mcp-coordinator 0.4.0 → 0.5.0

package/dist/src/http/handle-rest.js

@@ -1,3 +1,4 @@
+import { createHash } from "crypto";
 import { getDb } from "../database.js";
 import { runCommonAnnounceFlow } from "../announce-workflow.js";
 import { canResetDb } from "../reset-guard.js";
@@ -5,7 +6,15 @@ import { parseBody, json } from "./utils.js";
 export async function handleRest(req, res, ctx) {
     const { services, httpLog, authEnabled, getRunConfig, setRunConfig } = ctx;
     const url = req.url || "";
-    const body = await parseBody(req);
+    let body;
+    try {
+        body = await parseBody(req);
+    }
+    catch (err) {
+        const e = err;
+        json(res, { error: e.message || "Invalid request" }, e.statusCode || 400);
+        return;
+    }
     const agentId = body.agent_id;
     // Dashboard/work-stealing polls these endpoints every few seconds — demote to debug
     // to keep the info log focused on coordination events (announce, claim, resolve, etc).
@@ -61,7 +70,7 @@ export async function handleRest(req, res, ctx) {
         json(res, { ok: true });
     }
     else if (url === "/api/announce") {
-        const { agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to } = body;
+        const { agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to, target_symbols } = body;
         const thread = consultation.announceWork({ agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to });
         const agentInfo = registry.get(agent_id);
         // S2 fix: shared workflow (impact scoring, override respondents, auto-resolve,
@@ -69,6 +78,7 @@ export async function handleRest(req, res, ctx) {
         // function used by the MCP announce_work tool path.
         const { updated, categorized, respondents, planQuality } = runCommonAnnounceFlow(services, thread.id, {
             agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open,
+            target_symbols,
         });
         // REST-specific thread_opened SSE shape (different field set than MCP — kept
         // divergent because consumers may depend on this exact contract).
@@ -358,6 +368,77 @@ export async function handleRest(req, res, ctx) {
             json(res, { registered: true, status: agent.status, activity: activity.activity_status });
         }
     }
+    else if (url === "/api/file-activity" && req.method === "POST") {
+        if (typeof body.session_id !== "string" || typeof body.agent_id !== "string"
+            || typeof body.tool_name !== "string" || typeof body.file_path !== "string") {
+            json(res, { error: "missing required fields" }, 400);
+            return;
+        }
+        if (body.agent_name !== undefined && typeof body.agent_name !== "string") {
+            json(res, { error: "agent_name must be string when present" }, 400);
+            return;
+        }
+        const MAX_CONTENT = 262144;
+        let symbols = null;
+        let contentHash = null;
+        if (typeof body.content === "string") {
+            if (body.content.length > MAX_CONTENT) {
+                json(res, { error: "content exceeds 256 KB" }, 400);
+                return;
+            }
+            contentHash = createHash("sha256").update(body.content).digest("hex");
+            symbols = ctx.services.treeSitter.extract(body.file_path, body.content, null);
+        }
+        ctx.services.fileTracker.log({
+            session_id: body.session_id,
+            agent_id: body.agent_id,
+            agent_name: body.agent_name,
+            tool_name: body.tool_name,
+            file_path: body.file_path,
+            content_hash: contentHash,
+            symbols_touched: symbols,
+        });
+        json(res, { ok: true });
+    }
+    else if (url === "/api/working-files/start" && req.method === "POST") {
+        if (typeof body.agent_id !== "string" || typeof body.file_path !== "string") {
+            json(res, { error: "agent_id and file_path required" }, 400);
+            return;
+        }
+        const ttl = parseInt(process.env.COORDINATOR_WORKING_FILES_TTL_MIN || "30", 10);
+        services.workingFiles.start(body.agent_id, body.file_path, ttl);
+        json(res, { ok: true });
+    }
+    else if (url === "/api/working-files/stop" && req.method === "POST") {
+        if (typeof body.agent_id !== "string" || typeof body.file_path !== "string") {
+            json(res, { error: "agent_id and file_path required" }, 400);
+            return;
+        }
+        services.workingFiles.stop(body.agent_id, body.file_path);
+        json(res, { ok: true });
+    }
+    else if (url?.startsWith("/api/scoring-stats") && req.method === "GET") {
+        const u = new URL(url, "http://localhost");
+        const sinceParam = u.searchParams.get("since") || "24h";
+        const sinceMin = sinceParam.endsWith("h") ? parseInt(sinceParam) * 60
+            : sinceParam.endsWith("d") ? parseInt(sinceParam) * 60 * 24
+                : 60 * 24;
+        const db = getDb();
+        const layers = db.prepare(`SELECT layer, COUNT(*) AS fire_count, AVG(score) AS avg_score
+       FROM layer_firings
+       WHERE fired_at > datetime('now', '-' || ? || ' minutes')
+       GROUP BY layer
+       ORDER BY fire_count DESC`).all(sinceMin);
+        json(res, {
+            window: { since: sinceParam, now: new Date().toISOString() },
+            layers: layers.map(l => ({
+                layer: l.layer,
+                fire_count: l.fire_count,
+                avg_score: l.avg_score,
+                outcomes: { auto_resolved: 0, consensus: 0, timeout: 0, cancelled: 0 },
+            })),
+        });
+    }
     else if (url === "/api/status") {
         const online = registry.listOnline();
         const openThreads = consultation.listThreads({ status: "open" });

