@askexenow/exe-os 0.9.113 → 0.9.115

package/dist/hooks/summary-worker.js

@@ -218,6 +218,17 @@ function normalizeOrchestration(raw) {
   const userOrg = raw.orchestration ?? {};
   raw.orchestration = { ...defaultOrg, ...userOrg };
 }
+function normalizeCloudEndpoint(raw) {
+  const cloud = raw.cloud;
+  if (!cloud?.endpoint) return;
+  const ep = String(cloud.endpoint);
+  if (ep === "https://askexe.com/cloud" || ep === "https://askexe.com/cloud/") {
+    cloud.endpoint = "https://cloud.askexe.com";
+    process.stderr.write(
+      "[config] Auto-migrated cloud endpoint: askexe.com/cloud \u2192 cloud.askexe.com\n"
+    );
+  }
+}
 async function loadConfig() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
   await ensurePrivateDir(dir);
@@ -243,6 +254,7 @@ async function loadConfig() {
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
     normalizeOrchestration(migratedCfg);
+    normalizeCloudEndpoint(migratedCfg);
     const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
     if (config.dbPath.startsWith("~")) {
       config.dbPath = config.dbPath.replace(/^~/, os.homedir());
@@ -271,6 +283,7 @@ function loadConfigSync() {
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
     normalizeOrchestration(migratedCfg);
+    normalizeCloudEndpoint(migratedCfg);
     const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
     if (config.dbPath.startsWith("~")) {
       config.dbPath = config.dbPath.replace(/^~/, os.homedir());
@@ -394,11 +407,176 @@ var init_config = __esm({
   }
 });
 
+// src/lib/runtime-table.ts
+var RUNTIME_TABLE, DEFAULT_RUNTIME;
+var init_runtime_table = __esm({
+  "src/lib/runtime-table.ts"() {
+    "use strict";
+    RUNTIME_TABLE = {
+      codex: {
+        binary: "codex",
+        launchMode: "interactive",
+        autoApproveFlag: "--dangerously-bypass-approvals-and-sandbox",
+        inlineFlag: "--no-alt-screen",
+        apiKeyEnv: "OPENAI_API_KEY",
+        defaultModel: "gpt-5.5"
+      },
+      opencode: {
+        binary: "opencode",
+        launchMode: "exec",
+        autoApproveFlag: "--dangerously-skip-permissions",
+        inlineFlag: "",
+        apiKeyEnv: "ANTHROPIC_API_KEY",
+        defaultModel: "anthropic/claude-sonnet-4-6"
+      }
+    };
+    DEFAULT_RUNTIME = "claude";
+  }
+});
+
+// src/lib/agent-config.ts
+var agent_config_exports = {};
+__export(agent_config_exports, {
+  AGENT_CONFIG_PATH: () => AGENT_CONFIG_PATH,
+  DEFAULT_MODELS: () => DEFAULT_MODELS,
+  KNOWN_RUNTIMES: () => KNOWN_RUNTIMES,
+  RUNTIME_LABELS: () => RUNTIME_LABELS,
+  clearAgentRuntime: () => clearAgentRuntime,
+  getAgentRuntime: () => getAgentRuntime,
+  loadAgentConfig: () => loadAgentConfig,
+  normalizeCcModelName: () => normalizeCcModelName,
+  saveAgentConfig: () => saveAgentConfig,
+  setAgentMcps: () => setAgentMcps,
+  setAgentRuntime: () => setAgentRuntime
+});
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync3 } from "fs";
+import path2 from "path";
+function loadAgentConfig() {
+  if (!existsSync3(AGENT_CONFIG_PATH)) return {};
+  try {
+    return JSON.parse(readFileSync2(AGENT_CONFIG_PATH, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function saveAgentConfig(config) {
+  const dir = path2.dirname(AGENT_CONFIG_PATH);
+  ensurePrivateDirSync(dir);
+  writeFileSync(AGENT_CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", "utf-8");
+  enforcePrivateFileSync(AGENT_CONFIG_PATH);
+}
+function getAgentRuntime(agentId) {
+  const config = loadAgentConfig();
+  const entry = config[agentId];
+  if (entry) return entry;
+  const orgDefault = config["default"];
+  if (orgDefault) return orgDefault;
+  return { runtime: DEFAULT_RUNTIME, model: DEFAULT_MODELS[DEFAULT_RUNTIME] };
+}
+function normalizeCcModelName(model) {
+  let ccModel = model.replace(/(\d+)\.(\d+)/g, "$1-$2");
+  if (/claude-(opus|sonnet)-4-[6-9]/.test(ccModel) && !ccModel.includes("[1m]")) {
+    ccModel += "[1m]";
+  }
+  return ccModel;
+}
+function setAgentRuntime(agentId, runtime, model, reasoning_effort, mcps) {
+  const knownModels = KNOWN_RUNTIMES[runtime];
+  if (!knownModels) {
+    return {
+      ok: false,
+      error: `Unknown runtime "${runtime}". Valid: ${Object.keys(KNOWN_RUNTIMES).join(", ")}`
+    };
+  }
+  if (!knownModels.includes(model)) {
+    return {
+      ok: false,
+      error: `Unknown model "${model}" for runtime "${runtime}". Valid: ${knownModels.join(", ")}`
+    };
+  }
+  const config = loadAgentConfig();
+  const existing = config[agentId];
+  const entry = { runtime, model };
+  if (reasoning_effort) entry.reasoning_effort = reasoning_effort;
+  if (mcps !== void 0) {
+    entry.mcps = mcps.includes("exe-os") ? mcps : ["exe-os", ...mcps];
