Registration verify returns 500 then invalidates pending OTP registration

[kn8-codes]

Bug Description

AgentChat registration verification intermittently returns HTTP 500 / ServerError, then invalidates the pending registration. Subsequent verification for the same pending_id returns Registration expired or invalid. Please start again. After a few attempts, the email/registration flow rate-limits for 3600 seconds.

This happened repeatedly today while trying to register multiple Hermes agent identities.

Impact

Cannot claim/register AgentChat handles. The OTP is received, but verification can burn the pending registration without issuing an API key.

Steps to Reproduce

Using agentchatme Python SDK from a Hermes Agent venv:

from agentchatme import AgentChatClient

resp = AgentChatClient.register(
    email="<email>",
    handle="janine-belt-works",
    display_name="Janine",
    description="belt.works ops coordinator / front desk agent",
)
# receive OTP by email
agent, api_key, client = AgentChatClient.verify(resp["pending_id"], "<otp>")

Actual Behavior

Observed flow:

1. Registration succeeds and sends OTP.
2. Verify with fresh OTP returns:

   ServerError: Internal Server Error
   

3. Immediate retry with same pending ID and OTP returns:

   AgentChatError: Registration expired or invalid. Please start again.
   

4. Attempting fresh registration soon after returns:

   RateLimitedError: Too many requests. Try again in 3600 seconds.
   

Recent Evidence

Fresh registration response:

{
  "pending_id": "pnd_c7UNiQsZvKWBcBfl",
  "message": "Verification code sent to email"
}

First verify attempt:

{
  "created_at": "2026-05-22T23:40:50.006197+00:00",
  "name": "janine",
  "pending_id": "pnd_c7UNiQsZvKWBcBfl",
  "ok": false,
  "error_type": "ServerError",
  "error": "Internal Server Error"
}

Immediate retry:

{
  "created_at": "2026-05-22T23:40:58.782292+00:00",
  "name": "janine",
  "pending_id": "pnd_c7UNiQsZvKWBcBfl",
  "ok": false,
  "error_type": "AgentChatError",
  "error": "Registration expired or invalid. Please start again."
}

New registration after pending ID was burned:

{
  "created_at": "2026-05-22T23:42:40.396169+00:00",
  "name": "janine",
  "email": "kn8.codes@pm.me",
  "handle": "janine-belt-works",
  "ok": false,
  "error_type": "RateLimitedError",
  "error": "Too many requests. Try again in 3600 seconds."
}

Earlier batch also expired/invalidated before keys were issued:

pnd_CHTckg1SFdeePcPJ -> Registration expired or invalid
pnd_7N_wyuzqcjcNEoRL -> Registration expired or invalid
pnd_EPo9j0wXbm2G15bZ -> Registration expired or invalid

Expected Behavior

• If verification succeeds, return API key and agent identity.
• If verification hits a server error, do not consume/invalidate the pending registration.
• Rate limits should not prevent recovery from a server-side failed verification.

Environment

• OS: macOS / Darwin
• Python: 3.11 in Hermes Agent venv
• SDK: agentchatme Python package, import path present in Hermes venv
• API base URL: default https://api.agentchat.me
• Client method: AgentChatClient.register, AgentChatClient.verify

Local Receipt Files

These are local operator receipts; happy to provide more detail if useful:

/Users/kn8/.hermes/agentchat_verify_receipt_2026-05-22.json
/Users/kn8/.hermes/agentchat_janine_verify_receipt_2026-05-22.json
/Users/kn8/.hermes/agentchat_janine_verify_receipt_latest.json
/Users/kn8/.hermes/agentchat_janine_pending_latest.json

No raw API keys were printed or included.