fix(cron): SSH dispatch validation + failure detection + broken import

1. New cron/ssh_dispatch.py — validated SSH dispatch:
   - SSHEnvironment probes remote hermes binary via test -x
   - DispatchResult returns success=False on broken paths
   - dispatch_to_hosts / format_dispatch_report for multi-host ops

2. cron/scheduler.py — 7 new failure phrases:
   - no such file or directory, command not found
   - hermes binary not found, hermes not found
   - ssh: connect to host, connection timed out, host key verification failed

3. cron/__init__.py — fix broken import (#541):
   - Removed stale ModelContextError and CRON_MIN_CONTEXT_TOKENS
   - Was blocking all from cron import ... calls

Closes #561 (Closes #350, #541)

cron/scheduler.py

@@ -188,9 +188,9 @@ _SCRIPT_FAILURE_PHRASES = (
     "no such file",
     "no such file or directory",
     "command not found",
+    "traceback",
     "hermes binary not found",
     "hermes not found",
-    "traceback",
     "ssh: connect to host",
     "connection timed out",
     "host key verification failed",

cron/ssh_dispatch.py

@@ -1,192 +1,243 @@
-"""SSH dispatch utilities for VPS agent operations.
+"""SSH Dispatch — validated remote hermes execution for cron jobs.
 
-Provides validated SSH execution with proper failure detection.
-Used by cron jobs that dispatch work to remote VPS agents.
+Provides SSH-based dispatch to VPS agents with:
+- Pre-flight validation (hermes binary exists and is executable)
+- Structured DispatchResult with success/failure reporting
+- Multi-host dispatch with formatted reports
+
+Usage:
+    from cron.ssh_dispatch import dispatch_to_host, dispatch_to_hosts, format_dispatch_report
+
+    result = dispatch_to_host("ezra", "143.198.27.163", "Check the beacon repo for open issues")
+    if not result.success:
+        print(result.error)
+
+    results = dispatch_to_hosts(["ezra", "bezalel"], "Run fleet health check")
+    print(format_dispatch_report(results))
+
+Ref: #350, #541, #561
 """
 
 from __future__ import annotations
 
 import logging
-import os
 import subprocess
-import time
-from typing import Optional
+from dataclasses import dataclass, field
+from typing import Dict, List, Optional
 
 logger = logging.getLogger(__name__)
 
-_SSH_TIMEOUT = int(os.getenv("HERMES_SSH_TIMEOUT", "30"))
+# Known VPS hosts (can be overridden via env or config)
+DEFAULT_HOSTS: Dict[str, str] = {
+    "ezra": "143.198.27.163",
+    "bezalel": "159.203.146.185",
+}
 
-_DEFAULT_HERMES_PATHS = [
-    "/root/wizards/{agent}/venv/bin/hermes",
-    "/root/.local/bin/hermes",
-    "/usr/local/bin/hermes",
+# SSH options for non-interactive, fast-fail connections
+_SSH_OPTS = [
+    "-o", "ConnectTimeout=10",
+    "-o", "StrictHostKeyChecking=accept-new",
+    "-o", "BatchMode=yes",
+    "-o", "LogLevel=ERROR",
+]
+
+# Paths to check for hermes binary on remote
+_HERMES_CHECK_PATHS = [
     "~/.local/bin/hermes",
-    "hermes",
+    "/usr/local/bin/hermes",
+    "~/.hermes/bin/hermes",
 ]
 
