@askexenow/exe-os 0.9.8 → 0.9.9

package/dist/lib/embedder.js

@@ -8,6 +8,44 @@ var __export = (target, all) => {
     __defProp(target, name, { get: all[name], enumerable: true });
 };
 
+// src/lib/secure-files.ts
+import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmod, mkdir } from "fs/promises";
+async function ensurePrivateDir(dirPath) {
+  await mkdir(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    await chmod(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+function ensurePrivateDirSync(dirPath) {
+  mkdirSync(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    chmodSync(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+async function enforcePrivateFile(filePath) {
+  try {
+    await chmod(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+function enforcePrivateFileSync(filePath) {
+  try {
+    if (existsSync(filePath)) chmodSync(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+var PRIVATE_DIR_MODE, PRIVATE_FILE_MODE;
+var init_secure_files = __esm({
+  "src/lib/secure-files.ts"() {
+    "use strict";
+    PRIVATE_DIR_MODE = 448;
+    PRIVATE_FILE_MODE = 384;
+  }
+});
+
 // src/lib/config.ts
 var config_exports = {};
 __export(config_exports, {
@@ -24,8 +62,8 @@ __export(config_exports, {
   migrateConfig: () => migrateConfig,
   saveConfig: () => saveConfig
 });
-import { readFile, writeFile, mkdir, chmod } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
+import { readFile, writeFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
 import path from "path";
 import os from "os";
 function resolveDataDir() {
@@ -33,7 +71,7 @@ function resolveDataDir() {
   if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
   const newDir = path.join(os.homedir(), ".exe-os");
   const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
+  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
     try {
       renameSync(legacyDir, newDir);
       process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
@@ -96,9 +134,9 @@ function normalizeAutoUpdate(raw) {
 }
 async function loadConfig() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await mkdir(dir, { recursive: true });
+  await ensurePrivateDir(dir);
   const configPath = path.join(dir, "config.json");
-  if (!existsSync(configPath)) {
+  if (!existsSync2(configPath)) {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
   }
   const raw = await readFile(configPath, "utf-8");
@@ -111,6 +149,7 @@ async function loadConfig() {
 `);
       try {
         await writeFile(configPath, JSON.stringify(migratedCfg, null, 2) + "\n");
+        await enforcePrivateFile(configPath);
       } catch {
       }
     }
@@ -129,7 +168,7 @@ async function loadConfig() {
 function loadConfigSync() {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
   const configPath = path.join(dir, "config.json");
-  if (!existsSync(configPath)) {
+  if (!existsSync2(configPath)) {
     return { ...DEFAULT_CONFIG, dbPath: path.join(dir, "memories.db") };
   }
   try {
@@ -147,12 +186,10 @@ function loadConfigSync() {
 }
 async function saveConfig(config) {
   const dir = process.env.EXE_OS_DIR ?? process.env.EXE_MEM_DIR ?? EXE_AI_DIR;
-  await mkdir(dir, { recursive: true });
+  await ensurePrivateDir(dir);
   const configPath = path.join(dir, "config.json");
   await writeFile(configPath, JSON.stringify(config, null, 2) + "\n");
