@askexenow/exe-os 0.8.1 → 0.8.2

package/dist/bin/exe-cloud.js

@@ -1,861 +0,0 @@
-#!/usr/bin/env node
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-// src/lib/config.ts
-import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
-import path2 from "path";
-import os from "os";
-function resolveDataDir() {
-  if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
-  if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
-  const newDir = path2.join(os.homedir(), ".exe-os");
-  const legacyDir = path2.join(os.homedir(), ".exe-mem");
-  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
-    try {
-      renameSync(legacyDir, newDir);
-      process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
-`);
-    } catch {
-      return legacyDir;
-    }
-  }
-  return newDir;
-}
-function migrateLegacyConfig(raw) {
-  if ("r2" in raw) {
-    process.stderr.write(
-      "[exe-os] Warning: config.json contains deprecated 'r2' field from v1.0. R2 sync has been replaced in v1.1. The 'r2' field will be ignored.\n"
-    );
-    delete raw.r2;
-  }
-  if ("syncIntervalMs" in raw) {
-    delete raw.syncIntervalMs;
-  }
-  return raw;
-}
-function migrateConfig(raw) {
-  const fromVersion = typeof raw.config_version === "number" ? raw.config_version : 0;
-  let currentVersion = fromVersion;
-  let migrated = false;
-  if (currentVersion > CURRENT_CONFIG_VERSION) {
-    return { config: raw, migrated: false, fromVersion };
-  }
-  for (const migration of CONFIG_MIGRATIONS) {
-    if (currentVersion === migration.from && migration.to <= CURRENT_CONFIG_VERSION) {
-      raw = migration.migrate(raw);
-      currentVersion = migration.to;
-      migrated = true;
-    }
-  }
-  return { config: raw, migrated, fromVersion };
-}
-function normalizeScalingRoadmap(raw) {
-  const defaultAuto = DEFAULT_CONFIG.scalingRoadmap.rerankerAutoTrigger;
-  const userRoadmap = raw.scalingRoadmap ?? {};
-  const userAuto = userRoadmap.rerankerAutoTrigger ?? {};
-  if (userAuto.enabled === void 0 && raw.rerankerEnabled !== void 0) {
-    userAuto.enabled = raw.rerankerEnabled;
-  }
-  raw.scalingRoadmap = {
-    ...userRoadmap,
-    rerankerAutoTrigger: { ...defaultAuto, ...userAuto }
-  };
-}
-function normalizeSessionLifecycle(raw) {
-  const defaultSL = DEFAULT_CONFIG.sessionLifecycle;
-  const userSL = raw.sessionLifecycle ?? {};
-  raw.sessionLifecycle = { ...defaultSL, ...userSL };
-}
-function normalizeAutoUpdate(raw) {
-  const defaultAU = DEFAULT_CONFIG.autoUpdate;
-  const userAU = raw.autoUpdate ?? {};
-  raw.autoUpdate = { ...defaultAU, ...userAU };
-}
-async function loadConfig() {
-  const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await mkdir2(dir, { recursive: true });
-  const configPath = path2.join(dir, "config.json");
-  if (!existsSync2(configPath)) {
-    return { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db") };
-  }
-  const raw = await readFile2(configPath, "utf-8");
-  try {
-    let parsed = JSON.parse(raw);
-    parsed = migrateLegacyConfig(parsed);
-    const { config: migratedCfg, migrated, fromVersion } = migrateConfig(parsed);
-    if (migrated) {
-      process.stderr.write(`[exe-os] Config migrated from v${fromVersion} to v${migratedCfg.config_version}
-`);
-      try {
-        await writeFile2(configPath, JSON.stringify(migratedCfg, null, 2) + "\n");
-      } catch {
-      }
-    }
-    normalizeScalingRoadmap(migratedCfg);
-    normalizeSessionLifecycle(migratedCfg);
-    normalizeAutoUpdate(migratedCfg);
-    const config = { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db"), ...migratedCfg };
-    if (config.dbPath.startsWith("~")) {
-      config.dbPath = config.dbPath.replace(/^~/, os.homedir());
-    }
-    return config;
-  } catch {
-    return { ...DEFAULT_CONFIG, dbPath: path2.join(dir, "memories.db") };
-  }
-}
-async function saveConfig(config) {
-  const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await mkdir2(dir, { recursive: true });
