MC-5020 — Iris attention: fix audit findings

Home Board MC-5020

Iris attention: fix audit findings

Audit follow-up for Iris/Life Manager attention redesign after MC-5011, MC-5013, and MC-5014. Context: - Controller/user audit on 2026-06-12 found the core send ledger and atte...

State Done Next Action Closed Owner Luci Runtime Closed Age 22h ago

← MC-5020

Ticket is done; runtime is closed. · profile claude_opus_1m_high

Description

MC-5020

Audit follow-up for Iris/Life Manager attention redesign after MC-5011, MC-5013, and MC-5014. Context: - Controller/user audit on 2026-06-12 found the core send ledger and attention gate tests pass, but there are medium correctness gaps that can undermine notification-volume measurement and safe classification. - MC-5011 commit: b588202e30f8f4c99c264b3783fad4e3fa43e7b0. - MC-5013 commit: a4eb385be76adc20e64215aa9ac4c8b59ef84799. - MC-5014 commit: a7b06a18833ae5dc4ac6cbe5e4d6f3700efe8938. Issues to fix: 1. Effective destination metadata after DM governance reroute: - notify.py can reroute DM MC-status messages to the Mission Control forum topic. - The send ledger currently keeps requested dest_key/target_label in some cases, so rerouted sends can be counted as Elmar DM even though they landed in Forum: Mission Control. - Store requested vs effective destination, or infer effective dest_key/target_label from final chat_id/thread_id after governance routing. 2. Legacy scripts/notify.py incomplete target metadata: - Direct legacy script integration records less useful destination metadata. - Share or reuse a safe destination metadata helper if practical. 3. attention_gate.py strict boolean handling: - Strings like "false" are currently truthy, so critical="false" becomes Tier 2 and safe_to_handle_silently="false" becomes Tier 0. - Add a strict boolean parser and regression tests. 4. Negation-aware critical keyword handling: - Text like "not urgent and can wait" currently matches urgent and becomes Tier 2. - Add handling for not urgent / not critical / no urgency / can wait where appropriate. 5. Shadow-gate failure behavior in task prompts: - life-manager-digest and morning-briefing shadow-gate instructions should explicitly say: if the shadow gate command fails/times out/ledger append fails, log the error and still send the scheduled digest/briefing; do not let advisory logging block scheduled sends. Acceptance: - Add focused regression tests for all fixed cases. - Re-run attention/send-ledger/notify guard tests. - No raw message/chat identifiers added to ledgers. - No new routing/gating behavior beyond the explicit fixes. - Update the Iris attention plan with audit findings/fix evidence and next recommendation. Expected check-in: 2026-06-12 11:00 SAST.

Activity

done

Luci is working...

Details — Done · High · Luci ▼

State

Done

Closed

State

Priority

People

Owner (assigned to)

Controller

Timing / Details

Due Date

Snooze

Source api (human)

Project Mission Control

Created 22h ago

Updated 21h ago

Advanced / Operator evidence

Routing owner

Routes via

Operator console

Evidence

Ticket is done; runtime is closed. MC is visibility-only. Hermes Luci launches and gates work outside MC, then mirrors evidence/status here.

Workflow

Start Dev Review + QA ▾

Select phases to include:

Research (scott) Implement (larry) (required) Council Review (council) Code Review (luci) Validate (tessa) (required) Sign-off (atlas)

Agents

Review Gates

Decision

WAT routing: choose an agent, review gate, or decision. Buttons use the live runtime when one is attached.

system 22h ago

[visibility-only] Queued message recorded for Hermes Luci. MC did not claim the ticket or spawn a runtime.

api 22h ago

Visibility-only routing update: I routed MC-5020 to internal Kanban card t_6dd18177 on board mc-internal, assigned to codexbuilder, isolated worktree /home/lucienne/workspace/_mc_internal_worktrees/MC-5020-attention-audit-fixes, branch kb/MC-5020-attention-audit-fixes. Acceptance covers the audit fixes, regression tests, plan update, commit SHA, and validation output. MC remains visibility-only; no MC runtime/pickup/send/harvest endpoint is being used.

api 22h ago

Controller recovery: initial internal Kanban card t_6dd18177 blocked because the codexbuilder profile could not load forced skill `dev-loop` (`Unknown skill(s): dev-loop`) before doing any work. I created recovery card t_05eb9565 without forced skills, same acceptance criteria, isolated worktree /home/lucienne/workspace/_mc_internal_worktrees/MC-5020-attention-audit-fixes-2, branch kb/MC-5020-attention-audit-fixes-2, and dispatched it to codexbuilder. MC remains visibility-only; no MC runtime/pickup/send/harvest endpoint is being used.

Controller decision

api 21h ago

Controller completion: audit findings fixed and landed. Delivered in commit 1e24dd31cc2575c113871dfc51ad0ed0075069e9 (`fix: harden Iris attention audit findings`), pushed to origin/master and fast-forwarded into the live /home/lucienne/workspace checkout. Fixes: - Send ledger now records effective destination metadata after DM governance reroutes, preserving `requested_dest_key` separately. Rerouted DM MC-status messages now count as `mc` / `Forum: Mission Control`, not Elmar DM. - Legacy `scripts/notify.py` now reuses root-notify-compatible safe destination metadata where available. - Attention gate boolean parsing now treats string false/no/0/off/null as false. - Critical keyword matching is negation-aware for `not urgent`, `not critical`, `no urgency`, and `can wait`. - Life digest and morning briefing shadow-gate instructions now fail open: if advisory gate logging fails/times out, log the error and still send the scheduled digest/briefing. - Plan updated with MC-5020 audit-hardening gate and next recommendation. Validation from isolated worktree: - `python3 -m py_compile notify.py scripts/notify.py send_ledger.py attention_gate.py scheduler.py` - `PYTHONDONTWRITEBYTECODE=1 python3 -m pytest -q -p no:cacheprovider tests/test_attention_gate.py tests/test_send_ledger.py tests/test_notify_dm_governance.py tests/test_mc4710_notify_dm_guard.py` - Result: 68 passed. - `git diff --check` passed. Operational note: - The first recovery Kanban card failed because forced skill `dev-loop` was unknown to codexbuilder. - The second Kanban worker entered a bad state after a malformed Kanban DB heartbeat; Luci completed the recovery by hand in the isolated worktree and verified independently. - Separate follow-up is needed for mc-internal Kanban DB integrity; this does not affect the landed code on origin/master.

Controller decision

luci-board-manager 22h ago

[visibility-only board-manager] Repaired MC-5020 internal worker isolation: reclaimed unsafe t_05eb9565 spawn whose process cwd was the top-level workspace, retargeted the same card to the explicit isolated worktree, redispatched, and verified run_id=337 pid=2941084 cwd=/home/lucienne/workspace/_mc_internal_worktrees/MC-5020-attention-audit-fixes-2. Superseded crash card t_6dd18177 was closed as consumed/no-output. Processed the stale Ticket-created queue row. No MC runtime/pickup/send/harvest endpoint was used.

Live ▼

No activity yet

←