The Redis URL That Leaked Its Own Password Into AI Agent Context A developer discovered a secret-detection bug in ContextOS, a context operating system for AI coding agents, that failed to redact Redis passwords from connection strings. The regex pattern required at least one character for the username segment, but Redis URIs like redis://:password@host have no username, causing the password to be passed unredacted to AI agents. The fix changed a quantifier from + to * and added regression tests to prevent recurrence. This is a submission for DEV's Summer Bug Smash: Clear the Lineup powered by Sentry. ContextOS is a context operating system for AI coding agents: it scans a repo, ranks the relevant files, and builds a context pack under a token budget for the agent to work from. Before anything goes into that pack, a secret detector redacts API keys, tokens, and credentials so agents never see live secrets, published on PyPI with 980+ automated tests and an 80% coverage gate. The database url secret-detection pattern was supposed to catch connection strings like postgres://user:password@host and redact the password. It required at least one character for the username segment before it would match. That's fine for Postgres and MySQL, which always have a username. It's not fine for Redis, where the standard URI convention is redis://:password@host , no username at all, just a password. That empty-username shape silently failed the pattern's ^:@/\s + requirement, so detection was skipped entirely. The password sailed straight into the context pack, unredacted, ready to be handed to an LLM agent. I found it while auditing detection coverage against real-world connection string formats rather than just the formats already covered by existing tests. The exact format Redis's own documentation recommends when only a password is configured didn't get caught. PR: Rohithmatham12/ContextOS 1 Before username segment requires 1+ chars : r" ?i ?P