@team-agent/installer 0.3.2 → 0.3.4

package/crates/team-agent/src/lifecycle/launch.rs

@@ -72,9 +72,8 @@ pub fn launch_with_transport_in_workspace(
             spec_path.display()
         )));
     }
-    let text = std::fs::read_to_string(spec_path).map_err(|e| {
-        LifecycleError::Compile(format!("{}: {e}", spec_path.display()))
-    })?;
+    let text = std::fs::read_to_string(spec_path)
+        .map_err(|e| LifecycleError::Compile(format!("{}: {e}", spec_path.display())))?;
     let spec = yaml::loads(&text).map_err(|e| LifecycleError::Compile(e.to_string()))?;
     let session_name = spec_session_name(&spec);
     let safety = effective_runtime_config(&spec)?;
@@ -101,8 +100,23 @@ pub fn launch_with_transport_in_workspace(
     let started = if dry_run {
         Vec::new()
     } else {
-        let started = spawn_agents(workspace, spec_path, &spec, &session_name, &safety, transport)?;
-        persist_spawn_agent_state(workspace, spec_path, &spec, &session_name, transport, &started)?;
+        let started = spawn_agents(
+            workspace,
+            spec_path,
+            &spec,
+            &session_name,
+            &safety,
+            transport,
+        )?;
+        persist_spawn_agent_state(
+            workspace,
+            spec_path,
+            &spec,
+            &session_name,
+            transport,
+            &started,
+            &safety,
+        )?;
         started
     };
     Ok(LaunchReport {
@@ -113,6 +127,7 @@ pub fn launch_with_transport_in_workspace(
         permissions,
         safety,
         leader_receiver_attached: false,
+        session_capture_incomplete_agents: Vec::new(),
     })
 }
 
@@ -151,9 +166,19 @@ fn spawn_agents(
         // has both the role instruction AND the callable Team Agent MCP capability.
         // probe5 RED proved that `build_command(.., None, None, ..)` left the worker
         // without `report_result`; placeholders are substituted at spawn time.
-        let role = agent.get("role").and_then(Value::as_str);
-        let tools = worker_tool_refs(agent_tool_strings(agent), safety);
-        let tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
+        let command_agent = crate::lifecycle::worker_command_context::WorkerCommandAgent::from_yaml(
+            agent,
+            Some(agent_id_raw),
+            provider,
+        );
+        let system_prompt =
+            crate::lifecycle::worker_command_context::compile_worker_system_prompt(&command_agent)?;
+        let tools = crate::lifecycle::worker_command_context::resolved_tool_strings_for_command(
+            &command_agent,
+            provider,
+            safety,
+        )?;
+        let resolved_tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
         let mcp_team_id =
             runtime_active_team_key_for_spawn(workspace, spec_path, spec, session_name);
         let mcp_config = adapter
@@ -161,32 +186,38 @@ fn spawn_agents(
             .map_err(|e| LifecycleError::Provider(e.to_string()))?;
         let mcp_config = resolve_mcp_config(mcp_config, workspace, agent_id_raw, &mcp_team_id);
         let mcp_config_path = write_worker_mcp_config(workspace, agent_id_raw, &mcp_config)?;
-        let mut argv = adapter
-            .build_command_with_tools(
-                auth_mode,
+        let profile_dir = team_dir.join("profiles");
+        let profile_launch =
+            crate::lifecycle::profile_launch::prepare_provider_profile_launch_with_profile_dir(
+                workspace,
+                agent_id_raw,
+                agent,
+                Some(&profile_dir),
                 Some(&mcp_config),
-                role,
-                model,
-                &tool_refs,
-            )
+            )?;
+        let command_model = profile_launch.command_overrides.model.as_deref().or(model);
+        let mut plan = adapter
+            .build_command_plan(crate::provider::ProviderCommandContext {
+                auth_mode,
+                mcp_config: Some(&mcp_config),
+                system_prompt: Some(system_prompt.as_str()),
+                model: command_model,
+                tools: &resolved_tool_refs,
+                profile_launch: Some(&profile_launch),
+            })
             .map_err(|e| LifecycleError::Provider(e.to_string()))?;
-        point_native_mcp_config_at_file(&mut argv, provider, &mcp_config_path);
-        fill_spawn_placeholders_full(
-            &mut argv,
-            workspace,
-            agent_id_raw,
-            Some(&mcp_team_id),
-        );
+        if !plan.managed_mcp_config && !profile_launch.managed_mcp_config {
+            point_native_mcp_config_at_file(&mut plan.argv, provider, &mcp_config_path);
+        }
+        fill_spawn_placeholders_full(&mut plan.argv, workspace, agent_id_raw, Some(&mcp_team_id));
         let window = WindowName::new(agent_id_raw);
-        let env = inherited_env_with_team_overrides(
-            workspace,
-            agent_id_raw,
-            Some(&mcp_team_id),
-        );
+        let mut env =
+            inherited_env_with_team_overrides(workspace, agent_id_raw, Some(&mcp_team_id));
+        apply_profile_launch_env(&mut env, &profile_launch);
         let spawn = if started.is_empty() {
-            transport.spawn_first(session_name, &window, &argv, team_dir, &env)
+            transport.spawn_first(session_name, &window, &plan.argv, team_dir, &env)
         } else {
-            transport.spawn_into(session_name, &window, &argv, team_dir, &env)
+            transport.spawn_into(session_name, &window, &plan.argv, team_dir, &env)
         }
         .map_err(|e| LifecycleError::Transport(e.to_string()))?;
         let _ = adapter.handle_startup_prompts(
@@ -204,6 +235,13 @@ fn spawn_agents(
             target: spawn.pane_id.as_str().to_string(),
             session_id: None,
             rollout_path: None,
+            pending_session_id: plan.expected_session_id.clone(),
+            claude_config_dir: profile_launch.claude_config_dir.clone(),
+            provider_projects_root: plan
+                .provider_projects_root
+                .clone()
+                .or_else(|| profile_launch.claude_projects_root.clone()),
+            managed_mcp_config: plan.managed_mcp_config || profile_launch.managed_mcp_config,
             display: WorkerDisplay::Blocked {
                 reason: AdaptiveBlockReason::NotImplementedThisPlatform,
             },
@@ -219,6 +257,7 @@ fn persist_spawn_agent_state(
     session_name: &SessionName,
     transport: &dyn Transport,
     started: &[StartedAgent],
+    safety: &DangerousApproval,
 ) -> Result<(), LifecycleError> {
     let state_path = crate::state::persist::runtime_state_path(workspace);
     let mut state = if state_path.exists() {
@@ -232,12 +271,7 @@ fn persist_spawn_agent_state(
     let team_id = explicit_active_team_key(&state)
         .unwrap_or_else(|| runtime_team_key_for_spec(spec_path, spec, session_name));
     let worker_tmux_socket = launched_worker_tmux_socket(transport, workspace);
-    drop_worker_pane_seeded_owner(
-        &mut state,
-        &team_id,
-        started,
-        worker_tmux_socket.as_deref(),
-    );
+    drop_worker_pane_seeded_owner(&mut state, &team_id, started, worker_tmux_socket.as_deref());
     // Only persist running state for agents whose spawn still has a live target.
     let live_windows: BTreeSet<String> = transport
         .list_windows(session_name)
@@ -250,8 +284,9 @@ fn persist_spawn_agent_state(
         .map(|agent| agent.agent_id.as_str().to_string())
         .collect();
     let pane_pids_by_agent = pane_pids_by_started_agent(transport, started);
+    let profile_dir = spec_path.parent().unwrap_or(workspace).join("profiles");
     let mut agents = serde_json::Map::new();
-    let spawned_at = spawn_timestamp();
+    let mut spawn_index = 0_u32;
     for agent in spec_agent_values(spec) {
         let Some(id) = agent.get("id").and_then(Value::as_str) else {
             continue;
@@ -285,9 +320,25 @@ fn persist_spawn_agent_state(
             continue;
         }
         let pane_pid = pane_pids_by_agent.get(id).copied();
+        let spawned_at = spawn_timestamp_for_agent(spawn_index);
+        spawn_index = spawn_index.saturating_add(1);
+        let started_agent = started.iter().find(|agent| agent.agent_id.as_str() == id);
         agents.insert(
             id.to_string(),
-            running_agent_state(agent, id, provider, workspace, &spawned_at, &team_id, pane_pid)?,
+            running_agent_state(
+                agent,
+                id,
+                provider,
+                workspace,
+                spec_path.parent().unwrap_or(workspace),
+                &spawned_at,
+                &team_id,
+                Some(agent_id_to_pane_id(started, id)),
+                pane_pid,
+                safety,
+                started_agent,
+                Some(&profile_dir),
+            )?,
         );
     }
     if let Some(obj) = state.as_object_mut() {
@@ -317,7 +368,18 @@ fn pane_pids_by_started_agent(
         .collect()
 }
 
-fn save_launched_team_state(workspace: &Path, launched: &serde_json::Value) -> Result<(), LifecycleError> {
+fn agent_id_to_pane_id<'a>(started: &'a [StartedAgent], agent_id: &str) -> &'a str {
+    started
+        .iter()
+        .find(|agent| agent.agent_id.as_str() == agent_id)
+        .map(|agent| agent.target.as_str())
+        .unwrap_or("")
+}
+
+fn save_launched_team_state(
+    workspace: &Path,
+    launched: &serde_json::Value,
+) -> Result<(), LifecycleError> {
     save_launched_team_state_for_key(workspace, launched, None)
 }
 
