test(redact): add regression tests for lowercase variable redaction (#4367)#5185
Merged
Conversation
…4367) Add 5 regression tests from PR #4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 6367e1c. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
This was referenced Apr 5, 2026
jooray
added a commit
to jooray/hermes-agent
that referenced
this pull request
Apr 5, 2026
* upstream/main: (29 commits) style: use module-level re import instead of local import re as _re Preserve numeric credential labels in auth removal Honor provider reset windows in pooled credential failover docs: update docstring to mention Fireworks strict validation test: add strict API validation tests for Fireworks compatibility test: add test for _should_sanitize_tool_calls() refactor: use _should_sanitize_tool_calls in run_conversation() refactor: use _should_sanitize_tool_calls in _handle_max_iterations() refactor: use _should_sanitize_tool_calls in flush_memories() feat: add _should_sanitize_tool_calls() method test(redact): add regression tests for lowercase variable redaction (NousResearch#4367) (NousResearch#5185) docs(skill): claude-code v2.2 — add cheat sheet commands, env vars, rules, advanced features (NousResearch#5158) fix(telegram): prevent duplicate message delivery on send timeout (NousResearch#5153) fix: strip MEDIA: directives from streamed gateway messages (NousResearch#5152) docs(skill): comprehensive claude-code skill rewrite v2.0 (NousResearch#5155) fix(security): guard cron script against path traversal and redact output feat: add exit code context for common CLI tools in terminal results (NousResearch#5144) fix: move pre_llm_call plugin context to user message, preserve prompt cache (NousResearch#5146) fix: --yolo and other flags silently dropped when placed before 'chat' subcommand (NousResearch#5145) fix: include approval metadata in terminal tool results (NousResearch#5141) ...
Tommyeds
pushed a commit
to Tommyeds/hermes-agent
that referenced
this pull request
Apr 12, 2026
…ousResearch#4367) (NousResearch#5185) Add 5 regression tests from PR NousResearch#4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 6367e1c. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
angelburgosrosado
pushed a commit
to angelburgosrosado/hermes-agent
that referenced
this pull request
Apr 27, 2026
…ousResearch#4367) (NousResearch#5185) Add 5 regression tests from PR NousResearch#4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 332c115. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
…ousResearch#4367) (NousResearch#5185) Add 5 regression tests from PR NousResearch#4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 6367e1c. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
olympus-terminal
pushed a commit
to olympus-terminal/hermes-agent
that referenced
this pull request
May 16, 2026
…ousResearch#4367) (NousResearch#5185) Add 5 regression tests from PR NousResearch#4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 80522ed. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…ousResearch#4367) (NousResearch#5185) Add 5 regression tests from PR NousResearch#4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 6367e1c. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…ousResearch#4367) (NousResearch#5185) Add 5 regression tests from PR NousResearch#4476 (gnanam1990) to prevent re-introducing the IGNORECASE bug that caused lowercase Python/TypeScript variable assignments to be incorrectly redacted as secrets. The core fix landed in 454d48b. Tests cover: - Lowercase Python variable with 'token' in name - Lowercase Python variable with 'api_key' in name - TypeScript 'await' not treated as secret value - TypeScript 'secret' variable assignment - 'export' prefix preserved for uppercase env vars Co-authored-by: gnanam1990 <gnanam1990@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 5 regression tests for the IGNORECASE bug in
_ENV_ASSIGN_RE(issue #4367). The core fix already landed in commit 6367e1c — these tests prevent re-introduction.Tests salvaged from PR #4476 by @gnanam1990 (most comprehensive of the three submitted PRs).
Tests added:
before_tokens = ...)awaitnot treated as secret valuesecretvariable assignmentexportprefix preserved for uppercase env varsCloses #4367
Co-authored-by: gnanam1990 gnanam1990@users.noreply.github.com