Nathan Esquenazi 90b5ad8d99 fix: strip webui metadata from messages before sending to LLM API (#67) ...

The webui stores display-only fields on messages (attachments, timestamp,
_ts) for UI rendering. These leaked into the conversation_history passed
to AIAgent.run_conversation(). Most providers ignore unknown fields, but
Z.AI/GLM tries to deserialize 'attachments' as its native ChatAttachments
type, causing HTTP 400 on every subsequent message after an image upload.

Fix: _sanitize_messages_for_api() creates a clean copy with only
API-standard keys (role, content, tool_calls, tool_call_id, name,
refusal) before passing to run_conversation(). Applied to both the
streaming path (streaming.py) and non-streaming path (routes.py).

Closes #66

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-03 22:13:12 -07:00

..

__init__.py

Hermes Web UI — Sprints 11-14: multi-provider models, settings, session QoL, alerts, polish

2026-03-31 07:02:47 +00:00

auth.py

fix(auth): redirect to /login when auth is enabled and accessing root

2026-04-03 06:21:04 -07:00

config.py

feat: 'Show CLI sessions' toggle in Settings (#61)

2026-04-03 21:06:23 -07:00

helpers.py

feat: Sprint 19 — password auth, security headers, login page

2026-04-03 05:53:26 -07:00

models.py

fix: CLI DB has no profile column, and silent SQL error swallowed results (#60)

2026-04-03 21:02:01 -07:00

profiles.py

fix(review): 4 issues found in agent review of PR #45

2026-04-03 13:58:43 -07:00

routes.py

fix: strip webui metadata from messages before sending to LLM API (#67)

2026-04-03 22:13:12 -07:00

streaming.py

fix: strip webui metadata from messages before sending to LLM API (#67)

2026-04-03 22:13:12 -07:00

upload.py

fix: stop leaking stack traces to clients in HTTP 500 responses

2026-04-03 06:41:32 -07:00

workspace.py

fix: workspace isolation, session filtering, and clean migration path

2026-04-03 20:01:12 +00:00