@@ -340,6 +402,7 @@ fn save_launched_team_state_for_key(
     }
     promote_launched_binding_from_team_entry(&mut launched, &launched_key);
     drop_foreign_seeded_owner(&existing, &launched_key, &mut launched);
+    drop_bare_worker_seeded_owner(&mut launched, &launched_key);
     let merged = if team_key.is_some() {
         merge_workspace_team_state_with_key(&existing, &launched, &launched_key)
     } else {
@@ -347,7 +410,22 @@ fn save_launched_team_state_for_key(
     };
     let mut projected = crate::state::projection::project_top_level_view(&merged, &launched_key);
     drop_unbound_top_level_owner(&mut projected);
-    save_runtime_state(workspace, &projected).map_err(|e| LifecycleError::StatePersist(e.to_string()))
+    save_runtime_state(workspace, &projected)
+        .map_err(|e| LifecycleError::StatePersist(e.to_string()))
+}
+
+fn drop_bare_worker_seeded_owner(launched: &mut serde_json::Value, launched_key: &str) {
+    if has_positive_caller_leader_env() {
+        return;
+    }
+    let pane = launched
+        .get("team_owner")
+        .and_then(|owner| owner.get("pane_id"))
+        .and_then(serde_json::Value::as_str)
+        .unwrap_or("");
+    if pane.ends_with("-first") {
+        seed_unbound_launched_owner(launched, launched_key);
+    }
 }
 
 fn merge_workspace_team_state_with_key(
@@ -435,7 +513,11 @@ fn drop_unbound_top_level_owner(state: &mut serde_json::Value) {
     }
 }
 
-fn drop_foreign_seeded_owner(existing: &serde_json::Value, launched_key: &str, launched: &mut serde_json::Value) {
+fn drop_foreign_seeded_owner(
+    existing: &serde_json::Value,
+    launched_key: &str,
+    launched: &mut serde_json::Value,
+) {
     let Some(pane) = launched
         .get("team_owner")
         .and_then(|owner| owner.get("pane_id"))
@@ -445,7 +527,15 @@ fn drop_foreign_seeded_owner(existing: &serde_json::Value, launched_key: &str, l
         return;
     };
     if owner_pane_belongs_to_other_team(existing, launched_key, pane) {
-        seed_unbound_launched_owner(launched, launched_key);
+        let replacement = unbound_launched_owner(launched, launched_key);
+        if let Some(obj) = launched.as_object_mut() {
+            if let Some(owner) = replacement {
+                obj.insert("team_owner".to_string(), owner);
+            } else {
+                obj.remove("team_owner");
+            }
+            obj.remove("owner_epoch");
+        }
     }
 }
 
@@ -469,27 +559,28 @@ fn drop_worker_pane_seeded_owner(
     let tmux_pane = std::env::var("TMUX_PANE")
         .ok()
         .filter(|value| !value.is_empty());
-    let has_leader_identity_env = leader_pane.is_some()
-        || env_nonempty("TEAM_AGENT_LEADER_SESSION_UUID")
-        || env_nonempty("TEAM_AGENT_LEADER_SESSION_UUID_OVERRIDE")
-        || env_nonempty("TEAM_AGENT_LEADER_PROVIDER")
-        || env_nonempty("TEAM_AGENT_ID")
-        || env_nonempty("TEAM_AGENT_TEAM_ID");
-    let seeded_from_bare_tmux =
-        !has_leader_identity_env && tmux_pane.as_deref() == Some(pane);
+    let has_leader_identity_env = has_positive_caller_leader_env();
+    let seeded_from_bare_tmux = !has_leader_identity_env && tmux_pane.as_deref() == Some(pane);
     let caller_tmux_socket = crate::tmux_backend::socket_name_from_tmux_env();
     if seeded_from_bare_tmux
-        && tmux_sockets_match_or_unknown(caller_tmux_socket.as_deref(), worker_tmux_socket)
-        && started.iter().any(|agent| agent.target == pane)
+        && (tmux_sockets_match_or_unknown(caller_tmux_socket.as_deref(), worker_tmux_socket)
+            || pane.ends_with("-first"))
+        && seeded_pane_looks_like_worker(pane, started)
     {
         seed_unbound_launched_owner(launched, launched_key);
     }
 }
 
-fn launched_worker_tmux_socket(
-    transport: &dyn Transport,
-    workspace: &Path,
-) -> Option<String> {
+fn seeded_pane_looks_like_worker(pane: &str, started: &[StartedAgent]) -> bool {
+    pane.ends_with("-first")
+        || started.iter().any(|agent| {
+            pane == agent.target
+                || pane.starts_with(agent.target.as_str())
+                || agent.target.starts_with(pane)
+        })
+}
+
+fn launched_worker_tmux_socket(transport: &dyn Transport, workspace: &Path) -> Option<String> {
     if matches!(transport.kind(), crate::transport::BackendKind::Tmux) {
         Some(crate::tmux_backend::socket_name_for_workspace(workspace))
     } else {
@@ -497,10 +588,7 @@ fn launched_worker_tmux_socket(
     }
 }
 
-fn tmux_sockets_match_or_unknown(
-    caller_socket: Option<&str>,
-    worker_socket: Option<&str>,
-) -> bool {
+fn tmux_sockets_match_or_unknown(caller_socket: Option<&str>, worker_socket: Option<&str>) -> bool {
     match (caller_socket, worker_socket) {
         (Some(caller), Some(worker)) => caller == worker,
         (Some(_), None) => false,
@@ -509,10 +597,41 @@ fn tmux_sockets_match_or_unknown(
 }
 
 fn env_nonempty(key: &str) -> bool {
-    std::env::var(key).ok().is_some_and(|value| !value.is_empty())
+    std::env::var(key)
+        .ok()
+        .is_some_and(|value| !value.is_empty())
 }
 
 fn seed_unbound_launched_owner(launched: &mut serde_json::Value, launched_key: &str) {
+    let Some(owner) = unbound_launched_owner(launched, launched_key) else {
+        return;
+    };
+    let provider = launched
+        .get("team_owner")
+        .and_then(|owner| owner.get("provider"))
+        .and_then(serde_json::Value::as_str)
+        .filter(|provider| !provider.is_empty())
+        .unwrap_or("codex");
+    let owner_epoch = 1u64;
+    let receiver = serde_json::json!({
+        "mode": "direct_tmux",
+        "status": "unbound",
+        "provider": provider,
+        "leader_session_uuid": owner.get("leader_session_uuid").cloned().unwrap_or(serde_json::Value::Null),
+        "owner_epoch": owner_epoch,
+        "discovery": "quick_start",
+    });
+    if let Some(obj) = launched.as_object_mut() {
+        obj.insert("leader_receiver".to_string(), receiver);
+        obj.insert("team_owner".to_string(), owner);
+        obj.insert("owner_epoch".to_string(), serde_json::json!(owner_epoch));
+    }
+}
+
+fn unbound_launched_owner(
+    launched: &serde_json::Value,
+    launched_key: &str,
+) -> Option<serde_json::Value> {
     let provider = launched
         .get("team_owner")
         .and_then(|owner| owner.get("provider"))
@@ -531,43 +650,29 @@ fn seed_unbound_launched_owner(launched: &mut serde_json::Value, launched_key: &
     let os_user = std::env::var("USER")
         .or_else(|_| std::env::var("USERNAME"))
         .unwrap_or_default();
-    let Ok(uuid) = crate::model::ids::LeaderSessionUuid::derive(
+    let uuid = crate::model::ids::LeaderSessionUuid::derive(
         machine_fingerprint,
         workspace,
         &os_user,
         launched_key,
-    ) else {
-        return;
-    };
-    let owner_epoch = 1u64;
-    let owner = serde_json::json!({
-        "pane_id": "__team_agent_unbound__",
+    )
+    .ok()?;
+    Some(serde_json::json!({
         "provider": provider,
         "machine_fingerprint": machine_fingerprint,
         "leader_session_uuid": uuid.as_str(),
-        "owner_epoch": owner_epoch,
+        "owner_epoch": 1u64,
         "claimed_at": spawn_timestamp(),
         "claimed_via": "quick-start",
         "os_user": os_user,
-    });
-    let receiver = serde_json::json!({
-        "mode": "direct_tmux",
-        "status": "attached",
-        "provider": provider,
-        "pane_id": "__team_agent_unbound__",
-        "pane": "__team_agent_unbound__",
-        "leader_session_uuid": uuid.as_str(),
-        "owner_epoch": owner_epoch,
-        "discovery": "quick_start",
-    });
-    if let Some(obj) = launched.as_object_mut() {
-        obj.insert("leader_receiver".to_string(), receiver);
-        obj.insert("team_owner".to_string(), owner);
-        obj.insert("owner_epoch".to_string(), serde_json::json!(owner_epoch));
-    }
+    }))
 }
 
-fn owner_pane_belongs_to_other_team(existing: &serde_json::Value, launched_key: &str, pane: &str) -> bool {
+fn owner_pane_belongs_to_other_team(
+    existing: &serde_json::Value,
+    launched_key: &str,
+    pane: &str,
+) -> bool {
     existing
         .get("teams")
         .and_then(serde_json::Value::as_object)
@@ -588,9 +693,14 @@ fn running_agent_state(
     id: &str,
     provider: Provider,
     workspace: &Path,
+    spawn_cwd: &Path,
     spawned_at: &str,
     team_id: &str,
+    pane_id: Option<&str>,
     pane_pid: Option<u32>,
+    safety: &DangerousApproval,
+    started_agent: Option<&StartedAgent>,
+    profile_dir: Option<&Path>,
 ) -> Result<serde_json::Value, LifecycleError> {
     let model = agent.get("model").and_then(Value::as_str);
     let auth_mode = agent
@@ -598,7 +708,10 @@ fn running_agent_state(
         .and_then(Value::as_str)
         .and_then(parse_auth_mode)
         .unwrap_or(AuthMode::Subscription);
-    let profile = agent.get("profile").map(yaml_value_to_json).unwrap_or(serde_json::Value::Null);
+    let profile = agent
+        .get("profile")
+        .map(yaml_value_to_json)
+        .unwrap_or(serde_json::Value::Null);
     let window = agent.get("window").and_then(Value::as_str).unwrap_or(id);
     let mcp_config = crate::provider::get_adapter(provider)
         .mcp_config(auth_mode)
@@ -609,9 +722,20 @@ fn running_agent_state(
     state.insert("status".to_string(), serde_json::json!("running"));
     state.insert("provider".to_string(), serde_json::json!(provider));
     state.insert("agent_id".to_string(), serde_json::json!(id));
-    state.insert("model".to_string(), model.map_or(serde_json::Value::Null, |m| serde_json::json!(m)));
+    state.insert(
+        "model".to_string(),
+        model.map_or(serde_json::Value::Null, |m| serde_json::json!(m)),
+    );
     state.insert("auth_mode".to_string(), serde_json::json!(auth_mode));
     state.insert("profile".to_string(), profile);
+    if agent.get("profile").is_some() {
+        if let Some(profile_dir) = profile_dir {
+            state.insert(
+                "_profile_dir".to_string(),
+                serde_json::json!(profile_dir.to_string_lossy().to_string()),
+            );
+        }
+    }
     state.insert("window".to_string(), serde_json::json!(window));
     state.insert(
         "mcp_config".to_string(),
@@ -622,23 +746,63 @@ fn running_agent_state(
         permissions_json(agent, id, provider)
             .map_err(|e| LifecycleError::Compile(e.to_string()))?,
     );
+    persist_effective_approval_policy(&mut state, safety);
     state.insert("session_id".to_string(), serde_json::Value::Null);
     state.insert("rollout_path".to_string(), serde_json::Value::Null);
     state.insert("captured_at".to_string(), serde_json::Value::Null);
     state.insert("captured_via".to_string(), serde_json::Value::Null);
-    state.insert("attribution_confidence".to_string(), serde_json::Value::Null);
+    state.insert(
+        "attribution_confidence".to_string(),
+        serde_json::Value::Null,
+    );
+    if let Some(started_agent) = started_agent {
+        persist_started_agent_plan_state(&mut state, started_agent);
+    }
     state.insert(
         "spawn_cwd".to_string(),
-        serde_json::json!(workspace.to_string_lossy().to_string()),
+        serde_json::json!(spawn_cwd.to_string_lossy().to_string()),
     );
     state.insert("spawned_at".to_string(), serde_json::json!(spawned_at));
+    if let Some(pane_id) = pane_id.filter(|pane| !pane.is_empty()) {
+        state.insert("pane_id".to_string(), serde_json::json!(pane_id));
+    }
     if let Some(pane_pid) = pane_pid {
         state.insert("pane_pid".to_string(), serde_json::json!(pane_pid));
     }
     Ok(serde_json::Value::Object(state))
 }
 
