[Bug]: 'custom = OpenAI' hardcoded assumption: explicit_base_url path ignores api_mode (sibling of #7661/#15033, plus key_env never parsed in aux config)

[EurFelux]

Summary

The auxiliary client's "custom endpoint" resolution has three redundant code paths that each inline the same (api_mode → client type) dispatch. Each time someone discovers api_mode: anthropic_messages is broken on one path, a PR patches only that path. After #7648 (path 1) and #15059 (path 2), path 3 is still broken. The deeper issue: the field name and docstring of path 3 (explicit_base_url) hardcode the wrong assumption that "custom == OpenAI-compatible" — so even when api_mode: anthropic_messages is correctly threaded through, the field rejects it by design.

Symptom

auxiliary.<task> config with inline base_url + api_mode: anthropic_messages:

auxiliary:
  vision:
    provider: custom
    model: "moonshotai/kimi-k2.6"
    base_url: "https://zenmux.ai/api/anthropic"
    api_mode: anthropic_messages
    key_env: ZENMUX_API_KEY

Outbound HTTP captured with httpx spy:

POST https://zenmux.ai/api/anthropic/chat/completions    ← OpenAI path
BODY: {"messages":[{"role":"user","content":[{"type":"text",...},
                   {"type":"image","source":{"type":"base64",...}}]}],
       "model":"moonshotai/kimi-k2.6","max_tokens":2000}    ← Anthropic body

Anthropic-format body sent to the OpenAI path. The upstream gateway returns 404 invalid_model (or 403/500 depending on which fallback the gateway routes to). A direct curl to the same endpoint with /v1/messages and the same model + key succeeds — so the model and credentials work; only the SDK choice is wrong.

The Three Paths

agent/auxiliary_client.py has three independent code paths that all do the same thing — "given a (base_url, api_key, api_mode), construct the right SDK client" — and each had to be fixed separately:

#	Path	Triggered by	api_mode dispatch	Status
1	_try_custom_endpoint() (~L1159)	OPENAI_BASE_URL env / main model.base_url (no explicit_base_url arg)	inline if custom_mode == "anthropic_messages":	✅ fixed by #7648 / shipped in #12846
2	named-custom branch in resolve_provider_client (~L1880)	provider: myrelay + providers.myrelay.{...}	inline if entry_api_mode == "anthropic_messages":	✅ fixed by #15059 (closes #15033)
3	explicit-base-url branch in resolve_provider_client (L1822-1853)	auxiliary.<task>.base_url flowed in via explicit_base_url	none — always builds plain OpenAI client	❌ still broken

resolve_vision_provider_client (L2236-2247) feeds path 3 unconditionally when an auxiliary.<task> config has a base_url:

if resolved_base_url:
    client, final_model = resolve_provider_client(
        "custom",
        ...
        explicit_base_url=resolved_base_url,
        api_mode=resolved_api_mode,        # ← param is plumbed through but the
                                           #   callee ignores it for anthropic_messages
    )

And the callee (L1822-1853):

if provider == "custom":
    if explicit_base_url:
        ...
        client = OpenAI(api_key=custom_key, base_url=_clean_base, **extra)
        client = _wrap_if_needed(client, final_model, custom_base)   # only handles codex_responses
        return ...

_wrap_if_needed only checks api_mode == "codex_responses". There is no anthropic_messages branch here — even though the same file's path 1 and path 2 both have one.

Why Patching Path 3 Isn't Enough

Look at the field:

explicit_base_url: Optional[str] = None,    # docstring: "Optional direct OpenAI-compatible endpoint"

The field name and docstring hardcode the wrong invariant. "custom" providers are not necessarily OpenAI-compatible — they can be Anthropic-format gateways (Zenmux, MiniMax, Zhipu GLM, LiteLLM proxies in anthropic mode), Bedrock-compatible proxies, etc. The auxiliary.<task> config has supported api_mode: anthropic_messages for a while; the field just refuses to honor it.

