substrate-ai 0.20.136 → 0.20.138

package/dist/adapter-registry-Bpa7ESBV.js

@@ -0,0 +1,4 @@
+import { AdapterRegistry } from "./dist-DnvGvKLu.js";
+import "./adapter-registry-DIcrxjH8.js";
+
+export { AdapterRegistry };

package/dist/cli/index.js

@@ -1,20 +1,20 @@
 #!/usr/bin/env node
-import { FileKvStore, SUBSTRATE_OWNED_SETTINGS_KEYS, VALID_PHASES, buildPipelineStatusOutput, createDatabaseAdapter, createDoltOperatorReader, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, parseDbTimestampAsUtc, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion } from "../health-COhVUNXM.js";
+import { FileKvStore, SUBSTRATE_OWNED_SETTINGS_KEYS, VALID_PHASES, buildPipelineStatusOutput, createDatabaseAdapter, createDoltOperatorReader, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, parseDbTimestampAsUtc, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion } from "../health-2Kfa00-H.js";
 import { createLogger } from "../logger-KeHncl-f.js";
 import { createEventBus } from "../helpers-CElYrONe.js";
-import { AdapterRegistry, BudgetConfigSchema, CURRENT_CONFIG_FORMAT_VERSION, CURRENT_TASK_GRAPH_VERSION, ConfigError, CostTrackerConfigSchema, DEFAULT_CONFIG, DoltClient, DoltNotInstalled, GlobalSettingsSchema, InMemoryDatabaseAdapter, IngestionServer, MonitorDatabaseImpl, OPERATIONAL_FINDING, PartialGlobalSettingsSchema, PartialProviderConfigSchema, ProvidersSchema, RoutingRecommender, STORY_METRICS, TelemetryConfigSchema, addTokenUsage, aggregateTokenUsageForRun, checkDoltInstalled, compareRunMetrics, createAmendmentRun, createConfigSystem, createDecision, createPipelineRun, createStderrLogger, getActiveDecisions, getAllCostEntriesFiltered, getBaselineRunMetrics, getDecisionsByCategory, getDecisionsByPhaseForRun, getLatestCompletedRun, getLatestRun, getPipelineRunById, getPlanningCostTotal, getRetryableEscalations, getRunMetrics, getRunningPipelineRuns, getSessionCostSummary, getSessionCostSummaryFiltered, getStoryMetricsForRun, getTokenUsageSummary, incrementRunRestarts, initSchema, initWorkGraphSchema, initializeDolt, listRunMetrics, loadParentRunDecisions, supersedeDecision, swallowDebug, tagRunAsBaseline, updatePipelineRun } from "../dist-T6ZXe2Q2.js";
-import { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GLOBSTAR, GitClient, GrammarLoader, Minimatch, Minipass, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createGitWorktreeManager, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, escape, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runProbeAuthor, runSolutioningPhase, unescape, validateStopAfterFromConflict } from "../run-lBgnO-3E.js";
+import { AdapterRegistry, BudgetConfigSchema, CURRENT_CONFIG_FORMAT_VERSION, CURRENT_TASK_GRAPH_VERSION, ConfigError, CostTrackerConfigSchema, DEFAULT_CONFIG, DoltClient, DoltNotInstalled, GlobalSettingsSchema, InMemoryDatabaseAdapter, IngestionServer, MonitorDatabaseImpl, OPERATIONAL_FINDING, PartialGlobalSettingsSchema, PartialProviderConfigSchema, ProvidersSchema, RoutingRecommender, STORY_METRICS, TelemetryConfigSchema, addTokenUsage, aggregateTokenUsageForRun, checkDoltInstalled, compareRunMetrics, createAmendmentRun, createConfigSystem, createDecision, createPipelineRun, createStderrLogger, getActiveDecisions, getAllCostEntriesFiltered, getBaselineRunMetrics, getDecisionsByCategory, getDecisionsByPhaseForRun, getLatestCompletedRun, getLatestRun, getPipelineRunById, getPlanningCostTotal, getRetryableEscalations, getRunMetrics, getRunningPipelineRuns, getSessionCostSummary, getSessionCostSummaryFiltered, getStoryMetricsForRun, getTokenUsageSummary, incrementRunRestarts, initSchema, initWorkGraphSchema, initializeDolt, listRunMetrics, loadParentRunDecisions, supersedeDecision, swallowDebug, tagRunAsBaseline, updatePipelineRun } from "../dist-DnvGvKLu.js";
+import { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GLOBSTAR, GitClient, GrammarLoader, Minimatch, Minipass, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createGitWorktreeManager, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, escape, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runProbeAuthor, runSolutioningPhase, unescape, validateStopAfterFromConflict } from "../run-Dbwlb4Md.js";
 import "../adapter-registry-DIcrxjH8.js";
-import { RunManifest, SupervisorLock, ZERO_FINDINGS_BY_AUTHOR, ZERO_FINDING_COUNTS, ZERO_PROBE_AUTHOR_METRICS, aggregateProbeAuthorMetrics, parseRuntimeProbes, readCurrentRunId, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, rollupFindingsByAuthor, rollupProbeAuthorByClass, rollupProbeAuthorMetrics, runAcTraceabilityCheck } from "../manifest-read-C84VX-CF.js";
-import "../errors-C-9u7gCX.js";
+import { RunManifest, SupervisorLock, ZERO_FINDINGS_BY_AUTHOR, ZERO_FINDING_COUNTS, ZERO_PROBE_AUTHOR_METRICS, aggregateProbeAuthorMetrics, parseRuntimeProbes, readCurrentRunId, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, rollupFindingsByAuthor, rollupProbeAuthorByClass, rollupProbeAuthorMetrics, runAcTraceabilityCheck } from "../manifest-read-DJFbGhSd.js";
+import "../errors-i3s5sshZ.js";
 import "../routing-DFxoKHDt.js";
 import { WorkGraphRepository } from "../work-graph-repository-DZyJv5pV.js";
 import "../decisions-CzSIEeGP.js";
 import "../decision-router-DblHY8se.js";
-import "../interactive-prompt-wZnuOAri.js";
+import "../interactive-prompt-B91mG5v4.js";
 import "../recovery-engine-BKGBeBnW.js";
 import "../version-manager-impl-qFBiO4Eh.js";
-import { registerUpgradeCommand } from "../upgrade-CZMWjtYN.js";
+import { registerUpgradeCommand } from "../upgrade-yULZIAAW.js";
 import { Command } from "commander";
 import { fileURLToPath } from "url";
 import { dirname, join, resolve } from "path";
@@ -406,7 +406,8 @@ function healthResultToJson(adapterId, displayName, healthResult) {
 		cliPath: healthResult.cliPath ?? null,
 		detectedBillingModes: healthResult.detectedBillingModes ?? [],
 		supportsHeadless: healthResult.supportsHeadless,
-		error: healthResult.error ?? null
+		error: healthResult.error ?? null,
+		compatibilityWarning: healthResult.compatibilityWarning ?? null
 	};
 }
 
