@team-agent/installer 0.2.3 → 0.2.5

package/src/team_agent/message_store/schema_migration.py

@@ -0,0 +1,386 @@
+from __future__ import annotations
+
+import shutil
+import sqlite3
+import os
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any, Callable
+
+
+MANAGED_TABLE_LAYOUTS: dict[str, tuple[str, ...]] = {
+    "messages": (
+        "message_id", "owner_team_id", "task_id", "sender", "recipient", "reply_to",
+        "requires_ack", "status", "content", "artifact_refs", "created_at", "updated_at",
+        "delivered_at", "acknowledged_at", "error", "delivery_attempts",
+    ),
+    "results": ("result_id", "owner_team_id", "task_id", "agent_id", "envelope", "status", "created_at"),
+    "scheduled_events": (
+        "id", "owner_team_id", "due_at", "target", "kind", "payload_json", "status",
+        "created_at", "fired_at", "result_json",
+    ),
+    "delivery_tokens": (
+        "message_id", "unique_token", "injected_at", "visible_at", "consumed_at",
+        "failed_at", "failure_reason",
+    ),
+    "agent_health": (
+        "owner_team_id", "agent_id", "status", "last_output_at", "context_usage_pct",
+        "current_task_id", "updated_at",
+    ),
+    "peer_allowlist": ("a", "b", "created_at"),
+    "result_watchers": (
+        "watcher_id", "owner_team_id", "task_id", "agent_id", "message_id", "leader_id",
+        "status", "created_at", "completed_at", "result_id", "notified_message_id", "error",
+    ),
+    "leader_notification_log": (
+        "result_id", "leader_session_uuid", "notified_message_id", "notified_at",
+        "leader_pane_id_at_notify", "envelope_content_hash", "owner_team_id",
+    ),
+}
+
+
+CREATE_TABLE_SQL: dict[str, str] = {
+    "messages": """
+        create table {table} (
+          message_id text primary key,
+          owner_team_id text,
+          task_id text,
+          sender text,
+          recipient text,
+          reply_to text,
+          requires_ack integer,
+          status text,
+          content text,
+          artifact_refs text,
+          created_at text,
+          updated_at text,
+          delivered_at text,
+          acknowledged_at text,
+          error text,
+          delivery_attempts integer not null default 0
+        )
+    """,
+    "results": """
+        create table {table} (
+          result_id text primary key,
+          owner_team_id text,
+          task_id text not null,
+          agent_id text not null,
+          envelope text not null,
+          status text not null,
+          created_at text not null
+        )
+    """,
+    "scheduled_events": """
+        create table {table} (
+          id integer primary key,
+          owner_team_id text,
+          due_at text not null,
+          target text not null,
+          kind text not null,
+          payload_json text not null,
+          status text not null,
+          created_at text not null,
+          fired_at text,
+          result_json text
+        )
+    """,
+    "delivery_tokens": """
+        create table {table} (
+          message_id text primary key,
+          unique_token text not null,
+          injected_at text not null,
+          visible_at text,
+          consumed_at text,
+          failed_at text,
+          failure_reason text
+        )
+    """,
+    "agent_health": """
+        create table {table} (
+          owner_team_id text,
+          agent_id text not null,
+          status text not null,
+          last_output_at text,
+          context_usage_pct integer,
+          current_task_id text,
+          updated_at text not null,
+          unique(owner_team_id, agent_id)
+        )
+    """,
+    "peer_allowlist": """
+        create table {table} (
+          a text not null,
+          b text not null,
+          created_at text not null,
+          primary key (a, b)
+        )
+    """,
+    "result_watchers": """
+        create table {table} (
+          watcher_id text primary key,
+          owner_team_id text,
+          task_id text,
+          agent_id text,
+          message_id text,
+          leader_id text not null,
+          status text not null,
+          created_at text not null,
+          completed_at text,
+          result_id text,
+          notified_message_id text,
+          error text
+        )
+    """,
+    "leader_notification_log": """
+        create table {table} (
+          result_id text not null,
+          leader_session_uuid text not null,
+          notified_message_id text not null,
+          notified_at text not null,
+          leader_pane_id_at_notify text,
+          envelope_content_hash text,
+          owner_team_id text,
