh
 uv venv venv --python 3.11
 source venv/bin/activate
 uv pip install -e ".[all,dev]"
-python -m pytest tests/ -q
+scripts/run_tests.sh
 ```

 ---
--- a/RELEASE_v0.14.0.md
+++ b/RELEASE_v0.14.0.md
@@ -3,73 +3,75 @@
 **Release Date:** May 16, 2026
 **Since v0.13.0:** 808 commits · 633 merged PRs · 1393 files changed · 165,061 insertions · 545 issues closed (12 P0, 50 P1) · 215 community contributors (including co-authors)

-> The Foundation Release — Hermes Agent installs and runs anywhere now. Native Windows ships in early beta with a full PowerShell installer story, a `pip install hermes-agent` wheel lands on PyPI, lazy-deps reshape what `pip install hermes-agent` actually pulls down, the supply-chain checker scans every install/upgrade for unsafe versions, and a new OpenAI-compatible local proxy lets Codex / Aider / Cline talk to OAuth-only providers (Claude Pro, ChatGPT Pro, SuperGrok). The cold-start wave shaves ~19 seconds off `hermes` launch, browser-tool CDP calls run 180x faster, and `hermes tools` All-Platforms drops from 14s to under 1.5s. Two new messaging platforms (LINE and SimpleX Chat) and a Microsoft Graph foundation (Teams pipeline + webhook adapter) land alongside `/handoff` that finally transfers sessions live, `vision_analyze` passing pixels through to vision-capable models, `x_search` as a first-class tool, LSP semantic diagnostics on every `write_file` / `patch`, a unified pluggable `video_generate`, a `computer_use` cua-driver backend, cross-session 1-hour Claude prompt caching, a per-turn file-mutation verifier, plus 9 new optional skills. 50+ P1 closures, 12 P0 closures.
+> The Foundation Release — Hermes installs and runs anywhere, ships with the things you actually want to use, and stops shipping the things you don't. xAI Grok lands as a SuperGrok OAuth provider with grok-4.3 bumped to a 1M context window. A new OpenAI-compatible local proxy turns any OAuth-authed Hermes provider — Claude Pro, ChatGPT Pro, SuperGrok — into an endpoint that Codex / Aider / Cline / Continue can hit. `x_search` lands as a first-class X (Twitter) search tool with OAuth-or-API-key auth. The Microsoft Teams stack is wired end-to-end (Graph auth + webhook listener + pipeline runtime + outbound delivery). A debloating wave makes installs dramatically lighter — heavyweight backends now lazy-install on first use, the `[all]` extras drop everything covered by lazy-deps, and a tiered install falls back when a wheel rejects on your platform. `pip install hermes-agent` works from PyPI. The cold-start wave shaves ~19 seconds off `hermes` launch. Browser CDP calls are 180x faster. Two new messaging platforms (LINE + SimpleX Chat) bring the total to 22. Cross-session 1-hour Claude prompt caching, `/handoff` that actually transfers sessions live, native button UI for `clarify` on Telegram and Discord, Discord channel history backfill, LSP semantic diagnostics on every write, a unified pluggable `video_generate`, a `computer_use` cua-driver backend that finally works with non-Anthropic providers, clickable URLs in any terminal, Zed ACP Registry integration via `uvx`, native Windows beta, 9 new optional skills, OpenRouter Pareto Code router, huggingface/skills as a trusted default tap. 12 P0 + 50 P1 closures.

 ---

 ## ✨ Highlights

- **Native Windows support (early beta)** — full PowerShell installer, native subprocess/PTY paths, taskkill-based process management, MinGit auto-install, Microsoft Store python stub detection, foreground Ctrl+C preservation, taskkill+ps2 fallback, npm prefix handling, and ~40 follow-up Windows-only fixes across CLI / gateway / TUI / curator / tools. Hermes finally runs natively on `cmd.exe` and PowerShell, no WSL required. ([#21561](https://github.com/NousResearch/hermes-agent/pull/21561), [#22130](https://github.com/NousResearch/hermes-agent/pull/22130), [#22752](https://github.com/NousResearch/hermes-agent/pull/22752), [#26618](https://github.com/NousResearch/hermes-agent/pull/26618), and many more)
+- **xAI Grok via SuperGrok OAuth — and grok-4.3 jumps to a 1M context window** — If you pay for SuperGrok, you can now use Grok inside Hermes by signing in with your xAI account — no API key, no separate billing. The wire-through also bumps grok-4.3 to a 1M token context window, so you can drop whole codebases or research corpora into a single prompt. Includes proper handling for entitlement errors and an SSH-to-tunnel docs page for when you're SSH'd into a remote box and need to complete the OAuth flow. ([#26534](https://github.com/NousResearch/hermes-agent/pull/26534), [#26664](https://github.com/NousResearch/hermes-agent/pull/26664), [#26644](https://github.com/NousResearch/hermes-agent/pull/26644), [#26592](https://github.com/NousResearch/hermes-agent/pull/26592))

- **`pip install hermes-agent && hermes`** — Hermes Agent is now a real PyPI package. One command, no clone, no git, no shell installer. Wheel includes the Ink TUI bundle and shell launcher. (salvage of [#26350](https://github.com/NousResearch/hermes-agent/pull/26350)) ([#26593](https://github.com/NousResearch/hermes-agent/pull/26593))
+- **OpenAI-compatible local proxy for OAuth providers** — Run `hermes proxy` and you get a `http://localhost:port` endpoint that speaks the OpenAI API but is backed by whichever OAuth provider you're signed into — Claude Pro, ChatGPT Pro, SuperGrok. Now any tool that expects an OpenAI-compatible endpoint (Codex CLI, Aider, Cline, Continue, your custom scripts) just works with your existing subscription, no API key required. One subscription, every tool. ([#25969](https://github.com/NousResearch/hermes-agent/pull/25969))

- **Cold-start performance wave — ~19s off `hermes` launch** — skills cache, lazy Feishu import, no Nous HTTP at startup, plus PEP-562 lazy adapter imports (QQ, Yuanbao, Teams, Google Chat), deferred `fal_client` / `google-cloud` / `httpx` loads, models.dev disk-cache-first lookup, parallel doctor API checks, eager-skip plugin discovery on built-in subcommands, `hermes tools` All-Platforms drops from 14s to <1.5s, welcome banner skipped on `chat -q`. ([#22138](https://github.com/NousResearch/hermes-agent/pull/22138), [#22120](https://github.com/NousResearch/hermes-agent/pull/22120), [#22681](https://github.com/NousResearch/hermes-agent/pull/22681), [#22790](https://github.com/NousResearch/hermes-agent/pull/22790), [#22808](https://github.com/NousResearch/hermes-agent/pull/22808), [#22831](https://github.com/NousResearch/hermes-agent/pull/22831), [#22859](https://github.com/NousResearch/hermes-agent/pull/22859), [#22904](https://github.com/NousResearch/hermes-agent/pull/22904), [#22766](https://github.com/NousResearch/hermes-agent/pull/22766), [#25341](https://github.com/NousResearch/hermes-agent/pull/25341))
+- **`x_search` — first-class X (Twitter) search tool** — The agent can now search X directly without installing a skill or wiring up a custom integration. Search the timeline, find threads, surface specific posts — straight from the chat. Auth with either your X OAuth login or an API key, whichever you have. ([#26763](https://github.com/NousResearch/hermes-agent/pull/26763))

- **180x faster `browser_console` evaluations** — routed through the supervisor's persistent CDP WebSocket instead of spawning a fresh DevTools session per call. Real-world page interactions feel instant. ([#23226](https://github.com/NousResearch/hermes-agent/pull/23226))
+- **Microsoft Teams — end-to-end** — Hermes can now read messages from Teams and post back. The full Microsoft Graph stack lands together: auth + client foundation, a webhook listener that receives Teams events, a pipeline plugin runtime, and outbound delivery. Wire up the bot once, then chat to your agent from any Teams channel, DM, or group. (salvages of #21408–#21411) ([#21922](https://github.com/NousResearch/hermes-agent/pull/21922), [#21969](https://github.com/NousResearch/hermes-agent/pull/21969), [#22007](https://github.com/NousResearch/hermes-agent/pull/22007), [#22024](https://github.com/NousResearch/hermes-agent/pull/22024))

- **Supply-chain advisory checker + lazy-deps framework + tiered install fallback** — every `pip install` / `hermes update` scans dependencies against an advisory list, lazy-deps replace heavy import-time loads with first-use installs, and the installer falls back through extras tiers when a wheel rejects on the target platform. ([#24220](https://github.com/NousResearch/hermes-agent/pull/24220))
+- **Debloating wave — lighter installs, less you don't use** — A clean `pip install hermes-agent` used to pull down everything: every messaging adapter SDK, every image-gen SDK, every voice/TTS provider, whether you used them or not. Now those heavy backends (Slack / Matrix / Feishu / DingTalk adapters, hindsight client, codex app-server, Pixverse / Camofox / image-gen SDKs, voice/TTS providers) install automatically the first time you actually use them. The `[all]` extras drop everything covered by lazy-deps, the installer falls back through tiers when a wheel doesn't fit your platform, and a supply-chain advisory checker scans every install for unsafe versions. Faster installs, smaller disk footprint, fewer transitive vulnerabilities. ([#24220](https://github.com/NousResearch/hermes-agent/pull/24220), [#24515](https://github.com/NousResearch/hermes-agent/pull/24515), [#25014](https://github.com/NousResearch/hermes-agent/pull/25014), [#25038](https://github.com/NousResearch/hermes-agent/pull/25038), [#25766](https://github.com/NousResearch/hermes-agent/pull/25766), [#21818](https://github.com/NousResearch/hermes-agent/pull/21818))

- **OpenAI-compatible local proxy** — `hermes proxy` exposes any OAuth-authed provider (Claude Pro, ChatGPT Pro, SuperGrok) as an OpenAI-compatible endpoint that Codex / Aider / Cline / VS Code Continue can hit. Your subscription, your tools. ([#25969](https://github.com/NousResearch/hermes-agent/pull/25969))
+- **`pip install hermes-agent && hermes`** — Hermes Agent is now a real PyPI package. No more cloning the repo or running shell installers — one pip command and you're running. The wheel ships with the Ink TUI bundle and the shell launcher, so the full experience comes out of the box. (salvage of [#26350](https://github.com/NousResearch/hermes-agent/pull/26350)) ([#26593](https://github.com/NousResearch/hermes-agent/pull/26593), [#26148](https://github.com/NousResearch/hermes-agent/pull/26148))

- **Cross-session 1-hour Claude prompt cache** — Anthropic / OpenRouter / Nous Portal now share a 1h prefix cache across sessions for Claude models. Fast resume, fast `/new`, lower cost on repeat work. ([#23828](https://github.com/NousResearch/hermes-agent/pull/23828))
+- **Cross-session 1h Claude prompt cache** — When you use Claude through Anthropic, OpenRouter, or Nous Portal, the prompt prefix (system prompt, skills, memory) now caches for an hour across sessions. Start a `/new` session and the first response comes back faster and cheaper because the cache is still warm from your last session. Background memory review hits the cache too, so it's not paying full price every turn. ([#23828](https://github.com/NousResearch/hermes-agent/pull/23828), [#25434](https://github.com/NousResearch/hermes-agent/pull/25434), [#24778](https://github.com/NousResearch/hermes-agent/pull/24778))

- **Two new messaging platforms — LINE + SimpleX Chat** — LINE Messaging API lands as a first-class platform, SimpleX Chat salvages #2558 onto the modern adapter spec. Hermes is now on 22 platforms. ([#23197](https://github.com/NousResearch/hermes-agent/pull/23197), [#26232](https://github.com/NousResearch/hermes-agent/pull/26232))
+- **180x faster `browser_console` evaluations** — When the agent uses the browser tool to inspect a page or run JavaScript, those calls now share one persistent connection to Chrome instead of spinning up a new DevTools session every time. The difference is huge: things that used to take a couple of seconds per call return in milliseconds. Real-world page interactions feel instant. ([#23226](https://github.com/NousResearch/hermes-agent/pull/23226))

- **Microsoft Graph foundation — Teams pipeline + webhook adapter** — `msgraph` auth/client foundation, webhook listener platform, Teams pipeline plugin runtime, and Teams outbound delivery via the existing adapter — Hermes can now read and post to Teams. (salvages of #21408–#21411) ([#21922](https://github.com/NousResearch/hermes-agent/pull/21922), [#21969](https://github.com/NousResearch/hermes-agent/pull/21969), [#22007](https://github.com/NousResearch/hermes-agent/pull/22007), [#22024](https://github.com/NousResearch/hermes-agent/pull/22024))
+- **Cold-start performance wave — ~19 seconds off `hermes` launch** — Running `hermes` used to make you wait through a chunk of import overhead and network calls before you saw a prompt. Now the launch path is mostly deferred: heavy adapters only load when you use them, model catalogs come from disk cache first, doctor checks run in parallel, and `chat -q` skips the welcome banner entirely. The `hermes tools` All-Platforms screen alone dropped from 14 seconds to under 1.5 seconds. ([#22138](https://github.com/NousResearch/hermes-agent/pull/22138), [#22120](https://github.com/NousResearch/hermes-agent/pull/22120), [#22681](https://github.com/NousResearch/hermes-agent/pull/22681), [#22790](https://github.com/NousResearch/hermes-agent/pull/22790), [#22808](https://github.com/NousResearch/hermes-agent/pull/22808), [#22831](https://github.com/NousResearch/hermes-agent/pull/22831), [#22859](https://github.com/NousResearch/hermes-agent/pull/22859), [#22904](https://github.com/NousResearch/hermes-agent/pull/22904), [#22766](https://github.com/NousResearch/hermes-agent/pull/22766), [#25341](https://github.com/NousResearch/hermes-agent/pull/25341))

- **`/handoff` actually transfers the session live** — the agent's active session moves to a different model / persona / profile mid-conversation, with messages, tool history, and context preserved. ([#23395](https://github.com/NousResearch/hermes-agent/pull/23395))
+- **Two new messaging platforms — LINE + SimpleX Chat** — LINE is huge in Japan, Korea, and Taiwan, and now Hermes runs natively on the LINE Messaging API. SimpleX Chat is the privacy-focused decentralized messenger with no user IDs — also wired up as a first-class platform. That brings Hermes to 22 messaging platforms total, so wherever you and your team chat, the agent can be there. ([#23197](https://github.com/NousResearch/hermes-agent/pull/23197), [#26232](https://github.com/NousResearch/hermes-agent/pull/26232))

- **`x_search` — first-class X (Twitter) search tool** — gated tool with OAuth-or-API-key auth, no skill needed to query the timeline. ([#26763](https://github.com/NousResearch/hermes-agent/pull/26763))
+- **`/handoff` actually transfers the session live** — Switching models or personalities mid-conversation used to mean losing context or starting over. Now `/handoff` moves your active session — every message, every tool call, every piece of context — to the target model, persona, or profile, live, without dropping anything. Mid-debugging hand off from a fast model to a deep-reasoning one, or pass a session between profiles for different parts of a task. ([#23395](https://github.com/NousResearch/hermes-agent/pull/23395))

- **`vision_analyze` returns pixels to vision-capable models** — when the active model can see, `vision_analyze` now hands the image straight through instead of falling back to a text description. ([#22955](https://github.com/NousResearch/hermes-agent/pull/22955))
+- **Native button UI for `clarify` on Telegram and Discord** — When the agent uses the `clarify` tool to ask you a multiple-choice question, it now shows real platform-native buttons on Telegram and Discord instead of asking you to type back the option number. Tap the button, the agent gets your answer. Especially nice on mobile. ([#24199](https://github.com/NousResearch/hermes-agent/pull/24199), [#25485](https://github.com/NousResearch/hermes-agent/pull/25485))

- **LSP semantic diagnostics on every write** — `write_file` and `patch` now run real language-server diagnostics on the post-edit file (delta-only) and surface real errors before they ship downstream. ([#24168](https://github.com/NousResearch/hermes-agent/pull/24168), [#25978](https://github.com/NousResearch/hermes-agent/pull/25978))
+- **Discord channel history backfill (default on)** — When Hermes joins a Discord channel or thread for the first time, it now reads the recent message history so it knows what's been said before it responds. No more "what are we talking about?" — the agent has the context that's already on screen for everyone else. ([#25984](https://github.com/NousResearch/hermes-agent/pull/25984))

- **Per-turn file-mutation verifier footer** — after every turn that wrote files, the agent gets a verifier footer summarizing what actually changed on disk — catches silent overwrites and "wrote it but it didn't land" bugs. ([#24498](https://github.com/NousResearch/hermes-agent/pull/24498))
+- **`vision_analyze` returns pixels to vision-capable models** — When you point the agent at an image with `vision_analyze` and the active model can actually see (GPT-5, Claude, Gemini, Grok-vision), Hermes now passes the raw pixels straight to the model instead of converting them to a text description first. You get the model's actual visual reasoning instead of a degraded text-summary round-trip. ([#22955](https://github.com/NousResearch/hermes-agent/pull/22955))

- **Unified `video_generate` with pluggable provider backends** — single tool, any backend. Drop in a new video provider as a plugin, no core changes. ([#25126](https://github.com/NousResearch/hermes-agent/pull/25126))
+- **Per-turn file-mutation verifier footer** — After every turn that wrote or edited files, the agent now gets a short footer summarizing exactly what changed on disk — the file paths, the line counts, the actual delta. That means the agent catches its own mistakes when a write didn't land or got silently overwritten, instead of confidently telling you "I added the function" when the file wasn't actually saved. ([#24498](https://github.com/NousResearch/hermes-agent/pull/24498))

- **`computer_use` cua-driver backend** — proper focus-safe ops, non-Anthropic provider support, refresh on `hermes update`. Computer-use is no longer locked to a single SDK. (re-salvage of #16936) ([#21967](https://github.com/NousResearch/hermes-agent/pull/21967), [#24063](https://github.com/NousResearch/hermes-agent/pull/24063))
+- **LSP semantic diagnostics on every write** — When the agent uses `write_file` or `patch`, Hermes now runs a real language server against the edited file and surfaces any new errors back to the agent before the next turn. Type errors, undefined symbols, missing imports — caught immediately. Goes way beyond v0.13.0's basic Python/JSON/YAML/TOML linting because it's actual semantic analysis. ([#24168](https://github.com/NousResearch/hermes-agent/pull/24168), [#25978](https://github.com/NousResearch/hermes-agent/pull/25978))

- **xAI Grok OAuth provider — SuperGrok via subscription** — sign in with your xAI account, talk to Grok models from Hermes. ([#26534](https://github.com/NousResearch/hermes-agent/pull/26534))
+- **Unified `video_generate` with pluggable provider backends** — One tool, any video model. Hermes ships with the obvious backends already, but you can drop in a new video provider as a plugin without touching core. So when a new video model lands next month, it can be a one-file plugin instead of a fork. ([#25126](https://github.com/NousResearch/hermes-agent/pull/25126))

- **Clarify with buttons — native inline keyboards on Telegram + Discord** — the `clarify` tool renders multi-choice prompts as platform-native buttons instead of typed responses. ([#24199](https://github.com/NousResearch/hermes-agent/pull/24199), [#25485](https://github.com/NousResearch/hermes-agent/pull/25485))
+- **`computer_use` cua-driver backend — works with non-Anthropic models now** — Computer-use (the agent controlling your mouse and keyboard to drive GUI apps) used to be locked to Anthropic's SDK. The new cua-driver backend works with non-Anthropic providers too, has proper focus-safe operations, and refreshes itself on `hermes update`. Now any vision-capable model can drive your desktop. (re-salvage of #16936) ([#21967](https://github.com/NousResearch/hermes-agent/pull/21967), [#24063](https://github.com/NousResearch/hermes-agent/pull/24063))

- **Discord channel history backfill (default on)** — Hermes reads recent channel history when joining a thread so it actually knows what's been said. ([#25984](https://github.com/NousResearch/hermes-agent/pull/25984))
+- **Clickable URLs in any terminal** — Links in agent output are now real OSC8 hyperlinks with hover-highlight in any terminal that supports them. Click to open in your browser — no more copy-paste-trim of long URLs from the transcript. Just works in iTerm2, Kitty, Ghostty, modern Windows Terminal, etc. (@OutThisLife) ([#25071](https://github.com/NousResearch/hermes-agent/pull/25071), [#24013](https://github.com/NousResearch/hermes-agent/pull/24013))

- **Watchers skill — RSS / HTTP JSON / GitHub polling via cron `no_agent` mode** — skill recipes that wire change-detection sources directly into cron's script-only watchdog mode. ([#21881](https://github.com/NousResearch/hermes-agent/pull/21881))
+- **Zed ACP Registry — `uvx` install in one click** — Hermes is now listed in Zed's Agent Client Protocol registry, so Zed users can install it with one click. The install path uses `uvx` so there's no npm dependency. `hermes acp --setup-browser` bootstraps the browser tools for registry-driven installs. (salvage of [#25908](https://github.com/NousResearch/hermes-agent/pull/25908)) ([#26079](https://github.com/NousResearch/hermes-agent/pull/26079), [#26120](https://github.com/NousResearch/hermes-agent/pull/26120), [#26234](https://github.com/NousResearch/hermes-agent/pull/26234))

- **Zed ACP Registry integration + uvx distribution** — Hermes is in the Zed registry, installable via `uvx` (no npm). Plus `hermes acp --setup-browser` bootstraps browser tools for registry installs. (salvage of [#25908](https://github.com/NousResearch/hermes-agent/pull/25908)) ([#26079](https://github.com/NousResearch/hermes-agent/pull/26079), [#26120](https://github.com/NousResearch/hermes-agent/pull/26120), [#26234](https://github.com/NousResearch/hermes-agent/pull/26234))
+- **OpenRouter Pareto Code router with `min_coding_score` knob** — OpenRouter's "Pareto" router automatically picks the cheapest model that meets a minimum quality bar. The new `min_coding_score` config lets you set that bar for coding tasks specifically — Hermes routes to the most affordable model that's at least that good at code. Stop paying for top-tier models when a mid-tier one would do. ([#22838](https://github.com/NousResearch/hermes-agent/pull/22838))

- **OpenRouter Pareto Code router** — wire a new OpenRouter router with `min_coding_score` knob. Pick the cheapest model that meets your quality bar. ([#22838](https://github.com/NousResearch/hermes-agent/pull/22838))
+- **NovitaAI as a new model provider** — NovitaAI joins the provider lineup, giving you another option for open-source model hosting (Llama, Qwen, DeepSeek, etc.) with their pricing and rate limits. (salvage #7219) (@kshitijk4poor) ([#25507](https://github.com/NousResearch/hermes-agent/pull/25507))

- **Optional codex app-server runtime for OpenAI/Codex models** — drives the OpenAI Codex CLI under the hood for OpenAI/Codex paths, with session reuse, wedge retirement, and OAuth refresh classification. ([#24182](https://github.com/NousResearch/hermes-agent/pull/24182), [#25769](https://github.com/NousResearch/hermes-agent/pull/25769))
+- **Codex app-server runtime for OpenAI/Codex models** — An optional runtime that drives OpenAI's Codex CLI under the hood when you're using OpenAI or Codex paths. You get session reuse, automatic retirement of wedged sessions, and proper OAuth refresh classification — the kind of plumbing that makes long agentic runs not fall over. ([#24182](https://github.com/NousResearch/hermes-agent/pull/24182), [#25769](https://github.com/NousResearch/hermes-agent/pull/25769))

- **`hermes-skills/huggingface` as a trusted default tap** — community skills index from huggingface.co/skills is available by default in the Skills Hub. ([#26219](https://github.com/NousResearch/hermes-agent/pull/26219))
+- **`huggingface/skills` as a trusted default tap** — The community skills index hosted at huggingface.co/skills is now wired into the Skills Hub by default. So when somebody publishes a useful skill there, you can install it from your own `hermes skills` browser without any extra config. (closes #2549) ([#26219](https://github.com/NousResearch/hermes-agent/pull/26219))

- **9 new optional skills** — Hyperliquid (perp/spot trading via SDK + REST) (@kshitijk4poor & Hermes), Yahoo Finance market data, api-testing (REST/GraphQL debug), unified EVM multi-chain skill (folds #25291 + #2010 + base/), darwinian-evolver, osint-investigation (closes #355), pinggy-tunnel, watchers (RSS/HTTP/GitHub via cron), Notion overhaul for the Developer Platform (May 2026). ([#23582](https://github.com/NousResearch/hermes-agent/pull/23582), [#23583](https://github.com/NousResearch/hermes-agent/pull/23583), [#23590](https://github.com/NousResearch/hermes-agent/pull/23590), [#25299](https://github.com/NousResearch/hermes-agent/pull/25299), [#26760](https://github.com/NousResearch/hermes-agent/pull/26760), [#26729](https://github.com/NousResearch/hermes-agent/pull/26729), [#26765](https://github.com/NousResearch/hermes-agent/pull/26765), [#21881](https://github.com/NousResearch/hermes-agent/pull/21881), [#26612](https://github.com/NousResearch/hermes-agent/pull/26612))
+- **9 new optional skills** — Hyperliquid (perp + spot trading via the SDK and REST API), Yahoo Finance (live market data, fundamentals, historicals), api-testing (REST + GraphQL debug recipes), unified EVM multi-chain (one skill covers Ethereum + L2s + Base), darwinian-evolver (evolutionary prompt/skill tuning), osint-investigation (OSINT recipes for people / domains / orgs), pinggy-tunnel (expose local services to the public internet), watchers (polls RSS / HTTP JSON / GitHub via cron `no_agent` mode for change detection), and a full Notion overhaul for the May 2026 Developer Platform. ([#23582](https://github.com/NousResearch/hermes-agent/pull/23582), [#23583](https://github.com/NousResearch/hermes-agent/pull/23583), [#23590](https://github.com/NousResearch/hermes-agent/pull/23590), [#25299](https://github.com/NousResearch/hermes-agent/pull/25299), [#26760](https://github.com/NousResearch/hermes-agent/pull/26760), [#26729](https://github.com/NousResearch/hermes-agent/pull/26729), [#26765](https://github.com/NousResearch/hermes-agent/pull/26765), [#21881](https://github.com/NousResearch/hermes-agent/pull/21881), [#26612](https://github.com/NousResearch/hermes-agent/pull/26612))

- **API server exposes run approval events** — long-running runs surface approval requests over the API stream, no more silent stalls. (salvage of [#20311](https://github.com/NousResearch/hermes-agent/pull/20311)) ([#21899](https://github.com/NousResearch/hermes-agent/pull/21899))
+- **API server exposes run approval events** — If you're driving Hermes programmatically through the HTTP API, long-running runs no longer silently hang when the agent hits an approval-required command. The approval request now surfaces on the API stream so your client can prompt the user and reply — no more silent stalls. (salvage of [#20311](https://github.com/NousResearch/hermes-agent/pull/20311)) ([#21899](https://github.com/NousResearch/hermes-agent/pull/21899))

- **`/subgoal` — user-added criteria appended to active `/goal`** — layer extra success criteria onto a running goal loop. The judge sees them in the prompt, no behavior change when subgoals are empty. ([#25449](https://github.com/NousResearch/hermes-agent/pull/25449))
+- **Plugins can run any LLM call via `ctx.llm` + replace built-in tools via `tool_override`** — If you're writing a Hermes plugin, you now get first-class access to make LLM calls through the active provider and credentials — no manual client wiring. The new `tool_override` flag lets a plugin swap out a built-in tool with its own implementation cleanly. Plugin authors get the same model-routing and auth plumbing the core agent uses. (closes #11049) ([#23194](https://github.com/NousResearch/hermes-agent/pull/23194), [#26759](https://github.com/NousResearch/hermes-agent/pull/26759))

- **Plugins can run any LLM call via `ctx.llm`** — plugins get a first-class hook to make their own LLM requests through the active provider/credentials, no manual wiring. Plus `tool_override` flag for replacing built-in tools. ([#23194](https://github.com/NousResearch/hermes-agent/pull/23194), [#26759](https://github.com/NousResearch/hermes-agent/pull/26759))
+- **Brave Search (free tier) + DuckDuckGo (DDGS) as web-search providers** — Two new free web-search backends join Tavily, SearXNG, and Exa. Brave Search has a generous free tier; DDGS is the DuckDuckGo scraper that needs no key at all. Pick whichever fits your budget and rate-limit needs. ([#21337](https://github.com/NousResearch/hermes-agent/pull/21337))

- **Brave Search (free tier) + DuckDuckGo (DDGS) as web-search providers** — two new free search backends alongside Tavily / SearXNG / Exa. ([#21337](https://github.com/NousResearch/hermes-agent/pull/21337))
+- **Sudo brute-force block + 3 dangerous-command bypasses closed + tool-error sanitization** — The approval gate now blocks `sudo -S` brute-force attempts and classifies stdin-fed or askpass-stripped sudo invocations as DANGEROUS. Three known bypasses of dangerous-command detection are closed (inspired by Claude Code's command-detection work). And tool error strings are now sanitized before being re-injected into the model context, so a malicious file or remote service can't pass instructions to your agent through error output. ([#23736](https://github.com/NousResearch/hermes-agent/pull/23736), [#26829](https://github.com/NousResearch/hermes-agent/pull/26829), [#26823](https://github.com/NousResearch/hermes-agent/pull/26823))

- **Sudo brute-force block + sudo-stdin/askpass DANGEROUS classification** — closes the `sudo -S` brute-force avenue; approval gates classify stdin-fed and askpass-stripped sudo invocations as dangerous. (salvages of #22194 + #21128) ([#23736](https://github.com/NousResearch/hermes-agent/pull/23736))
+- **`/subgoal` — user-added criteria appended to an active `/goal`** — When you've got a `/goal` running (the persistent Ralph-loop goal where the agent keeps going until criteria are met), you can now use `/subgoal <text>` to layer extra success criteria onto it mid-run. The judge factors your new criteria into the done-or-keep-going decision without restarting the loop. ([#25449](https://github.com/NousResearch/hermes-agent/pull/25449))

- **Provider rename — Alibaba Cloud → Qwen Cloud, picker reorder** — matches what the world calls it. Existing config keys still work. ([#24835](https://github.com/NousResearch/hermes-agent/pull/24835))
+- **Provider rename — Alibaba Cloud → Qwen Cloud** — The Alibaba Cloud provider is renamed to Qwen Cloud in the picker and config to match what the rest of the world calls it. Existing config keys still work — no breaking changes — but the UI matches the actual brand now. ([#24835](https://github.com/NousResearch/hermes-agent/pull/24835))
+
+- **Native Windows support (early beta)** — Hermes now runs natively on `cmd.exe` and PowerShell without WSL. A full PowerShell installer handles MinGit auto-install, Microsoft Store python stub detection, and the foreground Ctrl+C dance. There's still rough edges (this is the "early beta" stamp) — ~40 follow-up Windows-only fixes already landed in the window — but the basic loop works end-to-end on a clean Windows box. ([#21561](https://github.com/NousResearch/hermes-agent/pull/21561))


 ---
--- a/_build_backend.py
+++ b/_build_backend.py
@@ -0,0 +1,183 @@
+"""Custom PEP 517 build backend for hermes-agent.
+
+At wheel build time, rewrites [project.optional-dependencies] so that
+plugin extras (e.g. ``anthropic = ["hermes-agent-anthropic"]``) are
+inlined with the actual deps from each plugin's pyproject.toml.
+
+In the source repo (and on Nix), uv resolves workspace members natively
+so this backend is NOT used — it's only invoked when building a wheel
+for PyPI publication.
+
+Usage in pyproject.toml::
+
+    [build-system]
+    requires = ["setuptools>=61.0"]
+    build-backend = "_build_backend"
+    backend-path = ["."]
+
+How it works:
+1.  ``build_wheel`` intercepts the call before setuptools sees pyproject.toml.
+2.  It reads the workspace member dirs from [tool.uv.workspace].members.
+3.  For each member, it reads the member's pyproject.toml and extracts
+    ``project.dependencies`` (excluding the ``hermes-agent`` base dep).
+4.  It rewrites the main pyproject.toml's optional-dependencies to inline
+    those deps instead of the workspace member references.
+5.  It writes a temporary pyproject.toml, delegates to
+    ``setuptools.build_meta.build_wheel``, then restores the original.
+"""
+
+from __future__ import annotations
+
+import os
+import shutil
+import tempfile
+from pathlib import Path
+from typing import Any
+
+import tomllib
+
+# The original setuptools backend we delegate to.
+_BACKEND = "setuptools.build_meta"
+
+
+def _load_pyproject(path: Path) -> dict:
+    with path.open("rb") as f:
+        return tomllib.load(f)
+
+
+def _save_pyproject(path: Path, data: dict) -> None:
+    """Write a pyproject.toml. Uses a simple serializer since we only
+    need to preserve the structure enough for setuptools to parse."""
+    import tomli_w
+    with path.open("wb") as f:
+        tomli_w.dump(data, f)
+
+
+def _inline_plugin_deps(root: Path, data: dict) -> dict:
+    """Rewrite optional-dependencies to inline plugin deps.
+
+    Maps each plugin extra (e.g. ``anthropic = ["hermes-agent-anthropic"]``)
+    to the actual deps from that plugin's pyproject.toml, minus the
+    ``hermes-agent`` base dependency.
+    """
+    opt_deps = data.get("project", {}).get("optional-dependencies", {})
+    workspace = data.get("tool", {}).get("uv", {}).get("workspace", {})
+    members = workspace.get("members", [])
+
+    # Build a map: package name → (member_dir, pyproject_data)
+    pkg_to_deps: dict[str, list[str]] = {}
+    for member_glob in members:
+        for member_dir in sorted(root.glob(member_glob)):
+            pptoml = member_dir / "pyproject.toml"
+            if not pptoml.exists():
+                continue
+            member_data = _load_pyproject(pptoml)
+            pkg_name = member_data.get("project", {}).get("name", "")
+            if not pkg_name:
+                continue
+            # Extract deps, excluding the base hermes-agent dependency
+            raw_deps = member_data.get("project", {}).get("dependencies", [])
+            filtered = [
+                d for d in raw_deps
+                if not d.replace(" ", "").startswith("hermes-agent")
+            ]
+            pkg_to_deps[pkg_name] = filtered
+
+    # Rewrite optional-dependencies
+    new_opt_deps = {}
+    for extra_name, specs in opt_deps.items():
+        new_specs = []
+        for spec in specs:
+            # Check if this spec references a workspace member package
+            if spec in pkg_to_deps:
+                # Inline the plugin's deps
+                new_specs.extend(pkg_to_deps[spec])
+            else:
+                new_specs.append(spec)
+        new_opt_deps[extra_name] = new_specs
+
+    data["project"]["optional-dependencies"] = new_opt_deps
+
+    # Remove [tool.uv] section — it's not valid in a published wheel
+    if "uv" in data.get("tool", {}):
+        del data["tool"]["uv"]
+
+    return data
+
+
+# ---------------------------------------------------------------------------
+# PEP 517 hooks
+# ---------------------------------------------------------------------------
+
+def build_wheel(wheel_directory: str, config_settings: dict[str, Any] | None = None, metadata_directory: str | None = None) -> str:
+    """Build a wheel with inlined plugin deps."""
+    root = Path.cwd()
+    pyproject_path = root / "pyproject.toml"
+
+    # Read and rewrite
+    data = _load_pyproject(pyproject_path)
+    data = _inline_plugin_deps(root, data)
+
+    # Write a temporary pyproject.toml, build, then restore
+    backup = pyproject_path.with_suffix(".toml.bak")
+    shutil.copy2(pyproject_path, backup)
+    try:
+        _save_pyproject(pyproject_path, data)
+
+        # Delegate to setuptools
+        import importlib
+        backend = importlib.import_module(_BACKEND)
+        return backend.build_wheel(wheel_directory, config_settings)
+    finally:
+        shutil.copy2(backup, pyproject_path)
+        backup.unlink()
+
+
+def build_sdist(sdist_directory: str, config_settings: dict[str, Any] | None = None) -> str:
+    """Build an sdist — no rewriting needed."""
+    import importlib
+    backend = importlib.import_module(_BACKEND)
+    return backend.build_sdist(sdist_directory, config_settings)
+
+
+def get_requires_for_build_wheel(config_settings: dict[str, Any] | None = None) -> list[str]:
+    return ["setuptools>=61.0", "tomli_w"]
+
+
+def get_requires_for_build_sdist(config_settings: dict[str, Any] | None = None) -> list[str]:
+    return ["setuptools>=61.0"]
+
+
+def prepare_metadata_for_build_wheel(metadata_directory: str, config_settings: dict[str, Any] | None = None) -> str:
+    """Prepare metadata with inlined plugin deps."""
+    root = Path.cwd()
+    pyproject_path = root / "pyproject.toml"
+
+    data = _load_pyproject(pyproject_path)
+    data = _inline_plugin_deps(root, data)
+
+    backup = pyproject_path.with_suffix(".toml.bak")
+    shutil.copy2(pyproject_path, backup)
+    try:
+        _save_pyproject(pyproject_path, data)
+
+        import importlib
+        backend = importlib.import_module(_BACKEND)
+        return backend.prepare_metadata_for_build_wheel(metadata_directory, config_settings)
+    finally:
+        shutil.copy2(backup, pyproject_path)
+        backup.unlink()
+
+
+def build_editable(wheel_directory: str, config_settings: dict[str, Any] | None = None, metadata_directory: str | None = None) -> str:
+    """Build an editable install — no rewriting needed (dev mode)."""
+    import importlib
+    backend = importlib.import_module(_BACKEND)
+    kwargs: dict[str, Any] = {"config_settings": config_settings}
+    if metadata_directory is not None:
+        kwargs["metadata_directory"] = metadata_directory
+    return backend.build_editable(wheel_directory, **kwargs)
+
+
+def get_requires_for_build_editable(config_settings: dict[str, Any] | None = None) -> list[str]:
+    return ["setuptools>=61.0"]
--- a/agent/account_usage.py
+++ b/agent/account_usage.py
@@ -6,7 +6,9 @@ from typing import Any, Optional

 import httpx

-from agent.anthropic_adapter import _is_oauth_token, resolve_anthropic_token
+from agent.plugin_registries import registries
+_is_oauth_token = registries.get_provider_service("anthropic", "_is_oauth_token")
+resolve_anthropic_token = registries.get_provider_service("anthropic", "resolve_anthropic_token")
 from hermes_cli.auth import _read_codex_tokens, resolve_codex_runtime_credentials
 from hermes_cli.runtime_provider import resolve_runtime_provider

@@ -176,7 +178,7 @@ def _fetch_anthropic_account_usage() -> Optional[AccountUsageSnapshot]:
    token = (resolve_anthropic_token() or "").strip()
    if not token:
        return None
-    if not _is_oauth_token(token):
+    if _is_oauth_token is not None and not _is_oauth_token(token):
        return AccountUsageSnapshot(
            provider="anthropic",
            source="oauth_usage_api",
--- a/agent/agent_init.py
+++ b/agent/agent_init.py
@@ -401,7 +401,7 @@ def init_agent(
    agent.status_callback = status_callback
    agent.tool_gen_callback = tool_gen_callback

-    
+
    # Tool execution state — allows _vprint during tool execution
    # even when stream consumers are registered (no tokens streaming then)
    agent._executing_tools = False
@@ -434,12 +434,12 @@ def init_agent(
    # their tids explicitly.
    agent._tool_worker_threads: set[int] = set()
    agent._tool_worker_threads_lock = threading.Lock()
-    
+
    # Subagent delegation state
    agent._delegate_depth = 0        # 0 = top-level agent, incremented for children
    agent._active_children = []      # Running child AIAgents (for interrupt propagation)
    agent._active_children_lock = threading.Lock()
-    
+
    # Store OpenRouter provider preferences
    agent.providers_allowed = providers_allowed
    agent.providers_ignored = providers_ignored
@@ -452,7 +452,7 @@ def init_agent(
    # Store toolset filtering options
    agent.enabled_toolsets = enabled_toolsets
    agent.disabled_toolsets = disabled_toolsets
-    
+
    # Model response configuration
    agent.max_tokens = max_tokens  # None = use model default
    agent.reasoning_config = reasoning_config  # None = use default (medium for OpenRouter)
@@ -460,7 +460,7 @@ def init_agent(
    agent.request_overrides = dict(request_overrides or {})
    agent.prefill_messages = prefill_messages or []  # Prefilled conversation turns
    agent._force_ascii_payload = False
-    
+
    # Anthropic prompt caching: auto-enabled for Claude models on native
    # Anthropic, OpenRouter, and third-party gateways that speak the
    # Anthropic protocol (``api_mode == 'anthropic_messages'``). Reduces
@@ -532,7 +532,7 @@ def init_agent(
        # console. Any future noise reduction belongs at the
        # handler level inside hermes_logging.py, not here.
        pass
-    
+
    # Internal stream callback (set during streaming TTS).
    # Initialized here so _vprint can reference it before run_conversation.
    agent._stream_callback = None
@@ -582,12 +582,14 @@ def init_agent(
    _provider_timeout = get_provider_request_timeout(agent.provider, agent.model)

    if agent.api_mode == "anthropic_messages":
-        from agent.anthropic_adapter import build_anthropic_client, resolve_anthropic_token
+        from agent.plugin_registries import registries
+        build_anthropic_client = registries.get_provider_service("anthropic", "build_anthropic_client")
+        resolve_anthropic_token = registries.get_provider_service("anthropic", "resolve_anthropic_token")
        # Bedrock + Claude → use AnthropicBedrock SDK for full feature parity
        # (prompt caching, thinking budgets, adaptive thinking).
        _is_bedrock_anthropic = agent.provider == "bedrock"
        if _is_bedrock_anthropic:
-            from agent.anthropic_adapter import build_anthropic_bedrock_client
+            build_anthropic_bedrock_client = registries.get_provider_service("anthropic", "build_anthropic_bedrock_client")
            _region_match = re.search(r"bedrock-runtime\.([a-z0-9-]+)\.", base_url or "")
            _br_region = _region_match.group(1) if _region_match else "us-east-1"
            agent._bedrock_region = _br_region
@@ -641,8 +643,8 @@ def init_agent(
            # so injects Claude-Code identity headers and system prompts
            # that cause 401/403 on their endpoints.  Guards #1739 and
            # the third-party identity-injection bug.
-            from agent.anthropic_adapter import _is_oauth_token as _is_oat
-            agent._is_anthropic_oauth = _is_oat(effective_key) if (_is_native_anthropic and isinstance(effective_key, str)) else False
+            _is_oauth_token = registries.get_provider_service("anthropic", "_is_oauth_token")
+            agent._is_anthropic_oauth = _is_oauth_token(effective_key) if (_is_oauth_token is not None and _is_native_anthropic and isinstance(effective_key, str)) else False
            agent._anthropic_client = build_anthropic_client(effective_key, base_url, timeout=_provider_timeout)
            # No OpenAI client needed for Anthropic mode
            agent.client = None
@@ -654,9 +656,10 @@ def init_agent(
                # The Anthropic adapter installs an httpx event hook
                # that mints a fresh JWT per request — we never
                # invoke or inspect the callable in the banner.
-                from agent.azure_identity_adapter import is_token_provider
+                from agent.plugin_registries import registries
+                is_token_provider = registries.get_provider_service("azure", "is_token_provider")

-                if is_token_provider(effective_key):
+                if is_token_provider and is_token_provider(effective_key):
                    print("🔑 Using credentials: Microsoft Entra ID")
                elif isinstance(effective_key, str) and len(effective_key) > 12:
                    print(f"🔑 Using token: {effective_key[:8]}...{effective_key[-4:]}")
@@ -866,10 +869,11 @@ def init_agent(
                # provider (Azure Foundry). The OpenAI SDK mints a
                # fresh JWT per request internally — the banner
                # never invokes or inspects the callable.
-                from agent.azure_identity_adapter import is_token_provider
+                from agent.plugin_registries import registries
+                is_token_provider = registries.get_provider_service("azure", "is_token_provider")

                key_used = client_kwargs.get("api_key", "none")
-                if is_token_provider(key_used):
+                if is_token_provider and is_token_provider(key_used):
                    print("🔑 Using credentials: Microsoft Entra ID")
                elif isinstance(key_used, str) and key_used and key_used != "dummy-key" and len(key_used) > 12:
                    print(f"🔑 Using API key: {key_used[:8]}...{key_used[-4:]}")
@@ -877,7 +881,7 @@ def init_agent(
                    print("⚠️  Warning: API key appears invalid or missing")
        except Exception as e:
            raise RuntimeError(f"Failed to initialize OpenAI client: {e}")
-    
+
    # Provider fallback chain — ordered list of backup providers tried
    # when the primary is exhausted (rate-limit, overload, connection
    # failure).  Supports both legacy single-dict ``fallback_model`` and
@@ -909,7 +913,7 @@ def init_agent(
        disabled_toolsets=disabled_toolsets,
        quiet_mode=agent.quiet_mode,
    )
-    
+
    # Show tool configuration and store valid tool names for validation
    agent.valid_tool_names = set()
    if agent.tools:
@@ -942,16 +946,16 @@ def init_agent(
        missing_reqs = [name for name, available in requirements.items() if not available]
        if missing_reqs:
            print(f"⚠️  Some tools may not work due to missing requirements: {missing_reqs}")
-    
+
    # Show trajectory saving status
    if agent.save_trajectories and not agent.quiet_mode:
        print("📝 Trajectory saving enabled")
-    
+
    # Show ephemeral system prompt status
    if agent.ephemeral_system_prompt and not agent.quiet_mode:
        prompt_preview = agent.ephemeral_system_prompt[:60] + "..." if len(agent.ephemeral_system_prompt) > 60 else agent.ephemeral_system_prompt
        print(f"🔒 Ephemeral system prompt: '{prompt_preview}' (not saved to trajectories)")
-    
+
    # Show prompt caching status
    if agent._use_prompt_caching and not agent.quiet_mode:
        if agent._use_native_cache_layout and agent.provider == "anthropic":
@@ -961,7 +965,7 @@ def init_agent(
        else:
            source = "Claude via OpenRouter"
        print(f"💾 Prompt caching: ENABLED ({source}, {agent._cache_ttl} TTL)")
-    
+
    # Session logging setup - auto-save conversation trajectories for debugging
    agent.session_start = datetime.now()
    if session_id:
@@ -1001,7 +1005,7 @@ def init_agent(
        pass
    # logs_dir is retained unconditionally for request_dump_*.json (debug
    # breadcrumb path written by agent_runtime_helpers.dump_api_request_debug).
-    
+
    # Track conversation messages for session logging
    agent._session_messages: List[Dict[str, Any]] = []
    # Responses encrypted reasoning replay state.  Some OpenAI-compatible
@@ -1013,10 +1017,10 @@ def init_agent(
    agent._codex_reasoning_replay_enabled = True
    agent._memory_write_origin = "assistant_tool"
    agent._memory_write_context = "foreground"
-    
+
    # Cached system prompt -- built once per session, only rebuilt on compression
    agent._cached_system_prompt: Optional[str] = None
-    
+
    # Filesystem checkpoint manager (transparent — not a tool)
    from tools.checkpoint_manager import CheckpointManager
    agent._checkpoint_mgr = CheckpointManager(
@@ -1025,7 +1029,7 @@ def init_agent(
        max_total_size_mb=checkpoint_max_total_size_mb,
        max_file_size_mb=checkpoint_max_file_size_mb,
    )
-    
+
    # SQLite session store (optional -- provided by CLI or gateway)
    agent._session_db = session_db
    agent._parent_session_id = parent_session_id
@@ -1036,11 +1040,11 @@ def init_agent(
        "reasoning_config": reasoning_config,
        "max_tokens": max_tokens,
    }
-    
+
    # In-memory todo list for task planning (one per agent/session)
    from tools.todo_tool import TodoStore
    agent._todo_store = TodoStore()
-    
+
    # Load config once for memory, skills, and compression sections
    try:
        from hermes_cli.config import load_config as _load_agent_config
@@ -1082,7 +1086,7 @@ def init_agent(
                agent._memory_store.load_from_disk()
        except Exception:
            pass  # Memory is optional -- don't break agent init
-    
+


    # Memory provider plugin (external — one at a time, alongside built-in)
@@ -1553,7 +1557,7 @@ def init_agent(
    agent.session_estimated_cost_usd = 0.0
    agent.session_cost_status = "unknown"
    agent.session_cost_source = "none"
-    
+
    # ── Ollama num_ctx injection ──
    # Ollama defaults to 2048 context regardless of the model's capabilities.
    # When running against an Ollama server, detect the model's max context
--- a/agent/agent_runtime_helpers.py
+++ b/agent/agent_runtime_helpers.py
@@ -759,7 +759,8 @@ def try_recover_primary_transport(
        agent.api_key = rt["api_key"]

        if agent.api_mode == "anthropic_messages":
-            from agent.anthropic_adapter import build_anthropic_client
+            from agent.plugin_registries import registries
+            build_anthropic_client = registries.get_provider_service("anthropic", "build_anthropic_client")
            agent._anthropic_api_key = rt["anthropic_api_key"]
            agent._anthropic_base_url = rt["anthropic_base_url"]
            agent._anthropic_client = build_anthropic_client(
@@ -923,7 +924,8 @@ def restore_primary_runtime(agent) -> bool:

        # ── Rebuild client for the primary provider ──
        if agent.api_mode == "anthropic_messages":
-            from agent.anthropic_adapter import build_anthropic_client
+            from agent.plugin_registries import registries
+            build_anthropic_client = registries.get_provider_service("anthropic", "build_anthropic_client")
            agent._anthropic_api_key = rt["anthropic_api_key"]
            agent._anthropic_base_url = rt["anthropic_base_url"]
            agent._anthropic_client = build_anthropic_client(
@@ -1429,11 +1431,10 @@ def switch_model(agent, new_model, new_provider, api_key='', base_url='', api_mo

        # ── Build new client ──
        if api_mode == "anthropic_messages":
-            from agent.anthropic_adapter import (
-                build_anthropic_client,
-                resolve_anthropic_token,
-                _is_oauth_token,
-            )
+            from agent.plugin_registries import registries
+            build_anthropic_client = registries.get_provider_service("anthropic", "build_anthropic_client")
+            resolve_anthropic_token = registries.get_provider_service("anthropic", "resolve_anthropic_token")
+            _is_oauth_token = registries.get_provider_service("anthropic", "_is_oauth_token")
            # Only fall back to ANTHROPIC_TOKEN when the provider is actually Anthropic.
            # Other anthropic_messages providers (MiniMax, Alibaba, etc.) must use their own
            # API key — falling back would send Anthropic credentials to third-party endpoints.
--- a/agent/anthropic_aux.py
+++ b/agent/anthropic_aux.py
@@ -0,0 +1,166 @@
+"""Anthropic auxiliary client wrappers — core module, no SDK dependency.
