50c 3.9.6 → 3.9.7

package/lib/team.js

@@ -1,714 +1,691 @@
-/**
- * 50c Team - Natural language orchestrator
- * "Ask the 50c team to do X" → Team figures out which tools to use
- * 
- * Swiss army knife that makes 50c tools accessible without memorizing names
- * 
- * SAFETY GUARDRAILS:
- * - Max 3 tools per chain (depth limit)
- * - No recursive team calls
- * - Air-gapped dangerous tools from self-improvement tasks
- * - Rate limiting via metering
- * - Blocked executable generation patterns
- * - Task pivot detection
- */
-
-const { call50cTool } = require('./subagent.js');
-const registry = require('./tools-registry.js');
-
-// ============================================
-// SAFETY GUARDRAILS
-// ============================================
-
-const MAX_PAID_TOOLS = 6;
-const MAX_FREE_TOOLS = 20;
-const MAX_CALLS_PER_MINUTE = 10;
-const callLog = [];
-
-const FREE_TOOLS = [
-  ...registry.getFreeSlugs(),
-  'fm_index', 'fm_find', 'fm_lines', 'fm_search', 'fm_summary', 'fm_list', 'fm_context',
-  'dewey_add', 'dewey_get', 'dewey_search', 'dewey_list', 'dewey_update', 'dewey_delete', 'dewey_stats',
-  'cf_list_zones', 'cf_get_zone', 'cf_find_zone', 'cf_list_dns', 'cf_ssl_status', 'cf_dev_mode',
-  'ux_spacing_system',
-  'vault_status', 'vault_get',
-  'sub_list', 'sub_get', 'sub_discover', 'sub_clone', 'sub_earnings', 'sub_share', 'sub_delete', 'sub_review', 'sub_set_public',
-  'caz_get_block',
-  'guardian', 'guardian_publish', 'guardian_audit',
-  'backdoor_check', 'pre_publish', 'security_suite'
-];
-
-const ENTERPRISE_GATED_TOOLS = [
-  ...registry.getEnterpriseSlugs(),
-  'team_ssh',
-  'team_exec',
-  'team_http',
-  'team_deploy',
-];
-
-// Required vault keys for each enterprise tool
-const ENTERPRISE_VAULT_REQUIREMENTS = {
-  'team_ssh': ['ssh_host', 'ssh_user'],  // ssh_key or ssh_password
-  'team_exec': ['exec_allowed_hosts'],
-  'team_http': ['http_endpoints'],
-  'team_deploy': ['deploy_targets'],
-  'auto_invent': [],      // No vault needed, just enterprise tier + $2.00
-  'invent_program': []    // No vault needed, just enterprise tier + $2.00
-};
-
-/**
- * Check if enterprise tool access is allowed
- * Returns { allowed: boolean, reason: string }
- * 
- * Security fixes applied per 50c roast:
- * - Strict API key validation with regex
- * - Vault health check (not just initialized)
- * - Tool existence validation
- */
-async function checkEnterpriseAccess(tool, apiKey) {
-  // 1. Check if tool requires enterprise
-  if (!ENTERPRISE_GATED_TOOLS.includes(tool)) {
-    return { allowed: true, reason: 'Not an enterprise-gated tool' };
-  }
-  
-  // 2. Validate tool exists in requirements (security: prevent undefined lookup)
-  if (!ENTERPRISE_VAULT_REQUIREMENTS[tool]) {
-    return {
-      allowed: false,
-      reason: `Unknown enterprise tool: ${tool}`,
-      code: 'INVALID_TOOL'
-    };
-  }
-  
-  // 3. Verify enterprise tier via API key
-  try {
-    const { call50cTool } = require('./subagent.js');
-    
-    // Strict API key validation (security: prevent prefix collisions)
-    // Enterprise keys: cv_ent_XXXXXXXX (8+ hex chars) OR cv_enterprise_* OR any cv_ key with $2+ balance
-    const isValidEntKey = apiKey && (
-      /^cv_ent_[a-f0-9]{8,}$/i.test(apiKey) ||
-      /^cv_enterprise_/i.test(apiKey) ||
-      /^cv_[a-f0-9]{40,}$/i.test(apiKey)  // Production keys with sufficient balance
-    );
-    
-    if (!isValidEntKey) {
-      return { 
-        allowed: false, 
-        reason: `${tool} requires Enterprise tier ($2.00). Upgrade at https://50c.ai/enterprise`,
-        code: 'ENTERPRISE_REQUIRED'
-      };
-    }
-    
-    // 4. Check vault status ONLY for tools that require vault keys
-    const requiredKeys = ENTERPRISE_VAULT_REQUIREMENTS[tool];
-    
-    // If no vault keys required (auto_invent, invent_program), skip vault check
-    if (!requiredKeys || requiredKeys.length === 0) {
-      return { allowed: true, reason: `Enterprise tool ${tool} allowed (no vault required)` };
-    }
-    
-    const vaultStatus = await call50cTool('vault_status', {});
-    
-    if (!vaultStatus || !vaultStatus.initialized) {
-      return {
-        allowed: false,
-        reason: `${tool} requires 50c-vault. Run: npx 50c-vault init`,
-        code: 'VAULT_NOT_INITIALIZED'
-      };
-    }
-    
-    // Check vault health if available
-    if (vaultStatus.healthy === false) {
-      return {
-        allowed: false,
-        reason: `Vault is in degraded state. Run: npx 50c-vault status`,
-        code: 'VAULT_NOT_HEALTHY'
-      };
-    }
-    
-    // 5. Check each required key exists in vault
-    for (const key of requiredKeys) {
-      try {
-        const val = await call50cTool('vault_get', { key });
-        if (!val || val.error) {
-          return {
-            allowed: false,
-            reason: `${tool} requires vault key '${key}'. Add it: npx 50c-vault set ${key}`,
-            code: 'VAULT_KEY_MISSING'
-          };
-        }
-      } catch (e) {
-        return {
-          allowed: false,
-          reason: `Cannot verify vault key '${key}': ${e.message}`,
-          code: 'VAULT_CHECK_FAILED'
-        };
-      }
-    }
-    
-    return { allowed: true, reason: 'Enterprise access verified via vault' };
-    
-  } catch (e) {
-    return {
-      allowed: false,
-      reason: `Enterprise check failed: ${e.message}`,
-      code: 'ENTERPRISE_CHECK_ERROR'
-    };
-  }
-}
-
-// Blocked patterns - potential self-improvement or escape vectors
-// NOTE: execute/deploy patterns are ALLOWED for enterprise users with vault
-const BLOCKED_PATTERNS = [
-  /bypass.*limit/i,
-  /hack.*api/i,
-  /steal.*credit/i,
-  /free.*tier.*abuse/i,
-  /self.*replicate/i,
-  /escape.*sandbox/i,
-  /improve.*this.*system/i,
-  /rewrite.*team/i,
-  /modify.*50c/i,
-  /recursive.*loop/i,
-  /infinite.*chain/i,
-  /exploit.*vulnerab/i,
-  /inject.*code/i,
-  /spread.*virus/i,
-  /malware/i,
-  /phishing/i,
-  /exfiltrate/i,
-  /password.*dump/i,
-  /credential.*steal/i,
-  /api.*key.*extract/i,
-  /bomb|weapon|explosive|kill|murder|attack/i,
-];
-
-// Air-gapped tools - cannot be used for self-improvement tasks
-const AIRGAPPED_TOOLS = ['genius_plus', 'genius'];
-const SELF_IMPROVEMENT_PATTERNS = [
-  /improve.*prompt/i,
-  /better.*chain/i,
-  /optimize.*tool/i,
-  /enhance.*system/i,
