@askexenow/exe-os 0.9.30 → 0.9.32

package/dist/mcp/server.js

@@ -428,8 +428,8 @@ function findPackageRoot() {
 function getAvailableMemoryGB() {
   if (process.platform === "darwin") {
     try {
-      const { execSync: execSync11 } = __require("child_process");
-      const vmstat = execSync11("vm_stat", { encoding: "utf8" });
+      const { execSync: execSync12 } = __require("child_process");
+      const vmstat = execSync12("vm_stat", { encoding: "utf8" });
       const pageSize = 16384;
       const pageSizeMatch = vmstat.match(/page size of (\d+) bytes/);
       const actualPageSize = pageSizeMatch ? parseInt(pageSizeMatch[1], 10) : pageSize;
@@ -849,10 +849,10 @@ async function disposeEmbedder() {
 async function embedDirect(text) {
   const llamaCpp = await import("node-llama-cpp");
   const { MODELS_DIR: MODELS_DIR2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-  const { existsSync: existsSync34 } = await import("fs");
-  const path44 = await import("path");
-  const modelPath = path44.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
-  if (!existsSync34(modelPath)) {
+  const { existsSync: existsSync35 } = await import("fs");
+  const path45 = await import("path");
+  const modelPath = path45.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
+  if (!existsSync35(modelPath)) {
     throw new Error(`Embedding model not found at ${modelPath}. Run '/exe-setup' to download it.`);
   }
   const llama = await llamaCpp.getLlama();
@@ -3220,6 +3220,7 @@ __export(keychain_exports, {
 });
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
 import { existsSync as existsSync7 } from "fs";
+import { execSync as execSync2 } from "child_process";
 import path7 from "path";
 import os5 from "os";
 function getKeyDir() {
@@ -3228,6 +3229,83 @@ function getKeyDir() {
 function getKeyPath() {
   return path7.join(getKeyDir(), "master.key");
 }
+function macKeychainGet() {
+  if (process.platform !== "darwin") return null;
+  try {
+    return execSync2(
+      `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w 2>/dev/null`,
+      { encoding: "utf-8", timeout: 5e3 }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+function macKeychainSet(value) {
+  if (process.platform !== "darwin") return false;
+  try {
+    try {
+      execSync2(
+        `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
+        { timeout: 5e3 }
+      );
+    } catch {
+    }
+    execSync2(
+      `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function macKeychainDelete() {
+  if (process.platform !== "darwin") return false;
+  try {
+    execSync2(
+      `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function linuxSecretGet() {
+  if (process.platform !== "linux") return null;
+  try {
+    return execSync2(
+      `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
+      { encoding: "utf-8", timeout: 5e3 }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+function linuxSecretSet(value) {
+  if (process.platform !== "linux") return false;
+  try {
+    execSync2(
+      `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${SERVICE}" account "${ACCOUNT}"`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function linuxSecretDelete() {
+  if (process.platform !== "linux") return false;
+  try {
+    execSync2(
+      `secret-tool clear service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
 async function tryKeytar() {
   try {
     return await import("keytar");
@@ -3235,13 +3313,72 @@ async function tryKeytar() {
     return null;
   }
 }
+function deriveMachineKey() {
+  try {
+    const crypto18 = __require("crypto");
+    const material = [
+      os5.hostname(),
+      os5.userInfo().username,
+      os5.arch(),
+      os5.platform(),
+      // Machine ID on Linux (stable across reboots)
+      process.platform === "linux" ? readMachineId() : ""
+    ].join("|");
+    return crypto18.createHash("sha256").update(material).digest();
+  } catch {
+    return null;
+  }
+}
+function readMachineId() {
+  try {
+    const { readFileSync: readFileSync29 } = __require("fs");
+    return readFileSync29("/etc/machine-id", "utf-8").trim();
+  } catch {
+    return "";
+  }
+}
+function encryptWithMachineKey(plaintext, machineKey) {
+  const crypto18 = __require("crypto");
+  const iv = crypto18.randomBytes(12);
+  const cipher = crypto18.createCipheriv("aes-256-gcm", machineKey, iv);
+  let encrypted = cipher.update(plaintext, "utf-8", "base64");
+  encrypted += cipher.final("base64");
+  const authTag = cipher.getAuthTag().toString("base64");
+  return `${ENCRYPTED_PREFIX}${iv.toString("base64")}:${authTag}:${encrypted}`;
+}
+function decryptWithMachineKey(encrypted, machineKey) {
+  if (!encrypted.startsWith(ENCRYPTED_PREFIX)) return null;
+  try {
+    const crypto18 = __require("crypto");
+    const parts = encrypted.slice(ENCRYPTED_PREFIX.length).split(":");
+    if (parts.length !== 3) return null;
+    const [ivB64, tagB64, cipherB64] = parts;
+    const iv = Buffer.from(ivB64, "base64");
+    const authTag = Buffer.from(tagB64, "base64");
+    const decipher = crypto18.createDecipheriv("aes-256-gcm", machineKey, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(cipherB64, "base64", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return decrypted;
+  } catch {
+    return null;
+  }
+}
 async function getMasterKey() {
+  const nativeValue = macKeychainGet() ?? linuxSecretGet();
+  if (nativeValue) {
+    return Buffer.from(nativeValue, "base64");
+  }
   const keytar = await tryKeytar();
   if (keytar) {
     try {
-      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (stored) {
-        return Buffer.from(stored, "base64");
+      const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
+      if (keytarValue) {
+        const migrated = macKeychainSet(keytarValue) || linuxSecretSet(keytarValue);
+        if (migrated) {
+          process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
+        }
+        return Buffer.from(keytarValue, "base64");
       }
     } catch {
     }
@@ -3255,8 +3392,31 @@ async function getMasterKey() {
     return null;
   }
   try {
-    const content = await readFile3(keyPath, "utf-8");
-    return Buffer.from(content.trim(), "base64");
+    const content = (await readFile3(keyPath, "utf-8")).trim();
+    let b64Value;
+    if (content.startsWith(ENCRYPTED_PREFIX)) {
+      const machineKey = deriveMachineKey();
+      if (!machineKey) {
+        process.stderr.write("[keychain] Cannot derive machine key to decrypt stored key.\n");
+        return null;
+      }
+      const decrypted = decryptWithMachineKey(content, machineKey);
+      if (!decrypted) {
+        process.stderr.write(
+          "[keychain] Key decryption failed \u2014 machine may have changed.\n  Use your 24-word recovery phrase: exe-os link import\n"
+        );
+        return null;
+      }
+      b64Value = decrypted;
+    } else {
+      b64Value = content;
+    }
+    const key = Buffer.from(b64Value, "base64");
+    const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
+    if (migrated) {
+      process.stderr.write("[keychain] Migrated key from file to native keychain.\n");
+    }
+    return key;
   } catch (err) {
     process.stderr.write(
       `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}
@@ -3267,6 +3427,9 @@ async function getMasterKey() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
+  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
+    return;
+  }
   const keytar = await tryKeytar();
   if (keytar) {
     try {
@@ -3278,10 +3441,23 @@ async function setMasterKey(key) {
   const dir = getKeyDir();
   await mkdir3(dir, { recursive: true });
   const keyPath = getKeyPath();
-  await writeFile3(keyPath, b64 + "\n", "utf-8");
-  await chmod2(keyPath, 384);
+  const machineKey = deriveMachineKey();
+  if (machineKey) {
+    const encrypted = encryptWithMachineKey(b64, machineKey);
+    await writeFile3(keyPath, encrypted + "\n", "utf-8");
+    await chmod2(keyPath, 384);
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  } else {
+    await writeFile3(keyPath, b64 + "\n", "utf-8");
+    await chmod2(keyPath, 384);
