@yemi33/minions 0.1.1687 → 0.1.1689

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## 0.1.1689 (2026-05-03)
+
+### Features
+- prefer az cli for ado tokens (#1996)
+
+## 0.1.1688 (2026-05-02)
+
+### Fixes
+-  bug sweep — PRD races, hardcoded retries, capability-flag drift
+
 ## 0.1.1687 (2026-05-02)
 
 ### Other

package/dashboard/js/render-skills.js

@@ -69,12 +69,14 @@ function renderSkills(skills) {
   }
   html += '</div>';
 
-  // Note clarifying skill visibility — agents read these on demand, runtime
-  // assets (~/.claude/skills, ~/.copilot/skills) are not auto-injected for
-  // the OTHER runtime. A Copilot agent only sees Copilot-native + plugin skills.
+  // Note clarifying skill visibility — agents read these on demand. Runtime-
+  // native locations (~/.claude/skills, ~/.copilot/skills, plugin skills) are
+  // only visible to that runtime. The "agent" tab (~/.agents/skills) is the
+  // cross-runtime portable bucket and IS visible to every runtime.
   html += '<div style="font-size:9px;color:var(--muted);margin-bottom:8px;line-height:1.4">' +
     'Skills are reference docs agents read on demand — they are not injected wholesale into prompts. ' +
-    'Each tab reflects what the matching runtime would see; cross-runtime skills are NOT visible to a different runtime.' +
+    'Each tab reflects what the matching runtime would see; runtime-native skills are NOT cross-visible. ' +
+    'The agent tab (~/.agents/skills) is the cross-runtime portable bucket — visible to every runtime.' +
     '</div>';
 
   // Filter by tab

package/dashboard.js

@@ -4502,39 +4502,8 @@ What would you like to discuss or change? When you're happy, say "approve" and I
     const source = params.get('source') || '';
     if (!_isValidSkillFileName(file)) { res.statusCode = 400; res.end('Invalid file'); return; }
 
-    let content = '';
     const skillPath = _resolveSkillReadPath({ file, dir, source, config: CONFIG });
-    if (skillPath) content = safeRead(skillPath) || '';
-    // Fallback when caller didn't supply `dir`: try the source's known native
-    // locations. `_resolveSkillReadPath` only matches entries returned by
-    // `collectSkillFiles`, so a skill that already has `dir` will resolve there.
-    if (!content && !dir) {
-      const home = os.homedir();
-      const skillStem = file.replace(/\.md$/, '').replace(/^SKILL$/, '');
-      const candidates = [];
-      if (source === 'claude-code' || !source) {
-        candidates.push(path.join(home, '.claude', 'skills', skillStem, 'SKILL.md'));
-      }
-      if (source === 'copilot') {
-        candidates.push(path.join(home, '.copilot', 'skills', skillStem, 'SKILL.md'));
-      }
-      if (source === 'agent-skill') {
-        candidates.push(path.join(home, '.agents', 'skills', skillStem, 'SKILL.md'));
-      }
-      if (source.startsWith('project:')) {
-        const proj = PROJECTS.find(p => p.name === source.slice('project:'.length));
-        if (proj?.localPath) {
-          for (const sub of ['.claude', '.github', '.agents']) {
-            candidates.push(path.join(proj.localPath, sub, 'skills', file));
-            candidates.push(path.join(proj.localPath, sub, 'skills', skillStem, 'SKILL.md'));
-          }
-        }
-      }
-      for (const c of candidates) {
-        content = safeRead(c) || '';
-        if (content) break;
-      }
-    }
+    const content = skillPath ? (safeRead(skillPath) || '') : '';
     res.setHeader('Content-Type', 'text/plain; charset=utf-8');
     res.setHeader('Access-Control-Allow-Origin', '*');
     res.end(content || 'Skill not found.');

package/docs/auto-discovery.md

@@ -141,7 +141,7 @@ The engine directly polls the host REST API for **all** PR metadata: build/CI st
 | `buildStatus` | PR statuses (codecoverage/deploy/build/ci contexts) | `passing` / `failing` / `running` / `none` |
 | `buildFailReason` | Failed status description | Set on failure, cleared otherwise |
 
