pi-crew 0.1.39 → 0.1.41

package/CHANGELOG.md

@@ -2,6 +2,40 @@
 
 ## Unreleased
 
+## 0.1.41
+
+### Added
+
+- Added strict-provider-friendly team tool schema shapes and config schema coverage for result delivery controls.
+- Added resilient result watcher fallback polling for resource-limit watch failures and partial JSON retry handling.
+- Added `runtime.completionMutationGuard` (`off`/`warn`/`fail`) with structured `task.attention` events when implementation-style workers complete without observed mutations.
+- Added group-join mailbox delivery metadata, request-id dedupe, ack observability, timeout events, and dashboard/status visibility.
+- Expanded `team doctor` and `team status` with schema, async/result delivery, worktree/readiness, attention, transcript, and group-join diagnostics.
+
+### Fixed
+
+- Recovered adaptive implementation planner output when compaction truncates the end marker but complete phase objects are still present.
+
+## 0.1.40
+
+### Added
+
+- Added owner-session generation guards for background subagents, async run notifications, result watchers, and live-session callbacks so stale sessions do not receive completions.
+- Added `runtime.requirePlanApproval` with approve/cancel API support to gate mutating adaptive implementation tasks behind an explicit planner artifact approval.
+- Added shared secret redaction for event logs, mailbox persistence, artifacts, JSONL streams, agent records, notifications, metrics, and diagnostics.
+
+### Changed
+
+- Project-local agents, teams, and workflows can no longer shadow builtin or user resources with the same name.
+- Project-level sensitive config such as worker execution, runtime mode, autonomy, agent overrides, worktree setup hooks, and OTLP headers is ignored with warnings unless configured in trusted user scope.
+
+### Fixed
+
+- Fixed lost async completion notifications after auto-compaction/session restart by continuing to track active runs across notifier restarts.
+- Fixed stale background subagent wakeups after session switch/shutdown while preserving terminal results for explicit joins.
+- Fixed resume bypasses in plan approval by re-gating persisted mutating adaptive tasks when approval state is missing or pending.
+- Restricted plan approval and cancellation to non-read-only roles and rejected cancel/approve after the approval state is no longer pending.
+
 ## 0.1.39
 
 ### Fixed

package/README.md

@@ -25,13 +25,14 @@ Current highlights:
 - metadata-aware `recommend` action for routing, decomposition, fanout hints, async/worktree suggestions
 - configurable autonomy profiles: `manual`, `suggested`, `assisted`, `aggressive`
 - builtin agents, teams, and workflows
-- user/project/builtin resource discovery with priority `builtin < user < project`
+- user/project/builtin resource discovery where user resources override builtin resources, and project resources cannot shadow trusted user/builtin names
 - resource format support for routing metadata: `triggers`, `useWhen`, `avoidWhen`, `cost`, `category`
 - durable run state: manifest, tasks, events, artifacts, imports/exports
 - foreground workflow scheduler
 - detached async/background runner
 - stale async PID detection
 - active run summary and async completion notifications in Pi sessions
+- owner-session delivery guards so stale sessions do not receive background subagent/result/live-session completions
 - real child Pi worker execution by default, with explicit scaffold/dry-run opt-out
 - child Pi JSON output parsing for final text, usage, and event counts
 - retryable model fallback attempts per task
@@ -58,6 +59,10 @@ Current highlights:
 - observability metrics: per-session Counter/Gauge/Histogram registry, JSONL sink, `/team-metrics`, dashboard metrics pane, Prometheus/OTLP exporters (OTLP opt-in)
 - reliability hardening: heartbeat gradient watcher, opt-in retry executor with attempt trace, crash-recovery detection, deadletter queue
 - background `Agent`/`crew_agent` completion wake-up so parent sessions can automatically join completed subagent results
+- optional `runtime.requirePlanApproval` gate for planner-first approval before mutating adaptive implementation workers run
+- optional `runtime.completionMutationGuard` to warn or fail implementation-style workers that complete without observed mutation tool calls
+- grouped result delivery is correlated through mailbox metadata, deduped by request id, and acknowledged via existing `ack-message`
+- shared redaction for common secrets before durable event/log/mailbox/artifact/metric/diagnostic persistence
 - package polish: `schema.json`, TypeScript semantic check, strip-types import smoke, cross-platform CI workflow, dry-run package verification
 
