mcp-coordinator 0.2.1 → 0.4.0

package/dist/src/file-tracker.js

@@ -3,7 +3,7 @@ export class FileTracker {
     log(params) {
         const db = getDb();
         const module = this.fileToModule(params.file_path);
-        db.prepare(`INSERT INTO file_activity (session_id, agent_id, agent_name, tool_name, file_path, module)
+        db.prepare(`INSERT INTO file_activity (session_id, agent_id, agent_name, tool_name, file_path, module)
        VALUES (?, ?, ?, ?, ?, ?)`).run(params.session_id, params.agent_id, params.agent_name || null, params.tool_name, params.file_path, module);
     }
     getBySession(sessionId) {
@@ -12,11 +12,11 @@ export class FileTracker {
     }
     getHotFiles(sinceMinutes = 30) {
         const db = getDb();
-        const rows = db.prepare(`SELECT file_path, COUNT(DISTINCT agent_id) as agent_count, GROUP_CONCAT(DISTINCT agent_id) as agents
-       FROM file_activity
-       WHERE created_at > datetime('now', '-' || ? || ' minutes')
-       GROUP BY file_path
-       HAVING COUNT(DISTINCT agent_id) > 1
+        const rows = db.prepare(`SELECT file_path, COUNT(DISTINCT agent_id) as agent_count, GROUP_CONCAT(DISTINCT agent_id) as agents
+       FROM file_activity
+       WHERE created_at > datetime('now', '-' || ? || ' minutes')
+       GROUP BY file_path
+       HAVING COUNT(DISTINCT agent_id) > 1
        ORDER BY agent_count DESC`).all(sinceMinutes);
         return rows.map((r) => ({
             file_path: r.file_path,
@@ -26,11 +26,43 @@ export class FileTracker {
     }
     checkFileConflict(filePath, agentId, withinMinutes = 30) {
         const db = getDb();
-        const rows = db.prepare(`SELECT DISTINCT agent_id FROM file_activity
-       WHERE file_path = ? AND agent_id != ?
+        const rows = db.prepare(`SELECT DISTINCT agent_id FROM file_activity
+       WHERE file_path = ? AND agent_id != ?
        AND created_at > datetime('now', '-' || ? || ' minutes')`).all(filePath, agentId, withinMinutes);
         return { conflict: rows.length > 0, agents: rows.map((r) => r.agent_id) };
     }
+    /**
+     * P2 perf: batch lookup of recent file→agents activity. Replaces N
+     * `checkFileConflict` calls (one per file) with a single SQL query, then
+     * builds an in-memory reverse index. The impact scorer uses this so its
+     * per-file inner loop is O(1) Map.get() rather than O(F) SQL round-trips.
+     *
+     * Excludes the calling agent (so the scorer doesn't flag the announcer
+     * against themselves). Returns Map<file_path, Set<agent_id>>.
+     */
+    getFileToAgentsIndex(filePaths, excludeAgentId, withinMinutes = 30) {
+        const index = new Map();
+        if (filePaths.length === 0)
+            return index;
+        const db = getDb();
+        // Dynamic IN-list — better-sqlite3 binds each ? positionally. Cheap because
+        // the impact scorer only passes target_files + depends_on_files (typically
+        // a handful of files per announce_work call).
+        const placeholders = filePaths.map(() => "?").join(",");
+        const rows = db.prepare(`SELECT DISTINCT file_path, agent_id FROM file_activity
+       WHERE file_path IN (${placeholders})
+       AND agent_id != ?
+       AND created_at > datetime('now', '-' || ? || ' minutes')`).all(...filePaths, excludeAgentId, withinMinutes);
+        for (const r of rows) {
+            let set = index.get(r.file_path);
+            if (!set) {
+                set = new Set();
+                index.set(r.file_path, set);
+            }
+            set.add(r.agent_id);
+        }
+        return index;
+    }
     fileToModule(filePath) {
         // Strip leading / so "/server/src/x.ts" and "server/src/x.ts" produce the
         // same module name. Without this, split("/") on an absolute path yields

