@askexenow/exe-os 0.9.127 → 0.9.129

package/dist/lib/schedules.js

@@ -1,4617 +1,19 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-// src/lib/db-retry.ts
-function isBusyError(err) {
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    return msg.includes("sqlite_busy") || msg.includes("database is locked");
-  }
-  return false;
-}
-function delay(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-async function retryOnBusy(fn, label) {
-  let lastError;
-  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (!isBusyError(err) || attempt === MAX_RETRIES) {
-        throw err;
-      }
-      const backoff = BASE_DELAY_MS * Math.pow(2, attempt);
-      const jitter = Math.floor(Math.random() * MAX_JITTER_MS);
-      process.stderr.write(
-        `[exe-os] SQLITE_BUSY ${label} retry ${attempt + 1}/${MAX_RETRIES} \u2014 waiting ${backoff + jitter}ms
-`
-      );
-      await delay(backoff + jitter);
-    }
-  }
-  throw lastError;
-}
-function wrapWithRetry(client) {
-  return new Proxy(client, {
-    get(target, prop, receiver) {
-      if (prop === "execute") {
-        return (sql) => retryOnBusy(() => target.execute(sql), "execute");
-      }
-      if (prop === "batch") {
-        return (stmts, mode) => retryOnBusy(() => target.batch(stmts, mode), "batch");
-      }
-      return Reflect.get(target, prop, receiver);
-    }
-  });
-}
-var MAX_RETRIES, BASE_DELAY_MS, MAX_JITTER_MS;
-var init_db_retry = __esm({
-  "src/lib/db-retry.ts"() {
-    "use strict";
-    MAX_RETRIES = 5;
-    BASE_DELAY_MS = 250;
-    MAX_JITTER_MS = 400;
-  }
-});
-
-// src/lib/secure-files.ts
-import { chmodSync, existsSync, mkdirSync } from "fs";
-import { chmod, mkdir } from "fs/promises";
-async function ensurePrivateDir(dirPath) {
-  await mkdir(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
-  try {
-    await chmod(dirPath, PRIVATE_DIR_MODE);
-  } catch {
-  }
-}
-function ensurePrivateDirSync(dirPath) {
-  mkdirSync(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
-  try {
-    chmodSync(dirPath, PRIVATE_DIR_MODE);
-  } catch {
-  }
-}
-async function enforcePrivateFile(filePath) {
-  try {
-    await chmod(filePath, PRIVATE_FILE_MODE);
-  } catch {
-  }
-}
-function enforcePrivateFileSync(filePath) {
-  try {
-    if (existsSync(filePath)) chmodSync(filePath, PRIVATE_FILE_MODE);
-  } catch {
-  }
-}
-var PRIVATE_DIR_MODE, PRIVATE_FILE_MODE;
-var init_secure_files = __esm({
-  "src/lib/secure-files.ts"() {
-    "use strict";
-    PRIVATE_DIR_MODE = 448;
-    PRIVATE_FILE_MODE = 384;
-  }
-});
-
-// src/lib/config.ts
-import { readFile, writeFile } from "fs/promises";
-import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
-import path from "path";
-import os from "os";
-function resolveDataDir() {
-  if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
-  if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
-  const newDir = path.join(os.homedir(), ".exe-os");
-  const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
-    try {
-      renameSync(legacyDir, newDir);
-      process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
-`);
-    } catch {
-      return legacyDir;
-    }
-  }
-  return newDir;
-}
-function migrateLegacyConfig(raw) {
-  if ("r2" in raw) {
-    process.stderr.write(
-      "[exe-os] Warning: config.json contains deprecated 'r2' field from v1.0. R2 sync has been replaced in v1.1. The 'r2' field will be ignored.\n"
-    );
-    delete raw.r2;
-  }
-  if ("syncIntervalMs" in raw) {
-    delete raw.syncIntervalMs;
-  }
-  return raw;
-}
-function migrateConfig(raw) {
-  const fromVersion = typeof raw.config_version === "number" ? raw.config_version : 0;
-  let currentVersion = fromVersion;
-  let migrated = false;
-  if (currentVersion > CURRENT_CONFIG_VERSION) {
-    return { config: raw, migrated: false, fromVersion };
-  }
-  for (const migration of CONFIG_MIGRATIONS) {
-    if (currentVersion === migration.from && migration.to <= CURRENT_CONFIG_VERSION) {
-      raw = migration.migrate(raw);
-      currentVersion = migration.to;
-      migrated = true;
-    }
-  }
-  return { config: raw, migrated, fromVersion };
-}
-function normalizeScalingRoadmap(raw) {
-  const defaultAuto = DEFAULT_CONFIG.scalingRoadmap.rerankerAutoTrigger;
-  const userRoadmap = raw.scalingRoadmap ?? {};
-  const userAuto = userRoadmap.rerankerAutoTrigger ?? {};
-  if (userAuto.enabled === void 0 && raw.rerankerEnabled !== void 0) {
-    userAuto.enabled = raw.rerankerEnabled;
-  }
-  raw.scalingRoadmap = {
-    ...userRoadmap,
-    rerankerAutoTrigger: { ...defaultAuto, ...userAuto }
-  };
-}
-function normalizeSessionLifecycle(raw) {
-  const defaultSL = DEFAULT_CONFIG.sessionLifecycle;
-  const userSL = raw.sessionLifecycle ?? {};
-  raw.sessionLifecycle = { ...defaultSL, ...userSL };
-}
-function normalizeAutoUpdate(raw) {
-  const defaultAU = DEFAULT_CONFIG.autoUpdate;
-  const userAU = raw.autoUpdate ?? {};
-  raw.autoUpdate = { ...defaultAU, ...userAU };
-}
-function normalizeOrchestration(raw) {
-  const defaultOrg = DEFAULT_CONFIG.orchestration;
-  const userOrg = raw.orchestration ?? {};
-  raw.orchestration = { ...defaultOrg, ...userOrg };
-}
-function normalizeCloudEndpoint(raw) {
-  const cloud = raw.cloud;
-  if (!cloud?.endpoint) return;
-  const ep = String(cloud.endpoint);
-  if (ep === "https://askexe.com/cloud" || ep === "https://askexe.com/cloud/") {
-    cloud.endpoint = "https://cloud.askexe.com";
-    process.stderr.write(
-      "[config] Auto-migrated cloud endpoint: askexe.com/cloud \u2192 cloud.askexe.com\n"
-    );
-  }
-}
-async function loadConfig() {
-  const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await ensurePrivateDir(dir);
-  const configPath = path.join(dir, "config.json");
-  if (!existsSync2(configPath)) {
-    return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
-  }
-  const raw = await readFile(configPath, "utf-8");
-  try {
-    let parsed = JSON.parse(raw);
-    parsed = migrateLegacyConfig(parsed);
-    const { config: migratedCfg, migrated, fromVersion } = migrateConfig(parsed);
-    if (migrated) {
-      process.stderr.write(`[exe-os] Config migrated from v${fromVersion} to v${migratedCfg.config_version}
-`);
-      try {
-        await writeFile(configPath, JSON.stringify(migratedCfg, null, 2) + "\n");
-        await enforcePrivateFile(configPath);
-      } catch {
-      }
-    }
-    normalizeScalingRoadmap(migratedCfg);
-    normalizeSessionLifecycle(migratedCfg);
-    normalizeAutoUpdate(migratedCfg);
-    normalizeOrchestration(migratedCfg);
-    normalizeCloudEndpoint(migratedCfg);
-    const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
-    if (config.dbPath.startsWith("~")) {
-      config.dbPath = config.dbPath.replace(/^~/, os.homedir());
-    }
-    const envDbPath = path.join(dir, "memories.db");
-    if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync2(config.dbPath) && existsSync2(envDbPath)) {
-      config.dbPath = envDbPath;
-    }
-    return config;
-  } catch {
-    return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
-  }
-}
-var EXE_AI_DIR, DB_PATH, MODELS_DIR, CONFIG_PATH, LEGACY_LANCE_PATH, CURRENT_CONFIG_VERSION, DEFAULT_CONFIG, CONFIG_MIGRATIONS;
-var init_config = __esm({
-  "src/lib/config.ts"() {
-    "use strict";
-    init_secure_files();
-    EXE_AI_DIR = resolveDataDir();
-    DB_PATH = path.join(EXE_AI_DIR, "memories.db");
-    MODELS_DIR = path.join(EXE_AI_DIR, "models");
-    CONFIG_PATH = path.join(EXE_AI_DIR, "config.json");
-    LEGACY_LANCE_PATH = path.join(EXE_AI_DIR, "local.lance");
-    CURRENT_CONFIG_VERSION = 1;
-    DEFAULT_CONFIG = {
-      config_version: CURRENT_CONFIG_VERSION,
-      dbPath: DB_PATH,
-      modelFile: "jina-embeddings-v5-small-q4_k_m.gguf",
-      embeddingDim: 1024,
-      batchSize: 20,
-      flushIntervalMs: 1e4,
-      autoIngestion: true,
-      autoRetrieval: true,
-      searchMode: "hybrid",
-      hookSearchMode: "hybrid",
-      fileGrepEnabled: true,
-      splashEffect: true,
-      consolidationEnabled: true,
-      consolidationIntervalMs: 6 * 60 * 60 * 1e3,
-      consolidationModel: "claude-haiku-4-5-20251001",
-      consolidationMaxCallsPerRun: 20,
-      selfQueryRouter: true,
-      selfQueryModel: "claude-haiku-4-5-20251001",
-      rerankerEnabled: true,
-      scalingRoadmap: {
-        rerankerAutoTrigger: {
-          enabled: true,
-          broadQueryMinCardinality: 5e4,
-          fetchTopK: 150,
-          returnTopK: 5
-        }
-      },
-      graphRagEnabled: true,
-      wikiEnabled: false,
-      wikiUrl: "",
-      wikiApiKey: "",
-      wikiSyncIntervalMs: 30 * 60 * 1e3,
-      wikiWorkspaceMapping: {},
-      wikiAutoUpdate: true,
-      wikiAutoUpdateThreshold: 0.5,
-      wikiAutoUpdateCreateNew: true,
-      skillLearning: true,
-      skillThreshold: 3,
-      skillModel: "claude-haiku-4-5-20251001",
-      exeHeartbeat: {
-        enabled: true,
-        intervalSeconds: 60,
-        staleInProgressThresholdHours: 2
-      },
-      sessionLifecycle: {
-        idleKillEnabled: true,
-        idleKillTicksRequired: 3,
-        idleKillIntercomAckWindowMs: 1e4,
-        maxAutoInstances: 10
-      },
-      autoUpdate: {
-        checkOnBoot: true,
-        autoInstall: false,
-        checkIntervalMs: 24 * 60 * 60 * 1e3
-      },
-      support: {
-        bugReportEndpoint: "https://askexe.com/v1/support/bug-reports"
-      },
-      orchestration: {
-        phase: "phase_1_coo",
-        phaseSetBy: "default"
-      }
-    };
-    CONFIG_MIGRATIONS = [
-      {
-        from: 0,
-        to: 1,
-        migrate: (cfg) => {
-          cfg.config_version = 1;
-          return cfg;
-        }
-      }
-    ];
-  }
-});
-
-// src/lib/employees.ts
-import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { existsSync as existsSync3, symlinkSync, readlinkSync, readFileSync as readFileSync2, renameSync as renameSync2, unlinkSync, writeFileSync } from "fs";
-import { execSync } from "child_process";
-import path2 from "path";
-import os2 from "os";
-function normalizeRole(role) {
-  return (role ?? "").trim().toLowerCase();
-}
-function isCoordinatorRole(role) {
-  return normalizeRole(role) === normalizeRole(COORDINATOR_ROLE);
-}
-function getCoordinatorEmployee(employees) {
-  return employees.find((e) => isCoordinatorRole(e.role));
-}
-function getCoordinatorName(employees = loadEmployeesSync()) {
-  return getCoordinatorEmployee(employees)?.name ?? DEFAULT_COORDINATOR_TEMPLATE_NAME;
-}
-function loadEmployeesSync(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync3(employeesPath)) return [];
-  try {
-    return JSON.parse(readFileSync2(employeesPath, "utf-8"));
-  } catch {
-    return [];
-  }
-}
-var EMPLOYEES_PATH, DEFAULT_COORDINATOR_TEMPLATE_NAME, COORDINATOR_ROLE, IDENTITY_DIR;
-var init_employees = __esm({
-  "src/lib/employees.ts"() {
-    "use strict";
-    init_config();
-    EMPLOYEES_PATH = path2.join(EXE_AI_DIR, "exe-employees.json");
-    DEFAULT_COORDINATOR_TEMPLATE_NAME = "exe";
-    COORDINATOR_ROLE = "COO";
-    IDENTITY_DIR = path2.join(EXE_AI_DIR, "identity");
-  }
-});
-
-// src/lib/database-adapter.ts
-import os3 from "os";
-import path3 from "path";
-import { createRequire } from "module";
-import { pathToFileURL } from "url";
-function quotedIdentifier(identifier) {
-  return `"${identifier.replace(/"/g, '""')}"`;
-}
-function unqualifiedTableName(name) {
-  const raw = name.trim().replace(/^"|"$/g, "");
-  const parts = raw.split(".");
-  return parts[parts.length - 1].replace(/^"|"$/g, "").toLowerCase();
-}
-function stripTrailingSemicolon(sql) {
-  return sql.trim().replace(/;+\s*$/u, "");
-}
-function appendClause(sql, clause) {
-  const trimmed = stripTrailingSemicolon(sql);
-  const returningMatch = /\sRETURNING\b[\s\S]*$/iu.exec(trimmed);
-  if (!returningMatch) {
-    return `${trimmed}${clause}`;
-  }
-  const idx = returningMatch.index;
-  return `${trimmed.slice(0, idx)}${clause}${trimmed.slice(idx)}`;
-}
-function normalizeStatement(stmt) {
-  if (typeof stmt === "string") {
-    return { kind: "positional", sql: stmt, args: [] };
-  }
-  const sql = stmt.sql;
-  if (Array.isArray(stmt.args) || stmt.args === void 0) {
-    return { kind: "positional", sql, args: stmt.args ?? [] };
-  }
-  return { kind: "named", sql, args: stmt.args };
-}
-function rewriteBooleanLiterals(sql) {
-  let out = sql;
-  for (const column of BOOLEAN_COLUMN_NAMES) {
-    const scoped = `((?:\\b[a-z_][a-z0-9_]*\\.)?${column})`;
-    out = out.replace(new RegExp(`${scoped}\\s*=\\s*0\\b`, "giu"), "$1 = FALSE");
-    out = out.replace(new RegExp(`${scoped}\\s*=\\s*1\\b`, "giu"), "$1 = TRUE");
-    out = out.replace(new RegExp(`${scoped}\\s*!=\\s*0\\b`, "giu"), "$1 != FALSE");
-    out = out.replace(new RegExp(`${scoped}\\s*!=\\s*1\\b`, "giu"), "$1 != TRUE");
-    out = out.replace(new RegExp(`${scoped}\\s*<>\\s*0\\b`, "giu"), "$1 <> FALSE");
-    out = out.replace(new RegExp(`${scoped}\\s*<>\\s*1\\b`, "giu"), "$1 <> TRUE");
-  }
-  return out;
-}
-function rewriteInsertOrIgnore(sql) {
-  if (!/^\s*INSERT\s+OR\s+IGNORE\s+INTO\b/iu.test(sql)) {
-    return sql;
-  }
-  const replaced = sql.replace(/^\s*INSERT\s+OR\s+IGNORE\s+INTO\b/iu, "INSERT INTO");
-  return /\bON\s+CONFLICT\b/iu.test(replaced) ? replaced : appendClause(replaced, " ON CONFLICT DO NOTHING");
-}
-function rewriteInsertOrReplace(sql) {
-  const match = /^\s*INSERT\s+OR\s+REPLACE\s+INTO\s+([A-Za-z0-9_."]+)\s*\(([^)]+)\)([\s\S]*)$/iu.exec(sql);
-  if (!match) {
-    return sql;
-  }
-  const rawTable = match[1];
-  const rawColumns = match[2];
-  const remainder = match[3];
-  const tableName = unqualifiedTableName(rawTable);
-  const conflictKeys = UPSERT_KEYS[tableName];
-  if (!conflictKeys?.length) {
-    return sql;
-  }
-  const columns = rawColumns.split(",").map((col) => col.trim().replace(/^"|"$/g, ""));
-  const updateColumns = columns.filter((col) => !conflictKeys.includes(col));
-  const conflictTarget = conflictKeys.map(quotedIdentifier).join(", ");
-  const updateClause = updateColumns.length === 0 ? " DO NOTHING" : ` DO UPDATE SET ${updateColumns.map((col) => `${quotedIdentifier(col)} = EXCLUDED.${quotedIdentifier(col)}`).join(", ")}`;
-  return `INSERT INTO ${rawTable} (${rawColumns})${appendClause(remainder, ` ON CONFLICT (${conflictTarget})${updateClause}`)}`;
-}
-function rewriteSql(sql) {
-  let out = sql;
-  out = out.replace(/\bdatetime\(\s*['"]now['"]\s*\)/giu, "CURRENT_TIMESTAMP");
-  out = out.replace(/\bvector32\s*\(\s*\?\s*\)/giu, "?");
-  out = rewriteBooleanLiterals(out);
-  out = rewriteInsertOrReplace(out);
-  out = rewriteInsertOrIgnore(out);
-  return stripTrailingSemicolon(out);
-}
-function toBoolean(value) {
-  if (value === null || value === void 0) return value;
-  if (typeof value === "boolean") return value;
-  if (typeof value === "number") return value !== 0;
-  if (typeof value === "bigint") return value !== 0n;
-  if (typeof value === "string") {
-    const normalized = value.trim().toLowerCase();
-    if (normalized === "0" || normalized === "false") return false;
-    if (normalized === "1" || normalized === "true") return true;
-  }
-  return Boolean(value);
-}
-function countQuestionMarks(sql, end) {
-  let count = 0;
-  let inSingle = false;
-  let inDouble = false;
-  let inLineComment = false;
-  let inBlockComment = false;
-  for (let i = 0; i < end; i++) {
-    const ch = sql[i];
-    const next = sql[i + 1];
-    if (inLineComment) {
-      if (ch === "\n") inLineComment = false;
-      continue;
-    }
-    if (inBlockComment) {
-      if (ch === "*" && next === "/") {
-        inBlockComment = false;
-        i += 1;
-      }
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "-" && next === "-") {
-      inLineComment = true;
-      i += 1;
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "/" && next === "*") {
-      inBlockComment = true;
-      i += 1;
-      continue;
-    }
-    if (!inDouble && ch === "'" && sql[i - 1] !== "\\") {
-      inSingle = !inSingle;
-      continue;
-    }
-    if (!inSingle && ch === '"' && sql[i - 1] !== "\\") {
-      inDouble = !inDouble;
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "?") {
-      count += 1;
-    }
-  }
-  return count;
-}
-function findBooleanPlaceholderIndexes(sql) {
-  const indexes = /* @__PURE__ */ new Set();
-  for (const column of BOOLEAN_COLUMN_NAMES) {
-    const pattern = new RegExp(`(?:\\b[a-z_][a-z0-9_]*\\.)?${column}\\s*=\\s*\\?`, "giu");
-    for (const match of sql.matchAll(pattern)) {
-      const matchText = match[0];
-      const qIndex = match.index + matchText.lastIndexOf("?");
-      indexes.add(countQuestionMarks(sql, qIndex + 1));
-    }
-  }
-  return indexes;
-}
-function coerceInsertBooleanArgs(sql, args) {
-  const match = /^\s*INSERT(?:\s+OR\s+(?:IGNORE|REPLACE))?\s+INTO\s+([A-Za-z0-9_."]+)\s*\(([^)]+)\)/iu.exec(sql);
-  if (!match) return;
-  const rawTable = match[1];
-  const rawColumns = match[2];
-  const boolColumns = BOOLEAN_COLUMNS_BY_TABLE[unqualifiedTableName(rawTable)];
-  if (!boolColumns?.size) return;
-  const columns = rawColumns.split(",").map((col) => col.trim().replace(/^"|"$/g, ""));
-  for (const [index, column] of columns.entries()) {
-    if (boolColumns.has(column) && index < args.length) {
