@team-agent/installer 0.2.0 → 0.2.2

package/src/team_agent/lifecycle/paste_buffer_hygiene.py

@@ -0,0 +1,39 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any
+
+from team_agent.events import EventLog
+
+_TEAM_AGENT_BUFFER_PREFIXES = ("team-agent-send-", "team-agent-leader-receiver-", "team-agent-")
+
+
+def _is_team_agent_buffer(name: str) -> bool:
+    return any(name.startswith(prefix) for prefix in _TEAM_AGENT_BUFFER_PREFIXES)
+
+
+def cleanup_stale_team_agent_buffers(workspace: Path, event_log: EventLog, *, context: str) -> dict[str, Any]:
+    from team_agent.runtime import run_cmd
+    proc = run_cmd(["tmux", "list-buffers", "-F", "#{buffer_name}"], timeout=5)
+    if proc.returncode != 0:
+        event_log.write("paste_buffer_hygiene.list_failed", context=context, stderr=proc.stderr.strip()[:200])
+        return {"ok": False, "deleted": [], "reason": "list_buffers_failed"}
+    names = [line.strip() for line in proc.stdout.splitlines() if line.strip()]
+    targets = [name for name in names if _is_team_agent_buffer(name)]
+    deleted: list[str] = []
+    for name in targets:
+        delete_proc = run_cmd(["tmux", "delete-buffer", "-b", name], timeout=5)
+        if delete_proc.returncode == 0:
+            deleted.append(name)
+    if deleted:
+        event_log.write(
+            "paste_buffer_hygiene.prevented_resume_injection",
+            context=context,
+            deleted_buffers=deleted,
+            scanned_count=len(names),
+            matched_count=len(targets),
+        )
+    return {"ok": True, "deleted": deleted, "scanned": len(names), "matched": len(targets)}
+
+
+__all__ = ["cleanup_stale_team_agent_buffers"]

package/src/team_agent/lifecycle/start.py

@@ -219,6 +219,8 @@ def _start_agent_unlocked(workspace: Path, agent_id: str, force: bool, open_disp
             reason="rollout_missing" if start_mode == "fresh_after_missing_rollout" else "session_id_missing",
         )
 
+    from team_agent.lifecycle.paste_buffer_hygiene import cleanup_stale_team_agent_buffers
+    cleanup_stale_team_agent_buffers(workspace, event_log, context=f"start_agent:{agent_id}")
     tmux_cmd, tmux_start_mode = _tmux_start_command_for_agent_window(session_name, agent_id, command)
     event_log.write(
         "start_agent.agent_start",
@@ -273,6 +275,7 @@ def _start_agent_unlocked(workspace: Path, agent_id: str, force: bool, open_disp
         )
         command = shell_command_for_agent(command_agent, workspace, mcp_config)
         start_mode = "fresh_after_missing_rollout" if missing_resume_rollout else "fresh"
+        cleanup_stale_team_agent_buffers(workspace, event_log, context=f"start_agent_fallback:{agent_id}")
         tmux_cmd, tmux_start_mode = _tmux_start_command_for_agent_window(session_name, agent_id, command)
         event_log.write(
             "start_agent.agent_start",

