agentxchain 2.129.0 → 2.130.1

package/bin/agentxchain.js

@@ -71,6 +71,7 @@ import { unblockCommand } from '../src/commands/unblock.js';
 import { injectCommand } from '../src/commands/inject.js';
 import { escalateCommand } from '../src/commands/escalate.js';
 import { acceptTurnCommand } from '../src/commands/accept-turn.js';
+import { checkpointTurnCommand } from '../src/commands/checkpoint-turn.js';
 import { rejectTurnCommand } from '../src/commands/reject-turn.js';
 import { reissueTurnCommand } from '../src/commands/reissue-turn.js';
 import { proposalListCommand, proposalDiffCommand, proposalApplyCommand, proposalRejectCommand } from '../src/commands/proposal.js';
@@ -672,9 +673,16 @@ program
   .command('accept-turn')
   .description('Accept the currently staged governed turn result')
   .option('--turn <id>', 'Target a specific active turn when multiple turns exist')
+  .option('--checkpoint', 'Checkpoint the accepted turn to git immediately after acceptance')
   .option('--resolution <mode>', 'Conflict resolution mode for conflicted turns (standard, human_merge)', 'standard')
   .action(acceptTurnCommand);
 
+program
+  .command('checkpoint-turn')
+  .description('Checkpoint the latest accepted turn into git so the next writable turn has a clean baseline')
+  .option('--turn <id>', 'Checkpoint a specific accepted turn from history')
+  .action(checkpointTurnCommand);
+
 program
   .command('reject-turn')
   .description('Reject the current governed turn result and retry or escalate')
@@ -727,6 +735,8 @@ program
   .option('--triage-approval <mode>', 'Triage policy for vision-derived intents: auto or human (default: config or auto)')
   .option('--max-idle-cycles <n>', 'Stop after N consecutive idle cycles with no derivable work (default: 3)', parseInt)
   .option('--session-budget <usd>', 'Cumulative session-level budget cap in USD for continuous mode', parseFloat)
+  .option('--auto-checkpoint', 'Auto-commit accepted writable turns after acceptance')
+  .option('--no-auto-checkpoint', 'Disable automatic checkpointing after accepted writable turns')
   .action(runCommand);
 
 program

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentxchain",
-  "version": "2.129.0",
+  "version": "2.130.1",
   "description": "CLI for AgentXchain — governed multi-agent software delivery",
   "type": "module",
   "bin": {
@@ -24,7 +24,8 @@
     "dev": "node bin/agentxchain.js",
     "test": "npm run test:vitest && npm run test:node",
     "test:vitest": "vitest run --reporter=verbose",
-    "test:node": "node --test test/*.test.js",
+    "test:beta": "node --test test/beta-tester-scenarios/*.test.js",
+    "test:node": "node --test test/*.test.js test/beta-tester-scenarios/*.test.js",
     "preflight:release": "bash scripts/release-preflight.sh",
     "preflight:release:strict": "bash scripts/release-preflight.sh --strict",
     "check:release-alignment": "node scripts/check-release-alignment.mjs",

