@yemi33/minions 0.1.1617 → 0.1.1619

package/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 0.1.1619 (2026-04-29)
+
+### Features
+- surface partial PR escalation state (#1856)
+
 ## 0.1.1617 (2026-04-29)
 
 ### Fixes

package/dashboard/js/render-prs.js

@@ -10,8 +10,10 @@ function prRow(pr) {
   // If PR is merged/abandoned, treat 'waiting' review as resolved
   const effectiveReviewStatus = (pr.status === 'merged' || pr.status === 'abandoned') && pr.reviewStatus === 'waiting' ? (pr.status === 'merged' ? 'approved' : 'pending') : pr.reviewStatus;
   const reviewSource = sq.status || effectiveReviewStatus || 'pending';
-  const reviewClass = reviewSource === 'approved' ? 'approved' : (reviewSource === 'changes-requested' || reviewSource === 'rejected') ? 'rejected' : reviewSource === 'waiting' ? 'building' : 'draft';
-  const reviewLabel = sq.status === 'waiting' ? 'reviewing (minions)' : sq.status ? sq.status + ' (minions)' : (effectiveReviewStatus || 'pending');
+  const reviewEscalated = !!pr._evalEscalated;
+  const reviewClass = reviewEscalated ? 'review-escalated' : reviewSource === 'approved' ? 'approved' : (reviewSource === 'changes-requested' || reviewSource === 'rejected') ? 'rejected' : reviewSource === 'waiting' ? 'building' : 'draft';
+  const reviewLabel = reviewEscalated ? 'review loop escalated (build/conflict may still run)' : sq.status === 'waiting' ? 'reviewing (minions)' : sq.status ? sq.status + ' (minions)' : (effectiveReviewStatus || 'pending');
+  const reviewTitle = reviewEscalated ? 'Review/re-review and review-fix automation stopped after evalMaxIterations; build-fix and conflict-fix automation may still run.' : '';
   const buildClass = pr.buildFixEscalated ? 'build-escalated' : pr._buildStatusStale ? 'build-stale' : pr.buildStatus === 'passing' ? 'build-pass' : pr.buildStatus === 'failing' ? 'build-fail' : pr.buildStatus === 'running' ? 'building' : 'no-build';
   const buildLabel = pr.buildFixEscalated ? 'escalated (' + (pr.buildFixAttempts || '?') + ' fixes)' : (pr.buildStatus || 'none') + (pr._buildStatusStale ? ' (stale)' : '');
   const statusClass = pr.status === 'merged' ? 'merged' : pr.status === 'abandoned' ? 'rejected' : pr.status === 'active' ? 'active' : 'draft';
@@ -23,7 +25,7 @@ function prRow(pr) {
     '<td><a class="pr-title" href="' + escapeHtml(safeUrl(url)) + '" target="_blank" rel="noopener">' + escapeHtml(pr.title || 'Untitled') + '</a>' + (pr.description ? '<div class="pr-desc">' + escapeHtml(pr.description.length > 120 ? pr.description.slice(0, 120) + '...' : pr.description) + '</div>' : '') + '</td>' +
     '<td><span class="pr-agent">' + escapeHtml(pr.agent || '—') + '</span></td>' +
     '<td><span class="pr-branch">' + escapeHtml(pr.branch || '—') + '</span></td>' +
-    '<td><span class="pr-badge ' + reviewClass + '">' + escapeHtml(reviewLabel) + '</span></td>' +
+    '<td><span class="pr-badge ' + reviewClass + '"' + (reviewTitle ? ' title="' + escapeHtml(reviewTitle) + '"' : '') + '>' + escapeHtml(reviewLabel) + '</span></td>' +
     '<td>' + (sq.reviewer && sq.status !== 'waiting' ? '<span class="pr-agent" title="' + escapeHtml(sq.note || '') + '">' + escapeHtml(sq.reviewer) + '</span>' : sq.reviewer && sq.status === 'waiting' ? '<span class="pr-agent" style="color:var(--muted)" title="Vote pending confirmation">' + escapeHtml(sq.reviewer) + '…</span>' : pr.reviewedBy && pr.reviewedBy.length ? '<span class="pr-agent">' + escapeHtml(pr.reviewedBy.join(', ')) + '</span>' : '<span style="color:var(--muted);font-size:11px">—</span>') + '</td>' +
     '<td><span class="pr-badge ' + buildClass + '">' + escapeHtml(buildLabel) + '</span></td>' +
     '<td><span class="pr-badge ' + statusClass + '">' + escapeHtml(statusLabel) + '</span></td>' +

