chapterhouse 0.3.1 → 0.3.2

package/dist/copilot/orchestrator.js

@@ -1,6 +1,8 @@
+import { AsyncLocalStorage } from "node:async_hooks";
 import { approveAll } from "@github/copilot-sdk";
 import { createTools } from "./tools.js";
 import { getOrchestratorSystemMessage } from "./system-message.js";
+import { CHAPTERHOUSE_VERSION } from "../version.js";
 import { config, DEFAULT_MODEL } from "../config.js";
 import { loadMcpConfig } from "./mcp-config.js";
 import { getSkillDirectories } from "./skills.js";
@@ -14,11 +16,8 @@ import { loadAgents, ensureDefaultAgents, clearActiveTasks, getAgentRegistry, se
 import { normalizeProjectPath, setChannelProject } from "../squad/context.js";
 import { getSquadCoordinatorSystemMessage } from "../squad/charter.js";
 import { childLogger } from "../util/logger.js";
+import { SessionManager, SessionRegistry, SESSION_IDLE_TTL_MS, SESSION_MAX_ACTIVE, } from "./session-manager.js";
 const log = childLogger("orchestrator");
-/**
- * Permission handler for the orchestrator session.
- * Approves all tool requests so @chapterhouse has full access to all tools.
- */
 const orchestratorPermissionHandler = approveAll;
 const MAX_RETRIES = 3;
 const RECONNECT_DELAYS_MS = [1_000, 3_000, 10_000];
@@ -33,61 +32,58 @@ let proactiveNotifyFn;
 export function setProactiveNotify(fn) {
     proactiveNotifyFn = fn;
 }
+const turnContextStorage = new AsyncLocalStorage();
+// ---------------------------------------------------------------------------
+// Module-level state (not per-session)
+// ---------------------------------------------------------------------------
 let copilotClient;
 let healthCheckTimer;
 let currentUserContext;
+/**
+ * Last-seen auth context — persists after a turn completes so that callers
+ * which inspect it outside of an active turn (e.g. /api/cancel) still see the
+ * most recent values. Tools that run DURING a turn should use the per-turn
+ * AsyncLocalStorage context for safety in concurrent-session scenarios.
+ */
 let currentAuthenticatedUser;
 let currentAuthorizationHeader;
-// Router state
-let recentTiers = [];
 let lastRouteResult;
 export function getLastRouteResult() {
     return lastRouteResult;
 }
-// Session map — one entry per session key ("default" or "project:{normalizedRoot}")
-const sessionMap = new Map();
-const sessionModelMap = new Map();
-const sessionCreatePromises = new Map();
-// Track which session key the currently-executing turn belongs to (for abort + task routing)
-let currentProcessingSessionKey;
+// ---------------------------------------------------------------------------
+// SessionRegistry — the single owner of all per-session orchestrators
+// ---------------------------------------------------------------------------
+let registry;
+function buildRegistry() {
+    return new SessionRegistry({ idleTtlMs: SESSION_IDLE_TTL_MS, maxActive: SESSION_MAX_ACTIVE }, (sessionKey) => new SessionManager(sessionKey, processItem, createOrResumeSession));
+}
+// ---------------------------------------------------------------------------
+// Context getters — exported for tools.ts and server.ts
+// ---------------------------------------------------------------------------
 export function getCurrentSessionKey() {
-    return currentProcessingSessionKey ?? "default";
+    return turnContextStorage.getStore()?.sessionKey ?? "default";
 }
-const messageQueue = [];
-let processing = false;
-let currentCallback;
-/** The channel currently being processed — tools use this to tag new workers. */
-let currentSourceChannel;
-/** Get the channel that originated the message currently being processed. */
 export function getCurrentSourceChannel() {
-    return currentSourceChannel;
+    return turnContextStorage.getStore()?.sourceChannel;
 }
-let currentChannelKey;
 export function getCurrentChannelKey() {
-    return currentChannelKey;
+    return turnContextStorage.getStore()?.channelKey;
 }
-/**
- * The activity callback for the message currently being processed. Tool handlers
- * (notably `delegate_to_agent`) read this to forward child-session events back
- * to the parent's SSE connection.