package/scripts/release-preflight.sh

@@ -110,24 +110,37 @@ if [[ "$PUBLISH_GATE" -eq 1 ]]; then
   echo "[3/7] Release-gate tests (targeted subset)"
   # In publish-gate mode, run only release-critical tests to avoid CI hangs.
   # The full test suite is a pre-tag responsibility, not a publish-time gate.
-  GATE_TESTS=(
+  GATE_TEST_PATTERNS=(
     test/release-preflight.test.js
     test/release-docs-content.test.js
     test/release-notes-gate.test.js
     test/release-identity-hardening.test.js
     test/normalized-config.test.js
     test/conformance.test.js
+    test/beta-tester-scenarios/*.test.js
   )
   GATE_TEST_ARGS=()
-  for t in "${GATE_TESTS[@]}"; do
-    if [[ -f "$t" ]]; then
+  shopt -s nullglob
+  for pattern in "${GATE_TEST_PATTERNS[@]}"; do
+    for t in $pattern; do
       GATE_TEST_ARGS+=("$t")
-    fi
+    done
   done
+  shopt -u nullglob
   if [[ ${#GATE_TEST_ARGS[@]} -eq 0 ]]; then
     fail "No release-gate test files found"
   else
-    if run_and_capture TEST_OUTPUT env AGENTXCHAIN_RELEASE_TARGET_VERSION="${TARGET_VERSION}" AGENTXCHAIN_RELEASE_PREFLIGHT=1 node --test "${GATE_TEST_ARGS[@]}"; then
+    BETA_TEST_COUNT=0
+    for t in "${GATE_TEST_ARGS[@]}"; do
+      if [[ "$t" == test/beta-tester-scenarios/*.test.js ]]; then
+        BETA_TEST_COUNT=$((BETA_TEST_COUNT + 1))
+      fi
+    done
+    if [[ "$BETA_TEST_COUNT" -eq 0 ]]; then
+      fail "No beta-tester scenario tests found for release-gate verification"
+      TEST_OUTPUT=""
+      TEST_STATUS=1
+    elif run_and_capture TEST_OUTPUT env AGENTXCHAIN_RELEASE_TARGET_VERSION="${TARGET_VERSION}" AGENTXCHAIN_RELEASE_PREFLIGHT=1 node --test "${GATE_TEST_ARGS[@]}"; then
       TEST_STATUS=0
     else
       TEST_STATUS=$?

package/src/commands/accept-turn.js

@@ -2,6 +2,7 @@ import chalk from 'chalk';
 import { loadProjectContext } from '../lib/config.js';
 import { acceptGovernedTurn } from '../lib/governed-state.js';
 import { deriveRecoveryDescriptor } from '../lib/blocked-state.js';
+import { checkpointAcceptedTurn } from '../lib/turn-checkpoint.js';
 
 export async function acceptTurnCommand(opts = {}) {
   const context = loadProjectContext();
@@ -166,6 +167,19 @@ export async function acceptTurnCommand(opts = {}) {
   if (accepted?.cost?.usd != null) {
     console.log(`  ${chalk.dim('Cost:')}     $${formatUsd(accepted.cost.usd)}`);
   }
+  if (opts.checkpoint) {
+    const checkpoint = checkpointAcceptedTurn(root, { turnId });
+    if (!checkpoint.ok) {
+      console.log(`  ${chalk.yellow('Checkpoint:')} accepted but checkpoint failed`);
+      console.log(`  ${chalk.dim('Action:')}   ${checkpoint.error}`);
+      console.log(`  ${chalk.dim('Retry:')}    agentxchain checkpoint-turn --turn ${turnId}`);
+      console.log('');
+      process.exit(1);
+    }
+    if (!checkpoint.skipped) {
+      console.log(`  ${chalk.dim('Checkpoint:')} ${checkpoint.checkpoint_sha}`);
+    }
+  }
   if (accepted?.verification_replay) {
     const verifiedAt = accepted.verification_replay.verified_at
       ? ` at ${accepted.verification_replay.verified_at}`

