mcp-coordinator 0.6.0 → 0.7.0

package/dist/src/http/handle-rest.js

@@ -3,6 +3,7 @@ import { getDb } from "../database.js";
 import { runCommonAnnounceFlow } from "../announce-workflow.js";
 import { canResetDb } from "../reset-guard.js";
 import { parseBody, json } from "./utils.js";
+import { normalizePath } from "../path-normalize.js";
 export async function handleRest(req, res, ctx) {
     const { services, httpLog, authEnabled, getRunConfig, setRunConfig } = ctx;
     const url = req.url || "";
@@ -30,14 +31,14 @@ export async function handleRest(req, res, ctx) {
     const { registry, activityTracker, consultation, fileTracker, introspection, sseEmitter, mqttBridge, quotaCache } = services;
     if (url === "/api/register") {
         const { agent_id, name, modules } = body;
-        const agent = registry.register(agent_id, name, modules || []);
-        sseEmitter.emit("agent_online", { agent_id, name, modules });
+        const agent = registry.register(ctx.claims.org, agent_id, name, modules || []);
+        sseEmitter.emit("agent_online", { agent_id, name, modules }, { org_id: ctx.claims.org });
         json(res, agent);
     }
     else if (url === "/api/session-start") {
-        const online = registry.listOnline();
-        const openThreads = consultation.listThreads({ status: "open" });
-        const hotFiles = fileTracker.getHotFiles(30);
+        const online = registry.listOnline(ctx.claims.org);
+        const openThreads = consultation.listThreads(ctx.claims.org, { status: "open" });
+        const hotFiles = fileTracker.getHotFiles(ctx.claims.org, 30);
         const briefing = [
             `Agents en ligne: ${online.map((a) => a.name).join(", ") || "aucun"}`,
             `Consultations ouvertes: ${openThreads.length}`,
@@ -47,15 +48,15 @@ export async function handleRest(req, res, ctx) {
     }
     else if (url === "/api/session-stop") {
         const { agent_id } = body;
-        registry.setOffline(agent_id);
-        activityTracker.reportOffline(agent_id);
+        registry.setOffline(ctx.claims.org, agent_id);
+        activityTracker.reportOffline(ctx.claims.org, agent_id);
         consultation.handleAgentDeparture(agent_id);
-        sseEmitter.emit("agent_offline", { agent_id });
+        sseEmitter.emit("agent_offline", { agent_id }, { org_id: ctx.claims.org });
         json(res, { ok: true });
     }
     else if (url === "/api/check-conflict") {
         const { file, agent_id } = body;
-        const conflict = fileTracker.checkFileConflict(file, agent_id, 30);
+        const conflict = fileTracker.checkFileConflict(ctx.claims.org, file, agent_id, 30);
         const warnings = [];
         if (conflict.conflict) {
             warnings.push(`File ${file} recently edited by: ${conflict.agents.join(", ")}`);
@@ -64,20 +65,20 @@ export async function handleRest(req, res, ctx) {
     }
     else if (url === "/api/log-file") {
         const { session_id, agent_id, agent_name, tool_name, file } = body;
-        fileTracker.log({ session_id, agent_id, agent_name, tool_name, file_path: file });
-        activityTracker.reportFileActivity(agent_id, file);
-        sseEmitter.emit("file_edited", { agent_id, agent_name: agent_name || agent_id, file, tool_name });
+        fileTracker.log({ org_id: ctx.claims.org, session_id, agent_id, agent_name, tool_name, file_path: file });
+        activityTracker.reportFileActivity(ctx.claims.org, agent_id, file);
+        sseEmitter.emit("file_edited", { agent_id, agent_name: agent_name || agent_id, file, tool_name }, { org_id: ctx.claims.org });
         json(res, { ok: true });
     }
     else if (url === "/api/announce") {
         const { agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to, target_symbols } = body;
-        const thread = consultation.announceWork({ agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to });
-        const agentInfo = registry.get(agent_id);
+        const thread = consultation.announceWork(ctx.claims.org, { agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open, assigned_to });
+        const agentInfo = registry.get(ctx.claims.org, agent_id);
         // S2 fix: shared workflow (impact scoring, override respondents, auto-resolve,
         // impact_scored + introspection SSE, plan-quality downgrade event). Same
         // function used by the MCP announce_work tool path.
