@askexenow/exe-os 0.9.77 → 0.9.79

package/dist/bin/exe-support.js

@@ -0,0 +1,537 @@
+#!/usr/bin/env node
+
+// src/bin/exe-support.ts
+import { mkdirSync as mkdirSync3, readFileSync as readFileSync3, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
+import path3 from "path";
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/lib/config.ts
+import { readFile, writeFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
+import path from "path";
+import os from "os";
+
+// src/lib/secure-files.ts
+import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmod, mkdir } from "fs/promises";
+var PRIVATE_DIR_MODE = 448;
+var PRIVATE_FILE_MODE = 384;
+async function ensurePrivateDir(dirPath) {
+  await mkdir(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    await chmod(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+async function enforcePrivateFile(filePath) {
+  try {
+    await chmod(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+
+// src/lib/config.ts
+function resolveDataDir() {
+  if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
+  if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
+  const newDir = path.join(os.homedir(), ".exe-os");
+  const legacyDir = path.join(os.homedir(), ".exe-mem");
+  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
+    try {
+      renameSync(legacyDir, newDir);
+      process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
+`);
+    } catch {
+      return legacyDir;
+    }
+  }
+  return newDir;
+}
+var EXE_AI_DIR = resolveDataDir();
+var DB_PATH = path.join(EXE_AI_DIR, "memories.db");
+var MODELS_DIR = path.join(EXE_AI_DIR, "models");
+var CONFIG_PATH = path.join(EXE_AI_DIR, "config.json");
+var LEGACY_LANCE_PATH = path.join(EXE_AI_DIR, "local.lance");
+var CURRENT_CONFIG_VERSION = 1;
+var DEFAULT_CONFIG = {
+  config_version: CURRENT_CONFIG_VERSION,
+  dbPath: DB_PATH,
+  modelFile: "jina-embeddings-v5-small-q4_k_m.gguf",
+  embeddingDim: 1024,
+  batchSize: 20,
+  flushIntervalMs: 1e4,
+  autoIngestion: true,
+  autoRetrieval: true,
+  searchMode: "hybrid",
+  hookSearchMode: "hybrid",
+  fileGrepEnabled: true,
+  splashEffect: true,
+  consolidationEnabled: true,
+  consolidationIntervalMs: 6 * 60 * 60 * 1e3,
+  consolidationModel: "claude-haiku-4-5-20251001",
+  consolidationMaxCallsPerRun: 20,
+  selfQueryRouter: true,
+  selfQueryModel: "claude-haiku-4-5-20251001",
+  rerankerEnabled: true,
+  scalingRoadmap: {
+    rerankerAutoTrigger: {
+      enabled: true,
+      broadQueryMinCardinality: 5e4,
+      fetchTopK: 200,
+      returnTopK: 20
+    }
+  },
+  graphRagEnabled: true,
+  wikiEnabled: false,
+  wikiUrl: "",
+  wikiApiKey: "",
+  wikiSyncIntervalMs: 30 * 60 * 1e3,
+  wikiWorkspaceMapping: {},
+  wikiAutoUpdate: true,
+  wikiAutoUpdateThreshold: 0.5,
+  wikiAutoUpdateCreateNew: true,
+  skillLearning: true,
+  skillThreshold: 3,
+  skillModel: "claude-haiku-4-5-20251001",
+  exeHeartbeat: {
+    enabled: true,
+    intervalSeconds: 60,
+    staleInProgressThresholdHours: 2
+  },
+  sessionLifecycle: {
+    idleKillEnabled: true,
+    idleKillTicksRequired: 3,
+    idleKillIntercomAckWindowMs: 1e4,
+    maxAutoInstances: 10
+  },
+  autoUpdate: {
+    checkOnBoot: true,
+    autoInstall: false,
+    checkIntervalMs: 24 * 60 * 60 * 1e3
+  },
+  support: {
+    bugReportEndpoint: "https://askexe.com/v1/support/bug-reports"
+  },
+  orchestration: {
+    phase: "phase_1_coo",
+    phaseSetBy: "default"
+  }
+};
+function migrateLegacyConfig(raw) {
+  if ("r2" in raw) {
+    process.stderr.write(
+      "[exe-os] Warning: config.json contains deprecated 'r2' field from v1.0. R2 sync has been replaced in v1.1. The 'r2' field will be ignored.\n"
+    );
+    delete raw.r2;
+  }
+  if ("syncIntervalMs" in raw) {
+    delete raw.syncIntervalMs;
+  }
+  return raw;
+}
+var CONFIG_MIGRATIONS = [
+  {
+    from: 0,
+    to: 1,