-**Auth:** Bearer token via `azureauth ado token --mode iwa --mode broker --output token --timeout 1` (cached 30 minutes). The `--timeout 1` flag is required — without it, azureauth can hang indefinitely in headless sessions. (GitHub polling uses the ambient `gh` CLI credentials, not azureauth.)
+**Auth:** Bearer token via shared `engine/ado-token.js`: prefer `az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query accessToken -o tsv`, then fall back to `azureauth ado token --mode iwa --mode broker --output token --timeout 1` (cached 30 minutes). The `--timeout 1` flag is required — without it, azureauth can hang indefinitely in headless sessions. (GitHub polling uses the ambient `gh` CLI credentials, not azureauth.)
 
 This feeds `discoverFromPrs` — when `buildStatus` flips to `"failing"`, the next discovery tick dispatches a fix agent. When `status` becomes `"merged"`, the PR drops out of active polling.
 

package/engine/ado-mcp-wrapper.js

@@ -1,24 +1,18 @@
 #!/usr/bin/env node
 /**
- * Wrapper for @azure-devops/mcp that fetches an ADO token via azureauth
- * broker (no browser popup) and sets AZURE_DEVOPS_EXT_PAT before launching
- * the MCP server.
+ * Wrapper for @azure-devops/mcp that fetches an ADO token via the shared
+ * az-first provider chain and sets AZURE_DEVOPS_EXT_PAT before launching the
+ * MCP server.
  */
-const { execSync, spawn } = require('child_process');
-const path = require('path');
+const { spawn } = require('child_process');
+const { acquireAdoTokenSync } = require('./ado-token');
 
-// Fetch token via azureauth broker (corp tool, no browser)
 let token;
 try {
-  token = execSync('azureauth ado token --mode broker --output token --timeout 1', {
-    encoding: 'utf8',
-    timeout: 30000,
-    windowsHide: true,
-  }).trim();
+  token = acquireAdoTokenSync().token;
 } catch (e) {
-  // Broker failed — do NOT fall back to web mode (opens browser in automated context)
-  process.stderr.write('ado-mcp-wrapper: Broker auth failed: ' + e.message + '\n');
-  process.stderr.write('ado-mcp-wrapper: Run "azureauth ado token --mode web" manually to refresh\n');
+  process.stderr.write('ado-mcp-wrapper: ADO auth failed: ' + e.message + '\n');
+  process.stderr.write('ado-mcp-wrapper: Run "az login" or refresh azureauth manually, then retry\n');
   process.exit(1);
 }
 
@@ -31,7 +25,7 @@ const child = spawn(process.platform === 'win32' ? 'npx.cmd' : 'npx', [
   ...args
 ], {
   stdio: 'inherit',
-  env: { ...process.env, AZURE_DEVOPS_EXT_PAT: token },
+  env: { ...process.env, AZURE_DEVOPS_EXT_PAT: token, AZURE_DEVOPS_EXT_AZURE_RM_PAT: token },
   windowsHide: true,
   shell: false,
 });

package/engine/ado-status.js

@@ -3,8 +3,8 @@
  * engine/ado-status.js — CLI shim for querying PR and build status.
  *
  * Agents steered to "check on the builds" or "is CI green for PR #123" should
- * use this instead of raw curl + azureauth calls. All ADO auth and retry logic
- * is handled by ado.js internally.
+ * use this instead of raw curl + ad-hoc auth calls. All ADO auth and retry
+ * logic is handled by ado.js internally.
  *
  * Usage:
  *   node engine/ado-status.js <prNumber>

