fix(tools): never drop the sub-agent 🔑 notice — wrap every return through one helper

yotsuda · claude · yotsuda · commit 884b371b2d38 · 2026-05-03T10:32:14.000+09:00
The "🔑 Your agent_id is: ..." notice is the only signal a freshly
allocated sub-agent has for learning its own ID. It used to be emitted
inline by:

  - GetCurrentLocation success path (line ~192)
  - InvokeExpression case "success" branch (only when startupNotice was set)
  - StartConsole new + reuse paths

Every other return path forgot to add it. Sub-agents could lose their
allocated ID forever if their first call landed on:

  - GetCurrentLocation with no ready pipe — delegated to StartConsole
    with the already-allocated agent_id, so the inner ResolveAgentId
    saw isNewlyAllocated=false and the inner success path stayed silent.
  - InvokeExpression cases "timeout", "Completed" (cached), "error" —
    branches built their own response and never appended the notice.
  - InvokeExpression busy auto-route — recurses with is_subagent:false,
    inner stays silent, outer''s busyResponse never adds the notice.
  - Any drift bail / var1 enforcement / pipe-error early return.

Fix: add a single PrependAgentIdNoticeIfNew helper and a per-method
local Wrap function, then route every return through Wrap. The helper
is a no-op when isNewlyAllocated=false, so the common path
(is_subagent=false or already-known agent_id) is unchanged. Inline
🔑 emissions removed from the three legacy sites so we don''t
double-up.

Trade-off: the notice now appears at the very top of the response
instead of being interleaved with the startupNotice block. AI parses
the same text either way; emit-from-one-place is what makes future
branches automatically correct.

4 unit tests added: success-path notice (regression guard),
error-path notice (the previously-broken case), default-agent silence,
provided-agent-id silence.

Build clean. xunit: net8 162/162, net9 275/275 (+4 from this change).
Note: Unit/Proxy/** is net9-only by csproj convention because the
Proxy project itself is net9-only.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/PowerShell.MCP.Proxy/Tools/PowerShellTools.cs b/PowerShell.MCP.Proxy/Tools/PowerShellTools.cs
@@ -110,6 +110,20 @@ private static (string agentId, bool isNewlyAllocated, string? error) ResolveAge
         return ("default", false, null);
     }
 
+    /// <summary>
+    /// Prepends the 🔑 agent_id notice to a tool response when a new sub-agent
+    /// ID was just allocated. No-op for the common case (isNewlyAllocated=false),
+    /// so this can be applied unconditionally to every return path of a tool method.
+    /// Centralizing the emit here is what guarantees the notice can't be dropped by
+    /// timeout / cached-completed / error / busy-route / drift-bail / auto-start
+    /// branches the way it was when each branch had to remember to add it.
+    /// </summary>
+    private static string PrependAgentIdNoticeIfNew(string body, bool isNewlyAllocated, string agentId)
+    {
+        if (!isNewlyAllocated) return body;
+        return $"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.\n\n{body}";
+    }
+
     [McpServerTool]
     [Description("Retrieves the current location and all available drives (providers) from the PowerShell session. Returns current_location and other_drive_locations array. Call this when you need to understand the current PowerShell context, as users may change location during the session. When executing multiple invoke_expression commands in succession, calling once at the beginning is sufficient.")]
     public static async Task<string> GetCurrentLocation(
@@ -122,17 +136,24 @@ public static async Task<string> GetCurrentLocation(
         CancellationToken cancellationToken = default)
     {
         var (agentId, isNewlyAllocated, error) = ResolveAgentId(is_subagent, agent_id);
+        // Wrap every return so the 🔑 notice can never be dropped on a sub-agent's
+        // first call regardless of which branch builds the response.
+        string Wrap(string r) => PrependAgentIdNoticeIfNew(r, isNewlyAllocated, agentId);
         if (error != null)
-            return error;
+            return Wrap(error);
 
