@team-agent/installer 0.3.9 → 0.3.10

package/crates/team-agent/src/lifecycle/restart/selection.rs

@@ -4,32 +4,35 @@ use super::common::*;
 /// bug-085 四象限 `start_mode` 决策(`start.py:179-188` + `_resume_rollout_missing` `start.py:66-69`),
 /// **从 start_agent 的整条 lock+spawn 路径里分离出的纯函数**(gate gap:porter 需要单元级 RED
 /// for `FreshAfterMissingRollout`,而 start_agent 全路径不可单测)。语义:
-/// - `_resume_rollout_missing` 仅 codex 且有 session_id 时可能 true:`!rollout_path || !exists`。
+/// - resume backing 缺失时不可 resume:codex/claude 用 transcript/rollout 文件,
+///   copilot 用 session-store 行存在性(由调用方折叠进 `rollout_exists`)。
 /// - 初始 `start_mode = if session_id { Resumed } else { Fresh }`(`start.py:179`)。
-/// - **仅当** `missing && allow_fresh` 才升级为 `FreshAfterMissingRollout` 并清空 session_id
-///   (`start.py:180-190`)。`missing && !allow_fresh` 仍 `Resumed`(随后真实 resume 会 fail)。
-/// - 非 codex:rollout 永不"缺失",直接看 session_id。
+/// - `missing && allow_fresh` 升级为 `FreshAfterMissingRollout` 并清空 session_id。
+/// - `missing && !allow_fresh` 返回 `Noop`,调用方据此诚实拒绝并提示 `--allow-fresh`。
 pub fn decide_start_mode(
     provider: &str,
     session_id: Option<&SessionId>,
-    rollout_path: Option<&RolloutPath>,
+    _rollout_path: Option<&RolloutPath>,
     rollout_exists: bool,
     allow_fresh: bool,
 ) -> StartMode {
     match session_id {
         None => StartMode::Fresh,
         Some(_) => {
-            let missing_codex_rollout =
-                provider == "codex" && (rollout_path.is_none() || !rollout_exists);
-            if missing_codex_rollout && allow_fresh {
-                StartMode::FreshAfterMissingRollout
-            } else {
-                StartMode::Resumed
+            let missing_resume_backing = resumable_provider_requires_backing(provider) && !rollout_exists;
+            match (missing_resume_backing, allow_fresh) {
+                (true, true) => StartMode::FreshAfterMissingRollout,
+                (true, false) => StartMode::Noop,
+                (false, _) => StartMode::Resumed,
             }
         }
     }
 }
 
+pub(crate) fn resumable_provider_requires_backing(provider: &str) -> bool {
+    matches!(provider, "codex" | "claude" | "claude_code" | "copilot")
+}
+
 /// `first_send_at` 严格分类(`_classify_first_send_at`,`orchestration.py:399`)。
 /// **绝不靠 truthiness**:`""`/`0`/`False`/`"null"`/非 ISO → `Corrupt`。
 pub fn classify_first_send_at(raw: &serde_json::Value) -> FirstSendAtState {
@@ -129,6 +132,14 @@ pub fn python_type_name(value: &serde_json::Value) -> &'static str {
 pub fn classify_restart_plan(
     state: &serde_json::Value,
     allow_fresh: bool,
+) -> Result<RestartPlan, LifecycleError> {
+    classify_restart_plan_with_resume_validation(None, state, allow_fresh)
+}
+
+pub(crate) fn classify_restart_plan_with_resume_validation(
+    workspace: Option<&Path>,
+    state: &serde_json::Value,
+    allow_fresh: bool,
 ) -> Result<RestartPlan, LifecycleError> {
     let mut decisions = Vec::new();
     let mut corrupt_entries = Vec::new();
@@ -171,21 +182,47 @@ pub fn classify_restart_plan(
             .and_then(|v| v.as_str())
             .filter(|s| !s.is_empty())
             .map(SessionId::new);
+        let agent_id = AgentId::new(worker_id.clone());
         // E6 层2 (C2, 用户裁定"绝不静默 fresh"): null session 只有显式 --allow-fresh 才 fresh,
         // 否则 Refuse(→ resume_not_ready + 指引)。删 `!interacted` 短路 —— 自启动 worker
         // (leader 从未发消息 → first_send_at=null → interacted=false)会被它静默 fresh 丢上下文。
-        let decision = if session_id.is_some() {
+        let provider = agent_provider(agent);
+        let provider_wire = provider_wire(provider);
+        let resume_backing_exists = match (workspace, session_id.as_ref()) {
+            (Some(workspace), Some(session)) => resume_backing_exists_for_agent(
+                workspace,
+                &agent_id,
+                agent,
+                provider,
+                session,
+                agent_rollout_path(agent).as_ref(),
+            ),
+            (None, Some(_)) if resumable_provider_requires_backing(provider_wire) => {
+                agent_rollout_path(agent)
+                    .as_ref()
+                    .is_some_and(|path| path.as_path().exists())
+            }
+            _ => true,
+        };
+        let decision = if session_id.is_some() && resume_backing_exists {
             ResumeDecision::Resume
+        } else if session_id.is_some() && allow_fresh {
+            ResumeDecision::FreshStart
+        } else if session_id.is_some() {
+            ResumeDecision::Refuse
         } else if allow_fresh {
             ResumeDecision::FreshStart
         } else {
             ResumeDecision::Refuse
         };
-        let agent_id = AgentId::new(worker_id.clone());
         if matches!(decision, ResumeDecision::Refuse) {
             unresumable.push(UnresumableWorker {
                 agent_id: agent_id.clone(),
-                reason: "no_persisted_session_id".to_string(),
+                reason: if session_id.is_some() {
+                    "session_unresumable".to_string()
+                } else {
+                    "no_persisted_session_id".to_string()
+                },
                 session_id: session_id.clone(),
                 first_send_at: first_send_at_raw.as_str().map(|s| s.to_string()),
             });

