@askexenow/exe-os 0.9.65 → 0.9.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (113) hide show
  1. package/deploy/stack-manifests/v0.9.json +54 -5
  2. package/dist/bin/age-ontology-load.js +61 -0
  3. package/dist/bin/agentic-ontology-backfill.js +4708 -0
  4. package/dist/bin/agentic-reflection-backfill.js +4144 -0
  5. package/dist/bin/{exe-link.js → agentic-semantic-label.js} +1532 -2173
  6. package/dist/bin/backfill-conversations.js +528 -20
  7. package/dist/bin/backfill-responses.js +528 -20
  8. package/dist/bin/backfill-vectors.js +255 -20
  9. package/dist/bin/bulk-sync-postgres.js +4876 -0
  10. package/dist/bin/cleanup-stale-review-tasks.js +529 -21
  11. package/dist/bin/cli.js +3471 -1491
  12. package/dist/bin/exe-agent-config.js +4 -0
  13. package/dist/bin/exe-agent.js +16 -0
  14. package/dist/bin/exe-assign.js +528 -20
  15. package/dist/bin/exe-boot.js +492 -54
  16. package/dist/bin/exe-call.js +16 -0
  17. package/dist/bin/exe-cloud.js +7415 -518
  18. package/dist/bin/exe-dispatch.js +540 -22
  19. package/dist/bin/exe-doctor.js +3404 -1225
  20. package/dist/bin/exe-export-behaviors.js +542 -24
  21. package/dist/bin/exe-forget.js +529 -21
  22. package/dist/bin/exe-gateway.js +595 -25
  23. package/dist/bin/exe-heartbeat.js +541 -24
  24. package/dist/bin/exe-kill.js +529 -21
  25. package/dist/bin/exe-launch-agent.js +2334 -1067
  26. package/dist/bin/exe-new-employee.js +324 -166
  27. package/dist/bin/exe-pending-messages.js +529 -21
  28. package/dist/bin/exe-pending-notifications.js +529 -21
  29. package/dist/bin/exe-pending-reviews.js +529 -21
  30. package/dist/bin/exe-rename.js +529 -21
  31. package/dist/bin/exe-review.js +529 -21
  32. package/dist/bin/exe-search.js +542 -24
  33. package/dist/bin/exe-session-cleanup.js +540 -22
  34. package/dist/bin/exe-settings.js +14 -0
  35. package/dist/bin/exe-start-codex.js +817 -144
  36. package/dist/bin/exe-start-opencode.js +776 -80
  37. package/dist/bin/exe-status.js +529 -21
  38. package/dist/bin/exe-team.js +529 -21
  39. package/dist/bin/git-sweep.js +540 -22
  40. package/dist/bin/graph-backfill.js +580 -21
  41. package/dist/bin/graph-export.js +529 -21
  42. package/dist/bin/graph-layer-benchmark.js +109 -0
  43. package/dist/bin/install.js +420 -289
  44. package/dist/bin/intercom-check.js +540 -22
  45. package/dist/bin/postgres-agentic-reflection-backfill.js +187 -0
  46. package/dist/bin/postgres-agentic-semantic-backfill.js +237 -0
  47. package/dist/bin/scan-tasks.js +540 -22
  48. package/dist/bin/setup.js +790 -206
  49. package/dist/bin/shard-migrate.js +528 -20
  50. package/dist/bin/update.js +4 -0
  51. package/dist/gateway/index.js +593 -23
  52. package/dist/hooks/bug-report-worker.js +651 -64
  53. package/dist/hooks/codex-stop-task-finalizer.js +540 -22
  54. package/dist/hooks/commit-complete.js +540 -22
  55. package/dist/hooks/error-recall.js +542 -24
  56. package/dist/hooks/exe-heartbeat-hook.js +4 -0
  57. package/dist/hooks/ingest-worker.js +4 -0
  58. package/dist/hooks/ingest.js +539 -22
  59. package/dist/hooks/instructions-loaded.js +529 -21
  60. package/dist/hooks/notification.js +529 -21
  61. package/dist/hooks/post-compact.js +529 -21
  62. package/dist/hooks/post-tool-combined.js +543 -25
  63. package/dist/hooks/pre-compact.js +772 -127
  64. package/dist/hooks/pre-tool-use.js +529 -21
  65. package/dist/hooks/prompt-submit.js +543 -25
  66. package/dist/hooks/session-end.js +673 -140
  67. package/dist/hooks/session-start.js +662 -26
  68. package/dist/hooks/stop.js +540 -23
  69. package/dist/hooks/subagent-stop.js +529 -21
  70. package/dist/hooks/summary-worker.js +571 -126
  71. package/dist/index.js +593 -23
  72. package/dist/lib/agent-config.js +4 -0
  73. package/dist/lib/cloud-sync.js +408 -47
  74. package/dist/lib/config.js +25 -1
  75. package/dist/lib/consolidation.js +5 -1
  76. package/dist/lib/database.js +128 -0
  77. package/dist/lib/db-daemon-client.js +4 -0
  78. package/dist/lib/db.js +128 -0
  79. package/dist/lib/device-registry.js +128 -0
  80. package/dist/lib/embedder.js +25 -1
  81. package/dist/lib/employee-templates.js +16 -0
  82. package/dist/lib/employees.js +4 -0
  83. package/dist/lib/exe-daemon-client.js +4 -0
