npm - @askexenow/exe-os - Versions diffs - 0.9.196 → 0.9.198 - Mend

@askexenow/exe-os 0.9.196 → 0.9.198

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/deploy/compose/docker-compose.yml +42 -2
package/deploy/stack-manifests/v0.9.json +56 -56
package/dist/bin/registry-proxy.js +2 -2
package/dist/bin/stack-update.js +1 -1
package/dist/bin/vps-health-gate.js +1 -1
package/dist/{chunk-OK5U45GK.js → chunk-62DAMAFL.js} +45 -0
package/dist/{chunk-2OX3F2UQ.js → chunk-CHZMPZJ3.js} +1 -1
package/dist/{chunk-MJYXPMPW.js → chunk-M7NGABPF.js} +7 -7
package/dist/{daemon-orchestration-MLB3WJHB.js → daemon-orchestration-ZBSS6VZR.js} +1 -1
package/dist/hooks/session-end.js +0 -6
package/dist/lib/exe-daemon.js +66 -63
package/dist/mcp/register-tools.js +2 -2
package/dist/mcp/server.js +2 -2
package/dist/{stack-update-ODIHZZCZ.js → stack-update-C4BAPLXJ.js} +1 -1
package/package.json +1 -1
package/release-notes.json +301 -310

package/release-notes.json CHANGED Viewed

@@ -1,6 +1,306 @@
 {
-  "current": "0.9.162",
+  "current": "0.9.198",
   "notes": {
+    "0.9.198": {
+      "version": "0.9.198",
+      "date": "2026-06-02",
+      "features": [
+        "consolidate registry.askexe.com → update.askexe.com as primary registry (#51)",
+        "nginx /v2/ route for Docker registry proxy on update.askexe.com",
+        "consolidate registry into update.askexe.com — license key = pull auth",
+        "scale daemon heap to 25% of system RAM, support 10+ coordinators",
+        "add query expansion + benchmark results to retrieval platform procedure",
+        "3-mode BEAM benchmark — FTS vs FTS+Graph vs Hybrid",
+        "wire update.askexe.com — billing schema + non-fatal image credentials",
+        "add 'never defer' platform procedure — fix it now or assign it now",
+        "BEAM multi-tier support — 100K, 1M, 10M token scales",
+        "MemoryAgentBench harness — ICLR 2026 benchmark",
+        "support outbox flusher + list_tasks null fix + doctor outbox status",
+        "bug report outbox flusher — reports reach AskExe even when daemon is dead",
+        "add daily-summary CLI entry point + enable tsup build",
+        "add daemon observability platform procedure",
+        "add retrieval architecture platform procedure for 8-16GB machines",
+        "graceful shutdown warning via intercom 90s before idle kill",
+        "upload pre-update snapshot to R2 before every stack-update",
+        "encrypted daily VPS backups with R2 cloud upload",
+        "conversation history import — parser + MCP tool + CLI",
+        "add vps-backup + vps-health-gate scripts with stack-update integration",
+        "add update_bug_report + update_feature_request MCP tools",
+        "VPS guardrails — Postgres backup cron + post-deploy health gate",
+        "co-occurrence edges + graph backfill script",
+        "write-time entity/relationship extraction from memory text",
+        "parallel retrieval (FTS+graph+embed) with _source attribution"
+      ],
+      "fixes": [
+        "zombie agent reaper never kills coordinator/exe session processes",
+        "typecheck errors blocking publish — async embed alert + dead code cleanup",
+        "session TTL uses registry registeredAt instead of tmux session_created",
+        "CRM auth defaults + benchmark beam.ts updates",
+        "enable GoTrue email auth by default in setup template",
+        "intercom signal path in packaged source — ships to customers on npm install",
+        "intercom signal path + registry consolidated to update.askexe.com",
+        "4 customer P2 bugs — CLI passthrough + agent casing + clipboard (#50)",
+        "MCP pressure eviction evicts ONE session, not all",
+        "GHCR registry escape hatch + feature request 400 payload fix",
+        "WS client graceful failure on CF 1101 + capped backoff",
+        "3 of 4 customer P2 bugs — CLI passthrough + agent casing + clipboard",
+        "remove auto-close on session end (source persisted this time)",
+        "parallel Tom isolation — task-scoped branches + multi-instance task lookup",
+        "downgrade multi-coordinator hard-fail to warning",
+        "daemon RSS reconnect + review push notify + hot_entities timestamp",
+        "HYGO stack-update blockers — volume regex + memory_audit --fix",
+        "spawn CWD cross-project contamination + identity load ordering",
+        "MCP hot-reload checks agent context for COO role, not just env var",
+        "eliminate cross-session dispatch bug in create_task",
+        "bug/feature report upstream updates — PATCH→POST with action field",
+        "strip stale X-Exe-Session from global config + guard against re-adding",