-      args[index] = toBoolean(args[index]);
-    }
-  }
-}
-function coerceUpdateBooleanArgs(sql, args) {
-  const match = /^\s*UPDATE\s+([A-Za-z0-9_."]+)\s+SET\s+([\s\S]+?)(?:\s+WHERE\b|$)/iu.exec(sql);
-  if (!match) return;
-  const rawTable = match[1];
-  const setClause = match[2];
-  const boolColumns = BOOLEAN_COLUMNS_BY_TABLE[unqualifiedTableName(rawTable)];
-  if (!boolColumns?.size) return;
-  const assignments = setClause.split(",");
-  let placeholderIndex = 0;
-  for (const assignment of assignments) {
-    if (!assignment.includes("?")) continue;
-    placeholderIndex += 1;
-    const colMatch = /^\s*(?:[A-Za-z_][A-Za-z0-9_]*\.)?([A-Za-z_][A-Za-z0-9_]*)\s*=\s*\?/iu.exec(assignment);
-    if (colMatch && boolColumns.has(colMatch[1])) {
-      args[placeholderIndex - 1] = toBoolean(args[placeholderIndex - 1]);
-    }
-  }
-}
-function coerceBooleanArgs(sql, args) {
-  const nextArgs = [...args];
-  coerceInsertBooleanArgs(sql, nextArgs);
-  coerceUpdateBooleanArgs(sql, nextArgs);
-  const placeholderIndexes = findBooleanPlaceholderIndexes(sql);
-  for (const index of placeholderIndexes) {
-    if (index > 0 && index <= nextArgs.length) {
-      nextArgs[index - 1] = toBoolean(nextArgs[index - 1]);
-    }
-  }
-  return nextArgs;
-}
-function convertQuestionMarksToDollarParams(sql) {
-  let out = "";
-  let placeholder = 0;
-  let inSingle = false;
-  let inDouble = false;
-  let inLineComment = false;
-  let inBlockComment = false;
-  for (let i = 0; i < sql.length; i++) {
-    const ch = sql[i];
-    const next = sql[i + 1];
-    if (inLineComment) {
-      out += ch;
-      if (ch === "\n") inLineComment = false;
-      continue;
-    }
-    if (inBlockComment) {
-      out += ch;
-      if (ch === "*" && next === "/") {
-        out += next;
-        inBlockComment = false;
-        i += 1;
-      }
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "-" && next === "-") {
-      out += ch + next;
-      inLineComment = true;
-      i += 1;
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "/" && next === "*") {
-      out += ch + next;
-      inBlockComment = true;
-      i += 1;
-      continue;
-    }
-    if (!inDouble && ch === "'" && sql[i - 1] !== "\\") {
-      inSingle = !inSingle;
-      out += ch;
-      continue;
-    }
-    if (!inSingle && ch === '"' && sql[i - 1] !== "\\") {
-      inDouble = !inDouble;
-      out += ch;
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "?") {
-      placeholder += 1;
-      out += `$${placeholder}`;
-      continue;
-    }
-    out += ch;
-  }
-  return out;
-}
-function translateStatementForPostgres(stmt) {
-  const normalized = normalizeStatement(stmt);
-  if (normalized.kind === "named") {
-    throw new Error("Named SQL parameters are not supported by the Prisma adapter.");
-  }
-  const rewrittenSql = rewriteSql(normalized.sql);
-  const coercedArgs = coerceBooleanArgs(rewrittenSql, normalized.args);
-  return {
-    sql: convertQuestionMarksToDollarParams(rewrittenSql),
-    args: coercedArgs
-  };
-}
-function shouldBypassPostgres(stmt) {
-  const normalized = normalizeStatement(stmt);
-  if (normalized.kind === "named") {
-    return true;
-  }
-  return IMMEDIATE_FALLBACK_PATTERNS.some((pattern) => pattern.test(normalized.sql));
-}
-function shouldFallbackOnError(error) {
-  const message = error instanceof Error ? error.message : String(error);
-  return /42P01|42883|42601|does not exist|syntax error|not supported|Named SQL parameters are not supported/iu.test(message);
-}
-function isReadQuery(sql) {
-  const trimmed = sql.trimStart();
-  return /^(SELECT|WITH|SHOW|EXPLAIN|VALUES)\b/iu.test(trimmed) || /\bRETURNING\b/iu.test(trimmed);
-}
-function buildRow(row, columns) {
-  const values = columns.map((column) => row[column]);
-  return Object.assign(values, row);
-}
-function buildResultSet(rows, rowsAffected = 0) {
-  const columns = rows[0] ? Object.keys(rows[0]) : [];
-  const resultRows = rows.map((row) => buildRow(row, columns));
-  return {
-    columns,
-    columnTypes: columns.map(() => ""),
-    rows: resultRows,
-    rowsAffected,
-    lastInsertRowid: void 0,
-    toJSON() {
-      return {
-        columns,
-        columnTypes: columns.map(() => ""),
-        rows,
-        rowsAffected,
-        lastInsertRowid: void 0
-      };
-    }
-  };
-}
-async function loadPrismaClient() {
-  if (!prismaClientPromise) {
-    prismaClientPromise = (async () => {
-      const explicitPath = process.env.EXE_OS_PRISMA_CLIENT_PATH;
-      if (explicitPath) {
-        const module2 = await import(pathToFileURL(explicitPath).href);
-        const PrismaClient2 = module2.PrismaClient ?? module2.default?.PrismaClient;
-        if (!PrismaClient2) {
-          throw new Error(`No PrismaClient export found at ${explicitPath}`);
-        }
-        return new PrismaClient2();
-      }
-      const exeDbRoot = process.env.EXE_DB_ROOT ?? path3.join(os3.homedir(), "exe-db");
-      const requireFromExeDb = createRequire(path3.join(exeDbRoot, "package.json"));
-      const prismaEntry = requireFromExeDb.resolve("@prisma/client");
-      const module = await import(pathToFileURL(prismaEntry).href);
-      const PrismaClient = module.PrismaClient ?? module.default?.PrismaClient;
-      if (!PrismaClient) {
-        throw new Error(`No PrismaClient export found in ${prismaEntry}`);
-      }
-      return new PrismaClient();
-    })();
-  }
-  return prismaClientPromise;
-}
-async function ensureCompatibilityViews(prisma) {
-  if (!compatibilityBootstrapPromise) {
-    compatibilityBootstrapPromise = (async () => {
-      for (const mapping of VIEW_MAPPINGS) {
-        const relation = mapping.source.replace(/"/g, "");
-        const rows = await prisma.$queryRawUnsafe(
-          "SELECT to_regclass($1)::text AS regclass",
-          relation
-        );
-        if (!rows[0]?.regclass) {
-          continue;
-        }
-        await prisma.$executeRawUnsafe(
-          `CREATE OR REPLACE VIEW public.${quotedIdentifier(mapping.view)} AS SELECT * FROM ${mapping.source}`
-        );
-      }
-    })();
-  }
-  return compatibilityBootstrapPromise;
-}
-async function executeOnPrisma(executor, stmt) {
-  const translated = translateStatementForPostgres(stmt);
-  if (isReadQuery(translated.sql)) {
-    const rows = await executor.$queryRawUnsafe(
-      translated.sql,
-      ...translated.args
-    );
-    return buildResultSet(rows, /\bRETURNING\b/iu.test(translated.sql) ? rows.length : 0);
-  }
-  const rowsAffected = await executor.$executeRawUnsafe(translated.sql, ...translated.args);
-  return buildResultSet([], rowsAffected);
-}
-function splitSqlStatements(sql) {
-  const parts = [];
-  let current = "";
-  let inSingle = false;
-  let inDouble = false;
-  let inLineComment = false;
-  let inBlockComment = false;
-  for (let i = 0; i < sql.length; i++) {
-    const ch = sql[i];
-    const next = sql[i + 1];
-    if (inLineComment) {
-      current += ch;
-      if (ch === "\n") inLineComment = false;
-      continue;
-    }
-    if (inBlockComment) {
-      current += ch;
-      if (ch === "*" && next === "/") {
-        current += next;
-        inBlockComment = false;
-        i += 1;
-      }
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "-" && next === "-") {
-      current += ch + next;
-      inLineComment = true;
-      i += 1;
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === "/" && next === "*") {
-      current += ch + next;
-      inBlockComment = true;
-      i += 1;
-      continue;
-    }
-    if (!inDouble && ch === "'" && sql[i - 1] !== "\\") {
-      inSingle = !inSingle;
-      current += ch;
-      continue;
-    }
-    if (!inSingle && ch === '"' && sql[i - 1] !== "\\") {
-      inDouble = !inDouble;
-      current += ch;
-      continue;
-    }
-    if (!inSingle && !inDouble && ch === ";") {
-      if (current.trim()) {
-        parts.push(current.trim());
-      }
-      current = "";
-      continue;
-    }
-    current += ch;
-  }
-  if (current.trim()) {
-    parts.push(current.trim());
-  }
-  return parts;
-}
-async function createPrismaDbAdapter(fallbackClient) {
-  const prisma = await loadPrismaClient();
-  await ensureCompatibilityViews(prisma);
-  let closed = false;
-  let adapter;
-  const fallbackExecute = async (stmt, error) => {
-    if (!fallbackClient) {
-      if (error) throw error;
-      throw new Error("No fallback SQLite client is available for this Prisma-routed query.");
-    }
-    if (error) {
-      process.stderr.write(
-        `[database-adapter] Falling back to SQLite: ${error instanceof Error ? error.message : String(error)}
-`
-      );
-    }
-    return fallbackClient.execute(stmt);
-  };
-  adapter = {
-    async execute(stmt) {
-      if (shouldBypassPostgres(stmt)) {
-        return fallbackExecute(stmt);
-      }
-      try {
-        return await executeOnPrisma(prisma, stmt);
-      } catch (error) {
-        if (shouldFallbackOnError(error)) {
-          return fallbackExecute(stmt, error);
-        }
-        throw error;
-      }
-    },
-    async batch(stmts, mode) {
-      if (stmts.some((stmt) => shouldBypassPostgres(stmt))) {
-        if (!fallbackClient) {
-          throw new Error("Cannot batch unsupported SQLite-only statements without a fallback client.");
-        }
-        return fallbackClient.batch(stmts, mode);
-      }
-      try {
-        if (prisma.$transaction) {
-          return await prisma.$transaction(async (tx) => {
-            const results2 = [];
-            for (const stmt of stmts) {
-              results2.push(await executeOnPrisma(tx, stmt));
-            }
-            return results2;
-          });
-        }
-        const results = [];
-        for (const stmt of stmts) {
-          results.push(await executeOnPrisma(prisma, stmt));
-        }
-        return results;
-      } catch (error) {
-        if (fallbackClient && shouldFallbackOnError(error)) {
-          process.stderr.write(
-            `[database-adapter] Falling back batch to SQLite: ${error instanceof Error ? error.message : String(error)}
-`
-          );
-          return fallbackClient.batch(stmts, mode);
-        }
-        throw error;
-      }
-    },
-    async migrate(stmts) {
-      if (fallbackClient) {
-        return fallbackClient.migrate(stmts);
-      }
-      return adapter.batch(stmts, "deferred");
-    },
-    async transaction(mode) {
-      if (!fallbackClient) {
-        throw new Error("Interactive transactions are only supported on the SQLite fallback client.");
-      }
-      return fallbackClient.transaction(mode);
-    },
-    async executeMultiple(sql) {
-      if (fallbackClient && shouldBypassPostgres(sql)) {
-        return fallbackClient.executeMultiple(sql);
-      }
-      for (const statement of splitSqlStatements(sql)) {
-        await adapter.execute(statement);
-      }
-    },
-    async sync() {
-      if (fallbackClient) {
-        return fallbackClient.sync();
-      }
-      return { frame_no: 0, frames_synced: 0 };
-    },
-    close() {
-      closed = true;
-      prismaClientPromise = null;
-      compatibilityBootstrapPromise = null;
-      void prisma.$disconnect?.();
-    },
-    get closed() {
-      return closed;
-    },
-    get protocol() {
-      return "prisma-postgres";
-    }
-  };
-  return adapter;
-}
-var VIEW_MAPPINGS, UPSERT_KEYS, BOOLEAN_COLUMNS_BY_TABLE, BOOLEAN_COLUMN_NAMES, IMMEDIATE_FALLBACK_PATTERNS, prismaClientPromise, compatibilityBootstrapPromise;
-var init_database_adapter = __esm({
-  "src/lib/database-adapter.ts"() {
-    "use strict";
-    VIEW_MAPPINGS = [
-      { view: "memories", source: "memory.memory_records" },
-      { view: "tasks", source: "memory.tasks" },
-      { view: "behaviors", source: "memory.behaviors" },
-      { view: "entities", source: "memory.entities" },
-      { view: "relationships", source: "memory.relationships" },
-      { view: "entity_memories", source: "memory.entity_memories" },
-      { view: "entity_aliases", source: "memory.entity_aliases" },
-      { view: "notifications", source: "memory.notifications" },
-      { view: "messages", source: "memory.messages" },
-      { view: "users", source: "wiki.users" },
-      { view: "workspaces", source: "wiki.workspaces" },
-      { view: "workspace_users", source: "wiki.workspace_users" },
-      { view: "documents", source: "wiki.workspace_documents" },
-      { view: "chats", source: "wiki.workspace_chats" }
-    ];
-    UPSERT_KEYS = {
-      memories: ["id"],
-      tasks: ["id"],
-      behaviors: ["id"],
-      entities: ["id"],
-      relationships: ["id"],
-      entity_aliases: ["alias"],
-      notifications: ["id"],
-      messages: ["id"],
-      users: ["id"],
-      workspaces: ["id"],
-      workspace_users: ["id"],
-      documents: ["id"],
-      chats: ["id"]
-    };
-    BOOLEAN_COLUMNS_BY_TABLE = {
-      memories: /* @__PURE__ */ new Set(["has_error", "draft"]),
-      behaviors: /* @__PURE__ */ new Set(["active"]),
-      notifications: /* @__PURE__ */ new Set(["read"]),
-      users: /* @__PURE__ */ new Set(["has_personal_memory"])
-    };
-    BOOLEAN_COLUMN_NAMES = new Set(
-      Object.values(BOOLEAN_COLUMNS_BY_TABLE).flatMap((cols) => [...cols])
-    );
-    IMMEDIATE_FALLBACK_PATTERNS = [
-      /\bPRAGMA\b/i,
-      /\bsqlite_master\b/i,
-      /(?:^|[.\s])(?:memories|conversations|entities)_fts\b/i,
-      /\bMATCH\b/i,
-      /\bvector_distance_cos\s*\(/i,
-      /\bjson_extract\s*\(/i,
-      /\bjulianday\s*\(/i,
-      /\bstrftime\s*\(/i,
-      /\blast_insert_rowid\s*\(/i
-    ];
-    prismaClientPromise = null;
-    compatibilityBootstrapPromise = null;
-  }
-});
-
-// src/types/memory.ts
-var EMBEDDING_DIM;
-var init_memory = __esm({
-  "src/types/memory.ts"() {
-    "use strict";
-    EMBEDDING_DIM = 1024;
-  }
-});
-
-// src/lib/daemon-auth.ts
-import crypto from "crypto";
-import path4 from "path";
-import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
-function normalizeToken(token) {
-  if (!token) return null;
-  const trimmed = token.trim();
-  return trimmed.length > 0 ? trimmed : null;
-}
-function readDaemonToken() {
-  try {
-    if (!existsSync4(DAEMON_TOKEN_PATH)) return null;
-    return normalizeToken(readFileSync3(DAEMON_TOKEN_PATH, "utf8"));
-  } catch {
-    return null;
-  }
-}
-function ensureDaemonToken(seed) {
-  const existing = readDaemonToken();
-  if (existing) return existing;
-  const token = normalizeToken(seed) ?? crypto.randomBytes(32).toString("hex");
-  ensurePrivateDirSync(EXE_AI_DIR);
-  writeFileSync2(DAEMON_TOKEN_PATH, `${token}
-`, "utf8");
-  enforcePrivateFileSync(DAEMON_TOKEN_PATH);
-  return token;
-}
-var DAEMON_TOKEN_PATH;
-var init_daemon_auth = __esm({
-  "src/lib/daemon-auth.ts"() {
-    "use strict";
-    init_config();
-    init_secure_files();
-    DAEMON_TOKEN_PATH = path4.join(EXE_AI_DIR, "exed.token");
-  }
-});
-
-// src/lib/exe-daemon-client.ts
-import net from "net";
-import os4 from "os";
-import { spawn, execSync as execSync2 } from "child_process";
-import { randomUUID } from "crypto";
-import { existsSync as existsSync5, unlinkSync as unlinkSync2, readFileSync as readFileSync4, openSync, closeSync, statSync } from "fs";
-import path5 from "path";
-import { fileURLToPath } from "url";
-function handleData(chunk) {
-  _buffer += chunk.toString();
-  if (_buffer.length > MAX_BUFFER) {
-    _buffer = "";
-    return;
-  }
-  let newlineIdx;
-  while ((newlineIdx = _buffer.indexOf("\n")) !== -1) {
-    const line = _buffer.slice(0, newlineIdx).trim();
-    _buffer = _buffer.slice(newlineIdx + 1);
-    if (!line) continue;
-    try {
-      const response = JSON.parse(line);
-      const id = response.id;
-      if (!id) continue;
-      const entry = _pending.get(id);
-      if (entry) {
-        clearTimeout(entry.timer);
-        _pending.delete(id);
-        entry.resolve(response);
-      }
-    } catch {
-    }
-  }
-}
-function isZombie(pid) {
-  try {
-    const state = execSync2(`ps -p ${pid} -o state=`, { encoding: "utf8", timeout: 2e3 }).trim();
-    return state.startsWith("Z");
-  } catch {
-    return false;
-  }
-}
-function cleanupStaleFiles() {
-  if (existsSync5(PID_PATH)) {
-    try {
-      const pid = parseInt(readFileSync4(PID_PATH, "utf8").trim(), 10);
-      if (pid > 0) {
-        try {
-          process.kill(pid, 0);
-          if (!isZombie(pid)) {
-            return;
-          }
-          process.stderr.write(`[exed-client] PID ${pid} is a zombie \u2014 cleaning up stale files
-`);
-        } catch {
-        }
-      }
-    } catch {
-    }
-    try {
-      unlinkSync2(PID_PATH);
-    } catch {
-    }
-    try {
-      unlinkSync2(SOCKET_PATH);
-    } catch {
-    }
-  }
-}
-function findPackageRoot() {
-  let dir = path5.dirname(fileURLToPath(import.meta.url));
-  const { root } = path5.parse(dir);
-  while (dir !== root) {
-    if (existsSync5(path5.join(dir, "package.json"))) return dir;
-    dir = path5.dirname(dir);
-  }
-  return null;
-}
-function spawnDaemon() {
-  const totalGB = os4.totalmem() / (1024 * 1024 * 1024);
-  if (totalGB <= 8) {
-    process.stderr.write(
-      `[exed-client] SKIP: ${totalGB.toFixed(0)}GB system \u2014 embedding daemon disabled. Using keyword search only. Minimum 16GB recommended for vector search.
