@askexenow/exe-os 0.9.296 → 0.9.297

package/deploy/stack-manifests/v0.9.json

@@ -1408,7 +1408,7 @@
           "description": "Monitoring Dashboard"
         },
         "auth": {
-          "image": "update.askexe.com/askexe/exe-auth:v0.1.1",
+          "image": "update.askexe.com/askexe/exe-auth:v0.2.0@sha256:8e1a17e5aff92b844be08c82120d91da0a4eaf6757c1071aec25ab5d7b560ba9",
           "env": "AUTH_IMAGE_TAG",
           "composeService": "exe-auth",
           "healthUrl": "http://127.0.0.1:3300/",

package/dist/hooks/manifest.json

@@ -1,6 +1,6 @@
 {
   "version": 1,
-  "generatedAt": "2026-06-19T05:54:30.968Z",
+  "generatedAt": "2026-06-19T05:55:44.758Z",
   "hashes": {
     "bug-report-worker.js": "c10ff847bf83ea88f1f36c8ba3fb99d9dcdc37f93891003376ed1a890e9a898c",
     "codex-stop-task-finalizer.js": "a9508868c93792a71320064bbe81eb63ac22924f457d1ecfdebd85c7a3b06878",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.296",
+  "version": "0.9.297",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/release-notes.json