package/engine/ado-token.js

@@ -0,0 +1,104 @@
+/**
+ * Shared Azure DevOps token acquisition.
+ *
+ * Prefer Azure CLI because it is the most common authenticated tool in agent
+ * environments; keep azureauth as the non-interactive fallback for corp setups.
+ */
+
+const { exec, execSync } = require('child_process');
+
+const ADO_RESOURCE_ID = '499b84ac-1321-427f-aa17-267ca6975798';
+const AZ_CLI_ADO_TOKEN_COMMAND = `az account get-access-token --resource ${ADO_RESOURCE_ID} --query accessToken -o tsv`;
+const AZUREAUTH_ADO_TOKEN_COMMAND = 'azureauth ado token --mode iwa --mode broker --output token --timeout 1';
+const DEFAULT_ADO_TOKEN_TIMEOUT_MS = 30000;
+
+const ADO_TOKEN_PROVIDERS = Object.freeze([
+  Object.freeze({ source: 'az', command: AZ_CLI_ADO_TOKEN_COMMAND }),
+  Object.freeze({ source: 'azureauth', command: AZUREAUTH_ADO_TOKEN_COMMAND }),
+]);
+
+function normalizeAdoToken(value) {
+  return String(value || '').trim();
+}
+
+function isLikelyAdoToken(token) {
+  return typeof token === 'string' && token.startsWith('eyJ');
+}
+
+function _commandOptions({ timeout = DEFAULT_ADO_TOKEN_TIMEOUT_MS, encoding = 'utf8', windowsHide = true } = {}) {
+  return { encoding, timeout, windowsHide };
+}
+
+function _attemptMessage(attempt) {
+  return `${attempt.source}: ${attempt.error}`;
+}
+
+function _buildAdoTokenError(attempts) {
+  const err = new Error(`Failed to get ADO token via az CLI or azureauth: ${attempts.map(_attemptMessage).join('; ')}`);
+  err.attempts = attempts;
+  return err;
+}
+
+function _recordInvalidToken(attempts, provider) {
+  attempts.push({ source: provider.source, command: provider.command, error: 'invalid token output' });
+}
+
+function acquireAdoTokenSync({ execSync: run = execSync, timeout, encoding, windowsHide } = {}) {
+  const opts = _commandOptions({ timeout, encoding, windowsHide });
+  const attempts = [];
+  for (const provider of ADO_TOKEN_PROVIDERS) {
+    try {
+      const token = normalizeAdoToken(run(provider.command, opts));
+      if (isLikelyAdoToken(token)) {
+        return { token, source: provider.source, command: provider.command };
+      }
+      _recordInvalidToken(attempts, provider);
+    } catch (e) {
+      attempts.push({ source: provider.source, command: provider.command, error: e.message });
+    }
+  }
+  throw _buildAdoTokenError(attempts);
+}
+
+function _defaultExecAsync(command, opts) {
+  return new Promise((resolve, reject) => {
+    exec(command, opts, (err, stdout, stderr) => {
+      if (err) {
+        err.stdout = stdout;
+        err.stderr = stderr;
+        reject(err);
+        return;
+      }
+      resolve(stdout);
+    });
+  });
+}
+
+async function acquireAdoToken({ execAsync: run = _defaultExecAsync, timeout, encoding, windowsHide } = {}) {
+  const opts = _commandOptions({ timeout, encoding, windowsHide });
+  const attempts = [];
+  for (const provider of ADO_TOKEN_PROVIDERS) {
+    try {
+      const token = normalizeAdoToken(await run(provider.command, opts));
+      if (isLikelyAdoToken(token)) {
+        return { token, source: provider.source, command: provider.command };
+      }
+      _recordInvalidToken(attempts, provider);
+    } catch (e) {
+      attempts.push({ source: provider.source, command: provider.command, error: e.message });
+    }
+  }
+  throw _buildAdoTokenError(attempts);
+}
+
+module.exports = {
+  ADO_RESOURCE_ID,
+  AZ_CLI_ADO_TOKEN_COMMAND,
+  AZUREAUTH_ADO_TOKEN_COMMAND,
+  DEFAULT_ADO_TOKEN_TIMEOUT_MS,
+  ADO_TOKEN_PROVIDERS,
+  acquireAdoToken,
+  acquireAdoTokenSync,
+  isLikelyAdoToken,
+  normalizeAdoToken,
+};

package/engine/ado.js

@@ -8,6 +8,7 @@ const shared = require('./shared');
 const { exec, execAsync, getAdoOrgBase, log, ts, dateStamp, PR_STATUS, createThrottleTracker } = shared;
 const { getPrs } = require('./queries');
 const { mutateJsonFileLocked } = shared;
+const { acquireAdoToken } = require('./ado-token');
 
