PR #261: fix(config): auto-populate model.api_key for known-host custom providers (#260)

• Repository: fathah/hermes-desktop
• Author: pmos69
• State: open | merged: False
• Link: https://github.com/fathah/hermes-desktop/pull/261

Description (problem / solution / changelog)

Closes #260 (workaround — see "Why this is a workaround" below).

Symptom

User configures DeepSeek (or Groq, Mistral, etc.) as a custom provider through the Providers UI, sends a chat, gets:

``` Error: Error code: 401 - {'error': {'message': 'Authentication Fails, Your api key: ****ired is invalid', ...}} ```

The masked tail (`****ired`, or whatever the last 4 chars of the user's `OPENAI_API_KEY` happen to be) gives it away: an OpenAI key is being sent to api.deepseek.com.

Root cause (upstream, not fixable here)

Lives in `hermes-agent/hermes_cli/runtime_provider.py::_resolve_openrouter_runtime`. When `model.provider == "custom"` and the credential pool for the resolved `custom:<name>` is empty, the api_key fallback chain reads:

```python api_key_candidates = [ explicit_api_key, (cfg_api_key if use_config_base_url else ""), # model.api_key (os.getenv("OLLAMA_API_KEY") if _is_ollama_url else ""), os.getenv("OPENAI_API_KEY"), # ← leaks here os.getenv("OPENROUTER_API_KEY"), # ← or here ] ```

There's no provision for "if base_url points at DeepSeek, prefer `DEEPSEEK_API_KEY`" — the matching env var is never consulted. So even though the user typed `DEEPSEEK_API_KEY=...` into the Providers UI's env section, the gateway routes around it.

The desktop UI's "Credential Pool" section doesn't help either: the dropdown only offers literal "custom", so keys land under `credential_pool["custom"]`, while the gateway looks up `credential_pool["custom:deepseek"]`.

The workaround in this PR

`cfg_api_key` (inline `model.api_key` in config.yaml) does win the fallback chain before the leak. So `setModelConfig` now auto-copies the matching env var to `model.api_key` when:

• Provider is bare `"custom"`, and
• The configured `base_url` matches a known commercial host (`expectedEnvKeyForModel` from #250 already has the mapping table), and
• The matching `<NAME>_API_KEY` is set in the active profile's `.env`

If the env var is missing, or the provider switches, or the URL stops matching a known host, the stale `api_key` line is stripped on the next save — so it never lingers past relevance.

Scope is deliberately narrow:

• Local LLMs (Ollama, vLLM, LM Studio, …) → untouched (no URL match → no auto-key)
• Built-in providers (anthropic, openai, …) → untouched (only fires for bare "custom")
• Custom hosts with no `<NAME>_API_KEY` env var → untouched

Why this is a workaround

Right fix is upstream: `_resolve_openrouter_runtime` should drop the `OPENAI_API_KEY`/`OPENROUTER_API_KEY` candidates when the resolved base_url isn't openai.com / openrouter.ai. I'll file that on `NousResearch/hermes-agent` separately. Once it lands, this PR can be reverted with no user-visible change.

Tests

`tests/custom-provider-auto-key.test.ts` — 8 cases:

• DeepSeek + env set → writes api_key ✓
• Quoted env value → quotes stripped ✓
• Groq + env set → writes api_key ✓
• Env var missing → no api_key written ✓
• Localhost / unknown host → no api_key written ✓
• Non-custom provider → no api_key written ✓
• Stale api_key cleared on provider switch ✓
• Existing api_key updated in place when env value changes ✓

411/411 total passing. Typecheck clean.

🤖 Generated with Claude Code

Changed files

• src/main/config.ts (modified, +107/-1)
• tests/custom-provider-auto-key.test.ts (added, +190/-0)

---

PR #6: fix(security): gate OPENAI/OPENROUTER API keys on resolved host (#28660)

• Repository: na-navi/hermes-agent
• Author: na-navi
• State: open | merged: False
• Link: https://github.com/na-navi/hermes-agent/pull/6

Description (problem / solution / changelog)

🟡 Merge order: 7 / 12 — P0 security, straightforward host-gate pattern

Closes #28660 (P0 — security)

Problem

OPENAI_API_KEY and OPENROUTER_API_KEY were added unconditionally to api_key_candidates in three code paths. When provider="custom" with a non-OpenAI base URL (e.g. DeepSeek, Groq), the credential was sent to the unrelated endpoint.

Fix

Gate each provider-specific env var on the resolved host via base_url_host_matches(), matching the existing pattern for OLLAMA_API_KEY.

Risk assessment

Testing notes

• hermes chat with provider: custom, base_url: https://api.deepseek.com/v1 — confirm no sk-... is sent
• hermes chat with provider: openrouter — confirm OPENROUTER_API_KEY still resolves
• hermes chat with local LLM (no key) — confirm no-key-required fallback works

Files changed

• hermes_cli/runtime_provider.py (+16/-6)

Changed files

• hermes_cli/runtime_provider.py (modified, +16/-6)

---

PR #28884: fix(security): prevent API key leakage to non-authoritative custom endpoints

• Repository: NousResearch/hermes-agent
• Author: erhnysr
• State: open | merged: False
• Link: https://github.com/NousResearch/hermes-agent/pull/28884

Description (problem / solution / changelog)

Problem

Custom endpoint provider was forwarding OPENAI_API_KEY and OLLAMA_API_KEY to arbitrary hosts. A user pointing Hermes at a custom base URL (e.g. a local proxy or a lookalike domain) would silently send their real API keys to that endpoint.

Closes #28660.

Fix

• OPENAI_API_KEY is now only forwarded to hosts ending in openai.com
• OLLAMA_API_KEY is now only forwarded to hosts ending in ollama.com
• All other custom endpoints receive no-key-required unless a credential pool entry explicitly provides a key

Tests

113 tests passing. Added/updated tests covering path injection attacks, lookalike hosts, legitimate Ollama Cloud, and OpenRouter mirror URLs.

Security Impact

Prevents credential exfiltration when users configure custom or self-hosted endpoints.

Changed files

• hermes_cli/runtime_provider.py (modified, +10/-4)
• tests/hermes_cli/test_runtime_provider_resolution.py (modified, +79/-6)