@askexenow/exe-os 0.9.93 → 0.9.95

package/dist/hooks/post-compact.js

@@ -3062,6 +3062,20 @@ async function ensureSchema() {
     });
   } catch {
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN spawn_runtime TEXT`,
+      args: []
+    });
+  } catch {
+  }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE tasks ADD COLUMN spawn_model TEXT`,
+      args: []
+    });
+  } catch {
+  }
   await client.executeMultiple(`
     CREATE VIRTUAL TABLE IF NOT EXISTS conversations_fts USING fts5(
       content_text,
@@ -3313,6 +3327,22 @@ async function ensureSchema() {
     );
   } catch {
   }
+  for (const col of [
+    "ALTER TABLE memories ADD COLUMN valid_from TEXT",
+    "ALTER TABLE memories ADD COLUMN invalid_at TEXT"
+  ]) {
+    try {
+      await client.execute(col);
+    } catch {
+    }
+  }
+  try {
+    await client.execute({
+      sql: `UPDATE memories SET valid_from = timestamp WHERE valid_from IS NULL`,
+      args: []
+    });
+  } catch {
+  }
   try {
     await client.execute({
       sql: `ALTER TABLE memories ADD COLUMN memory_type TEXT DEFAULT 'raw'`,
@@ -3355,6 +3385,13 @@ async function ensureSchema() {
     } catch {
     }
   }
+  try {
+    await client.execute({
+      sql: `ALTER TABLE memories ADD COLUMN procedure_for TEXT`,
+      args: []
+    });
+  } catch {
+  }
   try {
     await client.execute({
       sql: `UPDATE tasks SET status = 'closed' WHERE status = 'done' AND result IS NOT NULL`,
@@ -3415,7 +3452,7 @@ import { pathToFileURL as pathToFileURL2 } from "url";
 import os7 from "os";
 import path10 from "path";
 import { jwtVerify, importSPKI } from "jose";
-var LICENSE_PATH, CACHE_PATH, DEVICE_ID_PATH;
+var LICENSE_PATH, CACHE_PATH, DEVICE_ID_PATH, API_BASE;
 var init_license = __esm({
   "src/lib/license.ts"() {
     "use strict";
@@ -3423,6 +3460,7 @@ var init_license = __esm({
     LICENSE_PATH = path10.join(EXE_AI_DIR, "license.key");
     CACHE_PATH = path10.join(EXE_AI_DIR, "license-cache.json");
     DEVICE_ID_PATH = path10.join(EXE_AI_DIR, "device-id");
+    API_BASE = process.env.EXE_CLOUD_ENDPOINT ?? "https://askexe.com/cloud";
   }
 });
 
@@ -3466,6 +3504,9 @@ import { fileURLToPath as fileURLToPath2 } from "url";
 function getMySession() {
   return getTransport().getMySession();
 }
+function isRootSession(name) {
+  return name.length > 0 && !name.includes("-");
+}
 function extractRootExe(name) {
   if (!name) return null;
   if (!name.includes("-")) return name;
@@ -3481,9 +3522,13 @@ function getParentExe(sessionKey) {
   }
 }
 function resolveExeSession() {
+  if (process.env.EXE_SESSION_NAME) {
+    return extractRootExe(process.env.EXE_SESSION_NAME) ?? process.env.EXE_SESSION_NAME;
+  }
   const mySession = getMySession();
   if (!mySession) return null;
   const fromSessionName = extractRootExe(mySession);
+  let candidate = null;
   try {
     const key = getSessionKey();
     const parentExe = getParentExe(key);
@@ -3494,13 +3539,47 @@ function resolveExeSession() {
           `[tmux-routing] WARN: cache says "${fromCache}" but session name says "${fromSessionName}". Trusting session name.
 `
         );
-        return fromSessionName;
+        candidate = fromSessionName;
+      } else {
+        candidate = fromCache;
       }
-      return fromCache;
     }
   } catch {
   }
-  return fromSessionName ?? mySession;
+  if (!candidate) {
+    candidate = fromSessionName ?? mySession;
+  }
+  if (candidate && isRootSession(candidate)) {
+    try {
+      const transport = getTransport();
+      const liveSessions = transport.listSessions();
+      if (!liveSessions.includes(candidate)) {
+        const liveRoots = liveSessions.filter((s) => isRootSession(s));
+        if (liveRoots.length === 1) {
+          process.stderr.write(
+            `[tmux-routing] WARN: resolved session "${candidate}" is dead. Using live coordinator "${liveRoots[0]}".