package/dist/src/http/utils.d.ts

@@ -1,8 +1,4 @@
 import type { IncomingMessage, ServerResponse } from "http";
-/**
- * S1: shared HTTP helpers extracted from serve-http.ts.
- * parseBody, json, decodeJwtPayload, safeEqual.
- */
 export declare function parseBody(req: IncomingMessage): Promise<Record<string, unknown>>;
 export declare function json(res: ServerResponse, data: unknown, status?: number): void;
 /**

package/dist/src/http/utils.js

@@ -3,11 +3,25 @@ import { timingSafeEqual } from "crypto";
  * S1: shared HTTP helpers extracted from serve-http.ts.
  * parseBody, json, decodeJwtPayload, safeEqual.
  */
+const MAX_BODY_BYTES = parseInt(process.env.COORDINATOR_MAX_BODY_BYTES || "1048576", 10);
 export function parseBody(req) {
     return new Promise((resolve, reject) => {
-        let body = "";
-        req.on("data", (chunk) => (body += chunk.toString()));
+        let bytes = 0;
+        const chunks = [];
+        req.on("data", (chunk) => {
+            bytes += chunk.length;
+            if (bytes > MAX_BODY_BYTES) {
+                const err = new Error("Payload too large");
+                err.statusCode = 413;
+                // destroy() may not exist on every IncomingMessage-like input (test stub).
+                req.destroy?.(err);
+                reject(err);
+                return;
+            }
+            chunks.push(chunk);
+        });
         req.on("end", () => {
+            const body = Buffer.concat(chunks).toString("utf-8");
             try {
                 resolve(body ? JSON.parse(body) : {});
             }

package/dist/src/impact-scorer.d.ts

@@ -1,6 +1,7 @@
 import type { AgentRegistry } from "./agent-registry.js";
 import type { FileTracker } from "./file-tracker.js";
 import type { Consultation } from "./consultation.js";
+import type { WorkingFilesTracker } from "./working-files-tracker.js";
 export interface ImpactScore {
     agent_id: string;
     agent_name: string;
@@ -19,13 +20,16 @@ interface AnnounceParams {
     target_files: string[];
     depends_on_files?: string[];
     exports_affected?: string[];
+    target_symbols?: string[];
 }
 export declare class ImpactScorer {
     private registry;
     private fileTracker;
     private consultation?;
-    constructor(registry: AgentRegistry, fileTracker: FileTracker, consultation?: Consultation | undefined);
+    private workingFiles?;
+    constructor(registry: AgentRegistry, fileTracker: FileTracker, consultation?: Consultation | undefined, workingFiles?: WorkingFilesTracker | undefined);
     score(params: AnnounceParams): ImpactScore[];
     categorize(params: AnnounceParams): CategorizedImpact;
+    private getRecentSymbolsForFile;
 }
 export {};

