diff --git a/tests/real-world/scrum_applier.ts b/tests/real-world/scrum_applier.ts
index 0c048af..7708a92 100644
--- a/tests/real-world/scrum_applier.ts
+++ b/tests/real-world/scrum_applier.ts
@@ -35,6 +35,12 @@ const AUDIT_LOG = `${REPO}/data/_kb/auto_apply.jsonl`;
 const MIN_CONF = Number(process.env.LH_APPLIER_MIN_CONF ?? 90);
 const MAX_FILES = Number(process.env.LH_APPLIER_MAX_FILES ?? 5);
 const COMMIT = process.env.LH_APPLIER_COMMIT === "1";
+// LH_APPLIER_FILES — comma-separated repo-relative paths. When set,
+// constrains eligible reviews to ONLY those files. Used by the autonomous
+// loop so the applier patches what scrum just reviewed in this iter,
+// instead of pulling the highest-confidence file from global review history.
+const TARGET_FILES = (process.env.LH_APPLIER_FILES ?? "")
+  .split(",").map(s => s.trim()).filter(Boolean);
 // Default patch-emitter model — qwen3-coder:480b is the coding specialist
 // in the scrum ladder (rung 2). Swapped in from kimi-k2:1t after 2026-04-24
 // data showed kimi-k2:1t produces architectural patches that cascade across
@@ -334,10 +340,14 @@ async function main() {
   log(`loaded ${reviews.size} latest reviews`);
 
   const eligible = [...reviews.values()].filter(r =>
-    passesConfidenceGate(r) && passesDenyList(r.file)
+    passesConfidenceGate(r) && passesDenyList(r.file) &&
+    (TARGET_FILES.length === 0 || TARGET_FILES.includes(r.file))
   ).sort((a, b) => (b.confidence_avg ?? 0) - (a.confidence_avg ?? 0));
 
-  log(`${eligible.length} pass confidence gate + deny-list`);
+  if (TARGET_FILES.length > 0) {
+    log(`LH_APPLIER_FILES set — constrained to ${TARGET_FILES.length} target file(s): ${TARGET_FILES.join(", ")}`);
+  }
+  log(`${eligible.length} pass confidence gate + deny-list${TARGET_FILES.length > 0 ? " + target filter" : ""}`);
   log(`taking top ${Math.min(MAX_FILES, eligible.length)} by confidence`);
 
   // Establish pre-run warning baseline so post-patch cargo check can