nubos-pilot 0.9.2 → 0.9.4

package/agents/np-build-fixer.md

@@ -90,7 +90,7 @@ node .nubos-pilot/bin/np-tools.cjs handoff-write \
 - **Success:** verify command exits 0; no extra files written; control returned to executor.
 - **Stuck after 3 attempts:** write `T<NNNN>-FIX-NOTES.md` next to the task plan; emit `## FIX FAILED` block listing attempts + suspected cause.
 - **Out-of-scope failure:** emit `## SCOPE EXPANSION REQUEST` block listing the out-of-scope path + the symbol involved; do NOT edit.
-- **Infra failure:** emit `## INFRA BLOCKER` block listing the missing dependency; do NOT edit.
+- **Infrastructure mismatch (container down, wrong runtime version, missing service):** this is NOT a fix-target. Emit a finding tagged `information-missing` with the specific mismatch (e.g., `composer requires php ^8.5, container runs 8.4`) so `loop-evaluate` routes to the researcher swarm or plan-checker, not back to you. Do NOT edit Dockerfiles, compose configs, or other infra paths to "make verify green" — that's outside any task's `files_modified`.
 
 <scope_guardrail>
 **Do:**
@@ -98,6 +98,7 @@ node .nubos-pilot/bin/np-tools.cjs handoff-write \
 - Run the task's verify command via Bash.
 - Use `knowledge-search` for unfamiliar symbols.
 - Stop after 3 failed attempts and document.
+- Distinguish code failures (your job) from infrastructure failures (route via finding).
 
 **Don't:**
 - Expand `files_modified` — that's the planner's job; emit a SCOPE EXPANSION REQUEST instead.
@@ -106,4 +107,6 @@ node .nubos-pilot/bin/np-tools.cjs handoff-write \
 - Silence failures with empty catches, skipped tests, or commented-out assertions.
 - Re-litigate locked decisions in `M<NNN>-CONTEXT.md` or `RULES.md`.
 - Spawn other agents.
+- Edit infrastructure (Dockerfile, docker-compose, k8s, CI configs) to fix verify-red — those paths are out of scope for any task; surface the mismatch as an `information-missing` finding instead.
+- Treat container-down / runtime-version-skew as a code bug. It's an environment routing signal, not a code-fixable failure.
 </scope_guardrail>

package/agents/np-critic-acceptance.md

@@ -48,6 +48,7 @@ The orchestrator provides these paths in your prompt context. Read every path it
 2. **Locked-decision conformance** — the diff does not violate any locked decision in `M<NNN>-CONTEXT.md`. Violations are findings of category `locked-decision-violation`.
 3. **Scope creep** — the diff does not edit files outside `files_modified`. Out-of-scope edits are findings of category `scope-creep`.
 4. **Stuck-marker check** — if the task is on round 3 with no progress between rounds, you flag `stuck-detected` so the orchestrator escalates.
+5. **Infrastructure-mismatch detection** — if the verify output indicates an infrastructure failure (container exited, runtime version skew, missing service: `php -v` mismatch, `docker exec` errors, port-not-bound, DB-unreachable), do NOT downgrade affected criteria to `Unsatisfied` or `Satisfied`. Mark them `Information-Missing` with a finding of category `information-missing` whose `remediation` names the specific environment delta (e.g., `composer requires php ^8.5, container runs 8.4 — Dockerfile bump required outside this milestone`). The orchestrator routes that to researcher / plan-checker, not back to executor — the code is not at fault.
 
 ## Output Schema
 

package/agents/np-executor.md

@@ -117,6 +117,7 @@ into the `task(…)` commit. If `workflow.commit_docs=true`, the
 - Commit via `node np-tools.cjs commit-task <task-id>`.
 - Write checkpoint state transitions via the wrapper.
 - Stay within the task's declared scope even if you spot tangential issues — log them, do not fix them.
+- Run the task's `<verify>` command and capture its exit code + output. If it fails because the runtime environment is wrong (container exited, wrong PHP/Node version, missing service), surface that in the verify output verbatim — the Nubosloop's `loop-run-round --phase post-executor` reads the exit code and routes accordingly. The infra issue is a routing signal, not your decision.
 
