agentxchain 2.147.0 → 2.149.1

package/src/lib/connector-probe.js

@@ -4,6 +4,7 @@ import {
   PROVIDER_ENDPOINTS,
 } from './adapters/api-proxy-adapter.js';
 import { probeRuntimeSpawnContext } from './runtime-spawn-context.js';
+import { getClaudeSubprocessAuthIssue, normalizeCommandTokens } from './claude-local-auth.js';
 
 const PROBEABLE_RUNTIME_TYPES = new Set(['local_cli', 'api_proxy', 'mcp', 'remote_agent']);
 const DEFAULT_TIMEOUT_MS = 8_000;
@@ -165,6 +166,38 @@ async function probeLocalCommand(runtimeId, runtime, probeKindLabel, options = {
   }
 
   const spawnProbe = probeRuntimeSpawnContext(options.root || process.cwd(), runtime, { runtimeId });
+  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime);
+
+  // DEC-BUG54-CLAUDE-AUTH-PREFLIGHT-001 / DEC-BUG54-VALIDATE-AUTH-PREFLIGHT-001
+  // Auth-preflight is a config-shape defect that must fire regardless of whether
+  // the binary currently resolves on PATH. Matches connector-validate.js:108-138
+  // ordering: a Claude local_cli runtime with no env auth and no --bare is a
+  // deterministic hang-on-spawn shape the operator must fix before anything
+  // else. If they fix auth (or add --bare) but still do not have claude
+  // installed, the next connector check surfaces command_presence after they
+  // fix the config — that is the correct operator progression.
+  if (claudeAuthIssue) {
+    return {
+      ...base,
+      level: 'fail',
+      probe_kind: 'auth_preflight',
+      command: spawnProbe.command || head,
+      error_code: 'claude_auth_preflight_failed',
+      detail: claudeAuthIssue.detail,
+      fix: claudeAuthIssue.fix,
+      auth_env_present: claudeAuthIssue.auth_env_present,
+    };
+  }
+
+  if (!spawnProbe.ok) {
+    return {
+      ...base,
+      level: 'fail',
+      command: spawnProbe.command || head,
+      detail: spawnProbe.detail,
+    };
+  }
+
   if (spawnProbe.ok) {
     return {
       ...base,
@@ -173,13 +206,6 @@ async function probeLocalCommand(runtimeId, runtime, probeKindLabel, options = {
       detail: spawnProbe.detail,
     };
   }
-
-  return {
-    ...base,
-    level: 'fail',
-    command: spawnProbe.command || head,
-    detail: spawnProbe.detail,
-  };
 }
 
 async function probeApiProxy(runtimeId, runtime, timeoutMs) {
@@ -375,6 +401,7 @@ function analyzeLocalCliAuthorityIntent(runtimeId, runtime, roles) {
   // Prompt transport validation
   const transport = runtime.prompt_transport || 'dispatch_bundle_only';
   const knownTransports = KNOWN_CLI_TRANSPORTS[binaryName];
+  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime);
 
   if (transport === 'argv' && !commandTokens.some((token) => token.includes('{prompt}'))) {
     warnings.push({
@@ -395,24 +422,21 @@ function analyzeLocalCliAuthorityIntent(runtimeId, runtime, roles) {
     });
   }
 
+  if (claudeAuthIssue) {
+    warnings.push({
+      probe_kind: 'auth_preflight',
+      level: 'warn',
+      detail: claudeAuthIssue.detail,
+      fix: claudeAuthIssue.fix,
+    });
+  }
+
   return { warnings };
 }
 