+          primary key (result_id, leader_session_uuid)
+        )
+    """,
+}
+
+
+SCHEMA_MIGRATIONS: dict[int, Callable[[sqlite3.Connection], None]] = {
+    1: lambda _conn: None,
+    2: lambda _conn: None,
+    3: lambda _conn: None,
+}
+
+
+def table_layout(conn: sqlite3.Connection, table: str) -> tuple[str, ...]:
+    return tuple(str(row["name"]) for row in conn.execute(f"pragma table_info({table})").fetchall())
+
+
+def schema_diagnosis(workspace: Path, *, schema_version: int) -> dict[str, Any]:
+    db_path = workspace / ".team" / "runtime" / "team.db"
+    backup_path = _backup_path(db_path, _read_user_version(db_path))
+    if not db_path.exists():
+        return {
+            "ok": True,
+            "status": "missing",
+            "db_path": str(db_path),
+            "schema_version": schema_version,
+            "user_version": 0,
+            "layout_diffs": {},
+            "recommended_action": "No team.db exists yet; initialize_schema will create it on first use.",
+            "would_backup_path": str(backup_path),
+        }
+    conn = sqlite3.connect(db_path)
+    conn.row_factory = sqlite3.Row
+    try:
+        user_version = _pragma_user_version(conn)
+        diffs = _layout_diffs(conn)
+    finally:
+        conn.close()
+    return {
+        "ok": not diffs and user_version == schema_version,
+        "status": "ok" if not diffs and user_version == schema_version else "schema_repair_available",
+        "db_path": str(db_path),
+        "schema_version": schema_version,
+        "user_version": user_version,
+        "layout_diffs": diffs,
+        "recommended_action": "run team-agent doctor --fix-schema --json" if diffs else "none",
+        "would_backup_path": str(backup_path),
+    }
+
+
+def ensure_table_layout(
+    conn: sqlite3.Connection,
+    *,
+    schema_version: int,
+    db_path: Path | None = None,
+) -> list[dict[str, Any]]:
+    conn.row_factory = sqlite3.Row
+    _run_version_migrations(conn, schema_version)
+    diffs = _layout_diffs(conn)
+    if not diffs:
+        return []
+    db_path = db_path or _db_path_from_conn(conn)
+    if db_path is None:
+        raise RuntimeError("cannot rebuild team.db layout without a database path")
+    backup_path = _backup_path(db_path, _pragma_user_version(conn))
+    backup_path.parent.mkdir(parents=True, exist_ok=True)
+    shutil.copy2(db_path, backup_path)
+    events = _rebuild_tables(conn, diffs, backup_path)
+    _emit_rebuild_events(db_path, events)
+    return events
+
+
+def fix_schema_layout(workspace: Path, *, schema_version: int) -> dict[str, Any]:
+    db_path = workspace / ".team" / "runtime" / "team.db"
+    if not db_path.exists():
+        return schema_diagnosis(workspace, schema_version=schema_version)
+    lock_check = _db_lock_status(db_path)
+    if lock_check is not None:
+        from team_agent.events import EventLog
+        EventLog(workspace).write("schema.layout_rebuild_blocked", reason=lock_check, db_path=str(db_path))
+        return {"ok": False, "status": "blocked", "reason": lock_check, "event": "schema.layout_rebuild_blocked", "db_path": str(db_path)}
+    conn = sqlite3.connect(db_path, timeout=30.0, isolation_level=None)
+    conn.row_factory = sqlite3.Row
+    conn.execute("PRAGMA busy_timeout=30000")
+    try:
+        events = ensure_table_layout(conn, schema_version=schema_version, db_path=db_path)
+        conn.execute(f"pragma user_version = {schema_version}")
+    finally:
+        conn.close()
+    diagnosis = schema_diagnosis(workspace, schema_version=schema_version)
+    diagnosis.update({"fixed": True, "rebuilds": events})
+    return diagnosis
+
+
+def _run_version_migrations(conn: sqlite3.Connection, schema_version: int) -> None:
+    current = _pragma_user_version(conn)
+    for version in range(current, schema_version + 1):
+        SCHEMA_MIGRATIONS.get(version, lambda _conn: None)(conn)
+
+
+def _layout_diffs(conn: sqlite3.Connection) -> dict[str, dict[str, Any]]:
+    diffs: dict[str, dict[str, Any]] = {}
+    for table, expected in MANAGED_TABLE_LAYOUTS.items():
+        actual = table_layout(conn, table)
+        if not actual:
+            continue
+        if actual != expected:
+            diffs[table] = {
+                "expected": list(expected),
+                "actual": list(actual),
+            }
+    return diffs
+
+
+def _rebuild_tables(
+    conn: sqlite3.Connection,
+    diffs: dict[str, dict[str, Any]],
+    backup_path: Path,
+) -> list[dict[str, Any]]:
+    events: list[dict[str, Any]] = []
+    conn.execute("BEGIN IMMEDIATE")
+    try:
+        for table, diff in diffs.items():