+
+Provides OpenAI-client-compatible shims over native Anthropic SDK clients,
+so auxiliary tasks (compression, vision, web extract, etc.) can call
+``client.chat.completions.create()`` regardless of the underlying SDK.
+
+The wrapper classes themselves never import the anthropic SDK.  They delegate
+wire-format conversion to :mod:`agent.anthropic_format` and response
+normalization to the ``anthropic_messages`` transport registered in
+:mod:`agent.transports`.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import logging
+from types import SimpleNamespace
+from typing import Any, Optional
+
+from agent.anthropic_format import (
+    build_anthropic_kwargs,
+    _forbids_sampling_params,
+)
+
+logger = logging.getLogger(__name__)
+
+
+# ---------------------------------------------------------------------------
+# Adapter: Anthropic SDK → OpenAI-compatible completions.create()
+# ---------------------------------------------------------------------------
+
+class _AnthropicCompletionsAdapter:
+    """OpenAI-client-compatible adapter for Anthropic Messages API."""
+
+    def __init__(self, real_client: Any, model: str, is_oauth: bool = False):
+        self._client = real_client
+        self._model = model
+        self._is_oauth = is_oauth
+
+    def create(self, **kwargs) -> Any:
+        from agent.transports import get_transport
+
+        messages = kwargs.get("messages", [])
+        model = kwargs.get("model", self._model)
+        tools = kwargs.get("tools")
+        tool_choice = kwargs.get("tool_choice")
+        # ZAI's Anthropic-compatible endpoint rejects max_tokens on vision
+        # models (glm-4v-flash etc.) with error code 1210.  When the caller
+        # signals this by setting _skip_zai_max_tokens in kwargs, omit it.
+        _skip_mt = kwargs.pop("_skip_zai_max_tokens", False)
+        if _skip_mt:
+            max_tokens = None
+        else:
+            max_tokens = kwargs.get("max_tokens") or kwargs.get("max_completion_tokens") or 2000
+        temperature = kwargs.get("temperature")
+
+        normalized_tool_choice = None
+        if isinstance(tool_choice, str):
+            normalized_tool_choice = tool_choice
+        elif isinstance(tool_choice, dict):
+            choice_type = str(tool_choice.get("type", "")).lower()
+            if choice_type == "function":
+                normalized_tool_choice = tool_choice.get("function", {}).get("name")
+            elif choice_type in {"auto", "required", "none"}:
+                normalized_tool_choice = choice_type
+
+        anthropic_kwargs = build_anthropic_kwargs(
+            model=model,
+            messages=messages,
+            tools=tools,
+            max_tokens=max_tokens,
+            reasoning_config=None,
+            tool_choice=normalized_tool_choice,
+            is_oauth=self._is_oauth,
+        )
+        # Opus 4.7+ rejects any non-default temperature/top_p/top_k; only set
+        # temperature for models that still accept it. build_anthropic_kwargs
+        # additionally strips these keys as a safety net — keep both layers.
+        if temperature is not None:
+            if not _forbids_sampling_params(model):
+                anthropic_kwargs["temperature"] = temperature
+
+        response = self._client.messages.create(**anthropic_kwargs)
+        _transport = get_transport("anthropic_messages")
+        _nr = _transport.normalize_response(
+            response, strip_tool_prefix=self._is_oauth
+        )
+
+        assistant_message = SimpleNamespace(
+            content=_nr.content,
+            tool_calls=_nr.tool_calls,
+            reasoning=_nr.reasoning,
+        )
+        finish_reason = _nr.finish_reason
+
+        usage = None
+        if hasattr(response, "usage") and response.usage:
+            prompt_tokens = getattr(response.usage, "input_tokens", 0) or 0
+            completion_tokens = getattr(response.usage, "output_tokens", 0) or 0
+            total_tokens = getattr(response.usage, "total_tokens", 0) or (prompt_tokens + completion_tokens)
+            usage = SimpleNamespace(
+                prompt_tokens=prompt_tokens,
+                completion_tokens=completion_tokens,
+                total_tokens=total_tokens,
+            )
+
+        choice = SimpleNamespace(
+            index=0,
+            message=assistant_message,
+            finish_reason=finish_reason,
+        )
+        return SimpleNamespace(
+            choices=[choice],
+            model=model,
+            usage=usage,
+        )
+
+
+class _AnthropicChatShim:
+    def __init__(self, adapter: _AnthropicCompletionsAdapter):
+        self.completions = adapter
+
+
+# ---------------------------------------------------------------------------
+# Public wrappers
+# ---------------------------------------------------------------------------
+
+class AnthropicAuxiliaryClient:
+    """OpenAI-client-compatible wrapper over a native Anthropic client."""
+
+    def __init__(self, real_client: Any, model: str, api_key: str, base_url: str, is_oauth: bool = False):
+        self._real_client = real_client
+        adapter = _AnthropicCompletionsAdapter(real_client, model, is_oauth=is_oauth)
+        self.chat = _AnthropicChatShim(adapter)
+        self.api_key = api_key
+        self.base_url = base_url
+
+    def close(self):
+        close_fn = getattr(self._real_client, "close", None)
+        if callable(close_fn):
+            close_fn()
+
+
+class _AsyncAnthropicCompletionsAdapter:
+    def __init__(self, sync_adapter: _AnthropicCompletionsAdapter):
+        self._sync = sync_adapter
+
+    async def create(self, **kwargs) -> Any:
+        return await asyncio.to_thread(self._sync.create, **kwargs)
+
+
+class _AsyncAnthropicChatShim:
+    def __init__(self, adapter: _AsyncAnthropicCompletionsAdapter):
+        self.completions = adapter
+
+
+class AsyncAnthropicAuxiliaryClient:
+    def __init__(self, sync_wrapper: AnthropicAuxiliaryClient):
+        sync_adapter = sync_wrapper.chat.completions
+        async_adapter = _AsyncAnthropicCompletionsAdapter(sync_adapter)
+        self.chat = _AsyncAnthropicChatShim(async_adapter)
+        self.api_key = sync_wrapper.api_key
+        self.base_url = sync_wrapper.base_url
+        # Mirror _real_client so cache eviction on a poisoned underlying
+        # client also drops this entry.
+        self._real_client = sync_wrapper._real_client
--- a/agent/anthropic_adapter.py
+++ b/agent/anthropic_adapter.py
--- a/agent/auxiliary_client.py
+++ b/agent/auxiliary_client.py
@@ -106,6 +106,41 @@ from utils import base_url_host_matches, base_url_hostname, normalize_proxy_env_

 logger = logging.getLogger(__name__)

+# ---------------------------------------------------------------------------
+# Core anthropic wire-format modules (no SDK dependency)
+# ---------------------------------------------------------------------------
+
+from agent.anthropic_aux import (  # noqa: F401
+    AnthropicAuxiliaryClient,
+    AsyncAnthropicAuxiliaryClient,
+)
+
+# ---------------------------------------------------------------------------
+# Plugin-registry helper — access *plugin-provided* anthropic services
+# (resolve.py functions: maybe_wrap_anthropic, is_anthropic_compat_endpoint, etc.)
+# Wire-format code (message conversion, aux client wrappers) lives in core
+# and is imported directly above.
+# ---------------------------------------------------------------------------
+
+def _anthropic_plugin_service(name: str):
+    """Lazy accessor for anthropic plugin resolve services.
+
+    Only the SDK-dependent orchestration (maybe_wrap_anthropic,
+    is_anthropic_compat_endpoint, convert_openai_images_to_anthropic) lives
+    in the plugin.  Core accesses it through
+    ``registries.get_provider_service("anthropic", name)`` so that:
+      - Core never imports from a plugin package directly.
+      - The plugin need only be installed when the user actually uses it.
+    """
+    from agent.plugin_registries import registries
+    svc = registries.get_provider_service("anthropic", name)
+    if svc is None:
+        raise ImportError(
+            f"anthropic plugin service {name!r} not available — "
+            f"the hermes_agent_anthropic package may not be installed"
+        )
+    return svc
+

 def _safe_isinstance(obj: Any, maybe_type: Any) -> bool:
    """Return False instead of raising when a patched symbol is not a type."""
@@ -115,6 +150,35 @@ def _safe_isinstance(obj: Any, maybe_type: Any) -> bool:
        return False


+def _is_async_client(client: Any) -> bool:
+    """Check whether *client* is already an async-capable auxiliary client.
+
+    Covers AsyncAnthropicAuxiliaryClient, AsyncCodexAuxiliaryClient,
+    AsyncGeminiNativeClient, and CopilotACPClient (which is natively async).
+    """
+    if _safe_isinstance(client, AsyncCodexAuxiliaryClient):
+        return True
+    try:
+        from agent.anthropic_aux import AsyncAnthropicAuxiliaryClient
+        if _safe_isinstance(client, AsyncAnthropicAuxiliaryClient):
+            return True
+    except ImportError:
+        pass
+    try:
+        from agent.gemini_native_adapter import AsyncGeminiNativeClient
+        if _safe_isinstance(client, AsyncGeminiNativeClient):
+            return True
+    except ImportError:
+        pass
+    try:
+        from agent.copilot_acp_client import CopilotACPClient
+        if _safe_isinstance(client, CopilotACPClient):
+            return True
+    except ImportError:
+        pass
+    return False
+
+
 def _extract_url_query_params(url: str):
    """Extract query params from URL, return (clean_url, default_query dict or None)."""
    parsed = urlparse(url)
@@ -417,7 +481,6 @@ auxiliary_is_nous: bool = False
 _OPENROUTER_MODEL = "google/gemini-3-flash-preview"
 _NOUS_MODEL = "google/gemini-3-flash-preview"
 _NOUS_DEFAULT_BASE_URL = "https://inference-api.nousresearch.com/v1"
-_ANTHROPIC_DEFAULT_BASE_URL = "https://api.anthropic.com"
 _AUTH_JSON_PATH = get_hermes_home() / "auth.json"

 # Codex OAuth endpoint used when a caller explicitly requests
@@ -956,253 +1019,6 @@ class AsyncCodexAuxiliaryClient:
        self._real_client = sync_wrapper._real_client


-class _AnthropicCompletionsAdapter:
-    """OpenAI-client-compatible adapter for Anthropic Messages API."""
-
-    def __init__(self, real_client: Any, model: str, is_oauth: bool = False):
-        self._client = real_client
-        self._model = model
-        self._is_oauth = is_oauth
-
-    def create(self, **kwargs) -> Any:
-        from agent.anthropic_adapter import build_anthropic_kwargs
-        from agent.transports import get_transport
-
-        messages = kwargs.get("messages", [])
-        model = kwargs.get("model", self._model)
-        tools = kwargs.get("tools")
-        tool_choice = kwargs.get("tool_choice")
-        # ZAI's Anthropic-compatible endpoint rejects max_tokens on vision
-        # models (glm-4v-flash etc.) with error code 1210.  When the caller
-        # signals this by setting _skip_zai_max_tokens in kwargs, omit it.
-        _skip_mt = kwargs.pop("_skip_zai_max_tokens", False)
-        if _skip_mt:
-            max_tokens = None
-        else:
-            max_tokens = kwargs.get("max_tokens") or kwargs.get("max_completion_tokens") or 2000
-        temperature = kwargs.get("temperature")
-
-        normalized_tool_choice = None
-        if isinstance(tool_choice, str):
-            normalized_tool_choice = tool_choice
-        elif isinstance(tool_choice, dict):
-            choice_type = str(tool_choice.get("type", "")).lower()
-            if choice_type == "function":
-                normalized_tool_choice = tool_choice.get("function", {}).get("name")
-            elif choice_type in {"auto", "required", "none"}:
-                normalized_tool_choice = choice_type
-
-        anthropic_kwargs = build_anthropic_kwargs(
-            model=model,
-            messages=messages,
-            tools=tools,
-            max_tokens=max_tokens,
-            reasoning_config=None,
-            tool_choice=normalized_tool_choice,
-            is_oauth=self._is_oauth,
-        )
-        # Opus 4.7+ rejects any non-default temperature/top_p/top_k; only set
-        # temperature for models that still accept it. build_anthropic_kwargs
-        # additionally strips these keys as a safety net — keep both layers.
-        if temperature is not None:
-            from agent.anthropic_adapter import _forbids_sampling_params
-            if not _forbids_sampling_params(model):
-                anthropic_kwargs["temperature"] = temperature
-
-        response = self._client.messages.create(**anthropic_kwargs)
-        _transport = get_transport("anthropic_messages")
-        _nr = _transport.normalize_response(
-            response, strip_tool_prefix=self._is_oauth
-        )
-
-        # ToolCall already duck-types as OpenAI shape (.type, .function.name,
-        # .function.arguments) via properties, so no wrapping needed.
-        assistant_message = SimpleNamespace(
-            content=_nr.content,
-            tool_calls=_nr.tool_calls,
-            reasoning=_nr.reasoning,
-        )
-        finish_reason = _nr.finish_reason
-
-        usage = None
-        if hasattr(response, "usage") and response.usage:
-            prompt_tokens = getattr(response.usage, "input_tokens", 0) or 0
-            completion_tokens = getattr(response.usage, "output_tokens", 0) or 0
-            total_tokens = getattr(response.usage, "total_tokens", 0) or (prompt_tokens + completion_tokens)
-            usage = SimpleNamespace(
-                prompt_tokens=prompt_tokens,
-                completion_tokens=completion_tokens,
-                total_tokens=total_tokens,
-            )
-
-        choice = SimpleNamespace(
-            index=0,
-            message=assistant_message,
-            finish_reason=finish_reason,
-        )
-        return SimpleNamespace(
-            choices=[choice],
-            model=model,
-            usage=usage,
-        )
-
-
-class _AnthropicChatShim:
-    def __init__(self, adapter: _AnthropicCompletionsAdapter):
-        self.completions = adapter
-
-
-class AnthropicAuxiliaryClient:
-    """OpenAI-client-compatible wrapper over a native Anthropic client."""
-
-    def __init__(self, real_client: Any, model: str, api_key: str, base_url: str, is_oauth: bool = False):
-        self._real_client = real_client
-        adapter = _AnthropicCompletionsAdapter(real_client, model, is_oauth=is_oauth)
-        self.chat = _AnthropicChatShim(adapter)
-        self.api_key = api_key
-        self.base_url = base_url
-
-    def close(self):
-        close_fn = getattr(self._real_client, "close", None)
-        if callable(close_fn):
-            close_fn()
-
-
-class _AsyncAnthropicCompletionsAdapter:
-    def __init__(self, sync_adapter: _AnthropicCompletionsAdapter):
-        self._sync = sync_adapter
-
-    async def create(self, **kwargs) -> Any:
-        import asyncio
-        return await asyncio.to_thread(self._sync.create, **kwargs)
-
-
-class _AsyncAnthropicChatShim:
-    def __init__(self, adapter: _AsyncAnthropicCompletionsAdapter):
-        self.completions = adapter
-
-
-class AsyncAnthropicAuxiliaryClient:
-    def __init__(self, sync_wrapper: "AnthropicAuxiliaryClient"):
-        sync_adapter = sync_wrapper.chat.completions
-        async_adapter = _AsyncAnthropicCompletionsAdapter(sync_adapter)
-        self.chat = _AsyncAnthropicChatShim(async_adapter)
-        self.api_key = sync_wrapper.api_key
-        self.base_url = sync_wrapper.base_url
-        # See AsyncCodexAuxiliaryClient: mirror _real_client so cache
-        # eviction on a poisoned underlying client also drops this entry.
-        self._real_client = sync_wrapper._real_client
-
-
-def _endpoint_speaks_anthropic_messages(base_url: str) -> bool:
-    """True if the endpoint at ``base_url`` speaks the Anthropic Messages
-    protocol instead of OpenAI chat.completions.
-
-    Mirrors ``hermes_cli.runtime_provider._detect_api_mode_for_url`` so the
-    auxiliary client and the main agent stay in sync on transport selection.
-    Covers:
-
-    - Any URL ending in ``/anthropic`` (MiniMax, Zhipu GLM, LiteLLM proxies,
-      Anthropic-compatible gateways).
-    - ``api.kimi.com/coding`` (Kimi Coding Plan — the /coding route only
-      speaks Claude-Code's native Anthropic shape; ``chat.completions``
-      returns 404 on Anthropic-only model aliases like ``kimi-for-coding``).
-    - ``api.anthropic.com`` (native Anthropic).
-    """
-    normalized = (base_url or "").strip().lower().rstrip("/")
-    if not normalized:
-        return False
-    if normalized.endswith("/anthropic"):
-        return True
-    hostname = base_url_hostname(normalized)
-    if hostname == "api.anthropic.com":
-        return True
-    if hostname == "api.kimi.com" and "/coding" in normalized:
-        return True
-    return False
-
-
-def _maybe_wrap_anthropic(
-    client_obj: Any,
-    model: str,
-    api_key: str,
-    base_url: str,
-    api_mode: Optional[str] = None,
-) -> Any:
-    """Rewrap a plain OpenAI client in ``AnthropicAuxiliaryClient`` when
-    the endpoint actually speaks Anthropic Messages.
-
-    This is the single chokepoint for aux-client transport correction.
-    Runs at the end of every ``resolve_provider_client`` branch so that
-    api_key providers (Kimi Coding Plan), the ``custom`` endpoint, and
-    future /anthropic gateways all land on the right wire format
-    regardless of which branch built the client.
-
-    Returns ``client_obj`` unchanged when:
-
-    - It's already an Anthropic/Codex/Gemini/CopilotACP wrapper.
-    - The endpoint is an OpenAI-wire endpoint.
-    - ``api_mode`` is explicitly set to a non-Anthropic transport.
-    - The ``anthropic`` SDK is not installed (falls back to OpenAI wire).
-    """
-    # Already wrapped — don't double-wrap.
-    if _safe_isinstance(client_obj, AnthropicAuxiliaryClient):
-        return client_obj
-    # Other specialized adapters we should never re-dispatch.
-    if _safe_isinstance(client_obj, CodexAuxiliaryClient):
-        return client_obj
-    try:
-        from agent.gemini_native_adapter import GeminiNativeClient
-        if _safe_isinstance(client_obj, GeminiNativeClient):
-            return client_obj
-    except ImportError:
-        pass
-    try:
-        from agent.copilot_acp_client import CopilotACPClient
-        if _safe_isinstance(client_obj, CopilotACPClient):
-            return client_obj
-    except ImportError:
-        pass
-
-    # Explicit non-anthropic api_mode wins over URL heuristics.
-    if api_mode and api_mode != "anthropic_messages":
-        return client_obj
-
-    should_wrap = (
-        api_mode == "anthropic_messages"
-        or _endpoint_speaks_anthropic_messages(base_url)
-    )
-    if not should_wrap:
-        return client_obj
-
-    try:
-        from agent.anthropic_adapter import build_anthropic_client
-    except ImportError:
-        logger.warning(
-            "Endpoint %s speaks Anthropic Messages but the anthropic SDK is "
-            "not installed — falling back to OpenAI-wire (will likely 404).",
-            base_url,
-        )
-        return client_obj
-
-    try:
-        real_client = build_anthropic_client(api_key, base_url)
-    except Exception as exc:
-        logger.warning(
-            "Failed to build Anthropic client for %s (%s) — falling back to "
-            "OpenAI-wire client.", base_url, exc,
-        )
-        return client_obj
-
-    logger.debug(
-        "Auxiliary transport: wrapping client in AnthropicAuxiliaryClient "
-        "(model=%s, base_url=%s, api_mode=%s)",
-        model, base_url[:60] if base_url else "", api_mode or "auto-detected",
-    )
-    return AnthropicAuxiliaryClient(
-        real_client, model, api_key, base_url, is_oauth=False,
-    )
-

 def _read_nous_auth() -> Optional[dict]:
    """Read and validate ~/.hermes/auth.json for an active Nous provider.
@@ -1419,7 +1235,14 @@ def _resolve_api_key_provider() -> Tuple[Optional[OpenAI], Optional[str]]:
                    continue
            except ImportError:
                pass
-            return _try_anthropic()
+            # Delegate to the anthropic plugin resolver via the registry
+            from agent.plugin_registries import registries as _ar
+            _anthro_resolver = _ar.get_provider_resolver("anthropic")
+            if _anthro_resolver is not None:
+                _ac, _am = _anthro_resolver()
+                if _ac is not None:
+                    return _ac, _am
+            continue

        pool_present, entry = _select_pool_entry(provider_id)
        if pool_present:
@@ -1456,7 +1279,7 @@ def _resolve_api_key_provider() -> Tuple[Optional[OpenAI], Optional[str]]:
                except Exception:
                    pass
            _client = OpenAI(api_key=api_key, base_url=base_url, **extra)
-            _client = _maybe_wrap_anthropic(_client, model, api_key, raw_base_url)
+            _client = _anthropic_plugin_service("maybe_wrap_anthropic")(_client, model, api_key, raw_base_url)
            return _client, model

        creds = resolve_api_key_provider_credentials(provider_id)
@@ -1493,7 +1316,7 @@ def _resolve_api_key_provider() -> Tuple[Optional[OpenAI], Optional[str]]:
            except Exception:
                pass
        _client = OpenAI(api_key=api_key, base_url=base_url, **extra)
-        _client = _maybe_wrap_anthropic(_client, model, api_key, raw_base_url)
+        _client = _anthropic_plugin_service("maybe_wrap_anthropic")(_client, model, api_key, raw_base_url)
        return _client, model

    return None, None
@@ -1502,7 +1325,6 @@ def _resolve_api_key_provider() -> Tuple[Optional[OpenAI], Optional[str]]:
 # ── Provider resolution helpers ─────────────────────────────────────────────


-
 def _try_openrouter(explicit_api_key: str = None, model: str = None) -> Tuple[Optional[OpenAI], Optional[str]]:
    pool_present, entry = _select_pool_entry("openrouter")
    if pool_present:
@@ -1849,7 +1671,11 @@ def _try_custom_endpoint() -> Tuple[Optional[Any], Optional[str]]:
        # LiteLLM proxies, etc.).  Must NEVER be treated as OAuth —
        # Anthropic OAuth claims only apply to api.anthropic.com.
        try:
-            from agent.anthropic_adapter import build_anthropic_client
+            from agent.plugin_registries import registries
+            _anthropic = registries.get_provider_namespace("anthropic")
+            build_anthropic_client = _anthropic.get("build_anthropic_client")
+            if build_anthropic_client is None:
+                raise ImportError("anthropic provider not registered")
            real_client = build_anthropic_client(custom_key, custom_base)
        except ImportError:
            logger.warning(
@@ -1864,7 +1690,7 @@ def _try_custom_endpoint() -> Tuple[Optional[Any], Optional[str]]:
    # URL-based anthropic detection for custom endpoints that didn't set
    # api_mode explicitly (e.g. kimi.com/coding reached via custom config).
    _fallback_client = OpenAI(api_key=custom_key, base_url=_clean_base, **_extra)
-    _fallback_client = _maybe_wrap_anthropic(
+    _fallback_client = _anthropic_plugin_service("maybe_wrap_anthropic")(
        _fallback_client, model, custom_key, custom_base, custom_mode,
    )
    return _fallback_client, model
@@ -2042,7 +1868,7 @@ def _try_azure_foundry(
        # for Entra ID it's a callable. ``_maybe_wrap_anthropic`` →
        # ``build_anthropic_client`` detects the callable and installs
        # the bearer-injecting httpx hook.
-        return _maybe_wrap_anthropic(
+        return _anthropic_plugin_service("maybe_wrap_anthropic")(
            client, final_model, api_key,
            base_url, runtime_api_mode,
        ), final_model
@@ -2051,54 +1877,6 @@ def _try_azure_foundry(
    return client, final_model


-def _try_anthropic(explicit_api_key: str = None) -> Tuple[Optional[Any], Optional[str]]:
-    try:
-        from agent.anthropic_adapter import build_anthropic_client, resolve_anthropic_token
-    except ImportError:
-        return None, None
-
-    pool_present, entry = _select_pool_entry("anthropic")
-    if pool_present:
-        if entry is None:
-            return None, None
-        token = explicit_api_key or _pool_runtime_api_key(entry)
-    else:
-        entry = None
-        token = explicit_api_key or resolve_anthropic_token()
-    if not token:
-        return None, None
-
-    # Allow base URL override from config.yaml model.base_url, but only
-    # when the configured provider is anthropic — otherwise a non-Anthropic
-    # base_url (e.g. Codex endpoint) would leak into Anthropic requests.
-    base_url = _pool_runtime_base_url(entry, _ANTHROPIC_DEFAULT_BASE_URL) if pool_present else _ANTHROPIC_DEFAULT_BASE_URL
-    try:
-        from hermes_cli.config import load_config
-        cfg = load_config()
-        model_cfg = cfg.get("model")
-        if isinstance(model_cfg, dict):
-            cfg_provider = str(model_cfg.get("provider") or "").strip().lower()
-            if cfg_provider == "anthropic":
-                cfg_base_url = (model_cfg.get("base_url") or "").strip().rstrip("/")
-                if cfg_base_url:
-                    base_url = cfg_base_url
-    except Exception:
-        pass
-
-    from agent.anthropic_adapter import _is_oauth_token
-    is_oauth = _is_oauth_token(token)
-    model = _get_aux_model_for_provider("anthropic") or "claude-haiku-4-5-20251001"
-    logger.debug("Auxiliary client: Anthropic native (%s) at %s (oauth=%s)", model, base_url, is_oauth)
-    try:
-        real_client = build_anthropic_client(token, base_url)
-    except ImportError:
-        # The anthropic_adapter module imports fine but the SDK itself is
-        # missing — build_anthropic_client raises ImportError at call time
-        # when _anthropic_sdk is None.  Treat as unavailable.
-        return None, None
-    return AnthropicAuxiliaryClient(real_client, model, token, base_url, is_oauth=is_oauth), model
-
-
 _AUTO_PROVIDER_LABELS = {
    "_try_openrouter": "openrouter",
    "_try_nous": "nous",
@@ -2679,8 +2457,8 @@ def _retry_same_provider_sync(
        extra_body=effective_extra_body,
        base_url=retry_base or resolved_base_url,
    )
-    if _is_anthropic_compat_endpoint(resolved_provider, retry_base):
-        retry_kwargs["messages"] = _convert_openai_images_to_anthropic(retry_kwargs["messages"])
+    if _anthropic_plugin_service("is_anthropic_compat_endpoint")(resolved_provider, retry_base):
+        retry_kwargs["messages"] = _anthropic_plugin_service("convert_openai_images_to_anthropic")(retry_kwargs["messages"])
    return _validate_llm_response(
        retry_client.chat.completions.create(**retry_kwargs), task,
    )
@@ -2736,8 +2514,8 @@ async def _retry_same_provider_async(
        extra_body=effective_extra_body,
        base_url=retry_base or resolved_base_url,
    )
-    if _is_anthropic_compat_endpoint(resolved_provider, retry_base):
-        retry_kwargs["messages"] = _convert_openai_images_to_anthropic(retry_kwargs["messages"])
+    if _anthropic_plugin_service("is_anthropic_compat_endpoint")(resolved_provider, retry_base):
+        retry_kwargs["messages"] = _anthropic_plugin_service("convert_openai_images_to_anthropic")(retry_kwargs["messages"])
    return _validate_llm_response(
        await retry_client.chat.completions.create(**retry_kwargs), task,
    )
@@ -2767,12 +2545,19 @@ def _refresh_provider_credentials(provider: str) -> bool:
            _evict_cached_clients(normalized)
            return True
        if normalized == "anthropic":
-            from agent.anthropic_adapter import read_claude_code_credentials, _refresh_oauth_token, resolve_anthropic_token
+            from agent.plugin_registries import registries
+            _anthropic = registries.get_provider_namespace("anthropic")
+            read_claude_code_credentials = _anthropic.get("read_claude_code_credentials")
+            _refresh_oauth_token = _anthropic.get("_refresh_oauth_token")
+            resolve_anthropic_token = _anthropic.get("resolve_anthropic_token")
+            if read_claude_code_credentials is None:
+                return False

            creds = read_claude_code_credentials()
-            token = _refresh_oauth_token(creds) if isinstance(creds, dict) and creds.get("refreshToken") else None
+            token = _refresh_oauth_token(creds) if isinstance(creds, dict) and creds.get("refreshToken") and _refresh_oauth_token else None
            if not str(token or "").strip():
-                token = resolve_anthropic_token()
+                if resolve_anthropic_token is not None:
+                    token = resolve_anthropic_token()
            if not str(token or "").strip():
                return False
            _evict_cached_clients(normalized)
@@ -3123,7 +2908,7 @@ def _to_async_client(sync_client, model: str, is_vision: bool = False):

    if isinstance(sync_client, CodexAuxiliaryClient):
        return AsyncCodexAuxiliaryClient(sync_client), model
-    if isinstance(sync_client, AnthropicAuxiliaryClient):
+    if _safe_isinstance(sync_client, AnthropicAuxiliaryClient):
        return AsyncAnthropicAuxiliaryClient(sync_client), model
    try:
        from agent.gemini_native_adapter import GeminiNativeClient, AsyncGeminiNativeClient
@@ -3309,7 +3094,7 @@ def resolve_provider_client(
            return CodexAuxiliaryClient(client_obj, final_model_str)
        # Anthropic-wire endpoints: rewrap plain OpenAI clients so
        # chat.completions.create() is translated to /v1/messages.
-        return _maybe_wrap_anthropic(
+        return _anthropic_plugin_service("maybe_wrap_anthropic")(
            client_obj, final_model_str, api_key_str, base_url_str, api_mode,
        )

@@ -3541,7 +3326,11 @@ def resolve_provider_client(
                # branch in _try_custom_endpoint(). See #15033.
                if entry_api_mode == "anthropic_messages":
                    try:
-                        from agent.anthropic_adapter import build_anthropic_client
+                        from agent.plugin_registries import registries
+                        _anthropic = registries.get_provider_namespace("anthropic")
+                        build_anthropic_client = _anthropic.get("build_anthropic_client")
+                        if build_anthropic_client is None:
+                            raise ImportError("anthropic provider not registered")
                        real_client = build_anthropic_client(custom_key, custom_base)
                    except ImportError:
                        logger.warning(
@@ -3584,39 +3373,37 @@ def resolve_provider_client(
    except ImportError:
        pass

-    # ── Azure Foundry (delegates to runtime resolver for auth_mode-aware routing) ─
-    #
-    # The generic PROVIDER_REGISTRY path below uses
-    # ``resolve_api_key_provider_credentials`` which only knows about the
-    # static ``AZURE_FOUNDRY_API_KEY`` env var. That misses two important
-    # cases for the ``azure-foundry`` provider:
-    #
-    #   1. ``model.auth_mode: entra_id`` — no static key exists; we need
-    #      a callable bearer-token provider from ``azure_identity_adapter``.
-    #   2. Non-default ``model.base_url`` (Foundry projects path) — the
-    #      env-var-only resolver doesn't apply config-yaml-driven URL
-    #      overrides.
-    #
-    # Delegate to the same runtime resolver the main agent uses so
-    # auxiliary tasks (title generation, compression, vision, embedding,
-    # session search) inherit the user's full Azure config.
-    if provider == "azure-foundry":
-        client, default_model = _try_azure_foundry(
+    # ── Plugin-registered resolvers (azure-foundry, etc.) ──────────────
+    # Providers with complex auth (Entra ID, OAuth, etc.) register a
+    # resolver callable so core doesn't need per-provider if/elif branches.
+    from agent.plugin_registries import registries as _reg_early
+    _early_resolver = _reg_early.get_provider_resolver(provider)
+    if _early_resolver is not None:
+        client, default_model = _early_resolver(
            model=model,
            explicit_api_key=explicit_api_key,
            explicit_base_url=explicit_base_url,
+            async_mode=async_mode,
+            is_vision=is_vision,
+            main_runtime=main_runtime,
            api_mode=api_mode,
        )
-        if client is None:
-            logger.warning(
-                "resolve_provider_client: azure-foundry requested but "
-                "runtime resolution failed (run: hermes doctor for "
-                "diagnostics)"
-            )
-            return None, None
-        final_model = _normalize_resolved_model(model or default_model, provider)
-        return (_to_async_client(client, final_model, is_vision=is_vision) if async_mode
-                else (client, final_model))
+        if client is not None:
+            final_model = _normalize_resolved_model(model or default_model, provider)
+            # Resolvers that accept async_mode may already return an async
+            # client (e.g. bedrock returns AsyncAnthropicAuxiliaryClient).
+            # Don't double-wrap — only call _to_async_client when the
+            # resolver returned a sync client despite async_mode=True.
+            if async_mode and not _is_async_client(client):
+                return _to_async_client(client, final_model, is_vision=is_vision)
+            return client, final_model
+        # Resolver returned None — provider unavailable
+        logger.warning(
+            "resolve_provider_client: %s requested but resolver returned "
+            "no client (run: hermes doctor for diagnostics)",
+            provider,
+        )
+        return None, None

    # ── API-key providers from PROVIDER_REGISTRY ─────────────────────
    try:
@@ -3635,14 +3422,6 @@ def resolve_provider_client(
        return None, None

    if pconfig.auth_type == "api_key":
-        if provider == "anthropic":
-            client, default_model = _try_anthropic(explicit_api_key=explicit_api_key)
-            if client is None:
-                logger.warning("resolve_provider_client: anthropic requested but no Anthropic credentials found")
-                return None, None
-            final_model = _normalize_resolved_model(model or default_model, provider)
-            return (_to_async_client(client, final_model, is_vision=is_vision) if async_mode else (client, final_model))
-
        creds = resolve_api_key_provider_credentials(provider)
        api_key = str(creds.get("api_key", "")).strip()
        # Honour an explicit api_key override (e.g. from a fallback_model entry
@@ -3775,37 +3554,14 @@ def resolve_provider_client(
        return None, None

    elif pconfig.auth_type == "aws_sdk":
-        # AWS SDK providers (Bedrock) — use the Anthropic Bedrock client via
-        # boto3's credential chain (IAM roles, SSO, env vars, instance metadata).
-        try:
-            from agent.bedrock_adapter import has_aws_credentials, resolve_bedrock_region
-            from agent.anthropic_adapter import build_anthropic_bedrock_client
-        except ImportError:
-            logger.warning("resolve_provider_client: bedrock requested but "
-                           "boto3 or anthropic SDK not installed")
-            return None, None
-
-        if not has_aws_credentials():
-            logger.debug("resolve_provider_client: bedrock requested but "
-                         "no AWS credentials found")
-            return None, None
-
-        region = resolve_bedrock_region()
-        default_model = "anthropic.claude-haiku-4-5-20251001-v1:0"
-        final_model = _normalize_resolved_model(model or default_model, provider)
-        try:
-            real_client = build_anthropic_bedrock_client(region)
-        except ImportError as exc:
-            logger.warning("resolve_provider_client: cannot create Bedrock "
-                           "client: %s", exc)
-            return None, None
-        client = AnthropicAuxiliaryClient(
-            real_client, final_model, api_key="aws-sdk",
-            base_url=f"https://bedrock-runtime.{region}.amazonaws.com",
+        # AWS SDK providers (e.g. Bedrock) — handled by the early resolver
+        # catch above when a plugin registers one.  If we reach here, no
+        # resolver was registered.
+        logger.warning(
+            "resolve_provider_client: aws_sdk provider %s has no "
+            "registered resolver (plugin not loaded?)", provider,
        )
-        logger.debug("resolve_provider_client: bedrock (%s, %s)", final_model, region)
-        return (_to_async_client(client, final_model, is_vision=is_vision) if async_mode
-                else (client, final_model))
+        return None, None

    elif pconfig.auth_type in {"oauth_device_code", "oauth_external"}:
        # OAuth providers — route through their specific try functions
@@ -3929,7 +3685,12 @@ def _resolve_strict_vision_backend(
        # allow-list); callers must specify via auxiliary.<task>.model.
        return resolve_provider_client("openai-codex", model, is_vision=True)
    if provider == "anthropic":
-        return _try_anthropic()
+        from agent.plugin_registries import registries as _reg
+        _resolver = _reg.get_provider_resolver("anthropic")
+        if _resolver is not None:
+            return _resolver(model=model)
+        # Fallback: no resolver registered (plugin not loaded)
+        return None, None
    if provider == "custom":
        return _try_custom_endpoint()
    return None, None
@@ -4674,54 +4435,6 @@ def _is_anthropic_compat_endpoint(provider: str, base_url: str) -> bool:
    return "/anthropic" in url_lower


-def _convert_openai_images_to_anthropic(messages: list) -> list:
-    """Convert OpenAI ``image_url`` content blocks to Anthropic ``image`` blocks.
-
-    Only touches messages that have list-type content with ``image_url`` blocks;
-    plain text messages pass through unchanged.
-    """
-    converted = []
-    for msg in messages:
-        content = msg.get("content")
-        if not isinstance(content, list):
-            converted.append(msg)
-            continue
-        new_content = []
-        changed = False
-        for block in content:
-            if block.get("type") == "image_url":
-                image_url_val = (block.get("image_url") or {}).get("url", "")
-                if image_url_val.startswith("data:"):
-                    # Parse data URI: data:<media_type>;base64,<data>
-                    header, _, b64data = image_url_val.partition(",")
-                    media_type = "image/png"
-                    if ":" in header and ";" in header:
-                        media_type = header.split(":", 1)[1].split(";", 1)[0]
-                    new_content.append({
-                        "type": "image",
-                        "source": {
-                            "type": "base64",
-                            "media_type": media_type,
-                            "data": b64data,
-                        },
-                    })
-                else:
-                    # URL-based image
-                    new_content.append({
-                        "type": "image",
-                        "source": {
-                            "type": "url",
-                            "url": image_url_val,
-                        },
-                    })
-                changed = True
-            else:
-                new_content.append(block)
-        converted.append({**msg, "content": new_content} if changed else msg)
-    return converted
-
-
-
 def _build_call_kwargs(
    provider: str,
    model: str,
@@ -4751,8 +4464,10 @@ def _build_call_kwargs(
    # structured-JSON extraction) don't 400 the moment
    # the aux model is flipped to 4.7.
    if temperature is not None:
-        from agent.anthropic_adapter import _forbids_sampling_params
-        if _forbids_sampling_params(model):
+        from agent.plugin_registries import registries
+        _anthropic = registries.get_provider_namespace("anthropic")
+        _forbids_sampling_params = _anthropic.get("_forbids_sampling_params")
+        if _forbids_sampling_params is not None and _forbids_sampling_params(model):
            temperature = None

    if temperature is not None:
@@ -4963,8 +4678,8 @@ def call_llm(

    # Convert image blocks for Anthropic-compatible endpoints (e.g. MiniMax)
    _client_base = str(getattr(client, "base_url", "") or "")
-    if _is_anthropic_compat_endpoint(resolved_provider, _client_base):
-        kwargs["messages"] = _convert_openai_images_to_anthropic(kwargs["messages"])
+    if _anthropic_plugin_service("is_anthropic_compat_endpoint")(resolved_provider, _client_base):
+        kwargs["messages"] = _anthropic_plugin_service("convert_openai_images_to_anthropic")(kwargs["messages"])

    # Handle unsupported temperature, max_tokens vs max_completion_tokens retry,
    # then payment fallback.
@@ -5406,8 +5121,8 @@ async def async_call_llm(
        base_url=_client_base or resolved_base_url)

    # Convert image blocks for Anthropic-compatible endpoints (e.g. MiniMax)
-    if _is_anthropic_compat_endpoint(resolved_provider, _client_base):
-        kwargs["messages"] = _convert_openai_images_to_anthropic(kwargs["messages"])
+    if _anthropic_plugin_service("is_anthropic_compat_endpoint")(resolved_provider, _client_base):
+        kwargs["messages"] = _anthropic_plugin_service("convert_openai_images_to_anthropic")(kwargs["messages"])

    try:
        return _validate_llm_response(
--- a/agent/chat_completion_helpers.py
+++ b/agent/chat_completion_helpers.py
@@ -202,12 +202,14 @@ def interruptible_api_call(agent, api_kwargs: dict):
                # normalize_converse_response produces an OpenAI-compatible
                # SimpleNamespace so the rest of the agent loop can treat
                # bedrock responses like chat_completions responses.
-                from agent.bedrock_adapter import (
-                    _get_bedrock_runtime_client,
-                    invalidate_runtime_client,
-                    is_stale_connection_error,
-                    normalize_converse_response,
-                )
+                from agent.plugin_registries import registries
+                _bedrock = registries.get_provider_namespace("bedrock")
+                _get_bedrock_runtime_client = _bedrock.get("_get_bedrock_runtime_client")
+                invalidate_runtime_client = _bedrock.get("invalidate_runtime_client")
+                is_stale_connection_error = _bedrock.get("is_stale_connection_error")
+                normalize_converse_response = _bedrock.get("normalize_converse_response")
+                if _get_bedrock_runtime_client is None or normalize_converse_response is None:
+                    raise ImportError("bedrock provider not registered")
                region = api_kwargs.pop("__bedrock_region__", "us-east-1")
                api_kwargs.pop("__bedrock_converse__", None)
                client = _get_bedrock_runtime_client(region)
@@ -681,8 +683,11 @@ def build_api_kwargs(agent, api_messages: list) -> dict:
    _ant_max = None
    if (_is_or or _is_nous) and "claude" in (agent.model or "").lower():
        try:
-            from agent.anthropic_adapter import _get_anthropic_max_output
-            _ant_max = _get_anthropic_max_output(agent.model)
+            from agent.plugin_registries import registries
+            _anthropic = registries.get_provider_namespace("anthropic")
+            _get_anthropic_max_output = _anthropic.get("_get_anthropic_max_output")
+            if _get_anthropic_max_output is not None:
+                _ant_max = _get_anthropic_max_output(agent.model)
        except Exception:
            pass

@@ -1167,15 +1172,20 @@ def try_activate_fallback(agent, reason: "FailoverReason | None" = None) -> bool

        if fb_api_mode == "anthropic_messages":
            # Build native Anthropic client instead of using OpenAI client
-            from agent.anthropic_adapter import build_anthropic_client, resolve_anthropic_token, _is_oauth_token
-            effective_key = (fb_client.api_key or resolve_anthropic_token() or "") if fb_provider == "anthropic" else (fb_client.api_key or "")
+            from agent.plugin_registries import registries
+            _anthropic = registries.get_provider_namespace("anthropic")
+            build_anthropic_client = _anthropic.get("build_anthropic_client")
+            resolve_anthropic_token = _anthropic.get("resolve_anthropic_token")
+            _is_oauth_token = _anthropic.get("_is_oauth_token")
+            effective_key = (fb_client.api_key or (resolve_anthropic_token() if resolve_anthropic_token else "") or "") if fb_provider == "anthropic" else (fb_client.api_key or "")
            agent.api_key = effective_key
            agent._anthropic_api_key = effective_key
            agent._anthropic_base_url = fb_base_url
-            agent._anthropic_client = build_anthropic_client(
-                effective_key, agent._anthropic_base_url, timeout=_fb_timeout,
-            )
-            agent._is_anthropic_oauth = _is_oauth_token(effective_key) if fb_provider == "anthropic" else False
+            if build_anthropic_client is not None:
+                agent._anthropic_client = build_anthropic_client(
+                    effective_key, agent._anthropic_base_url, timeout=_fb_timeout,
+                )
+            agent._is_anthropic_oauth = _is_oauth_token(effective_key) if fb_provider == "anthropic" and _is_oauth_token else False
            agent.client = None
            agent._client_kwargs = {}
        else:
@@ -1571,12 +1581,14 @@ def interruptible_streaming_api_call(agent, api_kwargs: dict, *, on_first_delta=

        def _bedrock_call():
            try:
-                from agent.bedrock_adapter import (
-                    _get_bedrock_runtime_client,
-                    invalidate_runtime_client,
-                    is_stale_connection_error,
-                    stream_converse_with_callbacks,
-                )
+                from agent.plugin_registries import registries
+                _bedrock = registries.get_provider_namespace("bedrock")
+                _get_bedrock_runtime_client = _bedrock.get("_get_bedrock_runtime_client")
+                invalidate_runtime_client = _bedrock.get("invalidate_runtime_client")
+                is_stale_connection_error = _bedrock.get("is_stale_connection_error")
+                stream_converse_with_callbacks = _bedrock.get("stream_converse_with_callbacks")
+                if _get_bedrock_runtime_client is None or stream_converse_with_callbacks is None:
+                    raise ImportError("bedrock provider not registered")
                region = api_kwargs.pop("__bedrock_region__", "us-east-1")
                api_kwargs.pop("__bedrock_converse__", None)
                client = _get_bedrock_runtime_client(region)
--- a/agent/conversation_compression.py
+++ b/agent/conversation_compression.py
@@ -308,14 +308,11 @@ def compress_context(
    # The check itself sets ``agent._compression_warning`` so the
    # status-callback replay machinery still emits the warning to the user
    # the first time it would matter.
-    if not getattr(agent, "_compression_feasibility_checked", False):
-        # Mark as checked only after the probe completes. If the check
-        # raises (e.g. a fatal aux-context ValueError that aborts the
-        # session), leaving the flag unset is harmless; a non-fatal
-        # transient failure is swallowed inside the function so the flag
-        # is set normally on the next successful pass.
-        check_compression_model_feasibility(agent)
-        agent._compression_feasibility_checked = True
+    if not getattr(agent, "_compression_feasibility_checked", True):
+        try:
+            check_compression_model_feasibility(agent)
+        finally:
+            agent._compression_feasibility_checked = True

    _pre_msg_count = len(messages)
    logger.info(
--- a/agent/conversation_loop.py
+++ b/agent/conversation_loop.py
@@ -27,6 +27,8 @@ import time
 import uuid
 from typing import Any, Dict, List, Optional

+from agent.plugin_registries import registries as _registries
+from agent.auxiliary_client import set_runtime_main
 from agent.codex_responses_adapter import _summarize_user_message_for_log
 from agent.display import KawaiiSpinner
 from agent.error_classifier import FailoverReason, classify_api_error
@@ -1739,52 +1741,20 @@ def run_conversation(
                    if agent.api_mode in {"chat_completions", "bedrock_converse", "anthropic_messages"}:
                        assistant_message = _trunc_msg
                        if assistant_message is not None and _trunc_has_tool_calls:
-                            _is_stub_stall = (
-                                getattr(response, "id", "") == PARTIAL_STREAM_STUB_ID
-                            )
-                            if truncated_tool_call_retries < 3:
+                            if truncated_tool_call_retries < 1:
                                truncated_tool_call_retries += 1
-                                if _is_stub_stall:
-                                    # The stream broke mid tool-call (network /
-                                    # peer-closed connection), not a real output
-                                    # cap — say so instead of "max output tokens".