package/dist/src/http/handle-health.d.ts

@@ -0,0 +1,23 @@
+import type { IncomingMessage, ServerResponse } from "http";
+import type { CoordinatorServices } from "../server-setup.js";
+/**
+ * Liveness probe — process is alive. Always returns 200 with no dep checks
+ * so orchestrators don't restart the pod over transient downstream failures.
+ */
+export declare function handleLivez(_req: IncomingMessage, res: ServerResponse): void;
+/**
+ * Readiness probe — downstream deps must all be green for the LB to route
+ * traffic here. 503 when any check fails so the pod is drained until ready.
+ *
+ * Each check is wrapped in try/catch so a thrown DB/MQTT error becomes a
+ * structured `{ok:false,error:"…"}` instead of a 500. The response shape is
+ * identical between 200 and 503 so consumers can parse uniformly.
+ */
+export declare function handleReadyz(_req: IncomingMessage, res: ServerResponse, services: Pick<CoordinatorServices, "mqttBridge">): void;
+/**
+ * Backwards-compatible alias. The original /health route returned a fixed
+ * {status:"ok",version} payload with no dep checks; semantically that is a
+ * liveness probe, so we delegate. Anything that polled /health for "is the
+ * process up" continues to work without changes.
+ */
+export declare function handleHealth(req: IncomingMessage, res: ServerResponse): void;

package/dist/src/http/handle-health.js

@@ -0,0 +1,86 @@
+import { getDb } from "../database.js";
+import { json } from "./utils.js";
+import { getVersion } from "../../cli/version.js";
+/**
+ * v0.4 Operability: Kubernetes-style health probes.
+ *
+ * - /livez   → is the process alive? Used by an orchestrator (k8s, systemd,
+ *             docker swarm) to decide whether to restart the pod. MUST NOT
+ *             check downstream deps; an unreachable DB does not mean the
+ *             coordinator process should be killed and restarted.
+ *
+ * - /readyz  → are downstream deps ready? Used by a load balancer / service
+ *             mesh to decide whether to add this pod to rotation. Returns 503
+ *             when the DB or MQTT broker is not reachable so the LB drains
+ *             traffic until the coordinator can actually serve it.
+ *
+ * - /health  → backwards-compat alias for /livez. The original stub returned
+ *             {status:"ok",version} unconditionally; preserving alive-only
+ *             semantics keeps existing dashboards and uptime probes green
+ *             without forcing them to migrate.
+ */
+const STARTED_AT_MS = Date.now();
+const VERSION = getVersion();
+function uptimeSeconds() {
+    return Math.floor((Date.now() - STARTED_AT_MS) / 1000);
+}
+/**
+ * Liveness probe — process is alive. Always returns 200 with no dep checks
+ * so orchestrators don't restart the pod over transient downstream failures.
+ */
+export function handleLivez(_req, res) {
+    json(res, {
+        status: "alive",
+        uptime_seconds: uptimeSeconds(),
+        version: VERSION,
+    });
+}
+/**
+ * Readiness probe — downstream deps must all be green for the LB to route
+ * traffic here. 503 when any check fails so the pod is drained until ready.
+ *
+ * Each check is wrapped in try/catch so a thrown DB/MQTT error becomes a
+ * structured `{ok:false,error:"…"}` instead of a 500. The response shape is
+ * identical between 200 and 503 so consumers can parse uniformly.
+ */
+export function handleReadyz(_req, res, services) {
+    const checks = {
+        db: { ok: false },
+        mqtt: { ok: false },
+    };
+    try {
+        // Cheapest possible round-trip that exercises the connection without
+        // touching application tables. Throws if the handle is closed or the
+        // file is locked beyond busy_timeout.
+        getDb().prepare("SELECT 1").get();
+        checks.db.ok = true;
+    }
+    catch (err) {
+        checks.db.error = err.message;
+    }
+    try {
+        if (services.mqttBridge.isConnected()) {
+            checks.mqtt.ok = true;
+        }
+        else {
+            checks.mqtt.error = "not connected";
+        }
+    }
+    catch (err) {
+        checks.mqtt.error = err.message;
+    }
+    const allOk = checks.db.ok && checks.mqtt.ok;
+    json(res, {
+        status: allOk ? "ready" : "not_ready",
+        checks,
+    }, allOk ? 200 : 503);
+}
+/**
+ * Backwards-compatible alias. The original /health route returned a fixed
+ * {status:"ok",version} payload with no dep checks; semantically that is a
+ * liveness probe, so we delegate. Anything that polled /health for "is the
+ * process up" continues to work without changes.
+ */
+export function handleHealth(req, res) {
+    return handleLivez(req, res);
+}