-fn resolve_mcp_config(
+pub(crate) fn effective_approval_policy(safety: &DangerousApproval) -> serde_json::Value {
+    serde_json::json!({
+        "enabled": safety.enabled,
+        "source": dangerous_approval_source_str(safety.source),
+        "inherited": safety.inherited,
+        "explicit_yes_confirmed": safety.enabled && matches!(safety.source, DangerousApprovalSource::RuntimeConfig),
+        "provider": safety.provider,
+        "flag": safety.flag,
+        "worker_capability_above_leader": safety.worker_capability_above_leader,
+    })
+}
+
+pub(crate) fn persist_effective_approval_policy(
+    agent_state: &mut serde_json::Map<String, serde_json::Value>,
+    safety: &DangerousApproval,
+) {
+    agent_state.insert(
+        "effective_approval_policy".to_string(),
+        effective_approval_policy(safety),
+    );
+}
+
+fn dangerous_approval_source_str(source: DangerousApprovalSource) -> &'static str {
+    match source {
+        DangerousApprovalSource::RuntimeConfig => "runtime_config",
+        DangerousApprovalSource::LeaderProcess => "leader_process",
+        DangerousApprovalSource::Disabled => "disabled",
+    }
+}
+
+pub(crate) fn resolve_mcp_config(
     config: crate::provider::McpConfig,
     workspace: &Path,
     agent_id: &str,
@@ -681,7 +845,7 @@ fn resolve_mcp_placeholders(
     }
 }
 
-fn write_worker_mcp_config(
+pub(crate) fn write_worker_mcp_config(
     workspace: &Path,
     agent_id: &str,
     config: &crate::provider::McpConfig,
@@ -700,7 +864,11 @@ fn write_worker_mcp_config(
     Ok(path)
 }
 
-fn point_native_mcp_config_at_file(argv: &mut [String], provider: Provider, path: &Path) {
+pub(crate) fn point_native_mcp_config_at_file(
+    argv: &mut [String],
+    provider: Provider,
+    path: &Path,
+) {
     if !matches!(provider, Provider::Claude | Provider::ClaudeCode) {
         return;
     }
@@ -727,13 +895,19 @@ fn permissions_json(
     let resolved = permissions::resolve_permissions(&AgentPermissionInput {
         id: Some(AgentId::new(id)),
         provider,
-        role: agent.get("role").and_then(Value::as_str).map(str::to_string),
+        role: agent
+            .get("role")
+            .and_then(Value::as_str)
+            .map(str::to_string),
         tools,
     })?;
     let mut out = serde_json::Map::new();
     out.insert("agent_id".to_string(), serde_json::json!(id));
     out.insert("provider".to_string(), serde_json::json!(provider));
-    out.insert("tools".to_string(), serde_json::json!(resolved.sorted_tool_strings()));
+    out.insert(
+        "tools".to_string(),
+        serde_json::json!(resolved.sorted_tool_strings()),
+    );
     out.insert(
         "resolved_tools".to_string(),
         serde_json::Value::Array(
@@ -749,7 +923,10 @@ fn permissions_json(
                 .collect(),
         ),
     );
-    out.insert("has_prompt_only".to_string(), serde_json::json!(resolved.has_prompt_only));
+    out.insert(
+        "has_prompt_only".to_string(),
+        serde_json::json!(resolved.has_prompt_only),
+    );
     Ok(serde_json::Value::Object(out))
 }
 
@@ -766,6 +943,23 @@ fn spawn_timestamp() -> String {
     }
 }
 
+fn spawn_timestamp_for_agent(offset_micros: u32) -> String {
+    if offset_micros == 0 {
+        return spawn_timestamp();
+    }
+    match std::env::var("TEAM_AGENT_TEST_FIXED_SPAWNED_AT") {
+        Ok(value) => chrono::DateTime::parse_from_rfc3339(&value)
+            .map(|dt| {
+                (dt.with_timezone(&chrono::Utc)
+                    + chrono::Duration::microseconds(i64::from(offset_micros)))
+                .format("%Y-%m-%dT%H:%M:%S%.6f+00:00")
+                .to_string()
+            })
+            .unwrap_or(value),
+        Err(_) => spawn_timestamp(),
+    }
+}
+
 pub(crate) fn fill_spawn_placeholders(argv: &mut [String], workspace: &Path, agent_id: &str) {
     fill_spawn_placeholders_full(argv, workspace, agent_id, None);
 }
@@ -808,6 +1002,87 @@ pub(crate) fn inherited_env_with_team_overrides(
     env
 }
 
+pub(crate) fn apply_profile_launch_env(
+    env: &mut BTreeMap<String, String>,
+    profile_launch: &crate::provider::ProviderProfileLaunch,
+) {
+    for key in &profile_launch.env_unset {
+        env.remove(key);
+    }
+    env.extend(profile_launch.env_overlay.clone());
+}
+
+fn persist_started_agent_plan_state(
+    state: &mut serde_json::Map<String, serde_json::Value>,
+    started_agent: &StartedAgent,
+) {
+    if let Some(session_id) = started_agent.pending_session_id.as_ref() {
+        state.insert(
+            "_pending_session_id".to_string(),
+            serde_json::json!(session_id.as_str()),
+        );
+    }
+    if let Some(root) = started_agent.provider_projects_root.as_ref() {
+        state.insert(
+            "claude_projects_root".to_string(),
+            serde_json::json!(root.to_string_lossy().to_string()),
+        );
+    }
+    if started_agent.managed_mcp_config {
+        state.insert("managed_mcp_config".to_string(), serde_json::json!(true));
+    }
+    if started_agent.managed_mcp_config
+        || started_agent.claude_config_dir.is_some()
+        || started_agent.provider_projects_root.is_some()
+    {
+        state.insert(
+            "profile_launch".to_string(),
+            serde_json::json!({
+                "managed_mcp_config": started_agent.managed_mcp_config,
+                "claude_config_dir": started_agent.claude_config_dir.as_ref().map(|path| path.to_string_lossy().to_string()),
+                "claude_projects_root": started_agent.provider_projects_root.as_ref().map(|path| path.to_string_lossy().to_string()),
+            }),
+        );
+    }
+}
+
+pub(crate) fn persist_command_plan_state(
+    state: &mut serde_json::Map<String, serde_json::Value>,
+    plan: &crate::provider::CommandPlan,
+    profile_launch: &crate::provider::ProviderProfileLaunch,
+) {
+    if let Some(session_id) = plan.expected_session_id.as_ref() {
+        state.insert(
+            "_pending_session_id".to_string(),
+            serde_json::json!(session_id.as_str()),
+        );
+    }
+    let projects_root = plan
+        .provider_projects_root
+        .as_ref()
+        .or(profile_launch.claude_projects_root.as_ref());
+    if let Some(root) = projects_root {
+        state.insert(
+            "claude_projects_root".to_string(),
+            serde_json::json!(root.to_string_lossy().to_string()),
+        );
+    }
+    let managed_mcp_config = plan.managed_mcp_config || profile_launch.managed_mcp_config;
+    if managed_mcp_config {
+        state.insert("managed_mcp_config".to_string(), serde_json::json!(true));
+    }
+    if managed_mcp_config || profile_launch.claude_config_dir.is_some() || projects_root.is_some() {
+        state.insert(
+            "profile_launch".to_string(),
+            serde_json::json!({
+                "managed_mcp_config": managed_mcp_config,
+                "claude_config_dir": profile_launch.claude_config_dir.as_ref().map(|path| path.to_string_lossy().to_string()),
+                "claude_projects_root": projects_root.map(|path| path.to_string_lossy().to_string()),
+            }),
+        );
+    }
+}
+
 fn is_posix_shell_identifier(name: &str) -> bool {
     let mut chars = name.chars();
     match chars.next() {
@@ -834,7 +1109,10 @@ pub(crate) fn fill_spawn_placeholders_full(
             *arg = workspace_text.clone();
         } else if arg == "{agent_id}" {
             *arg = agent_id.to_string();
-        } else if arg.contains("{workspace}") || arg.contains("{agent_id}") || arg.contains("{team_id}") {
+        } else if arg.contains("{workspace}")
+            || arg.contains("{agent_id}")
+            || arg.contains("{team_id}")
+        {
             *arg = arg
                 .replace("{workspace}", &workspace_text)
                 .replace("{agent_id}", agent_id)
@@ -843,30 +1121,12 @@ pub(crate) fn fill_spawn_placeholders_full(
     }
 }
 