-  /upgrade.*team/i,
-  /make.*smarter/i,
-  /self.*improv/i,
-];
-
-// Executable generation blocklist
-const EXECUTABLE_PATTERNS = [
-  /write.*script.*deploy/i,
-  /generate.*executable/i,
-  /create.*virus/i,
-  /build.*malware/i,
-  /code.*to.*hack/i,
-  /script.*to.*steal/i,
-  /program.*to.*attack/i,
-];
-
-/**
- * Safety check - returns { safe: boolean, reason: string }
- */
-function safetyCheck(task, context) {
-  const combined = `${task} ${context || ''}`.toLowerCase();
-  
-  // Check blocked patterns
-  for (const pattern of BLOCKED_PATTERNS) {
-    if (pattern.test(combined)) {
-      return { 
-        safe: false, 
-        reason: `Blocked: Task contains prohibited pattern. This request cannot be processed.`,
-        code: 'BLOCKED_PATTERN'
-      };
-    }
-  }
-  
-  // Check executable generation
-  for (const pattern of EXECUTABLE_PATTERNS) {
-    if (pattern.test(combined)) {
-      return {
-        safe: false,
-        reason: `Blocked: Cannot generate executable or deployment code.`,
-        code: 'EXECUTABLE_BLOCKED'
-      };
-    }
-  }
-  
-  // Rate limiting
-  const now = Date.now();
-  const recentCalls = callLog.filter(t => now - t < 60000);
-  if (recentCalls.length >= MAX_CALLS_PER_MINUTE) {
-    return {
-      safe: false,
-      reason: `Rate limited: Max ${MAX_CALLS_PER_MINUTE} team calls per minute. Please wait.`,
-      code: 'RATE_LIMITED'
-    };
-  }
-  
-  return { safe: true };
-}
-
-/**
- * Check if task is self-improvement (air-gap check)
- */
-function isSelfImprovement(task) {
-  for (const pattern of SELF_IMPROVEMENT_PATTERNS) {
-    if (pattern.test(task)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-/**
- * Filter tools for air-gapping
- */
-function filterAirgappedTools(tools, task) {
-  if (isSelfImprovement(task)) {
-    return tools.filter(t => !AIRGAPPED_TOOLS.includes(t));
-  }
-  return tools;
-}
-
-// Tool capabilities for matching
-const TOOL_CAPABILITIES = {
-  // ENTERPRISE INVENTION ($2.00)
-  auto_invent: { keywords: ['invent', 'discover', 'prove', 'novel', 'patent', 'breakthrough', 'scientific', 'rigorous', 'verified solution', 'invention'], desc: 'Enterprise invention pipeline ($2.00)' },
-  invent_program: { keywords: ['programmatic invention', 'json program', 'executable pipeline', 'step by step invention'], desc: 'JSON-defined invention ($2.00)' },
-  
-  // Research & Analysis
-  web_search: { keywords: ['search', 'find', 'look up', 'research', 'google', 'internet'], desc: 'Search the web' },
-  page_fetch: { keywords: ['fetch', 'scrape', 'get page', 'read url', 'website content'], desc: 'Fetch webpage content' },
-  genius: { keywords: ['analyze', 'solve', 'think', 'deep', 'complex', 'figure out', 'understand'], desc: 'Deep problem solving' },
-  genius_plus: { keywords: ['code gen', 'implement', 'build', 'create code', 'write code', 'program'], desc: 'Self-improving code generation' },
-  
-  // Code Quality
-  roast: { keywords: ['roast', 'review', 'critique', 'flaws', 'bugs', 'issues', 'problems', 'code review'], desc: 'Brutal code review' },
-  hints: { keywords: ['hints', 'tips', 'suggestions', 'advice', 'help', 'guide', 'ideas'], desc: 'Quick hints' },
-  hints_plus: { keywords: ['more hints', 'detailed hints', 'thorough tips'], desc: 'Detailed hints' },
-  
-  // Math & Computation  
-  bcalc: { keywords: ['calculate', 'math', 'compute', 'formula', 'equation', 'number'], desc: 'Mathematical computation' },
-  bcalc_why: { keywords: ['explain math', 'why math', 'math explanation'], desc: 'Math explanation' },
-  compute: { keywords: ['run python', 'execute', 'python code', 'script'], desc: 'Execute Python' },
-  
-  // Ideas & Creativity
-  quick_vibe: { keywords: ['ideas', 'brainstorm', 'creative', 'unconventional', 'vibe'], desc: 'Creative ideas' },
-  mind_opener: { keywords: ['angles', 'perspectives', 'approaches', 'ways to think'], desc: 'Different perspectives' },
-  idea_fold: { keywords: ['test claim', 'verify', 'validate', 'check assumption', 'stem'], desc: 'Test claims scientifically' },
-  prompt_expand: { keywords: ['expand', 'elaborate', 'detail', 'flesh out'], desc: 'Expand ideas' },
-  
-  // Business
-  name_it: { keywords: ['name', 'naming', 'brand', 'title', 'what to call'], desc: 'Generate names' },
-  price_it: { keywords: ['price', 'pricing', 'cost', 'charge', 'monetize'], desc: 'Pricing strategy' },
-  one_liner: { keywords: ['pitch', 'elevator', 'one liner', 'tagline', 'slogan'], desc: 'Elevator pitch' },
-  
-  // Domain & DNS
-  domain_check: { keywords: ['domain available', 'domain availability', 'check domain', 'domain name', 'domain check'], desc: 'Check domain availability' },
-  cf_list_zones: { keywords: ['cloudflare zones', 'list domains', 'dns zones'], desc: 'List CF zones' },
-  cf_list_dns: { keywords: ['dns records', 'list dns'], desc: 'List DNS records' },
-  
-  // Context & Memory
-  beacon_compress: { keywords: ['compress', 'summarize context', 'reduce'], desc: 'Compress context' },
-  beacon_extract: { keywords: ['extract', 'pull out', 'find in context'], desc: 'Extract from context' },
-  fog_check: { keywords: ['fog', 'confusion', 'clarity check'], desc: 'Check context fog' },
-  fog_clear: { keywords: ['clear fog', 'reset context', 'clean up'], desc: 'Clear context fog' },
-  caz_dedup: { keywords: ['deduplicate', 'dedup', 'remove duplicates'], desc: 'Deduplicate content' },
-  context_compress: { keywords: ['compress code', 'reduce context', 'relevant parts'], desc: 'Smart context compression' },
-  
-  // Knowledge Management
-  dewey_add: { keywords: ['save', 'store', 'remember', 'index', 'add to dewey'], desc: 'Save to index' },
-  dewey_search: { keywords: ['search saved', 'find saved', 'lookup dewey'], desc: 'Search saved items' },
-  dewey_list: { keywords: ['list saved', 'show dewey', 'what did i save'], desc: 'List saved items' },
-  
-  // UX
-  ux_contrast_check: { keywords: ['contrast', 'color accessibility', 'readable'], desc: 'Check color contrast' },
-  ux_color_palette: { keywords: ['color palette', 'colors', 'theme colors'], desc: 'Generate colors' },
-  ux_roast: { keywords: ['ux review', 'ui critique', 'design review'], desc: 'Roast UI/UX' },
-  ux_copy_improve: { keywords: ['improve copy', 'better text', 'ux writing'], desc: 'Improve UI copy' },
-  
