@askexenow/exe-os 0.9.8 → 0.9.9

package/dist/lib/exe-daemon.js

@@ -25,6 +25,44 @@ var __copyProps = (to, from, except, desc) => {
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/lib/secure-files.ts
+import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmod, mkdir } from "fs/promises";
+async function ensurePrivateDir(dirPath) {
+  await mkdir(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    await chmod(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+function ensurePrivateDirSync(dirPath) {
+  mkdirSync(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    chmodSync(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+async function enforcePrivateFile(filePath) {
+  try {
+    await chmod(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+function enforcePrivateFileSync(filePath) {
+  try {
+    if (existsSync(filePath)) chmodSync(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+var PRIVATE_DIR_MODE, PRIVATE_FILE_MODE;
+var init_secure_files = __esm({
+  "src/lib/secure-files.ts"() {
+    "use strict";
+    PRIVATE_DIR_MODE = 448;
+    PRIVATE_FILE_MODE = 384;
+  }
+});
+
 // src/lib/config.ts
 var config_exports = {};
 __export(config_exports, {
@@ -41,8 +79,8 @@ __export(config_exports, {
   migrateConfig: () => migrateConfig,
   saveConfig: () => saveConfig
 });
-import { readFile, writeFile, mkdir, chmod } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
+import { readFile, writeFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
 import path from "path";
 import os from "os";
 function resolveDataDir() {
@@ -50,7 +88,7 @@ function resolveDataDir() {
   if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
   const newDir = path.join(os.homedir(), ".exe-os");
   const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
+  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
     try {
       renameSync(legacyDir, newDir);
       process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
@@ -113,9 +151,9 @@ function normalizeAutoUpdate(raw) {
 }
 async function loadConfig() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await mkdir(dir, { recursive: true });
+  await ensurePrivateDir(dir);
   const configPath = path.join(dir, "config.json");
-  if (!existsSync(configPath)) {
+  if (!existsSync2(configPath)) {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
   }
   const raw = await readFile(configPath, "utf-8");
@@ -128,6 +166,7 @@ async function loadConfig() {
 `);
       try {
         await writeFile(configPath, JSON.stringify(migratedCfg, null, 2) + "\n");
+        await enforcePrivateFile(configPath);
       } catch {
       }
     }
@@ -146,7 +185,7 @@ async function loadConfig() {
 function loadConfigSync() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
   const configPath = path.join(dir, "config.json");
-  if (!existsSync(configPath)) {
+  if (!existsSync2(configPath)) {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
   }
   try {
@@ -164,12 +203,10 @@ function loadConfigSync() {
 }
 async function saveConfig(config) {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await mkdir(dir, { recursive: true });
+  await ensurePrivateDir(dir);
   const configPath = path.join(dir, "config.json");
   await writeFile(configPath, JSON.stringify(config, null, 2) + "\n");
-  if (config.cloud?.apiKey) {
-    await chmod(configPath, 384);
-  }
+  await enforcePrivateFile(configPath);
 }
 async function loadConfigFrom(configPath) {
   const raw = await readFile(configPath, "utf-8");
@@ -189,6 +226,7 @@ var EXE_AI_DIR, DB_PATH, MODELS_DIR, CONFIG_PATH, LEGACY_LANCE_PATH, CURRENT_CON
 var init_config = __esm({
   "src/lib/config.ts"() {
     "use strict";
+    init_secure_files();
     EXE_AI_DIR = resolveDataDir();
     DB_PATH = path.join(EXE_AI_DIR, "memories.db");
     MODELS_DIR = path.join(EXE_AI_DIR, "models");
@@ -361,6 +399,43 @@ var init_daemon_protocol = __esm({
   }
 });
 
+// src/lib/daemon-auth.ts
+import crypto from "crypto";
+import path2 from "path";
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync } from "fs";
+function normalizeToken(token) {
+  if (!token) return null;
+  const trimmed = token.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function readDaemonToken() {
+  try {
+    if (!existsSync3(DAEMON_TOKEN_PATH)) return null;
+    return normalizeToken(readFileSync2(DAEMON_TOKEN_PATH, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function ensureDaemonToken(seed) {
+  const existing = readDaemonToken();
+  if (existing) return existing;
+  const token = normalizeToken(seed) ?? crypto.randomBytes(32).toString("hex");
+  ensurePrivateDirSync(EXE_AI_DIR);
+  writeFileSync(DAEMON_TOKEN_PATH, `${token}
+`, "utf8");
+  enforcePrivateFileSync(DAEMON_TOKEN_PATH);
+  return token;
+}
+var DAEMON_TOKEN_PATH;
+var init_daemon_auth = __esm({
+  "src/lib/daemon-auth.ts"() {
+    "use strict";
+    init_config();
+    init_secure_files();
+    DAEMON_TOKEN_PATH = path2.join(EXE_AI_DIR, "exed.token");
+  }
+});
+
 // src/lib/session-registry.ts
 var session_registry_exports = {};
 __export(session_registry_exports, {
@@ -368,14 +443,14 @@ __export(session_registry_exports, {
   pruneStaleSessions: () => pruneStaleSessions,
   registerSession: () => registerSession
 });
-import { readFileSync as readFileSync2, writeFileSync, mkdirSync, existsSync as existsSync2 } from "fs";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync4 } from "fs";
 import { execSync } from "child_process";
-import path2 from "path";
+import path3 from "path";
 import os2 from "os";
 function registerSession(entry) {
-  const dir = path2.dirname(REGISTRY_PATH);
-  if (!existsSync2(dir)) {
-    mkdirSync(dir, { recursive: true });
+  const dir = path3.dirname(REGISTRY_PATH);
+  if (!existsSync4(dir)) {
+    mkdirSync2(dir, { recursive: true });
   }
   const sessions = listSessions();
   const idx = sessions.findIndex((s) => s.windowName === entry.windowName);
@@ -384,11 +459,11 @@ function registerSession(entry) {
   } else {
     sessions.push(entry);
   }
-  writeFileSync(REGISTRY_PATH, JSON.stringify(sessions, null, 2));
+  writeFileSync2(REGISTRY_PATH, JSON.stringify(sessions, null, 2));
 }
 function listSessions() {
   try {
-    const raw = readFileSync2(REGISTRY_PATH, "utf8");
+    const raw = readFileSync3(REGISTRY_PATH, "utf8");
     return JSON.parse(raw);
   } catch {
     return [];
@@ -409,7 +484,7 @@ function pruneStaleSessions() {
   const alive = sessions.filter((s) => liveSet.has(s.windowName));
   const pruned = sessions.length - alive.length;
   if (pruned > 0) {
-    writeFileSync(REGISTRY_PATH, JSON.stringify(alive, null, 2));
+    writeFileSync2(REGISTRY_PATH, JSON.stringify(alive, null, 2));
   }
   return pruned;
 }
@@ -417,7 +492,7 @@ var REGISTRY_PATH;
 var init_session_registry = __esm({
   "src/lib/session-registry.ts"() {
     "use strict";
-    REGISTRY_PATH = path2.join(os2.homedir(), ".exe-os", "session-registry.json");
+    REGISTRY_PATH = path3.join(os2.homedir(), ".exe-os", "session-registry.json");
   }
 });
 
@@ -717,20 +792,21 @@ __export(agent_config_exports, {
   saveAgentConfig: () => saveAgentConfig,
   setAgentRuntime: () => setAgentRuntime
 });
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
-import path3 from "path";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync3, existsSync as existsSync5 } from "fs";
+import path4 from "path";
 function loadAgentConfig() {
-  if (!existsSync3(AGENT_CONFIG_PATH)) return {};
+  if (!existsSync5(AGENT_CONFIG_PATH)) return {};
   try {
-    return JSON.parse(readFileSync3(AGENT_CONFIG_PATH, "utf-8"));
+    return JSON.parse(readFileSync4(AGENT_CONFIG_PATH, "utf-8"));
   } catch {
     return {};
   }
 }
 function saveAgentConfig(config) {
-  const dir = path3.dirname(AGENT_CONFIG_PATH);
-  if (!existsSync3(dir)) mkdirSync2(dir, { recursive: true });
-  writeFileSync2(AGENT_CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", "utf-8");
+  const dir = path4.dirname(AGENT_CONFIG_PATH);
+  ensurePrivateDirSync(dir);
+  writeFileSync3(AGENT_CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", "utf-8");
+  enforcePrivateFileSync(AGENT_CONFIG_PATH);
 }
 function getAgentRuntime(agentId) {
   const config = loadAgentConfig();
@@ -770,7 +846,8 @@ var init_agent_config = __esm({
     "use strict";
     init_config();
     init_runtime_table();
-    AGENT_CONFIG_PATH = path3.join(EXE_AI_DIR, "agent-config.json");
+    init_secure_files();
+    AGENT_CONFIG_PATH = path4.join(EXE_AI_DIR, "agent-config.json");
     KNOWN_RUNTIMES = {
       claude: ["claude-opus-4", "claude-sonnet-4", "claude-haiku-4.5"],
       codex: ["gpt-5.4", "gpt-5.5", "gpt-5.3-codex-spark", "o3", "o4-mini"],
@@ -798,17 +875,17 @@ __export(intercom_queue_exports, {
   queueIntercom: () => queueIntercom,
   readQueue: () => readQueue
 });
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync3, renameSync as renameSync2, existsSync as existsSync4, mkdirSync as mkdirSync3 } from "fs";
-import path4 from "path";
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync4, renameSync as renameSync2, existsSync as existsSync6, mkdirSync as mkdirSync3 } from "fs";
+import path5 from "path";
 import os3 from "os";
 function ensureDir() {
-  const dir = path4.dirname(QUEUE_PATH);
-  if (!existsSync4(dir)) mkdirSync3(dir, { recursive: true });
+  const dir = path5.dirname(QUEUE_PATH);
+  if (!existsSync6(dir)) mkdirSync3(dir, { recursive: true });
 }
 function readQueue() {
   try {
-    if (!existsSync4(QUEUE_PATH)) return [];
-    return JSON.parse(readFileSync4(QUEUE_PATH, "utf8"));
+    if (!existsSync6(QUEUE_PATH)) return [];
+    return JSON.parse(readFileSync5(QUEUE_PATH, "utf8"));
   } catch {
     return [];
   }
@@ -816,7 +893,7 @@ function readQueue() {
 function writeQueue(queue) {
   ensureDir();
   const tmp = `${QUEUE_PATH}.tmp`;
-  writeFileSync3(tmp, JSON.stringify(queue, null, 2));
+  writeFileSync4(tmp, JSON.stringify(queue, null, 2));
   renameSync2(tmp, QUEUE_PATH);
 }
 function queueIntercom(targetSession, reason) {
@@ -908,10 +985,10 @@ var QUEUE_PATH, MAX_RETRIES, TTL_MS, INTERCOM_LOG;
 var init_intercom_queue = __esm({
   "src/lib/intercom-queue.ts"() {
     "use strict";
-    QUEUE_PATH = path4.join(os3.homedir(), ".exe-os", "intercom-queue.json");
+    QUEUE_PATH = path5.join(os3.homedir(), ".exe-os", "intercom-queue.json");
     MAX_RETRIES = 5;
     TTL_MS = 60 * 60 * 1e3;
-    INTERCOM_LOG = path4.join(os3.homedir(), ".exe-os", "intercom.log");
+    INTERCOM_LOG = path5.join(os3.homedir(), ".exe-os", "intercom.log");
   }
 });
 
@@ -998,9 +1075,9 @@ __export(employees_exports, {
   validateEmployeeName: () => validateEmployeeName
 });
 import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { existsSync as existsSync5, symlinkSync, readlinkSync, readFileSync as readFileSync5, renameSync as renameSync3, unlinkSync, writeFileSync as writeFileSync4 } from "fs";
+import { existsSync as existsSync7, symlinkSync, readlinkSync, readFileSync as readFileSync6, renameSync as renameSync3, unlinkSync, writeFileSync as writeFileSync5 } from "fs";
 import { execSync as execSync4 } from "child_process";
-import path5 from "path";
+import path6 from "path";
 import os4 from "os";
 function normalizeRole(role) {
   return (role ?? "").trim().toLowerCase();
@@ -1037,7 +1114,7 @@ function validateEmployeeName(name) {
   return { valid: true };
 }
 async function loadEmployees(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync5(employeesPath)) {
+  if (!existsSync7(employeesPath)) {
     return [];
   }
   const raw = await readFile2(employeesPath, "utf-8");
@@ -1048,13 +1125,13 @@ async function loadEmployees(employeesPath = EMPLOYEES_PATH) {
   }
 }
 async function saveEmployees(employees, employeesPath = EMPLOYEES_PATH) {
-  await mkdir2(path5.dirname(employeesPath), { recursive: true });
+  await mkdir2(path6.dirname(employeesPath), { recursive: true });
   await writeFile2(employeesPath, JSON.stringify(employees, null, 2) + "\n", "utf-8");
 }
 function loadEmployeesSync(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync5(employeesPath)) return [];
+  if (!existsSync7(employeesPath)) return [];
   try {
-    return JSON.parse(readFileSync5(employeesPath, "utf-8"));
+    return JSON.parse(readFileSync6(employeesPath, "utf-8"));
   } catch {
     return [];
   }
@@ -1099,9 +1176,9 @@ function addEmployee(employees, employee) {
 function appendToCoordinatorTeam(employee) {
   const coordinator = getCoordinatorEmployee(loadEmployeesSync());
   if (!coordinator) return;
-  const idPath = path5.join(IDENTITY_DIR, `${coordinator.name}.md`);
-  if (!existsSync5(idPath)) return;
-  const content = readFileSync5(idPath, "utf-8");
+  const idPath = path6.join(IDENTITY_DIR, `${coordinator.name}.md`);
+  if (!existsSync7(idPath)) return;
+  const content = readFileSync6(idPath, "utf-8");
   if (content.includes(`**${capitalize(employee.name)}`)) return;
   const teamMatch = content.match(TEAM_SECTION_RE);
   if (!teamMatch || teamMatch.index === void 0) return;
@@ -1117,7 +1194,7 @@ function appendToCoordinatorTeam(employee) {
   } else {
     updated = content.trimEnd() + "\n" + entry;
   }
-  writeFileSync4(idPath, updated, "utf-8");
+  writeFileSync5(idPath, updated, "utf-8");
 }
 function capitalize(s) {
   return s.charAt(0).toUpperCase() + s.slice(1);
@@ -1151,14 +1228,14 @@ async function normalizeRosterCase(rosterPath) {
       emp.name = emp.name.toLowerCase();
       changed = true;
       try {
-        const identityDir = path5.join(os4.homedir(), ".exe-os", "identity");
-        const oldPath = path5.join(identityDir, `${oldName}.md`);
-        const newPath = path5.join(identityDir, `${emp.name}.md`);
-        if (existsSync5(oldPath) && !existsSync5(newPath)) {
+        const identityDir = path6.join(os4.homedir(), ".exe-os", "identity");
+        const oldPath = path6.join(identityDir, `${oldName}.md`);
+        const newPath = path6.join(identityDir, `${emp.name}.md`);
+        if (existsSync7(oldPath) && !existsSync7(newPath)) {
           renameSync3(oldPath, newPath);
-        } else if (existsSync5(oldPath) && oldPath !== newPath) {
-          const content = readFileSync5(oldPath, "utf-8");
-          writeFileSync4(newPath, content, "utf-8");
+        } else if (existsSync7(oldPath) && oldPath !== newPath) {
+          const content = readFileSync6(oldPath, "utf-8");
+          writeFileSync5(newPath, content, "utf-8");
           if (oldPath.toLowerCase() !== newPath.toLowerCase()) {
             unlinkSync(oldPath);
           }
@@ -1188,7 +1265,7 @@ function registerBinSymlinks(name) {
     errors.push("Could not find 'exe-os' in PATH");
     return { created, skipped, errors };
   }
-  const binDir = path5.dirname(exeBinPath);
+  const binDir = path6.dirname(exeBinPath);
   let target;
   try {
     target = readlinkSync(exeBinPath);
@@ -1198,8 +1275,8 @@ function registerBinSymlinks(name) {
   }
   for (const suffix of ["", "-opencode"]) {
     const linkName = `${name}${suffix}`;
-    const linkPath = path5.join(binDir, linkName);
-    if (existsSync5(linkPath)) {
+    const linkPath = path6.join(binDir, linkName);
+    if (existsSync7(linkPath)) {
       skipped.push(linkName);
       continue;
     }
@@ -1217,18 +1294,18 @@ var init_employees = __esm({
   "src/lib/employees.ts"() {
     "use strict";
     init_config();
-    EMPLOYEES_PATH = path5.join(EXE_AI_DIR, "exe-employees.json");
+    EMPLOYEES_PATH = path6.join(EXE_AI_DIR, "exe-employees.json");
     DEFAULT_COORDINATOR_TEMPLATE_NAME = "exe";
     COORDINATOR_ROLE = "COO";
     MULTI_INSTANCE_ROLES = /* @__PURE__ */ new Set(["principal engineer", "content production specialist", "staff code reviewer"]);
-    IDENTITY_DIR = path5.join(EXE_AI_DIR, "identity");
+    IDENTITY_DIR = path6.join(EXE_AI_DIR, "identity");
     TEAM_SECTION_RE = /^## Team\b.*$/m;
   }
 });
 
