mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-28 01:21:43 +00:00
d24bcad90b
Fixes Anthropic OAuth/subscription authentication end-to-end: Auth failures (401 errors): - Add missing 'claude-code-20250219' beta header for OAuth tokens. Both clawdbot and OpenCode include this alongside 'oauth-2025-04-20' — without it, Anthropic's API rejects OAuth tokens with 401 authentication errors. - Fix _fetch_anthropic_models() to use canonical beta headers from _COMMON_BETAS + _OAUTH_ONLY_BETAS instead of hardcoding. Token refresh: - Add _refresh_oauth_token() — when Claude Code credentials from ~/.claude/.credentials.json are expired but have a refresh token, automatically POST to console.anthropic.com/v1/oauth/token to get a new access token. Uses the same client_id as Claude Code / OpenCode. - Add _write_claude_code_credentials() — writes refreshed tokens back to ~/.claude/.credentials.json, preserving other fields. - resolve_anthropic_token() now auto-refreshes expired tokens before returning None. Config contamination: - Anthropic's _model_flow_anthropic() no longer saves base_url to config. Since resolve_runtime_provider() always hardcodes Anthropic's URL, the stale base_url was contaminating other providers when users switched without re-running 'hermes model' (e.g., Codex hitting api.anthropic.com). - _update_config_for_provider() now pops base_url when passed empty string. - Same fix in setup.py. Flow/UX (hermes model command): - CLAUDE_CODE_OAUTH_TOKEN env var now checked in credential detection - Reauthentication option when existing credentials found - run_oauth_setup_token() runs 'claude setup-token' as interactive subprocess, then auto-detects saved credentials - Clean has_creds/needs_auth flow in both main.py and setup.py Tests (14 new): - Beta header assertions for claude-code-20250219 - Token refresh: successful refresh with credential writeback, failed refresh returns None, no refresh token returns None - Credential writeback: new file creation, preserving existing fields - Auto-refresh integration in resolve_anthropic_token() - CLAUDE_CODE_OAUTH_TOKEN fallback, credential file auto-discovery - run_oauth_setup_token() (5 scenarios) |
||
|---|---|---|
| .. | ||
| agent | ||
| cron | ||
| fakes | ||
| gateway | ||
| hermes_cli | ||
| honcho_integration | ||
| integration | ||
| skills | ||
| tools | ||
| __init__.py | ||
| conftest.py | ||
| run_interrupt_test.py | ||
| test_413_compression.py | ||
| test_860_dedup.py | ||
| test_agent_loop.py | ||
| test_agent_loop_tool_calling.py | ||
| test_agent_loop_vllm.py | ||
| test_anthropic_adapter.py | ||
| test_api_key_providers.py | ||
| test_atomic_json_write.py | ||
| test_auth_codex_provider.py | ||
| test_auth_nous_provider.py | ||
| test_auxiliary_config_bridge.py | ||
| test_batch_runner_checkpoint.py | ||
| test_cli_init.py | ||
| test_cli_interrupt_subagent.py | ||
| test_cli_loading_indicator.py | ||
| test_cli_model_command.py | ||
| test_cli_provider_resolution.py | ||
| test_codex_execution_paths.py | ||
| test_codex_models.py | ||
| test_display.py | ||
| test_external_credential_detection.py | ||
| test_fallback_model.py | ||
| test_file_permissions.py | ||
| test_flush_memories_codex.py | ||
| test_hermes_state.py | ||
| test_honcho_client_config.py | ||
| test_insights.py | ||
| test_interactive_interrupt.py | ||
| test_interrupt_propagation.py | ||
| test_managed_server_tool_support.py | ||
| test_model_provider_persistence.py | ||
| test_model_tools.py | ||
| test_personality_none.py | ||
| test_provider_parity.py | ||
| test_quick_commands.py | ||
| test_real_interrupt_subagent.py | ||
| test_reasoning_command.py | ||
| test_redirect_stdout_issue.py | ||
| test_resume_display.py | ||
| test_run_agent.py | ||
| test_run_agent_codex_responses.py | ||
| test_runtime_provider_resolution.py | ||
| test_setup_model_selection.py | ||
| test_timezone.py | ||
| test_tool_call_parsers.py | ||
| test_toolset_distributions.py | ||
| test_toolsets.py | ||
| test_trajectory_compressor.py | ||
| test_worktree.py | ||