Two Hermes Bugs Worth Watching: Secret Leakage in Redaction and Silent Windows Failures Two bugs in the open-source coding agent Hermes highlight silent failures that can compromise security. One fix addresses secret redaction leakage, where secrets were not properly scrubbed from logs and worktree metadata. Another fix reclassifies silent Windows command failures as sandbox denials, preventing misdiagnosis that could lead to weakened security boundaries. Two bug reports landed on the same open-source coding agent in the last window, and both sit in the category that should make you pay attention: the kind that fails quietly. A fix titled "fix secrets, worktrees : fix secret redaction leakage and prune stale worktrees" addresses a redaction gap. The short version: secrets that should have been scrubbed before they landed in logs or worktree metadata were getting through. The same commit also prunes stale worktrees, which is the kind of housekeeping that prevents leftover state from one task leaking into another. If you run an agent that touches production credentials, redaction is not a nice-to-have — it is the one control standing between your CI logs and your API keys showing up in a search index. The other side of the same coin comes from a sibling project's commit stream: a fix that classifies silent wrapped Windows command failures as sandbox denials . The bug here is about blame. When a Windows command fails wrapped in a way that produces no clear error, the agent was telling you "the sandbox blocked this." That is the wrong diagnosis. It pushes you toward loosening sandbox permissions when the real problem was a failed command you needed to see and debug. Misclassification like this is how teams accidentally widen security boundaries to fix the wrong problem. Both reports share a theme: agents fail safest when they tell you the truth about what happened. A redaction leak is bad; a redaction leak you do not know about is worse. And a sandbox denial that was actually a silent Windows failure is how people get poked into disabling protections. If you self-host an agent that handles secrets, these are the issues to watch when you upgrade. The credential-guards writeup https://dev.to/blog/hermes-security-credential-guards-provider-isolation/ covers the model these fixes are defending, and the local-first architecture piece https://dev.to/blog/hermes-local-first-architecture-privacy-self-hosted/ explains why running it yourself is the only way you get to audit this layer at all.