+  } else if (existing?.mcps) {
+    entry.mcps = existing.mcps;
+  }
+  config[agentId] = entry;
+  saveAgentConfig(config);
+  return { ok: true };
+}
+function setAgentMcps(agentId, mcps) {
+  const config = loadAgentConfig();
+  const existing = config[agentId] ?? getAgentRuntime(agentId);
+  existing.mcps = mcps.includes("exe-os") ? mcps : ["exe-os", ...mcps];
+  config[agentId] = existing;
+  saveAgentConfig(config);
+  return { ok: true };
+}
+function clearAgentRuntime(agentId) {
+  const config = loadAgentConfig();
+  delete config[agentId];
+  saveAgentConfig(config);
+}
+var AGENT_CONFIG_PATH, KNOWN_RUNTIMES, RUNTIME_LABELS, DEFAULT_MODELS;
+var init_agent_config = __esm({
+  "src/lib/agent-config.ts"() {
+    "use strict";
+    init_config();
+    init_runtime_table();
+    init_secure_files();
+    AGENT_CONFIG_PATH = path2.join(EXE_AI_DIR, "agent-config.json");
+    KNOWN_RUNTIMES = {
+      claude: ["claude-opus-4.6", "claude-opus-4", "claude-sonnet-4.6", "claude-sonnet-4", "claude-haiku-4.5"],
+      codex: ["gpt-5.4", "gpt-5.5", "gpt-5.3-codex-spark", "o3", "o4-mini"],
+      opencode: ["anthropic/claude-sonnet-4-6", "openai/gpt-5.4", "google/gemini-2.5-pro", "deepseek/deepseek-r3", "minimax/minimax-m2.5"]
+    };
+    RUNTIME_LABELS = {
+      claude: "Claude Code (Anthropic)",
+      codex: "Codex (OpenAI)",
+      opencode: "OpenCode (open source)"
+    };
+    DEFAULT_MODELS = {
+      claude: "claude-opus-4.6",
+      codex: RUNTIME_TABLE.codex?.defaultModel ?? "gpt-5.4",
+      opencode: RUNTIME_TABLE.opencode?.defaultModel ?? "anthropic/claude-sonnet-4-6"
+    };
+  }
+});
+
 // src/lib/employees.ts
+var employees_exports = {};
+__export(employees_exports, {
+  COORDINATOR_ROLE: () => COORDINATOR_ROLE,
+  DEFAULT_COORDINATOR_TEMPLATE_NAME: () => DEFAULT_COORDINATOR_TEMPLATE_NAME,
+  EMPLOYEES_PATH: () => EMPLOYEES_PATH,
+  addEmployee: () => addEmployee,
+  baseAgentName: () => baseAgentName,
+  canCoordinate: () => canCoordinate,
+  getCoordinatorEmployee: () => getCoordinatorEmployee,
+  getCoordinatorName: () => getCoordinatorName,
+  getEmployee: () => getEmployee,
+  getEmployeeByRole: () => getEmployeeByRole,
+  getEmployeeNamesByRole: () => getEmployeeNamesByRole,
+  hasRole: () => hasRole,
+  hireEmployee: () => hireEmployee,
+  isCoordinatorName: () => isCoordinatorName,
+  isCoordinatorRole: () => isCoordinatorRole,
+  isMultiInstance: () => isMultiInstance,
+  loadEmployees: () => loadEmployees,
+  loadEmployeesSync: () => loadEmployeesSync,
+  normalizeRole: () => normalizeRole,
+  normalizeRosterCase: () => normalizeRosterCase,
+  registerBinSymlinks: () => registerBinSymlinks,
+  saveEmployees: () => saveEmployees,
+  validateEmployeeName: () => validateEmployeeName
+});
 import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { existsSync as existsSync3, symlinkSync, readlinkSync, readFileSync as readFileSync2, renameSync as renameSync2, unlinkSync, writeFileSync } from "fs";
+import { existsSync as existsSync4, symlinkSync, readlinkSync, readFileSync as readFileSync3, renameSync as renameSync2, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
 import { execSync } from "child_process";
-import path2 from "path";
+import path3 from "path";
 import os2 from "os";
 function normalizeRole(role) {
   return (role ?? "").trim().toLowerCase();
@@ -419,8 +597,23 @@ function isCoordinatorName(agentName, employees = loadEmployeesSync()) {
 function canCoordinate(agentName, agentRole, employees = loadEmployeesSync()) {
   return agentName === "default" || isCoordinatorRole(agentRole) || isCoordinatorName(agentName, employees);
 }
+function validateEmployeeName(name) {
+  if (!name) {
+    return { valid: false, error: "Name is required" };
+  }
+  if (name.length > 32) {
+    return { valid: false, error: "Name must be 32 characters or fewer" };
+  }
+  if (!/^[a-z][a-z0-9]*$/.test(name)) {
+    return {
+      valid: false,
+      error: "Name must start with a letter and contain only lowercase alphanumeric characters"
+    };
+  }
+  return { valid: true };
+}
 async function loadEmployees(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync3(employeesPath)) {
+  if (!existsSync4(employeesPath)) {
     return [];
   }
   const raw = await readFile2(employeesPath, "utf-8");
@@ -431,17 +624,131 @@ async function loadEmployees(employeesPath = EMPLOYEES_PATH) {
   }
 }
 async function saveEmployees(employees, employeesPath = EMPLOYEES_PATH) {
-  await mkdir2(path2.dirname(employeesPath), { recursive: true });
+  await mkdir2(path3.dirname(employeesPath), { recursive: true });
   await writeFile2(employeesPath, JSON.stringify(employees, null, 2) + "\n", "utf-8");
 }
