@askexenow/exe-os 0.9.85 → 0.9.87

package/dist/bin/exe-agent.js

@@ -1377,6 +1377,24 @@ var PLATFORM_PROCEDURES = [
     priority: "p0",
     content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, call support_test (MCP) and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues; only ask the founder to run `exe-os support test` if MCP is disconnected/unavailable. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
   },
+  {
+    title: "Bug report status check \u2014 surface available fixes on boot",
+    domain: "support",
+    priority: "p1",
+    content: "Once per session (COO boot only, never repeat), call list_my_bug_reports to check if any previously filed bug reports have been fixed by AskExe. If any report has status 'fixed' with a fixed_version, surface it to the founder immediately: '\u{1F527} N bug fix(es) available \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no reports exist or none are fixed, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+  },
+  {
+    title: "Feature request triage \u2014 upstream feature vs local customization",
+    domain: "support",
+    priority: "p0",
+    content: "When an agent or founder identifies a desired capability that exe-os does not yet provide, the COO (or equivalent coordinator) must decide: is this a local customization (identity, behavior, procedure, config, branding, workflow preference that can be configured in customer-owned layers) or an upstream feature request (a platform capability that requires changes to exe-os code, shipped via npm update)? Local customizations: implement immediately using store_behavior, update_identity, company_procedure, or config changes. Upstream features: use create_feature_request to submit to AskExe. Include use case, business impact, and current workaround. Do NOT ask the founder for permission to file a feature request \u2014 file it proactively when the need is clear."
+  },
+  {
+    title: "Feature request status check \u2014 surface shipped features on boot",
+    domain: "support",
+    priority: "p1",
+    content: "Once per session (COO boot only, never repeat), call list_my_feature_requests to check if any previously filed feature requests have been shipped by AskExe. If any request has status 'shipped' with a shipped_version, surface it to the founder immediately: '\u{1F680} N feature(s) shipped \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no requests exist or none are shipped, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+  },
   // --- Operations ---
   {
     title: "Managers must supervise deployed workers",

package/dist/bin/exe-assign.js

@@ -356,7 +356,7 @@ var init_daemon_auth = __esm({
 // src/lib/exe-daemon-client.ts
 import net from "net";
 import os3 from "os";
-import { spawn } from "child_process";
+import { spawn, execSync as execSync2 } from "child_process";
 import { randomUUID as randomUUID2 } from "crypto";
 import { existsSync as existsSync5, unlinkSync as unlinkSync2, readFileSync as readFileSync4, openSync, closeSync, statSync } from "fs";
 import path4 from "path";
@@ -386,6 +386,14 @@ function handleData(chunk) {
     }
   }
 }
+function isZombie(pid) {
+  try {
+    const state = execSync2(`ps -p ${pid} -o state=`, { encoding: "utf8", timeout: 2e3 }).trim();
+    return state.startsWith("Z");
+  } catch {
+    return false;
+  }
+}
 function cleanupStaleFiles() {
   if (existsSync5(PID_PATH)) {
     try {
@@ -393,7 +401,11 @@ function cleanupStaleFiles() {
       if (pid > 0) {
         try {
           process.kill(pid, 0);
-          return;
+          if (!isZombie(pid)) {
+            return;
+          }
+          process.stderr.write(`[exed-client] PID ${pid} is a zombie \u2014 cleaning up stale files
+`);
         } catch {
         }
       }
@@ -421,8 +433,8 @@ function findPackageRoot() {
 function getAvailableMemoryGB() {
   if (process.platform === "darwin") {
     try {
-      const { execSync: execSync3 } = __require("child_process");
-      const vmstat = execSync3("vm_stat", { encoding: "utf8" });
+      const { execSync: execSync4 } = __require("child_process");
+      const vmstat = execSync4("vm_stat", { encoding: "utf8" });
       const pageSize = 16384;
       const pageSizeMatch = vmstat.match(/page size of (\d+) bytes/);
       const actualPageSize = pageSizeMatch ? parseInt(pageSizeMatch[1], 10) : pageSize;
@@ -2983,6 +2995,12 @@ async function disposeDatabase() {
     clearInterval(_walCheckpointTimer);
     _walCheckpointTimer = null;
   }
+  if (_client) {
+    try {
+      await _client.execute("PRAGMA wal_checkpoint(PASSIVE)");
+    } catch {
+    }
+  }
   if (_daemonClient) {
     _daemonClient.close();