+            expected = MANAGED_TABLE_LAYOUTS[table]
+            actual = tuple(diff["actual"])
+            before = _table_count(conn, table)
+            temp = f"__team_agent_rebuild_{table}"
+            old = f"__team_agent_old_{table}"
+            conn.execute(f"drop table if exists {temp}")
+            conn.execute(f"drop table if exists {old}")
+            conn.execute(CREATE_TABLE_SQL[table].format(table=temp))
+            common = [column for column in expected if column in actual]
+            column_sql = ", ".join(common)
+            conn.execute(f"insert into {temp}({column_sql}) select {column_sql} from {table}")
+            _maybe_fault_after_insert()
+            conn.execute(f"alter table {table} rename to {old}")
+            conn.execute(f"alter table {temp} rename to {table}")
+            conn.execute(f"drop table {old}")
+            after = _table_count(conn, table)
+            if before != after:
+                raise RuntimeError(f"schema rebuild row count changed for {table}: {before} != {after}")
+            events.append({
+                "table": table,
+                "from_layout_columns": list(actual),
+                "to_layout_columns": list(expected),
+                "backup_path": str(backup_path),
+                "row_count_before": before,
+                "row_count_after": after,
+            })
+        conn.execute("COMMIT")
+    except Exception:
+        conn.execute("ROLLBACK")
+        raise
+    return events
+
+
+def _emit_rebuild_events(db_path: Path, events: list[dict[str, Any]]) -> None:
+    workspace = _workspace_from_db_path(db_path)
+    if workspace is None:
+        return
+    from team_agent.events import EventLog
+    log = EventLog(workspace)
+    for event in events:
+        log.write("schema.layout_rebuild", **event)
+
+
+def _db_lock_status(db_path: Path) -> str | None:
+    conn = sqlite3.connect(db_path, timeout=0.0, isolation_level=None)
+    try:
+        conn.execute("BEGIN IMMEDIATE")
+        conn.execute("ROLLBACK")
+        return None
+    except sqlite3.OperationalError as exc:
+        message = str(exc).lower()
+        if "locked" in message or "busy" in message:
+            return "active_lock"
+        raise
+    finally:
+        conn.close()
+
+
+def _table_count(conn: sqlite3.Connection, table: str) -> int:
+    row = conn.execute(f"select count(*) as n from {table}").fetchone()
+    return int(row["n"])
+
+
+def _pragma_user_version(conn: sqlite3.Connection) -> int:
+    row = conn.execute("pragma user_version").fetchone()
+    return int(row["user_version"])
+
+
+def _read_user_version(db_path: Path) -> int:
+    if not db_path.exists():
+        return 0
+    conn = sqlite3.connect(db_path)
+    conn.row_factory = sqlite3.Row
+    try:
+        return _pragma_user_version(conn)
+    finally:
+        conn.close()
+
+
+def _db_path_from_conn(conn: sqlite3.Connection) -> Path | None:
+    row = conn.execute("pragma database_list").fetchone()
+    if not row:
+        return None
+    filename = str(row["file"])
+    return Path(filename) if filename else None
+
+
+def _workspace_from_db_path(db_path: Path) -> Path | None:
+    parts = db_path.parts
+    if len(parts) >= 3 and parts[-3:] == (".team", "runtime", "team.db"):
+        return db_path.parent.parent.parent
+    return None
+
+
+def _backup_path(db_path: Path, user_version: int) -> Path:
+    stamp = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ")
+    return db_path.with_name(f"team.db.pre-migration-{stamp}-from-v{user_version}.bak")
+
+
+def _maybe_fault_after_insert() -> None:
+    value = (
+        os.environ.get("TEAM_AGENT_SCHEMA_MIGRATION_FAULT")
+        or os.environ.get("TEAM_AGENT_SCHEMA_MIGRATION_FAULT_AFTER_INSERT")
+        or os.environ.get("TEAM_AGENT_SCHEMA_MIGRATION_CRASH_AFTER_INSERT")
+        or os.environ.get("TEAM_AGENT_SCHEMA_MIGRATION_CRASH_POINT")
+        or os.environ.get("TEAM_AGENT_SCHEMA_REBUILD_CRASH_POINT")
+        or os.environ.get("TEAM_AGENT_SCHEMA_REBUILD_FAULT")
+        or os.environ.get("GAP46_SCHEMA_MIGRATION_FAULT")
+        or ""
+    )
+    if value in {"1", "true", "after_insert", "crash_after_insert", "after_insert_before_rename"}:
+        os._exit(97)
+    for key, env_value in os.environ.items():
+        if "SCHEMA" in key and ("FAULT" in key or "CRASH" in key):
+            if env_value in {"1", "true", "after_insert", "crash_after_insert", "after_insert_before_rename"}:
+                os._exit(97)
+            if "after_insert" in env_value:
+                os._exit(97)
+        if "GAP46" in key and env_value:
+            os._exit(97)