         const { updated, categorized, respondents, planQuality } = runCommonAnnounceFlow(services, thread.id, {
-            agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open,
+            org_id: ctx.claims.org, agent_id, subject, plan, target_modules, target_files, depends_on_files, exports_affected, keep_open,
             target_symbols,
         });
         // REST-specific thread_opened SSE shape (different field set than MCP — kept
@@ -90,7 +91,7 @@ export async function handleRest(req, res, ctx) {
             mode: planQuality.mode,
             plan: plan || null,
             plan_quality: planQuality,
-        });
+        }, { org_id: ctx.claims.org });
         json(res, { thread_id: thread.id, status: updated.status, impact: categorized });
     }
     else if (url === "/api/post-to-thread") {
@@ -98,7 +99,7 @@ export async function handleRest(req, res, ctx) {
         // Pre-check the thread so we can return actionable status codes instead
         // of always-500 on any error. The client uses the status to decide
         // whether to warn (unexpected) or silently skip (normal race).
-        const targetThread = consultation.getThread(thread_id);
+        const targetThread = consultation.getThread(ctx.claims.org, thread_id);
         if (!targetThread) {
             json(res, { error: "thread_not_found", thread_id }, 404);
             return;
@@ -107,20 +108,20 @@ export async function handleRest(req, res, ctx) {
             json(res, { error: "thread_cancelled", thread_id }, 410);
             return;
         }
-        const msg = consultation.postToThread({ thread_id, agent_id, agent_name, type, content });
-        const thread = consultation.getThread(thread_id);
+        const msg = consultation.postToThread(ctx.claims.org, { thread_id, agent_id, agent_name, type, content });
+        const thread = consultation.getThread(ctx.claims.org, thread_id);
         sseEmitter.emit("message_posted", {
             thread_id, agent_id, agent_name: agent_name || agent_id,
             type, content, round: thread?.round || 1,
             token_estimate: msg.token_estimate || 0,
-        });
+        }, { org_id: ctx.claims.org });
         json(res, msg);
     }
     else if (url === "/api/token-usage") {
         // Agent → coordinator telemetry, emitted once per LLM turn so the dashboard
         // and reports can pinpoint where tokens are being burned.
         const payload = body;
-        sseEmitter.emit("token_usage", payload);
+        sseEmitter.emit("token_usage", payload, { org_id: ctx.claims.org });
         json(res, { ok: true });
     }
     else if (url === "/api/unclaim-task") {
@@ -135,12 +136,12 @@ export async function handleRest(req, res, ctx) {
         // claim → no DONE → unclaim → re-claim loop we observed on stuck tasks.
         // Only the claiming agent can unclaim to prevent cross-agent interference.
         const POISON_THRESHOLD = 2;
-        const result = db.prepare("UPDATE threads SET claimed_by = NULL, claimed_at = NULL, unclaim_count = COALESCE(unclaim_count, 0) + 1 WHERE id = ? AND claimed_by = ? AND status = 'open'").run(thread_id, agent_id);
+        const result = db.prepare("UPDATE threads SET claimed_by = NULL, claimed_at = NULL, unclaim_count = COALESCE(unclaim_count, 0) + 1 WHERE id = ? AND org_id = ? AND claimed_by = ? AND status = 'open'").run(thread_id, ctx.claims.org, agent_id);
         let poisoned = false;
         if (result.changes === 1) {
-            const row = db.prepare("SELECT unclaim_count FROM threads WHERE id = ?").get(thread_id);
+            const row = db.prepare("SELECT unclaim_count FROM threads WHERE id = ? AND org_id = ?").get(thread_id, ctx.claims.org);
             if (row && (row.unclaim_count ?? 0) >= POISON_THRESHOLD) {
-                db.prepare("UPDATE threads SET status = 'poisoned' WHERE id = ? AND status = 'open'").run(thread_id);
+                db.prepare("UPDATE threads SET status = 'poisoned' WHERE id = ? AND org_id = ? AND status = 'open'").run(thread_id, ctx.claims.org);
                 poisoned = true;
                 httpLog.warn({ thread_id, unclaim_count: row.unclaim_count }, "thread poisoned after repeated unclaims");
             }
@@ -158,14 +159,14 @@ export async function handleRest(req, res, ctx) {
         // automatically because the status filter excludes them.
