@askexenow/exe-os 0.9.311 → 0.9.313
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/deploy/compose/.env.askexe-control-plane.example +1 -1
- package/deploy/compose/.env.customer.example +11 -7
- package/deploy/compose/.env.default +4 -4
- package/deploy/compose/.env.example +7 -7
- package/deploy/compose/docker-compose.yml +43 -19
- package/deploy/compose/gateway.json +2 -2
- package/deploy/compose/init-db.sql +6 -20
- package/deploy/compose/setup.sh +74 -132
- package/deploy/compose/status.sh +5 -0
- package/deploy/stack-manifests/v0.9.json +25 -4
- package/dist/{active-agent-ORX47ZKW.js → active-agent-EWF2HJ3W.js} +6 -6
- package/dist/{active-agent-S5T2YMOR.js → active-agent-FFN5ARMC.js} +6 -6
- package/dist/{agentic-ontology-6KBAXLSJ.js → agentic-ontology-AAUATKUS.js} +1 -1
- package/dist/{backfill-metadata-FV7GX6AS.js → backfill-metadata-FBYFDOTH.js} +7 -7
- package/dist/{background-jobs-A2LV36UX.js → background-jobs-2QZ5IQKE.js} +5 -3
- package/dist/{behaviors-47CPEKJ7.js → behaviors-PQ77IPJR.js} +8 -8
- package/dist/bin/age-ontology-load.js +3 -3
- package/dist/bin/agentic-ontology-backfill.js +9 -9
- package/dist/bin/agentic-reflection-backfill.js +10 -10
- package/dist/bin/agentic-semantic-label.js +9 -9
- package/dist/bin/backfill-conversations.js +10 -10
- package/dist/bin/backfill-responses.js +10 -10
- package/dist/bin/backfill-vectors.js +13 -13
- package/dist/bin/bulk-sync-postgres.js +16 -16
- package/dist/bin/cc-doctor.js +9 -9
- package/dist/bin/cleanup-stale-review-tasks.js +15 -15
- package/dist/bin/cli.js +21 -21
- package/dist/bin/deferred-daemon-restart.js +1 -1
- package/dist/bin/exe-agent-config.js +6 -6
- package/dist/bin/exe-agent.js +14 -14
- package/dist/bin/exe-assign.js +12 -12
- package/dist/bin/exe-boot.js +78 -57
- package/dist/bin/exe-call.js +7 -7
- package/dist/bin/exe-cloud.js +17 -17
- package/dist/bin/exe-config-dump.js +7 -7
- package/dist/bin/exe-dispatch.js +15 -15
- package/dist/bin/exe-doctor.js +11 -2
- package/dist/bin/exe-export-behaviors.js +10 -10
- package/dist/bin/exe-forget.js +9 -9
- package/dist/bin/exe-gateway.js +10 -10
- package/dist/bin/exe-healthcheck.js +9 -9
- package/dist/bin/exe-heartbeat.js +15 -15
- package/dist/bin/exe-kill.js +18 -18
- package/dist/bin/exe-launch-agent.js +30 -28
- package/dist/bin/exe-new-employee.js +36 -15
- package/dist/bin/exe-pending-messages.js +16 -16
- package/dist/bin/exe-pending-notifications.js +15 -15
- package/dist/bin/exe-pending-reviews.js +15 -15
- package/dist/bin/exe-preflight.js +1 -1
- package/dist/bin/exe-rename.js +19 -29
- package/dist/bin/exe-review.js +17 -17
- package/dist/bin/exe-search.js +8 -8
- package/dist/bin/exe-session-cleanup.js +41 -20
- package/dist/bin/exe-settings.js +18 -18
- package/dist/bin/exe-start-codex.js +15 -15
- package/dist/bin/exe-start-opencode.js +11 -11
- package/dist/bin/exe-status.js +16 -16
- package/dist/bin/exe-support.js +5 -5
- package/dist/bin/exe-team.js +6 -6
- package/dist/bin/exe-watchdog.js +33 -4
- package/dist/bin/git-sweep.js +16 -16
- package/dist/bin/graph-backfill.js +8 -8
- package/dist/bin/graph-export.js +8 -8
- package/dist/bin/import-history.js +10 -10
- package/dist/bin/install-launchd.js +2 -2
- package/dist/bin/install.js +15 -15
- package/dist/bin/intercom-check.js +4 -4
- package/dist/bin/mcp-sessions.js +2 -2
- package/dist/bin/orchestration-metrics.js +7 -7
- package/dist/bin/postgres-agentic-reflection-backfill.js +5 -5
- package/dist/bin/postgres-agentic-semantic-backfill.js +4 -4
- package/dist/bin/pre-build-guard.js +12 -1
- package/dist/bin/scan-tasks.js +15 -15
- package/dist/bin/setup.js +3 -3
- package/dist/bin/shard-migrate.js +8 -8
- package/dist/bin/stack-update.js +8 -8
- package/dist/bin/verify-stack.js +3 -1
- package/dist/bin/vps-health-gate.js +1 -1
- package/dist/{branding-SC4BOPUY.js → branding-EDUC7TUP.js} +2 -2
- package/dist/{browser-session-store-DV5TDXXD.js → browser-session-store-CXQMOSEC.js} +1 -1
- package/dist/{capability-cards-WQVY7WSS.js → capability-cards-2U3XWCDP.js} +5 -5
- package/dist/{capacity-monitor-BUKYPSWR.js → capacity-monitor-ZRLW7TVL.js} +16 -16
- package/dist/{catchup-brief-X5IVQAOH.js → catchup-brief-FSBZVYPL.js} +18 -18
- package/dist/{chunk-PMEOSD6S.js → chunk-24BUDF3J.js} +9 -6
- package/dist/{chunk-2NVEKSSP.js → chunk-2FULKRDO.js} +56 -38
- package/dist/{chunk-QB5JOGPK.js → chunk-2PI6JBJL.js} +5 -4
- package/dist/{chunk-MTIJ2NXY.js → chunk-2PWRUIKZ.js} +1 -1
- package/dist/{chunk-NIZQ3CIS.js → chunk-3AMGSCRH.js} +1 -1
- package/dist/{chunk-7ODTYODO.js → chunk-3LGID56M.js} +10 -7
- package/dist/{chunk-GSY6HL3T.js → chunk-4JI54RHR.js} +5 -5
- package/dist/{chunk-ISILDO7P.js → chunk-4THK7IA4.js} +1 -1
- package/dist/{chunk-IRIPGGGL.js → chunk-4UHQYBMQ.js} +1 -1
- package/dist/{chunk-HQODUV3G.js → chunk-552IGUBB.js} +2 -2
- package/dist/{chunk-IRHNV4GY.js → chunk-5KLQCGI5.js} +72 -18
- package/dist/{chunk-SOT23KWW.js → chunk-63UEWYM3.js} +4 -4
- package/dist/{chunk-QE7UVQDP.js → chunk-6PR2RAKM.js} +1 -1
- package/dist/{chunk-ZZXADKAP.js → chunk-6SPUK67A.js} +2 -2
- package/dist/{chunk-RVXWGPD3.js → chunk-75TM3APG.js} +29 -6
- package/dist/{chunk-IZPO6IOZ.js → chunk-7QSXARI3.js} +1 -1
- package/dist/{chunk-A2YZG4AD.js → chunk-AIUXE3ZJ.js} +6 -6
- package/dist/{chunk-U63BZI2B.js → chunk-AJERMFD6.js} +3 -3
- package/dist/{chunk-BUOMSIXH.js → chunk-BMNX3YWX.js} +2 -2
- package/dist/{chunk-YUBTHJVV.js → chunk-BRSMAFBN.js} +1 -1
- package/dist/{chunk-JZW5AOWI.js → chunk-BSPALHIR.js} +2 -2
- package/dist/{chunk-VDYUKTNS.js → chunk-CLAYNAXC.js} +4 -5
- package/dist/{chunk-J3QZPDNH.js → chunk-CNQ25C4C.js} +1 -1
- package/dist/{chunk-GWPICNSO.js → chunk-CSTL7BMK.js} +49 -4
- package/dist/{chunk-5DPE7B7K.js → chunk-CTYHSVHP.js} +1 -1
- package/dist/{chunk-EM4EYF3P.js → chunk-CVTWQZOR.js} +13 -5
- package/dist/{chunk-JNARUXDC.js → chunk-CW3FPWUW.js} +2 -2
- package/dist/{chunk-V42BSVX6.js → chunk-CWACO2D4.js} +51 -4
- package/dist/{chunk-RPBTYQKJ.js → chunk-CWUCD7C7.js} +1 -1
- package/dist/{chunk-DFUCFLZH.js → chunk-D4EMVYI7.js} +2 -2
- package/dist/{chunk-W2J2RF5N.js → chunk-DIHMGQGV.js} +3 -3
- package/dist/{chunk-YB7U4WTY.js → chunk-DJ4RG3RK.js} +2 -2
- package/dist/{chunk-KSMITUGY.js → chunk-DR7QPGX4.js} +3 -3
- package/dist/{chunk-QNXM2HXW.js → chunk-ELFFRVNL.js} +1 -1
- package/dist/{chunk-QEGXNJGR.js → chunk-EV2SMRLF.js} +4 -4
- package/dist/{chunk-VFSYVQX4.js → chunk-F3QMXKKJ.js} +8 -2
- package/dist/{chunk-NCC3F6GM.js → chunk-F5XPKUPK.js} +2 -2
- package/dist/{chunk-43R2GILO.js → chunk-FIBL4JRZ.js} +2 -2
- package/dist/{chunk-B2J3BBJC.js → chunk-FQH4R6UG.js} +2 -2
- package/dist/{chunk-AC6DKMVS.js → chunk-FSAKWKWU.js} +1 -1
- package/dist/{chunk-GL5NU6IK.js → chunk-FXS5OFGH.js} +1 -1
- package/dist/{chunk-K7KBAJQL.js → chunk-GHJRLETI.js} +10 -10
- package/dist/{chunk-VQRTO7IS.js → chunk-H73TUI4Y.js} +9 -2