     _daemonClient = null;
@@ -3514,6 +3532,24 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, call support_test (MCP) and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues; only ask the founder to run `exe-os support test` if MCP is disconnected/unavailable. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
+      {
+        title: "Bug report status check \u2014 surface available fixes on boot",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), call list_my_bug_reports to check if any previously filed bug reports have been fixed by AskExe. If any report has status 'fixed' with a fixed_version, surface it to the founder immediately: '\u{1F527} N bug fix(es) available \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no reports exist or none are fixed, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+      },
+      {
+        title: "Feature request triage \u2014 upstream feature vs local customization",
+        domain: "support",
+        priority: "p0",
+        content: "When an agent or founder identifies a desired capability that exe-os does not yet provide, the COO (or equivalent coordinator) must decide: is this a local customization (identity, behavior, procedure, config, branding, workflow preference that can be configured in customer-owned layers) or an upstream feature request (a platform capability that requires changes to exe-os code, shipped via npm update)? Local customizations: implement immediately using store_behavior, update_identity, company_procedure, or config changes. Upstream features: use create_feature_request to submit to AskExe. Include use case, business impact, and current workaround. Do NOT ask the founder for permission to file a feature request \u2014 file it proactively when the need is clear."
+      },
+      {
+        title: "Feature request status check \u2014 surface shipped features on boot",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), call list_my_feature_requests to check if any previously filed feature requests have been shipped by AskExe. If any request has status 'shipped' with a shipped_version, surface it to the founder immediately: '\u{1F680} N feature(s) shipped \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no requests exist or none are shipped, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+      },
       // --- Operations ---
       {
         title: "Managers must supervise deployed workers",
@@ -4283,7 +4319,7 @@ init_database();
 // src/lib/keychain.ts
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
 import { existsSync as existsSync6, statSync as statSync2 } from "fs";
-import { execSync as execSync2 } from "child_process";
+import { execSync as execSync3 } from "child_process";
 import path6 from "path";
 import os5 from "os";
 var SERVICE = "exe-os";
@@ -4304,13 +4340,13 @@ function linuxSecretAvailable() {
   if (process.platform !== "linux") return false;
   if (linuxSecretAvailability !== null) return linuxSecretAvailability;
   try {
-    execSync2("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
+    execSync3("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
   } catch {
     linuxSecretAvailability = false;
     return false;
   }
   try {
-    execSync2("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
+    execSync3("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
     linuxSecretAvailability = true;
   } catch {
     linuxSecretAvailability = false;
@@ -4334,7 +4370,7 @@ function macKeychainGet(service = SERVICE) {
   if (!nativeKeychainAllowed()) return null;
   if (process.platform !== "darwin") return null;
   try {
-    return execSync2(
+    return execSync3(
       `security find-generic-password -s "${service}" -a "${ACCOUNT}" -w 2>/dev/null`,
       { encoding: "utf-8", timeout: 5e3 }
     ).trim();
@@ -4347,13 +4383,13 @@ function macKeychainSet(value, service = SERVICE) {
   if (process.platform !== "darwin") return false;
   try {
     try {
-      execSync2(
+      execSync3(
         `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
         { timeout: 5e3 }
       );
     } catch {
     }
-    execSync2(
+    execSync3(
       `security add-generic-password -s "${service}" -a "${ACCOUNT}" -w "${value}"`,
       { timeout: 5e3 }
     );
@@ -4366,7 +4402,7 @@ function macKeychainDelete(service = SERVICE) {
   if (!nativeKeychainAllowed()) return false;
   if (process.platform !== "darwin") return false;
   try {
-    execSync2(
+    execSync3(
       `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );
@@ -4378,7 +4414,7 @@ function macKeychainDelete(service = SERVICE) {
 function linuxSecretGet(service = SERVICE) {