+    process.stderr.write(
+      "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
+    );
+  }
 }
 async function deleteMasterKey() {
+  macKeychainDelete();
+  linuxSecretDelete();
   const keytar = await tryKeytar();
   if (keytar) {
     try {
@@ -3323,12 +3499,13 @@ async function importMnemonic(mnemonic) {
   const entropy = mnemonicToEntropy(trimmed);
   return Buffer.from(entropy, "hex");
 }
-var SERVICE, ACCOUNT;
+var SERVICE, ACCOUNT, ENCRYPTED_PREFIX;
 var init_keychain = __esm({
   "src/lib/keychain.ts"() {
     "use strict";
     SERVICE = "exe-mem";
     ACCOUNT = "master-key";
+    ENCRYPTED_PREFIX = "enc:";
   }
 });
 
@@ -4783,7 +4960,7 @@ __export(project_name_exports, {
   _resetCache: () => _resetCache,
   getProjectName: () => getProjectName
 });
-import { execSync as execSync2 } from "child_process";
+import { execSync as execSync3 } from "child_process";
 import path10 from "path";
 function getProjectName(cwd) {
   const dir = cwd ?? process.cwd();
@@ -4791,7 +4968,7 @@ function getProjectName(cwd) {
   try {
     let repoRoot;
     try {
-      const gitCommonDir = execSync2("git rev-parse --path-format=absolute --git-common-dir", {
+      const gitCommonDir = execSync3("git rev-parse --path-format=absolute --git-common-dir", {
         cwd: dir,
         encoding: "utf8",
         timeout: 2e3,
@@ -4799,7 +4976,7 @@ function getProjectName(cwd) {
       }).trim();
       repoRoot = path10.dirname(gitCommonDir);
     } catch {
-      repoRoot = execSync2("git rev-parse --show-toplevel", {
+      repoRoot = execSync3("git rev-parse --show-toplevel", {
         cwd: dir,
         encoding: "utf8",
         timeout: 2e3,
@@ -4833,14 +5010,14 @@ var file_grep_exports = {};
 __export(file_grep_exports, {
   grepProjectFiles: () => grepProjectFiles
 });
-import { execSync as execSync3 } from "child_process";
+import { execSync as execSync4 } from "child_process";
 import { readFileSync as readFileSync6, readdirSync as readdirSync2, statSync as statSync2, existsSync as existsSync10 } from "fs";
 import path11 from "path";
 import crypto2 from "crypto";
 function hasRipgrep() {
   if (_hasRg === null) {
     try {
-      execSync3("rg --version", { stdio: "ignore", timeout: 2e3 });
+      execSync4("rg --version", { stdio: "ignore", timeout: 2e3 });
       _hasRg = true;
     } catch {
       _hasRg = false;
@@ -4906,7 +5083,7 @@ function grepWithRipgrep(pattern, projectRoot, patterns) {
   const globs = (patterns ?? DEFAULT_PATTERNS).map((p) => `--glob '${p}'`).join(" ");
   const excludes = EXCLUDE_DIRS.map((d) => `--glob '!${d}'`).join(" ");
   const cmd = `rg -i -c --hidden --no-config --no-ignore '${pattern.replace(/'/g, "\\'")}' . ${globs} ${excludes} --max-filesize ${MAX_FILE_SIZE} 2>/dev/null || true`;
-  const output = execSync3(cmd, {
+  const output = execSync4(cmd, {
     cwd: projectRoot,
     encoding: "utf8",
     timeout: 3e3,
@@ -4921,12 +5098,12 @@ function grepWithRipgrep(pattern, projectRoot, patterns) {
     const matchCount = parseInt(line.slice(colonIdx + 1));
     if (isNaN(matchCount) || matchCount === 0) continue;
     try {
-      const firstMatch = execSync3(
+      const firstMatch = execSync4(
         `rg -i -n --hidden '${pattern.replace(/'/g, "\\'")}' '${filePath}' --max-count 1 2>/dev/null | head -1`,
         { cwd: projectRoot, encoding: "utf8", timeout: 1e3 }
       ).trim();
       const lineNum = parseInt(firstMatch.split(":")[0] ?? "1");
-      const totalLines = execSync3(`wc -l < '${filePath}'`, {
+      const totalLines = execSync4(`wc -l < '${filePath}'`, {
         cwd: projectRoot,
         encoding: "utf8",
         timeout: 1e3
@@ -5555,10 +5732,17 @@ async function applyEntityBoost(results, query, client) {
   if (ENTITY_BOOST_WEIGHT === 0 || results.length === 0) {
     return emptyResult;
   }
-  console.time("entity-boost");
+  const debugStart = process.env.EXE_DEBUG_HOOKS ? performance.now() : 0;
+  const debugEnd = () => {
+    if (!process.env.EXE_DEBUG_HOOKS) return;
+    process.stderr.write(
+      `[entity-boost] ${(performance.now() - debugStart).toFixed(3)}ms
+`
+    );
+  };
   const entities = await matchEntities(query, client);
   if (entities.length === 0) {
-    console.timeEnd("entity-boost");
+    debugEnd();
     return emptyResult;
   }
   const boostMap = /* @__PURE__ */ new Map();
@@ -5580,7 +5764,7 @@ async function applyEntityBoost(results, query, client) {
   await traverseAndScore(entities, client, boostMap, resultIds, graphContextMap);
   await applyHyperedgeBoost(entities, client, boostMap, resultIds);
   if (boostMap.size === 0) {
-    console.timeEnd("entity-boost");
+    debugEnd();
     return emptyResult;
   }
   const scored = results.map((r, i) => ({
@@ -5591,7 +5775,7 @@ async function applyEntityBoost(results, query, client) {
   scored.sort(
     (a, b) => b.baseScore + b.entityBoost - (a.baseScore + a.entityBoost)
   );
-  console.timeEnd("entity-boost");
+  debugEnd();
   return {
     results: scored.map((s) => s.record),
     graphContext: graphContextMap
@@ -5810,10 +5994,10 @@ async function hybridSearch(queryText, agentId, options) {
     };
     try {
       const fs = await import("fs");
-      const path44 = await import("path");
+      const path45 = await import("path");
       const os19 = await import("os");
-      const logPath = path44.join(os19.homedir(), ".exe-os", "search-quality.jsonl");
-      fs.mkdirSync(path44.dirname(logPath), { recursive: true });
+      const logPath = path45.join(os19.homedir(), ".exe-os", "search-quality.jsonl");
+      fs.mkdirSync(path45.dirname(logPath), { recursive: true });
       fs.appendFileSync(logPath, JSON.stringify(logEntry) + "\n");
     } catch {
     }
@@ -6236,7 +6420,7 @@ var init_hybrid_search = __esm({
 });
 
 // src/lib/session-key.ts
-import { execSync as execSync4 } from "child_process";
+import { execSync as execSync5 } from "child_process";
 function normalizeCommand(command) {
   const trimmed = command.trim().toLowerCase();
   const parts = trimmed.split(/[\\/]/);
@@ -6255,7 +6439,7 @@ function resolveRuntimeProcess() {
   let pid = process.ppid;
   for (let i = 0; i < 10; i++) {
     try {
-      const info = execSync4(`ps -p ${pid} -o ppid=,comm=`, {
+      const info = execSync5(`ps -p ${pid} -o ppid=,comm=`, {
         encoding: "utf8",
         timeout: 2e3
       }).trim();
@@ -6314,7 +6498,7 @@ __export(active_agent_exports, {
   writeActiveAgent: () => writeActiveAgent
 });
 import { readFileSync as readFileSync7, writeFileSync as writeFileSync4, mkdirSync as mkdirSync3, unlinkSync as unlinkSync3, readdirSync as readdirSync3 } from "fs";
-import { execSync as execSync5 } from "child_process";
+import { execSync as execSync6 } from "child_process";
 import path12 from "path";
 function isNameWithOptionalInstance(candidate, baseName) {
   if (candidate === baseName) return true;
@@ -6406,7 +6590,7 @@ function getActiveAgent() {
   } catch {
   }
   try {
-    const sessionName = execSync5(
+    const sessionName = execSync6(
       "tmux display-message -p '#{session_name}' 2>/dev/null",
       { encoding: "utf8", timeout: 2e3 }
     ).trim();
@@ -6739,8 +6923,8 @@ async function validateLicense(apiKey, deviceId) {
 }
 function getCacheAgeMs() {
   try {
-    const { statSync: statSync4 } = __require("fs");
-    const s = statSync4(CACHE_PATH);
+    const { statSync: statSync5 } = __require("fs");
+    const s = statSync5(CACHE_PATH);
     return Date.now() - s.mtimeMs;
   } catch {
     return Infinity;
@@ -7221,14 +7405,14 @@ var init_transport = __esm({
 });
 
 // src/lib/cc-agent-support.ts
-import { execSync as execSync6 } from "child_process";
+import { execSync as execSync7 } from "child_process";
 function _resetCcAgentSupportCache() {
   _cachedSupport = null;
 }
 function claudeSupportsAgentFlag() {
   if (_cachedSupport !== null) return _cachedSupport;
   try {
-    const helpOutput = execSync6("claude --help 2>&1", {
+    const helpOutput = execSync7("claude --help 2>&1", {
       encoding: "utf-8",
       timeout: 5e3
     });
@@ -8101,7 +8285,7 @@ __export(tmux_routing_exports, {