+`
+          );
+          return liveRoots[0];
+        } else if (liveRoots.length > 1) {
+          const base = candidate.replace(/\d+$/, "");
+          const match = liveRoots.find((s) => s.startsWith(base));
+          const chosen = match ?? liveRoots[0];
+          process.stderr.write(
+            `[tmux-routing] WARN: resolved session "${candidate}" is dead. ${liveRoots.length} live roots found, using "${chosen}".
+`
+          );
+          return chosen;
+        }
+        process.stderr.write(
+          `[tmux-routing] WARN: resolved session "${candidate}" is dead and no live coordinator found.
+`
+        );
+      }
+    } catch {
+    }
+  }
+  return candidate;
 }
 var SPAWN_LOCK_DIR, SESSION_CACHE, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
 var init_tmux_routing = __esm({
@@ -3550,17 +3629,157 @@ var init_task_scope = __esm({
   }
 });
 
+// src/lib/identity.ts
+var identity_exports = {};
+__export(identity_exports, {
+  getIdentity: () => getIdentity,
+  getIdentityInjection: () => getIdentityInjection,
+  identityPath: () => identityPath,
+  listIdentities: () => listIdentities,
+  updateIdentity: () => updateIdentity
+});
+import { existsSync as existsSync12, mkdirSync as mkdirSync7, readFileSync as readFileSync11, writeFileSync as writeFileSync8 } from "fs";
+import { readdirSync as readdirSync3 } from "fs";
+import path14 from "path";
+import { createHash } from "crypto";
+function ensureDir() {
+  if (!existsSync12(IDENTITY_DIR2)) {
+    mkdirSync7(IDENTITY_DIR2, { recursive: true });
+  }
+}
+function identityPath(agentId) {
+  return path14.join(IDENTITY_DIR2, `${agentId}.md`);
+}
+function sanitizeIdentityBody(body) {
+  return body.replace(/<!--[\s\S]*?-->/g, "").trim();
+}
+function parseFrontmatter(raw) {
+  const match = raw.match(/^---\n([\s\S]*?)\n---\n([\s\S]*)$/);
+  if (!match) {
+    return {
+      frontmatter: {
+        role: "unknown",
+        title: "Unknown",
+        agent_id: "unknown",
+        org_level: "specialist",
+        created_by: "system",
+        updated_at: (/* @__PURE__ */ new Date()).toISOString()
+      },
+      body: sanitizeIdentityBody(raw)
+    };
+  }
+  const yamlStr = match[1];
+  const body = sanitizeIdentityBody(match[2]);
+  const fm = {};
+  for (const line of yamlStr.split("\n")) {
+    const kv = line.match(/^(\w+):\s*(.+)$/);
+    if (kv) fm[kv[1]] = kv[2].trim();
+  }
+  return {
+    frontmatter: {
+      role: fm.role ?? "unknown",
+      title: fm.title ?? "Unknown",
+      agent_id: fm.agent_id ?? "unknown",
+      org_level: fm.org_level ?? "specialist",
+      created_by: fm.created_by ?? "system",
+      updated_at: fm.updated_at ?? (/* @__PURE__ */ new Date()).toISOString()
+    },
+    body
+  };
+}
+function contentHash(content) {
+  return createHash("sha256").update(content).digest("hex").slice(0, 16);
+}
+function getIdentity(agentId) {
+  const filePath = identityPath(agentId);
+  if (!existsSync12(filePath)) return null;
+  const raw = readFileSync11(filePath, "utf-8");
+  const { frontmatter, body } = parseFrontmatter(raw);
+  return {
+    agentId,
+    frontmatter,
+    body,
+    raw,
+    contentHash: contentHash(raw)
+  };
+}
+async function updateIdentity(agentId, content, updatedBy) {
+  ensureDir();
+  const filePath = identityPath(agentId);
+  const hash = contentHash(content);
+  writeFileSync8(filePath, content, "utf-8");
+  try {
+    const client = getClient();
+    await client.execute({
+      sql: `INSERT INTO identity (agent_id, content_hash, updated_at, updated_by)
+            VALUES (?, ?, ?, ?)
