@team-agent/installer 0.2.2 → 0.2.3

package/src/team_agent/messaging/trust_auto_answer.py

@@ -0,0 +1,44 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any
+
+from team_agent.events import EventLog
+from team_agent.messaging.deps import _tmux_inject_text
+
+
+def retry_injection_after_trust_auto_answer(
+    workspace: Path,
+    state: dict[str, Any],
+    event_log: EventLog,
+    injection: dict[str, Any],
+    target: str,
+    text: str,
+    submit_key: str,
+    buffer_name: str,
+    provider: str,
+) -> dict[str, Any]:
+    from team_agent.messaging.delivery import _wait_for_trust_prompt_dismissal
+    from team_agent.messaging.leader_panes import attempt_trust_auto_answer
+    answer = attempt_trust_auto_answer(
+        workspace,
+        injection.get("pane_id") or target,
+        injection.get("pane_capture_tail") or "",
+        event_log,
+        state=state,
+    )
+    if not answer.get("answered"):
+        return injection
+    if not _wait_for_trust_prompt_dismissal(injection.get("pane_id") or target, timeout=3.0):
+        retry_blocked = dict(injection)
+        retry_blocked["error"] = "trust_prompt_not_dismissed_after_answer"
+        retry_blocked["verification"] = "trust_prompt_not_dismissed_after_answer"
+        retry_blocked["stage"] = "trust_auto_answer_dismissal_wait"
+        return retry_blocked
+    return _tmux_inject_text(
+        target,
+        text,
+        submit_key,
+        buffer_name,
+        provider=provider,
+    )

package/src/team_agent/restart/orchestration.py

@@ -84,15 +84,72 @@ def restart(workspace: Path, allow_fresh: bool = False, team: str | None = None)
         raise RuntimeError(_tmux_session_conflict_error(session_name))
     runtime_cfg = _effective_runtime_config(spec.get("runtime", {}))
     display_backend = spec.get("runtime", {}).get("display_backend", state.get("display_backend", "none"))
-    _close_ghostty_workspace(state, event_log)
-    for agent_id, agent_state in state.get("agents", {}).items():
-        _close_ghostty_display(agent_id, agent_state, event_log)
-    state["display_backend"] = display_backend
+    # Stage 7 S5 — Slice 6 lifecycle atomicity contract: compute restart_agents
+    # early so we can pre-validate resumability BEFORE any destructive teardown
+    # (ghostty close, tmux session creation). Without --allow-fresh, every
+    # non-paused worker MUST be resumable; if any is not, refuse the operation
+    # atomically with a structured result and a restart.atomic_refusal event.
+    # No rollback path is needed because nothing has been created yet.
     restart_agents = [
         agent
         for agent in spec.get("agents", [])
         if state.get("agents", {}).get(agent["id"], {}).get("status") != "paused" and not agent.get("paused")
     ]
+    # cr strict-typing (2026-05-27): refuse the operation deterministically
+    # before any decision logic if any persisted first_send_at is corrupt
+    # (empty string, 0, False, literal "null", any non-ISO garbage). This
+    # avoids silent misclassification through Python truthiness and gives the
+    # operator a clear audit signal that state.json is damaged.
+    invalid_first_send_at = _collect_corrupt_first_send_at(restart_agents, state)
+    if invalid_first_send_at:
+        for entry in invalid_first_send_at:
+            event_log.write(
+                "restart.first_send_at_invalid",
+                worker_id=entry["worker_id"],
+                raw_first_send_at=entry["raw_first_send_at"],
+                raw_first_send_at_type=entry["raw_first_send_at_type"],
+            )
+        invalid_names = [entry["worker_id"] for entry in invalid_first_send_at]
+        return {
+            "ok": False,
+            "status": "refused",
+            "reason": "invalid_first_send_at",
+            "invalid_first_send_at": invalid_first_send_at,
+            "allow_fresh": bool(allow_fresh),
+            "error": (
+                f"Cannot restart: workers {invalid_names} have a corrupt "
+                "first_send_at in state.json (only null/missing or a valid "
+                "ISO-8601 UTC timestamp string is accepted). Inspect the "
+                "restart.first_send_at_invalid audit events for raw values "
+                "and repair state.json before retrying."
+            ),
+        }
+    # cr C2: emit one restart.resume_decision event per non-paused worker so
+    # every restart attempt produces an auditable per-worker classification.
+    # The function returns only refused workers — populated when
+    # allow_fresh=False AND at least one interacted worker cannot be repaired.
+    refused = _emit_resume_decisions(
+        workspace, restart_agents, state, get_adapter, event_log, allow_fresh,
+    )
+    if refused:
+        event_log.write(
+            "restart.atomic_refusal",
+            unresumable=refused,
+            allow_fresh=bool(allow_fresh),
+            reason="resume_atomicity",
+        )
+        return {
+            "ok": False,
+            "status": "refused",
+            "reason": "resume_atomicity",
+            "unresumable": refused,
+            "allow_fresh": bool(allow_fresh),
+            "error": _format_atomic_refusal_error(refused),
+        }
+    _close_ghostty_workspace(state, event_log)
+    for agent_id, agent_state in state.get("agents", {}).items():
+        _close_ghostty_display(agent_id, agent_state, event_log)
+    state["display_backend"] = display_backend
     _ensure_agent_start_requirements(workspace, restart_agents, event_log, "restart")
     first = True
     restarted: list[dict[str, Any]] = []
@@ -271,6 +328,7 @@ def restart(workspace: Path, allow_fresh: bool = False, team: str | None = None)
                 event_log,
                 timeout_s=1.5,
                 exclude_session_ids=known_session_ids,
+                raise_on_missed=False,
             )
         if display_backend in GHOSTTY_DISPLAY_BACKENDS:
             display_jobs.append((agent["id"], agent))
@@ -315,6 +373,151 @@ def restart(workspace: Path, allow_fresh: bool = False, team: str | None = None)
     return {"ok": True, "session_name": session_name, "agents": restarted, "coordinator": coordinator}
 
