Hermes MCP-persistence mitigation wave landed on main, not in the v0.17.0 tag

What this changes for operators

• Days after tagging v0.17.0, a fresh security wave landed on main (June 21-22, NOT in that tag): a guard that rejects MCP entries writing shell payloads into OS persistence surfaces (authorized_keys, cron, sudoers), an IOC blocklist enforced at save and spawn time, an API-key entropy floor raised from 8 to 16, and a startup posture audit warning when a gateway runs as root or exposes an unauthenticated API server.
• Per the maintainer's own commit narrative, this wave responds to an apparent in-the-wild hermes-0day persistence campaign — a single-source claim (a cited Reddit thread and a self-named instance), NOT independently confirmed exploitation. Read the mechanism and fix as real; read 'actively exploited' as the maintainer's account. Either way, if you expose a Hermes dashboard or API server, run main or wait for the next tag.