@askexenow/exe-os 0.9.155 → 0.9.156

package/deploy/compose/backup.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# Automated backup for exe-os stack — runs daily via cron or systemd timer.
+# Backs up: postgres (all databases), gateway auth state, wiki storage.
+set -euo pipefail
+
+BACKUP_DIR="${BACKUP_DIR:-/opt/exe-backups}"
+RETENTION_DAYS="${BACKUP_RETENTION_DAYS:-7}"
+DATE=$(date +%Y%m%d-%H%M%S)
+COMPOSE_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+mkdir -p "$BACKUP_DIR"
+
+echo "[backup] Starting exe-os stack backup ($DATE)"
+
+# 1. Postgres dump (all databases)
+echo "[backup] Dumping postgres..."
+docker exec exe-db pg_dumpall -U exe > "$BACKUP_DIR/postgres-$DATE.sql" 2>/dev/null
+gzip "$BACKUP_DIR/postgres-$DATE.sql"
+echo "[backup] Postgres: $(du -h "$BACKUP_DIR/postgres-$DATE.sql.gz" | cut -f1)"
+
+# 2. Gateway auth state (Baileys creds)
+echo "[backup] Backing up gateway auth state..."
+docker cp exe-gateway:/data/. "$BACKUP_DIR/gateway-$DATE/" 2>/dev/null || echo "[backup] Gateway backup skipped (not running)"
+tar -czf "$BACKUP_DIR/gateway-$DATE.tar.gz" -C "$BACKUP_DIR" "gateway-$DATE" 2>/dev/null && rm -rf "$BACKUP_DIR/gateway-$DATE"
+
+# 3. Wiki storage (uploaded docs)
+echo "[backup] Backing up wiki storage..."
+docker cp exe-wiki:/app/server/storage/. "$BACKUP_DIR/wiki-$DATE/" 2>/dev/null || echo "[backup] Wiki backup skipped"
+tar -czf "$BACKUP_DIR/wiki-$DATE.tar.gz" -C "$BACKUP_DIR" "wiki-$DATE" 2>/dev/null && rm -rf "$BACKUP_DIR/wiki-$DATE"
+
+# 4. Retention — delete backups older than N days
+echo "[backup] Cleaning backups older than $RETENTION_DAYS days..."
+find "$BACKUP_DIR" -name "*.gz" -mtime "+$RETENTION_DAYS" -delete 2>/dev/null
+find "$BACKUP_DIR" -name "*.sql" -mtime "+$RETENTION_DAYS" -delete 2>/dev/null
+
+echo "[backup] Done. Backups at $BACKUP_DIR:"
+ls -lh "$BACKUP_DIR"/*.gz 2>/dev/null | tail -5

package/deploy/compose/branding.json

@@ -0,0 +1,20 @@
+{
+  "name": "Exe OS",
+  "logo": null,
+  "colors": {
+    "primary": "#F5D76E",
+    "background": "#0F0E1A",
+    "surface": "rgba(245, 215, 110, 0.08)",
+    "text": "#f8f5ea",
+    "muted": "rgba(248, 245, 234, 0.72)"
+  },
+  "fonts": {
+    "heading": "Epilogue",
+    "body": "Manrope",
+    "mono": "Space Grotesk"
+  },
+  "support": {
+    "email": "support@askexe.com",
+    "url": "https://askexe.com"
+  }
+}

package/deploy/compose/docker-compose.yml

@@ -126,6 +126,11 @@ services:
       API_EXTERNAL_URL: ${GOTRUE_EXTERNAL_URL:-https://auth.askexe.com}
       GOTRUE_DISABLE_SIGNUP: ${GOTRUE_DISABLE_SIGNUP:-false}
       GOTRUE_MAILER_AUTOCONFIRM: ${GOTRUE_MAILER_AUTOCONFIRM:-true}
+      GOTRUE_SMTP_HOST: ${SMTP_HOST:-}
+      GOTRUE_SMTP_PORT: ${SMTP_PORT:-587}
+      GOTRUE_SMTP_USER: ${SMTP_USER:-}
+      GOTRUE_SMTP_PASS: ${SMTP_PASS:-}
+      GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_FROM:-noreply@askexe.com}
     ports:
       - "127.0.0.1:${GOTRUE_HOST_PORT:-9999}:9999"
     networks:
@@ -173,9 +178,14 @@ services:
     image: ${CRM_IMAGE_TAG:-ghcr.io/askexe/exe-crm:v0.9.2}
     container_name: exe-crm
     restart: unless-stopped
+    # Auto-migrate on boot: run database init before starting the app.
