Bug Description
Hermes can persist malformed assistant tool calls into session history.
If that happens, later requests may replay those invalid tool calls back to the provider and effectively poison the session.
In the observed failure mode, subsequent requests repeatedly failed with:
HTTP 400: InternalError.Algo.InvalidParameter: The "function.arguments" parameter of the code model must be in JSON format.
A persisted assistant turn contained malformed tool calls like:
{
"type": "function",
"function": {
"name": "",
"arguments": ""
}
}
Once these invalid tool calls were present in session history, every later request in the same session could fail when that history was replayed back to a strict OpenAI-compatible provider.
Steps to Reproduce
-
Create or inject an assistant message in session history containing a malformed tool call:
- empty function.name
- empty or non-JSON function.arguments
-
Resume the same session.
-
Send any new message.
-
Hermes replays the invalid tool call from stored history to the provider.
-
The provider rejects the request with HTTP 400:
"The function.arguments parameter of the code model must be in JSON format."
Expected Behavior
Hermes should never persist malformed tool calls into session history.
Hermes should also validate stored tool calls before replaying session history to a provider, and drop invalid entries such as:
- empty function name
- non-string arguments
- invalid JSON arguments
- JSON arguments that are not an object
Actual Behavior
A session can become effectively poisoned by malformed persisted tool calls.
Retries do not help, because the same invalid history is replayed again on every request.
Affected Component
Gateway (Telegram/Discord/Slack/WhatsApp), Agent Core (conversation loop, context compression, memory)
Messaging Platform (if gateway-related)
Telegram
Operating System
macOS 15.7
Python Version
3.11
Hermes Version
0.6.0
Relevant Logs / Traceback
// Observed provider error:
HTTP 400: InternalError.Algo.InvalidParameter: The "function.arguments" parameter of the code model must be in JSON format.
// Additional symptom from the corrupted turn:
Tool '' does not exist.
Root Cause Analysis (optional)
In run_agent.py, assistant tool calls are normalized in _build_assistant_message() by copying tool_call.function.name and tool_call.function.arguments directly into the persisted assistant message.
At that stage, there was no defensive check for:
- empty function name
- non-string arguments
- invalid JSON arguments
- JSON arguments that are not an object
Proposed Fix (optional)
Local workaround / mitigation:
- remove the malformed assistant turn and related broken tool-call entries from persisted session history
- restart the affected gateway/session
Local code fix:
- validate tool calls before persisting assistant messages
- validate tool calls again before replaying stored history into outgoing API payloads
- drop malformed tool calls instead of replaying them
Are you willing to submit a PR for this?
Bug Description
Hermes can persist malformed assistant tool calls into session history.
If that happens, later requests may replay those invalid tool calls back to the provider and effectively poison the session.
In the observed failure mode, subsequent requests repeatedly failed with:
HTTP 400: InternalError.Algo.InvalidParameter: The "function.arguments" parameter of the code model must be in JSON format.
A persisted assistant turn contained malformed tool calls like:
Once these invalid tool calls were present in session history, every later request in the same session could fail when that history was replayed back to a strict OpenAI-compatible provider.
Steps to Reproduce
Create or inject an assistant message in session history containing a malformed tool call:
Resume the same session.
Send any new message.
Hermes replays the invalid tool call from stored history to the provider.
The provider rejects the request with HTTP 400:
"The function.arguments parameter of the code model must be in JSON format."
Expected Behavior
Hermes should never persist malformed tool calls into session history.
Hermes should also validate stored tool calls before replaying session history to a provider, and drop invalid entries such as:
Actual Behavior
A session can become effectively poisoned by malformed persisted tool calls.
Retries do not help, because the same invalid history is replayed again on every request.
Affected Component
Gateway (Telegram/Discord/Slack/WhatsApp), Agent Core (conversation loop, context compression, memory)
Messaging Platform (if gateway-related)
Telegram
Operating System
macOS 15.7
Python Version
3.11
Hermes Version
0.6.0
Relevant Logs / Traceback
Root Cause Analysis (optional)
In run_agent.py, assistant tool calls are normalized in _build_assistant_message() by copying tool_call.function.name and tool_call.function.arguments directly into the persisted assistant message.
At that stage, there was no defensive check for:
Proposed Fix (optional)
Local workaround / mitigation:
Local code fix:
Are you willing to submit a PR for this?