@team-agent/installer 0.3.3 → 0.3.4

package/crates/team-agent/src/lifecycle/mod.rs

@@ -40,6 +40,7 @@ pub(crate) mod profile_launch;
 pub(crate) mod profile_smoke;
 pub mod restart;
 pub mod types;
+pub(crate) mod worker_command_context;
 
 use std::collections::BTreeMap;
 use std::path::PathBuf;

package/crates/team-agent/src/lifecycle/restart/agent.rs

@@ -451,10 +451,21 @@ fn write_start_agent_start_event(
     let adapter = crate::provider::get_adapter(provider);
     // Contract C / F6.4: event log must record the same context-aware argv that the
     // actual spawn used — so the role/tools/MCP context appears in `start_agent.agent_start`.
-    let role = agent.get("role").and_then(|v| v.as_str());
     let safety = crate::lifecycle::launch::effective_runtime_config_for_worker_spawn()?;
-    let tools = crate::lifecycle::launch::worker_tool_refs(agent_tool_strings(agent), &safety);
-    let tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
+    let command_agent =
+        crate::lifecycle::worker_command_context::WorkerCommandAgent::from_json(
+            agent,
+            Some(agent_id.as_str()),
+            provider,
+        );
+    let system_prompt =
+        crate::lifecycle::worker_command_context::compile_worker_system_prompt(&command_agent)?;
+    let tools = crate::lifecycle::worker_command_context::resolved_tool_strings_for_command(
+        &command_agent,
+        provider,
+        &safety,
+    )?;
+    let resolved_tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
     let mcp_config = adapter
         .mcp_config(auth_mode)
         .map_err(|e| LifecycleError::Provider(e.to_string()))?;
@@ -484,9 +495,9 @@ fn write_start_agent_start_event(
     let context = crate::provider::ProviderCommandContext {
         auth_mode,
         mcp_config: Some(&mcp_config),
-        system_prompt: role,
+        system_prompt: Some(system_prompt.as_str()),
         model: command_model,
-        tools: &tool_refs,
+        tools: &resolved_tool_refs,
         profile_launch: Some(&profile_launch),
     };
     let mut plan = match session_id {

package/crates/team-agent/src/lifecycle/restart/common.rs

@@ -29,7 +29,6 @@ pub(super) fn spawn_agent_window(
     // Contract C / F6.4: thread compiled role/tools/MCP context through restart as well —
     // a restarted worker must come back up with the SAME callable MCP capability + role
     // prompt as a fresh launch, else `report_result` becomes unreachable after every restart.
-    let role = agent.get("role").and_then(|v| v.as_str());
     let detected_safety;
     let safety = if let Some(safety) = safety {
         safety
@@ -37,8 +36,20 @@ pub(super) fn spawn_agent_window(
         detected_safety = crate::lifecycle::launch::effective_runtime_config_for_worker_spawn()?;
         &detected_safety
     };
-    let tools = crate::lifecycle::launch::worker_tool_refs(agent_tool_strings(agent), safety);
-    let tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
+    let command_agent =
+        crate::lifecycle::worker_command_context::WorkerCommandAgent::from_json(
+            agent,
+            Some(agent_id.as_str()),
+            provider,
+        );
+    let system_prompt =
+        crate::lifecycle::worker_command_context::compile_worker_system_prompt(&command_agent)?;
+    let tools = crate::lifecycle::worker_command_context::resolved_tool_strings_for_command(
+        &command_agent,
+        provider,
+        safety,
+    )?;
+    let resolved_tool_refs: Vec<&str> = tools.iter().map(String::as_str).collect();
     // owner_team_id resolution: prefer the runtime-state row's `owner_team_id` (set by
     // launch/restart); fall back to the active team key for paths that don't write the
     // row first (e.g. add-agent calls spawn before upserting team metadata).
@@ -78,9 +89,9 @@ pub(super) fn spawn_agent_window(
     let context = crate::provider::ProviderCommandContext {
         auth_mode,
         mcp_config: Some(&mcp_config),
-        system_prompt: role,
+        system_prompt: Some(system_prompt.as_str()),
         model: command_model,
-        tools: &tool_refs,
+        tools: &resolved_tool_refs,
         profile_launch: Some(&profile_launch),
     };
     let mut plan = match resume_session_id {
@@ -319,24 +330,6 @@ pub(crate) fn restart_required_missing_session_agent_ids(state: &serde_json::Val
     missing.sort();
     missing
 }
-/// Tools list off an agent's runtime state entry (`tools: [...]`). Restart paths
-/// don't have the full spec object, only the runtime state — so they read tools from
-/// the state row, falling back to an empty list. Contract C requires the worker
-/// command be built with the tool list, even on restart.
-pub(super) fn agent_tool_strings(agent: &serde_json::Value) -> Vec<String> {
-    agent
-        .get("tools")
-        .and_then(|v| v.as_array())
-        .map(|items| {
-            items
-                .iter()
-                .filter_map(|v| v.as_str())
-                .map(str::to_string)
-                .collect()
-        })
-        .unwrap_or_default()
-}
-
 pub(super) fn agent_window(agent: &serde_json::Value, agent_id: &AgentId) -> String {
     agent
         .get("window")

