@team-agent/installer 0.3.6 → 0.3.7

package/crates/team-agent/src/lifecycle/launch.rs

@@ -139,7 +139,20 @@ fn spawn_agents(
     safety: &DangerousApproval,
     transport: &dyn Transport,
 ) -> Result<Vec<StartedAgent>, LifecycleError> {
-    let team_dir = spec_path.parent().unwrap_or_else(|| Path::new("."));
+    // E5 解耦:team_dir(角色定义 + profiles 所在)≠ spec_path.parent()(spec 已迁出到 .team/runtime)。
+    // 优先取 state.team_dir(角色目录),回落 spec_path.parent()(legacy 同目录布局)。
+    let team_dir_buf = crate::state::persist::load_runtime_state(workspace)
+        .ok()
+        .and_then(|state| {
+            state
+                .get("team_dir")
+                .and_then(serde_json::Value::as_str)
+                .filter(|s| !s.is_empty())
+                .map(PathBuf::from)
+        });
+    let team_dir = team_dir_buf
+        .as_deref()
+        .unwrap_or_else(|| spec_path.parent().unwrap_or_else(|| Path::new(".")));
     let runtime_fast = matches!(
         spec.get("runtime").and_then(|v| v.get("fast")),
         Some(Value::Bool(true))
@@ -313,6 +326,28 @@ fn spawn_agents(
                 );
             }
         }
+        // E6 层1 实证3 + 诊断留痕:落最终 worker argv(spawn 前的真实形态)。
+        // 任何"--session-id 预定 UUID 没生效"必须能从 events.jsonl 回答:argv 里到底有没有它。
+        // 抽出 --session-id 值单列,方便和盘上 ~/.claude/projects/<cwd> 实际落的 UUID 对账。
+        {
+            let session_id_in_argv = plan
+                .argv
+                .iter()
+                .position(|a| a == "--session-id")
+                .and_then(|i| plan.argv.get(i + 1))
+                .cloned();
+            let event_log = crate::event_log::EventLog::new(workspace);
+            let _ = event_log.write(
+                "provider.worker.spawn_argv",
+                serde_json::json!({
+                    "agent_id": agent_id_raw,
+                    "provider": provider,
+                    "argv": plan.argv,
+                    "session_id_in_argv": session_id_in_argv,
+                    "expected_session_id": plan.expected_session_id.as_ref().map(|s| s.as_str()),
+                }),
+            );
+        }
         let spawn = if started.is_empty() {
             transport.spawn_first_with_env_unset(
                 session_name,
@@ -402,7 +437,14 @@ fn persist_spawn_agent_state(
         .map(|agent| agent.agent_id.as_str().to_string())
         .collect();
     let pane_pids_by_agent = pane_pids_by_started_agent(transport, started);
-    let profile_dir = spec_path.parent().unwrap_or(workspace).join("profiles");
+    // E5 解耦:profiles 随**角色定义**(team_dir),不随 spec(已迁出到 .team/runtime)。
+    // 优先 state.team_dir(角色目录),回落 spec_path.parent()(legacy 同目录布局)。
+    let profile_dir = state
+        .get("team_dir")
+        .and_then(serde_json::Value::as_str)
+        .filter(|s| !s.is_empty())
+        .map(|dir| Path::new(dir).join("profiles"))
+        .unwrap_or_else(|| spec_path.parent().unwrap_or(workspace).join("profiles"));
     let mut agents = serde_json::Map::new();
     let mut spawn_index = 0_u32;
     for agent in spec_agent_values(spec) {
@@ -720,6 +762,34 @@ fn env_nonempty(key: &str) -> bool {
         .is_some_and(|value| !value.is_empty())
 }
 