         // Directed-dispatch constraint: if assigned_to is set, only that specific
         // agent can claim; NULL keeps the original open-pool semantics.
-        const result = db.prepare("UPDATE threads SET claimed_by = ?, claimed_at = ? WHERE id = ? AND claimed_by IS NULL AND status = 'open' AND (assigned_to IS NULL OR assigned_to = ?)").run(agent_id, new Date().toISOString(), thread_id, agent_id);
+        const result = db.prepare("UPDATE threads SET claimed_by = ?, claimed_at = ? WHERE id = ? AND org_id = ? AND claimed_by IS NULL AND status = 'open' AND (assigned_to IS NULL OR assigned_to = ?)").run(agent_id, new Date().toISOString(), thread_id, ctx.claims.org, agent_id);
         if (result.changes === 1) {
             mqttBridge.publishTaskClaimed(thread_id, agent_id);
-            sseEmitter.emit("task_claimed", { thread_id, agent_id });
+            sseEmitter.emit("task_claimed", { thread_id, agent_id }, { org_id: ctx.claims.org });
             json(res, { success: true });
         }
         else {
-            const thread = consultation.getThread(thread_id);
+            const thread = consultation.getThread(ctx.claims.org, thread_id);
             // Surface the assigned_to in the 'why not' response so clients can
             // distinguish "already claimed by X" from "reserved for Y".
             json(res, {
@@ -178,24 +179,24 @@ export async function handleRest(req, res, ctx) {
     }
     else if (url === "/api/propose-resolution") {
         const { thread_id, agent_id, summary } = body;
-        const agentInfo = registry.get(agent_id);
-        consultation.proposeResolution(thread_id, agent_id, summary);
+        const agentInfo = registry.get(ctx.claims.org, agent_id);
+        consultation.proposeResolution(ctx.claims.org, thread_id, agent_id, summary);
         sseEmitter.emit("resolution_proposed", {
             thread_id, agent_id, agent_name: agentInfo?.name || agent_id, summary,
-        });
-        json(res, consultation.getThread(thread_id));
+        }, { org_id: ctx.claims.org });
+        json(res, consultation.getThread(ctx.claims.org, thread_id));
         mqttBridge.publishTaskCompleted(thread_id, agent_id, summary);
     }
     else if (url === "/api/approve-resolution") {
         const { thread_id, agent_id } = body;
-        const agentInfo = registry.get(agent_id);
-        consultation.approveResolution(thread_id, agent_id, agentInfo?.name);
-        const t = consultation.getThread(thread_id);
+        const agentInfo = registry.get(ctx.claims.org, agent_id);
+        consultation.approveResolution(ctx.claims.org, thread_id, agent_id, agentInfo?.name ?? undefined);
+        const t = consultation.getThread(ctx.claims.org, thread_id);
         json(res, t);
     }
     else if (url?.startsWith("/api/consultation/") && url?.endsWith("/status")) {
         const threadId = url.split("/")[3];
-        const thread = consultation.getThreadWithMessages(threadId);
+        const thread = consultation.getThreadWithMessages(ctx.claims.org, threadId);
         if (!thread) {
             json(res, { error: "not found" }, 404);
         }
@@ -209,13 +210,13 @@ export async function handleRest(req, res, ctx) {
         }
     }
     else if (url === "/api/threads-active") {
-        const open = consultation.listThreads({ status: "open" });
