@askexenow/exe-os 0.8.82 → 0.8.85

package/dist/hooks/summary-worker.js

@@ -428,387 +428,940 @@ var init_employees = __esm({
   }
 });
 
-// src/lib/database.ts
-var database_exports = {};
-__export(database_exports, {
-  disposeDatabase: () => disposeDatabase,
-  disposeTurso: () => disposeTurso,
-  ensureSchema: () => ensureSchema,
-  getClient: () => getClient,
-  getRawClient: () => getRawClient,
-  initDatabase: () => initDatabase,
-  initTurso: () => initTurso,
-  isInitialized: () => isInitialized
-});
-import { createClient } from "@libsql/client";
-async function initDatabase(config) {
-  if (_client) {
-    _client.close();
-    _client = null;
-    _resilientClient = null;
+// src/lib/exe-daemon-client.ts
+import net from "net";
+import { spawn } from "child_process";
+import { randomUUID } from "crypto";
+import { existsSync as existsSync3, unlinkSync as unlinkSync2, readFileSync as readFileSync3, openSync, closeSync, statSync } from "fs";
+import path3 from "path";
+import { fileURLToPath } from "url";
+function handleData(chunk) {
+  _buffer += chunk.toString();
+  if (_buffer.length > MAX_BUFFER) {
+    _buffer = "";
+    return;
   }
-  const opts = {
-    url: `file:${config.dbPath}`
-  };
-  if (config.encryptionKey) {
-    opts.encryptionKey = config.encryptionKey;
+  let newlineIdx;
+  while ((newlineIdx = _buffer.indexOf("\n")) !== -1) {
+    const line = _buffer.slice(0, newlineIdx).trim();
+    _buffer = _buffer.slice(newlineIdx + 1);
+    if (!line) continue;
+    try {
+      const response = JSON.parse(line);
+      const id = response.id;
+      if (!id) continue;
+      const entry = _pending.get(id);
+      if (entry) {
+        clearTimeout(entry.timer);
+        _pending.delete(id);
+        entry.resolve(response);
+      }
+    } catch {
+    }
   }
-  _client = createClient(opts);
-  _resilientClient = wrapWithRetry(_client);
-}
-function isInitialized() {
-  return _client !== null;
 }
-function getClient() {
-  if (!_resilientClient) {
-    throw new Error("Database client not initialized. Call initDatabase() first.");
+function cleanupStaleFiles() {
+  if (existsSync3(PID_PATH)) {
+    try {
+      const pid = parseInt(readFileSync3(PID_PATH, "utf8").trim(), 10);
+      if (pid > 0) {
+        try {
+          process.kill(pid, 0);
+          return;
+        } catch {
+        }
+      }
+    } catch {
+    }
+    try {
+      unlinkSync2(PID_PATH);
+    } catch {
+    }
+    try {
+      unlinkSync2(SOCKET_PATH);
+    } catch {
+    }
   }
-  return _resilientClient;
 }
-function getRawClient() {
-  if (!_client) {
-    throw new Error("Database client not initialized. Call initDatabase() first.");
+function findPackageRoot() {
+  let dir = path3.dirname(fileURLToPath(import.meta.url));
+  const { root } = path3.parse(dir);
+  while (dir !== root) {
+    if (existsSync3(path3.join(dir, "package.json"))) return dir;
+    dir = path3.dirname(dir);
   }
-  return _client;
+  return null;
 }
-async function ensureSchema() {
-  const client = getRawClient();
-  await client.execute("PRAGMA journal_mode = WAL");
-  await client.execute("PRAGMA busy_timeout = 30000");
-  await client.execute("PRAGMA wal_autocheckpoint = 1000");
-  try {
-    await client.execute("PRAGMA libsql_vector_search_ef = 128");
-  } catch {
+function spawnDaemon() {
+  const pkgRoot = findPackageRoot();
+  if (!pkgRoot) {
+    process.stderr.write("[exed-client] WARN: cannot find package root\n");
+    return;
   }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS memories (
-      id            TEXT PRIMARY KEY,
-      agent_id      TEXT NOT NULL,
-      agent_role    TEXT NOT NULL,
-      session_id    TEXT NOT NULL,
-      timestamp     TEXT NOT NULL,
-      tool_name     TEXT NOT NULL,
-      project_name  TEXT NOT NULL,
-      has_error     INTEGER NOT NULL DEFAULT 0,
-      raw_text      TEXT NOT NULL,
-      vector        F32_BLOB(1024),
-      version       INTEGER NOT NULL DEFAULT 0
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_memories_agent
-      ON memories(agent_id);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_timestamp
-      ON memories(timestamp);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_session
-      ON memories(session_id);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_project
-      ON memories(project_name);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_tool
-      ON memories(tool_name);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_version
-      ON memories(version);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_agent_project
-      ON memories(agent_id, project_name);
-  `);
-  await client.executeMultiple(`
-    CREATE VIRTUAL TABLE IF NOT EXISTS memories_fts USING fts5(
-      raw_text,
-      content='memories',
-      content_rowid='rowid'
-    );
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_ai AFTER INSERT ON memories BEGIN
-      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_ad AFTER DELETE ON memories BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_au AFTER UPDATE ON memories BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
-    END;
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS sync_meta (
-      key   TEXT PRIMARY KEY,
-      value TEXT NOT NULL
-    );
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS tasks (
-      id            TEXT PRIMARY KEY,
-      title         TEXT NOT NULL,
-      assigned_to   TEXT NOT NULL,
-      assigned_by   TEXT NOT NULL,
-      project_name  TEXT NOT NULL,
-      priority      TEXT NOT NULL DEFAULT 'p1',
-      status        TEXT NOT NULL DEFAULT 'open',
-      task_file     TEXT,
-      created_at    TEXT NOT NULL,
-      updated_at    TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_tasks_assignee_status
-      ON tasks(assigned_to, status);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS behaviors (
-      id           TEXT PRIMARY KEY,
-      agent_id     TEXT NOT NULL,
-      project_name TEXT,
-      domain       TEXT,
-      content      TEXT NOT NULL,
-      active       INTEGER NOT NULL DEFAULT 1,
-      created_at   TEXT NOT NULL,
-      updated_at   TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_behaviors_agent
-      ON behaviors(agent_id, active);
-  `);
-  try {
-    const coordinatorName = getCoordinatorName();
-    const existing = await client.execute({
-      sql: "SELECT COUNT(*) as cnt FROM behaviors WHERE agent_id = ?",
-      args: [coordinatorName]
-    });
-    if (Number(existing.rows[0]?.cnt) === 0) {
-      const seededAt = "2026-03-25T00:00:00Z";
-      for (const [domain, content] of [
-        ["workflow", `Don't ask "keep going?" \u2014 just keep executing phases/plans autonomously`],
-        ["tool-use", "Always use create_task MCP tool, never write .md files directly for task creation"],
-        ["workflow", "Auto-start reviewing when idle and reviews are pending \u2014 never ask founder for permission"]
-      ]) {
-        await client.execute({
-          sql: `INSERT INTO behaviors (id, agent_id, project_name, domain, content, active, created_at, updated_at)
-                VALUES (hex(randomblob(16)), ?, NULL, ?, ?, 1, ?, ?)`,
-          args: [coordinatorName, domain, content, seededAt, seededAt]
-        });
-      }
-    }
-  } catch {
+  const daemonPath = path3.join(pkgRoot, "dist", "lib", "exe-daemon.js");
+  if (!existsSync3(daemonPath)) {
+    process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
+`);
+    return;
   }
+  const resolvedPath = daemonPath;
+  process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
+`);
+  const logPath = path3.join(path3.dirname(SOCKET_PATH), "exed.log");
+  let stderrFd = "ignore";
   try {
-    await client.execute({
-      sql: `ALTER TABLE behaviors ADD COLUMN priority TEXT DEFAULT 'p1'`,
-      args: []
-    });
+    stderrFd = openSync(logPath, "a");
   } catch {
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
-      args: []
-    });
-  } catch {
+  const child = spawn(process.execPath, [resolvedPath], {
+    detached: true,
+    stdio: ["ignore", "ignore", stderrFd],
+    env: {
+      ...process.env,
+      TMUX: void 0,
+      // Daemon is global — must not inherit session scope
+      TMUX_PANE: void 0,
+      // Prevents resolveExeSession() from scoping to one session
+      EXE_DAEMON_SOCK: SOCKET_PATH,
+      EXE_DAEMON_PID: PID_PATH
+    }
+  });
+  child.unref();
+  if (typeof stderrFd === "number") {
+    try {
+      closeSync(stderrFd);
+    } catch {
+    }
   }
+}
+function acquireSpawnLock() {
   try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN parent_task_id TEXT`,
-      args: []
-    });
-  } catch {
-  }
-  try {
-    await client.execute({
-      sql: `CREATE INDEX IF NOT EXISTS idx_tasks_parent_task_id
-              ON tasks(parent_task_id)
-              WHERE parent_task_id IS NOT NULL`,
-      args: []
-    });
+    const fd = openSync(SPAWN_LOCK_PATH, "wx");
+    closeSync(fd);
+    return true;
   } catch {
+    try {
+      const stat = statSync(SPAWN_LOCK_PATH);
+      if (Date.now() - stat.mtimeMs > SPAWN_LOCK_STALE_MS) {
+        try {
+          unlinkSync2(SPAWN_LOCK_PATH);
+        } catch {
+        }
+        try {
+          const fd = openSync(SPAWN_LOCK_PATH, "wx");
+          closeSync(fd);
+          return true;
+        } catch {
+        }
+      }
+    } catch {
+    }
+    return false;
   }
+}
+function releaseSpawnLock() {
   try {
-    await client.execute({
-      sql: `UPDATE tasks SET status = 'done' WHERE status = 'completed'`,
-      args: []
-    });
+    unlinkSync2(SPAWN_LOCK_PATH);
   } catch {
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN reviewer TEXT`,
-      args: []
+}
+function connectToSocket() {
+  return new Promise((resolve) => {
+    if (_socket && _connected) {
+      resolve(true);
+      return;
+    }
+    const socket = net.createConnection({ path: SOCKET_PATH });
+    const connectTimeout = setTimeout(() => {
+      socket.destroy();
+      resolve(false);
+    }, 2e3);
+    socket.on("connect", () => {
+      clearTimeout(connectTimeout);
+      _socket = socket;
+      _connected = true;
+      _buffer = "";
+      socket.on("data", handleData);
+      socket.on("close", () => {
+        _connected = false;
+        _socket = null;
+        for (const [id, entry] of _pending) {
+          clearTimeout(entry.timer);
+          _pending.delete(id);
+          entry.resolve({ error: "Connection closed" });
+        }
+      });
+      socket.on("error", () => {
+        _connected = false;
+        _socket = null;
+      });
+      resolve(true);
     });
-  } catch {
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN context TEXT`,
-      args: []
+    socket.on("error", () => {
+      clearTimeout(connectTimeout);
+      resolve(false);
     });
-  } catch {
+  });
+}
+async function connectEmbedDaemon() {
+  if (_socket && _connected) return true;
+  if (await connectToSocket()) return true;
+  if (acquireSpawnLock()) {
+    try {
+      cleanupStaleFiles();
+      spawnDaemon();
+    } finally {
+      releaseSpawnLock();
+    }
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN result TEXT`,
-      args: []
-    });
-  } catch {
+  const start = Date.now();
+  let delay2 = 100;
+  while (Date.now() - start < CONNECT_TIMEOUT_MS) {
+    await new Promise((r) => setTimeout(r, delay2));
+    if (await connectToSocket()) return true;
+    delay2 = Math.min(delay2 * 2, 3e3);
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN assigned_tmux TEXT`,
-      args: []
-    });
-  } catch {
+  return false;
+}
+function sendRequest(texts, priority) {
+  return sendDaemonRequest({ texts, priority });
+}
+function sendDaemonRequest(payload, timeoutMs = REQUEST_TIMEOUT_MS) {
+  return new Promise((resolve) => {
+    if (!_socket || !_connected) {
+      resolve({ error: "Not connected" });
+      return;
+    }
+    const id = randomUUID();
+    const timer = setTimeout(() => {
+      _pending.delete(id);
+      resolve({ error: "Request timeout" });
+    }, timeoutMs);
+    _pending.set(id, { resolve, timer });
+    try {
+      _socket.write(JSON.stringify({ id, ...payload }) + "\n");
+    } catch {
+      clearTimeout(timer);
+      _pending.delete(id);
+      resolve({ error: "Write failed" });
+    }
+  });
+}
+async function pingDaemon() {
+  if (!_socket || !_connected) return null;
+  const response = await sendDaemonRequest({ type: "health" }, 5e3);
+  if (response.health) {
+    return response.health;
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN checkpoint TEXT`,
-      args: []
-    });
-  } catch {
+  return null;
+}
+function killAndRespawnDaemon() {
+  process.stderr.write("[exed-client] Killing daemon for restart...\n");
+  if (existsSync3(PID_PATH)) {
+    try {
+      const pid = parseInt(readFileSync3(PID_PATH, "utf8").trim(), 10);
+      if (pid > 0) {
+        try {
+          process.kill(pid, "SIGKILL");
+        } catch {
+        }
+      }
+    } catch {
+    }
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN checkpoint_count INTEGER NOT NULL DEFAULT 0`,
-      args: []
-    });
-  } catch {
+  if (_socket) {
+    _socket.destroy();
+    _socket = null;
   }
+  _connected = false;
+  _buffer = "";
   try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN complexity TEXT NOT NULL DEFAULT 'standard'`,
-      args: []
-    });
+    unlinkSync2(PID_PATH);
   } catch {
   }
   try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN session_scope TEXT`,
-      args: []
-    });
+    unlinkSync2(SOCKET_PATH);
   } catch {
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN task_id TEXT`,
-      args: []
-    });
-  } catch {
+  spawnDaemon();
+}
+async function embedViaClient(text, priority = "high") {
+  if (!_connected && !await connectEmbedDaemon()) return null;
+  _requestCount++;
+  if (_requestCount % HEALTH_CHECK_INTERVAL === 0) {
+    const health = await pingDaemon();
+    if (!health) {
+      process.stderr.write(`[exed-client] Periodic health check failed at request ${_requestCount} \u2014 restarting daemon
+`);
+      killAndRespawnDaemon();
+      const start = Date.now();
+      let delay2 = 200;
+      while (Date.now() - start < CONNECT_TIMEOUT_MS) {
+        await new Promise((r) => setTimeout(r, delay2));
+        if (await connectToSocket()) break;
+        delay2 = Math.min(delay2 * 2, 3e3);
+      }
+      if (!_connected) return null;
+    }
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN consolidated INTEGER NOT NULL DEFAULT 0`,
-      args: []
-    });
-  } catch {
+  const result = await sendRequest([text], priority);
+  if (!result.error && result.vectors?.[0]) return result.vectors[0];
+  if (result.error) {
+    process.stderr.write(`[exed-client] Embed failed (${result.error}) \u2014 attempting restart
+`);
+    killAndRespawnDaemon();
+    const start = Date.now();
+    let delay2 = 200;
+    while (Date.now() - start < CONNECT_TIMEOUT_MS) {
+      await new Promise((r) => setTimeout(r, delay2));
+      if (await connectToSocket()) break;
+      delay2 = Math.min(delay2 * 2, 3e3);
+    }
+    if (!_connected) return null;
+    const retry = await sendRequest([text], priority);
+    if (!retry.error && retry.vectors?.[0]) return retry.vectors[0];
+    process.stderr.write(`[exed-client] Embed retry also failed: ${retry.error ?? "no vector"}
+`);
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN author_device_id TEXT`,
-      args: []
-    });
-  } catch {
+  return null;
+}
+function disconnectClient() {
+  if (_socket) {
+    _socket.destroy();
+    _socket = null;
   }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN scope TEXT NOT NULL DEFAULT 'business'`,
-      args: []
-    });
-  } catch {
+  _connected = false;
+  _buffer = "";
+  for (const [id, entry] of _pending) {
+    clearTimeout(entry.timer);
+    _pending.delete(id);
+    entry.resolve({ error: "Client disconnected" });
   }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS consolidations (
-      id                    TEXT PRIMARY KEY,
-      consolidated_memory_id TEXT NOT NULL,
-      source_memory_id      TEXT NOT NULL,
-      created_at            TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_consolidations_source
-      ON consolidations(source_memory_id);
-
-    CREATE INDEX IF NOT EXISTS idx_consolidations_consolidated
-      ON consolidations(consolidated_memory_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS reminders (
+}
+function isClientConnected() {
+  return _connected;
+}
+var SOCKET_PATH, PID_PATH, SPAWN_LOCK_PATH, SPAWN_LOCK_STALE_MS, CONNECT_TIMEOUT_MS, REQUEST_TIMEOUT_MS, _socket, _connected, _buffer, _requestCount, HEALTH_CHECK_INTERVAL, _pending, MAX_BUFFER;
+var init_exe_daemon_client = __esm({
+  "src/lib/exe-daemon-client.ts"() {
+    "use strict";
+    init_config();
+    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path3.join(EXE_AI_DIR, "exed.sock");
+    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path3.join(EXE_AI_DIR, "exed.pid");
+    SPAWN_LOCK_PATH = path3.join(EXE_AI_DIR, "exed-spawn.lock");
+    SPAWN_LOCK_STALE_MS = 3e4;
+    CONNECT_TIMEOUT_MS = 15e3;
+    REQUEST_TIMEOUT_MS = 3e4;
+    _socket = null;
+    _connected = false;
+    _buffer = "";
+    _requestCount = 0;
+    HEALTH_CHECK_INTERVAL = 100;
+    _pending = /* @__PURE__ */ new Map();
+    MAX_BUFFER = 1e7;
+  }
+});
+
+// src/lib/daemon-protocol.ts
+function serializeValue(v) {
+  if (v === null || v === void 0) return null;
+  if (typeof v === "bigint") return Number(v);
+  if (typeof v === "boolean") return v ? 1 : 0;
+  if (v instanceof Uint8Array) {
+    return { __blob: Buffer.from(v).toString("base64") };
+  }
+  if (ArrayBuffer.isView(v)) {
+    return { __blob: Buffer.from(v.buffer, v.byteOffset, v.byteLength).toString("base64") };
+  }
+  if (v instanceof ArrayBuffer) {
+    return { __blob: Buffer.from(v).toString("base64") };
+  }
+  if (typeof v === "string" || typeof v === "number") return v;
+  return String(v);
+}
+function deserializeValue(v) {
+  if (v === null) return null;
+  if (typeof v === "object" && v !== null && "__blob" in v) {
+    const buf = Buffer.from(v.__blob, "base64");
+    return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
+  }
+  return v;
+}
+function deserializeResultSet(srs) {
+  const rows = srs.rows.map((obj) => {
+    const values = srs.columns.map(
+      (col) => deserializeValue(obj[col] ?? null)
+    );
+    const row = values;
+    for (let i = 0; i < srs.columns.length; i++) {
+      const col = srs.columns[i];
+      if (col !== void 0) {
+        row[col] = values[i] ?? null;
+      }
+    }
+    Object.defineProperty(row, "length", {
+      value: values.length,
+      enumerable: false
+    });
+    return row;
+  });
+  return {
+    columns: srs.columns,
+    columnTypes: srs.columnTypes ?? [],
+    rows,
+    rowsAffected: srs.rowsAffected,
+    lastInsertRowid: srs.lastInsertRowid != null ? BigInt(srs.lastInsertRowid) : void 0,
+    toJSON: () => ({
+      columns: srs.columns,
+      columnTypes: srs.columnTypes ?? [],
+      rows: srs.rows,
+      rowsAffected: srs.rowsAffected,
+      lastInsertRowid: srs.lastInsertRowid
+    })
+  };
+}
+var init_daemon_protocol = __esm({
+  "src/lib/daemon-protocol.ts"() {
+    "use strict";
+  }
+});
+
+// src/lib/db-daemon-client.ts
+var db_daemon_client_exports = {};
+__export(db_daemon_client_exports, {
+  createDaemonDbClient: () => createDaemonDbClient,
+  initDaemonDbClient: () => initDaemonDbClient
+});
+function normalizeStatement(stmt) {
+  if (typeof stmt === "string") {
+    return { sql: stmt, args: [] };
+  }
+  const sql = stmt.sql;
+  let args = [];
+  if (Array.isArray(stmt.args)) {
+    args = stmt.args.map((v) => serializeValue(v));
+  } else if (stmt.args && typeof stmt.args === "object") {
+    const named = {};
+    for (const [key, val] of Object.entries(stmt.args)) {
+      named[key] = serializeValue(val);
+    }
+    return { sql, args: named };
+  }
+  return { sql, args };
+}
+function createDaemonDbClient(fallbackClient) {
+  let _useDaemon = false;
+  const client = {
+    async execute(stmt) {
+      if (!_useDaemon || !isClientConnected()) {
+        return fallbackClient.execute(stmt);
+      }
+      const { sql, args } = normalizeStatement(stmt);
+      const response = await sendDaemonRequest({
+        type: "db-execute",
+        sql,
+        args
+      });
+      if (response.error) {
+        const errMsg = String(response.error);
+        if (errMsg === "Not connected" || errMsg === "Request timeout" || errMsg === "Write failed") {
+          process.stderr.write(`[db-daemon] Transport error (${errMsg}), falling back to direct
+`);
+          return fallbackClient.execute(stmt);
+        }
+        throw new Error(errMsg);
+      }
+      if (response.db) {
+        return deserializeResultSet(response.db);
+      }
+      process.stderr.write("[db-daemon] Unexpected response shape, falling back to direct\n");
+      return fallbackClient.execute(stmt);
+    },
+    async batch(stmts, mode) {
+      if (!_useDaemon || !isClientConnected()) {
+        return fallbackClient.batch(stmts, mode);
+      }
+      const statements = stmts.map(normalizeStatement);
+      const response = await sendDaemonRequest({
+        type: "db-batch",
+        statements,
+        mode: mode ?? "deferred"
+      });
+      if (response.error) {
+        const errMsg = String(response.error);
+        if (errMsg === "Not connected" || errMsg === "Request timeout" || errMsg === "Write failed") {
+          process.stderr.write(`[db-daemon] Batch transport error (${errMsg}), falling back to direct
+`);
+          return fallbackClient.batch(stmts, mode);
+        }
+        throw new Error(errMsg);
+      }
+      const batchResults = response["db-batch"];
+      if (batchResults) {
+        return batchResults.map(deserializeResultSet);
+      }
+      process.stderr.write("[db-daemon] Unexpected batch response shape, falling back to direct\n");
+      return fallbackClient.batch(stmts, mode);
+    },
+    // Transaction support — delegate to fallback (transactions need direct connection)
+    async transaction(mode) {
+      return fallbackClient.transaction(mode);
+    },
+    // executeMultiple — delegate to fallback (used only for schema migrations)
+    async executeMultiple(sql) {
+      return fallbackClient.executeMultiple(sql);
+    },
+    // migrate — delegate to fallback
+    async migrate(stmts) {
+      return fallbackClient.migrate(stmts);
+    },
+    // Sync mode — delegate to fallback
+    sync() {
+      return fallbackClient.sync();
+    },
+    close() {
+      _useDaemon = false;
+    },
+    get closed() {
+      return fallbackClient.closed;
+    },
+    get protocol() {
+      return fallbackClient.protocol;
+    }
+  };
+  return {
+    ...client,
+    /** Enable daemon routing (call after confirming daemon is connected) */
+    _enableDaemon() {
+      _useDaemon = true;
+    },
+    /** Check if daemon routing is active */
+    _isDaemonActive() {
+      return _useDaemon && isClientConnected();
+    }
+  };
+}
+async function initDaemonDbClient(fallbackClient) {
+  if (process.env.EXE_IS_DAEMON === "1") return null;
+  const connected = await connectEmbedDaemon();
+  if (!connected) {
+    process.stderr.write("[db-daemon] Daemon unavailable \u2014 using direct SQLite\n");
+    return null;
+  }
+  const client = createDaemonDbClient(fallbackClient);
+  client._enableDaemon();
+  process.stderr.write("[db-daemon] DB routing through daemon (single-writer)\n");
+  return client;
+}
+var init_db_daemon_client = __esm({
+  "src/lib/db-daemon-client.ts"() {
+    "use strict";
+    init_exe_daemon_client();
+    init_daemon_protocol();
+  }
+});
+
+// src/lib/database.ts
+var database_exports = {};
+__export(database_exports, {
+  disposeDatabase: () => disposeDatabase,
+  disposeTurso: () => disposeTurso,
+  ensureSchema: () => ensureSchema,
+  getClient: () => getClient,
+  getRawClient: () => getRawClient,
+  initDaemonClient: () => initDaemonClient,
+  initDatabase: () => initDatabase,
+  initTurso: () => initTurso,
+  isInitialized: () => isInitialized
+});
+import { createClient } from "@libsql/client";
+async function initDatabase(config) {
+  if (_client) {
+    _client.close();
+    _client = null;
+    _resilientClient = null;
+  }
+  const opts = {
+    url: `file:${config.dbPath}`
+  };
+  if (config.encryptionKey) {
+    opts.encryptionKey = config.encryptionKey;
+  }
+  _client = createClient(opts);
+  _resilientClient = wrapWithRetry(_client);
+}
+function isInitialized() {
+  return _client !== null;
+}
+function getClient() {
+  if (!_resilientClient) {
+    throw new Error("Database client not initialized. Call initDatabase() first.");
+  }
+  if (process.env.EXE_IS_DAEMON === "1") {
+    return _resilientClient;
+  }
+  if (_daemonClient && _daemonClient._isDaemonActive()) {
+    return _daemonClient;
+  }
+  return _resilientClient;
+}
+async function initDaemonClient() {
+  if (process.env.EXE_IS_DAEMON === "1") return;
+  if (!_resilientClient) return;
+  try {
+    const { initDaemonDbClient: initDaemonDbClient2 } = await Promise.resolve().then(() => (init_db_daemon_client(), db_daemon_client_exports));
+    _daemonClient = await initDaemonDbClient2(_resilientClient);
+  } catch (err) {
+    process.stderr.write(
+      `[database] Daemon client init failed (non-fatal): ${err instanceof Error ? err.message : String(err)}
+`
+    );
+  }
+}
+function getRawClient() {
+  if (!_client) {
+    throw new Error("Database client not initialized. Call initDatabase() first.");
+  }
+  return _client;
+}
+async function ensureSchema() {
+  const client = getRawClient();
+  await client.execute("PRAGMA journal_mode = WAL");
+  await client.execute("PRAGMA busy_timeout = 30000");
+  await client.execute("PRAGMA wal_autocheckpoint = 1000");
+  try {
+    await client.execute("PRAGMA libsql_vector_search_ef = 128");
+  } catch {
+  }
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS memories (
       id            TEXT PRIMARY KEY,
-      text          TEXT NOT NULL,
-      created_at    TEXT NOT NULL,
-      due_date      TEXT,
-      completed_at  TEXT
+      agent_id      TEXT NOT NULL,
+      agent_role    TEXT NOT NULL,
+      session_id    TEXT NOT NULL,
+      timestamp     TEXT NOT NULL,
+      tool_name     TEXT NOT NULL,
+      project_name  TEXT NOT NULL,
+      has_error     INTEGER NOT NULL DEFAULT 0,
+      raw_text      TEXT NOT NULL,
+      vector        F32_BLOB(1024),
+      version       INTEGER NOT NULL DEFAULT 0
     );
+
+    CREATE INDEX IF NOT EXISTS idx_memories_agent
+      ON memories(agent_id);
+
+    CREATE INDEX IF NOT EXISTS idx_memories_timestamp
+      ON memories(timestamp);
+
+    CREATE INDEX IF NOT EXISTS idx_memories_session
+      ON memories(session_id);
+
+    CREATE INDEX IF NOT EXISTS idx_memories_project
+      ON memories(project_name);
+
+    CREATE INDEX IF NOT EXISTS idx_memories_tool
+      ON memories(tool_name);
+
+    CREATE INDEX IF NOT EXISTS idx_memories_version
+      ON memories(version);
+
+    CREATE INDEX IF NOT EXISTS idx_memories_agent_project
+      ON memories(agent_id, project_name);
   `);
   await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS notifications (
-      id          TEXT PRIMARY KEY,
-      agent_id    TEXT NOT NULL,
-      agent_role  TEXT NOT NULL,
-      event       TEXT NOT NULL,
-      project     TEXT NOT NULL,
-      summary     TEXT NOT NULL,
-      task_file   TEXT,
-      read        INTEGER NOT NULL DEFAULT 0,
-      created_at  TEXT NOT NULL
+    CREATE VIRTUAL TABLE IF NOT EXISTS memories_fts USING fts5(
+      raw_text,
+      content='memories',
+      content_rowid='rowid'
     );
 