- package/dist/{chunk-IIHE3FNC.js → chunk-HSXWUZOD.js} +3 -3
- package/dist/{chunk-JV225JBX.js → chunk-I6RHLHVW.js} +2 -2
- package/dist/{chunk-S6HVQF27.js → chunk-IEDCQRGG.js} +88 -4
- package/dist/{chunk-4Q5VNQTV.js → chunk-IFSOVXGN.js} +3 -3
- package/dist/{chunk-JDYO76PI.js → chunk-ITVMRPCQ.js} +17 -9
- package/dist/{chunk-VT6P7FV4.js → chunk-IU44MPY3.js} +1 -1
- package/dist/{chunk-6OD2RVIA.js → chunk-IXTDBQYU.js} +273 -397
- package/dist/{chunk-2NGPZCWX.js → chunk-JB7QUK3D.js} +3 -3
- package/dist/{chunk-VT2B5BHM.js → chunk-JBSCL2XT.js} +2 -1
- package/dist/{chunk-MPX3TRMQ.js → chunk-JD5S5AAV.js} +1 -1
- package/dist/{chunk-XYG722JW.js → chunk-JIJKUZIO.js} +3 -3
- package/dist/{chunk-DKHBMIVE.js → chunk-K5C6LC2G.js} +244 -45
- package/dist/{chunk-DAOHCXM2.js → chunk-KH6BCYLC.js} +1 -1
- package/dist/{chunk-4L4R6AQJ.js → chunk-KMI4TUTW.js} +1 -1
- package/dist/{chunk-PHFPIUWU.js → chunk-KWOAM7TA.js} +3 -0
- package/dist/{chunk-RZJ6DXVE.js → chunk-L6QI2NNG.js} +1 -1
- package/dist/{chunk-HED6D5KR.js → chunk-MMNMQNLD.js} +43 -29
- package/dist/{chunk-KAVUTP5G.js → chunk-N3CRJ2VW.js} +3 -3
- package/dist/{chunk-OBJXZII2.js → chunk-N7LBAQGK.js} +3 -3
- package/dist/{chunk-LMX7UKGX.js → chunk-OUAGTQC4.js} +17 -11
- package/dist/{chunk-WZBUKC5N.js → chunk-OUJI2ZTY.js} +2 -2
- package/dist/{chunk-YUGLOZOR.js → chunk-OXTZEKVA.js} +1 -1
- package/dist/{chunk-OR3TAZL3.js → chunk-P4ULFI2N.js} +1 -1
- package/dist/{chunk-6LNSZADA.js → chunk-PVC4RNHQ.js} +50 -11
- package/dist/{chunk-FM7XZDZI.js → chunk-R2WP3XIN.js} +1 -1
- package/dist/{chunk-IBDPPBFK.js → chunk-R5IPZ5ZC.js} +1 -1
- package/dist/{chunk-7WDIGRSO.js → chunk-R5TZ2FC3.js} +1 -1
- package/dist/{chunk-2UVN2NBN.js → chunk-RICNNGYH.js} +3 -3
- package/dist/{chunk-WBJXJ2R4.js → chunk-RLBVY5FE.js} +17 -14
- package/dist/{chunk-XXJRZ75E.js → chunk-RV634O2W.js} +5 -2
- package/dist/{chunk-3KH6GXXX.js → chunk-RYPFOZQH.js} +2 -2
- package/dist/{chunk-DNFU56ZS.js → chunk-SB7W6XI4.js} +1 -1
- package/dist/{chunk-PPXQE7AS.js → chunk-SE6MLUOK.js} +33 -34
- package/dist/{chunk-65DBIEM2.js → chunk-SHIICYJW.js} +7 -1
- package/dist/{chunk-KPVVTHPK.js → chunk-SRMNWAHN.js} +15 -10
- package/dist/chunk-T2DJR7ND.js +367 -0
- package/dist/{chunk-Z6H6Y4BS.js → chunk-TA22MGGN.js} +1 -1
- package/dist/{chunk-ZOVHXTGC.js → chunk-TN7SC2ZQ.js} +1 -1
- package/dist/{chunk-XV5HRIXG.js → chunk-TRPGNCVB.js} +8 -8
- package/dist/{chunk-4BANMHJ5.js → chunk-UDZP2SHJ.js} +3 -3
- package/dist/{chunk-GMZMBLHT.js → chunk-UM6WUSQ7.js} +2 -2
- package/dist/{chunk-2EJ636HI.js → chunk-UST3MKK7.js} +1 -1
- package/dist/{chunk-RQ7OVXUZ.js → chunk-V2CZVZUO.js} +2 -2
- package/dist/{chunk-4RJJ5FJ2.js → chunk-V4UKBUUA.js} +1 -1
- package/dist/{chunk-EOS7VPVT.js → chunk-VA2MDALR.js} +8 -8
- package/dist/{chunk-SCYWCWKY.js → chunk-VG4ZH2Z3.js} +24 -10
- package/dist/{chunk-255DIG4B.js → chunk-VHLI6CTD.js} +1 -1
- package/dist/{chunk-DFIOOK5R.js → chunk-WCES22KG.js} +4 -3
- package/dist/{chunk-5A6KTWQL.js → chunk-WOTKNUKK.js} +126 -2
- package/dist/{chunk-62UZWGFX.js → chunk-WZZBGGSD.js} +63 -2
- package/dist/{chunk-ELXR65AN.js → chunk-X2FHTDIU.js} +6 -3
- package/dist/{chunk-V4BW5HFQ.js → chunk-X5I5QRC2.js} +3 -3
- package/dist/{chunk-X4AFBL4N.js → chunk-XCORXJ3M.js} +1 -1
- package/dist/{chunk-66JPZELX.js → chunk-Y5CNGG4F.js} +24 -16
- package/dist/{chunk-SPOXL7HF.js → chunk-YEWNIBNA.js} +9 -9
- package/dist/{chunk-WJ2PZGRV.js → chunk-ZAA344BL.js} +29 -2
- package/dist/{chunk-TN2YCFQE.js → chunk-ZGLJ2VD7.js} +5 -5
- package/dist/{co-activation-WN25AJOC.js → co-activation-RH46OQ3N.js} +5 -5
- package/dist/{co-occurrence-YP2Q3OEA.js → co-occurrence-MJWERUWY.js} +5 -5
- package/dist/{code-context-index-ZWONKBKX.js → code-context-index-WFUBYGQT.js} +6 -6
- package/dist/{content-extractor-EYRVGD6O.js → content-extractor-RHITF2KM.js} +1 -1
- package/dist/{conversation-wiki-populator-XFUC7S5P.js → conversation-wiki-populator-SK233TL4.js} +1 -1
- package/dist/{crdt-sync-ZFIFL2QM.js → crdt-sync-4R7SXTNB.js} +1 -1
- package/dist/{crm-webhook-DGPHULOO.js → crm-webhook-YDXX5FDK.js} +2 -2
- package/dist/{cto-delegation-gate-OF2A3TSS.js → cto-delegation-gate-ZJHLPK4Y.js} +14 -14
- package/dist/{daemon-auth-N6P2MZAV.js → daemon-auth-5FCYVQIZ.js} +3 -3
- package/dist/{daemon-orchestration-G4RRTPP7.js → daemon-orchestration-NBU5RZ2O.js} +18 -18
- package/dist/{daemon-ready-signal-3L2MJT7C.js → daemon-ready-signal-KXLL6ZFL.js} +1 -1
- package/dist/{db-backup-EORG4LBO.js → db-backup-BTL2FBBL.js} +9 -3
- package/dist/{db-restore-events-3R7G4FP4.js → db-restore-events-3A57GMLW.js} +2 -2
- package/dist/{doc-graph-extractor-APZS3DFD.js → doc-graph-extractor-ADYRG7DB.js} +5 -5
- package/dist/documents-VWPZTDFA.js +56 -0
- package/dist/{dreaming-Q4E3WBGY.js → dreaming-76WKGTL6.js} +15 -15
- package/dist/embeddings-config-FANLORDH.js +21 -0
- package/dist/{exe-drift-CI5R6GUT.js → exe-drift-T3IO2SPX.js} +6 -6
- package/dist/{exe-export-HQIQASIT.js → exe-export-6YEHSJMP.js} +9 -9
- package/dist/{exe-import-ULZK56WC.js → exe-import-3NERK63O.js} +9 -9
- package/dist/{exe-key-ILNSBGRN.js → exe-key-RCMBMLSQ.js} +8 -8
- package/dist/{exe-org-WQWQZRLR.js → exe-org-KCOOLUTW.js} +3 -3
- package/dist/{exe-snapshot-RUZTWZOF.js → exe-snapshot-JIY7MNRI.js} +18 -18
- package/dist/{fast-db-init-KNJRL7T3.js → fast-db-init-PVJ72264.js} +1 -1
- package/dist/{founder-context-QCTMEK66.js → founder-context-A4VUEKDH.js} +4 -4
- package/dist/gateway/index.js +17 -17
- package/dist/{git-staleness-KIA5YI4H.js → git-staleness-IOAHAGBI.js} +5 -5
- package/dist/{git-task-sweep-WH6QE7HL.js → git-task-sweep-IGM5RILF.js} +17 -15
- package/dist/{global-procedures-SYZZCGDS.js → global-procedures-VZL2X4RK.js} +6 -6
- package/dist/{graph-auto-extract-J2TIWZEE.js → graph-auto-extract-TIXRGBC5.js} +5 -5
- package/dist/{hook-integrity-I6PWJQER.js → hook-integrity-XNPNCMAS.js} +1 -1
- package/dist/hooks/bug-report-worker.js +47 -17
- package/dist/hooks/codex-stop-task-finalizer.js +47 -17
- package/dist/hooks/commit-complete.js +18 -18
- package/dist/hooks/error-recall.js +11 -11
- package/dist/hooks/exe-heartbeat-hook.js +7 -7
- package/dist/hooks/ingest-worker.js +39 -9
- package/dist/hooks/ingest.js +17 -17
- package/dist/hooks/instructions-loaded.js +8 -8
- package/dist/hooks/manifest.json +20 -20
- package/dist/hooks/notification.js +8 -8
- package/dist/hooks/post-compact.js +17 -17
- package/dist/hooks/post-tool-combined.js +60 -7
- package/dist/hooks/pre-compact.js +23 -23
- package/dist/hooks/pre-tool-use.js +64 -34
- package/dist/hooks/prompt-submit.js +40 -32
- package/dist/hooks/session-end.js +29 -29
- package/dist/hooks/session-start.js +17 -17
- package/dist/hooks/stop.js +24 -24
- package/dist/hooks/subagent-stop.js +17 -17
- package/dist/hooks/summary-worker.js +55 -25
- package/dist/index.js +27 -27
- package/dist/{installer-PSDYMGN7.js → installer-D7D5O4KL.js} +10 -10