-        const resolving = consultation.listThreads({ status: "resolving" });
+        const open = consultation.listThreads(ctx.claims.org, { status: "open" });
+        const resolving = consultation.listThreads(ctx.claims.org, { status: "resolving" });
         json(res, [...open, ...resolving]);
     }
     else if (url === "/api/hot-files") {
         const { since_minutes } = body;
-        json(res, fileTracker.getHotFiles(since_minutes || 30));
+        json(res, fileTracker.getHotFiles(ctx.claims.org, since_minutes || 30));
     }
     else if (url === "/api/quota") {
         // Pre-flight + live widget endpoint. 200 with fresh QuotaInfo when the
@@ -266,38 +267,38 @@ export async function handleRest(req, res, ctx) {
     }
     else if (url === "/api/introspection-response") {
         const { introspection_id, concerned, reason } = body;
-        const intro = introspection.respond(introspection_id, concerned, reason);
+        const intro = introspection.respond(ctx.claims.org, introspection_id, reason);
         // If concerned, add to thread's expected_respondents
         if (concerned && intro) {
             const db = getDb();
-            const thread = consultation.getThread(intro.thread_id);
+            const thread = consultation.getThread(ctx.claims.org, intro.thread_id);
             if (thread && (thread.status === "open" || thread.status === "resolving")) {
                 const respondents = JSON.parse(thread.expected_respondents || "[]");
                 if (!respondents.includes(intro.agent_id)) {
                     respondents.push(intro.agent_id);
-                    db.prepare("UPDATE threads SET expected_respondents = ? WHERE id = ?")
-                        .run(JSON.stringify(respondents), thread.id);
+                    db.prepare("UPDATE threads SET expected_respondents = ? WHERE id = ? AND org_id = ?")
+                        .run(JSON.stringify(respondents), thread.id, ctx.claims.org);
                 }
             }
         }
-        const agentInfo = registry.get(intro?.agent_id || "");
+        const agentInfo = registry.get(ctx.claims.org, intro?.agent_id || "");
         sseEmitter.emit("introspection_completed", {
             introspection_id, thread_id: intro?.thread_id,
             agent_id: intro?.agent_id, agent_name: agentInfo?.name || intro?.agent_id,
             concerned, reason,
-        });
+        }, { org_id: ctx.claims.org });
         json(res, intro);
     }
     else if (url?.startsWith("/api/pending-introspections")) {
         const urlObj = new URL(url, "http://localhost");
         const agent_id = urlObj.searchParams.get("agent_id") || "";
-        const pending = introspection.getPending(agent_id);
+        const pending = introspection.getPending(ctx.claims.org, agent_id);
         json(res, pending);
     }
     else if (url === "/api/run-config") {
         if (req.method === "POST") {
             setRunConfig(body);
-            sseEmitter.emit("run_config", getRunConfig());
+            sseEmitter.emit("run_config", getRunConfig(), { org_id: ctx.claims.org });
             json(res, { ok: true });
         }
         else {
@@ -337,8 +338,8 @@ export async function handleRest(req, res, ctx) {
         // Covers both open threads (waiting for initial response) and resolving threads
         // (waiting for approval/contest of a proposed resolution).
