feat(workbench): add browser workspace, kanban feedback, and executor CLI foundations

[gu87]

Summary

This branch delivers three foundation layers for the Hermes Agent desktop workbench. First, a read-only Browser Workspace — an Electron host that renders external URLs and exposes a chat message insertion contract, without any browser automation capability. Second, kanban review/QA feedback events — structured defect tracking wired into the CLI kanban surface. Third, a complete executors framework spanning a typed registry, capability-based router, five CLI adapters, guarded worktree tools, context/inbox/prompt tooling, an IPC bridge, review chain primitives, and a top-level argparse CLI entry point. Two UI upgrades ship alongside: structured tool-result preview panels and embedded chat session routing. All executor modules are backed by 463 passing tests, destructive operations are gated behind confirmation prompts, and import side-effect guards prevent the CLI from leaking into live subsystems.

What Changed

Browser Workspace

• Electron host scaffold: main.ts (lifecycle, window management, IPC handlers), preload.ts (context bridge), renderer.html (shell), schema.ts (typed contracts)
• Chat message insertion contract (browser-workspace:insert-chat-message) validated against a golden contract-snapshot.json via validate-contract.mjs
• Static dashboard plugin assets under plugins/browser-workspace/dashboard/
• The host renders external URLs in a BrowserView; it does not implement click, type, submit, or navigate automation

Kanban Review/QA Feedback

• hermes_cli/kanban_feedback.py — structured review and QA defect event types with typed routing
• hermes_cli/kanban.py — kanban surface integration glue
• hermes_cli/web_server.py — lightweight HTTP server for dashboard plugin delivery
• Unit coverage in tests/hermes_cli/test_kanban_cli.py

Structured Preview UI

• web/src/components/ToolCall.tsx — structured preview panel that renders tool results with formatted sections instead of raw JSON blobs
• web/src/components/ChatSidebar.tsx — expanded sidebar with session list, routing, and status indicators
• web/src/pages/ChatPage.tsx / web/src/pages/ConfigPage.tsx — page-level wiring for preview and sidebar
• web/src/App.tsx — top-level routing integration

Embedded Chat Routing Mode

• Chat session routing embedded into the web app shell so the UI can deep-link into specific sessions without full page reloads

Executors Framework

A — Core Registry and Router

• executors/registry.py — typed executor registry with binary discovery and structured health probes
• executors/router.py — capability-based router that produces recommendations and accepts user overrides
• executors/types.py — shared dataclass type system (capabilities, routing decisions, health status, executor info)
• executors/health.py — per-executor health checks with table and JSON output formatters

B — Adapters

• executors/claude_code_adapter.py — Claude Code CLI adapter
• executors/codex_adapter.py — Codex adapter
• executors/deepseek_tui_adapter.py — DeepSeek TUI adapter
• executors/hermes_local_adapter.py — Hermes local adapter
• executors/opencode_adapter.py — OpenCode adapter
• All adapters conform to the shared ExecutorCapabilities contract defined in types.py

C1 — Context / Inbox / Prompt Tools

• executors/context.py + executors/context_cli.py — workspace context injection CLI
• executors/inbox.py + executors/inbox_cli.py — external inbox management CLI
• executors/prompt_builder.py — structured prompt assembly from context + task spec

C2 — Guarded Worktree Tools

• executors/worktree.py + executors/worktree_cli.py — worktree create, list, merge, and discard
• Merge and discard operations require explicit user confirmation or --force; the gate is verified in tests
• Root resolution walks up to the parent repository, avoiding path assumptions

D1a — Bridge / IPC / Review Parsing Primitives

• executors/ipc.py — typed IPC message protocol with structured envelopes
• executors/bridge.py + executors/bridge_cli.py — run-event-log ↔ review bridge
• executors/review_agent.py — review chain agent logic

D1b — Review Handler + Review CLI

• executors/review_handler.py — review orchestration handler
• executors/review_cli.py — review subcommand CLI

D2 — Top-Level CLI

• executors/cli.py — argparse-based entry point wiring all subcommands: registry, health, routing, worktree, context, review, QA, inbox, and bridge
• executors/__init__.py — package public API surface
• Delegates destructive subcommands (worktree) to the guarded handler paths
• Import side-effect guards verified in tests: importing the CLI module does not invoke shutil.which, load hermes_cli, or spawn subprocesses