@@ -462,6 +463,18 @@ function registerAdaptersCommand(program, version, registry) {
 		if (opts.verbose) for (const result of report.results) {
 			const health = result.healthResult;
 			if (!health.healthy && health.error) process.stdout.write(`\n[${result.adapterId}] Error: ${health.error}\n`);
+			if (health.compatibilityWarning !== void 0) process.stdout.write(`\n[${result.adapterId}] Compatibility: ${health.compatibilityWarning}\n`);
+		}
+		else {
+			const drifted = report.results.filter((r) => r.healthResult.compatibilityWarning !== void 0);
+			if (drifted.length > 0) {
+				process.stdout.write("\nCLI version notes (run with --verbose for full text):\n");
+				for (const result of drifted) {
+					const w = result.healthResult.compatibilityWarning;
+					const oneLine = w.length > 120 ? w.slice(0, 117) + "..." : w;
+					process.stdout.write(`  ${result.adapterId}: ${oneLine}\n`);
+				}
+			}
 		}
 		process.exit(EXIT_CODE_SUCCESS);
 	});
@@ -7023,7 +7036,7 @@ async function runStatusAction(options) {
 			logger$15.debug({ err }, "Work graph query failed, continuing without work graph data");
 		}
 		if (run === void 0) {
-			const { inspectProcessTree: inspectProcessTree$1 } = await import("../health-Dt1yKeE5.js");
+			const { inspectProcessTree: inspectProcessTree$1 } = await import("../health-Caa24SFM.js");
 			const substrateDirPath = join(projectRoot, ".substrate");
 			const processInfo = inspectProcessTree$1({
 				projectRoot,
@@ -7971,7 +7984,7 @@ function defaultSupervisorDeps() {
 				if (cached === null) {
 					const { AdapterRegistry: AR } = await import(
 						/* @vite-ignore */
-						"../adapter-registry-JR4v2z6n.js"
+						"../adapter-registry-Bpa7ESBV.js"
 );
 					cached = new AR();
 					await cached.discoverAndRegister();
@@ -8538,11 +8551,11 @@ async function runSupervisorAction(options, deps = {}) {
 						try {
 							const { createExperimenter } = await import(
 								/* @vite-ignore */
-								"../experimenter-BZ1rtNzK.js"
+								"../experimenter-DU2Cv51N.js"
 );
 							const { getLatestRun: getLatest } = await import(
 								/* @vite-ignore */
-								"../decisions-D0MA8bRv.js"
+								"../decisions-fBdZmqOK.js"
 );
 							const expAdapter = createDatabaseAdapter({
 								backend: "auto",
@@ -8552,7 +8565,7 @@ async function runSupervisorAction(options, deps = {}) {
 								await initSchema(expAdapter);
 								const { runRunAction: runPipeline } = await import(
 									/* @vite-ignore */
-									"../run-rq4X93Bs.js"
+									"../run-Ppco-3HT.js"
 );
 								const runStoryFn = async (opts) => {
 									const exitCode = await runPipeline({
@@ -9077,7 +9090,7 @@ async function runMetricsAction(options) {
 			const routingConfigPath = join(dbDir, "routing.yml");
 			let routingConfig = null;
 			if (existsSync$1(routingConfigPath)) try {
-				const { loadModelRoutingConfig } = await import("../routing-2kbRZmr7.js");
+				const { loadModelRoutingConfig } = await import("../routing-DFIBY9Yk.js");
 				routingConfig = loadModelRoutingConfig(routingConfigPath);
 			} catch {}
 			if (routingConfig === null) routingConfig = {
@@ -13387,8 +13400,8 @@ async function createProgram() {
 /** Fire-and-forget startup version check (story 8.3, AC3/AC5) */
 function checkForUpdatesInBackground(currentVersion) {
 	if (process.env.SUBSTRATE_NO_UPDATE_CHECK === "1") return;
-	import("../upgrade-DjJ4uqLJ.js").then(async () => {
-		const { createVersionManager } = await import("../version-manager-impl-BLXt2ucf.js");
+	import("../upgrade-CnIsoLpT.js").then(async () => {
+		const { createVersionManager } = await import("../version-manager-impl-C7ZhqLX3.js");
 		const vm = createVersionManager();
 		const result = await vm.checkForUpdates();
 		if (result.updateAvailable) {

package/dist/{decisions-D0MA8bRv.js → decisions-fBdZmqOK.js}

@@ -1,4 +1,4 @@
-import { addTokenUsage, createDecision, createPipelineRun, createRequirement, getArtifactByTypeForRun, getArtifactsByRun, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestRun, getPipelineRunById, getRunningPipelineRuns, getTokenUsageSummary, listRequirements, registerArtifact, updateDecision, updatePipelineRun, updatePipelineRunConfig, upsertDecision } from "./dist-T6ZXe2Q2.js";
+import { addTokenUsage, createDecision, createPipelineRun, createRequirement, getArtifactByTypeForRun, getArtifactsByRun, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestRun, getPipelineRunById, getRunningPipelineRuns, getTokenUsageSummary, listRequirements, registerArtifact, updateDecision, updatePipelineRun, updatePipelineRunConfig, upsertDecision } from "./dist-DnvGvKLu.js";
 import "./decisions-CzSIEeGP.js";
 
 export { getLatestRun };

package/dist/{dist-T6ZXe2Q2.js → dist-DnvGvKLu.js}

@@ -14,11 +14,12 @@ import { homedir } from "os";
 import { createServer } from "node:http";
 import { createGunzip, createInflate } from "node:zlib";
 import { promisify } from "node:util";
-import { createRequire } from "node:module";
-import { fileURLToPath } from "node:url";
 import * as semver$2 from "semver";
 import * as semver$1 from "semver";
 import * as semver from "semver";
+import { coerce, compare, valid } from "semver";
+import { createRequire } from "node:module";
+import { fileURLToPath } from "node:url";
 import https from "node:https";
 
 //#region packages/core/dist/dispatch/types.js
@@ -9414,6 +9415,43 @@ var Recommender = class Recommender {
 	}
 };
 
