agentxchain 2.149.2 → 2.151.0

package/src/commands/init.js

@@ -195,15 +195,44 @@ const GOVERNED_ROUTING = {
 const GOVERNED_GATES = {
   planning_signoff: {
     requires_files: ['.planning/PM_SIGNOFF.md', '.planning/ROADMAP.md', '.planning/SYSTEM_SPEC.md'],
-    requires_human_approval: true
+    requires_human_approval: true,
+    credentialed: false
   },
   implementation_complete: {
     requires_files: ['.planning/IMPLEMENTATION_NOTES.md'],
-    requires_verification_pass: true
+    requires_verification_pass: true,
+    credentialed: false
   },
   qa_ship_verdict: {
     requires_files: ['.planning/acceptance-matrix.md', '.planning/ship-verdict.md', '.planning/RELEASE_NOTES.md'],
-    requires_human_approval: true
+    requires_human_approval: true,
+    requires_verification_pass: true,
+    credentialed: false
+  }
+};
+
+const GOVERNED_APPROVAL_POLICY = {
+  phase_transitions: {
+    default: 'require_human',
+    rules: [
+      {
+        from_phase: 'planning',
+        to_phase: 'implementation',
+        action: 'auto_approve',
+        when: {
+          gate_passed: true,
+          credentialed_gate: false
+        }
+      }
+    ]
+  },
+  run_completion: {
+    action: 'auto_approve',
+    when: {
+      gate_passed: true,
+      all_phases_visited: true,
+      credentialed_gate: false
+    }
   }
 };
 
@@ -713,6 +742,7 @@ function buildScaffoldConfigFromTemplate(template, localDevRuntime, workflowKitC
 
   const routing = cloneJsonCompatible(blueprint?.routing || GOVERNED_ROUTING);
   const gates = cloneJsonCompatible(blueprint?.gates || GOVERNED_GATES);
+  const approvalPolicy = cloneJsonCompatible(blueprint?.approval_policy || GOVERNED_APPROVAL_POLICY);
   const effectiveWorkflowKitConfig = workflowKitConfig || cloneJsonCompatible(blueprint?.workflow_kit || null);
   const prompts = Object.fromEntries(
     Object.keys(roles).map((roleId) => [roleId, `.agentxchain/prompts/${roleId}.md`])
@@ -725,6 +755,7 @@ function buildScaffoldConfigFromTemplate(template, localDevRuntime, workflowKitC
     runtimes,
     routing,
     gates,
+    approvalPolicy,
     policies,
     prompts,
     workflowKitConfig: effectiveWorkflowKitConfig,
@@ -778,7 +809,7 @@ export function scaffoldGoverned(dir, projectName, projectId, templateId = 'gene
   const template = loadGovernedTemplate(templateId);
   const { runtime: localDevRuntime } = resolveGovernedLocalDevRuntime(runtimeOptions);
   const scaffoldConfig = buildScaffoldConfigFromTemplate(template, localDevRuntime, workflowKitConfig, runtimeOptions);
-  const { roles, runtimes, routing, gates, policies, prompts, workflowKitConfig: effectiveWorkflowKitConfig } = scaffoldConfig;
+  const { roles, runtimes, routing, gates, approvalPolicy, policies, prompts, workflowKitConfig: effectiveWorkflowKitConfig } = scaffoldConfig;
   const scaffoldWorkflowKitConfig = effectiveWorkflowKitConfig
     ? normalizeWorkflowKit(effectiveWorkflowKitConfig, Object.keys(routing))
     : null;
@@ -804,6 +835,7 @@ export function scaffoldGoverned(dir, projectName, projectId, templateId = 'gene
     runtimes,
     routing,
     gates,
+    approval_policy: approvalPolicy,
     budget: {
       per_turn_max_usd: 2.0,
       per_run_max_usd: 50.0,

package/src/commands/mission.js

@@ -1377,7 +1377,9 @@ export async function missionPlanAutopilotCommand(planTarget, opts) {
       }
 
       if (waveNum === maxWaves) {
-        terminalReason = 'wave_limit_reached';
+        terminalReason = totalFailed > 0
+          ? (continueOnFailure ? 'plan_incomplete' : 'failure_stopped')
+          : 'wave_limit_reached';
         break;
       }
 
