@team-agent/installer 0.3.2 → 0.3.4

package/crates/team-agent/src/lifecycle/restart/team_state.rs

@@ -150,6 +150,14 @@ pub(crate) fn write_team_state(
             lines.push(format!("- {id}: {summary}"));
         }
     }
+    if let Some(notes) = team_state_notes(state).filter(|notes| !notes.is_empty()) {
+        lines.push(String::new());
+        lines.push("## Notes".to_string());
+        lines.push(String::new());
+        for note in notes {
+            lines.push(format!("- {note}"));
+        }
+    }
     lines.push(String::new());
     lines.push("## Next Step".to_string());
     lines.push(String::new());
@@ -182,6 +190,17 @@ fn team_state_tasks(spec: &YamlValue, state: &serde_json::Value) -> Vec<TeamStat
     Vec::new()
 }
 
+fn team_state_notes(state: &serde_json::Value) -> Option<Vec<String>> {
+    Some(
+        state
+            .get("notes")?
+            .as_array()?
+            .iter()
+            .filter_map(|note| note.as_str().filter(|text| !text.is_empty()).map(str::to_string))
+            .collect(),
+    )
+}
+
 fn task_field_str(task: &TeamStateTask, key: &str) -> String {
     match task {
         TeamStateTask::Json(v) => v.get(key).and_then(|v| v.as_str()).unwrap_or("").to_string(),

package/crates/team-agent/src/lifecycle/restart.rs

@@ -35,7 +35,10 @@ pub use agent::{reset_agent, reset_agent_with_transport, start_agent, start_agen
 pub(crate) use agent::start_agent_at_paths;
 pub(crate) use common::refresh_missing_provider_sessions;
 pub use orchestrator::{halt_plan, plan_status};
-pub use rebuild::{restart, restart_candidates, restart_with_transport, select_restart_state};
+pub use rebuild::{
+    restart, restart_candidates, restart_with_session_convergence_deadline, restart_with_transport,
+    select_restart_state,
+};
 pub use remove::{remove_agent, remove_agent_with_transport};
 pub use selection::{classify_first_send_at, classify_restart_plan, decide_start_mode, python_type_name};
 pub(crate) use team_state::write_team_state;

package/crates/team-agent/src/lifecycle/tests/core.rs

@@ -185,14 +185,14 @@ fn plan_condition_rejects_out_of_grammar() {
 
 // ───────────────────────────────────────────────────────────────────────
 // resolve_display_backend — display/backend.py
-// 默认 adaptive;非默认非静默(non_default=true 触发 display.backend_resolved)。
+// 默认 none;非默认非静默(non_default=true 触发 display.backend_resolved)。
 // ───────────────────────────────────────────────────────────────────────
 
 #[test]
-fn resolve_backend_defaults_to_adaptive_when_none_requested() {
+fn resolve_backend_defaults_to_none_when_none_requested() {
     let r = resolve_display_backend(None, None);
-    assert_eq!(r.backend, DisplayBackend::Adaptive);
-    assert!(!r.non_default, "默认 adaptive 不应标记 non_default");
+    assert_eq!(r.backend, DisplayBackend::None);
+    assert!(!r.non_default, "默认 none 不应标记 non_default");
 }
 
 #[test]

package/crates/team-agent/src/lifecycle/tests/lane_ops.rs

@@ -496,10 +496,10 @@ fn lanea_fork_window_already_exists_guard_before_spec_mutation() {
 
 // ── FORK (fork-gate-error-text) [RED] + (fork-incomplete-rollback, adapter arm) — golden gate text + spec rollback
 // Golden operations.py:329-330 raises f"{provider} does not support native session fork" when the native
-// fork gate fails (auth_mode==compatible_api). Rust relies on adapter.fork() -> CapabilityUnsupported
+// fork gate fails (auth_mode==compatible_api). Rust relies on adapter.fork_plan() -> CapabilityUnsupported
 // ("Codex:fork") (adapter.rs:310) -> a different observable. AND golden wraps the post-spec-write steps
 // in try/except restoring the spec on ANY failure (operations.py:384-394); Rust writes the spec
-// (launch.rs:443) then errors at adapter.fork (458-460) WITHOUT restoring it. RED on both: the message
+// (launch.rs:443) then errors at adapter.fork_plan (458-460) WITHOUT restoring it. RED on both: the message
 // text AND the spec must be rolled back to not contain the fork agent.
 #[test]
 fn lanea_fork_gate_error_text_and_spec_rollback_on_adapter_arm() {
@@ -516,7 +516,7 @@ fn lanea_fork_gate_error_text_and_spec_rollback_on_adapter_arm() {
     assert!(
         !spec_text.contains("newfork"),
         "golden operations.py:384-394: on the gate failure the spec must be ROLLED BACK; Rust writes the spec \
-         then errors at adapter.fork without restoring it, leaving the fork agent 'newfork' in the spec"
+         then errors at adapter.fork_plan without restoring it, leaving the fork agent 'newfork' in the spec"
     );
 }
 
