feat(kanban): durable multi-profile collaboration board + dashboard GUI + dispatcher daemon

[teknium1]

Hermes Kanban — durable multi-profile collaboration board

Summary

Adds a first-class multi-agent collaboration surface to Hermes: a durable SQLite-backed task board (~/.hermes/kanban.db) shared across all profiles on the host, a long-lived dispatcher daemon that atomically claims ready tasks and spawns the assigned profile in an isolated workspace (with crash detection, a spawn-failure circuit breaker, max-runtime enforcement, and tick-level health telemetry), a /kanban slash command wired into both the interactive CLI and the gateway (with auto-notify-back), and a bundled dashboard plugin that gives the board a Linear/Fusion-style drag-drop UI with multi-select, inline editing, dependency editing, markdown rendering, touch support, live WebSocket updates, per-run Run History, and a Worker Log drawer panel.

Zero changes to run_agent.py. No new core tools. No tool-schema bloat. Every worker is a full OS process — no in-process subagent swarms, no SDK-lifecycle fragility.

Status: standing, ready for review

• 15 commits on feat/kanban-standing, tip 123f8d0fe
• 182/182 main kanban suite green under scripts/run_tests.sh
• Opt-in stress suite in tests/stress/ — ~40k randomized operations, real multi-process concurrency, real subprocess E2E, scale benchmarks — zero invariant violations
• Four audit passes + external review by @erosika + full battle-test pass all addressed
• 10 dashboard screenshots + tutorial doc walking four user stories

Motivation

delegate_task is a synchronous function call: fork → join, anonymous subagent, no resumability, no human-in-the-loop. It's correct for short reasoning subtasks; it is the wrong shape for the workloads users asked for in the Nous Discord design thread:

• Research triage — N parallel researchers + analyst + writer, human-in-the-loop for ambiguity.
• Scheduled recurring workflows — daily AI-funding briefs that accumulate into an Obsidian vault.
• Digital twins — named inbox-triage / ops-review profiles with persistent memory over weeks.
• Engineering pipelines — decompose → parallel worktrees → review → iterate → PR.
• Fleet work — one specialist profile managing 50 Instagram accounts, each with its own workspace.

Kanban is the shape that covers all four user-story types. They coexist with delegate_task: a kanban worker may call delegate_task internally for reasoning within its own run. The single test: does this handoff need to outlive a single API loop and be visible to others?

Design rationale, full comparison with Cline Kanban / Paperclip / NanoClaw / Google Gemini Enterprise, concurrency correctness argument, and implementation plan live in docs/hermes-kanban-v1-spec.pdf.

Architecture

                   ┌───────────────────────────┐
                   │   USER / GATEWAY          │   control plane
                   │   /kanban create | list…  │  (auto-subscribes
                   └────────────┬──────────────┘   on create)
                                │
     dashboard plugin ▶  ┌──────┴──────┐
      (drag-drop UI,     │ ~/.hermes/  │   state plane
       WS live feed,     │  kanban.db  │
       Run History,      │  WAL mode   │
       Worker log)       └──────┬──────┘
                                │  daemon every Ns
                   ┌────────────▼──────────────┐
                   │  DISPATCHER               │
                   │  1. reclaim stale claims  │
                   │  2. reclaim crashed PIDs  │
                   │  3. enforce max_runtime   │
                   │  4. todo → ready          │
                   │  5. atomic CAS claim      │
                   │  6. spawn worker proc     │
                   │     (tracked by PID)      │
                   │  7. circuit-break after   │
                   │     N spawn failures      │
                   │  8. health telemetry      │
                   └────────────┬──────────────┘
                                │
      ┌─────────────────┬───────┴────────┬─────────────────┐
      ▼                 ▼                ▼                 ▼
  profile:planner  profile:researcher  profile:reviewer  profile:ops   execution
  (own HERMES_HOME, memory, skills; own workspace per task)            plane

                                  ▲
                                  │  task_events tail
                   ┌──────────────┴──────────────┐
                   │  GATEWAY kanban-notifier    │  (completed / blocked /
                   │  pushes to subscribers      │   gave_up / crashed /
                   │  with @assignee prefix      │   timed_out)
                   └─────────────────────────────┘

