Per styleguide §7.6 Pattern 1: 'catch + convert + raise as different type'
requires 'raise X from e' to preserve the original exception in the
traceback.
Sites updated:
Site 1 (L277 _load_credentials):
except FileNotFoundError as e:
raise FileNotFoundError(f'...') from e
Sites 2+3 (L878+L879 _default_send, nested in run_with_tool_loop):
if not res.ok:
raise res.errors[0].original from None
raise RuntimeError(...) from None
The exceptions come from a Result, not a local except; 'from None'
suppresses the implicit context.
Site 5 (L2061 _send inside _send_gemini_cli):
raise cast(Exception, send_result.errors[0].original) from None
Site 6 (L2742 _dashscope_call):
raise classify_dashscope_error(_dashscope_exception_from_response(resp)) from None
KNOWN LIMITATION: the audit script does not have a heuristic for
'raise X from e' / 'from None' (Pattern 1). The sites remain
INTERNAL_RETHROW in the audit. INTERNAL_RETHROW is 'suspicious but
not violation' (strict mode accepts). Adding a heuristic requires
Tier 1 approval per the conventions.
Audit: ai_client RETHROW 6 -> 5 (site 4 migrated separately; these
4 sites stay as INTERNAL_RETHROW by audit classification but follow
Pattern 1 by styleguide).
Phase 12: ai_client rethrow classification (6 sites).
3 legitimate re-raise patterns from styleguide:
1. Catch + convert + raise as different type (with rom e):
try: json.loads(raw)
except json.JSONDecodeError as e: raise ValueError(f'Invalid JSON: {e}') from e
2. Catch + log + re-raise:
try: do_something()
except Exception as e: logger.exception('failed; will propagate'); raise
3. Catch + cleanup + re-raise (or use try/finally for pure cleanup).
SUSPICIOUS pattern (NOT compliant):
try: do_something()
except Exception: raise
This catches an exception, does nothing with it, and re-raises. The
try/except is dead code; remove it or use Result-based propagation.
Per MUST-DOT-DO #4: 'raise a custom exception class for runtime failures' is forbidden.
Migration rules per Phase 12 plan:
- If site fits Pattern 1/2/3: leave as-is (audit should classify as COMPLIANT)
- If site is SUSPICIOUS (catch + bare raise): MIGRATE to Result[T]
- Do NOT classify as 'suspicious' (= sliming)
- Per-site: test (if migrated), commit
Both classify functions had:
try:
sdk = _require_warmed('xxx')
if isinstance(exc, sdk.SomeException): return ErrorInfo(...)
...
except (ImportError, AttributeError):
pass
# body-string matching fallback
...
Body: bare 'except: pass' = SS violation (silent recovery).
Migration per TIER1_REVIEW directive (per-site decision):
- Initial attempt: _try_warm_sdk(name) -> Any sentinel (None on failure)
- Audit flagged the sentinel helper as UNCLEAR (Heuristic B requires class
method with self.attr assignment; module-level sentinel doesn't match)
- Per Phase 9 redo precedent: migrate to Result instead of adding heuristic
Final approach: _try_warm_sdk_result(name) -> Result[Any]
Returns Result(data=module) on success,
Result(data=None, errors=[ErrorInfo]) on ImportError/AttributeError.
Classify callers check result.ok and use result.data on success.
Audit: ai_client SS 2 -> 0; UNCLEAR 1 -> 0 (after Result migration).
COMPLIANT 32 -> 33.
Site 11 at module level had:
if os.environ.get('SLOP_TOOL_PRESET'):
try:
set_tool_preset(os.environ['SLOP_TOOL_PRESET'])
except Exception:
pass
Body: bare 'except Exception: pass' = SS violation.
Migration: call the _set_tool_preset_result helper from Phase 11 site 5.
The helper returns Result[None]; on error it captures the structured
ErrorInfo. The top-level loader ignores the Result (env-var preset is
optional, errors are not fatal at module load time).
Audit: ai_client SS 3 -> 2.
Both sites 9 (gemini) and 10 (gemini_cli) in get_token_stats had:
try: _ensure_gemini_client()
if _gemini_client:
resp = _gemini_client.models.count_tokens(model=_model, contents=md_content)
total_tokens = cast(int, resp.total_tokens)
except Exception: pass
Body: pass = SS violation.
