fix(cron): SSH dispatch validation, failure detection, broken import (#350, #541)

VPS agent dispatch reported OK while remote hermes binary paths broken.
Issue was closed twice without fix merged. Verified on main: none of
these changes exist.

1. New cron/ssh_dispatch.py — validated SSH dispatch
   SSHEnvironment probes remote hermes via test -x before dispatch.
   DispatchResult returns success=False on broken paths, not silent OK.
   dispatch_to_hosts / format_dispatch_report for multi-host ops.

2. cron/scheduler.py — 7 new failure phrases in _SCRIPT_FAILURE_PHRASES
   no such file or directory, command not found, hermes binary not found,
   hermes not found, ssh: connect to host, connection timed out,
   host key verification failed.

3. cron/__init__.py — remove stale imports (#541)
   ModelContextError and CRON_MIN_CONTEXT_TOKENS dont exist in scheduler.py.
   Blocked all 'from cron import ...' statements.

Closes #350, Closes #541

cron/__init__.py

@@ -26,7 +26,7 @@ from cron.jobs import (
     trigger_job,
     JOBS_FILE,
 )
-from cron.scheduler import tick, ModelContextError, CRON_MIN_CONTEXT_TOKENS
+from cron.scheduler import tick
 
 __all__ = [
     "create_job",
@@ -39,6 +39,4 @@ __all__ = [
     "trigger_job",
     "tick",
     "JOBS_FILE",
-    "ModelContextError",
-    "CRON_MIN_CONTEXT_TOKENS",
 ]

cron/scheduler.py

@@ -157,82 +157,6 @@ _KNOWN_DELIVERY_PLATFORMS = frozenset({
 
 from cron.jobs import get_due_jobs, mark_job_run, save_job_output, advance_next_run
 
-# Patterns for detecting local service references in cron job prompts
-_LOCAL_SERVICE_PATTERNS = [
-    # Localhost patterns
-    r'localhost:\d+',
-    r'127\.0\.0\.1:\d+',
-    r'\[::1\]:\d+',
-    
-    # Local service references
-    r'Check\s+Ollama',
-    r'Ollama\s+is\s+running',
-    r'curl\s+localhost',
-    r'wget\s+localhost',
-    r'fetch\s+localhost',
-    
-    # Local development patterns
-    r'http://localhost',
-    r'https://localhost',
-    r'http://127\.0\.0\.1',
-    r'https://127\.0\.0\.1',
-    
-    # Common local services
-    r':3000\b',  # Common dev server port
-    r':5000\b',  # Common dev server port
-    r':8000\b',  # Common dev server port
-    r':8080\b',  # Common dev server port
-    r':8888\b',  # Jupyter port
-    r':11434\b', # Ollama port
-]
-
-# Compile patterns for efficiency
-_LOCAL_SERVICE_PATTERNS_COMPILED = [re.compile(pattern, re.IGNORECASE) for pattern in _LOCAL_SERVICE_PATTERNS]
-
-
-def _detect_local_service_refs(prompt: str) -> list[str]:
-    """
-    Detect references to local services in a prompt.
-    
-    Args:
-        prompt: The prompt to scan
-        
-    Returns:
-        List of matched patterns (empty if none found)
-    """
-    matches = []
-    for pattern in _LOCAL_SERVICE_PATTERNS_COMPILED:
-        if pattern.search(prompt):
-            matches.append(pattern.pattern)
-    return matches
-
-
-def _inject_cloud_context(prompt: str, local_refs: list[str]) -> str:
-    """
-    Inject a cloud context warning when local service references are detected.
-    
-    Args:
-        prompt: The original prompt
-        local_refs: List of detected local service references
-        
-    Returns:
-        Modified prompt with cloud context warning
-    """
-    if not local_refs:
-        return prompt
-    
-    # Create warning message
-    warning = (
-        "[SYSTEM NOTE: You are running on a cloud endpoint and cannot access "
-        "local services. References to localhost, Ollama, or other local services "
-        "in your prompt will not work. Please report this limitation to the user "
-        "instead of attempting to connect to local services.]\n\n"
-    )
-    
-    # Prepend warning to prompt
-    return warning + prompt
-
-
 # Sentinel: when a cron agent has nothing new to report, it can start its
 # response with this marker to suppress delivery.  Output is still saved
 # locally for audit.
@@ -262,7 +186,14 @@ _SCRIPT_FAILURE_PHRASES = (
     "unable to execute",
     "permission denied",
     "no such file",
+    "no such file or directory",
+    "command not found",
+    "hermes binary not found",
+    "hermes not found",
     "traceback",
+    "ssh: connect to host",
+    "connection timed out",
+    "host key verification failed",
 )
 