package/dist/src/impact-scorer.js

@@ -1,3 +1,4 @@
+import { getDb } from "./database.js";
 // Layer 0 (announced-intent) recency window. Resolved threads older than this
 // are excluded — yesterday's resolved work shouldn't trigger today's scoring.
 // Aligned with file-tracker's default conflict window per the audit guidance.
@@ -11,10 +12,12 @@ export class ImpactScorer {
     registry;
     fileTracker;
     consultation;
-    constructor(registry, fileTracker, consultation) {
+    workingFiles;
+    constructor(registry, fileTracker, consultation, workingFiles) {
         this.registry = registry;
         this.fileTracker = fileTracker;
         this.consultation = consultation;
+        this.workingFiles = workingFiles;
     }
     score(params) {
         const onlineAgents = this.registry
@@ -42,6 +45,34 @@ export class ImpactScorer {
         const fileToAgents = filesToIndex.length > 0
             ? this.fileTracker.getFileToAgentsIndex(filesToIndex, params.agent_id, FILE_ACTIVITY_WINDOW_MINUTES)
             : new Map();
+        const inFlightToAgents = this.workingFiles
+            ? this.workingFiles.getIndex(filesToIndex, params.agent_id)
+            : new Map();
+        // Pre-load symbols_touched for the target_files × online_agents matrix once,
+        // keyed by (file_path, agent_id). Avoids N*M DB roundtrips inside the score loop.
+        let symbolsByFileAgent = null;
+        if (params.target_symbols && params.target_symbols.length > 0 && params.target_files.length > 0) {
+            const db = getDb();
+            const placeholders = params.target_files.map(() => "?").join(",");
+            const rows = db.prepare(`SELECT agent_id, file_path, symbols_touched
+         FROM file_activity
+         WHERE file_path IN (${placeholders})
+           AND symbols_touched IS NOT NULL
+           AND id IN (
+             SELECT MAX(id) FROM file_activity
+             WHERE file_path IN (${placeholders})
+               AND symbols_touched IS NOT NULL
+             GROUP BY agent_id, file_path
+           )`).all(...params.target_files, ...params.target_files);
+            symbolsByFileAgent = new Map();
+            for (const r of rows) {
+                try {
+                    const arr = JSON.parse(r.symbols_touched);
+                    symbolsByFileAgent.set(`${r.file_path}|${r.agent_id}`, arr);
+                }
+                catch { /* malformed JSON: ignore */ }
+            }
+        }
         // O2: bound the resolved-thread query to a recency window. Without this,
         // listThreads({status:'resolved'}) returns ALL historical resolved threads
         // (unbounded growth). The Layer 0 filter only keeps threads where the
@@ -102,12 +133,32 @@ export class ImpactScorer {
                     }
                 }
             }
-            // Layer 1: Same file recently modified (score 100) — uses pre-built index.
+            // Layer 1: Same file recently modified (file_activity) OR currently in flight (working_files).
             for (const targetFile of params.target_files) {
-                const agentsForFile = fileToAgents.get(targetFile);
-                if (agentsForFile && agentsForFile.has(agent.id)) {
+                const recentAgents = fileToAgents.get(targetFile);
+                const inFlightAgents = inFlightToAgents.get(targetFile);
+                if (recentAgents && recentAgents.has(agent.id)) {
                     maxScore = Math.max(maxScore, 100);
-                    reasons.push(`same file: ${targetFile}`);
+                    let annotated = false;
+                    if (params.target_symbols && params.target_symbols.length > 0) {
+                        const theirSymbols = symbolsByFileAgent?.get(`${targetFile}|${agent.id}`) || null;