-    CREATE INDEX IF NOT EXISTS idx_notifications_read
-      ON notifications(read);
+    CREATE TRIGGER IF NOT EXISTS memories_fts_ai AFTER INSERT ON memories BEGIN
+      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
+    END;
 
-    CREATE INDEX IF NOT EXISTS idx_notifications_agent
-      ON notifications(agent_id);
+    CREATE TRIGGER IF NOT EXISTS memories_fts_ad AFTER DELETE ON memories BEGIN
+      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
+    END;
 
-    CREATE INDEX IF NOT EXISTS idx_notifications_task_file
-      ON notifications(task_file);
+    CREATE TRIGGER IF NOT EXISTS memories_fts_au AFTER UPDATE ON memories BEGIN
+      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
+      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
+    END;
   `);
   await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS schedules (
-      id            TEXT PRIMARY KEY,
-      cron          TEXT NOT NULL,
-      description   TEXT NOT NULL,
-      job_type      TEXT NOT NULL DEFAULT 'report',
-      prompt        TEXT,
-      assigned_to   TEXT,
-      project_name  TEXT,
-      active        INTEGER NOT NULL DEFAULT 1,
-      use_crontab   INTEGER NOT NULL DEFAULT 0,
-      created_at    TEXT NOT NULL
+    CREATE TABLE IF NOT EXISTS sync_meta (
+      key   TEXT PRIMARY KEY,
+      value TEXT NOT NULL
     );
   `);
   await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS device_registry (
-      device_id     TEXT PRIMARY KEY,
-      friendly_name TEXT NOT NULL,
-      hostname      TEXT NOT NULL,
-      projects      TEXT NOT NULL DEFAULT '[]',
-      agents        TEXT NOT NULL DEFAULT '[]',
-      connected     INTEGER DEFAULT 0,
-      last_seen     TEXT NOT NULL
+    CREATE TABLE IF NOT EXISTS tasks (
+      id            TEXT PRIMARY KEY,
+      title         TEXT NOT NULL,
+      assigned_to   TEXT NOT NULL,
+      assigned_by   TEXT NOT NULL,
+      project_name  TEXT NOT NULL,
+      priority      TEXT NOT NULL DEFAULT 'p1',
+      status        TEXT NOT NULL DEFAULT 'open',
+      task_file     TEXT,
+      created_at    TEXT NOT NULL,
+      updated_at    TEXT NOT NULL
     );
+
+    CREATE INDEX IF NOT EXISTS idx_tasks_assignee_status
+      ON tasks(assigned_to, status);
   `);
   await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS messages (
-      id              TEXT PRIMARY KEY,
-      from_agent      TEXT NOT NULL,
-      from_device     TEXT NOT NULL DEFAULT 'local',
-      target_agent    TEXT NOT NULL,
-      target_project  TEXT,
-      target_device   TEXT NOT NULL DEFAULT 'local',
-      content         TEXT NOT NULL,
-      priority        TEXT DEFAULT 'normal',
-      status          TEXT DEFAULT 'pending',
-      server_seq      INTEGER,
-      retry_count     INTEGER DEFAULT 0,
-      created_at      TEXT NOT NULL,
-      delivered_at    TEXT,
-      processed_at    TEXT,
-      failed_at       TEXT,
-      failure_reason  TEXT
+    CREATE TABLE IF NOT EXISTS behaviors (
+      id           TEXT PRIMARY KEY,
+      agent_id     TEXT NOT NULL,
+      project_name TEXT,
+      domain       TEXT,
+      content      TEXT NOT NULL,
+      active       INTEGER NOT NULL DEFAULT 1,
+      created_at   TEXT NOT NULL,
+      updated_at   TEXT NOT NULL
     );
 
