Skip to content

Fix: Custom providers sharing same base_url use wrong API credentials#14142

Closed
happy5318 wants to merge 1 commit into
NousResearch:mainfrom
happy5318:fix/custom-provider-credential-pool-conflict-v2
Closed

Fix: Custom providers sharing same base_url use wrong API credentials#14142
happy5318 wants to merge 1 commit into
NousResearch:mainfrom
happy5318:fix/custom-provider-credential-pool-conflict-v2

Conversation

@happy5318

@happy5318 happy5318 commented Apr 22, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes #14141

When multiple custom_providers share the same base_url (e.g., all pointing to a unified API gateway), the credential pool resolution in _resolve_named_custom_runtime returns credentials from the first matching provider instead of the requested provider.

Changes

  • Modified _resolve_named_custom_runtime() in hermes_cli/runtime_provider.py to prioritize the provider's own api_key field before falling back to the shared credential pool
  • This ensures each provider uses its configured credentials even when sharing a base_url with other providers

Root Cause

The credential pool is keyed by base_url. When multiple custom providers share the same base_url, the pool lookup (get_custom_provider_pool_key()) returns whichever provider was registered first in the configuration, ignoring the actual requested provider.

Testing

  • Verified that switching between multiple custom providers with the same base_url now uses the correct API key for each
  • Confirmed that requests are properly authenticated and routed to the correct channels

Backward Compatibility

This change is backward compatible. Providers that don't have their own api_key will still fall back to the credential pool and environment variables as before.

@happy5318
fix: prioritize provider's own api_key in _resolve_named_custom_runtime
97ff769 
When multiple custom_providers share the same base_url (e.g., a unified
API gateway like New API), the credential pool matches by base_url and
returns credentials from the first matching provider, not the requested
one.

This fix changes _resolve_named_custom_runtime to prioritize the
provider's own api_key field before falling back to the shared
credential pool, ensuring each provider uses its correct credentials.

Fixes: credential pool returns wrong provider's API key when base_url is shared
@alt-glitch alt-glitch added type/bug Something isn't working P1 High — major feature broken, no workaround comp/cli CLI entry point, hermes_cli/, setup wizard area/auth Authentication, OAuth, credential pools area/config Config system, migrations, profiles labels Apr 22, 2026
@alt-glitch alt-glitch mentioned this pull request Apr 23, 2026
Closed
19 tasks
This was referenced May 3, 2026
Closed
Closed
Closed
@teknium1

teknium1 commented May 24, 2026

Copy link
Copy Markdown
Contributor

Closing as already fixed on main.

Triage notes (high confidence):
Bug #14141 already fixed on main: agent/credential_pool.py:318 get_custom_provider_pool_key now accepts provider_name and matches by name first; hermes_cli/runtime_provider.py:694 passes provider_name into _try_resolve_from_custom_pool. Multiple custom providers sharing a base_url now resolve to the right pool key.

If you still see this on the latest version, please reopen with reproduction steps.

(Bulk-closed during a CLI triage sweep.)

@teknium1 teknium1 closed this May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/auth Authentication, OAuth, credential pools area/config Config system, migrations, profiles comp/cli CLI entry point, hermes_cli/, setup wizard P1 High — major feature broken, no workaround type/bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Custom providers sharing same base_url use wrong API credentials

3 participants

@happy5318 @teknium1 @alt-glitch