@askexenow/exe-os 0.9.179 → 0.9.181

package/deploy/compose/init-db.sql

@@ -22,6 +22,7 @@ CREATE SCHEMA IF NOT EXISTS gateway;
 CREATE SCHEMA IF NOT EXISTS wiki;
 CREATE SCHEMA IF NOT EXISTS crm;
 CREATE SCHEMA IF NOT EXISTS auth;
+CREATE SCHEMA IF NOT EXISTS billing;
 
 -- Grant exe full access to all schemas
 DO $$ DECLARE s text; BEGIN
@@ -123,3 +124,78 @@ CREATE TABLE IF NOT EXISTS filtered.events (
 
 CREATE INDEX IF NOT EXISTS idx_filtered_events_type ON filtered.events (event_type, occurred_at DESC);
 CREATE INDEX IF NOT EXISTS idx_filtered_events_contact ON filtered.events (contact_id);
+
+-- ---------------------------------------------------------------------------
+-- Billing schema — licenses, stack releases, entitlements, deploy audits.
+-- Used by the exe-update service (update.askexe.com) to authenticate
+-- customers and serve stack manifests.
+-- ---------------------------------------------------------------------------
+
+CREATE TABLE IF NOT EXISTS billing.licenses (
+  id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
+  key TEXT NOT NULL UNIQUE,
+  email TEXT NOT NULL,
+  name TEXT,
+  plan TEXT NOT NULL DEFAULT 'pro',
+  status TEXT NOT NULL DEFAULT 'active',
+  device_limit INT NOT NULL DEFAULT 3,
+  employee_limit INT NOT NULL DEFAULT 5,
+  memory_limit INT NOT NULL DEFAULT 100000,
+  expires_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  created_by TEXT NOT NULL DEFAULT 'system'
+);
+
+CREATE INDEX IF NOT EXISTS idx_billing_licenses_key ON billing.licenses (key);
+CREATE INDEX IF NOT EXISTS idx_billing_licenses_status ON billing.licenses (status);
+CREATE INDEX IF NOT EXISTS idx_billing_licenses_email ON billing.licenses (email);
+
+CREATE TABLE IF NOT EXISTS billing.stack_releases (
+  id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
+  version TEXT NOT NULL UNIQUE,
+  manifest JSONB NOT NULL,
+  manifest_sha256 TEXT NOT NULL,
+  signature TEXT,
+  status TEXT NOT NULL DEFAULT 'draft',
+  released_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  created_by TEXT NOT NULL DEFAULT 'system'
+);
+
+CREATE INDEX IF NOT EXISTS idx_billing_stack_releases_status ON billing.stack_releases (status);
+CREATE INDEX IF NOT EXISTS idx_billing_stack_releases_version ON billing.stack_releases (version);
+
+CREATE TABLE IF NOT EXISTS billing.stack_entitlements (
+  id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
+  license_key TEXT REFERENCES billing.licenses(key),
+  customer_id TEXT,
+  device_id TEXT,
+  token_hash TEXT UNIQUE,
+  stack_version TEXT NOT NULL DEFAULT '*',
+  channel TEXT DEFAULT 'stable',
+  status TEXT NOT NULL DEFAULT 'active',
+  revoked_at TIMESTAMPTZ,
+  expires_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_billing_entitlements_token ON billing.stack_entitlements (token_hash);
+CREATE INDEX IF NOT EXISTS idx_billing_entitlements_status ON billing.stack_entitlements (status);
+
+CREATE TABLE IF NOT EXISTS billing.stack_deploy_audits (
+  id TEXT PRIMARY KEY DEFAULT gen_random_uuid()::text,
+  license_key TEXT,
+  device_id TEXT,
+  stack_version TEXT NOT NULL,
+  previous_version TEXT,
+  status TEXT NOT NULL,
+  error TEXT,
+  metadata JSONB,
+  started_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  completed_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS idx_billing_deploy_audits_license ON billing.stack_deploy_audits (license_key);
+CREATE INDEX IF NOT EXISTS idx_billing_deploy_audits_status ON billing.stack_deploy_audits (status);
+CREATE INDEX IF NOT EXISTS idx_billing_deploy_audits_started ON billing.stack_deploy_audits (started_at DESC NULLS LAST);