  84. package/dist/lib/exe-daemon.js +3158 -930
  85. package/dist/lib/hybrid-search.js +542 -24
  86. package/dist/lib/identity.js +7 -0
  87. package/dist/lib/keychain.js +178 -22
  88. package/dist/lib/license.js +4 -0
  89. package/dist/lib/messaging.js +7 -0
  90. package/dist/lib/reminders.js +7 -0
  91. package/dist/lib/schedules.js +255 -20
  92. package/dist/lib/skill-learning.js +28 -1
  93. package/dist/lib/status-brief.js +39 -0
  94. package/dist/lib/store.js +528 -20
  95. package/dist/lib/task-router.js +4 -0
  96. package/dist/lib/tasks.js +28 -1
  97. package/dist/lib/tmux-routing.js +28 -1
  98. package/dist/lib/token-spend.js +7 -0
  99. package/dist/mcp/server.js +2739 -813
  100. package/dist/mcp/tools/complete-reminder.js +7 -0
  101. package/dist/mcp/tools/create-reminder.js +7 -0
  102. package/dist/mcp/tools/create-task.js +28 -1
  103. package/dist/mcp/tools/deactivate-behavior.js +7 -0
  104. package/dist/mcp/tools/list-reminders.js +7 -0
  105. package/dist/mcp/tools/list-tasks.js +7 -0
  106. package/dist/mcp/tools/send-message.js +7 -0
  107. package/dist/mcp/tools/update-task.js +28 -1
  108. package/dist/runtime/index.js +540 -22
  109. package/dist/tui/App.js +618 -29
  110. package/package.json +9 -5
  111. package/src/commands/exe/cloud.md +11 -8
  112. package/stack.release.json +3 -3
  113. package/src/commands/exe/link.md +0 -17
package/dist/bin/shard-migrate.js CHANGED
@@ -188,6 +188,11 @@ function normalizeAutoUpdate(raw) {
188
188
  const userAU = raw.autoUpdate ?? {};
189
189
  raw.autoUpdate = { ...defaultAU, ...userAU };
190
190
  }
191
+ function normalizeOrchestration(raw) {
192
+ const defaultOrg = DEFAULT_CONFIG.orchestration;
193
+ const userOrg = raw.orchestration ?? {};
194
+ raw.orchestration = { ...defaultOrg, ...userOrg };
195
+ }
191
196
  async function loadConfig() {
192
197
  const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
193
198
  await ensurePrivateDir(dir);
@@ -212,10 +217,15 @@ async function loadConfig() {
212
217
  normalizeScalingRoadmap(migratedCfg);
213
218
  normalizeSessionLifecycle(migratedCfg);
214
219
  normalizeAutoUpdate(migratedCfg);
220
+ normalizeOrchestration(migratedCfg);
215
221
  const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
216
222
  if (config.dbPath.startsWith("~")) {
217
223
  config.dbPath = config.dbPath.replace(/^~/, os.homedir());
218
224
  }
225
+ const envDbPath = path.join(dir, "memories.db");
226
+ if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync2(config.dbPath) && existsSync2(envDbPath)) {
227
+ config.dbPath = envDbPath;
228
+ }
219
229
  return config;
220
230
  } catch {
221
231
  return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
@@ -287,6 +297,10 @@ var init_config = __esm({
287
297
  checkOnBoot: true,
288
298
  autoInstall: false,
289
299
  checkIntervalMs: 24 * 60 * 60 * 1e3
300
+ },
301
+ orchestration: {
302
+ phase: "phase_1_coo",
303
+ phaseSetBy: "default"
290
304
  }
291
305
  };
292
306
  CONFIG_MIGRATIONS = [
@@ -1519,6 +1533,9 @@ function getClient() {
1519
1533
  if (_daemonClient && _daemonClient._isDaemonActive()) {
1520
1534
  return _daemonClient;
1521
1535
  }
1536
+ if (!_resilientClient) {
1537
+ return _adapterClient;
1538
+ }
1522
1539
  return _resilientClient;
1523
1540
  }
1524
1541
  async function initDaemonClient() {
@@ -2551,6 +2568,127 @@ async function ensureSchema() {
2551
2568
  VALUES (new.rowid, new.content, new.subject, new.predicate, new.object);
2552
2569
  END;
2553
2570
  `);
2571
+ await client.executeMultiple(`
2572
+ CREATE TABLE IF NOT EXISTS agent_sessions (
2573
+ id TEXT PRIMARY KEY,
2574
+ agent_id TEXT NOT NULL,
2575
+ project_name TEXT,
2576
+ started_at TEXT NOT NULL,
2577
+ last_event_at TEXT NOT NULL,
2578
+ event_count INTEGER NOT NULL DEFAULT 0,
2579
+ properties TEXT DEFAULT '{}'
2580
+ );
2581
+
2582
+ CREATE INDEX IF NOT EXISTS idx_agent_sessions_agent_time
2583
+ ON agent_sessions(agent_id, started_at);
2584
+
2585
+ CREATE TABLE IF NOT EXISTS agent_goals (
2586
+ id TEXT PRIMARY KEY,
2587
+ statement TEXT NOT NULL,
2588
+ owner_agent_id TEXT,
2589
+ project_name TEXT,
2590
+ status TEXT NOT NULL DEFAULT 'open',
2591
+ priority INTEGER NOT NULL DEFAULT 5,
2592
+ success_criteria TEXT,
2593
+ parent_goal_id TEXT,