@@ -2030,7 +2032,9 @@ async function coordinatorAutopilot(planTarget, opts, context, mission) {
       }
 
       if (waveNum === maxWaves) {
-        terminalReason = 'wave_limit_reached';
+        terminalReason = totalFailed > 0
+          ? (continueOnFailure ? 'plan_incomplete' : 'failure_stopped')
+          : 'wave_limit_reached';
         break;
       }
 

package/src/commands/restart.js

@@ -219,7 +219,7 @@ export async function restartCommand(opts) {
     process.exit(1);
   }
 
-  if (state.status === 'blocked') {
+  if (state.status === 'blocked' && !state.pending_phase_transition && !state.pending_run_completion) {
     console.log(chalk.red('Run is blocked. Resolve the blocker first.'));
     const recovery = deriveRecoveryDescriptor(state, config);
     if (recovery) {

package/src/commands/turn.js

@@ -120,7 +120,14 @@ function buildArtifactIndex(root, turnId) {
 }
 
 function buildTurnPayload(turnId, turn, state, artifacts, assignment, config) {
-  const elapsedMs = getElapsedMs(turn.started_at);
+  // Effective start time for display: BUG-51 hardening clears `started_at`
+  // when a turn transitions to `dispatched` so ghost-turn detection can key
+  // off `dispatched_at`. For manual runtimes (no subprocess), no later
+  // `starting` transition re-sets `started_at`, so fall back to
+  // `dispatched_at` (operator-dispatched = effective start) and
+  // `assigned_at` as a last resort so the timing surface stays populated.
+  const effectiveStartedAt = turn.started_at || turn.dispatched_at || turn.assigned_at || null;
+  const elapsedMs = getElapsedMs(effectiveStartedAt);
   const payload = {
     turn_id: turnId,
     run_id: state.run_id || assignment?.run_id || null,
@@ -129,7 +136,7 @@ function buildTurnPayload(turnId, turn, state, artifacts, assignment, config) {
     runtime: turn.runtime_id,
     status: turn.status,
     attempt: turn.attempt,
-    started_at: turn.started_at || null,
+    started_at: effectiveStartedAt,
     elapsed_ms: elapsedMs,
     dispatch_dir: getDispatchTurnDir(turnId),
     staging_result_path: assignment?.staging_result_path || null,
@@ -152,7 +159,9 @@ function buildTurnPayload(turnId, turn, state, artifacts, assignment, config) {
 }
 
 function printTurnSummary(turnId, turn, state, artifacts, assignment, config) {
-  const elapsedMs = getElapsedMs(turn.started_at);
+  // See buildTurnPayload for rationale on fallback ordering.
+  const effectiveStartedAt = turn.started_at || turn.dispatched_at || turn.assigned_at || null;
+  const elapsedMs = getElapsedMs(effectiveStartedAt);
   console.log('');
   console.log(chalk.bold(`  Turn: ${chalk.cyan(turnId)}`));
   console.log(chalk.dim('  ' + '─'.repeat(44)));
@@ -162,8 +171,8 @@ function printTurnSummary(turnId, turn, state, artifacts, assignment, config) {
   console.log(`  ${chalk.dim('Runtime:')}  ${turn.runtime_id}`);
   console.log(`  ${chalk.dim('Status:')}   ${turn.status}`);
   console.log(`  ${chalk.dim('Attempt:')}  ${turn.attempt}`);
-  if (turn.started_at) {
-    console.log(`  ${chalk.dim('Started:')}  ${turn.started_at}`);
+  if (effectiveStartedAt) {
+    console.log(`  ${chalk.dim('Started:')}  ${effectiveStartedAt}`);
   }
   if (elapsedMs != null) {
     console.log(`  ${chalk.dim('Elapsed:')}  ${formatElapsed(elapsedMs)}`);

package/src/lib/adapters/local-cli-adapter.js

@@ -41,6 +41,7 @@ const DIAGNOSTIC_ENV_KEYS = [
   'AGENTXCHAIN_TURN_ID',
 ];
 const DIAGNOSTIC_STDERR_EXCERPT_LIMIT = 800;
+const DEFAULT_STARTUP_WATCHDOG_MS = 180_000;
 