@@ -568,9 +568,9 @@ fn lanea_remove_rollback_restores_agent_health() {
 // (4) restores prior state. Rust only restores the spec on the spawn_into arm (launch.rs:481); the
 // save_runtime_state (486-487) and start_coordinator (488-493) failure arms leave the spec mutated, the
 // already-spawned window un-killed, and the state un-rolled-back; install_mcp/cleanup_mcp are absent.
-// The adapter.fork arm IS covered HARD above (lanea_fork_gate_error_text_and_spec_rollback_on_adapter_arm).
+// The adapter.fork_plan arm IS covered HARD above (lanea_fork_gate_error_text_and_spec_rollback_on_adapter_arm).
 // The post-SPAWN arms need a failure-injection seam after spawn_into (codex+subscription forks past
-// adapter.fork, so the spawn succeeds and there is no in-process way to fail save/coordinator cleanly).
+// adapter.fork_plan, so the spawn succeeds and there is no in-process way to fail save/coordinator cleanly).
 // PORTER: a Drop guard armed after the spec write, disarmed on success — kills the window, restores spec
 // + state, runs cleanup_mcp on every post-write error arm.
 #[test]

package/crates/team-agent/src/lifecycle/tests/launch_spawn.rs

@@ -649,8 +649,9 @@ pub(super) fn restart_ws_two_resumable_workers() -> PathBuf {
 }
 
 // 2 [P0] — restart_with_transport must drive the REAL Route-B resume spawn: one spawn per resumable
-// worker (first=spawn_first, rest=spawn_into), each carrying the provider build_command, + coordinator
-// started. Today the stub returns RequirementUnmet with ZERO spawns -> RED at recorded.len().
+// worker. The first resumed worker recreates the session with spawn_first; later workers may use
+// spawn_into only after a live-session check proves that recreated session still exists. Each spawn
+// carries the provider build_command, and the coordinator is started.
 #[test]
 fn restart_with_transport_spawns_resumable_workers_not_stub() {
     let ws = restart_ws_two_resumable_workers();
@@ -665,10 +666,13 @@ fn restart_with_transport_spawns_resumable_workers_not_stub() {
         "restart must spawn ONE worker per resumable agent (alpha, bravo); the rt-host-a stub returns \
          RequirementUnmet with ZERO spawns; got {recorded:?}"
     );
-    assert_eq!(recorded[0].0, "spawn_first", "the first resumed worker uses new-session (spawn_first); got {recorded:?}");
-    assert!(
-        recorded.iter().any(|(kind, _)| kind == "spawn_into"),
-        "subsequent resumed workers use new-window (spawn_into); got {recorded:?}"
+    assert_eq!(
+        recorded[0].0, "spawn_first",
+        "with has-session=false before alpha, restart must recreate the session with spawn_first; got {recorded:?}"
+    );
+    assert_eq!(
+        recorded[1].0, "spawn_into",
+        "with has-session=true after alpha spawn, restart may add bravo with spawn_into; this is liveness-based, not index-based; got {recorded:?}"
     );
     assert!(
         recorded.iter().all(|(_, argv)| argv.iter().any(|a| a == "codex")),
@@ -678,6 +682,25 @@ fn restart_with_transport_spawns_resumable_workers_not_stub() {
         matches!(result, Ok(RestartReport::Restarted { coordinator_started: true, .. })),
         "restart must reach RestartReport::Restarted with coordinator_started=true (AlreadyRunning, seeded); got {result:?}"
     );
+
+    let ws = restart_ws_two_resumable_workers();
+    let dead_after_first = OfflineTransport::new().with_session_absent_after_spawn_first();
+    let result = restart_with_transport(&ws, false, None, &dead_after_first);
+    let recorded = dead_after_first.spawn_records();
+    assert_eq!(
+        recorded.len(),
+        1,
+        "if the session disappears after alpha, restart must stop before spawning bravo; got result={result:?} recorded={recorded:?}"
+    );
+    assert!(
+        recorded.iter().all(|(kind, _)| kind != "spawn_into"),
+        "restart must not call spawn_into/new-window for bravo against a dead server; result={result:?} recorded={recorded:?}"
+    );
+    let error = format!("{result:?}");
+    assert!(
+        error.contains("session_disappeared_after_spawn") || error.contains("provider_resume_exited"),
+        "restart must report the first resumed agent/session disappearance explicitly, not continue to a later no-server failure; result={result:?}"
+    );
 }
 
