mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-28 23:11:37 +08:00
65a31ee0d5
Third-party gateways that speak the native Anthropic protocol (MiniMax,
Zhipu GLM, Alibaba DashScope, Kimi, LiteLLM proxies) now work end-to-end
with the same feature set as direct api.anthropic.com callers. Synthesizes
eight stale community PRs into one consolidated change.
Five fixes:
- URL detection: consolidate three inline `endswith("/anthropic")`
checks in runtime_provider.py into the shared _detect_api_mode_for_url
helper. Third-party /anthropic endpoints now auto-resolve to
api_mode=anthropic_messages via one code path instead of three.
- OAuth leak-guard: all five sites that assign `_is_anthropic_oauth`
(__init__, switch_model, _try_refresh_anthropic_client_credentials,
_swap_credential, _try_activate_fallback) now gate on
`provider == "anthropic"` so a stale ANTHROPIC_TOKEN never trips
Claude-Code identity injection on third-party endpoints. Previously
only 2 of 5 sites were guarded.
- Prompt caching: new method `_anthropic_prompt_cache_policy()` returns
`(should_cache, use_native_layout)` per endpoint. Replaces three
inline conditions and the `native_anthropic=(api_mode=='anthropic_messages')`
call-site flag. Native Anthropic and third-party Anthropic gateways
both get the native cache_control layout; OpenRouter gets envelope
layout. Layout is persisted in `_primary_runtime` so fallback
restoration preserves the per-endpoint choice.
- Auxiliary client: `_try_custom_endpoint` honors
`api_mode=anthropic_messages` and builds `AnthropicAuxiliaryClient`
instead of silently downgrading to an OpenAI-wire client. Degrades
gracefully to OpenAI-wire when the anthropic SDK isn't installed.
- Config hygiene: `_update_config_for_provider` (hermes_cli/auth.py)
clears stale `api_key`/`api_mode` when switching to a built-in
provider, so a previous MiniMax custom endpoint's credentials can't
leak into a later OpenRouter session.
- Truncation continuation: length-continuation and tool-call-truncation
retry now cover `anthropic_messages` in addition to `chat_completions`
and `bedrock_converse`. Reuses the existing `_build_assistant_message`
path via `normalize_anthropic_response()` so the interim message
shape is byte-identical to the non-truncated path.
Tests: 6 new files, 42 test cases. Targeted run + tests/run_agent,
tests/agent, tests/hermes_cli all pass (4554 passed).
Synthesized from (credits preserved via Co-authored-by trailers):
#7410 @nocoo — URL detection helper
#7393 @keyuyuan — OAuth 5-site guard
#7367 @n-WN — OAuth guard (narrower cousin, kept comment)
#8636 @sgaofen — caching helper + native-vs-proxy layout split
#10954 @Only-Code-A — caching on anthropic_messages+Claude
#7648 @zhongyueming1121 — aux client anthropic_messages branch
#6096 @hansnow — /model switch clears stale api_mode
#9691 @TroyMitchell911 — anthropic_messages truncation continuation
Closes: #7366, #8294 (third-party Anthropic identity + caching).
Supersedes: #7410, #7367, #7393, #8636, #10954, #7648, #6096, #9691.
Rejects: #9621 (OpenAI-wire caching with incomplete blocklist — risky),
#7242 (superseded by #9691, stale branch),
#8321 (targets smart_model_routing which was removed in #12732).
Co-authored-by: nocoo <nocoo@users.noreply.github.com>
Co-authored-by: Keyu Yuan <leoyuan0099@gmail.com>
Co-authored-by: Zoee <30841158+n-WN@users.noreply.github.com>
Co-authored-by: sgaofen <135070653+sgaofen@users.noreply.github.com>
Co-authored-by: Only-Code-A <bxzt2006@163.com>
Co-authored-by: zhongyueming <mygamez@163.com>
Co-authored-by: Xiaohan Li <hansnow@users.noreply.github.com>
Co-authored-by: Troy Mitchell <i@troy-y.org>
183 lines
7.3 KiB
Python
183 lines
7.3 KiB
Python
"""Tests for ``_is_anthropic_oauth`` guard against third-party Anthropic-compatible providers.
