@askexenow/exe-os 0.9.65 → 0.9.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (113) hide show
  1. package/deploy/stack-manifests/v0.9.json +54 -5
  2. package/dist/bin/age-ontology-load.js +61 -0
  3. package/dist/bin/agentic-ontology-backfill.js +4708 -0
  4. package/dist/bin/agentic-reflection-backfill.js +4144 -0
  5. package/dist/bin/{exe-link.js → agentic-semantic-label.js} +1532 -2173
  6. package/dist/bin/backfill-conversations.js +528 -20
  7. package/dist/bin/backfill-responses.js +528 -20
  8. package/dist/bin/backfill-vectors.js +255 -20
  9. package/dist/bin/bulk-sync-postgres.js +4876 -0
  10. package/dist/bin/cleanup-stale-review-tasks.js +529 -21
  11. package/dist/bin/cli.js +3471 -1491
  12. package/dist/bin/exe-agent-config.js +4 -0
  13. package/dist/bin/exe-agent.js +16 -0
  14. package/dist/bin/exe-assign.js +528 -20
  15. package/dist/bin/exe-boot.js +492 -54
  16. package/dist/bin/exe-call.js +16 -0
  17. package/dist/bin/exe-cloud.js +7415 -518
  18. package/dist/bin/exe-dispatch.js +540 -22
  19. package/dist/bin/exe-doctor.js +3404 -1225
  20. package/dist/bin/exe-export-behaviors.js +542 -24
  21. package/dist/bin/exe-forget.js +529 -21
  22. package/dist/bin/exe-gateway.js +595 -25
  23. package/dist/bin/exe-heartbeat.js +541 -24
  24. package/dist/bin/exe-kill.js +529 -21
  25. package/dist/bin/exe-launch-agent.js +2334 -1067
  26. package/dist/bin/exe-new-employee.js +324 -166
  27. package/dist/bin/exe-pending-messages.js +529 -21
  28. package/dist/bin/exe-pending-notifications.js +529 -21
  29. package/dist/bin/exe-pending-reviews.js +529 -21
  30. package/dist/bin/exe-rename.js +529 -21
  31. package/dist/bin/exe-review.js +529 -21
  32. package/dist/bin/exe-search.js +542 -24
  33. package/dist/bin/exe-session-cleanup.js +540 -22
  34. package/dist/bin/exe-settings.js +14 -0
  35. package/dist/bin/exe-start-codex.js +817 -144
  36. package/dist/bin/exe-start-opencode.js +776 -80
  37. package/dist/bin/exe-status.js +529 -21
  38. package/dist/bin/exe-team.js +529 -21
  39. package/dist/bin/git-sweep.js +540 -22
  40. package/dist/bin/graph-backfill.js +580 -21
  41. package/dist/bin/graph-export.js +529 -21
  42. package/dist/bin/graph-layer-benchmark.js +109 -0
  43. package/dist/bin/install.js +420 -289
  44. package/dist/bin/intercom-check.js +540 -22
  45. package/dist/bin/postgres-agentic-reflection-backfill.js +187 -0
  46. package/dist/bin/postgres-agentic-semantic-backfill.js +237 -0
  47. package/dist/bin/scan-tasks.js +540 -22
  48. package/dist/bin/setup.js +790 -206
  49. package/dist/bin/shard-migrate.js +528 -20
  50. package/dist/bin/update.js +4 -0
  51. package/dist/gateway/index.js +593 -23
  52. package/dist/hooks/bug-report-worker.js +651 -64
  53. package/dist/hooks/codex-stop-task-finalizer.js +540 -22
  54. package/dist/hooks/commit-complete.js +540 -22
  55. package/dist/hooks/error-recall.js +542 -24
  56. package/dist/hooks/exe-heartbeat-hook.js +4 -0
  57. package/dist/hooks/ingest-worker.js +4 -0
  58. package/dist/hooks/ingest.js +539 -22
  59. package/dist/hooks/instructions-loaded.js +529 -21
  60. package/dist/hooks/notification.js +529 -21
  61. package/dist/hooks/post-compact.js +529 -21
  62. package/dist/hooks/post-tool-combined.js +543 -25
  63. package/dist/hooks/pre-compact.js +772 -127
  64. package/dist/hooks/pre-tool-use.js +529 -21
  65. package/dist/hooks/prompt-submit.js +543 -25
  66. package/dist/hooks/session-end.js +673 -140
  67. package/dist/hooks/session-start.js +662 -26
  68. package/dist/hooks/stop.js +540 -23
  69. package/dist/hooks/subagent-stop.js +529 -21
  70. package/dist/hooks/summary-worker.js +571 -126
  71. package/dist/index.js +593 -23
  72. package/dist/lib/agent-config.js +4 -0
  73. package/dist/lib/cloud-sync.js +408 -47
  74. package/dist/lib/config.js +25 -1
  75. package/dist/lib/consolidation.js +5 -1
  76. package/dist/lib/database.js +128 -0
  77. package/dist/lib/db-daemon-client.js +4 -0
  78. package/dist/lib/db.js +128 -0
  79. package/dist/lib/device-registry.js +128 -0
  80. package/dist/lib/embedder.js +25 -1
  81. package/dist/lib/employee-templates.js +16 -0
  82. package/dist/lib/employees.js +4 -0
  83. package/dist/lib/exe-daemon-client.js +4 -0
  84. package/dist/lib/exe-daemon.js +3158 -930
  85. package/dist/lib/hybrid-search.js +542 -24
  86. package/dist/lib/identity.js +7 -0
  87. package/dist/lib/keychain.js +178 -22
  88. package/dist/lib/license.js +4 -0
  89. package/dist/lib/messaging.js +7 -0
  90. package/dist/lib/reminders.js +7 -0
  91. package/dist/lib/schedules.js +255 -20
  92. package/dist/lib/skill-learning.js +28 -1
  93. package/dist/lib/status-brief.js +39 -0
  94. package/dist/lib/store.js +528 -20
  95. package/dist/lib/task-router.js +4 -0
  96. package/dist/lib/tasks.js +28 -1
  97. package/dist/lib/tmux-routing.js +28 -1