 // 3 [P0] — start_agent_with_transport on a non-paused agent with a session_id must spawn EXACTLY ONE
@@ -863,8 +886,8 @@ fn quick_start_state_seeds_spec_path_workspace_leader_display_backend() {
     );
     assert_eq!(
         state["display_backend"],
-        json!("adaptive"),
-        "golden resolve_display_backend(None, source='launch') defaults to adaptive"
+        json!("none"),
+        "golden resolve_display_backend(None, source='launch') defaults to none"
     );
 }
 
@@ -899,6 +922,7 @@ fn quick_start_running_agent_state_shape_after_spawn_is_golden() {
             "window",
             "mcp_config",
             "permissions",
+            "effective_approval_policy",
             "session_id",
             "rollout_path",
             "captured_at",
@@ -906,6 +930,7 @@ fn quick_start_running_agent_state_shape_after_spawn_is_golden() {
             "attribution_confidence",
             "spawn_cwd",
             "spawned_at",
+            "pane_id",
         ],
         "running agent state key order must match golden launch/core.py:238-255; raw={raw}"
     );
@@ -935,8 +960,13 @@ fn quick_start_running_agent_state_shape_after_spawn_is_golden() {
     assert!(agent["captured_at"].is_null());
     assert!(agent["captured_via"].is_null());
     assert!(agent["attribution_confidence"].is_null());
-    assert_eq!(agent["spawn_cwd"], json!(workspace.to_string_lossy()));
+    assert_eq!(agent["spawn_cwd"], json!(team.to_string_lossy()));
     assert_eq!(agent["spawned_at"], json!(FIXED_SPAWNED_AT));
+    assert_eq!(
+        agent["pane_id"],
+        json!("%0"),
+        "#252 RC2: launch must persist the real pane_id returned by the transport, not drop it when pane_pid is unavailable"
+    );
 }
 
 // Stage B2 — golden launch/core.py:171-173 writes paused workers as exactly

package/crates/team-agent/src/lifecycle/types.rs

@@ -220,9 +220,15 @@ pub enum WorkerDisplay {
     Adaptive {
         status: DisplayStatus,
         window: Option<WindowName>,
+        workspace_window: Option<WindowName>,
         pane_id: Option<PaneId>,
+        pane_title: Option<String>,
         target: Option<String>,
+        target_worker_session: Option<String>,
+        linked_session: Option<String>,
         leader_session: Option<SessionName>,
+        display_session: Option<SessionName>,
+        fallback: Option<String>,
     },
     GhosttyWindow {
         status: DisplayStatus,
@@ -415,6 +421,7 @@ pub struct LaunchReport {
     pub safety: DangerousApproval,
     /// leader receiver(attach 成功时;经 step10 leader::attach_leader_to_state)。
     pub leader_receiver_attached: bool,
+    pub session_capture_incomplete_agents: Vec<String>,
 }
 
 /// 单个已起 worker(`launch` 的 `agents[]` / `started`)。
@@ -425,6 +432,10 @@ pub struct StartedAgent {
     pub target: String,
     pub session_id: Option<SessionId>,
     pub rollout_path: Option<RolloutPath>,
+    pub pending_session_id: Option<SessionId>,
+    pub claude_config_dir: Option<PathBuf>,
+    pub provider_projects_root: Option<PathBuf>,
+    pub managed_mcp_config: bool,
     pub display: WorkerDisplay,
 }
 