- */
-let currentActivityCallback;
 export function getCurrentActivityCallback() {
-    return currentActivityCallback;
+    return turnContextStorage.getStore()?.activityCallback;
 }
 export function getCurrentAuthenticatedUser() {
-    return currentAuthenticatedUser;
+    return turnContextStorage.getStore()?.authUser ?? currentAuthenticatedUser;
 }
 export function getLastAuthenticatedUser() {
     const raw = getState(LAST_AUTHENTICATED_USER_KEY);
-    if (!raw) {
+    if (!raw)
         return undefined;
-    }
     try {
         const parsed = JSON.parse(raw);
-        if (!parsed?.id || !parsed?.name || !parsed?.email || !parsed?.role) {
+        if (!parsed?.id || !parsed?.name || !parsed?.email || !parsed?.role)
             return undefined;
-        }
         return parsed;
     }
     catch {
@@ -95,8 +91,11 @@ export function getLastAuthenticatedUser() {
     }
 }
 export function getCurrentAuthorizationHeader() {
-    return currentAuthorizationHeader;
+    return turnContextStorage.getStore()?.authHeader ?? currentAuthorizationHeader;
 }
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
 function getSessionConfig() {
     const tools = createTools({
         client: copilotClient,
@@ -118,17 +117,16 @@ function sameUserContext(a, b) {
     return a?.name === b?.name && a?.role === b?.role;
 }
 function updateUserContext(source) {
-    if (source.type !== "web") {
+    if (source.type !== "web")
         return;
-    }
     const nextContext = source.user
         ? { name: source.user.name, role: source.user.role }
         : undefined;
-    if (sameUserContext(currentUserContext, nextContext)) {
+    if (sameUserContext(currentUserContext, nextContext))
         return;
-    }
     currentUserContext = nextContext;
-    sessionMap.delete("default");
+    // Invalidate the default session so it's recreated with the updated system message
+    registry?.get("default")?.invalidateSession();
 }
 function updateRequestContext(source) {
     if (source.type !== "web") {
@@ -142,7 +140,6 @@ function updateRequestContext(source) {
         setState(LAST_AUTHENTICATED_USER_KEY, JSON.stringify(source.user));
     }
 }
-/** Feed an agent task result into the orchestrator as a new turn. */
 export function feedAgentResult(taskId, agentSlug, result) {
     const prompt = `[Agent task completed] @${agentSlug} finished task ${taskId}:\n\n${result}`;
     const sessionKey = getTaskSessionKey(taskId);
@@ -155,7 +152,6 @@ export function feedAgentResult(taskId, agentSlug, result) {
 function sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
 }
-/** Ensure the SDK client is connected, resetting if necessary. Coalesces concurrent resets. */
 let resetPromise;
 async function ensureClient() {
     if (copilotClient && copilotClient.getState() === "connected") {
@@ -171,7 +167,6 @@ async function ensureClient() {
     }
     return resetPromise;
 }
-/** Start periodic health check that proactively reconnects the client. */
 function startHealthCheck() {
     if (healthCheckTimer)
         return;
@@ -183,9 +178,10 @@ function startHealthCheck() {
             if (state !== "connected") {
                 log.info({ state }, "Health check: client not connected, resetting");
                 await ensureClient();
-                // Session may need recovery after client reset
-                sessionMap.clear();
-                sessionModelMap.clear();
+                // Invalidate all cached sessions — they're tied to the old connection
+                for (const [, mgr] of registry.getAll()) {
+                    mgr.invalidateSession();
+                }
             }
         }
         catch (err) {
@@ -193,27 +189,7 @@ function startHealthCheck() {
         }
     }, HEALTH_CHECK_INTERVAL_MS);
 }
-/** Ensure a session exists for the given key, creating/resuming as needed. Concurrency-safe. */
-async function ensureOrchestratorSession(sessionKey, projectRoot) {
-    const existing = sessionMap.get(sessionKey);
-    if (existing)
-        return existing;
-    // Coalesce concurrent callers for the same key
-    const inFlight = sessionCreatePromises.get(sessionKey);
-    if (inFlight)
-        return inFlight;
-    const promise = createOrResumeSession(sessionKey, projectRoot);
-    sessionCreatePromises.set(sessionKey, promise);
-    try {
-        const session = await promise;
-        sessionMap.set(sessionKey, session);
-        return session;
-    }
-    finally {
-        sessionCreatePromises.delete(sessionKey);
-    }
-}
-/** Internal: actually create or resume a session (not concurrency-safe — use ensureOrchestratorSession). */
+/** Internal: create or resume a CopilotSession. Called by SessionManager.ensureSession(). */
 async function createOrResumeSession(sessionKey, projectRoot) {
     const client = await ensureClient();
     const { tools, mcpServers, skillDirectories } = getSessionConfig();
@@ -223,7 +199,6 @@ async function createOrResumeSession(sessionKey, projectRoot) {
         backgroundCompactionThreshold: 0.80,
         bufferExhaustionThreshold: 0.95,
     };
-    // Build the correct system message for this session mode
     let systemMessageContent;
     if (isProjectSession && projectRoot) {
         systemMessageContent = await getSquadCoordinatorSystemMessage(projectRoot);
@@ -232,9 +207,9 @@ async function createOrResumeSession(sessionKey, projectRoot) {
         const memorySummary = getWikiSummary();
         systemMessageContent = getOrchestratorSystemMessage({
             ...getSystemMessageOptions(memorySummary, isProjectSession ? projectRoot : undefined),
+            version: CHAPTERHOUSE_VERSION,
         });
     }
-    // Try to resume from copilot_sessions; fall back to legacy max_state key for the default session
     const stored = getCopilotSession(sessionKey);
     const savedSessionId = stored?.copilotSessionId ?? (sessionKey === "default" ? getState(ORCHESTRATOR_SESSION_KEY) : undefined);
     if (savedSessionId) {
@@ -253,7 +228,9 @@ async function createOrResumeSession(sessionKey, projectRoot) {
             });
             log.info({ sessionKey }, "Session resumed successfully");
             upsertCopilotSession(sessionKey, isProjectSession ? "project" : "default", session.sessionId, projectRoot, config.copilotModel);
-            sessionModelMap.set(sessionKey, config.copilotModel);
+            const mgr = registry?.get(sessionKey);
+            if (mgr)
+                mgr.currentModel = config.copilotModel;
             return session;
         }
         catch (err) {
@@ -262,7 +239,6 @@ async function createOrResumeSession(sessionKey, projectRoot) {
