@askexenow/exe-os 0.9.112 → 0.9.113

package/dist/lib/exe-daemon.js

@@ -568,6 +568,7 @@ __export(agent_config_exports, {
   getAgentRuntime: () => getAgentRuntime,
   loadAgentConfig: () => loadAgentConfig,
   saveAgentConfig: () => saveAgentConfig,
+  setAgentMcps: () => setAgentMcps,
   setAgentRuntime: () => setAgentRuntime
 });
 import { readFileSync as readFileSync4, writeFileSync as writeFileSync3, existsSync as existsSync5 } from "fs";
@@ -594,7 +595,7 @@ function getAgentRuntime(agentId) {
   if (orgDefault) return orgDefault;
   return { runtime: DEFAULT_RUNTIME, model: DEFAULT_MODELS[DEFAULT_RUNTIME] };
 }
-function setAgentRuntime(agentId, runtime, model, reasoning_effort) {
+function setAgentRuntime(agentId, runtime, model, reasoning_effort, mcps) {
   const knownModels = KNOWN_RUNTIMES[runtime];
   if (!knownModels) {
     return {
@@ -609,12 +610,26 @@ function setAgentRuntime(agentId, runtime, model, reasoning_effort) {
     };
   }
   const config2 = loadAgentConfig();
+  const existing = config2[agentId];
   const entry = { runtime, model };
   if (reasoning_effort) entry.reasoning_effort = reasoning_effort;
+  if (mcps !== void 0) {
+    entry.mcps = mcps.includes("exe-os") ? mcps : ["exe-os", ...mcps];
+  } else if (existing?.mcps) {
+    entry.mcps = existing.mcps;
+  }
   config2[agentId] = entry;
   saveAgentConfig(config2);
   return { ok: true };
 }
+function setAgentMcps(agentId, mcps) {
+  const config2 = loadAgentConfig();
+  const existing = config2[agentId] ?? getAgentRuntime(agentId);
+  existing.mcps = mcps.includes("exe-os") ? mcps : ["exe-os", ...mcps];
+  config2[agentId] = existing;
+  saveAgentConfig(config2);
+  return { ok: true };
+}
 function clearAgentRuntime(agentId) {
   const config2 = loadAgentConfig();
   delete config2[agentId];
@@ -3659,6 +3674,22 @@ async function ensureSchema() {
   } catch (e) {
     logCatchDebug("migration", e);
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0`,
+      args: []
+    });
+  } catch (e) {
+    logCatchDebug("migration", e);
+  }
 }
 async function disposeDatabase() {
   if (_walCheckpointTimer) {
@@ -6072,11 +6103,17 @@ var init_platform_procedures = __esm({
         content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
       },
       {
-        title: "Customer orchestration maturity \u2014 recommend, never trap",
+        title: "Orchestration phase guidance \u2014 recommend, never trap",
         domain: "workflow",
         priority: "p1",
         content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
       },
+      {
+        title: "Routing slot vs display title \u2014 internal 'coo' is plumbing, not your name",
+        domain: "identity",
+        priority: "p0",
+        content: "These procedures reference 'COO' as a shorthand for the coordinator role. This is an INTERNAL routing slot used by exe-os code (chain-of-command checks, dispatch logic, session detection). It is NOT your display title. Your actual title comes from your identity file's `title:` field \u2014 that is what you use externally: introductions, sign-offs, team comms, and any user-facing text. If your identity says `title: AI Chief of Staff`, you are the AI Chief of Staff. The routing slot stays `role: coo` for code compatibility \u2014 never rename it, but also never introduce yourself as 'COO' unless your identity file explicitly says so. The founder chose your title; respect it."
+      },
       {
         title: "Single dispatch path \u2014 create_task only",
         domain: "workflow",
@@ -6110,6 +6147,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Destructive operations \u2014 mandatory reviewer gate",
+        domain: "security",
+        priority: "p0",
+        content: "Before ANY destructive operation (delete, remove, overwrite, drop, reset, force-push, truncate), you MUST: (1) Have your full task spec accessible \u2014 if you cannot read it, STOP and report to your reviewer. Never improvise destructive actions. (2) Confirm with your reviewer (assigned_by or COO) before executing. (3) If the task spec explicitly authorizes the operation, proceed \u2014 but log it. Violation = immediate task failure. This applies to ALL agents regardless of role."