 // src/lib/database-adapter.ts
 import os5 from "os";
-import path6 from "path";
+import path7 from "path";
 import { createRequire } from "module";
 import { pathToFileURL } from "url";
 function quotedIdentifier(identifier) {
@@ -1539,8 +1616,8 @@ async function loadPrismaClient() {
         }
         return new PrismaClient2();
       }
-      const exeDbRoot = process.env.EXE_DB_ROOT ?? path6.join(os5.homedir(), "exe-db");
-      const requireFromExeDb = createRequire(path6.join(exeDbRoot, "package.json"));
+      const exeDbRoot = process.env.EXE_DB_ROOT ?? path7.join(os5.homedir(), "exe-db");
+      const requireFromExeDb = createRequire(path7.join(exeDbRoot, "package.json"));
       const prismaEntry = requireFromExeDb.resolve("@prisma/client");
       const module = await import(pathToFileURL(prismaEntry).href);
       const PrismaClient = module.PrismaClient ?? module.default?.PrismaClient;
@@ -1815,8 +1892,8 @@ import net from "net";
 import os6 from "os";
 import { spawn } from "child_process";
 import { randomUUID } from "crypto";
-import { existsSync as existsSync6, unlinkSync as unlinkSync2, readFileSync as readFileSync6, openSync, closeSync, statSync } from "fs";
-import path7 from "path";
+import { existsSync as existsSync8, unlinkSync as unlinkSync2, readFileSync as readFileSync7, openSync, closeSync, statSync } from "fs";
+import path8 from "path";
 import { fileURLToPath } from "url";
 function handleData(chunk) {
   _buffer += chunk.toString();
@@ -1844,9 +1921,9 @@ function handleData(chunk) {
   }
 }
 function cleanupStaleFiles() {
-  if (existsSync6(PID_PATH)) {
+  if (existsSync8(PID_PATH)) {
     try {
-      const pid = parseInt(readFileSync6(PID_PATH, "utf8").trim(), 10);
+      const pid = parseInt(readFileSync7(PID_PATH, "utf8").trim(), 10);
       if (pid > 0) {
         try {
           process.kill(pid, 0);
@@ -1867,11 +1944,11 @@ function cleanupStaleFiles() {
   }
 }
 function findPackageRoot() {
-  let dir = path7.dirname(fileURLToPath(import.meta.url));
-  const { root } = path7.parse(dir);
+  let dir = path8.dirname(fileURLToPath(import.meta.url));
+  const { root } = path8.parse(dir);
   while (dir !== root) {
-    if (existsSync6(path7.join(dir, "package.json"))) return dir;
-    dir = path7.dirname(dir);
+    if (existsSync8(path8.join(dir, "package.json"))) return dir;
+    dir = path8.dirname(dir);
   }
   return null;
 }
@@ -1897,16 +1974,17 @@ function spawnDaemon() {
     process.stderr.write("[exed-client] WARN: cannot find package root\n");
     return;
   }
-  const daemonPath = path7.join(pkgRoot, "dist", "lib", "exe-daemon.js");
-  if (!existsSync6(daemonPath)) {
+  const daemonPath = path8.join(pkgRoot, "dist", "lib", "exe-daemon.js");
+  if (!existsSync8(daemonPath)) {
     process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
 `);
     return;
   }
   const resolvedPath = daemonPath;
+  const daemonToken = ensureDaemonToken(process.env[DAEMON_TOKEN_ENV] ?? null);
   process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
 `);
-  const logPath = path7.join(path7.dirname(SOCKET_PATH), "exed.log");
+  const logPath = path8.join(path8.dirname(SOCKET_PATH), "exed.log");
   let stderrFd = "ignore";
   try {
     stderrFd = openSync(logPath, "a");
@@ -1924,7 +2002,8 @@ function spawnDaemon() {
       TMUX_PANE: void 0,
       // Prevents resolveExeSession() from scoping to one session
       EXE_DAEMON_SOCK: SOCKET_PATH,
-      EXE_DAEMON_PID: PID_PATH
+      EXE_DAEMON_PID: PID_PATH,
+      [DAEMON_TOKEN_ENV]: daemonToken
     }
   });
   child.unref();
@@ -2034,13 +2113,14 @@ function sendDaemonRequest(payload, timeoutMs = REQUEST_TIMEOUT_MS) {
       return;
     }
     const id = randomUUID();
+    const token = process.env[DAEMON_TOKEN_ENV] ?? readDaemonToken();
     const timer = setTimeout(() => {
       _pending.delete(id);
       resolve({ error: "Request timeout" });
     }, timeoutMs);
     _pending.set(id, { resolve, timer });
     try {
-      _socket.write(JSON.stringify({ id, ...payload }) + "\n");
+      _socket.write(JSON.stringify({ id, token, ...payload }) + "\n");
     } catch {
       clearTimeout(timer);
       _pending.delete(id);
@@ -2069,9 +2149,9 @@ function killAndRespawnDaemon() {
   }
   try {
     process.stderr.write("[exed-client] Killing daemon for restart...\n");
-    if (existsSync6(PID_PATH)) {
+    if (existsSync8(PID_PATH)) {
       try {
-        const pid = parseInt(readFileSync6(PID_PATH, "utf8").trim(), 10);
+        const pid = parseInt(readFileSync7(PID_PATH, "utf8").trim(), 10);
         if (pid > 0) {
           try {
             process.kill(pid, "SIGKILL");
@@ -2191,17 +2271,19 @@ function disconnectClient() {
 function isClientConnected() {
   return _connected;
 }
-var SOCKET_PATH, PID_PATH, SPAWN_LOCK_PATH, SPAWN_LOCK_STALE_MS, CONNECT_TIMEOUT_MS, REQUEST_TIMEOUT_MS, _socket, _connected, _buffer, _requestCount, _consecutiveFailures, HEALTH_CHECK_INTERVAL, MAX_RETRIES_BEFORE_RESTART, RETRY_DELAYS_MS, MIN_DAEMON_AGE_MS, _pending, MAX_BUFFER;
+var SOCKET_PATH, PID_PATH, SPAWN_LOCK_PATH, SPAWN_LOCK_STALE_MS, CONNECT_TIMEOUT_MS, REQUEST_TIMEOUT_MS, DAEMON_TOKEN_ENV, _socket, _connected, _buffer, _requestCount, _consecutiveFailures, HEALTH_CHECK_INTERVAL, MAX_RETRIES_BEFORE_RESTART, RETRY_DELAYS_MS, MIN_DAEMON_AGE_MS, _pending, MAX_BUFFER;
 var init_exe_daemon_client = __esm({
   "src/lib/exe-daemon-client.ts"() {
     "use strict";
     init_config();
-    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path7.join(EXE_AI_DIR, "exed.sock");
-    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path7.join(EXE_AI_DIR, "exed.pid");
-    SPAWN_LOCK_PATH = path7.join(EXE_AI_DIR, "exed-spawn.lock");
+    init_daemon_auth();
+    SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path8.join(EXE_AI_DIR, "exed.sock");
+    PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path8.join(EXE_AI_DIR, "exed.pid");
+    SPAWN_LOCK_PATH = path8.join(EXE_AI_DIR, "exed-spawn.lock");
     SPAWN_LOCK_STALE_MS = 3e4;
     CONNECT_TIMEOUT_MS = 15e3;
     REQUEST_TIMEOUT_MS = 3e4;
+    DAEMON_TOKEN_ENV = "EXE_DAEMON_TOKEN";
     _socket = null;
     _connected = false;
     _buffer = "";
@@ -2722,6 +2804,7 @@ async function ensureSchema() {
       project     TEXT NOT NULL,
       summary     TEXT NOT NULL,
       task_file   TEXT,
+      session_scope TEXT,
       read        INTEGER NOT NULL DEFAULT 0,
       created_at  TEXT NOT NULL
     );
@@ -2730,7 +2813,7 @@ async function ensureSchema() {
       ON notifications(read);
 
     CREATE INDEX IF NOT EXISTS idx_notifications_agent
-      ON notifications(agent_id);
+      ON notifications(agent_id, session_scope);
 
     CREATE INDEX IF NOT EXISTS idx_notifications_task_file
       ON notifications(task_file);
@@ -2768,6 +2851,7 @@ async function ensureSchema() {
       target_agent    TEXT NOT NULL,
       target_project  TEXT,
       target_device   TEXT NOT NULL DEFAULT 'local',
+      session_scope   TEXT,
       content         TEXT NOT NULL,
       priority        TEXT DEFAULT 'normal',
       status          TEXT DEFAULT 'pending',
@@ -2781,10 +2865,31 @@ async function ensureSchema() {
     );
 
     CREATE INDEX IF NOT EXISTS idx_messages_target
-      ON messages(target_agent, status);
+      ON messages(target_agent, session_scope, status);
 
     CREATE INDEX IF NOT EXISTS idx_messages_conversation_order
-      ON messages(target_agent, from_agent, server_seq);
+      ON messages(target_agent, session_scope, from_agent, server_seq);
+  `);
+  try {
+    await client.execute({
+      sql: `ALTER TABLE notifications ADD COLUMN session_scope TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE messages ADD COLUMN session_scope TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  await client.executeMultiple(`
+    CREATE INDEX IF NOT EXISTS idx_notifications_agent_scope_read
+      ON notifications(agent_id, session_scope, read, created_at);
+
+    CREATE INDEX IF NOT EXISTS idx_messages_target_scope_status
+      ON messages(target_agent, session_scope, status, created_at);
   `);
   try {
     await client.execute({
@@ -3368,6 +3473,13 @@ async function ensureSchema() {
     } catch {
     }
   }
+  try {
+    await client.execute({
+      sql: `UPDATE tasks SET status = 'closed' WHERE status = 'done' AND result IS NOT NULL`,
+      args: []
+    });
+  } catch {
+  }
 }
 async function disposeDatabase() {
   if (_walCheckpointTimer) {
@@ -3406,18 +3518,21 @@ var init_database = __esm({
 });
 
 // src/lib/license.ts
-import { readFileSync as readFileSync7, writeFileSync as writeFileSync5, existsSync as existsSync7, mkdirSync as mkdirSync4 } from "fs";
+import { readFileSync as readFileSync8, writeFileSync as writeFileSync6, existsSync as existsSync9, mkdirSync as mkdirSync4 } from "fs";
 import { randomUUID as randomUUID2 } from "crypto";
-import path8 from "path";
+import { createRequire as createRequire2 } from "module";
+import { pathToFileURL as pathToFileURL2 } from "url";
+import os7 from "os";
+import path9 from "path";
 import { jwtVerify, importSPKI } from "jose";
 var LICENSE_PATH, CACHE_PATH, DEVICE_ID_PATH, PLAN_LIMITS;
 var init_license = __esm({
   "src/lib/license.ts"() {
     "use strict";
     init_config();
-    LICENSE_PATH = path8.join(EXE_AI_DIR, "license.key");
-    CACHE_PATH = path8.join(EXE_AI_DIR, "license-cache.json");
-    DEVICE_ID_PATH = path8.join(EXE_AI_DIR, "device-id");
+    LICENSE_PATH = path9.join(EXE_AI_DIR, "license.key");
+    CACHE_PATH = path9.join(EXE_AI_DIR, "license-cache.json");
+    DEVICE_ID_PATH = path9.join(EXE_AI_DIR, "device-id");
     PLAN_LIMITS = {
       free: { devices: 1, employees: 1, memories: 5e3 },
       pro: { devices: 3, employees: 5, memories: 1e5 },
@@ -3429,12 +3544,12 @@ var init_license = __esm({
 });
 
 // src/lib/plan-limits.ts
-import { readFileSync as readFileSync8, existsSync as existsSync8 } from "fs";
-import path9 from "path";
+import { readFileSync as readFileSync9, existsSync as existsSync10 } from "fs";
+import path10 from "path";
 function getLicenseSync() {
   try {
-    if (!existsSync8(CACHE_PATH2)) return freeLicense();
-    const raw = JSON.parse(readFileSync8(CACHE_PATH2, "utf8"));
+    if (!existsSync10(CACHE_PATH2)) return freeLicense();
+    const raw = JSON.parse(readFileSync9(CACHE_PATH2, "utf8"));
     if (!raw.token || typeof raw.token !== "string") return freeLicense();
     const parts = raw.token.split(".");
     if (parts.length !== 3) return freeLicense();
@@ -3472,8 +3587,8 @@ function assertEmployeeLimitSync(rosterPath) {
   const filePath = rosterPath ?? EMPLOYEES_PATH;
   let count = 0;
   try {
-    if (existsSync8(filePath)) {
-      const raw = readFileSync8(filePath, "utf8");
+    if (existsSync10(filePath)) {
+      const raw = readFileSync9(filePath, "utf8");
       const employees = JSON.parse(raw);
       count = Array.isArray(employees) ? employees.length : 0;
     }
@@ -3502,29 +3617,63 @@ var init_plan_limits = __esm({
         this.name = "PlanLimitError";
       }
     };
-    CACHE_PATH2 = path9.join(EXE_AI_DIR, "license-cache.json");
+    CACHE_PATH2 = path10.join(EXE_AI_DIR, "license-cache.json");
+  }
+});
+
+// src/lib/task-scope.ts
+function getCurrentSessionScope() {
+  try {
+    return resolveExeSession();
+  } catch {
+    return null;
+  }
+}
+function sessionScopeFilter(sessionScope, tableAlias) {
+  const scope = sessionScope !== void 0 ? sessionScope : getCurrentSessionScope();
+  if (!scope) return { sql: "", args: [] };
+  const col = tableAlias ? `${tableAlias}.session_scope` : "session_scope";
+  return {
+    sql: ` AND (${col} IS NULL OR ${col} = ?)`,
+    args: [scope]
+  };
+}
+function strictSessionScopeFilter(sessionScope, tableAlias) {
+  const scope = sessionScope !== void 0 ? sessionScope : getCurrentSessionScope();
+  if (!scope) return { sql: "", args: [] };
+  const col = tableAlias ? `${tableAlias}.session_scope` : "session_scope";
+  return {
+    sql: ` AND ${col} = ?`,
+    args: [scope]
+  };
+}
+var init_task_scope = __esm({
+  "src/lib/task-scope.ts"() {
+    "use strict";
+    init_tmux_routing();
   }
 });
 
