@askexenow/exe-os 0.9.65 → 0.9.67

package/dist/lib/schedules.js

@@ -178,6 +178,11 @@ function normalizeAutoUpdate(raw) {
   const userAU = raw.autoUpdate ?? {};
   raw.autoUpdate = { ...defaultAU, ...userAU };
 }
+function normalizeOrchestration(raw) {
+  const defaultOrg = DEFAULT_CONFIG.orchestration;
+  const userOrg = raw.orchestration ?? {};
+  raw.orchestration = { ...defaultOrg, ...userOrg };
+}
 async function loadConfig() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
   await ensurePrivateDir(dir);
@@ -202,10 +207,15 @@ async function loadConfig() {
     normalizeScalingRoadmap(migratedCfg);
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
+    normalizeOrchestration(migratedCfg);
     const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
     if (config.dbPath.startsWith("~")) {
       config.dbPath = config.dbPath.replace(/^~/, os.homedir());
     }
+    const envDbPath = path.join(dir, "memories.db");
+    if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync2(config.dbPath) && existsSync2(envDbPath)) {
+      config.dbPath = envDbPath;
+    }
     return config;
   } catch {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
@@ -277,6 +287,10 @@ var init_config = __esm({
         checkOnBoot: true,
         autoInstall: false,
         checkIntervalMs: 24 * 60 * 60 * 1e3
+      },
+      orchestration: {
+        phase: "phase_1_coo",
+        phaseSetBy: "default"
       }
     };
     CONFIG_MIGRATIONS = [
@@ -1518,6 +1532,9 @@ function getClient() {
   if (_daemonClient && _daemonClient._isDaemonActive()) {
     return _daemonClient;
   }
+  if (!_resilientClient) {
+    return _adapterClient;
+  }
   return _resilientClient;
 }
 async function initDaemonClient() {
@@ -2550,6 +2567,127 @@ async function ensureSchema() {
       VALUES (new.rowid, new.content, new.subject, new.predicate, new.object);
     END;
   `);
+  await client.executeMultiple(`
+    CREATE TABLE IF NOT EXISTS agent_sessions (
+      id              TEXT PRIMARY KEY,
+      agent_id        TEXT NOT NULL,
+      project_name    TEXT,
+      started_at      TEXT NOT NULL,
+      last_event_at   TEXT NOT NULL,
+      event_count     INTEGER NOT NULL DEFAULT 0,
+      properties      TEXT DEFAULT '{}'
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_sessions_agent_time
+      ON agent_sessions(agent_id, started_at);
+
+    CREATE TABLE IF NOT EXISTS agent_goals (
+      id                TEXT PRIMARY KEY,
+      statement         TEXT NOT NULL,
+      owner_agent_id    TEXT,
+      project_name      TEXT,
+      status            TEXT NOT NULL DEFAULT 'open',
+      priority          INTEGER NOT NULL DEFAULT 5,
+      success_criteria  TEXT,
+      parent_goal_id    TEXT,
+      due_at            TEXT,
+      achieved_at       TEXT,
+      supersedes_id     TEXT,
+      created_at        TEXT NOT NULL,
+      updated_at        TEXT NOT NULL,
+      source_memory_id  TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_goals_project_status
+      ON agent_goals(project_name, status, priority);
+
+    CREATE TABLE IF NOT EXISTS agent_events (
+      id                  TEXT PRIMARY KEY,
+      event_type          TEXT NOT NULL,
+      occurred_at         TEXT NOT NULL,
+      sequence_index      INTEGER NOT NULL,
+      actor_agent_id      TEXT,
+      agent_role          TEXT,
+      project_name        TEXT,
+      session_id          TEXT,
+      task_id             TEXT,
+      goal_id             TEXT,
+      parent_event_id     TEXT,
+      intention           TEXT,
+      outcome             TEXT,
+      evidence_memory_id  TEXT,
+      impact              TEXT,
+      payload             TEXT DEFAULT '{}',
+      created_at          TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_events_time
+      ON agent_events(occurred_at, sequence_index);
+
+    CREATE INDEX IF NOT EXISTS idx_agent_events_session_seq
+      ON agent_events(session_id, sequence_index);
+
+    CREATE INDEX IF NOT EXISTS idx_agent_events_goal_time
+      ON agent_events(goal_id, occurred_at);
+
+    CREATE INDEX IF NOT EXISTS idx_agent_events_memory