 function loadEmployeesSync(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync3(employeesPath)) return [];
+  if (!existsSync4(employeesPath)) return [];
   try {
-    return JSON.parse(readFileSync2(employeesPath, "utf-8"));
+    return JSON.parse(readFileSync3(employeesPath, "utf-8"));
   } catch {
     return [];
   }
 }
+function getEmployee(employees, name) {
+  return employees.find((e) => e.name.toLowerCase() === name.toLowerCase());
+}
+function getEmployeeByRole(employees, role) {
+  const lower = role.toLowerCase();
+  return employees.find((e) => e.role.toLowerCase() === lower);
+}
+function getEmployeeNamesByRole(employees, role) {
+  const lower = role.toLowerCase();
+  return employees.filter((e) => e.role.toLowerCase() === lower).map((e) => e.name);
+}
+function hasRole(agentName, role) {
+  const employees = loadEmployeesSync();
+  const emp = getEmployee(employees, agentName);
+  return emp ? emp.role.toLowerCase() === role.toLowerCase() : false;
+}
+function baseAgentName(name, employees) {
+  const match = name.match(/^([a-zA-Z]+)\d+$/);
+  if (!match) return name;
+  const base = match[1];
+  const roster = employees ?? loadEmployeesSync();
+  if (getEmployee(roster, base)) return base;
+  return name;
+}
+function isMultiInstance(agentName, employees) {
+  const roster = employees ?? loadEmployeesSync();
+  const emp = getEmployee(roster, agentName);
+  if (!emp) return false;
+  return MULTI_INSTANCE_ROLES.has(emp.role.toLowerCase());
+}
+function addEmployee(employees, employee) {
+  const { systemPrompt: _legacyPrompt, ...rest } = employee;
+  const normalized = { ...rest, name: employee.name.toLowerCase() };
+  if (employees.some((e) => e.name.toLowerCase() === normalized.name)) {
+    throw new Error(`Employee '${normalized.name}' already exists`);
+  }
+  return [...employees, normalized];
+}
+function appendToCoordinatorTeam(employee) {
+  const coordinator = getCoordinatorEmployee(loadEmployeesSync());
+  if (!coordinator) return;
+  const idPath = path3.join(IDENTITY_DIR, `${coordinator.name}.md`);
+  if (!existsSync4(idPath)) return;
+  const content = readFileSync3(idPath, "utf-8");
+  if (content.includes(`**${capitalize(employee.name)}`)) return;
+  const teamMatch = content.match(TEAM_SECTION_RE);
+  if (!teamMatch || teamMatch.index === void 0) return;
+  const afterTeam = content.slice(teamMatch.index + teamMatch[0].length);
+  const nextHeading = afterTeam.match(/\n## /);
+  const entry = `
+**${capitalize(employee.name)} (${employee.role}):** Newly hired. Update this description as the role develops.
+`;
+  let updated;
+  if (nextHeading && nextHeading.index !== void 0) {
+    const insertAt = teamMatch.index + teamMatch[0].length + nextHeading.index;
+    updated = content.slice(0, insertAt) + entry + content.slice(insertAt);
+  } else {
+    updated = content.trimEnd() + "\n" + entry;
+  }
+  writeFileSync2(idPath, updated, "utf-8");
+}
+function capitalize(s) {
+  return s.charAt(0).toUpperCase() + s.slice(1);
+}
+async function hireEmployee(employee) {
+  const employees = await loadEmployees();
+  const updated = addEmployee(employees, employee);
+  await saveEmployees(updated);
+  try {
+    appendToCoordinatorTeam(employee);
+  } catch {
+  }
+  try {
+    const { loadAgentConfig: loadAgentConfig2, saveAgentConfig: saveAgentConfig2 } = await Promise.resolve().then(() => (init_agent_config(), agent_config_exports));
+    const config = loadAgentConfig2();
+    const name = employee.name.toLowerCase();
+    if (!config[name] && config["default"]) {
+      config[name] = { ...config["default"] };
+      saveAgentConfig2(config);
+    }
+  } catch {
+  }
+  return updated;
+}
+async function normalizeRosterCase(rosterPath) {
+  const employees = await loadEmployees(rosterPath);
+  let changed = false;
+  for (const emp of employees) {
+    if (emp.name !== emp.name.toLowerCase()) {
+      const oldName = emp.name;
+      emp.name = emp.name.toLowerCase();
+      changed = true;
+      try {
+        const identityDir = path3.join(os2.homedir(), ".exe-os", "identity");
+        const oldPath = path3.join(identityDir, `${oldName}.md`);
+        const newPath = path3.join(identityDir, `${emp.name}.md`);
+        if (existsSync4(oldPath) && !existsSync4(newPath)) {
+          renameSync2(oldPath, newPath);
+        } else if (existsSync4(oldPath) && oldPath !== newPath) {
+          const content = readFileSync3(oldPath, "utf-8");
+          writeFileSync2(newPath, content, "utf-8");
+          if (oldPath.toLowerCase() !== newPath.toLowerCase()) {
+            unlinkSync(oldPath);
+          }
+        }
+      } catch {
+      }
+    }
+  }
+  if (changed) {
+    await saveEmployees(employees, rosterPath);
+  }
+  return changed;