 
+_FIRST_SEND_AT_ABSENT = "absent"
+_FIRST_SEND_AT_VALID = "valid"
+_FIRST_SEND_AT_CORRUPT = "corrupt"
+
+
+def _classify_first_send_at(value: Any) -> str:
+    """Strict first_send_at typing (cr verdict, 2026-05-27).
+
+    Returns one of:
+      "absent"  — None or missing field (worker never-interacted).
+      "valid"   — non-empty ISO-8601 UTC string parseable by datetime.fromisoformat.
+      "corrupt" — anything else: empty string, 0, False, literal "null", garbage.
+
+    The contract requires that corrupt values be detected deterministically
+    before any restart decision so we never silent-misclassify a worker's
+    interaction state via Python truthiness.
+    """
+    if value is None:
+        return _FIRST_SEND_AT_ABSENT
+    if not isinstance(value, str):
+        return _FIRST_SEND_AT_CORRUPT
+    if not value:
+        return _FIRST_SEND_AT_CORRUPT
+    try:
+        datetime.fromisoformat(value)
+    except (ValueError, TypeError):
+        return _FIRST_SEND_AT_CORRUPT
+    return _FIRST_SEND_AT_VALID
+
+
+def _collect_corrupt_first_send_at(
+    restart_agents: list[dict[str, Any]],
+    state: dict[str, Any],
+) -> list[dict[str, Any]]:
+    """Walk every non-paused worker and flag any whose persisted first_send_at
+    is corrupt. Returns the list of invalid records ready for the
+    `restart.first_send_at_invalid` event and the refusal envelope."""
+    invalid: list[dict[str, Any]] = []
+    for agent in restart_agents:
+        agent_id = agent["id"]
+        previous = state.get("agents", {}).get(agent_id, {})
+        raw = previous.get("first_send_at") if isinstance(previous, dict) else None
+        if _classify_first_send_at(raw) != _FIRST_SEND_AT_CORRUPT:
+            continue
+        invalid.append({
+            "worker_id": agent_id,
+            "raw_first_send_at": raw,
+            "raw_first_send_at_type": type(raw).__name__,
+        })
+    return invalid
+
+
+def _emit_resume_decisions(
+    workspace: Path,
+    restart_agents: list[dict[str, Any]],
+    state: dict[str, Any],
+    get_adapter_fn: Any,
+    event_log: EventLog,
+    allow_fresh: bool,
+) -> list[dict[str, Any]]:
+    """Route B audit-events contract (cr C2, 2026-05-27). For every non-paused
+    worker considered by restart, derive the resume decision per the Route B
+    matrix and emit ONE `restart.resume_decision` event:
+
+      resumable AND ...                     -> decision = "resume"
+      not resumable AND not interacted      -> decision = "fresh_start"
+      not resumable AND interacted AND fresh -> decision = "fresh_start"
+      not resumable AND interacted AND not fresh -> decision = "refuse"
+
+    Resumability mirrors sessions.resume.prepare_resume_state's repair chain
+    so workers the runtime would legitimately repair are NOT flagged. Returns
+    the subset of refused workers — populated only when allow_fresh=False AND
+    some interacted worker cannot be repaired — for use by atomic_refusal.
+    """
+    from team_agent.sessions.resume import recover_resume_session_from_events
+    refused: list[dict[str, Any]] = []
+    for agent in restart_agents:
+        agent_id = agent["id"]
+        previous = state.get("agents", {}).get(agent_id, {})
+        session_id = previous.get("session_id")
+        first_send_at = previous.get("first_send_at")
+        has_first_send_at = _classify_first_send_at(first_send_at) == _FIRST_SEND_AT_VALID
+        has_session_id = bool(session_id)
+        adapter = get_adapter_fn(agent["provider"])
+        resumable = bool(session_id) and adapter.session_is_resumable(previous, workspace)
+        if not resumable:
+            known_session_ids = {
+                str(item.get("session_id"))
+                for aid, item in state.get("agents", {}).items()
+                if aid != agent_id and item.get("session_id")
+            }
+            repaired = recover_resume_session_from_events(
+                workspace, agent_id, previous, adapter, known_session_ids,
+            )
+            if not repaired:
+                repaired = adapter.recover_session_id(
+                    agent_id, previous, workspace, known_session_ids,
+                )
+            resumable = bool(repaired)
+        if resumable:
+            decision = "resume"
+        elif not has_first_send_at:
+            decision = "fresh_start"
+        elif allow_fresh:
+            decision = "fresh_start"
+        else:
+            decision = "refuse"
+        event_log.write(
+            "restart.resume_decision",
+            worker_id=agent_id,
+            has_first_send_at=has_first_send_at,
+            has_session_id=has_session_id,
+            allow_fresh=bool(allow_fresh),
+            decision=decision,
+            first_send_at=first_send_at if has_first_send_at else None,
+            session_id=session_id,
+        )
+        if decision == "refuse":
+            refused.append({
+                "agent_id": agent_id,
+                "reason": "no_persisted_session_id" if not session_id else "session_unresumable",
+                "session_id": session_id,
+                "first_send_at": first_send_at,
+            })
+    return refused
+
+
+def _format_atomic_refusal_error(refused: list[dict[str, Any]]) -> str:
+    """C4 (cr verdict, 2026-05-27): the human-readable refusal error must
+    name every refused worker AND its first_send_at timestamp so an operator
+    can decide whether to pass --allow-fresh and accept losing that
+    interaction history."""
+    names = [item["agent_id"] for item in refused]
+    details = ". ".join(
+        f"{item['agent_id']} was first interacted with at {item.get('first_send_at')}; "
+        "its persisted session is missing"
+        for item in refused
+    )
+    return (
+        f"Cannot restart: workers {names} have no resumable session despite "
+        f"previous interaction. {details}. "
+        "Pass --allow-fresh if you accept losing that interaction history."
+    )
+
+
 def rollback_restart_session(session_name: str, event_log: EventLog) -> dict[str, Any]:
     from team_agent.runtime import run_cmd
     proc = run_cmd(["tmux", "kill-session", "-t", session_name], timeout=10)

