Desloppify Files

This release adds experimental Hermes Agent integration for fully autonomous cleanup loops, framework-aware detection with a full Next.js spec, SCSS language support, significant R language improvements, and a scan performance boost from detector prefetch + caching — alongside a batch of bug fixes from the community.

---

152 files changed | 54 commits | 5,466 tests passing

Hermes Agent Integration (Experimental)

We've been exploring what it looks like when a codebase health tool can actually drive an AI agent — not just generate reports, but orchestrate the entire cleanup loop autonomously. This release ships our first experimental integration with Hermes Agent.

The core idea: desloppify already knows what needs to be done (scan, triage, review, fix). Instead of printing instructions for a human, it can now tell the agent directly — switch to a cheap model for mechanical fixes, switch to an expensive one for architectural review, reset context between tasks, and keep the agent working via /autoreply, all without a human in the loop.

What the integration enables:

• Autonomous review loops — desloppify orchestrates blind reviews via delegate_task subagents (up to 3 concurrent), no human needed
• Model switching at phase boundaries — cheap models for execution, expensive for planning/review, switched automatically
• Context management — automatic resets between tasks to keep the agent focused on long sessions
• Lifecycle transitions — desloppify tells Hermes what to do next via the Control API

How to try it

This requires the Control API branch of Hermes ([NousResearch/hermes-agent#1508](https://github.com/NousResearch/hermes-agent/issues/1508)), which hasn't been merged upstream yet. Without it, Hermes works as a normal harness but can't do autonomous model switching or self-prompting.

Copy-paste this into your agent (it handles both fresh installs and existing Hermes setups):

Install desloppify with Hermes Control API support. The Control API lives on a fork branch until NousResearch/hermes-agent#1508 merges upstream.


1. If Hermes is already installed (check with `which hermes`), switch it to the Control API branch:

   cd $(pip show hermes-agent 2>/dev/null | grep -i location | cut -d' ' -f2)/hermes-agent
   git remote add peteromallet https://github.com/peteromallet/hermes-agent.git 2>/dev/null || true
   git fetch peteromallet
   git checkout peteromallet/feat/control-api-autoreply
   pip install -e .

   IMPORTANT: If Hermes is currently running, tell the user they need to restart it with `HERMES_CONTROL_API=1 hermes` after this step — the new branch won't take effect until they do.

   If Hermes is NOT installed, clone fresh:

   git clone -b feat/control-api-autoreply https://github.com/peteromallet/hermes-agent.git
   cd hermes-agent
   pip install -e .


2. Install desloppify and set up the skill doc:

   pip install desloppify[full]
   cd /path/to/your/project
   desloppify update-skill hermes


3. Start Hermes with the Control API enabled:

   cd /path/to/your/project
   HERMES_CONTROL_API=1 hermes


4. In the Hermes session, run:

   Run desloppify scan, then follow its coaching output to clean up the codebase.

Desloppify will guide Hermes through the full lifecycle — scanning, triaging, blind reviews with subagents, and fixing. It switches models and resets context automatically at phase boundaries.

This is experimental and we're iterating fast. We'd love feedback on the approach, rough edges, and what you'd want to see next. If you try it, please open an issue — every report helps.

Framework-Aware Detection

Massive contribution from @MacHatter1 (PR [#414]). A new FrameworkSpec abstraction layer for framework-specific detection, shipping with a full Next.js spec that understands App Router conventions, server components, use client/use server directives, and Next.js-specific lint rules. This means dramatically fewer false positives when scanning Next.js projects — framework idioms are recognized, not flagged. The spec system is extensible, so adding support for other frameworks (Remix, SvelteKit, etc.) is now a matter of writing a spec, not changing the engine.

SCSS Language Plugin

Thanks to @klausagnoletti for adding SCSS/Sass support via stylelint integration (PR [#428]). Detects code smells, unused variables, and style issues in .scss and .sass files. @klausagnoletti has also submitted a follow-up PR (#452) with bug fixes, tests, and honest documentation — expected to land shortly after release.

Plugin Tests, Docs, and Ruby Improvements

@klausagnoletti also contributed across multiple language plugins:

• Ruby plugin improvements (PR [#462]) — expanded exclusions, detect markers (Gemfile, Rakefile, .ruby-version, *.gemspec), default_src="lib", spec/ + test/ support, and 13 wiring tests. Also adds external_test_dirs and test_file_extensions params to the generic plugin framework.
• JavaScript plugin tests + README (PR [#458]) — 12 sanity tests covering ESLint integration, command construction, fixer registration, and output parsing.
• Python plugin README (PR [#459]) — user-facing documentation covering phases, requirements, and usage.