-`
-    );
-    return;
-  }
-  const pkgRoot = findPackageRoot();
-  if (!pkgRoot) {
-    process.stderr.write("[exed-client] WARN: cannot find package root\n");
-    return;
-  }
-  const daemonPath = path5.join(pkgRoot, "dist", "lib", "exe-daemon.js");
-  if (!existsSync5(daemonPath)) {
-    process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
-`);
-    return;
-  }
-  const resolvedPath = daemonPath;
-  const daemonToken = ensureDaemonToken(process.env[DAEMON_TOKEN_ENV] ?? null);
-  process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
-`);
-  const logPath = path5.join(path5.dirname(SOCKET_PATH), "exed.log");
-  let stderrFd = "ignore";
-  try {
-    stderrFd = openSync(logPath, "a");
-  } catch {
-  }
-  const heapCapMB = totalGB <= 8 ? 256 : 512;
-  const nodeArgs = [`--max-old-space-size=${heapCapMB}`, resolvedPath];
-  const child = spawn(process.execPath, nodeArgs, {
-    detached: true,
-    stdio: ["ignore", "ignore", stderrFd],
-    env: {
-      ...process.env,
-      TMUX: void 0,
-      // Daemon is global — must not inherit session scope
-      TMUX_PANE: void 0,
-      // Prevents resolveExeSession() from scoping to one session
-      EXE_DAEMON_SOCK: SOCKET_PATH,
-      EXE_DAEMON_PID: PID_PATH,
-      [DAEMON_TOKEN_ENV]: daemonToken
-    }
-  });
-  child.unref();
-  if (typeof stderrFd === "number") {
-    try {
-      closeSync(stderrFd);
-    } catch {
-    }
-  }
-}
-function acquireSpawnLock() {
-  try {
-    const fd = openSync(SPAWN_LOCK_PATH, "wx");
-    closeSync(fd);
-    return true;
-  } catch {
-    try {
-      const stat = statSync(SPAWN_LOCK_PATH);
-      if (Date.now() - stat.mtimeMs > SPAWN_LOCK_STALE_MS) {
-        try {
-          unlinkSync2(SPAWN_LOCK_PATH);
-        } catch {
-        }
-        try {
-          const fd = openSync(SPAWN_LOCK_PATH, "wx");
-          closeSync(fd);
-          return true;
-        } catch {
-        }
-      }
-    } catch {
-    }
-    return false;
-  }
-}
-function releaseSpawnLock() {
-  try {
-    unlinkSync2(SPAWN_LOCK_PATH);
-  } catch {
-  }
-}
-function connectToSocket() {
-  return new Promise((resolve) => {
-    if (_socket && _connected) {
-      resolve(true);
-      return;
-    }
-    const socket = net.createConnection({ path: SOCKET_PATH });
-    const connectTimeout = setTimeout(() => {
-      socket.destroy();
-      resolve(false);
-    }, 2e3);
-    socket.on("connect", () => {
-      clearTimeout(connectTimeout);
-      _socket = socket;
-      _connected = true;
-      _buffer = "";
-      socket.on("data", handleData);
-      socket.on("close", () => {
-        _connected = false;
-        _socket = null;
-        for (const [id, entry] of _pending) {
-          clearTimeout(entry.timer);
-          _pending.delete(id);
-          entry.resolve({ error: "Connection closed" });
-        }
-      });
-      socket.on("error", () => {
-        _connected = false;
-        _socket = null;
-      });
-      resolve(true);
-    });
-    socket.on("error", () => {
-      clearTimeout(connectTimeout);
-      resolve(false);
-    });
-  });
-}
-async function connectEmbedDaemon() {
-  if (_socket && _connected) return true;
-  if (await connectToSocket()) return true;
-  if (acquireSpawnLock()) {
-    try {
-      cleanupStaleFiles();
-      spawnDaemon();
-    } finally {
-      releaseSpawnLock();
-    }
-  }
-  const start = Date.now();
-  let delay2 = 100;
-  while (Date.now() - start < CONNECT_TIMEOUT_MS) {
-    await new Promise((r) => setTimeout(r, delay2));
-    if (await connectToSocket()) return true;
-    delay2 = Math.min(delay2 * 2, 3e3);
-  }
-  return false;
-}
-function sendDaemonRequest(payload, timeoutMs = REQUEST_TIMEOUT_MS) {
-  return new Promise((resolve) => {
-    if (!_socket || !_connected) {
-      resolve({ error: "Not connected" });
-      return;
-    }
-    const id = randomUUID();
-    const token = process.env[DAEMON_TOKEN_ENV] ?? readDaemonToken();
-    const timer = setTimeout(() => {
-      _pending.delete(id);
-      resolve({ error: "Request timeout" });
-    }, timeoutMs);
-    _pending.set(id, { resolve, timer });
-    try {
-      _socket.write(JSON.stringify({ id, token, ...payload }) + "\n");
-    } catch {
-      clearTimeout(timer);
-      _pending.delete(id);
-      resolve({ error: "Write failed" });
-    }
-  });
-}
-function isClientConnected() {
-  return _connected;
-}
-var SOCKET_PATH, PID_PATH, SPAWN_LOCK_PATH, SPAWN_LOCK_STALE_MS, CONNECT_TIMEOUT_MS, REQUEST_TIMEOUT_MS, DAEMON_TOKEN_ENV, _socket, _connected, _buffer, _pending, MAX_BUFFER;
-var init_exe_daemon_client = __esm({
-  "src/lib/exe-daemon-client.ts"() {
-    "use strict";
-    init_config();
-    init_daemon_auth();
-    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path5.join(EXE_AI_DIR, "exed.sock");
-    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path5.join(EXE_AI_DIR, "exed.pid");
-    SPAWN_LOCK_PATH = path5.join(EXE_AI_DIR, "exed-spawn.lock");
-    SPAWN_LOCK_STALE_MS = 3e4;
-    CONNECT_TIMEOUT_MS = 15e3;
-    REQUEST_TIMEOUT_MS = 3e4;
-    DAEMON_TOKEN_ENV = "EXE_DAEMON_TOKEN";
-    _socket = null;
-    _connected = false;
-    _buffer = "";
-    _pending = /* @__PURE__ */ new Map();
-    MAX_BUFFER = 1e7;
-  }
-});
-
-// src/lib/daemon-protocol.ts
-function serializeValue(v) {
-  if (v === null || v === void 0) return null;
-  if (typeof v === "bigint") return Number(v);
-  if (typeof v === "boolean") return v ? 1 : 0;
-  if (v instanceof Uint8Array) {
-    return { __blob: Buffer.from(v).toString("base64") };
-  }
-  if (ArrayBuffer.isView(v)) {
-    return { __blob: Buffer.from(v.buffer, v.byteOffset, v.byteLength).toString("base64") };
-  }
-  if (v instanceof ArrayBuffer) {
-    return { __blob: Buffer.from(v).toString("base64") };
-  }
-  if (typeof v === "string" || typeof v === "number") return v;
-  return String(v);
-}
-function deserializeValue(v) {
-  if (v === null) return null;
-  if (typeof v === "object" && v !== null && "__blob" in v) {
-    const buf = Buffer.from(v.__blob, "base64");
-    return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
-  }
-  return v;
-}
-function deserializeResultSet(srs) {
-  const rows = srs.rows.map((obj) => {
-    const values = srs.columns.map(
-      (col) => deserializeValue(obj[col] ?? null)
-    );
-    const row = values;
-    for (let i = 0; i < srs.columns.length; i++) {
-      const col = srs.columns[i];
-      if (col !== void 0) {
-        row[col] = values[i] ?? null;
-      }
-    }
-    Object.defineProperty(row, "length", {
-      value: values.length,
-      enumerable: false
-    });
-    return row;
-  });
-  return {
-    columns: srs.columns,
-    columnTypes: srs.columnTypes ?? [],
-    rows,
-    rowsAffected: srs.rowsAffected,
-    lastInsertRowid: srs.lastInsertRowid != null ? BigInt(srs.lastInsertRowid) : void 0,
-    toJSON: () => ({
-      columns: srs.columns,
-      columnTypes: srs.columnTypes ?? [],
-      rows: srs.rows,
-      rowsAffected: srs.rowsAffected,
-      lastInsertRowid: srs.lastInsertRowid
-    })
-  };
-}
-var init_daemon_protocol = __esm({
-  "src/lib/daemon-protocol.ts"() {
-    "use strict";
-  }
-});
-
-// src/lib/db-daemon-client.ts
-var db_daemon_client_exports = {};
-__export(db_daemon_client_exports, {
-  createDaemonDbClient: () => createDaemonDbClient,
-  initDaemonDbClient: () => initDaemonDbClient
-});
-function normalizeStatement2(stmt) {
-  if (typeof stmt === "string") {
-    return { sql: stmt, args: [] };
-  }
-  const sql = stmt.sql;
-  let args = [];
-  if (Array.isArray(stmt.args)) {
-    args = stmt.args.map((v) => serializeValue(v));
-  } else if (stmt.args && typeof stmt.args === "object") {
-    const named = {};
-    for (const [key, val] of Object.entries(stmt.args)) {
-      named[key] = serializeValue(val);
-    }
-    return { sql, args: named };
-  }
-  return { sql, args };
-}
-function createDaemonDbClient(fallbackClient) {
-  let _useDaemon = false;
-  const client = {
-    async execute(stmt) {
-      if (!_useDaemon || !isClientConnected()) {
-        return fallbackClient.execute(stmt);
-      }
-      const { sql, args } = normalizeStatement2(stmt);
-      const response = await sendDaemonRequest({
-        type: "db-execute",
-        sql,
-        args
-      });
-      if (response.error) {
-        const errMsg = String(response.error);
-        if (errMsg === "Not connected" || errMsg === "Request timeout" || errMsg === "Write failed" || errMsg === "DB not initialized") {
-          process.stderr.write(`[db-daemon] Transport error (${errMsg}), falling back to direct
-`);
-          return fallbackClient.execute(stmt);
-        }
-        throw new Error(errMsg);
-      }
-      if (response.db) {
-        return deserializeResultSet(response.db);
-      }
-      process.stderr.write("[db-daemon] Unexpected response shape, falling back to direct\n");
-      return fallbackClient.execute(stmt);
-    },
-    async batch(stmts, mode) {
-      if (!_useDaemon || !isClientConnected()) {
-        return fallbackClient.batch(stmts, mode);
-      }
-      const statements = stmts.map(normalizeStatement2);
-      const response = await sendDaemonRequest({
-        type: "db-batch",
-        statements,
-        mode: mode ?? "deferred"
-      });
-      if (response.error) {
-        const errMsg = String(response.error);
-        if (errMsg === "Not connected" || errMsg === "Request timeout" || errMsg === "Write failed" || errMsg === "DB not initialized") {
-          process.stderr.write(`[db-daemon] Batch transport error (${errMsg}), falling back to direct
-`);
-          return fallbackClient.batch(stmts, mode);
-        }
-        throw new Error(errMsg);
-      }
-      const batchResults = response["db-batch"];
-      if (batchResults) {
-        return batchResults.map(deserializeResultSet);
-      }
-      process.stderr.write("[db-daemon] Unexpected batch response shape, falling back to direct\n");
-      return fallbackClient.batch(stmts, mode);
-    },
-    // Transaction support — delegate to fallback (transactions need direct connection)
-    async transaction(mode) {
-      return fallbackClient.transaction(mode);
-    },
-    // executeMultiple — delegate to fallback (used only for schema migrations)
-    async executeMultiple(sql) {
-      return fallbackClient.executeMultiple(sql);
-    },
-    // migrate — delegate to fallback
-    async migrate(stmts) {
-      return fallbackClient.migrate(stmts);
-    },
-    // Sync mode — delegate to fallback
-    sync() {
-      return fallbackClient.sync();
-    },
-    close() {
-      _useDaemon = false;
-    },
-    get closed() {
-      return fallbackClient.closed;
-    },
-    get protocol() {
-      return fallbackClient.protocol;
-    }
-  };
-  return {
-    ...client,
-    /** Enable daemon routing (call after confirming daemon is connected) */
-    _enableDaemon() {
-      _useDaemon = true;
-    },
-    /** Check if daemon routing is active */
-    _isDaemonActive() {
-      return _useDaemon && isClientConnected();
-    }
-  };
-}
-async function initDaemonDbClient(fallbackClient) {
-  if (process.env.EXE_IS_DAEMON === "1") return null;
-  const connected = await connectEmbedDaemon();
-  if (!connected) {
-    process.stderr.write("[db-daemon] Daemon unavailable \u2014 using direct SQLite\n");
-    return null;
-  }
-  const client = createDaemonDbClient(fallbackClient);
-  client._enableDaemon();
-  process.stderr.write("[db-daemon] DB routing through daemon (single-writer)\n");
-  return client;
-}
-var init_db_daemon_client = __esm({
-  "src/lib/db-daemon-client.ts"() {
-    "use strict";
-    init_exe_daemon_client();
-    init_daemon_protocol();
-  }
-});
-
-// src/lib/database.ts
-var database_exports = {};
-__export(database_exports, {
-  SOFT_DELETE_RETENTION_DAYS: () => SOFT_DELETE_RETENTION_DAYS,
-  disposeDatabase: () => disposeDatabase,
-  disposeTurso: () => disposeTurso,
-  ensureSchema: () => ensureSchema,
-  getClient: () => getClient,
-  getRawClient: () => getRawClient,
-  initDaemonClient: () => initDaemonClient,
-  initDatabase: () => initDatabase,
-  initTurso: () => initTurso,
-  isInitialized: () => isInitialized,
-  setExternalClient: () => setExternalClient
-});
-import { chmodSync as chmodSync2, existsSync as existsSync6, statSync as statSync2, copyFileSync, unlinkSync as unlinkSync3, openSync as openSync2, closeSync as closeSync2, mkdirSync as mkdirSync2 } from "fs";
-import { createClient } from "@libsql/client";
-import { homedir } from "os";
-import { join } from "path";
-function logCatchDebug(context, err) {
-  if (_debugDb) {
-    process.stderr.write(
-      `[database] ${context}: ${err instanceof Error ? err.message : String(err)}
-`
-    );
-  }
-}
-function acquireDbLock() {
-  mkdirSync2(join(homedir(), ".exe-os"), { recursive: true });
-  try {
-    _lockFd = openSync2(DB_LOCK_PATH, "wx");
-  } catch (err) {
-    if (err && typeof err === "object" && "code" in err && err.code === "EEXIST") {
-      try {
-        const lockStat = statSync2(DB_LOCK_PATH);
-        if (Date.now() - lockStat.mtimeMs > 6e4) {
-          unlinkSync3(DB_LOCK_PATH);
-          _lockFd = openSync2(DB_LOCK_PATH, "wx");
-          return;
-        }
-      } catch (e) {
-        logCatchDebug("stale lock check", e);
-      }
-      process.stderr.write(
-        "[database] WARN: Another process holds db.lock \u2014 waiting briefly then proceeding.\n"
-      );
-      return;
-    }
-    throw err;
-  }
-}
-function releaseDbLock() {
-  if (_lockFd !== null) {
-    try {
-      closeSync2(_lockFd);
-    } catch (e) {
-      logCatchDebug("lock close", e);
-    }
-    _lockFd = null;
-  }
-  try {
-    unlinkSync3(DB_LOCK_PATH);
-  } catch (e) {
-    logCatchDebug("lock unlink", e);
-  }
-}
-async function initDatabase(config) {
-  acquireDbLock();
-  if (existsSync6(config.dbPath)) {
-    const dbStat = statSync2(config.dbPath);
-    if (dbStat.size === 0) {
-      const walPath = config.dbPath + "-wal";
-      if (existsSync6(walPath) && statSync2(walPath).size > 0) {
-        const backupPath = config.dbPath + ".zeroed-" + Date.now();
-        copyFileSync(config.dbPath, backupPath);
-        unlinkSync3(config.dbPath);
-        process.stderr.write(
-          `[database] CRITICAL: DB was 0 bytes. Moved to ${backupPath}, attempting WAL recovery.
-`
-        );
-      } else {
-        process.stderr.write(
-          `[database] CRITICAL: DB is 0 bytes and no WAL available for recovery. Data may be lost. Check backups at ${config.dbPath}.bak
-`
-        );
-      }
-    }
-  }
-  if (_walCheckpointTimer) {
-    clearInterval(_walCheckpointTimer);
-    _walCheckpointTimer = null;
-  }
-  if (_daemonClient) {
-    _daemonClient.close();
-    _daemonClient = null;
-  }
-  if (_adapterClient && _adapterClient !== _resilientClient) {
-    _adapterClient.close();
-  }
-  _adapterClient = null;
-  if (_client) {
-    _client.close();
-    _client = null;
-    _resilientClient = null;
-  }
-  const opts = {
-    url: `file:${config.dbPath}`
-  };
-  if (config.encryptionKey) {
-    opts.encryptionKey = config.encryptionKey;
-  }
-  _client = createClient(opts);
-  _resilientClient = wrapWithRetry(_client);
-  _adapterClient = _resilientClient;
-  await _client.execute("PRAGMA busy_timeout = 30000");
-  await _client.execute("PRAGMA journal_mode = WAL");
-  if (_walCheckpointTimer) clearInterval(_walCheckpointTimer);
-  _walCheckpointTimer = setInterval(() => {
-    _client?.execute("PRAGMA wal_checkpoint(PASSIVE)").catch(() => {
-    });
-  }, 3e4);
-  _walCheckpointTimer.unref();
-  if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
-    _adapterClient = await createPrismaDbAdapter(_resilientClient);
-  }
-  try {
-    chmodSync2(config.dbPath, 384);
-    for (const suffix of ["-wal", "-shm"]) {
-      try {
-        chmodSync2(config.dbPath + suffix, 384);
-      } catch (chmodErr) {
-        process.stderr.write(`[database] chmod ${suffix} failed: ${chmodErr instanceof Error ? chmodErr.message : String(chmodErr)}
-`);
-      }
-    }
-  } catch (chmodErr) {
-    process.stderr.write(`[database] chmod db failed: ${chmodErr instanceof Error ? chmodErr.message : String(chmodErr)}
-`);
-  }
-  releaseDbLock();
-}
-function isInitialized() {
-  return _adapterClient !== null || _client !== null;
-}
-function setExternalClient(client) {
-  _adapterClient = client;
-}
-function getClient() {
-  if (!_adapterClient) {
-    throw new Error("Database client not initialized. Call initDatabase() first.");
-  }
-  if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
-    return _adapterClient;
-  }
-  if (process.env.EXE_IS_DAEMON === "1") {
-    return _resilientClient;
-  }
-  if (_daemonClient && _daemonClient._isDaemonActive()) {
-    return _daemonClient;
-  }
-  if (!_resilientClient) {
-    return _adapterClient;
-  }
-  if (process.env.EXE_DB_READONLY === "1" || process.env.EXE_DB_DIRECT === "1") {
-    return _resilientClient;
-  }
-  if (!process.env.EXE_MCP_MODE) {
-    process.stderr.write(
-      "[database] WARN: Daemon unavailable \u2014 using direct SQLite (single-writer CLI mode).\n"
-    );
-    return _resilientClient;
-  }
-  process.stderr.write(
-    "[database] ERROR: Daemon is not running \u2014 refusing direct SQLite write access.\n[database] Direct writes from MCP processes bypass the single-writer gate and corrupt FTS5.\n[database] Restart the daemon: kill $(cat ~/.exe-os/exed.pid) && exe-os update\n"
-  );
-  throw new Error(
-    "Daemon not running. Direct SQLite writes from MCP processes are blocked to prevent FTS5 corruption. Restart daemon to restore service."
-  );
-}
-async function initDaemonClient() {
-  if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") return;
-  if (process.env.EXE_IS_DAEMON === "1") return;
-  if (process.env.VITEST) return;
-  if (!_resilientClient) return;
-  if (_daemonClient) return;
-  try {
-    const { initDaemonDbClient: initDaemonDbClient2 } = await Promise.resolve().then(() => (init_db_daemon_client(), db_daemon_client_exports));
-    _daemonClient = await initDaemonDbClient2(_resilientClient);
-  } catch (err) {
-    process.stderr.write(
-      `[database] Daemon client init failed (non-fatal): ${err instanceof Error ? err.message : String(err)}
-`
-    );
-  }
-}
-function getRawClient() {
-  if (!_client) {
-    throw new Error("Database client not initialized. Call initDatabase() first.");
-  }
-  return _client;
-}
-async function ensureSchema() {
-  const client = getRawClient();
-  await client.execute("PRAGMA journal_mode = WAL");
-  await client.execute("PRAGMA busy_timeout = 30000");
-  await client.execute("PRAGMA wal_autocheckpoint = 1000");
-  try {
-    await client.execute("PRAGMA libsql_vector_search_ef = 128");
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS memories (
-      id            TEXT PRIMARY KEY,
-      agent_id      TEXT NOT NULL,
-      agent_role    TEXT NOT NULL,
-      session_id    TEXT NOT NULL,
-      timestamp     TEXT NOT NULL,
-      tool_name     TEXT NOT NULL,
-      project_name  TEXT NOT NULL,
-      has_error     INTEGER NOT NULL DEFAULT 0,
-      raw_text      TEXT NOT NULL,
-      vector        F32_BLOB(1024),
-      version       INTEGER NOT NULL DEFAULT 0
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_memories_agent
-      ON memories(agent_id);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_timestamp
-      ON memories(timestamp);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_session
-      ON memories(session_id);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_project
-      ON memories(project_name);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_tool
-      ON memories(tool_name);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_version
-      ON memories(version);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_agent_project
-      ON memories(agent_id, project_name);
-  `);
-  await client.executeMultiple(`
-    CREATE VIRTUAL TABLE IF NOT EXISTS memories_fts USING fts5(
-      raw_text,
-      content='memories',
-      content_rowid='rowid'
-    );
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_ai AFTER INSERT ON memories BEGIN
-      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_ad AFTER DELETE ON memories BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_au AFTER UPDATE ON memories
-    WHEN new.status IS NULL OR new.status != 'deleted' BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
-    END;
-
-    -- Soft-delete trigger: remove from FTS when status changes to 'deleted'
-    CREATE TRIGGER IF NOT EXISTS memories_fts_soft_delete AFTER UPDATE ON memories
-    WHEN new.status = 'deleted' AND (old.status IS NULL OR old.status != 'deleted') BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-    END;
-  `);
-  try {
-    await client.execute("SELECT COUNT(*) FROM memories_fts LIMIT 1");
-  } catch (ftsErr) {
-    process.stderr.write(
-      `[database] WARN: memories_fts corrupted (${ftsErr instanceof Error ? ftsErr.message : String(ftsErr)}) \u2014 rebuilding FTS index.
