You are about to install and configure the ExecuFunction CLI — a unified command-line interface for task management, calendar, knowledge, people/CRM, semantic code search, code memory, encrypted vault, and project context. 60+ tools, one binary. Same data whether you use the CLI or the MCP server. Follow these phases exactly. Complete each phase before moving to the next. Do not skip steps. Do not paraphrase commands — run them verbatim. ═══════════════════════════════════════════════════════════════════════════ PHASE 1 — ENVIRONMENT CHECK ═══════════════════════════════════════════════════════════════════════════ 1. Run: node --version → Require v18+. If missing or too old, stop and tell me. 2. Run: exf --version → If this returns a version string, skip to Phase 2. → If "command not found", run: npm install -g @execufunction/cli → After install, run: exf --version → If it still fails, stop and tell me. ═══════════════════════════════════════════════════════════════════════════ PHASE 2 — AUTHENTICATION ═══════════════════════════════════════════════════════════════════════════ Run: exf auth login This uses device flow — it will print a verification code and a URL. Show me the code and URL. I will open the link in my browser and approve it. Wait for the CLI to confirm "Logged in successfully!" before continuing. If this hangs or fails, tell me to run this manually in a separate terminal and then come back. After login succeeds, run: exf projects list --json Save this output — you will need it in Phase 3. ═══════════════════════════════════════════════════════════════════════════ PHASE 3 — PERSONALIZE ═══════════════════════════════════════════════════════════════════════════ Ask the user THREE questions, one at a time. Wait for each answer before asking the next. Do NOT answer these yourself or skip ahead. If you have access to the AskUserQuestion tool, use it for each question with the structured options below. Otherwise, present them as text and wait for a response. QUESTION 1 — Role: header: "Role" question: "What's your role?" options: - label: "Developer" description: "Writing and shipping code" - label: "PM" description: "Specs, roadmaps, and coordination" - label: "DevOps" description: "Infrastructure, deploys, and secrets" - label: "Lead" description: "Code review, team oversight, mentoring" multiSelect: false If the user says "defaults" or "skip" at any point, stop asking and use: role=Developer, domains=all, autonomy=Auto-safe QUESTION 2 — Domains: header: "Domains" question: "Which domains matter most for this project?" options: - label: "Tasks" description: "Track work items, priorities, and progress" - label: "Code" description: "Semantic code search, memory, and expertise" - label: "Knowledge" description: "Notes, documents, and semantic search" - label: "Calendar" description: "Events, scheduling, and deadlines" multiSelect: true (Vault, people, and project context are always included regardless of selection.) QUESTION 3 — Autonomy: header: "Autonomy" question: "How autonomous should I be with exf commands?" options: - label: "Confirm everything" description: "Ask before any command that writes data" - label: "Auto-safe" description: "Run reads and creates freely, confirm deletes and vault" - label: "Full trust" description: "Auto-execute everything except vault reads" multiSelect: false ──────────────────────────────────────────────────────────────────────── PROJECT SELECTION ──────────────────────────────────────────────────────────────────────── Using the projects list output from Phase 2, determine which scenario applies: A) NO PROJECTS EXIST (empty list): This is the user's first project. Run: exf projects create --name "" --summary "" Show the user what you created and save the project ID. B) EXISTING PROJECT MATCHES this repo: If a project name clearly matches the current repo/directory, confirm: "I see a project called '' — should I link this workspace to it?" If yes, save that project ID. If no, offer to create a new one. C) NO MATCHING PROJECT but other projects exist: Show the user their project list and ask: "Which project is this workspace for? Or should I create a new one?" If new, run: exf projects create --name "" --summary "..." Save the project ID either way. Once a project is selected, run: exf projects context Read the output silently — use it to understand existing tasks, notes, and conventions when writing the config files in Phase 4. ═══════════════════════════════════════════════════════════════════════════ PHASE 4 — LEARN THE TOOL ═══════════════════════════════════════════════════════════════════════════ Run: exf --help Do NOT paste the full output into chat. Read it silently. You will use this knowledge to write the config files in Phase 5. The key domains are: tasks — Task CRUD, completion, status tracking calendar — Events, scheduling projects — Project context, membership, signals notes — Knowledge base with semantic search people — Contact/CRM search codebase — Repo indexing, semantic code search, git blame code — Code memory (stored facts about architecture, conventions, gotchas) vault — Encrypted secret storage documents — Upload PDFs/markdown into knowledge base Every command supports --json for machine-readable output. Pipe to jq or let scripts parse it