fix(run_agent): forward api_key/base_url/api_mode to background review agent (#15543)

[briandevans]

Summary

• _spawn_background_review() now passes api_key, base_url, and api_mode from the parent agent to the review agent constructor
• Adds 7 regression tests covering credential propagation across provider types

The bug

Custom providers (self-hosted endpoints, proxies) resolve their credentials from config.yaml at AIAgent init time — the resolved api_key and base_url live on the parent instance. When _spawn_background_review() spawned the child agent with only provider=self.provider, the child re-ran credential resolution from scratch. For custom providers not in PROVIDER_REGISTRY, this found nothing and raised:

⚠ Auxiliary background review failed: No LLM provider configured. Run `hermes model` to select a provider, or run `hermes setup` for first-time configuration.

The fix

Three additional kwargs in the AIAgent(...) constructor call inside _run_review():

review_agent = AIAgent(
    model=self.model,
    ...
    api_key=self.api_key,    # ← new: already-resolved credentials
    base_url=self.base_url,  # ← new
    api_mode=self.api_mode,  # ← new
    parent_session_id=self.session_id,
)

The parent's credentials are already fully resolved at this point — no re-resolution needed, and no environment variables or config files need to be consulted again.

Test plan

• Before: 6/7 credential tests fail without the fix (api_key/base_url/api_mode not in constructor kwargs)
• After: 7/7 pass
• Regression guard: reverted the fix → observed AssertionError: assert None == 'sk-custom-key-abcdefgh'; restored → 0 failures
• Broader suite: tests/run_agent/ — 1058 passed, 1 pre-existing baseline (test_inf_stays_string_for_integer_only fails on clean origin/main)
• Adjacent tests/run_agent/test_background_review_summary.py — 8 passed

Related

• Fixes Background Review Agent Fails with Custom Providers (Missing api_key/base_url) #15543

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR fixes background review agent initialization so it inherits already-resolved provider credentials/config from the parent AIAgent, preventing failures for custom providers that can’t be re-resolved from config/env in the child thread (issue #15543).

Changes:

• Forward api_key, base_url, and api_mode from the parent agent to the background review agent constructor.
• Add regression tests that verify credential propagation into the background review agent across multiple provider/api_mode scenarios.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
run_agent.py	Passes resolved api_key/base_url/api_mode into the background review AIAgent to avoid re-resolving credentials.
tests/run_agent/test_background_review_credentials.py	Adds regression coverage validating that the background review agent receives the parent’s resolved credentials/config.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[briandevans]

Thanks @copilot — both findings are real. Addressed in 58054e6a.

1. staticmethod on SimpleNamespace (line 47) ✅ — You're right: staticmethod only acts as a descriptor when defined on a class, not when assigned to a SimpleNamespace attribute. The runtime path calls self._summarize_background_review_actions(...) which would return the wrapper object (not the lambda), causing a silent TypeError swallowed by the surrounding except Exception. Dropped the staticmethod() wrapper — it's a plain callable now.

2. Ignored done.wait() return value (line 74) ✅ — If the background thread stalled, the with patch(...) context exited, run_agent.AIAgent was unpatched, and assertions ran against an empty captured dict producing a false PASS. Now asserts the result: assert done.wait(timeout=5), "background thread did not call AIAgent within 5 s".

[briandevans]

Both Copilot findings addressed in 58054e6a:

1. staticmethod(lambda) descriptor issue — replaced the SimpleNamespace stub with a proper MagicMock that supports attribute access correctly.
2. done.wait(timeout=5) ignoring return value — added assert done.wait(timeout=5) so a timeout causes the test to fail with a clear message instead of silently proceeding to unpatch.

[briandevans]

Closing — superseded by @teknium1's #16099, which is the better fix here.

@teknium1's PR introduced a _parent_runtime dict that captures the parent agent's live runtime credentials (api_key, base_url, api_mode) at the moment the background review forks, and additionally propagates credential_pool for rotated credentials. This is structurally cleaner than my approach of reading self.* directly:

Aspect	This PR (#15645)	#16099 (teknium1, merged)
Credential source	self.api_key/base_url/api_mode	_parent_runtime.get(...) snapshot
credential_pool propagation	not handled	yes, via getattr(self, '_credential_pool', None)
Live-runtime override safety	reads instance attrs that may have been mutated	snapshot at fork time
Toolset restriction	no	adds enabled_toolsets=["memory","skills"]

Thanks @teknium1 for the more thorough fix.