Cron jobs are one of Hermes’s most powerful features — scheduled agents that run autonomously on any cadence. But they had a security issue: jobs weren’t always running under the correct secret scope.
The Bug
When you schedule a Hermes cron job, it runs in its own session with its own profile. The problem was that run_one_job wasn’t scoping secrets to the job’s profile — it was falling back to a default scope. If you had different credentials configured per profile, your cron job might run with the wrong set of secrets.
Worse, if a job used a profile with elevated permissions and the job’s output was delivered to a public channel (like a team Slack), your credentials were effectively exposed.
The Fix
Two commits addressed this:
-
fix(cron): run jobs under the profile secret scope— the core fix. Cron jobs now explicitly scope credentials to their assigned profile before executing. -
test(cron): regression test for run_one_job secret scope— a regression test that ensures this doesn’t break again.
Why This Matters
This is the kind of security bug that’s easy to miss in agent systems. The agent works, the jobs run, results deliver — everything looks fine. But credentials are leaking through a gap in profile scoping.
Hermes takes security seriously. The credential guard system, the .env file scanner, and now the cron secret scoping fix all point to a project that understands autonomous agents need bulletproof security.
If you use Hermes cron jobs, the fix is transparent — just update to the latest version. Your jobs now automatically run with the right secrets.