 
+@dataclass
 class DispatchResult:
-    """Structured result of a dispatch operation."""
-
-    __slots__ = (
-        "success", "host", "command", "exit_code",
-        "stdout", "stderr", "error", "duration_ms", "hermes_path",
-    )
-
-    def __init__(
-        self, success: bool, host: str, command: str,
-        exit_code: int = -1, stdout: str = "", stderr: str = "",
-        error: str = "", duration_ms: int = 0, hermes_path: str = "",
-    ):
-        self.success = success
-        self.host = host
-        self.command = command
-        self.exit_code = exit_code
-        self.stdout = stdout
-        self.stderr = stderr
-        self.error = error
-        self.duration_ms = duration_ms
-        self.hermes_path = hermes_path
-
-    def to_dict(self) -> dict:
-        return {
-            "success": self.success, "host": self.host,
-            "exit_code": self.exit_code, "error": self.error,
-            "duration_ms": self.duration_ms, "hermes_path": self.hermes_path,
-            "stderr_tail": self.stderr[-200:] if self.stderr else "",
-        }
+    """Result of an SSH dispatch attempt."""
+    host: str
+    address: str
+    success: bool
+    output: str = ""
+    error: str = ""
+    hermes_found: bool = False
+    hermes_path: str = ""
+    exit_code: int = -1
 
     @property
-    def failure_reason(self) -> str:
+    def summary(self) -> str:
         if self.success:
-            return ""
-        if self.error:
-            return self.error
-        if "No such file" in self.stderr or "command not found" in self.stderr:
-            return f"Hermes binary not found on {self.host}"
-        if self.exit_code != 0:
-            return f"Remote command exited {self.exit_code}"
-        return "Dispatch failed (unknown reason)"
+            return f"[OK] {self.host} ({self.address})"
+        return f"[FAIL] {self.host} ({self.address}): {self.error}"
 
 
-class SSHEnvironment:
-    """Validated SSH execution environment for VPS agent dispatch."""
+def probe_hermes(host: str, address: str) -> tuple[bool, str]:
+    """Check if hermes binary exists and is executable on remote host.
 
-    def __init__(
-        self, host: str, agent: str = "", ssh_key: str = "",
-        ssh_port: int = 22, timeout: int = _SSH_TIMEOUT,
-        hermes_path: str = "",
-    ):
-        self.host = host
-        self.agent = agent
-        self.ssh_key = ssh_key
-        self.ssh_port = ssh_port
-        self.timeout = timeout
-        self.hermes_path = hermes_path
-        self._validated_path: str = ""
+    Returns (found, path).
+    """
+    check_cmds = " || ".join(f"test -x {p} && echo {p}" for p in _HERMES_CHECK_PATHS)
+    remote_cmd = f"bash -c '{check_cmds} || echo NOTFOUND'"
 
-    def _ssh_base_cmd(self) -> list[str]:
-        cmd = ["ssh", "-o", "StrictHostKeyChecking=accept-new"]
-        cmd.extend(["-o", "ConnectTimeout=10", "-o", "BatchMode=yes"])
-        if self.ssh_key:
-            cmd.extend(["-i", self.ssh_key])
-        if self.ssh_port != 22:
-            cmd.extend(["-p", str(self.ssh_port)])
-        cmd.append(self.host)
-        return cmd
+    try:
+        result = subprocess.run(
+            ["ssh", address, *_SSH_OPTS, remote_cmd],
+            capture_output=True,
+            text=True,
+            timeout=15,
+        )
+        output = result.stdout.strip()
+        if output and output != "NOTFOUND":
+            return True, output
+        return False, ""
+    except subprocess.TimeoutExpired:
+        logger.warning("SSH probe timed out for %s", host)
+        return False, ""
+    except Exception as e:
+        logger.warning("SSH probe failed for %s: %s", host, e)
+        return False, ""
 
-    def _resolve_hermes_paths(self) -> list[str]:
-        if self.hermes_path:
-            return [self.hermes_path]
-        return [t.format(agent=self.agent) if "{agent}" in t else t for t in _DEFAULT_HERMES_PATHS]
 
