agentxchain 2.101.0 → 2.103.0

package/src/commands/decisions.js

@@ -5,9 +5,9 @@
  */
 
 import { resolve } from 'path';
-import { existsSync } from 'fs';
+import { existsSync, readFileSync } from 'fs';
 import chalk from 'chalk';
-import { readRepoDecisions, getActiveRepoDecisions, getRepoDecisionById } from '../lib/repo-decisions.js';
+import { readRepoDecisions, getActiveRepoDecisions, getRepoDecisionById, resolveDecisionAuthority } from '../lib/repo-decisions.js';
 
 /**
  * @param {object} opts - { json?: boolean, all?: boolean, show?: string, dir?: string }
@@ -39,6 +39,18 @@ export async function decisionsCommand(opts) {
     console.log(`  Phase:       ${dec.phase || '—'}`);
     console.log(`  Run:         ${(dec.run_id || '—').slice(0, 16)}`);
     console.log(`  Turn:        ${(dec.turn_id || '—').slice(0, 16)}`);
+    console.log(`  Durability:  ${dec.durability || 'repo'}`);
+    // Show decision authority if config has it
+    const config = loadConfig(root);
+    if (config && dec.role) {
+      const auth = resolveDecisionAuthority(dec.role, config);
+      if (auth !== null && !(typeof auth === 'object' && auth.unknown)) {
+        console.log(`  Authority:   ${auth} (${dec.role})`);
+      }
+    }
+    if (dec.overrides) {
+      console.log(`  Supersedes:  ${chalk.yellow(dec.overrides)}`);
+    }
     console.log(`  Created:     ${dec.created_at || '—'}`);
     if (dec.overridden_by) {
       console.log(`  Overridden:  ${chalk.yellow(dec.overridden_by)}`);
@@ -69,7 +81,11 @@ export async function decisionsCommand(opts) {
   for (const dec of decisions) {
     const status = formatStatus(dec.status);
     const runShort = (dec.run_id || '').slice(0, 12);
-    const override = dec.overridden_by ? chalk.dim(` → ${dec.overridden_by}`) : '';
+    const override = dec.overridden_by
+      ? chalk.dim(` → ${dec.overridden_by}`)
+      : dec.overrides
+        ? chalk.dim(` ← supersedes ${dec.overrides}`)
+        : '';
     console.log(`  ${chalk.cyan(dec.id)}  ${status}  ${chalk.dim(dec.category)}  ${dec.statement}${override}`);
     console.log(`    ${chalk.dim(`by ${dec.role || '?'} in ${runShort || '?'}`)}`);
   }
@@ -92,3 +108,13 @@ function findProjectRoot(dir) {
   }
   return null;
 }
+
+function loadConfig(root) {
+  const configPath = resolve(root, 'agentxchain.json');
+  if (!existsSync(configPath)) return null;
+  try {
+    return JSON.parse(readFileSync(configPath, 'utf8'));
+  } catch {
+    return null;
+  }
+}

package/src/commands/doctor.js

@@ -4,6 +4,7 @@ import { join } from 'path';
 import chalk from 'chalk';
 import { loadConfig, loadLock, findProjectRoot } from '../lib/config.js';
 import { validateProject } from '../lib/validation.js';
+import { runAdmissionControl } from '../lib/admission-control.js';
 import { getWatchPid } from './watch.js';
 import { getDashboardPid, getDashboardSession } from './dashboard.js';
 import { loadNormalizedConfig, detectConfigVersion } from '../lib/normalized-config.js';
@@ -235,6 +236,22 @@ function governedDoctor(root, rawConfig, opts) {
     }
   }
 
