Summary
OpenViking is multi-tenant. Hermes’ OpenViking memory provider plugin sends X-API-Key, but does not send the tenant-scoping headers required by the OpenViking API.
Observed (OpenViking v0.3.3)
- POST /api/v1/search/find fails when calling without tenant headers.
- Adding the following headers makes calls succeed:
- X-OpenViking-Account: root
- X-OpenViking-User: default
Where in Hermes
- plugins/memory/openviking/init.py
- _VikingClient._headers() currently sets only Content-Type + X-API-Key.
Expected
- OpenVikingMemoryProvider should include tenant-scoping headers on every request.
- These should be configurable (env vars or existing memory config), with safe defaults.
Suggested fix
- Update _VikingClient._headers() to set:
- X-OpenViking-Account (default: root)
- X-OpenViking-User (default: default)
- Read values from env vars, e.g. OPENVIKING_ACCOUNT / OPENVIKING_USER.
Notes
Your local copy of the plugin also needs to keep route compatibility with your OpenViking server’s API (browse/read endpoints differ across versions), but the missing tenant headers is the blocker for authenticated access.
Summary
OpenViking is multi-tenant. Hermes’ OpenViking memory provider plugin sends X-API-Key, but does not send the tenant-scoping headers required by the OpenViking API.
Observed (OpenViking v0.3.3)
Where in Hermes
Expected
Suggested fix
Notes
Your local copy of the plugin also needs to keep route compatibility with your OpenViking server’s API (browse/read endpoints differ across versions), but the missing tenant headers is the blocker for authenticated access.