@askexenow/exe-os 0.9.196 → 0.9.198

package/deploy/compose/docker-compose.yml

@@ -370,12 +370,12 @@ services:
       EXE_GATEWAY_CONFIG: /data/gateway.json
       DATABASE_URL: postgres://${POSTGRES_USER:-exe}:${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}@exe-db:5432/${POSTGRES_DB:-exedb}
       EXE_GATEWAY_PORT: "3100"
-      EXE_GATEWAY_HOST: "127.0.0.1"
+      EXE_GATEWAY_HOST: "0.0.0.0"
       EXE_GATEWAY_AUTH_TOKEN: ${EXE_GATEWAY_AUTH_TOKEN:?EXE_GATEWAY_AUTH_TOKEN is required}
       GOTRUE_URL: http://gotrue:9999
       EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN: ${EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN:?EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN is required}
       EXE_GATEWAY_WS_RELAY_ENABLED: "true"
-      EXE_GATEWAY_WS_RELAY_HOST: "127.0.0.1"
+      EXE_GATEWAY_WS_RELAY_HOST: "0.0.0.0"
       EXE_GATEWAY_WS_RELAY_PORT: "3101"
       EXE_GATEWAY_WS_RELAY_AUTH_TOKEN: ${EXE_GATEWAY_WS_RELAY_AUTH_TOKEN:?EXE_GATEWAY_WS_RELAY_AUTH_TOKEN is required}
       WHATSAPP_ACCESS_TOKEN: ${WHATSAPP_ACCESS_TOKEN:-}
@@ -435,6 +435,46 @@ services:
       driver: json-file
       options: { max-size: "10m", max-file: "3" }
 
+  # ------------------------------------------------------------------
+  # Update service — registry proxy for customer image pulls
+  # Serves update.askexe.com: /v2/* Docker registry proxy, /health
+  # AskExe control-plane only — not deployed on customer VPSs.
+  # ------------------------------------------------------------------
+  exe-update:
+    image: ${EXE_OS_IMAGE_TAG:-${EXED_IMAGE_TAG:-ghcr.io/askexe/exe-os:v0.9.157}}
+    container_name: exe-update
+    restart: unless-stopped
+    entrypoint: ["node", "/app/dist/bin/registry-proxy.js"]
+    env_file:
+      - path: .env
+        required: false
+    environment:
+      EXE_REGISTRY_PROXY_PORT: "${EXE_REGISTRY_PROXY_PORT:-3200}"
+      EXE_REGISTRY_PROXY_HOST: "${EXE_REGISTRY_PROXY_HOST:-0.0.0.0}"
+      EXE_REGISTRY_PROXY_UPSTREAM: "${EXE_REGISTRY_PROXY_UPSTREAM:-https://ghcr.io}"
+      EXE_REGISTRY_PROXY_UPSTREAM_USERNAME: "${EXE_REGISTRY_PROXY_UPSTREAM_USERNAME}"
+      EXE_REGISTRY_PROXY_UPSTREAM_TOKEN: "${EXE_REGISTRY_PROXY_UPSTREAM_TOKEN}"
+      EXE_REGISTRY_PROXY_PULL_TOKENS: "${EXE_REGISTRY_PROXY_PULL_TOKENS}"
+      EXE_REGISTRY_PROXY_ALLOWED_NAMESPACE: "${EXE_REGISTRY_PROXY_ALLOWED_NAMESPACE:-askexe}"
+    ports:
+      - "127.0.0.1:${EXE_UPDATE_HOST_PORT:-3200}:${EXE_REGISTRY_PROXY_PORT:-3200}"
+    networks:
+      backend:
+        ipv4_address: 10.42.0.25
+    healthcheck:
+      test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:3200/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
+      interval: 30s
+      timeout: 5s
+      start_period: 10s
+      retries: 3
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+    logging:
+      driver: json-file
+      options: { max-size: "10m", max-file: "3" }
+
   # ------------------------------------------------------------------
   # Infrastructure — Cloudflare Tunnel (replaces nginx + SSL certs)
   # ------------------------------------------------------------------