+    migrate: (cfg) => {
+      cfg.config_version = 1;
+      return cfg;
+    }
+  }
+];
+function migrateConfig(raw) {
+  const fromVersion = typeof raw.config_version === "number" ? raw.config_version : 0;
+  let currentVersion = fromVersion;
+  let migrated = false;
+  if (currentVersion > CURRENT_CONFIG_VERSION) {
+    return { config: raw, migrated: false, fromVersion };
+  }
+  for (const migration of CONFIG_MIGRATIONS) {
+    if (currentVersion === migration.from && migration.to <= CURRENT_CONFIG_VERSION) {
+      raw = migration.migrate(raw);
+      currentVersion = migration.to;
+      migrated = true;
+    }
+  }
+  return { config: raw, migrated, fromVersion };
+}
+function normalizeScalingRoadmap(raw) {
+  const defaultAuto = DEFAULT_CONFIG.scalingRoadmap.rerankerAutoTrigger;
+  const userRoadmap = raw.scalingRoadmap ?? {};
+  const userAuto = userRoadmap.rerankerAutoTrigger ?? {};
+  if (userAuto.enabled === void 0 && raw.rerankerEnabled !== void 0) {
+    userAuto.enabled = raw.rerankerEnabled;
+  }
+  raw.scalingRoadmap = {
+    ...userRoadmap,
+    rerankerAutoTrigger: { ...defaultAuto, ...userAuto }
+  };
+}
+function normalizeSessionLifecycle(raw) {
+  const defaultSL = DEFAULT_CONFIG.sessionLifecycle;
+  const userSL = raw.sessionLifecycle ?? {};
+  raw.sessionLifecycle = { ...defaultSL, ...userSL };
+}
+function normalizeAutoUpdate(raw) {
+  const defaultAU = DEFAULT_CONFIG.autoUpdate;
+  const userAU = raw.autoUpdate ?? {};
+  raw.autoUpdate = { ...defaultAU, ...userAU };
+}
+function normalizeOrchestration(raw) {
+  const defaultOrg = DEFAULT_CONFIG.orchestration;
+  const userOrg = raw.orchestration ?? {};
+  raw.orchestration = { ...defaultOrg, ...userOrg };
+}
+async function loadConfig() {
+  const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
+  await ensurePrivateDir(dir);
+  const configPath = path.join(dir, "config.json");
+  if (!existsSync2(configPath)) {
+    return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
+  }
+  const raw = await readFile(configPath, "utf-8");
+  try {
+    let parsed = JSON.parse(raw);
+    parsed = migrateLegacyConfig(parsed);
+    const { config: migratedCfg, migrated, fromVersion } = migrateConfig(parsed);
+    if (migrated) {
+      process.stderr.write(`[exe-os] Config migrated from v${fromVersion} to v${migratedCfg.config_version}
+`);
+      try {
+        await writeFile(configPath, JSON.stringify(migratedCfg, null, 2) + "\n");
+        await enforcePrivateFile(configPath);
+      } catch {
+      }
+    }
+    normalizeScalingRoadmap(migratedCfg);
+    normalizeSessionLifecycle(migratedCfg);
+    normalizeAutoUpdate(migratedCfg);
+    normalizeOrchestration(migratedCfg);
+    const config = { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db"), ...migratedCfg };
+    if (config.dbPath.startsWith("~")) {
+      config.dbPath = config.dbPath.replace(/^~/, os.homedir());
+    }
+    const envDbPath = path.join(dir, "memories.db");
+    if (process.env.EXE_OS_DIR && config.dbPath !== envDbPath && !existsSync2(config.dbPath) && existsSync2(envDbPath)) {
+      config.dbPath = envDbPath;
+    }
+    return config;
+  } catch {
+    return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
+  }
+}
+
+// src/lib/license.ts
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
+import { randomUUID } from "crypto";
+import { createRequire } from "module";
+import { pathToFileURL } from "url";
+import os2 from "os";
+import path2 from "path";
+import { jwtVerify, importSPKI } from "jose";
+var LICENSE_PATH = path2.join(EXE_AI_DIR, "license.key");
+var CACHE_PATH = path2.join(EXE_AI_DIR, "license-cache.json");
+var DEVICE_ID_PATH = path2.join(EXE_AI_DIR, "device-id");
+function loadLicense() {
+  try {
+    if (!existsSync3(LICENSE_PATH)) return null;
+    return readFileSync2(LICENSE_PATH, "utf8").trim();
+  } catch {