 // src/lib/notifications.ts
-import crypto from "crypto";
-import path10 from "path";
-import os7 from "os";
+import crypto2 from "crypto";
+import path11 from "path";
+import os8 from "os";
 import {
-  readFileSync as readFileSync9,
+  readFileSync as readFileSync10,
   readdirSync,
   unlinkSync as unlinkSync3,
-  existsSync as existsSync9,
+  existsSync as existsSync11,
   rmdirSync
 } from "fs";
 async function writeNotification(notification) {
   try {
     const client = getClient();
-    const id = crypto.randomUUID();
+    const id = crypto2.randomUUID();
     const now = (/* @__PURE__ */ new Date()).toISOString();
+    const sessionScope = notification.sessionScope === void 0 ? getCurrentSessionScope() : notification.sessionScope;
     await client.execute({
-      sql: `INSERT INTO notifications (id, agent_id, agent_role, event, project, summary, task_file, read, created_at)
-            VALUES (?, ?, ?, ?, ?, ?, ?, 0, ?)`,
+      sql: `INSERT INTO notifications (id, agent_id, agent_role, event, project, summary, task_file, session_scope, read, created_at)
+            VALUES (?, ?, ?, ?, ?, ?, ?, ?, 0, ?)`,
       args: [
         id,
         notification.agentId,
@@ -3533,6 +3682,7 @@ async function writeNotification(notification) {
         notification.project,
         notification.summary,
         notification.taskFile ?? null,
+        sessionScope,
         now
       ]
     });
@@ -3541,12 +3691,14 @@ async function writeNotification(notification) {
 `);
   }
 }
-async function markAsReadByTaskFile(taskFile) {
+async function markAsReadByTaskFile(taskFile, sessionScope) {
   try {
     const client = getClient();
+    const scope = strictSessionScopeFilter(sessionScope);
     await client.execute({
-      sql: "UPDATE notifications SET read = 1 WHERE task_file = ? AND read = 0",
-      args: [taskFile]
+      sql: `UPDATE notifications SET read = 1
+            WHERE task_file = ? AND read = 0${scope.sql}`,
+      args: [taskFile, ...scope.args]
     });
   } catch {
   }
@@ -3555,6 +3707,7 @@ var init_notifications = __esm({
   "src/lib/notifications.ts"() {
     "use strict";
     init_database();
+    init_task_scope();
   }
 });
 
@@ -3571,7 +3724,7 @@ __export(session_kill_telemetry_exports, {
   recordSessionKill: () => recordSessionKill,
   sumTokensSavedSince: () => sumTokensSavedSince
 });
-import crypto2 from "crypto";
+import crypto3 from "crypto";
 async function recordSessionKill(input) {
   try {
     const client = getClient();
@@ -3581,7 +3734,7 @@ async function recordSessionKill(input) {
                ticks_idle, estimated_tokens_saved)
             VALUES (?, ?, ?, ?, ?, ?, ?)`,
       args: [
-        crypto2.randomUUID(),
+        crypto3.randomUUID(),
         input.sessionName,
         input.agentId,
         (/* @__PURE__ */ new Date()).toISOString(),
@@ -3662,30 +3815,6 @@ var init_session_kill_telemetry = __esm({
   }
 });
 
-// src/lib/task-scope.ts
-function getCurrentSessionScope() {
-  try {
-    return resolveExeSession();
-  } catch {
-    return null;
-  }
-}
-function sessionScopeFilter(sessionScope, tableAlias) {
-  const scope = sessionScope !== void 0 ? sessionScope : getCurrentSessionScope();
-  if (!scope) return { sql: "", args: [] };
-  const col = tableAlias ? `${tableAlias}.session_scope` : "session_scope";
-  return {
-    sql: ` AND (${col} IS NULL OR ${col} = ?)`,
-    args: [scope]
-  };
-}
-var init_task_scope = __esm({
-  "src/lib/task-scope.ts"() {
-    "use strict";
-    init_tmux_routing();
-  }
-});
-
 // src/lib/state-bus.ts
 var StateBus, orgBus;
 var init_state_bus = __esm({
@@ -3742,12 +3871,12 @@ var init_state_bus = __esm({
 });
 
 // src/lib/tasks-crud.ts
-import crypto3 from "crypto";
-import path11 from "path";
-import os8 from "os";
+import crypto4 from "crypto";
+import path12 from "path";
+import os9 from "os";
 import { execSync as execSync5 } from "child_process";
 import { mkdir as mkdir3, writeFile as writeFile3, appendFile } from "fs/promises";
-import { existsSync as existsSync10, readFileSync as readFileSync10 } from "fs";
+import { existsSync as existsSync12, readFileSync as readFileSync11 } from "fs";
 async function writeCheckpoint(input) {
   const client = getClient();
   const row = await resolveTask(client, input.taskId);
@@ -3863,7 +3992,7 @@ async function resolveTask(client, identifier, scopeSession) {
 }
 async function createTaskCore(input) {
   const client = getClient();
-  const id = crypto3.randomUUID();
+  const id = crypto4.randomUUID();
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const slug = slugify(input.title);
   let earlySessionScope = null;
@@ -3922,8 +4051,8 @@ ${laneWarning}` : laneWarning;
   }
   if (input.baseDir) {
     try {
-      await mkdir3(path11.join(input.baseDir, "exe", "output"), { recursive: true });
-      await mkdir3(path11.join(input.baseDir, "exe", "research"), { recursive: true });
+      await mkdir3(path12.join(input.baseDir, "exe", "output"), { recursive: true });
+      await mkdir3(path12.join(input.baseDir, "exe", "research"), { recursive: true });
       await ensureArchitectureDoc(input.baseDir, input.projectName);
       await ensureGitignoreExe(input.baseDir);
     } catch {
@@ -3959,13 +4088,19 @@ ${laneWarning}` : laneWarning;
   });
   if (input.baseDir) {
     try {
-      const EXE_OS_DIR = path11.join(os8.homedir(), ".exe-os");
-      const mdPath = path11.join(EXE_OS_DIR, taskFile);
-      const mdDir = path11.dirname(mdPath);
-      if (!existsSync10(mdDir)) await mkdir3(mdDir, { recursive: true });
+      const EXE_OS_DIR = path12.join(os9.homedir(), ".exe-os");
+      const mdPath = path12.join(EXE_OS_DIR, taskFile);
+      const mdDir = path12.dirname(mdPath);
+      if (!existsSync12(mdDir)) await mkdir3(mdDir, { recursive: true });
       const reviewer = input.reviewer ?? input.assignedBy;
       const mdContent = `# ${input.title}
 
+## MANDATORY: When done
+
+You MUST call update_task with status "done" and a result summary when finished.
+If you skip this, your reviewer will not know you're done and your work won't be reviewed.
+Do NOT let a failed commit or any error prevent you from calling update_task(done).
+
 **ID:** ${id}
 **Status:** ${initialStatus}
 **Priority:** ${input.priority}
@@ -3979,12 +4114,6 @@ ${laneWarning}` : laneWarning;
 ## Context
 
 ${input.context}
-
-## MANDATORY: When done
-
-You MUST call update_task with status "done" and a result summary when finished.
-If you skip this, your reviewer will not know you're done and your work won't be reviewed.
-Do NOT let a failed commit or any error prevent you from calling update_task(done).
 `;
       await writeFile3(mdPath, mdContent, "utf-8");
     } catch (err) {
@@ -4233,7 +4362,7 @@ ${input.result}` : `\u26A0\uFE0F ${warning}`;
     await client.execute("PRAGMA wal_checkpoint(PASSIVE)");
   } catch {
   }
-  if (input.status === "done" || input.status === "cancelled") {
+  if (input.status === "done" || input.status === "cancelled" || input.status === "closed") {
     try {
       const { clearQueueForAgent: clearQueueForAgent2 } = await Promise.resolve().then(() => (init_intercom_queue(), intercom_queue_exports));
       clearQueueForAgent2(String(row.assigned_to));
@@ -4262,9 +4391,9 @@ async function deleteTaskCore(taskId, _baseDir) {
   return { taskFile, assignedTo, assignedBy, taskSlug };
 }
 async function ensureArchitectureDoc(baseDir, projectName) {
-  const archPath = path11.join(baseDir, "exe", "ARCHITECTURE.md");
+  const archPath = path12.join(baseDir, "exe", "ARCHITECTURE.md");
   try {
-    if (existsSync10(archPath)) return;
+    if (existsSync12(archPath)) return;
     const template = [
       `# ${projectName} \u2014 System Architecture`,
       "",
@@ -4297,10 +4426,10 @@ async function ensureArchitectureDoc(baseDir, projectName) {
   }
 }
 async function ensureGitignoreExe(baseDir) {
-  const gitignorePath = path11.join(baseDir, ".gitignore");
+  const gitignorePath = path12.join(baseDir, ".gitignore");
   try {
-    if (existsSync10(gitignorePath)) {
-      const content = readFileSync10(gitignorePath, "utf-8");
+    if (existsSync12(gitignorePath)) {
+      const content = readFileSync11(gitignorePath, "utf-8");
       if (/^\/?exe\/?$/m.test(content)) return;
       await appendFile(gitignorePath, "\n# Employee task assignments (private)\n/exe/\n");
     } else {
@@ -4343,8 +4472,8 @@ __export(tasks_review_exports, {
   isStale: () => isStale,
   listPendingReviews: () => listPendingReviews
 });
-import path12 from "path";
-import { existsSync as existsSync11, readdirSync as readdirSync2, unlinkSync as unlinkSync4 } from "fs";
+import path13 from "path";
+import { existsSync as existsSync13, readdirSync as readdirSync2, unlinkSync as unlinkSync4 } from "fs";
 function formatAge(isoTimestamp) {
   if (!isoTimestamp) return "";
   const ms = Date.now() - new Date(isoTimestamp).getTime();
@@ -4362,54 +4491,38 @@ function isStale(isoTimestamp) {
 }
 async function countPendingReviews(sessionScope) {
   const client = getClient();
-  if (sessionScope) {
-    const result2 = await client.execute({
-      sql: "SELECT COUNT(*) as cnt FROM tasks WHERE status = 'needs_review' AND session_scope = ?",
-      args: [sessionScope]
-    });
-    return Number(result2.rows[0]?.cnt) || 0;
-  }
+  const scope = strictSessionScopeFilter(
+    sessionScope === void 0 ? getCurrentSessionScope() : sessionScope
+  );
   const result = await client.execute({
-    sql: "SELECT COUNT(*) as cnt FROM tasks WHERE status = 'needs_review'",
-    args: []
+    sql: `SELECT COUNT(*) as cnt FROM tasks
+          WHERE status = 'needs_review'${scope.sql}`,
+    args: [...scope.args]
   });
   return Number(result.rows[0]?.cnt) || 0;
 }
 async function countNewPendingReviewsSince(sinceIso, sessionScope) {
   const client = getClient();
-  if (sessionScope) {
-    const result2 = await client.execute({
-      sql: `SELECT COUNT(*) as cnt FROM tasks
-            WHERE status = 'needs_review' AND updated_at > ?
-              AND session_scope = ?`,
-      args: [sinceIso, sessionScope]
-    });
-    return Number(result2.rows[0]?.cnt) || 0;
-  }
+  const scope = strictSessionScopeFilter(
+    sessionScope === void 0 ? getCurrentSessionScope() : sessionScope
+  );
   const result = await client.execute({
     sql: `SELECT COUNT(*) as cnt FROM tasks
-          WHERE status = 'needs_review' AND updated_at > ?`,
-    args: [sinceIso]
+          WHERE status = 'needs_review' AND updated_at > ?${scope.sql}`,
+    args: [sinceIso, ...scope.args]
   });
   return Number(result.rows[0]?.cnt) || 0;
 }
 async function listPendingReviews(limit, sessionScope) {
   const client = getClient();
-  if (sessionScope) {
-    const result2 = await client.execute({
-      sql: `SELECT title, assigned_to, project_name, updated_at FROM tasks
-            WHERE status = 'needs_review'
-              AND session_scope = ?
-            ORDER BY updated_at ASC LIMIT ?`,
-      args: [sessionScope, limit]
-    });
-    return result2.rows;
-  }
+  const scope = strictSessionScopeFilter(
+    sessionScope === void 0 ? getCurrentSessionScope() : sessionScope
+  );
   const result = await client.execute({
     sql: `SELECT title, assigned_to, project_name, updated_at FROM tasks
-          WHERE status = 'needs_review'
+          WHERE status = 'needs_review'${scope.sql}
           ORDER BY updated_at ASC LIMIT ?`,
-    args: [limit]
+    args: [...scope.args, limit]
   });
   return result.rows;
 }
@@ -4421,7 +4534,7 @@ async function cleanupOrphanedReviews() {
           WHERE status IN ('open', 'needs_review', 'in_progress')
           AND assigned_by = 'system'
           AND title LIKE 'Review:%'
-          AND parent_task_id IN (SELECT id FROM tasks WHERE status IN ('done', 'cancelled'))`,
+          AND parent_task_id IN (SELECT id FROM tasks WHERE status IN ('done', 'cancelled', 'closed'))`,
     args: [now]
   });
   const r1b = await client.execute({
@@ -4629,11 +4742,11 @@ async function cleanupReviewFile(row, taskFile, _baseDir) {
     );
   }
   try {
-    const cacheDir = path12.join(EXE_AI_DIR, "session-cache");
-    if (existsSync11(cacheDir)) {
+    const cacheDir = path13.join(EXE_AI_DIR, "session-cache");
+    if (existsSync13(cacheDir)) {
       for (const f of readdirSync2(cacheDir)) {
         if (f.startsWith("review-notified-")) {
-          unlinkSync4(path12.join(cacheDir, f));
+          unlinkSync4(path13.join(cacheDir, f));
         }
       }
     }
@@ -4650,11 +4763,12 @@ var init_tasks_review = __esm({
     init_tmux_routing();
     init_session_key();
     init_state_bus();
+    init_task_scope();
   }
 });
 
 // src/lib/tasks-chain.ts
-import path13 from "path";
+import path14 from "path";
 import { readFile as readFile3, writeFile as writeFile4 } from "fs/promises";
 async function cascadeUnblock(taskId, baseDir, now) {
   const client = getClient();
@@ -4671,7 +4785,7 @@ async function cascadeUnblock(taskId, baseDir, now) {
     });
     for (const ur of unblockedRows.rows) {
       try {
-        const ubFile = path13.join(baseDir, String(ur.task_file));
+        const ubFile = path14.join(baseDir, String(ur.task_file));
         let ubContent = await readFile3(ubFile, "utf-8");
         ubContent = ubContent.replace(/\*\*Status:\*\* blocked/, "**Status:** open");
         ubContent = ubContent.replace(/\n\*\*Blocked by:\*\*.*\n/, "\n");
@@ -4706,7 +4820,7 @@ async function checkSubtaskCompletion(parentTaskId, projectName) {
   const scScope = sessionScopeFilter();
   const remaining = await client.execute({
     sql: `SELECT COUNT(*) as cnt FROM tasks
-          WHERE parent_task_id = ? AND status NOT IN ('done', 'cancelled')${scScope.sql}`,
+          WHERE parent_task_id = ? AND status NOT IN ('done', 'cancelled', 'closed')${scScope.sql}`,
     args: [parentTaskId, ...scScope.args]
   });
   const cnt = Number(remaining.rows[0]?.cnt ?? 1);
@@ -4740,7 +4854,7 @@ var init_tasks_chain = __esm({
 
 // src/lib/project-name.ts
 import { execSync as execSync6 } from "child_process";
-import path14 from "path";
+import path15 from "path";
 function getProjectName(cwd) {
   const dir = cwd ?? process.cwd();
   if (_cached2 && _cachedCwd === dir) return _cached2;
@@ -4753,7 +4867,7 @@ function getProjectName(cwd) {
         timeout: 2e3,
         stdio: ["pipe", "pipe", "pipe"]
       }).trim();
-      repoRoot = path14.dirname(gitCommonDir);
+      repoRoot = path15.dirname(gitCommonDir);
     } catch {
       repoRoot = execSync6("git rev-parse --show-toplevel", {
         cwd: dir,
@@ -4762,11 +4876,11 @@ function getProjectName(cwd) {
         stdio: ["pipe", "pipe", "pipe"]
       }).trim();
     }
-    _cached2 = path14.basename(repoRoot);
+    _cached2 = path15.basename(repoRoot);
     _cachedCwd = dir;
     return _cached2;
   } catch {
-    _cached2 = path14.basename(dir);
+    _cached2 = path15.basename(dir);
     _cachedCwd = dir;
     return _cached2;
   }
@@ -4909,10 +5023,10 @@ var init_tasks_notify = __esm({
 });
 
