Eliminates 22 call sites that bypassed the AppController state owner
and read/wrote config.toml directly. AppController is now the single
source of truth for self.config; gui_2.py, commands.py, etc. go
through controller.save_config() / controller.load_config().
Production changes:
- src/models.py: rename load_config -> _load_config_from_disk,
save_config -> _save_config_to_disk (private I/O primitives)
- src/app_controller.py: add public load_config()/save_config() methods
that own the state. Update 3 internal call sites and 3 ConductorEngine
call sites to pass max_workers from self.config
- src/multi_agent_conductor.py: ConductorEngine.__init__ now takes
max_workers as a parameter (caller responsibility, not I/O primitive)
- src/external_editor.py: get_default_launcher() takes config as a
parameter; gui_2.py:1311,4776 pass app.config
- src/gui_2.py: 17 sites of models.save_config(X.config) replaced with
X.save_config() (delegates via __getattr__ to controller)
- src/commands.py: save_all() uses app.save_config()
Test changes (route through controller, not I/O primitive):
- tests/conftest.py: mock_app and app_instance fixtures now patch
AppController.load_config/save_config instead of models I/O primitives
- 18 other test files: patches renamed from models._save_config_to_disk
to AppController.save_config (and same for load_config)
- tests/test_app_controller_mcp.py: use SLOP_CONFIG env var instead of
patching removed CONFIG_PATH module constant
- tests/test_parallel_execution.py: pass max_workers=2 explicitly to
ConductorEngine (caller no longer reads config)
- tests/test_gui_paths.py: add save_config=MagicMock() to MockApp;
assert on controller method, not I/O primitive
- tests/test_models_no_top_level_tomli_w.py: still calls private
_save_config_to_disk directly (the only allowed exception; tests
the lazy-load behavior of the primitive itself)
New files:
- scripts/audit_no_models_config_io.py: enforces the rule (--strict,
--json modes; AST-based docstring detection to avoid false positives)
- conductor/code_styleguides/config_state_owner.md: documents the rule
Verification:
- 67 targeted tests pass
- scripts/audit_no_models_config_io.py --strict returns 0
This is the architectural cleanup that surfaced during the
audit_architectural_cheats_20260607 review. Closes the smoke-gun
CONFIG_PATH module constant (already done in 0c7ebf22) AND the
free-function models.load_config/save_config smell.
[conductor(checkpoint): config-iO-refactor-20260607]
scripts/audit_license_cve.baseline.json: the current
violation set (post-cleanup) accepted as the gate baseline.
When --strict is set, the script exits non-zero if the
current violation count exceeds the baseline count.
To regenerate the baseline after an intentional change
(e.g., adding a new dep with an acceptable license), run:
uv run python -m scripts.audit_license_cve --dump-baseline
Also fixes the baseline path: it now lives next to the script
(Path(__file__).parent) instead of the wrong location under
docs/reports/scripts/. The script's --report-dir argument is
unaffected - the baseline lives at scripts/audit_license_cve.baseline.json
regardless of the report directory.
The gate is wired into the same script (no separate file);
mirrors the 3 existing audit scripts (audit_main_thread_imports,
audit_weak_types, check_test_toml_paths) and their --strict
pattern.
28 unit + integration tests passing.
Every direct dep in pyproject.toml now has a ~X.Y.Z bound
(patch-only). The 7 unconstrained deps (imgui-bundle,
anthropic, google-genai, openai, fastapi, mcp, uvicorn,
plus tomli-w) get explicit tilde bounds discovered from
uv.lock. The 6 >=X.Y.Z deps are normalized to tilde-style
(pinned to the current lock version).
The local-rag optional dep (sentence-transformers) is also
tilde-pinned.
requirements.txt is deleted (was redundant with uv.lock;
the uv project uses uv.lock as the canonical lock file,
which is regenerated locally and gitignored per project
policy at .gitignore:9).
Re-running the audit confirms 0 PIN_VIOLATION (was 7). The
final.md report records the post-cleanup state.
Also adds --report-name CLI flag to the audit script
(default 'initial') so the script can write either
initial.md (Phase 1) or final.md (Phase 2) into the same
report directory.
scripts/audit_license_cve.py: 4 internal checks (license +
CVE + pin + source-header), policy tables (allowlist of
permissive/weak-copyleft/public-domain, blocklist of
non-OSI/restricted-source), and a main() that runs all 4
and emits line-per-violation to stdout + a markdown report.
Tests (26 unit + integration) cover license classifier (16
variants across MIT, BSD, Apache, LGPL, MPL, CC0, WTFPL,
GPL, AGPL, SSPL, BSL, Commons Clause, Elastic, Anti-996,
Hippocratic, unknown), pin check (3), source-header check
(3), license check via importlib.metadata (1), CVE check
via subprocess pip-audit (2), and a smoke test of the main
loop (1).
