@askexenow/exe-os 0.9.87 → 0.9.88

package/dist/bin/exe-agent.js

@@ -1271,6 +1271,7 @@ var OllamaProvider = class {
 import { randomUUID as randomUUID3 } from "crypto";
 
 // src/lib/database.ts
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 
 // src/lib/employees.ts

package/dist/bin/exe-assign.js

@@ -1637,6 +1637,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -1678,6 +1679,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;
@@ -5366,6 +5377,7 @@ import { fileURLToPath as fileURLToPath2 } from "url";
 function isMainModule(importMetaUrl) {
   if (process.argv[1] == null) return false;
   if (process.argv[1].includes("mcp/server")) return false;
+  if (process.argv[1].includes("exe-daemon")) return false;
   try {
     const scriptPath = realpathSync(process.argv[1]);
     const modulePath = realpathSync(fileURLToPath2(importMetaUrl));

package/dist/bin/exe-boot.js

@@ -1789,6 +1789,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -1830,6 +1831,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;
@@ -4947,7 +4958,7 @@ function readQueue() {
 function writeQueue(queue) {
   ensureDir();
   const tmp = `${QUEUE_PATH}.tmp`;
-  writeFileSync5(tmp, JSON.stringify(queue, null, 2));
+  writeFileSync5(tmp, JSON.stringify(queue, null, 2), { mode: 384 });
   renameSync4(tmp, QUEUE_PATH);
 }
 function queueIntercom(targetSession, reason) {
@@ -9303,6 +9314,21 @@ var init_crdt_sync = __esm({
   }
 });
 