 ## Install
@@ -146,9 +151,13 @@ The project root is auto-detected by walking up from the current directory and s
 Config merge priority:
 
 ```text
-user < project
+user < project for ordinary presentation/UX settings
 ```
 
+Trust-boundary exception: project config is intentionally not trusted for sensitive execution controls. Project-level values such as `executeWorkers`, `asyncByDefault`, runtime mode/live-session inheritance, autonomy mode, `agents.disableBuiltins`, `agents.overrides`, `worktree.setupHook`, and `otlp.headers` are ignored with warnings. Set those in user config when you want to trust them explicitly.
+
+Resource discovery trust boundary: project-local agents, teams, and workflows may add new names, but cannot shadow builtin or user resources with the same name.
+
 Supported config:
 
 ```json
@@ -167,6 +176,13 @@ Supported config:
       "review": ["review", "audit", "inspect"]
     }
   },
+  "runtime": {
+    "mode": "auto",
+    "groupJoin": "smart",
+    "groupJoinAckTimeoutMs": 300000,
+    "requirePlanApproval": false,
+    "completionMutationGuard": "warn"
+  },
   "limits": {
     "maxConcurrentWorkers": 3,
     "maxTaskDepth": 2,
@@ -222,9 +238,13 @@ Supported config:
 Safety notes:
 
 - Foreground child-process runs continue in the Pi extension process and return control to chat immediately, so large workflows do not block the interactive session. They are interrupted on session shutdown. Use `async: true` only for intentionally detached runs that may survive the current session.
+- Async completion notifications survive extension reload/auto-compaction: active runs are not marked consumed just because the notifier restarts, while stale owner-session callbacks are suppressed after session switches.
 - Background `Agent`/`crew_agent` runs notify the parent session when they reach a terminal state; the parent can then call `get_subagent_result`/`crew_agent_result` and continue the original task.
 - `tools.terminateOnForeground` is an opt-in power-user setting. When true, foreground `Agent`/`crew_agent` calls return with `terminate: true` after the child result is available, saving one follow-up LLM turn. Default is false so the assistant can still summarize raw worker output.
 - Runtime state paths are treated as untrusted data: run ids, import bundles, artifact/transcript paths, mailbox files, and agent control/log files are validated with containment checks before reads or writes.
+- `runtime.completionMutationGuard` defaults to `warn`; set `off` to disable or `fail` to fail implementation-style tasks that report success without observed mutation tool calls.
+- Group-join result messages use normal mailbox delivery and normal `ack-message`; missing acknowledgements never block run completion, and duplicate delivery attempts reuse the same request id/message instead of appending spam.
+- Common secret patterns (`token=`, `apiKey=`, `Authorization: Bearer ...`, private keys, etc.) are redacted before durable logs/events/mailbox/artifacts/metrics/diagnostics are written.
 - `observability.enabled` defaults to true for in-memory metrics and heartbeat watching. Metric JSONL snapshots are gated by `telemetry.enabled`; set `telemetry.enabled=false` to opt out of local telemetry files.
 - `reliability.autoRetry` and `reliability.autoRecover` default to false. Enabling retry may execute an idempotent task more than once; each attempt is recorded in `task.attempts`, and exhausted retries append a deadletter entry.
 - `otlp.enabled` defaults to false. Configure `otlp.endpoint` only when you want to push metrics to an OTLP HTTP collector.
@@ -320,7 +340,7 @@ Supported actions:
 | `config` | Show/update config |
 | `init` | Create project `.pi` layout and update `.gitignore` |
 | `autonomy` | Show/update autonomous delegation settings |
-| `api` | Safe interop for run/task/event/heartbeat/claim/mailbox state |
+| `api` | Safe interop for run/task/event/heartbeat/claim/mailbox state, including plan approval/cancel operations |
 | `help` | Show help text |
 
 ## Example tool calls
@@ -358,6 +378,30 @@ Run with worktrees:
 }
 ```
 