-`
-    );
-    try {
-      await client.execute("INSERT INTO memories_fts(memories_fts) VALUES('rebuild')");
-      process.stderr.write("[database] FTS index rebuilt successfully.\n");
-    } catch (rebuildErr) {
-      process.stderr.write(
-        `[database] ERROR: FTS rebuild failed: ${rebuildErr instanceof Error ? rebuildErr.message : String(rebuildErr)}
-`
-      );
-    }
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS sync_meta (
-      key   TEXT PRIMARY KEY,
-      value TEXT NOT NULL
-    );
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS tasks (
-      id            TEXT PRIMARY KEY,
-      title         TEXT NOT NULL,
-      assigned_to   TEXT NOT NULL,
-      assigned_by   TEXT NOT NULL,
-      project_name  TEXT NOT NULL,
-      priority      TEXT NOT NULL DEFAULT 'p1',
-      status        TEXT NOT NULL DEFAULT 'open',
-      task_file     TEXT,
-      created_at    TEXT NOT NULL,
-      updated_at    TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_tasks_assignee_status
-      ON tasks(assigned_to, status);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS behaviors (
-      id           TEXT PRIMARY KEY,
-      agent_id     TEXT NOT NULL,
-      project_name TEXT,
-      domain       TEXT,
-      content      TEXT NOT NULL,
-      active       INTEGER NOT NULL DEFAULT 1,
-      created_at   TEXT NOT NULL,
-      updated_at   TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_behaviors_agent
-      ON behaviors(agent_id, active);
-  `);
-  try {
-    const coordinatorName = getCoordinatorName();
-    const existing = await client.execute({
-      sql: "SELECT COUNT(*) as cnt FROM behaviors WHERE agent_id = ?",
-      args: [coordinatorName]
-    });
-    if (Number(existing.rows[0]?.cnt) === 0) {
-      const seededAt = "2026-03-25T00:00:00Z";
-      for (const [domain, content] of [
-        ["workflow", `Don't ask "keep going?" \u2014 just keep executing phases/plans autonomously`],
-        ["tool-use", "Always use create_task MCP tool, never write .md files directly for task creation"],
-        ["workflow", "Auto-start reviewing when idle and reviews are pending \u2014 never ask founder for permission"]
-      ]) {
-        await client.execute({
-          sql: `INSERT INTO behaviors (id, agent_id, project_name, domain, content, active, created_at, updated_at)
-                VALUES (hex(randomblob(16)), ?, NULL, ?, ?, 1, ?, ?)`,
-          args: [coordinatorName, domain, content, seededAt, seededAt]
-        });
-      }
-    }
-  } catch (seedErr) {
-    logCatchDebug("behavior seed", seedErr);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE behaviors ADD COLUMN priority TEXT DEFAULT 'p1'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE behaviors ADD COLUMN vector F32_BLOB(${EMBEDDING_DIM})`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  for (const col of ["created_by_agent TEXT", "created_by_device TEXT", "source_session_id TEXT"]) {
-    try {
-      await client.execute({ sql: `ALTER TABLE behaviors ADD COLUMN ${col}`, args: [] });
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN blocked_by TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN parent_task_id TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `CREATE INDEX IF NOT EXISTS idx_tasks_parent_task_id
-              ON tasks(parent_task_id)
-              WHERE parent_task_id IS NOT NULL`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `UPDATE tasks SET status = 'done' WHERE status = 'completed'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN reviewer TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN context TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN result TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN assigned_tmux TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN checkpoint TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN checkpoint_count INTEGER NOT NULL DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN complexity TEXT NOT NULL DEFAULT 'standard'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN session_scope TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN task_id TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN consolidated INTEGER NOT NULL DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN author_device_id TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN scope TEXT NOT NULL DEFAULT 'business'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS consolidations (
-      id                    TEXT PRIMARY KEY,
-      consolidated_memory_id TEXT NOT NULL,
-      source_memory_id      TEXT NOT NULL,
-      created_at            TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_consolidations_source
-      ON consolidations(source_memory_id);
-
-    CREATE INDEX IF NOT EXISTS idx_consolidations_consolidated
-      ON consolidations(consolidated_memory_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS reminders (
-      id            TEXT PRIMARY KEY,
-      text          TEXT NOT NULL,
-      created_at    TEXT NOT NULL,
-      due_date      TEXT,
-      completed_at  TEXT
-    );
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS notifications (
-      id          TEXT PRIMARY KEY,
-      agent_id    TEXT NOT NULL,
-      agent_role  TEXT NOT NULL,
-      event       TEXT NOT NULL,
-      project     TEXT NOT NULL,
-      summary     TEXT NOT NULL,
-      task_file   TEXT,
-      session_scope TEXT,
-      read        INTEGER NOT NULL DEFAULT 0,
-      created_at  TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_notifications_read
-      ON notifications(read);
-
-    CREATE INDEX IF NOT EXISTS idx_notifications_agent
-      ON notifications(agent_id, session_scope);
-
-    CREATE INDEX IF NOT EXISTS idx_notifications_task_file
-      ON notifications(task_file);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS schedules (
-      id            TEXT PRIMARY KEY,
-      cron          TEXT NOT NULL,
-      description   TEXT NOT NULL,
-      job_type      TEXT NOT NULL DEFAULT 'report',
-      prompt        TEXT,
-      assigned_to   TEXT,
-      project_name  TEXT,
-      active        INTEGER NOT NULL DEFAULT 1,
-      use_crontab   INTEGER NOT NULL DEFAULT 0,
-      created_at    TEXT NOT NULL
-    );
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS device_registry (
-      device_id     TEXT PRIMARY KEY,
-      friendly_name TEXT NOT NULL,
-      hostname      TEXT NOT NULL,
-      projects      TEXT NOT NULL DEFAULT '[]',
-      agents        TEXT NOT NULL DEFAULT '[]',
-      connected     INTEGER DEFAULT 0,
-      last_seen     TEXT NOT NULL
-    );
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS messages (
-      id              TEXT PRIMARY KEY,
-      from_agent      TEXT NOT NULL,
-      from_device     TEXT NOT NULL DEFAULT 'local',
-      target_agent    TEXT NOT NULL,
-      target_project  TEXT,
-      target_device   TEXT NOT NULL DEFAULT 'local',
-      session_scope   TEXT,
-      content         TEXT NOT NULL,
-      priority        TEXT DEFAULT 'normal',
-      status          TEXT DEFAULT 'pending',
-      server_seq      INTEGER,
-      retry_count     INTEGER DEFAULT 0,
-      created_at      TEXT NOT NULL,
-      delivered_at    TEXT,
-      processed_at    TEXT,
-      failed_at       TEXT,
-      failure_reason  TEXT
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_messages_target
-      ON messages(target_agent, session_scope, status);
-
-    CREATE INDEX IF NOT EXISTS idx_messages_conversation_order
-      ON messages(target_agent, session_scope, from_agent, server_seq);
-  `);
-  try {
-    await client.execute({
-      sql: `ALTER TABLE notifications ADD COLUMN session_scope TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE messages ADD COLUMN session_scope TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE INDEX IF NOT EXISTS idx_notifications_agent_scope_read
-      ON notifications(agent_id, session_scope, read, created_at);
-
-    CREATE INDEX IF NOT EXISTS idx_messages_target_scope_status
-      ON messages(target_agent, session_scope, status, created_at);
-  `);
-  try {
-    await client.execute({
-      sql: `UPDATE memories SET project_name = 'exe-create' WHERE project_name = 'web'`,
-      args: []
-    });
-    await client.execute({
-      sql: `UPDATE memories SET project_name = 'exe-os' WHERE project_name = 'worker'`,
-      args: []
-    });
-    await client.execute({
-      sql: `UPDATE tasks SET project_name = 'exe-create' WHERE project_name = 'web'`,
-      args: []
-    });
-    await client.execute({
-      sql: `UPDATE tasks SET project_name = 'exe-os' WHERE project_name = 'worker'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS trajectories (
-      id              TEXT PRIMARY KEY,
-      task_id         TEXT NOT NULL,
-      agent_id        TEXT NOT NULL,
-      project_name    TEXT NOT NULL,
-      task_title      TEXT NOT NULL,
-      signature       TEXT NOT NULL,
-      signature_hash  TEXT NOT NULL,
-      tool_count      INTEGER NOT NULL,
-      skill_id        TEXT,
-      created_at      TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_trajectories_hash
-      ON trajectories(signature_hash);
-
-    CREATE INDEX IF NOT EXISTS idx_trajectories_agent
-      ON trajectories(agent_id);
-  `);
-  try {
-    await client.execute("ALTER TABLE trajectories ADD COLUMN skill_id TEXT");
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS consolidations (
-      id                    TEXT PRIMARY KEY,
-      consolidated_memory_id TEXT NOT NULL,
-      source_memory_id      TEXT NOT NULL,
-      created_at            TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_consolidations_source
-      ON consolidations(source_memory_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS audit_trail (
-      id                  INTEGER PRIMARY KEY AUTOINCREMENT,
-      timestamp           TEXT NOT NULL,
-      session_id          TEXT NOT NULL,
-      agent_id            TEXT NOT NULL,
-      tool                TEXT NOT NULL,
-      input               TEXT,
-      decision            TEXT NOT NULL,
-      reason              TEXT,
-      is_customer_facing  INTEGER NOT NULL DEFAULT 0
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_audit_trail_agent
-      ON audit_trail(agent_id, timestamp);
-
-    CREATE INDEX IF NOT EXISTS idx_audit_trail_session
-      ON audit_trail(session_id);
-  `);
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN consolidated INTEGER NOT NULL DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN importance INTEGER DEFAULT 5`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN status TEXT DEFAULT 'active'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN deleted_at TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN confidence REAL DEFAULT 0.7`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN last_accessed TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `UPDATE memories SET last_accessed = timestamp WHERE last_accessed IS NULL`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN wiki_synced INTEGER DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN graph_extracted INTEGER DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  for (const col of [
-    "ALTER TABLE memories ADD COLUMN content_hash TEXT",
-    "ALTER TABLE memories ADD COLUMN graph_extracted_hash TEXT"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_content_hash ON memories(content_hash, agent_id)`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_scoped_content_hash
-         ON memories(content_hash, agent_id, project_name, memory_type)
-         WHERE content_hash IS NOT NULL`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS entities (
-      id TEXT PRIMARY KEY,
-      name TEXT NOT NULL,
-      type TEXT NOT NULL,
-      first_seen TEXT NOT NULL,
-      last_seen TEXT NOT NULL,
-      properties TEXT DEFAULT '{}',
-      UNIQUE(name, type)
-    );
-
-    CREATE TABLE IF NOT EXISTS relationships (
-      id TEXT PRIMARY KEY,
-      source_entity_id TEXT NOT NULL,
-      target_entity_id TEXT NOT NULL,
-      type TEXT NOT NULL,
-      weight REAL DEFAULT 1.0,
-      timestamp TEXT NOT NULL,
-      properties TEXT DEFAULT '{}',
-      UNIQUE(source_entity_id, target_entity_id, type)
-    );
-
-    CREATE TABLE IF NOT EXISTS entity_memories (
-      entity_id TEXT NOT NULL,
-      memory_id TEXT NOT NULL,
-      PRIMARY KEY (entity_id, memory_id)
-    );
-
-    CREATE TABLE IF NOT EXISTS relationship_memories (
-      relationship_id TEXT NOT NULL,
-      memory_id TEXT NOT NULL,
-      PRIMARY KEY (relationship_id, memory_id)
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_entities_name ON entities(name);
-    CREATE INDEX IF NOT EXISTS idx_entities_type ON entities(type);
-    CREATE INDEX IF NOT EXISTS idx_relationships_source ON relationships(source_entity_id);
-    CREATE INDEX IF NOT EXISTS idx_relationships_target ON relationships(target_entity_id);
-
-    CREATE TABLE IF NOT EXISTS hyperedges (
-      id TEXT PRIMARY KEY,
-      label TEXT NOT NULL,
-      relation TEXT NOT NULL,
-      confidence REAL DEFAULT 1.0,
-      timestamp TEXT NOT NULL
-    );
-
-    CREATE TABLE IF NOT EXISTS hyperedge_nodes (
-      hyperedge_id TEXT NOT NULL,
-      entity_id TEXT NOT NULL,
-      PRIMARY KEY (hyperedge_id, entity_id)
-    );
-
-    CREATE VIRTUAL TABLE IF NOT EXISTS entities_fts USING fts5(
-      name,
-      content=entities,
-      content_rowid=rowid
-    );
-
-    CREATE TRIGGER IF NOT EXISTS entities_fts_ai AFTER INSERT ON entities BEGIN
-      INSERT INTO entities_fts(rowid, name) VALUES (new.rowid, new.name);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS entities_fts_ad AFTER DELETE ON entities BEGIN
-      INSERT INTO entities_fts(entities_fts, rowid, name) VALUES('delete', old.rowid, old.name);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS entities_fts_au AFTER UPDATE ON entities BEGIN
-      INSERT INTO entities_fts(entities_fts, rowid, name) VALUES('delete', old.rowid, old.name);
-      INSERT INTO entities_fts(rowid, name) VALUES (new.rowid, new.name);
-    END;
-  `);
-  try {
-    await client.execute("INSERT INTO entities_fts(entities_fts) VALUES('rebuild')");
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS entity_aliases (
-      alias TEXT NOT NULL PRIMARY KEY,
-      canonical_entity_id TEXT NOT NULL
-    );
-    CREATE INDEX IF NOT EXISTS idx_entity_aliases_canonical ON entity_aliases(canonical_entity_id);
-  `);
-  for (const col of [
-    "ALTER TABLE relationships ADD COLUMN confidence REAL DEFAULT 1.0",
-    "ALTER TABLE relationships ADD COLUMN confidence_label TEXT DEFAULT 'extracted'"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_status ON memories(status)`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS identity (
-      id          INTEGER PRIMARY KEY AUTOINCREMENT,
-      agent_id    TEXT NOT NULL UNIQUE,
-      content_hash TEXT NOT NULL,
-      updated_at  TEXT NOT NULL,
-      updated_by  TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_identity_agent ON identity(agent_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS chat_history (
-      id          INTEGER PRIMARY KEY AUTOINCREMENT,
-      session_id  TEXT NOT NULL,
-      role        TEXT NOT NULL,
-      content     TEXT NOT NULL,
-      tool_name   TEXT,
-      tool_id     TEXT,
-      is_error    INTEGER NOT NULL DEFAULT 0,
-      timestamp   INTEGER NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_chat_history_session
-      ON chat_history(session_id, id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS session_events (
-      id            TEXT PRIMARY KEY,
-      agent_id      TEXT NOT NULL,
-      agent_role    TEXT NOT NULL,
-      session_id    TEXT NOT NULL,
-      session_scope TEXT,
-      project_name  TEXT NOT NULL,
-      event_index   INTEGER NOT NULL,
-      event_type    TEXT NOT NULL,
-      tool_name     TEXT,
-      tool_use_id   TEXT,
-      content       TEXT NOT NULL,
-      payload_json  TEXT,
-      has_error     INTEGER NOT NULL DEFAULT 0,
-      created_at    TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_session_events_agent_time
-      ON session_events(agent_id, created_at DESC);
-
-    CREATE INDEX IF NOT EXISTS idx_session_events_session_index
-      ON session_events(session_id, event_index);
-
-    CREATE INDEX IF NOT EXISTS idx_session_events_scope_agent_time
-      ON session_events(session_scope, agent_id, created_at DESC);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS workspaces (
-      id              TEXT PRIMARY KEY,
-      slug            TEXT NOT NULL UNIQUE,
-      name            TEXT NOT NULL,
-      owner_agent_id  TEXT,
-      created_at      TEXT NOT NULL,
-      metadata        TEXT
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_workspaces_slug
-      ON workspaces(slug);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS documents (
-      id            TEXT PRIMARY KEY,
-      workspace_id  TEXT NOT NULL,
-      filename      TEXT NOT NULL,
-      mime          TEXT,
-      source_type   TEXT,
-      user_id       TEXT,
-      uploaded_at   TEXT NOT NULL,
-      metadata      TEXT,
-      FOREIGN KEY (workspace_id) REFERENCES workspaces(id)
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_documents_workspace
-      ON documents(workspace_id);
-
-    CREATE INDEX IF NOT EXISTS idx_documents_user
-      ON documents(user_id);
-  `);
-  for (const column of [
-    "workspace_id TEXT",
-    "document_id TEXT",
-    "user_id TEXT",
-    "char_offset INTEGER",
-    "page_number INTEGER"
-  ]) {
-    try {
-      await client.execute({
-        sql: `ALTER TABLE memories ADD COLUMN ${column}`,
-        args: []
-      });
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  for (const col of [
-    "ALTER TABLE memories ADD COLUMN source_path TEXT",
-    "ALTER TABLE memories ADD COLUMN source_type TEXT DEFAULT 'text'"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  await client.executeMultiple(`
-    CREATE INDEX IF NOT EXISTS idx_memories_workspace
-      ON memories(workspace_id);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_document
-      ON memories(document_id);
-
-    CREATE INDEX IF NOT EXISTS idx_memories_user
-      ON memories(user_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS session_kills (
-      id                      TEXT PRIMARY KEY,
-      session_name            TEXT NOT NULL,
-      agent_id                TEXT NOT NULL,
-      killed_at               TIMESTAMP NOT NULL,
-      reason                  TEXT NOT NULL,
-      ticks_idle              INTEGER,
-      estimated_tokens_saved  INTEGER
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_session_kills_killed_at
-      ON session_kills(killed_at);
-
-    CREATE INDEX IF NOT EXISTS idx_session_kills_agent
-      ON session_kills(agent_id);
-  `);
-  await client.execute(`
-    CREATE TABLE IF NOT EXISTS company_procedures (
-      id TEXT PRIMARY KEY,
-      title TEXT NOT NULL,
-      content TEXT NOT NULL,
-      priority TEXT NOT NULL DEFAULT 'p0',
-      domain TEXT,
-      active INTEGER NOT NULL DEFAULT 1,
-      created_at TEXT NOT NULL,
-      updated_at TEXT NOT NULL
-    )
-  `);
-  const legacyProcedureObject = await client.execute({
-    sql: "SELECT type FROM sqlite_master WHERE name = 'global_procedures'",
-    args: []
-  });
-  const legacyProcedureType = legacyProcedureObject.rows[0]?.type == null ? null : String(legacyProcedureObject.rows[0].type);
-  if (legacyProcedureType === "table") {
-    await client.execute(`
-      INSERT OR IGNORE INTO company_procedures
-        (id, title, content, priority, domain, active, created_at, updated_at)
-      SELECT id, title, content, priority, domain, active, created_at, updated_at
-      FROM global_procedures
-    `);
-    await client.executeMultiple(`
-      CREATE TRIGGER IF NOT EXISTS global_procedures_mirror_insert
-        AFTER INSERT ON global_procedures
-      BEGIN
-        INSERT OR IGNORE INTO company_procedures
-          (id, title, content, priority, domain, active, created_at, updated_at)
-        VALUES
-          (NEW.id, NEW.title, NEW.content, NEW.priority, NEW.domain, NEW.active, NEW.created_at, NEW.updated_at);
-      END;
-
-      CREATE TRIGGER IF NOT EXISTS global_procedures_mirror_update
-        AFTER UPDATE ON global_procedures
-      BEGIN
-        UPDATE company_procedures
-        SET title = NEW.title,
-            content = NEW.content,
-            priority = NEW.priority,
-            domain = NEW.domain,
-            active = NEW.active,
-            created_at = NEW.created_at,
-            updated_at = NEW.updated_at
-        WHERE id = OLD.id;
-      END;
-    `);
-  } else {
-    await client.execute(`
-      CREATE VIEW IF NOT EXISTS global_procedures AS
-      SELECT id, title, content, priority, domain, active, created_at, updated_at
-      FROM company_procedures
-    `);
-    await client.executeMultiple(`
-      CREATE TRIGGER IF NOT EXISTS global_procedures_insert
-        INSTEAD OF INSERT ON global_procedures
-      BEGIN
-        INSERT INTO company_procedures
-          (id, title, content, priority, domain, active, created_at, updated_at)
-        VALUES
-          (NEW.id, NEW.title, NEW.content, NEW.priority, NEW.domain, NEW.active, NEW.created_at, NEW.updated_at);
-      END;
-
-      CREATE TRIGGER IF NOT EXISTS global_procedures_update
-        INSTEAD OF UPDATE ON global_procedures
-      BEGIN
-        UPDATE company_procedures
-        SET title = NEW.title,
-            content = NEW.content,
-            priority = NEW.priority,
-            domain = NEW.domain,
-            active = NEW.active,
-            created_at = NEW.created_at,
-            updated_at = NEW.updated_at
-        WHERE id = OLD.id;
-      END;
-    `);
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS conversations (
-      id              TEXT PRIMARY KEY,
-      platform        TEXT NOT NULL,
-      external_id     TEXT,
-      sender_id       TEXT NOT NULL,
-      sender_name     TEXT,
-      sender_phone    TEXT,
-      sender_email    TEXT,
-      recipient_id    TEXT,
-      channel_id      TEXT NOT NULL,
-      thread_id       TEXT,
-      reply_to_id     TEXT,
-      content_text    TEXT,
-      content_media   TEXT,
-      content_metadata TEXT,
-      agent_response  TEXT,
-      agent_name      TEXT,
-      timestamp       TEXT NOT NULL,
-      ingested_at     TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_conversations_platform
-      ON conversations(platform);
-
-    CREATE INDEX IF NOT EXISTS idx_conversations_sender
-      ON conversations(sender_id);
-
-    CREATE INDEX IF NOT EXISTS idx_conversations_timestamp
-      ON conversations(timestamp);
-
-    CREATE INDEX IF NOT EXISTS idx_conversations_thread
-      ON conversations(thread_id);
-
-    CREATE INDEX IF NOT EXISTS idx_conversations_channel
-      ON conversations(channel_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS session_agent_map (
-      session_uuid TEXT PRIMARY KEY,
-      agent_id TEXT NOT NULL,
-      session_name TEXT,
-      task_id TEXT,