 // src/lib/behaviors.ts
-import crypto4 from "crypto";
+import crypto5 from "crypto";
 async function storeBehavior(opts) {
   const client = getClient();
-  const id = crypto4.randomUUID();
+  const id = crypto5.randomUUID();
   const now = (/* @__PURE__ */ new Date()).toISOString();
   await client.execute({
     sql: `INSERT INTO behaviors (id, agent_id, project_name, domain, priority, content, active, created_at, updated_at)
@@ -4941,7 +5055,7 @@ __export(skill_learning_exports, {
   storeTrajectory: () => storeTrajectory,
   sweepTrajectories: () => sweepTrajectories
 });
-import crypto5 from "crypto";
+import crypto6 from "crypto";
 async function extractTrajectory(taskId, agentId) {
   const client = getClient();
   const result = await client.execute({
@@ -4970,11 +5084,11 @@ async function extractTrajectory(taskId, agentId) {
   return signature;
 }
 function hashSignature(signature) {
-  return crypto5.createHash("sha256").update(signature.join("|")).digest("hex").slice(0, 16);
+  return crypto6.createHash("sha256").update(signature.join("|")).digest("hex").slice(0, 16);
 }
 async function storeTrajectory(opts) {
   const client = getClient();
-  const id = crypto5.randomUUID();
+  const id = crypto6.randomUUID();
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const signatureHash = hashSignature(opts.signature);
   await client.execute({
@@ -5239,8 +5353,8 @@ __export(tasks_exports, {
   updateTaskStatus: () => updateTaskStatus,
   writeCheckpoint: () => writeCheckpoint
 });
-import path15 from "path";
-import { writeFileSync as writeFileSync6, mkdirSync as mkdirSync5, unlinkSync as unlinkSync5 } from "fs";
+import path16 from "path";
+import { writeFileSync as writeFileSync7, mkdirSync as mkdirSync5, unlinkSync as unlinkSync5 } from "fs";
 async function createTask(input) {
   const result = await createTaskCore(input);
   if (!input.skipDispatch && result.status !== "blocked" && !process.env.VITEST) {
@@ -5259,12 +5373,12 @@ async function updateTask(input) {
   const { row, taskFile, now, taskId } = await updateTaskStatus(input);
   try {
     const agent = String(row.assigned_to);
-    const cacheDir = path15.join(EXE_AI_DIR, "session-cache");
-    const cachePath = path15.join(cacheDir, `current-task-${agent}.json`);
+    const cacheDir = path16.join(EXE_AI_DIR, "session-cache");
+    const cachePath = path16.join(cacheDir, `current-task-${agent}.json`);
     if (input.status === "in_progress") {
       mkdirSync5(cacheDir, { recursive: true });
-      writeFileSync6(cachePath, JSON.stringify({ taskId, title: String(row.title) }));
-    } else if (input.status === "done" || input.status === "blocked" || input.status === "cancelled") {
+      writeFileSync7(cachePath, JSON.stringify({ taskId, title: String(row.title) }));
+    } else if (input.status === "done" || input.status === "blocked" || input.status === "cancelled" || input.status === "closed") {
       try {
         unlinkSync5(cachePath);
       } catch {
@@ -5272,10 +5386,10 @@ async function updateTask(input) {
     }
   } catch {
   }
-  if (input.status === "done") {
+  if (input.status === "done" || input.status === "closed") {
     await cleanupReviewFile(row, taskFile, input.baseDir);
   }
-  if (input.status === "done" || input.status === "cancelled") {
+  if (input.status === "done" || input.status === "cancelled" || input.status === "closed") {
     try {
       const client = getClient();
       const taskTitle = String(row.title);
@@ -5291,7 +5405,7 @@ async function updateTask(input) {
     if (!isCoordinatorName(assignedAgent)) {
       try {
         const draftClient = getClient();
-        if (input.status === "done") {
+        if (input.status === "done" || input.status === "closed") {
           await draftClient.execute({
             sql: `UPDATE memories SET draft = 0 WHERE agent_id = ? AND draft = 1`,
             args: [assignedAgent]
@@ -5308,7 +5422,7 @@ async function updateTask(input) {
     try {
       const client = getClient();
       const cascaded = await client.execute({
-        sql: `UPDATE tasks SET status = 'done', updated_at = ?
+        sql: `UPDATE tasks SET status = 'closed', updated_at = ?
               WHERE parent_task_id = ? AND status = 'needs_review'`,
         args: [now, taskId]
       });
@@ -5321,14 +5435,14 @@ async function updateTask(input) {
     } catch {
     }
   }
-  const isTerminal = input.status === "done" || input.status === "needs_review";
+  const isTerminal = input.status === "done" || input.status === "needs_review" || input.status === "closed";
   if (isTerminal) {
     const isCoordinator = isCoordinatorName(String(row.assigned_to));
     if (!isCoordinator) {
       notifyTaskDone();
     }
     await markTaskNotificationsRead(taskFile);
-    if (input.status === "done") {
+    if (input.status === "done" || input.status === "closed") {
       try {
         await cascadeUnblock(taskId, input.baseDir, now);
       } catch {
@@ -5348,7 +5462,7 @@ async function updateTask(input) {
       }
     }
   }
-  if (input.status === "done" && !isCoordinatorName(String(row.assigned_to)) && !process.env.VITEST) {
+  if ((input.status === "done" || input.status === "closed") && !isCoordinatorName(String(row.assigned_to)) && !process.env.VITEST) {
     Promise.resolve().then(() => (init_skill_learning(), skill_learning_exports)).then(
       ({ captureAndLearn: captureAndLearn2 }) => captureAndLearn2({
         taskId,
@@ -5720,6 +5834,7 @@ __export(tmux_routing_exports, {
   isEmployeeAlive: () => isEmployeeAlive,
   isExeSession: () => isExeSession,
   isSessionBusy: () => isSessionBusy,
+  notifyCoordinatorTaskCompletion: () => notifyCoordinatorTaskCompletion,
   notifyParentExe: () => notifyParentExe,
   parseParentExe: () => parseParentExe,
   registerParentExe: () => registerParentExe,
@@ -5730,13 +5845,13 @@ __export(tmux_routing_exports, {
   verifyPaneAtCapacity: () => verifyPaneAtCapacity
 });
 import { execFileSync as execFileSync2, execSync as execSync7 } from "child_process";
-import { readFileSync as readFileSync11, writeFileSync as writeFileSync7, mkdirSync as mkdirSync6, existsSync as existsSync12, appendFileSync, readdirSync as readdirSync3 } from "fs";
-import path16 from "path";
-import os9 from "os";
+import { readFileSync as readFileSync12, writeFileSync as writeFileSync8, mkdirSync as mkdirSync6, existsSync as existsSync14, appendFileSync, readdirSync as readdirSync3 } from "fs";
+import path17 from "path";
+import os10 from "os";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import { unlinkSync as unlinkSync6 } from "fs";
 function spawnLockPath(sessionName) {
-  return path16.join(SPAWN_LOCK_DIR, `${sessionName}.lock`);
+  return path17.join(SPAWN_LOCK_DIR, `${sessionName}.lock`);
 }
 function isProcessAlive(pid) {
   try {
@@ -5747,13 +5862,13 @@ function isProcessAlive(pid) {
   }
 }
 function acquireSpawnLock2(sessionName) {
-  if (!existsSync12(SPAWN_LOCK_DIR)) {
+  if (!existsSync14(SPAWN_LOCK_DIR)) {
     mkdirSync6(SPAWN_LOCK_DIR, { recursive: true });
   }
   const lockFile = spawnLockPath(sessionName);
-  if (existsSync12(lockFile)) {
+  if (existsSync14(lockFile)) {
     try {
-      const lock = JSON.parse(readFileSync11(lockFile, "utf8"));
+      const lock = JSON.parse(readFileSync12(lockFile, "utf8"));
       const age = Date.now() - lock.timestamp;
       if (isProcessAlive(lock.pid) && age < 6e4) {
         return false;
@@ -5761,7 +5876,7 @@ function acquireSpawnLock2(sessionName) {
     } catch {
     }
   }
-  writeFileSync7(lockFile, JSON.stringify({ pid: process.pid, timestamp: Date.now() }));
+  writeFileSync8(lockFile, JSON.stringify({ pid: process.pid, timestamp: Date.now() }));
   return true;
 }
 function releaseSpawnLock2(sessionName) {
@@ -5773,13 +5888,13 @@ function releaseSpawnLock2(sessionName) {
 function resolveBehaviorsExporterScript() {
   try {
     const thisFile = fileURLToPath2(import.meta.url);
-    const scriptPath = path16.join(
-      path16.dirname(thisFile),
+    const scriptPath = path17.join(
+      path17.dirname(thisFile),
       "..",
       "bin",
       "exe-export-behaviors.js"
     );
-    return existsSync12(scriptPath) ? scriptPath : null;
+    return existsSync14(scriptPath) ? scriptPath : null;
   } catch {
     return null;
   }
@@ -5845,12 +5960,12 @@ function extractRootExe(name) {
   return parts.length > 0 ? parts[parts.length - 1] : null;
 }
 function registerParentExe(sessionKey, parentExe, dispatchedBy) {
-  if (!existsSync12(SESSION_CACHE)) {
+  if (!existsSync14(SESSION_CACHE)) {
     mkdirSync6(SESSION_CACHE, { recursive: true });
   }
   const rootExe = extractRootExe(parentExe) ?? parentExe;
-  const filePath = path16.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`);
-  writeFileSync7(filePath, JSON.stringify({
+  const filePath = path17.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`);
+  writeFileSync8(filePath, JSON.stringify({
     parentExe: rootExe,
     dispatchedBy: dispatchedBy || rootExe,
     registeredAt: (/* @__PURE__ */ new Date()).toISOString()
@@ -5858,7 +5973,7 @@ function registerParentExe(sessionKey, parentExe, dispatchedBy) {
 }
 function getParentExe(sessionKey) {
   try {
-    const data = JSON.parse(readFileSync11(path16.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`), "utf8"));
+    const data = JSON.parse(readFileSync12(path17.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`), "utf8"));
     return data.parentExe || null;
   } catch {
     return null;
@@ -5866,8 +5981,8 @@ function getParentExe(sessionKey) {
 }
 function getDispatchedBy(sessionKey) {
   try {
-    const data = JSON.parse(readFileSync11(
-      path16.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`),
+    const data = JSON.parse(readFileSync12(
+      path17.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`),
       "utf8"
     ));
     return data.dispatchedBy ?? data.parentExe ?? null;
@@ -5937,8 +6052,8 @@ async function verifyPaneAtCapacity(sessionName) {
 }
 function readDebounceState() {
   try {
-    if (!existsSync12(DEBOUNCE_FILE)) return {};
-    const raw = JSON.parse(readFileSync11(DEBOUNCE_FILE, "utf8"));
+    if (!existsSync14(DEBOUNCE_FILE)) return {};
+    const raw = JSON.parse(readFileSync12(DEBOUNCE_FILE, "utf8"));
     const state = {};
     for (const [key, val] of Object.entries(raw)) {
       if (typeof val === "number") {
@@ -5954,8 +6069,8 @@ function readDebounceState() {
 }
 function writeDebounceState(state) {
   try {
-    if (!existsSync12(SESSION_CACHE)) mkdirSync6(SESSION_CACHE, { recursive: true });
-    writeFileSync7(DEBOUNCE_FILE, JSON.stringify(state));
+    if (!existsSync14(SESSION_CACHE)) mkdirSync6(SESSION_CACHE, { recursive: true });
+    writeFileSync8(DEBOUNCE_FILE, JSON.stringify(state));
   } catch {
   }
 }
@@ -6053,8 +6168,8 @@ function sendIntercom(targetSession) {
     try {
       const rawAgent = targetSession.split("-")[0] ?? targetSession;
       const agent = baseAgentName(rawAgent);
-      const markerPath = path16.join(SESSION_CACHE, `current-task-${agent}.json`);
-      if (existsSync12(markerPath)) {
+      const markerPath = path17.join(SESSION_CACHE, `current-task-${agent}.json`);
+      if (existsSync14(markerPath)) {
         logIntercom(`SKIP \u2192 ${targetSession} (has in_progress task marker \u2014 will auto-chain)`);
         return "debounced";
       }
@@ -6063,8 +6178,8 @@ function sendIntercom(targetSession) {
     try {
       const rawAgent = targetSession.split("-")[0] ?? targetSession;
       const agent = baseAgentName(rawAgent);
-      const taskDir = path16.join(process.cwd(), "exe", agent);
-      if (existsSync12(taskDir)) {
+      const taskDir = path17.join(process.cwd(), "exe", agent);
+      if (existsSync14(taskDir)) {
         const files = readdirSync3(taskDir).filter(
           (f) => f.endsWith(".md") && f !== "DONE.txt"
         );
@@ -6124,6 +6239,21 @@ function notifyParentExe(sessionKey) {
   }
   return true;
 }
+function notifyCoordinatorTaskCompletion(coordinatorSession, agentName, taskTitle) {
+  const transport = getTransport();
+  try {
+    const sessions = transport.listSessions();
+    if (!sessions.includes(coordinatorSession)) return false;
+    execSync7(
+      `tmux send-keys -t ${JSON.stringify(coordinatorSession)} '/exe-intercom' Enter`,
+      { timeout: 3e3 }
+    );
+    logIntercom(`COMPLETION \u2192 ${coordinatorSession} (${agentName} completed "${taskTitle.slice(0, 50)}")`);
+    return true;
+  } catch {
+    return false;
+  }
+}
 function ensureEmployee(employeeName, exeSession, projectDir, opts) {
   if (isCoordinatorName(employeeName)) {
     return { status: "failed", sessionName: "", error: "The COO is not a dispatchable employee" };
@@ -6197,26 +6327,26 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   const transport = getTransport();
   const sessionName = employeeSessionName(employeeName, exeSession, opts?.instance);
   const instanceLabel = opts?.instance != null && opts.instance > 0 ? `${employeeName}${opts.instance}` : employeeName;
-  const logDir = path16.join(os9.homedir(), ".exe-os", "session-logs");
-  const logFile = path16.join(logDir, `${instanceLabel}-${Date.now()}.log`);
-  if (!existsSync12(logDir)) {
+  const logDir = path17.join(os10.homedir(), ".exe-os", "session-logs");
+  const logFile = path17.join(logDir, `${instanceLabel}-${Date.now()}.log`);
+  if (!existsSync14(logDir)) {
     mkdirSync6(logDir, { recursive: true });
   }
   transport.kill(sessionName);
   let cleanupSuffix = "";
   try {
     const thisFile = fileURLToPath2(import.meta.url);
-    const cleanupScript = path16.join(path16.dirname(thisFile), "..", "bin", "exe-session-cleanup.js");
-    if (existsSync12(cleanupScript)) {
+    const cleanupScript = path17.join(path17.dirname(thisFile), "..", "bin", "exe-session-cleanup.js");
+    if (existsSync14(cleanupScript)) {
       cleanupSuffix = `; ${process.execPath} "${cleanupScript}" "${employeeName}" "${exeSession}"`;
     }
   } catch {
   }
   try {
-    const claudeJsonPath = path16.join(os9.homedir(), ".claude.json");
+    const claudeJsonPath = path17.join(os10.homedir(), ".claude.json");
     let claudeJson = {};
     try {
-      claudeJson = JSON.parse(readFileSync11(claudeJsonPath, "utf8"));
+      claudeJson = JSON.parse(readFileSync12(claudeJsonPath, "utf8"));
     } catch {
     }
     if (!claudeJson.projects) claudeJson.projects = {};
@@ -6224,17 +6354,17 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
     const trustDir = opts?.cwd ?? projectDir;
     if (!projects[trustDir]) projects[trustDir] = {};
     projects[trustDir].hasTrustDialogAccepted = true;
-    writeFileSync7(claudeJsonPath, JSON.stringify(claudeJson, null, 2) + "\n");
+    writeFileSync8(claudeJsonPath, JSON.stringify(claudeJson, null, 2) + "\n");
   } catch {
   }
   try {
-    const settingsDir = path16.join(os9.homedir(), ".claude", "projects");
+    const settingsDir = path17.join(os10.homedir(), ".claude", "projects");
     const normalizedKey = (opts?.cwd ?? projectDir).replace(/\//g, "-").replace(/^-/, "");
-    const projSettingsDir = path16.join(settingsDir, normalizedKey);
-    const settingsPath = path16.join(projSettingsDir, "settings.json");
+    const projSettingsDir = path17.join(settingsDir, normalizedKey);
+    const settingsPath = path17.join(projSettingsDir, "settings.json");
     let settings = {};
     try {
-      settings = JSON.parse(readFileSync11(settingsPath, "utf8"));
+      settings = JSON.parse(readFileSync12(settingsPath, "utf8"));
     } catch {
     }
     const perms = settings.permissions ?? {};
@@ -6263,7 +6393,7 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
       perms.allow = allow;
       settings.permissions = perms;
       mkdirSync6(projSettingsDir, { recursive: true });
-      writeFileSync7(settingsPath, JSON.stringify(settings, null, 2) + "\n");
+      writeFileSync8(settingsPath, JSON.stringify(settings, null, 2) + "\n");
     }
   } catch {
   }
@@ -6278,8 +6408,8 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   let behaviorsFlag = "";
   let legacyFallbackWarned = false;
   if (!useExeAgent && !useBinSymlink) {
-    const identityPath = path16.join(
-      os9.homedir(),
+    const identityPath = path17.join(
+      os10.homedir(),
       ".exe-os",
       "identity",
       `${employeeName}.md`
@@ -6288,13 +6418,13 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
     const hasAgentFlag = claudeSupportsAgentFlag();
     if (hasAgentFlag) {
       identityFlag = ` --agent ${employeeName}`;
-    } else if (existsSync12(identityPath)) {
+    } else if (existsSync14(identityPath)) {
       identityFlag = ` --append-system-prompt-file ${identityPath}`;
       legacyFallbackWarned = true;
     }
     const behaviorsFile = exportBehaviorsSync(
       employeeName,
-      path16.basename(spawnCwd),
+      path17.basename(spawnCwd),
       sessionName
     );
     if (behaviorsFile) {
@@ -6309,16 +6439,16 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   }
   let sessionContextFlag = "";
   try {
-    const ctxDir = path16.join(os9.homedir(), ".exe-os", "session-cache");
+    const ctxDir = path17.join(os10.homedir(), ".exe-os", "session-cache");
     mkdirSync6(ctxDir, { recursive: true });
-    const ctxFile = path16.join(ctxDir, `session-context-${sessionName}.md`);
+    const ctxFile = path17.join(ctxDir, `session-context-${sessionName}.md`);
     const ctxContent = [
       `## Session Context`,
       `You are running in tmux session: ${sessionName}.`,
       `Your parent coordinator session is ${exeSession}.`,
       `Your employees (if any) use the -${exeSession} suffix.`
     ].join("\n");
-    writeFileSync7(ctxFile, ctxContent);
+    writeFileSync8(ctxFile, ctxContent);
     sessionContextFlag = ` --append-system-prompt-file ${ctxFile}`;
   } catch {
   }
@@ -6395,8 +6525,8 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   transport.pipeLog(sessionName, logFile);
   try {
     const mySession = getMySession();
-    const dispatchInfo = path16.join(SESSION_CACHE, `dispatch-info-${sessionName}.json`);
-    writeFileSync7(dispatchInfo, JSON.stringify({
+    const dispatchInfo = path17.join(SESSION_CACHE, `dispatch-info-${sessionName}.json`);
+    writeFileSync8(dispatchInfo, JSON.stringify({
       dispatchedBy: mySession,
       rootExe: exeSession,
       provider: useBinSymlink ? ccProvider : useExeAgent ? opts.provider : useCodex ? "openai" : useOpencode ? "opencode" : "anthropic",
@@ -6470,15 +6600,15 @@ var init_tmux_routing = __esm({
     init_intercom_queue();
     init_plan_limits();
     init_employees();
-    SPAWN_LOCK_DIR = path16.join(os9.homedir(), ".exe-os", "spawn-locks");
-    SESSION_CACHE = path16.join(os9.homedir(), ".exe-os", "session-cache");
+    SPAWN_LOCK_DIR = path17.join(os10.homedir(), ".exe-os", "spawn-locks");
+    SESSION_CACHE = path17.join(os10.homedir(), ".exe-os", "session-cache");
     BEHAVIORS_EXPORT_TIMEOUT_MS = 1e4;
     VALID_SESSION_NAME = /^[a-z]+\d*-[a-zA-Z0-9_]+$/;
     VERIFY_PANE_LINES = 200;
     INTERCOM_DEBOUNCE_MS = 3e4;
     CODEX_DEBOUNCE_MS = 12e4;
-    INTERCOM_LOG2 = path16.join(os9.homedir(), ".exe-os", "intercom.log");
-    DEBOUNCE_FILE = path16.join(SESSION_CACHE, "intercom-debounce.json");
+    INTERCOM_LOG2 = path17.join(os10.homedir(), ".exe-os", "intercom.log");
+    DEBOUNCE_FILE = path17.join(SESSION_CACHE, "intercom-debounce.json");
     DEBOUNCE_CLEANUP_AGE_MS = 5 * 60 * 1e3;
     BUSY_PATTERN = /[✻✽✶✳·].*…|Running…|• Working|• Ran |• Explored|• Called|esc to interrupt/;
   }
@@ -6762,9 +6892,9 @@ __export(agent_signals_exports, {
   hasOpenTasks: () => hasOpenTasks,
   hasUnreadInbox: () => hasUnreadInbox
 });
-import { readFileSync as readFileSync12, existsSync as existsSync13 } from "fs";
-import os10 from "os";
-import path17 from "path";
+import { readFileSync as readFileSync13, existsSync as existsSync15 } from "fs";
+import os11 from "os";
+import path18 from "path";
 async function hasOpenTasks(client, agentId) {
   try {
     const scope = sessionScopeFilter(null);
@@ -6806,10 +6936,10 @@ async function hasUnreadInbox(client, agentId) {
     return CONSERVATIVE_ON_ERROR;
   }
 }
-function hadRecentIntercomAck(sessionName, windowMs, nowMs = Date.now(), intercomLog = path17.join(os10.homedir(), ".exe-os", "intercom.log")) {
-  if (!existsSync13(intercomLog)) return false;
+function hadRecentIntercomAck(sessionName, windowMs, nowMs = Date.now(), intercomLog = path18.join(os11.homedir(), ".exe-os", "intercom.log")) {
+  if (!existsSync15(intercomLog)) return false;
   try {
-    const raw = readFileSync12(intercomLog, "utf8");
+    const raw = readFileSync13(intercomLog, "utf8");
     const lines = raw.split("\n");
     for (let i = lines.length - 1; i >= 0; i--) {
       const line = lines[i];
@@ -6882,7 +7012,7 @@ __export(daemon_orchestration_exports, {
   shouldNudgeEmployee: () => shouldNudgeEmployee
 });
 import { execSync as execSync9 } from "child_process";
-import { existsSync as existsSync14, readFileSync as readFileSync13, writeFileSync as writeFileSync8 } from "fs";
+import { existsSync as existsSync16, readFileSync as readFileSync14, writeFileSync as writeFileSync9 } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 function shouldNudgeEmployee(sessionState, hasOpenTasks2, lastNudgeMs, nowMs, dedupMs) {
@@ -7073,8 +7203,8 @@ async function pollReviewNudge(deps, state) {
 function loadNudgeState() {
   const state = { lastNudge: /* @__PURE__ */ new Map() };
   try {
-    if (!existsSync14(NUDGE_STATE_PATH)) return state;
-    const raw = JSON.parse(readFileSync13(NUDGE_STATE_PATH, "utf8"));
+    if (!existsSync16(NUDGE_STATE_PATH)) return state;
+    const raw = JSON.parse(readFileSync14(NUDGE_STATE_PATH, "utf8"));
     if (Array.isArray(raw)) {
       for (const [key, val] of raw) {
         if (key && typeof val?.at === "number" && typeof val?.count === "number") {
@@ -7088,7 +7218,7 @@ function loadNudgeState() {
 }
 function saveNudgeState(state) {
   const entries = Array.from(state.lastNudge.entries());
-  writeFileSync8(NUDGE_STATE_PATH, JSON.stringify(entries), "utf8");
+  writeFileSync9(NUDGE_STATE_PATH, JSON.stringify(entries), "utf8");
 }
 function createReviewNudgeRealDeps(getClient2) {
   return {
@@ -7426,157 +7556,38 @@ var init_daemon_orchestration = __esm({
   }
 });
 
