@triflux/remote 10.34.0 → 10.35.0

package/cto/status.mjs

@@ -29,7 +29,61 @@ function toIsoTime(value) {
   return null;
 }
 
+function shortHash(value) {
+  const str = String(value ?? "");
+  let h = 5381;
+  for (let i = 0; i < str.length; i++) {
+    h = (h * 33) ^ str.charCodeAt(i);
+  }
+  return (h >>> 0).toString(36);
+}
+
+function pathLabel(value) {
+  const str = String(value ?? "").replace(/[/\\]+$/u, "");
+  if (!str) return "";
+  const segments = str.split(/[/\\]+/u);
+  return segments[segments.length - 1] || "";
+}
+
+export function deriveRepoRootFromCwd(cwd) {
+  if (typeof cwd !== "string" || !cwd) return "";
+  if (cwd.includes("\\") || /^[A-Za-z]:/u.test(cwd)) return cwd;
+
+  const normalized = cwd.replace(/\/+$/u, "");
+  const claudeMarker = "/.claude/worktrees/";
+  const claudeIndex = normalized.indexOf(claudeMarker);
+  if (claudeIndex > 0) {
+    const suffix = normalized.slice(claudeIndex + claudeMarker.length);
+    if (/^[^/]+(?:\/|$)/u.test(suffix)) {
+      return normalized.slice(0, claudeIndex);
+    }
+  }
+
+  const codexMarker = "/.codex-swarm/";
+  const codexIndex = normalized.indexOf(codexMarker);
+  if (codexIndex > 0) {
+    const suffix = normalized.slice(codexIndex + codexMarker.length);
+    if (/^wt-[^/]+(?:\/|$)/u.test(suffix)) {
+      return normalized.slice(0, codexIndex);
+    }
+  }
+
+  return cwd;
+}
+
+function redactedCwdFields(cwd) {
+  if (typeof cwd !== "string" || !cwd) return {};
+  const repoRoot = deriveRepoRootFromCwd(cwd);
+  return {
+    cwdLabel: pathLabel(cwd),
+    cwdHash: shortHash(cwd),
+    repoRootLabel: pathLabel(repoRoot),
+    repoRootHash: shortHash(repoRoot),
+  };
+}
+
 function normalizeLiveSession(session) {
+  const cwd = typeof session?.cwd === "string" ? session.cwd : "";
   return {
     sessionId: String(session?.sessionId || ""),
     host: typeof session?.host === "string" ? session.host : "local",
@@ -48,6 +102,7 @@ function normalizeLiveSession(session) {
     started_at: toIsoTime(
       session?.started_at ?? session?.startedAt ?? session?.lastHeartbeat,
     ),
+    ...redactedCwdFields(cwd),
   };
 }
 
@@ -164,7 +219,27 @@ function deriveActiveShards(current, overlay) {
   return shards.map(normalizeActiveShard).filter((shard) => shard.shard_name);
 }
 
+function deriveLiveSessionGroups(liveSessions) {
+  const groups = new Map();
+  for (const session of liveSessions || []) {
+    if (!session?.repoRootHash) continue;
+    if (!groups.has(session.repoRootHash)) {
+      groups.set(session.repoRootHash, {
+        repoRootLabel: session.repoRootLabel || "",
+        repoRootHash: session.repoRootHash,
+        session_count: 0,
+        sessions: [],
+      });
+    }
+    const group = groups.get(session.repoRootHash);
+    group.session_count += 1;
+    group.sessions.push(session.sessionId);
+  }
+  return [...groups.values()];
+}
+
 function projectStatus(current, overlay) {
+  const liveSessions = overlay.live_sessions;
   return {
     schema_version: current?.schema_version || SCHEMA_VERSION,
     generated_at: current?.generated_at || null,
@@ -172,7 +247,8 @@ function projectStatus(current, overlay) {
     sources: current?.sources || {},
     summary: current?.summary || {},
     ledger_tail: Array.isArray(current?.ledger_tail) ? current.ledger_tail : [],
-    live_sessions: overlay.live_sessions,
+    live_sessions: liveSessions,
+    live_session_groups: deriveLiveSessionGroups(liveSessions),
     active_shards: deriveActiveShards(current, overlay),
   };
 }

package/hub/server.mjs

@@ -246,7 +246,9 @@ async function parseBody(req) {
   return JSON.parse(Buffer.concat(chunks).toString());
 }
 
-const PID_DIR = join(homedir(), ".claude", "cache", "tfx-hub");
+const PID_DIR =
+  process.env.TFX_HUB_PID_DIR?.trim() ||
+  join(homedir(), ".claude", "cache", "tfx-hub");
 const PID_FILE = join(PID_DIR, "hub.pid");
 const TOKEN_FILE = join(homedir(), ".claude", ".tfx-hub-token");
 
@@ -1004,7 +1006,7 @@ export async function startHub({
     // DB를 npm 패키지 밖에 저장하여 npm update 시 EBUSY 방지
     // 기존: PROJECT_ROOT/.tfx/state/state.db (패키지 내부 → 락 충돌)
     // 변경: ~/.claude/cache/tfx-hub/state.db (패키지 외부 → 안전)
-    const hubCacheDir = join(homedir(), ".claude", "cache", "tfx-hub");
+    const hubCacheDir = PID_DIR;
     mkdirSync(hubCacheDir, { recursive: true });
     dbPath = join(hubCacheDir, "state.db");
   }

package/hub/team/build-worker-prompt.mjs

@@ -22,10 +22,23 @@ function formatLeaseFiles(leaseFiles) {
   return normalized.map((file) => `- ${file}`).join("\n");
 }
 
-export function buildLeaseScopedAcceptanceAppendix({ leaseFiles = [] } = {}) {
+function normalizeWorktreePath(worktreePath) {
+  return typeof worktreePath === "string" ? worktreePath.trim() : "";
+}
+
+export function buildLeaseScopedAcceptanceAppendix({
+  leaseFiles = [],
+  worktreePath,
+} = {}) {
+  const normalizedWorktreePath = normalizeWorktreePath(worktreePath);
+  const rootLine = normalizedWorktreePath
+    ? `작업 루트(절대경로): ${normalizedWorktreePath} — 아래 lease 경로와 모든 상대경로는 이 루트 기준으로만 해석한다.\n`
+    : "";
+
   return `
 
