agentxchain 2.149.1 → 2.150.0

package/README.md

@@ -89,7 +89,7 @@ agentxchain step --role pm
 
 If you skipped `--goal` during scaffold, run `agentxchain config --set project.goal "Build an API change planner for release teams"` before the first governed turn instead of re-running init in place.
 
-The default governed dev runtime is `claude --print --dangerously-skip-permissions` with stdin prompt delivery. The non-interactive governed path needs write access, so do not pretend bare `claude --print` is sufficient for unattended implementation turns. If your local coding agent uses a different launch contract, set it during scaffold creation:
+The default governed dev runtime is `claude --print --dangerously-skip-permissions --bare` with stdin prompt delivery. The non-interactive governed path needs write access and env-based auth, so do not pretend plain `claude --print` is sufficient for unattended implementation turns. If your local coding agent uses a different launch contract, set it during scaffold creation:
 
 ```bash
 agentxchain init --governed --dir my-agentxchain-project --dev-command ./scripts/dev-agent.sh --dev-prompt-transport dispatch_bundle_only -y

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentxchain",
-  "version": "2.149.1",
+  "version": "2.150.0",
   "description": "CLI for AgentXchain — governed multi-agent software delivery",
   "type": "module",
   "bin": {
@@ -28,7 +28,7 @@
     "test": "npm run test:vitest && npm run test:node",
     "test:vitest": "vitest run --reporter=verbose",
     "test:beta": "node --test test/beta-tester-scenarios/*.test.js",
-    "test:node": "node --test test/*.test.js test/beta-tester-scenarios/*.test.js",
+    "test:node": "node --test --test-timeout=60000 --test-concurrency=4 test/*.test.js test/beta-tester-scenarios/*.test.js",
     "preflight:release": "bash scripts/release-preflight.sh",
     "preflight:release:strict": "bash scripts/release-preflight.sh --strict",
     "check:release-alignment": "node scripts/check-release-alignment.mjs",

package/scripts/prepublish-gate.sh

@@ -0,0 +1,132 @@
+#!/usr/bin/env bash
+# Prepublish gate — local-first quality floor before `git tag`.
+#
+# Replaces per-commit remote CI coverage that `.github/workflows/ci.yml` will
+# drop when CICD-SHRINK lands. Runs the same checks the GitHub-hosted runners
+# ran, in-process on the agent's box, before any tag or publish-workflow is
+# triggered. See .planning/CICD_REDUCTION_PLAN.md §7.
+#
+# Usage:
+#   bash cli/scripts/prepublish-gate.sh <target-version>
+#
+# Exit 0 + prints "PREPUBLISH GATE PASSED for <version>" → safe to tag/push.
+# Exit non-zero → do NOT tag, do NOT push. Fix the failure locally first.
+#
+# Discipline rule (CICD-SHRINK acceptance, new in DEC-RELEASE-CUT-AND-PUSH-AS-ATOMIC-001):
+# the release-cut turn MUST include this script's "PREPUBLISH GATE PASSED" line
+# in the turn's Evidence block before `git tag` is created.
+
+set -uo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+CLI_DIR="${SCRIPT_DIR}/.."
+cd "$CLI_DIR"
+
+usage() {
+  echo "Usage: bash cli/scripts/prepublish-gate.sh <target-version>" >&2
+  echo "  <target-version>  Semver string (e.g., 2.150.0)." >&2
+}
+
+if [[ $# -ne 1 ]]; then
+  usage
+  exit 1
+fi
+
+TARGET_VERSION="$1"
+if ! [[ "$TARGET_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  echo "Error: invalid semver '${TARGET_VERSION}'" >&2
+  usage
+  exit 1
+fi
+
+echo "Prepublish gate — target version ${TARGET_VERSION}"
+echo "================================================="
+echo "cwd: ${CLI_DIR}"
+echo ""
+
+STEP_STATUS=0
+step_fail() {
+  echo ""
+  echo "  FAIL: $1"
+  STEP_STATUS=1
+}
+
+# ---------------------------------------------------------------------------
+# Step 1 — Full test suite (replaces per-push CI).
+#
+# Runs via `npm test` so Vitest + Node test phases are both exercised, and the
+# Node phase inherits the `--test-timeout=60000 --test-concurrency=4` caps from
+# package.json (DEC-BUG57-FAILFAST-NODE-TEST-001). We pass `--test-timeout`
+# explicitly too so the gate cannot be silently weakened by a future
+# package.json change. The node runner honors the last `--test-timeout` wins.
+# ---------------------------------------------------------------------------
+echo "[1/4] Full test suite — cd cli && npm test -- --test-timeout=60000"
+if npm test -- --test-timeout=60000; then
+  echo "  PASS: full test suite green"
+else
+  step_fail "full test suite failed"
+fi
+echo ""
+
+# ---------------------------------------------------------------------------
+# Step 2 — Release preflight in publish-gate mode.
+#
+# `release-preflight.sh --publish-gate` enforces strict mode (clean tree,
+# bumped package.json, CHANGELOG entry present, release-alignment manifest
+# aligned, pack dry-run succeeds) and runs only the release-gate-critical
+# test subset. Step 1 already ran the full suite; step 2 enforces the
+# release-specific invariants.
+# ---------------------------------------------------------------------------
+echo "[2/4] Release preflight — bash scripts/release-preflight.sh --publish-gate"
+if bash "${SCRIPT_DIR}/release-preflight.sh" --publish-gate --target-version "${TARGET_VERSION}"; then
+  echo "  PASS: release-preflight gate green"
+else
+  step_fail "release-preflight gate failed"
+fi
+echo ""
+
+# ---------------------------------------------------------------------------
+# Step 3 — npm pack --dry-run (claim-reality coverage).