+      ON agent_events(evidence_memory_id);
+
+    CREATE TABLE IF NOT EXISTS agent_goal_links (
+      id           TEXT PRIMARY KEY,
+      goal_id      TEXT NOT NULL,
+      link_type    TEXT NOT NULL,
+      target_id    TEXT NOT NULL,
+      target_type  TEXT NOT NULL,
+      created_at   TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_goal_links_goal
+      ON agent_goal_links(goal_id, target_type);
+
+    CREATE TABLE IF NOT EXISTS agent_semantic_labels (
+      id                TEXT PRIMARY KEY,
+      source_memory_id  TEXT NOT NULL,
+      event_id          TEXT,
+      labeler           TEXT NOT NULL,
+      schema_version    INTEGER NOT NULL DEFAULT 1,
+      confidence        REAL NOT NULL DEFAULT 0,
+      labels            TEXT NOT NULL,
+      created_at        TEXT NOT NULL,
+      updated_at        TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_memory
+      ON agent_semantic_labels(source_memory_id, labeler);
+
+    CREATE INDEX IF NOT EXISTS idx_agent_semantic_labels_event
+      ON agent_semantic_labels(event_id);
+
+    CREATE TABLE IF NOT EXISTS agent_reflection_checkpoints (
+      id                  TEXT PRIMARY KEY,
+      project_name        TEXT,
+      session_id          TEXT,
+      window_start_at     TEXT NOT NULL,
+      window_end_at       TEXT NOT NULL,
+      event_count         INTEGER NOT NULL DEFAULT 0,
+      goal_count          INTEGER NOT NULL DEFAULT 0,
+      success_count       INTEGER NOT NULL DEFAULT 0,
+      failure_count       INTEGER NOT NULL DEFAULT 0,
+      risk_count          INTEGER NOT NULL DEFAULT 0,
+      summary             TEXT NOT NULL,
+      learnings           TEXT NOT NULL DEFAULT '[]',
+      next_actions        TEXT NOT NULL DEFAULT '[]',
+      evidence_event_ids  TEXT NOT NULL DEFAULT '[]',
+      confidence          REAL NOT NULL DEFAULT 0,
+      created_at          TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_agent_reflection_project_time
+      ON agent_reflection_checkpoints(project_name, window_end_at);
+
+    CREATE INDEX IF NOT EXISTS idx_agent_reflection_session_time
+      ON agent_reflection_checkpoints(session_id, window_end_at);
+  `);
   try {
     await client.execute({
       sql: `ALTER TABLE memories ADD COLUMN tier INTEGER DEFAULT 3`,
@@ -2713,7 +2851,7 @@ __export(shard_manager_exports, {
   shardExists: () => shardExists
 });
 import path7 from "path";
-import { existsSync as existsSync7, mkdirSync as mkdirSync2, readdirSync, renameSync as renameSync3, statSync as statSync2 } from "fs";
+import { existsSync as existsSync7, mkdirSync as mkdirSync2, readdirSync, renameSync as renameSync3, statSync as statSync3 } from "fs";
 import { createClient as createClient2 } from "@libsql/client";
 function initShardManager(encryptionKey) {
   _encryptionKey = encryptionKey;
@@ -2777,7 +2915,7 @@ async function auditShardHealth(options = {}) {
   const shards = [];
   for (const name of names) {
     const dbPath = path7.join(SHARDS_DIR, `${name}.db`);
-    const stat = statSync2(dbPath);
+    const stat = statSync3(dbPath);
     const item = {
       name,
       path: dbPath,
@@ -3030,7 +3168,7 @@ async function getReadyShardClient(projectName) {
     _shardLastAccess.delete(safeName);
     const dbPath = path7.join(SHARDS_DIR, `${safeName}.db`);
     if (existsSync7(dbPath)) {
-      const stat = statSync2(dbPath);
+      const stat = statSync3(dbPath);
       const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
       const archivedPath = path7.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
       renameSync3(dbPath, archivedPath);
@@ -3150,6 +3288,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Founder -> coordinator (the executive agent, internally routed as 'COO') -> CTO/CMO. CTO -> engineers. CMO -> content production. Never skip levels: the coordinator does not bypass managers for specialist work. Specialists report to their manager. If you need cross-team info, use ask_team_memory \u2014 don't read other agents' task folders. Each level owns dispatch downward and review upward."
