@askexenow/exe-os 0.9.284 → 0.9.285

package/dist/hooks/manifest.json

@@ -1,6 +1,6 @@
 {
   "version": 1,
-  "generatedAt": "2026-06-17T08:59:46.167Z",
+  "generatedAt": "2026-06-17T09:05:37.660Z",
   "hashes": {
     "bug-report-worker.js": "16d6fab856fd34eeeb4406f0b63578abbab9b85a2c5b552918b2dc096bff45b2",
     "codex-stop-task-finalizer.js": "2e1b30d86acf2359fe6e555e486ffc80c8b525ab43646c523e272b92d8cdaa93",

package/dist/stack-update-I2DMZ6QL.js

@@ -0,0 +1,76 @@
+import {
+  ProgressReporter,
+  assertBreakingChangesAllowed,
+  assertDeploymentScopeAllowed,
+  assertHostReadyForApply,
+  assertProductionDeployGate,
+  bootstrapStackHost,
+  buildDefaultServiceSelection,
+  canonicalizeStackManifest,
+  collectImageAvailabilityIssues,
+  collectProductionDeployGateIssues,
+  createStackUpdatePlan,
+  defaultStackPaths,
+  detectDanglingVolumes,
+  filterServicesBySelection,
+  findLatestBackupEnvFile,
+  hardenHost,
+  listAvailableVersions,
+  loadServiceSelection,
+  loadStackManifest,
+  pairMonitorAgent,
+  parseEnv,
+  parseStackManifest,
+  patchEnv,
+  printDanglingVolumes,
+  printVolumeCleanupResult,
+  readCurrentStackVersion,
+  removeDanglingVolumes,
+  rollbackStackUpdate,
+  runStackUpdate,
+  saveServiceSelection,
+  serviceSelectionPath,
+  verifyManifestImagesAvailable,
+  verifyReleaseHealth,
+  verifyStackManifestSignature
+} from "./chunk-XENDLEP5.js";
+import "./chunk-YMKUXZIG.js";
+import "./chunk-T3B5RK4H.js";
+import "./chunk-LYH5HE24.js";
+import "./chunk-MLKGABMK.js";
+export {
+  ProgressReporter,
+  assertBreakingChangesAllowed,
+  assertDeploymentScopeAllowed,
+  assertHostReadyForApply,
+  assertProductionDeployGate,
+  bootstrapStackHost,
+  buildDefaultServiceSelection,
+  canonicalizeStackManifest,
+  collectImageAvailabilityIssues,
+  collectProductionDeployGateIssues,
+  createStackUpdatePlan,
+  defaultStackPaths,
+  detectDanglingVolumes,
+  filterServicesBySelection,
+  findLatestBackupEnvFile,
+  hardenHost,
+  listAvailableVersions,
+  loadServiceSelection,
+  loadStackManifest,
+  pairMonitorAgent,
+  parseEnv,
+  parseStackManifest,
+  patchEnv,
+  printDanglingVolumes,
+  printVolumeCleanupResult,
+  readCurrentStackVersion,
+  removeDanglingVolumes,
+  rollbackStackUpdate,
+  runStackUpdate,
+  saveServiceSelection,
+  serviceSelectionPath,
+  verifyManifestImagesAvailable,
+  verifyReleaseHealth,
+  verifyStackManifestSignature
+};