-  // Handoff
-  // Guardian Security Suite (FREE)
-  guardian: { keywords: ['guardian', 'security suite', 'full security', 'comprehensive scan', 'check everything'], desc: '50c Guardian: Combined security suite (FREE)' },
-  guardian_publish: { keywords: ['pre-publish', 'supply chain', 'before publish', 'safe to publish', 'publish check', 'npm security', 'package security'], desc: 'Guardian: Supply chain verification (FREE)' },
-  guardian_audit: { keywords: ['backdoor', 'machine scan', 'system audit', 'compromised', 'infected', 'persistence', 'suspicious connections', 'is clean'], desc: 'Guardian: Machine security audit (FREE)' },
-
-  handoff: { keywords: ['handoff', 'document', 'summary', 'wrap up', 'status'], desc: 'Generate handoff doc' }
-};
-
-// Common task patterns → tool sequences
-const TASK_PATTERNS = [
-  // ENTERPRISE-GATED PATTERNS FIRST (require vault + enterprise tier)
-  // These must come before generic patterns to avoid false matches
-  {
-    match: /\bssh\b|\bscp\b|\bsftp\b|\brsync\b|remote.*server|server.*command|connect.*server|bash.*into|shell.*into|terminal.*server/i,
-    tools: ['team_ssh'],
-    desc: 'SSH/SCP/SFTP to server (Enterprise + Vault required)'
-  },
-  {
-    match: /deploy.*(server|prod|staging|live)|push.*production|release.*server|ship.*to/i,
-    tools: ['team_deploy'],
-    desc: 'Deploy to server (Enterprise + Vault required)'
-  },
-  {
-    match: /execute.*on.*server|run.*command.*server|remote.*shell/i,
-    tools: ['team_exec'],
-    desc: 'Execute command (Enterprise + Vault required)'
-  },
-  {
-    match: /call.*external.*api|http.*request.*server|webhook.*trigger|post.*to.*endpoint/i,
-    tools: ['team_http'],
-    desc: 'HTTP request (Enterprise + Vault required)'
-  },
-  // ENTERPRISE INVENTION PATTERNS ($2.00)
-  {
-    match: /\binvent\b|\bdiscover\b|\bprove\b|\bsolve.*rigor|\bnovel.*solution|\bpatent|\bbreakthrough|\bscientific.*method/i,
-    tools: ['auto_invent'],
-    desc: 'Enterprise invention pipeline ($2.00) - full swarm with verification'
-  },
-  {
-    match: /\bauto.?invent|\bfull.*pipeline|\bswarm.*invention|\bverified.*solution/i,
-    tools: ['auto_invent'],
-    desc: 'Enterprise auto-invent ($2.00)'
-  },
-  // Standard patterns
-  {
-    match: /roast.*fix|review.*suggest|critique.*improve/i,
-    tools: ['roast', 'hints'],
-    desc: 'Code review with fix suggestions'
-  },
-  {
-    match: /research.*summar|search.*analyz|find.*explain/i,
-    tools: ['web_search', 'genius'],
-    desc: 'Research and analyze'
-  },
-  // GUARDIAN SECURITY PATTERNS
-  {
-    match: /\bguardian\b|supply.?chain|pre.?publish.*check|publish.*safe|safe.*publish|before.*publish|ready.*publish|check.*before.*npm|npm.*security/i,
-    tools: ['guardian_publish'],
-    desc: 'Guardian: Pre-publish supply chain verification (FREE)'
-  },
-  {
-    match: /backdoor|compromis|persistence|unauthorized.*access|rogue.*cert|suspicious.*connection|check.*machine|audit.*system|scan.*machine|is.*clean|infected|malware.*check/i,
-    tools: ['guardian_audit'],
-    desc: 'Guardian: Machine security audit (FREE)'
-  },
-  {
-    match: /full.*security|security.*suite|guardian.*scan|security.*check.*publish|check.*everything|comprehensive.*security/i,
-    tools: ['guardian'],
-    desc: '50c Guardian: Combined supply chain + machine audit (FREE)'
-  },
-  {
-    match: /security|vulnerab|exploit|hack/i,
-    tools: ['guardian_audit', 'roast', 'hints_plus'],
-    desc: 'Security analysis with Guardian'
-  },
-  {
-    match: /name.*domain|brand.*available/i,
-    tools: ['name_it', 'domain_check'],
-    desc: 'Naming with domain check'
-  },
-  {
-    match: /price|monetiz|business model/i,
-    tools: ['price_it', 'hints'],
-    desc: 'Pricing strategy'
-  },
-  {
-    match: /math.*explain|calculate.*why/i,
-    tools: ['bcalc', 'bcalc_why'],
-    desc: 'Math with explanation'
-  },
-  {
-    match: /build|implement|create|code|develop/i,
-    tools: ['genius_plus'],
-    desc: 'Code generation'
-  }
-];
-
-/**
- * Match task to best tools
- */
-function matchTaskToTools(task) {
-  const taskLower = task.toLowerCase();
-  const matched = [];
-  const scores = {};
-  
-  // Check patterns first
-  for (const pattern of TASK_PATTERNS) {
-    if (pattern.match.test(task)) {
-      return { tools: pattern.tools, reason: pattern.desc, confidence: 0.9 };
-    }
-  }
-  
-  // Keyword matching
-  for (const [tool, config] of Object.entries(TOOL_CAPABILITIES)) {
-    let score = 0;
-    for (const keyword of config.keywords) {
-      if (taskLower.includes(keyword)) {
-        score += keyword.split(' ').length; // Multi-word matches score higher
-      }
-    }
-    if (score > 0) {
-      scores[tool] = score;
-      matched.push({ tool, score, desc: config.desc });
-    }
-  }
-  
-  // Sort by score, take top 3
-  matched.sort((a, b) => b.score - a.score);
-  const topTools = matched.slice(0, 3).map(m => m.tool);
-  
-  if (topTools.length === 0) {
-    // Default to genius for unknown tasks
-    return { tools: ['genius'], reason: 'General problem solving', confidence: 0.5 };
-  }
-  
-  return { 
-    tools: topTools, 
-    reason: matched.slice(0, 3).map(m => m.desc).join(' → '),
-    confidence: Math.min(0.9, matched[0].score / 5)
-  };
-}
-
-/**
- * Build tool arguments from task and context
- */
-function buildArgs(tool, task, context) {
-  const args = {};
-  
-  // Common argument mappings
-  if (typeof context === 'string') {
-    if (tool === 'roast') args.code = context;
-    else if (tool === 'hints' || tool === 'hints_plus') args.query = context || task;
-    else if (tool === 'genius' || tool === 'genius_plus') args.problem = `${task}\n\nContext:\n${context}`;
-    else if (tool === 'web_search') args.query = task.replace(/search|find|research|look up/gi, '').trim();
-    else if (tool === 'compute') args.code = context;
-    else if (tool === 'bcalc') args.expression = context || task;
-    else if (tool === 'name_it') args.does = task;
-    else if (tool === 'price_it') args.product = context || task;
-    else if (tool === 'quick_vibe') args.working_on = context || task;
-    else if (tool === 'mind_opener') args.problem = context || task;
-    else if (tool === 'idea_fold') { args.claim = context || task; }
-    else if (tool === 'prompt_expand') args.idea = context || task;