+    return null;
+  }
+}
+function readCachedLicenseToken() {
+  try {
+    if (!existsSync3(CACHE_PATH)) return null;
+    const raw = JSON.parse(readFileSync2(CACHE_PATH, "utf8"));
+    return typeof raw.token === "string" ? raw.token : null;
+  } catch {
+    return null;
+  }
+}
+
+// src/bin/exe-support.ts
+var DEFAULT_BUG_ENDPOINT = "https://askexe.com/v1/support/bug-reports";
+var DEFAULT_ADMIN_ENDPOINT = "https://askexe.com/admin/support/bug-reports";
+async function main(argv = process.argv.slice(2)) {
+  const command = argv[0] && !argv[0].startsWith("--") ? argv[0] : "health";
+  const json = argv.includes("--json");
+  const project = getArg(argv, "--project") ?? "support-smoke";
+  if (command === "help" || argv.includes("--help") || argv.includes("-h")) {
+    printHelp();
+    return;
+  }
+  if (command === "health") {
+    const result = await runHealth();
+    output(result, json, "health");
+    process.exitCode = hasFailures(result) ? 1 : 0;
+    return;
+  }
+  if (command === "test") {
+    const result = await runTest(project);
+    output(result, json, "test");
+    process.exitCode = hasFailures(result) ? 1 : 0;
+    return;
+  }
+  console.error("Usage: exe-os support health|test [--project <name>] [--json]");
+  process.exitCode = 1;
+}
+async function runHealth() {
+  const checks = [];
+  const endpoints = await resolveEndpoints();
+  checks.push(checkLocalWrite());
+  checks.push({
+    check: "license_key_present",
+    level: loadLicense() ? "pass" : "fail",
+    detail: loadLicense() ? "license.key found" : "missing ~/.exe-os/license.key; run exe-os setup or exe-os cloud setup",
+    next: loadLicense() ? void 0 : "Run `exe-os setup` or ask AskExe for the customer license key."
+  });
+  checks.push({
+    check: "license_token_cached",
+    level: readCachedLicenseToken() ? "pass" : "warn",
+    detail: readCachedLicenseToken() ? "cached license token found" : "no cached token yet; support can still use license.key",
+    next: readCachedLicenseToken() ? void 0 : "This is OK if license.key exists. It refreshes after cloud/license validation."
+  });
+  try {
+    const res = await fetch(endpoints.healthEndpoint, { method: "GET", signal: AbortSignal.timeout(1e4) });
+    const body = await safeJson(res);
+    checks.push({
+      check: "support_health_endpoint",
+      level: res.ok && body?.status !== "down" ? "pass" : "fail",
+      detail: `${res.status} ${body?.status ?? res.statusText}`,
+      next: res.ok ? void 0 : "Check internet access, DNS, or AskExe support status."
+    });
+    for (const remote of body?.checks ?? []) {
+      const name = remote.name ?? "unknown";
+      checks.push({
+        check: `server_${name}`,
+        level: remote.ok === true ? "pass" : name === "admin_inbox_configured" ? "warn" : "fail",
+        detail: remote.detail ?? (remote.ok ? "ok" : "failed"),
+        next: remote.ok ? void 0 : "AskExe must fix this server-side."
+      });
+    }
+  } catch (err) {
+    checks.push({
+      check: "support_health_endpoint",
+      level: "fail",
+      detail: err instanceof Error ? err.message : String(err),
+      next: "Check internet access, then run `exe-os support health` again."
+    });
+  }
+  return checks;
+}
+async function runTest(project) {
+  const checks = await runHealth();
+  const endpoints = await resolveEndpoints();
+  const licenseKey = loadLicense();
+  const licenseToken = readCachedLicenseToken();
+  const id = randomUUID2();
+  const version = readPackageVersion();
+  const reportPath = writeLocalTestReport(id, project, version);
+  checks.push({ check: "local_report_file", level: "pass", detail: reportPath });
+  if (!licenseKey && !licenseToken) {
+    checks.push({
+      check: "upstream_post",
+      level: "fail",
+      detail: "not sent because this device has no license key/token",