+            ON CONFLICT(agent_id) DO UPDATE SET
+              content_hash = excluded.content_hash,
+              updated_at = excluded.updated_at,
+              updated_by = excluded.updated_by`,
+      args: [agentId, hash, (/* @__PURE__ */ new Date()).toISOString(), updatedBy]
+    });
+  } catch {
+  }
+}
+function listIdentities() {
+  ensureDir();
+  const files = readdirSync3(IDENTITY_DIR2).filter((f) => f.endsWith(".md"));
+  const results = [];
+  for (const file of files) {
+    const agentId = file.replace(".md", "");
+    const identity = getIdentity(agentId);
+    if (!identity) continue;
+    const lines = identity.body.split("\n").filter((l) => l.trim() && !l.startsWith("#"));
+    const summary = lines[0]?.trim().slice(0, 120) ?? identity.frontmatter.title;
+    results.push({
+      agentId,
+      // User-facing/team-facing title only. `frontmatter.role` is internal
+      // routing metadata and must not leak as an external title.
+      title: identity.frontmatter.title,
+      summary
+    });
+  }
+  return results;
+}
+function getIdentityInjection(agentId) {
+  const own = getIdentity(agentId);
+  const all = listIdentities();
+  const parts = [];
+  if (own) {
+    parts.push(`## Your Identity (exe.md)
+These define WHO YOU ARE. Non-negotiable. Permanent.
+
+${own.body}`);
+  }
+  const teamLines = all.filter((a) => a.agentId !== agentId).map((a) => `- ${a.agentId} (${a.title}): ${a.summary}`);
+  if (teamLines.length > 0) {
+    parts.push(`## Team Identities
+${teamLines.join("\n")}`);
+  }
+  return parts.join("\n\n");
+}
+var IDENTITY_DIR2;
+var init_identity = __esm({
+  "src/lib/identity.ts"() {
+    "use strict";
+    init_config();
+    init_database();
+    IDENTITY_DIR2 = path14.join(EXE_AI_DIR, "identity");
+  }
+});
+
 // src/lib/keychain.ts
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
-import { existsSync as existsSync12, statSync as statSync2 } from "fs";
+import { existsSync as existsSync13, statSync as statSync2 } from "fs";
 import { execSync as execSync6 } from "child_process";
-import path14 from "path";
+import path15 from "path";
 import os10 from "os";
 function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path14.join(os10.homedir(), ".exe-os");
+  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path15.join(os10.homedir(), ".exe-os");
 }
 function getKeyPath() {
-  return path14.join(getKeyDir(), "master.key");
+  return path15.join(getKeyDir(), "master.key");
 }
 function nativeKeychainAllowed() {
   return process.env.EXE_OS_DISABLE_NATIVE_KEYCHAIN !== "1";
@@ -3591,7 +3810,7 @@ function isRootOnlyTrustedServerKeyFile(keyPath) {
     if (!st.isFile() || (st.mode & 63) !== 0) return false;
     if (uid === 0) return true;
     const exeOsDir = process.env.EXE_OS_DIR;
-    return Boolean(exeOsDir && path14.resolve(keyPath).startsWith(path14.resolve(exeOsDir) + path14.sep));
+    return Boolean(exeOsDir && path15.resolve(keyPath).startsWith(path15.resolve(exeOsDir) + path15.sep));
   } catch {
     return false;
   }
@@ -3703,8 +3922,8 @@ function deriveMachineKey() {
 }
 function readMachineId() {
   try {
-    const { readFileSync: readFileSync11 } = __require("fs");
-    return readFileSync11("/etc/machine-id", "utf-8").trim();
+    const { readFileSync: readFileSync12 } = __require("fs");
+    return readFileSync12("/etc/machine-id", "utf-8").trim();
   } catch {
     return "";
   }
@@ -3788,7 +4007,7 @@ async function getMasterKey() {
     }
   }
   const keyPath = getKeyPath();
-  if (!existsSync12(keyPath)) {
+  if (!existsSync13(keyPath)) {
     process.stderr.write(
       `[keychain] Key not found at ${keyPath} (HOME=${os10.homedir()}, EXE_OS_DIR=${process.env.EXE_OS_DIR ?? "unset"})
 `
@@ -3914,7 +4133,7 @@ var init_state_bus = __esm({
 });
 
 // src/lib/memory-write-governor.ts
-import { createHash } from "crypto";
+import { createHash as createHash2 } from "crypto";
 function normalizeMemoryText(text) {
   return text.replace(/\r\n/g, "\n").replace(/[ \t]+$/gm, "").replace(/\n{4,}/g, "\n\n\n").trim();
 }
@@ -3949,7 +4168,7 @@ function shouldSkipEmbedding(input2) {
   return false;
 }
 function hashMemoryContent(text) {
-  return createHash("sha256").update(normalizeMemoryText(text)).digest("hex");
+  return createHash2("sha256").update(normalizeMemoryText(text)).digest("hex");
 }
 function scopedDedupArgs(input2) {
   return [input2.contentHash, input2.agentId, input2.projectName, input2.memoryType];
@@ -4021,10 +4240,10 @@ async function runPostWriteMemoryHygiene(memoryId) {
     const row = current.rows[0];
     if (!row) return;
     const memoryType = String(row.memory_type ?? "raw");
-    const contentHash = row.content_hash ? String(row.content_hash) : null;
+    const contentHash2 = row.content_hash ? String(row.content_hash) : null;
     const agentId = String(row.agent_id);
     const projectName = String(row.project_name);
-    if (contentHash) {
+    if (contentHash2) {
       await client.execute({
         sql: `UPDATE memories
               SET status = 'deleted',
@@ -4035,7 +4254,7 @@ async function runPostWriteMemoryHygiene(memoryId) {
                 AND project_name = ?