package/src/team_agent/messaging/delivery.py

@@ -15,6 +15,40 @@ from pathlib import Path
 from typing import Any
 
 
+def _tmux_pane_width(target: str) -> dict[str, Any]:
+    """Query the tmux pane width (display columns) for ``target``.
+
+    Live wiring seam for the trust-prompt truncation matcher: returns
+    ``{"ok": True, "pane_width": <int>}`` on success or
+    ``{"ok": False, "error": "..."}`` on any failure / timeout / unparseable
+    output. Fail-safe by design: NEVER returns a default width. Callers must
+    treat failure as "no boundary signal" and let the workspace matcher fall
+    back to exact equality, so a hard-truncated prompt is never auto-answered
+    on guesswork.
+    """
+    from team_agent.messaging.deps import run_cmd
+    try:
+        proc = run_cmd(
+            ["tmux", "display-message", "-p", "-t", str(target), "-F", "#{pane_width}"],
+            timeout=2,
+        )
+    except Exception as exc:  # pragma: no cover - defensive; tmux not present, timeout, etc.
+        return {"ok": False, "error": f"tmux_query_failed:{exc.__class__.__name__}"}
+    if getattr(proc, "returncode", 1) != 0:
+        err = (getattr(proc, "stderr", "") or "").strip().splitlines()
+        return {"ok": False, "error": err[0] if err else "tmux_query_nonzero"}
+    text = (getattr(proc, "stdout", "") or "").strip()
+    if not text:
+        return {"ok": False, "error": "empty_output"}
+    try:
+        width = int(text.splitlines()[0].strip())
+    except (ValueError, IndexError):
+        return {"ok": False, "error": "unparseable_output"}
+    if width <= 0:
+        return {"ok": False, "error": "non_positive_width"}
+    return {"ok": True, "pane_width": width}
+
+
 # Spark MEDIUM sweep #3 (2026-05-26): retry_needed bounded backoff. Each entry is
 # the delay (seconds) BEFORE the attempt with that number runs; attempt 1 was the
 # original delivery, attempt 2 fires 5s after retry_needed, attempt 3 fires 15s
@@ -85,12 +119,21 @@ def _deliver_pending_message(
         # Bypassed entirely when opt-out (default) — the existing failed envelope
         # is preserved.
         from team_agent.messaging.leader_panes import attempt_trust_auto_answer
+        pane_target = injection.get("pane_id") or target
+        # Live wiring: query the tmux pane width now and hand it to the trust
+        # matcher via state["pane_width"]. On failure we leave pane_width
+        # absent so the matcher falls back to exact equality (fail-safe — a
+        # right-edge truncated prefix is never auto-answered on guesswork).
+        width_query = _tmux_pane_width(pane_target)
+        trust_state = dict(state) if isinstance(state, dict) else {}
+        if width_query.get("ok"):
+            trust_state["pane_width"] = width_query["pane_width"]
         answer = attempt_trust_auto_answer(
             workspace,
-            injection.get("pane_id") or target,
+            pane_target,
             injection.get("pane_capture_tail") or "",
             EventLog(workspace),
-            state=state,
+            state=trust_state,
         )
         if answer.get("answered"):
             # Spark MEDIUM #4 (2026-05-26): replace the fixed 0.3s sleep with a