-// src/lib/keychain.ts
-var keychain_exports = {};
-__export(keychain_exports, {
-  deleteMasterKey: () => deleteMasterKey,
-  exportMnemonic: () => exportMnemonic,
-  getMasterKey: () => getMasterKey,
-  importMnemonic: () => importMnemonic,
-  setMasterKey: () => setMasterKey
+// src/lib/shard-manager.ts
+var shard_manager_exports = {};
+__export(shard_manager_exports, {
+  disposeShards: () => disposeShards,
+  ensureShardSchema: () => ensureShardSchema,
+  getOpenShardCount: () => getOpenShardCount,
+  getReadyShardClient: () => getReadyShardClient,
+  getShardClient: () => getShardClient,
+  getShardsDir: () => getShardsDir,
+  initShardManager: () => initShardManager,
+  isShardingEnabled: () => isShardingEnabled,
+  listShards: () => listShards,
+  shardExists: () => shardExists
 });
-import { readFile as readFile4, writeFile as writeFile5, unlink, mkdir as mkdir4, chmod as chmod2 } from "fs/promises";
-import { existsSync as existsSync15 } from "fs";
-import path18 from "path";
-import os11 from "os";
-function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path18.join(os11.homedir(), ".exe-os");
+import path19 from "path";
+import { existsSync as existsSync17, mkdirSync as mkdirSync7, readdirSync as readdirSync4 } from "fs";
+import { createClient as createClient2 } from "@libsql/client";
+function initShardManager(encryptionKey) {
+  _encryptionKey = encryptionKey;
+  if (!existsSync17(SHARDS_DIR)) {
+    mkdirSync7(SHARDS_DIR, { recursive: true });
+  }
+  _shardingEnabled = true;
+  if (_evictionTimer) clearInterval(_evictionTimer);
+  _evictionTimer = setInterval(evictIdleShards, EVICTION_INTERVAL_MS);
+  _evictionTimer.unref();
 }
-function getKeyPath() {
-  return path18.join(getKeyDir(), "master.key");
+function isShardingEnabled() {
+  return _shardingEnabled;
 }
-async function tryKeytar() {
-  try {
-    return await import("keytar");
-  } catch {
-    return null;
-  }
-}
-async function getMasterKey() {
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (stored) {
-        return Buffer.from(stored, "base64");
-      }
-    } catch {
-    }
-  }
-  const keyPath = getKeyPath();
-  if (!existsSync15(keyPath)) {
-    process.stderr.write(
-      `[keychain] Key not found at ${keyPath} (HOME=${os11.homedir()}, EXE_OS_DIR=${process.env.EXE_OS_DIR ?? "unset"})
-`
-    );
-    return null;
-  }
-  try {
-    const content = await readFile4(keyPath, "utf-8");
-    return Buffer.from(content.trim(), "base64");
-  } catch (err) {
-    process.stderr.write(
-      `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}
-`
-    );
-    return null;
-  }
-}
-async function setMasterKey(key) {
-  const b64 = key.toString("base64");
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
-    }
-  }
-  const dir = getKeyDir();
-  await mkdir4(dir, { recursive: true });
-  const keyPath = getKeyPath();
-  await writeFile5(keyPath, b64 + "\n", "utf-8");
-  await chmod2(keyPath, 384);
-}
-async function deleteMasterKey() {
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.deletePassword(SERVICE, ACCOUNT);
-    } catch {
-    }
-  }
-  const keyPath = getKeyPath();
-  if (existsSync15(keyPath)) {
-    await unlink(keyPath);
-  }
-}
-async function loadBip39() {
-  try {
-    return await import("bip39");
-  } catch {
-    throw new Error(
-      "bip39 package not found. Run: npm install -g bip39\nOr reinstall exe-os: npm install -g @askexenow/exe-os"
-    );
-  }
-}
-async function exportMnemonic(key) {
-  if (key.length !== 32) {
-    throw new Error(`Key must be 32 bytes, got ${key.length}`);
-  }
-  const { entropyToMnemonic } = await loadBip39();
-  return entropyToMnemonic(key.toString("hex"));
-}
-async function importMnemonic(mnemonic) {
-  const trimmed = mnemonic.trim();
-  const words = trimmed.split(/\s+/);
-  if (words.length !== 24) {
-    throw new Error(`Expected 24 words, got ${words.length}`);
-  }
-  const { validateMnemonic, mnemonicToEntropy } = await loadBip39();
-  if (!validateMnemonic(trimmed)) {
-    throw new Error("Invalid mnemonic \u2014 check for typos or missing words");
-  }
-  const entropy = mnemonicToEntropy(trimmed);
-  return Buffer.from(entropy, "hex");
-}
-var SERVICE, ACCOUNT;
-var init_keychain = __esm({
-  "src/lib/keychain.ts"() {
-    "use strict";
-    SERVICE = "exe-mem";
-    ACCOUNT = "master-key";
-  }
-});
-
-// src/lib/shard-manager.ts
-var shard_manager_exports = {};
-__export(shard_manager_exports, {
-  disposeShards: () => disposeShards,
-  ensureShardSchema: () => ensureShardSchema,
-  getReadyShardClient: () => getReadyShardClient,
-  getShardClient: () => getShardClient,
-  getShardsDir: () => getShardsDir,
-  initShardManager: () => initShardManager,
-  isShardingEnabled: () => isShardingEnabled,
-  listShards: () => listShards,
-  shardExists: () => shardExists
-});
-import path19 from "path";
-import { existsSync as existsSync16, mkdirSync as mkdirSync7, readdirSync as readdirSync4 } from "fs";
-import { createClient as createClient2 } from "@libsql/client";
-function initShardManager(encryptionKey) {
-  _encryptionKey = encryptionKey;
-  if (!existsSync16(SHARDS_DIR)) {
-    mkdirSync7(SHARDS_DIR, { recursive: true });
-  }
-  _shardingEnabled = true;
-}
-function isShardingEnabled() {
-  return _shardingEnabled;
-}
-function getShardsDir() {
-  return SHARDS_DIR;
+function getShardsDir() {
+  return SHARDS_DIR;
 }
 function getShardClient(projectName) {
   if (!_encryptionKey) {
@@ -7587,21 +7598,28 @@ function getShardClient(projectName) {
     throw new Error(`Invalid project name for shard: "${projectName}"`);
   }
   const cached = _shards.get(safeName);
-  if (cached) return cached;
+  if (cached) {
+    _shardLastAccess.set(safeName, Date.now());
+    return cached;
+  }
+  while (_shards.size >= MAX_OPEN_SHARDS) {
+    evictLRU();
+  }
   const dbPath = path19.join(SHARDS_DIR, `${safeName}.db`);
   const client = createClient2({
     url: `file:${dbPath}`,
     encryptionKey: _encryptionKey
   });
   _shards.set(safeName, client);
+  _shardLastAccess.set(safeName, Date.now());
   return client;
 }
 function shardExists(projectName) {
   const safeName = projectName.replace(/[^a-zA-Z0-9_-]/g, "_");
-  return existsSync16(path19.join(SHARDS_DIR, `${safeName}.db`));
+  return existsSync17(path19.join(SHARDS_DIR, `${safeName}.db`));
 }
 function listShards() {
-  if (!existsSync16(SHARDS_DIR)) return [];
+  if (!existsSync17(SHARDS_DIR)) return [];
   return readdirSync4(SHARDS_DIR).filter((f) => f.endsWith(".db")).map((f) => f.replace(".db", ""));
 }
 async function ensureShardSchema(client) {
@@ -7653,6 +7671,8 @@ async function ensureShardSchema(client) {
   for (const col of [
     "ALTER TABLE memories ADD COLUMN task_id TEXT",
     "ALTER TABLE memories ADD COLUMN consolidated INTEGER NOT NULL DEFAULT 0",
+    "ALTER TABLE memories ADD COLUMN author_device_id TEXT",
+    "ALTER TABLE memories ADD COLUMN scope TEXT NOT NULL DEFAULT 'business'",
     "ALTER TABLE memories ADD COLUMN importance INTEGER DEFAULT 5",
     "ALTER TABLE memories ADD COLUMN status TEXT DEFAULT 'active'",
     "ALTER TABLE memories ADD COLUMN wiki_synced INTEGER DEFAULT 0",
@@ -7790,26 +7810,197 @@ async function getReadyShardClient(projectName) {
   await ensureShardSchema(client);
   return client;
 }
+function evictLRU() {
+  let oldest = null;
+  let oldestTime = Infinity;
+  for (const [name, time] of _shardLastAccess) {
+    if (time < oldestTime) {
+      oldestTime = time;
+      oldest = name;
+    }
+  }
+  if (oldest) {
+    const client = _shards.get(oldest);
+    if (client) {
+      client.close();
+    }
+    _shards.delete(oldest);
+    _shardLastAccess.delete(oldest);
+  }
+}
+function evictIdleShards() {
+  const now = Date.now();
+  const toEvict = [];
+  for (const [name, lastAccess] of _shardLastAccess) {
+    if (now - lastAccess > SHARD_IDLE_MS) {
+      toEvict.push(name);
+    }
+  }
+  for (const name of toEvict) {
+    const client = _shards.get(name);
+    if (client) {
+      client.close();
+    }
+    _shards.delete(name);
+    _shardLastAccess.delete(name);
+  }
+}
+function getOpenShardCount() {
+  return _shards.size;
+}
 function disposeShards() {
+  if (_evictionTimer) {
+    clearInterval(_evictionTimer);
+    _evictionTimer = null;
+  }
   for (const [, client] of _shards) {
     client.close();
   }
   _shards.clear();
+  _shardLastAccess.clear();
   _shardingEnabled = false;
   _encryptionKey = null;
 }
-var SHARDS_DIR, _shards, _encryptionKey, _shardingEnabled;
+var SHARDS_DIR, SHARD_IDLE_MS, MAX_OPEN_SHARDS, EVICTION_INTERVAL_MS, _shards, _shardLastAccess, _evictionTimer, _encryptionKey, _shardingEnabled;
 var init_shard_manager = __esm({
   "src/lib/shard-manager.ts"() {
     "use strict";
     init_config();
     SHARDS_DIR = path19.join(EXE_AI_DIR, "shards");
+    SHARD_IDLE_MS = 5 * 60 * 1e3;
+    MAX_OPEN_SHARDS = 10;
+    EVICTION_INTERVAL_MS = 60 * 1e3;
     _shards = /* @__PURE__ */ new Map();
+    _shardLastAccess = /* @__PURE__ */ new Map();
+    _evictionTimer = null;
     _encryptionKey = null;
     _shardingEnabled = false;
   }
 });
 