package/src/team_agent/runtime.py

@@ -674,7 +674,7 @@ def _handle_startup_prompts_and_verify_window(
     session_name: str,
     start_mode: str,
 ) -> bool:
-    handled_prompts = adapter.handle_startup_prompts(session_name, agent_id, checks=1, sleep_s=0.0)
+    handled_prompts = adapter.handle_startup_prompts(session_name, agent_id, checks=20, sleep_s=0.5)
     for prompt_event in handled_prompts:
         event_log.write(f"{event_prefix}.startup_prompt_handled", agent_id=agent_id, provider=provider, **prompt_event)
     deadline = time.monotonic() + 1.0
@@ -840,10 +840,10 @@ def _retry_or_failed(task: dict[str, Any]) -> str:
     return "failed"
 
 
-def _deliver_pending_message(workspace: Path, state: dict[str, Any], message_id: str, wait_visible: bool = True, timeout: float = 30.0) -> dict[str, Any]:
+def _deliver_pending_message(workspace: Path, state: dict[str, Any], message_id: str, wait_visible: bool = True, timeout: float = 30.0, *, _trust_retry_attempt: int = 1) -> dict[str, Any]:
     from team_agent.messaging.delivery import _deliver_pending_message as impl
 
-    return impl(workspace, state, message_id, wait_visible, timeout)
+    return impl(workspace, state, message_id, wait_visible, timeout, _trust_retry_attempt=_trust_retry_attempt)
 
 def _enable_codex_fast_mode(session_name: str, window_name: str) -> dict[str, Any]:
     from team_agent.messaging.tmux_prompt import _enable_codex_fast_mode as impl

package/src/team_agent/sessions/capture.py

@@ -1,14 +1,25 @@
 from __future__ import annotations
 
+import time
 from datetime import datetime, timezone
 from pathlib import Path
 from typing import Any
 
+from team_agent.errors import RuntimeError as TeamAgentRuntimeError
 from team_agent.events import EventLog
 from team_agent.providers import get_adapter
 from team_agent.state import SESSION_CAPTURE_FIELDS, SESSION_STATE_FIELDS
 
 
+# Stage 7 S6 (2026-05-27): capture_agent_session used to do a single adapter
+# call and silently return None on miss, leaving status='running' workers with
+# session_id=null. Slow worker startups (Codex writing the rollout file a few
+# tenths of a second after window creation) raced this check. We now poll on a
+# small interval inside the caller's timeout_s budget so the adapter's own
+# fast-path call doesn't have to absorb all the latency on its own.
+_CAPTURE_POLL_INTERVAL_SECONDS = 0.05
+
+
 def capture_missing_sessions(
     workspace: Path,
     state: dict[str, Any],
@@ -25,6 +36,10 @@ def capture_missing_sessions(
             for aid, item in state.get("agents", {}).items()
             if aid != agent_id and item.get("session_id")
         }
+        # capture_missing_sessions is invoked from coordinator_tick, diagnose,
+        # status, etc. with very short timeouts; a transient miss should NOT
+        # crash those paths. The loud raise contract belongs to direct callers
+        # (e.g. lifecycle start/restart) who own the worker's atomicity.
         result = capture_agent_session(
             workspace,
             agent_id,
@@ -32,6 +47,7 @@ def capture_missing_sessions(
             event_log,
             timeout_s=timeout_s,
             exclude_session_ids=known_session_ids,
+            raise_on_missed=False,
         )
         if result:
             captured.append(agent_id)
@@ -53,6 +69,7 @@ def capture_agent_session(
     event_log: EventLog,
     timeout_s: float,
     exclude_session_ids: set[str] | None = None,
+    raise_on_missed: bool = True,