package/dist/bin/exe-forget.js

@@ -4,7 +4,7 @@ import {
 } from "../chunk-7EQXVRA3.js";
 import {
   lightweightSearch
-} from "../chunk-HOGTVJOL.js";
+} from "../chunk-CD76FDBD.js";
 import "../chunk-U2UQMLJ3.js";
 import "../chunk-CHCA3ZM2.js";
 import "../chunk-DOWW3EIO.js";

package/dist/bin/exe-search.js

@@ -2,7 +2,7 @@
 import {
   hybridSearch,
   lightweightSearch
-} from "../chunk-HOGTVJOL.js";
+} from "../chunk-CD76FDBD.js";
 import {
   initStore
 } from "../chunk-U2UQMLJ3.js";

package/dist/bin/stack-update.js

@@ -11,7 +11,7 @@ import {
   patchEnv,
   readCurrentStackVersion,
   runStackUpdate
-} from "../chunk-WCYT54XP.js";
+} from "../chunk-BV7EZIL4.js";
 import "../chunk-MVMMULOJ.js";
 import "../chunk-4GXRETYL.js";
 import "../chunk-LYH5HE24.js";

package/dist/bin/vps-health-gate.js

@@ -207,7 +207,7 @@ async function main(args) {
   console.log("[health-gate] Starting rollback...");
   restorePreDeployBackup();
   try {
-    const { rollbackStackUpdate, defaultStackPaths } = await import("../stack-update-2B2UXREV.js");
+    const { rollbackStackUpdate, defaultStackPaths } = await import("../stack-update-LEUGR7HP.js");
     const paths = defaultStackPaths();
     await rollbackStackUpdate({
       manifestRef: paths.manifestRef,

package/dist/{catchup-brief-2QLCQQL7.js → catchup-brief-RYXZY7KB.js}

@@ -1,6 +1,6 @@
 import {
   lightweightSearch
-} from "./chunk-HOGTVJOL.js";
+} from "./chunk-CD76FDBD.js";
 import "./chunk-U2UQMLJ3.js";
 import "./chunk-CHCA3ZM2.js";
 import "./chunk-DOWW3EIO.js";

