@askexenow/exe-os 0.9.39 → 0.9.41

package/dist/mcp/server.js

@@ -850,8 +850,8 @@ async function embedDirect(text3) {
   const llamaCpp = await import("node-llama-cpp");
   const { MODELS_DIR: MODELS_DIR2 } = await Promise.resolve().then(() => (init_config(), config_exports));
   const { existsSync: existsSync35 } = await import("fs");
-  const path46 = await import("path");
-  const modelPath = path46.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
+  const path47 = await import("path");
+  const modelPath = path47.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
   if (!existsSync35(modelPath)) {
     throw new Error(`Embedding model not found at ${modelPath}. Run '/exe-setup' to download it.`);
   }
@@ -3340,7 +3340,7 @@ async function tryKeytar() {
 }
 function deriveMachineKey() {
   try {
-    const crypto18 = __require("crypto");
+    const crypto19 = __require("crypto");
     const material = [
       os5.hostname(),
       os5.userInfo().username,
@@ -3349,7 +3349,7 @@ function deriveMachineKey() {
       // Machine ID on Linux (stable across reboots)
       process.platform === "linux" ? readMachineId() : ""
     ].join("|");
-    return crypto18.createHash("sha256").update(material).digest();
+    return crypto19.createHash("sha256").update(material).digest();
   } catch {
     return null;
   }
@@ -3363,9 +3363,9 @@ function readMachineId() {
   }
 }
 function encryptWithMachineKey(plaintext, machineKey) {
-  const crypto18 = __require("crypto");
-  const iv = crypto18.randomBytes(12);
-  const cipher = crypto18.createCipheriv("aes-256-gcm", machineKey, iv);
+  const crypto19 = __require("crypto");
+  const iv = crypto19.randomBytes(12);
+  const cipher = crypto19.createCipheriv("aes-256-gcm", machineKey, iv);
   let encrypted = cipher.update(plaintext, "utf-8", "base64");
   encrypted += cipher.final("base64");
   const authTag = cipher.getAuthTag().toString("base64");
@@ -3374,13 +3374,13 @@ function encryptWithMachineKey(plaintext, machineKey) {
 function decryptWithMachineKey(encrypted, machineKey) {
   if (!encrypted.startsWith(ENCRYPTED_PREFIX)) return null;
   try {
-    const crypto18 = __require("crypto");
+    const crypto19 = __require("crypto");
     const parts = encrypted.slice(ENCRYPTED_PREFIX.length).split(":");
     if (parts.length !== 3) return null;
     const [ivB64, tagB64, cipherB64] = parts;
     const iv = Buffer.from(ivB64, "base64");
     const authTag = Buffer.from(tagB64, "base64");
-    const decipher = crypto18.createDecipheriv("aes-256-gcm", machineKey, iv);
+    const decipher = crypto19.createDecipheriv("aes-256-gcm", machineKey, iv);
     decipher.setAuthTag(authTag);
     let decrypted = decipher.update(cipherB64, "base64", "utf-8");
     decrypted += decipher.final("utf-8");
@@ -4204,6 +4204,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Customer patch triage \u2014 upstream bug vs customization",
+        domain: "support",
+        priority: "p0",
+        content: "Before editing platform code for a customer issue, classify it. Upstream bug = reproducible exe-os/platform defect; call create_bug_report with repro/version/workaround and avoid permanent local patches unless founder approves. Customer customization = identity, behavior, procedure, config, branding, workflow; store it in customer-owned layers, not platform code. Emergency hotfix = temporary only; document files/diff and re-check after npm update."
+      },
       // --- Operations ---
       {
         title: "Managers must supervise deployed workers",
@@ -4272,7 +4278,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: classify/file upstream bugs, customer customizations, and emergency hotfixes."