+Require explicit approval after the adaptive planner writes a plan artifact and before mutating workers run:
+
+```json
+{
+  "action": "run",
+  "team": "implementation",
+  "workflow": "implementation",
+  "goal": "Refactor auth and update tests",
+  "config": {
+    "runtime": { "requirePlanApproval": true }
+  }
+}
+```
+
+Approve or cancel the pending plan:
+
+```json
+{
+  "action": "api",
+  "runId": "team_...",
+  "config": { "operation": "approve-plan" }
+}
+```
+
 Inspect a run:
 
 ```json
@@ -435,9 +479,11 @@ Manual slash commands are ops/debug controls. Autonomous tool use via policy/rec
 /team-api team_... send-message taskId=task_... direction=inbox to=worker body="task scoped message"
 /team-api team_... read-mailbox direction=outbox
 /team-api team_... read-mailbox taskId=task_... direction=inbox
-/team-api team_... ack-message messageId=msg_...
+/team-api team_... ack-message messageId=msg_...   # also acknowledges group-join result messages
 /team-api team_... read-delivery
 /team-api team_... validate-mailbox repair=true
+/team-api team_... approve-plan
+/team-api team_... cancel-plan
 ```
 
 Use `/team-metrics` for a current metrics snapshot. The optional argument is a glob-style metric filter:

package/docs/usage.md

@@ -29,6 +29,13 @@ Supported fields:
     "preferAsyncForLongTasks": false,
     "allowWorktreeSuggestion": true
   },
+  "runtime": {
+    "mode": "auto",
+    "groupJoin": "smart",
+    "groupJoinAckTimeoutMs": 300000,
+    "completionMutationGuard": "warn",
+    "requirePlanApproval": false
+  },
   "ui": {
     "widgetPlacement": "aboveEditor",
     "widgetMaxLines": 8,
@@ -113,6 +120,10 @@ Background `Agent`/`crew_agent` subagents wake the parent Pi session when they c
 
 State paths are validated before read/write operations. Run ids, imported bundles, artifact and transcript references, mailbox files, and agent control/log files must stay inside their expected `.crew` roots and symlink escapes are rejected. Read-only mailbox APIs return default state without creating mailbox files when no messages exist.
 