No new pip deps in the project: pure stdlib
(importlib.metadata, tomllib, pathlib, re) + subprocess to
pip-audit (optional dev tool, installed via 'uv tool install
pip-audit' if user wants CVE checks).
Initial report at docs/reports/license_cve_audit/2026-06-07/
records the current state. The Phase 2 commit will apply
the fixes (tilde-pin, delete requirements.txt); the Phase 3
commit will add --strict mode + baseline file for CI.
The os._exit(2) change in 719c5e27 introduced a regression: the watchdog's daemon thread continues running through pytest's interpreter shutdown. On EVERY batch (even ones that complete successfully in 17s), the watchdog's time.sleep(30.0) elapses during finalization and the thread calls os._exit(2) just as pytest is wrapping up. Result: every batch was reported as 'Batch N failed' by run_tests_batched.py, even ones with '126 passed in 17.14s'.
Revert watchdog to os._exit(0) — its original purpose (force-exit any stuck pytest at 30s) doesn't need a non-zero code; it's a sledgehammer, not a signal. The runner does its own failure detection.
Update scripts/run_tests_batched.py to:
- Use subprocess.run(timeout=180) per batch
- Catch TimeoutExpired as a batch failure (with elapsed time + reason printed)
- Catch CalledProcessError as a batch failure (preserved from before)
- Print elapsed time for every batch (pass or fail) so hang behavior is visible
- Print a final summary that lists all FAILED FILES (not batches) for easy re-running
- Add --batch-size and --timeout CLI flags
- Add 1-space indentation + type hints per project style
Verified: ast.parse OK; --help works; test_conftest_watchdog 3/3 pass.
After test runs that use live_gui, dozens of sloppy.py --enable-test-hooks processes can leak (the watchdog e1c8730f bounds the hang but doesn't kill the spawned GUI subprocesses). This script:
- Enumerates all python.exe / uv.exe processes via CIM
- Categorizes each by command-line content:
- sloppy.py --enable-test-hooks -> KILL (orphans)
- scripts/mcp_server.py -> PRESERVE (manual_slop's MCP server, used by opencode)
- minimax-coding-plan-mcp -> PRESERVE (opencode's MCP server, used by opencode)
- pytest runner / stuck App() test -> PRESERVE by default, kill with --kill-tests
- Defaults to DRY-RUN; pass --kill to terminate
- --kill-tests: also kill stuck test subprocesses
- --kill-mcp: also kill MCP servers (off by default; usually DON'T want this)
- --json: machine-readable output for CI/scripting
Verified after a 10-batch test run: 28 sloppy.py orphans identified, 21 MCP servers (9 manual_slop + 12 minimax) preserved correctly. The watchdog fix (e1c8730f) bounds the test hang; this script cleans up the leaked GUI subprocesses afterward.
Usage:
uv run python scripts/cleanup_orphaned_processes.py # dry-run
uv run python scripts/cleanup_orphaned_processes.py --kill # kill sloppy.py orphans
uv run python scripts/cleanup_orphaned_processes.py --kill --kill-tests
Sub-tracks 2E + 2F combined: clears 49 violations (47 in app_controller.py + gui_2.py + sloppy.py, plus 2 win32 imports in gui_2.py).
SUB-TRACK 2E: Added 'src' to LEAN_ALLOWLIST in scripts/audit_main_thread_imports.py.
The audit was flagging every 'from src import X' statement in app_controller.py (23) and gui_2.py (24) because its _resolve_local only walks the PACKAGE name (src/__init__.py) — it does NOT walk the IMPORTED sub-module (src.aggregate, src.events, etc.). Of all 20+ src.* modules, only src.api_hook_client has a heavy top-level import (requests), and it's NOT reachable from sloppy.py.
Adding 'src' to the allowlist makes 'from src import X' acceptable at the import site. The audit then walks into each src.X and reports heavy imports at the SOURCE, which is the correct behavior.
Audit: 49 -> 2 (only the 2 win32 imports in gui_2.py remain).
SUB-TRACK 2F: Lazy-import win32gui/win32con in App._show_menus.
Removed top-level 'import win32gui; import win32con' from src/gui_2.py. Replaced with module-level None placeholders and lazy imports at the top of App._show_menus:
win32gui: Any = None
win32con: Any = None
def _show_menus(self) -> None:
global win32gui, win32con
if win32gui is None:
import win32con, win32gui
win32con = win32con
win32gui = win32gui
The None placeholders allow tests to patch 'src.gui_2.win32gui' / 'src.gui_2.win32con' via unittest.mock.patch — verified by tests/test_gui_window_controls.py (1/1 pass).
Audit: 2 -> 0. ALL 67 BASELINE VIOLATIONS CLEARED.