-    else if (tool === 'one_liner') args.product = context || task;
-    else if (tool === 'beacon_compress') args.messages = Array.isArray(context) ? context : [context];
-    else if (tool === 'caz_dedup') args.content = context;
-    else if (tool === 'context_compress') { args.content = context; args.query = task; }
-    else if (tool === 'dewey_search') args.query = task;
-    else if (tool === 'ux_roast') args.description = context || task;
-    else if (tool === 'handoff') { args.project = task; args.context = context; }
-    else args.query = context || task; // Default fallback
-  } else if (typeof context === 'object') {
-    Object.assign(args, context);
-    // Fill in missing required args
-    if (!args.query && !args.problem && !args.code) {
-      args.query = task;
-    }
-  }
-  
-  // Handle tools that need to extract args from task regardless of context type
-  if (tool === 'domain_check' && !args.domain) {
-    const domainMatch = task.match(/[\w-]+\.(ai|com|io|co|net|org|dev|app|xyz)/i);
-    args.domain = domainMatch ? domainMatch[0] : '';
-  }
-  
-  return args;
-}
-
-/**
- * Execute team task - orchestrate multiple tools
- * WITH SAFETY GUARDRAILS
- */
-async function teamExecute(task, context, options = {}) {
-  const startTime = Date.now();
-  const results = {
-    task,
-    steps: [],
-    finalResult: null,
-    toolsUsed: [],
-    totalTime: 0,
-    guardrails: { checked: true },
-    limits: { paidUsed: 0, freeUsed: 0, paidMax: MAX_PAID_TOOLS, freeMax: MAX_FREE_TOOLS }
-  };
-  
-  try {
-    // GUARDRAIL 1: Safety check on task + context
-    const safety = safetyCheck(task, context);
-    if (!safety.safe) {
-      return {
-        ok: false,
-        blocked: true,
-        reason: safety.reason,
-        code: safety.code,
-        guardrails: { triggered: safety.code }
-      };
-    }
-    
-    // Log call for rate limiting
-    callLog.push(Date.now());
-    // Trim old entries
-    while (callLog.length > 100) callLog.shift();
-    
-    // Match task to tools
-    let { tools, reason, confidence } = matchTaskToTools(task);
-    
-    // GUARDRAIL 2: Air-gap check - remove genius/genius_plus from self-improvement tasks
-    tools = filterAirgappedTools(tools, task);
-    if (tools.length === 0) {
-      return {
-        ok: false,
-        blocked: true,
-        reason: 'Self-improvement tasks cannot use advanced reasoning tools.',
-        code: 'AIRGAP_BLOCKED',
-        guardrails: { triggered: 'AIRGAP' }
-      };
-    }
-    
-    // GUARDRAIL 3: No recursive team calls (team can't call itself)
-    tools = tools.filter(t => t !== 'team');
-    
-    // GUARDRAIL 4: Enforce paid/free tool limits
-    const paidTools = tools.filter(t => !FREE_TOOLS.includes(t));
-    const freeTools = tools.filter(t => FREE_TOOLS.includes(t));
-    
-    // Cap to limits
-    const allowedPaid = paidTools.slice(0, MAX_PAID_TOOLS);
-    const allowedFree = freeTools.slice(0, MAX_FREE_TOOLS);
-    tools = [...allowedPaid, ...allowedFree];
-    
-    results.plan = { 
-      tools, 
-      reason, 
-      confidence, 
-      paidTools: allowedPaid.length,
-      freeTools: allowedFree.length,
-      limits: { paid: MAX_PAID_TOOLS, free: MAX_FREE_TOOLS }
-    };
-    
-    if (options.dryRun) {
-      return { 
-        ok: true, 
-        dryRun: true,
-        plan: results.plan,
-        message: `Would execute: ${tools.join(' → ')}`,
-        guardrails: { active: ['paid_limit', 'free_limit', 'airgap', 'pattern_block', 'rate_limit', 'enterprise_gate'] }
-      };
-    }
-    
-    // Execute tools in sequence, passing results forward
-    let prevResult = context;
-    let paidUsed = 0;
-    let freeUsed = 0;
-    const apiKey = options.apiKey || process.env.FIFTYC_API_KEY;
-    
-    for (const tool of tools) {
-      // GUARDRAIL 5: Enterprise-gated tool check
-      if (ENTERPRISE_GATED_TOOLS.includes(tool)) {
-        const access = await checkEnterpriseAccess(tool, apiKey);
-        if (!access.allowed) {
-          results.steps.push({ 
-            tool, 
-            skipped: true, 
-            reason: access.reason,
-            code: access.code,
-            upgrade: 'https://50c.ai/enterprise'
-          });
-          continue;
-        }
-      }
-      
-      // Check limits before each call
-      const isFree = FREE_TOOLS.includes(tool);
-      if (isFree && freeUsed >= MAX_FREE_TOOLS) {
-        results.steps.push({ tool, skipped: true, reason: `Free tool limit reached (${MAX_FREE_TOOLS})` });
-        continue;
-      }
-      if (!isFree && paidUsed >= MAX_PAID_TOOLS) {
-        results.steps.push({ tool, skipped: true, reason: `Paid tool limit reached (${MAX_PAID_TOOLS})` });
-        continue;
-      }
-      
-      const stepStart = Date.now();
-      const args = buildArgs(tool, task, prevResult);
-      
-      // SPECIAL: Local enterprise tools (auto_invent, invent_program) run in-process
-      let toolResult;
-      if (tool === 'auto_invent' || tool === 'invent_program') {
-        // These are local enterprise tools - import from 50c.js
-        try {
-          const { autoInvent, inventProgram } = require('../bin/50c.js');
-          if (tool === 'auto_invent') {
-            toolResult = { ok: true, result: await autoInvent(args) };
-          } else {
-            toolResult = { ok: true, result: await inventProgram(args) };
-          }
-        } catch (e) {
-          toolResult = { ok: false, error: `Local tool ${tool} failed: ${e.message}` };
-        }
-      } else {
-        toolResult = await call50cTool(tool, args);
-      }
-      
-      // Track usage
-      if (isFree) freeUsed++;
-      else paidUsed++;
-      
-      const step = {
-        tool,
-        args,
-        result: toolResult,
-        time: Date.now() - stepStart,
-        type: isFree ? 'free' : 'paid'
-      };
-      results.steps.push(step);
-      results.toolsUsed.push(tool);
-      
-      if (toolResult.ok) {
-        prevResult = toolResult.result;
-      } else {
-        // Tool failed, but continue with others
-        step.error = toolResult.error;
-      }
-    }
-    
-    results.finalResult = prevResult;
-    results.totalTime = Date.now() - startTime;
-    results.limits = { paidUsed, freeUsed, paidMax: MAX_PAID_TOOLS, freeMax: MAX_FREE_TOOLS };