+                        if (theirSymbols && theirSymbols.length > 0) {
+                            const mine = new Set(params.target_symbols);
+                            const theirs = new Set(theirSymbols);
+                            const overlap = [...mine].some(s => theirs.has(s));
+                            if (!overlap) {
+                                reasons.push(`same file: ${targetFile}; disjoint symbols: you=[${[...mine].join(",")}], them=[${[...theirs].join(",")}] — verify shared module state`);
+                                annotated = true;
+                            }
+                        }
+                    }
+                    if (!annotated) {
+                        reasons.push(`same file (recent): ${targetFile}`);
+                    }
+                }
+                if (inFlightAgents && inFlightAgents.has(agent.id)) {
+                    maxScore = Math.max(maxScore, 100);
+                    reasons.push(`same file (in flight): ${targetFile}`);
                 }
             }
             // Layer 2: Depends-on file recently modified (score 80)
@@ -126,9 +177,34 @@ export class ImpactScorer {
                 maxScore = Math.max(maxScore, 30);
                 reasons.push(`module overlap: ${overlapping.join(", ")}`);
             }
-            // Layer 4 (future): Git co-change analysis
-            // Score 60 for >50% co-change ratio, 40 for >20%
-            // Requires git history analysis — not implemented in v3 prototype
+            // Layer 4: git co-change. For each target_file F, find rows in git_cochange where
+            // (LEAST(F,partner), GREATEST(F,partner)) match. If the OTHER agent recently
+            // touched the partner file, apply the co-change score.
+            const db = getDb();
+            for (const targetFile of params.target_files) {
+                const rows = db.prepare(`SELECT file_a, file_b, count, total_commits FROM git_cochange
+           WHERE file_a = ? OR file_b = ?`).all(targetFile, targetFile);
+                for (const r of rows) {
+                    const partner = r.file_a === targetFile ? r.file_b : r.file_a;
+                    const ratio = r.count / Math.max(r.total_commits, 1);
+                    let layer4Score = 0;
+                    if (ratio > 0.5)
+                        layer4Score = 60;
+                    else if (ratio > 0.2)
+                        layer4Score = 40;
+                    if (layer4Score === 0)
+                        continue;
+                    // Did the OTHER agent touch the partner file recently?
+                    const partnerActivity = db.prepare(`SELECT 1 FROM file_activity
+             WHERE file_path = ? AND agent_id = ?
+               AND created_at > datetime('now', '-60 minutes')
+             LIMIT 1`).get(partner, agent.id);
+                    if (partnerActivity) {
+                        maxScore = Math.max(maxScore, layer4Score);
+                        reasons.push(`co-change: ${targetFile} ↔ ${partner} (ratio ${ratio.toFixed(2)})`);
+                    }
+                }
+            }
             return {
                 agent_id: agent.id,
                 agent_name: agent.name,
@@ -146,4 +222,18 @@ export class ImpactScorer {
             pass: scores.filter((s) => s.score < 30),
         };
     }
+    getRecentSymbolsForFile(filePath, agentId) {
+        const db = getDb();
+        const row = db.prepare(`SELECT symbols_touched FROM file_activity
+       WHERE agent_id = ? AND file_path = ? AND symbols_touched IS NOT NULL
+       ORDER BY id DESC LIMIT 1`).get(agentId, filePath);
+        if (!row || !row.symbols_touched)
+            return null;
+        try {
+            return JSON.parse(row.symbols_touched);
+        }
+        catch {
+            return null;
+        }
+    }
 }