         // Find a ready pipe
         var (readyPipeName, consoleSwitched, closedConsoleMessages, allPipesStatusInfo, _) = await FindReadyPipeAsync(pipeDiscoveryService, agentId, cancellationToken);
 
         if (readyPipeName == null)
         {
-            // No ready pipe - auto-start (StartConsole includes busy info collection)
+            // No ready pipe - auto-start (StartConsole includes busy info collection).
+            // Pass is_subagent: false because the sub-agent ID was already allocated
+            // here; if we passed it as true the inner StartConsole would skip its own
+            // ResolveAgentId allocation but our Wrap would still add the notice. Either
+            // shape works; passing false makes the inner call's intent explicit.
             Console.Error.WriteLine($"[INFO] No ready PowerShell console found, auto-starting... Reason: {allPipesStatusInfo}");
-            return await StartConsole(powerShellService, pipeDiscoveryService, agent_id: agentId, is_subagent: is_subagent, cancellationToken: cancellationToken);
+            return Wrap(await StartConsole(powerShellService, pipeDiscoveryService, agent_id: agentId, is_subagent: false, cancellationToken: cancellationToken));
         }
 
         try
@@ -168,18 +189,13 @@ public static async Task<string> GetCurrentLocation(
             {
                 response.Append(completedOutputs);
             }
-            if (isNewlyAllocated)
-            {
-                response.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");
-                response.AppendLine();
-            }
             response.Append(result);
-            return response.ToString();
+            return Wrap(response.ToString());
         }
         catch (Exception ex)
         {
             Console.Error.WriteLine($"[ERROR] GetCurrentLocation failed: {ex.Message}");
-            return $"Failed to get current location: {ex.Message}\n\nPlease try again. A new console will be started automatically if needed.";
+            return Wrap($"Failed to get current location: {ex.Message}\n\nPlease try again. A new console will be started automatically if needed.");
         }
     }
 
@@ -248,8 +264,11 @@ public static async Task<string> InvokeExpression(
         }
 
         var (agentId, isNewlyAllocated, resolveError) = ResolveAgentId(is_subagent, agent_id);
+        // Wrap every return so the 🔑 notice can never be dropped on a sub-agent's
+        // first call regardless of which branch builds the response.
+        string Wrap(string r) => PrependAgentIdNoticeIfNew(r, isNewlyAllocated, agentId);
         if (resolveError != null)
-            return resolveError;
+            return Wrap(resolveError);
 
         var sessionManager = ConsoleSessionManager.Instance;
         // Find a ready pipe
@@ -283,7 +302,7 @@ public static async Task<string> InvokeExpression(
             var (success, locationResult) = await StartConsoleInternal(powerShellService, agentId, null, autoStartLocation, cancellationToken);
             if (!success)
             {
-                return locationResult; // Error message
+                return Wrap(locationResult); // Error message
             }
 
             // Pick up the freshly-spawned pipe so the rest of this call
@@ -292,7 +311,7 @@ public static async Task<string> InvokeExpression(
             readyPipeName = sessionManager.GetActivePipeName(agentId);
             if (readyPipeName == null)
             {
-                return "Failed to acquire newly-started console pipe.";
+                return Wrap("Failed to acquire newly-started console pipe.");
             }
 
             await SetConsoleTitleAsync(powerShellService, readyPipeName, cancellationToken);
@@ -324,7 +343,7 @@ public static async Task<string> InvokeExpression(
         var var1Error = PipelineHelper.CheckVar1Enforcement(pipeline, var1, var2);
         if (var1Error != null)
         {
-            return var1Error;
+            return Wrap(var1Error);
         }
 
         // Cwd drift detection: if the user typed `cd` in the visible console
@@ -360,7 +379,7 @@ public static async Task<string> InvokeExpression(
             }
             bailResponse.AppendLine($"ℹ️ User changed cwd in console {driftConsoleName} from '{drift.Value.AiCwd}' to '{drift.Value.LiveCwd}'.");
             bailResponse.AppendLine($"Pipeline NOT executed. Re-issue to run at '{drift.Value.LiveCwd}', or prepend `Set-Location -LiteralPath '{drift.Value.AiCwd.Replace("'", "''")}';` to revert.");
-            return bailResponse.ToString();
+            return Wrap(bailResponse.ToString());
         }
 
         // Execute the command
@@ -418,7 +437,7 @@ public static async Task<string> InvokeExpression(
                                     var (startSuccess, startError) = await StartConsoleInternal(powerShellService, agentId, null, startLoc, cancellationToken);
                                     if (!startSuccess)
                                     {
-                                        return startError;
+                                        return Wrap(startError);
                                     }
 
