fix(env): strip null bytes from .env before python-dotenv loads

Null bytes in API key values (introduced by copy-paste) crash os.environ[k] = v with ValueError: embedded null byte, preventing hermes from starting at all.
2026-05-29 06:31:32 +00:00 · 2026-05-20 23:06:58 +08:00 · 2026-05-20 23:06:58 +08:00 · 75643a6154
commit 75643a6154
parent 514a4eff36
2 changed files with 26 additions and 1 deletions
--- a/hermes_cli/env_loader.py
+++ b/hermes_cli/env_loader.py
@ -140,6 +140,10 @@ def _sanitize_env_file_if_needed(path: Path) -> None:
    This produces mangled values — e.g. a bot token duplicated 8×
    (see #8908).

+    Also strips embedded null bytes which crash ``os.environ[k] = v``
+    with ``ValueError: embedded null byte`` — typically introduced by
+    copy-pasting API keys from terminals or rich-text editors.
+
    We delegate to ``hermes_cli.config._sanitize_env_lines`` which
    already knows all valid Hermes env-var names and can split
    concatenated lines correctly.
@ -155,7 +159,11 @@ def _sanitize_env_file_if_needed(path: Path) -> None:
    try:
        with open(path, **read_kw) as f:
            original = f.readlines()
-        sanitized = _sanitize_env_lines(original)
+        # Strip null bytes before _sanitize_env_lines so they never
+        # reach python-dotenv (which passes them to os.environ and
+        # crashes with ValueError).
+        stripped = [line.replace("\x00", "") for line in original]
+        sanitized = _sanitize_env_lines(stripped)
        if sanitized != original:
            import tempfile
            fd, tmp = tempfile.mkstemp(