@askexenow/exe-os 0.9.113 → 0.9.114

package/dist/tui/App.js

@@ -718,6 +718,7 @@ __export(agent_config_exports, {
   clearAgentRuntime: () => clearAgentRuntime,
   getAgentRuntime: () => getAgentRuntime,
   loadAgentConfig: () => loadAgentConfig,
+  normalizeCcModelName: () => normalizeCcModelName,
   saveAgentConfig: () => saveAgentConfig,
   setAgentMcps: () => setAgentMcps,
   setAgentRuntime: () => setAgentRuntime
@@ -746,6 +747,13 @@ function getAgentRuntime(agentId) {
   if (orgDefault) return orgDefault;
   return { runtime: DEFAULT_RUNTIME, model: DEFAULT_MODELS[DEFAULT_RUNTIME] };
 }
+function normalizeCcModelName(model) {
+  let ccModel = model.replace(/(\d+)\.(\d+)/g, "$1-$2");
+  if (/claude-(opus|sonnet)-4-[6-9]/.test(ccModel) && !ccModel.includes("[1m]")) {
+    ccModel += "[1m]";
+  }
+  return ccModel;
+}
 function setAgentRuntime(agentId, runtime, model, reasoning_effort, mcps) {
   const knownModels = KNOWN_RUNTIMES[runtime];
   if (!knownModels) {
@@ -7781,10 +7789,8 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   }
   if (!useExeAgent && !useCodex && !useOpencode && !useBinSymlink) {
     if (agentRtConfig.runtime === "claude" && agentRtConfig.model) {
-      let ccModel = agentRtConfig.model.replace(/(\d+)\.(\d+)/g, "$1-$2");
-      if (/claude-(opus|sonnet)-4-[6-9]/.test(ccModel) && !ccModel.includes("[1m]")) {
-        ccModel += "[1m]";
-      }
+      const { normalizeCcModelName: normalizeCcModelName2 } = (init_agent_config(), __toCommonJS(agent_config_exports));
+      const ccModel = normalizeCcModelName2(agentRtConfig.model);
       envPrefix = `${envPrefix} ANTHROPIC_MODEL=${ccModel}`;
     }
   }
@@ -10605,6 +10611,33 @@ var init_dangerous_patterns = __esm({
         regex: /\bkill\s+-9\b/,
         severity: "warning",
         reason: "Force kill signal"
+      },
+      // MCP bypass — agents must use MCP tools, never access the DB directly.
+      // These patterns catch attempts to work around a disconnected MCP server.
+      {
+        regex: /\bsqlite3\b.*\bmemories\.db\b/,
+        severity: "critical",
+        reason: "Direct SQLite access bypasses MCP contract boundary \u2014 use MCP tools"
+      },
+      {
+        regex: /\bsqlite3\b.*\.exe-os\b/,
+        severity: "critical",
+        reason: "Direct SQLite access to exe-os database \u2014 use MCP tools"
+      },
+      {
+        regex: /\bnode\s+-e\b.*\b(better-sqlite3|libsql|sqlite3)\b/,
+        severity: "critical",
+        reason: "Inline Node.js script accessing SQLite directly \u2014 use MCP tools"
+      },
+      {
+        regex: /\brequire\s*\(\s*['"].*memories\.db['"]\s*\)/,
+        severity: "critical",
+        reason: "Direct require of memories database \u2014 use MCP tools"
+      },
+      {
+        regex: /\bcat\b.*\bmemories\.db\b/,
+        severity: "warning",
+        reason: "Reading raw database file \u2014 encrypted data, use MCP tools instead"
       }
     ];
   }
@@ -11263,7 +11296,7 @@ __export(keychain_exports, {
   importMnemonic: () => importMnemonic,
   setMasterKey: () => setMasterKey
 });
-import { readFile as readFile4, writeFile as writeFile5, unlink, mkdir as mkdir4, chmod as chmod2 } from "fs/promises";
+import { readFile as readFile4, writeFile as writeFile5, unlink, mkdir as mkdir4, chmod as chmod2, rename, copyFile } from "fs/promises";
 import { existsSync as existsSync18, statSync as statSync3 } from "fs";
 import { execSync as execSync10 } from "child_process";
 import path27 from "path";
@@ -11298,12 +11331,14 @@ function linuxSecretAvailable() {
 function isRootOnlyTrustedServerKeyFile(keyPath) {
   if (process.platform !== "linux") return false;
   try {
-    const uid = typeof os13.userInfo().uid === "number" ? os13.userInfo().uid : -1;
     const st = statSync3(keyPath);
     if (!st.isFile() || (st.mode & 63) !== 0) return false;
+    const uid = typeof os13.userInfo().uid === "number" ? os13.userInfo().uid : -1;
     if (uid === 0) return true;
     const exeOsDir = process.env.EXE_OS_DIR;
-    return Boolean(exeOsDir && path27.resolve(keyPath).startsWith(path27.resolve(exeOsDir) + path27.sep));
+    if (exeOsDir && path27.resolve(keyPath).startsWith(path27.resolve(exeOsDir) + path27.sep)) return true;
+    if (!linuxSecretAvailable()) return true;
+    return false;
   } catch {
     return false;
   }
@@ -11453,15 +11488,25 @@ async function writeMachineBoundFileFallback(b64) {
   await mkdir4(dir, { recursive: true });
   const keyPath = getKeyPath();
   const machineKey = deriveMachineKey();
-  if (machineKey) {
-    const encrypted = encryptWithMachineKey(b64, machineKey);
-    await writeFile5(keyPath, encrypted + "\n", "utf-8");
-    await chmod2(keyPath, 384);
-    return "encrypted";
-  }
-  await writeFile5(keyPath, b64 + "\n", "utf-8");
-  await chmod2(keyPath, 384);
-  return "plaintext";
+  const content = machineKey ? encryptWithMachineKey(b64, machineKey) + "\n" : b64 + "\n";
+  const result = machineKey ? "encrypted" : "plaintext";
+  const tmpPath = keyPath + ".tmp";
+  try {
+    if (existsSync18(keyPath)) {
+      await copyFile(keyPath, keyPath + ".bak").catch(() => {
+      });
+    }
+    await writeFile5(tmpPath, content, "utf-8");
+    await chmod2(tmpPath, 384);
+    await rename(tmpPath, keyPath);
+  } catch (err) {
+    try {
+      await unlink(tmpPath);
+    } catch {
+    }
+    throw err;
+  }
+  return result;
 }
 async function getMasterKey() {
   let nativeValue = macKeychainGet() ?? linuxSecretGet();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.113",
+  "version": "0.9.114",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",