npm - @askexenow/exe-os - Versions diffs - 0.9.30 → 0.9.32 - Mend

@askexenow/exe-os 0.9.30 → 0.9.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/dist/bin/backfill-conversations.js +135 -7
package/dist/bin/backfill-responses.js +135 -7
package/dist/bin/backfill-vectors.js +135 -7
package/dist/bin/cleanup-stale-review-tasks.js +139 -11
package/dist/bin/cli.js +812 -486
package/dist/bin/exe-assign.js +135 -7
package/dist/bin/exe-boot.js +422 -113
package/dist/bin/exe-cloud.js +160 -9
package/dist/bin/exe-dispatch.js +136 -8
package/dist/bin/exe-doctor.js +255 -13
package/dist/bin/exe-export-behaviors.js +136 -8
package/dist/bin/exe-forget.js +136 -8
package/dist/bin/exe-gateway.js +171 -24
package/dist/bin/exe-heartbeat.js +141 -13
package/dist/bin/exe-kill.js +140 -12
package/dist/bin/exe-launch-agent.js +143 -15
package/dist/bin/exe-link.js +357 -48
package/dist/bin/exe-pending-messages.js +136 -8
package/dist/bin/exe-pending-notifications.js +136 -8
package/dist/bin/exe-pending-reviews.js +138 -10
package/dist/bin/exe-review.js +136 -8
package/dist/bin/exe-search.js +155 -20
package/dist/bin/exe-session-cleanup.js +166 -38
package/dist/bin/exe-start-codex.js +142 -14
package/dist/bin/exe-start-opencode.js +140 -12
package/dist/bin/exe-status.js +148 -20
package/dist/bin/exe-team.js +136 -8
package/dist/bin/git-sweep.js +138 -10
package/dist/bin/graph-backfill.js +135 -7
package/dist/bin/graph-export.js +136 -8
package/dist/bin/intercom-check.js +153 -25
package/dist/bin/scan-tasks.js +138 -10
package/dist/bin/setup.js +447 -121
package/dist/bin/shard-migrate.js +135 -7
package/dist/gateway/index.js +151 -23
package/dist/hooks/bug-report-worker.js +151 -23
package/dist/hooks/codex-stop-task-finalizer.js +145 -17
package/dist/hooks/commit-complete.js +138 -10
package/dist/hooks/error-recall.js +159 -24
package/dist/hooks/ingest.js +142 -14
package/dist/hooks/instructions-loaded.js +136 -8
package/dist/hooks/notification.js +136 -8
package/dist/hooks/post-compact.js +136 -8
package/dist/hooks/post-tool-combined.js +159 -24
package/dist/hooks/pre-compact.js +136 -8
package/dist/hooks/pre-tool-use.js +144 -16
package/dist/hooks/prompt-submit.js +195 -55
package/dist/hooks/session-end.js +141 -13
package/dist/hooks/session-start.js +165 -30
package/dist/hooks/stop.js +136 -8
package/dist/hooks/subagent-stop.js +136 -8
package/dist/hooks/summary-worker.js +374 -65
package/dist/index.js +136 -8
package/dist/lib/cloud-sync.js +355 -46
package/dist/lib/consolidation.js +1 -0
package/dist/lib/exe-daemon.js +469 -127
package/dist/lib/hybrid-search.js +155 -20
package/dist/lib/keychain.js +191 -7
package/dist/lib/schedules.js +138 -10
package/dist/lib/store.js +135 -7
package/dist/mcp/server.js +706 -213
package/dist/runtime/index.js +136 -8
package/dist/tui/App.js +208 -31
package/package.json +1 -1