                 deleteState(ORCHESTRATOR_SESSION_KEY);
         }
     }
-    // Create a fresh session
     log.info({ sessionKey }, "Creating new session");
     const session = await client.createSession({
         model: config.copilotModel,
@@ -277,20 +253,25 @@ async function createOrResumeSession(sessionKey, projectRoot) {
     });
     log.info({ sessionKey, sessionId: session.sessionId.slice(0, 8) }, "Session created");
     upsertCopilotSession(sessionKey, isProjectSession ? "project" : "default", session.sessionId, projectRoot, config.copilotModel);
-    // Backward compat: also persist the default session to the legacy state key
     if (sessionKey === "default")
         setState(ORCHESTRATOR_SESSION_KEY, session.sessionId);
-    sessionModelMap.set(sessionKey, config.copilotModel);
+    const mgr = registry?.get(sessionKey);
+    if (mgr)
+        mgr.currentModel = config.copilotModel;
     return session;
 }
 export async function initOrchestrator(client) {
     copilotClient = client;
+    // (Re-)create the registry — supports multiple initOrchestrator calls in tests
+    if (registry) {
+        await registry.shutdown();
+    }
+    registry = buildRegistry();
+    registry.startEvictionTimer();
     const { mcpServers, skillDirectories } = getSessionConfig();
-    // Initialize agent system
     ensureDefaultAgents();
     const agents = loadAgents();
     log.info({ count: agents.length, agents: agents.map((a) => `@${a.slug}`) }, "Agents loaded");
-    // Validate configured model against available models
     try {
         const models = await client.listModels();
         const configured = config.copilotModel;
@@ -307,16 +288,17 @@ export async function initOrchestrator(client) {
     log.info({ skillDirectories }, "Skill directories");
     log.info("Persistent session mode — conversation history maintained by SDK");
     startHealthCheck();
-    // Eagerly create/resume the default orchestrator session
     try {
-        await ensureOrchestratorSession("default");
+        const defaultManager = registry.getOrCreate("default");
+        await defaultManager.ensureSession();
     }
     catch (err) {
         log.error({ err: err instanceof Error ? err.message : err }, "Failed to create initial session (will retry on first message)");
     }
 }
-/** How long to wait for the orchestrator to finish a turn (30 min default).
+/** How long to wait for the orchestrator to finish a single session turn (30 min default).
  *  Override with CHAPTERHOUSE_ORCHESTRATOR_TIMEOUT_MS env var (parsed as integer ms).
+ *  Applies per-session-turn; concurrent sessions each have their own independent timeout.
  *  Part of the 3-layer timing contract — see systemd unit TimeoutStopSec comment. */
 const DEFAULT_ORCHESTRATOR_TIMEOUT_MS = 1_800_000;
 export const ORCHESTRATOR_TIMEOUT_MS = (() => {
@@ -328,245 +310,218 @@ export const ORCHESTRATOR_TIMEOUT_MS = (() => {
     }
     return DEFAULT_ORCHESTRATOR_TIMEOUT_MS;
 })();
-/** Send a prompt on a session identified by sessionKey, return the response. */
-async function executeOnSession(sessionKey, prompt, callback, attachments, onActivity) {
-    const projectRoot = sessionKey.startsWith("project:") ? sessionKey.slice("project:".length) : undefined;
-    const session = await ensureOrchestratorSession(sessionKey, projectRoot);
-    currentProcessingSessionKey = sessionKey;
-    currentCallback = callback;
-    currentActivityCallback = onActivity;
-    let accumulated = "";
-    let toolCallExecuted = false;
-    let toolCallCount = 0;
-    const unsubToolDone = session.on("tool.execution_complete", (event) => {
-        toolCallExecuted = true;
-        toolCallCount++;
-        if (onActivity) {
-            const data = event.data;
-            const result = data.result;
-            const resultPreview = typeof result?.content === "string" ? result.content.slice(0, 400) : undefined;
-            const detailedContent = typeof result?.detailedContent === "string"
-                ? result.detailedContent
-                : typeof result?.content === "string"
-                    ? result.content
-                    : undefined;
-            onActivity({
-                kind: "tool_complete",
-                toolCallId: data.toolCallId,
-                success: data.success,
-                resultPreview,
-                detailedContent,
-            });
-        }
-    });
-    const unsubToolStart = onActivity
-        ? session.on("tool.execution_start", (event) => {
-            const data = event.data;
-            onActivity({
-                kind: "tool_start",
-                toolCallId: data.toolCallId,
-                toolName: data.toolName,
-                mcpServerName: data.mcpServerName,
-                arguments: data.arguments,
-            });
-        })
-        : () => { };
-    const unsubReasoning = onActivity
-        ? session.on("assistant.reasoning_delta", (event) => {
-            onActivity({
-                kind: "thinking_delta",
-                reasoningId: event.data.reasoningId,
-                deltaContent: event.data.deltaContent,
-            });
-        })
-        : () => { };
-    const unsubSubStart = onActivity
-        ? session.on("subagent.started", (event) => {
-            const data = event.data;
-            onActivity({
-                kind: "subagent_started",
-                toolCallId: data.toolCallId,
-                agentName: data.agentName,
-                agentDisplayName: data.agentDisplayName,
-                agentDescription: data.agentDescription,
-            });
-        })
-        : () => { };
-    const unsubSubDone = onActivity
-        ? session.on("subagent.completed", (event) => {
-            const data = event.data;
-            onActivity({
-                kind: "subagent_completed",
-                toolCallId: data.toolCallId,
-                agentName: data.agentName,
-                agentDisplayName: data.agentDisplayName,
-                durationMs: data.durationMs,
-            });
-        })
-        : () => { };
-    const unsubSubFail = onActivity
-        ? session.on("subagent.failed", (event) => {
-            const data = event.data;
-            onActivity({
-                kind: "subagent_failed",
-                toolCallId: data.toolCallId,
-                agentName: data.agentName,
-                agentDisplayName: data.agentDisplayName,
-                error: data.error,
-            });
-        })
-        : () => { };
-    // Always persist SDK subagent dispatches to agent_tasks so Workers tab shows them.