Data model

• tasks — the logical unit of work: title, body, assignee, status (triage/todo/ready/running/blocked/done/archived), tenant, priority, workspace, parents via task_links, optional idempotency_key, optional max_runtime_seconds, current_run_id pointer.
• task_runs — one row per attempt. Claim opens a run; terminal transitions close it with an outcome (completed / blocked / crashed / timed_out / spawn_failed / gave_up / reclaimed). Carries the worker's summary, metadata, error, profile, step_key, started/ended timestamps, worker_pid. Multi-attempt history preserved forever.
• task_events — append-only event log carrying run_id for per-attempt grouping. Kinds cluster into Lifecycle (created, promoted, completed, blocked, unblocked, archived), Edits (assigned, edited, reprioritized, status), and Worker telemetry (claimed, spawned, heartbeat, reclaimed, crashed, timed_out, spawn_failed, gave_up).
• task_comments — freeform human-readable thread.
• task_links — parent → child dependency edges.
• kanban_notify_subs — gateway chat subscriptions for terminal-event notifications.

Invariant (enforced and tested): tasks.current_run_id IS NULL ⇔ the run row for that task is in a terminal state. Holds across CLI, dashboard, dispatcher (crash/timeout/reclaim), archive, and the migration backfill. Verified across ~40k randomized operations in the property fuzzer.

Forward-compat for v2: Nullable tasks.workflow_template_id + tasks.current_step_key + task_runs.step_key. v1 kernel ignores them; v2 workflow routing can land additively without a schema migration.

Collaboration patterns covered

Nine, all expressible with the base primitives (tasks + links + comments + assignee + workspace):

1. Fan-out — N siblings, same role.
2. Pipeline — role-specialized chain.
3. Voting / quorum — N siblings + one aggregator.
4. Long-running journal — same profile + shared dir workspace + cron.
5. Human-in-the-loop — block → comment → unblock → re-spawn.
6. @mention — inline routing from prose.
7. Thread-scoped workspace — /kanban here pins dir to the gateway thread.
8. Fleet farming — one profile, N subjects, one workspace per subject.
9. Triage specifier — rough idea → triage → specifier expands body → todo.

What shipped

Kernel (hermes_cli/kanban_db.py)

• WAL-mode SQLite, CAS-based atomic claim inside BEGIN IMMEDIATE.
• task_runs first-class (one row per attempt) with structured handoff (summary, metadata, error).
• Stale-claim recovery, host-local crash detection with zombie-aware /proc check, spawn-failure circuit breaker (auto-blocks after N consecutive failures), max-runtime enforcement (SIGTERM → 5s grace → SIGKILL).
• Workspace resolution (scratch / dir:<path> / worktree); per-task log capture at ~/.hermes/kanban/logs/<task>.log with 2 MiB rotation.
• Idempotency keys for retried webhooks.
• GC for old events + old log files; stats (board_stats, task_age).
• Notify subs: add / list / remove / unseen_events_for_sub / advance_notify_cursor.
• build_worker_context gives every worker: this task's prior attempts (retry continuity), parent tasks' completed run summaries + metadata (downstream handoff), and the same assignee's 5 most-recent completions on other tasks (cross-task role continuity).
• Synthetic zero-duration runs when complete or block is called on a never-claimed task with handoff data, so summary / metadata / reason is never silently dropped.
• Defensive invariant recovery in claim_task / unblock_task / archive_task / dashboard drag-drop.

CLI (hermes_cli/kanban.py)

All verbs auto-init the DB on first use. create / list / show / show --json (with runs[]) / claim / complete (with --summary --metadata) / block / unblock / archive / comment / link / unlink / heartbeat / runs / log / stats / assignees / dispatch / daemon / watch / tail / gc / init / notify-subscribe / notify-list / notify-unsubscribe. Bulk support on complete / unblock / archive / block --ids. Bulk complete with --summary or --metadata is refused — copy-pasting the same handoff to N tasks is a footgun. Daemon emits health WARNs when the ready queue is non-empty AND no spawns succeeded for 6+ ticks.

Gateway (gateway/run.py)

_kanban_notifier_watcher runs alongside _session_expiry_watcher. Delivers terminal events (completed / blocked / gave_up / crashed / timed_out) to subscribed chats, prefixed with @<assignee> for identity. Unsubscribes on the last delivered event's kind being terminal (not just on task status). Per-sub consecutive-send-failure counter drops dead chats after 3 failures. /kanban create auto-subscribes the originating chat.

