fix(gateway): include per-platform ALLOW_ALL and SIGNAL_GROUP in startup allowlist check#3305
Merged
fix(gateway): include per-platform ALLOW_ALL and SIGNAL_GROUP in startup allowlist check#3305
Conversation
teknium1
force-pushed
the
hermes/hermes-dfd0d467
branch
from
fd563bd to
dabbe29
Compare
When _try_activate_fallback() switches to the fallback model, it updates the agent's model/provider/client but never touches self.context_compressor. The compressor keeps the primary model's context_length and threshold_tokens, so compression decisions use wrong limits — a 200K primary → 32K fallback still uses 200K-based thresholds, causing oversized sessions to overflow the fallback. Update the compressor's model, credentials, context_length, and threshold_tokens after fallback activation using get_model_context_length() for the new model. Cherry-picked from PR #3202 by binhnt92.
teknium1
force-pushed
the
hermes/hermes-dfd0d467
branch
from
dabbe29 to
dfba6c5
Compare
teknium1
changed the title
3 tasks
StreamOfRon
pushed a commit
to StreamOfRon/hermes-agent
that referenced
this pull request
Mar 29, 2026
NousResearch#3305) When _try_activate_fallback() switches to the fallback model, it updates the agent's model/provider/client but never touches self.context_compressor. The compressor keeps the primary model's context_length and threshold_tokens, so compression decisions use wrong limits — a 200K primary → 32K fallback still uses 200K-based thresholds, causing oversized sessions to overflow the fallback. Update the compressor's model, credentials, context_length, and threshold_tokens after fallback activation using get_model_context_length() for the new model. Cherry-picked from PR NousResearch#3202 by binhnt92. Co-authored-by: binhnt92 <binhnt.ht.92@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Second piece from PR #3202 by @binhnt92, split into its own PR.
The bug
The startup warning
No user allowlists configuredonly checkedGATEWAY_ALLOW_ALL_USERSand per-platform*_ALLOWED_USERSvars. It missed:SIGNAL_GROUP_ALLOWED_USERS*_ALLOW_ALL_USERSvars (e.g.TELEGRAM_ALLOW_ALL_USERS)The actual auth check in
_is_user_authorizedalready recognized these vars, so users got a false warning despite being correctly configured.Tests
4 new tests covering the warning suppression logic.