-  const configPath = path2.join(dir, "config.json");
-  await writeFile2(configPath, JSON.stringify(config, null, 2) + "\n");
-}
-var EXE_AI_DIR, DB_PATH, MODELS_DIR, CONFIG_PATH, LEGACY_LANCE_PATH, CURRENT_CONFIG_VERSION, DEFAULT_CONFIG, CONFIG_MIGRATIONS;
-var init_config = __esm({
-  "src/lib/config.ts"() {
-    "use strict";
-    EXE_AI_DIR = resolveDataDir();
-    DB_PATH = path2.join(EXE_AI_DIR, "memories.db");
-    MODELS_DIR = path2.join(EXE_AI_DIR, "models");
-    CONFIG_PATH = path2.join(EXE_AI_DIR, "config.json");
-    LEGACY_LANCE_PATH = path2.join(EXE_AI_DIR, "local.lance");
-    CURRENT_CONFIG_VERSION = 1;
-    DEFAULT_CONFIG = {
-      config_version: CURRENT_CONFIG_VERSION,
-      dbPath: DB_PATH,
-      modelFile: "jina-embeddings-v5-small-q4_k_m.gguf",
-      embeddingDim: 1024,
-      batchSize: 20,
-      flushIntervalMs: 1e4,
-      autoIngestion: true,
-      autoRetrieval: true,
-      searchMode: "hybrid",
-      hookSearchMode: "hybrid",
-      fileGrepEnabled: true,
-      splashEffect: true,
-      consolidationEnabled: true,
-      consolidationIntervalMs: 6 * 60 * 60 * 1e3,
-      consolidationModel: "claude-haiku-4-5-20251001",
-      consolidationMaxCallsPerRun: 20,
-      selfQueryRouter: true,
-      selfQueryModel: "claude-haiku-4-5-20251001",
-      rerankerEnabled: true,
-      scalingRoadmap: {
-        rerankerAutoTrigger: {
-          enabled: true,
-          broadQueryMinCardinality: 5e4,
-          fetchTopK: 150,
-          returnTopK: 5
-        }
-      },
-      graphRagEnabled: true,
-      wikiEnabled: false,
-      wikiUrl: "",
-      wikiApiKey: "",
-      wikiSyncIntervalMs: 30 * 60 * 1e3,
-      wikiWorkspaceMapping: {
-        exe: "Executive",
-        yoshi: "Engineering",
-        mari: "Marketing",
-        tom: "Engineering",
-        sasha: "Production"
-      },
-      wikiAutoUpdate: true,
-      wikiAutoUpdateThreshold: 0.5,
-      wikiAutoUpdateCreateNew: true,
-      skillLearning: true,
-      skillThreshold: 3,
-      skillModel: "claude-haiku-4-5-20251001",
-      exeHeartbeat: {
-        enabled: true,
-        intervalSeconds: 60,
-        staleInProgressThresholdHours: 2
-      },
-      sessionLifecycle: {
-        idleKillEnabled: true,
-        idleKillTicksRequired: 3,
-        idleKillIntercomAckWindowMs: 1e4,
-        maxAutoInstances: 10
-      },
-      autoUpdate: {
-        checkOnBoot: true,
-        autoInstall: false,
-        checkIntervalMs: 24 * 60 * 60 * 1e3
-      }
-    };
-    CONFIG_MIGRATIONS = [
-      {
-        from: 0,
-        to: 1,
-        migrate: (cfg) => {
-          cfg.config_version = 1;
-          return cfg;
-        }
-      }
-    ];
-  }
-});
-
-// src/lib/license.ts
-var license_exports = {};
-__export(license_exports, {
-  LICENSE_PUBLIC_KEY_PEM: () => LICENSE_PUBLIC_KEY_PEM,
-  PLAN_LIMITS: () => PLAN_LIMITS,
-  assertVpsLicense: () => assertVpsLicense,
-  checkLicense: () => checkLicense,
-  getCachedLicense: () => getCachedLicense,
-  isFeatureAllowed: () => isFeatureAllowed,
-  loadDeviceId: () => loadDeviceId,
-  loadLicense: () => loadLicense,
-  mirrorLicenseKey: () => mirrorLicenseKey,
-  saveLicense: () => saveLicense,
-  validateLicense: () => validateLicense
-});
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync3, mkdirSync } from "fs";
-import { randomUUID } from "crypto";
-import path3 from "path";
-import { jwtVerify, importSPKI } from "jose";
-function loadDeviceId() {
-  const deviceJsonPath = path3.join(EXE_AI_DIR, "device.json");
-  try {
-    if (existsSync3(deviceJsonPath)) {
-      const data = JSON.parse(readFileSync2(deviceJsonPath, "utf8"));
-      if (data.deviceId) return data.deviceId;
-    }
-  } catch {
-  }
-  try {
-    if (existsSync3(DEVICE_ID_PATH)) {
-      const id2 = readFileSync2(DEVICE_ID_PATH, "utf8").trim();
-      if (id2) return id2;
-    }
-  } catch {
-  }
-  const id = randomUUID();