 **Don't:**
 - Add files to the commit beyond `files_modified` (D-04 authoritative).
@@ -124,6 +125,8 @@ into the `task(…)` commit. If `workflow.commit_docs=true`, the
 - Bypass the checkpoint wrapper.
 - Use `--no-verify`, `--force`, `git reset --hard`, `git clean`, `git restore .`, or any destructive git flag.
 - Auto-discover files via `git status` — the plan declares scope, not the filesystem.
+- **Pre-validate the runtime environment** (`docker ps`, `php -v`, `node -v`, container-status checks, DB connectivity probes). The orchestrator's pre-flight phase covers what needs to be checked; you do code edits and run verify. If the container is down or the runtime is wrong, the verify command will fail and the loop routes that — never declare a "hard blocker" or abort the spawn over environment state.
+- **Refuse to spawn / halt before editing because of infra mismatch** (PHP version skew, missing image, etc.). Tasks edit code, not infrastructure. Run your edits, run verify, let the result speak.
 </scope_guardrail>
 
 ## Handoff Protocol

package/bin/np-tools/commit-task.cjs

@@ -9,6 +9,32 @@ const git = require('../../lib/git.cjs');
 const { commitTask, findCommitByTaskId } = git;
 const { deleteCheckpoint, readCheckpoint } = require('../../lib/checkpoint.cjs');
 
+const BYPASS_FLAG = '--bypass-nubosloop';
+
+function _assertLoopGate(taskId, cwd, bypass, stderr) {
+  const cp = readCheckpoint(taskId, cwd);
+  const last = cp && cp.nubosloop && cp.nubosloop.last_phase;
+  if (last === 'commit') return { bypassed: false, last_phase: last };
+  const reason = !cp ? 'no-checkpoint' : 'last-phase-mismatch';
+  const observed = last || (cp ? 'none' : 'no-checkpoint');
+  if (bypass) {
+    stderr.write(
+      '[nubos-pilot] WARNING: commit-task ' + taskId +
+      ' bypassing Nubosloop gate (' + BYPASS_FLAG + '; observed=' + observed +
+      '). Single-pass commit, no critic review enforced.\n',
+    );
+    return { bypassed: true, last_phase: last || null };
+  }
+  throw new NubosPilotError(
+    'commit-task-loop-bypass-violation',
+    'commit-task refused: Nubosloop did not reach phase=commit for ' + taskId +
+    ' (observed nubosloop.last_phase=' + observed + '). ' +
+    'Run `loop-run-round ' + taskId + ' --phase commit` first, or pass ' + BYPASS_FLAG +
+    ' for an explicit single-pass override.',
+    { taskId, reason, last_phase: last || null },
+  );
+}
+
 function _resolveTaskFile(taskId, cwd) {
   const parsed = layout.parseTaskFullId(taskId);
   const filePath = layout.taskPlanPath(parsed.milestone, parsed.slice, parsed.task, cwd);
@@ -49,8 +75,11 @@ function run(args, ctx) {
   const context = ctx || {};
   const cwd = context.cwd || process.cwd();
   const stdout = context.stdout || process.stdout;
+  const stderr = context.stderr || process.stderr;
   const list = Array.isArray(args) ? args : [];
-  const taskId = list[0];
+  const bypass = list.includes(BYPASS_FLAG);
+  const positional = list.filter((a) => !String(a).startsWith('--'));
+  const taskId = positional[0];
 
   if (!taskId) {
     throw new NubosPilotError(
@@ -67,6 +96,8 @@ function run(args, ctx) {
     );
   }
 
+  const gate = _assertLoopGate(taskId, cwd, bypass, stderr);
+
   const { filePath } = _resolveTaskFile(taskId, cwd);
   const raw = fs.readFileSync(filePath, 'utf-8');
   const { frontmatter, body } = extractFrontmatter(raw);
@@ -93,7 +124,7 @@ function run(args, ctx) {
   const name = _extractName(frontmatter, body);
   const message = 'task(' + taskId + '): ' + name;
 
-  
+
 
   commitTask(taskId, safeFiles, message);
   const sha = findCommitByTaskId(taskId);
@@ -103,7 +134,14 @@ function run(args, ctx) {
     process.stderr.write('[nubos-pilot warn] setTaskStatus failed for ' + taskId + ': ' + (err && err.message) + '\n');
   }
 