+//#endregion
+//#region packages/core/dist/adapters/version-compat.js
+function normalize(version) {
+	return valid(version) ?? valid(coerce(version) ?? "") ?? null;
+}
+/**
+* Compare a live CLI binary's reported version against the tested range. Pure.
+*
+* Three outcomes:
+*   - actual within range  → `{ compatible: true }`
+*   - actual outside range → `{ compatible: false, warning }` with a message
+*     naming the adapter + drift + suggested operator action
+*   - actual unparseable   → `{ compatible: false, warning }` flagging that
+*     the version couldn't be compared (degrade gracefully; never throw)
+*/
+function checkAdapterVersionCompat(adapterName, actualVersion, tested) {
+	const actual = normalize(actualVersion);
+	const min = normalize(tested.min);
+	const max = normalize(tested.max);
+	if (actual === null || min === null || max === null) return {
+		compatible: false,
+		warning: `${adapterName}: CLI version '${actualVersion}' could not be parsed for comparison against substrate's tested range (${tested.min}–${tested.max}). Flag behavior may differ; report any dispatch failures.`
+	};
+	if (compare(actual, min) < 0) return {
+		compatible: false,
+		warning: `${adapterName}: CLI version ${actualVersion} is below substrate's tested range (${tested.min}–${tested.max}). Older flag forms may be required; consider upgrading the CLI to a version within range, or upgrading substrate.` + (tested.note !== void 0 ? ` Range note: ${tested.note}` : "")
+	};
+	if (compare(actual, max) > 0) return {
+		compatible: false,
+		warning: `${adapterName}: CLI version ${actualVersion} is newer than substrate's tested range (${tested.min}–${tested.max}). Flag behavior may have changed since substrate was tested; consider upgrading substrate or reporting any dispatch failures.` + (tested.note !== void 0 ? ` Range note: ${tested.note}` : "")
+	};
+	return tested.note !== void 0 ? {
+		compatible: true,
+		warning: `${adapterName}: ${tested.note}`
+	} : { compatible: true };
+}
+
 //#endregion
 //#region packages/core/dist/adapters/claude-adapter.js
 const execAsync$2 = promisify(exec);
@@ -9440,10 +9478,26 @@ function stripCodeFences$2(raw) {
 * Health check: runs `claude --version` to verify install.
 * Billing detection: detects subscription vs API via version output or env.
 */
-var ClaudeCodeAdapter = class {
+var ClaudeCodeAdapter = class ClaudeCodeAdapter {
 	id = "claude-code";
 	displayName = "Claude Code";
 	adapterVersion = "1.0.0";
+	/**
+	* Claude Code CLI version range substrate's `buildCommand` has been
+	* empirically verified against (as of substrate v0.20.138 on 2026-05-31).
+	* `healthCheck` compares the live `claude --version` against this range
+	* and surfaces a warning when the operator's CLI is outside it.
+	*
+	* The `note` flags `--max-turns`: the flag is silently accepted by clap
+	* but not honored — substrate's `options.maxTurns` has no effect on
+	* Claude Code 2.x dispatches. Bumping the upper bound requires re-running
+	* the empirical audit (see `feedback_cli_adapter_empirical_version_match`).
+	*/
+	static TESTED_CLI_VERSION_RANGE = {
+		min: "2.1.152",
+		max: "2.1.158",
+		note: "Claude Code 2.x silently accepts but does not honor `--max-turns`; substrate no longer passes that flag."
+	};
 	_logger;
 	constructor(logger) {
 		this._logger = logger ?? createStderrLogger("claude-adapter");
@@ -9462,12 +9516,14 @@ var ClaudeCodeAdapter = class {
 				const whichResult = await execAsync$2("which claude", { timeout: 5e3 });
 				cliPath = whichResult.stdout.trim();
 			} catch {}
+			const compat = checkAdapterVersionCompat("claude-code", output, ClaudeCodeAdapter.TESTED_CLI_VERSION_RANGE);
 			return {
 				healthy: true,
 				version: output,
 				...cliPath !== void 0 ? { cliPath } : {},
 				detectedBillingModes,
-				supportsHeadless: true
+				supportsHeadless: true,
+				...compat.warning !== void 0 ? { compatibilityWarning: compat.warning } : {}
 			};
 		} catch (err) {
 			const message = err instanceof Error ? err.message : String(err);
@@ -9491,7 +9547,6 @@ var ClaudeCodeAdapter = class {
 			model,
 			"--dangerously-skip-permissions"
 		];
-		if (options.maxTurns !== void 0) args.push("--max-turns", String(options.maxTurns));
 		if (options.additionalFlags && options.additionalFlags.length > 0) args.push(...options.additionalFlags);
 		const systemPromptParts = [BASE_SYSTEM_PROMPT];
 		if (options.optimizationDirectives) systemPromptParts.push(`\n\n## Optimization Directives\n${options.optimizationDirectives}`);
@@ -9728,7 +9783,7 @@ const CODEX_SANDBOX_BLOCK_SIGNATURES = [
 	"disallowed by requirements"
 ];
 /** Human-readable explanation appended to escalations caused by a Codex write-block. */
-const CODEX_SANDBOX_BLOCK_HINT = "Likely cause: Codex could not write files. Substrate runs `codex exec --full-auto` (Codex's documented alias for `-a on-request --sandbox workspace-write` — the standard low-friction non-interactive automation mode, NOT the org-blocked `--dangerously-bypass-approvals-and-sandbox`). If the run log shows \"approval is not supported in exec mode\" or \"patch rejected by user\", the most likely cause is a known Codex defect: `UnlessTrusted` policy unconditionally asks for approval on `apply_patch` (see codex-rs/core/src/safety.rs TODO(ragona)), and `OnRequest` may also fail in environments where `get_platform_sandbox()` returns None (e.g. WSL — see Codex issue #18365). Workarounds: dispatch with a provider that can write here (e.g. `--agent claude-code`), or get the Codex CLI bug fixed upstream.";
+const CODEX_SANDBOX_BLOCK_HINT = "Likely cause: Codex could not write files. This is structural in `codex exec`, not substrate: the `exec` subcommand hardcodes `approval_policy=Never` (codex-rs/exec/src/lib.rs:407) and has no `--ask-for-approval` flag, so no substrate flag combination can override it. On non-enterprise installs this is fine — `Never` + `workspace-write` auto-approves apply_patch within writable roots. On enterprise installs with managed configs that disallow `Never`, the hardcoded `Some(Never)` falls back to `UnlessTrusted`, which has a maintainer-flagged defect (`TODO(ragona)` at codex-rs/core/src/safety.rs:54-58) that unconditionally requests approval — which exec mode rejects. Workarounds, in order of practical leverage: (1) dispatch with a provider that can write here (e.g. `--agent claude-code`); (2) get the enterprise managed config to add `Never` to `allowed_approval_policies` (the workspace-write sandbox provides the actual security boundary — see Codex docs and issue #10949); (3) wait for the upstream Codex fix to `safety.rs` or for an `exec`-side `--ask-for-approval` flag.";
 /**
 * Returns the Codex-write-block hint if `output` contains a sandbox/approval
 * block signature, else null. Pure + exported for diagnostics and testing.
@@ -9744,10 +9799,30 @@ function detectCodexSandboxBlock(output) {
 * Codex CLI uses stdin for the prompt and outputs JSON when --json flag is used.
 * Codex supports subscription billing (via `codex login`) and API key billing.
 */
-var CodexCLIAdapter = class {
+var CodexCLIAdapter = class CodexCLIAdapter {
 	id = "codex";
 	displayName = "Codex CLI";
 	adapterVersion = "1.0.0";
+	/**
+	* Codex CLI version range substrate's `buildCommand` has been empirically
+	* verified against (as of substrate v0.20.138 on 2026-05-31). The range
+	* is narrow because the v0.20.131→137 arc taught us how much can drift
+	* between minor versions — `--full-auto` changed meaning between 0.111.0
+	* and 0.128.0 (deprecated, semantics shifted) and almost certainly will
+	* drift again.
+	*
+	* The `note` flags the structural truth: `codex exec` hardcodes
+	* `approval_policy=Never` and ignores `-c approval_policy=...` overrides
+	* (codex-rs/exec/src/lib.rs:407). On enterprise managed configs that
+	* disallow `Never`, dispatch will fail at the apply_patch layer regardless
+	* of substrate's flag — see CODEX_SANDBOX_BLOCK_HINT and the policy ask
+	* document in `docs/2026-05-29-codex-managed-config-policy-ask.md`.
+	*/
+	static TESTED_CLI_VERSION_RANGE = {
+		min: "0.135.0",
+		max: "0.135.0",
+		note: "`codex exec` hardcodes approval_policy=Never (cannot be overridden); on enterprise managed configs disallowing Never, dispatch fails at apply_patch."
+	};
 	_logger;
 	constructor(logger) {
 		this._logger = logger ?? createStderrLogger("codex-adapter");
@@ -9764,12 +9839,14 @@ var CodexCLIAdapter = class {
 				const whichResult = await execAsync$1("which codex", { timeout: 5e3 });
 				cliPath = whichResult.stdout.trim();
 			} catch {}
+			const compat = checkAdapterVersionCompat("codex", output, CodexCLIAdapter.TESTED_CLI_VERSION_RANGE);
 			return {
 				healthy: true,
 				version: output,
 				...cliPath !== void 0 ? { cliPath } : {},
 				detectedBillingModes: CODEX_BILLING_MODES,
-				supportsHeadless: true
+				supportsHeadless: true,
+				...compat.warning !== void 0 ? { compatibilityWarning: compat.warning } : {}
 			};
 		} catch (err) {
 			const message = err instanceof Error ? err.message : String(err);
@@ -9784,30 +9861,37 @@ var CodexCLIAdapter = class {
 	* Build spawn command for a coding task.
 	* Uses: `codex exec` with prompt delivered via stdin.
 	*
-	* `--full-auto` is Codex's documented `exec` convenience alias for
-	* `-a on-request --sandbox workspace-write` — the standard low-friction
-	* non-interactive automation mode. We use this form for three reasons:
+	* `--sandbox workspace-write` is Codex's documented form for non-interactive
+	* automation as of v0.128.0+. The `--full-auto` flag (used in v0.20.136) was
+	* deprecated in Codex v0.128.0 and now prints a warning on every invocation:
+	* `warning: --full-auto is deprecated; use --sandbox workspace-write instead.`
 	*
-	*   1. **It parses cleanly on `exec`.** `--full-auto` is a documented
-	*      subcommand flag (`codex exec --help` lists it). The earlier substrate
-	*      attempts hit two failure modes: `--ask-for-approval` is top-level
-	*      only and errors `unexpected argument` after `exec` (v0.20.131–133),
-	*      and `-c approval_policy=never` parses but gets silently downshifted
-	*      under enterprise cloud-managed policies that disallow `Never`
-	*      (v0.20.134–135 — the operator's pv-core-harness case).
-	*   2. **`OnRequest` works with `apply_patch` in `workspace-write`.** Per
-	*      Codex source (`codex-rs/core/src/safety.rs:33-116`), `OnRequest`
-	*      falls through to `is_write_patch_constrained_to_writable_paths` and
-	*      AUTO-APPROVES `apply_patch` calls when every target path is inside
-	*      the writable roots of an active platform sandbox. So Codex writes
-	*      land in `exec` mode without any approval prompt or escalation.
-	*      `UnlessTrusted` is the only policy with the broken `TODO(ragona)`
-	*      branch that unconditionally asks for approval — we avoid it.
-	*   3. **`OnRequest` is broadly allow-listed.** Enterprise cloud policies
-	*      that disallow `Never` typically still permit `OnRequest`
-	*      (it's strictly more conservative). `--full-auto` is therefore the
-	*      form most likely to work across both unrestricted and managed Codex
-	*      installs.
+	* **There is no flag form that can override `approval_policy` on `codex exec`.**
+	* Per Codex source at tag `rust-v0.134.0`:
+	*   - `codex-rs/exec/src/lib.rs:407` — the `exec` harness hardcodes
+	*     `ConfigOverrides { approval_policy: Some(AskForApproval::Never), ... }`
+	*     unconditionally.
+	*   - `codex-rs/core/src/config/mod.rs:2902-2914` — harness overrides beat
+	*     both `-c approval_policy=...` and any TOML config.
+	*   - `codex-rs/exec/src/cli.rs` + `codex-rs/utils/cli/src/shared_options.rs`
+	*     — zero references to `--ask-for-approval` on the `exec` subcommand;
+	*     `-a` is top-level only and is silently ignored if placed after `exec`.
+	*
+	* So `codex exec` deterministically runs with `approval_policy=Never`,
+	* regardless of what flags substrate passes. On non-enterprise installs
+	* this is fine: `Never` + `--sandbox workspace-write` + `apply_patch` inside
+	* writable roots = auto-approve via the writable-paths fall-through
+	* (`assess_patch_safety` in `codex-rs/core/src/safety.rs:138`).
+	*
+	* On enterprise installs with managed configs that disallow `Never`,
+	* the hardcoded `Some(Never)` fails the constrained-set check, falls back
+	* to `UnlessTrusted`, and `UnlessTrusted` hits a maintainer-flagged defect
+	* (`TODO(ragona)` at `safety.rs:54-58`) that returns `AskUser` unconditionally
+	* — which `exec` mode rejects with `file change approval is not supported`.
+	* **No substrate flag combination unblocks this case**; the structural fix
+	* is either an org-policy change (add `Never` to `allowed_approval_policies`)
+	* or an upstream Codex fix (issue #10949, open since v0.98.0). The
+	* `CODEX_SANDBOX_BLOCK_HINT` below names both escalation paths.
 	*
 	* Not the org-blocked `--dangerously-bypass-approvals-and-sandbox` flag.
 	* The planning command stays read-only (it must not write).
@@ -9817,7 +9901,11 @@ var CodexCLIAdapter = class {
 	* Raw text output is required (same rationale as Claude adapter).
 	*/
 	buildCommand(prompt, options) {
-		const args = ["exec", "--full-auto"];
+		const args = [
+			"exec",
+			"--sandbox",
+			"workspace-write"
+		];
 		if (options.additionalFlags && options.additionalFlags.length > 0) args.push(...options.additionalFlags);
 		const envEntries = {};
 		if (options.apiKey) envEntries.OPENAI_API_KEY = options.apiKey;
@@ -9994,10 +10082,22 @@ function stripCodeFences(raw) {
 * Gemini CLI follows similar patterns to Claude Code: prompt via `-p` flag,
 * JSON output via `--output-format json`, and model via `--model`.
 */
-var GeminiCLIAdapter = class {
+var GeminiCLIAdapter = class GeminiCLIAdapter {
 	id = "gemini";
 	displayName = "Gemini CLI";
 	adapterVersion = "1.0.0";
+	/**
+	* Gemini CLI version range substrate's `buildCommand` has been empirically
+	* verified against (as of substrate v0.20.138 on 2026-05-31). Empirical
+	* audit confirmed `-p`, `-m/--model`, `-o/--output-format` (with choices
+	* `text|json|stream-json`) and the planning command's positional-prompt form
+	* all parse cleanly on both 0.33.0 and 0.44.1 — same flag layer across a
+	* meaningful version span.
+	*/
+	static TESTED_CLI_VERSION_RANGE = {
+		min: "0.33.0",
+		max: "0.44.1"
+	};
 	_logger;
 	constructor(logger) {
 		this._logger = logger ?? createStderrLogger("gemini-adapter");
@@ -10016,12 +10116,14 @@ var GeminiCLIAdapter = class {
 				const whichResult = await execAsync("which gemini", { timeout: 5e3 });
 				cliPath = whichResult.stdout.trim();
 			} catch {}
+			const compat = checkAdapterVersionCompat("gemini", output, GeminiCLIAdapter.TESTED_CLI_VERSION_RANGE);
 			return {
 				healthy: true,
 				version: output,
 				...cliPath !== void 0 ? { cliPath } : {},
 				detectedBillingModes,
-				supportsHeadless: true
+				supportsHeadless: true,
+				...compat.warning !== void 0 ? { compatibilityWarning: compat.warning } : {}
 			};
 		} catch (err) {
 			const message = err instanceof Error ? err.message : String(err);
@@ -11331,4 +11433,4 @@ async function callLLM(params) {
 
