@clinebot/core 0.0.33 → 0.0.34

package/src/extensions/plugin/plugin-sandbox.ts

@@ -4,6 +4,7 @@ import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 import type { AgentConfig, HookStage, Tool } from "@clinebot/shared";
 import { SubprocessSandbox } from "../../runtime/subprocess-sandbox";
+import type { PluginLoadDiagnostics } from "./plugin-load-report";
 
 export interface PluginSandboxOptions {
 	pluginPaths: string[];
@@ -31,6 +32,7 @@ type SandboxedContributionDescriptor = {
 
 type SandboxedPluginDescriptor = {
 	pluginId: string;
+	pluginPath: string;
 	name: string;
 	manifest: AgentExtension["manifest"];
 	contributions: {
@@ -43,6 +45,10 @@ type SandboxedPluginDescriptor = {
 	};
 };
 
+type SandboxedInitializeResult = {
+	plugins: SandboxedPluginDescriptor[];
+} & PluginLoadDiagnostics;
+
 function isUnknownPluginIdError(error: unknown): boolean {
 	const message = error instanceof Error ? error.message : String(error);
 	return message.includes("Unknown sandbox plugin id:");
@@ -153,10 +159,12 @@ function withTimeoutFallback(
 
 export async function loadSandboxedPlugins(
 	options: PluginSandboxOptions,
-): Promise<{
-	extensions: AgentConfig["extensions"];
-	shutdown: () => Promise<void>;
-}> {
+): Promise<
+	{
+		extensions: AgentConfig["extensions"];
+		shutdown: () => Promise<void>;
+	} & PluginLoadDiagnostics
+> {
 	const sandbox = new SubprocessSandbox({
 		name: "plugin-sandbox",
 		...("file" in BOOTSTRAP
@@ -187,9 +195,9 @@ export async function loadSandboxedPlugins(
 		return reinitPromise;
 	};
 
-	let descriptors: SandboxedPluginDescriptor[];
+	let initialized: SandboxedInitializeResult;
 	try {
-		descriptors = await sandbox.call<SandboxedPluginDescriptor[]>(
+		initialized = await sandbox.call<SandboxedInitializeResult>(
 			"initialize",
 			initArgs,
 			{ timeoutMs: importTimeoutMs },
@@ -200,6 +208,7 @@ export async function loadSandboxedPlugins(
 		});
 		throw error;
 	}
+	const descriptors = initialized.plugins;
 
 	const extensions: NonNullable<AgentConfig["extensions"]> = descriptors.map(
 		(descriptor) => {
@@ -239,9 +248,11 @@ export async function loadSandboxedPlugins(
 
 	return {
 		extensions,
+		failures: initialized.failures,
 		shutdown: async () => {
 			await sandbox.shutdown();
 		},
+		warnings: initialized.warnings,
 	};
 }
 

package/src/index.ts

@@ -128,6 +128,13 @@ export {
 	OCI_HEADER_OPC_REQUEST_ID,
 	refreshOcaToken,
 } from "./auth/oca";
+export type {
+	LocalOAuthServer,
+	LocalOAuthServerOptions,
+	OAuthCallbackPayload,
+	OAuthServerCloseInfo,
+	OAuthServerListeningInfo,
+} from "./auth/server";
 export { startLocalOAuthServer } from "./auth/server";
 export type {
 	OAuthCredentials,
@@ -163,12 +170,16 @@ export {
 } from "./chat/chat-schema";
 export type {
 	LoadAgentPluginFromPathOptions,
+	PluginInitializationFailure,
+	PluginInitializationWarning,
+	PluginLoadDiagnostics,
 	ResolveAgentPluginPathsOptions,
 } from "./extensions";
 export {
 	discoverPluginModulePaths,
 	loadAgentPluginFromPath,
 	loadAgentPluginsFromPaths,
+	loadAgentPluginsFromPathsWithDiagnostics,
 	resolveAgentPluginPaths,
 	resolveAndLoadAgentPlugins,
 	resolvePluginConfigSearchPaths,

package/src/runtime/hook-file-hooks.test.ts

@@ -50,7 +50,12 @@ describe("createHookConfigFileHooks", () => {
 			});
 			expect(hooks).toBeUndefined();
 		} finally {
-			await rm(workspace, { recursive: true, force: true });
+			await rm(workspace, {
+				recursive: true,
+				force: true,
+				maxRetries: 3,
+				retryDelay: 250,
+			});
 		}
 	});
 