   spawnEmployee: () => spawnEmployee,
   verifyPaneAtCapacity: () => verifyPaneAtCapacity
 });
-import { execFileSync as execFileSync2, execSync as execSync7 } from "child_process";
+import { execFileSync as execFileSync2, execSync as execSync8 } from "child_process";
 import { readFileSync as readFileSync12, writeFileSync as writeFileSync10, mkdirSync as mkdirSync7, existsSync as existsSync16, appendFileSync, readdirSync as readdirSync5 } from "fs";
 import path20 from "path";
 import os9 from "os";
@@ -8811,7 +8995,7 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   let booted = false;
   for (let i = 0; i < 30; i++) {
     try {
-      execSync7("sleep 0.5");
+      execSync8("sleep 0.5");
     } catch {
     }
     try {
@@ -9058,7 +9242,7 @@ __export(tasks_crud_exports, {
 import crypto7 from "crypto";
 import path22 from "path";
 import os11 from "os";
-import { execSync as execSync8 } from "child_process";
+import { execSync as execSync9 } from "child_process";
 import { mkdir as mkdir4, writeFile as writeFile4, appendFile } from "fs/promises";
 import { existsSync as existsSync18, readFileSync as readFileSync14 } from "fs";
 async function writeCheckpoint(input) {
@@ -9403,14 +9587,14 @@ function isTmuxSessionAlive(identifier) {
   if (!identifier || identifier === "unknown") return true;
   try {
     if (identifier.startsWith("%")) {
-      const output = execSync8("tmux list-panes -a -F '#{pane_id}'", {
+      const output = execSync9("tmux list-panes -a -F '#{pane_id}'", {
         timeout: 2e3,
         encoding: "utf8",
         stdio: ["pipe", "pipe", "pipe"]
       });
       return output.split("\n").some((l) => l.trim() === identifier);
     } else {
-      execSync8(`tmux has-session -t ${JSON.stringify(identifier)}`, {
+      execSync9(`tmux has-session -t ${JSON.stringify(identifier)}`, {
         timeout: 2e3,
         stdio: ["pipe", "pipe", "pipe"]
       });
@@ -9419,7 +9603,7 @@ function isTmuxSessionAlive(identifier) {
   } catch {
     if (identifier.startsWith("%")) return true;
     try {
-      execSync8("tmux list-sessions", {
+      execSync9("tmux list-sessions", {
         timeout: 2e3,
         stdio: ["pipe", "pipe", "pipe"]
       });
@@ -9434,12 +9618,12 @@ function checkStaleCompletion(taskContext, taskCreatedAt) {
   if (!DELEGATION_KEYWORDS.test(taskContext)) return null;
   try {
     const since = new Date(taskCreatedAt).toISOString();
-    const branch = execSync8(
+    const branch = execSync9(
       "git rev-parse --abbrev-ref HEAD 2>/dev/null",
       { encoding: "utf8", timeout: 3e3 }
     ).trim();
     const branchArg = branch && branch !== "HEAD" ? branch : "";
-    const commitCount = execSync8(
+    const commitCount = execSync9(
       `git log --oneline --since="${since}" ${branchArg} 2>/dev/null | wc -l`,
       { encoding: "utf8", timeout: 5e3 }
     ).trim();
@@ -11668,8 +11852,8 @@ __export(wiki_client_exports, {
   listDocuments: () => listDocuments,
   listWorkspaces: () => listWorkspaces
 });
-async function wikiFetch(config2, path44, method = "GET", body) {
-  const url = `${config2.baseUrl}/api/v1${path44}`;
+async function wikiFetch(config2, path45, method = "GET", body) {
+  const url = `${config2.baseUrl}/api/v1${path45}`;
   const headers = {
     Authorization: `Bearer ${config2.apiKey}`,
     "Content-Type": "application/json"
@@ -11702,7 +11886,7 @@ async function wikiFetch(config2, path44, method = "GET", body) {
       }
     }
     if (!response.ok) {
-      throw new Error(`Wiki API ${method} ${path44}: ${response.status} ${response.statusText}`);
+      throw new Error(`Wiki API ${method} ${path45}: ${response.status} ${response.statusText}`);
     }
     return response.json();
   } finally {
@@ -11911,6 +12095,109 @@ var init_worker_gate = __esm({
   }
 });
 
+// src/lib/db-backup.ts
+var db_backup_exports = {};
+__export(db_backup_exports, {
+  createBackup: () => createBackup,
+  findActiveDb: () => findActiveDb,
+  getBackupDir: () => getBackupDir,
+  getLatestBackup: () => getLatestBackup,
+  hasBackupToday: () => hasBackupToday,
+  listBackups: () => listBackups,
+  rotateBackups: () => rotateBackups
+});
+import { copyFileSync as copyFileSync2, existsSync as existsSync29, mkdirSync as mkdirSync15, readdirSync as readdirSync12, unlinkSync as unlinkSync9, statSync as statSync4 } from "fs";
+import path37 from "path";
+function findActiveDb() {
+  for (const name of DB_NAMES) {
+    const p = path37.join(EXE_AI_DIR, name);
+    if (existsSync29(p)) return p;
+  }
+  return null;
+}
+function createBackup(reason = "manual") {
+  const dbPath = findActiveDb();
+  if (!dbPath) return null;
+  mkdirSync15(BACKUP_DIR, { recursive: true });
+  const dbName = path37.basename(dbPath, ".db");
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
+  const backupName = `${dbName}-${reason}-${timestamp}.db`;
+  const backupPath = path37.join(BACKUP_DIR, backupName);
+  copyFileSync2(dbPath, backupPath);
+  const walPath = dbPath + "-wal";
+  if (existsSync29(walPath)) {
+    try {
+      copyFileSync2(walPath, backupPath + "-wal");
+    } catch {
+    }
+  }
+  const shmPath = dbPath + "-shm";
+  if (existsSync29(shmPath)) {
+    try {
+      copyFileSync2(shmPath, backupPath + "-shm");
+    } catch {
+    }
+  }
+  return backupPath;
+}
+function rotateBackups(keepDays = DEFAULT_KEEP_DAYS) {
+  if (!existsSync29(BACKUP_DIR)) return 0;
+  const cutoff = Date.now() - keepDays * 24 * 60 * 60 * 1e3;
+  let deleted = 0;
+  try {
+    const files = readdirSync12(BACKUP_DIR);
+    for (const file of files) {
+      if (!file.endsWith(".db") && !file.endsWith(".db-wal") && !file.endsWith(".db-shm")) continue;
+      const filePath = path37.join(BACKUP_DIR, file);
+      try {
+        const stat = statSync4(filePath);
+        if (stat.mtimeMs < cutoff) {
+          unlinkSync9(filePath);
+          deleted++;
+        }
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return deleted;
+}
+function listBackups() {
+  if (!existsSync29(BACKUP_DIR)) return [];
+  try {
+    const files = readdirSync12(BACKUP_DIR).filter((f) => f.endsWith(".db") && !f.endsWith("-wal") && !f.endsWith("-shm"));
+    return files.map((name) => {
+      const p = path37.join(BACKUP_DIR, name);
+      const stat = statSync4(p);
+      return { path: p, name, size: stat.size, date: stat.mtime };
+    }).sort((a, b) => b.date.getTime() - a.date.getTime());
+  } catch {
+    return [];
+  }
+}
+function hasBackupToday(reason) {
+  const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  const backups = listBackups();
+  return backups.some((b) => b.name.includes(reason) && b.name.includes(today.replace(/-/g, "-")));
+}
+function getLatestBackup() {
+  const backups = listBackups();
+  return backups.length > 0 ? backups[0].path : null;
+}
+function getBackupDir() {
+  return BACKUP_DIR;
+}
+var BACKUP_DIR, DEFAULT_KEEP_DAYS, DB_NAMES;
+var init_db_backup = __esm({
+  "src/lib/db-backup.ts"() {
+    "use strict";
+    init_config();
+    BACKUP_DIR = path37.join(EXE_AI_DIR, "backups");
+    DEFAULT_KEEP_DAYS = 3;
+    DB_NAMES = ["memories.db", "exe-mem.db", "exe-os.db", "exe.db"];
+  }
+});
+
 // src/lib/crdt-sync.ts
 var crdt_sync_exports = {};
 __export(crdt_sync_exports, {
@@ -11930,8 +12217,8 @@ __export(crdt_sync_exports, {
   rebuildFromDb: () => rebuildFromDb
 });
 import * as Y from "yjs";
-import { readFileSync as readFileSync25, writeFileSync as writeFileSync19, existsSync as existsSync30, mkdirSync as mkdirSync15, unlinkSync as unlinkSync9 } from "fs";
-import path38 from "path";
+import { readFileSync as readFileSync25, writeFileSync as writeFileSync19, existsSync as existsSync31, mkdirSync as mkdirSync16, unlinkSync as unlinkSync10 } from "fs";
+import path39 from "path";
 import { homedir as homedir5 } from "os";
 function getStatePath() {
   return _statePathOverride ?? DEFAULT_STATE_PATH;
@@ -11943,14 +12230,14 @@ function initCrdtDoc() {
   if (doc) return doc;
   doc = new Y.Doc();
   const sp = getStatePath();
-  if (existsSync30(sp)) {
+  if (existsSync31(sp)) {
     try {
       const state = readFileSync25(sp);
       Y.applyUpdate(doc, new Uint8Array(state));