package/crates/team-agent/src/lifecycle/restart/rebuild.rs

@@ -1,6 +1,6 @@
-use super::*;
 use super::common::*;
 use super::selection::classify_restart_plan;
+use super::*;
 
 // ── lifecycle::restart —— 整队 Route B resume-or-fresh 重建 ──────────────────
 
@@ -101,10 +101,9 @@ pub fn restart_with_transport_with_session_convergence_deadline(
     .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?;
     let mut state = selected.state;
     crate::lifecycle::launch::ensure_owner_allowed_for_state(&state, None)?;
-    let spec_workspace = selected
-        .spec_workspace
-        .as_ref()
-        .ok_or_else(|| LifecycleError::TeamSelect("active team spec workspace not found".to_string()))?;
+    let spec_workspace = selected.spec_workspace.as_ref().ok_or_else(|| {
+        LifecycleError::TeamSelect("active team spec workspace not found".to_string())
+    })?;
     let spec = load_team_spec(spec_workspace)?;
     let safety = crate::lifecycle::launch::effective_runtime_config(&spec)?;
     let mut convergence = converge_missing_provider_sessions(
@@ -236,10 +235,20 @@ pub fn restart_with_transport_with_session_convergence_deadline(
     crate::state::projection::save_team_scoped_state(&selected.run_workspace, &state)
         .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
     let coordinator_started = start_coordinator_for_workspace(&selected.run_workspace)?;
+    let attach_commands = crate::tmux_backend::attach_commands_for_windows(
+        &selected.run_workspace,
+        &session_name,
+        plan.decisions
+            .iter()
+            .map(|decision| decision.agent_id.as_str()),
+    );
+    let next_actions = attach_commands.clone();
     Ok(RestartReport::Restarted {
         session_name,
         agents: plan.decisions,
         coordinator_started,
+        next_actions,
+        attach_commands,
     })
 }
 
@@ -456,10 +465,7 @@ fn mark_leader_receiver_rebind_required(state: &mut serde_json::Value, session_n
         .and_then(|v| v.as_str())
         .is_some_and(|status| status == "attached")
     {
-        receiver.insert(
-            "status".to_string(),
-            serde_json::json!("rebind_required"),
-        );
+        receiver.insert("status".to_string(), serde_json::json!("rebind_required"));
     }
 }
 