+}
 function findExeBin() {
   try {
     return execSync(process.platform === "win32" ? "where exe-os" : "which exe-os", { encoding: "utf8" }).trim();
@@ -458,7 +765,7 @@ function registerBinSymlinks(name) {
     errors.push("Could not find 'exe-os' in PATH");
     return { created, skipped, errors };
   }
-  const binDir = path2.dirname(exeBinPath);
+  const binDir = path3.dirname(exeBinPath);
   let target;
   try {
     target = readlinkSync(exeBinPath);
@@ -468,8 +775,8 @@ function registerBinSymlinks(name) {
   }
   for (const suffix of ["", "-opencode"]) {
     const linkName = `${name}${suffix}`;
-    const linkPath = path2.join(binDir, linkName);
-    if (existsSync3(linkPath)) {
+    const linkPath = path3.join(binDir, linkName);
+    if (existsSync4(linkPath)) {
       skipped.push(linkName);
       continue;
     }
@@ -482,21 +789,23 @@ function registerBinSymlinks(name) {
   }
   return { created, skipped, errors };
 }
-var EMPLOYEES_PATH, DEFAULT_COORDINATOR_TEMPLATE_NAME, COORDINATOR_ROLE, IDENTITY_DIR;
+var EMPLOYEES_PATH, DEFAULT_COORDINATOR_TEMPLATE_NAME, COORDINATOR_ROLE, MULTI_INSTANCE_ROLES, IDENTITY_DIR, TEAM_SECTION_RE;
 var init_employees = __esm({
   "src/lib/employees.ts"() {
     "use strict";
     init_config();
-    EMPLOYEES_PATH = path2.join(EXE_AI_DIR, "exe-employees.json");
+    EMPLOYEES_PATH = path3.join(EXE_AI_DIR, "exe-employees.json");
     DEFAULT_COORDINATOR_TEMPLATE_NAME = "exe";
     COORDINATOR_ROLE = "COO";
-    IDENTITY_DIR = path2.join(EXE_AI_DIR, "identity");
+    MULTI_INSTANCE_ROLES = /* @__PURE__ */ new Set(["principal engineer", "content production specialist", "staff code reviewer"]);
+    IDENTITY_DIR = path3.join(EXE_AI_DIR, "identity");
+    TEAM_SECTION_RE = /^## Team\b.*$/m;
   }
 });
 
 // src/lib/database-adapter.ts
 import os3 from "os";
-import path3 from "path";
+import path4 from "path";
 import { createRequire } from "module";
 import { pathToFileURL } from "url";
 function quotedIdentifier(identifier) {
@@ -807,8 +1116,8 @@ async function loadPrismaClient() {
         }
         return new PrismaClient2();
       }
-      const exeDbRoot = process.env.EXE_DB_ROOT ?? path3.join(os3.homedir(), "exe-db");
-      const requireFromExeDb = createRequire(path3.join(exeDbRoot, "package.json"));
+      const exeDbRoot = process.env.EXE_DB_ROOT ?? path4.join(os3.homedir(), "exe-db");
+      const requireFromExeDb = createRequire(path4.join(exeDbRoot, "package.json"));
       const prismaEntry = requireFromExeDb.resolve("@prisma/client");
       const module = await import(pathToFileURL(prismaEntry).href);
       const PrismaClient = module.PrismaClient ?? module.default?.PrismaClient;
@@ -1080,8 +1389,8 @@ var init_database_adapter = __esm({
 
 // src/lib/daemon-auth.ts
 import crypto from "crypto";
-import path4 from "path";
-import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
+import path5 from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
 function normalizeToken(token) {
   if (!token) return null;
   const trimmed = token.trim();
@@ -1089,8 +1398,8 @@ function normalizeToken(token) {
 }
 function readDaemonToken() {
   try {
-    if (!existsSync4(DAEMON_TOKEN_PATH)) return null;
-    return normalizeToken(readFileSync3(DAEMON_TOKEN_PATH, "utf8"));
+    if (!existsSync5(DAEMON_TOKEN_PATH)) return null;
+    return normalizeToken(readFileSync4(DAEMON_TOKEN_PATH, "utf8"));
   } catch {
     return null;
   }
@@ -1100,7 +1409,7 @@ function ensureDaemonToken(seed) {
   if (existing) return existing;
   const token = normalizeToken(seed) ?? crypto.randomBytes(32).toString("hex");
   ensurePrivateDirSync(EXE_AI_DIR);
-  writeFileSync2(DAEMON_TOKEN_PATH, `${token}
+  writeFileSync3(DAEMON_TOKEN_PATH, `${token}
 `, "utf8");
   enforcePrivateFileSync(DAEMON_TOKEN_PATH);
   return token;
@@ -1111,7 +1420,7 @@ var init_daemon_auth = __esm({
     "use strict";
     init_config();
     init_secure_files();
-    DAEMON_TOKEN_PATH = path4.join(EXE_AI_DIR, "exed.token");
+    DAEMON_TOKEN_PATH = path5.join(EXE_AI_DIR, "exed.token");
   }
 });
 
@@ -1120,8 +1429,8 @@ import net from "net";
 import os4 from "os";
 import { spawn, execSync as execSync2 } from "child_process";
 import { randomUUID } from "crypto";
-import { existsSync as existsSync5, unlinkSync as unlinkSync2, readFileSync as readFileSync4, openSync, closeSync, statSync } from "fs";
-import path5 from "path";
+import { existsSync as existsSync6, unlinkSync as unlinkSync2, readFileSync as readFileSync5, openSync, closeSync, statSync } from "fs";
+import path6 from "path";
 import { fileURLToPath } from "url";
 function handleData(chunk) {
   _buffer += chunk.toString();
@@ -1157,9 +1466,9 @@ function isZombie(pid) {
