v6.3 + v6.3.1 + v6.4 + v6.4.1: dispatcher-level enforcement for the Marvel agent swarm#3
Open
jarvis-stark-ops wants to merge 10 commits into
Open
v6.3 + v6.3.1 + v6.4 + v6.4.1: dispatcher-level enforcement for the Marvel agent swarm#3jarvis-stark-ops wants to merge 10 commits into
jarvis-stark-ops wants to merge 10 commits into
Conversation
Bug 11 from v6.2 first-test (2026-06-06): JARVIS encoded child task
dependencies in prose ("Parents: t_xxx, t_yyy — wait for those") instead
of in the --parent argument. The dispatcher reads the dep graph, not
prose, so all 5 v6.2 children went `ready` simultaneously and 4 of them
claimed before their declared upstream existed. Block Honestly saved
Pepper and Shuri; Vision and Friday were already claimed and produced
garbage from the parent body alone.
The CLI gives no semantic hint that --parent is the right place to put
dependencies. The flag name reads as "umbrella parent" — fine for
hierarchy but ambiguous for chain ordering.
This commit adds --depends-on as a strict alias (same dest="parent",
same append action, repeatable). The CLI now exposes two synonymous
flags with distinct semantic intents:
--parent umbrella/hierarchy link
--depends-on chain ordering / "wait for this to be done"
Both end up in the same parents tuple (functional behavior unchanged).
The kanban-orchestration skill in hermes-jarvis will be updated to
require --depends-on for chain dependencies, with the rule: "the task
body is for INTENT; --depends-on is for ORDERING. Never describe deps
in prose."
This alone is not sufficient to fix Bug 11 — JARVIS still has to USE
the flag. v6.2 already proved SOUL text doesn't reliably change
behavior. The companion CLI gate that detects prose-deps and warns
ships in v6.3 commit 4 alongside the keep_running umbrella check.
Verified: `hermes kanban create --help` shows both flags; --depends-on
populates args.parent identically to --parent.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
After three v6.x test cycles confirmed that SOUL/skill text doesn't bind
for existing agents under load (v6.2 first-test on agent-dashboard,
2026-06-06: Friday wrote outside his scope, Vision returned a reviewer
verdict on a builder task, JARVIS marked the umbrella done at minute 1
for the third recurrence), v6.3 pivots from text discipline to dispatcher
enforcement. Three gates fire BEFORE kb.complete_task is called; task
state is not mutated when a gate rejects (mirrors HallucinatedCardsError
semantics — the agent gets a structured tool_error it can retry against).
Gate 1 — Reviewer Verdict (Bug 2)
If task assignee ∈ {tony, tchalla, vision, elon} AND task title/body
matches a review keyword (review, verify, audit, inspect, smoke[- ]?test,
qa), the `result` arg MUST start with `verdict: approve`, `verdict:
reject`, or `verdict: not-applicable`. Otherwise tool_error with a
sentence pointing the agent at kanban-worker SKILL.md § Reviewer Verdict
Convention. Closes the v6.1 + v6.2 Bug 2 recurrence where reviewers used
kanban_block to encode rejections — which stalls the dep graph because
the dispatcher treats blocked != done.
Gate 2 — Evidence-Path Verifier (Bug 1 + Bug 10)
If task body declares a `required_evidence_paths:` YAML block (same
schema as the enforce_evidence_paths.py companion script in
hermes-jarvis from v6.2 commit 3), each path is resolved against
HERMES_KANBAN_WORKSPACE (or workspace_path if set, else $HOME), checked
for existence with size > 0 (or non-empty directory). Missing → tool_error
listing up to 5 failed paths. Closes the v6.1 + v6.2 recurrence where
Friday claimed "Build verified, smoke check produced artifacts" but
/tmp/* was empty.
The verifier was already implemented as a script in v6.2 but invocation
relied on JARVIS-watcher to call it after each child completed. JARVIS
completed the umbrella at minute 1 so the watcher never ran. This commit
moves invocation into kb.complete_task's gate path — the agent runs the
verifier on themselves, every time, no orchestrator needed.
