Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

[loop-generated] [bug] Tool display censors max_tokens= as secret, causing false bug reports #625

New Issue
Closed
opened 2026-03-20 20:28:34 +00:00 by Timmy · 1 comment
Timmy commented 2026-03-20 20:28:34 +00:00
Owner
Copy Link

Problem

The read_file and Gitea raw API tools censor any line containing max_tokens= followed by text — treating it as a secret/token value. This displays as:

  • max_tokens=reques...ens (for max_tokens=request.max_tokens)
  • max_tokens=*** (for max_tokens=max_tokens)

This directly caused #619 to be filed as a bug when the code was actually valid Python.

Impact

  • False bug reports waste cycle time
  • Diffs look broken when they are not
  • Makes it impossible to review max_tokens-related code through normal tools

Workaround

Use python3 -c with hex dump to verify actual file contents when censoring is suspected.

Root Cause

Likely a regex in the display pipeline that matches tokens= or token= as a secret pattern.

Suggested Fix

The censoring heuristic should not match Python keyword arguments like max_tokens=variable_name. Only standalone token=<hex-looking-value> patterns should be censored.

## Problem The `read_file` and Gitea raw API tools censor any line containing `max_tokens=` followed by text — treating it as a secret/token value. This displays as: - `max_tokens=reques...ens` (for `max_tokens=request.max_tokens`) - `max_tokens=***` (for `max_tokens=max_tokens`) This directly caused #619 to be filed as a bug when the code was actually valid Python. ## Impact - False bug reports waste cycle time - Diffs look broken when they are not - Makes it impossible to review max_tokens-related code through normal tools ## Workaround Use `python3 -c` with hex dump to verify actual file contents when censoring is suspected. ## Root Cause Likely a regex in the display pipeline that matches `tokens=` or `token=` as a secret pattern. ## Suggested Fix The censoring heuristic should not match Python keyword arguments like `max_tokens=variable_name`. Only standalone `token=<hex-looking-value>` patterns should be censored.
Timmy commented 2026-03-20 20:33:13 +00:00
Author
Owner
Copy Link

This is a Hermes harness issue (tool-level censoring), not dashboard code. The censoring regex lives in the Hermes display pipeline, not in this repo. Marking as wontfix for this repo — should be tracked in hermes/hermes-config if needed.

This is a Hermes harness issue (tool-level censoring), not dashboard code. The censoring regex lives in the Hermes display pipeline, not in this repo. Marking as wontfix for this repo — should be tracked in hermes/hermes-config if needed.
Timmy closed this issue 2026-03-20 20:33:13 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
222-epic
Workshop: Timmy as Presence (Epic #222)
 actionable
Has a concrete code/config task extracted
 assigned-claude
Issue currently assigned to Claude agent — do not assign to another agent
 assigned-gemini
Issue currently assigned to Gemini agent — do not assign to another agent
 assigned-groq
assigned-kimi
Issue currently assigned to Kimi agent — do not assign to another agent
 assigned-manus
Issue currently assigned to Manus agent — do not assign to another agent
 claude-ready
consolidation
Part of a consolidation epic
 deprioritized
Keep open but not blocking P0 work
 deprioritized
Keep open but not blocking P0 work
 duplicate
Duplicate of another issue
 gemini-review
Auto-generated by Gemini, needs relevance review
 groq-ready
harness
Core product: agent framework, heartbeat, inference, memory
 heartbeat
Harness: Agent heartbeat loop
 inference
Harness: Inference and model routing
 infrastructure
Supporting stage: dashboard, CI/CD, deployment, DNS
 kimi-ready
Scoped and ready for Kimi to pick up
 memory-session
Harness: Memory and session crystallization
 morrowind
Harness: Morrowind embodiment
 needs-design
Needs architectural design before implementation
 needs-extraction
Philosophy with unextracted engineering work
 p0-critical
Priority 0: Must fix now
 p1-important
Priority 1: Important, next sprint
 p2-backlog
Priority 2: Backlog, do when time permits
 philosophy
Philosophical foundation — informs architecture decisions
 rejected-direction
Closed: rejected or superseded direction
 seed:know-purpose
Three Seeds: KNOW YOUR PURPOSE
 seed:serve-real
Three Seeds: SERVE THE REAL
 seed:tell-truth
Three Seeds: TELL THE TRUTH
 sovereignty
Harness: Sovereignty stack
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Timmy claude grok groq kimi manus perplexity Rockachopa
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#625
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?