docs: refresh Hermes guide for v0.12

.github/markdown-link-check.json

@@ -1,7 +1,6 @@
 {
   "ignorePatterns": [
     { "pattern": "^https://t.me/" },
-    { "pattern": "^https://example.com/" },
     { "pattern": "^https://install.hermes.nous.ai" },
     { "pattern": "^https://langfuse.yourdomain.com" },
     { "pattern": "^https://hermes.yourdomain.com" },

CHANGELOG.md

@@ -2,6 +2,27 @@
 
 Dated list of meaningful guide updates. Roughly [Keep a Changelog](https://keepachangelog.com) flavored.
 
+## 2026-04-30 — Hermes v0.11/v0.12 Refresh
+
+### Added
+- **Part 22 — Latest Power Moves** covering Curator, TUI steering habits, context-file hygiene, plugins, auxiliary models, cron chaining, and the v0.12 upgrade checklist
+- Curator guidance in Part 5, including dry-run, scheduling, pin/archive behavior, and how it differs from skills/memory/context files
+- v0.12 platform coverage for QQBot, Tencent Yuanbao, and Microsoft Teams as a plugin-shipped gateway
+- AWS Bedrock, Azure AI Foundry, LM Studio, GMI Cloud, Tencent TokenHub, MiniMax OAuth, Gemini OAuth, and remote model catalog notes in Part 9
+- Vercel Sandbox coverage in Part 21
+
+### Changed
+- README "What's New" now reflects landed v0.11.0 and v0.12.0 releases instead of speculative post-v0.10 PR tracking
+- Part 12 updated for dashboard Chat, Models tab, plugins, Curator controls, and `web,pty` install requirements
+- Part 14 updated for `/steer`, `/queue`, `/background`, `/busy`, and current Fast Mode language
+- Part 18 updated for orchestrator-role subagents and file coordination
+- Part 19 updated with MCP/plugin/dashboard threat surfaces and v0.12 hardline block guidance
+- Part 20 updated to prefer the bundled Langfuse observability plugin and auxiliary routing
+
+### Removed
+- Stale "Cooking on main" framing and example.com disclosure placeholder
+- Old Gemini CLI install requirement for Gemini OAuth
+
 ## 2026-04-17 — Wizard + Reference Architectures + CI
 
 ### Added

CONTRIBUTING.md

@@ -37,7 +37,7 @@ This guide is built in public. PRs welcome.
 ├── ECOSYSTEM.md
 ├── ROADMAP.md
 ├── LICENSE
-├── part1-setup.md … part21-remote-sandboxes.md
+├── part1-setup.md … part22-latest-power-moves.md
 ├── diagrams/architecture.md
 ├── skills/
 │   ├── README.md

ECOSYSTEM.md

@@ -6,31 +6,31 @@ The canonical "where do I find X for Hermes" directory. Maintained alongside the
 
 ## MCP Servers Worth Installing
 
-### Official (Anthropic-maintained)
-- [`@modelcontextprotocol/server-github`](https://github.com/modelcontextprotocol/servers/tree/main/src/github) — PRs, issues, code search, Actions
+### Official / reference
+- [`@modelcontextprotocol/server-github`](https://www.npmjs.com/package/@modelcontextprotocol/server-github) — PRs, issues, code search, Actions
 - [`@modelcontextprotocol/server-filesystem`](https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem) — read/write to scoped directories
-- [`@modelcontextprotocol/server-postgres`](https://github.com/modelcontextprotocol/servers/tree/main/src/postgres) — read-only SQL
-- [`@modelcontextprotocol/server-sqlite`](https://github.com/modelcontextprotocol/servers/tree/main/src/sqlite) — local SQLite
-- [`@modelcontextprotocol/server-puppeteer`](https://github.com/modelcontextprotocol/servers/tree/main/src/puppeteer) — headless browser automation
+- [`@modelcontextprotocol/server-postgres`](https://www.npmjs.com/package/@modelcontextprotocol/server-postgres) — read-only SQL
+- [`@modelcontextprotocol/server-sqlite`](https://github.com/modelcontextprotocol/servers-archived/tree/main/src/sqlite) — local SQLite
+- [`@modelcontextprotocol/server-puppeteer`](https://www.npmjs.com/package/@modelcontextprotocol/server-puppeteer) — headless browser automation
 - [`@modelcontextprotocol/server-memory`](https://github.com/modelcontextprotocol/servers/tree/main/src/memory) — lightweight KV memory
-- [`@modelcontextprotocol/server-google-drive`](https://github.com/modelcontextprotocol/servers/tree/main/src/gdrive) — Drive read
+- [`@modelcontextprotocol/server-google-drive`](https://www.npmjs.com/package/@modelcontextprotocol/server-gdrive) — Drive read
 
