@askexenow/exe-os 0.9.111 → 0.9.113

package/README.md

@@ -1,6 +1,6 @@
 # Exe OS
 
-![npm version](https://img.shields.io/npm/v/@askexenow/exe-os.svg) ![License: CC-BY-NC-4.0](https://img.shields.io/badge/license-CC--BY--NC--4.0-blue.svg) ![Node.js](https://img.shields.io/badge/node-%3E%3D20.0.0-brightgreen.svg)
+![npm version](https://img.shields.io/npm/v/@askexenow/exe-os.svg) ![License: AGPL-3.0](https://img.shields.io/badge/license-AGPL--3.0-blue.svg) ![Node.js](https://img.shields.io/badge/node-%3E%3D20.0.0-brightgreen.svg)
 
 **Hire the team you couldn't afford.** AI employee operating system with persistent memory, identity, and multi-agent orchestration.
 
@@ -51,9 +51,10 @@ Best for: managing multiple projects and employees.
 | Feature | What it does |
 |---------|-------------|
 | **Persistent memory** | Every interaction stored in encrypted SQLCipher + vector search. Searchable across sessions. |
-| **Three-layer cognition** | Identity (who you are) + Expertise (what you've learned) + Experience (what you remember) |
+| **Four-layer cognition** | Company Procedures (org-wide rules) + Identity (who you are) + Expertise (what you've learned) + Experience (what you remember) |
 | **Multi-agent orchestration** | COO coordinates CTO, CMO, engineers. Parallel task execution via tmux. |
 | **Task system** | Create, assign, review, chain tasks. Auto-dispatch. Review pipeline with cascading approval. |
+| **Company procedures** | Org-wide rules that every employee follows. Set once, cascades everywhere. |
 | **Identity injection** | Each employee gets a permanent identity doc. Claude Code's `--agent` flag replaces the default system prompt. |
 | **Skill learning** | Agents learn procedures from repeated patterns. Corrections become permanent behaviors. |
 | **Cloud sync** | End-to-end encrypted memory sync across devices. Your key, your data. |
@@ -80,6 +81,7 @@ You talk to your COO. Your COO delegates. Each employee has:
 - **Identity** — permanent role doc that defines who they are
 - **Task queue** — auto-chains through assigned work
 - **Behavioral expertise** — corrections accumulate as permanent rules
+- **Company procedures** — org-wide rules that cascade to every employee
 
 ---
 
@@ -100,7 +102,7 @@ npm install -g @askexenow/exe-os
 # Run `wsl --install` in PowerShell first, then follow Linux steps inside WSL2
 ```
 
-Requires Node.js 22+ and tmux. See **[docs/install.md](docs/install.md)** for full platform-specific instructions and troubleshooting.
+Requires Node.js 22+ and tmux. See **[docs/install.md](docs/install.md)** for full platform-specific instructions and **[docs/quickstart.md](docs/quickstart.md)** for the 5-minute getting started guide.
 
 ### 2. Run Setup
 
@@ -136,8 +138,8 @@ exe-os                     # launch the TUI dashboard
 
 | Plan | Price | Employees | Memories | Devices |
 |------|-------|-----------|----------|---------|
-| Free | $0 | 1 (COO) | 5,000 | 1 |
-| Solopreneur | $97/mo | 5 | 100,000 | 2 |
+| Free | $0 | 1 (COO) | 50,000 | 1 |
+| Solopreneur | $97/mo | 5 | 250,000 | 2 |
 | Company | $297/mo | 20 | 1,000,000 | 10 |
 | Agency | $497/mo | 100 | 10,000,000 | 50 |
 | Enterprise | Custom | Unlimited | Unlimited | Unlimited |
@@ -202,7 +204,7 @@ See [docs/Agency-Playbook.md](docs/Agency-Playbook.md) for multi-client VPS depl
 exe-os/
   src/
     lib/          # Core: memory, tasks, identity, behaviors, search, sync, encryption
-    mcp/          # MCP server (20+ tools for Claude Code integration)
+    mcp/          # MCP server (100+ tools for Claude Code integration)
     adapters/     # Claude Code hooks (ingest, session-start, pre-tool-use, etc.)
     tui/          # Ink-based terminal dashboard (Mode 2)
     runtime/      # Agent loop, tool registry, permissions (Mode 2 standalone)
@@ -244,4 +246,4 @@ Full guide: **[docs/install.md](docs/install.md)**
 
 ## License
 
-CC-BY-NC-4.0 (non-commercial). Commercial licenses available at [askexe.com](https://askexe.com).