   if (!linuxSecretAvailable()) return null;
   try {
-    return execSync2(
+    return execSync3(
       `secret-tool lookup service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { encoding: "utf-8", timeout: 5e3 }
     ).trim();
@@ -4389,7 +4425,7 @@ function linuxSecretGet(service = SERVICE) {
 function linuxSecretSet(value, service = SERVICE) {
   if (!linuxSecretAvailable()) return false;
   try {
-    execSync2(
+    execSync3(
       `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );
@@ -4402,7 +4438,7 @@ function linuxSecretDelete(service = SERVICE) {
   if (!nativeKeychainAllowed()) return false;
   if (process.platform !== "linux") return false;
   try {
-    execSync2(
+    execSync3(
       `secret-tool clear service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );

package/dist/bin/exe-boot.js

@@ -1134,7 +1134,7 @@ var init_daemon_auth = __esm({
 // src/lib/exe-daemon-client.ts
 import net from "net";
 import os4 from "os";
-import { spawn } from "child_process";
+import { spawn, execSync as execSync2 } from "child_process";
 import { randomUUID } from "crypto";
 import { existsSync as existsSync5, unlinkSync as unlinkSync2, readFileSync as readFileSync4, openSync, closeSync, statSync } from "fs";
 import path5 from "path";
@@ -1164,6 +1164,14 @@ function handleData(chunk) {
     }
   }
 }
+function isZombie(pid) {
+  try {
+    const state = execSync2(`ps -p ${pid} -o state=`, { encoding: "utf8", timeout: 2e3 }).trim();
+    return state.startsWith("Z");
+  } catch {
+    return false;
+  }
+}
 function cleanupStaleFiles() {
   if (existsSync5(PID_PATH)) {
     try {
@@ -1171,7 +1179,11 @@ function cleanupStaleFiles() {
       if (pid > 0) {
         try {
           process.kill(pid, 0);
-          return;
+          if (!isZombie(pid)) {
+            return;
+          }
+          process.stderr.write(`[exed-client] PID ${pid} is a zombie \u2014 cleaning up stale files
+`);
         } catch {
         }
       }
@@ -1199,8 +1211,8 @@ function findPackageRoot() {
 function getAvailableMemoryGB() {
   if (process.platform === "darwin") {
     try {
-      const { execSync: execSync11 } = __require("child_process");
-      const vmstat = execSync11("vm_stat", { encoding: "utf8" });
+      const { execSync: execSync12 } = __require("child_process");
+      const vmstat = execSync12("vm_stat", { encoding: "utf8" });
       const pageSize = 16384;
       const pageSizeMatch = vmstat.match(/page size of (\d+) bytes/);
       const actualPageSize = pageSizeMatch ? parseInt(pageSizeMatch[1], 10) : pageSize;
@@ -3135,6 +3147,12 @@ async function disposeDatabase() {
     clearInterval(_walCheckpointTimer);
     _walCheckpointTimer = null;
   }
+  if (_client) {
+    try {
+      await _client.execute("PRAGMA wal_checkpoint(PASSIVE)");
+    } catch {
+    }
+  }
   if (_daemonClient) {
     _daemonClient.close();
     _daemonClient = null;
@@ -3251,6 +3269,24 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, call support_test (MCP) and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues; only ask the founder to run `exe-os support test` if MCP is disconnected/unavailable. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
+      {
+        title: "Bug report status check \u2014 surface available fixes on boot",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), call list_my_bug_reports to check if any previously filed bug reports have been fixed by AskExe. If any report has status 'fixed' with a fixed_version, surface it to the founder immediately: '\u{1F527} N bug fix(es) available \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no reports exist or none are fixed, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+      },
+      {
+        title: "Feature request triage \u2014 upstream feature vs local customization",
+        domain: "support",
+        priority: "p0",
+        content: "When an agent or founder identifies a desired capability that exe-os does not yet provide, the COO (or equivalent coordinator) must decide: is this a local customization (identity, behavior, procedure, config, branding, workflow preference that can be configured in customer-owned layers) or an upstream feature request (a platform capability that requires changes to exe-os code, shipped via npm update)? Local customizations: implement immediately using store_behavior, update_identity, company_procedure, or config changes. Upstream features: use create_feature_request to submit to AskExe. Include use case, business impact, and current workaround. Do NOT ask the founder for permission to file a feature request \u2014 file it proactively when the need is clear."