+    # Twenty CRM won't create tables automatically — this ensures they exist.
+    command: ["sh", "-c", "yarn database:init:prod 2>/dev/null || true && node dist/src/main"]
     depends_on:
       exe-db:
         condition: service_healthy
+      gotrue:
+        condition: service_healthy
       clickhouse:
         condition: service_healthy
       redis:
@@ -261,9 +271,13 @@ services:
     image: ${WIKI_IMAGE_TAG:-ghcr.io/askexe/exe-wiki:v0.9.2}
     container_name: exe-wiki
     restart: unless-stopped
+    # Wiki uses Prisma — runs migrate on boot via built-in entrypoint.
+    # If tables don't exist, Prisma creates them automatically.
     depends_on:
       exe-db:
         condition: service_healthy
+      gotrue:
+        condition: service_healthy
     env_file:
       - path: .env
         required: false

package/deploy/compose/setup.sh

@@ -0,0 +1,166 @@
+#!/usr/bin/env bash
+# exe-os stack first-time setup — run once on a fresh VPS.
+# Usage: ./setup.sh --client <name> --domain <domain> [--license <key>]
+set -euo pipefail
+
+RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
+info() { echo -e "${GREEN}[setup]${NC} $1"; }
+warn() { echo -e "${YELLOW}[setup]${NC} $1"; }
+err() { echo -e "${RED}[setup]${NC} $1" >&2; }
+
+# Parse args
+CLIENT="" DOMAIN="" LICENSE=""
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --client) CLIENT="$2"; shift 2;;
+    --domain) DOMAIN="$2"; shift 2;;
+    --license) LICENSE="$2"; shift 2;;
+    *) err "Unknown arg: $1"; exit 1;;
+  esac
+done
+[[ -z "$CLIENT" || -z "$DOMAIN" ]] && { err "Usage: ./setup.sh --client <name> --domain <domain>"; exit 1; }
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+cd "$SCRIPT_DIR"
+
+# Step 1: Docker + GHCR auth
+info "Step 1: Docker registry authentication"
+if ! docker info >/dev/null 2>&1; then
+  err "Docker is not running. Install Docker first: https://docs.docker.com/engine/install/"
+  exit 1
+fi
+
+if [[ -f .ghcr-token ]]; then
+  info "Logging into GHCR with stored token..."
+  cat .ghcr-token | docker login ghcr.io -u exe-os-pull --password-stdin 2>/dev/null || true
+elif [[ -n "${GHCR_TOKEN:-}" ]]; then
+  info "Logging into GHCR with GHCR_TOKEN env var..."
+  echo "$GHCR_TOKEN" | docker login ghcr.io -u exe-os-pull --password-stdin 2>/dev/null || true
+else
+  warn "No GHCR token found. Set GHCR_TOKEN env var or create .ghcr-token file."
+  warn "Images must be pullable — public or pre-authed."
+fi
+
+# Step 2: Generate .env
+info "Step 2: Generating .env file"
+if [[ -f .env ]]; then
+  warn ".env already exists — skipping generation. Delete .env to regenerate."
+else
+  if command -v node >/dev/null 2>&1; then
+    node -e "
+      const { generateEnv } = require('../../dist/deploy/compose/generate-env.js');
+      console.log(generateEnv({ clientName: '$CLIENT', domain: '$DOMAIN', licenseKey: '${LICENSE:-}' || undefined }));
+    " > .env 2>/dev/null || {
+      # Fallback: generate inline
+      info "Generating secrets inline..."