+  // 10. Admission control — static dead-end detection
+  if (normalized) {
+    const admission = runAdmissionControl(normalized, rawConfig);
+    if (!admission.ok) {
+      const errSummary = admission.errors.slice(0, 2).map(e => e.replace(/^ADM-\d+: /, '')).join('; ');
+      checks.push({ id: 'admission_control', name: 'Admission control', level: 'fail', detail: errSummary });
+    } else if (admission.warnings.length > 0) {
+      // ADM-003 warnings are advisory (external approval is a legitimate pattern),
+      // so report as info rather than warn to avoid noisy defaults.
+      const infoSummary = admission.warnings.slice(0, 2).map(w => w.replace(/^ADM-\d+: /, '')).join('; ');
+      checks.push({ id: 'admission_control', name: 'Admission control', level: 'info', detail: infoSummary });
+    } else {
+      checks.push({ id: 'admission_control', name: 'Admission control', level: 'pass', detail: 'No dead-end configs detected' });
+    }
+  }
+
   // Compute summary
   const failCount = checks.filter(c => c.level === 'fail').length;
   const warnCount = checks.filter(c => c.level === 'warn').length;

package/src/commands/role.js

@@ -37,13 +37,19 @@ function listRoles(roles, roleIds, opts) {
   }
 
   if (opts.json) {
-    const output = roleIds.map((id) => ({
-      id,
-      title: roles[id].title,
-      mandate: roles[id].mandate,
-      write_authority: roles[id].write_authority,
-      runtime: roles[id].runtime,
-    }));
+    const output = roleIds.map((id) => {
+      const entry = {
+        id,
+        title: roles[id].title,
+        mandate: roles[id].mandate,
+        write_authority: roles[id].write_authority,
+        runtime: roles[id].runtime,
+      };
+      if (typeof roles[id].decision_authority === 'number') {
+        entry.decision_authority = roles[id].decision_authority;
+      }
+      return entry;
+    });
     console.log(JSON.stringify(output, null, 2));
     return;
   }
@@ -56,7 +62,8 @@ function listRoles(roles, roleIds, opts) {
       : r.write_authority === 'proposed'
         ? chalk.yellow(r.write_authority)
         : chalk.dim(r.write_authority);
-    console.log(`  ${chalk.cyan(id)} — ${r.title} [${authority}] → ${chalk.dim(r.runtime)}`);
+    const decAuth = typeof r.decision_authority === 'number' ? chalk.dim(` dec:${r.decision_authority}`) : '';
+    console.log(`  ${chalk.cyan(id)} — ${r.title} [${authority}${decAuth}] → ${chalk.dim(r.runtime)}`);
   }
   console.log('');
   console.log(chalk.dim('  Usage: agentxchain role show <role_id>\n'));
@@ -81,13 +88,17 @@ function showRole(roleId, roles, roleIds, opts) {
   const r = roles[roleId];
 
   if (opts.json) {
-    console.log(JSON.stringify({
+    const entry = {
       id: roleId,
       title: r.title,
       mandate: r.mandate,
       write_authority: r.write_authority,
       runtime: r.runtime,
-    }, null, 2));
+    };
+    if (typeof r.decision_authority === 'number') {
+      entry.decision_authority = r.decision_authority;
+    }
+    console.log(JSON.stringify(entry, null, 2));
     return;
   }
 
@@ -101,6 +112,9 @@ function showRole(roleId, roles, roleIds, opts) {
   console.log(`  Title:      ${r.title}`);
   console.log(`  Mandate:    ${r.mandate}`);
   console.log(`  Authority:  ${authority}`);
+  if (typeof r.decision_authority === 'number') {
+    console.log(`  Decision:   ${r.decision_authority}`);
+  }
   console.log(`  Runtime:    ${chalk.dim(r.runtime)}`);
   console.log('');
 }