-    CREATE INDEX IF NOT EXISTS idx_messages_target
-      ON messages(target_agent, status);
+    CREATE INDEX IF NOT EXISTS idx_behaviors_agent
+      ON behaviors(agent_id, active);
+  `);
+  try {
+    const coordinatorName = getCoordinatorName();
+    const existing = await client.execute({
+      sql: "SELECT COUNT(*) as cnt FROM behaviors WHERE agent_id = ?",
+      args: [coordinatorName]
+    });
+    if (Number(existing.rows[0]?.cnt) === 0) {
+      const seededAt = "2026-03-25T00:00:00Z";
+      for (const [domain, content] of [
+        ["workflow", `Don't ask "keep going?" \u2014 just keep executing phases/plans autonomously`],
+        ["tool-use", "Always use create_task MCP tool, never write .md files directly for task creation"],
+        ["workflow", "Auto-start reviewing when idle and reviews are pending \u2014 never ask founder for permission"]
+      ]) {
+        await client.execute({
+          sql: `INSERT INTO behaviors (id, agent_id, project_name, domain, content, active, created_at, updated_at)
+                VALUES (hex(randomblob(16)), ?, NULL, ?, ?, 1, ?, ?)`,
+          args: [coordinatorName, domain, content, seededAt, seededAt]
+        });
+      }
+    }
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE behaviors ADD COLUMN priority TEXT DEFAULT 'p1'`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN parent_task_id TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `CREATE INDEX IF NOT EXISTS idx_tasks_parent_task_id
+              ON tasks(parent_task_id)
+              WHERE parent_task_id IS NOT NULL`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `UPDATE tasks SET status = 'done' WHERE status = 'completed'`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN reviewer TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN context TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN result TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN assigned_tmux TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN checkpoint TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN checkpoint_count INTEGER NOT NULL DEFAULT 0`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN complexity TEXT NOT NULL DEFAULT 'standard'`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN session_scope TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN task_id TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN consolidated INTEGER NOT NULL DEFAULT 0`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN author_device_id TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN scope TEXT NOT NULL DEFAULT 'business'`,
+      args: []
+    });
+  } catch {
+  }
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS consolidations (
+      id                    TEXT PRIMARY KEY,
+      consolidated_memory_id TEXT NOT NULL,
+      source_memory_id      TEXT NOT NULL,
+      created_at            TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_consolidations_source
+      ON consolidations(source_memory_id);
+
+    CREATE INDEX IF NOT EXISTS idx_consolidations_consolidated
+      ON consolidations(consolidated_memory_id);
+  `);
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS reminders (
+      id            TEXT PRIMARY KEY,
+      text          TEXT NOT NULL,
+      created_at    TEXT NOT NULL,
+      due_date      TEXT,
+      completed_at  TEXT
+    );
+  `);
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS notifications (
+      id          TEXT PRIMARY KEY,
+      agent_id    TEXT NOT NULL,
+      agent_role  TEXT NOT NULL,
+      event       TEXT NOT NULL,
+      project     TEXT NOT NULL,
+      summary     TEXT NOT NULL,
+      task_file   TEXT,
+      read        INTEGER NOT NULL DEFAULT 0,
+      created_at  TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_notifications_read
+      ON notifications(read);
+
+    CREATE INDEX IF NOT EXISTS idx_notifications_agent
+      ON notifications(agent_id);
+
+    CREATE INDEX IF NOT EXISTS idx_notifications_task_file
+      ON notifications(task_file);
+  `);
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS schedules (
+      id            TEXT PRIMARY KEY,
+      cron          TEXT NOT NULL,
+      description   TEXT NOT NULL,
+      job_type      TEXT NOT NULL DEFAULT 'report',
+      prompt        TEXT,
+      assigned_to   TEXT,
+      project_name  TEXT,
+      active        INTEGER NOT NULL DEFAULT 1,
+      use_crontab   INTEGER NOT NULL DEFAULT 0,
+      created_at    TEXT NOT NULL
+    );
+  `);
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS device_registry (
+      device_id     TEXT PRIMARY KEY,
+      friendly_name TEXT NOT NULL,
+      hostname      TEXT NOT NULL,
+      projects      TEXT NOT NULL DEFAULT '[]',
+      agents        TEXT NOT NULL DEFAULT '[]',
+      connected     INTEGER DEFAULT 0,
+      last_seen     TEXT NOT NULL
+    );
+  `);
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS messages (
+      id              TEXT PRIMARY KEY,
+      from_agent      TEXT NOT NULL,
+      from_device     TEXT NOT NULL DEFAULT 'local',
+      target_agent    TEXT NOT NULL,
+      target_project  TEXT,
+      target_device   TEXT NOT NULL DEFAULT 'local',
+      content         TEXT NOT NULL,
+      priority        TEXT DEFAULT 'normal',
+      status          TEXT DEFAULT 'pending',
+      server_seq      INTEGER,
+      retry_count     INTEGER DEFAULT 0,
+      created_at      TEXT NOT NULL,
+      delivered_at    TEXT,
+      processed_at    TEXT,
+      failed_at       TEXT,
+      failure_reason  TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_messages_target
+      ON messages(target_agent, status);
 
     CREATE INDEX IF NOT EXISTS idx_messages_conversation_order
       ON messages(target_agent, from_agent, server_seq);
@@ -951,6 +1504,12 @@ async function ensureSchema() {
     } catch {
     }
   }
+  try {
+    await client.execute(
+      `CREATE INDEX IF NOT EXISTS idx_memories_content_hash ON memories(content_hash, agent_id)`
+    );
+  } catch {
+  }
   await client.executeMultiple(`
     CREATE TABLE IF NOT EXISTS entities (
       id TEXT PRIMARY KEY,
@@ -1003,7 +1562,30 @@ async function ensureSchema() {
       entity_id TEXT NOT NULL,
       PRIMARY KEY (hyperedge_id, entity_id)
     );
+
+    CREATE VIRTUAL TABLE IF NOT EXISTS entities_fts USING fts5(
+      name,
+      content=entities,
+      content_rowid=rowid
+    );
+
+    CREATE TRIGGER IF NOT EXISTS entities_fts_ai AFTER INSERT ON entities BEGIN
+      INSERT INTO entities_fts(rowid, name) VALUES (new.rowid, new.name);
+    END;
+
+    CREATE TRIGGER IF NOT EXISTS entities_fts_ad AFTER DELETE ON entities BEGIN
+      INSERT INTO entities_fts(entities_fts, rowid, name) VALUES('delete', old.rowid, old.name);
+    END;
+
+    CREATE TRIGGER IF NOT EXISTS entities_fts_au AFTER UPDATE ON entities BEGIN
+      INSERT INTO entities_fts(entities_fts, rowid, name) VALUES('delete', old.rowid, old.name);
+      INSERT INTO entities_fts(rowid, name) VALUES (new.rowid, new.name);
+    END;
   `);
+  try {
+    await client.execute("INSERT INTO entities_fts(entities_fts) VALUES('rebuild')");
+  } catch {
+  }
   await client.executeMultiple(`
     CREATE TABLE IF NOT EXISTS entity_aliases (
       alias TEXT NOT NULL PRIMARY KEY,
@@ -1184,8 +1766,35 @@ async function ensureSchema() {
     CREATE INDEX IF NOT EXISTS idx_conversations_channel
       ON conversations(channel_id);
   `);
-  try {
-    await client.execute({
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS session_agent_map (
+      session_uuid TEXT PRIMARY KEY,
+      agent_id TEXT NOT NULL,
+      session_name TEXT,
+      task_id TEXT,
+      project_name TEXT,
+      started_at TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_session_agent_map_agent
+      ON session_agent_map(agent_id);
+  `);
+  try {
+    const mapCount = await client.execute({ sql: `SELECT COUNT(*) as cnt FROM session_agent_map`, args: [] });
+    if (Number(mapCount.rows[0]?.cnt ?? 0) === 0) {
+      await client.execute({
+        sql: `INSERT OR IGNORE INTO session_agent_map (session_uuid, agent_id, session_name, started_at)
+              SELECT session_id, agent_id, '', MIN(timestamp)
+              FROM memories
+              WHERE session_id IS NOT NULL AND session_id != '' AND agent_id IS NOT NULL AND agent_id != ''
+              GROUP BY session_id, agent_id`,
+        args: []
+      });
+    }
+  } catch {
+  }
+  try {
+    await client.execute({
       sql: `ALTER TABLE tasks ADD COLUMN budget_tokens INTEGER`,
       args: []
     });
@@ -1317,15 +1926,41 @@ async function ensureSchema() {
     });
   } catch {
   }
+  for (const col of [
+    "ALTER TABLE memories ADD COLUMN intent TEXT",
+    "ALTER TABLE memories ADD COLUMN outcome TEXT",
+    "ALTER TABLE memories ADD COLUMN domain TEXT",
+    "ALTER TABLE memories ADD COLUMN referenced_entities TEXT",
+    "ALTER TABLE memories ADD COLUMN retrieval_count INTEGER DEFAULT 0",
+    "ALTER TABLE memories ADD COLUMN chain_position TEXT",
+    "ALTER TABLE memories ADD COLUMN review_status TEXT",
+    "ALTER TABLE memories ADD COLUMN context_window_pct INTEGER",
+    "ALTER TABLE memories ADD COLUMN file_paths TEXT",
+    "ALTER TABLE memories ADD COLUMN commit_hash TEXT",
+    "ALTER TABLE memories ADD COLUMN duration_ms INTEGER",
+    "ALTER TABLE memories ADD COLUMN token_cost REAL",
+    "ALTER TABLE memories ADD COLUMN audience TEXT",
+    "ALTER TABLE memories ADD COLUMN language_type TEXT",
+    "ALTER TABLE memories ADD COLUMN parent_memory_id TEXT"
+  ]) {
+    try {
+      await client.execute(col);
+    } catch {
+    }
+  }
 }
 async function disposeDatabase() {
+  if (_daemonClient) {
+    _daemonClient.close();
+    _daemonClient = null;
+  }
   if (_client) {
     _client.close();
     _client = null;
     _resilientClient = null;
   }
 }
-var _client, _resilientClient, initTurso, disposeTurso;
+var _client, _resilientClient, _daemonClient, initTurso, disposeTurso;
 var init_database = __esm({
   "src/lib/database.ts"() {
     "use strict";
@@ -1333,6 +1968,7 @@ var init_database = __esm({
     init_employees();
     _client = null;
     _resilientClient = null;
+    _daemonClient = null;
     initTurso = initDatabase;
     disposeTurso = disposeDatabase;
   }
@@ -1348,14 +1984,14 @@ __export(keychain_exports, {
   setMasterKey: () => setMasterKey
 });
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
-import { existsSync as existsSync3 } from "fs";
-import path3 from "path";
+import { existsSync as existsSync4 } from "fs";
+import path4 from "path";
 import os3 from "os";
 function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path3.join(os3.homedir(), ".exe-os");
+  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path4.join(os3.homedir(), ".exe-os");
 }
 function getKeyPath() {
-  return path3.join(getKeyDir(), "master.key");
+  return path4.join(getKeyDir(), "master.key");
 }
 async function tryKeytar() {
   try {
@@ -1376,13 +2012,21 @@ async function getMasterKey() {
     }
   }
   const keyPath = getKeyPath();
-  if (!existsSync3(keyPath)) {
+  if (!existsSync4(keyPath)) {
+    process.stderr.write(
+      `[keychain] Key not found at ${keyPath} (HOME=${os3.homedir()}, EXE_OS_DIR=${process.env.EXE_OS_DIR ?? "unset"})
+`
+    );
     return null;
   }
   try {
     const content = await readFile3(keyPath, "utf-8");
     return Buffer.from(content.trim(), "base64");
-  } catch {
+  } catch (err) {
+    process.stderr.write(
+      `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}
+`
+    );
     return null;
   }
 }
@@ -1411,7 +2055,7 @@ async function deleteMasterKey() {
     }
   }
   const keyPath = getKeyPath();
-  if (existsSync3(keyPath)) {
+  if (existsSync4(keyPath)) {
     await unlink(keyPath);
   }
 }
@@ -1521,12 +2165,12 @@ __export(shard_manager_exports, {
   listShards: () => listShards,
   shardExists: () => shardExists
 });
-import path4 from "path";
-import { existsSync as existsSync4, mkdirSync, readdirSync } from "fs";
+import path5 from "path";
+import { existsSync as existsSync5, mkdirSync, readdirSync } from "fs";
 import { createClient as createClient2 } from "@libsql/client";
 function initShardManager(encryptionKey) {
   _encryptionKey = encryptionKey;
-  if (!existsSync4(SHARDS_DIR)) {
+  if (!existsSync5(SHARDS_DIR)) {
     mkdirSync(SHARDS_DIR, { recursive: true });
   }
   _shardingEnabled = true;
@@ -1547,7 +2191,7 @@ function getShardClient(projectName) {
   }
   const cached = _shards.get(safeName);
   if (cached) return cached;
-  const dbPath = path4.join(SHARDS_DIR, `${safeName}.db`);
+  const dbPath = path5.join(SHARDS_DIR, `${safeName}.db`);
   const client = createClient2({
     url: `file:${dbPath}`,
     encryptionKey: _encryptionKey
@@ -1557,10 +2201,10 @@ function getShardClient(projectName) {
 }
 function shardExists(projectName) {
   const safeName = projectName.replace(/[^a-zA-Z0-9_-]/g, "_");
-  return existsSync4(path4.join(SHARDS_DIR, `${safeName}.db`));
+  return existsSync5(path5.join(SHARDS_DIR, `${safeName}.db`));
 }
 function listShards() {
-  if (!existsSync4(SHARDS_DIR)) return [];
+  if (!existsSync5(SHARDS_DIR)) return [];
   return readdirSync(SHARDS_DIR).filter((f) => f.endsWith(".db")).map((f) => f.replace(".db", ""));
 }
 async function ensureShardSchema(client) {
@@ -1746,7 +2390,7 @@ var init_shard_manager = __esm({
   "src/lib/shard-manager.ts"() {
     "use strict";
     init_config();
-    SHARDS_DIR = path4.join(EXE_AI_DIR, "shards");
+    SHARDS_DIR = path5.join(EXE_AI_DIR, "shards");
     _shards = /* @__PURE__ */ new Map();
     _encryptionKey = null;
     _shardingEnabled = false;
@@ -1871,7 +2515,7 @@ __export(global_procedures_exports, {
   loadGlobalProcedures: () => loadGlobalProcedures,
   storeGlobalProcedure: () => storeGlobalProcedure
 });
-import { randomUUID } from "crypto";
+import { randomUUID as randomUUID2 } from "crypto";
 async function loadGlobalProcedures() {
   const client = getClient();
   const result = await client.execute({
@@ -1900,7 +2544,7 @@ ${sections.join("\n\n")}
 `;
 }
 async function storeGlobalProcedure(input) {
-  const id = randomUUID();
+  const id = randomUUID2();
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const client = getClient();
   await client.execute({
@@ -1936,13 +2580,13 @@ ${p.content}`).join("\n\n");
 
 // src/lib/notifications.ts
 import crypto from "crypto";
-import path5 from "path";
+import path6 from "path";
 import os4 from "os";
 import {
-  readFileSync as readFileSync3,
+  readFileSync as readFileSync4,
   readdirSync as readdirSync2,
-  unlinkSync as unlinkSync2,
-  existsSync as existsSync5,
+  unlinkSync as unlinkSync3,
+  existsSync as existsSync6,
   rmdirSync
 } from "fs";
 async function writeNotification(notification) {
@@ -1977,13 +2621,13 @@ var init_notifications = __esm({
 });
 
 // src/lib/session-registry.ts
-import path6 from "path";
+import path7 from "path";
 import os5 from "os";
 var REGISTRY_PATH;
 var init_session_registry = __esm({
   "src/lib/session-registry.ts"() {
     "use strict";
-    REGISTRY_PATH = path6.join(os5.homedir(), ".exe-os", "session-registry.json");
+    REGISTRY_PATH = path7.join(os5.homedir(), ".exe-os", "session-registry.json");
   }
 });
 
@@ -2159,16 +2803,16 @@ var init_provider_table = __esm({
 });
 
 // src/lib/intercom-queue.ts
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync2, renameSync as renameSync3, existsSync as existsSync6, mkdirSync as mkdirSync2 } from "fs";
-import path7 from "path";
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync2, renameSync as renameSync3, existsSync as existsSync7, mkdirSync as mkdirSync2 } from "fs";
+import path8 from "path";
 import os6 from "os";
 var QUEUE_PATH, TTL_MS, INTERCOM_LOG;
 var init_intercom_queue = __esm({
   "src/lib/intercom-queue.ts"() {
     "use strict";
-    QUEUE_PATH = path7.join(os6.homedir(), ".exe-os", "intercom-queue.json");
+    QUEUE_PATH = path8.join(os6.homedir(), ".exe-os", "intercom-queue.json");
     TTL_MS = 60 * 60 * 1e3;
-    INTERCOM_LOG = path7.join(os6.homedir(), ".exe-os", "intercom.log");
+    INTERCOM_LOG = path8.join(os6.homedir(), ".exe-os", "intercom.log");
   }
 });
 