package/dist/src/http/handle-rest.d.ts

@@ -0,0 +1,23 @@
+import type { IncomingMessage, ServerResponse } from "http";
+import type { CoordinatorServices } from "../server-setup.js";
+import type { Logger } from "../logger.js";
+/**
+ * S1: REST router extracted from serve-http.ts. Was a 382-line `handleRest`
+ * function inside startServer's closure with module-scope captures for
+ * services, httpLog, currentRunConfig, AUTH_ENABLED, etc.
+ *
+ * The body is unchanged — only ambient closure references became explicit
+ * fields on RestContext. parseBody/json moved to ./utils.js to share between
+ * REST + SSE + auth handlers.
+ *
+ * The currentRunConfig mutable state stays in serve-http.ts (single source
+ * of truth) and is exposed via getRunConfig/setRunConfig on the context.
+ */
+export interface RestContext {
+    services: CoordinatorServices;
+    httpLog: Logger;
+    authEnabled: boolean;
+    getRunConfig: () => Record<string, unknown> | null;
+    setRunConfig: (cfg: Record<string, unknown> | null) => void;
+}
+export declare function handleRest(req: IncomingMessage, res: ServerResponse, ctx: RestContext): Promise<void>;

package/dist/src/http/handle-rest.js

@@ -0,0 +1,374 @@
+import { getDb } from "../database.js";
+import { runCommonAnnounceFlow } from "../announce-workflow.js";
+import { canResetDb } from "../reset-guard.js";
+import { parseBody, json } from "./utils.js";
+export async function handleRest(req, res, ctx) {
+    const { services, httpLog, authEnabled, getRunConfig, setRunConfig } = ctx;
+    const url = req.url || "";
+    const body = await parseBody(req);
+    const agentId = body.agent_id;
+    // Dashboard/work-stealing polls these endpoints every few seconds — demote to debug
+    // to keep the info log focused on coordination events (announce, claim, resolve, etc).
+    const isPoll = url === "/api/hot-files" || url === "/api/threads-active" || url === "/api/status" || url === "/api/quota";
+    // Note: /api/quota/refresh is NOT in the poll list — it's a manual user
+    // action and deserves an info-level log for auditability.
+    if (isPoll) {
+        httpLog.debug({ method: req.method, url, agent_id: agentId }, "REST request");
+    }
+    else {
+        httpLog.info({ method: req.method, url, agent_id: agentId }, "REST request");
+    }
+    const { registry, activityTracker, consultation, fileTracker, introspection, sseEmitter, mqttBridge, quotaCache } = services;
+    if (url === "/api/register") {
+        const { agent_id, name, modules } = body;
+        const agent = registry.register(agent_id, name, modules || []);
+        sseEmitter.emit("agent_online", { agent_id, name, modules });
+        json(res, agent);
+    }
+    else if (url === "/api/session-start") {
+        const online = registry.listOnline();
+        const openThreads = consultation.listThreads({ status: "open" });
+        const hotFiles = fileTracker.getHotFiles(30);
+        const briefing = [
+            `Agents en ligne: ${online.map((a) => a.name).join(", ") || "aucun"}`,
+            `Consultations ouvertes: ${openThreads.length}`,
+            `Hot files: ${hotFiles.map((f) => f.file_path).join(", ") || "aucun"}`,
+        ].join("\n");
+        json(res, { briefing, summary: { online: online.length, open_threads: openThreads.length, hot_files: hotFiles.length } });
+    }
+    else if (url === "/api/session-stop") {
+        const { agent_id } = body;
+        registry.setOffline(agent_id);
+        activityTracker.reportOffline(agent_id);
+        consultation.handleAgentDeparture(agent_id);
+        sseEmitter.emit("agent_offline", { agent_id });
+        json(res, { ok: true });
+    }
+    else if (url === "/api/check-conflict") {
+        const { file, agent_id } = body;
+        const conflict = fileTracker.checkFileConflict(file, agent_id, 30);
+        const warnings = [];
+        if (conflict.conflict) {
+            warnings.push(`File ${file} recently edited by: ${conflict.agents.join(", ")}`);
+        }
+        json(res, { conflict: conflict.conflict, warnings });
+    }
+    else if (url === "/api/log-file") {
+        const { session_id, agent_id, agent_name, tool_name, file } = body;
+        fileTracker.log({ session_id, agent_id, agent_name, tool_name, file_path: file });
+        activityTracker.reportFileActivity(agent_id, file);
+        sseEmitter.emit("file_edited", { agent_id, agent_name: agent_name || agent_id, file, tool_name });
+        json(res, { ok: true });
+    }
+    else if (url === "/api/announce") {
+        const { agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to } = body;
+        const thread = consultation.announceWork({ agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to });
+        const agentInfo = registry.get(agent_id);
+        // S2 fix: shared workflow (impact scoring, override respondents, auto-resolve,