2594
+ due_at TEXT,
2595
+ achieved_at TEXT,
2596
+ supersedes_id TEXT,
2597
+ created_at TEXT NOT NULL,
2598
+ updated_at TEXT NOT NULL,
2599
+ source_memory_id TEXT
2600
+ );
2601
+
2602
+ CREATE INDEX IF NOT EXISTS idx_agent_goals_project_status
2603
+ ON agent_goals(project_name, status, priority);
2604
+
2605
+ CREATE TABLE IF NOT EXISTS agent_events (
2606
+ id TEXT PRIMARY KEY,
2607
+ event_type TEXT NOT NULL,
2608
+ occurred_at TEXT NOT NULL,
2609
+ sequence_index INTEGER NOT NULL,
2610
+ actor_agent_id TEXT,
2611
+ agent_role TEXT,
2612
+ project_name TEXT,
2613
+ session_id TEXT,
2614
+ task_id TEXT,
2615
+ goal_id TEXT,
2616
+ parent_event_id TEXT,
2617
+ intention TEXT,
2618
+ outcome TEXT,
2619
+ evidence_memory_id TEXT,
2620
+ impact TEXT,
2621
+ payload TEXT DEFAULT '{}',
2622
+ created_at TEXT NOT NULL
2623
+ );
2624
+
2625
+ CREATE INDEX IF NOT EXISTS idx_agent_events_time
2626
+ ON agent_events(occurred_at, sequence_index);
2627
+
2628
+ CREATE INDEX IF NOT EXISTS idx_agent_events_session_seq
2629
+ ON agent_events(session_id, sequence_index);
2630
+
2631
+ CREATE INDEX IF NOT EXISTS idx_agent_events_goal_time
2632
+ ON agent_events(goal_id, occurred_at);
2633
+
2634
+ CREATE INDEX IF NOT EXISTS idx_agent_events_memory
2635
+ ON agent_events(evidence_memory_id);
2636
+
2637
+ CREATE TABLE IF NOT EXISTS agent_goal_links (
2638
+ id TEXT PRIMARY KEY,
2639
+ goal_id TEXT NOT NULL,
2640
+ link_type TEXT NOT NULL,
2641
+ target_id TEXT NOT NULL,
2642
+ target_type TEXT NOT NULL,
2643
+ created_at TEXT NOT NULL
2644
+ );
2645
+
2646
+ CREATE INDEX IF NOT EXISTS idx_agent_goal_links_goal
2647
+ ON agent_goal_links(goal_id, target_type);
2648
+
2649
+ CREATE TABLE IF NOT EXISTS agent_semantic_labels (
2650
+ id TEXT PRIMARY KEY,
2651
+ source_memory_id TEXT NOT NULL,
2652
+ event_id TEXT,
2653
+ labeler TEXT NOT NULL,
2654
+ schema_version INTEGER NOT NULL DEFAULT 1,
2655
+ confidence REAL NOT NULL DEFAULT 0,
2656
+ labels TEXT NOT NULL,
2657
+ created_at TEXT NOT NULL,
2658
+ updated_at TEXT NOT NULL
2659
+ );
2660
+
2661
+ CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_memory
2662
+ ON agent_semantic_labels(source_memory_id, labeler);
2663
+
2664
+ CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_event
2665
+ ON agent_semantic_labels(event_id);
2666
+
2667
+ CREATE TABLE IF NOT EXISTS agent_reflection_checkpoints (
2668
+ id TEXT PRIMARY KEY,
2669
+ project_name TEXT,
2670
+ session_id TEXT,
2671
+ window_start_at TEXT NOT NULL,
2672
+ window_end_at TEXT NOT NULL,
2673
+ event_count INTEGER NOT NULL DEFAULT 0,
2674
+ goal_count INTEGER NOT NULL DEFAULT 0,
2675
+ success_count INTEGER NOT NULL DEFAULT 0,
2676
+ failure_count INTEGER NOT NULL DEFAULT 0,
2677
+ risk_count INTEGER NOT NULL DEFAULT 0,
2678
+ summary TEXT NOT NULL,
2679
+ learnings TEXT NOT NULL DEFAULT '[]',
2680
+ next_actions TEXT NOT NULL DEFAULT '[]',
2681
+ evidence_event_ids TEXT NOT NULL DEFAULT '[]',
2682
+ confidence REAL NOT NULL DEFAULT 0,
2683
+ created_at TEXT NOT NULL
2684
+ );
2685
+
2686
+ CREATE INDEX IF NOT EXISTS idx_agent_reflection_project_time
2687
+ ON agent_reflection_checkpoints(project_name, window_end_at);
2688
+
2689
+ CREATE INDEX IF NOT EXISTS idx_agent_reflection_session_time
2690
+ ON agent_reflection_checkpoints(session_id, window_end_at);
2691
+ `);
2554
2692
  try {
2555
2693
  await client.execute({
2556
2694
  sql: `ALTER TABLE memories ADD COLUMN tier INTEGER DEFAULT 3`,
@@ -2714,7 +2852,7 @@ __export(shard_manager_exports, {
2714
2852
  shardExists: () => shardExists
2715
2853
  });
2716
2854
  import path7 from "path";
2717
- import { existsSync as existsSync7, mkdirSync as mkdirSync2, readdirSync, renameSync as renameSync3, statSync as statSync2 } from "fs";
2855
+ import { existsSync as existsSync7, mkdirSync as mkdirSync2, readdirSync, renameSync as renameSync3, statSync as statSync3 } from "fs";
2718
2856
  import { createClient as createClient2 } from "@libsql/client";
2719
2857
  function initShardManager(encryptionKey) {
2720
2858
  _encryptionKey = encryptionKey;
@@ -2778,7 +2916,7 @@ async function auditShardHealth(options = {}) {
2778
2916
  const shards = [];
2779
2917
  for (const name of names) {
2780
2918
  const dbPath = path7.join(SHARDS_DIR, `${name}.db`);