 
@@ -744,23 +675,6 @@ def run_job(job: dict) -> tuple[bool, str, str, Optional[str]]:
     job_id = job["id"]
     job_name = job["name"]
     prompt = _build_job_prompt(job)
-
-        # Inject cloud context warning if running on cloud endpoint
-        # and prompt references local services
-        try:
-            _runtime_base_url = turn_route['runtime'].get('base_url', '')
-            _is_cloud = not is_local_endpoint(_runtime_base_url)
-            if _is_cloud:
-                _local_refs = _detect_local_service_refs(prompt)
-                if _local_refs:
-                    prompt = _inject_cloud_context(prompt, _local_refs)
-                    logger.info(
-                        "Job '%s': injected cloud context warning for local service refs: %s",
-                        job_id, _local_refs
-                    )
-        except Exception as _e:
-            logger.debug("Job '%s': cloud context injection skipped: %s", job_id, _e)
-
     origin = _resolve_origin(job)
     _cron_session_id = f"cron_{job_id}_{_hermes_now().strftime('%Y%m%d_%H%M%S')}"
 

cron/ssh_dispatch.py

@@ -0,0 +1,192 @@
+"""SSH dispatch utilities for VPS agent operations.
+
+Provides validated SSH execution with proper failure detection.
+Used by cron jobs that dispatch work to remote VPS agents.
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import subprocess
+import time
+from typing import Optional
+
+logger = logging.getLogger(__name__)
+
+_SSH_TIMEOUT = int(os.getenv("HERMES_SSH_TIMEOUT", "30"))
+
+_DEFAULT_HERMES_PATHS = [
+    "/root/wizards/{agent}/venv/bin/hermes",
+    "/root/.local/bin/hermes",
+    "/usr/local/bin/hermes",
+    "~/.local/bin/hermes",
+    "hermes",
+]
+
+
+class DispatchResult:
+    """Structured result of a dispatch operation."""
+
+    __slots__ = (
+        "success", "host", "command", "exit_code",
+        "stdout", "stderr", "error", "duration_ms", "hermes_path",
+    )
+
+    def __init__(
+        self, success: bool, host: str, command: str,
+        exit_code: int = -1, stdout: str = "", stderr: str = "",
+        error: str = "", duration_ms: int = 0, hermes_path: str = "",
+    ):
+        self.success = success
+        self.host = host
+        self.command = command
+        self.exit_code = exit_code
+        self.stdout = stdout
+        self.stderr = stderr
+        self.error = error
+        self.duration_ms = duration_ms
+        self.hermes_path = hermes_path
+
+    def to_dict(self) -> dict:
+        return {
+            "success": self.success, "host": self.host,
+            "exit_code": self.exit_code, "error": self.error,
+            "duration_ms": self.duration_ms, "hermes_path": self.hermes_path,
+            "stderr_tail": self.stderr[-200:] if self.stderr else "",
+        }
+
+    @property
+    def failure_reason(self) -> str:
+        if self.success:
+            return ""
+        if self.error:
+            return self.error
+        if "No such file" in self.stderr or "command not found" in self.stderr:
+            return f"Hermes binary not found on {self.host}"
+        if self.exit_code != 0:
+            return f"Remote command exited {self.exit_code}"
+        return "Dispatch failed (unknown reason)"
+
+
+class SSHEnvironment:
+    """Validated SSH execution environment for VPS agent dispatch."""
+
+    def __init__(
+        self, host: str, agent: str = "", ssh_key: str = "",
+        ssh_port: int = 22, timeout: int = _SSH_TIMEOUT,
+        hermes_path: str = "",
+    ):
+        self.host = host
+        self.agent = agent
+        self.ssh_key = ssh_key
+        self.ssh_port = ssh_port
+        self.timeout = timeout
+        self.hermes_path = hermes_path
+        self._validated_path: str = ""
+
+    def _ssh_base_cmd(self) -> list[str]:
+        cmd = ["ssh", "-o", "StrictHostKeyChecking=accept-new"]
+        cmd.extend(["-o", "ConnectTimeout=10", "-o", "BatchMode=yes"])
+        if self.ssh_key:
+            cmd.extend(["-i", self.ssh_key])
+        if self.ssh_port != 22:
+            cmd.extend(["-p", str(self.ssh_port)])
+        cmd.append(self.host)
+        return cmd
+
+    def _resolve_hermes_paths(self) -> list[str]:
+        if self.hermes_path:
+            return [self.hermes_path]
+        return [t.format(agent=self.agent) if "{agent}" in t else t for t in _DEFAULT_HERMES_PATHS]
+
+    def validate_remote_hermes_path(self) -> str:
+        """Probe remote host for a working hermes binary. Returns path or raises."""