package/dist/{chunk-WCYT54XP.js → chunk-BV7EZIL4.js}

@@ -762,16 +762,26 @@ async function runStackUpdate(options) {
 }
 async function fetchImageCredentials(options) {
   if (!options.imageCredentialsUrl) return null;
-  const res = await fetch(options.imageCredentialsUrl, {
-    method: "POST",
-    headers: {
-      "content-type": "application/json",
-      ...options.manifestAuthToken ? { authorization: `Bearer ${options.manifestAuthToken}` } : {}
-    },
-    body: JSON.stringify({ deviceId: options.deviceId, licenseKey: options.licenseKey })
-  });
-  if (!res.ok) throw new Error(`Failed to fetch image credentials: HTTP ${res.status}`);
-  return await res.json();
+  try {
+    const res = await fetch(options.imageCredentialsUrl, {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        ...options.manifestAuthToken ? { authorization: `Bearer ${options.manifestAuthToken}` } : {}
+      },
+      body: JSON.stringify({ deviceId: options.deviceId, licenseKey: options.licenseKey }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) {
+      console.warn(`[stack-update] Image credentials unavailable (HTTP ${res.status}). Docker pull will use existing auth.`);
+      return null;
+    }
+    return await res.json();
+  } catch (err) {
+    const reason = err instanceof Error ? err.message : String(err);
+    console.warn(`[stack-update] Image credentials fetch failed: ${reason}. Docker pull will use existing auth.`);
+    return null;
+  }
 }
 function readCurrentStackVersion(lockFile) {
   if (!existsSync(lockFile)) return void 0;
@@ -886,18 +896,20 @@ function defaultStackPaths() {
   const cwdCompose = path.resolve("docker-compose.yml");
   const cwdEnv = path.resolve(".env");
   const packagedManifest = path.join(resolvePackageRoot(), "deploy", "stack-manifests", "v0.9.json");
-  const manifestRef = process.env.EXE_STACK_MANIFEST || (existsSync(packagedManifest) ? packagedManifest : "https://api.askexe.com/stack-manifest.json");
+  const manifestRef = process.env.EXE_STACK_MANIFEST || (existsSync(packagedManifest) ? packagedManifest : "https://update.askexe.com/v1/stack-manifest.json");
+  const licenseKey = process.env.EXE_LICENSE_KEY || loadLicense() || process.env.EXE_STACK_UPDATE_TOKEN || void 0;
+  const isRemoteManifest = /^https?:\/\//.test(manifestRef);
+  const hasLicenseForRemote = !!licenseKey;
+  const updateServiceUrl = process.env.EXE_UPDATE_SERVICE_URL || "https://update.askexe.com";
   return {
     composeFile: process.env.EXE_STACK_COMPOSE_FILE || (existsSync(cwdCompose) ? cwdCompose : "/opt/exe-stack/docker-compose.yml"),
     envFile: process.env.EXE_STACK_ENV_FILE || (existsSync(cwdEnv) ? cwdEnv : "/opt/exe-stack/.env"),
     manifestRef,
-    // Only call api.askexe.com if explicitly configured or if a remote manifest was requested.
-    // Packaged manifests keep cold-start installs unblocked even before update-service entitlements are provisioned.
-    auditUrl: process.env.EXE_STACK_AUDIT_URL || (/^https?:\/\//.test(manifestRef) ? "https://api.askexe.com/v1/deploy-audits" : void 0),
-    imageCredentialsUrl: process.env.EXE_STACK_IMAGE_CREDENTIALS_URL || (/^https?:\/\//.test(manifestRef) ? "https://api.askexe.com/v1/image-credentials" : void 0),
-    // License key IS the auth token for api.askexe.com — no separate update token needed.
+    auditUrl: process.env.EXE_STACK_AUDIT_URL || (isRemoteManifest || hasLicenseForRemote ? `${updateServiceUrl}/v1/deploy-audits` : void 0),
+    imageCredentialsUrl: process.env.EXE_STACK_IMAGE_CREDENTIALS_URL || (isRemoteManifest || hasLicenseForRemote ? `${updateServiceUrl}/v1/image-credentials` : void 0),
+    // License key IS the auth token for update.askexe.com — no separate update token needed.
     // EXE_STACK_UPDATE_TOKEN kept as legacy fallback during migration.
-    manifestAuthToken: process.env.EXE_LICENSE_KEY || loadLicense() || process.env.EXE_STACK_UPDATE_TOKEN || void 0,
+    manifestAuthToken: licenseKey,
     manifestPublicKey: loadDefaultPublicKey()
   };
 }

package/dist/{chunk-HOGTVJOL.js → chunk-CD76FDBD.js}

@@ -201,12 +201,14 @@ async function hybridSearch(queryText, agentId, options) {
   let effectiveQuery = queryText;
   const effectiveOptions = { ...options };
   let _isBroadQuery = false;
+  let inferredTerms = [];
   if (config.selfQueryRouter && process.env.ANTHROPIC_API_KEY) {
     try {
-      const { routeQuery } = await import("./self-query-router-37VB3PKQ.js");
+      const { routeQuery } = await import("./self-query-router-VNUCMGFX.js");
       const routed = await routeQuery(queryText, config.selfQueryModel);
       effectiveQuery = routed.semanticQuery;
       _isBroadQuery = routed.isBroadQuery;
+      inferredTerms = routed.inferredTerms ?? [];
       if (routed.projectFilter && !effectiveOptions.projectName) {
         effectiveOptions.projectName = routed.projectFilter;
       }
@@ -266,6 +268,11 @@ async function hybridSearch(queryText, agentId, options) {
     }
   }
   const entitySubqueries = extractEntitySubqueries(effectiveQuery);
+  if (inferredTerms.length > 0) {
+    entitySubqueries.push(...inferredTerms.filter(
+      (t) => !entitySubqueries.some((sq) => sq.toLowerCase() === t.toLowerCase())
+    ));
+  }
   const subqueryPromises = entitySubqueries.map(
     (sq) => lightweightSearch(sq, agentId, { ...fetchOptions, limit: Math.min(fetchLimit, 20) }).catch(() => [])
   );
@@ -444,6 +451,7 @@ async function hybridSearch(queryText, agentId, options) {
         contradictionResolution: merged.length >= 2,
         reranker: rerankedAndBlended !== null,
         selfQueryRouter: effectiveQuery !== queryText,
+        inferredTerms: inferredTerms.length > 0 ? inferredTerms : void 0,
         lowConfidence: finalResults[0]?._lowConfidence ?? false
       },
       topResults: finalResults.slice(0, 10).map((r, i) => {

