Summary
The /model picker for the copilot provider only shows a small hardcoded fallback list when the live model fetch fails. The fetch fails silently for users whose only Copilot credential is an OAuth access_token in auth.json (i.e. the device-code flow that hermes auth add copilot itself produces), because _resolve_copilot_catalog_api_key() only consults the COPILOT_GITHUB_TOKEN / GH_TOKEN / GITHUB_TOKEN environment variables.
Net effect: the picker hides current Copilot models (e.g. claude-opus-4.7, claude-sonnet-4.6, gpt-5.5, grok-code-fast-1) from users who authenticated through Hermes's own supported flow. Users either don't know those models exist, or have to type the model id directly via /model <id>.
Reproduce
- Fresh Hermes install, no
gh CLI configured, no COPILOT_GITHUB_TOKEN set.
hermes auth add copilot → device-code flow → auth.json ends up with credential_pool.copilot[0].access_token (OAuth gho_…).- Run Hermes, type
/model and choose copilot.
- The picker shows only the hardcoded fallback list from
hermes_cli/models.py (around lines 157–172), missing all current models.
/model claude-opus-4.7 works fine — the model is available, the picker just doesn't list it.
Root cause
hermes_cli/models.py::_resolve_copilot_catalog_api_key() (around line 1942) calls resolve_api_key_provider_credentials("copilot"), which only inspects the env vars listed in COPILOT_ENV_VARS. It never falls back to the OAuth access_token that auth.json already holds — the same token the rest of Hermes uses to talk to Copilot.
The Codex catalog resolver (same file, around line 1791) already has the right pattern: env-var first, then resolve_codex_runtime_credentials() which reads auth.json.
Proposed fix
Mirror the Codex pattern in _resolve_copilot_catalog_api_key():
- Env-var lookup (current behavior).
- On miss, load
auth.json via the existing load_auth_data() helper, walk credential_pool.copilot[], and return the first entry's access_token.
About 5 lines, no new dependencies, behavior is strictly additive (env still wins). I'd rather just file the report than maintain a PR — happy to expand on the patch sketch if useful.
Workaround for other users hitting this
Type the model id directly: /model claude-opus-4.7, /model gpt-5.5, etc.
Environment
- Hermes Agent (current
main)
- Provider:
copilot, auth via hermes auth add copilot device-code flow
- Linux (Ubuntu)
Summary
The
/modelpicker for thecopilotprovider only shows a small hardcoded fallback list when the live model fetch fails. The fetch fails silently for users whose only Copilot credential is an OAuthaccess_tokeninauth.json(i.e. the device-code flow thathermes auth add copilotitself produces), because_resolve_copilot_catalog_api_key()only consults theCOPILOT_GITHUB_TOKEN/GH_TOKEN/GITHUB_TOKENenvironment variables.Net effect: the picker hides current Copilot models (e.g.
claude-opus-4.7,claude-sonnet-4.6,gpt-5.5,grok-code-fast-1) from users who authenticated through Hermes's own supported flow. Users either don't know those models exist, or have to type the model id directly via/model <id>.Reproduce
ghCLI configured, noCOPILOT_GITHUB_TOKENset.hermes auth add copilot→ device-code flow →auth.jsonends up withcredential_pool.copilot[0].access_token(OAuthgho_…)./modeland choosecopilot.hermes_cli/models.py(around lines 157–172), missing all current models./model claude-opus-4.7works fine — the model is available, the picker just doesn't list it.Root cause
hermes_cli/models.py::_resolve_copilot_catalog_api_key()(around line 1942) callsresolve_api_key_provider_credentials("copilot"), which only inspects the env vars listed inCOPILOT_ENV_VARS. It never falls back to the OAuthaccess_tokenthatauth.jsonalready holds — the same token the rest of Hermes uses to talk to Copilot.The Codex catalog resolver (same file, around line 1791) already has the right pattern: env-var first, then
resolve_codex_runtime_credentials()which readsauth.json.Proposed fix
Mirror the Codex pattern in
_resolve_copilot_catalog_api_key():auth.jsonvia the existingload_auth_data()helper, walkcredential_pool.copilot[], and return the first entry'saccess_token.About 5 lines, no new dependencies, behavior is strictly additive (env still wins). I'd rather just file the report than maintain a PR — happy to expand on the patch sketch if useful.
Workaround for other users hitting this
Type the model id directly:
/model claude-opus-4.7,/model gpt-5.5, etc.Environment
main)copilot, auth viahermes auth add copilotdevice-code flow