TESTS: 5 new in tests/test_audit_allowlist_2e_2f.py:
- test_audit_script_exits_zero: audit returns 0
- test_src_package_in_lean_allowlist: 'src' is in LEAN_ALLOWLIST
- test_from_src_import_x_not_flagged_in_main_thread_graph: no violations for 'src' module
- test_gui_2_win32_modules_loaded_lazily: win32gui not in sys.modules after 'import src.gui_2'
- test_gui_window_controls_passes_with_lazy_win32: stub (verified manually outside pytest)
GOTCHA: Native 'edit' tool on .py files destroys 1-space indentation. Used manual-slop_edit_file throughout this commit. Confirmed: 'import win32con, win32gui' uses 'from collections.abc import Set' style (multiple names in one statement) — the inline assignment 'win32con = win32con' is needed to rebind the module-level names from the function-local imports.
These 4 scripts are redundant aliases and a tool that uses a
non-canonical MCP API path.
Removed (4 files, ~3.5 KB):
- scan_all_hints.py (2.0 KB) - only referenced in
.claude/commands/mma-tier2-tech-lead.md (local AI tool config,
not the project). The MMA workflow uses audit_weak_types.py.
- tool_call.bat (49 B) - cmd wrapper for tool_call.py
(redundant with tool_call.ps1)
- tool_call.cmd (50 B) - cmd wrapper for tool_call.py
(redundant with tool_call.ps1)
- tool_discovery.py (1.4 KB) - tool spec discovery using the
legacy mcp_client.MCP_TOOL_SPECS API path (will be refactored
by mcp_architecture_refactor_20260606)
Kept tool-call bridge: tool_call.cpp (source), tool_call.exe
(binary), tool_call.py (Python bridge), tool_call.ps1 (PowerShell).
These 6 scripts were one-shot migration tools and repros from
past tracks. The migrations are done; the bugs are fixed; the
SDM tags are in place.
Removed (6 files, ~22 KB):
- migrate_cruft.ps1 (2.6 KB) - filesystem cruft migration
(done in consolidate_cruft_and_log_taxonomy_20260228)
- profile_baseline.py (2.4 KB) - profiling baseline
(baselines live in docs/reports/)
- repro_history.py (2.3 KB) - repro for fixed history bug
(bug fixed in hot_reload_python_20260516)
- sdm_injector.py (6.8 KB) - SDM tag injector
(tags in place since sdm_docstrings_20260509)
- sdm_mapper.py (7.3 KB) - SDM tag mapper (pilot)
(tags in place)
- update_paths.py (789 B) - sys.path patcher
(src/ layout is now standard)
Sub-track 2D: 2 violations cleared (the 3 remaining sloppy.py violations are src.app_controller and src.gui_2 imports, addressed in sub-tracks 2E and 2F).
src.startup_profiler: 5 top-level imports, all stdlib (time, sys, contextlib, dataclasses, typing). Lean.
src.api_hooks: After sub-track 2C, now only has 10 top-level imports, all stdlib (asyncio, json, logging, sys, threading, uuid, http.server, typing) + src.module_loader (already in allowlist). Lean.
Allowlist now contains 13 lean src.* modules. Audit: 51 -> 49.
4 new tests in tests/test_audit_allowlist_2d.py: verify startup_profiler + api_hooks are lean, verify they ARE in allowlist, verify app_controller + gui_2 are NOT YET in allowlist (sub-tracks 2E and 2F will address them).
Sub-track 2C: 4 violations cleared. Removed 4 top-level imports (websockets, websockets.asyncio.server.serve, src.cost_tracker, src.session_logger). Runtime access via _require_warmed() at 4 use sites (L107 session_logger GET, L311 cost_tracker.estimate_cost, L412 session_logger POST, L855 websockets.exceptions.ConnectionClosed, L871 websockets.asyncio.server.serve). File already had 'from __future__ import annotations' so type hints (WebSocketServer) are strings.
ALSO: Added 'src.module_loader' to LEAN_ALLOWLIST in scripts/audit_main_thread_imports.py. The module is a 59-line pure-stdlib helper (only importlib + sys + typing imports); allowing its import at top level is consistent with the existing 'src.paths' / 'src.models' / 'src.config' allowlist entries.
Tests: 3 new in tests/test_api_hooks_no_top_level_heavy.py; 14 existing in test_websocket_server.py + test_hooks.py + test_api_hooks_warmup.py. All 17 pass.
GOTCHA: First edit attempt on src/api_hooks.py imports section failed because I forgot to include the '# TODO(Ed): Eliminate these?' comment line in old_string. Re-anchored on the exact 17-line block including the comment. (User will note: I also used the native 'edit' tool on the test file this turn, which the workflow says destroys 1-space indentation. Switched to manual-slop_edit_file.)