-  const payload = { ok: true, task_id: taskId, sha, files: safeFiles, files_source: filesSource };
+  const payload = {
+    ok: true,
+    task_id: taskId,
+    sha,
+    files: safeFiles,
+    files_source: filesSource,
+    nubosloop_bypassed: gate.bypassed,
+  };
   stdout.write(JSON.stringify(payload));
   return payload;
 }

package/bin/np-tools/commit-task.test.cjs

@@ -82,6 +82,27 @@ function _capture() {
   return { stub, get: () => buf };
 }
 
+// Seed a checkpoint that satisfies the Nubosloop gate (last_phase=commit) so
+// commit-task accepts it. Tests that exercise the gate explicitly bypass this
+// helper. Optional `extra` overrides any field on the envelope.
+function seedLoopReadyCheckpoint(root, taskId, extra) {
+  const cpPath = path.join(root, '.nubos-pilot', 'checkpoints', taskId + '.json');
+  fs.mkdirSync(path.dirname(cpPath), { recursive: true });
+  const base = {
+    schema_version: 1,
+    task_id: taskId,
+    status: 'pre-commit',
+    files_touched: [],
+    nubosloop: {
+      last_phase: 'commit',
+      last_action: 'commit',
+      committed_at: '2026-05-04T12:00:00Z',
+    },
+  };
+  fs.writeFileSync(cpPath, JSON.stringify(Object.assign(base, extra || {})), 'utf-8');
+  return cpPath;
+}
+
 after(() => {
   while (_repos.length) {
     const r = _repos.pop();
@@ -110,6 +131,7 @@ test('CT-2: commit-task rejects invalid TASK_ID format (defense-in-depth)', () =
 test('CT-3: commit-task emits JSON with sha + files on success', () => {
   const root = makeRepo();
   seedPlanAndTask(root, '06-01', 'M006-S001-T0001', ['src/a.ts']);
+  seedLoopReadyCheckpoint(root, 'M006-S001-T0001');
 
   fs.mkdirSync(path.join(root, 'src'), { recursive: true });
   fs.writeFileSync(path.join(root, 'src', 'a.ts'), 'export const a = 1;\n', 'utf-8');
@@ -126,6 +148,7 @@ test('CT-3: commit-task emits JSON with sha + files on success', () => {
   assert.equal(payload.task_id, 'M006-S001-T0001');
   assert.ok(/^[0-9a-f]{40}$/.test(payload.sha));
   assert.deepEqual(payload.files, ['src/a.ts']);
+  assert.equal(payload.nubosloop_bypassed, false);
 
   const subject = execFileSync('git', ['-C', root, 'log', '-n', '1', '--format=%s'], { encoding: 'utf-8' }).trim();
   assert.ok(subject.startsWith('task(M006-S001-T0001):'), 'subject: ' + subject);
@@ -134,6 +157,7 @@ test('CT-3: commit-task emits JSON with sha + files on success', () => {
 test('CT-4: commit-task LOUD-FAILS when every files_modified entry is gitignored (D-25)', () => {
   const root = makeRepo();
   seedPlanAndTask(root, '06-01', 'M006-S001-T0002', ['build/out.js']);
+  seedLoopReadyCheckpoint(root, 'M006-S001-T0002');
   fs.writeFileSync(path.join(root, '.gitignore'), 'build/\n', 'utf-8');
   fs.mkdirSync(path.join(root, 'build'), { recursive: true });
   fs.writeFileSync(path.join(root, 'build', 'out.js'), 'noise', 'utf-8');
@@ -152,9 +176,13 @@ test('CT-4: commit-task LOUD-FAILS when every files_modified entry is gitignored
 
