Agent Architecture Review, Snapshot di validazione

Design for delegation rather than direct manipulation

Delegation is represented explicitly: the handler accepts `params.task: {ttl}`, mints a `run_id`/`task_id` at start, returns `CreateTaskResult` immediately, and performs validation in background through `experimental.run_task`. The REST `cancel_task_on_validation_run` endpoint and `can_cancel` projection give the user a termination control instead of forcing them to wait on a blocking call.

Ensure that background work remains perceptible

The previous ephemeral lifecycle is replaced with durable, perceptible primitives: `UserValidationRun.task_id` is a top-level recovery handle, `task_state` stores lifecycle JSON, `project_task_state()` projects it into dashboard-facing status, and `me.validation_history(run_id)` is described as the recovery path. The UI also renders `task_status` across history, projects, dashboard recent activity, and detail surfaces.

Align feedback with the user’s level of attention

Feedback is proportionate: the primary UI consumes the compact `TaskStateProjection` with `task_status`, `status_message`, `terminal_reason`, and `can_cancel`, while routine background work is shown through badges/pills rather than full protocol internals. Terminal and exceptional states such as `failed`, `cancelled`, `task_state_parse_error`, and no-result cards escalate only when user attention is needed.

Apply progressive disclosure to system agency

The code applies progressive disclosure by separating the raw task protocol state from the dashboard surface. `project_task_state()` strips `schema_version`, `idempotency_key`, `progress_token`, and `ttl_ms`; normal views show user-level lifecycle state, while deeper recovery/inspection happens through `me.validation_history(run_id)` and task result retrieval.

Replace implied magic with clear mental models

The workflow replaces implied magic with named states and documented limits: `_PROJECTION_STATUS_MAP` maps protocol states like `working` and `input_required` into `active` and `awaiting_action`; cancelled/failed-without-assessment runs get explicit no-result handling; and the asymmetry that only `architect.validate` is task-augmented while `validate_consensus` and `certify` remain sync-only is disclosed on rendered surfaces.

Expose meaningful operational state, not internal complexity

The user-facing state is meaningful rather than internal. `TaskStateProjection` exposes `task_status`, `status_message`, timestamps, `terminal_reason`, and `can_cancel`, while intentionally hiding protocol fields such as `idempotency_key`, `progress_token`, and `ttl_ms`. Frontend reads consume the projection only, avoiding client-side parsing of raw `task_state`.

Make hand-offs, approvals, and blockers explicit

Hand-offs and blockers are explicit. Idempotency dedupe returns an existing `CreateTaskResult` and annotates `_meta.dedupe_hit` plus `_meta.dedupe_link` rather than silently swallowing duplicate work. The task worker raises on structured error envelopes so the SDK can mark the task failed instead of completed, and cancellation returns clear 400/404/409 cases in `cancel_task_on_validation_run`.

Represent delegated work as a system, not merely as a conversation

Delegated validation work is represented as a system: `PgValidationTaskStore` backs tasks with database rows, `task_id` is unique-indexed, `task_state` persists lifecycle, tasks are queryable/listable/cancellable through task methods, and dashboard surfaces render lifecycle status independently of conversation text. This is a durable task model rather than an unstructured transcript.

Optimise for steering, not only initiating

The code supports mid-run steering through cancellation. `cancel_task_on_validation_run()` exposes a user-facing cancel endpoint; `PgValidationTaskStore.update_task(..., status='cancelled')` writes terminal state and sets `row.cancel_requested = True`; terminal-to-nonterminal transitions are rejected with `is_terminal()`, and the UI uses `can_cancel` to show the control only while actionable. The documentation also honestly frames that in-flight provider calls may not be abortable, avoiding a false mental model of magical cancellation.