fix: clear stale api_key on provider switch#18906
Closed
zons-zhaozhy wants to merge 4 commits into
Closed
Conversation
…elapsed to footer Minimal change to response box framing: - Header (╭): appends HH:MM:SS after the branding label - Footer (╰): appends end time (HH:MM:SS) and elapsed duration (e.g. 3.2s or 1m38s) on the right side Uses existing _prompt_start_time for elapsed calculation, so no new state needed. No config toggle — always visible (matches status bar behavior).
…splay Each streaming response within a turn now gets its own _stream_box_start timestamp. Header shows when that specific response started; footer shows elapsed for that response only — not cumulative turn time. Previously _prompt_start_time (set once per turn, cleared after the agent thread exits) was reused, so every sub-response box accumulated elapsed from the turn start.
…arch/hermes-agent into feat/cli-response-timestamp-v2
When switching providers via `hermes model`, the previous provider's
api_key (if stored in config.yaml model.api_key) was not cleared,
causing cross-provider key contamination. For example, switching from
OpenRouter to Ollama Cloud would leave the OpenRouter key in place,
leading to auth errors on the new provider.
Add model.pop("api_key", None) to all 14 provider switch paths in
main.py, mirroring the existing correct behavior in auth.py:3643.
Custom provider paths (_model_flow_custom, _model_flow_named_custom)
retain their conditional write: set api_key when present, pop when
absent. All other providers authenticate via env vars or OAuth and
never write model.api_key, so the pop is purely defensive.
Fixes NousResearch#14134
Collaborator
Collaborator
|
Duplicate of #14373 |
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When switching providers via
hermes model, the previous provider'sapi_key(if stored inconfig.yaml model.api_key) was not cleared,causing cross-provider key contamination.
Reproduction
model.api_keymodel.api_keyFix
Add
model.pop("api_key", None)to all 14 provider switch paths inhermes_cli/main.py, mirroring the existing correct behavior inauth.py:3643.Stepfun, Azure Foundry, API-key providers): unconditional pop — these
authenticate via env vars or OAuth and never write
model.api_key._model_flow_custom,_model_flow_named_custom):conditional write — set api_key when user provides one, pop when absent.
Scope
hermes_cli/main.py(+29 lines)Fixes #14134