  98. package/dist/lib/token-spend.js +7 -0
  99. package/dist/mcp/server.js +2739 -813
  100. package/dist/mcp/tools/complete-reminder.js +7 -0
  101. package/dist/mcp/tools/create-reminder.js +7 -0
  102. package/dist/mcp/tools/create-task.js +28 -1
  103. package/dist/mcp/tools/deactivate-behavior.js +7 -0
  104. package/dist/mcp/tools/list-reminders.js +7 -0
  105. package/dist/mcp/tools/list-tasks.js +7 -0
  106. package/dist/mcp/tools/send-message.js +7 -0
  107. package/dist/mcp/tools/update-task.js +28 -1
  108. package/dist/runtime/index.js +540 -22
  109. package/dist/tui/App.js +618 -29
  110. package/package.json +9 -5
  111. package/src/commands/exe/cloud.md +11 -8
  112. package/stack.release.json +3 -3
  113. package/src/commands/exe/link.md +0 -17
package/dist/bin/git-sweep.js CHANGED
@@ -442,6 +442,11 @@ function normalizeAutoUpdate(raw) {
442
442
  const userAU = raw.autoUpdate ?? {};
443
443
  raw.autoUpdate = { ...defaultAU, ...userAU };
444
444
  }
445
+ function normalizeOrchestration(raw) {
446
+ const defaultOrg = DEFAULT_CONFIG.orchestration;
447
+ const userOrg = raw.orchestration ?? {};
448
+ raw.orchestration = { ...defaultOrg, ...userOrg };
449
+ }
445
450
  async function loadConfig() {
446
451
  const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
447
452
  await ensurePrivateDir(dir);
@@ -466,10 +471,15 @@ async function loadConfig() {
466
471
  normalizeScalingRoadmap(migratedCfg);
467
472
  normalizeSessionLifecycle(migratedCfg);
468
473
  normalizeAutoUpdate(migratedCfg);
474
+ normalizeOrchestration(migratedCfg);
469
475
  const config = { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db"), ...migratedCfg };
470
476
  if (config.dbPath.startsWith("~")) {
471
477
  config.dbPath = config.dbPath.replace(/^~/, os2.homedir());
472
478
  }
479
+ const envDbPath = path2.join(dir, "memories.db");
480
+ if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync3(config.dbPath) && existsSync3(envDbPath)) {
481
+ config.dbPath = envDbPath;
482
+ }
473
483
  return config;
474
484
  } catch {
475
485
  return { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db") };
@@ -489,7 +499,16 @@ function loadConfigSync() {
489
499
  normalizeScalingRoadmap(migratedCfg);
490
500
  normalizeSessionLifecycle(migratedCfg);
491
501
  normalizeAutoUpdate(migratedCfg);
492
- return { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db"), ...migratedCfg };
502
+ normalizeOrchestration(migratedCfg);
503
+ const config = { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db"), ...migratedCfg };
504
+ if (config.dbPath.startsWith("~")) {
505
+ config.dbPath = config.dbPath.replace(/^~/, os2.homedir());
506
+ }
507
+ const envDbPath = path2.join(dir, "memories.db");
508
+ if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync3(config.dbPath) && existsSync3(envDbPath)) {
509
+ config.dbPath = envDbPath;
510
+ }
511
+ return config;
493
512
  } catch {
494
513
  return { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db") };
495
514
  }
@@ -510,6 +529,7 @@ async function loadConfigFrom(configPath) {
510
529
  normalizeScalingRoadmap(migratedCfg);
511
530
  normalizeSessionLifecycle(migratedCfg);
512
531
  normalizeAutoUpdate(migratedCfg);
532
+ normalizeOrchestration(migratedCfg);
513
533
  return { ...DEFAULT_CONFIG, ...migratedCfg };
514
534
  } catch {
515
535
  return { ...DEFAULT_CONFIG };
@@ -581,6 +601,10 @@ var init_config = __esm({
581
601
  checkOnBoot: true,
582
602
  autoInstall: false,
583
603
  checkIntervalMs: 24 * 60 * 60 * 1e3
604
+ },
605
+ orchestration: {
606
+ phase: "phase_1_coo",
607
+ phaseSetBy: "default"
584
608
  }
585
609
  };
586
610
  CONFIG_MIGRATIONS = [
@@ -2247,6 +2271,9 @@ function getClient() {
2247
2271
  if (_daemonClient && _daemonClient._isDaemonActive()) {
2248
2272
  return _daemonClient;
2249
2273
  }
2274
+ if (!_resilientClient) {
2275
+ return _adapterClient;
2276
+ }
2250
2277
  return _resilientClient;
2251
2278
  }
2252
2279
  async function initDaemonClient() {
@@ -3279,6 +3306,127 @@ async function ensureSchema() {
3279
3306
  VALUES (new.rowid, new.content, new.subject, new.predicate, new.object);
3280
3307
  END;
3281
3308
  `);
3309
+ await client.executeMultiple(`
3310
+ CREATE TABLE IF NOT EXISTS agent_sessions (
3311
+ id TEXT PRIMARY KEY,
3312
+ agent_id TEXT NOT NULL,
3313
+ project_name TEXT,
3314
+ started_at TEXT NOT NULL,
3315
+ last_event_at TEXT NOT NULL,
3316
+ event_count INTEGER NOT NULL DEFAULT 0,
3317
+ properties TEXT DEFAULT '{}'
3318
+ );
3319
+
3320
+ CREATE INDEX IF NOT EXISTS idx_agent_sessions_agent_time
3321
+ ON agent_sessions(agent_id, started_at);
3322
+
3323
+ CREATE TABLE IF NOT EXISTS agent_goals (
3324
+ id TEXT PRIMARY KEY,
3325
+ statement TEXT NOT NULL,
3326
+ owner_agent_id TEXT,
3327
+ project_name TEXT,
3328
+ status TEXT NOT NULL DEFAULT 'open',
3329
+ priority INTEGER NOT NULL DEFAULT 5,