@@ -2179,933 +2823,588 @@ __export(license_exports, {
   PLAN_LIMITS: () => PLAN_LIMITS,
   assertVpsLicense: () => assertVpsLicense,
   checkLicense: () => checkLicense,
-  getCachedLicense: () => getCachedLicense,
-  isFeatureAllowed: () => isFeatureAllowed,
-  loadDeviceId: () => loadDeviceId,
-  loadLicense: () => loadLicense,
-  mirrorLicenseKey: () => mirrorLicenseKey,
-  saveLicense: () => saveLicense,
-  startLicenseRevalidation: () => startLicenseRevalidation,
-  stopLicenseRevalidation: () => stopLicenseRevalidation,
-  validateLicense: () => validateLicense
-});
-import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync as existsSync7, mkdirSync as mkdirSync3 } from "fs";
-import { randomUUID as randomUUID2 } from "crypto";
-import path8 from "path";
-import { jwtVerify, importSPKI } from "jose";
-async function fetchRetry(url, init) {
-  try {
-    return await fetch(url, init);
-  } catch {
-    await new Promise((r) => setTimeout(r, RETRY_DELAY_MS));
-    return fetch(url, { ...init, signal: AbortSignal.timeout(1e4) });
-  }
-}
-function loadDeviceId() {
-  const deviceJsonPath = path8.join(EXE_AI_DIR, "device.json");
-  try {
-    if (existsSync7(deviceJsonPath)) {
-      const data = JSON.parse(readFileSync5(deviceJsonPath, "utf8"));
-      if (data.deviceId) return data.deviceId;
-    }
-  } catch {
-  }
-  try {
-    if (existsSync7(DEVICE_ID_PATH)) {
-      const id2 = readFileSync5(DEVICE_ID_PATH, "utf8").trim();
-      if (id2) return id2;
-    }
-  } catch {
-  }
-  const id = randomUUID2();
-  mkdirSync3(EXE_AI_DIR, { recursive: true });
-  writeFileSync3(DEVICE_ID_PATH, id, "utf8");
-  return id;
-}
-function loadLicense() {
-  try {
-    if (!existsSync7(LICENSE_PATH)) return null;
-    return readFileSync5(LICENSE_PATH, "utf8").trim();
-  } catch {
-    return null;
-  }
-}
-function saveLicense(apiKey) {
-  mkdirSync3(EXE_AI_DIR, { recursive: true });
-  writeFileSync3(LICENSE_PATH, apiKey.trim(), { encoding: "utf8", mode: 384 });
-}
-async function verifyLicenseJwt(token) {
-  try {
-    const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-    const { payload } = await jwtVerify(token, key, {
-      algorithms: [LICENSE_JWT_ALG]
-    });
-    const plan = payload.plan ?? "free";
-    const email = payload.sub ?? "";
-    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan,
-      email,
-      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  } catch {
-    return null;
-  }
-}
-async function getCachedLicense() {
-  try {
-    if (!existsSync7(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync5(CACHE_PATH, "utf8"));
-    if (!raw.token || typeof raw.token !== "string") return null;
-    return await verifyLicenseJwt(raw.token);
-  } catch {
-    return null;
-  }
-}
-function readCachedToken() {
-  try {
-    if (!existsSync7(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync5(CACHE_PATH, "utf8"));
-    return typeof raw.token === "string" ? raw.token : null;
-  } catch {
-    return null;
-  }
-}
-function getRawCachedPlan() {
-  try {
-    const token = readCachedToken();
-    if (!token) return null;
-    const parts = token.split(".");
-    if (parts.length !== 3) return null;
-    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
-    const plan = payload.plan ?? "free";
-    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-    process.stderr.write(
-      `[license] WARN: using unverified cached plan (API unreachable, JWT expired). Plan: ${plan}
-`
-    );
-    return {
-      valid: true,
-      plan,
-      email: payload.sub ?? "",
-      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  } catch {
-    return null;
-  }
-}
-function cacheResponse(token) {
-  try {
-    writeFileSync3(CACHE_PATH, JSON.stringify({ token }), "utf8");
-  } catch {
-  }
-}
-async function validateLicense(apiKey, deviceId) {
-  const did = deviceId ?? loadDeviceId();
-  try {
-    const res = await fetchRetry(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId: did }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      const data = await res.json();
-      if (data.error === "device_limit_exceeded") {
-        const cached2 = await getCachedLicense();
-        if (cached2) return cached2;
-        const raw2 = getRawCachedPlan();
-        if (raw2) return { ...raw2, valid: false };
-        return { ...FREE_LICENSE, valid: false, plan: "free" };
-      }
-      if (data.token) {
-        cacheResponse(data.token);
-        const verified = await verifyLicenseJwt(data.token);
-        if (verified) return verified;
-      }
-      const limits = PLAN_LIMITS[data.plan] ?? PLAN_LIMITS.free;
-      return {
-        valid: data.valid,
-        plan: data.plan,
-        email: data.email,
-        expiresAt: data.expiresAt,
-        deviceLimit: limits.devices,
-        employeeLimit: limits.employees,
-        memoryLimit: limits.memories
-      };
-    }
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    const raw = getRawCachedPlan();
-    if (raw) return raw;
-    return { ...FREE_LICENSE, valid: false, plan: "free" };
-  } catch {
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    const rawFallback = getRawCachedPlan();
-    if (rawFallback) return rawFallback;
-    return { ...FREE_LICENSE, valid: false, error: "offline" };
-  }
-}
-function getCacheAgeMs() {
-  try {
-    const { statSync: statSync2 } = __require("fs");
-    const s = statSync2(CACHE_PATH);
-    return Date.now() - s.mtimeMs;
-  } catch {
-    return Infinity;
-  }
-}
-async function checkLicense() {
-  let key = loadLicense();
-  if (!key) {
-    try {
-      const configPath = path8.join(EXE_AI_DIR, "config.json");
-      if (existsSync7(configPath)) {
-        const raw = JSON.parse(readFileSync5(configPath, "utf8"));
-        const cloud = raw.cloud;
-        if (cloud?.apiKey) {
-          key = cloud.apiKey;
-          saveLicense(key);
-        }
-      }
-    } catch {
-    }
-  }
-  if (!key) return FREE_LICENSE;
-  const cached = await getCachedLicense();
-  if (cached && getCacheAgeMs() < CACHE_MAX_AGE_MS) return cached;
-  const deviceId = loadDeviceId();
-  return validateLicense(key, deviceId);
-}
-function isFeatureAllowed(license, feature) {
-  switch (feature) {
-    case "cloud_sync":
-    case "external_agents":
-    case "wiki":
-      return license.plan !== "free";
-    case "unlimited_employees":
-      return license.plan === "team" || license.plan === "agency" || license.plan === "enterprise";
-  }
-}
-function mirrorLicenseKey(apiKey) {
-  const trimmed = apiKey.trim();
-  if (!trimmed) return;
-  saveLicense(trimmed);
-}
-async function assertVpsLicense(opts) {
-  const env = opts?.env ?? process.env;
-  const inProduction = env.NODE_ENV === "production";
-  if (!opts?.force && !inProduction) {
-    return { ...FREE_LICENSE, plan: "free" };
-  }
-  const envKey = env.EXE_LICENSE_KEY?.trim();
-  if (envKey) {
-    saveLicense(envKey);
-  }
-  const apiKey = envKey ?? loadLicense();
-  if (!apiKey) {
-    throw new Error(
-      "License required: set EXE_LICENSE_KEY env var with your exe_sk_* key. Purchase at https://askexe.com. This VPS image refuses to boot without a valid license."
-    );
-  }
-  const deviceId = loadDeviceId();
-  let backendResponse = null;
-  let explicitRejection = false;
-  let transientFailure = false;
-  try {
-    const res = await fetchRetry(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      backendResponse = await res.json();
-      if (!backendResponse.valid) explicitRejection = true;
-    } else if (res.status === 401 || res.status === 403) {
-      explicitRejection = true;
-    } else {
-      transientFailure = true;
-    }
-  } catch {
-    transientFailure = true;
-  }
-  if (backendResponse?.valid) {
-    if (backendResponse.token) {
-      cacheResponse(backendResponse.token);
-      const verified = await verifyLicenseJwt(backendResponse.token);
-      if (verified) return verified;
-    }
-    const limits = PLAN_LIMITS[backendResponse.plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan: backendResponse.plan,
-      email: backendResponse.email,
-      expiresAt: backendResponse.expiresAt,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  }
-  if (explicitRejection) {
-    throw new Error(
-      `License invalid or expired. Renew at https://askexe.com, then restart. Backend rejected key ending in ...${apiKey.slice(-4)}.`
-    );
-  }
-  if (!transientFailure) {
-    throw new Error(
-      "License validation failed: unknown backend state. Restore network connectivity to https://askexe.com/cloud and retry."
-    );
+  getCachedLicense: () => getCachedLicense,
+  isFeatureAllowed: () => isFeatureAllowed,
+  loadDeviceId: () => loadDeviceId,
+  loadLicense: () => loadLicense,
+  mirrorLicenseKey: () => mirrorLicenseKey,
+  saveLicense: () => saveLicense,
+  startLicenseRevalidation: () => startLicenseRevalidation,
+  stopLicenseRevalidation: () => stopLicenseRevalidation,
+  validateLicense: () => validateLicense
+});
+import { readFileSync as readFileSync6, writeFileSync as writeFileSync3, existsSync as existsSync8, mkdirSync as mkdirSync3 } from "fs";
+import { randomUUID as randomUUID3 } from "crypto";
+import path9 from "path";
+import { jwtVerify, importSPKI } from "jose";
+async function fetchRetry(url, init) {
+  try {
+    return await fetch(url, init);
+  } catch {
+    await new Promise((r) => setTimeout(r, RETRY_DELAY_MS));
+    return fetch(url, { ...init, signal: AbortSignal.timeout(1e4) });
   }
-  const fresh = await getCachedLicense();
-  if (fresh && fresh.valid) return fresh;
-  const graceDays = opts?.offlineGraceDays ?? 7;
-  const graceMs = graceDays * 24 * 60 * 60 * 1e3;
+}
+function loadDeviceId() {
+  const deviceJsonPath = path9.join(EXE_AI_DIR, "device.json");
   try {
-    const token = readCachedToken();
-    if (token) {
-      const payloadB64 = token.split(".")[1];
-      if (payloadB64) {
-        const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
-        const expMs = (payload.exp ?? 0) * 1e3;
-        if (Date.now() < expMs + graceMs) {
-          const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-          const { payload: verified } = await jwtVerify(token, key, {
-            algorithms: [LICENSE_JWT_ALG],
-            clockTolerance: graceDays * 24 * 60 * 60
-          });
-          const plan = verified.plan ?? "free";
-          const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-          return {
-            valid: true,
-            plan,
-            email: verified.sub ?? "",
-            expiresAt: verified.exp ? new Date(verified.exp * 1e3).toISOString() : null,
-            deviceLimit: limits.devices,
-            employeeLimit: limits.employees,
-            memoryLimit: limits.memories
-          };
-        }
-      }
+    if (existsSync8(deviceJsonPath)) {
+      const data = JSON.parse(readFileSync6(deviceJsonPath, "utf8"));
+      if (data.deviceId) return data.deviceId;
     }
   } catch {
   }
-  throw new Error(
-    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://askexe.com/cloud and retry. This VPS image refuses to boot after the offline grace window.`
-  );
-}
-function startLicenseRevalidation(intervalMs = 36e5) {
-  if (_revalTimer) return;
-  _revalTimer = setInterval(async () => {
-    try {
-      const license = await checkLicense();
-      if (!license.valid) {
-        process.stderr.write("[exe-os] License expired or invalid \u2014 features may be restricted\n");
-      }
-    } catch {
+  try {
+    if (existsSync8(DEVICE_ID_PATH)) {
+      const id2 = readFileSync6(DEVICE_ID_PATH, "utf8").trim();
+      if (id2) return id2;
     }
-  }, intervalMs);
-  if (_revalTimer && typeof _revalTimer === "object" && "unref" in _revalTimer) {
-    _revalTimer.unref();
+  } catch {
   }
+  const id = randomUUID3();
+  mkdirSync3(EXE_AI_DIR, { recursive: true });
+  writeFileSync3(DEVICE_ID_PATH, id, "utf8");
+  return id;
 }
-function stopLicenseRevalidation() {
-  if (_revalTimer) {
-    clearInterval(_revalTimer);
-    _revalTimer = null;
+function loadLicense() {
+  try {
+    if (!existsSync8(LICENSE_PATH)) return null;
+    return readFileSync6(LICENSE_PATH, "utf8").trim();
+  } catch {
+    return null;
   }
 }
-var LICENSE_PATH, CACHE_PATH, DEVICE_ID_PATH, API_BASE, RETRY_DELAY_MS, LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG, PLAN_LIMITS, FREE_LICENSE, CACHE_MAX_AGE_MS, _revalTimer;
-var init_license = __esm({
-  "src/lib/license.ts"() {
-    "use strict";
-    init_config();
-    LICENSE_PATH = path8.join(EXE_AI_DIR, "license.key");
-    CACHE_PATH = path8.join(EXE_AI_DIR, "license-cache.json");
-    DEVICE_ID_PATH = path8.join(EXE_AI_DIR, "device-id");
-    API_BASE = "https://askexe.com/cloud";
-    RETRY_DELAY_MS = 500;
-    LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
-4uj+UqeKCcvtgNHKmOK278HJaJcANe9xAeji8AFYu27q3WtzCi04pHudow==
------END PUBLIC KEY-----`;
-    LICENSE_JWT_ALG = "ES256";
-    PLAN_LIMITS = {
-      free: { devices: 1, employees: 1, memories: 5e4 },
-      pro: { devices: 2, employees: 5, memories: 25e4 },
-      team: { devices: 10, employees: 20, memories: 1e6 },
-      agency: { devices: 50, employees: 100, memories: 1e7 },
-      enterprise: { devices: -1, employees: -1, memories: -1 }
-    };
-    FREE_LICENSE = {
-      valid: true,
-      plan: "free",
-      email: "",
-      expiresAt: null,
-      deviceLimit: 1,
-      employeeLimit: 1,
-      memoryLimit: 5e4
-    };
-    CACHE_MAX_AGE_MS = 36e5;
-    _revalTimer = null;
-  }
-});
-
-// src/lib/plan-limits.ts
-var plan_limits_exports = {};
-__export(plan_limits_exports, {
-  PlanLimitError: () => PlanLimitError,
-  assertEmployeeLimit: () => assertEmployeeLimit,
-  assertEmployeeLimitSync: () => assertEmployeeLimitSync,
-  assertFeature: () => assertFeature,
-  assertMemoryLimit: () => assertMemoryLimit,
-  countActiveMemories: () => countActiveMemories,
-  getLicenseSync: () => getLicenseSync
-});
-import { readFileSync as readFileSync6, existsSync as existsSync8 } from "fs";
-import path9 from "path";
-function getLicenseSync() {
+function saveLicense(apiKey) {
+  mkdirSync3(EXE_AI_DIR, { recursive: true });
+  writeFileSync3(LICENSE_PATH, apiKey.trim(), { encoding: "utf8", mode: 384 });
+}
+async function verifyLicenseJwt(token) {
   try {
-    if (!existsSync8(CACHE_PATH2)) return freeLicense();
-    const raw = JSON.parse(readFileSync6(CACHE_PATH2, "utf8"));
-    if (!raw.token || typeof raw.token !== "string") return freeLicense();
-    const parts = raw.token.split(".");
-    if (parts.length !== 3) return freeLicense();
-    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
+    const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
+    const { payload } = await jwtVerify(token, key, {
+      algorithms: [LICENSE_JWT_ALG]
+    });
     const plan = payload.plan ?? "free";
+    const email = payload.sub ?? "";
     const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
     return {
       valid: true,
       plan,
-      email: payload.sub ?? "",
+      email,
       expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
       deviceLimit: limits.devices,
       employeeLimit: limits.employees,
       memoryLimit: limits.memories
     };
   } catch {
-    return freeLicense();
-  }
-}
-function freeLicense() {
-  const limits = PLAN_LIMITS.free;
-  return {
-    valid: true,
-    plan: "free",
-    email: "",
-    expiresAt: null,
-    deviceLimit: limits.devices,
-    employeeLimit: limits.employees,
-    memoryLimit: limits.memories