package/dist/src/metrics.d.ts

@@ -42,6 +42,11 @@ export declare class Metrics {
     readonly threadsResolving: Gauge<string>;
     readonly mqttListenersActive: Gauge<string>;
     readonly sseClientsActive: Gauge<string>;
+    readonly workingFilesActive: Gauge<string>;
+    readonly gitCochangePairs: Gauge<string>;
+    readonly workingFilesStarts: Counter<"result">;
+    readonly treeSitterParseFailures: Counter<string>;
+    readonly gitCochangeBuilds: Counter<"outcome">;
     constructor(opts?: MetricsOptions);
     recordAnnounce(result: AnnounceResult): void;
     recordThreadResolved(type: ResolutionType): void;

package/dist/src/metrics.js

@@ -14,6 +14,12 @@ export class Metrics {
     threadsResolving;
     mqttListenersActive;
     sseClientsActive;
+    workingFilesActive;
+    gitCochangePairs;
+    // v0.6 counters
+    workingFilesStarts;
+    treeSitterParseFailures;
+    gitCochangeBuilds;
     constructor(opts = {}) {
         this.registry = new Registry();
         if (opts.collectDefault !== false) {
@@ -72,6 +78,33 @@ export class Metrics {
             help: "Current number of connected SSE clients",
             registers: [this.registry],
         });
+        this.workingFilesActive = new Gauge({
+            name: "mcp_coordinator_working_files_active",
+            help: "Current working_files row count",
+            registers: [this.registry],
+        });
+        this.workingFilesStarts = new Counter({
+            name: "mcp_coordinator_working_files_starts_total",
+            help: "Total working_files start calls",
+            labelNames: ["result"],
+            registers: [this.registry],
+        });
+        this.treeSitterParseFailures = new Counter({
+            name: "mcp_coordinator_tree_sitter_parse_failures_total",
+            help: "Tree-sitter parse failures",
+            registers: [this.registry],
+        });
+        this.gitCochangeBuilds = new Counter({
+            name: "mcp_coordinator_git_cochange_builds_total",
+            help: "git_cochange build attempts",
+            labelNames: ["outcome"],
+            registers: [this.registry],
+        });
+        this.gitCochangePairs = new Gauge({
+            name: "mcp_coordinator_git_cochange_pairs_total",
+            help: "Current git_cochange row count",
+            registers: [this.registry],
+        });
     }
     // ── Counter helpers (named methods make hook points obvious) ──
     recordAnnounce(result) {

package/dist/src/path-normalize.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Normalize a file path for matching/correctness — NOT security.
+ *
+ * Returns POSIX (forward slash), repo-relative when repoRoot is provided,
+ * lower-cased when the path is Windows-style (drive letter prefix in repoRoot
+ * or input, or backslash in input). Collapses ./ and .. segments via
+ * path.posix.normalize.
+ *
+ * The lowercase pass is anchored to path SHAPE rather than `process.platform`
+ * so a Linux coordinator processing paths from a Windows agent (or a CI run
+ * exercising Windows-shaped fixtures) still produces consistent canonical
+ * forms.
+ *
+ * Throws when an absolute path falls outside repoRoot. Security path
+ * traversal checks are separate (see path-guard.ts:safeJoinUnderRoot).
+ */
+export declare function normalizePath(repoRoot: string | null, input: string): string;

package/dist/src/path-normalize.js

@@ -0,0 +1,38 @@
+import path from "path";
+/**
+ * Normalize a file path for matching/correctness — NOT security.
+ *
+ * Returns POSIX (forward slash), repo-relative when repoRoot is provided,
+ * lower-cased when the path is Windows-style (drive letter prefix in repoRoot
+ * or input, or backslash in input). Collapses ./ and .. segments via
+ * path.posix.normalize.
+ *
+ * The lowercase pass is anchored to path SHAPE rather than `process.platform`
+ * so a Linux coordinator processing paths from a Windows agent (or a CI run
+ * exercising Windows-shaped fixtures) still produces consistent canonical
+ * forms.
+ *
+ * Throws when an absolute path falls outside repoRoot. Security path
+ * traversal checks are separate (see path-guard.ts:safeJoinUnderRoot).
+ */
+export function normalizePath(repoRoot, input) {
+    const isWindowsStyle = (repoRoot != null && (/^[a-zA-Z]:/.test(repoRoot) || repoRoot.includes("\\"))) ||
+        /^[a-zA-Z]:/.test(input) ||
+        input.includes("\\");
+    let p = input.replace(/\\/g, "/");
+    if (repoRoot) {
+        const root = repoRoot.replace(/\\/g, "/").replace(/\/+$/, "");
+        if (path.isAbsolute(input) || /^[a-zA-Z]:/.test(input)) {
+            const lowerP = isWindowsStyle ? p.toLowerCase() : p;
+            const lowerRoot = isWindowsStyle ? root.toLowerCase() : root;
+            if (!lowerP.startsWith(lowerRoot + "/") && lowerP !== lowerRoot) {
+                throw new Error(`path is outside repoRoot: ${input}`);
+            }
+            p = p.slice(root.length).replace(/^\/+/, "");
+        }
+    }
+    p = path.posix.normalize(p).replace(/^\.\//, "");
+    if (isWindowsStyle)
+        p = p.toLowerCase();
+    return p;
+}