Dashboard plugin (plugins/kanban/)

• Bundled, installed by default — hermes dashboard grows a Kanban tab.
• Full board: triage / todo / ready / running / blocked / done (+ archived toggle), lanes-by-profile in Running, staleness colouring, progress pills (N/M children done), inline create per column, drag-drop with touch fallback.
• Drawer: editable title/assignee/priority/description, dependency editor, status actions, comments, event timeline, Run History section (one row per attempt with outcome, profile, elapsed, summary, error, metadata), Worker Log panel (auto-loads last 100 KB with refresh).
• WebSocket /events with run_id per event; live refresh of the open drawer via per-task event ticks.
• REST: GET /board, GET /tasks/:id (includes runs[]), POST /tasks (+ idempotency_key), PATCH /tasks/:id (with summary + metadata), POST /tasks/bulk, POST /tasks/:id/comments, POST/DELETE /links, POST /dispatch, GET /config, GET /stats, GET /tasks/:id/log, WS /events?since=&token=.

Skills

• skills/devops/kanban-worker/SKILL.md — claim → work → heartbeat → complete/block workflow.
• skills/devops/kanban-orchestrator/SKILL.md — decompose-don't-execute guide.

Docs

• website/docs/user-guide/features/kanban.md — full reference: concepts, quickstart, systemd, architecture, data model, CLI, REST, event reference, invariants.
• website/docs/user-guide/features/kanban-tutorial.md — four user stories with 10 dashboard screenshots: solo dev, fleet farming, role-pipeline with retry, circuit-breaker + crash recovery.

Engineering history — audits, reviews, fixes

Layered chronologically, most recent first. Every audit bug was real; every fix lands with regression tests.

Battle-test suite + 2 real bugs it found (commit 123f8d0)

Added tests/stress/ — opt-in suite that stresses the kernel with real concurrency, real subprocesses, randomized property fuzzing, and scale benchmarks. Exposed two bugs that four audit passes missed.

#	Bug	Fix
1	_pid_alive returned True for zombie processes. os.kill(pid, 0) succeeds against zombies (process table entry exists until parent reaps), so detect_crashed_workers would treat a dead-but-unreaped worker as alive.	Peek at /proc/<pid>/status on Linux, treat State: Z as dead.
2	Task IDs used only 2 hex bytes (65k space). ~50% collision probability at 10k tasks by birthday paradox.	Bumped to 4 hex bytes (4.3B space). Surfaced by the 10k-task benchmark.

Stress suite results (all passing):

• Concurrency (100 tasks, 5 workers): 0 double-claims, 0 orphan runs.
• Mixed ops (500 tasks, 10 workers + reclaimer): 1518 events, 43 lost-claim races, zero invariant violations.
• Reclaim race (TTL < work duration): 82 claims, 44 reclaimed, 32 late completes correctly refused by CAS.
• Real-subprocess E2E: dispatcher spawns real workers that heartbeat + complete via the CLI; crash detection works against real dead PIDs.
• Property fuzzing (500 sequences, ~40k ops): 9 invariant checks per step, 0 violations.
• Scale benchmarks at 10k tasks: dispatch_once 4ms, recompute_ready 47ms, list_tasks 50ms. Vulcan's + erosika's starvation concerns are an order of magnitude off.

Suite is opt-in via pytest --run-stress.

Atypical-scenario stress + clock-skew fix (commit 63b7b6d)

Added tests/stress/test_atypical_scenarios.py — 28 scenarios covering inputs and environments the normal tests assume away. Categories:

• Data: unicode / emoji / CJK / RTL, 1 MB strings, SQL injection, multiline summaries, malformed JSON, empty fields, newlines in tenant names.
• Graphs: cycles, self-parenting, diamonds, 500-wide fan-out + fan-in, child promotion against every non-done parent status.
• Workspace: path traversal attempts, non-existent paths.
• Filesystem: HERMES_HOME with spaces / unicode / symlinks (two links to same dir share DB).
• Scale: 1000 runs on one task, 5000 tasks / 100 tenants, 1000 comments, huge payloads.
• Lifecycle: done/archived tasks resist re-claim/complete/block, unassigned ready tasks correctly skipped by dispatcher.
• Concurrency: idempotency-key race across two processes (both get the same task id).
• Dashboard: REST with empty/huge/unicode/type-mismatched inputs.

Bug caught and fixed: CLI show and runs printed negative elapsed time when NTP jumps backward between claim and complete. Both sites now clamp to max(0, end - start), matching the dashboard JS which already had the same clamp. Regression test added.