package/crates/team-agent/src/lifecycle/restart.rs

@@ -37,7 +37,7 @@ pub(crate) use common::refresh_missing_provider_sessions;
 pub use orchestrator::{halt_plan, plan_status};
 pub use rebuild::{
     restart, restart_candidates, restart_with_session_convergence_deadline, restart_with_transport,
-    select_restart_state,
+    restart_with_transport_with_readiness_deadline, select_restart_state,
 };
 pub use remove::{remove_agent, remove_agent_with_transport};
 pub use selection::{classify_first_send_at, classify_restart_plan, decide_start_mode, python_type_name};

package/crates/team-agent/src/lifecycle/tests/core.rs

@@ -342,13 +342,12 @@ fn start_mode_serde_names_match_python_start_mode_strings() {
 }
 
 // ───────────────────────────────────────────────────────────────────────
-// decide_start_mode — bug-085 四象限 (start.py:66-69 + 179-190)
-// golden 实跑(PYTHONPATH=… python3 /tmp/x.py,_resume_rollout_missing + start_mode 逻辑):
+// decide_start_mode — bug-085 四象限 + E20 #264 gap closure.
 //   codex sess  rollout-present any-fresh   -> resumed
-//   codex sess  rollout-MISSING !allow_fresh -> resumed  (随后真实 resume 失败)
-//   codex sess  rollout-MISSING  allow_fresh -> fresh_after_missing_rollout   ← bug-085 唯一臂
+//   codex sess  backing-MISSING !allow_fresh -> noop/refuse (绝不静默 resume 死 session)
+//   codex sess  backing-MISSING  allow_fresh -> fresh_after_missing_rollout
 //   codex no-sess any                        -> fresh
-//   claude(非codex) sess rollout-missing fresh -> resumed (非 codex 永不"缺 rollout")
+//   claude/copilot sess backing-missing       -> fresh_after_missing_rollout 或 noop/refuse
 //   claude no-sess                            -> fresh
 // 这是 bug-085 把 start_mode 分类从 start_agent 的 lock+spawn 全路径剥离出来的命门。
 // ───────────────────────────────────────────────────────────────────────
@@ -375,11 +374,11 @@ fn decide_start_mode_codex_missing_rollout_with_allow_fresh_is_fresh_after_missi
 }
 
 #[test]
-fn decide_start_mode_codex_missing_rollout_without_allow_fresh_stays_resumed() {
-    // 关键陷阱:rollout 缺但 !allow_fresh → 仍 Resumed(start.py 不擅自丢 context)。
+fn decide_start_mode_codex_missing_rollout_without_allow_fresh_refuses() {
+    // E20 C①:backing 缺且 !allow_fresh → 诚实拒绝,绝不 resume 进死 session。
     assert_eq!(
         decide_start_mode("codex", Some(&sid("s1")), None, false, false),
-        StartMode::Resumed
+        StartMode::Noop
     );
 }
 