       },
+      {
+        title: "Customer orchestration maturity \u2014 recommend, never trap",
+        domain: "workflow",
+        priority: "p1",
+        content: "New customers start best in Phase 1: founder \u2194 coordinator/Chief of Staff, building company context. Suggest Phase 2 executives when domain work repeats; suggest Phase 3 parallel execution only when review/permission gates are ready. This is guidance, not a blocker: users may jump phases anytime. Never overwrite their phase, role titles, identities, or custom org design."
+      },
       {
         title: "Single dispatch path \u2014 create_task only",
         domain: "workflow",
@@ -3208,6 +3352,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "exe-build-adv is MANDATORY for ALL work touching 3+ files. Run /exe-build-adv --auto BEFORE implementation. Pipeline: Spec \u2192 AC \u2192 Tests \u2192 Evaluate \u2192 Fix. No multi-file feature ships without pipeline artifacts. No exceptions \u2014 managers reject work without them."
       },
+      {
+        title: "Commit discipline \u2014 never leave verified work floating",
+        domain: "workflow",
+        priority: "p1",
+        content: "After any code-change batch passes typecheck/tests/build, run git status, summarize changed files, and commit with a clear message before ending the session. If work must remain uncommitted for review/dogfood, explicitly say so, list the files, and state the blocker. Never imply work is complete while verified changes are still floating locally."
+      },
       {
         title: "Desktop and TUI are the same product",
         domain: "architecture",
@@ -3378,11 +3528,12 @@ init_database();
 
 // src/lib/keychain.ts
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
-import { existsSync as existsSync6 } from "fs";
+import { existsSync as existsSync6, statSync as statSync2 } from "fs";
 import { execSync as execSync2 } from "child_process";
 import path6 from "path";
 import os5 from "os";
-var SERVICE = "exe-mem";
+var SERVICE = "exe-os";
+var LEGACY_SERVICE = "exe-mem";
 var ACCOUNT = "master-key";
 function getKeyDir() {
   return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path6.join(os5.homedir(), ".exe-os");
@@ -3390,29 +3541,66 @@ function getKeyDir() {
 function getKeyPath() {
   return path6.join(getKeyDir(), "master.key");
 }
-function macKeychainGet() {
+function nativeKeychainAllowed() {
+  return process.env.EXE_OS_DISABLE_NATIVE_KEYCHAIN !== "1";
+}
+var linuxSecretAvailability = null;
+function linuxSecretAvailable() {
+  if (!nativeKeychainAllowed()) return false;
+  if (process.platform !== "linux") return false;
+  if (linuxSecretAvailability !== null) return linuxSecretAvailability;
+  try {
+    execSync2("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
+  } catch {
+    linuxSecretAvailability = false;
+    return false;
+  }
+  try {
+    execSync2("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
+    linuxSecretAvailability = true;
+  } catch {
+    linuxSecretAvailability = false;
+  }
+  return linuxSecretAvailability;
+}
+function isRootOnlyTrustedServerKeyFile(keyPath) {
+  if (process.platform !== "linux") return false;
+  try {
+    const uid = typeof os5.userInfo().uid === "number" ? os5.userInfo().uid : -1;
+    const st = statSync2(keyPath);
+    if (!st.isFile() || (st.mode & 63) !== 0) return false;
+    if (uid === 0) return true;
+    const exeOsDir = process.env.EXE_OS_DIR;
+    return Boolean(exeOsDir && path6.resolve(keyPath).startsWith(path6.resolve(exeOsDir) + path6.sep));
+  } catch {
+    return false;
+  }
+}
+function macKeychainGet(service = SERVICE) {