- package/dist/{installer-3NB3IBHF.js → installer-EQP2EMNZ.js} +10 -10
- package/dist/{installer-IIJFCTMH.js → installer-IWRYH55Z.js} +10 -10
- package/dist/{key-backup-status-FNSN3NXH.js → key-backup-status-ZNGDSPLT.js} +2 -2
- package/dist/lib/agent-config.js +3 -3
- package/dist/lib/cloud-sync.js +16 -16
- package/dist/lib/config.js +2 -2
- package/dist/lib/consolidation.js +8 -8
- package/dist/lib/database.js +7 -5
- package/dist/lib/db-daemon-client.js +6 -6
- package/dist/lib/db.js +7 -5
- package/dist/lib/device-registry.js +3 -3
- package/dist/lib/embed-worker.js +2 -2
- package/dist/lib/embedder.js +6 -6
- package/dist/lib/employee-templates.js +7 -7
- package/dist/lib/employees.js +5 -5
- package/dist/lib/exe-daemon-client.js +5 -5
- package/dist/lib/exe-daemon.js +449 -89
- package/dist/lib/hybrid-search.js +8 -8
- package/dist/lib/identity.js +5 -5
- package/dist/lib/license.js +4 -4
- package/dist/lib/messaging.js +15 -15
- package/dist/lib/post-tool-memory.js +2 -2
- package/dist/lib/reminders.js +6 -6
- package/dist/lib/schedules.js +8 -8
- package/dist/lib/session-registry.js +9 -7
- package/dist/lib/session-wrappers.js +1 -1
- package/dist/lib/skill-learning.js +9 -9
- package/dist/lib/store.js +7 -7
- package/dist/lib/task-router.js +6 -6
- package/dist/lib/tasks.js +16 -16
- package/dist/lib/tmux-routing.js +14 -14
- package/dist/lib/token-spend.js +6 -6
- package/dist/{license-gate-7SDHCJUO.js → license-gate-PZOP7S2S.js} +5 -5
- package/dist/mcp/register-tools.js +73 -72
- package/dist/mcp/server.js +74 -73
- package/dist/mcp/tools/complete-reminder.js +7 -7
- package/dist/mcp/tools/create-reminder.js +7 -7
- package/dist/mcp/tools/create-task.js +18 -18
- package/dist/mcp/tools/deactivate-behavior.js +10 -10
- package/dist/mcp/tools/list-reminders.js +7 -7
- package/dist/mcp/tools/list-tasks.js +18 -18
- package/dist/mcp/tools/send-message.js +17 -17
- package/dist/mcp/tools/update-task.js +17 -17
- package/dist/{mcp-http-config-QSOVFXHW.js → mcp-http-config-23DHJAU4.js} +7 -7
- package/dist/{mcp-port-config-AWWRZA22.js → mcp-port-config-FFAMMLLE.js} +2 -1
- package/dist/{memory-cards-II67WFL2.js → memory-cards-CNLMHSZC.js} +5 -5
- package/dist/{memory-graph-extractor-PM4Q2KJG.js → memory-graph-extractor-HIXP2BQS.js} +6 -6
- package/dist/{memory-poisoning-defense-ECXSX7HK.js → memory-poisoning-defense-YL53IBBF.js} +5 -5
- package/dist/{memory-queue-VAE6WMSS.js → memory-queue-3Q5P43AM.js} +3 -3
- package/dist/memory-queue-client-YP2QKX6J.js +16 -0
- package/dist/{memory-reflection-PXF6YFDU.js → memory-reflection-VHQRUZWK.js} +5 -5
- package/dist/{notifications-UP7WQGG4.js → notifications-Q5NEAP6K.js} +14 -14
- package/dist/{orchestration-events-PZLLPCKY.js → orchestration-events-7SNWRJYE.js} +6 -6
- package/dist/{orchestration-phase-SJOXDB7X.js → orchestration-phase-U45T4VG3.js} +3 -3
- package/dist/{orchestrator-PUT45J4O.js → orchestrator-XWLKNWUG.js} +16 -16
- package/dist/{pipeline-router-5CRWKESM.js → pipeline-router-5IBJBH7P.js} +6 -6
- package/dist/{plan-limits-SH2NDFNX.js → plan-limits-PBEZVHRQ.js} +8 -8
- package/dist/{preferences-YWBTKW3M.js → preferences-TYTGDXQZ.js} +2 -2
- package/dist/{project-boot-2TCPDZ4S.js → project-boot-OHEGJD2L.js} +2 -2
- package/dist/{projection-worker-HWY37MNC.js → projection-worker-HELRBNDR.js} +5 -5
- package/dist/{prospective-memory-FQSVMCGG.js → prospective-memory-N55XRGJP.js} +5 -5
- package/dist/{push-notifications-DK6XA5B3.js → push-notifications-PAFNP3EC.js} +3 -3
- package/dist/{reranker-AALRMGMM.js → reranker-MNJSTOPR.js} +3 -3
- package/dist/{retrieval-health-PNWJSJNG.js → retrieval-health-W4HNR3WX.js} +1 -1
- package/dist/{review-polling-65JZUE3T.js → review-polling-SRYZU2PI.js} +15 -15
- package/dist/runtime/index.js +22 -22
- package/dist/{session-events-EJ3OSAA6.js → session-events-L4DK5J6J.js} +15 -15
- package/dist/{session-kill-telemetry-3HGM7SNQ.js → session-kill-telemetry-U2YHKHCB.js} +15 -15
- package/dist/{session-scope-JGDYAMJO.js → session-scope-JTPHECAU.js} +14 -14
- package/dist/{setup-wizard-44LMFM2C.js → setup-wizard-IP5R66LR.js} +3 -3
- package/dist/{shard-manager-KUCJPLC6.js → shard-manager-RASGFMGS.js} +3 -3
- package/dist/{skill-refinement-DUOO6B7V.js → skill-refinement-VTYL4OMJ.js} +5 -5
- package/dist/{stack-release-XYMKU7NT.js → stack-release-TOCCJQOF.js} +244 -45
- package/dist/{stack-update-XHQJRJEP.js → stack-update-MRNVHUZZ.js} +15 -5
- package/dist/{steward-gate-6NWRDLX2.js → steward-gate-JEVUDTBI.js} +6 -6
- package/dist/{task-enforcement-UOULTGFB.js → task-enforcement-VFSAAZUN.js} +14 -14
- package/dist/{task-scope-P5STKYAC.js → task-scope-P4VLIQNP.js} +14 -14
- package/dist/{tasks-crud-24HMTULR.js → tasks-crud-SC3ERIUR.js} +14 -14
- package/dist/{tasks-notify-LAIU7UUI.js → tasks-notify-WJYBUCIB.js} +15 -15
- package/dist/{tasks-review-AFJAU2DY.js → tasks-review-XPVPHCGD.js} +14 -14
- package/dist/{telemetry-upload-DWFGC2XJ.js → telemetry-upload-4QEYQROW.js} +10 -10
- package/dist/{token-budget-4RFZKWGH.js → token-budget-UBOP3HVE.js} +6 -6
- package/dist/{tool-capability-index-ZEXBWKUZ.js → tool-capability-index-SHYCBE2Z.js} +1 -1
- package/dist/{tool-telemetry-BS5JXM5M.js → tool-telemetry-CDNPES5B.js} +1 -1
- package/dist/tui/App.js +27 -27
- package/dist/{tui-data-UNO5B7PU.js → tui-data-HVYY7GRK.js} +14 -14
- package/dist/{worker-gate-C6CTTYMD.js → worker-gate-KQTODSUQ.js} +3 -3
- package/dist/{workflow-engine-4W2KYCDV.js → workflow-engine-OP2DQISD.js} +2 -2
- package/dist/{working-memory-FXHQCJJE.js → working-memory-PY4AG577.js} +22 -2
- package/dist/{worktree-2CXY6NEB.js → worktree-Z2G4CP4Z.js} +7 -7
- package/dist/{worktree-sweep-K3CJFSUL.js → worktree-sweep-LWSCAZW6.js} +8 -8
- package/package.json +2 -2
- package/release-notes.json +40 -88
- package/stack.release.json +11 -11
- package/dist/memory-queue-client-HLURQEV6.js +0 -16
- /package/dist/{chunk-J3SR5MGG.js → chunk-GIS4GBZE.js} +0 -0
- /package/dist/{chunk-AE74NOE6.js → chunk-NAPBIDGH.js} +0 -0
- /package/dist/{chunk-I3DPCSDG.js → chunk-OJS2H5HR.js} +0 -0
- /package/dist/{chunk-K4BKJJ4F.js → chunk-PCRRDXGL.js} +0 -0
- /package/dist/{chunk-MQCTK6EF.js → chunk-RRYJTPVW.js} +0 -0
- /package/dist/{chunk-2NS3QRMJ.js → chunk-ZIVUMDHA.js} +0 -0
- /package/dist/{core-memory-OC5ITKKV.js → core-memory-4JWCAGJI.js} +0 -0
- /package/dist/{entity-boost-NF3LE6OJ.js → entity-boost-AU342QRK.js} +0 -0
- /package/dist/{message-queue-client-4VDU6BZY.js → message-queue-client-IXYLJJVJ.js} +0 -0
- /package/dist/{oauth-server-EWUL7DMD.js → oauth-server-F4QWESK2.js} +0 -0
- /package/dist/{webhook-pipe-DHIGZHPW.js → webhook-pipe-S4CWK6H5.js} +0 -0
- /package/dist/{wiki-acl-CONNF6ES.js → wiki-acl-6GZHUA44.js} +0 -0
- /package/dist/{wiki-client-N6PT5P7W.js → wiki-client-CIJXRMKL.js} +0 -0
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# This file is for AskExe-owned infrastructure only. Do NOT use for Hygo/customer VPSs.