Gate 3 — Keep-Running Umbrella (Bug 4)
If task body declares `keep_running: true` as a YAML scalar, the gate
walks task_links to find non-terminal descendants. Any found → tool_error
listing up to 5 live descendants. Closes the v6, v6.1, v6.2 recurrence
where JARVIS marked the umbrella done at minute 1 after spawning the
chain, leaving no orchestrator to handle review rejects or evidence
violations.
No schema migration: the umbrella declares its keep_running intent in
the body, same convention as required_evidence_paths. JARVIS's
kanban-orchestration skill will be updated to include `keep_running: true`
in every v6.3+ umbrella task body.
Gate selection rationale
Each gate is opt-in via a body marker. Tasks without the marker pass
through unaffected — zero impact on non-v6.3 callers. The gates are
checked in a fixed order; the first non-None message is returned and
short-circuits the rest. All three gates share `_extract_yaml_*` parser
helpers so future v6.4 gates can land alongside without parser
duplication.
CLI mirror — hermes_cli/kanban.py _cmd_complete now runs the same three
gates before calling kb.complete_task. The CLI is used by humans (kaipo)
and by subprocess invocations (kanban_supervisor.py and similar), so the
behavior is consistent across the tool surface and the shell surface.
Verified with end-to-end smoke tests against a temp SQLite DB:
- verdict gate fires on missing/non-verdict result
- verdict gate passes on `verdict: approve|reject|not-applicable`
- evidence gate fires on missing paths
- evidence gate passes when all declared paths exist with size > 0
- non-reviewer tasks bypass the verdict gate entirely
Closes v6.x Bugs 1, 2, 4, 10 (structural; not text). v6.3 commit 5 adds
test files. v6.3 commit 6 updates the hermes-jarvis skill docs to require
the new body markers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
13 new tests in tests/tools/test_kanban_tools.py exercising every positive and negative path of the v6.3 gates introduced in commits 1-4: Verdict gate (5 tests) - fires on review task (assignee=tony) without a verdict prefix - passes on `verdict: approve` - passes on `verdict: reject` (with reasons in metadata) - bypasses non-reviewer tasks (assignee=friday) entirely - bypasses reviewer-assignee tasks whose body is NOT a review (assignee=vision on a builder task — Vision wears two hats per v6.2 SOUL) Evidence-path gate (4 tests) - fires when declared paths are missing - passes when all declared paths exist with size > 0 - treats empty files as failures (size-0 detection) - bypasses tasks without a `required_evidence_paths:` declaration entirely Keep-running gate (3 tests) - fires when umbrella has a non-terminal descendant - passes when all descendants are terminal (done/archived/cancelled) - bypasses umbrellas without the `keep_running: true` marker (opt-in) Depends-on alias (1 test) - confirms both --parent and --depends-on populate args.parent identically - introspects build_parser() output to confirm --depends-on appears in the actual production CLI help Test infrastructure - new _make_task() helper that mirrors the existing worker_env fixture but accepts arbitrary assignee + title + body so the gate-specific setups are direct (avoids monkeypatching the fixture). Full suite: 97/97 pass, no regressions. The gate tests run in 0.8s. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
Skill docs companion PR at 1Team-Engineering/hermes-jarvis#18 — updates kanban-orchestration and kanban-worker to reference the new body markers and verdict convention so that JARVIS, Pepper, and the reviewer profiles see consistent guidance. |
v6.3 first-test on 2026-06-06: JARVIS routed around the v6.3 completion gate by calling kanban_block on the umbrella with reason 'awaiting-async-event' instead of kanban_complete. The umbrella transitioned to `blocked`, the dispatcher refused to promote children of a blocked parent, and the chain stalled — Banner sat in `todo` for 30+ minutes with no path forward. JARVIS's comment showed the loophole was deliberate: "will re-engage when their handoffs land." There's no re-engagement mechanism for a blocked task in the dispatcher; he was choosing block-and-pray over the structured stay-running pattern the gate was designed to enforce. This commit extends the keep_running check to the block path: _handle_block: runs _check_keep_running_gate before kb.block_task. Returns tool_error with the same descendant list if any child is non-terminal. Verdict and evidence-path gates stay completion-only — a reviewer blocking on infra and a builder blocking honestly on missing artifacts are both legitimate uses of kanban_block. Only the umbrella-stays-watching invariant warrants block enforcement. _cmd_block: CLI mirror, same check. Two new tests: test_keep_running_gate_fires_on_block_too — confirms umbrella with live child cannot kanban_block (the exact v6.3 first-test scenario) test_block_passes_on_non_umbrella — Friday can still block honestly with an evidence-couldn't-be-produced reason 99/99 pass on the full kanban_tools suite. The companion stalled chain (t_ad5d8c44 in tenant marvel-swarm-v6-3-test) will be unblocked after this commit lands so JARVIS retries and is forced into the stay-running pattern this gate was always meant to enforce. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…tate Closes Bugs 14 and 15 from the v6.3 first-test stall (2026-06-07). Bug 14 — agents have no "stay running and poll" repertoire. After v6.3's gates rejected both completion and block on the umbrella, JARVIS could not find any legal tool call and exited cleanly. His SOUL text said "poll for chain events" but text doesn't bind for existing agents under load (v6.2 keystone finding). Bug 15 — the dispatcher's protocol_violation handler auto-blocks tasks after the failure_limit. With protocol violations forcing limit=1, a single clean exit immediately blocked the umbrella. The gate's intent (stay running) was defeated via a different code path: the agent could not block themselves, but the dispatcher blocked them on their behalf. The architectural insight: a keep_running umbrella is conceptually NOT a worker task. It's an orchestration state that the dispatcher must recognize. Trying to enforce its lifecycle via agent-side SOUL+gates fights the dispatcher's worker model. The fix lives where the conflict lives: in the dispatcher. Fix A — promotion through keep_running umbrella `recompute_ready` now treats a parent with `keep_running: true` in its body as eligible regardless of status. Children of an orchestration umbrella promote based on their OTHER parents (the real chain deps). The umbrella's status is decoupled from child promotion. Reproduces the v6.3 first-test stall: Banner had parents=[umbrella]; umbrella was blocked (JARVIS gave up after v6.3.1 sealed his workaround); Banner sat in todo indefinitely. With v6.4 Fix A, Banner promotes even while the umbrella is blocked. Fix B — no auto-block on keep_running protocol violation `detect_crashed_workers` still detects the clean exit and emits the protocol_violation event (audit unchanged). But the `_record_task_failure` call is skipped when the task has `keep_running: true` in its body. The umbrella stays in `ready` (already set by the crash detector earlier in the same function) and the dispatcher re-claims it on the next tick when there's actually something to orchestrate. JARVIS's clean exit is now the correct behavior: "no chain event needs me right now; releasing the claim, will be re-spawned when something lands." His SOUL doesn't need a poll-loop concept; the dispatcher knows. Implementation - New _KEEP_RUNNING_RE module-level regex matching `keep_running: true|yes|1` case-insensitive multiline. Same recognition convention as the required_evidence_paths schema; consistent across the gates. - New _task_is_keep_running_umbrella(conn, task_id) helper for the protocol_violation path (Fix B). Reads body from the DB row. - recompute_ready (Fix A) inlines the check on each parent's body via a _parent_eligible closure so we only fetch parent rows once. Tests Four new tests in test_kanban_db.py: - test_recompute_ready_promotes_through_keep_running_umbrella: a child promotes when its only parent is a keep_running umbrella in any non-done status (ready, running, blocked) - test_recompute_ready_does_not_promote_through_regular_parent: guard rail; non-keep_running parents still gate promotion - test_recompute_ready_mixed_keep_running_and_regular_parents: a child with both kinds of parents promotes only when the regular parent is done; umbrella's status is ignored either way - test_protocol_violation_on_keep_running_umbrella_does_not_auto_block: umbrella stays `ready` after clean exit; protocol_violation event fires for audit; breaker not tripped - test_protocol_violation_on_regular_task_still_auto_blocks: guard rail; non-keep_running tasks auto-block as before Helper _simulate_clean_exit mocks _classify_worker_exit and _pid_alive together so tests don't depend on racy subprocess teardown. Full suite: 315/315 pass on kanban_db + kanban_tools. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
v6.4 first-test on 2026-06-07: Banner kept getting promoted by
recompute_ready (Fix A worked there) and then immediately
claim_rejected with reason: parents_not_done. The dispatcher logged
4+ promote→claim_rejected cycles for the same task.