+        "BEAM CLaRa — direct JSON response instead of tool_use, bump max_tokens",
+        "BEAM CLaRa benchmark — correct endpoint + configurable model",
+        "MCP session dedup false positive + BEAM CLaRa benchmark mode"
+      ],
+      "security": [
+        "fix shell injection, SSRF, socket leaks, backup validation",
+        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
+        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
+        "validate X-Agent-Role against roster — prevent privilege escalation",
+        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
+        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
+        "pin GitHub Actions to SHAs, update jose to 6.2.3",
+        "harden support intake against abuse and data leakage",
+        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
+        "audit: pre-hygo exe-gateway security report",
+        "add SECURITY.md — trust document for pre-install security evaluation",
+        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+      ],
+      "other": [
+        "bump to 0.9.198 — coordinator reaper guard",
+        "bump to 0.9.197 — TTL fix + registry consolidation + TS fixes",
+        "update all manifest images to update.askexe.com + compose + beam tuning",
+        "bump to 0.9.196",
+        "bump to 0.9.195",
+        "bump to 0.9.194",
+        "bump to 0.9.193",
+        "bump to 0.9.192",
+        "bump to 0.9.191",
+        "bump to 0.9.189",
+        "bump to 0.9.188 — HYGO stack-update blockers fixed",
+        "bump to 0.9.187",
+        "bump to 0.9.186 — cross-session dispatch fix",
+        "release: bump exe-os image to v0.9.185 in stack manifest",
+        "bump to 0.9.185",
+        "bump to 0.9.184",
+        "bump to 0.9.183",
+        "bump to 0.9.181 — BEAM 3-mode + query expansion",
+        "bump to 0.9.180 — complete worktree isolation",
+        "bump to 0.9.179",
+        "bump to 0.9.178 — Bob's null fixes merged",
+        "bump to 0.9.177",
+        "bump to 0.9.176",
+        "bump to 0.9.175",
+        "bump to 0.9.174 — Bob's daemon hardening merged"
+      ],
+      "migration_notes": []
+    },
+    "0.9.197": {
+      "version": "0.9.197",
+      "date": "2026-06-02",
+      "features": [
+        "consolidate registry.askexe.com → update.askexe.com as primary registry (#51)",
+        "nginx /v2/ route for Docker registry proxy on update.askexe.com",
+        "consolidate registry into update.askexe.com — license key = pull auth",
+        "scale daemon heap to 25% of system RAM, support 10+ coordinators",
+        "add query expansion + benchmark results to retrieval platform procedure",
+        "3-mode BEAM benchmark — FTS vs FTS+Graph vs Hybrid",
+        "wire update.askexe.com — billing schema + non-fatal image credentials",
+        "add 'never defer' platform procedure — fix it now or assign it now",
+        "BEAM multi-tier support — 100K, 1M, 10M token scales",
+        "MemoryAgentBench harness — ICLR 2026 benchmark",
+        "support outbox flusher + list_tasks null fix + doctor outbox status",
+        "bug report outbox flusher — reports reach AskExe even when daemon is dead",
+        "add daily-summary CLI entry point + enable tsup build",
+        "add daemon observability platform procedure",
+        "add retrieval architecture platform procedure for 8-16GB machines",
+        "graceful shutdown warning via intercom 90s before idle kill",
+        "upload pre-update snapshot to R2 before every stack-update",
+        "encrypted daily VPS backups with R2 cloud upload",
+        "conversation history import — parser + MCP tool + CLI",
+        "add vps-backup + vps-health-gate scripts with stack-update integration",
+        "add update_bug_report + update_feature_request MCP tools",
+        "VPS guardrails — Postgres backup cron + post-deploy health gate",
+        "co-occurrence edges + graph backfill script",
+        "write-time entity/relationship extraction from memory text",
+        "parallel retrieval (FTS+graph+embed) with _source attribution"
+      ],
+      "fixes": [
+        "typecheck errors blocking publish — async embed alert + dead code cleanup",
+        "session TTL uses registry registeredAt instead of tmux session_created",
+        "CRM auth defaults + benchmark beam.ts updates",
+        "enable GoTrue email auth by default in setup template",
+        "intercom signal path in packaged source — ships to customers on npm install",
+        "intercom signal path + registry consolidated to update.askexe.com",
+        "4 customer P2 bugs — CLI passthrough + agent casing + clipboard (#50)",