+      gen() { openssl rand -hex "$1"; }
+      cat > .env << ENVEOF
+POSTGRES_USER=exe
+POSTGRES_PASSWORD=$(gen 32)
+POSTGRES_DB=exedb
+CLICKHOUSE_DB=default
+CLICKHOUSE_USER=exe
+CLICKHOUSE_PASSWORD=$(gen 32)
+REDIS_PASSWORD=$(gen 32)
+GOTRUE_JWT_SECRET=$(gen 48)
+GOTRUE_SITE_URL=https://crm.${DOMAIN}
+GOTRUE_EXTERNAL_URL=https://auth.${DOMAIN}
+GOTRUE_DISABLE_SIGNUP=false
+GOTRUE_MAILER_AUTOCONFIRM=true
+CRM_IMAGE_TAG=ghcr.io/askexe/exe-crm:v0.9.3
+CRM_SERVER_URL=https://crm.${DOMAIN}
+CRM_APP_SECRET=$(gen 48)
+EXE_CRM_ADMIN_TOKEN=$(gen 48)
+CRM_HOST_PORT=3000
+WIKI_IMAGE_TAG=ghcr.io/askexe/exe-wiki:v0.9.4
+WIKI_DB_SCHEMA=wiki
+WIKI_VECTOR_DB=postgres
+WIKI_AUTH_TOKEN=$(gen 48)
+EXE_WIKI_ADMIN_TOKEN=$(gen 48)
+WIKI_JWT_SECRET=$(gen 48)
+WIKI_SIG_KEY=$(gen 48)
+WIKI_SIG_SALT=$(gen 16)
+WIKI_HOST_PORT=3001
+EXE_OS_IMAGE_TAG=ghcr.io/askexe/exe-os:v0.9.155
+EXED_MCP_TOKEN=$(gen 48)
+EXED_DEVICE_ID=vps-${CLIENT}
+EXE_CLOUD_SYNC_TO_POSTGRES=true
+EXE_LICENSE_KEY=${LICENSE:-CHANGEME_EXE_LICENSE_KEY}
+GATEWAY_IMAGE_TAG=ghcr.io/askexe/exe-gateway:v0.9.3
+EXE_GATEWAY_AUTH_TOKEN=$(gen 48)
+EXE_GATEWAY_WS_RELAY_AUTH_TOKEN=$(gen 48)
+EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN=$(gen 32)
+API_ROUTER_URL=https://gateway.${DOMAIN}
+GATEWAY_HTTP_HOST_PORT=3100
+GATEWAY_WS_HOST_PORT=3101
+MONITOR_HUB_IMAGE_TAG=ghcr.io/askexe/exe-monitor-hub:v0.9.4
+MONITOR_AGENT_IMAGE_TAG=ghcr.io/askexe/exe-monitor-agent:v0.9.4
+EXE_MONITOR_ADMIN_TOKEN=$(gen 48)
+MONITOR_HUB_URL=https://monitor.${DOMAIN}
+MONITOR_AGENT_TOKEN=CHANGEME_MONITOR_AGENT_TOKEN
+MONITOR_AGENT_KEY=CHANGEME_MONITOR_AGENT_KEY
+MONITOR_AGENT_LISTEN=:45876
+MONITOR_HUB_PORT=8090
+ENVEOF
+    }
+  fi
+  info ".env generated with auto-generated secrets"
+fi
+
+# Step 3: Cloudflared tunnel config
+info "Step 3: Cloudflare Tunnel setup"
+if [[ ! -f cloudflared/config.yml ]]; then
+  if [[ -f cloudflared/config.yml.example ]]; then
+    warn "Copy cloudflared/config.yml.example → cloudflared/config.yml"
+    warn "Then set TUNNEL_ID and DOMAIN in the config."
+    warn "Create tunnel: cloudflared tunnel create exe-${CLIENT}"
+  fi
+else
+  info "Cloudflared config exists."
+fi
+
+# Step 4: Pull images
+info "Step 4: Pulling Docker images..."
+docker compose pull 2>&1 || { err "Image pull failed — check GHCR authentication"; exit 1; }
+
+# Step 5: Start stack
+info "Step 5: Starting stack..."
+docker compose up -d 2>&1
+
+# Step 6: Wait for health
+info "Step 6: Waiting for services to be healthy..."
