Hermes Doctor flags Google Gemini API key as invalid even when the key works

[thesotog]

Summary

hermes doctor reports the Google Gemini API key as invalid API key, but the same key successfully authenticates against the Gemini API directly.

What I verified

From this host:

• GET https://generativelanguage.googleapis.com/v1beta/models?key=<API_KEY> returned HTTP 200
• POST https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent?key=<API_KEY> returned HTTP 200 and generated a valid response
• GET /v1beta/models with Authorization: Bearer <API_KEY> returned HTTP 401, which suggests the doctor check is using the wrong auth style for this provider

Expected behavior

hermes doctor should validate Gemini API keys using the Gemini API's ?key= auth flow, or otherwise avoid reporting a false invalid-key error when the key is actually valid.

Actual behavior

hermes doctor prints a Gemini connectivity warning/invalid key message even though the Gemini API calls succeed.

Notes

• OpenAI/Codex remains the default provider; Gemini was configured only as an optional credential.
• This appears to be a false positive in the doctor connectivity check, not a billing issue.

Environment

• Hermes Agent on AWS Lightsail Ubuntu 24.04
• hermes update completed successfully before this check

Reproduction steps

1. Set GEMINI_API_KEY in ~/.hermes/.env
2. Run hermes doctor
3. Observe Gemini being flagged invalid
4. Call the Gemini API directly with the same key and observe success

[alt-glitch]

Duplicate of #21481 — same Gemini doctor false positive (Bearer auth vs ?key= query param). Fix PR #22489 open.

[teknium1]

Automated hermes-sweeper review: this appears fixed on current main.

Evidence:

• hermes_cli/doctor.py:1766 now special-cases generativelanguage.googleapis.com doctor probes, removes Authorization: Bearer, and sends the key as x-goog-api-key instead.
• hermes_cli/auth.py:232 registers Gemini as Google AI Studio API-key auth using https://generativelanguage.googleapis.com/v1beta with both GOOGLE_API_KEY and GEMINI_API_KEY recognized.
• The fix was introduced by 364a1dd290245093f76837c6074bb7d4fdc798c6 (Local: doctor uses x-goog-api-key for Google generativelanguage endpoint) and is contained in v2026.5.28 and later tags.
• The existing discussion correctly linked this to the same Bearer-vs-Google-key auth false positive tracked in related Gemini doctor reports.

If this still reproduces on the latest release, please reopen or file a fresh issue with the current hermes doctor output and configured GEMINI_BASE_URL/GOOGLE_API_KEY source.