-    results.ok = results.steps.some(s => s.result?.ok);
-    
-    return results;
-    
-  } catch (e) {
-    results.ok = false;
-    results.error = e.message;
-    results.totalTime = Date.now() - startTime;
-    return results;
-  }
-}
-
-/**
- * Simple team interface - just task + optional context
- */
-async function team(taskOrOptions) {
-  if (typeof taskOrOptions === 'string') {
-    return teamExecute(taskOrOptions, null);
-  }
-  
-  const { task, context, dryRun } = taskOrOptions;
-  return teamExecute(task, context, { dryRun });
-}
-
-module.exports = {
-  team,
-  teamExecute,
-  matchTaskToTools,
-  safetyCheck,
-  TOOL_CAPABILITIES,
-  TASK_PATTERNS,
-  BLOCKED_PATTERNS,
-  FREE_TOOLS,
-  MAX_PAID_TOOLS,
-  MAX_FREE_TOOLS,
-  MAX_CALLS_PER_MINUTE
-};
+/**
+ * 50c Team - Natural language orchestrator
+ * "Ask the 50c team to do X" → Team figures out which tools to use
+ * 
+ * Swiss army knife that makes 50c tools accessible without memorizing names
+ * 
+ * SAFETY GUARDRAILS:
+ * - Max 3 tools per chain (depth limit)
+ * - No recursive team calls
+ * - Air-gapped dangerous tools from self-improvement tasks
+ * - Rate limiting via metering
+ * - Blocked executable generation patterns
+ * - Task pivot detection
+ */
+
+const { call50cTool } = require('./subagent.js');
+const registry = require('./tools-registry.js');
+
+// ============================================
+// SAFETY GUARDRAILS
+// ============================================
+
+const MAX_PAID_TOOLS = 6;
+const MAX_FREE_TOOLS = 20;
+const MAX_CALLS_PER_MINUTE = 10;
+const callLog = [];
+
+const FREE_TOOLS = [
+  ...registry.getFreeSlugs(),
+  'fm_index', 'fm_find', 'fm_lines', 'fm_search', 'fm_summary', 'fm_list', 'fm_context',
+  'dewey_add', 'dewey_get', 'dewey_search', 'dewey_list', 'dewey_update', 'dewey_delete', 'dewey_stats',
+  'cf_list_zones', 'cf_get_zone', 'cf_find_zone', 'cf_list_dns', 'cf_ssl_status', 'cf_dev_mode',
+  'ux_spacing_system',
+  'vault_status', 'vault_get',
+  'sub_list', 'sub_get', 'sub_discover', 'sub_clone', 'sub_earnings', 'sub_share', 'sub_delete', 'sub_review', 'sub_set_public',
+  'caz_get_block'
+];
+
+const ENTERPRISE_GATED_TOOLS = [
+  ...registry.getEnterpriseSlugs(),
+  'team_ssh',
+  'team_exec',
+  'team_http',
+  'team_deploy',
+];
+
+// Required vault keys for each enterprise tool
+const ENTERPRISE_VAULT_REQUIREMENTS = {
+  'team_ssh': ['ssh_host', 'ssh_user'],  // ssh_key or ssh_password
+  'team_exec': ['exec_allowed_hosts'],
+  'team_http': ['http_endpoints'],
+  'team_deploy': ['deploy_targets'],
+  'auto_invent': [],      // No vault needed, just enterprise tier + $2.00
+  'invent_program': []    // No vault needed, just enterprise tier + $2.00
+};
+
+/**
+ * Check if enterprise tool access is allowed
+ * Returns { allowed: boolean, reason: string }
+ * 
+ * Security fixes applied per 50c roast:
+ * - Strict API key validation with regex
+ * - Vault health check (not just initialized)
+ * - Tool existence validation
+ */
+async function checkEnterpriseAccess(tool, apiKey) {
+  // 1. Check if tool requires enterprise
+  if (!ENTERPRISE_GATED_TOOLS.includes(tool)) {
+    return { allowed: true, reason: 'Not an enterprise-gated tool' };
+  }
+  
+  // 2. Validate tool exists in requirements (security: prevent undefined lookup)
+  if (!ENTERPRISE_VAULT_REQUIREMENTS[tool]) {
+    return {
+      allowed: false,
+      reason: `Unknown enterprise tool: ${tool}`,
+      code: 'INVALID_TOOL'
+    };
+  }
+  
+  // 3. Verify enterprise tier via API key
+  try {
+    const { call50cTool } = require('./subagent.js');
+    
+    // Strict API key validation (security: prevent prefix collisions)
+    // Enterprise keys: cv_ent_XXXXXXXX (8+ hex chars) OR cv_enterprise_* OR any cv_ key with $2+ balance
+    const isValidEntKey = apiKey && (
+      /^cv_ent_[a-f0-9]{8,}$/i.test(apiKey) ||
+      /^cv_enterprise_/i.test(apiKey) ||
+      /^cv_[a-f0-9]{40,}$/i.test(apiKey)  // Production keys with sufficient balance
+    );
+    
+    if (!isValidEntKey) {
+      return { 
+        allowed: false, 
+        reason: `${tool} requires Enterprise tier ($2.00). Upgrade at https://50c.ai/enterprise`,
+        code: 'ENTERPRISE_REQUIRED'
+      };
+    }
+    
+    // 4. Check vault status ONLY for tools that require vault keys
+    const requiredKeys = ENTERPRISE_VAULT_REQUIREMENTS[tool];
+    
+    // If no vault keys required (auto_invent, invent_program), skip vault check
+    if (!requiredKeys || requiredKeys.length === 0) {
+      return { allowed: true, reason: `Enterprise tool ${tool} allowed (no vault required)` };
+    }
+    
+    const vaultStatus = await call50cTool('vault_status', {});
+    
+    if (!vaultStatus || !vaultStatus.initialized) {
+      return {
+        allowed: false,
+        reason: `${tool} requires 50c-vault. Run: npx 50c-vault init`,
+        code: 'VAULT_NOT_INITIALIZED'
+      };
+    }
+    
+    // Check vault health if available
+    if (vaultStatus.healthy === false) {
+      return {
+        allowed: false,
+        reason: `Vault is in degraded state. Run: npx 50c-vault status`,
+        code: 'VAULT_NOT_HEALTHY'
+      };
+    }
+    
+    // 5. Check each required key exists in vault
+    for (const key of requiredKeys) {
+      try {
+        const val = await call50cTool('vault_get', { key });
+        if (!val || val.error) {
+          return {
+            allowed: false,
+            reason: `${tool} requires vault key '${key}'. Add it: npx 50c-vault set ${key}`,
+            code: 'VAULT_KEY_MISSING'
+          };
+        }
+      } catch (e) {
+        return {
+          allowed: false,
+          reason: `Cannot verify vault key '${key}': ${e.message}`,
+          code: 'VAULT_CHECK_FAILED'
+        };
+      }
+    }
+    
+    return { allowed: true, reason: 'Enterprise access verified via vault' };
+    
+  } catch (e) {
+    return {
+      allowed: false,
+      reason: `Enterprise check failed: ${e.message}`,
+      code: 'ENTERPRISE_CHECK_ERROR'
+    };
+  }
+}
+
+// Blocked patterns - potential self-improvement or escape vectors
+// NOTE: execute/deploy patterns are ALLOWED for enterprise users with vault
+const BLOCKED_PATTERNS = [
+  /bypass.*limit/i,
+  /hack.*api/i,
+  /steal.*credit/i,
+  /free.*tier.*abuse/i,