-  };
-}
-async function countActiveMemories() {
-  if (!isInitialized()) return 0;
-  const client = getClient();
-  const result = await client.execute(
-    "SELECT COUNT(*) as cnt FROM memories WHERE status = 'active' OR status IS NULL"
-  );
-  const row = result.rows[0];
-  return Number(row?.cnt ?? 0);
-}
-async function assertMemoryLimit() {
-  const license = await checkLicense();
-  if (license.memoryLimit < 0) return;
-  const count = await countActiveMemories();
-  if (count >= license.memoryLimit) {
-    throw new PlanLimitError(
-      `Memory limit reached: ${count}/${license.memoryLimit} active memories on the ${license.plan} plan. Upgrade at https://askexe.com to store more.`
-    );
-  }
-}
-async function assertEmployeeLimit(license, rosterPath) {
-  const lic = license ?? await checkLicense();
-  if (lic.employeeLimit < 0) return;
-  const employees = await loadEmployees(rosterPath ?? EMPLOYEES_PATH);
-  if (employees.length >= lic.employeeLimit) {
-    throw new PlanLimitError(
-      `Employee limit reached: ${employees.length}/${lic.employeeLimit} employees on the ${lic.plan} plan. Upgrade at https://askexe.com to add more.`
-    );
+    return null;
   }
 }
-function assertEmployeeLimitSync(rosterPath) {
-  const license = getLicenseSync();
-  if (license.employeeLimit < 0) return;
-  const filePath = rosterPath ?? EMPLOYEES_PATH;
-  let count = 0;
+async function getCachedLicense() {
   try {
-    if (existsSync8(filePath)) {
-      const raw = readFileSync6(filePath, "utf8");
-      const employees = JSON.parse(raw);
-      count = Array.isArray(employees) ? employees.length : 0;
-    }
+    if (!existsSync8(CACHE_PATH)) return null;
+    const raw = JSON.parse(readFileSync6(CACHE_PATH, "utf8"));
+    if (!raw.token || typeof raw.token !== "string") return null;
+    return await verifyLicenseJwt(raw.token);
   } catch {
-    throw new PlanLimitError(
-      `Cannot verify employee count: roster unreadable at ${filePath}. Refusing to proceed. Check file permissions or upgrade plan.`
-    );
-  }
-  if (count >= license.employeeLimit) {
-    throw new PlanLimitError(
-      `Employee limit reached: ${count}/${license.employeeLimit} employees on the ${license.plan} plan. Upgrade at https://askexe.com to add more.`
-    );
-  }
-}
-async function assertFeature(feature) {
-  const license = await checkLicense();
-  if (!isFeatureAllowed(license, feature)) {
-    throw new PlanLimitError(
-      `Feature "${feature}" requires a paid plan. Current plan: ${license.plan}. Upgrade at https://askexe.com.`
-    );
+    return null;
   }
 }
-var PlanLimitError, CACHE_PATH2;
-var init_plan_limits = __esm({
-  "src/lib/plan-limits.ts"() {
-    "use strict";
-    init_database();
-    init_employees();
-    init_license();
-    init_config();
-    PlanLimitError = class extends Error {
-      constructor(message) {
-        super(message);
-        this.name = "PlanLimitError";
-      }
-    };
-    CACHE_PATH2 = path9.join(EXE_AI_DIR, "license-cache.json");
+function readCachedToken() {
+  try {
+    if (!existsSync8(CACHE_PATH)) return null;
+    const raw = JSON.parse(readFileSync6(CACHE_PATH, "utf8"));
+    return typeof raw.token === "string" ? raw.token : null;
+  } catch {
+    return null;
   }
-});
-
-// src/lib/tmux-routing.ts
-import { readFileSync as readFileSync7, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4, existsSync as existsSync9, appendFileSync } from "fs";
-import path10 from "path";
-import os7 from "os";
-import { fileURLToPath } from "url";
-function getMySession() {
-  return getTransport().getMySession();
-}
-function extractRootExe(name) {
-  if (!name) return null;
-  if (!name.includes("-")) return name;
-  const parts = name.split("-").filter(Boolean);
-  return parts.length > 0 ? parts[parts.length - 1] : null;
 }
-function getParentExe(sessionKey) {
+function getRawCachedPlan() {
   try {
-    const data = JSON.parse(readFileSync7(path10.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`), "utf8"));
-    return data.parentExe || null;
+    const token = readCachedToken();
+    if (!token) return null;
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
+    const plan = payload.plan ?? "free";
+    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
+    process.stderr.write(
+      `[license] WARN: using unverified cached plan (API unreachable, JWT expired). Plan: ${plan}
+`
+    );
+    return {
+      valid: true,
+      plan,
+      email: payload.sub ?? "",
+      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
+      deviceLimit: limits.devices,
+      employeeLimit: limits.employees,
+      memoryLimit: limits.memories
+    };
   } catch {
     return null;
   }
 }
-function resolveExeSession() {
-  const mySession = getMySession();
-  if (!mySession) return null;
+function cacheResponse(token) {
   try {
-    const key = getSessionKey();
-    const parentExe = getParentExe(key);
-    if (parentExe) {
-      return extractRootExe(parentExe) ?? parentExe;
-    }
+    writeFileSync3(CACHE_PATH, JSON.stringify({ token }), "utf8");
   } catch {
   }
-  return extractRootExe(mySession) ?? mySession;
 }
-var SPAWN_LOCK_DIR, SESSION_CACHE, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
-var init_tmux_routing = __esm({
-  "src/lib/tmux-routing.ts"() {
-    "use strict";
-    init_session_registry();
-    init_session_key();
-    init_transport();
-    init_cc_agent_support();
-    init_mcp_prefix();
-    init_provider_table();
-    init_intercom_queue();
-    init_plan_limits();
-    init_employees();
-    SPAWN_LOCK_DIR = path10.join(os7.homedir(), ".exe-os", "spawn-locks");
-    SESSION_CACHE = path10.join(os7.homedir(), ".exe-os", "session-cache");
-    INTERCOM_LOG2 = path10.join(os7.homedir(), ".exe-os", "intercom.log");
-    DEBOUNCE_FILE = path10.join(SESSION_CACHE, "intercom-debounce.json");
-    DEBOUNCE_CLEANUP_AGE_MS = 5 * 60 * 1e3;
-  }
-});
-
-// src/lib/task-scope.ts
-function getCurrentSessionScope() {
+async function validateLicense(apiKey, deviceId) {
+  const did = deviceId ?? loadDeviceId();
   try {
-    return resolveExeSession();
+    const res = await fetchRetry(`${API_BASE}/auth/activate`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ apiKey, deviceId: did }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (res.ok) {
+      const data = await res.json();
+      if (data.error === "device_limit_exceeded") {
+        const cached2 = await getCachedLicense();
+        if (cached2) return cached2;
+        const raw2 = getRawCachedPlan();
+        if (raw2) return { ...raw2, valid: false };
+        return { ...FREE_LICENSE, valid: false, plan: "free" };
+      }
+      if (data.token) {
+        cacheResponse(data.token);
+        const verified = await verifyLicenseJwt(data.token);
+        if (verified) return verified;
+      }
+      const limits = PLAN_LIMITS[data.plan] ?? PLAN_LIMITS.free;
+      return {
+        valid: data.valid,
+        plan: data.plan,
+        email: data.email,
+        expiresAt: data.expiresAt,
+        deviceLimit: limits.devices,
+        employeeLimit: limits.employees,
+        memoryLimit: limits.memories
+      };
+    }
+    const cached = await getCachedLicense();
+    if (cached) return cached;
+    const raw = getRawCachedPlan();
+    if (raw) return raw;
+    return { ...FREE_LICENSE, valid: false, plan: "free" };
   } catch {
-    return null;
+    const cached = await getCachedLicense();
+    if (cached) return cached;
+    const rawFallback = getRawCachedPlan();
+    if (rawFallback) return rawFallback;
+    return { ...FREE_LICENSE, valid: false, error: "offline" };
   }
 }
-function sessionScopeFilter(sessionScope, tableAlias) {
-  const scope = sessionScope !== void 0 ? sessionScope : getCurrentSessionScope();
-  if (!scope) return { sql: "", args: [] };
-  const col = tableAlias ? `${tableAlias}.session_scope` : "session_scope";
-  return {
-    sql: ` AND (${col} IS NULL OR ${col} = ?)`,
-    args: [scope]
-  };
-}
-var init_task_scope = __esm({
-  "src/lib/task-scope.ts"() {
-    "use strict";
-    init_tmux_routing();
-  }
-});
-
-// src/lib/exe-daemon-client.ts
-import net from "net";
-import { spawn } from "child_process";
-import { randomUUID as randomUUID3 } from "crypto";
-import { existsSync as existsSync10, unlinkSync as unlinkSync3, readFileSync as readFileSync8, openSync, closeSync, statSync } from "fs";
-import path11 from "path";
-import { fileURLToPath as fileURLToPath2 } from "url";
-function handleData(chunk) {
-  _buffer += chunk.toString();
-  if (_buffer.length > MAX_BUFFER) {
-    _buffer = "";
-    return;
-  }
-  let newlineIdx;
-  while ((newlineIdx = _buffer.indexOf("\n")) !== -1) {
-    const line = _buffer.slice(0, newlineIdx).trim();
-    _buffer = _buffer.slice(newlineIdx + 1);
-    if (!line) continue;
-    try {
-      const response = JSON.parse(line);
-      const entry = _pending.get(response.id);
-      if (entry) {
-        clearTimeout(entry.timer);
-        _pending.delete(response.id);
-        entry.resolve(response);
-      }
-    } catch {
-    }
+function getCacheAgeMs() {
+  try {
+    const { statSync: statSync2 } = __require("fs");
+    const s = statSync2(CACHE_PATH);
+    return Date.now() - s.mtimeMs;
+  } catch {
+    return Infinity;
   }
 }
-function cleanupStaleFiles() {
-  if (existsSync10(PID_PATH)) {
+async function checkLicense() {
+  let key = loadLicense();
+  if (!key) {
     try {
-      const pid = parseInt(readFileSync8(PID_PATH, "utf8").trim(), 10);
-      if (pid > 0) {
-        try {
-          process.kill(pid, 0);
-          return;
-        } catch {
+      const configPath = path9.join(EXE_AI_DIR, "config.json");
+      if (existsSync8(configPath)) {
+        const raw = JSON.parse(readFileSync6(configPath, "utf8"));
+        const cloud = raw.cloud;
+        if (cloud?.apiKey) {
+          key = cloud.apiKey;
+          saveLicense(key);
         }
       }
     } catch {
     }
-    try {
-      unlinkSync3(PID_PATH);
-    } catch {
-    }
-    try {
-      unlinkSync3(SOCKET_PATH);
-    } catch {
-    }
   }
+  if (!key) return FREE_LICENSE;
+  const cached = await getCachedLicense();
+  if (cached && getCacheAgeMs() < CACHE_MAX_AGE_MS) return cached;
+  const deviceId = loadDeviceId();
+  return validateLicense(key, deviceId);
 }
-function findPackageRoot() {
-  let dir = path11.dirname(fileURLToPath2(import.meta.url));
-  const { root } = path11.parse(dir);
-  while (dir !== root) {
-    if (existsSync10(path11.join(dir, "package.json"))) return dir;
-    dir = path11.dirname(dir);
+function isFeatureAllowed(license, feature) {
+  switch (feature) {
+    case "cloud_sync":
+    case "external_agents":
+    case "wiki":
+      return license.plan !== "free";
+    case "unlimited_employees":
+      return license.plan === "team" || license.plan === "agency" || license.plan === "enterprise";
   }
-  return null;
 }
-function spawnDaemon() {
-  const pkgRoot = findPackageRoot();
-  if (!pkgRoot) {
-    process.stderr.write("[exed-client] WARN: cannot find package root\n");
-    return;
+function mirrorLicenseKey(apiKey) {
+  const trimmed = apiKey.trim();
+  if (!trimmed) return;
+  saveLicense(trimmed);
+}
+async function assertVpsLicense(opts) {
+  const env = opts?.env ?? process.env;
+  const inProduction = env.NODE_ENV === "production";
+  if (!opts?.force && !inProduction) {
+    return { ...FREE_LICENSE, plan: "free" };
   }
-  const daemonPath = path11.join(pkgRoot, "dist", "lib", "exe-daemon.js");
-  if (!existsSync10(daemonPath)) {
-    process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
-`);
-    return;
+  const envKey = env.EXE_LICENSE_KEY?.trim();
+  if (envKey) {
+    saveLicense(envKey);
   }
-  const resolvedPath = daemonPath;
-  process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
-`);
-  const logPath = path11.join(path11.dirname(SOCKET_PATH), "exed.log");
-  let stderrFd = "ignore";
+  const apiKey = envKey ?? loadLicense();
+  if (!apiKey) {
+    throw new Error(
+      "License required: set EXE_LICENSE_KEY env var with your exe_sk_* key. Purchase at https://askexe.com. This VPS image refuses to boot without a valid license."
+    );
+  }
+  const deviceId = loadDeviceId();
+  let backendResponse = null;
+  let explicitRejection = false;
+  let transientFailure = false;
   try {
-    stderrFd = openSync(logPath, "a");
+    const res = await fetchRetry(`${API_BASE}/auth/activate`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ apiKey, deviceId }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (res.ok) {
+      backendResponse = await res.json();
+      if (!backendResponse.valid) explicitRejection = true;
+    } else if (res.status === 401 || res.status === 403) {
+      explicitRejection = true;
+    } else {
+      transientFailure = true;
+    }
   } catch {
+    transientFailure = true;
   }
-  const child = spawn(process.execPath, [resolvedPath], {
-    detached: true,
-    stdio: ["ignore", "ignore", stderrFd],
-    env: {
-      ...process.env,
-      TMUX: void 0,
-      // Daemon is global — must not inherit session scope
-      TMUX_PANE: void 0,
-      // Prevents resolveExeSession() from scoping to one session
-      EXE_DAEMON_SOCK: SOCKET_PATH,
-      EXE_DAEMON_PID: PID_PATH
-    }
-  });
-  child.unref();
-  if (typeof stderrFd === "number") {
-    try {
-      closeSync(stderrFd);
-    } catch {
+  if (backendResponse?.valid) {
+    if (backendResponse.token) {
+      cacheResponse(backendResponse.token);
+      const verified = await verifyLicenseJwt(backendResponse.token);
+      if (verified) return verified;
     }
+    const limits = PLAN_LIMITS[backendResponse.plan] ?? PLAN_LIMITS.free;
+    return {
+      valid: true,
+      plan: backendResponse.plan,
+      email: backendResponse.email,
+      expiresAt: backendResponse.expiresAt,
+      deviceLimit: limits.devices,
+      employeeLimit: limits.employees,
+      memoryLimit: limits.memories
+    };
+  }
+  if (explicitRejection) {
+    throw new Error(
+      `License invalid or expired. Renew at https://askexe.com, then restart. Backend rejected key ending in ...${apiKey.slice(-4)}.`
+    );
   }
-}
-function acquireSpawnLock() {
+  if (!transientFailure) {
+    throw new Error(
+      "License validation failed: unknown backend state. Restore network connectivity to https://askexe.com/cloud and retry."
+    );
+  }
+  const fresh = await getCachedLicense();
+  if (fresh && fresh.valid) return fresh;
+  const graceDays = opts?.offlineGraceDays ?? 7;
+  const graceMs = graceDays * 24 * 60 * 60 * 1e3;
   try {
-    const fd = openSync(SPAWN_LOCK_PATH, "wx");
-    closeSync(fd);
-    return true;
+    const token = readCachedToken();
+    if (token) {
+      const payloadB64 = token.split(".")[1];
+      if (payloadB64) {
+        const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
+        const expMs = (payload.exp ?? 0) * 1e3;
+        if (Date.now() < expMs + graceMs) {
+          const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
+          const { payload: verified } = await jwtVerify(token, key, {
+            algorithms: [LICENSE_JWT_ALG],
+            clockTolerance: graceDays * 24 * 60 * 60
+          });
+          const plan = verified.plan ?? "free";
+          const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
+          return {
+            valid: true,
+            plan,
+            email: verified.sub ?? "",
+            expiresAt: verified.exp ? new Date(verified.exp * 1e3).toISOString() : null,