@@ -408,12 +407,24 @@ fn decide_start_mode_no_session_is_fresh() {
 }
 
 #[test]
-fn decide_start_mode_non_codex_never_fresh_after_missing_rollout() {
-    // 非 codex provider:rollout 概念不适用,_resume_rollout_missing 恒 false。
-    assert_eq!(
-        decide_start_mode("claude", Some(&sid("s1")), None, false, true),
-        StartMode::Resumed
-    );
+fn decide_start_mode_checks_backing_for_all_resumable_providers() {
+    for provider in ["claude", "claude_code", "copilot"] {
+        assert_eq!(
+            decide_start_mode(provider, Some(&sid("s1")), None, false, true),
+            StartMode::FreshAfterMissingRollout,
+            "{provider} missing backing + allow_fresh must not resume"
+        );
+        assert_eq!(
+            decide_start_mode(provider, Some(&sid("s1")), None, false, false),
+            StartMode::Noop,
+            "{provider} missing backing + !allow_fresh must refuse"
+        );
+        assert_eq!(
+            decide_start_mode(provider, Some(&sid("s1")), Some(&rp("/r")), true, false),
+            StartMode::Resumed,
+            "{provider} existing backing remains resumable"
+        );
+    }
     assert_eq!(
         decide_start_mode("claude", None, None, false, true),
         StartMode::Fresh
@@ -533,8 +544,11 @@ fn classify_restart_plan_never_interacted_null_session_with_allow_fresh_marks_fo
 fn classify_restart_plan_codex_with_session_still_resumes() {
     // E6 层2 回归锁(不误伤): codex worker first_send_at=null 但 session_id 已捕 →
     // 仍走 Resume(分流轴是 session_id 有无,不是 interacted)。防层2 修法把 has_session 也误判。
+    let ws = temp_ws();
+    let rollout = ws.join("codex-rollout.jsonl");
+    std::fs::write(&rollout, "{}\n").unwrap();
     let state = json!({
-        "agents": { "w1": { "provider": "codex", "session_id": "sess-codex-abc" } }
+        "agents": { "w1": { "provider": "codex", "session_id": "sess-codex-abc", "rollout_path": rollout.to_string_lossy() } }
     });
     let plan = classify_restart_plan(&state, false).expect("纯验证不应 Err");
     assert_eq!(plan.decisions.len(), 1);
@@ -978,6 +992,66 @@ fn leader_pane_env_cross_socket_all_probe_errors_stays_unknown() {
     assert_eq!(state, LeaderPaneEnvState::Unknown);
 }
 
+#[test]
+fn mcp_auto_approval_env_marks_leader_bypass_namespace_only() {
+    let mut env = std::collections::BTreeMap::new();
+    let safety = DangerousApproval {
+        enabled: true,
+        source: DangerousApprovalSource::LeaderProcess,
+        inherited: true,
+        provider: Some("codex".to_string()),
+        flag: Some("--dangerously-bypass-approvals-and-sandbox".to_string()),
+        worker_capability_above_leader: false,
+        ancestry_binary_name: Some("codex".to_string()),
+        unexpected_binary: false,
+    };
+
+    apply_mcp_auto_approval_env(&mut env, &safety);
+
+    assert_eq!(env.get("TEAM_AGENT_LEADER_BYPASS").map(String::as_str), Some("1"));
+    assert_eq!(
+        env.get("TEAM_AGENT_MCP_AUTO_APPROVE").map(String::as_str),
+        Some("team_orchestrator")
+    );
+    assert_eq!(
+        env.get("TEAM_AGENT_MCP_AUTO_APPROVE_SOURCE").map(String::as_str),
+        Some("leader_bypass")
+    );
+    assert_eq!(
+        env.get("TEAM_AGENT_LEADER_BYPASS_FLAG").map(String::as_str),
+        Some("--dangerously-bypass-approvals-and-sandbox")
+    );
+}
+
+#[test]
+fn mcp_auto_approval_env_clears_when_leader_is_restricted() {
+    let mut env = std::collections::BTreeMap::from([
+        (
+            "TEAM_AGENT_MCP_AUTO_APPROVE".to_string(),
+            "team_orchestrator".to_string(),
+        ),
+        ("TEAM_AGENT_MCP_AUTO_APPROVE_SOURCE".to_string(), "leader_bypass".to_string()),
+    ]);
+    let safety = DangerousApproval {
+        enabled: false,
+        source: DangerousApprovalSource::Disabled,
+        inherited: false,
+        provider: None,
+        flag: None,
+        worker_capability_above_leader: false,
+        ancestry_binary_name: None,
+        unexpected_binary: false,
+    };
+
+    apply_mcp_auto_approval_env(&mut env, &safety);
+
+    assert_eq!(env.get("TEAM_AGENT_LEADER_BYPASS").map(String::as_str), Some("0"));
+    assert!(
+        !env.contains_key("TEAM_AGENT_MCP_AUTO_APPROVE"),
+        "restricted leader must not leave MCP auto-approval env behind: {env:?}"
+    );
+}
+
 struct EnvVarGuard {
     key: &'static str,
     previous: Option<String>,

