diff --git a/api.php b/api.php
index 465b150..c94271e 100644
--- a/api.php
+++ b/api.php
@@ -698,14 +698,16 @@ function handleList() {
     foreach ($files as $file) {
         $job_data = json_decode(file_get_contents($file), true);
 
-        // User isolation: only return jobs belonging to the authenticated user.
-        // Jobs without a user_id (created before this feature) are excluded when
-        // a user is authenticated to prevent cross-user data leakage.
+        // User isolation:
+        // - Authenticated user: show their own jobs + legacy jobs (no user_id)
+        // - Unauthenticated (dev mode): show only legacy jobs (no user_id)
+        $job_user_id = $job_data['user_id'] ?? null;
         if ($current_user_id !== null) {
-            if (($job_data['user_id'] ?? null) !== $current_user_id) continue;
-        } elseif (($job_data['user_id'] ?? null) !== null) {
-            // Unauthenticated caller (dev mode) — skip user-owned jobs
-            continue;
+            // Skip jobs that belong to a DIFFERENT authenticated user
+            if ($job_user_id !== null && $job_user_id !== $current_user_id) continue;
+        } else {
+            // Unauthenticated — skip user-owned jobs
+            if ($job_user_id !== null) continue;
         }
 
         // Enrich with result summary if available