+      },
+      {
+        title: "Feature request status check \u2014 surface shipped features on boot",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), call list_my_feature_requests to check if any previously filed feature requests have been shipped by AskExe. If any request has status 'shipped' with a shipped_version, surface it to the founder immediately: '\u{1F680} N feature(s) shipped \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no requests exist or none are shipped, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+      },
       // --- Operations ---
       {
         title: "Managers must supervise deployed workers",
@@ -3453,7 +3489,7 @@ __export(keychain_exports, {
 });
 import { readFile as readFile3, writeFile as writeFile3, unlink, mkdir as mkdir3, chmod as chmod2 } from "fs/promises";
 import { existsSync as existsSync6, statSync as statSync2 } from "fs";
-import { execSync as execSync2 } from "child_process";
+import { execSync as execSync3 } from "child_process";
 import path6 from "path";
 import os5 from "os";
 function getKeyDir() {
@@ -3470,13 +3506,13 @@ function linuxSecretAvailable() {
   if (process.platform !== "linux") return false;
   if (linuxSecretAvailability !== null) return linuxSecretAvailability;
   try {
-    execSync2("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
+    execSync3("command -v secret-tool >/dev/null 2>&1", { timeout: 1e3 });
   } catch {
     linuxSecretAvailability = false;
     return false;
   }
   try {
-    execSync2("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
+    execSync3("secret-tool search --all exe-os probe >/dev/null 2>&1", { timeout: 1e3 });
     linuxSecretAvailability = true;
   } catch {
     linuxSecretAvailability = false;
@@ -3500,7 +3536,7 @@ function macKeychainGet(service = SERVICE) {
   if (!nativeKeychainAllowed()) return null;
   if (process.platform !== "darwin") return null;
   try {
-    return execSync2(
+    return execSync3(
       `security find-generic-password -s "${service}" -a "${ACCOUNT}" -w 2>/dev/null`,
       { encoding: "utf-8", timeout: 5e3 }
     ).trim();
@@ -3513,13 +3549,13 @@ function macKeychainSet(value, service = SERVICE) {
   if (process.platform !== "darwin") return false;
   try {
     try {
-      execSync2(
+      execSync3(
         `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
         { timeout: 5e3 }
       );
     } catch {
     }
-    execSync2(
+    execSync3(
       `security add-generic-password -s "${service}" -a "${ACCOUNT}" -w "${value}"`,
       { timeout: 5e3 }
     );
@@ -3532,7 +3568,7 @@ function macKeychainDelete(service = SERVICE) {
   if (!nativeKeychainAllowed()) return false;
   if (process.platform !== "darwin") return false;
   try {
-    execSync2(
+    execSync3(
       `security delete-generic-password -s "${service}" -a "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );
@@ -3544,7 +3580,7 @@ function macKeychainDelete(service = SERVICE) {
 function linuxSecretGet(service = SERVICE) {
   if (!linuxSecretAvailable()) return null;
   try {
-    return execSync2(
+    return execSync3(
       `secret-tool lookup service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { encoding: "utf-8", timeout: 5e3 }
     ).trim();
@@ -3555,7 +3591,7 @@ function linuxSecretGet(service = SERVICE) {
 function linuxSecretSet(value, service = SERVICE) {
   if (!linuxSecretAvailable()) return false;
   try {
-    execSync2(
+    execSync3(
       `echo -n "${value}" | secret-tool store --label="exe-os master key" service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );
@@ -3568,7 +3604,7 @@ function linuxSecretDelete(service = SERVICE) {
   if (!nativeKeychainAllowed()) return false;
   if (process.platform !== "linux") return false;
   try {
-    execSync2(
+    execSync3(
       `secret-tool clear service "${service}" account "${ACCOUNT}" 2>/dev/null`,
       { timeout: 5e3 }
     );
@@ -4502,7 +4538,7 @@ __export(session_registry_exports, {
   registerSession: () => registerSession
 });
 import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync8 } from "fs";
-import { execSync as execSync3 } from "child_process";