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(DEVICE_ID_PATH, id, "utf8");
-  return id;
-}
-function loadLicense() {
-  try {
-    if (!existsSync3(LICENSE_PATH)) return null;
-    return readFileSync2(LICENSE_PATH, "utf8").trim();
-  } catch {
-    return null;
-  }
-}
-function saveLicense(apiKey) {
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(LICENSE_PATH, apiKey.trim(), "utf8");
-}
-async function verifyLicenseJwt(token) {
-  try {
-    const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-    const { payload } = await jwtVerify(token, key, {
-      algorithms: [LICENSE_JWT_ALG]
-    });
-    const plan = payload.plan ?? "free";
-    const email = payload.sub ?? "";
-    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan,
-      email,
-      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  } catch {
-    return null;
-  }
-}
-async function getCachedLicense() {
-  try {
-    if (!existsSync3(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    if (!raw.token || typeof raw.token !== "string") return null;
-    return await verifyLicenseJwt(raw.token);
-  } catch {
-    return null;
-  }
-}
-function readCachedToken() {
-  try {
-    if (!existsSync3(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    return typeof raw.token === "string" ? raw.token : null;
-  } catch {
-    return null;
-  }
-}
-function cacheResponse(token) {
-  try {
-    writeFileSync(CACHE_PATH, JSON.stringify({ token }), "utf8");
-  } catch {
-  }
-}
-async function validateLicense(apiKey, deviceId) {
-  const did = deviceId ?? loadDeviceId();
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId: did }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      const data = await res.json();
-      if (data.error === "device_limit_exceeded") {
-        const cached2 = await getCachedLicense();
-        if (cached2) return cached2;
-        return { ...FREE_LICENSE, valid: false, plan: "free" };
-      }
-      if (data.token) {
-        cacheResponse(data.token);
-        const verified = await verifyLicenseJwt(data.token);
-        if (verified) return verified;
-      }
-      const limits = PLAN_LIMITS[data.plan] ?? PLAN_LIMITS.free;
-      return {
-        valid: data.valid,
-        plan: data.plan,
-        email: data.email,
-        expiresAt: data.expiresAt,
-        deviceLimit: limits.devices,
-        employeeLimit: limits.employees,
-        memoryLimit: limits.memories
-      };
-    }
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return { ...FREE_LICENSE, valid: false, plan: "free" };
-  } catch {
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return FREE_LICENSE;
-  }
-}
-async function checkLicense() {
-  const key = loadLicense();
-  if (!key) return FREE_LICENSE;
-  const cached = await getCachedLicense();
-  if (cached) return cached;
-  const deviceId = loadDeviceId();
-  return validateLicense(key, deviceId);
-}
-function isFeatureAllowed(license, feature) {
-  switch (feature) {
-    case "cloud_sync":
-    case "external_agents":
-    case "wiki":
-      return license.plan !== "free";
-    case "unlimited_employees":
-      return license.plan === "team" || license.plan === "agency" || license.plan === "enterprise";
-  }
-}
-function mirrorLicenseKey(apiKey) {
-  const trimmed = apiKey.trim();
-  if (!trimmed) return;
-  saveLicense(trimmed);
-}
-async function assertVpsLicense(opts) {
-  const env = opts?.env ?? process.env;
-  const inProduction = env.NODE_ENV === "production";
-  if (!opts?.force && !inProduction) {
-    return { ...FREE_LICENSE, plan: "free" };
-  }
-  const envKey = env.EXE_LICENSE_KEY?.trim();
-  if (envKey) {
-    saveLicense(envKey);
-  }
-  const apiKey = envKey ?? loadLicense();
-  if (!apiKey) {
-    throw new Error(
-      "License required: set EXE_LICENSE_KEY env var with your exe_sk_* key. Purchase at https://askexe.com. This VPS image refuses to boot without a valid license."