+      },
       {
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
@@ -6395,10 +6438,24 @@ function stableId3(memoryId, type, content) {
   return createHash3("sha256").update(`${memoryId}:${type}:${content}`).digest("hex").slice(0, 32);
 }
 function cleanText(text3) {
-  return text3.replace(/```[\s\S]*?```/g, " ").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  let cleaned = text3.replace(
+    /```(\w*)\n(.*?)(?:\n[\s\S]*?)```/g,
+    (_m, lang, firstLine) => `[code${lang ? `:${lang}` : ""}] ${firstLine.trim()}`
+  );
+  cleaned = cleaned.replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  return cleaned;
 }
-function splitSentences(text3) {
-  return cleanText(text3).split(/(?<=[.!?])\s+|\n+/).map((s) => s.trim()).filter((s) => s.length >= 24 && s.length <= MAX_SENTENCE_CHARS);
+function splitSegments(text3) {
+  const cleaned = cleanText(text3);
+  const segments = cleaned.split(/(?<=[.!?:;])\s+|\n{2,}|(?<=\))\s+(?=[A-Z])|\s*[|│]\s*/).map((s) => s.trim()).filter((s) => s.length >= MIN_SEGMENT_CHARS && s.length <= MAX_SEGMENT_CHARS);
+  if (segments.length === 0 && cleaned.length >= MIN_SEGMENT_CHARS) {
+    const lines = cleaned.split(/\n+/).map((l) => l.trim()).filter((l) => l.length >= MIN_SEGMENT_CHARS && l.length <= MAX_SEGMENT_CHARS);
+    if (lines.length > 0) return lines;
+    if (cleaned.length >= MIN_SEGMENT_CHARS) {
+      return [cleaned.slice(0, MAX_SEGMENT_CHARS)];
+    }
+  }
+  return segments;
 }
 function inferCardType(sentence, toolName) {
   const lower = sentence.toLowerCase();
@@ -6430,12 +6487,12 @@ function predicateFor(type) {
   }
 }
 function extractMemoryCards(row) {
-  const sentences = splitSentences(row.raw_text);
+  const segments = splitSegments(row.raw_text);
   const cards = [];
-  for (const sentence of sentences) {
+  for (const sentence of segments) {
     const type = inferCardType(sentence, row.tool_name);
     const subject = extractSubject(sentence, row.agent_id);
-    const content = sentence.length > MAX_SENTENCE_CHARS ? `${sentence.slice(0, MAX_SENTENCE_CHARS - 1)}\u2026` : sentence;
+    const content = sentence.length > MAX_SEGMENT_CHARS ? `${sentence.slice(0, MAX_SEGMENT_CHARS - 1)}\u2026` : sentence;
     cards.push({
       id: stableId3(row.id, type, content),
       memory_id: row.id,
@@ -6531,13 +6588,14 @@ Source memory: ${String(row.source_ref ?? row.memory_id)}`,
     last_accessed: String(row.timestamp)
   }));
 }
-var MAX_CARDS_PER_MEMORY, MAX_SENTENCE_CHARS;
+var MAX_CARDS_PER_MEMORY, MAX_SEGMENT_CHARS, MIN_SEGMENT_CHARS;
 var init_memory_cards = __esm({
   "src/lib/memory-cards.ts"() {
     "use strict";
     init_database();
-    MAX_CARDS_PER_MEMORY = 6;
-    MAX_SENTENCE_CHARS = 360;
+    MAX_CARDS_PER_MEMORY = 8;
+    MAX_SEGMENT_CHARS = 500;
+    MIN_SEGMENT_CHARS = 20;
   }
 });
 
@@ -8728,7 +8786,7 @@ async function hybridSearch(queryText, agentId, options) {
     try {
       const client = getClient();
       void client.execute({
-        sql: `UPDATE memories SET last_accessed = ?, retrieval_count = COALESCE(retrieval_count, 0) + 1 WHERE id IN (${placeholders})`,
+        sql: `UPDATE memories SET last_accessed = ?, retrieval_count = COALESCE(retrieval_count, 0) + 1, strength = MIN(1.0, COALESCE(strength, 1.0) + 0.1) WHERE id IN (${placeholders})`,
         args: [now2, ...ids]
       }).catch(() => {
       });
@@ -10093,7 +10151,7 @@ async function assertVpsLicense(opts) {
   }
   if (!transientFailure) {
     throw new Error(
-      "License validation failed: unknown backend state. Restore network connectivity to https://askexe.com/cloud and retry."