+Group-join result delivery uses the normal outbox mailbox and normal `/team-api ... ack-message`. `runtime.groupJoinAckTimeoutMs` only emits observability (`agent.group_join.ack_timeout`) and does not block run completion.
+
+`runtime.completionMutationGuard` defaults to `warn`. Use `off` to disable or `fail` to fail implementation-style workers that complete without observed mutation tool calls.
+
 ## Worktree mode
 
 ```json

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-crew",
-  "version": "0.1.39",
+  "version": "0.1.41",
   "description": "Pi extension for coordinated AI teams, workflows, worktrees, and async task orchestration",
   "author": "baphuongna",
   "license": "MIT",

package/schema.json

@@ -68,7 +68,10 @@
         "graceTurns": { "type": "integer", "minimum": 1 },
         "inheritContext": { "type": "boolean" },
         "promptMode": { "type": "string", "enum": ["replace", "append"] },
-        "groupJoin": { "type": "string", "enum": ["off", "group", "smart"] }
+        "groupJoin": { "type": "string", "enum": ["off", "group", "smart"] },
+        "groupJoinAckTimeoutMs": { "type": "integer", "minimum": 1 },
+        "requirePlanApproval": { "type": "boolean" },
+        "completionMutationGuard": { "type": "string", "enum": ["off", "warn", "fail"] }
       }
     },
     "control": {

package/src/agents/discover-agents.ts

@@ -95,7 +95,7 @@ export function discoverAgents(cwd: string): AgentDiscoveryResult {
 
 export function allAgents(discovery: AgentDiscoveryResult): AgentConfig[] {
 	const byName = new Map<string, AgentConfig>();
-	for (const agent of [...discovery.builtin, ...discovery.user, ...discovery.project]) {
+	for (const agent of [...discovery.project, ...discovery.builtin, ...discovery.user]) {
 		byName.set(agent.name.toLowerCase(), agent);
 	}
 	return [...byName.values()].filter((agent) => !agent.disabled).sort((a, b) => a.name.localeCompare(b.name));

package/src/config/config.ts

@@ -30,6 +30,8 @@ export interface CrewLimitsConfig {
 
 export type CrewRuntimeMode = "auto" | "scaffold" | "child-process" | "live-session";
 
+export type CompletionMutationGuardMode = "off" | "warn" | "fail";
+
 export interface CrewRuntimeConfig {
 	mode?: CrewRuntimeMode;
 	preferLiveSession?: boolean;
@@ -39,6 +41,9 @@ export interface CrewRuntimeConfig {
 	inheritContext?: boolean;
 	promptMode?: "replace" | "append";
 	groupJoin?: "off" | "group" | "smart";
+	groupJoinAckTimeoutMs?: number;
+	requirePlanApproval?: boolean;
+	completionMutationGuard?: CompletionMutationGuardMode;
 }
 
 export interface CrewControlConfig {
@@ -206,6 +211,82 @@ function validateConfigWithWarnings(raw: unknown): string[] {
 	return [];
 }
 
+function projectOverrideWarning(projectPath: string, dottedPath: string): string {
+	return `${projectPath}: project-level sensitive config '${dottedPath}' is ignored; set it in user config to trust it explicitly`;
+}
+
+function sanitizeProjectConfig(projectPath: string, userConfig: PiTeamsConfig, config: PiTeamsConfig): ConfigValidationResult {
+	const sanitized: PiTeamsConfig = { ...config };
+	const warnings: string[] = [];
+	const dropTopLevel = (key: keyof PiTeamsConfig): void => {
+		if (config[key] === undefined) return;
+		delete sanitized[key];
+		warnings.push(projectOverrideWarning(projectPath, String(key)));
+	};
+	dropTopLevel("executeWorkers");
+	dropTopLevel("asyncByDefault");
+	dropTopLevel("requireCleanWorktreeLeader");
+	if (config.runtime) {
+		const runtime = { ...config.runtime };
+		for (const key of ["mode", "preferLiveSession", "allowChildProcessFallback", "inheritContext"] as const) {
+			if (runtime[key] !== undefined) {
+				delete runtime[key];
+				warnings.push(projectOverrideWarning(projectPath, `runtime.${key}`));
+			}
+		}
+		if (runtime.requirePlanApproval === false) {
+			delete runtime.requirePlanApproval;
+			warnings.push(projectOverrideWarning(projectPath, "runtime.requirePlanApproval"));
+		}
+		sanitized.runtime = Object.values(runtime).some((entry) => entry !== undefined) ? runtime : undefined;
+	}
+	if (config.autonomous) {
+		const autonomous = { ...config.autonomous };
+		for (const key of ["profile", "enabled", "injectPolicy", "preferAsyncForLongTasks", "allowWorktreeSuggestion"] as const) {