                                     // Set console window title
@@ -465,7 +484,7 @@ public static async Task<string> InvokeExpression(
                                     busyResponse.AppendLine($"ℹ️ Auto-routed to {newConsoleName} at {startLoc} (source console busy with {jsonResponse.Reason}). Pipeline executed automatically — no re-send needed.");
                                     busyResponse.AppendLine();
                                     busyResponse.Append(retryResult);
-                                    return busyResponse.ToString();
+                                    return Wrap(busyResponse.ToString());
                                 }
                                 break;
 
@@ -522,7 +541,7 @@ public static async Task<string> InvokeExpression(
                                     timeoutResponse.AppendLine();
                                     timeoutResponse.AppendLine(scopeWarning);
                                 }
-                                return timeoutResponse.ToString();
+                                return Wrap(timeoutResponse.ToString());
 
                             case PipeStatus.Completed:
                                 // Snapshot AI-intended cwd from the cached completion.
@@ -589,10 +608,10 @@ public static async Task<string> InvokeExpression(
                                 {
                                     cachedResponse.Append("Result cached. Will be returned on next tool call.");
                                 }
-                                return cachedResponse.ToString();
+                                return Wrap(cachedResponse.ToString());
 
                             case "error":
-                                return jsonResponse.Message ?? $"Error from PowerShell.MCP module: {jsonResponse.Error}";
+                                return Wrap(jsonResponse.Message ?? $"Error from PowerShell.MCP module: {jsonResponse.Error}");
 
                             case "success":
                                 // Snapshot AI-intended cwd at successful completion. This
@@ -632,10 +651,6 @@ public static async Task<string> InvokeExpression(
                                 if (!string.IsNullOrEmpty(startupNotice))
                                 {
                                     successResponse.AppendLine(startupNotice);
-                                    if (isNewlyAllocated)
-                                    {
-                                        successResponse.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");
-                                    }
                                     successResponse.AppendLine();
                                 }
                                 if (completedOutput.Length > 0)
@@ -670,7 +685,7 @@ public static async Task<string> InvokeExpression(
                                 //     successResponse.AppendLine();
                                 //     successResponse.AppendLine(jsonHint);
                                 // }
-                                return successResponse.ToString();
+                                return Wrap(successResponse.ToString());
                         }
                     }
                 }
@@ -681,7 +696,7 @@ public static async Task<string> InvokeExpression(
             }
 
             // Fallback: return result as-is (shouldn't happen with new DLL)
-            return result;
+            return Wrap(result);
         }
         catch (Exception ex)
         {
@@ -692,7 +707,7 @@ public static async Task<string> InvokeExpression(
             var otherClosed = pipeDiscoveryService.DetectClosedConsoles(agentId);
             var closedMessages = new List<string> { $"  - ⚠ Console {consoleName} was closed" };
             closedMessages.AddRange(otherClosed);
-            return $"Command execution failed: {ex.Message}\n{string.Join("\n", closedMessages)}\nPlease try again. A new console will be started automatically if needed.";
+            return Wrap($"Command execution failed: {ex.Message}\n{string.Join("\n", closedMessages)}\nPlease try again. A new console will be started automatically if needed.");
         }
     }
 
@@ -909,8 +924,11 @@ public static async Task<string> StartConsole(
         CancellationToken cancellationToken = default)
     {
         var (agentId, isNewlyAllocated, resolveError) = ResolveAgentId(is_subagent, agent_id);
+        // Wrap every return so the 🔑 notice can never be dropped on a sub-agent's
+        // first call regardless of which branch builds the response.
+        string Wrap(string r) => PrependAgentIdNoticeIfNew(r, isNewlyAllocated, agentId);
         if (resolveError != null)
-            return resolveError;
+            return Wrap(resolveError);
 
         var forceNew = !string.IsNullOrEmpty(reason);
 
@@ -969,13 +987,9 @@ await powerShellService.ExecuteSilentAsync(
                     reuseResponse.Append(reuseCompletedOutput);
                 }
                 reuseResponse.AppendLine("ℹ️ Did not launch a new console. An existing standby console is available and will be reused. To force a new console, provide the reason parameter.");
-                if (isNewlyAllocated)
-                {
-                    reuseResponse.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");
-                }
                 reuseResponse.AppendLine();
                 reuseResponse.Append(reuseLocationResult);
-                return reuseResponse.ToString();
+                return Wrap(reuseResponse.ToString());
             }
             // No standby console found, fall through to create a new one
         }
@@ -985,7 +999,7 @@ await powerShellService.ExecuteSilentAsync(
         var (success, startResult) = await StartConsoleInternal(powerShellService, agentId, startupCommands, resolvedPath, cancellationToken);
         if (!success)
         {
-            return startResult; // Error message
+            return Wrap(startResult); // Error message
         }
 
