project_manager.py (3 sites):
- get_all_tracks returns list[dict[str, Any]] where each dict now
has an 'errors' field (list[ErrorInfo]) capturing per-track
metadata recovery. The 3 SILENT_SWALLOW sites (state.from_dict,
metadata.json, plan.md) now append to this list instead of
silently passing.
orchestrator_pm.py (2 sites):
- get_track_history_summary returns Result[str]. The 2 SILENT_SWALLOW
sites (metadata.json + spec.md reads) append to a scan_errors list
that's threaded through the Result.
Tests updated to check result.ok and use result.data.
Migrates 3 sites in src/outline_tool.py:
1. L49 (outline body) - the ast.parse SyntaxError handler.
outline() now returns Result[str]. On SyntaxError, the data
is the formatted error string (preserved for backwards-compat
with callers that read the formatted string), and the errors
list has the ErrorInfo.
2. L90 (walk ast.unparse for returns) - was except ...: pass.
Now appends ErrorInfo to enclosing parse_errors list.
3. L109 (walk ast.unparse for ImGui context) - same.
outline() returns Result(data='\n'.join(output), errors=parse_errors).
get_outline() also returns Result[str].
Tests updated to check result.ok and use result.data.
Migrates 5 SILENT_SWALLOW sites to full Result[T] pattern:
session_logger.py (4 sites):
1. log_api_hook - returns Result[bool] (was None)
2. log_comms - returns Result[bool] (was None)
3. log_tool_call - returns Result[Optional[str]] (was Optional[str])
4. log_cli_call - returns Result[bool] (was None)
file_cache.py (1 site):
- L98: removed dead code (try/except StopIteration around
next(iter(_ast_cache)) is unreachable because we just checked
len(_ast_cache) >= 10)
Updates tests/test_session_logger_optimization.py to extract
result.data from the new Result-based API.
All callers of these log_* functions previously ignored the
return value; they continue to ignore the new Result return
value (backwards-compatible).
A malformed state.toml in conductor/tracks/<track>/state.toml (e.g.,
from an interrupted previous run) caused tomllib.load() to raise
TOMLDecodeError, which propagated up and crashed App.__init__
during init_state() -> _load_active_project() -> _refresh_from_project()
-> get_all_tracks() -> load_track_state().
This manifested as test failures in tests/test_layout_reorganization.py,
tests/test_auto_slices.py, tests/test_hooks.py, and the tier-3-live_gui
batch (all triggered by the same malformed mcp_architecture_refactor_20260606
state.toml).
The fix wraps tomllib.load() in a try/except for (OSError,
tomllib.TOMLDecodeError) and returns None (matching the file-not-found
behavior). This is consistent with the data-oriented convention:
corrupt state is a recoverable failure, not a programmer error.
Tests verified:
- tests/test_track_state_persistence.py (1 test) PASS
- tests/test_layout_reorganization.py (4 tests) PASS
- tests/test_auto_slices.py (3 tests) PASS
- tests/test_hooks.py (3 tests) PASS
The Phase 5 batch had 3 files that are already compliant:
- src/theme_2.py:282 - already narrows to (ImportError, AttributeError)
which matches heuristic #19 (catch + log pattern). Compliant.
- src/theme_models.py:166 - the RAISE in load_theme_file is the
'try/except + raise ValueError for domain-level exception
conversion' pattern. The function catches low-level TOML
exceptions and re-raises as ValueError with a descriptive
message. Keep as-is; the audit heuristic gap is a follow-up
improvement (the 'dict lookup miss + raise' pattern should be
INTERNAL_PROGRAMMER_RAISE).
- external_editor.py:47, 56 - already narrow (FileNotFoundError).
Compliant per BOUNDARY_SDK heuristic.
The audit reports src/vendor_capabilities.py:42 as INTERNAL_RETHROW
(suspicious) because the function raises KeyError when no
capabilities are registered for the requested vendor/model.
Decision: keep the raise pattern. This is a legitimate runtime
validation signal (caller asked for unregistered vendor/model).
8 callers in src/{app_controller,gui_2,ai_client}.py use the
returned caps object directly without checking; migrating to
Optional or Result would cascade into 8 caller updates.