3330
+ success_criteria TEXT,
3331
+ parent_goal_id TEXT,
3332
+ due_at TEXT,
3333
+ achieved_at TEXT,
3334
+ supersedes_id TEXT,
3335
+ created_at TEXT NOT NULL,
3336
+ updated_at TEXT NOT NULL,
3337
+ source_memory_id TEXT
3338
+ );
3339
+
3340
+ CREATE INDEX IF NOT EXISTS idx_agent_goals_project_status
3341
+ ON agent_goals(project_name, status, priority);
3342
+
3343
+ CREATE TABLE IF NOT EXISTS agent_events (
3344
+ id TEXT PRIMARY KEY,
3345
+ event_type TEXT NOT NULL,
3346
+ occurred_at TEXT NOT NULL,
3347
+ sequence_index INTEGER NOT NULL,
3348
+ actor_agent_id TEXT,
3349
+ agent_role TEXT,
3350
+ project_name TEXT,
3351
+ session_id TEXT,
3352
+ task_id TEXT,
3353
+ goal_id TEXT,
3354
+ parent_event_id TEXT,
3355
+ intention TEXT,
3356
+ outcome TEXT,
3357
+ evidence_memory_id TEXT,
3358
+ impact TEXT,
3359
+ payload TEXT DEFAULT '{}',
3360
+ created_at TEXT NOT NULL
3361
+ );
3362
+
3363
+ CREATE INDEX IF NOT EXISTS idx_agent_events_time
3364
+ ON agent_events(occurred_at, sequence_index);
3365
+
3366
+ CREATE INDEX IF NOT EXISTS idx_agent_events_session_seq
3367
+ ON agent_events(session_id, sequence_index);
3368
+
3369
+ CREATE INDEX IF NOT EXISTS idx_agent_events_goal_time
3370
+ ON agent_events(goal_id, occurred_at);
3371
+
3372
+ CREATE INDEX IF NOT EXISTS idx_agent_events_memory
3373
+ ON agent_events(evidence_memory_id);
3374
+
3375
+ CREATE TABLE IF NOT EXISTS agent_goal_links (
3376
+ id TEXT PRIMARY KEY,
3377
+ goal_id TEXT NOT NULL,
3378
+ link_type TEXT NOT NULL,
3379
+ target_id TEXT NOT NULL,
3380
+ target_type TEXT NOT NULL,
3381
+ created_at TEXT NOT NULL
3382
+ );
3383
+
3384
+ CREATE INDEX IF NOT EXISTS idx_agent_goal_links_goal
3385
+ ON agent_goal_links(goal_id, target_type);
3386
+
3387
+ CREATE TABLE IF NOT EXISTS agent_semantic_labels (
3388
+ id TEXT PRIMARY KEY,
3389
+ source_memory_id TEXT NOT NULL,
3390
+ event_id TEXT,
3391
+ labeler TEXT NOT NULL,
3392
+ schema_version INTEGER NOT NULL DEFAULT 1,
3393
+ confidence REAL NOT NULL DEFAULT 0,
3394
+ labels TEXT NOT NULL,
3395
+ created_at TEXT NOT NULL,
3396
+ updated_at TEXT NOT NULL
3397
+ );
3398
+
3399
+ CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_memory
3400
+ ON agent_semantic_labels(source_memory_id, labeler);
3401
+
3402
+ CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_event
3403
+ ON agent_semantic_labels(event_id);
3404
+
3405
+ CREATE TABLE IF NOT EXISTS agent_reflection_checkpoints (
3406
+ id TEXT PRIMARY KEY,
3407
+ project_name TEXT,
3408
+ session_id TEXT,
3409
+ window_start_at TEXT NOT NULL,
3410
+ window_end_at TEXT NOT NULL,
3411
+ event_count INTEGER NOT NULL DEFAULT 0,
3412
+ goal_count INTEGER NOT NULL DEFAULT 0,
3413
+ success_count INTEGER NOT NULL DEFAULT 0,
3414
+ failure_count INTEGER NOT NULL DEFAULT 0,
3415
+ risk_count INTEGER NOT NULL DEFAULT 0,
3416
+ summary TEXT NOT NULL,
3417
+ learnings TEXT NOT NULL DEFAULT '[]',
3418
+ next_actions TEXT NOT NULL DEFAULT '[]',
3419
+ evidence_event_ids TEXT NOT NULL DEFAULT '[]',
3420
+ confidence REAL NOT NULL DEFAULT 0,
3421
+ created_at TEXT NOT NULL
3422
+ );
3423
+
3424
+ CREATE INDEX IF NOT EXISTS idx_agent_reflection_project_time
3425
+ ON agent_reflection_checkpoints(project_name, window_end_at);
3426
+
3427
+ CREATE INDEX IF NOT EXISTS idx_agent_reflection_session_time
3428
+ ON agent_reflection_checkpoints(session_id, window_end_at);
3429
+ `);
3282
3430
  try {
3283
3431
  await client.execute({
3284
3432
  sql: `ALTER TABLE memories ADD COLUMN tier INTEGER DEFAULT 3`,
@@ -6676,7 +6824,7 @@ var init_task_scope = __esm({
6676
6824
 
6677
6825
  // src/lib/keychain.ts
6678
6826
  import { readFile as readFile4, writeFile as writeFile5, unlink, mkdir as mkdir4, chmod as chmod2 } from "fs/promises";
6679
- import { existsSync as existsSync16 } from "fs";
6827
+ import { existsSync as existsSync16, statSync as statSync2 } from "fs";
6680
6828
  import { execSync as execSync7 } from "child_process";
6681
6829
  import path19 from "path";
6682
6830
  import os12 from "os";
@@ -6686,29 +6834,78 @@ function getKeyDir() {
6686
6834
  function getKeyPath() {
6687
6835
  return path19.join(getKeyDir(), "master.key");
6688
6836
  }
6689
- function macKeychainGet() {
6837
+ function nativeKeychainAllowed() {
6838
+ return process.env.EXE_OS_DISABLE_NATIVE_KEYCHAIN !== "1";
6839
+ }
6840
+ function linuxSecretAvailable() {
6841
+ if (!nativeKeychainAllowed()) return false;
6842
+ if (process.platform !== "linux") return false;
6843
+ if (linuxSecretAvailability !== null) return linuxSecretAvailability;
6844
+ try {
6845
+ execSync7("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
6846
+ } catch {
6847
+ linuxSecretAvailability = false;
6848
+ return false;
6849
+ }
6850
+ try {
6851
+ execSync7("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
6852
+ linuxSecretAvailability = true;
6853
+ } catch {
6854