package/src/team_agent/message_store/leader_notification_log.py

@@ -0,0 +1,132 @@
+"""Stage 12 (Gap 26 ∩ Gap 32 roundtable consolidation 2026-05-26): atomic exactly-once
+dedupe at the leader-pane injection boundary, keyed by (result_id, leader_session_uuid).
+
+Replaces the bad6484 watcher-table UPSERT approach. UNIQUE primary key + SQLite
+INSERT OR IGNORE gives an atomic claim that works across processes (CLI subprocess
+vs coordinator daemon) and across threads without an advisory lock. Distinct
+leader_session_uuid values (e.g. after takeover) each get their own row so a
+re-takeover legitimately allows another delivery for the same result_id.
+"""
+from __future__ import annotations
+
+from contextlib import closing
+from datetime import datetime, timedelta, timezone
+from typing import Any
+
+
+def claim_leader_notification_delivery(
+    store: Any,
+    *,
+    result_id: str,
+    leader_session_uuid: str,
+    proposed_message_id: str,
+    envelope_hash: str,
+    owner_team_id: str | None,
+    pane_id: str | None,
+) -> dict[str, Any]:
+    """Atomic claim. INSERT OR IGNORE → rowcount=1 means we won, fire the inject.
+    rowcount=0 means a prior row exists for (result_id, leader_session_uuid); SELECT
+    it and return so the caller can decide to suppress (same envelope_hash) or surface
+    legitimate-duplicate (different envelope_hash)."""
+    now = datetime.now(timezone.utc).isoformat()
+    with closing(store.connect()) as conn:
+        with conn:
+            cur = conn.execute(
+                "insert or ignore into leader_notification_log("
+                "  result_id, leader_session_uuid, notified_message_id, notified_at,"
+                "  leader_pane_id_at_notify, envelope_content_hash, owner_team_id"
+                ") values (?, ?, ?, ?, ?, ?, ?)",
+                (
+                    result_id, leader_session_uuid, proposed_message_id, now,
+                    pane_id, envelope_hash, owner_team_id,
+                ),
+            )
+            if cur.rowcount == 1:
+                return {
+                    "status": "claimed_by_you",
+                    "notified_message_id": proposed_message_id,
+                    "notified_at": now,
+                    "envelope_content_hash": envelope_hash,
+                }
+            row = conn.execute(
+                "select notified_message_id, notified_at, envelope_content_hash, "
+                "leader_pane_id_at_notify from leader_notification_log "
+                "where result_id = ? and leader_session_uuid = ?",
+                (result_id, leader_session_uuid),
+            ).fetchone()
+    if row is None:
+        # Should not happen (INSERT OR IGNORE returned 0 → row must exist), but be defensive.
+        return {"status": "claimed_by_you", "notified_message_id": proposed_message_id,
+                "notified_at": now, "envelope_content_hash": envelope_hash}
+    prev_message_id, prev_ts, prev_hash, prev_pane = row[0], row[1], row[2], row[3]
+    return {
+        "status": "already_notified_by",
+        "notified_message_id": prev_message_id,
+        "notified_at": prev_ts,
+        "envelope_content_hash": prev_hash,
+        "leader_pane_id_at_notify": prev_pane,
+    }
+
+
+def peek_leader_notification(
+    store: Any,
+    *,
+    result_id: str,
+    leader_session_uuid: str,
+) -> dict[str, Any] | None:
+    """Read-only fast-path peek (Stage 12). Returns the existing log row for
+    (result_id, leader_session_uuid) or None. Used by notify_result_watchers to short-
+    circuit before calling deliver_stored_message; the authoritative atomic claim still
+    happens at the _send_to_leader_receiver injection boundary."""
+    with closing(store.connect()) as conn:
+        row = conn.execute(
+            "select notified_message_id, notified_at, envelope_content_hash, "
+            "leader_pane_id_at_notify, owner_team_id from leader_notification_log "
+            "where result_id = ? and leader_session_uuid = ?",
+            (result_id, leader_session_uuid),
+        ).fetchone()
+    if row is None:
+        return None
+    return {
+        "notified_message_id": row[0],
+        "notified_at": row[1],
+        "envelope_content_hash": row[2],
+        "leader_pane_id_at_notify": row[3],
+        "owner_team_id": row[4],
+    }
+
+
+def prune_leader_notification_log(store: Any, *, max_age_hours: int = 24) -> int:
+    """Coordinator-tick maintenance: drop rows older than max_age_hours. Cheap, bounded."""
+    cutoff = (datetime.now(timezone.utc) - timedelta(hours=max_age_hours)).isoformat()
+    with closing(store.connect()) as conn:
+        with conn:
+            cur = conn.execute(
+                "delete from leader_notification_log where notified_at < ?",
+                (cutoff,),
+            )
+            return cur.rowcount or 0
+
+
+def leader_notification_log_rows(store: Any, *, owner_team_id: str | None = None) -> list[dict[str, Any]]:
+    """Test/diagnostic accessor. Returns all rows (optionally team-scoped)."""
+    with closing(store.connect()) as conn:
+        if owner_team_id is None:
+            rows = conn.execute(
+                "select * from leader_notification_log order by notified_at"
+            ).fetchall()
+        else:
+            rows = conn.execute(
+                "select * from leader_notification_log where owner_team_id = ? "
+                "or owner_team_id is null order by notified_at",
+                (owner_team_id,),
+            ).fetchall()
+    return [dict(row) for row in rows]
+
+
+__all__ = [
+    "claim_leader_notification_delivery",
+    "peek_leader_notification",
+    "prune_leader_notification_log",
+    "leader_notification_log_rows",
+]