@@ -520,11 +526,7 @@ fn mark_agent_respawned(
     if let Some(pane_pid) = pane_pid {
         agent.insert("pane_pid".to_string(), serde_json::json!(pane_pid));
     }
-    crate::lifecycle::launch::persist_command_plan_state(
-        agent,
-        &spawn.plan,
-        &spawn.profile_launch,
-    );
+    crate::lifecycle::launch::persist_command_plan_state(agent, &spawn.plan, &spawn.profile_launch);
     persist_effective_approval_policy_for_restart(agent, safety);
     agent.remove("startup_prompts");
     agent.remove("startup_prompt_status");
@@ -583,8 +585,7 @@ fn write_restart_resume_decision_event(
 
     let path = workspace.join(".team").join("logs").join("events.jsonl");
     if let Some(parent) = path.parent() {
-        std::fs::create_dir_all(parent)
-            .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
+        std::fs::create_dir_all(parent).map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
     }
     let mut event = serde_json::json!({
         "ts": chrono::Utc::now().to_rfc3339(),
@@ -615,8 +616,8 @@ fn write_restart_resume_decision_event(
             }
         }
     }
-    let line = serde_json::to_string(&event)
-        .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
+    let line =
+        serde_json::to_string(&event).map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
     let mut file = std::fs::OpenOptions::new()
         .create(true)
         .append(true)
@@ -667,7 +668,10 @@ pub fn select_restart_state(
         .get("active_team_key")
         .and_then(serde_json::Value::as_str)
         .filter(|s| !s.is_empty())
-        .map_or_else(|| crate::state::projection::team_state_key(&selected), str::to_string);
+        .map_or_else(
+            || crate::state::projection::team_state_key(&selected),
+            str::to_string,
+        );
     Ok(restart_candidate_from_state(workspace, &key, &selected))
 }
 
@@ -733,12 +737,14 @@ fn restart_candidate_has_context(state: &serde_json::Value) -> bool {
         .and_then(serde_json::Value::as_object)
         .is_some_and(|agents| {
             agents.values().any(|agent| {
-                ["session_id", "rollout_path", "first_send_at"].iter().any(|key| {
-                    agent
-                        .get(*key)
-                        .and_then(serde_json::Value::as_str)
-                        .is_some_and(|s| !s.is_empty())
-                })
+                ["session_id", "rollout_path", "first_send_at"]
+                    .iter()
+                    .any(|key| {
+                        agent
+                            .get(*key)
+                            .and_then(serde_json::Value::as_str)
+                            .is_some_and(|s| !s.is_empty())
+                    })
             })
         })
 }

package/crates/team-agent/src/lifecycle/tests/core.rs

@@ -185,14 +185,14 @@ fn plan_condition_rejects_out_of_grammar() {
 
 // ───────────────────────────────────────────────────────────────────────
 // resolve_display_backend — display/backend.py
-// 默认 adaptive;非默认非静默(non_default=true 触发 display.backend_resolved)。
+// 默认 none;非默认非静默(non_default=true 触发 display.backend_resolved)。
 // ───────────────────────────────────────────────────────────────────────
 
 #[test]
-fn resolve_backend_defaults_to_adaptive_when_none_requested() {
+fn resolve_backend_defaults_to_none_when_none_requested() {
     let r = resolve_display_backend(None, None);
-    assert_eq!(r.backend, DisplayBackend::Adaptive);
-    assert!(!r.non_default, "默认 adaptive 不应标记 non_default");
+    assert_eq!(r.backend, DisplayBackend::None);
+    assert!(!r.non_default, "默认 none 不应标记 non_default");
 }
 
