@askexenow/exe-os 0.9.98 → 0.9.100

package/dist/hooks/summary-worker.js

@@ -3587,20 +3587,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
@@ -4334,6 +4353,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/index.js

@@ -8403,6 +8403,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/cloud-sync.js

@@ -3480,20 +3480,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"

package/dist/lib/employee-templates.js

@@ -337,6 +337,13 @@ var PLATFORM_PROCEDURES = [
     priority: "p0",
     content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
   },
+  // --- Encryption key + cloud sync ---
+  {
+    title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+    domain: "security",
+    priority: "p0",
+    content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+  },
   // --- MCP is the ONLY data interface ---
   {
     title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/exe-daemon.js

@@ -5637,20 +5637,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
@@ -5969,6 +5988,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/hybrid-search.js

@@ -4286,6 +4286,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/keychain.js

@@ -399,20 +399,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"

package/dist/lib/schedules.js

@@ -3515,6 +3515,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/store.js

@@ -3515,6 +3515,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/mcp/server.js

@@ -3994,20 +3994,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
@@ -4935,6 +4954,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/runtime/index.js

@@ -8163,6 +8163,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/tui/App.js

@@ -9134,6 +9134,13 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
       },
+      // --- Encryption key + cloud sync ---
+      {
+        title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
+        domain: "security",
+        priority: "p0",
+        content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",
@@ -11326,20 +11333,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.98",
+  "version": "0.9.100",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/src/commands/exe/setup.md

@@ -68,7 +68,7 @@ Use AskUserQuestion to ask for their Exe Cloud API key (exe_sk_...).
 
 Validate the key:
 ```bash
-curl -s "https://askexe.com/cloud/auth/verify" \
+curl -s "https://cloud.askexe.com/auth/verify" \
   -H "Authorization: Bearer USER_API_KEY" | cat
 ```