 //#endregion
 export { ADVISORY_NOTES, AdapterRegistry, AdtError, BudgetConfigSchema, CODEX_SANDBOX_BLOCK_HINT, CURRENT_CONFIG_FORMAT_VERSION, CURRENT_TASK_GRAPH_VERSION, Categorizer, ClaudeCodeAdapter, CodexCLIAdapter, ConfigError, ConfigIncompatibleFormatError, ConsumerAnalyzer, CostTrackerConfigSchema, DEFAULT_CONFIG, DEFAULT_GLOBAL_SETTINGS, DispatcherImpl, DoltClient, DoltNotInstalled, DoltQueryError, ESCALATION_DIAGNOSIS, EXPERIMENT_RESULT, EfficiencyScorer, GeminiCLIAdapter, GlobalSettingsSchema, InMemoryDatabaseAdapter, IngestionServer, LEARNING_FINDING, LogTurnAnalyzer, ModelRoutingConfigSchema, MonitorDatabaseImpl, OPERATIONAL_FINDING, PartialGlobalSettingsSchema, PartialProviderConfigSchema, ProviderPolicySchema, ProvidersSchema, Recommender, RoutingConfigError, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, STORY_METRICS, STORY_OUTCOME, SubstrateConfigSchema, TASK_TYPE_PHASE_MAP, TEST_EXPANSION_FINDING, TEST_PLAN, TelemetryConfigSchema, TelemetryNormalizer, TelemetryPipeline, TurnAnalyzer, VersionManagerImpl, addTokenUsage, aggregateTokenUsageForRun, aggregateTokenUsageForStory, buildAuditLogEntry, buildBranchName, buildModificationDirective, buildPRBody, buildWorktreePath, callLLM, checkDoltInstalled, classifyVersionGap, compareRunMetrics, createAmendmentRun, createConfigSystem, createDatabaseAdapter as createDatabaseAdapter$1, createDecision, createExperimenter, createPipelineRun, createRequirement, createStderrLogger, createVersionManager, detectCodexSandboxBlock, detectInterfaceChanges, determineVerdict, getActiveDecisions, getAllCostEntriesFiltered, getArtifactByTypeForRun, getArtifactsByRun, getBaselineRunMetrics, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestCompletedRun, getLatestRun, getModelTier, getPipelineRunById, getPlanningCostTotal, getRetryableEscalations, getRunMetrics, getRunningPipelineRuns, getSessionCostSummary, getSessionCostSummaryFiltered, getStoryMetricsForRun, getTokenUsageSummary, incrementRunRestarts, initSchema, initWorkGraphSchema, initializeDolt, listRequirements, listRunMetrics, loadModelRoutingConfig, loadParentRunDecisions, registerArtifact, resolvePromptFile, supersedeDecision, swallowDebug, tagRunAsBaseline, updateDecision, updatePipelineRun, updatePipelineRunConfig, upsertDecision, writeRunMetrics, writeStoryMetrics };
-//# sourceMappingURL=dist-T6ZXe2Q2.js.map
+//# sourceMappingURL=dist-DnvGvKLu.js.map

package/dist/{errors-C-9u7gCX.js → errors-i3s5sshZ.js}

@@ -1,4 +1,4 @@
-import { AdtError } from "./dist-T6ZXe2Q2.js";
+import { AdtError } from "./dist-DnvGvKLu.js";
 
 //#region src/core/errors.ts
 /** Error thrown when task configuration is invalid */
@@ -71,4 +71,4 @@ var TaskGraphIncompatibleFormatError = class extends AdtError {
 