@@ -1,6 +1,93 @@
 {
-  "current": "0.9.296",
+  "current": "0.9.297",
   "notes": {
+    "0.9.297": {
+      "version": "0.9.297",
+      "date": "2026-06-19",
+      "features": [
+        "add comment capability to bug reports (admin route + MCP add_comment) (#211)",
+        "unmerged-branch visibility (bug e324f244) (#208)",
+        "5 P2 features — embed health dashboard, support reconcile, CC updater protection, LKG cache, error correlation IDs",
+        "set CC autoUpdatesChannel to stable during install (feat 83552605)",
+        "auto-reconcile local files with upstream status (feat 070bc025)",
+        "expose embed worker fork status, PID, ready state in daemon health (feat 63c35469)",
+        "deploy validation tests — IP collision, manifest parity, image tags, env parity",
+        "session_deregister + session_cleanup — force-remove stale sessions (feat 2e55cbe4)",
+        "OOM crash-loop backoff — circuit breaker after 3 crashes in 10min (feat 8e976fe0)",
+        "Exe Embeddings v1.2 + Graph cross-repo contracts (features 36aa70d0, 9f6b3164)",
+        "bump daemon heap cap 2048→4096MB in launchd plist (feat 6ee417ca)",
+        "CI/CD Phase 3 — deploy validation + health gate tests + flaky test quarantine",
+        "add CI Phase 3 deploy validation — 5 static checks for compose/manifest",
+        "surface degradation/health in cloud_status, memory_audit, doctor (2c85e74b)",
+        "owner-scoped self-service bug-report updates (7ed54c42)",
+        "add image availability + platform verification to deploy gate",
+        "'Why did the daemon restart?' telemetry report [3caa55e9]",
+        "dark/light/system theme toggle on Exe Foundry Bold tokens [6df56277]",
+        "prospective memory as native 5th cognition layer (9261d452)",
+        "CPU-steal detection in health tooling (7b9386ad)",
+        "host-access consent gate for monitor agent (f7ebb1fa)",
+        "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
+        "admin backfill endpoint for api_key_hash — fixes all encrypted keys",
+        "implement startMonitor for Slack/Discord/Telegram/WhatsApp + SMTP via nodemailer",
+        "add dashboard + auth + otel to manifest as control-plane services"
+      ],
+      "fixes": [
+        "single short-timeout daemon attempt + instant SQLite fallback (73s → <3s) (#224)",
+        "align worker RSS-kill with its heap + single config source of truth (0d5d5aa8/39a9174f) (#223)",
+        "wire unified-auth redirect into deployed stack (crm/wiki/erp → auth) (#222)",
+        "model loads ONLY in worker (own heap) + graceful degrade — daemon can never OOM on embeddings (P0) (#221)",
+        "reaper survives large output (ENOBUFS) — orphaned tasks spawn workers (#220)",
+        "force embed model to worker (P0 OOM) + persistent plist PATH + pre-restart backup cap (#219)",
+        "enable LLM routing when available + clarify fallback signal (#218)",
+        "reap ghost coordinator sessions (dead PID + absent tmux) (#217)",
+        "reliably detect DISABLE_AUTOUPDATER (no flap) (#216)",
+        "report real embed-worker state (no false 'stopped') (#215)",
+        "migrate new required env vars + non-destructive rollback (HYGO upgrade) (#214)",
+        "exe-auth backend network, cloudflared healthcheck, entrypoint port-conflict self-kill (HYGO) (#213)",
+        "template nginx server_name + CORS from env at container start (no askexe.com fallback) (#212)",
+        "submit message in Codex sessions (separate Enter keystroke, runtime-aware) (#210)",
+        "ghost root-cause — UUID on pull + NOT NULL/non-empty schema guard (P0 26688a14)",
+        "sync generateExampleEnv with .env.example (ERP final8 + backups/WAL block)",
+        "caller-scoped spawn + real dispatch failure surfacing + boot identity/env guards (#202)",
+        "atomic+verified launchd registration (correct heap flag) + crash-debris rotation",
+        "stop ghost-row generation + bulk-cleanable + sync-safe deletion (P0 8399e330) (#201)",
+        "fetch isolation guard + quarantine flaky ws-client/ws-auth tests",
+        "4 session/infra bugs — degraded boot, Explore loop, gate message, COO identity guard",
+        "update_bug resolves bug by ID against remote admin API (#200)",
+        "exe-os auth/SSO/GoTrue (domain-configurable gateway, GoTrue From + SMTP confirm, SSO redirect wiring) (#198)",
+        "exe-os core bugs (embed OOM throttle, EXE_EMBEDDINGS plumbing, starvation-aware self-heal, CC native-binary risk) (#197)",
+        "update task list identity message assertion to match code"
+      ],
+      "security": [],
+      "other": [
+        "bump v0.9.296 — exe-auth v0.2.0 SSO + redirect in manifest",
+        "release v0.9.296 — Jack/HYGO embed+infra avalanche fixes",
+        "bump v0.9.295 — exe-os daemon image v0.9.294 in manifest",
+        "bump v0.9.294 — exe-auth repo + CI/CD on all 8 repos + branch hygiene",
+        "pin actions to SHAs, drop stale disabled workflows, fail-closed release gate, manifest signing tool (#207)",
+        "bump v0.9.293 — 17 salvaged branches merged",
+        "bump v0.9.292 — 24 features shipped, CI/CD Phase 3, 10 bugs fixed",
+        "post-deploy health gate tests — verify container health, missing, crash-loop",
+        "bump v0.9.291 — 4 new features + CI fix",
+        "add health gate coverage — verifyComposeServicesRunning, timeout precedence, rollback preservation",
+        "bump v0.9.290 — wave 2 bug fixes (#173-#190)",
+        "bump v0.9.289 — 22 bug fixes merged (#150-#171)",
+        "bump v0.9.288 — wave 1 features + 114 auth tests + CI fixes",
+        "bump v0.9.287 — deploy gate auth fix + exe-erp v0.2.1",
+        "bump v0.9.286 — exe-erp final8 in manifest",
+        "add cross-service SSO + key rotation + daemon restart tests (35 tests)",
+        "45 tests for image validation, ${VAR:-default} resolution, platform checks",
+        "add 16 activate fallback chain tests — covers bug 2f5d6166 failure modes",
+        "add 18 key rotation tests — dual-key verify, grace, fallback chain",
+        "bump v0.9.285 — deploy gate image verification",
+        "bump v0.9.284 — otel deploy gate fix",