package/dist/src/serve-http.js

@@ -17,6 +17,8 @@ import { createLogger } from "./logger.js";
 import { initAuth, authenticateRequest, createToken, refreshToken, revokeAgent, setAuthLogger, verifyToken } from "./auth.js";
 import { safeJoinUnderRoot } from "./path-guard.js";
 import { handleRest as handleRestExt } from "./http/handle-rest.js";
+import { handleLivez, handleReadyz, handleHealth } from "./http/handle-health.js";
+import { serveMetrics } from "./metrics.js";
 import { parseBody as parseBodyShared, json as jsonShared } from "./http/utils.js";
 import { getVersion } from "../cli/version.js";
 const VERSION = getVersion();
@@ -83,7 +85,15 @@ async function handleRest(req, res) {
 }
 async function handleAuth(req, res) {
     const url = req.url || "";
-    const body = await parseBody(req);
+    let body;
+    try {
+        body = await parseBody(req);
+    }
+    catch (err) {
+        const e = err;
+        json(res, { error: e.message || "Invalid request" }, e.statusCode || 400);
+        return;
+    }
     if (url === "/api/auth/register" && req.method === "POST") {
         const { agent_name, registration_secret } = body;
         if (!agent_name || !registration_secret) {
@@ -184,6 +194,8 @@ function handleSse(req, res) {
         Connection: "keep-alive",
         "Access-Control-Allow-Origin": "*",
     });
+    services.metrics.incSseClients();
+    services.metrics.recordHttpRequest("/api/events", 200);
     // Use Last-Event-ID for resumption, otherwise send last 50
     const lastEventId = parseInt(req.headers["last-event-id"] || "0", 10);
     const events = lastEventId > 0
@@ -217,6 +229,7 @@ function handleSse(req, res) {
         // fires between close and unsubscribe can't write to a dead socket.
         clearInterval(heartbeat);
         unsubscribe();
+        services.metrics.decSseClients();
     });
 }
 export async function startServer(opts) {
@@ -303,8 +316,21 @@ export async function startServer(opts) {
                 }
                 return;
             }
+            else if (url === "/livez") {
+                handleLivez(req, res);
+                services.metrics.recordHttpRequest("/livez", 200);
+            }
+            else if (url === "/readyz") {
+                handleReadyz(req, res, services);
+                services.metrics.recordHttpRequest("/readyz", res.statusCode || 0);
+            }
             else if (url === "/health") {
-                json(res, { status: "ok", version: VERSION });
+                handleHealth(req, res);
+                services.metrics.recordHttpRequest("/health", 200);
+            }
+            else if (url === "/metrics" && req.method === "GET") {
+                await serveMetrics(req, res, services, services.metrics);
+                services.metrics.recordHttpRequest("/metrics", 200);
             }
             else if (url === "/api/events" && req.method === "GET") {
                 handleSse(req, res);
@@ -361,15 +387,18 @@ export async function startServer(opts) {
                     const authResult = await authenticateRequest(req);
                     if (!authResult.ok) {
                         authLog.warn({ reason: authResult.error, url, ip: req.socket.remoteAddress }, "Auth rejected");
+                        services.metrics.recordAuthRejected();
                         json(res, { error: authResult.error }, authResult.status);
                         return;
                     }
                 }
                 if (url.startsWith("/api/") && (req.method === "POST" || req.method === "GET")) {
                     await handleRest(req, res);
+                    services.metrics.recordHttpRequest((url.split("?")[0] || ""), res.statusCode || 0);
                 }
                 else {
                     json(res, { error: "not found" }, 404);
+                    services.metrics.recordHttpRequest((url.split("?")[0] || ""), 404);
                 }
             }
         }
@@ -418,6 +447,10 @@ export async function startServer(opts) {
     services.mqttBridge.onOffline((agentId) => {
         services.registry.setOffline(agentId);
         services.consultation.handleAgentDeparture(agentId);
+        // Clear in-flight working_files AFTER consultation cleanup so any future
+        // consultation logic that might inspect working_files state for this agent
+        // sees the pre-cleanup view.
+        services.workingFiles.clearForAgent(agentId);
         services.sseEmitter.emit("agent_offline", { agent_id: agentId });
     });
     // Wait for the HTTP server to be actually listening before resolving the
@@ -483,6 +516,12 @@ export async function startServer(opts) {
         catch (err) {
             log.warn({ err }, "Error stopping timeout sweeper");
         }
+        try {
+            services.workingFiles.stopSweeper();
+        }
+        catch (err) {
+            log.warn({ err }, "Error stopping working-files sweeper");
+        }
         try {
             const { closeDb } = await import("./database.js");
             closeDb?.();