     } catch {
       console.warn("[crdt-sync] WARN: corrupted state file, rebuilding from DB");
       try {
-        unlinkSync9(sp);
+        unlinkSync10(sp);
       } catch {
       }
       rebuildFromDb().catch((err) => {
@@ -12087,8 +12374,8 @@ function persistState() {
   if (!doc) return;
   try {
     const sp = getStatePath();
-    const dir = path38.dirname(sp);
-    if (!existsSync30(dir)) mkdirSync15(dir, { recursive: true });
+    const dir = path39.dirname(sp);
+    if (!existsSync31(dir)) mkdirSync16(dir, { recursive: true });
     const state = Y.encodeStateAsUpdate(doc);
     writeFileSync19(sp, Buffer.from(state));
   } catch {
@@ -12131,7 +12418,7 @@ var DEFAULT_STATE_PATH, _statePathOverride, doc;
 var init_crdt_sync = __esm({
   "src/lib/crdt-sync.ts"() {
     "use strict";
-    DEFAULT_STATE_PATH = path38.join(homedir5(), ".exe-os", "crdt-state.bin");
+    DEFAULT_STATE_PATH = path39.join(homedir5(), ".exe-os", "crdt-state.bin");
     _statePathOverride = null;
     doc = null;
   }
@@ -12144,8 +12431,8 @@ init_database();
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { spawn as spawn4 } from "child_process";
-import { existsSync as existsSync33, openSync as openSync3, mkdirSync as mkdirSync17, closeSync as closeSync3, readFileSync as readFileSync28 } from "fs";
-import path43 from "path";
+import { existsSync as existsSync34, openSync as openSync3, mkdirSync as mkdirSync18, closeSync as closeSync3, readFileSync as readFileSync28 } from "fs";
+import path44 from "path";
 import os18 from "os";
 import { fileURLToPath as fileURLToPath5 } from "url";
 
@@ -12832,10 +13119,10 @@ function registerCreateTask(server2) {
         skipDispatch: true
       });
       try {
-        const { existsSync: existsSync34, mkdirSync: mkdirSync18, writeFileSync: writeFileSync21 } = await import("fs");
+        const { existsSync: existsSync35, mkdirSync: mkdirSync19, writeFileSync: writeFileSync21 } = await import("fs");
         const { identityPath: identityPath2 } = await Promise.resolve().then(() => (init_identity(), identity_exports));
         const idPath = identityPath2(assigned_to);
-        if (!existsSync34(idPath)) {
+        if (!existsSync35(idPath)) {
           const { loadEmployees: loadEmployees2 } = await Promise.resolve().then(() => (init_employees(), employees_exports));
           const employees = await loadEmployees2();
           const emp = employees.find((e) => e.name === assigned_to);
@@ -12844,7 +13131,7 @@ function registerCreateTask(server2) {
             const template = getTemplateForTitle2(emp.role);
             if (template) {
               const dir = (await import("path")).dirname(idPath);
-              if (!existsSync34(dir)) mkdirSync18(dir, { recursive: true });
+              if (!existsSync35(dir)) mkdirSync19(dir, { recursive: true });
               writeFileSync21(idPath, template.replace(/^agent_id: \w+/m, `agent_id: ${assigned_to}`), "utf-8");
             }
           }
@@ -14747,7 +15034,7 @@ function isScheduledTrigger(trigger) {
 init_database();
 init_store();
 import crypto13 from "crypto";
-import { execSync as execSync9 } from "child_process";
+import { execSync as execSync10 } from "child_process";
 var CRON_FIELD = /^[\d*/,\-]+$/;
 function isValidCron(cron) {
   const fields = cron.trim().split(/\s+/);
@@ -14873,7 +15160,7 @@ function addToCrontab(id, cron, prompt, projectDir) {
     const cwd = projectDir ? `cd ${JSON.stringify(projectDir)} && ` : "";
     const escapedPrompt = prompt.replace(/"/g, '\\"');
     const entry = `${cron} ${cwd}claude -p --dangerously-skip-permissions "${escapedPrompt}" # exe-schedule:${id}`;
-    execSync9(
+    execSync10(
       `(crontab -l 2>/dev/null; echo ${JSON.stringify(entry)}) | crontab -`,
       { timeout: 5e3, stdio: "ignore" }
     );
@@ -16238,9 +16525,9 @@ var HostingerApiClient = class {
     }
     this.lastRequestTime = Date.now();
   }
-  async request(method, path44, body) {
+  async request(method, path45, body) {
     await this.rateLimit();
-    const url = `${this.baseUrl}${path44}`;
+    const url = `${this.baseUrl}${path45}`;
     const headers = {
       Authorization: `Bearer ${this.apiKey}`,
       "Content-Type": "application/json",
@@ -16313,8 +16600,8 @@ async function requestCloudflare(cfApiToken, zoneId, options) {
   }
   return envelope.result;
 }
-function buildUrl(zoneId, path44 = "/dns_records", query) {
-  const normalizedPath = path44.startsWith("/") ? path44 : `/${path44}`;
+function buildUrl(zoneId, path45 = "/dns_records", query) {
+  const normalizedPath = path45.startsWith("/") ? path45 : `/${path45}`;
   const url = new URL(
     `${CLOUDFLARE_API_BASE_URL}/zones/${zoneId}${normalizedPath}`
   );
@@ -18934,12 +19221,12 @@ function registerExportGraph(server2) {
         }
         const html = await exportGraphHTML(client);
         const fs = await import("fs");
-        const path44 = await import("path");
+        const path45 = await import("path");
         const os19 = await import("os");
-        const outDir = path44.join(os19.homedir(), ".exe-os", "exports");
+        const outDir = path45.join(os19.homedir(), ".exe-os", "exports");
         fs.mkdirSync(outDir, { recursive: true });
         const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
-        const filePath = path44.join(outDir, `graph-${timestamp}.html`);
+        const filePath = path45.join(outDir, `graph-${timestamp}.html`);
         fs.writeFileSync(filePath, html, "utf-8");
         return {
           content: [
@@ -19248,7 +19535,7 @@ import { z as z60 } from "zod";
 init_tmux_routing();
 init_task_scope();
 init_employees();
-import { execSync as execSync10 } from "child_process";
+import { execSync as execSync11 } from "child_process";
 import { existsSync as existsSync26, readFileSync as readFileSync23, writeFileSync as writeFileSync17 } from "fs";
 import { homedir as homedir4 } from "os";
 import { join as join2 } from "path";
@@ -19448,9 +19735,9 @@ function isMainModule(importMetaUrl) {
 }
 
 // src/bin/exe-doctor.ts
-import { existsSync as existsSync29, readFileSync as readFileSync24 } from "fs";
+import { existsSync as existsSync30, readFileSync as readFileSync24 } from "fs";
 import { spawn as spawn2 } from "child_process";
-import path37 from "path";
+import path38 from "path";
 import { randomUUID as randomUUID7 } from "crypto";
 
 // src/lib/conflict-detector.ts
@@ -19854,7 +20141,7 @@ async function auditOrphanedProjects(client) {
   for (const row of result.rows) {
     const name = row.project_name;
     const count = Number(row.cnt);
-    const exists = existsSync29(path37.join(home, name)) || existsSync29(path37.join(home, "..", name)) || existsSync29(path37.join(process.cwd(), "..", name));
+    const exists = existsSync30(path38.join(home, name)) || existsSync30(path38.join(home, "..", name)) || existsSync30(path38.join(process.cwd(), "..", name));
     if (!exists) {
       orphans.push({ project_name: name, count });
     }
@@ -19862,13 +20149,13 @@ async function auditOrphanedProjects(client) {
   return orphans;
 }
 function auditHookHealth() {
-  const logPath = path37.join(
+  const logPath = path38.join(
     process.env.HOME ?? process.env.USERPROFILE ?? "",
     ".exe-os",
     "logs",
     "hooks.log"
   );
-  if (!existsSync29(logPath)) {
+  if (!existsSync30(logPath)) {
     return { logExists: false, totalLines: 0, errorsLastHour: 0, topPatterns: [] };
   }
   let content;
@@ -20086,7 +20373,7 @@ async function fixNullVectors() {
     }
   }
   const npmRoot = (await import("child_process")).execSync("npm root -g", { encoding: "utf8" }).trim();
-  const backfillPath = path37.join(npmRoot, "exe-os", "dist", "bin", "backfill-vectors.js");
+  const backfillPath = path38.join(npmRoot, "exe-os", "dist", "bin", "backfill-vectors.js");
   return new Promise((resolve, reject) => {
     const child = spawn2("node", [backfillPath], { stdio: "inherit" });
     if (child.pid) registerWorkerPid2(child.pid);
@@ -20198,6 +20485,17 @@ async function main(argv = process.argv.slice(2)) {
     console.log(`
 ${mode} Applying repairs...