-                                    agent._buffer_vprint(
-                                        f"⚠️  Stream interrupted mid tool-call — "
-                                        f"retrying ({truncated_tool_call_retries}/3)..."
-                                    )
-                                else:
-                                    agent._buffer_vprint(
-                                        f"⚠️  Truncated tool call detected — "
-                                        f"retrying API call "
-                                        f"({truncated_tool_call_retries}/3)..."
-                                    )
-                                # Boost max_tokens on each retry so the model has
-                                # more room to complete the tool-call JSON. A
-                                # network stall doesn't need a bigger budget, but
-                                # a genuine output-cap truncation does, and the
-                                # boost is harmless for the stall case.
-                                _tc_boost_base = agent.max_tokens if agent.max_tokens else 4096
-                                _tc_boost = _tc_boost_base * (truncated_tool_call_retries + 1)
-                                _tc_requested_cap = agent._requested_output_cap_from_api_kwargs(api_kwargs)
-                                if _tc_requested_cap is not None:
-                                    _tc_boost = max(_tc_boost, _tc_requested_cap)
-                                _tc_boost_cap = max(32768, _tc_requested_cap or 0)
-                                agent._ephemeral_max_output_tokens = min(_tc_boost, _tc_boost_cap)
+                                agent._buffer_vprint(
+                                    f"⚠️  Truncated tool call detected — retrying API call..."
+                                )
                                # Don't append the broken response to messages;
                                # just re-run the same API call from the current
                                # message state, giving the model another chance.
                                continue
                            agent._flush_status_buffer()
-                            if _is_stub_stall:
-                                agent._vprint(
-                                    f"{agent.log_prefix}⚠️  Stream kept dropping mid tool-call after 3 retries — the action was not executed.",
-                                    force=True,
-                                )
-                            else:
-                                agent._vprint(
-                                    f"{agent.log_prefix}⚠️  Truncated tool call response detected again — refusing to execute incomplete tool arguments.",
-                                    force=True,
-                                )
+                            agent._vprint(
+                                f"{agent.log_prefix}⚠️  Truncated tool call response detected again — refusing to execute incomplete tool arguments.",
+                                force=True,
+                            )
                            agent._cleanup_task_resources(effective_task_id)
                            agent._persist_session(messages, conversation_history)
                            return {
@@ -1793,12 +1763,7 @@ def run_conversation(
                                "api_calls": api_call_count,
                                "completed": False,
                                "partial": True,
-                                "error": (
-                                    "Stream repeatedly dropped mid tool-call (network); "
-                                    "the tool was not executed"
-                                    if _is_stub_stall
-                                    else "Response truncated due to output length limit"
-                                ),
+                                "error": "Response truncated due to output length limit",
                            }

                    # If we have prior messages, roll back to last complete state
@@ -2443,8 +2408,8 @@ def run_conversation(
                    and not anthropic_auth_retry_attempted
                ):
                    anthropic_auth_retry_attempted = True
-                    from agent.anthropic_adapter import _is_oauth_token
-                    from agent.azure_identity_adapter import is_token_provider
+                    _is_oauth_token = _registries.get_provider_service("anthropic", "_is_oauth_token")
+                    is_token_provider = _registries.get_provider_service("azure", "is_token_provider")
                    if agent._try_refresh_anthropic_client_credentials():
                        print(f"{agent.log_prefix}🔐 Anthropic credentials refreshed after 401. Retrying request...")
                        continue
@@ -2461,7 +2426,7 @@ def run_conversation(
                        print(f"{agent.log_prefix}   Run `hermes doctor` for credential-chain diagnostics, or")
                        print(f"{agent.log_prefix}   `az login` if your developer session expired.")
                    else:
-                        auth_method = "Bearer (OAuth/setup-token)" if _is_oauth_token(key) else "x-api-key (API key)"
+                        auth_method = "Bearer (OAuth/setup-token)" if (_is_oauth_token is not None and _is_oauth_token(key)) else "x-api-key (API key)"
                        print(f"{agent.log_prefix}   Auth method: {auth_method}")
                        print(f"{agent.log_prefix}   Token prefix: {key[:12]}..." if isinstance(key, str) and len(key) > 12 else f"{agent.log_prefix}   Token: (empty or short)")
                    print(f"{agent.log_prefix}   Troubleshooting:")
@@ -3449,16 +3414,9 @@ def run_conversation(
            # Progressively boost the output token budget on each retry.
            # Retry 1 → 2× base, retry 2 → 3× base, capped at 32 768.
            # Applies to all providers via _ephemeral_max_output_tokens.
-            # If the original request already used a larger provider/model
-            # default budget, keep that floor so continuation retries do
-            # not accidentally downshift to a much smaller cap.
            _boost_base = agent.max_tokens if agent.max_tokens else 4096
            _boost = _boost_base * (length_continue_retries + 1)
-            _requested_cap = agent._requested_output_cap_from_api_kwargs(api_kwargs)
-            if _requested_cap is not None:
-                _boost = max(_boost, _requested_cap)
-            _boost_cap = max(32768, _requested_cap or 0)
-            agent._ephemeral_max_output_tokens = min(_boost, _boost_cap)
+            agent._ephemeral_max_output_tokens = min(_boost, 32768)
            continue

        # Guard: if all retries exhausted without a successful response
--- a/agent/credential_pool.py
+++ b/agent/credential_pool.py
@@ -537,43 +537,6 @@ class CredentialPool:
        self._persist()
        return updated

-    def _sync_anthropic_entry_from_credentials_file(self, entry: PooledCredential) -> PooledCredential:
-        """Sync a claude_code pool entry from ~/.claude/.credentials.json if tokens differ.
-
-        OAuth refresh tokens are single-use. When something external (e.g.
-        Claude Code CLI, or another profile's pool) refreshes the token, it
-        writes the new pair to ~/.claude/.credentials.json. The pool entry's
-        refresh token becomes stale. This method detects that and syncs.
-        """
-        if self.provider != "anthropic" or entry.source != "claude_code":
-            return entry
-        try:
-            from agent.anthropic_adapter import read_claude_code_credentials
-            creds = read_claude_code_credentials()
-            if not creds:
-                return entry
-            file_refresh = creds.get("refreshToken", "")
-            file_access = creds.get("accessToken", "")
-            file_expires = creds.get("expiresAt", 0)
-            # If the credentials file has a different token pair, sync it
-            if file_refresh and file_refresh != entry.refresh_token:
-                logger.debug("Pool entry %s: syncing tokens from credentials file (refresh token changed)", entry.id)
-                updated = replace(
-                    entry,
-                    access_token=file_access,
-                    refresh_token=file_refresh,
-                    expires_at_ms=file_expires,
-                    last_status=None,
-                    last_status_at=None,
-                    last_error_code=None,
-                )
-                self._replace_entry(entry, updated)
-                self._persist()
-                return updated
-        except Exception as exc:
-            logger.debug("Failed to sync from credentials file: %s", exc)
-        return entry
-
    def _sync_codex_entry_from_auth_store(self, entry: PooledCredential) -> PooledCredential:
        """Sync a Codex device_code pool entry from auth.json if tokens differ.

@@ -863,32 +826,11 @@ class CredentialPool:
            return None

        try:
-            if self.provider == "anthropic":
-                from agent.anthropic_adapter import refresh_anthropic_oauth_pure
-
-                refreshed = refresh_anthropic_oauth_pure(
-                    entry.refresh_token,
-                    use_json=entry.source.endswith("hermes_pkce"),
-                )
-                updated = replace(
-                    entry,
-                    access_token=refreshed["access_token"],
-                    refresh_token=refreshed["refresh_token"],
-                    expires_at_ms=refreshed["expires_at_ms"],
-                )
-                # Keep ~/.claude/.credentials.json in sync so that the
-                # fallback path (resolve_anthropic_token) and other profiles
-                # see the latest tokens.
-                if entry.source == "claude_code":
-                    try:
-                        from agent.anthropic_adapter import _write_claude_code_credentials
-                        _write_claude_code_credentials(
-                            refreshed["access_token"],
-                            refreshed["refresh_token"],
-                            refreshed["expires_at_ms"],
-                        )
-                    except Exception as wexc:
-                        logger.debug("Failed to write refreshed token to credentials file: %s", wexc)
+            # ── Plugin-registered credential pool hooks ──
+            from agent.plugin_registries import registries as _cph_reg2
+            _hook = _cph_reg2.get_credential_pool_hook(self.provider)
+            if _hook is not None and _hook.refresh_oauth is not None:
+                updated = _hook.refresh_oauth(entry, pool=self)
            elif self.provider == "openai-codex":
                # Adopt fresher tokens from auth.json before spending the
                # refresh_token — single-use tokens consumed by another Hermes
@@ -938,46 +880,18 @@ class CredentialPool:
                return entry
        except Exception as exc:
            logger.debug("Credential refresh failed for %s/%s: %s", self.provider, entry.id, exc)
-            # For anthropic claude_code entries: the refresh token may have been
-            # consumed by another process. Check if ~/.claude/.credentials.json
-            # has a newer token pair and retry once.
-            if self.provider == "anthropic" and entry.source == "claude_code":
-                synced = self._sync_anthropic_entry_from_credentials_file(entry)
-                if synced.refresh_token != entry.refresh_token:
-                    logger.debug("Retrying refresh with synced token from credentials file")
-                    try:
-                        from agent.anthropic_adapter import refresh_anthropic_oauth_pure
-                        refreshed = refresh_anthropic_oauth_pure(
-                            synced.refresh_token,
-                            use_json=synced.source.endswith("hermes_pkce"),
-                        )
-                        updated = replace(
-                            synced,
-                            access_token=refreshed["access_token"],
-                            refresh_token=refreshed["refresh_token"],
-                            expires_at_ms=refreshed["expires_at_ms"],
-                            last_status=STATUS_OK,
-                            last_status_at=None,
-                            last_error_code=None,
-                        )
-                        self._replace_entry(synced, updated)
-                        self._persist()
-                        try:
-                            from agent.anthropic_adapter import _write_claude_code_credentials
-                            _write_claude_code_credentials(
-                                refreshed["access_token"],
-                                refreshed["refresh_token"],
-                                refreshed["expires_at_ms"],
-                            )
-                        except Exception as wexc:
-                            logger.debug("Failed to write refreshed token to credentials file (retry path): %s", wexc)
-                        return updated
-                    except Exception as retry_exc:
-                        logger.debug("Retry refresh also failed: %s", retry_exc)
-                elif not self._entry_needs_refresh(synced):
-                    # Credentials file had a valid (non-expired) token — use it directly
-                    logger.debug("Credentials file has valid token, using without refresh")
-                    return synced
+            # ── Plugin-registered credential pool hooks ──
+            # The hook's refresh_oauth already handles retry-with-sync internally,
+            # so if we got here it means a non-hook provider failed.
+            from agent.plugin_registries import registries as _cph_reg3
+            _hook = _cph_reg3.get_credential_pool_hook(self.provider)
+            if _hook is not None and _hook.sync_from_credentials_file is not None:
+                # Give the hook a chance to sync from external file
+                synced = _hook.sync_from_credentials_file(entry)
+                if synced is not entry:
+                    entry = synced
+                    self._replace_entry(entry, synced)
+                    self._persist()
            # For xai-oauth: same race as nous — another process may have
            # consumed the refresh token between our proactive sync and the
            # HTTP call.  Re-check auth.json and adopt the fresh tokens if
@@ -1198,10 +1112,11 @@ class CredentialPool:
    def _entry_needs_refresh(self, entry: PooledCredential) -> bool:
        if entry.auth_type != AUTH_TYPE_OAUTH:
            return False
-        if self.provider == "anthropic":
-            if entry.expires_at_ms is None:
-                return False
-            return int(entry.expires_at_ms) <= int(time.time() * 1000) + 120_000
+        # ── Plugin-registered credential pool hooks ──
+        from agent.plugin_registries import registries as _cph_reg
+        _hook = _cph_reg.get_credential_pool_hook(self.provider)
+        if _hook is not None and _hook.needs_refresh is not None:
+            return _hook.needs_refresh(entry)
        if self.provider == "openai-codex":
            return _codex_access_token_is_expiring(
                entry.access_token,
@@ -1235,12 +1150,16 @@ class CredentialPool:
        entries_to_prune: List[str] = []
        available: List[PooledCredential] = []
        for entry in self._entries:
-            # For anthropic claude_code entries, sync from the credentials file
-            # before any status/refresh checks. This picks up tokens refreshed
-            # by other processes (Claude Code CLI, other Hermes profiles).
-            if (self.provider == "anthropic" and entry.source == "claude_code"
+            # ── Plugin-registered credential pool hooks ──
+            # Sync exhausted entries from external credentials files before
+            # status/refresh checks. This picks up tokens refreshed by other
+            # processes (e.g. Claude Code CLI, other Hermes profiles).
+            from agent.plugin_registries import registries as _cph_reg4
+            _avail_hook = _cph_reg4.get_credential_pool_hook(self.provider)
+            if (_avail_hook is not None
+                    and _avail_hook.sync_from_credentials_file is not None
                    and entry.last_status in {STATUS_EXHAUSTED, STATUS_DEAD}):
-                synced = self._sync_anthropic_entry_from_credentials_file(entry)
+                synced = _avail_hook.sync_from_credentials_file(entry)
                if synced is not entry:
                    entry = synced
                    cleared_any = True
@@ -1634,84 +1553,15 @@ def _seed_from_singletons(provider: str, entries: List[PooledCredential]) -> Tup
        def _is_suppressed(_p, _s):  # type: ignore[misc]
            return False

-    if provider == "anthropic":
-        # Only auto-discover external credentials (Claude Code, Hermes PKCE)
-        # when the user has explicitly configured anthropic as their provider.
-        # Without this gate, auxiliary client fallback chains silently read
-        # ~/.claude/.credentials.json without user consent.  See PR #4210.
-        try:
-            from hermes_cli.auth import is_provider_explicitly_configured
-            if not is_provider_explicitly_configured("anthropic"):
-                return changed, active_sources
-        except ImportError:
-            pass
-
-        # API-key vs OAuth is a user-visible choice at `hermes setup` ("Claude
-        # Pro/Max subscription" vs "Anthropic API key").  The signal that the
-        # user picked the API-key path is: ANTHROPIC_API_KEY set in the env,
-        # AND no OAuth env vars set — `save_anthropic_api_key()` writes the
-        # API key and zeros ANTHROPIC_TOKEN; `save_anthropic_oauth_token()`
-        # does the inverse.  When that signal is present we MUST NOT seed
-        # autodiscovered OAuth tokens (~/.claude/.credentials.json from the
-        # Claude Code CLI, hermes_pkce creds from a previous OAuth login)
-        # into the anthropic pool — otherwise rotation on a 401/429 silently
-        # flips the session onto an OAuth credential, which forces the Claude
-        # Code identity injection, `mcp_` tool-name rewrite, and claude-cli
-        # User-Agent header (`agent/anthropic_adapter.py:2128`).  Users who
-        # explicitly opted into the API-key path are explicitly opting OUT of
-        # that masquerade.  Prefer ~/.hermes/.env over os.environ for the
-        # same reason `_seed_from_env` does — that's the authoritative file
-        # that `hermes setup` writes.
-        _env_file = load_env()
-
-        def _env_val(key: str) -> str:
-            return (_env_file.get(key) or os.environ.get(key) or "").strip()
-
-        anthropic_api_key = _env_val("ANTHROPIC_API_KEY")
-        anthropic_oauth_env = (
-            _env_val("ANTHROPIC_TOKEN") or _env_val("CLAUDE_CODE_OAUTH_TOKEN")
+    # ── Plugin-registered credential pool hooks ──
+    from agent.plugin_registries import registries as _cp_reg
+    _cp_hook = _cp_reg.get_credential_pool_hook(provider)
+    if _cp_hook is not None and _cp_hook.discover_credentials is not None:
+        hook_changed, hook_sources = _cp_hook.discover_credentials(
+            entries, provider, _is_suppressed,
        )
-        api_key_path_explicit = bool(anthropic_api_key and not anthropic_oauth_env)
-
-        if api_key_path_explicit:
-            # Prune any stale autodiscovered OAuth entries that may have been
-            # seeded into the on-disk pool during a previous OAuth session.
-            # Without this, switching OAuth -> API key at setup leaves the
-            # OAuth entries dormant in auth.json forever and rotation on a
-            # transient 401 could revive them.
-            retained = [
-                entry for entry in entries
-                if entry.source not in {"hermes_pkce", "claude_code"}
-            ]
-            if len(retained) != len(entries):
-                entries[:] = retained
-                changed = True
-            return changed, active_sources
-
-        from agent.anthropic_adapter import read_claude_code_credentials, read_hermes_oauth_credentials
-
-        for source_name, creds in (
-            ("hermes_pkce", read_hermes_oauth_credentials()),
-            ("claude_code", read_claude_code_credentials()),
-        ):
-            if creds and creds.get("accessToken"):
-                if _is_suppressed(provider, source_name):
-                    continue
-                active_sources.add(source_name)
-                changed |= _upsert_entry(
-                    entries,
-                    provider,
-                    source_name,
-                    {
-                        "source": source_name,
-                        "auth_type": AUTH_TYPE_OAUTH,
-                        "access_token": creds.get("accessToken", ""),
-                        "refresh_token": creds.get("refreshToken"),
-                        "expires_at_ms": creds.get("expiresAt"),
-                        "label": label_from_token(creds.get("accessToken", ""), source_name),
-                    },
-                )
-
+        changed |= hook_changed
+        active_sources |= hook_sources
    elif provider == "nous":
        state = _load_provider_state(auth_store, "nous")
        has_runtime_material = bool(
@@ -2022,12 +1872,11 @@ def _seed_from_env(provider: str, entries: List[PooledCredential]) -> Tuple[bool
        env_url = _get_env_prefer_dotenv(pconfig.base_url_env_var).rstrip("/")

    env_vars = list(pconfig.api_key_env_vars)
-    if provider == "anthropic":
-        env_vars = [
-            "ANTHROPIC_TOKEN",
-            "CLAUDE_CODE_OAUTH_TOKEN",
-            "ANTHROPIC_API_KEY",
-        ]
+    # ── Plugin-registered credential pool hooks: env var order override ──
+    from agent.plugin_registries import registries as _env_reg
+    _env_hook = _env_reg.get_credential_pool_hook(provider)
+    if _env_hook is not None and _env_hook.env_var_order is not None:
+        env_vars = _env_hook.env_var_order

    for env_var in env_vars:
        # Prefer ~/.hermes/.env over os.environ
@@ -2038,7 +1887,11 @@ def _seed_from_env(provider: str, entries: List[PooledCredential]) -> Tuple[bool
        if _is_source_suppressed(provider, source):
            continue
        active_sources.add(source)
-        auth_type = AUTH_TYPE_OAUTH if provider == "anthropic" and not token.startswith("sk-ant-api") else AUTH_TYPE_API_KEY
+        # ── Plugin-registered credential pool hooks: auth type detection ──
+        if _env_hook is not None and _env_hook.detect_auth_type is not None:
+            auth_type = _env_hook.detect_auth_type(token)
+        else:
+            auth_type = AUTH_TYPE_API_KEY
        base_url = env_url or pconfig.inference_base_url
        if provider == "kimi-coding":
            base_url = _resolve_kimi_base_url(token, pconfig.inference_base_url, env_url)
--- a/agent/curator.py
+++ b/agent/curator.py
@@ -183,18 +183,6 @@ def get_archive_after_days() -> int:
        return DEFAULT_ARCHIVE_AFTER_DAYS


-def get_prune_builtins() -> bool:
-    """Whether the curator may prune (archive) bundled built-in skills too.
-
-    ON by default. When on, built-ins become curation candidates and are
-    archived after the same inactivity period as agent-created skills, with a
-    suppression list keeping them archived across `hermes update` re-seeds.
-    Hub-installed skills are never pruned regardless of this flag.
-    """
-    cfg = _load_config()
-    return bool(cfg.get("prune_builtins", True))
-
-
 # ---------------------------------------------------------------------------
 # Idle / interval check
 # ---------------------------------------------------------------------------
@@ -266,17 +254,9 @@ def should_run_now(now: Optional[datetime] = None) -> bool:
 # ---------------------------------------------------------------------------

 def apply_automatic_transitions(now: Optional[datetime] = None) -> Dict[str, int]:
-    """Walk every curator-managed skill and move active/stale/archived based on
+    """Walk every agent-created skill and move active/stale/archived based on
    the latest real activity timestamp. Pinned skills are never touched.
-
-    Built-ins (eligible only when ``curator.prune_builtins`` is on) are seeded
-    with a baseline record the first time they're seen so their inactivity
-    clock starts NOW rather than at epoch — a long-unused built-in is therefore
-    archived only after a fresh ``archive_after_days`` of non-use, not on the
-    first pass after the flag flips on.
-
-    Returns a counter dict describing what changed.
-    """
+    Returns a counter dict describing what changed."""
    from tools import skill_usage as _u

    if now is None:
@@ -284,7 +264,7 @@ def apply_automatic_transitions(now: Optional[datetime] = None) -> Dict[str, int
    stale_cutoff = now - timedelta(days=get_stale_after_days())
    archive_cutoff = now - timedelta(days=get_archive_after_days())

-    counts = {"marked_stale": 0, "archived": 0, "reactivated": 0, "checked": 0, "seeded": 0}
+    counts = {"marked_stale": 0, "archived": 0, "reactivated": 0, "checked": 0}

    for row in _u.agent_created_report():
        counts["checked"] += 1
@@ -292,13 +272,6 @@ def apply_automatic_transitions(now: Optional[datetime] = None) -> Dict[str, int
        if row.get("pinned"):
            continue

-        # First sight of a curation-eligible skill with no persisted record
-        # (e.g. a newly-eligible built-in): anchor its clock to now and defer.
-        if not row.get("_persisted", True):
-            _u.seed_record_if_missing(name)
-            counts["seeded"] += 1
-            continue
-
        last_activity = _parse_iso(row.get("last_activity_at"))
        # If never active, treat created_at as the anchor so new skills don't
        # immediately archive themselves.
@@ -1511,30 +1484,14 @@ def run_curator_review(
                    "error": None,
                }
            else:
-                # When pruning built-ins is enabled, the candidate list now
-                # includes bundled skills. Override the default "don't touch
-                # bundled" rule for them — but only archiving is permitted, and
-                # hub-installed skills remain strictly off-limits.
-                builtins_note = ""
-                if get_prune_builtins():
-                    builtins_note = (
-                        "\n\nPRUNE-BUILTINS MODE IS ON: bundled built-in skills "
-                        "ARE included in the candidate list below and MAY be "
-                        "archived for staleness/irrelevance, overriding hard "
-                        "rule #1 for bundled skills ONLY. Hub-installed skills "
-                        "remain strictly off-limits. Treat a stale built-in the "
-                        "same as a stale agent-created skill: archive it (never "
-                        "delete). It will be restored on `hermes update` only if "
-                        "the user explicitly restores it."
-                    )
                if dry_run:
                    prompt = (
                        f"{CURATOR_DRY_RUN_BANNER}\n\n"
-                        f"{CURATOR_REVIEW_PROMPT}{builtins_note}\n\n"
+                        f"{CURATOR_REVIEW_PROMPT}\n\n"
                        f"{candidate_list}"
                    )
                else:
-                    prompt = f"{CURATOR_REVIEW_PROMPT}{builtins_note}\n\n{candidate_list}"
+                    prompt = f"{CURATOR_REVIEW_PROMPT}\n\n{candidate_list}"
                llm_meta = _run_llm_review(prompt)
                final_summary = (
                    f"{prefix}{auto_summary}; llm: {llm_meta.get('summary', 'no change')}"
--- a/agent/curator_backup.py
+++ b/agent/curator_backup.py
@@ -21,8 +21,6 @@ It DOES include:
    pointer — otherwise the curator would immediately re-fire on the next
    tick)
  - ``.bundled_manifest`` (so protection markers stay consistent)
-  - ``.curator_suppressed`` (so rollback restores the set of pruned built-ins
-    the re-seeder must leave archived)

 Alongside the skills tarball, each snapshot also captures a copy of
 ``~/.hermes/cron/jobs.json`` as ``cron-jobs.json`` when it exists. Cron
--- a/agent/file_safety.py
+++ b/agent/file_safety.py
@@ -451,190 +451,3 @@ def get_cross_profile_warning(path: str) -> Optional[str]:
        f"``cross_profile=True``. (Defense-in-depth — not a security "
        f"boundary; the terminal tool can still bypass.)"
    )
-
-
-# ---------------------------------------------------------------------------
-# Sandbox-mirror write guard (#32049)
-#
-# Non-local terminal backends (Docker, Daytona, etc.) bind a sandbox-local
-# directory to the container's ``$HOME``. The on-disk layout looks like
-#
-#   <HERMES_HOME>/profiles/<name>/sandboxes/<backend>/<task>/home/.hermes/...
-#
-# When the agent (running host-side) speculates that authoritative profile
-# state lives at one of those sandbox-mirror paths, the write lands on the
-# mirror — never read by the host process — while the host file is left
-# untouched. The agent reports success, the user sees no change, and on
-# disk two divergent copies accumulate. See #32049 for evidence.
-#
-# This guard is path-shape-only: it detects the
-# ``…/sandboxes/<backend>/<task>/home/.hermes/…`` segment and warns
-# regardless of which Hermes profile is active. It does NOT cover the
-# inner-container case where the bind mount strips the ``sandboxes/`` prefix
-# (the agent's view inside the container is plain ``/root/.hermes/...``);
-# that case needs a separate dispatch-layer or host-side ``profile_state``
-# tool.
-# ---------------------------------------------------------------------------
-
-
-def _find_sandbox_mirror_segments(parts: tuple) -> Optional[int]:
-    """Return the index of the inner ``.hermes`` part in a sandbox-mirror path.
-
-    Matches ``…/sandboxes/<backend>/<task>/home/.hermes/…`` and returns the
-    index where the inner Hermes-state portion starts. Returns ``None`` for
-    paths that do not contain the sandbox-mirror shape.
-    """
-    for i, part in enumerate(parts):
-        if part != "sandboxes":
-            continue
-        # Need at least: sandboxes / <backend> / <task> / home / .hermes / <thing>
-        if i + 5 >= len(parts):
-            continue
-        if parts[i + 3] == "home" and parts[i + 4] == ".hermes":
-            return i + 4
-    return None
-
-
-def classify_sandbox_mirror_target(path: str) -> Optional[dict]:
-    """Classify a write target as a sandbox-mirror of authoritative Hermes state.
-
-    Returns ``None`` when the path does not match the sandbox-mirror shape.
-    Otherwise returns a dict with:
-
-      * ``target_path``: the resolved path string
-      * ``mirror_root``: the ``…/sandboxes/<backend>/<task>/home/.hermes``
-        prefix (so callers can show users which sandbox owns the mirror)
-      * ``inner_path``: the portion under the mirror's ``.hermes`` (what the
-        agent likely meant to address on the host)
-
-    Detection is path-shape-only — does not require any Hermes resolver to
-    succeed, so it works correctly even when called from contexts where
-    HERMES_HOME resolution would be ambiguous.
-    """
-    try:
-        target = Path(os.path.expanduser(str(path))).resolve()
-    except (OSError, RuntimeError):
-        return None
-
-    parts = target.parts
-    inner_idx = _find_sandbox_mirror_segments(parts)
-    if inner_idx is None:
-        return None
-
-    mirror_root = str(Path(*parts[: inner_idx + 1]))
-    inner_path = str(Path(*parts[inner_idx + 1 :])) if inner_idx + 1 < len(parts) else ""
-
-    return {
-        "target_path": str(target),
-        "mirror_root": mirror_root,
-        "inner_path": inner_path,
-    }
-
-
-def get_sandbox_mirror_warning(path: str) -> Optional[str]:
-    """Return a model-facing warning when ``path`` lands in a sandbox mirror.
-
-    Returns ``None`` when the path is not a sandbox-mirror target. Caller
-    is expected to surface the warning to the agent as a tool-result
-    error. The bypass kwarg (``cross_profile=True``) is shared with the
-    cross-profile guard: both are soft "I know what I'm doing" overrides
-    a user can authorise.
-
-    Defense-in-depth, NOT a security boundary: the terminal tool runs as
-    the same OS user and can write the mirror path directly. The guard
-    exists to surface the misclassification before the silent-success +
-    divergent-copy footgun in #32049 fires.
-    """
-    info = classify_sandbox_mirror_target(path)
-    if info is None:
-        return None
-    return (
-        f"Sandbox-mirror write blocked by soft guard: {info['target_path']} "
-        f"sits under {info['mirror_root']!r}, which is a per-task mirror "
-        f"created by a non-local terminal backend (docker/daytona/etc.). "
-        f"Writes here land on a copy that the host Hermes process never "
-        f"reads — the authoritative file is likely {info['inner_path']!r} "
-        f"under the real HERMES_HOME. Use the host-side tool for "
-        f"authoritative state (e.g. ``memory`` for memories), or address "
-        f"the host path directly. To bypass this guard after explicit "
-        f"user direction, retry the call with ``cross_profile=True``. "
-        f"(Defense-in-depth — not a security boundary; the terminal tool "
-        f"can still bypass.)"
-    )
-
-
-# ---------------------------------------------------------------------------
-# Container-context mirror guard (inner-container case — #32049 follow-up)
-#
-# Brian's shape-based detector (#32213) catches paths that still carry the
-# full ``…/sandboxes/<backend>/<task>/home/.hermes/…`` prefix on the host.
-# But when file tools execute *inside* the container the bind-mount strips
-# that prefix: the agent sees plain ``/root/.hermes/…``.  The root:root
-# ownership on the divergent SOUL.md in #32049 confirms this is the primary
-# failure mode.
-#
-# Fix: file_tools passes the active Docker mirror prefix when the terminal
-# backend is docker + persistent. This catches the very first file-tool call,
-# before a DockerEnvironment object necessarily exists.
-# ---------------------------------------------------------------------------
-
-
-def classify_container_mirror_target(
-    path: str,
-    mirror_prefix: str | None = None,
-) -> Optional[dict]:
-    """Classify a write target as a container-side sandbox mirror.
-
-    ``mirror_prefix`` must be supplied by the caller after it has established
-    that file tools are executing in a container whose home is a sandbox
-    mirror. Returns ``None`` when no such context is active or the path is not
-    under the mirror prefix. Otherwise returns:
-
-      * ``target_path``: resolved path string
-      * ``mirror_root``: the declared container mirror prefix
-      * ``inner_path``: portion under the mirror root (what the agent
-        likely meant to address in the host HERMES_HOME)
-    """
-    if not mirror_prefix:
-        return None
-    try:
-        target = Path(os.path.expanduser(str(path))).resolve()
-        mirror = Path(os.path.expanduser(mirror_prefix)).resolve()
-        inner = target.relative_to(mirror)
-    except (OSError, RuntimeError, ValueError):
-        return None
-    return {
-        "target_path": str(target),
-        "mirror_root": str(mirror),
-        "inner_path": inner.as_posix(),
-    }
-
-
-def get_container_mirror_warning(
-    path: str,
-    mirror_prefix: str | None = None,
-) -> Optional[str]:
-    """Return a model-facing warning when *path* lands in the container's
-    sandbox mirror of authoritative Hermes state.
-
-    The caller supplies ``mirror_prefix`` only when the current file-tool
-    backend is known to execute inside a Docker sandbox. Same contract as
-    ``get_cross_profile_warning``: soft guard, returns ``None`` for
-    non-mirror paths, caller surfaces as a tool-result error. Bypass via
-    ``cross_profile=True`` after explicit user direction.
-    """
-    info = classify_container_mirror_target(path, mirror_prefix)
-    if info is None:
-        return None
-    return (
-        f"Sandbox-mirror write blocked by soft guard: {info['target_path']} "
-        f"sits under {info['mirror_root']!r}, which is the container's "
-        f"bind-mounted home — a per-task mirror that the host Hermes "
-        f"process never reads. The authoritative file is "
-        f"{info['inner_path']!r} under the real HERMES_HOME. Use the "
-        f"host-side tool for authoritative state (e.g. ``memory`` for "
-        f"memories), or address the host path directly. To bypass after "
-        f"explicit user direction, retry with ``cross_profile=True``. "
-        f"(Defense-in-depth — not a security boundary; the terminal tool "
-        f"can still bypass.)"
-    )
--- a/agent/memory_manager.py
+++ b/agent/memory_manager.py
@@ -491,7 +491,6 @@ class MemoryManager:
        *,
        parent_session_id: str = "",
        reset: bool = False,
-        rewound: bool = False,
        **kwargs,
    ) -> None:
        """Notify all providers that the agent's session_id has rotated.
@@ -504,21 +503,9 @@ class MemoryManager:
        per-session state so subsequent writes land in the correct
        session's record. See ``MemoryProvider.on_session_switch`` for
        the full contract.
-
-        ``rewound=True`` signals that session_id is unchanged but the
-        transcript was truncated; providers caching per-turn document
-        state should invalidate.
        """
        if not new_session_id:
            return
-        # Only forward ``rewound`` when it's actually set. Passing it
-        # unconditionally would inject ``rewound=False`` into every
-        # provider's **kwargs for the common /resume, /branch, /new, and
-        # compression paths, polluting providers that capture extra kwargs
-        # (and breaking exact-dict assertions). The /undo path sets
-        # rewound=True explicitly; everyone else stays clean.
-        if rewound:
-            kwargs["rewound"] = True
        for provider in self._providers:
            try:
                provider.on_session_switch(
--- a/agent/memory_provider.py
+++ b/agent/memory_provider.py
@@ -178,7 +178,6 @@ class MemoryProvider(ABC):
        *,
        parent_session_id: str = "",
        reset: bool = False,
-        rewound: bool = False,
        **kwargs,
    ) -> None:
        """Called when the agent switches session_id mid-process.
@@ -208,10 +207,6 @@ class MemoryProvider(ABC):
            (``_session_turns``, ``_turn_counter``, etc.) when this is
            set. ``False`` for ``/resume`` / ``/branch`` / compression
            where the logical conversation continues under the new id.
-        rewound:
-            ``True`` if session_id is unchanged but the transcript was
-            truncated; providers caching per-turn document state should
-            invalidate.

        Default is no-op for backward compatibility.
        """
--- a/agent/model_metadata.py
+++ b/agent/model_metadata.py
@@ -200,12 +200,8 @@ DEFAULT_CONTEXT_LENGTHS = {
    "qwen3-coder-plus": 1000000,  # 1M context
    "qwen3-coder": 262144,        # 256K context
    "qwen": 131072,
-    # MiniMax — M3 is 1M context (max output 512K); M2.x series is 204,800.
-    # Keys use substring matching (longest-first), so "minimax-m3" wins over
-    # the generic "minimax" catch-all for the M3 slug on every surface
-    # (native MiniMax-M3, OpenRouter/Nous minimax/minimax-m3).
-    # https://platform.minimax.io/docs/api-reference/text-chat-openai
-    "minimax-m3": 1000000,
+    # MiniMax — official docs: 204,800 context for all models
+    # https://platform.minimax.io/docs/api-reference/text-anthropic-api
    "minimax": 204800,
    # GLM
    "glm": 202752,
@@ -1128,18 +1124,6 @@ def _model_name_suggests_kimi(model: str) -> bool:
    return lower.startswith("kimi") or "moonshot" in lower


-def _model_name_suggests_minimax_m3(model: str) -> bool:
-    """Return True if the model name looks like MiniMax M3.
-
-    Catches ``MiniMax-M3``, ``minimax/minimax-m3``, and similar variants
-    across surfaces (native MiniMax-M3, OpenRouter/Nous minimax/minimax-m3).
-    Used as a guard against stale cache entries seeded by pre-catalog builds
-    that resolved M3 via the generic ``minimax`` catch-all (204,800) before
-    the ``minimax-m3`` (1M) entry existed in DEFAULT_CONTEXT_LENGTHS.
-    """
-    return "minimax-m3" in model.lower()
-
-
 def _query_local_context_length(model: str, base_url: str, api_key: str = "") -> Optional[int]:
    """Query a local server for the model's context length."""
    import httpx
@@ -1551,19 +1535,6 @@ def get_model_context_length(
                    model, base_url, f"{cached:,}",
                )
                _invalidate_cached_context_length(model, base_url)
-            # Invalidate stale ≤204,800 cache entries for MiniMax-M3.  Pre-catalog
-            # builds resolved M3 via the generic ``minimax`` catch-all (204,800)
-            # and persisted it before the ``minimax-m3`` (1M) entry existed; that
-            # stale value would otherwise stick forever here at step 1.  M3 is 1M,
-            # so any sub-256K cached value for an M3 slug is a leftover — drop it
-            # and fall through to the hardcoded default.
-            elif cached <= 204_800 and _model_name_suggests_minimax_m3(model):
-                logger.info(
-                    "Dropping stale MiniMax-M3 cache entry %s@%s -> %s (pre-catalog value); "
-                    "re-resolving via hardcoded defaults",
-                    model, base_url, f"{cached:,}",
-                )
-                _invalidate_cached_context_length(model, base_url)
            # Nous Portal: the portal /v1/models endpoint is authoritative.
            # Bypass the persistent cache so step 5b can always reconcile
            # against it — this corrects pre-fix entries seeded from the
@@ -1596,8 +1567,11 @@ def get_model_context_length(
        and base_url_host_matches(base_url, "amazonaws.com")
    ):
        try:
-            from agent.bedrock_adapter import get_bedrock_context_length
-            return get_bedrock_context_length(model)
+            from agent.plugin_registries import registries
+            _bedrock = registries.get_provider_namespace("bedrock")
+            get_bedrock_context_length = _bedrock.get("get_bedrock_context_length")
+            if get_bedrock_context_length is not None:
+                return get_bedrock_context_length(model)
        except ImportError:
            pass  # boto3 not installed — fall through to generic resolution

--- a/agent/moonshot_schema.py
+++ b/agent/moonshot_schema.py
@@ -15,6 +15,18 @@ and MoonshotAI/kimi-cli#1595:
 2. When ``anyOf`` is used, ``type`` must be on the ``anyOf`` children, not
   the parent.  Presence of both causes "type should be defined in anyOf
   items instead of the parent schema".
+3. ``enum`` arrays on scalar-typed nodes may not contain ``null`` or empty
+   strings.  Strip those entries (drop the enum entirely if it becomes empty).
+4. ``$ref`` nodes may not carry sibling keywords.  Moonshot expands the
+   reference before validation and then rejects the node if sibling keys
+   like ``description`` remain on the same node as ``$ref``.  Strip every
+   sibling from ``$ref`` nodes so only ``{"$ref": "..."}`` survives.
+   (Ported from anomalyco/opencode#24730.)
+5. ``items`` may not be a tuple-style array (``items: [schemaA, schemaB]``
+   for positional element schemas).  Moonshot's schema engine requires a
+   single object schema applied to every array element.  Collapse tuple
+   ``items`` to the first element schema (or ``{}`` if the tuple is empty).
+   (Ported from anomalyco/opencode#24730.)

 The ``#/definitions/...`` → ``#/$defs/...`` rewrite for draft-07 refs is
 handled separately in ``tools/mcp_tool._normalize_mcp_input_schema`` so it
@@ -66,6 +78,16 @@ def _repair_schema(node: Any, is_schema: bool = True) -> Any:
            }
        elif key in _SCHEMA_LIST_KEYS and isinstance(value, list):
            repaired[key] = [_repair_schema(v, is_schema=True) for v in value]
+        elif key == "items" and isinstance(value, list):
+            # Rule 5: tuple-style ``items`` arrays (positional element
+            # schemas) are not accepted by Moonshot.  Collapse to the
+            # first element schema if present, else to ``{}``.  This
+            # matches opencode's behaviour for moonshotai / kimi models.
+            first = value[0] if value else {}
+            if isinstance(first, dict):
+                repaired[key] = _repair_schema(first, is_schema=True)
+            else:
+                repaired[key] = first
        elif key in _SCHEMA_NODE_KEYS:
            # items / not / additionalProperties: single nested schema.
            # additionalProperties can also be a bool — leave those alone.
@@ -130,6 +152,15 @@ def _repair_schema(node: Any, is_schema: bool = True) -> Any:
            else:
                repaired.pop("enum")

+    # Rule 4: $ref nodes must not have sibling keywords.  Moonshot expands
+    # the reference before validation and then rejects the node if siblings
+    # like ``description`` / ``type`` / ``default`` appear alongside $ref.
+    # The referenced definition still carries its own description on the
+    # target node, which Moonshot accepts.
+    # (Ported from anomalyco/opencode#24730.)
+    if "$ref" in repaired:
+        return {"$ref": repaired["$ref"]}
+
    return repaired


--- a/agent/plugin_registries.py
+++ b/agent/plugin_registries.py
@@ -0,0 +1,586 @@
+"""Plugin capability registries.
+
+Each plugin's ``register(ctx)`` function populates these registries via
+``ctx.register_<capability>()``.  The core codebase then queries the
+registries instead of importing from plugin packages directly.
+
+This is the **only** coupling point between the core and plugins: the core
+imports from ``agent.plugin_registries``, never from ``hermes_agent_*``.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from typing import (
+    Any,
+    Callable,
+    Dict,
+    List,
+    Optional,
+    Protocol,
+    Sequence,
+    Tuple,
+    Type,
+    runtime_checkable,
+)
+
+
+# ---------------------------------------------------------------------------
+# Auth providers
+# ---------------------------------------------------------------------------
+
+@runtime_checkable
+class AuthProvider(Protocol):
+    """A plugin that can provide or check authentication credentials.
+
+    Registered via ``ctx.register_auth_provider(name, provider)``.
+    Queried by ``hermes_cli/auth_commands.py``, ``doctor.py``, etc.
+    """
+
+    @property
+    def name(self) -> str: ...
+
+    def has_credentials(self) -> bool:
+        """Return True if the required credentials are present in env/config."""
+        ...
+
+    def check_env_vars(self) -> Dict[str, str | None]:
+        """Return a dict of env-var-name → current-value (or None if unset).
+
+        Used by ``hermes doctor`` to display credential status.
+        """
+        ...
+
+    def resolve_token(self, **kwargs: Any) -> Any:
+        """Resolve and return an auth token/credential for the provider.
+
+        The return type is provider-specific (string, tuple, object, etc.).
+        """
+        ...
+
+    def refresh_token(self, **kwargs: Any) -> Any:
+        """Refresh an existing token.  Raises if refresh is not supported."""
+        ...
+
+
+@dataclass
+class AuthProviderEntry:
+    provider: AuthProvider
+    """The auth provider instance."""
+
+    cli_group: str = ""
+    """CLI argument group name (e.g. 'Anthropic', 'AWS / Bedrock')."""
+
+    setup_subcommands: bool = False
+    """Whether this provider adds CLI auth subcommands (login, logout, etc.)."""
+
+
+# ---------------------------------------------------------------------------
+# Transport builders
+# ---------------------------------------------------------------------------
+
+@runtime_checkable
+class TransportBuilder(Protocol):
+    """A plugin that builds clients and converts messages for a model transport.
+
+    Registered via ``ctx.register_transport(name, builder)``.
+    Queried by ``agent/transports/`` and ``agent/auxiliary_client.py``.
+    """
+
+    def build_client(self, **kwargs: Any) -> Any:
+        """Build and return a provider-specific API client."""
+        ...
+
+    def build_kwargs(self, **kwargs: Any) -> Dict[str, Any]:
+        """Build the kwargs dict for a provider-specific API call."""
+        ...
+
+    def convert_messages(self, messages: Sequence[Any], **kwargs: Any) -> Any:
+        """Convert internal message format to provider-specific format."""
+        ...
+
+    def convert_tools(self, tools: Sequence[Any], **kwargs: Any) -> Any:
+        """Convert internal tool format to provider-specific format."""
+        ...
+
+    def normalize_response(self, response: Any, **kwargs: Any) -> Any:
+        """Normalize a provider-specific response into the internal format."""
+        ...
+
+
+# ---------------------------------------------------------------------------
+# Platform adapters
+# ---------------------------------------------------------------------------
+
+@dataclass
+class PlatformAdapterEntry:
+    """A registered platform adapter.
+
+    Registered via ``ctx.register_platform(name, entry)``.
+    Queried by ``gateway/run.py`` and ``tools/send_message_tool.py``.
+    """
+    name: str
+    """Platform identifier (e.g. 'telegram', 'slack')."""
+
+    adapter_class: Type
+    """The adapter class (e.g. TelegramAdapter)."""
+
+    check_requirements: Callable[[], bool]
+    """Check if the platform's dependencies are installed and configured."""
+
+    available_flag: str = ""
+    """Name of the module-level AVAILABLE boolean, if any."""
+
+    constants: Dict[str, Any] = field(default_factory=dict)
+    """Platform-specific constants (e.g. FEISHU_DOMAIN, LARK_DOMAIN)."""
+
+    helper_functions: Dict[str, Callable] = field(default_factory=dict)
+    """Platform-specific helper functions (e.g. probe_bot, qr_register)."""
+
+
+# ---------------------------------------------------------------------------
+# Tool providers
+# ---------------------------------------------------------------------------
+
+@dataclass
+class ToolProviderEntry:
+    """A registered tool provider.
+
+    Registered via ``ctx.register_tool_provider(name, entry)``.
+    Queried by ``tools/`` modules.
+    """
+    name: str
+    """Tool identifier (e.g. 'tts', 'stt', 'fal', 'daytona')."""
+
+    tool_functions: Dict[str, Callable] = field(default_factory=dict)
+    """Tool functions keyed by name (e.g. 'text_to_speech_tool', 'transcribe_audio')."""
+
+    check_fn: Optional[Callable] = None
+    """Check if the tool's dependencies are available."""
+
+    constants: Dict[str, Any] = field(default_factory=dict)
+    """Tool-specific constants (e.g. MAX_FILE_SIZE)."""
+
+    config_functions: Dict[str, Callable] = field(default_factory=dict)
+    """Config/utility functions (e.g. _get_provider, _load_stt_config)."""
+
+    environment_classes: Dict[str, Type] = field(default_factory=dict)
+    """Environment classes for terminal backends (e.g. DaytonaEnvironment)."""
+
+
+# ---------------------------------------------------------------------------
+# Model metadata providers
+# ---------------------------------------------------------------------------
+
+@dataclass
+class ModelMetadataEntry:
+    """A registered model metadata provider.
+
+    Registered via ``ctx.register_model_metadata(name, entry)``.
+    Queried by ``agent/model_metadata.py`` and CLI model commands.
+    """
+    name: str
+    """Provider identifier (e.g. 'anthropic', 'bedrock')."""
+
+    get_context_length: Optional[Callable[[str], int | None]] = None
+    """Return the context length for a model name, or None if unknown."""
+
+    list_models: Optional[Callable[[], List[str]]] = None
+    """Return a list of known model IDs for this provider."""
+
+    constants: Dict[str, Any] = field(default_factory=dict)
+    """Provider-specific constants (e.g. _COMMON_BETAS, betas lists)."""
+
+
+# ---------------------------------------------------------------------------
+# Credential pool entries
+# ---------------------------------------------------------------------------
+
+@dataclass
+class CredentialPoolEntry:
+    """A registered credential pool provider.
+
+    Registered via ``ctx.register_credential_pool(name, entry)``.
+    Queried by ``agent/credential_pool.py``.
+    """
+    name: str
+    """Provider identifier (e.g. 'anthropic')."""
+
+    read_credentials: Optional[Callable] = None
+    """Read stored credentials."""
+
+    write_credentials: Optional[Callable] = None
+    """Write/store credentials."""
+
+    refresh_credentials: Optional[Callable] = None
+    """Refresh stored credentials."""
+
+    read_oauth: Optional[Callable] = None
+    """Read OAuth credentials."""
+
+
+# ---------------------------------------------------------------------------
+# Provider resolvers
+# ---------------------------------------------------------------------------
+
+@runtime_checkable
+class ProviderResolver(Protocol):
+    """A plugin that resolves an auxiliary client for a specific provider.
+
+    Registered via ``ctx.register_provider_resolver(provider_name, resolver)``.
+    Queried by ``agent/auxiliary_client.py`` in ``resolve_provider_client()``.