+// src/lib/pg-ssl.ts
+var pg_ssl_exports = {};
+__export(pg_ssl_exports, {
+  pgSslConfig: () => pgSslConfig
+});
+function pgSslConfig() {
+  if (process.env.EXE_DB_SSL_DISABLED === "true") return {};
+  return { ssl: { rejectUnauthorized: process.env.EXE_DB_SSL_ALLOW_SELFSIGNED !== "true" } };
+}
+var init_pg_ssl = __esm({
+  "src/lib/pg-ssl.ts"() {
+    "use strict";
+  }
+});
+
 // src/lib/db-backup.ts
 var db_backup_exports = {};
 __export(db_backup_exports, {
@@ -9416,6 +9442,7 @@ __export(cloud_sync_exports, {
   cloudPull: () => cloudPull,
   cloudPullBehaviors: () => cloudPullBehaviors,
   cloudPullBlob: () => cloudPullBlob,
+  cloudPullCodeContext: () => cloudPullCodeContext,
   cloudPullConversations: () => cloudPullConversations,
   cloudPullDocuments: () => cloudPullDocuments,
   cloudPullGlobalProcedures: () => cloudPullGlobalProcedures,
@@ -9425,6 +9452,7 @@ __export(cloud_sync_exports, {
   cloudPush: () => cloudPush,
   cloudPushBehaviors: () => cloudPushBehaviors,
   cloudPushBlob: () => cloudPushBlob,
+  cloudPushCodeContext: () => cloudPushCodeContext,
   cloudPushConversations: () => cloudPushConversations,
   cloudPushDocuments: () => cloudPushDocuments,
   cloudPushGlobalProcedures: () => cloudPushGlobalProcedures,
@@ -9503,7 +9531,8 @@ function loadPgClient() {
         return new Ctor();
       }
       const { Pool } = await import("pg");
-      const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+      const { pgSslConfig: pgSslConfig2 } = await Promise.resolve().then(() => (init_pg_ssl(), pg_ssl_exports));
+      const pool = new Pool({ connectionString: process.env.DATABASE_URL, ...pgSslConfig2() });
       return {
         async $queryRawUnsafe(query, ...values) {
           const result = await pool.query(query, values);
@@ -10048,6 +10077,17 @@ async function cloudSync(config) {
   } catch (err) {
     logError(`[cloud-sync] DB backup upload error: ${err instanceof Error ? err.message : String(err)}`);
   }
+  let codeContextResult = { pushed: 0, pulled: 0 };
+  try {
+    codeContextResult.pushed = await cloudPushCodeContext(config);
+  } catch (err) {
+    logError(`[cloud-sync] Code context push: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  try {
+    codeContextResult.pulled = await cloudPullCodeContext(config);
+  } catch (err) {
+    logError(`[cloud-sync] Code context pull: ${err instanceof Error ? err.message : String(err)}`);
+  }
   return {
     pushed,
     pulled,
@@ -10057,7 +10097,8 @@ async function cloudSync(config) {
     tasks: tasksResult,
     conversations: conversationsResult,
     documents: documentsResult,
-    roster: rosterResult
+    roster: rosterResult,
+    codeContext: codeContextResult
   };
 }
 function recordRosterDeletion(name) {
@@ -10695,7 +10736,99 @@ async function cloudPullDocuments(config) {
   }
   return { pulled };
 }
-var LOCALHOST_PATTERNS, FETCH_TIMEOUT_MS, PUSH_BATCH_SIZE, ROSTER_LOCK_PATH, LOCK_STALE_MS, _pgPromise, _pgFailed, CLOUD_REUPLOAD_REQUIRED_MESSAGE, ROSTER_DELETIONS_PATH;
+async function cloudPushCodeContext(config) {
+  assertSecureEndpoint(config.endpoint);
+  if (!existsSync21(CODE_CONTEXT_DIR)) return 0;
+  const files = readdirSync8(CODE_CONTEXT_DIR).filter(
+    (f) => f.endsWith(".json") && !f.endsWith(".vectors.json") && !f.startsWith(".")
+  );
+  if (files.length === 0) return 0;
+  const metaPath = path25.join(CODE_CONTEXT_DIR, ".sync-meta.json");
+  let syncMeta = {};
+  if (existsSync21(metaPath)) {
+    try {
+      syncMeta = JSON.parse(readFileSync15(metaPath, "utf-8"));
+    } catch {
+    }
+  }
+  let pushed = 0;
+  for (const file of files) {
+    const filePath = path25.join(CODE_CONTEXT_DIR, file);
+    try {
+      const stat = statSync5(filePath);
+      const lastPushed = syncMeta[file] ?? 0;
+      if (stat.mtimeMs <= lastPushed) continue;
+      const content = readFileSync15(filePath, "utf-8");
+      const header = content.substring(0, 300);
+      if (header.includes("/tmp") || header.includes("/var/folders") || header.includes(".worktrees/")) continue;
+      const compressed = compress(Buffer.from(content, "utf8"));
+      const encrypted = encryptSyncBlob(compressed);
+      const resp = await fetchWithRetry(`${config.endpoint}/sync/push-code-context`, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${config.apiKey}`,
+          "Content-Type": "application/json",
+          "X-Device-Id": loadDeviceId()
+        },
+        body: JSON.stringify({ key: file, blob: encrypted })
+      });
+      if (resp.ok) {
+        syncMeta[file] = stat.mtimeMs;
+        pushed++;
+      }
+    } catch {
+    }
+  }
+  if (pushed > 0) {
+    try {
+      writeFileSync12(metaPath, JSON.stringify(syncMeta));
+    } catch {
+    }
+  }
+  return pushed;
+}
+async function cloudPullCodeContext(config) {
+  assertSecureEndpoint(config.endpoint);
+  try {
+    const resp = await fetchWithRetry(`${config.endpoint}/sync/pull-code-context`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${config.apiKey}`,
+        "X-Device-Id": loadDeviceId()
+      }
+    });
+    if (!resp.ok) return 0;
+    const data = await resp.json();
+    if (!data.indexes || data.indexes.length === 0) return 0;
+    mkdirSync13(CODE_CONTEXT_DIR, { recursive: true });
+    let pulled = 0;
+    for (const { key, blob } of data.indexes) {
+      try {
+        if (key.endsWith(".vectors.json")) continue;
+        const localPath = path25.join(CODE_CONTEXT_DIR, key);
+        const compressed = decryptSyncBlob(blob);
+        const content = decompress(compressed).toString("utf8");
+        if (!existsSync21(localPath)) {
+          writeFileSync12(localPath, content, "utf-8");
+          pulled++;
+        } else {
+          const localContent = readFileSync15(localPath, "utf-8");
+          if (localContent.length !== content.length) {
+            writeFileSync12(localPath, content, "utf-8");
+            pulled++;
+          }
+        }
+      } catch {
+      }
+    }
+    return pulled;
+  } catch (err) {
+    process.stderr.write(`[cloud-sync] Code context pull failed: ${err instanceof Error ? err.message : String(err)}
+`);
+    return 0;
+  }
+}
+var LOCALHOST_PATTERNS, FETCH_TIMEOUT_MS, PUSH_BATCH_SIZE, ROSTER_LOCK_PATH, LOCK_STALE_MS, _pgPromise, _pgFailed, CLOUD_REUPLOAD_REQUIRED_MESSAGE, ROSTER_DELETIONS_PATH, CODE_CONTEXT_DIR;
 var init_cloud_sync = __esm({
   "src/lib/cloud-sync.ts"() {
     "use strict";
@@ -10716,6 +10849,7 @@ var init_cloud_sync = __esm({
     _pgFailed = false;
     CLOUD_REUPLOAD_REQUIRED_MESSAGE = "Cloud sync is blocked because this device rotated its memory encryption key. Run `exe-os cloud reupload` first to re-upload the cloud backup with the new key.";
     ROSTER_DELETIONS_PATH = path25.join(EXE_AI_DIR, "roster-deletions.json");
+    CODE_CONTEXT_DIR = path25.join(EXE_AI_DIR, "code-context");
   }
 });
 