+/// B-7 / 036b — TEAM_AGENT_LEADER_PANE_ID 主动路径 fail-fast helper。
+/// 入口形态(N38 三行式):
+///   error  : `TEAM_AGENT_LEADER_PANE_ID points at a dead/absent pane: %<id>`
+///   action : `unset TEAM_AGENT_LEADER_PANE_ID, or set it to a live tmux pane id`
+///   log    : `TEAM_AGENT_LEADER_PANE_ID=%<id>`
+/// env 未设(或空)→ Ok(())。
+/// env 设了但 transport.liveness(pane) 报 Dead → Err(RequirementUnmet)。
+/// liveness 返 Unknown 不挡(被动路径降级):本主动路径只对【显式 Dead】fail-fast,
+/// MUST-17 不过度设计 / unset 走 pass-through(b7_unset_leader_pane_env_passes_through 守)。
+pub(crate) fn validate_active_leader_pane_env(
+    transport: &dyn Transport,
+) -> Result<(), LifecycleError> {
+    let pane_id_raw = match std::env::var("TEAM_AGENT_LEADER_PANE_ID") {
+        Ok(v) if !v.is_empty() => v,
+        _ => return Ok(()),
+    };
+    let probe = transport.liveness(&crate::transport::PaneId::new(&pane_id_raw));
+    let dead = matches!(probe, Ok(crate::transport::PaneLiveness::Dead));
+    if !dead {
+        return Ok(());
+    }
+    Err(LifecycleError::RequirementUnmet(format!(
+        "TEAM_AGENT_LEADER_PANE_ID points at a dead/absent pane: {pane_id_raw}\n\
+         action: unset TEAM_AGENT_LEADER_PANE_ID, or set it to a live tmux pane id\n\
+         log: TEAM_AGENT_LEADER_PANE_ID={pane_id_raw}"
+    )))
+}
+
 fn seed_unbound_launched_owner(launched: &mut serde_json::Value, launched_key: &str) {
     let Some(owner) = unbound_launched_owner(launched, launched_key) else {
         return;
@@ -1809,6 +1879,12 @@ pub fn quick_start_with_transport_in_workspace(
     team_id: Option<&str>,
     transport: &dyn Transport,
 ) -> Result<QuickStartReport, LifecycleError> {
+    // B-7 / 036b N38 三行 fail-fast — TEAM_AGENT_LEADER_PANE_ID 主动路径在 quick-start
+    // 入口验活;死/缺(Dead)的 pane 必须明确报错,不可 silent bind 到 spawner /
+    // owner_bind / lease / display 任一消费点。被动路径(display/seed 等)各自走
+    // 降级+event,不在这里挡。错误三行式:error(含 pane id 字面)/action(unset
+    // 或修 env)/log(env var 名)。
+    validate_active_leader_pane_env(transport)?;
     if !agents_dir.exists() {
         return Err(LifecycleError::Compile(format!(
             "agents dir not found: {}",
@@ -1869,13 +1945,14 @@ pub fn quick_start_with_transport_in_workspace(
         override_spec_session_name(&mut spec, &format!("team-{requested}"));
     }
     let session_name = spec_session_name(&spec);
+    // team_key 身份源 = team_dir(agents_dir).name(角色定义目录),不依赖 spec 落点。
     let state_team_key = explicit_team_key.clone().unwrap_or_else(|| {
-        let spec_path = agents_dir.join("team.spec.yaml");
-        runtime_team_key_for_spec(&spec_path, &spec, &session_name)
+        runtime_team_key_for_spec(&agents_dir.join("team.spec.yaml"), &spec, &session_name)
     });
-    let spec_path = agents_dir.join("team.spec.yaml");
-    std::fs::write(&spec_path, yaml::dumps(&spec))
-        .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", spec_path.display())))?;
+    // E5 spec 迁移:spec 写到 .team/runtime/<team_key>/(中间产物,绝不落用户目录 agents_dir)。
+    // Bug2:原子写(tmp+rename),避免半截 spec。
+    let spec_path = crate::model::paths::runtime_spec_path(&workspace, &state_team_key);
+    write_spec_atomic(&spec_path, &spec)?;