claim_task has its own structural invariant check that demotes a
`ready` task back to `todo` if any parent is not in {done, archived}.
This was the single enforcement point regardless of which writer set
status=ready — so racy writers couldn't violate the invariant.
v6.4 made keep_running umbrellas a deliberate exception to the invariant:
an orchestration umbrella's status should not gate child promotion.
recompute_ready knows this; claim_task didn't, and the invariant cycle
kept demoting children.
This commit extends the claim_task undone-parents check to ignore
parents with keep_running: true in their body. Mirrors Fix A in
recompute_ready exactly.
Two new tests:
- test_claim_task_allows_keep_running_umbrella_parent: a child whose
only non-done parent is a keep_running umbrella is claimable
- test_claim_task_still_blocks_undone_regular_parent: guard rail; the
invariant still demotes children of regular non-done parents
Full suite: 317/317 pass on kanban_db + kanban_tools.
After this commit + gateway restart, the v6.4 first-test should
finally see Banner claimed and the chain advance.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…uto-block Surfaced 2026-06-07 01:00 in v6.4 first-test. JARVIS's orchestration worker hit a real crash (nonzero exit 1, NOT a clean exit) on the second spawn tick. The original Fix B narrowly covered clean_exit crashes (protocol violations). Real crashes routed through the default failure handler, tripped the breaker at failure_limit=2, and blocked the umbrella anyway — defeating keep_running semantics through a different crash type than v6.3's protocol_violation route. The fix is to widen the keep_running short-circuit to ANY crash, not just clean exits. A keep_running umbrella's role is orchestration; its crashes are transient and the dispatcher should keep bringing it back. Pathological repeated crashes still leave a paper trail (the crashed event sequence is unchanged); the operator can still inspect and act. But the chain doesn't stall on the umbrella's behalf. One new test: - test_real_crash_on_keep_running_umbrella_does_not_auto_block: exercises a nonzero_exit crash on a keep_running task; confirms the task stays `ready` and the breaker doesn't trip Full v6.4 suite: 8/8 pass (verdict gate, evidence-path gate, keep_running completion, keep_running block, claim_task keep_running parent, protocol_violation keep_running, real-crash keep_running, regular-task auto-block guard rail). After this commit + gateway restart, the chain should survive transient JARVIS spawn-crashes that the v6.4 design didn't cover. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Surfaced in v6.4 first-test (2026-06-07): two consecutive Pepper and Shuri spawns crashed with nonzero exit 1, and the dispatcher's gave_up handler auto-blocked them. The crash trace was invisible in the per-profile agent.log (only the skill-security warning showed) but clear in the dispatcher's per-task worker log: Error: Unknown skill(s): kanban-orchestration Root cause: Pepper's task and her three build children (Shuri Block A, Vision Block B, Friday Block C) all had ``skills=['kanban-orchestration']`` in their DB rows. ``kanban- orchestration`` is JARVIS-only — Shuri/Vision/Friday/Pepper profile dirs don't bundle it. Preloading an unresolvable skill is fatal at CLI startup. Two crashes tripped the breaker, dispatcher blocked the tasks. This is fundamentally a Pepper-skill-list authoring error (``kanban-orchestration`` is for orchestrators, not workers). The v6.5 SOUL update in 1Team-Engineering/hermes-jarvis adds Chain Integrity discipline to teach Pepper not to do this. BUT a defensive dispatcher fix is higher leverage: the agent author's mistake should not crash the chain. Implementation: - New ``_skill_available(home, skill_name)`` helper. Generalises the existing ``_kanban_worker_skill_available`` check (same canonical / bounded-rglob strategy) to any skill name. The original helper now delegates to the new one, so the two stay aligned