+ linuxSecretAvailability = false;
6855
+ }
6856
+ return linuxSecretAvailability;
6857
+ }
6858
+ function isRootOnlyTrustedServerKeyFile(keyPath) {
6859
+ if (process.platform !== "linux") return false;
6860
+ try {
6861
+ const uid = typeof os12.userInfo().uid === "number" ? os12.userInfo().uid : -1;
6862
+ const st = statSync2(keyPath);
6863
+ if (!st.isFile() || (st.mode & 63) !== 0) return false;
6864
+ if (uid === 0) return true;
6865
+ const exeOsDir = process.env.EXE_OS_DIR;
6866
+ return Boolean(exeOsDir && path19.resolve(keyPath).startsWith(path19.resolve(exeOsDir) + path19.sep));
6867
+ } catch {
6868
+ return false;
6869
+ }
6870
+ }
6871
+ function macKeychainGet(service = SERVICE) {
6872
+ if (!nativeKeychainAllowed()) return null;
6690
6873
  if (process.platform !== "darwin") return null;
6691
6874
  try {
6692
6875
  return execSync7(
6693
- `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w 2>/dev/null`,
6876
+ `security find-generic-password -s "${service}" -a "${ACCOUNT}" -w 2>/dev/null`,
6694
6877
  { encoding: "utf-8", timeout: 5e3 }
6695
6878
  ).trim();
6696
6879
  } catch {
6697
6880
  return null;
6698
6881
  }
6699
6882
  }
6700
- function macKeychainSet(value) {
6883
+ function macKeychainSet(value, service = SERVICE) {
6884
+ if (!nativeKeychainAllowed()) return false;
6701
6885
  if (process.platform !== "darwin") return false;
6702
6886
  try {
6703
6887
  try {
6704
6888
  execSync7(
6705
- `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
6889
+ `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
6706
6890
  { timeout: 5e3 }
6707
6891
  );
6708
6892
  } catch {
6709
6893
  }
6710
6894
  execSync7(
6711
- `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
6895
+ `security add-generic-password -s "${service}" -a "${ACCOUNT}" -w "${value}"`,
6896
+ { timeout: 5e3 }
6897
+ );
6898
+ return true;
6899
+ } catch {
6900
+ return false;
6901
+ }
6902
+ }
6903
+ function macKeychainDelete(service = SERVICE) {
6904
+ if (!nativeKeychainAllowed()) return false;
6905
+ if (process.platform !== "darwin") return false;
6906
+ try {
6907
+ execSync7(
6908
+ `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
6712
6909
  { timeout: 5e3 }
6713
6910
  );
6714
6911
  return true;
@@ -6716,22 +6913,35 @@ function macKeychainSet(value) {
6716
6913
  return false;
6717
6914
  }
6718
6915
  }
6719
- function linuxSecretGet() {
6720
- if (process.platform !== "linux") return null;
6916
+ function linuxSecretGet(service = SERVICE) {
6917
+ if (!linuxSecretAvailable()) return null;
6721
6918
  try {
6722
6919
  return execSync7(
6723
- `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
6920
+ `secret-tool lookup service "${service}" account "${ACCOUNT}" 2>/dev/null`,
6724
6921
  { encoding: "utf-8", timeout: 5e3 }
6725
6922
  ).trim();
6726
6923
  } catch {
6727
6924
  return null;
6728
6925
  }
6729
6926
  }
6730
- function linuxSecretSet(value) {
6927
+ function linuxSecretSet(value, service = SERVICE) {
6928
+ if (!linuxSecretAvailable()) return false;
6929
+ try {
6930
+ execSync7(
6931
+ `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${service}" account "${ACCOUNT}" 2>/dev/null`,
6932
+ { timeout: 5e3 }
6933
+ );
6934
+ return true;
6935
+ } catch {
6936
+ return false;
6937
+ }
6938
+ }
6939
+ function linuxSecretDelete(service = SERVICE) {
6940
+ if (!nativeKeychainAllowed()) return false;
6731
6941
  if (process.platform !== "linux") return false;
6732
6942
  try {
6733
6943
  execSync7(
6734
- `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${SERVICE}" account "${ACCOUNT}"`,
6944
+ `secret-tool clear service "${service}" account "${ACCOUNT}" 2>/dev/null`,
6735
6945
  { timeout: 5e3 }
6736
6946
  );
6737
6947
  return true;
@@ -6740,6 +6950,7 @@ function linuxSecretSet(value) {
6740
6950
  }
6741
6951
  }
6742
6952
  async function tryKeytar() {
6953
+ if (!nativeKeychainAllowed()) return null;
6743
6954
  try {
6744
6955
  return await import("keytar");
6745
6956
  } catch {
@@ -6813,7 +7024,19 @@ async function writeMachineBoundFileFallback(b64) {
6813
7024
  return "plaintext";
6814
7025
  }
6815
7026
  async function getMasterKey() {
6816
- const nativeValue = macKeychainGet() ?? linuxSecretGet();
7027
+ let nativeValue = macKeychainGet() ?? linuxSecretGet();
7028
+ if (!nativeValue) {
7029
+ const legacyValue = macKeychainGet(LEGACY_SERVICE) ?? linuxSecretGet(LEGACY_SERVICE);
7030
+ if (legacyValue) {
7031
+ const migrated = macKeychainSet(legacyValue) || linuxSecretSet(legacyValue);
7032
+ if (migrated) {
7033
+ macKeychainDelete(LEGACY_SERVICE);
7034
+ linuxSecretDelete(LEGACY_SERVICE);
7035
+ process.stderr.write("[keychain] Migrated keychain service from exe-mem to exe-os.\n");
7036
+ }
7037
+ nativeValue = legacyValue;
7038
+ }
7039
+ }
6817
7040
  if (nativeValue) {
6818
7041
  return Buffer.from(nativeValue, "base64");
6819
7042