     let _store = crate::message_store::MessageStore::open(&workspace)
         .map_err(|e| LifecycleError::StatePersist(e.to_string()))?;
     let resolved_spec_path =
@@ -2268,9 +2345,8 @@ pub fn add_agent(
         }
         Err(error) => return Err(LifecycleError::TeamSelect(error.to_string())),
     };
-    let team_dir = selected.spec_workspace.ok_or_else(|| {
-        LifecycleError::TeamSelect("active team spec workspace not found".to_string())
-    })?;
+    // E5 §3:compile_team 要角色定义目录(team_dir),不是 spec 落点(spec_workspace=runtime)。
+    let team_dir = selected.team_dir;
     add_agent_with_transport_at_paths(
         &selected.run_workspace,
         &team_dir,
@@ -2336,21 +2412,40 @@ fn add_agent_with_transport_at_paths(
             "agent id already exists: {agent_id}"
         )));
     }
-    let dynamic_role_file = materialize_added_role_file(team_dir, agent_id, role_file_path)?;
-    let spec = crate::compiler::compile_team(team_dir)
+    // E5 Bug1:不再 copy role 文件进 <team_dir>/agents(自拷贝 O_TRUNC 截断反模式)。
+    // 就地读外部 role 文档编译,注入 base team spec 的 agents/routing。role 文件留在原处。
+    let mut spec = crate::compiler::compile_team(team_dir)
+        .map_err(|e| LifecycleError::Compile(e.to_string()))?;
+    let workspace_s = spec
+        .get("team")
+        .and_then(|team| team.get("workspace"))
+        .and_then(Value::as_str)
+        .unwrap_or_else(|| team_dir.to_str().unwrap_or_default())
+        .to_string();
+    let team_meta = crate::compiler::read_front_matter(&team_dir.join("TEAM.md"))
+        .map(|(meta, _)| meta)
+        .unwrap_or(Value::Null);
+    let compiled = crate::compiler::compile_role_agent(role_file_path, &team_meta, &workspace_s)
         .map_err(|e| LifecycleError::Compile(e.to_string()))?;
+    if compiled.id != agent_id.as_str() {
+        return Err(LifecycleError::Compile(format!(
+            "role file declares name '{}' but add-agent id is '{}'",
+            compiled.id, agent_id
+        )));
+    }
+    inject_agent_into_spec(&mut spec, compiled.agent, &compiled.id)?;
     let safety = effective_runtime_config(&spec)?;
-    let spec_path = team_dir.join("team.spec.yaml");
-    std::fs::write(&spec_path, yaml::dumps(&spec))
-        .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", spec_path.display())))?;
-    let (meta, _) = crate::compiler::read_front_matter(&dynamic_role_file)
+    // E5 spec 迁移:重编译的 spec 原子写到 .team/runtime/<team_key>/(不落用户目录 team_dir)。
+    let spec_path = crate::model::paths::runtime_spec_path(run_workspace, &canonical_team_key);
+    write_spec_atomic(&spec_path, &spec)?;
+    let (meta, _) = crate::compiler::read_front_matter(role_file_path)
         .map_err(|e| LifecycleError::Compile(e.to_string()))?;
     upsert_agent_state_from_role(
         run_workspace,
         &canonical_team_key,
         agent_id,
         &meta,
-        &dynamic_role_file,
+        role_file_path,
         &safety,
     )?;
     let started = crate::lifecycle::restart::start_agent_at_paths(
@@ -2457,26 +2552,39 @@ fn upsert_agent_state_from_role(
     save_launched_team_state_for_key(workspace, &state, Some(canonical_team_key))
 }
 