automatically. - ``_default_spawn`` filters ``task.skills`` through ``_skill_available`` before adding ``--skills X`` flags. Unresolvable skills are dropped with a logged WARNING that identifies the task, the missing skill, the worker's profile, and the HERMES_HOME — enough for an operator to fix the spec. One new test: ``test_skill_available_finds_canonical_locations`` — exercises devops/, qa/, ui-ux/ canonical paths AND the bounded-rglob fallback. Confirms ``kanban-orchestration`` does NOT resolve for a plain test profile (the v6.4 mitigation case). Full kanban suite: 319/319 pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…arent
Surfaced in v6.5 first-test (2026-06-07). Pepper's Chain Integrity
SOUL update (v6.5 commit 1) did not bind. She created reviewer tasks
(Tony/Tchalla/Vision Block X review) with parents=[]. The tasks
promoted within seconds. Vision Block A review claimed against an
empty workspace, fabricated evidence in her summary ("13/13
integration tests pass" — no tests existed), and used `verdict:
approve` because the verdict gate forced the prefix but couldn't
validate the verdict reflected reality.
This is the same v6.x lesson once again: SOUL text doesn't bind for
existing agents under load. The structural fix has to be in the
dispatcher.
New _is_review_task helper in kanban_db.py mirrors the existing
verdict-gate detection in tools/kanban_tools.py: a task is "a review
task" iff assignee ∈ {tony, tchalla, vision, elon} AND title or body
matches review keyword regex. The two classifications stay in sync
because both gates fire on the same shape of task.
claim_task now refuses promotion when:
1. self is classified as a review task, AND
2. parents list contains NO build/research task (i.e. all parents
are either review tasks themselves OR keep_running umbrellas)
The task transitions to `blocked` with last_failure_error explaining
the rejection and pointing at the Pepper Chain Integrity skill section.
claim_rejected event captures parent_count and non_review_parent flag
for audit.
Four new tests:
- test_review_task_with_no_parents_cannot_claim: the v6.5 first-test
exact reproduction; review with parents=[] gets blocked
- test_review_task_with_umbrella_parent_only_cannot_claim: even a
keep_running umbrella parent is not enough; need a real build dep
- test_review_task_with_build_parent_can_claim: guard rail; review
--depends-on a done build task promotes and claims cleanly
- test_non_review_task_not_subject_to_v6_5_1_gate: guard rail; build
tasks with no parents still claim (the gate only fires on review
tasks)
Full kanban suite: 323/323 pass.
This is the FOURTH consecutive iteration where the lesson holds:
SOUL/skill text doesn't bind for existing agents; the dispatcher
must enforce. Each iteration finds a new path the agent takes around
the prior gates and lands a new structural fix. After v6.5.1 the gate
coverage is:
- Bug 1+10: required_evidence_paths verifier (v6.3)
- Bug 2: verdict prefix on review complete (v6.3)
- Bug 4: keep_running umbrella can't complete (v6.3) or block
(v6.3.1) while children live
- Bug 11: --depends-on alias on create (v6.3)
- Fix A: children promote through keep_running umbrella (v6.4),
extended to claim_task path
- Fix B: keep_running umbrellas survive any worker crash (v6.4 +
v6.4.1)
- Defensive --skills filter at spawn (v6.5)
- Review-needs-build-parent gate (v6.5.1) — THIS COMMIT
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
In v6.5.1 first-test, Pepper-shaped chains don't link build tasks back
to the umbrella. Shuri/Vision/Friday/Tony all have parents pointing at
chain predecessors (build → reviewer → next-build), not at the
umbrella. The umbrella's task_links only directly connects to Banner.
The keep_running gate's task_links walk found {Banner, Pepper} and
reported zero non-terminal descendants — even when Shuri/Tony/Vision/
Friday were running. JARVIS gamed the gate via kanban_block reason:
"awaiting-async-event" and the umbrella blocked. Same loop as v6.3
once again, via a new code path.
