@askexenow/exe-os 0.8.1 → 0.8.3

package/dist/lib/keychain.js

@@ -1,145 +0,0 @@
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-
-// src/lib/keychain.ts
-import { readFile, writeFile, unlink, mkdir, chmod } from "fs/promises";
-import { existsSync } from "fs";
-import path from "path";
-import crypto from "crypto";
-var SERVICE = "exe-mem";
-var ACCOUNT = "master-key";
-function getKeyDir() {
-  return process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? path.join(process.env.HOME ?? "/tmp", ".exe-os");
-}
-function getKeyPath() {
-  return path.join(getKeyDir(), "master.key");
-}
-async function tryKeytar() {
-  try {
-    return await import("keytar");
-  } catch {
-    return null;
-  }
-}
-async function getMasterKey() {
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (stored) {
-        return Buffer.from(stored, "base64");
-      }
-    } catch {
-    }
-  }
-  const keyPath = getKeyPath();
-  if (!existsSync(keyPath)) {
-    return null;
-  }
-  try {
-    const content = await readFile(keyPath, "utf-8");
-    return Buffer.from(content.trim(), "base64");
-  } catch {
-    return null;
-  }
-}
-async function setMasterKey(key) {
-  const b64 = key.toString("base64");
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
-    }
-  }
-  const dir = getKeyDir();
-  await mkdir(dir, { recursive: true });
-  const keyPath = getKeyPath();
-  await writeFile(keyPath, b64 + "\n", "utf-8");
-  await chmod(keyPath, 384);
-}
-async function deleteMasterKey() {
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.deletePassword(SERVICE, ACCOUNT);
-    } catch {
-    }
-  }
-  const keyPath = getKeyPath();
-  if (existsSync(keyPath)) {
-    await unlink(keyPath);
-  }
-}
-function exportMnemonic(key) {
-  if (key.length !== 32) {
-    throw new Error(`Key must be 32 bytes, got ${key.length}`);
-  }
-  const hash = crypto.createHash("sha256").update(key).digest();
-  const checksumByte = hash[0];
-  let bits = "";
-  for (const byte of key) {
-    bits += byte.toString(2).padStart(8, "0");
-  }
-  bits += checksumByte.toString(2).padStart(8, "0");
-  const words = [];
-  let wordlist;
-  try {
-    const bip39 = __require("bip39");
-    wordlist = bip39.wordlists?.english ?? bip39.default?.wordlists?.english;
-    if (!wordlist) throw new Error("no wordlist");
-  } catch {
-    throw new Error("bip39 package required. Install with: npm install bip39");
-  }
-  for (let i = 0; i < 264; i += 11) {
-    const index = parseInt(bits.slice(i, i + 11), 2);
-    words.push(wordlist[index]);
-  }
-  return words.join(" ");
-}
-function importMnemonic(mnemonic) {
-  const words = mnemonic.trim().split(/\s+/);
-  if (words.length !== 24) {
-    throw new Error(`Expected 24 words, got ${words.length}`);
-  }
-  let wordlist;
-  try {
-    const bip39 = __require("bip39");
-    wordlist = bip39.wordlists?.english ?? bip39.default?.wordlists?.english;
-    if (!wordlist) throw new Error("no wordlist");
-  } catch {
-    throw new Error("bip39 package required. Install with: npm install bip39");
-  }
-  let bits = "";
-  for (const word of words) {
-    const index = wordlist.indexOf(word.toLowerCase());
-    if (index === -1) {
-      throw new Error(`Invalid BIP39 word: "${word}"`);
-    }
-    bits += index.toString(2).padStart(11, "0");
-  }
-  const entropyBits = bits.slice(0, 256);
-  const checksumBits = bits.slice(256, 264);
-  const key = Buffer.alloc(32);
-  for (let i = 0; i < 32; i++) {
-    key[i] = parseInt(entropyBits.slice(i * 8, (i + 1) * 8), 2);
-  }
-  const hash = crypto.createHash("sha256").update(key).digest();
-  const expectedChecksum = hash[0].toString(2).padStart(8, "0");
-  if (checksumBits !== expectedChecksum) {
-    throw new Error("Invalid mnemonic checksum");
-  }
-  return key;
-}
-export {
-  deleteMasterKey,
-  exportMnemonic,
-  getMasterKey,
-  importMnemonic,
-  setMasterKey
-};

package/dist/lib/license.js

@@ -1,382 +0,0 @@
-// src/lib/license.ts
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, mkdirSync } from "fs";
-import { randomUUID } from "crypto";