+AGPL-3.0. Commercial licenses available at [askexe.com](https://askexe.com).

package/dist/bin/agentic-ontology-backfill.js

@@ -1811,6 +1811,13 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  for (const col of ["created_by_agent TEXT", "created_by_device TEXT", "source_session_id TEXT"]) {
+    try {
+      await client.execute({ sql: `ALTER TABLE behaviors ADD COLUMN ${col}`, args: [] });
+    } catch (e) {
+      logCatchDebug("migration", e);
+    }
+  }
   try {
     await client.execute({
       sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
@@ -3027,6 +3034,22 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
 }
 async function disposeDatabase() {
   if (_walCheckpointTimer) {
@@ -3593,11 +3616,17 @@ var init_platform_procedures = __esm({
         content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
       },
       {
-        title: "Customer orchestration maturity \u2014 recommend, never trap",
+        title: "Orchestration phase guidance \u2014 recommend, never trap",
         domain: "workflow",
         priority: "p1",
         content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
       },
+      {
+        title: "Routing slot vs display title \u2014 internal 'coo' is plumbing, not your name",
+        domain: "identity",
+        priority: "p0",
+        content: "These procedures reference 'COO' as a shorthand for the coordinator role. This is an INTERNAL routing slot used by exe-os code (chain-of-command checks, dispatch logic, session detection). It is NOT your display title. Your actual title comes from your identity file's `title:` field \u2014 that is what you use externally: introductions, sign-offs, team comms, and any user-facing text. If your identity says `title: AI Chief of Staff`, you are the AI Chief of Staff. The routing slot stays `role: coo` for code compatibility \u2014 never rename it, but also never introduce yourself as 'COO' unless your identity file explicitly says so. The founder chose your title; respect it."
+      },
       {
         title: "Single dispatch path \u2014 create_task only",
         domain: "workflow",
@@ -3631,6 +3660,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Destructive operations \u2014 mandatory reviewer gate",
+        domain: "security",
+        priority: "p0",
+        content: "Before ANY destructive operation (delete, remove, overwrite, drop, reset, force-push, truncate), you MUST: (1) Have your full task spec accessible \u2014 if you cannot read it, STOP and report to your reviewer. Never improvise destructive actions. (2) Confirm with your reviewer (assigned_by or COO) before executing. (3) If the task spec explicitly authorizes the operation, proceed \u2014 but log it. Violation = immediate task failure. This applies to ALL agents regardless of role."
+      },
       {
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
@@ -3782,7 +3817,7 @@ var init_platform_procedures = __esm({
         title: "MCP tool dispatch \u2014 all tools use action parameter",
         domain: "tool-use",
         priority: "p0",
-        content: 'exe-os MCP tools come in two surfaces depending on EXE_MCP_TOOL_SURFACE config. Consolidated (19 tools): action-based dispatch \u2014 memory(action="recall"), task(action="create"), etc. Legacy (108 tools): one tool per operation \u2014 recall_my_memory, create_task, etc. Both surfaces have identical functionality. Use whichever tool names are available in your session. If you see domain tools (memory, task, config, etc.), use the action parameter. If you see specific tools (recall_my_memory, create_task, etc.), call them directly.'
+        content: 'exe-os MCP tools use consolidated action-based dispatch by default (19 tools). Call domain tools with an action parameter: memory(action="recall"), task(action="create"), config(action="list_employees"), etc. Legacy mode (108 separate tools like recall_my_memory, create_task) is still available via EXE_MCP_TOOL_SURFACE=legacy but will be removed in a future version. If you see specific tool names, call them directly \u2014 both surfaces are identical. Consolidated is the default and recommended surface.'