 /**
  * Launch a local CLI subprocess for a governed turn.
@@ -264,7 +265,29 @@ export async function dispatchLocalCli(root, state, config, options = {}) {
       armStartupWatchdog();
     });
 
-    // Deliver prompt via stdin if transport is "stdin"; otherwise close immediately
+    // Collect stdout/stderr
+    if (child.stdout) {
+      child.stdout.on('data', (chunk) => {
+        const text = chunk.toString();
+        stdoutBytes += Buffer.byteLength(text);
+        recordFirstOutput('stdout');
+        logs.push(text);
+        if (onStdout) onStdout(text);
+      });
+    }
+
+    if (child.stderr) {
+      child.stderr.on('data', (chunk) => {
+        const text = chunk.toString();
+        stderrBytes += Buffer.byteLength(text);
+        stderrExcerpt = appendDiagnosticExcerpt(stderrExcerpt, text, DIAGNOSTIC_STDERR_EXCERPT_LIMIT);
+        logs.push('[stderr] ' + text);
+        if (onStderr) onStderr(text);
+      });
+    }
+
+    // Deliver prompt only after output listeners are registered. This removes
+    // the remaining adapter-side ordering risk for fast stdin-driven children.
     if (child.stdin) {
       child.stdin.on('error', (err) => {
         appendDiagnostic(logs, 'stdin_error', {
@@ -287,27 +310,6 @@ export async function dispatchLocalCli(root, state, config, options = {}) {
       }
     }
 
-    // Collect stdout/stderr
-    if (child.stdout) {
-      child.stdout.on('data', (chunk) => {
-        const text = chunk.toString();
-        stdoutBytes += Buffer.byteLength(text);
-        recordFirstOutput('stdout');
-        logs.push(text);
-        if (onStdout) onStdout(text);
-      });
-    }
-
-    if (child.stderr) {
-      child.stderr.on('data', (chunk) => {
-        const text = chunk.toString();
-        stderrBytes += Buffer.byteLength(text);
-        stderrExcerpt = appendDiagnosticExcerpt(stderrExcerpt, text, DIAGNOSTIC_STDERR_EXCERPT_LIMIT);
-        logs.push('[stderr] ' + text);
-        if (onStderr) onStderr(text);
-      });
-    }
-
     // Timeout handling per §20.4
     let timeoutHandle;
     let sigkillHandle;
@@ -578,7 +580,7 @@ function resolveStartupWatchdogMs(config, runtime) {
   if (Number.isInteger(config?.run_loop?.startup_watchdog_ms) && config.run_loop.startup_watchdog_ms > 0) {
     return config.run_loop.startup_watchdog_ms;
   }
-  return 30_000;
+  return DEFAULT_STARTUP_WATCHDOG_MS;
 }
 
 /**

package/src/lib/approval-policy.js

@@ -37,7 +37,26 @@ export function evaluateApprovalPolicy({ gateResult, gateType, state, config })
   return evaluatePhaseTransitionPolicy({ gateResult, state, config, policy });
 }
 
+// BUG-59 (DEC-BUG59-CREDENTIALED-GATE-HARD-STOP-001): gate definitions may
+// carry `credentialed: true` to mark gates protecting external, irreversible,
+// or operator-owned credentialed actions. Credentialed gates are never
+// auto-approvable by policy, even under a catch-all `default: auto_approve`
+// rule. The guard runs before any rule evaluation so a missing `when` block
+// cannot bypass it.
+function isCredentialedGate(config, gateId) {
+  if (!gateId) return false;
+  return config?.gates?.[gateId]?.credentialed === true;
+}
+
 function evaluateRunCompletionPolicy({ gateResult, state, config, policy }) {
+  if (isCredentialedGate(config, gateResult?.gate_id)) {
+    return {
+      action: 'require_human',
+      matched_rule: null,
+      reason: 'credentialed gate — policy auto-approval forbidden',
+    };
+  }
+
   const rc = policy.run_completion;
   if (!rc || !rc.action) {
     return { action: 'require_human', matched_rule: null, reason: 'no run_completion policy' };
@@ -59,6 +78,14 @@ function evaluateRunCompletionPolicy({ gateResult, state, config, policy }) {
 }
 
