@askexenow/exe-os 0.9.98 → 0.9.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/agentic-ontology-backfill.js +7 -0
- package/dist/bin/agentic-reflection-backfill.js +7 -0
- package/dist/bin/agentic-semantic-label.js +7 -0
- package/dist/bin/backfill-conversations.js +7 -0
- package/dist/bin/backfill-responses.js +7 -0
- package/dist/bin/backfill-vectors.js +7 -0
- package/dist/bin/bulk-sync-postgres.js +7 -0
- package/dist/bin/cleanup-stale-review-tasks.js +7 -0
- package/dist/bin/cli.js +7 -0
- package/dist/bin/exe-agent.js +7 -0
- package/dist/bin/exe-assign.js +7 -0
- package/dist/bin/exe-boot.js +7 -0
- package/dist/bin/exe-call.js +7 -0
- package/dist/bin/exe-cloud.js +7 -0
- package/dist/bin/exe-dispatch.js +7 -0
- package/dist/bin/exe-doctor.js +7 -0
- package/dist/bin/exe-export-behaviors.js +7 -0
- package/dist/bin/exe-forget.js +7 -0
- package/dist/bin/exe-gateway.js +7 -0
- package/dist/bin/exe-heartbeat.js +7 -0
- package/dist/bin/exe-kill.js +7 -0
- package/dist/bin/exe-launch-agent.js +7 -0
- package/dist/bin/exe-new-employee.js +7 -0
- package/dist/bin/exe-pending-messages.js +7 -0
- package/dist/bin/exe-pending-notifications.js +7 -0
- package/dist/bin/exe-pending-reviews.js +7 -0
- package/dist/bin/exe-rename.js +7 -0
- package/dist/bin/exe-review.js +7 -0
- package/dist/bin/exe-search.js +7 -0
- package/dist/bin/exe-session-cleanup.js +7 -0
- package/dist/bin/exe-start-codex.js +7 -0
- package/dist/bin/exe-start-opencode.js +7 -0
- package/dist/bin/exe-status.js +7 -0
- package/dist/bin/exe-team.js +7 -0
- package/dist/bin/git-sweep.js +7 -0
- package/dist/bin/graph-backfill.js +7 -0
- package/dist/bin/graph-export.js +7 -0
- package/dist/bin/intercom-check.js +7 -0
- package/dist/bin/scan-tasks.js +7 -0
- package/dist/bin/setup.js +7 -0
- package/dist/bin/shard-migrate.js +7 -0
- package/dist/gateway/index.js +7 -0
- package/dist/hooks/bug-report-worker.js +7 -0
- package/dist/hooks/codex-stop-task-finalizer.js +7 -0
- package/dist/hooks/commit-complete.js +7 -0
- package/dist/hooks/error-recall.js +7 -0
- package/dist/hooks/ingest.js +7 -0
- package/dist/hooks/instructions-loaded.js +7 -0
- package/dist/hooks/notification.js +7 -0
- package/dist/hooks/post-compact.js +7 -0
- package/dist/hooks/post-tool-combined.js +7 -0
- package/dist/hooks/pre-compact.js +7 -0
- package/dist/hooks/pre-tool-use.js +7 -0
- package/dist/hooks/prompt-submit.js +7 -0
- package/dist/hooks/session-end.js +7 -0
- package/dist/hooks/session-start.js +7 -0
- package/dist/hooks/stop.js +7 -0
- package/dist/hooks/subagent-stop.js +7 -0
- package/dist/hooks/summary-worker.js +7 -0
- package/dist/index.js +7 -0
- package/dist/lib/employee-templates.js +7 -0
- package/dist/lib/exe-daemon.js +7 -0
- package/dist/lib/hybrid-search.js +7 -0
- package/dist/lib/schedules.js +7 -0
- package/dist/lib/store.js +7 -0
- package/dist/mcp/server.js +7 -0
- package/dist/runtime/index.js +7 -0
- package/dist/tui/App.js +7 -0
- package/package.json +1 -1
|
@@ -3516,6 +3516,13 @@ var init_platform_procedures = __esm({
|
|
|
3516
3516
|
priority: "p0",
|
|
3517
3517
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3518
3518
|
},
|
|
3519
|
+
// --- Encryption key + cloud sync ---
|
|
3520
|
+
{
|
|
3521
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3522
|
+
domain: "security",
|
|
3523
|
+
priority: "p0",
|
|
3524
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3525
|
+
},
|
|
3519
3526
|
// --- MCP is the ONLY data interface ---
|
|
3520
3527
|
{
|
|
3521
3528
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3516,6 +3516,13 @@ var init_platform_procedures = __esm({
|
|
|
3516
3516
|
priority: "p0",
|
|
3517
3517
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3518
3518
|
},
|
|
3519
|
+
// --- Encryption key + cloud sync ---
|
|
3520
|
+
{
|
|
3521
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3522
|
+
domain: "security",
|
|
3523
|
+
priority: "p0",
|
|
3524
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3525
|
+
},
|
|
3519
3526
|
// --- MCP is the ONLY data interface ---
|
|
3520
3527
|
{
|
|
3521
3528
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3516,6 +3516,13 @@ var init_platform_procedures = __esm({
|
|
|
3516
3516
|
priority: "p0",
|
|
3517
3517
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3518
3518
|
},
|
|
3519
|
+
// --- Encryption key + cloud sync ---
|
|
3520
|
+
{
|
|
3521
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3522
|
+
domain: "security",
|
|
3523
|
+
priority: "p0",
|
|
3524
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3525
|
+
},
|
|
3519
3526
|
// --- MCP is the ONLY data interface ---
|
|
3520
3527
|
{
|
|
3521
3528
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3656,6 +3656,13 @@ var init_platform_procedures = __esm({
|
|
|
3656
3656
|
priority: "p0",
|
|
3657
3657
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3658
3658
|
},
|
|
3659
|
+
// --- Encryption key + cloud sync ---
|
|
3660
|
+
{
|
|
3661
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3662
|
+
domain: "security",
|
|
3663
|
+
priority: "p0",
|
|
3664
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3665
|
+
},
|
|
3659
3666
|