+      "License validation failed: unknown backend state. Restore network connectivity to https://cloud.askexe.com and retry."
     );
   }
   const fresh = await getCachedLicense();
@@ -10130,7 +10188,7 @@ async function assertVpsLicense(opts) {
   } catch {
   }
   throw new Error(
-    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://askexe.com/cloud and retry. This VPS image refuses to boot after the offline grace window.`
+    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://cloud.askexe.com and retry. This VPS image refuses to boot after the offline grace window.`
   );
 }
 function startLicenseRevalidation(intervalMs = 36e5) {
@@ -10162,7 +10220,7 @@ var init_license = __esm({
     LICENSE_PATH = path17.join(EXE_AI_DIR, "license.key");
     CACHE_PATH = path17.join(EXE_AI_DIR, "license-cache.json");
     DEVICE_ID_PATH = path17.join(EXE_AI_DIR, "device-id");
-    API_BASE = process.env.EXE_CLOUD_ENDPOINT ?? "https://askexe.com/cloud";
+    API_BASE = process.env.EXE_CLOUD_ENDPOINT ?? "https://cloud.askexe.com";
     RETRY_DELAY_MS = 500;
     LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
@@ -13344,11 +13402,12 @@ function getDispatchedBy(sessionKey) {
   }
 }
 function resolveExeSession() {
+  if (process.env.EXE_SESSION_NAME) {
+    const fromEnv = extractRootExe(process.env.EXE_SESSION_NAME) ?? process.env.EXE_SESSION_NAME;
+    if (fromEnv) return fromEnv;
+  }
   const mySession = getMySession();
   if (!mySession) {
-    if (process.env.EXE_SESSION_NAME) {
-      return extractRootExe(process.env.EXE_SESSION_NAME) ?? process.env.EXE_SESSION_NAME;
-    }
     return null;
   }
   const fromSessionName = extractRootExe(mySession);
@@ -13363,6 +13422,10 @@ function resolveExeSession() {
           `[tmux-routing] WARN: cache says "${fromCache}" but session name says "${fromSessionName}". Trusting session name.
 `
         );
+        try {
+          registerParentExe(key, fromSessionName);
+        } catch {
+        }
         candidate = fromSessionName;
       } else {
         candidate = fromCache;
@@ -14296,6 +14359,19 @@ async function resolveTask(client, identifier, scopeSession) {
     args: [identifier, ...scope.args]
   });
   if (result3.rows.length === 1) return result3.rows[0];
+  if (/^[a-f0-9]{7,12}$/i.test(identifier)) {
+    result3 = await client.execute({
+      sql: `SELECT * FROM tasks WHERE id LIKE ?`,
+      args: [`${identifier}%`]
+    });
+    if (result3.rows.length === 1) return result3.rows[0];
+    if (result3.rows.length > 1) {
+      const matches = result3.rows.map((r) => `${String(r.id)} "${String(r.title)}" (${String(r.status)})`).join(", ");
+      throw new Error(
+        `Multiple tasks match short-ID "${identifier}": ${matches}. Use a longer prefix to disambiguate.`
+      );
+    }
+  }
   result3 = await client.execute({
     sql: `SELECT * FROM tasks WHERE task_file LIKE ?${scope.sql}`,
     args: [`%${identifier}%`, ...scope.args]
@@ -14842,12 +14918,13 @@ async function cascadeUnblock(taskId, baseDir, now2) {
           WHERE blocked_by = ? AND status = 'blocked'`,
     args: [now2, taskId]
   });
-  if (baseDir && unblocked.rowsAffected > 0) {
-    const ubScope = sessionScopeFilter();
-    const unblockedRows = await client.execute({
-      sql: `SELECT task_file FROM tasks WHERE blocked_by IS NULL AND updated_at = ?${ubScope.sql}`,
-      args: [now2, ...ubScope.args]
-    });
+  if (unblocked.rowsAffected === 0) return;
+  const ubScope = sessionScopeFilter();
+  const unblockedRows = await client.execute({
+    sql: `SELECT id, title, assigned_to, priority, task_file FROM tasks WHERE blocked_by IS NULL AND updated_at = ?${ubScope.sql}`,
+    args: [now2, ...ubScope.args]
+  });
+  if (baseDir) {