+      next: "Run `exe-os setup` or ask AskExe to provision this customer device."
+    });
+    return checks;
+  }
+  const payload = {
+    id,
+    title: `TEST \u2014 ${project} support intake (${version})`,
+    classification: "unclear",
+    severity: "p3",
+    summary: "Synthetic exe-os support intake smoke test. Safe to close.",
+    customer_impact: "No customer impact; diagnostic only.",
+    reproduction_steps: ["Run exe-os support test"],
+    expected: "The report reaches AskExe support intake and can be triaged.",
+    actual: "Smoke test submitted by exe-os support test.",
+    package_version: `@askexenow/exe-os@${version}`,
+    project_name: project,
+    agent_id: "support-test",
+    agent_role: "diagnostic",
+    report_path: reportPath,
+    markdown: readFileSync3(reportPath, "utf8")
+  };
+  try {
+    const headers = { "content-type": "application/json" };
+    if (licenseKey) headers["x-exe-license-key"] = licenseKey;
+    if (licenseToken) headers["x-exe-license-token"] = licenseToken;
+    const res = await fetch(endpoints.bugEndpoint, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(payload),
+      signal: AbortSignal.timeout(15e3)
+    });
+    const data = await safeJson(res);
+    checks.push({
+      check: "upstream_post",
+      level: res.ok ? "pass" : "fail",
+      detail: res.ok ? `sent id=${String(data?.id ?? id)}` : summarizeHttpFailure(res.status, data),
+      next: res.ok ? void 0 : nextForPostFailure(res.status)
+    });
+    if (res.ok) {
+      checks.push(await maybeCloseAdmin(String(data?.id ?? id), endpoints.adminEndpoint, version));
+    }
+  } catch (err) {
+    checks.push({
+      check: "upstream_post",
+      level: "fail",
+      detail: err instanceof Error ? err.message : String(err),
+      next: "Check internet access, then run `exe-os support test` again."
+    });
+  }
+  return checks;
+}
+async function resolveEndpoints() {
+  const config = await loadConfig();
+  const bugEndpoint = process.env.EXE_SUPPORT_BUG_REPORT_ENDPOINT ?? config.support?.bugReportEndpoint ?? DEFAULT_BUG_ENDPOINT;
+  const healthEndpoint = process.env.EXE_SUPPORT_HEALTH_ENDPOINT ?? bugEndpoint.replace(/\/bug-reports\/?$/, "/health");
+  const adminEndpoint = process.env.ASKEXE_SUPPORT_ADMIN_ENDPOINT ?? process.env.EXE_SUPPORT_ADMIN_ENDPOINT ?? DEFAULT_ADMIN_ENDPOINT;
+  return { bugEndpoint, healthEndpoint, adminEndpoint };
+}
+function checkLocalWrite() {
+  const dir = path3.join(EXE_AI_DIR, "bug-reports");
+  const testPath = path3.join(dir, ".support-write-test");
+  try {
+    mkdirSync3(dir, { recursive: true, mode: 448 });
+    writeFileSync2(testPath, "ok\n", { mode: 384 });
+    unlinkSync(testPath);
+    return { check: "local_bug_report_dir_writable", level: "pass", detail: dir };
+  } catch (err) {
+    return {
+      check: "local_bug_report_dir_writable",
+      level: "fail",
+      detail: err instanceof Error ? err.message : String(err),
+      next: "Fix permissions on ~/.exe-os or rerun setup on a writable user account."
+    };
+  }
+}
+function writeLocalTestReport(id, project, version) {
+  const dir = path3.join(EXE_AI_DIR, "bug-reports");
+  mkdirSync3(dir, { recursive: true, mode: 448 });
+  const date = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  const filePath = path3.join(dir, `${date}-support-intake-test-${id.slice(0, 8)}.md`);
+  writeFileSync2(filePath, `# TEST \u2014 ${project} support intake
+
+Report ID: ${id}
+Package: @askexenow/exe-os@${version}
+
+Synthetic smoke test from \`exe-os support test\`. Safe to close.
+`, { mode: 384 });
+  return filePath;
+}
+async function maybeCloseAdmin(id, adminEndpoint, version) {
+  const token = process.env.ASKEXE_SUPPORT_ADMIN_TOKEN ?? process.env.EXE_SUPPORT_ADMIN_TOKEN;
+  if (!token) {
+    return { check: "askexe_admin_autoclose", level: "warn", detail: "skipped; admin token is AskExe-only" };
