@askexenow/exe-os 0.9.197 → 0.9.199

package/dist/browser-session-store-TSD4PCY7.js

@@ -0,0 +1,232 @@
+import {
+  enforcePrivateFileSync,
+  ensurePrivateDirSync
+} from "./chunk-LYH5HE24.js";
+import "./chunk-MLKGABMK.js";
+
+// src/lib/browser-session-store.ts
+import crypto from "crypto";
+import path from "path";
+import os from "os";
+import {
+  existsSync,
+  readFileSync,
+  writeFileSync,
+  unlinkSync,
+  readdirSync,
+  statSync
+} from "fs";
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 12;
+var TAG_LENGTH = 16;
+var HKDF_INFO = "exe-browser-cookies-v1";
+var DEFAULT_TTL_MS = 30 * 60 * 1e3;
+var _jarCache = /* @__PURE__ */ new Map();
+var _cookieKey = null;
+function initCookieCrypto(masterKey) {
+  if (masterKey.length !== 32) {
+    throw new Error(`Master key must be 32 bytes, got ${masterKey.length}`);
+  }
+  _cookieKey = Buffer.from(
+    crypto.hkdfSync("sha256", masterKey, "", HKDF_INFO, 32)
+  );
+}
+function isCookieCryptoInitialized() {
+  return _cookieKey !== null;
+}
+function encrypt(data) {
+  if (!_cookieKey) {
+    return "plain:" + Buffer.from(data, "utf-8").toString("base64");
+  }
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const cipher = crypto.createCipheriv(ALGORITHM, _cookieKey, iv);
+  const encrypted = Buffer.concat([
+    cipher.update(Buffer.from(data, "utf-8")),
+    cipher.final()
+  ]);
+  const tag = cipher.getAuthTag();
+  return "enc:" + Buffer.concat([iv, encrypted, tag]).toString("base64");
+}
+function decrypt(ciphertext) {
+  if (ciphertext.startsWith("plain:")) {
+    return Buffer.from(ciphertext.slice(6), "base64").toString("utf-8");
+  }
+  if (!ciphertext.startsWith("enc:")) {
+    throw new Error("Unknown cookie store format");
+  }
+  if (!_cookieKey) {
+    throw new Error("Cookie crypto not initialized but encrypted data found");
+  }
+  const combined = Buffer.from(ciphertext.slice(4), "base64");
+  if (combined.length < IV_LENGTH + TAG_LENGTH) {
+    throw new Error("Cookie data too short");
+  }
+  const iv = combined.subarray(0, IV_LENGTH);
+  const tag = combined.subarray(combined.length - TAG_LENGTH);
+  const encrypted = combined.subarray(IV_LENGTH, combined.length - TAG_LENGTH);
+  const decipher = crypto.createDecipheriv(ALGORITHM, _cookieKey, iv);
+  decipher.setAuthTag(tag);
+  return Buffer.concat([
+    decipher.update(encrypted),
+    decipher.final()
+  ]).toString("utf-8");
+}
+function getStoreDir() {
+  const base = process.env.EXE_OS_DIR ?? path.join(os.homedir(), ".exe-os");
+  return path.join(base, "browser-sessions");
+}
+function getJarPath(agentId, sessionKey) {
+  const safe = (s) => s.replace(/[^a-zA-Z0-9_-]/g, "_");
+  return path.join(getStoreDir(), `${safe(agentId)}-${safe(sessionKey)}.cookies.enc`);
+}
+function jarCacheKey(agentId, sessionKey) {
+  return `${agentId}:${sessionKey}`;
+}
+function getTtlMs() {
+  const envTtl = process.env.EXE_BROWSER_SESSION_TTL;
+  if (envTtl) {
+    const parsed = parseInt(envTtl, 10);
+    if (!isNaN(parsed) && parsed > 0) return parsed * 1e3;
+  }
+  return DEFAULT_TTL_MS;
+}
+function loadCookieJar(agentId, sessionKey) {
+  const cacheKey = jarCacheKey(agentId, sessionKey);
+  const cached = _jarCache.get(cacheKey);
+  if (cached) {
+    const ttl = getTtlMs();
+    if (Date.now() - cached.lastAccessed > ttl) {
+      clearCookieJar(agentId, sessionKey);
+      return null;
+    }
+    return cached;
+  }
+  const jarPath = getJarPath(agentId, sessionKey);
+  if (!existsSync(jarPath)) return null;
+  try {
+    const raw = readFileSync(jarPath, "utf-8");
+    const jar = JSON.parse(decrypt(raw));
+    const ttl = getTtlMs();
+    if (Date.now() - jar.lastAccessed > ttl) {
+      clearCookieJar(agentId, sessionKey);
+      return null;
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    jar.cookies = jar.cookies.filter((c) => !c.expires || c.expires > now);
+    _jarCache.set(cacheKey, jar);
+    return jar;
+  } catch {
+    try {
+      unlinkSync(jarPath);
+    } catch {
+    }
+    return null;
+  }
+}
+function saveCookieJar(agentId, sessionKey, cookies) {
+  const cacheKey = jarCacheKey(agentId, sessionKey);
+  const existing = loadCookieJar(agentId, sessionKey);
+  const now = Date.now();
+  const cookieMap = /* @__PURE__ */ new Map();
+  if (existing) {
+    for (const c of existing.cookies) {
+      cookieMap.set(`${c.domain}:${c.path}:${c.name}`, c);
+    }
+  }
+  for (const c of cookies) {
+    cookieMap.set(`${c.domain}:${c.path}:${c.name}`, c);
+  }
+  const nowSec = Math.floor(now / 1e3);
+  const merged = [...cookieMap.values()].filter(
+    (c) => !c.expires || c.expires > nowSec
+  );
+  const jar = {
+    agentId,
+    sessionKey,
+    cookies: merged,
+    lastAccessed: now,
+    createdAt: existing?.createdAt ?? now
+  };
+  const storeDir = getStoreDir();
+  ensurePrivateDirSync(storeDir);
+  const jarPath = getJarPath(agentId, sessionKey);
+  const encrypted = encrypt(JSON.stringify(jar));
+  writeFileSync(jarPath, encrypted, "utf-8");
+  enforcePrivateFileSync(jarPath);
+  _jarCache.set(cacheKey, jar);
+}
+function getCookiesForUrl(agentId, sessionKey, url) {
+  const jar = loadCookieJar(agentId, sessionKey);
+  if (!jar || jar.cookies.length === 0) return [];
+  let hostname;
+  try {
+    hostname = new URL(url).hostname;
+  } catch {
+    return [];
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  return jar.cookies.filter((c) => {
+    if (c.expires && c.expires <= now) return false;
+    const cookieDomain = c.domain.startsWith(".") ? c.domain.slice(1) : c.domain;
+    return hostname === cookieDomain || hostname.endsWith("." + cookieDomain);
+  });
+}
+function clearCookieJar(agentId, sessionKey) {
+  const cacheKey = jarCacheKey(agentId, sessionKey);
+  _jarCache.delete(cacheKey);
+  const jarPath = getJarPath(agentId, sessionKey);
+  try {
+    if (existsSync(jarPath)) unlinkSync(jarPath);
+  } catch {
+  }
+}
+function cleanupExpiredJars() {
+  const storeDir = getStoreDir();
+  if (!existsSync(storeDir)) return 0;
+  const ttl = getTtlMs();
+  const now = Date.now();
+  let cleaned = 0;
+  try {
+    const files = readdirSync(storeDir).filter((f) => f.endsWith(".cookies.enc"));
+    for (const file of files) {
+      const filePath = path.join(storeDir, file);
+      try {
+        const stat = statSync(filePath);
+        if (now - stat.mtimeMs > ttl) {
+          unlinkSync(filePath);
+          cleaned++;
+        }
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return cleaned;
+}
+function touchCookieJar(agentId, sessionKey) {
+  const cacheKey = jarCacheKey(agentId, sessionKey);
+  const cached = _jarCache.get(cacheKey);
+  if (cached) {
+    cached.lastAccessed = Date.now();
+    const jarPath = getJarPath(agentId, sessionKey);
+    try {
+      if (existsSync(jarPath)) {
+        const raw = readFileSync(jarPath, "utf-8");
+        const jar = JSON.parse(decrypt(raw));
+        jar.lastAccessed = Date.now();
+        writeFileSync(jarPath, encrypt(JSON.stringify(jar)), "utf-8");
+      }
+    } catch {
+    }
+  }
+}
+export {
+  cleanupExpiredJars,
+  clearCookieJar,
+  getCookiesForUrl,
+  initCookieCrypto,
+  isCookieCryptoInitialized,
+  loadCookieJar,
+  saveCookieJar,
+  touchCookieJar
+};

package/dist/{capacity-monitor-H7D43IUQ.js → capacity-monitor-2TRPP3AX.js}

@@ -8,9 +8,9 @@ import {
   isAtCapacity,
   isWithinRelaunchCooldown,
   pollCapacityDead
-} from "./chunk-Q4WJJBOP.js";
+} from "./chunk-ZLP5TNRU.js";
 import "./chunk-WRCETUYE.js";
-import "./chunk-WP6P3LSI.js";
+import "./chunk-MABQMUCQ.js";
 import "./chunk-RN6XYY7U.js";
 import "./chunk-QI4IXJN7.js";
 import "./chunk-64WZEXXA.js";

package/dist/{catchup-brief-PTVQRBQK.js → catchup-brief-74ORL525.js}

@@ -1,13 +1,13 @@
 import {
   lightweightSearch
-} from "./chunk-IUC2332K.js";
-import "./chunk-42QSXHKN.js";
+} from "./chunk-ZAF4GJTD.js";
+import "./chunk-4X7CMJDN.js";
 import "./chunk-CHCA3ZM2.js";
 import "./chunk-OO5CPMT3.js";
 import {
   sessionScopeFilter,
   strictSessionScopeFilter
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 import "./chunk-RN6XYY7U.js";
 import "./chunk-QI4IXJN7.js";
 import "./chunk-64WZEXXA.js";

package/dist/{chunk-BM4X3WHU.js → chunk-2DWKMJPE.js}

@@ -2,7 +2,7 @@ import {
   listWorkflowDefinitions,
   runWorkflow,
   startWorkflow
-} from "./chunk-UTDZUTRN.js";
+} from "./chunk-OF6TXNOC.js";
 import {
   initCRMBridge
 } from "./chunk-ONKIWA3R.js";

package/dist/{chunk-EMUQSTJL.js → chunk-2HEXCZGP.js}

@@ -102,7 +102,7 @@ DO NOT keep working degraded. Instead:
 2. Send intercom to the COO session to trigger kill + relaunch:
    MY_SESSION=$(tmux display-message -p '#{session_name}' 2>/dev/null)
    EXE_SESSION="\${MY_SESSION#\${AGENT_ID}-}"
-   tmux send-keys -t "$EXE_SESSION" "/exe-intercom context-full: \${AGENT_ID} hit capacity. Checkpoint saved. Resume task <task-id>." Enter
+   tmux send-keys -t "$EXE_SESSION" "context-full: \${AGENT_ID} hit capacity. Checkpoint saved. Resume task <task-id>." Enter
 
 3. Stop working immediately. Do not attempt to continue with degraded context.
 

package/dist/{chunk-HX4ULQ3E.js → chunk-5YVGHP2B.js}

@@ -1,20 +1,20 @@
 import {
   MultiAgentOrchestrator
-} from "./chunk-7AJST6LP.js";
+} from "./chunk-FXVTLBBA.js";
 import {
   createQuietRenderer,
   createTerminalRenderer,
   renderAgentEvents
 } from "./chunk-YZFZDJWZ.js";
-import {
-  checkDangerousPatterns,
-  hasCriticalPattern
-} from "./chunk-AVE2B4DQ.js";
 import {
   checkPathSafety,
   checkReadPathSafety,
   containsPathTraversal
 } from "./chunk-NGVOA6ZQ.js";
+import {
+  checkDangerousPatterns,
+  hasCriticalPattern
+} from "./chunk-AVE2B4DQ.js";
 import {
   ContextManager,
   agentLoop,
@@ -33,16 +33,16 @@ import {
   partitionTools,
   zodToJsonSchema
 } from "./chunk-JQ6TLNIV.js";
-import {
-  composeHooks,
-  createDefaultHooks
-} from "./chunk-O377P7GM.js";
 import {
   EMPLOYEE_PERMISSIONS,
   checkPermission,
   createPermissionsFromPreset,
   createRestrictedPermissions
 } from "./chunk-PRKVT4KN.js";
+import {
+  composeHooks,
+  createDefaultHooks
+} from "./chunk-O377P7GM.js";
 import {
   PERMISSION_PRESETS,
   evaluatePermission,
@@ -327,7 +327,7 @@ function createExeOSHooks(config) {
     async onSubagentStop(_reason) {
       try {
         const { getClient } = await import("./lib/database.js");
-        const { sessionScopeFilter } = await import("./task-scope-OS66ZD7O.js");
+        const { sessionScopeFilter } = await import("./task-scope-AI62AIPT.js");
         const client = getClient();
         const ehScope = sessionScopeFilter();
         const tasks = await client.execute({
@@ -419,7 +419,7 @@ function createExeOSHooks(config) {
         try {
           const { writeMemory, flushBatch } = await import("./lib/store.js");
           const { getClient } = await import("./lib/database.js");
-          const { sessionScopeFilter: cpScopeFilter } = await import("./task-scope-OS66ZD7O.js");
+          const { sessionScopeFilter: cpScopeFilter } = await import("./task-scope-AI62AIPT.js");
           const client = getClient();
           const cpScope = cpScopeFilter();
           const tasks = await client.execute({

package/dist/{chunk-5RT7IBY4.js → chunk-6BJ5GZD4.js}

@@ -11,7 +11,7 @@ import {
   sessionScopeFilter,
   updateTaskStatus,
   writeNotification
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 import {
   getTransport
 } from "./chunk-TXWQPL2U.js";
@@ -136,7 +136,7 @@ async function dispatchTaskToEmployee(input) {
   let crossProject = false;
   if (input.projectName) {
     try {
-      const { assertSessionScope } = await import("./session-scope-DKE6OPV5.js");
+      const { assertSessionScope } = await import("./session-scope-LXQKQDIS.js");
       const check = assertSessionScope("dispatch_task", input.projectName);
       if (check.reason === "cross_session_denied") {
         crossProject = true;
@@ -396,7 +396,7 @@ async function updateTask(input) {
     await markTaskNotificationsRead(taskFile);
     if (input.status === "needs_review" && !isCoordinator) {
       try {
-        const { writeNotification: writeNotification2 } = await import("./notifications-GENT3AWZ.js");
+        const { writeNotification: writeNotification2 } = await import("./notifications-WYNI5OG6.js");
         await writeNotification2({
           agentId: String(row.assigned_to),
           agentRole: String(row.assigned_to),

package/dist/{chunk-BUN6JIDP.js → chunk-ACOQS4ZL.js}

@@ -4,7 +4,7 @@ import {
   resolveExeSession,
   sendIntercom,
   strictSessionScopeFilter
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 import {
   getClient
 } from "./chunk-TGOJR5SS.js";

package/dist/{chunk-HH4UGDJH.js → chunk-CGAYSKQF.js}

@@ -19,7 +19,7 @@ import {
 import {
   createCRMWebhookHandler,
   parseTwentyWebhook
-} from "./chunk-HH2QED73.js";
+} from "./chunk-OYU7TCBG.js";
 import {
   BotRegistry,
   BotRuntime,
@@ -42,7 +42,7 @@ import {
   retryWithBackoff,
   routeMessage,
   validateGatewayConfig
-} from "./chunk-BM4X3WHU.js";
+} from "./chunk-2DWKMJPE.js";
 import {
   OllamaProvider
 } from "./chunk-FWFFZGSC.js";

package/dist/{chunk-ADI4Z63O.js → chunk-DNEOEKWA.js}

@@ -1,6 +1,6 @@
 import {
   sessionScopeFilter
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 
 // src/lib/git-task-sweep.ts
 import { execSync } from "child_process";
@@ -178,7 +178,7 @@ async function sweepTasks(projectName, options = {}) {
     }
     if (!dryRun) {
       try {
-        const { updateTaskStatus } = await import("./tasks-crud-DJH4NZC2.js");
+        const { updateTaskStatus } = await import("./tasks-crud-IEOK55IV.js");
         await updateTaskStatus({
           taskId: task.id,
           status: "needs_review",

package/dist/{chunk-7JCK6TXX.js → chunk-FDD7KX7Q.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-WRCETUYE.js";
 import {
   updateTask
-} from "./chunk-5RT7IBY4.js";
+} from "./chunk-6BJ5GZD4.js";
 import {
   ensureEmployee,
   extractRootExe,
@@ -14,7 +14,7 @@ import {
   sessionScopeFilter,
   strictSessionScopeFilter,
   writeNotification
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 import {
   queueIntercom
 } from "./chunk-QI4IXJN7.js";
@@ -331,7 +331,7 @@ async function pollIdleKill(deps, idleTickCounts, opts) {
       try {
         const { execFileSync: warnExec } = await import("child_process");
         const shutdownMsg = [
-          "/exe-intercom SHUTDOWN WARNING: Your session will be terminated in ~90 seconds due to inactivity.",
+          "SHUTDOWN WARNING: Your session will be terminated in ~90 seconds due to inactivity.",
           "All your tasks are complete. Before shutdown:",
           "1. store_memory() any important decisions, discoveries, or context from this session",
           "2. If you learned anything non-obvious, commit it to memory for future sessions",
@@ -1313,6 +1313,42 @@ function reapZombieAgentProcesses(deps) {
       }
     }
     if (hasLiveSession) continue;
+    const coordinatorSessions = [...liveSessions].filter(
+      (s) => isCoordinatorName(s.replace(/^\w+-/, "")) || isExeSession(s)
+    );
+    if (coordinatorSessions.length > 0) {
+      let belongsToCoordinator = false;
+      for (const cs of coordinatorSessions) {
+        try {
+          const panePids = execSync(
+            `tmux list-panes -t ${JSON.stringify(cs)} -F '#{pane_pid}' 2>/dev/null`,
+            { encoding: "utf8", timeout: 3e3 }
+          ).trim().split("\n").map(Number).filter(Boolean);
+          for (const panePid of panePids) {
+            let walk = pid;
+            for (let d = 0; d < 10; d++) {
+              if (walk === panePid) {
+                belongsToCoordinator = true;
+                break;
+              }
+              const p = procMap.get(walk);
+              if (!p || p.ppid <= 1) break;
+              walk = p.ppid;
+            }
+            if (belongsToCoordinator) break;
+          }
+        } catch {
+        }
+        if (belongsToCoordinator) break;
+      }
+      if (belongsToCoordinator) {
+        process.stderr.write(
+          `[zombie-agent-reaper] SKIPPING PID ${pid} \u2014 belongs to coordinator session (${info.args.slice(0, 60)})
+`
+        );
+        continue;
+      }
+    }
     const rssKb = getRssKb(pid);
     const rssMb = rssKb ? Math.round(rssKb / 1024) : "?";
     const desc = `PID ${pid} (age=${ageSecs}s, RSS=${rssMb}MB, ${info.args.slice(0, 80)})`;

package/dist/{chunk-7AJST6LP.js → chunk-FXVTLBBA.js}

@@ -9,7 +9,7 @@ import {
   isEmployeeAlive,
   sessionScopeFilter,
   updateTaskStatus
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 import {
   DEFAULT_COORDINATOR_TEMPLATE_NAME,
   getCoordinatorName

package/dist/{chunk-CGDA6NJI.js → chunk-IFFVONU6.js}

@@ -111,7 +111,7 @@ function releaseBackfillLock() {
 }
 async function getTaskAwareCapacity() {
   const { getClient } = await import("./lib/database.js");
-  const { sessionScopeFilter } = await import("./task-scope-OS66ZD7O.js");
+  const { sessionScopeFilter } = await import("./task-scope-AI62AIPT.js");
   const client = getClient();
   const scope = sessionScopeFilter();
   const result = await client.execute({

package/dist/{chunk-VGBQKQHJ.js → chunk-JDGCEOT4.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-BDYUENC7.js";
 import {
   listTasks
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 
 // src/mcp/tools/list-tasks.ts
 import { z } from "zod";

package/dist/{chunk-2EVDBTCZ.js → chunk-JDHB6I4O.js}

@@ -1,6 +1,6 @@
 import {
   vectorToBlob
-} from "./chunk-42QSXHKN.js";
+} from "./chunk-4X7CMJDN.js";
 import {
   extractKeywords,
   keywordsToString

package/dist/{chunk-FL4PEEWL.js → chunk-JQLWMZZJ.js}

@@ -1,7 +1,7 @@
 import {
   getCurrentSessionScope,
   strictSessionScopeFilter
-} from "./chunk-WP6P3LSI.js";
+} from "./chunk-MABQMUCQ.js";
 import {
   getProjectName
 } from "./chunk-OPU3NYOO.js";