 /**
  * Normalize a runtime's command field into an array of tokens.
  */
-function normalizeCommandTokens(runtime) {
-  if (Array.isArray(runtime?.command)) {
-    return runtime.command.flatMap((element) =>
-      typeof element === 'string' ? element.trim().split(/\s+/).filter(Boolean) : []
-    );
-  }
-  if (typeof runtime?.command === 'string' && runtime.command.trim()) {
-    return runtime.command.trim().split(/\s+/).filter(Boolean);
-  }
-  return [];
-}
-
 export async function probeConnectorRuntime(runtimeId, runtime, options = {}) {
   const timeoutMs = Number.isFinite(options.timeoutMs) ? options.timeoutMs : DEFAULT_TIMEOUT_MS;
   const roles = options.roles || null;
@@ -433,8 +457,11 @@ export async function probeConnectorRuntime(runtimeId, runtime, options = {}) {
     // Add authority-intent and transport analysis when roles are available
     if (roles) {
       const { warnings } = analyzeLocalCliAuthorityIntent(runtimeId, runtime, roles);
-      if (warnings.length > 0) {
-        result.authority_warnings = warnings;
+      const visibleWarnings = result.error_code === 'claude_auth_preflight_failed'
+        ? warnings.filter((warning) => warning.probe_kind !== 'auth_preflight')
+        : warnings;
+      if (visibleWarnings.length > 0) {
+        result.authority_warnings = visibleWarnings;
         // Promote result level to 'warn' if binary is present but authority intent is wrong
         if (result.level === 'pass') {
           result.level = 'warn';

package/src/lib/connector-validate.js

@@ -24,6 +24,7 @@ import { getDispatchPromptPath, getTurnStagingResultPath } from './turn-paths.js
 import { validateStagedTurnResult } from './turn-result-validator.js';
 import { probeRuntimeSpawnContext } from './runtime-spawn-context.js';
 import { buildConnectorSchemaContract } from './connector-schema-contract.js';
+import { getClaudeSubprocessAuthIssue } from './claude-local-auth.js';
 
 const VALIDATABLE_RUNTIME_TYPES = new Set(['local_cli', 'api_proxy', 'mcp', 'remote_agent']);
 const DEFAULT_VALIDATE_TIMEOUT_MS = 120_000;
@@ -104,6 +105,39 @@ export async function validateConfiguredConnector(sourceRoot, options = {}) {
     };
   }
 
+  // DEC-BUG54-CLAUDE-AUTH-PREFLIGHT-001 — refuse the known-hanging Claude
+  // local_cli shape before burning the scratch-workspace + synthetic-dispatch
+  // ceremony. The adapter also refuses this shape via `claude_auth_preflight_failed`,
+  // but the operator gets a faster, identical-fix message if we catch it here.
+  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime);
+  if (claudeAuthIssue) {
+    return {
+      ok: false,
+      exitCode: 1,
+      overall: 'fail',
+      runtime_id: runtimeId,
+      runtime_type: runtime.type,
+      role_id: roleSelection.roleId,
+      timeout_ms: timeoutMs,
+      warnings: [
+        ...roleSelection.warnings,
+        {
+          probe_kind: 'auth_preflight',
+          level: 'fail',
+          detail: claudeAuthIssue.detail,
+          fix: claudeAuthIssue.fix,
+        },
+      ],
+      error_code: 'claude_auth_preflight_failed',
+      error: claudeAuthIssue.detail,
+      auth_env_present: claudeAuthIssue.auth_env_present,
+      fix: claudeAuthIssue.fix,
+      dispatch: null,
+      validation: null,
+      scratch_root: null,
+    };
+  }
+
   const tempBase = mkdtempSync(join(tmpdir(), 'axc-connector-validate-'));
   const scratchRoot = join(tempBase, 'workspace');
   const warnings = [...roleSelection.warnings];

package/src/lib/dispatch-progress.js

@@ -11,6 +11,10 @@
 
 import { writeFileSync, unlinkSync, readFileSync, existsSync, mkdirSync, readdirSync } from 'node:fs';
 import { join, dirname, basename } from 'node:path';
+import {
+  isDispatchProgressDiagnosticStream,
+  isDispatchProgressProofOutputStream,
+} from './dispatch-streams.js';
 