 #[test]

package/crates/team-agent/src/lifecycle/tests/launch_spawn.rs

@@ -886,8 +886,8 @@ fn quick_start_state_seeds_spec_path_workspace_leader_display_backend() {
     );
     assert_eq!(
         state["display_backend"],
-        json!("adaptive"),
-        "golden resolve_display_backend(None, source='launch') defaults to adaptive"
+        json!("none"),
+        "golden resolve_display_backend(None, source='launch') defaults to none"
     );
 }
 

package/crates/team-agent/src/lifecycle/types.rs

@@ -483,6 +483,8 @@ pub enum QuickStartReport {
         session_name: SessionName,
         launch: Box<LaunchReport>,
         next_actions: Vec<String>,
+        attach_commands: Vec<String>,
+        display_backend: String,
         /// BUG-7: real readiness verdict. `Ready` ⇒ the wrapper completed AND the
         /// caller already verified tool-set availability; the framework itself
         /// never emits this without an external observable confirming worker
@@ -613,6 +615,8 @@ pub enum RestartReport {
         session_name: SessionName,
         agents: Vec<RestartedAgent>,
         coordinator_started: bool,
+        next_actions: Vec<String>,
+        attach_commands: Vec<String>,
     },
     /// atomic refusal(`reason=resume_atomicity`):某 interacted worker 不可 resume
     /// 且非 allow_fresh。**nothing created yet**,无需回滚。

package/crates/team-agent/src/lifecycle/worker_command_context.rs

@@ -0,0 +1,326 @@
+use std::path::Path;
+
+use crate::lifecycle::types::{DangerousApproval, LifecycleError};
+use crate::model::enums::{Enforcement, Provider};
+use crate::model::ids::AgentId;
+use crate::model::permissions::{resolve_permissions, AgentPermissionInput};
+
+const RUNTIME_CONTRACT_SECTION: &str = r#"# Team Agent Teammate Runtime Contract
+
+You are a teammate in a Team Agent runtime, not the user's primary assistant.
+The user normally talks to the team lead. Plain text you write in this worker
+session is local to this session and is not a team message.
+
+Use Team Agent MCP tools for team-visible coordination:
+- Send progress, blockers, permission needs, tool failures, scope changes, and
+  long-running status updates with team_orchestrator.send_message(to='leader',
+  content='<short message>').
+- Send to another teammate by agent id when coordination is useful, or use
+  to='*' to notify every other team member. The runtime resolves only this team
+  and excludes your own worker.
+- When the task is complete, call team_orchestrator.report_result exactly once.
+- Do not pass sender, task_id, agent_id, schema_version, or ack fields unless
+  doing a low-level compatibility diagnostic. The MCP runtime fills protocol
+  fields from the current worker and task state.
+
+If you are blocked or cannot continue, message the leader promptly instead of
+waiting silently. If work takes several minutes, send a short progress update.
+
+When any Team Agent worker hits a 500/529/rate-limit/overloaded API error,
+slow the team down before retrying: wait 1-2 minutes, keep active workers low,
+and avoid blind immediate retries."#;
+
+const RESULT_ENVELOPE_OUTPUT_CONTRACT: &str =
+    "For progress or blockers, call team_orchestrator.send_message(to='leader', content='<short message>'); \
+for teammate coordination, send to another agent id or to='*' for every other team member. \
+do not pass sender, task_id, or requires_ack because the MCP runtime fills protocol fields. \
+the runtime injects it into the attached Codex leader pane when the leader has run attach-leader. \
+If no leader is attached, the tool returns a fallback/failed result instead of completion. \
+Final completion must call team_orchestrator.report_result exactly once with a short summary \
+and optional status/changes/tests; MCP fills schema_version, task_id, and agent_id.";
+
+pub(crate) struct WorkerCommandAgent {
+    id: Option<String>,
+    provider: Provider,
+    role: Option<String>,
+    declared_tools: Option<Vec<String>>,
+    system_prompt_inline: Option<String>,
+    system_prompt_file: Option<String>,
+    output_contract_format: Option<String>,
+}
+
+impl WorkerCommandAgent {
+    pub(crate) fn from_yaml(
+        agent: &crate::model::yaml::Value,
+        fallback_id: Option<&str>,
+        provider: Provider,
+    ) -> Self {
+        let system_prompt = agent.get("system_prompt");
+        Self {
+            id: agent
+                .get("id")
+                .and_then(crate::model::yaml::Value::as_str)
+                .or(fallback_id)
+                .map(str::to_string),
+            provider,
+            role: agent
+                .get("role")
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+            declared_tools: agent
+                .get("tools")
+                .and_then(crate::model::yaml::Value::as_list)
+                .map(|items| {
+                    items
+                        .iter()
+                        .filter_map(crate::model::yaml::Value::as_str)
+                        .map(str::to_string)
+                        .collect()
+                }),
+            system_prompt_inline: system_prompt
+                .and_then(|prompt| prompt.get("inline"))
+                .and_then(crate::model::yaml::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            system_prompt_file: system_prompt
+                .and_then(|prompt| prompt.get("file"))
+                .filter(|value| value.is_truthy())
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+            output_contract_format: agent
+                .get("output_contract")
+                .and_then(|contract| contract.get("format"))
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+        }
+    }
+
+    pub(crate) fn from_json(
+        agent: &serde_json::Value,
+        fallback_id: Option<&str>,
+        provider: Provider,
+    ) -> Self {
+        let system_prompt = agent.get("system_prompt");
+        Self {
+            id: agent
+                .get("id")
+                .and_then(serde_json::Value::as_str)
+                .or(fallback_id)
+                .map(str::to_string),
+            provider,
+            role: agent
+                .get("role")
+                .and_then(serde_json::Value::as_str)
+                .map(str::to_string),
+            declared_tools: agent
+                .get("tools")
+                .and_then(serde_json::Value::as_array)
+                .map(|items| {
+                    items
+                        .iter()
+                        .filter_map(serde_json::Value::as_str)
+                        .map(str::to_string)
+                        .collect()
+                }),
+            system_prompt_inline: system_prompt
+                .and_then(|prompt| prompt.get("inline"))
+                .and_then(serde_json::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            system_prompt_file: system_prompt
+                .and_then(|prompt| prompt.get("file"))
+                .and_then(serde_json::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            output_contract_format: agent
+                .get("output_contract")
+                .and_then(|contract| contract.get("format"))
+                .and_then(serde_json::Value::as_str)
+                .map(str::to_string),
+        }
+    }
+}
+
+pub(crate) fn compile_worker_system_prompt(
+    agent: &WorkerCommandAgent,
+) -> Result<String, LifecycleError> {
+    let mut chunks = vec![
+        runtime_contract_section(),
+        identity_section(agent),
+        role_body(agent)?,
+    ];
+    if let Some(contract) = output_contract(agent) {
+        chunks.push(contract);
+    }
+    if let Some(notes) = permission_notes(agent)? {