+        // impact_scored + introspection SSE, plan-quality downgrade event). Same
+        // function used by the MCP announce_work tool path.
+        const { updated, categorized, respondents, planQuality } = runCommonAnnounceFlow(services, thread.id, {
+            agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open,
+        });
+        // REST-specific thread_opened SSE shape (different field set than MCP — kept
+        // divergent because consumers may depend on this exact contract).
+        sseEmitter.emit("thread_opened", {
+            thread_id: thread.id, subject, agent_id, agent_name: agentInfo?.name || agent_id,
+            target_modules, target_files, expected_respondents: respondents,
+            conflicts: updated.conflicts ? JSON.parse(updated.conflicts) : [],
+            created_at: updated.created_at,
+            mode: planQuality.mode,
+            plan: plan || null,
+            plan_quality: planQuality,
+        });
+        json(res, { thread_id: thread.id, status: updated.status, impact: categorized });
+    }
+    else if (url === "/api/post-to-thread") {
+        const { thread_id, agent_id, agent_name, type, content } = body;
+        // Pre-check the thread so we can return actionable status codes instead
+        // of always-500 on any error. The client uses the status to decide
+        // whether to warn (unexpected) or silently skip (normal race).
+        const targetThread = consultation.getThread(thread_id);
+        if (!targetThread) {
+            json(res, { error: "thread_not_found", thread_id }, 404);
+            return;
+        }
+        if (targetThread.status === "cancelled") {
+            json(res, { error: "thread_cancelled", thread_id }, 410);
+            return;
+        }
+        const msg = consultation.postToThread({ thread_id, agent_id, agent_name, type, content });
+        const thread = consultation.getThread(thread_id);
+        sseEmitter.emit("message_posted", {
+            thread_id, agent_id, agent_name: agent_name || agent_id,
+            type, content, round: thread?.round || 1,
+            token_estimate: msg.token_estimate || 0,
+        });
+        json(res, msg);
+    }
+    else if (url === "/api/token-usage") {
+        // Agent → coordinator telemetry, emitted once per LLM turn so the dashboard
+        // and reports can pinpoint where tokens are being burned.
+        const payload = body;
+        sseEmitter.emit("token_usage", payload);
+        json(res, { ok: true });
+    }
+    else if (url === "/api/unclaim-task") {
+        const { thread_id, agent_id } = body;
+        if (!thread_id || !agent_id) {
+            json(res, { success: false, error: "thread_id and agent_id required" }, 400);
+            return;
+        }
+        const db = getDb();
+        // F4: increment unclaim counter. After POISON_THRESHOLD aborts, flip status
+        // to "poisoned" so no agent claims it again — prevents the tight
+        // claim → no DONE → unclaim → re-claim loop we observed on stuck tasks.
+        // Only the claiming agent can unclaim to prevent cross-agent interference.
+        const POISON_THRESHOLD = 2;
+        const result = db.prepare("UPDATE threads SET claimed_by = NULL, claimed_at = NULL, unclaim_count = COALESCE(unclaim_count, 0) + 1 WHERE id = ? AND claimed_by = ? AND status = 'open'").run(thread_id, agent_id);
+        let poisoned = false;
+        if (result.changes === 1) {
+            const row = db.prepare("SELECT unclaim_count FROM threads WHERE id = ?").get(thread_id);
+            if (row && (row.unclaim_count ?? 0) >= POISON_THRESHOLD) {
+                db.prepare("UPDATE threads SET status = 'poisoned' WHERE id = ? AND status = 'open'").run(thread_id);
+                poisoned = true;
+                httpLog.warn({ thread_id, unclaim_count: row.unclaim_count }, "thread poisoned after repeated unclaims");
+            }
+        }
+        json(res, { success: result.changes === 1, poisoned });
+    }
+    else if (url === "/api/claim-task") {
+        const { thread_id, agent_id } = body;
+        if (!thread_id || !agent_id) {
+            json(res, { success: false, error: "thread_id and agent_id required" }, 400);
+            return;
+        }
+        const db = getDb();
+        // Only claim threads with status='open' — poisoned threads are filtered out
+        // automatically because the status filter excludes them.
+        // Directed-dispatch constraint: if assigned_to is set, only that specific
+        // agent can claim; NULL keeps the original open-pool semantics.
+        const result = db.prepare("UPDATE threads SET claimed_by = ?, claimed_at = ? WHERE id = ? AND claimed_by IS NULL AND status = 'open' AND (assigned_to IS NULL OR assigned_to = ?)").run(agent_id, new Date().toISOString(), thread_id, agent_id);
+        if (result.changes === 1) {