-  if (config.cloud?.apiKey) {
-    await chmod(configPath, 384);
-  }
+  await enforcePrivateFile(configPath);
 }
 async function loadConfigFrom(configPath) {
   const raw = await readFile(configPath, "utf-8");
@@ -172,6 +209,7 @@ var EXE_AI_DIR, DB_PATH, MODELS_DIR, CONFIG_PATH, LEGACY_LANCE_PATH, CURRENT_CON
 var init_config = __esm({
   "src/lib/config.ts"() {
     "use strict";
+    init_secure_files();
     EXE_AI_DIR = resolveDataDir();
     DB_PATH = path.join(EXE_AI_DIR, "memories.db");
     MODELS_DIR = path.join(EXE_AI_DIR, "models");
@@ -257,15 +295,49 @@ import net from "net";
 import os2 from "os";
 import { spawn } from "child_process";
 import { randomUUID } from "crypto";
-import { existsSync as existsSync2, unlinkSync, readFileSync as readFileSync2, openSync, closeSync, statSync } from "fs";
-import path2 from "path";
+import { existsSync as existsSync4, unlinkSync, readFileSync as readFileSync3, openSync, closeSync, statSync } from "fs";
+import path3 from "path";
 import { fileURLToPath } from "url";
-var SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path2.join(EXE_AI_DIR, "exed.sock");
-var PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path2.join(EXE_AI_DIR, "exed.pid");
-var SPAWN_LOCK_PATH = path2.join(EXE_AI_DIR, "exed-spawn.lock");
+
+// src/lib/daemon-auth.ts
+init_config();
+init_secure_files();
+import crypto from "crypto";
+import path2 from "path";
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync } from "fs";
+var DAEMON_TOKEN_PATH = path2.join(EXE_AI_DIR, "exed.token");
+function normalizeToken(token) {
+  if (!token) return null;
+  const trimmed = token.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function readDaemonToken() {
+  try {
+    if (!existsSync3(DAEMON_TOKEN_PATH)) return null;
+    return normalizeToken(readFileSync2(DAEMON_TOKEN_PATH, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function ensureDaemonToken(seed) {
+  const existing = readDaemonToken();
+  if (existing) return existing;
+  const token = normalizeToken(seed) ?? crypto.randomBytes(32).toString("hex");
+  ensurePrivateDirSync(EXE_AI_DIR);
+  writeFileSync(DAEMON_TOKEN_PATH, `${token}
+`, "utf8");
+  enforcePrivateFileSync(DAEMON_TOKEN_PATH);
+  return token;
+}
+
+// src/lib/exe-daemon-client.ts
+var SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path3.join(EXE_AI_DIR, "exed.sock");
+var PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path3.join(EXE_AI_DIR, "exed.pid");
+var SPAWN_LOCK_PATH = path3.join(EXE_AI_DIR, "exed-spawn.lock");
 var SPAWN_LOCK_STALE_MS = 3e4;
 var CONNECT_TIMEOUT_MS = 15e3;
 var REQUEST_TIMEOUT_MS = 3e4;
+var DAEMON_TOKEN_ENV = "EXE_DAEMON_TOKEN";
 var _socket = null;
 var _connected = false;
 var _buffer = "";
@@ -303,9 +375,9 @@ function handleData(chunk) {
   }
 }
 function cleanupStaleFiles() {
-  if (existsSync2(PID_PATH)) {
+  if (existsSync4(PID_PATH)) {
     try {
-      const pid = parseInt(readFileSync2(PID_PATH, "utf8").trim(), 10);
+      const pid = parseInt(readFileSync3(PID_PATH, "utf8").trim(), 10);
       if (pid > 0) {
         try {
           process.kill(pid, 0);
@@ -326,11 +398,11 @@ function cleanupStaleFiles() {
   }
 }
 function findPackageRoot() {
-  let dir = path2.dirname(fileURLToPath(import.meta.url));
-  const { root } = path2.parse(dir);
+  let dir = path3.dirname(fileURLToPath(import.meta.url));