-    // These fire when the built-in `task` tool (Squad coordinator) routes work to a
-    // specialist — separate from `delegate_to_agent` which handles CH-registry agents.
-    const db = getDb();
-    const unsubSubStartDb = session.on("subagent.started", (event) => {
-        try {
-            const data = event.data;
-            const agentSlug = (data.agentName || "unknown").toLowerCase().replace(/\s+/g, "-");
-            const description = (data.agentDescription || data.agentDisplayName || `Squad dispatch: ${agentSlug}`).slice(0, 500);
-            db.prepare(`INSERT OR IGNORE INTO agent_tasks (task_id, agent_slug, description, status, origin_channel, session_key, source) VALUES (?, ?, ?, 'running', ?, ?, 'squad')`).run(data.toolCallId, agentSlug, description, currentSourceChannel || null, sessionKey);
-        }
-        catch { /* non-fatal */ }
-    });
-    const unsubSubDoneDb = session.on("subagent.completed", (event) => {
-        try {
-            db.prepare(`UPDATE agent_tasks SET status = 'completed', completed_at = CURRENT_TIMESTAMP WHERE task_id = ?`).run(event.data.toolCallId);
-        }
-        catch { /* non-fatal */ }
-    });
-    const unsubSubFailDb = session.on("subagent.failed", (event) => {
+/**
+ * Execute a single queued item on its session.
+ * Wraps the entire turn in AsyncLocalStorage so all tool handlers (e.g. delegate_to_agent,
+ * register_task) see the correct per-session context even when multiple sessions run
+ * concurrently. This is the core of the per-session isolation guarantee.
+ */
+async function executeOnSession(manager, item) {
+    const { sessionKey } = manager;
+    const session = await manager.ensureSession();
+    // Update last-seen globals (backwards compat — for callers that inspect after a turn ends)
+    currentAuthenticatedUser = item.authUser;
+    currentAuthorizationHeader = item.authHeader;
+    return turnContextStorage.run({
+        sessionKey,
+        sourceChannel: item.sourceChannel,
+        channelKey: item.channelKey,
+        authUser: item.authUser,
+        authHeader: item.authHeader,
+        activityCallback: item.onActivity,
+    }, async () => {
+        let accumulated = "";
+        let toolCallExecuted = false;
+        let toolCallCount = 0;
+        const unsubToolDone = session.on("tool.execution_complete", (event) => {
+            toolCallExecuted = true;
+            toolCallCount++;
+            if (item.onActivity) {
+                const data = event.data;
+                const result = data.result;
+                const resultPreview = typeof result?.content === "string" ? result.content.slice(0, 400) : undefined;
+                const detailedContent = typeof result?.detailedContent === "string"
+                    ? result.detailedContent
+                    : typeof result?.content === "string"
+                        ? result.content
+                        : undefined;
+                item.onActivity({
+                    kind: "tool_complete",
+                    toolCallId: data.toolCallId,
+                    success: data.success,
+                    resultPreview,
+                    detailedContent,
+                });
+            }
+        });
+        const unsubToolStart = item.onActivity
+            ? session.on("tool.execution_start", (event) => {
+                const data = event.data;
+                item.onActivity({
+                    kind: "tool_start",
+                    toolCallId: data.toolCallId,
+                    toolName: data.toolName,
+                    mcpServerName: data.mcpServerName,
+                    arguments: data.arguments,
+                });
+            })
+            : () => { };
+        const unsubReasoning = item.onActivity
+            ? session.on("assistant.reasoning_delta", (event) => {
+                item.onActivity({
+                    kind: "thinking_delta",
+                    reasoningId: event.data.reasoningId,
+                    deltaContent: event.data.deltaContent,
+                });
+            })
+            : () => { };
+        const unsubSubStart = item.onActivity
+            ? session.on("subagent.started", (event) => {
+                const data = event.data;
+                item.onActivity({
+                    kind: "subagent_started",
+                    toolCallId: data.toolCallId,
+                    agentName: data.agentName,
+                    agentDisplayName: data.agentDisplayName,
+                    agentDescription: data.agentDescription,
+                });
+            })
+            : () => { };
+        const unsubSubDone = item.onActivity
+            ? session.on("subagent.completed", (event) => {
+                const data = event.data;
+                item.onActivity({
+                    kind: "subagent_completed",
+                    toolCallId: data.toolCallId,
+                    agentName: data.agentName,
+                    agentDisplayName: data.agentDisplayName,
+                    durationMs: data.durationMs,
+                });
+            })
+            : () => { };
+        const unsubSubFail = item.onActivity
+            ? session.on("subagent.failed", (event) => {
+                const data = event.data;
+                item.onActivity({
+                    kind: "subagent_failed",
+                    toolCallId: data.toolCallId,
+                    agentName: data.agentName,
+                    agentDisplayName: data.agentDisplayName,
+                    error: data.error,
+                });
+            })
+            : () => { };
+        // Always persist SDK subagent dispatches to agent_tasks so Workers tab shows them.