+            mqttBridge.publishTaskClaimed(thread_id, agent_id);
+            sseEmitter.emit("task_claimed", { thread_id, agent_id });
+            json(res, { success: true });
+        }
+        else {
+            const thread = consultation.getThread(thread_id);
+            // Surface the assigned_to in the 'why not' response so clients can
+            // distinguish "already claimed by X" from "reserved for Y".
+            json(res, {
+                success: false,
+                claimed_by: thread?.claimed_by || null,
+                assigned_to: thread?.assigned_to || null,
+                status: thread?.status,
+            });
+        }
+    }
+    else if (url === "/api/propose-resolution") {
+        const { thread_id, agent_id, summary } = body;
+        const agentInfo = registry.get(agent_id);
+        consultation.proposeResolution(thread_id, agent_id, summary);
+        sseEmitter.emit("resolution_proposed", {
+            thread_id, agent_id, agent_name: agentInfo?.name || agent_id, summary,
+        });
+        json(res, consultation.getThread(thread_id));
+        mqttBridge.publishTaskCompleted(thread_id, agent_id, summary);
+    }
+    else if (url === "/api/approve-resolution") {
+        const { thread_id, agent_id } = body;
+        const agentInfo = registry.get(agent_id);
+        consultation.approveResolution(thread_id, agent_id, agentInfo?.name);
+        const t = consultation.getThread(thread_id);
+        json(res, t);
+    }
+    else if (url?.startsWith("/api/consultation/") && url?.endsWith("/status")) {
+        const threadId = url.split("/")[3];
+        const thread = consultation.getThreadWithMessages(threadId);
+        if (!thread) {
+            json(res, { error: "not found" }, 404);
+        }
+        else {
+            json(res, {
+                status: thread.thread.status,
+                messages: thread.messages,
+                resolution_summary: thread.thread.resolution_summary,
+                expected_respondents: JSON.parse(thread.thread.expected_respondents || "[]"),
+            });
+        }
+    }
+    else if (url === "/api/threads-active") {
+        const open = consultation.listThreads({ status: "open" });
+        const resolving = consultation.listThreads({ status: "resolving" });
+        json(res, [...open, ...resolving]);
+    }
+    else if (url === "/api/hot-files") {
+        const { since_minutes } = body;
+        json(res, fileTracker.getHotFiles(since_minutes || 30));
+    }
+    else if (url === "/api/quota") {
+        // Pre-flight + live widget endpoint. 200 with fresh QuotaInfo when the
+        // Keychain + Anthropic API are reachable, 503 otherwise. Consumers treat
+        // 503 as "quota unknown = proceed" (fail-open) per the project decision.
+        const info = await quotaCache.get();
+        if (!info) {
+            const status = quotaCache.snapshot();
+            json(res, {
+                error: "quota unavailable",
+                reason: status.lastError,
+                cooldown_until: status.cooldownUntil,
+            }, 503);
+        }
+        else {
+            json(res, {
+                five_hour: info.fiveHour,
+                seven_day: info.sevenDay,
+                seven_day_sonnet: info.sevenDaySonnet,
+                fetched_at: info.fetchedAt,
+            });
+        }
+    }
+    else if (url === "/api/quota/refresh") {
+        // Force-refresh the cache, bypassing the TTL. Used by the dashboard's
+        // manual refresh button. The underlying quotaCache.refresh() is single-
+        // flight-deduped, so mashing the button doesn't stack parallel fetches.
+        // The onRefresh callback on the cache broadcasts via SSE + MQTT, so the
+        // dashboard receives the update through the normal channel too — this
+        // endpoint only exists for "give me the answer now" semantics.
+        const info = await quotaCache.refresh();
+        if (!info) {
+            const status = quotaCache.snapshot();
+            json(res, {
+                error: "quota unavailable",
+                reason: status.lastError,
+                cooldown_until: status.cooldownUntil,
+            }, 503);
+        }
+        else {
+            json(res, {
+                five_hour: info.fiveHour,
+                seven_day: info.sevenDay,
+                seven_day_sonnet: info.sevenDaySonnet,
+                fetched_at: info.fetchedAt,
+            });
+        }
+    }
+    else if (url === "/api/introspection-response") {
+        const { introspection_id, concerned, reason } = body;
+        const intro = introspection.respond(introspection_id, concerned, reason);
+        // If concerned, add to thread's expected_respondents
+        if (concerned && intro) {
+            const db = getDb();
+            const thread = consultation.getThread(intro.thread_id);