New helper _count_gemini_tokens_for_stats_result(md_content) -> Result[int]:
- Returns Result(data=token_count) on success
- Returns Result(data=0, errors=[ErrorInfo]) on SDK failure or warmup failure
- Caller treats 0 as 'token count unavailable' and falls back to
character-based estimation
Legacy get_token_stats now uses:
if p in ('gemini', 'gemini_cli'):
total_tokens = _count_gemini_tokens_for_stats_result(md_content).data
(combined both branches into one since the logic was identical)
Audit: ai_client SS 5 -> 3. COMPLIANT 31 -> 32.
Both functions had:
try: ToolPresetManager().load_all() ...
except (OSError, ValueError, AttributeError) as e:
sys.stderr.write(f'[ERROR] Failed to set {preset_name}: {e}')
sys.stderr.flush()
sys.stderr.write is logging = NOT a drain = SS violation per MUST-NOT-DO #6.
New helpers:
- _set_tool_preset_result(preset_name: Optional[str]) -> Result[None]
Empty/None preset short-circuits to Result(data=None).
On failure: Result(data=None, errors=[ErrorInfo]).
- _set_bias_profile_result(profile_name: Optional[str]) -> Result[None]
Same pattern.
Legacy wrappers set the global state (or skip on empty preset) and
delegate to the _result helper. Cache invalidation runs regardless.
Audit: ai_client SS 9 -> 7. COMPLIANT 27 -> 29.
Sites L432 (cleanup) and L450 (reset_session) had:
try: _gemini_client.caches.delete(name=_gemini_cache.name)
except Exception: pass
This is bare 'except: pass' = INTERNAL_SILENT_SWALLOW violation (logging is NOT
a drain; 'pass' is the worst form of silent recovery).
Migration: use existing _delete_gemini_cache_result() helper (added Phase 10).
The helper returns Result[None]; on SDK error logs a warning to comms.
The caller ignores the Result (cleanup is best-effort).
Audit: ai_client SS 11 -> 9.
Phase 11: ai_client silent-swallow (11 sites; was 9, +2 from Phase 9 narrowing set_tool_preset/set_bias_profile).
CRITICAL ANTI-SLIMING RULES (MUST follow):
1. NO narrowing + logging: 'except (NarrowType): logging.error(...)' is a VIOLATION
2. NO empty defaults: 'except (NarrowType): args = {}' is a VIOLATION (sliming)
3. NO pass: 'except: pass' is a VIOLATION (silent)
4. NO traceback.print_exc alone: similar to logging, data is lost
5. logging.error / logger.exception / sys.stderr.write alone: NOT a drain
Per MUST-NOT-DO #6: 'DO NOT catch except Exception and silently swallow.'
Per MUST-NOT-DO #7: 'DO NOT catch except Exception in non-*_result code without conversion to ErrorInfo.'
Per TIER1_REVIEW 2026-06-20 (Phase 9 redo): 'empty default is NOT a drain — the caller must observe the errors.'
Canonical pattern for SS sites:
def _feature_result(...) -> Result[T]:
try:
return Result(data=compute())
except (NarrowType) as e:
return Result(data=<zero>, errors=[ErrorInfo(kind=INTERNAL, message=str(e), source=..., original=e)])
Legacy wrapper preserves original signature; surface errors via Result where possible.
Some sites may not have a clear 'caller' (e.g., _extract_gemini_thoughts is called inline); for these, the _result helper captures the structured error and the legacy function returns the empty data default (preserving current behavior).
All 3 run_tier4_* functions had the same pattern:
try: ... AI call ...
except Exception as e: return '[XXX FAILED] {e}' (or None)
Per TIER1_REVIEW: empty-default return = MIGRATE to Result[T].
New helpers:
- _run_tier4_analysis_result(stderr: str) -> Result[str]
Returns Result(data=analysis) on success, Result(data='', errors=[ErrorInfo])
on SDK failure. Empty stderr short-circuits to Result(data='').
- _run_tier4_patch_callback_result(stderr: str, base_dir: str) -> Result[Optional[str]]
Returns Result(data=patch) on valid diff, Result(data=None) when no
valid diff, Result(data=None, errors=[ErrorInfo]) on SDK failure.
- _run_tier4_patch_generation_result(error: str, file_context: str) -> Result[str]
Returns Result(data=patch) on success, Result(data='', errors=[ErrorInfo])
on SDK failure. Empty error short-circuits to Result(data='').