+  if (!nativeKeychainAllowed()) return null;
   if (process.platform !== "darwin") return null;
   try {
     return execSync2(
-      `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w 2>/dev/null`,
+      `security find-generic-password -s "${service}" -a "${ACCOUNT}" -w 2>/dev/null`,
       { encoding: "utf-8", timeout: 5e3 }
     ).trim();
   } catch {
     return null;
   }
 }
-function macKeychainSet(value) {
+function macKeychainSet(value, service = SERVICE) {
+  if (!nativeKeychainAllowed()) return false;
   if (process.platform !== "darwin") return false;
   try {
     try {
       execSync2(
-        `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
+        `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
         { timeout: 5e3 }
       );
     } catch {
     }
     execSync2(
-      `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
+      `security add-generic-password -s "${service}" -a "${ACCOUNT}" -w "${value}"`,
       { timeout: 5e3 }
     );
     return true;
@@ -3420,22 +3608,48 @@ function macKeychainSet(value) {
     return false;
   }
 }
-function linuxSecretGet() {
-  if (process.platform !== "linux") return null;
+function macKeychainDelete(service = SERVICE) {
+  if (!nativeKeychainAllowed()) return false;
+  if (process.platform !== "darwin") return false;
+  try {
+    execSync2(
+      `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function linuxSecretGet(service = SERVICE) {
+  if (!linuxSecretAvailable()) return null;
   try {
     return execSync2(
-      `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
+      `secret-tool lookup service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { encoding: "utf-8", timeout: 5e3 }
     ).trim();
   } catch {
     return null;
   }
 }
-function linuxSecretSet(value) {
+function linuxSecretSet(value, service = SERVICE) {
+  if (!linuxSecretAvailable()) return false;
+  try {
+    execSync2(
+      `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${service}" account "${ACCOUNT}" 2>/dev/null`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function linuxSecretDelete(service = SERVICE) {
+  if (!nativeKeychainAllowed()) return false;
   if (process.platform !== "linux") return false;
   try {
     execSync2(
-      `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${SERVICE}" account "${ACCOUNT}"`,
+      `secret-tool clear service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );
     return true;
@@ -3444,6 +3658,7 @@ function linuxSecretSet(value) {
   }
 }
 async function tryKeytar() {
+  if (!nativeKeychainAllowed()) return null;
   try {
     return await import("keytar");
   } catch {
@@ -3518,7 +3733,19 @@ async function writeMachineBoundFileFallback(b64) {
   return "plaintext";
 }
 async function getMasterKey() {
-  const nativeValue = macKeychainGet() ?? linuxSecretGet();
+  let nativeValue = macKeychainGet() ?? linuxSecretGet();
+  if (!nativeValue) {
+    const legacyValue = macKeychainGet(LEGACY_SERVICE) ?? linuxSecretGet(LEGACY_SERVICE);
+    if (legacyValue) {
+      const migrated = macKeychainSet(legacyValue) || linuxSecretSet(legacyValue);
+      if (migrated) {
+        macKeychainDelete(LEGACY_SERVICE);
+        linuxSecretDelete(LEGACY_SERVICE);
+        process.stderr.write("[keychain] Migrated keychain service from exe-mem to exe-os.\n");
+      }
+      nativeValue = legacyValue;
+    }
+  }
   if (nativeValue) {
     return Buffer.from(nativeValue, "base64");
   }
@@ -3526,12 +3753,17 @@ async function getMasterKey() {
   if (keytar) {
     try {
       const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (keytarValue) {
