fix(cli): model validation fails for anthropic_messages and Cloudflare-protected endpoints

[Wangshengyang2004]

Summary

The /model command fails to switch to providers using api_mode: anthropic_messages
and to some OpenAI-compatible endpoints behind Cloudflare, because validate_requested_model()
always probes with Authorization: Bearer (OpenAI-style auth) via urllib.request
without a User-Agent header.

Root causes

1. Anthropic Models API uses different auth: Anthropic's GET /v1/models
   requires x-api-key + anthropic-version headers, not Authorization: Bearer.
   The response shape (data[].id) is identical to OpenAI, but the probe always
   failed with auth errors.

2. Cloudflare blocks requests without User-Agent: urllib.request does not
   set a User-Agent header by default. Some third-party OpenAI-compatible
   endpoints behind Cloudflare return 403, causing the probe to fail even though
   the endpoint works fine with normal HTTP clients.

3. Hard rejection on probe failure: When the /models probe failed for
   anthropic_messages providers, validate_requested_model() returned
   accepted: False, blocking the model switch entirely. Many Anthropic-compatible
   proxies do not implement the Models API at all, so this was a permanent block.

Changes

hermes_cli/models.py

• probe_api_models(): Added api_mode parameter. When api_mode == "anthropic_messages", sends x-api-key and anthropic-version headers
  instead of Authorization: Bearer. Always sets User-Agent: Hermes/1.0.
• fetch_api_models(): Propagates api_mode to probe_api_models().
• validate_requested_model(): Added api_mode parameter.
  • For anthropic_messages mode: attempts probe with correct Anthropic auth.
    If the proxy implements the Models API (like the official Anthropic endpoint),
    the model is verified normally. If the probe fails (common for third-party
    proxies), the model is still accepted with an informational warning
    instead of being rejected.
  • Custom provider "custom" branch: same logic — tries Anthropic auth first,
    falls back to accept on failure.

hermes_cli/model_switch.py

• switch_model(): Passes api_mode through to validate_requested_model().

How to test

1. Configure a custom provider with api_mode: anthropic_messages in
   ~/.hermes/config.yaml under custom_providers.
2. Run /model <model-name> with that provider — it should accept and switch.
3. Configure a custom provider with a Cloudflare-protected OpenAI-compatible
   endpoint — the /model probe should now succeed.
4. Existing tests: pytest tests/hermes_cli/ -v passes (614 passed; 2
   pre-existing failures unrelated to this change).

Platforms tested

• Linux (ARM64, Orange Pi 4 Pro)
• Python 3.11

[alt-glitch]

Related to #9721 (custom HTTP headers for Cloudflare) and #12906 (User-Agent on /v1/models probe, closed). This PR addresses both Anthropic auth and Cloudflare in one fix.

[alt-glitch]

Related to #9721 and #12906.

[teknium1]

Thanks for this fix, @Wangshengyang2004! The changes from this PR have already landed on main.

This is an automated hermes-sweeper review.

Evidence:

• Commit 647900e81 (the exact commit from this PR's head) is confirmed reachable from main via git merge-base --is-ancestor.
• hermes_cli/models.py lines 2336–2339: _HERMES_USER_AGENT is set on all probes; x-api-key + anthropic-version headers are sent when api_mode == 'anthropic_messages'.
• hermes_cli/models.py lines 2780+: validate_requested_model() now accepts with an informational warning when the probe fails for anthropic_messages providers.
• A follow-on commit 2303dd868 by a separate contributor added a native anthropic provider branch using _fetch_anthropic_models() (referenced in the alt-glitch comments as a related fix for [Bug] Cannot set custom HTTP headers for custom providers — Cloudflare 403 #9721/fix(cli): set User-Agent on /v1/models probe (Cloudflare 1010) #12906).

Closing as implemented. 🙏