Skip to content

fix(terminal): stop leaking provider env to local subprocesses#1004

Open
PeterFile wants to merge 2 commits intoNousResearch:mainfrom
PeterFile:fix/terminal-env-scrub-1002
Open

fix(terminal): stop leaking provider env to local subprocesses#1004
PeterFile wants to merge 2 commits intoNousResearch:mainfrom
PeterFile:fix/terminal-env-scrub-1002

Conversation

@PeterFile
Copy link
Contributor

@PeterFile PeterFile commented Mar 12, 2026
edited
Loading

What changed

This PR fixes terminal subprocess environment leakage for local execution.

Hermes currently loads provider credentials and endpoint overrides from
~/.hermes/.env into the parent process environment. Local terminal
subprocesses and local background processes then inherit that full
environment by default. As a result, unrelated external CLIs such as
Codex can be silently pointed at Hermes' custom provider endpoint.

This change adds a shared subprocess environment helper and uses it in
the local terminal execution paths so Hermes runtime provider variables
are removed before spawning child processes.

Updated code paths:

  • tools/environments/base.py
  • tools/environments/local.py
  • tools/process_registry.py

Behavior after this change:

  • Local foreground terminal commands no longer inherit Hermes provider
    env vars by default
  • Local background processes no longer inherit Hermes provider env vars
    by default
  • Explicit per-command env overrides still work, so callers can opt in
    when they intentionally need those variables

Why

This keeps the normal shell environment intact while preventing Hermes'
provider credentials and endpoint overrides from leaking across tool
boundaries into unrelated subprocesses.

It is a focused bug fix with a small surface area and avoids changing
provider resolution, config format, or terminal interfaces.

How to test

  1. Set a custom endpoint in ~/.hermes/.env:

    OPENAI_BASE_URL=http://localhost:8000/v1
OPENAI_API_KEY=dummy

  2. Run Hermes with the local terminal backend.

  3. From Hermes, run a child process that prints the variable:

    python -c 'import os; print(os.getenv("OPENAI_BASE_URL", ""))'

  4. Confirm the child process prints an empty string by default.

  5. Confirm explicit env injection still works for local subprocesses when
    intentionally provided by the caller.

  6. Run the targeted regression tests:

    pytest -o addopts='' tests/tools/test_terminal_env_sanitization.py -q
pytest -o addopts='' tests/tools/test_process_registry.py -q
pytest -o addopts='' tests/tools/test_file_tools_live.py::TestLocalEnvironmentExecute -q

Platforms tested

  • macOS

Related issues

Fixes #1002

@PeterFile
fix: Scrub provider env from terminal subprocesses
f467bbb 
Keep the normal shell environment for local terminal commands and
background processes, but stop inheriting Hermes runtime provider
credentials by default.

This prevents OPENAI_BASE_URL and related provider settings from
leaking into unrelated CLIs such as Codex while still allowing
explicit env overrides when a caller opts in.

Refs: NousResearch#1002
@PeterFile
chore: Remove AGENTS note from PR
8ffa480 
Drop the AGENTS.md update from this bugfix branch so the PR stays
focused on the terminal environment scoping fix.
@PeterFile PeterFile changed the title Scrub provider env from terminal subprocesses fix(terminal): stop leaking provider env to local subprocesses Mar 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: terminal subprocesses inherit OPENAI_BASE_URL and break external Codex CLI when Hermes uses a custom endpoint

1 participant

@PeterFile