+  const { root } = path3.parse(dir);
   while (dir !== root) {
-    if (existsSync2(path2.join(dir, "package.json"))) return dir;
-    dir = path2.dirname(dir);
+    if (existsSync4(path3.join(dir, "package.json"))) return dir;
+    dir = path3.dirname(dir);
   }
   return null;
 }
@@ -356,16 +428,17 @@ function spawnDaemon() {
     process.stderr.write("[exed-client] WARN: cannot find package root\n");
     return;
   }
-  const daemonPath = path2.join(pkgRoot, "dist", "lib", "exe-daemon.js");
-  if (!existsSync2(daemonPath)) {
+  const daemonPath = path3.join(pkgRoot, "dist", "lib", "exe-daemon.js");
+  if (!existsSync4(daemonPath)) {
     process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
 `);
     return;
   }
   const resolvedPath = daemonPath;
+  const daemonToken = ensureDaemonToken(process.env[DAEMON_TOKEN_ENV] ?? null);
   process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
 `);
-  const logPath = path2.join(path2.dirname(SOCKET_PATH), "exed.log");
+  const logPath = path3.join(path3.dirname(SOCKET_PATH), "exed.log");
   let stderrFd = "ignore";
   try {
     stderrFd = openSync(logPath, "a");
@@ -383,7 +456,8 @@ function spawnDaemon() {
       TMUX_PANE: void 0,
       // Prevents resolveExeSession() from scoping to one session
       EXE_DAEMON_SOCK: SOCKET_PATH,
-      EXE_DAEMON_PID: PID_PATH
+      EXE_DAEMON_PID: PID_PATH,
+      [DAEMON_TOKEN_ENV]: daemonToken
     }
   });
   child.unref();
@@ -493,13 +567,14 @@ function sendDaemonRequest(payload, timeoutMs = REQUEST_TIMEOUT_MS) {
       return;
     }
     const id = randomUUID();
+    const token = process.env[DAEMON_TOKEN_ENV] ?? readDaemonToken();
     const timer = setTimeout(() => {
       _pending.delete(id);
       resolve({ error: "Request timeout" });
     }, timeoutMs);
     _pending.set(id, { resolve, timer });
     try {
-      _socket.write(JSON.stringify({ id, ...payload }) + "\n");
+      _socket.write(JSON.stringify({ id, token, ...payload }) + "\n");
     } catch {
       clearTimeout(timer);
       _pending.delete(id);
@@ -528,9 +603,9 @@ function killAndRespawnDaemon() {
   }
   try {
     process.stderr.write("[exed-client] Killing daemon for restart...\n");
-    if (existsSync2(PID_PATH)) {
+    if (existsSync4(PID_PATH)) {
       try {
-        const pid = parseInt(readFileSync2(PID_PATH, "utf8").trim(), 10);
+        const pid = parseInt(readFileSync3(PID_PATH, "utf8").trim(), 10);
         if (pid > 0) {
           try {
             process.kill(pid, "SIGKILL");
@@ -678,10 +753,10 @@ async function disposeEmbedder() {
 async function embedDirect(text) {
   const llamaCpp = await import("node-llama-cpp");
   const { MODELS_DIR: MODELS_DIR2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-  const { existsSync: existsSync3 } = await import("fs");
-  const path3 = await import("path");
-  const modelPath = path3.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
-  if (!existsSync3(modelPath)) {
+  const { existsSync: existsSync5 } = await import("fs");
+  const path4 = await import("path");
+  const modelPath = path4.join(MODELS_DIR2, "jina-embeddings-v5-small-q4_k_m.gguf");
+  if (!existsSync5(modelPath)) {
     throw new Error(`Embedding model not found at ${modelPath}. Run '/exe-setup' to download it.`);
   }
   const llama = await llamaCpp.getLlama();