       },
       {
         title: "MCP tools \u2014 communication and messaging",
@@ -6262,10 +6268,10 @@ async function hybridSearch(queryText, agentId, options) {
     };
     try {
       const fs = await import("fs");
-      const path46 = await import("path");
+      const path47 = await import("path");
       const os20 = await import("os");
-      const logPath = path46.join(os20.homedir(), ".exe-os", "search-quality.jsonl");
-      fs.mkdirSync(path46.dirname(logPath), { recursive: true });
+      const logPath = path47.join(os20.homedir(), ".exe-os", "search-quality.jsonl");
+      fs.mkdirSync(path47.dirname(logPath), { recursive: true });
       fs.appendFileSync(logPath, JSON.stringify(logEntry) + "\n");
     } catch {
     }
@@ -7548,8 +7554,8 @@ __export(wiki_client_exports, {
   listDocuments: () => listDocuments,
   listWorkspaces: () => listWorkspaces
 });
-async function wikiFetch(config2, path46, method = "GET", body) {
-  const url = `${config2.baseUrl}/api/v1${path46}`;
+async function wikiFetch(config2, path47, method = "GET", body) {
+  const url = `${config2.baseUrl}/api/v1${path47}`;
   const headers = {
     Authorization: `Bearer ${config2.apiKey}`,
     "Content-Type": "application/json"
@@ -7582,7 +7588,7 @@ async function wikiFetch(config2, path46, method = "GET", body) {
       }
     }
     if (!response.ok) {
-      throw new Error(`Wiki API ${method} ${path46}: ${response.status} ${response.statusText}`);
+      throw new Error(`Wiki API ${method} ${path47}: ${response.status} ${response.statusText}`);
     }
     return response.json();
   } finally {
@@ -12728,7 +12734,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { spawn as spawn4 } from "child_process";
 import { existsSync as existsSync34, openSync as openSync3, mkdirSync as mkdirSync18, closeSync as closeSync3, readFileSync as readFileSync28 } from "fs";
-import path45 from "path";
+import path46 from "path";
 import os19 from "os";
 import { fileURLToPath as fileURLToPath5 } from "url";
 
@@ -17839,9 +17845,9 @@ var HostingerApiClient = class {
     }
     this.lastRequestTime = Date.now();
   }
-  async request(method, path46, body) {
+  async request(method, path47, body) {
     await this.rateLimit();
-    const url = `${this.baseUrl}${path46}`;
+    const url = `${this.baseUrl}${path47}`;
     const headers = {
       Authorization: `Bearer ${this.apiKey}`,
       "Content-Type": "application/json",
@@ -17914,8 +17920,8 @@ async function requestCloudflare(cfApiToken, zoneId, options) {
   }
   return envelope.result;
 }
-function buildUrl(zoneId, path46 = "/dns_records", query) {
-  const normalizedPath = path46.startsWith("/") ? path46 : `/${path46}`;
+function buildUrl(zoneId, path47 = "/dns_records", query) {
+  const normalizedPath = path47.startsWith("/") ? path47 : `/${path47}`;
   const url = new URL(
     `${CLOUDFLARE_API_BASE_URL}/zones/${zoneId}${normalizedPath}`
   );
@@ -20121,12 +20127,12 @@ function registerExportGraph(server2) {
         }
         const html = await exportGraphHTML(client);
         const fs = await import("fs");
-        const path46 = await import("path");
+        const path47 = await import("path");
         const os20 = await import("os");
-        const outDir = path46.join(os20.homedir(), ".exe-os", "exports");
+        const outDir = path47.join(os20.homedir(), ".exe-os", "exports");
         fs.mkdirSync(outDir, { recursive: true });
         const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
-        const filePath = path46.join(outDir, `graph-${timestamp}.html`);
+        const filePath = path47.join(outDir, `graph-${timestamp}.html`);
         fs.writeFileSync(filePath, html, "utf-8");
         return {
           content: [
@@ -24166,6 +24172,219 @@ Key saved to ~/.exe-os/license.key. Device ID: ${deviceId}`);
   );
 }
 
+// src/mcp/tools/create-bug-report.ts
+init_embedder();
+init_active_agent();
+init_config();
+init_store();
+import { z as z82 } from "zod";
+import crypto18 from "crypto";
+import { mkdir as mkdir6, writeFile as writeFile7 } from "fs/promises";
+import path45 from "path";
+var CLASSIFICATION = z82.enum([
+  "upstream_bug",
+  "customer_customization",
+  "emergency_hotfix",
+  "unclear"
+]);
+var SEVERITY = z82.enum(["p0", "p1", "p2", "p3"]);
+function slugify2(input) {
+  return input.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 80) || "bug-report";
+}
+function formatList(items) {
+  if (!items || items.length === 0) return "- Not provided";
+  return items.map((item) => `- ${item}`).join("\n");
+}
+function section(title, body) {
+  return `## ${title}
+
+${body?.trim() || "Not provided"}`;
+}
+function buildMarkdown(input) {
+  return [
+    `# Bug Report \u2014 ${input.title}`,
