fix(tools): strip slash-containing enum values for xAI Responses

[gbarany]

What does this PR do?

Fixes a 100%-broken state for any user on the xAI provider (xai/xai-oauth) who also has the Brave Search MCP enabled. Brave's brave_llm_context and brave_place_search tools advertise an HTTP-header accept parameter as {"type": "string", "enum": ["application/json", "*/*"]}. xAI's /v1/responses schema validator rejects any string enum value containing /, replies with HTTP 200 plus a single SSE event: error frame whose message is the opaque "Invalid arguments passed to the model.", then closes the stream. Hermes retries three times and aborts the turn.

The fix is a new strip_xai_incompatible_enum_values() sanitizer in tools/schema_sanitizer.py that drops any enum constraint containing a slash-bearing string value. It's wired into agent/chat_completion_helpers.build_api_kwargs alongside the existing strip_pattern_and_format call (same xAI gate, same deep-copy-then-strip pattern). Other Responses-compatible backends are not touched.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• Tests (adding or improving test coverage)

Changes Made

• tools/schema_sanitizer.py — new strip_xai_incompatible_enum_values(tools) helper. Walks both OpenAI-format and Responses-format tool entries. If any string enum value contains /, drops the entire enum constraint (rather than narrowing the list, which would silently change the model-visible value space). Logs malformed (non-list) enums at DEBUG. Emits a sibling DEBUG log when the strip fires.
• agent/chat_completion_helpers.py — adds the new sanitizer to the existing xAI tool-schema transform pass, on a deep-copied tool list so the shared registry stays valid for non-xAI turns served by the same process.
• tests/tools/test_schema_sanitizer.py — 13 new unit tests (OpenAI format, Responses format, drops whole enum on mixed values, nested schemas, no-op when clean, empty list, array items enum, anyOf union, mixed non-string members, all-stripped with sibling default, malformed enum, caller-deepcopy contract, returned list-reference identity).
• tests/run_agent/test_run_agent_codex_responses.py — 3 integration tests verifying _build_api_kwargs strips for xAI agents, leaves slash enums untouched for non-xAI, and that preflight remains provider-neutral.
• tests/agent/transports/test_codex_transport.py — renamed test class to TestCodexPreflightProviderNeutral, pinning that preflight does not apply provider policy and does not mutate caller-owned schemas.

How to Test

Reproduce against xAI directly without Hermes:

from openai import OpenAI
client = OpenAI(api_key=XAI_OAUTH_TOKEN, base_url="https://api.x.ai/v1")
gen = client.responses.create(
    model="grok-4.3",
    input=[{"role":"user","content":"hi"}],
    instructions="You are Hermes.",
    store=False, stream=True,
    tools=[{"type":"function","name":"x","description":"x","strict":False,
            "parameters":{"type":"object","properties":{
                "accept":{"type":"string","enum":["application/json","*/*"]}}}}],
)
next(iter(gen))  # first SSE frame is event: error, "Invalid arguments passed to the model."

Drop */* (or any value containing /) from the enum and the same call streams response.completed.

In Hermes itself: enable the Brave Search MCP and pick xai-oauth + grok-4.3 — every turn fails on main before this PR and succeeds after.

Confirmed empirically (any string enum value containing / triggers the rejection):

Enum value	xAI accepts?
"application/json"	rejected
"*/*"	rejected
"text/plain"	rejected
"text/*"	rejected
"a/b"	rejected
"foo*bar"	accepted
"foo", "bar"	accepted

Test runs

pytest tests/tools/test_schema_sanitizer.py -v       # all pass (13 new)
pytest tests/run_agent/test_run_agent_codex_responses.py -k "preflight or xai or build_api_kwargs"
                                                      # all pass (3 new)
pytest tests/tools/test_schema_sanitizer.py \
       tests/run_agent/test_run_agent_codex_responses.py \
       tests/agent/transports/test_codex_transport.py
                                                      # all pass

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(tools):, refactor(tools):, test(tools):)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix
• I've run the suite on every touched module and all preflight/xAI tests
• I've added tests for my changes
• I've tested on my platform: macOS 15 (Darwin 25.5.0), Python 3.11, nousresearch/hermes-agent:main

Documentation & Housekeeping

• I've updated relevant documentation — N/A (the new sanitizer has a thorough docstring; behavior change is internal)
• I've updated cli-config.yaml.example — N/A (no new config keys)
• I've updated CONTRIBUTING.md or AGENTS.md — N/A (no workflow/architecture change)
• I've considered cross-platform impact — pure Python string manipulation, no platform-specific paths
• I've updated tool descriptions/schemas — N/A (no tool added or modified)

Notes for reviewers

• The xAI tool-schema policy now lives in one place (chat_completion_helpers.build_api_kwargs) alongside the existing strip_pattern_and_format call — same gate, same deep-copy, same try/except. Preflight remains provider-neutral validation.
• On mixed enums (e.g. ["fast", "fast/precise", "precise"]), the entire enum constraint is dropped rather than narrowed to ["fast", "precise"]. Narrowing would silently change the accepted value space for that property in ways a user couldn't see from their schema — dropping the constraint keeps type: string typing, so free-form values still validate, but doesn't pretend the model never knew about the missing values.
• Follow-up worth considering separately: surface xAI's event: error frame's message field in the user-visible error along with the offending tool name when available. Today the openai SDK collapses the frame into the generic _StreamErrorEvent summary so neither Hermes nor the user can tell which tool is bad.

Screenshots / Logs

Before (on nousresearch/hermes-agent:main, fresh hello):

API call failed (attempt N/3) error_type=_StreamErrorEvent
provider=xai-oauth base_url=https://api.x.ai/v1 model=grok-4.3
summary=Invalid arguments passed to the model.

Captured wire response (first SSE frame from xAI):

event: error
data: {"sequence_number":0,"type":"error","code":null,
       "message":"Invalid arguments passed to the model.","param":null}

After the patch — same request body succeeds, with the sanitizer logging:

schema_sanitizer: stripped 2 slash-containing enum value(s) from tool schemas (xAI Responses compatibility)

[teknium1]

Closing — the deepcopy correctness fix from your PR was salvaged into #34416 (#34416) with your authorship preserved (Co-authored-by: trailer on the merge commit 1386a7e4).

What landed:

• _copy.deepcopy(tools_for_api) before the sanitizer calls in chat_completion_helpers.build_api_kwargs AND the symmetric site in auxiliary_client.py (which used list(tools) — only a shallow copy — and had the same mutation issue).
• 3 new tests, including the headline does_not_mutate_agent_tools regression that asserts agent.tools survives intact after a build_api_kwargs call.

What didn't land, and why:

• strip_xai_incompatible_enum_values — the existing strip_slash_enum in tools/schema_sanitizer.py is functionally equivalent and was wired up at both call sites by PR fix(xai-oauth): strip service_tier and add gated slash-enum safety-net (#28490) #32443 (@Nami4D) two days before this salvage. We didn't need a parallel implementation.
• The preflight-provider-neutrality refactor — PR fix(xai-oauth): strip service_tier and add gated slash-enum safety-net (#28490) #32443 took the opposite design path (model-gated preflight strip as a defense-in-depth safety net). Both designs have merits; we went with the model-gated preflight because it catches future bypass paths that forget to sanitize earlier.

Thank you for the careful empirical work mapping which xAI enum values get rejected (application/json rejected, text/* rejected, foo*bar accepted) and for identifying the mutation as a separate bug from the rejection itself. Without your PR the mutation bug would have stayed on main even post-#32443.