Safety Boundaries

• Browser Workspace is strictly read-only. The Electron host renders external URLs in a BrowserView and exposes a chat message insertion IPC contract. No agent can click, type, submit, or navigate within the rendered page. No browser automation capability exists in this PR.
• No Chrome extension compatibility layer. The Browser Workspace uses an Electron shell, not a Chrome extension harness. Chrome extension APIs (tabs, scripting, debugger) are not used or polyfilled.
• Worktree destructive operations are gated. Merge and discard both require explicit user confirmation (interactive prompt) or --force. Tests verify the gate blocks unconfirmed destructive calls.
• Executor tests never call real external CLIs or models. All adapter tests use binary stubs or mock registries. No network requests, no child-process side effects, no real model invocations.
• Import side-effect isolation. Five boundary guard tests confirm that importing executors/cli.py does not trigger shutil.which, does not load hermes_cli, does not spawn subprocesses, and does not import worktree, kanban_feedback, or other uncommitted modules at the top level.
• No force push, no destructive repo operations. All worktree tests operate on temporary directories under $TMPDIR. No repository-level destructive operations are performed by any test.

Validation

Check	Result
Browser host TypeScript compilation	✅ passes
Browser host contract validation (validate-contract.mjs)	✅ passes (snapshot matches schema)
Web build (web/)	✅ passes
Kanban CLI tests	✅ passes
Structured preview UI build	✅ passes
py_compile — all executor modules	✅ passes
tests/executors/ full suite	✅ 463 passed, 0 failed
tests/executors/test_cli.py	✅ 48 passed
Import side-effect guards (5 checks)	✅ all pass
Missing-binary fallback resilience (3 checks)	✅ all pass
Worktree confirmation gate tests	✅ gate blocks unconfirmed, --force bypasses

What Did Not Ship

• Browser action automation — no click, type, submit, navigate, or scroll APIs
• Chrome extension compatibility — no chrome.tabs / chrome.scripting / chrome.debugger bridge
• ChatSessionSidebar wiring — kept as a local excluded draft, not connected to the app shell in this PR
• Production Electron packaging, code signing, or auto-update
• Full security threat model for the Electron Browser Workspace host
• External browser adapter implementation (browser_adapter.py)
• End-to-end multi-step executor orchestration pipelines
• Bridge ↔ kanban feedback path integration (the two remain architecturally separate by design)

Risks / Follow-ups

• Native macOS visual checks are still needed for the Electron Browser Workspace. TypeScript compilation and contract validation pass, but the rendered shell has not been visually verified on macOS.
• Executors review/QA path remains separate from the kanban_feedback event path by design. Future work may bridge them at the routing or bridge layer, but for now they are independent subsystems.
• ChatSessionSidebar is kept as a local excluded draft. It is not wired into the app shell and is not part of this PR. Downstream work will need to integrate it.
• Larger end-to-end executor orchestration (multi-step run pipelines with real adapters) still needs integration testing. The current tests validate each module in isolation.
• hermes_cli/kanban_feedback.py introduces a new feedback event path. Its interaction with the existing kanban CLI surface should be documented before downstream consumers adopt it.
• Browser Workspace contract is validated against a golden snapshot. If the IPC contract evolves, the snapshot must be updated and re-validated.

Commit Breakdown

SHA	Title	Purpose
ce62fbc5c	feat(browser-workspace): Electron host lifecycle + chat insertion contract	Scaffold the read-only Browser Workspace: Electron main process lifecycle, preload context bridge, renderer shell, typed schema, contract validation script, and golden snapshot
312050bfe	feat(kanban): add review and QA feedback events	Structured review/QA defect event types, routing, and kanban surface integration
313b5d896	feat(ui): add structured preview panel for tool results	Render structured tool-call results in a formatted preview panel instead of raw JSON
86d2b64e7	feat(ui): add embedded chat routing mode	Add embedded chat session routing to the web app shell
51671f813	feat(executors): add core registry and router API	Typed executor registry with binary discovery, health probes, and capability-based router
b9b28ddf4	feat(executors): add CLI adapter implementations	Five adapters (Claude Code, Codex, DeepSeek TUI, Hermes local, OpenCode) implementing the shared capabilities contract
db8129cf0	feat(executors): add context inbox and prompt tools	Workspace context injection CLI, external inbox management CLI, and structured prompt assembly
a95211d9e	feat(executors): add guarded worktree tools	Worktree create/list/merge/discard with confirmation gates on destructive operations and parent-repo root resolution
50bb17679	feat(executors): add bridge IPC and review parsing primitives	Typed IPC message protocol, run-event-log ↔ review bridge, and review chain agent logic
5b150a6be	feat(executors): add review handler and CLI subcommands	Review orchestration handler and review subcommand CLI
7bbb0a3ed	feat(executors): add top-level CLI integration	Argparse-based entry point wiring all subcommands with import side-effect isolation and delegation to guarded handlers

🤖 Generated with Claude Code

[github-actions]

🚨 CRITICAL Supply Chain Risk Detected

This PR contains a pattern that has been used in real supply chain attacks. A maintainer must review the flagged code carefully before merging.

