agentxchain 2.155.65 → 2.155.66

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentxchain",
-  "version": "2.155.65",
+  "version": "2.155.66",
   "description": "CLI for AgentXchain — governed multi-agent software delivery",
   "type": "module",
   "bin": {

package/src/lib/adapters/local-cli-adapter.js

@@ -30,7 +30,11 @@ import {
 } from '../turn-paths.js';
 import { verifyDispatchManifestForAdapter } from '../dispatch-manifest.js';
 import { hasMeaningfulStagedResult } from '../staged-result-proof.js';
-import { getClaudeSubprocessAuthIssue, isClaudeLocalCliRuntime } from '../claude-local-auth.js';
+import {
+  getClaudeSubprocessAuthIssue,
+  hasClaudeAuthenticationFailureText,
+  isClaudeLocalCliRuntime,
+} from '../claude-local-auth.js';
 
 const DIAGNOSTIC_ENV_KEYS = [
   'PATH',
@@ -43,7 +47,6 @@ const DIAGNOSTIC_ENV_KEYS = [
 const DIAGNOSTIC_STDERR_EXCERPT_LIMIT = 800;
 const DEFAULT_STARTUP_WATCHDOG_MS = 180_000;
 const DEFAULT_STARTUP_WATCHDOG_SIGKILL_GRACE_MS = 10_000;
-const CLAUDE_AUTH_FAILURE_RE = /authentication_failed|authentication_error|invalid authentication credentials|unauthorized|API Error:\s*401/i;
 
 /**
  * Launch a local CLI subprocess for a governed turn.
@@ -659,7 +662,7 @@ function appendDiagnostic(logs, label, payload) {
 
 function hasClaudeAuthFailureOutput(logs) {
   if (!Array.isArray(logs)) return false;
-  return logs.some((line) => typeof line === 'string' && CLAUDE_AUTH_FAILURE_RE.test(line));
+  return logs.some((line) => hasClaudeAuthenticationFailureText(line));
 }
 
 function pickDiagnosticEnv(env) {

package/src/lib/claude-local-auth.js

@@ -10,6 +10,7 @@ const CLAUDE_ENV_AUTH_KEYS = [
 
 const DEFAULT_SMOKE_PROBE_TIMEOUT_MS = 10_000;
 const DEFAULT_SMOKE_PROBE_STDIN = 'ok';
+const CLAUDE_AUTH_FAILURE_RE = /authentication_failed|authentication_error|invalid authentication credentials|unauthorized|API Error:\s*401/i;
 
 function normalizeCommandTokens(runtime) {
   if (Array.isArray(runtime?.command)) {
@@ -32,6 +33,10 @@ export function isClaudeLocalCliRuntime(runtime) {
   return head === 'claude' || head.endsWith('/claude');
 }
 
+export function hasClaudeAuthenticationFailureText(text) {
+  return typeof text === 'string' && CLAUDE_AUTH_FAILURE_RE.test(text);
+}
+
 export function hasClaudeBareFlag(runtime) {
   return normalizeCommandTokens(runtime).includes('--bare');
 }

package/src/lib/continuous-run.js

@@ -53,6 +53,10 @@ import {
   formatPhantomIntentSupersessionNotice,
 } from './intent-startup-migration.js';
 import { checkpointAcceptedTurn } from './turn-checkpoint.js';
+import {
+  hasClaudeAuthenticationFailureText,
+  isClaudeLocalCliRuntime,
+} from './claude-local-auth.js';
 
 const CONTINUOUS_SESSION_PATH = '.agentxchain/continuous-session.json';
 const PRODUCTIVE_TIMEOUT_RETRY_MAX_PER_RUN = 1;
@@ -309,6 +313,87 @@ function getBlockedCategory(state) {
   return state?.blocked_reason?.category || null;
 }
 