 ) -> dict[str, Any] | None:
     if agent_state.get("session_id"):
         return None
@@ -66,21 +83,54 @@ def capture_agent_session(
         "exclude_session_ids": sorted(exclude_session_ids or set()),
         "claude_projects_root": agent_state.get("claude_projects_root"),
     }
-    result = adapter.capture_session_id(agent_id, spawn_context, timeout_s=timeout_s)
-    if not isinstance(result, dict) or not result.get("session_id"):
-        return None
-    copy_session_metadata(agent_state, result)
-    agent_state.pop("_pending_session_id", None)
-    event_log.write(
-        "session.captured",
-        agent_id=agent_id,
-        provider=agent_state.get("provider"),
-        session_id=agent_state.get("session_id"),
-        rollout_path=agent_state.get("rollout_path"),
-        captured_via=agent_state.get("captured_via"),
-        attribution_confidence=agent_state.get("attribution_confidence"),
-    )
-    return result
+    deadline = time.monotonic() + max(timeout_s, 0.0)
+    while True:
+        # Pass timeout_s=0 so the adapter does a single fast-path check; the
+        # outer loop owns the polling budget so behaviour stays consistent
+        # whether or not the adapter has its own internal sleep.
+        result = adapter.capture_session_id(agent_id, spawn_context, timeout_s=0)
+        if isinstance(result, dict) and result.get("session_id"):
+            copy_session_metadata(agent_state, result)
+            agent_state.pop("_pending_session_id", None)
+            event_log.write(
+                "session.captured",
+                agent_id=agent_id,
+                provider=agent_state.get("provider"),
+                session_id=agent_state.get("session_id"),
+                rollout_path=agent_state.get("rollout_path"),
+                captured_via=agent_state.get("captured_via"),
+                attribution_confidence=agent_state.get("attribution_confidence"),
+            )
+            return result
+        if time.monotonic() >= deadline:
+            break
+        time.sleep(_CAPTURE_POLL_INTERVAL_SECONDS)
+    # Timeout. Slice 1 atomicity contract: a worker whose status is 'running'
+    # must NEVER be left with session_id=null — that half-state is what made
+    # Mac mini Stage 7 S5/S6 unreproducible and breaks resume on next restart.
+    # Emit a structured attention event so the coordinator/operator sees the
+    # miss, then raise so callers cannot accidentally treat the None as a
+    # silent "no-op". Non-running workers (still starting, paused, stopped)
+    # legitimately have no session yet, so they still get the silent-None
+    # return that existing callers expect.
+    if agent_state.get("status") == "running":
+        event_log.write(
+            "session.capture_required_attention",
+            agent_id=agent_id,
+            provider=agent_state.get("provider"),
+            timeout_s=timeout_s,
+            spawn_cwd=agent_state.get("spawn_cwd"),
+            session_name=agent_state.get("session_name"),
+            window=agent_state.get("window", agent_id),
+        )
+        if raise_on_missed:
+            raise TeamAgentRuntimeError(
+                f"Failed to capture session_id for agent {agent_id}: adapter "
+                f"did not produce a session within {timeout_s}s. Worker is "
+                "running but unidentifiable; this is a Slice 1 atomicity "
+                "violation."
+            )
+    return None
 