@@ -472,6 +483,8 @@ pub enum QuickStartReport {
         session_name: SessionName,
         launch: Box<LaunchReport>,
         next_actions: Vec<String>,
+        attach_commands: Vec<String>,
+        display_backend: String,
         /// BUG-7: real readiness verdict. `Ready` ⇒ the wrapper completed AND the
         /// caller already verified tool-set availability; the framework itself
         /// never emits this without an external observable confirming worker
@@ -602,6 +615,8 @@ pub enum RestartReport {
         session_name: SessionName,
         agents: Vec<RestartedAgent>,
         coordinator_started: bool,
+        next_actions: Vec<String>,
+        attach_commands: Vec<String>,
     },
     /// atomic refusal(`reason=resume_atomicity`):某 interacted worker 不可 resume
     /// 且非 allow_fresh。**nothing created yet**,无需回滚。
@@ -610,6 +625,14 @@ pub enum RestartReport {
         allow_fresh: bool,
         error: String,
     },
+    /// session capture did not converge before destructive restart. No teardown/spawn occurred.
+    RefusedResumeNotReady {
+        missing: Vec<AgentId>,
+        allow_fresh: bool,
+        deadline: std::time::Duration,
+        elapsed: std::time::Duration,
+        error: String,
+    },
     /// first_send_at 损坏(`reason=invalid_first_send_at`):决策前 hard refuse。
     RefusedInvalidFirstSendAt {
         invalid: Vec<CorruptFirstSendAt>,