+    """
+
+    def __call__(
+        self,
+        *,
+        model: str | None = None,
+        explicit_api_key: str | None = None,
+        explicit_base_url: str | None = None,
+        async_mode: bool = False,
+        is_vision: bool = False,
+        main_runtime: dict | None = None,
+        api_mode: str | None = None,
+    ) -> tuple[Any, str] | tuple[None, None]:
+        """Return ``(client, default_model)`` or ``(None, None)`` if unavailable."""
+        ...
+
+
+# ---------------------------------------------------------------------------
+# Credential pool hooks
+# ---------------------------------------------------------------------------
+
+@dataclass
+class CredentialPoolHook:
+    """Provider-specific credential pool operations.
+
+    Registered via ``ctx.register_credential_pool_hook(provider_name, hook)``.
+    Queried by ``agent/credential_pool.py``.
+    """
+
+    sync_from_credentials_file: Optional[Callable] = None
+    """Sync a pool entry from an external credentials file (e.g. ~/.claude/.credentials.json)."""
+
+    refresh_oauth: Optional[Callable] = None
+    """Refresh an OAuth token for a pool entry."""
+
+    should_include_in_pool: Optional[Callable] = None
+    """Return True if this provider's credentials should be included in the pool."""
+
+    needs_refresh: Optional[Callable] = None
+    """Return True if an OAuth entry needs a token refresh."""
+
+    source_priority: Optional[Callable] = None
+    """Return integer priority for a credential source (lower = preferred)."""
+
+    discover_credentials: Optional[Callable] = None
+    """Discover external credentials and upsert into the pool entries.
+
+    Signature: (entries: list, provider: str, is_suppressed: Callable) -> (changed: bool, active_sources: set)
+    """
+
+    env_var_order: Optional[list] = None
+    """Override env var scan order for this provider (e.g. ['ANTHROPIC_TOKEN', 'CLAUDE_CODE_OAUTH_TOKEN', 'ANTHROPIC_API_KEY'])."""
+
+    detect_auth_type: Optional[Callable] = None
+    """Given a token string, return the auth type for this provider.
+
+    Signature: (token: str) -> str  (e.g. AUTH_TYPE_OAUTH or AUTH_TYPE_API_KEY)
+    """
+
+
+# ---------------------------------------------------------------------------
+# Pricing providers
+# ---------------------------------------------------------------------------
+
+# Re-export PricingEntry from usage_pricing — that's the canonical definition
+# with Decimal fields. The registry stores these directly keyed by (provider, model).
+# Lazy import to avoid circular dependency (usage_pricing imports registries at runtime).
+def _get_pricing_entry_class():
+    from agent.usage_pricing import PricingEntry
+    return PricingEntry
+
+
+# ---------------------------------------------------------------------------
+# Provider overlays
+# ---------------------------------------------------------------------------
+
+@dataclass
+class ProviderOverlayEntry:
+    """A provider overlay registered by a plugin.
+
+    Registered via ``ctx.register_provider_overlay(provider_name, entry)``.
+    Queried by ``hermes_cli/providers.py``.
+
+    This mirrors the fields of ``HermesOverlay`` so that providers.py
+    can merge plugin-registered overlays seamlessly.
+    """
+
+    provider_name: str
+    """Primary provider name (e.g. 'anthropic', 'bedrock')."""
+
+    transport: str = "openai_chat"
+    """Transport type: openai_chat | anthropic_messages | codex_responses | bedrock_converse"""
+
+    is_aggregator: bool = False
+    """Whether this provider aggregates multiple model providers."""
+
+    auth_type: str = "api_key"
+    """Auth type: api_key | oauth_device_code | oauth_external | aws_sdk | external_process"""
+
+    extra_env_vars: Tuple[str, ...] = ()
+    """Environment variable names that indicate this provider is configured."""
+
+    base_url_override: str = ""
+    """Override if models.dev URL is wrong/missing."""
+
+    base_url_env_var: str = ""
+    """Env var for user-custom base URL."""
+
+    display_name: str = ""
+    """Human-readable name for the provider (e.g. 'Anthropic', 'AWS Bedrock')."""
+
+    aliases: List[str] = field(default_factory=list)
+    """Alternative names that resolve to this provider."""
+
+
+# ---------------------------------------------------------------------------
+# The global registries (singleton)
+# ---------------------------------------------------------------------------
+
+class PluginRegistries:
+    """Central store for all plugin-registered capabilities.
+
+    A single instance is created at import time and shared across the
+    process.  Plugins populate it during ``register()``; the core
+    queries it at runtime.
+    """
+
+    def __init__(self) -> None:
+        self.auth_providers: Dict[str, AuthProviderEntry] = {}
+        self.transport_builders: Dict[str, TransportBuilder] = {}
+        self._transports: Dict[str, type] = {}
+        self.platform_adapters: Dict[str, PlatformAdapterEntry] = {}
+        self.tool_providers: Dict[str, ToolProviderEntry] = {}
+        self.model_metadata: Dict[str, ModelMetadataEntry] = {}
+        self.credential_pools: Dict[str, CredentialPoolEntry] = {}
+        self._provider_services: Dict[str, Dict[str, Any]] = {}
+        self._provider_resolvers: Dict[str, Callable] = {}
+        self._credential_pool_hooks: Dict[str, CredentialPoolHook] = {}
+        self._pricing_providers: Dict[tuple, Any] = {}
+        self._provider_overlays: Dict[str, ProviderOverlayEntry] = {}
+
+    # -- registration methods (called from PluginContext) --------------------
+
+    def register_auth_provider(
+        self,
+        name: str,
+        provider: AuthProvider,
+        *,
+        cli_group: str = "",
+        setup_subcommands: bool = False,
+    ) -> None:
+        self.auth_providers[name] = AuthProviderEntry(
+            provider=provider,
+            cli_group=cli_group,
+            setup_subcommands=setup_subcommands,
+        )
+
+    def register_transport(self, name: str, builder: TransportBuilder) -> None:
+        self.transport_builders[name] = builder
+
+    def register_platform(self, entry: PlatformAdapterEntry) -> None:
+        self.platform_adapters[entry.name] = entry
+
+    def register_tool_provider(self, entry: ToolProviderEntry) -> None:
+        self.tool_providers[entry.name] = entry
+
+    def register_model_metadata(self, entry: ModelMetadataEntry) -> None:
+        self.model_metadata[entry.name] = entry
+
+    def register_credential_pool(self, entry: CredentialPoolEntry) -> None:
+        self.credential_pools[entry.name] = entry
+
+    def register_provider_resolver(self, name: str, resolver: Callable) -> None:
+        """Register a provider resolver callable.
+
+        The resolver is called by ``resolve_provider_client()`` to create an
+        auxiliary client for a specific provider.  Signature::
+
+            def resolver(
+                *,
+                model: str | None,
+                explicit_api_key: str | None,
+                explicit_base_url: str | None,
+                async_mode: bool,
+                is_vision: bool,
+                main_runtime: dict | None,
+                api_mode: str | None,
+            ) -> tuple[Any, str] | tuple[None, None]:
+                ...
+
+        Returns ``(client, default_model)`` or ``(None, None)``.
+        """
+        self._provider_resolvers[name] = resolver
+
+    def register_credential_pool_hook(self, name: str, hook: CredentialPoolHook) -> None:
+        """Register a credential pool hook for provider-specific pool operations."""
+        self._credential_pool_hooks[name] = hook
+
+    def register_pricing_provider(self, name: str, entries: List[tuple]) -> None:
+        """Register pricing entries for a provider.
+
+        Each entry is a (provider, model, PricingEntry) tuple so the
+        lookup key matches the (provider, model) pattern used by
+        _OFFICIAL_DOCS_PRICING.
+        """
+        for prov, model, entry in entries:
+            self._pricing_providers[(prov, model)] = entry
+
+    def register_provider_overlay(self, entry: ProviderOverlayEntry) -> None:
+        """Register a provider overlay entry from a plugin."""
+        self._provider_overlays[entry.provider_name] = entry
+
+    # -- query helpers -------------------------------------------------------
+
+    def get_auth_provider(self, name: str) -> AuthProviderEntry | None:
+        return self.auth_providers.get(name)
+
+    def get_transport(self, name: str) -> TransportBuilder | None:
+        return self.transport_builders.get(name)
+
+    def get_platform(self, name: str) -> PlatformAdapterEntry | None:
+        return self.platform_adapters.get(name)
+
+    def get_tool_provider(self, name: str) -> ToolProviderEntry | None:
+        return self.tool_providers.get(name)
+
+    def get_model_metadata(self, name: str) -> ModelMetadataEntry | None:
+        return self.model_metadata.get(name)
+
+    def get_credential_pool(self, name: str) -> CredentialPoolEntry | None:
+        return self.credential_pools.get(name)
+
+    def get_provider_resolver(self, name: str) -> Callable | None:
+        """Return the registered resolver for a provider, or None."""
+        return self._provider_resolvers.get(name)
+
+    def get_credential_pool_hook(self, name: str) -> CredentialPoolHook | None:
+        """Return the registered credential pool hook for a provider, or None."""
+        return self._credential_pool_hooks.get(name)
+
+    def get_pricing_entry(self, provider: str, model: str) -> Any:
+        """Return a registered pricing entry for (provider, model), or None."""
+        return self._pricing_providers.get((provider, model))
+
+    def all_pricing_entries(self) -> Dict[tuple, Any]:
+        """Return all registered pricing entries (keyed by (provider, model))."""
+        return dict(self._pricing_providers)
+
+    def get_provider_overlay(self, name: str) -> ProviderOverlayEntry | None:
+        """Return a registered provider overlay, or None."""
+        return self._provider_overlays.get(name)
+
+    def all_provider_overlays(self) -> Dict[str, ProviderOverlayEntry]:
+        """Return all registered provider overlays."""
+        return dict(self._provider_overlays)
+
+    def all_auth_providers(self) -> List[AuthProviderEntry]:
+        return list(self.auth_providers.values())
+
+    def all_platforms(self) -> List[PlatformAdapterEntry]:
+        return list(self.platform_adapters.values())
+
+    def all_tool_providers(self) -> List[ToolProviderEntry]:
+        return list(self.tool_providers.values())
+
+    # -- provider services (model-provider namespace) -----------------------
+
+    def register_provider_services(self, name: str, services: Dict[str, Any]) -> None:
+        """Register a namespace dict of provider-specific services.
+
+        This is the escape hatch for model-provider plugins that expose many
+        symbols (anthropic has 50+).  Each plugin registers its public surface
+        as a flat dict of ``{symbol_name: callable_or_value}``.  Core code
+        looks up specific symbols instead of importing from the plugin
+        package directly.
+
+        Each callable value is stored as a *lazy module-attribute reference*
+        so that ``unittest.mock.patch("pkg.mod.fn")`` works correctly in
+        tests — the registry re-reads ``mod.fn`` on every lookup instead of
+        capturing the function object at register time.
+
+        Example::
+
+            registries.register_provider_services("anthropic", {
+                "build_anthropic_client": build_anthropic_client,
+                "resolve_anthropic_token": resolve_anthropic_token,
+                "_is_oauth_token": _is_oauth_token,
+                ...
+            })
+        """
+        import sys
+
+        def _make_lazy(fn: Any) -> Any:
+            """Return a lazy wrapper that re-reads fn from its module each call.
+
+            This makes mock.patch() on the module attribute work transparently —
+            the registry never caches the function object, just the reference path.
+            """
+            if not callable(fn):
+                return fn
+            module = getattr(fn, "__module__", None)
+            qualname = getattr(fn, "__qualname__", None)
+            if not module or not qualname or "." in qualname:
+                # non-simple attribute (lambda, nested fn, class method) — store directly
+                return fn
+
+            class _LazyRef:
+                __slots__ = ("_mod", "_attr", "_fallback")
+
+                def __init__(self, mod: str, attr: str, fallback: Any) -> None:
+                    self._mod = mod
+                    self._attr = attr
+                    self._fallback = fallback
+
+                def _resolve(self) -> Any:
+                    mod = sys.modules.get(self._mod)
+                    return getattr(mod, self._attr, self._fallback) if mod else self._fallback
+
+                def __call__(self, *args: Any, **kwargs: Any) -> Any:
+                    return self._resolve()(*args, **kwargs)
+
+                def __getattr__(self, name: str) -> Any:
+                    if name.startswith("_"):
+                        raise AttributeError(name)
+                    return getattr(self._resolve(), name)
+
+                def __repr__(self) -> str:  # pragma: no cover
+                    return f"<LazyRef {self._mod}.{self._attr}>"
+
+                # Allow isinstance checks and hasattr to pass through
+                def __bool__(self) -> bool:
+                    return True
+
+            return _LazyRef(module, qualname, fn)
+
+        self._provider_services[name] = {k: _make_lazy(v) for k, v in services.items()}
+
+    def get_provider_service(self, provider: str, name: str) -> Any:
+        """Look up a single symbol from a provider's service namespace.
+
+        Returns ``None`` if the provider is not registered or the symbol
+        doesn't exist.
+        """
+        ns = self._provider_services.get(provider)
+        if ns is None:
+            return None
+        return ns.get(name)
+
+    def get_provider_namespace(self, provider: str) -> Dict[str, Any]:
+        """Return the full service namespace dict for a provider (empty dict if unregistered)."""
+        return self._provider_services.get(provider, {})
+
+
+# Module-level singleton — the one and only instance.
+registries = PluginRegistries()
--- a/agent/prompt_builder.py
+++ b/agent/prompt_builder.py
@@ -14,7 +14,6 @@ from pathlib import Path
 from hermes_constants import get_hermes_home, get_skills_dir, is_wsl
 from typing import Optional

-from agent.runtime_cwd import resolve_agent_cwd
 from agent.skill_utils import (
    extract_skill_conditions,
    extract_skill_description,
@@ -803,7 +802,7 @@ def build_environment_hints() -> str:

        host_lines.append(f"User home directory: {os.path.expanduser('~')}")
        try:
-            host_lines.append(f"Current working directory: {resolve_agent_cwd()}")
+            host_lines.append(f"Current working directory: {os.getcwd()}")
        except OSError:
            pass

--- a/agent/runtime_cwd.py
+++ b/agent/runtime_cwd.py
@@ -1,33 +0,0 @@
-"""Single source of truth for the agent working directory.
-
-`TERMINAL_CWD` is the runtime carrier for the configured working directory
-(design #19214/#19242: `terminal.cwd` is bridged once to `TERMINAL_CWD` at
-gateway/cron startup). The local-CLI backend deliberately leaves it unset and
-relies on the launch dir. Reading it in one place keeps the system prompt, the
-tool surfaces, and context-file discovery agreeing on where the agent lives.
-
-The #29531 per-session extension point is this function: a future PR adds a
-contextvar arm inside `resolve_agent_cwd` and `.set()`s it at the
-`set_session_vars` seam — by design, not a reopening hazard.
-"""
-
-import os
-from pathlib import Path
-
-
-def resolve_agent_cwd() -> Path:
-    raw = os.environ.get("TERMINAL_CWD", "").strip()
-    if raw:
-        p = Path(raw).expanduser()
-        if p.is_dir():
-            return p
-    return Path(os.getcwd())
-
-
-def resolve_context_cwd() -> Path | None:
-    # None means "no configured cwd": build_context_files_prompt then falls back
-    # to the launch dir (os.getcwd()) — correct for the local CLI. The gateway
-    # avoids slurping its install dir by setting TERMINAL_CWD (see system_prompt.py).
-    # No getcwd arm here: that fallback is owned by the caller, not this resolver.
-    raw = os.environ.get("TERMINAL_CWD", "").strip()
-    return Path(raw).expanduser() if raw else None
--- a/agent/system_prompt.py
+++ b/agent/system_prompt.py
@@ -24,6 +24,7 @@ Pure helpers that read the agent's state.  AIAgent keeps thin forwarders.
 from __future__ import annotations

 import json
+import os
 from typing import Any, Dict, List, Optional

 from agent.prompt_builder import (
@@ -40,7 +41,6 @@ from agent.prompt_builder import (
    TOOL_USE_ENFORCEMENT_GUIDANCE,
    TOOL_USE_ENFORCEMENT_MODELS,
 )
-from agent.runtime_cwd import resolve_context_cwd


 def _ra():
@@ -288,12 +288,13 @@ def build_system_prompt_parts(agent: Any, system_message: Optional[str] = None)
        context_parts.append(system_message)

    if not agent.skip_context_files:
-        # Prefer the configured TERMINAL_CWD (gateway mode). When unset (local
-        # CLI), None lets build_context_files_prompt fall back to the launch
-        # dir — the user's real cwd there, but the install dir for the gateway
-        # daemon, which is why the gateway sets TERMINAL_CWD.
+        # Use TERMINAL_CWD for context file discovery when set (gateway
+        # mode).  The gateway process runs from the hermes-agent install
+        # dir, so os.getcwd() would pick up the repo's AGENTS.md and
+        # other dev files — inflating token usage by ~10k for no benefit.
+        _context_cwd = os.getenv("TERMINAL_CWD") or None
        context_files_prompt = _r.build_context_files_prompt(
-            cwd=resolve_context_cwd(), skip_soul=_soul_loaded)
+            cwd=_context_cwd, skip_soul=_soul_loaded)
        if context_files_prompt:
            context_parts.append(context_files_prompt)

--- a/agent/transports/init.py
+++ b/agent/transports/init.py
@@ -47,9 +47,16 @@ def get_transport(api_mode: str):


 def _discover_transports() -> None:
-    """Import all transport modules to trigger auto-registration."""
+    """Import all transport modules to trigger auto-registration.
+
+    Also checks the plugin registry for transports registered by plugins
+    (e.g. anthropic_messages from the anthropic plugin, bedrock_converse
+    from the bedrock plugin).  Plugin-registered transports take priority
+    over core fallbacks when both exist.
+    """
    global _discovered
    _discovered = True
+    # Core transport modules (registered automatically — no plugin needed)
    try:
        import agent.transports.anthropic  # noqa: F401
    except ImportError:
@@ -62,7 +69,10 @@ def _discover_transports() -> None:
        import agent.transports.chat_completions  # noqa: F401
    except ImportError:
        pass
+    # Plugin-registered transports (override core fallbacks)
    try:
-        import agent.transports.bedrock  # noqa: F401
+        from agent.plugin_registries import registries
+        for api_mode, transport_cls in registries._transports.items():
+            _REGISTRY.setdefault(api_mode, transport_cls)
    except ImportError:
        pass
--- a/agent/transports/anthropic.py
+++ b/agent/transports/anthropic.py
@@ -1,41 +1,53 @@
-"""Anthropic Messages API transport.
+"""Anthropic Messages API transport — core module.

-Delegates to the existing adapter functions in agent/anthropic_adapter.py.
-This transport owns format conversion and normalization — NOT client lifecycle.
+Owns format conversion and response normalization for the ``anthropic_messages``
+wire format.  No SDK dependency; all wire-format logic lives in
+:mod:`agent.anthropic_format`.
 """

+import json
 from typing import Any, Dict, List, Optional

+from agent.anthropic_format import (
+    build_anthropic_kwargs,
+    convert_messages_to_anthropic,
+    convert_tools_to_anthropic,
+    _to_plain_data,
+)
 from agent.transports.base import ProviderTransport
-from agent.transports.types import NormalizedResponse
+from agent.transports.types import NormalizedResponse, ToolCall


 class AnthropicTransport(ProviderTransport):
    """Transport for api_mode='anthropic_messages'.

-    Wraps the existing functions in anthropic_adapter.py behind the
-    ProviderTransport ABC.  Each method delegates — no logic is duplicated.
+    Uses core functions directly from :mod:`agent.anthropic_format` — no
+    plugin registry lookups needed.  This means core tests, bedrock tests,
+    and any other consumer of the anthropic wire format work without the
+    anthropic plugin being registered.
    """

+    _STOP_REASON_MAP = {
+        "end_turn": "stop",
+        "tool_use": "tool_calls",
+        "max_tokens": "length",
+        "stop_sequence": "stop",
+        "refusal": "content_filter",
+        "model_context_window_exceeded": "length",
+    }
+
    @property
    def api_mode(self) -> str:
        return "anthropic_messages"

    def convert_messages(self, messages: List[Dict[str, Any]], **kwargs) -> Any:
-        """Convert OpenAI messages to Anthropic (system, messages) tuple.
-
-        kwargs:
-            base_url: Optional[str] — affects thinking signature handling.
-        """
-        from agent.anthropic_adapter import convert_messages_to_anthropic
-
+        """Convert OpenAI messages to Anthropic (system, messages) tuple."""
        base_url = kwargs.get("base_url")
-        return convert_messages_to_anthropic(messages, base_url=base_url)
+        return convert_messages_to_anthropic(messages, base_url=base_url,
+                                             model=kwargs.get("model"))

    def convert_tools(self, tools: List[Dict[str, Any]]) -> Any:
        """Convert OpenAI tool schemas to Anthropic input_schema format."""
-        from agent.anthropic_adapter import convert_tools_to_anthropic
-
        return convert_tools_to_anthropic(tools)

    def build_kwargs(
@@ -45,23 +57,7 @@ class AnthropicTransport(ProviderTransport):
        tools: Optional[List[Dict[str, Any]]] = None,
        **params,
    ) -> Dict[str, Any]:
-        """Build Anthropic messages.create() kwargs.
-
-        Calls convert_messages and convert_tools internally.
-
-        params (all optional):
-            max_tokens: int
-            reasoning_config: dict | None
-            tool_choice: str | None
-            is_oauth: bool
-            preserve_dots: bool
-            context_length: int | None
-            base_url: str | None
-            fast_mode: bool
-            drop_context_1m_beta: bool
-        """
-        from agent.anthropic_adapter import build_anthropic_kwargs
-
+        """Build Anthropic messages.create() kwargs."""
        return build_anthropic_kwargs(
            model=model,
            messages=messages,
@@ -78,15 +74,7 @@ class AnthropicTransport(ProviderTransport):
        )

    def normalize_response(self, response: Any, **kwargs) -> NormalizedResponse:
-        """Normalize Anthropic response to NormalizedResponse.
-
-        Parses content blocks (text, thinking, tool_use), maps stop_reason
-        to OpenAI finish_reason, and collects reasoning_details in provider_data.
-        """
-        import json
-        from agent.anthropic_adapter import _to_plain_data
-        from agent.transports.types import ToolCall
-
+        """Normalize Anthropic response to NormalizedResponse."""
        strip_tool_prefix = kwargs.get("strip_tool_prefix", False)
        _MCP_PREFIX = "mcp_"

@@ -107,12 +95,6 @@ class AnthropicTransport(ProviderTransport):
                name = block.name
                if strip_tool_prefix and name.startswith(_MCP_PREFIX):
                    stripped = name[len(_MCP_PREFIX):]
-                    # Only strip the mcp_ prefix for OAuth-injected tools
-                    # (where Hermes adds the prefix when sending to Anthropic
-                    # and must remove it on the way back).  Native MCP server
-                    # tools (from mcp_servers: in config.yaml) are registered
-                    # in the tool registry under their FULL mcp_<server>_<tool>
-                    # name and must NOT be stripped.  GH-25255.
                    from tools.registry import registry as _tool_registry
                    if (_tool_registry.get_entry(stripped)
                            and not _tool_registry.get_entry(name)):
@@ -141,13 +123,7 @@ class AnthropicTransport(ProviderTransport):
        )

    def validate_response(self, response: Any) -> bool:
-        """Check Anthropic response structure is valid.
-
-        An empty content list is legitimate when ``stop_reason == "end_turn"``
-        — the model's canonical way of signalling "nothing more to add" after
-        a tool turn that already delivered the user-facing text. Treating it
-        as invalid falsely retries a completed response.
-        """
+        """Check Anthropic response structure is valid."""
        if response is None:
            return False
        content_blocks = getattr(response, "content", None)
@@ -168,16 +144,6 @@ class AnthropicTransport(ProviderTransport):
            return {"cached_tokens": cached, "creation_tokens": written}
        return None

-    # Promote the adapter's canonical mapping to module level so it's shared
-    _STOP_REASON_MAP = {
-        "end_turn": "stop",
-        "tool_use": "tool_calls",
-        "max_tokens": "length",
-        "stop_sequence": "stop",
-        "refusal": "content_filter",
-        "model_context_window_exceeded": "length",
-    }
-
    def map_finish_reason(self, raw_reason: str) -> str:
        """Map Anthropic stop_reason to OpenAI finish_reason."""
        return self._STOP_REASON_MAP.get(raw_reason, "stop")
--- a/agent/usage_pricing.py
+++ b/agent/usage_pricing.py
@@ -115,6 +115,8 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
    # Opus 4.5/4.6/4.7 share $5/$25 pricing (new tokenizer, up to 35% more
    # tokens for the same text).
    # Source: https://platform.claude.com/docs/en/about-claude/pricing
+    # NOTE: The anthropic plugin also registers these — plugin takes priority
+    # at runtime, but these static entries ensure costs work without the plugin.
    (
        "anthropic",
        "claude-opus-4-7",
@@ -139,7 +141,6 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
        pricing_version="anthropic-pricing-2026-05",
    ),
-    # ── Anthropic Claude 4.6 ─────────────────────────────────────────────
    (
        "anthropic",
        "claude-opus-4-6",
@@ -188,7 +189,6 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
        pricing_version="anthropic-pricing-2026-05",
    ),
-    # ── Anthropic Claude 4.5 ─────────────────────────────────────────────
    (
        "anthropic",
        "claude-opus-4-5",
@@ -225,7 +225,6 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
        pricing_version="anthropic-pricing-2026-05",
    ),
-    # ── Anthropic Claude 4 / 4.1 ─────────────────────────────────────────
    (
        "anthropic",
        "claude-opus-4-20250514",
@@ -250,7 +249,56 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
        pricing_version="anthropic-pricing-2026-05",
    ),
-    # OpenAI
+    # ── Anthropic older models (pre-4.5 generation) ────────────────────────
+    (
+        "anthropic",
+        "claude-3-5-sonnet-20241022",
+    ): PricingEntry(
+        input_cost_per_million=Decimal("3.00"),
+        output_cost_per_million=Decimal("15.00"),
+        cache_read_cost_per_million=Decimal("0.30"),
+        cache_write_cost_per_million=Decimal("3.75"),
+        source="official_docs_snapshot",
+        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
+        pricing_version="anthropic-pricing-2026-05",
+    ),
+    (
+        "anthropic",
+        "claude-3-5-haiku-20241022",
+    ): PricingEntry(
+        input_cost_per_million=Decimal("0.80"),
+        output_cost_per_million=Decimal("4.00"),
+        cache_read_cost_per_million=Decimal("0.08"),
+        cache_write_cost_per_million=Decimal("1.00"),
+        source="official_docs_snapshot",
+        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
+        pricing_version="anthropic-pricing-2026-05",
+    ),
+    (
+        "anthropic",
+        "claude-3-opus-20240229",
+    ): PricingEntry(
+        input_cost_per_million=Decimal("15.00"),
+        output_cost_per_million=Decimal("75.00"),
+        cache_read_cost_per_million=Decimal("1.50"),
+        cache_write_cost_per_million=Decimal("18.75"),
+        source="official_docs_snapshot",
+        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
+        pricing_version="anthropic-pricing-2026-05",
+    ),
+    (
+        "anthropic",
+        "claude-3-haiku-20240307",
+    ): PricingEntry(
+        input_cost_per_million=Decimal("0.25"),
+        output_cost_per_million=Decimal("1.25"),
+        cache_read_cost_per_million=Decimal("0.03"),
+        cache_write_cost_per_million=Decimal("0.30"),
+        source="official_docs_snapshot",
+        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
+        pricing_version="anthropic-pricing-2026-05",
+    ),
+    # ── OpenAI ────────────────────────────────────────────────────────────
    (
        "openai",
        "gpt-4o",
@@ -328,55 +376,6 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
        source_url="https://openai.com/api/pricing/",
        pricing_version="openai-pricing-2026-03-16",
    ),
-    # ── Anthropic older models (pre-4.5 generation) ────────────────────────
-    (
-        "anthropic",
-        "claude-3-5-sonnet-20241022",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("3.00"),
-        output_cost_per_million=Decimal("15.00"),
-        cache_read_cost_per_million=Decimal("0.30"),
-        cache_write_cost_per_million=Decimal("3.75"),
-        source="official_docs_snapshot",
-        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
-        pricing_version="anthropic-pricing-2026-05",
-    ),
-    (
-        "anthropic",
-        "claude-3-5-haiku-20241022",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("0.80"),
-        output_cost_per_million=Decimal("4.00"),
-        cache_read_cost_per_million=Decimal("0.08"),
-        cache_write_cost_per_million=Decimal("1.00"),
-        source="official_docs_snapshot",
-        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
-        pricing_version="anthropic-pricing-2026-05",
-    ),
-    (
-        "anthropic",
-        "claude-3-opus-20240229",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("15.00"),
-        output_cost_per_million=Decimal("75.00"),
-        cache_read_cost_per_million=Decimal("1.50"),
-        cache_write_cost_per_million=Decimal("18.75"),
-        source="official_docs_snapshot",
-        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
-        pricing_version="anthropic-pricing-2026-05",
-    ),
-    (
-        "anthropic",
-        "claude-3-haiku-20240307",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("0.25"),
-        output_cost_per_million=Decimal("1.25"),
-        cache_read_cost_per_million=Decimal("0.03"),
-        cache_write_cost_per_million=Decimal("0.30"),
-        source="official_docs_snapshot",
-        source_url="https://platform.claude.com/docs/en/about-claude/pricing",
-        pricing_version="anthropic-pricing-2026-05",
-    ),
    # DeepSeek
    (
        "deepseek",
@@ -440,80 +439,6 @@ _OFFICIAL_DOCS_PRICING: Dict[tuple[str, str], PricingEntry] = {
        source_url="https://ai.google.dev/pricing",
        pricing_version="google-pricing-2026-03-16",
    ),
-    # AWS Bedrock — pricing per the Bedrock pricing page.
-    # Bedrock charges the same per-token rates as the model provider but
-    # through AWS billing.  These are the on-demand prices (no commitment).
-    # Source: https://aws.amazon.com/bedrock/pricing/
-    (
-        "bedrock",
-        "anthropic.claude-opus-4-6",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("15.00"),
-        output_cost_per_million=Decimal("75.00"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
-    (
-        "bedrock",
-        "anthropic.claude-sonnet-4-6",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("3.00"),
-        output_cost_per_million=Decimal("15.00"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
-    (
-        "bedrock",
-        "anthropic.claude-sonnet-4-5",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("3.00"),
-        output_cost_per_million=Decimal("15.00"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
-    (
-        "bedrock",
-        "anthropic.claude-haiku-4-5",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("0.80"),
-        output_cost_per_million=Decimal("4.00"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
-    (
-        "bedrock",
-        "amazon.nova-pro",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("0.80"),
-        output_cost_per_million=Decimal("3.20"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
-    (
-        "bedrock",
-        "amazon.nova-lite",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("0.06"),
-        output_cost_per_million=Decimal("0.24"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
-    (
-        "bedrock",
-        "amazon.nova-micro",
-    ): PricingEntry(
-        input_cost_per_million=Decimal("0.035"),
-        output_cost_per_million=Decimal("0.14"),
-        source="official_docs_snapshot",
-        source_url="https://aws.amazon.com/bedrock/pricing/",
-        pricing_version="bedrock-pricing-2026-04",
-    ),
    # MiniMax
    (
        "minimax",
@@ -581,36 +506,27 @@ def resolve_billing_route(
    return BillingRoute(provider=provider_name or "unknown", model=model.split("/")[-1] if model else "", base_url=base_url or "", billing_mode="unknown")


-def _normalize_anthropic_model_name(model: str) -> str:
-    """Normalize Anthropic model name variants to canonical form.
-
-    Handles:
-      - Dot notation: claude-opus-4.7 → claude-opus-4-7
-      - Short aliases: claude-opus-4.7 → claude-opus-4-7
-      - Strips anthropic/ prefix if present
-    """
-    name = model.lower().strip()
-    if name.startswith("anthropic/"):
-        name = name[len("anthropic/"):]
-    # Normalize dots to dashes in version numbers (e.g. 4.7 → 4-7, 4.6 → 4-6)
-    # But preserve the rest of the name structure
-    name = re.sub(r"(\d+)\.(\d+)", r"\1-\2", name)
-    return name
-
-
 def _lookup_official_docs_pricing(route: BillingRoute) -> Optional[PricingEntry]:
    model = route.model.lower()
-    # Direct lookup first
+
+    # ── Plugin-registered pricing entries take priority ──
+    from agent.plugin_registries import registries as _preg
+    plugin_entry = _preg.get_pricing_entry(route.provider, model)
+    if plugin_entry:
+        return plugin_entry
+    # Try provider-specific name normalization via registry
+    _norm = _preg.get_provider_service(route.provider, "normalize_model_name")
+    if _norm is not None:
+        normalized = _norm(model)
+        if normalized != model:
+            plugin_entry = _preg.get_pricing_entry(route.provider, normalized)
+            if plugin_entry:
+                return plugin_entry
+
+    # Fall back to static dict
    entry = _OFFICIAL_DOCS_PRICING.get((route.provider, model))
    if entry:
        return entry
-    # Try normalized name for Anthropic (handles dot-notation like opus-4.7)
-    if route.provider == "anthropic":
-        normalized = _normalize_anthropic_model_name(model)
-        if normalized != model:
-            entry = _OFFICIAL_DOCS_PRICING.get((route.provider, normalized))
-            if entry:
-                return entry
    return None


--- a/apps/bootstrap-installer/.gitignore
+++ b/apps/bootstrap-installer/.gitignore
@@ -1,40 +0,0 @@
-# Rust / Cargo
-/src-tauri/target/
-/src-tauri/Cargo.lock
-
-# Vite / build output
-/dist/
-/dist-ssr/
-*.local
-
-# TypeScript build info + tsc emit (we don't ship .js for the
-# vite.config.ts; Vite reads it directly via ts-node-style loader).
-*.tsbuildinfo
-vite.config.d.ts
-vite.config.js
-
-# Tauri generated artifacts (regenerated on each build)
-/src-tauri/gen/schemas/
-
-# Logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-
-# Editor
-.vscode/*
-!.vscode/extensions.json
-.idea/
-.DS_Store
-*.suo
-*.ntvs*
-*.njsproj
-*.sln
-*.sw?
-
-# Node
-node_modules/
-
-# Internal placeholder (re-create if needed)
-.tauri-note
--- a/apps/bootstrap-installer/index.html
+++ b/apps/bootstrap-installer/index.html
@@ -1,12 +0,0 @@
-<!doctype html>
-<html lang="en" class="h-full">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Hermes Setup</title>
-  </head>
-  <body class="h-full antialiased">
-    <div id="root" class="h-full"></div>
-    <script type="module" src="/src/main.tsx"></script>
-  </body>
-</html>
--- a/apps/bootstrap-installer/package.json
+++ b/apps/bootstrap-installer/package.json
@@ -1,46 +0,0 @@
-{
-  "name": "@hermes/bootstrap-installer",
-  "private": true,
-  "version": "0.0.1",
-  "description": "Hermes Setup — signed installer that drives scripts/install.ps1 with a polished native UI.",
-  "type": "module",
-  "scripts": {
-    "dev": "vite --host 127.0.0.1 --port 5175",
-    "build": "tsc -b && vite build",
-    "preview": "vite preview",
-    "tauri": "tauri",
-    "tauri:dev": "tauri dev",
-    "tauri:build": "tauri build",
-    "tauri:build:debug": "tauri build --debug"
-  },
-  "dependencies": {
-    "@nous-research/ui": "0.16.0",
-    "@tailwindcss/vite": "^4.2.1",
-    "@tailwindcss/typography": "^0.5.19",
-    "@tauri-apps/api": "^2.0.0",
-    "@tauri-apps/plugin-dialog": "^2.0.0",
-    "@tauri-apps/plugin-opener": "^2.0.0",
-    "@tauri-apps/plugin-process": "^2.0.0",
-    "@tauri-apps/plugin-shell": "^2.0.0",
-    "@vscode/codicons": "^0.0.45",
-    "class-variance-authority": "^0.7.1",
-    "clsx": "^2.1.1",
-    "katex": "^0.16.45",
-    "lucide-react": "^0.577.0",
-    "nanostores": "^1.3.0",
-    "radix-ui": "^1.4.3",
-    "react": "^19.2.4",
-    "react-dom": "^19.2.4",
-    "tailwind-merge": "^3.5.0",
-    "tailwindcss": "^4.2.1",
-    "tw-shimmer": "^0.4.11"
-  },
-  "devDependencies": {
-    "@tauri-apps/cli": "^2.0.0",
-    "@types/react": "^19.2.14",
-    "@types/react-dom": "^19.2.3",
-    "@vitejs/plugin-react": "^5.2.0",
-    "typescript": "~5.9.3",
-    "vite": "^7.3.1"
-  }
-}
--- a/apps/bootstrap-installer/src-tauri/Cargo.toml
+++ b/apps/bootstrap-installer/src-tauri/Cargo.toml
@@ -1,75 +0,0 @@
-[package]
-name = "hermes-bootstrap"
-version = "0.0.1"
-description = "Hermes Setup — signed installer that drives scripts/install.ps1"
-authors = ["Nous Research <info@nousresearch.com>"]
-edition = "2021"
-rust-version = "1.77"
-
-# Rename the output binary so the distributed artifact is literally
-# `Hermes-Setup.exe` on disk — not `hermes-bootstrap.exe`. Grandma sees
-# what we hand her, period. Tauri honors [[bin]] over [package].name
-# for the produced executable name.
-[[bin]]
-name = "Hermes-Setup"
-path = "src/main.rs"
-
-# The library target name MUST match the `withGlobalTauri` binding name that
-# tauri.conf.json's `app.windows[].label` references. We don't ship a separate
-# lib for now; everything is in src/.
-[lib]
-name = "hermes_bootstrap_lib"
-crate-type = ["staticlib", "cdylib", "rlib"]
-
-[build-dependencies]
-tauri-build = { version = "2", features = [] }
-
-[dependencies]
-# Tauri runtime + plugins
-tauri = { version = "2", features = [] }
-tauri-plugin-dialog = "2"
-tauri-plugin-opener = "2"
-tauri-plugin-process = "2"
-tauri-plugin-shell = "2"
-
-# Async + IO
-tokio = { version = "1", features = ["full"] }
-futures = "0.3"
-
-# Serialization
-serde = { version = "1", features = ["derive"] }
-serde_json = "1"
-
-# HTTP — rustls so we don't need OpenSSL on the build box
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls", "stream"] }
-
-# Logging — emitted to a file under HERMES_HOME/logs/ and (optionally) the
-# webview console via Tauri's event channel.
-tracing = "0.1"
-tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
-tracing-appender = "0.2"
-
-# Paths + utils
-dirs = "5"
-which = "6"
-anyhow = "1"
-thiserror = "1"
-once_cell = "1"
-uuid = { version = "1", features = ["v4"] }
-
-# Process control on Windows (CREATE_NO_WINDOW etc.)
-[target.'cfg(windows)'.dependencies]
-windows-sys = { version = "0.59", features = [
-    "Win32_Foundation",
-    "Win32_System_Threading",
-    "Win32_System_Console",
-    "Win32_UI_WindowsAndMessaging",
-] }
-
-[profile.release]
-# A 5-10MB signed installer is the goal. LTO + size-opt + single codegen unit.
-panic = "abort"
-codegen-units = 1
-lto = true
-opt-level = "s"
-strip = true
--- a/apps/bootstrap-installer/src-tauri/build.rs
+++ b/apps/bootstrap-installer/src-tauri/build.rs
@@ -1,190 +0,0 @@
-use std::process::Command;
-
-fn main() {
-    // -----------------------------------------------------------------
-    // Bake the install.ps1 pin into the binary at compile time.
-    //
-    // BUILD_PIN_COMMIT and BUILD_PIN_BRANCH are read by bootstrap.rs's
-    // `option_env!()` macro to default the install-script reference.
-    // Precedence (matches install.ps1's own arg precedence): commit > branch.
-    //
-    // The COMMIT pin is opt-in. By default a dev build pins ONLY the branch,
-    // so the produced installer follows that branch's HEAD at install time
-    // (tolerant of fast-forwards/new commits, and never references a SHA the
-    // local checkout hasn't pushed). Set HERMES_BUILD_PIN_COMMIT to bake an
-    // immutable commit pin for reproducible/release installers.
-    //
-    // Commit pin resolution:
-    //   - HERMES_BUILD_PIN_COMMIT, if set and non-empty. Accepts a SHA, tag,
-    //     or branch name; resolved to an immutable SHA via `git rev-parse`
-    //     when possible, else used verbatim if it already looks like a SHA.
-    //   - Otherwise: NO commit pin (branch-follow is the default).
-    //
-    // Branch pin resolution:
-    //   1. HERMES_BUILD_PIN_BRANCH, if set and non-empty.
-    //   2. `git rev-parse --abbrev-ref HEAD` of the checkout this build.rs
-    //      lives in — the current branch. (None on a detached HEAD.)
-    //   3. Last-resort fallback handled below: if neither commit nor branch
-    //      resolves, warn — the binary needs a runtime arg or dev-repo env.
-    //
-    // Build script reruns on git HEAD change so a new commit triggers
-    // a rebuild without `cargo clean`.
-    // -----------------------------------------------------------------
-
-    let commit = resolve_commit_pin();
-    let branch = resolve_branch_pin();
-
-    if let Some(c) = &commit {
-        println!("cargo:rustc-env=BUILD_PIN_COMMIT={c}");
-        println!(
-            "cargo:warning=hermes-bootstrap: pinning to commit {}",
-            short(c)
-        );
-    }
-    if let Some(b) = &branch {
-        println!("cargo:rustc-env=BUILD_PIN_BRANCH={b}");
-        match &commit {
-            Some(_) => println!("cargo:warning=hermes-bootstrap: pinning to branch {b}"),
-            None => println!(
-                "cargo:warning=hermes-bootstrap: following branch {b} HEAD (no commit pin; \
-                 set HERMES_BUILD_PIN_COMMIT for an immutable pin)"
-            ),
-        }
-    }
-    if commit.is_none() && branch.is_none() {
-        // Fail loudly rather than silently produce a binary that errors
-        // at runtime with "no install-script pin supplied". A build that
-        // can't resolve a pin almost certainly indicates a misconfigured
-        // build environment.
-        println!(
-            "cargo:warning=hermes-bootstrap: no pin resolved at build time; binary will fail at runtime without HERMES_SETUP_DEV_REPO_ROOT or runtime args"
-        );
-    }
-
-    // Rerun build.rs when HEAD moves. With branch-follow as the default the
-    // baked commit no longer changes per-commit, but a branch *switch* changes
-    // the detected branch name, so we still re-trigger. When an explicit
-    // HERMES_BUILD_PIN_COMMIT resolves a moving ref (tag/branch) to a SHA, a
-    // HEAD move can also change that resolution. .git/HEAD changes on every
-    // commit / branch switch / rebase.
-    let git_dir = locate_git_dir();
-    if let Some(gd) = &git_dir {
-        println!("cargo:rerun-if-changed={}/HEAD", gd.display());
-        // .git/HEAD often points at a ref (e.g. `ref: refs/heads/bb/gui`);
-        // also watch the ref itself so a new commit on the same branch
-        // re-triggers.
-        if let Ok(head) = std::fs::read_to_string(gd.join("HEAD")) {
-            if let Some(rest) = head.trim().strip_prefix("ref: ") {
-                println!("cargo:rerun-if-changed={}/{}", gd.display(), rest);
-            }
-        }
-    }
-    println!("cargo:rerun-if-env-changed=HERMES_BUILD_PIN_COMMIT");
-    println!("cargo:rerun-if-env-changed=HERMES_BUILD_PIN_BRANCH");
-
-    // -----------------------------------------------------------------
-    // Tauri windows manifest. See hermes-setup.manifest for rationale —
-    // declares level="asInvoker" so Windows's installer-detection
-    // heuristic doesn't refuse to launch us without UAC elevation.
-    // -----------------------------------------------------------------
-    #[cfg(target_os = "windows")]
-    let attrs = {
-        let manifest = include_str!("hermes-setup.manifest");
-        let win = tauri_build::WindowsAttributes::new().app_manifest(manifest);
-        tauri_build::Attributes::new().windows_attributes(win)
-    };
-
-    #[cfg(not(target_os = "windows"))]
-    let attrs = tauri_build::Attributes::new();
-
-    tauri_build::try_build(attrs).expect("failed to run tauri-build");
-}
-
-fn resolve_commit_pin() -> Option<String> {
-    // Commit pinning is OPT-IN. Only bake a commit when the caller explicitly
-    // asks for one via HERMES_BUILD_PIN_COMMIT. With no env var, we return
-    // None and the installer follows the branch HEAD at install time.
-    let requested = std::env::var("HERMES_BUILD_PIN_COMMIT").ok()?;
-    let requested = requested.trim();
-    if requested.is_empty() {
-        return None;
-    }
-    // Resolve the request (which may be a SHA, tag, or branch name) to an
-    // immutable commit SHA so the baked pin is reproducible. `^{commit}`
-    // dereferences tags to the commit they point at.
-    if let Ok(out) = Command::new("git")
-        .args(["rev-parse", "--verify", &format!("{requested}^{{commit}}")])
-        .output()
-    {
-        if out.status.success() {
-            if let Ok(s) = String::from_utf8(out.stdout) {
-                let s = s.trim().to_string();
-                if !s.is_empty() {
-                    return Some(s);
-                }
-            }
-        }
-    }
-    // Couldn't resolve via git (e.g. building outside a checkout). Accept the
-    // literal value only if it already looks like a SHA; otherwise fail loud
-    // rather than bake an unresolvable ref into the binary.
-    if is_sha(requested) {
-        return Some(requested.to_string());
-    }
-    panic!(
-        "HERMES_BUILD_PIN_COMMIT={requested:?} could not be resolved to a commit \
-         (git rev-parse failed and it is not a valid SHA)"
-    );
-}
-
-/// True if `s` looks like an abbreviated-or-full git SHA (7..=40 hex chars).
-fn is_sha(s: &str) -> bool {
-    let len = s.len();
-    (7..=40).contains(&len) && s.chars().all(|c| c.is_ascii_hexdigit())
-}
-
-fn resolve_branch_pin() -> Option<String> {
-    if let Ok(v) = std::env::var("HERMES_BUILD_PIN_BRANCH") {
-        if !v.trim().is_empty() {
-            return Some(v.trim().to_string());
-        }
-    }
-    let out = Command::new("git")
-        .args(["rev-parse", "--abbrev-ref", "HEAD"])
-        .output()
-        .ok()?;
-    if !out.status.success() {
-        return None;
-    }
-    let s = String::from_utf8(out.stdout).ok()?.trim().to_string();
-    // "HEAD" is what you get on a detached checkout — no meaningful branch
-    // to pin to. The commit pin still applies; just don't emit a branch.
-    if s.is_empty() || s == "HEAD" {
-        None
-    } else {
-        Some(s)
-    }
-}
-
-fn locate_git_dir() -> Option<std::path::PathBuf> {
-    let out = Command::new("git")
-        .args(["rev-parse", "--git-dir"])
-        .output()
-        .ok()?;
-    if !out.status.success() {
-        return None;
-    }
-    let s = String::from_utf8(out.stdout).ok()?.trim().to_string();
-    if s.is_empty() {
-        return None;
-    }
-    Some(std::path::PathBuf::from(s))
-}
-
-fn short(commit: &str) -> &str {
-    if commit.len() >= 12 {
-        &commit[..12]
-    } else {
-        commit
-    }
-}
--- a/apps/bootstrap-installer/src-tauri/capabilities/default.json
+++ b/apps/bootstrap-installer/src-tauri/capabilities/default.json
@@ -1,16 +0,0 @@
-{
-  "$schema": "https://schema.tauri.app/config/2/capability",
-  "identifier": "default",
-  "description": "Capabilities required by Hermes Setup. Narrowly scoped: we don't write user files outside HERMES_HOME, we don't read arbitrary paths, and the only external network call goes through reqwest (Rust side, not exposed to the webview).",
-  "windows": ["main"],
-  "permissions": [
-    "core:default",
-    "core:window:allow-close",
-    "core:window:allow-minimize",
-    "core:event:default",
-    "opener:default",
-    "dialog:default",
-    "process:default",
-    "shell:default"
-  ]
-}
--- a/apps/bootstrap-installer/src-tauri/hermes-setup.manifest
+++ b/apps/bootstrap-installer/src-tauri/hermes-setup.manifest
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<!--
-    Hermes Setup application manifest.