  }
@@ -6821,12 +7044,17 @@ async function getMasterKey() {
6821
7044
  if (keytar) {
6822
7045
  try {
6823
7046
  const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
6824
- if (keytarValue) {
6825
- const migrated = macKeychainSet(keytarValue) || linuxSecretSet(keytarValue);
7047
+ const legacyKeytarValue = keytarValue ?? await keytar.getPassword(LEGACY_SERVICE, ACCOUNT);
7048
+ if (legacyKeytarValue) {
7049
+ const migrated = macKeychainSet(legacyKeytarValue) || linuxSecretSet(legacyKeytarValue);
6826
7050
  if (migrated) {
6827
7051
  process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
7052
+ try {
7053
+ await keytar.deletePassword(LEGACY_SERVICE, ACCOUNT);
7054
+ } catch {
7055
+ }
6828
7056
  }
6829
- return Buffer.from(keytarValue, "base64");
7057
+ return Buffer.from(legacyKeytarValue, "base64");
6830
7058
  }
6831
7059
  } catch {
6832
7060
  }
@@ -6851,7 +7079,7 @@ async function getMasterKey() {
6851
7079
  const decrypted = decryptWithMachineKey(content, machineKey);
6852
7080
  if (!decrypted) {
6853
7081
  process.stderr.write(
6854
- "[keychain] Key decryption failed \u2014 machine may have changed.\n Use your 24-word recovery phrase: exe-os link import\n"
7082
+ "[keychain] Key decryption failed \u2014 machine may have changed.\n Use your 24-word recovery phrase during setup: exe-os setup\n"
6855
7083
  );
6856
7084
  return null;
6857
7085
  }
@@ -6860,6 +7088,9 @@ async function getMasterKey() {
6860
7088
  b64Value = content;
6861
7089
  }
6862
7090
  const key = Buffer.from(b64Value, "base64");
7091
+ if (!content.startsWith(ENCRYPTED_PREFIX) && isRootOnlyTrustedServerKeyFile(keyPath)) {
7092
+ return key;
7093
+ }
6863
7094
  const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
6864
7095
  if (migrated) {
6865
7096
  process.stderr.write("[keychain] Migrated key from file to native keychain.\n");
@@ -6887,12 +7118,14 @@ async function getMasterKey() {
6887
7118
  return null;
6888
7119
  }
6889
7120
  }
6890
- var SERVICE, ACCOUNT, ENCRYPTED_PREFIX;
7121
+ var SERVICE, LEGACY_SERVICE, ACCOUNT, linuxSecretAvailability, ENCRYPTED_PREFIX;
6891
7122
  var init_keychain = __esm({
6892
7123
  "src/lib/keychain.ts"() {
6893
7124
  "use strict";
6894
- SERVICE = "exe-mem";
7125
+ SERVICE = "exe-os";
7126
+ LEGACY_SERVICE = "exe-mem";
6895
7127
  ACCOUNT = "master-key";
7128
+ linuxSecretAvailability = null;
6896
7129
  ENCRYPTED_PREFIX = "enc:";
6897
7130
  }
6898
7131
  });
@@ -7107,7 +7340,7 @@ __export(shard_manager_exports, {
7107
7340
  shardExists: () => shardExists
7108
7341
  });
7109
7342
  import path20 from "path";
7110
- import { existsSync as existsSync17, mkdirSync as mkdirSync8, readdirSync as readdirSync4, renameSync as renameSync4, statSync as statSync2 } from "fs";
7343
+ import { existsSync as existsSync17, mkdirSync as mkdirSync8, readdirSync as readdirSync4, renameSync as renameSync4, statSync as statSync3 } from "fs";
7111
7344
  import { createClient as createClient2 } from "@libsql/client";
7112
7345
  function initShardManager(encryptionKey) {
7113
7346
  _encryptionKey = encryptionKey;
@@ -7171,7 +7404,7 @@ async function auditShardHealth(options = {}) {
7171
7404
  const shards = [];
7172
7405
  for (const name of names) {
7173
7406
  const dbPath = path20.join(SHARDS_DIR, `${name}.db`);
7174
- const stat = statSync2(dbPath);
7407
+ const stat = statSync3(dbPath);
7175
7408
  const item = {
7176
7409
  name,
7177
7410
  path: dbPath,
@@ -7424,7 +7657,7 @@ async function getReadyShardClient(projectName2) {
7424
7657
  _shardLastAccess.delete(safeName);
7425
7658
  const dbPath = path20.join(SHARDS_DIR, `${safeName}.db`);
7426
7659
  if (existsSync17(dbPath)) {
7427
- const stat = statSync2(dbPath);
7660
+ const stat = statSync3(dbPath);
7428
7661
  const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
7429
7662
  const archivedPath = path20.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
7430
7663
  renameSync4(dbPath, archivedPath);
@@ -7544,6 +7777,12 @@ var init_platform_procedures = __esm({
7544
7777
  priority: "p0",
7545
7778
  content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
7546
7779
  },
7780
+ {
7781
+ title: "Customer orchestration maturity \u2014 recommend, never trap",
7782
+ domain: "workflow",
7783
+ priority: "p1",
7784
+ content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
7785
+ },
7547
7786
  {
7548
7787
  title: "Single dispatch path \u2014 create_task only",
7549
7788
  domain: "workflow",
@@ -7602,6 +7841,12 @@ var init_platform_procedures = __esm({
7602
7841
  priority: "p0",
7603
7842
  content: "exe-build-adv is MANDATORY for ALL work touching 3+ files. Run /exe-build-adv --auto BEFORE implementation. Pipeline: Spec \u2192 AC \u2192 Tests \u2192 Evaluate \u2192 Fix. No multi-file feature ships without pipeline artifacts. No exceptions \u2014 managers reject work without them."
