[Bug]: hermes doctor reports valid China DashScope API key as invalid

[hhqyb]

Bug Description

hermes doctor reports a valid China-region Alibaba DashScope/Bailian API key as invalid.

Observed output:

Checking Alibaba/DashScope API...
✗ Alibaba/DashScope    (invalid API key)

However, the same DASHSCOPE_API_KEY succeeds against China-region DashScope/Bailian endpoints and WebSearch MCP.

Verification Results

The following checks were run locally with the same key, without exposing the key value:

GET  https://dashscope.aliyuncs.com/compatible-mode/v1/models  -> HTTP 200
GET  https://dashscope.aliyuncs.com/api/v1/models              -> HTTP 200
POST https://dashscope.aliyuncs.com/api/v1/mcps/WebSearch/mcp  -> HTTP 200

The MCP initialize response also returns a normal BaiLianMcpServer serverInfo payload.

Suspected Root Cause

In hermes_cli/doctor.py, the Alibaba/DashScope API-key health check appears to default to:

https://dashscope-intl.aliyuncs.com/compatible-mode/v1/models

For China-region DashScope/Bailian keys, the working endpoint is:

https://dashscope.aliyuncs.com/compatible-mode/v1/models

So the current doctor output can misclassify a region/endpoint mismatch as an invalid API key.

Expected Behavior

hermes doctor should not report a valid China-region DashScope key as invalid. Possible fixes:

1. Respect DASHSCOPE_BASE_URL when configured.
2. Try both dashscope-intl.aliyuncs.com and dashscope.aliyuncs.com before declaring the key invalid.
3. If only one region fails, show a region/endpoint mismatch warning instead of (invalid API key).
4. Optionally verify WebSearch MCP separately when the key is being used for MCP services rather than model inference.

Related Issues

• Support Bailian/DashScope endpoints that don't expose /v1/models #12220
• 🐛 Alibaba provider hardcoded to coding-intl endpoint — breaks standard DashScope API keys #3912

Environment

• Hermes Agent on macOS
• DASHSCOPE_API_KEY configured in .env
• China-region DashScope/Bailian endpoints respond successfully
• hermes doctor still reports Alibaba/DashScope (invalid API key)

No API keys or tokens are included in this report.

[rickai0118]

I can still reproduce this on Hermes Agent v0.13.0 (2026.5.7) under WSL.

In my current config, DashScope is actually working with the China endpoint:

• base URL: https://dashscope.aliyuncs.com/compatible-mode/v1
• direct GET /models returns HTTP 200
• direct POST /chat/completions returns HTTP 200

But hermes doctor still reports the provider as invalid because it probes the intl endpoint (https://dashscope-intl.aliyuncs.com/compatible-mode/v1/models) in my environment, which fails here with SSL EOF.

So this appears to still be a false negative caused by endpoint selection / region mismatch, not a bad API key. If this issue was closed as fixed, it may need a re-check or reopen.

— Verified on behalf of @rickai0118 by Hermes Agent