+        chunks.push(notes);
+    }
+    Ok(chunks
+        .into_iter()
+        .filter(|chunk| !chunk.is_empty())
+        .collect::<Vec<_>>()
+        .join("\n\n"))
+}
+
+pub(crate) fn resolved_tool_strings_for_command(
+    agent: &WorkerCommandAgent,
+    provider: Provider,
+    safety: &DangerousApproval,
+) -> Result<Vec<String>, LifecycleError> {
+    let mut tools: Vec<String> = resolve_agent_permissions(agent, provider)?
+        .sorted_tool_strings()
+        .into_iter()
+        .map(str::to_string)
+        .collect();
+    if safety.enabled && !tools.iter().any(|tool| tool == "dangerous_auto_approve") {
+        tools.push("dangerous_auto_approve".to_string());
+    }
+    Ok(tools)
+}
+
+fn resolve_agent_permissions(
+    agent: &WorkerCommandAgent,
+    provider: Provider,
+) -> Result<crate::model::permissions::ResolvedPermissions, LifecycleError> {
+    resolve_permissions(&AgentPermissionInput {
+        id: agent.id.as_deref().map(AgentId::new),
+        provider,
+        role: agent.role.clone(),
+        tools: agent.declared_tools.clone(),
+    })
+    .map_err(|e| LifecycleError::Compile(e.to_string()))
+}
+
+fn runtime_contract_section() -> String {
+    RUNTIME_CONTRACT_SECTION.to_string()
+}
+
+fn identity_section(agent: &WorkerCommandAgent) -> String {
+    format!(
+        "You are Team Agent worker `{}` with role `{}`. When asked about your role or identity, answer with this Team Agent worker identity first, not only the generic provider product identity.",
+        agent.id.as_deref().unwrap_or("unknown"),
+        agent.role.as_deref().unwrap_or("developer")
+    )
+}
+
+fn role_body(agent: &WorkerCommandAgent) -> Result<String, LifecycleError> {
+    let mut chunks = Vec::new();
+    if let Some(inline) = &agent.system_prompt_inline {
+        chunks.push(inline.clone());
+    }
+    if let Some(path) = &agent.system_prompt_file {
+        let body = std::fs::read_to_string(Path::new(path))
+            .map_err(|e| LifecycleError::Compile(format!("read system_prompt.file {path}: {e}")))?;
+        if !body.is_empty() {
+            chunks.push(body);
+        }
+    }
+    Ok(chunks.join("\n\n"))
+}
+
+fn output_contract(agent: &WorkerCommandAgent) -> Option<String> {
+    (agent.output_contract_format.as_deref() == Some("result_envelope_v1"))
+        .then(|| RESULT_ENVELOPE_OUTPUT_CONTRACT.to_string())
+}
+
+fn permission_notes(agent: &WorkerCommandAgent) -> Result<Option<String>, LifecycleError> {
+    let permissions = resolve_agent_permissions(agent, agent.provider)?;
+    if !permissions.has_prompt_only {
+        return Ok(None);
+    }
+    let mut prompt_only: Vec<String> = permissions
+        .resolved_tools
+        .iter()
+        .filter(|tool| tool.enforcement == Enforcement::PromptOnly)
+        .filter_map(|tool| serde_json::to_value(tool.tool).ok())
+        .filter_map(|value| value.as_str().map(str::to_string))
+        .collect();
+    prompt_only.sort();
+    Ok(Some(format!(
+        "Permission note: these tools are prompt-only for this provider and not hard-enforced: {}",
+        prompt_only.join(", ")
+    )))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::lifecycle::types::DangerousApprovalSource;
+
+    fn disabled_safety() -> DangerousApproval {
+        DangerousApproval {
+            enabled: false,
+            source: DangerousApprovalSource::Disabled,
+            inherited: false,
+            provider: None,
+            flag: None,
+            worker_capability_above_leader: false,
+            ancestry_binary_name: None,
+            unexpected_binary: false,
+        }
+    }
+
+    #[test]
+    fn empty_tools_use_role_defaults_and_aliases_resolve_before_command() {
+        let agent = WorkerCommandAgent {
+            id: Some("dev".to_string()),
+            provider: Provider::ClaudeCode,
+            role: Some("developer".to_string()),
+            declared_tools: Some(Vec::new()),
+            system_prompt_inline: None,
+            system_prompt_file: None,
+            output_contract_format: None,
+        };
+        let tools =
+            resolved_tool_strings_for_command(&agent, Provider::ClaudeCode, &disabled_safety())
+                .unwrap();
+        assert_eq!(
+            tools,
+            [
+                "execute_bash",
+                "fs_list",
+                "fs_read",
+                "fs_write",
+                "git_diff",
+                "mcp_team",
+                "provider_builtin"
+            ]
+        );
+
+        let agent = WorkerCommandAgent {
+            declared_tools: Some(vec!["fs_*".to_string(), "@team-orchestrator".to_string()]),
+            ..agent
+        };
+        let tools =
+            resolved_tool_strings_for_command(&agent, Provider::ClaudeCode, &disabled_safety())
+                .unwrap();
+        assert_eq!(tools, ["fs_list", "fs_read", "fs_write", "mcp_team"]);
+    }
+
+    #[test]
+    fn system_prompt_uses_runtime_contract_identity_role_output_permissions_order() {
+        let agent = WorkerCommandAgent {
+            id: Some("coder".to_string()),
+            provider: Provider::Codex,
+            role: Some("Runtime Developer".to_string()),
+            declared_tools: Some(vec!["mcp_team".to_string()]),
+            system_prompt_inline: Some("Implement the assigned slice.".to_string()),
+            system_prompt_file: None,
+            output_contract_format: Some("result_envelope_v1".to_string()),
+        };
+        let prompt = compile_worker_system_prompt(&agent).unwrap();
+        let runtime = prompt
+            .find(RUNTIME_CONTRACT_SECTION.lines().next().unwrap_or(""))
+            .unwrap();
+        let identity = prompt.find("worker `coder`").unwrap();
+        let role = prompt.find("Implement the assigned slice.").unwrap();
+        let output = prompt
+            .find("Final completion must call team_orchestrator.report_result exactly once")
+            .unwrap();
+        let permissions = prompt.find("Permission note:").unwrap();
+        assert!(runtime < identity && identity < role && role < output && output < permissions);
+        let slowdown_phrase = format!("500/{}", 500 + 29);
+        assert!(prompt.contains(&slowdown_phrase));
+        assert!(prompt.contains("Runtime Developer"));
+    }
+}

