hermes - ✅(Solved) Fix [Bug]: API Server backend tasks: dangerous command approval dialog never appears (blocks/hangs forever) [1 pull requests, 2 comments, 2 participants]

hermes2026-05-04 12:07:26

ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

GitHub issue URL

Helpful · Quick feedback

GitHub stats

NousResearch/hermes-agent#19731•Fetched 2026-05-05 06:05:27

View on GitHub

Comments

Participants

Timeline

Reactions

Author

chengkang0720-hub

Participants

alt-glitch

chengkang0720-hub

Timeline (top)

labeled ×4commented ×2cross-referenced ×1

Error Message

An interactive confirmation dialog (Approve/Deny) should appear in the dashboard, or at minimum the task should fail immediately with a clear error message.

APIServerAdapter.send() returns: SendResult(success=False, error="API server uses HTTP request/response, not send()")

Additional Logs / Traceback (optional)

Root Cause

Root Cause Analysis (optional)

Fix Action

Fixed

Fixed by PR: fix(gateway): fail fast on undeliverable approval notifications (https://github.com/NousResearch/hermes-agent/pull/19803)

PR fix notes

PR #19803: fix(gateway): fail fast on undeliverable approval notifications

Repository: NousResearch/hermes-agent
Author: konsisumer
State: open | merged: False
Link: https://github.com/NousResearch/hermes-agent/pull/19803

Description (problem / solution / changelog)

Stops the 5-minute hang when a dangerous command needs approval but the platform adapter can't deliver the prompt to the user.

What changed and why

_approval_notify_sync (in gateway/run.py) used to swallow SendResult(success=False) and exceptions raised by adapter.send(). The notify_cb returned normally, the approval entry stayed queued, and the agent thread blocked on entry.event.wait(timeout=gateway_timeout) for the full 5 minutes — the user never saw the prompt, and there was no path to resolve it via /approve or /deny.
The fallback send() result is now checked: if success is False (or send() raises), we log and re-raise. The existing safety net in tools.approval.check_all_command_guards already catches exceptions from notify_cb, drains the entry from _gateway_queues, and returns a BLOCKED: Failed to send approval request to user result — we just have to reach it.
Concretely fixes the /background flow on the API Server adapter (APIServerAdapter.send always returns SendResult(success=False, error="API server uses HTTP request/response, not send()")), but applies to any adapter where push delivery is unavailable.
Adds test_notify_cb_failure_blocks_fast_without_waiting_for_timeout in tests/tools/test_approval_plugin_hooks.py that registers a notify_cb mimicking the API Server failure and asserts the guard returns BLOCKED in well under the configured gateway_timeout.

How to test

pytest tests/tools/test_approval_plugin_hooks.py -q (the new regression test plus the existing 5)
pytest tests/tools/test_approval_plugin_hooks.py tests/gateway/test_approve_deny_commands.py tests/gateway/test_background_command.py tests/gateway/test_session_boundary_security_state.py -q (related approval and background-command suites all pass)
Manual repro of the original hang requires an API Server gateway session; this isn't reproducible in local pytest, so the regression test simulates the failure pattern at the notify_cb seam.

What platforms tested on

macOS on darwin-arm64 (local)

Fixes #19731

Changed files

gateway/run.py (modified, +17/-1)
tests/tools/test_approval_plugin_hooks.py (modified, +52/-0)

Code Example

API Server (dashboard) platform adapter does not implement push-based approval notifications. Telegram, Discord, Feishu, and Slack adapters implement send_exec_approval() with native button callbacks. The API Server adapter inherits from BasePlatformAdapter without this capability.
    
    Key files:
    - gateway/platforms/api_server.py:2895-2905 — send() always fails
    - gateway/platforms/api_server.py — send_exec_approval not implemented
    - tools/approval.py:390-404 — _gateway_notify_cbs callback registration
    - gateway/run.py:8682-8789 — _handle_background_command / _run_background_task

---

RAW_BUFFERClick to expand / collapse

Bug Description

When running a dangerous command (e.g., dd if=/dev/zero of=/dev/sda) via a backend task started with /background, the approval confirmation dialog never appears. The task hangs indefinitely or times out.

Steps to Reproduce

Start Hermes Agent via dashboard (API Server platform) 2. Run /background echo "test" — backend task works fine 3. Run /background sudo rm -rf / --no-preserve-root — dangerous command detected but no confirmation dialog shows 4. The task hangs with no user-facing prompt

Expected Behavior

An interactive confirmation dialog (Approve/Deny) should appear in the dashboard, or at minimum the task should fail immediately with a clear error message.