-fn materialize_added_role_file(
-    team_dir: &Path,
-    agent_id: &AgentId,
-    role_file_path: &Path,
-) -> Result<PathBuf, LifecycleError> {
-    let agents_dir = team_dir.join("agents");
-    std::fs::create_dir_all(&agents_dir)
-        .map_err(|e| LifecycleError::StatePersist(format!("create agents dir: {e}")))?;
-    let target = agents_dir.join(format!("{}.md", agent_id.as_str()));
-    if role_file_path == target {
-        return Ok(target);
-    }
-    std::fs::copy(role_file_path, &target).map_err(|e| {
-        LifecycleError::StatePersist(format!(
-            "copy role file {} -> {}: {e}",
-            role_file_path.display(),
-            target.display()
-        ))
-    })?;
-    Ok(target)
+/// E5 Bug1:把 add-agent 就地编译出的 agent 条目注入 base team spec(`agents` 列表 +
+/// `routing.rules` 加 `route-<id>`),复刻 [`compile_team`] 的路由规则形态。不落任何文件。
+fn inject_agent_into_spec(
+    spec: &mut Value,
+    agent: Value,
+    agent_id: &str,
+) -> Result<(), LifecycleError> {
+    let Value::Map(pairs) = spec else {
+        return Err(LifecycleError::Compile("spec is not a map".to_string()));
+    };
+    // agents 列表追加。
+    match pairs.iter_mut().find(|(k, _)| k == "agents") {
+        Some((_, Value::List(agents))) => agents.push(agent),
+        _ => return Err(LifecycleError::Compile("spec.agents missing or not a list".to_string())),
+    }
+    // routing.rules 追加 route-<id>(与 compile_team 同形)。
+    if let Some((_, Value::Map(routing))) = pairs.iter_mut().find(|(k, _)| k == "routing") {
+        if let Some((_, Value::List(rules))) = routing.iter_mut().find(|(k, _)| k == "rules") {
+            rules.push(Value::Map(vec![
+                ("id".to_string(), Value::Str(format!("route-{agent_id}"))),
+                (
+                    "match".to_string(),
+                    Value::Map(vec![(
+                        "assignee".to_string(),
+                        Value::List(vec![Value::Str(agent_id.to_string())]),
+                    )]),
+                ),
+                ("assign_to".to_string(), Value::Str(agent_id.to_string())),
+                ("priority".to_string(), Value::Int(10)),
+            ]));
+        }
+    }
+    Ok(())
 }
 