package/src/lib/admission-control.js

@@ -0,0 +1,247 @@
+/**
+ * Admission Control — pre-run static analysis that rejects governed configs
+ * which cannot possibly reach completion.
+ *
+ * Pure function: no filesystem access, no state reads.
+ *
+ * Checks:
+ *   ADM-001  No file producer for gated phase
+ *   ADM-002  Authoritative writer unreachable for owned artifacts
+ *   ADM-003  Impossible human approval topology (warning only)
+ *   ADM-004  Owned artifact owner cannot write
+ *
+ * See .planning/ADMISSION_CONTROL_SPEC.md for full spec.
+ */
+
+import { getEffectiveGateArtifacts } from './gate-evaluator.js';
+
+/**
+ * Run all admission control checks against a governed config.
+ *
+ * @param {object} config - normalized governed config
+ * @param {object} rawConfig - raw agentxchain.json (for workflow_kit, gates, approval_policy)
+ * @returns {{ ok: boolean, errors: string[], warnings: string[] }}
+ */
+export function runAdmissionControl(config, rawConfig) {
+  const errors = [];
+  const warnings = [];
+
+  const routing = config?.routing;
+  const gates = config?.gates || rawConfig?.gates;
+  const roles = config?.roles;
+  const runtimes = config?.runtimes || rawConfig?.runtimes;
+
+  if (!routing) {
+    return { ok: true, errors, warnings };
+  }
+
+  // ADM-001 + ADM-002 + ADM-004: per-phase gate analysis
+  if (gates) {
+    for (const [phase, route] of Object.entries(routing)) {
+      const exitGateId = route?.exit_gate;
+      if (!exitGateId || !gates[exitGateId]) continue;
+
+      const gateDef = gates[exitGateId];
+      const effectiveArtifacts = getEffectiveGateArtifacts(config, gateDef, phase);
+      const requiredArtifacts = effectiveArtifacts.filter(a => a.required);
+
+      if (requiredArtifacts.length === 0) continue;
+
+      // Collect all roles routed to this phase
+      const candidateRoleIds = [
+        route?.entry_role,
+        ...(Array.isArray(route?.allowed_next_roles) ? route.allowed_next_roles : []),
+      ].filter(Boolean);
+
+      const uniqueRoleIds = [...new Set(candidateRoleIds)];
+
+      // ADM-001: check if any role can produce files
+      // Manual runtime roles are excluded — human operators can produce files
+      // outside the governed turn mechanism regardless of write_authority.
+      // Note: normalized config uses runtime_id, raw config uses runtime.
+      const rolesWithAuthority = uniqueRoleIds
+        .map(id => {
+          const role = roles?.[id];
+          const rtKey = role?.runtime_id || role?.runtime;
+          return { id, role, runtime: runtimes?.[rtKey] };
+        })
+        .filter(({ role }) => role);
+
+      const hasFileProducer = rolesWithAuthority.some(({ role, runtime }) =>
+        canRoleProduceFiles(role, runtime));
+
+      // Only flag non-manual roles as review_only dead-ends
+      const nonManualRoles = rolesWithAuthority.filter(({ runtime }) => runtime?.type !== 'manual');
+      if (!hasFileProducer && nonManualRoles.length > 0) {
+        const roleSummary = nonManualRoles
+          .map(({ id, role }) => `${id}:${role.write_authority}`)
+          .join(', ');
+        const fileSummary = requiredArtifacts.map(a => a.path).join(', ');
+        errors.push(
+          `ADM-001: Phase "${phase}" gate "${exitGateId}" requires files (${fileSummary}) but all routed roles are review_only (${roleSummary}). No agent can produce the required artifacts.`
+        );
+      }
+
+      // ADM-002: check owned_by roles are reachable in this phase
+      for (const artifact of requiredArtifacts) {
+        if (!artifact.owned_by) continue;
+        if (!uniqueRoleIds.includes(artifact.owned_by)) {
+          errors.push(
+            `ADM-002: Phase "${phase}" artifact "${artifact.path}" is owned_by "${artifact.owned_by}" but that role is not in the phase routing (entry_role or allowed_next_roles). The ownership predicate can never be satisfied.`
+          );
+          continue;
+        }
+
+        const ownerRole = roles?.[artifact.owned_by];
+        if (!ownerRole) continue;
+        const ownerRuntimeKey = ownerRole.runtime_id || ownerRole.runtime;
+        const ownerRuntime = runtimes?.[ownerRuntimeKey];
+
+        if (!canRoleProduceFiles(ownerRole, ownerRuntime)) {
+          errors.push(
+            `ADM-004: Phase "${phase}" artifact "${artifact.path}" is owned_by "${artifact.owned_by}" but that role is ${ownerRole.write_authority} on runtime type "${ownerRuntime?.type || 'unknown'}". The owner can participate in the phase but cannot produce the required artifact.`
+          );
+        }
+      }
+    }
+  }
+
+  // ADM-003: impossible human approval topology
+  checkHumanApprovalTopology(config, rawConfig, routing, gates, roles, runtimes, warnings);
+
+  return {
+    ok: errors.length === 0,
+    errors,
+    warnings,
+  };
+}
+
+/**