+  /self.*replicate/i,
+  /escape.*sandbox/i,
+  /improve.*this.*system/i,
+  /rewrite.*team/i,
+  /modify.*50c/i,
+  /recursive.*loop/i,
+  /infinite.*chain/i,
+  /exploit.*vulnerab/i,
+  /inject.*code/i,
+  /spread.*virus/i,
+  /malware/i,
+  /phishing/i,
+  /exfiltrate/i,
+  /password.*dump/i,
+  /credential.*steal/i,
+  /api.*key.*extract/i,
+  /bomb|weapon|explosive|kill|murder|attack/i,
+];
+
+// Air-gapped tools - cannot be used for self-improvement tasks
+const AIRGAPPED_TOOLS = ['genius_plus', 'genius'];
+const SELF_IMPROVEMENT_PATTERNS = [
+  /improve.*prompt/i,
+  /better.*chain/i,
+  /optimize.*tool/i,
+  /enhance.*system/i,
+  /upgrade.*team/i,
+  /make.*smarter/i,
+  /self.*improv/i,
+];
+
+// Executable generation blocklist
+const EXECUTABLE_PATTERNS = [
+  /write.*script.*deploy/i,
+  /generate.*executable/i,
+  /create.*virus/i,
+  /build.*malware/i,
+  /code.*to.*hack/i,
+  /script.*to.*steal/i,
+  /program.*to.*attack/i,
+];
+
+/**
+ * Safety check - returns { safe: boolean, reason: string }
+ */
+function safetyCheck(task, context) {
+  const combined = `${task} ${context || ''}`.toLowerCase();
+  
+  // Check blocked patterns
+  for (const pattern of BLOCKED_PATTERNS) {
+    if (pattern.test(combined)) {
+      return { 
+        safe: false, 
+        reason: `Blocked: Task contains prohibited pattern. This request cannot be processed.`,
+        code: 'BLOCKED_PATTERN'
+      };
+    }
+  }
+  
+  // Check executable generation
+  for (const pattern of EXECUTABLE_PATTERNS) {
+    if (pattern.test(combined)) {
+      return {
+        safe: false,
+        reason: `Blocked: Cannot generate executable or deployment code.`,
+        code: 'EXECUTABLE_BLOCKED'
+      };
+    }
+  }
+  
+  // Rate limiting
+  const now = Date.now();
+  const recentCalls = callLog.filter(t => now - t < 60000);
+  if (recentCalls.length >= MAX_CALLS_PER_MINUTE) {
+    return {
+      safe: false,
+      reason: `Rate limited: Max ${MAX_CALLS_PER_MINUTE} team calls per minute. Please wait.`,
+      code: 'RATE_LIMITED'
+    };
+  }
+  
+  return { safe: true };
+}
+
+/**
+ * Check if task is self-improvement (air-gap check)
+ */
+function isSelfImprovement(task) {
+  for (const pattern of SELF_IMPROVEMENT_PATTERNS) {
+    if (pattern.test(task)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+/**
+ * Filter tools for air-gapping
+ */
+function filterAirgappedTools(tools, task) {
+  if (isSelfImprovement(task)) {
+    return tools.filter(t => !AIRGAPPED_TOOLS.includes(t));
+  }
+  return tools;
+}
+
+// Tool capabilities for matching
+const TOOL_CAPABILITIES = {
+  // ENTERPRISE INVENTION ($2.00)
+  auto_invent: { keywords: ['invent', 'discover', 'prove', 'novel', 'patent', 'breakthrough', 'scientific', 'rigorous', 'verified solution', 'invention'], desc: 'Enterprise invention pipeline ($2.00)' },
+  invent_program: { keywords: ['programmatic invention', 'json program', 'executable pipeline', 'step by step invention'], desc: 'JSON-defined invention ($2.00)' },
+  
+  // Research & Analysis
+  web_search: { keywords: ['search', 'find', 'look up', 'research', 'google', 'internet'], desc: 'Search the web' },
+  page_fetch: { keywords: ['fetch', 'scrape', 'get page', 'read url', 'website content'], desc: 'Fetch webpage content' },
+  genius: { keywords: ['analyze', 'solve', 'think', 'deep', 'complex', 'figure out', 'understand'], desc: 'Deep problem solving' },
+  genius_plus: { keywords: ['code gen', 'implement', 'build', 'create code', 'write code', 'program'], desc: 'Self-improving code generation' },
+  
+  // Code Quality
+  roast: { keywords: ['roast', 'review', 'critique', 'flaws', 'bugs', 'issues', 'problems', 'code review'], desc: 'Brutal code review' },
+  hints: { keywords: ['hints', 'tips', 'suggestions', 'advice', 'help', 'guide', 'ideas'], desc: 'Quick hints' },
+  hints_plus: { keywords: ['more hints', 'detailed hints', 'thorough tips'], desc: 'Detailed hints' },
+  
+  // Math & Computation  
+  bcalc: { keywords: ['calculate', 'math', 'compute', 'formula', 'equation', 'number'], desc: 'Mathematical computation' },
+  bcalc_why: { keywords: ['explain math', 'why math', 'math explanation'], desc: 'Math explanation' },
+  compute: { keywords: ['run python', 'execute', 'python code', 'script'], desc: 'Execute Python' },
+  
+  // Ideas & Creativity
+  quick_vibe: { keywords: ['ideas', 'brainstorm', 'creative', 'unconventional', 'vibe'], desc: 'Creative ideas' },
+  mind_opener: { keywords: ['angles', 'perspectives', 'approaches', 'ways to think'], desc: 'Different perspectives' },
+  idea_fold: { keywords: ['test claim', 'verify', 'validate', 'check assumption', 'stem'], desc: 'Test claims scientifically' },
+  prompt_expand: { keywords: ['expand', 'elaborate', 'detail', 'flesh out'], desc: 'Expand ideas' },
+  
+  // Business
+  name_it: { keywords: ['name', 'naming', 'brand', 'title', 'what to call'], desc: 'Generate names' },
+  price_it: { keywords: ['price', 'pricing', 'cost', 'charge', 'monetize'], desc: 'Pricing strategy' },
+  one_liner: { keywords: ['pitch', 'elevator', 'one liner', 'tagline', 'slogan'], desc: 'Elevator pitch' },
+  
+  // Domain & DNS
+  domain_check: { keywords: ['domain available', 'domain availability', 'check domain', 'domain name', 'domain check'], desc: 'Check domain availability' },
+  cf_list_zones: { keywords: ['cloudflare zones', 'list domains', 'dns zones'], desc: 'List CF zones' },
+  cf_list_dns: { keywords: ['dns records', 'list dns'], desc: 'List DNS records' },
+  
+  // Context & Memory
+  beacon_compress: { keywords: ['compress', 'summarize context', 'reduce'], desc: 'Compress context' },
+  beacon_extract: { keywords: ['extract', 'pull out', 'find in context'], desc: 'Extract from context' },
+  fog_check: { keywords: ['fog', 'confusion', 'clarity check'], desc: 'Check context fog' },
+  fog_clear: { keywords: ['clear fog', 'reset context', 'clean up'], desc: 'Clear context fog' },
+  caz_dedup: { keywords: ['deduplicate', 'dedup', 'remove duplicates'], desc: 'Deduplicate content' },
+  context_compress: { keywords: ['compress code', 'reduce context', 'relevant parts'], desc: 'Smart context compression' },
+  
+  // Knowledge Management
+  dewey_add: { keywords: ['save', 'store', 'remember', 'index', 'add to dewey'], desc: 'Save to index' },
