cd /news/ai-agents/two-hermes-bugs-worth-watching-secre… · home topics ai-agents article
[ARTICLE · art-55596] src=dev.to ↗ pub= topic=ai-agents verified=true sentiment=↓ negative

Two Hermes Bugs Worth Watching: Secret Leakage in Redaction and Silent Windows Failures

Two bugs in the open-source coding agent Hermes highlight silent failures that can compromise security. One fix addresses secret redaction leakage, where secrets were not properly scrubbed from logs and worktree metadata. Another fix reclassifies silent Windows command failures as sandbox denials, preventing misdiagnosis that could lead to weakened security boundaries.

read2 min views1 publishedJul 11, 2026

Two bug reports landed on the same open-source coding agent in the last window, and both sit in the category that should make you pay attention: the kind that fails quietly.

A fix titled "fix(secrets, worktrees): fix secret redaction leakage and prune stale worktrees" addresses a redaction gap. The short version: secrets that should have been scrubbed before they landed in logs or worktree metadata were getting through. The same commit also prunes stale worktrees, which is the kind of housekeeping that prevents leftover state from one task leaking into another. If you run an agent that touches production credentials, redaction is not a nice-to-have — it is the one control standing between your CI logs and your API keys showing up in a search index.

The other side of the same coin comes from a sibling project's commit stream: a fix that classifies silent wrapped Windows command failures as sandbox denials. The bug here is about blame. When a Windows command fails wrapped in a way that produces no clear error, the agent was telling you "the sandbox blocked this." That is the wrong diagnosis. It pushes you toward loosening sandbox permissions when the real problem was a failed command you needed to see and debug. Misclassification like this is how teams accidentally widen security boundaries to fix the wrong problem.

Both reports share a theme: agents fail safest when they tell you the truth about what happened. A redaction leak is bad; a redaction leak you do not know about is worse. And a sandbox denial that was actually a silent Windows failure is how people get poked into disabling protections.

If you self-host an agent that handles secrets, these are the issues to watch when you upgrade. The credential-guards writeup covers the model these fixes are defending, and the local-first architecture piece explains why running it yourself is the only way you get to audit this layer at all.

── more in #ai-agents 4 stories · sorted by recency
── more on @hermes 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/two-hermes-bugs-wort…] indexed:0 read:2min 2026-07-11 ·