+        "MCP pressure eviction evicts ONE session, not all",
+        "GHCR registry escape hatch + feature request 400 payload fix",
+        "WS client graceful failure on CF 1101 + capped backoff",
+        "3 of 4 customer P2 bugs — CLI passthrough + agent casing + clipboard",
+        "remove auto-close on session end (source persisted this time)",
+        "parallel Tom isolation — task-scoped branches + multi-instance task lookup",
+        "downgrade multi-coordinator hard-fail to warning",
+        "daemon RSS reconnect + review push notify + hot_entities timestamp",
+        "HYGO stack-update blockers — volume regex + memory_audit --fix",
+        "spawn CWD cross-project contamination + identity load ordering",
+        "MCP hot-reload checks agent context for COO role, not just env var",
+        "eliminate cross-session dispatch bug in create_task",
+        "bug/feature report upstream updates — PATCH→POST with action field",
+        "strip stale X-Exe-Session from global config + guard against re-adding",
+        "BEAM CLaRa — direct JSON response instead of tool_use, bump max_tokens",
+        "BEAM CLaRa benchmark — correct endpoint + configurable model",
+        "MCP session dedup false positive + BEAM CLaRa benchmark mode",
+        "prevent false-positive duplicate eviction for multi-coordinator sessions"
+      ],
+      "security": [
+        "fix shell injection, SSRF, socket leaks, backup validation",
+        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
+        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
+        "validate X-Agent-Role against roster — prevent privilege escalation",
+        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
+        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
+        "pin GitHub Actions to SHAs, update jose to 6.2.3",
+        "harden support intake against abuse and data leakage",
+        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
+        "audit: pre-hygo exe-gateway security report",
+        "add SECURITY.md — trust document for pre-install security evaluation",
+        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+      ],
+      "other": [
+        "bump to 0.9.197 — TTL fix + registry consolidation + TS fixes",
+        "update all manifest images to update.askexe.com + compose + beam tuning",
+        "bump to 0.9.196",
+        "bump to 0.9.195",
+        "bump to 0.9.194",
+        "bump to 0.9.193",
+        "bump to 0.9.192",
+        "bump to 0.9.191",
+        "bump to 0.9.189",
+        "bump to 0.9.188 — HYGO stack-update blockers fixed",
+        "bump to 0.9.187",
+        "bump to 0.9.186 — cross-session dispatch fix",
+        "release: bump exe-os image to v0.9.185 in stack manifest",
+        "bump to 0.9.185",
+        "bump to 0.9.184",
+        "bump to 0.9.183",
+        "bump to 0.9.181 — BEAM 3-mode + query expansion",
+        "bump to 0.9.180 — complete worktree isolation",
+        "bump to 0.9.179",
+        "bump to 0.9.178 — Bob's null fixes merged",
+        "bump to 0.9.177",
+        "bump to 0.9.176",
+        "bump to 0.9.175",
+        "bump to 0.9.174 — Bob's daemon hardening merged",
+        "bump to 0.9.173"
+      ],
+      "migration_notes": []
+    },
+    "0.9.196": {
+      "version": "0.9.196",
+      "date": "2026-06-02",
+      "features": [
+        "consolidate registry.askexe.com → update.askexe.com as primary registry (#51)",
+        "nginx /v2/ route for Docker registry proxy on update.askexe.com",
+        "consolidate registry into update.askexe.com — license key = pull auth",
+        "scale daemon heap to 25% of system RAM, support 10+ coordinators",
+        "add query expansion + benchmark results to retrieval platform procedure",
+        "3-mode BEAM benchmark — FTS vs FTS+Graph vs Hybrid",
+        "wire update.askexe.com — billing schema + non-fatal image credentials",
+        "add 'never defer' platform procedure — fix it now or assign it now",
+        "BEAM multi-tier support — 100K, 1M, 10M token scales",
+        "MemoryAgentBench harness — ICLR 2026 benchmark",
+        "support outbox flusher + list_tasks null fix + doctor outbox status",
+        "bug report outbox flusher — reports reach AskExe even when daemon is dead",
+        "add daily-summary CLI entry point + enable tsup build",
+        "add daemon observability platform procedure",
+        "add retrieval architecture platform procedure for 8-16GB machines",
+        "graceful shutdown warning via intercom 90s before idle kill",
+        "upload pre-update snapshot to R2 before every stack-update",
+        "encrypted daily VPS backups with R2 cloud upload",
+        "conversation history import — parser + MCP tool + CLI",
+        "add vps-backup + vps-health-gate scripts with stack-update integration",
+        "add update_bug_report + update_feature_request MCP tools",
+        "VPS guardrails — Postgres backup cron + post-deploy health gate",
+        "co-occurrence edges + graph backfill script",
+        "write-time entity/relationship extraction from memory text",
+        "parallel retrieval (FTS+graph+embed) with _source attribution"
+      ],
+      "fixes": [
+        "typecheck errors blocking publish — async embed alert + dead code cleanup",
+        "session TTL uses registry registeredAt instead of tmux session_created",
+        "CRM auth defaults + benchmark beam.ts updates",
+        "enable GoTrue email auth by default in setup template",
+        "intercom signal path in packaged source — ships to customers on npm install",
+        "intercom signal path + registry consolidated to update.askexe.com",
+        "4 customer P2 bugs — CLI passthrough + agent casing + clipboard (#50)",
+        "MCP pressure eviction evicts ONE session, not all",
+        "GHCR registry escape hatch + feature request 400 payload fix",
+        "WS client graceful failure on CF 1101 + capped backoff",
+        "3 of 4 customer P2 bugs — CLI passthrough + agent casing + clipboard",
+        "remove auto-close on session end (source persisted this time)",
+        "parallel Tom isolation — task-scoped branches + multi-instance task lookup",
+        "downgrade multi-coordinator hard-fail to warning",
+        "daemon RSS reconnect + review push notify + hot_entities timestamp",
+        "HYGO stack-update blockers — volume regex + memory_audit --fix",
+        "spawn CWD cross-project contamination + identity load ordering",
+        "MCP hot-reload checks agent context for COO role, not just env var",
+        "eliminate cross-session dispatch bug in create_task",
+        "bug/feature report upstream updates — PATCH→POST with action field",
+        "strip stale X-Exe-Session from global config + guard against re-adding",
+        "BEAM CLaRa — direct JSON response instead of tool_use, bump max_tokens",
+        "BEAM CLaRa benchmark — correct endpoint + configurable model",
+        "MCP session dedup false positive + BEAM CLaRa benchmark mode",
+        "prevent false-positive duplicate eviction for multi-coordinator sessions"
+      ],
+      "security": [
+        "fix shell injection, SSRF, socket leaks, backup validation",
+        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
+        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
+        "validate X-Agent-Role against roster — prevent privilege escalation",
+        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
+        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
+        "pin GitHub Actions to SHAs, update jose to 6.2.3",
+        "harden support intake against abuse and data leakage",
+        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
+        "audit: pre-hygo exe-gateway security report",
+        "add SECURITY.md — trust document for pre-install security evaluation",
+        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+      ],
+      "other": [
+        "update all manifest images to update.askexe.com + compose + beam tuning",
+        "bump to 0.9.196",
+        "bump to 0.9.195",
+        "bump to 0.9.194",
+        "bump to 0.9.193",
+        "bump to 0.9.192",
+        "bump to 0.9.191",
+        "bump to 0.9.189",
+        "bump to 0.9.188 — HYGO stack-update blockers fixed",
+        "bump to 0.9.187",
+        "bump to 0.9.186 — cross-session dispatch fix",
+        "release: bump exe-os image to v0.9.185 in stack manifest",
+        "bump to 0.9.185",
+        "bump to 0.9.184",
+        "bump to 0.9.183",
+        "bump to 0.9.181 — BEAM 3-mode + query expansion",
+        "bump to 0.9.180 — complete worktree isolation",
+        "bump to 0.9.179",
+        "bump to 0.9.178 — Bob's null fixes merged",
+        "bump to 0.9.177",
+        "bump to 0.9.176",
+        "bump to 0.9.175",
+        "bump to 0.9.174 — Bob's daemon hardening merged",
+        "bump to 0.9.173",
+        "bump to 0.9.172"
+      ],
+      "migration_notes": []
+    },
     "0.9.162": {
       "version": "0.9.162",
       "date": "2026-06-02",
@@ -206,315 +506,6 @@
         "If daemon goes down, agents will now fail instead of silently",
         "exe-daemon.ts kills old embed.pid process and cleans up"
       ]
-    },
-    "0.9.159": {
-      "version": "0.9.159",
-      "date": "2026-05-29",
-      "features": [
-        "verify-stack post-deploy checks — 8 runtime validations",
-        "preflight deploy gate + filtered schema + gateway graceful degradation",
-        "harden /exe-afk as primary monitoring tool, deprecate /loop for orchestration",
-        "add --judge-model flag to LoCoMo harness",
-        "dashboard.askexe.com — customer credits dashboard (backend + frontend)",
-        "config persistence contract — document + enforce what survives stack updates",
-        "add persona depth to identity — tone, vocabulary, response_style, communication_patterns",
-        "4 BEAM improvements — o4-mini judge, entity expansion, temporal prompts, contradiction detection",
-        "DMR 100% + BEAM 35% — full results with Claude Sonnet judge",
-        "session_scope read paths — search filter + backfill + tests",
-        "add session_scope filtering to memory read paths + MCP tools + backfill",
-        "classify prompt memories as conversation type + enrich session-end captures",
-        "add session_scope column to memories table — schema migration + all write paths",
-        "fix Codex integration + add --codex to all 4 harnesses",
-        "add checkpoint/resume support for long LoCoMo runs",
-        "add Codex GPT-5.5 judge, pre-embedding, expanded retrieval, production prompts",
-        "stack manifest 0.9.10 — all new images for customer deployment",
-        "update safety + portable backups + restore",
-        "complete deployment readiness — all 14 second-pass blind spots fixed",
-        "production-ready stack — all 15 blind spots fixed",
-        "blocked task notification — ping dispatcher immediately on status change",
-        "self-improving skills — usage tracking, success counting, and refinement daemon",
-        "4 retrieval improvements — query expansion, stop words, contradiction resolution, abstention",
-        "competitive roadmap — serverless tier, identity depth, self-improving skills, user modeling",
-        "run database migrations before container swap in stack-update"
-      ],
-      "fixes": [
-        "cloud sync NOT NULL resilience — sqlSafeRequired() defaults + per-record error handling, skip bad rows instead of retry storm",
-        "auto-close temporal guard — reject commits older than task creation date, raise threshold 0.6→0.8",
-        "session_scope fallback — listTasks returns unscoped results when scoped query finds 0 after daemon restart",
-        "orphan task file cleanup safety — 24h threshold (was 1h) + ID-based fallback before deleting",
-        "blocked task escalation — writeNotification to COO when auto-wake fails 3x and marks task blocked",
-        "daemon memory cascade — prevent duplicate daemons, reap orphan hooks, cap heap",
-        "auto-inject timeout on tmux capture-pane to prevent session freeze",
-        "auto-wake crash loop — filter boot memories + circuit breaker",
-        "Codex numbered instances use baseAgentName for identity resolution",
-        "auto-chain project scope + writeNotification on needs_review",
-        "persist WhatsApp auth in Docker volume — prevent data loss on update",
-        "wake idle codex sessions on pending tasks",
-        "fix daemon MCP session heap leak",
-        "include typescript as runtime dependency",
-        "remove direct Postgres license validation — CF Worker is the only path",
-        "gateway stop_grace_period 45s — prevent SIGKILL during message drain",
-        "filter person names from FTS queries to prevent speaker-prefix pollution",
-        "DMR retrieval 20% → 100% — stop words, name filtering, speaker fix",
-        "kill idle Codex/OpenCode sessions instead of sending intercom — enables auto-wake respawn",
-        "suppress daemon auto-reconnect noise — only log after attempt 2+",
-        "remove E2EE from bug reports — support intake must be readable server-side",
-        "support API — verified encrypted bug reports work (HTTP 201)",
-        "support API accepts encrypted bug reports — prevents HTTP 400",
-        "Codex agents recheck tasks before stopping — prevents idle-with-open-tasks",
-        "P0 #13 session_scope in cleanup SELECT + P0 #6 wire review signal files"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
-      ],
-      "other": [
-        "bump v0.9.159 — daemon memory cascade fix + session_scope + benchmarks",
-        "arch: customer onboarding automation — exe-os deploy-customer command",
-        "arch: Fleet Operations Roadmap — 8 phases for production safety at scale",
-        "arch: add filtered table pipeline + pre-flight deploy system to roadmap",
-        "add EXE-OS-STACK.md — complete 6-repo deployment map",
-        "cache tmux session (5 calls → 1) + offset daemon timers",
-        "cut agent boot from 4min to <30s — merge Bash blocks + parallel DB queries",
-        "rename memory schema → graph across codebase",
-        "unified access control — admin token + GoTrue across all services",
-        "capture data pipeline spec — raw → filter → wiki + CRM projection",
-        "bump to v0.9.149 — task lifecycle simplification + review notification fix",
-        "capture gateway connection observability requirements (2026-05-28)",
-        "bump to v0.9.146 for publish",
-        "Windows support architecture — WezTerm + WSL decision (2026-05-27)",
-        "Merge branch 'tom4-work' — device-scoped behaviors + push-notification fix",
-        "bump to v0.9.145 for publish",
-        "revert: keep workflow files unchanged — GitHub OAuth blocks workflow scope",
-        "stage remaining Yoshi fixes — features + bug cleanup",
-        "add tests for daemon restart orchestrator module",
-        "publish v0.9.144 — ESM require() fix + reliable task signals + OAuth 2.1",
-        "add MCP tool tests for message, cloud-sync, and file-copy",
-        "add coverage for send_message, cloud_sync, file_copy MCP tools (Track A)",
-        "Recover MCP sessions after daemon restart",
-        "publish v0.9.143 — all fixes live",
-        "publish v0.9.142"
-      ],
-      "migration_notes": [
-        "If daemon goes down, agents will now fail instead of silently",
-        "exe-daemon.ts kills old embed.pid process and cleans up"
-      ]
-    },
-    "0.9.158": {
-      "version": "0.9.158",
-      "date": "2026-05-28",
-      "features": [
-        "stack manifest 0.9.10 — all new images for customer deployment",
-        "update safety + portable backups + restore",
-        "complete deployment readiness — all 14 second-pass blind spots fixed",
-        "production-ready stack — all 15 blind spots fixed",
-        "blocked task notification — ping dispatcher immediately on status change",
-        "self-improving skills — usage tracking, success counting, and refinement daemon",
-        "4 retrieval improvements — query expansion, stop words, contradiction resolution, abstention",
-        "competitive roadmap — serverless tier, identity depth, self-improving skills, user modeling",
-        "run database migrations before container swap in stack-update",
-        "graph auto-extract from ARCHITECTURE.md — regex-based entity/relationship extraction",
-        "migrate cloud.askexe.com → api.askexe.com as canonical endpoint",
-        "federated recall — code_context + graph fallback when memory results weak",
-        "migrate cloud.askexe.com → api.askexe.com across all src/ defaults",
-        "rolling restart in stack-update — one service at a time with health verification",
-        "DMR benchmark harness + LoCoMo improvements for v0.9.145 evaluation",
-        "Windows/WSL support — WezTerm config + WSL detection in setup wizard",
-        "queryTaskRows() consolidation — single scoped query path for all task list operations",
-        "review signal files — reliable reviewer notification on update_task(done)",
-        "Ghostty-native notifications via OSC 9 — no more Script Editor popup",
-        "device-scoped behaviors — device_id column + filter in loading",
-        "dispatch reliability — 45s boot timeout, dispatch ack signals, agent heartbeat",
-        "setup wizard headless mode + daemon health check after restart",
-        "device-scoped behaviors — add device_id column + filter on load",
-        "gateway prompt injection defense — 3-tier security hardening",
-        "add diagnostics(action=\"merge_agent_memories\") for reassigning memories across agent IDs"
-      ],
-      "fixes": [
-        "support API — verified encrypted bug reports work (HTTP 201)",
-        "support API accepts encrypted bug reports — prevents HTTP 400",
-        "Codex agents recheck tasks before stopping — prevents idle-with-open-tasks",
-        "P0 #13 session_scope in cleanup SELECT + P0 #6 wire review signal files",
-        "add scope import to prompt-submit — gate pass",
-        "add writeFileSync import to config.ts",
-        "persist cloud endpoint migration to config.json — stop logging on every boot",
-        "include memory_type in pushToPostgres metadata — was stripped on sync",
-        "add scope import to daemon-orchestration — satisfies customer-readiness gate",
-        "skill-refinement.ts — correct writeMemory field names + updateIdentity 3rd arg",
-        "make skill lifecycle fields optional on Behavior interface — unblocks publish",
-        "session isolation for tmux kill — block cross-scope session kills",
-        "session-scope daemon, push, capacity, and cleanup (P0 #7-#13)",
-        "add memory_type to crdt-sync MemoryRecord interface — unblocks publish",
-        "session-scope daemon, push, capacity, cleanup (P0 #7-#9, #13)",
-        "include memory_type in cloud sync push/pull + fix backfill re-sync",
-        "session-scope signal file system — prevent cross-session task/review bleed",
-        "session-scope notification routing — use row.session_scope over ambient",
-        "daemon NEVER guesses session from tmux — header-only routing",
-        "3 daemon bugs — context-full TTL override, API watchdog kill-after-3, idle-kill verify",
-        "federated recall always searches code_context + graph — count threshold was useless",
-        "make cross-repo guardrail task-aware — allow multi-repo work when task scope permits",
-        "ONE postgres — replace crm-postgres with exe-db across entire stack",
-        "smart session-scoping gate + last boot cleanup leak + triage_bug docs",
-        "add shipped_version to support triage + clean platform procedures"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
-      ],
-      "other": [
-        "rename memory schema → graph across codebase",
-        "unified access control — admin token + GoTrue across all services",
-        "capture data pipeline spec — raw → filter → wiki + CRM projection",
-        "bump to v0.9.149 — task lifecycle simplification + review notification fix",
-        "capture gateway connection observability requirements (2026-05-28)",
-        "bump to v0.9.146 for publish",
-        "Windows support architecture — WezTerm + WSL decision (2026-05-27)",
-        "Merge branch 'tom4-work' — device-scoped behaviors + push-notification fix",
-        "bump to v0.9.145 for publish",
-        "revert: keep workflow files unchanged — GitHub OAuth blocks workflow scope",
-        "stage remaining Yoshi fixes — features + bug cleanup",
-        "add tests for daemon restart orchestrator module",
-        "publish v0.9.144 — ESM require() fix + reliable task signals + OAuth 2.1",
-        "add MCP tool tests for message, cloud-sync, and file-copy",
-        "add coverage for send_message, cloud_sync, file_copy MCP tools (Track A)",
-        "Recover MCP sessions after daemon restart",
-        "publish v0.9.143 — all fixes live",
-        "publish v0.9.142",
-        "publish v0.9.141",
-        "ops: journalctl rotation + certbot expiry alerting",
-        "revert: daemon heap back to 33% of RAM — no artificial cap",
-        "v0.9.140 publish + heap cap 4GB (was 33% unbounded)",
-        "PG-1 cross-repo entity federation design document",
-        "add lint step + automated npm publish workflow",
-        "audit: scoped SQL + package budget + TUI vendored + TODO classification"
-      ],
-      "migration_notes": [
-        "If daemon goes down, agents will now fail instead of silently",
-        "exe-daemon.ts kills old embed.pid process and cleans up"
-      ]
-    },
-    "0.9.157": {
-      "version": "0.9.157",
-      "date": "2026-05-28",
-      "features": [
-        "update safety + portable backups + restore",
-        "complete deployment readiness — all 14 second-pass blind spots fixed",
-        "production-ready stack — all 15 blind spots fixed",
-        "blocked task notification — ping dispatcher immediately on status change",
-        "self-improving skills — usage tracking, success counting, and refinement daemon",
-        "4 retrieval improvements — query expansion, stop words, contradiction resolution, abstention",
-        "competitive roadmap — serverless tier, identity depth, self-improving skills, user modeling",
-        "run database migrations before container swap in stack-update",
-        "graph auto-extract from ARCHITECTURE.md — regex-based entity/relationship extraction",
-        "migrate cloud.askexe.com → api.askexe.com as canonical endpoint",
-        "federated recall — code_context + graph fallback when memory results weak",
-        "migrate cloud.askexe.com → api.askexe.com across all src/ defaults",
-        "rolling restart in stack-update — one service at a time with health verification",
-        "DMR benchmark harness + LoCoMo improvements for v0.9.145 evaluation",
-        "Windows/WSL support — WezTerm config + WSL detection in setup wizard",
-        "queryTaskRows() consolidation — single scoped query path for all task list operations",
-        "review signal files — reliable reviewer notification on update_task(done)",
-        "Ghostty-native notifications via OSC 9 — no more Script Editor popup",
-        "device-scoped behaviors — device_id column + filter in loading",
-        "dispatch reliability — 45s boot timeout, dispatch ack signals, agent heartbeat",
-        "setup wizard headless mode + daemon health check after restart",
-        "device-scoped behaviors — add device_id column + filter on load",
-        "gateway prompt injection defense — 3-tier security hardening",
-        "add diagnostics(action=\"merge_agent_memories\") for reassigning memories across agent IDs",
-        "add task dependency tree visualization (action=dependency_tree)"
-      ],
-      "fixes": [
-        "add scope import to prompt-submit — gate pass",
-        "add writeFileSync import to config.ts",
-        "persist cloud endpoint migration to config.json — stop logging on every boot",
-        "include memory_type in pushToPostgres metadata — was stripped on sync",
-        "add scope import to daemon-orchestration — satisfies customer-readiness gate",
-        "skill-refinement.ts — correct writeMemory field names + updateIdentity 3rd arg",
-        "make skill lifecycle fields optional on Behavior interface — unblocks publish",
-        "session isolation for tmux kill — block cross-scope session kills",
-        "session-scope daemon, push, capacity, and cleanup (P0 #7-#13)",
-        "add memory_type to crdt-sync MemoryRecord interface — unblocks publish",
-        "session-scope daemon, push, capacity, cleanup (P0 #7-#9, #13)",
-        "include memory_type in cloud sync push/pull + fix backfill re-sync",
-        "session-scope signal file system — prevent cross-session task/review bleed",
-        "session-scope notification routing — use row.session_scope over ambient",
-        "daemon NEVER guesses session from tmux — header-only routing",
-        "3 daemon bugs — context-full TTL override, API watchdog kill-after-3, idle-kill verify",
-        "federated recall always searches code_context + graph — count threshold was useless",
-        "make cross-repo guardrail task-aware — allow multi-repo work when task scope permits",
-        "ONE postgres — replace crm-postgres with exe-db across entire stack",
-        "smart session-scoping gate + last boot cleanup leak + triage_bug docs",
-        "add shipped_version to support triage + clean platform procedures",
-        "close remaining session-scoping findings from Bob's audit",
-        "close 3 more session-scoping leaks from Bob's audit (LEAK-4, LEAK-7, LEAK-8)",
-        "diagnostics check_update ENOENT + healthcheck timeout",
-        "close 8 session-scoping leaks — daemon ALS trust + review cleanup + close-task + inbox"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
-      ],
-      "other": [
-        "rename memory schema → graph across codebase",
-        "unified access control — admin token + GoTrue across all services",
-        "capture data pipeline spec — raw → filter → wiki + CRM projection",
-        "bump to v0.9.149 — task lifecycle simplification + review notification fix",
-        "capture gateway connection observability requirements (2026-05-28)",
-        "bump to v0.9.146 for publish",
-        "Windows support architecture — WezTerm + WSL decision (2026-05-27)",
-        "Merge branch 'tom4-work' — device-scoped behaviors + push-notification fix",
-        "bump to v0.9.145 for publish",
-        "revert: keep workflow files unchanged — GitHub OAuth blocks workflow scope",
-        "stage remaining Yoshi fixes — features + bug cleanup",
-        "add tests for daemon restart orchestrator module",
-        "publish v0.9.144 — ESM require() fix + reliable task signals + OAuth 2.1",
-        "add MCP tool tests for message, cloud-sync, and file-copy",
-        "add coverage for send_message, cloud_sync, file_copy MCP tools (Track A)",
-        "Recover MCP sessions after daemon restart",
-        "publish v0.9.143 — all fixes live",
-        "publish v0.9.142",
-        "publish v0.9.141",
-        "ops: journalctl rotation + certbot expiry alerting",
-        "revert: daemon heap back to 33% of RAM — no artificial cap",
-        "v0.9.140 publish + heap cap 4GB (was 33% unbounded)",
-        "PG-1 cross-repo entity federation design document",
-        "add lint step + automated npm publish workflow",
-        "audit: scoped SQL + package budget + TUI vendored + TODO classification"
-      ],
-      "migration_notes": [
-        "If daemon goes down, agents will now fail instead of silently",
-        "exe-daemon.ts kills old embed.pid process and cleans up"
-      ]
     }
   }
 }