         // Set console window title
@@ -1015,13 +1029,9 @@ await powerShellService.ExecuteSilentAsync(
             response.AppendLine();
         }
         response.AppendLine("PowerShell console started successfully with PowerShell.MCP module imported.");
-        if (isNewlyAllocated)
-        {
-            response.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");
-        }
         response.AppendLine();
         response.Append(startResult);
-        return response.ToString();
+        return Wrap(response.ToString());
     }
 
     /// <summary>
diff --git a/Tests/Unit/Proxy/PowerShellToolsTests.cs b/Tests/Unit/Proxy/PowerShellToolsTests.cs
@@ -135,6 +135,109 @@ public async Task GetCurrentLocation_PipeError_ReturnsErrorMessage()
         Assert.Contains("Pipe communication failed", result);
     }
 
+    [Fact]
+    public async Task GetCurrentLocation_SubAgentNewAllocation_ReadyPipe_EmitsAgentIdNotice()
+    {
+        // Sub-agent's first call must include the 🔑 agent_id notice in the response
+        // so the AI knows which ID to pass to subsequent tool calls. Success-path
+        // regression guard.
+        _mockPipeDiscoveryService
+            .Setup(s => s.FindReadyPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>(), It.IsAny<bool>()))
+            .ReturnsAsync(new PipeDiscoveryResult(TestPipeName, false, new List<string>(), null));
+
+        _mockPowerShellService
+            .Setup(s => s.GetCurrentLocationFromPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync("Location [FileSystem]: C:\\test");
+
+        _mockPipeDiscoveryService
+            .Setup(s => s.CollectAllCachedOutputsAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new CachedOutputResult("", ""));
+
+        var result = await PowerShellTools.GetCurrentLocation(
+            _mockPowerShellService.Object,
+            _mockPipeDiscoveryService.Object,
+            agent_id: null,
+            is_subagent: true);
+
+        Assert.Contains("🔑 Your agent_id is:", result);
+    }
+
+    [Fact]
+    public async Task GetCurrentLocation_SubAgentNewAllocation_PipeError_StillEmitsAgentIdNotice()
+    {
+        // Regression: previously the error / timeout / cached-completed branches did
+        // not emit 🔑. A sub-agent that hit any of those on its first call lost its
+        // allocated ID forever. The wrap-every-return refactor closes that hole.
+        _mockPipeDiscoveryService
+            .Setup(s => s.FindReadyPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>(), It.IsAny<bool>()))
+            .ReturnsAsync(new PipeDiscoveryResult(TestPipeName, false, new List<string>(), null));
+
+        _mockPowerShellService
+            .Setup(s => s.GetCurrentLocationFromPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ThrowsAsync(new InvalidOperationException("Pipe communication failed"));
+
+        var result = await PowerShellTools.GetCurrentLocation(
+            _mockPowerShellService.Object,
+            _mockPipeDiscoveryService.Object,
+            agent_id: null,
+            is_subagent: true);
+
+        Assert.Contains("🔑 Your agent_id is:", result);
+        Assert.Contains("Failed to get current location", result);
+    }
+
+    [Fact]
+    public async Task GetCurrentLocation_DefaultAgent_DoesNotEmitAgentIdNotice()
+    {
+        // Non-sub-agent (default) calls must NOT carry the 🔑 notice — it would just
+        // be noise. Verifies the wrap helper is a no-op when isNewlyAllocated=false.
+        _mockPipeDiscoveryService
+            .Setup(s => s.FindReadyPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>(), It.IsAny<bool>()))
+            .ReturnsAsync(new PipeDiscoveryResult(TestPipeName, false, new List<string>(), null));
+
+        _mockPowerShellService
+            .Setup(s => s.GetCurrentLocationFromPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync("Location [FileSystem]: C:\\test");
+
+        _mockPipeDiscoveryService
+            .Setup(s => s.CollectAllCachedOutputsAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new CachedOutputResult("", ""));
+
+        var result = await PowerShellTools.GetCurrentLocation(
+            _mockPowerShellService.Object,
+            _mockPipeDiscoveryService.Object);
+
+        Assert.DoesNotContain("🔑", result);
+    }
+
+    [Fact]
+    public async Task GetCurrentLocation_ProvidedAgentId_DoesNotEmitAgentIdNotice()
+    {
+        // When the AI passes back a previously-issued agent_id, no allocation happens
+        // so the 🔑 notice would be a duplicate. Must stay silent.
+        _mockPipeDiscoveryService
+            .Setup(s => s.FindReadyPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>(), It.IsAny<bool>()))
+            .ReturnsAsync(new PipeDiscoveryResult(TestPipeName, false, new List<string>(), null));
+
+        _mockPowerShellService
+            .Setup(s => s.GetCurrentLocationFromPipeAsync(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync("Location [FileSystem]: C:\\test");
+
+        _mockPipeDiscoveryService
+            .Setup(s => s.CollectAllCachedOutputsAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new CachedOutputResult("", ""));
+
+        // Use a valid sa-* shaped ID so IsValidAgentId returns true
+        var validSubAgentId = ConsoleSessionManager.Instance.AllocateSubAgentId();
+        var result = await PowerShellTools.GetCurrentLocation(
+            _mockPowerShellService.Object,
+            _mockPipeDiscoveryService.Object,
+            agent_id: validSubAgentId,
+            is_subagent: true);
+
+        Assert.DoesNotContain("🔑", result);
+    }
+
     [Fact]
     public async Task GetCurrentLocation_ConsoleSwitched_SetsWindowTitle()
     {