package/dist/stack-update-KOZLMLEI.js

@@ -0,0 +1,76 @@
+import {
+  ProgressReporter,
+  assertBreakingChangesAllowed,
+  assertDeploymentScopeAllowed,
+  assertHostReadyForApply,
+  assertProductionDeployGate,
+  bootstrapStackHost,
+  buildDefaultServiceSelection,
+  canonicalizeStackManifest,
+  collectImageAvailabilityIssues,
+  collectProductionDeployGateIssues,
+  createStackUpdatePlan,
+  defaultStackPaths,
+  detectDanglingVolumes,
+  filterServicesBySelection,
+  findLatestBackupEnvFile,
+  hardenHost,
+  listAvailableVersions,
+  loadServiceSelection,
+  loadStackManifest,
+  pairMonitorAgent,
+  parseEnv,
+  parseStackManifest,
+  patchEnv,
+  printDanglingVolumes,
+  printVolumeCleanupResult,
+  readCurrentStackVersion,
+  removeDanglingVolumes,
+  rollbackStackUpdate,
+  runStackUpdate,
+  saveServiceSelection,
+  serviceSelectionPath,
+  verifyManifestImagesAvailable,
+  verifyReleaseHealth,
+  verifyStackManifestSignature
+} from "./chunk-XNVX6XNW.js";
+import "./chunk-YMKUXZIG.js";
+import "./chunk-T3B5RK4H.js";
+import "./chunk-LYH5HE24.js";
+import "./chunk-MLKGABMK.js";
+export {
+  ProgressReporter,
+  assertBreakingChangesAllowed,
+  assertDeploymentScopeAllowed,
+  assertHostReadyForApply,
+  assertProductionDeployGate,
+  bootstrapStackHost,
+  buildDefaultServiceSelection,
+  canonicalizeStackManifest,
+  collectImageAvailabilityIssues,
+  collectProductionDeployGateIssues,
+  createStackUpdatePlan,
+  defaultStackPaths,
+  detectDanglingVolumes,
+  filterServicesBySelection,
+  findLatestBackupEnvFile,
+  hardenHost,
+  listAvailableVersions,
+  loadServiceSelection,
+  loadStackManifest,
+  pairMonitorAgent,
+  parseEnv,
+  parseStackManifest,
+  patchEnv,
+  printDanglingVolumes,
+  printVolumeCleanupResult,
+  readCurrentStackVersion,
+  removeDanglingVolumes,
+  rollbackStackUpdate,
+  runStackUpdate,
+  saveServiceSelection,
+  serviceSelectionPath,
+  verifyManifestImagesAvailable,
+  verifyReleaseHealth,
+  verifyStackManifestSignature
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.284",
+  "version": "0.9.285",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/release-notes.json