package/crates/team-agent/src/lifecycle/tests/launch_spawn.rs

@@ -945,6 +945,10 @@ const DELEG_ROLE_WORKER2: &str = "---\nname: worker2\nrole: Second Worker\nprovi
 pub(super) fn restart_ws_two_resumable_workers() -> PathBuf {
     let ws = temp_ws().join("restartteam");
     std::fs::create_dir_all(ws.join("agents")).unwrap();
+    let alpha_rollout = ws.join("alpha-rollout.jsonl");
+    let bravo_rollout = ws.join("bravo-rollout.jsonl");
+    std::fs::write(&alpha_rollout, "{}\n").unwrap();
+    std::fs::write(&bravo_rollout, "{}\n").unwrap();
     std::fs::write(ws.join("TEAM.md"), "---\nname: restartteam\nobjective: Restart probe.\nprovider: codex\n---\n\nteam.\n").unwrap();
     std::fs::write(ws.join("agents").join("alpha.md"), DELEG_ROLE_ALPHA).unwrap();
     std::fs::write(ws.join("agents").join("bravo.md"), DELEG_ROLE_BRAVO).unwrap();
@@ -955,8 +959,8 @@ pub(super) fn restart_ws_two_resumable_workers() -> PathBuf {
         &json!({
             "session_name": "team-restartteam",
             "agents": {
-                "alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "first_send_at": "2026-05-27T10:00:00+00:00"},
-                "bravo": {"status": "running", "provider": "codex", "session_id": "sess-b", "first_send_at": "2026-05-27T10:00:00+00:00"}
+                "alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "rollout_path": alpha_rollout.to_string_lossy(), "first_send_at": "2026-05-27T10:00:00+00:00"},
+                "bravo": {"status": "running", "provider": "codex", "session_id": "sess-b", "rollout_path": bravo_rollout.to_string_lossy(), "first_send_at": "2026-05-27T10:00:00+00:00"}
             }
         }),
     )
@@ -965,6 +969,33 @@ pub(super) fn restart_ws_two_resumable_workers() -> PathBuf {
     ws
 }
 
+fn restart_ws_one_resumable_worker() -> PathBuf {
+    let ws = temp_ws().join("restartone");
+    std::fs::create_dir_all(ws.join("agents")).unwrap();
+    let rollout = ws.join("alpha-rollout.jsonl");
+    std::fs::write(&rollout, "{}\n").unwrap();
+    std::fs::write(
+        ws.join("TEAM.md"),
+        "---\nname: restartone\nobjective: Restart readiness probe.\nprovider: codex\n---\n\nteam.\n",
+    )
+    .unwrap();
+    std::fs::write(ws.join("agents").join("alpha.md"), DELEG_ROLE_ALPHA).unwrap();
+    let spec = crate::compiler::compile_team(&ws).expect("compile 1-agent team");
+    std::fs::write(ws.join("team.spec.yaml"), crate::model::yaml::dumps(&spec)).unwrap();
+    crate::state::persist::save_runtime_state(
+        &ws,
+        &json!({
+            "session_name": "team-restartone",
+            "agents": {
+                "alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "rollout_path": rollout.to_string_lossy(), "first_send_at": "2026-05-27T10:00:00+00:00"}
+            }
+        }),
+    )
+    .unwrap();
+    seed_healthy_coordinator(&ws);
+    ws
+}
+
 // 2 [P0] — restart_with_transport must drive the REAL Route-B resume spawn: one spawn per resumable
 // worker. The first resumed worker recreates the session with spawn_first; later workers may use
 // spawn_into only after a live-session check proves that recreated session still exists. Each spawn
@@ -1020,6 +1051,38 @@ fn restart_with_transport_spawns_resumable_workers_not_stub() {
     );
 }
 