|
|
3
3
|
|
|
4
4
|
# --- Central monitor hub (AskExe-owned: monitor.askexe.com) ---
|
|
5
|
-
MONITOR_HUB_IMAGE_TAG=ghcr.io/askexe/exe-monitor-hub:v0.9.
|
|
5
|
+
MONITOR_HUB_IMAGE_TAG=ghcr.io/askexe/exe-monitor-hub:v0.9.5
|
|
6
6
|
MONITOR_HUB_PUBLIC_URL=https://monitor.askexe.com
|
|
7
7
|
MONITOR_HUB_SOURCE_DIR=/opt/exe-monitor
|
|
8
8
|
MONITOR_HUB_HOST_PORT=8090
|
|
@@ -7,6 +7,10 @@
|
|
|
7
7
|
DOMAIN=CHANGEME_DOMAIN
|
|
8
8
|
|
|
9
9
|
# --- Data Layer ---
|
|
10
|
+
# bug 8dc31733: EXE_DB_IMAGE overrides the Postgres image tag in compose.
|
|
11
|
+
# The manifest declares env: "EXE_DB_IMAGE" — keep this in sync with the
|
|
12
|
+
# stack manifest pin. Defaults to pgvector/pgvector:0.8.0-pg16 in compose.
|
|
13
|
+
# EXE_DB_IMAGE=pgvector/pgvector:0.8.0-pg16
|
|
10
14
|
POSTGRES_USER=exe
|
|
11
15
|
POSTGRES_PASSWORD=CHANGEME_POSTGRES_PASSWORD
|
|
12
16
|
POSTGRES_DB=exedb
|
|
@@ -57,13 +61,13 @@ AUTH_DEFAULT_PRODUCT=AUTH
|
|
|
57
61
|
AUTH_DISABLE_SIGNUP=true
|
|
58
62
|
|
|
59
63
|
# --- CRM ---
|
|
60
|
-
CRM_IMAGE_TAG=update.askexe.com/askexe/exe-crm:v0.9.
|
|
64
|
+
CRM_IMAGE_TAG=update.askexe.com/askexe/exe-crm:v0.9.51
|
|
61
65
|
CRM_SERVER_URL=https://crm.CHANGEME_DOMAIN
|
|
62
66
|
CRM_APP_SECRET=CHANGEME_CRM_APP_SECRET
|
|
63
67
|
CRM_HOST_PORT=3000
|
|
64
68
|
|
|
65
69
|
# --- Wiki ---
|
|
66
|
-
WIKI_IMAGE_TAG=update.askexe.com/askexe/exe-wiki:v0.9.
|
|
70
|
+
WIKI_IMAGE_TAG=update.askexe.com/askexe/exe-wiki:v0.9.26
|
|
67
71
|
WIKI_DB_SCHEMA=wiki
|
|
68
72
|
WIKI_VECTOR_DB=exeOsMcp
|
|
69
73
|
WIKI_AUTH_TOKEN=CHANGEME_WIKI_AUTH_TOKEN
|
|
@@ -77,7 +81,7 @@ WIKI_HOST_PORT=3001
|
|
|
77
81
|
EXE_SSO_COOKIE_NAME=exe_access_token
|
|
78
82
|
|
|
79
83
|
# --- exe-os ---
|
|
80
|
-
EXE_OS_IMAGE_TAG=update.askexe.com/askexe/exe-os:v0.9.
|
|
84
|
+
EXE_OS_IMAGE_TAG=update.askexe.com/askexe/exe-os:v0.9.311
|
|
81
85
|
EXED_MCP_TOKEN=CHANGEME_EXED_MCP_TOKEN
|
|
82
86
|
EXED_DEVICE_ID=CHANGEME_DEVICE_ID
|
|
83
87
|
EXE_MCP_HOST_BIND=127.0.0.1
|
|
@@ -87,7 +91,7 @@ EXE_MCP_HOST_PORT=48739
|
|
|
87
91
|
EXE_CLOUD_SYNC_TO_POSTGRES=true
|
|
88
92
|
|
|
89
93
|
# --- ERP (Frappe/ERPNext fork) ---
|
|
90
|
-
ERP_IMAGE_TAG=update.askexe.com/askexe/exe-erp:v0.2.
|
|
94
|
+
ERP_IMAGE_TAG=update.askexe.com/askexe/exe-erp:v0.2.2
|
|
91
95
|
# Administrator password for the ERPNext site (created on first boot).
|
|
92
96
|
# bug 43854b31: this only applies at FIRST boot. To rotate it later you must also
|
|
93
97
|
# run `bench --site $ERP_SITE_NAME set-admin-password <new>` inside exe-erp —
|
|
@@ -103,7 +107,7 @@ ERP_WS_PORT=9069
|
|
|
103
107
|
ERP_SENTRY_DSN=
|
|
104
108
|
|
|
105
109
|
# --- Gateway ---
|
|
106
|
-
GATEWAY_IMAGE_TAG=update.askexe.com/askexe/exe-gateway:v0.9.
|
|
110
|
+
GATEWAY_IMAGE_TAG=update.askexe.com/askexe/exe-gateway:v0.9.24
|
|
107
111
|
EXE_GATEWAY_AUTH_TOKEN=CHANGEME_EXE_GATEWAY_AUTH_TOKEN
|
|
108
112
|
EXE_GATEWAY_WS_RELAY_AUTH_TOKEN=CHANGEME_EXE_GATEWAY_WS_RELAY_AUTH_TOKEN
|
|
109
113
|
EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN=CHANGEME_EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN
|
|
@@ -121,7 +125,7 @@ GATEWAY_WS_HOST_PORT=3101
|
|
|
121
125
|
CRM_GRAPHQL_URL=http://exe-crm:3000/graphql
|
|
122
126
|
|
|
123
127
|
# --- Monitoring hub (PocketBase — local per-customer instance) ---
|
|
124
|
-
MONITOR_HUB_IMAGE_TAG=update.askexe.com/askexe/exe-monitor-hub:v0.9.
|
|
128
|
+
MONITOR_HUB_IMAGE_TAG=update.askexe.com/askexe/exe-monitor-hub:v0.9.5
|
|
125
129
|
MONITOR_HUB_PORT=8090
|
|
126
130
|
# Bootstrap superuser created on first start. Use your admin email + a strong password.
|
|
127
131
|
# After first boot these values are no longer used (stored in pb_data volume).
|
|
@@ -154,7 +158,7 @@ GATEWAY_ALERT_URL=http://exe-gateway:3100/api/alerts/error-spike
|
|
|
154
158
|
# host-access prompt, or uncomment COMPOSE_PROFILES below.
|
|
155
159
|
# Full scope details: deploy/monitor/HOST-ACCESS-CONSENT.md
|
|
156
160
|
# COMPOSE_PROFILES=monitor-agent
|
|
157
|
-
MONITOR_AGENT_IMAGE_TAG=update.askexe.com/askexe/exe-monitor-agent:v0.9.
|
|
161
|
+
MONITOR_AGENT_IMAGE_TAG=update.askexe.com/askexe/exe-monitor-agent:v0.9.5
|
|
158
162
|
# Reports to the local hub. Auto-populated by `exe-os stack-update` during bootstrap.
|
|
159
163
|
MONITOR_HUB_URL=http://exe-monitor-hub:8090
|
|
160
164
|
# bug dacf0042: TOKEN and KEY MUST start EMPTY (the safe "unpaired" state) — NOT a
|
|
@@ -13,10 +13,10 @@ EXE_LICENSE_KEY=CHANGEME_EXE_LICENSE_KEY
|
|
|
13
13
|
# ------------------------------------------------------------------
|
|
14
14
|
# Image tags (per-client pinning — never use :latest in production)
|
|
15
15
|
# ------------------------------------------------------------------
|
|
16
|
-
CRM_IMAGE_TAG=ghcr.io/askexe/exe-crm:v0.9.
|
|
17
|
-
WIKI_IMAGE_TAG=ghcr.io/askexe/exe-wiki:v0.9.
|
|
18
|
-
EXE_OS_IMAGE_TAG=ghcr.io/askexe/exe-os:v0.9.
|
|
19
|
-
GATEWAY_IMAGE_TAG=ghcr.io/askexe/exe-gateway:v0.9.
|
|
16
|
+
CRM_IMAGE_TAG=ghcr.io/askexe/exe-crm:v0.9.51
|
|
17
|
+
WIKI_IMAGE_TAG=ghcr.io/askexe/exe-wiki:v0.9.26
|
|
18
|
+
EXE_OS_IMAGE_TAG=ghcr.io/askexe/exe-os:v0.9.311
|
|
19
|
+
GATEWAY_IMAGE_TAG=ghcr.io/askexe/exe-gateway:v0.9.24
|
|
20
20
|
|
|
21
21
|
# ------------------------------------------------------------------
|
|
22
22
|
# Postgres (shared by CRM + wiki)
|
|
@@ -84,14 +84,14 @@ AUTH_DEFAULT_PRODUCT=AUTH
|
|
|
84
84
|
AUTH_DISABLE_SIGNUP=true
|
|
85
85
|
|
|
86
86
|
# --- CRM ---
|
|
87
|
-
CRM_IMAGE_TAG=ghcr.io/askexe/exe-crm:v0.9.
|
|
87
|
+
CRM_IMAGE_TAG=ghcr.io/askexe/exe-crm:v0.9.51
|
|
88
88
|
CRM_SERVER_URL=https://crm.CHANGEME_DOMAIN
|
|
89
89
|
CRM_APP_SECRET=CHANGEME_CRM_APP_SECRET
|
|
90
90
|
EXE_CRM_ADMIN_TOKEN=CHANGEME_EXE_CRM_ADMIN_TOKEN
|
|
91
91
|
CRM_HOST_PORT=3000
|
|
92
92
|
|
|
93
93
|
# --- Wiki ---
|
|
94
|
-
WIKI_IMAGE_TAG=ghcr.io/askexe/exe-wiki:v0.9.