                 AND COALESCE(memory_type, 'raw') = ?
                 AND COALESCE(status, 'active') = 'active'`,
-        args: [memoryId, contentHash, agentId, projectName, memoryType]
+        args: [memoryId, contentHash2, agentId, projectName, memoryType]
       });
     }
     const supersedesId = row.supersedes_id ? String(row.supersedes_id) : null;
@@ -4122,13 +4341,13 @@ __export(shard_manager_exports, {
   listShards: () => listShards,
   shardExists: () => shardExists
 });
-import path15 from "path";
-import { existsSync as existsSync13, mkdirSync as mkdirSync7, readdirSync as readdirSync3, renameSync as renameSync4, statSync as statSync3 } from "fs";
+import path16 from "path";
+import { existsSync as existsSync14, mkdirSync as mkdirSync8, readdirSync as readdirSync4, renameSync as renameSync4, statSync as statSync3 } from "fs";
 import { createClient as createClient2 } from "@libsql/client";
 function initShardManager(encryptionKey) {
   _encryptionKey = encryptionKey;
-  if (!existsSync13(SHARDS_DIR)) {
-    mkdirSync7(SHARDS_DIR, { recursive: true });
+  if (!existsSync14(SHARDS_DIR)) {
+    mkdirSync8(SHARDS_DIR, { recursive: true });
   }
   _shardingEnabled = true;
   if (_evictionTimer) clearInterval(_evictionTimer);
@@ -4157,7 +4376,7 @@ function getShardClient(projectName) {
   while (_shards.size >= MAX_OPEN_SHARDS) {
     evictLRU();
   }
-  const dbPath = path15.join(SHARDS_DIR, `${safeName}.db`);
+  const dbPath = path16.join(SHARDS_DIR, `${safeName}.db`);
   const client = createClient2({
     url: `file:${dbPath}`,
     encryptionKey: _encryptionKey
@@ -4168,14 +4387,14 @@ function getShardClient(projectName) {
 }
 function shardExists(projectName) {
   const safeName = safeShardName(projectName);
-  return existsSync13(path15.join(SHARDS_DIR, `${safeName}.db`));
+  return existsSync14(path16.join(SHARDS_DIR, `${safeName}.db`));
 }
 function safeShardName(projectName) {
   return projectName.replace(/[^a-zA-Z0-9_-]/g, "_");
 }
 function listShards() {
-  if (!existsSync13(SHARDS_DIR)) return [];
-  return readdirSync3(SHARDS_DIR).filter((f) => f.endsWith(".db")).map((f) => f.replace(".db", ""));
+  if (!existsSync14(SHARDS_DIR)) return [];
+  return readdirSync4(SHARDS_DIR).filter((f) => f.endsWith(".db")).map((f) => f.replace(".db", ""));
 }
 async function auditShardHealth(options = {}) {
   if (!_encryptionKey) {
@@ -4186,7 +4405,7 @@ async function auditShardHealth(options = {}) {
   const names = listShards();
   const shards = [];
   for (const name of names) {
-    const dbPath = path15.join(SHARDS_DIR, `${name}.db`);
+    const dbPath = path16.join(SHARDS_DIR, `${name}.db`);
     const stat = statSync3(dbPath);
     const item = {
       name,
@@ -4221,7 +4440,7 @@ async function auditShardHealth(options = {}) {
         _shards.delete(name);
         _shardLastAccess.delete(name);
         const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-        const archivedPath = path15.join(SHARDS_DIR, `${name}.db.broken-${stamp}`);
+        const archivedPath = path16.join(SHARDS_DIR, `${name}.db.broken-${stamp}`);
         renameSync4(dbPath, archivedPath);