package/dist/lib/employee-templates.js

@@ -3,9 +3,18 @@ var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
 
+// src/lib/secure-files.ts
+import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmod, mkdir } from "fs/promises";
+var init_secure_files = __esm({
+  "src/lib/secure-files.ts"() {
+    "use strict";
+  }
+});
+
 // src/lib/config.ts
-import { readFile, writeFile, mkdir, chmod } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
+import { readFile, writeFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
 import path from "path";
 import os from "os";
 function resolveDataDir() {
@@ -13,7 +22,7 @@ function resolveDataDir() {
   if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
   const newDir = path.join(os.homedir(), ".exe-os");
   const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
+  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
     try {
       renameSync(legacyDir, newDir);
       process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
@@ -28,6 +37,7 @@ var EXE_AI_DIR, DB_PATH, MODELS_DIR, CONFIG_PATH, LEGACY_LANCE_PATH, CURRENT_CON
 var init_config = __esm({
   "src/lib/config.ts"() {
     "use strict";
+    init_secure_files();
     EXE_AI_DIR = resolveDataDir();
     DB_PATH = path.join(EXE_AI_DIR, "memories.db");
     MODELS_DIR = path.join(EXE_AI_DIR, "models");
@@ -103,7 +113,7 @@ import { createClient } from "@libsql/client";
 // src/lib/employees.ts
 init_config();
 import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { existsSync as existsSync2, symlinkSync, readlinkSync, readFileSync as readFileSync2, renameSync as renameSync2, unlinkSync, writeFileSync } from "fs";
+import { existsSync as existsSync3, symlinkSync, readlinkSync, readFileSync as readFileSync2, renameSync as renameSync2, unlinkSync, writeFileSync } from "fs";
 import { execSync } from "child_process";
 import path2 from "path";
 import os2 from "os";