 /// `fork_agent(workspace, source_agent_id, as_agent_id, ...)`(`lifecycle/operations.py:284`)。
@@ -2523,15 +2631,18 @@ pub fn fork_agent_with_transport(
         crate::state::selector::SelectorMode::RequireSpec,
     )
     .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?;
-    let spec_workspace = selected.spec_workspace.ok_or_else(|| {
-        LifecycleError::TeamSelect("active team spec workspace not found".to_string())
+    // E5 §3:team_dir(角色定义+profiles)恒用户目录。spec 读用 selector 解析的 spec_path
+    // (读序 B:runtime 优先、legacy 回落),写恒走 runtime_spec_path(canonical 落点)。
+    let fork_team_dir = selected.team_dir.clone();
+    let read_spec_path = selected.spec_path.clone().ok_or_else(|| {
+        LifecycleError::TeamSelect("active team spec not found".to_string())
     })?;
     let workspace = selected.run_workspace;
     let state = selected.state;
     ensure_owner_allowed_for_state(&state, Some(source_agent_id))?;
-    let spec_path = spec_workspace.join("team.spec.yaml");
-    let text = std::fs::read_to_string(&spec_path)
-        .map_err(|e| LifecycleError::Compile(format!("{}: {e}", spec_path.display())))?;
+    let spec_path = crate::model::paths::runtime_spec_path(&workspace, &selected.team_key);
+    let text = std::fs::read_to_string(&read_spec_path)
+        .map_err(|e| LifecycleError::Compile(format!("{}: {e}", read_spec_path.display())))?;
     let spec = yaml::loads(&text).map_err(|e| LifecycleError::Compile(e.to_string()))?;
     if find_spec_agent(&spec, as_agent_id).is_some() || leader_id_matches(&spec, as_agent_id) {
         return Err(LifecycleError::RequirementUnmet(format!(
@@ -2571,10 +2682,12 @@ pub fn fork_agent_with_transport(
         )));
     }
     let new_spec = append_forked_agent(&spec, source_agent, source_agent_id, as_agent_id, label)?;
-    crate::model::spec::validate_spec(&new_spec, &spec_workspace)
+    // validate 用角色定义目录的 team_workspace(校验 working_directory),非 spec 落点。
+    let validate_ws = crate::model::paths::team_workspace(&fork_team_dir)
+        .unwrap_or_else(|_| workspace.clone());
+    crate::model::spec::validate_spec(&new_spec, &validate_ws)
         .map_err(|e| LifecycleError::Compile(e.to_string()))?;
-    std::fs::write(&spec_path, yaml::dumps(&new_spec))
-        .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", spec_path.display())))?;
+    write_spec_atomic(&spec_path, &new_spec)?;
     let new_agent = find_spec_agent(&new_spec, as_agent_id).ok_or_else(|| {
         LifecycleError::RequirementUnmet(format!("unknown worker agent id: {as_agent_id}"))
     })?;
@@ -2630,7 +2743,8 @@ pub fn fork_agent_with_transport(
         let _ = std::fs::write(&spec_path, text.as_bytes());
         e
     })?;
-    let profile_dir = spec_workspace.join("profiles");
+    // E5 §3:profiles 随角色定义目录(team_dir),不随已迁出的 spec。
+    let profile_dir = fork_team_dir.join("profiles");
     let profile_launch =
         crate::lifecycle::profile_launch::prepare_provider_profile_launch_with_profile_dir(
             &workspace,
@@ -3314,7 +3428,28 @@ fn yaml_value_to_json(value: &Value) -> serde_json::Value {
 /// `runtime` map and/or the `session_name` entry if absent. Used by quick-start to
 /// derive the tmux session from the REQUESTED team identity (CR-040/042) rather
 /// than the template's compiled-in name.
-fn override_spec_session_name(spec: &mut Value, session_name: &str) {
+/// E5 Bug2(atomic 真修):原子写 runtime spec —— 写 `<spec>.tmp-<pid>` 再 rename 覆盖,
+/// 避免崩溃/并发留下半截 spec(plain fs::write 会 in-place truncate 后逐字节写)。
+/// rename 失败时清理 tmp,原 spec(若有)不动。
+pub(crate) fn write_spec_atomic(spec_path: &Path, spec: &Value) -> Result<(), LifecycleError> {
+    if let Some(parent) = spec_path.parent() {
+        std::fs::create_dir_all(parent)
+            .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", parent.display())))?;
+    }
+    let tmp = spec_path.with_extension(format!("tmp-{}", std::process::id()));
+    std::fs::write(&tmp, yaml::dumps(spec))
+        .map_err(|e| LifecycleError::StatePersist(format!("{}: {e}", tmp.display())))?;
+    if let Err(e) = std::fs::rename(&tmp, spec_path) {
+        let _ = std::fs::remove_file(&tmp);
+        return Err(LifecycleError::StatePersist(format!(
+            "{}: {e}",
+            spec_path.display()
+        )));
+    }
+    Ok(())
+}
+
+pub(crate) fn override_spec_session_name(spec: &mut Value, session_name: &str) {
     let Value::Map(root) = spec else { return };
     let runtime_slot = root
         .iter_mut()