+        const db = getDb();
+        const unsubSubStartDb = session.on("subagent.started", (event) => {
+            try {
+                const data = event.data;
+                const agentSlug = (data.agentName || "unknown").toLowerCase().replace(/\s+/g, "-");
+                const description = (data.agentDescription || data.agentDisplayName || `Squad dispatch: ${agentSlug}`).slice(0, 500);
+                db.prepare(`INSERT OR IGNORE INTO agent_tasks (task_id, agent_slug, description, status, origin_channel, session_key, source) VALUES (?, ?, ?, 'running', ?, ?, 'squad')`).run(data.toolCallId, agentSlug, description, item.sourceChannel || null, sessionKey);
+            }
+            catch { /* non-fatal */ }
+        });
+        const unsubSubDoneDb = session.on("subagent.completed", (event) => {
+            try {
+                db.prepare(`UPDATE agent_tasks SET status = 'completed', completed_at = CURRENT_TIMESTAMP WHERE task_id = ?`).run(event.data.toolCallId);
+            }
+            catch { /* non-fatal */ }
+        });
+        const unsubSubFailDb = session.on("subagent.failed", (event) => {
+            try {
+                const data = event.data;
+                db.prepare(`UPDATE agent_tasks SET status = 'error', result = ?, completed_at = CURRENT_TIMESTAMP WHERE task_id = ?`).run(data.error || "Subagent failed", data.toolCallId);
+            }
+            catch { /* non-fatal */ }
+        });
+        const unsubDelta = session.on("assistant.message_delta", (event) => {
+            if (toolCallExecuted && accumulated.length > 0 && !accumulated.endsWith("\n")) {
+                accumulated += "\n";
+            }
+            toolCallExecuted = false;
+            accumulated += event.data.deltaContent;
+            item.callback(accumulated, false);
+        });
         try {
-            const data = event.data;
-            db.prepare(`UPDATE agent_tasks SET status = 'error', result = ?, completed_at = CURRENT_TIMESTAMP WHERE task_id = ?`).run(data.error || "Subagent failed", data.toolCallId);
-        }
-        catch { /* non-fatal */ }
-    });
-    const unsubDelta = session.on("assistant.message_delta", (event) => {
-        // After a tool call completes, ensure a line break separates the text blocks
-        // so they don't visually run together in the rendered chat.
-        if (toolCallExecuted && accumulated.length > 0 && !accumulated.endsWith("\n")) {
-            accumulated += "\n";
+            const result = await session.sendAndWait({ prompt: item.prompt, ...(item.attachments && item.attachments.length > 0 ? { attachments: item.attachments } : {}) }, ORCHESTRATOR_TIMEOUT_MS);
+            const finalContent = result?.data?.content || accumulated || "(No response)";
+            return finalContent;
         }
-        toolCallExecuted = false;
-        accumulated += event.data.deltaContent;
-        callback(accumulated, false);
-    });
-    try {
-        const result = await session.sendAndWait({ prompt, ...(attachments && attachments.length > 0 ? { attachments } : {}) }, ORCHESTRATOR_TIMEOUT_MS);
-        const finalContent = result?.data?.content || accumulated || "(No response)";
-        return finalContent;
-    }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        // On timeout, never throw — the message was already sent to the persistent
-        // session and may have been (partially) processed. Return what we have.
