Bug Description
BUG: cron/scheduler.py uses bare load_dotenv() (line ~1400) instead of load_hermes_dotenv() from hermes_cli.env_loader, which means BSM secrets are never resolved for cron jobs. Any cron job that needs a BSM-managed credential (Discord token, provider key, etc.) fails on startup because it sees the .env placeholder instead of the real value from Bitwarden.
Fix: Replace from dotenv import load_dotenv; load_dotenv(...) with from hermes_cli.env_loader import load_hermes_dotenv; load_hermes_dotenv(...). The recent de76f4d commit already added process-level dedup to _apply_external_secret_sources(), so this won't cause redundant BSM calls on every tick.
Impact: Any user who enables bitwarden.enabled: true gets silently broken cron jobs. The gateway resolves secrets fine, but every cron job that reads .env gets placeholders → HTTP 401s.
Steps to Reproduce
Implement BSM secrets loading - all cron jobs will fail with HTTP 401s as they attempt to use placeholder env variables.
Expected Behavior
Implement BSM secrets loading via bitwarden.enabled: true for both gateway, main agent, and cron jobs - all cron jobs grab secrets from BSM and no HTTP 401s or other placeholder errors/failures
Actual Behavior
All cron jobs fail with HTTP 401s
Affected Component
Other
Messaging Platform (if gateway-related)
Discord, N/A (CLI only)
Debug Report
[unrelated - no system errors - have reverted BSM integration in my agent]
Operating System
Linux 6.6.114.1-microsoft-standard-WSL2 x86_64
Python Version
3.11.15
Hermes Version
0.14.0 (2026.5.16) [7ac92462]
Additional Logs / Traceback (optional)
Root Cause Analysis (optional)
No response
Proposed Fix (optional)
Fix: Replace from dotenv import load_dotenv; load_dotenv(...) with from hermes_cli.env_loader import load_hermes_dotenv; load_hermes_dotenv(...). The recent de76f4d commit already added process-level dedup to _apply_external_secret_sources(), so this won't cause redundant BSM calls on every tick.
Are you willing to submit a PR for this?
Bug Description
BUG: cron/scheduler.py uses bare load_dotenv() (line ~1400) instead of load_hermes_dotenv() from hermes_cli.env_loader, which means BSM secrets are never resolved for cron jobs. Any cron job that needs a BSM-managed credential (Discord token, provider key, etc.) fails on startup because it sees the .env placeholder instead of the real value from Bitwarden.
Fix: Replace from dotenv import load_dotenv; load_dotenv(...) with from hermes_cli.env_loader import load_hermes_dotenv; load_hermes_dotenv(...). The recent de76f4d commit already added process-level dedup to _apply_external_secret_sources(), so this won't cause redundant BSM calls on every tick.
Impact: Any user who enables bitwarden.enabled: true gets silently broken cron jobs. The gateway resolves secrets fine, but every cron job that reads .env gets placeholders → HTTP 401s.
Steps to Reproduce
Implement BSM secrets loading - all cron jobs will fail with HTTP 401s as they attempt to use placeholder env variables.
Expected Behavior
Implement BSM secrets loading via bitwarden.enabled: true for both gateway, main agent, and cron jobs - all cron jobs grab secrets from BSM and no HTTP 401s or other placeholder errors/failures
Actual Behavior
All cron jobs fail with HTTP 401s
Affected Component
Other
Messaging Platform (if gateway-related)
Discord, N/A (CLI only)
Debug Report
[unrelated - no system errors - have reverted BSM integration in my agent]Operating System
Linux 6.6.114.1-microsoft-standard-WSL2 x86_64
Python Version
3.11.15
Hermes Version
0.14.0 (2026.5.16) [7ac92462]
Additional Logs / Traceback (optional)
Root Cause Analysis (optional)
No response
Proposed Fix (optional)
Fix: Replace from dotenv import load_dotenv; load_dotenv(...) with from hermes_cli.env_loader import load_hermes_dotenv; load_hermes_dotenv(...). The recent de76f4d commit already added process-level dedup to _apply_external_secret_sources(), so this won't cause redundant BSM calls on every tick.
Are you willing to submit a PR for this?