+#
+# Proves the tarball the publish workflow will upload is reproducible from
+# HEAD. The publish workflow itself re-runs this; we catch pack failures here
+# before the tag is even created, so a broken `files:` glob or missing dist
+# artifact never reaches remote CI.
+# ---------------------------------------------------------------------------
+echo "[3/4] Pack dry-run — npm pack --dry-run"
+if npm pack --dry-run >/dev/null 2>&1; then
+  echo "  PASS: npm pack --dry-run succeeded"
+else
+  step_fail "npm pack --dry-run failed (rerun with streamed output for details)"
+  npm pack --dry-run 2>&1 | tail -20 || true
+fi
+echo ""
+
+# ---------------------------------------------------------------------------
+# Step 4 — Release-alignment manifest (17-surface drift gate).
+#
+# `check-release-alignment.mjs` owns the shared manifest of every surface that
+# must reference the target version (CHANGELOG, website release pages,
+# capabilities.json, implementor guide, launch evidence, onboarding docs,
+# marketing drafts, llms.txt, homebrew mirror, package.json). Step 2 runs the
+# same check, but we invoke it directly so the final status line is visible
+# in the gate's own output — agents reading this log get an explicit
+# alignment-pass signal without having to scrape the preflight's mid-run
+# block.
+# ---------------------------------------------------------------------------
+echo "[4/4] Release alignment — node scripts/check-release-alignment.mjs --scope current"
+if node "${SCRIPT_DIR}/check-release-alignment.mjs" --scope current --target-version "${TARGET_VERSION}"; then
+  echo "  PASS: release alignment green"
+else
+  step_fail "release alignment failed"
+fi
+echo ""
+
+echo "================================================="
+if [[ "${STEP_STATUS}" -ne 0 ]]; then
+  echo "PREPUBLISH GATE FAILED for ${TARGET_VERSION} — do NOT tag, do NOT push."
+  exit 1
+fi
+
+echo "PREPUBLISH GATE PASSED for ${TARGET_VERSION} — safe to tag and push."
+exit 0

package/scripts/release-bump.sh

@@ -342,12 +342,12 @@ else
   PREFLIGHT_FAILED=0
 
   # 8.5a. Full test suite with release env vars
-  if env AGENTXCHAIN_RELEASE_TARGET_VERSION="${TARGET_VERSION}" AGENTXCHAIN_RELEASE_PREFLIGHT=1 npm test >/dev/null 2>&1; then
+  if env AGENTXCHAIN_RELEASE_TARGET_VERSION="${TARGET_VERSION}" AGENTXCHAIN_RELEASE_PREFLIGHT=1 npm test -- --test-timeout=60000 >/dev/null 2>&1; then
     echo "  OK: test suite passed"
   else
     echo "  FAIL: test suite failed" >&2
     echo "  Re-running with output for diagnostics..." >&2
-    env AGENTXCHAIN_RELEASE_TARGET_VERSION="${TARGET_VERSION}" AGENTXCHAIN_RELEASE_PREFLIGHT=1 npm test 2>&1 | tail -30 >&2
+    env AGENTXCHAIN_RELEASE_TARGET_VERSION="${TARGET_VERSION}" AGENTXCHAIN_RELEASE_PREFLIGHT=1 npm test -- --test-timeout=60000 2>&1 | tail -30 >&2
     PREFLIGHT_FAILED=1
   fi
 

package/scripts/render-github-release-body.mjs

@@ -57,20 +57,27 @@ function extractSummaryParagraph(text, version) {
 }
 
 function extractAggregateEvidenceLine(text) {
-  const matches = [...text.matchAll(/^-\s+.*\b(\d+)\s+tests\b.*\b0 failures\b.*$/gm)];
+  const matches = [...text.matchAll(/^-\s+(.*\b(\d+)\s+tests\b.*\b0 failures\b.*)$/gm)];
   if (matches.length === 0) {
     throw new Error('Concrete aggregate evidence line missing from governed release page');
   }
 
   const aggregate = matches.reduce((best, match) => {
-    const count = Number(match[1]);
+    const count = Number(match[2]);
     if (!best || count > best.count) {
-      return { count, line: match[0] };
+      return { count, line: match[1] };
     }
     return best;
   }, null);
 
-  return aggregate.line.replace(/\*\*/g, '').replace(/`/g, '').replace(/,/g, '').trim();
+  const line = aggregate.line.replace(/\*\*/g, '').replace(/`/g, '').replace(/,/g, '').trim();
+  const evidenceMatch = line.match(/\b\d+\s+tests\b.*\b0 failures\b.*/);
+  if (!evidenceMatch) {
+    throw new Error('Concrete aggregate evidence line missing from governed release page');
+  }
+  const prefix = line.slice(0, evidenceMatch.index).trim();
+  const evidence = evidenceMatch[0].trim();
+  return `- ${evidence}${prefix ? ` — ${prefix.replace(/[→-]\s*$/, '').trim()}` : ''}`;
 }
 
 function getPreviousVersionTag(repoRoot, version) {

package/scripts/reproduce-bug-54.mjs

@@ -58,7 +58,7 @@
  * purpose), and does NOT require the governed dispatcher to be running.
  */
 
-import { spawn } from 'child_process';
+import { spawn, spawnSync } from 'child_process';
 import { existsSync, readFileSync, readdirSync, statSync, writeFileSync } from 'fs';
 import { join, resolve } from 'path';
 import { fileURLToPath } from 'url';
@@ -315,20 +315,6 @@ async function runOneAttempt({
       attempt.spawn_attached_elapsed_ms = now - t0;
     });
 
-    if (child.stdin) {
-      child.stdin.on('error', (err) => {
-        // Capture but do not fail — adapter behavior matches: stdin EPIPE is
-        // logged and the spawn continues to play out via close/error events.