+  }
+  try {
+    const res = await fetch(`${adminEndpoint}/${encodeURIComponent(id)}`, {
+      method: "PATCH",
+      headers: { authorization: `Bearer ${token}`, "content-type": "application/json" },
+      body: JSON.stringify({
+        status: "closed",
+        triage_notes: "Auto-closed synthetic support smoke test.",
+        fixed_version: version
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    return {
+      check: "askexe_admin_autoclose",
+      level: res.ok ? "pass" : "warn",
+      detail: res.ok ? "closed" : `${res.status} ${await res.text()}`,
+      next: res.ok ? void 0 : "Report was sent; AskExe can close the smoke report manually."
+    };
+  } catch (err) {
+    return {
+      check: "askexe_admin_autoclose",
+      level: "warn",
+      detail: err instanceof Error ? err.message : String(err),
+      next: "Report was sent; AskExe can close the smoke report manually."
+    };
+  }
+}
+function readPackageVersion() {
+  let dir = path3.dirname(new URL(import.meta.url).pathname);
+  for (let i = 0; i < 6; i++) {
+    const pkg = path3.join(dir, "package.json");
+    try {
+      const parsed = JSON.parse(readFileSync3(pkg, "utf8"));
+      if (parsed.version) return parsed.version;
+    } catch {
+    }
+    dir = path3.dirname(dir);
+  }
+  return "unknown";
+}
+async function safeJson(res) {
+  try {
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+function getArg(argv, name) {
+  const idx = argv.indexOf(name);
+  if (idx >= 0) return argv[idx + 1];
+  const prefix = `${name}=`;
+  const found = argv.find((arg) => arg.startsWith(prefix));
+  return found?.slice(prefix.length);
+}
+function hasFailures(rows) {
+  return rows.some((row) => row.level === "fail");
+}
+function summarizeHttpFailure(status, data) {
+  const error = data?.error;
+  return `${status} ${error?.message ?? JSON.stringify(data)}`;
+}
+function nextForPostFailure(status) {
+  if (status === 401) return "License credentials were not sent. Run `exe-os support health` and check license_key_present.";
+  if (status === 403) return "License is valid locally but not accepted by support intake. AskExe must check server-side license provisioning.";
+  if (status >= 500) return "AskExe support intake is unhealthy server-side. Try again shortly and report the local file path.";
+  return "Run `exe-os support health`; if it passes, send this output to AskExe.";
+}
+function printHelp() {
+  console.log(`
+exe-os support
+
+Customer-safe diagnostics for AskExe bug-report intake.
+
+Commands:
+  exe-os support health              Check local setup + AskExe support server health
+  exe-os support test --project hygo Send a safe smoke report end-to-end
+
+What success means:
+  health = this device looks ready
+  test   = AskExe received a real report from this device
+`);
+}
+function output(rows, json, command) {
+  if (json) {
+    console.log(JSON.stringify({ ok: !hasFailures(rows), checks: rows }, null, 2));
+    return;
+  }
+  console.log(`
+exe-os support ${command}
+`);
+  for (const row of rows) {
+    const icon = row.level === "pass" ? "\u2705" : row.level === "warn" ? "\u26A0\uFE0F " : "\u274C";
+    console.log(`${icon} ${row.check}: ${row.detail}`);
+    if (row.next) console.log(`   \u2192 ${row.next}`);
+  }
+  console.log("");
+  if (hasFailures(rows)) {
+    console.log("Result: not ready. Fix the failed item(s), then rerun this command.");
+  } else if (rows.some((row) => row.level === "warn")) {
+    console.log("Result: ready with warnings. Bug reports can be sent; warnings are informational unless AskExe asked for stricter validation.");
+  } else {
+    console.log(command === "test" ? "Result: ready. AskExe received the test report." : "Result: ready. Run `exe-os support test --project <customer>` for an end-to-end send test.");
+  }
+  console.log("");
+}
+export {
+  main
+};

