npm - @askexenow/exe-os - Versions diffs - 0.9.30 → 0.9.32 - Mend

@askexenow/exe-os 0.9.30 → 0.9.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/dist/bin/backfill-conversations.js +135 -7
package/dist/bin/backfill-responses.js +135 -7
package/dist/bin/backfill-vectors.js +135 -7
package/dist/bin/cleanup-stale-review-tasks.js +139 -11
package/dist/bin/cli.js +812 -486
package/dist/bin/exe-assign.js +135 -7
package/dist/bin/exe-boot.js +422 -113
package/dist/bin/exe-cloud.js +160 -9
package/dist/bin/exe-dispatch.js +136 -8
package/dist/bin/exe-doctor.js +255 -13
package/dist/bin/exe-export-behaviors.js +136 -8
package/dist/bin/exe-forget.js +136 -8
package/dist/bin/exe-gateway.js +171 -24
package/dist/bin/exe-heartbeat.js +141 -13
package/dist/bin/exe-kill.js +140 -12
package/dist/bin/exe-launch-agent.js +143 -15
package/dist/bin/exe-link.js +357 -48
package/dist/bin/exe-pending-messages.js +136 -8
package/dist/bin/exe-pending-notifications.js +136 -8
package/dist/bin/exe-pending-reviews.js +138 -10
package/dist/bin/exe-review.js +136 -8
package/dist/bin/exe-search.js +155 -20
package/dist/bin/exe-session-cleanup.js +166 -38
package/dist/bin/exe-start-codex.js +142 -14
package/dist/bin/exe-start-opencode.js +140 -12
package/dist/bin/exe-status.js +148 -20
package/dist/bin/exe-team.js +136 -8
package/dist/bin/git-sweep.js +138 -10
package/dist/bin/graph-backfill.js +135 -7
package/dist/bin/graph-export.js +136 -8
package/dist/bin/intercom-check.js +153 -25
package/dist/bin/scan-tasks.js +138 -10
package/dist/bin/setup.js +447 -121
package/dist/bin/shard-migrate.js +135 -7
package/dist/gateway/index.js +151 -23
package/dist/hooks/bug-report-worker.js +151 -23
package/dist/hooks/codex-stop-task-finalizer.js +145 -17
package/dist/hooks/commit-complete.js +138 -10
package/dist/hooks/error-recall.js +159 -24
package/dist/hooks/ingest.js +142 -14
package/dist/hooks/instructions-loaded.js +136 -8
package/dist/hooks/notification.js +136 -8
package/dist/hooks/post-compact.js +136 -8
package/dist/hooks/post-tool-combined.js +159 -24
package/dist/hooks/pre-compact.js +136 -8
package/dist/hooks/pre-tool-use.js +144 -16
package/dist/hooks/prompt-submit.js +195 -55
package/dist/hooks/session-end.js +141 -13
package/dist/hooks/session-start.js +165 -30
package/dist/hooks/stop.js +136 -8
package/dist/hooks/subagent-stop.js +136 -8
package/dist/hooks/summary-worker.js +374 -65
package/dist/index.js +136 -8
package/dist/lib/cloud-sync.js +355 -46
package/dist/lib/consolidation.js +1 -0
package/dist/lib/exe-daemon.js +469 -127
package/dist/lib/hybrid-search.js +155 -20
package/dist/lib/keychain.js +191 -7
package/dist/lib/schedules.js +138 -10
package/dist/lib/store.js +135 -7
package/dist/mcp/server.js +706 -213
package/dist/runtime/index.js +136 -8
package/dist/tui/App.js +208 -31
package/package.json +1 -1