 function evaluatePhaseTransitionPolicy({ gateResult, state, config, policy }) {
+  if (isCredentialedGate(config, gateResult?.gate_id)) {
+    return {
+      action: 'require_human',
+      matched_rule: null,
+      reason: 'credentialed gate — policy auto-approval forbidden',
+    };
+  }
+
   const pt = policy.phase_transitions;
   if (!pt) {
     return { action: 'require_human', matched_rule: null, reason: 'no phase_transitions policy' };
@@ -120,6 +147,23 @@ function checkConditions(when, { gateResult, state, config }) {
     }
   }
 
+  // credentialed_gate (BUG-59, DEC-BUG59-CREDENTIALED-GATE-PREDICATE-NEGATIVE-ONLY-001):
+  // only `false` is a valid runtime value — asserts the gate is NOT credentialed
+  // as a defensive precondition. Credentialed gates are hard-stopped upstream so
+  // this predicate never sees them when value is `false` (matches → condition ok).
+  // Value `true` is treated as unmet because the hard-stop prevents credentialed
+  // gates from reaching condition evaluation anyway; schema validation (slice 2)
+  // will reject `true` at config load time for unambiguous intent.
+  if (Object.prototype.hasOwnProperty.call(when, 'credentialed_gate')) {
+    const gateIsCredentialed = config?.gates?.[gateResult?.gate_id]?.credentialed === true;
+    if (when.credentialed_gate === false && gateIsCredentialed) {
+      return { ok: false, reason: 'condition credentialed_gate: false not met — gate is credentialed' };
+    }
+    if (when.credentialed_gate === true) {
+      return { ok: false, reason: 'condition credentialed_gate: true not supported — credentialed gates are hard-stopped upstream' };
+    }
+  }
+
   // all_phases_visited: every routing phase must appear in history
   if (when.all_phases_visited === true) {
     const routingPhases = Object.keys(config.routing || {});

package/src/lib/governed-state.js

@@ -1383,6 +1383,10 @@ function classifyAcceptanceOverlap(targetTurn, conflictFiles, historyEntries, co
   const forwardRevisionTurns = new Map();
 
   for (const entry of historyEntries) {
+    if (targetTurn?.run_id && entry.run_id && entry.run_id !== targetTurn.run_id) {
+      continue;
+    }
+
     if ((entry.accepted_sequence || 0) <= (targetTurn.assigned_sequence || 0)) {
       continue;
     }
@@ -2096,6 +2100,24 @@ function inferApprovalPauseFromState(state, config) {
   };
 }
 
+function shouldNormalizeApprovalPauseBlock(state, inferred) {
+  if (!state || typeof state !== 'object') {
+    return false;
+  }
+
+  const blockedOn = typeof state.blocked_on === 'string' ? state.blocked_on : '';
+  const recovery = state.blocked_reason?.recovery;
+  const typedReason = recovery?.typed_reason || null;
+
+  if (blockedOn.startsWith('human_approval:')) {
+    return true;
+  }
+
+  return state.status === 'paused'
+    && state.blocked_reason != null
+    && (!typedReason || typedReason === inferred.typedReason);
+}
+
 export function reconcileApprovalPausesWithConfig(state, config) {
   if (!state || typeof state !== 'object' || !config) {
     return { state, changed: false };
@@ -2117,7 +2139,7 @@ export function reconcileApprovalPausesWithConfig(state, config) {
     changed = true;
   }
 