 export const LEGACY_DISPATCH_PROGRESS_PATH = '.agentxchain/dispatch-progress.json';
 export const DISPATCH_PROGRESS_FILE_PREFIX = '.agentxchain/dispatch-progress-';
@@ -138,15 +142,37 @@ export function createDispatchProgressTracker(root, turn, options = {}) {
       const now = new Date().toISOString();
       const wasSilent = state.activity_type === 'silent';
       state.last_activity_at = now;
-      state.first_output_at = state.first_output_at || now;
-      state.activity_type = 'output';
-      state.silent_since = null;
-      if (stream === 'stderr') {
+      // DEC-BUG54-STDERR-IS-NOT-STARTUP-PROOF-002 (Turn 88) extended to the
+      // progress tracker in Turn 89: stderr is diagnostic evidence, not usable
+      // startup proof. Only stdout may set `first_output_at`. stderr still
+      // increments `stderr_lines` for silence detection and diagnostics.
+      let recognizedActivity = false;
+      if (isDispatchProgressDiagnosticStream(stream)) {
         state.stderr_lines += lineCount;
-      } else {
+        recognizedActivity = true;
+      } else if (isDispatchProgressProofOutputStream(stream)) {
+        state.first_output_at = state.first_output_at || now;
         state.output_lines += lineCount;
+        recognizedActivity = true;
+      }
+      // DEC-BUG54-DIAGNOSTIC-ACTIVITY-TYPE-001 (Turn 91): activity_type and
+      // activity_summary must reflect whether operator-usable stdout proof has
+      // arrived. A stderr-only subprocess that never attached stdout must NOT
+      // be rendered as "Producing output" on the operator status surface —
+      // that is a false live-progress signal for a failing startup. Only when
+      // `output_lines > 0` may we claim 'output'; otherwise recognized stderr
+      // activity is surfaced as 'diagnostic_only'. Unknown stream labels do
+      // not mutate activity_type (Turn 90 closed-vocabulary contract).
+      if (recognizedActivity) {
+        if (state.output_lines > 0) {
+          state.activity_type = 'output';
+          state.activity_summary = `Producing output (${state.output_lines} lines)`;
+        } else {
+          state.activity_type = 'diagnostic_only';
+          state.activity_summary = `Diagnostic output only (${state.stderr_lines} stderr lines)`;
+        }
+        state.silent_since = null;
       }
-      state.activity_summary = `Producing output (${state.output_lines} lines)`;
       dirty = true;
       maybeWrite();
       if (adapter_type === 'local_cli') {

package/src/lib/dispatch-streams.js

@@ -0,0 +1,21 @@
+const TURN_RUNNING_PROOF_STREAMS = new Set(['stdout', 'request', 'staged_result']);
+
+export function isKnownTurnRunningProofStream(stream) {
+  return typeof stream === 'string' && TURN_RUNNING_PROOF_STREAMS.has(stream);
+}
+
+export function isPersistedTurnStartupProofStream(stream) {
+  if (stream == null) {
+    // Legacy states may have first_output_at without a tagged stream.
+    return true;
+  }
+  return isKnownTurnRunningProofStream(stream);
+}
+
+export function isDispatchProgressProofOutputStream(stream) {
+  return stream === 'stdout';
+}
+
+export function isDispatchProgressDiagnosticStream(stream) {
+  return stream === 'stderr';
+}

package/src/lib/governed-state.js

@@ -77,6 +77,7 @@ import {
   derivePhaseScopeFromIntentMetadata,
   evaluateAcceptanceItemLifecycle,
 } from './intent-phase-scope.js';
+import { isKnownTurnRunningProofStream } from './dispatch-streams.js';
 
 // ── Constants ────────────────────────────────────────────────────────────────
 
@@ -995,8 +996,10 @@ export function transitionActiveTurnLifecycle(root, turnId, nextStatus, options
   } else if (nextStatus === 'running') {
     nextTurn.status = 'running';
     nextTurn.started_at = nextTurn.started_at || nowIso;
-    nextTurn.first_output_at = nextTurn.first_output_at || nowIso;
-    if (options.stream) {
+    if (options.stream == null) {
+      nextTurn.first_output_at = nextTurn.first_output_at || nowIso;
+    } else if (isKnownTurnRunningProofStream(options.stream)) {
+      nextTurn.first_output_at = nextTurn.first_output_at || nowIso;
       nextTurn.first_output_stream = nextTurn.first_output_stream || options.stream;
     }
   } else {
@@ -1531,6 +1534,68 @@ function findHistoryTurnRequest(historyEntries, turnId, kind) {
   return entry;
 }
 