-      project_name TEXT,
-      started_at TEXT NOT NULL,
-      cache_cold_count INTEGER NOT NULL DEFAULT 0
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_session_agent_map_agent
-      ON session_agent_map(agent_id);
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS agent_file_reads (
-      session_uuid TEXT NOT NULL,
-      agent_id TEXT NOT NULL,
-      file_path TEXT NOT NULL,
-      read_at TEXT NOT NULL,
-      commit_hash TEXT,
-      PRIMARY KEY (session_uuid, file_path)
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_file_reads_agent_read_at
-      ON agent_file_reads(agent_id, read_at);
-  `);
-  try {
-    const mapCount = await client.execute({ sql: `SELECT COUNT(*) as cnt FROM session_agent_map`, args: [] });
-    if (Number(mapCount.rows[0]?.cnt ?? 0) === 0) {
-      await client.execute({
-        sql: `INSERT OR IGNORE INTO session_agent_map (session_uuid, agent_id, session_name, started_at)
-              SELECT session_id, agent_id, '', MIN(timestamp)
-              FROM memories
-              WHERE session_id IS NOT NULL AND session_id != '' AND agent_id IS NOT NULL AND agent_id != ''
-              GROUP BY session_id, agent_id`,
-        args: []
-      });
-    }
-  } catch (e) {
-    logCatchDebug("session_agent_map backfill", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE session_agent_map ADD COLUMN cache_cold_count INTEGER NOT NULL DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN budget_tokens INTEGER`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN budget_fallback_model TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN tokens_used INTEGER DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN tokens_warned_at INTEGER`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN spawn_runtime TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE tasks ADD COLUMN spawn_model TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  await client.executeMultiple(`
-    CREATE VIRTUAL TABLE IF NOT EXISTS conversations_fts USING fts5(
-      content_text,
-      sender_name,
-      agent_response,
-      content='conversations',
-      content_rowid='rowid'
-    );
-
-    CREATE TRIGGER IF NOT EXISTS conversations_fts_ai AFTER INSERT ON conversations BEGIN
-      INSERT INTO conversations_fts(rowid, content_text, sender_name, agent_response)
-      VALUES (new.rowid, new.content_text, new.sender_name, new.agent_response);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS conversations_fts_ad AFTER DELETE ON conversations BEGIN
-      INSERT INTO conversations_fts(conversations_fts, rowid, content_text, sender_name, agent_response)
-      VALUES('delete', old.rowid, old.content_text, old.sender_name, old.agent_response);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS conversations_fts_au AFTER UPDATE ON conversations BEGIN
-      INSERT INTO conversations_fts(conversations_fts, rowid, content_text, sender_name, agent_response)
-      VALUES('delete', old.rowid, old.content_text, old.sender_name, old.agent_response);
-      INSERT INTO conversations_fts(rowid, content_text, sender_name, agent_response)
-      VALUES (new.rowid, new.content_text, new.sender_name, new.agent_response);
-    END;
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS memory_cards (
-      id            TEXT PRIMARY KEY,
-      memory_id     TEXT NOT NULL,
-      agent_id      TEXT NOT NULL,
-      session_id    TEXT NOT NULL,
-      project_name  TEXT,
-      timestamp     TEXT NOT NULL,
-      card_type     TEXT NOT NULL,
-      subject       TEXT,
-      predicate     TEXT,
-      object        TEXT,
-      content       TEXT NOT NULL,
-      source_ref    TEXT,
-      confidence    REAL DEFAULT 0.6,
-      active        INTEGER DEFAULT 1,
-      created_at    TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_memory_cards_agent
-      ON memory_cards(agent_id, active, timestamp);
-
-    CREATE INDEX IF NOT EXISTS idx_memory_cards_memory
-      ON memory_cards(memory_id);
-
-    CREATE VIRTUAL TABLE IF NOT EXISTS memory_cards_fts
-      USING fts5(content, subject, predicate, object, content='memory_cards', content_rowid='rowid');
-
-    CREATE TRIGGER IF NOT EXISTS memory_cards_fts_ai AFTER INSERT ON memory_cards BEGIN
-      INSERT INTO memory_cards_fts(rowid, content, subject, predicate, object)
-      VALUES (new.rowid, new.content, new.subject, new.predicate, new.object);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memory_cards_fts_ad AFTER DELETE ON memory_cards BEGIN
-      INSERT INTO memory_cards_fts(memory_cards_fts, rowid, content, subject, predicate, object)
-      VALUES('delete', old.rowid, old.content, old.subject, old.predicate, old.object);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memory_cards_fts_au AFTER UPDATE ON memory_cards BEGIN
-      INSERT INTO memory_cards_fts(memory_cards_fts, rowid, content, subject, predicate, object)
-      VALUES('delete', old.rowid, old.content, old.subject, old.predicate, old.object);
-      INSERT INTO memory_cards_fts(rowid, content, subject, predicate, object)
-      VALUES (new.rowid, new.content, new.subject, new.predicate, new.object);
-    END;
-  `);
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS agent_sessions (
-      id              TEXT PRIMARY KEY,
-      agent_id        TEXT NOT NULL,
-      project_name    TEXT,
-      started_at      TEXT NOT NULL,
-      last_event_at   TEXT NOT NULL,
-      event_count     INTEGER NOT NULL DEFAULT 0,
-      properties      TEXT DEFAULT '{}'
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_sessions_agent_time
-      ON agent_sessions(agent_id, started_at);
-
-    CREATE TABLE IF NOT EXISTS agent_goals (
-      id                TEXT PRIMARY KEY,
-      statement         TEXT NOT NULL,
-      owner_agent_id    TEXT,
-      project_name      TEXT,
-      status            TEXT NOT NULL DEFAULT 'open',
-      priority          INTEGER NOT NULL DEFAULT 5,
-      success_criteria  TEXT,
-      parent_goal_id    TEXT,
-      due_at            TEXT,
-      achieved_at       TEXT,
-      supersedes_id     TEXT,
-      created_at        TEXT NOT NULL,
-      updated_at        TEXT NOT NULL,
-      source_memory_id  TEXT
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_goals_project_status
-      ON agent_goals(project_name, status, priority);
-
-    CREATE TABLE IF NOT EXISTS agent_events (
-      id                  TEXT PRIMARY KEY,
-      event_type          TEXT NOT NULL,
-      occurred_at         TEXT NOT NULL,
-      sequence_index      INTEGER NOT NULL,
-      actor_agent_id      TEXT,
-      agent_role          TEXT,
-      project_name        TEXT,
-      session_id          TEXT,
-      task_id             TEXT,
-      goal_id             TEXT,
-      parent_event_id     TEXT,
-      intention           TEXT,
-      outcome             TEXT,
-      evidence_memory_id  TEXT,
-      impact              TEXT,
-      payload             TEXT DEFAULT '{}',
-      created_at          TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_events_time
-      ON agent_events(occurred_at, sequence_index);
-
-    CREATE INDEX IF NOT EXISTS idx_agent_events_session_seq
-      ON agent_events(session_id, sequence_index);
-
-    CREATE INDEX IF NOT EXISTS idx_agent_events_goal_time
-      ON agent_events(goal_id, occurred_at);
-
-    CREATE INDEX IF NOT EXISTS idx_agent_events_memory
-      ON agent_events(evidence_memory_id);
-
-    CREATE TABLE IF NOT EXISTS agent_goal_links (
-      id           TEXT PRIMARY KEY,
-      goal_id      TEXT NOT NULL,
-      link_type    TEXT NOT NULL,
-      target_id    TEXT NOT NULL,
-      target_type  TEXT NOT NULL,
-      created_at   TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_goal_links_goal
-      ON agent_goal_links(goal_id, target_type);
-
-    CREATE TABLE IF NOT EXISTS agent_semantic_labels (
-      id                TEXT PRIMARY KEY,
-      source_memory_id  TEXT NOT NULL,
-      event_id          TEXT,
-      labeler           TEXT NOT NULL,
-      schema_version    INTEGER NOT NULL DEFAULT 1,
-      confidence        REAL NOT NULL DEFAULT 0,
-      labels            TEXT NOT NULL,
-      created_at        TEXT NOT NULL,
-      updated_at        TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_memory
-      ON agent_semantic_labels(source_memory_id, labeler);
-
-    CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_event
-      ON agent_semantic_labels(event_id);
-
-    CREATE TABLE IF NOT EXISTS agent_reflection_checkpoints (
-      id                  TEXT PRIMARY KEY,
-      project_name        TEXT,
-      session_id          TEXT,
-      window_start_at     TEXT NOT NULL,
-      window_end_at       TEXT NOT NULL,
-      event_count         INTEGER NOT NULL DEFAULT 0,
-      goal_count          INTEGER NOT NULL DEFAULT 0,
-      success_count       INTEGER NOT NULL DEFAULT 0,
-      failure_count       INTEGER NOT NULL DEFAULT 0,
-      risk_count          INTEGER NOT NULL DEFAULT 0,
-      summary             TEXT NOT NULL,
-      learnings           TEXT NOT NULL DEFAULT '[]',
-      next_actions        TEXT NOT NULL DEFAULT '[]',
-      evidence_event_ids  TEXT NOT NULL DEFAULT '[]',
-      confidence          REAL NOT NULL DEFAULT 0,
-      created_at          TEXT NOT NULL
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_agent_reflection_project_time
-      ON agent_reflection_checkpoints(project_name, window_end_at);
-
-    CREATE INDEX IF NOT EXISTS idx_agent_reflection_session_time
-      ON agent_reflection_checkpoints(session_id, window_end_at);
-  `);
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN tier INTEGER DEFAULT 3`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_tier ON memories(tier)`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `UPDATE memories SET tier = 1 WHERE tool_name = 'commit_to_long_term_memory' AND importance >= 8 AND tier = 3`,
-      args: []
-    });
-    await client.execute({
-      sql: `UPDATE memories SET tier = 2 WHERE tool_name IN ('store_memory', 'manual') AND importance >= 5 AND tier = 3`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN supersedes_id TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_supersedes ON memories(supersedes_id) WHERE supersedes_id IS NOT NULL`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  for (const col of [
-    "ALTER TABLE tasks ADD COLUMN checkpoint TEXT",
-    "ALTER TABLE tasks ADD COLUMN checkpoint_count INTEGER DEFAULT 0"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN draft INTEGER DEFAULT 0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_draft ON memories(draft) WHERE draft = 1`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  for (const col of [
-    "ALTER TABLE memories ADD COLUMN valid_from TEXT",
-    "ALTER TABLE memories ADD COLUMN invalid_at TEXT"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  try {
-    await client.execute({
-      sql: `UPDATE memories SET valid_from = timestamp WHERE valid_from IS NULL`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN memory_type TEXT DEFAULT 'raw'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute(
-      `CREATE INDEX IF NOT EXISTS idx_memories_type ON memories(memory_type)`
-    );
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN trajectory TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  for (const col of [
-    "ALTER TABLE memories ADD COLUMN intent TEXT",
-    "ALTER TABLE memories ADD COLUMN outcome TEXT",
-    "ALTER TABLE memories ADD COLUMN domain TEXT",
-    "ALTER TABLE memories ADD COLUMN referenced_entities TEXT",
-    "ALTER TABLE memories ADD COLUMN retrieval_count INTEGER DEFAULT 0",
-    "ALTER TABLE memories ADD COLUMN chain_position TEXT",
-    "ALTER TABLE memories ADD COLUMN review_status TEXT",
-    "ALTER TABLE memories ADD COLUMN context_window_pct INTEGER",
-    "ALTER TABLE memories ADD COLUMN file_paths TEXT",
-    "ALTER TABLE memories ADD COLUMN commit_hash TEXT",
-    "ALTER TABLE memories ADD COLUMN duration_ms INTEGER",
-    "ALTER TABLE memories ADD COLUMN token_cost REAL",
-    "ALTER TABLE memories ADD COLUMN audience TEXT",
-    "ALTER TABLE memories ADD COLUMN language_type TEXT",
-    "ALTER TABLE memories ADD COLUMN parent_memory_id TEXT"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch (e) {
-      logCatchDebug("migration", e);
-    }
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN procedure_for TEXT`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `UPDATE tasks SET status = 'closed' WHERE status = 'done' AND result IS NOT NULL`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-  try {
-    await client.execute({
-      sql: `ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0`,
-      args: []
-    });
-  } catch (e) {
-    logCatchDebug("migration", e);
-  }
-}
-async function disposeDatabase() {
-  if (_walCheckpointTimer) {
-    clearInterval(_walCheckpointTimer);
-    _walCheckpointTimer = null;
-  }
-  if (_client) {
-    try {
-      await _client.execute("PRAGMA wal_checkpoint(PASSIVE)");
-    } catch (e) {
-      logCatchDebug("WAL checkpoint", e);
-    }
-  }
-  if (_daemonClient) {
-    _daemonClient.close();
-    _daemonClient = null;
-  }
-  if (_adapterClient && _adapterClient !== _resilientClient) {
-    _adapterClient.close();
-  }
-  _adapterClient = null;
-  if (_client) {
-    _client.close();
-    _client = null;
-    _resilientClient = null;
-  }
-  releaseDbLock();
-}
-var _debugDb, _client, _resilientClient, _walCheckpointTimer, _daemonClient, _adapterClient, _lockFd, DB_LOCK_PATH, initTurso, SOFT_DELETE_RETENTION_DAYS, disposeTurso;
-var init_database = __esm({
-  "src/lib/database.ts"() {
-    "use strict";
-    init_db_retry();
-    init_employees();
-    init_database_adapter();
-    init_memory();
-    _debugDb = process.env.EXE_DEBUG === "1";
-    _client = null;
-    _resilientClient = null;
-    _walCheckpointTimer = null;
-    _daemonClient = null;
-    _adapterClient = null;
-    _lockFd = null;
-    DB_LOCK_PATH = join(homedir(), ".exe-os", "db.lock");
-    initTurso = initDatabase;
-    SOFT_DELETE_RETENTION_DAYS = 7;
-    disposeTurso = disposeDatabase;
-  }
-});
-
-// src/lib/shard-manager.ts
-var shard_manager_exports = {};
-__export(shard_manager_exports, {
-  auditShardHealth: () => auditShardHealth,
-  disposeShards: () => disposeShards,
-  ensureShardSchema: () => ensureShardSchema,
-  getOpenShardCount: () => getOpenShardCount,
-  getReadyShardClient: () => getReadyShardClient,
-  getShardClient: () => getShardClient,
-  getShardsDir: () => getShardsDir,
-  initShardManager: () => initShardManager,
-  isShardingEnabled: () => isShardingEnabled,
-  listShards: () => listShards,
-  shardExists: () => shardExists
-});
-import path7 from "path";
-import { existsSync as existsSync8, mkdirSync as mkdirSync3, readdirSync, renameSync as renameSync3, statSync as statSync4 } from "fs";
-import { createClient as createClient2 } from "@libsql/client";
-function initShardManager(encryptionKey) {
-  _encryptionKey = encryptionKey;
-  _keyValidated = false;
-  _keyValidationPromise = null;
-  if (!existsSync8(SHARDS_DIR)) {
-    mkdirSync3(SHARDS_DIR, { recursive: true });
-  }
-  const existingShards = readdirSync(SHARDS_DIR).filter((f) => f.endsWith(".db"));
-  if (existingShards.length === 0) {
-    _keyValidated = true;
-  }
-  _shardingEnabled = true;
-  if (_evictionTimer) clearInterval(_evictionTimer);
-  _evictionTimer = setInterval(evictIdleShards, EVICTION_INTERVAL_MS);
-  _evictionTimer.unref();
-}
-async function validateEncryptionKey() {
-  if (_keyValidated) return true;
-  if (!_encryptionKey) return false;
-  const existingShards = readdirSync(SHARDS_DIR).filter((f) => f.endsWith(".db"));
-  if (existingShards.length === 0) {
-    _keyValidated = true;
-    return true;
-  }
-  for (const shardFile of existingShards.slice(0, 3)) {
-    const dbPath = path7.join(SHARDS_DIR, shardFile);
-    const testClient = createClient2({ url: `file:${dbPath}`, encryptionKey: _encryptionKey });
-    try {
-      await testClient.execute("SELECT COUNT(*) FROM sqlite_schema");
-      testClient.close();
-      _keyValidated = true;
-      return true;
-    } catch {
-      try {
-        testClient.close();
-      } catch {
-      }
-    }
-  }
-  process.stderr.write(
-    `[shard-manager] WARNING: encryption key cannot read any existing shards (${existingShards.length} found). New shard creation disabled to prevent stranded files. Run /exe-doctor to audit.
-`
-  );
-  _shardingEnabled = false;
-  return false;
-}
-function isShardingEnabled() {
-  return _shardingEnabled;
-}
-function getShardsDir() {
-  return SHARDS_DIR;
-}
-function getShardClient(projectName) {
-  if (!_encryptionKey) {
-    throw new Error("Shard manager not initialized. Call initShardManager() first.");
-  }
-  const safeName = safeShardName(projectName);
-  if (!safeName || safeName === "unknown") {
-    throw new Error(`Invalid project name for shard: "${projectName}" (resolved to "${safeName}")`);
-  }
-  const cached = _shards.get(safeName);
-  if (cached) {
-    _shardLastAccess.set(safeName, Date.now());
-    return cached;
-  }
-  while (_shards.size >= MAX_OPEN_SHARDS) {
-    evictLRU();
-  }
-  const dbPath = path7.join(SHARDS_DIR, `${safeName}.db`);
-  const client = createClient2({
-    url: `file:${dbPath}`,
-    encryptionKey: _encryptionKey
-  });
-  _shards.set(safeName, client);
-  _shardLastAccess.set(safeName, Date.now());
-  return client;
-}
-function shardExists(projectName) {
-  const safeName = safeShardName(projectName);
-  return existsSync8(path7.join(SHARDS_DIR, `${safeName}.db`));
-}
-function safeShardName(projectName) {
-  return projectName.replace(/[^a-zA-Z0-9_-]/g, "_");
-}
-function listShards() {
-  if (!existsSync8(SHARDS_DIR)) return [];
-  return readdirSync(SHARDS_DIR).filter((f) => f.endsWith(".db")).map((f) => f.replace(".db", ""));
-}
-async function auditShardHealth(options = {}) {
-  if (!_encryptionKey) {
-    throw new Error("Shard manager not initialized. Call initShardManager() first.");
-  }
-  const repair = options.repair === true;
-  const dryRun = options.dryRun === true;
-  const names = listShards();
-  const shards = [];
-  for (const name of names) {
-    const dbPath = path7.join(SHARDS_DIR, `${name}.db`);
-    const stat = statSync4(dbPath);
-    const item = {
-      name,
-      path: dbPath,
-      ok: false,
-      unreadable: false,
-      error: null,
-      size: stat.size,
-      mtime: stat.mtime.toISOString(),
-      memoryCount: null
-    };
-    const client = createClient2({
-      url: `file:${dbPath}`,
-      encryptionKey: _encryptionKey
-    });
-    try {
-      await client.execute("SELECT COUNT(*) as cnt FROM sqlite_schema");
-      const hasMemories = await client.execute(
-        "SELECT COUNT(*) as cnt FROM sqlite_schema WHERE type = 'table' AND name = 'memories'"
-      );
-      if (Number(hasMemories.rows[0]?.cnt ?? 0) > 0) {
-        const mem = await client.execute("SELECT COUNT(*) as cnt FROM memories");
-        item.memoryCount = Number(mem.rows[0]?.cnt ?? 0);
-      }
-      item.ok = true;
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      item.error = message;
-      item.unreadable = /SQLITE_NOTADB|file is not a database/i.test(message);
-      if (item.unreadable && repair && !dryRun) {
-        client.close();
-        _shards.delete(name);
-        _shardLastAccess.delete(name);
-        const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-        const archivedPath = path7.join(SHARDS_DIR, `${name}.db.broken-${stamp}`);
-        renameSync3(dbPath, archivedPath);
-        item.archivedPath = archivedPath;
-      }
-    } finally {
-      try {
-        client.close();
-      } catch {
-      }
-    }
-    shards.push(item);
-  }
-  return {
-    total: shards.length,
-    ok: shards.filter((s) => s.ok).length,
-    unreadable: shards.filter((s) => s.unreadable).length,
-    archived: shards.filter((s) => Boolean(s.archivedPath)).length,
-    shards
-  };
-}
-async function ensureShardSchema(client) {
-  await client.execute("PRAGMA journal_mode = WAL");
-  await client.execute("PRAGMA busy_timeout = 30000");
-  try {
-    await client.execute("PRAGMA libsql_vector_search_ef = 128");
-  } catch {
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS memories (
-      id            TEXT PRIMARY KEY,
-      agent_id      TEXT NOT NULL,
-      agent_role    TEXT NOT NULL,
-      session_id    TEXT NOT NULL,
-      timestamp     TEXT NOT NULL,
-      tool_name     TEXT NOT NULL,
-      project_name  TEXT NOT NULL,
-      has_error     INTEGER NOT NULL DEFAULT 0,
-      raw_text      TEXT NOT NULL,
-      vector        F32_BLOB(1024),
-      version       INTEGER NOT NULL DEFAULT 0
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_memories_agent ON memories(agent_id);
-    CREATE INDEX IF NOT EXISTS idx_memories_timestamp ON memories(timestamp);
-    CREATE INDEX IF NOT EXISTS idx_memories_agent_project ON memories(agent_id, project_name);
-  `);
-  await client.executeMultiple(`
-    CREATE VIRTUAL TABLE IF NOT EXISTS memories_fts USING fts5(
-      raw_text,
-      content='memories',
-      content_rowid='rowid'
-    );
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_ai AFTER INSERT ON memories BEGIN
-      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_ad AFTER DELETE ON memories BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-    END;
-
-    CREATE TRIGGER IF NOT EXISTS memories_fts_au AFTER UPDATE ON memories BEGIN
-      INSERT INTO memories_fts(memories_fts, rowid, raw_text) VALUES('delete', old.rowid, old.raw_text);
-      INSERT INTO memories_fts(rowid, raw_text) VALUES (new.rowid, new.raw_text);
-    END;
-  `);
-  for (const col of [
-    "ALTER TABLE memories ADD COLUMN task_id TEXT",
-    "ALTER TABLE memories ADD COLUMN consolidated INTEGER NOT NULL DEFAULT 0",
-    "ALTER TABLE memories ADD COLUMN author_device_id TEXT",
-    "ALTER TABLE memories ADD COLUMN scope TEXT NOT NULL DEFAULT 'business'",
-    "ALTER TABLE memories ADD COLUMN importance INTEGER DEFAULT 5",
-    "ALTER TABLE memories ADD COLUMN status TEXT DEFAULT 'active'",
-    "ALTER TABLE memories ADD COLUMN wiki_synced INTEGER DEFAULT 0",
-    "ALTER TABLE memories ADD COLUMN graph_extracted INTEGER DEFAULT 0",
-    "ALTER TABLE memories ADD COLUMN content_hash TEXT",
-    "ALTER TABLE memories ADD COLUMN graph_extracted_hash TEXT",
-    "ALTER TABLE memories ADD COLUMN confidence REAL DEFAULT 0.7",
-    "ALTER TABLE memories ADD COLUMN last_accessed TEXT",
-    // Wiki linkage columns (must match database.ts)
-    "ALTER TABLE memories ADD COLUMN workspace_id TEXT",
-    "ALTER TABLE memories ADD COLUMN document_id TEXT",
-    "ALTER TABLE memories ADD COLUMN user_id TEXT",
-    "ALTER TABLE memories ADD COLUMN char_offset INTEGER",
-    "ALTER TABLE memories ADD COLUMN page_number INTEGER",
-    // Source provenance columns (must match database.ts)
-    "ALTER TABLE memories ADD COLUMN source_path TEXT",
-    "ALTER TABLE memories ADD COLUMN source_type TEXT DEFAULT 'text'",
-    "ALTER TABLE memories ADD COLUMN tier INTEGER DEFAULT 3",
