@askexenow/exe-os 0.8.0 → 0.8.2

package/dist/lib/license.js

@@ -1,377 +0,0 @@
-// src/lib/license.ts
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, mkdirSync } from "fs";
-import { randomUUID } from "crypto";
-import path2 from "path";
-import { jwtVerify, importSPKI } from "jose";
-
-// src/lib/config.ts
-import { readFile, writeFile, mkdir } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
-import path from "path";
-import os from "os";
-function resolveDataDir() {
-  if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
-  if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
-  const newDir = path.join(os.homedir(), ".exe-os");
-  const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
-    try {
-      renameSync(legacyDir, newDir);
-      process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
-`);
-    } catch {
-      return legacyDir;
-    }
-  }
-  return newDir;
-}
-var EXE_AI_DIR = resolveDataDir();
-var DB_PATH = path.join(EXE_AI_DIR, "memories.db");
-var MODELS_DIR = path.join(EXE_AI_DIR, "models");
-var CONFIG_PATH = path.join(EXE_AI_DIR, "config.json");
-var LEGACY_LANCE_PATH = path.join(EXE_AI_DIR, "local.lance");
-var CURRENT_CONFIG_VERSION = 1;
-var DEFAULT_CONFIG = {
-  config_version: CURRENT_CONFIG_VERSION,
-  dbPath: DB_PATH,
-  modelFile: "jina-embeddings-v5-small-q4_k_m.gguf",
-  embeddingDim: 1024,
-  batchSize: 20,
-  flushIntervalMs: 1e4,
-  autoIngestion: true,
-  autoRetrieval: true,
-  searchMode: "hybrid",
-  hookSearchMode: "hybrid",
-  fileGrepEnabled: true,
-  splashEffect: true,
-  consolidationEnabled: true,
-  consolidationIntervalMs: 6 * 60 * 60 * 1e3,
-  consolidationModel: "claude-haiku-4-5-20251001",
-  consolidationMaxCallsPerRun: 20,
-  selfQueryRouter: true,
-  selfQueryModel: "claude-haiku-4-5-20251001",
-  rerankerEnabled: true,
-  scalingRoadmap: {
-    rerankerAutoTrigger: {
-      enabled: true,
-      broadQueryMinCardinality: 5e4,
-      fetchTopK: 150,
-      returnTopK: 5
-    }
-  },
-  graphRagEnabled: true,
-  wikiEnabled: false,
-  wikiUrl: "",
-  wikiApiKey: "",
-  wikiSyncIntervalMs: 30 * 60 * 1e3,
-  wikiWorkspaceMapping: {
-    exe: "Executive",
-    yoshi: "Engineering",
-    mari: "Marketing",
-    tom: "Engineering",
-    sasha: "Production"
-  },
-  wikiAutoUpdate: true,
-  wikiAutoUpdateThreshold: 0.5,
-  wikiAutoUpdateCreateNew: true,
-  skillLearning: true,
-  skillThreshold: 3,
-  skillModel: "claude-haiku-4-5-20251001",
-  exeHeartbeat: {
-    enabled: true,
-    intervalSeconds: 60,
-    staleInProgressThresholdHours: 2
-  },
-  sessionLifecycle: {
-    idleKillEnabled: true,
-    idleKillTicksRequired: 3,
-    idleKillIntercomAckWindowMs: 1e4,
-    maxAutoInstances: 10
-  }
-};
-
-// src/lib/license.ts
-var LICENSE_PATH = path2.join(EXE_AI_DIR, "license.key");
-var CACHE_PATH = path2.join(EXE_AI_DIR, "license-cache.json");
-var DEVICE_ID_PATH = path2.join(EXE_AI_DIR, "device-id");
-var API_BASE = "https://askexe.com/cloud";
-var LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
-4uj+UqeKCcvtgNHKmOK278HJaJcANe9xAeji8AFYu27q3WtzCi04pHudow==
------END PUBLIC KEY-----`;
-var LICENSE_JWT_ALG = "ES256";
-var PLAN_LIMITS = {
-  free: { devices: 1, employees: 1, memories: 5e3 },
-  pro: { devices: 2, employees: 5, memories: 1e5 },
-  team: { devices: 10, employees: 20, memories: 1e6 },
-  agency: { devices: 50, employees: 100, memories: 1e7 },
-  enterprise: { devices: -1, employees: -1, memories: -1 }
-};
-var FREE_LICENSE = {
-  valid: true,
-  plan: "free",
-  email: "",
-  expiresAt: null,
-  deviceLimit: 1,
-  employeeLimit: 1,
-  memoryLimit: 5e3
-};
-function loadDeviceId() {
-  const deviceJsonPath = path2.join(EXE_AI_DIR, "device.json");
-  try {
-    if (existsSync2(deviceJsonPath)) {
-      const data = JSON.parse(readFileSync2(deviceJsonPath, "utf8"));
-      if (data.deviceId) return data.deviceId;
-    }
-  } catch {
-  }
-  try {
-    if (existsSync2(DEVICE_ID_PATH)) {
-      const id2 = readFileSync2(DEVICE_ID_PATH, "utf8").trim();
