Skip to content

fix(oauth): serialize Anthropic env fallback reads#1768

Closed
franksong2702 wants to merge 1 commit intonesquena:masterfrom
franksong2702:franksong2702/anthropic-env-race-1736
Closed

fix(oauth): serialize Anthropic env fallback reads#1768
franksong2702 wants to merge 1 commit intonesquena:masterfrom
franksong2702:franksong2702/anthropic-env-race-1736

Conversation

@franksong2702
Copy link
Copy Markdown
Contributor

@franksong2702 franksong2702 commented May 7, 2026

Summary

  • serialize Anthropic process-env fallback clears behind the same env lock used by streaming env save/restore
  • add a locked runtime-provider resolution helper so chat and related LLM request paths re-read env fallbacks per outbound request
  • cover the concurrent onboarding-clear/chat-read race with a regression test

Fixes #1736.

Root Cause

_clear_anthropic_env_values() removed ANTHROPIC_TOKEN and ANTHROPIC_API_KEY from os.environ after the .env write attempt, outside the shared streaming env lock. Runtime-provider reads in chat/compression/handoff paths also read env fallbacks without that lock, so a concurrent request could observe a semantically half-cleared Anthropic fallback pair or cache a stale value across onboarding.

What Changed

  • Added a single Anthropic env-key list and locked process-env clear helper in api/oauth.py.
  • Added resolve_runtime_provider_with_anthropic_env_lock() and documented the per-request re-read invariant.
  • Routed streaming, credential self-heal, sync chat, compression, and handoff summary runtime-provider reads through the locked helper.
  • Added a regression that holds the chat env lock while onboarding attempts to clear Anthropic env values, including a failing .env write path, and asserts the process env pair is not cleared until the reader releases.

Conflict Check

Verification

  • /Users/xuefusong/hermes-webui/.venv_test/bin/python -m pytest tests/test_issue1362_codex_oauth_onboarding.py -q — 24 passed
  • /Users/xuefusong/hermes-webui/.venv_test/bin/python -m pytest tests/test_provider_management.py tests/test_sprint39.py -q — 29 passed
  • /Users/xuefusong/hermes-webui/.venv_test/bin/python -m py_compile api/oauth.py api/streaming.py api/routes.py — passed
  • git diff --check — passed

@nesquena nesquena added the hold label May 7, 2026
@franksong2702 franksong2702 marked this pull request as ready for review May 7, 2026 00:59
@nesquena nesquena removed the hold label May 7, 2026
@nesquena-hermes nesquena-hermes mentioned this pull request May 7, 2026
Merged
nesquena-hermes added a commit that referenced this pull request May 7, 2026
@nesquena-hermes
Merge pull request #1781 from nesquena/stage-310
697a7a1 
v0.51.16 — 3-PR batch (#1768, #1778, #1779)
pull Bot pushed a commit to soitun/hermes-webui that referenced this pull request May 7, 2026
Stage 310: PR nesquena#1768 — fix(oauth): serialize Anthropic env fal…
3bc8bc8 
…lback reads by @franksong2702
pull Bot pushed a commit to soitun/hermes-webui that referenced this pull request May 7, 2026
@nesquena-hermes
chore(release): stamp v0.51.16 — 3-PR batch (nesquena#1768, nesquena#…
c38ee6c 
…1778, nesquena#1779)

Constituent PRs:
- nesquena#1768 (@franksong2702) serialize Anthropic env fallback reads. Closes nesquena#1736.
- nesquena#1778 (@Michaelyklam) preserve CLI session tool metadata. Closes nesquena#1772.
- nesquena#1779 (@Michaelyklam) reset model picker on session switch. Closes nesquena#1771.
  AUTO-FIX: Opus stage-310 caught a regression in the new !hasSessionModel
  branch — it dropped the deferModelCorrection guard that the parallel
  else-branch keeps. Fired spurious /api/session/update POSTs against
  imported/read-only CLI sessions whose model field reads 'unknown' (the
  exact surface nesquena#1778 introduces in this same release). Wrapped the new
  branch's _persistSessionModelCorrection call + state mutation in
  if(!deferModelCorrection). Added test_sync_topbar_does_not_persist_correction_while_model_resolution_deferred
  regression test covering both empty and 'unknown' fast-path interaction.

Tests: 4694 → 4702 collected (+8). 4695 passed, 4 skipped, 3 xpassed,
0 failed in 141.29s.

Pre-release verification:
- All 3 PRs CI-green individually.
- node -c clean on static/ui.js.
- 11/11 browser API endpoints PASS.
- Pre-stamp re-fetch: all PR heads match local rebases.
- Opus advisor: SHIP nesquena#1768 + nesquena#1778, nesquena#1779 SHOULD-FIX before merge — auto-fix
  applied at stage with regression test, re-verified clean.

Closes nesquena#1736, nesquena#1771, nesquena#1772.
@nesquena-hermes
Copy link
Copy Markdown
Collaborator

nesquena-hermes commented May 7, 2026

Thanks @franksong2702 — this shipped in v0.51.16 (commit 697a7a1) as part of a 3-PR full-sweep batch. Stage rebased your branch onto current master, ran the full pre-release gate (4695 pytest, browser tests, Opus advisor verdict), and merged via release PR #1781.

GitHub didn't auto-close because the merge commit only references the squash-merged stage branch, not your fork's commit directly — closing manually for hygiene.

Live now on existing installs after git pull + restart.

Release notes: https://github.com/nesquena/hermes-webui/releases/tag/v0.51.16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

_clear_anthropic_env_values mid-stream race window (PR #1727 follow-up)

3 participants

@franksong2702 @nesquena-hermes @nesquena