 // Lazy require to avoid circular dependency — only needed for engine().handlePostMerge
 let _engine = null;
@@ -199,7 +200,7 @@ function votesToReviewStatus(votes) {
 // ─── ADO Token Cache ─────────────────────────────────────────────────────────
 
 let _adoTokenCache = { token: null, expiresAt: 0 };
-let _adoTokenFailedUntil = 0; // backoff: skip azureauth calls until this timestamp
+let _adoTokenFailedUntil = 0; // backoff: skip token acquisition calls until this timestamp
 
 // ─── ADO Throttle State ─────────────────────────────────────────────────────
 // Tracks rate-limiting (HTTP 429/503) from ADO API responses.
@@ -224,23 +225,17 @@ async function getAdoToken() {
   if (_adoTokenCache.token && Date.now() < _adoTokenCache.expiresAt) {
     return _adoTokenCache.token;
   }
-  // If recent fetch failed, don't retry until backoff expires (avoids repeated browser popups)
+  // If recent fetch failed, don't retry until backoff expires.
   if (Date.now() < _adoTokenFailedUntil) return null;
   try {
-    // azureauth supports multiple --mode flags as an ordered fallback chain:
-    // tries IWA (Integrated Windows Auth) first, falls back to broker if unavailable.
-    // Uses execAsync to avoid blocking the event loop on Windows (spawnSync ETIMEDOUT).
-    const token = (await execAsync('azureauth ado token --mode iwa --mode broker --output token --timeout 1', {
-      timeout: 15000, encoding: 'utf-8', windowsHide: true    })).trim();
-    if (token && token.startsWith('eyJ')) {
-      _adoTokenCache = { token, expiresAt: Date.now() + 30 * 60 * 1000 };
-      _adoTokenFailedUntil = 0;
-      return token;
-    }
+    const { token } = await acquireAdoToken({ execAsync, timeout: 15000 });
+    _adoTokenCache = { token, expiresAt: Date.now() + 30 * 60 * 1000 };
+    _adoTokenFailedUntil = 0;
+    return token;
   } catch (e) {
     log('warn', `Failed to get ADO token: ${e.message}`);
   }
-  // Back off for 10 minutes to avoid spamming browser auth popups
+  // Back off for 10 minutes to avoid spamming auth commands.
   _adoTokenFailedUntil = Date.now() + 10 * 60 * 1000;
   return null;
 }

package/engine/cleanup.js

@@ -621,17 +621,20 @@ function runCleanup(config, verbose = false) {
     catch { orphanPrdEntries = []; }
     for (const pf of orphanPrdEntries) {
       const prdPath = path.join(PRD_DIR, pf);
-      const prd = safeJson(prdPath);
-      if (!prd?.missing_features) continue;
+      const peek = safeJson(prdPath);
+      if (!peek?.missing_features) continue;
       let reset = 0;
-      for (const feat of prd.missing_features) {
-        if ((feat.status === shared.WI_STATUS.DISPATCHED || feat.status === shared.WI_STATUS.FAILED) && !wiIds.has(feat.id)) {
-          feat.status = shared.WI_STATUS.PENDING;
-          reset++;
+      mutateJsonFileLocked(prdPath, (prd) => {
+        if (!prd?.missing_features) return prd;
+        for (const feat of prd.missing_features) {
+          if ((feat.status === shared.WI_STATUS.DISPATCHED || feat.status === shared.WI_STATUS.FAILED) && !wiIds.has(feat.id)) {
+            feat.status = shared.WI_STATUS.PENDING;
+            reset++;
+          }
         }
-      }
+        return prd;
+      }, { skipWriteIfUnchanged: true });
       if (reset > 0) {
-        safeWrite(prdPath, prd);
         log('info', `Reset ${reset} orphaned PRD item status(es) → pending in ${pf}`);
         cleaned.orphanedPrdStatuses += reset;
       }