 //#endregion
 export { BudgetExceededError, GitError, RecoveryError, TaskConfigError, TaskGraphCycleError, TaskGraphError, TaskGraphIncompatibleFormatError, WorkerError, WorkerNotFoundError };
-//# sourceMappingURL=errors-C-9u7gCX.js.map
+//# sourceMappingURL=errors-i3s5sshZ.js.map

package/dist/{experimenter-BZ1rtNzK.js → experimenter-DU2Cv51N.js}

@@ -1,3 +1,3 @@
-import { buildAuditLogEntry, buildBranchName, buildModificationDirective, buildPRBody, buildWorktreePath, createExperimenter, determineVerdict, resolvePromptFile } from "./dist-T6ZXe2Q2.js";
+import { buildAuditLogEntry, buildBranchName, buildModificationDirective, buildPRBody, buildWorktreePath, createExperimenter, determineVerdict, resolvePromptFile } from "./dist-DnvGvKLu.js";
 
 export { createExperimenter };

package/dist/{health-COhVUNXM.js → health-2Kfa00-H.js}

@@ -1,6 +1,6 @@
 import { createLogger } from "./logger-KeHncl-f.js";
-import { DoltClient, DoltQueryError, createDatabaseAdapter$1 as createDatabaseAdapter, getLatestRun, getPipelineRunById, initSchema } from "./dist-T6ZXe2Q2.js";
-import { resolveMainRepoRoot, resolveRunManifest } from "./manifest-read-C84VX-CF.js";
+import { DoltClient, DoltQueryError, createDatabaseAdapter$1 as createDatabaseAdapter, getLatestRun, getPipelineRunById, initSchema } from "./dist-DnvGvKLu.js";
+import { resolveMainRepoRoot, resolveRunManifest } from "./manifest-read-DJFbGhSd.js";
 import { createRequire } from "module";
 import { dirname, join } from "path";
 import { existsSync, readFileSync } from "node:fs";
@@ -1000,4 +1000,4 @@ function registerHealthCommand(program, _version = "0.0.0", projectRoot = proces
 
 //#endregion
 export { BMAD_BASELINE_TOKENS_FULL, DEFAULT_STALL_THRESHOLD_SECONDS, FileKvStore, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, SUBSTRATE_OWNED_SETTINGS_KEYS, VALID_PHASES, __commonJS, __require, __toESM, buildPipelineStatusOutput, createDatabaseAdapter$1 as createDatabaseAdapter, createDoltOperatorReader, findPackageRoot, formatOutput, formatPipelineStatusHuman, formatPipelineSummary, formatTokenTelemetry, getAllDescendantPids, getAutoHealthData, getSubstrateDefaultSettings, inspectProcessTree, isOrchestratorProcessLine, parseDbTimestampAsUtc, registerHealthCommand, resolveBmadMethodSrcPath, resolveBmadMethodVersion, runHealthAction, validateStoryKey };
-//# sourceMappingURL=health-COhVUNXM.js.map
+//# sourceMappingURL=health-2Kfa00-H.js.map

package/dist/{health-Dt1yKeE5.js → health-Caa24SFM.js}

@@ -1,7 +1,7 @@
-import { DEFAULT_STALL_THRESHOLD_SECONDS, getAllDescendantPids, getAutoHealthData, inspectProcessTree, isOrchestratorProcessLine, registerHealthCommand, runHealthAction } from "./health-COhVUNXM.js";
+import { DEFAULT_STALL_THRESHOLD_SECONDS, getAllDescendantPids, getAutoHealthData, inspectProcessTree, isOrchestratorProcessLine, registerHealthCommand, runHealthAction } from "./health-2Kfa00-H.js";
 import "./logger-KeHncl-f.js";
-import "./dist-T6ZXe2Q2.js";
-import "./manifest-read-C84VX-CF.js";
+import "./dist-DnvGvKLu.js";
+import "./manifest-read-DJFbGhSd.js";
 import "./work-graph-repository-DZyJv5pV.js";
 import "./decisions-CzSIEeGP.js";
 

package/dist/{index-ChoQK2tb.d.ts → index-BJEANS9i.d.ts}

@@ -971,6 +971,14 @@ interface AdapterHealthResult {
   detectedBillingModes?: BillingMode[];
   /** Whether the CLI supports headless/non-interactive mode */
   supportsHeadless: boolean;
+  /**
+   * Human-readable note when the live CLI version is OUTSIDE substrate's
+   * tested range, OR when the tested range carries an informational caveat
+   * even within range. Surfaced by `substrate health` so operators see drift
+   * as a noisy first-dispatch signal instead of a multi-ship debugging arc.
+   * Pure-helper-computed; see `version-compat.ts`.
+   */
+  compatibilityWarning?: string;
 }
 /**
  * Parsed result from a task execution.
@@ -1260,8 +1268,49 @@ declare class AdapterRegistry {
 }
 