+// src/lib/keychain.ts
+var keychain_exports = {};
+__export(keychain_exports, {
+  deleteMasterKey: () => deleteMasterKey,
+  exportMnemonic: () => exportMnemonic,
+  getMasterKey: () => getMasterKey,
+  importMnemonic: () => importMnemonic,
+  setMasterKey: () => setMasterKey
+});
+import { readFile as readFile4, writeFile as writeFile5, unlink, mkdir as mkdir4, chmod as chmod2 } from "fs/promises";
+import { existsSync as existsSync18 } from "fs";
+import path20 from "path";
+import os12 from "os";
+function getKeyDir() {
+  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path20.join(os12.homedir(), ".exe-os");
+}
+function getKeyPath() {
+  return path20.join(getKeyDir(), "master.key");
+}
+async function tryKeytar() {
+  try {
+    return await import("keytar");
+  } catch {
+    return null;
+  }
+}
+async function getMasterKey() {
+  const keytar = await tryKeytar();
+  if (keytar) {
+    try {
+      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
+      if (stored) {
+        return Buffer.from(stored, "base64");
+      }
+    } catch {
+    }
+  }
+  const keyPath = getKeyPath();
+  if (!existsSync18(keyPath)) {
+    process.stderr.write(
+      `[keychain] Key not found at ${keyPath} (HOME=${os12.homedir()}, EXE_OS_DIR=${process.env.EXE_OS_DIR ?? "unset"})
+`
+    );
+    return null;
+  }
+  try {
+    const content = await readFile4(keyPath, "utf-8");
+    return Buffer.from(content.trim(), "base64");
+  } catch (err) {
+    process.stderr.write(
+      `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}
+`
+    );
+    return null;
+  }
+}
+async function setMasterKey(key) {
+  const b64 = key.toString("base64");
+  const keytar = await tryKeytar();
+  if (keytar) {
+    try {
+      await keytar.setPassword(SERVICE, ACCOUNT, b64);
+      return;
+    } catch {
+    }
+  }
+  const dir = getKeyDir();
+  await mkdir4(dir, { recursive: true });
+  const keyPath = getKeyPath();
+  await writeFile5(keyPath, b64 + "\n", "utf-8");
+  await chmod2(keyPath, 384);
+}
+async function deleteMasterKey() {
+  const keytar = await tryKeytar();
+  if (keytar) {
+    try {
+      await keytar.deletePassword(SERVICE, ACCOUNT);
+    } catch {
+    }
+  }
+  const keyPath = getKeyPath();
+  if (existsSync18(keyPath)) {
+    await unlink(keyPath);
+  }
+}
+async function loadBip39() {
+  try {
+    return await import("bip39");
+  } catch {
+    throw new Error(
+      "bip39 package not found. Run: npm install -g bip39\nOr reinstall exe-os: npm install -g @askexenow/exe-os"
+    );
+  }
+}
+async function exportMnemonic(key) {
+  if (key.length !== 32) {
+    throw new Error(`Key must be 32 bytes, got ${key.length}`);
+  }
+  const { entropyToMnemonic } = await loadBip39();
+  return entropyToMnemonic(key.toString("hex"));
+}
+async function importMnemonic(mnemonic) {
+  const trimmed = mnemonic.trim();
+  const words = trimmed.split(/\s+/);
+  if (words.length !== 24) {
+    throw new Error(`Expected 24 words, got ${words.length}`);
+  }
+  const { validateMnemonic, mnemonicToEntropy } = await loadBip39();
+  if (!validateMnemonic(trimmed)) {
+    throw new Error("Invalid mnemonic \u2014 check for typos or missing words");
+  }
+  const entropy = mnemonicToEntropy(trimmed);
+  return Buffer.from(entropy, "hex");
+}
+var SERVICE, ACCOUNT;
+var init_keychain = __esm({
+  "src/lib/keychain.ts"() {
+    "use strict";
+    SERVICE = "exe-mem";
+    ACCOUNT = "master-key";
+  }
+});
+
 // src/lib/platform-procedures.ts
 var PLATFORM_PROCEDURES, PLATFORM_PROCEDURE_TITLES;
 var init_platform_procedures = __esm({
@@ -8582,15 +8773,15 @@ async function pollPendingReviews(deps, state) {
     return [];
   }
   if (sessions.length === 0) return [];
-  let reviewCount;
-  try {
-    reviewCount = await deps.countPendingReviews();
-  } catch {
-    return [];
-  }
-  if (reviewCount === 0) return [];
   const sent = [];
   for (const exeSession of sessions) {
+    let reviewCount = 0;
+    try {
+      reviewCount = await deps.countPendingReviews(exeSession);
+    } catch {
+      continue;
+    }
+    if (reviewCount === 0) continue;
     const lastSent = state.lastIntercomSent.get(exeSession) ?? 0;
     if (Date.now() - lastSent < state.intervalMs) continue;
     try {
@@ -8600,15 +8791,17 @@ async function pollPendingReviews(deps, state) {
     } catch {
     }
   }
-  try {
-    const orphans = await deps.findOrphanedDoneTasks();
-    for (const orphan of orphans) {
-      try {
-        await deps.createReviewForOrphan(orphan);
-      } catch {
+  for (const exeSession of sessions) {
+    try {
+      const orphans = await deps.findOrphanedDoneTasks(exeSession);
+      for (const orphan of orphans) {
+        try {
+          await deps.createReviewForOrphan(orphan);
+        } catch {
+        }
       }
+    } catch {
     }
-  } catch {
   }
   if (deps.findStaleTasks && deps.sendNudge) {
     try {
@@ -8626,50 +8819,56 @@ async function pollPendingReviews(deps, state) {
     }
   }
   if (deps.findUrgentUnread) {
-    try {
-      const urgent = await deps.findUrgentUnread();
-      for (const msg of urgent) {
-        try {
-          const employeeSessions = sessions.length > 0 ? deps.listTmuxSessions().filter((s) => s.startsWith(`${msg.target_agent}-`)) : [];
-          for (const sess of employeeSessions) {
-            deps.sendIntercom(sess);
-          }
-          const ageMs = Date.now() - new Date(msg.created_at).getTime();
-          if (ageMs > 5 * 60 * 1e3) {
-            process.stderr.write(
-              `[exed] WARNING: Urgent message to ${msg.target_agent} unread for ${Math.round(ageMs / 6e4)}min: "${msg.content.slice(0, 80)}"
-`
+    for (const exeSession of sessions) {
+      try {
+        const urgent = await deps.findUrgentUnread(exeSession);
+        for (const msg of urgent) {
+          try {
+            const employeeSessions = deps.listTmuxSessions().filter(
+              (s) => s.startsWith(`${msg.target_agent}-`) && s.endsWith(`-${exeSession}`)
             );
+            for (const sess of employeeSessions) {
+              deps.sendIntercom(sess);
+            }
+            const ageMs = Date.now() - new Date(msg.created_at).getTime();
+            if (ageMs > 5 * 60 * 1e3) {
+              process.stderr.write(
+                `[exed] WARNING: Urgent message to ${msg.target_agent} unread for ${Math.round(ageMs / 6e4)}min: "${msg.content.slice(0, 80)}"
+`
+              );
+            }
+          } catch {
           }
-        } catch {
         }
+      } catch {
       }
-    } catch {
     }
   }
   if (deps.findUnstartedTasks) {
-    try {
-      const unstarted = await deps.findUnstartedTasks();
-      for (const task of unstarted) {
-        try {
-          const employeeSessions = deps.listTmuxSessions().filter(
-            (s) => s.startsWith(`${task.assigned_to}-`) || s.startsWith(`${task.assigned_to}1-`)
-          );
-          for (const sess of employeeSessions) {
-            deps.sendIntercom(sess);
-          }
-          const ageMs = Date.now() - new Date(task.created_at).getTime();
-          const UNSTARTED_WARNING_MS = 15 * 60 * 1e3;
-          if (ageMs > UNSTARTED_WARNING_MS) {
-            process.stderr.write(
-              `[exed] WARNING: Task "${task.title}" assigned to ${task.assigned_to} unstarted for ${Math.round(ageMs / 6e4)}min
-`
+    for (const exeSession of sessions) {
+      try {
+        const unstarted = await deps.findUnstartedTasks(exeSession);
+        for (const task of unstarted) {
+          try {
+            const employeeSessions = deps.listTmuxSessions().filter(
+              (s) => (s.startsWith(`${task.assigned_to}-`) || s.startsWith(`${task.assigned_to}1-`)) && s.endsWith(`-${exeSession}`)
             );
+            for (const sess of employeeSessions) {
+              deps.sendIntercom(sess);
+            }
+            const ageMs = Date.now() - new Date(task.created_at).getTime();
+            const UNSTARTED_WARNING_MS = 15 * 60 * 1e3;
+            if (ageMs > UNSTARTED_WARNING_MS) {
+              process.stderr.write(
+                `[exed] WARNING: Task "${task.title}" assigned to ${task.assigned_to} unstarted for ${Math.round(ageMs / 6e4)}min
+`
+              );
+            }
+          } catch {
           }
-        } catch {
         }
+      } catch {
       }
-    } catch {
     }
   }
   return sent;
@@ -8682,9 +8881,9 @@ function createRealDeps(getClient2) {
         timeout: 3e3
       }).trim().split("\n").filter(Boolean);
     },
-    countPendingReviews: async () => {
+    countPendingReviews: async (sessionScope) => {
       const client = getClient2();
-      const rpScope = sessionScopeFilter();
+      const rpScope = strictSessionScopeFilter(sessionScope);
       const result = await client.execute({
         sql: `SELECT COUNT(*) as count FROM tasks
               WHERE status = 'needs_review'${rpScope.sql}`,
@@ -8696,10 +8895,10 @@ function createRealDeps(getClient2) {
       const { sendIntercom: centralSend } = (init_tmux_routing(), __toCommonJS(tmux_routing_exports));
       centralSend(session);
     },
-    findOrphanedDoneTasks: async () => {
+    findOrphanedDoneTasks: async (sessionScope) => {
       const client = getClient2();
       const coordinatorName = getCoordinatorName();
-      const odScope = sessionScopeFilter(void 0, "t");
+      const odScope = strictSessionScopeFilter(sessionScope, "t");
       const result = await client.execute({
         sql: `SELECT t.id, t.title, t.assigned_to, t.assigned_by,
                      t.project_name, t.task_file, t.result, t.status
@@ -8724,24 +8923,25 @@ function createRealDeps(getClient2) {
       process.stderr.write(`[exed] Created missing review for: ${task.title} (${task.assigned_to})
 `);
     },
-    findUrgentUnread: async () => {
+    findUrgentUnread: async (sessionScope) => {
       const client = getClient2();
+      const msgScope = strictSessionScopeFilter(sessionScope);
       const result = await client.execute({
         sql: `SELECT id, target_agent, content, created_at
               FROM messages
               WHERE priority = 'urgent'
                 AND status IN ('pending', 'delivered')
-                AND created_at <= datetime('now', '-2 minutes')
+                AND created_at <= datetime('now', '-2 minutes')${msgScope.sql}
               ORDER BY created_at ASC
               LIMIT 10`,
-        args: []
+        args: [...msgScope.args]
       });
       return result.rows;
     },
-    findUnstartedTasks: async () => {
+    findUnstartedTasks: async (sessionScope) => {
       const client = getClient2();
       const coordinatorName = getCoordinatorName();
-      const usScope = sessionScopeFilter();
+      const usScope = strictSessionScopeFilter(sessionScope);
       const result = await client.execute({
         sql: `SELECT id, title, assigned_to, created_at
               FROM tasks
@@ -9176,10 +9376,10 @@ async function disposeEmbedder() {
 async function embedDirect(text) {
   const llamaCpp = await import("node-llama-cpp");
   const { MODELS_DIR: MODELS_DIR2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-  const { existsSync: existsSync19 } = await import("fs");
-  const path24 = await import("path");
-  const modelPath = path24.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
-  if (!existsSync19(modelPath)) {
+  const { existsSync: existsSync21 } = await import("fs");
+  const path25 = await import("path");
+  const modelPath = path25.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
+  if (!existsSync21(modelPath)) {
     throw new Error(`Embedding model not found at ${modelPath}. Run '/exe-setup' to download it.`);
   }
   const llama = await llamaCpp.getLlama();
@@ -9401,13 +9601,13 @@ __export(graph_rag_exports, {
   resolveAlias: () => resolveAlias,
   storeExtraction: () => storeExtraction
 });
-import crypto6 from "crypto";
+import crypto7 from "crypto";
 function normalizeEntityName(name) {
   return name.replace(/\s*\([^)]*\)\s*/g, "").trim().toLowerCase();
 }
 function entityId(name, type) {
   const normalized = normalizeEntityName(name);
-  return crypto6.createHash("sha256").update(`${normalized}::${type.toLowerCase()}`).digest("hex").slice(0, 16);
+  return crypto7.createHash("sha256").update(`${normalized}::${type.toLowerCase()}`).digest("hex").slice(0, 16);
 }
 async function resolveAlias(client, name) {
   const normalized = normalizeEntityName(name);
@@ -9657,7 +9857,7 @@ async function storeExtraction(client, extraction, memoryId, timestamp) {
     const targetAlias = await resolveAlias(client, r.target);
     const sourceId = sourceAlias ?? entityId(r.source, r.sourceType);
     const targetId = targetAlias ?? entityId(r.target, r.targetType);
-    const relId = crypto6.randomUUID().slice(0, 16);
+    const relId = crypto7.randomUUID().slice(0, 16);
     try {
       await client.execute({
         sql: `INSERT OR IGNORE INTO entities (id, name, type, first_seen, last_seen)
@@ -9720,7 +9920,7 @@ async function storeExtraction(client, extraction, memoryId, timestamp) {
     }
   }
   for (const h of extraction.hyperedges) {
-    const hId = crypto6.randomUUID().slice(0, 16);
+    const hId = crypto7.randomUUID().slice(0, 16);
     try {
       await client.execute({
         sql: `INSERT OR IGNORE INTO hyperedges (id, label, relation, confidence, timestamp)
@@ -9784,7 +9984,7 @@ async function extractBatch(client, batchSize = 50, model = "claude-haiku-4-5-20
         totalEntities += stored.entitiesStored;
         totalRelationships += stored.relationshipsStored;
       }
-      const contentHash = crypto6.createHash("sha256").update(rawContent).digest("hex").slice(0, 32);
+      const contentHash = crypto7.createHash("sha256").update(rawContent).digest("hex").slice(0, 32);
       await client.execute({
         sql: "UPDATE memories SET graph_extracted = 1, content_hash = ?, graph_extracted_hash = ? WHERE id = ?",
         args: [contentHash, contentHash, memoryId]
@@ -9901,8 +10101,8 @@ __export(wiki_sync_exports, {
   listWorkspaces: () => listWorkspaces,
   syncMemories: () => syncMemories
 });
-async function wikiRequest(config, path24, method = "GET", body) {
-  const url = `${config.wikiUrl}/api/v1${path24}`;
+async function wikiRequest(config, path25, method = "GET", body) {
+  const url = `${config.wikiUrl}/api/v1${path25}`;
   const headers = {
     "Authorization": `Bearer ${config.wikiApiKey}`,
     "Content-Type": "application/json"
@@ -9914,7 +10114,7 @@ async function wikiRequest(config, path24, method = "GET", body) {
     signal: AbortSignal.timeout(3e4)
   });
   if (!response.ok) {
-    throw new Error(`Wiki API ${method} ${path24}: ${response.status} ${response.statusText}`);
+    throw new Error(`Wiki API ${method} ${path25}: ${response.status} ${response.statusText}`);
   }
   return response.json();
 }
@@ -10026,8 +10226,8 @@ __export(token_spend_exports, {
 import { readdir } from "fs/promises";
 import { createReadStream } from "fs";
 import { createInterface } from "readline";
-import path20 from "path";
-import os12 from "os";
+import path21 from "path";
+import os13 from "os";
 function getPricing(model) {
   if (MODEL_PRICING[model]) return MODEL_PRICING[model];
   const stripped = model.replace(/-\d{8}$/, "");
@@ -10039,29 +10239,33 @@ function getPricing(model) {
   return DEFAULT_PRICING;
 }
 async function getAgentSpend(period = "7d") {
+  const cached = _spendCache.get(period);
+  if (cached && Date.now() < cached.expires) {
+    return cached.result;
+  }
   const cutoff = periodToCutoff(period);
   const client = getClient();
-  const result = await client.execute({
+  const dbResult = await client.execute({
     sql: `SELECT session_uuid, agent_id FROM session_agent_map WHERE started_at >= ?`,
     args: [cutoff]
   });
-  if (result.rows.length === 0) return [];
+  if (dbResult.rows.length === 0) return [];
   const sessionAgent = /* @__PURE__ */ new Map();
-  for (const row of result.rows) {
+  for (const row of dbResult.rows) {
     sessionAgent.set(row.session_uuid, row.agent_id);
   }
-  const claudeDir = path20.join(os12.homedir(), ".claude", "projects");
+  const claudeDir = path21.join(os13.homedir(), ".claude", "projects");
   let projectDirs = [];
   try {
     const entries = await readdir(claudeDir);
-    projectDirs = entries.map((e) => path20.join(claudeDir, e));
+    projectDirs = entries.map((e) => path21.join(claudeDir, e));
   } catch {
     return [];
   }
   const agentTotals = /* @__PURE__ */ new Map();
   for (const [sessionUuid, agentId] of sessionAgent) {
     for (const dir of projectDirs) {
-      const jsonlPath = path20.join(dir, `${sessionUuid}.jsonl`);
+      const jsonlPath = path21.join(dir, `${sessionUuid}.jsonl`);
       try {
         const usage = await extractSessionUsage(jsonlPath);
         if (usage.input === 0 && usage.output === 0) continue;
@@ -10085,7 +10289,7 @@ async function getAgentSpend(period = "7d") {
       }
     }
   }
-  return Array.from(agentTotals.entries()).map(([agentId, t]) => ({
+  const result = Array.from(agentTotals.entries()).map(([agentId, t]) => ({
     agentId,
     inputTokens: t.input,
     outputTokens: t.output,
@@ -10095,6 +10299,8 @@ async function getAgentSpend(period = "7d") {
     sessions: t.sessions.size,
     period
   })).sort((a, b) => b.costUSD - a.costUSD);
+  _spendCache.set(period, { result, expires: Date.now() + CACHE_TTL_MS });
+  return result;
 }
 async function extractSessionUsage(jsonlPath) {
   let input = 0;
@@ -10141,7 +10347,7 @@ function periodToCutoff(period) {
   const ms = { "24h": 864e5, "7d": 6048e5, "30d": 2592e6 }[period];
   return new Date(Date.now() - ms).toISOString();
 }
-var MODEL_PRICING, DEFAULT_PRICING;
+var MODEL_PRICING, DEFAULT_PRICING, CACHE_TTL_MS, _spendCache;
 var init_token_spend = __esm({
   "src/lib/token-spend.ts"() {
     "use strict";
@@ -10171,6 +10377,8 @@ var init_token_spend = __esm({
       "claude-3-haiku": { input: 0.25 / 1e6, output: 1.25 / 1e6, cacheRead: 0.03 / 1e6, cacheWrite: 0.3 / 1e6 }
     };
     DEFAULT_PRICING = MODEL_PRICING["claude-sonnet-4"];
+    CACHE_TTL_MS = 5 * 60 * 1e3;
+    _spendCache = /* @__PURE__ */ new Map();
   }
 });
 
