{"slug": "two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows", "title": "Two Hermes Bugs Worth Watching: Secret Leakage in Redaction and Silent Windows Failures", "summary": "Two bugs in the open-source coding agent Hermes highlight silent failures that can compromise security. One fix addresses secret redaction leakage, where secrets were not properly scrubbed from logs and worktree metadata. Another fix reclassifies silent Windows command failures as sandbox denials, preventing misdiagnosis that could lead to weakened security boundaries.", "body_md": "Two bug reports landed on the same open-source coding agent in the last window, and both sit in the category that should make you pay attention: the kind that fails quietly.\n\nA fix titled \"fix(secrets, worktrees): fix secret redaction leakage and prune stale worktrees\" addresses a redaction gap. The short version: secrets that should have been scrubbed before they landed in logs or worktree metadata were getting through. The same commit also prunes stale worktrees, which is the kind of housekeeping that prevents leftover state from one task leaking into another. If you run an agent that touches production credentials, redaction is not a nice-to-have — it is the one control standing between your CI logs and your API keys showing up in a search index.\n\nThe other side of the same coin comes from a sibling project's commit stream: a fix that **classifies silent wrapped Windows command failures as sandbox denials**. The bug here is about blame. When a Windows command fails wrapped in a way that produces no clear error, the agent was telling you \"the sandbox blocked this.\" That is the wrong diagnosis. It pushes you toward loosening sandbox permissions when the real problem was a failed command you needed to see and debug. Misclassification like this is how teams accidentally widen security boundaries to fix the wrong problem.\n\nBoth reports share a theme: agents fail safest when they tell you the truth about what happened. A redaction leak is bad; a redaction leak you do not know about is worse. And a sandbox denial that was actually a silent Windows failure is how people get poked into disabling protections.\n\nIf you self-host an agent that handles secrets, these are the issues to watch when you upgrade. The [credential-guards writeup](https://dev.to/blog/hermes-security-credential-guards-provider-isolation/) covers the model these fixes are defending, and the [local-first architecture piece](https://dev.to/blog/hermes-local-first-architecture-privacy-self-hosted/) explains why running it yourself is the only way you get to audit this layer at all.", "url": "https://wpnews.pro/news/two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows", "canonical_source": "https://dev.to/terminalblog/two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows-failures-1f0b", "published_at": "2026-07-11 16:06:44+00:00", "updated_at": "2026-07-11 16:14:52.429921+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "developer-tools"], "entities": ["Hermes"], "alternates": {"html": "https://wpnews.pro/news/two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows", "markdown": "https://wpnews.pro/news/two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows.md", "text": "https://wpnews.pro/news/two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows.txt", "jsonld": "https://wpnews.pro/news/two-hermes-bugs-worth-watching-secret-leakage-in-redaction-and-silent-windows.jsonld"}}