package/engine/cli.js

@@ -146,21 +146,18 @@ function _parseRuntimeFlags(args) {
  * Heuristic flag for "this model is obviously wrong for this runtime". Used
  * to surface the "pass --model '' to clear" hint when a user switches CLIs
  * but leaves a stale model behind. Errs on the side of false-negatives —
- * unknown runtime → no opinion, unknown model on Copilot → no opinion.
+ * unknown runtime → no opinion, runtime adapter without `modelLooksFamiliar`
+ * → no opinion. Runtime-specific knowledge lives in the adapter (see
+ * claude.js#modelLooksFamiliar) so adding a new runtime never requires
+ * editing cli.js.
  */
 function _modelLooksIncompatible(runtime, model) {
   if (!model) return false;
-  const m = String(model).toLowerCase();
-  if (runtime === 'claude') {
-    if (m.startsWith('claude-')) return false;
-    if (m === 'sonnet' || m === 'opus' || m === 'haiku') return false;
-    return true; // gpt-*, o3-*, codex, etc. — wrong CLI for these
-  }
-  if (runtime === 'copilot') {
-    // Copilot adapter maps Minions' family aliases before spawning.
-    return false;
-  }
-  return false;
+  let adapter;
+  try { adapter = require('./runtimes').resolveRuntime(runtime); }
+  catch { return false; } // unknown runtime → no opinion
+  if (typeof adapter.modelLooksFamiliar !== 'function') return false; // adapter doesn't claim a model namespace → no opinion
+  return !adapter.modelLooksFamiliar(model);
 }
 
 /**

package/engine/copilot-models.json

@@ -1,5 +1,5 @@
 {
   "runtime": "copilot",
   "models": null,
-  "cachedAt": "2026-05-02T19:09:30.042Z"
+  "cachedAt": "2026-05-03T15:01:38.322Z"
 }

package/engine/lifecycle.js

@@ -1037,7 +1037,8 @@ async function findOpenPrForBranch(meta, config) {
   if (host === 'github') {
     const ghSlug = projectObj.prUrlBase?.match(/github\.com\/([^/]+\/[^/]+)\/pull/)?.[1];
     if (!ghSlug) return null;
-    for (let attempt = 0; attempt < 3; attempt++) {
+    const maxAttempts = ENGINE_DEFAULTS.prAutoLinkRetries;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
       if (attempt > 0) await new Promise(r => setTimeout(r, 3000));
       let raw = '';
       try {
@@ -1047,13 +1048,13 @@ async function findOpenPrForBranch(meta, config) {
         if (hits.length > 0 && hits[0].state === 'OPEN') {
           return { project: projectObj, prNumber: hits[0].number, url: hits[0].url };
         }
-        if (attempt === 2) {
-          log('warn', `Auto-link fallback: no open PR found on branch ${meta.branch} after 3 attempts (raw: ${(raw || '').slice(0, 200)})`);
+        if (attempt === maxAttempts - 1) {
+          log('warn', `Auto-link fallback: no open PR found on branch ${meta.branch} after ${maxAttempts} attempts (raw: ${(raw || '').slice(0, 200)})`);
         }
       } catch (err) {
-        if (attempt === 2) {
+        if (attempt === maxAttempts - 1) {
           const rawSuffix = raw ? ` (raw: ${raw.slice(0, 200)})` : '';
-          log('warn', `Auto-link fallback: gh pr list lookup failed on branch ${meta.branch} after 3 attempts: ${err.message}${rawSuffix}`);
+          log('warn', `Auto-link fallback: gh pr list lookup failed on branch ${meta.branch} after ${maxAttempts} attempts: ${err.message}${rawSuffix}`);
         }
       }
     }
@@ -1475,7 +1476,7 @@ async function processPendingRebases(config) {
     const result = await rebaseBranchOntoMain(pr, project, config);
     if (!result.success) {
       entry.attempts = (entry.attempts || 0) + 1;
-      if (entry.attempts < 3) {
+      if (entry.attempts < ENGINE_DEFAULTS.rebaseQueueRetries) {
         remaining.push(entry);
       } else {
         log('warn', `Rebase failed after retries for ${pr.id} on ${pr.branch}: ${result.error}`);