Original file line number	Diff line number	Diff line change
`@@ -110,6 +110,20 @@ private static (string agentId, bool isNewlyAllocated, string? error) ResolveAge`
`110`	`110`	`return ("default", false, null);`
`111`	`111`	`}`
`112`	`112`
	`113`	`+ /// <summary>`
	`114`	`+ /// Prepends the 🔑 agent_id notice to a tool response when a new sub-agent`
	`115`	`+ /// ID was just allocated. No-op for the common case (isNewlyAllocated=false),`
	`116`	`+ /// so this can be applied unconditionally to every return path of a tool method.`
	`117`	`+ /// Centralizing the emit here is what guarantees the notice can't be dropped by`
	`118`	`+ /// timeout / cached-completed / error / busy-route / drift-bail / auto-start`
	`119`	`+ /// branches the way it was when each branch had to remember to add it.`
	`120`	`+ /// </summary>`
	`121`	`+ private static string PrependAgentIdNoticeIfNew(string body, bool isNewlyAllocated, string agentId)`
	`122`	`+ {`
	`123`	`+ if (!isNewlyAllocated) return body;`
	`124`	`+ return $"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.\n\n{body}";`
	`125`	`+ }`
	`126`	`+`
`113`	`127`	`[McpServerTool]`
`114`	`128`	`[Description("Retrieves the current location and all available drives (providers) from the PowerShell session. Returns current_location and other_drive_locations array. Call this when you need to understand the current PowerShell context, as users may change location during the session. When executing multiple invoke_expression commands in succession, calling once at the beginning is sufficient.")]`
`115`	`129`	`public static async Task<string> GetCurrentLocation(`
`@@ -122,17 +136,24 @@ public static async Task<string> GetCurrentLocation(`
`122`	`136`	`CancellationToken cancellationToken = default)`
`123`	`137`	`{`
`124`	`138`	`var (agentId, isNewlyAllocated, error) = ResolveAgentId(is_subagent, agent_id);`
	`139`	`+ // Wrap every return so the 🔑 notice can never be dropped on a sub-agent's`
	`140`	`+ // first call regardless of which branch builds the response.`
	`141`	`+ string Wrap(string r) => PrependAgentIdNoticeIfNew(r, isNewlyAllocated, agentId);`
`125`	`142`	`if (error != null)`
`126`		`- return error;`
	`143`	`+ return Wrap(error);`
`127`	`144`
`128`	`145`	`// Find a ready pipe`
`129`	`146`	`var (readyPipeName, consoleSwitched, closedConsoleMessages, allPipesStatusInfo, _) = await FindReadyPipeAsync(pipeDiscoveryService, agentId, cancellationToken);`
`130`	`147`
`131`	`148`	`if (readyPipeName == null)`
`132`	`149`	`{`
`133`		`- // No ready pipe - auto-start (StartConsole includes busy info collection)`
	`150`	`+ // No ready pipe - auto-start (StartConsole includes busy info collection).`
	`151`	`+ // Pass is_subagent: false because the sub-agent ID was already allocated`
	`152`	`+ // here; if we passed it as true the inner StartConsole would skip its own`
	`153`	`+ // ResolveAgentId allocation but our Wrap would still add the notice. Either`
	`154`	`+ // shape works; passing false makes the inner call's intent explicit.`
`134`	`155`	`Console.Error.WriteLine($"[INFO] No ready PowerShell console found, auto-starting... Reason: {allPipesStatusInfo}");`
`135`		`- return await StartConsole(powerShellService, pipeDiscoveryService, agent_id: agentId, is_subagent: is_subagent, cancellationToken: cancellationToken);`