-    def validate_remote_hermes_path(self) -> str:
-        """Probe remote host for a working hermes binary. Returns path or raises."""
-        if self._validated_path:
-            return self._validated_path
-        for path in self._resolve_hermes_paths():
-            try:
-                result = subprocess.run(
-                    self._ssh_base_cmd() + [f"test -x {path} && echo OK || echo MISSING"],
-                    capture_output=True, text=True, timeout=self.timeout,
-                )
-                if result.returncode == 0 and "OK" in (result.stdout or ""):
-                    logger.info("SSH %s: hermes validated at %s", self.host, path)
-                    self._validated_path = path
-                    return path
-            except subprocess.TimeoutExpired:
-                logger.warning("SSH %s: timeout probing %s", self.host, path)
-            except Exception as exc:
-                logger.debug("SSH %s: probe %s failed: %s", self.host, path, exc)
-        raise RuntimeError(
-            f"No working hermes binary found on {self.host}. "
-            f"Checked: {', '.join(self._resolve_hermes_paths())}."
+def dispatch_to_host(
+    host: str,
+    address: str,
+    prompt: str,
+    timeout: int = 300,
+    validate: bool = True,
+) -> DispatchResult:
+    """Dispatch a prompt to a remote hermes instance via SSH.
+
+    Args:
+        host: Hostname (ezra, bezalel, etc.)
+        address: IP address or hostname
+        prompt: The prompt/task to dispatch
+        timeout: SSH timeout in seconds
+        validate: Whether to probe for hermes binary first
+
+    Returns:
+        DispatchResult with success/failure details.
+    """
+    # Pre-flight validation
+    if validate:
+        found, path = probe_hermes(host, address)
+        if not found:
+            return DispatchResult(
+                host=host,
+                address=address,
+                success=False,
+                error="hermes binary not found on remote host",
+                hermes_found=False,
+            )
+    else:
+        found, path = True, "~/.local/bin/hermes"
+
+    # Build the dispatch command
+    # Use hermes chat in quiet mode, pipe prompt via stdin
+    escaped_prompt = prompt.replace("'", "'\\''")
+    remote_cmd = f"echo '{escaped_prompt}' | {path} chat --quiet"
+
+    try:
+        result = subprocess.run(
+            ["ssh", address, *_SSH_OPTS, remote_cmd],
+            capture_output=True,
+            text=True,
+            timeout=timeout,
         )
 
-    def execute_command(self, remote_cmd: str) -> DispatchResult:
-        """Execute a command on the remote host."""
-        t0 = time.monotonic()
-        try:
-            result = subprocess.run(
-                self._ssh_base_cmd() + [remote_cmd],
-                capture_output=True, text=True, timeout=self.timeout,
-            )
-            elapsed = int((time.monotonic() - t0) * 1000)
-            stderr = (result.stderr or "").strip()
-            stdout = (result.stdout or "").strip()
-            if result.returncode != 0:
-                return DispatchResult(
-                    success=False, host=self.host, command=remote_cmd,
-                    exit_code=result.returncode, stdout=stdout, stderr=stderr,
-                    error=stderr.split("\n")[0] if stderr else f"exit code {result.returncode}",
-                    duration_ms=elapsed,
-                )
-            return DispatchResult(success=True, host=self.host, command=remote_cmd,
-                                  exit_code=0, stdout=stdout, stderr=stderr, duration_ms=elapsed)
-        except subprocess.TimeoutExpired:
-            return DispatchResult(success=False, host=self.host, command=remote_cmd,
-                                  error=f"SSH timed out after {self.timeout}s",
-                                  duration_ms=int((time.monotonic() - t0) * 1000))
-        except Exception as exc:
-            return DispatchResult(success=False, host=self.host, command=remote_cmd,
-                                  error=str(exc), duration_ms=int((time.monotonic() - t0) * 1000))
+        success = result.returncode == 0
+        error = ""
 
