From f58a16f5206fde88f3cb9a082e2c52c20dfdf495 Mon Sep 17 00:00:00 2001
From: Teknium <127238744+teknium1@users.noreply.github.com>
Date: Fri, 24 Apr 2026 03:02:24 -0700
Subject: [PATCH] fix(auth): apply verify= to Codex OAuth /models probe
 (#15049)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Follow-up to PR #14533 — applies the same _resolve_requests_verify()
treatment to the one requests.get() site the PR missed (Codex OAuth
chatgpt.com /models probe). Keeps all seven requests.get() callsites
in model_metadata.py consistent so HERMES_CA_BUNDLE / REQUESTS_CA_BUNDLE /
SSL_CERT_FILE are honored everywhere.

Co-authored-by: teknium1 <teknium@hermes-agent>
---
 agent/model_metadata.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/agent/model_metadata.py b/agent/model_metadata.py
index 1108f8c9b..cbb38daf1 100644
--- a/agent/model_metadata.py
+++ b/agent/model_metadata.py
@@ -1076,6 +1076,7 @@ def _fetch_codex_oauth_context_lengths(access_token: str) -> Dict[str, int]:
             "https://chatgpt.com/backend-api/codex/models?client_version=1.0.0",
             headers={"Authorization": f"Bearer {access_token}"},
             timeout=10,
+            verify=_resolve_requests_verify(),
         )
         if resp.status_code != 200:
             logger.debug(