package/dist/bin/exe-assign.js CHANGED Viewed

@@ -404,8 +404,8 @@ function findPackageRoot() {
 function getAvailableMemoryGB() {
   if (process.platform === "darwin") {
     try {
-      const { execSync: execSync2 } = __require("child_process");
-      const vmstat = execSync2("vm_stat", { encoding: "utf8" });
+      const { execSync: execSync3 } = __require("child_process");
+      const vmstat = execSync3("vm_stat", { encoding: "utf8" });
       const pageSize = 16384;
       const pageSizeMatch = vmstat.match(/page size of (\d+) bytes/);
       const actualPageSize = pageSizeMatch ? parseInt(pageSizeMatch[1], 10) : pageSize;
@@ -3437,6 +3437,7 @@ import { createHash } from "crypto";
 // src/lib/keychain.ts
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
 import { existsSync as existsSync6 } from "fs";
+import { execSync as execSync2 } from "child_process";
 import path6 from "path";
 import os5 from "os";
 var SERVICE = "exe-mem";
@@ -3447,6 +3448,59 @@ function getKeyDir() {
 function getKeyPath() {
   return path6.join(getKeyDir(), "master.key");
 }
+function macKeychainGet() {
+  if (process.platform !== "darwin") return null;
+  try {
+    return execSync2(
+      `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w 2>/dev/null`,
+      { encoding: "utf-8", timeout: 5e3 }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+function macKeychainSet(value) {
+  if (process.platform !== "darwin") return false;
+  try {
+    try {
+      execSync2(
+        `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
+        { timeout: 5e3 }
+      );
+    } catch {
+    }
+    execSync2(
+      `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+function linuxSecretGet() {
+  if (process.platform !== "linux") return null;
+  try {
+    return execSync2(
+      `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}" 2>/dev/null`,
+      { encoding: "utf-8", timeout: 5e3 }
+    ).trim();
+  } catch {
+    return null;
+  }
+}
+function linuxSecretSet(value) {
+  if (process.platform !== "linux") return false;
+  try {
+    execSync2(
+      `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${SERVICE}" account "${ACCOUNT}"`,
+      { timeout: 5e3 }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
 async function tryKeytar() {
   try {
     return await import("keytar");
@@ -3454,13 +3508,64 @@ async function tryKeytar() {
     return null;
   }
 }
+var ENCRYPTED_PREFIX = "enc:";
+function deriveMachineKey() {
+  try {
+    const crypto2 = __require("crypto");
+    const material = [
+      os5.hostname(),
+      os5.userInfo().username,
+      os5.arch(),
+      os5.platform(),
+      // Machine ID on Linux (stable across reboots)
+      process.platform === "linux" ? readMachineId() : ""
+    ].join("|");
+    return crypto2.createHash("sha256").update(material).digest();
+  } catch {
+    return null;
+  }
+}
+function readMachineId() {
+  try {
+    const { readFileSync: readFileSync5 } = __require("fs");
+    return readFileSync5("/etc/machine-id", "utf-8").trim();
+  } catch {
+    return "";
+  }
+}
+function decryptWithMachineKey(encrypted, machineKey) {
+  if (!encrypted.startsWith(ENCRYPTED_PREFIX)) return null;
+  try {
+    const crypto2 = __require("crypto");
+    const parts = encrypted.slice(ENCRYPTED_PREFIX.length).split(":");
+    if (parts.length !== 3) return null;
+    const [ivB64, tagB64, cipherB64] = parts;
+    const iv = Buffer.from(ivB64, "base64");
+    const authTag = Buffer.from(tagB64, "base64");
+    const decipher = crypto2.createDecipheriv("aes-256-gcm", machineKey, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(cipherB64, "base64", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return decrypted;
+  } catch {
+    return null;
+  }
+}
 async function getMasterKey() {
+  const nativeValue = macKeychainGet() ?? linuxSecretGet();
+  if (nativeValue) {
+    return Buffer.from(nativeValue, "base64");
+  }
   const keytar = await tryKeytar();
   if (keytar) {
     try {
-      const stored = await keytar.getPassword(SERVICE, ACCOUNT);
-      if (stored) {
-        return Buffer.from(stored, "base64");
+      const keytarValue = await keytar.getPassword(SERVICE, ACCOUNT);
+      if (keytarValue) {
+        const migrated = macKeychainSet(keytarValue) || linuxSecretSet(keytarValue);
+        if (migrated) {
+          process.stderr.write("[keychain] Migrated key from keytar to native keychain.\n");
+        }
+        return Buffer.from(keytarValue, "base64");
       }
     } catch {
     }
@@ -3474,8 +3579,31 @@ async function getMasterKey() {
     return null;
   }
   try {
-    const content = await readFile3(keyPath, "utf-8");
-    return Buffer.from(content.trim(), "base64");
+    const content = (await readFile3(keyPath, "utf-8")).trim();
+    let b64Value;
+    if (content.startsWith(ENCRYPTED_PREFIX)) {
+      const machineKey = deriveMachineKey();
+      if (!machineKey) {
+        process.stderr.write("[keychain] Cannot derive machine key to decrypt stored key.\n");
+        return null;
+      }
+      const decrypted = decryptWithMachineKey(content, machineKey);
+      if (!decrypted) {
+        process.stderr.write(
+          "[keychain] Key decryption failed \u2014 machine may have changed.\n  Use your 24-word recovery phrase: exe-os link import\n"
+        );
+        return null;
+      }
+      b64Value = decrypted;
+    } else {
+      b64Value = content;
+    }
+    const key = Buffer.from(b64Value, "base64");
+    const migrated = macKeychainSet(b64Value) || linuxSecretSet(b64Value);
+    if (migrated) {
+      process.stderr.write("[keychain] Migrated key from file to native keychain.\n");
+    }
+    return key;
   } catch (err) {
     process.stderr.write(
       `[keychain] Key read failed at ${keyPath}: ${err instanceof Error ? err.message : String(err)}