agentxchain 2.155.64 → 2.155.66

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentxchain",
-  "version": "2.155.64",
+  "version": "2.155.66",
   "description": "CLI for AgentXchain — governed multi-agent software delivery",
   "type": "module",
   "bin": {

package/src/commands/run.js

@@ -497,11 +497,36 @@ export async function executeGovernedRun(context, opts = {}) {
             : 0,
           recommendation: `Turn ${turn.turn_id} failed to start within the startup watchdog window. Run \`agentxchain reissue-turn --turn ${turn.turn_id} --reason ghost\` to recover.`,
         });
-        return { accept: false, blocked: true, reason: adapterResult.error || 'turn startup failed' };
+        return {
+          accept: false,
+          blocked: true,
+          blockedAlreadyPersisted: true,
+          reason: adapterResult.error || 'turn startup failed',
+        };
       }
 
       // Adapter failure
       if (!adapterResult.ok) {
+        if (adapterResult.blocked === true) {
+          const classified = adapterResult.classified || null;
+          const detail = classified
+            ? `${classified.error_class}: ${classified.recovery}`
+            : (adapterResult.error || 'adapter dispatch failed');
+          return {
+            accept: false,
+            blocked: true,
+            blockedOn: `dispatch:${classified?.error_class || 'subprocess_failed'}`,
+            blockedCategory: 'dispatch_error',
+            recovery: {
+              typed_reason: 'dispatch_error',
+              owner: 'human',
+              recovery_action: classified?.recovery || 'Resolve the dispatch issue, then run agentxchain step --resume',
+              turn_retained: true,
+              detail,
+            },
+            reason: detail,
+          };
+        }
         if (shouldSuggestManualQaFallback({
           roleId,
           runtimeId,

package/src/lib/adapters/local-cli-adapter.js

@@ -30,7 +30,11 @@ import {
 } from '../turn-paths.js';
 import { verifyDispatchManifestForAdapter } from '../dispatch-manifest.js';
 import { hasMeaningfulStagedResult } from '../staged-result-proof.js';
-import { getClaudeSubprocessAuthIssue } from '../claude-local-auth.js';
+import {
+  getClaudeSubprocessAuthIssue,
+  hasClaudeAuthenticationFailureText,
+  isClaudeLocalCliRuntime,
+} from '../claude-local-auth.js';
 
 const DIAGNOSTIC_ENV_KEYS = [
   'PATH',
@@ -427,6 +431,22 @@ export async function dispatchLocalCli(root, state, config, options = {}) {
 
       if (hasResult) {
         settle({ ok: true, exitCode, timedOut: false, aborted: false, logs, firstOutputAt });
+      } else if (isClaudeLocalCliRuntime(runtime) && hasClaudeAuthFailureOutput(logs)) {
+        const recovery = 'Refresh Claude credentials before resuming: export a valid ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN, then run agentxchain step --resume.';
+        settle({
+          ok: false,
+          blocked: true,
+          exitCode,
+          timedOut: false,
+          aborted: false,
+          firstOutputAt,
+          classified: {
+            error_class: 'claude_auth_failed',
+            recovery,
+          },
+          error: `Claude local_cli authentication failed. ${recovery}`,
+          logs,
+        });
       } else if (startupTimedOut) {
         settle({
           ok: false,
@@ -640,6 +660,11 @@ function appendDiagnostic(logs, label, payload) {
   logs.push(`[adapter:diag] ${label} ${JSON.stringify(payload)}\n`);
 }
 
+function hasClaudeAuthFailureOutput(logs) {
+  if (!Array.isArray(logs)) return false;
+  return logs.some((line) => hasClaudeAuthenticationFailureText(line));
+}
+
 function pickDiagnosticEnv(env) {
   return Object.fromEntries(
     DIAGNOSTIC_ENV_KEYS

package/src/lib/claude-local-auth.js

@@ -10,6 +10,7 @@ const CLAUDE_ENV_AUTH_KEYS = [
 
 const DEFAULT_SMOKE_PROBE_TIMEOUT_MS = 10_000;
 const DEFAULT_SMOKE_PROBE_STDIN = 'ok';
+const CLAUDE_AUTH_FAILURE_RE = /authentication_failed|authentication_error|invalid authentication credentials|unauthorized|API Error:\s*401/i;
 
 function normalizeCommandTokens(runtime) {
   if (Array.isArray(runtime?.command)) {
@@ -32,6 +33,10 @@ export function isClaudeLocalCliRuntime(runtime) {
   return head === 'claude' || head.endsWith('/claude');
 }
 