@@ -11448,6 +11582,7 @@ import { fileURLToPath as fileURLToPath3 } from "url";
 function isMainModule(importMetaUrl) {
   if (process.argv[1] == null) return false;
   if (process.argv[1].includes("mcp/server")) return false;
+  if (process.argv[1].includes("exe-daemon")) return false;
   try {
     const scriptPath = realpathSync(process.argv[1]);
     const modulePath = realpathSync(fileURLToPath3(importMetaUrl));

package/dist/bin/exe-call.js

@@ -221,6 +221,7 @@ var init_memory = __esm({
 });
 
 // src/lib/database.ts
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 var init_database = __esm({
   "src/lib/database.ts"() {
@@ -1253,6 +1254,7 @@ import { fileURLToPath } from "url";
 function isMainModule(importMetaUrl) {
   if (process.argv[1] == null) return false;
   if (process.argv[1].includes("mcp/server")) return false;
+  if (process.argv[1].includes("exe-daemon")) return false;
   try {
     const scriptPath = realpathSync(process.argv[1]);
     const modulePath = realpathSync(fileURLToPath(importMetaUrl));

package/dist/bin/exe-cloud.js

@@ -2206,6 +2206,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -2247,6 +2248,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;
@@ -4375,6 +4386,21 @@ var init_crdt_sync = __esm({
   }
 });
 