2781
- const stat = statSync2(dbPath);
2919
+ const stat = statSync3(dbPath);
2782
2920
  const item = {
2783
2921
  name,
2784
2922
  path: dbPath,
@@ -3031,7 +3169,7 @@ async function getReadyShardClient(projectName) {
3031
3169
  _shardLastAccess.delete(safeName);
3032
3170
  const dbPath = path7.join(SHARDS_DIR, `${safeName}.db`);
3033
3171
  if (existsSync7(dbPath)) {
3034
- const stat = statSync2(dbPath);
3172
+ const stat = statSync3(dbPath);
3035
3173
  const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
3036
3174
  const archivedPath = path7.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
3037
3175
  renameSync3(dbPath, archivedPath);
@@ -3151,6 +3289,12 @@ var init_platform_procedures = __esm({
3151
3289
  priority: "p0",
3152
3290
  content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
3153
3291
  },
3292
+ {
3293
+ title: "Customer orchestration maturity \u2014 recommend, never trap",
3294
+ domain: "workflow",
3295
+ priority: "p1",
3296
+ content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
3297
+ },
3154
3298
  {
3155
3299
  title: "Single dispatch path \u2014 create_task only",
3156
3300
  domain: "workflow",
@@ -3209,6 +3353,12 @@ var init_platform_procedures = __esm({
3209
3353
  priority: "p0",
3210
3354
  content: "exe-build-adv is MANDATORY for ALL work touching 3+ files. Run /exe-build-adv --auto BEFORE implementation. Pipeline: Spec \u2192 AC \u2192 Tests \u2192 Evaluate \u2192 Fix. No multi-file feature ships without pipeline artifacts. No exceptions \u2014 managers reject work without them."
3211
3355
  },
3356
+ {
3357
+ title: "Commit discipline \u2014 never leave verified work floating",
3358
+ domain: "workflow",
3359
+ priority: "p1",
3360
+ content: "After any code-change batch passes typecheck/tests/build, run git status, summarize changed files, and commit with a clear message before ending the session. If work must remain uncommitted for review/dogfood, explicitly say so, list the files, and state the blocker. Never imply work is complete while verified changes are still floating locally."
3361
+ },
3212
3362
  {
3213
3363
  title: "Desktop and TUI are the same product",
3214
3364
  domain: "architecture",
@@ -3526,17 +3676,286 @@ var init_memory_cards = __esm({
3526
3676
  }
3527
3677
  });
3528
3678
 
3679
+ // src/lib/agentic-ontology.ts
3680
+ var agentic_ontology_exports = {};
3681
+ __export(agentic_ontology_exports, {
3682
+ clean: () => clean,
3683
+ extractGoalCandidates: () => extractGoalCandidates,
3684
+ inferIntention: () => inferIntention,
3685
+ inferOntologyEventType: () => inferOntologyEventType,
3686
+ inferOutcome: () => inferOutcome,
3687
+ inferSemanticLabel: () => inferSemanticLabel,
3688
+ insertOntologyForBatch: () => insertOntologyForBatch,
3689
+ insertOntologyForMemory: () => insertOntologyForMemory,
3690
+ ontologyPayload: () => ontologyPayload,
3691
+ stableId: () => stableId2
3692
+ });
3693
+ import { createHash as createHash3 } from "crypto";
3694
+ function stableId2(...parts) {
3695
+ return createHash3("sha256").update(parts.map((p) => String(p ?? "")).join("::")).digest("hex").slice(0, 32);
3696
+ }
3697
+ function clean(text, max = 240) {
3698
+ return text.replace(/\u0000/g, "").replace(/```[\s\S]*?```/g, " ").replace(/\s+/g, " ").trim().slice(0, max);
3699
+ }
3700
+ function inferOntologyEventType(row) {
3701
+ const lower = row.raw_text.toLowerCase();
3702
+ if (row.has_error) return "error";
3703
+ if (/\b(done|complete|completed|fixed|resolved|shipped|deployed|pushed|published)\b/.test(lower)) return "milestone";
3704
+ if (/\b(blocked|failed|error|bug|regression|broken)\b/.test(lower)) return "problem";
3705
+ if (/\b(decided|decision|adr|we chose|approved|rejected)\b/.test(lower)) return "decision";
3706
+ if (/\b(goal|need to|we need|want to|trying to|objective)\b/.test(lower)) return "goal_signal";
3707
+ if (["Bash", "Read", "Edit", "Write", "Grep", "Glob"].includes(row.tool_name)) return "tool_action";
3708
+ if (row.tool_name.startsWith("memory_card")) return "memory_card";
3709
+ return "memory_observation";
3710
+ }
3711
+ function inferIntention(row) {
3712
+ if (row.intent) return clean(row.intent, 220);
3713
+ const text = clean(row.raw_text, 1e3);
3714