Legacy wrappers delegate to _result helpers and return result.data,
preserving original signatures (str for sites 7,9; Optional[str] for site 8).
Existing tier4 tests pass (13/13 in test_tier4_patch_generation +
test_tier4_interceptor).
Audit: ai_client BC 3 -> 0. All 9 Phase 10 BC sites migrated.
Site L1990: inner _send(r_idx) in _send_gemini_cli had:
try: resp_data = adapter.send(...)
except Exception as e: events.emit('response_received', {'error': str(e)}); raise
This is Re-Raise Pattern 2 (catch + emit event + raise). Per TIER1_REVIEW,
the migration is to Result[T] because the audit does not yet recognize
events.emit as a structured error carrier.
New helper _send_cli_round_result(r_idx, adapter, payload, ...) -> Result[dict]:
- Emits request_start + [CLI] comms before SDK call
- Returns Result(data=resp_data) on SDK success
- On failure: emits response_received error event + returns Result(errors=[ErrorInfo(original=e)])
Inner _send refactored:
send_result = _send_cli_round_result(r_idx, adapter, payload, ...)
if not send_result.ok:
raise cast(Exception, send_result.errors[0].original)
resp_data = send_result.data
This preserves the original re-raise behavior so the outer
_send_gemini_cli try/except still catches and converts to Result.
Audit: ai_client BC 4 -> 3.
Site L1773: cache.create block in _send_gemini had multiple global side
effects (sets _gemini_cache, _gemini_cache_created_at, _gemini_cached_file_paths,
returns chat_config with cached_content). Except body reset globals on failure.
Per TIER1_REVIEW: logging is NOT a drain. MIGRATE to Result[Any].
New helper _create_gemini_cache_result(sys_instr, tools_decl, file_items) -> Result[Any]:
- Returns Result(data=chat_config) on SDK success (sets globals, logs [CACHE CREATED])
- Returns Result(data=None, errors=[ErrorInfo]) on SDK failure (resets globals,
logs [CACHE FAILED])
- Preserves original semantics: globals set on success, reset on failure
Caller:
cached_config_result = _create_gemini_cache_result(sys_instr, tools_decl, file_items)
if cached_config_result.ok:
chat_config = cached_config_result.data
Audit: ai_client BC 5 -> 4. _send_gemini cache-related BC sites all migrated.
Site L1732: count_tokens block in _send_gemini had:
try: count_resp = _gemini_client.models.count_tokens(...)
... set should_cache based on total_tokens ...
except Exception as e: _append_comms('[COUNT FAILED]')
Per TIER1_REVIEW: logging is NOT a drain. MIGRATE to Result[bool].
New helper _should_cache_gemini_result(sys_instr: str) -> Result[bool]:
- Result(data=True) if token count >= 2048
- Result(data=False) if below threshold + [CACHING SKIPPED] comms note
- Result(data=False, errors=[ErrorInfo]) on SDK failure + [COUNT FAILED] comms
Caller: should_cache = _should_cache_gemini_result(sys_instr).data
Audit: ai_client BC 6 -> 5. Site L1732 (now shifted to L1752) no longer BC.
Sites L1680 (cache.delete on context change) and L1692 (cache.delete on
TTL expiry) had identical patterns:
try: _gemini_client.caches.delete(name=_gemini_cache.name)
except Exception as e: _append_comms('OUT', 'request', {'message': f'[CACHE DELETE WARN] {e}'})
Per TIER1_REVIEW: logging is NOT a drain. MIGRATE to Result[T].
Single helper _delete_gemini_cache_result() -> Result[None]:
- Returns Result(data=None) on success
- Returns Result(data=None, errors=[ErrorInfo]) on SDK failure + logs warning to comms
- Caller (_send_gemini) ignores errors (best-effort cleanup)
Audit: ai_client BC 8 -> 6. Both sites migrated.
The original function had a broken pattern: 'raise _classify_gemini_error(exc)
from exc' which raises an ErrorInfo (not an Exception) — a runtime bug.
Per TIER1_REVIEW 2026-06-20 directive: per-site decision. The body raised a
structured error carrier (ErrorInfo), but the pattern was incorrect (ErrorInfo
is not an Exception). Cleanest fix: full Result[T] migration.
