mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-04 07:31:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

fix(webhook): use 403 not 500 for missing-secret rejection

Browse source 
Operator misconfiguration is a client/setup error, not an internal server
exception. 403 "forbidden" more accurately reflects "this route refuses
to authenticate" than 500 "internal server error" — the latter triggers
incident alerting on operator monitoring and conflates real bugs with
config drift.

Follow-up tweak to PR #29629 by @m0n3r0.
This commit is contained in:
teknium1 2026-05-24 04:47:06 -07:00 committed by Teknium
parent dbf73e90fa
commit 15aa6884a2
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/gateway/test_webhook_adapter.py
View file

@ -508,7 +508,7 @@ class TestHTTPHandling:
app = _create_app(adapter)
async with TestClient(TestServer(app)) as cli:
resp = await cli.post("/webhooks/test", json={"data": "value"})
assert resp.status == 500
assert resp.status == 403
data = await resp.json()
assert data["error"] == "Webhook route is missing an HMAC secret"