+ const patterns = [
3715
+ /(?:we need to|need to|let'?s|i want to|we should|goal is to|objective is to|trying to)\s+([^.!?\n]{8,220})/i,
3716
+ /(?:so that|in order to)\s+([^.!?\n]{8,220})/i,
3717
+ /(?:task|plan):\s*([^.!?\n]{8,220})/i
3718
+ ];
3719
+ for (const p of patterns) {
3720
+ const m = text.match(p);
3721
+ if (m?.[1]) return clean(m[1], 220);
3722
+ }
3723
+ if (["Bash", "Read", "Edit", "Write", "Grep", "Glob"].includes(row.tool_name)) {
3724
+ return `${row.tool_name} during ${row.project_name}`;
3725
+ }
3726
+ return null;
3727
+ }
3728
+ function inferOutcome(row) {
3729
+ if (row.outcome) return clean(row.outcome, 220);
3730
+ if (row.has_error) return "error";
3731
+ const lower = row.raw_text.toLowerCase();
3732
+ if (/\b(done|complete|completed|fixed|resolved|shipped|deployed|pushed|published|passed)\b/.test(lower)) return "success_signal";
3733
+ if (/\b(blocked|failed|error|regression|broken|not working|could not)\b/.test(lower)) return "failure_signal";
3734
+ if (/\b(warning|risk|concern|caveat)\b/.test(lower)) return "risk_signal";
3735
+ return null;
3736
+ }
3737
+ function extractGoalCandidates(row) {
3738
+ const text = clean(row.raw_text, 1600);
3739
+ const patterns = [
3740
+ /(?:we need to|need to|i want to|we should|goal is to|objective is to|trying to|let'?s)\s+([^.!?\n]{12,220})/gi,
3741
+ /(?:success means|success criteria|so that)\s+([^.!?\n]{12,220})/gi
3742
+ ];
3743
+ const out = [];
3744
+ for (const pattern of patterns) {
3745
+ for (const m of text.matchAll(pattern)) {
3746
+ const candidate = clean(m[1] ?? "", 220);
3747
+ if (candidate.length >= 12 && !out.some((x) => x.toLowerCase() === candidate.toLowerCase())) out.push(candidate);
3748
+ if (out.length >= 3) return out;
3749
+ }
3750
+ }
3751
+ return out;
3752
+ }
3753
+ function uniq(values, max = 6) {
3754
+ const out = [];
3755
+ for (const value of values.map((v) => clean(v, 220)).filter(Boolean)) {
3756
+ if (!out.some((x) => x.toLowerCase() === value.toLowerCase())) out.push(value);
3757
+ if (out.length >= max) break;
3758
+ }
3759
+ return out;
3760
+ }
3761
+ function extractMatches(text, patterns, max = 5) {
3762
+ const out = [];
3763
+ for (const pattern of patterns) {
3764
+ for (const match of text.matchAll(pattern)) {
3765
+ const value = match[1] ?? match[0];
3766
+ if (value) out.push(value);
3767
+ if (out.length >= max) return uniq(out, max);
3768
+ }
3769
+ }
3770
+ return uniq(out, max);
3771
+ }
3772
+ function inferSemanticLabel(row) {
3773
+ const text = clean(row.raw_text, 2400);
3774
+ const eventType = inferOntologyEventType(row);
3775
+ const intention = inferIntention(row);
3776
+ const outcome = inferOutcome(row);
3777
+ const goals = extractGoalCandidates(row);
3778
+ const milestones = extractMatches(text, [
3779
+ /\b(?:completed|finished|fixed|resolved|shipped|deployed|published|pushed|passed)\b([^.!?\n]{0,180})/gi,
3780
+ /(?:milestone|done):\s*([^.!?\n]{8,220})/gi
3781
+ ]);
3782
+ const problems = extractMatches(text, [
3783
+ /\b(?:blocked by|failed because|bug|regression|broken|not working|error)\b([^.!?\n]{0,180})/gi,
3784
+ /(?:problem|issue|risk):\s*([^.!?\n]{8,220})/gi
3785
+ ]);
3786
+ const decisions = extractMatches(text, [
3787
+ /(?:decided|decision|adr|we chose|approved|rejected)\s+([^.!?\n]{8,220})/gi
3788
+ ]);
3789
+ const temporalAnchors = extractMatches(text, [
3790
+ /\b(\d{4}-\d{2}-\d{2}(?:[T ][0-9:.+-Z]+)?)\b/g,
3791
+ /\b(today|yesterday|tomorrow|this week|next week|last week|morning|afternoon|tonight)\b/gi
3792
+ ], 8);
3793
+ const nextActions = extractMatches(text, [
3794
+ /(?:next|todo|follow[- ]?up|remaining|need to)\s*:?\s*([^.!?\n]{8,220})/gi
3795
+ ]);
3796
+ const actors = uniq([
3797
+ row.agent_id,
3798
+ ...extractMatches(text, [/\b(?:agent|employee|owner|assignee)[:= ]+([a-zA-Z][a-zA-Z0-9_-]{1,40})/gi], 5)
3799
+ ], 6);
3800
+ const successSignals = milestones.length ? milestones : outcome === "success_signal" ? [clean(text, 180)] : [];
3801
+ const failureSignals = problems.length ? problems : outcome === "failure_signal" || row.has_error ? [clean(text, 180)] : [];
3802
+ const impact = successSignals.length && failureSignals.length ? "mixed" : failureSignals.length ? "negative" : successSignals.length ? "positive" : "neutral";
