fix: strip timestamp field from messages before sending to strict providers

[malavbhavsar]

What does this PR do?

Strips the timestamp field from message dicts before they're sent to OpenAI-compatible providers via convert_messages() in agent/transports/chat_completions.py.

The field — a float Unix epoch from time.time() — is attached to every message by get_messages_as_conversation() in hermes_state.py:2903-2904 when the gateway restores conversation history from the SQLite session store. It is not part of the OpenAI Chat Completions schema. Strict providers (Fireworks, Moonshot/Kimi, strict OpenAI-compatible gateways) reject it with:

HTTP 400: Extra inputs are not permitted, field: 'messages[N].timestamp'

Permissive providers (real OpenAI, OpenRouter) silently ignore unknown message keys, which masked the bug — the same pattern as tool_name (documented in the same function, lines 148-152). The fix adds timestamp to the existing detection check and sanitization pass, alongside the existing stripping of codex_reasoning_items, tool_name, _-prefixed scaffolding markers, and extra_content.

Related Issue

N/A

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• agent/transports/chat_completions.py: Added timestamp to the detection check (line 183) and sanitization pass (line 213) in convert_messages(). Updated the docstring to document the new field.
• tests/agent/transports/test_chat_completions.py: Added three regression tests: test_convert_messages_strips_timestamp, test_convert_messages_strips_timestamp_and_tool_name_together, test_convert_messages_strips_timestamp_for_gemini_too.

How to Test

1. python -m pytest tests/agent/transports/test_chat_completions.py -k timestamp -v
2. Reproduce the original bug: configure a custom provider pointing at a strict OpenAI-compatible endpoint (e.g. a Fireworks proxy with Pydantic validation), send a message via the gateway, observe HTTP 400: Extra inputs are not permitted, field: 'messages[1].timestamp', value: 1781818044.0 on the second turn when history is replayed from the session store
3. Apply this fix and verify the error no longer occurs — timestamp is stripped before the payload reaches the provider

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass (pytest not available in stripped install venv; tests verified manually — see How to Test)
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: Ubuntu (Linux 6.12.93)

Documentation & Housekeeping

• I've updated relevant documentation (docstring in convert_messages() updated) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

For New Skills

• This skill is broadly useful to most users (if bundled) — see Contributing Guide
• SKILL.md follows the standard format (frontmatter, trigger conditions, steps, pitfalls)
• No external dependencies that aren't already available (prefer stdlib, curl, existing Hermes tools)
• I've tested the skill end-to-end: hermes --toolsets skills -q "Use the X skill to do Y"

Screenshots / Logs

Original error from a strict Fireworks proxy:

HTTP 400: Extra inputs are not permitted, field: 'messages[1].timestamp', value: 1781818044.0

After fix — timestamp is stripped from all messages before they reach the wire:

msg[0] role=system, has_timestamp=False
msg[1] role=user, has_timestamp=False
msg[2] role=assistant, has_timestamp=False
msg[3] role=user, has_timestamp=False

[alt-glitch]

Duplicate of #47875 — both add timestamp to the detection check and the msg.pop(...) sanitization pass in convert_messages() (agent/transports/chat_completions.py) so the SQLite-restored float epoch no longer leaks to strict OpenAI-compatible providers (HTTP 400 "Extra inputs are not permitted, field: messages[N].timestamp"). Identical mechanism, file, function, and field. #47875 (by @x7peeps, 2026-06-17) is the earliest open PR in this cluster and is the canonical fix; #48358 and #48604 were already deduped to it. Tracking issue: #47868.