fix: ignore placeholder provider keys in provider activation checks

Add has_usable_secret() to reject empty, short (<4 char), and common placeholder API key values (changeme, your_api_key, placeholder, etc.) throughout the auth/runtime resolution chain. Update list_available_providers() to use provider-specific auth status via get_auth_status() instead of resolve_runtime_provider(), preventing cross-provider key fallback from making providers appear available when they aren't actually configured. Preserve keyless custom endpoint support by checking via base URL. Cherry-picked from PR #2121 by aashizpoudel.
2026-03-21 12:55:42 -07:00 · 2026-03-21 12:55:42 -07:00 · f304bc63b8
commit f304bc63b8
parent b73d221324
3 changed files with 60 additions and 26 deletions
--- a/hermes_cli/models.py
+++ b/hermes_cli/models.py
@ -300,12 +300,15 @@ def list_available_providers() -> list[dict[str, str]]:
        # Check if this provider has credentials available
        has_creds = False
        try:
+            from hermes_cli.auth import get_auth_status, has_usable_secret
            if pid == "custom":
-                has_creds = bool(_get_custom_base_url())
+                custom_base_url = _get_custom_base_url() or os.getenv("OPENAI_BASE_URL", "")
+                has_creds = bool(custom_base_url.strip())
+            elif pid == "openrouter":
+                has_creds = has_usable_secret(os.getenv("OPENROUTER_API_KEY", ""))
            else:
-                from hermes_cli.runtime_provider import resolve_runtime_provider
-                runtime = resolve_runtime_provider(requested=pid)
-                has_creds = bool(runtime.get("api_key"))
+                status = get_auth_status(pid)
+                has_creds = bool(status.get("logged_in") or status.get("configured"))
        except Exception:
            pass
        result.append({