-
-    The TL;DR: tell Windows we are NOT an installer in the classic "needs
-    UAC elevation" sense, despite the product name. We provision into
-    %LOCALAPPDATA%\hermes which is user-scoped and never touch HKLM or
-    Program Files. install.ps1 runs as a child process and elevates
-    itself only if a future stage explicitly needs HKLM access.
-
-    Without this manifest, the "Hermes Setup" productName embedded in
-    the binary's resource trips Windows's installer-detection heuristic
-    (https://learn.microsoft.com/en-us/windows/security/identity-protection/
-    user-account-control/how-user-account-control-works#installer-detection)
-    and CreateProcess fails with ERROR_ELEVATION_REQUIRED (740) when the
-    user double-clicks. asInvoker disables that.
-->
-<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
-    <assemblyIdentity
-        version="0.0.1.0"
-        processorArchitecture="*"
-        name="NousResearch.Hermes.Setup"
-        type="win32"
-    />
-    <description>Hermes Setup</description>
-
-    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
-        <security>
-            <requestedPrivileges>
-                <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
-            </requestedPrivileges>
-        </security>
-    </trustInfo>
-
-    <!-- Tell Windows we know about all supported OSes (10 + 11) so it
-         doesn't shim us into Vista-compat mode. -->
-    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
-        <application>
-            <!-- Windows 10 / 11 -->
-            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
-            <!-- Windows 8.1 -->
-            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
-            <!-- Windows 8 -->
-            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
-            <!-- Windows 7 -->
-            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
-            <!-- Windows Vista -->
-            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
-        </application>
-    </compatibility>
-
-    <!-- Per-monitor v2 DPI awareness so the installer doesn't go blurry
-         on high-DPI displays when dragged between monitors. -->
-    <application xmlns="urn:schemas-microsoft-com:asm.v3">
-        <windowsSettings>
-            <dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2</dpiAwareness>
-            <activeCodePage xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings">UTF-8</activeCodePage>
-        </windowsSettings>
-    </application>
-
-    <!-- Use the modern common controls (v6 themes). Without this, our
-         file picker / shell dialogs fall back to 1990s-era visuals. -->
-    <dependency>
-        <dependentAssembly>
-            <assemblyIdentity
-                type="win32"
-                name="Microsoft.Windows.Common-Controls"
-                version="6.0.0.0"
-                processorArchitecture="*"
-                publicKeyToken="6595b64144ccf1df"
-                language="*"
-            />
-        </dependentAssembly>
-    </dependency>
-</assembly>
--- a/apps/bootstrap-installer/src-tauri/icons/128x128.png
+++ b/apps/bootstrap-installer/src-tauri/icons/128x128.png
--- a/apps/bootstrap-installer/src-tauri/icons/128x128@2x.png
+++ b/apps/bootstrap-installer/src-tauri/icons/128x128@2x.png
--- a/apps/bootstrap-installer/src-tauri/icons/32x32.png
+++ b/apps/bootstrap-installer/src-tauri/icons/32x32.png
--- a/apps/bootstrap-installer/src-tauri/icons/icon.icns
+++ b/apps/bootstrap-installer/src-tauri/icons/icon.icns
--- a/apps/bootstrap-installer/src-tauri/icons/icon.ico
+++ b/apps/bootstrap-installer/src-tauri/icons/icon.ico
--- a/apps/bootstrap-installer/src-tauri/src/bootstrap.rs
+++ b/apps/bootstrap-installer/src-tauri/src/bootstrap.rs
@@ -1,712 +0,0 @@
-//! Bootstrap orchestration.
-//!
-//! Direct port of `runBootstrap` from `apps/desktop/electron/bootstrap-runner.cjs`.
-//! Drives install.ps1 / install.sh stage-by-stage, emits progress events
-//! over the Tauri `bootstrap` channel, writes a forensic log to
-//! HERMES_HOME/logs/bootstrap-<timestamp>.log.
-//!
-//! Lifecycle:
-//!   1. `start_bootstrap` (Tauri command) → spawns the worker task.
-//!   2. Worker resolves install script (dev/cache/download).
-//!   3. Worker calls `install.ps1 -Manifest` → emits `manifest` event.
-//!   4. Worker iterates stages, calling `install.ps1 -Stage NAME -NonInteractive -Json`.
-//!   5. On success → `complete`. On any stage failure → `failed`. On cancel → `failed`.
-
-use std::path::PathBuf;
-use std::sync::Arc;
-use std::time::Instant;
-
-use anyhow::{anyhow, Result};
-use serde::{Deserialize, Serialize};
-use tauri::{AppHandle, Emitter, State};
-use tokio::sync::{mpsc, Mutex};
-
-use crate::events::{BootstrapEvent, Manifest, StageState};
-use crate::install_script::{self, Pin, ScriptKind, ScriptSource};
-use crate::powershell::{self, StreamSink};
-use crate::AppState;
-
-// ---------------------------------------------------------------------------
-// Public Tauri commands
-// ---------------------------------------------------------------------------
-
-/// Frontend → Rust: kick off the install.
-#[derive(Debug, Deserialize)]
-pub struct StartBootstrapArgs {
-    /// Optional override for the commit pin. Defaults to the build-time
-    /// pin baked in via `BUILD_PIN_COMMIT`.
-    pub commit: Option<String>,
-    /// Optional override for the branch pin. Defaults to `BUILD_PIN_BRANCH`.
-    pub branch: Option<String>,
-    /// Include Stage-Desktop (build apps/desktop) in the manifest. The
-    /// signed bootstrap installer passes true; the deprecated Electron-side
-    /// bootstrap-runner passes false to avoid building-while-running.
-    #[serde(default = "default_true")]
-    pub include_desktop: bool,
-    /// Optional override for HERMES_HOME. Tests use this; production
-    /// almost always falls back to the OS default.
-    pub hermes_home: Option<String>,
-}
-
-fn default_true() -> bool {
-    true
-}
-
-#[derive(Debug, Serialize)]
-pub struct BootstrapStatus {
-    pub running: bool,
-    pub completed: bool,
-    pub install_root: Option<String>,
-    pub last_error: Option<String>,
-}
-
-/// Handle stored in AppState while a bootstrap run is in flight. Carries
-/// the cancellation channel and the most recent terminal status so the
-/// frontend can re-query after a window refresh.
-pub struct BootstrapHandle {
-    pub cancel_tx: mpsc::Sender<()>,
-    pub started_at: Instant,
-    pub status: BootstrapStatus,
-}
-
-#[tauri::command]
-pub async fn start_bootstrap(
-    app: AppHandle,
-    state: State<'_, Arc<AppState>>,
-    args: StartBootstrapArgs,
-) -> Result<(), String> {
-    let mut guard = state.bootstrap.lock().await;
-    if let Some(h) = guard.as_ref() {
-        if h.status.running {
-            return Err("Bootstrap is already running".into());
-        }
-    }
-
-    let (cancel_tx, cancel_rx) = mpsc::channel::<()>(1);
-    let handle = BootstrapHandle {
-        cancel_tx,
-        started_at: Instant::now(),
-        status: BootstrapStatus {
-            running: true,
-            completed: false,
-            install_root: None,
-            last_error: None,
-        },
-    };
-    *guard = Some(handle);
-    drop(guard);
-
-    let app_for_task = app.clone();
-    let state_for_task = state.inner().clone();
-    let args_for_task = args;
-    let cancel_rx = Arc::new(Mutex::new(Some(cancel_rx)));
-
-    tokio::spawn(async move {
-        let result = run_bootstrap(app_for_task.clone(), args_for_task, cancel_rx).await;
-
-        // Reflect terminal state into AppState so get_bootstrap_status()
-        // can serve it after the task exits.
-        let mut guard = state_for_task.bootstrap.lock().await;
-        if let Some(h) = guard.as_mut() {
-            h.status.running = false;
-            match &result {
-                Ok(install_root) => {
-                    h.status.completed = true;
-                    h.status.install_root = Some(install_root.clone());
-                    h.status.last_error = None;
-                }
-                Err(err) => {
-                    h.status.completed = false;
-                    h.status.last_error = Some(err.to_string());
-                }
-            }
-        }
-    });
-
-    Ok(())
-}
-
-#[tauri::command]
-pub async fn cancel_bootstrap(state: State<'_, Arc<AppState>>) -> Result<(), String> {
-    let guard = state.bootstrap.lock().await;
-    if let Some(h) = guard.as_ref() {
-        let _ = h.cancel_tx.try_send(());
-    }
-    Ok(())
-}
-
-#[tauri::command]
-pub async fn get_bootstrap_status(
-    state: State<'_, Arc<AppState>>,
-) -> Result<BootstrapStatus, String> {
-    let guard = state.bootstrap.lock().await;
-    Ok(match guard.as_ref() {
-        Some(h) => BootstrapStatus {
-            running: h.status.running,
-            completed: h.status.completed,
-            install_root: h.status.install_root.clone(),
-            last_error: h.status.last_error.clone(),
-        },
-        None => BootstrapStatus {
-            running: false,
-            completed: false,
-            install_root: None,
-            last_error: None,
-        },
-    })
-}
-
-/// Spawn the locally-built Hermes desktop binary, then close the installer
-/// window. Caller resolves the binary path from `install_root`.
-///
-/// Returns Err with a human-readable message if the binary doesn't exist
-/// (e.g. when Stage-Desktop was skipped) so the frontend can present
-/// actionable failure UI rather than silently doing nothing.
-#[tauri::command]
-pub async fn launch_hermes_desktop(
-    app: AppHandle,
-    install_root: String,
-) -> Result<(), String> {
-    let install_root = PathBuf::from(install_root);
-    let exe_path = resolve_hermes_desktop_exe(&install_root).ok_or_else(|| {
-        format!(
-            "Couldn't find a built Hermes desktop at {}. The desktop build step \
-             may have been skipped or failed. Run `hermes desktop` from a \
-             terminal to build and launch it.",
-            install_root.join("apps").join("desktop").join("release").display()
-        )
-    })?;
-
-    tracing::info!(?exe_path, "launching Hermes desktop");
-
-    // Detach from us — the installer is about to exit.
-    let mut cmd = tokio::process::Command::new(&exe_path);
-    cmd.current_dir(exe_path.parent().unwrap_or(&install_root));
-    #[cfg(target_os = "windows")]
-    {
-        use std::os::windows::process::CommandExt;
-        // DETACHED_PROCESS = 0x00000008
-        cmd.creation_flags(0x0000_0008);
-    }
-
-    cmd.spawn().map_err(|e| {
-        format!(
-            "failed to launch {}: {e}",
-            exe_path.display()
-        )
-    })?;
-
-    // Give Windows ~150ms to actually start the new process before we exit.
-    tokio::time::sleep(std::time::Duration::from_millis(150)).await;
-
-    // Exit the installer cleanly. Tauri's process plugin gives us the
-    // right hook regardless of platform.
-    app.exit(0);
-    Ok(())
-}
-
-/// Walks the well-known electron-builder unpacked-app paths under
-/// `install_root`. Mirrors the resolver in `cmd_gui` (apps/desktop/release/
-/// <os>-unpacked/<exe>).
-fn resolve_hermes_desktop_exe(install_root: &std::path::Path) -> Option<PathBuf> {
-    let release_dir = install_root.join("apps").join("desktop").join("release");
-    let candidates: &[(&str, &str)] = if cfg!(target_os = "windows") {
-        &[
-            ("win-unpacked", "Hermes.exe"),
-            ("win-arm64-unpacked", "Hermes.exe"),
-        ]
-    } else if cfg!(target_os = "macos") {
-        &[
-            ("mac/Hermes.app/Contents/MacOS", "Hermes"),
-            ("mac-arm64/Hermes.app/Contents/MacOS", "Hermes"),
-        ]
-    } else {
-        &[("linux-unpacked", "hermes")]
-    };
-    for (subdir, exe) in candidates {
-        let p = release_dir.join(subdir).join(exe);
-        if p.exists() {
-            return Some(p);
-        }
-    }
-    None
-}
-
-// ---------------------------------------------------------------------------
-// Bootstrap implementation
-// ---------------------------------------------------------------------------
-
-async fn run_bootstrap(
-    app: AppHandle,
-    args: StartBootstrapArgs,
-    cancel_rx_holder: Arc<Mutex<Option<mpsc::Receiver<()>>>>,
-) -> Result<String> {
-    let kind = ScriptKind::for_current_os();
-
-    let pin = Pin {
-        commit: args.commit.or_else(|| option_env_string("BUILD_PIN_COMMIT")),
-        branch: args.branch.or_else(|| option_env_string("BUILD_PIN_BRANCH")),
-    };
-
-    tracing::info!(
-        ?pin,
-        kind = ?kind,
-        include_desktop = args.include_desktop,
-        "bootstrap starting"
-    );
-
-    let app_for_log = app.clone();
-    let emit_log = move |line: &str| {
-        emit_event(
-            &app_for_log,
-            BootstrapEvent::Log {
-                stage: None,
-                line: line.to_string(),
-            },
-        );
-        // Bump to info-level so the line shows in bootstrap-installer.log
-        // under the default INFO filter. Previously this was debug! which
-        // got dropped on the floor, leaving us blind whenever install.ps1
-        // failed — the log only had the "bootstrap starting" banner.
-        tracing::info!(target: "bootstrap.log", "{line}");
-    };
-
-    // 1. Resolve install.ps1
-    let script = install_script::resolve(kind, &pin, &emit_log)
-        .await
-        .map_err(|e| {
-            let msg = format!("resolve install script failed: {e:#}");
-            emit_event(
-                &app,
-                BootstrapEvent::Failed {
-                    stage: None,
-                    error: msg.clone(),
-                },
-            );
-            anyhow!(msg)
-        })?;
-
-    let source_note = match &script.source {
-        ScriptSource::DevCheckout => "dev checkout",
-        ScriptSource::Bundled => "bundled",
-        ScriptSource::Cached => "cached",
-        ScriptSource::Downloaded => "downloaded",
-    };
-    emit_log(&format!(
-        "[bootstrap] script {} via {}",
-        script.path.display(),
-        source_note
-    ));
-
-    // 2. Fetch manifest
-    //
-    // -IncludeDesktop MUST be passed to the manifest call too — install.ps1
-    // gates the desktop stage inclusion on this flag, so without it here
-    // the manifest comes back missing the desktop stage and we never run
-    // it. The per-stage call below also passes -IncludeDesktop to keep
-    // the contracts identical.
-    let manifest_args = build_pin_args(&script);
-    let mut manifest_args_full = vec!["-Manifest".to_string()];
-    manifest_args_full.extend(manifest_args.clone());
-    if args.include_desktop {
-        manifest_args_full.push("-IncludeDesktop".to_string());
-    }
-
-    let manifest_result = run_install_script(
-        &app,
-        &script.path,
-        &manifest_args_full,
-        args.hermes_home.as_deref(),
-        None,
-        Some("__manifest__".to_string()),
-    )
-    .await?;
-
-    if manifest_result.exit_code != Some(0) {
-        let err = format!(
-            "install.ps1 -Manifest failed: exit {:?}\n{}",
-            manifest_result.exit_code,
-            manifest_result.stderr.trim()
-        );
-        emit_event(
-            &app,
-            BootstrapEvent::Failed {
-                stage: None,
-                error: err.clone(),
-            },
-        );
-        return Err(anyhow!(err));
-    }
-
-    let manifest: Manifest = powershell::parse_manifest(&manifest_result.stdout).ok_or_else(|| {
-        let err = format!(
-            "install.ps1 -Manifest produced no parseable JSON payload\n{}",
-            truncate(&manifest_result.stdout, 4000)
-        );
-        emit_event(
-            &app,
-            BootstrapEvent::Failed {
-                stage: None,
-                error: err.clone(),
-            },
-        );
-        anyhow!(err)
-    })?;
-
-    emit_event(
-        &app,
-        BootstrapEvent::Manifest {
-            stages: manifest.stages.clone(),
-            protocol_version: manifest.protocol_version,
-        },
-    );
-
-    // 3. Iterate stages.
-    for stage in &manifest.stages {
-        // Skip Stage-Desktop unless explicitly requested. install.ps1 may
-        // or may not include it in the manifest depending on the flag we
-        // pass, but if it slipped in, gate client-side too.
-        if !args.include_desktop && stage.name.eq_ignore_ascii_case("desktop") {
-            emit_event(
-                &app,
-                BootstrapEvent::Stage {
-                    name: stage.name.clone(),
-                    state: StageState::Skipped,
-                    duration_ms: Some(0),
-                    result: None,
-                    error: Some("skipped by include_desktop=false".into()),
-                },
-            );
-            continue;
-        }
-
-        if cancellation_signalled(&cancel_rx_holder).await {
-            let err = "bootstrap cancelled by user".to_string();
-            emit_event(
-                &app,
-                BootstrapEvent::Failed {
-                    stage: Some(stage.name.clone()),
-                    error: err.clone(),
-                },
-            );
-            return Err(anyhow!(err));
-        }
-
-        let started = Instant::now();
-        emit_event(
-            &app,
-            BootstrapEvent::Stage {
-                name: stage.name.clone(),
-                state: StageState::Running,
-                duration_ms: None,
-                result: None,
-                error: None,
-            },
-        );
-
-        let mut stage_args = vec![
-            "-Stage".to_string(),
-            stage.name.clone(),
-            "-NonInteractive".to_string(),
-            "-Json".to_string(),
-        ];
-        stage_args.extend(manifest_args.clone());
-        if args.include_desktop {
-            stage_args.push("-IncludeDesktop".to_string());
-        }
-
-        // Each stage gets its own cancel receiver because tokio::select!
-        // in run_script consumes it. Take/return through the Arc<Mutex>.
-        let local_cancel_rx = cancel_rx_holder.lock().await.take();
-
-        let stage_result = run_install_script(
-            &app,
-            &script.path,
-            &stage_args,
-            args.hermes_home.as_deref(),
-            local_cancel_rx,
-            Some(stage.name.clone()),
-        )
-        .await?;
-
-        let duration_ms = started.elapsed().as_millis() as u64;
-
-        if stage_result.killed {
-            emit_event(
-                &app,
-                BootstrapEvent::Stage {
-                    name: stage.name.clone(),
-                    state: StageState::Failed,
-                    duration_ms: Some(duration_ms),
-                    result: None,
-                    error: Some("cancelled by user".into()),
-                },
-            );
-            emit_event(
-                &app,
-                BootstrapEvent::Failed {
-                    stage: Some(stage.name.clone()),
-                    error: "cancelled by user".into(),
-                },
-            );
-            return Err(anyhow!("cancelled by user"));
-        }
-
-        let result_frame = powershell::parse_stage_result(&stage_result.stdout);
-
-        match result_frame {
-            None => {
-                let err = format!(
-                    "install.ps1 -Stage {} produced no JSON result frame (exit={:?})",
-                    stage.name, stage_result.exit_code
-                );
-                emit_event(
-                    &app,
-                    BootstrapEvent::Stage {
-                        name: stage.name.clone(),
-                        state: StageState::Failed,
-                        duration_ms: Some(duration_ms),
-                        result: None,
-                        error: Some(err.clone()),
-                    },
-                );
-                emit_event(
-                    &app,
-                    BootstrapEvent::Failed {
-                        stage: Some(stage.name.clone()),
-                        error: err.clone(),
-                    },
-                );
-                return Err(anyhow!(err));
-            }
-            Some(frame) if frame.ok && frame.skipped => {
-                emit_event(
-                    &app,
-                    BootstrapEvent::Stage {
-                        name: stage.name.clone(),
-                        state: StageState::Skipped,
-                        duration_ms: Some(duration_ms),
-                        result: Some(frame),
-                        error: None,
-                    },
-                );
-            }
-            Some(frame) if frame.ok => {
-                emit_event(
-                    &app,
-                    BootstrapEvent::Stage {
-                        name: stage.name.clone(),
-                        state: StageState::Succeeded,
-                        duration_ms: Some(duration_ms),
-                        result: Some(frame),
-                        error: None,
-                    },
-                );
-            }
-            Some(frame) => {
-                let err = frame
-                    .reason
-                    .clone()
-                    .unwrap_or_else(|| format!("exit code {:?}", stage_result.exit_code));
-                emit_event(
-                    &app,
-                    BootstrapEvent::Stage {
-                        name: stage.name.clone(),
-                        state: StageState::Failed,
-                        duration_ms: Some(duration_ms),
-                        result: Some(frame),
-                        error: Some(err.clone()),
-                    },
-                );
-                emit_event(
-                    &app,
-                    BootstrapEvent::Failed {
-                        stage: Some(stage.name.clone()),
-                        error: err.clone(),
-                    },
-                );
-                return Err(anyhow!(err));
-            }
-        }
-    }
-
-    // 4. Resolve install_root. install.ps1 doesn't (yet) report this back
-    // explicitly; we infer it from $HermesHome which Stage-Repository clones
-    // the repo INTO at $HermesHome\hermes-agent. Mirrors hermes_constants.
-    let hermes_home = args
-        .hermes_home
-        .clone()
-        .unwrap_or_else(|| crate::paths::hermes_home().to_string_lossy().into_owned());
-    let install_root = PathBuf::from(&hermes_home).join("hermes-agent");
-
-    // Copy ourselves to HERMES_HOME/hermes-setup.exe so the desktop app can
-    // re-invoke us with `--update` and shortcuts have a stable target. This is
-    // a one-shot install concern; an `--update` re-invocation no-ops because
-    // we're already running from that path. Best-effort — a failure here must
-    // not fail an otherwise-successful install.
-    if let Err(err) = crate::paths::copy_self_to_hermes_home() {
-        tracing::warn!(?err, "failed to copy installer into HERMES_HOME (non-fatal)");
-        emit_log(&format!(
-            "[bootstrap] warning: could not stage updater binary: {err}"
-        ));
-    }
-
-    emit_event(
-        &app,
-        BootstrapEvent::Complete {
-            install_root: install_root.to_string_lossy().into_owned(),
-            marker: Some(serde_json::json!({
-                "pinnedCommit": pin.commit,
-                "pinnedBranch": pin.branch,
-            })),
-        },
-    );
-
-    Ok(install_root.to_string_lossy().into_owned())
-}
-
-async fn cancellation_signalled(holder: &Arc<Mutex<Option<mpsc::Receiver<()>>>>) -> bool {
-    let mut guard = holder.lock().await;
-    if let Some(rx) = guard.as_mut() {
-        rx.try_recv().is_ok()
-    } else {
-        false
-    }
-}
-
-async fn run_install_script(
-    app: &AppHandle,
-    script_path: &std::path::Path,
-    args: &[String],
-    hermes_home_override: Option<&str>,
-    cancel_rx: Option<mpsc::Receiver<()>>,
-    stage_name: Option<String>,
-) -> Result<powershell::ScriptResult> {
-    let app_for_stdout = app.clone();
-    let stage_for_stdout = stage_name.clone();
-    let app_for_stderr = app.clone();
-    let stage_for_stderr = stage_name.clone();
-    let stage_for_stdout_log = stage_name.clone();
-    let stage_for_stderr_log = stage_name.clone();
-
-    let sink = StreamSink {
-        on_stdout_line: Box::new(move |line: &str| {
-            emit_event(
-                &app_for_stdout,
-                BootstrapEvent::Log {
-                    stage: stage_for_stdout.clone(),
-                    line: line.to_string(),
-                },
-            );
-            // Tee to the rolling installer log so we have a persistent
-            // record of every install.ps1 line. Without this, the only
-            // log evidence of a failure was the Tauri event stream —
-            // which gets discarded the moment the failure route mounts.
-            match &stage_for_stdout_log {
-                Some(name) => {
-                    tracing::info!(target: "bootstrap.log", stage = %name, "{line}")
-                }
-                None => tracing::info!(target: "bootstrap.log", "{line}"),
-            }
-        }),
-        on_stderr_line: Box::new(move |line: &str| {
-            emit_event(
-                &app_for_stderr,
-                BootstrapEvent::Log {
-                    stage: stage_for_stderr.clone(),
-                    line: format!("stderr: {line}"),
-                },
-            );
-            // stderr-level lines get warn! so they're visually distinct
-            // when scrolling through the log later.
-            match &stage_for_stderr_log {
-                Some(name) => {
-                    tracing::warn!(target: "bootstrap.log", stage = %name, "stderr: {line}")
-                }
-                None => tracing::warn!(target: "bootstrap.log", "stderr: {line}"),
-            }
-        }),
-    };
-
-    powershell::run_script(script_path, args, sink, hermes_home_override, cancel_rx)
-        .await
-        .map_err(|e| {
-            tracing::error!(?e, "install script invocation failed");
-            anyhow!("install script invocation failed: {e:#}")
-        })
-}
-
-fn build_pin_args(script: &install_script::ResolvedScript) -> Vec<String> {
-    let mut out = Vec::new();
-    if let Some(c) = &script.commit {
-        out.push("-Commit".to_string());
-        out.push(c.clone());
-    }
-    if let Some(b) = &script.branch {
-        out.push("-Branch".to_string());
-        out.push(b.clone());
-    }
-    out
-}
-
-fn emit_event(app: &AppHandle, event: BootstrapEvent) {
-    // Tee important state transitions to the rolling installer log so
-    // bootstrap-installer.log isn't just "starting" + final summary.
-    // Log lines (the noisy stuff) handle their own tracing in
-    // run_install_script's sink; here we cover the lifecycle frames.
-    match &event {
-        BootstrapEvent::Manifest { stages, .. } => {
-            tracing::info!(
-                stage_count = stages.len(),
-                names = ?stages.iter().map(|s| s.name.as_str()).collect::<Vec<_>>(),
-                "manifest received"
-            );
-        }
-        BootstrapEvent::Stage {
-            name,
-            state,
-            duration_ms,
-            error,
-            ..
-        } => {
-            tracing::info!(
-                stage = %name,
-                ?state,
-                duration_ms = ?duration_ms,
-                error = ?error,
-                "stage transition"
-            );
-        }
-        BootstrapEvent::Complete { install_root, .. } => {
-            tracing::info!(install_root = %install_root, "bootstrap complete");
-        }
-        BootstrapEvent::Failed { stage, error } => {
-            tracing::error!(stage = ?stage, error = %error, "bootstrap FAILED");
-        }
-        BootstrapEvent::Log { .. } => {
-            // Log lines are teed via the sink callbacks in
-            // run_install_script — don't double-emit here.
-        }
-    }
-    if let Err(e) = app.emit(BootstrapEvent::CHANNEL, &event) {
-        tracing::warn!(?e, "failed to emit bootstrap event");
-    }
-}
-
-fn option_env_string(key: &str) -> Option<String> {
-    // option_env! only accepts literals, so we hardcode the known keys.
-    let val = match key {
-        "BUILD_PIN_COMMIT" => option_env!("BUILD_PIN_COMMIT"),
-        "BUILD_PIN_BRANCH" => option_env!("BUILD_PIN_BRANCH"),
-        _ => None,
-    };
-    val.map(|s| s.to_string())
-}
-
-fn truncate(s: &str, max: usize) -> String {
-    if s.len() <= max {
-        s.to_string()
-    } else {
-        format!("{}...", &s[..max])
-    }
-}
--- a/apps/bootstrap-installer/src-tauri/src/events.rs
+++ b/apps/bootstrap-installer/src-tauri/src/events.rs
@@ -1,99 +0,0 @@
-//! Event types streamed from Rust → React.
-//!
-//! These mirror `apps/desktop/electron/bootstrap-runner.cjs`'s event shape
-//! 1:1 so the React installer code can be roughly identical to the Electron
-//! install-overlay we'll replace.
-//!
-//! The Tauri event channel name is `"bootstrap"` for all of these — the
-//! `type` discriminator on each payload is how the frontend routes.
-
-use serde::{Deserialize, Serialize};
-
-/// Stage definition as reported by `install.ps1 -Manifest`.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct StageInfo {
-    pub name: String,
-    pub title: String,
-    pub category: String,
-    /// `needs_user_input=true` stages run with -NonInteractive and emit
-    /// skipped=true; the post-install wizard takes over for those.
-    #[serde(rename = "needs_user_input", alias = "needsUserInput")]
-    pub needs_user_input: bool,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct Manifest {
-    pub stages: Vec<StageInfo>,
-    #[serde(rename = "protocol_version", alias = "protocolVersion", default)]
-    pub protocol_version: Option<u32>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct StageResultPayload {
-    pub stage: String,
-    pub ok: bool,
-    #[serde(default)]
-    pub skipped: bool,
-    #[serde(default)]
-    pub reason: Option<String>,
-    /// install.ps1 may attach stage-specific structured data here.
-    #[serde(default)]
-    pub data: Option<serde_json::Value>,
-}
-
-/// Run-state for a single stage as we transition through it.
-#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(rename_all = "lowercase")]
-pub enum StageState {
-    Running,
-    Succeeded,
-    Skipped,
-    Failed,
-}
-
-/// The single event channel `bootstrap` emits these. `type` discriminates.
-#[derive(Debug, Clone, Serialize)]
-#[serde(tag = "type", rename_all = "lowercase")]
-pub enum BootstrapEvent {
-    /// Sent once at the start with the full stage list.
-    Manifest {
-        stages: Vec<StageInfo>,
-        #[serde(rename = "protocolVersion")]
-        protocol_version: Option<u32>,
-    },
-    /// Stage state transition. `result` populated only on terminal states.
-    Stage {
-        name: String,
-        state: StageState,
-        #[serde(rename = "durationMs", skip_serializing_if = "Option::is_none")]
-        duration_ms: Option<u64>,
-        #[serde(skip_serializing_if = "Option::is_none")]
-        result: Option<StageResultPayload>,
-        #[serde(skip_serializing_if = "Option::is_none")]
-        error: Option<String>,
-    },
-    /// Raw stdout/stderr line from install.ps1 (or our wrapper).
-    Log {
-        #[serde(skip_serializing_if = "Option::is_none")]
-        stage: Option<String>,
-        line: String,
-    },
-    /// Sent once when all stages complete successfully.
-    Complete {
-        #[serde(rename = "installRoot")]
-        install_root: String,
-        marker: Option<serde_json::Value>,
-    },
-    /// Sent once if the run aborts.
-    Failed {
-        #[serde(skip_serializing_if = "Option::is_none")]
-        stage: Option<String>,
-        error: String,
-    },
-}
-
-impl BootstrapEvent {
-    /// Tauri event name. Single channel for all bootstrap events; the
-    /// `type` tag tells the renderer how to interpret the payload.
-    pub const CHANNEL: &'static str = "bootstrap";
-}
--- a/apps/bootstrap-installer/src-tauri/src/install_script.rs
+++ b/apps/bootstrap-installer/src-tauri/src/install_script.rs
@@ -1,273 +0,0 @@
-//! Resolves and downloads `scripts/install.ps1` (and `install.sh`).
-//!
-//! Resolution order:
-//!   1. Dev shortcut: a sibling repo checkout via $HERMES_SETUP_DEV_REPO_ROOT
-//!      env var. Lets devs iterate without re-publishing the script.
-//!   2. Bundled fallback: if the installer was bundled with a script (e.g.
-//!      tauri's `resource` mechanism), serve from there. Not used today.
-//!   3. Network: download from GitHub raw at a pinned commit or branch.
-//!      Commit pins are immutable; branch pins are HEAD-tracking.
-//!
-//! Mirrors `apps/desktop/electron/bootstrap-runner.cjs`'s `resolveInstallScript`,
-//! but the dev-checkout resolution is driven by an env var rather than the
-//! Electron app's APP_ROOT/../.. trick, because Hermes-Setup.exe is meant
-//! to live OUTSIDE any repo checkout.
-
-use anyhow::{anyhow, Context, Result};
-use std::path::{Path, PathBuf};
-use tokio::io::AsyncWriteExt;
-
-use crate::paths;
-
-/// Identity of the install.ps1 we'll execute. Used by both the manifest
-/// fetch and the per-stage runs.
-#[derive(Debug, Clone)]
-pub struct ResolvedScript {
-    pub path: PathBuf,
-    pub source: ScriptSource,
-    /// Commit pin (40-char SHA) if known. install.ps1's `-Commit` arg is
-    /// what makes the repo stage clone the exact tested SHA.
-    pub commit: Option<String>,
-    pub branch: Option<String>,
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub enum ScriptSource {
-    DevCheckout,
-    Bundled,
-    Cached,
-    Downloaded,
-}
-
-/// What flavor of script (Windows .ps1 vs Unix .sh).
-#[derive(Debug, Clone, Copy)]
-pub enum ScriptKind {
-    Ps1,
-    Sh,
-}
-
-impl ScriptKind {
-    pub fn for_current_os() -> Self {
-        if cfg!(target_os = "windows") {
-            Self::Ps1
-        } else {
-            Self::Sh
-        }
-    }
-
-    fn filename(&self) -> &'static str {
-        match self {
-            Self::Ps1 => "install.ps1",
-            Self::Sh => "install.sh",
-        }
-    }
-}
-
-/// Validates a string looks like a git SHA (7+ hex chars). Mirrors
-/// `STAMP_COMMIT_RE` from bootstrap-runner.cjs.
-fn is_valid_commit(s: &str) -> bool {
-    let len = s.len();
-    (7..=40).contains(&len) && s.chars().all(|c| c.is_ascii_hexdigit())
-}
-
-/// Resolves the install script to use for this run.
-///
-/// `pin` is the commit-or-branch from either Hermes-Setup's build-time
-/// constant (compiled into the installer) or a runtime override.
-pub async fn resolve(
-    kind: ScriptKind,
-    pin: &Pin,
-    emit_log: &impl Fn(&str),
-) -> Result<ResolvedScript> {
-    // 1. Dev shortcut.
-    if let Ok(repo_root) = std::env::var("HERMES_SETUP_DEV_REPO_ROOT") {
-        let candidate = PathBuf::from(repo_root).join("scripts").join(kind.filename());
-        if candidate.exists() {
-            emit_log(&format!(
-                "[bootstrap] dev mode — using local {} at {}",
-                kind.filename(),
-                candidate.display()
-            ));
-            return Ok(ResolvedScript {
-                path: candidate,
-                source: ScriptSource::DevCheckout,
-                commit: pin.commit.clone(),
-                branch: pin.branch.clone(),
-            });
-        }
-    }
-
-    // 2. (Not implemented) bundled fallback.
-
-    // 3. Network. Pin must be a real commit or a branch ref.
-    let commit_or_ref = match (&pin.commit, &pin.branch) {
-        (Some(c), _) if is_valid_commit(c) => c.clone(),
-        (_, Some(b)) if !b.trim().is_empty() => b.clone(),
-        (Some(other), _) => {
-            return Err(anyhow!(
-                "install script pin commit `{other}` is not a valid git SHA"
-            ));
-        }
-        _ => {
-            return Err(anyhow!(
-                "no install-script pin supplied — installer cannot resolve a script source"
-            ));
-        }
-    };
-
-    let cached = cached_path(kind, &commit_or_ref);
-    if cached.exists() {
-        emit_log(&format!(
-            "[bootstrap] using cached {} for {}",
-            kind.filename(),
-            truncate_ref(&commit_or_ref)
-        ));
-        return Ok(ResolvedScript {
-            path: cached,
-            source: ScriptSource::Cached,
-            commit: pin.commit.clone(),
-            branch: pin.branch.clone(),
-        });
-    }
-
-    emit_log(&format!(
-        "[bootstrap] downloading {} for {} from GitHub",
-        kind.filename(),
-        truncate_ref(&commit_or_ref)
-    ));
-
-    download(kind, &commit_or_ref, &cached).await?;
-
-    emit_log(&format!("[bootstrap] cached to {}", cached.display()));
-
-    Ok(ResolvedScript {
-        path: cached,
-        source: ScriptSource::Downloaded,
-        commit: pin.commit.clone(),
-        branch: pin.branch.clone(),
-    })
-}
-
-#[derive(Debug, Clone, Default)]
-pub struct Pin {
-    pub commit: Option<String>,
-    pub branch: Option<String>,
-}
-
-fn cached_path(kind: ScriptKind, commit_or_ref: &str) -> PathBuf {
-    let safe = sanitize_ref(commit_or_ref);
-    let filename = match kind {
-        ScriptKind::Ps1 => format!("install-{safe}.ps1"),
-        ScriptKind::Sh => format!("install-{safe}.sh"),
-    };
-    paths::bootstrap_cache_dir().join(filename)
-}
-
-/// Replace anything that's not [A-Za-z0-9._-] with `_`. Branch refs can
-/// contain `/`, dots, etc.; we want a flat filename.
-fn sanitize_ref(s: &str) -> String {
-    s.chars()
-        .map(|c| {
-            if c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == '_' {
-                c
-            } else {
-                '_'
-            }
-        })
-        .collect()
-}
-
-fn truncate_ref(s: &str) -> &str {
-    if is_valid_commit(s) && s.len() >= 12 {
-        &s[..12]
-    } else {
-        s
-    }
-}
-
-/// Downloads to `dest_path` via reqwest with rustls. Atomically renames
-/// `dest_path.tmp` → `dest_path` so partial writes don't poison the cache.
-async fn download(kind: ScriptKind, commit_or_ref: &str, dest_path: &Path) -> Result<()> {
-    let url = format!(
-        "https://raw.githubusercontent.com/NousResearch/hermes-agent/{}/scripts/{}",
-        commit_or_ref,
-        kind.filename()
-    );
-
-    if let Some(parent) = dest_path.parent() {
-        std::fs::create_dir_all(parent).with_context(|| {
-            format!("creating bootstrap-cache parent dir {}", parent.display())
-        })?;
-    }
-
-    let tmp_path = dest_path.with_extension({
-        let ext = dest_path
-            .extension()
-            .and_then(|s| s.to_str())
-            .unwrap_or("tmp");
-        format!("{ext}.tmp")
-    });
-
-    let response = reqwest::Client::new()
-        .get(&url)
-        .header("User-Agent", "hermes-setup/0.0.1")
-        .send()
-        .await
-        .with_context(|| format!("GET {url}"))?;
-
-    if !response.status().is_success() {
-        return Err(anyhow!(
-            "Failed to download {}: HTTP {} from {}",
-            kind.filename(),
-            response.status(),
-            url
-        ));
-    }
-
-    let bytes = response
-        .bytes()
-        .await
-        .with_context(|| format!("reading body of {url}"))?;
-
-    let mut file = tokio::fs::File::create(&tmp_path)
-        .await
-        .with_context(|| format!("creating temp file {}", tmp_path.display()))?;
-    file.write_all(&bytes)
-        .await
-        .with_context(|| format!("writing temp file {}", tmp_path.display()))?;
-    file.flush().await.context("flushing temp file")?;
-    drop(file);
-
-    tokio::fs::rename(&tmp_path, dest_path)
-        .await
-        .with_context(|| {
-            format!(
-                "renaming {} → {}",
-                tmp_path.display(),
-                dest_path.display()
-            )
-        })?;
-
-    Ok(())
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn is_valid_commit_accepts_short_and_full_shas() {
-        assert!(is_valid_commit("02d26981d3d4ad50e142399b8476f59ad5953ff0"));
-        assert!(is_valid_commit("02d2698"));
-        assert!(!is_valid_commit("02d269"));
-        assert!(!is_valid_commit("not-a-sha"));
-        assert!(!is_valid_commit(""));
-    }
-
-    #[test]
-    fn sanitize_ref_replaces_slashes() {
-        assert_eq!(sanitize_ref("bb/gui"), "bb_gui");
-        assert_eq!(sanitize_ref("main"), "main");
-        assert_eq!(sanitize_ref("release/1.2.3"), "release_1.2.3");
-    }
-}
--- a/apps/bootstrap-installer/src-tauri/src/lib.rs
+++ b/apps/bootstrap-installer/src-tauri/src/lib.rs
@@ -1,134 +0,0 @@
-//! Hermes Setup — Tauri entrypoint.
-//!
-//! Spawns a single window pointed at the React frontend (apps/bootstrap-installer/src/).
-//! All install-time work lives in `bootstrap.rs` and is invoked through the Tauri
-//! commands registered at the bottom of `run()`.
-//!
-//! The Windows-subsystem strip lives on the binary crate (src/main.rs), not
-//! here — a crate-level attribute on a lib doesn't propagate to the linker
-//! flags of the executable that consumes it.
-
-mod bootstrap;
-mod events;
-mod install_script;
-mod powershell;
-mod paths;
-mod update;
-
-use std::sync::Arc;
-use tokio::sync::Mutex;
-
-/// How the installer was invoked. Resolved once from the process args in
-/// `run()` and exposed to the frontend via `get_mode` so it can route to the
-/// install flow (first-run onboarding) or the update flow (driven by the
-/// desktop app handing off via `Hermes-Setup.exe --update`).
-///
-/// Bare launch (double-click, first-run) => Install.
-/// `--update` (spawned by the desktop's "Update" button) => Update.
-#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize)]
-#[serde(rename_all = "lowercase")]
-pub enum AppMode {
-    Install,
-    Update,
-}
-
-impl AppMode {
-    /// Resolve the mode from an argument iterator. Anything containing the
-    /// `--update` flag selects Update; otherwise Install. Kept arg-iterator
-    /// generic (not reading `std::env` directly) so it's unit-testable.
-    pub fn from_args<I, S>(args: I) -> Self
-    where
-        I: IntoIterator<Item = S>,
-        S: AsRef<str>,
-    {
-        for a in args {
-            if a.as_ref() == "--update" {
-                return AppMode::Update;
-            }
-        }
-        AppMode::Install
-    }
-}
-
-/// Process-wide install state, shared across Tauri commands.
-///
-/// The bootstrap is a one-shot, single-tenant process — we only need one
-/// of these per window. `Arc<Mutex<...>>` lets command handlers grab it
-/// without lifetime gymnastics.
-pub struct AppState {
-    pub bootstrap: Mutex<Option<bootstrap::BootstrapHandle>>,
-    /// How this process was launched (install vs update). Immutable for the
-    /// lifetime of the process; read by the `get_mode` command.
-    pub mode: AppMode,
-}
-
-impl AppState {
-    fn new(mode: AppMode) -> Self {
-        Self {
-            bootstrap: Mutex::new(None),
-            mode,
-        }
-    }
-}
-
-/// Frontend → Rust: which flow should the UI render?
-#[tauri::command]
-fn get_mode(state: tauri::State<'_, Arc<AppState>>) -> AppMode {
-    state.mode
-}
-
-#[cfg_attr(mobile, tauri::mobile_entry_point)]
-pub fn run() {
-    // Tracing → bootstrap-installer.log under HERMES_HOME/logs/ so install
-    // failures leave a trail for support. Console output also goes here in
-    // debug builds.
-    let _guard = paths::init_logging();
-
-    let mode = AppMode::from_args(std::env::args().skip(1));
-    tracing::info!(?mode, "Hermes Setup starting");
-
-    tauri::Builder::default()
-        .plugin(tauri_plugin_dialog::init())
-        .plugin(tauri_plugin_opener::init())
-        .plugin(tauri_plugin_process::init())
-        .plugin(tauri_plugin_shell::init())
-        .manage(Arc::new(AppState::new(mode)))
-        .invoke_handler(tauri::generate_handler![
-            // Mode (install vs update)
-            get_mode,
-            // Bootstrap lifecycle
-            bootstrap::start_bootstrap,
-            bootstrap::cancel_bootstrap,
-            bootstrap::get_bootstrap_status,
-            // Update lifecycle
-            update::start_update,
-            // Hand-off
-            bootstrap::launch_hermes_desktop,
-            // Diagnostics
-            paths::get_log_path,
-            paths::get_hermes_home,
-            paths::open_log_dir,
-        ])
-        .run(tauri::generate_context!())
-        .expect("error while running Hermes Setup");
-}
-
-#[cfg(test)]
-mod tests {
-    use super::AppMode;
-
-    #[test]
-    fn bare_args_are_install() {
-        assert_eq!(AppMode::from_args(Vec::<String>::new()), AppMode::Install);
-        assert_eq!(AppMode::from_args(["--foo", "bar"]), AppMode::Install);
-    }
-
-    #[test]
-    fn update_flag_selects_update() {
-        assert_eq!(AppMode::from_args(["--update"]), AppMode::Update);
-        assert_eq!(
-            AppMode::from_args(["--something", "--update", "--else"]),
-            AppMode::Update
-        );
-    }
-}
--- a/apps/bootstrap-installer/src-tauri/src/main.rs
+++ b/apps/bootstrap-installer/src-tauri/src/main.rs
@@ -1,19 +0,0 @@
-// Hermes Setup — process entrypoint. All logic lives in lib.rs so it can
-// be unit-tested as a library; this file just calls into it.
-//
-// The windows_subsystem attribute MUST live here on the binary crate
-// (not lib.rs) — placing it on the lib was the bug that left a stray
-// cmd window behind Hermes-Setup.exe on release builds.
-//
-// `windows_subsystem = "windows"` strips the console allocation that
-// the default `windows_subsystem = "console"` would do, so double-clicking
-// the .exe gives you ONLY the Tauri window.
-//
-// debug_assertions guard: dev builds keep the console so tracing output
-// is visible during `cargo tauri dev`.
-
-#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
-
-fn main() {
-    hermes_bootstrap_lib::run()
-}
--- a/apps/bootstrap-installer/src-tauri/src/paths.rs
+++ b/apps/bootstrap-installer/src-tauri/src/paths.rs
@@ -1,168 +0,0 @@
-//! Filesystem paths + logging setup.
-//!
-//! Mirrors `hermes_constants.get_hermes_home()` from the Python CLI:
-//!   Windows: %LOCALAPPDATA%\hermes
-//!   macOS:   ~/.hermes
-//!   Linux:   ~/.hermes  (override via $HERMES_HOME)
-//!
-//! NOTE (macOS): Python's get_hermes_home(), scripts/install.sh, and the
-//! Electron desktop's resolveHermesHome() ALL use ~/.hermes on macOS — there
-//! is no ~/Library/Application Support branch anywhere else. An earlier
-//! version of this file used Application Support, which drifted from every
-//! other component: the installer wrote the install to one dir and the
-//! desktop looked for it in another, so first launch never found the backend.
-//!
-//! IMPORTANT: this must match exactly. Drift here means install.ps1
-//! writes to one place and the installer reads from another, breaking
-//! the bootstrap-complete check.
-
-use std::path::{Path, PathBuf};
-use tracing_appender::non_blocking::WorkerGuard;
-
-/// Returns the canonical Hermes home directory, respecting $HERMES_HOME if set.
-pub fn hermes_home() -> PathBuf {
-    if let Ok(override_path) = std::env::var("HERMES_HOME") {
-        if !override_path.trim().is_empty() {
-            return PathBuf::from(override_path);
-        }
-    }
-
-    #[cfg(target_os = "windows")]
-    {
-        // %LOCALAPPDATA%\hermes — matches scripts/install.ps1's $HermesHome.
-        if let Some(local_app_data) = dirs::data_local_dir() {
-            return local_app_data.join("hermes");
-        }
-    }
-
-    // macOS + Linux + fallback: ~/.hermes (matches Python get_hermes_home(),
-    // install.sh, and the Electron desktop's resolveHermesHome()).
-    if let Some(home) = dirs::home_dir() {
-        return home.join(".hermes");
-    }
-
-    // Last resort — current dir, almost certainly wrong but at least
-    // doesn't panic.
-    PathBuf::from(".hermes")
-}
-
-pub fn log_dir() -> PathBuf {
-    hermes_home().join("logs")
-}
-
-pub fn log_path() -> PathBuf {
-    log_dir().join("bootstrap-installer.log")
-}
-
-pub fn bootstrap_cache_dir() -> PathBuf {
-    hermes_home().join("bootstrap-cache")
-}
-
-/// Stable location the installer copies itself to after a successful install.
-/// The desktop app re-invokes this with `--update`, and the start-menu /
-/// desktop shortcuts can point users back to it. Lives directly under
-/// HERMES_HOME so it survives repo checkout deletion (unlike anything under
-/// hermes-agent/).
-///
-/// On Windows this is `%LOCALAPPDATA%\hermes\hermes-setup.exe`; on other
-/// platforms the extension differs but the directory is the same.
-pub fn installer_dest() -> PathBuf {
-    let name = if cfg!(target_os = "windows") {
-        "hermes-setup.exe"
-    } else {
-        "hermes-setup"
-    };
-    hermes_home().join(name)
-}
-
-/// Copy the currently-running installer binary to `installer_dest()` so it's
-/// available for future `--update` runs and shortcut launches.
-///
-/// No-ops (returns Ok) when the running exe is ALREADY the destination — which
-/// is exactly the case during an `--update` run (the desktop launched us FROM
-/// that path), where copying onto ourselves would be a Windows sharing
-/// violation. Best-effort: a failure here must not fail the install, so the
-/// caller logs and continues.