7604
7843
  },
7844
+ {
7845
+ title: "Commit discipline \u2014 never leave verified work floating",
7846
+ domain: "workflow",
7847
+ priority: "p1",
7848
+ content: "After any code-change batch passes typecheck/tests/build, run git status, summarize changed files, and commit with a clear message before ending the session. If work must remain uncommitted for review/dogfood, explicitly say so, list the files, and state the blocker. Never imply work is complete while verified changes are still floating locally."
7849
+ },
7605
7850
  {
7606
7851
  title: "Desktop and TUI are the same product",
7607
7852
  domain: "architecture",
@@ -7919,6 +8164,274 @@ var init_memory_cards = __esm({
7919
8164
  }
7920
8165
  });
7921
8166
 
8167
+ // src/lib/agentic-ontology.ts
8168
+ var agentic_ontology_exports = {};
8169
+ __export(agentic_ontology_exports, {
8170
+ clean: () => clean,
8171
+ extractGoalCandidates: () => extractGoalCandidates,
8172
+ inferIntention: () => inferIntention,
8173
+ inferOntologyEventType: () => inferOntologyEventType,
8174
+ inferOutcome: () => inferOutcome,
8175
+ inferSemanticLabel: () => inferSemanticLabel,
8176
+ insertOntologyForBatch: () => insertOntologyForBatch,
8177
+ insertOntologyForMemory: () => insertOntologyForMemory,
8178
+ ontologyPayload: () => ontologyPayload,
8179
+ stableId: () => stableId2
8180
+ });
8181
+ import { createHash as createHash3 } from "crypto";
8182
+ function stableId2(...parts) {
8183
+ return createHash3("sha256").update(parts.map((p) => String(p ?? "")).join("::")).digest("hex").slice(0, 32);
8184
+ }
8185
+ function clean(text, max = 240) {
8186
+ return text.replace(/\u0000/g, "").replace(/```[\s\S]*?```/g, " ").replace(/\s+/g, " ").trim().slice(0, max);
8187
+ }
8188
+ function inferOntologyEventType(row) {
8189
+ const lower = row.raw_text.toLowerCase();
8190
+ if (row.has_error) return "error";
8191
+ if (/\b(done|complete|completed|fixed|resolved|shipped|deployed|pushed|published)\b/.test(lower)) return "milestone";
8192
+ if (/\b(blocked|failed|error|bug|regression|broken)\b/.test(lower)) return "problem";
8193
+ if (/\b(decided|decision|adr|we chose|approved|rejected)\b/.test(lower)) return "decision";
8194
+ if (/\b(goal|need to|we need|want to|trying to|objective)\b/.test(lower)) return "goal_signal";
8195
+ if (["Bash", "Read", "Edit", "Write", "Grep", "Glob"].includes(row.tool_name)) return "tool_action";
8196
+ if (row.tool_name.startsWith("memory_card")) return "memory_card";
8197
+ return "memory_observation";
8198
+ }
8199
+ function inferIntention(row) {
8200
+ if (row.intent) return clean(row.intent, 220);
8201
+ const text = clean(row.raw_text, 1e3);
8202
+ const patterns = [
8203
+ /(?:we need to|need to|let'?s|i want to|we should|goal is to|objective is to|trying to)\s+([^.!?\n]{8,220})/i,
8204
+ /(?:so that|in order to)\s+([^.!?\n]{8,220})/i,
8205
+ /(?:task|plan):\s*([^.!?\n]{8,220})/i
8206
+ ];
8207
+ for (const p of patterns) {
8208
+ const m = text.match(p);
8209
+ if (m?.[1]) return clean(m[1], 220);
8210
+ }
8211
+ if (["Bash", "Read", "Edit", "Write", "Grep", "Glob"].includes(row.tool_name)) {
8212
+ return `${row.tool_name} during ${row.project_name}`;
8213
+ }
8214
+ return null;
8215
+ }
8216
+ function inferOutcome(row) {
8217
+ if (row.outcome) return clean(row.outcome, 220);
8218
+ if (row.has_error) return "error";
8219
+ const lower = row.raw_text.toLowerCase();
8220
+ if (/\b(done|complete|completed|fixed|resolved|shipped|deployed|pushed|published|passed)\b/.test(lower)) return "success_signal";
8221
+ if (/\b(blocked|failed|error|regression|broken|not working|could not)\b/.test(lower)) return "failure_signal";
8222
+ if (/\b(warning|risk|concern|caveat)\b/.test(lower)) return "risk_signal";
8223
+ return null;
8224
+ }
8225
+ function extractGoalCandidates(row) {
8226
+ const text = clean(row.raw_text, 1600);
8227
+ const patterns = [
8228
+ /(?:we need to|need to|i want to|we should|goal is to|objective is to|trying to|let'?s)\s+([^.!?\n]{12,220})/gi,
8229
+ /(?:success means|success criteria|so that)\s+([^.!?\n]{12,220})/gi
8230
+ ];
8231
+ const out = [];
8232
+ for (const pattern of patterns) {
8233
+ for (const m of text.matchAll(pattern)) {
8234
+ const candidate = clean(m[1] ?? "", 220);
8235
+ if (candidate.length >= 12 && !out.some((x) => x.toLowerCase() === candidate.toLowerCase())) out.push(candidate);
8236
+ if (out.length >= 3) return out;
8237
+ }
8238
+ }
8239
+ return out;
8240