|
|
|
|
The invariant: ``self._is_anthropic_oauth`` must only ever be True when
|
|
``self.provider == 'anthropic'`` (native Anthropic). Third-party providers
|
|
that speak the Anthropic protocol (MiniMax, Zhipu GLM, Alibaba DashScope,
|
|
Kimi, LiteLLM proxies, etc.) must never trip OAuth code paths — doing so
|
|
injects Claude-Code identity headers and system prompts that cause
|
|
401/403 from those endpoints.
|
|
|
|
This test class covers all FIVE sites that assign ``_is_anthropic_oauth``:
|
|
|
|
1. ``AIAgent.__init__`` (line ~1022)
|
|
2. ``AIAgent.switch_model`` (line ~1832)
|
|
3. ``AIAgent._try_refresh_anthropic_client_credentials`` (line ~5335)
|
|
4. ``AIAgent._swap_credential`` (line ~5378)
|
|
5. ``AIAgent._try_activate_fallback`` (line ~6536)
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
import pytest
|
|
|
|
from run_agent import AIAgent
|
|
|
|
|
|
# A plausible-looking OAuth token (``sk-ant-`` without the ``-api`` suffix).
|
|
_OAUTH_LIKE_TOKEN = "sk-ant-oauth-example-1234567890abcdef"
|
|
_API_KEY_TOKEN = "sk-ant-api-abcdef1234567890"
|
|
|
|
|
|
@pytest.fixture
|
|
def agent():
|
|
"""Minimal AIAgent construction, skipping tool discovery."""
|
|
with (
|
|
patch("run_agent.get_tool_definitions", return_value=[]),
|
|
patch("run_agent.check_toolset_requirements", return_value={}),
|
|
patch("run_agent.OpenAI"),
|
|
):
|
|
a = AIAgent(
|
|
api_key="test-key-1234567890",
|
|
base_url="https://openrouter.ai/api/v1",
|
|
quiet_mode=True,
|
|
skip_context_files=True,
|
|
skip_memory=True,
|
|
)
|
|
a.client = MagicMock()
|
|
return a
|
|
|
|
|
|
class TestOAuthFlagOnRefresh:
|
|
"""Site 3 — _try_refresh_anthropic_client_credentials."""
|
|
|
|
def test_third_party_provider_refresh_is_noop(self, agent):
|
|
"""Refresh path returns False immediately when provider != anthropic — the
|
|
OAuth flag can never be mutated for third-party providers. Double-defended
|
|
by the per-assignment guard at line ~5393 so future refactors can't
|
|
reintroduce the bug."""
|
|
agent.api_mode = "anthropic_messages"
|
|
agent.provider = "minimax" # ← third-party
|
|
agent._anthropic_api_key = "***"
|
|
agent._anthropic_client = MagicMock()
|
|
agent._is_anthropic_oauth = False
|
|
|
|
with (
|
|
patch("agent.anthropic_adapter.resolve_anthropic_token",
|
|
return_value=_OAUTH_LIKE_TOKEN),
|
|
patch("agent.anthropic_adapter.build_anthropic_client",
|
|
return_value=MagicMock()),
|
|
):
|
|
result = agent._try_refresh_anthropic_client_credentials()
|
|
|
|
# The function short-circuits on non-anthropic providers.
|
|
assert result is False
|
|
# And the flag is untouched regardless.
|
|
assert agent._is_anthropic_oauth is False
|
|
|
|
def test_native_anthropic_preserves_existing_oauth_behaviour(self, agent):
|
|
"""Regression: native anthropic with OAuth token still flips flag to True."""
|
|
agent.api_mode = "anthropic_messages"
|
|
agent.provider = "anthropic"
|
|
agent._anthropic_api_key = "***"
|
|
agent._anthropic_client = MagicMock()
|
|
agent._is_anthropic_oauth = False
|
|
|
|
with (
|
|
patch("agent.anthropic_adapter.resolve_anthropic_token",
|
|
return_value=_OAUTH_LIKE_TOKEN),
|
|
patch("agent.anthropic_adapter.build_anthropic_client",
|
|
return_value=MagicMock()),
|
|
):
|
|
result = agent._try_refresh_anthropic_client_credentials()
|
|
|
|
assert result is True
|
|
assert agent._is_anthropic_oauth is True
|
|
|
|
|
|
class TestOAuthFlagOnCredentialSwap:
|
|
"""Site 4 — _swap_credential (credential pool rotation)."""
