Hermes Kanban under a signed receipt layer.
Wrap each board task in a local AgentGuard envelope: spend cap, capability ceiling, workspace provenance, reclaim receipt, Reviewer Cascade on the high-risk subset, and an Ed25519 signed DAG receipt tree when the board completes.
Failure to fix
Tony Simons names the coordination failures clearly. AgentGuard keeps the Hermes board model and adds signed, capped, metadata-only receipts around it.
| Failure | AgentGuard fix |
|---|---|
| Stale lock: board says running, worker is dead. | Reclaim emits a signed revoked receipt with final spend, reason, timestamp, and post-revocation spend fixed at 0. |
| Scratch ghost: output lands in a workspace nobody watches. | Completion receipts carry signed workspace provenance as dir:/absolute/path plus parent edges. Path only, never file content. |
| Wrong board: work lands in the wrong queue. | Board scope is part of the governance envelope. Receipts record a hashed board slug so misrouting is detectable without exposing the board name. |
State vocabulary
Use Hermes Kanban language instead of parallel terms. AgentGuard maps those states onto governance receipts.
| Hermes state | AgentGuard mapping |
|---|---|
| triage | Spec is mush. No governed envelope yet. |
| blocked | A human decision is missing. Maps to a human-promote gate. |
| scheduled | Time is the dependency. No live spend hold yet. |
| running | A live process holds the envelope. Stale lease can be reclaimed with a signed revoke receipt. |
| complete | A signed task receipt exists. Parent edges and workspace provenance are included. |
Govern the right amount
Tiny one-shot tasks do not need a heavy board ceremony. The SDK now marks low-cost READ_ONLY tasks under the default 5 cent threshold as lightweight: cap plus signed receipt, without Reviewer Cascade overhead. Higher-cost tasks and elevated capabilities use the full envelope.
Reviewer Cascade is reserved for the high-risk subset. Human-promote remains the path for enforced changes after shadow review.
Builder upgrade path
Free
Kill switch, BYO provider keys, basic governance, and a few managed runs.
Solo and up
Enforced per-task caps, capability gating, Reviewer Cascade on the high-risk subset, signed DAG receipt trees, stale-lock reclaim receipts, retention, and team seats on higher tiers.
Builder copy
Hermes Kanban tells you what happened. AgentGuard proves it and prevents the runaway. Free shows you. Paid governs and proves.
Three-line wiring
import { createHermesKanbanAdapter } from '@agentguard-run/spend/frameworks/hermes-kanban';
const kanban = createHermesKanbanAdapter({ policy, scope, config: { signingKeys } });
const envelope = kanban.governTask({ taskId, boardSlug, profile, parentTaskIds, workspacePath });Hermes Kanban bajo una capa de recibos firmados.
Envuelve cada tarea del tablero en un sobre local de AgentGuard: límite de gasto, techo de capacidad, procedencia del workspace, recibo de reclaim, Reviewer Cascade para el subconjunto de alto riesgo y árbol DAG de recibos Ed25519.
Falla a arreglo
| Falla | Arreglo AgentGuard |
|---|---|
| Stale lock: el tablero dice running y el worker murió. | Reclaim emite un recibo revoked firmado con gasto final, razón, timestamp y gasto posterior igual a 0. |
| Scratch ghost: el output cae en un workspace muerto. | El recibo complete incluye procedencia firmada del workspace como dir:/ruta/absoluta y edges padre. Ruta sí, contenido no. |
| Wrong board: el trabajo cae en la cola equivocada. | El scope del tablero vive en el sobre de gobernanza. El recibo guarda el hash del board slug. |
Vocabulario de estado
| Estado Hermes | Mapeo AgentGuard |
|---|---|
| triage | La especificación aún está floja. No hay sobre gobernado. |
| blocked | Falta una decisión humana. Mapea a human-promote. |
| scheduled | La dependencia es tiempo. |
| running | Un proceso vivo sostiene el sobre. Un lease viejo puede tener revoke firmado. |
| complete | Existe un recibo firmado con edges padre y workspace. |
Gobernanza proporcional
Las tareas READ_ONLY por debajo de 5 centavos usan modo lightweight: límite y recibo, sin Reviewer Cascade. Las tareas de mayor costo o capacidad elevada usan el sobre completo.
Ruta free a paid
Hermes Kanban te dice qué pasó. AgentGuard lo prueba y previene el descontrol. Gratis te muestra. De pago gobierna y prueba.
Hermes Kanban sob uma camada de recibos assinados.
Envolva cada tarefa do quadro em um envelope local do AgentGuard: limite de gasto, teto de capacidade, proveniência do workspace, recibo de reclaim, Reviewer Cascade para o subconjunto de alto risco e árvore DAG de recibos Ed25519.
Falha para correção
| Falha | Correção AgentGuard |
|---|---|
| Stale lock: o quadro diz running e o worker morreu. | Reclaim emite um recibo revoked assinado com gasto final, motivo, timestamp e gasto posterior igual a 0. |
| Scratch ghost: o output cai em um workspace morto. | O recibo complete inclui proveniência assinada do workspace como dir:/caminho/absoluto e edges pais. Caminho sim, conteúdo não. |
| Wrong board: o trabalho cai na fila errada. | O scope do quadro fica no envelope de governança. O recibo guarda o hash do board slug. |
Vocabulário de estado
| Estado Hermes | Mapeamento AgentGuard |
|---|---|
| triage | A especificação ainda está indefinida. Nenhum envelope governado. |
| blocked | Falta uma decisão humana. Mapeia para human-promote. |
| scheduled | A dependência é tempo. |
| running | Um processo vivo segura o envelope. Um lease antigo pode receber revoke assinado. |
| complete | Existe recibo assinado com edges pais e workspace. |
Governança proporcional
Tarefas READ_ONLY abaixo de 5 centavos usam modo lightweight: limite e recibo, sem Reviewer Cascade. Tarefas de maior custo ou capacidade elevada usam o envelope completo.
Rota free para paid
Hermes Kanban diz o que aconteceu. AgentGuard prova e previne o descontrole. Grátis mostra. Pago governa e prova.