+export function hasClaudeAuthenticationFailureText(text) {
+  return typeof text === 'string' && CLAUDE_AUTH_FAILURE_RE.test(text);
+}
+
 export function hasClaudeBareFlag(runtime) {
   return normalizeCommandTokens(runtime).includes('--bare');
 }

package/src/lib/continuous-run.js

@@ -53,6 +53,10 @@ import {
   formatPhantomIntentSupersessionNotice,
 } from './intent-startup-migration.js';
 import { checkpointAcceptedTurn } from './turn-checkpoint.js';
+import {
+  hasClaudeAuthenticationFailureText,
+  isClaudeLocalCliRuntime,
+} from './claude-local-auth.js';
 
 const CONTINUOUS_SESSION_PATH = '.agentxchain/continuous-session.json';
 const PRODUCTIVE_TIMEOUT_RETRY_MAX_PER_RUN = 1;
@@ -309,6 +313,87 @@ function getBlockedCategory(state) {
   return state?.blocked_reason?.category || null;
 }
 
+const CLAUDE_AUTH_RECOVERY_ACTION =
+  'Refresh Claude credentials before resuming: export a valid ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN, then run agentxchain step --resume.';
+
+function findRetainedClaudeAuthEscalation(root, state, config) {
+  if (!state || state.status !== 'blocked') return null;
+  if (state.blocked_reason?.category !== 'retries_exhausted') return null;
+  if (typeof state.blocked_on !== 'string' || !state.blocked_on.startsWith('escalation:retries-exhausted:')) {
+    return null;
+  }
+  const turnId = state.blocked_reason?.turn_id || state.escalation?.from_turn_id || null;
+  const activeTurns = state.active_turns || {};
+  const candidateIds = turnId && activeTurns[turnId] ? [turnId] : Object.keys(activeTurns);
+  for (const candidateId of candidateIds) {
+    const turn = activeTurns[candidateId];
+    if (!turn || turn.status !== 'failed') continue;
+    if (turn.last_rejection?.failed_stage !== 'dispatch') continue;
+    const runtime = config?.runtimes?.[turn.runtime_id];
+    if (!isClaudeLocalCliRuntime(runtime)) continue;
+    const stagingPath = join(root, getTurnStagingResultPath(candidateId));
+    if (existsSync(stagingPath)) continue;
+    const logPath = join(root, getDispatchLogPath(candidateId));
+    if (!existsSync(logPath)) continue;
+    let logText = '';
+    try {
+      logText = readFileSync(logPath, 'utf8');
+    } catch {
+      continue;
+    }
+    if (!hasClaudeAuthenticationFailureText(logText)) continue;
+    return { turn_id: candidateId, turn, previous_blocked_on: state.blocked_on };
+  }
+  return null;
+}
+
+function maybeReclassifyRetainedClaudeAuthEscalation(context, session, state, log = console.log) {
+  const { root, config } = context;
+  const candidate = findRetainedClaudeAuthEscalation(root, state, config);
+  if (!candidate) return null;
+
+  const blockedAt = new Date().toISOString();
+  const nextState = {
+    ...state,
+    status: 'blocked',
+    blocked_on: 'dispatch:claude_auth_failed',
+    blocked_reason: {
+      category: 'dispatch_error',
+      blocked_at: blockedAt,
+      turn_id: candidate.turn_id,
+      reclassified_from: {
+        blocked_on: state.blocked_on || null,
+        category: state.blocked_reason?.category || null,
+      },
+      recovery: {
+        typed_reason: 'dispatch_error',
+        owner: 'human',
+        recovery_action: CLAUDE_AUTH_RECOVERY_ACTION,
+        turn_retained: true,
+        detail: `claude_auth_failed: ${CLAUDE_AUTH_RECOVERY_ACTION}`,
+      },
+    },
+    escalation: null,
+  };
+
+  writeGovernedState(root, nextState);
+  emitRunEvent(root, 'retained_claude_auth_escalation_reclassified', {
+    run_id: nextState.run_id || session.current_run_id || null,
+    phase: nextState.phase || null,
+    status: 'blocked',
+    turn: { turn_id: candidate.turn_id, role_id: candidate.turn.assigned_role || null },
+    payload: {
+      turn_id: candidate.turn_id,
+      previous_blocked_on: candidate.previous_blocked_on,
+      blocked_on: nextState.blocked_on,
+      runtime_id: candidate.turn.runtime_id || null,
+      recovery_action: CLAUDE_AUTH_RECOVERY_ACTION,
+    },
+  });
+  log(`Reclassified retained Claude auth escalation for ${candidate.turn_id} as dispatch:claude_auth_failed.`);
+  return nextState;
+}
+
 const RECOVERABLE_ACTIVE_TURN_STATUSES = new Set(['assigned', 'dispatched', 'starting', 'running']);
 