-        if (/timeout/i.test(msg)) {
-            if (accumulated.length > 0) {
-                log.warn({ timeoutSec: ORCHESTRATOR_TIMEOUT_MS / 1000, charCount: accumulated.length }, "Timeout with partial response — returning partial");
-                return accumulated;
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            if (/timeout/i.test(msg)) {
+                if (accumulated.length > 0) {
+                    log.warn({ sessionKey, timeoutSec: ORCHESTRATOR_TIMEOUT_MS / 1000, charCount: accumulated.length }, "Timeout with partial response — returning partial");
+                    return accumulated;
+                }
+                if (toolCallCount > 0) {
+                    log.warn({ sessionKey, timeoutSec: ORCHESTRATOR_TIMEOUT_MS / 1000, toolCallCount }, "Timeout — tool calls ran but no text yet, session still working");
+                    return "I'm still working on this — I've started processing but it's taking longer than expected. I'll send you the results when I'm done.";
+                }
+                log.warn({ sessionKey, timeoutSec: ORCHESTRATOR_TIMEOUT_MS / 1000 }, "Timeout with no activity — session may be stuck");
+                return "Sorry, that request timed out before I could start working on it. Try again or break it into smaller pieces?";
             }
-            // No text yet but tool calls ran — the session is working in the background
-            // (e.g. delegate_to_agent dispatched). Don't error out.
-            if (toolCallCount > 0) {
-                log.warn({ timeoutSec: ORCHESTRATOR_TIMEOUT_MS / 1000, toolCallCount }, "Timeout — tool calls ran but no text yet, session still working");
-                return "I'm still working on this — I've started processing but it's taking longer than expected. I'll send you the results when I'm done.";
+            if (/closed|destroy|disposed|invalid|expired|not found/i.test(msg)) {
+                log.warn({ sessionKey, msg }, "Session appears dead, will recreate");
+                manager.invalidateSession();
+                if (sessionKey === "default")
+                    deleteState(ORCHESTRATOR_SESSION_KEY);
             }
-            // No text, no tool calls — the session is truly stuck
-            log.warn({ timeoutSec: ORCHESTRATOR_TIMEOUT_MS / 1000 }, "Timeout with no activity — session may be stuck");
-            return "Sorry, that request timed out before I could start working on it. Try again or break it into smaller pieces?";
+            throw err;
         }
-        // If the session is broken, invalidate it so it's recreated on next attempt
-        if (/closed|destroy|disposed|invalid|expired|not found/i.test(msg)) {
-            log.warn({ sessionKey, msg }, "Session appears dead, will recreate");
-            sessionMap.delete(sessionKey);
-            sessionModelMap.delete(sessionKey);
-            if (sessionKey === "default")
-                deleteState(ORCHESTRATOR_SESSION_KEY);
+        finally {
+            unsubDelta();
+            unsubToolDone();
+            unsubToolStart();
+            unsubReasoning();
+            unsubSubStart();
+            unsubSubDone();
+            unsubSubFail();
+            unsubSubStartDb();
+            unsubSubDoneDb();
+            unsubSubFailDb();
         }
-        throw err;
-    }
-    finally {
-        unsubDelta();
-        unsubToolDone();
-        unsubToolStart();
-        unsubReasoning();
-        unsubSubStart();
-        unsubSubDone();
-        unsubSubFail();
-        unsubSubStartDb();
-        unsubSubDoneDb();
-        unsubSubFailDb();
-        currentCallback = undefined;
-        currentActivityCallback = undefined;
-        currentProcessingSessionKey = undefined;
-    }
+    });
 }
-/** Process the message queue one at a time. */
-async function processQueue() {
-    if (processing) {
-        if (messageQueue.length > 0) {
-            log.debug({ queueLength: messageQueue.length }, "Message queued, orchestrator is busy");
-        }
-        return;
+/**
+ * Process a single queued item: route model, handle @mentions, execute.
+ * This is the SessionManager worker — one call per turn, inside the drain loop.
+ */
+async function processItem(item, manager) {
+    const { sessionKey } = manager;
+    if (item.targetAgent && item.targetAgent !== "chapterhouse") {
+        setActiveAgent(item.channelKey || "default", item.targetAgent);
+        return executeOnSession(manager, item);
     }
-    processing = true;
-    while (messageQueue.length > 0) {
-        const item = messageQueue.shift();
-        currentSourceChannel = item.sourceChannel;
-        currentChannelKey = item.channelKey;
-        const { sessionKey } = item;
-        try {
-            let result;
-            if (item.targetAgent && item.targetAgent !== "chapterhouse") {
-                // @mention switches the active agent — route through the session
-                setActiveAgent(item.channelKey || "default", item.targetAgent);
-                result = await executeOnSession(sessionKey, item.prompt, item.callback, item.attachments, item.onActivity);
+    const currentModel = manager.currentModel ?? config.copilotModel;
+    const routeResult = await resolveModel(item.prompt, currentModel, manager.recentTiers);
+    if (routeResult.switched) {
+        log.info({ model: routeResult.model, tier: routeResult.overrideName || routeResult.tier }, "Auto-routing: switching model");
+        config.copilotModel = routeResult.model;
+        const existingSession = manager.session;
+        if (existingSession) {
+            try {
+                await existingSession.setModel(routeResult.model);
+                manager.currentModel = routeResult.model;
+                log.info({ sessionKey }, "Model switched in-place");
             }
-            else {
-                // Route the model before executing
-                const currentModel = sessionModelMap.get(sessionKey) ?? config.copilotModel;
-                const routeResult = await resolveModel(item.prompt, currentModel, recentTiers);