package/engine/pipeline.js

@@ -730,14 +730,17 @@ function isStageComplete(stage, stageState, run, config) {
       if (stage.autoApprove && artifacts.prds?.length > 0) {
         for (const prdFile of artifacts.prds) {
           const prdPath = path.join(prdDir, prdFile);
-          const prd = safeJson(prdPath);
-          if (prd && prd.status === PLAN_STATUS.AWAITING_APPROVAL) {
-            prd.status = PLAN_STATUS.APPROVED;
-            prd.approvedAt = ts();
-            prd.approvedBy = 'pipeline:' + run.pipelineId;
-            safeWrite(prdPath, prd);
-            log('info', `Pipeline ${run.pipelineId}: auto-approved PRD ${prdFile}`);
-          }
+          let approved = false;
+          mutateJsonFileLocked(prdPath, (prd) => {
+            if (prd && prd.status === PLAN_STATUS.AWAITING_APPROVAL) {
+              prd.status = PLAN_STATUS.APPROVED;
+              prd.approvedAt = ts();
+              prd.approvedBy = 'pipeline:' + run.pipelineId;
+              approved = true;
+            }
+            return prd;
+          }, { skipWriteIfUnchanged: true });
+          if (approved) log('info', `Pipeline ${run.pipelineId}: auto-approved PRD ${prdFile}`);
         }
       }
 

package/engine/runtimes/claude.js

@@ -640,20 +640,28 @@ const capabilities = {
 // (fatal error message). Multi-line so all platforms see actionable guidance.
 const INSTALL_HINT = 'install from https://claude.ai/download or: npm install -g @anthropic-ai/claude-code';
 
+// Asset roots passed to spawn as `--add-dir` so worktrees can read globally
+// installed skills. `~/.agents/skills` is the cross-runtime portable location;
+// every runtime adapter exposes it so a skill placed there is genuinely visible
+// to every runtime (matches the directory name's promise).
 function getUserAssetDirs({ homeDir = os.homedir() } = {}) {
-  return [path.join(homeDir, '.claude')];
+  return [
+    path.join(homeDir, '.claude'),
+    path.join(homeDir, '.agents'),
+  ];
 }
 
 function getSkillRoots({ homeDir = os.homedir(), project = null } = {}) {
   const roots = [
     { dir: path.join(homeDir, '.claude', 'skills'), scope: 'claude-code' },
+    { dir: path.join(homeDir, '.agents', 'skills'), scope: 'agent-skill' },
   ];
   if (project?.localPath) {
-    roots.push({
-      dir: path.join(project.localPath, '.claude', 'skills'),
-      scope: 'project',
-      projectName: project.name || path.basename(project.localPath),
-    });
+    const projectName = project.name || path.basename(project.localPath);
+    roots.push(
+      { dir: path.join(project.localPath, '.claude', 'skills'), scope: 'project', projectName },
+      { dir: path.join(project.localPath, '.agents', 'skills'), scope: 'project', projectName },
+    );
   }
   return roots;
 }
@@ -666,6 +674,19 @@ function getSkillWriteTargets({ homeDir = os.homedir(), project = null } = {}) {
   return targets;
 }
 
+// Heuristic: does `model` look like a Claude model identifier? Powers the
+// preflight "stale model after CLI switch" warning in cli.js. Returning false
+// means "this looks wrong for Claude" — gpt-5.4 / o3-* / codex etc. Keep this
+// here (not in cli.js) so the runtime owns its own model namespace and adding
+// a future runtime never requires editing cli.js.
+function modelLooksFamiliar(model) {
+  if (!model) return true;
+  const m = String(model).toLowerCase();
+  if (m.startsWith('claude-')) return true;
+  if (m === 'sonnet' || m === 'opus' || m === 'haiku') return true;
+  return false;
+}
+
 module.exports = {
   name: 'claude',
   capabilities,
@@ -688,6 +709,7 @@ module.exports = {
   usesSystemPromptFile,
   classifyFailure,
   resolveModel,
+  modelLooksFamiliar,
   parseOutput,
   parseStreamChunk,
   parseError,

package/engine/runtimes/copilot.js

@@ -798,6 +798,11 @@ function getUserAssetDirs({ homeDir = os.homedir() } = {}) {
   ];
 }
 
