Confirmed against api/helpers.py master — the diagnosis is accurate. _build_redact_fn() currently returns the agent redactor unmodified the moment from agent.redact import redact_sensitive_text succeeds, so the local fallback patterns (ghp_…, sk-…, hf_…, AKIA…, xox[baprs]-…, the _AUTH_HDR_RE and _ENV_RE matchers, the private-key block) only ever fire in environments where the agent module isn't importable. That's exactly the regression shape this PR fixes.

A few things worth thinking about before merge:

1. Order matters and the PR gets it right. Running the agent redactor first lets it apply its richer entity-aware masking, then the fallback layer catches the specific token shapes the agent doesn't know about. Reversing the order would risk the fallback's _mask() (f"{token[:6]}...{token[-4:]}") running on a string the agent later masks differently, producing inconsistent shapes in the output.

2. Idempotency. Both redactors should be safe to chain because the masked output (ghp_xxx...yyyy) does not match the original credential regex (the prefix patterns require the full token-length to fire). Worth a sanity test asserting redact(redact(s)) == redact(s) for a sample of each token shape — if that ever breaks, the pipeline will produce ever-shrinking masked tokens.

3. Performance. Two passes per redaction call instead of one. On large session-search responses with thousands of strings, this could show up. The fallback regexes are already compiled at module load, so the marginal cost should be small, but if _redact_value() is hot (it recurses through dicts/lists), it might be worth profiling against a representative search response.

4. Tests look right. test_security_redaction.py and test_session_summary_redaction.py are the right ground truth, and the broader run including test_session_ops.py, test_session_index.py, test_session_search_bfcache_822.py covers the surfaces that consume the redacted output. Full-suite green (3486 passed, 2 skipped, 3 xpassed) is the strongest signal here.

Surgical 15/9 line diff in a single security-sensitive file. Will defer merge to maintainer review.

Released as part of v0.50.252 — thanks @NocGeek!

This PR was merged into the v0.50.252 release batch via #1387 alongside 5 other contributor fixes. The full CHANGELOG entry is at https://github.com/nesquena/hermes-webui/blob/master/CHANGELOG.md.

Pre-release verification: 3507 pytest tests pass, full QA harness pass (20 structural + 11 browser API + 23 Agent Browser CDP), Opus mentor APPROVED with two non-blocking follow-ups applied during the release batch (force=True on agent redactor, debug-log on profile fallback).

Closing this PR — the change is live on master.