+			if (autonomous[key] !== undefined) {
+				delete autonomous[key];
+				warnings.push(projectOverrideWarning(projectPath, `autonomous.${key}`));
+			}
+		}
+		sanitized.autonomous = Object.values(autonomous).some((entry) => entry !== undefined) ? autonomous : undefined;
+	}
+	if (config.worktree?.setupHook !== undefined) {
+		sanitized.worktree = { ...config.worktree, setupHook: undefined };
+		if (!Object.values(sanitized.worktree).some((entry) => entry !== undefined)) sanitized.worktree = undefined;
+		warnings.push(projectOverrideWarning(projectPath, "worktree.setupHook"));
+	}
+	if (config.otlp?.headers !== undefined) {
+		sanitized.otlp = { ...config.otlp, headers: undefined };
+		if (!Object.values(sanitized.otlp).some((entry) => entry !== undefined)) sanitized.otlp = undefined;
+		warnings.push(projectOverrideWarning(projectPath, "otlp.headers"));
+	}
+	if (config.agents?.disableBuiltins !== undefined || config.agents?.overrides !== undefined) {
+		const agents = { ...config.agents };
+		if (agents.disableBuiltins !== undefined) {
+			delete agents.disableBuiltins;
+			warnings.push(projectOverrideWarning(projectPath, "agents.disableBuiltins"));
+		}
+		if (agents.overrides !== undefined) {
+			delete agents.overrides;
+			warnings.push(projectOverrideWarning(projectPath, "agents.overrides"));
+		}
+		sanitized.agents = Object.values(agents).some((entry) => entry !== undefined) ? agents : undefined;
+	}
+	if (config.tools?.enableSteer !== undefined || config.tools?.terminateOnForeground !== undefined) {
+		const tools = { ...config.tools };
+		if (tools.enableSteer !== undefined) {
+			delete tools.enableSteer;
+			warnings.push(projectOverrideWarning(projectPath, "tools.enableSteer"));
+		}
+		if (tools.terminateOnForeground !== undefined) {
+			delete tools.terminateOnForeground;
+			warnings.push(projectOverrideWarning(projectPath, "tools.terminateOnForeground"));
+		}
+		sanitized.tools = Object.values(tools).some((entry) => entry !== undefined) ? tools : undefined;
+	}
+	return { config: sanitized, warnings };
+}
+
 function mergeConfig(base: PiTeamsConfig, override: PiTeamsConfig): PiTeamsConfig {
 	const merged: PiTeamsConfig = { ...base, ...withoutUndefined(override as Record<string, unknown>) };
 	if (base.autonomous || override.autonomous) {
@@ -416,6 +497,9 @@ function parseRuntimeConfig(value: unknown): CrewRuntimeConfig | undefined {
 		inheritContext: parseWithSchema(Type.Boolean(), obj.inheritContext),
 		promptMode: parseWithSchema(Type.Union([Type.Literal("replace"), Type.Literal("append")]), obj.promptMode),
 		groupJoin: parseWithSchema(Type.Union([Type.Literal("off"), Type.Literal("group"), Type.Literal("smart")]), obj.groupJoin),
+		groupJoinAckTimeoutMs: parsePositiveInteger(obj.groupJoinAckTimeoutMs, 86_400_000),
+		requirePlanApproval: parseWithSchema(Type.Boolean(), obj.requirePlanApproval),
+		completionMutationGuard: parseWithSchema(Type.Union([Type.Literal("off"), Type.Literal("warn"), Type.Literal("fail")]), obj.completionMutationGuard),
 	};
 	return Object.values(runtime).some((entry) => entry !== undefined) ? runtime : undefined;
 }
@@ -639,8 +723,9 @@ export function loadConfig(cwd?: string): LoadedPiTeamsConfig {
 		if (cwd) {
 			const projectPath = projectConfigPath(cwd);
 			const projectConfig = parseConfigWithWarnings(readConfigRecord(projectPath));
-			warnings.push(...projectConfig.warnings.map((warning) => `${projectPath}: ${warning}`));
-			config = mergeConfig(config, projectConfig.config);
+			const projectSafeConfig = sanitizeProjectConfig(projectPath, config, projectConfig.config);
+			warnings.push(...projectConfig.warnings.map((warning) => `${projectPath}: ${warning}`), ...projectSafeConfig.warnings);
+			config = mergeConfig(config, projectSafeConfig.config);
 		}
 		return { path: filePath, paths, config, warnings: warnings.length > 0 ? warnings : undefined };
 	} catch (error) {

package/src/extension/async-notifier.ts

@@ -8,6 +8,13 @@ import { listRuns } from "./run-index.ts";
 export interface AsyncNotifierState {
 	seenFinishedRunIds: Set<string>;
 	interval?: ReturnType<typeof setInterval>;
+	generation?: number;
+	lastStoppedAtMs?: number;