-        attempt.stderr += `[repro:stdin_error] ${err?.code || ''} ${err?.message || ''}\n`;
-      });
-      try {
-        if (transport === 'stdin') child.stdin.write(fullPrompt);
-        child.stdin.end();
-      } catch (err) {
-        attempt.stderr += `[repro:stdin_throw] ${err?.code || ''} ${err?.message || ''}\n`;
-      }
-    }
-
     if (child.stdout) {
       child.stdout.on('data', (chunk) => {
         const text = chunk.toString();
@@ -343,6 +329,20 @@ async function runOneAttempt({
       });
     }
 
+    if (child.stdin) {
+      child.stdin.on('error', (err) => {
+        // Capture but do not fail — adapter behavior matches: stdin EPIPE is
+        // logged and the spawn continues to play out via close/error events.
+        attempt.stderr += `[repro:stdin_error] ${err?.code || ''} ${err?.message || ''}\n`;
+      });
+      try {
+        if (transport === 'stdin') child.stdin.write(fullPrompt);
+        child.stdin.end();
+      } catch (err) {
+        attempt.stderr += `[repro:stdin_throw] ${err?.code || ''} ${err?.message || ''}\n`;
+      }
+    }
+
     if (child.stderr) {
       child.stderr.on('data', (chunk) => {
         const text = chunk.toString();
@@ -496,6 +496,7 @@ async function main() {
   const stdinBytes = transport === 'stdin' ? Buffer.byteLength(fullPrompt) : 0;
   const diagnosticArgs = redactArgs(args, fullPrompt, transport);
   const envSnapshot = snapshotEnv(spawnEnv);
+  const commandProbe = probeCommand(command, runtimeCwd, spawnEnv);
 
   const header = {
     repro_version: 1,
@@ -510,6 +511,7 @@ async function main() {
     stdin_bytes: stdinBytes,
     prompt_source: promptSource,
     env_snapshot: envSnapshot,
+    command_probe: commandProbe,
     watchdog_ms: opts.noWatchdog ? null : watchdogMs,
     no_watchdog: opts.noWatchdog,
     attempts_planned: opts.attempts,
@@ -529,6 +531,11 @@ async function main() {
   console.error(`[repro] prompt       : ${promptSource.kind} (${promptSource.length_bytes} bytes)`);
   console.error(`[repro] watchdog_ms  : ${header.watchdog_ms ?? 'disabled'}`);
   console.error(`[repro] auth env     : ${JSON.stringify(envSnapshot.auth_env_present)}`);
+  if (commandProbe.kind === 'claude_version') {
+    console.error(`[repro] claude probe : status=${commandProbe.status ?? '-'} signal=${commandProbe.signal ?? '-'} stdout=${JSON.stringify(commandProbe.stdout || '')}`);
+  } else {
+    console.error(`[repro] command probe: ${commandProbe.kind} (${commandProbe.reason})`);
+  }
   console.error(`[repro] attempts     : ${header.attempts_planned}`);
   console.error('');
 
@@ -617,6 +624,65 @@ function summarize(attempts) {
   };
 }
 
+function probeCommand(command, cwd, env) {
+  if (!isClaudeCommand(command)) {
+    return {
+      kind: 'skipped',
+      reason: 'not a claude command',
+    };
+  }
+  try {
+    const result = spawnSync(command, ['--version'], {
+      cwd,
+      env,
+      encoding: 'utf8',
+      timeout: 10_000,
+      maxBuffer: 1024 * 1024,
+    });
+    return {
+      kind: 'claude_version',
+      command,
+      args: ['--version'],
+      timeout_ms: 10_000,
+      status: result.status,
+      signal: result.signal,
+      stdout: result.stdout || '',
+      stderr: result.stderr || '',
+      error: result.error ? {
+        code: result.error.code ?? null,
+        errno: result.error.errno ?? null,
+        syscall: result.error.syscall ?? null,
+        message: result.error.message || String(result.error),
+      } : null,
+      timed_out: result.error?.code === 'ETIMEDOUT',
+    };
+  } catch (err) {
+    return {
+      kind: 'claude_version',
+      command,
+      args: ['--version'],
+      timeout_ms: 10_000,
+      status: null,
+      signal: null,
+      stdout: '',
+      stderr: '',
+      error: {
+        code: err?.code ?? null,
+        errno: err?.errno ?? null,
+        syscall: err?.syscall ?? null,
+        message: err?.message || String(err),
+      },
+      timed_out: err?.code === 'ETIMEDOUT',
+    };
+  }
+}
+
+function isClaudeCommand(command) {
+  if (typeof command !== 'string') return false;
+  const normalized = command.replace(/\\/g, '/');
+  return normalized === 'claude' || normalized.endsWith('/claude');
+}
+
 main().catch((err) => {
   console.error(`[repro] fatal: ${err?.stack || err?.message || err}`);
   process.exit(99);

package/src/commands/doctor.js

@@ -59,7 +59,7 @@ export async function doctorCommand(opts = {}) {
 
 // ── Governed (v4) Doctor ────────────────────────────────────────────────────
 
-function governedDoctor(root, rawConfig, opts) {
+async function governedDoctor(root, rawConfig, opts) {