@@ -78,7 +83,12 @@ describe("createHookConfigFileHooks", () => {
 			});
 			expect(control).toMatchObject({ cancel: true, context: "legacy-ok" });
 		} finally {
-			await rm(workspace, { recursive: true, force: true });
+			await rm(workspace, {
+				recursive: true,
+				force: true,
+				maxRetries: 3,
+				retryDelay: 250,
+			});
 		}
 	});
 
@@ -106,7 +116,12 @@ describe("createHookConfigFileHooks", () => {
 			});
 			expect(control).toMatchObject({ cancel: false, context: "shebang-ok" });
 		} finally {
-			await rm(workspace, { recursive: true, force: true });
+			await rm(workspace, {
+				recursive: true,
+				force: true,
+				maxRetries: 3,
+				retryDelay: 250,
+			});
 		}
 	});
 
@@ -137,7 +152,12 @@ describe("createHookConfigFileHooks", () => {
 				context: "needs-review",
 			});
 		} finally {
-			await rm(workspace, { recursive: true, force: true });
+			await rm(workspace, {
+				recursive: true,
+				force: true,
+				maxRetries: 3,
+				retryDelay: 250,
+			});
 		}
 	});
 
@@ -168,7 +188,12 @@ describe("createHookConfigFileHooks", () => {
 				context: "python-ok",
 			});
 		} finally {
-			await rm(workspace, { recursive: true, force: true });
+			await rm(workspace, {
+				recursive: true,
+				force: true,
+				maxRetries: 3,
+				retryDelay: 250,
+			});
 		}
 	});
 
@@ -201,7 +226,12 @@ describe("createHookConfigFileHooks", () => {
 					context: "powershell-ok",
 				});
 			} finally {
-				await rm(workspace, { recursive: true, force: true });
+				await rm(workspace, {
+					recursive: true,
+					force: true,
+					maxRetries: 3,
+					retryDelay: 250,
+				});
 			}
 		},
 	);
@@ -231,7 +261,12 @@ describe("createHookConfigFileHooks", () => {
 			expect(payload.hookName).toBe("agent_error");
 			expect(payload.error?.message).toBe("401 unauthorized");
 		} finally {
-			await rm(workspace, { recursive: true, force: true });
+			await rm(workspace, {
+				recursive: true,
+				force: true,
+				maxRetries: 3,
+				retryDelay: 250,
+			});
 		}
 	});
 

package/src/runtime/runtime-builder.test.ts

@@ -186,6 +186,22 @@ describe("DefaultRuntimeBuilder", () => {
 		expect(runtime.tools).toEqual([]);
 	});
 
+	it("omits tools disabled by policy from the advertised runtime tool list", async () => {
+		const runtime = await new DefaultRuntimeBuilder().build({
+			config: makeBaseConfig({
+				toolPolicies: {
+					run_commands: { enabled: false },
+					read_files: { enabled: false },
+				},
+			}),
+		});
+
+		const names = runtime.tools.map((tool) => tool.name);
+		expect(names).not.toContain("run_commands");
+		expect(names).not.toContain("read_files");
+		expect(names).toContain("search_codebase");
+	});
+
 	it("adds spawn tool when enabled", async () => {
 		const runtime = await new DefaultRuntimeBuilder().build({
 			config: makeBaseConfig({
@@ -284,6 +300,88 @@ process.stdin.on("data", (chunk) => {
 		}
 	});
 
