diff --git a/agents/hermes/policy-additions.yaml b/agents/hermes/policy-additions.yaml
index 0386ddef63..dfc7c422e7 100644
--- a/agents/hermes/policy-additions.yaml
+++ b/agents/hermes/policy-additions.yaml
@@ -53,6 +53,8 @@ network_policies:
           - allow: { method: POST, path: "/v1/chat/completions" }
           - allow: { method: POST, path: "/v1/messages" }
           - allow: { method: POST, path: "/v1/responses" }
+          - allow: { method: POST, path: "/v1/audio/transcriptions" }
+          - allow: { method: POST, path: "/v1/audio/speech" }
           - allow: { method: POST, path: "/v1/completions" }
           - allow: { method: POST, path: "/v1/embeddings" }
           - allow: { method: GET, path: "/v1/models" }
diff --git a/test/validate-blueprint.test.ts b/test/validate-blueprint.test.ts
index 76fbad0e1e..29287ae060 100644
--- a/test/validate-blueprint.test.ts
+++ b/test/validate-blueprint.test.ts
@@ -511,6 +511,10 @@ describe("permissive sandbox policy", () => {
 describe("Hermes sandbox policy", () => {
   const policy = loadYaml<SandboxPolicy>(HERMES_POLICY_PATH);
 
+  /**
+   * Verifies that Hermes managed inference keeps the same narrow allowlist
+   * shape as OpenClaw while including every sandbox-routed inference endpoint.
+   */
   function expectManagedInferenceSecurityShape(): void {
     const np = policy.network_policies ?? {};
     const managedInference = np.managed_inference;
@@ -534,6 +538,8 @@ describe("Hermes sandbox policy", () => {
       { allow: { method: "POST", path: "/v1/chat/completions" } },
       { allow: { method: "POST", path: "/v1/messages" } },
       { allow: { method: "POST", path: "/v1/responses" } },
+      { allow: { method: "POST", path: "/v1/audio/transcriptions" } },
+      { allow: { method: "POST", path: "/v1/audio/speech" } },
       { allow: { method: "POST", path: "/v1/completions" } },
       { allow: { method: "POST", path: "/v1/embeddings" } },
       { allow: { method: "GET", path: "/v1/models" } },