 ## Lease-scoped Acceptance / Lint Guard (자동 삽입됨)
+${rootLine}- 위 PRD 본문의 모든 제약과 acceptance 기준은 이 appendix 이후에도 그대로 유효하다.
 - 이 shard 의 파일 lease:
 ${formatLeaseFiles(leaseFiles)}
 - Acceptance, lint, and format checks are scoped to files changed by this shard; if that set is unclear, use only the lease list above.
@@ -51,7 +64,10 @@ ${SENTINEL_END}
 규약:
 - 두 sentinel 마커는 각자 자기 줄에 단독으로 출력 (앞뒤 newline)
 - 마커 사이 본문은 단일 JSON object (배열/primitive 금지)
-- commits_made 가 비어 있어도 됨 (no-op shard)
+- status 값은 ok | failed | blocked 중 하나
+- payload 출력 직전 \`git log -1 --format=%H\` 로 보고할 sha 가 실재하는지 검증하라
+- 코드 변경이 기대되는 shard 에서 변경/커밋을 못 했으면 status:failed 와 함께 reason 필드로 사유를 보고하라 — 그 경우 빈 commits_made 에 status:ok 는 금지
+- no-op shard 는 status:ok + 빈 commits_made 배열 허용
 - 마커 쌍은 stdout 에 정확히 한 번만 출력해야 함. 재emit 시 conductor 는 첫 BEGIN..END 한 쌍만 채택하며, 이후 stdout 은 무시한다.
 - ${SENTINEL_BEGIN} 만 출력하고 ${SENTINEL_END} 누락 시 conductor 가 truncation 으로 명확히 reject
 `;
@@ -60,14 +76,17 @@ ${SENTINEL_END}
  * Append the Completion Protocol section to a PRD prompt.
  *
  * @param {string|null|undefined} prdPrompt — original PRD body
- * @param {{ leaseFiles?: string[] }} [opts] — shard file lease for scoped acceptance
+ * @param {{ leaseFiles?: string[], worktreePath?: string }} [opts] — shard file lease and absolute worktree root for scoped acceptance
  * @returns {string} prompt with appendix
  */
 export function buildWorkerPrompt(prdPrompt, opts = {}) {
   const body = typeof prdPrompt === "string" ? prdPrompt : "";
   return (
     body +
-    buildLeaseScopedAcceptanceAppendix({ leaseFiles: opts.leaseFiles }) +
+    buildLeaseScopedAcceptanceAppendix({
+      leaseFiles: opts.leaseFiles,
+      worktreePath: opts.worktreePath,
+    }) +
     COMPLETION_PROTOCOL_APPENDIX
   );
 }

package/hub/team/claude-daemon-control.mjs

@@ -16,7 +16,24 @@ import {
 
 export function resolveClaudeConfigDir(env = process.env) {
   if (env.CLAUDE_CONFIG_DIR) return path.resolve(env.CLAUDE_CONFIG_DIR);
-  return path.join(os.homedir(), ".claude");
+  return path.join(resolveClaudeHomeDir(env), ".claude");
+}
+
+export function resolveClaudeHomeDir(
+  env = process.env,
+  platform = process.platform,
+) {
+  // win32: claude daemon launcher 의 os.homedir() 는 USERPROFILE 기반이고
+  // HOME 을 보지 않는다. git-bash 가 HOME 을 따로 잡아도 launcher 폴백을
+  // 그대로 미러해야 socket hash 가 daemon 과 일치한다 (HOME 수용 금지).
+  if (platform === "win32") {
+    const userProfile = nullableEnv(env.USERPROFILE);
+    return userProfile ? path.resolve(userProfile) : os.homedir();
+  }
+  // POSIX 는 HOME 우선 — sandbox HOME 오버라이드를 추적하는 provenance
+  // 해석(#382)과 일치 (os.homedir() 도 POSIX 에서는 HOME 을 우선한다).
+  const home = nullableEnv(env.HOME);
+  return home ? path.resolve(home) : os.homedir();
 }
 
 export function deriveClaudeDaemonPaths({
@@ -44,6 +61,316 @@ export function deriveClaudeDaemonPaths({
   };
 }
 