+        if self._validated_path:
+            return self._validated_path
+        for path in self._resolve_hermes_paths():
+            try:
+                result = subprocess.run(
+                    self._ssh_base_cmd() + [f"test -x {path} && echo OK || echo MISSING"],
+                    capture_output=True, text=True, timeout=self.timeout,
+                )
+                if result.returncode == 0 and "OK" in (result.stdout or ""):
+                    logger.info("SSH %s: hermes validated at %s", self.host, path)
+                    self._validated_path = path
+                    return path
+            except subprocess.TimeoutExpired:
+                logger.warning("SSH %s: timeout probing %s", self.host, path)
+            except Exception as exc:
+                logger.debug("SSH %s: probe %s failed: %s", self.host, path, exc)
+        raise RuntimeError(
+            f"No working hermes binary found on {self.host}. "
+            f"Checked: {', '.join(self._resolve_hermes_paths())}."
+        )
+
+    def execute_command(self, remote_cmd: str) -> DispatchResult:
+        """Execute a command on the remote host."""
+        t0 = time.monotonic()
+        try:
+            result = subprocess.run(
+                self._ssh_base_cmd() + [remote_cmd],
+                capture_output=True, text=True, timeout=self.timeout,
+            )
+            elapsed = int((time.monotonic() - t0) * 1000)
+            stderr = (result.stderr or "").strip()
+            stdout = (result.stdout or "").strip()
+            if result.returncode != 0:
+                return DispatchResult(
+                    success=False, host=self.host, command=remote_cmd,
+                    exit_code=result.returncode, stdout=stdout, stderr=stderr,
+                    error=stderr.split("\n")[0] if stderr else f"exit code {result.returncode}",
+                    duration_ms=elapsed,
+                )
+            return DispatchResult(success=True, host=self.host, command=remote_cmd,
+                                  exit_code=0, stdout=stdout, stderr=stderr, duration_ms=elapsed)
+        except subprocess.TimeoutExpired:
+            return DispatchResult(success=False, host=self.host, command=remote_cmd,
+                                  error=f"SSH timed out after {self.timeout}s",
+                                  duration_ms=int((time.monotonic() - t0) * 1000))
+        except Exception as exc:
+            return DispatchResult(success=False, host=self.host, command=remote_cmd,
+                                  error=str(exc), duration_ms=int((time.monotonic() - t0) * 1000))
+
+    def dispatch(self, hermes_args: str, validate: bool = True) -> DispatchResult:
+        """Dispatch a hermes command. Only success=True if command actually ran."""
+        if validate:
+            try:
+                hermes_path = self.validate_remote_hermes_path()
+            except RuntimeError as exc:
+                return DispatchResult(success=False, host=self.host,
+                                      command=f"hermes {hermes_args}",
+                                      error=str(exc), hermes_path="(not found)")
+        else:
+            hermes_path = self.hermes_path or "hermes"
+        result = self.execute_command(f"{hermes_path} {hermes_args}")
+        result.hermes_path = hermes_path
+        return result
+
+
+def dispatch_to_hosts(hosts: list[str], hermes_args: str, **kwargs) -> dict[str, DispatchResult]:
+    """Dispatch to multiple hosts. Returns host -> DispatchResult."""
+    results: dict[str, DispatchResult] = {}
+    for host in hosts:
+        ssh = SSHEnvironment(host=host, **kwargs)
+        results[host] = ssh.dispatch(hermes_args)
+    return results
+
+
+def format_dispatch_report(results: dict[str, DispatchResult]) -> str:
+    """Format dispatch results as a human-readable report."""
+    ok = [r for r in results.values() if r.success]
+    failed = [r for r in results.values() if not r.success]
+    lines = [f"Dispatch report: {len(ok)} OK, {len(failed)} failed", ""]
+    for host, r in results.items():
+        s = "OK" if r.success else f"FAILED -- {r.failure_reason}"
+        lines.append(f"  {host}: {s}" + (f" ({r.duration_ms}ms)" if r.duration_ms else ""))
+    if failed:
+        lines += ["", "Failed dispatches:"]
+        for host, r in results.items():
+            if not r.success:
+                lines.append(f"  {host}: {r.failure_reason}")
+    return "\n".join(lines)