-        const migrated = macKeychainSet(keytarValue) || linuxSecretSet(keytarValue);
+      const legacyKeytarValue = keytarValue ?? await keytar.getPassword(LEGACY_SERVICE, ACCOUNT);
+      if (legacyKeytarValue) {
+        const migrated = macKeychainSet(legacyKeytarValue) || linuxSecretSet(legacyKeytarValue);
         if (migrated) {
           process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
+          try {
+            await keytar.deletePassword(LEGACY_SERVICE, ACCOUNT);
+          } catch {
+          }
         }
-        return Buffer.from(keytarValue, "base64");
+        return Buffer.from(legacyKeytarValue, "base64");
       }
     } catch {
     }
@@ -3556,7 +3788,7 @@ async function getMasterKey() {
       const decrypted = decryptWithMachineKey(content, machineKey);
       if (!decrypted) {
         process.stderr.write(
-          "[keychain] Key decryption failed \u2014 machine may have changed.\n  Use your 24-word recovery phrase: exe-os link import\n"
+          "[keychain] Key decryption failed \u2014 machine may have changed.\n  Use your 24-word recovery phrase during setup: exe-os setup\n"
         );
         return null;
       }
@@ -3565,6 +3797,9 @@ async function getMasterKey() {
       b64Value = content;
     }
     const key = Buffer.from(b64Value, "base64");
+    if (!content.startsWith(ENCRYPTED_PREFIX) && isRootOnlyTrustedServerKeyFile(keyPath)) {
+      return key;
+    }
     const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
     if (migrated) {
       process.stderr.write("[keychain] Migrated key from file to native keychain.\n");

package/dist/lib/skill-learning.js

@@ -138,6 +138,11 @@ function normalizeAutoUpdate(raw) {
   const userAU = raw.autoUpdate ?? {};
   raw.autoUpdate = { ...defaultAU, ...userAU };
 }
+function normalizeOrchestration(raw) {
+  const defaultOrg = DEFAULT_CONFIG.orchestration;
+  const userOrg = raw.orchestration ?? {};
+  raw.orchestration = { ...defaultOrg, ...userOrg };
+}
 async function loadConfig() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
   await ensurePrivateDir(dir);
@@ -162,10 +167,15 @@ async function loadConfig() {
     normalizeScalingRoadmap(migratedCfg);
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
+    normalizeOrchestration(migratedCfg);
     const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
     if (config.dbPath.startsWith("~")) {
       config.dbPath = config.dbPath.replace(/^~/, os.homedir());
     }
+    const envDbPath = path.join(dir, "memories.db");
+    if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync2(config.dbPath) && existsSync2(envDbPath)) {
+      config.dbPath = envDbPath;
+    }
     return config;
   } catch {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
@@ -185,7 +195,16 @@ function loadConfigSync() {
     normalizeScalingRoadmap(migratedCfg);
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
-    return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
+    normalizeOrchestration(migratedCfg);
+    const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
+    if (config.dbPath.startsWith("~")) {
+      config.dbPath = config.dbPath.replace(/^~/, os.homedir());
+    }
+    const envDbPath = path.join(dir, "memories.db");
+    if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync2(config.dbPath) && existsSync2(envDbPath)) {
+      config.dbPath = envDbPath;
+    }
+    return config;
   } catch {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
   }
@@ -206,6 +225,7 @@ async function loadConfigFrom(configPath) {
     normalizeScalingRoadmap(migratedCfg);