package/dist/{chunk-ARA54W6G.js → chunk-EWINUEVJ.js}

@@ -183,7 +183,7 @@ import {
 import {
   hybridSearch,
   recentRecords
-} from "./chunk-HOGTVJOL.js";
+} from "./chunk-CD76FDBD.js";
 import {
   attachDocumentMetadata,
   flushBatch,
@@ -5200,7 +5200,7 @@ function registerGetDaemonHealth(server) {
           lines.push(`| Requests served | ${health.requests_served.toLocaleString()} |`);
         }
         try {
-          const { getQueryCacheStats } = await import("./self-query-router-37VB3PKQ.js");
+          const { getQueryCacheStats } = await import("./self-query-router-VNUCMGFX.js");
           const cache = getQueryCacheStats();
           lines.push(`| Query cache size | ${cache.size} / ${cache.maxSize} |`);
           lines.push(`| Query cache hit rate | ${cache.hitRate} |`);

package/dist/hooks/error-recall.js

@@ -4,7 +4,7 @@ import {
 import {
   hybridSearch,
   lightweightSearch
-} from "../chunk-HOGTVJOL.js";
+} from "../chunk-CD76FDBD.js";
 import {
   initStore
 } from "../chunk-U2UQMLJ3.js";

package/dist/hooks/pre-tool-use.js

@@ -90,6 +90,21 @@ function countEngineerSessions() {
     return 0;
   }
 }
+function getWorktreeContext() {
+  const cwd = process.cwd();
+  const match = cwd.match(/\.worktrees\/([^/]+)/);
+  if (!match) return { isWorktree: false };
+  const worktreeName = match[1];
+  const worktreeRoot = cwd.slice(0, cwd.indexOf(".worktrees/") + ".worktrees/".length + worktreeName.length);
+  const repoRoot = cwd.slice(0, cwd.indexOf(".worktrees") - 1);
+  return { isWorktree: true, worktreeName, worktreeRoot, repoRoot };
+}
+function isMainRepoPath(filePath, ctx) {
+  return filePath.startsWith(ctx.repoRoot + "/") && !filePath.startsWith(ctx.worktreeRoot + "/") && !filePath.startsWith(ctx.worktreeRoot);
+}
+function rewriteToWorktree(filePath, ctx) {
+  return filePath.replace(ctx.repoRoot, ctx.worktreeRoot);
+}
 var MAX_INPUT_SIZE = 1e6;
 var input = "";
 process.stdin.setEncoding("utf8");
@@ -173,6 +188,34 @@ If MCP is down, tell the user: "MCP disconnected. Run /mcp to reconnect."`
           process.exit(0);
         }
       }
+      const wtCtxBash = getWorktreeContext();
+      if (wtCtxBash.isWorktree) {
+        const mainPrefix = wtCtxBash.repoRoot + "/";
+        const wtPrefix = wtCtxBash.worktreeRoot + "/";
+        const writePatterns = [
+          // Redirect operators: > file, >> file
+          new RegExp(`>\\s*${wtCtxBash.repoRoot.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}/`),
+          // cp/mv/rsync destination (last arg): cp src DEST
+          new RegExp(`\\b(?:cp|mv|rsync)\\s+.*\\s+${wtCtxBash.repoRoot.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}/`),
+          // sed -i targeting main repo files
+          new RegExp(`\\bsed\\s+.*-i.*\\s+${wtCtxBash.repoRoot.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}/`),
+          // tee targeting main repo
+          new RegExp(`\\btee\\s+.*${wtCtxBash.repoRoot.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}/`)
+        ];
+        const hasMainRepoWrite = writePatterns.some((p) => p.test(command)) && !command.includes(wtPrefix);
+        if (hasMainRepoWrite) {
+          const output = JSON.stringify({
+            hookSpecificOutput: { permissionDecision: "deny" },
+            systemMessage: `ACTION BLOCKED: You are in worktree "${wtCtxBash.worktreeName}" but your Bash command writes to the main repo root.
+DENIED command contains write to: ${mainPrefix}
+Your worktree root is: ${wtCtxBash.worktreeRoot}/
+Rewrite your command to target ${wtCtxBash.worktreeRoot}/ instead.
+NEVER write to the main repo from a worktree. The main repo belongs to the coordinator.`
+          });
+          process.stdout.write(output);
+          process.exit(0);
+        }
+      }
       const cdMatch = command.match(/\bcd\s+(?:~\/|\/Users\/\w+\/)([\w-]+)/);
