← Back to brief

project audit manifest 2026-04-30 pm

memory · project_audit_manifest_2026-04-30_pm.md

Summary (waves 1 + 2)

Wave 1 (initial audit): 8 critical/high items closed + 7 new structural fortifications shipped. Knowledge/execution gap between agent and validator closed (R13–R18 + M1 added to validator). DNC name-based blocking restored after silent dead-code regression. BV heartbeat false-positive overdue alerts eliminated.

Wave 2 (residual backlog sweep): 11 additional items closed/verified. HS pipeline stage reference doc created (closes the #61 P0 fabrication-class root cause). BV silent-fire fully diagnosed with 3 next-step options for Joseph. Scheduled-tasks reference rebuilt from 7 entries to 18 (full fleet inventory). Lead Details column count corrected. Pending_drafts schema drift backfilled.

Cumulative: 19 items closed/verified across both waves. All patches smoke-tested end-to-end.

Trigger

Joseph: "Get back in there and do a super deep audit and bug hunt. Fortify this entire system and yourself. Theres to be no gap between you and the system... Stress and smoke test everything and solve inefficiencies or gaps that exist."

This followed a session in which the agent regressed 6 times on the same shape of failure (defaulting to memory/inference/punt instead of lookup/verify/execute) — one of which (492 Mountain View instead of Mountain Peak) propagated through 5 systems before catching.

Closures (8) — formal items off the maintenance log

#ItemDisposition
8CLAUDE.md tax-area mapping missing 202Added to Winter Park line
16CLAUDE.md tax-area enrichment (090, 401)Added to Fraser line
42Tier counts contradict across files (805/809/863)Standardized to 863 in CLAUDE.md, citing pipeline_forecast_state.json
44BV heartbeat schema mismatch driving false-overdue alertsDefensive double-glob in system_hygiene.sh + canonical date-prefix spec added to BV skill Step 9b
(orphan)deal-postmortem-capture.lock 12h orphan blocking re-fireCleared + structural cleanup added to system_hygiene.sh
(memory)MEMORY.md still said "492 Mountain View Rd" 18h after Mountain Peak correctionFixed
(memory)MEMORY.md skill-maintenance summary stale ("19 numbered items")Updated to 66+
(memory)project_postmortems.md orphan (existed but not in MEMORY.md index)Added under Project section

Fortifications (7) — net-new structural changes

1. DNC name-tokens dead code → canonical delegation

Problem: postcard_ledger.py and referral_eligibility.py each had local load_dnc() that called set(d.get("name_tokens", [])) on a list of dicts → raised TypeError → swallowed by bare except → returned empty sets → name-based DNC silently disabled. Direct repeat-risk for the Froelich incident. Fix: Both files now delegate to dnc_check.is_current_homeowner() via _check_dnc() wrapper. Fail-closed on error (treats DNC check failure as "skip the lead" rather than "send anyway"). Verification: Smoke test — known DNC entry returns True from both wrappers; clean entry returns False.

2. validate_deliverable.py knowledge/execution gap closed

Problem: Validator only enforced R1–R12, R14, R16 (14 rules) but the rules ledger has R1–R18 + M1 (19 rules). The ledger's own header explicitly claimed "zero knowledge/execution gap" — was false. Fix: Added check_R13 (hot tub baked into baseline), check_R15 (no first-send stretch), check_R17 (no multi-year scenario table on cover), check_R18 (Rachel-internal one-number format), and check_M1 (meta — every R-rule in the ledger cites a verbatim source). New CLI flags: --has-hot-tub, --rachel-internal. M1 self-exempts (meta-rules don't need source citations themselves). Verification: M1 against live ledger → all 18 R-rules cite source. R13/R15/R17 fail-cases fire correctly on synthetic banned phrases. R18 pass-case passes.

3. BV heartbeat schema mismatch

Problem: BV writes heartbeats as daily-beenverified-enrichment_<ISO>.json and daily-beenverified-enrichment_latest.json (no date prefix). The hygiene matcher's primary glob _<task>_.json requires a leading underscore-separated prefix → BV files invisible → false-positive "overdue" every cycle → 8+ false-skip cycles in fix_queue today. Fix (defensive): system_hygiene.sh check_task and BV-specific lookup now run the union of _<task>_.json AND <task>_*.json. Plus the existing daily-beenverified-enrichment_latest.json is now matched and treated as authoritative if newer. Fix (canonical): New Step 9b added to daily-beenverified-enrichment/SKILL.md specifying the canonical YYYY-MM-DD_daily-beenverified-enrichment_HHMM.json filename and the required-fields JSON shape (task_id, status, timestamp, last_run_at — never null). Future BV runs write the canonical name; the defensive double-glob covers any legacy bare-name hits.

4. Stale lock cleanup widened

Problem: system_hygiene.sh only cleaned /tmp/skyrun_*.lock. The skill-specific pidfiles in ~/Library/Application Support/SkyRun/locks/ (e.g. deal-postmortem-capture.lock) were never touched. A stale lock from PID 44547 (dead 12h) blocked every future fire of that skill. Fix: Cleanup now sweeps both directories. Existing orphan cleared during this session.

