@askexenow/exe-os 0.9.285 → 0.9.287

package/release-notes.json

@@ -1,9 +1,9 @@
 {
-  "current": "0.9.285",
+  "current": "0.9.287",
   "notes": {
-    "0.9.285": {
-      "version": "0.9.285",
-      "date": "2026-06-17",
+    "0.9.287": {
+      "version": "0.9.287",
+      "date": "2026-06-18",
       "features": [
         "add image availability + platform verification to deploy gate",
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -32,6 +32,15 @@
         "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)"
       ],
       "fixes": [
+        "skip image-availability check for private registry + exe-erp v0.2.1",
+        "exe-erp v0.2.0-final8 with socketio.js + realtime/ baked in",
+        "erp-nginx backend IP .32 (not .28, taken by erp-queue)",
+        "unique frontend IPs — auth 10.43.0.35, erp-nginx 10.43.0.28 (no collisions)",
+        "frontend subnet 10.43.0.x (not 10.42.1.x) for erp-nginx + auth",
+        "erp-nginx port 8000→80 (nginx listens on 80, not 8000) + fix frontend subnet",
+        "ERP_PORT→ERP_API_PORT + port :80→:8000 + CRM version in test (bug 23ee1ab2)",
+        "lift rate limits — resolve merge conflicts",
+        "lift rate limits on bug/feature filing — every report matters",
         "add otel-collector to official image allowlist — unblocks stack-update",
         "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
         "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
@@ -47,19 +56,16 @@
         "CRM_SERVER_URL uses crm. subdomain + add EXE_CRM_ADMIN_EMAIL (bugs 8d20e779, 7debf355)",
         "use update.askexe.com for exe-auth image in manifest 0.9.24 (bug 97f2d288)",
         "ensure description field is never empty in feature request upstream payload (bug 0a8e16d0)",
-        "add WSL clip.exe detection to shipped tmux.conf (bug 3396fb26)",
-        "include node binary dir in exe-os-node shim PATH (bug 71adcb68)",
-        "add minimum daemon age guard to prevent crash-loop (bug 25faecf3)",
-        "digest-pin all 0.9.24 images + remove control-plane from customer manifest",
-        "resolve full UUID before upstream delivery — fixes update_bug/update_feature 400s (bug 31b1d2e3)",
-        "dual-key JWT verification — accept tokens signed by previous key (bug 2f5d6166)",
-        "add sync_meta to SQL guard allowlist — fixes cloud sync (bug 9fbbe145)",
-        "accept digest-only official images in deploy gate",
-        "prevent empty/duplicate company_procedure rows at the source",
-        "remove duplicate if-block causing TS build failure"
+        "add WSL clip.exe detection to shipped tmux.conf (bug 3396fb26)"
       ],
       "security": [],
       "other": [
+        "bump v0.9.287 — deploy gate auth fix + exe-erp v0.2.1",
+        "bump v0.9.286 — exe-erp final8 in manifest",
+        "add cross-service SSO + key rotation + daemon restart tests (35 tests)",
+        "45 tests for image validation, ${VAR:-default} resolution, platform checks",
+        "add 16 activate fallback chain tests — covers bug 2f5d6166 failure modes",
+        "add 18 key rotation tests — dual-key verify, grace, fallback chain",
         "bump v0.9.285 — deploy gate image verification",
         "bump v0.9.284 — otel deploy gate fix",
         "bump v0.9.283 — amd64 digest fix",
@@ -78,20 +84,15 @@
         "session lifecycle — 3-layer automatic state preservation",
         "integrate session closeout, model registry, dreaming into platform procedures",
         "route all memory benchmarks through the embed daemon",
-        "make daemon smoke gate CI-safe under load (#96)",
-        "release: stack 0.9.23 — exe-gateway v0.9.21 (WhatsApp pipeline fixes)",
-        "expect Exe Embeddings v1 default modelFile",
-        "update release-notes.json",
-        "bump 0.9.275 — bundle stack 0.9.22 manifest for stack-update",
-        "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
-        "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes"
+        "make daemon smoke gate CI-safe under load (#96)"
       ],
       "migration_notes": []
     },
-    "0.9.284": {
-      "version": "0.9.284",
-      "date": "2026-06-17",
+    "0.9.286": {
+      "version": "0.9.286",
+      "date": "2026-06-18",
       "features": [
+        "add image availability + platform verification to deploy gate",
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
         "admin backfill endpoint for api_key_hash — fixes all encrypted keys",
         "implement startMonitor for Slack/Discord/Telegram/WhatsApp + SMTP via nodemailer",
@@ -115,10 +116,17 @@
         "emotional baselines per agent role (dbfbe67f) (#131)",
         "split exe-os into server (~200MB) and worker (~1GB) images (#130)",
         "out-of-process socket watchdog (c3b287cc) (#129)",
-        "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)",
-        "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
+        "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)"