|
|
94
|
+
WIKI_IMAGE_TAG=ghcr.io/askexe/exe-wiki:v0.9.26
|
|
95
95
|
WIKI_DB_SCHEMA=wiki
|
|
96
96
|
WIKI_VECTOR_DB=exeOsMcp
|
|
97
97
|
WIKI_AUTH_TOKEN=CHANGEME_WIKI_AUTH_TOKEN
|
|
@@ -105,7 +105,7 @@ WIKI_HOST_PORT=3001
|
|
|
105
105
|
EXE_SSO_COOKIE_NAME=exe_access_token
|
|
106
106
|
|
|
107
107
|
# --- exe-os ---
|
|
108
|
-
EXE_OS_IMAGE_TAG=ghcr.io/askexe/exe-os:v0.9.
|
|
108
|
+
EXE_OS_IMAGE_TAG=ghcr.io/askexe/exe-os:v0.9.311
|
|
109
109
|
EXED_MCP_TOKEN=CHANGEME_EXED_MCP_TOKEN
|
|
110
110
|
EXED_DEVICE_ID=vps-default
|
|
111
111
|
EXE_MCP_HOST_BIND=127.0.0.1
|
|
@@ -115,7 +115,7 @@ EXE_MCP_HOST_PORT=48739
|
|
|
115
115
|
EXE_CLOUD_SYNC_TO_POSTGRES=true
|
|
116
116
|
|
|
117
117
|
# --- Gateway ---
|
|
118
|
-
GATEWAY_IMAGE_TAG=ghcr.io/askexe/exe-gateway:v0.9.
|
|
118
|
+
GATEWAY_IMAGE_TAG=ghcr.io/askexe/exe-gateway:v0.9.24
|
|
119
119
|
EXE_GATEWAY_AUTH_TOKEN=CHANGEME_EXE_GATEWAY_AUTH_TOKEN
|
|
120
120
|
EXE_GATEWAY_WS_RELAY_AUTH_TOKEN=CHANGEME_EXE_GATEWAY_WS_RELAY_AUTH_TOKEN
|
|
121
121
|
EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN=CHANGEME_EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN
|
|
@@ -144,7 +144,7 @@ ERROR_REPORTING_ENABLED=true
|
|
|
144
144
|
MONITOR_ERROR_URL=http://exe-monitor-hub:8090/api/exe-monitor/errors
|
|
145
145
|
|
|
146
146
|
# --- ERP (optional — Exe ERP, Frappe/ERPNext fork) ---
|
|
147
|
-
ERP_IMAGE_TAG=ghcr.io/askexe/exe-erp:v0.2.
|
|
147
|
+
ERP_IMAGE_TAG=ghcr.io/askexe/exe-erp:v0.2.2
|
|
148
148
|
ERP_ADMIN_PASSWORD=CHANGEME_ERP_ADMIN_PASSWORD
|
|
149
149
|
EXE_ERP_ADMIN_TOKEN=CHANGEME_EXE_ERP_ADMIN_TOKEN
|
|
150
150
|
# Frappe site name — must match the erp.<domain> the customer serves (bug e61ad373).
|
|
@@ -162,7 +162,7 @@ EXE_BUILD_WS_PORT=7643
|
|
|
162
162
|
EXE_BUILD_HTTP_PORT=9222
|
|
163
163
|
|
|
164
164
|
# --- Monitoring hub (PocketBase — local per-customer instance) ---
|
|
165
|
-
MONITOR_HUB_IMAGE_TAG=ghcr.io/askexe/exe-monitor-hub:v0.9.
|
|
165
|
+
MONITOR_HUB_IMAGE_TAG=ghcr.io/askexe/exe-monitor-hub:v0.9.5
|
|
166
166
|
MONITOR_HUB_PORT=8090
|
|
167
167
|
# Bootstrap superuser created on first start. Use your admin email + a strong password.
|
|
168
168
|
# After first boot these values are no longer used (stored in pb_data volume).
|
|
@@ -180,7 +180,7 @@ MONITOR_HUB_ADMIN_PASSWORD=CHANGEME_MONITOR_HUB_ADMIN_PASSWORD
|
|
|
180
180
|
# To enable: run setup.sh and acknowledge the host-access prompt, or add
|
|
181
181
|
# "monitor-agent" to COMPOSE_PROFILES below. Scope: deploy/monitor/HOST-ACCESS-CONSENT.md.
|
|
182
182
|
# COMPOSE_PROFILES=monitor-agent
|
|
183
|
-
MONITOR_AGENT_IMAGE_TAG=ghcr.io/askexe/exe-monitor-agent:v0.9.
|
|
183
|
+
MONITOR_AGENT_IMAGE_TAG=ghcr.io/askexe/exe-monitor-agent:v0.9.5
|
|
184
184
|
# Reports to the local hub. Auto-populated by `exe-os stack-update` during bootstrap.
|
|
185
185
|
MONITOR_HUB_URL=http://exe-monitor-hub:8090
|
|
186
186
|
# bug dacf0042: TOKEN and KEY MUST start EMPTY (the safe "unpaired" state) —
|
|
@@ -236,7 +236,7 @@ services:
|
|
|
236
236
|
options: { max-size: "10m", max-file: "3" }
|
|
237
237
|
|
|
238
238
|
exe-monitor-hub:
|
|
239
|
-
image: ${MONITOR_HUB_IMAGE_TAG:-ghcr.io/askexe/exe-monitor-hub:v0.9.
|
|
239
|
+
image: ${MONITOR_HUB_IMAGE_TAG:-ghcr.io/askexe/exe-monitor-hub:v0.9.5}
|
|
240
240
|
container_name: exe-monitor-hub
|
|
241
241
|
restart: unless-stopped
|
|
242
242
|
# bug d3d49101 / 1fdb8be9: PocketBase's data dir for this hub is a RELATIVE
|
|
@@ -311,7 +311,7 @@ services:
|
|
|
311
311
|
# ------------------------------------------------------------------
|
|
312
312
|
|
|
313
313
|
exe-crm:
|
|
314
|
-
image: ${CRM_IMAGE_TAG:-ghcr.io/askexe/exe-crm:v0.9.
|
|
314
|
+
image: ${CRM_IMAGE_TAG:-ghcr.io/askexe/exe-crm:v0.9.51}
|
|
315
315
|
container_name: exe-crm
|
|
316
316
|
restart: unless-stopped
|
|
317
317
|
# bug ad4471ad: NO compose `command` override. The image entrypoint
|
|
@@ -380,7 +380,7 @@ services:
|
|
|
380
380
|
options: { max-size: "10m", max-file: "3" }
|
|
381
381
|
|
|
382
382
|
exe-crm-worker:
|
|
383
|
-
image: ${CRM_IMAGE_TAG:-ghcr.io/askexe/exe-crm:v0.9.
|
|
383
|
+
image: ${CRM_IMAGE_TAG:-ghcr.io/askexe/exe-crm:v0.9.51}
|
|
384
384
|
container_name: exe-crm-worker
|
|
385
385
|
restart: unless-stopped
|
|
386
386
|
command: ["yarn", "worker:prod"]
|
|
@@ -440,7 +440,7 @@ services:
|
|
|
440
440
|
options: { max-size: "10m", max-file: "3" }
|
|
441
441
|
|
|
442
442
|
exe-wiki:
|
|
443
|
-
image: ${WIKI_IMAGE_TAG:-ghcr.io/askexe/exe-wiki:v0.9.
|
|
443
|
+
image: ${WIKI_IMAGE_TAG:-ghcr.io/askexe/exe-wiki:v0.9.26}
|
|
444
444
|
container_name: exe-wiki
|
|
445
445
|
restart: unless-stopped
|
|
446
446
|
# Wiki uses Prisma — runs migrate on boot via built-in entrypoint.
|
|
@@ -507,7 +507,7 @@ services:
|
|
|
507
507
|
# offline boots fail). WIKI_EXE_OS_NPM_VERSION defaults to the stack's
|
|
508
508
|
# pinned exe-os npm version and is threaded into the spawn args.
|
|
509
509
|
EXE_OS_MCP_COMMAND: ${WIKI_EXE_OS_MCP_COMMAND:-npx}
|
|
510
|
-
EXE_OS_MCP_ARGS: ${WIKI_EXE_OS_MCP_ARGS:--y @askexenow/exe-os@${WIKI_EXE_OS_NPM_VERSION:-0.9.
|
|
510
|
+
EXE_OS_MCP_ARGS: ${WIKI_EXE_OS_MCP_ARGS:--y @askexenow/exe-os@${WIKI_EXE_OS_NPM_VERSION:-0.9.312} mcp}
|
|
511
511
|
BRANDING_CONFIG_PATH: /app/branding.json
|
|
512
512
|
ports:
|
|
513
513
|
- "127.0.0.1:${WIKI_HOST_PORT:-3001}:3001"
|
|
@@ -531,7 +531,7 @@ services:
|
|
|
531
531
|
# to pin the split server image; falls back to the combined EXE_OS_IMAGE_TAG
|
|
532
532
|
# for backward compatibility with existing manifests.
|
|
533
533
|
exe-os:
|
|
534
|
-
image: ${EXE_OS_SERVER_IMAGE_TAG:-${EXE_OS_IMAGE_TAG:-${EXED_IMAGE_TAG:-ghcr.io/askexe/exe-os:v0.9.
|
|
534
|
+
image: ${EXE_OS_SERVER_IMAGE_TAG:-${EXE_OS_IMAGE_TAG:-${EXED_IMAGE_TAG:-ghcr.io/askexe/exe-os:v0.9.311}}}
|
|
535
535
|
container_name: exe-os
|
|
536
536
|
restart: unless-stopped
|
|
537
537
|
# bug debf4a39 / 93ddfa27: the daemon connects to exe-db at boot
|
|
@@ -596,7 +596,7 @@ services:
|
|
|
596
596
|
# the GGUF model files at /home/exed/.exe-os/models/.
|
|
597
597
|
# ------------------------------------------------------------------
|
|
598
598
|
exe-os-worker:
|
|
599
|
-
image: ${EXE_OS_WORKER_IMAGE_TAG:-ghcr.io/askexe/exe-os-worker:v0.9.
