[Bug]: bug(cli): hermes doctor falsely reports Google Gemini API key as invalid (HTTP 401 due to OpenAI auth format)

[dzerozero32-hue]

Bug Description

Describe the bug
The hermes doctor connectivity check (_probe_apikey_provider) falsely reports a valid Google Gemini API key (GOOGLE_API_KEY) as invalid with a red cross ✗ gemini (invalid API key). This happens because the health check treats the Gemini endpoint as OpenAI-compatible and uses the standard Authorization: Bearer <key> header, which Google AI Studio rejects with an HTTP 401 status code.

To Reproduce

1. Configure a valid GOOGLE_API_KEY in ~/.hermes/.env.
2. Run hermes doctor.
3. See the ✗ gemini (invalid API key) error in the API Connectivity section, even though the main hermes agent chat works perfectly fine with the exact same key.

Root Cause Analysis
In /hermes_cli/doctor.py, the generic helper function _probe_apikey_provider performs an HTTP GET request to check connectivity:

headers = {
    "Authorization": f"Bearer {key}",
    "User-Agent": _HERMES_USER_AGENT,
}
r = httpx.get(url, headers=headers, timeout=10)

Google Gemini API does not authenticate via Bearer tokens in the standard Authorization header. It expects the API key either as a query parameter (?key=...) or via the x-goog-api-key header. Because httpx sends a Bearer token, Google returns 401 Unauthorized, which the doctor script catches and flags as an invalid API key on line 1466:

if r.status_code == 401:
    return _ConnectivityResult(
        pname,
        [(color("✗", Colors.RED), label, color("(invalid API key)", Colors.DIM))],
        [f"Check {env_vars[0]} in .env"],
    )

Expected behavior
The _probe_apikey_provider function should handle Gemini/Google specifically by using the correct authentication method (e.g., passing x-goog-api-key header or appending the key parameter to the URL) so that the health check passes successfully.

Steps to Reproduce

1. Configure a valid GOOGLE_API_KEY in ~/.hermes/.env.
2. Run hermes doctor in the terminal.
3. Observe the ✗ gemini (invalid API key) error in the "API Connectivity" section.

Expected Behavior

The hermes doctor command should successfully validate the Gemini API key and display a green checkmark ✓ gemini, since the key is fully functional and the main hermes agent chat works perfectly with it.

Actual Behavior

hermes doctor outputs a false positive error:
✗ gemini (invalid API key)
And appends an issue: Check GOOGLE_API_KEY in .env

Affected Component

CLI (interactive chat)

Messaging Platform (if gateway-related)

N/A (CLI only)

Debug Report

hermes debug share

Operating System

Ubuntu 20.04

Python Version

3.11

Hermes Version

Latest main branch (git clone)

Additional Logs / Traceback (optional)

Root Cause Analysis (optional)

No response

Proposed Fix (optional)

No response

Are you willing to submit a PR for this?

• I'd like to fix this myself and submit a PR

[alt-glitch]

Duplicate of #21058 — same hermes doctor Gemini healthcheck false positive (Bearer auth vs ?key= query param). Fix PRs already open: #20642, #21490, #26067.

[teknium1]

This appears to be fixed on current main.

Automated hermes-sweeper review evidence:

• hermes_cli/doctor.py:1772 now detects generativelanguage.googleapis.com, removes the generic Authorization: Bearer ... header, and sends the configured key as x-goog-api-key instead.
• hermes_cli/auth.py:234 configures Google AI Studio/Gemini with https://generativelanguage.googleapis.com/v1beta and GOOGLE_API_KEY / GEMINI_API_KEY, so the special-case covers the reported hermes doctor path.
• The fix landed in 364a1dd290245093f76837c6074bb7d4fdc798c6 (Local: doctor uses x-goog-api-key for Google generativelanguage endpoint) and is contained in v2026.5.28 and later tags.
• The duplicate discussion on hermes doctor: Gemini healthcheck fails with 401 due to Bearer-token auth incompatibility #21058 was closed with the same current-main evidence.

Thanks for the clear root-cause writeup; it matches the implementation that landed.