+function nullableEnv(value) {
+  const text = typeof value === "string" ? value.trim() : "";
+  return text.length > 0 ? text : null;
+}
+
+function defaultClaudeConfigDir(env = process.env) {
+  return path.join(resolveClaudeHomeDir(env), ".claude");
+}
+
+export function detectCallerProvenance(env = process.env) {
+  const claudeConfigDir = nullableEnv(env.CLAUDE_CONFIG_DIR);
+  const omxSessionId = nullableEnv(env.OMX_SESSION_ID);
+  const omxEntryPath = nullableEnv(env.OMX_ENTRY_PATH);
+  const codexThreadId = nullableEnv(env.CODEX_THREAD_ID);
+  const codexLauncher =
+    omxSessionId || omxEntryPath ? "omx" : codexThreadId ? "codex" : "unknown";
+  return {
+    claudeLauncher: "unknown",
+    codexLauncher,
+    signals: {
+      claudeConfigDir,
+      omxSessionId,
+      omxEntryPath,
+      codexThreadId,
+    },
+  };
+}
+
+export async function readOmcLaunchProfile(configDir) {
+  if (!configDir) return null;
+  try {
+    // Provenance hint only: OMC writes this profile in its runtime config dir.
+    // It is not an auth/security boundary and must not override explicit/env
+    // config-dir authority.
+    const parsed = JSON.parse(
+      await fs.readFile(
+        path.join(path.resolve(configDir), ".omc-launch-profile.json"),
+        "utf8",
+      ),
+    );
+    const sourceConfigDir = nullableEnv(parsed?.sourceConfigDir);
+    if (!sourceConfigDir) return null;
+    const sourceClaudeMd = nullableEnv(parsed?.sourceClaudeMd);
+    return {
+      sourceConfigDir: path.resolve(sourceConfigDir),
+      sourceClaudeMd: sourceClaudeMd ? path.resolve(sourceClaudeMd) : null,
+    };
+  } catch (error) {
+    if (error?.code === "ENOENT" || error instanceof SyntaxError) return null;
+    return null;
+  }
+}
+
+async function buildClaudeDaemonCandidate({
+  configDir,
+  configDirSource,
+  selectionMode,
+  env,
+  uid,
+  tmpRoot,
+}) {
+  const paths = deriveClaudeDaemonPaths({ configDir, uid, tmpRoot });
+  const defaultConfig = path.resolve(defaultClaudeConfigDir(env));
+  const omcProfile = await readOmcLaunchProfile(paths.configDir);
+  const claudeLauncher = omcProfile
+    ? "omc"
+    : paths.configDir === defaultConfig
+      ? "claude"
+      : "unknown";
+  return {
+    ...paths,
+    configDirSource,
+    selectionMode,
+    claudeLauncher,
+    sourceConfigDir: omcProfile?.sourceConfigDir,
+    sourceClaudeMd: omcProfile?.sourceClaudeMd ?? null,
+    callerProvenance: detectCallerProvenance(env),
+  };
+}
+
+export async function buildClaudeDaemonDiscoveryCandidates({
+  configDir,
+  env = process.env,
+  uid = typeof process.getuid === "function" ? process.getuid() : 0,
+  tmpRoot = "/tmp",
+} = {}) {
+  const explicitConfigDir = nullableEnv(configDir);
+  if (explicitConfigDir) {
+    return [
+      await buildClaudeDaemonCandidate({
+        configDir: explicitConfigDir,
+        configDirSource: "explicit",
+        selectionMode: "exact",
+        env,
+        uid,
+        tmpRoot,
+      }),
+    ];
+  }
+
+  const envConfigDir = nullableEnv(env.CLAUDE_CONFIG_DIR);
+  if (envConfigDir) {
+    return [
+      await buildClaudeDaemonCandidate({
+        configDir: envConfigDir,
+        configDirSource: "env",
+        selectionMode: "env-strict",
+        env,
+        uid,
+        tmpRoot,
+      }),
+    ];
+  }
+
+  const candidates = [];
+  const defaultConfig = defaultClaudeConfigDir(env);
+  const omcRuntime = path.join(defaultConfig, ".omc-launch");
+  if (await readOmcLaunchProfile(omcRuntime)) {
+    candidates.push(
+      await buildClaudeDaemonCandidate({
+        configDir: omcRuntime,
+        configDirSource: "omc-runtime",
+        selectionMode: "ambient",
+        env,
+        uid,
+        tmpRoot,
+      }),
+    );
+  }
+  candidates.push(
+    await buildClaudeDaemonCandidate({
+      configDir: defaultConfig,
+      configDirSource: "default",
+      selectionMode: "ambient",
+      env,
+      uid,
+      tmpRoot,
+    }),
+  );
+  return candidates;
+}
+
+export function publicClaudeDaemonCandidate(candidate) {
+  if (!candidate) return null;
+  return {
+    configDirSource: candidate.configDirSource,
+    selectionMode: candidate.selectionMode,
+    claudeLauncher: candidate.claudeLauncher,
+    configDir: candidate.configDir,
+    sourceConfigDir: candidate.sourceConfigDir ?? null,
+    sourceClaudeMd: candidate.sourceClaudeMd ?? null,
+    hash: candidate.hash,
+    controlSock: candidate.controlSock,
+  };
+}
+
+function sessionsFromDaemonList(listResponse) {
+  // probe 경로도 list/find 경로와 같은 정규화 row 를 내보내야 한다
+  // (jobs/sessions, snake_case, dispatch 중첩 변형 흡수 — 8016b724).
+  return extractClaudeAgentSessions(listResponse);
+}
+
+function errorMessage(error) {
+  return error?.message || String(error);
+}
+
+function findDaemonTargetInSessions(sessions, { short, sessionId } = {}) {
+  if (sessionId) {
+    return findDaemonJobBySessionId({ jobs: sessions }, sessionId);
+  }
+  if (short) {
+    return findDaemonJobByShort({ jobs: sessions }, short);
+  }
+  return null;
+}
+
+function candidateResultSummary(result) {
+  const summary = publicClaudeDaemonCandidate(result.candidate);
+  return {
+    ...summary,
+    ok: result.ok === true,
+    error: result.error ?? null,
+    sessionCount: Array.isArray(result.sessions) ? result.sessions.length : 0,
+  };
+}
+
+function buildProbeResponse({
+  candidates,
+  results,
+  selected,
+  matches,
+  targetRequested,
+  callerProvenance,
+}) {
+  const reachable = results.filter((result) => result.ok === true);
+  let ok = false;
+  let reason = "daemon-unavailable";
+  let error = null;
+
+  if (targetRequested && matches.length > 1) {
+    reason = "ambiguous-target";
+    error = `Claude daemon target ambiguous across ${matches.length} candidates`;
+  } else if (selected) {
+    ok = true;
+    reason = selected.target ? "target-found" : "daemon-available";
+  } else if (targetRequested && reachable.length > 0) {
+    reason = "target-not-found";
+    error = "Claude daemon target not found in reachable candidates";
+  } else if (results.length > 0) {
+    error =
+      results
+        .map((result) => result.error)
+        .filter(Boolean)
+        .join("; ") || "Claude daemon unavailable";
+  }
+
+  const selectedSessions = selected
+    ? selected.sessions
+    : targetRequested
+      ? []
+      : reachable.flatMap((result) => result.sessions);
+  const selectedDaemon = publicClaudeDaemonCandidate(selected?.candidate);
+  const reachableDaemons = reachable.map((result) =>
+    publicClaudeDaemonCandidate(result.candidate),
+  );
+
+  return {
+    ok,
+    reason,
+    controlSock: selected?.candidate?.controlSock,
+    daemon: selectedDaemon,
+    daemons: reachableDaemons,
+    sessions: selectedSessions,
+    target: selected?.target || undefined,
+    matches: matches.map((match) => ({
+      daemon: publicClaudeDaemonCandidate(match.candidate),
+      target: match.target,
+    })),
+    candidateResults: results.map(candidateResultSummary),
+    callerProvenance,
+    candidates: candidates.map(publicClaudeDaemonCandidate),
+    error: ok ? undefined : error,
+  };
+}
+
+export async function probeClaudeDaemonCandidates({
+  configDir,
+  env = process.env,
+  short,
+  sessionId,
+  timeoutMs = 6000,
+} = {}) {
+  const candidates = await buildClaudeDaemonDiscoveryCandidates({
+    configDir,
+    env,
+  });
+  const callerProvenance = detectCallerProvenance(env);
+  const targetRequested = Boolean(short || sessionId);
+  const results = [];
+
+  for (const candidate of candidates) {
+    try {
+      const list = await sendClaudeControlRequest(
+        candidate.controlSock,
+        { proto: 1, op: "list" },
+        { timeoutMs },
+      );
+      const sessions = sessionsFromDaemonList(list);
+      const ok = list?.ok !== false;
+      results.push({
+        ok,
+        candidate,
+        list,
+        sessions: ok ? sessions : [],
+        target: ok
+          ? findDaemonTargetInSessions(sessions, { short, sessionId })
+          : null,
+        error: ok ? null : list?.error || "Claude daemon list failed",
+      });
+    } catch (error) {
+      results.push({
+        ok: false,
+        candidate,
+        list: null,
+        sessions: [],
+        target: null,
+        error: errorMessage(error),
+      });
+    }
+  }
+
+  const matches = targetRequested
+    ? results.filter((result) => result.ok === true && result.target)
+    : [];
+  const selected = targetRequested
+    ? matches.length === 1
+      ? matches[0]
+      : null
+    : results.find((result) => result.ok === true) || null;
+
+  return buildProbeResponse({
+    candidates,
+    results,
+    selected,
+    matches,
+    targetRequested,
+    callerProvenance,
+  });
+}
+
 export function getProcStart(pid = process.pid) {
   if (!Number.isInteger(pid) || pid <= 0)
     throw new Error(`invalid pid: ${pid}`);
@@ -141,6 +468,7 @@ export function buildDaemonAttachRequest({
   cols = DEFAULT_DAEMON_ATTACH_COLS,
   rows = 40,
   caps = { terminal: null, mux: null, ssh: false },
+  auth,
 } = {}) {
   if (!short) throw new Error("short is required");
   return {
@@ -150,6 +478,7 @@ export function buildDaemonAttachRequest({
     cols,
     rows,
     caps,
+    ...(auth ? { auth } : {}),
   };
 }
 