-                if (routeResult.switched) {
-                    log.info({ model: routeResult.model, tier: routeResult.overrideName || routeResult.tier }, "Auto-routing: switching model");
-                    config.copilotModel = routeResult.model;
-                    const existingSession = sessionMap.get(sessionKey);
-                    if (existingSession) {
-                        try {
-                            await existingSession.setModel(routeResult.model);
-                            sessionModelMap.set(sessionKey, routeResult.model);
-                            log.info({ sessionKey }, "Model switched in-place");
-                        }
-                        catch (err) {
-                            log.warn({ sessionKey, err: err instanceof Error ? err.message : err }, "setModel() failed, will recreate session");
-                            sessionMap.delete(sessionKey);
-                            if (sessionKey === "default")
-                                deleteState(ORCHESTRATOR_SESSION_KEY);
-                        }
-                    }
-                }
-                if (routeResult.tier) {
-                    recentTiers.push(routeResult.tier);
-                    if (recentTiers.length > 5)
-                        recentTiers = recentTiers.slice(-5);
-                }
-                lastRouteResult = routeResult;
-                result = await executeOnSession(sessionKey, item.prompt, item.callback, item.attachments, item.onActivity);
+            catch (err) {
+                log.warn({ sessionKey, err: err instanceof Error ? err.message : err }, "setModel() failed, will recreate session");
+                manager.invalidateSession();
+                if (sessionKey === "default")
+                    deleteState(ORCHESTRATOR_SESSION_KEY);
             }
-            item.resolve(result);
         }
-        catch (err) {
-            item.reject(err);
-        }
-        currentSourceChannel = undefined;
-        currentChannelKey = undefined;
     }
-    processing = false;
+    if (routeResult.tier) {
+        manager.addRecentTier(routeResult.tier);
+    }
+    lastRouteResult = routeResult;
+    return executeOnSession(manager, item);
 }
 function isRecoverableError(err) {
     const msg = err instanceof Error ? err.message : String(err);
-    // Timeouts are NOT retryable on a persistent session — the message was already
-    // sent and likely processed; re-sending creates "duplicate" responses.
     if (/timeout/i.test(msg))
         return false;
     return /disconnect|connection|EPIPE|ECONNRESET|ECONNREFUSED|socket|closed|ENOENT|spawn|not found|expired|stale/i.test(msg);
@@ -576,14 +531,10 @@ export async function sendToOrchestrator(prompt, source, callback, attachments,
     updateRequestContext(source);
     const sourceLabel = source.type === "web" ? "web" : "background";
     logMessage("in", sourceLabel, prompt);
-    // Derive the session key: project sessions come from web messages with a projectPath;
-    // background completions carry their own sessionKey; everything else is "default".
     let sessionKey;
     if (source.type === "web" && source.projectPath && config.squadEnabled) {
         sessionKey = "project:" + normalizeProjectPath(source.projectPath);
-        // Keep the legacy channel-project map in sync for tools that read it
         setChannelProject(source.connectionId, normalizeProjectPath(source.projectPath));
-        // Bump last-used timestamp so sidebar can sort by real activity
         bumpProjectLastUsed(normalizeProjectPath(source.projectPath));
     }
     else if (source.type === "background" && source.sessionKey) {
@@ -593,36 +544,46 @@ export async function sendToOrchestrator(prompt, source, callback, attachments,
         sessionKey = "default";
     }
     const channelKey = source.type === "web" ? source.connectionId : "default";
-    // Pass projectRoot to parseAtMention only for project sessions so the default
-    // chat does not get Squad roster injection.
     const projectRoot = sessionKey.startsWith("project:") ? sessionKey.slice("project:".length) : undefined;
-    // Parse @mention routing (e.g., "@coder fix the bug" → target "coder")
     const mention = parseAtMention(prompt, projectRoot);
     const targetAgent = mention?.agentSlug;
     const routedPrompt = mention ? mention.message : prompt;
-    // Tag the prompt with its source channel
     const taggedPrompt = source.type === "background"
         ? routedPrompt
         : `[via ${sourceLabel}] ${routedPrompt}`;
-    // Log role: background events are "system", user messages are "user"
     const logRole = source.type === "background" ? "system" : "user";
-    // Determine the source channel for agent origin tracking
     const sourceChannel = source.type === "web" ? "web" : undefined;
-    // Enqueue and process
+    // Capture auth context at enqueue time — prevents cross-session contamination
+    // when concurrent sessions are processing simultaneously.
+    const authUser = source.type === "web" ? source.user : undefined;
+    const authHeader = source.type === "web" ? source.authorizationHeader?.trim() || undefined : undefined;
+    const manager = registry.getOrCreate(sessionKey);
     void (async () => {
         for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
             try {
                 const finalContent = await new Promise((resolve, reject) => {
-                    messageQueue.push({ prompt: taggedPrompt, attachments, callback, onActivity, sourceChannel, targetAgent, channelKey, sessionKey, resolve, reject });
-                    processQueue();
+                    manager.enqueue({
+                        prompt: taggedPrompt,
+                        attachments,
+                        callback,
+                        // Cast: QueuedMessage.onActivity uses a wide event type to avoid circular
+                        // type dependencies. orchestrator.ts always passes valid ActivityEvent objects.