package/src/team_agent/message_store/result_watchers.py

@@ -94,9 +94,152 @@ def requeue_delivery_exhausted_watchers(self) -> list[str]:
             ).fetchall()
             watcher_ids = [row[0] for row in rows]
             if watcher_ids:
+                # Phase D hotfix-3 (78055bc) cleared notified_message_id here; Gap 32 dedupe
+                # reverses that — preserve notified_message_id so the retry path can re-confirm
+                # (or skip if the same result_id was already injected on a different pane_id).
                 conn.execute(
                     "update result_watchers "
-                    "set status = 'notify_failed', error = null, notified_message_id = null, completed_at = null "
+                    "set status = 'notify_failed', error = null, completed_at = null "
                     "where status = 'delivery_exhausted'"
                 )
     return watcher_ids
+
+
+def claim_leader_notification(
+    store: Any,
+    owner_team_id: str | None,
+    result_id: str | None,
+    watcher_id: str,
+    proposed_token: str,
+) -> dict[str, Any]:
+    """DEPRECATED (Stage 12 roundtable retirement). The watcher-table UPSERT did not
+    actually prevent duplicate leader-pane injections in Mac mini real flow because two
+    independent code paths (scheduled_event branch + result_watchers branch) emit
+    deliver_attempt without coordinating at the watcher level. Replaced by
+    leader_notification_log.claim_leader_notification_delivery consulted inside
+    _send_to_leader_receiver. Kept here as a no-op shim so legacy callers / tests that
+    still import this symbol don't crash on import — but it does NOT perform a claim and
+    should NOT be used in new code."""
+    if not result_id:
+        return {"status": "deprecated_noop", "canonical_message_id": None}
+    return {"status": "deprecated_noop", "canonical_message_id": None}
+
+
+def _claim_leader_notification_disabled_impl(  # legacy reference for archaeology
+    store: Any,
+    owner_team_id: str | None,
+    result_id: str | None,
+    watcher_id: str,
+    proposed_token: str,
+) -> dict[str, Any]:
+    if not result_id:
+        return {"status": "no_result_id", "canonical_message_id": None}
+    with closing(store.connect()) as conn:
+        conn.isolation_level = None
+        try:
+            conn.execute("BEGIN IMMEDIATE")
+            if owner_team_id is None:
+                sibling = conn.execute(
+                    "select notified_message_id from result_watchers "
+                    "where result_id = ? and notified_message_id is not null "
+                    "order by coalesce(completed_at, created_at) limit 1",
+                    (result_id,),
+                ).fetchone()
+            else:
+                sibling = conn.execute(
+                    "select notified_message_id from result_watchers "
+                    "where result_id = ? and notified_message_id is not null "
+                    "and (owner_team_id = ? or owner_team_id is null) "
+                    "order by coalesce(completed_at, created_at) limit 1",
+                    (result_id, owner_team_id),
+                ).fetchone()
+            if sibling and sibling[0]:
+                conn.execute("COMMIT")
+                return {"status": "already_notified_by", "canonical_message_id": sibling[0]}
+            cur = conn.execute(
+                "update result_watchers "
+                "set notified_message_id = ?, result_id = coalesce(result_id, ?) "
+                "where watcher_id = ? and notified_message_id is null",
+                (proposed_token, result_id, watcher_id),
+            )
+            if cur.rowcount == 1:
+                conn.execute("COMMIT")
+                return {"status": "claimed_by_you", "canonical_message_id": proposed_token}
+            row = conn.execute(
+                "select notified_message_id from result_watchers where watcher_id = ?",
+                (watcher_id,),
+            ).fetchone()
+            conn.execute("COMMIT")
+            return {
+                "status": "already_notified_by",
+                "canonical_message_id": (row[0] if row else None) or None,
+            }
+        except Exception:
+            try:
+                conn.execute("ROLLBACK")
+            except Exception:
+                pass
+            raise
+        finally:
+            conn.isolation_level = ""  # restore default
+
+
+def release_leader_notification_claim(
+    store: Any,
+    watcher_id: str,
+    expected_token: str,
+) -> bool:
+    """Release a sentinel claim after delivery failure so the next retry can re-claim.
+    Returns True iff we released the claim we owned (rowcount == 1)."""
+    with closing(store.connect()) as conn:
+        with conn:
+            cur = conn.execute(
+                "update result_watchers set notified_message_id = null "
+                "where watcher_id = ? and notified_message_id = ?",
+                (watcher_id, expected_token),
+            )
+            return cur.rowcount == 1
+
+
+def promote_leader_notification_id(
+    store: Any,
+    watcher_id: str,
+    sentinel_token: str,
+    real_message_id: str,
+) -> bool:
+    """After successful delivery, replace the sentinel claim with the real message_id.
+    Returns True iff the promotion succeeded (rowcount == 1)."""
+    with closing(store.connect()) as conn:
+        with conn:
+            cur = conn.execute(
+                "update result_watchers set notified_message_id = ? "
+                "where watcher_id = ? and notified_message_id = ?",
+                (real_message_id, watcher_id, sentinel_token),
+            )
+            return cur.rowcount == 1
+
+
+def leader_notified_message_id_for_result(
+    store: Any,
+    owner_team_id: str | None,
+    result_id: str | None,
+) -> str | None:
+    if not result_id:
+        return None
+    with closing(store.connect()) as conn:
+        if owner_team_id is None:
+            row = conn.execute(
+                "select notified_message_id from result_watchers "
+                "where result_id = ? and notified_message_id is not null "
+                "order by coalesce(completed_at, created_at) limit 1",
+                (result_id,),
+            ).fetchone()
+        else:
+            row = conn.execute(
+                "select notified_message_id from result_watchers "
+                "where result_id = ? and notified_message_id is not null "
+                "and (owner_team_id = ? or owner_team_id is null) "
+                "order by coalesce(completed_at, created_at) limit 1",
+                (result_id, owner_team_id),
+            ).fetchone()
+    return row[0] if row else None