package/dashboard/styles.css

@@ -268,6 +268,7 @@
   .pr-badge.approved { background: rgba(63,185,80,0.15); color: var(--green); border: 1px solid var(--green); }
   .pr-badge.rejected { background: rgba(248,81,73,0.15); color: var(--red); border: 1px solid var(--red); }
   .pr-badge.needs-review { background: rgba(227,179,65,0.15); color: var(--orange); border: 1px solid var(--orange); }
+  .pr-badge.review-escalated { background: rgba(227,179,65,0.22); color: var(--orange); border: 1px dashed var(--orange); font-weight: 700; }
   .pr-badge.merged { background: rgba(188,140,255,0.15); color: var(--purple); border: 1px solid var(--purple); }
   .pr-badge.building { background: rgba(210,153,34,0.15); color: var(--yellow); border: 1px solid var(--yellow); animation: pulse 1.5s infinite; }
   .pr-badge.build-pass { background: rgba(63,185,80,0.15); color: var(--green); border: 1px solid var(--green); }

package/dashboard.js

@@ -667,7 +667,7 @@ function ccSessionValid() {
 const CC_STATIC_SYSTEM_PROMPT = (() => {
   try {
     const raw = fs.readFileSync(path.join(MINIONS_DIR, 'prompts', 'cc-system.md'), 'utf8');
-    return raw.replace(/\{\{minions_dir\}\}/g, MINIONS_DIR);
+    return shared.renderCcSystemPrompt(raw, { liveRoot: MINIONS_DIR });
   } catch (e) {
     console.error('Failed to load prompts/cc-system.md:', e.message);
     return 'You are the Command Center AI for Minions. Delegate work to agents.';

package/docs/auto-discovery.md

@@ -32,9 +32,13 @@ Before scanning, the engine materializes plans and specs into project work items
 |----------|--------|---------------|
 | Minions review pending/waiting | Queue a code review | `review` |
 | Minions review `changes-requested` | Route back to author for fixes | `fix` |
+| Human feedback pending | Route back to author for fixes | `fix` |
 | `buildStatus: "failing"` | Route to any agent for build fix | `fix` |
+| `_mergeConflict: true` | Route to author for conflict resolution | `fix` |
 Skips PRs where `status !== "active"`.
 
+PR fix triggers are evaluated in this source order inside `discoverFromPrs()`: review feedback first (`engine.js:2166-2180`), human feedback second (`engine.js:2191-2226`), build failure third (`engine.js:2229-2271`), and merge conflict fourth (`engine.js:2299-2317`). Conflict fixes are additionally gated by `!fixDispatched` (`engine.js:2301`), so any earlier successful fix dispatch in the same PR discovery pass suppresses the conflict fix until a later pass.
+
 ### Source 2: PRD Gap Analysis (via `materializePlansAsWorkItems`)
 