 //#endregion
-//#region packages/core/dist/adapters/claude-adapter.d.ts
+//#region packages/core/dist/adapters/version-compat.d.ts
 //# sourceMappingURL=adapter-registry.d.ts.map
+/**
+ * Per-adapter CLI version compatibility check.
+ *
+ * Each adapter declares a `TestedVersionRange` — the lowest and highest CLI
+ * binary versions substrate's `buildCommand` has been empirically verified
+ * against. At healthCheck time, the adapter compares the live binary's
+ * reported version to that range and emits a human-readable warning when the
+ * live version sits outside it.
+ *
+ * The lesson this addresses (v0.20.131→137 Codex arc): a string-presence
+ * unit test on the args array proves only that substrate constructs the args
+ * it intends to. It does NOT prove that the live CLI binary still accepts or
+ * honors those args. CLI flag forms drift between versions: deprecations,
+ * renames, silent-acceptance-then-ignore, and harness overrides that beat
+ * `-c` config flags. When substrate's tested version range and the live
+ * version diverge, operators should see a noisy first-dispatch warning
+ * pointing at the right place — not a seven-ship arc of fix-shaped
+ * iteration on substrate when the bug actually lives in Codex (or wherever).
+ *
+ * Pure + exported for unit testing; each adapter's healthCheck is the caller.
+ */
+/**
+ * The range of CLI binary versions substrate's adapter has been verified
+ * against. Bumped whenever an adapter author confirms the buildCommand args
+ * still parse and behave correctly on a newer CLI release.
+ */
+interface TestedVersionRange {
+  /** Lowest CLI version substrate has verified against. Inclusive. */
+  min: string;
+  /** Highest CLI version substrate has verified against. Inclusive. */
+  max: string;
+  /**
+   * Optional informational note about known caveats *within* the tested range
+   * (e.g. "Claude Code 2.x silently ignores --max-turns; substrate's
+   * options.maxTurns has no effect"). Surfaced even when compatible.
+   */
+  note?: string;
+}
+
+//#endregion
+//#region packages/core/dist/adapters/claude-adapter.d.ts
 /**
  * Adapter for the Claude Code CLI agent.
  *
@@ -1273,6 +1322,18 @@ declare class ClaudeCodeAdapter implements WorkerAdapter {
   readonly id: AgentId;
   readonly displayName = "Claude Code";
   readonly adapterVersion = "1.0.0";
+  /**
+   * Claude Code CLI version range substrate's `buildCommand` has been
+   * empirically verified against (as of substrate v0.20.138 on 2026-05-31).
+   * `healthCheck` compares the live `claude --version` against this range
+   * and surfaces a warning when the operator's CLI is outside it.
+   *
+   * The `note` flags `--max-turns`: the flag is silently accepted by clap
+   * but not honored — substrate's `options.maxTurns` has no effect on
+   * Claude Code 2.x dispatches. Bumping the upper bound requires re-running
+   * the empirical audit (see `feedback_cli_adapter_empirical_version_match`).
+   */
+  static readonly TESTED_CLI_VERSION_RANGE: TestedVersionRange;
   private readonly _logger;
   constructor(logger?: ILogger);
   /**
@@ -1323,6 +1384,22 @@ declare class CodexCLIAdapter implements WorkerAdapter {
   readonly id: AgentId;
   readonly displayName = "Codex CLI";
   readonly adapterVersion = "1.0.0";
+  /**
+   * Codex CLI version range substrate's `buildCommand` has been empirically
+   * verified against (as of substrate v0.20.138 on 2026-05-31). The range
+   * is narrow because the v0.20.131→137 arc taught us how much can drift
+   * between minor versions — `--full-auto` changed meaning between 0.111.0
+   * and 0.128.0 (deprecated, semantics shifted) and almost certainly will
+   * drift again.
+   *
+   * The `note` flags the structural truth: `codex exec` hardcodes
+   * `approval_policy=Never` and ignores `-c approval_policy=...` overrides
+   * (codex-rs/exec/src/lib.rs:407). On enterprise managed configs that
+   * disallow `Never`, dispatch will fail at the apply_patch layer regardless
+   * of substrate's flag — see CODEX_SANDBOX_BLOCK_HINT and the policy ask
+   * document in `docs/2026-05-29-codex-managed-config-policy-ask.md`.
+   */
+  static readonly TESTED_CLI_VERSION_RANGE: TestedVersionRange;
   private readonly _logger;
   constructor(logger?: ILogger);
   /**
@@ -1333,30 +1410,37 @@ declare class CodexCLIAdapter implements WorkerAdapter {
    * Build spawn command for a coding task.
    * Uses: `codex exec` with prompt delivered via stdin.
    *
-   * `--full-auto` is Codex's documented `exec` convenience alias for
-   * `-a on-request --sandbox workspace-write` — the standard low-friction
-   * non-interactive automation mode. We use this form for three reasons:
+   * `--sandbox workspace-write` is Codex's documented form for non-interactive
+   * automation as of v0.128.0+. The `--full-auto` flag (used in v0.20.136) was
+   * deprecated in Codex v0.128.0 and now prints a warning on every invocation:
+   * `warning: --full-auto is deprecated; use --sandbox workspace-write instead.`
+   *
+   * **There is no flag form that can override `approval_policy` on `codex exec`.**
+   * Per Codex source at tag `rust-v0.134.0`:
+   *   - `codex-rs/exec/src/lib.rs:407` — the `exec` harness hardcodes
+   *     `ConfigOverrides { approval_policy: Some(AskForApproval::Never), ... }`
+   *     unconditionally.
+   *   - `codex-rs/core/src/config/mod.rs:2902-2914` — harness overrides beat
+   *     both `-c approval_policy=...` and any TOML config.
+   *   - `codex-rs/exec/src/cli.rs` + `codex-rs/utils/cli/src/shared_options.rs`
+   *     — zero references to `--ask-for-approval` on the `exec` subcommand;
+   *     `-a` is top-level only and is silently ignored if placed after `exec`.
    *
-   *   1. **It parses cleanly on `exec`.** `--full-auto` is a documented
-   *      subcommand flag (`codex exec --help` lists it). The earlier substrate
-   *      attempts hit two failure modes: `--ask-for-approval` is top-level
-   *      only and errors `unexpected argument` after `exec` (v0.20.131–133),
-   *      and `-c approval_policy=never` parses but gets silently downshifted
-   *      under enterprise cloud-managed policies that disallow `Never`
-   *      (v0.20.134–135 — the operator's pv-core-harness case).
-   *   2. **`OnRequest` works with `apply_patch` in `workspace-write`.** Per
-   *      Codex source (`codex-rs/core/src/safety.rs:33-116`), `OnRequest`
-   *      falls through to `is_write_patch_constrained_to_writable_paths` and
-   *      AUTO-APPROVES `apply_patch` calls when every target path is inside
-   *      the writable roots of an active platform sandbox. So Codex writes
-   *      land in `exec` mode without any approval prompt or escalation.
-   *      `UnlessTrusted` is the only policy with the broken `TODO(ragona)`
-   *      branch that unconditionally asks for approval — we avoid it.
-   *   3. **`OnRequest` is broadly allow-listed.** Enterprise cloud policies
-   *      that disallow `Never` typically still permit `OnRequest`
-   *      (it's strictly more conservative). `--full-auto` is therefore the
-   *      form most likely to work across both unrestricted and managed Codex
-   *      installs.
+   * So `codex exec` deterministically runs with `approval_policy=Never`,
+   * regardless of what flags substrate passes. On non-enterprise installs
+   * this is fine: `Never` + `--sandbox workspace-write` + `apply_patch` inside
+   * writable roots = auto-approve via the writable-paths fall-through
+   * (`assess_patch_safety` in `codex-rs/core/src/safety.rs:138`).
+   *
+   * On enterprise installs with managed configs that disallow `Never`,
+   * the hardcoded `Some(Never)` fails the constrained-set check, falls back
+   * to `UnlessTrusted`, and `UnlessTrusted` hits a maintainer-flagged defect
+   * (`TODO(ragona)` at `safety.rs:54-58`) that returns `AskUser` unconditionally
+   * — which `exec` mode rejects with `file change approval is not supported`.
+   * **No substrate flag combination unblocks this case**; the structural fix
+   * is either an org-policy change (add `Never` to `allowed_approval_policies`)
+   * or an upstream Codex fix (issue #10949, open since v0.98.0). The
+   * `CODEX_SANDBOX_BLOCK_HINT` below names both escalation paths.
    *
    * Not the org-blocked `--dangerously-bypass-approvals-and-sandbox` flag.
    * The planning command stays read-only (it must not write).
@@ -1406,6 +1490,15 @@ declare class GeminiCLIAdapter implements WorkerAdapter {
   readonly id: AgentId;
   readonly displayName = "Gemini CLI";
   readonly adapterVersion = "1.0.0";
+  /**
+   * Gemini CLI version range substrate's `buildCommand` has been empirically
+   * verified against (as of substrate v0.20.138 on 2026-05-31). Empirical
+   * audit confirmed `-p`, `-m/--model`, `-o/--output-format` (with choices
+   * `text|json|stream-json`) and the planning command's positional-prompt form
+   * all parse cleanly on both 0.33.0 and 0.44.1 — same flag layer across a
+   * meaningful version span.
+   */
+  static readonly TESTED_CLI_VERSION_RANGE: TestedVersionRange;
   private readonly _logger;
   constructor(logger?: ILogger);
   /**
@@ -1467,4 +1560,4 @@ interface Recommendation {
 
 //#endregion
 export { AdapterDiscoveryResult, AdapterRegistry as AdapterRegistry$1, AdtError as AdtError$1, ClaudeCodeAdapter as ClaudeCodeAdapter$1, CodexCLIAdapter as CodexCLIAdapter$1, ConfigError as ConfigError$1, ConfigIncompatibleFormatError as ConfigIncompatibleFormatError$1, CoreEvents, DatabaseAdapter, DiscoveryReport, GeminiCLIAdapter as GeminiCLIAdapter$1, Recommendation, TypedEventBus };
-//# sourceMappingURL=index-ChoQK2tb.d.ts.map
+//# sourceMappingURL=index-BJEANS9i.d.ts.map

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { AdapterDiscoveryResult, AdapterRegistry$1 as AdapterRegistry, AdtError$1 as AdtError, ClaudeCodeAdapter$1 as ClaudeCodeAdapter, CodexCLIAdapter$1 as CodexCLIAdapter, ConfigError$1 as ConfigError, ConfigIncompatibleFormatError$1 as ConfigIncompatibleFormatError, DiscoveryReport, GeminiCLIAdapter$1 as GeminiCLIAdapter, Recommendation, TypedEventBus } from "./index-ChoQK2tb.js";
+import { AdapterDiscoveryResult, AdapterRegistry$1 as AdapterRegistry, AdtError$1 as AdtError, ClaudeCodeAdapter$1 as ClaudeCodeAdapter, CodexCLIAdapter$1 as CodexCLIAdapter, ConfigError$1 as ConfigError, ConfigIncompatibleFormatError$1 as ConfigIncompatibleFormatError, DiscoveryReport, GeminiCLIAdapter$1 as GeminiCLIAdapter, Recommendation, TypedEventBus } from "./index-BJEANS9i.js";
 import pino from "pino";
 import { z } from "zod";
 import { Readable, Writable } from "node:stream";
@@ -2162,6 +2162,14 @@ interface AdapterHealthResult {
   detectedBillingModes?: BillingMode[];
   /** Whether the CLI supports headless/non-interactive mode */
   supportsHeadless: boolean;
+  /**
+   * v0.20.138: human-readable note when the live CLI binary version is
+   * outside substrate's tested range, OR when the tested range carries
+   * an informational caveat even within range. Mirrors the field on the
+   * @substrate-ai/core type (separate definition is the same dual-schema
+   * pattern Epic 79's contracts package is designed to consolidate).
+   */
+  compatibilityWarning?: string;
 }
 /**
  * Parsed result from a task execution.