+#[test]
+fn restart_times_out_when_spawned_worker_pane_is_not_addressable() {
+    let ws = restart_ws_one_resumable_worker();
+    let transport = OfflineTransport::new().with_spawned_panes_addressable(false);
+
+    let result =
+        restart_with_transport_with_readiness_deadline(&ws, false, None, &transport, Some(0));
+
+    let text = format!("{result:?}");
+    assert!(
+        text.contains("restart not ready")
+            && text.contains("worker pane addressable: no")
+            && text.contains("Action:")
+            && text.contains("Log:"),
+        "restart must refuse with N38 readiness timeout details, not return ok; got {text}"
+    );
+    assert!(
+        !matches!(result, Ok(RestartReport::Restarted { .. })),
+        "restart readiness timeout must not return Restarted ok"
+    );
+    let events = crate::event_log::EventLog::new(&ws).tail(20).unwrap();
+    let timeout = events
+        .iter()
+        .find(|event| event.get("event").and_then(|v| v.as_str()) == Some("restart.readiness_timeout"))
+        .expect("restart.readiness_timeout event");
+    assert_eq!(
+        timeout.get("worker_pane_addressable").and_then(|v| v.as_bool()),
+        Some(false),
+        "timeout event must carry the failed readiness condition: {timeout}"
+    );
+}
+
 // 3 [P0] — start_agent_with_transport on a non-paused agent with a session_id must spawn EXACTLY ONE
 // worker (resume) carrying the provider build_command. Today the stub returns RequirementUnmet with
 // ZERO spawns -> RED at recorded.len().
@@ -1027,11 +1090,13 @@ fn restart_with_transport_spawns_resumable_workers_not_stub() {
 fn start_agent_with_transport_spawns_resume_not_stub() {
     let ws = temp_ws().join("startagentws");
     std::fs::create_dir_all(&ws).unwrap();
+    let rollout = ws.join("alpha-rollout.jsonl");
+    std::fs::write(&rollout, "{}\n").unwrap();
     crate::state::persist::save_runtime_state(
         &ws,
         &json!({
             "session_name": "team-sa",
-            "agents": {"alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "first_send_at": "2026-05-27T10:00:00+00:00"}}
+            "agents": {"alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "rollout_path": rollout.to_string_lossy(), "first_send_at": "2026-05-27T10:00:00+00:00"}}
         }),
     )
     .unwrap();

package/crates/team-agent/src/lifecycle/tests/main_preserved.rs

@@ -88,11 +88,13 @@ impl crate::transport::Transport for SessionProbeRecordingTransport {
 fn respawn_ws_one_resumable_worker() -> PathBuf {
     let ws = temp_ws().join("respawn_dead_session");
     std::fs::create_dir_all(&ws).unwrap();
+    let rollout = ws.join("alpha-rollout.jsonl");
+    std::fs::write(&rollout, "{}\n").unwrap();
     crate::state::persist::save_runtime_state(
         &ws,
         &json!({
             "session_name": "team-sa",
-            "agents": {"alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "first_send_at": "2026-05-27T10:00:00+00:00"}}
+            "agents": {"alpha": {"status": "running", "provider": "codex", "session_id": "sess-a", "rollout_path": rollout.to_string_lossy(), "first_send_at": "2026-05-27T10:00:00+00:00"}}
         }),
     )
     .unwrap();

package/crates/team-agent/src/messaging/delivery.rs

@@ -17,7 +17,7 @@ use crate::transport::{
 use super::helpers::{message_exists, MessageStatusShadow};
 use super::{
     DeliveryOutcome, DeliveryRefusal, DeliveryStage, DeliveryStatus, MessagingError,
-    PaneWidthQuery, TrustRetryPayload,
+    PaneWidthQuery, TrustRetryPayload, SEND_RETRY_MAX_ATTEMPTS,
 };
 use crate::state::projection::OwnerTeamResolution;
 