+// Copilot CLI reads project skills from .github/skills, .claude/skills, AND
+// .agents/skills per the official docs (see "Adding agent skills for GitHub
+// Copilot CLI"). Listing all three keeps the dashboard accurate and ensures
+// spawned Copilot agents receive `--add-dir` for every dir Copilot would
+// natively read from.
 function getSkillRoots({ homeDir = os.homedir(), project = null } = {}) {
   const roots = [
     { dir: path.join(homeDir, '.copilot', 'skills'), scope: 'copilot' },
@@ -807,6 +812,7 @@ function getSkillRoots({ homeDir = os.homedir(), project = null } = {}) {
     const projectName = project.name || path.basename(project.localPath);
     roots.push(
       { dir: path.join(project.localPath, '.github', 'skills'), scope: 'project', projectName },
+      { dir: path.join(project.localPath, '.claude', 'skills'), scope: 'project', projectName },
       { dir: path.join(project.localPath, '.agents', 'skills'), scope: 'project', projectName },
     );
   }

package/engine/shared.js

@@ -793,6 +793,8 @@ const ENGINE_DEFAULTS = {
   minRetryGapMs: 120000, // 2min — minimum gap between retry dispatches for the same work item; prevents tight retry loops when an idempotent agent (e.g. review bailing out on a duplicate) cannot produce the expected output (#1770)
   pipelineApiRetries: 2, // max attempts for pipeline API calls
   pipelineApiRetryDelay: 2000, // ms delay between pipeline API retries
+  prAutoLinkRetries: 3, // max attempts for gh pr list lookup when auto-linking PR after merge (3s backoff between attempts)
+  rebaseQueueRetries: 3, // max rebase attempts per queued PR before giving up
   versionCheckInterval: 3600000, // 1 hour — how often to check npm for updates (ms)
   logFlushInterval: 5000, // 5s — how often to flush buffered log entries to disk
   logBufferSize: 50, // flush immediately when buffer exceeds this many entries
@@ -1096,15 +1098,19 @@ function runtimeConfigWarnings(config, registeredRuntimes) {
     }
   }
 
-  // 3. Bare-mode misconfig: claudeBareMode + Claude as CC runtime + no explicit
-  // CC system prompt. `--bare` suppresses CLAUDE.md auto-discovery; CC will
-  // lose project context unless the user wires an explicit prompt.
+  // 3. Bare-mode misconfig: claudeBareMode + a CC runtime that honours
+  // `--bare` + no explicit CC system prompt. `--bare` suppresses CLAUDE.md
+  // auto-discovery; CC will lose project context unless the user wires an
+  // explicit prompt. Gated on `capabilities.bareMode` rather than runtime
+  // name so any future runtime that adopts the same flag is covered.
   if (engine.claudeBareMode === true) {
     const ccCli = resolveCcCli(engine);
-    if (ccCli === 'claude' && !_isMeaningful(engine.ccSystemPrompt)) {
+    let ccRuntime = null;
+    try { ccRuntime = require('./runtimes').resolveRuntime(ccCli); } catch { /* unknown runtime — skip */ }
+    if (ccRuntime?.capabilities?.bareMode === true && !_isMeaningful(engine.ccSystemPrompt)) {
       warnings.push({
         id: 'bare-mode-misconfig',
-        message: 'engine.claudeBareMode is true but CC runs on Claude with no engine.ccSystemPrompt — CLAUDE.md auto-discovery is suppressed and CC will lose project context.',
+        message: `engine.claudeBareMode is true but CC runs on ${ccCli} (which honours --bare) with no engine.ccSystemPrompt — CLAUDE.md auto-discovery is suppressed and CC will lose project context.`,
       });
     }
   }

package/engine/spawn-agent.js

@@ -35,9 +35,9 @@
 const fs = require('fs');
 const os = require('os');
 const path = require('path');
-const { execSync } = require('child_process');
 const { runFile, cleanChildEnv, killGracefully, killImmediate, ts } = require('./shared');
 const { resolveRuntime } = require('./runtimes');
+const { acquireAdoTokenSync, isLikelyAdoToken } = require('./ado-token');
 
 // ─── Pure helpers (exported for tests) ──────────────────────────────────────
 
@@ -129,20 +129,19 @@ function normalizeRuntimeExit(code, signal) {
   return 1;
 }
 