package/src/commands/checkpoint-turn.js

@@ -0,0 +1,35 @@
+import chalk from 'chalk';
+import { loadProjectContext } from '../lib/config.js';
+import { checkpointAcceptedTurn } from '../lib/turn-checkpoint.js';
+
+export async function checkpointTurnCommand(opts = {}) {
+  const context = loadProjectContext();
+  if (!context) {
+    console.log(chalk.red('No agentxchain.json found. Run `agentxchain init` first.'));
+    process.exit(1);
+  }
+
+  const { root, config } = context;
+  if (config.protocol_mode !== 'governed') {
+    console.log(chalk.red('The checkpoint-turn command is only available for governed projects.'));
+    process.exit(1);
+  }
+
+  const result = checkpointAcceptedTurn(root, { turnId: opts.turn });
+  if (!result.ok) {
+    console.log(chalk.red(result.error || 'Failed to checkpoint accepted turn.'));
+    process.exit(1);
+  }
+
+  if (result.already_checkpointed) {
+    console.log(chalk.yellow(`Turn ${result.turn.turn_id} already has checkpoint ${result.checkpoint_sha}.`));
+    return;
+  }
+
+  if (result.skipped) {
+    console.log(chalk.dim(result.reason));
+    return;
+  }
+
+  console.log(chalk.green(`Checkpointed ${result.turn.turn_id} at ${result.checkpoint_sha}.`));
+}

package/src/commands/connector.js

@@ -105,6 +105,7 @@ export async function connectorCheckCommand(runtimeId, options = {}) {
   const result = await probeConfiguredConnectors(context.config, {
     runtimeId: runtimeId || null,
     timeoutMs,
+    root: context.root,
     onProbeStart: options.json ? null : (probeRuntimeId, runtime) => {
       console.log(`  ${chalk.dim('…')} Probing ${chalk.bold(probeRuntimeId)} ${chalk.dim(`(${runtime.type})`)}`);
     },

package/src/commands/doctor.js

@@ -1,5 +1,5 @@
 import { existsSync, readFileSync } from 'fs';
-import { execFileSync, execSync } from 'child_process';
+import { execFileSync } from 'child_process';
 import { join } from 'path';
 import chalk from 'chalk';
 import { loadConfig, loadLock, findProjectRoot, loadProjectState } from '../lib/config.js';
@@ -17,9 +17,10 @@ import {
   summarizeRoleRuntimeCapability,
   summarizeRuntimeCapabilityContract,
 } from '../lib/runtime-capabilities.js';
-import { detectActiveTurnBindingDrift } from '../lib/governed-state.js';
+import { detectActiveTurnBindingDrift, detectStateBundleDesync } from '../lib/governed-state.js';
 import { findPendingApprovedIntents } from '../lib/intake.js';
 import { checkCleanBaseline } from '../lib/repo-observer.js';
+import { probeRuntimeSpawnContext } from '../lib/runtime-spawn-context.js';
 
 export async function doctorCommand(opts = {}) {
   const root = findProjectRoot(process.cwd());
@@ -90,7 +91,7 @@ function governedDoctor(root, rawConfig, opts) {
   const runtimes = (normalized && normalized.runtimes) || rawConfig.runtimes || {};
   const rolesByRuntime = buildRolesByRuntime(normalized?.roles || {});
   for (const [rtId, rt] of Object.entries(runtimes)) {
-    const check = checkRuntimeReachable(rtId, rt, rolesByRuntime[rtId] || []);
+    const check = checkRuntimeReachable(root, rtId, rt, rolesByRuntime[rtId] || []);
     checks.push(check);
   }
   const connectorProbe = getConnectorProbeRecommendation(runtimes);
@@ -152,7 +153,36 @@ function governedDoctor(root, rawConfig, opts) {
     }
   }
 
