Skip to content

Clarify and classify repeated provider safety-block failures instead of generic API failed after 3 retries #18028

Closed
#33883
Closed
Clarify and classify repeated provider safety-block failures instead of generic API failed after 3 retries#18028
#33883
Labels
P2Medium — degraded but workaround existscomp/agentCore agent loop, run_agent.py, prompt buildercomp/gatewayGateway runner, session dispatch, deliveryprovider/openaiOpenAI / Codex Responses APItype/featureNew feature or request
@hanzili

Description

@hanzili
hanzili
opened on Apr 30, 2026

Bug description

Hermes/gateway surfaces upstream model safety blocks as repeated generic user-visible failures:

❌ API failed after 3 retries — This content was flagged for possible cybersecurity risk...

In practice the agent is still running, but the user sees the same error repeatedly and cannot tell whether this is:

  • a broken Telegram/gateway session,
  • a cron job failure,
  • a model/provider moderation refusal,
  • or a task-specific prompt/content issue.

This has happened repeatedly on provider=openai-codex model=gpt-5.5, especially for long browser/cron/social/outreach contexts.

Evidence from logs

Recent examples from ~/.hermes/logs/agent.log and ~/.hermes/logs/errors.log:

2026-04-30 00:39:15 ERROR [20260430_001938_cbfa2a4f] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=43 tokens=~74,862
2026-04-30 01:10:51 ERROR [20260430_001938_cbfa2a4f] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=55 tokens=~79,909
2026-04-30 01:16:42 ERROR [20260430_001938_cbfa2a4f] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=64 tokens=~85,606
2026-04-30 02:06:00 ERROR [20260430_014542_58e6e3] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=62 tokens=~82,779
2026-04-30 12:05:26 ERROR [cron_0100edd0075e_20260430_115410] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=38 tokens=~88,626
2026-04-30 13:16:45 ERROR [20260430_131604_3e862c] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=64 tokens=~87,954
2026-04-30 13:17:57 ERROR [20260430_130823_457ac595] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=62 tokens=~85,611
2026-04-30 13:19:40 ERROR [20260430_130823_457ac595] API call failed after 3 retries. This content was flagged for possible cybersecurity risk... | provider=openai-codex model=gpt-5.5 msgs=65 tokens=~98,379

There is also at least one summarization-specific case:

2026-04-27 23:07:12 WARNING [...] Failed to generate context summary: This content was flagged for possible cybersecurity risk... Further summary attempts paused for 60 seconds.

Expected behavior

When the upstream provider returns this specific safety/moderation style failure, Hermes should make it clear that:

  1. Hermes/gateway is alive.
  2. The failure came from the model/provider, not necessarily from the requested app/site/tool.
  3. The user can try a narrower/rephrased request, shorter context, or a different model/provider if configured.
  4. Cron/job outputs should be marked failed/degraded when they contain API call failed after 3 retries, not treated as successful just because the wrapper produced a markdown output.

Actual behavior

The same generic failure can be delivered repeatedly to Telegram, with no provider-specific explanation or mitigation. It feels like Hermes is broken and encourages users to retry the same request, which often reproduces the same block.

Proposed fixes

  • Detect content was flagged for possible cybersecurity risk / moderation-like provider errors and map to a clearer user-facing message.
  • Add structured error classification such as provider_safety_block, provider_connection_error, tool_error, gateway_delivery_error.
  • For cron jobs, treat provider safety blocks after retries as last_status: failed or degraded and expose the reason in cron output metadata.
  • Consider optional fallback model/provider routing for safety-blocked summarization or long-context housekeeping tasks, if configured.
  • Avoid retrying identical prompts 3 times when the response is a deterministic policy/safety block; retry only transient errors.

Environment

  • Hermes v0.11.0
  • Gateway: Telegram
  • Provider/model observed: openai-codex / gpt-5.5
  • Logs: ~/.hermes/logs/agent.log, ~/.hermes/logs/errors.log

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Medium — degraded but workaround existscomp/agentCore agent loop, run_agent.py, prompt buildercomp/gatewayGateway runner, session dispatch, deliveryprovider/openaiOpenAI / Codex Responses APItype/featureNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions