@team-agent/installer 0.3.3 → 0.3.5

package/crates/team-agent/src/lifecycle/worker_command_context.rs

@@ -0,0 +1,361 @@
+use std::path::Path;
+
+use crate::lifecycle::types::{DangerousApproval, LifecycleError};
+use crate::model::enums::{Enforcement, Provider};
+use crate::model::ids::AgentId;
+use crate::model::permissions::{resolve_permissions, AgentPermissionInput};
+
+const RUNTIME_CONTRACT_SECTION: &str = r#"# Team Agent Teammate Runtime Contract
+
+You are a teammate in a Team Agent runtime, not the user's primary assistant.
+The user normally talks to the team lead. Plain text you write in this worker
+session is local to this session and is not a team message.
+
+Use Team Agent MCP tools for team-visible coordination:
+- Send progress, blockers, permission needs, tool failures, scope changes, and
+  long-running status updates with team_orchestrator.send_message(to='leader',
+  content='<short message>').
+- Send to another teammate by agent id when coordination is useful, or use
+  to='*' to notify every other team member. The runtime resolves only this team
+  and excludes your own worker.
+- When the task is complete, call team_orchestrator.report_result exactly once.
+- Do not pass sender, task_id, agent_id, schema_version, or ack fields unless
+  doing a low-level compatibility diagnostic. The MCP runtime fills protocol
+  fields from the current worker and task state.
+
+If you are blocked or cannot continue, message the leader promptly instead of
+waiting silently. If work takes several minutes, send a short progress update.
+
+When any Team Agent worker hits a 500/529/rate-limit/overloaded API error,
+slow the team down before retrying: wait 1-2 minutes, keep active workers low,
+and avoid blind immediate retries."#;
+
+const RESULT_ENVELOPE_OUTPUT_CONTRACT: &str =
+    "For progress or blockers, call team_orchestrator.send_message(to='leader', content='<short message>'); \
+for teammate coordination, send to another agent id or to='*' for every other team member. \
+do not pass sender, task_id, or requires_ack because the MCP runtime fills protocol fields. \
+the runtime injects it into the attached Codex leader pane when the leader has run attach-leader. \
+If no leader is attached, the tool returns a fallback/failed result instead of completion. \
+Final completion must call team_orchestrator.report_result exactly once with a short summary \
+and optional status/changes/tests; MCP fills schema_version, task_id, and agent_id.";
+
+pub(crate) struct WorkerCommandAgent {
+    id: Option<String>,
+    provider: Provider,
+    role: Option<String>,
+    declared_tools: Option<Vec<String>>,
+    system_prompt_inline: Option<String>,
+    system_prompt_file: Option<String>,
+    output_contract_format: Option<String>,
+}
+
+impl WorkerCommandAgent {
+    pub(crate) fn from_yaml(
+        agent: &crate::model::yaml::Value,
+        fallback_id: Option<&str>,
+        provider: Provider,
+    ) -> Self {
+        let system_prompt = agent.get("system_prompt");
+        Self {
+            id: agent
+                .get("id")
+                .and_then(crate::model::yaml::Value::as_str)
+                .or(fallback_id)
+                .map(str::to_string),
+            provider,
+            role: agent
+                .get("role")
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+            declared_tools: agent
+                .get("tools")
+                .and_then(crate::model::yaml::Value::as_list)
+                .map(|items| {
+                    items
+                        .iter()
+                        .filter_map(crate::model::yaml::Value::as_str)
+                        .map(str::to_string)
+                        .collect()
+                }),
+            system_prompt_inline: system_prompt
+                .and_then(|prompt| prompt.get("inline"))
+                .and_then(crate::model::yaml::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            system_prompt_file: system_prompt
+                .and_then(|prompt| prompt.get("file"))
+                .filter(|value| value.is_truthy())
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+            output_contract_format: agent
+                .get("output_contract")
+                .and_then(|contract| contract.get("format"))
+                .and_then(crate::model::yaml::Value::as_str)
+                .map(str::to_string),
+        }
+    }
+
+    pub(crate) fn from_json(
+        agent: &serde_json::Value,
+        fallback_id: Option<&str>,
+        provider: Provider,
+    ) -> Self {
+        let system_prompt = agent.get("system_prompt");
+        Self {
+            id: agent
+                .get("id")
+                .and_then(serde_json::Value::as_str)
+                .or(fallback_id)
+                .map(str::to_string),
+            provider,
+            role: agent
+                .get("role")
+                .and_then(serde_json::Value::as_str)
+                .map(str::to_string),
+            declared_tools: agent
+                .get("tools")
+                .and_then(serde_json::Value::as_array)
+                .map(|items| {
+                    items
+                        .iter()
+                        .filter_map(serde_json::Value::as_str)
+                        .map(str::to_string)
+                        .collect()
+                }),
+            system_prompt_inline: system_prompt
+                .and_then(|prompt| prompt.get("inline"))
+                .and_then(serde_json::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            system_prompt_file: system_prompt
+                .and_then(|prompt| prompt.get("file"))
+                .and_then(serde_json::Value::as_str)
+                .filter(|value| !value.is_empty())
+                .map(str::to_string),
+            output_contract_format: agent
+                .get("output_contract")
+                .and_then(|contract| contract.get("format"))
+                .and_then(serde_json::Value::as_str)
+                .map(str::to_string),
+        }
+    }
+}
+
+pub(crate) fn compile_worker_system_prompt(
+    agent: &WorkerCommandAgent,
+) -> Result<String, LifecycleError> {
+    // Python prompt.py:39 — chunks = [identity, TEAMMATE_SYSTEM_PROMPT, ...]: the worker
+    // identity line anchors the very first section (live Python worker argv confirms).
+    // C-1 cr verdict / B2 灵魂件 — identity 必须 FIRST(MUST-4 行为层守:空白上下文问
+    // "你是谁"必须先答 Team Agent worker 身份)。runtime contract 跟后。
+    let mut chunks = vec![
+        identity_section(agent),
+        runtime_contract_section(),
+        role_body(agent)?,
+    ];
+    if let Some(contract) = output_contract(agent) {
+        chunks.push(contract);
+    }
+    if let Some(notes) = permission_notes(agent)? {
+        chunks.push(notes);
+    }
+    Ok(chunks
+        .into_iter()
+        .filter(|chunk| !chunk.is_empty())
+        .collect::<Vec<_>>()
+        .join("\n\n"))
+}
+
+pub(crate) fn resolved_tool_strings_for_command(
+    agent: &WorkerCommandAgent,
+    provider: Provider,
+    safety: &DangerousApproval,
+) -> Result<Vec<String>, LifecycleError> {
+    let mut tools: Vec<String> = resolve_agent_permissions(agent, provider)?
+        .sorted_tool_strings()
+        .into_iter()
+        .map(str::to_string)
+        .collect();
+    if safety.enabled && !tools.iter().any(|tool| tool == "dangerous_auto_approve") {
+        tools.push("dangerous_auto_approve".to_string());
+    }
+    Ok(tools)
+}
+
+fn resolve_agent_permissions(
+    agent: &WorkerCommandAgent,
+    provider: Provider,
+) -> Result<crate::model::permissions::ResolvedPermissions, LifecycleError> {
+    resolve_permissions(&AgentPermissionInput {
+        id: agent.id.as_deref().map(AgentId::new),
+        provider,
+        role: agent.role.clone(),
+        tools: agent.declared_tools.clone(),
+    })
+    .map_err(|e| LifecycleError::Compile(e.to_string()))
+}
+
+fn runtime_contract_section() -> String {
+    RUNTIME_CONTRACT_SECTION.to_string()
+}
+
+fn identity_section(agent: &WorkerCommandAgent) -> String {
+    format!(
+        "You are Team Agent worker `{}` with role `{}`. When asked about your role or identity, answer with this Team Agent worker identity first, not only the generic provider product identity.",
+        agent.id.as_deref().unwrap_or("unknown"),
+        agent.role.as_deref().unwrap_or("developer")
+    )
+}
+
+fn role_body(agent: &WorkerCommandAgent) -> Result<String, LifecycleError> {
+    let mut chunks = Vec::new();
+    if let Some(inline) = &agent.system_prompt_inline {
+        chunks.push(inline.clone());
+    }
+    if let Some(path) = &agent.system_prompt_file {
+        let body = std::fs::read_to_string(Path::new(path))
+            .map_err(|e| LifecycleError::Compile(format!("read system_prompt.file {path}: {e}")))?;
+        if !body.is_empty() {
+            chunks.push(body);
+        }
+    }
+    Ok(chunks.join("\n\n"))
+}
+
+fn output_contract(agent: &WorkerCommandAgent) -> Option<String> {
+    (agent.output_contract_format.as_deref() == Some("result_envelope_v1"))
+        .then(|| RESULT_ENVELOPE_OUTPUT_CONTRACT.to_string())
+}
+
+fn permission_notes(agent: &WorkerCommandAgent) -> Result<Option<String>, LifecycleError> {
+    let permissions = resolve_agent_permissions(agent, agent.provider)?;
+    // C-2-1/C-2-2 cr verdict — Copilot 一期 framework 不替决 fs_read/fs_list/git_diff/
+    // provider_builtin(provider prompt 控);为诚实(MUST-NOT-13)在 system prompt 内
+    // 总是声明这些 provider-level prompt_only 工具,即便角色未显式声明。
+    let provider_prompt_only_extras = provider_default_prompt_only_tools(agent.provider);
+    let mut prompt_only: std::collections::BTreeSet<String> = permissions
+        .resolved_tools
+        .iter()
+        .filter(|tool| tool.enforcement == Enforcement::PromptOnly)
+        .filter_map(|tool| serde_json::to_value(tool.tool).ok())
+        .filter_map(|value| value.as_str().map(str::to_string))
+        .collect();
+    for tool in provider_prompt_only_extras {
+        prompt_only.insert((*tool).to_string());
+    }
+    if prompt_only.is_empty() {
+        return Ok(None);
+    }
+    let prompt_only: Vec<String> = prompt_only.into_iter().collect();
+    Ok(Some(format!(
+        "Permission note: these tools are prompt-only for this provider and not hard-enforced: {}",
+        prompt_only.join(", ")
+    )))
+}
+
+/// C-2-1 cr verdict — provider-level prompt_only tools that the framework cannot
+/// hard-enforce. The system prompt declares them so the worker is honest about
+/// where consent gates actually live (provider prompt vs framework).
+fn provider_default_prompt_only_tools(provider: Provider) -> &'static [&'static str] {
+    match provider {
+        // C-2-1: fs_read / fs_list / git_diff / provider_builtin 由 provider prompt
+        // 控制,framework 不替决(prompt_only 诚实声明)。
+        Provider::Copilot => &["fs_list", "fs_read", "git_diff", "provider_builtin"],
+        _ => &[],
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::lifecycle::types::DangerousApprovalSource;
+
+    fn disabled_safety() -> DangerousApproval {
+        DangerousApproval {
+            enabled: false,
+            source: DangerousApprovalSource::Disabled,
+            inherited: false,
+            provider: None,
+            flag: None,
+            worker_capability_above_leader: false,
+            ancestry_binary_name: None,
+            unexpected_binary: false,
+        }
+    }
+
+    #[test]
+    fn empty_tools_use_role_defaults_and_aliases_resolve_before_command() {
+        let agent = WorkerCommandAgent {
+            id: Some("dev".to_string()),
+            provider: Provider::ClaudeCode,
+            role: Some("developer".to_string()),
+            declared_tools: Some(Vec::new()),
+            system_prompt_inline: None,
+            system_prompt_file: None,
+            output_contract_format: None,
+        };
+        let tools =
+            resolved_tool_strings_for_command(&agent, Provider::ClaudeCode, &disabled_safety())
+                .unwrap();
+        assert_eq!(
+            tools,
+            [
+                "execute_bash",
+                "fs_list",
+                "fs_read",
+                "fs_write",
+                "git_diff",
+                "mcp_team",
+                "provider_builtin"
+            ]
+        );
+
+        let agent = WorkerCommandAgent {
+            declared_tools: Some(vec!["fs_*".to_string(), "@team-orchestrator".to_string()]),
+            ..agent
+        };
+        let tools =
+            resolved_tool_strings_for_command(&agent, Provider::ClaudeCode, &disabled_safety())
+                .unwrap();
+        assert_eq!(tools, ["fs_list", "fs_read", "fs_write", "mcp_team"]);
+    }
+
+    #[test]
+    fn system_prompt_uses_identity_then_runtime_contract_python_order() {
+        // #264 D6: Python truth source (prompt.py:39, live ps confirmed) builds
+        // chunks = [identity, TEAMMATE_SYSTEM_PROMPT, role_body, output, permissions].
+        // The previous assertion locked the inverted contract-first order with no
+        // Python evidence; this is the corrected golden.
+        // 0.3.5 union (copilot v2 C-1 / B2 MUST-4 行为层守): identity 必须 FIRST —
+        // 空白上下文问"你是谁"的第一行答案必须先答 Team Agent worker 身份;
+        // Copilot 适配的 C-1-3 行为层要求与其它 provider 同步。
+        let agent = WorkerCommandAgent {
+            id: Some("coder".to_string()),
+            provider: Provider::Codex,
+            role: Some("Runtime Developer".to_string()),
+            declared_tools: Some(vec!["mcp_team".to_string()]),
+            system_prompt_inline: Some("Implement the assigned slice.".to_string()),
+            system_prompt_file: None,
+            output_contract_format: Some("result_envelope_v1".to_string()),
+        };
+        let prompt = compile_worker_system_prompt(&agent).unwrap();
+        assert!(
+            prompt.starts_with("You are Team Agent worker `coder` with role `Runtime Developer`."),
+            "compiled prompt must start with the identity section (Python prompt.py:39); head={:?}",
+            prompt.chars().take(120).collect::<String>()
+        );
+        let identity = prompt.find("worker `coder`").unwrap();
+        let runtime = prompt
+            .find(RUNTIME_CONTRACT_SECTION.lines().next().unwrap_or(""))
+            .unwrap();
+        let role = prompt.find("Implement the assigned slice.").unwrap();
+        let output = prompt
+            .find("Final completion must call team_orchestrator.report_result exactly once")
+            .unwrap();
+        let permissions = prompt.find("Permission note:").unwrap();
+        assert!(identity < runtime && runtime < role && role < output && output < permissions);
+        let slowdown_phrase = format!("500/{}", 500 + 29);
+        assert!(prompt.contains(&slowdown_phrase));
+        assert!(prompt.contains("Runtime Developer"));
+    }
+}

package/crates/team-agent/src/mcp_server/lifecycle_tools/agent_ops.rs

@@ -88,12 +88,13 @@ pub(crate) fn fork_agent(
     as_agent_id: &str,
     label: Option<&str>,
 ) -> ToolResult {
-    let _ = label;
     let lifecycle_workspace = lifecycle_workspace(workspace, owner_team, false)?;
+    // operations.py:315 — the label becomes the forked agent's role.
     let report = crate::lifecycle::launch::fork_agent(
         &lifecycle_workspace,
         &AgentId::new(source_agent_id),
         &AgentId::new(as_agent_id),
+        label,
         false,
         owner_team.map(TeamKey::as_str),
     )

package/crates/team-agent/src/mcp_server/tests/scoped.rs

@@ -1,7 +1,20 @@
     #[test]
     fn dispatch_send_message_worker_accepted_returned_verbatim() {
+        // A-7: accepted requires a REAL stored message_id (no fabricated ids), so the
+        // workspace seeds a running worker-1 the delivery layer can actually queue for.
+        let ws = unique_ws("dispatch-accepted");
+        crate::state::persist::save_runtime_state(
+            &ws,
+            &serde_json::json!({
+                "session_name": "team-x",
+                "agents": {
+                    "worker-1": {"status": "running", "agent_id": "worker-1", "window": "worker-1"},
+                },
+            }),
+        )
+        .unwrap();
         let tools = TeamOrchestratorTools::with_identity(
-            &unique_ws("dispatch-accepted"),
+            &ws,
             Some(AgentId::new("leader")), // legacy single-team bypasses cross-team refusal
             None,
         );

package/crates/team-agent/src/mcp_server/tests/send.rs

@@ -96,8 +96,22 @@
         // refusal first (worker-1 not in visible peers) -> PeerNotInScope. owner_team_id=None
         // (legacy single-team) bypasses that, isolating the worker-recipient accepted path.
         // The cross-team refusal has its own tests (refuse_cross_team_peer_* / send_message_cross_team_*).
+        // A-7: the accepted path needs a REAL stored message_id (tools.py:175-181 —
+        // fabricated ids are gone), so the workspace seeds a running worker-1 the
+        // delivery layer can actually queue for.
+        let ws = unique_ws("send-worker");
+        crate::state::persist::save_runtime_state(
+            &ws,
+            &serde_json::json!({
+                "session_name": "team-x",
+                "agents": {
+                    "worker-1": {"status": "running", "agent_id": "worker-1", "window": "worker-1"},
+                },
+            }),
+        )
+        .unwrap();
         let tools = TeamOrchestratorTools::with_identity(
-            &unique_ws("send-worker"),
+            &ws,
             Some(AgentId::new("leader")),
             None,
         );

package/crates/team-agent/src/mcp_server/tools.rs

@@ -189,11 +189,12 @@ impl TeamOrchestratorTools {
         };
         if is_worker_recipient(to) {
             let out = messaging::send_message(&self.workspace, to, content, &opts).map_err(tool_runtime_error)?;
+            // tools.py:175-181 — accepted+poll_via ONLY for a REAL message_id; any other
+            // outcome falls back to the compacted direct result. Never invent an
+            // `mcp_<timestamp>` id: it does not exist in the store and makes the
+            // advertised `team-agent inbox <id>` poll a dead end.
             let message_id = match out.message_id {
                 Some(message_id) if out.ok => message_id,
-                None if self.owner_team_id.is_none() => {
-                    format!("mcp_{}", chrono::Utc::now().timestamp_micros())
-                }
                 _ => {
                     let value = delivery_outcome_value(&out);
                     let ok = compact_tool_result(&value)?;
@@ -229,7 +230,13 @@ impl TeamOrchestratorTools {
         let team_widens = match (owner_team.as_ref(), requested_team.as_deref()) {
             (_, None) => false,
             (Some(owner), Some(requested)) => {
-                let state = load_runtime_state(&self.workspace).unwrap_or(serde_json::json!({}));
+                // swallow batch 4 C6: an unreadable state cannot verify the requested
+                // team — fail closed (structured transient refusal), never compare
+                // against an empty substitute.
+                let state = match load_runtime_state(&self.workspace) {
+                    Ok(state) => state,
+                    Err(error) => return Err(self.scope_unverifiable(&error.to_string())),
+                };
                 let requested_canonical = crate::state::projection::resolve_owner_team_id(&state, requested)
                     .canonical_key()
                     .unwrap_or(requested)
@@ -463,7 +470,18 @@ impl TeamOrchestratorTools {
             "idle_fallback" => Some(messaging::AlertType::IdleFallback),
             "cross_worker_deadlock" => Some(messaging::AlertType::CrossWorkerDeadlock),
             "all" => None,
-            _ => None,
+            // scheduler.py:268-273 — an unknown alert_type refuses with the Python
+            // literal instead of silently widening to suppressing ALL alert families.
+            _ => {
+                return Ok(ToolOk {
+                    fields: object_fields(serde_json::json!({
+                        "ok": false,
+                        "status": "refused",
+                        "reason": "invalid_alert_type",
+                        "alert_type": alert_type,
+                    })),
+                });
+            }
         };
         let suppressed_by = self.agent_id.as_ref().map(AgentId::as_str).unwrap_or("leader");
         messaging::stuck_cancel(&self.workspace, agent_id, alert, suppressed_by)
@@ -571,7 +589,12 @@ impl TeamOrchestratorTools {
         // Unresolved/ambiguous owner scope emits mcp.scope_refused; never fallback
         // to active/top-level/sibling teams in a multi-team state.
         let Some(owner_team_id) = &self.owner_team_id else {
-            let state = load_runtime_state(&self.workspace).unwrap_or(serde_json::json!({}));
+            // swallow batch 4 C5-C8 (MUST-16 fail-closed): the runtime state is the
+            // scope truth source — when it cannot be read, the gate REFUSES with a
+            // structured transient scope_unverifiable instead of silently treating
+            // the workspace as legacy single-team (silent privilege widening).
+            let state = load_runtime_state(&self.workspace)
+                .map_err(|error| self.scope_unverifiable(&error.to_string()))?;
             if state
                 .get("teams")
                 .and_then(Value::as_object)
@@ -582,7 +605,7 @@ impl TeamOrchestratorTools {
             return Ok(None);
         };
         let state = load_runtime_state(&self.workspace)
-            .map_err(|_| self.scope_refused("owner team could not be resolved"))?;
+            .map_err(|error| self.scope_unverifiable(&error.to_string()))?;
         match canonicalize_owner_team_id(&state, owner_team_id.as_str()) {
             Some(team) => Ok(Some(TeamKey::new(team))),
             None => Err(self.scope_refused("owner team could not be resolved")),
@@ -591,7 +614,12 @@ impl TeamOrchestratorTools {
 
     fn canonical_owner_team_key_for_mcp(&self) -> Result<Option<TeamKey>, ToolError> {
         let Some(owner_team_id) = &self.owner_team_id else {
-            let state = load_runtime_state(&self.workspace).unwrap_or(serde_json::json!({}));
+            // swallow batch 4 C5-C8 (MUST-16 fail-closed): the runtime state is the
+            // scope truth source — when it cannot be read, the gate REFUSES with a
+            // structured transient scope_unverifiable instead of silently treating
+            // the workspace as legacy single-team (silent privilege widening).
+            let state = load_runtime_state(&self.workspace)
+                .map_err(|error| self.scope_unverifiable(&error.to_string()))?;
             if state
                 .get("teams")
                 .and_then(Value::as_object)
@@ -602,13 +630,41 @@ impl TeamOrchestratorTools {
             return Ok(None);
         };
         let state = load_runtime_state(&self.workspace)
-            .map_err(|_| self.scope_refused("owner team could not be resolved"))?;
+            .map_err(|error| self.scope_unverifiable(&error.to_string()))?;
         match canonicalize_owner_team_id(&state, owner_team_id.as_str()) {
             Some(team) => Ok(Some(TeamKey::new(team))),
             None => Err(self.scope_refused("owner team could not be resolved")),
         }
     }
 
+    /// swallow batch 4 C5/C6/N38: the structured FAIL-CLOSED refusal for "the scope
+    /// could not be verified" (state read failed). Transient by design — the same call
+    /// passes once the state is readable again; the caller's self-reported scope is
+    /// never trusted as a fallback (MUST-16 ceiling).
+    fn scope_unverifiable(&self, io_error: &str) -> ToolError {
+        let _ = EventLog::new(&self.workspace).write(
+            "mcp.scope_state_read_failed",
+            serde_json::json!({
+                "reason": "scope_unverifiable",
+                "requested_owner_team_id": self.owner_team_id.as_ref().map(TeamKey::as_str),
+                "error": io_error,
+            }),
+        );
+        let mut extra = serde_json::Map::new();
+        extra.insert("status".to_string(), Value::String("refused".to_string()));
+        extra.insert("kind".to_string(), Value::String("scope_unverifiable".to_string()));
+        extra.insert(
+            "next_action".to_string(),
+            Value::String("retry shortly or check the runtime state path".to_string()),
+        );
+        ToolError {
+            reason: ToolErrorReason::McpScopeRefused,
+            exc_type: "McpScopeUnverifiable".to_string(),
+            message: format!("scope_unverifiable: state read failed: {io_error}"),
+            extra,
+        }
+    }
+
     fn scope_refused(&self, message: &str) -> ToolError {
         let canonical_owner_team_id = self.canonical_owner_team_key_for_event();
         let _ = EventLog::new(&self.workspace).write(

package/crates/team-agent/src/mcp_server/wire.rs

@@ -444,7 +444,8 @@ pub(crate) fn dispatch_tool(tools: &TeamOrchestratorTools, tool: McpTool, args:
         McpTool::StuckList => tools.stuck_list(),
         McpTool::StuckCancel => tools.stuck_cancel(
             args.get("agent_id").and_then(Value::as_str).unwrap_or(""),
-            args.get("alert_type").and_then(Value::as_str).unwrap_or("all"),
+            // tools.py:351 — the MCP default alert_type is "stuck", not "all".
+            args.get("alert_type").and_then(Value::as_str).unwrap_or("stuck"),
         ),
     }
 }

package/crates/team-agent/src/message_store.rs

@@ -320,6 +320,54 @@ impl MessageStore {
         Ok(rows.into_iter().rev().collect())
     }
 
