Bug Description
When Hermes resolves metadata or pricing for a custom OpenAI-compatible endpoint, it can call fetch_endpoint_model_metadata() with an empty api_key. If the endpoint requires auth on /models (for example a LiteLLM-backed route), Hermes sends an unauthenticated request and gets 401s.
Steps to Reproduce
- Configure Hermes to use a custom OpenAI-compatible endpoint whose
/models route requires auth.
- Trigger a code path that resolves endpoint metadata or pricing without an explicit
api_key argument at the call site.
- Observe the request sent to
/models.
Expected Behavior
Hermes should send an authenticated /models request when credentials are already available via the endpoint environment.
Actual Behavior
Hermes sends /models without an Authorization header when api_key is empty at the call site, which causes repeated 401s and prevents metadata/pricing lookup.
Root Cause Analysis
agent/usage_pricing.py calls fetch_endpoint_model_metadata(route.base_url, api_key=api_key or ""). agent/model_metadata.py only builds the auth header from the explicit api_key parameter, so the request is unauthenticated when that value is empty.
Proposed Fix
Fall back to LITELLM_KEY inside fetch_endpoint_model_metadata() when no explicit api_key was provided, and cover it with a regression test.
Bug Description
When Hermes resolves metadata or pricing for a custom OpenAI-compatible endpoint, it can call
fetch_endpoint_model_metadata()with an emptyapi_key. If the endpoint requires auth on/models(for example a LiteLLM-backed route), Hermes sends an unauthenticated request and gets 401s.Steps to Reproduce
/modelsroute requires auth.api_keyargument at the call site./models.Expected Behavior
Hermes should send an authenticated
/modelsrequest when credentials are already available via the endpoint environment.Actual Behavior
Hermes sends
/modelswithout anAuthorizationheader whenapi_keyis empty at the call site, which causes repeated 401s and prevents metadata/pricing lookup.Root Cause Analysis
agent/usage_pricing.pycallsfetch_endpoint_model_metadata(route.base_url, api_key=api_key or "").agent/model_metadata.pyonly builds the auth header from the explicitapi_keyparameter, so the request is unauthenticated when that value is empty.Proposed Fix
Fall back to
LITELLM_KEYinsidefetch_endpoint_model_metadata()when no explicitapi_keywas provided, and cover it with a regression test.