     for (const ur of unblockedRows.rows) {
       try {
         const ubFile = path28.join(baseDir, String(ur.task_file));
@@ -14859,6 +14936,19 @@ async function cascadeUnblock(taskId, baseDir, now2) {
       }
     }
   }
+  if (unblockedRows.rows.length > 0 && !process.env.VITEST) {
+    try {
+      const { queueIntercom: queueIntercom2 } = await Promise.resolve().then(() => (init_intercom_queue(), intercom_queue_exports));
+      const dispatched = /* @__PURE__ */ new Set();
+      for (const ur of unblockedRows.rows) {
+        const assignee = String(ur.assigned_to);
+        if (dispatched.has(assignee)) continue;
+        dispatched.add(assignee);
+        queueIntercom2(`${assignee}`, `unblocked: "${String(ur.title)}" is now ready`);
+      }
+    } catch {
+    }
+  }
 }
 async function findNextTask(assignedTo) {
   const client = getClient();
@@ -15000,6 +15090,15 @@ var init_tasks_notify = __esm({
 // src/lib/behaviors.ts
 import crypto9 from "crypto";
 async function storeBehavior(opts) {
+  try {
+    const { loadEmployeesSync: loadEmployeesSync2 } = await Promise.resolve().then(() => (init_employees(), employees_exports));
+    const roster = loadEmployeesSync2();
+    if (roster.length > 0 && !roster.some((e) => e.name === opts.agentId)) {
+      throw new Error(`Agent "${opts.agentId}" not found in roster. Cannot store behavior for unregistered agent.`);
+    }
+  } catch (e) {
+    if (e instanceof Error && e.message.includes("not found in roster")) throw e;
+  }
   const client = getClient();
   const id = crypto9.randomUUID();
   const now2 = (/* @__PURE__ */ new Date()).toISOString();
@@ -15485,6 +15584,12 @@ async function updateTask(input) {
       }
     }
   }
+  if (input.status === "cancelled") {
+    try {
+      await cascadeUnblock(taskId, input.baseDir, now2);
+    } catch {
+    }
+  }
   if ((input.status === "done" || input.status === "closed") && !isCoordinatorName(String(row.assigned_to)) && !process.env.VITEST) {
     Promise.resolve().then(() => (init_skill_learning(), skill_learning_exports)).then(
       ({ captureAndLearn: captureAndLearn2 }) => captureAndLearn2({
@@ -20926,15 +21031,16 @@ function registerSetAgentConfig(server) {
     "set_agent_config",
     {
       title: "Set Agent Config",
-      description: "Set or view per-agent runtime + model configuration. Controls which runtime (claude, codex, opencode) and model each agent uses when dispatched. COO-only. Omit runtime/model to view current config for an agent or all agents.",
+      description: "Set or view per-agent runtime, model, and MCP configuration. Controls which runtime (claude, codex, opencode), model, and MCP servers each agent uses when dispatched. COO-only. Omit runtime/model to view current config for an agent or all agents. Pass mcps to restrict which MCP servers an agent loads (exe-os always included).",
       inputSchema: {
         agent_id: z48.string().optional().describe("Agent name, or 'default' for org-wide default. Omit to view all agents."),
         runtime: z48.string().optional().describe(`Runtime: ${Object.keys(KNOWN_RUNTIMES).join(", ")}`),
         model: z48.string().optional().describe("Model name (e.g. claude-opus-4, gpt-5.4, anthropic/claude-sonnet-4-6)"),
-        reasoning_effort: z48.string().optional().describe("Codex reasoning effort: low, medium, high, xhigh. Per-agent override for thinking/reasoning depth.")
+        reasoning_effort: z48.string().optional().describe("Codex reasoning effort: low, medium, high, xhigh. Per-agent override for thinking/reasoning depth."),
+        mcps: z48.array(z48.string()).optional().describe("MCP server allowlist. Only these servers load for this agent. exe-os always included. Omit to load all MCPs.")