package/dist/lib/employees.js

@@ -8,9 +8,34 @@ var __export = (target, all) => {
     __defProp(target, name, { get: all[name], enumerable: true });
 };
 
+// src/lib/secure-files.ts
+import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmod, mkdir } from "fs/promises";
+function ensurePrivateDirSync(dirPath) {
+  mkdirSync(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    chmodSync(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+function enforcePrivateFileSync(filePath) {
+  try {
+    if (existsSync(filePath)) chmodSync(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+var PRIVATE_DIR_MODE, PRIVATE_FILE_MODE;
+var init_secure_files = __esm({
+  "src/lib/secure-files.ts"() {
+    "use strict";
+    PRIVATE_DIR_MODE = 448;
+    PRIVATE_FILE_MODE = 384;
+  }
+});
+
 // src/lib/config.ts
-import { readFile, writeFile, mkdir, chmod } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
+import { readFile, writeFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
 import path from "path";
 import os from "os";
 function resolveDataDir() {
@@ -18,7 +43,7 @@ function resolveDataDir() {
   if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
   const newDir = path.join(os.homedir(), ".exe-os");
   const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
+  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
     try {
       renameSync(legacyDir, newDir);
       process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
@@ -33,6 +58,7 @@ var EXE_AI_DIR, DB_PATH, MODELS_DIR, CONFIG_PATH, LEGACY_LANCE_PATH, CURRENT_CON
 var init_config = __esm({
   "src/lib/config.ts"() {
     "use strict";
+    init_secure_files();
     EXE_AI_DIR = resolveDataDir();
     DB_PATH = path.join(EXE_AI_DIR, "memories.db");
     MODELS_DIR = path.join(EXE_AI_DIR, "models");
@@ -139,10 +165,10 @@ __export(agent_config_exports, {
   saveAgentConfig: () => saveAgentConfig,
   setAgentRuntime: () => setAgentRuntime
 });
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2, mkdirSync } from "fs";
+import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync3 } from "fs";
 import path2 from "path";
 function loadAgentConfig() {
-  if (!existsSync2(AGENT_CONFIG_PATH)) return {};
+  if (!existsSync3(AGENT_CONFIG_PATH)) return {};
   try {
     return JSON.parse(readFileSync2(AGENT_CONFIG_PATH, "utf-8"));
   } catch {
@@ -151,8 +177,9 @@ function loadAgentConfig() {
 }
 function saveAgentConfig(config) {
   const dir = path2.dirname(AGENT_CONFIG_PATH);
-  if (!existsSync2(dir)) mkdirSync(dir, { recursive: true });
+  ensurePrivateDirSync(dir);
   writeFileSync(AGENT_CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", "utf-8");
+  enforcePrivateFileSync(AGENT_CONFIG_PATH);
 }
 function getAgentRuntime(agentId) {
   const config = loadAgentConfig();
@@ -192,6 +219,7 @@ var init_agent_config = __esm({
     "use strict";
     init_config();
     init_runtime_table();
+    init_secure_files();
     AGENT_CONFIG_PATH = path2.join(EXE_AI_DIR, "agent-config.json");
     KNOWN_RUNTIMES = {
       claude: ["claude-opus-4", "claude-sonnet-4", "claude-haiku-4.5"],
@@ -214,7 +242,7 @@ var init_agent_config = __esm({
 // src/lib/employees.ts
 init_config();
 import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
-import { existsSync as existsSync3, symlinkSync, readlinkSync, readFileSync as readFileSync3, renameSync as renameSync2, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
+import { existsSync as existsSync4, symlinkSync, readlinkSync, readFileSync as readFileSync3, renameSync as renameSync2, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
 import { execSync } from "child_process";
 import path3 from "path";
 import os2 from "os";
@@ -256,7 +284,7 @@ function validateEmployeeName(name) {
   return { valid: true };
 }
 async function loadEmployees(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync3(employeesPath)) {
+  if (!existsSync4(employeesPath)) {
     return [];
   }
   const raw = await readFile2(employeesPath, "utf-8");
@@ -271,7 +299,7 @@ async function saveEmployees(employees, employeesPath = EMPLOYEES_PATH) {
   await writeFile2(employeesPath, JSON.stringify(employees, null, 2) + "\n", "utf-8");
 }
 function loadEmployeesSync(employeesPath = EMPLOYEES_PATH) {
-  if (!existsSync3(employeesPath)) return [];
+  if (!existsSync4(employeesPath)) return [];
   try {
     return JSON.parse(readFileSync3(employeesPath, "utf-8"));
   } catch {
@@ -322,7 +350,7 @@ function appendToCoordinatorTeam(employee) {
   const coordinator = getCoordinatorEmployee(loadEmployeesSync());
   if (!coordinator) return;
   const idPath = path3.join(IDENTITY_DIR, `${coordinator.name}.md`);
-  if (!existsSync3(idPath)) return;
+  if (!existsSync4(idPath)) return;
   const content = readFileSync3(idPath, "utf-8");
   if (content.includes(`**${capitalize(employee.name)}`)) return;
   const teamMatch = content.match(TEAM_SECTION_RE);
@@ -376,9 +404,9 @@ async function normalizeRosterCase(rosterPath) {
         const identityDir = path3.join(os2.homedir(), ".exe-os", "identity");
         const oldPath = path3.join(identityDir, `${oldName}.md`);
         const newPath = path3.join(identityDir, `${emp.name}.md`);
-        if (existsSync3(oldPath) && !existsSync3(newPath)) {
+        if (existsSync4(oldPath) && !existsSync4(newPath)) {
           renameSync2(oldPath, newPath);
-        } else if (existsSync3(oldPath) && oldPath !== newPath) {
+        } else if (existsSync4(oldPath) && oldPath !== newPath) {
           const content = readFileSync3(oldPath, "utf-8");
           writeFileSync2(newPath, content, "utf-8");
           if (oldPath.toLowerCase() !== newPath.toLowerCase()) {
@@ -421,7 +449,7 @@ function registerBinSymlinks(name) {
   for (const suffix of ["", "-opencode"]) {
     const linkName = `${name}${suffix}`;
     const linkPath = path3.join(binDir, linkName);
-    if (existsSync3(linkPath)) {
+    if (existsSync4(linkPath)) {
       skipped.push(linkName);
       continue;
     }