+            if (thread && (thread.status === "open" || thread.status === "resolving")) {
+                const respondents = JSON.parse(thread.expected_respondents || "[]");
+                if (!respondents.includes(intro.agent_id)) {
+                    respondents.push(intro.agent_id);
+                    db.prepare("UPDATE threads SET expected_respondents = ? WHERE id = ?")
+                        .run(JSON.stringify(respondents), thread.id);
+                }
+            }
+        }
+        const agentInfo = registry.get(intro?.agent_id || "");
+        sseEmitter.emit("introspection_completed", {
+            introspection_id, thread_id: intro?.thread_id,
+            agent_id: intro?.agent_id, agent_name: agentInfo?.name || intro?.agent_id,
+            concerned, reason,
+        });
+        json(res, intro);
+    }
+    else if (url?.startsWith("/api/pending-introspections")) {
+        const urlObj = new URL(url, "http://localhost");
+        const agent_id = urlObj.searchParams.get("agent_id") || "";
+        const pending = introspection.getPending(agent_id);
+        json(res, pending);
+    }
+    else if (url === "/api/run-config") {
+        if (req.method === "POST") {
+            setRunConfig(body);
+            sseEmitter.emit("run_config", getRunConfig());
+            json(res, { ok: true });
+        }
+        else {
+            json(res, getRunConfig() || { active: false });
+        }
+    }
+    else if (url === "/api/reset") {
+        // B4 fix: gate destructive reset when AUTH is disabled.
+        // When AUTH_ENABLED=true, ADMIN_ONLY_ROUTES already enforced upstream
+        // by authenticateRequest (see auth.ts). This guard covers the AUTH off case.
+        if (!canResetDb(process.env, authEnabled)) {
+            json(res, {
+                error: "Forbidden: /api/reset requires NODE_ENV=test, COORDINATOR_ALLOW_RESET=true, or COORDINATOR_AUTH_ENABLED with admin token",
+            }, 403);
+            return;
+        }
+        // Reset all tables for clean test run (disable FK checks to avoid ordering issues)
+        const db = getDb();
+        db.exec("PRAGMA foreign_keys = OFF");
+        db.exec("DELETE FROM introspections");
+        db.exec("DELETE FROM events");
+        db.exec("DELETE FROM thread_messages");
+        db.exec("DELETE FROM threads");
+        db.exec("DELETE FROM action_summaries");
+        db.exec("DELETE FROM file_activity");
+        db.exec("DELETE FROM agent_activity_status");
+        db.exec("DELETE FROM dependency_map");
+        db.exec("DELETE FROM agents");
+        db.exec("DELETE FROM revoked_agents");
+        db.exec("PRAGMA foreign_keys = ON");
+        setRunConfig(null);
+        json(res, { ok: true });
+    }
+    else if (url === "/api/check-interrupt") {
+        const { agent_id } = body;
+        // Check for threads where this agent is an expected respondent and hasn't posted yet.
+        // Covers both open threads (waiting for initial response) and resolving threads
+        // (waiting for approval/contest of a proposed resolution).
+        const pendingThreads = [
+            ...consultation.listThreads({ status: "open" }),
+            ...consultation.listThreads({ status: "resolving" }),
+        ].filter((t) => {
+            const respondents = JSON.parse(t.expected_respondents || "[]");
+            return respondents.includes(agent_id);
+        });
+        if (pendingThreads.length > 0) {
+            const details = pendingThreads.map((t) => ({
+                thread_id: t.id,
+                subject: t.subject,
+                initiator_id: t.initiator_id,
+                status: t.status,
+                target_files: JSON.parse(t.target_files || "[]"),
+            }));
+            json(res, { interrupt: true, threads: details });
+        }
+        else {
+            json(res, { interrupt: false });
+        }
+    }
+    else if (url?.startsWith("/api/agent-status/")) {
+        const aid = url.split("/")[3];
+        const agent = registry.get(aid);
+        if (!agent) {
+            json(res, { registered: false, status: "unknown" });
+        }
+        else {
+            const activity = activityTracker.getActivity(aid, { idleAfterMinutes: 5 });
+            json(res, { registered: true, status: agent.status, activity: activity.activity_status });
+        }
+    }
+    else if (url === "/api/status") {
+        const online = registry.listOnline();
+        const openThreads = consultation.listThreads({ status: "open" });
+        json(res, {
+            online: online.length,
+            open_threads: openThreads.length,
+            hot_files: fileTracker.getHotFiles(30).length,
+            mqtt: services.mqttBridge.isConnected(),
+        });
+    }
+    else {
+        json(res, { error: "not found" }, 404);
+    }
+}