-pub fn copy_self_to_hermes_home() -> std::io::Result<()> {
-    let src = std::env::current_exe()?;
-    let dest = installer_dest();
-
-    // Skip if we're already running from the destination (update re-invocation
-    // or a prior copy). canonicalize both so symlinks / 8.3 short paths / case
-    // differences don't trick us into a self-copy.
-    let same = match (src.canonicalize(), dest.canonicalize()) {
-        (Ok(a), Ok(b)) => a == b,
-        _ => src == dest,
-    };
-    if same {
-        tracing::info!(?dest, "installer already at destination; skipping self-copy");
-        return Ok(());
-    }
-
-    if let Some(parent) = dest.parent() {
-        std::fs::create_dir_all(parent)?;
-    }
-    std::fs::copy(&src, &dest)?;
-    tracing::info!(?src, ?dest, "copied installer to HERMES_HOME");
-    Ok(())
-}
-
-/// Where install.ps1 writes the bootstrap-complete marker (existence-only file
-/// the Electron app also checks). Per main.cjs:
-///   const BOOTSTRAP_COMPLETE_MARKER = path.join(ACTIVE_HERMES_ROOT, '.hermes-bootstrap-complete')
-/// We don't always know ACTIVE_HERMES_ROOT until install.ps1 reports it, so
-/// this is a probe helper, not a definitive path.
-pub fn likely_bootstrap_marker(install_root: &Path) -> PathBuf {
-    install_root.join(".hermes-bootstrap-complete")
-}
-
-/// Initializes tracing to bootstrap-installer.log under HERMES_HOME/logs/.
-/// Returns a guard that flushes the appender on drop — keep it alive for
-/// the lifetime of the process.
-pub fn init_logging() -> Option<WorkerGuard> {
-    let dir = log_dir();
-    if let Err(err) = std::fs::create_dir_all(&dir) {
-        // No log dir → log to stderr only. Don't panic; the installer
-        // should still be usable on an exotic filesystem.
-        eprintln!("[hermes-setup] could not create log dir {dir:?}: {err}");
-        return None;
-    }
-
-    let file_appender = tracing_appender::rolling::never(&dir, "bootstrap-installer.log");
-    let (non_blocking, guard) = tracing_appender::non_blocking(file_appender);
-
-    let env_filter = tracing_subscriber::EnvFilter::try_from_env("HERMES_BOOTSTRAP_LOG")
-        .unwrap_or_else(|_| tracing_subscriber::EnvFilter::new("info"));
-
-    tracing_subscriber::fmt()
-        .with_env_filter(env_filter)
-        .with_writer(non_blocking)
-        .with_ansi(false)
-        .with_target(true)
-        .init();
-
-    Some(guard)
-}
-
-// ---------------------------------------------------------------------------
-// Tauri commands
-// ---------------------------------------------------------------------------
-
-#[tauri::command]
-pub fn get_log_path() -> String {
-    log_path().to_string_lossy().into_owned()
-}
-
-#[tauri::command]
-pub fn get_hermes_home() -> String {
-    hermes_home().to_string_lossy().into_owned()
-}
-
-#[tauri::command]
-pub fn open_log_dir(app: tauri::AppHandle) -> Result<(), String> {
-    use tauri_plugin_opener::OpenerExt;
-    let path = log_dir();
-    app.opener()
-        .open_path(path.to_string_lossy(), None::<&str>)
-        .map_err(|e| e.to_string())
-}
--- a/apps/bootstrap-installer/src-tauri/src/powershell.rs
+++ b/apps/bootstrap-installer/src-tauri/src/powershell.rs
@@ -1,267 +0,0 @@
-//! Drives PowerShell (Windows) or bash (Unix) for install.ps1 / install.sh.
-//!
-//! Port of `spawnPowerShell` from bootstrap-runner.cjs, with the same
-//! line-buffered stdout/stderr streaming + cancellation semantics.
-//!
-//! On Windows we pass `-NoProfile -ExecutionPolicy Bypass -File <script>`.
-//! On Unix we shell out to `bash <script>` since install.sh expects bash.
-
-use anyhow::{Context, Result};
-use std::path::Path;
-use std::process::Stdio;
-use tokio::io::{AsyncBufReadExt, BufReader};
-use tokio::process::{Child, Command};
-use tokio::sync::mpsc;
-
-/// Hooks the caller installs to receive output.
-pub struct StreamSink {
-    pub on_stdout_line: Box<dyn Fn(&str) + Send + Sync>,
-    pub on_stderr_line: Box<dyn Fn(&str) + Send + Sync>,
-}
-
-/// Outcome of a script invocation. Mirrors bootstrap-runner.cjs's
-/// `{stdout, stderr, code, signal, killed}` shape.
-#[derive(Debug)]
-pub struct ScriptResult {
-    pub stdout: String,
-    pub stderr: String,
-    pub exit_code: Option<i32>,
-    pub killed: bool,
-}
-
-/// Cancellation signal — `cancel_tx.send(()).await` aborts the running script.
-pub type CancelRx = mpsc::Receiver<()>;
-
-/// Spawns install.ps1 / install.sh with the given args and streams output.
-///
-/// `hermes_home_override` propagates to the child as $HERMES_HOME so the
-/// install script writes to the same directory the installer is reading from.
-pub async fn run_script(
-    script_path: &Path,
-    args: &[String],
-    sink: StreamSink,
-    hermes_home_override: Option<&str>,
-    mut cancel_rx: Option<CancelRx>,
-) -> Result<ScriptResult> {
-    let mut cmd = build_command(script_path, args);
-
-    if let Some(home) = hermes_home_override {
-        cmd.env("HERMES_HOME", home);
-    }
-
-    cmd.stdin(Stdio::null())
-        .stdout(Stdio::piped())
-        .stderr(Stdio::piped());
-
-    // On Windows, avoid spawning a flashing cmd window when we're hosted
-    // inside a GUI process. Tauri's main window is already created, so
-    // the side-effect console for the child is unwanted.
-    #[cfg(target_os = "windows")]
-    {
-        // CREATE_NO_WINDOW = 0x08000000
-        cmd.creation_flags(0x0800_0000);
-    }
-
-    let mut child: Child = cmd
-        .spawn()
-        .with_context(|| format!("spawning {}", script_path.display()))?;
-
-    let stdout = child.stdout.take().expect("stdout was piped");
-    let stderr = child.stderr.take().expect("stderr was piped");
-
-    let mut stdout_reader = BufReader::new(stdout).lines();
-    let mut stderr_reader = BufReader::new(stderr).lines();
-
-    let mut combined_stdout = String::new();
-    let mut combined_stderr = String::new();
-    let mut killed = false;
-
-    // Loop: poll stdout, stderr, cancel, and child exit concurrently.
-    loop {
-        tokio::select! {
-            line = stdout_reader.next_line() => {
-                match line {
-                    Ok(Some(l)) => {
-                        (sink.on_stdout_line)(&l);
-                        combined_stdout.push_str(&l);
-                        combined_stdout.push('\n');
-                    }
-                    Ok(None) => {
-                        // EOF on stdout — wait for stderr + exit.
-                        break;
-                    }
-                    Err(e) => {
-                        tracing::warn!("stdout read error: {e}");
-                        break;
-                    }
-                }
-            }
-            line = stderr_reader.next_line() => {
-                match line {
-                    Ok(Some(l)) => {
-                        (sink.on_stderr_line)(&l);
-                        combined_stderr.push_str(&l);
-                        combined_stderr.push('\n');
-                    }
-                    Ok(None) => {
-                        // stderr EOF — keep draining stdout.
-                    }
-                    Err(e) => {
-                        tracing::warn!("stderr read error: {e}");
-                    }
-                }
-            }
-            _ = recv_cancel(&mut cancel_rx) => {
-                tracing::warn!("cancellation received — killing child");
-                killed = true;
-                // best-effort kill; don't propagate errors
-                let _ = child.start_kill();
-                break;
-            }
-        }
-    }
-
-    // Drain remaining lines after the loop exited.
-    while let Ok(Some(l)) = stdout_reader.next_line().await {
-        (sink.on_stdout_line)(&l);
-        combined_stdout.push_str(&l);
-        combined_stdout.push('\n');
-    }
-    while let Ok(Some(l)) = stderr_reader.next_line().await {
-        (sink.on_stderr_line)(&l);
-        combined_stderr.push_str(&l);
-        combined_stderr.push('\n');
-    }
-
-    let status = child
-        .wait()
-        .await
-        .context("waiting for install script to exit")?;
-
-    Ok(ScriptResult {
-        stdout: combined_stdout,
-        stderr: combined_stderr,
-        exit_code: status.code(),
-        killed,
-    })
-}
-
-async fn recv_cancel(rx: &mut Option<CancelRx>) {
-    match rx {
-        Some(r) => {
-            let _ = r.recv().await;
-        }
-        None => std::future::pending::<()>().await,
-    }
-}
-
-#[cfg(target_os = "windows")]
-fn build_command(script_path: &Path, args: &[String]) -> Command {
-    // We want PowerShell 5.1 / 7. install.ps1 uses 5.1-safe syntax everywhere.
-    // Prefer `powershell.exe` (5.1 baseline, present on every Windows since 7)
-    // over `pwsh.exe` (7+, may not be present).
-    let mut cmd = Command::new("powershell.exe");
-    cmd.arg("-NoProfile");
-    cmd.arg("-ExecutionPolicy").arg("Bypass");
-    cmd.arg("-File").arg(script_path);
-    for a in args {
-        cmd.arg(a);
-    }
-    cmd
-}
-
-#[cfg(not(target_os = "windows"))]
-fn build_command(script_path: &Path, args: &[String]) -> Command {
-    // install.sh expects bash. /bin/bash is fine on macOS (Apple still
-    // ships an old 3.2 bash; install.sh is written to that baseline).
-    let mut cmd = Command::new("bash");
-    cmd.arg(script_path);
-    for a in args {
-        cmd.arg(a);
-    }
-    cmd
-}
-
-/// Parses the LAST line of stdout that looks like a JSON object matching
-/// the install.ps1 stage-result contract: `{ok: bool, stage: string, ...}`.
-///
-/// Mirrors `parseStageResult` from bootstrap-runner.cjs. install.ps1 may
-/// print info/banner lines before the result frame; we scan from the end.
-pub fn parse_stage_result(stdout: &str) -> Option<crate::events::StageResultPayload> {
-    for line in stdout.lines().rev() {
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        if let Ok(value) = serde_json::from_str::<serde_json::Value>(trimmed) {
-            if value.get("ok").and_then(|v| v.as_bool()).is_some()
-                && value.get("stage").and_then(|v| v.as_str()).is_some()
-            {
-                if let Ok(parsed) =
-                    serde_json::from_value::<crate::events::StageResultPayload>(value)
-                {
-                    return Some(parsed);
-                }
-            }
-        }
-    }
-    None
-}
-
-/// Same logic but for the `-Manifest` payload (the LAST line with a `stages`
-/// array). Returns the parsed manifest.
-pub fn parse_manifest(stdout: &str) -> Option<crate::events::Manifest> {
-    for line in stdout.lines().rev() {
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        if let Ok(value) = serde_json::from_str::<serde_json::Value>(trimmed) {
-            if value.get("stages").and_then(|v| v.as_array()).is_some() {
-                if let Ok(parsed) = serde_json::from_value::<crate::events::Manifest>(value) {
-                    return Some(parsed);
-                }
-            }
-        }
-    }
-    None
-}
-
-#[cfg(target_os = "windows")]
-use std::os::windows::process::CommandExt;
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn parse_stage_result_picks_last_json_line() {
-        let stdout = r#"
-[bootstrap] some info
-{"ok": false, "stage": "venv", "reason": "bad python"}
-{"ok": true, "stage": "venv"}
-final non-json banner
-"#;
-        let result = parse_stage_result(stdout).unwrap();
-        assert_eq!(result.stage, "venv");
-        assert!(result.ok);
-    }
-
-    #[test]
-    fn parse_manifest_finds_stages_array() {
-        let stdout = r#"
-info line
-{"stages": [{"name": "uv", "title": "uv", "category": "prereqs", "needs_user_input": false}], "protocol_version": 1}
-"#;
-        let m = parse_manifest(stdout).unwrap();
-        assert_eq!(m.stages.len(), 1);
-        assert_eq!(m.stages[0].name, "uv");
-        assert_eq!(m.protocol_version, Some(1));
-    }
-
-    #[test]
-    fn parse_returns_none_when_no_match() {
-        assert!(parse_stage_result("just banner\n").is_none());
-        assert!(parse_manifest("just banner\n").is_none());
-    }
-}
--- a/apps/bootstrap-installer/src-tauri/src/update.rs
+++ b/apps/bootstrap-installer/src-tauri/src/update.rs
@@ -1,462 +0,0 @@
-//! Update orchestration.
-//!
-//! Driven when the installer is launched as `Hermes-Setup.exe --update` (see
-//! `AppMode` in lib.rs). The desktop app hands off to us — it exits, then we:
-//!
-//!   1. wait for the old Hermes desktop process to fully exit (so the venv
-//!      shim is free; otherwise `hermes update` aborts with exit code 2),
-//!   2. run `hermes update --yes --gateway` (Python/repo update; this does NOT
-//!      rebuild apps/desktop by design — see cmd_update in hermes_cli/main.py),
-//!   3. run `hermes desktop --build-only` (the rebuild step update skips),
-//!   4. launch the freshly-built desktop (reuses bootstrap::launch logic).
-//!
-//! We reuse the `BootstrapEvent` channel + the existing progress UI by
-//! emitting a synthetic two-stage manifest ("update", "rebuild"). To the
-//! frontend an update looks like a short bootstrap.
-//!
-//! Cross-platform note: `hermes update` already handles macOS/Linux (git/pip).
-//! The only OS-specific bits here are the venv shim path (resolve_hermes) and
-//! the no-window creation flag — both already cfg-gated. Keep new logic
-//! OS-agnostic so the mac/linux port stays "fill in the paths".
-
-use std::path::{Path, PathBuf};
-use std::process::Stdio;
-use std::time::{Duration, Instant};
-
-use anyhow::{anyhow, Result};
-use tauri::{AppHandle, Emitter};
-use tokio::io::{AsyncBufReadExt, BufReader};
-use tokio::process::Command;
-
-use crate::events::{BootstrapEvent, StageInfo, StageState};
-
-/// `hermes update` exit code meaning "another hermes process is holding the
-/// venv shim open / dirty precondition" — see _cmd_update_impl in
-/// hermes_cli/main.py (sys.exit(2)). We surface a targeted message for this.
-const UPDATE_EXIT_CONCURRENT: i32 = 2;
-
-/// How long to wait for the old desktop process to release the venv shim
-/// before giving up and letting `hermes update`'s own guard decide.
-const DESKTOP_EXIT_WAIT: Duration = Duration::from_secs(20);
-const DESKTOP_EXIT_POLL: Duration = Duration::from_millis(500);
-
-/// Frontend → Rust: kick off the update flow. Mirrors `start_bootstrap`'s
-/// fire-and-forget shape; progress arrives on the `bootstrap` event channel.
-#[tauri::command]
-pub async fn start_update(app: AppHandle) -> Result<(), String> {
-    tokio::spawn(async move {
-        if let Err(err) = run_update(app.clone()).await {
-            // run_update already emits a Failed event on the paths that matter;
-            // this catches anything that escaped. Emit defensively.
-            emit(
-                &app,
-                BootstrapEvent::Failed {
-                    stage: None,
-                    error: format!("{err:#}"),
-                },
-            );
-        }
-    });
-    Ok(())
-}
-
-async fn run_update(app: AppHandle) -> Result<()> {
-    let hermes_home = crate::paths::hermes_home();
-    let install_root = hermes_home.join("hermes-agent");
-
-    let hermes = resolve_hermes(&install_root).ok_or_else(|| {
-        let msg = format!(
-            "Could not find the hermes CLI under {}. Is Hermes installed? \
-             Re-run the installer to repair the install.",
-            install_root.display()
-        );
-        emit(
-            &app,
-            BootstrapEvent::Failed {
-                stage: None,
-                error: msg.clone(),
-            },
-        );
-        anyhow!(msg)
-    })?;
-
-    // Synthetic manifest so the existing progress UI renders our two stages.
-    emit(
-        &app,
-        BootstrapEvent::Manifest {
-            stages: vec![
-                stage_info("update", "Updating Hermes"),
-                stage_info("rebuild", "Rebuilding the desktop app"),
-            ],
-            protocol_version: None,
-        },
-    );
-
-    // ---- pre-step: wait for the old desktop to die -----------------------
-    // The desktop exec'd us then called app.exit(), but process teardown is
-    // async on Windows. If it still holds the venv shim, `hermes update`
-    // aborts with exit 2. Give it a bounded window to clear.
-    wait_for_venv_free(&install_root, &app).await;
-
-    // ---- stage 1: hermes update -----------------------------------------
-    // Pass --branch so `hermes update` targets the branch this installer was
-    // built/pinned against (BUILD_PIN_BRANCH), NOT its built-in default of
-    // `main`. The install was a detached-HEAD checkout of a specific commit;
-    // without --branch, `hermes update` switches the checkout to `main` (a
-    // divergent branch that may not even have the desktop CLI command), then
-    // reports "already up to date" against the wrong branch. The desktop
-    // detected the update against this same branch, so we must update against
-    // it too.
-    let pin_branch = option_env_string("BUILD_PIN_BRANCH");
-    let mut update_args: Vec<&str> = vec!["update", "--yes", "--gateway"];
-    if let Some(b) = pin_branch.as_deref() {
-        update_args.push("--branch");
-        update_args.push(b);
-    }
-
-    emit_stage(&app, "update", StageState::Running, None, None);
-    let started = Instant::now();
-    let update = run_streamed(
-        &app,
-        &hermes,
-        &update_args,
-        &install_root,
-        Some("update"),
-    )
-    .await?;
-    let update_ms = started.elapsed().as_millis() as u64;
-
-    match update.exit_code {
-        Some(0) => {
-            emit_stage(&app, "update", StageState::Succeeded, Some(update_ms), None);
-        }
-        Some(code) if code == UPDATE_EXIT_CONCURRENT => {
-            let msg = "Hermes is still running. Close all Hermes windows and try \
-                       the update again."
-                .to_string();
-            emit_stage(
-                &app,
-                "update",
-                StageState::Failed,
-                Some(update_ms),
-                Some(msg.clone()),
-            );
-            emit(
-                &app,
-                BootstrapEvent::Failed {
-                    stage: Some("update".into()),
-                    error: msg.clone(),
-                },
-            );
-            return Err(anyhow!(msg));
-        }
-        other => {
-            let msg = format!(
-                "hermes update failed (exit {:?}). See {} for details.",
-                other,
-                crate::paths::hermes_home()
-                    .join("logs")
-                    .join("update.log")
-                    .display()
-            );
-            emit_stage(
-                &app,
-                "update",
-                StageState::Failed,
-                Some(update_ms),
-                Some(msg.clone()),
-            );
-            emit(
-                &app,
-                BootstrapEvent::Failed {
-                    stage: Some("update".into()),
-                    error: msg.clone(),
-                },
-            );
-            return Err(anyhow!(msg));
-        }
-    }
-
-    // ---- stage 2: hermes desktop --build-only ----------------------------
-    // `hermes update` deliberately does NOT build apps/desktop (it installs
-    // repo-root deps with --workspaces=false). This is the rebuild it skips.
-    emit_stage(&app, "rebuild", StageState::Running, None, None);
-    let started = Instant::now();
-    let rebuild = run_streamed(
-        &app,
-        &hermes,
-        &["desktop", "--build-only"],
-        &install_root,
-        Some("rebuild"),
-    )
-    .await?;
-    let rebuild_ms = started.elapsed().as_millis() as u64;
-
-    if rebuild.exit_code != Some(0) {
-        let msg = format!(
-            "Rebuilding the desktop app failed (exit {:?}). The update was \
-             applied but the app could not be rebuilt; run `hermes desktop` \
-             from a terminal to see the error.",
-            rebuild.exit_code
-        );
-        emit_stage(
-            &app,
-            "rebuild",
-            StageState::Failed,
-            Some(rebuild_ms),
-            Some(msg.clone()),
-        );
-        emit(
-            &app,
-            BootstrapEvent::Failed {
-                stage: Some("rebuild".into()),
-                error: msg.clone(),
-            },
-        );
-        return Err(anyhow!(msg));
-    }
-    emit_stage(&app, "rebuild", StageState::Succeeded, Some(rebuild_ms), None);
-
-    // ---- done: signal complete, then launch the fresh desktop ------------
-    emit(
-        &app,
-        BootstrapEvent::Complete {
-            install_root: install_root.to_string_lossy().into_owned(),
-            marker: None,
-        },
-    );
-
-    // Reuse the same detached-launch + app.exit(0) used post-install.
-    if let Err(err) =
-        crate::bootstrap::launch_hermes_desktop(app.clone(), install_root.to_string_lossy().into_owned())
-            .await
-    {
-        // Launch failed: don't hard-fail the update (it succeeded); surface a
-        // log line so the success screen can still tell the user to launch
-        // manually.
-        emit_log(
-            &app,
-            None,
-            &format!("[update] could not auto-launch desktop: {err}. Launch Hermes manually."),
-        );
-    }
-
-    Ok(())
-}
-
-/// Poll until the venv shim is no longer locked (Windows) or a bounded timeout
-/// elapses. On non-Windows this is a short fixed grace since file locking
-/// isn't the failure mode there.
-async fn wait_for_venv_free(install_root: &Path, app: &AppHandle) {
-    let shim = venv_hermes(install_root);
-    let deadline = Instant::now() + DESKTOP_EXIT_WAIT;
-
-    emit_log(app, Some("update"), "[update] waiting for Hermes to exit…");
-
-    loop {
-        if !is_locked(&shim) {
-            return;
-        }
-        if Instant::now() >= deadline {
-            emit_log(
-                app,
-                Some("update"),
-                "[update] timed out waiting for Hermes to exit; proceeding anyway",
-            );
-            return;
-        }
-        tokio::time::sleep(DESKTOP_EXIT_POLL).await;
-    }
-}
-
-/// Best-effort lock probe: try to open the file for read+write. On Windows an
-/// exclusively-held running .exe refuses the open with a sharing violation.
-/// On Unix this almost always succeeds (no mandatory locking), which is fine —
-/// the venv-shim contention is a Windows-only problem.
-fn is_locked(path: &Path) -> bool {
-    if !path.exists() {
-        return false;
-    }
-    match std::fs::OpenOptions::new().read(true).write(true).open(path) {
-        Ok(_) => false,
-        Err(_) => true,
-    }
-}
-
-/// Spawn `hermes <args>` from `cwd`, stream stdout/stderr as Log events on the
-/// bootstrap channel, and return the exit code. Mirrors powershell::run_script
-/// but for an arbitrary command (no install.ps1 -File wrapping).
-async fn run_streamed(
-    app: &AppHandle,
-    program: &Path,
-    args: &[&str],
-    cwd: &Path,
-    stage: Option<&str>,
-) -> Result<CmdResult> {
-    let mut cmd = Command::new(program);
-    cmd.args(args)
-        .current_dir(cwd)
-        .stdin(Stdio::null())
-        .stdout(Stdio::piped())
-        .stderr(Stdio::piped());
-
-    #[cfg(target_os = "windows")]
-    {
-        use std::os::windows::process::CommandExt;
-        // CREATE_NO_WINDOW = 0x08000000 — no flashing console behind the GUI.
-        cmd.creation_flags(0x0800_0000);
-    }
-
-    let mut child = cmd
-        .spawn()
-        .map_err(|e| anyhow!("spawning {} {:?}: {e}", program.display(), args))?;
-
-    let stdout = child.stdout.take().expect("stdout piped");
-    let stderr = child.stderr.take().expect("stderr piped");
-    let mut out = BufReader::new(stdout).lines();
-    let mut err = BufReader::new(stderr).lines();
-
-    let stage_owned = stage.map(|s| s.to_string());
-    loop {
-        tokio::select! {
-            line = out.next_line() => match line {
-                Ok(Some(l)) => emit_log(app, stage_owned.as_deref(), &l),
-                Ok(None) => break,
-                Err(e) => { tracing::warn!("stdout read error: {e}"); break; }
-            },
-            line = err.next_line() => match line {
-                Ok(Some(l)) => emit_log(app, stage_owned.as_deref(), &format!("stderr: {l}")),
-                Ok(None) => {}
-                Err(e) => { tracing::warn!("stderr read error: {e}"); }
-            },
-        }
-    }
-    while let Ok(Some(l)) = out.next_line().await {
-        emit_log(app, stage_owned.as_deref(), &l);
-    }
-    while let Ok(Some(l)) = err.next_line().await {
-        emit_log(app, stage_owned.as_deref(), &format!("stderr: {l}"));
-    }
-
-    let status = child.wait().await.map_err(|e| anyhow!("waiting for child: {e}"))?;
-    Ok(CmdResult {
-        exit_code: status.code(),
-    })
-}
-
-struct CmdResult {
-    exit_code: Option<i32>,
-}
-
-/// Path to the venv hermes shim under an install root, regardless of existence.
-fn venv_hermes(install_root: &Path) -> PathBuf {
-    if cfg!(target_os = "windows") {
-        install_root.join("venv").join("Scripts").join("hermes.exe")
-    } else {
-        install_root.join("venv").join("bin").join("hermes")
-    }
-}
-
-/// Resolve the hermes CLI to drive. Prefer the venv shim in the install we
-/// just updated; fall back to `hermes` on PATH.
-fn resolve_hermes(install_root: &Path) -> Option<PathBuf> {
-    let shim = venv_hermes(install_root);
-    if shim.exists() {
-        return Some(shim);
-    }
-    // PATH fallback. which-style probe via env, kept dependency-free.
-    let exe = if cfg!(target_os = "windows") { "hermes.exe" } else { "hermes" };
-    if let Ok(path) = std::env::var("PATH") {
-        let sep = if cfg!(target_os = "windows") { ';' } else { ':' };
-        for dir in path.split(sep) {
-            let cand = Path::new(dir).join(exe);
-            if cand.exists() {
-                return Some(cand);
-            }
-        }
-    }
-    None
-}
-
-// ---------------------------------------------------------------------------
-// Event helpers — keep emit shape identical to bootstrap.rs so the UI is reused
-// ---------------------------------------------------------------------------
-
-fn stage_info(name: &str, title: &str) -> StageInfo {
-    StageInfo {
-        name: name.to_string(),
-        title: title.to_string(),
-        category: "update".to_string(),
-        needs_user_input: false,
-    }
-}
-
-// option_env! only accepts string literals, so the build-time pins are read
-// by their literal names here. Mirrors bootstrap.rs's helper of the same name
-// (kept local rather than shared because option_env! can't be parameterized).
-fn option_env_string(key: &str) -> Option<String> {
-    let val = match key {
-        "BUILD_PIN_COMMIT" => option_env!("BUILD_PIN_COMMIT"),
-        "BUILD_PIN_BRANCH" => option_env!("BUILD_PIN_BRANCH"),
-        _ => None,
-    };
-    val.map(|s| s.to_string())
-}
-
-fn emit(app: &AppHandle, event: BootstrapEvent) {
-    if let Err(e) = app.emit(BootstrapEvent::CHANNEL, &event) {
-        tracing::warn!(?e, "failed to emit update event");
-    }
-}
-
-fn emit_stage(
-    app: &AppHandle,
-    name: &str,
-    state: StageState,
-    duration_ms: Option<u64>,
-    error: Option<String>,
-) {
-    tracing::info!(stage = %name, ?state, ?duration_ms, ?error, "update stage");
-    emit(
-        app,
-        BootstrapEvent::Stage {
-            name: name.to_string(),
-            state,
-            duration_ms,
-            result: None,
-            error,
-        },
-    );
-}
-
-fn emit_log(app: &AppHandle, stage: Option<&str>, line: &str) {
-    match stage {
-        Some(s) => tracing::info!(target: "bootstrap.log", stage = %s, "{line}"),
-        None => tracing::info!(target: "bootstrap.log", "{line}"),
-    }
-    emit(
-        app,
-        BootstrapEvent::Log {
-            stage: stage.map(|s| s.to_string()),
-            line: line.to_string(),
-        },
-    );
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn venv_hermes_is_under_install_root() {
-        let root = Path::new("/x/hermes-agent");
-        let shim = venv_hermes(root);
-        assert!(shim.starts_with(root));
-        assert!(shim.to_string_lossy().contains("venv"));
-    }
-
-    #[test]
-    fn missing_file_is_not_locked() {
-        assert!(!is_locked(Path::new("/nonexistent/does/not/exist/xyz")));
-    }
-}
--- a/apps/bootstrap-installer/src-tauri/tauri.conf.json
+++ b/apps/bootstrap-installer/src-tauri/tauri.conf.json
@@ -1,67 +0,0 @@
-{
-  "$schema": "https://schema.tauri.app/config/2",
-  "productName": "Hermes Setup",
-  "version": "0.0.1",
-  "identifier": "com.nousresearch.hermes.setup",
-  "build": {
-    "beforeDevCommand": "npm run dev",
-    "devUrl": "http://127.0.0.1:5175",
-    "beforeBuildCommand": "npm run build",
-    "frontendDist": "../dist"
-  },
-  "app": {
-    "windows": [
-      {
-        "label": "main",
-        "title": "Hermes Setup",
-        "width": 880,
-        "height": 620,
-        "minWidth": 720,
-        "minHeight": 520,
-        "resizable": true,
-        "fullscreen": false,
-        "decorations": true,
-        "transparent": false,
-        "center": true
-      }
-    ],
-    "security": {
-      "csp": "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; font-src 'self' data:; connect-src 'self' ipc: http://ipc.localhost"
-    },
-    "withGlobalTauri": false
-  },
-  "bundle": {
-    "active": true,
-    "category": "DeveloperTool",
-    "shortDescription": "Hermes Setup",
-    "longDescription": "Installs Hermes Agent on your machine. Drives scripts/install.ps1 (Windows) and scripts/install.sh (macOS/Linux).",
-    "publisher": "Nous Research",
-    "copyright": "Copyright © 2026 Nous Research",
-    "targets": [
-      "app",
-      "dmg",
-      "appimage"
-    ],
-    "icon": [
-      "icons/32x32.png",
-      "icons/128x128.png",
-      "icons/128x128@2x.png",
-      "icons/icon.icns",
-      "icons/icon.ico"
-    ],
-    "windows": {
-      "webviewInstallMode": {
-        "type": "embedBootstrapper"
-      }
-    },
-    "macOS": {
-      "minimumSystemVersion": "11.0",
-      "hardenedRuntime": true
-    }
-  },
-  "plugins": {
-    "shell": {
-      "open": true
-    }
-  }
-}
--- a/apps/bootstrap-installer/src/app.tsx
+++ b/apps/bootstrap-installer/src/app.tsx
@@ -1,35 +0,0 @@
-import { useStore } from '@nanostores/react'
-import { useEffect } from 'react'
-import { $route, $bootstrap, initialize } from './store'
-import Welcome from './routes/welcome'
-import Progress from './routes/progress'
-import Success from './routes/success'
-import Failure from './routes/failure'
-
-/*
- * App shell — Hermes Setup.
- *
- * No header chrome (the OS title bar already says "Hermes Setup"; an
- * in-window repeat of the H mark + words was redundant slop).
- *
- * Route state lives in a single $route atom — 4 screens, no react-router.
- */
-export default function App() {
-  const route = useStore($route)
-  const bootstrap = useStore($bootstrap)
-
-  useEffect(() => {
-    void initialize()
-  }, [])
-
-  return (
-    <div className="relative flex h-full flex-col overflow-hidden bg-background text-foreground">
-      <main className="relative z-10 flex flex-1 flex-col overflow-hidden">
-        {route === 'welcome' && <Welcome />}
-        {route === 'progress' && <Progress bootstrap={bootstrap} />}
-        {route === 'success' && <Success />}
-        {route === 'failure' && <Failure bootstrap={bootstrap} />}
-      </main>
-    </div>
-  )
-}
--- a/apps/bootstrap-installer/src/components/button.tsx
+++ b/apps/bootstrap-installer/src/components/button.tsx
@@ -1,80 +0,0 @@
-import { cva, type VariantProps } from 'class-variance-authority'
-import { Slot } from 'radix-ui'
-import * as React from 'react'
-
-import { cn } from '../lib/utils'
-
-/*
- * Button — copied verbatim from apps/desktop/src/components/ui/button.tsx.
- *
- * We import the desktop's local shadcn-style Button rather than
- * @nous-research/ui's <Button>, because the DS Button uses bg-midground /
- * text-background-base utilities that resolve to the DS's hardcoded
- * gold/brown brand defaults (#ffac02 / #170d02) unless overridden in
- * runtime. The desktop never sets those vars; it routes through its
- * own --dt-* token chain via shadcn classes like bg-primary. We do
- * the same so visuals match exactly.
- */
-
-const buttonVariants = cva(
-  "inline-flex shrink-0 items-center justify-center gap-2 rounded-md text-sm font-medium whitespace-nowrap transition-all outline-none focus-visible:border-ring focus-visible:ring-[0.1875rem] focus-visible:ring-ring/50 disabled:pointer-events-none disabled:opacity-50 aria-invalid:border-destructive aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
-  {
-    variants: {
-      variant: {
-        default: 'bg-primary text-primary-foreground hover:bg-primary/90',
-        destructive:
-          'bg-destructive text-white hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:bg-destructive/60 dark:focus-visible:ring-destructive/40',
-        outline:
-          'border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:border-input dark:bg-input/30 dark:hover:bg-input/50',
-        secondary:
-          'bg-secondary text-secondary-foreground hover:bg-secondary/80',
-        ghost:
-          'hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50',
-        link: 'text-primary underline-offset-4 decoration-current/20 hover:underline'
-      },
-      size: {
-        default: 'h-9 px-4 py-2 has-[>svg]:px-3',
-        xs: "h-6 gap-1 rounded-md px-2 text-xs has-[>svg]:px-1.5 [&_svg:not([class*='size-'])]:size-3",
-        sm: 'h-8 gap-1.5 rounded-md px-3 has-[>svg]:px-2.5',
-        lg: 'h-10 rounded-md px-6 has-[>svg]:px-4',
-        icon: 'size-9',
-        'icon-xs':
-          "size-6 rounded-md [&_svg:not([class*='size-'])]:size-3",
-        'icon-sm': 'size-8',
-        'icon-lg': 'size-10'
-      }
-    },
-    defaultVariants: {
-      variant: 'default',
-      size: 'default'
-    }
-  }
-)
-
-interface ButtonProps
-  extends React.ComponentProps<'button'>,
-    VariantProps<typeof buttonVariants> {
-  asChild?: boolean
-}
-
-export function Button({
-  className,
-  variant = 'default',
-  size = 'default',
-  asChild = false,
-  ...props
-}: ButtonProps) {
-  const Comp = asChild ? Slot.Root : 'button'
-
-  return (
-    <Comp
-      className={cn(buttonVariants({ variant, size }), className)}
-      data-size={size}
-      data-slot="button"
-      data-variant={variant}
-      {...props}
-    />
-  )
-}
-
-export { buttonVariants }
--- a/apps/bootstrap-installer/src/lib/utils.ts
+++ b/apps/bootstrap-installer/src/lib/utils.ts
@@ -1,12 +0,0 @@
-import { type ClassValue, clsx } from 'clsx'
-import { twMerge } from 'tailwind-merge'
-
-/*
- * cn — Tailwind-aware class merger. Same util the desktop and dashboard
- * use. clsx handles conditional classes; twMerge resolves utility
- * conflicts so `cn('px-2', condition && 'px-4')` ends up with px-4 only,
- * not both.
- */
-export function cn(...inputs: ClassValue[]) {
-  return twMerge(clsx(inputs))
-}
--- a/apps/bootstrap-installer/src/main.tsx
+++ b/apps/bootstrap-installer/src/main.tsx
@@ -1,14 +0,0 @@
-import { StrictMode } from 'react'
-import { createRoot } from 'react-dom/client'
-import App from './app.tsx'
-import './styles.css'
-
-// Default to LIGHT mode — matches the Hermes desktop's default. The
-// desktop's runtime theme system can switch to .dark later, but our
-// installer ships in light mode only since we don't carry the theme
-// provider machinery.
-createRoot(document.getElementById('root')!).render(
-  <StrictMode>
-    <App />
-  </StrictMode>
-)
--- a/apps/bootstrap-installer/src/routes/failure.tsx
+++ b/apps/bootstrap-installer/src/routes/failure.tsx
@@ -1,77 +0,0 @@
-import { type CSSProperties } from 'react'
-import { useStore } from '@nanostores/react'
-import { Button } from '../components/button'
-import {
-  $logPath,
-  openLogDir,
-  startInstall,
-  type BootstrapStateModel
-} from '../store'
-import { RefreshCw, FileText } from 'lucide-react'
-
-interface FailureProps {
-  bootstrap: BootstrapStateModel
-}
-
-/*
- * Failure screen. Same hero treatment as Welcome/Success — the wordmark
- * carries the brand, so we keep it across every terminal state.
- *
- * The actual error message lives below in muted text. Two clear
- * affordances: Retry (primary) and Open log folder (secondary).
- */
-export default function Failure({ bootstrap }: FailureProps) {
-  const logPath = useStore($logPath)
-
-  return (
-    <div className="hermes-fade-in flex h-full flex-col items-center justify-center gap-6 px-12 py-10">
-      <div className="w-full max-w-2xl min-w-0 text-center">
-        <p
-          className="fit-text mx-auto mb-4 w-full font-['Collapse'] font-bold uppercase leading-[0.9] tracking-[0.08em] text-destructive mix-blend-plus-lighter dark:text-destructive/90"
-          style={
-            {
-              '--fit-text-line-height': '0.9',
-              '--fit-text-max': '5rem',
-              '--fit-text-min': '2.25rem'
-            } as CSSProperties
-          }
-        >
-          <span>
-            <span>Install didn&rsquo;t finish</span>
-          </span>
-          <span aria-hidden="true">Install didn&rsquo;t finish</span>
-        </p>
-
-        <p className="m-0 mx-auto max-w-xl text-center text-sm leading-normal tracking-tight text-muted-foreground">
-          {bootstrap.error ?? 'Something went wrong during installation.'}
-        </p>
-      </div>
-
-      <div className="flex items-center gap-3">
-        <Button
-          onClick={() => void startInstall()}
-          size="lg"
-          className="inline-flex items-center gap-2 px-6"
-        >
-          <RefreshCw size={16} />
-          Retry install
-        </Button>
-        <Button
-          variant="outline"
-          size="lg"
-          onClick={() => void openLogDir()}
-          className="inline-flex items-center gap-2"
-        >
-          <FileText size={16} />
-          Open log folder
-        </Button>
-      </div>
-
-      {logPath && (
-        <p className="max-w-lg text-center text-xs text-muted-foreground/70">
-          Log: <code className="font-mono">{logPath}</code>
-        </p>
-      )}
-    </div>
-  )
-}
--- a/apps/bootstrap-installer/src/routes/progress.tsx
+++ b/apps/bootstrap-installer/src/routes/progress.tsx
@@ -1,190 +0,0 @@
-import { useEffect, useRef, useState } from 'react'
-import { useStore } from '@nanostores/react'
-import { Button } from '../components/button'
-import {
-  cancelInstall,
-  $progress,
-  type BootstrapStateModel,
-  type StageState
-} from '../store'
-import { Check, X, ChevronRight, FileText, Loader2 } from 'lucide-react'
-import clsx from 'clsx'
-
-interface ProgressProps {
-  bootstrap: BootstrapStateModel
-}
-
-/*
- * Progress screen — drives a stage list + collapsible log panel. Uses
- * the DS <Progress> for the top bar so its motion + ring match the rest
- * of the product.
- */
-export default function ProgressScreen({ bootstrap }: ProgressProps) {
-  const progress = useStore($progress)
-  const [showLogs, setShowLogs] = useState(false)
-  const logEndRef = useRef<HTMLDivElement>(null)
-
-  useEffect(() => {
-    if (showLogs && logEndRef.current) {
-      logEndRef.current.scrollIntoView({ behavior: 'smooth' })
-    }
-  }, [bootstrap.logs.length, showLogs])
-
-  const currentStage =
-    bootstrap.currentStage != null
-      ? bootstrap.stages[bootstrap.currentStage]
-      : null
-
-  return (
-    <div className="hermes-fade-in flex h-full flex-col">
-      <div className="border-b border-border px-6 py-4">
-        <div className="mb-3 flex items-center justify-between text-xs">
-          <div className="flex items-center gap-2 text-foreground">
-            {bootstrap.status === 'running' && (
-              <Loader2 size={12} className="animate-spin text-primary" />
-            )}
-            <span>
-              {bootstrap.status === 'running'
-                ? currentStage
-                  ? currentStage.info.title
-                  : 'Preparing\u2026'
-                : bootstrap.status === 'completed'
-                  ? 'Done'
-                  : 'Installing'}
-            </span>
-          </div>
-          <div className="text-muted-foreground">
-            {progress.done} of {progress.total} steps
-          </div>
-        </div>
-        {/* Top progress bar — plain HTML, derived from --primary so it
-            tracks the theme accent. */}
-        <div className="h-1 w-full overflow-hidden rounded-full bg-muted">
-          <div
-            className="h-full bg-primary transition-all duration-300 ease-out"
-            style={{ width: `${Math.max(2, progress.fraction * 100)}%` }}
-          />
-        </div>
-      </div>
-
-      <div className="flex flex-1 overflow-hidden">
-        <div className="flex-1 overflow-y-auto px-6 py-4">
-          <ol className="space-y-1">
-            {bootstrap.stageOrder.map((name) => {
-              const rec = bootstrap.stages[name]
-              if (!rec) return null
-              return (
-                <li
-                  key={name}
-                  className={clsx(
-                    'flex items-center gap-3 rounded-md px-3 py-2 text-sm transition-colors',
-                    rec.state === 'running' && 'bg-card text-foreground',
-                    rec.state === 'succeeded' && 'text-foreground/80',
-                    rec.state === 'skipped' && 'text-muted-foreground',
-                    rec.state === 'failed' &&
-                      'bg-destructive/10 text-destructive',
-                    !rec.state && 'text-muted-foreground/60'
-                  )}
-                >
-                  <StateIcon state={rec.state ?? null} />
-                  <span className="flex-1 truncate">{rec.info.title}</span>
-                  {rec.durationMs != null && (
-                    <span className="text-xs text-muted-foreground">
-                      {formatDuration(rec.durationMs)}
-                    </span>
-                  )}
-                </li>
-              )
-            })}
-          </ol>
-        </div>
-
-        {showLogs && (
-          <div className="flex w-1/2 flex-col border-l border-border bg-card/40">
-            <div className="flex shrink-0 items-center justify-between border-b border-border px-3 py-2">
-              <div className="text-xs font-medium text-foreground/80">
-                Live output
-              </div>
-              <div className="text-xs text-muted-foreground">
-                {bootstrap.logs.length} lines
-              </div>
-            </div>
-            <div className="flex-1 overflow-y-auto px-3 py-2 font-mono text-[11px] leading-relaxed">
-              {bootstrap.logs.map((entry, idx) => (
-                <div
-                  key={idx}
-                  className={clsx(
-                    'whitespace-pre-wrap',
-                    entry.line.startsWith('stderr:')
-                      ? 'text-destructive'
-                      : 'text-foreground/70'
-                  )}
-                >
-                  {entry.line}
-                </div>
-              ))}
-              <div ref={logEndRef} />
-            </div>
-          </div>
-        )}
-      </div>
-
-      <div className="flex shrink-0 items-center justify-between border-t border-border px-6 py-3">
-        <button
-          type="button"
-          onClick={() => setShowLogs((v) => !v)}
-          className="inline-flex items-center gap-1.5 text-xs text-muted-foreground transition-colors hover:text-foreground"
-        >
-          <FileText size={14} />
-          {showLogs ? 'Hide details' : 'Show details'}
-          <ChevronRight
-            size={12}
-            className={clsx(
-              'transition-transform',
-              showLogs && 'rotate-90'
-            )}
-          />
-        </button>
-
-        {bootstrap.status === 'running' && (
-          <Button
-            variant="outline"
-            size="sm"
-            onClick={() => void cancelInstall()}
-          >
-            Cancel
-          </Button>
-        )}
-      </div>
-    </div>
-  )
-}
-
-function StateIcon({ state }: { state: StageState | null }) {
-  if (state === 'running') {
-    return <Loader2 size={14} className="animate-spin text-primary" />
-  }
-  if (state === 'succeeded') {
-    return <Check size={14} className="text-emerald-400" />
-  }
-  if (state === 'skipped') {
-    return <ChevronRight size={14} className="text-muted-foreground/70" />
-  }
-  if (state === 'failed') {
-    return <X size={14} className="text-destructive" />
-  }
-  return (
-    <div
-      className="h-[6px] w-[6px] rounded-full bg-muted-foreground/40"
-      aria-hidden
-    />
-  )
-}
-
-function formatDuration(ms: number): string {
-  if (ms < 1000) return `${ms}ms`
-  if (ms < 60000) return `${(ms / 1000).toFixed(1)}s`
-  const m = Math.floor(ms / 60000)
-  const s = Math.round((ms % 60000) / 1000)
-  return `${m}m ${s}s`
-}
--- a/apps/bootstrap-installer/src/routes/success.tsx
+++ b/apps/bootstrap-installer/src/routes/success.tsx
@@ -1,87 +0,0 @@
-import { useState } from 'react'
-import { type CSSProperties } from 'react'
-import { Button } from '../components/button'
-import { launchHermesDesktop } from '../store'
-import { Rocket, AlertCircle } from 'lucide-react'
-
-/*
- * Success screen. HERMES AGENT wordmark stays as the visual anchor
- * (same Collapse Bold treatment as Welcome + the desktop chat intro),
- * with a status line below.
- *
- * Launching the desktop can fail (e.g. Stage-Desktop was skipped and
- * Hermes.exe doesn't exist). We catch the Tauri error and surface it
- * inline rather than silently doing nothing — the previous version
- * had `onClick={() => void launchHermesDesktop()}` which swallowed
- * the rejection and left the user staring at an unresponsive button.
- */
-export default function Success() {
-  const [error, setError] = useState<string | null>(null)
-  const [launching, setLaunching] = useState(false)
-
-  async function handleLaunch() {
-    setError(null)
-    setLaunching(true)
-    try {
-      await launchHermesDesktop()
-      // On success the installer exits — control never returns here.
-    } catch (e) {
-      const msg = e instanceof Error ? e.message : String(e)
-      setError(msg)
-      setLaunching(false)
-    }
-  }
-
-  return (
-    <div className="hermes-fade-in flex h-full flex-col items-center justify-center gap-8 px-12 py-10">
-      <div className="w-full max-w-2xl min-w-0 text-center">
-        <p
-          className="fit-text mx-auto mb-4 w-full font-['Collapse'] font-bold uppercase leading-[0.9] tracking-[0.08em] text-midground mix-blend-plus-lighter dark:text-foreground/90"
-          style={
-            {
-              '--fit-text-line-height': '0.9',
-              '--fit-text-max': '5rem',
-              '--fit-text-min': '2.25rem'
-            } as CSSProperties
-          }
-        >
-          <span>
-            <span>Hermes is ready</span>
-          </span>
-          <span aria-hidden="true">Hermes is ready</span>
-        </p>
-
-        <p className="m-0 text-center text-base leading-normal tracking-tight text-muted-foreground">
-          You can launch from here, or any time from your terminal with{' '}
-          <code className="rounded bg-muted/60 px-1 py-0.5 font-mono text-sm">
-            hermes desktop
-          </code>
-          .
-        </p>
-      </div>
-
-      <Button
-        onClick={() => void handleLaunch()}
-        size="lg"
-        disabled={launching}
-        className="inline-flex items-center gap-2 px-6"
-      >
-        <Rocket size={18} />
-        {launching ? 'Launching…' : 'Launch Hermes'}
-      </Button>
-
-      {error && (
-        <div
-          role="alert"
-          className="flex max-w-2xl items-start gap-2 rounded-md border border-destructive/30 bg-destructive/10 px-4 py-3 text-sm text-destructive"
-        >
-          <AlertCircle size={16} className="mt-0.5 shrink-0" />
-          <div className="min-w-0">
-            <div className="font-medium">Couldn&rsquo;t launch the desktop app</div>
-            <div className="mt-1 text-destructive/80">{error}</div>
-          </div>
-        </div>
-      )}
-    </div>
-  )
-}
--- a/apps/bootstrap-installer/src/routes/welcome.tsx
+++ b/apps/bootstrap-installer/src/routes/welcome.tsx
@@ -1,58 +0,0 @@
-import { type CSSProperties } from 'react'
-import { Button } from '../components/button'
-import { startInstall } from '../store'
-import { ArrowRight } from 'lucide-react'
-
-/*
- * Welcome screen.