+    "",
+    `id: ${input.id}`,
+    `classification: ${input.classification}`,
+    `severity: ${input.severity}`,
+    `filed_by: ${input.agentId} (${input.agentRole})`,
+    `package_version: ${input.packageVersion}`,
+    `project: ${input.projectName ?? "unknown"}`,
+    `created_at: ${(/* @__PURE__ */ new Date()).toISOString()}`,
+    "",
+    section("Summary", input.summary),
+    section("Customer impact", input.customerImpact),
+    "## Reproduction steps",
+    "",
+    formatList(input.reproductionSteps),
+    "",
+    section("Expected behavior", input.expected),
+    section("Actual behavior", input.actual),
+    "## Files changed / suspected",
+    "",
+    formatList(input.filesChanged),
+    "",
+    section("Local workaround / hotfix", input.workaround),
+    section("Local patch diff", input.localPatchDiff)
+  ].join("\n");
+}
+async function maybeSendUpstream(payload) {
+  const config2 = await loadConfig();
+  const endpoint = config2.support?.bugReportEndpoint || process.env.EXE_BUG_REPORT_ENDPOINT;
+  const token = config2.support?.bugReportToken || process.env.EXE_BUG_REPORT_TOKEN;
+  if (!endpoint) {
+    return "not_configured";
+  }
+  try {
+    const parsed = new URL(endpoint);
+    if (parsed.protocol !== "https:" && !["localhost", "127.0.0.1", "::1"].includes(parsed.hostname)) {
+      return "failed: insecure endpoint rejected";
+    }
+    const response = await fetch(parsed, {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        ...token ? { authorization: `Bearer ${token}` } : {}
+      },
+      body: JSON.stringify(payload),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) return `failed: HTTP ${response.status}`;
+    return "sent";
+  } catch (err) {
+    return `failed: ${err instanceof Error ? err.message : String(err)}`;
+  }
+}
+function registerCreateBugReport(server2) {
+  server2.registerTool(
+    "create_bug_report",
+    {
+      title: "Create Bug Report",
+      description: "Classify and file an exe-os issue as upstream_bug, customer_customization, emergency_hotfix, or unclear. Writes a local report, stores memory, and optionally sends to AskExe support when a support endpoint is configured.",
+      inputSchema: {
+        title: z82.string().min(3).describe("Short descriptive title"),
+        classification: CLASSIFICATION.describe(
+          "upstream_bug = platform defect; customer_customization = local preference; emergency_hotfix = temporary local patch; unclear = needs maintainer triage"
+        ),
+        severity: SEVERITY.default("p2").describe("p0 critical \u2192 p3 low"),
+        summary: z82.string().min(10).describe("What happened and why it matters"),
+        customer_impact: z82.string().optional().describe("How this affects the customer/founder"),
+        reproduction_steps: z82.array(z82.string()).optional().describe("Steps to reproduce"),
+        expected: z82.string().optional().describe("Expected behavior"),
+        actual: z82.string().optional().describe("Actual behavior"),
+        files_changed: z82.array(z82.string()).optional().describe("Files changed or suspected"),
+        workaround: z82.string().optional().describe("Temporary local workaround/hotfix, if any"),
+        local_patch_diff: z82.string().optional().describe("Small local diff or patch summary"),
+        package_version: z82.string().optional().describe("Installed @askexenow/exe-os version"),
+        project_name: z82.string().optional().describe("Project/customer context"),
+        send_upstream: z82.boolean().default(true).describe("Attempt to POST to configured AskExe support endpoint")
+      }
+    },
+    async ({
+      title,
+      classification,
+      severity,
+      summary,
+      customer_impact,
+      reproduction_steps,
+      expected,
+      actual,
+      files_changed,
+      workaround,
+      local_patch_diff,
+      package_version,
+      project_name,
+      send_upstream
+    }) => {
+      const { agentId, agentRole } = getActiveAgent();
+      const id = crypto18.randomUUID();
+      const version = package_version ?? "unknown";
+      const markdown = buildMarkdown({
+        id,
+        title,
+        classification,
+        severity,
+        agentId,
+        agentRole,
+        packageVersion: version,
+        summary,
+        customerImpact: customer_impact,
+        expected,
+        actual,
+        workaround,
+        localPatchDiff: local_patch_diff,
+        reproductionSteps: reproduction_steps,
+        filesChanged: files_changed,
+        projectName: project_name
+      });
+      const outDir = path45.join(EXE_AI_DIR, "bug-reports");
+      await mkdir6(outDir, { recursive: true });