-    );
-  }
-  const deviceId = loadDeviceId();
-  let backendResponse = null;
-  let explicitRejection = false;
-  let transientFailure = false;
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      backendResponse = await res.json();
-      if (!backendResponse.valid) explicitRejection = true;
-    } else if (res.status === 401 || res.status === 403) {
-      explicitRejection = true;
-    } else {
-      transientFailure = true;
-    }
-  } catch {
-    transientFailure = true;
-  }
-  if (backendResponse?.valid) {
-    if (backendResponse.token) {
-      cacheResponse(backendResponse.token);
-      const verified = await verifyLicenseJwt(backendResponse.token);
-      if (verified) return verified;
-    }
-    const limits = PLAN_LIMITS[backendResponse.plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan: backendResponse.plan,
-      email: backendResponse.email,
-      expiresAt: backendResponse.expiresAt,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  }
-  if (explicitRejection) {
-    throw new Error(
-      `License invalid or expired. Renew at https://askexe.com, then restart. Backend rejected key ending in ...${apiKey.slice(-4)}.`
-    );
-  }
-  if (!transientFailure) {
-    throw new Error(
-      "License validation failed: unknown backend state. Restore network connectivity to https://askexe.com/cloud and retry."
-    );
-  }
-  const fresh = await getCachedLicense();
-  if (fresh && fresh.valid) return fresh;
-  const graceDays = opts?.offlineGraceDays ?? 7;
-  const graceMs = graceDays * 24 * 60 * 60 * 1e3;
-  try {
-    const token = readCachedToken();
-    if (token) {
-      const payloadB64 = token.split(".")[1];
-      if (payloadB64) {
-        const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
-        const expMs = (payload.exp ?? 0) * 1e3;
-        if (Date.now() < expMs + graceMs) {
-          const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-          const { payload: verified } = await jwtVerify(token, key, {
-            algorithms: [LICENSE_JWT_ALG],
-            clockTolerance: graceDays * 24 * 60 * 60
-          });
-          const plan = verified.plan ?? "free";
-          const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-          return {
-            valid: true,
-            plan,
-            email: verified.sub ?? "",
-            expiresAt: verified.exp ? new Date(verified.exp * 1e3).toISOString() : null,
-            deviceLimit: limits.devices,
-            employeeLimit: limits.employees,
-            memoryLimit: limits.memories
-          };
-        }
-      }
-    }
-  } catch {
-  }
-  throw new Error(
-    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://askexe.com/cloud and retry. This VPS image refuses to boot after the offline grace window.`
-  );
-}
-var LICENSE_PATH, CACHE_PATH, DEVICE_ID_PATH, API_BASE, LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG, PLAN_LIMITS, FREE_LICENSE;
-var init_license = __esm({
-  "src/lib/license.ts"() {
-    "use strict";
-    init_config();
-    LICENSE_PATH = path3.join(EXE_AI_DIR, "license.key");
-    CACHE_PATH = path3.join(EXE_AI_DIR, "license-cache.json");
-    DEVICE_ID_PATH = path3.join(EXE_AI_DIR, "device-id");
-    API_BASE = "https://askexe.com/cloud";
-    LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
-4uj+UqeKCcvtgNHKmOK278HJaJcANe9xAeji8AFYu27q3WtzCi04pHudow==
------END PUBLIC KEY-----`;
-    LICENSE_JWT_ALG = "ES256";
-    PLAN_LIMITS = {
-      free: { devices: 1, employees: 1, memories: 5e3 },
-      pro: { devices: 2, employees: 5, memories: 1e5 },
-      team: { devices: 10, employees: 20, memories: 1e6 },
-      agency: { devices: 50, employees: 100, memories: 1e7 },
-      enterprise: { devices: -1, employees: -1, memories: -1 }
-    };
-    FREE_LICENSE = {
-      valid: true,
-      plan: "free",
-      email: "",
-      expiresAt: null,
-      deviceLimit: 1,
-      employeeLimit: 1,
-      memoryLimit: 5e3
-    };
-  }
-});
-
-// src/bin/exe-cloud.ts
-import { createInterface } from "readline";
-
-// src/lib/keychain.ts
-import { readFile, writeFile, unlink, mkdir, chmod } from "fs/promises";
-import { existsSync } from "fs";