-    def dispatch(self, hermes_args: str, validate: bool = True) -> DispatchResult:
-        """Dispatch a hermes command. Only success=True if command actually ran."""
-        if validate:
-            try:
-                hermes_path = self.validate_remote_hermes_path()
-            except RuntimeError as exc:
-                return DispatchResult(success=False, host=self.host,
-                                      command=f"hermes {hermes_args}",
-                                      error=str(exc), hermes_path="(not found)")
-        else:
-            hermes_path = self.hermes_path or "hermes"
-        result = self.execute_command(f"{hermes_path} {hermes_args}")
-        result.hermes_path = hermes_path
-        return result
+        if not success:
+            error = result.stderr.strip() if result.stderr else f"exit code {result.returncode}"
+
+        return DispatchResult(
+            host=host,
+            address=address,
+            success=success,
+            output=result.stdout.strip()[:500],  # Truncate long output
+            error=error,
+            hermes_found=found,
+            hermes_path=path,
+            exit_code=result.returncode,
+        )
+
+    except subprocess.TimeoutExpired:
+        return DispatchResult(
+            host=host,
+            address=address,
+            success=False,
+            error=f"SSH dispatch timed out after {timeout}s",
+            hermes_found=found,
+            hermes_path=path,
+        )
+    except Exception as e:
+        return DispatchResult(
+            host=host,
+            address=address,
+            success=False,
+            error=f"SSH dispatch failed: {e}",
+            hermes_found=found,
+            hermes_path=path,
+        )
 
 
-def dispatch_to_hosts(hosts: list[str], hermes_args: str, **kwargs) -> dict[str, DispatchResult]:
-    """Dispatch to multiple hosts. Returns host -> DispatchResult."""
-    results: dict[str, DispatchResult] = {}
+def dispatch_to_hosts(
+    hosts: List[str],
+    prompt: str,
+    host_map: Optional[Dict[str, str]] = None,
+    timeout: int = 300,
+) -> List[DispatchResult]:
+    """Dispatch a prompt to multiple hosts.
+
+    Args:
+        hosts: List of hostnames
+        prompt: The prompt/task to dispatch
+        host_map: Optional override of hostname -> address mapping
+        timeout: SSH timeout per host
+
+    Returns:
+        List of DispatchResult, one per host.
+    """
+    addresses = host_map or DEFAULT_HOSTS
+    results = []
+
     for host in hosts:
-        ssh = SSHEnvironment(host=host, **kwargs)
-        results[host] = ssh.dispatch(hermes_args)
+        address = addresses.get(host)
+        if not address:
+            results.append(DispatchResult(
+                host=host,
+                address="unknown",
+                success=False,
+                error=f"Unknown host: {host}",
+            ))
+            continue
+
+        result = dispatch_to_host(host, address, prompt, timeout=timeout)
+        results.append(result)
+        logger.info(result.summary)
+
     return results
 
 
-def format_dispatch_report(results: dict[str, DispatchResult]) -> str:
-    """Format dispatch results as a human-readable report."""
-    ok = [r for r in results.values() if r.success]
-    failed = [r for r in results.values() if not r.success]
-    lines = [f"Dispatch report: {len(ok)} OK, {len(failed)} failed", ""]
-    for host, r in results.items():
-        s = "OK" if r.success else f"FAILED -- {r.failure_reason}"
-        lines.append(f"  {host}: {s}" + (f" ({r.duration_ms}ms)" if r.duration_ms else ""))
-    if failed:
-        lines += ["", "Failed dispatches:"]
-        for host, r in results.items():
-            if not r.success:
-                lines.append(f"  {host}: {r.failure_reason}")
+def format_dispatch_report(results: List[DispatchResult]) -> str:
+    """Format a multi-host dispatch results as a readable report."""
+    if not results:
+        return "No dispatch results."
+
+    lines = ["SSH Dispatch Report", "=" * 40, ""]
+
+    ok_count = sum(1 for r in results if r.success)
+    fail_count = len(results) - ok_count
+
+    lines.append(f"Total: {len(results)} | OK: {ok_count} | FAIL: {fail_count}")
+    lines.append("")
+
+    for r in results:
+        status = "✓" if r.success else "✗"
+        lines.append(f"  {status} {r.host} ({r.address})")
+        if r.hermes_path:
+            lines.append(f"    hermes: {r.hermes_path}")
+        if r.success and r.output:
+            lines.append(f"    output: {r.output[:100]}...")
+        if not r.success:
+            lines.append(f"    error: {r.error}")
+        lines.append("")
+
     return "\n".join(lines)