   }
 }
 function cleanupStaleFiles() {
-  if (existsSync5(PID_PATH)) {
+  if (existsSync6(PID_PATH)) {
     try {
-      const pid = parseInt(readFileSync4(PID_PATH, "utf8").trim(), 10);
+      const pid = parseInt(readFileSync5(PID_PATH, "utf8").trim(), 10);
       if (pid > 0) {
         try {
           process.kill(pid, 0);
@@ -1184,11 +1493,11 @@ function cleanupStaleFiles() {
   }
 }
 function findPackageRoot() {
-  let dir = path5.dirname(fileURLToPath(import.meta.url));
-  const { root } = path5.parse(dir);
+  let dir = path6.dirname(fileURLToPath(import.meta.url));
+  const { root } = path6.parse(dir);
   while (dir !== root) {
-    if (existsSync5(path5.join(dir, "package.json"))) return dir;
-    dir = path5.dirname(dir);
+    if (existsSync6(path6.join(dir, "package.json"))) return dir;
+    dir = path6.dirname(dir);
   }
   return null;
 }
@@ -1206,8 +1515,8 @@ function spawnDaemon() {
     process.stderr.write("[exed-client] WARN: cannot find package root\n");
     return;
   }
-  const daemonPath = path5.join(pkgRoot, "dist", "lib", "exe-daemon.js");
-  if (!existsSync5(daemonPath)) {
+  const daemonPath = path6.join(pkgRoot, "dist", "lib", "exe-daemon.js");
+  if (!existsSync6(daemonPath)) {
     process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
 `);
     return;
@@ -1216,7 +1525,7 @@ function spawnDaemon() {
   const daemonToken = ensureDaemonToken(process.env[DAEMON_TOKEN_ENV] ?? null);
   process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
 `);
-  const logPath = path5.join(path5.dirname(SOCKET_PATH), "exed.log");
+  const logPath = path6.join(path6.dirname(SOCKET_PATH), "exed.log");
   let stderrFd = "ignore";
   try {
     stderrFd = openSync(logPath, "a");
@@ -1381,9 +1690,9 @@ function killAndRespawnDaemon() {
   }
   try {
     process.stderr.write("[exed-client] Killing daemon for restart...\n");
-    if (existsSync5(PID_PATH)) {
+    if (existsSync6(PID_PATH)) {
       try {
-        const pid = parseInt(readFileSync4(PID_PATH, "utf8").trim(), 10);
+        const pid = parseInt(readFileSync5(PID_PATH, "utf8").trim(), 10);
         if (pid > 0) {
           try {
             process.kill(pid, "SIGKILL");
@@ -1509,9 +1818,9 @@ var init_exe_daemon_client = __esm({
     "use strict";
     init_config();
     init_daemon_auth();
-    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path5.join(EXE_AI_DIR, "exed.sock");
-    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path5.join(EXE_AI_DIR, "exed.pid");
-    SPAWN_LOCK_PATH = path5.join(EXE_AI_DIR, "exed-spawn.lock");
+    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path6.join(EXE_AI_DIR, "exed.sock");
+    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path6.join(EXE_AI_DIR, "exed.pid");
+    SPAWN_LOCK_PATH = path6.join(EXE_AI_DIR, "exed-spawn.lock");
     SPAWN_LOCK_STALE_MS = 3e4;
     CONNECT_TIMEOUT_MS = 15e3;
     REQUEST_TIMEOUT_MS = 3e4;
@@ -1744,7 +2053,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
-import { chmodSync as chmodSync2, existsSync as existsSync6, statSync as statSync2, copyFileSync, unlinkSync as unlinkSync3, openSync as openSync2, closeSync as closeSync2, mkdirSync as mkdirSync2 } from "fs";
+import { chmodSync as chmodSync2, existsSync as existsSync7, statSync as statSync2, copyFileSync, unlinkSync as unlinkSync3, openSync as openSync2, closeSync as closeSync2, mkdirSync as mkdirSync2 } from "fs";
 import { createClient } from "@libsql/client";
 import { homedir } from "os";
 import { join } from "path";
@@ -1797,11 +2106,11 @@ function releaseDbLock() {
 }
 async function initDatabase(config) {
   acquireDbLock();
-  if (existsSync6(config.dbPath)) {
+  if (existsSync7(config.dbPath)) {
     const dbStat = statSync2(config.dbPath);
     if (dbStat.size === 0) {
       const walPath = config.dbPath + "-wal";
-      if (existsSync6(walPath) && statSync2(walPath).size > 0) {
+      if (existsSync7(walPath) && statSync2(walPath).size > 0) {
         const backupPath = config.dbPath + ".zeroed-" + Date.now();
         copyFileSync(config.dbPath, backupPath);
         unlinkSync3(config.dbPath);
@@ -3396,16 +3705,16 @@ __export(keychain_exports, {
   importMnemonic: () => importMnemonic,
   setMasterKey: () => setMasterKey
 });
-import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
-import { existsSync as existsSync7, statSync as statSync3 } from "fs";
+import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2, rename, copyFile } from "fs/promises";
+import { existsSync as existsSync8, statSync as statSync3 } from "fs";
 import { execSync as execSync3 } from "child_process";
-import path6 from "path";
+import path7 from "path";
 import os5 from "os";