package/crates/team-agent/src/lifecycle/worker_command_context.rs

@@ -0,0 +1,326 @@
+use std::path::Path;
+
+use crate::lifecycle::types::{DangerousApproval, LifecycleError};
+use crate::model::enums::{Enforcement, Provider};
+use crate::model::ids::AgentId;
+use crate::model::permissions::{resolve_permissions, AgentPermissionInput};
+
+const RUNTIME_CONTRACT_SECTION: &str = r#"# Team Agent Teammate Runtime Contract
+
+You are a teammate in a Team Agent runtime, not the user's primary assistant.
+The user normally talks to the team lead. Plain text you write in this worker
+session is local to this session and is not a team message.
+
+Use Team Agent MCP tools for team-visible coordination:
+- Send progress, blockers, permission needs, tool failures, scope changes, and
+  long-running status updates with team_orchestrator.send_message(to='leader',
+  content='<short message>').
+- Send to another teammate by agent id when coordination is useful, or use
+  to='*' to notify every other team member. The runtime resolves only this team
+  and excludes your own worker.
+- When the task is complete, call team_orchestrator.report_result exactly once.
+- Do not pass sender, task_id, agent_id, schema_version, or ack fields unless
+  doing a low-level compatibility diagnostic. The MCP runtime fills protocol
+  fields from the current worker and task state.
+
+If you are blocked or cannot continue, message the leader promptly instead of
+waiting silently. If work takes several minutes, send a short progress update.
+
+When any Team Agent worker hits a 500/529/rate-limit/overloaded API error,
+slow the team down before retrying: wait 1-2 minutes, keep active workers low,
+and avoid blind immediate retries."#;
+
+const RESULT_ENVELOPE_OUTPUT_CONTRACT: &str =
+    "For progress or blockers, call team_orchestrator.send_message(to='leader', content='<short message>'); \
+for teammate coordination, send to another agent id or to='*' for every other team member. \
+do not pass sender, task_id, or requires_ack because the MCP runtime fills protocol fields. \
+the runtime injects it into the attached Codex leader pane when the leader has run attach-leader. \
+If no leader is attached, the tool returns a fallback/failed result instead of completion. \
+Final completion must call team_orchestrator.report_result exactly once with a short summary \
+and optional status/changes/tests; MCP fills schema_version, task_id, and agent_id.";
+
+pub(crate) struct WorkerCommandAgent {
+    id: Option<String>,
+    provider: Provider,
+    role: Option<String>,
+    declared_tools: Option<Vec<String>>,
+    system_prompt_inline: Option<String>,
+    system_prompt_file: Option<String>,
+    output_contract_format: Option<String>,
+}
+
+impl WorkerCommandAgent {
+    pub(crate) fn from_yaml(
+        agent: &crate::model::yaml::Value,
+        fallback_id: Option<&str>,
+        provider: Provider,
+    ) -> Self {
+        let system_prompt = agent.get("system_prompt");
+        Self {
+            id: agent
+                .get("id")
+                .and_then(crate::model::yaml::Value::as_str)
+                .or(fallback_id)
+                .map(str::to_string),
+            provider,
+            role: agent
+                .get("role")
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+            declared_tools: agent
+                .get("tools")
+                .and_then(crate::model::yaml::Value::as_list)
+                .map(|items| {
+                    items
+                        .iter()
+                        .filter_map(crate::model::yaml::Value::as_str)
+                        .map(str::to_string)
+                        .collect()
+                }),
+            system_prompt_inline: system_prompt
+                .and_then(|prompt| prompt.get("inline"))
+                .and_then(crate::model::yaml::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            system_prompt_file: system_prompt
+                .and_then(|prompt| prompt.get("file"))
+                .filter(|value| value.is_truthy())
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+            output_contract_format: agent
+                .get("output_contract")
+                .and_then(|contract| contract.get("format"))
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+        }
+    }
+
+    pub(crate) fn from_json(
+        agent: &serde_json::Value,
+        fallback_id: Option<&str>,
+        provider: Provider,
+    ) -> Self {
+        let system_prompt = agent.get("system_prompt");
+        Self {
+            id: agent
+                .get("id")
+                .and_then(serde_json::Value::as_str)
+                .or(fallback_id)
+                .map(str::to_string),
+            provider,
+            role: agent
+                .get("role")
+                .and_then(serde_json::Value::as_str)
+                .map(str::to_string),
+            declared_tools: agent
+                .get("tools")
+                .and_then(serde_json::Value::as_array)
+                .map(|items| {
+                    items
+                        .iter()
+                        .filter_map(serde_json::Value::as_str)
+                        .map(str::to_string)
+                        .collect()
+                }),
+            system_prompt_inline: system_prompt
+                .and_then(|prompt| prompt.get("inline"))
+                .and_then(serde_json::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            system_prompt_file: system_prompt
+                .and_then(|prompt| prompt.get("file"))
+                .and_then(serde_json::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            output_contract_format: agent
+                .get("output_contract")
+                .and_then(|contract| contract.get("format"))
+                .and_then(serde_json::Value::as_str)
+                .map(str::to_string),
+        }
+    }
+}
+
+pub(crate) fn compile_worker_system_prompt(
+    agent: &WorkerCommandAgent,
+) -> Result<String, LifecycleError> {
+    let mut chunks = vec![
+        runtime_contract_section(),
+        identity_section(agent),
+        role_body(agent)?,
+    ];
+    if let Some(contract) = output_contract(agent) {
+        chunks.push(contract);
+    }
+    if let Some(notes) = permission_notes(agent)? {
+        chunks.push(notes);
+    }
+    Ok(chunks
+        .into_iter()
+        .filter(|chunk| !chunk.is_empty())
+        .collect::<Vec<_>>()
+        .join("\n\n"))
+}
+
+pub(crate) fn resolved_tool_strings_for_command(