@@ -683,6 +1012,7 @@ export function attachClaudeDaemonSession({
   controlSock,
   short,
   input,
+  auth,
   cols = DEFAULT_DAEMON_ATTACH_COLS,
   rows = 40,
   caps,
@@ -790,7 +1120,9 @@ export function attachClaudeDaemonSession({
     });
     socket.on("connect", () => {
       socket.write(
-        `${JSON.stringify(buildDaemonAttachRequest({ short, cols, rows, caps }))}\n`,
+        `${JSON.stringify(
+          buildDaemonAttachRequest({ short, cols, rows, caps, auth }),
+        )}\n`,
       );
     });
     socket.on("data", (chunk) => {
@@ -906,6 +1238,7 @@ export function attachClaudeDaemonSession({
 export function interruptClaudeDaemonSession({
   controlSock,
   short,
+  auth,
   cols = DEFAULT_DAEMON_ATTACH_COLS,
   rows = 40,
   caps,
@@ -956,7 +1289,9 @@ export function interruptClaudeDaemonSession({
     socket.on("error", fail);
     socket.on("connect", () => {
       socket.write(
-        `${JSON.stringify(buildDaemonAttachRequest({ short, cols, rows, caps }))}\n`,
+        `${JSON.stringify(
+          buildDaemonAttachRequest({ short, cols, rows, caps, auth }),
+        )}\n`,
       );
     });
     socket.on("data", (chunk) => {
@@ -1182,6 +1517,7 @@ export async function sendKillBySessionId({
   daemonPaths,
   sessionId,
   timeoutMs = 6000,
+  auth,
 } = {}) {
   const controlSock = daemonPaths?.controlSock;
   if (!controlSock || !sessionId) {
@@ -1201,12 +1537,16 @@ export async function sendKillBySessionId({
     if (!job?.short) {
       return { ok: true, killed: false, reason: "not_found" };
     }
+    const controlAuth = auth
+      ? { auth }
+      : await buildDaemonControlAuth(daemonPaths?.configDir);
     return await sendClaudeControlRequest(
       controlSock,
       {
         proto: 1,
         op: "kill",
         short: job.short,
+        ...controlAuth,
       },
       { timeoutMs },
     );
@@ -1356,6 +1696,7 @@ export async function teardownClaudeDaemonJob({
     _deps.removeClaudeSessionProjection || removeClaudeSessionProjection;
   const killJob = _deps.killDaemonJob || killDaemonJob;
   const removeJobStateImpl = _deps.removeClaudeJobState;
+  const buildAuth = _deps.buildDaemonControlAuth || buildDaemonControlAuth;
   const resolvedControlSock = controlSock || paths?.controlSock;
   const resolvedJobsDir =
     jobsDir ||
@@ -1371,7 +1712,10 @@ export async function teardownClaudeDaemonJob({
     steps.push(sendKillBySessionId({ daemonPaths, sessionId }).catch(() => {}));
   }
   if (resolvedControlSock && short) {
-    steps.push(killJob(resolvedControlSock, short).catch(() => {}));
+    const controlAuth = await buildAuth(paths?.configDir);
+    steps.push(
+      killJob(resolvedControlSock, short, controlAuth).catch(() => {}),
+    );
   }
   if (removeJobState && removeJobStateImpl && resolvedJobsDir && short) {
     steps.push(removeJobStateImpl(resolvedJobsDir, short).catch(() => {}));

package/hub/team/claude-native-bridge.mjs

@@ -10,6 +10,7 @@ import {
   dispatchClaudeDaemonJob,
   getProcStart,
   killDaemonJob,
+  resolveClaudeConfigDir,
   resolveDaemonBridgeSessionId,
   sendClaudeControlRequest,
   teardownClaudeDaemonJob,
@@ -22,9 +23,11 @@ import {
 } from "./claude-session-projection.mjs";
 import { createInteractiveTuiTransport } from "./interactive-tui-transport.mjs";
 
-// daemon-control 이 deriveClaudeDaemonPaths / getProcStart 의 단일 owner 다.
-// 기존 native-bridge import 경로 (headless 포함) 호환을 위해 re-export 한다.
-export { deriveClaudeDaemonPaths, getProcStart };
+// daemon-control 이 deriveClaudeDaemonPaths / getProcStart /
+// resolveClaudeConfigDir 의 단일 owner 다. configDir 해석이 갈리면 양쪽이
+// 서로 다른 control.sock hash 를 보게 되므로 (HOME 오버라이드 split-brain)
+// 로컬 복제본을 두지 않는다. 기존 import 경로 호환을 위해 re-export 한다.
+export { deriveClaudeDaemonPaths, getProcStart, resolveClaudeConfigDir };
 
 const DEFAULT_ROWS = 40;
 const DEFAULT_COLS = 120;
@@ -33,11 +36,6 @@ const ROSTER_LOCK_STALE_MS = 30_000;
 const ROSTER_LOCK_TIMEOUT_MS = 5_000;
 const ROSTER_LOCK_RETRY_MS = 10;
 
-export function resolveClaudeConfigDir(env = process.env) {
-  if (env.CLAUDE_CONFIG_DIR) return path.resolve(env.CLAUDE_CONFIG_DIR);
-  return path.join(os.homedir(), ".claude");
-}
-
 export function buildPtyDataFrame(value) {
   const payload = Buffer.isBuffer(value) ? value : Buffer.from(value, "utf8");
   const frame = Buffer.allocUnsafe(5 + payload.length);

package/hub/team/conductor.mjs

@@ -1140,6 +1140,7 @@ export function createConductor(opts = {}) {
       const sandbox = buildWorkerSandboxEnv({
         cwd: resolvedConfig.workdir || process.cwd(),
         sessionId: resolvedConfig.id,
+        agent: resolvedConfig.agent,
         env: { ...process.env, ...(resolvedConfig.env || {}) },
       });
       resolvedConfig = {

package/hub/team/handoff.mjs

@@ -23,7 +23,7 @@ After completing the task, you MUST output a HANDOFF block in exactly this forma
 status: ok | partial | failed
 lead_action: accept | needs_read | retry | reassign
 task: <1-3 word task type>
-files_changed: <comma-separated file paths, or "none">
+files_changed: <comma-separated repo-root relative file paths, or "none">
 verdict: <one sentence conclusion>
 confidence: high | medium | low
 risk: low | med | high
@@ -36,21 +36,25 @@ partial_output: yes | no
 
 Rules:
 - The HANDOFF block must start with exactly "--- HANDOFF ---"
+- Set status: ok only after you have verified the work (file/diff/test evidence) — unverified claims must use partial or failed.
 - Each field must be on its own line as "key: value"
+- Report files_changed as repo-root relative paths
 - verdict must be a single concise sentence
 - Do not skip any required field
+- This block owns the final output position; this block must be the last thing you output
 `.trim();
 