   const checks = [];
   const cliVersionHealth = getCliVersionHealth();
   let stateRunId = null;
@@ -93,7 +93,7 @@ function governedDoctor(root, rawConfig, opts) {
   const runtimes = (normalized && normalized.runtimes) || rawConfig.runtimes || {};
   const rolesByRuntime = buildRolesByRuntime(normalized?.roles || {});
   for (const [rtId, rt] of Object.entries(runtimes)) {
-    const check = checkRuntimeReachable(root, rtId, rt, rolesByRuntime[rtId] || []);
+    const check = await checkRuntimeReachable(root, rtId, rt, rolesByRuntime[rtId] || []);
     checks.push(check);
   }
   const connectorProbe = getConnectorProbeRecommendation(runtimes);
@@ -488,7 +488,7 @@ function buildCliVersionCheck(cliVersionHealth) {
   };
 }
 
-function checkRuntimeReachable(root, rtId, rt, boundRoleEntries = []) {
+async function checkRuntimeReachable(root, rtId, rt, boundRoleEntries = []) {
   const base = { id: `runtime_${rtId}`, name: `Runtime: ${rtId}` };
 
   if (!rt || !rt.type) {
@@ -502,7 +502,7 @@ function checkRuntimeReachable(root, rtId, rt, boundRoleEntries = []) {
     case 'local_cli': {
       const probe = probeRuntimeSpawnContext(root, rt, { runtimeId: rtId });
       if (probe.ok) {
-        const claudeAuthIssue = getClaudeSubprocessAuthIssue(rt);
+        const claudeAuthIssue = await getClaudeSubprocessAuthIssue(rt);
         if (claudeAuthIssue) {
           return attachRuntimeContract({
             ...base,

package/src/commands/init.js

@@ -98,7 +98,7 @@ const GOVERNED_ROLES = {
 
 const DEFAULT_GOVERNED_LOCAL_DEV_RUNTIME = Object.freeze({
   type: 'local_cli',
-  command: ['claude', '--print', '--dangerously-skip-permissions'],
+  command: ['claude', '--print', '--dangerously-skip-permissions', '--bare'],
   cwd: '.',
   prompt_transport: 'stdin',
 });

package/src/commands/mission.js

@@ -1377,7 +1377,9 @@ export async function missionPlanAutopilotCommand(planTarget, opts) {
       }
 
       if (waveNum === maxWaves) {
-        terminalReason = 'wave_limit_reached';
+        terminalReason = totalFailed > 0
+          ? (continueOnFailure ? 'plan_incomplete' : 'failure_stopped')
+          : 'wave_limit_reached';
         break;
       }
 
@@ -2030,7 +2032,9 @@ async function coordinatorAutopilot(planTarget, opts, context, mission) {
       }
 
       if (waveNum === maxWaves) {
-        terminalReason = 'wave_limit_reached';
+        terminalReason = totalFailed > 0
+          ? (continueOnFailure ? 'plan_incomplete' : 'failure_stopped')
+          : 'wave_limit_reached';
         break;
       }
 

package/src/commands/restart.js

@@ -219,7 +219,7 @@ export async function restartCommand(opts) {
     process.exit(1);
   }
 
-  if (state.status === 'blocked') {
+  if (state.status === 'blocked' && !state.pending_phase_transition && !state.pending_run_completion) {
     console.log(chalk.red('Run is blocked. Resolve the blocker first.'));
     const recovery = deriveRecoveryDescriptor(state, config);
     if (recovery) {

package/src/commands/turn.js

@@ -120,7 +120,14 @@ function buildArtifactIndex(root, turnId) {
 }
 
 function buildTurnPayload(turnId, turn, state, artifacts, assignment, config) {
-  const elapsedMs = getElapsedMs(turn.started_at);
+  // Effective start time for display: BUG-51 hardening clears `started_at`
+  // when a turn transitions to `dispatched` so ghost-turn detection can key
+  // off `dispatched_at`. For manual runtimes (no subprocess), no later
+  // `starting` transition re-sets `started_at`, so fall back to
+  // `dispatched_at` (operator-dispatched = effective start) and
+  // `assigned_at` as a last resort so the timing surface stays populated.
+  const effectiveStartedAt = turn.started_at || turn.dispatched_at || turn.assigned_at || null;
+  const elapsedMs = getElapsedMs(effectiveStartedAt);
   const payload = {
     turn_id: turnId,
     run_id: state.run_id || assignment?.run_id || null,
@@ -129,7 +136,7 @@ function buildTurnPayload(turnId, turn, state, artifacts, assignment, config) {
     runtime: turn.runtime_id,
     status: turn.status,
     attempt: turn.attempt,
-    started_at: turn.started_at || null,
+    started_at: effectiveStartedAt,
     elapsed_ms: elapsedMs,
     dispatch_dir: getDispatchTurnDir(turnId),
     staging_result_path: assignment?.staging_result_path || null,
@@ -152,7 +159,9 @@ function buildTurnPayload(turnId, turn, state, artifacts, assignment, config) {
 }
 
 function printTurnSummary(turnId, turn, state, artifacts, assignment, config) {
-  const elapsedMs = getElapsedMs(turn.started_at);
+  // See buildTurnPayload for rationale on fallback ordering.