package/dist/lib/exe-daemon-client.js

@@ -3,21 +3,42 @@ import net from "net";
 import os2 from "os";
 import { spawn } from "child_process";
 import { randomUUID } from "crypto";
-import { existsSync as existsSync2, unlinkSync, readFileSync as readFileSync2, openSync, closeSync, statSync } from "fs";
-import path2 from "path";
+import { existsSync as existsSync4, unlinkSync, readFileSync as readFileSync3, openSync, closeSync, statSync } from "fs";
+import path3 from "path";
 import { fileURLToPath } from "url";
 
 // src/lib/config.ts
-import { readFile, writeFile, mkdir, chmod } from "fs/promises";
-import { readFileSync, existsSync, renameSync } from "fs";
+import { readFile, writeFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync2, renameSync } from "fs";
 import path from "path";
 import os from "os";
+
+// src/lib/secure-files.ts
+import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmod, mkdir } from "fs/promises";
+var PRIVATE_DIR_MODE = 448;
+var PRIVATE_FILE_MODE = 384;
+function ensurePrivateDirSync(dirPath) {
+  mkdirSync(dirPath, { recursive: true, mode: PRIVATE_DIR_MODE });
+  try {
+    chmodSync(dirPath, PRIVATE_DIR_MODE);
+  } catch {
+  }
+}
+function enforcePrivateFileSync(filePath) {
+  try {
+    if (existsSync(filePath)) chmodSync(filePath, PRIVATE_FILE_MODE);
+  } catch {
+  }
+}
+
+// src/lib/config.ts
 function resolveDataDir() {
   if (process.env.EXE_OS_DIR) return process.env.EXE_OS_DIR;
   if (process.env.EXE_MEM_DIR) return process.env.EXE_MEM_DIR;
   const newDir = path.join(os.homedir(), ".exe-os");
   const legacyDir = path.join(os.homedir(), ".exe-mem");
-  if (!existsSync(newDir) && existsSync(legacyDir)) {
+  if (!existsSync2(newDir) && existsSync2(legacyDir)) {
     try {
       renameSync(legacyDir, newDir);
       process.stderr.write(`[exe-os] Migrated data directory: ~/.exe-mem \u2192 ~/.exe-os
@@ -92,13 +113,43 @@ var DEFAULT_CONFIG = {
   }
 };
 