New helper:
- _list_gemini_models_result(api_key: str) -> Result[list[str]]
Returns Result(data=sorted_models) on success, Result(data=[], errors=[ErrorInfo])
on SDK/network failure.
Legacy wrapper:
- _list_gemini_models(api_key: str) -> list[str]
Returns result.data (preserves original signature; callers don't see errors).
Audit: ai_client BC 9 -> 8. Site L1594 (now shifted to L1609 due to helper insertion)
no longer in INTERNAL_BROAD_CATCH.
Phase 10: ai_client Batch B (9 INTERNAL_BROAD_CATCH sites).
Key rules for Phase 10:
- MUST-DO #1: Use Result[T] for any function that can fail at runtime
- MUST-DO #2: Catch SDK exceptions at the boundary, convert to ErrorInfo
- MUST-NOT-DO #6: DO NOT catch except Exception and silently swallow
- MUST-NOT-DO #7: DO NOT catch except Exception in non-*_result code without conversion to ErrorInfo
Canonical BC pattern (lines 540-562):
def _feature_result(self) -> Result[T]:
try:
return Result(data=compute())
except Exception as e:
return Result(data=None, errors=[ErrorInfo(kind=INTERNAL, message=str(e), source=..., original=e)])
Per-site decision process (Tier 1's directive):
- narrow + return ErrorInfo or dict[error]=True: Heuristic E match (already INTERNAL_COMPLIANT)
- narrow + empty default (e.g., args={}): MIGRATE to Result[T]
- broad except Exception: MIGRATE to Result[T] (BOUNDARY_CONVERSION)
- broad + re-raise: classify per Pattern 1/2/3 (Phase 12 territory)
In-depth restoration guide covering:
- Branch state + last 10 commit SHAs
- Phase-by-phase summary (9 of 14 complete)
- Anti-sliming protocol + Heuristic E reference
- Test state (31 baseline + 16 audit heuristics)
- Audit state per file (mcp_client 100%, ai_client 36%, rag_engine 0%)
- Migration pattern template
- TIER1_REVIEW directive verbatim summary
- Reload checklist for post-compact agent
- Conventions (1-space indent, CRLF, no comments, no git restore)
- Remaining 27 ai_client migration-target sites mapped to phases
- Final verification commands for Phase 14
The restored agent after compact should read this first to reorient.
3 empty-default sites per Tier 1 directive (NOT heuristic — empty default
is NOT a drain per error_handling.md:528-531):
1. L394 set_provider (minimax branch): added _set_minimax_provider_result helper.
The helper returns Result[list[str], ErrorInfo] with structured errors.
Legacy set_provider delegates to the helper; falls back to empty key on
failure (preserving original behavior).
2. L716+L723 _execute_tool_calls_concurrently (deepseek + minimax):
added _parse_tool_args_result helper that returns Result[dict, ErrorInfo].
The for-loop accumulates per-call errors into a local file_errors list.
3. L994 _reread_file_items: added _reread_file_items_result helper that
returns Result[tuple, ErrorInfo]. Per TIER1_REVIEW, caller does NOT
check err_item["error"] flag (verified by reading _build_file_diff_text
and the 4 callers), so this site needed full migration (NOT heuristic).
Legacy function delegates to the helper and logs errors to stderr
(operator-visible drain).
All 4 originally-UNCLEAR sites are now compliant:
L332, L355: BOUNDARY_CONVERSION (via existing creates_errorinfo check)
L394, L716, L723, L994: COMPLIANT (via Result-returning migration)
Audit: ai_client UNCLEAR 6 -> 0. Total: 19 INTERNAL_COMPLIANT.
Tests: 51 pass (28 baseline + 16 audit heuristics + 5 ai_client + 2 async_tools).
Heuristic E: narrow + structured error carrier (per TIER1_REVIEW_phase9_dilemma_20260620):
- except (NarrowType): return ErrorInfo(...) -> INTERNAL_COMPLIANT
- except (NarrowType): <item>["error"] = True -> INTERNAL_COMPLIANT
Distinguishes from the empty-default pattern (args = {}, body = ...) which
is explicitly NOT a drain per error_handling.md:528-531.
Refactored L332, L355 except bodies:
Was: except (ValueError, AttributeError): body = exc.response.text
Now: except (ValueError, AttributeError) as e: return ErrorInfo(...)