+ * ADM-003: Check whether human approval requirements are reachable.
+ * Emits warnings (not errors) because external approval paths are legitimate.
+ */
+function checkHumanApprovalTopology(config, rawConfig, routing, gates, roles, runtimes, warnings) {
+  // Determine if any manual runtime exists
+  const hasManualRuntime = runtimes
+    ? Object.values(runtimes).some(rt => rt?.type === 'manual')
+    : false;
+
+  // If there's a manual runtime, human approval is always reachable
+  if (hasManualRuntime) return;
+
+  const approvalPolicy = config?.approval_policy || rawConfig?.approval_policy;
+
+  // Collect phases/gates that require human approval
+  const humanApprovalPoints = [];
+
+  for (const [phase, route] of Object.entries(routing)) {
+    const exitGateId = route?.exit_gate;
+    if (!exitGateId || !gates?.[exitGateId]) continue;
+
+    const gateDef = gates[exitGateId];
+    if (gateDef.requires_human_approval) {
+      // Check if approval_policy overrides to auto_approve for this transition
+      if (!isAutoApprovedByPolicy(approvalPolicy, 'phase_transitions', phase)) {
+        humanApprovalPoints.push({ type: 'phase_transition', phase, gate: exitGateId });
+      }
+    }
+  }
+
+  // Check run_completion gates
+  const completionGateId = config?.completion_gate || rawConfig?.completion_gate;
+  if (completionGateId && gates?.[completionGateId]) {
+    const gateDef = gates[completionGateId];
+    if (gateDef.requires_human_approval) {
+      if (!isAutoApprovedByPolicy(approvalPolicy, 'run_completion', null)) {
+        humanApprovalPoints.push({ type: 'run_completion', gate: completionGateId });
+      }
+    }
+  }
+
+  // Also check approval_policy for explicit require_human actions
+  if (approvalPolicy?.phase_transitions) {
+    const pt = approvalPolicy.phase_transitions;
+    if (pt.default === 'require_human') {
+      // Every phase transition defaults to human approval
+      for (const phase of Object.keys(routing)) {
+        const hasAutoOverride = (pt.rules || []).some(rule =>
+          rule.action === 'auto_approve' && matchesPhaseRule(rule, phase));
+        if (!hasAutoOverride) {
+          const already = humanApprovalPoints.some(p => p.type === 'phase_transition' && p.phase === phase);
+          if (!already) {
+            humanApprovalPoints.push({ type: 'phase_transition', phase, gate: routing[phase]?.exit_gate || '(policy)' });
+          }
+        }
+      }
+    }
+    if (Array.isArray(pt.rules)) {
+      for (const rule of pt.rules) {
+        if (rule.action === 'require_human' && rule.from_phase) {
+          const already = humanApprovalPoints.some(p => p.type === 'phase_transition' && p.phase === rule.from_phase);
+          if (!already) {
+            humanApprovalPoints.push({ type: 'phase_transition', phase: rule.from_phase, gate: '(policy)' });
+          }
+        }
+      }
+    }
+  }
+
+  if (approvalPolicy?.run_completion?.action === 'require_human') {
+    const already = humanApprovalPoints.some(p => p.type === 'run_completion');
+    if (!already) {
+      humanApprovalPoints.push({ type: 'run_completion', gate: '(policy)' });
+    }
+  }
+
+  for (const point of humanApprovalPoints) {
+    if (point.type === 'phase_transition') {
+      warnings.push(
+        `ADM-003: Phase "${point.phase}" requires human approval (gate "${point.gate}") but no role uses runtime type "manual". The run will pause at pending_phase_transition and require external approval (CLI, dashboard, or webhook).`
+      );
+    } else {
+      warnings.push(
+        `ADM-003: Run completion requires human approval (gate "${point.gate}") but no role uses runtime type "manual". The run will pause at pending_run_completion and require external approval.`
+      );
+    }
+  }
+}
+
+function isAutoApprovedByPolicy(approvalPolicy, section, phase) {
+  if (!approvalPolicy) return false;
+
+  if (section === 'phase_transitions') {
+    const pt = approvalPolicy.phase_transitions;
+    if (!pt) return false;
+
+    // Check specific rules first
+    if (Array.isArray(pt.rules)) {
+      for (const rule of pt.rules) {
+        if (rule.action === 'auto_approve' && matchesPhaseRule(rule, phase)) {
+          return true;
+        }
+      }
+    }
+
+    // Fall back to default
+    return pt.default === 'auto_approve';
+  }
+
+  if (section === 'run_completion') {
+    return approvalPolicy.run_completion?.action === 'auto_approve';
+  }
+
+  return false;
+}
+
+function matchesPhaseRule(rule, phase) {
+  // A rule matches if from_phase is unset or matches the phase
+  if (rule.from_phase && rule.from_phase !== phase) return false;
+  return true;
+}
+
+function canRoleProduceFiles(role, runtime) {
+  if (!role) return false;
+  return runtime?.type === 'manual'
+    || role.write_authority === 'authoritative'
+    || role.write_authority === 'proposed';
+}