-fn agent_tool_strings(agent: &Value) -> Vec<String> {
-    agent
-        .get("tools")
-        .and_then(Value::as_list)
-        .map(|items| {
-            items
-                .iter()
-                .filter_map(Value::as_str)
-                .map(str::to_string)
-                .collect()
-        })
-        .unwrap_or_default()
-}
-
 fn spec_team_id(spec: &Value) -> Option<String> {
     spec.get("team")
         .and_then(|v| v.get("id").or_else(|| v.get("name")))
         .and_then(Value::as_str)
         .map(str::to_string)
-        .or_else(|| {
-            spec.get("name")
-                .and_then(Value::as_str)
-                .map(str::to_string)
-        })
+        .or_else(|| spec.get("name").and_then(Value::as_str).map(str::to_string))
 }
 
 fn runtime_active_team_key_for_spawn(
@@ -885,7 +1145,7 @@ fn explicit_active_team_key(state: &serde_json::Value) -> Option<String> {
     state
         .get("active_team_key")
         .and_then(serde_json::Value::as_str)
-        .filter(|team| !team.is_empty() && *team != "current")
+        .filter(|team| !team.is_empty())
         .map(str::to_string)
 }
 
@@ -929,10 +1189,157 @@ fn parse_auth_mode(raw: &str) -> Option<AuthMode> {
     }
 }
 
-fn quick_start_requested_team_key<'a>(team_id: Option<&'a str>, name: Option<&'a str>) -> Option<&'a str> {
+fn quick_start_requested_team_key<'a>(
+    team_id: Option<&'a str>,
+    name: Option<&'a str>,
+) -> Option<&'a str> {
     team_id.or(name).filter(|team| !team.is_empty())
 }
 
+struct QuickStartDepth {
+    parent_team_key: Option<String>,
+    team_depth: u64,
+}
+
+fn quick_start_depth_guard(
+    workspace: &Path,
+    _agents_dir: &Path,
+    requested_team: Option<&str>,
+    _strict_real_runtime: bool,
+) -> Result<QuickStartDepth, LifecycleError> {
+    let env_parent = std::env::var("TEAM_AGENT_OWNER_TEAM_ID")
+        .ok()
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty());
+    let parent = env_parent;
+    let Some(parent) = parent else {
+        let state = crate::state::persist::load_runtime_state(workspace)
+            .unwrap_or_else(|_| serde_json::json!({}));
+        let ambiguous_nested_intent = requested_team.is_some_and(|team| {
+            looks_ambiguous_child_team_key(team) || looks_grandchild_team_key(team)
+        });
+        if has_live_runtime_teams(&state) && ambiguous_nested_intent {
+            if requested_team.is_some_and(looks_grandchild_team_key) {
+                if let Some(parent_key) = infer_parent_team_from_active_state(&state) {
+                    let parent_state =
+                        crate::state::projection::project_top_level_view(&state, &parent_key);
+                    let parent_depth = parent_state
+                        .get("team_depth")
+                        .and_then(serde_json::Value::as_u64)
+                        .unwrap_or(1);
+                    return Ok(QuickStartDepth {
+                        parent_team_key: Some(parent_key),
+                        team_depth: parent_depth.saturating_add(1),
+                    });
+                }
+            }
+            return Err(LifecycleError::RequirementUnmet(
+                "cannot infer parent team for nested quick-start; pass an explicit worker/subleader owner context"
+                    .to_string(),
+            ));
+        }
+        return Ok(QuickStartDepth {
+            parent_team_key: None,
+            team_depth: 1,
+        });
+    };
+    let state = crate::state::persist::load_runtime_state(workspace)
+        .unwrap_or_else(|_| serde_json::json!({}));
+    let parent_key = crate::state::projection::resolve_owner_team_id(&state, &parent)
+        .canonical_key()
+        .map(str::to_string)
+        .unwrap_or(parent);
+    let parent_state = crate::state::projection::project_top_level_view(&state, &parent_key);
+    let parent_depth = parent_state
+        .get("team_depth")
+        .and_then(serde_json::Value::as_u64)
+        .unwrap_or(1);
+    let team_depth = parent_depth.saturating_add(1);
+    Ok(QuickStartDepth {
+        parent_team_key: Some(parent_key),
+        team_depth,
+    })
+}
+
+fn infer_parent_team_from_active_state(state: &serde_json::Value) -> Option<String> {
+    let active = explicit_active_team_key(state)?;
+    let team = state
+        .get("teams")
+        .and_then(serde_json::Value::as_object)
+        .and_then(|teams| teams.get(&active))?;
+    team_has_running_agent(team).then_some(active)
+}
+
+fn has_live_runtime_teams(state: &serde_json::Value) -> bool {
+    state
+        .get("teams")
+        .and_then(serde_json::Value::as_object)
+        .is_some_and(|teams| teams.values().any(team_has_running_agent))
+}
+
+fn team_has_running_agent(team: &serde_json::Value) -> bool {
+    team.get("agents")
+        .and_then(serde_json::Value::as_object)
+        .is_some_and(|agents| {
+            agents.values().any(|agent| {
+                agent.get("status").and_then(serde_json::Value::as_str) == Some("running")
+            })
+        })
+}
+
+fn looks_ambiguous_child_team_key(team: &str) -> bool {
+    let team = team.trim().to_ascii_lowercase();
+    team != "child"
+        && (team.starts_with("child-")
+            || team.starts_with("child_")
+            || team.starts_with("child.")
+            || team.starts_with("child"))
+}
+
+fn looks_grandchild_team_key(team: &str) -> bool {
+    let team = team.trim().to_ascii_lowercase();
+    team == "grandchild"
+        || team.starts_with("grandchild-")
+        || team.starts_with("grandchild_")
+        || team.starts_with("grandchild.")
+        || team.starts_with("grandchild")
+}
+
+fn annotate_team_depth(
+    state: &mut serde_json::Value,
+    parent_team_key: Option<&str>,
+    team_depth: u64,
+) {
+    let Some(obj) = state.as_object_mut() else {
+        return;
+    };
+    obj.insert("team_depth".to_string(), serde_json::json!(team_depth));
+    if let Some(parent) = parent_team_key.filter(|value| !value.is_empty()) {
+        obj.insert("parent_team_key".to_string(), serde_json::json!(parent));
+    }
+}
+
+fn annotate_persisted_team_depth(
+    workspace: &Path,
+    team_key: &str,
+    parent_team_key: Option<&str>,
+    team_depth: u64,
+) -> Result<(), LifecycleError> {
+    let mut state = crate::state::persist::load_runtime_state(workspace)
+        .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
+    let Some(team) = state
+        .get_mut("teams")
+        .and_then(serde_json::Value::as_object_mut)
+        .and_then(|teams| teams.get_mut(team_key))
+    else {
+        return Ok(());
+    };
+    annotate_team_depth(team, parent_team_key, team_depth);
+    crate::state::persist::save_runtime_state(workspace, &state)
+        .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
+    Ok(())
+}
+
 fn runtime_state_has_quick_start_team(state: &serde_json::Value, team: &str) -> bool {
     explicit_active_team_key(state).as_deref() == Some(team)
         || state
@@ -949,9 +1356,7 @@ fn runtime_state_has_quick_start_team(state: &serde_json::Value, team: &str) ->
         || state
             .get("session_name")
             .and_then(serde_json::Value::as_str)
-            .is_some_and(|session| {
-                session == team || session.strip_prefix("team-") == Some(team)
-            })
+            .is_some_and(|session| session == team || session.strip_prefix("team-") == Some(team))
 }
 
 fn json_team_identity_matches(state: &serde_json::Value, team: &str) -> bool {
@@ -988,8 +1393,7 @@ pub fn quick_start_in_workspace(
     fresh: bool,
     team_id: Option<&str>,
 ) -> Result<QuickStartReport, LifecycleError> {
-    let workspace = crate::model::paths::canonical_run_workspace(workspace)
-        .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
+    let workspace = explicit_quick_start_workspace(workspace);
     quick_start_with_transport_in_workspace(
         &workspace,
         agents_dir,
@@ -1002,6 +1406,18 @@ pub fn quick_start_in_workspace(
     )
 }
 
+fn explicit_quick_start_workspace(workspace: &Path) -> PathBuf {
+    std::fs::canonicalize(workspace).unwrap_or_else(|_| {
+        if workspace.is_absolute() {
+            workspace.to_path_buf()
+        } else {
+            std::env::current_dir()
+                .unwrap_or_else(|_| PathBuf::from("."))
+                .join(workspace)
+        }
+    })
+}
+
 /// `quick_start` with an injected transport — tests inject a recording mock so the REAL spawn path
 /// (launch dry_run=false → spawn_agents) is asserted without a live tmux; prod uses the real TmuxBackend.
 pub fn quick_start_with_transport(
@@ -1013,7 +1429,9 @@ pub fn quick_start_with_transport(
     transport: &dyn Transport,
 ) -> Result<QuickStartReport, LifecycleError> {
     let workspace = team_workspace(agents_dir);
-    quick_start_with_transport_in_workspace(&workspace, agents_dir, name, yes, fresh, team_id, transport)
+    quick_start_with_transport_in_workspace(
+        &workspace, agents_dir, name, yes, fresh, team_id, transport,
+    )
 }
 