Follow-up in v1 (commit be184aa): Both items initially flagged as v2 — fixed immediately instead of deferred.

#	Bug	Fix
1	resolve_workspace accepted relative dir: paths, which resolved against the dispatcher's CWD (confused-deputy escape vector).	Absolute paths now required for all kinds; clear error message on refusal. Threat model documented.
2	build_worker_context unbounded on retry-heavy (63 KB at 1000 runs) and comment-heavy (50 KB at 1000 comments) tasks.	Per-section caps: 10 most-recent attempts, 30 most-recent comments, 4 KB per summary/error/metadata, 8 KB per body, 2 KB per comment. Older items collapsed into "N earlier omitted" markers. 1000 runs: 63 KB → 820 chars. 1000 comments: 50 KB → 1,671 chars.

189/189 kanban suite pass (+6 regression tests for the caps and path guards).

189/189 main kanban suite pass.

Tool surface for worker + orchestrator agents (commit 832ecde)

Added a 7-tool structured surface (kanban_show, kanban_complete, kanban_block, kanban_heartbeat, kanban_comment, kanban_create, kanban_link) so kanban workers can interact with the board from inside their Python process instead of shelling out to hermes kanban. Fixes the Docker/Modal/SSH backend portability gap the atypical-scenarios pass surfaced — CLI calls from inside a remote terminal backend fail because hermes isn't in the container and kanban.db isn't mounted. Tools run in the agent's process and always reach the DB.

Zero schema footprint on normal sessions. Each tool's check_fn returns True only when HERMES_KANBAN_TASK is set in the process env — which only happens when the dispatcher spawned this worker. Verified empirically: hermes chat sessions have 27 tools in schema, worker sessions have exactly 34 (+7). No leak either direction.

The dispatcher sets HERMES_KANBAN_TASK + HERMES_KANBAN_WORKSPACE + HERMES_PROFILE when spawning. The CLI, dashboard, and /kanban slash command are unchanged — those are humans reaching the kernel directly, not the agent path.

Skill updates: kanban-worker and kanban-orchestrator rewritten to call the tools instead of CLI subprocess; CLI remains documented as fallback for human operators and scripts.

25 new regression tests in tests/tools/test_kanban_tools.py covering gating, all 7 handler happy paths, error branches (missing args, non-dict metadata, empty strings, cycles, self-link), and a full E2E worker lifecycle driven purely through tools.

214/214 kanban suite green.

System-prompt guidance + skill reshape (commit 1970bcf)

Moved the kanban worker lifecycle from the skills into a conditionally-injected system-prompt guidance block, matching the existing MEMORY_GUIDANCE / SESSION_SEARCH_GUIDANCE / SKILLS_GUIDANCE pattern. Workers now know the full 6-step lifecycle even if no skill loaded — the lifecycle is load-bearing for correct board behavior and belongs in the prompt path, not the skill path.

New KANBAN_GUIDANCE (agent/prompt_builder.py) — ~3 KB covering identity framing, 6-step lifecycle with exact tool-call shapes, orchestrator-mode note, and explicit DO NOTs. Injected into _build_system_prompt gated on kanban_show in valid_tool_names. Since kanban_show's check_fn gates on HERMES_KANBAN_TASK, a normal hermes chat session sees none of it.

Verified live:

	Prompt size	Kanban lifecycle present
Normal chat	2,329 chars	No
Worker (env set)	5,272 chars	Yes — full 6 steps

Delta is exactly the KANBAN_GUIDANCE block. Zero cost to normal users.

Skills reshaped from lifecycle-plus-references to references-only. Both now carry what doesn't fit in a system prompt: good summary/metadata shape patterns, block-reason examples, retry diagnostics, the orchestrator's decomposition playbook with a concrete Postgres-migration walkthrough, pitfalls, CLI fallback cheatsheet. Loading the skill is no longer required to work a task correctly.

+3 regression tests. 217/217 kanban+tools suite green; 303/303 run_agent suite green.

Auto-load kanban-worker skill on dispatch (commit c65c1dd)

_default_spawn now includes --skills kanban-worker in the child's argv. Every dispatched worker gets the skill's pattern library (good summary/metadata shapes, retry diagnostics, block-reason examples) loaded automatically — no per-profile skill configuration required. --skills is additive to the profile's defaults, so users can still add more skills on top.

