@askexenow/exe-os 0.9.83 → 0.9.84

package/deploy/compose/.env.customer.example

@@ -30,7 +30,7 @@ WIKI_SIG_SALT=CHANGEME_WIKI_SIG_SALT
 WIKI_HOST_PORT=3001
 
 # --- exed ---
-EXED_IMAGE_TAG=registry.askexe.com/askexe/exed:v0.9.6
+EXED_IMAGE_TAG=registry.askexe.com/askexe/exed:v0.9.7
 EXED_MCP_TOKEN=CHANGEME_EXED_MCP_TOKEN
 EXED_DEVICE_ID=hygo-vps
 # VPS-only: enables cloud/local SQLite -> exe-db Postgres projection.

package/deploy/compose/.env.example

@@ -30,7 +30,7 @@ WIKI_SIG_SALT=CHANGEME_WIKI_SIG_SALT
 WIKI_HOST_PORT=3001
 
 # --- exed ---
-EXED_IMAGE_TAG=registry.askexe.com/askexe/exed:v0.9.6
+EXED_IMAGE_TAG=registry.askexe.com/askexe/exed:v0.9.7
 EXED_MCP_TOKEN=CHANGEME_EXED_MCP_TOKEN
 EXED_DEVICE_ID=hygo-vps
 # VPS-only: enables cloud/local SQLite -> exe-db Postgres projection.

package/deploy/compose/docker-compose.yml

@@ -236,7 +236,7 @@ services:
       options: { max-size: "10m", max-file: "3" }
 
   exed:
-    image: ${EXED_IMAGE_TAG:-registry.askexe.com/askexe/exed:v0.9.6}
+    image: ${EXED_IMAGE_TAG:-registry.askexe.com/askexe/exed:v0.9.7}
     container_name: exed
     restart: unless-stopped
     env_file:

package/deploy/stack-manifests/v0.9.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": 1,
-  "latest": "0.9.6",
+  "latest": "0.9.7",
   "stacks": {
     "0.9.0": {
       "version": "0.9.0",
@@ -429,6 +429,74 @@
       },
       "date": "2026-05-12",
       "sourceRef": "stack-v0.9.6"
+    },
+    "0.9.7": {
+      "version": "0.9.7",
+      "releasedAt": "2026-05-12T00:00:00Z",
+      "notes": "Stack update auth unblock: default manifest now uses the packaged signed/customer manifest when available, so cold-start installs do not require update.askexe.com entitlement provisioning. Remote update service remains opt-in via EXE_STACK_MANIFEST.",
+      "breakingChanges": [
+        {
+          "id": "whatsapp_relink_required",
+          "title": "WhatsApp QR re-link required for Baileys v7",
+          "description": "exe-gateway uses Baileys v7. Existing WhatsApp 6.x linked-device auth state must be backed up and re-linked once with a new QR code.",
+          "requiredAction": "Open https://<gateway-domain>/pair/default?token=<admin-token> and scan from WhatsApp → Linked Devices after the update.",
+          "expectedDowntimeMinutes": "2-5",
+          "requiresConfirmation": true
+        }
+      ],
+      "services": {
+        "crm": {
+          "env": "CRM_IMAGE_TAG",
+          "image": "registry.askexe.com/askexe/exe-crm:v0.9.3",
+          "healthUrl": "http://127.0.0.1:3000/healthz",
+          "deploymentScope": "customer"
+        },
+        "wiki": {
+          "env": "WIKI_IMAGE_TAG",
+          "image": "registry.askexe.com/askexe/exe-wiki:v0.9.3",
+          "healthUrl": "http://127.0.0.1:3001/api/ping",
+          "deploymentScope": "customer"
+        },
+        "exed": {
+          "env": "EXED_IMAGE_TAG",
+          "image": "registry.askexe.com/askexe/exed:v0.9.7",
+          "healthUrl": "http://127.0.0.1:8765/health",
+          "deploymentScope": "customer"
+        },
+        "gateway": {
+          "env": "GATEWAY_IMAGE_TAG",
+          "image": "registry.askexe.com/askexe/exe-gateway:v0.9.3",
+          "healthUrl": "http://127.0.0.1:3100/health",
+          "deploymentScope": "customer"
+        },
+        "monitorAgent": {
+          "env": "MONITOR_AGENT_IMAGE_TAG",
+          "image": "registry.askexe.com/askexe/exe-monitor-agent:v0.9.3",
+          "deploymentScope": "customer"
+        }
+      },
+      "releaseDescriptors": {
+        "exed": "AskExe/exe-os@stack-v0.9.4:stack.release.json",
+        "crm": "AskExe/exe-crm@0.9.3:stack.release.json",
+        "wiki": "AskExe/exe-wiki@0.9.3:stack.release.json",
+        "gateway": "AskExe/exe-gateway@0.9.3:stack.release.json",
+        "db": "AskExe/exe-db@0.9.3:stack.release.json",
+        "monitorAgent": "AskExe/exe-monitor@0.9.3:stack.release.json"
+      },
+      "componentVersions": {
+        "exe-os": {
+          "repo": "AskExe/exe-os",
+          "npmPackage": "@askexenow/exe-os",
+          "npmVersion": "0.9.84",
+          "image": "registry.askexe.com/askexe/exed:v0.9.4",
+          "imageVersion": "0.9.7",
+          "note": "Customer stack image tag is 0.9.4; bundled npm package is @askexenow/exe-os@0.9.81. Hygo pulls through registry.askexe.com, which proxies the AskExe-owned GHCR artifact server-side.",
+          "sourceRef": "stack-v0.9.4",
+          "commit": "main@stack-v0.9.7"
+        }
+      },
+      "date": "2026-05-12",
+      "sourceRef": "stack-v0.9.7"
     }
   }
 }