This is not a one-PR oversight — the codebase structurally encodes "custom = OpenAI" through:

• The field name explicit_base_url (vs. e.g. endpoint_url + separate api_mode)
• The docstring "Optional direct OpenAI-compatible endpoint"
• _wrap_if_needed only doing Codex wrapping (no Anthropic branch)
• OPENAI_API_KEY/OPENAI_BASE_URL env-var fallbacks (path 1) which prime the assumption that this is an OpenAI shape

Even if you patch L1822-1853 to add an anthropic_messages branch tomorrow, you'll have repeated the same per-path patching pattern that #7648 and #15059 already did. The next gateway-format extension (gemini-native, bedrock-converse-style proxies, etc.) will hit the same bug shape on all three paths again.

Sibling Bug: key_env not parsed by _resolve_task_provider_model

The example config above uses key_env: ZENMUX_API_KEY. After path 3 is fixed and the request is correctly sent to /v1/messages, the request fails with 403 access_denied because the x-api-key header is the literal string no-key-required — the ZENMUX_API_KEY env var is never read for auxiliary.<task> configs.

agent/auxiliary_client.py:_resolve_task_provider_model (L2684-2693):

cfg_api_key = str(task_config.get("api_key", "")).strip() or None
cfg_api_mode = str(task_config.get("api_mode", "")).strip() or None
# no equivalent for cfg_key_env

Compare to _get_named_custom_provider (which path 2 uses) — it correctly reads key_env:

custom_key = custom_entry.get("api_key", "").strip()
custom_key_env = custom_entry.get("key_env", "").strip()
if not custom_key and custom_key_env:
    custom_key = os.getenv(custom_key_env, "").strip()

So key_env works in providers: dict / custom_providers: list (path 2), but is silently dropped in auxiliary.<task> configs (path 1 and path 3). Same root cause as the api_mode duplication — three configuration surfaces, each parsing fields independently, drift inevitable.

Suggested Refactor

A single helper in agent/auxiliary_client.py:

def _build_custom_endpoint_client(
    *, base_url: str, api_key: str, api_mode: Optional[str],
    model: str, async_mode: bool,
) -> Tuple[Any, str]:
    """Sole source of truth for 'custom endpoint → SDK client' dispatch.

    Honors api_mode in {None, "chat_completions", "anthropic_messages",
    "codex_responses"}. All three resolution paths must call this rather
    than re-inlining the dispatch.
    """
    ...

Three callers (the three paths) all use it. explicit_base_url either gets renamed to something neutral (endpoint_url) with the OpenAI-only assumption removed from the docstring, or it gets retired in favor of having callers pass through to the helper directly.

For key_env, fold the api_key/key_env resolution into a small helper too, and make _resolve_task_provider_model and _get_named_custom_provider both use it.

Related

• [bug]: Custom auxiliary endpoints ignore api_mode: anthropic_messages #7661 / fix(aux): honor api_mode for custom auxiliary endpoints #7648 — path 1 (_try_custom_endpoint); fix shipped in fix(anthropic): complete third-party Anthropic-compatible provider support #12846
• Named custom providers ignore api_mode, always create OpenAI client #9711 / Named custom providers with api_mode: anthropic_messages fail with 404 in auxiliary tasks #15033 / fix(aux-client): honor api_mode: anthropic_messages for named custom providers #15059 — path 2 (named custom providers)
• Vision auxiliary client drops api_mode for custom providers, causing crash #8857 — earlier vision-routing bug
• fix(anthropic): complete third-party Anthropic-compatible provider support #12846 — "complete third-party Anthropic-compatible provider support" — title is misleading; the change shipped real but incomplete coverage (paths 1 only on the aux-client side)

Reproducer

Repo HEAD: origin/main 755a2804 (2026-04-26). Python 3.11.14, anthropic SDK 0.94.0.

1. Configure ~/.hermes/config.yaml auxiliary.vision with the YAML above.
2. Set ZENMUX_API_KEY (or any anthropic-format gateway key).
3. Run vision_analyze_tool directly, or send a sticker through the gateway to trigger _handle_sticker.
4. Observe 404 invalid_model (or 403/500) and outbound POST to <base_url>/chat/completions.