         item.archivedPath = archivedPath;
       }
@@ -4438,11 +4657,11 @@ async function getReadyShardClient(projectName) {
     client.close();
     _shards.delete(safeName);
     _shardLastAccess.delete(safeName);
-    const dbPath = path15.join(SHARDS_DIR, `${safeName}.db`);
-    if (existsSync13(dbPath)) {
+    const dbPath = path16.join(SHARDS_DIR, `${safeName}.db`);
+    if (existsSync14(dbPath)) {
       const stat = statSync3(dbPath);
       const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-      const archivedPath = path15.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
+      const archivedPath = path16.join(SHARDS_DIR, `${safeName}.db.broken-${stamp}`);
       renameSync4(dbPath, archivedPath);
       process.stderr.write(
         `[shard-manager] Archived unreadable shard ${safeName}: ${archivedPath} (${stat.size} bytes, mtime ${stat.mtime.toISOString()})
@@ -4510,7 +4729,7 @@ var init_shard_manager = __esm({
   "src/lib/shard-manager.ts"() {
     "use strict";
     init_config();
-    SHARDS_DIR = path15.join(EXE_AI_DIR, "shards");
+    SHARDS_DIR = path16.join(EXE_AI_DIR, "shards");
     SHARD_IDLE_MS = 5 * 60 * 1e3;
     MAX_OPEN_SHARDS = 10;
     EVICTION_INTERVAL_MS = 60 * 1e3;
@@ -4636,6 +4855,20 @@ var init_platform_procedures = __esm({
         priority: "p1",
         content: "Once per session (COO boot only, never repeat), call list_my_feature_requests to check if any previously filed feature requests have been shipped by AskExe. If any request has status 'shipped' with a shipped_version, surface it to the founder immediately: '\u{1F680} N feature(s) shipped \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no requests exist or none are shipped, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
       },
+      // --- Tool guidance ---
+      {
+        title: "How to use company_actions \u2014 execute business actions through gateway connectors",
+        domain: "tools",
+        priority: "p2",
+        content: "The company_actions tool executes business actions through gateway connectors (e.g. send WhatsApp, trigger workflows, update CRM). It routes through the exe-gateway on the VPS. Actions are defined by the customer's gateway configuration \u2014 each connector (WhatsApp, Shopify, email, etc.) exposes specific actions. Use query_company_brain to find available data first, then company_actions to act on it. Requires gateway auth token. Read-only founders should NOT use this \u2014 it mutates external state."
+      },
+      // --- Release awareness ---
+      {
+        title: "What's New check \u2014 surface new features after update",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), check if the installed exe-os version is newer than the last session. If it is, read the bundled release-notes.json (at the package root) and surface a brief summary to the founder: 'Updated to exe-os vX.Y.Z \u2014 N new features, M fixes.' List the top 3 features by name. This helps the founder know what they got from the update. If release-notes.json doesn't exist or the version hasn't changed, skip silently. Never repeat this check in the same session."