package/dist/src/server-setup.d.ts

@@ -11,7 +11,10 @@ import { SseEmitter } from "./sse-emitter.js";
 import { MqttBridge } from "./mqtt-bridge.js";
 import { AgentActivityTracker } from "./agent-activity.js";
 import { QuotaCache } from "./quota/quota-cache.js";
+import { WorkingFilesTracker } from "./working-files-tracker.js";
 import { Metrics } from "./metrics.js";
+import { TreeSitterExtractor } from "./tree-sitter-extractor.js";
+import { GitCochangeBuilder } from "./git-cochange-builder.js";
 import type { CoordinatorConfig } from "./types.js";
 import { type Logger } from "./logger.js";
 export interface CoordinatorServices {
@@ -23,12 +26,15 @@ export interface CoordinatorServices {
     depMap: DependencyMapper;
     fileTracker: FileTracker;
     impactScorer: ImpactScorer;
+    workingFiles: WorkingFilesTracker;
     introspection: IntrospectionManager;
     contextProvider: SummaryContextProvider;
     sseEmitter: SseEmitter;
     mqttBridge: MqttBridge;
     quotaCache: QuotaCache;
     metrics: Metrics;
+    treeSitter: TreeSitterExtractor;
+    gitCochange: GitCochangeBuilder | null;
 }
 /** Create shared services (once at startup). */
 export declare function createServices(config: CoordinatorConfig): CoordinatorServices;