       }
     },
-    async ({ agent_id, runtime, model, reasoning_effort }) => {
+    async ({ agent_id, runtime, model, reasoning_effort, mcps }) => {
       const { agentId, agentRole } = getActiveAgent();
       const isCoordinator = isCoordinatorRole(agentRole) || (() => {
         try {
@@ -20966,15 +21072,26 @@ function registerSetAgentConfig(server) {
           isError: true
         };
       }
+      if (mcps && agent_id && !runtime && !model) {
+        const { setAgentMcps: setAgentMcps2 } = await Promise.resolve().then(() => (init_agent_config(), agent_config_exports));
+        const result4 = setAgentMcps2(agent_id, mcps);
+        if (!result4.ok) {
+          return { content: [{ type: "text", text: result4.error }], isError: true };
+        }
+        return {
+          content: [{ type: "text", text: `Set ${agent_id} MCPs \u2192 [${mcps.join(", ")}] (exe-os always included)` }]
+        };
+      }
       if (!runtime || !model) {
         if (agent_id) {
           const cfg = getAgentRuntime(agent_id);
           const label = RUNTIME_LABELS[cfg.runtime] ?? cfg.runtime;
+          const mcpInfo = cfg.mcps ? ` | MCPs: [${cfg.mcps.join(", ")}]` : " | MCPs: all";
           return {
             content: [
               {
                 type: "text",
-                text: `${agent_id}: ${label} / ${cfg.model}`
+                text: `${agent_id}: ${label} / ${cfg.model}${mcpInfo}`
               }
             ]
           };
@@ -21021,7 +21138,7 @@ function registerSetAgentConfig(server) {
           isError: true
         };
       }
-      const result3 = setAgentRuntime(agent_id, runtime, model, reasoning_effort);
+      const result3 = setAgentRuntime(agent_id, runtime, model, reasoning_effort, mcps);
       if (!result3.ok) {
         return {
           content: [{ type: "text", text: result3.error }],
@@ -21030,6 +21147,7 @@ function registerSetAgentConfig(server) {
       }
       const parts = [`Set ${agent_id} \u2192 runtime=${runtime} model=${model}`];
       if (reasoning_effort) parts[0] += ` reasoning_effort=${reasoning_effort}`;
+      if (mcps) parts[0] += ` mcps=[${mcps.join(", ")}]`;
       return {
         content: [{ type: "text", text: parts[0] }]
       };
@@ -22629,10 +22747,18 @@ async function pollOrphanedTasks(deps, nowMs = Date.now()) {
   } catch {
     return [];
   }
+  const coordinatorSet = new Set(coordinatorSessions);
   const agentTasks = /* @__PURE__ */ new Map();
   for (const t of tasksByAgent) {
     const scope = t.sessionScope || coordinatorSessions[0] || null;
     if (!scope) continue;
+    if (t.sessionScope && !coordinatorSet.has(t.sessionScope)) {
+      process.stderr.write(
+        `[auto-wake] Skipping ${t.agentId} task ${t.taskId} \u2014 coordinator session "${t.sessionScope}" is dead
+`
+      );
+      continue;
+    }
     const key = `${t.agentId}::${scope}`;
     const existing = agentTasks.get(key) ?? [];
     existing.push({ taskId: t.taskId, priority: t.priority, sessionScope: scope });
@@ -25359,6 +25485,27 @@ async function cloudSync(config2) {
       if (stmts.length > 0) await client.batch(stmts, "write");
       pulled = pullResult.records.length;
     } else {
+      try {
+        const incomingIds = pullResult.records.map((r) => sqlSafe(r.id));
+        if (incomingIds.length > 0) {
+          const ph = incomingIds.map(() => "?").join(",");
+          const existing = await client.execute({
+            sql: `SELECT id, version, timestamp FROM memories WHERE id IN (${ph})`,
+            args: incomingIds
+          });
+          const localMap = new Map(existing.rows.map((r) => [String(r.id), r]));
+          for (const rec of pullResult.records) {
+            const local = localMap.get(String(rec.id));
+            if (local && Number(local.version) > 0 && Number(local.version) !== Number(rec.version ?? 0)) {
+              process.stderr.write(
+                `[cloud-sync] CONFLICT: memory ${String(rec.id).slice(0, 8)} \u2014 local v${local.version} vs remote v${rec.version ?? 0}. Remote wins (LWW).