+import { execSync as execSync4 } from "child_process";
 import path8 from "path";
 import os6 from "os";
 function registerSession(entry) {
@@ -4542,7 +4578,7 @@ function pruneStaleSessions() {
   if (sessions.length === 0) return 0;
   let liveSessions = [];
   try {
-    liveSessions = execSync3("tmux list-sessions -F '#{session_name}' 2>/dev/null", {
+    liveSessions = execSync4("tmux list-sessions -F '#{session_name}' 2>/dev/null", {
       encoding: "utf8"
     }).trim().split("\n").filter(Boolean);
   } catch {
@@ -4565,7 +4601,7 @@ var init_session_registry = __esm({
 });
 
 // src/lib/session-key.ts
-import { execSync as execSync4 } from "child_process";
+import { execSync as execSync5 } from "child_process";
 function normalizeCommand(command) {
   const trimmed = command.trim().toLowerCase();
   const parts = trimmed.split(/[\\/]/);
@@ -4584,7 +4620,7 @@ function resolveRuntimeProcess() {
   let pid = process.ppid;
   for (let i = 0; i < 10; i++) {
     try {
-      const info = execSync4(`ps -p ${pid} -o ppid=,comm=`, {
+      const info = execSync5(`ps -p ${pid} -o ppid=,comm=`, {
         encoding: "utf8",
         timeout: 2e3
       }).trim();
@@ -4750,14 +4786,14 @@ var init_transport = __esm({
 });
 
 // src/lib/cc-agent-support.ts
-import { execSync as execSync5 } from "child_process";
+import { execSync as execSync6 } from "child_process";
 function _resetCcAgentSupportCache() {
   _cachedSupport = null;
 }
 function claudeSupportsAgentFlag() {
   if (_cachedSupport !== null) return _cachedSupport;
   try {
-    const helpOutput = execSync5("claude --help 2>&1", {
+    const helpOutput = execSync6("claude --help 2>&1", {
       encoding: "utf-8",
       timeout: 5e3
     });
@@ -5914,7 +5950,7 @@ __export(project_name_exports, {
   _resetCache: () => _resetCache,
   getProjectName: () => getProjectName
 });
-import { execSync as execSync6 } from "child_process";
+import { execSync as execSync7 } from "child_process";
 import path15 from "path";
 function getProjectName(cwd) {
   const dir = cwd ?? process.cwd();
@@ -5922,7 +5958,7 @@ function getProjectName(cwd) {
   try {
     let repoRoot;
     try {
-      const gitCommonDir = execSync6("git rev-parse --path-format=absolute --git-common-dir", {
+      const gitCommonDir = execSync7("git rev-parse --path-format=absolute --git-common-dir", {
         cwd: dir,
         encoding: "utf8",
         timeout: 2e3,
@@ -5930,7 +5966,7 @@ function getProjectName(cwd) {
       }).trim();
       repoRoot = path15.dirname(gitCommonDir);
     } catch {
-      repoRoot = execSync6("git rev-parse --show-toplevel", {
+      repoRoot = execSync7("git rev-parse --show-toplevel", {
         cwd: dir,
         encoding: "utf8",
         timeout: 2e3,
@@ -6025,7 +6061,7 @@ var init_session_scope = __esm({
 import crypto4 from "crypto";
 import path16 from "path";
 import os11 from "os";
-import { execSync as execSync7 } from "child_process";
+import { execSync as execSync8 } from "child_process";
 import { mkdir as mkdir4, writeFile as writeFile4, appendFile } from "fs/promises";
 import { existsSync as existsSync15, readFileSync as readFileSync11 } from "fs";
 async function writeCheckpoint(input) {
@@ -6370,14 +6406,14 @@ function isTmuxSessionAlive(identifier) {
   if (!identifier || identifier === "unknown") return true;
   try {
     if (identifier.startsWith("%")) {
-      const output = execSync7("tmux list-panes -a -F '#{pane_id}'", {
+      const output = execSync8("tmux list-panes -a -F '#{pane_id}'", {
         timeout: 2e3,
         encoding: "utf8",
         stdio: ["pipe", "pipe", "pipe"]
       });
       return output.split("\n").some((l) => l.trim() === identifier);
     } else {
-      execSync7(`tmux has-session -t ${JSON.stringify(identifier)}`, {
+      execSync8(`tmux has-session -t ${JSON.stringify(identifier)}`, {
         timeout: 2e3,
         stdio: ["pipe", "pipe", "pipe"]
       });
@@ -6386,7 +6422,7 @@ function isTmuxSessionAlive(identifier) {
   } catch {
     if (identifier.startsWith("%")) return true;
     try {
-      execSync7("tmux list-sessions", {
+      execSync8("tmux list-sessions", {
         timeout: 2e3,