3803
+ const signalCount = goals.length + milestones.length + problems.length + decisions.length + nextActions.length;
3804
+ return {
3805
+ labeler: "deterministic",
3806
+ schemaVersion: 1,
3807
+ eventType,
3808
+ intention,
3809
+ outcome,
3810
+ impact,
3811
+ confidence: Math.min(0.95, 0.45 + signalCount * 0.08 + (intention ? 0.1 : 0) + (outcome ? 0.1 : 0)),
3812
+ goals,
3813
+ milestones,
3814
+ problems,
3815
+ decisions,
3816
+ actors,
3817
+ temporalAnchors,
3818
+ successSignals,
3819
+ failureSignals,
3820
+ nextActions,
3821
+ summary: clean(text, 280)
3822
+ };
3823
+ }
3824
+ function ontologyPayload(row) {
3825
+ const semantic = inferSemanticLabel(row);
3826
+ return {
3827
+ tool_name: row.tool_name,
3828
+ memory_version: row.version ?? null,
3829
+ domain: row.domain ?? null,
3830
+ trajectory: row.trajectory ? safeJson(row.trajectory) : null,
3831
+ semantic
3832
+ };
3833
+ }
3834
+ function safeJson(value) {
3835
+ try {
3836
+ return JSON.parse(value);
3837
+ } catch {
3838
+ return value.slice(0, 1e3);
3839
+ }
3840
+ }
3841
+ async function resolveClient(client) {
3842
+ if (client) return client;
3843
+ const { getClient: getClient2 } = await Promise.resolve().then(() => (init_database(), database_exports));
3844
+ return getClient2();
3845
+ }
3846
+ async function insertOntologyForMemory(row, client) {
3847
+ const db = await resolveClient(client);
3848
+ const occurredAt = row.timestamp;
3849
+ const sequence = Number(row.version ?? 0) || Math.floor(new Date(occurredAt).getTime() / 1e3);
3850
+ const eventType = inferOntologyEventType(row);
3851
+ const intention = inferIntention(row);
3852
+ const outcome = inferOutcome(row);
3853
+ const eventId = stableId2("event", row.id);
3854
+ const now = (/* @__PURE__ */ new Date()).toISOString();
3855
+ await db.execute({
3856
+ sql: `INSERT INTO agent_sessions (id, agent_id, project_name, started_at, last_event_at, event_count, properties)
3857
+ VALUES (?, ?, ?, ?, ?, 1, ?)
3858
+ ON CONFLICT(id) DO UPDATE SET last_event_at = MAX(last_event_at, excluded.last_event_at),
3859
+ event_count = event_count + 1`,
3860
+ args: [row.session_id, row.agent_id, row.project_name, occurredAt, occurredAt, JSON.stringify({ agent_role: row.agent_role })]
3861
+ });
3862
+ await db.execute({
3863
+ sql: `INSERT OR IGNORE INTO agent_events
3864
+ (id, event_type, occurred_at, sequence_index, actor_agent_id, agent_role, project_name,
3865
+ session_id, task_id, goal_id, parent_event_id, intention, outcome, evidence_memory_id,
3866
+ impact, payload, created_at)
3867
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, NULL, ?, ?, ?, ?, ?, ?)`,
3868
+ args: [
3869
+ eventId,
3870
+ eventType,
3871
+ occurredAt,
3872
+ sequence,
3873
+ row.agent_id,
3874
+ row.agent_role,
3875
+ row.project_name,
3876
+ row.session_id,
3877
+ row.task_id ?? null,
3878
+ intention,
3879
+ outcome,
3880
+ row.id,
3881
+ row.has_error ? "negative" : outcome === "success_signal" ? "positive" : "neutral",
3882
+ JSON.stringify(ontologyPayload(row)),
3883
+ now
3884
+ ]
3885
+ });
3886
+ const semantic = inferSemanticLabel(row);
3887
+ await db.execute({
3888
+ sql: `INSERT INTO agent_semantic_labels
3889
+ (id, source_memory_id, event_id, labeler, schema_version, confidence, labels, created_at, updated_at)
3890
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
3891
+ ON CONFLICT(id) DO UPDATE SET confidence = excluded.confidence,
3892
+ labels = excluded.labels, updated_at = excluded.updated_at`,
3893
+ args: [
3894
+ stableId2("semantic", row.id, semantic.labeler, semantic.schemaVersion),
3895
+ row.id,
3896
+ eventId,
3897
+ semantic.labeler,
3898
+ semantic.schemaVersion,
3899
+ semantic.confidence,
3900
+ JSON.stringify(semantic),
3901
+ now,
3902
+ now
3903
+ ]
3904
+ });
3905
+ for (const statement of extractGoalCandidates(row)) {
3906
+ const goalId = stableId2("goal", row.project_name, statement.toLowerCase());
3907
+ await db.execute({
3908
+ sql: `INSERT INTO agent_goals
3909
+ (id, statement, owner_agent_id, project_name, status, priority, success_criteria,
3910
+ parent_goal_id, due_at, achieved_at, supersedes_id, created_at, updated_at, source_memory_id)
3911
+ VALUES (?, ?, ?, ?, 'open', 5, NULL, NULL, NULL, NULL, NULL, ?, ?, ?)