+sleep 10
+HEALTHY=0
+for i in $(seq 1 30); do
+  COUNT=$(docker ps --filter "health=healthy" --format '{{.Names}}' | wc -l | tr -d ' ')
+  TOTAL=$(docker ps --format '{{.Names}}' | wc -l | tr -d ' ')
+  echo -ne "\r  $COUNT/$TOTAL healthy (attempt $i/30)..."
+  if [[ "$COUNT" -ge "$TOTAL" ]]; then HEALTHY=1; break; fi
+  sleep 5
+done
+echo ""
+[[ "$HEALTHY" -eq 1 ]] && info "All services healthy!" || warn "Some services not healthy yet — check docker ps"
+
+# Step 7: Verify
+info "Step 7: Verification"
+docker ps --format 'table {{.Names}}\t{{.Status}}'
+echo ""
+info "Stack deployed! Next steps:"
+echo "  1. Configure Cloudflare tunnel (if not done)"
+echo "  2. Open https://crm.${DOMAIN} to create admin account"
+echo "  3. Open https://wiki.${DOMAIN} to set up wiki"
+echo "  4. Configure WhatsApp: edit gateway.json, restart gateway, pair at https://gateway.${DOMAIN}/pair/<name>"
+echo "  5. Verify: curl https://crm.${DOMAIN}/healthz && curl https://wiki.${DOMAIN}/api/ping"
+
+# Step 8: Firewall — ensure outbound HTTPS is open
+info "Step 8: Checking network connectivity..."
+if curl -s --max-time 5 https://ghcr.io >/dev/null 2>&1; then
+  info "Outbound HTTPS working (GHCR reachable)"
+else
+  warn "Cannot reach ghcr.io — check firewall/network. Docker pulls will fail."
+fi
+if curl -s --max-time 5 https://api.cloudflare.com >/dev/null 2>&1; then
+  info "Cloudflare reachable"
+else
+  warn "Cannot reach Cloudflare — tunnel won't work."
+fi

package/deploy/compose/status.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# exe-os stack health check — run anytime to verify all services.
+set -euo pipefail
+
+RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
+
+echo "=== exe-os Stack Health ==="
+echo ""
+
+# Container status
+echo "Containers:"
+docker ps --format 'table {{.Names}}\t{{.Status}}' 2>/dev/null
+echo ""
+
+# Service health endpoints
+echo "Service Endpoints:"
+DOMAIN="${1:-localhost}"
+check() {
+  local name=$1 url=$2
+  CODE=$(curl -sk -o /dev/null -w "%{http_code}" --max-time 5 "$url" 2>/dev/null || echo "000")
+  if [[ "$CODE" == "200" ]]; then
+    echo -e "  ${GREEN}✅${NC} $name ($CODE)"
+  elif [[ "$CODE" == "401" ]]; then
+    echo -e "  ${YELLOW}🔒${NC} $name ($CODE — auth required, service is up)"
+  else
+    echo -e "  ${RED}❌${NC} $name ($CODE)"
+  fi
+}
+
+check "CRM"      "http://127.0.0.1:3000/healthz"
+check "Wiki"     "http://127.0.0.1:3001/api/ping"
+check "Gateway"  "http://127.0.0.1:3100/health"
+check "Monitor"  "http://127.0.0.1:8090/api/health"
+check "GoTrue"   "http://127.0.0.1:9999/health"
+check "exe-os"   "http://127.0.0.1:8765/health"
+
+echo ""
+
+# Database
+echo "Database:"
+docker exec exe-db psql -U exe -d exedb -c "SELECT schemaname, COUNT(*) as tables FROM pg_tables WHERE schemaname NOT IN ('pg_catalog','information_schema') GROUP BY schemaname ORDER BY schemaname;" 2>/dev/null || echo "  ❌ Cannot connect to database"
+
+echo ""
+
+# Disk/Memory
+echo "Resources:"
+echo "  RAM: $(free -h 2>/dev/null | awk '/^Mem:/ {print $3 "/" $2}' || echo 'N/A')"
+echo "  Disk: $(df -h / 2>/dev/null | awk 'NR==2 {print $3 "/" $2 " (" $5 " used)"}' || echo 'N/A')"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.155",
+  "version": "0.9.156",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/release-notes.json

@@ -1,6 +1,109 @@
 {
-  "current": "0.9.155",
+  "current": "0.9.156",
   "notes": {
+    "0.9.156": {
+      "version": "0.9.156",
+      "date": "2026-05-28",
+      "features": [
+        "complete deployment readiness — all 14 second-pass blind spots fixed",
+        "production-ready stack — all 15 blind spots fixed",
+        "blocked task notification — ping dispatcher immediately on status change",
+        "self-improving skills — usage tracking, success counting, and refinement daemon",
+        "4 retrieval improvements — query expansion, stop words, contradiction resolution, abstention",
+        "competitive roadmap — serverless tier, identity depth, self-improving skills, user modeling",
+        "run database migrations before container swap in stack-update",
