fix(kanban): containment + prevention for scratch-cleanup data loss (#28818)

[teknium1]

Salvage of #28819 by @briandevans + #31315 by @leeseoki0, addressing P0 issue #28818 (Kanban can delete a real user source directory on task completion).

Summary

Two-layer fix for the data-loss vector. (1) _cleanup_workspace now refuses to shutil.rmtree anything outside Hermes-managed scratch roots. (2) create_task no longer inherits board default_workdir for kind=scratch, so the bad state stops being created in the first place.

Threat

A board's default_workdir is set to a real source tree. A task is created without an explicit workspace_kind, so it defaults to scratch. Task completion calls _cleanup_workspace which sees kind='scratch' + workspace_path= and shutil.rmtree's the user's project. Worker sibling tasks then crash with FileNotFoundError on os.getcwd().

Changes

1. Containment (fix(kanban): refuse to rmtree workspace_path outside managed scratch root (#28818) #28819, @briandevans): new _is_managed_scratch_path() whitelisting

   • HERMES_KANBAN_WORKSPACES_ROOT env override (set by dispatcher for workers)
   • <kanban_home>/kanban/workspaces (legacy default)
   • <kanban_home>/kanban/boards//workspaces (per-board)
     Strict descendancy required — the roots themselves are NOT managed (would wipe all tasks' scratch dirs at once), and sibling subtrees like /logs or board metadata are explicitly rejected.

2. Prevention (Guard Kanban scratch workspace cleanup #31315, @leeseoki0): create_task now only inherits default_workdir when workspace_kind in {'dir', 'worktree'}. Scratch tasks keep workspace_path=None, and resolve_workspace() creates the per-board scratch dir on demand.

Test plan

Combined tests cover both layers:

• managed scratch dir IS removed
• user real-source dir with .git marker IS NOT removed (the [Bug]: Kanban scratch workspace cleanup can delete real source directories #28818 vector)
• HERMES_KANBAN_WORKSPACES_ROOT env override is honored
• per-board boards//workspaces accepted
• kanban metadata sibling subtrees rejected (DB, logs, board.json)
• workspaces root itself rejected (no wipe-all)
• scratch task with default_workdir set → workspace_path=None (prevention)
• dir/worktree task with default_workdir set → inherits (regression check)

pytest tests/hermes_cli/test_kanban_db.py    # 172 passed
pytest tests/hermes_cli/ -k kanban           # 578 passed

Salvage scope

• fix(kanban): refuse to rmtree workspace_path outside managed scratch root (#28818) #28819 by @briandevans (containment): kept both commits as-is (initial fix + the follow-up tightening managed-roots to workspaces/ dirs only).
• Guard Kanban scratch workspace cleanup #31315 by @leeseoki0 (prevention): kept the create_task gate and the two new tests; consolidated the test rewrite (the previous test asserted scratch inheritance, now removed since that IS the bug).
• fix(kanban): guard _cleanup_workspace against paths outside workspaces_root #30718 by @SimoKiihamaki and fix(kanban): refuse to clean up paths outside scratch root (#28818) #29242 by @Jiahui-Gu propose narrower containment-only variants of the same fix — closing as superseded with credit.

Co-authored-by: briandevans 252620095+briandevans@users.noreply.github.com
Co-authored-by: leeseoki0 leeseoki@makestar.com

Closes #28818
Closes #28819
Closes #31315

[github-actions]

🔎 Lint report: hermes/hermes-f9dd4507 vs origin/main

ruff

Total: 0 on HEAD, 0 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 0 pre-existing issues carried over.

ty (type checker)

Total: 9101 on HEAD, 9100 on base (🆕 +1)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 4848 pre-existing issues carried over.

Diagnostics are surfaced as warnings — this check never fails the build.

[alt-glitch]

Salvage of #28819 + #31315, fixing P0 data-loss issue #28818. Supersedes #31315, #30664, #29242, #31358 (all competing fixes for the same kanban scratch-cleanup data loss vector).