|
|
599
|
+
image: ${EXE_OS_WORKER_IMAGE_TAG:-ghcr.io/askexe/exe-os-worker:v0.9.311}
|
|
600
600
|
container_name: exe-os-worker
|
|
601
601
|
profiles: ["embeddings"]
|
|
602
602
|
restart: unless-stopped
|
|
@@ -635,7 +635,7 @@ services:
|
|
|
635
635
|
options: { max-size: "10m", max-file: "3" }
|
|
636
636
|
|
|
637
637
|
exe-gateway:
|
|
638
|
-
image: ${GATEWAY_IMAGE_TAG:-ghcr.io/askexe/exe-gateway:v0.9.
|
|
638
|
+
image: ${GATEWAY_IMAGE_TAG:-ghcr.io/askexe/exe-gateway:v0.9.24}
|
|
639
639
|
container_name: exe-gateway
|
|
640
640
|
restart: unless-stopped
|
|
641
641
|
# Gateway needs 45s to flush outbound queues + disconnect Baileys adapters.
|
|
@@ -716,7 +716,11 @@ services:
|
|
|
716
716
|
- "127.0.0.1:${GATEWAY_WS_HOST_PORT:-3101}:3101"
|
|
717
717
|
volumes:
|
|
718
718
|
- gateway_data:/data
|
|
719
|
-
|
|
719
|
+
# bug 99281cd8: mount the WhatsApp auth volume under EXE_GATEWAY_HOME
|
|
720
|
+
# (/data), NOT /app/auth_info. The gateway resolves authDir relative to
|
|
721
|
+
# EXE_GATEWAY_HOME; the old /app/auth_info mount was unreachable when the
|
|
722
|
+
# gateway used its default path. gateway.json authDir updated to match.
|
|
723
|
+
- gateway_whatsapp_auth:/data/auth_info
|
|
720
724
|
- ./gateway.json:/data/gateway.json:ro
|
|
721
725
|
# bug 02bc1bb8: PERSISTENT customer-overlay bind-mount. Anything the
|
|
722
726
|
# customer drops in the host ./overlay dir (e.g. po-intake.js) is exposed
|
|
@@ -758,7 +762,7 @@ services:
|
|
|
758
762
|
# include "monitor-agent". See deploy/monitor/HOST-ACCESS-CONSENT.md.
|
|
759
763
|
# ------------------------------------------------------------------
|
|
760
764
|
exe-monitor-agent:
|
|
761
|
-
image: ${MONITOR_AGENT_IMAGE_TAG:-ghcr.io/askexe/exe-monitor-agent:v0.9.
|
|
765
|
+
image: ${MONITOR_AGENT_IMAGE_TAG:-ghcr.io/askexe/exe-monitor-agent:v0.9.5}
|
|
762
766
|
container_name: exe-monitor-agent
|
|
763
767
|
# Host-access consent gate: only starts when the operator has
|
|
764
768
|
# acknowledged the host-access scope (COMPOSE_PROFILES=monitor-agent).
|
|
@@ -838,7 +842,7 @@ services:
|
|
|
838
842
|
# Without a token the binary exits 0 (no crash-loop). (bug 3416cead)
|
|
839
843
|
# ------------------------------------------------------------------
|
|
840
844
|
exe-update:
|
|
841
|
-
image: ${EXE_OS_IMAGE_TAG:-${EXED_IMAGE_TAG:-ghcr.io/askexe/exe-os:v0.9.
|
|
845
|
+
image: ${EXE_OS_IMAGE_TAG:-${EXED_IMAGE_TAG:-ghcr.io/askexe/exe-os:v0.9.311}}
|
|
842
846
|
container_name: exe-update
|
|
843
847
|
profiles: ["registry-proxy", "askexe-control-plane"]
|
|
844
848
|
restart: unless-stopped
|
|
@@ -968,11 +972,14 @@ services:
|
|
|
968
972
|
# Token mode: `tunnel run --token <TOKEN>` — no local credentials file needed.
|
|
969
973
|
# The token embeds the tunnel ID + credentials; routes are managed in the CF dashboard.
|
|
970
974
|
# --metrics exposes a local HTTP endpoint used by the healthcheck.
|
|
975
|
+
# bug 820c6473: CLOUDFLARE_TUNNEL_TOKEN must be required (:?) so a missing
|
|
976
|
+
# token fails at `docker compose up` parse time instead of silently starting
|
|
977
|
+
# cloudflared with an empty --token (which connects to nothing).
|
|
971
978
|
command: >
|
|
972
979
|
tunnel
|
|
973
980
|
--metrics localhost:2000
|
|
974
981
|
run
|
|
975
|
-
--token ${CLOUDFLARE_TUNNEL_TOKEN}
|
|
982
|
+
--token ${CLOUDFLARE_TUNNEL_TOKEN:?CLOUDFLARE_TUNNEL_TOKEN is required — create a tunnel in the Cloudflare dashboard and paste the token in .env}
|
|
976
983
|
depends_on:
|
|
977
984
|
# App subdomains (crm/wiki/erp) are fronted by exe-sso-edge for the unified
|
|
978
985
|
# SSO redirect (bug 96f8b2b2); gateway is routed directly.
|
|
@@ -981,7 +988,7 @@ services:
|
|
|
981
988
|
exe-gateway:
|
|
982
989
|
condition: service_healthy
|
|
983
990
|
environment:
|
|
984
|
-
TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN}
|
|
991
|
+
TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN:?CLOUDFLARE_TUNNEL_TOKEN is required — create a tunnel in the Cloudflare dashboard and paste the token in .env}
|
|
985
992
|
networks:
|
|
986
993
|
- backend
|
|
987
994
|
- frontend
|
|
@@ -1336,11 +1343,23 @@ services:
|
|
|
1336
1343
|
- "127.0.0.1:${OTEL_HEALTH_PORT:-13133}:13133" # Health check
|
|
1337
1344
|
networks:
|
|
1338
1345
|
- backend
|
|
1339
|
-
# otel-contrib is a
|
|
1340
|
-
#
|
|
1341
|
-
#
|
|
1342
|
-
|
|
1343
|
-
|
|
1346
|
+
# Bug 2e8ef511: otel-contrib is a distroless image — only the /otelcol-contrib
|
|
1347
|
+
# binary is present (no shell/wget/curl/nc, and the binary has no probe
|
|
1348
|
+
# subcommand), so a Docker `healthcheck.test` CMD that runs INSIDE the
|
|
1349
|
+
# container cannot be implemented for this upstream, pull-only image. The old
|
|
1350
|
+
# `test: ["NONE"]` actively DISABLED health, so a broken collector still
|
|
1351
|
+
# reported "running" — a silent observability gap.
|
|
1352
|
+
#
|
|
1353
|
+
# The collector's health_check extension serves HTTP 200 on :13133, and that
|
|
1354
|
+
# port is published to 127.0.0.1 above. Health is therefore verified
|
|
1355
|
+
# EXTERNALLY: status.sh now probes http://127.0.0.1:${OTEL_HEALTH_PORT}/
|
|
1356
|
+
# alongside every other service endpoint, so a down/unhealthy collector is
|
|
1357
|
+
# surfaced by the stack health tooling instead of hiding behind "running".
|
|
1358
|
+
# Keep that probe in lockstep with the OTEL_HEALTH_PORT mapping above.
|
|
1359
|
+
#
|
|
1360
|
+
# NOTE: we intentionally do NOT set `test: ["NONE"]`. Leaving healthcheck
|
|
1361
|
+
# unset inherits the upstream image's own HEALTHCHECK if one is ever added,
|
|
1362
|
+
# whereas ["NONE"] would permanently suppress it.
|
|
1344
1363
|
deploy:
|
|
1345
1364
|
resources:
|
|
1346
1365
|
limits:
|
|
@@ -1398,6 +1417,10 @@ services:
|
|
|
1398
1417
|
gotrue:
|
|
1399
1418
|
condition: service_healthy
|
|
1400
1419
|
healthcheck:
|
|
1420
|
+
# bug 0da060e5: exe-auth is a static nginx site — use --spider to verify the
|
|
1421
|
+
# server answers without downloading the full page body. Previous probe used
|
|
1422
|
+
# -qO- (downloaded content to stdout, no start_period). --spider exits 0 on
|
|
1423
|
+
# any 2xx/3xx and avoids wasting bandwidth.
|
|
1401
1424
|
# bug 2976868a: this probes the exe-auth nginx ("/" serves the login SPA),
|
|
1402
1425
|
# which proves the gateway UI is up but NOT that the GoTrue login backend is
|
|
1403
1426
|
# reachable. The stack-level SSO/login gate is enforced separately by the
|
|
@@ -1406,9 +1429,10 @@ services:
|
|
|
1406
1429
|
# while this static page stays green. (Strengthening THIS probe to the
|
|
1407
1430
|
# GoTrue-proxied path lives in the exe-auth image, which owns the nginx
|
|
1408
1431
|
# /api/ rewrite — not this compose file.)
|
|
1409
|
-
test: ["CMD", "wget", "-
|
|
1432
|
+
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:80/"]
|
|
1410
1433
|
interval: 30s
|
|
1411
1434
|
timeout: 5s
|
|
1435
|
+
start_period: 10s
|
|
1412
1436
|
retries: 3
|
|
1413
1437
|
deploy:
|
|
1414
1438
|
resources:
|
|
@@ -8,12 +8,12 @@
|
|
|
8
8
|
"whatsapp": {
|
|
9
9
|
"enabled": true,
|
|
10
10
|
"credentials": {
|
|
11
|
-
"authDir": "/
|
|
11
|
+
"authDir": "/data/auth_info/default"
|
|
12
12
|
},
|
|
13
13
|
"accounts": [
|
|
14
14
|
{
|
|
15
15
|
"name": "default",
|
|
16
|
-
"authDir": "/
|
|
16
|
+
"authDir": "/data/auth_info/default"
|
|
17
17
|
}
|
|
18
18
|
]
|
|
19
19
|
}
|
|
@@ -164,26 +164,12 @@ DO $$ DECLARE s text; BEGIN
|
|
|
164
164
|
END LOOP;
|
|
165
165
|
END $$;
|
|
166
166
|
|
|
167
|
-
--
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
payload JSONB NOT NULL,
|
|
174
|
-
metadata JSONB,
|
|
175
|
-
timestamp TIMESTAMPTZ DEFAULT now(),
|
|
176
|
-
created_at TIMESTAMPTZ DEFAULT now(),
|
|
177
|
-
processed_at TIMESTAMPTZ,
|
|
178
|
-
failed_at TIMESTAMPTZ,
|
|
179
|
-
retry_count INT NOT NULL DEFAULT 0,
|
|
180
|
-
error TEXT,
|
|
181
|
-
projections JSONB DEFAULT '{}'::jsonb
|
|
182
|
-
);
|
|
183
|
-
|
|
184
|
-
SELECT pg_temp.exe_create_index_if_columns_exist('idx_raw_events_unprocessed', 'raw', 'raw_events', ARRAY['created_at', 'processed_at'], 'CREATE INDEX IF NOT EXISTS idx_raw_events_unprocessed ON raw.raw_events (created_at) WHERE processed_at IS NULL');
|
|
185
|
-
SELECT pg_temp.exe_create_index_if_columns_exist('idx_raw_events_retryable', 'raw', 'raw_events', ARRAY['failed_at', 'processed_at', 'retry_count'], 'CREATE INDEX IF NOT EXISTS idx_raw_events_retryable ON raw.raw_events (failed_at) WHERE processed_at IS NULL AND failed_at IS NOT NULL AND retry_count < 5');
|
|
186
|
-
SELECT pg_temp.exe_create_index_if_columns_exist('uq_raw_events_dedup', 'raw', 'raw_events', ARRAY['source', 'source_id', 'event_type'], 'CREATE UNIQUE INDEX IF NOT EXISTS uq_raw_events_dedup ON raw.raw_events (source, source_id, event_type)');
|
|
167
|
+
-- raw.raw_events — SCHEMA OWNER: exe-db Prisma migrations (bug dc149875).
|
|
168
|
+
-- DO NOT create this table here. exe-db owns the raw_events schema via Prisma
|
|
169
|
+
-- migrations (20260504083822_add_raw_landing_pad + subsequent ALTERs). Creating
|
|
170
|
+
-- the table here with different column types (UUID vs TEXT id, TIMESTAMPTZ vs
|
|
171
|
+
-- TIMESTAMP) caused conflicts when Prisma migrations ran afterwards.
|
|
172
|
+
-- The projection-worker self-heals missing columns via ADD COLUMN IF NOT EXISTS.
|
|
187
173
|
|
|
188
174
|
-- ---------------------------------------------------------------------------
|
|
189
175
|
-- Graph schema — Company Brain memory + GraphRAG projection targets.
|
package/deploy/compose/setup.sh
CHANGED
|
@@ -52,118 +52,27 @@ info "Step 2: Generating .env file"
|
|
|
52
52
|
if [[ -f .env ]]; then
|
|
53
53
|
warn ".env already exists — skipping generation. Delete .env to regenerate."
|
|
54
54
|
else
|
|
55
|
+
# generate-env.ts is the SINGLE SOURCE OF TRUTH for image tags + secrets — its
|
|
56
|
+
# image-tag constants are kept in lockstep with deploy/stack-manifests/v0.9.json.
|
|
57
|
+
# Bug 716c0f6e: the previous inline shell fallback hardcoded STALE tag-only refs
|
|
58
|
+
# (exe-os:v0.9.155, exe-crm:v0.9.3, gateway:v0.9.3, …) far behind the manifest,
|
|
59
|
+
# so any failure of the generator silently deployed ancient images that bypass
|
|
60
|
+
# the manifest's digest-pinning entirely. There is NO safe inline fallback for
|
|
61
|
+
# image tags — fail loudly instead and let the operator install node/npx.
|
|
55
62
|
if command -v node >/dev/null 2>&1 && command -v npx >/dev/null 2>&1; then
|
|
56
|
-
#
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
CLICKHOUSE_PASSWORD=$(gen 32)
|
|
70
|
-
REDIS_PASSWORD=$(gen 32)
|
|
71
|
-
GOTRUE_JWT_SECRET=$(gen 48)
|
|
72
|
-
# Bug dc99d78e: SITE_URL = auth gateway (not crm) so email links + GoTrue's
|
|
73
|
-
# default redirect honor the originating product's ?redirect= via SPA /confirm.
|
|
74
|
-
GOTRUE_SITE_URL=https://auth.${DOMAIN}
|
|
75
|
-
GOTRUE_EXTERNAL_URL=https://auth.${DOMAIN}
|
|
76
|
-
# SSO redirect allow-list (bug 66f8e10a): app origins the gateway may bounce
|
|
77
|
-
# users back to via ?redirect=. Required for unified SSO across crm/wiki/erp.
|
|
78
|
-
GOTRUE_URI_ALLOW_LIST=https://crm.${DOMAIN},https://wiki.${DOMAIN},https://erp.${DOMAIN}
|
|
79
|
-
# Bug 0327b017: scope the session cookie to the PARENT apex domain so it is
|
|
80
|
-
# shared across crm/wiki/erp/auth subdomains → true SSO (no re-login).
|
|
81
|
-
GOTRUE_COOKIE_DOMAIN=.${DOMAIN}
|
|
82
|
-
GOTRUE_COOKIE_KEY=exe-auth
|
|
83
|
-
# Invite-only by default; never autoconfirm without an SMTP round-trip (bug 36c04fe3).
|
|
84
|
-
# Configure SMTP_HOST below and keep MAILER_AUTOCONFIRM=false to verify email ownership.
|
|
85
|
-
GOTRUE_DISABLE_SIGNUP=true
|
|
86
|
-
GOTRUE_MAILER_AUTOCONFIRM=false
|
|
87
|
-
GOTRUE_EXTERNAL_EMAIL_ENABLED=true
|
|
88
|
-
GOTRUE_EXTERNAL_PHONE_ENABLED=false
|
|
89
|
-
# Auth-email From address — customer domain, not askexe.com (bug 133c9d5b).
|
|
90
|
-
SMTP_FROM=noreply@${DOMAIN}
|
|
91
|
-
SMTP_HOST=
|
|
92
|
-
SMTP_PORT=587
|
|
93
|
-
SMTP_USER=
|
|
94
|
-
SMTP_PASS=
|
|
95
|
-
IS_SIGN_UP_DISABLED=true
|
|
96
|
-
AUTH_PASSWORD_ENABLED=true
|
|
97
|
-
# --- Auth gateway (exe-auth — shared SSO sign-in UI at auth.<domain>) ---
|
|
98
|
-
# Bug 58840873: pin the auth image so compose never falls back to its stale
|
|
99
|
-
# default tag. Bug 379e5c13: server_name/CORS from the configured apex domain
|
|
100
|
-
# directly (no last-2-label slicing → safe for company.co.uk). Bug 5960ebb1:
|
|
101
|
-
# AUTH_DISABLE_SIGNUP mirrors GOTRUE_DISABLE_SIGNUP so the SPA hides signup UI.
|
|
102
|
-
AUTH_IMAGE_TAG=update.askexe.com/askexe/exe-auth:v0.2.0
|
|
103
|
-
AUTH_SERVER_NAME=auth.${DOMAIN}
|
|
104
|
-
AUTH_CORS_ORIGIN=https://${DOMAIN}
|
|
105
|
-
AUTH_DEFAULT_PRODUCT=AUTH
|
|
106
|
-
AUTH_DISABLE_SIGNUP=true
|
|
107
|
-
CRM_IMAGE_TAG=ghcr.io/askexe/exe-crm:v0.9.3
|
|
108
|
-
CRM_SERVER_URL=https://crm.${DOMAIN}
|
|
109
|
-
CRM_APP_SECRET=$(gen 48)
|
|
110
|
-
EXE_CRM_ADMIN_TOKEN=$(gen 48)
|
|
111
|
-
CRM_HOST_PORT=3000
|
|
112
|
-
WIKI_IMAGE_TAG=ghcr.io/askexe/exe-wiki:v0.9.4
|
|
113
|
-
WIKI_DB_SCHEMA=wiki
|
|
114
|
-
WIKI_VECTOR_DB=exeOsMcp
|
|
115
|
-
WIKI_AUTH_TOKEN=$(gen 48)
|
|
116
|
-
EXE_WIKI_ADMIN_TOKEN=$(gen 48)
|
|
117
|
-
WIKI_JWT_SECRET=$(gen 48)
|
|
118
|
-
WIKI_SIG_KEY=$(gen 48)
|
|
119
|
-
WIKI_SIG_SALT=$(gen 16)
|
|
120
|
-
WIKI_HOST_PORT=3001
|
|
121
|
-
EXE_OS_IMAGE_TAG=ghcr.io/askexe/exe-os:v0.9.155
|
|
122
|
-
EXED_MCP_TOKEN=$(gen 48)
|
|
123
|
-
EXED_DEVICE_ID=vps-${CLIENT}
|
|
124
|
-
EXE_MCP_HOST_BIND=0.0.0.0
|
|
125
|
-
EXE_MCP_HOST_PORT=48739
|
|
126
|
-
EXE_CLOUD_SYNC_TO_POSTGRES=true
|
|
127
|
-
EXE_LICENSE_KEY=${LICENSE:-CHANGEME_EXE_LICENSE_KEY}
|
|
128
|
-
GATEWAY_IMAGE_TAG=ghcr.io/askexe/exe-gateway:v0.9.3
|
|
129
|
-
EXE_GATEWAY_AUTH_TOKEN=$(gen 48)
|
|
130
|
-
EXE_GATEWAY_WS_RELAY_AUTH_TOKEN=$(gen 48)
|
|
131
|
-
EXE_GATEWAY_WHATSAPP_VERIFY_TOKEN=$(gen 32)
|
|
132
|
-
API_ROUTER_URL=https://gateway.${DOMAIN}
|
|
133
|
-
GATEWAY_HTTP_HOST_PORT=3100
|
|
134
|
-
GATEWAY_WS_HOST_PORT=3101
|
|
135
|
-
MONITOR_HUB_IMAGE_TAG=ghcr.io/askexe/exe-monitor-hub:v0.9.4
|
|
136
|
-
MONITOR_AGENT_IMAGE_TAG=ghcr.io/askexe/exe-monitor-agent:v0.9.4
|
|
137
|
-
EXE_MONITOR_ADMIN_TOKEN=$(gen 48)
