Description
NemoHermes v0.0.46 rebuild preflight aborts with "provider credential not found" even though the credential is already registered in the OpenShell gateway. After successfully adding a WeChat messaging channel to an existing Hermes sandbox, the rebuild step fails because it checks for NVIDIA_API_KEY in the shell environment instead of reading the already-stored credential from the gateway.
nemohermes credentials list confirms nvidia-prod is registered, proving the credential exists. The rebuild should reuse the gateway-stored credential rather than requiring the user to re-export the env var.
Regression of GitHub #3030 (v0.0.35 marked as fixed).
Environment
Device: MacBook Pro (Apple Silicon)
OS: macOS (Darwin 25.0.0 arm64)
Architecture: arm64
Node.js: v22.22.1
npm: 10.9.4
Docker: Docker version 29.2.1
OpenShell CLI: 0.0.39
NemoClaw: v0.0.46
Hermes Agent: v2026.4.23
Steps to Reproduce
nemohermes onboard — complete with NVIDIA Endpoints provider, create sandbox "testhermes"- Add WeChat channel:
nemohermes testhermes channels (or equivalent channel-add flow)
- WeChat login confirmed, token saved, bridge registered, wechat preset applied
- Prompted: "Rebuild 'testhermes' now to apply? [Y/n]:" — answer y
- Observe rebuild preflight failure
- Run:
nemohermes credentials list — confirms nvidia-prod is registered
Expected Result
Rebuild succeeds by reusing the credential already stored in the OpenShell gateway (nvidia-prod), without requiring NVIDIA_API_KEY in the shell environment.
Actual Result
Rebuild preflight failed: provider credential not found.
The non-interactive recreate step requires NVIDIA_API_KEY,
but it is not set in the environment.
To fix, do one of:
export NVIDIA_API_KEY=<your-key>
nemohermes onboard # re-enter the key interactively
Sandbox is untouched — no data was lost.
Logs
[wechat] polling https://ilinkai.weixin.qq.com
[wechat] poll request → https://ilinkai.weixin.qq.com/ilink/bot/get_qrcode_status?qrcode=819a98815d93bc39abc4259407a640e4
[wechat] poll response ← status=200
[wechat] status=confirmed
✓ WeChat login confirmed.
✓ wechat token saved (account 711936023dd9-im-bot).
✓ Registered wechat bridge with the OpenShell gateway.
Widening sandbox egress — adding: `, ilinkai.weixin.qq.com, ilinkai.wechat.com
· Policy unchanged (version 6, hash: bb43b7ab0237)
Applied preset: wechat
Rebuild 'testhermes' now to apply? [Y/n]: y
Rebuild sandbox 'testhermes'
Current: Hermes Agent v2026.4.23
Target: Hermes Agent v2026.4.23
Rebuild preflight failed: provider credential not found.
The non-interactive recreate step requires NVIDIA_API_KEY,
but it is not set in the environment.
NVB#6195518
Description
NemoHermes v0.0.46 rebuild preflight aborts with "provider credential not found" even though the credential is already registered in the OpenShell gateway. After successfully adding a WeChat messaging channel to an existing Hermes sandbox, the rebuild step fails because it checks for
NVIDIA_API_KEYin the shell environment instead of reading the already-stored credential from the gateway.nemohermes credentials listconfirmsnvidia-prodis registered, proving the credential exists. The rebuild should reuse the gateway-stored credential rather than requiring the user to re-export the env var.Regression of GitHub #3030 (v0.0.35 marked as fixed).
Environment
Steps to Reproduce
nemohermes onboard— complete with NVIDIA Endpoints provider, create sandbox "testhermes"nemohermes testhermes channels(or equivalent channel-add flow)nemohermes credentials list— confirmsnvidia-prodis registeredExpected Result
Rebuild succeeds by reusing the credential already stored in the OpenShell gateway (
nvidia-prod), without requiringNVIDIA_API_KEYin the shell environment.Actual Result
Logs
NVB#6195518