 /**
  * CLI 프롬프트 길이 제한을 고려한 축약 HANDOFF 지시
  */
-export const HANDOFF_INSTRUCTION_SHORT = `After completing, output this block at the end:
+export const HANDOFF_INSTRUCTION_SHORT = `After completing, output this block at the end; this block must be the last thing you output:
 --- HANDOFF ---
 status: ok | partial | failed
 lead_action: accept | needs_read | retry | reassign
 verdict: <one sentence>
-files_changed: <comma-separated paths or "none">
-confidence: high | medium | low`;
+files_changed: <comma-separated repo-root relative paths or "none">
+confidence: high | medium | low
+Set status: ok only after you have verified the work (file/diff/test evidence) — unverified claims must use partial or failed.`;
 
 /**
  * raw 텍스트에서 HANDOFF 블록을 파싱한다.

package/hub/team/headless.mjs

@@ -18,7 +18,7 @@ import {
 import { createRequire } from "node:module";
 import net from "node:net";
 import { tmpdir } from "node:os";
-import { dirname, join } from "node:path";
+import { dirname, join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { requestJson } from "@triflux/core/hub/bridge.mjs";
 import { escapePwshSingleQuoted } from "@triflux/core/hub/cli-adapter-base.mjs";
@@ -26,6 +26,7 @@ import { getMaxSpawnPerSec } from "@triflux/core/hub/lib/spawn-trace.mjs";
 import { IS_WINDOWS } from "@triflux/core/hub/platform.mjs";
 import { getBackend } from "./backend.mjs";
 import {
+  buildDaemonControlAuth,
   buildDaemonExecDispatchPayload,
   deriveClaudeDaemonPaths as deriveClaudeControlPaths,
   dispatchClaudeDaemonJob,
@@ -255,7 +256,7 @@ function unregisterHeadlessSynapseWorker(workerId) {
 /** MCP 프로필별 프롬프트 힌트 (tfx-route.sh resolve_mcp_policy의 경량 미러) */
 const MCP_PROFILE_HINTS = {
   implement:
-    "You have full filesystem read/write access. Implement changes directly.",
+    "You have full filesystem read/write access. Implement changes directly. After changes, run the narrowest relevant test/lint for the files you touched; if none can run, state why and the next-best check.",
   analyze:
     "Focus on reading and analyzing the codebase. Prefer analysis over modification.",
   review: "Review the code for quality, security, and correctness.",
@@ -301,22 +302,31 @@ export function buildHeadlessCommand(cli, prompt, resultFile, opts = {}) {
   // contextFile 처리: 32KB(32768 bytes) 초과 시 UTF-8 안전 절단
   let contextPrefix = "";
   if (contextFile && existsSync(contextFile)) {
+    const contextSource = resolve(contextFile);
     let ctx = readFileSync(contextFile, "utf8");
+    let truncated = false;
     if (Buffer.byteLength(ctx, "utf8") > 32768) {
       ctx = Buffer.from(ctx).subarray(0, 32768).toString("utf8");
+      truncated = true;
+    }
+    if (truncated) {
+      ctx = `${ctx}\n[... truncated at 32KB]`;
     }
     if (ctx.length > 0) {
-      contextPrefix = `<prior_context>\n${ctx}\n</prior_context>\n\n`;
+      contextPrefix = `<prior_context source="${contextSource}" truncated="${truncated ? "true" : "false"}">\n${ctx}\n</prior_context>\nBase your work on the prior_context above; if it conflicts with the task below, the task wins.\n\n`;
     }
   }
 
   const mcpHint =
     mcp && MCP_PROFILE_HINTS[mcp]
-      ? ` [MCP: ${mcp}] ${MCP_PROFILE_HINTS[mcp]}`
+      ? `\n\n[MCP: ${mcp}]\n${MCP_PROFILE_HINTS[mcp]}`
       : "";
+  const workspaceHint = cwd
+    ? `\n\n[workspace] root(절대경로): ${resolve(cwd)}. 모든 상대경로는 이 루트 기준. 파일 쓰기/커밋 전 \`git rev-parse --show-toplevel\` 이 이 root 와 일치하는지 확인하고 불일치 시 중단·보고.`
+    : "";
   // P2: HANDOFF 지시를 프롬프트에 삽입 (워커가 구조화된 handoff 블록을 출력하도록)
   const handoffHint = handoff ? `\n\n${HANDOFF_INSTRUCTION_SHORT}` : "";
-  const fullPrompt = `${contextPrefix}${prompt}${mcpHint}${handoffHint}`;
+  const fullPrompt = `${contextPrefix}${prompt}${mcpHint}${workspaceHint}${handoffHint}`;
 
   // 보안: 프롬프트를 임시 파일에 쓰고 파일 참조로 전달 (셸 주입 방지).
   // 이전 구현은 `"$(cat 'PATH')"` shell-expansion expression 을 만들어
@@ -1064,9 +1074,14 @@ export async function cleanupDaemonDispatches(dispatches) {
         }).catch(() => {});
       }
       if (dispatch.controlSock && dispatch.daemonShort) {
-        await killDaemonJob(dispatch.controlSock, dispatch.daemonShort).catch(
-          () => {},
-        );
+        const controlAuth = await buildDaemonControlAuth(
+          dispatch.daemonPaths?.configDir,
+        ).catch(() => ({}));
+        await killDaemonJob(
+          dispatch.controlSock,
+          dispatch.daemonShort,
+          controlAuth,
+        ).catch(() => {});
       }
     }),
   );
@@ -1244,9 +1259,16 @@ async function waitForDaemonCompletion(
         dispatch.daemonCompletionMatched = true;
         cleanupDaemonDispatches([dispatch]).catch(() => {});
       } else {
-        killDaemonJob(dispatch.controlSock, dispatch.daemonShort).catch(
-          () => {},
-        );
+        buildDaemonControlAuth(dispatch.daemonPaths?.configDir)
+          .catch(() => ({}))
+          .then((controlAuth) =>
+            killDaemonJob(
+              dispatch.controlSock,
+              dispatch.daemonShort,
+              controlAuth,
+            ),
+          )
+          .catch(() => {});
       }
       resolve(finalCompletion);
     };

package/hub/team/native-supervisor.mjs

@@ -173,11 +173,15 @@ function spawnMember(member) {
         ? process.env.TERM
         : "xterm-256color",
   };
+  // Worker members get HOME-isolated sandboxes, but antigravity-family agents
+  // (agy/gemini) are carved out inside buildWorkerSandboxEnv so their keyring/
+  // OAuth auth resolves — pass member.cli so the carve-out applies in-process too.
   const sandbox =
     member.role === "worker"
       ? buildWorkerSandboxEnv({
           cwd: config.workdir || process.cwd(),
           sessionId: `${sessionName}-${member.name}`,
+          agent: member.cli,
           env: baseEnv,
         })
       : { env: {}, root: null };

package/hub/team/orchestrator.mjs

@@ -50,7 +50,7 @@ export function decomposeTask(taskDescription, agentCount) {
  * @returns {string}
  */
 export function buildLeadPrompt(taskDescription, config) {
-  const { agentId, teammateMode = "tmux", workers = [] } = config;
+  const { agentId, repoRoot, teammateMode = "tmux", workers = [] } = config;
 
   const roster =
     workers
@@ -59,7 +59,10 @@ export function buildLeadPrompt(taskDescription, config) {
 
   const workerIds = workers.map((w) => w.agentId).join(", ");
 