package/dist/bin/exe-team.js

@@ -4145,7 +4145,7 @@ var init_platform_procedures = __esm({
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
         priority: "p0",
-        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
+        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, run `exe-os support test` and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
       // --- Operations ---
       {
@@ -4227,7 +4227,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only. If a customer-side agent cannot send upstream, run `exe-os support test` from the terminal to verify local file write, license auth, support endpoint health, and upstream POST."
       },
       {
         title: "MCP tools \u2014 communication and messaging",

package/dist/bin/git-sweep.js

@@ -7850,7 +7850,7 @@ var init_platform_procedures = __esm({
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
         priority: "p0",
-        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
+        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, run `exe-os support test` and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
       // --- Operations ---
       {
@@ -7932,7 +7932,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only. If a customer-side agent cannot send upstream, run `exe-os support test` from the terminal to verify local file write, license auth, support endpoint health, and upstream POST."
       },
       {
         title: "MCP tools \u2014 communication and messaging",

package/dist/bin/graph-backfill.js

@@ -3362,7 +3362,7 @@ var init_platform_procedures = __esm({
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
         priority: "p0",
-        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
+        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, run `exe-os support test` and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
       // --- Operations ---
       {
@@ -3444,7 +3444,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only. If a customer-side agent cannot send upstream, run `exe-os support test` from the terminal to verify local file write, license auth, support endpoint health, and upstream POST."
       },
       {
         title: "MCP tools \u2014 communication and messaging",

package/dist/bin/graph-export.js

@@ -4134,7 +4134,7 @@ var init_platform_procedures = __esm({
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
         priority: "p0",
-        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
+        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, run `exe-os support test` and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
       // --- Operations ---
       {
@@ -4216,7 +4216,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only. If a customer-side agent cannot send upstream, run `exe-os support test` from the terminal to verify local file write, license auth, support endpoint health, and upstream POST."
       },
       {
         title: "MCP tools \u2014 communication and messaging",

package/dist/bin/intercom-check.js

@@ -4243,7 +4243,7 @@ var init_platform_procedures = __esm({
         title: "Customer patch triage \u2014 upstream bug vs customization",
         domain: "support",
         priority: "p0",
-        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
+        content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, run `exe-os support test` and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
       // --- Operations ---
       {
@@ -4325,7 +4325,7 @@ var init_platform_procedures = __esm({
         title: "MCP tools \u2014 identity, behavior, and decisions",
         domain: "tool-use",
         priority: "p1",
-        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only."
+        content: "get_identity: read an agent's exe.md (Layer 1 identity). update_identity: write an agent's exe.md. Identity > behavior \u2014 use for permanent rules. store_behavior: record a correction or pattern for an agent (Layer 2 expertise). list_behaviors: view an agent's active behaviors. deactivate_behavior: soft-delete a stale or conflicting behavior. store_decision: record an ADR (architectural decision record). get_decision: retrieve a past decision by query. create_bug_report: customer-facing bug/support intake; use whenever an Exe OS bug or emergency hotfix is encountered so the report reaches AskExe directly. Customers only get report access; internal list/get/triage support tools are AskExe-only. If a customer-side agent cannot send upstream, run `exe-os support test` from the terminal to verify local file write, license auth, support endpoint health, and upstream POST."
       },
       {
         title: "MCP tools \u2014 communication and messaging",