+            deviceLimit: limits.devices,
+            employeeLimit: limits.employees,
+            memoryLimit: limits.memories
+          };
+        }
+      }
+    }
   } catch {
+  }
+  throw new Error(
+    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://askexe.com/cloud and retry. This VPS image refuses to boot after the offline grace window.`
+  );
+}
+function startLicenseRevalidation(intervalMs = 36e5) {
+  if (_revalTimer) return;
+  _revalTimer = setInterval(async () => {
     try {
-      const stat = statSync(SPAWN_LOCK_PATH);
-      if (Date.now() - stat.mtimeMs > SPAWN_LOCK_STALE_MS) {
-        try {
-          unlinkSync3(SPAWN_LOCK_PATH);
-        } catch {
-        }
-        try {
-          const fd = openSync(SPAWN_LOCK_PATH, "wx");
-          closeSync(fd);
-          return true;
-        } catch {
-        }
+      const license = await checkLicense();
+      if (!license.valid) {
+        process.stderr.write("[exe-os] License expired or invalid \u2014 features may be restricted\n");
       }
     } catch {
     }
-    return false;
+  }, intervalMs);
+  if (_revalTimer && typeof _revalTimer === "object" && "unref" in _revalTimer) {
+    _revalTimer.unref();
   }
 }
-function releaseSpawnLock() {
-  try {
-    unlinkSync3(SPAWN_LOCK_PATH);
-  } catch {
+function stopLicenseRevalidation() {
+  if (_revalTimer) {
+    clearInterval(_revalTimer);
+    _revalTimer = null;
   }
 }
-function connectToSocket() {
-  return new Promise((resolve) => {
-    if (_socket && _connected) {
-      resolve(true);
-      return;
-    }
-    const socket = net.createConnection({ path: SOCKET_PATH });
-    const connectTimeout = setTimeout(() => {
-      socket.destroy();
-      resolve(false);
-    }, 2e3);
-    socket.on("connect", () => {
-      clearTimeout(connectTimeout);
-      _socket = socket;
-      _connected = true;
-      _buffer = "";
-      socket.on("data", handleData);
-      socket.on("close", () => {
-        _connected = false;
-        _socket = null;
-        for (const [id, entry] of _pending) {
-          clearTimeout(entry.timer);
-          _pending.delete(id);
-          entry.resolve({ error: "Connection closed" });
-        }
-      });
-      socket.on("error", () => {
-        _connected = false;
-        _socket = null;
-      });
-      resolve(true);
-    });
-    socket.on("error", () => {
-      clearTimeout(connectTimeout);
-      resolve(false);
-    });
-  });
-}
-async function connectEmbedDaemon() {
-  if (_socket && _connected) return true;
-  if (await connectToSocket()) return true;
-  if (acquireSpawnLock()) {
-    try {
-      cleanupStaleFiles();
-      spawnDaemon();
-    } finally {
-      releaseSpawnLock();
-    }
+var LICENSE_PATH, CACHE_PATH, DEVICE_ID_PATH, API_BASE, RETRY_DELAY_MS, LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG, PLAN_LIMITS, FREE_LICENSE, CACHE_MAX_AGE_MS, _revalTimer;
+var init_license = __esm({
+  "src/lib/license.ts"() {
+    "use strict";
+    init_config();
+    LICENSE_PATH = path9.join(EXE_AI_DIR, "license.key");
+    CACHE_PATH = path9.join(EXE_AI_DIR, "license-cache.json");
+    DEVICE_ID_PATH = path9.join(EXE_AI_DIR, "device-id");
+    API_BASE = "https://askexe.com/cloud";
+    RETRY_DELAY_MS = 500;
+    LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
+4uj+UqeKCcvtgNHKmOK278HJaJcANe9xAeji8AFYu27q3WtzCi04pHudow==
+-----END PUBLIC KEY-----`;
+    LICENSE_JWT_ALG = "ES256";
+    PLAN_LIMITS = {
+      free: { devices: 1, employees: 1, memories: 5e3 },
+      pro: { devices: 3, employees: 5, memories: 1e5 },
+      team: { devices: 10, employees: 20, memories: 1e6 },
+      agency: { devices: 50, employees: 100, memories: 1e7 },
+      enterprise: { devices: -1, employees: -1, memories: -1 }
+    };
+    FREE_LICENSE = {
+      valid: true,
+      plan: "free",
+      email: "",
+      expiresAt: null,
+      deviceLimit: 1,
+      employeeLimit: 1,
+      memoryLimit: 5e3
+    };
+    CACHE_MAX_AGE_MS = 36e5;
+    _revalTimer = null;
   }
-  const start = Date.now();
-  let delay2 = 100;
-  while (Date.now() - start < CONNECT_TIMEOUT_MS) {
-    await new Promise((r) => setTimeout(r, delay2));
-    if (await connectToSocket()) return true;
-    delay2 = Math.min(delay2 * 2, 3e3);
+});
+
+// src/lib/plan-limits.ts
+var plan_limits_exports = {};
+__export(plan_limits_exports, {
+  PlanLimitError: () => PlanLimitError,
+  assertEmployeeLimit: () => assertEmployeeLimit,
+  assertEmployeeLimitSync: () => assertEmployeeLimitSync,
+  assertFeature: () => assertFeature,
+  assertMemoryLimit: () => assertMemoryLimit,
+  countActiveMemories: () => countActiveMemories,
+  getLicenseSync: () => getLicenseSync
+});
+import { readFileSync as readFileSync7, existsSync as existsSync9 } from "fs";
+import path10 from "path";
+function getLicenseSync() {
+  try {
+    if (!existsSync9(CACHE_PATH2)) return freeLicense();
+    const raw = JSON.parse(readFileSync7(CACHE_PATH2, "utf8"));
+    if (!raw.token || typeof raw.token !== "string") return freeLicense();
+    const parts = raw.token.split(".");
+    if (parts.length !== 3) return freeLicense();
+    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
+    const plan = payload.plan ?? "free";
+    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
+    return {
+      valid: true,
+      plan,
+      email: payload.sub ?? "",
+      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
+      deviceLimit: limits.devices,
+      employeeLimit: limits.employees,
+      memoryLimit: limits.memories
+    };
+  } catch {
+    return freeLicense();
   }
-  return false;
 }
-function sendRequest(texts, priority) {
-  return new Promise((resolve) => {
-    if (!_socket || !_connected) {
-      resolve({ error: "Not connected" });
-      return;
-    }
-    const id = randomUUID3();
-    const timer = setTimeout(() => {
-      _pending.delete(id);
-      resolve({ error: "Request timeout" });
-    }, REQUEST_TIMEOUT_MS);
-    _pending.set(id, { resolve, timer });
-    try {
-      _socket.write(JSON.stringify({ id, texts, priority }) + "\n");
-    } catch {
-      clearTimeout(timer);
-      _pending.delete(id);
-      resolve({ error: "Write failed" });
-    }
-  });
+function freeLicense() {
+  const limits = PLAN_LIMITS.free;
+  return {
+    valid: true,
+    plan: "free",
+    email: "",
+    expiresAt: null,
+    deviceLimit: limits.devices,
+    employeeLimit: limits.employees,
+    memoryLimit: limits.memories
+  };
 }
-async function pingDaemon() {
-  if (!_socket || !_connected) return null;
-  return new Promise((resolve) => {
-    const id = randomUUID3();
-    const timer = setTimeout(() => {
-      _pending.delete(id);
-      resolve(null);
-    }, 5e3);
-    _pending.set(id, {
-      resolve: (data) => {
-        if (data.health) {
-          resolve(data.health);
-        } else {
-          resolve(null);
-        }
-      },
-      timer
-    });
-    try {
-      _socket.write(JSON.stringify({ id, type: "health" }) + "\n");
-    } catch {
-      clearTimeout(timer);
-      _pending.delete(id);
-      resolve(null);
-    }
-  });
+async function countActiveMemories() {
+  if (!isInitialized()) return 0;
+  const client = getClient();
+  const result = await client.execute(
+    "SELECT COUNT(*) as cnt FROM memories WHERE status = 'active' OR status IS NULL"
+  );
+  const row = result.rows[0];
+  return Number(row?.cnt ?? 0);
 }
-function killAndRespawnDaemon() {
-  process.stderr.write("[exed-client] Killing daemon for restart...\n");
-  if (existsSync10(PID_PATH)) {
-    try {
-      const pid = parseInt(readFileSync8(PID_PATH, "utf8").trim(), 10);
-      if (pid > 0) {
-        try {
-          process.kill(pid, "SIGKILL");
-        } catch {
-        }
-      }
-    } catch {
-    }
+async function assertMemoryLimit() {
+  const license = await checkLicense();
+  if (license.memoryLimit < 0) return;
+  const count = await countActiveMemories();
+  if (count >= license.memoryLimit) {
+    throw new PlanLimitError(
+      `Memory limit reached: ${count}/${license.memoryLimit} active memories on the ${license.plan} plan. Upgrade at https://askexe.com to store more.`
+    );
   }
-  if (_socket) {
-    _socket.destroy();
-    _socket = null;
+}
+async function assertEmployeeLimit(license, rosterPath) {
+  const lic = license ?? await checkLicense();
+  if (lic.employeeLimit < 0) return;
+  const employees = await loadEmployees(rosterPath ?? EMPLOYEES_PATH);
+  if (employees.length >= lic.employeeLimit) {
+    throw new PlanLimitError(
+      `Employee limit reached: ${employees.length}/${lic.employeeLimit} employees on the ${lic.plan} plan. Upgrade at https://askexe.com to add more.`
+    );
   }
-  _connected = false;
-  _buffer = "";
+}
+function assertEmployeeLimitSync(rosterPath) {
+  const license = getLicenseSync();
+  if (license.employeeLimit < 0) return;
+  const filePath = rosterPath ?? EMPLOYEES_PATH;
+  let count = 0;
   try {
-    unlinkSync3(PID_PATH);
+    if (existsSync9(filePath)) {
+      const raw = readFileSync7(filePath, "utf8");
+      const employees = JSON.parse(raw);
+      count = Array.isArray(employees) ? employees.length : 0;
+    }
   } catch {
+    throw new PlanLimitError(
+      `Cannot verify employee count: roster unreadable at ${filePath}. Refusing to proceed. Check file permissions or upgrade plan.`
+    );
   }
-  try {
-    unlinkSync3(SOCKET_PATH);
-  } catch {
+  if (count >= license.employeeLimit) {
+    throw new PlanLimitError(
+      `Employee limit reached: ${count}/${license.employeeLimit} employees on the ${license.plan} plan. Upgrade at https://askexe.com to add more.`
+    );
   }
-  spawnDaemon();
 }
-async function embedViaClient(text, priority = "high") {
-  if (!_connected && !await connectEmbedDaemon()) return null;
-  _requestCount++;
-  if (_requestCount % HEALTH_CHECK_INTERVAL === 0) {
-    const health = await pingDaemon();
-    if (!health) {
-      process.stderr.write(`[exed-client] Periodic health check failed at request ${_requestCount} \u2014 restarting daemon
-`);
-      killAndRespawnDaemon();
-      const start = Date.now();
-      let delay2 = 200;
-      while (Date.now() - start < CONNECT_TIMEOUT_MS) {
-        await new Promise((r) => setTimeout(r, delay2));
-        if (await connectToSocket()) break;
-        delay2 = Math.min(delay2 * 2, 3e3);
+async function assertFeature(feature) {
+  const license = await checkLicense();
+  if (!isFeatureAllowed(license, feature)) {
+    throw new PlanLimitError(
+      `Feature "${feature}" requires a paid plan. Current plan: ${license.plan}. Upgrade at https://askexe.com.`
+    );
+  }
+}
+var PlanLimitError, CACHE_PATH2;
+var init_plan_limits = __esm({
+  "src/lib/plan-limits.ts"() {
+    "use strict";
+    init_database();
+    init_employees();
+    init_license();
+    init_config();
+    PlanLimitError = class extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "PlanLimitError";
       }
-      if (!_connected) return null;
-    }
+    };
+    CACHE_PATH2 = path10.join(EXE_AI_DIR, "license-cache.json");
   }
-  const result = await sendRequest([text], priority);
-  if (!result.error && result.vectors?.[0]) return result.vectors[0];
-  if (result.error) {
-    process.stderr.write(`[exed-client] Embed failed (${result.error}) \u2014 attempting restart
-`);
-    killAndRespawnDaemon();
-    const start = Date.now();
-    let delay2 = 200;
-    while (Date.now() - start < CONNECT_TIMEOUT_MS) {
-      await new Promise((r) => setTimeout(r, delay2));
-      if (await connectToSocket()) break;
-      delay2 = Math.min(delay2 * 2, 3e3);
+});
+
+// src/lib/tmux-routing.ts
+import { readFileSync as readFileSync8, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4, existsSync as existsSync10, appendFileSync } from "fs";
+import path11 from "path";
+import os7 from "os";
+import { fileURLToPath as fileURLToPath2 } from "url";
+function getMySession() {
+  return getTransport().getMySession();
+}
+function extractRootExe(name) {
+  if (!name) return null;
+  if (!name.includes("-")) return name;
+  const parts = name.split("-").filter(Boolean);
+  return parts.length > 0 ? parts[parts.length - 1] : null;
+}
+function getParentExe(sessionKey) {
+  try {
+    const data = JSON.parse(readFileSync8(path11.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`), "utf8"));
+    return data.parentExe || null;
+  } catch {
+    return null;
+  }
+}
+function resolveExeSession() {
+  const mySession = getMySession();
+  if (!mySession) return null;
+  try {
+    const key = getSessionKey();
+    const parentExe = getParentExe(key);
+    if (parentExe) {
+      return extractRootExe(parentExe) ?? parentExe;
     }
-    if (!_connected) return null;
-    const retry = await sendRequest([text], priority);
-    if (!retry.error && retry.vectors?.[0]) return retry.vectors[0];
-    process.stderr.write(`[exed-client] Embed retry also failed: ${retry.error ?? "no vector"}
-`);
+  } catch {
   }
-  return null;
+  return extractRootExe(mySession) ?? mySession;
 }
-function disconnectClient() {
-  if (_socket) {
-    _socket.destroy();
-    _socket = null;
+var SPAWN_LOCK_DIR, SESSION_CACHE, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
+var init_tmux_routing = __esm({
+  "src/lib/tmux-routing.ts"() {
+    "use strict";
+    init_session_registry();
+    init_session_key();
+    init_transport();
+    init_cc_agent_support();
+    init_mcp_prefix();
+    init_provider_table();
+    init_intercom_queue();
+    init_plan_limits();
+    init_employees();
+    SPAWN_LOCK_DIR = path11.join(os7.homedir(), ".exe-os", "spawn-locks");
+    SESSION_CACHE = path11.join(os7.homedir(), ".exe-os", "session-cache");
+    INTERCOM_LOG2 = path11.join(os7.homedir(), ".exe-os", "intercom.log");
+    DEBOUNCE_FILE = path11.join(SESSION_CACHE, "intercom-debounce.json");
+    DEBOUNCE_CLEANUP_AGE_MS = 5 * 60 * 1e3;
   }
-  _connected = false;
-  _buffer = "";
-  for (const [id, entry] of _pending) {
-    clearTimeout(entry.timer);
-    _pending.delete(id);
-    entry.resolve({ error: "Client disconnected" });
+});
+
+// src/lib/task-scope.ts
+function getCurrentSessionScope() {
+  try {
+    return resolveExeSession();
+  } catch {
+    return null;
   }
 }
-var SOCKET_PATH, PID_PATH, SPAWN_LOCK_PATH, SPAWN_LOCK_STALE_MS, CONNECT_TIMEOUT_MS, REQUEST_TIMEOUT_MS, _socket, _connected, _buffer, _requestCount, HEALTH_CHECK_INTERVAL, _pending, MAX_BUFFER;
-var init_exe_daemon_client = __esm({
-  "src/lib/exe-daemon-client.ts"() {
+function sessionScopeFilter(sessionScope, tableAlias) {
+  const scope = sessionScope !== void 0 ? sessionScope : getCurrentSessionScope();
+  if (!scope) return { sql: "", args: [] };
+  const col = tableAlias ? `${tableAlias}.session_scope` : "session_scope";
+  return {
+    sql: ` AND (${col} IS NULL OR ${col} = ?)`,
+    args: [scope]
+  };
+}
+var init_task_scope = __esm({
+  "src/lib/task-scope.ts"() {
     "use strict";
-    init_config();
-    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path11.join(EXE_AI_DIR, "exed.sock");
-    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path11.join(EXE_AI_DIR, "exed.pid");
-    SPAWN_LOCK_PATH = path11.join(EXE_AI_DIR, "exed-spawn.lock");
-    SPAWN_LOCK_STALE_MS = 3e4;
-    CONNECT_TIMEOUT_MS = 15e3;
-    REQUEST_TIMEOUT_MS = 3e4;
-    _socket = null;
-    _connected = false;
-    _buffer = "";
-    _requestCount = 0;
-    HEALTH_CHECK_INTERVAL = 100;
-    _pending = /* @__PURE__ */ new Map();
-    MAX_BUFFER = 1e7;
+    init_tmux_routing();
   }
 });
 
