hermes - 💡(How to fix) Fix Add audit trail for missed tasks in cron task triage sweeps

Bug Description

When a scheduled Clawchief/cross-channel task triage sweep misses an expected task, the cron run is hard to debug after the fact. The cron status can be ok and the final response may be [SILENT], but the persisted output does not provide a structured decision trace showing whether the source item was collected, filtered, extracted as a candidate, rejected as low-confidence, deduped, or blocked by source freshness.

This makes the user question "why was this task not captured in the task triage sweep?" difficult to answer without re-running collectors manually and inspecting source-specific state.

Observed Evidence

• There are two active Clawchief cron jobs using the same script (clawchief_collect_cron.sh):
  • a7990258903d — Clawchief sweep AM/midday IST, schedule 30 4,8,13 * * *, last run 2026-05-25T13:36:33Z, status ok.
  • 4ef1bb7ba5f6 — Clawchief sweep late IST, schedule 0 7,11,16 * * *, last run 2026-05-25T16:06:21Z, status ok.
• Latest late sweep output ended with [SILENT] even though Circleback failed and there was no user-visible explanation because no Todoist tasks were created.
• The latest source snapshot (~/.hermes/state/clawchief-source-snapshot.json) shows collection completed for most sources, but Circleback failed:
  • WhatsApp: ok, 91 records
  • Slack: ok, 0 records
  • Granola: ok, 2 records
  • Circleback: not ok — CLI not authenticated; MCP initialize timeout
  • Asana: ok, 30 records
  • Linear: ok, 25 records
  • Todoist: ok, 70 active / 87 completed tasks
• The cron markdown output embeds a very large JSON snapshot in a fenced block that gets truncated in normal reads; it does not leave a compact per-source/per-item audit trail suitable for answering why a specific candidate was skipped.

Expected Behavior

For each scheduled task-triage run, Hermes should persist a compact, structured audit artifact that supports missed-task debugging without requiring a full manual rerun.

At minimum, store:

• run id, job id, schedule time, start/end timestamps, final status
• source freshness summary per source (latest timestamp, sync age, source errors)
• extracted candidate list before Todoist apply
• apply result per candidate: created / duplicate / already seen / low confidence / invalid schema / missing ownership / source unavailable / other rejection reason
• dedupe reason and matched Todoist/Asana/Linear/source reference when applicable
• final counts: collected, candidates, created, skipped by reason, source errors

Actual Behavior

A run can finish ok and intentionally deliver [SILENT] when no new Todoist tasks are created, but there is no concise persisted decision trace. The available cron output mostly contains the prompt plus a large/truncated source snapshot and the final response.

Suggested Fix

Add a run audit log for cron jobs that use scripts and/or for the Clawchief apply pipeline specifically.

Possible implementation points:

1. Have clawchief_collect_cron.sh / clawchief_apply_todoist.py write a JSON audit file such as:
   • ~/.hermes/state/clawchief-runs/<job_id>/<run_timestamp>.audit.json
2. Include candidate-level decisions from clawchief_apply_todoist.py --create, not only final created/skipped counts.
3. Preserve source freshness and source errors even when the final cron response is [SILENT].
4. Optionally add a small hermes cron inspect <job_id> --last or hermes cron output --json helper to expose the latest run's audit metadata.

Acceptance Criteria

• Given a missed-task report, an agent can answer whether the source item was:
  • never collected,
  • collected but filtered before candidate extraction,
  • extracted but rejected by schema/ownership/confidence,
  • skipped as duplicate/already seen,
  • blocked by source freshness/auth errors,
  • or attempted and failed during Todoist creation.
• [SILENT] remains supported for no-new-task Slack notifications, but the diagnostic artifact is still written locally.
• No message bodies or sensitive tokens are exposed in GitHub issue output; audit files can retain local/private details under ~/.hermes/state only.

Environment

• Hermes cron jobs on Linux
• Slack delivery for Clawchief summaries
• Clawchief collector script: ~/.hermes/scripts/clawchief_collect_cron.sh
• Todoist apply script: ~/.hermes/scripts/clawchief_apply_todoist.py

Priority

P2 — degraded observability/debuggability for scheduled automations. Workaround is manual source inspection and rerunning collectors, but that is slow and error-prone.