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
+    normalizeOrchestration(migratedCfg);
     return { ...DEFAULT_CONFIG, ...migratedCfg };
   } catch {
     return { ...DEFAULT_CONFIG };
@@ -277,6 +297,10 @@ var init_config = __esm({
         checkOnBoot: true,
         autoInstall: false,
         checkIntervalMs: 24 * 60 * 60 * 1e3
+      },
+      orchestration: {
+        phase: "phase_1_coo",
+        phaseSetBy: "default"
       }
     };
     CONFIG_MIGRATIONS = [
@@ -884,6 +908,9 @@ function getClient() {
   if (_daemonClient && _daemonClient._isDaemonActive()) {
     return _daemonClient;
   }
+  if (!_resilientClient) {
+    return _adapterClient;
+  }
   return _resilientClient;
 }
 

package/dist/lib/status-brief.js

@@ -60,6 +60,8 @@ async function generateStatusBrief(employees, data, _activeAgentIds) {
   }
   const sections = [];
   sections.push([` EXE STATUS BRIEF \u2014 ${dateStr}${sessionTag}`]);
+  const orchestrationLines = buildOrchestrationPhase(data, employees);
+  if (orchestrationLines.length > 0) sections.push(orchestrationLines);
   const reminderLines = buildReminders(data);
   if (reminderLines.length > 0) sections.push(reminderLines);
   const actionLines = buildActionRequired(data);
@@ -102,6 +104,11 @@ function buildFirstBootBrief(employees, dateStr, sessionTag) {
     bodyLines.push(`  ${emoji} ${emp.name}${role}`);
   }
   bodyLines.push("");
+  bodyLines.push(" \u{1F9ED} Orchestration:");
+  bodyLines.push("  \u2022 Phase 1 \u2014 COO / Chief of Staff mode");
+  bodyLines.push("  \u2022 Recommended start: build company context first");
+  bodyLines.push("  \u2022 You can unlock executives or parallel mode anytime");
+  bodyLines.push("");
   bodyLines.push(" \u{1F4A1} Quick start:");
   bodyLines.push("  \u2022 Run `exe-os backfill-conversations` to import Claude Code history");
   bodyLines.push("  \u2022 Say `/exe` to launch your COO with a full status brief");
@@ -132,6 +139,38 @@ function buildReminders(data) {
   }
   return lines;
 }
+function buildOrchestrationPhase(data, employees) {
+  if (!data.orchestrationPhase) return [];
+  const phase = data.orchestrationPhase;
+  const hasExecutiveBench = employees.some((e) => ["cto", "cmo"].includes(e.role.toLowerCase()));
+  const openWorkCount = data.globalTasks.filter((t) => t.status === "open" || t.status === "in_progress").length;
+  const domainKeywordHits = data.globalTasks.filter(
+    (t) => /\b(api|bug|code|repo|build|deploy|design|brand|copy|content|marketing|legal|finance|sales|crm)\b/i.test(t.title)
+  ).length;
+  const phase1Signal = !hasExecutiveBench && (openWorkCount >= 3 || domainKeywordHits >= 2);
+  if (phase === "phase_2_executives") {
+    return [
+      "\u{1F9ED} ORCHESTRATION",
+      "  Phase 2 \u2014 Executive bench",
+      "  Focus: COO works with CTO/CMO/domain executives before specialist fan-out",
+      "  You can switch phases anytime: exe-os org phase"
+    ];
+  }
+  if (phase === "phase_3_parallel_org") {
+    return [
+      "\u{1F9ED} ORCHESTRATION",
+      "  Phase 3 \u2014 Parallel execution org",
+      "  Focus: executives can delegate to specialists in parallel with review gates",
+      "  You can switch phases anytime: exe-os org phase"
+    ];
+  }
+  return [
+    "\u{1F9ED} ORCHESTRATION",
+    "  Phase 1 \u2014 COO / Chief of Staff mode",
+    "  Focus: building company context before delegation",
+    phase1Signal ? "  Signal: repeated domain work detected. Consider: exe-os org unlock executives" : "  Ready later? exe-os org unlock executives"
+  ];
+}
 function buildActionRequired(data) {
   const lines = [];
   let hasIssues = false;