+function findMatchingPhaseTransitionDeclarer(historyEntries, gateFailure) {
+  if (!Array.isArray(historyEntries) || historyEntries.length === 0) {
+    return null;
+  }
+
+  const targetPhase = typeof gateFailure?.to_phase === 'string' && gateFailure.to_phase.length > 0
+    ? gateFailure.to_phase
+    : null;
+  const sourcePhase = typeof gateFailure?.from_phase === 'string' && gateFailure.from_phase.length > 0
+    ? gateFailure.from_phase
+    : null;
+
+  return [...historyEntries].reverse().find((entry) => {
+    if (!entry?.phase_transition_request) {
+      return false;
+    }
+    if (targetPhase && entry.phase_transition_request !== targetPhase) {
+      return false;
+    }
+    if (sourcePhase && entry.phase && entry.phase !== sourcePhase) {
+      return false;
+    }
+    return true;
+  }) || null;
+}
+
+function resolvePhaseTransitionSource(historyEntries, gateFailure, fallbackTurnId, queuedPhaseTransition = null) {
+  const requestedTurnId = gateFailure?.requested_by_turn
+    || queuedPhaseTransition?.requested_by_turn
+    || fallbackTurnId
+    || null;
+  const requestedSource = findHistoryTurnRequest(historyEntries, requestedTurnId, 'phase_transition');
+  if (requestedSource?.phase_transition_request) {
+    return requestedSource;
+  }
+
+  // Turn 94: a bare null-failure path only gets the exact last_completed_turn
+  // lookup. Without a surviving gate_failure or queued_phase_transition
+  // descriptor, mining "the latest request anywhere in history" can replay an
+  // unrelated older phase request on resume.
+  if (!gateFailure && !queuedPhaseTransition) {
+    return requestedSource;
+  }
+
+  const fallbackSource = findMatchingPhaseTransitionDeclarer(
+    historyEntries,
+    gateFailure || (
+      queuedPhaseTransition
+        ? {
+            from_phase: queuedPhaseTransition.from || null,
+            to_phase: queuedPhaseTransition.to || null,
+          }
+        : null
+    ),
+  );
+  if (fallbackSource?.phase_transition_request) {
+    return { ...fallbackSource, phase_transition_request: fallbackSource.phase_transition_request };
+  }
+
+  return requestedSource;
+}
+
 function buildBlockedReason({ category, recovery, turnId, blockedAt = new Date().toISOString() }) {
   return {
     category,
@@ -2535,7 +2600,19 @@ export function reconcilePhaseAdvanceBeforeDispatch(root, config, state = null)
   }
 
   const gateFailure = currentState.last_gate_failure;
-  if (gateFailure?.gate_type !== 'phase_transition') {
+  // BUG-52 Turn 93 (DEC-BUG52-NEEDS-HUMAN-PHASE-ADVANCE-001): accept two entry
+  // shapes. (A) gate_failed left `last_gate_failure.gate_type === 'phase_transition'`
+  // (existing Turn 57-60 coverage). (B) The accepted turn emitted
+  // `status: 'needs_human'`, which short-circuits gate evaluation inside
+  // `applyAcceptedTurn` (see needs_human guard at line 4657) — so
+  // `last_gate_failure` stays null and `queued_phase_transition` stays null, but
+  // the turn's `phase_transition_request` is preserved in history. After unblock
+  // clears the human block, we must still attempt to advance using the
+  // history-declared request; otherwise the dispatcher re-dispatches the current
+  // phase's entry role and the tester reproduces the planning_signoff false-loop.
+  // A non-`phase_transition` gate failure (e.g. run_completion) is still a hard
+  // skip — this expansion only opens the null-failure path.
+  if (gateFailure && gateFailure.gate_type !== 'phase_transition') {
     return {
       ok: true,
       state: attachLegacyCurrentTurnAlias(currentState),
@@ -2544,10 +2621,11 @@ export function reconcilePhaseAdvanceBeforeDispatch(root, config, state = null)
   }
 
