Summary
Kanban workers completing verification tasks routinely claim to have created remediation cards that do not exist in the database. Workers call kanban_complete() naming card IDs (e.g., "created remediation cards t_X, t_Y, t_Z") that were never actually created. The kernel accepts kanban_complete() with no validation that the claimed IDs exist.
Evidence
In a single 2026-05-03 dispatcher session, 5 of 6 kanban verification workers reported creating remediation cards with 11 specific task IDs. Zero of those IDs existed in the database. The kanban_create() calls either:
- Silently failed (tool layer error, credential issue, etc.)
- Were hallucinated by the worker (LLM invented plausible-looking IDs)
- Were described in prose but never actually executed
Root cause
kanban_complete() has no validation layer. A worker can say "created cards t_A, t_B, t_C" in their summary/metadata and the kernel accepts it unconditionally. There's no cross-check against task_links or the task table itself.
Impact
Downstream orchestrators and humans see completion summaries claiming remediation work that never happened. Tasks stay broken while looking like they were addressed. This undermines the multi-agent reliability model — you can't trust worker handoffs.
Suggested Fixes (in order of preference)
-
Add optional created_cards field on kanban_complete() metadata. If a worker claims "created_cards": ["t_A", "t_B"], the kernel verifies each ID exists in the DB and has the completing worker as parent/creator before accepting the completion. Reject with an error message naming the missing IDs.
-
Post-completion validation hook. After completing, if the summary or metadata contains task ID patterns (regex: t_[a-f0-9]+), verify those IDs exist. If any are missing, auto-comment on the task warning the human.
-
Tighten the kanban-worker skill (skills/devops/kanban-worker/SKILL.md): require workers to verify kanban_create() return values before naming card IDs in completion. Add a rule: "Never claim you created a card unless you have a successful return value containing the ID."
Option 1 is the strongest — structural verification beats prose promises.
Environment
Hermes Agent v0.11.0 (a7fb79e)
Summary
Kanban workers completing verification tasks routinely claim to have created remediation cards that do not exist in the database. Workers call
kanban_complete()naming card IDs (e.g., "created remediation cards t_X, t_Y, t_Z") that were never actually created. The kernel acceptskanban_complete()with no validation that the claimed IDs exist.Evidence
In a single 2026-05-03 dispatcher session, 5 of 6 kanban verification workers reported creating remediation cards with 11 specific task IDs. Zero of those IDs existed in the database. The
kanban_create()calls either:Root cause
kanban_complete()has no validation layer. A worker can say "created cards t_A, t_B, t_C" in their summary/metadata and the kernel accepts it unconditionally. There's no cross-check againsttask_linksor the task table itself.Impact
Downstream orchestrators and humans see completion summaries claiming remediation work that never happened. Tasks stay broken while looking like they were addressed. This undermines the multi-agent reliability model — you can't trust worker handoffs.
Suggested Fixes (in order of preference)
Add optional
created_cardsfield onkanban_complete()metadata. If a worker claims"created_cards": ["t_A", "t_B"], the kernel verifies each ID exists in the DB and has the completing worker as parent/creator before accepting the completion. Reject with an error message naming the missing IDs.Post-completion validation hook. After completing, if the
summaryormetadatacontains task ID patterns (regex:t_[a-f0-9]+), verify those IDs exist. If any are missing, auto-comment on the task warning the human.Tighten the kanban-worker skill (
skills/devops/kanban-worker/SKILL.md): require workers to verifykanban_create()return values before naming card IDs in completion. Add a rule: "Never claim you created a card unless you have a successful return value containing the ID."Option 1 is the strongest — structural verification beats prose promises.
Environment
Hermes Agent v0.11.0 (a7fb79e)