fix(kanban): restrict board routing tools

2026-05-22 05:22:09 +00:00 · 2026-05-06 11:23:42 -06:00 · 2026-05-06 11:23:42 -06:00 · ce35185782
commit ce35185782
parent f7c395931f
5 changed files with 229 additions and 82 deletions
--- a/toolsets.py
+++ b/toolsets.py
@ -60,10 +60,10 @@ _HERMES_CORE_TOOLS = [
    "send_message",
    # Home Assistant smart home control (gated on HASS_TOKEN via check_fn)
    "ha_list_entities", "ha_get_state", "ha_list_services", "ha_call_service",
-    # Kanban multi-agent coordination — only in schema when the agent is
-    # spawned as a kanban worker (HERMES_KANBAN_TASK env set) or the current
-    # profile explicitly enables the kanban toolset. Gated via check_fn in
-    # tools/kanban_tools.py.
+    # Kanban multi-agent coordination. Lifecycle tools are visible to
+    # dispatcher-spawned workers; board-routing tools are visible only to
+    # non-worker profiles that explicitly enable the kanban toolset. Gated
+    # per tool via check_fn in tools/kanban_tools.py.
    "kanban_show", "kanban_list",
    "kanban_complete", "kanban_block", "kanban_heartbeat",
    "kanban_comment", "kanban_create", "kanban_link",
@ -218,14 +218,13 @@ TOOLSETS = {

    "kanban": {
        "description": (
-            "Kanban multi-agent coordination — only active when the agent "
-            "is spawned by the kanban dispatcher (HERMES_KANBAN_TASK env "
-            "set). The dispatcher runs inside the gateway by default; see "
-            "`kanban.dispatch_in_gateway` in config.yaml. Lets workers mark "
-            "tasks done with structured handoffs, block for human input, "
-            "heartbeat during long ops, comment on threads, and (for "
-            "orchestrators) list, assign, unblock, archive, and fan out "
-            "tasks."
+            "Kanban multi-agent coordination. The dispatcher runs inside "
+            "the gateway by default; see `kanban.dispatch_in_gateway` in "
+            "config.yaml. Dispatcher-spawned workers get lifecycle tools "
+            "for show/complete/block/heartbeat/comment/create/link. "
+            "Non-worker orchestrator profiles that explicitly enable this "
+            "toolset also get list/assign/unblock/archive board-routing "
+            "tools."
        ),
        "tools": [
            "kanban_show", "kanban_list", "kanban_complete", "kanban_block",