mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-11 08:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
hermes-agent/agent/transports
History
RaumfahrerSpiffy 529bb1c3d5 fix(anthropic): strip output-only SDK fields from replayed content blocks 
HTTP 400 "messages.N.content.M.text.parsed_output: Extra inputs are not
permitted" on the native Anthropic transport. Anthropic SDK 0.87.0 response
blocks carry output-only attributes the Messages *input* schema forbids: text
blocks get `parsed_output` and `citations=None`, tool_use blocks get `caller`.
normalize_response captured blocks verbatim via _to_plain_data and replayed
them as request input on the next turn, so the forbidden fields leaked back ->
400. Like the earlier thinking-block bug, one poisoned turn wedges every
subsequent request in the session (even the diagnostic turn), recoverable only
by switching models or deleting the session.

This is a defect in the anthropic_content_blocks channel added for the
interleaved-thinking fix: it preserved block ORDER correctly but copied every
SDK attribute, including output-only ones.

Fix — whitelist input-permitted fields per block type at all three leak points:
- agent/transports/anthropic.py normalize_response: sanitize at CAPTURE so the
  poison never persists to state.db (defence-in-depth).
- agent/anthropic_adapter.py _sanitize_replay_block (new): whitelist used on the
  ordered-blocks replay path; also recovers already-poisoned stored sessions.
- agent/anthropic_adapter.py _convert_content_part_to_anthropic: a stored
  `text` part is rebuilt from whitelisted fields instead of dict(part) verbatim
  (this was the exact content.N.text.parsed_output failure locus).

Whitelist not blacklist, so future SDK output-only fields can't reintroduce it.
Block order and thinking-block signatures are preserved (the reason the channel
exists). Adds tests/agent/test_anthropic_output_field_leak.py; full adapter
suite green (163 tests). Existing poisoned state.db rows scrubbed out-of-band.
2026-06-10 20:45:16 -07:00
..
__init__.py feat: provider modules — ProviderProfile ABC, 33 providers, fetch_models, transport single-path 2026-05-05 13:40:01 -07:00
anthropic.py fix(anthropic): strip output-only SDK fields from replayed content blocks 2026-06-10 20:45:16 -07:00
base.py feat: add transport ABC + AnthropicTransport wired to all paths 2026-04-21 01:27:01 -07:00
bedrock.py feat: add BedrockTransport + wire all Bedrock transport paths 2026-04-21 20:58:37 -07:00
chat_completions.py fix(gemini): default native maxOutputTokens + strip OpenAI extra_body on Gemini endpoints (#39730) 2026-06-05 03:53:59 -07:00
codex.py fix(codex): omit tools key from Codex Responses kwargs when no tools registered 2026-05-27 11:46:17 -07:00
codex_app_server.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
codex_app_server_session.py fix(codex): record app-server token usage in session accounting 2026-06-09 02:46:04 -07:00
codex_event_projector.py feat(codex-runtime): optional codex app-server runtime for OpenAI/Codex models (#24182) 2026-05-13 17:18:15 -07:00
hermes_tools_mcp_server.py docs(hermes_tools_mcp_server): align scope docstring with EXPOSED_TOOLS (#26603) 2026-05-15 14:44:27 -07:00
types.py fix(anthropic): preserve interleaved thinking/tool_use block order on replay 2026-06-10 20:45:16 -07:00