Actual Behavior

- The command is flagged as dangerous by terminal_tool.py:_check_all_guards
- approval.py:_approval_notify_sync is called
- APIServerAdapter.send_exec_approval() is NOT implemented (inherits from BasePlatformAdapter)
- Falls back to adapter.send() which always returns success=False
- APIServerAdapter.send() returns: SendResult(success=False, error="API server uses HTTP request/response, not send()")
- Backend task blocks forever on entry.event.wait(timeout=approval_timeout)

Affected Component

CLI (interactive chat)

Messaging Platform (if gateway-related)

N/A (CLI only)

Debug Report

API Server (dashboard) platform adapter does not implement push-based approval notifications. Telegram, Discord, Feishu, and Slack adapters implement send_exec_approval() with native button callbacks. The API Server adapter inherits from BasePlatformAdapter without this capability.
    
    Key files:
    - gateway/platforms/api_server.py:2895-2905 — send() always fails
    - gateway/platforms/api_server.py — send_exec_approval not implemented
    - tools/approval.py:390-404 — _gateway_notify_cbs callback registration
    - gateway/run.py:8682-8789 — _handle_background_command / _run_background_task

Operating System

macOS

Python Version

No response

Hermes Version

No response

Additional Logs / Traceback (optional)

Root Cause Analysis (optional)

No response

Proposed Fix (optional)

No response

Are you willing to submit a PR for this?

I'd like to fix this myself and submit a PR

extent analysis

TL;DR

Implementing the send_exec_approval method in the APIServerAdapter class is likely the most straightforward fix to enable approval confirmation dialogs for dangerous commands.

Guidance

Review the API Server platform adapter implementation in gateway/platforms/api_server.py to understand why send_exec_approval is not implemented.
Compare the APIServerAdapter with other adapters like Telegram, Discord, Feishu, and Slack to see how they implement send_exec_approval with native button callbacks.
Consider implementing a similar approach for the API Server adapter to support push-based approval notifications.
Verify that the approval.py and gateway/run.py files are correctly handling the approval notification callbacks and background task execution.

Example

# Example implementation of send_exec_approval in APIServerAdapter
class APIServerAdapter(BasePlatformAdapter):
    def send_exec_approval(self, command, callback_url):
        # Implement API Server specific logic to send approval notification
        # with a callback URL to handle user approval or denial
        pass

Notes

The fix may require modifications to the gateway/platforms/api_server.py file and potentially other related files. It's essential to test the changes thoroughly to ensure that the approval confirmation dialog works correctly for dangerous commands.

Recommendation

Apply workaround: Implement the send_exec_approval method in the APIServerAdapter class to enable approval confirmation dialogs for dangerous commands. This approach allows for a targeted fix without requiring a full version upgrade or significant changes to the existing codebase.

Vote matrix · Quick signals

Works

Did the solution work? Tap to confirm.

Easy Fix

Was it a quick fix?

Time Saver

Did it save you time?

Blocking

Was it severely blocking?

Common Issue

Are others likely hitting this too?

Flaky / Intermittent

Is it intermittent?

Verified / Reproducible

Can you reproduce it reliably?

#api #mixed precision #training loop #device allocation #model download

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

hermes - ✅(Solved) Fix [Bug]: API Server backend tasks: dangerous command approval dialog never appears (blocks/hangs forever) [1 pull requests, 2 comments, 2 participants]

Recommended Tools

GitHub issue graph ai analysis

Error Message

Additional Logs / Traceback (optional)

Root Cause

Root Cause Analysis (optional)

Fix Action

Fixed

PR fix notes

PR #19803: fix(gateway): fail fast on undeliverable approval notifications

Description (problem / solution / changelog)

What changed and why

How to test

What platforms tested on

Changed files

Code Example

Bug Description

Steps to Reproduce

Expected Behavior

Actual Behavior

Affected Component

Messaging Platform (if gateway-related)

Debug Report

Operating System

Python Version

Hermes Version

Additional Logs / Traceback (optional)

Root Cause Analysis (optional)

Proposed Fix (optional)

Are you willing to submit a PR for this?

extent analysis

TL;DR

Guidance

Example

Notes

Recommendation

Still need to ship something?

RELATED_DISCOVERY

TRENDING