       ],
       "fixes": [
+        "exe-erp v0.2.0-final8 with socketio.js + realtime/ baked in",
+        "erp-nginx backend IP .32 (not .28, taken by erp-queue)",
+        "unique frontend IPs — auth 10.43.0.35, erp-nginx 10.43.0.28 (no collisions)",
+        "frontend subnet 10.43.0.x (not 10.42.1.x) for erp-nginx + auth",
+        "erp-nginx port 8000→80 (nginx listens on 80, not 8000) + fix frontend subnet",
+        "ERP_PORT→ERP_API_PORT + port :80→:8000 + CRM version in test (bug 23ee1ab2)",
+        "lift rate limits — resolve merge conflicts",
+        "lift rate limits on bug/feature filing — every report matters",
         "add otel-collector to official image allowlist — unblocks stack-update",
         "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
         "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
@@ -135,18 +143,16 @@
         "use update.askexe.com for exe-auth image in manifest 0.9.24 (bug 97f2d288)",
         "ensure description field is never empty in feature request upstream payload (bug 0a8e16d0)",
         "add WSL clip.exe detection to shipped tmux.conf (bug 3396fb26)",
-        "include node binary dir in exe-os-node shim PATH (bug 71adcb68)",
-        "add minimum daemon age guard to prevent crash-loop (bug 25faecf3)",
-        "digest-pin all 0.9.24 images + remove control-plane from customer manifest",
-        "resolve full UUID before upstream delivery — fixes update_bug/update_feature 400s (bug 31b1d2e3)",
-        "dual-key JWT verification — accept tokens signed by previous key (bug 2f5d6166)",
-        "add sync_meta to SQL guard allowlist — fixes cloud sync (bug 9fbbe145)",
-        "accept digest-only official images in deploy gate",
-        "prevent empty/duplicate company_procedure rows at the source",
-        "remove duplicate if-block causing TS build failure"
+        "include node binary dir in exe-os-node shim PATH (bug 71adcb68)"
       ],
       "security": [],
       "other": [
+        "bump v0.9.286 — exe-erp final8 in manifest",
+        "add cross-service SSO + key rotation + daemon restart tests (35 tests)",
+        "45 tests for image validation, ${VAR:-default} resolution, platform checks",
+        "add 16 activate fallback chain tests — covers bug 2f5d6166 failure modes",
+        "add 18 key rotation tests — dual-key verify, grace, fallback chain",
+        "bump v0.9.285 — deploy gate image verification",
         "bump v0.9.284 — otel deploy gate fix",
         "bump v0.9.283 — amd64 digest fix",
         "bump v0.9.282 — daemon image v0.9.281 in manifest",
@@ -165,20 +171,15 @@
         "integrate session closeout, model registry, dreaming into platform procedures",
         "route all memory benchmarks through the embed daemon",
         "make daemon smoke gate CI-safe under load (#96)",
-        "release: stack 0.9.23 — exe-gateway v0.9.21 (WhatsApp pipeline fixes)",
-        "expect Exe Embeddings v1 default modelFile",
-        "update release-notes.json",
-        "bump 0.9.275 — bundle stack 0.9.22 manifest for stack-update",
-        "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
-        "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
-        "Add daemon smoke gate"
+        "release: stack 0.9.23 — exe-gateway v0.9.21 (WhatsApp pipeline fixes)"
       ],
       "migration_notes": []
     },
-    "0.9.283": {
-      "version": "0.9.283",
+    "0.9.285": {
+      "version": "0.9.285",
       "date": "2026-06-17",
       "features": [
+        "add image availability + platform verification to deploy gate",
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
         "admin backfill endpoint for api_key_hash — fixes all encrypted keys",
         "implement startMonitor for Slack/Discord/Telegram/WhatsApp + SMTP via nodemailer",
@@ -202,10 +203,10 @@
         "emotional baselines per agent role (dbfbe67f) (#131)",
         "split exe-os into server (~200MB) and worker (~1GB) images (#130)",
         "out-of-process socket watchdog (c3b287cc) (#129)",
-        "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)",
-        "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
+        "hot-path session summary — compress last checkpoint into ~200 tokens at boot (edaf4eb3) (#128)"
       ],
       "fixes": [
+        "add otel-collector to official image allowlist — unblocks stack-update",
         "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
         "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
         "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
@@ -229,11 +230,12 @@
         "add sync_meta to SQL guard allowlist — fixes cloud sync (bug 9fbbe145)",
         "accept digest-only official images in deploy gate",
         "prevent empty/duplicate company_procedure rows at the source",
-        "remove duplicate if-block causing TS build failure",
-        "watchdog self-heal + restart-intent propagation (belt & suspenders)"