To monkey-patch httpx and capture the actual outbound request:

import httpx
_orig = httpx.AsyncClient.send
async def _spy(self, request, **kw):
    print(f">>> {request.method} {request.url}")
    print(f"    body[:500]: {(request.content or b'')[:500].decode(errors='replace')}")
    return await _orig(self, request, **kw)
httpx.AsyncClient.send = _spy

Environment

• Hermes Agent: origin/main HEAD 755a2804 (2026-04-26)
• Python 3.11.14
• macOS / Darwin 25.4.0
• Gateway: zenmux.ai (/api/anthropic route, anthropic-format)

[EurFelux]

Update: three more siblings discovered while debugging the same vision flow

Tried to work around path 3 by switching to a named custom provider (provider: custom:zenmux + custom_providers[].zenmux). Hit three more bugs along the way, all rooted in the same architectural mess. Listing them here so the issue captures the full picture rather than getting filed as P3 patches.

Bug 4: base_url priority silently overrides provider field

agent/auxiliary_client.py:_resolve_task_provider_model (around L2735):

if cfg_base_url:
    return "custom", resolved_model, cfg_base_url, cfg_api_key, resolved_api_mode
if cfg_provider and cfg_provider != "auto":
    return cfg_provider, resolved_model, None, None, resolved_api_mode

If auxiliary.<task>.base_url is set, the provider field is silently ignored — the function unconditionally returns "custom" and routes to path 3. A user writing provider: custom:zenmux while keeping inline base_url is silently downgraded to bare "custom".

The intuitive (and documented) priority is: provider is the user's explicit declaration of which named/built-in provider to use; base_url/api_key/api_mode are task-level overrides. The current code inverts this.

Bug 5: auxiliary.<task> config does not parse key_env

_resolve_task_provider_model only reads:

cfg_api_key = str(task_config.get("api_key", "")).strip() or None

The key_env field is silently dropped. Compare to _get_named_custom_provider (which path 2 uses) — that code path reads:

custom_key = custom_entry.get("api_key", "").strip()
custom_key_env = custom_entry.get("key_env", "").strip()
if not custom_key and custom_key_env:
    custom_key = os.getenv(custom_key_env, "").strip()

Same root cause as the api_mode duplication — three configuration surfaces (aux task config, providers: dict, custom_providers: list) each parse fields independently, so any new field has to be added in three places, and inevitably drifts.

Bug 6: AnthropicAuxiliaryClient mangles model names on third-party Anthropic-compatible gateways

agent/auxiliary_client.py:_AnthropicCompletionsAdapter.create (around L622) calls:

anthropic_kwargs = build_anthropic_kwargs(
    model=model,
    ...
    is_oauth=self._is_oauth,
    # ← preserve_dots not passed; defaults to False
)

build_anthropic_kwargs then calls normalize_model_name(model, preserve_dots=False), which converts dots to hyphens (agent/anthropic_adapter.py):

if not preserve_dots:
    if _is_bedrock_model_id(model): ...
    model = model.replace(".", "-")    # ← mangles the user's model name

Reproducer continues from Path 2 above. Vision config:

auxiliary:
  vision:
    provider: custom:zenmux
    model: "moonshotai/kimi-k2.6"
custom_providers:
  - name: zenmux
    base_url: https://zenmux.ai/api/anthropic
    key_env: ZENMUX_API_KEY
    api_mode: anthropic_messages

Captured outbound HTTP after path 2 fix landed:

POST https://zenmux.ai/api/anthropic/v1/messages
    body model: 'moonshotai/kimi-k2-6'      ← ".6" mangled to "-6"
→ 404 invalid_model

The user wrote moonshotai/kimi-k2.6 (the canonical id zenmux serves). Hermes silently rewrote it to moonshotai/kimi-k2-6 and the gateway rejected it.

#13061 recognized this exact pattern for the main agent loop by adding a _should_preserve_model_dots() check in run_agent.py:7251 that returns True for provider == "custom" / provider.startswith("custom:"). The fix never reached AnthropicAuxiliaryClient — aux tasks (vision, compression, web_extract, skills_hub, ...) on a third-party Anthropic-compatible endpoint still get their model names mangled.