-    "ALTER TABLE memories ADD COLUMN supersedes_id TEXT",
-    // MS-11: draft staging, MS-6a: memory_type, MS-7: trajectory
-    "ALTER TABLE memories ADD COLUMN draft INTEGER DEFAULT 0",
-    "ALTER TABLE memories ADD COLUMN memory_type TEXT DEFAULT 'raw'",
-    "ALTER TABLE memories ADD COLUMN trajectory TEXT",
-    // Metadata enrichment columns (must match database.ts)
-    "ALTER TABLE memories ADD COLUMN intent TEXT",
-    "ALTER TABLE memories ADD COLUMN outcome TEXT",
-    "ALTER TABLE memories ADD COLUMN domain TEXT",
-    "ALTER TABLE memories ADD COLUMN referenced_entities TEXT",
-    "ALTER TABLE memories ADD COLUMN retrieval_count INTEGER DEFAULT 0",
-    "ALTER TABLE memories ADD COLUMN chain_position TEXT",
-    "ALTER TABLE memories ADD COLUMN review_status TEXT",
-    "ALTER TABLE memories ADD COLUMN context_window_pct INTEGER",
-    "ALTER TABLE memories ADD COLUMN file_paths TEXT",
-    "ALTER TABLE memories ADD COLUMN commit_hash TEXT",
-    "ALTER TABLE memories ADD COLUMN duration_ms INTEGER",
-    "ALTER TABLE memories ADD COLUMN token_cost REAL",
-    "ALTER TABLE memories ADD COLUMN audience TEXT",
-    "ALTER TABLE memories ADD COLUMN language_type TEXT",
-    "ALTER TABLE memories ADD COLUMN parent_memory_id TEXT",
-    "ALTER TABLE memories ADD COLUMN deleted_at TEXT",
-    // Temporal validity (must match database.ts)
-    "ALTER TABLE memories ADD COLUMN valid_from TEXT",
-    "ALTER TABLE memories ADD COLUMN invalid_at TEXT",
-    // Multi-agent visibility (must match database.ts)
-    "ALTER TABLE memories ADD COLUMN visibility TEXT DEFAULT 'private'",
-    // Procedure binding (AFM-3, must match database.ts)
-    "ALTER TABLE memories ADD COLUMN procedure_for TEXT",
-    // Memory strength scoring — Ebbinghaus decay (must match database.ts)
-    "ALTER TABLE memories ADD COLUMN strength REAL DEFAULT 1.0"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch {
-    }
-  }
-  for (const idx of [
-    "CREATE INDEX IF NOT EXISTS idx_memories_tier ON memories(tier)",
-    "CREATE INDEX IF NOT EXISTS idx_memories_supersedes ON memories(supersedes_id) WHERE supersedes_id IS NOT NULL",
-    "CREATE INDEX IF NOT EXISTS idx_memories_scoped_content_hash ON memories(content_hash, agent_id, project_name, memory_type) WHERE content_hash IS NOT NULL"
-  ]) {
-    try {
-      await client.execute(idx);
-    } catch {
-    }
-  }
-  try {
-    await client.execute("CREATE INDEX IF NOT EXISTS idx_memories_status ON memories(status)");
-  } catch {
-  }
-  for (const idx of [
-    "CREATE INDEX IF NOT EXISTS idx_memories_workspace ON memories(workspace_id)",
-    "CREATE INDEX IF NOT EXISTS idx_memories_document ON memories(document_id)",
-    "CREATE INDEX IF NOT EXISTS idx_memories_user ON memories(user_id)"
-  ]) {
-    try {
-      await client.execute(idx);
-    } catch {
-    }
-  }
-  await client.executeMultiple(`
-    CREATE TABLE IF NOT EXISTS entities (
-      id TEXT PRIMARY KEY,
-      name TEXT NOT NULL,
-      type TEXT NOT NULL,
-      first_seen TEXT NOT NULL,
-      last_seen TEXT NOT NULL,
-      properties TEXT DEFAULT '{}',
-      UNIQUE(name, type)
-    );
-
-    CREATE TABLE IF NOT EXISTS relationships (
-      id TEXT PRIMARY KEY,
-      source_entity_id TEXT NOT NULL,
-      target_entity_id TEXT NOT NULL,
-      type TEXT NOT NULL,
-      weight REAL DEFAULT 1.0,
-      timestamp TEXT NOT NULL,
-      properties TEXT DEFAULT '{}',
-      UNIQUE(source_entity_id, target_entity_id, type)
-    );
-
-    CREATE TABLE IF NOT EXISTS entity_memories (
-      entity_id TEXT NOT NULL,
-      memory_id TEXT NOT NULL,
-      PRIMARY KEY (entity_id, memory_id)
-    );
-
-    CREATE TABLE IF NOT EXISTS relationship_memories (
-      relationship_id TEXT NOT NULL,
-      memory_id TEXT NOT NULL,
-      PRIMARY KEY (relationship_id, memory_id)
-    );
-
-    CREATE INDEX IF NOT EXISTS idx_entities_name ON entities(name);
-    CREATE INDEX IF NOT EXISTS idx_entities_type ON entities(type);
-    CREATE INDEX IF NOT EXISTS idx_relationships_source ON relationships(source_entity_id);
-    CREATE INDEX IF NOT EXISTS idx_relationships_target ON relationships(target_entity_id);
-    CREATE INDEX IF NOT EXISTS idx_relationships_type ON relationships(type);
-
-    CREATE TABLE IF NOT EXISTS hyperedges (
-      id TEXT PRIMARY KEY,
-      label TEXT NOT NULL,
-      relation TEXT NOT NULL,
-      confidence REAL DEFAULT 1.0,
-      timestamp TEXT NOT NULL
-    );
-
-    CREATE TABLE IF NOT EXISTS hyperedge_nodes (
-      hyperedge_id TEXT NOT NULL,
-      entity_id TEXT NOT NULL,
-      PRIMARY KEY (hyperedge_id, entity_id)
-    );
-  `);
-  for (const col of [
-    "ALTER TABLE relationships ADD COLUMN confidence REAL DEFAULT 1.0",
-    "ALTER TABLE relationships ADD COLUMN confidence_label TEXT DEFAULT 'extracted'"
-  ]) {
-    try {
-      await client.execute(col);
-    } catch {
-    }
-  }
-}
-async function getReadyShardClient(projectName) {
-  if (!_keyValidated) {
-    if (!_keyValidationPromise) {
-      _keyValidationPromise = validateEncryptionKey();
-    }
-    const valid = await _keyValidationPromise;
-    if (!valid) {
-      throw new Error(
-        `Shard creation blocked: encryption key mismatch with existing shards. Run /exe-doctor to audit.`
-      );
-    }
-  }
-  const safeName = safeShardName(projectName);
-  let client = getShardClient(projectName);
-  try {
-    await ensureShardSchema(client);
-    return client;
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    if (!/SQLITE_NOTADB|file is not a database/i.test(message)) throw err;
-    client.close();
-    _shards.delete(safeName);
-    _shardLastAccess.delete(safeName);
-    const dbPath = path7.join(SHARDS_DIR, `${safeName}.db`);
-    if (existsSync8(dbPath)) {
-      const stat = statSync4(dbPath);
-      const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-      const archivedPath = path7.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
-      renameSync3(dbPath, archivedPath);
-      process.stderr.write(
-        `[shard-manager] Archived unreadable shard ${safeName}: ${archivedPath} (${stat.size} bytes, mtime ${stat.mtime.toISOString()})
-`
-      );
-    }
-    client = getShardClient(projectName);
-    await ensureShardSchema(client);
-    return client;
-  }
-}
-function evictLRU() {
-  let oldest = null;
-  let oldestTime = Infinity;
-  for (const [name, time] of _shardLastAccess) {
-    if (time < oldestTime) {
-      oldestTime = time;
-      oldest = name;
-    }
-  }
-  if (oldest) {
-    const client = _shards.get(oldest);
-    if (client) {
-      client.close();
-    }
-    _shards.delete(oldest);
-    _shardLastAccess.delete(oldest);
-  }
-}
-function evictIdleShards() {
-  const now = Date.now();
-  const toEvict = [];
-  for (const [name, lastAccess] of _shardLastAccess) {
-    if (now - lastAccess > SHARD_IDLE_MS) {
-      toEvict.push(name);
-    }
-  }
-  for (const name of toEvict) {
-    const client = _shards.get(name);
-    if (client) {
-      client.close();
-    }
-    _shards.delete(name);
-    _shardLastAccess.delete(name);
-  }
-}
-function getOpenShardCount() {
-  return _shards.size;
-}
-function disposeShards() {
-  if (_evictionTimer) {
-    clearInterval(_evictionTimer);
-    _evictionTimer = null;
-  }
-  for (const [, client] of _shards) {
-    client.close();
-  }
-  _shards.clear();
-  _shardLastAccess.clear();
-  _shardingEnabled = false;
-  _encryptionKey = null;
-}
-var SHARDS_DIR, SHARD_IDLE_MS, MAX_OPEN_SHARDS, EVICTION_INTERVAL_MS, _shards, _shardLastAccess, _evictionTimer, _encryptionKey, _shardingEnabled, _keyValidated, _keyValidationPromise;
-var init_shard_manager = __esm({
-  "src/lib/shard-manager.ts"() {
-    "use strict";
-    init_config();
-    SHARDS_DIR = path7.join(EXE_AI_DIR, "shards");
-    SHARD_IDLE_MS = 5 * 60 * 1e3;
-    MAX_OPEN_SHARDS = 10;
-    EVICTION_INTERVAL_MS = 60 * 1e3;
-    _shards = /* @__PURE__ */ new Map();
-    _shardLastAccess = /* @__PURE__ */ new Map();
-    _evictionTimer = null;
-    _encryptionKey = null;
-    _shardingEnabled = false;
-    _keyValidated = false;
-    _keyValidationPromise = null;
-  }
-});
-
-// src/lib/platform-procedures.ts
-var PLATFORM_PROCEDURES, PLATFORM_PROCEDURE_TITLES;
-var init_platform_procedures = __esm({
-  "src/lib/platform-procedures.ts"() {
-    "use strict";
-    PLATFORM_PROCEDURES = [
-      // --- Foundation: what is exe-os ---
-      {
-        title: "What is exe-os \u2014 the operating model every agent must understand",
-        domain: "architecture",
-        priority: "p0",
-        content: "Exe OS is an AI employee operating system. A founder runs 5-10 AI agents as a real org: COO, CTO, CMO, engineers, and content production specialists. Each agent has identity, expertise, and experience layers \u2014 persistent memory that makes them better over time. All data is local-first, E2EE, owned by the user. The MCP server is the ONLY data interface \u2014 never access the DB directly."
-      },
-      {
-        title: "Mode 1 \u2014 how exe-os runs inside Claude Code",
-        domain: "architecture",
-        priority: "p0",
-        content: "Mode 1: exe-os runs AS hooks + MCP + skills inside Claude Code, Codex, or OpenCode. The founder picks their default tool at setup. The COO manages employees in tmux sessions. Each coordinator session is a separate window/project. Employees run in their own tmux panes via create_task auto-spawn. The founder talks to the COO; the COO orchestrates the team. The tool is the shell, exe-os is the brain."
-      },
-      {
-        title: "Sessions explained \u2014 coordinator session names and projects",
-        domain: "architecture",
-        priority: "p0",
-        content: "Each coordinator session is an isolated project session. One might be exe-os development, another might be exe-wiki. Each session spawns its own employees using {employee}-{coordinatorSession}. Sessions share the same memory DB but tasks are scoped to the session that created them. A founder can run multiple projects simultaneously. Sessions never interfere with each other."
-      },
-      {
-        title: "Runtime settings \u2014 COO can view and change tools per agent",
-        domain: "workflow",
-        priority: "p1",
-        content: "exe-os supports three tools: Claude Code (Anthropic), Codex (OpenAI), and OpenCode (open source, 75+ providers). Each agent can use a different tool and model. COO uses set_agent_config MCP tool to view or change settings. Call with no args to show all agents. Call with agent_id + runtime + model to change. Users can also run `exe-os settings` from terminal for interactive arrow-key selection."
-      },
-      // --- Updates and deployment ---
-      {
-        title: "How to update exe-os \u2014 CLI update + stack update (two steps)",
-        domain: "operations",
-        priority: "p0",
-        content: 'Updating exe-os is a two-step process. Step 1 \u2014 update the CLI: `npm install -g @askexenow/exe-os@latest` (gets bug fixes, new platform procedures, new tools). Step 2 \u2014 update the VPS stack (if applicable): `exe-os stack-update --target <version> --yes` (pulls new Docker images for exed, wiki, CRM, gateway). Step 1 MUST happen before Step 2 \u2014 the stack-update command itself may have bug fixes. After updating, restart the daemon: the deploy script handles this automatically. Check update availability: `exe-os update --check` or config(action="check_update"). Agents should NEVER run npm install or stack-update autonomously \u2014 always confirm with the user first.'
-      },
-      {
-        title: "First install \u2014 setup wizard and license activation",
-        domain: "operations",
-        priority: "p1",
-        content: "Fresh install: `npm install -g @askexenow/exe-os` then run `exe` to start the setup wizard. The wizard prompts for: encryption passphrase (creates master key), license key (exe_sk_* from AskExe team), COO name, and optional team members. No license key = free tier (1 employee, 5K memories). After setup: hooks install automatically, MCP server registers in ~/.claude.json, daemon starts. Verify health: run `exe-os healthcheck` or use mcp_ping() tool."
-      },
-      // --- Hierarchy and dispatch ---
-      {
-        title: "Chain of command \u2014 who talks to whom",
-        domain: "workflow",
-        priority: "p0",
-        content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
-      },
-      {
-        title: "Orchestration phase guidance \u2014 recommend, never trap",
-        domain: "workflow",
-        priority: "p1",
-        content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
-      },
-      {
-        title: "Routing slot vs display title \u2014 internal 'coo' is plumbing, not your name",
-        domain: "identity",
-        priority: "p0",
-        content: "These procedures reference 'COO' as a shorthand for the coordinator role. This is an INTERNAL routing slot used by exe-os code (chain-of-command checks, dispatch logic, session detection). It is NOT your display title. Your actual title comes from your identity file's `title:` field \u2014 that is what you use externally: introductions, sign-offs, team comms, and any user-facing text. If your identity says `title: AI Chief of Staff`, you are the AI Chief of Staff. The internal routing slot stays unchanged for code compatibility \u2014 never rename it, but also never introduce yourself as 'COO' unless your identity file explicitly says so. The founder chose your title; respect it."
-      },
-      {
-        title: "Single dispatch path \u2014 create_task only",
-        domain: "workflow",
-        priority: "p0",
-        content: "create_task is the ONLY way to dispatch work to another agent. No direct ensureEmployee calls, no manual tmux spawns, no send_message for actionable work. create_task \u2192 system auto-spawns \u2192 session correctly named. ONE PATH. No backdoors. No exceptions."
-      },
-      // --- Session isolation ---
-      {
-        title: "Session scoping \u2014 stay in your coordinator boundary",
-        domain: "security",
-        priority: "p0",
-        content: "Session scoping is mandatory. Managers dispatch to workers within their own coordinator session ONLY. Employee sessions use {employee}-{coordinatorSession}. Cross-session dispatch is blocked by the system. Verify session names before dispatch. Tasks are scoped to the creating coordinator session."
-      },
-      {
-        title: "Session isolation \u2014 never touch another session's work",
-        domain: "workflow",
-        priority: "p0",
-        content: "Sessions are isolated. A coordinator session owns ONLY tasks it dispatched. (1) Never close/update/cancel tasks from another coordinator session. (2) Never review work from a different session \u2014 report that it belongs to another session and skip. (3) Ignore other sessions' items in list_tasks results. (4) Employees inherit session: employee sessions work ONLY on their parent coordinator session's tasks. Cross-session work is a system violation."
-      },
-      // --- Engineering: session scoping in code ---
-      {
-        title: "Three-dimensional scoping \u2014 session, project, role \u2014 enforced in every query",
-        domain: "architecture",
-        priority: "p0",
-        content: "Every DB query, notification, review count, and task operation MUST be scoped on 3 dimensions: (1) Session \u2014 filter by session_scope matching the current coordinator session. (2) Project \u2014 filter by project_name. (3) Role \u2014 agents only see data at their hierarchy level. When writing ANY function that touches tasks, reviews, messages, or notifications: always accept a sessionScope parameter and pass it to the SQL WHERE clause. Unscoped queries are bugs. Test by running 2+ coordinator sessions simultaneously."
-      },
-      // --- Hard constraints ---
-      {
-        title: "What you CANNOT do in exe-os \u2014 hard constraints",
-        domain: "security",
-        priority: "p0",
-        content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
-      },
-      {
-        title: "Destructive operations \u2014 mandatory reviewer gate",
-        domain: "security",
-        priority: "p0",
-        content: "Before ANY destructive operation (delete, remove, overwrite, drop, reset, force-push, truncate), you MUST: (1) Have your full task spec accessible \u2014 if you cannot read it, STOP and report to your reviewer. Never improvise destructive actions. (2) Confirm with your reviewer (assigned_by or COO) before executing. (3) If the task spec explicitly authorizes the operation, proceed \u2014 but log it. Violation = immediate task failure. This applies to ALL agents regardless of role."
-      },
-      {
-        title: "Customer patch triage \u2014 upstream bug vs customization",
-        domain: "support",
-        priority: "p0",
-        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, call support_test (MCP) and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues; only ask the founder to run `exe-os support test` if MCP is disconnected/unavailable. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
-      },
-      {
-        title: "Bug report status check \u2014 surface available fixes on boot",
-        domain: "support",
-        priority: "p1",
-        content: "Once per session (COO boot only, never repeat), call support(action='list_my_bugs') to check if any previously filed bug reports have been fixed by AskExe. If any report has status 'closed' with a fixed_version, surface it to the founder immediately: '\u{1F527} N bug fix(es) available \u2014 run exe-os update to get version X.Y.Z'. You can also file new bugs with support(action='create_bug') and check status anytime with support(action='list_my_bugs'). This boot check is one-time, not a recurring poll. If the tool is unavailable, skip silently."
-      },
-      {
-        title: "Feature request triage \u2014 upstream feature vs local customization",
-        domain: "support",
-        priority: "p0",
-        content: "When an agent or founder identifies a desired capability that exe-os does not yet provide, the COO (or equivalent coordinator) must decide: is this a local customization (identity, behavior, procedure, config, branding, workflow preference that can be configured in customer-owned layers) or an upstream feature request (a platform capability that requires changes to exe-os code, shipped via npm update)? Local customizations: implement immediately using store_behavior, update_identity, company_procedure, or config changes. Upstream features: use create_feature_request to submit to AskExe. Include use case, business impact, and current workaround. Do NOT ask the founder for permission to file a feature request \u2014 file it proactively when the need is clear."
-      },
-      {
-        title: "Feature request status check \u2014 surface shipped features on boot",
-        domain: "support",
-        priority: "p1",
-        content: "Once per session (COO boot only, never repeat), call support(action='list_my_features') to check if any previously filed feature requests have been shipped by AskExe. If any request has status 'shipped' with a shipped_version, surface it to the founder immediately: '\u{1F680} N feature(s) shipped \u2014 run exe-os update to get version X.Y.Z'. You can also file new requests with support(action='create_feature') and check status anytime with support(action='list_my_features'). This boot check is one-time, not a recurring poll. If the tool is unavailable, skip silently."
-      },
-      // --- Tool guidance ---
-      {
-        title: "How to use company_actions \u2014 execute business actions through gateway connectors",
-        domain: "tools",
-        priority: "p2",
-        content: "The company_actions tool executes business actions through gateway connectors (e.g. send WhatsApp, trigger workflows, update CRM). It routes through the exe-gateway on the VPS. Actions are defined by the customer's gateway configuration \u2014 each connector (WhatsApp, Shopify, email, etc.) exposes specific actions. Use query_company_brain to find available data first, then company_actions to act on it. Requires gateway auth token. Read-only founders should NOT use this \u2014 it mutates external state."
-      },
-      // --- Release awareness ---
-      {
-        title: "What's New check \u2014 surface new features after update",
-        domain: "support",
-        priority: "p1",
-        content: "Once per session (COO boot only, never repeat), check if the installed exe-os version is newer than the last session. If it is, read the bundled release-notes.json (at the package root) and surface a brief summary to the founder: 'Updated to exe-os vX.Y.Z \u2014 N new features, M fixes.' List the top 3 features by name. This helps the founder know what they got from the update. If release-notes.json doesn't exist or the version hasn't changed, skip silently. Never repeat this check in the same session."
-      },
-      // --- Platform vs Customer ownership ---
-      {
-        title: "What the platform provides vs what you customize",
-        domain: "architecture",
-        priority: "p0",
-        content: "Exe OS has two layers. PLATFORM layer (shipped in code, updated via npm): platform procedures, default identity templates, MCP tools, tool gating, schema migrations, daemon behavior. You get improvements automatically on update. CUSTOMER layer (yours, stored locally): agent identities (exe.md files), behaviors, company procedures, config.json, wiki content, CRM data, memory. These are NEVER overwritten by updates. Identity templates are stamped once at /exe-new-employee \u2014 after that the file is yours. If the platform ships a better template, you can compare yours against the default with getTemplate() and merge what you want. Company procedures (company_procedure tool) layer ON TOP of platform procedures \u2014 both are injected, platform first. FIVE LAYERS \u2014 know when to use each: (1) Platform procedures: how exe-os works, shipped to ALL customers, updated via npm. Never put org-specific rules here. (2) Company procedures: your org's workflow rules, stored in DB, injected after platform. Use for internal gates, review checklists, org-specific policies. (3) Identity (exe.md): an agent's permanent role definition \u2014 who they are, what they own, non-negotiable rules. Use for rules that must NEVER be forgotten across sessions. (4) Behaviors: corrections and learned patterns (Layer 2 expertise). Use for 'from now on do X' or 'never do Y again' \u2014 scoped per agent per project, deactivatable. (5) Memory: facts, decisions, context (Layer 3 experience). Use for what happened, what was decided, project state. Searchable, consolidatable. Rule of thumb: platform procedures for product behavior, company procedures for org workflow, identity for permanent role rules, behaviors for per-agent per-project corrections, memory for facts. Behaviors are always yours. Config is always yours. The platform will never modify your local data."