@@ -286,7 +286,6 @@ pub fn deliver_pending_message(
             "submit_unverified:{}",
             submit_verification_wire(inject_report.submit_verification)
         );
-        store.mark(message_id, "submitted_unverified", Some(&reason))?;
         event_log.write(
             "send.unverified",
             serde_json::json!({
@@ -296,6 +295,29 @@ pub fn deliver_pending_message(
                 "attempts": inject_report.attempts,
             }),
         )?;
+        if inject_report.attempts >= u32::from(SEND_RETRY_MAX_ATTEMPTS) {
+            store.mark(message_id, "failed", Some("send_unverified_exhausted"))?;
+            emit_send_failed_exhausted(
+                workspace,
+                state,
+                event_log,
+                message_id,
+                &message.recipient,
+                inject_report.attempts,
+                &reason,
+            )?;
+            return Ok(DeliveryOutcome {
+                ok: false,
+                status: DeliveryStatus::Failed,
+                message_status: MessageStatusShadow("failed".to_string()),
+                message_id: Some(message_id.to_string()),
+                verification: Some(reason),
+                stage: Some(DeliveryStage::Submit),
+                reason: None,
+                channel: None,
+            });
+        }
+        store.mark(message_id, "submitted_unverified", Some(&reason))?;
         return Ok(DeliveryOutcome {
             ok: false,
             status: DeliveryStatus::Failed,
@@ -538,6 +560,65 @@ fn leader_receiver_field_in_state<'a>(
         .filter(|value| !value.is_empty())
 }
 
+fn emit_send_failed_exhausted(
+    workspace: &Path,
+    state: &serde_json::Value,
+    event_log: &EventLog,
+    message_id: &str,
+    recipient: &str,
+    attempts: u32,
+    verification: &str,
+) -> Result<(), MessagingError> {
+    event_log.write(
+        "send.failed",
+        serde_json::json!({
+            "message_id": message_id,
+            "recipient": recipient,
+            "attempts": attempts,
+            "max_attempts": SEND_RETRY_MAX_ATTEMPTS,
+            "reason": "send_unverified_exhausted",
+            "verification": verification,
+        }),
+    )?;
+    let content = format!(
+        "send.failed\nerror: send to {recipient} remained unverified after {attempts}/{SEND_RETRY_MAX_ATTEMPTS} attempts\naction: inspect the target pane and retry the send\nlog: .team/logs/events.jsonl"
+    );
+    match crate::messaging::send_to_leader_receiver(
+        workspace,
+        state,
+        "leader",
+        &content,
+        None,
+        "coordinator",
+        false,
+        Some(&format!("send.failed:{message_id}")),
+        event_log,
+    ) {
+        Ok(outcome) => {
+            event_log.write(
+                "send.failed_notification",
+                serde_json::json!({
+                    "message_id": message_id,
+                    "recipient": recipient,
+                    "leader_notification_status": super::helpers::status_wire(outcome.status),
+                    "leader_message_id": outcome.message_id,
+                }),
+            )?;
+        }
+        Err(error) => {
+            event_log.write(
+                "send.failed_notification_failed",
+                serde_json::json!({
+                    "message_id": message_id,
+                    "recipient": recipient,
+                    "error": error.to_string(),
+                }),
+            )?;
+        }
+    }
+    Ok(())
+}
+
 fn active_team_entry(state: &serde_json::Value) -> Option<&serde_json::Value> {
     let team = state.get("active_team_key").and_then(serde_json::Value::as_str)?;
     state

package/crates/team-agent/src/messaging/tests/runtime.rs

@@ -1068,6 +1068,96 @@ fn fire_due_scheduled_events_fires_each_scheduled_kind() {
     assert_eq!(fired.len(), 3, "exactly the three seeded due events fire, no extras");
 }
 