- *
- * Mirrors the desktop's chat intro (apps/desktop/src/components/chat/intro.tsx):
- *   - HERMES AGENT wordmark rendered in Collapse Bold, uppercase, tracked
- *   - mix-blend-plus-lighter so the type "glows" on the canvas
- *   - fit-text utility so the wordmark sizes itself to the column
- *
- * No install-path footer. The default install location is correct for
- * 99% of users; the rest will use the CLI installer with a -HermesHome
- * flag. Showing %LOCALAPPDATA% to grandma is developer-brain.
- */
-export default function Welcome() {
-  return (
-    <div className="hermes-fade-in flex h-full flex-col items-center justify-center gap-10 px-12 py-10">
-      {/* Hero — same recipe the desktop's chat/intro.tsx uses */}
-      <div className="w-full max-w-2xl min-w-0 text-center">
-        <p
-          className="fit-text mx-auto mb-4 w-full font-['Collapse'] font-bold uppercase leading-[0.9] tracking-[0.08em] text-midground mix-blend-plus-lighter dark:text-foreground/90"
-          style={
-            {
-              '--fit-text-line-height': '0.9',
-              '--fit-text-max': '6rem',
-              '--fit-text-min': '2.5rem'
-            } as CSSProperties
-          }
-        >
-          <span>
-            <span>HERMES AGENT</span>
-          </span>
-          <span aria-hidden="true">HERMES AGENT</span>
-        </p>
-
-        <p className="m-0 text-center text-base leading-normal tracking-tight text-muted-foreground">
-          The agent that grows with you. We&rsquo;ll set things up in the
-          background &mdash; takes a few minutes.
-        </p>
-      </div>
-
-      <Button
-        onClick={() => void startInstall()}
-        size="lg"
-        className="group inline-flex items-center gap-2 px-6"
-      >
-        Install Hermes
-        <ArrowRight
-          size={18}
-          className="transition-transform group-hover:translate-x-0.5"
-        />
-      </Button>
-    </div>
-  )
-}
--- a/apps/bootstrap-installer/src/store.ts
+++ b/apps/bootstrap-installer/src/store.ts
@@ -1,277 +0,0 @@
-import { atom, computed } from 'nanostores'
-import { listen, type UnlistenFn } from '@tauri-apps/api/event'
-import { invoke } from '@tauri-apps/api/core'
-
-/*
- * Bootstrap state store — single source of truth for installer screens.
- *
- * Lives in nanostores per the project's TypeScript guidelines (apps/desktop
- * AGENTS.md): "Prefer small nanostores over component state when state is
- * shared, reused, or read by distant UI."
- *
- * One channel from Rust ('bootstrap' event), discriminated by payload.type.
- * We translate those events into typed atom updates here so the rest of
- * the app only deals with React-friendly state.
- */
-
-// ---------------------------------------------------------------------------
-// Types — mirror src-tauri/src/events.rs
-// ---------------------------------------------------------------------------
-
-export interface StageInfo {
-  name: string
-  title: string
-  category: string
-  needs_user_input: boolean
-}
-
-export type StageState = 'running' | 'succeeded' | 'skipped' | 'failed'
-
-export interface StageRecord {
-  info: StageInfo
-  state: StageState | null
-  durationMs?: number
-  error?: string
-}
-
-export interface BootstrapStateModel {
-  status: 'idle' | 'running' | 'completed' | 'failed'
-  protocolVersion: number | null
-  stages: Record<string, StageRecord>
-  stageOrder: string[]
-  currentStage: string | null
-  installRoot: string | null
-  error: string | null
-  logs: Array<{ stage?: string; line: string }>
-}
-
-const INITIAL: BootstrapStateModel = {
-  status: 'idle',
-  protocolVersion: null,
-  stages: {},
-  stageOrder: [],
-  currentStage: null,
-  installRoot: null,
-  error: null,
-  logs: []
-}
-
-// ---------------------------------------------------------------------------
-// Atoms
-// ---------------------------------------------------------------------------
-
-export type Route = 'welcome' | 'progress' | 'success' | 'failure'
-
-/// How the installer was launched, mirrored from src-tauri AppMode.
-/// 'install' = first-run onboarding (bare launch). 'update' = driven by the
-/// desktop app handing off via `Hermes-Setup.exe --update`.
-export type AppMode = 'install' | 'update'
-
-export const $route = atom<Route>('welcome')
-export const $mode = atom<AppMode>('install')
-export const $bootstrap = atom<BootstrapStateModel>(INITIAL)
-export const $logPath = atom<string | null>(null)
-export const $hermesHome = atom<string | null>(null)
-
-export const $progress = computed($bootstrap, (b) => {
-  const total = b.stageOrder.length
-  if (total === 0) return { done: 0, total: 0, fraction: 0 }
-  let done = 0
-  for (const name of b.stageOrder) {
-    const s = b.stages[name]?.state
-    if (s === 'succeeded' || s === 'skipped' || s === 'failed') done += 1
-  }
-  return { done, total, fraction: done / total }
-})
-
-// ---------------------------------------------------------------------------
-// Tauri event subscription
-// ---------------------------------------------------------------------------
-
-interface BootstrapManifestEvent {
-  type: 'manifest'
-  stages: StageInfo[]
-  protocolVersion: number | null
-}
-
-interface BootstrapStageEvent {
-  type: 'stage'
-  name: string
-  state: StageState
-  durationMs?: number
-  error?: string
-}
-
-interface BootstrapLogEvent {
-  type: 'log'
-  stage?: string
-  line: string
-}
-
-interface BootstrapCompleteEvent {
-  type: 'complete'
-  installRoot: string
-  marker: unknown
-}
-
-interface BootstrapFailedEvent {
-  type: 'failed'
-  stage?: string
-  error: string
-}
-
-type BootstrapEvent =
-  | BootstrapManifestEvent
-  | BootstrapStageEvent
-  | BootstrapLogEvent
-  | BootstrapCompleteEvent
-  | BootstrapFailedEvent
-
-let unlisten: UnlistenFn | null = null
-
-export async function initialize(): Promise<void> {
-  if (unlisten) return
-
-  // Pull static info on mount for the diagnostics footer.
-  try {
-    const [logPath, hermesHome, mode] = await Promise.all([
-      invoke<string>('get_log_path'),
-      invoke<string>('get_hermes_home'),
-      invoke<AppMode>('get_mode')
-    ])
-    $logPath.set(logPath)
-    $hermesHome.set(hermesHome)
-    $mode.set(mode)
-  } catch (err) {
-    console.warn('failed to fetch installer paths', err)
-  }
-
-  unlisten = await listen<BootstrapEvent>('bootstrap', (event) => {
-    const payload = event.payload
-    const cur = $bootstrap.get()
-    switch (payload.type) {
-      case 'manifest': {
-        const stages: Record<string, StageRecord> = {}
-        const order: string[] = []
-        for (const s of payload.stages) {
-          stages[s.name] = { info: s, state: null }
-          order.push(s.name)
-        }
-        $bootstrap.set({
-          ...cur,
-          status: 'running',
-          protocolVersion: payload.protocolVersion,
-          stages,
-          stageOrder: order,
-          currentStage: null,
-          installRoot: null,
-          error: null,
-          logs: []
-        })
-        $route.set('progress')
-        break
-      }
-      case 'stage': {
-        const existing = cur.stages[payload.name]
-        if (!existing) {
-          console.warn('stage event for unknown stage', payload.name)
-          break
-        }
-        const next: StageRecord = {
-          ...existing,
-          state: payload.state,
-          durationMs: payload.durationMs,
-          error: payload.error
-        }
-        $bootstrap.set({
-          ...cur,
-          stages: { ...cur.stages, [payload.name]: next },
-          currentStage:
-            payload.state === 'running' ? payload.name : cur.currentStage
-        })
-        break
-      }
-      case 'log': {
-        const logs = [...cur.logs, { stage: payload.stage, line: payload.line }]
-        // Keep the rolling buffer bounded so the UI doesn't get OOM'd
-        // during a long install (playwright chromium download is ~10k lines).
-        const trimmed = logs.length > 2000 ? logs.slice(-2000) : logs
-        $bootstrap.set({ ...cur, logs: trimmed })
-        break
-      }
-      case 'complete':
-        $bootstrap.set({
-          ...cur,
-          status: 'completed',
-          installRoot: payload.installRoot,
-          currentStage: null
-        })
-        // Install: show the "launch Hermes" success screen. Update: this is a
-        // hand-off — the installer relaunches the desktop and exits within a
-        // few hundred ms, so routing to success just flashes that screen
-        // before the window closes. Stay on progress until we exit.
-        if ($mode.get() !== 'update') {
-          $route.set('success')
-        }
-        break
-      case 'failed':
-        $bootstrap.set({
-          ...cur,
-          status: 'failed',
-          error: payload.error,
-          currentStage: null
-        })
-        $route.set('failure')
-        break
-    }
-  })
-
-  // Update mode is a hand-off, not a user-initiated flow: the desktop already
-  // exited and re-launched us as `--update`. Kick the update immediately so
-  // the user lands on progress, not a redundant "click to update" screen.
-  if ($mode.get() === 'update') {
-    void startUpdate()
-  }
-}
-
-// ---------------------------------------------------------------------------
-// Actions
-// ---------------------------------------------------------------------------
-
-export async function startInstall(opts?: { branch?: string }): Promise<void> {
-  // Reset before kicking off so a retry from the failure screen clears
-  // the previous run's state.
-  $bootstrap.set(INITIAL)
-  $route.set('progress')
-  await invoke('start_bootstrap', {
-    args: {
-      commit: null,
-      branch: opts?.branch ?? null,
-      include_desktop: true,
-      hermes_home: null
-    }
-  })
-}
-
-export async function startUpdate(): Promise<void> {
-  // Update is driven by the desktop handing off (Hermes-Setup.exe --update);
-  // there's no welcome click. Reset + jump straight to progress, then let the
-  // Rust side stream the synthetic update manifest.
-  $bootstrap.set(INITIAL)
-  $route.set('progress')
-  await invoke('start_update')
-}
-
-export async function cancelInstall(): Promise<void> {
-  await invoke('cancel_bootstrap')
-}
-
-export async function launchHermesDesktop(): Promise<void> {
-  const installRoot = $bootstrap.get().installRoot
-  if (!installRoot) throw new Error('no install root')
-  await invoke('launch_hermes_desktop', { installRoot })
-}
-
-export async function openLogDir(): Promise<void> {
-  await invoke('open_log_dir')
-}
--- a/apps/bootstrap-installer/src/styles.css
+++ b/apps/bootstrap-installer/src/styles.css
@@ -1,51 +0,0 @@
-/*
- * Hermes Setup — defer entirely to the desktop's styles.css.
- *
- * Rather than re-implement the Hermes design system (and inevitably drift
- * from it), we import apps/desktop/src/styles.css wholesale. The desktop
- * is the canonical source of truth for fonts, color tokens, button chrome,
- * scrollbars, layout utilities, and animations. Any change to the
- * Hermes look propagates here automatically with no copy-paste maintenance.
- *
- * Path resolution caveats:
- *   - Tailwind v4's `@import` resolves relative to this file. The desktop's
- *     `@source '../../../node_modules/...'` declarations therefore re-resolve
- *     against apps/bootstrap-installer/src/. Since both apps live two levels
- *     deep under the same repo root, `../../../node_modules` lands in the
- *     same place. (Verify if either app ever moves.)
- *   - The desktop's `@font-face url('../../../node_modules/...')` references
- *     are baked into the *imported* stylesheet; CSS resolves url()s relative
- *     to the file that contains them, so they continue to point at the
- *     correct node_modules path even from here.
- *
- * Forced light mode: the desktop ships with a runtime theme switcher
- * (ThemeProvider + applyTheme) that can flip to dark via document.documentElement.
- * The installer has no UI for theme switching, so we stay on the desktop's
- * default light surface (Nous-blue accent on near-white chrome).
- */
-@import '../../desktop/src/styles.css';
-
-/* Installer-only additions: a fade-in animation and a warm radial glow
-   for the welcome screen. Everything else inherits from the desktop. */
-@keyframes hermes-fade-in {
-  from {
-    opacity: 0;
-    transform: translateY(4px);
-  }
-  to {
-    opacity: 1;
-    transform: translateY(0);
-  }
-}
-
-.hermes-fade-in {
-  animation: hermes-fade-in 0.45s ease-out both;
-}
-
-.hermes-glow {
-  background: radial-gradient(
-    ellipse at center,
-    color-mix(in srgb, var(--ui-warm) 18%, transparent) 0%,
-    transparent 60%
-  );
-}
--- a/apps/bootstrap-installer/src/vite-env.d.ts
+++ b/apps/bootstrap-installer/src/vite-env.d.ts
@@ -1 +0,0 @@
-/// <reference types="vite/client" />
--- a/apps/bootstrap-installer/tsconfig.json
+++ b/apps/bootstrap-installer/tsconfig.json
@@ -1,26 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "useDefineForClassFields": true,
-    "lib": ["ES2022", "DOM", "DOM.Iterable"],
-    "module": "ESNext",
-    "skipLibCheck": true,
-    "moduleResolution": "bundler",
-    "allowImportingTsExtensions": true,
-    "resolveJsonModule": true,
-    "isolatedModules": true,
-    "noEmit": true,
-    "jsx": "react-jsx",
-    "strict": true,
-    "noUnusedLocals": true,
-    "noUnusedParameters": true,
-    "esModuleInterop": true,
-    "noFallthroughCasesInSwitch": true,
-    "baseUrl": ".",
-    "paths": {
-      "@/*": ["src/*"]
-    }
-  },
-  "include": ["src"],
-  "references": [{ "path": "./tsconfig.node.json" }]
-}
--- a/apps/bootstrap-installer/tsconfig.node.json
+++ b/apps/bootstrap-installer/tsconfig.node.json
@@ -1,11 +0,0 @@
-{
-  "compilerOptions": {
-    "composite": true,
-    "skipLibCheck": true,
-    "module": "ESNext",
-    "moduleResolution": "bundler",
-    "allowSyntheticDefaultImports": true,
-    "strict": true
-  },
-  "include": ["vite.config.ts"]
-}
--- a/apps/bootstrap-installer/vite.config.ts
+++ b/apps/bootstrap-installer/vite.config.ts
@@ -1,46 +0,0 @@
-import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
-import tailwindcss from '@tailwindcss/vite'
-import path from 'node:path'
-
-// Hermes Setup — Tauri-targeted Vite config.
-//
-// Port 5175 keeps us out of the way of:
-//   web       (vite default 5173)
-//   apps/desktop dev     (5174 per its package.json)
-//
-// `clearScreen: false` is the Tauri convention — they spawn vite as a child
-// process and want our errors to stay visible.
-
-const host = process.env.TAURI_DEV_HOST
-
-export default defineConfig({
-  plugins: [react(), tailwindcss()],
-  resolve: {
-    alias: {
-      '@': path.resolve(__dirname, './src')
-    }
-  },
-  clearScreen: false,
-  server: {
-    port: 5175,
-    strictPort: true,
-    host: host || '127.0.0.1',
-    hmr: host
-      ? {
-          protocol: 'ws',
-          host,
-          port: 5176
-        }
-      : undefined,
-    watch: {
-      // Don't watch the Rust side — tauri-cli handles it.
-      ignored: ['**/src-tauri/**']
-    }
-  },
-  build: {
-    target: 'esnext',
-    outDir: 'dist',
-    emptyOutDir: true
-  }
-})
--- a/apps/desktop/.prettierrc
+++ b/apps/desktop/.prettierrc
@@ -1,11 +0,0 @@
-{
-  "arrowParens": "avoid",
-  "bracketSpacing": true,
-  "endOfLine": "auto",
-  "printWidth": 120,
-  "semi": false,
-  "singleQuote": true,
-  "tabWidth": 2,
-  "trailingComma": "none",
-  "useTabs": false
-}
--- a/apps/desktop/README.md
+++ b/apps/desktop/README.md
@@ -1,137 +0,0 @@
-# Hermes Desktop ☤
-
-<p align="center">
-  <a href="https://github.com/NousResearch/hermes-agent/releases"><img src="https://img.shields.io/badge/Download-macOS%20%C2%B7%20Windows%20%C2%B7%20Linux-FFD700?style=for-the-badge" alt="Download"></a>
-  <a href="https://hermes-agent.nousresearch.com/docs/"><img src="https://img.shields.io/badge/Docs-hermes--agent.nousresearch.com-FFD700?style=for-the-badge" alt="Documentation"></a>
-  <a href="https://discord.gg/NousResearch"><img src="https://img.shields.io/badge/Discord-5865F2?style=for-the-badge&logo=discord&logoColor=white" alt="Discord"></a>
-  <a href="https://github.com/NousResearch/hermes-agent/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-MIT-green?style=for-the-badge" alt="License: MIT"></a>
-</p>
-
-**The native desktop app for [Hermes Agent](../../README.md) — the self-improving AI agent from [Nous Research](https://nousresearch.com).** Same agent, same skills, same memory as the CLI and gateway, in a polished native window — chat with streaming tool output, side-by-side previews, a file browser, voice, and settings, no terminal required. Available for **macOS, Windows, and Linux**.
-
-<table>
-<tr><td><b>Chat with the full agent</b></td><td>Streaming responses, live tool activity, structured tool summaries, and the same conversation history as every other Hermes surface.</td></tr>
-<tr><td><b>Side-by-side previews</b></td><td>Render web pages, files, and tool outputs in a right-hand pane while you keep chatting.</td></tr>
-<tr><td><b>File browser</b></td><td>Explore and preview the working directory without leaving the app.</td></tr>
-<tr><td><b>Voice</b></td><td>Talk to Hermes and hear it back.</td></tr>
-<tr><td><b>Settings & onboarding</b></td><td>Manage providers, models, tools, and credentials from a real UI. First-run setup gets you to your first message in seconds.</td></tr>
-<tr><td><b>Stays current</b></td><td>Built-in updates pull the latest agent and rebuild the app in place.</td></tr>
-</table>
-
---
-
-## Install
-
-### Install with Hermes (recommended)
-
-Add `--include-desktop` to the [one-line installer](../../README.md#quick-install) and it sets up the agent and builds the desktop app in one go:
-
-```bash
-curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --include-desktop
-```
-
-Already have the Hermes CLI? Just run:
-
-```bash
-hermes desktop
-```
-
-It builds and launches the GUI against your existing install — same config, keys, sessions, and skills. On first launch Hermes walks you through picking a provider and model; nothing else to configure.
-
-### Prebuilt installers
-
-When a release ships desktop installers they're attached to its [releases page](https://github.com/NousResearch/hermes-agent/releases) — `.dmg` (macOS), `.exe` / `.msi` (Windows), `.AppImage` / `.deb` / `.rpm` (Linux). These are published manually, so the install-with-Hermes path above is the most reliable way to get the latest.
-
---
-
-## Updating
-
-The app checks for updates in the background and offers a one-click update when one is ready. You can also update any time from the CLI:
-
-```bash
-hermes update
-```
-
---
-
-## Requirements
-
-The installer handles everything for you (Python 3.11+, a portable Git, ripgrep). The only thing worth knowing:
-
- **Windows** — the installer bundles its own Git and Python; no admin rights or system changes required.
- **macOS / Linux** — uses your system Python 3.11+ (installed automatically if missing).
-
---
-
-## Development
-
-Want to hack on the app itself? Install workspace deps from the repo root once, then run the dev server from this directory:
-
-```bash
-npm install          # from repo root — links apps/desktop, web, apps/shared
-cd apps/desktop
-npm run dev          # Vite renderer + Electron, which boots the Python backend
-```
-
-Point the app at a specific source checkout, or sandbox it away from your real config:
-
-```bash
-HERMES_DESKTOP_HERMES_ROOT=/path/to/clone npm run dev
-HERMES_HOME=/tmp/throwaway npm run dev
-npm run dev:fake-boot   # exercise the startup overlay with deterministic delays
-```
-
-### Building installers
-
-```bash
-npm run dist:mac     # DMG + zip
-npm run dist:win     # NSIS + MSI
-npm run dist:linux   # AppImage + deb + rpm
-npm run pack         # unpacked app under release/ (no installer)
-```
-
-Installers are built and uploaded to GitHub Releases manually. macOS/Windows signing & notarization happen automatically when the relevant credentials are present in the environment (`CSC_LINK` / `CSC_KEY_PASSWORD` / `APPLE_*` for macOS, `WIN_CSC_*` for Windows).
-
-### How it works
-
-The packaged app ships only the Electron shell. On first launch it installs the Hermes Agent runtime into `HERMES_HOME` (`~/.hermes`, or `%LOCALAPPDATA%\hermes` on Windows) — the **same layout a CLI install uses**, so the two are interchangeable. The renderer (React, in `src/`) talks to a `hermes dashboard --tui` backend over the standard gateway APIs and reuses the embedded TUI rather than reimplementing chat. The install, backend-resolution, and self-update logic all live in `electron/main.cjs`.
-
-### Verification
-
-Run before opening a PR (lint may surface pre-existing warnings but must exit cleanly):
-
-```bash
-npm run fix
-npm run type-check
-npm run lint
-npm run test:desktop:all
-```
-
-### Troubleshooting
-
-Boot logs land in `HERMES_HOME/logs/desktop.log` (includes backend output and recent Python tracebacks) — check it first if the app reports a boot failure.
-
-```bash
-# Force a clean first-launch setup
-rm "$HOME/.hermes/hermes-agent/.hermes-bootstrap-complete"   # macOS/Linux
-# Rebuild a broken Python venv
-rm -rf "$HOME/.hermes/hermes-agent/venv"                     # macOS/Linux
-# Reset a stuck macOS microphone prompt
-tccutil reset Microphone com.nousresearch.hermes
-```
-
---
-
-## Community
-
- 💬 [Discord](https://discord.gg/NousResearch)
- 📖 [Documentation](https://hermes-agent.nousresearch.com/docs/)
- 🐛 [Issues](https://github.com/NousResearch/hermes-agent/issues)
-
---
-
-## License
-
-MIT — see [LICENSE](../../LICENSE).
-
-Built by [Nous Research](https://nousresearch.com).
--- a/apps/desktop/assets/icon.icns
+++ b/apps/desktop/assets/icon.icns
--- a/apps/desktop/assets/icon.ico
+++ b/apps/desktop/assets/icon.ico
--- a/apps/desktop/assets/icon.png
+++ b/apps/desktop/assets/icon.png
--- a/apps/desktop/components.json
+++ b/apps/desktop/components.json
@@ -1,21 +0,0 @@
-{
-  "$schema": "https://ui.shadcn.com/schema.json",
-  "style": "new-york",
-  "rsc": false,
-  "tsx": true,
-  "tailwind": {
-    "config": "",
-    "css": "src/styles.css",
-    "baseColor": "neutral",
-    "cssVariables": true,
-    "prefix": ""
-  },
-  "aliases": {
-    "components": "@/components",
-    "utils": "@/lib/utils",
-    "ui": "@/components/ui",
-    "lib": "@/lib",
-    "hooks": "@/hooks"
-  },
-  "iconLibrary": "lucide"
-}
--- a/apps/desktop/electron/backend-probes.cjs
+++ b/apps/desktop/electron/backend-probes.cjs
@@ -1,106 +0,0 @@
-/**
- * backend-probes.cjs
- *
- * Cheap "does this candidate backend actually work" checks used by
- * resolveHermesBackend (main.cjs). The resolver walks a ladder of
- * candidates -- bootstrap marker, `hermes` on PATH, system Python with
- * hermes_cli installed -- and historically returned the first candidate
- * whose binary existed on disk. That assumption breaks when a user has
- * a pre-installed Python 3.11-3.13 (so findSystemPython() returns a
- * path) but no hermes_cli in its site-packages: the resolver hands back
- * a backend the spawn step can't actually run, and the user gets a
- * dead-on-arrival "ModuleNotFoundError: No module named 'hermes_cli'"
- * instead of the first-launch installer.
- *
- * These probes give the resolver a way to verify a candidate before
- * trusting it. Failure (non-zero exit, exception, timeout) means "skip
- * this rung, try the next one"; success means "spawn this for real."
- * Falling off the bottom of the ladder lands on the bootstrap-needed
- * sentinel, which is exactly what we want when nothing pre-existing
- * actually works.
- *
- * Both probes are deliberately fast and forgiving:
- *   - 5s timeout (a hung interpreter beats forever, but we still give
- *     slow disks / cold caches room to breathe)
- *   - stdio ignored (we only care about exit code; stdout/stderr are
- *     not surfaced to the user, just to recentHermesLog for forensics
- *     via the caller's catch block if it chooses)
- *   - any throw -> false (never propagate -- resolver wants a boolean)
- *
- * Kept in a standalone cjs module so it can be unit-tested with
- * `node --test` without dragging in the electron runtime (same pattern
- * as bootstrap-platform.cjs and hardening.cjs).
- */
-
-const { execFileSync } = require('node:child_process')
-
-const PROBE_TIMEOUT_MS = 5000
-
-/**
- * Return true iff `python -c "import hermes_cli"` exits 0.
- *
- * Used to gate the "fallback to system Python with hermes_cli installed"
- * rung of resolveHermesBackend. Without this, a system Python 3.11-3.13
- * registered in PEP 514 makes findSystemPython() succeed regardless of
- * whether hermes_cli has actually been pip-installed into its
- * site-packages -- and the resolver returns a backend that immediately
- * dies on spawn.
- *
- * @param {string} pythonPath - Absolute path to a python.exe / python.
- * @returns {boolean}
- */
-function canImportHermesCli(pythonPath) {
-  if (!pythonPath) return false
-  try {
-    execFileSync(pythonPath, ['-c', 'import hermes_cli'], {
-      stdio: 'ignore',
-      timeout: PROBE_TIMEOUT_MS,
-      windowsHide: true
-    })
-    return true
-  } catch {
-    return false
-  }
-}
-
-/**
- * Return true iff `<hermesCommand> --version` exits 0.
- *
- * Used to gate the "existing `hermes` on PATH" rung. Without this, a
- * stale hermes.cmd shim left behind by an uninstalled pip install (or
- * a half-built venv whose `hermes` entry-point points at a deleted
- * Python) survives findOnPath() and gets selected as the backend.
- *
- * We intentionally avoid invoking the command with the dashboard args
- * here -- `--version` is the cheapest "is this binary alive" smoke
- * test that every hermes_cli entry-point has supported since 0.1.
- *
- * @param {string} hermesCommand - Resolved absolute path to a hermes
- *   executable (or an interpreter+script wrapper).
- * @param {object} [opts]
- * @param {boolean} [opts.shell] - Whether to run through a shell. For
- *   .cmd/.bat shims on Windows execFileSync needs shell:true to find
- *   the cmd interpreter; mirrors the same flag isCommandScript() drives
- *   in resolveHermesBackend.
- * @returns {boolean}
- */
-function verifyHermesCli(hermesCommand, opts = {}) {
-  if (!hermesCommand) return false
-  try {
-    execFileSync(hermesCommand, ['--version'], {
-      stdio: 'ignore',
-      timeout: PROBE_TIMEOUT_MS,
-      shell: Boolean(opts.shell),
-      windowsHide: true
-    })
-    return true
-  } catch {
-    return false
-  }
-}
-
-module.exports = {
-  canImportHermesCli,
-  verifyHermesCli,
-  PROBE_TIMEOUT_MS
-}
--- a/apps/desktop/electron/backend-probes.test.cjs
+++ b/apps/desktop/electron/backend-probes.test.cjs
@@ -1,80 +0,0 @@
-/**
- * Tests for electron/backend-probes.cjs.
- *
- * Run with: node --test electron/backend-probes.test.cjs
- * (Wired into npm test:desktop:platforms in package.json.)
- */
-
-const test = require('node:test')
-const assert = require('node:assert/strict')
-const fs = require('node:fs')
-const os = require('node:os')
-const path = require('node:path')
-
-const { canImportHermesCli, verifyHermesCli } = require('./backend-probes.cjs')
-
-// Resolve the host's own Node binary -- guaranteed to be on disk and
-// runnable. We use it as both a stand-in for "a python that doesn't
-// have hermes_cli" (since `node -c "import hermes_cli"` will exit
-// non-zero) and as a way to script verifyHermesCli's success path
-// (a tiny script we write to disk that exits 0 on --version).
-const NODE_BIN = process.execPath
-
-test('canImportHermesCli returns false when path is falsy', () => {
-  assert.equal(canImportHermesCli(''), false)
-  assert.equal(canImportHermesCli(null), false)
-  assert.equal(canImportHermesCli(undefined), false)
-})
-
-test('canImportHermesCli returns false when interpreter cannot run -c', () => {
-  // node IS an interpreter, but `node -c "import hermes_cli"` is a
-  // SyntaxError -- different exit reason from a real Python's
-  // ModuleNotFoundError, but the predicate is "exit 0 or not" and
-  // both land on "not", which is exactly what we want for the
-  // resolver fall-through.
-  assert.equal(canImportHermesCli(NODE_BIN), false)
-})
-
-test('canImportHermesCli returns false when binary does not exist', () => {
-  const ghost = path.join(os.tmpdir(), 'hermes-probes-ghost-' + Date.now() + '.exe')
-  assert.equal(canImportHermesCli(ghost), false)
-})
-
-test('verifyHermesCli returns false when command is falsy', () => {
-  assert.equal(verifyHermesCli(''), false)
-  assert.equal(verifyHermesCli(null), false)
-  assert.equal(verifyHermesCli(undefined), false)
-})
-
-test('verifyHermesCli returns false when binary does not exist', () => {
-  const ghost = path.join(os.tmpdir(), 'hermes-probes-ghost-' + Date.now() + '.exe')
-  assert.equal(verifyHermesCli(ghost), false)
-})
-
-test('verifyHermesCli returns true when --version exits 0', () => {
-  // Write a tiny script that exits 0 regardless of args, then invoke
-  // it through node. This stands in for a working hermes binary --
-  // verifyHermesCli only cares about the exit code.
-  const scriptPath = path.join(os.tmpdir(), `hermes-probes-ok-${Date.now()}-${process.pid}.cjs`)
-  fs.writeFileSync(scriptPath, 'process.exit(0)\n')
-  try {
-    // Use node as the launcher and our script as the "command". Pass
-    // shell:false (default) -- node is a real binary, no shim.
-    // execFileSync passes ['--version'] as args, which node ignores
-    // gracefully (well, it prints its version and exits 0, which is
-    // perfect -- exit code 0 is the only signal we read).
-    assert.equal(verifyHermesCli(NODE_BIN), true)
-  } finally {
-    try {
-      fs.unlinkSync(scriptPath)
-    } catch {}
-  }
-})
-
-test('verifyHermesCli swallows timeouts (does not throw)', () => {
-  // We can't easily provoke a real 5s hang in CI without slowing the
-  // suite, but we CAN confirm that an invocation that DOES throw
-  // (because the binary is missing) returns false rather than
-  // propagating. Same code path the timeout case takes.
-  assert.equal(verifyHermesCli('/definitely/not/a/real/binary/anywhere'), false)
-})
--- a/apps/desktop/electron/bootstrap-platform.cjs
+++ b/apps/desktop/electron/bootstrap-platform.cjs
@@ -1,39 +0,0 @@
-const fs = require('node:fs')
-
-function isWslEnvironment(env = process.env, platform = process.platform, kernelRelease = null) {
-  if (platform !== 'linux') return false
-  if (env.WSL_DISTRO_NAME || env.WSL_INTEROP) return true
-
-  try {
-    const release = kernelRelease ?? fs.readFileSync('/proc/sys/kernel/osrelease', 'utf8')
-    return /microsoft|wsl/i.test(release)
-  } catch {
-    return false
-  }
-}
-
-function isWindowsBinaryPathInWsl(filePath, options = {}) {
-  const isWsl = options.isWsl ?? isWslEnvironment(options.env, options.platform)
-  if (!isWsl) return false
-
-  const normalized = String(filePath || '')
-    .replace(/\\/g, '/')
-    .toLowerCase()
-
-  return (
-    normalized.endsWith('.exe') ||
-    normalized.endsWith('.cmd') ||
-    normalized.endsWith('.bat') ||
-    normalized.endsWith('.ps1')
-  )
-}
-
-function bundledRuntimeImportCheck(platform = process.platform) {
-  return platform === 'win32' ? 'import fastapi, uvicorn, winpty' : 'import fastapi, uvicorn, ptyprocess'
-}
-
-module.exports = {
-  bundledRuntimeImportCheck,
-  isWindowsBinaryPathInWsl,
-  isWslEnvironment
-}
--- a/apps/desktop/electron/bootstrap-platform.test.cjs
+++ b/apps/desktop/electron/bootstrap-platform.test.cjs
@@ -1,53 +0,0 @@
-const assert = require('node:assert/strict')
-const fs = require('node:fs')
-const path = require('node:path')
-const test = require('node:test')
-
-const { bundledRuntimeImportCheck, isWindowsBinaryPathInWsl, isWslEnvironment } = require('./bootstrap-platform.cjs')
-
-test('isWslEnvironment detects WSL2 env vars on linux', () => {
-  assert.equal(isWslEnvironment({ WSL_DISTRO_NAME: 'Ubuntu' }, 'linux'), true)
-  assert.equal(isWslEnvironment({ WSL_INTEROP: '/run/WSL/123_interop' }, 'linux'), true)
-  assert.equal(isWslEnvironment({}, 'linux', '6.6.87.2-microsoft-standard-WSL2'), true)
-  assert.equal(isWslEnvironment({}, 'linux', '6.6.87-generic'), false)
-  assert.equal(isWslEnvironment({ WSL_DISTRO_NAME: 'Ubuntu' }, 'darwin'), false)
-})
-
-test('isWindowsBinaryPathInWsl blocks Windows binary types on WSL', () => {
-  assert.equal(isWindowsBinaryPathInWsl('/mnt/c/Tools/hermes.exe', { isWsl: true }), true)
-  assert.equal(isWindowsBinaryPathInWsl('/mnt/c/Tools/hermes.cmd', { isWsl: true }), true)
-  assert.equal(isWindowsBinaryPathInWsl('/mnt/c/Tools/hermes.bat', { isWsl: true }), true)
-  assert.equal(isWindowsBinaryPathInWsl('/mnt/c/Tools/install.ps1', { isWsl: true }), true)
-  assert.equal(isWindowsBinaryPathInWsl('/usr/local/bin/hermes', { isWsl: true }), false)
-  assert.equal(isWindowsBinaryPathInWsl('/mnt/c/Tools/hermes.exe', { isWsl: false }), false)
-})
-
-test('bundledRuntimeImportCheck selects platform-specific import checks', () => {
-  assert.equal(bundledRuntimeImportCheck('win32'), 'import fastapi, uvicorn, winpty')
-  assert.equal(bundledRuntimeImportCheck('darwin'), 'import fastapi, uvicorn, ptyprocess')
-  assert.equal(bundledRuntimeImportCheck('linux'), 'import fastapi, uvicorn, ptyprocess')
-})
-
-test('packaged electron entrypoints do not require unpackaged npm modules', () => {
-  const electronDir = __dirname
-  const entrypoints = ['main.cjs', 'preload.cjs', 'bootstrap-platform.cjs']
-  // - electron: provided by the electron runtime, always resolvable in packaged builds.
-  // - node-pty: hoisted by workspace dedup AND shipped via extraResources to
-  //   resources/native-deps/node-pty (see scripts/stage-native-deps.cjs). main.cjs
-  //   has a try/catch fallback at line ~38 that resolves the staged copy when the
-  //   bare require fails in the packaged asar, so the bare require itself is by
-  //   design rather than an oversight.
-  const allowedBareRequires = new Set(['electron', 'node-pty'])
-  const requirePattern = /require\(['"]([^'"]+)['"]\)/g
-
-  for (const entrypoint of entrypoints) {
-    const source = fs.readFileSync(path.join(electronDir, entrypoint), 'utf8')
-    const bareRequires = Array.from(source.matchAll(requirePattern))
-      .map(match => match[1])
-      .filter(specifier => !specifier.startsWith('node:'))
-      .filter(specifier => !specifier.startsWith('.'))
-      .filter(specifier => !allowedBareRequires.has(specifier))
-
-    assert.deepEqual(bareRequires, [], `${entrypoint} has unpackaged runtime requires`)
-  }
-})
--- a/apps/desktop/electron/bootstrap-runner.cjs
+++ b/apps/desktop/electron/bootstrap-runner.cjs
@@ -1,591 +0,0 @@
-'use strict'
-
-/**
- * bootstrap-runner.cjs
- *
- * Drives apps/desktop's first-launch install of Hermes Agent by spawning
- * scripts/install.ps1 stage-by-stage and streaming progress events back to
- * the renderer.
- *
- * Wired from electron/main.cjs:
- *   const { runBootstrap } = require('./bootstrap-runner.cjs')
- *   const result = await runBootstrap({
- *     installStamp,        // INSTALL_STAMP from main.cjs (may be null in dev)
- *     activeRoot,          // ACTIVE_HERMES_ROOT
- *     sourceRepoRoot,      // SOURCE_REPO_ROOT (for dev install.ps1 lookup)
- *     hermesHome,          // HERMES_HOME
- *     logRoot,             // HERMES_HOME/logs
- *     emit: ev => {...}    // event sink (sender.send or similar)
- *   })
- *
- * Emits events with shape:
- *   { type: 'manifest',  stages: [{name, title, category, needs_user_input}, ...] }
- *   { type: 'stage',     name, state: 'running'|'succeeded'|'skipped'|'failed',
- *                        json?, durationMs?, error? }
- *   { type: 'log',       stage?, line }      // raw line from install.ps1
- *   { type: 'complete',  marker: <written marker payload> }
- *   { type: 'failed',    stage?, error }     // bootstrap aborted
- *
- * Resolves with the same shape as the final 'complete' or 'failed' event so
- * callers can await either way.
- *
- * NOT implemented yet (deferred to Phase 1E / 1F):
- *   - User-facing retry / cancel from the renderer (event channels exist;
- *     no UI consumes them yet)
- */
-
-const fs = require('node:fs')
-const fsp = require('node:fs/promises')
-const path = require('node:path')
-const https = require('node:https')
-const { spawn } = require('node:child_process')
-
-const STAMP_COMMIT_RE = /^[0-9a-f]{7,40}$/i
-
-// Stages flagged needs_user_input=true in the manifest are skipped by the
-// runner (passed -NonInteractive to install.ps1, which the install script
-// itself handles by emitting skipped=true frames). The renderer / 1E onboarding
-// overlay takes over for those concerns (API keys, model, persona, gateway).
-// We let install.ps1's own -NonInteractive logic drive this rather than
-// filtering client-side -- single source of truth.
-
-// ---------------------------------------------------------------------------
-// install.ps1 source resolution
-// ---------------------------------------------------------------------------
-
-function installScriptName() {
-  return process.platform === 'win32' ? 'install.ps1' : 'install.sh'
-}
-
-function installScriptKind() {
-  return process.platform === 'win32' ? 'powershell' : 'posix'
-}
-
-function resolveLocalInstallScript(sourceRepoRoot) {
-  if (!sourceRepoRoot) return null
-  const candidate = path.join(sourceRepoRoot, 'scripts', installScriptName())
-  try {
-    fs.accessSync(candidate, fs.constants.R_OK)
-    return candidate
-  } catch {
-    return null
-  }
-}
-
-function bootstrapCacheDir(hermesHome) {
-  return path.join(hermesHome, 'bootstrap-cache')
-}
-
-function cachedScriptPath(hermesHome, commit) {
-  return path.join(bootstrapCacheDir(hermesHome), `install-${commit}.${process.platform === 'win32' ? 'ps1' : 'sh'}`)
-}
-
-function downloadInstallScript(commit, destPath) {
-  // Fetch from GitHub raw at the pinned commit. The raw URL with a SHA
-  // is immutable (unlike a branch ref), so we don't need integrity
-  // verification beyond "did the file we wrote pass a syntax probe."
-  const scriptName = installScriptName()
-  const url = `https://raw.githubusercontent.com/NousResearch/hermes-agent/${commit}/scripts/${scriptName}`
-  return new Promise((resolve, reject) => {
-    fs.mkdirSync(path.dirname(destPath), { recursive: true })
-    const tmpPath = destPath + '.tmp'
-    const out = fs.createWriteStream(tmpPath)
-    https
-      .get(url, res => {
-        if (res.statusCode === 301 || res.statusCode === 302) {
-          // GitHub raw shouldn't redirect for a SHA URL, but follow once
-          // defensively.
-          out.close()
-          fs.unlinkSync(tmpPath)
-          https
-            .get(res.headers.location, res2 => {
-              if (res2.statusCode !== 200) {
-                reject(
-                  new Error(`Failed to download ${scriptName}: HTTP ${res2.statusCode} from redirect ${res.headers.location}`)
-                )
-                return
-              }
-              const out2 = fs.createWriteStream(tmpPath)
-              res2.pipe(out2)
-              out2.on('finish', () => {
-                out2.close()
-                fs.renameSync(tmpPath, destPath)
-                resolve(destPath)
-              })
-              out2.on('error', reject)
-            })
-            .on('error', reject)
-          return
-        }
-        if (res.statusCode !== 200) {
-          out.close()
-          try {
-            fs.unlinkSync(tmpPath)
-          } catch {}
-          reject(new Error(`Failed to download ${scriptName}: HTTP ${res.statusCode} from ${url}`))
-          return
-        }
-        res.pipe(out)
-        out.on('finish', () => {
-          out.close()
-          fs.renameSync(tmpPath, destPath)
-          resolve(destPath)
-        })
-        out.on('error', err => {
-          try {
-            fs.unlinkSync(tmpPath)
-          } catch {}
-          reject(err)
-        })
-      })
-      .on('error', err => {
-        try {
-          fs.unlinkSync(tmpPath)
-        } catch {}
-        reject(err)
-      })
-  })
-}
-
-async function resolveInstallScript({ installStamp, sourceRepoRoot, hermesHome, emit }) {
-  // 1. Dev shortcut: prefer a local checkout's installer so we can iterate
-  //    without pushing. SOURCE_REPO_ROOT comes from main.cjs (path.resolve
-  //    of APP_ROOT/../..).
-  const localScript = resolveLocalInstallScript(sourceRepoRoot)
-  if (localScript) {
-    emit({ type: 'log', line: `[bootstrap] using local ${installScriptName()} at ${localScript}` })
-    return { path: localScript, source: 'local', kind: installScriptKind() }
-  }
-
-  // 2. Packaged path: download from GitHub at the pinned commit (1B's stamp).
-  if (!installStamp || !installStamp.commit || !STAMP_COMMIT_RE.test(installStamp.commit)) {
-    throw new Error(
-      `Cannot resolve ${installScriptName()}: no SOURCE_REPO_ROOT and no install stamp. ` +
-        'This packaged build was produced without a valid build-time stamp.'
-    )
-  }
-
-  const cached = cachedScriptPath(hermesHome, installStamp.commit)
-  try {
-    await fsp.access(cached, fs.constants.R_OK)
-    emit({ type: 'log', line: `[bootstrap] using cached ${installScriptName()} for ${installStamp.commit.slice(0, 12)}` })
-    return { path: cached, source: 'cache', commit: installStamp.commit, kind: installScriptKind() }
-  } catch {
-    // not cached; download
-  }
-
-  emit({ type: 'log', line: `[bootstrap] fetching ${installScriptName()} for ${installStamp.commit.slice(0, 12)} from GitHub` })
-  await downloadInstallScript(installStamp.commit, cached)
-  emit({ type: 'log', line: `[bootstrap] saved to ${cached}` })
-  return { path: cached, source: 'download', commit: installStamp.commit, kind: installScriptKind() }
-}
-
-// ---------------------------------------------------------------------------
-// powershell wrapper
-// ---------------------------------------------------------------------------
-
-function spawnPowerShell(scriptPath, args, { emit, stageName, abortSignal, hermesHome } = {}) {
-  return new Promise((resolve, reject) => {
-    const ps = process.platform === 'win32' ? 'powershell.exe' : 'pwsh'
-    const fullArgs = ['-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', scriptPath, ...args]
-
-    const child = spawn(ps, fullArgs, {
-      stdio: ['ignore', 'pipe', 'pipe'],
-      env: {
-        ...process.env,
-        // Pass HERMES_HOME through so install.ps1 respects the caller's
-        // choice rather than re-computing the default.
-        HERMES_HOME: hermesHome || process.env.HERMES_HOME || ''
-      }
-    })
-
-    let stdout = ''
-    let stderr = ''
-    let killed = false
-
-    const onAbort = () => {
-      killed = true
-      try {
-        child.kill('SIGTERM')
-      } catch {}
-    }
-    if (abortSignal) {
-      if (abortSignal.aborted) {
-        onAbort()
-      } else {
-        abortSignal.addEventListener('abort', onAbort, { once: true })
-      }
-    }
-
-    child.stdout.setEncoding('utf8')
-    child.stderr.setEncoding('utf8')
-
-    // Stream stdout line-by-line so the renderer sees progress in real time.
-    let stdoutBuf = ''
-    child.stdout.on('data', chunk => {
-      stdout += chunk
-      stdoutBuf += chunk
-      let nl
-      while ((nl = stdoutBuf.indexOf('\n')) !== -1) {
-        const line = stdoutBuf.slice(0, nl).replace(/\r$/, '')
-        stdoutBuf = stdoutBuf.slice(nl + 1)
-        if (line) emit && emit({ type: 'log', stage: stageName, line })
-      }
-    })
-
-    let stderrBuf = ''
-    child.stderr.on('data', chunk => {
-      stderr += chunk
-      stderrBuf += chunk
-      let nl
-      while ((nl = stderrBuf.indexOf('\n')) !== -1) {
-        const line = stderrBuf.slice(0, nl).replace(/\r$/, '')
-        stderrBuf = stderrBuf.slice(nl + 1)
-        if (line) emit && emit({ type: 'log', stage: stageName, line: `stderr: ${line}` })
-      }
-    })
-
-    child.on('error', err => {
-      if (abortSignal) abortSignal.removeEventListener('abort', onAbort)
-      reject(err)
-    })
-
-    child.on('close', (code, signal) => {
-      if (abortSignal) abortSignal.removeEventListener('abort', onAbort)
-      // Flush any trailing bytes
-      if (stdoutBuf) emit && emit({ type: 'log', stage: stageName, line: stdoutBuf })
-      if (stderrBuf) emit && emit({ type: 'log', stage: stageName, line: `stderr: ${stderrBuf}` })
-      resolve({ stdout, stderr, code, signal, killed })
-    })
-  })
-}
-
-function spawnBash(scriptPath, args, { emit, stageName, abortSignal, hermesHome } = {}) {
-  return new Promise((resolve, reject) => {
-    const child = spawn('bash', [scriptPath, ...args], {
-      stdio: ['ignore', 'pipe', 'pipe'],
-      env: {
-        ...process.env,
-        HERMES_HOME: hermesHome || process.env.HERMES_HOME || ''
-      }
-    })
-
-    let stdout = ''
-    let stderr = ''
-    let killed = false
-
-    const onAbort = () => {
-      killed = true
-      try {
-        child.kill('SIGTERM')
-      } catch {}
-    }
-    if (abortSignal) {
-      if (abortSignal.aborted) {
-        onAbort()
-      } else {
-        abortSignal.addEventListener('abort', onAbort, { once: true })
-      }
-    }
-
-    child.stdout.setEncoding('utf8')
-    child.stderr.setEncoding('utf8')
-
-    let stdoutBuf = ''
-    child.stdout.on('data', chunk => {
-      stdout += chunk
-      stdoutBuf += chunk
-      let nl
-      while ((nl = stdoutBuf.indexOf('\n')) !== -1) {
-        const line = stdoutBuf.slice(0, nl).replace(/\r$/, '')
-        stdoutBuf = stdoutBuf.slice(nl + 1)
-        if (line) emit && emit({ type: 'log', stage: stageName, line })
-      }
-    })
-
-    let stderrBuf = ''
-    child.stderr.on('data', chunk => {
-      stderr += chunk
-      stderrBuf += chunk
-      let nl
-      while ((nl = stderrBuf.indexOf('\n')) !== -1) {
-        const line = stderrBuf.slice(0, nl).replace(/\r$/, '')
-        stderrBuf = stderrBuf.slice(nl + 1)
-        if (line) emit && emit({ type: 'log', stage: stageName, line: `stderr: ${line}` })
-      }
-    })
-
-    child.on('error', err => {
-      if (abortSignal) abortSignal.removeEventListener('abort', onAbort)
-      reject(err)
-    })
-
-    child.on('close', (code, signal) => {
-      if (abortSignal) abortSignal.removeEventListener('abort', onAbort)
-      if (stdoutBuf) emit && emit({ type: 'log', stage: stageName, line: stdoutBuf })
-      if (stderrBuf) emit && emit({ type: 'log', stage: stageName, line: `stderr: ${stderrBuf}` })
-      resolve({ stdout, stderr, code, signal, killed })
-    })
-  })
-}
-
-// ---------------------------------------------------------------------------
-// Manifest + stage dispatch
-// ---------------------------------------------------------------------------
-
-// Build the install.ps1 pin args (-Commit / -Branch) from the install-stamp
-// so the repository stage clones the exact SHA the .exe was tested with
-// instead of falling back to install.ps1's default ($Branch = "main").