-      },
-      // --- Updates ---
-      {
-        title: "How to update exe-os \u2014 CLI first, then stack",
-        domain: "operations",
-        priority: "p0",
-        content: "When bug fixes or features are available (surfaced at boot via list_my_bug_reports/list_my_feature_requests), update in two steps: (1) CLI: `npm install -g @askexenow/exe-os@latest` \u2014 this updates the local tools, MCP server, and bundled stack manifest. Must happen first so the stack-update tool itself has the latest fixes. (2) Stack (VPS only): `exe-os stack-update --target <version> --yes` \u2014 pulls new Docker images and restarts services. The target version comes from the stack manifest bundled with the CLI. Always update CLI before stack. Use `exe-os update --check` to see if a CLI update is available. Use `exe-os stack-update --check` to see stack status. For non-interactive/SSH: use `--yes` or `-y` flag. Never run `npm install -g` inside a tmux agent session \u2014 have the founder or COO do it from the host shell. If stack-update fails with EACCES on /opt/exe-stack, run: `sudo mkdir -p /opt/exe-stack && sudo chown $(whoami) /opt/exe-stack` then retry."
-      },
-      {
-        title: "CLI version vs stack version \u2014 two tracks, both normal",
-        domain: "operations",
-        priority: "p0",
-        content: "exe-os has TWO version numbers that move independently. This is normal \u2014 do not treat a mismatch as an error. (1) CLI version (e.g. 0.9.89, 0.9.90) \u2014 the npm package installed locally. Updates frequently: bug fixes, new MCP tools, platform procedures, search improvements, client-side changes. Update with `npm install -g @askexenow/exe-os@latest`. (2) Stack version (e.g. 0.9.7, 0.9.8) \u2014 the Docker images on the VPS. Updates less frequently: only when server-side daemon, gateway, wiki, or CRM images need rebuilding. Update with `exe-os stack-update --target <version> --yes`. The CLI version will almost always be higher than the stack version. A CLI at 0.9.90 with a stack at 0.9.8 is perfectly normal \u2014 it means the CLI got 12 patches since the last Docker image rebuild. Only update the stack when: (a) the boot brief surfaces a fix that mentions 'stack update required', (b) a new stack manifest version is bundled in the CLI (`exe-os stack-update --check` shows pending changes), or (c) AskExe support explicitly tells you to. Do NOT attempt to make the numbers match \u2014 they are separate tracks."
-      },
-      {
-        title: "Update lifecycle \u2014 what each command does and what picks up new code",
-        domain: "operations",
-        priority: "p0",
-        content: "Three update paths exist \u2014 know which does what. (1) `npm install -g @askexenow/exe-os@latest` \u2014 customer update. Replaces all dist/ files. postinstall copies slash commands AND restarts the daemon automatically. MCP server picks up new code on next `/mcp` reconnect or new Claude Code session. Hooks pick up new code on next session (they spawn fresh processes). (2) `exe-os update` \u2014 interactive update command. Runs `npm install -g` then `install --global` which restarts daemon, regenerates session wrappers, normalizes roster, registers Codex hooks. This is the recommended customer path. (3) `npm run deploy` \u2014 dev-only (COO/CTO on main branch). Builds, installs globally, runs `install --global`, restarts daemon. Never run from a worktree. NEVER confuse `exe-os setup` (first-time setup wizard for new installs) with `exe-os update` (update existing install). Setup creates encryption keys, configures cloud, runs first sync. Update just replaces code and restarts services. They are completely different commands."
-      },
-      {
-        title: "First install \u2014 setup wizard and license activation",
-        domain: "operations",
-        priority: "p1",
-        content: "Fresh install: `npm install -g @askexenow/exe-os` then run `exe` to start the setup wizard. The wizard prompts for: encryption passphrase (creates master key), license key (exe_sk_* from AskExe team), COO name, and optional team members. No license key = free tier (1 employee, 5K memories). After setup: hooks install automatically, MCP server registers in ~/.claude.json, daemon starts. Verify health: run `exe-os healthcheck` or use mcp_ping() tool."
-      },
-      // --- Operations ---
-      {
-        title: "Managers must supervise deployed workers",
-        domain: "workflow",
-        priority: "p0",
-        content: `Every manager (COO/CTO/CMO) who dispatches work to a worker MUST actively monitor them. Check tmux capture-pane every 10 minutes. Verify they're working, not stuck. If idle at prompt with in_progress task \u2192 send intercom. If stuck \u2192 unblock or escalate. "Standing by" without checking is negligence.`
-      },
-      {
-        title: "COO boot health check \u2014 memory, cloud sync, daemon on every launch",
-        domain: "workflow",
-        priority: "p0",
-        content: "On every /exe boot, COO MUST check system health BEFORE other work: (1) daemon \u2014 is exed PID alive, (2) cloud sync \u2014 grep workers.log for recent cloud-sync errors, (3) memory count \u2014 total in DB, (4) sync delta \u2014 local vs cloud storage_bytes. Report as 4-line status table. If ANY check fails, surface to founder immediately. Do not proceed to tasks until health confirmed."
-      },
-      {
-        title: "exe-build-adv mandatory for 3+ files",
-        domain: "workflow",
-        priority: "p0",
-        content: "exe-build-adv is MANDATORY for ALL work touching 3+ files. Run /exe-build-adv --auto BEFORE implementation. Pipeline: Spec \u2192 AC \u2192 Tests \u2192 Evaluate \u2192 Fix. No multi-file feature ships without pipeline artifacts. No exceptions \u2014 managers reject work without them."
-      },
-      {
-        title: "Code context first for repository orientation",
-        domain: "workflow",
-        priority: "p1",
-        content: "Before broad repo exploration, symbol tracing, blast-radius review, or codebase Q&A, agents should use the consolidated code_context MCP tool instead of manual grep/read loops. Use action=index or stats to refresh/check the index; action=search with query, limit, offset, languages, paths, refresh_index for fresh multi-language code/doc search; action=trace for symbol imports/dependents; action=blast_radius for impact analysis before edits. CLI parity exists via exe-os code-context init|index|status|stats|search|doctor. Keep code_context separate from durable employee memory: promote only validated decisions, procedures, or lessons into store_memory/commit_memory."
-      },
-      {
-        title: "Commit discipline \u2014 never leave verified work floating",
-        domain: "workflow",
-        priority: "p1",
-        content: "After any code-change batch passes typecheck/tests/build, run git status, summarize changed files, and commit with a clear message before ending the session. If work must remain uncommitted for review/dogfood, explicitly say so, list the files, and state the blocker. Never imply work is complete while verified changes are still floating locally."
-      },
-      {
-        title: "Desktop and TUI are the same product",
-        domain: "architecture",
-        priority: "p0",
-        content: "Desktop and TUI are the SAME product in different renderers. Same data contracts, same interactions, same acceptance criteria. Desktop tab specs in ARCHITECTURE.md ARE the TUI specs. When building TUI, cross-reference Desktop spec. Different tab names, identical behavior. Never treat them as separate products."
-      },
-      // --- Orchestration golden path ---
-      {
-        title: "Task lifecycle \u2014 the golden path every agent follows",
-        domain: "workflow",
-        priority: "p0",
-        content: "create_task is dispatch + delivery. Task lifecycle: open \u2192 in_progress (you start) \u2192 done (update_task when finished) \u2192 needs_review (reviewer nudged) \u2192 closed (COO only via close_task). DB is the reliable delivery \u2014 intercom is just a speedup nudge. If you finish a task, self-chain: check for next task immediately (step 7). Never wait for a nudge. Never say 'standing by.'"
-      },
-      {
-        title: "Review chain \u2014 managers must actively pull completed work, never wait for nudges",
-        domain: "workflow",
-        priority: "p0",
-        content: "When you dispatch work, you OWN the review. Check list_tasks(status='needs_review') on EVERY prompt \u2014 don't wait for intercom nudges (they're unreliable). When a task shows needs_review: (1) read the deliverable (git diff in worktree, exe/output/ files, or task result summary), (2) verify it works (tsc, build, run), (3) close_task if good or create a fix task if not. Reviews sitting >30 minutes is a pipeline stall. The whole chain: worker calls update_task(done) \u2192 system flags needs_review \u2192 manager pulls and verifies \u2192 close_task \u2192 COO reviews manager's work \u2192 merge to main. Every level actively pulls \u2014 nobody waits."
-      },
-      {
-        title: "Intercom is a speedup, not delivery \u2014 DB is the source of truth",
-        domain: "architecture",
-        priority: "p0",
-        content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
-      },
-      // --- Encryption key + cloud sync ---
-      {
-        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
-        domain: "security",
-        priority: "p0",
-        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
-      },
-      {
-        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
-        domain: "architecture",
-        priority: "p1",
-        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
-      },
-      // --- MCP is the ONLY data interface ---
-      {
-        title: "MCP disconnect \u2014 ask the user, never work around it",
-        domain: "workflow",
-        priority: "p0",
-        content: "If MCP tools are unavailable, disconnected, or returning connection errors: STOP. Tell the user clearly: 'MCP server is disconnected. Please run /mcp to reconnect.' Do NOT attempt workarounds \u2014 no raw Node imports, no direct DB access, no CLI hacks, no daemon socket calls. MCP is the ONLY data interface. Working around it wastes time, hits bundling issues, and bypasses the contract boundary. Ask once, wait, proceed when reconnected."
-      },
-      // --- MCP Tool Catalog (Layer 0 — every agent knows what tools exist) ---
-      {
-        title: "MCP tool dispatch \u2014 all tools use action parameter",
-        domain: "tool-use",
-        priority: "p0",
-        content: 'exe-os MCP tools use consolidated action-based dispatch by default (19 tools). Call domain tools with an action parameter: memory(action="recall"), task(action="create"), config(action="list_employees"), etc. Legacy mode (108 separate tools like recall_my_memory, create_task) is still available via EXE_MCP_TOOL_SURFACE=legacy but will be removed in a future version. If you see specific tool names, call them directly \u2014 both surfaces are identical. Consolidated is the default and recommended surface.'
-      },
-      {
-        title: "MCP tools \u2014 memory, decision, and search",
-        domain: "tool-use",
-        priority: "p1",
-        content: `memory(action="recall") / recall_my_memory: search memories (semantic + FTS). Params: as_of (bi-temporal \u2014 what did I know at time X?), kind (decision|procedure|observation|raw|conversation|behavior), retrieval_mode (all|decisions_only|procedures_only|operational|recent_high_value). memory(action="ask_team") / ask_team_memory: search a colleague's memories. memory(action="store") / store_memory: persist a memory. Params: kind, procedure_for (domain tag for procedures). memory(action="commit") / commit_memory: high-importance, survives consolidation. Requires summary. memory(action="search") / search_everything: unified search across memories, tasks, entities, conversations. memory(action="session_context") / get_session_context: temporal window. Requires session_id + target_timestamp. memory(action="get_by_id"): fetch one memory by UUID with full untruncated text. memory(action="consolidate") / consolidate_memories: merge duplicate/related memories. memory(action="cardinality") / get_memory_cardinality: count memories per agent. memory(action="supersede"): replace an old memory with a new version (old_id + new text). decision(action="store") / store_decision: record an architectural decision (domain, decision, rationale). decision(action="get") / get_decision: retrieve a past decision by domain or query.`
-      },
-      {
-        title: "MCP tools \u2014 task orchestration",
-        domain: "tool-use",
-        priority: "p1",
-        content: 'task(action="create") / create_task: dispatch work (title, assigned_to, context). The ONLY dispatch path. Auto-spawns session. Params: blocked_by (task ID for dependency), parent_task_id (subtask hierarchy), reviewer, complexity (routine|standard|complex|critical), budget_tokens (max token cap), budget_fallback_model, spawn_runtime (override runtime: claude|codex|opencode), spawn_model (override model). task(action="list") / list_tasks: query tasks by status, assignee, project. task(action="get") / get_task: fetch full task details by task_id. task(action="update") / update_task: change status (in_progress, done, blocked, cancelled) + result summary. task(action="close") / close_task: finalize a reviewed task (COO only). task(action="checkpoint") / checkpoint_task: save progress state for crash recovery. task(action="resume") / resume_employee: re-spawn an employee session for an existing task.'
-      },
-      {
-        title: "MCP tools \u2014 knowledge graph (GraphRAG)",
-        domain: "tool-use",
-        priority: "p1",
-        content: 'graph(action="query_relationships") / query_relationships: find connections between entities. graph(action="entity_neighbors") / get_entity_neighbors: explore direct connections. graph(action="hot_entities") / get_hot_entities: most-referenced entities. graph(action="stats") / get_graph_stats: entity/relationship counts. graph(action="export") / export_graph: export for visualization (output_path, format). graph(action="merge_entities") / merge_entities: deduplicate entities (source_id, target_id). graph(action="similar_trajectories") / find_similar_trajectories: match patterns to past solutions.'
-      },
-      {
-        title: "MCP tools \u2014 identity, behavior, and support",
-        domain: "tool-use",
-        priority: "p1",
-        content: `identity(action="get") / get_identity: read an agent's exe.md (Layer 1 identity). identity(action="update") / update_identity: write an agent's exe.md. Identity > behavior. behavior(action="store") / store_behavior: record a correction or pattern (Layer 2 expertise). behavior(action="list") / list_behaviors: view active behaviors. behavior(action="deactivate") / deactivate_behavior: soft-delete a stale behavior. support(action="create_bug"): file a bug report. Required: title, description, severity (p0-p3). Optional: steps_to_reproduce, expected_behavior, actual_behavior. Auto-delivers to AskExe support. support(action="create_feature"): file a feature request. Required: title, description. Optional: use_case (why you need it), proposed_solution (how it could work). Include business impact if possible \u2014 it helps prioritization. Both create_bug and create_feature accept a 'product' param to file for any AskExe product: exe-os (default), exe-create, exe-wiki, exe-gateway, exe-crm, exe-build. support(action="list_my_bugs"): check status of YOUR filed bug reports \u2014 see which are open, triaged, or fixed with version number. support(action="list_my_features"): check status of YOUR filed feature requests \u2014 see which are open, planned, shipped, or closed with response notes from AskExe. support(action="health"): verify support server is reachable. When a bug shows status='closed' with a fixed_version, tell the founder: 'Bug X fixed in vY \u2014 run exe-os update to get it.' When a feature shows status='shipped' with a shipped_version, tell the founder: 'Feature X shipped in vY \u2014 run exe-os update.' support(action="triage_bug"): AskExe-internal only. CRITICAL: triage uses triage_notes NOT notes.`
-      },
-      {
-        title: "MCP tools \u2014 communication and messaging",
-        domain: "tool-use",
-        priority: "p1",
-        content: 'message(action="send") / send_message: send context to another agent (NOT for actionable work \u2014 use task). message(action="acknowledge") / acknowledge_messages: mark messages as read. reminder(action="create") / create_reminder: set a reminder (text, due_date). Shown in boot brief. reminder(action="list") / list_reminders: view pending reminders. reminder(action="complete") / complete_reminder: mark done (reminder_id). session(action="events") / get_session_events: view session event log (session_id). session(action="last_response") / get_last_assistant_response: get most recent response.'
-      },
-      {
-        title: "MCP tools \u2014 wiki, documents, CRM, and data",
-        domain: "tool-use",
-        priority: "p1",
-        content: 'wiki(action="list") / list_wiki_pages: list wiki pages (workspace). wiki(action="get") / get_wiki_page: read a wiki page (workspace, title or document_id). document(action="ingest") / ingest_document: import a file as memory chunks (workspace_id, filename, chunks). document(action="list") / list_documents: browse documents (workspace_id). document(action="purge") / purge_document: remove a document (document_id). document(action="set_importance") / set_document_importance: adjust chunk scores. document(action="rerank") / rerank_documents: re-score relevance (query, candidates). crm(action="list_people|get_person|list_tables|describe_table"): CRM records from exe-db. raw_data(action="list_sources|query|get"): read raw landing-pad events. gateway(action="send_whatsapp") / send_whatsapp: send WhatsApp message (recipients, message). gateway(action="query_conversations") / query_conversations: search conversations across channels. gateway(action="query_company_brain") / query_company_brain: unified RAG across company knowledge.'
-      },
-      {
-        title: "MCP tools \u2014 admin, config, and operations",
-        domain: "tool-use",
-        priority: "p1",
-        content: 'config(action="list_employees"): view roster. config(action="set_agent_config"): view or change per-agent runtime + model. Call with no args to show all agents. config(action="agent_spend"): token usage per agent. config(action="daemon_health"): check exed status. config(action="license_status"): check license. config(action="cloud_sync"): force sync. Supports cloud_action param: status|sync|reupload. config(action="memory_audit"): health check (dupes, null vectors). config(action="run_consolidation"): trigger memory consolidation. config(action="worker_gate"): check spawn slot availability \u2014 alive/stale/reserved counts vs max. Use before dispatching. config(action="auto_wake_status"): orphaned tasks, blocked tasks, auto-wake retry status. config(action="orchestration_phase"): view/change org phase (phase_1_coo|phase_2_executives|phase_3_parallel_org). config(action="company_procedure", subaction="store|list|deactivate"): manage company procedures. config(action="global_procedure"): list all procedures (platform + company). config(action="create_trigger|list_triggers"): scheduled agent jobs. config(action="export_orchestration|import_orchestration"): portable org state. diagnostics(action="healthcheck|doctor|status_brief|check_update|cloud_status"): system diagnostics. diagnostics(action="pending_work_summary"): pending reviews + messages + notifications in one call. diagnostics(action="rename_employee"): rename an agent across all systems (roster, identity, DB, symlinks). diagnostics(action="tool_search"): semantic tool discovery \u2014 find relevant MCP tools by natural language query. diagnostics(action="drift"): identity drift detection \u2014 score how far an agent has drifted from its role. mcp_ping(): daemon health + license status + tool usage stats.'