package/src/lib/dispatch-bundle.js

@@ -618,7 +618,7 @@ function renderContext(state, config, root, turn, role) {
 
   // Repo-level decisions that persist across runs
   if (state.repo_decisions && state.repo_decisions.length > 0) {
-    const repoDecMd = renderRepoDecisionsMarkdown(state.repo_decisions);
+    const repoDecMd = renderRepoDecisionsMarkdown(state.repo_decisions, config);
     if (repoDecMd) {
       lines.push(repoDecMd);
     }

package/src/lib/export-diff.js

@@ -415,6 +415,22 @@ function detectRunRegressions(left, right) {
     });
   }
 
+  const leftHasPhaseOrder = Array.isArray(left.workflow_phase_order) && left.workflow_phase_order.length > 0;
+  const rightHasPhaseOrder = Array.isArray(right.workflow_phase_order) && right.workflow_phase_order.length > 0;
+  const phaseOrderDrift = leftHasPhaseOrder && rightHasPhaseOrder && !isEqual(left.workflow_phase_order, right.workflow_phase_order);
+
+  if (phaseOrderDrift) {
+    regressions.push({
+      id: `REG-PHASE-ORDER-${String(++counter).padStart(3, '0')}`,
+      category: 'phase',
+      severity: 'warning',
+      message: 'Workflow phase order changed between exports; directional phase comparison skipped',
+      field: 'workflow_phase_order',
+      left: left.workflow_phase_order,
+      right: right.workflow_phase_order,
+    });
+  }
+
   // Phase regression: backward movement in workflow phase order
   if (left.phase && right.phase === null) {
     // Phase disappeared — information loss
@@ -428,9 +444,9 @@ function detectRunRegressions(left, right) {
       right: null,
     });
   } else if (left.phase && right.phase && left.phase !== right.phase) {
-    // Use right export's phase order as canonical (or left if right doesn't have one)
-    const phaseOrder = right.workflow_phase_order || left.workflow_phase_order;
-    if (Array.isArray(phaseOrder) && phaseOrder.length > 0) {
+    const canCompareDirection = leftHasPhaseOrder && rightHasPhaseOrder && !phaseOrderDrift;
+    if (canCompareDirection) {
+      const phaseOrder = right.workflow_phase_order;
       const leftIndex = phaseOrder.indexOf(left.phase);
       const rightIndex = phaseOrder.indexOf(right.phase);
       // Only flag when both phases are known and right is earlier than left

