feat: add config toggle to disable secret redaction

New config option: security: redact_secrets: false # default: true When set to false, API keys, tokens, and passwords are shown in full in read_file, search_files, and terminal output. Useful for debugging auth issues where you need to verify the actual key value. Bridged to both CLI and gateway via HERMES_REDACT_SECRETS env var. The check is in redact_sensitive_text() itself, so all call sites (terminal, file tools, log formatter) respect it.
2026-04-30 01:41:43 +00:00 · 2026-03-09 01:04:33 -07:00 · 2026-03-09 01:04:33 -07:00 · 57b48a81ca
commit 57b48a81ca
parent 7af33accf1
4 changed files with 21 additions and 0 deletions
--- a/hermes_cli/config.py
+++ b/hermes_cli/config.py
@ -104,6 +104,10 @@ DEFAULT_CONFIG = {
        },
    },
    
+    "security": {
+        "redact_secrets": True,  # Mask API keys, tokens, passwords in tool output
+    },
+
    "display": {
        "compact": False,
        "personality": "kawaii",