 ### First-party vendor MCPs
 - [`@cloudflare/mcp-server-cloudflare`](https://github.com/cloudflare/mcp-server-cloudflare) — Workers, KV, D1, R2
-- [`@supabase/mcp-server-supabase`](https://github.com/supabase/mcp-server-supabase) — Postgres + storage + auth
-- [`@stripe/mcp-server-stripe`](https://github.com/stripe/agent-sdk) — payments read + restricted writes
-- [`@linear/mcp-server-linear`](https://github.com/linear/linear-mcp-server) — issue tracking
-- [`@notion/mcp-server-notion`](https://github.com/notionhq/notion-mcp-server) — page read/write
+- [`@supabase/mcp-server-supabase`](https://github.com/supabase-community/supabase-mcp/tree/main/packages/mcp-server-supabase) — Postgres + storage + auth
+- [`@stripe/mcp-server-stripe`](https://github.com/stripe/ai/tree/main/tools/modelcontextprotocol) — payments read + restricted writes
+- [`Linear remote MCP`](https://linear.app/docs/mcp) — issue tracking
+- [`@notionhq/notion-mcp-server`](https://github.com/makenotion/notion-mcp-server) — page read/write
 - [`@browserbase/mcp-server`](https://github.com/browserbase/mcp-server-browserbase) — managed headless browser
 - [`@chromadb/mcp-server-chroma`](https://github.com/chroma-core/chroma-mcp) — vector search
 
 ### Community
-- [`mem0/mcp-server-mem0`](https://github.com/mem0ai/mem0/tree/main/mcp) — persistent cross-device memory
+- [`Mem0 remote MCP`](https://docs.mem0.ai/platform/mem0-mcp) — persistent cross-device memory
 - [`arxiv-mcp-server`](https://github.com/blazickjp/arxiv-mcp-server) — arxiv search + PDF extraction
 - [`mcp-server-atlassian`](https://github.com/sooperset/mcp-atlassian) — Jira + Confluence
-- [`mcp-server-slack`](https://github.com/modelcontextprotocol/servers/tree/main/src/slack) — message, search, profile
+- [`@modelcontextprotocol/server-slack`](https://github.com/modelcontextprotocol/servers-archived/tree/main/src/slack) — message, search, profile
 - [`dbt-mcp`](https://github.com/dbt-labs/dbt-mcp) — dbt Cloud
-- [`mcp-server-e2b`](https://github.com/e2b-dev/e2b-mcp) — disposable Python sandboxes
+- [`e2b-dev/mcp-server`](https://github.com/e2b-dev/mcp-server) — disposable Python sandboxes
 - [`mcp-obsidian`](https://github.com/MarkusPfundstein/mcp-obsidian) — your Obsidian vault
 
 See [Part 17](./part17-mcp-servers.md) for install patterns and trust model guidance.
@@ -74,7 +74,7 @@ See [Part 20](./part20-observability.md).
 