	`156`	`+ return Wrap(await StartConsole(powerShellService, pipeDiscoveryService, agent_id: agentId, is_subagent: false, cancellationToken: cancellationToken));`
`136`	`157`	`}`
`137`	`158`
`138`	`159`	`try`
`@@ -168,18 +189,13 @@ public static async Task<string> GetCurrentLocation(`
`168`	`189`	`{`
`169`	`190`	`response.Append(completedOutputs);`
`170`	`191`	`}`
`171`		`- if (isNewlyAllocated)`
`172`		`- {`
`173`		`- response.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");`
`174`		`- response.AppendLine();`
`175`		`- }`
`176`	`192`	`response.Append(result);`
`177`		`- return response.ToString();`
	`193`	`+ return Wrap(response.ToString());`
`178`	`194`	`}`
`179`	`195`	`catch (Exception ex)`
`180`	`196`	`{`
`181`	`197`	`Console.Error.WriteLine($"[ERROR] GetCurrentLocation failed: {ex.Message}");`
`182`		`- return $"Failed to get current location: {ex.Message}\n\nPlease try again. A new console will be started automatically if needed.";`
	`198`	`+ return Wrap($"Failed to get current location: {ex.Message}\n\nPlease try again. A new console will be started automatically if needed.");`
`183`	`199`	`}`
`184`	`200`	`}`
`185`	`201`
`@@ -248,8 +264,11 @@ public static async Task<string> InvokeExpression(`
`248`	`264`	`}`
`249`	`265`
`250`	`266`	`var (agentId, isNewlyAllocated, resolveError) = ResolveAgentId(is_subagent, agent_id);`
	`267`	`+ // Wrap every return so the 🔑 notice can never be dropped on a sub-agent's`
	`268`	`+ // first call regardless of which branch builds the response.`
	`269`	`+ string Wrap(string r) => PrependAgentIdNoticeIfNew(r, isNewlyAllocated, agentId);`
`251`	`270`	`if (resolveError != null)`
`252`		`- return resolveError;`
	`271`	`+ return Wrap(resolveError);`
`253`	`272`
`254`	`273`	`var sessionManager = ConsoleSessionManager.Instance;`
`255`	`274`	`// Find a ready pipe`
`@@ -283,7 +302,7 @@ public static async Task<string> InvokeExpression(`
`283`	`302`	`var (success, locationResult) = await StartConsoleInternal(powerShellService, agentId, null, autoStartLocation, cancellationToken);`
`284`	`303`	`if (!success)`
`285`	`304`	`{`
`286`		`- return locationResult; // Error message`
	`305`	`+ return Wrap(locationResult); // Error message`
`287`	`306`	`}`
`288`	`307`
`289`	`308`	`// Pick up the freshly-spawned pipe so the rest of this call`
`@@ -292,7 +311,7 @@ public static async Task<string> InvokeExpression(`
`292`	`311`	`readyPipeName = sessionManager.GetActivePipeName(agentId);`
`293`	`312`	`if (readyPipeName == null)`
`294`	`313`	`{`
`295`		`- return "Failed to acquire newly-started console pipe.";`
	`314`	`+ return Wrap("Failed to acquire newly-started console pipe.");`
`296`	`315`	`}`
`297`	`316`
`298`	`317`	`await SetConsoleTitleAsync(powerShellService, readyPipeName, cancellationToken);`
`@@ -324,7 +343,7 @@ public static async Task<string> InvokeExpression(`
`324`	`343`	`var var1Error = PipelineHelper.CheckVar1Enforcement(pipeline, var1, var2);`
`325`	`344`	`if (var1Error != null)`
`326`	`345`	`{`
`327`		`- return var1Error;`
	`346`	`+ return Wrap(var1Error);`
`328`	`347`	`}`
`329`	`348`
`330`	`349`	// Cwd drift detection: if the user typed `cd` in the visible console
`@@ -360,7 +379,7 @@ public static async Task<string> InvokeExpression(`
`360`	`379`	`}`
`361`	`380`	`bailResponse.AppendLine($"ℹ️ User changed cwd in console {driftConsoleName} from '{drift.Value.AiCwd}' to '{drift.Value.LiveCwd}'.");`