 function hasOnlyRecoverableActiveTurns(activeTurns = {}) {
@@ -1714,7 +1799,9 @@ export async function advanceContinuousRunOnce(context, session, contOpts, execu
 
   const startupGovernedState = loadProjectState(root, context.config);
   if (startupGovernedState?.status === 'blocked') {
-    const retried = await maybeAutoRetryContinuousBlocker(context, session, contOpts, startupGovernedState, log);
+    const reclassifiedState = maybeReclassifyRetainedClaudeAuthEscalation(context, session, startupGovernedState, log);
+    const effectiveBlockedState = reclassifiedState || startupGovernedState;
+    const retried = await maybeAutoRetryContinuousBlocker(context, session, contOpts, effectiveBlockedState, log);
     if (retried) return retried;
     session.status = 'paused';
     writeContinuousSession(root, session);
@@ -1722,9 +1809,9 @@ export async function advanceContinuousRunOnce(context, session, contOpts, execu
       ok: true,
       status: 'blocked',
       action: 'still_blocked',
-      run_id: session.current_run_id || startupGovernedState.run_id || null,
-      recovery_action: getBlockedRecoveryAction(startupGovernedState),
-      blocked_category: getBlockedCategory(startupGovernedState),
+      run_id: session.current_run_id || effectiveBlockedState.run_id || null,
+      recovery_action: getBlockedRecoveryAction(effectiveBlockedState),
+      blocked_category: getBlockedCategory(effectiveBlockedState),
     };
   }
 

package/src/lib/run-events.js

@@ -48,6 +48,7 @@ export const VALID_RUN_EVENTS = [
   'ghost_retry_exhausted',
   'auto_retried_productive_timeout',
   'productive_timeout_retry_exhausted',
+  'retained_claude_auth_escalation_reclassified',
   'state_reconciled_operator_commits',
   'operator_commit_reconcile_refused',
   'charter_materialization_required',

package/src/lib/run-loop.js

@@ -461,6 +461,9 @@ async function executeParallelTurns(root, config, state, maxConcurrent, callback
       emit({ type: 'turn_accepted', turn, role: roleId, state: acceptResult.state });
     } else {
       if (dispatchResult?.blocked === true) {
+        if (dispatchResult.blockedAlreadyPersisted !== true) {
+          persistDispatchBlocker(root, config, turn, dispatchResult, errors);
+        }
         history.push({ role: roleId, turn_id: turn.turn_id, accepted: false, blocked: true });
         const blockedState = loadState(root, config);
         emit({ type: 'blocked', state: blockedState });
@@ -653,6 +656,9 @@ async function dispatchAndProcess(root, config, turn, assignState, callbacks, em
   }
 
   if (dispatchResult?.blocked === true) {
+    if (dispatchResult.blockedAlreadyPersisted !== true) {
+      persistDispatchBlocker(root, config, turn, dispatchResult, errors);
+    }
     history.push({ role: roleId, turn_id: turn.turn_id, accepted: false, blocked: true });
     const blockedState = loadState(root, config);
     emit({ type: 'blocked', state: blockedState });
@@ -847,3 +853,25 @@ function persistDispatchTimeout(root, config, turn, timeoutResult, errors) {
   errors.push(`dispatch timed out for ${turn.assigned_role} after ${timeoutResult.limit_minutes}m`);
   return blocked;
 }
+
+function persistDispatchBlocker(root, config, turn, dispatchResult, errors) {
+  const recovery = dispatchResult.recovery || {
+    typed_reason: 'dispatch_error',
+    owner: 'human',
+    recovery_action: 'Resolve the dispatch issue, then run agentxchain step --resume',
+    turn_retained: true,
+    detail: dispatchResult.reason || 'adapter dispatch failed',
+  };
+  const blocked = markRunBlocked(root, {
+    blockedOn: dispatchResult.blockedOn || 'dispatch:subprocess_failed',
+    category: dispatchResult.blockedCategory || 'dispatch_error',
+    recovery,
+    turnId: turn.turn_id,
+    notificationConfig: config,
+  });
+  if (!blocked.ok) {
+    errors.push(`markRunBlocked(dispatch): ${blocked.error}`);
+    return { state: loadState(root, config) };
+  }
+  return blocked;
+}