 `);
+    if (!flags.dryRun) {
+      try {
+        const { createBackup: createBackup3 } = await Promise.resolve().then(() => (init_db_backup(), db_backup_exports));
+        const backupPath = createBackup3("pre-fix");
+        if (backupPath) {
+          console.log(`  Backup created: ${backupPath.split("/").pop()}`);
+        }
+      } catch {
+        console.log("  Warning: backup failed \u2014 proceeding with fix anyway");
+      }
+    }
     if (report.nullVectors > 0) {
       console.log(`${mode} Backfilling ${fmtNum(report.nullVectors)} null vectors...`);
       if (!flags.dryRun) {
@@ -20286,9 +20584,9 @@ import { z as z63 } from "zod";
 
 // src/lib/cloud-sync.ts
 init_database();
-import { readFileSync as readFileSync26, writeFileSync as writeFileSync20, existsSync as existsSync31, readdirSync as readdirSync12, mkdirSync as mkdirSync16, appendFileSync as appendFileSync2, unlinkSync as unlinkSync10, openSync as openSync2, closeSync as closeSync2 } from "fs";
+import { readFileSync as readFileSync26, writeFileSync as writeFileSync20, existsSync as existsSync32, readdirSync as readdirSync13, mkdirSync as mkdirSync17, appendFileSync as appendFileSync2, unlinkSync as unlinkSync11, openSync as openSync2, closeSync as closeSync2 } from "fs";
 import crypto17 from "crypto";
-import path39 from "path";
+import path40 from "path";
 import { homedir as homedir6 } from "os";
 
 // src/lib/crypto.ts
@@ -20363,7 +20661,7 @@ function sqlSafe(v) {
 }
 function logError(msg) {
   try {
-    const logPath = path39.join(homedir6(), ".exe-os", "workers.log");
+    const logPath = path40.join(homedir6(), ".exe-os", "workers.log");
     appendFileSync2(logPath, `${(/* @__PURE__ */ new Date()).toISOString()} ${msg}
 `);
   } catch {
@@ -20372,17 +20670,17 @@ function logError(msg) {
 var LOCALHOST_PATTERNS = /^(localhost|127\.0\.0\.1|\[::1\])$/i;
 var FETCH_TIMEOUT_MS4 = 3e4;
 var PUSH_BATCH_SIZE = 5e3;
-var ROSTER_LOCK_PATH = path39.join(EXE_AI_DIR, "roster-merge.lock");
+var ROSTER_LOCK_PATH = path40.join(EXE_AI_DIR, "roster-merge.lock");
 var LOCK_STALE_MS = 3e4;
 var _pgPromise = null;
 var _pgFailed = false;
 function loadPgClient() {
   if (_pgFailed) return null;
   const postgresUrl = process.env.DATABASE_URL;
-  const configPath = path39.join(EXE_AI_DIR, "config.json");
+  const configPath = path40.join(EXE_AI_DIR, "config.json");
   let cloudPostgresUrl;
   try {
-    if (existsSync31(configPath)) {
+    if (existsSync32(configPath)) {
       const cfg = JSON.parse(readFileSync26(configPath, "utf8"));
       cloudPostgresUrl = cfg.cloud?.postgresUrl;
       if (cfg.cloud?.syncToPostgres === false) {
@@ -20401,8 +20699,8 @@ function loadPgClient() {
     _pgPromise = (async () => {
       const { createRequire: createRequire5 } = await import("module");
       const { pathToFileURL: pathToFileURL5 } = await import("url");
-      const exeDbRoot = process.env.EXE_DB_ROOT ?? path39.join(homedir6(), "exe-db");
-      const req = createRequire5(path39.join(exeDbRoot, "package.json"));
+      const exeDbRoot = process.env.EXE_DB_ROOT ?? path40.join(homedir6(), "exe-db");
+      const req = createRequire5(path40.join(exeDbRoot, "package.json"));
       const entry = req.resolve("@prisma/client");
       const mod = await import(pathToFileURL5(entry).href);
       const Ctor = mod.PrismaClient ?? mod.default?.PrismaClient;
@@ -20455,7 +20753,7 @@ async function withRosterLock(fn) {
         if (Date.now() - ts2 < LOCK_STALE_MS) {
           throw new Error("Roster merge already in progress \u2014 another sync is running");
         }
-        unlinkSync10(ROSTER_LOCK_PATH);
+        unlinkSync11(ROSTER_LOCK_PATH);
         const fd = openSync2(ROSTER_LOCK_PATH, "wx");
         closeSync2(fd);
         writeFileSync20(ROSTER_LOCK_PATH, String(Date.now()));
@@ -20471,7 +20769,7 @@ async function withRosterLock(fn) {
     return await fn();
   } finally {
     try {
-      unlinkSync10(ROSTER_LOCK_PATH);
+      unlinkSync11(ROSTER_LOCK_PATH);
     } catch {
     }
   }
@@ -20842,13 +21140,42 @@ async function cloudSync(config2) {
   try {
     const employees = await loadEmployees();
     rosterResult.employees = employees.length;
-    const idDir = path39.join(EXE_AI_DIR, "identity");
-    if (existsSync31(idDir)) {
-      rosterResult.identities = readdirSync12(idDir).filter((f) => f.endsWith(".md")).length;
+    const idDir = path40.join(EXE_AI_DIR, "identity");
+    if (existsSync32(idDir)) {
+      rosterResult.identities = readdirSync13(idDir).filter((f) => f.endsWith(".md")).length;
     }
   } catch {
   }
   const totalMemories = await countRows("SELECT COUNT(*) as cnt FROM memories WHERE status = 'active' OR status IS NULL");
+  try {
+    const { getLatestBackup: getLatestBackup2 } = await Promise.resolve().then(() => (init_db_backup(), db_backup_exports));
+    const { statSync: statFile } = await import("fs");
+    const latestBackup = getLatestBackup2();
+    if (latestBackup) {
+      const backupSize = statFile(latestBackup).size;
+      const MAX_CLOUD_BACKUP_BYTES = 50 * 1024 * 1024;
+      if (backupSize <= MAX_CLOUD_BACKUP_BYTES) {
+        const backupData = readFileSync26(latestBackup);
+        const deviceId = loadDeviceId() ?? "unknown";
+        const encrypted = encryptSyncBlob(backupData);
+        const backupRes = await fetchWithRetry(`${config2.endpoint}/sync/push-db-backup`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json", Authorization: `Bearer ${config2.apiKey}` },
+          body: JSON.stringify({
+            device_id: deviceId,
+            filename: path40.basename(latestBackup),
+            blob: encrypted,
+            size: backupData.length
+          })
+        });
+        if (backupRes && !backupRes.ok) {
+          logError(`[cloud-sync] DB backup upload failed: ${backupRes.status}`);
+        }
+      }
+    }
+  } catch (err) {
+    logError(`[cloud-sync] DB backup upload error: ${err instanceof Error ? err.message : String(err)}`);
+  }
   return {
     pushed,
     pulled,
@@ -20861,10 +21188,10 @@ async function cloudSync(config2) {
     roster: rosterResult
   };
 }
-var ROSTER_DELETIONS_PATH = path39.join(EXE_AI_DIR, "roster-deletions.json");
+var ROSTER_DELETIONS_PATH = path40.join(EXE_AI_DIR, "roster-deletions.json");
 function consumeRosterDeletions() {
   try {
-    if (!existsSync31(ROSTER_DELETIONS_PATH)) return [];
+    if (!existsSync32(ROSTER_DELETIONS_PATH)) return [];
     const deletions = JSON.parse(readFileSync26(ROSTER_DELETIONS_PATH, "utf-8"));
     writeFileSync20(ROSTER_DELETIONS_PATH, "[]");
     return deletions;
@@ -20873,35 +21200,35 @@ function consumeRosterDeletions() {
   }
 }
 function buildRosterBlob(paths) {
-  const rosterPath = paths?.rosterPath ?? path39.join(EXE_AI_DIR, "exe-employees.json");
-  const identityDir = paths?.identityDir ?? path39.join(EXE_AI_DIR, "identity");
-  const configPath = paths?.configPath ?? path39.join(EXE_AI_DIR, "config.json");
+  const rosterPath = paths?.rosterPath ?? path40.join(EXE_AI_DIR, "exe-employees.json");
+  const identityDir = paths?.identityDir ?? path40.join(EXE_AI_DIR, "identity");
+  const configPath = paths?.configPath ?? path40.join(EXE_AI_DIR, "config.json");
   let roster = [];
-  if (existsSync31(rosterPath)) {
+  if (existsSync32(rosterPath)) {
     try {
       roster = JSON.parse(readFileSync26(rosterPath, "utf-8"));
     } catch {
     }
   }
   const identities = {};
-  if (existsSync31(identityDir)) {
-    for (const file of readdirSync12(identityDir).filter((f) => f.endsWith(".md"))) {
+  if (existsSync32(identityDir)) {
+    for (const file of readdirSync13(identityDir).filter((f) => f.endsWith(".md"))) {
       try {
-        identities[file] = readFileSync26(path39.join(identityDir, file), "utf-8");
+        identities[file] = readFileSync26(path40.join(identityDir, file), "utf-8");
       } catch {
       }
     }
   }
   let config2;
-  if (existsSync31(configPath)) {
+  if (existsSync32(configPath)) {
     try {