+                        onActivity: onActivity,
+                        sourceChannel,
+                        targetAgent,
+                        channelKey,
+                        sessionKey,
+                        authUser,
+                        authHeader,
+                        resolve,
+                        reject,
+                    });
                 });
-                // Deliver response to user FIRST, then log best-effort
                 callback(finalContent, true);
                 try {
                     logMessage("out", sourceLabel, finalContent);
                 }
                 catch { /* best-effort */ }
-                // Log both sides of the conversation, scoped to the session
                 try {
                     logConversation(logRole, prompt, sourceLabel, sessionKey);
                 }
@@ -631,9 +592,6 @@ export async function sendToOrchestrator(prompt, source, callback, attachments,
                     logConversation("assistant", finalContent, sourceLabel, sessionKey);
                 }
                 catch { /* best-effort */ }
-                // Episodic memory: if enough turns have accumulated since the last
-                // summary, kick off a background write. Fire-and-forget — never blocks
-                // the user reply path.
                 if (copilotClient) {
                     maybeWriteEpisode(copilotClient).catch((err) => {
                         log.error({ err: err instanceof Error ? err.message : err }, "Episode write failed (non-fatal)");
@@ -643,7 +601,6 @@ export async function sendToOrchestrator(prompt, source, callback, attachments,
             }
             catch (err) {
                 const msg = err instanceof Error ? err.message : String(err);
-                // Don't retry cancelled messages
                 if (/cancelled|abort/i.test(msg)) {
                     return;
                 }
@@ -651,7 +608,6 @@ export async function sendToOrchestrator(prompt, source, callback, attachments,
                     const delay = RECONNECT_DELAYS_MS[Math.min(attempt, RECONNECT_DELAYS_MS.length - 1)];
                     log.warn({ msg, attempt: attempt + 1, maxRetries: MAX_RETRIES, delayMs: delay }, "Recoverable error, retrying");
                     await sleep(delay);
-                    // Reset client before retry in case the connection is stale
                     try {
                         await ensureClient();
                     }
@@ -665,34 +621,28 @@ export async function sendToOrchestrator(prompt, source, callback, attachments,
         }
     })();
 }
-/** Cancel the in-flight message and drain the queue. */
+/** Cancel all queued and in-flight messages across all active sessions. */
 export async function cancelCurrentMessage() {
-    // Drain any queued messages
-    const drained = messageQueue.length;
-    while (messageQueue.length > 0) {
-        const item = messageQueue.shift();
-        item.reject(new Error("Cancelled"));
-    }
-    // Abort the active session request
-    const activeSession = currentProcessingSessionKey ? sessionMap.get(currentProcessingSessionKey) : undefined;
-    if (activeSession && currentCallback) {
-        try {
-            await activeSession.abort();
-            log.info({ sessionKey: currentProcessingSessionKey }, "Aborted in-flight request");
-            return true;
-        }
-        catch (err) {
-            log.error({ err: err instanceof Error ? err.message : err }, "Abort failed");
+    if (!registry)
+        return false;
+    let drained = 0;
+    const aborts = [];
+    for (const [, manager] of registry.getAll()) {
+        drained += manager.cancelQueued();
+        if (manager.isProcessing) {
+            aborts.push(manager.abortCurrentTurn());
         }
     }
-    return drained > 0;
+    const results = await Promise.all(aborts);
+    const aborted = results.some(Boolean);
+    return aborted || drained > 0;
 }
 /** Switch the model on the live default orchestrator session without destroying it. */
 export function switchSessionModel(newModel) {
-    const session = sessionMap.get("default");
-    if (session) {
-        return session.setModel(newModel).then(() => {
-            sessionModelMap.set("default", newModel);
+    const manager = registry?.get("default");
+    if (manager?.session) {
+        return manager.session.setModel(newModel).then(() => {
+            manager.currentModel = newModel;
         });
     }
     return Promise.resolve();
@@ -700,9 +650,9 @@ export function switchSessionModel(newModel) {
 /** Return a snapshot of currently running workers for API/UI consumers. */
 export function getAgentInfo() {
     const allTasks = getActiveTasks().filter((t) => t.status === "running");
-    const registry = getAgentRegistry();
+    const reg = getAgentRegistry();
     return allTasks.map((t) => {
-        const agent = registry.find((a) => a.slug === t.agentSlug);
+        const agent = reg.find((a) => a.slug === t.agentSlug);
         return {
             slug: t.agentSlug,
             name: agent?.name || t.agentSlug,
@@ -714,16 +664,11 @@ export function getAgentInfo() {
 }
 /** Clean up on shutdown/restart. */
 export async function shutdownAgents() {
-    for (const [key, session] of sessionMap) {
-        try {
-            await session.disconnect();
-        }
-        catch (err) {
-            log.error({ sessionKey: key, err: err instanceof Error ? err.message : err }, "Error disconnecting session during shutdown");
-        }
+    if (!registry) {
+        await clearActiveTasks();
+        return;
     }
-    sessionMap.clear();
-    sessionModelMap.clear();
+    await registry.shutdown();
     await clearActiveTasks();
 }
 //# sourceMappingURL=orchestrator.js.map