🚨 CRITICAL: Install-hook file added or modified

These files can execute code during package installation or interpreter startup.

Files:

hermes_cli/setup.py

---

Scanner only fires on high-signal indicators: .pth files, base64+exec/eval combos, subprocess with encoded commands, or install-hook files. Low-signal warnings were removed intentionally — if you're seeing this comment, the finding is worth inspecting.

[github-actions]

🔎 Lint report: codex/merge-8787-capabilities-into-9119 vs origin/main

ruff

Total: 3 on HEAD, 0 on base (🆕 +3)

🆕 New issues (2):

Rule	Count
PLW1514	2

First entries

executors/review_cli.py:159: [PLW1514] `pathlib.Path(...).read_text` without explicit `encoding` argument
executors/worktree.py:573: [PLW1514] `open` in text mode without explicit `encoding` argument

✅ Fixed issues: none

Unchanged: 0 pre-existing issues carried over.

ty (type checker)

Total: 9033 on HEAD, 8915 on base (🆕 +118)

🆕 New issues (166):

Rule	Count
unresolved-attribute	45
unresolved-import	40
invalid-argument-type	33
deprecated	8
unsupported-operator	7
invalid-assignment	6
invalid-parameter-default	5
unresolved-reference	4
not-iterable	4
invalid-return-type	4
not-subscriptable	4
no-matching-overload	2
empty-body	2
invalid-type-form	1
call-non-callable	1

First entries

tests/agent/test_entry_adapter.py:242: [unresolved-attribute] unresolved-attribute: Attribute `resolve_session` is not defined on `None` in union `EntryAdapter | None`
tools/delegate_tool.py:4071: [unresolved-attribute] unresolved-attribute: Unresolved attribute `_subagent_effective_blocked` on type `ExternalCliChild`
tests/hermes_cli/test_web_server.py:336: [unresolved-attribute] unresolved-attribute: Attribute `append` is not defined on `int` in union `int | list[Unknown]`
executors/codex_adapter.py:280: [deprecated] deprecated: The function `utcnow` is deprecated: Use timezone-aware objects to represent datetimes in UTC; e.g. by calling .now(datetime.timezone.utc)
tests/managed_agents/test_kanban_bridge.py:201: [unresolved-attribute] unresolved-attribute: Unresolved attribute `execution_plan` on type `Task`
agent/conversation_loop.py:4121: [unresolved-attribute] unresolved-attribute: Attribute `fail` is not defined on `None` in union `Any | None`
tests/agent/test_entry_adapter.py:231: [unresolved-attribute] unresolved-attribute: Attribute `resolve_workspace` is not defined on `None` in union `EntryAdapter | None`
tests/plugins/memory/test_fts5_builtin_provider.py:9: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
tests/agent/test_feishu_entry_adapter.py:6: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
tests/agent/test_entry_adapter.py:3: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
agent/managed_agents/session_binding.py:58: [invalid-argument-type] invalid-argument-type: Argument is incorrect: Expected `Literal["card", "thread", "alias", "default"]`, found `str`
tests/executors/test_cli.py:135: [invalid-parameter-default] invalid-parameter-default: Default value of type `None` is not assignable to annotated parameter type `list[dict[str, Any]]`
tools/delegate_tool.py:2544: [unresolved-attribute] unresolved-attribute: Unresolved attribute `_current_model_ref` on type `AIAgent`
tests/managed_agents/test_registry.py:4: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
tests/executors/test_registry.py:252: [unresolved-attribute] unresolved-attribute: Attribute `lower` is not defined on `None` in union `str | None`
hermes_cli/kanban_db.py:1067: [unresolved-reference] unresolved-reference: Name `shutil` used when not defined
tools/delegate_tool.py:4321: [invalid-argument-type] invalid-argument-type: Argument to function `_build_external_cli_child` is incorrect: Expected `str`, found `Any | str | None | list[str]`
tests/executors/test_context.py:26: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
tests/managed_agents/test_gateway.py:6: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
agent/conversation_loop.py:287: [invalid-assignment] invalid-assignment: Object of type `Any | None` is not assignable to attribute `fallback_used` on type `TaskCard | None`
tests/executors/test_review_cli.py:36: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
tests/executors/test_ipc.py:20: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
gateway/platforms/feishu.py:2574: [unresolved-reference] unresolved-reference: Name `P2CardActionTrigger` used when not defined
tests/agent/test_feishu_permission_gate.py:4: [unresolved-import] unresolved-import: Cannot resolve imported module `pytest`
tests/executors/test_review_handler.py:546: [not-iterable] not-iterable: Object of type `None` is not iterable
... and 141 more