+// src/lib/pg-ssl.ts
+var pg_ssl_exports = {};
+__export(pg_ssl_exports, {
+  pgSslConfig: () => pgSslConfig
+});
+function pgSslConfig() {
+  if (process.env.EXE_DB_SSL_DISABLED === "true") return {};
+  return { ssl: { rejectUnauthorized: process.env.EXE_DB_SSL_ALLOW_SELFSIGNED !== "true" } };
+}
+var init_pg_ssl = __esm({
+  "src/lib/pg-ssl.ts"() {
+    "use strict";
+  }
+});
+
 // src/lib/db-backup.ts
 var db_backup_exports = {};
 __export(db_backup_exports, {
@@ -4488,6 +4514,7 @@ __export(cloud_sync_exports, {
   cloudPull: () => cloudPull,
   cloudPullBehaviors: () => cloudPullBehaviors,
   cloudPullBlob: () => cloudPullBlob,
+  cloudPullCodeContext: () => cloudPullCodeContext,
   cloudPullConversations: () => cloudPullConversations,
   cloudPullDocuments: () => cloudPullDocuments,
   cloudPullGlobalProcedures: () => cloudPullGlobalProcedures,
@@ -4497,6 +4524,7 @@ __export(cloud_sync_exports, {
   cloudPush: () => cloudPush,
   cloudPushBehaviors: () => cloudPushBehaviors,
   cloudPushBlob: () => cloudPushBlob,
+  cloudPushCodeContext: () => cloudPushCodeContext,
   cloudPushConversations: () => cloudPushConversations,
   cloudPushDocuments: () => cloudPushDocuments,
   cloudPushGlobalProcedures: () => cloudPushGlobalProcedures,
@@ -4575,7 +4603,8 @@ function loadPgClient() {
         return new Ctor();
       }
       const { Pool } = await import("pg");
-      const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+      const { pgSslConfig: pgSslConfig2 } = await Promise.resolve().then(() => (init_pg_ssl(), pg_ssl_exports));
+      const pool = new Pool({ connectionString: process.env.DATABASE_URL, ...pgSslConfig2() });
       return {
         async $queryRawUnsafe(query, ...values) {
           const result = await pool.query(query, values);
@@ -5120,6 +5149,17 @@ async function cloudSync(config) {
   } catch (err) {
     logError(`[cloud-sync] DB backup upload error: ${err instanceof Error ? err.message : String(err)}`);
   }
+  let codeContextResult = { pushed: 0, pulled: 0 };
+  try {
+    codeContextResult.pushed = await cloudPushCodeContext(config);
+  } catch (err) {
+    logError(`[cloud-sync] Code context push: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  try {
+    codeContextResult.pulled = await cloudPullCodeContext(config);
+  } catch (err) {
+    logError(`[cloud-sync] Code context pull: ${err instanceof Error ? err.message : String(err)}`);
+  }
   return {
     pushed,
     pulled,
@@ -5129,7 +5169,8 @@ async function cloudSync(config) {
     tasks: tasksResult,
     conversations: conversationsResult,
     documents: documentsResult,
-    roster: rosterResult
+    roster: rosterResult,
+    codeContext: codeContextResult
   };
 }
 function recordRosterDeletion(name) {
@@ -5767,7 +5808,99 @@ async function cloudPullDocuments(config) {
   }
   return { pulled };
 }
-var LOCALHOST_PATTERNS, FETCH_TIMEOUT_MS, PUSH_BATCH_SIZE, ROSTER_LOCK_PATH, LOCK_STALE_MS, _pgPromise, _pgFailed, CLOUD_REUPLOAD_REQUIRED_MESSAGE, ROSTER_DELETIONS_PATH;
+async function cloudPushCodeContext(config) {
+  assertSecureEndpoint(config.endpoint);
+  if (!existsSync10(CODE_CONTEXT_DIR)) return 0;
+  const files = readdirSync2(CODE_CONTEXT_DIR).filter(
+    (f) => f.endsWith(".json") && !f.endsWith(".vectors.json") && !f.startsWith(".")
+  );
+  if (files.length === 0) return 0;
+  const metaPath = path10.join(CODE_CONTEXT_DIR, ".sync-meta.json");
+  let syncMeta = {};
+  if (existsSync10(metaPath)) {
+    try {
+      syncMeta = JSON.parse(readFileSync7(metaPath, "utf-8"));
+    } catch {
+    }
+  }
+  let pushed = 0;
+  for (const file of files) {
+    const filePath = path10.join(CODE_CONTEXT_DIR, file);
+    try {
+      const stat = statSync4(filePath);
+      const lastPushed = syncMeta[file] ?? 0;
+      if (stat.mtimeMs <= lastPushed) continue;
+      const content = readFileSync7(filePath, "utf-8");
+      const header = content.substring(0, 300);
+      if (header.includes("/tmp") || header.includes("/var/folders") || header.includes(".worktrees/")) continue;
+      const compressed = compress(Buffer.from(content, "utf8"));
+      const encrypted = encryptSyncBlob(compressed);
+      const resp = await fetchWithRetry(`${config.endpoint}/sync/push-code-context`, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${config.apiKey}`,
+          "Content-Type": "application/json",
+          "X-Device-Id": loadDeviceId()
+        },
+        body: JSON.stringify({ key: file, blob: encrypted })
+      });
+      if (resp.ok) {
+        syncMeta[file] = stat.mtimeMs;
+        pushed++;
+      }
+    } catch {
+    }
+  }
+  if (pushed > 0) {
+    try {
+      writeFileSync5(metaPath, JSON.stringify(syncMeta));
+    } catch {
+    }
+  }
+  return pushed;
+}
+async function cloudPullCodeContext(config) {
+  assertSecureEndpoint(config.endpoint);
+  try {
+    const resp = await fetchWithRetry(`${config.endpoint}/sync/pull-code-context`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${config.apiKey}`,
+        "X-Device-Id": loadDeviceId()
+      }
+    });
+    if (!resp.ok) return 0;
+    const data = await resp.json();
+    if (!data.indexes || data.indexes.length === 0) return 0;
+    mkdirSync5(CODE_CONTEXT_DIR, { recursive: true });
+    let pulled = 0;
+    for (const { key, blob } of data.indexes) {
+      try {
+        if (key.endsWith(".vectors.json")) continue;
+        const localPath = path10.join(CODE_CONTEXT_DIR, key);
+        const compressed = decryptSyncBlob(blob);
+        const content = decompress(compressed).toString("utf8");
+        if (!existsSync10(localPath)) {
+          writeFileSync5(localPath, content, "utf-8");
+          pulled++;
+        } else {
+          const localContent = readFileSync7(localPath, "utf-8");
+          if (localContent.length !== content.length) {
+            writeFileSync5(localPath, content, "utf-8");
+            pulled++;
+          }
+        }
+      } catch {
+      }
+    }
+    return pulled;
+  } catch (err) {
+    process.stderr.write(`[cloud-sync] Code context pull failed: ${err instanceof Error ? err.message : String(err)}
+`);
+    return 0;
+  }
+}
+var LOCALHOST_PATTERNS, FETCH_TIMEOUT_MS, PUSH_BATCH_SIZE, ROSTER_LOCK_PATH, LOCK_STALE_MS, _pgPromise, _pgFailed, CLOUD_REUPLOAD_REQUIRED_MESSAGE, ROSTER_DELETIONS_PATH, CODE_CONTEXT_DIR;
 var init_cloud_sync = __esm({
   "src/lib/cloud-sync.ts"() {
     "use strict";
@@ -5788,6 +5921,7 @@ var init_cloud_sync = __esm({
     _pgFailed = false;
     CLOUD_REUPLOAD_REQUIRED_MESSAGE = "Cloud sync is blocked because this device rotated its memory encryption key. Run `exe-os cloud reupload` first to re-upload the cloud backup with the new key.";
     ROSTER_DELETIONS_PATH = path10.join(EXE_AI_DIR, "roster-deletions.json");
+    CODE_CONTEXT_DIR = path10.join(EXE_AI_DIR, "code-context");
   }
 });
 