+    agent: &WorkerCommandAgent,
+    provider: Provider,
+    safety: &DangerousApproval,
+) -> Result<Vec<String>, LifecycleError> {
+    let mut tools: Vec<String> = resolve_agent_permissions(agent, provider)?
+        .sorted_tool_strings()
+        .into_iter()
+        .map(str::to_string)
+        .collect();
+    if safety.enabled && !tools.iter().any(|tool| tool == "dangerous_auto_approve") {
+        tools.push("dangerous_auto_approve".to_string());
+    }
+    Ok(tools)
+}
+
+fn resolve_agent_permissions(
+    agent: &WorkerCommandAgent,
+    provider: Provider,
+) -> Result<crate::model::permissions::ResolvedPermissions, LifecycleError> {
+    resolve_permissions(&AgentPermissionInput {
+        id: agent.id.as_deref().map(AgentId::new),
+        provider,
+        role: agent.role.clone(),
+        tools: agent.declared_tools.clone(),
+    })
+    .map_err(|e| LifecycleError::Compile(e.to_string()))
+}
+
+fn runtime_contract_section() -> String {
+    RUNTIME_CONTRACT_SECTION.to_string()
+}
+
+fn identity_section(agent: &WorkerCommandAgent) -> String {
+    format!(
+        "You are Team Agent worker `{}` with role `{}`. When asked about your role or identity, answer with this Team Agent worker identity first, not only the generic provider product identity.",
+        agent.id.as_deref().unwrap_or("unknown"),
+        agent.role.as_deref().unwrap_or("developer")
+    )
+}
+
+fn role_body(agent: &WorkerCommandAgent) -> Result<String, LifecycleError> {
+    let mut chunks = Vec::new();
+    if let Some(inline) = &agent.system_prompt_inline {
+        chunks.push(inline.clone());
+    }
+    if let Some(path) = &agent.system_prompt_file {
+        let body = std::fs::read_to_string(Path::new(path))
+            .map_err(|e| LifecycleError::Compile(format!("read system_prompt.file {path}: {e}")))?;
+        if !body.is_empty() {
+            chunks.push(body);
+        }
+    }
+    Ok(chunks.join("\n\n"))
+}
+
+fn output_contract(agent: &WorkerCommandAgent) -> Option<String> {
+    (agent.output_contract_format.as_deref() == Some("result_envelope_v1"))
+        .then(|| RESULT_ENVELOPE_OUTPUT_CONTRACT.to_string())
+}
+
+fn permission_notes(agent: &WorkerCommandAgent) -> Result<Option<String>, LifecycleError> {
+    let permissions = resolve_agent_permissions(agent, agent.provider)?;
+    if !permissions.has_prompt_only {
+        return Ok(None);
+    }
+    let mut prompt_only: Vec<String> = permissions
+        .resolved_tools
+        .iter()
+        .filter(|tool| tool.enforcement == Enforcement::PromptOnly)
+        .filter_map(|tool| serde_json::to_value(tool.tool).ok())
+        .filter_map(|value| value.as_str().map(str::to_string))
+        .collect();
+    prompt_only.sort();
+    Ok(Some(format!(
+        "Permission note: these tools are prompt-only for this provider and not hard-enforced: {}",
+        prompt_only.join(", ")
+    )))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::lifecycle::types::DangerousApprovalSource;
+
+    fn disabled_safety() -> DangerousApproval {
+        DangerousApproval {
+            enabled: false,
+            source: DangerousApprovalSource::Disabled,
+            inherited: false,
+            provider: None,
+            flag: None,
+            worker_capability_above_leader: false,
+            ancestry_binary_name: None,
+            unexpected_binary: false,
+        }
+    }
+
+    #[test]
+    fn empty_tools_use_role_defaults_and_aliases_resolve_before_command() {
+        let agent = WorkerCommandAgent {
+            id: Some("dev".to_string()),
+            provider: Provider::ClaudeCode,
+            role: Some("developer".to_string()),
+            declared_tools: Some(Vec::new()),
+            system_prompt_inline: None,
+            system_prompt_file: None,
+            output_contract_format: None,
+        };
+        let tools =
+            resolved_tool_strings_for_command(&agent, Provider::ClaudeCode, &disabled_safety())
+                .unwrap();
+        assert_eq!(
+            tools,
+            [
+                "execute_bash",
+                "fs_list",
+                "fs_read",
+                "fs_write",
+                "git_diff",
+                "mcp_team",
+                "provider_builtin"
+            ]
+        );
+
+        let agent = WorkerCommandAgent {
+            declared_tools: Some(vec!["fs_*".to_string(), "@team-orchestrator".to_string()]),
+            ..agent
+        };
+        let tools =
+            resolved_tool_strings_for_command(&agent, Provider::ClaudeCode, &disabled_safety())
+                .unwrap();
+        assert_eq!(tools, ["fs_list", "fs_read", "fs_write", "mcp_team"]);
+    }
+
+    #[test]
+    fn system_prompt_uses_runtime_contract_identity_role_output_permissions_order() {
+        let agent = WorkerCommandAgent {
+            id: Some("coder".to_string()),
+            provider: Provider::Codex,
+            role: Some("Runtime Developer".to_string()),
+            declared_tools: Some(vec!["mcp_team".to_string()]),
+            system_prompt_inline: Some("Implement the assigned slice.".to_string()),
+            system_prompt_file: None,
+            output_contract_format: Some("result_envelope_v1".to_string()),
+        };
+        let prompt = compile_worker_system_prompt(&agent).unwrap();
+        let runtime = prompt
+            .find(RUNTIME_CONTRACT_SECTION.lines().next().unwrap_or(""))
+            .unwrap();
+        let identity = prompt.find("worker `coder`").unwrap();
+        let role = prompt.find("Implement the assigned slice.").unwrap();
+        let output = prompt
+            .find("Final completion must call team_orchestrator.report_result exactly once")
+            .unwrap();
+        let permissions = prompt.find("Permission note:").unwrap();
+        assert!(runtime < identity && identity < role && role < output && output < permissions);
+        let slowdown_phrase = format!("500/{}", 500 + 29);
+        assert!(prompt.contains(&slowdown_phrase));
+        assert!(prompt.contains("Runtime Developer"));
+    }
+}

package/crates/team-agent/src/mcp_server/helpers.rs

@@ -60,6 +60,7 @@ pub(crate) fn tool_error_reason_wire(reason: ToolErrorReason) -> &'static str {
         ToolErrorReason::InvalidToolArguments => "invalid_tool_arguments",
         ToolErrorReason::InternalRuntimeError => "internal_runtime_error",
         ToolErrorReason::PeerNotInScope => "peer_not_in_scope",
+        ToolErrorReason::McpScopeRefused => "mcp.scope_refused",
     }
 }