-function buildPinArgs(installStamp) {
-  const args = []
-  if (installStamp && installStamp.commit) {
-    args.push('-Commit', installStamp.commit)
-  }
-  if (installStamp && installStamp.branch) {
-    args.push('-Branch', installStamp.branch)
-  }
-  return args
-}
-
-function buildPosixPinArgs({ installStamp, activeRoot, hermesHome }) {
-  const args = ['--dir', activeRoot, '--hermes-home', hermesHome]
-  if (installStamp && installStamp.branch) {
-    args.push('--branch', installStamp.branch)
-  }
-  if (installStamp && installStamp.commit) {
-    args.push('--commit', installStamp.commit)
-  }
-  return args
-}
-
-async function fetchManifest({ scriptPath, installerKind, emit, hermesHome, activeRoot, installStamp }) {
-  const isPosix = installerKind === 'posix'
-  const args = isPosix
-    ? ['--manifest', ...buildPosixPinArgs({ installStamp, activeRoot, hermesHome })]
-    : ['-Manifest', ...buildPinArgs(installStamp)]
-  const result = await (isPosix ? spawnBash : spawnPowerShell)(scriptPath, args, {
-    emit,
-    stageName: '__manifest__',
-    hermesHome
-  })
-  if (result.code !== 0) {
-    throw new Error(`${isPosix ? 'install.sh --manifest' : 'install.ps1 -Manifest'} failed: exit ${result.code}\n${result.stderr || result.stdout}`)
-  }
-  // The manifest is the LAST JSON line on stdout (install.ps1 may print
-  // banner / info lines first depending on Console.OutputEncoding effects).
-  // Find the last line that parses as JSON with a `stages` field.
-  const lines = result.stdout.split(/\r?\n/).filter(Boolean)
-  for (let i = lines.length - 1; i >= 0; i--) {
-    try {
-      const parsed = JSON.parse(lines[i])
-      if (parsed && Array.isArray(parsed.stages)) {
-        return parsed
-      }
-    } catch {}
-  }
-  throw new Error(`${isPosix ? 'install.sh --manifest' : 'install.ps1 -Manifest'} produced no parseable JSON payload\n${result.stdout}`)
-}
-
-// Parse the JSON result frame from a stage run. The protocol guarantees
-// exactly one JSON line per stage in -Json or -Stage mode (post #27224 fix
-// for the double-emit bug we addressed in the install.ps1 PR).
-function parseStageResult(stdout) {
-  const lines = stdout.split(/\r?\n/).filter(Boolean)
-  for (let i = lines.length - 1; i >= 0; i--) {
-    try {
-      const parsed = JSON.parse(lines[i])
-      if (parsed && typeof parsed.ok === 'boolean' && typeof parsed.stage === 'string') {
-        return parsed
-      }
-    } catch {}
-  }
-  return null
-}
-
-async function runStage({ scriptPath, installerKind, stage, emit, hermesHome, activeRoot, abortSignal, installStamp }) {
-  const startedAt = Date.now()
-  emit({ type: 'stage', name: stage.name, state: 'running' })
-
-  const isPosix = installerKind === 'posix'
-  const args = isPosix
-    ? ['--stage', stage.name, '--non-interactive', '--json', ...buildPosixPinArgs({ installStamp, activeRoot, hermesHome })]
-    : ['-Stage', stage.name, '-NonInteractive', '-Json', ...buildPinArgs(installStamp)]
-  const result = await (isPosix ? spawnBash : spawnPowerShell)(
-    scriptPath,
-    args,
-    { emit, stageName: stage.name, abortSignal, hermesHome }
-  )
-
-  const durationMs = Date.now() - startedAt
-
-  if (result.killed) {
-    const ev = { type: 'stage', name: stage.name, state: 'failed', durationMs, error: 'cancelled by user' }
-    emit(ev)
-    return ev
-  }
-
-  const json = parseStageResult(result.stdout)
-
-  if (!json) {
-    const ev = {
-      type: 'stage',
-      name: stage.name,
-      state: 'failed',
-      durationMs,
-      error: `${isPosix ? 'install.sh --stage' : 'install.ps1 -Stage'} ${stage.name} produced no JSON result frame (exit=${result.code})`,
-      json: null
-    }
-    emit(ev)
-    return ev
-  }
-
-  if (json.ok && json.skipped) {
-    const ev = { type: 'stage', name: stage.name, state: 'skipped', durationMs, json }
-    emit(ev)
-    return ev
-  }
-  if (json.ok) {
-    const ev = { type: 'stage', name: stage.name, state: 'succeeded', durationMs, json }
-    emit(ev)
-    return ev
-  }
-  const ev = { type: 'stage', name: stage.name, state: 'failed', durationMs, json, error: json.reason || `exit code ${result.code}` }
-  emit(ev)
-  return ev
-}
-
-// ---------------------------------------------------------------------------
-// Per-run log file
-// ---------------------------------------------------------------------------
-
-function openRunLog(logRoot) {
-  fs.mkdirSync(logRoot, { recursive: true })
-  const ts = new Date().toISOString().replace(/[:.]/g, '-')
-  const logPath = path.join(logRoot, `bootstrap-${ts}.log`)
-  const stream = fs.createWriteStream(logPath, { flags: 'a' })
-  return { path: logPath, stream }
-}
-
-// ---------------------------------------------------------------------------
-// Public entrypoint
-// ---------------------------------------------------------------------------
-
-async function runBootstrap(opts) {
-  const {
-    installStamp,
-    activeRoot,
-    sourceRepoRoot,
-    hermesHome,
-    logRoot,
-    onEvent,
-    abortSignal,
-    writeMarker // callback to write the bootstrap-complete marker; main.cjs provides
-  } = opts
-
-  // Bail before spawning anything if the user already cancelled — otherwise an
-  // already-aborted signal would still fetch the manifest (a spawn) before the
-  // in-loop abort check fires.
-  if (abortSignal && abortSignal.aborted) {
-    if (typeof onEvent === 'function') {
-      try {
-        onEvent({ type: 'failed', error: 'bootstrap cancelled by user' })
-      } catch {}
-    }
-    return { ok: false, cancelled: true }
-  }
-
-  const runLog = openRunLog(logRoot || path.join(hermesHome, 'logs'))
-
-  // Tee every event to the runLog AND the caller's onEvent. This gives us a
-  // forensic trail per bootstrap run AND lets the renderer subscribe live.
-  const emit = ev => {
-    try {
-      runLog.stream.write(JSON.stringify(ev) + '\n')
-    } catch {}
-    try {
-      if (typeof onEvent === 'function') onEvent(ev)
-    } catch (err) {
-      // Don't let a subscriber bug crash the bootstrap
-      runLog.stream.write(`emit error: ${err && err.message}\n`)
-    }
-  }
-
-  emit({
-    type: 'log',
-    line:
-      `[bootstrap] starting at ${new Date().toISOString()}; ` +
-      `activeRoot=${activeRoot}; ` +
-      `stamp=${installStamp ? installStamp.commit.slice(0, 12) : '<none>'}; ` +
-      `runLog=${runLog.path}`
-  })
-
-  try {
-    // 1. Resolve the platform installer.
-    const scriptInfo = await resolveInstallScript({ installStamp, sourceRepoRoot, hermesHome, emit })
-    const installerKind = scriptInfo.kind || 'powershell'
-
-    // 2. Fetch manifest
-    const manifest = await fetchManifest({
-      scriptPath: scriptInfo.path,
-      installerKind,
-      emit,
-      hermesHome,
-      activeRoot,
-      installStamp
-    })
-    emit({
-      type: 'manifest',
-      stages: manifest.stages,
-      protocolVersion: manifest.protocol_version || manifest.protocolVersion || null
-    })
-
-    // 3. Iterate stages in order. Stages flagged needs_user_input are still
-    //    invoked -- install.ps1's own -NonInteractive handler in those stages
-    //    emits skipped=true. We trust the protocol rather than filtering
-    //    client-side.
-    for (const stage of manifest.stages) {
-      if (abortSignal && abortSignal.aborted) {
-        emit({ type: 'failed', error: 'bootstrap cancelled by user' })
-        return { ok: false, cancelled: true }
-      }
-      const ev = await runStage({
-        scriptPath: scriptInfo.path,
-        installerKind,
-        stage,
-        emit,
-        hermesHome,
-        activeRoot,
-        abortSignal,
-        installStamp
-      })
-      if (ev.state === 'failed') {
-        emit({ type: 'failed', stage: stage.name, error: ev.error || 'stage failed' })
-        return { ok: false, failedStage: stage.name, error: ev.error }
-      }
-    }
-
-    // 4. Write the bootstrap-complete marker.
-    const markerPayload = {
-      pinnedCommit: installStamp ? installStamp.commit : null,
-      pinnedBranch: installStamp ? installStamp.branch : null
-    }
-    const marker = typeof writeMarker === 'function' ? writeMarker(markerPayload) : markerPayload
-    emit({ type: 'complete', marker })
-    return { ok: true, marker }
-  } catch (err) {
-    emit({ type: 'failed', error: err.message || String(err) })
-    return { ok: false, error: err.message || String(err) }
-  } finally {
-    try {
-      runLog.stream.end()
-    } catch {}
-  }
-}
-
-module.exports = {
-  runBootstrap,
-  // Exposed for testability
-  parseStageResult,
-  resolveLocalInstallScript,
-  cachedScriptPath
-}
--- a/apps/desktop/electron/bootstrap-runner.test.cjs
+++ b/apps/desktop/electron/bootstrap-runner.test.cjs
@@ -1,27 +0,0 @@
-const assert = require('node:assert/strict')
-const test = require('node:test')
-
-const { runBootstrap } = require('./bootstrap-runner.cjs')
-
-test('runBootstrap bails immediately when the signal is already aborted', async () => {
-  const controller = new AbortController()
-  controller.abort()
-
-  const events = []
-  const result = await runBootstrap({
-    installStamp: null,
-    activeRoot: '/tmp/hermes-runner-test',
-    sourceRepoRoot: null,
-    hermesHome: '/tmp/hermes-runner-test',
-    logRoot: '/tmp/hermes-runner-test',
-    onEvent: ev => events.push(ev),
-    abortSignal: controller.signal
-  })
-
-  // Cancelled before any install script is spawned.
-  assert.deepEqual(result, { ok: false, cancelled: true })
-  assert.ok(
-    events.some(ev => ev.type === 'failed' && /cancelled/i.test(ev.error)),
-    'should emit a cancelled failure event'
-  )
-})
--- a/apps/desktop/electron/entitlements.mac.inherit.plist
+++ b/apps/desktop/electron/entitlements.mac.inherit.plist
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-  <key>com.apple.security.cs.allow-jit</key>
-  <true/>
-  <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-  <true/>
-  <key>com.apple.security.cs.disable-library-validation</key>
-  <true/>
-</dict>
-</plist>
--- a/apps/desktop/electron/entitlements.mac.plist
+++ b/apps/desktop/electron/entitlements.mac.plist
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-  <key>com.apple.security.cs.allow-jit</key>
-  <true/>
-  <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-  <true/>
-  <key>com.apple.security.cs.disable-library-validation</key>
-  <true/>
-  <key>com.apple.security.device.audio-input</key>
-  <true/>
-</dict>
-</plist>
--- a/apps/desktop/electron/hardening.cjs
+++ b/apps/desktop/electron/hardening.cjs
@@ -1,184 +0,0 @@
-const fs = require('node:fs')
-const path = require('node:path')
-const { fileURLToPath } = require('node:url')
-
-const DEFAULT_FETCH_TIMEOUT_MS = 15_000
-const DATA_URL_READ_MAX_BYTES = 16 * 1024 * 1024
-const TEXT_PREVIEW_SOURCE_MAX_BYTES = 64 * 1024 * 1024
-
-const SAFE_ENV_SUFFIXES = new Set(['dist', 'example', 'sample', 'template'])
-const SENSITIVE_EXTENSIONS = new Set(['.kdbx', '.p12', '.pem', '.pfx'])
-
-function resolveTimeoutMs(timeoutMs, fallbackMs = DEFAULT_FETCH_TIMEOUT_MS) {
-  const fallback =
-    Number.isFinite(fallbackMs) && Number(fallbackMs) > 0 ? Math.round(Number(fallbackMs)) : DEFAULT_FETCH_TIMEOUT_MS
-  const parsed = Number(timeoutMs)
-
-  if (Number.isFinite(parsed) && parsed > 0) {
-    return Math.round(parsed)
-  }
-
-  return fallback
-}
-
-function encryptDesktopSecret(value, safeStorageApi) {
-  const raw = String(value || '')
-
-  if (!raw) {
-    return null
-  }
-
-  let encryptionAvailable = false
-
-  try {
-    encryptionAvailable = Boolean(safeStorageApi?.isEncryptionAvailable?.())
-  } catch {
-    encryptionAvailable = false
-  }
-
-  if (!encryptionAvailable) {
-    throw new Error(
-      'Secure token storage is unavailable, so Hermes Desktop cannot save remote gateway tokens. ' +
-        'Set HERMES_DESKTOP_REMOTE_URL and HERMES_DESKTOP_REMOTE_TOKEN in your environment, or enable OS keychain access and try again.'
-    )
-  }
-
-  try {
-    return {
-      encoding: 'safeStorage',
-      value: safeStorageApi.encryptString(raw).toString('base64')
-    }
-  } catch (error) {
-    const detail = error instanceof Error && error.message ? ` (${error.message})` : ''
-    throw new Error(
-      `Failed to encrypt the remote gateway token for secure storage${detail}. ` +
-        'Set HERMES_DESKTOP_REMOTE_URL and HERMES_DESKTOP_REMOTE_TOKEN in your environment as a fallback.'
-    )
-  }
-}
-
-function sensitiveFileBlockReason(filePath) {
-  const normalized = String(filePath || '')
-    .replace(/\\/g, '/')
-    .toLowerCase()
-  const basename = path.basename(normalized)
-  const ext = path.extname(basename)
-
-  if (!basename) {
-    return null
-  }
-
-  if (normalized.includes('/.ssh/')) {
-    return 'SSH key/config files are blocked.'
-  }
-
-  if (normalized.includes('/.gnupg/')) {
-    return 'GPG key material is blocked.'
-  }
-
-  if (normalized.endsWith('/.aws/credentials')) {
-    return 'AWS credential files are blocked.'
-  }
-
-  if (basename === '.env') {
-    return '.env files are blocked because they commonly contain secrets.'
-  }
-
-  if (basename.startsWith('.env.')) {
-    const suffix = basename.slice('.env.'.length)
-    if (!SAFE_ENV_SUFFIXES.has(suffix)) {
-      return `${basename} is blocked because it appears to contain environment secrets.`
-    }
-  }
-
-  if (/^id_(rsa|dsa|ecdsa|ed25519)(?:\..+)?$/.test(basename) && !basename.endsWith('.pub')) {
-    return 'SSH private key files are blocked.'
-  }
-
-  if (SENSITIVE_EXTENSIONS.has(ext)) {
-    return `${ext} key/certificate files are blocked.`
-  }
-
-  if (basename === '.npmrc' || basename === '.netrc' || basename === '.pypirc') {
-    return `${basename} is blocked because it may include auth credentials.`
-  }
-
-  return null
-}
-
-function resolveRequestedFilePath(filePath, baseDir = process.cwd(), purpose = 'File read') {
-  const raw = String(filePath || '').trim()
-
-  if (!raw) {
-    throw new Error(`${purpose} failed: file path is required.`)
-  }
-
-  if (raw.includes('\0')) {
-    throw new Error(`${purpose} failed: file path is invalid.`)
-  }
-
-  if (/^file:/i.test(raw)) {
-    try {
-      return fileURLToPath(raw)
-    } catch {
-      throw new Error(`${purpose} failed: file URL is invalid.`)
-    }
-  }
-
-  const resolvedBase = path.resolve(String(baseDir || process.cwd()))
-  return path.resolve(resolvedBase, raw)
-}
-
-async function resolveReadableFileForIpc(filePath, options = {}) {
-  const purpose = String(options.purpose || 'File read')
-  const resolvedPath = resolveRequestedFilePath(filePath, options.baseDir, purpose)
-
-  if (options.blockSensitive !== false) {
-    const blockReason = sensitiveFileBlockReason(resolvedPath)
-    if (blockReason) {
-      throw new Error(`${purpose} blocked for sensitive file: ${blockReason}`)
-    }
-  }
-
-  let stat
-  try {
-    stat = await fs.promises.stat(resolvedPath)
-  } catch (error) {
-    const code = error && typeof error === 'object' ? error.code : ''
-    if (code === 'ENOENT' || code === 'ENOTDIR') {
-      throw new Error(`${purpose} failed: file does not exist.`)
-    }
-    throw new Error(`${purpose} failed: ${error instanceof Error ? error.message : String(error)}`)
-  }
-
-  if (stat.isDirectory()) {
-    throw new Error(`${purpose} failed: path points to a directory.`)
-  }
-
-  if (!stat.isFile()) {
-    throw new Error(`${purpose} failed: only regular files can be read.`)
-  }
-
-  const maxBytes = Number.isFinite(options.maxBytes) && Number(options.maxBytes) > 0 ? Number(options.maxBytes) : null
-  if (maxBytes && stat.size > maxBytes) {
-    throw new Error(`${purpose} failed: file is too large (${stat.size} bytes; limit ${maxBytes} bytes).`)
-  }
-
-  try {
-    await fs.promises.access(resolvedPath, fs.constants.R_OK)
-  } catch {
-    throw new Error(`${purpose} failed: file is not readable.`)
-  }
-
-  return { resolvedPath, stat }
-}
-
-module.exports = {
-  DATA_URL_READ_MAX_BYTES,
-  DEFAULT_FETCH_TIMEOUT_MS,
-  TEXT_PREVIEW_SOURCE_MAX_BYTES,
-  encryptDesktopSecret,
-  resolveReadableFileForIpc,
-  resolveTimeoutMs,
-  sensitiveFileBlockReason
-}
--- a/apps/desktop/electron/hardening.test.cjs
+++ b/apps/desktop/electron/hardening.test.cjs
@@ -1,116 +0,0 @@
-const assert = require('node:assert/strict')
-const fs = require('node:fs')
-const os = require('node:os')
-const path = require('node:path')
-const test = require('node:test')
-const { pathToFileURL } = require('node:url')
-
-const {
-  DEFAULT_FETCH_TIMEOUT_MS,
-  encryptDesktopSecret,
-  resolveReadableFileForIpc,
-  resolveTimeoutMs,
-  sensitiveFileBlockReason
-} = require('./hardening.cjs')
-
-test('resolveTimeoutMs falls back to defaults and accepts overrides', () => {
-  assert.equal(resolveTimeoutMs(undefined), DEFAULT_FETCH_TIMEOUT_MS)
-  assert.equal(resolveTimeoutMs(0), DEFAULT_FETCH_TIMEOUT_MS)
-  assert.equal(resolveTimeoutMs(-25), DEFAULT_FETCH_TIMEOUT_MS)
-  assert.equal(resolveTimeoutMs('2750'), 2750)
-})
-
-test('encryptDesktopSecret requires available secure storage', () => {
-  assert.equal(
-    encryptDesktopSecret('', { isEncryptionAvailable: () => true, encryptString: () => Buffer.alloc(0) }),
-    null
-  )
-
-  assert.throws(
-    () => encryptDesktopSecret('token', { isEncryptionAvailable: () => false, encryptString: () => Buffer.alloc(0) }),
-    /Secure token storage is unavailable/
-  )
-})
-
-test('encryptDesktopSecret stores safeStorage base64 payload', () => {
-  const secret = encryptDesktopSecret('token-123', {
-    isEncryptionAvailable: () => true,
-    encryptString: value => Buffer.from(`enc:${value}`, 'utf8')
-  })
-
-  assert.deepEqual(secret, {
-    encoding: 'safeStorage',
-    value: Buffer.from('enc:token-123', 'utf8').toString('base64')
-  })
-})
-
-test('sensitiveFileBlockReason blocks obvious secret file patterns', () => {
-  assert.match(String(sensitiveFileBlockReason('/tmp/.env')), /\.env/)
-  assert.equal(sensitiveFileBlockReason('/tmp/.env.example'), null)
-  assert.match(String(sensitiveFileBlockReason('/Users/me/.ssh/id_ed25519')), /SSH/)
-  assert.match(String(sensitiveFileBlockReason('/tmp/server-cert.pem')), /\.pem/)
-})
-
-test('resolveReadableFileForIpc validates existence type size and sensitivity', async t => {
-  const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'hermes-desktop-hardening-'))
-  t.after(() => fs.rmSync(tempDir, { recursive: true, force: true }))
-
-  const textPath = path.join(tempDir, 'notes.txt')
-  fs.writeFileSync(textPath, 'hello world', 'utf8')
-
-  const fromRelative = await resolveReadableFileForIpc('notes.txt', {
-    baseDir: tempDir,
-    maxBytes: 256,
-    purpose: 'File preview'
-  })
-  assert.equal(fromRelative.resolvedPath, textPath)
-  assert.equal(fromRelative.stat.size, 11)
-
-  const fromFileUrl = await resolveReadableFileForIpc(pathToFileURL(textPath).toString(), {
-    purpose: 'File preview'
-  })
-  assert.equal(fromFileUrl.resolvedPath, textPath)
-
-  await assert.rejects(
-    resolveReadableFileForIpc('missing.txt', {
-      baseDir: tempDir,
-      purpose: 'Text preview'
-    }),
-    /file does not exist/
-  )
-
-  const nestedDir = path.join(tempDir, 'directory')
-  fs.mkdirSync(nestedDir)
-  await assert.rejects(
-    resolveReadableFileForIpc(nestedDir, {
-      purpose: 'Text preview'
-    }),
-    /path points to a directory/
-  )
-
-  const largePath = path.join(tempDir, 'large.txt')
-  fs.writeFileSync(largePath, 'x'.repeat(40), 'utf8')
-  await assert.rejects(
-    resolveReadableFileForIpc(largePath, {
-      maxBytes: 8,
-      purpose: 'File preview'
-    }),
-    /file is too large/
-  )
-
-  const envPath = path.join(tempDir, '.env')
-  fs.writeFileSync(envPath, 'SECRET_TOKEN=123', 'utf8')
-  await assert.rejects(
-    resolveReadableFileForIpc(envPath, {
-      purpose: 'File preview'
-    }),
-    /blocked for sensitive file/
-  )
-
-  const envTemplatePath = path.join(tempDir, '.env.example')
-  fs.writeFileSync(envTemplatePath, 'EXAMPLE_TOKEN=value', 'utf8')
-  const envTemplate = await resolveReadableFileForIpc(envTemplatePath, {
-    purpose: 'File preview'
-  })
-  assert.equal(envTemplate.resolvedPath, envTemplatePath)
-})
--- a/apps/desktop/electron/main.cjs
+++ b/apps/desktop/electron/main.cjs
--- a/apps/desktop/electron/preload.cjs
+++ b/apps/desktop/electron/preload.cjs
@@ -1,112 +0,0 @@
-const { contextBridge, ipcRenderer, webUtils } = require('electron')
-
-contextBridge.exposeInMainWorld('hermesDesktop', {
-  getConnection: () => ipcRenderer.invoke('hermes:connection'),
-  getBootProgress: () => ipcRenderer.invoke('hermes:boot-progress:get'),
-  getConnectionConfig: () => ipcRenderer.invoke('hermes:connection-config:get'),
-  saveConnectionConfig: payload => ipcRenderer.invoke('hermes:connection-config:save', payload),
-  applyConnectionConfig: payload => ipcRenderer.invoke('hermes:connection-config:apply', payload),
-  testConnectionConfig: payload => ipcRenderer.invoke('hermes:connection-config:test', payload),
-  api: request => ipcRenderer.invoke('hermes:api', request),
-  notify: payload => ipcRenderer.invoke('hermes:notify', payload),
-  requestMicrophoneAccess: () => ipcRenderer.invoke('hermes:requestMicrophoneAccess'),
-  readFileDataUrl: filePath => ipcRenderer.invoke('hermes:readFileDataUrl', filePath),
-  readFileText: filePath => ipcRenderer.invoke('hermes:readFileText', filePath),
-  selectPaths: options => ipcRenderer.invoke('hermes:selectPaths', options),
-  writeClipboard: text => ipcRenderer.invoke('hermes:writeClipboard', text),
-  saveImageFromUrl: url => ipcRenderer.invoke('hermes:saveImageFromUrl', url),
-  saveImageBuffer: (data, ext) => ipcRenderer.invoke('hermes:saveImageBuffer', { data, ext }),
-  saveClipboardImage: () => ipcRenderer.invoke('hermes:saveClipboardImage'),
-  getPathForFile: file => {
-    try {
-      return webUtils.getPathForFile(file) || ''
-    } catch {
-      return ''
-    }
-  },
-  normalizePreviewTarget: (target, baseDir) => ipcRenderer.invoke('hermes:normalizePreviewTarget', target, baseDir),
-  watchPreviewFile: url => ipcRenderer.invoke('hermes:watchPreviewFile', url),
-  stopPreviewFileWatch: id => ipcRenderer.invoke('hermes:stopPreviewFileWatch', id),
-  setTitleBarTheme: payload => ipcRenderer.send('hermes:titlebar-theme', payload),
-  setPreviewShortcutActive: active => ipcRenderer.send('hermes:previewShortcutActive', Boolean(active)),
-  openExternal: url => ipcRenderer.invoke('hermes:openExternal', url),
-  fetchLinkTitle: url => ipcRenderer.invoke('hermes:fetchLinkTitle', url),
-  revealLogs: () => ipcRenderer.invoke('hermes:logs:reveal'),
-  getRecentLogs: () => ipcRenderer.invoke('hermes:logs:recent'),
-  readDir: dirPath => ipcRenderer.invoke('hermes:fs:readDir', dirPath),
-  gitRoot: startPath => ipcRenderer.invoke('hermes:fs:gitRoot', startPath),
-  terminal: {
-    dispose: id => ipcRenderer.invoke('hermes:terminal:dispose', id),
-    resize: (id, size) => ipcRenderer.invoke('hermes:terminal:resize', id, size),
-    start: options => ipcRenderer.invoke('hermes:terminal:start', options),
-    write: (id, data) => ipcRenderer.invoke('hermes:terminal:write', id, data),
-    onData: (id, callback) => {
-      const channel = `hermes:terminal:${id}:data`
-      const listener = (_event, payload) => callback(payload)
-      ipcRenderer.on(channel, listener)
-      return () => ipcRenderer.removeListener(channel, listener)
-    },
-    onExit: (id, callback) => {
-      const channel = `hermes:terminal:${id}:exit`
-      const listener = (_event, payload) => callback(payload)
-      ipcRenderer.on(channel, listener)
-      return () => ipcRenderer.removeListener(channel, listener)
-    }
-  },
-  onClosePreviewRequested: callback => {
-    const listener = () => callback()
-    ipcRenderer.on('hermes:close-preview-requested', listener)
-    return () => ipcRenderer.removeListener('hermes:close-preview-requested', listener)
-  },
-  onOpenUpdatesRequested: callback => {
-    const listener = () => callback()
-    ipcRenderer.on('hermes:open-updates', listener)
-    return () => ipcRenderer.removeListener('hermes:open-updates', listener)
-  },
-  onWindowStateChanged: callback => {
-    const listener = (_event, payload) => callback(payload)
-    ipcRenderer.on('hermes:window-state-changed', listener)
-    return () => ipcRenderer.removeListener('hermes:window-state-changed', listener)
-  },
-  onPreviewFileChanged: callback => {
-    const listener = (_event, payload) => callback(payload)
-    ipcRenderer.on('hermes:preview-file-changed', listener)
-    return () => ipcRenderer.removeListener('hermes:preview-file-changed', listener)
-  },
-  onBackendExit: callback => {
-    const listener = (_event, payload) => callback(payload)
-    ipcRenderer.on('hermes:backend-exit', listener)
-    return () => ipcRenderer.removeListener('hermes:backend-exit', listener)
-  },
-  onBootProgress: callback => {
-    const listener = (_event, payload) => callback(payload)
-    ipcRenderer.on('hermes:boot-progress', listener)
-    return () => ipcRenderer.removeListener('hermes:boot-progress', listener)
-  },
-  // First-launch bootstrap progress -- emitted by the install.ps1 stage
-  // runner in main.cjs (apps/desktop/electron/bootstrap-runner.cjs).
-  // Renderer's install overlay subscribes to live events and queries the
-  // current snapshot via getBootstrapState() to recover after a devtools
-  // reload mid-bootstrap.
-  getBootstrapState: () => ipcRenderer.invoke('hermes:bootstrap:get'),
-  resetBootstrap: () => ipcRenderer.invoke('hermes:bootstrap:reset'),
-  repairBootstrap: () => ipcRenderer.invoke('hermes:bootstrap:repair'),
-  cancelBootstrap: () => ipcRenderer.invoke('hermes:bootstrap:cancel'),
-  onBootstrapEvent: callback => {
-    const listener = (_event, payload) => callback(payload)
-    ipcRenderer.on('hermes:bootstrap:event', listener)
-    return () => ipcRenderer.removeListener('hermes:bootstrap:event', listener)
-  },
-  getVersion: () => ipcRenderer.invoke('hermes:version'),
-  updates: {
-    check: () => ipcRenderer.invoke('hermes:updates:check'),
-    apply: opts => ipcRenderer.invoke('hermes:updates:apply', opts),
-    getBranch: () => ipcRenderer.invoke('hermes:updates:branch:get'),
-    setBranch: name => ipcRenderer.invoke('hermes:updates:branch:set', name),
-    onProgress: callback => {
-      const listener = (_event, payload) => callback(payload)
-      ipcRenderer.on('hermes:updates:progress', listener)
-      return () => ipcRenderer.removeListener('hermes:updates:progress', listener)
-    }
-  }
-})
--- a/apps/desktop/eslint.config.mjs
+++ b/apps/desktop/eslint.config.mjs
@@ -1,122 +0,0 @@
-import js from '@eslint/js'
-import typescriptEslint from '@typescript-eslint/eslint-plugin'
-import typescriptParser from '@typescript-eslint/parser'
-import perfectionist from 'eslint-plugin-perfectionist'
-import reactPlugin from 'eslint-plugin-react'
-import reactCompiler from 'eslint-plugin-react-compiler'
-import hooksPlugin from 'eslint-plugin-react-hooks'
-import unusedImports from 'eslint-plugin-unused-imports'
-import globals from 'globals'
-
-const noopRule = {
-  meta: { schema: [], type: 'problem' },
-  create: () => ({})
-}
-
-const customRules = {
-  rules: {
-    'no-process-cwd': noopRule,
-    'no-process-env-top-level': noopRule,
-    'no-sync-fs': noopRule,
-    'no-top-level-dynamic-import': noopRule,
-    'no-top-level-side-effects': noopRule
-  }
-}
-
-export default [
-  {
-    ignores: ['**/node_modules/**', '**/dist/**', 'src/**/*.js']
-  },
-  js.configs.recommended,
-  {
-    files: ['**/*.{ts,tsx}'],
-    languageOptions: {
-      globals: {
-        ...globals.browser,
-        ...globals.node
-      },
-      parser: typescriptParser,
-      parserOptions: {
-        ecmaFeatures: { jsx: true },
-        ecmaVersion: 'latest',
-        sourceType: 'module'
-      }
-    },
-    plugins: {
-      '@typescript-eslint': typescriptEslint,
-      'custom-rules': customRules,
-      perfectionist,
-      react: reactPlugin,
-      'react-compiler': reactCompiler,
-      'react-hooks': hooksPlugin,
-      'unused-imports': unusedImports
-    },
-    rules: {
-      '@typescript-eslint/consistent-type-imports': ['error', { prefer: 'type-imports' }],
-      '@typescript-eslint/no-unused-vars': 'off',
-      curly: ['error', 'all'],
-      'no-fallthrough': ['error', { allowEmptyCase: true }],
-      'no-undef': 'off',
-      'no-unused-vars': 'off',
-      'padding-line-between-statements': [
-        1,
-        {
-          blankLine: 'always',
-          next: [
-            'block-like',
-            'block',
-            'return',
-            'if',
-            'class',
-            'continue',
-            'debugger',
-            'break',
-            'multiline-const',
-            'multiline-let'
-          ],
-          prev: '*'
-        },
-        {
-          blankLine: 'always',
-          next: '*',
-          prev: ['case', 'default', 'multiline-const', 'multiline-let', 'multiline-block-like']
-        },
-        { blankLine: 'never', next: ['block', 'block-like'], prev: ['case', 'default'] },
-        { blankLine: 'always', next: ['block', 'block-like'], prev: ['block', 'block-like'] },
-        { blankLine: 'always', next: ['empty'], prev: 'export' },
-        { blankLine: 'never', next: 'iife', prev: ['block', 'block-like', 'empty'] }
-      ],
-      'perfectionist/sort-exports': ['error', { order: 'asc', type: 'natural' }],
-      'perfectionist/sort-imports': [
-        'error',
-        {
-          groups: ['side-effect', 'builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
-          order: 'asc',
-          type: 'natural'
-        }
-      ],
-      'perfectionist/sort-jsx-props': ['error', { order: 'asc', type: 'natural' }],
-      'perfectionist/sort-named-exports': ['error', { order: 'asc', type: 'natural' }],
-      'perfectionist/sort-named-imports': ['error', { order: 'asc', type: 'natural' }],
-      'react-compiler/react-compiler': 'warn',
-      'react-hooks/exhaustive-deps': 'warn',
-      'react-hooks/rules-of-hooks': 'error',
-      'unused-imports/no-unused-imports': 'error'
-    },
-    settings: {
-      react: { version: 'detect' }
-    }
-  },
-  {
-    files: ['**/*.js', '**/*.cjs'],
-    ignores: ['**/node_modules/**', '**/dist/**'],
-    languageOptions: {
-      ecmaVersion: 'latest',
-      globals: { ...globals.node },
-      sourceType: 'commonjs'
-    }
-  },
-  {
-    ignores: ['*.config.*']
-  }
-]
--- a/apps/desktop/index.html
+++ b/apps/desktop/index.html
@@ -1,14 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <link rel="icon" href="/apple-touch-icon.png" />
-    <link rel="apple-touch-icon" href="/apple-touch-icon.png" />
-    <title>Hermes</title>
-  </head>
-  <body>
-    <div id="root" class="scrollbar-dt"></div>
-    <script type="module" src="/src/main.tsx"></script>
-  </body>
-</html>
--- a/apps/desktop/package-lock.json
+++ b/apps/desktop/package-lock.json
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -1,232 +0,0 @@
-{
-  "name": "hermes",
-  "productName": "Hermes",
-  "private": true,
-  "version": "0.15.1",
-  "description": "Native desktop shell for Hermes Agent.",
-  "author": "Nous Research",
-  "type": "module",
-  "main": "electron/main.cjs",
-  "scripts": {
-    "dev": "concurrently -k \"npm:dev:renderer\" \"npm:dev:electron\"",
-    "dev:fake-boot": "cross-env HERMES_DESKTOP_BOOT_FAKE=1 HERMES_DESKTOP_BOOT_FAKE_STEP_MS=650 npm run dev",
-    "dev:renderer": "node scripts/assert-root-install.cjs && vite --host 127.0.0.1 --port 5174",
-    "dev:electron": "wait-on http://127.0.0.1:5174 && cross-env XCURSOR_SIZE=24 HERMES_DESKTOP_DEV_SERVER=http://127.0.0.1:5174 electron .",
-    "profile:main": "wait-on http://127.0.0.1:5174 && cross-env XCURSOR_SIZE=24 HERMES_DESKTOP_DEV_SERVER=http://127.0.0.1:5174 electron --inspect=9229 .",
-    "profile:main:cpu": "wait-on http://127.0.0.1:5174 && cross-env XCURSOR_SIZE=24 NODE_OPTIONS=--cpu-prof HERMES_DESKTOP_DEV_SERVER=http://127.0.0.1:5174 electron .",
-    "start": "npm run build && electron .",
-    "build": "node scripts/assert-root-install.cjs && node scripts/write-build-stamp.cjs && node scripts/stage-native-deps.cjs && tsc -b && vite build",
-    "builder": "cross-env NODE_OPTIONS=--max-old-space-size=16384 electron-builder",
-    "pack": "npm run build && npm run builder -- --dir",
-    "dist": "npm run build && npm run builder",
-    "dist:mac": "npm run build && npm run builder -- --mac",
-    "dist:mac:dmg": "npm run build && npm run builder -- --mac dmg",
-    "dist:mac:zip": "npm run build && npm run builder -- --mac zip",
-    "dist:win": "npm run build && npm run builder -- --win",
-    "dist:win:msi": "npm run build && npm run builder -- --win msi",
-    "dist:win:nsis": "npm run build && npm run builder -- --win nsis",
-    "dist:linux": "npm run build && npm run builder -- --linux AppImage deb rpm",
-    "test:desktop": "node scripts/test-desktop.mjs",
-    "test:desktop:all": "node scripts/test-desktop.mjs all",
-    "test:desktop:dmg": "node scripts/test-desktop.mjs dmg",
-    "test:desktop:nsis": "node scripts/test-desktop.mjs nsis",
-    "test:desktop:existing": "node scripts/test-desktop.mjs existing",
-    "test:desktop:fresh": "node scripts/test-desktop.mjs fresh",
-    "test:desktop:platforms": "node --test electron/bootstrap-platform.test.cjs electron/hardening.test.cjs electron/backend-probes.test.cjs electron/bootstrap-runner.test.cjs",
-    "type-check": "tsc -b",
-    "lint": "eslint src/ electron/",
-    "lint:fix": "eslint src/ electron/ --fix",
-    "fmt": "prettier --write 'src/**/*.{ts,tsx}' 'electron/**/*.{js,cjs}' 'vite.config.ts'",
-    "fix": "npm run lint:fix && npm run fmt",
-    "test:ui": "vitest run --environment jsdom",
-    "preview": "node scripts/assert-root-install.cjs && vite preview --host 127.0.0.1 --port 4174"
-  },
-  "dependencies": {
-    "@assistant-ui/react": "^0.12.28",
-    "@assistant-ui/react-streamdown": "^0.1.11",
-    "@audiowave/react": "^0.6.2",
-    "@chenglou/pretext": "^0.0.6",
-    "@dnd-kit/core": "^6.3.1",
-    "@dnd-kit/sortable": "^10.0.0",
-    "@dnd-kit/utilities": "^3.2.2",
-    "@hermes/shared": "file:../shared",
-    "@nanostores/react": "^1.1.0",
-    "@nous-research/ui": "^0.13.0",
-    "@radix-ui/react-slot": "^1.2.4",
-    "@streamdown/code": "^1.1.1",
-    "@tabler/icons-react": "^3.41.1",
-    "@tailwindcss/typography": "^0.5.19",
-    "@tailwindcss/vite": "^4.2.4",
-    "@tanstack/react-query": "^5.100.6",
-    "@tanstack/react-virtual": "^3.13.24",
-    "@vscode/codicons": "^0.0.45",
-    "@xterm/addon-fit": "^0.11.0",
-    "@xterm/addon-unicode11": "^0.9.0",
-    "@xterm/addon-web-links": "^0.12.0",
-    "@xterm/addon-webgl": "^0.19.0",
-    "@xterm/xterm": "^6.0.0",
-    "class-variance-authority": "^0.7.1",
-    "clsx": "^2.1.1",
-    "cmdk": "^1.1.1",
-    "hast-util-from-html-isomorphic": "^2.0.0",
-    "hast-util-to-text": "^4.0.2",
-    "ignore": "^7.0.5",
-    "katex": "^0.16.45",
-    "leva": "^0.10.1",
-    "motion": "^12.38.0",
-    "nanostores": "^1.3.0",
-    "node-pty": "1.1.0",
-    "radix-ui": "^1.4.3",
-    "react": "^19.2.5",
-    "react-arborist": "^3.5.0",
-    "react-dom": "^19.2.5",
-    "react-router-dom": "^7.14.2",
-    "react-shiki": "^0.9.3",
-    "remark-math": "^6.0.0",
-    "shiki": "^4.0.2",
-    "streamdown": "^2.5.0",
-    "tailwind-merge": "^3.5.0",
-    "tailwindcss": "^4.2.4",
-    "tw-shimmer": "^0.4.11",
-    "unicode-animations": "^1.0.3",
-    "unified": "^11.0.5",
-    "unist-util-visit-parents": "^6.0.2",
-    "vfile": "^6.0.3",
-    "web-haptics": "^0.0.6"
-  },
-  "devDependencies": {
-    "@eslint/js": "^9.39.4",
-    "@testing-library/react": "^16.3.2",
-    "@types/hast": "^3.0.4",
-    "@types/node": "^24.12.2",
-    "@types/react": "^19.2.14",
-    "@types/react-dom": "^19.2.3",
-    "@typescript-eslint/eslint-plugin": "^8.59.1",
-    "@typescript-eslint/parser": "^8.59.1",
-    "@vitejs/plugin-react": "^6.0.1",
-    "concurrently": "^9.2.1",
-    "cross-env": "^10.1.0",
-    "electron": "^40.9.3",
-    "electron-builder": "^26.8.1",
-    "eslint": "^9.39.4",
-    "eslint-plugin-perfectionist": "^5.9.0",
-    "eslint-plugin-react": "^7.37.5",
-    "eslint-plugin-react-compiler": "^19.1.0-rc.2",
-    "eslint-plugin-react-hooks": "^7.1.1",
-    "eslint-plugin-unused-imports": "^4.4.1",
-    "globals": "^16.5.0",
-    "jsdom": "^29.1.1",
-    "prettier": "^3.8.3",
-    "rcedit": "^5.0.2",
-    "typescript": "^6.0.3",
-    "vite": "^8.0.10",
-    "vitest": "^4.1.5",
-    "wait-on": "^9.0.5"
-  },
-  "build": {
-    "electronVersion": "40.9.3",
-    "appId": "com.nousresearch.hermes",
-    "productName": "Hermes",
-    "executableName": "Hermes",
-    "artifactName": "Hermes-${version}-${os}-${arch}.${ext}",
-    "icon": "assets/icon",
-    "directories": {
-      "output": "release"
-    },
-    "files": [
-      "dist/**",
-      "assets/**",
-      "electron/**",
-      "public/**",
-      "package.json"
-    ],
-    "beforeBuild": "scripts/before-build.cjs",
-    "afterPack": "scripts/after-pack.cjs",
-    "extraResources": [
-      {
-        "from": "build/install-stamp.json",
-        "to": "install-stamp.json"
-      },
-      {
-        "from": "build/native-deps",
-        "to": "native-deps"
-      },
-      {
-        "from": "assets/icon.ico",
-        "to": "icon.ico"
-      }
-    ],
-    "asar": true,
-    "afterSign": "scripts/notarize.cjs",
-    "asarUnpack": [
-      "**/*.node",
-      "**/prebuilds/**"
-    ],
-    "mac": {
-      "category": "public.app-category.developer-tools",
-      "entitlements": "electron/entitlements.mac.plist",
-      "entitlementsInherit": "electron/entitlements.mac.inherit.plist",
-      "extendInfo": {
-        "CFBundleDisplayName": "Hermes",
-        "CFBundleExecutable": "Hermes",
-        "CFBundleName": "Hermes",
-        "NSAudioCaptureUsageDescription": "Hermes uses audio capture for voice conversations.",
-        "NSMicrophoneUsageDescription": "Hermes uses the microphone for voice input and voice conversations."
-      },
-      "gatekeeperAssess": false,
-      "hardenedRuntime": true,
-      "target": [
-        "dmg",
-        "zip"
-      ]
-    },
-    "dmg": {
-      "title": "Install Hermes",
-      "backgroundColor": "#f5f5f7",
-      "iconSize": 96,
-      "window": {
-        "width": 560,
-        "height": 360
-      },
-      "contents": [
-        {
-          "x": 160,
-          "y": 170,
-          "type": "file"
-        },
-        {
-          "x": 400,
-          "y": 170,
-          "type": "link",
-          "path": "/Applications"
-        }
-      ]
-    },
-    "win": {
-      "legalTrademarks": "Hermes",
-      "target": [
-        "nsis",
-        "msi"
-      ],
-      "signAndEditExecutable": false
-    },
-    "linux": {
-      "category": "Development",
-      "maintainer": "Nous Research <support@nousresearch.com>",
-      "synopsis": "Native desktop shell for Hermes Agent.",
-      "target": [
-        "AppImage",
-        "deb",
-        "rpm"
-      ]
-    },
-    "nsis": {
-      "oneClick": false,
-      "allowToChangeInstallationDirectory": true,
-      "perMachine": false,
-      "shortcutName": "Hermes",
-      "uninstallDisplayName": "Hermes",
-      "warningsAsErrors": false
-    }
-  }
-}
--- a/apps/desktop/preview-demo.html
+++ b/apps/desktop/preview-demo.html
@@ -1,65 +0,0 @@
-<!doctype html>
-<html lang="en">
-<head>
-<meta charset="utf-8" />
-<meta name="viewport" content="width=device-width,initial-scale=1" />
-<title>Preview Demo</title>
-<style>
-  :root { color-scheme: dark; }
-  html, body { height: 100%; margin: 0; }
-  body {
-    font-family: ui-sans-serif, system-ui, -apple-system, "SF Pro Text", sans-serif;
-    background: radial-gradient(1200px 600px at 20% 10%, #4a1a33 0%, #2a1020 40%, #120810 100%);
-    color: #ffe4f1;
-    display: grid;
-    place-items: center;
-    padding: 2rem;
-  }
-  .card {
-    max-width: 520px;
-    padding: 2rem 2.25rem;
-    border: 1px solid rgba(255,182,214,0.18);
-    border-radius: 14px;
-    background: rgba(28,14,22,0.6);
-    backdrop-filter: blur(6px);
-    box-shadow: 0 10px 40px rgba(0,0,0,0.4);
-  }
-  h1 {
-    margin: 0 0 0.5rem;
-    font-size: 1.5rem;
-    letter-spacing: 0.01em;
-  }
-  p { margin: 0.35rem 0; opacity: 0.85; line-height: 1.5; }
-  .dot {
-    display: inline-block; width: 10px; height: 10px; border-radius: 50%;
-    background: #ff6fb5; margin-right: 0.5rem;
-    box-shadow: 0 0 12px #ff6fb5;
-    animation: pulse 1.6s ease-in-out infinite;
-  }
-  @keyframes pulse {
-    0%,100% { transform: scale(1); opacity: 1; }
-    50%     { transform: scale(1.4); opacity: 0.6; }
-  }
-  code {
-    background: rgba(255,182,214,0.10);
-    padding: 0.1rem 0.35rem;
-    border-radius: 4px;
-    font-size: 0.9em;
-  }
-  .time { font-variant-numeric: tabular-nums; opacity: 0.7; font-size: 0.85rem; margin-top: 1rem; }
-</style>
-</head>
-<body>
-  <div class="card">
-    <h1><span class="dot"></span>preview-demo.html</h1>
-    <p>Tiny standalone HTML artifact — no server, no build step.</p>
-    <p>Open directly in a browser via <code>file://</code>.</p>
-    <p class="time" id="t"></p>
-  </div>
-  <script>
-    const el = document.getElementById('t');
-    const tick = () => { el.textContent = new Date().toLocaleString(); };
-    tick(); setInterval(tick, 1000);
-  </script>
-</body>
-</html>
--- a/apps/desktop/public/apple-touch-icon.png
+++ b/apps/desktop/public/apple-touch-icon.png
--- a/apps/desktop/public/ds-assets/filler-bg0.jpg
+++ b/apps/desktop/public/ds-assets/filler-bg0.jpg
--- a/apps/desktop/public/hermes-frames/hermes-frame-0.png
+++ b/apps/desktop/public/hermes-frames/hermes-frame-0.png
--- a/apps/desktop/public/hermes-frames/hermes-frame-1.png
+++ b/apps/desktop/public/hermes-frames/hermes-frame-1.png
--- a/Show More
+++ b/Show More