 test('CT-5: commit-task unknown task id → task-not-found', () => {
   const root = makeRepo();
+  // Loop gate runs BEFORE task lookup (no checkpoint seeded), so we expect
+  // the bypass-violation here, not the task-not-found error. Using --bypass
+  // so we exercise the unknown-task path instead.
   const cap = _capture();
+  const stderr = _capture();
   assert.throws(
-    () => subcmd.run(['M006-S099-T0099'], { cwd: root, stdout: cap.stub }),
+    () => subcmd.run(['M006-S099-T0099', '--bypass-nubosloop'], { cwd: root, stdout: cap.stub, stderr: stderr.stub }),
     (err) => err && err.code === 'commit-task-not-found',
   );
 });
@@ -164,14 +192,8 @@ test('CT-6: empty files_modified falls back to checkpoint.files_touched', () =>
   seedPlanAndTask(root, '06-01', 'M006-S001-T0010', []);
   fs.mkdirSync(path.join(root, 'src'), { recursive: true });
   fs.writeFileSync(path.join(root, 'src', 'b.ts'), 'export const b = 2;\n', 'utf-8');
-  const cpPath = path.join(root, '.nubos-pilot', 'checkpoints', 'M006-S001-T0010.json');
-  fs.mkdirSync(path.dirname(cpPath), { recursive: true });
-  fs.writeFileSync(cpPath, JSON.stringify({
-    schema_version: 1,
-    task_id: 'M006-S001-T0010',
-    status: 'pre-commit',
-    files_touched: ['src/b.ts'],
-  }), 'utf-8');
+  // Checkpoint must satisfy the loop gate AND carry files_touched.
+  seedLoopReadyCheckpoint(root, 'M006-S001-T0010', { files_touched: ['src/b.ts'] });
   const prev = process.cwd();
   process.chdir(root);
   const cap = _capture();
@@ -189,9 +211,88 @@ test('CT-6: empty files_modified falls back to checkpoint.files_touched', () =>
 test('CT-7: empty files_modified AND no checkpoint → commit-task-no-files', () => {
   const root = makeRepo();
   seedPlanAndTask(root, '06-01', 'M006-S001-T0011', []);
+  // No checkpoint → gate would normally refuse first; bypass to reach the
+  // no-files path that this test exercises.
   const cap = _capture();
+  const stderr = _capture();
   assert.throws(
-    () => subcmd.run(['M006-S001-T0011'], { cwd: root, stdout: cap.stub }),
+    () => subcmd.run(['M006-S001-T0011', '--bypass-nubosloop'], { cwd: root, stdout: cap.stub, stderr: stderr.stub }),
     (err) => err && err.code === 'commit-task-no-files',
   );
 });
+
+test('CT-8: refuse commit when no checkpoint exists (Nubosloop gate)', () => {
+  const root = makeRepo();
+  seedPlanAndTask(root, '06-01', 'M006-S001-T0020', ['src/c.ts']);
+  fs.mkdirSync(path.join(root, 'src'), { recursive: true });
+  fs.writeFileSync(path.join(root, 'src', 'c.ts'), 'export const c = 3;\n', 'utf-8');
+  const cap = _capture();
+  const stderr = _capture();
+  assert.throws(
+    () => subcmd.run(['M006-S001-T0020'], { cwd: root, stdout: cap.stub, stderr: stderr.stub }),
+    (err) => err && err.code === 'commit-task-loop-bypass-violation' && err.details && err.details.reason === 'no-checkpoint',
+  );
+});
+
+test('CT-9: refuse commit when nubosloop.last_phase ≠ commit', () => {
+  const root = makeRepo();
+  seedPlanAndTask(root, '06-01', 'M006-S001-T0021', ['src/d.ts']);
+  fs.mkdirSync(path.join(root, 'src'), { recursive: true });
+  fs.writeFileSync(path.join(root, 'src', 'd.ts'), 'export const d = 4;\n', 'utf-8');
+  // Checkpoint exists but loop only made it to verifying — gate must refuse.
+  seedLoopReadyCheckpoint(root, 'M006-S001-T0021', {
+    nubosloop: { last_phase: 'verifying', last_action: 'verify-green' },
+  });
+  const cap = _capture();
+  const stderr = _capture();
+  assert.throws(
+    () => subcmd.run(['M006-S001-T0021'], { cwd: root, stdout: cap.stub, stderr: stderr.stub }),
+    (err) => err && err.code === 'commit-task-loop-bypass-violation'
+      && err.details && err.details.reason === 'last-phase-mismatch'
+      && err.details.last_phase === 'verifying',
+  );
+});
+
+test('CT-10: --bypass-nubosloop allows single-pass commit and warns on stderr', () => {
+  const root = makeRepo();
+  seedPlanAndTask(root, '06-01', 'M006-S001-T0022', ['src/e.ts']);
+  fs.mkdirSync(path.join(root, 'src'), { recursive: true });
+  fs.writeFileSync(path.join(root, 'src', 'e.ts'), 'export const e = 5;\n', 'utf-8');
+  const prev = process.cwd();
+  process.chdir(root);
+  const cap = _capture();
+  const stderr = _capture();
+  try {
+    subcmd.run(['M006-S001-T0022', '--bypass-nubosloop'], { cwd: root, stdout: cap.stub, stderr: stderr.stub });
+  } finally {
+    process.chdir(prev);
+  }
+  const payload = JSON.parse(cap.get());
+  assert.equal(payload.ok, true);
+  assert.equal(payload.nubosloop_bypassed, true);
+  assert.match(stderr.get(), /WARNING: commit-task M006-S001-T0022 bypassing Nubosloop gate/);
+  assert.match(stderr.get(), /observed=no-checkpoint/);
+});
+
+test('CT-11: --bypass-nubosloop on partial loop state stamps the bypass reason', () => {
+  const root = makeRepo();
+  seedPlanAndTask(root, '06-01', 'M006-S001-T0023', ['src/f.ts']);
+  fs.mkdirSync(path.join(root, 'src'), { recursive: true });
+  fs.writeFileSync(path.join(root, 'src', 'f.ts'), 'export const f = 6;\n', 'utf-8');
+  seedLoopReadyCheckpoint(root, 'M006-S001-T0023', {
+    nubosloop: { last_phase: 'post-critics', last_action: 'executor' },
+  });
+  const prev = process.cwd();
+  process.chdir(root);
+  const cap = _capture();
+  const stderr = _capture();
+  try {
+    subcmd.run(['M006-S001-T0023', '--bypass-nubosloop'], { cwd: root, stdout: cap.stub, stderr: stderr.stub });
+  } finally {
+    process.chdir(prev);
+  }
+  const payload = JSON.parse(cap.get());
+  assert.equal(payload.ok, true);
+  assert.equal(payload.nubosloop_bypassed, true);
+  assert.match(stderr.get(), /observed=post-critics/);
+});

