lhumina_code/hero_aibroker
4
0
Fork 0
Code Issues 65 Pull requests 2 Projects Releases 3 Packages Wiki Activity Actions

AI chat: streaming LLM 401 'No cookie auth credentials found' #130

New issue
Closed
opened 2026-05-13 06:51:24 +00:00 by zaelgohary · 2 comments
zaelgohary commented 2026-05-13 06:51:24 +00:00
Member
Copy link

Calling chat through the Hero OS AI island returns:

Error: All streaming LLM targets exhausted: LLM streaming API error 401 Unauthorized: {"error":{"message":"No cookie auth credentials found","code":401}}

The UI echoes the user message correctly, but the upstream streaming endpoint rejects on auth.

Repro

  1. Hero OS dock -> Intelligence -> AI Assistant.
  2. Type any message, press Enter or click send.
  3. Toast: LLM streaming API error 401 Unauthorized: No cookie auth credentials found.

Context

The aibroker JSON-RPC endpoint (/rpc) was fixed in 0d90081 (issue #129) via a route + socket symlink. The streaming endpoint is separate and appears to enforce cookie-based auth that the iframe-less Dioxus client doesn't carry.

Expected

Streaming chat returns tokens.

Calling chat through the Hero OS AI island returns: ``` Error: All streaming LLM targets exhausted: LLM streaming API error 401 Unauthorized: {"error":{"message":"No cookie auth credentials found","code":401}} ``` The UI echoes the user message correctly, but the upstream streaming endpoint rejects on auth. ## Repro 1. Hero OS dock -> Intelligence -> AI Assistant. 2. Type any message, press Enter or click send. 3. Toast: `LLM streaming API error 401 Unauthorized: No cookie auth credentials found`. ## Context The aibroker JSON-RPC endpoint (/rpc) was fixed in `0d90081` (issue #129) via a route + socket symlink. The streaming endpoint is separate and appears to enforce cookie-based auth that the iframe-less Dioxus client doesn't carry. ## Expected Streaming chat returns tokens.
zaelgohary commented 2026-05-13 07:27:40 +00:00
Author
Member
Copy link

Updated diagnosis: the "No cookie auth credentials found" 401 originates at OpenRouter, not at aibroker.

hero_agent's llm_client.rs:305-311 final fallback target is https://openrouter.ai/api/v1/chat/completions with api_key: None, and try_stream (llm_client.rs:668-671) only sets bearer_auth when target.api_key is Some(_). So the request goes out anonymous, and OpenRouter responds with its standard cookie-auth-fallback 401.

The actual root cause is the deployment env: hero_agent and hero_aibroker both have OPENROUTER_API_KEY="" (empty), GROQ_API_KEY="", no AIBROKER_API_ENDPOINT. Either:

  • (a) Populate OPENROUTER_API_KEY on hero_agent (smallest fix), or
  • (b) Set AIBROKER_API_ENDPOINT=http://127.0.0.1:<port>/api/v1 on hero_agent AND populate keys on hero_aibroker (so aibroker brokers the call).

Recommend re-routing this issue to hero_agent or hero_os (Settings) since aibroker itself is correct — it just has no keys to forward.

Settings island in Hero OS displays a stored OpenRouter key (••••••••test), so there's a propagation gap from the Settings store to the hero_agent service env.

Updated diagnosis: the `"No cookie auth credentials found"` 401 originates **at OpenRouter**, not at aibroker. `hero_agent`'s `llm_client.rs:305-311` final fallback target is `https://openrouter.ai/api/v1/chat/completions` with `api_key: None`, and `try_stream` (`llm_client.rs:668-671`) only sets `bearer_auth` when `target.api_key` is `Some(_)`. So the request goes out anonymous, and OpenRouter responds with its standard cookie-auth-fallback 401. The actual root cause is the deployment env: `hero_agent` and `hero_aibroker` both have `OPENROUTER_API_KEY=""` (empty), `GROQ_API_KEY=""`, no `AIBROKER_API_ENDPOINT`. Either: - (a) Populate `OPENROUTER_API_KEY` on hero_agent (smallest fix), or - (b) Set `AIBROKER_API_ENDPOINT=http://127.0.0.1:<port>/api/v1` on hero_agent AND populate keys on hero_aibroker (so aibroker brokers the call). Recommend re-routing this issue to hero_agent or hero_os (Settings) since aibroker itself is correct — it just has no keys to forward. Settings island in Hero OS *displays* a stored OpenRouter key (`••••••••test`), so there's a propagation gap from the Settings store to the `hero_agent` service env.
zaelgohary commented 2026-05-14 08:54:02 +00:00
Author
Member
Copy link

Cookie auth path resolved — upstream now returns standard invalid_api_key (an unrelated upstream-key issue, tracked separately as #133), no longer No cookie auth credentials found. Verified live via Playwright on local hero_os_app.

Cookie auth path resolved — upstream now returns standard `invalid_api_key` (an unrelated upstream-key issue, tracked separately as #133), no longer `No cookie auth credentials found`. Verified live via Playwright on local hero_os_app.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
development_align_chat_drop_sdk_specs
development_drop_stale_openrpc_artifacts
main
lab-latest
v0.1.1
v0.1.0
Labels
Clear labels   
prio_critical

   
prio_low

   
type_bug

   
type_contact

   
type_issue

   
type_lead

   
type_question

   
type_story

   
type_task
No labels
prio_critical
prio_low
type_bug
type_contact
type_issue
type_lead
type_question
type_story
type_task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
zaelgohary
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_aibroker#130
No description provided.