✅ Fixed issues (76):

Rule	Count
invalid-argument-type	55
unresolved-attribute	11
unsupported-operator	4
invalid-assignment	3
unresolved-import	1
not-subscriptable	1
unresolved-reference	1

First entries

tests/skills/test_openclaw_migration.py:33: [invalid-argument-type] invalid-argument-type: Argument to function `module_from_spec` is incorrect: Expected `ModuleSpec`, found `ModuleSpec | None`
tests/hermes_cli/test_setup_openclaw_migration.py:427: [unsupported-operator] unsupported-operator: Operator `in` is not supported between objects of type `Literal["Discord"]` and `str | None`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2467: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["config.yaml session_reset"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2477: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["openclaw.json session (advanced)"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2410: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["archive/gateway-config.json"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2640: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["archive/channels-deep-config.json"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2757: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["openclaw.json approvals (rules)"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2772: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["archive/memory-backend-config.json"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2478: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["archive/session-config.json"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2680: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["openclaw.json browser (advanced)"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2715: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["config.yaml terminal"]`
tools/delegate_tool.py:3557: [invalid-argument-type] invalid-argument-type: Method `__getitem__` of type `Overload[(i: SupportsIndex, /) -> tuple[int, dict[str, Any] | dict[str, str | None | list[str]], Unknown], (s: slice[SupportsIndex | None, SupportsIndex | None, SupportsIndex | None], /) -> list[tuple[int, dict[str, Any] | dict[str, str | None | list[str]], Unknown]]]` cannot be called with key of type `str` on object of type `list[tuple[int, dict[str, Any] | dict[str, str | None | list[str]], Unknown]]`
tests/hermes_cli/test_setup_openclaw_migration.py:426: [unsupported-operator] unsupported-operator: Operator `in` is not supported between objects of type `Literal["Telegram"]` and `str | None`
agent/agent_router.py:374: [unsupported-operator] unsupported-operator: Operator `in` is not supported between objects of type `str & ~AlwaysFalsy` and `dict[Unknown, Unknown] | None`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2788: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["archive/skills-registry-config.json"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2375: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["config.yaml agent/compression/terminal"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:25: [invalid-assignment] invalid-assignment: Object of type `None` is not assignable to `<module 'yaml'>`
tests/hermes_cli/test_setup_openclaw_migration.py:561: [invalid-argument-type] invalid-argument-type: Argument to function `_gateway_platform_short_label` is incorrect: Expected `str`, found `str | list[str] | list[dict[str, str | bool]]`
agent/conversation_loop.py:216: [invalid-assignment] invalid-assignment: Object of type `Unknown` is not assignable to attribute `routing_basis` on type `TaskCard | None`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2264: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["openclaw.json hooks.*"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2552: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["agents.defaults.models"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2724: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["openclaw.json tools (full)"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2514: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal["config.yaml custom_providers"]`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:2585: [invalid-argument-type] invalid-argument-type: Argument to function `Migrator._get_channel_field` is incorrect: Expected `str`, found `str | dict[str, str] | Unknown`
optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:1148: [invalid-argument-type] invalid-argument-type: Argument to bound method `Migrator.record` is incorrect: Expected `Path | None`, found `Literal[""]`
... and 51 more

Unchanged: 4644 pre-existing issues carried over.

Diagnostics are surfaced as warnings — this check never fails the build.

[gu87]

Wrong base repository/branch. This PR was opened against stale gu87:main, causing unrelated upstream files to appear in the diff (+82,204/−9,213, 347 files, 105 commits instead of the expected +18,058/−27, 60 files, 11 commits). Reopening against NousResearch/hermes-agent:main.