-  if (nextState.status === 'blocked' || nextState.blocked_reason != null) {
+  if (shouldNormalizeApprovalPauseBlock(nextState, inferred)) {
     nextState = {
       ...nextState,
       status: 'paused',
@@ -2643,6 +2665,91 @@ export function reconcilePhaseAdvanceBeforeDispatch(root, config, state = null)
   });
 
   if (gateResult.action === 'awaiting_human_approval') {
+    // BUG-59 (DEC-BUG59-PLAN-LAYERED-FIX-001, slice 3): before falling back to
+    // the BUG-52 "human already unblocked" advancement path, consult
+    // approval_policy. If the configured policy auto-approves this transition
+    // (and the gate is not credentialed), advance directly and write an
+    // `approval_policy` ledger entry matching the accepted-turn path shape at
+    // governed-state.js:4909-4919. Credentialed gates are hard-stopped inside
+    // evaluateApprovalPolicy per DEC-BUG59-CREDENTIALED-GATE-HARD-STOP-001, so
+    // a credentialed gate lands here with action === 'require_human' and falls
+    // through to the existing approvePhaseTransition path (which itself
+    // requires paused/blocked status produced by a real human unblock).
+    const approvalResult = evaluateApprovalPolicy({
+      gateResult,
+      gateType: 'phase_transition',
+      state: { ...currentState, history: historyEntries },
+      config,
+    });
+
+    if (approvalResult.action === 'auto_approve') {
+      const now = new Date().toISOString();
+      const prevPhase = currentState.phase;
+      const nextState = {
+        ...currentState,
+        phase: gateResult.next_phase,
+        phase_entered_at: now,
+        blocked_on: null,
+        blocked_reason: null,
+        last_gate_failure: null,
+        pending_phase_transition: null,
+        queued_phase_transition: null,
+        phase_gate_status: {
+          ...(currentState.phase_gate_status || {}),
+          [gateResult.gate_id || 'no_gate']: 'passed',
+        },
+      };
+      writeState(root, nextState);
+      appendJsonl(root, LEDGER_PATH, {
+        type: 'approval_policy',
+        gate_type: 'phase_transition',
+        action: 'auto_approve',
+        matched_rule: approvalResult.matched_rule,
+        from_phase: prevPhase,
+        to_phase: gateResult.next_phase,
+        reason: approvalResult.reason,
+        gate_id: gateResult.gate_id || null,
+        timestamp: now,
+      });
+      const retiredIntentIds = retireApprovedPhaseScopedIntents(root, nextState, config, prevPhase, now);
+      if (retiredIntentIds.length > 0) {
+        emitRunEvent(root, 'intent_retired_by_phase_advance', {
+          run_id: nextState.run_id,
+          phase: nextState.phase,
+          status: nextState.status,
+          turn: phaseSource.turn_id ? { turn_id: phaseSource.turn_id, role_id: phaseSource.role || phaseSource.assigned_role || null } : undefined,
+          payload: {
+            exited_phase: prevPhase,
+            entered_phase: gateResult.next_phase,
+            retired_count: retiredIntentIds.length,
+            retired_intent_ids: retiredIntentIds,
+          },
+        });
+      }
+      emitRunEvent(root, 'phase_entered', {
+        run_id: nextState.run_id,
+        phase: nextState.phase,
+        status: nextState.status,
+        turn: phaseSource.turn_id ? { turn_id: phaseSource.turn_id, role_id: phaseSource.role || phaseSource.assigned_role || null } : undefined,
+        payload: {
+          from: prevPhase,
+          to: gateResult.next_phase,
+          gate_id: gateResult.gate_id || 'no_gate',
+          trigger: 'auto_approved',
+        },
+      });
+      return {
+        ok: true,
+        state: attachLegacyCurrentTurnAlias(nextState),
+        advanced: true,
+        from_phase: prevPhase,
+        to_phase: gateResult.next_phase,
+        gate_id: gateResult.gate_id || null,
+        gateResult,
+        approval_policy: approvalResult,
+      };
+    }
+
     const pausedState = {
       ...currentState,
       status: 'paused',
@@ -2667,6 +2774,7 @@ export function reconcilePhaseAdvanceBeforeDispatch(root, config, state = null)
       to_phase: approved.state?.phase || gateResult.next_phase || null,
       gate_id: gateResult.gate_id || null,
       gateResult,
+      approval_policy: approvalResult,
     };
   }
 
@@ -3034,12 +3142,20 @@ export function assignGovernedTurn(root, config, roleId, options = {}) {
   const concurrentWith = Object.keys(activeTurns);
 