-      }
-    ];
-    PLATFORM_PROCEDURE_TITLES = new Set(
-      PLATFORM_PROCEDURES.map((p) => p.title)
-    );
-  }
-});
-
-// src/lib/global-procedures.ts
-var global_procedures_exports = {};
-__export(global_procedures_exports, {
-  deactivateGlobalProcedure: () => deactivateGlobalProcedure,
-  getGlobalProceduresBlock: () => getGlobalProceduresBlock,
-  loadGlobalProcedures: () => loadGlobalProcedures,
-  storeGlobalProcedure: () => storeGlobalProcedure
-});
-import { randomUUID as randomUUID2 } from "crypto";
-async function loadGlobalProcedures() {
-  const client = getClient();
-  const result = await client.execute({
-    sql: "SELECT * FROM company_procedures WHERE active = 1 ORDER BY priority ASC, created_at ASC",
-    args: []
-  });
-  const allRows = result.rows;
-  const customerOnly = allRows.filter((p) => !PLATFORM_PROCEDURE_TITLES.has(p.title));
-  if (customerOnly.length > 0) {
-    _customerCache = customerOnly.map((p) => `### ${p.title}
-${p.content}`).join("\n\n");
-  } else {
-    _customerCache = "";
-  }
-  _cacheLoaded = true;
-  return customerOnly;
-}
-function getGlobalProceduresBlock() {
-  const sections = [];
-  if (_platformCache) sections.push(_platformCache);
-  if (_cacheLoaded && _customerCache) sections.push(_customerCache);
-  if (sections.length === 0) return "";
-  return `## Organization-Wide Procedures (MANDATORY \u2014 supersedes all other rules)
-
-${sections.join("\n\n")}
-`;
-}
-async function storeGlobalProcedure(input) {
-  const id = randomUUID2();
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const client = getClient();
-  await client.execute({
-    sql: `INSERT INTO company_procedures (id, title, content, priority, domain, active, created_at, updated_at)
-          VALUES (?, ?, ?, ?, ?, 1, ?, ?)`,
-    args: [id, input.title, input.content, input.priority ?? "p0", input.domain ?? null, now, now]
-  });
-  await loadGlobalProcedures();
-  return id;
-}
-async function deactivateGlobalProcedure(id) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const client = getClient();
-  const result = await client.execute({
-    sql: "UPDATE company_procedures SET active = 0, updated_at = ? WHERE id = ?",
-    args: [now, id]
-  });
-  await loadGlobalProcedures();
-  return result.rowsAffected > 0;
-}
-var _customerCache, _cacheLoaded, _platformCache;
-var init_global_procedures = __esm({
-  "src/lib/global-procedures.ts"() {
-    "use strict";
-    init_database();
-    init_platform_procedures();
-    _customerCache = "";
-    _cacheLoaded = false;
-    _platformCache = PLATFORM_PROCEDURES.map((p) => `### ${p.title}
-${p.content}`).join("\n\n");
-  }
-});
-
-// src/lib/schedules.ts
-init_database();
-import crypto2 from "crypto";
-import { execSync as execSync4 } from "child_process";
-
-// src/lib/store.ts
-init_memory();
-init_database();
-
-// src/lib/keychain.ts
-import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2, rename, copyFile } from "fs/promises";
-import { existsSync as existsSync7, statSync as statSync3 } from "fs";
-import { execSync as execSync3 } from "child_process";
-import path6 from "path";
-import os5 from "os";
-var SERVICE = "exe-os";
-var LEGACY_SERVICE = "exe-mem";
-var ACCOUNT = "master-key";
-function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path6.join(os5.homedir(), ".exe-os");
-}
-function getKeyPath() {
-  return path6.join(getKeyDir(), "master.key");
-}
-function nativeKeychainAllowed() {
-  return process.env.EXE_OS_DISABLE_NATIVE_KEYCHAIN !== "1";
-}
-var linuxSecretAvailability = null;
-function linuxSecretAvailable() {
-  if (!nativeKeychainAllowed()) return false;
-  if (process.platform !== "linux") return false;
-  if (linuxSecretAvailability !== null) return linuxSecretAvailability;
-  try {
-    execSync3("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
-  } catch {
-    linuxSecretAvailability = false;
-    return false;
-  }
-  try {
-    execSync3("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
-    linuxSecretAvailability = true;
-  } catch {
-    linuxSecretAvailability = false;
-  }
-  return linuxSecretAvailability;
-}
-function isRootOnlyTrustedServerKeyFile(keyPath) {
-  if (process.platform !== "linux") return false;
-  try {
-    const st = statSync3(keyPath);
-    if (!st.isFile() || (st.mode & 63) !== 0) return false;
-    const uid = typeof os5.userInfo().uid === "number" ? os5.userInfo().uid : -1;
-    if (uid === 0) return true;
-    const exeOsDir = process.env.EXE_OS_DIR;
-    if (exeOsDir && path6.resolve(keyPath).startsWith(path6.resolve(exeOsDir) + path6.sep)) return true;
-    if (!linuxSecretAvailable()) return true;
-    return false;
-  } catch {
-    return false;
-  }
-}
-function macKeychainGet(service = SERVICE) {
-  if (!nativeKeychainAllowed()) return null;
-  if (process.platform !== "darwin") return null;
-  try {
-    return execSync3(
-      `security find-generic-password -s "${service}" -a "${ACCOUNT}" -w 2>/dev/null`,
-      { encoding: "utf-8", timeout: 5e3 }
-    ).trim();
-  } catch {
-    return null;
-  }
-}
-function macKeychainSet(value, service = SERVICE) {
-  if (!nativeKeychainAllowed()) return false;
-  if (process.platform !== "darwin") return false;
-  try {
-    try {
-      execSync3(
-        `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
-        { timeout: 5e3 }
-      );
-    } catch {
-    }
-    execSync3(
-      `security add-generic-password -s "${service}" -a "${ACCOUNT}" -w "${value}"`,
-      { timeout: 5e3 }
-    );
-    return true;
-  } catch {
-    return false;
-  }
-}
-function macKeychainDelete(service = SERVICE) {
-  if (!nativeKeychainAllowed()) return false;
-  if (process.platform !== "darwin") return false;
-  try {
-    execSync3(
-      `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
-      { timeout: 5e3 }
-    );
-    return true;
-  } catch {
-    return false;
-  }
-}
-function linuxSecretGet(service = SERVICE) {
-  if (!linuxSecretAvailable()) return null;
-  try {
-    return execSync3(
-      `secret-tool lookup service "${service}" account "${ACCOUNT}" 2>/dev/null`,
-      { encoding: "utf-8", timeout: 5e3 }
-    ).trim();
-  } catch {
-    return null;
-  }
-}
-function linuxSecretSet(value, service = SERVICE) {
-  if (!linuxSecretAvailable()) return false;
-  try {
-    execSync3(
-      `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${service}" account "${ACCOUNT}" 2>/dev/null`,
-      { timeout: 5e3 }
-    );
-    return true;
-  } catch {
-    return false;
-  }
-}
-function linuxSecretDelete(service = SERVICE) {
-  if (!nativeKeychainAllowed()) return false;
-  if (process.platform !== "linux") return false;
-  try {
-    execSync3(
-      `secret-tool clear service "${service}" account "${ACCOUNT}" 2>/dev/null`,
-      { timeout: 5e3 }
-    );
-    return true;
-  } catch {
-    return false;
-  }
-}
-async function tryKeytar() {
-  if (!nativeKeychainAllowed()) return null;
-  try {
-    return await import("keytar");
-  } catch {
-    return null;
-  }
-}
-var ENCRYPTED_PREFIX = "enc:";
-function deriveMachineKey() {
-  try {
-    const crypto3 = __require("crypto");
-    const material = [
-      os5.hostname(),
-      os5.userInfo().username,
-      os5.arch(),
-      os5.platform(),
-      // Machine ID on Linux (stable across reboots)
-      process.platform === "linux" ? readMachineId() : ""
-    ].join("|");
-    return crypto3.createHash("sha256").update(material).digest();
-  } catch {
-    return null;
-  }
-}
-function readMachineId() {
-  try {
-    const { readFileSync: readFileSync5 } = __require("fs");
-    return readFileSync5("/etc/machine-id", "utf-8").trim();
-  } catch {
-    return "";
-  }
-}
-function encryptWithMachineKey(plaintext, machineKey) {
-  const crypto3 = __require("crypto");
-  const iv = crypto3.randomBytes(12);
-  const cipher = crypto3.createCipheriv("aes-256-gcm", machineKey, iv);
-  let encrypted = cipher.update(plaintext, "utf-8", "base64");
-  encrypted += cipher.final("base64");
-  const authTag = cipher.getAuthTag().toString("base64");
-  return `${ENCRYPTED_PREFIX}${iv.toString("base64")}:${authTag}:${encrypted}`;
-}
-function decryptWithMachineKey(encrypted, machineKey) {
-  if (!encrypted.startsWith(ENCRYPTED_PREFIX)) return null;
-  try {
-    const crypto3 = __require("crypto");
-    const parts = encrypted.slice(ENCRYPTED_PREFIX.length).split(":");
-    if (parts.length !== 3) return null;
-    const [ivB64, tagB64, cipherB64] = parts;
-    const iv = Buffer.from(ivB64, "base64");
-    const authTag = Buffer.from(tagB64, "base64");
-    const decipher = crypto3.createDecipheriv("aes-256-gcm", machineKey, iv);
-    decipher.setAuthTag(authTag);
-    let decrypted = decipher.update(cipherB64, "base64", "utf-8");
-    decrypted += decipher.final("utf-8");
-    return decrypted;
-  } catch {
-    return null;
-  }
-}
-async function writeMachineBoundFileFallback(b64) {
-  const dir = getKeyDir();
-  await mkdir3(dir, { recursive: true });
-  const keyPath = getKeyPath();
-  const machineKey = deriveMachineKey();
-  const content = machineKey ? encryptWithMachineKey(b64, machineKey) + "\n" : b64 + "\n";
-  const result = machineKey ? "encrypted" : "plaintext";
-  const tmpPath = keyPath + ".tmp";
-  try {
-    if (existsSync7(keyPath)) {
-      await copyFile(keyPath, keyPath + ".bak").catch(() => {
-      });
-    }
-    await writeFile3(tmpPath, content, "utf-8");
-    await chmod2(tmpPath, 384);
-    await rename(tmpPath, keyPath);
-  } catch (err) {
-    try {
-      await unlink(tmpPath);
-    } catch {
-    }
-    throw err;
-  }
-  return result;
-}
-async function getMasterKey() {
-  let nativeValue = macKeychainGet() ?? linuxSecretGet();
-  if (!nativeValue) {
-    const legacyValue = macKeychainGet(LEGACY_SERVICE) ?? linuxSecretGet(LEGACY_SERVICE);
-    if (legacyValue) {
-      const migrated = macKeychainSet(legacyValue) || linuxSecretSet(legacyValue);
-      if (migrated) {
-        macKeychainDelete(LEGACY_SERVICE);
-        linuxSecretDelete(LEGACY_SERVICE);
-        process.stderr.write("[keychain] Migrated keychain service from exe-mem to exe-os.\n");
-      }
-      nativeValue = legacyValue;
-    }
-  }
-  if (nativeValue) {
-    return Buffer.from(nativeValue, "base64");
-  }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
-      const legacyKeytarValue = keytarValue ?? await keytar.getPassword(LEGACY_SERVICE, ACCOUNT);
-      if (legacyKeytarValue) {
-        const migrated = macKeychainSet(legacyKeytarValue) || linuxSecretSet(legacyKeytarValue);
-        if (migrated) {
-          process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
-          try {
-            await keytar.deletePassword(LEGACY_SERVICE, ACCOUNT);
-          } catch {
-          }
-        }
-        return Buffer.from(legacyKeytarValue, "base64");
-      }
-    } catch {
-    }
-  }
-  const keyPath = getKeyPath();
-  if (!existsSync7(keyPath)) {
-    process.stderr.write(
-      `[keychain] Key not found at ${keyPath} (HOME=${os5.homedir()}, EXE_OS_DIR=${process.env.EXE_OS_DIR ?? "unset"})
-`
-    );
-    return null;
-  }
-  try {
-    const content = (await readFile3(keyPath, "utf-8")).trim();
-    let b64Value;
-    if (content.startsWith(ENCRYPTED_PREFIX)) {
-      const machineKey = deriveMachineKey();
-      if (!machineKey) {
-        process.stderr.write("[keychain] Cannot derive machine key to decrypt stored key.\n");
-        return null;
-      }
-      const decrypted = decryptWithMachineKey(content, machineKey);
-      if (!decrypted) {
-        process.stderr.write(
-          "[keychain] Key decryption failed \u2014 machine may have changed.\n  Use your 24-word recovery phrase during setup: exe-os setup\n"
-        );
-        return null;
-      }
-      b64Value = decrypted;
-    } else {
-      b64Value = content;
-    }
-    const key = Buffer.from(b64Value, "base64");
-    if (isRootOnlyTrustedServerKeyFile(keyPath)) {
-      return key;
-    }
-    const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
-    if (migrated) {
-      process.stderr.write("[keychain] Migrated key from file to native keychain.\n");
-      try {
-        await unlink(keyPath);
-        process.stderr.write("[keychain] Removed legacy master.key file after native keychain migration.\n");
-      } catch {
-      }
-    } else if (!content.startsWith(ENCRYPTED_PREFIX)) {
-      const fallback = await writeMachineBoundFileFallback(b64Value);
-      if (fallback === "encrypted") {
-        process.stderr.write("[keychain] Upgraded legacy plaintext master.key to machine-bound encrypted fallback.\n");
-      } else {
-        process.stderr.write(
-          "[keychain] WARNING: Could not encrypt legacy master.key \u2014 plaintext fallback remains.\n"
-        );
-      }
-    }
-    return key;
-  } catch (err) {
-    process.stderr.write(
-      `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}
-`
-    );
-    return null;
-  }
-}
-
-// src/lib/store.ts
-init_config();
-
-// src/lib/state-bus.ts
-var StateBus = class {
-  handlers = /* @__PURE__ */ new Map();
-  globalHandlers = /* @__PURE__ */ new Set();
-  /** Emit an event to all subscribers */
-  emit(event) {
-    const typeHandlers = this.handlers.get(event.type);
-    if (typeHandlers) {
-      for (const handler of typeHandlers) {
-        try {
-          handler(event);
-        } catch {
-        }
-      }
-    }
-    for (const handler of this.globalHandlers) {
-      try {
-        handler(event);
-      } catch {
-      }
-    }
-  }
-  /** Subscribe to a specific event type */
-  on(type, handler) {
-    if (!this.handlers.has(type)) {
-      this.handlers.set(type, /* @__PURE__ */ new Set());
-    }
-    this.handlers.get(type).add(handler);
-  }
-  /** Subscribe to ALL events */
-  onAny(handler) {
-    this.globalHandlers.add(handler);
-  }
-  /** Unsubscribe from a specific event type */
-  off(type, handler) {
-    this.handlers.get(type)?.delete(handler);
-  }
-  /** Unsubscribe from ALL events */
-  offAny(handler) {
-    this.globalHandlers.delete(handler);
-  }
-  /** Remove all listeners */
-  clear() {
-    this.handlers.clear();
-    this.globalHandlers.clear();
-  }
-};
-var orgBus = new StateBus();
-
-// src/lib/memory-write-governor.ts
-import { createHash } from "crypto";
-
-// src/lib/store.ts
-var _debugStore = process.env.EXE_DEBUG === "1";
-function logStoreWarn(context, err) {
-  process.stderr.write(
-    `[store] WARN ${context}: ${err instanceof Error ? err.message : String(err)}
-`
-  );
-}
-var INIT_MAX_RETRIES = 3;
-var INIT_RETRY_DELAY_MS = 1e3;
-function isBusyError2(err) {
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    return msg.includes("sqlite_busy") || msg.includes("database is locked");
-  }
-  return false;
-}
-async function retryOnBusy2(fn, label) {
-  for (let attempt = 0; attempt <= INIT_MAX_RETRIES; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      if (!isBusyError2(err) || attempt === INIT_MAX_RETRIES) throw err;
-      process.stderr.write(
-        `[store] SQLITE_BUSY during ${label}, retry ${attempt + 1}/${INIT_MAX_RETRIES}
-`
-      );
-      await new Promise((r) => setTimeout(r, INIT_RETRY_DELAY_MS * (attempt + 1)));
-    }
-  }
-  throw new Error("unreachable");
-}
-var _pendingRecords = [];
-var _batchSize = 20;
-var _flushIntervalMs = 1e4;
-var _flushTimer = null;
-var _flushing = false;
-var _nextVersion = 1;
-async function initStore(options) {
-  if (_flushTimer !== null) {
-    clearInterval(_flushTimer);
-    _flushTimer = null;
-  }
-  _pendingRecords = [];
-  _flushing = false;
-  _batchSize = options?.batchSize ?? 20;
-  _flushIntervalMs = options?.flushIntervalMs ?? 1e4;
-  let dbPath = options?.dbPath;
-  if (!dbPath) {
-    const config = await loadConfig();
-    dbPath = config.dbPath;
-  }
-  let masterKey = options?.masterKey ?? null;
-  if (!masterKey) {
-    masterKey = await getMasterKey();
-    if (!masterKey) {
-      throw new Error(
-        "No encryption key found. Run /exe-setup to generate one."
-      );
-    }
-  }
-  const hexKey = masterKey.toString("hex");
-  await initTurso({
-    dbPath,
-    encryptionKey: hexKey
-  });
-  await retryOnBusy2(() => ensureSchema(), "ensureSchema");
-  try {
-    const { initDaemonClient: initDaemonClient2 } = await Promise.resolve().then(() => (init_database(), database_exports));
-    await initDaemonClient2();
-  } catch (e) {
-    logStoreWarn("catch", e);
-  }
-  if (!options?.lightweight) {
-    try {
-      const { initShardManager: initShardManager2 } = await Promise.resolve().then(() => (init_shard_manager(), shard_manager_exports));
-      initShardManager2(hexKey);
-    } catch (e) {
-      logStoreWarn("catch", e);
-    }
-    const client = getClient();
-    const vResult = await retryOnBusy2(
-      () => client.execute("SELECT MAX(version) as max_v FROM memories"),
-      "version-query"
-    );
-    _nextVersion = (Number(vResult.rows[0]?.max_v) || 0) + 1;
-    try {
-      const { loadGlobalProcedures: loadGlobalProcedures2 } = await Promise.resolve().then(() => (init_global_procedures(), global_procedures_exports));
-      await loadGlobalProcedures2();
-    } catch (e) {
-      logStoreWarn("catch", e);
-    }
-  }
-}
-
-// src/lib/schedules.ts
-var CRON_FIELD = /^[\d*/,\-]+$/;
-function isValidCron(cron) {
-  const fields = cron.trim().split(/\s+/);
-  if (fields.length !== 5) return false;
-  return fields.every((f) => CRON_FIELD.test(f));
-}
-var SAFE_ID = /^[a-zA-Z0-9_\-]+$/;
-function isValidScheduleId(id) {
-  return SAFE_ID.test(id) && id.length <= 128;
-}
-async function ensureDb() {
-  if (!isInitialized()) {
-    await initStore();
-  }
-}
-function parseHumanCron(input) {
-  const s = input.toLowerCase().trim();
-  if (/^[\d*\/,-]+\s+[\d*\/,-]+\s+[\d*\/,-]+\s+[\d*\/,-]+\s+[\d*\/,-]+$/.test(s)) {
-    return s;
-  }
-  const dayMap = {
-    sunday: "0",
-    sun: "0",
-    monday: "1",
-    mon: "1",
-    tuesday: "2",
-    tue: "2",
-    wednesday: "3",
-    wed: "3",
-    thursday: "4",
-    thu: "4",
-    friday: "5",
-    fri: "5",
-    saturday: "6",
-    sat: "6"
-  };
-  const everyMatch = s.match(/every\s+(\d+)\s*([mh])/);
-  if (everyMatch) {
-    const n = everyMatch[1];
-    const unit = everyMatch[2];
-    if (unit === "m") return `*/${n} * * * *`;
-    if (unit === "h") return `0 */${n} * * *`;
-  }
-  let hour = -1;
-  let minute = 0;
-  if (/midnight/.test(s)) {
-    hour = 0;
-  } else if (/noon/.test(s)) {
-    hour = 12;
-  } else {
-    const timeMatch = s.match(/(\d{1,2})(?::(\d{2}))?\s*(am|pm)?/);
-    if (timeMatch) {
-      hour = parseInt(timeMatch[1], 10);
-      minute = timeMatch[2] ? parseInt(timeMatch[2], 10) : 0;
-      if (timeMatch[3] === "pm" && hour < 12) hour += 12;
-      if (timeMatch[3] === "am" && hour === 12) hour = 0;
-    }
-  }
-  if (hour === -1) hour = 0;
-  let dow = "*";
-  if (/weekday|weekdays/.test(s)) {
-    dow = "1-5";
-  } else if (/weekend|weekends/.test(s)) {
-    dow = "0,6";
-  } else {
-    for (const [name, val] of Object.entries(dayMap)) {
-      if (s.includes(name)) {
-        dow = val;
-        break;
-      }
-    }
-  }
-  return `${minute} ${hour} * * ${dow}`;
-}
-async function createSchedule(input) {
-  if (!isValidCron(input.cron)) {
-    throw new Error(`Invalid cron expression: ${input.cron}. Must be 5 fields with only digits, *, /, -, comma.`);
-  }
-  await ensureDb();
-  const client = getClient();
-  const id = crypto2.randomUUID().slice(0, 8);
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const prompt = input.prompt ?? input.description;
-  await client.execute({
-    sql: `INSERT INTO schedules (id, cron, description, job_type, prompt, assigned_to, project_name, active, use_crontab, created_at)
-          VALUES (?, ?, ?, ?, ?, ?, ?, 1, ?, ?)`,
-    args: [
-      id,
-      input.cron,
-      input.description,
-      input.jobType ?? "report",
-      prompt,
-      input.assignedTo ?? null,
-      input.projectName ?? null,
-      input.useCrontab ? 1 : 0,
-      now
-    ]
-  });
-  if (input.useCrontab) {
-    addToCrontab(id, input.cron, prompt, input.projectName);
-  }
-  return {
-    id,
-    cron: input.cron,
-    description: input.description,
-    jobType: input.jobType ?? "report",
-    prompt,
-    assignedTo: input.assignedTo,
-    projectName: input.projectName,
-    active: true,
-    useCrontab: input.useCrontab ?? false,
-    createdAt: now
-  };
-}
-async function listSchedules(activeOnly = true) {
-  await ensureDb();
-  const client = getClient();
-  const sql = activeOnly ? "SELECT * FROM schedules WHERE active = 1 ORDER BY created_at ASC" : "SELECT * FROM schedules ORDER BY created_at ASC";
-  const result = await client.execute({ sql, args: [] });
-  return result.rows.map((row) => ({
-    id: String(row.id),
-    cron: String(row.cron),
-    description: String(row.description),
-    jobType: String(row.job_type),
-    prompt: row.prompt ? String(row.prompt) : void 0,
-    assignedTo: row.assigned_to ? String(row.assigned_to) : void 0,
-    projectName: row.project_name ? String(row.project_name) : void 0,
-    active: Number(row.active) === 1,
-    useCrontab: Number(row.use_crontab) === 1,
-    createdAt: String(row.created_at)
-  }));
-}
-async function deleteSchedule(id) {
-  await ensureDb();
-  const client = getClient();
-  const existing = await client.execute({
-    sql: "SELECT use_crontab FROM schedules WHERE id = ?",
-    args: [id]
-  });
-  if (existing.rows.length === 0) return false;
-  const usesCrontab = Number(existing.rows[0].use_crontab) === 1;
-  await client.execute({
-    sql: "DELETE FROM schedules WHERE id = ?",
-    args: [id]
-  });
-  if (usesCrontab) {
-    removeFromCrontab(id);
-  }
-  return true;
-}
-function addToCrontab(id, cron, prompt, projectDir) {
-  if (!isValidCron(cron)) {
-    throw new Error(`Invalid cron expression: ${cron}`);
-  }
-  if (!isValidScheduleId(id)) {
-    throw new Error(`Invalid schedule ID: ${id}`);
-  }
-  try {
-    const cwd = projectDir ? `cd ${JSON.stringify(projectDir)} && ` : "";
-    const escapedPrompt = prompt.replace(/"/g, '\\"');
-    const entry = `${cron} ${cwd}claude -p --dangerously-skip-permissions "${escapedPrompt}" # exe-schedule:${id}`;
-    execSync4(
-      `(crontab -l 2>/dev/null; echo ${JSON.stringify(entry)}) | crontab -`,
-      { timeout: 5e3, stdio: "ignore" }
-    );
-  } catch (err) {
-    if (err instanceof Error && err.message.startsWith("Invalid")) throw err;
-  }
-}
-function removeFromCrontab(id) {
-  if (!isValidScheduleId(id)) return;
-  try {
-    execSync4(
-      `crontab -l 2>/dev/null | grep -v "exe-schedule:${id}" | crontab -`,
-      { timeout: 5e3, stdio: "ignore" }
-    );
-  } catch {
-  }
-}
+import {
+  createSchedule,
+  deleteSchedule,
+  listSchedules,
+  parseHumanCron
+} from "../chunk-VQ4K2MLM.js";
+import "../chunk-HSRM6PNM.js";
+import "../chunk-NHK5KW6Y.js";
+import "../chunk-WZQ4CPRG.js";
+import "../chunk-A2NZP64U.js";
+import "../chunk-4NYQAS33.js";
+import "../chunk-RUG3N6P4.js";
+import "../chunk-XUHFQHGZ.js";
+import "../chunk-KVPG5UT6.js";
+import "../chunk-X2IMCCM5.js";
+import "../chunk-KFQGP6VL.js";
 export {
   createSchedule,
   deleteSchedule,