@@ -7862,6 +7996,7 @@ import { fileURLToPath } from "url";
 function isMainModule(importMetaUrl) {
   if (process.argv[1] == null) return false;
   if (process.argv[1].includes("mcp/server")) return false;
+  if (process.argv[1].includes("exe-daemon")) return false;
   try {
     const scriptPath = realpathSync(process.argv[1]);
     const modulePath = realpathSync(fileURLToPath(importMetaUrl));

package/dist/bin/exe-dispatch.js

@@ -712,7 +712,7 @@ function readQueue() {
 function writeQueue(queue) {
   ensureDir();
   const tmp = `${QUEUE_PATH}.tmp`;
-  writeFileSync3(tmp, JSON.stringify(queue, null, 2));
+  writeFileSync3(tmp, JSON.stringify(queue, null, 2), { mode: 384 });
   renameSync2(tmp, QUEUE_PATH);
 }
 function queueIntercom(targetSession, reason) {
@@ -2291,6 +2291,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -2332,6 +2333,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;

package/dist/bin/exe-doctor.js

@@ -2745,6 +2745,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient as createClient2 } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -2786,6 +2787,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;
@@ -5915,6 +5926,7 @@ import { fileURLToPath } from "url";
 function isMainModule(importMetaUrl) {
   if (process.argv[1] == null) return false;
   if (process.argv[1].includes("mcp/server")) return false;
+  if (process.argv[1].includes("exe-daemon")) return false;
   try {
     const scriptPath = realpathSync(process.argv[1]);
     const modulePath = realpathSync(fileURLToPath(importMetaUrl));

package/dist/bin/exe-export-behaviors.js

@@ -1778,6 +1778,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -1819,6 +1820,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;

package/dist/bin/exe-forget.js

@@ -1702,6 +1702,7 @@ __export(database_exports, {
   isInitialized: () => isInitialized,
   setExternalClient: () => setExternalClient
 });
+import { chmodSync as chmodSync2 } from "fs";
 import { createClient } from "@libsql/client";
 async function initDatabase(config) {
   if (_walCheckpointTimer) {
@@ -1743,6 +1744,16 @@ async function initDatabase(config) {
   if (process.env.DATABASE_URL && process.env.EXE_USE_POSTGRES === "1") {
     _adapterClient = await createPrismaDbAdapter(_resilientClient);
   }
+  try {
+    chmodSync2(config.dbPath, 384);
+    for (const suffix of ["-wal", "-shm"]) {
+      try {
+        chmodSync2(config.dbPath + suffix, 384);
+      } catch {
+      }
+    }
+  } catch {
+  }
 }
 function isInitialized() {
   return _adapterClient !== null || _client !== null;
@@ -5782,6 +5793,7 @@ import { fileURLToPath as fileURLToPath2 } from "url";
 function isMainModule(importMetaUrl) {
   if (process.argv[1] == null) return false;
   if (process.argv[1].includes("mcp/server")) return false;
+  if (process.argv[1].includes("exe-daemon")) return false;
   try {
     const scriptPath = realpathSync(process.argv[1]);
     const modulePath = realpathSync(fileURLToPath2(importMetaUrl));