         const pendingThreads = [
-            ...consultation.listThreads({ status: "open" }),
-            ...consultation.listThreads({ status: "resolving" }),
+            ...consultation.listThreads(ctx.claims.org, { status: "open" }),
+            ...consultation.listThreads(ctx.claims.org, { status: "resolving" }),
         ].filter((t) => {
             const respondents = JSON.parse(t.expected_respondents || "[]");
             return respondents.includes(agent_id);
@@ -359,12 +360,12 @@ export async function handleRest(req, res, ctx) {
     }
     else if (url?.startsWith("/api/agent-status/")) {
         const aid = url.split("/")[3];
-        const agent = registry.get(aid);
+        const agent = registry.get(ctx.claims.org, aid);
         if (!agent) {
             json(res, { registered: false, status: "unknown" });
         }
         else {
-            const activity = activityTracker.getActivity(aid, { idleAfterMinutes: 5 });
+            const activity = activityTracker.getActivity(ctx.claims.org, aid, { idleAfterMinutes: 5 });
             json(res, { registered: true, status: agent.status, activity: activity.activity_status });
         }
     }
@@ -378,6 +379,15 @@ export async function handleRest(req, res, ctx) {
             json(res, { error: "agent_name must be string when present" }, 400);
             return;
         }
+        const repoRoot = process.env.COORDINATOR_REPO_ROOT || null;
+        let filePath;
+        try {
+            filePath = normalizePath(repoRoot, body.file_path);
+        }
+        catch (err) {
+            json(res, { error: `invalid file_path: ${err.message}` }, 400);
+            return;
+        }
         const MAX_CONTENT = 262144;
         let symbols = null;
         let contentHash = null;
@@ -387,14 +397,15 @@ export async function handleRest(req, res, ctx) {
                 return;
             }
             contentHash = createHash("sha256").update(body.content).digest("hex");
-            symbols = ctx.services.treeSitter.extract(body.file_path, body.content, null);
+            symbols = ctx.services.treeSitter.extract(filePath, body.content, null);
         }
         ctx.services.fileTracker.log({
+            org_id: ctx.claims.org,
             session_id: body.session_id,
             agent_id: body.agent_id,
             agent_name: body.agent_name,
             tool_name: body.tool_name,
-            file_path: body.file_path,
+            file_path: filePath,
             content_hash: contentHash,
             symbols_touched: symbols,
         });
@@ -405,8 +416,17 @@ export async function handleRest(req, res, ctx) {
             json(res, { error: "agent_id and file_path required" }, 400);
             return;
         }
+        const repoRoot = process.env.COORDINATOR_REPO_ROOT || null;
+        let filePath;
+        try {
+            filePath = normalizePath(repoRoot, body.file_path);
+        }
+        catch (err) {
+            json(res, { error: `invalid file_path: ${err.message}` }, 400);
+            return;
+        }
         const ttl = parseInt(process.env.COORDINATOR_WORKING_FILES_TTL_MIN || "30", 10);
-        services.workingFiles.start(body.agent_id, body.file_path, ttl);
+        services.workingFiles.start(ctx.claims.org, body.agent_id, filePath, ttl);
         json(res, { ok: true });
     }
     else if (url === "/api/working-files/stop" && req.method === "POST") {
@@ -414,7 +434,16 @@ export async function handleRest(req, res, ctx) {
             json(res, { error: "agent_id and file_path required" }, 400);
             return;
         }
-        services.workingFiles.stop(body.agent_id, body.file_path);
+        const repoRoot = process.env.COORDINATOR_REPO_ROOT || null;
+        let filePath;
+        try {
+            filePath = normalizePath(repoRoot, body.file_path);
+        }
+        catch (err) {
+            json(res, { error: `invalid file_path: ${err.message}` }, 400);
+            return;
+        }
+        services.workingFiles.stop(ctx.claims.org, body.agent_id, filePath);
         json(res, { ok: true });
     }
     else if (url?.startsWith("/api/scoring-stats") && req.method === "GET") {
@@ -455,12 +484,12 @@ export async function handleRest(req, res, ctx) {
         });
     }
     else if (url === "/api/status") {
-        const online = registry.listOnline();
-        const openThreads = consultation.listThreads({ status: "open" });
+        const online = registry.listOnline(ctx.claims.org);
+        const openThreads = consultation.listThreads(ctx.claims.org, { status: "open" });
         json(res, {
             online: online.length,
             open_threads: openThreads.length,
-            hot_files: fileTracker.getHotFiles(30).length,
+            hot_files: fileTracker.getHotFiles(ctx.claims.org, 30).length,
             mqtt: services.mqttBridge.isConnected(),
         });
     }

package/dist/src/http/utils.d.ts

@@ -1,4 +1,5 @@
 import type { IncomingMessage, ServerResponse } from "http";
+import type { AuthResult } from "../auth.js";
 export declare function parseBody(req: IncomingMessage): Promise<Record<string, unknown>>;
 export declare function json(res: ServerResponse, data: unknown, status?: number): void;
 /**
@@ -9,3 +10,6 @@ export declare function json(res: ServerResponse, data: unknown, status?: number
  */
 export declare function decodeJwtPayload(token: string): Record<string, unknown>;
 export declare function safeEqual(a: string, b: string): boolean;
+export declare function jsonAuthError(res: ServerResponse, authResult: Exclude<AuthResult, {
+    ok: true;
+}>): void;

package/dist/src/http/utils.js

@@ -1,7 +1,7 @@
 import { timingSafeEqual } from "crypto";
 /**
  * S1: shared HTTP helpers extracted from serve-http.ts.