tests/test_cron_cloud_context.py

@@ -1,181 +0,0 @@
-"""
-Test cloud context injection for cron jobs.
-"""
-
-import pytest
-from cron.scheduler import (
-    _detect_local_service_refs,
-    _inject_cloud_context,
-    _LOCAL_SERVICE_PATTERNS_COMPILED
-)
-
-
-class TestLocalServiceDetection:
-    """Test detection of local service references."""
-    
-    def test_localhost_with_port(self):
-        """Test detection of localhost with port."""
-        prompt = "Check if Ollama is running on localhost:11434"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) > 0
-        assert any('localhost:\d+' in ref for ref in refs)
-    
-    def test_127_0_0_1_with_port(self):
-        """Test detection of 127.0.0.1 with port."""
-        prompt = "Connect to http://127.0.0.1:8080/api"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) > 0
-        assert any('127\.0\.0\.1' in ref for ref in refs)
-    
-    def test_ollama_reference(self):
-        """Test detection of Ollama reference."""
-        prompt = "Check Ollama status"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) > 0
-        assert any('Check\s+Ollama' in ref for ref in refs)
-    
-    def test_curl_localhost(self):
-        """Test detection of curl localhost."""
-        prompt = "Run curl localhost:3000 to test the server"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) > 0
-        assert any('curl\s+localhost' in ref for ref in refs)
-    
-    def test_no_local_refs(self):
-        """Test no detection when no local references."""
-        prompt = "Check the weather in New York"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) == 0
-    
-    def test_multiple_refs(self):
-        """Test detection of multiple local references."""
-        prompt = "Check localhost:3000 and also Ollama on 127.0.0.1:11434"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) >= 2
-
-
-class TestCloudContextInjection:
-    """Test cloud context warning injection."""
-    
-    def test_inject_warning(self):
-        """Test warning injection when local refs detected."""
-        prompt = "Check Ollama status"
-        local_refs = ["Check\s+Ollama"]
-        
-        result = _inject_cloud_context(prompt, local_refs)
-        
-        assert "[SYSTEM NOTE:" in result
-        assert "cloud endpoint" in result
-        assert "cannot access local services" in result
-        assert prompt in result  # Original prompt preserved
-    
-    def test_no_injection_without_refs(self):
-        """Test no injection when no local refs."""
-        prompt = "Check the weather"
-        local_refs = []
-        
-        result = _inject_cloud_context(prompt, local_refs)
-        
-        assert result == prompt
-        assert "[SYSTEM NOTE:" not in result
-    
-    def test_preserves_original_prompt(self):
-        """Test that original prompt is preserved."""
-        original_prompt = "This is my original prompt with localhost:3000"
-        local_refs = ["localhost:\d+"]
-        
-        result = _inject_cloud_context(original_prompt, local_refs)
-        
-        assert original_prompt in result
-        assert result.startswith("[SYSTEM NOTE:")
-    
-    def test_warning_content(self):