+        "remove duplicate if-block causing TS build failure"
       ],
       "security": [],
       "other": [
+        "bump v0.9.285 — deploy gate image verification",
+        "bump v0.9.284 — otel deploy gate fix",
         "bump v0.9.283 — amd64 digest fix",
         "bump v0.9.282 — daemon image v0.9.281 in manifest",
         "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
@@ -256,14 +258,12 @@
         "update release-notes.json",
         "bump 0.9.275 — bundle stack 0.9.22 manifest for stack-update",
         "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
-        "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
-        "Add daemon smoke gate",
-        "Publish Claude Fable model support as 0.9.272"
+        "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes"
       ],
       "migration_notes": []
     },
-    "0.9.282": {
-      "version": "0.9.282",
+    "0.9.284": {
+      "version": "0.9.284",
       "date": "2026-06-17",
       "features": [
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -293,6 +293,8 @@
         "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
       ],
       "fixes": [
+        "add otel-collector to official image allowlist — unblocks stack-update",
+        "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
         "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
         "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
         "add exe-erp-nginx for static assets + remove direct gunicorn port (bug 6776edf0)",
@@ -315,12 +317,12 @@
         "add sync_meta to SQL guard allowlist — fixes cloud sync (bug 9fbbe145)",
         "accept digest-only official images in deploy gate",
         "prevent empty/duplicate company_procedure rows at the source",
-        "remove duplicate if-block causing TS build failure",
-        "watchdog self-heal + restart-intent propagation (belt & suspenders)",
-        "skip junk/empty company_procedure rows that bloated prompts to 1.6MB"
+        "remove duplicate if-block causing TS build failure"
       ],
       "security": [],
       "other": [
+        "bump v0.9.284 — otel deploy gate fix",
+        "bump v0.9.283 — amd64 digest fix",
         "bump v0.9.282 — daemon image v0.9.281 in manifest",
         "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
         "bump v0.9.280 — GoTrue MCP auth, support fixes",
@@ -343,14 +345,12 @@
         "bump 0.9.275 — bundle stack 0.9.22 manifest for stack-update",
         "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
         "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
-        "Add daemon smoke gate",
-        "Publish Claude Fable model support as 0.9.272",
-        "Add Claude Fable model whitelist"
+        "Add daemon smoke gate"
       ],
       "migration_notes": []
     },
-    "0.9.281": {
-      "version": "0.9.281",
+    "0.9.283": {
+      "version": "0.9.283",
       "date": "2026-06-17",
       "features": [
         "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
@@ -380,6 +380,8 @@
         "cloud-synced cross-device reminders via Cloudflare Worker KV (a4195632) (#127)"
       ],
       "fixes": [
+        "correct exe-os + exe-auth digests for amd64 in manifest 0.9.24 (bug e0c3b3fb)",
+        "update exe-os daemon image to v0.9.281 in manifest 0.9.24",
         "mcp_ping reports alive when running inside daemon process (bug b5fb9404)",
         "add exe-erp-nginx for static assets + remove direct gunicorn port (bug 6776edf0)",
         "ERP healthcheck Host header + websocket path for Frappe 17 (bugs 7c905474, 468cc508)",
@@ -402,12 +404,12 @@
         "accept digest-only official images in deploy gate",
         "prevent empty/duplicate company_procedure rows at the source",
         "remove duplicate if-block causing TS build failure",
-        "watchdog self-heal + restart-intent propagation (belt & suspenders)",
-        "skip junk/empty company_procedure rows that bloated prompts to 1.6MB",
-        "match user by deviceId when encryption secret lost"
+        "watchdog self-heal + restart-intent propagation (belt & suspenders)"
       ],
       "security": [],
       "other": [
+        "bump v0.9.283 — amd64 digest fix",
+        "bump v0.9.282 — daemon image v0.9.281 in manifest",
         "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
         "bump v0.9.280 — GoTrue MCP auth, support fixes",
         "bump v0.9.279 — stack v0.9.24, GoTrue support auth, optional services",
@@ -430,9 +432,7 @@
         "release: stack 0.9.22 — exe-os v0.9.270, exe-crm v0.9.48, exe-gateway v0.9.18 (digest-pinned)",
         "bump 0.9.273 — graph/send_whatsapp/phantom-notif fixes",
         "Add daemon smoke gate",
-        "Publish Claude Fable model support as 0.9.272",
-        "Add Claude Fable model whitelist",
-        "Publish stack-update service resume as 0.9.271"
+        "Publish Claude Fable model support as 0.9.272"
       ],
       "migration_notes": []
     }