@@ -3146,10 +3445,10 @@ async function disposeEmbedder() {
 async function embedDirect(text) {
   const llamaCpp = await import("node-llama-cpp");
   const { MODELS_DIR: MODELS_DIR2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-  const { existsSync: existsSync14 } = await import("fs");
-  const path15 = await import("path");
-  const modelPath = path15.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
-  if (!existsSync14(modelPath)) {
+  const { existsSync: existsSync15 } = await import("fs");
+  const path16 = await import("path");
+  const modelPath = path16.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
+  if (!existsSync15(modelPath)) {
     throw new Error(`Embedding model not found at ${modelPath}. Run '/exe-setup' to download it.`);
   }
   const llama = await llamaCpp.getLlama();
@@ -3366,6 +3665,232 @@ var init_compress = __esm({
   }
 });
 
+// src/lib/crdt-sync.ts
+var crdt_sync_exports = {};
+__export(crdt_sync_exports, {
+  _setStatePath: () => _setStatePath,
+  applyRemoteUpdate: () => applyRemoteUpdate,
+  destroyCrdtDoc: () => destroyCrdtDoc,
+  getDiffUpdate: () => getDiffUpdate,
+  getFullState: () => getFullState,
+  getStateVector: () => getStateVector,
+  importExistingBehaviors: () => importExistingBehaviors,
+  importExistingMemories: () => importExistingMemories,
+  initCrdtDoc: () => initCrdtDoc,
+  isCrdtSyncEnabled: () => isCrdtSyncEnabled,
+  onUpdate: () => onUpdate,
+  readAllBehaviors: () => readAllBehaviors,
+  readAllMemories: () => readAllMemories,
+  rebuildFromDb: () => rebuildFromDb
+});
+import * as Y from "yjs";
+import { readFileSync as readFileSync9, writeFileSync as writeFileSync6, existsSync as existsSync12, mkdirSync as mkdirSync6, unlinkSync as unlinkSync5 } from "fs";
+import path13 from "path";
+import { homedir } from "os";
+function getStatePath() {
+  return _statePathOverride ?? DEFAULT_STATE_PATH;
+}
+function _setStatePath(p) {
+  _statePathOverride = p;
+}
+function initCrdtDoc() {
+  if (doc) return doc;
+  doc = new Y.Doc();
+  const sp = getStatePath();
+  if (existsSync12(sp)) {
+    try {
+      const state = readFileSync9(sp);
+      Y.applyUpdate(doc, new Uint8Array(state));
+    } catch {
+      console.warn("[crdt-sync] WARN: corrupted state file, rebuilding from DB");
+      try {
+        unlinkSync5(sp);
+      } catch {
+      }
+      rebuildFromDb().catch((err) => {
+        console.warn("[crdt-sync] rebuild from DB failed:", err);
+      });
+    }
+  }
+  doc.on("update", () => {
+    persistState();
+  });
+  return doc;
+}
+function getMemoriesMap() {
+  const d = initCrdtDoc();
+  return d.getMap("memories");
+}
+function getBehaviorsMap() {
+  const d = initCrdtDoc();
+  return d.getMap("behaviors");
+}
+function applyRemoteUpdate(update) {
+  const d = initCrdtDoc();
+  Y.applyUpdate(d, update);
+}
+function getFullState() {
+  const d = initCrdtDoc();
+  return Y.encodeStateAsUpdate(d);
+}
+function getDiffUpdate(remoteStateVector) {
+  const d = initCrdtDoc();
+  return Y.encodeStateAsUpdate(d, remoteStateVector);
+}
+function getStateVector() {
+  const d = initCrdtDoc();
+  return Y.encodeStateVector(d);
+}
+function importExistingMemories(memories) {
+  const map = getMemoriesMap();
+  const d = initCrdtDoc();
+  let imported = 0;
+  d.transact(() => {
+    for (const mem of memories) {
+      if (!mem.id) continue;
+      if (map.has(mem.id)) continue;
+      const entry = new Y.Map();
+      entry.set("id", mem.id);
+      entry.set("agent_id", mem.agent_id ?? null);
+      entry.set("agent_role", mem.agent_role ?? null);
+      entry.set("session_id", mem.session_id ?? null);
+      entry.set("timestamp", mem.timestamp ?? null);
+      entry.set("tool_name", mem.tool_name ?? null);
+      entry.set("project_name", mem.project_name ?? null);
+      entry.set("has_error", mem.has_error ?? 0);
+      entry.set("raw_text", mem.raw_text ?? "");
+      entry.set("version", mem.version ?? 0);
+      entry.set("author_device_id", mem.author_device_id ?? null);
+      entry.set("scope", mem.scope ?? "business");
+      map.set(mem.id, entry);
+      imported++;
+    }
+  });
+  return imported;
+}
+function importExistingBehaviors(behaviors) {
+  const map = getBehaviorsMap();
+  const d = initCrdtDoc();
+  let imported = 0;
+  d.transact(() => {
+    for (const beh of behaviors) {
+      if (!beh.id) continue;
+      if (map.has(beh.id)) continue;
+      const entry = new Y.Map();
+      entry.set("id", beh.id);
+      entry.set("agent_id", beh.agent_id ?? null);
+      entry.set("project_name", beh.project_name ?? null);
+      entry.set("domain", beh.domain ?? null);
+      entry.set("content", beh.content ?? null);
+      entry.set("active", beh.active ?? 1);
+      entry.set("priority", beh.priority ?? "p1");
+      entry.set("created_at", beh.created_at ?? null);
+      entry.set("updated_at", beh.updated_at ?? null);
+      map.set(beh.id, entry);
+      imported++;
+    }
+  });
+  return imported;
+}
+function readAllMemories() {
+  const map = getMemoriesMap();
+  const records = [];
+  map.forEach((entry, id) => {
+    records.push({
+      id,
+      agent_id: entry.get("agent_id"),
+      agent_role: entry.get("agent_role"),
+      session_id: entry.get("session_id"),
+      timestamp: entry.get("timestamp"),
+      tool_name: entry.get("tool_name"),
+      project_name: entry.get("project_name"),
+      has_error: entry.get("has_error"),
+      raw_text: entry.get("raw_text"),
+      version: entry.get("version"),
+      author_device_id: entry.get("author_device_id"),
+      scope: entry.get("scope")
+    });
+  });
+  return records;
+}
+function readAllBehaviors() {
+  const map = getBehaviorsMap();
+  const records = [];
+  map.forEach((entry, id) => {
+    records.push({
+      id,
+      agent_id: entry.get("agent_id"),
+      project_name: entry.get("project_name"),
+      domain: entry.get("domain"),
+      content: entry.get("content"),
+      active: entry.get("active"),
+      priority: entry.get("priority"),
+      created_at: entry.get("created_at"),
+      updated_at: entry.get("updated_at")
+    });
+  });
+  return records;
+}
+function onUpdate(callback) {
+  const d = initCrdtDoc();
+  const handler = (update) => callback(update);
+  d.on("update", handler);
+  return () => d.off("update", handler);
+}
+function persistState() {
+  if (!doc) return;
+  try {
+    const sp = getStatePath();
+    const dir = path13.dirname(sp);
+    if (!existsSync12(dir)) mkdirSync6(dir, { recursive: true });
+    const state = Y.encodeStateAsUpdate(doc);
+    writeFileSync6(sp, Buffer.from(state));
+  } catch {
+  }
+}
+function isCrdtSyncEnabled() {
+  return process.env.EXE_CRDT_SYNC !== "0";
+}
+async function rebuildFromDb() {
+  const { getClient: getClient2 } = await Promise.resolve().then(() => (init_database(), database_exports));
+  const client = getClient2();
+  const result = await client.execute(
+    "SELECT id, agent_id, agent_role, session_id, timestamp, tool_name, project_name, has_error, raw_text, version, author_device_id, scope FROM memories"
+  );
+  const memories = result.rows.map((row) => ({
+    id: String(row.id),
+    agent_id: row.agent_id,
+    agent_role: row.agent_role,
+    session_id: row.session_id,
+    timestamp: row.timestamp,
+    tool_name: row.tool_name,
+    project_name: row.project_name,
+    has_error: row.has_error,
+    raw_text: row.raw_text,
+    version: row.version,
+    author_device_id: row.author_device_id,
+    scope: row.scope
+  }));
+  const count = importExistingMemories(memories);
+  persistState();
+  return count;
+}
+function destroyCrdtDoc() {
+  if (doc) {
+    doc.destroy();
+    doc = null;
+  }
+}
+var DEFAULT_STATE_PATH, _statePathOverride, doc;
+var init_crdt_sync = __esm({
+  "src/lib/crdt-sync.ts"() {
+    "use strict";
+    DEFAULT_STATE_PATH = path13.join(homedir(), ".exe-os", "crdt-state.bin");
+    _statePathOverride = null;
+    doc = null;
+  }
+});
+
 // src/lib/cloud-sync.ts
 var cloud_sync_exports = {};
 __export(cloud_sync_exports, {
@@ -3394,16 +3919,16 @@ __export(cloud_sync_exports, {
   mergeRosterFromRemote: () => mergeRosterFromRemote,
   recordRosterDeletion: () => recordRosterDeletion
 });
-import { readFileSync as readFileSync9, writeFileSync as writeFileSync6, existsSync as existsSync12, readdirSync as readdirSync4, mkdirSync as mkdirSync6, appendFileSync as appendFileSync2, unlinkSync as unlinkSync5, openSync as openSync2, closeSync as closeSync2 } from "fs";
+import { readFileSync as readFileSync10, writeFileSync as writeFileSync7, existsSync as existsSync13, readdirSync as readdirSync4, mkdirSync as mkdirSync7, appendFileSync as appendFileSync2, unlinkSync as unlinkSync6, openSync as openSync2, closeSync as closeSync2 } from "fs";
 import crypto3 from "crypto";
-import path13 from "path";
-import { homedir } from "os";
+import path14 from "path";
+import { homedir as homedir2 } from "os";
 function sqlSafe(v) {
   return v === void 0 ? null : v;
 }
 function logError(msg) {
   try {
-    const logPath = path13.join(homedir(), ".exe-os", "workers.log");
+    const logPath = path14.join(homedir2(), ".exe-os", "workers.log");
     appendFileSync2(logPath, `${(/* @__PURE__ */ new Date()).toISOString()} ${msg}
 `);
   } catch {
@@ -3413,18 +3938,18 @@ async function withRosterLock(fn) {
   try {
     const fd = openSync2(ROSTER_LOCK_PATH, "wx");
     closeSync2(fd);
-    writeFileSync6(ROSTER_LOCK_PATH, String(Date.now()));
+    writeFileSync7(ROSTER_LOCK_PATH, String(Date.now()));
   } catch (err) {
     if (err.code === "EEXIST") {
       try {
-        const ts = parseInt(readFileSync9(ROSTER_LOCK_PATH, "utf-8"), 10);
+        const ts = parseInt(readFileSync10(ROSTER_LOCK_PATH, "utf-8"), 10);
         if (Date.now() - ts < LOCK_STALE_MS) {
           throw new Error("Roster merge already in progress \u2014 another sync is running");
         }
-        unlinkSync5(ROSTER_LOCK_PATH);
+        unlinkSync6(ROSTER_LOCK_PATH);
         const fd = openSync2(ROSTER_LOCK_PATH, "wx");
         closeSync2(fd);
-        writeFileSync6(ROSTER_LOCK_PATH, String(Date.now()));
+        writeFileSync7(ROSTER_LOCK_PATH, String(Date.now()));
       } catch (retryErr) {
         if (retryErr instanceof Error && retryErr.message.includes("already in progress")) throw retryErr;
         throw new Error("Roster merge already in progress \u2014 another sync is running");
@@ -3437,7 +3962,7 @@ async function withRosterLock(fn) {
     return await fn();
   } finally {
     try {
-      unlinkSync5(ROSTER_LOCK_PATH);
+      unlinkSync6(ROSTER_LOCK_PATH);
     } catch {
     }
   }
@@ -3582,29 +4107,75 @@ async function cloudSync(config) {
   const pullResult = await cloudPull(lastPullVersion, config);
   let pulled = 0;
   if (pullResult.records.length > 0) {
-    const stmts = pullResult.records.map((rec) => ({
-      sql: `INSERT OR REPLACE INTO memories
-            (id, agent_id, agent_role, session_id, timestamp,
-             tool_name, project_name, has_error, raw_text, version,
-             author_device_id, scope)
-            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
-      args: [
-        sqlSafe(rec.id),
-        sqlSafe(rec.agent_id),
-        sqlSafe(rec.agent_role),
-        sqlSafe(rec.session_id),
-        sqlSafe(rec.timestamp),
-        sqlSafe(rec.tool_name),
-        sqlSafe(rec.project_name),
-        sqlSafe(rec.has_error ?? 0),
-        sqlSafe(rec.raw_text ?? ""),
-        sqlSafe(rec.version ?? 0),
-        sqlSafe(rec.author_device_id),
-        sqlSafe(rec.scope ?? "business")
-      ]
-    }));
-    await client.batch(stmts, "write");
-    pulled = pullResult.records.length;
+    if (isCrdtSyncEnabled()) {
+      const { initCrdtDoc: initCrdtDoc2, importExistingMemories: importExistingMemories2, readAllMemories: readAllMemories2 } = await Promise.resolve().then(() => (init_crdt_sync(), crdt_sync_exports));
+      initCrdtDoc2();
+      importExistingMemories2(
+        pullResult.records.map((rec) => ({
+          id: String(rec.id ?? ""),
+          agent_id: rec.agent_id,
+          agent_role: rec.agent_role,
+          session_id: rec.session_id,
+          timestamp: rec.timestamp,
+          tool_name: rec.tool_name,
+          project_name: rec.project_name,
+          has_error: rec.has_error ?? 0,
+          raw_text: rec.raw_text ?? "",
+          version: rec.version ?? 0,
+          author_device_id: rec.author_device_id,
+          scope: rec.scope ?? "business"
+        }))
+      );
+      const pulledIds = new Set(pullResult.records.map((r) => String(r.id ?? "")));
+      const merged = readAllMemories2().filter((rec) => pulledIds.has(rec.id));
+      const stmts = merged.map((rec) => ({
+        sql: `INSERT OR REPLACE INTO memories
+              (id, agent_id, agent_role, session_id, timestamp,
+               tool_name, project_name, has_error, raw_text, version,
+               author_device_id, scope)
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+        args: [
+          sqlSafe(rec.id),
+          sqlSafe(rec.agent_id),
+          sqlSafe(rec.agent_role),
+          sqlSafe(rec.session_id),
+          sqlSafe(rec.timestamp),
+          sqlSafe(rec.tool_name),
+          sqlSafe(rec.project_name),
+          sqlSafe(rec.has_error ?? 0),
+          sqlSafe(rec.raw_text ?? ""),
+          sqlSafe(rec.version ?? 0),
+          sqlSafe(rec.author_device_id),
+          sqlSafe(rec.scope ?? "business")
+        ]
+      }));
+      if (stmts.length > 0) await client.batch(stmts, "write");
+      pulled = pullResult.records.length;
+    } else {
+      const stmts = pullResult.records.map((rec) => ({
+        sql: `INSERT OR REPLACE INTO memories
+              (id, agent_id, agent_role, session_id, timestamp,
+               tool_name, project_name, has_error, raw_text, version,
+               author_device_id, scope)
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+        args: [
+          sqlSafe(rec.id),
+          sqlSafe(rec.agent_id),
+          sqlSafe(rec.agent_role),
+          sqlSafe(rec.session_id),
+          sqlSafe(rec.timestamp),
+          sqlSafe(rec.tool_name),
+          sqlSafe(rec.project_name),
+          sqlSafe(rec.has_error ?? 0),
+          sqlSafe(rec.raw_text ?? ""),
+          sqlSafe(rec.version ?? 0),
+          sqlSafe(rec.author_device_id),
+          sqlSafe(rec.scope ?? "business")
+        ]
+      }));
+      await client.batch(stmts, "write");
+      pulled = pullResult.records.length;
+    }
   }
   if (pullResult.maxVersion > lastPullVersion) {
     await client.execute({
@@ -3752,8 +4323,8 @@ async function cloudSync(config) {
   try {
     const employees = await loadEmployees();
     rosterResult.employees = employees.length;
-    const idDir = path13.join(EXE_AI_DIR, "identity");
-    if (existsSync12(idDir)) {
+    const idDir = path14.join(EXE_AI_DIR, "identity");
+    if (existsSync13(idDir)) {
       rosterResult.identities = readdirSync4(idDir).filter((f) => f.endsWith(".md")).length;
     }
   } catch {
@@ -3774,48 +4345,48 @@ async function cloudSync(config) {
 function recordRosterDeletion(name) {
   let deletions = [];
   try {
-    if (existsSync12(ROSTER_DELETIONS_PATH)) {
-      deletions = JSON.parse(readFileSync9(ROSTER_DELETIONS_PATH, "utf-8"));
+    if (existsSync13(ROSTER_DELETIONS_PATH)) {
+      deletions = JSON.parse(readFileSync10(ROSTER_DELETIONS_PATH, "utf-8"));
     }
   } catch {
   }
   if (!deletions.includes(name)) deletions.push(name);
-  writeFileSync6(ROSTER_DELETIONS_PATH, JSON.stringify(deletions));
+  writeFileSync7(ROSTER_DELETIONS_PATH, JSON.stringify(deletions));
 }
 function consumeRosterDeletions() {
   try {
-    if (!existsSync12(ROSTER_DELETIONS_PATH)) return [];
-    const deletions = JSON.parse(readFileSync9(ROSTER_DELETIONS_PATH, "utf-8"));
-    writeFileSync6(ROSTER_DELETIONS_PATH, "[]");
+    if (!existsSync13(ROSTER_DELETIONS_PATH)) return [];
+    const deletions = JSON.parse(readFileSync10(ROSTER_DELETIONS_PATH, "utf-8"));
+    writeFileSync7(ROSTER_DELETIONS_PATH, "[]");
     return deletions;
   } catch {
     return [];
   }
 }
 function buildRosterBlob(paths) {
-  const rosterPath = paths?.rosterPath ?? path13.join(EXE_AI_DIR, "exe-employees.json");
-  const identityDir = paths?.identityDir ?? path13.join(EXE_AI_DIR, "identity");
-  const configPath = paths?.configPath ?? path13.join(EXE_AI_DIR, "config.json");
+  const rosterPath = paths?.rosterPath ?? path14.join(EXE_AI_DIR, "exe-employees.json");
+  const identityDir = paths?.identityDir ?? path14.join(EXE_AI_DIR, "identity");
+  const configPath = paths?.configPath ?? path14.join(EXE_AI_DIR, "config.json");
   let roster = [];
-  if (existsSync12(rosterPath)) {
+  if (existsSync13(rosterPath)) {
     try {
-      roster = JSON.parse(readFileSync9(rosterPath, "utf-8"));
+      roster = JSON.parse(readFileSync10(rosterPath, "utf-8"));
     } catch {
     }
   }
   const identities = {};
-  if (existsSync12(identityDir)) {
+  if (existsSync13(identityDir)) {
     for (const file of readdirSync4(identityDir).filter((f) => f.endsWith(".md"))) {
       try {
-        identities[file] = readFileSync9(path13.join(identityDir, file), "utf-8");
+        identities[file] = readFileSync10(path14.join(identityDir, file), "utf-8");
       } catch {
       }
     }
   }
   let config;
-  if (existsSync12(configPath)) {
+  if (existsSync13(configPath)) {
     try {
-      config = JSON.parse(readFileSync9(configPath, "utf-8"));
+      config = JSON.parse(readFileSync10(configPath, "utf-8"));
     } catch {
     }
   }
@@ -3891,23 +4462,23 @@ async function cloudPullRoster(config) {
   }
 }
 function mergeConfig(remoteConfig, configPath) {
-  const cfgPath = configPath ?? path13.join(EXE_AI_DIR, "config.json");
+  const cfgPath = configPath ?? path14.join(EXE_AI_DIR, "config.json");
   let local = {};
-  if (existsSync12(cfgPath)) {
+  if (existsSync13(cfgPath)) {
     try {
-      local = JSON.parse(readFileSync9(cfgPath, "utf-8"));
+      local = JSON.parse(readFileSync10(cfgPath, "utf-8"));
     } catch {
     }
   }
   const merged = { ...remoteConfig, ...local };
-  const dir = path13.dirname(cfgPath);
-  if (!existsSync12(dir)) mkdirSync6(dir, { recursive: true });
-  writeFileSync6(cfgPath, JSON.stringify(merged, null, 2), "utf-8");
+  const dir = path14.dirname(cfgPath);
+  if (!existsSync13(dir)) mkdirSync7(dir, { recursive: true });
+  writeFileSync7(cfgPath, JSON.stringify(merged, null, 2), "utf-8");
 }
 async function mergeRosterFromRemote(remote, paths) {
   return withRosterLock(async () => {
     const rosterPath = paths?.rosterPath ?? void 0;
-    const identityDir = paths?.identityDir ?? path13.join(EXE_AI_DIR, "identity");
+    const identityDir = paths?.identityDir ?? path14.join(EXE_AI_DIR, "identity");
     const localEmployees = await loadEmployees(rosterPath);
     const localNames = new Set(localEmployees.map((e) => e.name));
     let added = 0;
@@ -3928,15 +4499,15 @@ async function mergeRosterFromRemote(remote, paths) {
       ) ?? lookupKey;
       const remoteIdentity = remote.identities[matchedKey];
       if (remoteIdentity) {
-        if (!existsSync12(identityDir)) mkdirSync6(identityDir, { recursive: true });
-        const idPath = path13.join(identityDir, `${remoteEmp.name}.md`);
+        if (!existsSync13(identityDir)) mkdirSync7(identityDir, { recursive: true });
+        const idPath = path14.join(identityDir, `${remoteEmp.name}.md`);
         let localIdentity = null;
         try {
-          localIdentity = existsSync12(idPath) ? readFileSync9(idPath, "utf-8") : null;
+          localIdentity = existsSync13(idPath) ? readFileSync10(idPath, "utf-8") : null;
         } catch {
         }
         if (localIdentity !== remoteIdentity) {
-          writeFileSync6(idPath, remoteIdentity, "utf-8");
+          writeFileSync7(idPath, remoteIdentity, "utf-8");
           identitiesUpdated++;
         }
       }
@@ -4389,13 +4960,14 @@ var init_cloud_sync = __esm({
     init_compress();
     init_license();
     init_config();
+    init_crdt_sync();
     init_employees();
     LOCALHOST_PATTERNS = /^(localhost|127\.0\.0\.1|\[::1\])$/i;
     FETCH_TIMEOUT_MS = 3e4;
     PUSH_BATCH_SIZE = 5e3;
-    ROSTER_LOCK_PATH = path13.join(EXE_AI_DIR, "roster-merge.lock");
+    ROSTER_LOCK_PATH = path14.join(EXE_AI_DIR, "roster-merge.lock");
     LOCK_STALE_MS = 3e4;
-    ROSTER_DELETIONS_PATH = path13.join(EXE_AI_DIR, "roster-deletions.json");
+    ROSTER_DELETIONS_PATH = path14.join(EXE_AI_DIR, "roster-deletions.json");
   }
 });
 