package/bin/np-tools/config.cjs

@@ -1,6 +1,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const { findProjectRoot, NubosPilotError } = require('../../lib/core.cjs');
+const { DEFAULT_CONFIG_TREE } = require('../../lib/config-defaults.cjs');
 
 const SEGMENT_RE = /^[a-zA-Z0-9_-]+$/;
 const BLOCKED_SEGMENTS = new Set(['__proto__', 'constructor', 'prototype']);
@@ -75,11 +76,10 @@ function run(argv, ctx) {
   try {
     _validateSegments(segments);
     const config = _readConfig(cwd);
-    if (config == null) {
-      if (!raw) stdout.write('\n');
-      return 0;
+    let value = config == null ? undefined : _walkPath(config, segments);
+    if (value === undefined) {
+      value = _walkPath(DEFAULT_CONFIG_TREE, segments);
     }
-    const value = _walkPath(config, segments);
     if (value === undefined) {
       if (!raw) stdout.write('\n');
       return 0;

package/bin/np-tools/config.test.cjs

@@ -69,3 +69,64 @@ test('CONFIG-4: object value serialized as JSON', () => {
   assert.equal(code, 0);
   assert.equal(stdout.toString(), '{"k":"v"}');
 });
+
+test('CONFIG-5: returns DEFAULT_CONFIG_TREE value when key absent from user config', () => {
+  const sb = makeSandbox({ runtime: 'claude' });
+  const stdout = makeSink();
+  const code = configCli.run(['loop.maxRounds'], { cwd: sb, stdout, stderr: makeSink() });
+  assert.equal(code, 0);
+  assert.equal(stdout.toString(), '3\n');
+});
+
+test('CONFIG-6: defaults walk into nested swarm.research.* keys', () => {
+  const sb = makeSandbox({});
+  const out1 = makeSink(); configCli.run(['swarm.research.k'], { cwd: sb, stdout: out1, stderr: makeSink() });
+  const out2 = makeSink(); configCli.run(['swarm.research.threshold'], { cwd: sb, stdout: out2, stderr: makeSink() });
+  const out3 = makeSink(); configCli.run(['swarm.research.minOccurrence'], { cwd: sb, stdout: out3, stderr: makeSink() });
+  assert.equal(out1.toString(), '3\n');
+  assert.equal(out2.toString(), '0.9\n');
+  assert.equal(out3.toString(), '3\n');
+});
+
+test('CONFIG-7: user-set value wins over default', () => {
+  const sb = makeSandbox({ loop: { maxRounds: 5 } });
+  const stdout = makeSink();
+  configCli.run(['loop.maxRounds'], { cwd: sb, stdout, stderr: makeSink() });
+  assert.equal(stdout.toString(), '5\n');
+});
+
+test('CONFIG-8: partial user override falls through to defaults for sibling keys', () => {
+  const sb = makeSandbox({ swarm: { research: { k: 7 } } });
+  const k = makeSink(); configCli.run(['swarm.research.k'], { cwd: sb, stdout: k, stderr: makeSink() });
+  const t = makeSink(); configCli.run(['swarm.research.threshold'], { cwd: sb, stdout: t, stderr: makeSink() });
+  assert.equal(k.toString(), '7\n');
+  assert.equal(t.toString(), '0.9\n');
+});
+
+test('CONFIG-9: unknown key without a default still returns empty', () => {
+  const sb = makeSandbox({});
+  const stdout = makeSink();
+  configCli.run(['really.not.a.thing'], { cwd: sb, stdout, stderr: makeSink() });
+  assert.equal(stdout.toString(), '\n');
+});
+
+test('CONFIG-10: defaults resolve even without config.json present', () => {
+  const sb = makeSandbox(); // no config.json
+  const stdout = makeSink();
+  configCli.run(['loop.maxRounds'], { cwd: sb, stdout, stderr: makeSink() });
+  assert.equal(stdout.toString(), '3\n');
+});
+
+test('CONFIG-11: explicit user false wins over default true (boolean handling)', () => {
+  const sb = makeSandbox({ auto_log_learning: false });
+  const stdout = makeSink();
+  configCli.run(['auto_log_learning'], { cwd: sb, stdout, stderr: makeSink() });
+  assert.equal(stdout.toString(), 'false\n');
+});
+
+test('CONFIG-12: --raw mode resolves defaults without trailing newline', () => {
+  const sb = makeSandbox({});
+  const stdout = makeSink();
+  configCli.run(['loop.maxRounds', '--raw'], { cwd: sb, stdout, stderr: makeSink() });
+  assert.equal(stdout.toString(), '3');
+});

