mc.js Force Approval Queue (MC #100818)
mc.js Force Approval Queue (MC #100818)
MC: #100818 (Reality Anchor P1.1 — Remove --force bypass)
Parent: Reality Anchor Doctrine Phase 1
Owner: CodeCraft / Petter Graff
Date Shipped: 2026-05-15
Code: ~/system/tools/mc.js lines 2293-2412, 6837-6997
Problem Statement
The old mc.js done --force allowed agents to bypass evidence gates immediately with only a rate limit and audit log. This was a structural bypass that undermined the entire Reality Anchor doctrine. Any agent could self-authorize gate skips.
Reality Anchor Doctrine (P1.1): "Remove --force flag OR add 24h CEO approval queue."
The implemented solution: --force flag still exists but NO LONGER executes immediately. Instead, it enqueues the request for CEO approval with 24h TTL.
New Workflow
- Agent attempts
mc.js done <id> --force --reason "..."- Minimum reason length: 20 characters (enforced for audit quality)
- Example:
mc.js done 100818 --force --reason "Proveo verified manually, evidence at /tmp/evidence-100818/login-pass.json"
- mc.js enqueues to
~/system/state/force-pending.jsonl- Generates
queue_id(UUID) - Records: task_id, task_title, actor, force_reason, requested_at, expires_at (24h), status=pending_ceo_approval
- Exits with code 45 (not executed)
- Generates
- CEO email alert sent
- Subject:
[FORCE-QUEUE] MC #<id> — approval required (<queue_id_short>) - Body includes: task title, actor, reason, queue_id, approval/deny commands
- Subject:
- CEO reviews queue
node ~/system/tools/mc.js force-pending— list all pending requests- CEO decides: approve or deny
- CEO approves OR denies
- Approve:
mc.js force-approve <queue_id>→ updates status toceo_approved, logs to audit ledger, instructs actor to re-run WITHOUT --force - Deny:
mc.js force-deny <queue_id> --reason "..."→ updates status toceo_denied
- Approve:
- Auto-expiry after 24h
- Requests not approved/denied within 24h are listed as expired (effective denial)
Commands
List Pending Requests
node ~/system/tools/mc.js force-pending
Output:
=== FORCE-PENDING QUEUE (P1.1 Reality Anchor) ===
Pending CEO approval: 2 | Expired: 0 | Processed: 3
Queue ID: a5fc1ca8-e62f-449b-9ce7-d8949f3fc639
Task: #100818 — Reality Anchor P1.1 force removal
Actor: codecraft
Reason: Proveo verified manually, evidence at /tmp/evidence-100818/login-pass.json
Expires: 2026-05-16T14:30:00Z (in 320 min)
Approve: node ~/system/tools/mc.js force-approve a5fc1ca8-e62f-449b-9ce7-d8949f3fc639
Deny: node ~/system/tools/mc.js force-deny a5fc1ca8-e62f-449b-9ce7-d8949f3fc639 --reason "<text>"
Approve a Request
node ~/system/tools/mc.js force-approve <queue_id>
Example:
node ~/system/tools/mc.js force-approve a5fc1ca8-e62f-449b-9ce7-d8949f3fc639
Output:
CEO APPROVED: force request a5fc1ca8-e62f-449b-9ce7-d8949f3fc639
Task: #100818 — Reality Anchor P1.1 force removal
Actor: codecraft
Reason: Proveo verified manually, evidence at /tmp/evidence-100818/login-pass.json
The actor may now re-run their mc.js done command WITHOUT --force.
The approval is recorded. Task completion will proceed through normal gates.
Note: CEO approval does NOT bypass evidence/verifier gates.
It only removes the --force block. All other gates (P1.3, P2.2) still apply.
Deny a Request
node ~/system/tools/mc.js force-deny <queue_id> --reason "<text>"
Example:
node ~/system/tools/mc.js force-deny a5fc1ca8-e62f-449b-9ce7-d8949f3fc639 --reason "Evidence incomplete — missing commit verification"
Test Queue Entry
A test queue entry exists for validation:
{
"queue_id": "a5fc1ca8-e62f-449b-9ce7-d8949f3fc639",
"task_id": 100818,
"task_title": "Reality Anchor P1.1 — remove --force bypass",
"actor": "codecraft",
"force_reason": "Proveo verified manually, evidence at /tmp/evidence-100818/login-pass.json",
"outcome_requested": "P1.1 gates operational",
"requested_at": "2026-05-15T14:30:00Z",
"expires_at": "2026-05-16T14:30:00Z",
"status": "pending_ceo_approval",
"approved_at": null,
"approved_by": null,
"node_argv": "done 100818 --force --reason \"Proveo verified manually, evidence at /tmp/evidence-100818/login-pass.json\""
}
Audit Trail
All force attempts and CEO decisions are logged to:
~/system/state/force-pending.jsonl— queue state (pending/approved/denied/expired)~/system/state/bypass-attempts.jsonl— bypass audit ledger (legacy compatibility)
Each entry includes:
- event_type:
force_completion - timestamp, mc_id, actor, reason, gate_bypassed, session_id
- For approvals/denials:
approved_at,approved_by,denied_at,deny_reason
Key Invariants
- No immediate execution:
--forceNEVER completes the task immediately. It always enqueues. - CEO-only approval: Only CEO can approve (hardcoded in force-approve command).
- 24h TTL: Requests expire automatically. Actor must re-request if needed.
- --reason required: Minimum 20 characters to ensure audit quality.
- Approval ≠ bypass: CEO approval only removes the --force block. All other gates (P1.3 verifier, P2.2 writer≠witness) still apply.
Exit Codes
| Code | Meaning |
|---|---|
| 42 | BLOCKED: --reason missing or <20 characters |
| 45 | Queued for CEO approval (not executed) |
| 0 | Success (for force-approve / force-deny commands) |
| 1 | Error (queue_id not found, already processed, expired) |
Related
- Parent MC: #100818 (Reality Anchor P1.1)
- Doctrine: Reality Anchor v1 Final
- Code:
~/system/tools/mc.jslines 2293-2412 (enqueue), 6837-6997 (queue commands) - Proveo Test: MC #100818 validation includes synthetic force-approve attack (must reject if already processed)