What lives where, finalized:

Layer	Content
System prompt (always, if env var set)	KANBAN_GUIDANCE — mandatory 6-step lifecycle, tool-call shapes, DO NOTs
Tools (always, if env var set)	7 kanban_* handlers with self-explanatory descriptions
Skill (auto-loaded on dispatch)	kanban-worker — deeper patterns, retry diagnostics, CLI fallback

Zero of these show up in a normal hermes chat session. All three activate together when the dispatcher spawns a worker.

Regression test intercepts Popen in the spawn path and asserts --skills kanban-worker appears in the argv. 218/218 kanban + tools suite green.

External review: @erosika pre-merge audit (commit a24c6e1)

Full reply on the issue: #16102 (comment)

Six bugs, all real, all fixed:

#	Bug	Fix
1	unblock_task didn't defensively close a stale current_run_id pointer.	Mirrored close-and-clear pattern from claim_task / archive_task.
2	Migration backfill ran outside write_txn; concurrent dispatcher could orphan runs.	Wrapped in write_txn + CAS guard on pointer UPDATE; orphan rows marked reclaimed if CAS fails.
3	Gateway notifier only unsubscribed on task.status in (done, archived), leaking subs on blocked/gave_up/crashed/timed_out.	Unsub on last-event-kind being terminal.
4	Notifier retried adapter.send against dead chats forever.	Per-sub failure counter; drop after 3 consecutive failures; resets on success.
5	recompute_ready full-scan would starve claim CAS at 10k todo tasks.	Deferred to v2 follow-up (dirty-set refactor); stress benchmarks proved it's a 47ms concern at 10k, not a bug.
6	Daemon runs silently when every spawn fails.	Tick-level health telemetry: WARN on stderr when ready queue non-empty AND 0 spawns succeeded for 6 consecutive ticks. Rate-limited to 1 per 5 min.

Two cheap v2 extensions shipped in-scope:

• Cross-task role history in build_worker_context — 5 most-recent completed runs for the current task's assignee, giving workers implicit continuity.
• Notifier identity prefix — terminal pings lead with @<assignee>.

Deferred to v2: skill-aware routing, structured comments as multi-peer session substrate (asked erosika to open a separate RFC), pattern/mechanism taxonomy docs split.

Deep-scan pass 2 (commit e27c819)

Second integration audit covering frontend rendering, WebSocket plumbing, never-claimed-task handling, dataclass shape. Eight issues.

#	Bug	Fix
1	complete_task on never-claimed task silently dropped summary/metadata.	Synthesize zero-duration run when handoff data is present.
2	block_task on never-claimed task silently dropped --reason.	Same synthesis pattern.
3	Event dataclass missing run_id field.	Added; every read path now surfaces it.
4	GET /tasks/:id events + WS /events payload omitted run_id.	Both now include it.
5	TaskDrawer didn't live-refresh on WS events for its own task.	Per-task event counter passed as prop; drawer's useEffect depends on it.
6	claim_task didn't guard against stranded current_run_id.	Defensive close-as-reclaimed in same txn.
7	CLI kanban watch --kinds help listed legacy spawn_auto_blocked.	Updated to current lexicon.
8	CSS missing .hermes-kanban-run--ended fallback rule.	Added.

First audit pass (commits 8ef2ae6 + 1c78f66)

Five bugs where runs got orphaned or the dashboard was a second-class citizen.

#	Bug	Fix
1	archive_task on a running task orphaned the run.	Archive closes active run as reclaimed, clears claim columns.
2	Dashboard drag-drop off running left the run open forever.	_set_status_direct closes via _end_run(outcome='reclaimed').
3	PATCH /tasks/:id with status=done accepted result but not summary/metadata.	UpdateTaskBody carries them; forwarded to complete_task.
4	hermes kanban complete a b c --summary X silently broadcast the same handoff.	Refused with stderr guard; bare bulk still works.
5	Gateway notifier used task.result instead of run.summary.	complete_task embeds first-line summary in event payload; notifier reads it. Zero extra SQL.

Invariant tasks.current_run_id IS NULL ⇔ run row terminal now enforced across CLI, dashboard, dispatcher, archive.

Runs as first-class + structured handoffs (commit 0146cb2, addresses @vulcan-artivus's review)

External review flagged that the one-assignee / one-workspace / one-attempt-per-row shape breaks on role-pipelines (PM → Eng → Review → loop → PR). Landed the high-value, schema-affecting pieces in v1 so the model doesn't ossify.

• task_runs table (one row per attempt).
• Structured handoffs via --summary + --metadata; build_worker_context reads them for downstream + retry workers.
• Event attribution via task_events.run_id.
• Dashboard Run History section + new hermes kanban runs <id> verb.
• Legacy-DB migration synthesizes a run row for any pre-existing running task.
• Forward-compat columns for v2 workflow routing.

Explicitly deferred to v2: workflow templates with success/failure step routing, stage as a distinct axis, shared-by-default workspace across stages.

Multica-inspired additions

After reading Multica's codebase (21.8k stars, Go/Next.js/Postgres task-tracker), ported four ideas that fit the single-host SQLite model; dropped their cross-host server + pgvector skill search.

• Per-task max-runtime caps with SIGTERM/SIGKILL grace window.
• Worker heartbeats for long-running operations.
• Assignee enumeration (union of ~/.hermes/profiles/ + assigned names).
• Event vocab cleanup: ready → promoted, priority → reprioritized, spawn_auto_blocked → gave_up; new spawned, heartbeat, timed_out kinds.

Core hardening

• Dispatcher as a real daemon (not cron — cron burns LLM tokens per tick).
• hermes kanban init prints daemon setup hint.
• Spawn-failure circuit breaker.
• Crash detection via PID liveness (independent of claim TTL).
• Log rotation (2 MiB, one generation).
• Idempotency keys on create.
• Bulk CLI verbs.
• Terminal event tail via hermes kanban watch.
• Stats endpoint + CLI.
• Worker logs reachable via CLI + REST + dashboard drawer panel.
• GC for events + logs.

Tutorial

website/docs/user-guide/features/kanban-tutorial.md walks four user stories end-to-end with 10 dashboard screenshots:

• Story 1: Solo dev shipping a feature (parent→child deps, structured handoff, Run History).
• Story 2: Fleet farming (3 assignee pools in parallel, lanes-by-profile, daemon per assignee).
• Story 3: Role pipeline with retry (PM spec → eng implements → review blocks → eng retries → review approves; two-run history).
• Story 4: Circuit breaker + crash recovery (gave_up terminal block for missing creds; crashed-then-completed migration with chunked-strategy retry).

Tests

tests/hermes_cli/test_kanban_db.py                 — 36 test funcs (schema + CAS)
tests/hermes_cli/test_kanban_cli.py                — 19 test funcs (run_slash e2e)
tests/hermes_cli/test_kanban_core_functionality.py — 93 test funcs (idempotency,
                                                      circuit breaker, crash
                                                      detection, daemon loop,
                                                      stats, notify subs, gc,
                                                      log rotation, bulk CLI,
                                                      runs as first-class,
                                                      invariant recovery,
                                                      zombie detection, ID scale)
tests/plugins/test_kanban_dashboard_plugin.py      — 36 test funcs (REST + WebSocket)
                                                     TOTAL COLLECTED: 218/218 pass
                                                     (some tests parametrized)

All pass under scripts/run_tests.sh (hermetic, 4 xdist workers, TZ=UTC, LANG=C.UTF-8).

Stress suite (tests/stress/, opt-in):

• test_concurrency.py — 5 workers, 100 tasks.
• test_concurrency_mixed.py — 10 workers + reclaimer, 500 tasks, random ops.
• test_concurrency_reclaim_race.py — adversarial TTL.
• test_subprocess_e2e.py — real Python subprocess workers.
• test_property_fuzzing.py — 500 sequences × ~80 ops = ~40k total operations, 9 invariants per step.
• test_benchmarks.py — latency at 100 / 1k / 10k tasks; results saved to JSON.

Out of scope (deliberately)

• "Smart routing" / auto-assignment → a router profile.
• Per-agent budgets → a plugin that wraps spawn.
• Governance / approval gates → reuse tools/approval.py.
• Extra columns / custom card chrome → extend the plugin via the standard plugin contract.
• Org-chart / reporting lines → profile naming convention.
• Multi-host — kanban.db is local SQLite; crash detection assumes host-local PIDs. Run independent boards per host and bridge via delegate_task / a message queue if needed.
• Workflow template DSL with success/failure routing → v2 (forward-compat columns already in the schema).
• Structured comments (in_reply_to / addressed_to / kind) as multi-peer session substrate → v2 (erosika invited to open a separate RFC).