 function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path6.join(os5.homedir(), ".exe-os");
+  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path7.join(os5.homedir(), ".exe-os");
 }
 function getKeyPath() {
-  return path6.join(getKeyDir(), "master.key");
+  return path7.join(getKeyDir(), "master.key");
 }
 function nativeKeychainAllowed() {
   return process.env.EXE_OS_DISABLE_NATIVE_KEYCHAIN !== "1";
@@ -3431,12 +3740,14 @@ function linuxSecretAvailable() {
 function isRootOnlyTrustedServerKeyFile(keyPath) {
   if (process.platform !== "linux") return false;
   try {
-    const uid = typeof os5.userInfo().uid === "number" ? os5.userInfo().uid : -1;
     const st = statSync3(keyPath);
     if (!st.isFile() || (st.mode & 63) !== 0) return false;
+    const uid = typeof os5.userInfo().uid === "number" ? os5.userInfo().uid : -1;
     if (uid === 0) return true;
     const exeOsDir = process.env.EXE_OS_DIR;
-    return Boolean(exeOsDir && path6.resolve(keyPath).startsWith(path6.resolve(exeOsDir) + path6.sep));
+    if (exeOsDir && path7.resolve(keyPath).startsWith(path7.resolve(exeOsDir) + path7.sep)) return true;
+    if (!linuxSecretAvailable()) return true;
+    return false;
   } catch {
     return false;
   }
@@ -3586,15 +3897,25 @@ async function writeMachineBoundFileFallback(b64) {
   await mkdir3(dir, { recursive: true });
   const keyPath = getKeyPath();
   const machineKey = deriveMachineKey();
-  if (machineKey) {
-    const encrypted = encryptWithMachineKey(b64, machineKey);
-    await writeFile3(keyPath, encrypted + "\n", "utf-8");
-    await chmod2(keyPath, 384);
-    return "encrypted";
+  const content = machineKey ? encryptWithMachineKey(b64, machineKey) + "\n" : b64 + "\n";
+  const result = machineKey ? "encrypted" : "plaintext";
+  const tmpPath = keyPath + ".tmp";
+  try {
+    if (existsSync8(keyPath)) {
+      await copyFile(keyPath, keyPath + ".bak").catch(() => {
+      });
+    }
+    await writeFile3(tmpPath, content, "utf-8");
+    await chmod2(tmpPath, 384);
+    await rename(tmpPath, keyPath);
+  } catch (err) {
+    try {
+      await unlink(tmpPath);
+    } catch {
+    }
+    throw err;
   }
-  await writeFile3(keyPath, b64 + "\n", "utf-8");
-  await chmod2(keyPath, 384);
-  return "plaintext";
+  return result;
 }
 async function getMasterKey() {
   let nativeValue = macKeychainGet() ?? linuxSecretGet();
@@ -3633,7 +3954,7 @@ async function getMasterKey() {
     }
   }
   const keyPath = getKeyPath();
-  if (!existsSync7(keyPath)) {
+  if (!existsSync8(keyPath)) {
     process.stderr.write(
       `[keychain] Key not found at ${keyPath} (HOME=${os5.homedir()}, EXE_OS_DIR=${process.env.EXE_OS_DIR ?? "unset"})
 `
@@ -3661,7 +3982,7 @@ async function getMasterKey() {
       b64Value = content;
     }
     const key = Buffer.from(b64Value, "base64");
-    if (!content.startsWith(ENCRYPTED_PREFIX) && isRootOnlyTrustedServerKeyFile(keyPath)) {
+    if (isRootOnlyTrustedServerKeyFile(keyPath)) {
       return key;
     }
     const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
@@ -3741,7 +4062,7 @@ async function getKeyStorageInfo() {
     }
   }
   const keyPath = getKeyPath();
-  if (!existsSync7(keyPath)) {
+  if (!existsSync8(keyPath)) {
     return {
       kind: "missing",
       secure: false,
@@ -3837,7 +4158,7 @@ async function deleteMasterKey() {
     }
   }
   const keyPath = getKeyPath();
-  if (existsSync7(keyPath)) {
+  if (existsSync8(keyPath)) {
     await unlink(keyPath);
   }
 }
@@ -3952,14 +4273,14 @@ __export(shard_manager_exports, {
   listShards: () => listShards,
   shardExists: () => shardExists
 });
-import path7 from "path";
-import { existsSync as existsSync8, mkdirSync as mkdirSync3, readdirSync, renameSync as renameSync3, statSync as statSync4 } from "fs";
+import path8 from "path";
+import { existsSync as existsSync9, mkdirSync as mkdirSync3, readdirSync, renameSync as renameSync3, statSync as statSync4 } from "fs";
 import { createClient as createClient2 } from "@libsql/client";
 function initShardManager(encryptionKey) {
   _encryptionKey = encryptionKey;
   _keyValidated = false;
   _keyValidationPromise = null;
-  if (!existsSync8(SHARDS_DIR)) {
+  if (!existsSync9(SHARDS_DIR)) {
     mkdirSync3(SHARDS_DIR, { recursive: true });
   }
   const existingShards = readdirSync(SHARDS_DIR).filter((f) => f.endsWith(".db"));
@@ -3980,7 +4301,7 @@ async function validateEncryptionKey() {
     return true;
   }
   for (const shardFile of existingShards.slice(0, 3)) {
-    const dbPath = path7.join(SHARDS_DIR, shardFile);
+    const dbPath = path8.join(SHARDS_DIR, shardFile);
     const testClient = createClient2({ url: `file:${dbPath}`, encryptionKey: _encryptionKey });
     try {