package/src/team_agent/message_store/schema.py

@@ -231,6 +231,29 @@ def initialize_schema(conn: sqlite3.Connection) -> None:
             RESULT_WATCHER_COLUMNS,
             {"owner_team_id": "alter table result_watchers add column owner_team_id text"},
         )
+        # Stage 12 (Gap 26 ∩ Gap 32 roundtable consolidation 2026-05-26): dedupe leader
+        # notifications at the injection boundary, keyed by (result_id, leader_session_uuid).
+        # UNIQUE primary key + INSERT OR IGNORE in claim_leader_notification_delivery gives
+        # atomic exactly-once without an advisory lock. Retires the bad6484 watcher-table
+        # UPSERT approach.
+        conn.execute(
+            """
+            create table if not exists leader_notification_log (
+              result_id text not null,
+              leader_session_uuid text not null,
+              notified_message_id text not null,
+              notified_at text not null,
+              leader_pane_id_at_notify text,
+              envelope_content_hash text,
+              owner_team_id text,
+              primary key (result_id, leader_session_uuid)
+            )
+            """
+        )
+        conn.execute(
+            "create index if not exists idx_leader_notification_log_uuid "
+            "on leader_notification_log(leader_session_uuid, notified_at)"
+        )
         conn.execute("create index if not exists idx_messages_owner_team_id on messages(owner_team_id)")
         conn.execute("create index if not exists idx_scheduled_events_owner_team_id on scheduled_events(owner_team_id)")
         conn.execute("create index if not exists idx_agent_health_owner_team_id on agent_health(owner_team_id)")

package/src/team_agent/messaging/delivery.py

@@ -121,6 +121,16 @@ def _deliver_pending_messages(workspace: Path, state: dict[str, Any], event_log:
     for row in store.messages():
         if row["status"] not in {"pending", "accepted"}:
             continue
+        agent_state = state.get("agents", {}).get(row["recipient"]) or {}
+        if str(agent_state.get("status") or "").lower() == "busy":
+            event_log.write(
+                "send.deferred_busy",
+                message_id=row["message_id"],
+                sender=row.get("sender"),
+                recipient=row["recipient"],
+                reason="recipient_busy",
+            )
+            continue
         result = _deliver_pending_message(workspace, state, row["message_id"], wait_visible=True, timeout=30.0)
         if result.get("ok"):
             delivered.append(row["message_id"])