`362`	`381`	bailResponse.AppendLine($"Pipeline NOT executed. Re-issue to run at '{drift.Value.LiveCwd}', or prepend `Set-Location -LiteralPath '{drift.Value.AiCwd.Replace("'", "''")}';` to revert.");
`363`		`- return bailResponse.ToString();`
	`382`	`+ return Wrap(bailResponse.ToString());`
`364`	`383`	`}`
`365`	`384`
`366`	`385`	`// Execute the command`
`@@ -418,7 +437,7 @@ public static async Task<string> InvokeExpression(`
`418`	`437`	`var (startSuccess, startError) = await StartConsoleInternal(powerShellService, agentId, null, startLoc, cancellationToken);`
`419`	`438`	`if (!startSuccess)`
`420`	`439`	`{`
`421`		`- return startError;`
	`440`	`+ return Wrap(startError);`
`422`	`441`	`}`
`423`	`442`
`424`	`443`	`// Set console window title`
`@@ -465,7 +484,7 @@ public static async Task<string> InvokeExpression(`
`465`	`484`	`busyResponse.AppendLine($"ℹ️ Auto-routed to {newConsoleName} at {startLoc} (source console busy with {jsonResponse.Reason}). Pipeline executed automatically — no re-send needed.");`
`466`	`485`	`busyResponse.AppendLine();`
`467`	`486`	`busyResponse.Append(retryResult);`
`468`		`- return busyResponse.ToString();`
	`487`	`+ return Wrap(busyResponse.ToString());`
`469`	`488`	`}`
`470`	`489`	`break;`
`471`	`490`
`@@ -522,7 +541,7 @@ public static async Task<string> InvokeExpression(`
`522`	`541`	`timeoutResponse.AppendLine();`
`523`	`542`	`timeoutResponse.AppendLine(scopeWarning);`
`524`	`543`	`}`
`525`		`- return timeoutResponse.ToString();`
	`544`	`+ return Wrap(timeoutResponse.ToString());`
`526`	`545`
`527`	`546`	`case PipeStatus.Completed:`
`528`	`547`	`// Snapshot AI-intended cwd from the cached completion.`
`@@ -589,10 +608,10 @@ public static async Task<string> InvokeExpression(`
`589`	`608`	`{`
`590`	`609`	`cachedResponse.Append("Result cached. Will be returned on next tool call.");`
`591`	`610`	`}`
`592`		`- return cachedResponse.ToString();`
	`611`	`+ return Wrap(cachedResponse.ToString());`
`593`	`612`
`594`	`613`	`case "error":`
`595`		`- return jsonResponse.Message ?? $"Error from PowerShell.MCP module: {jsonResponse.Error}";`
	`614`	`+ return Wrap(jsonResponse.Message ?? $"Error from PowerShell.MCP module: {jsonResponse.Error}");`
`596`	`615`
`597`	`616`	`case "success":`
`598`	`617`	`// Snapshot AI-intended cwd at successful completion. This`
`@@ -632,10 +651,6 @@ public static async Task<string> InvokeExpression(`
`632`	`651`	`if (!string.IsNullOrEmpty(startupNotice))`
`633`	`652`	`{`
`634`	`653`	`successResponse.AppendLine(startupNotice);`
`635`		`- if (isNewlyAllocated)`
`636`		`- {`
`637`		`- successResponse.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");`
`638`		`- }`
`639`	`654`	`successResponse.AppendLine();`
`640`	`655`	`}`
`641`	`656`	`if (completedOutput.Length > 0)`
`@@ -670,7 +685,7 @@ public static async Task<string> InvokeExpression(`
`670`	`685`	`// successResponse.AppendLine();`
`671`	`686`	`// successResponse.AppendLine(jsonHint);`
`672`	`687`	`// }`
`673`		`- return successResponse.ToString();`
	`688`	`+ return Wrap(successResponse.ToString());`
`674`	`689`	`}`
`675`	`690`	`}`
`676`	`691`	`}`
`@@ -681,7 +696,7 @@ public static async Task<string> InvokeExpression(`
`681`	`696`	`}`
`682`	`697`
`683`	`698`	`// Fallback: return result as-is (shouldn't happen with new DLL)`
`684`		`- return result;`