+        "graph auto-extract from ARCHITECTURE.md — regex-based entity/relationship extraction",
+        "migrate cloud.askexe.com → api.askexe.com as canonical endpoint",
+        "federated recall — code_context + graph fallback when memory results weak",
+        "migrate cloud.askexe.com → api.askexe.com across all src/ defaults",
+        "rolling restart in stack-update — one service at a time with health verification",
+        "DMR benchmark harness + LoCoMo improvements for v0.9.145 evaluation",
+        "Windows/WSL support — WezTerm config + WSL detection in setup wizard",
+        "queryTaskRows() consolidation — single scoped query path for all task list operations",
+        "review signal files — reliable reviewer notification on update_task(done)",
+        "Ghostty-native notifications via OSC 9 — no more Script Editor popup",
+        "device-scoped behaviors — device_id column + filter in loading",
+        "dispatch reliability — 45s boot timeout, dispatch ack signals, agent heartbeat",
+        "setup wizard headless mode + daemon health check after restart",
+        "device-scoped behaviors — add device_id column + filter on load",
+        "gateway prompt injection defense — 3-tier security hardening",
+        "add diagnostics(action=\"merge_agent_memories\") for reassigning memories across agent IDs",
+        "add task dependency tree visualization (action=dependency_tree)",
+        "graceful COO auto-relaunch after context-full exit"
+      ],
+      "fixes": [
+        "add scope import to prompt-submit — gate pass",
+        "add writeFileSync import to config.ts",
+        "persist cloud endpoint migration to config.json — stop logging on every boot",
+        "include memory_type in pushToPostgres metadata — was stripped on sync",
+        "add scope import to daemon-orchestration — satisfies customer-readiness gate",
+        "skill-refinement.ts — correct writeMemory field names + updateIdentity 3rd arg",
+        "make skill lifecycle fields optional on Behavior interface — unblocks publish",
+        "session isolation for tmux kill — block cross-scope session kills",
+        "session-scope daemon, push, capacity, and cleanup (P0 #7-#13)",
+        "add memory_type to crdt-sync MemoryRecord interface — unblocks publish",
+        "session-scope daemon, push, capacity, cleanup (P0 #7-#9, #13)",
+        "include memory_type in cloud sync push/pull + fix backfill re-sync",
+        "session-scope signal file system — prevent cross-session task/review bleed",
+        "session-scope notification routing — use row.session_scope over ambient",
+        "daemon NEVER guesses session from tmux — header-only routing",
+        "3 daemon bugs — context-full TTL override, API watchdog kill-after-3, idle-kill verify",
+        "federated recall always searches code_context + graph — count threshold was useless",
+        "make cross-repo guardrail task-aware — allow multi-repo work when task scope permits",
+        "ONE postgres — replace crm-postgres with exe-db across entire stack",
+        "smart session-scoping gate + last boot cleanup leak + triage_bug docs",
+        "add shipped_version to support triage + clean platform procedures",
+        "close remaining session-scoping findings from Bob's audit",
+        "close 3 more session-scoping leaks from Bob's audit (LEAK-4, LEAK-7, LEAK-8)",
+        "diagnostics check_update ENOENT + healthcheck timeout",
+        "close 8 session-scoping leaks — daemon ALS trust + review cleanup + close-task + inbox"
+      ],
+      "security": [
+        "fix shell injection, SSRF, socket leaks, backup validation",
+        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
+        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
+        "validate X-Agent-Role against roster — prevent privilege escalation",
+        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
+        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
+        "pin GitHub Actions to SHAs, update jose to 6.2.3",
+        "harden support intake against abuse and data leakage",
+        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
+        "audit: pre-hygo exe-gateway security report",
+        "add SECURITY.md — trust document for pre-install security evaluation",
+        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+      ],
+      "other": [
+        "rename memory schema → graph across codebase",
+        "unified access control — admin token + GoTrue across all services",
+        "capture data pipeline spec — raw → filter → wiki + CRM projection",
+        "bump to v0.9.149 — task lifecycle simplification + review notification fix",
+        "capture gateway connection observability requirements (2026-05-28)",
+        "bump to v0.9.146 for publish",
+        "Windows support architecture — WezTerm + WSL decision (2026-05-27)",
+        "Merge branch 'tom4-work' — device-scoped behaviors + push-notification fix",
+        "bump to v0.9.145 for publish",
+        "revert: keep workflow files unchanged — GitHub OAuth blocks workflow scope",
+        "stage remaining Yoshi fixes — features + bug cleanup",
+        "add tests for daemon restart orchestrator module",
+        "publish v0.9.144 — ESM require() fix + reliable task signals + OAuth 2.1",
+        "add MCP tool tests for message, cloud-sync, and file-copy",
+        "add coverage for send_message, cloud_sync, file_copy MCP tools (Track A)",
+        "Recover MCP sessions after daemon restart",
+        "publish v0.9.143 — all fixes live",
+        "publish v0.9.142",
+        "publish v0.9.141",
+        "ops: journalctl rotation + certbot expiry alerting",
+        "revert: daemon heap back to 33% of RAM — no artificial cap",
+        "v0.9.140 publish + heap cap 4GB (was 33% unbounded)",
+        "PG-1 cross-repo entity federation design document",
+        "add lint step + automated npm publish workflow",
+        "audit: scoped SQL + package budget + TUI vendored + TODO classification"
+      ],
+      "migration_notes": [
+        "If daemon goes down, agents will now fail instead of silently",
+        "exe-daemon.ts kills old embed.pid process and cleans up"
+      ]
+    },
     "0.9.155": {
       "version": "0.9.155",
       "date": "2026-05-28",
@@ -412,109 +515,6 @@
         "If daemon goes down, agents will now fail instead of silently",
         "exe-daemon.ts kills old embed.pid process and cleans up"
       ]
-    },
-    "0.9.144": {
-      "version": "0.9.144",
-      "date": "2026-05-26",
-      "features": [
-        "close_task auto-merges PR + pulls main + builds + prunes + respawns",
-        "auto-respawn Tom after close_task if more tasks queued",
-        "message WAL fallback — messages survive daemon downtime",
-        "entity type hierarchy — subtypes with rollup queries (PG-2)",
-        "temporal validity windows for graph queries (PG-3)",
-        "backup restore CLI + restoreBackup function",
-        "ESLint setup + dependency hygiene + any type reduction",
-        "config(action=\"hire\") MCP tool — COO can hire employees directly",
-        "GM (General Manager) role template + hiring guidance",
-        "merge gate warning in close_task — catches unmerged PRs",
-        "behavior hygiene — platform procedure + COO identity + company procedure",
-        "MCP auto-reconnect to daemon — survives deploy restarts transparently",
-        "event-driven notifications — stop polling managers, let task state drive everything",
-        "MCP disconnect tracker + daemon observability",
-        "MCP lifecycle logging to file — FULL transparency on every disconnect",
-        "automatic P0 bug fixing — daemon auto-dispatch + GitHub Actions fallback",
-        "enforce worktrees for engineer sessions — prevent direct main commits",
-        "multi-device coordination — routing, handoff, device status",
-        "hook tamper protection — SHA-256 manifest + verification before spawn",
-        "governed collaborative memory — visibility tags + write governance",
-        "cache-sharing protocol — pub/sub memory bus for inter-agent sharing",
-        "multi-modal memory — media attachments on memories",