+`
+              );
+            }
+          }
+        }
+      } catch {
+      }
       const stmts = pullResult.records.map((rec) => ({
         sql: `INSERT OR REPLACE INTO memories
               (id, agent_id, agent_role, session_id, timestamp,
@@ -28413,7 +28560,7 @@ var init_starter_packs = __esm({
 
 // src/lib/employee-templates.ts
 function renderClientCOOTemplate(vars) {
-  const resolved = { ...vars, title: vars.title || "Chief Operating Officer" };
+  const resolved = { ...vars, title: vars.title || "Chief of Staff" };
   for (const key of CLIENT_COO_PLACEHOLDERS) {
     const value = resolved[key];
     if (typeof value !== "string" || value.length === 0) {
@@ -35300,12 +35447,14 @@ __export(task_enforcement_exports, {
   IDLE_PATTERNS: () => IDLE_PATTERNS,
   MANAGER_GRACE_PERIOD_MS: () => MANAGER_GRACE_PERIOD_MS,
   MANAGER_ROLES: () => MANAGER_ROLES,
+  NUDGE_ECHO_PATTERNS: () => NUDGE_ECHO_PATTERNS,
   TASK_ENFORCEMENT_DEBOUNCE_MS: () => TASK_ENFORCEMENT_DEBOUNCE_MS,
   TASK_ENFORCEMENT_INTERVAL_MS: () => TASK_ENFORCEMENT_INTERVAL_MS,
   _resetNudgeState: () => _resetNudgeState,
   decideManagerAction: () => decideManagerAction,
   decideWorkerAction: () => decideWorkerAction,
   isIdlePane: () => isIdlePane,
+  isNudgeEcho: () => isNudgeEcho,
   runTaskEnforcementTick: () => runTaskEnforcementTick,
   sendNudge: () => sendNudge
 });
@@ -35318,20 +35467,26 @@ function writeAuditEntry(entry) {
   } catch {
   }
 }
-function decideManagerAction(counts, isIdle, withinGracePeriod) {
+function decideManagerAction(counts, isIdle, withinGracePeriod, nudgeEcho) {
   if (counts.openTasks === 0) return "skip";
   if (withinGracePeriod) return "grace_period";
   if (!isIdle) return "active";
+  if (nudgeEcho) return "active";
+  if ((counts.inProgressTasks ?? 0) > 0) return "active";
   if (counts.activeSubtasks === 0) return "nudge";
   return "soft_nudge";
 }
-function decideWorkerAction(taskCount, isIdle) {
+function decideWorkerAction(taskCount, isIdle, nudgeEcho) {
   if (taskCount === 0) return "skip";
+  if (nudgeEcho) return "idle";
   return isIdle ? "nudge" : "idle";
 }
 function isIdlePane(paneText) {
   return IDLE_PATTERNS.some((p) => paneText.includes(p));
 }
+function isNudgeEcho(paneText) {
+  return NUDGE_ECHO_PATTERNS.some((p) => paneText.includes(p));
+}
 function sendNudge(transport, session, runtime, action) {
   const message = action === "nudge" ? "You have open tasks. Run list_tasks to find them." : "You have more open tasks to dispatch. Run list_tasks.";
   if (transport.sendKeysLiteral) {
@@ -35351,16 +35506,21 @@ async function runTaskEnforcementTick(deps) {
   const { transport, employees, client, scopeFilter } = deps;
   const now2 = deps.now ?? Date.now();
   const sessions = transport.listSessions();
+  let processedAnyEmployee = false;
   for (const session of sessions) {
     if (!session.includes("-")) continue;
     const agentName = session.split("-")[0]?.replace(/\d+$/, "");
     if (!agentName) continue;
+    if ("isAlive" in transport && typeof transport.isAlive === "function") {
+      if (!transport.isAlive(session)) continue;
+    }
     const lastNudgeTime = _lastNudge.get(session) ?? 0;
     if (now2 - lastNudgeTime < TASK_ENFORCEMENT_DEBOUNCE_MS) {
       continue;
     }
     const employee = employees.find((e) => e.name === agentName);
     if (!employee) continue;
+    processedAnyEmployee = true;
     let effectiveScope = scopeFilter;
     const dashIndex = session.indexOf("-");
     if (dashIndex > 0) {