+      },
       // --- Platform vs Customer ownership ---
       {
         title: "What the platform provides vs what you customize",
@@ -4724,13 +4957,13 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 memory, decision, and search",
         domain: "tool-use",
         priority: "p1",
-        content: `memory(action="recall") / recall_my_memory: search your own memories (semantic + FTS). memory(action="ask_team") / ask_team_memory: search a colleague's memories by agent name. memory(action="store") / store_memory: persist a memory. memory(action="commit") / commit_memory: high-importance memory that survives consolidation. Requires summary. memory(action="search") / search_everything: unified search across memories, tasks, entities, conversations. memory(action="session_context") / get_session_context: temporal memory window. Requires session_id + target_timestamp. memory(action="consolidate") / consolidate_memories: merge duplicate/related memories. memory(action="cardinality") / get_memory_cardinality: count memories per agent. decision(action="store") / store_decision: record an architectural decision (domain, decision, rationale). decision(action="get") / get_decision: retrieve a past decision by domain or query.`
+        content: `memory(action="recall") / recall_my_memory: search memories (semantic + FTS). Params: as_of (bi-temporal \u2014 what did I know at time X?), kind (decision|procedure|observation|raw|conversation|behavior), retrieval_mode (all|decisions_only|procedures_only|operational|recent_high_value). memory(action="ask_team") / ask_team_memory: search a colleague's memories. memory(action="store") / store_memory: persist a memory. Params: kind, procedure_for (domain tag for procedures). memory(action="commit") / commit_memory: high-importance, survives consolidation. Requires summary. memory(action="search") / search_everything: unified search across memories, tasks, entities, conversations. memory(action="session_context") / get_session_context: temporal window. Requires session_id + target_timestamp. memory(action="get_by_id"): fetch one memory by UUID with full untruncated text. memory(action="consolidate") / consolidate_memories: merge duplicate/related memories. memory(action="cardinality") / get_memory_cardinality: count memories per agent. memory(action="supersede"): replace an old memory with a new version (old_id + new text). decision(action="store") / store_decision: record an architectural decision (domain, decision, rationale). decision(action="get") / get_decision: retrieve a past decision by domain or query.`
       },
       {
         title: "MCP tools \u2014 task orchestration",
         domain: "tool-use",
         priority: "p1",
-        content: 'task(action="create") / create_task: dispatch work (title, assigned_to, context). The ONLY dispatch path. Auto-spawns session. task(action="list") / list_tasks: query tasks by status, assignee, project. task(action="get") / get_task: fetch full task details by task_id. task(action="update") / update_task: change status (in_progress, done, blocked, cancelled) + result summary. task(action="close") / close_task: finalize a reviewed task (COO only). task(action="checkpoint") / checkpoint_task: save progress state for crash recovery. task(action="resume") / resume_employee: re-spawn an employee session for an existing task.'
+        content: 'task(action="create") / create_task: dispatch work (title, assigned_to, context). The ONLY dispatch path. Auto-spawns session. Params: blocked_by (task ID for dependency), parent_task_id (subtask hierarchy), reviewer, complexity (routine|standard|complex|critical), budget_tokens (max token cap), budget_fallback_model, spawn_runtime (override runtime: claude|codex|opencode), spawn_model (override model). task(action="list") / list_tasks: query tasks by status, assignee, project. task(action="get") / get_task: fetch full task details by task_id. task(action="update") / update_task: change status (in_progress, done, blocked, cancelled) + result summary. task(action="close") / close_task: finalize a reviewed task (COO only). task(action="checkpoint") / checkpoint_task: save progress state for crash recovery. task(action="resume") / resume_employee: re-spawn an employee session for an existing task.'
       },
       {
         title: "MCP tools \u2014 knowledge graph (GraphRAG)",
@@ -4760,7 +4993,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 admin, config, and operations",
         domain: "tool-use",
         priority: "p1",
-        content: 'config(action="list_employees"): view roster. config(action="agent_spend"): token usage per agent. config(action="daemon_health"): check exed status. config(action="license_status"): check license. config(action="cloud_sync"): force sync. config(action="memory_audit"): health check (dupes, null vectors). config(action="run_consolidation"): trigger memory consolidation. config(action="company_procedure", subaction="store|list|deactivate"): manage company procedures. config(action="global_procedure"): list all procedures (platform + company). config(action="create_trigger|list_triggers"): scheduled agent jobs. config(action="export_orchestration|import_orchestration"): portable org state. diagnostics(action="healthcheck|doctor|status_brief|check_update|cloud_status"): system diagnostics. mcp_ping(): daemon health + license status + tool usage stats.'