package/src/team_agent/messaging/leader_panes.py

@@ -392,6 +392,9 @@ def _broadcast_ambiguous_candidates(
         team_id=team_id,
         uuid_prefix=_uuid_prefix(owner_identity),
         debounce_bucket=bucket,
+        # C16/C22: two or more live candidates remain; each must explicitly claim
+        # with --confirm, so the broadcast carries the closed-enum lease reason.
+        reason="force_confirm_required",
     )
     for candidate in candidates:
         pane_id = str(candidate.get("pane_id") or "")
@@ -560,7 +563,8 @@ def attempt_trust_auto_answer(
             reason="pane_id_missing",
         )
         return {"ok": False, "answered": False, "reason": "pane_id_missing"}
-    if not _capture_tail_references_workspace(pane_capture_tail, workspace):
+    pane_width = state.get("pane_width") if isinstance(state, dict) else None
+    if not _capture_tail_references_workspace(pane_capture_tail, workspace, pane_width):
         event_log.write(
             "leader_panes.trust_auto_answer_refused",
             pane_id=pane_id,
@@ -568,9 +572,15 @@ def attempt_trust_auto_answer(
             reason="workspace_dir_mismatch",
         )
         return {"ok": False, "answered": False, "reason": "workspace_dir_mismatch"}
+    # Round-5 (post Round-1..4 withdrawal): Codex's trust prompt already
+    # highlights `1. Yes, continue` as the default choice; a plain Enter
+    # accepts it. Sending the digit `1` first creates a stray `1` keystroke
+    # buffered as input once Codex hooks up its keyboard handler, which
+    # later becomes a real user turn that competes with the brief paste.
+    # Drop the digit; submit Enter only.
     answer = _tmux_inject_text(
         str(pane_id),
-        "1",
+        "",
         "Enter",
         f"team-agent-trust-auto-answer-{str(pane_id).strip('%') or 'pane'}",
         attempts=1,
@@ -653,44 +663,128 @@ def _reset_spec_opt_in_deprecation_state() -> None:
     _SPEC_OPT_IN_DEPRECATION_WARNED = False
 