   // Build the new turn object
+  // `started_at` is seeded at assignment so that direct assign→accept flows
+  // (non-dispatched, non-subprocess turns) still carry timing into history and
+  // the turn_accepted event payload (per TURN_TIMING_OBSERVABILITY_SPEC.md).
+  // BUG-51's dispatched-lifecycle path explicitly deletes this and the
+  // starting/running transitions re-set it, so dispatch-driven turns still
+  // reflect true subprocess-startup timing.
   const newTurn = {
     turn_id: turnId,
+    run_id: state.run_id,
     assigned_role: roleId,
     status: 'assigned',
     attempt: 1,
     assigned_at: now,
+    started_at: now,
     deadline_at: new Date(Date.now() + timeoutMinutes * 60 * 1000).toISOString(),
     runtime_id: runtimeId,
     baseline,
@@ -5469,6 +5585,7 @@ function _acceptGovernedTurnLocked(root, config, opts) {
       status: 'completed',
       payload: { completed_at: updatedState.completed_at || now },
     });
+    recordRunHistory(root, updatedState, config, 'completed');
   }
 
   // Session checkpoint — non-fatal, written after every successful acceptance

package/src/lib/governed-templates.js

@@ -83,6 +83,7 @@ const VALID_SCAFFOLD_BLUEPRINT_KEYS = new Set([
   'gates',
   'policies',
   'workflow_kit',
+  'approval_policy',
 ]);
 
 function validateScaffoldBlueprint(scaffoldBlueprint, errors) {

package/src/lib/mission-plans.js

@@ -489,8 +489,8 @@ function isAcceptedRepoHistoryEntry(entry) {
   return Boolean(entry?.accepted_at) || entry?.status === 'accepted';
 }
 
-const REPO_FAILURE_STATUSES = new Set(['failed_acceptance', 'failed', 'rejected', 'retrying', 'conflicted']);
-const RETRYABLE_COORDINATOR_FAILURE_STATUSES = new Set(['failed', 'failed_acceptance']);
+const REPO_FAILURE_STATUSES = new Set(['failed_acceptance', 'failed', 'failed_start', 'rejected', 'retrying', 'conflicted']);
+const RETRYABLE_COORDINATOR_FAILURE_STATUSES = new Set(['failed', 'failed_acceptance', 'failed_start']);
 
 function getLatestRepoDispatches(launchRecord) {
   const latestByRepo = new Map();
@@ -708,6 +708,18 @@ function synchronizeCoordinatorWorkstreamStatuses(root, plan, coordinatorConfig,
       continue;
     }
 
+    if (launchRecord?.status === 'failed' || (launchRecord?.terminal_reason && launchRecord.terminal_reason !== 'completed')) {
+      if (ws.launch_status !== 'needs_attention') {
+        ws.launch_status = 'needs_attention';
+        changed = true;
+      }
+      if (plan.status !== 'needs_attention') {
+        plan.status = 'needs_attention';
+        changed = true;
+      }
+      continue;
+    }
+
     if ((launchRecord?.repo_dispatches?.length || 0) > 0 || progress.accepted_repo_count > 0) {
       if (ws.launch_status !== 'launched') {
         ws.launch_status = 'launched';

package/src/lib/normalized-config.js

@@ -557,6 +557,7 @@ export function validateV4Config(data, projectRoot) {
   // Gates (optional but validated if present)
   if (data.gates) {
     validateGateActionsConfig(data.gates, errors);
+    validateGateCredentialedConfig(data.gates, errors);
     if (data.gates && typeof data.gates === 'object' && !Array.isArray(data.gates) && data.routing) {
       for (const [, route] of Object.entries(data.routing)) {
         if (route.exit_gate && !data.gates[route.exit_gate]) {
@@ -996,6 +997,21 @@ export function validateWorkflowKitConfig(wk, routing, roles, runtimes = {}) {
 
 const VALID_APPROVAL_ACTIONS = ['auto_approve', 'require_human'];
 