       if (cdMatch) {
         const targetDir = cdMatch[1];
@@ -195,25 +238,61 @@ If MCP is down, tell the user: "MCP disconnected. Run /mcp to reconnect."`
         }
       }
     }
+    if (/^(Read)$/.test(data.tool_name)) {
+      const filePath = data.tool_input?.file_path ?? "";
+      const wtCtx = getWorktreeContext();
+      if (wtCtx.isWorktree && filePath && isMainRepoPath(filePath, wtCtx)) {
+        const rewritten = rewriteToWorktree(filePath, wtCtx);
+        process.stderr.write(
+          `[pre-tool-use] Worktree Read rewrite: ${filePath} \u2192 ${rewritten}
+`
+        );
+        const output = JSON.stringify({
+          hookSpecificOutput: {
+            permissionDecision: "allow",
+            updatedInput: { file_path: rewritten }
+          },
+          systemMessage: `\u2139\uFE0F Path redirected: you are in worktree "${wtCtx.worktreeName}". Read redirected from main repo to your worktree copy: ${rewritten}`
+        });
+        process.stdout.write(output);
+        process.exit(0);
+      }
+    }
+    if (/^(Glob|Grep)$/.test(data.tool_name)) {
+      const toolPath = data.tool_input?.path ?? "";
+      const wtCtx = getWorktreeContext();
+      if (wtCtx.isWorktree && toolPath && isMainRepoPath(toolPath, wtCtx)) {
+        const rewritten = rewriteToWorktree(toolPath, wtCtx);
+        process.stderr.write(
+          `[pre-tool-use] Worktree ${data.tool_name} rewrite: ${toolPath} \u2192 ${rewritten}
+`
+        );
+        const output = JSON.stringify({
+          hookSpecificOutput: {
+            permissionDecision: "allow",
+            updatedInput: { ...data.tool_input, path: rewritten }
+          },
+          systemMessage: `\u2139\uFE0F Path redirected: you are in worktree "${wtCtx.worktreeName}". ${data.tool_name} redirected from main repo to your worktree: ${rewritten}`
+        });
+        process.stdout.write(output);
+        process.exit(0);
+      }
+    }
     if (/^(Write|Edit)$/.test(data.tool_name)) {
       const filePath = data.tool_input?.file_path ?? "";
-      const cwd = process.cwd();
-      const worktreeMatch = cwd.match(/\.worktrees\/([^/]+)/);
-      if (worktreeMatch && filePath) {
-        const worktreeRoot = cwd.slice(0, cwd.indexOf(".worktrees/") + ".worktrees/".length + worktreeMatch[1].length);
-        const repoRoot = cwd.slice(0, cwd.indexOf(".worktrees") - 1);
-        if (filePath.startsWith(repoRoot + "/") && !filePath.startsWith(worktreeRoot + "/") && !filePath.startsWith(worktreeRoot)) {
-          const output = JSON.stringify({
-            hookSpecificOutput: { permissionDecision: "deny" },
-            systemMessage: `ACTION BLOCKED: You are in worktree "${worktreeMatch[1]}" but tried to edit a file in the main repo root.
+      const wtCtx = getWorktreeContext();
+      if (wtCtx.isWorktree && filePath && isMainRepoPath(filePath, wtCtx)) {
+        const suggested = rewriteToWorktree(filePath, wtCtx);
+        const output = JSON.stringify({
+          hookSpecificOutput: { permissionDecision: "deny" },
+          systemMessage: `ACTION BLOCKED: You are in worktree "${wtCtx.worktreeName}" but tried to edit a file in the main repo root.
 DENIED path: ${filePath}
-Your worktree root is: ${worktreeRoot}/
-Edit the file at: ${filePath.replace(repoRoot, worktreeRoot)} instead.
+Your worktree root is: ${wtCtx.worktreeRoot}/
+Edit the file at: ${suggested} instead.
 NEVER edit files outside your worktree. The main repo belongs to the coordinator.`
-          });
-          process.stdout.write(output);
-          process.exit(0);
-        }
+        });
+        process.stdout.write(output);
+        process.exit(0);
       }
     }
     if (/^(Write|Edit)$/.test(data.tool_name) && !canCoordinate(agent.agentId, agent.agentRole)) {