+}
+
+export interface AsyncNotifierOptions {
+	generation?: number;
+	isCurrent?: (generation: number) => boolean;
 }
 
 function isFinished(status: string): boolean {
@@ -18,6 +25,12 @@ function isAsyncTerminalEvent(event: TeamEvent): boolean {
 	return event.type === "async.completed" || event.type === "async.failed" || event.type === "async.died";
 }
 
+function timeMs(value: string | undefined): number | undefined {
+	if (!value) return undefined;
+	const parsed = new Date(value).getTime();
+	return Number.isFinite(parsed) ? parsed : undefined;
+}
+
 function latestEventAgeMs(events: TeamEvent[], now = Date.now()): number {
 	const latest = events.at(-1);
 	if (!latest) return Number.POSITIVE_INFINITY;
@@ -38,14 +51,21 @@ export function markDeadAsyncRunIfNeeded(run: TeamRunManifest, now = Date.now(),
 	return failed;
 }
 
-export function startAsyncRunNotifier(ctx: ExtensionContext, state: AsyncNotifierState, intervalMs = 5000): void {
+export function startAsyncRunNotifier(ctx: ExtensionContext, state: AsyncNotifierState, intervalMs = 5000, options: AsyncNotifierOptions = {}): void {
 	if (state.interval) clearInterval(state.interval);
+	const generation = options.generation ?? ((state.generation ?? 0) + 1);
+	state.generation = generation;
+	const startedAtMs = Date.now();
+	const staleBeforeMs = state.lastStoppedAtMs ?? startedAtMs;
 	for (const run of listRuns(ctx.cwd)) {
-		// Treat all pre-existing runs as seen. This avoids noisy error toasts when
-		// an old active/stale run is later inspected and transitions to failed.
-		state.seenFinishedRunIds.add(run.runId);
+		// Suppress only terminal runs that were already finished before this owner
+		// session (or before the previous session switch). Active runs must remain
+		// un-seen so completions during auto-compaction/session restart are delivered.
+		const updatedAtMs = timeMs(run.updatedAt) ?? 0;
+		if (isFinished(run.status) && updatedAtMs < staleBeforeMs) state.seenFinishedRunIds.add(run.runId);
 	}
 	state.interval = setInterval(() => {
+		if (options.isCurrent && !options.isCurrent(generation)) return;
 		try {
 			for (const run of listRuns(ctx.cwd).slice(0, 20)) {
 				const current = markDeadAsyncRunIfNeeded(run) ?? run;
@@ -64,4 +84,6 @@ export function startAsyncRunNotifier(ctx: ExtensionContext, state: AsyncNotifie
 export function stopAsyncRunNotifier(state: AsyncNotifierState): void {
 	if (state.interval) clearInterval(state.interval);
 	state.interval = undefined;
+	state.generation = (state.generation ?? 0) + 1;
+	state.lastStoppedAtMs = Date.now();
 }

package/src/extension/notification-sink.ts

@@ -1,7 +1,7 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import type { NotificationDescriptor } from "./notification-router.ts";
-import { redactSecrets } from "../runtime/diagnostic-export.ts";
+import { redactSecrets } from "../utils/redaction.ts";
 import { logInternalError } from "../utils/internal-error.ts";
 
 export interface NotificationSink {

package/src/extension/register.ts

@@ -53,6 +53,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 	}
 	const notifierState: AsyncNotifierState = { seenFinishedRunIds: new Set() };
 	let currentCtx: ExtensionContext | undefined;
+	let sessionGeneration = 0;
 	let rpcHandle: PiCrewRpcHandle | undefined;
 	let cleanedUp = false;
 	let manifestCache = createManifestCache(process.cwd());
@@ -153,6 +154,9 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 			sendFollowUp(pi, [notification.title, notification.body].filter((line): line is string => Boolean(line)).join("\n"));
 		}
 	};
+	const captureSessionGeneration = (): number => sessionGeneration;
+	const isOwnerSessionCurrent = (ownerGeneration: number | undefined): boolean => !cleanedUp && (ownerGeneration === undefined || ownerGeneration === sessionGeneration);
+	const isContextCurrent = (ctx: ExtensionContext, ownerGeneration: number): boolean => !cleanedUp && currentCtx === ctx && sessionGeneration === ownerGeneration;
 	const subagentManager = new SubagentManager(
 		4,
 		(record) => {
@@ -170,6 +174,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 				});
 			}
 			if (!record.background || record.resultConsumed) return;