-function injectAdoTokenEnv(env, { execSync: _execSync = execSync, warn = (msg) => process.stderr.write(msg + '\n') } = {}) {
-  let token;
+function injectAdoTokenEnv(env, { execSync: _execSync, acquireToken, warn = (msg) => process.stderr.write(msg + '\n') } = {}) {
+  let result;
   try {
-    token = String(_execSync('azureauth ado token --mode iwa --mode broker --output token --timeout 1', {
-      encoding: 'utf8',
-      timeout: 30000,
-      windowsHide: true,
-    }) || '').trim();
+    result = typeof acquireToken === 'function'
+      ? acquireToken()
+      : acquireAdoTokenSync({ execSync: _execSync });
   } catch (err) {
     warn(`spawn-agent.js: ADO token fetch failed: ${err.message}`);
     return false;
   }
-  if (!token || !token.startsWith('eyJ')) {
-    warn('spawn-agent.js: invalid ADO token from azureauth; continuing without Azure DevOps PAT env');
+  const token = typeof result === 'string' ? result : result?.token;
+  if (!isLikelyAdoToken(token)) {
+    warn('spawn-agent.js: invalid ADO token; continuing without Azure DevOps PAT env');
     return false;
   }
   env.AZURE_DEVOPS_EXT_PAT = token;
@@ -201,6 +200,36 @@ async function writeProcessExitSentinel({
   return { sentinel, stdoutFlushed, outputPathWritten };
 }
 
+/**
+ * Build the `--add-dir` list passed to the runtime CLI. Pure: takes
+ * `{ runtime, minionsDir, homeDir, exists }` and returns an ordered, deduped
+ * array of dirs the agent should be able to read from outside its worktree.
+ *
+ * Order: minionsDir first (so playbooks/system-prompt are always reachable),
+ * followed by every existing dir from `runtime.getUserAssetDirs({ homeDir })`.
+ * Non-existent asset dirs are dropped — Claude CLI rejects unknown `--add-dir`
+ * entries. The dedup compares resolved paths so we never emit minionsDir twice
+ * (e.g. when runtime asset dir IS the minions repo in unusual setups).
+ *
+ * `exists` is injectable for tests; defaults to `fs.existsSync`.
+ */
+function computeAddDirs({ runtime, minionsDir, homeDir, exists = fs.existsSync } = {}) {
+  const out = [minionsDir];
+  const seen = new Set([path.resolve(minionsDir)]);
+  const assetDirs = typeof runtime?.getUserAssetDirs === 'function'
+    ? runtime.getUserAssetDirs({ homeDir })
+    : [];
+  for (const d of assetDirs) {
+    if (!d) continue;
+    const resolved = path.resolve(d);
+    if (seen.has(resolved)) continue;
+    if (!exists(d)) continue;
+    out.push(d);
+    seen.add(resolved);
+  }
+  return out;
+}
+
 // ─── Main script execution ──────────────────────────────────────────────────
 
 function _installHint(name, runtime) {
@@ -252,15 +281,7 @@ function main() {
   // worktree, so runtime-native global assets would otherwise be invisible.
   // The adapter owns both where those assets live and how to surface them.
   const minionsDir = path.resolve(__dirname, '..');
-  const addDirs = [minionsDir];
-  const runtimeAssetDirs = typeof runtime.getUserAssetDirs === 'function'
-    ? runtime.getUserAssetDirs({ homeDir: os.homedir() })
-    : [];
-  for (const dir of runtimeAssetDirs) {
-    if (dir && fs.existsSync(dir) && path.resolve(dir) !== path.resolve(minionsDir)) {
-      addDirs.push(dir);
-    }
-  }
+  const addDirs = computeAddDirs({ runtime, minionsDir, homeDir: os.homedir() });
 
   let resolved;
   try { resolved = runtime.resolveBinary({ env }); }
@@ -378,6 +399,6 @@ function main() {
   });
 }
 
-module.exports = { parseSpawnArgs, buildSpawnInvocation, normalizeRuntimeExit, injectAdoTokenEnv, writeProcessExitSentinel };
+module.exports = { parseSpawnArgs, buildSpawnInvocation, normalizeRuntimeExit, injectAdoTokenEnv, writeProcessExitSentinel, computeAddDirs };
 
 if (require.main === module) main();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1687",
+  "version": "0.1.1689",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"