Fallback provider 429 can exhaust primary provider credential pool

[wlfcss]

Summary

After openai-codex failed and Hermes activated a cross-provider fallback, the fallback provider's 429 was recorded against the primary openai-codex OAuth credential pool.

This made a valid Codex OAuth session appear rate-limited/exhausted even though the quota/billing error came from the fallback provider.

Related context: #32903 / #32963 fixed the original openai-codex null-output streaming crash. This issue is about the secondary provider-state contamination after fallback activation, not the null-output parser crash itself.

Environment

• Hermes Agent: v0.14.0, local checkout 2517917de before pulling main
• OpenAI SDK in Hermes venv: 2.24.0
• Primary provider/model: openai-codex / gpt-5.5
• Primary base URL: https://chatgpt.com/backend-api/codex
• Fallback provider/model: zai / glm-5.1

Observed sequence

Sanitized local log sequence:

2026-05-27 14:28:42 CST  Fallback activated: gpt-5.5 -> glm-5.1 (zai)
2026-05-27 14:28:43 CST  zai returned 429 code=1113 "Insufficient balance or no resource package"
2026-05-27 14:28:48 CST  credential pool: marking openai-codex-oauth-2 exhausted

After this, hermes auth list showed the openai-codex OAuth credentials as rate-limited/exhausted with the Z.AI 1113 error. That sent debugging in the wrong direction: it looked like a Codex OAuth/quota problem, while the actual 429 came from the fallback provider.

Resetting the openai-codex auth state cleared the stale exhausted status and the same Codex OAuth credentials worked again.

Expected behavior

When fallback activation switches the active provider from openai-codex to zai, credential-pool recovery should not mutate the stale openai-codex pool based on a zai response.

Either:

• the active credential pool should be reloaded for the fallback provider, or
• the stale primary pool should be cleared before fallback calls continue, and
• recovery code should skip pool mutation if the pool provider does not match the current agent provider.

Local patch shape that fixed the misattribution

I tested a narrow local patch with two guardrails:

1. In fallback activation, after assigning agent.provider = fb_provider, reload or clear agent._credential_pool for the fallback provider.

2. In recover_with_credential_pool(), before calling mark_exhausted_and_rotate(), skip credential-pool recovery when the loaded pool provider differs from the agent's current provider.

The important defensive check is:

if pool_provider and current_provider and pool_provider != current_provider:
    return False, has_retried_429

Audit notes

• The change is intentionally narrow: it only realigns the in-memory pool after a provider switch and adds a defensive provider-match check before any pool mutation.
• If the fallback provider has no credential pool, clearing agent._credential_pool is safer than retaining and mutating the stale primary pool.
• One caveat: if Hermes supports provider aliases for credential pools, this guard should probably use the same provider-name normalization used elsewhere. For the observed openai-codex -> zai fallback, the mismatch is unambiguous.

Local validation

pytest tests/run_agent/test_provider_fallback.py tests/agent/test_credential_pool_routing.py -q
# 34 passed

hermes auth reset openai-codex
hermes -z "只回复 OK" --provider openai-codex -m gpt-5.5 --ignore-rules
# OK

[yaoligithub]

Second reproducer — openrouter 402 contaminates openai-codex pool

Confirming this on a separate provider pair: same misattribution mechanism, different fallback provider and error code.

Environment: Hermes v0.13.0, openai-codex / gpt-5.5 primary, openrouter / anthropic/claude-sonnet-4.6 fallback.

Observed sequence (from errors.log + auth.json post-mortem):

2026-05-26 20:52:25  INFO agent.credential_pool: credential pool: marking openai-codex-oauth-1 exhausted (status=402), rotating
2026-05-26 20:52:35  ERROR root: API call failed after 3 retries. HTTP 402: Insufficient credits. … | provider=openrouter model=anthropic/claude-sonnet-4.6

After fallback fired, hermes auth list showed:

openai-codex (2 credentials):
  #1  copied-default-codex-oauth oauth   copied:/root/.hermes/auth.json exhausted (402) (9m 35s left)

And the last_error_message persisted in the pool entry was OpenRouter's exact wording — "Insufficient credits. Add more using https://openrouter.ai/settings/credits" — attached to the codex credential, even though the Codex JWT was still valid (confirmed by a manual POST /backend-api/codex/responses returning 400 Instructions are required, which is auth-accepted-but-malformed-body).

Symptom for the user: bot silently skipped the (perfectly healthy) codex primary for the 9m cooldown window every time the user retried, falling straight through to fallback. Resetting the codex pool (hermes --profile <p> auth reset openai-codex) cleared it.

Reinforces the diagnosis in the original report: the contamination is generic across (primary, fallback) pairs and across error codes (402 here, 429 there) — recover_with_credential_pool() is mutating the wrong pool whenever the fallback returns a non-2xx that the recovery layer interprets as exhaustion.

The two-guardrail patch proposed above (reload pool on fallback switch + provider-match check in recover_with_credential_pool) would have prevented both reproducers.

[carter-smalls]

This looks like OpenAI rate-limit errors hitting without exponential backoff — requests may be retrying too aggressively.

Check whether the retry logic reads Retry-After from the header or waits a fixed interval — fixed intervals often cause retry storms.

We're building Badgr as an AI gateway that respects Retry-After and routes around provider rate limits — may be useful if this keeps happening.

[wlfcss]

Clarification: this does not appear to be a normal OpenAI/Codex rate-limit or backoff issue.

In the original local repro, after clearing the stale exhausted state, a direct openai-codex / gpt-5.5 call succeeded immediately (hermes -z ... --provider openai-codex -m gpt-5.5 returned OK). The observed 429 came from the fallback provider (zai, code 1113, insufficient balance/resource package), but Hermes persisted that fallback error onto the primary openai-codex OAuth credential pool.

The independent OpenRouter repro above shows the same mechanism with 402, so the common failure is not Retry-After handling; it is provider attribution/state mutation after fallback activation: a fallback provider error can mutate the primary provider's credential pool.

[teknium1]

Fixed via PR #33233 (merged commit 2e181602a on main), salvaged from @zccyman's #33217. Same fix shape as @wlfcss's parallel #33258 (closed as duplicate of #33233).

Two-layer fix:

1. try_activate_fallback now clears agent._credential_pool on fallback activation when the fallback provider doesn't match the pool's provider. This prevents the primary's credentials from being mutated by errors that came from the fallback (the exact 402/429-from-fallback → primary-credential-exhaustion scenario you reported).
2. recover_with_credential_pool has a defense-in-depth provider-mismatch guard for any future path that might attach a stale pool.

Pool is preserved when fallback shares the pool's provider (e.g. multiple openrouter entries — multi-key routing is the point). Pool is cleared only when the provider actually differs.

Run hermes update to pick up the fix once it lands on PyPI. Git clones of main already have it.