package/dist/bin/cli.js

@@ -20286,12 +20286,16 @@ async function defaultPostJson(url, body, authToken) {
 function defaultStackPaths() {
   const cwdCompose = path42.resolve("docker-compose.yml");
   const cwdEnv = path42.resolve(".env");
+  const packagedManifest = path42.join(resolvePackageRoot2(), "deploy", "stack-manifests", "v0.9.json");
+  const manifestRef = process.env.EXE_STACK_MANIFEST || (existsSync34(packagedManifest) ? packagedManifest : "https://update.askexe.com/stack-manifest.json");
   return {
     composeFile: process.env.EXE_STACK_COMPOSE_FILE || (existsSync34(cwdCompose) ? cwdCompose : "/opt/exe-stack/docker-compose.yml"),
     envFile: process.env.EXE_STACK_ENV_FILE || (existsSync34(cwdEnv) ? cwdEnv : "/opt/exe-stack/.env"),
-    manifestRef: process.env.EXE_STACK_MANIFEST || "https://update.askexe.com/stack-manifest.json",
-    auditUrl: process.env.EXE_STACK_AUDIT_URL || "https://update.askexe.com/v1/deploy-audits",
-    imageCredentialsUrl: process.env.EXE_STACK_IMAGE_CREDENTIALS_URL || "https://update.askexe.com/v1/image-credentials",
+    manifestRef,
+    // Only call update.askexe.com if explicitly configured or if a remote manifest was requested.
+    // Packaged manifests keep cold-start installs unblocked even before update-service entitlements are provisioned.
+    auditUrl: process.env.EXE_STACK_AUDIT_URL || (/^https?:\/\//.test(manifestRef) ? "https://update.askexe.com/v1/deploy-audits" : void 0),
+    imageCredentialsUrl: process.env.EXE_STACK_IMAGE_CREDENTIALS_URL || (/^https?:\/\//.test(manifestRef) ? "https://update.askexe.com/v1/image-credentials" : void 0),
     manifestAuthToken: process.env.EXE_STACK_UPDATE_TOKEN || process.env.EXE_LICENSE_KEY || loadLicense() || void 0,
     manifestPublicKey: loadDefaultPublicKey()
   };

package/dist/bin/stack-update.js

@@ -683,12 +683,16 @@ async function defaultPostJson(url, body, authToken) {
 function defaultStackPaths() {
   const cwdCompose = path3.resolve("docker-compose.yml");
   const cwdEnv = path3.resolve(".env");
+  const packagedManifest = path3.join(resolvePackageRoot(), "deploy", "stack-manifests", "v0.9.json");
+  const manifestRef = process.env.EXE_STACK_MANIFEST || (existsSync4(packagedManifest) ? packagedManifest : "https://update.askexe.com/stack-manifest.json");
   return {
     composeFile: process.env.EXE_STACK_COMPOSE_FILE || (existsSync4(cwdCompose) ? cwdCompose : "/opt/exe-stack/docker-compose.yml"),
     envFile: process.env.EXE_STACK_ENV_FILE || (existsSync4(cwdEnv) ? cwdEnv : "/opt/exe-stack/.env"),
-    manifestRef: process.env.EXE_STACK_MANIFEST || "https://update.askexe.com/stack-manifest.json",
-    auditUrl: process.env.EXE_STACK_AUDIT_URL || "https://update.askexe.com/v1/deploy-audits",
-    imageCredentialsUrl: process.env.EXE_STACK_IMAGE_CREDENTIALS_URL || "https://update.askexe.com/v1/image-credentials",
+    manifestRef,
+    // Only call update.askexe.com if explicitly configured or if a remote manifest was requested.
+    // Packaged manifests keep cold-start installs unblocked even before update-service entitlements are provisioned.
+    auditUrl: process.env.EXE_STACK_AUDIT_URL || (/^https?:\/\//.test(manifestRef) ? "https://update.askexe.com/v1/deploy-audits" : void 0),
+    imageCredentialsUrl: process.env.EXE_STACK_IMAGE_CREDENTIALS_URL || (/^https?:\/\//.test(manifestRef) ? "https://update.askexe.com/v1/image-credentials" : void 0),
     manifestAuthToken: process.env.EXE_STACK_UPDATE_TOKEN || process.env.EXE_LICENSE_KEY || loadLicense() || void 0,
     manifestPublicKey: loadDefaultPublicKey()
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.83",
+  "version": "0.9.84",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/stack.release.json

@@ -4,8 +4,8 @@
   "repo": "AskExe/exe-os",
   "service": "exed",
   "packageName": "@askexenow/exe-os",
-  "version": "0.9.6",
-  "image": "ghcr.io/askexe/exed:v0.9.6",
+  "version": "0.9.7",
+  "image": "ghcr.io/askexe/exed:v0.9.7",
   "imageEnv": "EXED_IMAGE_TAG",
   "stackParticipation": {
     "required": true,
@@ -42,9 +42,9 @@
     "breakingChanges": [],
     "dataSovereignty": "Customer-local memory/tasks/behaviors stay in SQLCipher/local storage. Updates must not overwrite roster, identity, behavior, or local memory files.",
     "releaseLine": "v0.9 private/customer pilot; v1.0 is public-beta stable.",
-    "highGhostStack": "0.9.6",
+    "highGhostStack": "0.9.7",
     "deploymentScope": "customer"
   },
   "deploymentScope": "customer",
-  "highGhostStack": "0.9.6"
+  "highGhostStack": "0.9.7"
 }