       await testClient.execute("SELECT COUNT(*) FROM sqlite_schema");
@@ -4023,7 +4344,7 @@ function getShardClient(projectName) {
   while (_shards.size >= MAX_OPEN_SHARDS) {
     evictLRU();
   }
-  const dbPath = path7.join(SHARDS_DIR, `${safeName}.db`);
+  const dbPath = path8.join(SHARDS_DIR, `${safeName}.db`);
   const client = createClient2({
     url: `file:${dbPath}`,
     encryptionKey: _encryptionKey
@@ -4034,13 +4355,13 @@ function getShardClient(projectName) {
 }
 function shardExists(projectName) {
   const safeName = safeShardName(projectName);
-  return existsSync8(path7.join(SHARDS_DIR, `${safeName}.db`));
+  return existsSync9(path8.join(SHARDS_DIR, `${safeName}.db`));
 }
 function safeShardName(projectName) {
   return projectName.replace(/[^a-zA-Z0-9_-]/g, "_");
 }
 function listShards() {
-  if (!existsSync8(SHARDS_DIR)) return [];
+  if (!existsSync9(SHARDS_DIR)) return [];
   return readdirSync(SHARDS_DIR).filter((f) => f.endsWith(".db")).map((f) => f.replace(".db", ""));
 }
 async function auditShardHealth(options = {}) {
@@ -4052,7 +4373,7 @@ async function auditShardHealth(options = {}) {
   const names = listShards();
   const shards = [];
   for (const name of names) {
-    const dbPath = path7.join(SHARDS_DIR, `${name}.db`);
+    const dbPath = path8.join(SHARDS_DIR, `${name}.db`);
     const stat = statSync4(dbPath);
     const item = {
       name,
@@ -4087,7 +4408,7 @@ async function auditShardHealth(options = {}) {
         _shards.delete(name);
         _shardLastAccess.delete(name);
         const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-        const archivedPath = path7.join(SHARDS_DIR, `${name}.db.broken-${stamp}`);
+        const archivedPath = path8.join(SHARDS_DIR, `${name}.db.broken-${stamp}`);
         renameSync3(dbPath, archivedPath);
         item.archivedPath = archivedPath;
       }
@@ -4315,11 +4636,11 @@ async function getReadyShardClient(projectName) {
     client.close();
     _shards.delete(safeName);
     _shardLastAccess.delete(safeName);
-    const dbPath = path7.join(SHARDS_DIR, `${safeName}.db`);
-    if (existsSync8(dbPath)) {
+    const dbPath = path8.join(SHARDS_DIR, `${safeName}.db`);
+    if (existsSync9(dbPath)) {
       const stat = statSync4(dbPath);
       const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-      const archivedPath = path7.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
+      const archivedPath = path8.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
       renameSync3(dbPath, archivedPath);
       process.stderr.write(
         `[shard-manager] Archived unreadable shard ${safeName}: ${archivedPath} (${stat.size} bytes, mtime ${stat.mtime.toISOString()})
@@ -4387,7 +4708,7 @@ var init_shard_manager = __esm({
   "src/lib/shard-manager.ts"() {
     "use strict";
     init_config();
-    SHARDS_DIR = path7.join(EXE_AI_DIR, "shards");
+    SHARDS_DIR = path8.join(EXE_AI_DIR, "shards");
     SHARD_IDLE_MS = 5 * 60 * 1e3;
     MAX_OPEN_SHARDS = 10;
     EVICTION_INTERVAL_MS = 60 * 1e3;
@@ -4777,13 +5098,13 @@ ${p.content}`).join("\n\n");
 });
 
 // src/lib/session-registry.ts
-import path8 from "path";
+import path9 from "path";
 import os6 from "os";
 var REGISTRY_PATH;
 var init_session_registry = __esm({
   "src/lib/session-registry.ts"() {
     "use strict";
-    REGISTRY_PATH = path8.join(os6.homedir(), ".exe-os", "session-registry.json");
+    REGISTRY_PATH = path9.join(os6.homedir(), ".exe-os", "session-registry.json");
   }
 });
 
@@ -5001,51 +5322,6 @@ var init_provider_table = __esm({
   }
 });
 
-// src/lib/runtime-table.ts
-var RUNTIME_TABLE;
-var init_runtime_table = __esm({
-  "src/lib/runtime-table.ts"() {
-    "use strict";
-    RUNTIME_TABLE = {
-      codex: {
-        binary: "codex",
-        launchMode: "interactive",
-        autoApproveFlag: "--dangerously-bypass-approvals-and-sandbox",
-        inlineFlag: "--no-alt-screen",
-        apiKeyEnv: "OPENAI_API_KEY",
-        defaultModel: "gpt-5.5"
-      },
-      opencode: {
-        binary: "opencode",
-        launchMode: "exec",
-        autoApproveFlag: "--dangerously-skip-permissions",
-        inlineFlag: "",
-        apiKeyEnv: "ANTHROPIC_API_KEY",
-        defaultModel: "anthropic/claude-sonnet-4-6"
-      }
-    };
-  }
-});
-
-// src/lib/agent-config.ts
-import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync as existsSync9 } from "fs";
-import path9 from "path";
-var AGENT_CONFIG_PATH, DEFAULT_MODELS;
-var init_agent_config = __esm({
-  "src/lib/agent-config.ts"() {
-    "use strict";
-    init_config();
-    init_runtime_table();
-    init_secure_files();
-    AGENT_CONFIG_PATH = path9.join(EXE_AI_DIR, "agent-config.json");
-    DEFAULT_MODELS = {