+			if (!isOwnerSessionCurrent(record.ownerSessionGeneration)) return;
 			if (record.status === "completed" || record.status === "failed" || record.status === "cancelled" || record.status === "blocked" || record.status === "error") {
 				const metadata = JSON.stringify({ id: record.id, status: record.status, type: record.type, runId: record.runId, description: record.description }, null, 2);
 				const joinInstruction = [
@@ -186,6 +191,8 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		},
 		1000,
 		(event, payload) => {
+			const ownerGeneration = typeof payload.ownerSessionGeneration === "number" ? payload.ownerSessionGeneration : undefined;
+			if (ownerGeneration !== undefined && !isOwnerSessionCurrent(ownerGeneration)) return;
 			if (event === "subagent.stuck-blocked") {
 				const id = typeof payload.id === "string" ? payload.id : "unknown";
 				const runId = typeof payload.runId === "string" ? payload.runId : "unknown";
@@ -233,6 +240,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		});
 	};
 	const startForegroundRun = (ctx: ExtensionContext, runner: (signal?: AbortSignal) => Promise<void>, runId?: string): void => {
+		const ownerGeneration = captureSessionGeneration();
 		const controller = new AbortController();
 		foregroundControllers.add(controller);
 		if (ctx.hasUI) {
@@ -251,15 +259,16 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 							logInternalError("register.foreground-run-failure", statusError, `runId=${runId}`);
 						}
 					}
-					ctx.ui.notify(`pi-crew foreground run failed: ${message}`, "error");
+					if (isContextCurrent(ctx, ownerGeneration)) ctx.ui.notify(`pi-crew foreground run failed: ${message}`, "error");
 				})
 				.finally(() => {
 					foregroundControllers.delete(controller);
-					if (ctx.hasUI) {
+					const ownerCurrent = isContextCurrent(ctx, ownerGeneration);
+					if (ownerCurrent && ctx.hasUI) {
 						setWorkingIndicator(ctx);
 						ctx.ui.setWorkingMessage();
 					}
-					if (runId) {
+					if (ownerCurrent && runId) {
 						const loaded = loadRunManifestById(ctx.cwd, runId);
 						const status = loaded?.manifest.status ?? "finished";
 						const level = status === "failed" || status === "blocked" ? "error" : status === "cancelled" ? "warning" : "info";
@@ -287,7 +296,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 							});
 						}
 					}
-					if (currentCtx) {
+					if (ownerCurrent && currentCtx) {
 						const config = loadConfig(currentCtx.cwd).config.ui;
 						updateCrewWidget(currentCtx, widgetState, config, getManifestCache(currentCtx.cwd), getRunSnapshotCache(currentCtx.cwd));
 						updatePiCrewPowerbar(pi.events, currentCtx.cwd, config, getManifestCache(currentCtx.cwd), getRunSnapshotCache(currentCtx.cwd), currentCtx, widgetState.notificationCount ?? 0);
@@ -328,6 +337,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		notificationSink = undefined;
 		rpcHandle?.unsubscribe();
 		rpcHandle = undefined;
+		sessionGeneration += 1;
 		currentCtx = undefined;
 		if (globalStore[runtimeCleanupStoreKey] === cleanupRuntime) delete globalStore[runtimeCleanupStoreKey];
 	};
@@ -337,6 +347,8 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		runArtifactCleanup(ctx.cwd);
 		time("register.session-start");
 		cleanedUp = false;
+		sessionGeneration++;
+		const ownerGeneration = sessionGeneration;
 		currentCtx = ctx;
 		if (widgetState.interval) clearInterval(widgetState.interval);
 		widgetState.interval = undefined;
@@ -346,7 +358,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		configureNotifications(ctx);
 		configureObservability(ctx);
 		registerPiCrewPowerbarSegments(pi.events, loadedConfig.config.ui);
-		startAsyncRunNotifier(ctx, notifierState, loadedConfig.config.notifierIntervalMs ?? DEFAULT_UI.notifierIntervalMs);
+		startAsyncRunNotifier(ctx, notifierState, loadedConfig.config.notifierIntervalMs ?? DEFAULT_UI.notifierIntervalMs, { generation: ownerGeneration, isCurrent: (generation) => generation === sessionGeneration && currentCtx === ctx && !cleanedUp });
 		const cache = getManifestCache(ctx.cwd);
 		updateCrewWidget(ctx, widgetState, loadedConfig.config.ui, cache, getRunSnapshotCache(ctx.cwd));
