@askexenow/exe-os 0.9.113 → 0.9.115

package/dist/hooks/pre-tool-use.js

@@ -139,6 +139,17 @@ function normalizeOrchestration(raw) {
   const userOrg = raw.orchestration ?? {};
   raw.orchestration = { ...defaultOrg, ...userOrg };
 }
+function normalizeCloudEndpoint(raw) {
+  const cloud = raw.cloud;
+  if (!cloud?.endpoint) return;
+  const ep = String(cloud.endpoint);
+  if (ep === "https://askexe.com/cloud" || ep === "https://askexe.com/cloud/") {
+    cloud.endpoint = "https://cloud.askexe.com";
+    process.stderr.write(
+      "[config] Auto-migrated cloud endpoint: askexe.com/cloud \u2192 cloud.askexe.com\n"
+    );
+  }
+}
 async function loadConfig() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
   await ensurePrivateDir(dir);
@@ -164,6 +175,7 @@ async function loadConfig() {
     normalizeSessionLifecycle(migratedCfg);
     normalizeAutoUpdate(migratedCfg);
     normalizeOrchestration(migratedCfg);
+    normalizeCloudEndpoint(migratedCfg);
     const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
     if (config.dbPath.startsWith("~")) {
       config.dbPath = config.dbPath.replace(/^~/, os.homedir());
@@ -370,6 +382,7 @@ __export(agent_config_exports, {
   clearAgentRuntime: () => clearAgentRuntime,
   getAgentRuntime: () => getAgentRuntime,
   loadAgentConfig: () => loadAgentConfig,
+  normalizeCcModelName: () => normalizeCcModelName,
   saveAgentConfig: () => saveAgentConfig,
   setAgentMcps: () => setAgentMcps,
   setAgentRuntime: () => setAgentRuntime
@@ -398,6 +411,13 @@ function getAgentRuntime(agentId) {
   if (orgDefault) return orgDefault;
   return { runtime: DEFAULT_RUNTIME, model: DEFAULT_MODELS[DEFAULT_RUNTIME] };
 }
+function normalizeCcModelName(model) {
+  let ccModel = model.replace(/(\d+)\.(\d+)/g, "$1-$2");
+  if (/claude-(opus|sonnet)-4-[6-9]/.test(ccModel) && !ccModel.includes("[1m]")) {
+    ccModel += "[1m]";
+  }
+  return ccModel;
+}
 function setAgentRuntime(agentId, runtime, model, reasoning_effort, mcps) {
   const knownModels = KNOWN_RUNTIMES[runtime];
   if (!knownModels) {
@@ -3980,6 +4000,21 @@ function isRootSession(name) {
 function extractRootExe(name) {
   if (!name) return null;
   if (!name.includes("-")) return name;
+  try {
+    const roster = (init_employees(), __toCommonJS(employees_exports)).loadEmployeesSync();
+    if (roster.length > 0) {
+      const sortedNames = roster.map((e) => e.name).sort((a, b) => b.length - a.length);
+      for (const agentName of sortedNames) {
+        const escaped = agentName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+        const regex = new RegExp(`^${escaped}\\d*-(.+)$`);
+        const match = name.match(regex);
+        if (match) {
+          return extractRootExe(match[1]);
+        }
+      }
+    }
+  } catch {
+  }
   const parts = name.split("-").filter(Boolean);
   return parts.length > 0 ? parts[parts.length - 1] : null;
 }
@@ -3998,6 +4033,10 @@ function registerParentExe(sessionKey, parentExe, dispatchedBy) {
 function getParentExe(sessionKey) {
   try {
     const data = JSON.parse(readFileSync10(path13.join(SESSION_CACHE, `parent-exe-${sessionKey}.json`), "utf8"));
+    if (data.registeredAt) {
+      const age = Date.now() - new Date(data.registeredAt).getTime();
+      if (age > PARENT_EXE_CACHE_TTL_MS) return null;
+    }
     return data.parentExe || null;
   } catch {
     return null;
@@ -4070,7 +4109,7 @@ function resolveExeSession() {
   }
   return candidate;
 }
-var SPAWN_LOCK_DIR, SESSION_CACHE, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
+var SPAWN_LOCK_DIR, SESSION_CACHE, PARENT_EXE_CACHE_TTL_MS, INTERCOM_LOG2, DEBOUNCE_FILE, DEBOUNCE_CLEANUP_AGE_MS;
 var init_tmux_routing = __esm({
   "src/lib/tmux-routing.ts"() {
     "use strict";
@@ -4088,6 +4127,7 @@ var init_tmux_routing = __esm({
     init_agent_symlinks();
     SPAWN_LOCK_DIR = path13.join(os9.homedir(), ".exe-os", "spawn-locks");
     SESSION_CACHE = path13.join(os9.homedir(), ".exe-os", "session-cache");
+    PARENT_EXE_CACHE_TTL_MS = 4 * 60 * 60 * 1e3;
     INTERCOM_LOG2 = path13.join(os9.homedir(), ".exe-os", "intercom.log");
     DEBOUNCE_FILE = path13.join(SESSION_CACHE, "intercom-debounce.json");
     DEBOUNCE_CLEANUP_AGE_MS = 5 * 60 * 1e3;
@@ -4303,7 +4343,7 @@ var init_cto_delegation_gate = __esm({
 });
 