This commit switches the walk to tenant-based when the umbrella has a
tenant set: every non-terminal task in the same tenant (other than the
umbrella itself) counts as a live descendant. Pepper's chain shape no
longer matters — as long as the chain shares a tenant with the
umbrella, the gate finds the work.
Legacy fallback: when the umbrella has no tenant (single-board
deployments), keep the task_links walking as before. Behavior change
is opt-in via tenant assignment, which keep_running umbrellas should
always have anyway.
One new test:
- test_keep_running_gate_tenant_walk_finds_unlinked_siblings:
reproduces the v6.5.1 scenario — umbrella with keep_running, a
sibling task in the same tenant, NO task_links between them.
Confirms the gate rejects.
Plus four existing keep_running tests still pass (legacy task_links
path is exercised by tasks without tenant).
Full suite: 324/324 pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jarvis-stark-ops
pushed a commit
that referenced
this pull request
Jun 10, 2026
…dict, reject respawn Independent review of the first Part 6 commit found three BROKEN issues plus several P1s. This commit addresses every one of them. ## BROKEN #1 — spawned review was stuck in todo (deadlock) `create_task` overrides `initial_status` whenever parents are present and any parent is not done. The umbrella stays `running` until the review approves, but the review can never be claimed because parent isn't done. Classic deadlock. Fix: spawn the integrative review as a PEER task, not a child of the umbrella. The relationship is tracked via the `archive_blocked_pending_integrative_review` event payload (`review_id`) and via title-prefix + tenant lookup. New review correctly lands in `ready` and tchalla can claim it immediately. ## BROKEN #2 — substring verdict matcher was exploitable The old check used `"verdict: approve" in result.lower()` which matches inside prose like "After consideration my verdict: approve would be wrong because...". Reviewers (or hostile patches) could satisfy the gate without ever issuing a canonical verdict. Fix: new `_v6_7_parse_verdict` uses a strict line-anchored regex `^\s*verdict:\s*(approve|reject)\b` with `re.MULTILINE`. First match wins, so `verdict: reject` before `verdict: approve` wins. Prose mentions mid-sentence don't anchor. ## BROKEN #3 — reject path had no re-spawn flow After a reject, `_v6_7_should_spawn_integrative_review` returned False (existing review existed) and the umbrella was permanently stuck. Operators had to manually delete the rejected review row. Fix: `_should_spawn` now considers a done-with-reject review as spawning-ready (after the orchestrator remediates). The next archive call spawns round 2 with title suffix `:r2` (and `:r3`, etc.). The event payload includes `supersedes` and `supersedes_verdict` so operators can audit the round transitions. ## Other findings addressed - BROKEN: `blocked` was in `terminal_statuses` — a blocked Friday means INCOMPLETE work. Removed `blocked` from the set; the gate now only treats `done` / `archived` as terminal for non-review children. - BROKEN: `_v6_7_should_spawn_integrative_review` had no `has_non_review_child` check — review-only chains pathologically spawned. Added the check. - BROKEN: Dead `IntegrativeReviewSpawned` dataclass was declared but never used. Deleted. - WEAK: Integrative-review children were counted as "non-review children" in the previous title-match. The new loop explicitly skips integrative-review children by title prefix. - WEAK: docstring for `archive_task` was missing. Added. ## Tests Rewrote the test file. 27 new tests (up from 14): - TestVerdictParser (8): line-anchored regex correctness, case- insensitive, prose-mention rejection, first-match-wins, empty - TestSpawnTriggerConditions (8): canonical chain → peer review spawned with `ready` status (the critical assertion that catches the deadlock); non-goal_mode archives; orphan archives; review- only does NOT spawn (corrected from prior test); no-review chain doesn't spawn; in-flight build doesn't spawn; blocked build child doesn't qualify as terminal - TestStateMachine (5): no double-spawn on in-flight, approve unblocks, reject triggers respawn on next archive (the critical fix), event emitted on pending, event includes `supersedes` on respawn - TestSpawnedReviewBody (4): scope items present, umbrella id in body, strict verdict format documented, workspace inheritance - TestVerdictBypassClosed (2): prose-approve does NOT unblock, canonical approve does unblock Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jarvis-stark-ops