-      claude: "claude-opus-4.6",
-      codex: RUNTIME_TABLE.codex?.defaultModel ?? "gpt-5.4",
-      opencode: RUNTIME_TABLE.opencode?.defaultModel ?? "anthropic/claude-sonnet-4-6"
-    };
-  }
-});
-
 // src/lib/intercom-queue.ts
 import { readFileSync as readFileSync6, writeFileSync as writeFileSync4, renameSync as renameSync4, existsSync as existsSync10, mkdirSync as mkdirSync4 } from "fs";
 import path10 from "path";
@@ -5683,6 +5959,21 @@ function isRootSession(name) {
 function extractRootExe(name) {
   if (!name) return null;
   if (!name.includes("-")) return name;
+  try {
+    const roster = (init_employees(), __toCommonJS(employees_exports)).loadEmployeesSync();
+    if (roster.length > 0) {
+      const sortedNames = roster.map((e) => e.name).sort((a, b) => b.length - a.length);
+      for (const agentName of sortedNames) {
+        const escaped = agentName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+        const regex = new RegExp(`^${escaped}\\d*-(.+)$`);
+        const match = name.match(regex);
+        if (match) {
+          return extractRootExe(match[1]);
+        }
+      }
+    }
+  } catch {
+  }
   const parts = name.split("-").filter(Boolean);
   return parts.length > 0 ? parts[parts.length - 1] : null;
 }
@@ -5701,6 +5992,10 @@ function registerParentExe(sessionKey, parentExe, dispatchedBy) {
 function getParentExe(sessionKey) {
   try {
     const data = JSON.parse(readFileSync9(path14.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`), "utf8"));
+    if (data.registeredAt) {
+      const age = Date.now() - new Date(data.registeredAt).getTime();
+      if (age > PARENT_EXE_CACHE_TTL_MS) return null;
+    }
     return data.parentExe || null;
   } catch {
     return null;
@@ -5773,7 +6068,7 @@ function resolveExeSession() {
   }
   return candidate;
 }
-var SPAWN_LOCK_DIR, SESSION_CACHE, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
+var SPAWN_LOCK_DIR, SESSION_CACHE, PARENT_EXE_CACHE_TTL_MS, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
 var init_tmux_routing = __esm({
   "src/lib/tmux-routing.ts"() {
     "use strict";
@@ -5791,6 +6086,7 @@ var init_tmux_routing = __esm({
     init_agent_symlinks();
     SPAWN_LOCK_DIR = path14.join(os10.homedir(), ".exe-os", "spawn-locks");
     SESSION_CACHE = path14.join(os10.homedir(), ".exe-os", "session-cache");
+    PARENT_EXE_CACHE_TTL_MS = 4 * 60 * 60 * 1e3;
     INTERCOM_LOG2 = path14.join(os10.homedir(), ".exe-os", "intercom.log");
     DEBOUNCE_FILE = path14.join(SESSION_CACHE, "intercom-debounce.json");
     DEBOUNCE_CLEANUP_AGE_MS = 5 * 60 * 1e3;
@@ -5957,7 +6253,21 @@ function tryAcquireWorkerSlot() {
     for (const f of files) {
       if (!f.endsWith(".pid")) continue;
       if (f.startsWith("res-")) {
-        alive++;
+        const resParts = f.replace(".pid", "").split("-");
+        const resPid = parseInt(resParts[1] ?? "", 10);
+        if (!isNaN(resPid) && resPid > 0) {
+          try {
+            process.kill(resPid, 0);
+            alive++;
+          } catch {
+            try {
+              unlinkSync6(path17.join(WORKER_PID_DIR, f));
+            } catch {
+            }
+          }
+        } else {
+          alive++;
+        }
         continue;
       }
       const dashIdx = f.lastIndexOf("-");
@@ -6500,6 +6810,7 @@ __export(cloud_sync_exports, {
   markCloudReuploadRequired: () => markCloudReuploadRequired,
   mergeConfig: () => mergeConfig,
   mergeRosterFromRemote: () => mergeRosterFromRemote,
+  migrateEndpoint: () => migrateEndpoint,
   pushToPostgres: () => pushToPostgres,
   recordRosterDeletion: () => recordRosterDeletion
 });
@@ -6670,6 +6981,15 @@ async function fetchWithRetry(url, init) {
   }
   throw lastError;
 }
+function migrateEndpoint(endpoint) {
+  if (endpoint === "https://askexe.com/cloud" || endpoint === "https://askexe.com/cloud/") {
+    process.stderr.write(
+      "[cloud-sync] Auto-migrating endpoint from askexe.com/cloud to cloud.askexe.com (bypasses Cloudflare WAF for datacenter IPs)\n"
+    );
+    return "https://cloud.askexe.com";
+  }
+  return endpoint;
+}
 function assertSecureEndpoint(endpoint) {
   if (endpoint.startsWith("https://")) return;
   if (endpoint.startsWith("http://")) {
@@ -6807,6 +7127,7 @@ async function markCloudReuploadRequired(client = getClient()) {
   await client.execute("INSERT OR REPLACE INTO sync_meta (key, value) VALUES ('cloud_reupload_required', '1')");
 }
 async function cloudSync(config) {
+  config = { ...config, endpoint: migrateEndpoint(config.endpoint) };
   if (!isSyncCryptoInitialized()) {
     try {
       const { getMasterKey: getMasterKey2 } = await Promise.resolve().then(() => (init_keychain(), keychain_exports));