-  const bridgePath = "node hub/bridge.mjs";
+  // TODO: Require repoRoot once all callers pass absolute repository roots.
+  const bridgePath = repoRoot
+    ? `node ${String(repoRoot).replace(/\/+$/, "")}/hub/bridge.mjs`
+    : "node hub/bridge.mjs";
 
   return `리드 에이전트: ${agentId}
 
@@ -76,6 +79,8 @@ ${roster}
 - 워커 결과 수집:
   ${bridgePath} context --agent ${agentId} --max 20
 - 최종 결과는 topic="task.result"를 모아 통합
+- 모든 워커의 task.result 수신 후 결과를 통합하고 종료하라. 워커가 무응답이면 상태를 보고하고 중단하라.
+- 증거(커밋/테스트/파일) 없는 완료 주장은 통합하지 말고 해당 워커에 redo 를 지시하라.
 
 워커 ID: ${workerIds || "(없음)"}
 지금 즉시 워커를 배정하고 병렬 진행을 관리하라.`;

package/hub/team/swarm-hypervisor.mjs

@@ -435,6 +435,11 @@ export function createSwarmHypervisor(opts) {
     });
   }
 
+  // Injectable git seam (#394). Defaults to the execFile closure above; tests
+  // override via `_deps.git` to drive the redundant-win commit-evidence gate
+  // deterministically without provisioning a real worktree.
+  const gitRun = _deps.git || git;
+
   function computeAuthoritativeStatus(shardName, workerEntry, sessions) {
     const failureInfo = failures.get(shardName) || null;
     if (failureInfo) {
@@ -508,7 +513,7 @@ export function createSwarmHypervisor(opts) {
     try {
       evidence.commitsAhead =
         Number.parseInt(
-          await git([
+          await gitRun([
             "rev-list",
             "--count",
             `${integrationBranch}..${branchName}`,
@@ -521,14 +526,17 @@ export function createSwarmHypervisor(opts) {
     }
 
     try {
-      evidence.headCommit = await git(["rev-parse", branchName]);
+      evidence.headCommit = await gitRun(["rev-parse", branchName]);
     } catch {
       /* best-effort */
     }
 
     if (worker?.worktreePath && !worker?.shardConfig?.host) {
       try {
-        const rawStatus = await git(["status", "--short"], worker.worktreePath);
+        const rawStatus = await gitRun(
+          ["status", "--short"],
+          worker.worktreePath,
+        );
         // Only explicitly expected lifecycle deletions are filtered. Plugin
         // metadata deletions remain dirty because Codex workers need them.
         evidence.dirtyFiles = extractDirtyFiles(
@@ -663,7 +671,10 @@ export function createSwarmHypervisor(opts) {
       agent: shard.agent,
       // #125: append Completion Protocol appendix so workers emit a
       // sentinel-framed JSON payload that conductor can reliably capture.
-      prompt: buildWorkerPrompt(shard.prompt, { leaseFiles: shard.files }),
+      prompt: buildWorkerPrompt(shard.prompt, {
+        leaseFiles: shard.files,
+        worktreePath: shard.worktreePath,
+      }),
       workdir: shard.worktreePath || workdir,
       mcpServers: shard.mcp,
       worktreePath: shard.worktreePath || null,
@@ -987,6 +998,84 @@ export function createSwarmHypervisor(opts) {
         checkAllShardsCompleted();
         return;
       }
+
+      if (
+        completionPayload?.status === "failed" ||
+        completionPayload?.status === "blocked"
+      ) {
+        const detail =
+          typeof completionPayload.reason === "string" &&
+          completionPayload.reason.length > 0
+            ? completionPayload.reason
+            : "unspecified";
+        const reason = `worker_reported_${completionPayload.status}:${detail}`;
+
+        if (isRedundant) {
+          eventLog.append("redundant_completion_rejected", {
+            shard: shardName,
+            sessionId,
+            reason,
+          });
+          redundantWorkers.delete(shardName);
+          if (completedWorker) {
+            void closeNativeBridgeRegistration(
+              completedWorker,
+              shardName,
+              "failed",
+            );
+          }
+          checkAllShardsCompleted();
+          return;
+        }
+
+        eventLog.append("worker_reported_non_ok_completion", {
+          shard: shardName,
+          sessionId,
+          status: completionPayload.status,
+          reason,
+        });
+        if (completedWorker) {
+          void closeNativeBridgeRegistration(
+            completedWorker,
+            shardName,
+            "failed",
+          );
+        }
+        failures.set(shardName, {
+          mode: classifyFailure(reason),
+          reason,
+          sessionId,
+          completionPayload,
+        });
+        lockManager.release(shardName);
+
+        const redundant = redundantWorkers.get(shardName);
+        if (redundant) {
+          void redundant.conductor.shutdown("primary_reported_non_ok");
+        }
+
+        emitter.emit("shardFailed", {
+          shardName,
+          failureMode: classifyFailure(reason),
+          reason,
+        });
+
+        cascadeDependencyFailure(shardName);
+        checkAllShardsCompleted();
+        return;
+      }
+    }
+
+    if (isRedundant) {
+      // #394: a redundant worker may only "win" (and SIGKILL the still-running
+      // primary) once it has produced real, integratable commits. The earlier
+      // F7 payload check trusts a self-report; agy/gemini redundant workers are
+      // known to signal completion with zero commits (and legacy workers emit
+      // no payload at all, bypassing F7). Gate the win on authoritative git
+      // evidence collected now — before any kill — so a phantom completion can
+      // never kill the worker that is doing the actual work.
+      void finalizeRedundantWin(shardName, sessionId, completedWorker);
+      return;
     }
 
     if (completedWorker) {
@@ -999,30 +1088,125 @@ export function createSwarmHypervisor(opts) {
 
     completedShards.add(shardName);
 