+function validateGateCredentialedConfig(gates, errors) {
+  if (!gates || typeof gates !== 'object' || Array.isArray(gates)) {
+    return;
+  }
+
+  for (const [gateId, gate] of Object.entries(gates)) {
+    if (!gate || typeof gate !== 'object' || Array.isArray(gate)) {
+      continue;
+    }
+    if (gate.credentialed !== undefined && typeof gate.credentialed !== 'boolean') {
+      errors.push(`gates.${gateId}.credentialed must be a boolean when provided`);
+    }
+  }
+}
+
 /**
  * Validate the approval_policy config section.
  * Returns an array of error strings.
@@ -1098,6 +1114,13 @@ function validateApprovalWhen(when, prefix) {
   if (when.all_phases_visited !== undefined && typeof when.all_phases_visited !== 'boolean') {
     errors.push(`${prefix}.when.all_phases_visited must be a boolean`);
   }
+  if (when.credentialed_gate !== undefined) {
+    if (typeof when.credentialed_gate !== 'boolean') {
+      errors.push(`${prefix}.when.credentialed_gate must be a boolean`);
+    } else if (when.credentialed_gate !== false) {
+      errors.push(`${prefix}.when.credentialed_gate must be false when provided (DEC-BUG59-CREDENTIALED-GATE-PREDICATE-NEGATIVE-ONLY-001)`);
+    }
+  }
   return errors;
 }
 

package/src/lib/schemas/agentxchain-config.schema.json

@@ -61,7 +61,14 @@
       "type": ["array", "object"]
     },
     "approval_policy": {
-      "type": ["object", "null"]
+      "oneOf": [
+        {
+          "$ref": "#/$defs/approval_policy"
+        },
+        {
+          "type": "null"
+        }
+      ]
     },
     "timeouts": {
       "type": ["object", "null"]
@@ -91,7 +98,7 @@
         "startup_watchdog_ms": {
           "type": "integer",
           "minimum": 1,
-          "description": "Milliseconds to wait after dispatch for worker attach/first-output proof before retaining the turn as failed_start. Default 30000."
+          "description": "Milliseconds to wait after dispatch for worker attach/first-output proof before retaining the turn as failed_start. Default 180000."
         },
         "stale_turn_threshold_ms": {
           "type": "integer",
@@ -220,6 +227,87 @@
         },
         "requires_verification_pass": {
           "type": "boolean"
+        },
+        "credentialed": {
+          "type": "boolean",
+          "description": "When true, this gate protects a credentialed, irreversible, or operator-owned action and cannot be auto-approved by approval_policy."
+        }
+      },
+      "additionalProperties": true
+    },
+    "approval_policy": {
+      "type": "object",
+      "properties": {
+        "phase_transitions": {
+          "$ref": "#/$defs/approval_phase_transitions"
+        },
+        "run_completion": {
+          "$ref": "#/$defs/approval_run_completion"
+        }
+      },
+      "additionalProperties": true
+    },
+    "approval_phase_transitions": {
+      "type": "object",
+      "properties": {
+        "default": {
+          "enum": ["auto_approve", "require_human"]
+        },
+        "rules": {
+          "type": "array",
+          "items": {
+            "$ref": "#/$defs/approval_phase_rule"
+          }
+        }
+      },
+      "additionalProperties": true
+    },
+    "approval_phase_rule": {
+      "type": "object",
+      "properties": {
+        "from_phase": {
+          "$ref": "#/$defs/non_empty_string"
+        },
+        "to_phase": {
+          "$ref": "#/$defs/non_empty_string"
+        },
+        "action": {
+          "enum": ["auto_approve", "require_human"]
+        },
+        "when": {
+          "$ref": "#/$defs/approval_when"
+        }
+      },
+      "additionalProperties": true
+    },
+    "approval_run_completion": {
+      "type": "object",
+      "properties": {
+        "action": {
+          "enum": ["auto_approve", "require_human"]
+        },
+        "when": {
+          "$ref": "#/$defs/approval_when"
+        }
+      },
+      "additionalProperties": true
+    },
+    "approval_when": {
+      "type": "object",
+      "properties": {
+        "gate_passed": {
+          "type": "boolean"
+        },
+        "roles_participated": {
+          "$ref": "#/$defs/string_array"
+        },
+        "all_phases_visited": {
+          "type": "boolean"
+        },
+        "credentialed_gate": {
+          "type": "boolean",
+          "enum": [false],
+          "description": "Only false is valid. Credentialed gates are hard-stopped before policy rule matching."
         }
       },
       "additionalProperties": true