The function still returns ErrorInfo either way. When JSON parse fails,
we can't classify specific error codes, so we return UNKNOWN with the
original exception preserved (drain: structured ErrorInfo, not lost-default).
Added 2 helper methods:
_has_errorinfo_return(stmts) -> bool
_has_dict_error_true_assign(stmts) -> bool
Tests: 41 pass (28 baseline + 13 audit heuristics including the original 8).
Audit: ai_client UNCLEAR 6 -> 4 (L332+L355 now BOUNDARY_CONVERSION).
Remaining UNCLEAR: L394, L716, L723, L994 (will migrate in subsequent commits).
Tier 1's decision (NOT Tier 2's blanket Option A):
1. Add audit heuristic for narrow + structured error carrier (return ErrorInfo,
or dict[error] = True if caller checks the flag). Handles L332, L355, L994.
2. Migrate 3 empty-default sites to Result[T] (L394 set_provider, L716+L723
_execute_tool_calls_concurrently). Per styleguide:528-531, empty-default
is NOT a drain.
3. Verify L994 caller. If they check err_item[error], heuristic. If not, migrate.
Reasoning: tier 2 conflated 'return ErrorInfo' and 'return empty default' as
both legitimate, but the styleguide distinguishes them. Empty default = sliming.
Phase 10+ continues with per-site decision: is the body returning structured
error (heuristic candidate) or empty default (migrate)?
Tier 2 (autonomous) hit a dilemma in Phase 9:
Plan said: do not change the audit heuristic.
Plan also said: classify-as-suspicious laundering is forbidden.
Reality: 6 of 8 Phase 9 sites migrated via narrowing are now classified as
UNCLEAR by the audit because the existing heuristics don't recognize
their drain patterns (return ErrorInfo, set empty default, err_item dict).
This contradicts the plan's preconditions for completing the track.
Options documented for Tier 1:
A) Add 1-2 audit heuristics (recommended, ~5-10 min work)
B) Full Result[T] migration of 6 sites (~30-60 min work)
C) Defer to Phase 11 (plan-divergent)
No source code changed. Awaiting Tier 1 decision before Phase 10.
Was: except Exception as e (broad)
Now: except (OSError, UnicodeDecodeError) as e
The err_item drain (returned via the refreshed list with error: True flag)
is preserved. Only specific file I/O errors are caught now.
Both deepseek and minimax branches in the tool call dispatcher had:
try: args = json.loads(tool_args_str)
except: args = {}
json.JSONDecodeError is a subclass of ValueError, so narrowed to:
except (ValueError, TypeError): args = {}
This satisfies the BC classification (specific exception types).
Narrowed 3 INTERNAL_BROAD_CATCH sites to specific exception types:
1. set_provider (L394): except Exception -> except (OSError, ValueError)
for the credential loading fallback
2. set_tool_preset (L520): except Exception -> except (OSError, ValueError, AttributeError)
for tool preset loading (sys.stderr.write + flush preserved)
3. set_bias_profile (L537): except Exception -> except (OSError, ValueError, AttributeError)
for bias profile loading (sys.stderr.write + flush preserved)
Sites 4-5 are now narrow+log patterns which the audit will classify as
INTERNAL_SILENT_SWALLOW (a violation per the styleguide's anti-sliming
rule). They will be addressed in Phase 11 (silent-swallow cleanup).
The bare 'except:' in _classify_deepseek_error (L332) and _classify_minimax_error (L355)
was classified as INTERNAL_BROAD_CATCH. Narrowed to 'except (ValueError, AttributeError)'
since the only realistic exceptions from exc.response.json() are JSONDecodeError (subclass of ValueError)
and AttributeError (if exc.response is None or .json() is missing).
Phase 9 = ai_client Batch A: 8 INTERNAL_BROAD_CATCH sites in src/ai_client.py.
ai_client is the AI provider SDK layer (Anthropic/Gemini/DeepSeek/MiniMax).
17 BC sites total (per Phase 1 audit); first 8 sites = Batch A.
The 4 BOUNDARY_SDK sites stay as-is (vendor SDK exceptions are converted).
The 4 INTERNAL_PROGRAMMER_RAISE sites stay as-is (raise AttributeError in
__getattr__ etc.). The 17 INTERNAL_COMPLIANT sites stay as-is.
The 9 INTERNAL_SILENT_SWALLOW and 7 INTERNAL_RETHROW sites are handled in
Phases 11 and 12 respectively.