package/lib/config-defaults.cjs

@@ -47,6 +47,17 @@ const DEFAULT_MODEL_PROFILE = 'frontier';
 const DEFAULT_SCOPE = 'local';
 const DEFAULT_RESPONSE_LANGUAGE = 'en';
 
+const DEFAULT_CONFIG_TREE = Object.freeze({
+  scope: DEFAULT_SCOPE,
+  model_profile: DEFAULT_MODEL_PROFILE,
+  response_language: DEFAULT_RESPONSE_LANGUAGE,
+  workflow: DEFAULT_WORKFLOW,
+  agents: DEFAULT_AGENTS,
+  loop: DEFAULT_LOOP,
+  swarm: DEFAULT_SWARM,
+  auto_log_learning: DEFAULT_AUTO_LOG_LEARNING,
+});
+
 function buildInstallConfig(answers) {
   const a = answers || {};
   return {
@@ -80,5 +91,6 @@ module.exports = {
   DEFAULT_MODEL_PROFILE,
   DEFAULT_SCOPE,
   DEFAULT_RESPONSE_LANGUAGE,
+  DEFAULT_CONFIG_TREE,
   buildInstallConfig,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nubos-pilot",
-  "version": "0.9.2",
+  "version": "0.9.4",
   "description": "AI-driven planning and execution tool for code projects",
   "homepage": "https://github.com/Nubos-AI/nubos-pilot",
   "repository": {

package/workflows/execute-phase.md

@@ -363,6 +363,8 @@ After every slice completes, point the operator at `/np:validate-phase $PHASE` t
 - Bundle two tasks into one commit (ADR-0004 atomicity).
 - Skip the checkpoint start step — it's the crash-safety primitive `resume-work` depends on.
 - Pass `--no-verify` or `--force` anywhere in the pipeline.
+- **Introduce ad-hoc pre-flight checks beyond the two sanctioned guards** (orphan-checkpoint, empty-milestone). Container-status (`docker ps`), runtime-version probes (`php -v`, `node -v`), DB-connectivity, port-binding — none of these belong in the orchestrator's pre-flight. Tasks edit code; environment failures surface inside the Nubosloop as `verify-red` (→ `spawn-build-fixer`) or as `np-critic-acceptance` `information-missing` findings (→ researcher / plan-checker). They are **never** workflow-level halts.
+- **Declare a "hard blocker" because of infrastructure state.** Container down, PHP version skew, missing image, exited service — all of these are routing signals inside the loop, not reasons to abort the wave. The wave only halts on `commit-task` non-zero, `stuck` after `loop.maxRounds`, or `plan-checker` (locked-decision-violation). Infrastructure mismatch routes via critic findings to researcher/plan-checker; if it's truly out-of-scope for any task in the milestone, the operator handles it separately and re-runs the workflow.
 <!-- /scope_guardrail -->
 
 ## Output