+        content: 'config(action="list_employees"): view roster. config(action="set_agent_config"): view or change per-agent runtime + model. Call with no args to show all agents. config(action="agent_spend"): token usage per agent. config(action="daemon_health"): check exed status. config(action="license_status"): check license. config(action="cloud_sync"): force sync. Supports cloud_action param: status|sync|reupload. config(action="memory_audit"): health check (dupes, null vectors). config(action="run_consolidation"): trigger memory consolidation. config(action="worker_gate"): check spawn slot availability \u2014 alive/stale/reserved counts vs max. Use before dispatching. config(action="auto_wake_status"): orphaned tasks, blocked tasks, auto-wake retry status. config(action="orchestration_phase"): view/change org phase (phase_1_coo|phase_2_executives|phase_3_parallel_org). config(action="company_procedure", subaction="store|list|deactivate"): manage company procedures. config(action="global_procedure"): list all procedures (platform + company). config(action="create_trigger|list_triggers"): scheduled agent jobs. config(action="export_orchestration|import_orchestration"): portable org state. diagnostics(action="healthcheck|doctor|status_brief|check_update|cloud_status"): system diagnostics. diagnostics(action="pending_work_summary"): pending reviews + messages + notifications in one call. diagnostics(action="rename_employee"): rename an agent across all systems (roster, identity, DB, symlinks). diagnostics(action="tool_search"): semantic tool discovery \u2014 find relevant MCP tools by natural language query. diagnostics(action="drift"): identity drift detection \u2014 score how far an agent has drifted from its role. mcp_ping(): daemon health + license status + tool usage stats.'
       }
     ];
     PLATFORM_PROCEDURE_TITLES = new Set(
@@ -4847,9 +5080,9 @@ __export(memory_cards_exports, {
   insertMemoryCardsForBatch: () => insertMemoryCardsForBatch,
   searchMemoryCards: () => searchMemoryCards
 });
-import { createHash as createHash2 } from "crypto";
+import { createHash as createHash3 } from "crypto";
 function stableId(memoryId, type, content) {
-  return createHash2("sha256").update(`${memoryId}:${type}:${content}`).digest("hex").slice(0, 32);
+  return createHash3("sha256").update(`${memoryId}:${type}:${content}`).digest("hex").slice(0, 32);
 }
 function cleanText(text) {
   return text.replace(/```[\s\S]*?```/g, " ").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
@@ -5012,9 +5245,9 @@ __export(agentic_ontology_exports, {
   ontologyPayload: () => ontologyPayload,
   stableId: () => stableId2
 });
-import { createHash as createHash3 } from "crypto";
+import { createHash as createHash4 } from "crypto";
 function stableId2(...parts) {
-  return createHash3("sha256").update(parts.map((p) => String(p ?? "")).join("::")).digest("hex").slice(0, 32);
+  return createHash4("sha256").update(parts.map((p) => String(p ?? "")).join("::")).digest("hex").slice(0, 32);
 }
 function clean(text, max = 240) {
   return text.replace(/\u0000/g, "").replace(/```[\s\S]*?```/g, " ").replace(/\s+/g, " ").trim().slice(0, max);
@@ -5400,16 +5633,16 @@ async function writeMemory(record) {
   const governed = governMemoryRecord(record);
   if (governed.shouldDrop) return;
   record = governed.record;
-  const contentHash = governed.contentHash;
+  const contentHash2 = governed.contentHash;
   const memoryType = record.memory_type ?? "raw";
   if (_pendingRecords.some(
-    (r) => r.content_hash === contentHash && r.agent_id === record.agent_id && r.project_name === record.project_name && (r.memory_type ?? "raw") === memoryType
+    (r) => r.content_hash === contentHash2 && r.agent_id === record.agent_id && r.project_name === record.project_name && (r.memory_type ?? "raw") === memoryType
   )) {
     return;
   }
   try {
     const existing = await findScopedDuplicate({
-      contentHash,
+      contentHash: contentHash2,
       agentId: record.agent_id,
       projectName: record.project_name,
       memoryType
@@ -5444,10 +5677,12 @@ async function writeMemory(record) {
     source_type: record.source_type ?? null,
     tier: record.tier ?? classifyTier(record),
     supersedes_id: record.supersedes_id ?? null,
+    valid_from: record.valid_from ?? record.timestamp,
+    invalid_at: record.invalid_at ?? null,
     draft: record.draft ? 1 : 0,
     memory_type: memoryType,
     trajectory: record.trajectory ? JSON.stringify(record.trajectory) : null,
-    content_hash: contentHash,
+    content_hash: contentHash2,
     intent: record.intent ?? null,
     outcome: record.outcome ?? null,
     domain: record.domain ?? inferDomain(record),
@@ -5462,7 +5697,8 @@ async function writeMemory(record) {
     token_cost: record.token_cost ?? null,
     audience: record.audience ?? null,
