Issue Station
Sign In
Tools hereToolbox

hermes - ✅(Solved) Fix RouterMint custom-provider requests can fail with Cloudflare 1010 when Hermes omits User-Agent [1 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
NousResearch/hermes-agent#14439Fetched 2026-04-24 06:17:17
View on GitHub
Comments
1
Participants
2
Timeline
6
Reactions
0
Author
ReginaldasRReginaldasR
Participants
alt-glitchalt-glitchReginaldasRReginaldasR
Timeline (top)
labeled ×4commented ×1cross-referenced ×1

Error Message

  1. Observe a 403 with Cloudflare error code: 1010 on the blocked path.

Root Cause

There are multiple request paths in Hermes that talk to OpenAI-compatible endpoints:

  • the main runtime client in run_agent.py
  • generic /v1/models discovery / pricing helpers in hermes_cli/models.py
  • doctor health checks in hermes_cli/doctor.py

Some of those paths already set provider-specific headers for special endpoints, but RouterMint was not recognized and some generic probe paths still omitted User-Agent.

Fix Action

Fixed

PR fix notes

PR #14440: fix: send Hermes user agent to RouterMint and model probes

Description (problem / solution / changelog)

What does this PR do?

Fixes a RouterMint compatibility bug where some Hermes request paths omit an explicit User-Agent, which can trigger Cloudflare Browser Integrity Check (403, error code: 1010) even though the key, model, and payload are valid.

The fix makes Hermes identify itself consistently across:

  • the main runtime client in run_agent.py
  • generic OpenAI-compatible /v1/models pricing / discovery helpers in hermes_cli/models.py
  • doctor's /models health checks in hermes_cli/doctor.py

Related Issue

Fixes #14439

Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✅ Tests (adding or improving test coverage)

Changes Made

  • Add a RouterMint-specific default header helper in run_agent.py.
  • Apply User-Agent: HermesAgent/<version> when base_url matches api.routermint.com.
  • Ensure generic /models probe / pricing helpers send Hermes' own User-Agent.
  • Ensure hermes doctor sends Hermes' own User-Agent on OpenAI-compatible health checks.
  • Add a regression test covering the RouterMint runtime header path.

How to Test

  1. Configure Hermes with a RouterMint custom provider using https://api.routermint.com/v1.
  2. Verify chat completions succeed without Cloudflare 1010 blocks.
  3. Run pytest tests/run_agent/test_provider_attribution_headers.py tests/hermes_cli/test_model_validation.py -q.

Checklist

Code

  • I've read the Contributing Guide
  • My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
  • I searched for existing PRs to make sure this isn't a duplicate
  • My PR contains only changes related to this fix/feature (no unrelated commits)
  • I've run pytest tests/ -q and all tests pass (run on 2026-04-23; current local result: 82 failed, 14678 passed, 53 skipped, so this remains unchecked)
  • I've added tests for my changes (required for bug fixes, strongly encouraged for features)
  • I've tested on my platform: macOS 15.x

Documentation & Housekeeping

  • I've updated relevant documentation (README, docs/, docstrings) — or N/A
  • I've updated cli-config.yaml.example if I added/changed config keys — or N/A
  • I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
  • I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
  • I've updated tool descriptions/schemas if I changed tool behavior — or N/A

Screenshots / Logs

  • Reproduced locally against RouterMint with a valid key: default Python/urllib client signature hit Cloudflare 403 error code: 1010, while the same request succeeded once an explicit User-Agent was set.
  • Full local suite run on 2026-04-23: pytest tests/ -q -> 82 failed, 14678 passed, 53 skipped, 206 warnings in 141.76s (0:02:21). Focused tests for this change still pass: pytest tests/run_agent/test_provider_attribution_headers.py tests/hermes_cli/test_model_validation.py -q -> 71 passed.

Changed files

  • hermes_cli/doctor.py (modified, +5/-1)
  • hermes_cli/models.py (modified, +8/-2)
  • run_agent.py (modified, +13/-0)
  • tests/run_agent/test_provider_attribution_headers.py (modified, +18/-0)
RAW_BUFFERClick to expand / collapse

Bug Description

Hermes can hit Cloudflare 1010 blocks against RouterMint because some OpenAI-compatible request paths do not send an explicit User-Agent header. RouterMint accepts the same request when sent with a normal client signature, but rejects the default Python/urllib fingerprint on some paths.

This shows up as a misleading custom-provider failure even though the API key, model, and payload are valid.

Steps to Reproduce

  1. Configure Hermes to use a RouterMint custom provider, for example:
    • base_url: https://api.routermint.com/v1
    • model: anthropic/claude-sonnet-4-6
  2. Use a RouterMint key that works with curl.
  3. Trigger Hermes request paths that rely on provider-specific or generic /models probing / doctor checks.
  4. Observe a 403 with Cloudflare error code: 1010 on the blocked path.

Expected Behavior

Hermes should identify itself consistently on custom OpenAI-compatible endpoint requests so reachable endpoints behind Cloudflare Browser Integrity Check are not rejected solely because of the client fingerprint.

Actual Behavior

Some Hermes paths send no explicit User-Agent, which falls back to a Python default signature. RouterMint can reject that with Cloudflare 1010, while the same request succeeds with a normal User-Agent.

Affected Component

  • Agent Core (conversation loop, client construction)
  • Configuration (custom OpenAI-compatible providers)
  • CLI (doctor / endpoint probing)

Operating System

macOS 15.x

Python Version

3.11.15

Hermes Version

0.10.0

Root Cause Analysis

There are multiple request paths in Hermes that talk to OpenAI-compatible endpoints:

  • the main runtime client in run_agent.py
  • generic /v1/models discovery / pricing helpers in hermes_cli/models.py
  • doctor health checks in hermes_cli/doctor.py

Some of those paths already set provider-specific headers for special endpoints, but RouterMint was not recognized and some generic probe paths still omitted User-Agent.

Proposed Fix

  • Add a RouterMint-specific header helper in run_agent.py and apply it when base_url matches api.routermint.com.
  • Ensure generic /models probe / pricing / doctor paths send Hermes' own User-Agent instead of relying on urllib/httpx defaults.
  • Add a regression test for the RouterMint header path.

extent analysis

TL;DR

Add a User-Agent header to Hermes requests to RouterMint to prevent Cloudflare 1010 blocks.

Guidance

  • Identify all request paths in Hermes that interact with OpenAI-compatible endpoints and ensure they set a User-Agent header.
  • Modify run_agent.py to include a RouterMint-specific header helper when the base_url matches api.routermint.com.
  • Update hermes_cli/models.py and hermes_cli/doctor.py to send a consistent User-Agent header for generic /models probe and doctor check requests.
  • Verify the fix by triggering the previously blocked requests and checking for a successful response.

Example

import httpx

# Set a consistent User-Agent header for Hermes requests
user_agent = "Hermes/0.10.0"

# Create a client with the custom User-Agent header
client = httpx.Client(headers={"User-Agent": user_agent})

# Use the client to make requests to RouterMint
response = client.get("https://api.routermint.com/v1/models")

Notes

The proposed fix assumes that adding a User-Agent header will prevent Cloudflare 1010 blocks. However, the root cause of the issue may be more complex, and additional debugging may be required.

Recommendation

Apply the workaround by adding a User-Agent header to Hermes requests to prevent Cloudflare 1010 blocks, as this is a targeted fix for the identified issue.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#API middleware#SSR setup#ISR setup#authentication setup

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING