From 85973e0082fae1c74bc1f2e59b91b9c78e4a6482 Mon Sep 17 00:00:00 2001 From: SHL0MS Date: Mon, 6 Apr 2026 12:11:21 -0400 Subject: [PATCH] fix(nous): don't use OAuth access_token as inference API key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When agent_key is missing from auth state (expired, not yet minted, or mint failed silently), the fallback chain fell through to access_token — an OAuth bearer token for the Nous portal API, not an inference credential. The Nous inference API returns 404 because the OAuth token is not a valid inference key. Remove the access_token fallback so an empty agent_key correctly triggers resolve_nous_runtime_credentials() to mint a fresh key. Closes #5562 --- hermes_cli/runtime_provider.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hermes_cli/runtime_provider.py b/hermes_cli/runtime_provider.py index 5278b5b92..8ed601913 100644 --- a/hermes_cli/runtime_provider.py +++ b/hermes_cli/runtime_provider.py @@ -495,7 +495,11 @@ def _resolve_explicit_runtime( explicit_base_url or str(state.get("inference_base_url") or auth_mod.DEFAULT_NOUS_INFERENCE_URL).strip().rstrip("/") ) - api_key = explicit_api_key or str(state.get("agent_key") or state.get("access_token") or "").strip() + # Only use agent_key for inference — access_token is an OAuth token for the + # portal API (minting keys, refreshing tokens), not for the inference API. + # Falling back to access_token sends an OAuth bearer token to the inference + # endpoint, which returns 404 because it is not a valid inference credential. + api_key = explicit_api_key or str(state.get("agent_key") or "").strip() expires_at = state.get("agent_key_expires_at") or state.get("expires_at") if not api_key: creds = resolve_nous_runtime_credentials(