-      if (id2) return id2;
-    }
-  } catch {
-  }
-  const id = randomUUID();
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(DEVICE_ID_PATH, id, "utf8");
-  return id;
-}
-function loadLicense() {
-  try {
-    if (!existsSync2(LICENSE_PATH)) return null;
-    return readFileSync2(LICENSE_PATH, "utf8").trim();
-  } catch {
-    return null;
-  }
-}
-function saveLicense(apiKey) {
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(LICENSE_PATH, apiKey.trim(), "utf8");
-}
-async function verifyLicenseJwt(token) {
-  try {
-    const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-    const { payload } = await jwtVerify(token, key, {
-      algorithms: [LICENSE_JWT_ALG]
-    });
-    const plan = payload.plan ?? "free";
-    const email = payload.sub ?? "";
-    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan,
-      email,
-      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  } catch {
-    return null;
-  }
-}
-async function getCachedLicense() {
-  try {
-    if (!existsSync2(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    if (!raw.token || typeof raw.token !== "string") return null;
-    return await verifyLicenseJwt(raw.token);
-  } catch {
-    return null;
-  }
-}
-function readCachedToken() {
-  try {
-    if (!existsSync2(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    return typeof raw.token === "string" ? raw.token : null;
-  } catch {
-    return null;
-  }
-}
-function cacheResponse(token) {
-  try {
-    writeFileSync(CACHE_PATH, JSON.stringify({ token }), "utf8");
-  } catch {
-  }
-}
-async function validateLicense(apiKey, deviceId) {
-  const did = deviceId ?? loadDeviceId();
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId: did }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      const data = await res.json();
-      if (data.error === "device_limit_exceeded") {
-        const cached2 = await getCachedLicense();
-        if (cached2) return cached2;
-        return { ...FREE_LICENSE, valid: false, plan: "free" };
-      }
-      if (data.token) {
-        cacheResponse(data.token);
-        const verified = await verifyLicenseJwt(data.token);
-        if (verified) return verified;
-      }
-      const limits = PLAN_LIMITS[data.plan] ?? PLAN_LIMITS.free;
-      return {
-        valid: data.valid,
-        plan: data.plan,
-        email: data.email,
-        expiresAt: data.expiresAt,
-        deviceLimit: limits.devices,
-        employeeLimit: limits.employees,
-        memoryLimit: limits.memories
-      };
-    }
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return { ...FREE_LICENSE, valid: false, plan: "free" };
-  } catch {
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return FREE_LICENSE;
-  }
-}
-async function checkLicense() {
-  const key = loadLicense();
-  if (!key) return FREE_LICENSE;
-  const cached = await getCachedLicense();
-  if (cached) return cached;
-  const deviceId = loadDeviceId();
-  return validateLicense(key, deviceId);
-}
-function isFeatureAllowed(license, feature) {
-  switch (feature) {
-    case "cloud_sync":
-    case "external_agents":
-    case "wiki":
-      return license.plan !== "free";
-    case "unlimited_employees":
-      return license.plan === "team" || license.plan === "agency" || license.plan === "enterprise";
-  }
-}
-function mirrorLicenseKey(apiKey) {
-  const trimmed = apiKey.trim();
-  if (!trimmed) return;
-  saveLicense(trimmed);
-}
-async function assertVpsLicense(opts) {
-  const env = opts?.env ?? process.env;
-  const inProduction = env.NODE_ENV === "production";
-  if (!opts?.force && !inProduction) {
-    return { ...FREE_LICENSE, plan: "free" };
-  }
-  const envKey = env.EXE_LICENSE_KEY?.trim();
-  if (envKey) {
-    saveLicense(envKey);
-  }
-  const apiKey = envKey ?? loadLicense();
-  if (!apiKey) {
-    throw new Error(
-      "License required: set EXE_LICENSE_KEY env var with your exe_sk_* key. Purchase at https://askexe.com. This VPS image refuses to boot without a valid license."