 ## Security research / CVEs of note (2026)
 
-- **Comment and Control (2026-04-15)** — cross-vendor prompt-injection via GitHub PR titles hitting Claude Code, Gemini CLI, GitHub Copilot Agent. [Disclosure thread](https://example.com/disclosure).
+- **Comment and Control (2026-04-15)** — cross-vendor prompt-injection via GitHub PR titles hitting Claude Code, Gemini CLI, GitHub Copilot Agent. See the defensive write-up referenced in [Part 19](./part19-security-playbook.md).
 - **MCP stdio poisoning** — untrusted npm packages that proxy stdio MCP traffic. Mitigated by pinning versions + Socket.dev/Semgrep audits.
 - **Webhook replay attacks** — a reminder that HMAC + TTL together, not HMAC alone, prevents replay.
 

README-ja.md

@@ -2,7 +2,7 @@
 
 > [英語版はこちら](./README.md) · このページは入口の要約。本文の章は英語のまま。
 
-[NousResearch/hermes-agent](https://github.com/NousResearch/hermes-agent)（v0.10.0+）向けの実戦ガイド + インストール可能な成果物（Skills・設定テンプレ・インフラスクリプト）。
+[NousResearch/hermes-agent](https://github.com/NousResearch/hermes-agent)（v0.12.0 まで反映）向けの実戦ガイド + インストール可能な成果物（Skills・設定テンプレ・インフラスクリプト）。
 
 ## ワンコマンドで起動
 
@@ -15,7 +15,7 @@ curl -sSL https://raw.githubusercontent.com/OnlyTerp/hermes-optimization-guide/m
 
 ## 主なコンテンツ
 
-- **21 章の本文**（`part1`〜`part21`） — LightRAG、Telegram、MCP、セキュリティ、可観測性、リモートサンドボックス
+- **23 章の本文**（README 内の章 + `part6`〜`part22`） — Curator、TUI、プラグイン、LightRAG、Telegram、MCP、セキュリティ、可観測性、リモートサンドボックス
 - **13 個のインストール可能 Skill**（`skills/`） — 監査、バックアップ、依存スキャン、コストレポート、Telegram トリアージ、PR レビュー、受信トレイ整理、Hermes 週報、スパムフィルタ、会議準備 など
 - **5 つのプロダクション設定テンプレ**（`templates/config/`） — minimum / telegram-bot / production / cost-optimized / security-hardened
 - **インフラ一式**（`templates/compose/`, `templates/caddy/`, `templates/systemd/`, `scripts/`） — Langfuse セルフホスト、Caddy リバースプロキシ、systemd 強化、VPS ブートストラップ

README-zh.md

@@ -2,7 +2,7 @@
 
 > [English 完整版](./README.md) · 本页是入口摘要，章节正文仍为英文。
 
-实用指南 + 可安装制品（Skills、配置模板、基础设施脚本），针对 [NousResearch/hermes-agent](https://github.com/NousResearch/hermes-agent)（v0.10.0+）。
+实用指南 + 可安装制品（Skills、配置模板、基础设施脚本），针对 [NousResearch/hermes-agent](https://github.com/NousResearch/hermes-agent)（当前覆盖到 v0.12.0）。
 
 ## 一键起步
 
@@ -15,7 +15,7 @@ curl -sSL https://raw.githubusercontent.com/OnlyTerp/hermes-optimization-guide/m
 
 ## 内容一览
 
-- **21 章中文正文**（见 `part1` 到 `part21`） — LightRAG、Telegram、MCP、安全、可观测性、远程沙箱
+- **23 章正文**（README 内章节 + `part6` 到 `part22`） — Curator、TUI、插件、LightRAG、Telegram、MCP、安全、可观测性、远程沙箱
 - **13 个可安装 Skill**（`skills/`） — 审计、备份、依赖扫描、成本报告、Telegram 分类、PR 审查、收件箱分类、Hermes 周报、垃圾过滤、会议准备 等
 - **5 套生产配置模板**（`templates/config/`） — minimum / telegram-bot / production / cost-optimized / security-hardened
 - **基础设施**（`templates/compose/`, `templates/caddy/`, `templates/systemd/`, `scripts/`） — Langfuse 自托管、Caddy 反代、systemd 硬化、VPS 引导脚本