The old mental model was simple: pick an account, paste a key, choose a model, then start the agent.
The new code tells a messier story. Once an agent desktop can keep several sessions alive, switch profiles without restarting, route credentials by channel, and let models advertise their own reasoning controls, identity stops being a static preference. It becomes part of the runtime.
The one-sentence map is this: Hermes is turning profiles into live session and socket scope, OpenClaw is making auth profiles durable database state, Hermes is reorganizing provider credentials as a first-class surface, and Codex is letting model-specific reasoning options flow through the protocol. These are independent changes, not a shared standard. Together they show agent products converging on the same pressure: the system has to know which person, profile, credential set, model mode, and working session owns the next action.
Profiles are no longer just folders
Hermes Agent commit b94b3622b adds per-session profile switching and cross-profile sessions to the desktop app. The commit message is unusually explicit about what changed: the app can lazily swap the live gateway onto a session's profile, aggregate sessions across profiles by reading each profile's state database read-only, and route profile-scoped REST calls for config, environment, skills, tools, and model settings to the active gateway profile.
That is more than a user-interface convenience. A profile now decides which backend, state database, environment, tools, skills, and model settings the session is talking to. The desktop adds an "All profiles" view, but the default remains scoped to one profile because a profile is a working context, not a decorative label.
The practical consequence is easy to miss. Multi-profile support used to sound like account management. In an agent app, it becomes execution routing. Opening a session from another profile means the gateway, cache, settings reads, and new-chat defaults have to move with it or the agent can write to the wrong place.
Background sessions need their own sockets
Later the same day, Hermes commit 4891f9ae7 hardens that model. Instead of closing the single gateway socket every time the user switches profiles, the desktop keeps one persistent socket per profile with live work. A registry owns the primary window socket plus lazy secondary sockets, and all of them feed the same session-keyed event handler.
This is the moment profile support crosses from preference into operations. If profile A has a running agent and profile B becomes the foreground, profile A still needs a transport. The patch also parks approval, sudo, and secret prompts per session so background work can block without hijacking the foreground. Single-profile users keep the simple path, but multi-profile users get a small distributed system inside the desktop.
The category consequence for agent infrastructure is sharp: account switching is no longer the same problem it was for a notes app or a chat client. An agent profile can own live work, security prompts, tool approvals, and stateful gateway connections.
Auth state is becoming database state
OpenClaw commit e16ac0433 attacks the same class of problem from the storage side. The refactor moves auth profiles into SQLite-backed state, creates auth_profile_store and auth_profile_state tables, adds a dedicated SQLite store implementation, and removes the older JSON auth-profile store files and tests.
The article is not claiming SQLite is automatically better because it is SQLite. The signal is architectural. Auth profile state now sits in the same kind of durable, transactional substrate as other agent state. The patch also touches doctor commands, backup creation, secrets application, stale OAuth shadow checks, model discovery, and generated database schema files. Authentication is no longer a loose sidecar to the agent; it is something the runtime audits, repairs, backs up, and queries.
That matters because agent identity has to survive more than login. It has to survive profile selection, OAuth refreshes, model discovery, external CLI passthrough, secrets scanning, and failure marking. The narrower question becomes: which auth profile is this agent allowed to use right now, and what should the system do when that profile is stale or broken?
Credentials are becoming working controls
Hermes commits 9cbc37e2 and acce1a245 show the product-facing version of the same shift. Provider configuration moves into a dedicated Providers settings page with separate Accounts and API-keys views. Key rows get inline save/remove behavior, redacted set values, provider grouping, OAuth launch paths, advanced URL and region overrides, and messaging credential routing.
This can look like polish, but the commit surface is full of runtime clues. The code distinguishes channel-managed messaging credentials from provider API keys. It exposes deep links into account and key settings. It aligns credential controls across Providers, Tools & Keys, and Messaging. A credential is no longer just a secret pasted before work begins; it is a live control the operator may inspect, route, replace, or remove while the agent product is running.
Even model steering is opening up
OpenAI Codex commit 8ac304c2 adds a different piece of the identity stack: model-defined reasoning efforts. Codex had known effort values. The patch accepts non-empty model-defined values, preserves string wire encoding, exposes an open-string schema to clients, and updates model selection and shortcut behavior around model-advertised effort values.
That is not about accounts or OAuth. It is about who gets to define the control surface. If a model can advertise a reasoning option the client did not know in advance, the runtime cannot treat the settings schema as closed forever. It has to carry model-specific intent through core, app-server, TUI, telemetry, persistence, and protocol surfaces without flattening it back into a fixed old enum.
The control plane is getting personal
The May 30 edition argued that agent control settings are becoming session state. Today's evidence moves that argument one layer deeper. The settings are not only becoming state; they are becoming identity-bearing state.
Hermes profiles decide which live backend and session database a desktop is using. Hermes secondary sockets keep background profile work alive. OpenClaw stores auth profiles in a database that the runtime can audit and repair. Hermes turns provider keys and messaging credentials into dedicated operator surfaces. Codex opens reasoning controls to model-advertised values.
This does not prove a common agent identity standard, and it does not prove every agent app needs the same profile model. It does show the shape of the next infrastructure argument. As agents take more delegated actions across more tools, surfaces, models, and accounts, "the user selected a setting" becomes too weak. The runtime needs to know which identity context is in force, which work belongs to it, which credentials it may touch, and which controls are safe to change while the agent is still moving.