package/crates/team-agent/src/lifecycle/restart/common.rs

@@ -331,15 +331,10 @@ pub(crate) fn restart_required_missing_session_agent_ids(state: &serde_json::Val
                 .get("status")
                 .and_then(|value| value.as_str())
                 .is_some_and(|status| status == "running");
-            let has_live_pane_binding = agent
-                .get("pane_id")
-                .and_then(|value| value.as_str())
-                .is_some_and(|pane| !pane.is_empty());
-            let has_interaction_marker = agent
-                .get("first_send_at")
-                .and_then(|value| value.as_str())
-                .is_some_and(|value| !value.is_empty());
-            missing_session_id && is_running && (has_live_pane_binding || has_interaction_marker)
+            // E6 层2 (C2): required-missing 谓词只看 session_id 有无 + 是否在跑。
+            // pane 绑定 / first_send_at 在 gate 时刻天然可空(自启动 worker leader 从未发消息),
+            // 不能作判据 —— 否则真丢上下文的 null-session worker 被漏判,走静默 fresh。
+            missing_session_id && is_running
         })
         .collect::<Vec<_>>();
     missing.sort();

package/crates/team-agent/src/lifecycle/restart/rebuild.rs

@@ -101,10 +101,15 @@ pub fn restart_with_transport_with_session_convergence_deadline(
     .map_err(|e| LifecycleError::TeamSelect(e.to_string()))?;
     let mut state = selected.state;
     crate::lifecycle::launch::ensure_owner_allowed_for_state(&state, None)?;
-    let spec_workspace = selected.spec_workspace.as_ref().ok_or_else(|| {
+    // E5 task#3 / RC-A6a + E4(leader 裁定:每次 restart 都从角色定义重建 runtime spec,覆盖):
+    // 角色定义=第一真相源。角色齐 → compile_team 重建 + 保留运行期 override(session_name)+
+    // 写 runtime spec。角色缺(TEAM.md/agents 不在)→ 显式拒(列缺哪些),旧 spec 原地保留不删不用。
+    let spec = rebuild_runtime_spec_from_roles(&selected.run_workspace, &selected.team_key, &state)?;
+    // 重建后 spec_workspace 恒为 runtime spec 的父目录(.team/runtime/<team_key>/)。
+    let runtime_spec = crate::model::paths::runtime_spec_path(&selected.run_workspace, &selected.team_key);
+    let spec_workspace = runtime_spec.parent().ok_or_else(|| {
         LifecycleError::TeamSelect("active team spec workspace not found".to_string())
     })?;
-    let spec = load_team_spec(spec_workspace)?;
     let safety = crate::lifecycle::launch::effective_runtime_config(&spec)?;
     let mut convergence = converge_missing_provider_sessions(
         &mut state,
@@ -713,6 +718,74 @@ fn restart_candidate_from_state(
     }
 }
 