 
 def copy_session_metadata(target: dict[str, Any], source: dict[str, Any]) -> None:

package/src/team_agent/spec.py

@@ -27,9 +27,60 @@ def load_yaml(path: Path) -> dict[str, Any]:
 def load_spec(path: Path) -> dict[str, Any]:
     spec = load_yaml(path)
     validate_spec(spec, base_dir=path.parent)
+    _emit_load_time_deprecations(spec, path)
     return spec
 
 
+def _emit_load_time_deprecations(spec: dict[str, Any], path: Path) -> None:
+    """Stage 7 S7 (2026-05-27): deprecation signals attached to the spec field
+    itself must fire when the YAML is read, not lazily inside the trust-prompt
+    code path. A user with the deprecated field in team.spec.yaml needs to see
+    the warning even when startup never reaches attempt_trust_auto_answer.
+
+    The leader-panes helper owns the one-shot stderr guard + the structured
+    audit event, so we reuse it. EventLog points at the WORKSPACE ROOT (not
+    the spec file's directory) so a quick-start layout that stores the spec
+    under <workspace>/.team/current/team.spec.yaml still routes the audit
+    event into the single canonical <workspace>/.team/logs/events.jsonl
+    instead of a doubled <workspace>/.team/current/.team/logs/events.jsonl
+    nesting.
+    """
+    runtime = spec.get("runtime")
+    if not isinstance(runtime, dict):
+        return
+    if not bool(runtime.get("auto_trust_own_workspace")):
+        return
+    # Local import keeps the spec module free of messaging-layer coupling at
+    # import time; only YAMLs that opt into the deprecated field pay the cost.
+    from team_agent.events import EventLog
+    from team_agent.messaging.leader_panes import _emit_spec_opt_in_deprecation
+    _emit_spec_opt_in_deprecation(EventLog(_resolve_workspace_root(path)))
+
+
+def _resolve_workspace_root(spec_path: Path) -> Path:
+    """Find the workspace root that owns this spec.
+
+    A workspace root is the directory whose `.team/` subdirectory holds the
+    runtime state, logs, artifacts, and (for quick-start layouts) the spec
+    itself under `.team/current/`. We climb from the spec file's parent
+    looking for the first ancestor that has a `.team/` child. If no ancestor
+    qualifies (fresh workspace before init, or a spec deliberately placed
+    outside any team workspace), we fall back to `spec_path.parent` which is
+    the legacy single-layout behaviour.
+
+    Implementation note: we use real filesystem evidence (`(dir/.team).is_dir()`)
+    rather than path-string parsing so the resolver works correctly even when
+    workspace paths legitimately contain a `.team` segment.
+    """
+    direct_parent = spec_path.parent
+    if (direct_parent / ".team").is_dir():
+        return direct_parent
+    for ancestor in direct_parent.parents:
+        if (ancestor / ".team").is_dir():
+            return ancestor
+    return direct_parent
+
+
 def validate_spec(spec: dict[str, Any], base_dir: Path | None = None) -> None:
     messages = _basic_schema_errors(spec)
     messages.extend(_semantic_errors(spec, base_dir or Path.cwd()))
@@ -190,6 +241,12 @@ def _check_runtime(runtime: Any, errors: list[str]) -> None:
         "tick_interval_sec",
         "push_min_interval_sec",
         "stuck_timeout_sec",
+        # Gap 29 / F3 deprecation (2026-05-26): accept the legacy spec opt-in so
+        # YAMLs that still set it validate and the deprecation warning + structured
+        # event in messaging/leader_panes.py can fire. The preferred per-session
+        # opt-in is the env var TEAM_AGENT_AUTO_TRUST_OWN_WORKSPACE; this spec
+        # field will be removed in 0.3.0.
+        "auto_trust_own_workspace",
     }
     _check_keys(runtime, "/runtime", required, allowed, errors)
     if not isinstance(runtime, dict):
@@ -200,6 +257,8 @@ def _check_runtime(runtime: Any, errors: list[str]) -> None:
         errors.append("/runtime/display_backend: invalid display backend")
     if "dangerous_auto_approve" in runtime and not isinstance(runtime["dangerous_auto_approve"], bool):
         errors.append("/runtime/dangerous_auto_approve: must be a boolean")
+    if "auto_trust_own_workspace" in runtime and not isinstance(runtime["auto_trust_own_workspace"], bool):
+        errors.append("/runtime/auto_trust_own_workspace: must be a boolean")
     _check_list(runtime.get("startup_order"), "/runtime/startup_order", errors)
 