       },
       {
         title: "MCP tools \u2014 memory, decision, and search",
@@ -3916,10 +3951,24 @@ function stableId(memoryId, type, content) {
   return createHash2("sha256").update(`${memoryId}:${type}:${content}`).digest("hex").slice(0, 32);
 }
 function cleanText(text) {
-  return text.replace(/```[\s\S]*?```/g, " ").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
-}
-function splitSentences(text) {
-  return cleanText(text).split(/(?<=[.!?])\s+|\n+/).map((s) => s.trim()).filter((s) => s.length >= 24 && s.length <= MAX_SENTENCE_CHARS);
+  let cleaned = text.replace(
+    /```(\w*)\n(.*?)(?:\n[\s\S]*?)```/g,
+    (_m, lang, firstLine) => `[code${lang ? `:${lang}` : ""}] ${firstLine.trim()}`
+  );
+  cleaned = cleaned.replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  return cleaned;
+}
+function splitSegments(text) {
+  const cleaned = cleanText(text);
+  const segments = cleaned.split(/(?<=[.!?:;])\s+|\n{2,}|(?<=\))\s+(?=[A-Z])|\s*[|│]\s*/).map((s) => s.trim()).filter((s) => s.length >= MIN_SEGMENT_CHARS && s.length <= MAX_SEGMENT_CHARS);
+  if (segments.length === 0 && cleaned.length >= MIN_SEGMENT_CHARS) {
+    const lines = cleaned.split(/\n+/).map((l) => l.trim()).filter((l) => l.length >= MIN_SEGMENT_CHARS && l.length <= MAX_SEGMENT_CHARS);
+    if (lines.length > 0) return lines;
+    if (cleaned.length >= MIN_SEGMENT_CHARS) {
+      return [cleaned.slice(0, MAX_SEGMENT_CHARS)];
+    }
+  }
+  return segments;
 }
 function inferCardType(sentence, toolName) {
   const lower = sentence.toLowerCase();
@@ -3951,12 +4000,12 @@ function predicateFor(type) {
   }
 }
 function extractMemoryCards(row) {
-  const sentences = splitSentences(row.raw_text);
+  const segments = splitSegments(row.raw_text);
   const cards = [];
-  for (const sentence of sentences) {
+  for (const sentence of segments) {
     const type = inferCardType(sentence, row.tool_name);
     const subject = extractSubject(sentence, row.agent_id);
-    const content = sentence.length > MAX_SENTENCE_CHARS ? `${sentence.slice(0, MAX_SENTENCE_CHARS - 1)}\u2026` : sentence;
+    const content = sentence.length > MAX_SEGMENT_CHARS ? `${sentence.slice(0, MAX_SEGMENT_CHARS - 1)}\u2026` : sentence;
     cards.push({
       id: stableId(row.id, type, content),
       memory_id: row.id,
@@ -4052,13 +4101,14 @@ Source memory: ${String(row.source_ref ?? row.memory_id)}`,
     last_accessed: String(row.timestamp)
   }));
 }
-var MAX_CARDS_PER_MEMORY, MAX_SENTENCE_CHARS;
+var MAX_CARDS_PER_MEMORY, MAX_SEGMENT_CHARS, MIN_SEGMENT_CHARS;
 var init_memory_cards = __esm({
   "src/lib/memory-cards.ts"() {
     "use strict";
     init_database();
-    MAX_CARDS_PER_MEMORY = 6;
-    MAX_SENTENCE_CHARS = 360;
+    MAX_CARDS_PER_MEMORY = 8;
+    MAX_SEGMENT_CHARS = 500;
+    MIN_SEGMENT_CHARS = 20;
   }
 });
 

package/dist/bin/agentic-reflection-backfill.js

@@ -1811,6 +1811,13 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  for (const col of ["created_by_agent TEXT", "created_by_device TEXT", "source_session_id TEXT"]) {
+    try {
+      await client.execute({ sql: `ALTER TABLE behaviors ADD COLUMN ${col}`, args: [] });
+    } catch (e) {
+      logCatchDebug("migration", e);
+    }
+  }
   try {
     await client.execute({
       sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
@@ -3027,6 +3034,22 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
 }
 async function disposeDatabase() {
   if (_walCheckpointTimer) {
@@ -3593,11 +3616,17 @@ var init_platform_procedures = __esm({
         content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
       },
       {
-        title: "Customer orchestration maturity \u2014 recommend, never trap",
+        title: "Orchestration phase guidance \u2014 recommend, never trap",
         domain: "workflow",
         priority: "p1",
         content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
       },
+      {
+        title: "Routing slot vs display title \u2014 internal 'coo' is plumbing, not your name",
+        domain: "identity",
+        priority: "p0",
+        content: "These procedures reference 'COO' as a shorthand for the coordinator role. This is an INTERNAL routing slot used by exe-os code (chain-of-command checks, dispatch logic, session detection). It is NOT your display title. Your actual title comes from your identity file's `title:` field \u2014 that is what you use externally: introductions, sign-offs, team comms, and any user-facing text. If your identity says `title: AI Chief of Staff`, you are the AI Chief of Staff. The routing slot stays `role: coo` for code compatibility \u2014 never rename it, but also never introduce yourself as 'COO' unless your identity file explicitly says so. The founder chose your title; respect it."