+  const effectiveStartedAt = turn.started_at || turn.dispatched_at || turn.assigned_at || null;
+  const elapsedMs = getElapsedMs(effectiveStartedAt);
   console.log('');
   console.log(chalk.bold(`  Turn: ${chalk.cyan(turnId)}`));
   console.log(chalk.dim('  ' + '─'.repeat(44)));
@@ -162,8 +171,8 @@ function printTurnSummary(turnId, turn, state, artifacts, assignment, config) {
   console.log(`  ${chalk.dim('Runtime:')}  ${turn.runtime_id}`);
   console.log(`  ${chalk.dim('Status:')}   ${turn.status}`);
   console.log(`  ${chalk.dim('Attempt:')}  ${turn.attempt}`);
-  if (turn.started_at) {
-    console.log(`  ${chalk.dim('Started:')}  ${turn.started_at}`);
+  if (effectiveStartedAt) {
+    console.log(`  ${chalk.dim('Started:')}  ${effectiveStartedAt}`);
   }
   if (elapsedMs != null) {
     console.log(`  ${chalk.dim('Elapsed:')}  ${formatElapsed(elapsedMs)}`);

package/src/lib/adapters/local-cli-adapter.js

@@ -128,13 +128,14 @@ export async function dispatchLocalCli(root, state, config, options = {}) {
   const spawnEnv = { ...process.env, AGENTXCHAIN_TURN_ID: turn.turn_id };
   const stdinBytes = transport === 'stdin' ? Buffer.byteLength(fullPrompt, 'utf8') : 0;
   const diagnosticArgs = redactPromptArgs(args, fullPrompt, transport);
-  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime, spawnEnv);
+  const claudeAuthIssue = await getClaudeSubprocessAuthIssue(runtime, spawnEnv);
 
   if (claudeAuthIssue) {
     appendDiagnostic(logs, 'claude_auth_preflight_failed', {
       runtime_id: runtimeId,
       turn_id: turn.turn_id,
       auth_env_present: claudeAuthIssue.auth_env_present,
+      smoke_probe: claudeAuthIssue.smoke_probe,
       recommendation: claudeAuthIssue.fix,
     });
     return {
@@ -263,7 +264,29 @@ export async function dispatchLocalCli(root, state, config, options = {}) {
       armStartupWatchdog();
     });
 
-    // Deliver prompt via stdin if transport is "stdin"; otherwise close immediately
+    // Collect stdout/stderr
+    if (child.stdout) {
+      child.stdout.on('data', (chunk) => {
+        const text = chunk.toString();
+        stdoutBytes += Buffer.byteLength(text);
+        recordFirstOutput('stdout');
+        logs.push(text);
+        if (onStdout) onStdout(text);
+      });
+    }
+
+    if (child.stderr) {
+      child.stderr.on('data', (chunk) => {
+        const text = chunk.toString();
+        stderrBytes += Buffer.byteLength(text);
+        stderrExcerpt = appendDiagnosticExcerpt(stderrExcerpt, text, DIAGNOSTIC_STDERR_EXCERPT_LIMIT);
+        logs.push('[stderr] ' + text);
+        if (onStderr) onStderr(text);
+      });
+    }
+
+    // Deliver prompt only after output listeners are registered. This removes
+    // the remaining adapter-side ordering risk for fast stdin-driven children.
     if (child.stdin) {
       child.stdin.on('error', (err) => {
         appendDiagnostic(logs, 'stdin_error', {
@@ -286,27 +309,6 @@ export async function dispatchLocalCli(root, state, config, options = {}) {
       }
     }
 
-    // Collect stdout/stderr
-    if (child.stdout) {
-      child.stdout.on('data', (chunk) => {
-        const text = chunk.toString();
-        stdoutBytes += Buffer.byteLength(text);
-        recordFirstOutput('stdout');
-        logs.push(text);
-        if (onStdout) onStdout(text);
-      });
-    }
-
-    if (child.stderr) {
-      child.stderr.on('data', (chunk) => {
-        const text = chunk.toString();
-        stderrBytes += Buffer.byteLength(text);
-        stderrExcerpt = appendDiagnosticExcerpt(stderrExcerpt, text, DIAGNOSTIC_STDERR_EXCERPT_LIMIT);
-        logs.push('[stderr] ' + text);
-        if (onStderr) onStderr(text);
-      });
-    }
-
     // Timeout handling per §20.4
     let timeoutHandle;
     let sigkillHandle;

package/src/lib/claude-local-auth.js

@@ -1,3 +1,5 @@
+import { spawn } from 'node:child_process';
+
 const CLAUDE_ENV_AUTH_KEYS = [
   'ANTHROPIC_API_KEY',
   'CLAUDE_API_KEY',
@@ -6,6 +8,9 @@ const CLAUDE_ENV_AUTH_KEYS = [
   'CLAUDE_CODE_USE_BEDROCK',
 ];
 
+const DEFAULT_SMOKE_PROBE_TIMEOUT_MS = 10_000;
+const DEFAULT_SMOKE_PROBE_STDIN = 'ok';
+
 function normalizeCommandTokens(runtime) {
   if (Array.isArray(runtime?.command)) {
     return runtime.command.flatMap((element) =>
@@ -41,7 +46,26 @@ export function hasClaudeEnvAuth(env = process.env) {
   return Object.values(getClaudeEnvAuthPresence(env)).some(Boolean);
 }
 
-export function getClaudeSubprocessAuthIssue(runtime, env = process.env) {
+function buildClaudeSubprocessAuthIssue(env, smokeProbe = null) {
+  const auth_env_present = getClaudeEnvAuthPresence(env);
+  return {
+    auth_env_present,
+    smoke_probe: smokeProbe,
+    detail: 'Claude local_cli runtime has no env-based auth and is missing "--bare"; non-interactive subprocesses can hang on macOS keychain reads.',
+    fix: 'Export ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN before running AgentXchain, or add "--bare" to the Claude command if you intentionally want env-only auth.',
+  };
+}
+
+function resolveSmokeProbeTimeoutMs(env, options = {}) {
+  if (Number.isFinite(options?.timeoutMs) && options.timeoutMs > 0) {
+    return options.timeoutMs;
+  }
+  const raw = env?.AGENTXCHAIN_CLAUDE_AUTH_PROBE_TIMEOUT_MS;
+  const parsed = Number.parseInt(raw, 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : DEFAULT_SMOKE_PROBE_TIMEOUT_MS;
+}
+
+export async function getClaudeSubprocessAuthIssue(runtime, env = process.env, options = {}) {
   if (!isClaudeLocalCliRuntime(runtime)) {
     return null;
   }
@@ -50,12 +74,164 @@ export function getClaudeSubprocessAuthIssue(runtime, env = process.env) {
     return null;
   }
 
-  const auth_env_present = getClaudeEnvAuthPresence(env);
-  return {
-    auth_env_present,
-    detail: 'Claude local_cli runtime has no env-based auth and is missing "--bare"; non-interactive subprocesses can hang on macOS keychain reads.',
-    fix: 'Export ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN before running AgentXchain, or add "--bare" to the Claude command if you intentionally want env-only auth.',
-  };
+  const smokeProbe = await runClaudeSmokeProbe({
+    runtime,
+    env,
+    timeoutMs: resolveSmokeProbeTimeoutMs(env, options),
+    stdinPayload: options?.stdinPayload,
+    spawnImpl: options?.spawnImpl,
+  });
+
+  if (smokeProbe.kind === 'stdout_observed' || smokeProbe.kind === 'spawn_error' || smokeProbe.kind === 'skipped') {
+    return null;
+  }
+
+  if (smokeProbe.kind === 'hang' || smokeProbe.kind === 'exit_nonzero' || smokeProbe.kind === 'stderr_only') {
+    return buildClaudeSubprocessAuthIssue(env, smokeProbe);
+  }
+
+  return null;
+}
+
+/**
+ * Bounded smoke probe that spawns the runtime's actual Claude command with a
+ * tiny prompt on stdin and a watchdog. Returns a classification:
+ *
+ *   { kind: 'stdout_observed' }      — real stdout arrived before watchdog;
+ *                                      the setup is NOT hanging on auth.