+      const reportPath = path45.join(outDir, `${(/* @__PURE__ */ new Date()).toISOString().slice(0, 10)}-${slugify2(title)}-${id.slice(0, 8)}.md`);
+      await writeFile7(reportPath, markdown, "utf-8");
+      let vector = null;
+      try {
+        vector = await embed(markdown);
+      } catch {
+        vector = null;
+      }
+      await writeMemory({
+        id,
+        agent_id: agentId,
+        agent_role: agentRole,
+        session_id: process.env.SESSION_ID ?? "manual",
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        tool_name: "create_bug_report",
+        project_name: project_name ?? "support",
+        has_error: classification === "upstream_bug" || classification === "emergency_hotfix",
+        raw_text: markdown,
+        vector,
+        source_path: reportPath,
+        source_type: "bug_report",
+        memory_type: "bug_report",
+        tier: 1,
+        importance: severity === "p0" ? 10 : severity === "p1" ? 9 : 7,
+        intent: "report",
+        domain: "support",
+        file_paths: files_changed ? JSON.stringify(files_changed) : null
+      });
+      await flushBatch();
+      const upstreamStatus = send_upstream ? await maybeSendUpstream({
+        id,
+        title,
+        classification,
+        severity,
+        summary,
+        customer_impact,
+        reproduction_steps,
+        expected,
+        actual,
+        files_changed,
+        workaround,
+        local_patch_diff,
+        package_version: version,
+        project_name,
+        agent_id: agentId,
+        agent_role: agentRole,
+        report_path: reportPath,
+        markdown
+      }) : "skipped";
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Bug report created.
+ID: ${id}
+Classification: ${classification}
+Local report: ${reportPath}
+Memory stored: ${id}
+Upstream status: ${upstreamStatus}`
+          }
+        ]
+      };
+    }
+  );
+}
+
 // src/mcp/tool-gates.ts
 var TOOL_GATES = {
   core: [],
@@ -24214,6 +24433,7 @@ var TOOL_CATEGORIES = {
   registerBehavior: "core",
   registerStoreDecision: "core",
   registerGetDecision: "core",
+  registerCreateBugReport: "core",
   registerIdentity: "core",
   registerGetIdentity: "core",
   registerUpdateIdentity: "core",
@@ -24246,6 +24466,7 @@ var TOOL_CATEGORIES = {
   registerExportGraph: "graph-write",
   // wiki
   registerWiki: "wiki",
+  registerCreateWikiPage: "wiki",
   registerListWikiPages: "wiki",
   registerGetWikiPage: "wiki",
   // crm
@@ -24422,6 +24643,7 @@ function registerAllTools(server2) {
   }
   gate("registerStoreDecision", registerStoreDecision);
   gate("registerGetDecision", registerGetDecision);
+  gate("registerCreateBugReport", registerCreateBugReport);
   gate("registerGetAgentSpend", registerGetAgentSpend);
   gate("registerGetGraphStats", registerGetGraphStats);
   gate("registerGetEntityNeighbors", registerGetEntityNeighbors);
@@ -24575,7 +24797,7 @@ try {
     }
   }, 3e4);
   _ppidWatchdog.unref();
-  const MCP_VERSION_PATH = path45.join(os19.homedir(), ".exe-os", "mcp-version");
+  const MCP_VERSION_PATH = path46.join(os19.homedir(), ".exe-os", "mcp-version");
   let _currentMcpVersion = null;
   try {
     _currentMcpVersion = existsSync34(MCP_VERSION_PATH) ? readFileSync28(MCP_VERSION_PATH, "utf8").trim() : null;
@@ -24617,14 +24839,14 @@ try {
 `
       );
       const thisFile = fileURLToPath5(import.meta.url);
-      const backfillPath = path45.resolve(
-        path45.dirname(thisFile),
+      const backfillPath = path46.resolve(
+        path46.dirname(thisFile),
         "../bin/backfill-vectors.js"
       );
       if (existsSync34(backfillPath)) {
         const { EXE_AI_DIR: exeDir } = await Promise.resolve().then(() => (init_config(), config_exports));
-        const logPath = path45.join(exeDir, "workers.log");
-        mkdirSync18(path45.dirname(logPath), { recursive: true });
+        const logPath = path46.join(exeDir, "workers.log");
+        mkdirSync18(path46.dirname(logPath), { recursive: true });
         let logFd = "ignore";
         try {
           logFd = openSync3(logPath, "a");

package/dist/runtime/index.js

@@ -7390,6 +7390,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Customer patch triage \u2014 upstream bug vs customization",
+        domain: "support",
+        priority: "p0",
+        content: "Before editing platform code for a customer issue, classify it. Upstream bug = reproducible exe-os/platform defect; call create_bug_report with repro/version/workaround and avoid permanent local patches unless founder approves. Customer customization = identity, behavior, procedure, config, branding, workflow; store it in customer-owned layers, not platform code. Emergency hotfix = temporary only; document files/diff and re-check after npm update."