-        "comprehensive \"last 20%\" integration tests + audit_trail read path",
-        "wire memory poisoning defense into writeMemory() pipeline",
-        "memory poisoning defense — trust levels, anomaly detection, quarantine"
-      ],
-      "fixes": [
-        "remove unused test imports blocking publish",
-        "resolve all typecheck errors — await-in-sync + type mismatches",
-        "remaining require() → ESM imports in daemon (db-backup, intercom, shutdown)",
-        "eliminate CJS require() from ESM daemon + reliable task signal delivery",
-        "migrate critical writeFileSync to atomicWrite — prevent corruption on crash (Track C)",
-        "security hardening — SQL injection lint + TUI input sanitize + MCP rate limiter (Track D)",
-        "clear public launch readiness blockers",
-        "prune old worktree on close_task before respawning fresh",
-        "exe-launch-agent resolves multi-instance names — tom2/tom3 no longer rejected",
-        "worktree isolation for all runtimes + token budget enforcement + atomic memory versioning",
-        "cross-device sync dedup — cooldown key prevents duplicate pushes",
-        "merge gate checks branch name not git author — was silently passing",
-        "resume_employee uses autoInstance — spawns tom2/tom3 for parallel",
-        "security hardening — fail-closed behavior auth gates",
-        "send_message intercom uses force:true — bypass 5-min debounce",
-        "global session cap 10→50 — match MCP session cap",
-        "/exe-call ALWAYS fires + tmux send-keys blocked for ALL agents",
-        "SIGTERM graceful shutdown — remove process.exit(0) from initMetrics",
-        "stale task escalation — surface alive-but-stalled agents to COO",
-        "cloud sync upsert + entity type hierarchy + temporal validity + file_copy security",
-        "daemon memory leak + duplicate watchdog + HTTP body limit + WAL flush",
-        "heap pressure alarm was false positive — compared heapUsed/heapTotal instead of heapUsed/heapLimit",
-        "strengthen scoped SQL audit — cover UPDATE/INSERT, expand exemptions",
-        "hard block tmux send-keys for non-coordinator agents",
-        "MCP disconnect procedure — explicitly block tmux send-keys workaround"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
-      ],
-      "other": [
-        "publish v0.9.144 — ESM require() fix + reliable task signals + OAuth 2.1",
-        "add coverage for send_message, cloud_sync, file_copy MCP tools (Track A)",
-        "Recover MCP sessions after daemon restart",
-        "publish v0.9.143 — all fixes live",
-        "publish v0.9.142",
-        "publish v0.9.141",
-        "ops: journalctl rotation + certbot expiry alerting",
-        "revert: daemon heap back to 33% of RAM — no artificial cap",
-        "v0.9.140 publish + heap cap 4GB (was 33% unbounded)",
-        "PG-1 cross-repo entity federation design document",
-        "add lint step + automated npm publish workflow",
-        "audit: scoped SQL + package budget + TUI vendored + TODO classification",
-        "add full readiness audit evidence",
-        "roadmap: Cross-Repo Ontology — Palantir-level graph (PG-1 through PG-10)",
-        "capture mcp restart self-healing roadmap",
-        "Enforce chain of command task review parity",
-        "document raw SQL fallback in orchestrator auto-approve path",
-        "Finalize orchestration rollout fixes",
-        "Scope device governance task queries",
-        "bump v0.9.138 — 7 critical bug fixes, 10 features, 16 commits",
-        "bump v0.9.137 — Memanto typed schema, push notifications, lazy consolidation",
-        "bump v0.9.136 — daemon OOM fix, process monitor, auto-notify reviewer",
-        "bump v0.9.135 — code debt cleanup, 28 new tests, full observability",
-        "Codex MCP regression tests (18) + DB singleton integration tests (10)",
-        "release notes for v0.9.134"
-      ],
-      "migration_notes": [
-        "If daemon goes down, agents will now fail instead of silently",
-        "exe-daemon.ts kills old embed.pid process and cleans up"
-      ]
     }
   }
 }