+  dewey_search: { keywords: ['search saved', 'find saved', 'lookup dewey'], desc: 'Search saved items' },
+  dewey_list: { keywords: ['list saved', 'show dewey', 'what did i save'], desc: 'List saved items' },
+  
+  // UX
+  ux_contrast_check: { keywords: ['contrast', 'color accessibility', 'readable'], desc: 'Check color contrast' },
+  ux_color_palette: { keywords: ['color palette', 'colors', 'theme colors'], desc: 'Generate colors' },
+  ux_roast: { keywords: ['ux review', 'ui critique', 'design review'], desc: 'Roast UI/UX' },
+  ux_copy_improve: { keywords: ['improve copy', 'better text', 'ux writing'], desc: 'Improve UI copy' },
+  
+  // Handoff
+  handoff: { keywords: ['handoff', 'document', 'summary', 'wrap up', 'status'], desc: 'Generate handoff doc' }
+};
+
+// Common task patterns → tool sequences
+const TASK_PATTERNS = [
+  // ENTERPRISE-GATED PATTERNS FIRST (require vault + enterprise tier)
+  // These must come before generic patterns to avoid false matches
+  {
+    match: /\bssh\b|\bscp\b|\bsftp\b|\brsync\b|remote.*server|server.*command|connect.*server|bash.*into|shell.*into|terminal.*server/i,
+    tools: ['team_ssh'],
+    desc: 'SSH/SCP/SFTP to server (Enterprise + Vault required)'
+  },
+  {
+    match: /deploy.*(server|prod|staging|live)|push.*production|release.*server|ship.*to/i,
+    tools: ['team_deploy'],
+    desc: 'Deploy to server (Enterprise + Vault required)'
+  },
+  {
+    match: /execute.*on.*server|run.*command.*server|remote.*shell/i,
+    tools: ['team_exec'],
+    desc: 'Execute command (Enterprise + Vault required)'
+  },
+  {
+    match: /call.*external.*api|http.*request.*server|webhook.*trigger|post.*to.*endpoint/i,
+    tools: ['team_http'],
+    desc: 'HTTP request (Enterprise + Vault required)'
+  },
+  // ENTERPRISE INVENTION PATTERNS ($2.00)
+  {
+    match: /\binvent\b|\bdiscover\b|\bprove\b|\bsolve.*rigor|\bnovel.*solution|\bpatent|\bbreakthrough|\bscientific.*method/i,
+    tools: ['auto_invent'],
+    desc: 'Enterprise invention pipeline ($2.00) - full swarm with verification'
+  },
+  {
+    match: /\bauto.?invent|\bfull.*pipeline|\bswarm.*invention|\bverified.*solution/i,
+    tools: ['auto_invent'],
+    desc: 'Enterprise auto-invent ($2.00)'
+  },
+  // Standard patterns
+  {
+    match: /roast.*fix|review.*suggest|critique.*improve/i,
+    tools: ['roast', 'hints'],
+    desc: 'Code review with fix suggestions'
+  },
+  {
+    match: /research.*summar|search.*analyz|find.*explain/i,
+    tools: ['web_search', 'genius'],
+    desc: 'Research and analyze'
+  },
+  {
+    match: /security|vulnerab|exploit|hack/i,
+    tools: ['roast', 'hints_plus', 'genius'],
+    desc: 'Security analysis'
+  },
+  {
+    match: /name.*domain|brand.*available/i,
+    tools: ['name_it', 'domain_check'],
+    desc: 'Naming with domain check'
+  },
+  {
+    match: /price|monetiz|business model/i,
+    tools: ['price_it', 'hints'],
+    desc: 'Pricing strategy'
+  },
+  {
+    match: /math.*explain|calculate.*why/i,
+    tools: ['bcalc', 'bcalc_why'],
+    desc: 'Math with explanation'
+  },
+  {
+    match: /build|implement|create|code|develop/i,
+    tools: ['genius_plus'],
+    desc: 'Code generation'
+  }
+];
+
+/**
+ * Match task to best tools
+ */
+function matchTaskToTools(task) {
+  const taskLower = task.toLowerCase();
+  const matched = [];
+  const scores = {};
+  
+  // Check patterns first
+  for (const pattern of TASK_PATTERNS) {
+    if (pattern.match.test(task)) {
+      return { tools: pattern.tools, reason: pattern.desc, confidence: 0.9 };
+    }
+  }
+  
+  // Keyword matching
+  for (const [tool, config] of Object.entries(TOOL_CAPABILITIES)) {
+    let score = 0;
+    for (const keyword of config.keywords) {
+      if (taskLower.includes(keyword)) {
+        score += keyword.split(' ').length; // Multi-word matches score higher
+      }
+    }
+    if (score > 0) {
+      scores[tool] = score;
+      matched.push({ tool, score, desc: config.desc });
+    }
+  }
+  
+  // Sort by score, take top 3
+  matched.sort((a, b) => b.score - a.score);
+  const topTools = matched.slice(0, 3).map(m => m.tool);
+  
+  if (topTools.length === 0) {
+    // Default to genius for unknown tasks
+    return { tools: ['genius'], reason: 'General problem solving', confidence: 0.5 };
+  }
+  
+  return { 
+    tools: topTools, 
+    reason: matched.slice(0, 3).map(m => m.desc).join(' → '),
+    confidence: Math.min(0.9, matched[0].score / 5)
+  };
+}
+
+/**
+ * Build tool arguments from task and context
+ */
+function buildArgs(tool, task, context) {
+  const args = {};
+  
+  // Common argument mappings
+  if (typeof context === 'string') {
+    if (tool === 'roast') args.code = context;
+    else if (tool === 'hints' || tool === 'hints_plus') args.query = context || task;
+    else if (tool === 'genius' || tool === 'genius_plus') args.problem = `${task}\n\nContext:\n${context}`;
+    else if (tool === 'web_search') args.query = task.replace(/search|find|research|look up/gi, '').trim();
+    else if (tool === 'compute') args.code = context;
+    else if (tool === 'bcalc') args.expression = context || task;
+    else if (tool === 'name_it') args.does = task;
+    else if (tool === 'price_it') args.product = context || task;
+    else if (tool === 'quick_vibe') args.working_on = context || task;
+    else if (tool === 'mind_opener') args.problem = context || task;
+    else if (tool === 'idea_fold') { args.claim = context || task; }
+    else if (tool === 'prompt_expand') args.idea = context || task;
+    else if (tool === 'one_liner') args.product = context || task;
+    else if (tool === 'beacon_compress') args.messages = Array.isArray(context) ? context : [context];
+    else if (tool === 'caz_dedup') args.content = context;
+    else if (tool === 'context_compress') { args.content = context; args.query = task; }
+    else if (tool === 'dewey_search') args.query = task;
+    else if (tool === 'ux_roast') args.description = context || task;
+    else if (tool === 'handoff') { args.project = task; args.context = context; }
+    else args.query = context || task; // Default fallback
+  } else if (typeof context === 'object') {
+    Object.assign(args, context);
+    // Fill in missing required args
+    if (!args.query && !args.problem && !args.code) {
+      args.query = task;