+	it("skips MCP settings tools when disableMcpSettingsTools is true", async () => {
+		const tempRoot = mkdtempSync(
+			join(tmpdir(), "runtime-builder-mcp-disabled-"),
+		);
+		const serverPath = join(tempRoot, "mock-mcp-server.js");
+		const settingsPath = join(tempRoot, "cline_mcp_settings.json");
+		const previousSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;
+
+		writeFileSync(
+			serverPath,
+			`let buffer = "";
+function write(payload) {
+  const body = JSON.stringify(payload);
+  process.stdout.write("Content-Length: " + Buffer.byteLength(body, "utf8") + "\\r\\n\\r\\n" + body);
+}
+function handle(message) {
+  if (message.method === "initialize") {
+    write({ jsonrpc: "2.0", id: message.id, result: { protocolVersion: "2024-11-05", capabilities: { tools: {} }, serverInfo: { name: "mock", version: "1.0.0" } } });
+    return;
+  }
+  if (message.method === "tools/list") {
+    write({ jsonrpc: "2.0", id: message.id, result: { tools: [{ name: "echo", description: "Echo tool", inputSchema: { type: "object", properties: { value: { type: "string" } }, required: [] } }] } });
+    return;
+  }
+  if (message.method === "tools/call") {
+    write({ jsonrpc: "2.0", id: message.id, result: { echoed: message.params?.arguments?.value ?? null } });
+  }
+}
+process.stdin.on("data", (chunk) => {
+  buffer += chunk.toString("utf8");
+  while (true) {
+    const separator = buffer.indexOf("\\r\\n\\r\\n");
+    if (separator < 0) break;
+    const header = buffer.slice(0, separator);
+    const match = header.match(/Content-Length:\\s*(\\d+)/i);
+    if (!match) throw new Error("missing content length");
+    const length = Number(match[1]);
+    const start = separator + 4;
+    const end = start + length;
+    if (buffer.length < end) break;
+    const body = buffer.slice(start, end);
+    buffer = buffer.slice(end);
+    const message = JSON.parse(body);
+    if (message.method === "notifications/initialized") continue;
+    handle(message);
+  }
+});`,
+			"utf8",
+		);
+		writeFileSync(
+			settingsPath,
+			JSON.stringify(
+				{
+					mcpServers: {
+						mock: {
+							command: process.execPath,
+							args: [serverPath],
+						},
+					},
+				},
+				null,
+				2,
+			),
+			"utf8",
+		);
+
+		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;
+		try {
+			const runtime = await new DefaultRuntimeBuilder().build({
+				config: makeBaseConfig({
+					disableMcpSettingsTools: true,
+				}),
+			});
+			expect(runtime.tools.map((tool) => tool.name)).not.toContain(
+				"mock__echo",
+			);
+			await runtime.shutdown("test");
+		} finally {
+			process.env.CLINE_MCP_SETTINGS_PATH = previousSettingsPath;
+		}
+	});
+
 	it("skips broken MCP servers without crashing", async () => {
 		const tempRoot = mkdtempSync(join(tmpdir(), "runtime-builder-mcp-bad-"));
 		const serverPath = join(tempRoot, "malformed-mcp-server.js");

package/src/runtime/runtime-builder.ts

@@ -39,7 +39,6 @@ import type {
 	RuntimeBuilderInput,
 	BuiltRuntime as RuntimeEnvironment,
 } from "./session-runtime";
-import { TeamRuntimeRegistry } from "./team-runtime-registry";
 
 type SkillsExecutorMetadataItem = {
 	id: string;
@@ -52,6 +51,29 @@ type SkillsExecutorWithMetadata = SkillsExecutor & {
 	configuredSkills?: SkillsExecutorMetadataItem[];
 };
 
+function isToolEnabledByPolicies(
+	toolName: string,
+	toolPolicies: CoreSessionConfig["toolPolicies"],
+): boolean {
+	const globalPolicy = toolPolicies?.["*"] ?? {};
+	const toolPolicy = toolPolicies?.[toolName] ?? {};
+	return (
+		{
+			...globalPolicy,
+			...toolPolicy,
+		}.enabled !== false
+	);
+}
+
+function filterToolsByPolicies(
+	tools: Tool[],
+	toolPolicies: CoreSessionConfig["toolPolicies"],
+): Tool[] {
+	return tools.filter((tool) =>
+		isToolEnabledByPolicies(tool.name, toolPolicies),
+	);
+}
+
 export function createTeamName(): string {
 	return `team-${nanoid(5)}`;
 }
@@ -63,6 +85,7 @@ function createBuiltinToolsList(
 	yolo: boolean | undefined,
 	modelId: string,
 	toolRoutingRules: ToolRoutingRule[] | undefined,
+	toolPolicies: CoreSessionConfig["toolPolicies"],
 	skillsExecutor?: SkillsExecutorWithMetadata,
 	executorOverrides?: Partial<ToolExecutors>,
 ): Tool[] {
@@ -74,20 +97,23 @@ function createBuiltinToolsList(
 		toolRoutingRules ?? DEFAULT_MODEL_TOOL_ROUTING_RULES,
 	);
 