-    if (isRedundant) {
-      // Redundant worker completed first — kill primary if still running
-      const primary = workers.get(shardName);
-      const redundant = redundantWorkers.get(shardName);
-      if (redundant) {
-        workers.set(shardName, redundant);
-        redundantWorkers.delete(shardName);
-      }
-      if (primary && !isTerminal(primary)) {
-        eventLog.append("redundant_wins", { shard: shardName });
-        void primary.conductor.shutdown("redundant_completed_first");
-      }
-    } else {
-      // Primary completed — kill redundant if exists
-      const redundant = redundantWorkers.get(shardName);
-      if (redundant) {
-        void redundant.conductor.shutdown("primary_completed_first");
-      }
+    // Primary completed — kill redundant if exists
+    const redundant = redundantWorkers.get(shardName);
+    if (redundant) {
+      void redundant.conductor.shutdown("primary_completed_first");
     }
 
     emitter.emit("shardCompleted", { shardName, sessionId, isRedundant });
     checkAllShardsCompleted();
   }
 
+  /**
+   * Gate a redundant worker's completion on authoritative git commit evidence
+   * before it is allowed to win the shard and SIGKILL the primary (#394).
+   *
+   * A redundant worker with no commits ahead of the base branch is NOT a valid
+   * winner: it is rejected, the primary is left running, and the shard is not
+   * marked complete. Only a worker with `commitsAhead > 0` promotes itself and
+   * terminates the primary.
+   *
+   * @param {string} shardName
+   * @param {string} sessionId
+   * @param {object} redundantWorker — entry fetched before this async hop
+   */
+  async function finalizeRedundantWin(shardName, sessionId, redundantWorker) {
+    const redundant = redundantWorker || redundantWorkers.get(shardName);
+    if (!redundant) {
+      // The primary already completed/failed and cleared the redundant entry
+      // (primary_completed_first / primary_failed_f7). Nothing to promote.
+      checkAllShardsCompleted();
+      return;
+    }
+
+    // A redundant worker may win only while the shard is still undecided. This
+    // is checked TWICE — once up front (a cheap early-out before the git
+    // round-trip) and again AFTER the async evidence hop. The second check is
+    // the load-bearing one: the primary can complete/fail while
+    // collectCommitEvidence() is in flight, and without re-checking, a slow git
+    // probe would resume and flip an already-decided winner via
+    // `workers.set(shardName, redundant)` (#394 TOCTOU race).
+    const retireSupersededRedundant = (phase) => {
+      eventLog.append("redundant_win_superseded", {
+        shard: shardName,
+        sessionId,
+        phase,
+      });
+      redundantWorkers.delete(shardName);
+      void closeNativeBridgeRegistration(redundant, shardName, "failed");
+      checkAllShardsCompleted();
+    };
+
+    if (completedShards.has(shardName) || failures.has(shardName)) {
+      retireSupersededRedundant("before_evidence");
+      return;
+    }
+
+    let evidence;
+    try {
+      evidence = await collectCommitEvidence(redundant, baseBranch);
+    } catch (err) {
+      evidence = { commitsAhead: 0, dirty: false, error: err.message };
+    }
+
+    // Re-check after the await: the primary may have won while we waited.
+    if (completedShards.has(shardName) || failures.has(shardName)) {
+      retireSupersededRedundant("after_evidence");
+      return;
+    }
+
+    // A redundant worker may win only with CLEAN, integratable commits — the
+    // exact bar integration applies (collectCommitEvidence.ok =
+    // commitsAhead > 0 && !dirty). A weaker gate (commits-only) would promote a
+    // dirty-but-committed redundant, kill the primary, then fail integration on
+    // that same dirty evidence (F6) — losing the shard the primary could have
+    // delivered (#394 re-review). Reject anything integration would not accept.
+    if (!evidence?.ok) {
+      const reason = evidence?.error
+        ? "evidence_error"
+        : evidence?.dirty
+          ? "dirty_worktree"
+          : "no_commit";
+      eventLog.append("redundant_win_rejected", {
+        shard: shardName,
+        sessionId,
+        reason,
+        commitsAhead: evidence?.commitsAhead || 0,
+        dirty: Boolean(evidence?.dirty),
+        error: evidence?.error || null,
+      });
+      redundantWorkers.delete(shardName);
+      void closeNativeBridgeRegistration(redundant, shardName, "failed");
+      // Re-check in case the primary already reached a terminal state while we
+      // were collecting evidence.
+      checkAllShardsCompleted();
+      return;
+    }
+
+    // Clean, integratable commit evidence — promote the redundant worker and
+    // kill the primary if it is still running.
+    const primary = workers.get(shardName);
+    workers.set(shardName, redundant);
+    redundantWorkers.delete(shardName);
+    completedShards.add(shardName);
+    void closeNativeBridgeRegistration(redundant, shardName, "completed");
+    if (primary && !isTerminal(primary)) {
+      eventLog.append("redundant_wins", {
+        shard: shardName,
+        commitsAhead: evidence.commitsAhead,
+      });
+      void primary.conductor.shutdown("redundant_completed_first");
+    }
+
+    emitter.emit("shardCompleted", {
+      shardName,
+      sessionId,
+      isRedundant: true,
+    });
+    checkAllShardsCompleted();
+  }
+
   function handleShardFailed(shardName, sessionId, reason, isRedundant) {
     const failureMode = classifyFailure(reason);
 
@@ -1502,31 +1686,33 @@ export function createSwarmHypervisor(opts) {
       "before_worktree_cleanup",
     );
 
-    // Best-effort: preserve any uncommitted worker changes before removing
-    // the worktree. Silent on failure — must not block cleanup or mask the
-    // original failure reason.
-    if (failureReason) {
-      try {
-        const preservation = await preserveWorktreePatchImpl({
+    // Best-effort: preserve any uncommitted worker changes before removing the
+    // worktree, on BOTH the failure and success teardown paths (#394). A worker
+    // can exit 0 yet leave dirty, uncommitted work (the hub-observability case:
+    // exit 0, commits_made []), and the success cleanup carries no
+    // failureReason — without this it would silently delete that work.
+    // preserveWorktreePatchImpl self-skips when the worktree is clean, so a
+    // properly-committed shard saves nothing here.
+    try {
+      const preservation = await preserveWorktreePatchImpl({
+        worktreePath: worker.worktreePath,
+        shardId: shardName,
+        recoveryDir: join(workdir, ".codex-swarm", "recovery"),
+      });
+      if (preservation?.ok && !preservation.skipped) {
+        outcome.recoveryPatch = {
+          patchPath: preservation.patchPath,
+          manifestPath: preservation.manifestPath || null,
+        };
+        eventLog.append("recovery_patch_saved", {
+          shard: shardName,
           worktreePath: worker.worktreePath,
-          shardId: shardName,
-          recoveryDir: join(workdir, ".codex-swarm", "recovery"),
+          patchPath: preservation.patchPath,
+          reason: failureReason || "dirty_on_cleanup",
         });
-        if (preservation?.ok && !preservation.skipped) {
-          outcome.recoveryPatch = {
-            patchPath: preservation.patchPath,
-            manifestPath: preservation.manifestPath || null,
-          };
-          eventLog.append("recovery_patch_saved", {
-            shard: shardName,
-            worktreePath: worker.worktreePath,
-            patchPath: preservation.patchPath,
-            reason: failureReason,
-          });
-        }
-      } catch {
-        /* silent: preservation failures must not block cleanup */
       }
+    } catch {
+      /* silent: preservation failures must not block cleanup */
     }
 
