Pantheon — AI Agent Orchestration Dashboard

Background

Managing a fleet of AI agents across multiple remote servers is inherently complex. Operators need to provision workflows, start and stop agents, monitor logs in real-time, run multi-step data pipelines, schedule cron jobs, and chat interactively with agents — all while maintaining secure SSH access to each VPS. The existing approach relied entirely on the **Hermes CLI** tool, which required direct terminal access to every server and deep command-line knowledge.
Pantheon was built to solve this by providing a **single, unified web interface** that abstracts the entire Hermes CLI surface behind a polished dashboard, enabling non-technical team members and operators to manage AI agent infrastructure without ever opening a terminal.

Solution

The core technical decision was to build a **Turborepo monorepo** with three packages:

1. @pantheon/web — A Next.js 16 front-end with React 19 and a fully custom RPG-themed design system

2. @pantheon/api — A Fastify 5 back-end that acts as a secure gateway between the web client and remote VPS servers via SSH

3. @pantheon/shared — Shared TypeScript types and utilities consumed by both apps

The API layer does not directly execute AI workloads. Instead, it maintains a persistent SSH connection pool to registered VPS servers and proxies every user action into a sanitized, whitelisted Hermes CLI command executed over the SSH tunnel. This architecture provides:

• Security — The web client never has direct SSH access; all commands pass through a strict whitelist and input sanitizer

• Reliability — SSH connections auto-reconnect with exponential backoff (up to 10 retries)

• Performance — Connection pooling avoids the overhead of re-authenticating on every request

Real-time features (live logs, agent status polling, pipeline execution tracking, streaming chat) are powered by Socket.IO with JWT-authenticated namespaces, room-based subscriptions, and intelligent throttling.

Key Features

• War Council Dashboard — A command-center overview displaying active agents in a grid, champions leaderboard, and real-time activity feed with quick-action shortcuts

• Guild Hall (Workflow Manager) — Create, enable/disable, start/stop, and delete multi-agent workflows; each workflow acts as an isolated workspace for related agents

• Champion Roster (Agent Manager) — Full lifecycle management for AI agents: add, configure, start, stop, schedule, and monitor with customizable avatar profiles and bios

• Communion Chamber (AI Chat) — Real-time streaming chat with Hermes root agent or any specific workflow agent, with persistent session history and auto-resume via Hermes session IDs

• Active Quests (Pipeline Runner) — Execute and monitor multi-step data pipelines with live step-by-step progress updates streamed via WebSocket

• Oracle's Eye (Monitoring) — Live log viewer with log-level filtering (info/warn/error/debug) and VPS resource metrics (CPU, memory) polled at 30-second intervals with smart delta throttling

• The Chronicle (Memory Manager) — Interface for managing agent long-term memory systems, including setup wizards and status monitoring

• Spellbook (Skills Manager) — Install, update, and uninstall agent skill packs from registries or custom taps

• Sacred Rituals (Cron Scheduler) — Create, edit, pause, resume, and trigger cron jobs with human-readable schedule visualization

• Signal Towers (Gateway Control) — Install, start, stop, and manage the Hermes gateway service with user approval flows

• Quest Board (Task Tracker) — Kanban-style task board with drag-and-drop, priority levels, agent assignment, and due-date tracking — all backed by Prisma

• The Scriptorium (Docs Viewer) — Integrated documentation browser with search, sidebar navigation, and markdown rendering

• Grand Grimoire (Configuration Editor) — Monaco-powered YAML configuration editor for Hermes config files

• Sanctum's Form (Appearance Settings) — Theme customization including dark/light mode, accent colors, font families, glass effects, and custom background uploads

• Security Layer — Helmet headers, CORS, rate limiting, request timeouts, JWT authentication with automatic refresh, command whitelisting, and SSH host fingerprint verification

Technical Highlights

• Monorepo with Turborepo — Parallel builds, shared TypeScript config, and unified dev command across all packages

• SSH Connection Pooling — Persistent connections with automatic reconnection (exponential backoff up to 30s) and fingerprint verification for TOFU-style host key management

• Command Whitelisting — Every SSH command is validated against a strict whitelist before execution to prevent injection attacks

• Real-time Architecture — Six distinct WebSocket channels: agent status, live logs, pipeline execution, VPS metrics, chat streaming, and push notifications

• Token Auto-Refresh — API client transparently intercepts 401 responses, refreshes the JWT via httpOnly cookie, and retries the original request

• Type-safe API Layer — Full Zod validation on all request/response schemas shared between client and server

• Graceful Shutdown — PTY sessions closed, SSH connections drained, and Prisma disconnected on SIGTERM

• Accessible Navigation — Skip-to-content link, ARIA labels, keyboard-navigable sidebar, and tooltip fallbacks for collapsed state

Results

• Built a production-ready dashboard with 24+ pages covering the entire Hermes CLI surface

• Achieved a fully type-safe monorepo across client, server, and shared packages with zero `any` types

• Enabled non-technical operators to manage AI agent infrastructure without terminal access

• Delivered a real-time monitoring experience with sub-second log streaming and 30-second metric polling

• Created a distinctive visual identity with the Parchment RPG theme that doubles as a design system showcase