package/dist/bin/scan-tasks.js CHANGED Viewed

@@ -1631,8 +1631,8 @@ function findPackageRoot() {
 function getAvailableMemoryGB() {
   if (process.platform === "darwin") {
     try {
-      const { execSync: execSync7 } = __require("child_process");
-      const vmstat = execSync7("vm_stat", { encoding: "utf8" });
+      const { execSync: execSync8 } = __require("child_process");
+      const vmstat = execSync8("vm_stat", { encoding: "utf8" });
       const pageSize = 16384;
       const pageSizeMatch = vmstat.match(/page size of (\d+) bytes/);
       const actualPageSize = pageSizeMatch ? parseInt(pageSizeMatch[1], 10) : pageSize;
@@ -6535,6 +6535,7 @@ var init_task_scope = __esm({
 // src/lib/keychain.ts
 import { readFile as readFile4, writeFile as writeFile5, unlink, mkdir as mkdir4, chmod as chmod2 } from "fs/promises";
 import { existsSync as existsSync15 } from "fs";
+import { execSync as execSync7 } from "child_process";
 import path18 from "path";
 import os11 from "os";
 function getKeyDir() {
@@ -6543,6 +6544,59 @@ function getKeyDir() {
 function getKeyPath() {
   return path18.join(getKeyDir(), "master.key");
 }
+function macKeychainGet() {
+  if (process.platform !== "darwin") return null;
+  try {
+    return execSync7(
+      `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w 2>/dev/null`,
+      { encoding: "utf-8", timeout: 5e3 }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+function macKeychainSet(value) {
+  if (process.platform !== "darwin") return false;
+  try {
+    try {
+      execSync7(
+        `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
+        { timeout: 5e3 }
+      );
+    } catch {
+    }
+    execSync7(
+      `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function linuxSecretGet() {
+  if (process.platform !== "linux") return null;
+  try {
+    return execSync7(
+      `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
+      { encoding: "utf-8", timeout: 5e3 }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+function linuxSecretSet(value) {
+  if (process.platform !== "linux") return false;
+  try {
+    execSync7(
+      `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${SERVICE}" account "${ACCOUNT}"`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
 async function tryKeytar() {
   try {
     return await import("keytar");
@@ -6550,13 +6604,63 @@ async function tryKeytar() {
     return null;
   }
 }
+function deriveMachineKey() {
+  try {
+    const crypto7 = __require("crypto");
+    const material = [
+      os11.hostname(),
+      os11.userInfo().username,
+      os11.arch(),
+      os11.platform(),
+      // Machine ID on Linux (stable across reboots)
+      process.platform === "linux" ? readMachineId() : ""
+    ].join("|");
+    return crypto7.createHash("sha256").update(material).digest();
+  } catch {
+    return null;
+  }
+}
+function readMachineId() {
+  try {
+    const { readFileSync: readFileSync14 } = __require("fs");
+    return readFileSync14("/etc/machine-id", "utf-8").trim();
+  } catch {
+    return "";
+  }
+}
+function decryptWithMachineKey(encrypted, machineKey) {
+  if (!encrypted.startsWith(ENCRYPTED_PREFIX)) return null;
+  try {
+    const crypto7 = __require("crypto");
+    const parts = encrypted.slice(ENCRYPTED_PREFIX.length).split(":");
+    if (parts.length !== 3) return null;
+    const [ivB64, tagB64, cipherB64] = parts;
+    const iv = Buffer.from(ivB64, "base64");
+    const authTag = Buffer.from(tagB64, "base64");
+    const decipher = crypto7.createDecipheriv("aes-256-gcm", machineKey, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(cipherB64, "base64", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return decrypted;
+  } catch {
+    return null;
+  }
+}
 async function getMasterKey() {
+  const nativeValue = macKeychainGet() ?? linuxSecretGet();
+  if (nativeValue) {
+    return Buffer.from(nativeValue, "base64");
+  }
   const keytar = await tryKeytar();
   if (keytar) {
     try {
-      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (stored) {
-        return Buffer.from(stored, "base64");
+      const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
+      if (keytarValue) {
+        const migrated = macKeychainSet(keytarValue) || linuxSecretSet(keytarValue);
+        if (migrated) {
+          process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
+        }
+        return Buffer.from(keytarValue, "base64");
       }
     } catch {
     }
@@ -6570,8 +6674,31 @@ async function getMasterKey() {
     return null;
   }
   try {
-    const content = await readFile4(keyPath, "utf-8");
-    return Buffer.from(content.trim(), "base64");
+    const content = (await readFile4(keyPath, "utf-8")).trim();
+    let b64Value;
+    if (content.startsWith(ENCRYPTED_PREFIX)) {
+      const machineKey = deriveMachineKey();
+      if (!machineKey) {
+        process.stderr.write("[keychain] Cannot derive machine key to decrypt stored key.\n");
+        return null;
+      }
+      const decrypted = decryptWithMachineKey(content, machineKey);
+      if (!decrypted) {
+        process.stderr.write(
+          "[keychain] Key decryption failed \u2014 machine may have changed.\n  Use your 24-word recovery phrase: exe-os link import\n"
+        );
+        return null;
+      }
+      b64Value = decrypted;
+    } else {
+      b64Value = content;
+    }
+    const key = Buffer.from(b64Value, "base64");
+    const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
+    if (migrated) {
+      process.stderr.write("[keychain] Migrated key from file to native keychain.\n");
+    }
+    return key;
   } catch (err) {
     process.stderr.write(
       `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}
@@ -6580,12 +6707,13 @@ async function getMasterKey() {
     return null;
   }
 }
-var SERVICE, ACCOUNT;
+var SERVICE, ACCOUNT, ENCRYPTED_PREFIX;
 var init_keychain = __esm({
   "src/lib/keychain.ts"() {
     "use strict";
     SERVICE = "exe-mem";
     ACCOUNT = "master-key";
+    ENCRYPTED_PREFIX = "enc:";
   }
 });
@@ -8036,8 +8164,8 @@ async function main() {
   const agentId = folderArg.startsWith("exe/") ? folderArg.slice(4) : folderArg;
   let tmuxSession;
   try {
-    const { execSync: execSync7 } = await import("child_process");
-    const out = execSync7("tmux display-message -p '#{session_name}' 2>/dev/null", {
+    const { execSync: execSync8 } = await import("child_process");
+    const out = execSync8("tmux display-message -p '#{session_name}' 2>/dev/null", {
       encoding: "utf8",
       timeout: 1e3
     }).trim();