 PRD items flow through `materializePlansAsWorkItems()`, which scans `~/.minions/prd/*.json` for PRD files with `missing` / `updated` / `planned` items and creates work items in the target project's queue.
@@ -413,4 +417,3 @@ All discovery behavior is controlled via `config.json`:
 ```
 
 To disable a work source for a project, set `"enabled": false`. To change where the engine looks for PRD or PR files, change the `path` field (resolved relative to `localPath`).
-

package/docs/pr-review-fix-loop.md

@@ -21,14 +21,24 @@ How the engine manages the lifecycle of a PR from creation through review, fix,
 - Stores `minionsReview: { reviewer, reviewedAt, note }`
 - Creates feedback file for author agent
 
-## 4. Fix dispatch (3 independent triggers, at most one per tick)
+## 4. Fix dispatch trigger order
+
+`discoverFromPrs()` evaluates PR auto-fix triggers in a fixed order during each discovery pass:
+
+1. Review feedback (`changes-requested`) — `engine.js:2166-2180`
+2. Human feedback (`humanFeedback.pendingFix` or coalesced feedback) — `engine.js:2191-2226`
+3. Build failure (`buildStatus === 'failing'`) — `engine.js:2229-2271`
+4. Merge conflict (`_mergeConflict`) — `engine.js:2299-2317`
+
+When multiple problems coexist, earlier triggers get the first chance to enqueue work. The local `fixDispatched` flag is declared before the fix triggers (`engine.js:2168`) and set after review-feedback, human-feedback, and build-failure dispatches (`engine.js:2180`, `engine.js:2226`, `engine.js:2271`). Conflict fixes run last and explicitly require `!fixDispatched` (`engine.js:2301`), so any earlier successful fix dispatch suppresses the conflict fix for that PR in the same discovery pass. Build fixes are evaluated after review and human feedback, but the build-fix condition itself is not gated by `!fixDispatched` (`engine.js:2238`).
 
 ### A. Review feedback (`changes-requested`)
 
-- Gate: `reviewStatus === 'changes-requested'` + `!awaitingReReview` + not dispatched + not on cooldown
+- Gate: `reviewStatus === 'changes-requested'` + `!awaitingReReview` + `!evalEscalated` + not dispatched + not on cooldown
 - Routes to PR author via `_author_` routing token
 - `review_note` = reviewer's feedback
-- Sets `fixDispatched = true` — prevents trigger B from also firing this tick
+- Sets `fixDispatched = true` — prevents human-feedback and conflict fixes from also firing this pass
+- **Review-loop escalation**: after `evalMaxIterations` review→fix cycles (default 3), `_evalEscalated` is set on the PR and *only this trigger plus review/re-review* stop. Triggers B (human comments), C (build failures), and the merge-conflict fix path keep running. The dashboard PR row distinguishes the two states with separate badges (review badge `review-escalated` vs. build badge `build-escalated`).
 
 ### B. Human comments (`humanFeedback.pendingFix`)
 
@@ -36,13 +46,22 @@ How the engine manages the lifecycle of a PR from creation through review, fix,
 - Agent comments filtered out via `/\bMinions\s*\(/i` regex on comment body
 - Coalesces multiple comments arriving during cooldown into single fix
 - Routes to author
+- Not gated by `_evalEscalated` — humans can always force more fixes via PR comments even after the review loop escalates.
 
 ### C. Build failures (`buildStatus === 'failing'`)
 
 - Gate: `buildFixAttempts < maxBuildFixAttempts` (default 3) + grace period expired
 - **Grace period** (`_buildFixPushedAt`): after fix dispatches, waits `buildFixGracePeriod` (default 10min, configurable in `ENGINE_DEFAULTS`) for CI to run before re-dispatching. Cleared when poller detects build status transition (CI actually ran).
 - **Error logs**: GitHub fetches annotations (failures only, not warnings) + Actions job log (always). ADO queries builds API directly (not status checks), fetches build timeline → failed task logs (up to 10 per build, up to 10 failing pipelines).
-- **Escalation**: after 3 failed attempts, writes inbox alert, sets `buildFixEscalated = true`, stops auto-dispatch. Counter resets when build recovers.
+- **Build-fix escalation**: after 3 failed attempts, writes an inbox alert, sets `buildFixEscalated = true`, and stops *only this trigger* (auto-dispatch for build fixes). The counter resets when the build recovers. Independent of `_evalEscalated`.
+- Not gated by `_evalEscalated` — build-fix is mechanical and runs even if the review loop has escalated.