|
|
138
|
-
# bug a125785d: shared secret for hub error ingestion (POST /api/exe-monitor/errors).
|
|
139
|
-
# The hub fails CLOSED (rejects all ingestion) when unset, so generate one and
|
|
140
|
-
# wire it to every error-reporting service via X-Monitor-Key.
|
|
141
|
-
EXE_MONITOR_KEY=$(gen 32)
|
|
142
|
-
# bug 182c6da3: URL the hub POSTs error-spike alerts to. Unset = alerting silently
|
|
143
|
-
# disabled. Default to the gateway's error-spike endpoint (POST /api/alerts/error-spike
|
|
144
|
-
# on the gateway HTTP port) so spikes reach WhatsApp alerting.
|
|
145
|
-
GATEWAY_ALERT_URL=http://exe-gateway:3100/api/alerts/error-spike
|
|
146
|
-
MONITOR_HUB_URL=http://exe-monitor-hub:8090
|
|
147
|
-
MONITOR_HUB_PORT=8090
|
|
148
|
-
# Bootstrap superuser — created on first start, stored in pb_data afterwards.
|
|
149
|
-
MONITOR_HUB_ADMIN_EMAIL=admin@${DOMAIN}
|
|
150
|
-
MONITOR_HUB_ADMIN_PASSWORD=$(gen 24)
|
|
151
|
-
# bug dacf0042: leave TOKEN/KEY EMPTY (not a CHANGEME placeholder). The agent
|
|
152
|
-
# treats empty as "unpaired, keep retrying" — the safe state. `exe-os stack-update`
|
|
153
|
-
# fills the real values after pairing the agent with the hub. A non-empty
|
|
154
|
-
# placeholder would be submitted to the hub as a bogus token forever.
|
|
155
|
-
MONITOR_AGENT_TOKEN=
|
|
156
|
-
MONITOR_AGENT_KEY=
|
|
157
|
-
MONITOR_AGENT_LISTEN=:45876
|
|
158
|
-
# --- R2 (Cloudflare) — shared by media uploads + VPS backups ---
|
|
159
|
-
R2_MEDIA_BUCKET=CHANGEME_R2_BUCKET
|
|
160
|
-
R2_MEDIA_ENDPOINT=CHANGEME_https://ACCOUNT_ID.r2.cloudflarestorage.com
|
|
161
|
-
R2_MEDIA_ACCESS_KEY=CHANGEME_R2_ACCESS_KEY
|
|
162
|
-
R2_MEDIA_SECRET_KEY=CHANGEME_R2_SECRET_KEY
|
|
163
|
-
# --- Backup encryption (customer-owned, AskExe cannot decrypt) ---
|
|
164
|
-
EXE_BACKUP_KEY=$(gen 32)
|
|
165
|
-
ENVEOF
|
|
166
|
-
}
|
|
63
|
+
# Run via npx tsx (the project is pure ESM — require() is forbidden).
|
|
64
|
+
if ! npx --yes tsx "$SCRIPT_DIR/generate-env.ts" "$CLIENT" "$DOMAIN" "${LICENSE:-}" > .env 2>/tmp/exe-generate-env.err; then
|
|
65
|
+
rm -f .env
|
|
66
|
+
err "generate-env.ts failed — refusing to write a .env with stale fallback image tags."
|
|
67
|
+
err "Generator error:"; cat /tmp/exe-generate-env.err >&2 || true
|
|
68
|
+
err "Fix node/tsx and re-run setup.sh (the inline fallback was removed: bug 716c0f6e)."
|
|
69
|
+
exit 1
|
|
70
|
+
fi
|
|
71
|
+
else
|
|
72
|
+
err "node + npx are required to generate .env (single source of truth for"
|
|
73
|
+
err "manifest-pinned image tags). Install Node.js, then re-run setup.sh."
|
|
74
|
+
err "The stale inline fallback was removed (bug 716c0f6e)."
|
|
75
|
+
exit 1
|
|
167
76
|
fi
|
|
168
77
|
# bug 759d13db: lock the secret file to owner-only even if a prior umask was
|
|
169
78
|
# looser or the node generator path created it before umask took effect.
|
|
@@ -259,12 +168,12 @@ if [[ ! -f gateway.json ]]; then
|
|
|
259
168
|
"whatsapp": {
|
|
260
169
|
"enabled": true,
|
|
261
170
|
"credentials": {
|
|
262
|
-
"authDir": "/
|
|
171
|
+
"authDir": "/data/auth_info/default"
|
|
263
172
|
},
|
|
264
173
|
"accounts": [
|
|
265
174
|
{
|
|
266
175
|
"name": "default",
|
|
267
|
-
"authDir": "/
|
|
176
|
+
"authDir": "/data/auth_info/default"
|
|
268
177
|
}
|
|
269
178
|
]
|
|
270
179
|
}
|
|
@@ -289,27 +198,60 @@ else
|
|
|
289
198
|
info "Cloudflared config exists."
|
|
290
199
|
fi
|
|
291
200
|
|
|
292
|
-
# Step 4:
|
|
293
|
-
|
|
294
|
-
|
|
201
|
+
# Step 4+5: Bring up the stack.
|
|
202
|
+
#
|
|
203
|
+
# Bug 716c0f6e: first-install must route through `exe-os stack-update` — the SAME
|
|
204
|
+
# gated path used for upgrades — so a fresh deploy gets the manifest's
|
|
205
|
+
# digest-pinned image refs, the BLOCKING static preflight gate, registry/proxy
|
|
206
|
+
# auth, health-gated rollout, and automatic rollback on failure. Raw
|
|
207
|
+
# `docker compose pull && up` skips ALL of that and pulls whatever tags happen to
|
|
208
|
+
# be in .env with no preflight, no rollback, and no health sequencing.
|
|
209
|
+
#
|
|
210
|
+
# The exe-os CLI is REQUIRED — setup.sh will attempt to install it via npm
|
|
211
|
+
# if not already on PATH. If npm is unavailable, setup fails loudly.
|
|
212
|
+
# There is NO raw compose fallback (that was the bug).
|
|
213
|
+
EXE_CLI=""
|
|
214
|
+
if command -v exe-os >/dev/null 2>&1; then EXE_CLI="exe-os"; fi
|
|
295
215
|
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
docker compose up -
|
|
216
|
+
if [[ -z "$EXE_CLI" ]]; then
|
|
217
|
+
# Bug 716c0f6e: the exe-os CLI is REQUIRED for first-install. Raw
|
|
218
|
+
# `docker compose pull && up` bypasses the digest-pinned manifest,
|
|
219
|
+
# preflight gates, proxy auth, health sequencing, and rollback — all
|
|
220
|
+
# critical for production deploys. Attempt to install the CLI via npm
|
|
221
|
+
# (node is already validated present in Step 2). If npm is not available,
|
|
222
|
+
# fail loudly with install instructions instead of silently deploying
|
|
223
|
+
# with stale/unverified images.
|
|
224
|
+
info "Step 4: exe-os CLI not found — attempting install via npm..."
|
|
225
|
+
if command -v npm >/dev/null 2>&1; then
|
|
226
|
+
if npm install -g exe-os 2>/tmp/exe-npm-install.err; then
|
|
227
|
+
EXE_CLI="exe-os"
|
|
228
|
+
info "exe-os CLI installed successfully."
|
|
229
|
+
else
|
|
230
|
+
err "npm install -g exe-os failed:"
|
|
231
|
+
cat /tmp/exe-npm-install.err >&2 || true
|
|
232
|
+
fi
|
|
233
|
+
fi
|
|
234
|
+
fi
|
|
299
235
|
|
|
300
|
-
|
|
301
|
-
info "Step
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
236
|
+
if [[ -n "$EXE_CLI" ]]; then
|
|
237
|
+
info "Step 4+5: Deploying via '$EXE_CLI stack-update' (preflight + proxy auth + health-gated rollout + rollback)..."
|
|
238
|
+
if ! "$EXE_CLI" stack-update --yes; then
|
|
239
|
+
err "stack-update failed — the gated deploy refused or rolled back. Review the"
|
|
240
|
+
err "output above. Do NOT bypass with raw 'docker compose up' — fix the cause"
|
|
241
|
+
err "(preflight RED, image pull, or health failure) and re-run setup.sh."
|
|
242
|
+
exit 1
|
|
243
|
+
fi
|
|
244
|
+
info "stack-update completed (preflight + health gates passed)."
|
|
245
|
+
else
|
|
246
|
+
err "Step 4+5: exe-os CLI is REQUIRED for first-install deploys (bug 716c0f6e)."
|
|
247
|
+
err "Raw 'docker compose up' bypasses the digest-pinned manifest, preflight"
|
|
248
|
+
err "gates, health sequencing, and rollback — deploying stale/unverified images."
|
|
249
|
+
err ""
|
|
250
|
+
err "Install the CLI and re-run setup.sh:"
|
|
251
|
+
err " npm install -g exe-os"
|
|
252
|
+
err " ./setup.sh --client $CLIENT --domain $DOMAIN${LICENSE:+ --license $LICENSE}"
|
|
253
|
+
exit 1
|
|
254
|
+
fi
|
|
313
255
|
|
|
314
256
|
# Step 7: Verify
|
|
315
257
|
info "Step 7: Verification"
|
package/deploy/compose/status.sh
CHANGED
|
@@ -33,6 +33,11 @@ check "Gateway" "http://127.0.0.1:3100/health"
|
|
|
33
33
|
check "Monitor" "http://127.0.0.1:8090/api/health"
|
|
34
34
|
check "GoTrue" "http://127.0.0.1:9999/health"
|
|
35
35
|
check "exe-os" "http://127.0.0.1:8765/health"
|
|
36
|
+
# Bug 2e8ef511: the otel-collector is distroless and cannot run an in-container
|
|
37
|
+
# Docker healthcheck, so its health_check extension (HTTP 200 on the published
|
|
38
|
+
# OTEL_HEALTH_PORT, default 13133) is verified here instead. Without this probe a
|
|
39
|
+
# broken collector silently shows as "running" with no health signal anywhere.
|
|
40
|
+
check "OTel" "http://127.0.0.1:${OTEL_HEALTH_PORT:-13133}/"
|
|
36
41
|
|
|
37
42
|
echo ""
|
|
38
43
|
|