+// src/lib/daemon-auth.ts
+import crypto from "crypto";
+import path2 from "path";
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync } from "fs";
+var DAEMON_TOKEN_PATH = path2.join(EXE_AI_DIR, "exed.token");
+function normalizeToken(token) {
+  if (!token) return null;
+  const trimmed = token.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function readDaemonToken() {
+  try {
+    if (!existsSync3(DAEMON_TOKEN_PATH)) return null;
+    return normalizeToken(readFileSync2(DAEMON_TOKEN_PATH, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function ensureDaemonToken(seed) {
+  const existing = readDaemonToken();
+  if (existing) return existing;
+  const token = normalizeToken(seed) ?? crypto.randomBytes(32).toString("hex");
+  ensurePrivateDirSync(EXE_AI_DIR);
+  writeFileSync(DAEMON_TOKEN_PATH, `${token}
+`, "utf8");
+  enforcePrivateFileSync(DAEMON_TOKEN_PATH);
+  return token;
+}
+
 // src/lib/exe-daemon-client.ts
-var SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path2.join(EXE_AI_DIR, "exed.sock");
-var PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path2.join(EXE_AI_DIR, "exed.pid");
-var SPAWN_LOCK_PATH = path2.join(EXE_AI_DIR, "exed-spawn.lock");
+var SOCKET_PATH = process.env.EXE_DAEMON_SOCK ?? process.env.EXE_EMBED_SOCK ?? path3.join(EXE_AI_DIR, "exed.sock");
+var PID_PATH = process.env.EXE_DAEMON_PID ?? process.env.EXE_EMBED_PID ?? path3.join(EXE_AI_DIR, "exed.pid");
+var SPAWN_LOCK_PATH = path3.join(EXE_AI_DIR, "exed-spawn.lock");
 var SPAWN_LOCK_STALE_MS = 3e4;
 var CONNECT_TIMEOUT_MS = 15e3;
 var REQUEST_TIMEOUT_MS = 3e4;
+var DAEMON_TOKEN_ENV = "EXE_DAEMON_TOKEN";
 var _socket = null;
 var _connected = false;
 var _buffer = "";
@@ -136,9 +187,9 @@ function handleData(chunk) {
   }
 }
 function cleanupStaleFiles() {
-  if (existsSync2(PID_PATH)) {
+  if (existsSync4(PID_PATH)) {
     try {
-      const pid = parseInt(readFileSync2(PID_PATH, "utf8").trim(), 10);
+      const pid = parseInt(readFileSync3(PID_PATH, "utf8").trim(), 10);
       if (pid > 0) {
         try {
           process.kill(pid, 0);
@@ -159,11 +210,11 @@ function cleanupStaleFiles() {
   }
 }
 function findPackageRoot() {
-  let dir = path2.dirname(fileURLToPath(import.meta.url));
-  const { root } = path2.parse(dir);
+  let dir = path3.dirname(fileURLToPath(import.meta.url));
+  const { root } = path3.parse(dir);
   while (dir !== root) {
-    if (existsSync2(path2.join(dir, "package.json"))) return dir;
-    dir = path2.dirname(dir);
+    if (existsSync4(path3.join(dir, "package.json"))) return dir;
+    dir = path3.dirname(dir);
   }
   return null;
 }
@@ -189,16 +240,17 @@ function spawnDaemon() {
     process.stderr.write("[exed-client] WARN: cannot find package root\n");
     return;
   }
-  const daemonPath = path2.join(pkgRoot, "dist", "lib", "exe-daemon.js");
-  if (!existsSync2(daemonPath)) {
+  const daemonPath = path3.join(pkgRoot, "dist", "lib", "exe-daemon.js");
+  if (!existsSync4(daemonPath)) {
     process.stderr.write(`[exed-client] WARN: daemon script not found at ${daemonPath}
 `);
     return;
   }
   const resolvedPath = daemonPath;
+  const daemonToken = ensureDaemonToken(process.env[DAEMON_TOKEN_ENV] ?? null);
   process.stderr.write(`[exed-client] Spawning daemon: ${resolvedPath}
 `);
-  const logPath = path2.join(path2.dirname(SOCKET_PATH), "exed.log");
+  const logPath = path3.join(path3.dirname(SOCKET_PATH), "exed.log");
   let stderrFd = "ignore";
   try {
     stderrFd = openSync(logPath, "a");
@@ -216,7 +268,8 @@ function spawnDaemon() {
       TMUX_PANE: void 0,
       // Prevents resolveExeSession() from scoping to one session
       EXE_DAEMON_SOCK: SOCKET_PATH,
-      EXE_DAEMON_PID: PID_PATH
+      EXE_DAEMON_PID: PID_PATH,
+      [DAEMON_TOKEN_ENV]: daemonToken
     }
   });
   child.unref();
@@ -326,13 +379,14 @@ function sendDaemonRequest(payload, timeoutMs = REQUEST_TIMEOUT_MS) {
       return;
     }
     const id = randomUUID();
+    const token = process.env[DAEMON_TOKEN_ENV] ?? readDaemonToken();
     const timer = setTimeout(() => {
       _pending.delete(id);
       resolve({ error: "Request timeout" });
     }, timeoutMs);
     _pending.set(id, { resolve, timer });
     try {
-      _socket.write(JSON.stringify({ id, ...payload }) + "\n");
+      _socket.write(JSON.stringify({ id, token, ...payload }) + "\n");
     } catch {
       clearTimeout(timer);
       _pending.delete(id);
@@ -361,9 +415,9 @@ function killAndRespawnDaemon() {
   }
   try {
     process.stderr.write("[exed-client] Killing daemon for restart...\n");
-    if (existsSync2(PID_PATH)) {
+    if (existsSync4(PID_PATH)) {
       try {
-        const pid = parseInt(readFileSync2(PID_PATH, "utf8").trim(), 10);
+        const pid = parseInt(readFileSync3(PID_PATH, "utf8").trim(), 10);
         if (pid > 0) {
           try {
             process.kill(pid, "SIGKILL");
@@ -492,6 +546,17 @@ function disconnectClient() {
 function isClientConnected() {
   return _connected;
 }
+function sendIngestRequest(payload) {
+  if (!_socket || !_connected) return false;
+  try {
+    const id = randomUUID();
+    const token = process.env[DAEMON_TOKEN_ENV] ?? readDaemonToken();
+    _socket.write(JSON.stringify({ id, token, type: "ingest", ...payload }) + "\n");
+    return true;
+  } catch {
+    return false;
+  }
+}
 export {
   connectEmbedDaemon,
   disconnectClient,
@@ -499,5 +564,6 @@ export {
   embedViaClient,
   isClientConnected,
   pingDaemon,
-  sendDaemonRequest
+  sendDaemonRequest,
+  sendIngestRequest
 };