+ *   { kind: 'hang', elapsed_ms }     — watchdog fired with no stdout/stderr
+ *                                      bytes; the keychain-hang shape (BUG-54).
+ *   { kind: 'stderr_only', ... }     — process wrote stderr but no stdout
+ *                                      before watchdog (auth error or similar).
+ *   { kind: 'exit_nonzero', ... }    — process exited non-zero with no stdout
+ *                                      (explicit auth failure — not a hang).
+ *   { kind: 'spawn_error', ... }     — spawn itself failed (ENOENT / EPERM).
+ *   { kind: 'skipped', reason }      — probe disabled or unavailable.
+ *
+ * This is the positive-case-testable alternative to the static shape-check in
+ * `getClaudeSubprocessAuthIssue`: it observes what the subprocess actually
+ * does rather than predicting what it *might* do from config shape alone.
+ *
+ * Added 2026-04-21 for the BUG-56 false-positive fix. See
+ * `.planning/BUG_56_FALSE_POSITIVE_RETRO.md` for the decision trail.
+ *
+ * @param {{ runtime: object, env?: object, timeoutMs?: number, stdinPayload?: string, spawnImpl?: Function }} opts
+ * @returns {Promise<object>}
+ */
+export async function runClaudeSmokeProbe(opts) {
+  const runtime = opts?.runtime ?? null;
+  const env = opts?.env ?? process.env;
+  const timeoutMs = Number.isFinite(opts?.timeoutMs) ? opts.timeoutMs : DEFAULT_SMOKE_PROBE_TIMEOUT_MS;
+  const stdinPayload = typeof opts?.stdinPayload === 'string' ? opts.stdinPayload : DEFAULT_SMOKE_PROBE_STDIN;
+  const spawnImpl = typeof opts?.spawnImpl === 'function' ? opts.spawnImpl : spawn;
+
+  if (!isClaudeLocalCliRuntime(runtime)) {
+    return { kind: 'skipped', reason: 'not_claude_local_cli' };
+  }
+
+  const tokens = normalizeCommandTokens(runtime);
+  if (tokens.length === 0) {
+    return { kind: 'skipped', reason: 'empty_command' };
+  }
+  const [command, ...args] = tokens;
+
+  return new Promise((resolve) => {
+    let child;
+    try {
+      child = spawnImpl(command, args, {
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env,
+      });
+    } catch (error) {
+      resolve({
+        kind: 'spawn_error',
+        errno: error?.errno ?? null,
+        code: error?.code ?? null,
+        message: error?.message ?? String(error),
+      });
+      return;
+    }
+
+    if (!child || typeof child.on !== 'function') {
+      resolve({ kind: 'spawn_error', code: 'NO_CHILD_HANDLE', message: 'spawn returned no child handle' });
+      return;
+    }
+
+    const start = Date.now();
+    let stdoutBytes = 0;
+    let stderrBytes = 0;
+    let stderrBuf = '';
+    let settled = false;
+
+    const finish = (result) => {
+      if (settled) return;
+      settled = true;
+      try { child.kill('SIGTERM'); } catch { /* ignore */ }
+      resolve(result);
+    };
+
+    const watchdog = setTimeout(() => {
+      const elapsed_ms = Date.now() - start;
+      if (stdoutBytes > 0) {
+        finish({ kind: 'stdout_observed', elapsed_ms });
+      } else if (stderrBytes > 0) {
+        finish({ kind: 'stderr_only', elapsed_ms, stderr_snippet: stderrBuf.slice(0, 500) });
+      } else {
+        finish({ kind: 'hang', elapsed_ms });
+      }
+    }, timeoutMs);
+    if (typeof watchdog.unref === 'function') watchdog.unref();
+
+    child.stdout?.on('data', (chunk) => {
+      stdoutBytes += chunk.length;
+      if (stdoutBytes > 0 && !settled) {
+        clearTimeout(watchdog);
+        finish({ kind: 'stdout_observed', elapsed_ms: Date.now() - start });
+      }
+    });
+
+    child.stderr?.on('data', (chunk) => {
+      stderrBytes += chunk.length;
+      stderrBuf += chunk.toString('utf8');
+    });
+
+    child.on('error', (error) => {
+      clearTimeout(watchdog);
+      finish({
+        kind: 'spawn_error',
+        errno: error?.errno ?? null,
+        code: error?.code ?? null,
+        message: error?.message ?? String(error),
+      });
+    });
+
+    child.on('exit', (code, signal) => {
+      if (settled) return;
+      clearTimeout(watchdog);
+      const elapsed_ms = Date.now() - start;
+      if (stdoutBytes > 0) {
+        finish({ kind: 'stdout_observed', elapsed_ms });
+      } else if (code !== 0) {