-import path from "path";
-import crypto from "crypto";
-var SERVICE = "exe-mem";
-var ACCOUNT = "master-key";
-function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path.join(process.env.HOME ?? "/tmp", ".exe-os");
-}
-function getKeyPath() {
-  return path.join(getKeyDir(), "master.key");
-}
-async function tryKeytar() {
-  try {
-    return await import("keytar");
-  } catch {
-    return null;
-  }
-}
-async function getMasterKey() {
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (stored) {
-        return Buffer.from(stored, "base64");
-      }
-    } catch {
-    }
-  }
-  const keyPath = getKeyPath();
-  if (!existsSync(keyPath)) {
-    return null;
-  }
-  try {
-    const content = await readFile(keyPath, "utf-8");
-    return Buffer.from(content.trim(), "base64");
-  } catch {
-    return null;
-  }
-}
-async function setMasterKey(key) {
-  const b64 = key.toString("base64");
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
-    }
-  }
-  const dir = getKeyDir();
-  await mkdir(dir, { recursive: true });
-  const keyPath = getKeyPath();
-  await writeFile(keyPath, b64 + "\n", "utf-8");
-  await chmod(keyPath, 384);
-}
-function exportMnemonic(key) {
-  if (key.length !== 32) {
-    throw new Error(`Key must be 32 bytes, got ${key.length}`);
-  }
-  const hash = crypto.createHash("sha256").update(key).digest();
-  const checksumByte = hash[0];
-  let bits = "";
-  for (const byte of key) {
-    bits += byte.toString(2).padStart(8, "0");
-  }
-  bits += checksumByte.toString(2).padStart(8, "0");
-  const words = [];
-  let wordlist;
-  try {
-    const bip39 = __require("bip39");
-    wordlist = bip39.wordlists?.english ?? bip39.default?.wordlists?.english;
-    if (!wordlist) throw new Error("no wordlist");
-  } catch {
-    throw new Error("bip39 package required. Install with: npm install bip39");
-  }
-  for (let i = 0; i < 264; i += 11) {
-    const index = parseInt(bits.slice(i, i + 11), 2);
-    words.push(wordlist[index]);
-  }
-  return words.join(" ");
-}
-function importMnemonic(mnemonic) {
-  const words = mnemonic.trim().split(/\s+/);
-  if (words.length !== 24) {
-    throw new Error(`Expected 24 words, got ${words.length}`);
-  }
-  let wordlist;
-  try {
-    const bip39 = __require("bip39");
-    wordlist = bip39.wordlists?.english ?? bip39.default?.wordlists?.english;
-    if (!wordlist) throw new Error("no wordlist");
-  } catch {
-    throw new Error("bip39 package required. Install with: npm install bip39");
-  }
-  let bits = "";
-  for (const word of words) {
-    const index = wordlist.indexOf(word.toLowerCase());
-    if (index === -1) {
-      throw new Error(`Invalid BIP39 word: "${word}"`);
-    }
-    bits += index.toString(2).padStart(11, "0");
-  }
-  const entropyBits = bits.slice(0, 256);
-  const checksumBits = bits.slice(256, 264);
-  const key = Buffer.alloc(32);
-  for (let i = 0; i < 32; i++) {
-    key[i] = parseInt(entropyBits.slice(i * 8, (i + 1) * 8), 2);
-  }
-  const hash = crypto.createHash("sha256").update(key).digest();
-  const expectedChecksum = hash[0].toString(2).padStart(8, "0");
-  if (checksumBits !== expectedChecksum) {
-    throw new Error("Invalid mnemonic checksum");
-  }
-  return key;
-}
-
-// src/bin/exe-cloud.ts
-init_config();
-
-// src/lib/ws-auth.ts
-import crypto2 from "crypto";
-var WS_AUTH_HKDF_INFO = "exe-os-ws-auth-v1";
-var ORG_ID_HKDF_INFO = "exe-os-org-id-v1";
-function deriveWsAuthToken(masterKey) {
-  return Buffer.from(crypto2.hkdfSync("sha256", masterKey, "", WS_AUTH_HKDF_INFO, 32));
-}
-function deriveOrgId(masterKey) {
-  const raw = Buffer.from(crypto2.hkdfSync("sha256", masterKey, "", ORG_ID_HKDF_INFO, 32));
-  return crypto2.createHash("sha256").update(raw).digest("hex").slice(0, 32);
-}
-function hashAuthToken(token) {
-  return crypto2.createHash("sha256").update(token).digest("hex");
-}
-
-// src/lib/is-main.ts
-import { realpathSync } from "fs";
-import { fileURLToPath } from "url";
-function isMainModule(importMetaUrl) {
-  if (process.argv[1] == null) return false;
-  try {
-    const scriptPath = realpathSync(process.argv[1]);
-    const modulePath = realpathSync(fileURLToPath(importMetaUrl));