-import path2 from "path";
-import { jwtVerify, importSPKI } from "jose";
-
-// src/lib/config.ts
-import { readFile, writeFile, mkdir } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
-import path from "path";
-import os from "os";
-function resolveDataDir() {
-  if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
-  if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
-  const newDir = path.join(os.homedir(), ".exe-os");
-  const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
-    try {
-      renameSync(legacyDir, newDir);
-      process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
-`);
-    } catch {
-      return legacyDir;
-    }
-  }
-  return newDir;
-}
-var EXE_AI_DIR = resolveDataDir();
-var DB_PATH = path.join(EXE_AI_DIR, "memories.db");
-var MODELS_DIR = path.join(EXE_AI_DIR, "models");
-var CONFIG_PATH = path.join(EXE_AI_DIR, "config.json");
-var LEGACY_LANCE_PATH = path.join(EXE_AI_DIR, "local.lance");
-var CURRENT_CONFIG_VERSION = 1;
-var DEFAULT_CONFIG = {
-  config_version: CURRENT_CONFIG_VERSION,
-  dbPath: DB_PATH,
-  modelFile: "jina-embeddings-v5-small-q4_k_m.gguf",
-  embeddingDim: 1024,
-  batchSize: 20,
-  flushIntervalMs: 1e4,
-  autoIngestion: true,
-  autoRetrieval: true,
-  searchMode: "hybrid",
-  hookSearchMode: "hybrid",
-  fileGrepEnabled: true,
-  splashEffect: true,
-  consolidationEnabled: true,
-  consolidationIntervalMs: 6 * 60 * 60 * 1e3,
-  consolidationModel: "claude-haiku-4-5-20251001",
-  consolidationMaxCallsPerRun: 20,
-  selfQueryRouter: true,
-  selfQueryModel: "claude-haiku-4-5-20251001",
-  rerankerEnabled: true,
-  scalingRoadmap: {
-    rerankerAutoTrigger: {
-      enabled: true,
-      broadQueryMinCardinality: 5e4,
-      fetchTopK: 150,
-      returnTopK: 5
-    }
-  },
-  graphRagEnabled: true,
-  wikiEnabled: false,
-  wikiUrl: "",
-  wikiApiKey: "",
-  wikiSyncIntervalMs: 30 * 60 * 1e3,
-  wikiWorkspaceMapping: {
-    exe: "Executive",
-    yoshi: "Engineering",
-    mari: "Marketing",
-    tom: "Engineering",
-    sasha: "Production"
-  },
-  wikiAutoUpdate: true,
-  wikiAutoUpdateThreshold: 0.5,
-  wikiAutoUpdateCreateNew: true,
-  skillLearning: true,
-  skillThreshold: 3,
-  skillModel: "claude-haiku-4-5-20251001",
-  exeHeartbeat: {
-    enabled: true,
-    intervalSeconds: 60,
-    staleInProgressThresholdHours: 2
-  },
-  sessionLifecycle: {
-    idleKillEnabled: true,
-    idleKillTicksRequired: 3,
-    idleKillIntercomAckWindowMs: 1e4,
-    maxAutoInstances: 10
-  },
-  autoUpdate: {
-    checkOnBoot: true,
-    autoInstall: false,
-    checkIntervalMs: 24 * 60 * 60 * 1e3
-  }
-};
-
-// src/lib/license.ts
-var LICENSE_PATH = path2.join(EXE_AI_DIR, "license.key");
-var CACHE_PATH = path2.join(EXE_AI_DIR, "license-cache.json");
-var DEVICE_ID_PATH = path2.join(EXE_AI_DIR, "device-id");
-var API_BASE = "https://askexe.com/cloud";
-var LICENSE_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeHztAMOpR/ZMh+rWuOASjEZ54CGY
-4uj+UqeKCcvtgNHKmOK278HJaJcANe9xAeji8AFYu27q3WtzCi04pHudow==
------END PUBLIC KEY-----`;
-var LICENSE_JWT_ALG = "ES256";
-var PLAN_LIMITS = {
-  free: { devices: 1, employees: 1, memories: 5e3 },
-  pro: { devices: 2, employees: 5, memories: 1e5 },
-  team: { devices: 10, employees: 20, memories: 1e6 },
-  agency: { devices: 50, employees: 100, memories: 1e7 },
-  enterprise: { devices: -1, employees: -1, memories: -1 }
-};
-var FREE_LICENSE = {
-  valid: true,
-  plan: "free",
-  email: "",
-  expiresAt: null,
-  deviceLimit: 1,
-  employeeLimit: 1,
-  memoryLimit: 5e3
-};
-function loadDeviceId() {
-  const deviceJsonPath = path2.join(EXE_AI_DIR, "device.json");
-  try {
-    if (existsSync2(deviceJsonPath)) {
-      const data = JSON.parse(readFileSync2(deviceJsonPath, "utf8"));
-      if (data.deviceId) return data.deviceId;
-    }
-  } catch {
-  }
-  try {
-    if (existsSync2(DEVICE_ID_PATH)) {
-      const id2 = readFileSync2(DEVICE_ID_PATH, "utf8").trim();
-      if (id2) return id2;
-    }
-  } catch {
-  }
-  const id = randomUUID();
