# Admin-AI Provider Verification Use this when asked whether admin-ai is configured, whether its credentials work, or whether a model is available. ## 1. Inspect effective config without exposing secrets Parse YAML instead of grepping isolated lines: ```bash python3 - <<'PY' import yaml p = '/root/.hermes/config.yaml' c = yaml.safe_load(open(p)) or {} print('model:', c.get('model')) for name, cfg in (c.get('providers') or {}).items(): print(f'provider={name}') if isinstance(cfg, dict): for k, v in cfg.items(): if any(s in k.lower() for s in ('key','token','secret','password')): print(f' {k}:', 'SET' if v else 'EMPTY') else: print(f' {k}: {v}') print('delegation:', c.get('delegation')) PY ``` Interpretation: - `providers.admin-ai` with a base URL and non-empty key means configured for the current profile. - A model or delegation provider naming admin-ai without a matching usable provider entry is broken configuration. - An `auth.json` credential-pool record containing only a fingerprint is not a usable credential and not proof that admin-ai is active. ## 2. Test the configured credential Extract values in-process so the key is not printed: ```bash python3 - <<'PY' import json, ssl, urllib.request, urllib.error, yaml c = yaml.safe_load(open('/root/.hermes/config.yaml')) or {} p = (c.get('providers') or {}).get('admin-ai') if not isinstance(p, dict): raise SystemExit('NOT_CONFIGURED: providers.admin-ai is absent') base = (p.get('base_url') or p.get('endpoint') or '').rstrip('/') key = p.get('api_key') if not base or not key: raise SystemExit('INCOMPLETE: base URL or API key missing') req = urllib.request.Request(base + '/models', headers={'Authorization': 'Bearer ' + key}) try: with urllib.request.urlopen(req, timeout=15, context=ssl.create_default_context()) as r: body = json.load(r) ids = sorted(str(x.get('id')) for x in body.get('data', []) if x.get('id')) print('HTTP:', r.status) print('MODEL_COUNT:', len(ids)) exact = 'deepseek-chat' in ids print('DEEPSEEK_CHAT_EXACT:', exact) if not exact: print('DEEPSEEK_MATCHES:', [x for x in ids if 'deepseek' in x.lower()]) except urllib.error.HTTPError as e: print('HTTP:', e.code) print('AUTH_RESULT:', 'REJECTED' if e.code in (401,403) else 'REQUEST_FAILED') except Exception as e: print('CONNECTION_FAILED:', type(e).__name__, str(e)) PY ``` ## 3. Report precisely Separate these conclusions: - **Configured:** provider exists in effective config. - **Credential valid:** authenticated `/models` returned HTTP 200. - **Model visible:** exact ID `deepseek-chat` is present. - **Historical metadata only:** admin-ai appears in `auth.json` but is absent from effective config. Never report credentials as tested if no usable key was available. Never claim `deepseek-chat` exists based on a stale model inventory.