-    return scriptPath === modulePath;
-  } catch {
-    return importMetaUrl === `file://${process.argv[1]}` || importMetaUrl === new URL(process.argv[1], "file://").href;
-  }
-}
-
-// src/bin/exe-cloud.ts
-var BAR = "\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550";
-function ask(rl, question) {
-  return new Promise((resolve) => {
-    rl.question(question, (answer) => resolve(answer.trim()));
-  });
-}
-async function setupMode() {
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-  console.log(BAR);
-  console.log(" EXE CLOUD SETUP");
-  console.log(BAR);
-  console.log("");
-  console.log("Step 1: Encryption Key");
-  const existingKey = await getMasterKey();
-  if (existingKey) {
-    console.log("  \u2713 Master key already present. Skipping.\n");
-  } else {
-    const hasPhrase = await ask(rl, "  Do you have a 24-word recovery phrase from another device? (y/n) ");
-    if (hasPhrase.toLowerCase().startsWith("y")) {
-      const mnemonic = await ask(rl, "  Paste your 24 words: ");
-      try {
-        const key = importMnemonic(mnemonic);
-        await setMasterKey(key);
-        console.log("  \u2713 Key imported.\n");
-      } catch (err) {
-        console.error(`  \u2717 Invalid mnemonic: ${err instanceof Error ? err.message : String(err)}`);
-        rl.close();
-        process.exit(1);
-      }
-    } else {
-      console.log("  No recovery phrase \u2014 run /exe-setup on your first device to generate one.");
-      console.log("  Then use /exe-cloud sync on that device to get the phrase.\n");
-      rl.close();
-      return;
-    }
-  }
-  console.log("Step 2: Cloud Sync");
-  const config = await loadConfig();
-  if (config.cloud?.apiKey) {
-    console.log(`  \u2713 Cloud already configured (${config.cloud.endpoint}).
-`);
-    const masterKey = await getMasterKey();
-    if (masterKey) {
-      const orgId = deriveOrgId(masterKey);
-      const authTokenHash = hashAuthToken(deriveWsAuthToken(masterKey));
-      try {
-        const regResp = await fetch(`${config.cloud.endpoint}/api/register-org`, {
-          method: "POST",
-          headers: { Authorization: `Bearer ${config.cloud.apiKey}`, "Content-Type": "application/json" },
-          body: JSON.stringify({ orgId, authTokenHash })
-        });
-        if (regResp.ok) {
-          console.log("  \u2713 Org registered for cross-machine messaging.\n");
-        }
-      } catch {
-      }
-    }
-  } else {
-    const apiKey = await ask(rl, "  Paste your API key (exe_sk_...): ");
-    if (!apiKey) {
-      console.log("  Skipped. Use /exe-settings to configure later.");
-      rl.close();
-      return;
-    }
-    const endpoint = await ask(rl, "  Endpoint [https://askexe.com/cloud]: ") || "https://askexe.com/cloud";
-    console.log("  Validating...");
-    try {
-      const resp = await fetch(`${endpoint}/auth/verify`, {
-        method: "POST",
-        headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" }
-      });
-      if (resp.ok) {
-        config.cloud = { apiKey, endpoint };
-        await saveConfig(config);
-        try {
-          const { mirrorLicenseKey: mirrorLicenseKey2 } = await Promise.resolve().then(() => (init_license(), license_exports));
-          mirrorLicenseKey2(apiKey);
-        } catch {
-        }
-        console.log("  \u2713 Cloud sync configured.\n");
-        const masterKey = await getMasterKey();
-        if (masterKey) {
-          console.log("Step 3: Cross-Machine Messaging");
-          const orgId = deriveOrgId(masterKey);
-          const authTokenHash = hashAuthToken(deriveWsAuthToken(masterKey));
-          try {
-            const regResp = await fetch(`${endpoint}/api/register-org`, {
-              method: "POST",
-              headers: { Authorization: `Bearer ${apiKey}`, "Content-Type": "application/json" },
-              body: JSON.stringify({ orgId, authTokenHash })
-            });
-            if (regResp.ok) {
-              console.log("  \u2713 Org registered for cross-machine messaging.\n");
-            } else {
-              console.log(`  \u26A0 Org registration failed (${regResp.status}). WS relay may not work.