package/dist/index.js

@@ -1,8 +1,8 @@
 import { childLogger, createLogger, logger } from "./logger-KeHncl-f.js";
 import { assertDefined, createEventBus, createTuiApp, deepClone, formatDuration, generateId, isPlainObject, isTuiCapable, printNonTtyWarning, sleep, withRetry } from "./helpers-CElYrONe.js";
-import { AdapterRegistry, AdtError, ClaudeCodeAdapter, CodexCLIAdapter, ConfigError, ConfigIncompatibleFormatError, GeminiCLIAdapter } from "./dist-T6ZXe2Q2.js";
+import { AdapterRegistry, AdtError, ClaudeCodeAdapter, CodexCLIAdapter, ConfigError, ConfigIncompatibleFormatError, GeminiCLIAdapter } from "./dist-DnvGvKLu.js";
 import "./adapter-registry-DIcrxjH8.js";
-import { BudgetExceededError, GitError, RecoveryError, TaskConfigError, TaskGraphCycleError, TaskGraphError, TaskGraphIncompatibleFormatError, WorkerError, WorkerNotFoundError } from "./errors-C-9u7gCX.js";
+import { BudgetExceededError, GitError, RecoveryError, TaskConfigError, TaskGraphCycleError, TaskGraphError, TaskGraphIncompatibleFormatError, WorkerError, WorkerNotFoundError } from "./errors-i3s5sshZ.js";
 
 //#region src/core/di.ts
 /**

package/dist/{interactive-prompt-wZnuOAri.js → interactive-prompt-B91mG5v4.js}

@@ -1,5 +1,5 @@
 import { createLogger } from "./logger-KeHncl-f.js";
-import { readCurrentRunId, resolveMainRepoRoot } from "./manifest-read-C84VX-CF.js";
+import { readCurrentRunId, resolveMainRepoRoot } from "./manifest-read-DJFbGhSd.js";
 import { join } from "node:path";
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import * as readline from "node:readline";
@@ -180,4 +180,4 @@ async function runInteractivePrompt(decisionContext) {
 
 //#endregion
 export { runInteractivePrompt };
-//# sourceMappingURL=interactive-prompt-wZnuOAri.js.map
+//# sourceMappingURL=interactive-prompt-B91mG5v4.js.map

package/dist/{manifest-read-C84VX-CF.js → manifest-read-DJFbGhSd.js}

@@ -1,5 +1,5 @@
 import { createLogger } from "./logger-KeHncl-f.js";
-import { LEARNING_FINDING, createDecision, getDecisionsByCategory } from "./dist-T6ZXe2Q2.js";
+import { LEARNING_FINDING, createDecision, getDecisionsByCategory } from "./dist-DnvGvKLu.js";
 import * as path$1 from "path";
 import { join } from "path";
 import { readFile } from "fs/promises";
@@ -5851,4 +5851,4 @@ async function resolveRunManifest(dbRoot, runId) {
 
 //#endregion
 export { FindingsInjector, RunManifest, RuntimeProbeListSchema, SupervisorLock, ZERO_FINDINGS_BY_AUTHOR, ZERO_FINDING_COUNTS, ZERO_PROBE_AUTHOR_METRICS, aggregateProbeAuthorMetrics, applyConfigToGraph, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectsEventDrivenAC, detectsStateIntegratingAC, extractTargetFilesFromStoryContent, parseRuntimeProbes, readCurrentRunId, renderFindings, resolveGraphPath, resolveMainRepoRoot, resolveRunManifest, rollupFindingCounts, rollupFindingsByAuthor, rollupProbeAuthorByClass, rollupProbeAuthorMetrics, runAcTraceabilityCheck, runStaleVerificationRecovery };
-//# sourceMappingURL=manifest-read-C84VX-CF.js.map
+//# sourceMappingURL=manifest-read-DJFbGhSd.js.map

package/dist/modules/interactive-prompt/index.js

@@ -1,6 +1,6 @@
 import "../../logger-KeHncl-f.js";
-import "../../dist-T6ZXe2Q2.js";
-import "../../manifest-read-C84VX-CF.js";
-import { runInteractivePrompt } from "../../interactive-prompt-wZnuOAri.js";
+import "../../dist-DnvGvKLu.js";
+import "../../manifest-read-DJFbGhSd.js";
+import { runInteractivePrompt } from "../../interactive-prompt-B91mG5v4.js";
 
 export { runInteractivePrompt };

package/dist/{routing-2kbRZmr7.js → routing-DFIBY9Yk.js}

@@ -1,4 +1,4 @@
-import { ModelRoutingConfigSchema, ProviderPolicySchema, RoutingConfigError, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, TASK_TYPE_PHASE_MAP, getModelTier, loadModelRoutingConfig } from "./dist-T6ZXe2Q2.js";
+import { ModelRoutingConfigSchema, ProviderPolicySchema, RoutingConfigError, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, TASK_TYPE_PHASE_MAP, getModelTier, loadModelRoutingConfig } from "./dist-DnvGvKLu.js";
 import "./routing-DFxoKHDt.js";
 
 export { loadModelRoutingConfig };

package/dist/{run-lBgnO-3E.js → run-Dbwlb4Md.js}

@@ -1,11 +1,11 @@
-import { BMAD_BASELINE_TOKENS_FULL, FileKvStore, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, VALID_PHASES, __commonJS, __require, __toESM, buildPipelineStatusOutput, createDatabaseAdapter, formatOutput, formatPipelineSummary, formatTokenTelemetry, inspectProcessTree, parseDbTimestampAsUtc, validateStoryKey } from "./health-COhVUNXM.js";
+import { BMAD_BASELINE_TOKENS_FULL, FileKvStore, STOP_AFTER_VALID_PHASES, STORY_KEY_PATTERN, VALID_PHASES, __commonJS, __require, __toESM, buildPipelineStatusOutput, createDatabaseAdapter, formatOutput, formatPipelineSummary, formatTokenTelemetry, inspectProcessTree, parseDbTimestampAsUtc, validateStoryKey } from "./health-2Kfa00-H.js";
 import { createLogger } from "./logger-KeHncl-f.js";
 import { TypedEventBusImpl, createEventBus, createTuiApp, isTuiCapable, printNonTtyWarning, sleep } from "./helpers-CElYrONe.js";
-import { ADVISORY_NOTES, CODEX_SANDBOX_BLOCK_HINT, Categorizer, ConsumerAnalyzer, DEFAULT_GLOBAL_SETTINGS, DispatcherImpl, DoltClient, ESCALATION_DIAGNOSIS, EXPERIMENT_RESULT, EfficiencyScorer, IngestionServer, LogTurnAnalyzer, OPERATIONAL_FINDING, Recommender, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, STORY_METRICS, STORY_OUTCOME, SubstrateConfigSchema, TEST_EXPANSION_FINDING, TEST_PLAN, TelemetryNormalizer, TelemetryPipeline, TurnAnalyzer, addTokenUsage, aggregateTokenUsageForRun, aggregateTokenUsageForStory, callLLM, classifyVersionGap, createConfigSystem, createDatabaseAdapter$1, createDecision, createPipelineRun, createRequirement, createStderrLogger, detectCodexSandboxBlock, detectInterfaceChanges, getArtifactByTypeForRun, getArtifactsByRun, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestRun, getPipelineRunById, getRunMetrics, getRunningPipelineRuns, getStoryMetricsForRun, getTokenUsageSummary, initSchema, listRequirements, loadModelRoutingConfig, registerArtifact, swallowDebug, updatePipelineRun, updatePipelineRunConfig, upsertDecision, writeRunMetrics, writeStoryMetrics } from "./dist-T6ZXe2Q2.js";
-import { FindingsInjector, RunManifest, RuntimeProbeListSchema, applyConfigToGraph, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectsEventDrivenAC, detectsStateIntegratingAC, extractTargetFilesFromStoryContent, parseRuntimeProbes, renderFindings, resolveGraphPath, resolveMainRepoRoot, runAcTraceabilityCheck, runStaleVerificationRecovery } from "./manifest-read-C84VX-CF.js";
+import { ADVISORY_NOTES, CODEX_SANDBOX_BLOCK_HINT, Categorizer, ConsumerAnalyzer, DEFAULT_GLOBAL_SETTINGS, DispatcherImpl, DoltClient, ESCALATION_DIAGNOSIS, EXPERIMENT_RESULT, EfficiencyScorer, IngestionServer, LogTurnAnalyzer, OPERATIONAL_FINDING, Recommender, RoutingRecommender, RoutingResolver, RoutingTelemetry, RoutingTokenAccumulator, RoutingTuner, STORY_METRICS, STORY_OUTCOME, SubstrateConfigSchema, TEST_EXPANSION_FINDING, TEST_PLAN, TelemetryNormalizer, TelemetryPipeline, TurnAnalyzer, addTokenUsage, aggregateTokenUsageForRun, aggregateTokenUsageForStory, callLLM, classifyVersionGap, createConfigSystem, createDatabaseAdapter$1, createDecision, createPipelineRun, createRequirement, createStderrLogger, detectCodexSandboxBlock, detectInterfaceChanges, getArtifactByTypeForRun, getArtifactsByRun, getDecisionsByCategory, getDecisionsByPhase, getDecisionsByPhaseForRun, getLatestRun, getPipelineRunById, getRunMetrics, getRunningPipelineRuns, getStoryMetricsForRun, getTokenUsageSummary, initSchema, listRequirements, loadModelRoutingConfig, registerArtifact, swallowDebug, updatePipelineRun, updatePipelineRunConfig, upsertDecision, writeRunMetrics, writeStoryMetrics } from "./dist-DnvGvKLu.js";
+import { FindingsInjector, RunManifest, RuntimeProbeListSchema, applyConfigToGraph, createDefaultVerificationPipeline, createGraphOrchestrator, createSdlcCodeReviewHandler, createSdlcCreateStoryHandler, createSdlcDevStoryHandler, createSdlcPhaseHandler, detectsEventDrivenAC, detectsStateIntegratingAC, extractTargetFilesFromStoryContent, parseRuntimeProbes, renderFindings, resolveGraphPath, resolveMainRepoRoot, runAcTraceabilityCheck, runStaleVerificationRecovery } from "./manifest-read-DJFbGhSd.js";
 import { WorkGraphRepository, detectCycles } from "./work-graph-repository-DZyJv5pV.js";
 import { deriveExitCode, routeDecision } from "./decision-router-DblHY8se.js";
-import { runInteractivePrompt } from "./interactive-prompt-wZnuOAri.js";
+import { runInteractivePrompt } from "./interactive-prompt-B91mG5v4.js";
 import { runRecoveryEngine } from "./recovery-engine-BKGBeBnW.js";
 import { basename, dirname, extname, join } from "path";
 import { access, readFile, readdir, stat } from "fs/promises";
@@ -47442,7 +47442,7 @@ async function runFullPipeline(options) {
 */
 async function emitPreDispatchVersionAdvisory(currentVersion) {
 	if (process.env["SUBSTRATE_NO_UPDATE_CHECK"] === "1") return;
-	const { createVersionManager } = await import("./version-manager-impl-BLXt2ucf.js");
+	const { createVersionManager } = await import("./version-manager-impl-C7ZhqLX3.js");
 	const vm = createVersionManager();
 	const result = await vm.checkForUpdates(true);
 	const gap = classifyVersionGap(currentVersion, result.latestVersion);
@@ -47539,4 +47539,4 @@ function registerRunCommand(program, version = "0.0.0", projectRoot = process.cw
 