+      },
       {
         title: "Single dispatch path \u2014 create_task only",
         domain: "workflow",
@@ -3631,6 +3660,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Destructive operations \u2014 mandatory reviewer gate",
+        domain: "security",
+        priority: "p0",
+        content: "Before ANY destructive operation (delete, remove, overwrite, drop, reset, force-push, truncate), you MUST: (1) Have your full task spec accessible \u2014 if you cannot read it, STOP and report to your reviewer. Never improvise destructive actions. (2) Confirm with your reviewer (assigned_by or COO) before executing. (3) If the task spec explicitly authorizes the operation, proceed \u2014 but log it. Violation = immediate task failure. This applies to ALL agents regardless of role."
+      },
       {
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
@@ -3782,7 +3817,7 @@ var init_platform_procedures = __esm({
         title: "MCP tool dispatch \u2014 all tools use action parameter",
         domain: "tool-use",
         priority: "p0",
-        content: 'exe-os MCP tools come in two surfaces depending on EXE_MCP_TOOL_SURFACE config. Consolidated (19 tools): action-based dispatch \u2014 memory(action="recall"), task(action="create"), etc. Legacy (108 tools): one tool per operation \u2014 recall_my_memory, create_task, etc. Both surfaces have identical functionality. Use whichever tool names are available in your session. If you see domain tools (memory, task, config, etc.), use the action parameter. If you see specific tools (recall_my_memory, create_task, etc.), call them directly.'
+        content: 'exe-os MCP tools use consolidated action-based dispatch by default (19 tools). Call domain tools with an action parameter: memory(action="recall"), task(action="create"), config(action="list_employees"), etc. Legacy mode (108 separate tools like recall_my_memory, create_task) is still available via EXE_MCP_TOOL_SURFACE=legacy but will be removed in a future version. If you see specific tool names, call them directly \u2014 both surfaces are identical. Consolidated is the default and recommended surface.'
       },
       {
         title: "MCP tools \u2014 memory, decision, and search",

package/dist/bin/agentic-semantic-label.js

@@ -1811,6 +1811,13 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  for (const col of ["created_by_agent TEXT", "created_by_device TEXT", "source_session_id TEXT"]) {
+    try {
+      await client.execute({ sql: `ALTER TABLE behaviors ADD COLUMN ${col}`, args: [] });
+    } catch (e) {
+      logCatchDebug("migration", e);
+    }
+  }
   try {
     await client.execute({
       sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
@@ -3027,6 +3034,22 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
 }
 async function disposeDatabase() {
   if (_walCheckpointTimer) {
@@ -3593,11 +3616,17 @@ var init_platform_procedures = __esm({
         content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
       },
       {
-        title: "Customer orchestration maturity \u2014 recommend, never trap",
+        title: "Orchestration phase guidance \u2014 recommend, never trap",
         domain: "workflow",
         priority: "p1",
         content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
       },
+      {
+        title: "Routing slot vs display title \u2014 internal 'coo' is plumbing, not your name",
+        domain: "identity",
+        priority: "p0",
+        content: "These procedures reference 'COO' as a shorthand for the coordinator role. This is an INTERNAL routing slot used by exe-os code (chain-of-command checks, dispatch logic, session detection). It is NOT your display title. Your actual title comes from your identity file's `title:` field \u2014 that is what you use externally: introductions, sign-offs, team comms, and any user-facing text. If your identity says `title: AI Chief of Staff`, you are the AI Chief of Staff. The routing slot stays `role: coo` for code compatibility \u2014 never rename it, but also never introduce yourself as 'COO' unless your identity file explicitly says so. The founder chose your title; respect it."
+      },
       {
         title: "Single dispatch path \u2014 create_task only",
         domain: "workflow",
@@ -3631,6 +3660,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Destructive operations \u2014 mandatory reviewer gate",
+        domain: "security",
+        priority: "p0",
+        content: "Before ANY destructive operation (delete, remove, overwrite, drop, reset, force-push, truncate), you MUST: (1) Have your full task spec accessible \u2014 if you cannot read it, STOP and report to your reviewer. Never improvise destructive actions. (2) Confirm with your reviewer (assigned_by or COO) before executing. (3) If the task spec explicitly authorizes the operation, proceed \u2014 but log it. Violation = immediate task failure. This applies to ALL agents regardless of role."