directly. ═══════════════════════════════════════════════════════════════════════════ PHASE 5 — CONFIGURE WORKSPACE ═══════════════════════════════════════════════════════════════════════════ Detect which agent environment you are running in, then create the appropriate config files. You may need to create MORE THAN ONE if multiple config standards exist in this repo. Create ALL files that apply. Do not ask me which ones — detect and do it. If a file already exists, APPEND a new section. Do not overwrite existing content. Use a clear header: ## ExecuFunction CLI Use the user's answers from Phase 3 to customize the config: ──────────────────────────────────────────────────────────────────────── PERSONALIZATION RULES (apply across all config formats below) ──────────────────────────────────────────────────────────────────────── ROLE-BASED EMPHASIS — tailor "When to use exf" and "Always Do" sections: [developer] Emphasize: tasks, codebase search, code memory, vault [PM] Emphasize: tasks (with acceptanceCriteria, scope), calendar, knowledge, entity graph. De-emphasize: code memory, vault [devops] Emphasize: vault (inventory, rotation), code memory (integration + gotcha categories), codebase search. Add: "check vault list on session start for credential awareness" [lead] Emphasize: code expertise (who_knows, compute_expertise), tasks (status review), people, meeting notes [researcher] Emphasize: notes (search, create), document upload, codebase search (read-only). De-emphasize: vault, tasks [other] Use the full default set — do not de-emphasize anything DOMAIN SCOPING — only include "When to use" entries and rules for the user's selected domains. If they picked "all" or "defaults", include everything. If they picked "tasks, code search", omit calendar/people/ vault/knowledge examples from the config. Always keep project context regardless of domain selection. AUTONOMY — adjust the "Rules" / "Safe commands" / "Ask First" sections: [confirm-everything] - Always ask before running ANY exf command that creates or modifies data - Read-only commands (list, search, context) can run freely - Show the command you intend to run and wait for approval [auto-safe] (default) - Auto-execute: list, search, context, create, update, complete, store - Confirm before: delete, archive, vault read, calendar create [full-trust] - Auto-execute everything except vault read - Still never cache or log vault secrets in plaintext PROJECT CONTEXT — include the project ID from Phase 3 in the config: - Add: "Default project: ()" - Add: "Run `exf projects context ` to refresh context" ──────────────────────────────────────────────────────────────────────── 5A. CLAUDE.md (if you are Claude Code, or if this file exists) ──────────────────────────────────────────────────────────────────────── Append to CLAUDE.md at the repo root (create if missing): ## ExecuFunction CLI This project uses `exf` for persistent task tracking, knowledge management, calendar, people/CRM, semantic code search, and encrypted vault. Default project: () ### When to use exf [Include only entries for the user's selected domains. Full set below:] - Track work items: `exf tasks create --title "..." --priority do_now` - Find what's in flight: `exf tasks list --status in_progress` - Get full project context: `exf projects context ` - Search knowledge base: `exf notes search "..."` - Semantic code search: `exf codebase search "..." --repo ` - Store architecture decisions: `exf code memory store --fact "..." --category architecture` - Check calendar: `exf calendar list --start YYYY-MM-DD --end YYYY-MM-DD` - Look up contacts: `exf people search "..."` [IF role=PM, add:] - Create tasks with specs: `exf tasks create --title "..." --acceptance-criteria "criterion 1; criterion 2" --scope '{"include":["..."],"exclude":["..."]}'` [IF role=devops, add:] - Audit credentials: `exf vault list` - Store integration facts: `exf code memory store --fact "..." --category integration` [IF role=lead, add:] - Check code expertise: `exf code who-knows ` - Review task status: `exf tasks list --phase in_flight --project ` ### Rules [Apply AUTONOMY level from Phase 3] - Prefer `exf tasks create` over TODO comments or local markdown checklists. - Prefer `exf notes search` over grepping markdown files for knowledge. - Prefer `exf codebase search` over manual grep for finding code patterns. - Prefer `exf code memory store` over adding comments like "NOTE:" in code. - Always use --json when piping output to scripts or parsing programmatically. - When commands produce large output, pipe to a temp file and grep what you need. Do NOT dump raw CLI output into the conversation. - NEVER run `exf vault read` without asking me first. Vault reads are audit-logged and may contain production secrets. [IF autonomy=confirm-everything:] - Ask before running any exf command that creates, updates, or deletes data. [IF autonomy=auto-safe:] - Auto-execute reads, creates, and updates. Confirm deletes and vault reads. [IF autonomy=full-trust:] - Auto-execute all commands. Only confirm vault reads. ──────────────────────────────────────────────────────────────────────── 5B. .cursor/rules/execufunction.mdc (if .cursor/ dir exists) ──────────────────────────────────────────────────────────────────────── Create .cursor/rules/execufunction.mdc