 		updatePiCrewPowerbar(pi.events, ctx.cwd, loadedConfig.config.ui, cache, getRunSnapshotCache(ctx.cwd), ctx, widgetState.notificationCount ?? 0);
@@ -395,7 +407,11 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 			onInvalidate: () => getRunSnapshotCache(ctx.cwd).invalidate(),
 		});
 	});
-	pi.on("session_before_switch", () => stopSessionBoundSubagents());
+	pi.on("session_before_switch", () => {
+		sessionGeneration++;
+		stopAsyncRunNotifier(notifierState);
+		stopSessionBoundSubagents();
+	});
 	pi.on("session_shutdown", () => cleanupRuntime());
 
 	registerCompactionGuard(pi, { foregroundControllers });
@@ -417,7 +433,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 	});
 
 	registerTeamTool(pi, { foregroundControllers, startForegroundRun, openLiveSidebar, getManifestCache, getRunSnapshotCache, getMetricRegistry: () => metricRegistry, widgetState });
-	registerSubagentTools(pi, subagentManager);
+	registerSubagentTools(pi, subagentManager, { ownerSessionGeneration: captureSessionGeneration });
 	time("register.tools");
 
 	registerTeamCommands(pi, { startForegroundRun, openLiveSidebar, getManifestCache, getRunSnapshotCache, getMetricRegistry: () => metricRegistry, dismissNotifications: () => {

package/src/extension/registration/subagent-tools.ts

@@ -8,7 +8,11 @@ import { loadConfig } from "../../config/config.ts";
 import { logInternalError } from "../../utils/internal-error.ts";
 import { __test__subagentSpawnParams, formatSubagentRecord, readSubagentRunResult, refreshPersistedSubagentRecord, subagentToolResult } from "./subagent-helpers.ts";
 
-export function registerSubagentTools(pi: ExtensionAPI, subagentManager: SubagentManager): void {
+export interface SubagentToolRegistrationOptions {
+	ownerSessionGeneration?: () => number;
+}
+
+export function registerSubagentTools(pi: ExtensionAPI, subagentManager: SubagentManager, options: SubagentToolRegistrationOptions = {}): void {
 	const agentTool: ToolDefinition = {
 		name: "Agent",
 		label: "Agent",
@@ -31,11 +35,12 @@ export function registerSubagentTools(pi: ExtensionAPI, subagentManager: Subagen
 			const currentRole = currentCrewRole();
 			const permission = checkSubagentSpawnPermission(currentRole);
 			if (!permission.allowed) return subagentToolResult(permission.reason ?? "Current role cannot spawn subagents.", { role: currentRole, mode: permission.mode }, true);
-			const options = __test__subagentSpawnParams(params as Record<string, unknown>, ctx);
-			if (!options.prompt.trim()) return subagentToolResult("Agent requires prompt.", {}, true);
-			const runner = async (spawnOptions: SubagentSpawnOptions, childSignal?: AbortSignal) => handleTeamTool({ action: "run", agent: spawnOptions.type, goal: spawnOptions.prompt, model: spawnOptions.model, async: spawnOptions.background, config: spawnOptions.maxTurns ? { runtime: { maxTurns: spawnOptions.maxTurns } } : undefined } as TeamToolParamsValue, spawnOptions.background ? { ...ctx, signal: childSignal } : { ...ctx, signal: childSignal });
-			const record = subagentManager.spawn(options, runner, options.background ? undefined : signal);
-			if (options.background || record.status === "queued") {
+			const spawnOptions = __test__subagentSpawnParams(params as Record<string, unknown>, ctx);
+			spawnOptions.ownerSessionGeneration = options.ownerSessionGeneration?.();
+			if (!spawnOptions.prompt.trim()) return subagentToolResult("Agent requires prompt.", {}, true);
+			const runner = async (currentOptions: SubagentSpawnOptions, childSignal?: AbortSignal) => handleTeamTool({ action: "run", agent: currentOptions.type, goal: currentOptions.prompt, model: currentOptions.model, async: currentOptions.background, config: currentOptions.maxTurns ? { runtime: { maxTurns: currentOptions.maxTurns } } : undefined } as TeamToolParamsValue, currentOptions.background ? { ...ctx, signal: childSignal } : { ...ctx, signal: childSignal });
+			const record = subagentManager.spawn(spawnOptions, runner, spawnOptions.background ? undefined : signal);
+			if (spawnOptions.background || record.status === "queued") {
 				// Phase 1.1a: Terminate turn for background queued — no LLM follow-up needed.
 				// Phase 1.6: Record was terminated for telemetry.
 				record.terminated = true;