   const historyEntries = readJsonlEntries(root, HISTORY_PATH);
-  const phaseSource = findHistoryTurnRequest(
+  const phaseSource = resolvePhaseTransitionSource(
     historyEntries,
-    gateFailure.requested_by_turn || currentState.last_completed_turn_id || null,
-    'phase_transition',
+    gateFailure,
+    currentState.last_completed_turn_id || null,
+    currentState.queued_phase_transition || null,
   );
   if (!phaseSource?.phase_transition_request) {
     return {
@@ -3729,8 +3807,37 @@ function _acceptGovernedTurnLocked(root, config, opts) {
     ],
   );
   if (!dirtyParity.clean) {
-    transitionToFailedAcceptance(root, state, currentTurn, dirtyParity.reason, {
-      error_code: 'artifact_dirty_tree_mismatch',
+    // BUG-55 sub-defect B: when the turn declared verification commands or
+    // machine evidence, undeclared dirty files are most likely verification
+    // outputs that need classification under verification.produced_files
+    // (disposition 'ignore' to clean up, or 'artifact' to include in the
+    // checkpoint). Surface a dedicated error class + message so the agent
+    // knows the correct remediation surface, instead of the generic
+    // files_changed-or-produced_files-or-clean advice that the non-
+    // verification path emits.
+    const verification = turnResult.verification && typeof turnResult.verification === 'object'
+      ? turnResult.verification
+      : {};
+    const declaredVerificationCommands = Array.isArray(verification.commands)
+      && verification.commands.some((c) => typeof c === 'string' && c.trim().length > 0);
+    const declaredMachineEvidence = Array.isArray(verification.machine_evidence)
+      && verification.machine_evidence.some((e) => e && typeof e === 'object' && typeof e.command === 'string' && e.command.trim().length > 0);
+    const verificationWasDeclared = declaredVerificationCommands || declaredMachineEvidence;
+
+    let failureReason = dirtyParity.reason;
+    let failureErrorCode = 'artifact_dirty_tree_mismatch';
+    if (verificationWasDeclared) {
+      failureErrorCode = 'undeclared_verification_outputs';
+      const undeclared = Array.isArray(dirtyParity.unexpected_dirty_files)
+        ? dirtyParity.unexpected_dirty_files
+        : [];
+      const listForMessage = undeclared.slice(0, 5).join(', ')
+        + (undeclared.length > 5 ? '...' : '');
+      failureReason = `Verification was declared (commands or machine_evidence), but these files are dirty and not classified: ${listForMessage}. Classify each under verification.produced_files with disposition "ignore" (the file should be cleaned up after replay) or "artifact" (the file should be checkpointed as part of the turn), OR add it to files_changed if it is a core turn mutation. Acceptance cannot proceed until the declared contract matches the working tree.`;
+    }
+
+    transitionToFailedAcceptance(root, state, currentTurn, failureReason, {
+      error_code: failureErrorCode,
       stage: 'artifact_observation',
       extra: {
         unexpected_dirty_files: dirtyParity.unexpected_dirty_files,
@@ -3739,13 +3846,14 @@ function _acceptGovernedTurnLocked(root, config, opts) {
     });
     return {
       ok: false,
-      error: dirtyParity.reason,
+      error: failureReason,
+      error_code: failureErrorCode,
       validation: {
         ...validation,
         ok: false,
         stage: 'artifact_observation',
         error_class: 'artifact_error',
-        errors: [dirtyParity.reason],
+        errors: [failureReason],
         warnings: validation.warnings,
       },
     };