- * parseBody, json, decodeJwtPayload, safeEqual.
+ * parseBody, json, decodeJwtPayload, safeEqual, jsonAuthError.
  */
 const MAX_BODY_BYTES = parseInt(process.env.COORDINATOR_MAX_BODY_BYTES || "1048576", 10);
 export function parseBody(req) {
@@ -51,3 +51,9 @@ export function safeEqual(a, b) {
         return false;
     return timingSafeEqual(Buffer.from(a), Buffer.from(b));
 }
+export function jsonAuthError(res, authResult) {
+    if (authResult.wwwAuthenticate) {
+        res.setHeader("WWW-Authenticate", authResult.wwwAuthenticate);
+    }
+    json(res, { error: authResult.error }, authResult.status);
+}

package/dist/src/impact-scorer.d.ts

@@ -15,6 +15,7 @@ export interface CategorizedImpact {
     pass: ImpactScore[];
 }
 interface AnnounceParams {
+    org_id: string;
     agent_id: string;
     target_modules: string[];
     target_files: string[];
@@ -31,5 +32,7 @@ export declare class ImpactScorer {
     score(params: AnnounceParams): ImpactScore[];
     categorize(params: AnnounceParams): CategorizedImpact;
     private getRecentSymbolsForFile;
+    private _collectSymbolsTouched;
+    private _layer4Score;
 }
 export {};

package/dist/src/impact-scorer.js

@@ -21,7 +21,7 @@ export class ImpactScorer {
     }
     score(params) {
         const onlineAgents = this.registry
-            .listOnline()
+            .listOnline(params.org_id)
             .filter((a) => a.id !== params.agent_id);
         if (onlineAgents.length === 0)
             return [];
@@ -43,35 +43,16 @@ export class ImpactScorer {
             ...(params.depends_on_files || []),
         ];
         const fileToAgents = filesToIndex.length > 0
-            ? this.fileTracker.getFileToAgentsIndex(filesToIndex, params.agent_id, FILE_ACTIVITY_WINDOW_MINUTES)
+            ? this.fileTracker.getFileToAgentsIndex(params.org_id, filesToIndex, params.agent_id, FILE_ACTIVITY_WINDOW_MINUTES)
             : new Map();
         const inFlightToAgents = this.workingFiles
-            ? this.workingFiles.getIndex(filesToIndex, params.agent_id)
+            ? this.workingFiles.getIndex(params.org_id, filesToIndex, params.agent_id)
             : new Map();
         // Pre-load symbols_touched for the target_files × online_agents matrix once,
         // keyed by (file_path, agent_id). Avoids N*M DB roundtrips inside the score loop.