@@ -10182,11 +10390,11 @@ __export(update_check_exports, {
   getRemoteVersion: () => getRemoteVersion
 });
 import { execSync as execSync11 } from "child_process";
-import { readFileSync as readFileSync14 } from "fs";
-import path21 from "path";
+import { readFileSync as readFileSync15 } from "fs";
+import path22 from "path";
 function getLocalVersion(packageRoot) {
-  const pkgPath = path21.join(packageRoot, "package.json");
-  const pkg = JSON.parse(readFileSync14(pkgPath, "utf-8"));
+  const pkgPath = path22.join(packageRoot, "package.json");
+  const pkg = JSON.parse(readFileSync15(pkgPath, "utf-8"));
   return pkg.version;
 }
 function getRemoteVersion() {
@@ -10229,16 +10437,16 @@ __export(ws_auth_exports, {
   deriveWsAuthToken: () => deriveWsAuthToken,
   hashAuthToken: () => hashAuthToken
 });
-import crypto7 from "crypto";
+import crypto8 from "crypto";
 function deriveWsAuthToken(masterKey) {
-  return Buffer.from(crypto7.hkdfSync("sha256", masterKey, "", WS_AUTH_HKDF_INFO, 32));
+  return Buffer.from(crypto8.hkdfSync("sha256", masterKey, "", WS_AUTH_HKDF_INFO, 32));
 }
 function deriveOrgId(masterKey) {
-  const raw = Buffer.from(crypto7.hkdfSync("sha256", masterKey, "", ORG_ID_HKDF_INFO, 32));
-  return crypto7.createHash("sha256").update(raw).digest("hex").slice(0, 32);
+  const raw = Buffer.from(crypto8.hkdfSync("sha256", masterKey, "", ORG_ID_HKDF_INFO, 32));
+  return crypto8.createHash("sha256").update(raw).digest("hex").slice(0, 32);
 }
 function hashAuthToken(token) {
-  return crypto7.createHash("sha256").update(token).digest("hex");
+  return crypto8.createHash("sha256").update(token).digest("hex");
 }
 var WS_AUTH_HKDF_INFO, ORG_ID_HKDF_INFO;
 var init_ws_auth = __esm({
@@ -10256,14 +10464,14 @@ __export(device_registry_exports, {
   resolveTargetDevice: () => resolveTargetDevice,
   setFriendlyName: () => setFriendlyName
 });
-import crypto8 from "crypto";
-import os13 from "os";
-import { readFileSync as readFileSync15, writeFileSync as writeFileSync9, mkdirSync as mkdirSync8, existsSync as existsSync17 } from "fs";
-import path22 from "path";
+import crypto9 from "crypto";
+import os14 from "os";
+import { readFileSync as readFileSync16, writeFileSync as writeFileSync10, mkdirSync as mkdirSync8, existsSync as existsSync19 } from "fs";
+import path23 from "path";
 function getDeviceInfo() {
-  if (existsSync17(DEVICE_JSON_PATH)) {
+  if (existsSync19(DEVICE_JSON_PATH)) {
     try {
-      const raw = readFileSync15(DEVICE_JSON_PATH, "utf8");
+      const raw = readFileSync16(DEVICE_JSON_PATH, "utf8");
       const data = JSON.parse(raw);
       if (data.deviceId && data.friendlyName && data.hostname) {
         return data;
@@ -10271,20 +10479,20 @@ function getDeviceInfo() {
     } catch {
     }
   }
-  const hostname = os13.hostname();
+  const hostname = os14.hostname();
   const info = {
-    deviceId: crypto8.randomUUID(),
+    deviceId: crypto9.randomUUID(),
     friendlyName: hostname.replace(/\./g, "-").toLowerCase(),
     hostname
   };
-  mkdirSync8(path22.dirname(DEVICE_JSON_PATH), { recursive: true });
-  writeFileSync9(DEVICE_JSON_PATH, JSON.stringify(info, null, 2));
+  mkdirSync8(path23.dirname(DEVICE_JSON_PATH), { recursive: true });
+  writeFileSync10(DEVICE_JSON_PATH, JSON.stringify(info, null, 2));
   return info;
 }
 function setFriendlyName(name) {
   const info = getDeviceInfo();
   info.friendlyName = name;
-  writeFileSync9(DEVICE_JSON_PATH, JSON.stringify(info, null, 2));
+  writeFileSync10(DEVICE_JSON_PATH, JSON.stringify(info, null, 2));
 }
 async function resolveTargetDevice(targetAgent, targetProject) {
   const { getClient: getClient2 } = await Promise.resolve().then(() => (init_database(), database_exports));
@@ -10318,7 +10526,7 @@ var init_device_registry = __esm({
   "src/lib/device-registry.ts"() {
     "use strict";
     init_config();
-    DEVICE_JSON_PATH = path22.join(EXE_AI_DIR, "device.json");
+    DEVICE_JSON_PATH = path23.join(EXE_AI_DIR, "device.json");
   }
 });
 