-	return createBuiltinTools({
-		cwd,
-		...preset,
-		enableSkills: !!skillsExecutor,
-		...toolRoutingConfig,
-		executors: {
-			...(skillsExecutor
-				? {
-						skills: skillsExecutor,
-					}
-				: {}),
-			...(executorOverrides ?? {}),
-		},
-	});
+	return filterToolsByPolicies(
+		createBuiltinTools({
+			cwd,
+			...preset,
+			enableSkills: !!skillsExecutor,
+			...toolRoutingConfig,
+			executors: {
+				...(skillsExecutor
+					? {
+							skills: skillsExecutor,
+						}
+					: {}),
+				...(executorOverrides ?? {}),
+			},
+		}),
+		toolPolicies,
+	);
 }
 
 const SKILL_FILE_NAME = "SKILL.md";
@@ -96,7 +122,7 @@ function listAvailableSkillNames(
 	watcher: UserInstructionConfigWatcher,
 	allowedSkillNames?: ReadonlyArray<string>,
 ): string[] {
-	return listConfiguredSkills(watcher, allowedSkillNames)
+	return getConfiguredSkills(watcher, allowedSkillNames)
 		.filter((skill) => !skill.disabled)
 		.map((skill) => skill.name.trim())
 		.filter((name) => name.length > 0)
@@ -143,10 +169,14 @@ function isSkillAllowed(
 	);
 }
 
-function listConfiguredSkills(
+type ConfiguredSkill = SkillsExecutorMetadataItem & {
+	skill: SkillConfig;
+};
+
+function getConfiguredSkills(
 	watcher: UserInstructionConfigWatcher,
 	allowedSkillNames?: ReadonlyArray<string>,
-): SkillsExecutorMetadataItem[] {
+): ConfiguredSkill[] {
 	const allowedSkills = toAllowedSkillSet(allowedSkillNames);
 	const snapshot = watcher.getSnapshot("skill");
 	return [...snapshot.entries()]
@@ -157,6 +187,7 @@ function listConfiguredSkills(
 				name: skill.name.trim(),
 				description: skill.description?.trim(),
 				disabled: skill.disabled === true,
+				skill,
 			};
 		})
 		.filter((skill) => isSkillAllowed(skill.id, skill.name, allowedSkills));
@@ -254,28 +285,22 @@ function resolveSkillRecord(
 	requestedSkill: string,
 	allowedSkillNames?: ReadonlyArray<string>,
 ): { id: string; skill: SkillConfig } | { error: string } {
-	const allowedSkills = toAllowedSkillSet(allowedSkillNames);
 	const normalized = requestedSkill.trim().replace(/^\/+/, "").toLowerCase();
 	if (!normalized) {
 		return { error: "Missing skill name." };
 	}
 
-	const snapshot = watcher.getSnapshot("skill");
-	const scopedEntries = [...snapshot.entries()].filter(([id, record]) => {
-		const skill = record.item as SkillConfig;
-		return isSkillAllowed(id, skill.name, allowedSkills);
-	});
-	const scopedSnapshot = new Map(scopedEntries);
-	const exact = scopedSnapshot.get(normalized);
+	const configuredSkills = getConfiguredSkills(watcher, allowedSkillNames);
+	const exact = configuredSkills.find((entry) => entry.id === normalized);
 	if (exact) {
-		const skill = exact.item as SkillConfig;
+		const { skill } = exact;
 		if (skill.disabled === true) {
 			return {
 				error: `Skill "${skill.name}" is configured but disabled.`,
 			};
 		}
 		return {
-			id: normalized,
+			id: exact.id,
 			skill,
 		};
 	}
@@ -284,30 +309,38 @@ function resolveSkillRecord(
 		? (normalized.split(":").at(-1) ?? normalized)
 		: normalized;
 
-	const suffixMatches = [...scopedSnapshot.entries()].filter(([id]) => {
+	const suffixMatches = configuredSkills.filter(({ id }) => {
 		if (id === bareName) {
 			return true;
 		}
 		return id.endsWith(`:${bareName}`);
 	});
 