package/dist/hooks/prompt-submit.js

@@ -1,7 +1,7 @@
 import {
   hybridSearch,
   lightweightSearch
-} from "../chunk-HOGTVJOL.js";
+} from "../chunk-CD76FDBD.js";
 import {
   initStore
 } from "../chunk-U2UQMLJ3.js";

package/dist/hooks/session-start.js

@@ -135,7 +135,7 @@ You are **${ag.agentId}** (${ag.agentRole}). Daemon is degraded \u2014 memory un
       query = `last actions on ${projectName}`;
       header = "## Resuming Session\nHere's where you left off:";
       try {
-        const { buildCatchupBrief } = await import("../catchup-brief-2QLCQQL7.js");
+        const { buildCatchupBrief } = await import("../catchup-brief-RYXZY7KB.js");
         const brief = await buildCatchupBrief(
           agentId,
           projectName,

package/dist/lib/hybrid-search.js

@@ -5,7 +5,7 @@ import {
   recentRecords,
   rrfMerge,
   rrfMergeMulti
-} from "../chunk-HOGTVJOL.js";
+} from "../chunk-CD76FDBD.js";
 import "../chunk-U2UQMLJ3.js";
 import "../chunk-CHCA3ZM2.js";
 import "../chunk-DOWW3EIO.js";

package/dist/mcp/register-tools.js

@@ -1,6 +1,6 @@
 import {
   registerAllTools
-} from "../chunk-ARA54W6G.js";
+} from "../chunk-EWINUEVJ.js";
 import "../chunk-PLNYW6PA.js";
 import "../chunk-R4IK2YT3.js";
 import "../chunk-HYBT5PXK.js";
@@ -56,7 +56,7 @@ import "../chunk-7EQXVRA3.js";
 import "../chunk-25CVYGFX.js";
 import "../chunk-D6EK7PYQ.js";
 import "../chunk-CMFLJNP6.js";
-import "../chunk-HOGTVJOL.js";
+import "../chunk-CD76FDBD.js";
 import "../chunk-U2UQMLJ3.js";
 import "../chunk-CHCA3ZM2.js";
 import "../chunk-DOWW3EIO.js";

package/dist/mcp/server.js

@@ -3,7 +3,7 @@ import {
 } from "../chunk-V4TZI6EO.js";
 import {
   registerAllTools
-} from "../chunk-ARA54W6G.js";
+} from "../chunk-EWINUEVJ.js";
 import {
   initLicenseGate
 } from "../chunk-PLNYW6PA.js";
@@ -66,7 +66,7 @@ import "../chunk-7EQXVRA3.js";
 import "../chunk-25CVYGFX.js";
 import "../chunk-D6EK7PYQ.js";
 import "../chunk-CMFLJNP6.js";
-import "../chunk-HOGTVJOL.js";
+import "../chunk-CD76FDBD.js";
 import {
   disposeStore,
   initStore