@@ -10542,10 +10750,10 @@ __export(messaging_exports, {
   sendMessage: () => sendMessage,
   setWsClientSend: () => setWsClientSend
 });
-import crypto9 from "crypto";
+import crypto10 from "crypto";
 function generateUlid() {
   const timestamp = Date.now().toString(36).padStart(10, "0");
-  const random = crypto9.randomBytes(10).toString("hex").slice(0, 16);
+  const random = crypto10.randomBytes(10).toString("hex").slice(0, 16);
   return (timestamp + random).toUpperCase();
 }
 function rowToMessage(row) {
@@ -10556,6 +10764,7 @@ function rowToMessage(row) {
     targetAgent: row.target_agent,
     targetProject: row.target_project ?? null,
     targetDevice: row.target_device,
+    sessionScope: row.session_scope ?? null,
     content: row.content,
     priority: row.priority ?? "normal",
     status: row.status ?? "pending",
@@ -10573,15 +10782,17 @@ async function sendMessage(input) {
   const id = generateUlid();
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const targetDevice = input.targetDevice ?? "local";
+  const sessionScope = input.sessionScope === void 0 ? resolveExeSession() : input.sessionScope;
   await client.execute({
-    sql: `INSERT INTO messages (id, from_agent, from_device, target_agent, target_project, target_device, content, priority, status, created_at)
-          VALUES (?, ?, 'local', ?, ?, ?, ?, ?, 'pending', ?)`,
+    sql: `INSERT INTO messages (id, from_agent, from_device, target_agent, target_project, target_device, session_scope, content, priority, status, created_at)
+          VALUES (?, ?, 'local', ?, ?, ?, ?, ?, ?, 'pending', ?)`,
     args: [
       id,
       input.fromAgent,
       input.targetAgent,
       input.targetProject ?? null,
       targetDevice,
+      sessionScope,
       input.content,
       input.priority ?? "normal",
       now
@@ -10595,9 +10806,10 @@ async function sendMessage(input) {
     }
   } catch {
   }
+  const sentScope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
-    sql: "SELECT * FROM messages WHERE id = ?",
-    args: [id]
+    sql: `SELECT * FROM messages WHERE id = ?${sentScope.sql}`,
+    args: [id, ...sentScope.args]
   });
   return rowToMessage(result.rows[0]);
 }
@@ -10621,6 +10833,7 @@ async function deliverCrossMachineMessage(messageId, targetDevice) {
     fromAgent: msg.fromAgent,
     targetAgent: msg.targetAgent,
     targetProject: msg.targetProject,
+    sessionScope: msg.sessionScope,
     content: msg.content,
     priority: msg.priority,
     createdAt: msg.createdAt
@@ -10664,7 +10877,7 @@ async function deliverLocalMessage(messageId) {
   } catch {
     const newRetryCount = msg.retryCount + 1;
     if (newRetryCount >= MAX_RETRIES3) {
-      await markFailed(messageId, "session unavailable after 10 retries");
+      await markFailed(messageId, "session unavailable after 10 retries", msg.sessionScope);
     } else {
       await client.execute({
         sql: "UPDATE messages SET retry_count = ? WHERE id = ?",
@@ -10674,85 +10887,101 @@ async function deliverLocalMessage(messageId) {
     return false;
   }
 }
-async function getPendingMessages(targetAgent) {
+async function getPendingMessages(targetAgent, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
     sql: `SELECT * FROM messages
-          WHERE target_agent = ? AND status IN ('pending', 'delivered')
+          WHERE target_agent = ? AND status IN ('pending', 'delivered')${scope.sql}
           ORDER BY id`,
-    args: [targetAgent]
+    args: [targetAgent, ...scope.args]
   });
   return result.rows.map((row) => rowToMessage(row));
 }
-async function markRead(messageId) {
+async function markRead(messageId, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   await client.execute({
-    sql: "UPDATE messages SET status = 'read' WHERE id = ? AND status IN ('pending', 'delivered')",
-    args: [messageId]
+    sql: `UPDATE messages SET status = 'read'
+          WHERE id = ? AND status IN ('pending', 'delivered')${scope.sql}`,
+    args: [messageId, ...scope.args]
   });
 }
-async function markAcknowledged(messageId) {
+async function markAcknowledged(messageId, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   await client.execute({
-    sql: "UPDATE messages SET status = 'acknowledged', processed_at = ? WHERE id = ? AND status = 'read'",
-    args: [(/* @__PURE__ */ new Date()).toISOString(), messageId]
+    sql: `UPDATE messages SET status = 'acknowledged', processed_at = ?
+          WHERE id = ? AND status = 'read'${scope.sql}`,
+    args: [(/* @__PURE__ */ new Date()).toISOString(), messageId, ...scope.args]
   });
 }
-async function markProcessed(messageId) {
+async function markProcessed(messageId, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   await client.execute({
-    sql: "UPDATE messages SET status = 'processed', processed_at = ? WHERE id = ?",
-    args: [(/* @__PURE__ */ new Date()).toISOString(), messageId]
+    sql: `UPDATE messages SET status = 'processed', processed_at = ?
+          WHERE id = ?${scope.sql}`,
+    args: [(/* @__PURE__ */ new Date()).toISOString(), messageId, ...scope.args]
   });
 }
-async function getMessageStatus(messageId) {
+async function getMessageStatus(messageId, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
-    sql: "SELECT status FROM messages WHERE id = ?",
-    args: [messageId]
+    sql: `SELECT status FROM messages WHERE id = ?${scope.sql}`,
+    args: [messageId, ...scope.args]
   });
   return result.rows[0]?.status ?? null;
 }
-async function getUnacknowledgedMessages(targetAgent) {
+async function getUnacknowledgedMessages(targetAgent, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
     sql: `SELECT * FROM messages
-          WHERE target_agent = ? AND status IN ('pending', 'delivered', 'read')
+          WHERE target_agent = ? AND status IN ('pending', 'delivered', 'read')${scope.sql}
           ORDER BY id`,
-    args: [targetAgent]
+    args: [targetAgent, ...scope.args]
   });
   return result.rows.map((row) => rowToMessage(row));
 }
-async function getReadMessages(targetAgent) {
+async function getReadMessages(targetAgent, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
-    sql: "SELECT * FROM messages WHERE target_agent = ? AND status = 'read' ORDER BY id",
-    args: [targetAgent]
+    sql: `SELECT * FROM messages
+          WHERE target_agent = ? AND status = 'read'${scope.sql}
+          ORDER BY id`,
+    args: [targetAgent, ...scope.args]
   });
   return result.rows.map((row) => rowToMessage(row));
 }
-async function markFailed(messageId, reason) {
+async function markFailed(messageId, reason, sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   await client.execute({
-    sql: "UPDATE messages SET status = 'failed', failed_at = ?, failure_reason = ? WHERE id = ?",
-    args: [(/* @__PURE__ */ new Date()).toISOString(), reason, messageId]
+    sql: `UPDATE messages SET status = 'failed', failed_at = ?, failure_reason = ?
+          WHERE id = ?${scope.sql}`,
+    args: [(/* @__PURE__ */ new Date()).toISOString(), reason, messageId, ...scope.args]
   });
 }
-async function getFailedMessages() {
+async function getFailedMessages(sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
-    sql: "SELECT * FROM messages WHERE status = 'failed' ORDER BY created_at DESC",
-    args: []
+    sql: `SELECT * FROM messages WHERE status = 'failed'${scope.sql} ORDER BY created_at DESC`,
+    args: [...scope.args]
   });
   return result.rows.map((row) => rowToMessage(row));
 }
-async function retryPendingMessages() {
+async function retryPendingMessages(sessionScope) {
   const client = getClient();
+  const scope = strictSessionScopeFilter(sessionScope);
   const result = await client.execute({
     sql: `SELECT * FROM messages
-          WHERE status = 'pending' AND retry_count < ?
+          WHERE status = 'pending' AND retry_count < ?${scope.sql}
           ORDER BY id`,
-    args: [MAX_RETRIES3]
+    args: [MAX_RETRIES3, ...scope.args]
   });
   let delivered = 0;
   for (const row of result.rows) {
@@ -10771,6 +11000,7 @@ var init_messaging = __esm({
     "use strict";
     init_database();
     init_tmux_routing();
+    init_task_scope();
     MAX_RETRIES3 = 10;
     _wsClientSend = null;
   }
@@ -10780,19 +11010,22 @@ var init_messaging = __esm({
 init_config();
 init_memory();
 init_daemon_protocol();
+init_daemon_auth();
 init_daemon_orchestration();
 import net2 from "net";
-import { writeFileSync as writeFileSync10, unlinkSync as unlinkSync7, mkdirSync as mkdirSync9, existsSync as existsSync18, readFileSync as readFileSync16 } from "fs";
-import path23 from "path";
+import { writeFileSync as writeFileSync11, unlinkSync as unlinkSync7, mkdirSync as mkdirSync9, existsSync as existsSync20, readFileSync as readFileSync17, chmodSync as chmodSync2 } from "fs";
+import path24 from "path";
 import { getLlama } from "node-llama-cpp";
-var SOCKET_PATH2 = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path23.join(EXE_AI_DIR, "exed.sock");
-var PID_PATH2 = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path23.join(EXE_AI_DIR, "exed.pid");
+var SOCKET_PATH2 = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path24.join(EXE_AI_DIR, "exed.sock");
+var PID_PATH2 = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path24.join(EXE_AI_DIR, "exed.pid");
 var MODEL_FILE = "jina-embeddings-v5-small-q4_k_m.gguf";
 var IDLE_TIMEOUT_MS = 15 * 60 * 1e3;
 var REVIEW_POLL_INTERVAL_MS = 60 * 1e3;
+var DAEMON_TOKEN_ENV2 = "EXE_DAEMON_TOKEN";
 var _context = null;
 var _model = null;
 var _llama = null;
+var _daemonToken = "";
 var MAX_QUEUE_SIZE = 1e3;
 var highQueue = [];
 var lowQueue = [];
@@ -10812,8 +11045,8 @@ function enqueue(queue, entry) {
   queue.push(entry);
 }
 async function loadModel() {
-  const modelPath = path23.join(MODELS_DIR, MODEL_FILE);
-  if (!existsSync18(modelPath)) {
+  const modelPath = path24.join(MODELS_DIR, MODEL_FILE);
+  if (!existsSync20(modelPath)) {
     process.stderr.write(`[exed] FATAL: model not found at ${modelPath}
 `);
     process.exit(1);
@@ -10837,6 +11070,7 @@ async function processQueue() {
         for (const text of entry.request.texts) {
           const embedding = await _context.getEmbeddingFor(text);
           const vector = Array.from(embedding.vector);
+          embedding.vector = null;
           if (vector.length !== EMBEDDING_DIM) {
             throw new Error(`Dimension mismatch: got ${vector.length}, expected ${EMBEDDING_DIM}`);
           }
@@ -10882,6 +11116,11 @@ function checkIdle() {
 }
 async function shutdown() {
   resetIdleTimer();
+  try {
+    const { disposeShards: disposeShards2 } = await Promise.resolve().then(() => (init_shard_manager(), shard_manager_exports));
+    disposeShards2();
+  } catch {
+  }
   if (_context) {
     try {
       await _context.dispose();
@@ -10920,6 +11159,7 @@ async function handleHealthCheck(socket, requestId) {
     }
   }
   const dbConnected = _storeInitialized;
+  const mem = process.memoryUsage();
   sendResponse(socket, {
     id: requestId,
     ...healthy && testOk ? {
@@ -10927,7 +11167,13 @@ async function handleHealthCheck(socket, requestId) {
         status: "ok",
         uptime: Math.floor((Date.now() - _startedAt) / 1e3),
         requests_served: _requestsServed,
-        db: { connected: dbConnected, totalDbRequests: _dbRequestsServed }
+        db: { connected: dbConnected, totalDbRequests: _dbRequestsServed },
+        memory: {
+          rss_mb: Math.round(mem.rss / 1024 / 1024),
+          heap_used_mb: Math.round(mem.heapUsed / 1024 / 1024),
+          external_mb: Math.round(mem.external / 1024 / 1024),
+          array_buffers_mb: Math.round(mem.arrayBuffers / 1024 / 1024)
+        }
       }
     } : { error: "unhealthy: model not loaded or test embed failed" }
   });
@@ -10981,13 +11227,67 @@ async function handleDbBatch(socket, requestId, statements, mode) {
     });
   }
 }
+var _ingestCount = 0;
+async function handleIngest(req) {
+  try {
+    if (!await ensureStoreForPolling()) return;
+    if (!req.rawText || req.rawText.length < 50) return;
+    let vectorBlob = null;
+    if (_context) {
+      try {
+        const embedding = await _context.getEmbeddingFor(req.rawText);
+        const vector = Array.from(embedding.vector);
+        embedding.vector = null;
+        if (vector.length === EMBEDDING_DIM) {
+          const { vectorToBlob: vectorToBlob2 } = await Promise.resolve().then(() => (init_store(), store_exports));
+          vectorBlob = vectorToBlob2(vector);
+        }
+      } catch {
+      }
+    }
+    const { getClient: getClient2 } = await Promise.resolve().then(() => (init_database(), database_exports));
+    const client = getClient2();
+    const { randomUUID: randomUUID5 } = await import("crypto");
+    const id = randomUUID5();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    await client.execute({
+      sql: `INSERT INTO memories (id, agent_id, agent_role, session_id, timestamp, tool_name, project_name, has_error, raw_text, vector, task_id, confidence, draft, memory_type, trajectory)
+            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'raw', ?)`,
+      args: [
+        id,
+        req.agentId,
+        req.agentRole,
+        req.sessionId,
+        now,
+        req.toolName,
+        req.projectName,
+        req.hasError ? 1 : 0,
+        req.rawText,
+        vectorBlob,
+        req.taskId ?? null,
+        req.confidence ?? 0.7,
+        req.draft ? 1 : 0,
+        req.trajectory ? JSON.stringify(req.trajectory) : null
+      ]
+    });
+    _ingestCount++;
+  } catch (err) {
+    process.stderr.write(`[exed] Ingest error: ${err instanceof Error ? err.message : String(err)}
+`);
+  }
+}
 function startServer() {
-  mkdirSync9(path23.dirname(SOCKET_PATH2), { recursive: true });
+  mkdirSync9(path24.dirname(SOCKET_PATH2), { recursive: true });
+  try {
+    chmodSync2(path24.dirname(SOCKET_PATH2), 448);
+  } catch {
+  }
+  _daemonToken = ensureDaemonToken(process.env[DAEMON_TOKEN_ENV2] ?? null);
   for (const oldFile of ["embed.sock", "embed.pid"]) {
-    const oldPath = path23.join(path23.dirname(SOCKET_PATH2), oldFile);
+    const oldPath = path24.join(path24.dirname(SOCKET_PATH2), oldFile);
     try {
       if (oldFile.endsWith(".pid")) {
-        const pid = parseInt(readFileSync16(oldPath, "utf8").trim(), 10);
+        const pid = parseInt(readFileSync17(oldPath, "utf8").trim(), 10);
         if (pid > 0) try {
           process.kill(pid, "SIGKILL");
         } catch {
@@ -11019,6 +11319,10 @@ function startServer() {
         if (!line) continue;
         try {
           const request = JSON.parse(line);
+          if (!request.token || request.token !== _daemonToken) {
+            sendResponse(socket, { id: request.id ?? "unauthorized", error: "Unauthorized daemon request" });
+            continue;
+          }
           if (request.type === "health") {
             void handleHealthCheck(socket, request.id ?? "health");
             continue;
@@ -11039,6 +11343,10 @@ function startServer() {
             void handleDbBatch(socket, request.id, request.statements, request.mode);
             continue;
           }
+          if (request.type === "ingest") {
+            void handleIngest(request);
+            continue;
+          }
           if (!request.id || !Array.isArray(request.texts)) {
             sendResponse(socket, { id: request.id ?? "unknown", error: "Invalid request: missing id or texts" });
             continue;
@@ -11076,7 +11384,15 @@ function startServer() {
   server.listen(SOCKET_PATH2, () => {
     process.stderr.write(`[exed] Listening on ${SOCKET_PATH2}
 `);
-    writeFileSync10(PID_PATH2, String(process.pid));
+    try {
+      chmodSync2(SOCKET_PATH2, 384);
+    } catch {
+    }
+    writeFileSync11(PID_PATH2, String(process.pid));
+    try {
+      chmodSync2(PID_PATH2, 384);
+    } catch {
+    }
     checkIdle();
   });
 }
@@ -11369,7 +11685,7 @@ function startWikiSync() {
   });
 }
 var AGENT_STATS_INTERVAL_MS = 60 * 1e3;
-var AGENT_STATS_PATH = path23.join(EXE_AI_DIR, "agent-stats.json");
+var AGENT_STATS_PATH = path24.join(EXE_AI_DIR, "agent-stats.json");
 async function writeAgentStats() {
   if (!await ensureStoreForPolling()) return;
   try {
@@ -11427,7 +11743,7 @@ async function writeAgentStats() {
         pid: process.pid
       }
     };
-    writeFileSync10(AGENT_STATS_PATH, JSON.stringify(stats, null, 2), "utf8");
+    writeFileSync11(AGENT_STATS_PATH, JSON.stringify(stats, null, 2), "utf8");
   } catch (err) {
     process.stderr.write(`[exed] Agent stats error: ${err instanceof Error ? err.message : String(err)}
 `);
@@ -11499,12 +11815,12 @@ function startIntercomQueueDrain() {
       const hasInProgressTask = (session) => {
         try {
           const { baseAgentName: ban } = (init_employees(), __toCommonJS(employees_exports));
-          const path24 = __require("path");
-          const { existsSync: existsSync19 } = __require("fs");
-          const os14 = __require("os");
+          const path25 = __require("path");
+          const { existsSync: existsSync21 } = __require("fs");
+          const os15 = __require("os");
           const agent = ban(session.split("-")[0] ?? session);
-          const markerPath = path24.join(os14.homedir(), ".exe-os", "session-cache", `current-task-${agent}.json`);
-          return existsSync19(markerPath);
+          const markerPath = path25.join(os15.homedir(), ".exe-os", "session-cache", `current-task-${agent}.json`);
+          return existsSync21(markerPath);
         } catch {
           return false;
         }
@@ -11593,12 +11909,43 @@ function startAutoWake() {
   process.stderr.write(`[exed] Auto-wake started (every ${AUTO_WAKE_INTERVAL_MS / 1e3}s)
 `);
 }
+var RSS_WARN_BYTES = 1024 * 1024 * 1024;
+var RSS_RESTART_BYTES = 2048 * 1024 * 1024;
+var RSS_CHECK_INTERVAL_MS = 30 * 1e3;
+var _rssWarned = false;
+function startRssWatchdog() {
+  const tick = () => {
+    const rss = process.memoryUsage.rss();
+    if (rss > RSS_RESTART_BYTES) {
+      process.stderr.write(
+        `[exed] RSS CRITICAL: ${(rss / 1024 / 1024).toFixed(0)} MB exceeds 2 GB limit \u2014 restarting.
+`
+      );
+      void shutdown();
+      return;
+    }
+    if (rss > RSS_WARN_BYTES && !_rssWarned) {
+      _rssWarned = true;
+      const heap = process.memoryUsage();
+      process.stderr.write(
+        `[exed] RSS WARNING: ${(rss / 1024 / 1024).toFixed(0)} MB (heap used: ${(heap.heapUsed / 1024 / 1024).toFixed(0)} MB, external: ${(heap.external / 1024 / 1024).toFixed(0)} MB, arrayBuffers: ${(heap.arrayBuffers / 1024 / 1024).toFixed(0)} MB)
+`
+      );
+    } else if (rss < RSS_WARN_BYTES && _rssWarned) {
+      _rssWarned = false;
+    }
+  };
+  const timer = setInterval(tick, RSS_CHECK_INTERVAL_MS);
+  timer.unref();
+  process.stderr.write(`[exed] RSS watchdog started (warn: 1 GB, restart: 2 GB)
+`);
+}
 process.on("SIGINT", () => void shutdown());
 process.on("SIGTERM", () => void shutdown());
 function checkExistingDaemon() {
   try {
-    if (!existsSync18(PID_PATH2)) return false;
-    const pid = parseInt(readFileSync16(PID_PATH2, "utf8").trim(), 10);
+    if (!existsSync20(PID_PATH2)) return false;
+    const pid = parseInt(readFileSync17(PID_PATH2, "utf8").trim(), 10);
     if (!pid || isNaN(pid)) return false;
     process.kill(pid, 0);
     process.stderr.write(`[exed] Another daemon is already running (PID ${pid}). Exiting.
@@ -11686,6 +12033,7 @@ try {
   startIntercomQueueDrain();
   startConfidenceDecay();
   startAutoUpdateCheck();
+  startRssWatchdog();
   try {
     const { loadConfig: loadConfig2 } = await Promise.resolve().then(() => (init_config(), config_exports));
     const config = await loadConfig2();