package/src/lib/normalized-config.js

@@ -442,6 +442,9 @@ export function validateV4Config(data, projectRoot) {
       if (!VALID_RUNTIME_TYPES.includes(rt.type)) {
         errors.push(`Runtime "${id}": type must be one of: ${VALID_RUNTIME_TYPES.join(', ')}`);
       }
+      if (rt.type === 'local_cli') {
+        validateRuntimePositiveInteger(`Runtime "${id}": startup_watchdog_ms`, rt.startup_watchdog_ms, errors);
+      }
       // Validate prompt_transport for local_cli runtimes
       if (rt.type === 'local_cli' && rt.prompt_transport) {
         if (!VALID_PROMPT_TRANSPORTS.includes(rt.prompt_transport)) {
@@ -652,6 +655,15 @@ function validateRunLoopPositiveInteger(path, value, errors) {
   }
 }
 
+function validateRuntimePositiveInteger(path, value, errors) {
+  if (value === undefined || value === null) {
+    return;
+  }
+  if (typeof value !== 'number' || !Number.isInteger(value) || value < 1) {
+    errors.push(`${path} must be a positive integer (milliseconds)`);
+  }
+}
+
 export function validateBudgetConfig(budget) {
   const errors = [];
 

package/src/lib/schemas/agentxchain-config.schema.json

@@ -253,6 +253,11 @@
         "cwd": {
           "$ref": "#/$defs/non_empty_string"
         },
+        "startup_watchdog_ms": {
+          "type": "integer",
+          "minimum": 1,
+          "description": "Optional local_cli-specific override for the startup watchdog. When set, this runtime uses the declared threshold before falling back to run_loop.startup_watchdog_ms."
+        },
         "prompt_transport": {
           "enum": ["argv", "stdin", "dispatch_bundle_only"]
         },

package/src/lib/schemas/turn-result.schema.json

@@ -148,7 +148,10 @@
         },
         "commands": {
           "type": "array",
-          "items": { "type": "string" },
+          "items": {
+            "type": "string",
+            "pattern": "\\S"
+          },
           "description": "Verification commands that were run."
         },
         "evidence_summary": {
@@ -161,7 +164,10 @@
             "type": "object",
             "required": ["command", "exit_code"],
             "properties": {
-              "command": { "type": "string" },
+              "command": {
+                "type": "string",
+                "pattern": "\\S"
+              },
               "exit_code": { "type": "integer" }
             }
           }

package/src/lib/stale-turn-watchdog.js

@@ -24,7 +24,8 @@
  * requiring a background daemon.
  *
  * Default thresholds:
- *   - Startup watchdog: 30 seconds (configurable via run_loop.startup_watchdog_ms)
+ *   - Startup watchdog: 30 seconds (configurable via run_loop.startup_watchdog_ms
+ *     or runtimes.<id>.startup_watchdog_ms for local_cli runtimes)
  *   - local_cli stale turns: 10 minutes
  *   - api_proxy stale turns: 5 minutes
  *   - Configurable via run_loop.stale_turn_threshold_ms in agentxchain.json
@@ -36,6 +37,7 @@ import { safeWriteJson } from './safe-write.js';
 import { emitRunEvent, readRunEvents } from './run-events.js';
 import { getTurnStagingResultPath } from './turn-paths.js';
 import { getDispatchProgressRelativePath } from './dispatch-progress.js';
+import { isPersistedTurnStartupProofStream } from './dispatch-streams.js';
 import { hasMeaningfulStagedResult } from './staged-result-proof.js';
 
 const DEFAULT_LOCAL_CLI_THRESHOLD_MS = 10 * 60 * 1000; // 10 minutes
@@ -122,7 +124,6 @@ export function detectGhostTurns(root, state, config) {
   const activeTurns = state?.active_turns || {};
   const ghosts = [];
   const now = Date.now();
-  const startupThreshold = resolveStartupThreshold(config);
 
   for (const [turnId, turn] of Object.entries(activeTurns)) {
     if (!['dispatched', 'starting', 'running', 'retrying'].includes(turn.status)) continue;
@@ -130,6 +131,13 @@ export function detectGhostTurns(root, state, config) {
     const lifecycleStart = parseGhostLifecycleStart(turn);
     if (!Number.isFinite(lifecycleStart)) continue;
 