       config2 = JSON.parse(readFileSync26(configPath, "utf-8"));
     } catch {
     }
   }
   let agentConfig;
-  const agentConfigPath = path39.join(EXE_AI_DIR, "agent-config.json");
-  if (existsSync31(agentConfigPath)) {
+  const agentConfigPath = path40.join(EXE_AI_DIR, "agent-config.json");
+  if (existsSync32(agentConfigPath)) {
     try {
       agentConfig = JSON.parse(readFileSync26(agentConfigPath, "utf-8"));
     } catch {
@@ -20979,16 +21306,16 @@ async function cloudPullRoster(config2) {
   }
 }
 function mergeConfig(remoteConfig, configPath) {
-  const cfgPath = configPath ?? path39.join(EXE_AI_DIR, "config.json");
+  const cfgPath = configPath ?? path40.join(EXE_AI_DIR, "config.json");
   let local = {};
-  if (existsSync31(cfgPath)) {
+  if (existsSync32(cfgPath)) {
     try {
       local = JSON.parse(readFileSync26(cfgPath, "utf-8"));
     } catch {
     }
   }
   const merged = { ...remoteConfig, ...local };
-  const dir = path39.dirname(cfgPath);
+  const dir = path40.dirname(cfgPath);
   ensurePrivateDirSync(dir);
   writeFileSync20(cfgPath, JSON.stringify(merged, null, 2), "utf-8");
   enforcePrivateFileSync(cfgPath);
@@ -20996,7 +21323,7 @@ function mergeConfig(remoteConfig, configPath) {
 async function mergeRosterFromRemote(remote, paths) {
   return withRosterLock(async () => {
     const rosterPath = paths?.rosterPath ?? void 0;
-    const identityDir = paths?.identityDir ?? path39.join(EXE_AI_DIR, "identity");
+    const identityDir = paths?.identityDir ?? path40.join(EXE_AI_DIR, "identity");
     const localEmployees = await loadEmployees(rosterPath);
     const localNames = new Set(localEmployees.map((e) => e.name));
     let added = 0;
@@ -21017,11 +21344,11 @@ async function mergeRosterFromRemote(remote, paths) {
       ) ?? lookupKey;
       const remoteIdentity = remote.identities[matchedKey];
       if (remoteIdentity) {
-        if (!existsSync31(identityDir)) mkdirSync16(identityDir, { recursive: true });
-        const idPath = path39.join(identityDir, `${remoteEmp.name}.md`);
+        if (!existsSync32(identityDir)) mkdirSync17(identityDir, { recursive: true });
+        const idPath = path40.join(identityDir, `${remoteEmp.name}.md`);
         let localIdentity = null;
         try {
-          localIdentity = existsSync31(idPath) ? readFileSync26(idPath, "utf-8") : null;
+          localIdentity = existsSync32(idPath) ? readFileSync26(idPath, "utf-8") : null;
         } catch {
         }
         if (localIdentity !== remoteIdentity) {
@@ -21051,16 +21378,16 @@ async function mergeRosterFromRemote(remote, paths) {
     }
     if (remote.agentConfig && Object.keys(remote.agentConfig).length > 0) {
       try {
-        const agentConfigPath = path39.join(EXE_AI_DIR, "agent-config.json");
+        const agentConfigPath = path40.join(EXE_AI_DIR, "agent-config.json");
         let local = {};
-        if (existsSync31(agentConfigPath)) {
+        if (existsSync32(agentConfigPath)) {
           try {
             local = JSON.parse(readFileSync26(agentConfigPath, "utf-8"));
           } catch {
           }
         }
         const merged = { ...remote.agentConfig, ...local };
-        ensurePrivateDirSync(path39.dirname(agentConfigPath));
+        ensurePrivateDirSync(path40.dirname(agentConfigPath));
         writeFileSync20(agentConfigPath, JSON.stringify(merged, null, 2) + "\n", "utf-8");
         enforcePrivateFileSync(agentConfigPath);
       } catch {
@@ -22024,7 +22351,7 @@ function normalizeS3Body(body) {
   }
   throw new Error("Unsupported S3 object body type");
 }
-async function createBackup(opts) {
+async function createBackup2(opts) {
   validateEncryptionKey(opts.encryptionKey);
   const timestamp = (/* @__PURE__ */ new Date()).toISOString();
   const key = makeBackupKey(opts.databaseUrl, new Date(timestamp));
@@ -22075,7 +22402,7 @@ async function restoreBackup(opts) {
   const decompressed = decompress2(decryptBlob(encrypted, opts.encryptionKey));
   await runProcess("pg_restore", ["--clean", "--if-exists", "-d", opts.databaseUrl], decompressed);
 }
-async function listBackups(opts) {
+async function listBackups2(opts) {
   const s3 = makeS3Client(opts);
   const objects = await listBackupObjects(s3, opts.r2Bucket, BACKUP_PREFIX);
   return objects.filter((obj) => obj.key.endsWith(BACKUP_EXT)).map((obj) => ({
@@ -22085,7 +22412,7 @@ async function listBackups(opts) {
   })).sort((a, b) => b.lastModified.localeCompare(a.lastModified));
 }
 async function backupHealth(opts) {
-  const backups = await listBackups(opts);
+  const backups = await listBackups2(opts);
   if (backups.length === 0) {
     return {
       lastBackup: null,
@@ -22162,7 +22489,7 @@ function registerBackupVps(server2) {
               r2AccessKeyId: input.r2AccessKeyId,
               r2SecretAccessKey: input.r2SecretAccessKey
             };
-            const result = await createBackup(options);
+            const result = await createBackup2(options);
             return {
               content: [
                 {
@@ -22202,7 +22529,7 @@ ${result.timestamp}`
               r2AccessKeyId: input.r2AccessKeyId,
               r2SecretAccessKey: input.r2SecretAccessKey
             };
-            const result = await listBackups(options);
+            const result = await listBackups2(options);
             return {
               content: [
                 {
@@ -22288,11 +22615,11 @@ import { z as z68 } from "zod";
 // src/lib/people.ts
 init_config();
 import { readFile as readFile5, writeFile as writeFile6, mkdir as mkdir5 } from "fs/promises";
-import { existsSync as existsSync32, readFileSync as readFileSync27 } from "fs";
-import path40 from "path";
-var PEOPLE_PATH = path40.join(EXE_AI_DIR, "people.json");
+import { existsSync as existsSync33, readFileSync as readFileSync27 } from "fs";
+import path41 from "path";
+var PEOPLE_PATH = path41.join(EXE_AI_DIR, "people.json");
 async function loadPeople() {
-  if (!existsSync32(PEOPLE_PATH)) return [];
+  if (!existsSync33(PEOPLE_PATH)) return [];
   try {
     const raw = await readFile5(PEOPLE_PATH, "utf-8");
     return JSON.parse(raw);
@@ -22301,7 +22628,7 @@ async function loadPeople() {
   }
 }
 async function savePeople(people) {
-  await mkdir5(path40.dirname(PEOPLE_PATH), { recursive: true });
+  await mkdir5(path41.dirname(PEOPLE_PATH), { recursive: true });
   await writeFile6(PEOPLE_PATH, JSON.stringify(people, null, 2) + "\n", "utf-8");
 }
 async function addPerson(person) {
@@ -22594,7 +22921,7 @@ function registerListEmployees(server2) {
 // src/mcp/tools/create-license.ts
 init_license();
 import os16 from "os";
-import path41 from "path";
+import path42 from "path";
 import { randomBytes as randomBytes2, randomUUID as randomUUID8 } from "crypto";
 import { createRequire as createRequire3 } from "module";
 import { pathToFileURL as pathToFileURL3 } from "url";
@@ -22610,8 +22937,8 @@ function loadPrisma() {
         if (!Ctor2) throw new Error(`No PrismaClient at ${explicitPath}`);
         return new Ctor2();
       }
-      const exeDbRoot = process.env.EXE_DB_ROOT ?? path41.join(os16.homedir(), "exe-db");
-      const req = createRequire3(path41.join(exeDbRoot, "package.json"));
+      const exeDbRoot = process.env.EXE_DB_ROOT ?? path42.join(os16.homedir(), "exe-db");
+      const req = createRequire3(path42.join(exeDbRoot, "package.json"));
       const entry = req.resolve("@prisma/client");
       const mod = await import(pathToFileURL3(entry).href);
       const Ctor = mod.PrismaClient ?? mod.default?.PrismaClient;
@@ -22686,7 +23013,7 @@ Give this key to the customer. They paste it during \`exe-os setup\`.`);
 
 // src/mcp/tools/list-licenses.ts
 import os17 from "os";
-import path42 from "path";
+import path43 from "path";
 import { createRequire as createRequire4 } from "module";
 import { pathToFileURL as pathToFileURL4 } from "url";
 import { z as z72 } from "zod";
@@ -22701,8 +23028,8 @@ function loadPrisma2() {
         if (!Ctor2) throw new Error(`No PrismaClient at ${explicitPath}`);
         return new Ctor2();