+    /// `latest_results` (`core.py:458-471`): newest non-invalid result rows, oldest
+    /// first (Python fetches `created_at desc limit ?` then reverses).
+    pub fn latest_results(
+        &self,
+        limit: usize,
+        owner_team_id: Option<&str>,
+    ) -> Result<Vec<serde_json::Value>, MessageStoreError> {
+        let conn = crate::db::schema::open_db(&self.path)?;
+        let limit = i64::try_from(limit).unwrap_or(i64::MAX);
+        let sql = match owner_team_id {
+            Some(_) => {
+                "select owner_team_id, result_id, task_id, agent_id, envelope, status, created_at
+                 from results
+                 where status != 'invalid' and owner_team_id = ?2
+                 order by created_at desc
+                 limit ?1"
+            }
+            None => {
+                "select owner_team_id, result_id, task_id, agent_id, envelope, status, created_at
+                 from results
+                 where status != 'invalid'
+                 order by created_at desc
+                 limit ?1"
+            }
+        };
+        let mut stmt = conn.prepare(sql)?;
+        let map_row = |row: &rusqlite::Row<'_>| {
+            Ok(serde_json::json!({
+                "owner_team_id": row.get::<_, Option<String>>(0)?,
+                "result_id": row.get::<_, String>(1)?,
+                "task_id": row.get::<_, Option<String>>(2)?,
+                "agent_id": row.get::<_, Option<String>>(3)?,
+                "envelope": row.get::<_, Option<String>>(4)?,
+                "status": row.get::<_, Option<String>>(5)?,
+                "created_at": row.get::<_, Option<String>>(6)?,
+            }))
+        };
+        let rows = match owner_team_id {
+            Some(team) => stmt
+                .query_map(params![limit, team], map_row)?
+                .collect::<Result<Vec<_>, _>>()?,
+            None => stmt
+                .query_map(params![limit], map_row)?
+                .collect::<Result<Vec<_>, _>>()?,
+        };
+        Ok(rows.into_iter().rev().collect())
+    }
+
     /// Allow direct peer messages in both directions. Golden stores `(a,b)` and
     /// `(b,a)` so either sender/recipient lookup can use a single ordered key.
     pub fn allow_peer(&self, a: &str, b: &str) -> Result<(), MessageStoreError> {
@@ -410,6 +458,38 @@ fn row_to_message_value(row: &rusqlite::Row<'_>) -> rusqlite::Result<serde_json:
     }))
 }
 
+/// `result_summary_from_row`(`status/queries.py:92-106`):解析 result 行的 envelope,
+/// 产出 status/watch 共用的 result 摘要;envelope 坏/非对象 → `None`。
+pub fn result_summary_from_row(row: &serde_json::Value) -> Option<serde_json::Value> {
+    let envelope = match row.get("envelope") {
+        Some(serde_json::Value::String(text)) => {
+            serde_json::from_str::<serde_json::Value>(text).ok()?
+        }
+        Some(value @ serde_json::Value::Object(_)) => value.clone(),
+        _ => return None,
+    };
+    if !envelope.is_object() {
+        return None;
+    }
+    // Python `envelope.get(k) or row.get(k)` — falsy (null/empty) falls through to the row.
+    let pick = |key: &str| {
+        envelope
+            .get(key)
+            .filter(|v| !v.is_null() && v.as_str() != Some(""))
+            .or_else(|| row.get(key))
+            .cloned()
+            .unwrap_or(serde_json::Value::Null)
+    };
+    Some(serde_json::json!({
+        "result_id": row.get("result_id").cloned().unwrap_or(serde_json::Value::Null),
+        "task_id": pick("task_id"),
+        "agent_id": pick("agent_id"),
+        "status": pick("status"),
+        "summary": envelope.get("summary").cloned().unwrap_or(serde_json::Value::Null),
+        "created_at": row.get("created_at").cloned().unwrap_or(serde_json::Value::Null),
+    }))
+}
+
 fn now_ts() -> String {
     chrono::Utc::now().to_rfc3339()
 }