package/dist/{self-query-router-37VB3PKQ.js → self-query-router-VNUCMGFX.js}

@@ -26,9 +26,14 @@ var EXTRACT_TOOL = {
       is_broad_query: {
         type: "boolean",
         description: "True if the query is exploratory/broad (e.g., 'what has the CTO been working on', 'summarize recent activity'). False if targeted (e.g., 'how did we fix the auth bug')."
+      },
+      inferred_terms: {
+        type: "array",
+        items: { type: "string" },
+        description: "Entities or concepts NOT explicitly in the query but likely relevant for retrieval. Infer related terms from context clues. E.g., 'nephew of Ivory Lee Brown' \u2192 ['NFL', 'Oklahoma', 'football']. 'the auth bug we fixed' \u2192 ['JWT', 'token', 'login']. Return empty array if no useful inference. Max 5 terms."
       }
     },
-    required: ["semantic_query", "project_filter", "role_filter", "time_filter", "is_broad_query"]
+    required: ["semantic_query", "project_filter", "role_filter", "time_filter", "is_broad_query", "inferred_terms"]
   }
 };
 var CACHE_MAX_SIZE = Number(process.env.EXE_QUERY_CACHE_SIZE) || 200;
@@ -72,7 +77,8 @@ async function routeQuery(query, model = "claude-haiku-4-5-20251001") {
       projectFilter: null,
       roleFilter: null,
       timeFilter: null,
-      isBroadQuery: false
+      isBroadQuery: false,
+      inferredTerms: []
     };
   }
   const cacheKey = normalizeCacheKey(query);
@@ -91,7 +97,7 @@ async function routeQuery(query, model = "claude-haiku-4-5-20251001") {
     const response = await client.messages.create({
       model,
       max_tokens: 256,
-      system: `You are a search query router. Extract metadata filters from the user's memory search query. Today is ${now}. Convert relative time references (yesterday, last week) to ISO timestamps.`,
+      system: `You are a search query router and context enricher. Extract metadata filters from the user's memory search query. Also infer related entities/concepts that aren't explicitly stated but would help retrieval (like Apple CLaRa's Query Reasoner). Today is ${now}. Convert relative time references (yesterday, last week) to ISO timestamps.`,
       messages: [{ role: "user", content: query }],
       tools: [EXTRACT_TOOL],
       tool_choice: { type: "tool", name: "extract_search_filters" }
@@ -99,12 +105,15 @@ async function routeQuery(query, model = "claude-haiku-4-5-20251001") {
     const toolBlock = response.content.find((b) => b.type === "tool_use");
     if (toolBlock && toolBlock.type === "tool_use") {
       const input = toolBlock.input;
+      const rawTerms = input.inferred_terms;
+      const inferredTerms = Array.isArray(rawTerms) ? rawTerms.filter((t) => typeof t === "string" && t.length > 0).slice(0, 5) : [];
       const result = {
         semanticQuery: input.semantic_query || query,
         projectFilter: input.project_filter || null,
         roleFilter: input.role_filter || null,
         timeFilter: input.time_filter || null,
-        isBroadQuery: Boolean(input.is_broad_query)
+        isBroadQuery: Boolean(input.is_broad_query),
+        inferredTerms
       };
       evictCache();
       queryCache.set(cacheKey, { result, timestamp: Date.now() });
@@ -121,7 +130,8 @@ async function routeQuery(query, model = "claude-haiku-4-5-20251001") {
     projectFilter: null,
     roleFilter: null,
     timeFilter: null,
-    isBroadQuery: false
+    isBroadQuery: false,
+    inferredTerms: []
   };
 }
 export {

package/dist/{stack-update-2B2UXREV.js → stack-update-LEUGR7HP.js}

@@ -20,7 +20,7 @@ import {
   runStackUpdate,
   verifyReleaseHealth,
   verifyStackManifestSignature
-} from "./chunk-WCYT54XP.js";
+} from "./chunk-BV7EZIL4.js";
 import "./chunk-MVMMULOJ.js";
 import "./chunk-4GXRETYL.js";
 import "./chunk-LYH5HE24.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.179",
+  "version": "0.9.181",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",