     try {

package/hub/team/worker-completion-validator.mjs

@@ -1,9 +1,9 @@
 // hub/team/worker-completion-validator.mjs — Enforce worker completion schema.
 // Issue #115 Lane 1 / F7_worker_did_not_commit.
 //
-// A shard worker MUST emit a completion JSON with `status: "ok"` + a non-empty
-// `commits_made` array. Reporting without committing is the #1 cause of lost
-// swarm work — guarded here before integration trusts the worker.
+// A shard worker that reports `status: "ok"` MUST include a non-empty
+// `commits_made` array. Non-ok statuses are valid terminal reports, but they
+// are not allowed to masquerade as successful completion.
 
 import { readFileSync } from "node:fs";
 import { dirname, join } from "node:path";
@@ -34,25 +34,20 @@ export function validateWorkerCompletion(payload) {
     return { ok: false, reason: "payload_not_object" };
   }
 
-  const valid = compiled(payload);
+  const status = payload.status;
+  if (!["ok", "failed", "blocked"].includes(status)) {
+    return { ok: false, reason: `invalid_status:${status ?? "undefined"}` };
+  }
+
+  const schemaPayload =
+    status === "blocked" ? { ...payload, status: "failed" } : payload;
+  const valid = compiled(schemaPayload);
   if (!valid) {
     const firstError = compiled.errors?.[0];
     const reason = formatError(firstError, payload);
     return { ok: false, reason };
   }
 
-  // BUG-G (#130): the schema's if-then only constrains commits_made when
-  // status='ok', so status='failed' payloads pass AJV vacuously. Without
-  // this guard the hypervisor F7 path treats a worker self-reported failure
-  // as a successful completion and integrates phantom shards.
-  if (payload.status === "failed") {
-    const detail =
-      typeof payload.reason === "string" && payload.reason.length > 0
-        ? payload.reason
-        : "unspecified";
-    return { ok: false, reason: `worker_self_reported_failure:${detail}` };
-  }
-
   return { ok: true };
 }
 

package/hub/team/worker-sandbox.mjs

@@ -19,6 +19,23 @@ function isDisabled(env = {}) {
   return /^(0|false|no|off)$/i.test(String(env.TFX_WORKER_SANDBOX ?? ""));
 }
 
+// Antigravity-family CLIs (agy/gemini) authenticate only via interactive OAuth and
+// store credentials in the OS keyring plus HOME-relative ~/.gemini state bound to the
+// logged-in user. They expose no headless-auth flag and no config-home env
+// (antigravity-cli issues #223/#155/#316), so overriding HOME forces a re-auth that
+// never completes in a headless swarm/team worker — the worker times out at the OAuth
+// wait and does no work (the agy "no_commit" symptom). Keep the host HOME for these
+// agents so the keyring and ~/.gemini resolve. Codex stays isolated via CODEX_HOME.
+const AUTH_HOME_BOUND_AGENTS = new Set(["antigravity", "agy", "gemini"]);
+
+function isAuthHomeBoundAgent(agent) {
+  return AUTH_HOME_BOUND_AGENTS.has(
+    String(agent ?? "")
+      .trim()
+      .toLowerCase(),
+  );
+}
+
 function windowsHomeParts(home) {
   const normalized = String(home || "").replace(/\//g, "\\");
   const match = normalized.match(/^([a-zA-Z]:)(\\.*)$/);
@@ -36,15 +53,26 @@ function mkdirAll(paths) {
  * @param {object} opts
  * @param {string} [opts.cwd] Worktree/current working directory for the worker.
  * @param {string} [opts.sessionId] Stable session/member id.
+ * @param {string} [opts.agent] Worker CLI/agent; antigravity-family agents skip the
+ *   HOME override so their keyring/OAuth credentials resolve (see note above).
  * @param {object} [opts.env] Existing env used for opt-out and explicit root.
  * @param {boolean} [opts.create=true] Create directories eagerly.
- * @returns {{env: object, root: string|null, home: string|null, disabled: boolean}}
+ * @returns {{env: object, root: string|null, home: string|null, disabled: boolean, reason?: string}}
  */
 export function buildWorkerSandboxEnv(opts = {}) {
   const env = opts.env && typeof opts.env === "object" ? opts.env : {};
   if (isDisabled(env)) {
     return { env: {}, root: null, home: null, disabled: true };
   }
+  if (isAuthHomeBoundAgent(opts.agent)) {
+    return {
+      env: {},
+      root: null,
+      home: null,
+      disabled: true,
+      reason: "auth-home-bound-agent",
+    };
+  }
 
   const cwd = resolve(opts.cwd || process.cwd());
   const sessionId = safeSegment(opts.sessionId, "worker");

package/hub/tray-lifecycle.mjs

@@ -117,10 +117,11 @@ export function spawnTrayForHub({
   trayPath,
   nodePath = process.execPath,
   env = process.env,
+  cwd = process.cwd(),
   spawnFn = spawn,
 } = {}) {
   if (env?.TFX_HUB_AUTO_TRAY === "0") return { status: "disabled" };
-  if (isWorktreeOrEphemeralHubContext({ env })) {
+  if (isWorktreeOrEphemeralHubContext({ cwd, env })) {
     return { status: "disabled", reason: "ephemeral-or-worktree-context" };
   }
   if (platform !== "darwin") return { status: "unsupported-platform" };

package/hub/workers/delegator-mcp.mjs

@@ -971,6 +971,7 @@ export class DelegatorMcpWorker {
         args.workerIndex ||
         args.agentType ||
         "route",
+      agent: args.provider,
       env: baseEnv,
     });
     const env = { ...baseEnv, ...sandbox.env };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@triflux/remote",
-  "version": "10.34.0",
+  "version": "10.35.0",
   "description": "triflux remote — team mode, psmux, MCP workers, SQLite store.",
   "type": "module",
   "main": "hub/index.mjs",

package/scripts/lib/mcp-manifest.mjs

@@ -13,8 +13,8 @@ export const MANIFEST_PATH = join(
   "mcp-enabled.json",
 );
 
-/** API 키 불필요 — 항상 활성화 for gateway-managed MCP servers */
-export const CORE_SERVERS = Object.freeze(["serena"]);
+/** API 키 불필요 — 항상 활성화 for gateway-managed MCP servers (현재 없음 — serena는 2026-06-10 core에서 제거) */
+export const CORE_SERVERS = Object.freeze([]);
 
 /** 검색 MCP — API 키 필요 */
 export const SEARCH_SERVERS = Object.freeze([