+struct UnverifiedInjectTransport;
+impl Transport for UnverifiedInjectTransport {
+    fn kind(&self) -> BackendKind {
+        BackendKind::Tmux
+    }
+    fn spawn_first(&self, _s: &SessionName, _w: &WindowName, _a: &[String], _c: &Path, _e: &BTreeMap<String, String>) -> Result<SpawnResult, TransportError> {
+        unimplemented!("not reached in delivery")
+    }
+    fn spawn_into(&self, _s: &SessionName, _w: &WindowName, _a: &[String], _c: &Path, _e: &BTreeMap<String, String>) -> Result<SpawnResult, TransportError> {
+        unimplemented!("not reached in delivery")
+    }
+    fn inject(&self, _t: &Target, _p: &InjectPayload, _s: Key, _b: bool) -> Result<InjectReport, TransportError> {
+        Ok(InjectReport {
+            stage_reached: crate::transport::InjectStage::Submit,
+            inject_verification: crate::transport::InjectVerification::CaptureContainsToken,
+            submit_verification: crate::transport::SubmitVerification::PastedContentPromptStillPresentAfterSubmit,
+            turn_verification: crate::transport::TurnVerification::NotYetObserved,
+            attempts: u32::from(SEND_RETRY_MAX_ATTEMPTS),
+        })
+    }
+    fn send_keys(&self, _t: &Target, _k: &[Key]) -> Result<(), TransportError> {
+        Ok(())
+    }
+    fn capture(&self, _t: &Target, range: CaptureRange) -> Result<CapturedText, TransportError> {
+        Ok(CapturedText { text: String::new(), range })
+    }
+    fn query(&self, _t: &Target, _f: PaneField) -> Result<Option<String>, TransportError> {
+        Ok(None)
+    }
+    fn liveness(&self, _p: &PaneId) -> Result<PaneLiveness, TransportError> {
+        Ok(PaneLiveness::Unknown)
+    }
+    fn list_targets(&self) -> Result<Vec<PaneInfo>, TransportError> {
+        Ok(Vec::new())
+    }
+    fn has_session(&self, _s: &SessionName) -> Result<bool, TransportError> {
+        Ok(true)
+    }
+    fn list_windows(&self, _s: &SessionName) -> Result<Vec<WindowName>, TransportError> {
+        Ok(Vec::new())
+    }
+    fn set_session_env(&self, _s: &SessionName, _k: &str, _v: &str) -> Result<SetEnvOutcome, TransportError> {
+        Ok(SetEnvOutcome::Applied)
+    }
+    fn kill_session(&self, _s: &SessionName) -> Result<(), TransportError> {
+        Ok(())
+    }
+    fn kill_window(&self, _t: &Target) -> Result<(), TransportError> {
+        Ok(())
+    }
+    fn attach_session(&self, _s: &SessionName) -> Result<AttachOutcome, TransportError> {
+        Ok(AttachOutcome::Attached)
+    }
+}
+
+#[test]
+fn deliver_pending_exhausted_unverified_send_emits_failed_event() {
+    let ws = tmp_ws("sendfailed");
+    let store = store_for(&ws);
+    let log = EventLog::new(&ws);
+    let state = serde_json::json!({
+        "session_name": "team-sendfailed",
+        "leader_receiver": {"pane_id": "%leader"},
+        "agents": {"w1": {"provider": "fake", "pane_id": "%1"}}
+    });
+    crate::state::persist::save_runtime_state(&ws, &state).unwrap();
+    let message_id = store
+        .create_message(None, "leader", "w1", "ping", None, false, None)
+        .unwrap();
+
+    let out = deliver_pending_message(&ws, &store, &UnverifiedInjectTransport, &message_id, &log, &state)
+        .unwrap();
+
+    assert!(!out.ok);
+    assert_eq!(out.message_status.0, "failed");
+    let events = log.tail(0).unwrap();
+    assert!(
+        events
+            .iter()
+            .any(|event| event.get("event").and_then(serde_json::Value::as_str) == Some("send.failed")),
+        "exhausted unverified send must emit send.failed; got {events:?}"
+    );
+    assert!(
+        events
+            .iter()
+            .any(|event| event.get("event").and_then(serde_json::Value::as_str) == Some("send.failed_notification")),
+        "exhausted unverified send must queue a leader-visible notification; got {events:?}"
+    );
+}
+
 // ════════════════════════════════════════════════════════════════════════
 // GROUP V — retry_result_deliveries: re-route notify_failed watchers with
 // dedupe_reason rebind_retry. result_delivery.py:19-35.