+ }
8241
+ function uniq(values, max = 6) {
8242
+ const out = [];
8243
+ for (const value of values.map((v) => clean(v, 220)).filter(Boolean)) {
8244
+ if (!out.some((x) => x.toLowerCase() === value.toLowerCase())) out.push(value);
8245
+ if (out.length >= max) break;
8246
+ }
8247
+ return out;
8248
+ }
8249
+ function extractMatches(text, patterns, max = 5) {
8250
+ const out = [];
8251
+ for (const pattern of patterns) {
8252
+ for (const match of text.matchAll(pattern)) {
8253
+ const value = match[1] ?? match[0];
8254
+ if (value) out.push(value);
8255
+ if (out.length >= max) return uniq(out, max);
8256
+ }
8257
+ }
8258
+ return uniq(out, max);
8259
+ }
8260
+ function inferSemanticLabel(row) {
8261
+ const text = clean(row.raw_text, 2400);
8262
+ const eventType = inferOntologyEventType(row);
8263
+ const intention = inferIntention(row);
8264
+ const outcome = inferOutcome(row);
8265
+ const goals = extractGoalCandidates(row);
8266
+ const milestones = extractMatches(text, [
8267
+ /\b(?:completed|finished|fixed|resolved|shipped|deployed|published|pushed|passed)\b([^.!?\n]{0,180})/gi,
8268
+ /(?:milestone|done):\s*([^.!?\n]{8,220})/gi
8269
+ ]);
8270
+ const problems = extractMatches(text, [
8271
+ /\b(?:blocked by|failed because|bug|regression|broken|not working|error)\b([^.!?\n]{0,180})/gi,
8272
+ /(?:problem|issue|risk):\s*([^.!?\n]{8,220})/gi
8273
+ ]);
8274
+ const decisions = extractMatches(text, [
8275
+ /(?:decided|decision|adr|we chose|approved|rejected)\s+([^.!?\n]{8,220})/gi
8276
+ ]);
8277
+ const temporalAnchors = extractMatches(text, [
8278
+ /\b(\d{4}-\d{2}-\d{2}(?:[T ][0-9:.+-Z]+)?)\b/g,
8279
+ /\b(today|yesterday|tomorrow|this week|next week|last week|morning|afternoon|tonight)\b/gi
8280
+ ], 8);
8281
+ const nextActions = extractMatches(text, [
8282
+ /(?:next|todo|follow[- ]?up|remaining|need to)\s*:?\s*([^.!?\n]{8,220})/gi
8283
+ ]);
8284
+ const actors = uniq([
8285
+ row.agent_id,
8286
+ ...extractMatches(text, [/\b(?:agent|employee|owner|assignee)[:= ]+([a-zA-Z][a-zA-Z0-9_-]{1,40})/gi], 5)
8287
+ ], 6);
8288
+ const successSignals = milestones.length ? milestones : outcome === "success_signal" ? [clean(text, 180)] : [];
8289
+ const failureSignals = problems.length ? problems : outcome === "failure_signal" || row.has_error ? [clean(text, 180)] : [];
8290
+ const impact = successSignals.length && failureSignals.length ? "mixed" : failureSignals.length ? "negative" : successSignals.length ? "positive" : "neutral";
8291
+ const signalCount = goals.length + milestones.length + problems.length + decisions.length + nextActions.length;
8292
+ return {
8293
+ labeler: "deterministic",
8294
+ schemaVersion: 1,
8295
+ eventType,
8296
+ intention,
8297
+ outcome,
8298
+ impact,
8299
+ confidence: Math.min(0.95, 0.45 + signalCount * 0.08 + (intention ? 0.1 : 0) + (outcome ? 0.1 : 0)),
8300
+ goals,
8301
+ milestones,
8302
+ problems,
8303
+ decisions,
8304
+ actors,
8305
+ temporalAnchors,
8306
+ successSignals,
8307
+ failureSignals,
8308
+ nextActions,
8309
+ summary: clean(text, 280)
8310
+ };
8311
+ }
8312
+ function ontologyPayload(row) {
8313
+ const semantic = inferSemanticLabel(row);
8314
+ return {
8315
+ tool_name: row.tool_name,
8316
+ memory_version: row.version ?? null,
8317
+ domain: row.domain ?? null,
8318
+ trajectory: row.trajectory ? safeJson(row.trajectory) : null,
8319
+ semantic
8320
+ };
8321
+ }
8322
+ function safeJson(value) {
8323
+ try {
8324
+ return JSON.parse(value);
8325
+ } catch {
8326
+ return value.slice(0, 1e3);
8327
+ }
8328
+ }
8329
+ async function resolveClient(client) {
8330
+ if (client) return client;
8331
+ const { getClient: getClient2 } = await Promise.resolve().then(() => (init_database(), database_exports));
8332
+ return getClient2();
8333
+ }
8334
+ async function insertOntologyForMemory(row, client) {
8335
+ const db = await resolveClient(client);
8336
+ const occurredAt = row.timestamp;
8337
+ const sequence = Number(row.version ?? 0) || Math.floor(new Date(occurredAt).getTime() / 1e3);
8338
+ const eventType = inferOntologyEventType(row);
8339
+ const intention = inferIntention(row);
8340
+ const outcome = inferOutcome(row);
8341
+ const eventId = stableId2("event", row.id);
8342
+ const now = (/* @__PURE__ */ new Date()).toISOString();
8343
+ await db.execute({
8344
+ sql: `INSERT INTO agent_sessions (id, agent_id, project_name, started_at, last_event_at, event_count, properties)
8345
+ VALUES (?, ?, ?, ?, ?, 1, ?)