package/dist/src/server-setup.js

@@ -18,7 +18,10 @@ import { SseEmitter } from "./sse-emitter.js";
 import { MqttBridge } from "./mqtt-bridge.js";
 import { AgentActivityTracker } from "./agent-activity.js";
 import { QuotaCache } from "./quota/quota-cache.js";
+import { WorkingFilesTracker } from "./working-files-tracker.js";
 import { Metrics } from "./metrics.js";
+import { TreeSitterExtractor } from "./tree-sitter-extractor.js";
+import { GitCochangeBuilder } from "./git-cochange-builder.js";
 import { createLogger } from "./logger.js";
 import { getVersion } from "../cli/version.js";
 const VERSION = getVersion();
@@ -26,18 +29,35 @@ const VERSION = getVersion();
 export function createServices(config) {
     initDatabase(config.dataDir);
     const logger = createLogger();
+    const metrics = new Metrics();
     const registry = new AgentRegistry();
     const activityTracker = new AgentActivityTracker(registry);
     const consultation = new Consultation(logger.child({ component: "consultation" }));
     const depMap = new DependencyMapper();
     const fileTracker = new FileTracker();
-    const impactScorer = new ImpactScorer(registry, fileTracker, consultation);
+    const workingFiles = new WorkingFilesTracker(logger.child({ component: "working-files" }), metrics);
+    workingFiles.startSweeper(parseInt(process.env.COORDINATOR_WORKING_FILES_SWEEP_INTERVAL_MS || "60000", 10));
+    const impactScorer = new ImpactScorer(registry, fileTracker, consultation, workingFiles);
     const introspection = new IntrospectionManager();
     const conflictDetector = new ConflictDetector(consultation, depMap, fileTracker, logger.child({ component: "conflict" }));
     const contextProvider = new SummaryContextProvider(registry, consultation, fileTracker);
     const sseEmitter = new SseEmitter();
     const mqttBridge = new MqttBridge(logger.child({ component: "mqtt" }));
-    const metrics = new Metrics();
+    const treeSitter = new TreeSitterExtractor(metrics);
+    treeSitter.load().catch(() => { });
+    const repoRoot = process.env.COORDINATOR_REPO_ROOT;
+    const gitCochange = repoRoot
+        ? new GitCochangeBuilder({
+            repoRoot,
+            logger: logger.child({ component: "gitcc" }),
+            metrics,
+            sinceDays: parseInt(process.env.COORDINATOR_LAYER4_SINCE_DAYS || "7", 10),
+            maxCount: parseInt(process.env.COORDINATOR_LAYER4_MAX_COMMITS || "2000", 10),
+            refreshMs: parseInt(process.env.COORDINATOR_LAYER4_REFRESH_INTERVAL_MS || "1800000", 10),
+            retryMs: parseInt(process.env.COORDINATOR_LAYER4_RETRY_MS || "300000", 10),
+        })
+        : null;
+    gitCochange?.startScheduler();
     // Quota cache — macOS-only for now, Linux/Windows stubs return 503 via the
     // /api/quota handler so raids keep running without a quota guardrail there.
     // onRefresh fans the new data out to dashboard (SSE) + any live listener (MQTT)
@@ -88,7 +108,7 @@ export function createServices(config) {
     });
     return {
         logger, registry, activityTracker, consultation, conflictDetector,
-        depMap, fileTracker, impactScorer, introspection, contextProvider, sseEmitter, mqttBridge, quotaCache, metrics,
+        depMap, fileTracker, impactScorer, workingFiles, introspection, contextProvider, sseEmitter, mqttBridge, quotaCache, metrics, treeSitter, gitCochange,
     };
 }
 /** Create a new McpServer bound to the shared services (one per MCP session). */

package/dist/src/tools/consultation-tools.js

@@ -30,7 +30,9 @@ export function registerConsultationTools(server, services, mcpLog) {
         exports_affected: z.array(z.string()).optional(),
         keep_open: z.boolean().optional().describe("Keep thread open even if no agents are concerned (for manual coordination like games or debates)"),
         assigned_to: z.string().optional().describe("Directed-dispatch: only this agent_id will be allowed to claim the thread. Use for lead→worker handoffs in maitre/chaine/relais presets. Implies keep_open=true."),
-    }, async ({ agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to }) => {
+        target_symbols: z.array(z.string().max(256)).max(200).optional()
+            .describe("Qualified symbol names you intend to touch (e.g. 'UserService.getById'). Used by Layer 0.5 to annotate same-file overlaps."),
+    }, async ({ agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to, target_symbols }) => {
         mcpLog.info({ tool: "announce_work", agent_id, subject, target_modules, target_files, assigned_to }, "Tool called");
         const conflicts = conflictDetector.detect({ agent_id, target_modules, target_files });
         const thread = consultation.announceWork({
@@ -41,7 +43,7 @@ export function registerConsultationTools(server, services, mcpLog) {
                 .run(JSON.stringify(conflicts), thread.id);
         }
         const { updated, categorized, respondents, planQuality } = runCommonAnnounceFlow(services, thread.id, {
-            agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open,
+            agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, target_symbols,
         });
         sseEmitter.emit("thread_opened", {
             thread_id: thread.id, initiator: agent_id, subject, target_modules, conflicts,