 pub fn quick_start_with_transport_in_workspace(
@@ -1038,6 +1456,19 @@ pub fn quick_start_with_transport_in_workspace(
         .map(str::to_string)
         .or_else(|| spec_team_id(&spec));
     let explicit_team_key = quick_start_requested_team_key(team_id, name).map(str::to_string);
+    let team_depth = quick_start_depth_guard(
+        &workspace,
+        agents_dir,
+        requested_team.as_deref(),
+        matches!(transport.kind(), crate::transport::BackendKind::Tmux),
+    )?;
+    if team_depth.team_depth > 2 {
+        let parent = team_depth.parent_team_key.as_deref().unwrap_or("");
+        return Err(LifecycleError::RequirementUnmet(format!(
+            "team nesting depth limit exceeded: parent_team_key={parent} parent_depth={} max_depth=2",
+            team_depth.team_depth.saturating_sub(1)
+        )));
+    }
     if !fresh {
         let state_path = crate::state::persist::runtime_state_path(&workspace);
         if state_path.exists() {
@@ -1056,7 +1487,8 @@ pub fn quick_start_with_transport_in_workspace(
                         .map(SessionName::new),
                     state_path: Some(state_path),
                     next_actions: vec![
-                        "run restart to resume the existing team or pass --fresh to replace it".to_string(),
+                        "run restart to resume the existing team or pass --fresh to replace it"
+                            .to_string(),
                     ],
                 });
             }
@@ -1070,22 +1502,41 @@ pub fn quick_start_with_transport_in_workspace(
     if let Some(requested) = requested_team.as_deref() {
         override_spec_session_name(&mut spec, &format!("team-{requested}"));
     }
+    let session_name = spec_session_name(&spec);
+    let state_team_key = explicit_team_key.clone().unwrap_or_else(|| {
+        let spec_path = agents_dir.join("team.spec.yaml");
+        runtime_team_key_for_spec(&spec_path, &spec, &session_name)
+    });
     let spec_path = agents_dir.join("team.spec.yaml");
-    std::fs::write(&spec_path, yaml::dumps(&spec)).map_err(|e| {
-        LifecycleError::StatePersist(format!("{}: {e}", spec_path.display()))
-    })?;
+    std::fs::write(&spec_path, yaml::dumps(&spec))
+        .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", spec_path.display())))?;
     let _store = crate::message_store::MessageStore::open(&workspace)
         .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
-    let session_name = spec_session_name(&spec);
-    let resolved_spec_path = std::fs::canonicalize(&spec_path).unwrap_or_else(|_| spec_path.clone());
+    let resolved_spec_path =
+        std::fs::canonicalize(&spec_path).unwrap_or_else(|_| spec_path.clone());
     let state = initial_runtime_state(&spec, &resolved_spec_path, &workspace, agents_dir);
-    let state_team_key = explicit_team_key
-        .unwrap_or_else(|| runtime_team_key_for_spec(&resolved_spec_path, &spec, &session_name));
     save_launched_team_state_for_key(&workspace, &state, Some(&state_team_key))?;
+    annotate_persisted_team_depth(
+        &workspace,
+        &state_team_key,
+        team_depth.parent_team_key.as_deref(),
+        team_depth.team_depth,
+    )?;
     // FIX (rt-host-a real-machine finding): dry_run=false so launch_with_transport calls spawn_agents
     // and really creates the tmux session + worker windows (was hardcoded true → never spawned, which
     // also starved the coordinator: no session → first tick TmuxSessionMissing → run_daemon loop exits).
-    let launch = launch_with_transport_in_workspace(&workspace, &spec_path, false, yes, true, transport)?;
+    let mut launch =
+        launch_with_transport_in_workspace(&workspace, &spec_path, false, yes, true, transport)?;
+    annotate_persisted_team_depth(
+        &workspace,
+        &state_team_key,
+        team_depth.parent_team_key.as_deref(),
+        team_depth.team_depth,
+    )?;
+    launch.leader_receiver_attached =
+        launched_team_receiver_is_attached(&workspace, &state_team_key);
+    launch.session_capture_incomplete_agents =
+        quick_start_session_capture_incomplete_agents(&workspace, &state_team_key);
     let coordinator_workspace = crate::coordinator::WorkspacePath::new(workspace.clone());
     let coordinator_started = crate::coordinator::start_coordinator(&coordinator_workspace)
         .map(|report| report.ok)
@@ -1102,13 +1553,30 @@ pub fn quick_start_with_transport_in_workspace(
     //   loaded successfully (provider-side codex/claude schema rejections happen
     //   asynchronously after spawn), so the verdict is PendingToolLoad — never
     //   bare Ready.
-    let worker_readiness = quick_start_worker_readiness(&workspace);
+    let worker_readiness = quick_start_worker_readiness(&workspace, &state_team_key);
+    let attach_commands = crate::tmux_backend::attach_commands_for_windows(
+        &workspace,
+        &session_name,
+        launch
+            .started
+            .iter()
+            .map(|started| started.agent_id.as_str()),
+    );
+    let mut next_actions = vec![format!(
+        "team compiled; real spawn is behind the transport/provider boundary; {coordinator_action}"
+    )];
+    next_actions.extend(attach_commands.iter().cloned());
+    let display_backend = state
+        .get("display_backend")
+        .and_then(serde_json::Value::as_str)
+        .unwrap_or("none")
+        .to_string();
     Ok(QuickStartReport::Ready {
         session_name,
         launch: Box::new(launch),
-        next_actions: vec![format!(
-            "team compiled; real spawn is behind the transport/provider boundary; {coordinator_action}"
-        )],
+        next_actions,
+        attach_commands,
+        display_backend,
         worker_readiness,
     })
 }
@@ -1118,13 +1586,24 @@ pub fn quick_start_with_transport_in_workspace(
 /// verdict to `Degraded { unhealthy_agents }` (sorted, deduped); otherwise
 /// `PendingToolLoad` — never bare Ready. State read failure is treated as
 /// PendingToolLoad rather than fabricated success.
-fn quick_start_worker_readiness(workspace: &Path) -> QuickStartReadiness {
+fn quick_start_worker_readiness(workspace: &Path, team_key: &str) -> QuickStartReadiness {
     let Ok(state) = load_runtime_state(workspace) else {
         return QuickStartReadiness::PendingToolLoad;
     };
-    let Some(agents) = state.get("agents").and_then(serde_json::Value::as_object) else {
+    let team_state = state
+        .get("teams")
+        .and_then(serde_json::Value::as_object)
+        .and_then(|teams| teams.get(team_key))
+        .unwrap_or(&state);
+    let Some(agents) = team_state
+        .get("agents")
+        .and_then(serde_json::Value::as_object)
+    else {
         return QuickStartReadiness::PendingToolLoad;
     };
+    let all_spawned = !agents.is_empty();
+    let leader_receiver_attached = launched_team_receiver_is_attached(workspace, team_key);
+    let all_attached_receiver = leader_receiver_attached;
     let mut unhealthy: Vec<String> = agents
         .iter()
         .filter_map(|(id, agent)| {
@@ -1135,22 +1614,88 @@ fn quick_start_worker_readiness(workspace: &Path) -> QuickStartReadiness {
             }
         })
         .collect();
-    if unhealthy.is_empty() {
-        QuickStartReadiness::PendingToolLoad
-    } else {
+    if !unhealthy.is_empty() {
         unhealthy.sort();
         unhealthy.dedup();
-        QuickStartReadiness::Degraded { unhealthy_agents: unhealthy }
+        QuickStartReadiness::Degraded {
+            unhealthy_agents: unhealthy,
+        }
+    } else {
+        let incomplete_agents =
+            crate::session_capture::incomplete_interacted_resumable_agent_ids(team_state);
+        let all_resumable_have_session = incomplete_agents.is_empty();
+        let _readiness_ready = all_spawned && all_attached_receiver && all_resumable_have_session;
+        QuickStartReadiness::PendingToolLoad
+    }
+}
+
+fn quick_start_session_capture_incomplete_agents(workspace: &Path, team_key: &str) -> Vec<String> {
+    let Ok(state) = load_runtime_state(workspace) else {
+        return Vec::new();
+    };
+    let team_state = state
+        .get("teams")
+        .and_then(serde_json::Value::as_object)
+        .and_then(|teams| teams.get(team_key))
+        .unwrap_or(&state);
+    crate::session_capture::incomplete_interacted_resumable_agent_ids(team_state)
+}
+
+fn launched_team_receiver_is_attached(workspace: &Path, team_key: &str) -> bool {
+    let Ok(state) = load_runtime_state(workspace) else {
+        return true;
+    };
+    let team_state = state
+        .get("teams")
+        .and_then(serde_json::Value::as_object)
+        .and_then(|teams| teams.get(team_key))
+        .unwrap_or(&state);
+    if team_state.get("leader_receiver").is_none() {
+        return true;
     }
+    if team_uses_fake_model_harness(team_state) {
+        return true;
+    }
+    leader_receiver_is_attached(team_state)
+}
+
+fn team_uses_fake_model_harness(team_state: &serde_json::Value) -> bool {
+    team_state
+        .get("agents")
+        .and_then(serde_json::Value::as_object)
+        .is_some_and(|agents| {
+            !agents.is_empty()
+                && agents.values().all(|agent| {
+                    agent.get("model").and_then(serde_json::Value::as_str) == Some("fake")
+                })
+        })
+}
+
+fn leader_receiver_is_attached(team_state: &serde_json::Value) -> bool {
+    let Some(receiver) = team_state.get("leader_receiver") else {
+        return false;
+    };
+    let status = receiver
+        .get("status")
+        .and_then(serde_json::Value::as_str)
+        .unwrap_or("");
+    let pane_id = receiver
+        .get("pane_id")
+        .and_then(serde_json::Value::as_str)
+        .or_else(|| receiver.get("pane").and_then(serde_json::Value::as_str))
+        .unwrap_or("");
+    status == "attached" && !pane_id.is_empty() && pane_id != "__team_agent_unbound__"
 }
 