+	const enabledSuffixMatches = suffixMatches.filter(
+		({ skill }) => skill.disabled !== true,
+	);
+
+	if (enabledSuffixMatches.length === 1) {
+		const { id, skill } = enabledSuffixMatches[0];
+		return { id, skill };
+	}
+
+	if (enabledSuffixMatches.length > 1) {
+		return {
+			error: `Skill "${requestedSkill}" is ambiguous. Use one of: ${enabledSuffixMatches.map(({ id }) => id).join(", ")}`,
+		};
+	}
+
 	if (suffixMatches.length === 1) {
-		const [id, record] = suffixMatches[0];
-		const skill = record.item as SkillConfig;
-		if (skill.disabled === true) {
-			return {
-				error: `Skill "${skill.name}" is configured but disabled.`,
-			};
-		}
+		const { skill } = suffixMatches[0];
 		return {
-			id,
-			skill,
+			error: `Skill "${skill.name}" is configured but disabled.`,
 		};
 	}
 
 	if (suffixMatches.length > 1) {
 		return {
-			error: `Skill "${requestedSkill}" is ambiguous. Use one of: ${suffixMatches.map(([id]) => id).join(", ")}`,
+			error: `Skill "${requestedSkill}" is ambiguous, and all matches are disabled: ${suffixMatches.map(({ id }) => id).join(", ")}`,
 		};
 	}
 
@@ -354,7 +387,10 @@ function createSkillsExecutor(
 		}
 	};
 	Object.defineProperty(executor, "configuredSkills", {
-		get: () => listConfiguredSkills(watcher, allowedSkillNames),
+		get: () =>
+			getConfiguredSkills(watcher, allowedSkillNames).map(
+				({ skill: _skill, ...metadata }) => metadata,
+			),
 		enumerable: true,
 		configurable: false,
 	});
@@ -386,6 +422,7 @@ function normalizeConfig(
 		| "enableTools"
 		| "enableSpawnAgent"
 		| "enableAgentTeams"
+		| "disableMcpSettingsTools"
 		| "yolo"
 		| "missionLogIntervalSteps"
 		| "missionLogIntervalMs"
@@ -407,6 +444,7 @@ function normalizeConfig(
 			config.enableSpawnAgent ?? preset.enableSpawnAgent ?? true,
 		enableAgentTeams:
 			config.enableAgentTeams ?? preset.enableAgentTeams ?? true,
+		disableMcpSettingsTools: config.disableMcpSettingsTools === true,
 		yolo: config.yolo === true,
 		missionLogIntervalSteps:
 			typeof config.missionLogIntervalSteps === "number" &&
@@ -422,7 +460,15 @@ function normalizeConfig(
 }
 
 export class DefaultRuntimeBuilder implements RuntimeBuilder {
-	private readonly teamRuntimeRegistry = new TeamRuntimeRegistry();
+	private readonly teamRuntimeEntries = new Map<
+		string,
+		{
+			runtime?: AgentTeamsRuntime;
+			delegatedAgentConfigProvider: ReturnType<
+				typeof createDelegatedAgentConfigProvider
+			>;
+		}
+	>();
 
 	async build(input: RuntimeBuilderInput): Promise<RuntimeEnvironment> {
 		const {
@@ -440,6 +486,7 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 		const normalized = normalizeConfig(config);
 		const tools: Tool[] = [];
 		const effectiveTeamName = config.teamName?.trim() || createTeamName();
+		const hasLocalSkills = hasSkillsFiles(config.cwd);
 		let teamToolsRegistered = false;
 		const watcherProvided = Boolean(sharedUserInstructionWatcher);
 		let userInstructionWatcher = sharedUserInstructionWatcher;
@@ -447,11 +494,7 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 		let skillsExecutor: SkillsExecutorWithMetadata | undefined;
 		let mcpShutdown: (() => Promise<void>) | undefined;
 
