Problem
When a Kanban worker is spawned, KANBAN_GUIDANCE (defined in agent/prompt_builder.py:185) is injected into the system prompt. It currently begins with:
KANBAN_GUIDANCE = (
"# You are a Kanban worker\n"
"You were spawned by the Hermes Kanban dispatcher to execute ONE task from "
...This redefines the agent identity, overriding the profile-specific SOUL.md that was loaded as layer #1 of the system prompt. The SOUL.md is supposed to be the sole identity declaration for an agent profile, but KANBAN_GUIDANCE contradicts it.
Impact
Role-purity enforcement via SOUL.md is unreliable in Kanban worker mode. An agent with a SOUL.md that says "You are a strict code reviewer. You NEVER write code" will still write code when the task asks for implementation, because KANBAN_GUIDANCE's "You are a Kanban worker" dilutes the identity signal.
Empirical test result:
A profile was created with SOUL.md: "You are a strict code reviewer. You ONLY review code. You NEVER write code." A Kanban task was created assigned to this profile asking it to "Write a Python function that calculates fibonacci." The worker:
- Implemented
fibonacci.py with full type checking and edge case handling
- Wrote
test_fibonacci.py with 12 passing tests
- Completed the task with summary "Implemented fibonacci(n) function with 12 tests passing"
- Zero acknowledgment of the role violation
Root Cause
_build_system_prompt() in run_agent.py:4838 assembles the prompt in this order:
Layer 1: SOUL.md (identity from profile)
Layer 2: HERMES_AGENT_HELP_GUIDANCE
Layer 3: KANBAN_GUIDANCE ("You are a Kanban worker")
Layer 4: Memory
Layer 5: Skills
Layer 6: Context files
User message with task context (via -q)
KANBAN_GUIDANCE at layer 3 redefines the agent's identity, contradicting SOUL.md at layer 1. Because the task-specific user message arrives last (recency bias), it has the strongest influence on the model, completing the override chain.
Fix
Remove identity statements from KANBAN_GUIDANCE entirely. It should describe the task lifecycle protocol only, not who the agent is.
Current (line 185-195 in agent/prompt_builder.py):
KANBAN_GUIDANCE = (
"# You are a Kanban worker\n"
"You were spawned by the Hermes Kanban dispatcher to execute ONE task from "
...Proposed:
KANBAN_GUIDANCE = (
"# Kanban task execution protocol\n"
"You were assigned a Kanban task via the Hermes dispatcher. "
"Your task id is in `$HERMES_KANBAN_TASK`; "
"your workspace is `$HERMES_KANBAN_WORKSPACE`. "
...The identity belongs exclusively to SOUL.md (layer 1). The protocol guidance (layer 3) should not redefine it. All lifecycle instructions (how to use kanban_show, kanban_complete, kanban_block, etc.) remain unchanged.
Verification (with our temporary patch)
After patching KANBAN_GUIDANCE to start with "Role boundaries first — Your SOUL.md identity defines who you are..." instead of "You are a Kanban worker", the same test produced a different result:
- Worker called
kanban_block(reason="Role violation: test-reviewer is a code reviewer, task asks for implementation")
- Status:
blocked (vs done before the fix)
- No files created in workspace
- Comment: "This is a code-writing task. The test-reviewer profile is bound by SOUL.md as a strict code reviewer that never writes, modifies, or generates code. Cannot execute. Needs reassignment to a coding-capable profile."
This confirms that removing the identity override from KANBAN_GUIDANCE is sufficient to make SOUL.md role enforcement work correctly.
Suggested fix location
agent/prompt_builder.py, the KANBAN_GUIDANCE tuple (currently lines 185-241). Only the first line needs to change — replace "# You are a Kanban worker\n" with a protocol-only header.
Problem
When a Kanban worker is spawned,
KANBAN_GUIDANCE(defined inagent/prompt_builder.py:185) is injected into the system prompt. It currently begins with:This redefines the agent identity, overriding the profile-specific
SOUL.mdthat was loaded as layer #1 of the system prompt. The SOUL.md is supposed to be the sole identity declaration for an agent profile, butKANBAN_GUIDANCEcontradicts it.Impact
Role-purity enforcement via SOUL.md is unreliable in Kanban worker mode. An agent with a SOUL.md that says "You are a strict code reviewer. You NEVER write code" will still write code when the task asks for implementation, because
KANBAN_GUIDANCE's "You are a Kanban worker" dilutes the identity signal.Empirical test result:
A profile was created with SOUL.md: "You are a strict code reviewer. You ONLY review code. You NEVER write code." A Kanban task was created assigned to this profile asking it to "Write a Python function that calculates fibonacci." The worker:
fibonacci.pywith full type checking and edge case handlingtest_fibonacci.pywith 12 passing testsRoot Cause
_build_system_prompt()inrun_agent.py:4838assembles the prompt in this order:KANBAN_GUIDANCEat layer 3 redefines the agent's identity, contradicting SOUL.md at layer 1. Because the task-specific user message arrives last (recency bias), it has the strongest influence on the model, completing the override chain.Fix
Remove identity statements from
KANBAN_GUIDANCEentirely. It should describe the task lifecycle protocol only, not who the agent is.Current (line 185-195 in
agent/prompt_builder.py):Proposed:
The identity belongs exclusively to SOUL.md (layer 1). The protocol guidance (layer 3) should not redefine it. All lifecycle instructions (how to use kanban_show, kanban_complete, kanban_block, etc.) remain unchanged.
Verification (with our temporary patch)
After patching KANBAN_GUIDANCE to start with "Role boundaries first — Your SOUL.md identity defines who you are..." instead of "You are a Kanban worker", the same test produced a different result:
kanban_block(reason="Role violation: test-reviewer is a code reviewer, task asks for implementation")blocked(vsdonebefore the fix)This confirms that removing the identity override from KANBAN_GUIDANCE is sufficient to make SOUL.md role enforcement work correctly.
Suggested fix location
agent/prompt_builder.py, theKANBAN_GUIDANCEtuple (currently lines 185-241). Only the first line needs to change — replace"# You are a Kanban worker\n"with a protocol-only header.