+      },
       // --- Operations ---
       {
         title: "Managers must supervise deployed workers",
@@ -7458,7 +7464,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: classify/file upstream bugs, customer customizations, and emergency hotfixes."
       },
       {
         title: "MCP tools \u2014 communication and messaging",

package/dist/tui/App.js

@@ -8556,6 +8556,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "NEVER: (1) Access the database directly \u2014 it's SQLCipher encrypted, always fails. Use MCP tools only. (2) Manually spawn tmux sessions \u2014 create_task handles it. (3) Run git checkout main \u2014 agents work in worktrees. (4) Modify another agent's in-progress task. (5) Push to remote \u2014 the COO reviews and pushes. (6) Skip update_task(done) \u2014 it's the ONLY way your work gets reviewed. (7) Run git init."
       },
+      {
+        title: "Customer patch triage \u2014 upstream bug vs customization",
+        domain: "support",
+        priority: "p0",
+        content: "Before editing platform code for a customer issue, classify it. Upstream bug = reproducible exe-os/platform defect; call create_bug_report with repro/version/workaround and avoid permanent local patches unless founder approves. Customer customization = identity, behavior, procedure, config, branding, workflow; store it in customer-owned layers, not platform code. Emergency hotfix = temporary only; document files/diff and re-check after npm update."
+      },
       // --- Operations ---
       {
         title: "Managers must supervise deployed workers",
@@ -8624,7 +8630,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: classify/file upstream bugs, customer customizations, and emergency hotfixes."
       },
       {
         title: "MCP tools \u2014 communication and messaging",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.39",
+  "version": "0.9.41",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",
@@ -71,7 +71,7 @@
     "typecheck": "tsc --noEmit",
     "build": "tsup && mkdir -p dist/assets && cp src/assets/tmux.conf dist/assets/ && cp src/assets/ghostty.conf dist/assets/ && cp src/assets/statusline-command.sh dist/assets/ && cp src/bin/exe-start.sh dist/bin/exe-start.sh",
     "deploy": "node dist/bin/pre-build-guard.js 2>/dev/null; (kill $(cat ~/.exe-os/exed.pid 2>/dev/null) 2>/dev/null; pgrep -f exe-daemon.js | xargs kill 2>/dev/null; true) && tsup && mkdir -p dist/assets && cp src/assets/tmux.conf dist/assets/ && cp src/assets/ghostty.conf dist/assets/ && cp src/assets/statusline-command.sh dist/assets/ && cp src/bin/exe-start.sh dist/bin/exe-start.sh && npm install -g . && node dist/bin/install.js --global && echo '[exe-os] Deploy complete. Run /mcp in active sessions to reconnect.'",
-    "postinstall": "node dist/bin/install.js --global 2>/dev/null || true",
+    "postinstall": "node dist/bin/install.js --commands-only 2>/dev/null || true",
     "prepublishOnly": "npm run typecheck && npm run build && node dist/bin/customer-readiness.js",
     "test:publish": "npx vitest run --maxWorkers=4 --exclude 'tests/tui/**' --exclude 'tests/lib/tmux-routing.test.ts' --exclude 'tests/lib/intercom-routing.test.ts' --exclude 'tests/gateway/**' --exclude 'tests/installer/setup-wizard.test.ts' --exclude 'tests/mcp/ingest-document.test.ts' --exclude 'tests/lib/hybrid-search.test.ts' --exclude 'tests/lib/worker-gate.test.ts'",
     "benchmark:longmemeval": "npx tsx tests/benchmarks/longmemeval.ts"