{"slug": "your-hermes-agent-s-audit-log-is-leaking-customer-emails-here-s-a-100-line-lib", "title": "Your Hermes agent's audit log is leaking customer emails. Here's a 100-line lib that fixes that.", "summary": "A developer built a 130-line Python library called `agent-redact` that automatically scrubs PII from Hermes agent audit logs before they are written to disk or shipped to external services. The library, which has zero runtime dependencies, can redact emails, credit cards, SSNs, API keys, and other sensitive data, and includes a hash mode that preserves join keys for analytics without exposing the underlying values.", "body_md": "*This is a submission for the Hermes Agent Challenge.*\n\nI built a Hermes agent last week that takes a customer support email, decides whether it needs a refund, and either issues one or escalates to a human. Standard stuff. The agent worked. The problem started the moment I turned on audit logging.\n\nEvery run wrote a JSONL row to disk. Every row contained the full inbound message, the tool calls, the tool outputs, and the final reply. Within an hour the log had:\n\nI was about to ship that log to S3 for run-history search. The log was also being mirrored to Sentry on error, and to a Slack channel on escalation. Three places to leak from. Zero scrubbing.\n\nI went looking for a small lib that would clean a string before I wrote it. The options were either a paid API, a heavy NER-based PII detector, or a hand-rolled regex I would have to maintain myself. None of those fit a 200-line agent script.\n\nSo I built one. It is called `agent-redact`\n\n. The whole thing is around 130 lines, zero runtime dependencies, and pip-installs as `agent-redact`\n\n. Repo: [MukundaKatta/agent-redact](https://github.com/MukundaKatta/agent-redact).\n\n``` python\nfrom agent_redact import redact\n\naudit_line = (\n \"tool=charge_customer args={'email': 'jane.doe@acme.com', \"\n \"'card': '4111 1111 1111 1111'} key=sk-\" + \"Z\" * 40\n)\nprint(redact(audit_line))\n```\n\nOutput:\n\n```\ntool=charge_customer args={'email': '', 'card': ''} key=\n```\n\nThat is the default mode. One function call, one line of output. The pattern set covers email, US SSN, phone numbers, credit cards (with optional Luhn), and the common provider keys (OpenAI, Anthropic, AWS, GitHub, Google, Stripe, Slack), plus JWTs. No model call, no network, no config file.\n\nThe bigger pain with naive redaction is that you lose all join keys. If `jane.doe@acme.com`\n\nshows up in 30 audit rows, replacing every one with ``\n\nmeans you can no longer ask \"how many runs did this user trigger today\" without going back to raw logs.\n\n`agent-redact`\n\nships a hash mode for exactly that case:\n\n```\nredact(\"user jane.doe@acme.com retried 3 times\", mode=\"hash\", salt=\"rotate-monthly\")\n# -> \"user retried 3 times\"\n```\n\nSame email, same salt, same six-char tag every time. Different user, different tag. You can group, count, and filter on those tags without ever seeing the underlying address. Rotate the salt monthly and the tags rotate too.\n\nThis is the seventh small Python lib I have shipped in the same \"boring middleware for agents\" family. The others compose with it directly:\n\n`agenttrace`\n\nwrites per-run JSONL with token counts and latency. Pipe that through `agent-redact`\n\nbefore storage. There is a 30-line example in `examples/integrate_with_agenttrace.py`\n\nthat walks rows recursively and scrubs every string node.`agentleash`\n\nwrites an audit log proving an agent stayed under a USD cap. Same scrubber, same hash mode, and now the proof you keep around does not double as a PII spill.`birddog`\n\nis a scraping middleware. If the scraped page is going to a downstream LLM, run `redact()`\n\non the page body first so the model never sees the raw payload.Three integration points, one function, no extra deps.\n\nTwo things are worth flagging if you read the source.\n\nFirst, overlap resolution. The Anthropic `sk-ant-`\n\nprefix is a strict superset of the OpenAI `sk-`\n\nprefix. Naive iteration over patterns would wrap a key twice, or wrap the wrong label. The fix: collect all matches across all patterns, sort by (earliest start, longest length), then walk forward and skip anything that starts before the previous match ended. Provider keys are listed before generic shapes so the tie-break goes the right way.\n\nSecond, the phone pattern needed a separator. The first version matched any 13-digit run, which meant a 16-digit credit card got partially eaten by the phone rule before the card rule ran. Requiring at least one space, dash, or `+`\n\nprefix in the phone pattern fixed that without losing real phone hits.\n\n```\npip install agent-redact\npython\nfrom agent_redact import redact\nprint(redact(\"contact me at jane@example.com\"))\n```\n\nRepo with all the patterns and tests: [github.com/MukundaKatta/agent-redact](https://github.com/MukundaKatta/agent-redact).\n\nIf you are building a Hermes agent that touches user input, take 10 minutes this weekend and wrap your audit writer. Future-you, the one explaining the S3 bucket to your security team, will thank you.", "url": "https://wpnews.pro/news/your-hermes-agent-s-audit-log-is-leaking-customer-emails-here-s-a-100-line-lib", "canonical_source": "https://dev.to/mukundakatta/your-hermes-agents-audit-log-is-leaking-customer-emails-heres-a-100-line-lib-that-fixes-that-480g", "published_at": "2026-05-25 21:21:10+00:00", "updated_at": "2026-05-25 21:33:59.886613+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-safety", "ai-products", "ai-startups"], "entities": ["Hermes", "Sentry", "Slack", "S3", "MukundaKatta", "agent-redact", "Acme", "OpenAI"], "alternates": {"html": "https://wpnews.pro/news/your-hermes-agent-s-audit-log-is-leaking-customer-emails-here-s-a-100-line-lib", "markdown": "https://wpnews.pro/news/your-hermes-agent-s-audit-log-is-leaking-customer-emails-here-s-a-100-line-lib.md", "text": "https://wpnews.pro/news/your-hermes-agent-s-audit-log-is-leaking-customer-emails-here-s-a-100-line-lib.txt", "jsonld": "https://wpnews.pro/news/your-hermes-agent-s-audit-log-is-leaking-customer-emails-here-s-a-100-line-lib.jsonld"}}