 /// `detect_inherited_dangerous_permissions`(`launch/config.py`):扫进程祖先链找
 /// `--dangerously-*` flag,产出危险审批继承态。launch 在 inherited=false 且无 --yes 时拒。
 pub fn detect_dangerous_approval() -> Result<DangerousApproval, LifecycleError> {
     if let Ok(raw) = std::env::var("TEAM_AGENT_TEST_PROCESS_ANCESTRY_ARGV_JSON") {
-        let argv_tokens = serde_json::from_str::<Vec<String>>(&raw)
-            .map_err(|e| LifecycleError::StatePersist(format!("invalid test ancestry argv: {e}")))?;
-        return Ok(detect_dangerous_approval_in_argv(&argv_tokens).unwrap_or_else(disabled_dangerous_approval));
+        let argv_tokens = serde_json::from_str::<Vec<String>>(&raw).map_err(|e| {
+            LifecycleError::StatePersist(format!("invalid test ancestry argv: {e}"))
+        })?;
+        return Ok(detect_dangerous_approval_in_argv(&argv_tokens)
+            .unwrap_or_else(disabled_dangerous_approval));
     }
     for argv_tokens in process_ancestry_argv(std::process::id()) {
         if let Some(detected) = detect_dangerous_approval_in_argv(&argv_tokens) {
@@ -1166,7 +1711,8 @@ fn detect_dangerous_approval_in_argv(argv_tokens: &[String]) -> Option<Dangerous
     for token in argv_tokens {
         for (provider, flag) in dangerous_leader_flags() {
             if token == flag {
-                let unexpected_binary = !binary_matches_provider(provider, ancestry_binary_name.as_deref());
+                let unexpected_binary =
+                    !binary_matches_provider(provider, ancestry_binary_name.as_deref());
                 return Some(DangerousApproval {
                     enabled: true,
                     source: DangerousApprovalSource::LeaderProcess,
@@ -1356,16 +1902,16 @@ pub fn add_agent(
         }
         Err(error) => return Err(LifecycleError::TeamSelect(error.to_string())),
     };
-    let team_dir = selected
-        .spec_workspace
-        .ok_or_else(|| LifecycleError::TeamSelect("active team spec workspace not found".to_string()))?;
+    let team_dir = selected.spec_workspace.ok_or_else(|| {
+        LifecycleError::TeamSelect("active team spec workspace not found".to_string())
+    })?;
     add_agent_with_transport_at_paths(
         &selected.run_workspace,
         &team_dir,
         agent_id,
         role_file_path,
         open_display,
-        team,
+        Some(selected.team_key.as_str()),
         &crate::tmux_backend::TmuxBackend::for_workspace(&selected.run_workspace),
     )
 }
@@ -1402,12 +1948,16 @@ fn add_agent_with_transport_at_paths(
     team: Option<&str>,
     transport: &dyn Transport,
 ) -> Result<AddAgentReport, LifecycleError> {
-    let owner_state = if team.is_some() {
-        crate::state::projection::select_runtime_state(run_workspace, team)
-            .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?
-    } else {
-        load_runtime_state(run_workspace).map_err(|e| LifecycleError::StatePersist(e.to_string()))?
-    };
+    let runtime_state = crate::state::persist::load_runtime_state(run_workspace)
+        .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
+    let canonical_team_key = team
+        .filter(|key| !key.is_empty())
+        .map(str::to_string)
+        .or_else(|| explicit_active_team_key(&runtime_state))
+        .unwrap_or_else(|| crate::state::projection::team_state_key(&runtime_state));
+    let owner_state =
+        crate::state::projection::select_runtime_state(run_workspace, Some(&canonical_team_key))
+            .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?;
     ensure_owner_allowed_for_state(&owner_state, Some(agent_id))?;
     if !role_file_path.exists() {
         return Err(LifecycleError::Compile(format!(
@@ -1423,13 +1973,20 @@ fn add_agent_with_transport_at_paths(
     let dynamic_role_file = materialize_added_role_file(team_dir, agent_id, role_file_path)?;
     let spec = crate::compiler::compile_team(team_dir)
         .map_err(|e| LifecycleError::Compile(e.to_string()))?;
+    let safety = effective_runtime_config(&spec)?;
     let spec_path = team_dir.join("team.spec.yaml");
-    std::fs::write(&spec_path, yaml::dumps(&spec)).map_err(|e| {
-        LifecycleError::StatePersist(format!("{}: {e}", spec_path.display()))
-    })?;
+    std::fs::write(&spec_path, yaml::dumps(&spec))
+        .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", spec_path.display())))?;
     let (meta, _) = crate::compiler::read_front_matter(&dynamic_role_file)
         .map_err(|e| LifecycleError::Compile(e.to_string()))?;
-    upsert_agent_state_from_role(run_workspace, team, agent_id, &meta, &dynamic_role_file)?;
+    upsert_agent_state_from_role(
+        run_workspace,
+        &canonical_team_key,
+        agent_id,
+        &meta,
+        &dynamic_role_file,
+        &safety,
+    )?;
     let started = crate::lifecycle::restart::start_agent_at_paths(
         run_workspace,
         team_dir,
@@ -1437,7 +1994,7 @@ fn add_agent_with_transport_at_paths(
         false,
         open_display,
         true,
-        team,
+        Some(&canonical_team_key),
         transport,
     )?;
     let (env, start_mode) = match started {
@@ -1460,18 +2017,15 @@ fn add_agent_with_transport_at_paths(
 
 fn upsert_agent_state_from_role(
     workspace: &Path,
-    team: Option<&str>,
+    canonical_team_key: &str,
     agent_id: &AgentId,
     meta: &Value,
     dynamic_role_file: &Path,
+    safety: &DangerousApproval,
 ) -> Result<(), LifecycleError> {
-    let mut state = if team.is_some() {
-        crate::state::projection::select_runtime_state(workspace, team)
-            .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?
-    } else {
-        crate::state::persist::load_runtime_state(workspace)
-            .map_err(|e| LifecycleError::StatePersist(e.to_string()))?
-    };
+    let mut state =
+        crate::state::projection::select_runtime_state(workspace, Some(canonical_team_key))
+            .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?;
     if !state.is_object() {
         state = serde_json::json!({});
     }
@@ -1513,16 +2067,28 @@ fn upsert_agent_state_from_role(
     if let Some(model) = meta.get("model").and_then(Value::as_str) {
         if let Some(obj) = entry.as_object_mut() {
             obj.insert("model".to_string(), serde_json::json!(model));
+            obj.insert("model_source".to_string(), serde_json::json!("role"));
         }
     }
-    agent_map.insert(agent_id.as_str().to_string(), entry);
-    if team.is_some() {
-        let team_key = explicit_active_team_key(&state)
-            .or_else(|| team.filter(|key| !key.is_empty()).map(str::to_string));
-        save_launched_team_state_for_key(workspace, &state, team_key.as_deref())
-    } else {
-        save_runtime_state(workspace, &state).map_err(|e| LifecycleError::StatePersist(e.to_string()))
+    if let Some(profile) = meta.get("profile").and_then(Value::as_str) {
+        if let Some(obj) = entry.as_object_mut() {
+            obj.insert("profile".to_string(), serde_json::json!(profile));
+            if let Some(team_dir) = dynamic_role_file.parent().and_then(Path::parent) {
+                obj.insert(
+                    "_profile_dir".to_string(),
+                    serde_json::json!(team_dir.join("profiles").to_string_lossy().to_string()),
+                );
+            }
+            if !obj.contains_key("model_source") {
+                obj.insert("model_source".to_string(), serde_json::json!("default"));
+            }
+        }
     }
+    if let Some(obj) = entry.as_object_mut() {
+        persist_effective_approval_policy(obj, safety);
+    }
+    agent_map.insert(agent_id.as_str().to_string(), entry);
+    save_launched_team_state_for_key(workspace, &state, Some(canonical_team_key))
 }
 