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(DEVICE_ID_PATH, id, "utf8");
-  return id;
-}
-function loadLicense() {
-  try {
-    if (!existsSync2(LICENSE_PATH)) return null;
-    return readFileSync2(LICENSE_PATH, "utf8").trim();
-  } catch {
-    return null;
-  }
-}
-function saveLicense(apiKey) {
-  mkdirSync(EXE_AI_DIR, { recursive: true });
-  writeFileSync(LICENSE_PATH, apiKey.trim(), "utf8");
-}
-async function verifyLicenseJwt(token) {
-  try {
-    const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-    const { payload } = await jwtVerify(token, key, {
-      algorithms: [LICENSE_JWT_ALG]
-    });
-    const plan = payload.plan ?? "free";
-    const email = payload.sub ?? "";
-    const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan,
-      email,
-      expiresAt: payload.exp ? new Date(payload.exp * 1e3).toISOString() : null,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  } catch {
-    return null;
-  }
-}
-async function getCachedLicense() {
-  try {
-    if (!existsSync2(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    if (!raw.token || typeof raw.token !== "string") return null;
-    return await verifyLicenseJwt(raw.token);
-  } catch {
-    return null;
-  }
-}
-function readCachedToken() {
-  try {
-    if (!existsSync2(CACHE_PATH)) return null;
-    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
-    return typeof raw.token === "string" ? raw.token : null;
-  } catch {
-    return null;
-  }
-}
-function cacheResponse(token) {
-  try {
-    writeFileSync(CACHE_PATH, JSON.stringify({ token }), "utf8");
-  } catch {
-  }
-}
-async function validateLicense(apiKey, deviceId) {
-  const did = deviceId ?? loadDeviceId();
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId: did }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      const data = await res.json();
-      if (data.error === "device_limit_exceeded") {
-        const cached2 = await getCachedLicense();
-        if (cached2) return cached2;
-        return { ...FREE_LICENSE, valid: false, plan: "free" };
-      }
-      if (data.token) {
-        cacheResponse(data.token);
-        const verified = await verifyLicenseJwt(data.token);
-        if (verified) return verified;
-      }
-      const limits = PLAN_LIMITS[data.plan] ?? PLAN_LIMITS.free;
-      return {
-        valid: data.valid,
-        plan: data.plan,
-        email: data.email,
-        expiresAt: data.expiresAt,
-        deviceLimit: limits.devices,
-        employeeLimit: limits.employees,
-        memoryLimit: limits.memories
-      };
-    }
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return { ...FREE_LICENSE, valid: false, plan: "free" };
-  } catch {
-    const cached = await getCachedLicense();
-    if (cached) return cached;
-    return FREE_LICENSE;
-  }
-}
-async function checkLicense() {
-  const key = loadLicense();
-  if (!key) return FREE_LICENSE;
-  const cached = await getCachedLicense();
-  if (cached) return cached;
-  const deviceId = loadDeviceId();
-  return validateLicense(key, deviceId);
-}
-function isFeatureAllowed(license, feature) {
-  switch (feature) {
-    case "cloud_sync":
-    case "external_agents":
-    case "wiki":
-      return license.plan !== "free";
-    case "unlimited_employees":
-      return license.plan === "team" || license.plan === "agency" || license.plan === "enterprise";
-  }
-}
-function mirrorLicenseKey(apiKey) {
-  const trimmed = apiKey.trim();
-  if (!trimmed) return;
-  saveLicense(trimmed);
-}
-async function assertVpsLicense(opts) {
-  const env = opts?.env ?? process.env;
-  const inProduction = env.NODE_ENV === "production";
-  if (!opts?.force && !inProduction) {
-    return { ...FREE_LICENSE, plan: "free" };
-  }
-  const envKey = env.EXE_LICENSE_KEY?.trim();
-  if (envKey) {
-    saveLicense(envKey);
-  }
-  const apiKey = envKey ?? loadLicense();
-  if (!apiKey) {
-    throw new Error(
-      "License required: set EXE_LICENSE_KEY env var with your exe_sk_* key. Purchase at https://askexe.com. This VPS image refuses to boot without a valid license."