@@ -1,10 +1,11 @@
 {
-  "current": "0.9.284",
+  "current": "0.9.285",
   "notes": {
-    "0.9.284": {
-      "version": "0.9.284",
+    "0.9.285": {
+      "version": "0.9.285",
       "date": "2026-06-17",
       "features": [
+        "add image availability + platform verification to deploy gate",
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
         "admin backfill endpoint for api_key_hash — fixes all encrypted keys",
         "implement startMonitor for Slack/Discord/Telegram/WhatsApp + SMTP via nodemailer",
@@ -28,8 +29,7 @@
         "emotional baselines per agent role (dbfbe67f) (#131)",
         "split exe-os into server (~200MB) and worker (~1GB) images (#130)",
         "out-of-process socket watchdog (c3b287cc) (#129)",
-        "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)",
-        "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
+        "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)"
       ],
       "fixes": [
         "add otel-collector to official image allowlist — unblocks stack-update",
@@ -60,6 +60,7 @@
       ],
       "security": [],
       "other": [
+        "bump v0.9.285 — deploy gate image verification",
         "bump v0.9.284 — otel deploy gate fix",
         "bump v0.9.283 — amd64 digest fix",
         "bump v0.9.282 — daemon image v0.9.281 in manifest",
@@ -83,13 +84,12 @@
         "update release-notes.json",
         "bump 0.9.275 — bundle stack 0.9.22 manifest for stack-update",
         "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
-        "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
-        "Add daemon smoke gate"
+        "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes"
       ],
       "migration_notes": []
     },
-    "0.9.283": {
-      "version": "0.9.283",
+    "0.9.284": {
+      "version": "0.9.284",
       "date": "2026-06-17",
       "features": [
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -119,6 +119,7 @@
         "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
       ],
       "fixes": [
+        "add otel-collector to official image allowlist — unblocks stack-update",
         "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
         "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
         "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
@@ -142,11 +143,11 @@
         "add sync_meta to SQL guard allowlist — fixes cloud sync (bug 9fbbe145)",
         "accept digest-only official images in deploy gate",
         "prevent empty/duplicate company_procedure rows at the source",
-        "remove duplicate if-block causing TS build failure",
-        "watchdog self-heal + restart-intent propagation (belt & suspenders)"
+        "remove duplicate if-block causing TS build failure"
       ],
       "security": [],
       "other": [
+        "bump v0.9.284 — otel deploy gate fix",
         "bump v0.9.283 — amd64 digest fix",
         "bump v0.9.282 — daemon image v0.9.281 in manifest",
         "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
@@ -170,13 +171,12 @@
         "bump 0.9.275 — bundle stack 0.9.22 manifest for stack-update",
         "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
         "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
-        "Add daemon smoke gate",
-        "Publish Claude Fable model support as 0.9.272"
+        "Add daemon smoke gate"
       ],
       "migration_notes": []
     },
-    "0.9.282": {
-      "version": "0.9.282",
+    "0.9.283": {
+      "version": "0.9.283",
       "date": "2026-06-17",
       "features": [
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -206,6 +206,7 @@
         "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
       ],
       "fixes": [
+        "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
         "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
         "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
         "add exe-erp-nginx for static assets + remove direct gunicorn port (bug 6776edf0)",
@@ -229,11 +230,11 @@
         "accept digest-only official images in deploy gate",
         "prevent empty/duplicate company_procedure rows at the source",
         "remove duplicate if-block causing TS build failure",
-        "watchdog self-heal + restart-intent propagation (belt & suspenders)",
-        "skip junk/empty company_procedure rows that bloated prompts to 1.6MB"
+        "watchdog self-heal + restart-intent propagation (belt & suspenders)"
       ],
       "security": [],
       "other": [
+        "bump v0.9.283 — amd64 digest fix",
         "bump v0.9.282 — daemon image v0.9.281 in manifest",
         "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
         "bump v0.9.280 — GoTrue MCP auth, support fixes",
@@ -257,13 +258,12 @@
         "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
         "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
         "Add daemon smoke gate",
-        "Publish Claude Fable model support as 0.9.272",
-        "Add Claude Fable model whitelist"
+        "Publish Claude Fable model support as 0.9.272"
       ],
       "migration_notes": []
     },
-    "0.9.281": {
-      "version": "0.9.281",
+    "0.9.282": {
+      "version": "0.9.282",
       "date": "2026-06-17",
       "features": [
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -293,6 +293,7 @@
         "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
       ],
       "fixes": [
+        "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
         "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