with this structure: --- description: Rules for using the ExecuFunction CLI (exf) — personalized for [ROLE] globs: "**/*" alwaysApply: false --- ExecuFunction CLI Usage When the user mentions tasks, project context, knowledge lookup, code search, calendar, people, or secrets — use the exf CLI. Default project: () Use the `exf` CLI for persistent operations: [Include only the user's selected domains from this list:] - `exf tasks` — create, list, update, complete tasks - `exf projects context ` — full project snapshot - `exf notes search ""` — semantic knowledge search - `exf codebase search "" --repo ` — semantic code search across indexed repos - `exf code memory store/search` — persistent code facts - `exf calendar list/create` — scheduling - `exf people search ""` / `exf people list` — CRM/contact lookup - `exf auth login/logout/status` — authentication lifecycle - `exf codebase snapshot ` / `exf codebase delete ` — index lifecycle - `exf datasets` — structured dataset search, analysis, ranking, bucketing, import/export, schema, and record operations - `exf vault list/read` — encrypted secrets (vault read requires user confirmation) [Apply AUTONOMY rules] Always use `--json` when parsing output programmatically. Never dump large CLI output into chat — pipe to file and grep. ──────────────────────────────────────────────────────────────────────── 5C. .windsurf/rules/execufunction.md (if .windsurf/ dir exists) ──────────────────────────────────────────────────────────────────────── Create .windsurf/rules/execufunction.md: # ExecuFunction CLI — [ROLE] profile Default project: () Use `exf` for persistent task tracking, knowledge, calendar, code search, people/CRM, and encrypted vault. ## Safe commands (auto-execute OK) [IF autonomy=confirm-everything:] Read-only: exf tasks list, exf projects list, exf projects context, exf notes search, exf notes list, exf codebase search, exf code memory search, exf calendar list, exf people search, exf vault list, exf vault search [IF autonomy=auto-safe:] exf tasks list, exf tasks create, exf tasks update, exf tasks complete, exf projects list, exf projects context, exf notes search, exf notes list, exf notes create, exf codebase search, exf code memory search, exf code memory store, exf calendar list, exf people search, exf vault list, exf vault search [IF autonomy=full-trust:] All commands except exf vault read. ## Requires confirmation [Inverse of the above — whatever is NOT in safe commands] ## Rules [Include domain-scoped and role-based rules per PERSONALIZATION RULES above] - Use --json for programmatic parsing. Pipe large output to temp files. - Prefer exf over local markdown files for task and knowledge tracking. - Never cache or log vault secrets in plaintext. ──────────────────────────────────────────────────────────────────────── 5D. AGENTS.md (always create if missing, append if exists) ──────────────────────────────────────────────────────────────────────── Append to AGENTS.md at the repo root (create if missing): ## ExecuFunction CLI — [ROLE] profile Default project: () ### Always Do [Include based on selected domains and role:] - Use `exf tasks create` to track work items instead of TODO comments - Use `exf notes search` to check knowledge base before asking the user - Use `exf codebase search` for semantic code lookup - Use `exf code memory store` to persist architecture decisions and gotchas - Use `--json` flag when parsing output in scripts - Pipe large command output to temp files instead of dumping to chat [IF role=PM, add:] - Include acceptanceCriteria and scope boundaries on every task create - Use entity_graph to explore task dependencies and relationships [IF role=devops, add:] - Run `exf vault list` at session start for credential awareness - Use code memory category "integration" for service connection docs [IF role=lead, add:] - Use `exf code who-knows` to identify reviewers and knowledge holders - Check task phases before assigning new work ### Ask First [Apply AUTONOMY level:] [IF autonomy=confirm-everything:] - Any command that creates, updates, completes, or deletes data - `exf vault read` — contains production secrets, audit-logged [IF autonomy=auto-safe:] - `exf vault read` — contains production secrets, audit-logged - Any delete operation (tasks, notes, calendar events, code memory) - `exf projects archive` — irreversible project state change - `exf calendar create` — creates real calendar events [IF autonomy=full-trust:] - `exf vault read` — always confirm, contains production secrets ### Never Do - Cache or log vault secrets in plaintext anywhere - Run `exf vault read` without explicit user approval - Dump raw verbose CLI output directly into the conversation [IF autonomy != full-trust:] - Delete tasks, notes, or calendar events without confirmation ═══════════════════════════════════════════════════════════════════════════ PHASE 6 — VERIFY ═══════════════════════════════════════════════════════════════════════════ 1. Run: exf tasks list --limit 5 --project 2. Run: exf projects context 3. List the files you created or modified in Phase 5. Show me the results. If everything returned data, say: "ExecuFunction is configured for as a [ROLE] workspace with [AUTONOMY] autonomy. You can now use `exf` commands in this project."