+- Sets `fixDispatched = true` after dispatch so the later conflict trigger is suppressed in the same pass.
+
+### D. Merge conflicts (`_mergeConflict`)
+
+- Gate: `autoFixConflicts` + `status === 'active'` + `_mergeConflict` + `!fixDispatched`
+- Routes to the PR author to resolve target-branch conflicts
+- Runs after review, human, and build triggers; if any earlier trigger enqueued a fix for this PR, the conflict fix waits for a later discovery pass
 
 ## 5. Fix completes
 
@@ -71,7 +90,7 @@ How the engine manages the lifecycle of a PR from creation through review, fix,
 | Scenario | Guard |
 |---|---|
 | Simultaneous review + fix | `activePrIds` — skip PR if any dispatch in-flight |
-| Duplicate fix (review + human) | `fixDispatched` flag — only one fix per PR per tick |
+| Duplicate fix (review + human + conflict) | `fixDispatched` flag — later human/conflict triggers skip after earlier fix dispatches in the same PR pass |
 | Branch write conflict | `isBranchActive()` mutex |
 | Fix while awaiting re-review | `awaitingReReview` (waiting + fixedAt) |
 | Build fix before CI runs | `_buildFixPushedAt` grace period (10min) |
@@ -100,8 +119,10 @@ How the engine manages the lifecycle of a PR from creation through review, fix,
 | `reviewStatus` | Poller + post-completion | `pending` / `approved` / `changes-requested` / `waiting` |
 | `buildStatus` | Poller | `none` / `passing` / `failing` / `running` |
 | `buildErrorLog` | Poller | Actual CI error output for fix agents |
-| `buildFixAttempts` | Discovery (on dispatch) | Counter for escalation cap |
-| `buildFixEscalated` | Discovery (on cap) | Stops auto-dispatch |
+| `buildFixAttempts` | Discovery (on dispatch) | Counter for build-fix escalation cap |
+| `buildFixEscalated` | Discovery (on cap) | Stops *build-fix* auto-dispatch only (review/re-review and other fix triggers continue) |
+| `_reviewFixCycles` | Discovery (on dispatch) | Counter for review→fix cycle cap (`evalMaxIterations`) |
+| `_evalEscalated` | Discovery (on cap) | Stops *review/re-review and review-feedback fix* auto-dispatch only (build-fix, conflict-fix, and human-feedback fix continue). Cleared when reviewer eventually approves the PR. |
 | `_buildFixPushedAt` | Discovery (on dispatch) | Grace period timestamp |
 | `_buildFailNotified` | Discovery | Dedup for inbox alert |
 | `lastPushedAt` | Poller (new commit) | Tracks latest push for re-review logic |

package/engine/copilot-models.json

@@ -1,5 +1,5 @@
 {
   "runtime": "copilot",
   "models": null,
-  "cachedAt": "2026-04-29T01:10:14.567Z"
+  "cachedAt": "2026-04-29T01:13:06.848Z"
 }

package/engine/lifecycle.js

@@ -2113,7 +2113,27 @@ function classifyFailure(code, stdout = '', stderr = '') {
   }
 
   // Permission / trust / auth failures
-  if (/permission denied|access denied|unauthorized|403 forbidden|trust.*blocked|auth.*fail/i.test(combined)) {
+  //
+  // History (W-moja4a5qp9pj): the previous patterns `trust.*blocked` and
+  // `auth.*fail` used unbounded greedy `.*`. JSONL agent init events that
+  // emit the entire skill / slash-command catalogue on a single line
+  // happen to contain words like `check-self-authored-...` and
+  // `diagnose-build-fail-...`, which made the greedy regex match across
+  // thousands of unrelated characters and silently flag healthy agents
+  // as PERMISSION_BLOCKED on any non-zero exit. Use anchored phrases that
+  // only match real auth/trust failure messages.
+  const _PERM_PHRASES = [
+    /\bpermission denied\b/i,
+    /\baccess denied\b/i,
+    /\bunauthorized\b/i,
+    /\b403 forbidden\b/i,
+    /\bauthentication (?:failed|error|failure)\b/i,
+    /\bauth(?:entication)? (?:fail(?:ed|ure|s)?|denied|rejected)\b/i,
+    /\btrust (?:gate|domain|zone|policy)? ?(?:is |was |has been )?(?:blocked|denied|rejected)\b/i,
+    /\bcredentials? (?:rejected|invalid|expired)\b/i,
+    /\btoken (?:rejected|invalid|expired|revoked)\b/i,
+  ];
+  if (_PERM_PHRASES.some(re => re.test(combined))) {
     return FAILURE_CLASS.PERMISSION_BLOCKED;
   }
 

package/engine/shared.js

@@ -1272,6 +1272,122 @@ function getAdoOrgBase(project) {
 
 // ── Path Sanitization ───────────────────────────────────────────────────────
 
+/**
+ * Files in the LIVE Minions checkout (MINIONS_DIR) that the Command Center
+ * must never edit directly. Three flavours:
+ *
+ *   - "basenames": exact relative paths under the live root (engine.js, dashboard.js,
+ *     minions.js, config.json — and the runtime state files engine/control.json
+ *     and engine/dispatch.json).
+ *   - "globs":     direct-child JS files under protected live directories
+ *     (engine/*.js, bin/*.js).
+ *   - "prefixes":  relative directory prefixes whose entire subtree is read-only
+ *     when it lives in the live root (dashboard/**).
+ *
+ * The list is intentionally small and explicit. It mirrors the textual rule in
+ * `prompts/cc-system.md`. Source of truth lives here; the system prompt renders
+ * `{{cc_protected_paths}}` from this list at startup so the two cannot drift.
+ *
+ * The guard is ROOT-AWARE: a path only counts as protected when its absolute
+ * resolution sits inside MINIONS_DIR. The same basename inside an isolated
+ * task worktree (e.g. `D:/worktrees/minions-work/W-xxx/dashboard.js`) is NOT
+ * protected — agents working in those copies are free to edit them, since
+ * git keeps changes inside the worktree until the agent pushes a branch.
+ */
+const _CC_PROTECTED_BASENAMES = Object.freeze([
+  'engine.js',
+  'dashboard.js',
+  'minions.js',
+  'config.json',
+  'engine/control.json',
+  'engine/dispatch.json',
+]);
+const _CC_PROTECTED_FILE_GLOBS = Object.freeze([
+  'engine/*.js',
+  'bin/*.js',
+]);
+const _CC_PROTECTED_PREFIXES = Object.freeze([
+  'dashboard/',
+]);
+
+/**
+ * Returns the literal text used by the CC system prompt for the protected-file
+ * rule. Combines the basenames + prefixes above into a single sentence so the
+ * authored rule and the helper that enforces it can never disagree.
+ *
+ * The result is anchored to a specific live root so the LLM can't conflate
+ * "edits to dashboard.js" with "edits to a worktree copy of dashboard.js".
+ */
+function describeCcProtectedPaths(liveRoot) {
+  const root = (liveRoot && typeof liveRoot === 'string') ? liveRoot : MINIONS_DIR;
+  const norm = root.replace(/\\/g, '/');
+  const basenames = _CC_PROTECTED_BASENAMES.map(b => '`' + b + '`').join(', ');
+  const globs = _CC_PROTECTED_FILE_GLOBS.map(g => '`' + g + '`').join(', ');
+  const prefixes = _CC_PROTECTED_PREFIXES.map(p => '`' + p + '**`').join(', ');
+  return `READ ONLY in the live checkout at \`${norm}\` — never write/edit: ${basenames}, ${globs}, ${prefixes}. This rule is path-scoped, not basename-scoped. Files with the same basename inside an isolated agent worktree (e.g. \`{worktreeRoot}/W-<id>/dashboard.js\`) are NOT protected — agents working in their own worktrees may edit any repository source the work item requires.`;
+}
+
+function renderCcSystemPrompt(raw, opts) {
+  const liveRoot = (opts && typeof opts.liveRoot === 'string') ? opts.liveRoot : MINIONS_DIR;
+  return String(raw || '')
+    .replace(/\{\{minions_dir\}\}/g, liveRoot)
+    .replace(/\{\{cc_protected_paths\}\}/g, describeCcProtectedPaths(liveRoot));
+}
+
+/**
+ * Is this absolute path a CC-protected file in the LIVE Minions checkout?
+ *
+ * Returns true ONLY if all three hold:
+ *   1. `absPath` resolves to something inside `liveRoot` (default: MINIONS_DIR).
+ *   2. Its relative path matches a protected basename (e.g. `dashboard.js`)
+ *      OR matches a protected direct-child glob (`engine/*.js`, `bin/*.js`)
+ *      OR sits under a protected directory prefix (`dashboard/`).
+ *   3. The input is a real string (no nullish, no non-string values).
+ *
+ * Returns false for:
+ *   - Paths outside `liveRoot` (worktrees, sibling repos, scratch dirs, etc.)
+ *   - Non-protected files inside `liveRoot` (notes.md, knowledge/foo.md, …)
+ *   - Invalid inputs (null/undefined/empty/non-string)
+ *
+ * Why this exists: PR W-moja4a5qp9pj. The CC system prompt previously named
+ * protected files by basename only ("never write/edit dashboard.js"). Agents
+ * dispatched into isolated worktrees inherited the same prose verbatim and
+ * occasionally interpreted it as banning their own worktree copy of those
+ * files, blocking otherwise legitimate fixes. The guard now distinguishes
+ * "same path, live tree" from "same basename, worktree copy".
+ */
+function isLiveCommandCenterPath(absPath, opts) {
+  if (typeof absPath !== 'string' || absPath.length === 0) return false;
+  if (absPath.includes('\0')) return false;
+  const liveRoot = (opts && typeof opts.liveRoot === 'string') ? opts.liveRoot : MINIONS_DIR;