       }
-      const exeDbRoot = process.env.EXE_DB_ROOT ?? path42.join(os17.homedir(), "exe-db");
-      const req = createRequire4(path42.join(exeDbRoot, "package.json"));
+      const exeDbRoot = process.env.EXE_DB_ROOT ?? path43.join(os17.homedir(), "exe-db");
+      const req = createRequire4(path43.join(exeDbRoot, "package.json"));
       const entry = req.resolve("@prisma/client");
       const mod = await import(pathToFileURL4(entry).href);
       const Ctor = mod.PrismaClient ?? mod.default?.PrismaClient;
@@ -22828,6 +23155,21 @@ init_config();
 import { z as z74 } from "zod";
 var FETCH_TIMEOUT_MS5 = 1e4;
 var QUERY_SCOPE = z74.enum(["raw", "wiki", "memory", "gateway", "all"]);
+var LOCAL_GATEWAY_HTTP_HOSTS = /^(localhost|127\.0\.0\.1|::1|exe-gateway|gateway)$/i;
+function assertSecureGatewayUrlForToken(gatewayUrl, authToken) {
+  if (!authToken) return;
+  let parsed;
+  try {
+    parsed = new URL(gatewayUrl);
+  } catch {
+    return;
+  }
+  if (parsed.protocol === "https:") return;
+  if (parsed.protocol === "http:" && LOCAL_GATEWAY_HTTP_HOSTS.test(parsed.hostname)) return;
+  throw new Error(
+    `Insecure Company Brain gateway URL rejected: "${gatewayUrl}". Bearer tokens require https:// for remote hosts; plain http:// is only allowed for localhost or Docker-internal gateway services.`
+  );
+}
 function formatSuccess(query, scope, payload) {
   const pretty = typeof payload === "string" ? payload : JSON.stringify(payload, null, 2);
   return [
@@ -22866,6 +23208,19 @@ function registerQueryCompanyBrain(server2) {
           ]
         };
       }
+      try {
+        assertSecureGatewayUrlForToken(gatewayUrl, authToken);
+      } catch (err) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: err instanceof Error ? err.message : String(err)
+            }
+          ],
+          isError: true
+        };
+      }
       let url;
       try {
         url = new URL("/query", gatewayUrl);
@@ -22982,6 +23337,138 @@ function instrumentServer(server2) {
   };
 }
 
+// src/mcp/tool-gates.ts
+var TOOL_GATES = {
+  core: [],
+  // all agents — recall, store, ask_team, commit, search, session, consolidate, cardinality, behavior, identity, decisions
+  tasks: [],
+  // all agents — create, list, get, update, close, checkpoint, resume
+  comms: [],
+  // all agents — send_message, acknowledge
+  reminders: [],
+  // all agents — create, list, complete, reminder
+  "graph-read": [],
+  // all agents — query_relationships, get_entity_neighbors, get_hot_entities, get_graph_stats, find_similar_trajectories
+  "graph-write": ["COO", "CTO"],
+  // merge_entities, export_graph
+  wiki: ["COO", "Wiki Agent"],
+  // create/list/get/update wiki pages
+  crm: ["COO", "CRM Agent"],
+  // add/list/get person
+  documents: ["COO", "CTO", "Wiki Agent"],
+  // ingest, list, purge, set_importance, rerank
+  gateway: ["COO", "Gateway Agent"],
+  // send_whatsapp, query_conversations, query_company_brain
+  admin: ["COO"],
+  // deploy, backup, daemon health, auto-wake, worker gate, memory audit, consolidation, cloud sync, agent config, list employees, agent spend, sessions, session kills
+  licensing: ["COO"],
+  // get/create/list/activate license
+  orchestration: ["COO"]
+  // triggers, load_skill, starter_pack, export/import orchestration, global procedures
+};
+var TOOL_CATEGORIES = {
+  // core
+  registerRecallMyMemory: "core",
+  registerAskTeamMemory: "core",
+  registerGetSessionContext: "core",
+  registerStoreMemory: "core",
+  registerCommitMemory: "core",
+  registerSearchEverything: "core",
+  registerConsolidateMemories: "core",
+  registerGetMemoryCardinality: "core",
+  registerStoreBehavior: "core",
+  registerListBehaviors: "core",
+  registerDeactivateBehavior: "core",
+  registerBehavior: "core",
+  registerStoreDecision: "core",
+  registerGetDecision: "core",
+  registerGetIdentity: "core",
+  registerUpdateIdentity: "core",
+  // tasks
+  registerCreateTask: "tasks",
+  registerListTasks: "tasks",
+  registerUpdateTask: "tasks",
+  registerCloseTask: "tasks",
+  registerGetTask: "tasks",
+  registerCheckpointTask: "tasks",
+  registerResumeEmployee: "tasks",
+  // comms
+  registerSendMessage: "comms",
+  registerAcknowledgeMessages: "comms",
+  // reminders
+  registerCreateReminder: "reminders",
+  registerListReminders: "reminders",
+  registerCompleteReminder: "reminders",
+  registerReminder: "reminders",
+  // graph-read
+  registerQueryRelationships: "graph-read",
+  registerGetEntityNeighbors: "graph-read",
+  registerGetHotEntities: "graph-read",
+  registerGetGraphStats: "graph-read",
+  registerFindSimilarTrajectories: "graph-read",
+  // graph-write
+  registerMergeEntities: "graph-write",
+  registerExportGraph: "graph-write",
+  // wiki
+  registerCreateWikiPage: "wiki",
+  registerListWikiPages: "wiki",
+  registerGetWikiPage: "wiki",
+  registerUpdateWikiPage: "wiki",
+  // crm
+  registerAddPerson: "crm",
+  registerListPeople: "crm",
+  registerGetPerson: "crm",
+  // documents
+  registerIngestDocument: "documents",
+  registerListDocuments: "documents",
+  registerPurgeDocument: "documents",
+  registerSetDocumentImportance: "documents",
+  registerRerankDocuments: "documents",
+  // gateway
+  registerSendWhatsapp: "gateway",
+  registerQueryConversations: "gateway",
+  registerQueryCompanyBrain: "gateway",
+  // admin
+  registerDeployClient: "admin",
+  registerBackupVps: "admin",
+  registerGetDaemonHealth: "admin",
+  registerGetAutoWakeStatus: "admin",
+  registerGetWorkerGate: "admin",
+  registerRunMemoryAudit: "admin",
+  registerRunConsolidation: "admin",
+  registerCloudSync: "admin",
+  registerSetAgentConfig: "admin",
+  registerListEmployees: "admin",
+  registerGetAgentSpend: "admin",
+  registerListAgentSessions: "admin",
+  registerGetSessionKills: "admin",
+  // licensing
+  registerGetLicenseStatus: "licensing",
+  registerCreateLicense: "licensing",
+  registerListLicenses: "licensing",
+  registerActivateLicense: "licensing",
+  // orchestration
+  registerCreateTrigger: "orchestration",
+  registerListTriggers: "orchestration",
+  registerApplyStarterPack: "orchestration",
+  registerLoadSkill: "orchestration",
+  registerExportOrchestration: "orchestration",
+  registerImportOrchestration: "orchestration",
+  registerGlobalProcedure: "orchestration",
+  registerStoreGlobalProcedure: "orchestration",
+  registerListGlobalProcedures: "orchestration",
+  registerDeactivateGlobalProcedure: "orchestration"
+};
+function isToolAllowed(registerFnName) {
+  const role = process.env.AGENT_ROLE;
+  if (!role) return true;
+  const category = TOOL_CATEGORIES[registerFnName];
+  if (!category) return true;
+  const allowedRoles = TOOL_GATES[category];
+  if (!allowedRoles || allowedRoles.length === 0) return true;
+  return allowedRoles.includes(role);
+}
+
 // src/mcp/server.ts
 var server = new McpServer({
   name: "exe-os",
@@ -22991,84 +23478,90 @@ var _backfillTimer = null;
 var _ppidWatchdog = null;
 var _shuttingDown = false;
 instrumentServer(server);
-registerRecallMyMemory(server);
-registerAskTeamMemory(server);
-registerGetSessionContext(server);
-registerStoreMemory(server);
-registerCommitMemory(server);
-registerQueryRelationships(server);
-registerCreateTask(server);
-registerListTasks(server);
-registerUpdateTask(server);
-registerCloseTask(server);
-registerGetTask(server);
-registerCheckpointTask(server);
-registerResumeEmployee(server);
-registerBehavior(server);
-registerSendMessage(server);
-registerReminder(server);
-registerGetIdentity(server);
-registerUpdateIdentity(server);
-registerIngestDocument(server);
-registerListDocuments(server);
-registerPurgeDocument(server);
-registerSetDocumentImportance(server);
-registerRerankDocuments(server);
-registerAcknowledgeMessages(server);
-registerSendWhatsapp(server);
-registerCreateTrigger(server);
-registerListTriggers(server);
-registerApplyStarterPack(server);
-registerMergeEntities(server);
-registerCreateWikiPage(server);
-registerListWikiPages(server);