8346
+ ON CONFLICT(id) DO UPDATE SET last_event_at = MAX(last_event_at, excluded.last_event_at),
8347
+ event_count = event_count + 1`,
8348
+ args: [row.session_id, row.agent_id, row.project_name, occurredAt, occurredAt, JSON.stringify({ agent_role: row.agent_role })]
8349
+ });
8350
+ await db.execute({
8351
+ sql: `INSERT OR IGNORE INTO agent_events
8352
+ (id, event_type, occurred_at, sequence_index, actor_agent_id, agent_role, project_name,
8353
+ session_id, task_id, goal_id, parent_event_id, intention, outcome, evidence_memory_id,
8354
+ impact, payload, created_at)
8355
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, NULL, ?, ?, ?, ?, ?, ?)`,
8356
+ args: [
8357
+ eventId,
8358
+ eventType,
8359
+ occurredAt,
8360
+ sequence,
8361
+ row.agent_id,
8362
+ row.agent_role,
8363
+ row.project_name,
8364
+ row.session_id,
8365
+ row.task_id ?? null,
8366
+ intention,
8367
+ outcome,
8368
+ row.id,
8369
+ row.has_error ? "negative" : outcome === "success_signal" ? "positive" : "neutral",
8370
+ JSON.stringify(ontologyPayload(row)),
8371
+ now
8372
+ ]
8373
+ });
8374
+ const semantic = inferSemanticLabel(row);
8375
+ await db.execute({
8376
+ sql: `INSERT INTO agent_semantic_labels
8377
+ (id, source_memory_id, event_id, labeler, schema_version, confidence, labels, created_at, updated_at)
8378
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
8379
+ ON CONFLICT(id) DO UPDATE SET confidence = excluded.confidence,
8380
+ labels = excluded.labels, updated_at = excluded.updated_at`,
8381
+ args: [
8382
+ stableId2("semantic", row.id, semantic.labeler, semantic.schemaVersion),
8383
+ row.id,
8384
+ eventId,
8385
+ semantic.labeler,
8386
+ semantic.schemaVersion,
8387
+ semantic.confidence,
8388
+ JSON.stringify(semantic),
8389
+ now,
8390
+ now
8391
+ ]
8392
+ });
8393
+ for (const statement of extractGoalCandidates(row)) {
8394
+ const goalId = stableId2("goal", row.project_name, statement.toLowerCase());
8395
+ await db.execute({
8396
+ sql: `INSERT INTO agent_goals
8397
+ (id, statement, owner_agent_id, project_name, status, priority, success_criteria,
8398
+ parent_goal_id, due_at, achieved_at, supersedes_id, created_at, updated_at, source_memory_id)
8399
+ VALUES (?, ?, ?, ?, 'open', 5, NULL, NULL, NULL, NULL, NULL, ?, ?, ?)
8400
+ ON CONFLICT(id) DO UPDATE SET updated_at = excluded.updated_at`,
8401
+ args: [goalId, statement, row.agent_id, row.project_name, now, now, row.id]
8402
+ });
8403
+ await db.execute({
8404
+ sql: `INSERT OR IGNORE INTO agent_goal_links
8405
+ (id, goal_id, link_type, target_id, target_type, created_at)
8406
+ VALUES (?, ?, 'evidence', ?, 'memory', ?)`,
8407
+ args: [stableId2("goal_link", goalId, row.id, "memory"), goalId, row.id, now]
8408
+ });
8409
+ await db.execute({
8410
+ sql: `INSERT OR IGNORE INTO agent_goal_links
8411
+ (id, goal_id, link_type, target_id, target_type, created_at)
8412
+ VALUES (?, ?, 'event', ?, 'event', ?)`,
8413
+ args: [stableId2("goal_link", goalId, eventId, "event"), goalId, eventId, now]
8414
+ });
8415
+ }
8416
+ }
8417
+ async function insertOntologyForBatch(rows, client) {
8418
+ const db = await resolveClient(client);
8419
+ let count = 0;
8420
+ for (const row of rows) {
8421
+ try {
8422
+ await insertOntologyForMemory(row, db);
8423
+ count++;
8424
+ } catch {
8425
+ }
8426
+ }
8427
+ return count;
8428
+ }
8429
+ var init_agentic_ontology = __esm({
8430
+ "src/lib/agentic-ontology.ts"() {
8431
+ "use strict";
8432
+ }
8433
+ });
8434
+
7922
8435
  // src/lib/store.ts
7923
8436
  var store_exports = {};
7924
8437
  __export(store_exports, {
@@ -8262,6 +8775,11 @@ async function flushBatch() {
8262
8775
  await insertMemoryCardsForBatch2(batch);
8263
8776
  } catch {
8264
8777
  }
8778
+ try {
8779
+ const { insertOntologyForBatch: insertOntologyForBatch2 } = await Promise.resolve().then(() => (init_agentic_ontology(), agentic_ontology_exports));
8780
+ await insertOntologyForBatch2(batch);
8781
+ } catch {
8782
+ }
8265
8783
  schedulePostWriteMemoryHygiene(batch.map((row) => row.id));
8266
8784
  _pendingRecords.splice(0, batch.length);
8267
8785
  try {