mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-27 11:22:03 +00:00
075f93ad78
Fixes #36767. Two complementary recoveries for the recurring "delete three cache files and re-auth by hand" ritual when an MCP server's dynamically-registered OAuth client goes dead server-side (IdP redeploy / DB wipe / rebrand): - Auto-heal (token-endpoint subset): HermesMCPOAuthProvider now sniffs auth-flow responses and, on a 400/401 `invalid_client` from the discovered token endpoint, backs up + deletes `<server>.client.json` and `.meta.json` and clears the in-memory client so the SDK re-runs RFC 7591 dynamic client registration on the next flow. Conservative by construction: only dynamically-registered (non config-supplied) clients, only the token endpoint, only on a word-boundary `invalid_client` match (so RFC 7591's `invalid_client_metadata` does not trip it); best-effort so a miss never breaks the live flow. Covers both code-exchange and refresh when the token endpoint was discovered. Tokens are preserved. - `hermes mcp reauth [<name>|--all]`: the reporter's primary symptom — the IdP's in-browser "Redirect URI Mismatch" — produces no HTTP signal (the SDK only sees a callback timeout), so it cannot be auto-detected. The new command re-auths one or ALL `auth: oauth` servers, serially: one browser flow at a time, which also fixes the startup popup storm when several servers are stale at once. Single-server reauth is factored out of `mcp login` and shared. Tests: +14 (poison helper x2; token-endpoint detection x5 incl. wrong-endpoint, success-response, pre-registered, and invalid_client_metadata negative guards; a bridge integration test driving the real async_auth_flow generator to prove the detection hook preserves the bidirectional asend() forwarding contract; reauth CLI x6). Verified against the pinned mcp==1.26.0: scripts/run_tests.sh 122/122 green for the touched suites; check-windows-footguns.py and ruff clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| _shared.py | ||
| acp.py | ||
| auth.py | ||
| backup.py | ||
| claw.py | ||
| config.py | ||
| cron.py | ||
| dashboard.py | ||
| debug.py | ||
| doctor.py | ||
| dump.py | ||
| gateway.py | ||
| gui.py | ||
| hooks.py | ||
| import_cmd.py | ||
| insights.py | ||
| login.py | ||
| logout.py | ||
| logs.py | ||
| mcp.py | ||
| memory.py | ||
| model.py | ||
| pairing.py | ||
| plugins.py | ||
| postinstall.py | ||
| profile.py | ||
| prompt_size.py | ||
| security.py | ||
| setup.py | ||
| skills.py | ||
| slack.py | ||
| status.py | ||
| tools.py | ||
| uninstall.py | ||
| update.py | ||
| version.py | ||
| webhook.py | ||
| whatsapp.py | ||