package/crates/team-agent/src/tmux_backend.rs

@@ -318,6 +318,60 @@ pub(crate) fn socket_name_for_workspace(workspace: &Path) -> String {
     format!("ta-{:012x}", hasher.finish() & 0xffff_ffff_ffff)
 }
 
+pub(crate) fn socket_path_for_workspace(workspace: &Path) -> Option<PathBuf> {
+    let socket_name = socket_name_for_workspace(workspace);
+    let roots = tmux_socket_roots();
+    for root in &roots {
+        let root = root.canonicalize().unwrap_or_else(|_| root.clone());
+        let candidate = root.join(&socket_name);
+        if candidate.exists() {
+            return Some(candidate.canonicalize().unwrap_or(candidate));
+        }
+    }
+    let uid = unsafe { libc::geteuid() };
+    let default_root = PathBuf::from(format!("/tmp/tmux-{uid}"));
+    let default_root = default_root
+        .canonicalize()
+        .unwrap_or(default_root);
+    Some(default_root.join(socket_name))
+}
+
+pub(crate) fn attach_command_for_workspace(
+    workspace: &Path,
+    session_name: &SessionName,
+    window_name: &str,
+) -> Option<String> {
+    let socket_path = socket_path_for_workspace(workspace)?;
+    Some(format!(
+        "tmux -S {} attach -t {}:{}",
+        socket_path.display(),
+        session_name.as_str(),
+        window_name
+    ))
+}
+
+pub(crate) fn attach_commands_for_windows<'a>(
+    workspace: &Path,
+    session_name: &SessionName,
+    window_names: impl IntoIterator<Item = &'a str>,
+) -> Vec<String> {
+    window_names
+        .into_iter()
+        .filter_map(|window_name| attach_command_for_workspace(workspace, session_name, window_name))
+        .collect()
+}
+
+fn tmux_socket_roots() -> Vec<PathBuf> {
+    let uid = unsafe { libc::geteuid() };
+    let mut roots = vec![PathBuf::from(format!("/tmp/tmux-{uid}"))];
+    if let Some(tmpdir) = std::env::var_os("TMPDIR") {
+        roots.push(PathBuf::from(tmpdir).join(format!("tmux-{uid}")));
+    }
+    roots.sort();
+    roots.dedup();
+    roots
+}
+
 pub(crate) fn socket_name_from_tmux_env() -> Option<String> {
     let tmux = std::env::var("TMUX")
         .ok()