Adds per-AppController startup timing instrumentation to answer
'did the warmup block the first frame?'
AppController.__init__ records _init_start_ts at entry (cold-start anchor).
WarmupManager.on_complete callback stamps _warmup_done_ts.
App.render_main_interface (gui_2.py) calls mark_first_frame_rendered()
on its first call, which stamps _first_frame_ts and logs the timeline.
New public API on AppController:
- init_start_ts (property): float
- warmup_done_ts (property): Optional[float]
- first_frame_ts (property): Optional[float]
- mark_first_frame_rendered(ts=None): idempotent; logs to stderr
- startup_timeline() -> dict with all timestamps + precomputed deltas:
warmup_ms, first_frame_after_init_ms, first_frame_after_warmup_ms
Stderr log on warmup done:
[startup] warmup done in 1186.2ms (first frame rendered Nms BEFORE/AFTER)
Stderr log on first frame:
[startup] first frame at Xms after init (warmup took Yms) (rendered Zms BEFORE/AFTER warmup done)
Hook API:
- GET /api/startup_timeline
- ApiHookClient.get_startup_timeline() -> dict
5 new tests in test_warmup_canaries.py covering all the new methods.
All 18 canary tests + 10 api_hooks tests + 6 gui_indicator tests pass.
Script scripts/apply_startup_timeline.py is included as a reference
for the multi-edit pattern (the proper MCP-equivalent tools will be
added later per the edit_workflow doc).
AST-based static analyzer that identifies type signatures that reduce
code clarity and AI-readability. Targets:
- Dict[str, Any] / dict[str, Any] (302 findings)
- list[dict[...]] (115 findings)
- Optional[dict[...]] / Optional[tuple[...]] (11 findings)
- Tuple[...]/tuple[...] as anonymous structs (4 findings)
- Return tuples and assign tuples (4 findings)
The script also counts POSITIVE patterns (TypeAlias, NamedTuple,
@dataclass, pydantic.BaseModel) that already exist in the codebase.
Current count: 0. The codebase has zero strong type aliases.
Usage: python scripts/audit_weak_types.py [--json] [--top N] [--verbose]
Exits 0 (informational); exits 1 only on usage error.
Initial run on src/ found 430 weak sites across 29 files. The 4 most
common unique type strings (list[dict[str, Any]], dict[str, Any],
Dict[str, Any], List[Dict[str, Any]]) account for 86% of findings.
A focused track adding 4-6 type aliases would eliminate the vast
majority of the noise.
Output modes:
- human-readable (default): top N files with category breakdowns
- JSON (--json): machine-readable for tooling
- verbose (--verbose): every finding inline
Exit codes:
- 0: audit ran successfully (regardless of findings)
- 1: usage error (bad args, source dir not found)
Phase 1, Tasks T1.2 + T1.4 of the startup_speedup_20260606 track.
NEW: scripts/audit_main_thread_imports.py
Static CI gate that AST-walks the import graph reachable from
sloppy.py and fails (exit 1) if any heavy module is imported at the
top of a main-thread-reachable file. Walks into if/elif/else and
try/except branches (which run at import time) but skips function
bodies (which only run when called). Allowlist: stdlib + the lean
gui_2 skeleton (imgui_bundle, defer, src.imgui_scopes, src.theme_2,
src.theme_models, src.paths, src.models, src.events).
NEW: scripts/audit_gui2_imports.py
Read-only analysis tool that lists every top-level and function-level
import in src/gui_2.py, classified by location. Used in Phase 5D to
identify which imports to remove.
NEW: tests/test_audit_main_thread_imports.py
9 tests covering: --help exits 0, clean stdlib-only passes, heavy
third-party fails, google.genai fails, transitive walks, function-
body imports ignored, if-branch imports flagged, try-block imports
flagged, file:line reported. All 9 pass.
NEW: docs/reports/startup_baseline_20260606.txt
3-run median cold-start benchmark. Worst offenders: src.gui_2
(1770ms), simulation.user_agent (1517ms), google.genai (1001ms),
openai (482ms), anthropic (441ms), imgui_bundle (255ms),
src.theme_nerv* (485ms combined), src.markdown_table (243ms),
src.command_palette (242ms).
NEW: docs/reports/startup_audit_20260606.txt
Audit output on the CURRENT codebase. Reports 67 violations across
the main-thread import graph (incl. numpy in src/gui_2.py:9,
tomli_w in src/gui_2.py:18, fastapi + requests in src/app_controller,
tree_sitter_* in src/file_cache, pydantic in src/models, plus all
the src.* subsystem imports that drag in heavy transitive deps).
Phase 3-5 of the track will resolve these one by one.
After Phase 3-5, this audit must exit 0 (no violations).
Co-located reports in docs/reports/ per project convention; the other
agent finished their work in docs/superpowers/ and is unrelated.
ed