+    // BUG-54 follow-up: per-turn threshold honors per-runtime startup override.
+    // Without this, an operator who sets `runtimes.<id>.startup_watchdog_ms`
+    // higher than the global to accommodate a slow QA/Claude runtime would still
+    // have ghost detection fire at the global threshold, defeating the override.
+    const runtime = config?.runtimes?.[turn.runtime_id];
+    const startupThreshold = resolveStartupThreshold(config, runtime);
+
     const runningMs = now - lifecycleStart;
     if (runningMs < startupThreshold) continue;
 
@@ -274,7 +282,16 @@ function resolveThreshold(turn, config) {
   return DEFAULT_LOCAL_CLI_THRESHOLD_MS;
 }
 
-function resolveStartupThreshold(config) {
+function resolveStartupThreshold(config, runtime) {
+  // BUG-54 follow-up: per-runtime override beats the global.
+  // Mirrors `resolveStartupWatchdogMs()` in local-cli-adapter.js so the
+  // ghost-detection scanner uses the same threshold the in-flight adapter
+  // watchdog uses; otherwise the scanner pre-empts the override.
+  if (runtime && runtime.type === 'local_cli'
+      && Number.isInteger(runtime.startup_watchdog_ms)
+      && runtime.startup_watchdog_ms > 0) {
+    return runtime.startup_watchdog_ms;
+  }
   const configThreshold = config?.run_loop?.startup_watchdog_ms;
   if (typeof configThreshold === 'number' && configThreshold > 0) {
     return configThreshold;
@@ -291,6 +308,7 @@ export function failTurnStartup(root, state, config, turnId, details = {}) {
   if (!turn) {
     return { ok: false, error: `Turn ${turnId} not found in active turns` };
   }
+  const runtime = config?.runtimes?.[turn.runtime_id];
 
   const nowIso = new Date().toISOString();
   const activeTurns = { ...(state.active_turns || {}) };
@@ -300,7 +318,7 @@ export function failTurnStartup(root, state, config, turnId, details = {}) {
     role: turn.assigned_role || 'unknown',
     runtime_id: turn.runtime_id || 'unknown',
     running_ms: details.running_ms ?? computeLifecycleAgeMs(turn),
-    threshold_ms: details.threshold_ms ?? resolveStartupThreshold(config),
+    threshold_ms: details.threshold_ms ?? resolveStartupThreshold(config, runtime),
     failure_type: classifyStartupFailureType(turn, null, details.failure_type || 'no_subprocess_output'),
     recommendation: details.recommendation
       || `Turn ${turnId} failed to start cleanly. Run \`agentxchain reissue-turn --turn ${turnId} --reason ghost\` to recover.`,
@@ -476,7 +494,14 @@ function mapStartupFailureEventType(failureType) {
 }
 
 function hasStartupProof(turn, progress) {
-  if (turn.first_output_at) {
+  // DEC-BUG54-STDERR-IS-NOT-STARTUP-PROOF-002 (Turn 88) extended to the
+  // fast-startup watchdog in Turn 89: stderr activity is not startup proof.
+  // A subprocess that spawns and emits stderr-only text must still be caught
+  // by the fast watchdog as stdout_attach_failed. Only stdout-derived signals
+  // (stream-tagged `turn.first_output_at`, `progress.first_output_at`, or
+  // `progress.output_lines`) satisfy startup proof. `progress.stderr_lines`
+  // deliberately does NOT.
+  if (turn.first_output_at && isPersistedTurnStartupProofStream(turn.first_output_stream)) {
     return true;
   }
   if (!progress || typeof progress !== 'object') {
@@ -485,7 +510,7 @@ function hasStartupProof(turn, progress) {
   if (progress.first_output_at) {
     return true;
   }
-  return Number(progress.output_lines || 0) > 0 || Number(progress.stderr_lines || 0) > 0;
+  return Number(progress.output_lines || 0) > 0;
 }
 
 function hasTurnScopedStagedResult(root, turnId) {