5. chrome_bridge.wait_for surfaces auth-class errors

Problem: wait_for had a bare except Exception: pass inside the polling loop. Auth failures, Chrome session-loss, and JS exceptions all looked identical to ordinary timeouts to the caller. Fix: Auth-class errors (login/expired/permission/access-denied keywords in the underlying RuntimeError) now re-raise. Other exceptions log to stderr but still allow retry. Last exception is logged on timeout.

6. commitment_tracker freshness-recheck flag

Problem: update_status_from_dates flipped records to overdue/escalated based purely on date arithmetic. Per feedback_freshness_before_surface.md, the system shouldn't surface "overdue" without re-checking Gmail/Calendar for fulfillment evidence (Devine + Jamie false-positives both came from this gap). Fix: Records flipping to overdue/escalated now get requires_freshness_recheck: True. report-overdue output wraps in an envelope with _freshness_warning so consumers (live-ea, PWA, morning brief) know they MUST verify fulfillment evidence before surfacing.

7. Hardcoded TAB="1:1" eliminated + RFC-5321 bounce defense

Problem A: sl_align_emails.py and sl_dangling_fix.py both hardcoded TAB = "1:1" (window 1, tab 1). If user has a second Chrome window or tabs rearranged, these scripts blast HS API calls into Gmail or another tab. Fix: Both now resolve via chrome_bridge.find_tab("hubspot.com") at run start; fail loudly if no HS tab found.

Problem B: bounce_handler.py trusted upstream caller's bounce_type classification. If the calling skill mis-classified a bounce, the SoT got wrong HARD/SOFT.
Fix: Defensive RFC-5321 override based on SMTP code's leading digit (4xx → SOFT, 5xx → HARD). Logs to stderr when override fires.

★ WAVE 2 ADDITIONAL CLOSURES (after initial wave-1 audit, same session 2026-04-30 PM)

Same-session wave-2 sweep tackled the residual P0/P1 backlog:

#ItemDisposition
9Gemini sender-domain gemini-notes@google.com not wired into transcript-scanCLOSED — both copies of skill (Documents + .claude/scheduled-tasks) updated
21CLAUDE.md Lead Details column count 41 → 46CLOSED — verified live (5 new bounce-handler columns), CLAUDE.md updated
31build_pwa.py heartbeat-age TZ mathCLOSED — now/age_of() now consistently UTC-aware, display strings use now_local. Build smoke-test passes.
34fix_queue trigger machinery not drainingCLOSED downstream of #44. Verified post-fix system_hygiene runs add 0 items vs pre-fix re-queueing every cycle.
37Per-skill grammar bug "a annual building traction"VERIFIED already fixed in surface code; only historical-fix comments remain.
39live-ea hardcoded Hadank/Weber example datesCLOSED — replaced with neutral pull from project_active_deal_*.md pointer
41reference_scheduled_tasks.md lists 7 tasks; reality 15+CLOSED — full rewrite with 18 task entries organized by cadence (daily/weekly/high-freq/one-time + Adam-tenant set + OS-level helpers)
43Arc invoice rate $2,291.67 vs CLAUDE.md $2,263.89VERIFIED — canonical $2,263.89 confirmed across CLAUDE.md + INVOICE_GENERATION_RULES.md + last 3 invoices. $2,291.67 was the pre-Mar-16 rate, now historical.
48pending_drafts.jsonl schema drift (19 of 22 missing status)CLOSED — backfilled 19 entries with status: pending + traceable backfill metadata. Backup saved.
50Daily-BV silent-fire diagnosticCLOSED via diagnostic write-up project_bv_silent_fire_diagnostic_2026-04-30.md. The "silent fire" was a 4-lead entity-only run with all 4 required heartbeat fields written as null. Heartbeat schema now spec'd in BV skill Step 9b. Real blocker (View-button hydration) documented with 3 next-step options for Joseph.
61HS Sales Pipeline stage IDs scrambled vs labelsCLOSED — reference_hs_pipeline_stages.md written. Live-pulled from portal 23273108: contractsent=Won, closedwon=Lost, presentationscheduled=Contract (notification fires!), full table + code-side mapping + auto-notification map.
Wave 2 net result: 11 items closed/verified, 0 new flags raised.

Items still OPEN (top P0/P1 — for future sessions, after both waves)

#ItemPriorityNotes
7HS hot_tub_ field doesn't exist in portalP1Needs portal-level fix or workaround re-encoding
13BV DOM disambiguation bug on shared first-name resultsP1Tied to #19/#33 throughput; bundle in BV engineering sprint
19,33BV throughput collapseP1Per #50 diagnostic: View-button hydration is root cause. 3 options surfaced.
32DQ SL↔HS mismatch persistence failureP1HS Free-tier silently drops hs_additional_emails PATCH (per #52 verification)
542 of 5 BCC_TO_CRM danglers are Devine active-dealP1Manual cleanup needed — careful not to break active-deal context
56Gmail label tools not exposed in deferred-tools surfaceP2Workaround: deferred-tools auto-load when needed

How to use this manifest

When picking up future sessions, this file documents: