Issue Station
Sign In
Tools hereToolbox

hermes - 💡(How to fix) Fix [Bug]: background-review fork can't read an external file — model calls skill_manage(action="read_file") and gets "Unknown action"

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…

Error Message

{"success": false, "error": "Unknown action 'read_file'. Use: create, edit, patch, delete, write_file, remove_file"}

Fix Action

Fix / Workaround

The background skill/memory review fork (agent/background_review.py) runs under a tool whitelist built from get_tool_definitions(enabled_toolsets=["memory","skills"]). When the fork is authoring or patching a skill that should reference an existing file, it needs to read that file first — and it has no way to:

  • skill_manage (tools/skill_manager_tool.py) has no read action. Calling one fails:

    {"success": false, "error": "Unknown action 'read_file'. Use: create, edit, patch, delete, write_file, remove_file"}

  • skill_view(name, file_path=...) is whitelisted but only reads files inside a skill directory (traversal-guarded) — it cannot read an arbitrary external file (a repo source file, a config the skill should document, etc.).

  • The generic read_file tool is in the file_tools toolset, which is not in ["memory","skills"], so it's denied by the runtime whitelist. On cache-parity (remote) providers it's still advertised (inherited parent tools[]), so the model sees it, calls it, and hits the deny-wall:

    Background review denied non-whitelisted tool: read_file. Only memory/skill tools are allowed.

  • (a) Add read_file to the review whitelist (review_whitelist.add("read_file")) + update the review prompt + add a whitelist test. read_file is read-only (device-path + read-size guarded, no write). Smallest change that actually closes the gap. Note: PR #27422 already proposed this, but it patches the pre-refactor run_agent.py (the code was since extracted into agent/background_review.py), has no tests, and is stale/unmerged.

  • (b) Add a scoped read_file/view_file action to skill_manage. Keeps the toolset surface unchanged but duplicates read logic.

  • (c) Do nothing — rely on skill_view(file_path=...). Rejected: only reads skill-internal files, not the external file this is about.

Code Example

{"success": false, "error": "Unknown action 'read_file'. Use: create, edit, patch, delete, write_file, remove_file"}

---

Background review denied non-whitelisted tool: read_file. Only memory/skill tools are allowed.
RAW_BUFFERClick to expand / collapse

Bug Description

The background skill/memory review fork (agent/background_review.py) runs under a tool whitelist built from get_tool_definitions(enabled_toolsets=["memory","skills"]). When the fork is authoring or patching a skill that should reference an existing file, it needs to read that file first — and it has no way to:

  • skill_manage (tools/skill_manager_tool.py) has no read action. Calling one fails: 
    {"success": false, "error": "Unknown action 'read_file'. Use: create, edit, patch, delete, write_file, remove_file"}
  • skill_view(name, file_path=...) is whitelisted but only reads files inside a skill directory (traversal-guarded) — it cannot read an arbitrary external file (a repo source file, a config the skill should document, etc.).
  • The generic read_file tool is in the file_tools toolset, which is not in ["memory","skills"], so it's denied by the runtime whitelist. On cache-parity (remote) providers it's still advertised (inherited parent tools[]), so the model sees it, calls it, and hits the deny-wall: 
    Background review denied non-whitelisted tool: read_file. Only memory/skill tools are allowed.

Observed repeatedly in real runs (the model also guesses skill_manage(action="read_file") when read_file isn't advertised).

Why it matters

Skills are meant to capture "how to do X for this user," which frequently means referencing concrete files. Without a read path, the review fork either fabricates content or silently gives up on the skill update.

Options

  • (a) Add read_file to the review whitelist (review_whitelist.add("read_file")) + update the review prompt + add a whitelist test. read_file is read-only (device-path + read-size guarded, no write). Smallest change that actually closes the gap. Note: PR #27422 already proposed this, but it patches the pre-refactor run_agent.py (the code was since extracted into agent/background_review.py), has no tests, and is stale/unmerged.
  • (b) Add a scoped read_file/view_file action to skill_manage. Keeps the toolset surface unchanged but duplicates read logic.
  • (c) Do nothing — rely on skill_view(file_path=...). Rejected: only reads skill-internal files, not the external file this is about.

Recommendation

(a), scoped and tested — pairing naturally with local-provider toolset narrowing so weak local models stop guessing a nonexistent skill_manage read action. Please refresh/supersede the stale #27422 rather than duplicate it (it's the same approach but targets the removed run_agent.py path). Happy to open the PR once an approach is blessed.

Environment

  • Hermes: current main
  • Surfaced via a local (OpenAI-compatible) provider, but the gap is provider-agnostic.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING