@askexenow/exe-os 0.9.248 → 0.9.251

package/deploy/compose/setup.sh

@@ -123,6 +123,36 @@ ENVEOF
   info ".env generated with auto-generated secrets"
 fi
 
+# Step 3a: Bootstrap gateway.json (must exist before `docker compose up` or
+# Docker will create it as a directory instead of a file, leaving the gateway
+# with an empty config and WhatsApp adapters disabled).
+# Bug 24af9df0: setup.sh never wrote this file; fresh deploys had no gateway.
+if [[ ! -f gateway.json ]]; then
+  info "Step 3a: Creating default gateway.json (WhatsApp adapter enabled)"
+  cat > gateway.json << 'GWEOF'
+{
+  "adapters": {
+    "whatsapp": {
+      "enabled": true,
+      "credentials": {
+        "authDir": "/app/auth_info/default"
+      },
+      "accounts": [
+        {
+          "name": "default",
+          "authDir": "/app/auth_info/default"
+        }
+      ]
+    }
+  }
+}
+GWEOF
+  chmod 600 gateway.json
+  info "gateway.json created. Edit it to add WhatsApp accounts, then restart the gateway."
+else
+  info "Step 3a: gateway.json already exists — skipping."
+fi
+
 # Step 3: Cloudflared tunnel config
 info "Step 3: Cloudflare Tunnel setup"
 if [[ ! -f cloudflared/config.yml ]]; then

package/deploy/stack-manifests/v0.9.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": 1,
-  "latest": "0.9.17",
+  "latest": "0.9.18",
   "stacks": {
     "0.9.0": {
       "version": "0.9.0",
@@ -978,6 +978,58 @@
           "required": false
         }
       }
+    },
+    "0.9.18": {
+      "version": "0.9.18",
+      "releasedAt": "2026-06-09T00:00:00Z",
+      "notes": "exe-os v0.9.251: chore: sync release notes; fix: create schema in daemon polling init; chore: bump v0.9.250 release notes; fix: keep release-note generation idempotent",
+      "npmVersion": "0.9.251",
+      "breakingChanges": [],
+      "services": {
+        "crm": {
+          "image": "update.askexe.com/askexe/exe-crm:v0.9.46",
+          "env": "CRM_IMAGE_TAG",
+          "composeService": "exe-crm",
+          "healthUrl": "http://127.0.0.1:3000/healthz"
+        },
+        "wiki": {
+          "image": "update.askexe.com/askexe/exe-wiki:v0.9.21",
+          "env": "WIKI_IMAGE_TAG",
+          "composeService": "exe-wiki",
+          "healthUrl": "http://127.0.0.1:3001/api/ping"
+        },
+        "exe-os": {
+          "image": "update.askexe.com/askexe/exe-os:v0.9.251",
+          "env": "EXE_OS_IMAGE_TAG",
+          "composeService": "exe-os",
+          "healthUrl": "http://127.0.0.1:8765/health"
+        },
+        "gateway": {
+          "image": "update.askexe.com/askexe/exe-gateway:v0.9.16",
+          "env": "GATEWAY_IMAGE_TAG",
+          "composeService": "exe-gateway",
+          "healthUrl": "http://127.0.0.1:3100/health"
+        },
+        "monitorAgent": {
+          "image": "update.askexe.com/askexe/exe-monitor-agent:v0.9.4",
+          "env": "MONITOR_AGENT_IMAGE_TAG",
+          "composeService": "exe-monitor-agent"
+        },
+        "monitorHub": {
+          "image": "update.askexe.com/askexe/exe-monitor-hub:v0.9.4",
+          "env": "MONITOR_HUB_IMAGE_TAG",
+          "composeService": "exe-monitor-hub",
+          "healthUrl": "http://127.0.0.1:8090/api/health"
+        },
+        "erp": {
+          "image": "update.askexe.com/askexe/exe-erp:v0.2.0-final3",
+          "env": "ERP_IMAGE_TAG",
+          "composeService": "exe-erp",
+          "healthUrl": "http://127.0.0.1:8069/api/method/ping",
+          "deploymentScope": "customer",
+          "required": false
+        }
+      }
     }
   }
 }

package/dist/bin/exe-forget.js

@@ -4,7 +4,7 @@ import {
 } from "../chunk-RS7EAZ2R.js";
 import {
   lightweightSearch
-} from "../chunk-VPT7YJJU.js";
+} from "../chunk-BG76C2PG.js";
 import "../chunk-CAFJIGAZ.js";
 import "../chunk-CHCA3ZM2.js";
 import "../chunk-AWVDA2FL.js";

package/dist/bin/exe-search.js

@@ -2,7 +2,7 @@
 import {
   hybridSearch,
   lightweightSearch
-} from "../chunk-VPT7YJJU.js";
+} from "../chunk-BG76C2PG.js";
 import {
   initStore
 } from "../chunk-CAFJIGAZ.js";

package/dist/bin/pre-publish.js

@@ -47,9 +47,12 @@ function stripVersionTag(tag) {
 }
 function findPreviousVersionTag(tags, currentVersion) {
   const currentTag = `v${currentVersion}`;
-  const parts = currentVersion.split(".");
-  const majorMinorPrefix = parts.length >= 2 ? `v${parts[0]}.${parts[1]}.` : null;
-  return tags.filter((tag) => tag !== currentTag).filter((tag) => majorMinorPrefix === null || tag.startsWith(majorMinorPrefix)).filter((tag) => compareVersionsAsc(stripVersionTag(tag), currentVersion) < 0).sort((a, b) => compareVersionsDesc(stripVersionTag(a), stripVersionTag(b)))[0] ?? "";
+  const curMajor = currentVersion.split(".")[0];
+  return tags.filter((tag) => tag !== currentTag).filter((tag) => {
+    if (!curMajor) return true;
+    const tagMajor = stripVersionTag(tag).split(".")[0];
+    return tagMajor === curMajor;
+  }).filter((tag) => compareVersionsAsc(stripVersionTag(tag), currentVersion) < 0).sort((a, b) => compareVersionsDesc(stripVersionTag(a), stripVersionTag(b)))[0] ?? "";
 }
 function compactReleaseNotes(data) {
   const versions = Object.keys(data.notes).sort(compareVersionsDesc).slice(0, MAX_RELEASE_NOTE_VERSIONS);
@@ -74,7 +77,7 @@ function categorizeCommit(message) {
 }
 function isReleaseNoiseCommitSummary(summary) {
   const normalized = summary.trim();
-  return /^bump v\d+\.\d+\.\d+(?:-.+)?$/i.test(normalized) || /^(?:sync|stabilize) v\d+\.\d+\.\d+(?:-.+)? release notes$/i.test(normalized) || /^sync v\d+\.\d+\.\d+(?:-.+)? published artifacts$/i.test(normalized);
+  return /^bump(?: v\d+\.\d+\.\d+(?:-.+)?)?(?: release notes)?$/i.test(normalized) || /^(?:sync|stabilize)(?: v\d+\.\d+\.\d+(?:-.+)?)? release notes$/i.test(normalized) || /^sync(?: v\d+\.\d+\.\d+(?:-.+)?)? published artifacts$/i.test(normalized);
 }
 function generateReleaseNotes(repoRoot2, currentVersion) {
   const tags = git(["tag", "--sort=-v:refname", "--list", "v*"], repoRoot2).split("\n").filter(Boolean);

package/dist/{catchup-brief-KV7CWAFM.js → catchup-brief-USYMBBJO.js}

@@ -1,6 +1,6 @@
 import {
   lightweightSearch
-} from "./chunk-VPT7YJJU.js";
+} from "./chunk-BG76C2PG.js";
 import "./chunk-CAFJIGAZ.js";
 import "./chunk-CHCA3ZM2.js";
 import "./chunk-AWVDA2FL.js";

package/dist/{chunk-VPT7YJJU.js → chunk-BG76C2PG.js}

@@ -288,7 +288,7 @@ async function hybridSearch(queryText, agentId, options) {
   let rerankerAvailable = false;
   if (process.env.EXE_IS_DAEMON === "1") {
     try {
-      const { isRerankerAvailable } = await import("./reranker-XGST4QWE.js");
+      const { isRerankerAvailable } = await import("./reranker-KWCF74HT.js");
       rerankerAvailable = isRerankerAvailable();
     } catch {
     }
@@ -452,7 +452,7 @@ async function hybridSearch(queryText, agentId, options) {
     try {
       let rerankedRecords;
       if (graphContextMap.size > 0) {
-        const { rerankWithContext } = await import("./reranker-XGST4QWE.js");
+        const { rerankWithContext } = await import("./reranker-KWCF74HT.js");
         const candidates = merged.map((m) => ({
           text: m.raw_text,
           context: graphContextMap.get(m.id)
@@ -460,7 +460,7 @@ async function hybridSearch(queryText, agentId, options) {
         const scored = await rerankWithContext(effectiveQuery, candidates, rerankReturnLimit);
         rerankedRecords = scored.map((s) => merged[s.index]);
       } else {
-        const { rerank } = await import("./reranker-XGST4QWE.js");
+        const { rerank } = await import("./reranker-KWCF74HT.js");
         rerankedRecords = await rerank(effectiveQuery, merged, rerankReturnLimit);
       }
       if (rerankedRecords.length > 0) {

package/dist/{chunk-MWQW2QV4.js → chunk-OERXBIAU.js}

@@ -10,7 +10,7 @@ import {
 import {
   isRerankerAvailable,
   rerankWithScores
-} from "./chunk-VA5BKLNY.js";
+} from "./chunk-FCDLGS3S.js";
 import {
   getCachedLicenseGate
 } from "./chunk-2WBBVEIB.js";
@@ -187,7 +187,7 @@ import {
 import {
   hybridSearch,
   recentRecords
-} from "./chunk-VPT7YJJU.js";
+} from "./chunk-BG76C2PG.js";
 import {
   attachDocumentMetadata,
   flushBatch,

package/dist/hooks/error-recall.js

@@ -4,7 +4,7 @@ import {
 import {
   hybridSearch,
   lightweightSearch
-} from "../chunk-VPT7YJJU.js";
+} from "../chunk-BG76C2PG.js";
 import {
   initStore
 } from "../chunk-CAFJIGAZ.js";

package/dist/hooks/manifest.json

@@ -1,11 +1,11 @@
 {
   "version": 1,
-  "generatedAt": "2026-06-09T12:10:42.430Z",
+  "generatedAt": "2026-06-09T12:21:57.535Z",
   "hashes": {
     "bug-report-worker.js": "ebc534a11251111409955c71d4e1f0508a620491d059b352117bd8cec309bd5e",
     "codex-stop-task-finalizer.js": "aeec9205c85660db4e1c6bf51ba16710cf4e785531bd3396dce22579ff3fdd2f",
     "commit-complete.js": "2d94294a40810df514d63ac1f6a30587ecbe16bcd1132f0ae9eb8f1f25c7d9be",
-    "error-recall.js": "08912e23deccfc28b3941b42b9dd0e9a4cdee557413990ce96d900c3676b0960",
+    "error-recall.js": "ac711e2533075b1bf45bbbc12f1b69eccec84d41b3d87cdeabed93c7f9cabe14",
     "exe-heartbeat-hook.js": "61fb871cc3a8932434c2ba53b81f24475ad108814e30c3ae723d96b570e27356",
     "ingest-worker.js": "ca4671af64ee4ccf4f9b8b2879b3ddeb0fc0cb8b8ba5c032fb334b97abf973bd",
     "ingest.js": "e1ff6aa56ee209e9f6bd28e99031ab29fa763cca190948119b37fe1d55ead900",
@@ -15,9 +15,9 @@
     "post-tool-combined.js": "c21e73cd549ca672bba1302c04dceb2696345d5d6d02b6ded035013fdead7b14",
     "pre-compact.js": "777ff360f04e92410a54c2b28970e2d25805529bbf1724c30d176b9742d7b6a3",
     "pre-tool-use.js": "5d23669387dc88f0c167a67f88bee5665f57da78f4c764a8a577874a55f803f5",
-    "prompt-submit.js": "562540fcb791fcc2f94f1d6362a7c9b9b2d693cfaad3862f45cb7ed7f0cc128e",
+    "prompt-submit.js": "ee13394fc99f3f3938a70641986070c67dd7e86667dbfc60ec5189e86cc37f67",
     "session-end.js": "3456012ce4fccdf9847639628ae8b9ba53d9535ae22268203001af8d0774db54",
-    "session-start.js": "d7d80e6c59b13686331238a23a3fa1b454b08aea73dc0e90794b8a86ffc9adf8",
+    "session-start.js": "8b4803623e2b8aa52b40b4e5222182d4144018d51f1be43e21c7785cbef32032",
     "stop.js": "611617884577e7abdca65b6ba4d5d6b0c435a641c86847e48e5441a9f88a7e26",
     "subagent-stop.js": "8bac8bfa60ded426457588f8c75dea430ad55d852215d9aa794fa21543538bb1",
     "summary-worker.js": "ca66f15de3d6c5f531c07924df539387dd862d593855c481de4435062f3ff464"

package/dist/hooks/prompt-submit.js

@@ -1,7 +1,7 @@
 import {
   hybridSearch,
   lightweightSearch
-} from "../chunk-VPT7YJJU.js";
+} from "../chunk-BG76C2PG.js";
 import {
   initStore
 } from "../chunk-CAFJIGAZ.js";

package/dist/hooks/session-start.js

@@ -163,7 +163,7 @@ You are **${ag.agentId}** (${ag.agentRole}). Daemon is degraded \u2014 memory un
       query = `last actions on ${projectName}`;
       header = "## Resuming Session\nHere's where you left off:";
       try {
-        const { buildCatchupBrief } = await import("../catchup-brief-KV7CWAFM.js");
+        const { buildCatchupBrief } = await import("../catchup-brief-USYMBBJO.js");
         const brief = await buildCatchupBrief(
           agentId,
           projectName,

package/dist/lib/exe-daemon.js

@@ -2113,7 +2113,7 @@ async function startMcpHttpServer() {
           activeSessions: transports.size
         });
         try {
-          const { initDatabase, isInitialized } = await import("./database.js");
+          const { initDatabase, isInitialized, ensureSchema } = await import("./database.js");
           if (!isInitialized()) {
             const { loadConfig } = await import("./config.js");
             const { getMasterKey } = await import("./keychain.js");
@@ -2121,6 +2121,7 @@ async function startMcpHttpServer() {
             const masterKey = await getMasterKey();
             if (masterKey) {
               await initDatabase({ dbPath: config.dbPath, encryptionKey: masterKey.toString("hex") });
+              await ensureSchema();
               process.stderr.write("[exed] DB initialized during stale-session recovery\n");
             }
           }
@@ -2473,7 +2474,7 @@ async function startMcpHttpServer() {
         sessionLastSeen.set(sessionId, Date.now());
       } else if (!sessionId && req.method === "POST" && isInitializeRequest(parsedBody)) {
         try {
-          const { initDatabase, isInitialized } = await import("./database.js");
+          const { initDatabase, isInitialized, ensureSchema } = await import("./database.js");
           if (!isInitialized()) {
             const { loadConfig } = await import("./config.js");
             const { getMasterKey } = await import("./keychain.js");
@@ -2481,6 +2482,7 @@ async function startMcpHttpServer() {
             const masterKey = await getMasterKey();
             if (masterKey) {
               await initDatabase({ dbPath: config.dbPath, encryptionKey: masterKey.toString("hex") });
+              await ensureSchema();
               process.stderr.write("[exed] DB initialized on first MCP session\n");
             }
           }
@@ -2741,7 +2743,7 @@ var _storeInitialized = false;
 async function ensureStoreForPolling() {
   if (_storeInitialized) return true;
   try {
-    const { initDatabase, isInitialized } = await import("./database.js");
+    const { initDatabase, isInitialized, ensureSchema } = await import("./database.js");
     if (!isInitialized()) {
       const { loadConfig } = await import("./config.js");
       const { getMasterKey } = await import("./keychain.js");
@@ -2756,6 +2758,7 @@ async function ensureStoreForPolling() {
         throw new Error("No encryption key");
       }
       await initDatabase({ dbPath: config.dbPath, encryptionKey: masterKey.toString("hex") });
+      await ensureSchema();
     }
     _storeInitialized = true;
     return true;

package/dist/lib/hybrid-search.js

@@ -5,7 +5,7 @@ import {
   recentRecords,
   rrfMerge,
   rrfMergeMulti
-} from "../chunk-VPT7YJJU.js";
+} from "../chunk-BG76C2PG.js";
 import "../chunk-CAFJIGAZ.js";
 import "../chunk-CHCA3ZM2.js";
 import "../chunk-AWVDA2FL.js";

package/dist/mcp/register-tools.js

@@ -1,11 +1,11 @@
 import {
   registerAllTools
-} from "../chunk-MWQW2QV4.js";
+} from "../chunk-OERXBIAU.js";
 import "../chunk-AIXZ5O7U.js";
 import "../chunk-557C2IGL.js";
 import "../chunk-MOTVVPK6.js";
 import "../chunk-NZBGWKVC.js";
-import "../chunk-VA5BKLNY.js";
+import "../chunk-FCDLGS3S.js";
 import "../chunk-2WBBVEIB.js";
 import "../chunk-4S5TEBXD.js";
 import "../chunk-CCPCIW4Z.js";
@@ -59,7 +59,7 @@ import "../chunk-RS7EAZ2R.js";
 import "../chunk-QR7HOUVS.js";
 import "../chunk-Z6GHDYQI.js";
 import "../chunk-7IZWLMTP.js";
-import "../chunk-VPT7YJJU.js";
+import "../chunk-BG76C2PG.js";
 import "../chunk-CAFJIGAZ.js";
 import "../chunk-CHCA3ZM2.js";
 import "../chunk-AWVDA2FL.js";

package/dist/mcp/server.js

@@ -3,12 +3,12 @@ import {
 } from "../chunk-V4TZI6EO.js";
 import {
   registerAllTools
-} from "../chunk-MWQW2QV4.js";
+} from "../chunk-OERXBIAU.js";
 import "../chunk-AIXZ5O7U.js";
 import "../chunk-557C2IGL.js";
 import "../chunk-MOTVVPK6.js";
 import "../chunk-NZBGWKVC.js";
-import "../chunk-VA5BKLNY.js";
+import "../chunk-FCDLGS3S.js";
 import {
   initLicenseGate
 } from "../chunk-2WBBVEIB.js";
@@ -69,7 +69,7 @@ import "../chunk-RS7EAZ2R.js";
 import "../chunk-QR7HOUVS.js";
 import "../chunk-Z6GHDYQI.js";
 import "../chunk-7IZWLMTP.js";
-import "../chunk-VPT7YJJU.js";
+import "../chunk-BG76C2PG.js";
 import {
   disposeStore,
   initStore

package/dist/{reranker-XGST4QWE.js → reranker-KWCF74HT.js}

@@ -5,7 +5,7 @@ import {
   rerank,
   rerankWithContext,
   rerankWithScores
-} from "./chunk-VA5BKLNY.js";
+} from "./chunk-FCDLGS3S.js";
 import "./chunk-VXIMSRTO.js";
 import "./chunk-LYH5HE24.js";
 import "./chunk-MLKGABMK.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.248",
+  "version": "0.9.251",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/release-notes.json

@@ -1,321 +1,64 @@
 {
-  "current": "0.9.248",
+  "current": "0.9.251",
   "notes": {
-    "0.9.248": {
-      "version": "0.9.248",
+    "0.9.251": {
+      "version": "0.9.251",
       "date": "2026-06-09",
       "features": [],
       "fixes": [
-        "CRDT default OFF, lid-close recovery, MCP session over-count"
+        "create schema in daemon polling init",
+        "keep release-note generation idempotent"
       ],
       "security": [],
       "other": [
-        "cover MCP autoreconnect warning suppression"
+        "stack release v0.9.18",
+        "bump v0.9.251 for stack release"
       ],
       "migration_notes": []
     },
-    "0.9.247": {
-      "version": "0.9.247",
+    "0.9.250": {
+      "version": "0.9.250",
       "date": "2026-06-09",
-      "features": [
-        "Entity Profile UI — knowledge graph explorer + entity detail view",
-        "log MCP session open/close to stderr for docker logs visibility",
-        "Graph→PostgreSQL sync timer — automatic SQLite→exe-db projection",
-        "project GraphRAG data to PostgreSQL during cloud sync pull",
-        "add behavior effectiveness tracking — attribution, conflicts, scoring, load",
-        "close the reinforcement loop — dreaming reads investigation data",
-        "add reviews to Cloudflare support system — separate from bugs/features",
-        "self-improvement auto-merges simple fixes, notifies on failures",
-        "automatic investigation record system for debugging cycle tracking",
-        "smoke test + Playwright E2E + self-improvement cron",
-        "P0 procedures — verify your own fix + confidence decay",
-        "boot output as formatted table with box-drawing characters",
-        "show auto-fix cycle status in exe-os boot",
-        "graceful daemon restart — persist MCP sessions for transparent recovery",
-        "default to keyword+graph search, embeddings opt-in",
-        "server-side telemetry storage + admin insights endpoint",
-        "enrich telemetry payload with usage counters and auto-insights",
-        "add telemetry auto-insight computation engine",
-        "auto-calibration in dreaming cycle + telemetry integration",
-        "first-class time estimation on tasks — auto-tracked, queryable",
-        "add agent assertion system — confidence tracking on task lifecycle",
-        "auto-run dreaming cycle on session end — zero-touch self-improvement",
-        "add dreaming system + structured handoffs to platform procedures",
-        "add snapshot + boot to platform procedures and operating procedures",
-        "add `exe-os boot --project X` CLI command for project boot verification"
-      ],
+      "features": [],
       "fixes": [
-        "spawn lock dedup, MCP recovery mutex, health timeout 60→180s",
-        "exclude release-note chores from generated notes",
-        "dedupe stale MCP session recovery",
-        "embeddings OFF by default for all users — opt-in via EXE_EMBEDDINGS=1",
-        "keep generated env templates in sync",
-        "bootstrap monitor env and lazy-init recall memory",
-        "registry proxy accepts license keys + stack-update reads .env license",
-        "stack-release uses defaultBranch per repo (wiki uses master)",
-        "prevent stale task intercom prompts",
-        "v0.9.241 — 13 more bug fixes (28 total this session)",
-        "sync lockfile for Docker build — npm ci --omit=dev works again",
-        "keep review notifications session-local and test-safe",
-        "CI Dockerfile reference — Dockerfile.exed → Dockerfile.exe-os",
-        "v0.9.240 — 15 bug fixes across HYGO, Jack, platform (stack v0.9.15)",
-        "keep daemon memory recall FTS bounded",
-        "keep daemon cloud sync off CRDT heap path",
-        "suppress ENOBUFS in reapers + skip boot-time sync execution",
-        "MCP health probe in prompt hook + Docker image build tolerance",
-        "plug MCP session memory leak — zombie McpServer instances accumulated",
-        "lower RSS watchdog to 1.5/2.5GB + add GC after heavy operations",
-        "snapshot crash — daemon fallback + dreaming scope binding",
-        "skip duplicate initStore in WS client — prevents 2-8s event loop block",
-        "add session scope imports to dreaming, project-boot, telemetry-upload",
-        "resolve typecheck errors for npm publish",
-        "add setImmediate yields to Graph→PG sync — prevent event loop blocking"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+        "create schema in daemon polling init",
+        "keep release-note generation idempotent"
       ],
+      "security": [],
       "other": [
-        "bump v0.9.247 for stack manifest release",
-        "stack release v0.9.17",
-        "cover singleton employee spawn lock",
-        "cover registry proxy license auth fallbacks",
-        "update release notes for v0.9.243",
-        "stack release v0.9.16",
-        "bump v0.9.243 for stack release",
-        "bump v0.9.242 for stack release",
-        "add STACK-RELEASE.md — full release process documentation",
-        "claurst competitive analysis — npm distribution + free-tier mode",
-        "bump stack.release.json to v0.9.240 for CI image build",
-        "update release notes for v0.9.238-239",
-        "release: stack v0.9.14 — gateway audit fixes",
-        "release: stack v0.9.13 — HYGO deployment readiness",
-        "incremental Graph→PG sync — 86K rows → deltas only",
-        "batch Graph→PG sync — 500 rows per INSERT instead of row-by-row",
-        "consolidate daemon timers into unified orchestration tick (#78)",
-        "revise GLiNER — Haiku API now, GLiNER when cost matters",
-        "capture GLiNER entity extraction in ARCHITECTURE.md",
-        "detailed design system structure + Phase 2 component list",
-        "exe-os-design-system — unified design system for all products",
-        "GoTrue JWT unified auth architecture — founder directive 2026-06-08",
-        "Thread + Graph Discovery architecture — unified knowledge view",
-        "move heavy jobs to 9 PM — GraphRAG, skill sweep, backup",
-        "Mode 3 Client-Side RAG architecture — memories never leave device"
+        "sync release notes"
       ],
       "migration_notes": []
     },
-    "0.9.246": {
-      "version": "0.9.246",
+    "0.9.249": {
+      "version": "0.9.249",
       "date": "2026-06-09",
-      "features": [
-        "Entity Profile UI — knowledge graph explorer + entity detail view",
-        "log MCP session open/close to stderr for docker logs visibility",
-        "Graph→PostgreSQL sync timer — automatic SQLite→exe-db projection",
-        "project GraphRAG data to PostgreSQL during cloud sync pull",
-        "add behavior effectiveness tracking — attribution, conflicts, scoring, load",
-        "close the reinforcement loop — dreaming reads investigation data",
-        "add reviews to Cloudflare support system — separate from bugs/features",
-        "self-improvement auto-merges simple fixes, notifies on failures",
-        "automatic investigation record system for debugging cycle tracking",
-        "smoke test + Playwright E2E + self-improvement cron",
-        "P0 procedures — verify your own fix + confidence decay",
-        "boot output as formatted table with box-drawing characters",
-        "show auto-fix cycle status in exe-os boot",
-        "graceful daemon restart — persist MCP sessions for transparent recovery",
-        "default to keyword+graph search, embeddings opt-in",
-        "server-side telemetry storage + admin insights endpoint",
-        "enrich telemetry payload with usage counters and auto-insights",
-        "add telemetry auto-insight computation engine",
-        "auto-calibration in dreaming cycle + telemetry integration",
-        "first-class time estimation on tasks — auto-tracked, queryable",
-        "add agent assertion system — confidence tracking on task lifecycle",
-        "auto-run dreaming cycle on session end — zero-touch self-improvement",
-        "add dreaming system + structured handoffs to platform procedures",
-        "add snapshot + boot to platform procedures and operating procedures",
-        "add `exe-os boot --project X` CLI command for project boot verification"
-      ],
+      "features": [],
       "fixes": [
-        "spawn lock dedup, MCP recovery mutex, health timeout 60→180s",
-        "exclude release-note chores from generated notes",
-        "dedupe stale MCP session recovery",
-        "embeddings OFF by default for all users — opt-in via EXE_EMBEDDINGS=1",
-        "keep generated env templates in sync",
-        "bootstrap monitor env and lazy-init recall memory",
-        "registry proxy accepts license keys + stack-update reads .env license",
-        "stack-release uses defaultBranch per repo (wiki uses master)",
-        "prevent stale task intercom prompts",
-        "v0.9.241 — 13 more bug fixes (28 total this session)",
-        "sync lockfile for Docker build — npm ci --omit=dev works again",
-        "keep review notifications session-local and test-safe",
-        "CI Dockerfile reference — Dockerfile.exed → Dockerfile.exe-os",
-        "v0.9.240 — 15 bug fixes across HYGO, Jack, platform (stack v0.9.15)",
-        "keep daemon memory recall FTS bounded",
-        "keep daemon cloud sync off CRDT heap path",
-        "suppress ENOBUFS in reapers + skip boot-time sync execution",
-        "MCP health probe in prompt hook + Docker image build tolerance",
-        "plug MCP session memory leak — zombie McpServer instances accumulated",
-        "lower RSS watchdog to 1.5/2.5GB + add GC after heavy operations",
-        "snapshot crash — daemon fallback + dreaming scope binding",
-        "skip duplicate initStore in WS client — prevents 2-8s event loop block",
-        "add session scope imports to dreaming, project-boot, telemetry-upload",
-        "resolve typecheck errors for npm publish",
-        "add setImmediate yields to Graph→PG sync — prevent event loop blocking"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+        "gateway.json bootstrap in setup.sh — prevent empty config on fresh deploy"
       ],
+      "security": [],
       "other": [
-        "cover singleton employee spawn lock",
-        "cover registry proxy license auth fallbacks",
-        "update release notes for v0.9.243",
-        "stack release v0.9.16",
-        "bump v0.9.243 for stack release",
-        "bump v0.9.242 for stack release",
-        "add STACK-RELEASE.md — full release process documentation",
-        "claurst competitive analysis — npm distribution + free-tier mode",
-        "bump stack.release.json to v0.9.240 for CI image build",
-        "update release notes for v0.9.238-239",
-        "release: stack v0.9.14 — gateway audit fixes",
-        "release: stack v0.9.13 — HYGO deployment readiness",
-        "incremental Graph→PG sync — 86K rows → deltas only",
-        "batch Graph→PG sync — 500 rows per INSERT instead of row-by-row",
-        "consolidate daemon timers into unified orchestration tick (#78)",
-        "revise GLiNER — Haiku API now, GLiNER when cost matters",
-        "capture GLiNER entity extraction in ARCHITECTURE.md",
-        "detailed design system structure + Phase 2 component list",
-        "exe-os-design-system — unified design system for all products",
-        "GoTrue JWT unified auth architecture — founder directive 2026-06-08",
-        "Thread + Graph Discovery architecture — unified knowledge view",
-        "move heavy jobs to 9 PM — GraphRAG, skill sweep, backup",
-        "Mode 3 Client-Side RAG architecture — memories never leave device",
-        "bump to v0.9.230 — P0 WAL backup corruption fix for Jack",
-        "bump to v0.9.225"
+        "bump v0.9.249 release notes",
+        "cover gateway config bootstrap in setup"
       ],
       "migration_notes": []
     },
-    "0.9.245": {
-      "version": "0.9.245",
+    "0.9.248": {
+      "version": "0.9.248",
       "date": "2026-06-09",
-      "features": [
-        "Entity Profile UI — knowledge graph explorer + entity detail view",
-        "log MCP session open/close to stderr for docker logs visibility",
-        "Graph→PostgreSQL sync timer — automatic SQLite→exe-db projection",
-        "project GraphRAG data to PostgreSQL during cloud sync pull",
-        "add behavior effectiveness tracking — attribution, conflicts, scoring, load",
-        "close the reinforcement loop — dreaming reads investigation data",
-        "add reviews to Cloudflare support system — separate from bugs/features",
-        "self-improvement auto-merges simple fixes, notifies on failures",
-        "automatic investigation record system for debugging cycle tracking",
-        "smoke test + Playwright E2E + self-improvement cron",
-        "P0 procedures — verify your own fix + confidence decay",
-        "boot output as formatted table with box-drawing characters",
-        "show auto-fix cycle status in exe-os boot",
-        "graceful daemon restart — persist MCP sessions for transparent recovery",
-        "default to keyword+graph search, embeddings opt-in",
-        "server-side telemetry storage + admin insights endpoint",
-        "enrich telemetry payload with usage counters and auto-insights",
-        "add telemetry auto-insight computation engine",
-        "auto-calibration in dreaming cycle + telemetry integration",
-        "first-class time estimation on tasks — auto-tracked, queryable",
-        "add agent assertion system — confidence tracking on task lifecycle",
-        "auto-run dreaming cycle on session end — zero-touch self-improvement",
-        "add dreaming system + structured handoffs to platform procedures",
-        "add snapshot + boot to platform procedures and operating procedures",
-        "add `exe-os boot --project X` CLI command for project boot verification"
-      ],
+      "features": [],
       "fixes": [
-        "embeddings OFF by default for all users — opt-in via EXE_EMBEDDINGS=1",
-        "keep generated env templates in sync",
-        "bootstrap monitor env and lazy-init recall memory",
-        "registry proxy accepts license keys + stack-update reads .env license",
-        "stack-release uses defaultBranch per repo (wiki uses master)",
-        "prevent stale task intercom prompts",
-        "v0.9.241 — 13 more bug fixes (28 total this session)",
-        "sync lockfile for Docker build — npm ci --omit=dev works again",
-        "keep review notifications session-local and test-safe",
-        "CI Dockerfile reference — Dockerfile.exed → Dockerfile.exe-os",
-        "v0.9.240 — 15 bug fixes across HYGO, Jack, platform (stack v0.9.15)",
-        "keep daemon memory recall FTS bounded",
-        "keep daemon cloud sync off CRDT heap path",
-        "suppress ENOBUFS in reapers + skip boot-time sync execution",
-        "MCP health probe in prompt hook + Docker image build tolerance",
-        "plug MCP session memory leak — zombie McpServer instances accumulated",
-        "lower RSS watchdog to 1.5/2.5GB + add GC after heavy operations",
-        "snapshot crash — daemon fallback + dreaming scope binding",
-        "skip duplicate initStore in WS client — prevents 2-8s event loop block",
-        "add session scope imports to dreaming, project-boot, telemetry-upload",
-        "resolve typecheck errors for npm publish",
-        "add setImmediate yields to Graph→PG sync — prevent event loop blocking",
-        "convert SQLite short hex IDs to valid UUIDs for PostgreSQL projection",
-        "delay initial graph sync tick to 60s + add debug logging",
-        "share DB init state between MCP HTTP and timer ticks"
-      ],
-      "security": [
-        "fix shell injection, SSRF, socket leaks, backup validation",
-        "bump v0.9.139 — 2 CRITICAL security fixes, 14 bug fixes, 6 features, customer config preservation",
-        "fix 2 CRITICAL + 1 HIGH from post-fix audit",
-        "validate X-Agent-Role against roster — prevent privilege escalation",
-        "release: stack v0.9.8 — security hardening + Hygo bug fixes",
-        "add webhook HMAC-SHA256 validation + disable query param auth in prod",
-        "pin GitHub Actions to SHAs, update jose to 6.2.3",
-        "harden support intake against abuse and data leakage",
-        "bump to v0.9.22 — Codex MCP parity + customer bug fixes + security audit remediation",
-        "audit: pre-hygo exe-gateway security report",
-        "add SECURITY.md — trust document for pre-install security evaluation",
-        "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
+        "CRDT default OFF, lid-close recovery, MCP session over-count"
       ],
+      "security": [],
       "other": [
-        "bump v0.9.245",
-        "sync v0.9.244 published artifacts",
-        "bump v0.9.244",
-        "cover registry proxy license auth fallbacks",
-        "update release notes for v0.9.243",
-        "stack release v0.9.16",
-        "bump v0.9.243 for stack release",
-        "bump v0.9.242 for stack release",
-        "add STACK-RELEASE.md — full release process documentation",
-        "claurst competitive analysis — npm distribution + free-tier mode",
-        "bump stack.release.json to v0.9.240 for CI image build",
-        "update release notes for v0.9.238-239",
-        "release: stack v0.9.14 — gateway audit fixes",
-        "release: stack v0.9.13 — HYGO deployment readiness",
-        "incremental Graph→PG sync — 86K rows → deltas only",
-        "batch Graph→PG sync — 500 rows per INSERT instead of row-by-row",
-        "consolidate daemon timers into unified orchestration tick (#78)",
-        "revise GLiNER — Haiku API now, GLiNER when cost matters",
-        "capture GLiNER entity extraction in ARCHITECTURE.md",
-        "detailed design system structure + Phase 2 component list",
-        "exe-os-design-system — unified design system for all products",
-        "GoTrue JWT unified auth architecture — founder directive 2026-06-08",
-        "Thread + Graph Discovery architecture — unified knowledge view",
-        "move heavy jobs to 9 PM — GraphRAG, skill sweep, backup",
-        "Mode 3 Client-Side RAG architecture — memories never leave device"
+        "cover MCP autoreconnect warning suppression"
       ],
       "migration_notes": []
     },
-    "0.9.244": {
-      "version": "0.9.244",
+    "0.9.247": {
+      "version": "0.9.247",
       "date": "2026-06-09",
       "features": [
         "Entity Profile UI — knowledge graph explorer + entity detail view",
@@ -345,6 +88,12 @@
         "add `exe-os boot --project X` CLI command for project boot verification"
       ],
       "fixes": [
+        "spawn lock dedup, MCP recovery mutex, health timeout 60→180s",
+        "exclude release-note chores from generated notes",
+        "dedupe stale MCP session recovery",
+        "embeddings OFF by default for all users — opt-in via EXE_EMBEDDINGS=1",
+        "keep generated env templates in sync",
+        "bootstrap monitor env and lazy-init recall memory",
         "registry proxy accepts license keys + stack-update reads .env license",
         "stack-release uses defaultBranch per repo (wiki uses master)",
         "prevent stale task intercom prompts",
@@ -363,13 +112,7 @@
         "skip duplicate initStore in WS client — prevents 2-8s event loop block",
         "add session scope imports to dreaming, project-boot, telemetry-upload",
         "resolve typecheck errors for npm publish",
-        "add setImmediate yields to Graph→PG sync — prevent event loop blocking",
-        "convert SQLite short hex IDs to valid UUIDs for PostgreSQL projection",
-        "delay initial graph sync tick to 60s + add debug logging",
-        "share DB init state between MCP HTTP and timer ticks",
-        "allow VPS daemon to run in PostgreSQL-only mode (no encryption key)",
-        "detect response body failures — build pass ≠ feature works",
-        "coordinators see all tasks cross-session by default"
+        "add setImmediate yields to Graph→PG sync — prevent event loop blocking"
       ],
       "security": [
         "fix shell injection, SSRF, socket leaks, backup validation",
@@ -386,7 +129,9 @@
         "fix 4 pricing tier bypass vulnerabilities (audit F1-F4)"
       ],
       "other": [
-        "bump v0.9.244",
+        "bump v0.9.247 for stack manifest release",
+        "stack release v0.9.17",
+        "cover singleton employee spawn lock",
         "cover registry proxy license auth fallbacks",
         "update release notes for v0.9.243",
         "stack release v0.9.16",
@@ -408,9 +153,7 @@
         "GoTrue JWT unified auth architecture — founder directive 2026-06-08",
         "Thread + Graph Discovery architecture — unified knowledge view",
         "move heavy jobs to 9 PM — GraphRAG, skill sweep, backup",
-        "Mode 3 Client-Side RAG architecture — memories never leave device",
-        "bump to v0.9.230 — P0 WAL backup corruption fix for Jack",
-        "bump to v0.9.225"
+        "Mode 3 Client-Side RAG architecture — memories never leave device"
       ],
       "migration_notes": []
     }

package/stack.release.json

@@ -4,8 +4,8 @@
   "repo": "AskExe/exe-os",
   "service": "exe-os",
   "packageName": "@askexenow/exe-os",
-  "version": "0.9.243",
-  "image": "ghcr.io/askexe/exe-os:v0.9.243",
+  "version": "0.9.251",
+  "image": "ghcr.io/askexe/exe-os:v0.9.251",
   "imageEnv": "EXE_OS_IMAGE_TAG",
   "stackParticipation": {
     "required": true,
@@ -47,5 +47,5 @@
   },
   "deploymentScope": "customer",
   "highGhostStack": "0.9.9",
-  "sourceVersion": "0.9.243"
+  "sourceVersion": "0.9.251"
 }