The audit heuristic gap (raise KeyError after dict lookup miss
should be INTERNAL_PROGRAMMER_RAISE per the validation-raise
pattern) is noted as a follow-up improvement.
The post-Phase-1 audit reports all 3 files have 0 violations,
0 suspicious, 0 unclear, and 3 compliant sites each.
Per-site decision: all 9 sites are compliant (likely try/finally
or BOUNDARY_IO patterns for TOML I/O); no migration needed.
Migrates the 2 try/except sites in LogRegistry:
1. save_registry() - line 132: was except Exception: print(...)
Now except OSError: and returns Result[bool] with ErrorInfo on
failure. Removed the print() diagnostic.
2. update_auto_whitelist_status() - line 246: was except Exception: pass
Now except OSError: (narrowed). No return value change since
the method returns None anyway.
Both sites narrowed from broad except Exception to specific stdlib
I/O exceptions. Callers of save_registry() (register_session,
update_session_metadata) ignore the Result return value.
Tests verified:
- tests/test_log_registry.py (5 tests) PASS
- tests/test_logging_e2e.py (1 test) PASS
- tests/test_auto_whitelist.py (4 tests) PASS
The post-Phase-1 audit reports src/paths.py has 0 violations,
0 suspicious, 0 unclear, and 3 compliant sites.
Per-site decision: all 3 sites are compliant (likely try/finally
cleanup or BOUNDARY_IO patterns for filesystem path resolution);
no migration needed.
The post-Phase-1 audit reports src/performance_monitor.py has 0
violations, 0 suspicious, 0 unclear, and 1 compliant site.
Per-site decision: the 1 site is compliant (likely a try/finally
or BOUNDARY_IO pattern); no migration needed.
The post-Phase-1 audit reports src/log_pruner.py has 0 violations,
0 suspicious, 0 unclear, and 2 compliant sites (the 2 try/except
sites already use the canonical cleanup pattern or BOUNDARY_IO
heuristic matching).
Per-site decision: both sites are compliant; no migration needed.
The 2 sites (likely try/finally cleanup patterns) are not flagged
as migration-targets by the audit.
Migrates the 4 try/except sites in SummaryCache:
1. load() - line 39: was `except Exception: self.cache = {}`
Now `except (OSError, json.JSONDecodeError):` and returns
Result[bool] with ErrorInfo on failure.
2. save() - line 48: was `except Exception: pass`
Now `except OSError:` and returns Result[bool] with ErrorInfo on
failure.
3. clear() - line 91: was `except Exception: pass`
Now `except OSError:` and returns Result[bool] with ErrorInfo on
failure.
4. get_stats() - line 100: was `except Exception: pass`
Now `except OSError:` and returns Result[dict] with default empty
size_bytes on failure.
All 4 sites narrowed from broad `except Exception` to specific stdlib
I/O exceptions (OSError, json.JSONDecodeError). Methods that previously
returned None now return Result[bool]; get_stats() now returns
Result[dict] instead of dict.
Callers (app_controller.py:_handle_clear_summary_cache, _cb_clear_summary_cache,
summarize.py) ignore the return value, which is backwards-compatible.
Tests verified:
- tests/test_summary_cache.py (3 tests) PASS
- tests/test_ui_cache_controls_sim.py (1 live_gui test) PASS
The per-file list was truncated to top 15 by default. Files below
the top-15 violation ranking (e.g., the 4 UNCLEAR sites in
outline_tool.py, summarize.py, conductor_tech_lead.py,
openai_compatible.py) were hidden from the per-file output.
The fix changes the default --top from 15 to 200, which exceeds
the current project file count (65 src/ files) and leaves room
for future growth. Users can still pass --top 15 if they want a
truncated view.
The render_json filter excluded INTERNAL_COMPLIANT findings from the
per-file list in non-verbose mode:
if f.category in VIOLATION_CATEGORIES or f.category in ("UNCLEAR", "INTERNAL_RETHROW")
This meant the 25 newly-classified compliant sites from the review
pass were not visible in the per-file output. Totals were correct
but the per-file list was incomplete.
The fix removes the filter so all findings appear in the per-file
list. The totals already match (they are computed from r.findings
before the per-file filter).