+      },
       {
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
@@ -3782,7 +3817,7 @@ var init_platform_procedures = __esm({
         title: "MCP tool dispatch \u2014 all tools use action parameter",
         domain: "tool-use",
         priority: "p0",
-        content: 'exe-os MCP tools come in two surfaces depending on EXE_MCP_TOOL_SURFACE config. Consolidated (19 tools): action-based dispatch \u2014 memory(action="recall"), task(action="create"), etc. Legacy (108 tools): one tool per operation \u2014 recall_my_memory, create_task, etc. Both surfaces have identical functionality. Use whichever tool names are available in your session. If you see domain tools (memory, task, config, etc.), use the action parameter. If you see specific tools (recall_my_memory, create_task, etc.), call them directly.'
+        content: 'exe-os MCP tools use consolidated action-based dispatch by default (19 tools). Call domain tools with an action parameter: memory(action="recall"), task(action="create"), config(action="list_employees"), etc. Legacy mode (108 separate tools like recall_my_memory, create_task) is still available via EXE_MCP_TOOL_SURFACE=legacy but will be removed in a future version. If you see specific tool names, call them directly \u2014 both surfaces are identical. Consolidated is the default and recommended surface.'
       },
       {
         title: "MCP tools \u2014 memory, decision, and search",

package/dist/bin/backfill-conversations.js

@@ -1951,6 +1951,13 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  for (const col of ["created_by_agent TEXT", "created_by_device TEXT", "source_session_id TEXT"]) {
+    try {
+      await client.execute({ sql: `ALTER TABLE behaviors ADD COLUMN ${col}`, args: [] });
+    } catch (e) {
+      logCatchDebug("migration", e);
+    }
+  }
   try {
     await client.execute({
       sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
@@ -3167,6 +3174,22 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
 }
 async function disposeDatabase() {
   if (_walCheckpointTimer) {
@@ -3733,11 +3756,17 @@ var init_platform_procedures = __esm({
         content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
       },
       {
-        title: "Customer orchestration maturity \u2014 recommend, never trap",
+        title: "Orchestration phase guidance \u2014 recommend, never trap",
         domain: "workflow",
         priority: "p1",
         content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
       },
+      {
+        title: "Routing slot vs display title \u2014 internal 'coo' is plumbing, not your name",
+        domain: "identity",
+        priority: "p0",
+        content: "These procedures reference 'COO' as a shorthand for the coordinator role. This is an INTERNAL routing slot used by exe-os code (chain-of-command checks, dispatch logic, session detection). It is NOT your display title. Your actual title comes from your identity file's `title:` field \u2014 that is what you use externally: introductions, sign-offs, team comms, and any user-facing text. If your identity says `title: AI Chief of Staff`, you are the AI Chief of Staff. The routing slot stays `role: coo` for code compatibility \u2014 never rename it, but also never introduce yourself as 'COO' unless your identity file explicitly says so. The founder chose your title; respect it."
+      },
       {
         title: "Single dispatch path \u2014 create_task only",
         domain: "workflow",
@@ -3771,6 +3800,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Destructive operations \u2014 mandatory reviewer gate",
+        domain: "security",
+        priority: "p0",
+        content: "Before ANY destructive operation (delete, remove, overwrite, drop, reset, force-push, truncate), you MUST: (1) Have your full task spec accessible \u2014 if you cannot read it, STOP and report to your reviewer. Never improvise destructive actions. (2) Confirm with your reviewer (assigned_by or COO) before executing. (3) If the task spec explicitly authorizes the operation, proceed \u2014 but log it. Violation = immediate task failure. This applies to ALL agents regardless of role."
+      },
       {
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
@@ -3922,7 +3957,7 @@ var init_platform_procedures = __esm({
         title: "MCP tool dispatch \u2014 all tools use action parameter",
         domain: "tool-use",
         priority: "p0",
-        content: 'exe-os MCP tools come in two surfaces depending on EXE_MCP_TOOL_SURFACE config. Consolidated (19 tools): action-based dispatch \u2014 memory(action="recall"), task(action="create"), etc. Legacy (108 tools): one tool per operation \u2014 recall_my_memory, create_task, etc. Both surfaces have identical functionality. Use whichever tool names are available in your session. If you see domain tools (memory, task, config, etc.), use the action parameter. If you see specific tools (recall_my_memory, create_task, etc.), call them directly.'