package/dist/src/http/utils.d.ts

@@ -0,0 +1,15 @@
+import type { IncomingMessage, ServerResponse } from "http";
+/**
+ * S1: shared HTTP helpers extracted from serve-http.ts.
+ * parseBody, json, decodeJwtPayload, safeEqual.
+ */
+export declare function parseBody(req: IncomingMessage): Promise<Record<string, unknown>>;
+export declare function json(res: ServerResponse, data: unknown, status?: number): void;
+/**
+ * Decode a JWT payload WITHOUT verifying. Used only on tokens we just minted
+ * ourselves (to read the `exp` claim before returning it to the client). Real
+ * verification of inbound tokens happens in `authenticateRequest` via
+ * jose.jwtVerify().
+ */
+export declare function decodeJwtPayload(token: string): Record<string, unknown>;
+export declare function safeEqual(a: string, b: string): boolean;

package/dist/src/http/utils.js

@@ -0,0 +1,39 @@
+import { timingSafeEqual } from "crypto";
+/**
+ * S1: shared HTTP helpers extracted from serve-http.ts.
+ * parseBody, json, decodeJwtPayload, safeEqual.
+ */
+export function parseBody(req) {
+    return new Promise((resolve, reject) => {
+        let body = "";
+        req.on("data", (chunk) => (body += chunk.toString()));
+        req.on("end", () => {
+            try {
+                resolve(body ? JSON.parse(body) : {});
+            }
+            catch {
+                reject(new Error("Invalid JSON"));
+            }
+        });
+        req.on("error", reject);
+    });
+}
+export function json(res, data, status = 200) {
+    res.writeHead(status, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
+    res.end(JSON.stringify(data));
+}
+/**
+ * Decode a JWT payload WITHOUT verifying. Used only on tokens we just minted
+ * ourselves (to read the `exp` claim before returning it to the client). Real
+ * verification of inbound tokens happens in `authenticateRequest` via
+ * jose.jwtVerify().
+ */
+export function decodeJwtPayload(token) {
+    const base64url = token.split(".")[1];
+    return JSON.parse(Buffer.from(base64url, "base64url").toString("utf-8"));
+}
+export function safeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}