package/src/lib/export-verifier.js

@@ -2,6 +2,7 @@ import { createHash } from 'node:crypto';
 import { readFileSync } from 'node:fs';
 import { resolve } from 'node:path';
 import { isDeepStrictEqual } from 'node:util';
+import { summarizeRepoDecisions } from './repo-decisions.js';
 
 const SUPPORTED_EXPORT_SCHEMA_VERSIONS = new Set(['0.2', '0.3']);
 const VALID_FILE_FORMATS = new Set(['json', 'jsonl', 'text']);
@@ -31,6 +32,52 @@ function addError(errors, path, message) {
   errors.push(`${path}: ${message}`);
 }
 
+function verifyWorkflowPhaseOrder(summary, errors, summaryPath = 'summary') {
+  const phaseOrder = summary?.workflow_phase_order;
+  if (phaseOrder === undefined || phaseOrder === null) {
+    return;
+  }
+
+  const path = `${summaryPath}.workflow_phase_order`;
+  if (!Array.isArray(phaseOrder)) {
+    addError(errors, path, 'must be an array or null');
+    return;
+  }
+
+  if (phaseOrder.length === 0) {
+    addError(errors, path, 'must not be empty when present');
+    return;
+  }
+
+  const seen = new Set();
+  for (let index = 0; index < phaseOrder.length; index += 1) {
+    const entry = phaseOrder[index];
+    const entryPath = `${path}[${index}]`;
+    if (typeof entry !== 'string') {
+      addError(errors, entryPath, 'must be a string');
+      continue;
+    }
+    const trimmed = entry.trim();
+    if (!trimmed) {
+      addError(errors, entryPath, 'must not be blank');
+      continue;
+    }
+    if (trimmed !== entry) {
+      addError(errors, entryPath, 'must be trimmed');
+      continue;
+    }
+    if (seen.has(entry)) {
+      addError(errors, path, `must not contain duplicate phase "${entry}"`);
+      continue;
+    }
+    seen.add(entry);
+  }
+
+  if (summary.phase !== null && summary.phase !== undefined && !seen.has(summary.phase)) {
+    addError(errors, `${summaryPath}.phase`, 'must appear in summary.workflow_phase_order when workflow_phase_order is present');
+  }
+}
+
 function verifyFileEntry(relPath, entry, errors) {
   const path = `files.${relPath}`;
   if (!entry || typeof entry !== 'object' || Array.isArray(entry)) {
@@ -323,38 +370,18 @@ function verifyDelegationSummary(artifact, errors) {
   }
 }
 
-function buildExpectedRepoDecisionsSummary(files) {
+function buildExpectedRepoDecisionsSummary(files, config = null) {
   const repoDecisionsData = files?.['.agentxchain/repo-decisions.jsonl']?.data;
   if (!Array.isArray(repoDecisionsData) || repoDecisionsData.length === 0) {
     return null;
   }
-
-  const active = repoDecisionsData.filter((d) => d.status === 'active');
-  const overridden = repoDecisionsData.filter((d) => d.status === 'overridden');
-
-  return {
-    total: repoDecisionsData.length,
-    active_count: active.length,
-    overridden_count: overridden.length,
-    active: active.map((d) => ({
-      id: d.id,
-      category: d.category,
-      statement: d.statement,
-      role: d.role,
-      run_id: d.run_id,
-    })),
-    overridden: overridden.map((d) => ({
-      id: d.id,
-      overridden_by: d.overridden_by,
-      statement: d.statement,
-    })),
-  };
+  return summarizeRepoDecisions(repoDecisionsData, config);
 }
 
 function verifyRepoDecisionsSummary(artifact, errors) {
   const summary = artifact.summary?.repo_decisions;
   const hasFile = '.agentxchain/repo-decisions.jsonl' in (artifact.files || {});
-  const expected = buildExpectedRepoDecisionsSummary(artifact.files);
+  const expected = buildExpectedRepoDecisionsSummary(artifact.files, artifact.config || null);
 
   if (summary === null && expected === null) {
     return;
@@ -539,6 +566,8 @@ function verifyRunExport(artifact, errors) {
     addError(errors, 'summary.phase', 'must match state.phase');
   }
 