     language_type: record.language_type ?? inferLanguageType(record),
-    parent_memory_id: record.parent_memory_id ?? null
+    parent_memory_id: record.parent_memory_id ?? null,
+    procedure_for: record.procedure_for ?? null
   };
   _pendingRecords.push(dbRow);
   orgBus.emit({
@@ -5517,10 +5753,12 @@ async function flushBatch() {
       const sourceType = row.source_type ?? null;
       const tier = row.tier ?? 3;
       const supersedesId = row.supersedes_id ?? null;
+      const validFrom = row.valid_from ?? row.timestamp;
+      const invalidAt = row.invalid_at ?? null;
       const draft = row.draft ? 1 : 0;
       const memoryType = row.memory_type ?? "raw";
       const trajectory = row.trajectory ?? null;
-      const contentHash = row.content_hash ?? null;
+      const contentHash2 = row.content_hash ?? null;
       const intent = row.intent ?? null;
       const outcome = row.outcome ?? null;
       const domain = row.domain ?? null;
@@ -5536,15 +5774,16 @@ async function flushBatch() {
       const audience = row.audience ?? null;
       const languageType = row.language_type ?? null;
       const parentMemoryId = row.parent_memory_id ?? null;
+      const procedureFor = row.procedure_for ?? null;
       const cols = `id, agent_id, agent_role, session_id, timestamp,
                tool_name, project_name,
                has_error, raw_text, vector, version, task_id, importance, status,
                confidence, last_accessed,
                workspace_id, document_id, user_id, char_offset, page_number,
-               source_path, source_type, tier, supersedes_id, draft, memory_type, trajectory, content_hash,
+               source_path, source_type, tier, supersedes_id, valid_from, invalid_at, draft, memory_type, trajectory, content_hash,
                intent, outcome, domain, referenced_entities, retrieval_count,
                chain_position, review_status, context_window_pct, file_paths, commit_hash,
-               duration_ms, token_cost, audience, language_type, parent_memory_id`;
+               duration_ms, token_cost, audience, language_type, parent_memory_id, procedure_for`;
       const metaArgs = [
         intent,
         outcome,
@@ -5560,7 +5799,8 @@ async function flushBatch() {
         tokenCost,
         audience,
         languageType,
-        parentMemoryId
+        parentMemoryId,
+        procedureFor
       ];
       const baseArgs = [
         row.id,
@@ -5589,15 +5829,17 @@ async function flushBatch() {
         sourceType,
         tier,
         supersedesId,
+        validFrom,
+        invalidAt,
         draft,
         memoryType,
         trajectory,
-        contentHash
+        contentHash2
       ];
       return {
         sql: hasVector ? `INSERT OR IGNORE INTO memories (${cols})
-              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, vector32(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` : `INSERT OR IGNORE INTO memories (${cols})
-              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, vector32(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` : `INSERT OR IGNORE INTO memories (${cols})
+              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
         args: hasVector ? [...baseArgs, vectorToBlob(row.vector), ...sharedArgs, ...metaArgs] : [...baseArgs, ...sharedArgs, ...metaArgs]
       };
     };
@@ -5713,6 +5955,12 @@ async function searchMemories(queryVector, agentId, options) {
                AND vector IS NOT NULL${statusFilter}${draftFilter}
                AND COALESCE(confidence, 0.7) >= 0.3`;
   const args = [agentId];
+  if (options?.asOf) {
+    sql += ` AND (valid_from IS NULL OR valid_from <= ?) AND (invalid_at IS NULL OR invalid_at > ?)`;
+    args.push(options.asOf, options.asOf);
+  } else {
+    sql += ` AND invalid_at IS NULL`;
+  }
   const scope = buildWikiScopeFilter(options, "");
   sql += scope.clause;
   args.push(...scope.args);
@@ -6090,6 +6338,21 @@ process.stdin.on("end", async () => {
     JSON.parse(input);
     const agent = getActiveAgent();
     const sections = [];
+    if (agent.agentId !== "default") {
+      try {
+        const { getIdentityInjection: getIdentityInjection2 } = await Promise.resolve().then(() => (init_identity(), identity_exports));
+        const identity = getIdentityInjection2(agent.agentId);
+        if (identity) {
+          sections.push(`## Role Re-Injection (post-compaction)
+You are **${agent.agentId}** (${agent.agentRole}). Your identity and responsibilities:
+
+${identity}`);
+          process.stderr.write(`[post-compact] Re-injecting identity for ${agent.agentId}
+`);
+        }
+      } catch {
+      }
+    }
     try {
       const { fastDbInit: fastDbInit2 } = await Promise.resolve().then(() => (init_fast_db_init(), fast_db_init_exports));
       await fastDbInit2();