3912
+ ON CONFLICT(id) DO UPDATE SET updated_at = excluded.updated_at`,
3913
+ args: [goalId, statement, row.agent_id, row.project_name, now, now, row.id]
3914
+ });
3915
+ await db.execute({
3916
+ sql: `INSERT OR IGNORE INTO agent_goal_links
3917
+ (id, goal_id, link_type, target_id, target_type, created_at)
3918
+ VALUES (?, ?, 'evidence', ?, 'memory', ?)`,
3919
+ args: [stableId2("goal_link", goalId, row.id, "memory"), goalId, row.id, now]
3920
+ });
3921
+ await db.execute({
3922
+ sql: `INSERT OR IGNORE INTO agent_goal_links
3923
+ (id, goal_id, link_type, target_id, target_type, created_at)
3924
+ VALUES (?, ?, 'event', ?, 'event', ?)`,
3925
+ args: [stableId2("goal_link", goalId, eventId, "event"), goalId, eventId, now]
3926
+ });
3927
+ }
3928
+ }
3929
+ async function insertOntologyForBatch(rows, client) {
3930
+ const db = await resolveClient(client);
3931
+ let count = 0;
3932
+ for (const row of rows) {
3933
+ try {
3934
+ await insertOntologyForMemory(row, db);
3935
+ count++;
3936
+ } catch {
3937
+ }
3938
+ }
3939
+ return count;
3940
+ }
3941
+ var init_agentic_ontology = __esm({
3942
+ "src/lib/agentic-ontology.ts"() {
3943
+ "use strict";
3944
+ }
3945
+ });
3946
+
3529
3947
  // src/lib/store.ts
3530
3948
  init_memory();
3531
3949
  init_database();
3532
3950
 
3533
3951
  // src/lib/keychain.ts
3534
3952
  import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
3535
- import { existsSync as existsSync6 } from "fs";
3953
+ import { existsSync as existsSync6, statSync as statSync2 } from "fs";
3536
3954
  import { execSync as execSync2 } from "child_process";
3537
3955
  import path6 from "path";
3538
3956
  import os5 from "os";
3539
- var SERVICE = "exe-mem";
3957
+ var SERVICE = "exe-os";
3958
+ var LEGACY_SERVICE = "exe-mem";
3540
3959
  var ACCOUNT = "master-key";
3541
3960
  function getKeyDir() {
3542
3961
  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path6.join(os5.homedir(), ".exe-os");
@@ -3544,29 +3963,79 @@ function getKeyDir() {
3544
3963
  function getKeyPath() {
3545
3964
  return path6.join(getKeyDir(), "master.key");
3546
3965
  }
3547
- function macKeychainGet() {
3966
+ function nativeKeychainAllowed() {
3967
+ return process.env.EXE_OS_DISABLE_NATIVE_KEYCHAIN !== "1";
3968
+ }
3969
+ var linuxSecretAvailability = null;
3970
+ function linuxSecretAvailable() {
3971
+ if (!nativeKeychainAllowed()) return false;
3972
+ if (process.platform !== "linux") return false;
3973
+ if (linuxSecretAvailability !== null) return linuxSecretAvailability;
3974
+ try {
3975
+ execSync2("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
3976
+ } catch {
3977
+ linuxSecretAvailability = false;
3978
+ return false;
3979
+ }
3980
+ try {
3981
+ execSync2("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
3982
+ linuxSecretAvailability = true;
3983
+ } catch {
3984
+ linuxSecretAvailability = false;
3985
+ }
3986
+ return linuxSecretAvailability;
3987
+ }
3988
+ function isRootOnlyTrustedServerKeyFile(keyPath) {
3989
+ if (process.platform !== "linux") return false;
3990
+ try {
3991
+ const uid = typeof os5.userInfo().uid === "number" ? os5.userInfo().uid : -1;
3992
+ const st = statSync2(keyPath);
3993
+ if (!st.isFile() || (st.mode & 63) !== 0) return false;
3994
+ if (uid === 0) return true;
3995
+ const exeOsDir = process.env.EXE_OS_DIR;
3996
+ return Boolean(exeOsDir && path6.resolve(keyPath).startsWith(path6.resolve(exeOsDir) + path6.sep));
3997
+ } catch {
3998
+ return false;
3999
+ }
4000
+ }
4001
+ function macKeychainGet(service = SERVICE) {
4002
+ if (!nativeKeychainAllowed()) return null;
3548
4003
  if (process.platform !== "darwin") return null;
3549
4004
  try {
3550
4005
  return execSync2(
3551
- `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w 2>/dev/null`,
4006
+ `security find-generic-password -s "${service}" -a "${ACCOUNT}" -w 2>/dev/null`,
3552
4007
  { encoding: "utf-8", timeout: 5e3 }
3553
4008
  ).trim();
3554
4009
  } catch {
3555
4010
  return null;
3556
4011
  }
3557
4012
  }
3558
- function macKeychainSet(value) {
4013
+ function macKeychainSet(value, service = SERVICE) {
4014
+ if (!nativeKeychainAllowed()) return false;
3559
4015
  if (process.platform !== "darwin") return false;
3560
4016
  try {
3561
4017
  try {
3562
4018
  execSync2(
3563
- `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
4019
+ `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
3564
4020
  { timeout: 5e3 }
3565
4021
  );
3566
4022
  } catch {
3567
4023
  }
3568
4024
  execSync2(
3569
- `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
4025
+ `security add-generic-password -s "${service}" -a "${ACCOUNT}" -w "${value}"`,
4026
+ { timeout: 5e3 }
4027
+ );
4028
+ return true;
4029
+ } catch {
4030
+ return false;
4031
+ }
4032
+ }
4033
+ function macKeychainDelete(service = SERVICE) {
4034
+ if (!nativeKeychainAllowed()) return false;
4035
+ if (process.platform !== "darwin") return false;
4036
+ try {
4037
+ execSync2(
4038
+ `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
3570
4039
  { timeout: 5e3 }