+        "bump v0.9.283 — amd64 digest fix",
+        "bump v0.9.282 — daemon image v0.9.281 in manifest",
+        "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
+        "bump v0.9.280 — GoTrue MCP auth, support fixes"
+      ],
+      "migration_notes": []
+    },
     "0.9.296": {
       "version": "0.9.296",
       "date": "2026-06-19",
@@ -348,93 +435,6 @@
         "document_aware retrieval guidance — when and why agents should use it"
       ],
       "migration_notes": []
-    },
-    "0.9.289": {
-      "version": "0.9.289",
-      "date": "2026-06-18",
-      "features": [
-        "surface degradation/health in cloud_status, memory_audit, doctor (2c85e74b)",
-        "owner-scoped self-service bug-report updates (7ed54c42)",
-        "add image availability + platform verification to deploy gate",
-        "'Why did the daemon restart?' telemetry report [3caa55e9]",
-        "dark/light/system theme toggle on Exe Foundry Bold tokens [6df56277]",
-        "prospective memory as native 5th cognition layer (9261d452)",
-        "CPU-steal detection in health tooling (7b9386ad)",
-        "host-access consent gate for monitor agent (f7ebb1fa)",
-        "GoTrue JWT auth for MCP — exe-os login/logout/whoami",
-        "admin backfill endpoint for api_key_hash — fixes all encrypted keys",
-        "implement startMonitor for Slack/Discord/Telegram/WhatsApp + SMTP via nodemailer",
-        "add dashboard + auth + otel to manifest as control-plane services",
-        "CLI service selection + exe-build removal from customer stack",
-        "automatic ERP invoice generation on top-up + monthly",
-        "deploy OTLP collector on VPS",
-        "real per-model pricing for 40+ models + default → kimi-k2.7-code",
-        "ERP trigger engine wiring + profile sync via GoTrue user_metadata",
-        "v0.9.24 manifest — optional services + exe-build removed",
-        "usage alerts (webhook + email) + email verification /confirm page",
-        "welcome email, low balance alerts, password reset, Stripe portal",
-        "wire Stripe checkout → D1 credit_ledger (closes billing loop)",
-        "add Create Account tab — full sign-up flow on auth.askexe.com",
-        "add stable/canary/pinned update channels for progressive rollout (45a55727) (#138)",
-        "discovery hooks — auto-wire MCP tool hints into agent context (2fe666fb) (#136)",
-        "on-demand document→knowledge-graph concept extraction (1514443a) (#135)"
-      ],
-      "fixes": [
-        "recognize configured coordinator name in live-tmux root fallback (bug bb601d8a)",
-        "registry-auth tests call collectImageAvailabilityIssues directly (not via deploy gate)",
-        "make /exe status brief on-request, not auto-fire every session",
-        "add Phase 3 post-deploy container health verification",
-        "honor limit param + add pagination to list_my_bugs/list_my_features",
-        "reclaim full Docker space (all images + build cache)",
-        "patch launchd plist on upgrade — carry EXE_EMBEDDINGS + cap heap at 2GB",
-        "reply to server ping to stop 1006 connection flapping",
-        "prevent stale DEGRADED BOOT warning after MCP reconnects",
-        "per-service health timeout + stage erp-nginx/nginx.conf (bug d04cbc91)",
-        "break circular exec loop on 'exe-os update' (bug 2222dc1d)",
-        "resolve legacy model filenames so pre-rename installs find their GGUF",
-        "accept GET /v1/support/{bug,feature}-reports as list aliases",
-        "drop static container IPs + rollback restores prev compose",
-        "bind MCP port early with 503 bootstrap to kill /mcp ConnectionRefused race",
-        "never POST to live support API under test (stops CI/test spam) (#149)",
-        "add --expose-gc to all daemon spawn paths to prevent OOM crashes",
-        "fail-fast connect when daemon dead — boot no longer waits 4+ min",
-        "stop embed worker inheriting --max-old-space-size — OOM crash-loop (bug 0cd186d0)",
-        "reconcile docker-compose.yml from template on update",
-        "start ERP compose sidecars (nginx/ws/queue/scheduler)",
-        "ignore ghost coordinator registry entries in caller resolution",
-        "resilient exe-erp-websocket realtime entry resolution (bug 35576eed)",
-        "SIGKILL self on SIGTERM/SIGINT to avoid ggml Metal finalizer crash",
-        "replace any with unknown in session-start hook"
-      ],
-      "security": [],
-      "other": [
-        "bump v0.9.289 — 22 bug fixes merged (#150-#171)",
-        "bump v0.9.288 — wave 1 features + 114 auth tests + CI fixes",
-        "bump v0.9.287 — deploy gate auth fix + exe-erp v0.2.1",
-        "bump v0.9.286 — exe-erp final8 in manifest",
-        "add cross-service SSO + key rotation + daemon restart tests (35 tests)",
-        "45 tests for image validation, ${VAR:-default} resolution, platform checks",
-        "add 16 activate fallback chain tests — covers bug 2f5d6166 failure modes",
-        "add 18 key rotation tests — dual-key verify, grace, fallback chain",
-        "bump v0.9.285 — deploy gate image verification",
-        "bump v0.9.284 — otel deploy gate fix",
-        "bump v0.9.283 — amd64 digest fix",
-        "bump v0.9.282 — daemon image v0.9.281 in manifest",
-        "prepare v0.9.281 — 50 bugs fixed, stack 0.9.24 fully deployable",
-        "bump v0.9.280 — GoTrue MCP auth, support fixes",
-        "bump v0.9.279 — stack v0.9.24, GoTrue support auth, optional services",
-        "service ownership matrix — dashboard is AskExe-only, not customer stack",
-        "bump version to 0.9.278",
-        "API documentation for wiki.askexe.com (5 pages)",
-        "consolidate platform procedures from 75 to 46 (37KB from 72KB) (#139)",
-        "11 new platform procedures for v0.9.278 features",
-        "document five-layer customization preservation model (a88c354b) (#137)",
-        "bump version to 0.9.277",
-        "document_aware retrieval guidance — when and why agents should use it",
-        "session lifecycle — 3-layer automatic state preservation",
-        "integrate session closeout, model registry, dreaming into platform procedures"
-      ],
-      "migration_notes": []
     }
   }
 }