+const CLAUDE_AUTH_RECOVERY_ACTION =
+  'Refresh Claude credentials before resuming: export a valid ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN, then run agentxchain step --resume.';
+
+function findRetainedClaudeAuthEscalation(root, state, config) {
+  if (!state || state.status !== 'blocked') return null;
+  if (state.blocked_reason?.category !== 'retries_exhausted') return null;
+  if (typeof state.blocked_on !== 'string' || !state.blocked_on.startsWith('escalation:retries-exhausted:')) {
+    return null;
+  }
+  const turnId = state.blocked_reason?.turn_id || state.escalation?.from_turn_id || null;
+  const activeTurns = state.active_turns || {};
+  const candidateIds = turnId && activeTurns[turnId] ? [turnId] : Object.keys(activeTurns);
+  for (const candidateId of candidateIds) {
+    const turn = activeTurns[candidateId];
+    if (!turn || turn.status !== 'failed') continue;
+    if (turn.last_rejection?.failed_stage !== 'dispatch') continue;
+    const runtime = config?.runtimes?.[turn.runtime_id];
+    if (!isClaudeLocalCliRuntime(runtime)) continue;
+    const stagingPath = join(root, getTurnStagingResultPath(candidateId));
+    if (existsSync(stagingPath)) continue;
+    const logPath = join(root, getDispatchLogPath(candidateId));
+    if (!existsSync(logPath)) continue;
+    let logText = '';
+    try {
+      logText = readFileSync(logPath, 'utf8');
+    } catch {
+      continue;
+    }
+    if (!hasClaudeAuthenticationFailureText(logText)) continue;
+    return { turn_id: candidateId, turn, previous_blocked_on: state.blocked_on };
+  }
+  return null;
+}
+
+function maybeReclassifyRetainedClaudeAuthEscalation(context, session, state, log = console.log) {
+  const { root, config } = context;
+  const candidate = findRetainedClaudeAuthEscalation(root, state, config);
+  if (!candidate) return null;
+
+  const blockedAt = new Date().toISOString();
+  const nextState = {
+    ...state,
+    status: 'blocked',
+    blocked_on: 'dispatch:claude_auth_failed',
+    blocked_reason: {
+      category: 'dispatch_error',
+      blocked_at: blockedAt,
+      turn_id: candidate.turn_id,
+      reclassified_from: {
+        blocked_on: state.blocked_on || null,
+        category: state.blocked_reason?.category || null,
+      },
+      recovery: {
+        typed_reason: 'dispatch_error',
+        owner: 'human',
+        recovery_action: CLAUDE_AUTH_RECOVERY_ACTION,
+        turn_retained: true,
+        detail: `claude_auth_failed: ${CLAUDE_AUTH_RECOVERY_ACTION}`,
+      },
+    },
+    escalation: null,
+  };
+
+  writeGovernedState(root, nextState);
+  emitRunEvent(root, 'retained_claude_auth_escalation_reclassified', {
+    run_id: nextState.run_id || session.current_run_id || null,
+    phase: nextState.phase || null,
+    status: 'blocked',
+    turn: { turn_id: candidate.turn_id, role_id: candidate.turn.assigned_role || null },
+    payload: {
+      turn_id: candidate.turn_id,
+      previous_blocked_on: candidate.previous_blocked_on,
+      blocked_on: nextState.blocked_on,
+      runtime_id: candidate.turn.runtime_id || null,
+      recovery_action: CLAUDE_AUTH_RECOVERY_ACTION,
+    },
+  });
+  log(`Reclassified retained Claude auth escalation for ${candidate.turn_id} as dispatch:claude_auth_failed.`);
+  return nextState;
+}
+
 const RECOVERABLE_ACTIVE_TURN_STATUSES = new Set(['assigned', 'dispatched', 'starting', 'running']);
 
 function hasOnlyRecoverableActiveTurns(activeTurns = {}) {
@@ -1714,7 +1799,9 @@ export async function advanceContinuousRunOnce(context, session, contOpts, execu
 
   const startupGovernedState = loadProjectState(root, context.config);
   if (startupGovernedState?.status === 'blocked') {
-    const retried = await maybeAutoRetryContinuousBlocker(context, session, contOpts, startupGovernedState, log);
+    const reclassifiedState = maybeReclassifyRetainedClaudeAuthEscalation(context, session, startupGovernedState, log);
+    const effectiveBlockedState = reclassifiedState || startupGovernedState;
+    const retried = await maybeAutoRetryContinuousBlocker(context, session, contOpts, effectiveBlockedState, log);
     if (retried) return retried;
     session.status = 'paused';
     writeContinuousSession(root, session);
@@ -1722,9 +1809,9 @@ export async function advanceContinuousRunOnce(context, session, contOpts, execu
       ok: true,
       status: 'blocked',
       action: 'still_blocked',
-      run_id: session.current_run_id || startupGovernedState.run_id || null,
-      recovery_action: getBlockedRecoveryAction(startupGovernedState),
-      blocked_category: getBlockedCategory(startupGovernedState),
+      run_id: session.current_run_id || effectiveBlockedState.run_id || null,
+      recovery_action: getBlockedRecoveryAction(effectiveBlockedState),
+      blocked_category: getBlockedCategory(effectiveBlockedState),
     };
   }
 

package/src/lib/run-events.js

@@ -48,6 +48,7 @@ export const VALID_RUN_EVENTS = [
   'ghost_retry_exhausted',
   'auto_retried_productive_timeout',
   'productive_timeout_retry_exhausted',
+  'retained_claude_auth_escalation_reclassified',
   'state_reconciled_operator_commits',
   'operator_commit_reconcile_refused',
   'charter_materialization_required',