-    );
-  }
-  const deviceId = loadDeviceId();
-  let backendResponse = null;
-  let explicitRejection = false;
-  let transientFailure = false;
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      backendResponse = await res.json();
-      if (!backendResponse.valid) explicitRejection = true;
-    } else if (res.status === 401 || res.status === 403) {
-      explicitRejection = true;
-    } else {
-      transientFailure = true;
-    }
-  } catch {
-    transientFailure = true;
-  }
-  if (backendResponse?.valid) {
-    if (backendResponse.token) {
-      cacheResponse(backendResponse.token);
-      const verified = await verifyLicenseJwt(backendResponse.token);
-      if (verified) return verified;
-    }
-    const limits = PLAN_LIMITS[backendResponse.plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan: backendResponse.plan,
-      email: backendResponse.email,
-      expiresAt: backendResponse.expiresAt,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  }
-  if (explicitRejection) {
-    throw new Error(
-      `License invalid or expired. Renew at https://askexe.com, then restart. Backend rejected key ending in ...${apiKey.slice(-4)}.`
-    );
-  }
-  if (!transientFailure) {
-    throw new Error(
-      "License validation failed: unknown backend state. Restore network connectivity to https://askexe.com/cloud and retry."
-    );
-  }
-  const fresh = await getCachedLicense();
-  if (fresh && fresh.valid) return fresh;
-  const graceDays = opts?.offlineGraceDays ?? 7;
-  const graceMs = graceDays * 24 * 60 * 60 * 1e3;
-  try {
-    const token = readCachedToken();
-    if (token) {
-      const payloadB64 = token.split(".")[1];
-      if (payloadB64) {
-        const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
-        const expMs = (payload.exp ?? 0) * 1e3;
-        if (Date.now() < expMs + graceMs) {
-          const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-          const { payload: verified } = await jwtVerify(token, key, {
-            algorithms: [LICENSE_JWT_ALG],
-            clockTolerance: graceDays * 24 * 60 * 60
-          });
-          const plan = verified.plan ?? "free";
-          const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-          return {
-            valid: true,
-            plan,
-            email: verified.sub ?? "",
-            expiresAt: verified.exp ? new Date(verified.exp * 1e3).toISOString() : null,
-            deviceLimit: limits.devices,
-            employeeLimit: limits.employees,
-            memoryLimit: limits.memories
-          };
-        }
-      }
-    }
-  } catch {
-  }
-  throw new Error(
-    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://askexe.com/cloud and retry. This VPS image refuses to boot after the offline grace window.`
-  );
-}
-export {
-  LICENSE_PUBLIC_KEY_PEM,
-  PLAN_LIMITS,
-  assertVpsLicense,
-  checkLicense,
-  getCachedLicense,
-  isFeatureAllowed,
-  loadDeviceId,
-  loadLicense,
-  mirrorLicenseKey,
-  saveLicense,
-  validateLicense
-};