 // src/lib/keychain.ts
-import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
+import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2, rename, copyFile } from "fs/promises";
 import { existsSync as existsSync14, statSync as statSync4 } from "fs";
 import { execSync as execSync6 } from "child_process";
 import path15 from "path";
@@ -4338,12 +4378,14 @@ function linuxSecretAvailable() {
 function isRootOnlyTrustedServerKeyFile(keyPath) {
   if (process.platform !== "linux") return false;
   try {
-    const uid = typeof os11.userInfo().uid === "number" ? os11.userInfo().uid : -1;
     const st = statSync4(keyPath);
     if (!st.isFile() || (st.mode & 63) !== 0) return false;
+    const uid = typeof os11.userInfo().uid === "number" ? os11.userInfo().uid : -1;
     if (uid === 0) return true;
     const exeOsDir = process.env.EXE_OS_DIR;
-    return Boolean(exeOsDir && path15.resolve(keyPath).startsWith(path15.resolve(exeOsDir) + path15.sep));
+    if (exeOsDir && path15.resolve(keyPath).startsWith(path15.resolve(exeOsDir) + path15.sep)) return true;
+    if (!linuxSecretAvailable()) return true;
+    return false;
   } catch {
     return false;
   }
@@ -4493,15 +4535,25 @@ async function writeMachineBoundFileFallback(b64) {
   await mkdir3(dir, { recursive: true });
   const keyPath = getKeyPath();
   const machineKey = deriveMachineKey();
-  if (machineKey) {
-    const encrypted = encryptWithMachineKey(b64, machineKey);
-    await writeFile3(keyPath, encrypted + "\n", "utf-8");
-    await chmod2(keyPath, 384);
-    return "encrypted";
+  const content = machineKey ? encryptWithMachineKey(b64, machineKey) + "\n" : b64 + "\n";
+  const result = machineKey ? "encrypted" : "plaintext";
+  const tmpPath = keyPath + ".tmp";
+  try {
+    if (existsSync14(keyPath)) {
+      await copyFile(keyPath, keyPath + ".bak").catch(() => {
+      });
+    }
+    await writeFile3(tmpPath, content, "utf-8");
+    await chmod2(tmpPath, 384);
+    await rename(tmpPath, keyPath);
+  } catch (err) {
+    try {
+      await unlink(tmpPath);
+    } catch {
+    }
+    throw err;
   }
-  await writeFile3(keyPath, b64 + "\n", "utf-8");
-  await chmod2(keyPath, 384);
-  return "plaintext";
+  return result;
 }
 async function getMasterKey() {
   let nativeValue = macKeychainGet() ?? linuxSecretGet();
@@ -4568,7 +4620,7 @@ async function getMasterKey() {
       b64Value = content;
     }
     const key = Buffer.from(b64Value, "base64");
-    if (!content.startsWith(ENCRYPTED_PREFIX) && isRootOnlyTrustedServerKeyFile(keyPath)) {
+    if (isRootOnlyTrustedServerKeyFile(keyPath)) {
       return key;
     }
     const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
@@ -7352,6 +7404,33 @@ Do NOT report this as successful. No file was changed. If you are a sub-agent, r
       } catch {
       }
     }
+    if (data.tool_name === "Bash") {
+      const command = String(data.tool_input?.command ?? "");
+      if (command) {
+        const mcpBypassPatterns = [
+          { regex: /\bsqlite3\b.*\b(memories\.db|\.exe-os)\b/, reason: "Direct SQLite access to exe-os database" },
+          { regex: /\bnode\s+-e\b.*\b(better-sqlite3|libsql|sqlite3)\b/, reason: "Inline Node.js script accessing SQLite" },
+          { regex: /\brequire\s*\(\s*['"].*memories\.db['"]\s*\)/, reason: "Direct require of memories database" }
+        ];
+        for (const { regex, reason } of mcpBypassPatterns) {
+          if (regex.test(command)) {
+            process.stderr.write(
+              `[pre-tool-use] MCP bypass BLOCKED: ${reason}
+`
+            );
+            const output = JSON.stringify({
+              hookSpecificOutput: { permissionDecision: "deny" },
+              systemMessage: `BLOCKED: ${reason}.
+The exe-os database is encrypted and must ONLY be accessed through MCP tools.
+If MCP is disconnected, tell the user: "MCP server is disconnected. Please run /mcp to reconnect."
+Do NOT attempt workarounds \u2014 direct DB access bypasses encryption, breaks data integrity, and violates the contract boundary.`
+            });
+            process.stdout.write(output);
+            process.exit(0);
+          }
+        }
+      }
+    }
   } catch {
   }
   clearTimeout(timeout);