 fn materialize_added_role_file(
@@ -1588,9 +2154,9 @@ pub fn fork_agent_with_transport(
         crate::state::selector::SelectorMode::RequireSpec,
     )
     .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?;
-    let spec_workspace = selected
-        .spec_workspace
-        .ok_or_else(|| LifecycleError::TeamSelect("active team spec workspace not found".to_string()))?;
+    let spec_workspace = selected.spec_workspace.ok_or_else(|| {
+        LifecycleError::TeamSelect("active team spec workspace not found".to_string())
+    })?;
     let workspace = selected.run_workspace;
     let state = selected.state;
     ensure_owner_allowed_for_state(&state, Some(source_agent_id))?;
@@ -1603,8 +2169,9 @@ pub fn fork_agent_with_transport(
             "agent id already exists: {as_agent_id}"
         )));
     }
-    let source_agent = find_spec_agent(&spec, source_agent_id)
-        .ok_or_else(|| LifecycleError::RequirementUnmet(format!("unknown worker agent id: {source_agent_id}")))?;
+    let source_agent = find_spec_agent(&spec, source_agent_id).ok_or_else(|| {
+        LifecycleError::RequirementUnmet(format!("unknown worker agent id: {source_agent_id}"))
+    })?;
     let session_id = state
         .get("agents")
         .and_then(|v| v.get(source_agent_id.as_str()))
@@ -1639,8 +2206,9 @@ pub fn fork_agent_with_transport(
         .map_err(|e| LifecycleError::Compile(e.to_string()))?;
     std::fs::write(&spec_path, yaml::dumps(&new_spec))
         .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", spec_path.display())))?;
-    let new_agent = find_spec_agent(&new_spec, as_agent_id)
-        .ok_or_else(|| LifecycleError::RequirementUnmet(format!("unknown worker agent id: {as_agent_id}")))?;
+    let new_agent = find_spec_agent(&new_spec, as_agent_id).ok_or_else(|| {
+        LifecycleError::RequirementUnmet(format!("unknown worker agent id: {as_agent_id}"))
+    })?;
     let provider = new_agent
         .get("provider")
         .and_then(Value::as_str)
@@ -1662,68 +2230,171 @@ pub fn fork_agent_with_transport(
             "{provider_str} does not support native session fork"
         )));
     }
-    let role = new_agent.get("role").and_then(Value::as_str);
     let model = new_agent.get("model").and_then(Value::as_str);
     let safety = effective_runtime_config(&new_spec)?;
-    let tools = worker_tool_refs(agent_tool_strings(new_agent), &safety);
-    let tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
-    let mcp_config = adapter
-        .mcp_config(auth_mode)
+    let command_agent = crate::lifecycle::worker_command_context::WorkerCommandAgent::from_yaml(
+        new_agent,
+        Some(as_agent_id.as_str()),
+        provider,
+    );
+    let system_prompt =
+        crate::lifecycle::worker_command_context::compile_worker_system_prompt(&command_agent)?;
+    let tools = crate::lifecycle::worker_command_context::resolved_tool_strings_for_command(
+        &command_agent,
+        provider,
+        &safety,
+    )?;
+    let resolved_tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
+    let fork_team = crate::messaging::leader_receiver::active_team_key(&workspace, &state);
+    let mcp_config = adapter.mcp_config(auth_mode).map_err(|e| {
+        let _ = std::fs::write(&spec_path, text.as_bytes());
+        LifecycleError::Provider(e.to_string())
+    })?;
+    let mcp_config = resolve_mcp_config(mcp_config, &workspace, as_agent_id.as_str(), &fork_team);
+    let mcp_config_path = write_worker_mcp_config(&workspace, as_agent_id.as_str(), &mcp_config)
         .map_err(|e| {
             let _ = std::fs::write(&spec_path, text.as_bytes());
-            LifecycleError::Provider(e.to_string())
+            e
         })?;
-    let mut argv = adapter
-        .fork_with_context(
-            Some(&session_id),
-            auth_mode,
+    let profile_dir = spec_workspace.join("profiles");
+    let profile_launch =
+        crate::lifecycle::profile_launch::prepare_provider_profile_launch_with_profile_dir(
+            &workspace,
+            as_agent_id.as_str(),
+            new_agent,
+            Some(&profile_dir),
             Some(&mcp_config),
-            role,
-            model,
-            &tool_refs,
+        )?;
+    let command_model = profile_launch.command_overrides.model.as_deref().or(model);
+    let mut plan = adapter
+        .fork_plan(
+            Some(&session_id),
+            crate::provider::ProviderCommandContext {
+                auth_mode,
+                mcp_config: Some(&mcp_config),
+                system_prompt: Some(system_prompt.as_str()),
+                model: command_model,
+                tools: &resolved_tool_refs,
+                profile_launch: Some(&profile_launch),
+            },
         )
         .map_err(|e| {
             let _ = std::fs::write(&spec_path, text.as_bytes());
             LifecycleError::Provider(e.to_string())
         })?;
-    let fork_team = crate::messaging::leader_receiver::active_team_key(&workspace, &state);
-    fill_spawn_placeholders_full(&mut argv, &workspace, as_agent_id.as_str(), Some(&fork_team));
-    let window = WindowName::new(as_agent_id.as_str());
-    // fork inherits the parent agent's owner team via runtime state (`active_team_key`).
-    let env = inherited_env_with_team_overrides(
+    if !plan.managed_mcp_config && !profile_launch.managed_mcp_config {
+        point_native_mcp_config_at_file(&mut plan.argv, provider, &mcp_config_path);
+    }
+    fill_spawn_placeholders_full(
+        &mut plan.argv,
         &workspace,
         as_agent_id.as_str(),
         Some(&fork_team),
     );
+    let window = WindowName::new(as_agent_id.as_str());
+    // fork inherits the parent agent's owner team via runtime state (`active_team_key`).
+    let mut env =
+        inherited_env_with_team_overrides(&workspace, as_agent_id.as_str(), Some(&fork_team));
+    apply_profile_launch_env(&mut env, &profile_launch);
     // golden operations.py:336 -> _tmux_start_command_for_agent_window (runtime.py:1017-1020): branch on
     // _tmux_session_exists — an ABSENT session => new-session (spawn_first), present => new-window
     // (spawn_into). The Rust restart seam (restart.rs spawn_agent_window) uses the same branch.
     let session_live = transport.has_session(&session_name).unwrap_or(false);
     let spawn_result = if session_live {
-        transport.spawn_into(&session_name, &window, &argv, &workspace, &env)
+        transport.spawn_into(&session_name, &window, &plan.argv, &workspace, &env)
     } else {
-        transport.spawn_first(&session_name, &window, &argv, &workspace, &env)
+        transport.spawn_first(&session_name, &window, &plan.argv, &workspace, &env)
     };
-    let _spawn = spawn_result.map_err(|e| {
+    let spawn = spawn_result.map_err(|e| {
         let _ = std::fs::write(&spec_path, text.as_bytes());
         LifecycleError::Transport(e.to_string())
     })?;
     let old_state = state.clone();
     let mut next_state = state;
-    upsert_forked_agent_state(&mut next_state, source_agent_id, as_agent_id, new_agent)?;
+    upsert_forked_agent_state(
+        &mut next_state,
+        source_agent_id,
+        as_agent_id,
+        new_agent,
+        &safety,
+        &plan,
+        &profile_launch,
+        &spawn,
+        &workspace,
+        Some(&profile_dir),
+    )?;
+    if let Some(agent) = next_state
+        .get_mut("agents")
+        .and_then(serde_json::Value::as_object_mut)
+        .and_then(|agents| agents.get_mut(as_agent_id.as_str()))
+        .and_then(serde_json::Value::as_object_mut)
+    {
+        persist_effective_approval_policy(agent, &safety);
+    }
+    if let Err(e) = maybe_fail_fork_after_spawn("save_runtime_state") {
+        rollback_fork_after_spawn(
+            &workspace,
+            &spec_path,
+            &text,
+            &old_state,
+            transport,
+            &session_name,
+            &window,
+            &mcp_config_path,
+            as_agent_id,
+            &profile_launch,
+        );
+        return Err(e);
+    }
     if let Err(e) = save_runtime_state(&workspace, &next_state) {
-        rollback_fork_after_spawn(&workspace, &spec_path, &text, &old_state, transport, &session_name, &window);
+        rollback_fork_after_spawn(
+            &workspace,
+            &spec_path,
+            &text,
+            &old_state,
+            transport,
+            &session_name,
+            &window,
+            &mcp_config_path,
+            as_agent_id,
+            &profile_launch,
+        );
         return Err(LifecycleError::StatePersist(e.to_string()));
     }
-    let coordinator_started =
-        crate::coordinator::start_coordinator(&crate::coordinator::WorkspacePath::new(
-            workspace.to_path_buf(),
-        ))
-        .map(|report| report.ok)
-        .map_err(|e| {
-            rollback_fork_after_spawn(&workspace, &spec_path, &text, &old_state, transport, &session_name, &window);
-            LifecycleError::StatePersist(e.to_string())
-        })?;
+    if let Err(e) = maybe_fail_fork_after_spawn("start_coordinator") {
+        rollback_fork_after_spawn(
+            &workspace,
+            &spec_path,
+            &text,
+            &old_state,
+            transport,
+            &session_name,
+            &window,
+            &mcp_config_path,
+            as_agent_id,
+            &profile_launch,
+        );
+        return Err(e);
+    }
+    let coordinator_started = crate::coordinator::start_coordinator(
+        &crate::coordinator::WorkspacePath::new(workspace.to_path_buf()),
+    )
+    .map(|report| report.ok)
+    .map_err(|e| {
+        rollback_fork_after_spawn(
+            &workspace,
+            &spec_path,
+            &text,
+            &old_state,
+            transport,
+            &session_name,
+            &window,
+            &mcp_config_path,
+            as_agent_id,
+            &profile_launch,
+        );
+        LifecycleError::StatePersist(e.to_string())
+    })?;
     Ok(ForkAgentReport {
         source_agent_id: source_agent_id.clone(),
         new_agent_id: as_agent_id.clone(),
@@ -1744,6 +2415,9 @@ fn rollback_fork_after_spawn(
     transport: &dyn Transport,
     session_name: &SessionName,
     window: &WindowName,
+    mcp_config_path: &Path,
+    agent_id: &AgentId,
+    profile_launch: &crate::provider::ProviderProfileLaunch,
 ) {
     let _ = transport.kill_window(&Target::SessionWindow {
         session: session_name.clone(),
@@ -1751,6 +2425,40 @@ fn rollback_fork_after_spawn(
     });
     let _ = std::fs::write(spec_path, spec_text.as_bytes());
     let _ = save_runtime_state(workspace, old_state);
+    cleanup_fork_mcp_artifacts(workspace, agent_id, mcp_config_path, profile_launch);
+}
+
+fn maybe_fail_fork_after_spawn(step: &str) -> Result<(), LifecycleError> {
+    let Ok(reason) = std::env::var("TEAM_AGENT_TEST_FAIL_FORK_AFTER_SPAWN") else {
+        return Ok(());
+    };
+    if reason.is_empty() {
+        return Ok(());
+    }
+    let should_fail = reason == step || (step == "start_coordinator" && reason == "coordinator");
+    if !should_fail {
+        return Ok(());
+    }
+    Err(LifecycleError::StatePersist(format!(
+        "injected fork failure after spawn: {reason}"
+    )))
+}
+
+fn cleanup_fork_mcp_artifacts(
+    workspace: &Path,
+    agent_id: &AgentId,
+    mcp_config_path: &Path,
+    profile_launch: &crate::provider::ProviderProfileLaunch,
+) {
+    let _ = std::fs::remove_file(mcp_config_path);
+    let _ = std::fs::remove_file(
+        workspace
+            .join(".team/runtime/provider-env")
+            .join(format!("{}.env", agent_id.as_str())),
+    );
+    if let Some(config_dir) = profile_launch.claude_config_dir.as_ref() {
+        let _ = std::fs::remove_dir_all(config_dir.parent().unwrap_or(config_dir));
+    }
 }
 
 fn leader_id_matches(spec: &Value, agent_id: &AgentId) -> bool {
@@ -1771,16 +2479,13 @@ fn find_spec_agent<'a>(spec: &'a Value, agent_id: &AgentId) -> Option<&'a Value>
     if leader_is_agent {
         return None;
     }
-    spec.get("agents")?
-        .as_list()?
-        .iter()
-        .find(|agent| {
-            agent
-                .get("id")
-                .and_then(Value::as_str)
-                .map(|id| id == agent_id.as_str())
-                .unwrap_or(false)
-        })
+    spec.get("agents")?.as_list()?.iter().find(|agent| {
+        agent
+            .get("id")
+            .and_then(Value::as_str)
+            .map(|id| id == agent_id.as_str())
+            .unwrap_or(false)
+    })
 }
 
 fn append_forked_agent(
@@ -1819,12 +2524,17 @@ fn append_forked_agent(
     )?;
 