	`699`	`+ return Wrap(result);`
`685`	`700`	`}`
`686`	`701`	`catch (Exception ex)`
`687`	`702`	`{`
`@@ -692,7 +707,7 @@ public static async Task<string> InvokeExpression(`
`692`	`707`	`var otherClosed = pipeDiscoveryService.DetectClosedConsoles(agentId);`
`693`	`708`	`var closedMessages = new List<string> { $" - ⚠ Console {consoleName} was closed" };`
`694`	`709`	`closedMessages.AddRange(otherClosed);`
`695`		`- return $"Command execution failed: {ex.Message}\n{string.Join("\n", closedMessages)}\nPlease try again. A new console will be started automatically if needed.";`
	`710`	`+ return Wrap($"Command execution failed: {ex.Message}\n{string.Join("\n", closedMessages)}\nPlease try again. A new console will be started automatically if needed.");`
`696`	`711`	`}`
`697`	`712`	`}`
`698`	`713`
`@@ -909,8 +924,11 @@ public static async Task<string> StartConsole(`
`909`	`924`	`CancellationToken cancellationToken = default)`
`910`	`925`	`{`
`911`	`926`	`var (agentId, isNewlyAllocated, resolveError) = ResolveAgentId(is_subagent, agent_id);`
	`927`	`+ // Wrap every return so the 🔑 notice can never be dropped on a sub-agent's`
	`928`	`+ // first call regardless of which branch builds the response.`
	`929`	`+ string Wrap(string r) => PrependAgentIdNoticeIfNew(r, isNewlyAllocated, agentId);`
`912`	`930`	`if (resolveError != null)`
`913`		`- return resolveError;`
	`931`	`+ return Wrap(resolveError);`
`914`	`932`
`915`	`933`	`var forceNew = !string.IsNullOrEmpty(reason);`
`916`	`934`
`@@ -969,13 +987,9 @@ await powerShellService.ExecuteSilentAsync(`
`969`	`987`	`reuseResponse.Append(reuseCompletedOutput);`
`970`	`988`	`}`
`971`	`989`	`reuseResponse.AppendLine("ℹ️ Did not launch a new console. An existing standby console is available and will be reused. To force a new console, provide the reason parameter.");`
`972`		`- if (isNewlyAllocated)`
`973`		`- {`
`974`		`- reuseResponse.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");`
`975`		`- }`
`976`	`990`	`reuseResponse.AppendLine();`
`977`	`991`	`reuseResponse.Append(reuseLocationResult);`
`978`		`- return reuseResponse.ToString();`
	`992`	`+ return Wrap(reuseResponse.ToString());`
`979`	`993`	`}`
`980`	`994`	`// No standby console found, fall through to create a new one`
`981`	`995`	`}`
`@@ -985,7 +999,7 @@ await powerShellService.ExecuteSilentAsync(`
`985`	`999`	`var (success, startResult) = await StartConsoleInternal(powerShellService, agentId, startupCommands, resolvedPath, cancellationToken);`
`986`	`1000`	`if (!success)`
`987`	`1001`	`{`
`988`		`- return startResult; // Error message`
	`1002`	`+ return Wrap(startResult); // Error message`
`989`	`1003`	`}`
`990`	`1004`
`991`	`1005`	`// Set console window title`
`@@ -1015,13 +1029,9 @@ await powerShellService.ExecuteSilentAsync(`
`1015`	`1029`	`response.AppendLine();`
`1016`	`1030`	`}`
`1017`	`1031`	`response.AppendLine("PowerShell console started successfully with PowerShell.MCP module imported.");`
`1018`		`- if (isNewlyAllocated)`
`1019`		`- {`
`1020`		`- response.AppendLine($"🔑 Your agent_id is: {agentId} — pass this in all subsequent tool calls.");`
`1021`		`- }`
`1022`	`1032`	`response.AppendLine();`
`1023`	`1033`	`response.Append(startResult);`
`1024`		`- return response.ToString();`
	`1034`	`+ return Wrap(response.ToString());`
`1025`	`1035`	`}`
`1026`	`1036`
`1027`	`1037`	`/// <summary>`