package/deploy/stack-manifests/v0.9.json

@@ -181,31 +181,31 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.3",
+          "image": "update.askexe.com/askexe/exed:v0.9.3",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer"
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "deploymentScope": "customer"
         }
       },
@@ -222,9 +222,9 @@
           "repo": "AskExe/exe-os",
           "npmPackage": "@askexenow/exe-os",
           "npmVersion": "0.9.69",
-          "image": "registry.askexe.com/askexe/exed:v0.9.3",
+          "image": "update.askexe.com/askexe/exed:v0.9.3",
           "imageVersion": "0.9.3",
-          "note": "npm package version and customer stack image tag are separate version tracks; Hygo pulls the exed image through registry.askexe.com, which proxies the GHCR artifact server-side.",
+          "note": "npm package version and customer stack image tag are separate version tracks; Hygo pulls the exed image through update.askexe.com, which proxies the GHCR artifact server-side.",
           "sourceRef": "v0.9.3"
         }
       }
@@ -246,31 +246,31 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.4",
+          "image": "update.askexe.com/askexe/exed:v0.9.4",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer"
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "deploymentScope": "customer"
         }
       },
@@ -287,9 +287,9 @@
           "repo": "AskExe/exe-os",
           "npmPackage": "@askexenow/exe-os",
           "npmVersion": "0.9.81",
-          "image": "registry.askexe.com/askexe/exed:v0.9.4",
+          "image": "update.askexe.com/askexe/exed:v0.9.4",
           "imageVersion": "0.9.4",
-          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through registry.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
+          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through update.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
           "sourceRef": "stack-v0.9.4"
         }
       }
@@ -311,31 +311,31 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.5",
+          "image": "update.askexe.com/askexe/exed:v0.9.5",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer"
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "deploymentScope": "customer"
         }
       },
@@ -352,9 +352,9 @@
           "repo": "AskExe/exe-os",
           "npmPackage": "@askexenow/exe-os",
           "npmVersion": "0.9.82",
-          "image": "registry.askexe.com/askexe/exed:v0.9.4",
+          "image": "update.askexe.com/askexe/exed:v0.9.4",
           "imageVersion": "0.9.5",
-          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through registry.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
+          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through update.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
           "sourceRef": "stack-v0.9.4",
           "commit": "main@stack-v0.9.5"
         }
@@ -379,31 +379,31 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.6",
+          "image": "update.askexe.com/askexe/exed:v0.9.6",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer"
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "deploymentScope": "customer"
         }
       },
@@ -420,9 +420,9 @@
           "repo": "AskExe/exe-os",
           "npmPackage": "@askexenow/exe-os",
           "npmVersion": "0.9.83",
-          "image": "registry.askexe.com/askexe/exed:v0.9.4",
+          "image": "update.askexe.com/askexe/exed:v0.9.4",
           "imageVersion": "0.9.6",
-          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through registry.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
+          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through update.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
           "sourceRef": "stack-v0.9.4",
           "commit": "main@stack-v0.9.6"
         }
@@ -447,31 +447,31 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.7",
+          "image": "update.askexe.com/askexe/exed:v0.9.7",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer"
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "deploymentScope": "customer"
         }
       },
@@ -488,9 +488,9 @@
           "repo": "AskExe/exe-os",
           "npmPackage": "@askexenow/exe-os",
           "npmVersion": "0.9.84",
-          "image": "registry.askexe.com/askexe/exed:v0.9.4",
+          "image": "update.askexe.com/askexe/exed:v0.9.4",
           "imageVersion": "0.9.7",
-          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through registry.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
+          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through update.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