-  // 5c. Clean working tree pre-flight for authoritative/proposed roles
+  // 5c. BUG-18: State/bundle integrity — active turns must have dispatch bundles
+  if (normalized && existsSync(join(root, '.agentxchain', 'state.json'))) {
+    try {
+      const stateData = loadProjectState(root, normalized);
+      const desync = detectStateBundleDesync(root, stateData);
+      if (!desync.ok) {
+        const desyncSummary = desync.desynced
+          .map(d => `${d.turn_id} (${d.role}): missing ${d.expected_path}`)
+          .join('; ');
+        checks.push({
+          id: 'bundle_integrity',
+          name: 'Dispatch bundle integrity',
+          level: 'fail',
+          detail: `Ghost turn(s): ${desyncSummary}. Run: agentxchain reissue-turn`,
+          desynced: desync.desynced,
+        });
+      } else if (Object.keys(stateData?.active_turns || {}).length > 0) {
+        checks.push({
+          id: 'bundle_integrity',
+          name: 'Dispatch bundle integrity',
+          level: 'pass',
+          detail: 'All active turns have dispatch bundles on disk',
+        });
+      }
+    } catch {
+      // State couldn't be loaded — skip integrity check
+    }
+  }
+
+  // 5d. Clean working tree pre-flight for authoritative/proposed roles
   if (normalized?.roles) {
     const writableRoles = Object.entries(normalized.roles)
       .filter(([, role]) => role.write_authority === 'authoritative' || role.write_authority === 'proposed')
@@ -455,7 +485,7 @@ function buildCliVersionCheck(cliVersionHealth) {
   };
 }
 
-function checkRuntimeReachable(rtId, rt, boundRoleEntries = []) {
+function checkRuntimeReachable(root, rtId, rt, boundRoleEntries = []) {
   const base = { id: `runtime_${rtId}`, name: `Runtime: ${rtId}` };
 
   if (!rt || !rt.type) {
@@ -467,14 +497,8 @@ function checkRuntimeReachable(rtId, rt, boundRoleEntries = []) {
       return attachRuntimeContract({ ...base, level: 'pass', detail: 'Manual runtime (no binary needed)' }, rtId, rt, boundRoleEntries);
 
     case 'local_cli': {
-      const cmd = Array.isArray(rt.command) ? rt.command[0] : (typeof rt.command === 'string' ? rt.command.split(/\s+/)[0] : null);
-      if (!cmd) return attachRuntimeContract({ ...base, level: 'warn', detail: 'No command configured' }, rtId, rt, boundRoleEntries);
-      try {
-        execSync(`command -v ${cmd}`, { stdio: 'ignore' });
-        return attachRuntimeContract({ ...base, level: 'pass', detail: `${cmd} binary found` }, rtId, rt, boundRoleEntries);
-      } catch {
-        return attachRuntimeContract({ ...base, level: 'fail', detail: `${cmd} not found in PATH` }, rtId, rt, boundRoleEntries);
-      }
+      const probe = probeRuntimeSpawnContext(root, rt, { runtimeId: rtId });
+      return attachRuntimeContract({ ...base, level: probe.ok ? 'pass' : 'fail', detail: probe.detail }, rtId, rt, boundRoleEntries);
     }
 
     case 'api_proxy': {
@@ -494,14 +518,8 @@ function checkRuntimeReachable(rtId, rt, boundRoleEntries = []) {
       if (transport === 'streamable_http') {
         return attachRuntimeContract({ ...base, level: 'warn', detail: 'Remote MCP endpoint (cannot verify at doctor time)' }, rtId, rt, boundRoleEntries);
       }
-      const cmd = Array.isArray(rt.command) ? rt.command[0] : (typeof rt.command === 'string' ? rt.command.split(/\s+/)[0] : null);
-      if (!cmd) return attachRuntimeContract({ ...base, level: 'warn', detail: 'No MCP command configured' }, rtId, rt, boundRoleEntries);
-      try {
-        execSync(`command -v ${cmd}`, { stdio: 'ignore' });
-        return attachRuntimeContract({ ...base, level: 'pass', detail: `${cmd} binary found` }, rtId, rt, boundRoleEntries);
-      } catch {
-        return attachRuntimeContract({ ...base, level: 'fail', detail: `${cmd} not found in PATH` }, rtId, rt, boundRoleEntries);
-      }
+      const probe = probeRuntimeSpawnContext(root, rt, { runtimeId: rtId });
+      return attachRuntimeContract({ ...base, level: probe.ok ? 'pass' : 'fail', detail: probe.detail }, rtId, rt, boundRoleEntries);
     }
 
     case 'remote_agent':