+/// E5 task#3 / RC-A6a:每次 restart 都以**角色定义**(team_dir 的 TEAM.md+agents/*.md)
+/// compile_team 重建 runtime spec(覆盖),保留运行期 override(session_name 必须延续,
+/// 否则 tmux session 对不上)。写到 .team/runtime/<team_key>/team.spec.yaml。
+///
+/// 角色定义缺(team_dir 未记 / TEAM.md 不在 / agents 不在)→ **显式拒**(LifecycleError,
+/// CLI N38 三行式),列出缺哪些;**旧 spec 原地保留不删不用**(T2 防数据销毁,无静默路径)。
+fn rebuild_runtime_spec_from_roles(
+    run_workspace: &Path,
+    team_key: &str,
+    state: &serde_json::Value,
+) -> Result<YamlValue, LifecycleError> {
+    // team_dir(角色定义源)优先取 state.team_dir;缺则回落 run_workspace(自含 team-dir 布局,
+    // run_workspace 本身即角色目录)。两者都无角色定义则下面的齐全性检查会显式拒。
+    let team_dir = state
+        .get("team_dir")
+        .and_then(serde_json::Value::as_str)
+        .filter(|s| !s.is_empty())
+        .map(std::path::PathBuf::from)
+        .unwrap_or_else(|| run_workspace.to_path_buf());
+    // 角色定义齐全性检查(显式拒,列缺哪些;旧 spec 不动)。
+    let mut missing: Vec<String> = Vec::new();
+    if !team_dir.join("TEAM.md").exists() {
+        missing.push(format!("{}/TEAM.md", team_dir.display()));
+    }
+    let agents_dir = team_dir.join("agents");
+    let has_role_doc = std::fs::read_dir(&agents_dir)
+        .map(|entries| {
+            entries.flatten().any(|e| {
+                e.path().extension().and_then(|x| x.to_str()) == Some("md")
+            })
+        })
+        .unwrap_or(false);
+    if !has_role_doc {
+        missing.push(format!("{}/*.md (at least one role doc)", agents_dir.display()));
+    }
+    if !missing.is_empty() {
+        // N38 三行式:error / action / log。旧 runtime spec 原地保留(不删不用)。
+        return Err(LifecycleError::TeamSelect(format!(
+            "cannot restart: role definitions missing for team '{team_key}': {}. \
+             action: restore the listed role docs (TEAM.md + agents/*.md are the source of truth), \
+             then re-run restart; the previous runtime spec is left in place (not used). \
+             log: team_dir={}",
+            missing.join(", "),
+            team_dir.display(),
+        )));
+    }
+    // 重建:compile_team(角色定义) + 保留运行期 session_name override。
+    let mut spec = crate::compiler::compile_team(&team_dir)
+        .map_err(|e| LifecycleError::Compile(e.to_string()))?;
+    if let Some(session_name) = state
+        .get("session_name")
+        .and_then(serde_json::Value::as_str)
+        .filter(|s| !s.is_empty())
+    {
+        crate::lifecycle::launch::override_spec_session_name(&mut spec, session_name);
+    }
+    // 写 runtime spec(覆盖,原子 tmp+rename;Bug2)。
+    let spec_path = crate::model::paths::runtime_spec_path(run_workspace, team_key);
+    crate::lifecycle::launch::write_spec_atomic(&spec_path, &spec)?;
+    // RC-A6a:重建成功后清理用户目录的 legacy spec(中间产物不该留在角色目录)。
+    // 仅删 team_dir 下的 team.spec.yaml(角色定义 TEAM.md/agents 不动);失败不致命(best-effort)。
+    let legacy_spec = team_dir.join("team.spec.yaml");
+    if legacy_spec.exists() && legacy_spec != spec_path {
+        let _ = std::fs::remove_file(&legacy_spec);
+    }
+    Ok(spec)
+}
+
 fn restart_candidate_spec_path(workspace: &Path, state: &serde_json::Value) -> std::path::PathBuf {
     if let Some(path) = state
         .get("spec_path")

package/crates/team-agent/src/lifecycle/restart/selection.rs

@@ -120,8 +120,8 @@ pub fn python_type_name(value: &serde_json::Value) -> &'static str {
 /// `_collect_corrupt_first_send_at`,`orchestration.py:430/467`)。读 fixture state 的
 /// `agents.<id>`,对每非 paused worker:
 /// (1) corrupt first_send_at → 收进 `corrupt_entries`(carry python type-name);
-/// (2) 算 resume 决策(`resumable→Resume` / `!resumable&&!interacted→FreshStart` /
-///     `!resumable&&interacted&&allow_fresh→FreshStart` / 否则 `Refuse`);
+/// (2) 算 resume 决策(`session_id→Resume` / `null session && allow_fresh→FreshStart` /
+///     否则 `Refuse`;E6 层2:null session 不再因 first_send_at=null 静默 fresh);
 /// (3) `Refuse` 的 worker(reason=`no_persisted_session_id`(无 session)|`session_unresumable`)
 ///     进 `unresumable`。
 /// restart() **先**调它再 teardown;corrupt 非空 → `RefusedInvalidFirstSendAt`,unresumable
@@ -171,10 +171,12 @@ pub fn classify_restart_plan(
             .and_then(|v| v.as_str())
             .filter(|s| !s.is_empty())
             .map(SessionId::new);
-        let interacted = matches!(first_send_at_state, FirstSendAtState::Valid);
+        // E6 层2 (C2, 用户裁定"绝不静默 fresh"): null session 只有显式 --allow-fresh 才 fresh,
+        // 否则 Refuse(→ resume_not_ready + 指引)。删 `!interacted` 短路 —— 自启动 worker
+        // (leader 从未发消息 → first_send_at=null → interacted=false)会被它静默 fresh 丢上下文。
         let decision = if session_id.is_some() {
             ResumeDecision::Resume
-        } else if !interacted || allow_fresh {
+        } else if allow_fresh {
             ResumeDecision::FreshStart
         } else {
             ResumeDecision::Refuse