+  const pathApi = /^[a-zA-Z]:[\\/]/.test(absPath) || /^[a-zA-Z]:[\\/]/.test(liveRoot) ? path.win32 : path;
+  let resolved;
+  let resolvedRoot;
+  try {
+    resolved = pathApi.resolve(absPath);
+    resolvedRoot = pathApi.resolve(liveRoot);
+  } catch { return false; }
+  // Must be inside liveRoot. Compare with trailing separator to avoid the
+  // sibling-prefix bug ("D:/squad-old" startsWith "D:/squad").
+  const rootWithSep = resolvedRoot.endsWith(pathApi.sep) ? resolvedRoot : (resolvedRoot + pathApi.sep);
+  const caseInsensitive = pathApi === path.win32 || process.platform === 'win32';
+  const cmpResolved = caseInsensitive ? resolved.toLowerCase() : resolved;
+  const cmpResolvedRoot = caseInsensitive ? resolvedRoot.toLowerCase() : resolvedRoot;
+  const cmpRootWithSep = caseInsensitive ? rootWithSep.toLowerCase() : rootWithSep;
+  if (cmpResolved !== cmpResolvedRoot && !cmpResolved.startsWith(cmpRootWithSep)) return false;
+  // Compute the path relative to the live root and normalize separators so
+  // the basename / prefix checks are platform-independent.
+  const rel = pathApi.relative(resolvedRoot, resolved).replace(/\\/g, '/');
+  if (rel === '' || rel === '.') return false; // root itself is not a "file"
+  const relForMatch = rel.toLowerCase();
+  if (_CC_PROTECTED_BASENAMES.includes(relForMatch)) return true;
+  if (/^(?:engine|bin)\/[^/]+\.js$/.test(relForMatch)) return true;
+  for (const prefix of _CC_PROTECTED_PREFIXES) {
+    if (relForMatch === prefix.slice(0, -1) /* exact dir */ || relForMatch.startsWith(prefix)) return true;
+  }
+  return false;
+}
+
 /**
  * Validate that a user-supplied filename stays within the given base directory.
  * Rejects path traversal (../, encoded variants), null bytes, and absolute paths.
@@ -2099,6 +2215,12 @@ module.exports = {
   getAdoOrgBase,
   sanitizePath,
   sanitizeBranch,
+  isLiveCommandCenterPath,
+  describeCcProtectedPaths,
+  renderCcSystemPrompt,
+  _CC_PROTECTED_BASENAMES, // exported for testing
+  _CC_PROTECTED_FILE_GLOBS, // exported for testing
+  _CC_PROTECTED_PREFIXES,  // exported for testing
   isAllowedOrigin,
   buildSecurityHeaders,
   hasDangerousKey,

package/engine.js

@@ -2049,7 +2049,8 @@ async function discoverFromPrs(config, project) {
   for (const pr of prs) {
     if (pr.status !== PR_STATUS.ACTIVE || pr._contextOnly) continue;
     const prDisplayId = shared.getPrDisplayId(pr);
-    if (activePrIds.has(pr.id)) continue; // Skip PRs with active dispatch (prevent race)
+    const prCanonicalId = shared.getCanonicalPrId(project, pr, pr.url || '');
+    if (activePrIds.has(prCanonicalId)) continue; // Skip PRs with active dispatch (prevent race)
     // Branch mutex: skip if PR branch is locked by any active dispatch (cross-type collision)
     if (pr.branch && isBranchActive(pr.branch)) {
       log('info', `Branch mutex: skipping PR ${pr.id} dispatch — branch ${pr.branch} locked by another agent`);
@@ -2080,7 +2081,7 @@ async function discoverFromPrs(config, project) {
           if (target) target._evalEscalated = true;
         });
       } catch (e) { log('warn', 'mark eval escalated: ' + e.message); }
-      log('warn', `PR ${pr.id}: review→fix escalated after ${evalCycles} cycles — suspending auto-dispatch`);
+      log('warn', `PR ${pr.id}: review→fix escalated after ${evalCycles} cycles — suspending review/re-review and review-fix dispatch; build/conflict fixes may continue`);
     }
 
     // PRs needing review: evalLoop gates the entire review+fix cycle; pollEnabled ensures reviewStatus is fresh

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1617",
+  "version": "0.1.1619",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"

package/prompts/cc-system.md

@@ -17,7 +17,7 @@ Codex will review your changes — make sure your implementation is thorough and
 - Leave no stone unturned when implementing or explaining. Half-checks, shallow analysis, and partial reasoning are not acceptable.
 
 ## Guardrails
-READ ONLY — never write/edit: `engine.js`, `engine/*.js`, `dashboard.js`, `dashboard/**`, `minions.js`, `bin/*.js`, `engine/control.json`, `engine/dispatch.json`, `config.json`.
+{{cc_protected_paths}}
 CAN modify: notes, plans, knowledge, work items, pull-requests.json, routing.md, charters, skills, playbooks, project repos.
 
 ## Filesystem