|
|
|
|
def test_pool_swap_on_third_party_never_flips_oauth(self, agent):
|
|
agent.api_mode = "anthropic_messages"
|
|
agent.provider = "glm" # ← Zhipu GLM via /anthropic
|
|
agent._anthropic_api_key = "old-key"
|
|
agent._anthropic_base_url = "https://open.bigmodel.cn/api/anthropic"
|
|
agent._anthropic_client = MagicMock()
|
|
agent._is_anthropic_oauth = False
|
|
|
|
entry = MagicMock()
|
|
entry.runtime_api_key = _OAUTH_LIKE_TOKEN
|
|
entry.runtime_base_url = "https://open.bigmodel.cn/api/anthropic"
|
|
|
|
with patch("agent.anthropic_adapter.build_anthropic_client",
|
|
return_value=MagicMock()):
|
|
agent._swap_credential(entry)
|
|
|
|
assert agent._is_anthropic_oauth is False
|
|
|
|
|
|
class TestOAuthFlagOnConstruction:
|
|
"""Site 1 — AIAgent.__init__ on a third-party anthropic_messages provider."""
|
|
|
|
def test_minimax_init_does_not_flip_oauth(self):
|
|
with (
|
|
patch("run_agent.get_tool_definitions", return_value=[]),
|
|
patch("run_agent.check_toolset_requirements", return_value={}),
|
|
patch("agent.anthropic_adapter.build_anthropic_client",
|
|
return_value=MagicMock()),
|
|
# Simulate a stale ANTHROPIC_TOKEN in the env — the init code
|
|
# MUST NOT fall back to it when provider != anthropic.
|
|
patch("agent.anthropic_adapter.resolve_anthropic_token",
|
|
return_value=_OAUTH_LIKE_TOKEN),
|
|
):
|
|
agent = AIAgent(
|
|
api_key="minimax-key-1234",
|
|
base_url="https://api.minimax.io/anthropic",
|
|
provider="minimax",
|
|
api_mode="anthropic_messages",
|
|
model="claude-sonnet-4-6",
|
|
quiet_mode=True,
|
|
skip_context_files=True,
|
|
skip_memory=True,
|
|
)
|
|
|
|
# The effective key should be the explicit minimax-key, not the
|
|
# stale Anthropic OAuth token, and the OAuth flag must be False.
|
|
assert agent._anthropic_api_key == "minimax-key-1234"
|
|
assert agent._is_anthropic_oauth is False
|
|
|
|
|
|
class TestOAuthFlagOnFallbackActivation:
|
|
"""Site 5 — _try_activate_fallback targeting a third-party Anthropic endpoint."""
|
|
|
|
def test_fallback_to_third_party_does_not_flip_oauth(self, agent):
|
|
"""Directly mimic the post-fallback assignment at line ~6537."""
|
|
from agent.anthropic_adapter import _is_oauth_token
|
|
|
|
# Emulate the relevant lines of _try_activate_fallback without
|
|
# running the entire recovery stack (which pulls in streaming,
|
|
# sessions, etc.).
|
|
fb_provider = "minimax"
|
|
effective_key = _OAUTH_LIKE_TOKEN
|
|
agent._is_anthropic_oauth = (
|
|
_is_oauth_token(effective_key) if fb_provider == "anthropic" else False
|
|
)
|
|
assert agent._is_anthropic_oauth is False
|
|
|
|
|
|
class TestApiKeyTokensAlwaysSafe:
|
|
"""Regression: plain API-key shapes must always resolve to non-OAuth, any provider."""
|
|
|
|
def test_native_anthropic_with_api_key_token(self):
|
|
from agent.anthropic_adapter import _is_oauth_token
|
|
assert _is_oauth_token(_API_KEY_TOKEN) is False
|
|
|
|
def test_third_party_key_shape(self):
|
|
from agent.anthropic_adapter import _is_oauth_token
|
|
# Third-party key shapes (MiniMax 'mxp-...', GLM 'glm.sess.', etc.)
|
|
# already return False from _is_oauth_token; the guard adds a second
|
|
# defense line in case future token formats accidentally look OAuth-y.
|
|
assert _is_oauth_token("mxp-abcdef123") is False
|