         stdio: ["pipe", "pipe", "pipe"]
       });
@@ -6401,12 +6437,12 @@ function checkStaleCompletion(taskContext, taskCreatedAt) {
   if (!DELEGATION_KEYWORDS.test(taskContext)) return null;
   try {
     const since = new Date(taskCreatedAt).toISOString();
-    const branch = execSync7(
+    const branch = execSync8(
       "git rev-parse --abbrev-ref HEAD 2>/dev/null",
       { encoding: "utf8", timeout: 3e3 }
     ).trim();
     const branchArg = branch && branch !== "HEAD" ? branch : "";
-    const commitCount = execSync7(
+    const commitCount = execSync8(
       `git log --oneline --since="${since}" ${branchArg} 2>/dev/null | wc -l`,
       { encoding: "utf8", timeout: 5e3 }
     ).trim();
@@ -8005,7 +8041,7 @@ __export(tmux_routing_exports, {
   spawnEmployee: () => spawnEmployee,
   verifyPaneAtCapacity: () => verifyPaneAtCapacity
 });
-import { execFileSync as execFileSync2, execSync as execSync8 } from "child_process";
+import { execFileSync as execFileSync2, execSync as execSync9 } from "child_process";
 import { readFileSync as readFileSync12, writeFileSync as writeFileSync8, mkdirSync as mkdirSync8, existsSync as existsSync17, appendFileSync, readdirSync as readdirSync4 } from "fs";
 import path20 from "path";
 import os12 from "os";
@@ -8726,7 +8762,7 @@ function spawnEmployee(employeeName, exeSession, projectDir, opts) {
   let booted = false;
   for (let i = 0; i < 30; i++) {
     try {
-      execSync8("sleep 0.5");
+      execSync9("sleep 0.5");
     } catch {
     }
     try {
@@ -10692,7 +10728,7 @@ __export(schedules_exports, {
   parseHumanCron: () => parseHumanCron
 });
 import crypto9 from "crypto";
-import { execSync as execSync10 } from "child_process";
+import { execSync as execSync11 } from "child_process";
 function isValidCron(cron) {
   const fields = cron.trim().split(/\s+/);
   if (fields.length !== 5) return false;
@@ -10852,7 +10888,7 @@ function addToCrontab(id, cron, prompt, projectDir) {
     const cwd = projectDir ? `cd ${JSON.stringify(projectDir)} && ` : "";
     const escapedPrompt = prompt.replace(/"/g, '\\"');
     const entry = `${cron} ${cwd}claude -p --dangerously-skip-permissions "${escapedPrompt}" # exe-schedule:${id}`;
-    execSync10(
+    execSync11(
       `(crontab -l 2>/dev/null; echo ${JSON.stringify(entry)}) | crontab -`,
       { timeout: 5e3, stdio: "ignore" }
     );
@@ -10863,7 +10899,7 @@ function addToCrontab(id, cron, prompt, projectDir) {
 function removeFromCrontab(id) {
   if (!isValidScheduleId(id)) return;
   try {
-    execSync10(
+    execSync11(
       `crontab -l 2>/dev/null | grep -v "exe-schedule:${id}" | crontab -`,
       { timeout: 5e3, stdio: "ignore" }
     );
@@ -11428,7 +11464,7 @@ init_notifications();
 init_config();
 init_session_key();
 import { readFileSync as readFileSync13, writeFileSync as writeFileSync9, mkdirSync as mkdirSync9, unlinkSync as unlinkSync7, readdirSync as readdirSync5 } from "fs";
-import { execSync as execSync9 } from "child_process";
+import { execSync as execSync10 } from "child_process";
 import path21 from "path";
 
 // src/mcp/agent-context.ts
@@ -12178,8 +12214,8 @@ async function boot(options) {
           updatedAt: String(row.updated_at)
         }));
         try {
-          const { execSync: execSync11 } = await import("child_process");
-          const gitLog = execSync11(
+          const { execSync: execSync12 } = await import("child_process");
+          const gitLog = execSync12(
             "git log --oneline -10 --grep='Co-Authored-By: Claude' --grep='task(' --all-match 2>/dev/null || git log --oneline -5 --grep='Co-Authored-By: Claude' 2>/dev/null || git log --oneline -5 --grep='^task(' 2>/dev/null",
             {
               encoding: "utf8",
@@ -12468,11 +12504,11 @@ async function updateIdleKillSuspectStreak(client, killsToday, liveSessions, tod
 }
 function runSplash() {
   try {
-    const { execSync: execSync11 } = __require("child_process");
+    const { execSync: execSync12 } = __require("child_process");
     const { loadConfigSync: loadConfigSync2 } = (init_config(), __toCommonJS(config_exports));
     const config = loadConfigSync2();
     if (!config.splashEffect) return;