@@ -35408,12 +35568,21 @@ async function runTaskEnforcementTick(deps) {
             }
           }
         }
+        let inProgressTasks = 0;
+        if (openTasks > 0) {
+          const ipResult = await client.execute({
+            sql: `SELECT COUNT(*) as cnt FROM tasks WHERE assigned_to = ? AND status = 'in_progress'${effectiveScope.sql}`,
+            args: [agentName, ...effectiveScope.args]
+          });
+          inProgressTasks = Number(ipResult.rows[0]?.cnt ?? 0);
+        }
         const pane = transport.capturePane(session, 20);
         paneIdle = isIdlePane(pane);
-        action = decideManagerAction({ openTasks, activeSubtasks }, paneIdle, withinGracePeriod);
+        const nudgeEcho = isNudgeEcho(pane);
+        action = decideManagerAction({ openTasks, activeSubtasks, inProgressTasks }, paneIdle, withinGracePeriod, nudgeEcho);
         if (action === "skip") reason = "no open tasks";
         else if (action === "grace_period") reason = `task assigned <10min ago (${graceRemaining}s remaining)`;
-        else if (action === "active") reason = "pane shows active work";
+        else if (action === "active") reason = nudgeEcho ? "pane shows previous nudge (anti-loop)" : inProgressTasks > 0 ? `${inProgressTasks} tasks in_progress` : "pane shows active work";
         else if (action === "nudge") reason = `${openTasks} open tasks, 0 delegated, pane idle`;
         else if (action === "soft_nudge") reason = `${openTasks} open tasks, ${activeSubtasks} delegated, pane idle`;
         writeAuditEntry({
@@ -35442,7 +35611,8 @@ async function runTaskEnforcementTick(deps) {
         if (taskCount > 0) {
           const pane = transport.capturePane(session, 20);
           paneIdle = isIdlePane(pane);
-          action = decideWorkerAction(taskCount, paneIdle);
+          const workerNudgeEcho = isNudgeEcho(pane);
+          action = decideWorkerAction(taskCount, paneIdle, workerNudgeEcho);
         }
         if (action === "skip") reason = "no tasks";
         else if (action === "idle") reason = `${taskCount} tasks but pane active`;
@@ -35468,8 +35638,32 @@ async function runTaskEnforcementTick(deps) {
     } catch {
     }
   }
+  if (processedAnyEmployee) {
+    try {
+      const staleBlocked = await client.execute({
+        sql: `SELECT t.id, t.title, b.status as blocker_status
+              FROM tasks t
+              JOIN tasks b ON t.blocked_by = b.id
+              WHERE t.status = 'blocked'
+                AND b.status IN ('done', 'cancelled', 'closed')${scopeFilter.sql}`,
+        args: [...scopeFilter.args]
+      });
+      const nowIso = new Date(now2).toISOString();
+      for (const row of staleBlocked.rows) {
+        await client.execute({
+          sql: `UPDATE tasks SET status = 'open', blocked_by = NULL, updated_at = ? WHERE id = ?`,
+          args: [nowIso, String(row.id)]
+        });
+        process.stderr.write(
+          `[exed] Auto-unblocked "${String(row.title)}" \u2014 blocker already ${String(row.blocker_status)}
+`
+        );
+      }
+    } catch {
+    }
+  }
 }
-var TASK_ENFORCEMENT_INTERVAL_MS, TASK_ENFORCEMENT_DEBOUNCE_MS, MANAGER_GRACE_PERIOD_MS, IDLE_PATTERNS, MANAGER_ROLES, AUDIT_LOG_PATH, _lastNudge;
+var TASK_ENFORCEMENT_INTERVAL_MS, TASK_ENFORCEMENT_DEBOUNCE_MS, MANAGER_GRACE_PERIOD_MS, IDLE_PATTERNS, NUDGE_ECHO_PATTERNS, MANAGER_ROLES, AUDIT_LOG_PATH, _lastNudge;
 var init_task_enforcement = __esm({
   "src/lib/task-enforcement.ts"() {
     "use strict";
@@ -35484,6 +35678,13 @@ var init_task_enforcement = __esm({
       "Anything else?",
       "What do you need?"