Hermes already has a helper that knows the right answer:

# agent/anthropic_adapter.py
def _is_third_party_anthropic_endpoint(base_url: str | None) -> bool:
    """Return True for non-Anthropic endpoints using the Anthropic Messages API."""
    normalized = _normalize_base_url_text(base_url)
    if not normalized: return False  # direct Anthropic
    if "anthropic.com" in normalized.lower(): return False
    return True

AnthropicAuxiliaryClient already stores base_url. Two-line fix: pass preserve_dots=_is_third_party_anthropic_endpoint(self.base_url) to build_anthropic_kwargs. But the right fix is bigger.

The deeper problem: model-name normalization runs in four independent layers

While debugging Bug 6 we discovered that hermes does model-name "normalization" in four places, each maintained independently:

1. hermes_cli/model_normalize.py:normalize_model_for_provider(model, provider) — per-provider rewrites (Anthropic dots, OpenCode-Zen Claude special-case, DeepSeek alias collapsing, Xiaomi lowercase, etc.)
2. agent/anthropic_adapter.py:normalize_model_name(model, preserve_dots=False) — separate Anthropic-side dot/hyphen rewriting + Bedrock-id detection
3. run_agent.py:_should_preserve_model_dots() — gates layer 2 for the main agent loop only
4. _normalize_resolved_model (agent/auxiliary_client.py) wraps layer 1 for aux clients but bypasses layer 3 entirely

A user passing moonshotai/kimi-k2.6 through layer 4 → layer 1 (passes through, custom→ "Custom & all others: pass through as-is") → reaches the Anthropic adapter → layer 2 default-mangles it because nobody plumbed layer 3's decision down to the aux client.

This isn't a missing patch. It's a missing invariant: user-supplied strings should be opaque to hermes by default, and any rewriting should be opt-in via an explicit alias table. Layers 1+2 invert that — they default-mangle, and downstream code is responsible for opting out via preserve_dots=True. That's how you end up with #13061 fixing one call site, #15059 fixing another, this issue documenting a third aux-client call site, and the next contributor inevitably finding a fourth.

Updated bug map

#	Bug	Path / location	Status
1	_try_custom_endpoint ignored api_mode: anthropic_messages	aux client path 1	✅ #12846
2	named-custom branch ignored api_mode	aux client path 2	✅ #15059
3	resolve_provider_client(explicit_base_url=...) ignores api_mode	aux client path 3	❌ original report above
4	_resolve_task_provider_model priority: cfg_base_url short-circuits cfg_provider	task config parsing	❌
5	_resolve_task_provider_model ignores key_env (only api_key)	task config parsing	❌
6	AnthropicAuxiliaryClient doesn't propagate preserve_dots for third-party Anthropic-compat endpoints	model-name normalization	❌ #13061 only fixed main loop

All six trace back to the same architectural choices:

• Multiple parallel "configuration surfaces" with overlapping fields that each parse independently and drift over time (drives bugs 4, 5, and the fact that bugs 1–3 were three separate fixes for the same dispatch logic).
• Default-mangle, opt-out model-name normalization scattered across four layers, with no single point that asks "should we touch this string?" (drives bug 6 and the entire [Bug] normalize_model_name rewrites custom provider model IDs, breaking models with dots (e.g. z-ai/glm-5.1 via zenmux) #13061 saga).
• Field-name semantic drift (explicit_base_url documented as "OpenAI-compatible" but used as a generic conduit; provider documented as user intent but silently overridden by a sibling field).

A coherent fix needs the schema flattened (one configuration surface for "custom endpoint" with a single parser that's shared across all three resolution paths) and the normalize layers consolidated (one entry point that decides, based on declared provider + declared api_mode, whether to touch the string at all — defaulting to "don't").

Until that lands, expect new sibling bugs to surface every time someone tries a slightly different combination.

[EurFelux]

Never seen such a terrible design, what made you decide to arbitrarily modify the model id filled in by the user?