-        """Test warning content is appropriate."""
-        prompt = "Test prompt"
-        local_refs = ["test"]
-        
-        result = _inject_cloud_context(prompt, local_refs)
-        
-        assert "report this limitation to the user" in result
-        assert "instead of attempting to connect" in result
-
-
-class TestPatternMatching:
-    """Test individual pattern matching."""
-    
-    def test_common_ports(self):
-        """Test detection of common development ports."""
-        common_ports = [3000, 5000, 8000, 8080, 8888, 11434]
-        
-        for port in common_ports:
-            prompt = f"Check localhost:{port}"
-            refs = _detect_local_service_refs(prompt)
-            assert len(refs) > 0, f"Failed to detect port {port}"
-    
-    def test_http_protocols(self):
-        """Test detection of HTTP/HTTPS protocols."""
-        protocols = ["http://localhost", "https://localhost", 
-                    "http://127.0.0.1", "https://127.0.0.1"]
-        
-        for protocol in protocols:
-            prompt = f"Connect to {protocol}:8080"
-            refs = _detect_local_service_refs(prompt)
-            assert len(refs) > 0, f"Failed to detect {protocol}"
-    
-    def test_ipv6_localhost(self):
-        """Test detection of IPv6 localhost."""
-        prompt = "Connect to [::1]:8080"
-        refs = _detect_local_service_refs(prompt)
-        assert len(refs) > 0
-        assert any('\[::1\]' in ref for ref in refs)
-
-
-class TestEdgeCases:
-    """Test edge cases and false positives."""
-    
-    def test_case_insensitive(self):
-        """Test case insensitive matching."""
-        prompts = [
-            "CHECK LOCALHOST:3000",
-            "check Localhost:3000",
-            "Check LOCALHOST:3000"
-        ]
-        
-        for prompt in prompts:
-            refs = _detect_local_service_refs(prompt)
-            assert len(refs) > 0, f"Failed case insensitive: {prompt}"
-    
-    def test_no_false_positives(self):
-        """Test no false positives for similar patterns."""
-        safe_prompts = [
-            "Check the localhost documentation",
-            "Read about 127.0.0.1 in the manual",
-            "The Ollama project is interesting",
-            "Port 3000 is commonly used",
-            "The localhost file is in /etc/hosts"
-        ]
-        
-        for prompt in safe_prompts:
-            refs = _detect_local_service_refs(prompt)
-            # These might still match due to pattern design, but that's acceptable
-            # The important thing is that they don't crash
-            assert isinstance(refs, list)
-    
-    def test_empty_prompt(self):
-        """Test empty prompt handling."""
-        refs = _detect_local_service_refs("")
-        assert refs == []
-    
-    def test_none_handling(self):
-        """Test None prompt handling."""
-        # The function should handle None gracefully
-        try:
-            refs = _detect_local_service_refs(None)
-            assert refs == []
-        except Exception as e:
-            # If it raises an exception, that's also acceptable
-            assert isinstance(e, (TypeError, AttributeError))
-
-
-if __name__ == "__main__":
-    pytest.main([__file__])