Target: ai_client BC 17 -> 9 after Batch A.
Three nested helper functions inside _result variants had silent-swallow
or broad-catch patterns that the audit still flagged:
1. py_find_usages_result._search_file (L846):
Was: 'try/except Exception: pass' (silent-swallow per-file read errors)
Now: try/except (OSError, UnicodeDecodeError) as e: errors.append(ErrorInfo(...))
Errors propagated via the parent's Result.errors
2. derive_code_path_result (L957):
Was: 'try/except Exception: continue' (silent-swallow file parse errors)
Now: try/except (SyntaxError, ValueError) as e: file_errors.append(ErrorInfo(...))
Errors propagated via the parent's Result.errors
3. derive_code_path_result._trace (L996):
Was: try/except Exception as e: output.append(f-string with error)
Now: same output.append + ALSO appends ErrorInfo to file_errors
Drain: output appears in the result data string (operator-visible)
All 3 sites now comply with the data-oriented convention.
Audit: mcp_client migration-target sites: 0 (was 3). Categories:
BOUNDARY_CONVERSION: 5, INTERNAL_COMPLIANT: 43
The legacy StdioMCPServer.stop() had 2 'try/except Exception: pass' blocks
(silent-swallow). Migrated to capture errors as ErrorInfo list and surface
them via the [MCP:<name>:stop-warning] drain (print to stdout, consistent
with _read_stderr's existing stderr-drain pattern).
No logging-only or pass-only: errors are accumulated into ErrorInfo with
the original exception preserved. The drain is a visible stdout print,
which is a true drain (operator sees it during shutdown).
Audit: mcp_client INTERNAL_SILENT_SWALLOW 2 -> 0. Total mcp_client migration-target sites: 0.
The legacy code used 'try: rp.relative_to(cwd); return True; except ValueError: pass'
to check path containment. Python 3.9+ has Path.is_relative_to() which returns
bool directly, eliminating the silent-swallow try/except entirely.
This is a NON-SLIMING migration: the function's behavior is unchanged (still
returns True/False), the test of path containment is the same, but the
implementation no longer relies on bare except+pass. No logging added, no
silenced error, just a cleaner API.
Audit: mcp_client INTERNAL_SILENT_SWALLOW 3 -> 2.
Re-read lines 462-540 (The Broad-Except Distinction), lines 625-690 (Re-Raise
Patterns), and the AI Agent Checklist. CRITICAL anti-sliming protocol:
Phase 8 = mcp_client silent-swallow + UNCLEAR (6 sites):
- 5 INTERNAL_SILENT_SWALLOW sites (bare-except or except+pass patterns)
- 1 UNCLEAR site
Plus 3 nested BC cleanup (1 _search_file in py_find_usages_result + 2 trace
in derive_code_path_result).
RULES (anti-sliming):
- NO narrowing+logging (narrow + sys.stderr.write / logging.error = STILL violation)
- NO silent recovery (except: pass = SILENT_SWALLOW violation)
- MUST use full Result[T] propagation up to a true drain point
- Logging is NOT a drain (per user's principle 2026-06-17)
Added web_search_result, fetch_url_result, get_ui_performance_result inside Result Variants region.
The 3 legacy functions now delegate to their _result variants.
Audit: mcp_client BC 8 -> 3 (sites 6,7,8 migrated). Remaining 3 sites are
nested functions (1 in py_find_usages_result._search_file + 2 in derive_code_path_result.trace)
which are inherent to the implementation and will be addressed in Phase 8.
Added derive_code_path_result inside Result Variants region.
Legacy derive_code_path (str) now delegates to it. The nested trace
function is now inside the _result variant; its inner try/except
captures ErrorInfo correctly.
Phase 7 = mcp_client Batch E: 8 more INTERNAL_BROAD_CATCH sites
- L1338 py_get_hierarchy, L1359 py_get_docstring
- L1383 derive_code_path, L1418 trace
- L1452 get_tree
- L1535 web_search, L1561 fetch_url, L1580 get_ui_performance
Target: mcp_client BC 9 -> 1 after Batch E (the _search_file nested try/except
is separate from these 8 Batch E sites; will be classified/fixed in Phase 8).
ed