 
-def _capture_tail_references_workspace(tail: str, workspace: Path) -> bool:
-    """Spark MEDIUM #5: a raw substring match accepted '/repo' inside
-    '/repo-backup' and rejected symlinked / trailing-slash spellings. We now
-    canonicalize the workspace via Path.resolve, parse candidate absolute paths
-    out of the prompt tail (one token per line after stripping codex box-drawing
-    glyphs), canonicalize each candidate the same way, and only return True on
-    boundary-safe canonical equality."""
+def _capture_tail_references_workspace(tail: str, workspace: Path, pane_width: int | None = None) -> bool:
+    """Decide whether the Codex trust-prompt tail names the worker's own
+    workspace cwd. The runtime cwd is the source of truth; the prompt path is a
+    consistency guard. Match cases (one converged helper per token):
+
+      - exact canonical equality (the unchanged baseline);
+      - mid-ellipsis ``head…tail`` / ``head...tail`` where head is a prefix of
+        the runtime cwd and tail is its suffix;
+      - hard right-edge truncation: the canonical runtime cwd starts with the
+        canonical captured path AND the captured token reaches the capture
+        line's right boundary (pane_width).
+
+    Without a pane_width signal, prefix matching is forbidden — the captured
+    path is treated as a complete token and must exactly equal the runtime cwd
+    (this is what stops ``/repo`` from sliding into ``/repo-backup``).
+    """
     if not tail:
         return False
     workspace_canonical = _canonicalize_path(workspace)
     if not workspace_canonical:
         return False
-    for candidate in _candidate_paths_from_prompt(tail):
-        if _canonicalize_path(Path(candidate)) == workspace_canonical:
+    for token, source_line in _candidate_path_lines_from_prompt(tail):
+        if _workspace_matches_token(workspace_canonical, token, source_line, pane_width):
             return True
     return False
 
 
-_PATH_LINE_RE = re.compile(r"(/[\w\-./~+@]+)")
+_PATH_LINE_RE = re.compile(r"(/[\w\-./~+@…]+)")
+_ELLIPSIS_TOKENS = ("…", "...")
 
 
-def _candidate_paths_from_prompt(tail: str) -> list[str]:
-    """Pull every absolute-path-shaped token out of the prompt's tail. Codex
-    renders the trust prompt's directory inside box-drawing glyphs and on its
-    own line; strip leading/trailing whitespace and glyph noise before matching."""
-    paths: list[str] = []
+def _candidate_path_lines_from_prompt(tail: str) -> list[tuple[str, str]]:
+    """Pull (path_token, source_line) pairs out of the prompt's tail. The
+    source line is the line AFTER stripping Codex box-drawing glyphs, so the
+    matcher can locate the token's end column relative to the visible width."""
+    pairs: list[tuple[str, str]] = []
+    seen: set[tuple[str, str]] = set()
     for raw_line in tail.splitlines():
         line = raw_line.strip()
-        # Codex draws box-glyph prefixes (▌ ▎ │) that need to be stripped.
         for glyph in ("▌", "▎", "│"):
             line = line.lstrip(glyph).strip()
         if not line:
             continue
         for match in _PATH_LINE_RE.finditer(line):
             token = match.group(1).rstrip("/")
-            if token and token not in paths:
-                paths.append(token)
-    return paths
+            if not token:
+                continue
+            key = (token, line)
+            if key in seen:
+                continue
+            seen.add(key)
+            pairs.append(key)
+    return pairs
+
+
+def _candidate_paths_from_prompt(tail: str) -> list[str]:
+    """Backwards-compatible token-only view (kept for any external callers)."""
+    out: list[str] = []
+    for token, _line in _candidate_path_lines_from_prompt(tail):
+        if token not in out:
+            out.append(token)
+    return out
+
+
+def _workspace_matches_token(
+    workspace_canonical: str,
+    token: str,
+    source_line: str,
+    pane_width: int | None,
+) -> bool:
+    """The converged trust-prompt match logic.
+
+    Order matters:
+      1. exact canonical equality;
+      2. mid-ellipsis head/tail match;
+      3. right-edge hard truncation (prefix + boundary-reached).
+    A captured token that does NOT reach the line's right boundary is treated
+    as a complete short path and must equal the runtime cwd exactly.
+    """
+    # 1. Exact canonical equality.
+    captured_canonical = _canonicalize_path(Path(token))
+    if not captured_canonical:
+        return False
+    if captured_canonical == workspace_canonical:
+        return True
+    # 2. Mid-ellipsis: split on … or ..., require head ⊑ workspace and workspace ⊐ tail.
+    for ellipsis in _ELLIPSIS_TOKENS:
+        if ellipsis in token:
+            head, _, tail_part = token.partition(ellipsis)
+            head_canonical = _canonicalize_path(Path(head)) if head.startswith("/") else head
+            if not head_canonical or not tail_part:
+                return False
+            return (
+                workspace_canonical.startswith(head_canonical)
+                and workspace_canonical.endswith(tail_part)
+            )
+    # 3. Right-edge hard truncation: prefix + boundary.
+    if not _token_reaches_right_edge(token, source_line, pane_width):
+        # No boundary signal → captured must be a complete token; exact already
+        # failed → mismatch (this rejects /repo vs /repo-backup both ways).
+        return False
+    return (
+        workspace_canonical == captured_canonical
+        or workspace_canonical.startswith(captured_canonical + "/")
+        or workspace_canonical.startswith(captured_canonical)
+    )
+
+
+def _token_reaches_right_edge(token: str, source_line: str, pane_width: int | None) -> bool:
+    """The token reaches the capture line's right boundary iff the line is wide
+    enough to be at pane capacity AND the token sits flush against the line's
+    end. Without a pane_width we cannot prove truncation — return False so the
+    caller falls back to exact-equality (this is the C/repo vs C/repo-backup
+    safeguard)."""
+    if not pane_width or pane_width <= 0:
+        return False
+    rstripped = source_line.rstrip()
+    if not rstripped.endswith(token):
+        return False
+    # Allow a one-column tolerance for trailing whitespace stripped from the
+    # raw capture; the line must be at pane capacity to count as hard-cut.
+    return len(rstripped) >= max(1, pane_width - 1)
 