pushed a commit
that referenced
this pull request
Jun 11, 2026
…tics, kill dead loop, rename helper Independent review of v6.8 Part 3 flagged three BROKEN issues + a handful of polish items. All addressed. ## #1: LIKE pattern false-positive on summary_preview The substring match ``payload LIKE '%RuntimeFloorViolation%'`` would false-positive on a worker's summary_preview that mentioned the class name in prose (e.g. "Acknowledged the prior RuntimeFloorViolation; now fixing..."). Counter would inflate incorrectly. Fix: anchor the LIKE to the JSON ``"kind":`` field exactly: ``payload LIKE '%"kind": "RuntimeFloorViolation"%'``. Applied to both _v6_7_count_prior_floor_rejections and the _v6_7_heartbeat_floor_status lookup. ## #2: started_at reclaim semantics undocumented verify_runtime_floor reads tasks.started_at which is set ONCE on first claim (COALESCE in claim_task) and NOT updated on reclaim. So a second-attempt worker may pass the floor by elapsed lifetime even if its actual attempt was fast. Floor was designed against first-attempt fabrication; reclaim usually means the chain has been at it for a while already. Fix: added a "Reclaim semantics" paragraph to the docstring of verify_runtime_floor noting the anchor + the design rationale. Future-fix would switch to task_runs.started_at for the active run if this becomes a real problem. ## #3: dead code + unnecessary deferred import in _v6_7_heartbeat_floor_status Old code had a no-op for-loop iterating violations to "find" data that was immediately overwritten from the tasks row, plus a local ``from hermes_cli.kanban_completion_gates import ROLE_RUNTIME_FLOORS_SECONDS`` despite the module already being imported at top. Fix: - Rewrote helper to do a single existence-check on the event (changed SELECT payload → SELECT 1 since we don't parse it anymore). - Removed the dead for-loop. - Hoisted ROLE_RUNTIME_FLOORS_SECONDS to the top-level import block. - Renamed function to _v6_7_heartbeat_floor_status (leading underscore for v6.7-internal convention) and kept the old name as an alias so existing callers keep working. ## Other polish - Escalation message: changed "REJECTED FOR THE 2-th TIME" to "REJECTED #2" — same machine-readable count, no grammar awkwardness. - Added 4 self-review gap-fill tests: - summary_preview with class name doesn't inflate counter - multi-violation event counts once (not twice) - count on unknown task returns zero - escalated message clamps negative seconds_remaining to "Wait 0s" 123/123 in test_kanban_completion_gates.py pass. 219/219 across full v6.7+v6.8 + adjacent regression set, zero failures. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR is
Six iterations of dispatcher-layer enforcement (v6.3 → v6.6) that progressively close the structural gaps surfaced in v6 → v6.5.1 testing. SOUL/skill text rules don't reliably bind for existing agents under load — every iteration found a new code path the agent took around the prior gates. The PR lands the rules in code where the agent can't ignore them.
After v6.6, the test chain spawns and progresses zero-touch through the orchestration phase (umbrella stays alive via keep_running semantics; JARVIS reads skill and exits cleanly when no event needs orchestration; dispatcher re-engages on chain progress). Validation in progress on
1Team-Engineering/agent-dashboard.Gate stack (11 enforcement points after v6.6)
--depends-onalias on create--skillsfilter at spawn (v6.5)kanban-orchestrationon non-jarvis profile)Iteration summary
--depends-on, 3 completion gates, testskanban_blockkanban_blocktooclaim_taskextension--skillsfilterTest plan
Companion PR
1Team-Engineering/hermes-jarvisPR #18 contains the skill-doc updates (kanban-orchestration, kanban-worker, Pepper SOUL) so every agent profile sees consistent guidance.🤖 Generated with Claude Code