+    }
+  }
+  
+  // Handle tools that need to extract args from task regardless of context type
+  if (tool === 'domain_check' && !args.domain) {
+    const domainMatch = task.match(/[\w-]+\.(ai|com|io|co|net|org|dev|app|xyz)/i);
+    args.domain = domainMatch ? domainMatch[0] : '';
+  }
+  
+  return args;
+}
+
+/**
+ * Execute team task - orchestrate multiple tools
+ * WITH SAFETY GUARDRAILS
+ */
+async function teamExecute(task, context, options = {}) {
+  const startTime = Date.now();
+  const results = {
+    task,
+    steps: [],
+    finalResult: null,
+    toolsUsed: [],
+    totalTime: 0,
+    guardrails: { checked: true },
+    limits: { paidUsed: 0, freeUsed: 0, paidMax: MAX_PAID_TOOLS, freeMax: MAX_FREE_TOOLS }
+  };
+  
+  try {
+    // GUARDRAIL 1: Safety check on task + context
+    const safety = safetyCheck(task, context);
+    if (!safety.safe) {
+      return {
+        ok: false,
+        blocked: true,
+        reason: safety.reason,
+        code: safety.code,
+        guardrails: { triggered: safety.code }
+      };
+    }
+    
+    // Log call for rate limiting
+    callLog.push(Date.now());
+    // Trim old entries
+    while (callLog.length > 100) callLog.shift();
+    
+    // Match task to tools
+    let { tools, reason, confidence } = matchTaskToTools(task);
+    
+    // GUARDRAIL 2: Air-gap check - remove genius/genius_plus from self-improvement tasks
+    tools = filterAirgappedTools(tools, task);
+    if (tools.length === 0) {
+      return {
+        ok: false,
+        blocked: true,
+        reason: 'Self-improvement tasks cannot use advanced reasoning tools.',
+        code: 'AIRGAP_BLOCKED',
+        guardrails: { triggered: 'AIRGAP' }
+      };
+    }
+    
+    // GUARDRAIL 3: No recursive team calls (team can't call itself)
+    tools = tools.filter(t => t !== 'team');
+    
+    // GUARDRAIL 4: Enforce paid/free tool limits
+    const paidTools = tools.filter(t => !FREE_TOOLS.includes(t));
+    const freeTools = tools.filter(t => FREE_TOOLS.includes(t));
+    
+    // Cap to limits
+    const allowedPaid = paidTools.slice(0, MAX_PAID_TOOLS);
+    const allowedFree = freeTools.slice(0, MAX_FREE_TOOLS);
+    tools = [...allowedPaid, ...allowedFree];
+    
+    results.plan = { 
+      tools, 
+      reason, 
+      confidence, 
+      paidTools: allowedPaid.length,
+      freeTools: allowedFree.length,
+      limits: { paid: MAX_PAID_TOOLS, free: MAX_FREE_TOOLS }
+    };
+    
+    if (options.dryRun) {
+      return { 
+        ok: true, 
+        dryRun: true,
+        plan: results.plan,
+        message: `Would execute: ${tools.join(' → ')}`,
+        guardrails: { active: ['paid_limit', 'free_limit', 'airgap', 'pattern_block', 'rate_limit', 'enterprise_gate'] }
+      };
+    }
+    
+    // Execute tools in sequence, passing results forward
+    let prevResult = context;
+    let paidUsed = 0;
+    let freeUsed = 0;
+    const apiKey = options.apiKey || process.env.FIFTYC_API_KEY;
+    
+    for (const tool of tools) {
+      // GUARDRAIL 5: Enterprise-gated tool check
+      if (ENTERPRISE_GATED_TOOLS.includes(tool)) {
+        const access = await checkEnterpriseAccess(tool, apiKey);
+        if (!access.allowed) {
+          results.steps.push({ 
+            tool, 
+            skipped: true, 
+            reason: access.reason,
+            code: access.code,
+            upgrade: 'https://50c.ai/enterprise'
+          });
+          continue;
+        }
+      }
+      
+      // Check limits before each call
+      const isFree = FREE_TOOLS.includes(tool);
+      if (isFree && freeUsed >= MAX_FREE_TOOLS) {
+        results.steps.push({ tool, skipped: true, reason: `Free tool limit reached (${MAX_FREE_TOOLS})` });
+        continue;
+      }
+      if (!isFree && paidUsed >= MAX_PAID_TOOLS) {
+        results.steps.push({ tool, skipped: true, reason: `Paid tool limit reached (${MAX_PAID_TOOLS})` });
+        continue;
+      }
+      
+      const stepStart = Date.now();
+      const args = buildArgs(tool, task, prevResult);
+      
+      // SPECIAL: Local enterprise tools (auto_invent, invent_program) run in-process
+      let toolResult;
+      if (tool === 'auto_invent' || tool === 'invent_program') {
+        // These are local enterprise tools - import from 50c.js
+        try {
+          const { autoInvent, inventProgram } = require('../bin/50c.js');
+          if (tool === 'auto_invent') {
+            toolResult = { ok: true, result: await autoInvent(args) };
+          } else {
+            toolResult = { ok: true, result: await inventProgram(args) };
+          }
+        } catch (e) {
+          toolResult = { ok: false, error: `Local tool ${tool} failed: ${e.message}` };
+        }
+      } else {
+        toolResult = await call50cTool(tool, args);
+      }
+      
+      // Track usage
+      if (isFree) freeUsed++;
+      else paidUsed++;
+      
+      const step = {
+        tool,
+        args,
+        result: toolResult,
+        time: Date.now() - stepStart,
+        type: isFree ? 'free' : 'paid'
+      };
+      results.steps.push(step);
+      results.toolsUsed.push(tool);
+      
+      if (toolResult.ok) {
+        prevResult = toolResult.result;
+      } else {
+        // Tool failed, but continue with others
+        step.error = toolResult.error;
+      }
+    }
+    
+    results.finalResult = prevResult;
+    results.totalTime = Date.now() - startTime;
+    results.limits = { paidUsed, freeUsed, paidMax: MAX_PAID_TOOLS, freeMax: MAX_FREE_TOOLS };
+    results.ok = results.steps.some(s => s.result?.ok);
+    
+    return results;
+    
+  } catch (e) {
+    results.ok = false;
+    results.error = e.message;
+    results.totalTime = Date.now() - startTime;
+    return results;
+  }
+}
+
+/**
+ * Simple team interface - just task + optional context
+ */
+async function team(taskOrOptions) {
+  if (typeof taskOrOptions === 'string') {
+    return teamExecute(taskOrOptions, null);
+  }
+  
+  const { task, context, dryRun } = taskOrOptions;
+  return teamExecute(task, context, { dryRun });
+}
+
+module.exports = {
+  team,
+  teamExecute,
+  matchTaskToTools,
+  safetyCheck,
+  TOOL_CAPABILITIES,
+  TASK_PATTERNS,
+  BLOCKED_PATTERNS,
+  FREE_TOOLS,
+  MAX_PAID_TOOLS,
+  MAX_FREE_TOOLS,
+  MAX_CALLS_PER_MINUTE
+};