+  verifyWorkflowPhaseOrder(artifact.summary, errors);
+
   const expectedHistoryEntries = countJsonl(artifact.files, '.agentxchain/history.jsonl');
   const expectedDecisionEntries = countJsonl(artifact.files, '.agentxchain/decision-ledger.jsonl');
   const expectedHookAuditEntries = countJsonl(artifact.files, '.agentxchain/hook-audit.jsonl');
@@ -628,6 +657,7 @@ function verifyCoordinatorExport(artifact, errors) {
     if (artifact.summary.phase !== (coordinatorState?.phase || null)) {
       addError(errors, 'summary.phase', 'must match coordinator state phase');
     }
+    verifyWorkflowPhaseOrder(artifact.summary, errors);
     if (!isDeepStrictEqual(artifact.summary.repo_run_statuses, expectedStatuses)) {
       addError(errors, 'summary.repo_run_statuses', 'must match coordinator state repo run statuses');
     }

package/src/lib/export.js

@@ -8,7 +8,7 @@ import { loadCoordinatorConfig, COORDINATOR_CONFIG_FILE } from './coordinator-co
 import { loadCoordinatorState } from './coordinator-state.js';
 import { normalizeRunProvenance } from './run-provenance.js';
 import { getDashboardPid, getDashboardSession } from '../commands/dashboard.js';
-import { readRepoDecisions } from './repo-decisions.js';
+import { readRepoDecisions, summarizeRepoDecisions } from './repo-decisions.js';
 import { RUN_EVENTS_PATH } from './run-events.js';
 
 const EXPORT_SCHEMA_VERSION = '0.3';
@@ -211,18 +211,8 @@ function buildDashboardSessionSummary(root) {
   };
 }
 
-export function buildRepoDecisionsSummary(root) {
-  const all = readRepoDecisions(root);
-  if (!all || all.length === 0) return null;
-  const active = all.filter(d => d.status === 'active');
-  const overridden = all.filter(d => d.status === 'overridden');
-  return {
-    total: all.length,
-    active_count: active.length,
-    overridden_count: overridden.length,
-    active: active.map(d => ({ id: d.id, category: d.category, statement: d.statement, role: d.role, run_id: d.run_id })),
-    overridden: overridden.map(d => ({ id: d.id, overridden_by: d.overridden_by, statement: d.statement })),
-  };
+export function buildRepoDecisionsSummary(root, config = null) {
+  return summarizeRepoDecisions(readRepoDecisions(root), config);
 }
 
 export function buildDelegationSummary(files) {
@@ -471,7 +461,7 @@ export function buildRunExport(startDir = process.cwd()) {
         coordinator_present: Object.keys(files).some((path) => path.startsWith('.agentxchain/multirepo/')),
         dashboard_session: buildDashboardSessionSummary(root),
         delegation_summary: buildDelegationSummary(files),
-        repo_decisions: buildRepoDecisionsSummary(root),
+        repo_decisions: buildRepoDecisionsSummary(root, rawConfig),
       },
       workspace: buildRunWorkspaceMetadata(root),
       files,

package/src/lib/governed-state.js

@@ -2437,7 +2437,7 @@ function _acceptGovernedTurnLocked(root, config, opts) {
   if (turnResult.decisions && turnResult.decisions.length > 0) {
     for (const dec of turnResult.decisions) {
       if (dec.overrides) {
-        const overrideCheck = validateOverride(root, dec);
+        const overrideCheck = validateOverride(root, { ...dec, role: dec.role || turnResult.role }, config);
         if (!overrideCheck.ok) {
           return {
             ok: false,
@@ -3359,6 +3359,8 @@ function _acceptGovernedTurnLocked(root, config, opts) {
           category: dec.category,
           statement: dec.statement,
           rationale: dec.rationale,
+          durability: dec.durability || 'repo',
+          overrides: dec.overrides || null,
           status: 'active',
           overridden_by: null,
           created_at: now,