         let symbolsByFileAgent = null;
         if (params.target_symbols && params.target_symbols.length > 0 && params.target_files.length > 0) {
-            const db = getDb();
-            const placeholders = params.target_files.map(() => "?").join(",");
-            const rows = db.prepare(`SELECT agent_id, file_path, symbols_touched
-         FROM file_activity
-         WHERE file_path IN (${placeholders})
-           AND symbols_touched IS NOT NULL
-           AND id IN (
-             SELECT MAX(id) FROM file_activity
-             WHERE file_path IN (${placeholders})
-               AND symbols_touched IS NOT NULL
-             GROUP BY agent_id, file_path
-           )`).all(...params.target_files, ...params.target_files);
-            symbolsByFileAgent = new Map();
-            for (const r of rows) {
-                try {
-                    const arr = JSON.parse(r.symbols_touched);
-                    symbolsByFileAgent.set(`${r.file_path}|${r.agent_id}`, arr);
-                }
-                catch { /* malformed JSON: ignore */ }
-            }
+            symbolsByFileAgent = this._collectSymbolsTouched(params.org_id, params.target_files);
         }
         // O2: bound the resolved-thread query to a recency window. Without this,
         // listThreads({status:'resolved'}) returns ALL historical resolved threads
@@ -81,9 +62,9 @@ export class ImpactScorer {
         let activeThreadsByAgent = null;
         if (this.consultation) {
             const allActive = [
-                ...this.consultation.listThreads({ status: "open" }),
-                ...this.consultation.listThreads({ status: "resolving" }),
-                ...this.consultation.listThreads({ status: "resolved", since_minutes: LAYER_0_WINDOW_MINUTES }),
+                ...this.consultation.listThreads(params.org_id, { status: "open" }),
+                ...this.consultation.listThreads(params.org_id, { status: "resolving" }),
+                ...this.consultation.listThreads(params.org_id, { status: "resolved", since_minutes: LAYER_0_WINDOW_MINUTES }),
             ];
             // Group by initiator_id so the per-agent loop is O(threads-for-this-agent)
             // rather than O(all-active-threads). Avoids an outer-product scan over
@@ -180,29 +161,11 @@ export class ImpactScorer {
             // Layer 4: git co-change. For each target_file F, find rows in git_cochange where
             // (LEAST(F,partner), GREATEST(F,partner)) match. If the OTHER agent recently
             // touched the partner file, apply the co-change score.
-            const db = getDb();
             for (const targetFile of params.target_files) {
-                const rows = db.prepare(`SELECT file_a, file_b, count, total_commits FROM git_cochange
-           WHERE file_a = ? OR file_b = ?`).all(targetFile, targetFile);
-                for (const r of rows) {
-                    const partner = r.file_a === targetFile ? r.file_b : r.file_a;
-                    const ratio = r.count / Math.max(r.total_commits, 1);
-                    let layer4Score = 0;
-                    if (ratio > 0.5)
-                        layer4Score = 60;
-                    else if (ratio > 0.2)
-                        layer4Score = 40;
-                    if (layer4Score === 0)
-                        continue;
-                    // Did the OTHER agent touch the partner file recently?
-                    const partnerActivity = db.prepare(`SELECT 1 FROM file_activity
-             WHERE file_path = ? AND agent_id = ?
-               AND created_at > datetime('now', '-60 minutes')
-             LIMIT 1`).get(partner, agent.id);
-                    if (partnerActivity) {
-                        maxScore = Math.max(maxScore, layer4Score);
-                        reasons.push(`co-change: ${targetFile} ↔ ${partner} (ratio ${ratio.toFixed(2)})`);
-                    }
+                const layer4Results = this._layer4Score(params.org_id, targetFile, agent.id);
+                for (const result of layer4Results) {
+                    maxScore = Math.max(maxScore, result.score);
+                    reasons.push(result.reason);
                 }
             }
             return {
@@ -222,11 +185,11 @@ export class ImpactScorer {
             pass: scores.filter((s) => s.score < 30),
         };
     }
-    getRecentSymbolsForFile(filePath, agentId) {
+    getRecentSymbolsForFile(orgId, filePath, agentId) {
         const db = getDb();
         const row = db.prepare(`SELECT symbols_touched FROM file_activity
-       WHERE agent_id = ? AND file_path = ? AND symbols_touched IS NOT NULL
-       ORDER BY id DESC LIMIT 1`).get(agentId, filePath);
+       WHERE org_id = ? AND agent_id = ? AND file_path = ? AND symbols_touched IS NOT NULL
+       ORDER BY id DESC LIMIT 1`).get(orgId, agentId, filePath);
         if (!row || !row.symbols_touched)
             return null;
         try {
@@ -236,4 +199,55 @@ export class ImpactScorer {
             return null;
         }
     }
+    _collectSymbolsTouched(orgId, files) {
+        const db = getDb();
+        const placeholders = files.map(() => "?").join(",");
+        const rows = db.prepare(`SELECT agent_id, file_path, symbols_touched
+       FROM file_activity
+       WHERE org_id = ?