+        finish({
+          kind: 'exit_nonzero',
+          elapsed_ms,
+          exit_code: code,
+          exit_signal: signal,
+          stderr_snippet: stderrBuf.slice(0, 500),
+        });
+      } else if (stderrBytes > 0) {
+        finish({ kind: 'stderr_only', elapsed_ms, stderr_snippet: stderrBuf.slice(0, 500) });
+      } else {
+        finish({ kind: 'hang', elapsed_ms });
+      }
+    });
+
+    try {
+      child.stdin?.end(`${stdinPayload}\n`);
+    } catch {
+      // best-effort; error will surface via 'error' event if real
+    }
+  });
 }
 
 export { CLAUDE_ENV_AUTH_KEYS, normalizeCommandTokens };

package/src/lib/connector-probe.js

@@ -165,30 +165,30 @@ async function probeLocalCommand(runtimeId, runtime, probeKindLabel, options = {
     };
   }
 
-  const spawnProbe = probeRuntimeSpawnContext(options.root || process.cwd(), runtime, { runtimeId });
-  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime);
-
-  // DEC-BUG54-CLAUDE-AUTH-PREFLIGHT-001 / DEC-BUG54-VALIDATE-AUTH-PREFLIGHT-001
-  // Auth-preflight is a config-shape defect that must fire regardless of whether
-  // the binary currently resolves on PATH. Matches connector-validate.js:108-138
-  // ordering: a Claude local_cli runtime with no env auth and no --bare is a
-  // deterministic hang-on-spawn shape the operator must fix before anything
-  // else. If they fix auth (or add --bare) but still do not have claude
-  // installed, the next connector check surfaces command_presence after they
-  // fix the config — that is the correct operator progression.
+  const claudeAuthIssue = await getClaudeSubprocessAuthIssue(runtime, process.env, {
+    timeoutMs: options.claudeAuthProbeTimeoutMs,
+  });
+
+  // DEC-BUG56-PREFLIGHT-PROBE-OVER-SHAPE-CHECK-001
+  // Auth-preflight is observation-based: a no-env/no-bare Claude runtime is
+  // only refused when a bounded smoke probe actually hangs or fails without
+  // stdout. Working Claude Max keychain setups must pass this gate.
   if (claudeAuthIssue) {
     return {
       ...base,
       level: 'fail',
       probe_kind: 'auth_preflight',
-      command: spawnProbe.command || head,
+      command: formatTarget(runtime) || head,
       error_code: 'claude_auth_preflight_failed',
       detail: claudeAuthIssue.detail,
       fix: claudeAuthIssue.fix,
       auth_env_present: claudeAuthIssue.auth_env_present,
+      smoke_probe: claudeAuthIssue.smoke_probe,
     };
   }
 
+  const spawnProbe = probeRuntimeSpawnContext(options.root || process.cwd(), runtime, { runtimeId });
+
   if (!spawnProbe.ok) {
     return {
       ...base,
@@ -401,8 +401,6 @@ function analyzeLocalCliAuthorityIntent(runtimeId, runtime, roles) {
   // Prompt transport validation
   const transport = runtime.prompt_transport || 'dispatch_bundle_only';
   const knownTransports = KNOWN_CLI_TRANSPORTS[binaryName];
-  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime);
-
   if (transport === 'argv' && !commandTokens.some((token) => token.includes('{prompt}'))) {
     warnings.push({
       probe_kind: 'transport_intent',
@@ -422,15 +420,6 @@ function analyzeLocalCliAuthorityIntent(runtimeId, runtime, roles) {
     });
   }
 
-  if (claudeAuthIssue) {
-    warnings.push({
-      probe_kind: 'auth_preflight',
-      level: 'warn',
-      detail: claudeAuthIssue.detail,
-      fix: claudeAuthIssue.fix,
-    });
-  }
-
   return { warnings };
 }
 

package/src/lib/connector-validate.js

@@ -105,11 +105,10 @@ export async function validateConfiguredConnector(sourceRoot, options = {}) {
     };
   }
 
-  // DEC-BUG54-CLAUDE-AUTH-PREFLIGHT-001 — refuse the known-hanging Claude
-  // local_cli shape before burning the scratch-workspace + synthetic-dispatch
-  // ceremony. The adapter also refuses this shape via `claude_auth_preflight_failed`,
-  // but the operator gets a faster, identical-fix message if we catch it here.
-  const claudeAuthIssue = getClaudeSubprocessAuthIssue(runtime);
+  // DEC-BUG56-PREFLIGHT-PROBE-OVER-SHAPE-CHECK-001 — refuse Claude local_cli
+  // auth-hang shapes only after a bounded smoke probe observes no stdout.
+  // Working Claude Max keychain setups must pass instead of false-positive.