@@ -4405,6 +4977,7 @@ init_database();
 init_keychain();
 init_config();
 init_state_bus();
+import { createHash } from "crypto";
 var INIT_MAX_RETRIES = 3;
 var INIT_RETRY_DELAY_MS = 1e3;
 function isBusyError2(err) {
@@ -4486,12 +5059,52 @@ function classifyTier(record) {
   if (["store_memory", "manual"].includes(record.tool_name ?? "") && (record.importance ?? 0) >= 5) return 2;
   return 3;
 }
+function inferFilePaths(record) {
+  if (!["Read", "Write", "Edit"].includes(record.tool_name)) return null;
+  const firstLine = record.raw_text.split("\n")[0] ?? "";
+  const match = firstLine.match(/(\/[\w./-]+\.\w+)/);
+  return match ? JSON.stringify([match[1]]) : null;
+}
+function inferCommitHash(record) {
+  if (record.tool_name !== "Bash") return null;
+  const match = record.raw_text.match(/\b([a-f0-9]{7,40})\b/);
+  return match ? match[1] : null;
+}
+function inferLanguageType(record) {
+  const text = record.raw_text;
+  if (!text || text.length < 10) return null;
+  const trimmed = text.trimStart();
+  if (trimmed.startsWith("{") || trimmed.startsWith("[")) return "json";
+  if (/\b(SELECT|INSERT|UPDATE|DELETE|CREATE TABLE|ALTER TABLE)\b/i.test(text)) return "sql";
+  if (/\b(function |const |import |export |class |def |async |=>)\b/.test(text)) return "code";
+  if (trimmed.startsWith("#") || trimmed.startsWith("*")) return "prose";
+  return "mixed";
+}
+function inferDomain(record) {
+  const proj = (record.project_name ?? "").toLowerCase();
+  if (proj.includes("marketing") || proj.includes("content")) return "marketing";
+  if (proj.includes("crm") || proj.includes("customer")) return "customer";
+  return null;
+}
 async function writeMemory(record) {
   if (record.vector !== null && record.vector.length !== EMBEDDING_DIM) {
     throw new Error(
       `Expected ${EMBEDDING_DIM}-dim vector, got ${record.vector.length}`
     );
   }
+  const contentHash = createHash("md5").update(record.raw_text).digest("hex");
+  if (_pendingRecords.some((r) => r.content_hash === contentHash && r.agent_id === record.agent_id)) {
+    return;
+  }
+  try {
+    const client = getClient();
+    const existing = await client.execute({
+      sql: "SELECT id FROM memories WHERE content_hash = ? AND agent_id = ? LIMIT 1",
+      args: [contentHash, record.agent_id]
+    });
+    if (existing.rows.length > 0) return;
+  } catch {
+  }
   const dbRow = {
     id: record.id,
     agent_id: record.agent_id,
@@ -4521,7 +5134,23 @@ async function writeMemory(record) {
     supersedes_id: record.supersedes_id ?? null,
     draft: record.draft ? 1 : 0,
     memory_type: record.memory_type ?? "raw",
-    trajectory: record.trajectory ? JSON.stringify(record.trajectory) : null
+    trajectory: record.trajectory ? JSON.stringify(record.trajectory) : null,
+    content_hash: contentHash,
+    intent: record.intent ?? null,
+    outcome: record.outcome ?? null,
+    domain: record.domain ?? inferDomain(record),
+    referenced_entities: record.referenced_entities ?? null,
+    retrieval_count: record.retrieval_count ?? 0,
+    chain_position: record.chain_position ?? null,
+    review_status: record.review_status ?? null,
+    context_window_pct: record.context_window_pct ?? null,
+    file_paths: record.file_paths ?? inferFilePaths(record),
+    commit_hash: record.commit_hash ?? inferCommitHash(record),
+    duration_ms: record.duration_ms ?? null,
+    token_cost: record.token_cost ?? null,
+    audience: record.audience ?? null,
+    language_type: record.language_type ?? inferLanguageType(record),
+    parent_memory_id: record.parent_memory_id ?? null
   };
   _pendingRecords.push(dbRow);
   orgBus.emit({
@@ -4579,80 +5208,85 @@ async function flushBatch() {
       const draft = row.draft ? 1 : 0;
       const memoryType = row.memory_type ?? "raw";
       const trajectory = row.trajectory ?? null;
-      return {
-        sql: hasVector ? `INSERT OR IGNORE INTO memories
-              (id, agent_id, agent_role, session_id, timestamp,
+      const contentHash = row.content_hash ?? null;
+      const intent = row.intent ?? null;
+      const outcome = row.outcome ?? null;
+      const domain = row.domain ?? null;
+      const referencedEntities = row.referenced_entities ?? null;
+      const retrievalCount = row.retrieval_count ?? 0;
+      const chainPosition = row.chain_position ?? null;
+      const reviewStatus = row.review_status ?? null;
+      const contextWindowPct = row.context_window_pct ?? null;
+      const filePaths = row.file_paths ?? null;
+      const commitHash = row.commit_hash ?? null;
+      const durationMs = row.duration_ms ?? null;
+      const tokenCost = row.token_cost ?? null;
+      const audience = row.audience ?? null;
+      const languageType = row.language_type ?? null;
+      const parentMemoryId = row.parent_memory_id ?? null;
+      const cols = `id, agent_id, agent_role, session_id, timestamp,
                tool_name, project_name,
                has_error, raw_text, vector, version, task_id, importance, status,
                confidence, last_accessed,
                workspace_id, document_id, user_id, char_offset, page_number,
-               source_path, source_type, tier, supersedes_id, draft, memory_type, trajectory)
-              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, vector32(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` : `INSERT OR IGNORE INTO memories
-              (id, agent_id, agent_role, session_id, timestamp,
-               tool_name, project_name,
-               has_error, raw_text, vector, version, task_id, importance, status,
-               confidence, last_accessed,
-               workspace_id, document_id, user_id, char_offset, page_number,
-               source_path, source_type, tier, supersedes_id, draft, memory_type, trajectory)
-              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
-        args: hasVector ? [
-          row.id,
-          row.agent_id,
-          row.agent_role,
-          row.session_id,
-          row.timestamp,
-          row.tool_name,
-          row.project_name,
-          row.has_error,
-          row.raw_text,
-          vectorToBlob(row.vector),
-          row.version,
-          taskId,
-          importance,
-          status,
-          confidence,
-          lastAccessed,
-          workspaceId,
-          documentId,
-          userId,
-          charOffset,
-          pageNumber,
-          sourcePath,
-          sourceType,
-          tier,
-          supersedesId,
-          draft,
-          memoryType,
-          trajectory
-        ] : [
-          row.id,
-          row.agent_id,
-          row.agent_role,
-          row.session_id,
-          row.timestamp,
-          row.tool_name,
-          row.project_name,
-          row.has_error,
-          row.raw_text,
-          row.version,
-          taskId,
-          importance,
-          status,
-          confidence,
-          lastAccessed,
-          workspaceId,
-          documentId,
-          userId,
-          charOffset,
-          pageNumber,
-          sourcePath,
-          sourceType,
-          tier,
-          supersedesId,
-          draft,
-          memoryType,
-          trajectory
-        ]
+               source_path, source_type, tier, supersedes_id, draft, memory_type, trajectory, content_hash,
+               intent, outcome, domain, referenced_entities, retrieval_count,
+               chain_position, review_status, context_window_pct, file_paths, commit_hash,
+               duration_ms, token_cost, audience, language_type, parent_memory_id`;
+      const metaArgs = [
+        intent,
+        outcome,
+        domain,
+        referencedEntities,
+        retrievalCount,
+        chainPosition,
+        reviewStatus,
+        contextWindowPct,
+        filePaths,
+        commitHash,
+        durationMs,
+        tokenCost,
+        audience,
+        languageType,
+        parentMemoryId
+      ];
+      const baseArgs = [
+        row.id,
+        row.agent_id,
+        row.agent_role,
+        row.session_id,
+        row.timestamp,
+        row.tool_name,
+        row.project_name,
+        row.has_error,
+        row.raw_text
+      ];
+      const sharedArgs = [
+        row.version,
+        taskId,
+        importance,
+        status,
+        confidence,
+        lastAccessed,
+        workspaceId,
+        documentId,
+        userId,
+        charOffset,
+        pageNumber,
+        sourcePath,
+        sourceType,
+        tier,
+        supersedesId,
+        draft,
+        memoryType,
+        trajectory,
+        contentHash
+      ];
+      return {
+        sql: hasVector ? `INSERT OR IGNORE INTO memories (${cols})
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, vector32(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` : `INSERT OR IGNORE INTO memories (${cols})
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+        args: hasVector ? [...baseArgs, vectorToBlob(row.vector), ...sharedArgs, ...metaArgs] : [...baseArgs, ...sharedArgs, ...metaArgs]
       };
     };
     const globalClient = getClient();
@@ -4700,8 +5334,8 @@ init_task_scope();
 init_employees();
 import crypto4 from "crypto";
 import { execSync as execSync4 } from "child_process";
-import { existsSync as existsSync13, mkdirSync as mkdirSync7, openSync as openSync3, closeSync as closeSync3 } from "fs";
-import path14 from "path";
+import { existsSync as existsSync14, mkdirSync as mkdirSync8, openSync as openSync3, closeSync as closeSync3 } from "fs";
+import path15 from "path";
 async function main() {
   const agentId = process.env.AGENT_ID ?? "default";
   const agentRole = process.env.AGENT_ROLE ?? "employee";
@@ -4836,8 +5470,8 @@ async function main() {
     }
     try {
       const { EXE_AI_DIR: EXE_AI_DIR2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-      const flagPath = path14.join(EXE_AI_DIR2, "session-cache", "needs-backfill");
-      if (existsSync13(flagPath)) {
+      const flagPath = path15.join(EXE_AI_DIR2, "session-cache", "needs-backfill");
+      if (existsSync14(flagPath)) {
         const { tryAcquireWorkerSlot: tryAcquireWorkerSlot2, registerWorkerPid: registerWorkerPid2 } = await Promise.resolve().then(() => (init_worker_gate(), worker_gate_exports));
         if (!tryAcquireWorkerSlot2()) {
           process.stderr.write("[summary-worker] Backfill needed but worker gate full \u2014 skipping\n");
@@ -4845,11 +5479,11 @@ async function main() {
           const { spawn: spawn2 } = await import("child_process");
           const { fileURLToPath: fileURLToPath3 } = await import("url");
           const thisFile = fileURLToPath3(import.meta.url);
-          const backfillPath = path14.resolve(path14.dirname(thisFile), "backfill-vectors.js");
-          if (existsSync13(backfillPath)) {
+          const backfillPath = path15.resolve(path15.dirname(thisFile), "backfill-vectors.js");
+          if (existsSync14(backfillPath)) {
             const { EXE_AI_DIR: exeDir2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-            const bLogPath = path14.join(exeDir2, "workers.log");
-            mkdirSync7(path14.dirname(bLogPath), { recursive: true });
+            const bLogPath = path15.join(exeDir2, "workers.log");
+            mkdirSync8(path15.dirname(bLogPath), { recursive: true });
             const bLogFd = openSync3(bLogPath, "a");
             const child = spawn2(process.execPath, [backfillPath], {
               detached: true,