-		if (
-			!userInstructionWatcher &&
-			normalized.enableTools &&
-			hasSkillsFiles(config.cwd)
-		) {
+		if (!userInstructionWatcher && normalized.enableTools && hasLocalSkills) {
 			userInstructionWatcher = createUserInstructionConfigWatcher({
 				skills: { workspacePath: config.cwd },
 				rules: { workspacePath: config.cwd },
@@ -464,8 +507,8 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 			normalized.enableTools &&
 			userInstructionWatcher &&
 			(watcherProvided ||
-				hasSkillsFiles(config.cwd) ||
-				listConfiguredSkills(userInstructionWatcher, config.skills).length > 0)
+				hasLocalSkills ||
+				getConfiguredSkills(userInstructionWatcher, config.skills).length > 0)
 		) {
 			skillsExecutor = createSkillsExecutor(
 				userInstructionWatcher,
@@ -483,13 +526,16 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 					normalized.yolo,
 					config.modelId,
 					config.toolRoutingRules,
+					config.toolPolicies,
 					skillsExecutor,
 					defaultToolExecutors,
 				),
 			);
-			const mcpRuntime = await loadConfiguredMcpTools(config.logger);
-			tools.push(...mcpRuntime.tools);
-			mcpShutdown = mcpRuntime.shutdown;
+			if (!normalized.disableMcpSettingsTools) {
+				const mcpRuntime = await loadConfiguredMcpTools(config.logger);
+				tools.push(...mcpRuntime.tools);
+				mcpShutdown = mcpRuntime.shutdown;
+			}
 		}
 
 		let teamRuntime: AgentTeamsRuntime | undefined;
@@ -526,21 +572,21 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 			telemetry: input.telemetry ?? config.telemetry,
 			workspaceMetadata: config.workspaceMetadata,
 		});
-		this.teamRuntimeRegistry.getOrCreate(registryKey, () => ({
-			delegatedAgentConfigProvider,
-		}));
+		if (!this.teamRuntimeEntries.has(registryKey)) {
+			this.teamRuntimeEntries.set(registryKey, {
+				delegatedAgentConfigProvider,
+			});
+		}
 
 		const ensureTeamRuntime = (): AgentTeamsRuntime | undefined => {
 			if (!normalized.enableAgentTeams) {
 				return undefined;
 			}
 
-			const registryEntry = this.teamRuntimeRegistry.getOrCreate(
-				registryKey,
-				() => ({
-					delegatedAgentConfigProvider,
-				}),
-			);
+			const registryEntry = this.teamRuntimeEntries.get(registryKey) ?? {
+				delegatedAgentConfigProvider,
+			};
+			this.teamRuntimeEntries.set(registryKey, registryEntry);
 			teamRuntime = registryEntry.runtime;
 
 			if (!teamRuntime) {
@@ -592,7 +638,7 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 				const factory = input.teamToolsFactory ?? bootstrapAgentTeams;
 				const teamBootstrap = factory({
 					runtime: teamRuntime,
-					leadAgentId: "lead",
+					leadAgentId: config.sessionId || "lead",
 					restoredFromPersistence: Boolean(restoredTeamState),
 					restoredTeammates: restoredTeammateSpecs,
 					includeLeadSpawnTool: true,
@@ -610,6 +656,7 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 									normalized.yolo,
 									config.modelId,
 									config.toolRoutingRules,
+									config.toolPolicies,
 									skillsExecutor,
 									defaultToolExecutors,
 								)
@@ -643,7 +690,7 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 
 		const completionGuard = normalized.enableAgentTeams
 			? () => {
-					const rt = this.teamRuntimeRegistry.get(registryKey)?.runtime;
+					const rt = this.teamRuntimeEntries.get(registryKey)?.runtime;
 					if (!rt) return undefined;
 					const tasks = rt.listTasks();
 					const hasInProgress = tasks.some(
@@ -675,13 +722,13 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 			: undefined;
 
 		return {
-			tools,
+			tools: filterToolsByPolicies(tools, config.toolPolicies),
 			logger: logger ?? config.logger,
 			telemetry: telemetry ?? config.telemetry,
 			teamRuntime,
 			teamRestoredFromPersistence: Boolean(restoredTeamState),
 			delegatedAgentConfigProvider:
-				this.teamRuntimeRegistry.get(registryKey)
+				this.teamRuntimeEntries.get(registryKey)
 					?.delegatedAgentConfigProvider ?? delegatedAgentConfigProvider,
 			completionGuard,
 			registerLeadAgent: (agent) => {
@@ -692,7 +739,7 @@ export class DefaultRuntimeBuilder implements RuntimeBuilder {
 			},
 			shutdown: async (reason: string) => {
 				shutdownTeamRuntime(teamRuntime, reason);
-				this.teamRuntimeRegistry.delete(registryKey);
+				this.teamRuntimeEntries.delete(registryKey);
 				await mcpShutdown?.();
 				if (!watcherProvided) {
 					userInstructionWatcher?.stop();