+  const claudeAuthIssue = await getClaudeSubprocessAuthIssue(runtime);
   if (claudeAuthIssue) {
     return {
       ok: false,
@@ -131,6 +130,7 @@ export async function validateConfiguredConnector(sourceRoot, options = {}) {
       error_code: 'claude_auth_preflight_failed',
       error: claudeAuthIssue.detail,
       auth_env_present: claudeAuthIssue.auth_env_present,
+      smoke_probe: claudeAuthIssue.smoke_probe,
       fix: claudeAuthIssue.fix,
       dispatch: null,
       validation: null,

package/src/lib/governed-state.js

@@ -1383,6 +1383,10 @@ function classifyAcceptanceOverlap(targetTurn, conflictFiles, historyEntries, co
   const forwardRevisionTurns = new Map();
 
   for (const entry of historyEntries) {
+    if (targetTurn?.run_id && entry.run_id && entry.run_id !== targetTurn.run_id) {
+      continue;
+    }
+
     if ((entry.accepted_sequence || 0) <= (targetTurn.assigned_sequence || 0)) {
       continue;
     }
@@ -2096,6 +2100,24 @@ function inferApprovalPauseFromState(state, config) {
   };
 }
 
+function shouldNormalizeApprovalPauseBlock(state, inferred) {
+  if (!state || typeof state !== 'object') {
+    return false;
+  }
+
+  const blockedOn = typeof state.blocked_on === 'string' ? state.blocked_on : '';
+  const recovery = state.blocked_reason?.recovery;
+  const typedReason = recovery?.typed_reason || null;
+
+  if (blockedOn.startsWith('human_approval:')) {
+    return true;
+  }
+
+  return state.status === 'paused'
+    && state.blocked_reason != null
+    && (!typedReason || typedReason === inferred.typedReason);
+}
+
 export function reconcileApprovalPausesWithConfig(state, config) {
   if (!state || typeof state !== 'object' || !config) {
     return { state, changed: false };
@@ -2117,7 +2139,7 @@ export function reconcileApprovalPausesWithConfig(state, config) {
     changed = true;
   }
 
-  if (nextState.status === 'blocked' || nextState.blocked_reason != null) {
+  if (shouldNormalizeApprovalPauseBlock(nextState, inferred)) {
     nextState = {
       ...nextState,
       status: 'paused',
@@ -3034,12 +3056,20 @@ export function assignGovernedTurn(root, config, roleId, options = {}) {
   const concurrentWith = Object.keys(activeTurns);
 
   // Build the new turn object
+  // `started_at` is seeded at assignment so that direct assign→accept flows
+  // (non-dispatched, non-subprocess turns) still carry timing into history and
+  // the turn_accepted event payload (per TURN_TIMING_OBSERVABILITY_SPEC.md).
+  // BUG-51's dispatched-lifecycle path explicitly deletes this and the
+  // starting/running transitions re-set it, so dispatch-driven turns still
+  // reflect true subprocess-startup timing.
   const newTurn = {
     turn_id: turnId,
+    run_id: state.run_id,
     assigned_role: roleId,
     status: 'assigned',
     attempt: 1,
     assigned_at: now,
+    started_at: now,
     deadline_at: new Date(Date.now() + timeoutMinutes * 60 * 1000).toISOString(),
     runtime_id: runtimeId,
     baseline,

package/src/lib/mission-plans.js

@@ -489,8 +489,8 @@ function isAcceptedRepoHistoryEntry(entry) {
   return Boolean(entry?.accepted_at) || entry?.status === 'accepted';
 }
 
-const REPO_FAILURE_STATUSES = new Set(['failed_acceptance', 'failed', 'rejected', 'retrying', 'conflicted']);
-const RETRYABLE_COORDINATOR_FAILURE_STATUSES = new Set(['failed', 'failed_acceptance']);
+const REPO_FAILURE_STATUSES = new Set(['failed_acceptance', 'failed', 'failed_start', 'rejected', 'retrying', 'conflicted']);
+const RETRYABLE_COORDINATOR_FAILURE_STATUSES = new Set(['failed', 'failed_acceptance', 'failed_start']);
 
 function getLatestRepoDispatches(launchRecord) {
   const latestByRepo = new Map();
@@ -708,6 +708,18 @@ function synchronizeCoordinatorWorkstreamStatuses(root, plan, coordinatorConfig,
       continue;
     }
 
+    if (launchRecord?.status === 'failed' || (launchRecord?.terminal_reason && launchRecord.terminal_reason !== 'completed')) {
+      if (ws.launch_status !== 'needs_attention') {
+        ws.launch_status = 'needs_attention';
+        changed = true;
+      }
+      if (plan.status !== 'needs_attention') {
+        plan.status = 'needs_attention';
+        changed = true;
+      }
+      continue;
+    }
+
     if ((launchRecord?.repo_dispatches?.length || 0) > 0 || progress.accepted_repo_count > 0) {
       if (ws.launch_status !== 'launched') {
         ws.launch_status = 'launched';

package/src/templates/governed/enterprise-app.json

@@ -80,7 +80,7 @@
       "manual-pm": { "type": "manual" },
       "local-dev": {
         "type": "local_cli",
-        "command": ["claude", "--print", "--dangerously-skip-permissions"],
+        "command": ["claude", "--print", "--dangerously-skip-permissions", "--bare"],
         "cwd": ".",
         "prompt_transport": "stdin"
       },

package/src/templates/governed/full-local-cli.json

@@ -44,25 +44,25 @@
     "runtimes": {
       "local-pm": {
         "type": "local_cli",
-        "command": ["claude", "--print", "--dangerously-skip-permissions"],
+        "command": ["claude", "--print", "--dangerously-skip-permissions", "--bare"],
         "cwd": ".",
         "prompt_transport": "stdin"
       },
       "local-dev": {
         "type": "local_cli",
-        "command": ["claude", "--print", "--dangerously-skip-permissions"],
+        "command": ["claude", "--print", "--dangerously-skip-permissions", "--bare"],
         "cwd": ".",
         "prompt_transport": "stdin"
       },
       "local-qa": {
         "type": "local_cli",
-        "command": ["claude", "--print", "--dangerously-skip-permissions"],
+        "command": ["claude", "--print", "--dangerously-skip-permissions", "--bare"],
         "cwd": ".",
         "prompt_transport": "stdin"
       },
       "local-director": {
         "type": "local_cli",
-        "command": ["claude", "--print", "--dangerously-skip-permissions"],
+        "command": ["claude", "--print", "--dangerously-skip-permissions", "--bare"],
         "cwd": ".",
         "prompt_transport": "stdin"
       }