package/crates/team-agent/src/lifecycle/tests/core.rs

@@ -491,14 +491,57 @@ fn classify_restart_plan_interacted_unresumable_with_allow_fresh_yields_fresh_st
 }
 
 #[test]
-fn classify_restart_plan_never_interacted_yields_fresh_start() {
-    // first_send_at absent(从未交互)→ FreshStart,即使 !allow_fresh(无 context 可丢)。
+fn classify_restart_plan_never_interacted_null_session_refuses_not_fresh() {
+    // E6 层2 (C2, 用户裁定"绝不静默 fresh"): first_send_at absent(自启动 worker,leader 从未发消息)
+    // + session_id null → 不能再静默 FreshStart(那会丢真实 provider 会话上下文)。
+    // 默认 !allow_fresh → Refuse + unresumable(诚实出口 resume_not_ready)。
     let state = json!({
         "agents": { "w1": { "provider": "claude", "session_id": null } }
     });
     let plan = classify_restart_plan(&state, false).expect("纯验证不应 Err");
     assert_eq!(plan.decisions.len(), 1);
-    assert_eq!(plan.decisions[0].decision, ResumeDecision::FreshStart);
+    assert_eq!(
+        plan.decisions[0].decision,
+        ResumeDecision::Refuse,
+        "null-session 自启动 worker 默认必须 Refuse,不许静默 fresh"
+    );
+    assert_eq!(plan.unresumable.len(), 1, "Refuse 必入 unresumable(诚实出口)");
+    assert_eq!(plan.unresumable[0].reason, "no_persisted_session_id");
+}
+
+#[test]
+fn classify_restart_plan_never_interacted_null_session_with_allow_fresh_marks_forced_fresh() {
+    // E6 层2: 同上自启动 null-session worker,但显式 --allow-fresh → 用户主动认账丢上下文 → FreshStart。
+    let state = json!({
+        "agents": { "w1": { "provider": "claude", "session_id": null } }
+    });
+    let plan = classify_restart_plan(&state, true).expect("纯验证不应 Err");
+    assert_eq!(plan.decisions.len(), 1);
+    assert_eq!(
+        plan.decisions[0].decision,
+        ResumeDecision::FreshStart,
+        "显式 --allow-fresh 才允许 null-session worker fresh"
+    );
+    assert!(
+        plan.unresumable.is_empty(),
+        "allow_fresh 下不触发 unresumable refusal"
+    );
+}
+
+#[test]
+fn classify_restart_plan_codex_with_session_still_resumes() {
+    // E6 层2 回归锁(不误伤): codex worker first_send_at=null 但 session_id 已捕 →
+    // 仍走 Resume(分流轴是 session_id 有无,不是 interacted)。防层2 修法把 has_session 也误判。
+    let state = json!({
+        "agents": { "w1": { "provider": "codex", "session_id": "sess-codex-abc" } }
+    });
+    let plan = classify_restart_plan(&state, false).expect("纯验证不应 Err");
+    assert_eq!(plan.decisions.len(), 1);
+    assert_eq!(
+        plan.decisions[0].decision,
+        ResumeDecision::Resume,
+        "有 session_id 必 Resume,与 first_send_at/interacted 无关"
+    );
     assert!(plan.unresumable.is_empty());
 }