+        content: 'exe-os MCP tools use consolidated action-based dispatch by default (19 tools). Call domain tools with an action parameter: memory(action="recall"), task(action="create"), config(action="list_employees"), etc. Legacy mode (108 separate tools like recall_my_memory, create_task) is still available via EXE_MCP_TOOL_SURFACE=legacy but will be removed in a future version. If you see specific tool names, call them directly \u2014 both surfaces are identical. Consolidated is the default and recommended surface.'
       },
       {
         title: "MCP tools \u2014 memory, decision, and search",
@@ -4056,10 +4091,24 @@ function stableId(memoryId, type, content) {
   return createHash2("sha256").update(`${memoryId}:${type}:${content}`).digest("hex").slice(0, 32);
 }
 function cleanText(text) {
-  return text.replace(/```[\s\S]*?```/g, " ").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  let cleaned = text.replace(
+    /```(\w*)\n(.*?)(?:\n[\s\S]*?)```/g,
+    (_m, lang, firstLine) => `[code${lang ? `:${lang}` : ""}] ${firstLine.trim()}`
+  );
+  cleaned = cleaned.replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  return cleaned;
 }
-function splitSentences(text) {
-  return cleanText(text).split(/(?<=[.!?])\s+|\n+/).map((s) => s.trim()).filter((s) => s.length >= 24 && s.length <= MAX_SENTENCE_CHARS);
+function splitSegments(text) {
+  const cleaned = cleanText(text);
+  const segments = cleaned.split(/(?<=[.!?:;])\s+|\n{2,}|(?<=\))\s+(?=[A-Z])|\s*[|│]\s*/).map((s) => s.trim()).filter((s) => s.length >= MIN_SEGMENT_CHARS && s.length <= MAX_SEGMENT_CHARS);
+  if (segments.length === 0 && cleaned.length >= MIN_SEGMENT_CHARS) {
+    const lines = cleaned.split(/\n+/).map((l) => l.trim()).filter((l) => l.length >= MIN_SEGMENT_CHARS && l.length <= MAX_SEGMENT_CHARS);
+    if (lines.length > 0) return lines;
+    if (cleaned.length >= MIN_SEGMENT_CHARS) {
+      return [cleaned.slice(0, MAX_SEGMENT_CHARS)];
+    }
+  }
+  return segments;
 }
 function inferCardType(sentence, toolName) {
   const lower = sentence.toLowerCase();
@@ -4091,12 +4140,12 @@ function predicateFor(type) {
   }
 }
 function extractMemoryCards(row) {
-  const sentences = splitSentences(row.raw_text);
+  const segments = splitSegments(row.raw_text);
   const cards = [];
-  for (const sentence of sentences) {
+  for (const sentence of segments) {
     const type = inferCardType(sentence, row.tool_name);
     const subject = extractSubject(sentence, row.agent_id);
-    const content = sentence.length > MAX_SENTENCE_CHARS ? `${sentence.slice(0, MAX_SENTENCE_CHARS - 1)}\u2026` : sentence;
+    const content = sentence.length > MAX_SEGMENT_CHARS ? `${sentence.slice(0, MAX_SEGMENT_CHARS - 1)}\u2026` : sentence;
     cards.push({
       id: stableId(row.id, type, content),
       memory_id: row.id,
@@ -4192,13 +4241,14 @@ Source memory: ${String(row.source_ref ?? row.memory_id)}`,
     last_accessed: String(row.timestamp)
   }));
 }
-var MAX_CARDS_PER_MEMORY, MAX_SENTENCE_CHARS;
+var MAX_CARDS_PER_MEMORY, MAX_SEGMENT_CHARS, MIN_SEGMENT_CHARS;
 var init_memory_cards = __esm({
   "src/lib/memory-cards.ts"() {
     "use strict";
     init_database();
-    MAX_CARDS_PER_MEMORY = 6;
-    MAX_SENTENCE_CHARS = 360;
+    MAX_CARDS_PER_MEMORY = 8;
+    MAX_SEGMENT_CHARS = 500;
+    MIN_SEGMENT_CHARS = 20;
   }
 });