-registerGetWikiPage(server);
-registerUpdateWikiPage(server);
-registerDeployClient(server);
-registerExportOrchestration(server);
-registerImportOrchestration(server);
-registerQueryConversations(server);
-registerLoadSkill(server);
-registerConsolidateMemories(server);
-registerGlobalProcedure(server);
-registerStoreGlobalProcedure(server);
-registerListGlobalProcedures(server);
-registerDeactivateGlobalProcedure(server);
-registerStoreBehavior(server);
-registerListBehaviors(server);
-registerDeactivateBehavior(server);
-registerCreateReminder(server);
-registerListReminders(server);
-registerCompleteReminder(server);
-registerSearchEverything(server);
-registerStoreDecision(server);
-registerGetDecision(server);
-registerGetAgentSpend(server);
-registerGetGraphStats(server);
-registerGetEntityNeighbors(server);
-registerGetHotEntities(server);
-registerExportGraph(server);
-registerFindSimilarTrajectories(server);
-registerGetSessionKills(server);
-registerListAgentSessions(server);
-registerGetDaemonHealth(server);
-registerGetAutoWakeStatus(server);
-registerGetWorkerGate(server);
-registerRunMemoryAudit(server);
-registerCloudSync(server);
-registerBackupVps(server);
-registerGetMemoryCardinality(server);
-registerRunConsolidation(server);
-registerGetLicenseStatus(server);
-registerAddPerson(server);
-registerListPeople(server);
-registerGetPerson(server);
-registerSetAgentConfig(server);
-registerListEmployees(server);
-registerCreateLicense(server);
-registerListLicenses(server);
-registerActivateLicense(server);
-registerQueryCompanyBrain(server);
+var gate = (name, fn) => {
+  if (isToolAllowed(name)) fn(server);
+};
+gate("registerRecallMyMemory", registerRecallMyMemory);
+gate("registerAskTeamMemory", registerAskTeamMemory);
+gate("registerGetSessionContext", registerGetSessionContext);
+gate("registerStoreMemory", registerStoreMemory);
+gate("registerCommitMemory", registerCommitMemory);
+gate("registerQueryRelationships", registerQueryRelationships);
+gate("registerCreateTask", registerCreateTask);
+gate("registerListTasks", registerListTasks);
+gate("registerUpdateTask", registerUpdateTask);
+gate("registerCloseTask", registerCloseTask);
+gate("registerGetTask", registerGetTask);
+gate("registerCheckpointTask", registerCheckpointTask);
+gate("registerResumeEmployee", registerResumeEmployee);
+gate("registerBehavior", registerBehavior);
+gate("registerSendMessage", registerSendMessage);
+gate("registerReminder", registerReminder);
+gate("registerGetIdentity", registerGetIdentity);
+gate("registerUpdateIdentity", registerUpdateIdentity);
+gate("registerIngestDocument", registerIngestDocument);
+gate("registerListDocuments", registerListDocuments);
+gate("registerPurgeDocument", registerPurgeDocument);
+gate("registerSetDocumentImportance", registerSetDocumentImportance);
+gate("registerRerankDocuments", registerRerankDocuments);
+gate("registerAcknowledgeMessages", registerAcknowledgeMessages);
+gate("registerSendWhatsapp", registerSendWhatsapp);
+gate("registerCreateTrigger", registerCreateTrigger);
+gate("registerListTriggers", registerListTriggers);
+gate("registerApplyStarterPack", registerApplyStarterPack);
+gate("registerMergeEntities", registerMergeEntities);
+gate("registerCreateWikiPage", registerCreateWikiPage);
+gate("registerListWikiPages", registerListWikiPages);
+gate("registerGetWikiPage", registerGetWikiPage);
+gate("registerUpdateWikiPage", registerUpdateWikiPage);
+gate("registerDeployClient", registerDeployClient);
+gate("registerExportOrchestration", registerExportOrchestration);
+gate("registerImportOrchestration", registerImportOrchestration);
+gate("registerQueryConversations", registerQueryConversations);
+gate("registerLoadSkill", registerLoadSkill);
+gate("registerConsolidateMemories", registerConsolidateMemories);
+gate("registerGlobalProcedure", registerGlobalProcedure);
+gate("registerStoreGlobalProcedure", registerStoreGlobalProcedure);
+gate("registerListGlobalProcedures", registerListGlobalProcedures);
+gate("registerDeactivateGlobalProcedure", registerDeactivateGlobalProcedure);
+gate("registerStoreBehavior", registerStoreBehavior);
+gate("registerListBehaviors", registerListBehaviors);
+gate("registerDeactivateBehavior", registerDeactivateBehavior);
+gate("registerCreateReminder", registerCreateReminder);
+gate("registerListReminders", registerListReminders);
+gate("registerCompleteReminder", registerCompleteReminder);
+gate("registerSearchEverything", registerSearchEverything);
+gate("registerStoreDecision", registerStoreDecision);
+gate("registerGetDecision", registerGetDecision);
+gate("registerGetAgentSpend", registerGetAgentSpend);
+gate("registerGetGraphStats", registerGetGraphStats);
+gate("registerGetEntityNeighbors", registerGetEntityNeighbors);
+gate("registerGetHotEntities", registerGetHotEntities);
+gate("registerExportGraph", registerExportGraph);
+gate("registerFindSimilarTrajectories", registerFindSimilarTrajectories);
+gate("registerGetSessionKills", registerGetSessionKills);
+gate("registerListAgentSessions", registerListAgentSessions);
+gate("registerGetDaemonHealth", registerGetDaemonHealth);
+gate("registerGetAutoWakeStatus", registerGetAutoWakeStatus);
+gate("registerGetWorkerGate", registerGetWorkerGate);
+gate("registerRunMemoryAudit", registerRunMemoryAudit);
+gate("registerCloudSync", registerCloudSync);
+gate("registerBackupVps", registerBackupVps);
+gate("registerGetMemoryCardinality", registerGetMemoryCardinality);
+gate("registerRunConsolidation", registerRunConsolidation);
+gate("registerGetLicenseStatus", registerGetLicenseStatus);
+gate("registerAddPerson", registerAddPerson);
+gate("registerListPeople", registerListPeople);
+gate("registerGetPerson", registerGetPerson);
+gate("registerSetAgentConfig", registerSetAgentConfig);
+gate("registerListEmployees", registerListEmployees);
+gate("registerCreateLicense", registerCreateLicense);
+gate("registerListLicenses", registerListLicenses);
+gate("registerActivateLicense", registerActivateLicense);
+gate("registerQueryCompanyBrain", registerQueryCompanyBrain);
+var _gatedRole = process.env.AGENT_ROLE ?? "standalone";
+process.stderr.write(`[exe-os] Tool gating: role=${_gatedRole}
+`);
 try {
   await initStore();
   process.stderr.write("[exe-os] MCP server starting...\n");
@@ -23117,15 +23610,15 @@ try {
     }
   }, 3e4);
   _ppidWatchdog.unref();
-  const MCP_VERSION_PATH = path43.join(os18.homedir(), ".exe-os", "mcp-version");
+  const MCP_VERSION_PATH = path44.join(os18.homedir(), ".exe-os", "mcp-version");
   let _currentMcpVersion = null;
   try {
-    _currentMcpVersion = existsSync33(MCP_VERSION_PATH) ? readFileSync28(MCP_VERSION_PATH, "utf8").trim() : null;
+    _currentMcpVersion = existsSync34(MCP_VERSION_PATH) ? readFileSync28(MCP_VERSION_PATH, "utf8").trim() : null;
   } catch {
   }
   const _versionWatchdog = setInterval(() => {
     try {
-      if (!existsSync33(MCP_VERSION_PATH)) return;
+      if (!existsSync34(MCP_VERSION_PATH)) return;
       const diskVersion = readFileSync28(MCP_VERSION_PATH, "utf8").trim();
       if (_currentMcpVersion && diskVersion !== _currentMcpVersion) {
         process.stderr.write(
@@ -23159,14 +23652,14 @@ try {
 `
       );
       const thisFile = fileURLToPath5(import.meta.url);
-      const backfillPath = path43.resolve(
-        path43.dirname(thisFile),
+      const backfillPath = path44.resolve(
+        path44.dirname(thisFile),
         "../bin/backfill-vectors.js"
       );
-      if (existsSync33(backfillPath)) {
+      if (existsSync34(backfillPath)) {
         const { EXE_AI_DIR: exeDir } = await Promise.resolve().then(() => (init_config(), config_exports));
-        const logPath = path43.join(exeDir, "workers.log");
-        mkdirSync17(path43.dirname(logPath), { recursive: true });
+        const logPath = path44.join(exeDir, "workers.log");
+        mkdirSync18(path44.dirname(logPath), { recursive: true });
         let logFd = "ignore";
         try {
           logFd = openSync3(logPath, "a");