         "add exe-erp-nginx for static assets + remove direct gunicorn port (bug 6776edf0)",
         "ERP healthcheck Host header + websocket path for Frappe 17 (bugs 7c905474, 468cc508)",
@@ -316,11 +317,11 @@
         "prevent empty/duplicate company_procedure rows at the source",
         "remove duplicate if-block causing TS build failure",
         "watchdog self-heal + restart-intent propagation (belt & suspenders)",
-        "skip junk/empty company_procedure rows that bloated prompts to 1.6MB",
-        "match user by deviceId when encryption secret lost"
+        "skip junk/empty company_procedure rows that bloated prompts to 1.6MB"
       ],
       "security": [],
       "other": [
+        "bump v0.9.282 — daemon image v0.9.281 in manifest",
         "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
         "bump v0.9.280 — GoTrue MCP auth, support fixes",
         "bump v0.9.279 — stack v0.9.24, GoTrue support auth, optional services",
@@ -344,13 +345,12 @@
         "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
         "Add daemon smoke gate",
         "Publish Claude Fable model support as 0.9.272",
-        "Add Claude Fable model whitelist",
-        "Publish stack-update service resume as 0.9.271"
+        "Add Claude Fable model whitelist"
       ],
       "migration_notes": []
     },
-    "0.9.280": {
-      "version": "0.9.280",
+    "0.9.281": {
+      "version": "0.9.281",
       "date": "2026-06-17",
       "features": [
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -380,34 +380,35 @@
         "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
       ],
       "fixes": [
+        "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
+        "add exe-erp-nginx for static assets + remove direct gunicorn port (bug 6776edf0)",
+        "ERP healthcheck Host header + websocket path for Frappe 17 (bugs 7c905474, 468cc508)",
+        "rotate signing key to match Worker secret (bug 834ffb70)",
+        "add exe-auth service to main compose + fix image reference to update.askexe.com",
+        "align compose default image tags with manifest 0.9.24 (bug 79168bac)",
+        "isDaemonAlive falls back to socket check when PID file missing (bug b5fb9404)",
+        "correct exe-erp image tag final7→final3 in manifests 0.9.23 + 0.9.24 (bug ff960d31)",
+        "create exe_erp login role in init-db.sql (bug 9d452322)",
+        "CRM_SERVER_URL uses crm. subdomain + add EXE_CRM_ADMIN_EMAIL (bugs 8d20e779, 7debf355)",
+        "use update.askexe.com for exe-auth image in manifest 0.9.24 (bug 97f2d288)",
+        "ensure description field is never empty in feature request upstream payload (bug 0a8e16d0)",
+        "add WSL clip.exe detection to shipped tmux.conf (bug 3396fb26)",
+        "include node binary dir in exe-os-node shim PATH (bug 71adcb68)",
+        "add minimum daemon age guard to prevent crash-loop (bug 25faecf3)",
+        "digest-pin all 0.9.24 images + remove control-plane from customer manifest",
+        "resolve full UUID before upstream delivery — fixes update_bug/update_feature 400s (bug 31b1d2e3)",
+        "dual-key JWT verification — accept tokens signed by previous key (bug 2f5d6166)",
+        "add sync_meta to SQL guard allowlist — fixes cloud sync (bug 9fbbe145)",
+        "accept digest-only official images in deploy gate",
         "prevent empty/duplicate company_procedure rows at the source",
         "remove duplicate if-block causing TS build failure",
         "watchdog self-heal + restart-intent propagation (belt & suspenders)",
         "skip junk/empty company_procedure rows that bloated prompts to 1.6MB",
-        "match user by deviceId when encryption secret lost",
-        "backfill api_key_hash on every /auth/activate call",
-        "allow dev-fallback storage secret for backfill (keys were encrypted with it)",
-        "cap model-instructions prompt under the API limit (was 1.6MB → 400)",
-        "mark keychain unavailable on write timeout; pass --session to codex/opencode",
-        "backfill api_key_hash for ALREADY encrypted keys",
-        "store api_key_hash on key upgrade — support validation works for all customers",
-        "name the target keychain on store to fix \"cannot be found\"",
-        "never re-prompt when the OS keychain is unavailable",
-        "GoTrue JWT payload decode fallback — support channel working",
-        "validate against GoTrue JWT — not just D1 license keys",
-        "stop master-key destruction on launch + fix codex --profile",
-        "clear all 25 moderate CVEs via OTel+protobufjs overrides; fix date-bomb test",
-        "auth is customer-facing (not control-plane)",
-        "patch hono HIGH CVE + fix stale worker-gate test",
-        "use hooks-free CODEX_HOME to prevent crash after 10 codex calls",
-        "per-chat runner + offset flag + execSync + clean env + GC",
-        "execFile instead of spawn, sequential loop, useOpenCode, 180s timeout",
-        "P1 CVE fixes + test alignment + tarball budget + env sync",
-        "exe-start COO_NAME resolution fails on npm install (not dev symlink)",
-        "fix FTS ambiguous column bug + CLaRa term sanitization"
+        "match user by deviceId when encryption secret lost"
       ],
       "security": [],
       "other": [
+        "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
         "bump v0.9.280 — GoTrue MCP auth, support fixes",
         "bump v0.9.279 — stack v0.9.24, GoTrue support auth, optional services",
         "service ownership matrix — dashboard is AskExe-only, not customer stack",