-`);
-            }
-          } catch {
-            console.log("  \u26A0 Org registration failed (network). WS relay may not work.\n");
-          }
-        }
-      } else {
-        console.log(`  \u2717 Validation failed (${resp.status}). Key not saved.`);
-        rl.close();
-        process.exit(1);
-      }
-    } catch (err) {
-      console.log(`  \u2717 Could not reach endpoint: ${err instanceof Error ? err.message : String(err)}`);
-      rl.close();
-      process.exit(1);
-    }
-  }
-  console.log(BAR);
-  console.log(" Setup complete. Memories will sync now.");
-  console.log(BAR);
-  rl.close();
-}
-async function syncMode() {
-  const key = await getMasterKey();
-  if (!key) {
-    console.error("No master key found. Run /exe-setup first.");
-    process.exit(1);
-  }
-  const config = await loadConfig();
-  const mnemonic = exportMnemonic(key);
-  console.log(BAR);
-  console.log(" EXE CLOUD \u2014 DEVICE SYNC INFO");
-  console.log(BAR);
-  console.log("");
-  console.log("Run /exe-cloud on the new device and paste these when prompted:\n");
-  console.log("  24-word recovery phrase:");
-  console.log(`  ${mnemonic}
-`);
-  if (config.cloud?.apiKey) {
-    console.log("  Cloud API key:");
-    console.log(`  ${config.cloud.apiKey}
-`);
-    console.log("  Endpoint:");
-    console.log(`  ${config.cloud.endpoint}
-`);
-  } else {
-    console.log("  Cloud sync: not configured (local-only)\n");
-  }
-  console.log("\u26A0  Anyone with the recovery phrase can decrypt your memories.");
-  console.log(BAR);
-}
-async function statusMode() {
-  const key = await getMasterKey();
-  const config = await loadConfig();
-  console.log(BAR);
-  console.log(" EXE CLOUD STATUS");
-  console.log(BAR);
-  console.log("");
-  if (key) {
-    const fingerprint = key.toString("hex").slice(0, 8);
-    console.log(`  Encryption key: \u2713 present (${fingerprint}...)`);
-  } else {
-    console.log("  Encryption key: \u2717 not found \u2014 run /exe-setup");
-  }
-  if (config.cloud?.apiKey) {
-    const masked = config.cloud.apiKey.slice(0, 10) + "..." + config.cloud.apiKey.slice(-4);
-    console.log(`  Cloud sync:     \u2713 Exe Cloud (${masked})`);
-    console.log(`  Endpoint:       ${config.cloud.endpoint}`);
-  } else if (config.turso?.url) {
-    console.log(`  Cloud sync:     \u2713 libSQL (legacy) (${config.turso.url})`);
-  } else {
-    console.log("  Cloud sync:     local-only");
-  }
-  console.log("");
-  console.log(BAR);
-}
-async function main() {
-  const mode = process.argv[2]?.toLowerCase();
-  if (mode === "sync") {
-    await syncMode();
-  } else if (mode === "status") {
-    await statusMode();
-  } else if (!mode || mode === "setup") {
-    await setupMode();
-  } else {
-    console.error("Usage:");
-    console.error("  exe-cloud         \u2014 full device setup (key + cloud)");
-    console.error("  exe-cloud sync    \u2014 export info for new device");
-    console.error("  exe-cloud status  \u2014 show current sync status");
-    process.exit(1);
-  }
-}
-if (isMainModule(import.meta.url)) {
-  main().catch((err) => {
-    console.error(err instanceof Error ? err.message : String(err));
-    process.exit(1);
-  });
-}
-export {
-  main
-};