-    );
-  }
-  const deviceId = loadDeviceId();
-  let backendResponse = null;
-  let explicitRejection = false;
-  let transientFailure = false;
-  try {
-    const res = await fetch(`${API_BASE}/auth/activate`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ apiKey, deviceId }),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (res.ok) {
-      backendResponse = await res.json();
-      if (!backendResponse.valid) explicitRejection = true;
-    } else if (res.status === 401 || res.status === 403) {
-      explicitRejection = true;
-    } else {
-      transientFailure = true;
-    }
-  } catch {
-    transientFailure = true;
-  }
-  if (backendResponse?.valid) {
-    if (backendResponse.token) {
-      cacheResponse(backendResponse.token);
-      const verified = await verifyLicenseJwt(backendResponse.token);
-      if (verified) return verified;
-    }
-    const limits = PLAN_LIMITS[backendResponse.plan] ?? PLAN_LIMITS.free;
-    return {
-      valid: true,
-      plan: backendResponse.plan,
-      email: backendResponse.email,
-      expiresAt: backendResponse.expiresAt,
-      deviceLimit: limits.devices,
-      employeeLimit: limits.employees,
-      memoryLimit: limits.memories
-    };
-  }
-  if (explicitRejection) {
-    throw new Error(
-      `License invalid or expired. Renew at https://askexe.com, then restart. Backend rejected key ending in ...${apiKey.slice(-4)}.`
-    );
-  }
-  if (!transientFailure) {
-    throw new Error(
-      "License validation failed: unknown backend state. Restore network connectivity to https://askexe.com/cloud and retry."
-    );
-  }
-  const fresh = await getCachedLicense();
-  if (fresh && fresh.valid) return fresh;
-  const graceDays = opts?.offlineGraceDays ?? 7;
-  const graceMs = graceDays * 24 * 60 * 60 * 1e3;
-  try {
-    const token = readCachedToken();
-    if (token) {
-      const payloadB64 = token.split(".")[1];
-      if (payloadB64) {
-        const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
-        const expMs = (payload.exp ?? 0) * 1e3;
-        if (Date.now() < expMs + graceMs) {
-          const key = await importSPKI(LICENSE_PUBLIC_KEY_PEM, LICENSE_JWT_ALG);
-          const { payload: verified } = await jwtVerify(token, key, {
-            algorithms: [LICENSE_JWT_ALG],
-            clockTolerance: graceDays * 24 * 60 * 60
-          });
-          const plan = verified.plan ?? "free";
-          const limits = PLAN_LIMITS[plan] ?? PLAN_LIMITS.free;
-          return {
-            valid: true,
-            plan,
-            email: verified.sub ?? "",
-            expiresAt: verified.exp ? new Date(verified.exp * 1e3).toISOString() : null,
-            deviceLimit: limits.devices,
-            employeeLimit: limits.employees,
-            memoryLimit: limits.memories
-          };
-        }
-      }
-    }
-  } catch {
-  }
-  throw new Error(
-    `License validation unreachable for more than ${graceDays} days. Restore network connectivity to https://askexe.com/cloud and retry. This VPS image refuses to boot after the offline grace window.`
-  );
-}
-export {
-  LICENSE_PUBLIC_KEY_PEM,
-  PLAN_LIMITS,
-  assertVpsLicense,
-  checkLicense,
-  getCachedLicense,
-  isFeatureAllowed,
-  loadDeviceId,
-  loadLicense,
-  mirrorLicenseKey,
-  saveLicense,
-  validateLicense
-};