-    execSync11(
+    execSync12(
       'echo "EXE OS" | python3 -m terminaltexteffects decrypt --typing-speed 2 --ciphertext-colors 6B4C9A F5D76E --final-gradient-stops F5D76E F0EDE8 --final-gradient-direction vertical',
       { stdio: "inherit", timeout: 5e3 }
     );

package/dist/bin/exe-call.js

@@ -315,6 +315,24 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "When an agent encounters a suspected Exe OS bug, update breakage, MCP/tool failure, installer issue, memory/orchestration defect, or customer-local patch need, it MUST use create_bug_report. Do this before or alongside any local workaround so the report reaches AskExe support directly via the customer's license. Do NOT ask the founder for permission to file a required bug report. If create_bug_report is deferred/lazy-loaded, load it and call it. If it is unavailable in the live MCP surface, report 'create_bug_report unavailable in this session' and save a local report in exe/output \u2014 never claim the tool does not exist unless the live MCP surface was checked. If upstream delivery fails, call support_test (MCP) and include its result in the local report so AskExe can distinguish customer setup, license provisioning, and server intake issues; only ask the founder to run `exe-os support test` if MCP is disconnected/unavailable. Classify first: upstream_bug = reproducible exe-os/platform defect; customer_customization = identity, behavior, procedure, config, branding, workflow preference that belongs in customer-owned layers; emergency_hotfix = temporary local patch. For upstream bugs/emergency hotfixes include version, repro steps, expected/actual, files changed, workaround, and local diff summary. Avoid permanent platform-code patches unless founder approves; if a hotfix is unavoidable, document it in the bug report and re-check after npm update."
       },
+      {
+        title: "Bug report status check \u2014 surface available fixes on boot",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), call list_my_bug_reports to check if any previously filed bug reports have been fixed by AskExe. If any report has status 'fixed' with a fixed_version, surface it to the founder immediately: '\u{1F527} N bug fix(es) available \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no reports exist or none are fixed, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+      },
+      {
+        title: "Feature request triage \u2014 upstream feature vs local customization",
+        domain: "support",
+        priority: "p0",
+        content: "When an agent or founder identifies a desired capability that exe-os does not yet provide, the COO (or equivalent coordinator) must decide: is this a local customization (identity, behavior, procedure, config, branding, workflow preference that can be configured in customer-owned layers) or an upstream feature request (a platform capability that requires changes to exe-os code, shipped via npm update)? Local customizations: implement immediately using store_behavior, update_identity, company_procedure, or config changes. Upstream features: use create_feature_request to submit to AskExe. Include use case, business impact, and current workaround. Do NOT ask the founder for permission to file a feature request \u2014 file it proactively when the need is clear."
+      },
+      {
+        title: "Feature request status check \u2014 surface shipped features on boot",
+        domain: "support",
+        priority: "p1",
+        content: "Once per session (COO boot only, never repeat), call list_my_feature_requests to check if any previously filed feature requests have been shipped by AskExe. If any request has status 'shipped' with a shipped_version, surface it to the founder immediately: '\u{1F680} N feature(s) shipped \u2014 run exe-os update to get version X.Y.Z'. This is a one-time check at boot, not a recurring poll. If no requests exist or none are shipped, skip silently. If the MCP tool is unavailable or the network call fails, skip silently \u2014 this is informational, not blocking."
+      },
       // --- Operations ---
       {
         title: "Managers must supervise deployed workers",