+         AND file_path IN (${placeholders})
+         AND symbols_touched IS NOT NULL
+         AND id IN (
+           SELECT MAX(id) FROM file_activity
+           WHERE org_id = ?
+             AND file_path IN (${placeholders})
+             AND symbols_touched IS NOT NULL
+           GROUP BY agent_id, file_path
+         )`).all(orgId, ...files, orgId, ...files);
+        const result = new Map();
+        for (const r of rows) {
+            try {
+                const arr = JSON.parse(r.symbols_touched);
+                result.set(`${r.file_path}|${r.agent_id}`, arr);
+            }
+            catch { /* malformed JSON: ignore */ }
+        }
+        return result;
+    }
+    _layer4Score(orgId, targetFile, agentId) {
+        const db = getDb();
+        const rows = db.prepare(`SELECT file_a, file_b, count, total_commits FROM git_cochange
+       WHERE org_id = ? AND (file_a = ? OR file_b = ?)`).all(orgId, targetFile, targetFile);
+        const results = [];
+        for (const r of rows) {
+            const partner = r.file_a === targetFile ? r.file_b : r.file_a;
+            const ratio = r.count / Math.max(r.total_commits, 1);
+            let layer4Score = 0;
+            if (ratio > 0.5)
+                layer4Score = 60;
+            else if (ratio > 0.2)
+                layer4Score = 40;
+            if (layer4Score === 0)
+                continue;
+            // Did the OTHER agent touch the partner file recently?
+            const partnerActivity = db.prepare(`SELECT 1 FROM file_activity
+         WHERE org_id = ? AND file_path = ? AND agent_id = ?
+           AND created_at > datetime('now', '-60 minutes')
+         LIMIT 1`).get(orgId, partner, agentId);
+            if (partnerActivity) {
+                results.push({ score: layer4Score, reason: `co-change: ${targetFile} ↔ ${partner} (ratio ${ratio.toFixed(2)})` });
+            }
+        }
+        return results;
+    }
 }

package/dist/src/introspection.d.ts

@@ -1,24 +1,30 @@
 export interface IntrospectionRecord {
     id: string;
+    org_id: string;
     thread_id: string;
     agent_id: string;
     score: number;
     reasons: string | null;
-    status: "pending" | "concerned" | "not_concerned";
+    status: "pending" | "concerned" | "not_concerned" | "responded";
     response: string | null;
     concerned: number;
     created_at: string;
     responded_at: string | null;
 }
 export declare class IntrospectionManager {
-    create(params: {
+    create(orgId: string, params: {
         thread_id: string;
         agent_id: string;
         score: number;
-        reasons: string[];
+        reasons?: string | string[];
     }): IntrospectionRecord;
-    respond(id: string, concerned: boolean, response: string): IntrospectionRecord;
-    get(id: string): IntrospectionRecord | null;
-    getPending(agentId: string): IntrospectionRecord[];
-    getByThread(threadId: string): IntrospectionRecord[];
+    respond(orgId: string, id: string, response: string): IntrospectionRecord | null;
+    /** Retrieve a single record by id (unscoped — internal helper only). */
+    private get;
+    /** Retrieve a single record scoped to an org. */
+    private getScoped;
+    getPending(orgId: string, agentId: string): IntrospectionRecord[];
+    list(orgId: string, threadId: string): IntrospectionRecord[];
+    /** @deprecated Use list(orgId, threadId) instead. Kept for backward compat. */
+    getByThread(orgId: string, threadId: string): IntrospectionRecord[];
 }