     ];
+    NUDGE_ECHO_PATTERNS = [
+      "You have pending notifications",
+      "You have open tasks. Run list_tasks",
+      "You have more open tasks to dispatch",
+      "Run list_tasks to check for assigned work",
+      "Run list_tasks to find them"
+    ];
     MANAGER_ROLES = ["COO", "CTO"];
     AUDIT_LOG_PATH = path59.join(
       process.env.HOME ?? process.env.USERPROFILE ?? "/tmp",
@@ -36227,8 +36428,8 @@ async function loadModel() {
     const { getLlama } = await import("node-llama-cpp");
     _llama = await getLlama();
     _model = await _llama.loadModel({ modelPath });
-    _context = await _model.createEmbeddingContext();
-    process.stderr.write("[exed] Model loaded and ready.\n");
+    _context = await _model.createEmbeddingContext({ contextSize: 8192 });
+    process.stderr.write("[exed] Model loaded and ready (contextSize=8192).\n");
   } catch (err) {
     process.stderr.write(`[exed] Model load failed (non-fatal): ${err instanceof Error ? err.message : String(err)}
 `);
@@ -36403,6 +36604,11 @@ async function handleHealthCheck(socket, requestId) {
           heap_used_mb: Math.round(mem.heapUsed / 1024 / 1024),
           external_mb: Math.round(mem.external / 1024 / 1024),
           array_buffers_mb: Math.round(mem.arrayBuffers / 1024 / 1024)
+        },
+        connections: {
+          active: _activeConnections,
+          high_queue: highQueue.length,
+          low_queue: lowQueue.length
         }
       }
     } : { error: "unhealthy: model not loaded or test embed failed" }
@@ -36782,10 +36988,12 @@ function startServer() {
       }
     });
     socket.on("close", () => {
+      buffer = "";
       _activeConnections--;
       checkIdle();
     });
     socket.on("error", () => {
+      buffer = "";
       _activeConnections--;
       checkIdle();
     });
@@ -36922,7 +37130,7 @@ async function startMcpHttpServer() {
     const httpServer = createHttpServer(async (req, res) => {
       res.setHeader("Access-Control-Allow-Origin", "http://127.0.0.1");
       res.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, OPTIONS");
-      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Agent-Id, X-Agent-Role, Mcp-Session-Id");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Agent-Id, X-Agent-Role, X-Exe-Session, Mcp-Session-Id");
       res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
       if (req.method === "OPTIONS") {
         res.writeHead(204);
@@ -36930,9 +37138,19 @@ async function startMcpHttpServer() {
         return;
       }
       const url = new URL(req.url || "/", `http://127.0.0.1:${MCP_HTTP_PORT}`);
+      if (url.pathname === "/.well-known/oauth-protected-resource" || url.pathname === "/.well-known/oauth-protected-resource/mcp") {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({
+          resource: `http://127.0.0.1:${MCP_HTTP_PORT}/mcp`,
+          authorization_servers: [],
+          scopes_supported: [],
+          bearer_methods_supported: ["header"]
+        }));
+        return;
+      }
       if (url.pathname !== "/mcp") {
-        res.writeHead(404, { "Content-Type": "text/plain" });
-        res.end("Not Found");
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "not_found" }));
         return;
       }
       const authHeader = req.headers.authorization;
@@ -36945,6 +37163,7 @@ async function startMcpHttpServer() {
       }
       const agentId = req.headers["x-agent-id"] || "default";
       const agentRole = req.headers["x-agent-role"] || "employee";
+      const sessionHint = req.headers["x-exe-session"] || "";
       const runtime = inferMcpRuntime({
         runtimeHeader: req.headers["x-agent-runtime"] || req.headers["x-runtime"],
         userAgent: req.headers["user-agent"],
@@ -36981,7 +37200,7 @@ async function startMcpHttpServer() {
           onsessioninitialized: (sid) => {
             transports.set(sid, transport);
             sessionLastSeen.set(sid, Date.now());
-            sessionDetails.set(sid, { agentId, agentRole, runtime });
+            sessionDetails.set(sid, { agentId, agentRole, runtime, sessionHint });
             recordMcpHttpEvent({
               level: "info",
               message: "session_initialized",
@@ -37016,6 +37235,8 @@ async function startMcpHttpServer() {
         });
         return;
       }
+      const prevSession = process.env.EXE_SESSION_NAME;
+      if (sessionHint) process.env.EXE_SESSION_NAME = sessionHint;
       const startedAt = Date.now();
       const parsedRequest = parsedBody;
       const toolName = parsedRequest?.method === "tools/call" ? parsedRequest.params?.name : void 0;
@@ -37072,6 +37293,11 @@ async function startMcpHttpServer() {
             runtime
           });
         }
+      } finally {
+        if (sessionHint) {
+          if (prevSession) process.env.EXE_SESSION_NAME = prevSession;
+          else delete process.env.EXE_SESSION_NAME;
+        }
       }
     });
     const MCP_HTTP_HOST = process.env.EXE_MCP_HOST || process.env.EXED_HOST || "127.0.0.1";