3571
4040
  );
3572
4041
  return true;
@@ -3574,22 +4043,35 @@ function macKeychainSet(value) {
3574
4043
  return false;
3575
4044
  }
3576
4045
  }
3577
- function linuxSecretGet() {
3578
- if (process.platform !== "linux") return null;
4046
+ function linuxSecretGet(service = SERVICE) {
4047
+ if (!linuxSecretAvailable()) return null;
3579
4048
  try {
3580
4049
  return execSync2(
3581
- `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
4050
+ `secret-tool lookup service "${service}" account "${ACCOUNT}" 2>/dev/null`,
3582
4051
  { encoding: "utf-8", timeout: 5e3 }
3583
4052
  ).trim();
3584
4053
  } catch {
3585
4054
  return null;
3586
4055
  }
3587
4056
  }
3588
- function linuxSecretSet(value) {
4057
+ function linuxSecretSet(value, service = SERVICE) {
4058
+ if (!linuxSecretAvailable()) return false;
4059
+ try {
4060
+ execSync2(
4061
+ `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${service}" account "${ACCOUNT}" 2>/dev/null`,
4062
+ { timeout: 5e3 }
4063
+ );
4064
+ return true;
4065
+ } catch {
4066
+ return false;
4067
+ }
4068
+ }
4069
+ function linuxSecretDelete(service = SERVICE) {
4070
+ if (!nativeKeychainAllowed()) return false;
3589
4071
  if (process.platform !== "linux") return false;
3590
4072
  try {
3591
4073
  execSync2(
3592
- `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${SERVICE}" account "${ACCOUNT}"`,
4074
+ `secret-tool clear service "${service}" account "${ACCOUNT}" 2>/dev/null`,
3593
4075
  { timeout: 5e3 }
3594
4076
  );
3595
4077
  return true;
@@ -3598,6 +4080,7 @@ function linuxSecretSet(value) {
3598
4080
  }
3599
4081
  }
3600
4082
  async function tryKeytar() {
4083
+ if (!nativeKeychainAllowed()) return null;
3601
4084
  try {
3602
4085
  return await import("keytar");
3603
4086
  } catch {
@@ -3672,7 +4155,19 @@ async function writeMachineBoundFileFallback(b64) {
3672
4155
  return "plaintext";
3673
4156
  }
3674
4157
  async function getMasterKey() {
3675
- const nativeValue = macKeychainGet() ?? linuxSecretGet();
4158
+ let nativeValue = macKeychainGet() ?? linuxSecretGet();
4159
+ if (!nativeValue) {
4160
+ const legacyValue = macKeychainGet(LEGACY_SERVICE) ?? linuxSecretGet(LEGACY_SERVICE);
4161
+ if (legacyValue) {
4162
+ const migrated = macKeychainSet(legacyValue) || linuxSecretSet(legacyValue);
4163
+ if (migrated) {
4164
+ macKeychainDelete(LEGACY_SERVICE);
4165
+ linuxSecretDelete(LEGACY_SERVICE);
4166
+ process.stderr.write("[keychain] Migrated keychain service from exe-mem to exe-os.\n");
4167
+ }
4168
+ nativeValue = legacyValue;
4169
+ }
4170
+ }
3676
4171
  if (nativeValue) {
3677
4172
  return Buffer.from(nativeValue, "base64");
3678
4173
  }
@@ -3680,12 +4175,17 @@ async function getMasterKey() {
3680
4175
  if (keytar) {
3681
4176
  try {
3682
4177
  const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
3683
- if (keytarValue) {
3684
- const migrated = macKeychainSet(keytarValue) || linuxSecretSet(keytarValue);
4178
+ const legacyKeytarValue = keytarValue ?? await keytar.getPassword(LEGACY_SERVICE, ACCOUNT);
4179
+ if (legacyKeytarValue) {
4180
+ const migrated = macKeychainSet(legacyKeytarValue) || linuxSecretSet(legacyKeytarValue);
3685
4181
  if (migrated) {
3686
4182
  process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
4183
+ try {
4184
+ await keytar.deletePassword(LEGACY_SERVICE, ACCOUNT);
4185
+ } catch {
4186
+ }
3687
4187
  }
3688
- return Buffer.from(keytarValue, "base64");
4188
+ return Buffer.from(legacyKeytarValue, "base64");
3689
4189
  }
3690
4190
  } catch {
3691
4191
  }
@@ -3710,7 +4210,7 @@ async function getMasterKey() {
3710
4210
  const decrypted = decryptWithMachineKey(content, machineKey);
3711
4211
  if (!decrypted) {
3712
4212
  process.stderr.write(
3713
- "[keychain] Key decryption failed \u2014 machine may have changed.\n Use your 24-word recovery phrase: exe-os link import\n"
4213
+ "[keychain] Key decryption failed \u2014 machine may have changed.\n Use your 24-word recovery phrase during setup: exe-os setup\n"
3714
4214
  );
3715
4215
  return null;
3716
4216
  }
@@ -3719,6 +4219,9 @@ async function getMasterKey() {
3719
4219
  b64Value = content;
3720
4220
  }
3721
4221
  const key = Buffer.from(b64Value, "base64");
4222
+ if (!content.startsWith(ENCRYPTED_PREFIX) && isRootOnlyTrustedServerKeyFile(keyPath)) {
4223
+ return key;
4224
+ }
3722
4225
  const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
3723
4226
  if (migrated) {
3724
4227
  process.stderr.write("[keychain] Migrated key from file to native keychain.\n");
@@ -4085,6 +4588,11 @@ async function flushBatch() {
4085
4588
  await insertMemoryCardsForBatch2(batch);
4086
4589
  } catch {
4087
4590
  }
4591
+ try {
4592
+ const { insertOntologyForBatch: insertOntologyForBatch2 } = await Promise.resolve().then(() => (init_agentic_ontology(), agentic_ontology_exports));
4593
+ await insertOntologyForBatch2(batch);
4594
+ } catch {
4595
+ }
4088
4596
  schedulePostWriteMemoryHygiene(batch.map((row) => row.id));
4089
4597
  _pendingRecords.splice(0, batch.length);
4090
4598
  try {