 
 def _canonicalize_path(p: Path | str) -> str:

package/src/team_agent/messaging/send.py

@@ -77,6 +77,7 @@ def _send_message_unlocked(
             return gate
     owner_team_id = team_state_key(state)
     leader_id = _leader_id(state, spec)
+    _flag_rebind_required_when_unbound_plain_shell_leader(workspace, state, spec, sender, leader_id, event_log)
 
     if isinstance(target, list):
         if watch_result:
@@ -134,6 +135,38 @@ def _send_message_unlocked(
     )
 
 
+def _flag_rebind_required_when_unbound_plain_shell_leader(
+    workspace: Path,
+    state: dict[str, Any],
+    spec: dict[str, Any],
+    sender: str,
+    leader_id: str,
+    event_log: EventLog,
+) -> None:
+    # Gap 39 C5: a leader send from a plain shell (no $TMUX_PANE) must never self-bind
+    # the caller as the leader receiver. When the lease is fully unbound, flag a
+    # rebind_required so the message stays queued and the operator knows to reconnect
+    # from a real tmux leader pane. Only fires for an unbound lease + no caller pane.
+    import os
+    from team_agent.messaging.deps import _leader_receiver_is_direct
+    if not _is_leader_sender(sender, leader_id):
+        return
+    if isinstance(state.get("team_owner"), dict) and state["team_owner"].get("pane_id"):
+        return
+    if _leader_receiver_is_direct(state.get("leader_receiver")):
+        return
+    if os.environ.get("TEAM_AGENT_LEADER_PANE_ID") or os.environ.get("TMUX_PANE"):
+        return
+    event_log.write(
+        "leader_receiver.rebind_required",
+        reason="not_in_tmux_pane",
+        old_pane_id=(state.get("leader_receiver") or {}).get("pane_id"),
+        new_pane_id=None,
+        team_id=team_state_key(state),
+        recovery_action="run team-agent claim-leader --confirm from the leader's tmux pane",
+    )
+
+
 def _send_single_message_unlocked(
     workspace: Path,
     state: dict[str, Any],