 

package/src/team_agent/status/queries.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import json
+from datetime import datetime
 from pathlib import Path
 from typing import Any
 
@@ -11,6 +12,24 @@ from team_agent.status.compact import compact_status
 from team_agent.status.constants import PENDING_DELIVERY_STATUSES
 
 
+def _interacted_marker(first_send_at: Any) -> str:
+    """C3 (cr verdict, 2026-05-27): render the persisted first_send_at as a
+    user-visible status field. Valid ISO 8601 UTC strings pass through; any
+    other shape (None, empty string, 0, False, corrupt garbage) renders as
+    the literal "never" so the operator sees a consistent classification
+    instead of leaking raw garbage into status output. Restart enforces
+    strict typing separately (corrupt values fail the operation); status is
+    a read-only surface and tolerantly degrades to "never" rather than
+    failing the status command."""
+    if isinstance(first_send_at, str) and first_send_at:
+        try:
+            datetime.fromisoformat(first_send_at)
+        except (ValueError, TypeError):
+            return "never"
+        return first_send_at
+    return "never"
+
+
 def status(workspace: Path, as_json: bool = False, *, compact: bool = False) -> dict[str, Any]:
     from team_agent.runtime import (
         _capture_missing_sessions,
@@ -31,12 +50,24 @@ def status(workspace: Path, as_json: bool = False, *, compact: bool = False) ->
     save_runtime_state(workspace, state)
     session_name = state.get("session_name")
     tmux_exists = _tmux_session_exists(session_name) if session_name else False
+    # C3 (cr verdict): enrich each worker entry with an explicit `interacted`
+    # field derived from the persisted first_send_at. The original entry
+    # passes through unchanged so any pre-existing field (including raw
+    # first_send_at) stays visible.
+    enriched_agents: dict[str, Any] = {}
+    for aid, raw in (state.get("agents") or {}).items():
+        if isinstance(raw, dict):
+            entry = dict(raw)
+            entry["interacted"] = _interacted_marker(raw.get("first_send_at"))
+        else:
+            entry = raw
+        enriched_agents[aid] = entry
     result = {
         "team": state.get("leader", {}).get("id", "leader"),
         "session_name": session_name,
         "tmux_session_present": tmux_exists,
         "leader_receiver": state.get("leader_receiver", {}),
-        "agents": state.get("agents", {}),
+        "agents": enriched_agents,
         "agent_health": store.agent_health(),
         "tasks": state.get("tasks", []),
         "messages": store.message_counts(),