R Language Improvements

@sims1253 has been steadily building out R support and contributed four PRs to this release:

• Jarl linter with autofix support (PR [#425]) — adds a fast R linter as an alternative to lintr
• Shell quote escaping fix for lintr commands (PR [#424]) — prevents command injection on paths with special characters
• Tree-sitter query improvements (PR [#449]) — captures anonymous functions in lapply/sapply calls and pkg::fn namespace imports
• Factory Droid harness support (PR [#451]) — adds Droid as a new skill target, following the existing harness pattern exactly

Scan Performance: Detector Prefetch + Cache

Another big one from @MacHatter1 (PR [#432]). Cold and full scan times reduced significantly. Detectors now prefetch file contents and cache results across detection phases, avoiding redundant I/O. On large codebases this is a noticeable improvement.

Lifecycle & Triage

• Lifecycle transition messages — the tool now tells agents what phase they're in and what to do next, with structured directives for each transition
• Unified triage pipeline with step detail display
• Staged triage now requires explicit decisions for auto-clusters before proceeding — no more accidentally skipping triage steps

Bug Fixes

• Binding-aware unused import detection for JS/TS — @MacHatter1 (PR [#433]). No longer flags imports used via destructuring, as renames, or re-export patterns. This was a significant source of false positives in real JS/TS projects.
• Rust dep graph hangs — @fluffypony (PR [#429]). String literals that look like import paths (e.g., "path/to/thing") no longer cause the dependency graph builder to hang. @fluffypony also contributed Rust inline-test filtering (PR [#440]), which prevents #[cfg(test)] diagnostic noise from inflating production debt scores.
• Project root detection (PR [#439]) — fixed cases where the project root was derived incorrectly, plus force-rescan now properly wipes stale plan data, and manual clusters are visible in triage.
• workflow::create-plan re-injection — @cdunda-perchwell (PR [#435]). Resolved workflow items no longer reappear in the execution queue after reconciliation. @cdunda-perchwell also identified the related communicate-score cycle-boundary sentinel issue (#447, fix in PR [#448]).
• PHPStan parser fixes — @nickperkins (PR [#420]). stderr output and malformed JSON from PHPStan no longer crash the parser. Clean, focused fix.
• Preserve plan_start_scores during force-rescan — manual clusters are no longer wiped when force-rescanning.
• Import run project root — --scan-after-import now derives the project root correctly from the state file path.
• Windows codex runner (PR [#453]) — proper cmd /c argument quoting + UTF-8 log encoding for Windows. Reported by @DenysAshikhin.
• Scan after queue drain (PR [#454]) — score_display_mode now returns LIVE when queue is empty, fixing the UX contradiction where next says "run scan" but scan refuses. Reported by @kgelpes.
• SKILL.md cleanup (PR [#455]) — removes unsupported allowed-tools frontmatter, fixes batch naming inconsistency (.raw.txt not .json), adds pip fallback alongside uvx. Three issues all reported by @willfrey.
• Batch retry coverage gate (PR [#456]) — partial retries now bypass the full-coverage requirement instead of being rejected. Reported by @imetandy.
• R anonymous function extraction (PR [#461]) — the tree-sitter anonymous function pattern from PR [#449] now actually works (extractor handles missing @name capture with <anonymous> fallback).

Community

This release wouldn't exist without the community. Seriously — thank you all.

@MacHatter1 delivered three major PRs (framework-aware detection, detector prefetch + cache, binding-aware unused imports) that each individually would have been a headline feature. The framework spec system in particular opens up a whole new category of detection accuracy.

@fluffypony contributed both the Rust dep graph hang fix and the inline-test filtering — the latter being 1,000+ lines of carefully tested Rust syntax parsing with conservative cfg predicate handling and thorough edge-case coverage.

@sims1253 has been the driving force behind R language support, with four PRs spanning linting, tree-sitter queries, and harness support. The R plugin is becoming genuinely useful thanks to this sustained effort.

@klausagnoletti added SCSS support, improved the Ruby plugin, and contributed tests and documentation for JavaScript and Python plugins — seven PRs total (#428, [#452], [#457], [#458], [#459], [#462]). The kind of contributor who makes the codebase more trustworthy across the board.

@cdunda-perchwell fixed two separate workflow re-injection bugs that were causing phantom plan items. @nickperkins shipped a clean PHPStan parser fix.

Bug reporters @willfrey, @DenysAshikhin, @kgelpes, and @imetandy filed detailed, actionable issues that made fixes straightforward. Every one of those reports saved debugging time.