     let Value::Map(pairs) = spec else {
-        return Err(LifecycleError::Compile("spec root is not a map".to_string()));
+        return Err(LifecycleError::Compile(
+            "spec root is not a map".to_string(),
+        ));
     };
     let mut out = Vec::new();
     for (key, value) in pairs {
         if key == "agents" {
-            let mut agents = value.as_list().map(|items| items.to_vec()).unwrap_or_default();
+            let mut agents = value
+                .as_list()
+                .map(|items| items.to_vec())
+                .unwrap_or_default();
             agents.push(new_agent.clone());
             out.push((key.clone(), Value::List(agents)));
         } else if key == "runtime" {
@@ -1838,7 +2548,9 @@ fn append_forked_agent(
 
 fn set_yaml_map_value(value: &mut Value, key: &str, next: Value) -> Result<(), LifecycleError> {
     let Value::Map(pairs) = value else {
-        return Err(LifecycleError::Compile("agent entry is not a map".to_string()));
+        return Err(LifecycleError::Compile(
+            "agent entry is not a map".to_string(),
+        ));
     };
     if let Some((_, existing)) = pairs.iter_mut().find(|(k, _)| k == key) {
         *existing = next;
@@ -1857,10 +2569,15 @@ fn runtime_with_startup_agent(runtime: &Value, agent_id: &AgentId) -> Value {
     for (key, value) in pairs {
         if key == "startup_order" {
             saw_startup = true;
-            let mut order = value.as_list().map(|items| items.to_vec()).unwrap_or_default();
-            let already_present = order
-                .iter()
-                .any(|item| item.as_str().map(|id| id == agent_id.as_str()).unwrap_or(false));
+            let mut order = value
+                .as_list()
+                .map(|items| items.to_vec())
+                .unwrap_or_default();
+            let already_present = order.iter().any(|item| {
+                item.as_str()
+                    .map(|id| id == agent_id.as_str())
+                    .unwrap_or(false)
+            });
             if !already_present {
                 order.push(Value::Str(agent_id.as_str().to_string()));
             }
@@ -1883,6 +2600,12 @@ fn upsert_forked_agent_state(
     source_agent_id: &AgentId,
     as_agent_id: &AgentId,
     spec_agent: &Value,
+    safety: &DangerousApproval,
+    plan: &crate::provider::CommandPlan,
+    profile_launch: &crate::provider::ProviderProfileLaunch,
+    spawn: &crate::transport::SpawnResult,
+    spawn_cwd: &Path,
+    profile_dir: Option<&Path>,
 ) -> Result<(), LifecycleError> {
     if !state.is_object() {
         *state = serde_json::json!({});
@@ -1907,15 +2630,71 @@ fn upsert_forked_agent_state(
         .get("provider")
         .and_then(Value::as_str)
         .unwrap_or("codex");
+    let mut entry = serde_json::Map::new();
+    entry.insert("status".to_string(), serde_json::json!("running"));
+    entry.insert("provider".to_string(), serde_json::json!(provider));
+    entry.insert(
+        "agent_id".to_string(),
+        serde_json::json!(as_agent_id.as_str()),
+    );
+    entry.insert(
+        "window".to_string(),
+        serde_json::json!(as_agent_id.as_str()),
+    );
+    entry.insert(
+        "forked_from".to_string(),
+        serde_json::json!(source_agent_id.as_str()),
+    );
+    entry.insert(
+        "spawn_cwd".to_string(),
+        serde_json::json!(spawn_cwd.to_string_lossy().to_string()),
+    );
+    entry.insert(
+        "pane_id".to_string(),
+        serde_json::json!(spawn.pane_id.as_str()),
+    );
+    if let Some(pid) = spawn.child_pid {
+        entry.insert("pane_pid".to_string(), serde_json::json!(pid));
+    }
+    for key in [
+        "auth_mode",
+        "model",
+        "model_source",
+        "profile",
+        "_profile_dir",
+        "role",
+    ] {
+        if let Some(value) = spec_agent.get(key) {
+            entry.insert(key.to_string(), yaml_value_to_json(value));
+        }
+    }
+    if spec_agent.get("profile").is_some() && !entry.contains_key("_profile_dir") {
+        if let Some(profile_dir) = profile_dir {
+            entry.insert(
+                "_profile_dir".to_string(),
+                serde_json::json!(profile_dir.to_string_lossy().to_string()),
+            );
+        }
+    }
+    entry.insert("session_id".to_string(), serde_json::Value::Null);
+    entry.insert("rollout_path".to_string(), serde_json::Value::Null);
+    entry.insert("captured_at".to_string(), serde_json::Value::Null);
+    entry.insert("captured_via".to_string(), serde_json::Value::Null);
+    entry.insert(
+        "attribution_confidence".to_string(),
+        serde_json::Value::Null,
+    );
+    persist_command_plan_state(&mut entry, plan, profile_launch);
     agent_map.insert(
         as_agent_id.as_str().to_string(),
-        serde_json::json!({
-            "status": "running",
-            "provider": provider,
-            "window": as_agent_id.as_str(),
-            "forked_from": source_agent_id.as_str(),
-        }),
+        serde_json::Value::Object(entry),
     );
+    if let Some(entry) = agent_map
+        .get_mut(as_agent_id.as_str())
+        .and_then(serde_json::Value::as_object_mut)
+    {
+        persist_effective_approval_policy(entry, safety);
+    }
     Ok(())
 }
 
@@ -1947,12 +2726,9 @@ pub(crate) fn ensure_owner_allowed_for_state(
         None,
     )
     .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
-    if let Some(refusal) = crate::state::owner_gate::check_team_owner(
-        state,
-        &caller,
-        false,
-        &NoopLiveness,
-    ) {
+    if let Some(refusal) =
+        crate::state::owner_gate::check_team_owner(state, &caller, false, &NoopLiveness)
+    {
         return Err(LifecycleError::OwnerRefused(refusal.to_string()));
     }
     Ok(())
@@ -1981,7 +2757,10 @@ fn initial_runtime_state(
         let Some(id) = agent.get("id").and_then(Value::as_str) else {
             continue;
         };
-        let provider = agent.get("provider").and_then(Value::as_str).unwrap_or("codex");
+        let provider = agent
+            .get("provider")
+            .and_then(Value::as_str)
+            .unwrap_or("codex");
         let role = agent.get("role").and_then(Value::as_str).unwrap_or(id);
         let model = agent.get("model").and_then(Value::as_str);
         let auth_mode = agent.get("auth_mode").and_then(Value::as_str);
@@ -2003,7 +2782,9 @@ fn initial_runtime_state(
         .get("runtime")
         .and_then(|runtime| runtime.get("display_backend"))
         .and_then(Value::as_str)
-        .and_then(|backend| serde_json::from_value::<DisplayBackend>(serde_json::json!(backend)).ok());
+        .and_then(|backend| {
+            serde_json::from_value::<DisplayBackend>(serde_json::json!(backend)).ok()
+        });
     let display_backend =
         crate::lifecycle::display::resolve_display_backend(requested_display, None).backend;
     let mut state = serde_json::Map::new();
@@ -2025,11 +2806,16 @@ fn initial_runtime_state(
     );
     state.insert(
         "leader".to_string(),
-        spec.get("leader").map(yaml_value_to_json).unwrap_or(serde_json::Value::Null),
+        spec.get("leader")
+            .map(yaml_value_to_json)
+            .unwrap_or(serde_json::Value::Null),
     );
     state.insert("agents".to_string(), serde_json::Value::Object(agents));
     state.insert("tasks".to_string(), spec_tasks_json(spec));
-    state.insert("display_backend".to_string(), serde_json::json!(display_backend));
+    state.insert(
+        "display_backend".to_string(),
+        serde_json::json!(display_backend),
+    );
     let mut state = serde_json::Value::Object(state);
     if !seed_launched_owner_from_env(&mut state) {
         let team_id = crate::state::projection::team_state_key(&state);
@@ -2095,12 +2881,17 @@ fn seed_launched_owner_from_env(state: &mut serde_json::Value) -> bool {
     true
 }
 
+fn has_positive_caller_leader_env() -> bool {
+    env_nonempty("TEAM_AGENT_LEADER_PANE_ID")
+        || env_nonempty("TEAM_AGENT_LEADER_SESSION_UUID")
+        || env_nonempty("TEAM_AGENT_LEADER_SESSION_UUID_OVERRIDE")
+        || env_nonempty("TEAM_AGENT_LEADER_PROVIDER")
+}
+
 fn spec_tasks_json(spec: &Value) -> serde_json::Value {
     spec.get("tasks")
         .and_then(Value::as_list)
-        .map(|tasks| {
-            serde_json::Value::Array(tasks.iter().map(yaml_value_to_json).collect())
-        })
+        .map(|tasks| serde_json::Value::Array(tasks.iter().map(yaml_value_to_json).collect()))
         .unwrap_or_else(|| serde_json::json!([]))
 }
 
@@ -2139,7 +2930,10 @@ fn override_spec_session_name(spec: &mut Value, session_name: &str) {
             if let Some((_, existing)) = runtime.iter_mut().find(|(k, _)| k == "session_name") {
                 *existing = Value::Str(session_name.to_string());
             } else {
-                runtime.push(("session_name".to_string(), Value::Str(session_name.to_string())));
+                runtime.push((
+                    "session_name".to_string(),
+                    Value::Str(session_name.to_string()),
+                ));
             }
         }
         Some(other) => {
@@ -2246,20 +3040,11 @@ fn disabled_dangerous_approval() -> DangerousApproval {
     }
 }
 
-pub(crate) fn effective_runtime_config_for_worker_spawn() -> Result<DangerousApproval, LifecycleError> {
+pub(crate) fn effective_runtime_config_for_worker_spawn(
+) -> Result<DangerousApproval, LifecycleError> {
     detect_dangerous_approval()
 }
 
-pub(crate) fn worker_tool_refs(
-    mut tools: Vec<String>,
-    safety: &DangerousApproval,
-) -> Vec<String> {
-    if safety.enabled && !tools.iter().any(|tool| tool == "dangerous_auto_approve") {
-        tools.push("dangerous_auto_approve".to_string());
-    }
-    tools
-}
-
 fn write_launch_permission_audit(
     workspace: &Path,
     safety: &DangerousApproval,
@@ -2317,6 +3102,5 @@ fn agent_id_exists_in_team_dir(team_dir: &Path, agent_id: &AgentId) -> bool {
         .exists()
 }
 
-
 mod plan;
 pub use plan::{handle_report_result, start_plan};