           "sourceRef": "stack-v0.9.4",
           "commit": "main@stack-v0.9.7"
         }
@@ -506,32 +506,32 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.8",
+          "image": "update.askexe.com/askexe/exed:v0.9.8",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer",
           "note": "npm package @askexenow/exe-os@0.9.89. Security hardening + 5 Hygo bug fixes + RSS memory fix."
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "healthUrl": "http://127.0.0.1:45876/",
           "deploymentScope": "customer"
         }
@@ -545,32 +545,32 @@
       "services": {
         "crm": {
           "env": "CRM_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.3",
           "healthUrl": "http://127.0.0.1:3000/healthz",
           "deploymentScope": "customer"
         },
         "wiki": {
           "env": "WIKI_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.3",
           "healthUrl": "http://127.0.0.1:3001/api/ping",
           "deploymentScope": "customer"
         },
         "exe-os": {
           "env": "EXE_OS_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exed:v0.9.9",
+          "image": "update.askexe.com/askexe/exed:v0.9.9",
           "healthUrl": "http://127.0.0.1:8765/health",
           "deploymentScope": "customer",
           "note": "npm package @askexenow/exe-os@0.9.134. Session routing fix, DB safety suite, Codex MCP, 20 bug fixes."
         },
         "gateway": {
           "env": "GATEWAY_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.3",
           "healthUrl": "http://127.0.0.1:3100/health",
           "deploymentScope": "customer"
         },
         "monitorAgent": {
           "env": "MONITOR_AGENT_IMAGE_TAG",
-          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.3",
           "healthUrl": "http://127.0.0.1:45876/",
           "deploymentScope": "customer"
         }
@@ -584,32 +584,32 @@
       "breakingChanges": [],
       "services": {
         "crm": {
-          "image": "ghcr.io/askexe/exe-crm:v0.9.4",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.4",
           "env": "CRM_IMAGE_TAG",
           "composeService": "exe-crm"
         },
         "wiki": {
-          "image": "ghcr.io/askexe/exe-wiki:v0.9.5",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.5",
           "env": "WIKI_IMAGE_TAG",
           "composeService": "exe-wiki"
         },
         "exe-os": {
-          "image": "ghcr.io/askexe/exe-os:v0.9.157",
+          "image": "update.askexe.com/askexe/exe-os:v0.9.157",
           "env": "EXE_OS_IMAGE_TAG",
           "composeService": "exe-os"
         },
         "gateway": {
-          "image": "ghcr.io/askexe/exe-gateway:v0.9.4",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.4",
           "env": "GATEWAY_IMAGE_TAG",
           "composeService": "exe-gateway"
         },
         "monitorAgent": {
-          "image": "ghcr.io/askexe/exe-monitor-agent:v0.9.4",
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.4",
           "env": "MONITOR_AGENT_IMAGE_TAG",
           "composeService": "exe-monitor-agent"
         },
         "monitorHub": {
-          "image": "ghcr.io/askexe/exe-monitor-hub:v0.9.5",
+          "image": "update.askexe.com/askexe/exe-monitor-hub:v0.9.5",
           "env": "MONITOR_HUB_IMAGE_TAG",
           "composeService": "exe-monitor-hub"
         }
@@ -623,22 +623,22 @@
       "breakingChanges": [],
       "services": {
         "crm": {
-          "image": "update.askexe.com/askexe/exe-crm:v0.9.4",
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.15",
           "env": "CRM_IMAGE_TAG",
           "composeService": "exe-crm"
         },
         "wiki": {
-          "image": "update.askexe.com/askexe/exe-wiki:v0.9.5",
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.11",
           "env": "WIKI_IMAGE_TAG",
           "composeService": "exe-wiki"
         },
         "exe-os": {
-          "image": "update.askexe.com/askexe/exe-os:v0.9.185",
+          "image": "update.askexe.com/askexe/exe-os:v0.9.159",
           "env": "EXE_OS_IMAGE_TAG",
           "composeService": "exe-os"
         },
         "gateway": {
-          "image": "update.askexe.com/askexe/exe-gateway:v0.9.7",
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.8",
           "env": "GATEWAY_IMAGE_TAG",
           "composeService": "exe-gateway"
         },
@@ -648,7 +648,7 @@
           "composeService": "exe-monitor-agent"
         },
         "monitorHub": {
-          "image": "update.askexe.com/askexe/exe-monitor-hub:v0.9.5",
+          "image": "update.askexe.com/askexe/exe-monitor-hub:v0.9.4",
           "env": "MONITOR_HUB_IMAGE_TAG",
           "composeService": "exe-monitor-hub"
         }

package/dist/bin/registry-proxy.js

@@ -22,8 +22,8 @@ Environment:
   EXE_REGISTRY_PROXY_ALLOWED_NAMESPACE=askexe
 
 Docker image shape for clients:
-  registry.askexe.com/askexe/exe-os:v0.9.3
-  registry.askexe.com/askexe/exe-crm:v0.9.3
+  update.askexe.com/askexe/exe-os:v0.9.3
+  update.askexe.com/askexe/exe-crm:v0.9.3
 `);
 }
 async function main(args = process.argv.slice(2)) {

package/dist/bin/stack-update.js

@@ -11,7 +11,7 @@ import {
   patchEnv,
   readCurrentStackVersion,
   runStackUpdate
-} from "../chunk-MJYXPMPW.js";
+} from "../chunk-M7NGABPF.js";
 import "../chunk-MVMMULOJ.js";
 import "../chunk-4GXRETYL.js";
 import "../chunk-LYH5HE24.js";

package/dist/bin/vps-health-gate.js

@@ -207,7 +207,7 @@ async function main(args) {
   console.log("[health-gate] Starting rollback...");
   restorePreDeployBackup();
   try {
-    const { rollbackStackUpdate, defaultStackPaths } = await import("../stack-update-ODIHZZCZ.js");
+    const { rollbackStackUpdate, defaultStackPaths } = await import("../stack-update-C4BAPLXJ.js");
     const paths = defaultStackPaths();
     await rollbackStackUpdate({
       manifestRef: paths.manifestRef,

package/dist/{chunk-OK5U45GK.js → chunk-62DAMAFL.js}

@@ -495,6 +495,15 @@ function createSessionTTLRealDeps(getClient) {
     listRegisteredSessions: () => listSessions(),
     listTmuxSessions: () => listTmuxSessions(),
     getSessionCreatedEpoch: (sessionName) => {
+      try {
+        const sessions = listSessions();
+        const entry = sessions.find((s) => s.windowName === sessionName);
+        if (entry?.registeredAt) {
+          const epoch = new Date(entry.registeredAt).getTime() / 1e3;
+          if (!isNaN(epoch)) return epoch;
+        }
+      } catch {
+      }
       try {
         const out = execSync(
           `tmux display-message -t ${JSON.stringify(sessionName)} -p '#{session_created}' 2>/dev/null`,
@@ -1304,6 +1313,42 @@ function reapZombieAgentProcesses(deps) {
       }
     }
     if (hasLiveSession) continue;
+    const coordinatorSessions = [...liveSessions].filter(
+      (s) => isCoordinatorName(s.replace(/^\w+-/, "")) || isExeSession(s)
+    );
+    if (coordinatorSessions.length > 0) {
+      let belongsToCoordinator = false;
+      for (const cs of coordinatorSessions) {
+        try {
+          const panePids = execSync(
+            `tmux list-panes -t ${JSON.stringify(cs)} -F '#{pane_pid}' 2>/dev/null`,
+            { encoding: "utf8", timeout: 3e3 }
+          ).trim().split("\n").map(Number).filter(Boolean);
+          for (const panePid of panePids) {
+            let walk = pid;
+            for (let d = 0; d < 10; d++) {
+              if (walk === panePid) {
+                belongsToCoordinator = true;
+                break;
+              }
+              const p = procMap.get(walk);
+              if (!p || p.ppid <= 1) break;
+              walk = p.ppid;
+            }
+            if (belongsToCoordinator) break;
+          }
+        } catch {
+        }
+        if (belongsToCoordinator) break;
+      }
+      if (belongsToCoordinator) {
+        process.stderr.write(
+          `[zombie-agent-reaper] SKIPPING PID ${pid} \u2014 belongs to coordinator session (${info.args.slice(0, 60)})
+`
+        );
+        continue;
+      }
+    }
     const rssKb = getRssKb(pid);
     const rssMb = rssKb ? Math.round(rssKb / 1024) : "?";
     const desc = `PID ${pid} (age=${ageSecs}s, RSS=${rssMb}MB, ${info.args.slice(0, 80)})`;

package/dist/{chunk-2OX3F2UQ.js → chunk-CHZMPZJ3.js}

@@ -6,7 +6,7 @@ import {
 } from "./chunk-AFJWUI3Y.js";
 import {
   AUTO_WAKE_MAX_RETRIES
-} from "./chunk-OK5U45GK.js";
+} from "./chunk-62DAMAFL.js";
 import {
   getToolCapabilityIndex
 } from "./chunk-GHCVD7WV.js";

package/dist/{chunk-MJYXPMPW.js → chunk-M7NGABPF.js}

@@ -140,22 +140,22 @@ function createStackUpdatePlan(manifest, envRaw, targetVersion) {
     breakingChanges: release.breakingChanges ?? []
   };
 }
-var ASKEXE_GHCR_IMAGE = /^(?:ghcr\.io\/askexe|registry\.askexe\.com\/askexe)\/[a-z0-9._/-]+(?::[^:@$/{]+|@sha256:[a-f0-9]{64})$/i;
+var ASKEXE_GHCR_IMAGE = /^(?:ghcr\.io\/askexe|update\.askexe\.com\/askexe)\/[a-z0-9._/-]+(?::[^:@$/{]+|@sha256:[a-f0-9]{64})$/i;
 function validatePinnedGhcrImage(image, label) {
   const trimmed = image.trim().replace(/^['"]|['"]$/g, "");
   if (!trimmed) return `${label} is empty`;
   if (trimmed.includes("${")) return null;
-  if (!trimmed.startsWith("ghcr.io/askexe/") && !trimmed.startsWith("registry.askexe.com/askexe/")) return `${label} must use ghcr.io/askexe/* or registry.askexe.com/askexe/*, got ${trimmed}`;
+  if (!trimmed.startsWith("ghcr.io/askexe/") && !trimmed.startsWith("update.askexe.com/askexe/")) return `${label} must use ghcr.io/askexe/* or update.askexe.com/askexe/*, got ${trimmed}`;
   if (/:latest(?:$|[\s#])/.test(trimmed)) return `${label} must not use :latest (${trimmed})`;
-  if (!ASKEXE_GHCR_IMAGE.test(trimmed)) return `${label} must be pinned with an explicit tag or sha256 digest from ghcr.io/askexe or registry.askexe.com/askexe, got ${trimmed}`;
+  if (!ASKEXE_GHCR_IMAGE.test(trimmed)) return `${label} must be pinned with an explicit tag or sha256 digest from ghcr.io/askexe or update.askexe.com/askexe, got ${trimmed}`;
   return null;
 }
 function validateComposeImageLiteral(image, label) {
   const trimmed = image.trim().replace(/^['"]|['"]$/g, "");
   if (!trimmed) return `${label} is empty`;
-  if (trimmed.startsWith("ghcr.io/askexe/") || trimmed.startsWith("registry.askexe.com/askexe/")) return validatePinnedGhcrImage(trimmed, label);
+  if (trimmed.startsWith("ghcr.io/askexe/") || trimmed.startsWith("update.askexe.com/askexe/")) return validatePinnedGhcrImage(trimmed, label);
   if (/^(postgres|pgvector\/pgvector|clickhouse\/clickhouse-server|redis|nginx|postgrest\/postgrest|supabase\/gotrue):[^:]+$/i.test(trimmed)) return null;
-  return `${label} uses unsupported non-AskExe image ${trimmed}; customer app images must come from pinned ghcr.io/askexe images`;
+  return `${label} uses unsupported non-AskExe image ${trimmed}; customer app images must come from pinned update.askexe.com/askexe or ghcr.io/askexe images`;
 }
 function collectProductionDeployGateIssues(plan, envRaw, composeRaw) {
   const issues = [];
@@ -209,7 +209,7 @@ function assertProductionDeployGate(plan, envRaw, composeRaw, options = {}) {
   }
   const details = issues.map((issue) => `- [${issue.kind}] ${issue.message}`).join("\n");
   throw new Error(
-    `Production deploy gate failed. Exe OS deploys must use pinned ghcr.io/askexe or registry.askexe.com/askexe images and must not build from source on the VPS.
+    `Production deploy gate failed. Exe OS deploys must use pinned ghcr.io/askexe or update.askexe.com/askexe images and must not build from source on the VPS.
 ${details}
 Emergency override requires --break-glass <reason> and writes an audit file.`
   );
@@ -628,7 +628,7 @@ async function runStackUpdate(options) {
         const password = rest.join(":");
         if (username && password) {
           const sampleImage = Object.values(plan.release.services)[0]?.image ?? "";
-          const registry = sampleImage.startsWith("update.askexe.com") ? "update.askexe.com" : sampleImage.startsWith("registry.askexe.com") ? "registry.askexe.com" : "ghcr.io";
+          const registry = sampleImage.startsWith("update.askexe.com") ? "update.askexe.com" : "ghcr.io";
           creds = { registry, username, password };
           console.log(`[stack-update] Using manual registry credentials for ${registry}.`);
         }

package/dist/{daemon-orchestration-MLB3WJHB.js → daemon-orchestration-ZBSS6VZR.js}

@@ -48,7 +48,7 @@ import {
   shouldKillIdleSession,
   shouldKillSession,
   shouldNudgeEmployee
-} from "./chunk-OK5U45GK.js";
+} from "./chunk-62DAMAFL.js";
 import "./chunk-WRCETUYE.js";
 import "./chunk-5RT7IBY4.js";
 import "./chunk-WP6P3LSI.js";

package/dist/hooks/session-end.js

@@ -215,12 +215,6 @@ Orphaned tasks at session end: ${orphanResult.rows.map((r) => `"${String(r.title
               `[session-end] WARNING: ${agent.agentId} ended with ${inProgress.length} in_progress task(s): ${titles}
 `
             );
-            let commits = [];
-            try {
-              const { getRecentCommits } = await import("../git-task-sweep-GPPNL2DK.js");
-              commits = getRecentCommits(30);
-            } catch {
-            }
             const autoClosed = [];
             const leftInProgress = [];
             for (const row of inProgress) {