 //#endregion
 export { AdapterTelemetryPersistence, AppError, DoltRepoMapMetaRepository, DoltSymbolRepository, ERR_REPO_MAP_STORAGE_WRITE, EpicIngester, GLOBSTAR$1 as GLOBSTAR, GitClient, GrammarLoader, Minimatch$1 as Minimatch, Minipass, RepoMapInjector, RepoMapModule, RepoMapQueryEngine, RepoMapStorage, SymbolParser, createContextCompiler, createDispatcher, createEventEmitter, createGitWorktreeManager, createImplementationOrchestrator, createPackLoader, createPhaseOrchestrator, createStopAfterGate, createTelemetryAdvisor, escape$1 as escape, formatPhaseCompletionSummary, getFactoryRunSummaries, getScenarioResultsForRun, getTwinRunsForRun, listGraphRuns, normalizeGraphSummaryToStatus, registerExportCommand, registerFactoryCommand, registerRunCommand, registerScenariosCommand, resolveMaxReviewCycles, resolveProbeAuthorStateIntegrating, resolveStoryKeys, runAnalysisPhase, runPlanningPhase, runProbeAuthor, runRunAction, runSolutioningPhase, unescape$1 as unescape, validateStopAfterFromConflict, wireNdjsonEmitter };
-//# sourceMappingURL=run-lBgnO-3E.js.map
+//# sourceMappingURL=run-Dbwlb4Md.js.map

package/dist/{run-rq4X93Bs.js → run-Ppco-3HT.js}

@@ -1,14 +1,14 @@
-import "./health-COhVUNXM.js";
+import "./health-2Kfa00-H.js";
 import "./logger-KeHncl-f.js";
 import "./helpers-CElYrONe.js";
-import "./dist-T6ZXe2Q2.js";
-import { normalizeGraphSummaryToStatus, registerRunCommand, resolveMaxReviewCycles, resolveProbeAuthorStateIntegrating, runRunAction, wireNdjsonEmitter } from "./run-lBgnO-3E.js";
-import "./manifest-read-C84VX-CF.js";
+import "./dist-DnvGvKLu.js";
+import { normalizeGraphSummaryToStatus, registerRunCommand, resolveMaxReviewCycles, resolveProbeAuthorStateIntegrating, runRunAction, wireNdjsonEmitter } from "./run-Dbwlb4Md.js";
+import "./manifest-read-DJFbGhSd.js";
 import "./routing-DFxoKHDt.js";
 import "./work-graph-repository-DZyJv5pV.js";
 import "./decisions-CzSIEeGP.js";
 import "./decision-router-DblHY8se.js";
-import "./interactive-prompt-wZnuOAri.js";
+import "./interactive-prompt-B91mG5v4.js";
 import "./recovery-engine-BKGBeBnW.js";
 
 export { runRunAction };

package/dist/src/modules/recovery-engine/index.d.ts

@@ -1,4 +1,4 @@
-import { CoreEvents, DatabaseAdapter, TypedEventBus } from "../../../index-ChoQK2tb.js";
+import { CoreEvents, DatabaseAdapter, TypedEventBus } from "../../../index-BJEANS9i.js";
 import { z } from "zod";
 
 //#region packages/sdlc/dist/verification/findings.d.ts

package/dist/{upgrade-DjJ4uqLJ.js → upgrade-CnIsoLpT.js}

@@ -1,5 +1,5 @@
-import "./dist-T6ZXe2Q2.js";
+import "./dist-DnvGvKLu.js";
 import "./version-manager-impl-qFBiO4Eh.js";
-import { isGlobalInstall, registerUpgradeCommand, runUpgradeCommand } from "./upgrade-CZMWjtYN.js";
+import { isGlobalInstall, registerUpgradeCommand, runUpgradeCommand } from "./upgrade-yULZIAAW.js";
 
 export { isGlobalInstall, registerUpgradeCommand, runUpgradeCommand };

package/dist/{upgrade-CZMWjtYN.js → upgrade-yULZIAAW.js}

@@ -1,4 +1,4 @@
-import { createVersionManager } from "./dist-T6ZXe2Q2.js";
+import { createVersionManager } from "./dist-DnvGvKLu.js";
 import { execSync, spawn } from "child_process";
 import * as readline from "readline";
 
@@ -123,4 +123,4 @@ function registerUpgradeCommand(program) {
 
 //#endregion
 export { isGlobalInstall, registerUpgradeCommand, runUpgradeCommand };
-//# sourceMappingURL=upgrade-CZMWjtYN.js.map
+//# sourceMappingURL=upgrade-yULZIAAW.js.map

package/dist/{version-manager-impl-BLXt2ucf.js → version-manager-impl-C7ZhqLX3.js}

@@ -1,4 +1,4 @@
-import { VersionManagerImpl, createVersionManager } from "./dist-T6ZXe2Q2.js";
+import { VersionManagerImpl, createVersionManager } from "./dist-DnvGvKLu.js";
 import "./version-manager-impl-qFBiO4Eh.js";
 
 export { createVersionManager };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "substrate-ai",
-  "version": "0.20.136",
+  "version": "0.20.138",
   "description": "Substrate — multi-agent orchestration daemon for AI coding agents",
   "type": "module",
   "license": "MIT",

package/dist/adapter-registry-JR4v2z6n.js

@@ -1,4 +0,0 @@
-import { AdapterRegistry } from "./dist-T6ZXe2Q2.js";
-import "./adapter-registry-DIcrxjH8.js";
-
-export { AdapterRegistry };