Credits

User stories and design input from the Nous Discord design thread: Teknium, waxhy, A Real Icehole, Keimpe, LLM.STORE, caco, hunter_cat, djm, ionmanden, psbd, Aiz, Rikllo, sudo_relax, neo2k8. P6 borrowed from Google's Gemini CLI subagent @name syntax; P7 from psbd; P8 from neo2k8.

Pre-merge review by @vulcan-artivus (runs as first-class) and @erosika (six pre-merge bugs, two v2 seeds, structured-comments RFC seed).

Multica (https://github.com/multica-ai/multica) for the max-runtime / heartbeat / assignee-enumeration ideas.

Follow-ups shipped on this PR

Per-task force-loaded skills (commit dd83173)

Tasks now carry their own extra-skill list. The dispatcher emits one
--skills <name> flag per task skill alongside the built-in --skills kanban-worker, so a task can pin specialist context (e.g.
translation, github-code-review, security-pr-audit) without the
user having to edit the assignee profile's skill config.

Surface parity on all 4 entry points:

Where	How
CLI	hermes kanban create "..." --skill translation --skill github-code-review (repeatable)
Tool (orchestrator → worker)	kanban_create(title=..., assignee=..., skills=["translation"])
Dashboard REST	POST /api/plugins/kanban/tasks {"skills": ["translation"]}
Dashboard UI	Comma-separated skills input in the inline create form; Skills row in the drawer

Schema changes are additive + idempotent: tasks.skills TEXT (JSON
array), migrated via _migrate_add_optional_columns. Existing rows
stay skills=NULL (reads back as Task.skills is None). 16 new
tests cover kernel round-trip, normalization (dedupe, strip,
comma-rejection), dispatcher argv ordering and built-in dedupe, CLI
flag repeatability, show output, migration idempotency, tool
list/string/non-list inputs, and dashboard REST round-trip.

Dispatcher runs in the gateway (commit 60e7567)

The dispatcher is now embedded in the gateway process. hermes gateway start is the single entry point — no separate hermes kanban daemon
or systemd unit required. Typical path: hermes kanban create ...
writes the row, the gateway's embedded dispatcher picks it up on the
next tick (60s default), worker spawns. The standalone daemon is
retired (deprecation stub + undocumented --force escape hatch for
headless hosts that can't run the gateway).

Config (additive; no version bump):

kanban:
  dispatch_in_gateway: true        # default
  dispatch_interval_seconds: 60    # default

HERMES_KANBAN_DISPATCH_IN_GATEWAY=0 disables at runtime without
editing YAML.

Warnings surface through three channels when a task would sit idle
because no dispatcher is present:

Where	How it appears
CLI	hermes kanban create prints a ⚠ line to stderr (non-JSON mode only) with hermes gateway start guidance
Dashboard REST	POST /tasks response gains a warning field that the UI threads into the existing error banner
Dashboard UI	Banner reads "Task created, but: No gateway is running — ..."

Triage and unassigned tasks never warn (they wouldn't dispatch
anyway). Probe failures are silent so partial installs don't cry wolf.

Integration fixes in the same commit: stale "spawned by
hermes kanban daemon" phrasing in toolsets.py + tool docstrings;
tutorial's hermes kanban daemon --assignee … block (a flag that
never existed); systemd unit now carries --force + DEPRECATED
header; docs Running the dispatcher as a service section rewritten
to describe the gateway-embedded path; hermes kanban init next-step
hint updated.

17 new tests cover:

• DEFAULT_CONFIG has dispatch_in_gateway=True + sane interval
• _check_dispatcher_presence returns correct (running, message) for
  gateway-up, gateway-down, flag-off, and probe-error paths
• CLI create warns on stderr for ready+assigned when no gateway;
  silent when up; never warns on triage/unassigned
• hermes kanban daemon without --force prints DEPRECATED + exits 2
• Argparse help marks daemon DEPRECATED
• Gateway _kanban_dispatcher_watcher respects config flag off
  (exits fast), respects env override, defers to config when env
  truthy-but-not-false
• Dashboard REST surfaces warning correctly, omits when running,
  skips on triage, survives probe errors

E2E verified in isolated HERMES_HOME: watcher starts, ticks, and
exits within 3s of _running=False.

[teknium1]

Landed via salvage PR #17805 onto current main (22 iterative commits squashed into one clean commit). History preserved on the feat/kanban-standing branch for anyone tracing the development arc. Closes #16102.