// --- MCP is the ONLY data interface ---
|
|
3660
3667
|
{
|
|
3661
3668
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3656,6 +3656,13 @@ var init_platform_procedures = __esm({
|
|
|
3656
3656
|
priority: "p0",
|
|
3657
3657
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3658
3658
|
},
|
|
3659
|
+
// --- Encryption key + cloud sync ---
|
|
3660
|
+
{
|
|
3661
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3662
|
+
domain: "security",
|
|
3663
|
+
priority: "p0",
|
|
3664
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3665
|
+
},
|
|
3659
3666
|
// --- MCP is the ONLY data interface ---
|
|
3660
3667
|
{
|
|
3661
3668
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3652,6 +3652,13 @@ var init_platform_procedures = __esm({
|
|
|
3652
3652
|
priority: "p0",
|
|
3653
3653
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3654
3654
|
},
|
|
3655
|
+
// --- Encryption key + cloud sync ---
|
|
3656
|
+
{
|
|
3657
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3658
|
+
domain: "security",
|
|
3659
|
+
priority: "p0",
|
|
3660
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3661
|
+
},
|
|
3655
3662
|
// --- MCP is the ONLY data interface ---
|
|
3656
3663
|
{
|
|
3657
3664
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3824,6 +3824,13 @@ var init_platform_procedures = __esm({
|
|
|
3824
3824
|
priority: "p0",
|
|
3825
3825
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3826
3826
|
},
|
|
3827
|
+
// --- Encryption key + cloud sync ---
|
|
3828
|
+
{
|
|
3829
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3830
|
+
domain: "security",
|
|
3831
|
+
priority: "p0",
|
|
3832
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3833
|
+
},
|
|
3827
3834
|
// --- MCP is the ONLY data interface ---
|
|
3828
3835
|
{
|
|
3829
3836
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4299,6 +4299,13 @@ var init_platform_procedures = __esm({
|
|
|
4299
4299
|
priority: "p0",
|
|
4300
4300
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4301
4301
|
},
|
|
4302
|
+
// --- Encryption key + cloud sync ---
|
|
4303
|
+
{
|
|
4304
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4305
|
+
domain: "security",
|
|
4306
|
+
priority: "p0",
|
|
4307
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4308
|
+
},
|
|
4302
4309
|
// --- MCP is the ONLY data interface ---
|
|
4303
4310
|
{
|
|
4304
4311
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/cli.js
CHANGED
|
@@ -8986,6 +8986,13 @@ var init_platform_procedures = __esm({
|
|
|
8986
8986
|
priority: "p0",
|
|
8987
8987
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8988
8988
|
},
|
|
8989
|
+
// --- Encryption key + cloud sync ---
|
|
8990
|
+
{
|
|
8991
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8992
|
+
domain: "security",
|
|
8993
|
+
priority: "p0",
|
|
8994
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8995
|
+
},
|
|
8989
8996
|
// --- MCP is the ONLY data interface ---
|
|
8990
8997
|
{
|
|
8991
8998
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-agent.js
CHANGED
|
@@ -1493,6 +1493,13 @@ var PLATFORM_PROCEDURES = [
|
|
|
1493
1493
|
priority: "p0",
|
|
1494
1494
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
1495
1495
|
},
|
|
1496
|
+
// --- Encryption key + cloud sync ---
|
|
1497
|
+
{
|
|
1498
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
1499
|
+
domain: "security",
|
|
1500
|
+
priority: "p0",
|
|
1501
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
1502
|
+
},
|
|
1496
1503
|
// --- MCP is the ONLY data interface ---
|
|
1497
1504
|
{
|
|
1498
1505
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-assign.js
CHANGED
|
@@ -3666,6 +3666,13 @@ var init_platform_procedures = __esm({
|
|
|
3666
3666
|
priority: "p0",
|
|
3667
3667
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3668
3668
|
},
|
|
3669
|
+
// --- Encryption key + cloud sync ---
|
|
3670
|
+
{
|
|
3671
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3672
|
+
domain: "security",
|
|
3673
|
+
priority: "p0",
|
|
3674
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3675
|
+
},
|
|
3669
3676
|
// --- MCP is the ONLY data interface ---
|
|
3670
3677
|
{
|
|
3671
3678
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-boot.js
CHANGED
|
@@ -3403,6 +3403,13 @@ var init_platform_procedures = __esm({
|
|
|
3403
3403
|
priority: "p0",
|
|
3404
3404
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3405
3405
|
},
|
|
3406
|
+
// --- Encryption key + cloud sync ---
|
|
3407
|
+
{
|
|
3408
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3409
|
+
domain: "security",
|
|
3410
|
+
priority: "p0",
|
|
3411
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3412
|
+
},
|
|
3406
3413
|
// --- MCP is the ONLY data interface ---
|
|
3407
3414
|
{
|
|
3408
3415
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-call.js
CHANGED
|
@@ -431,6 +431,13 @@ var init_platform_procedures = __esm({
|
|
|
431
431
|
priority: "p0",
|
|
432
432
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
433
433
|
},
|
|
434
|
+
// --- Encryption key + cloud sync ---
|
|
435
|
+
{
|
|
436
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
437
|
+
domain: "security",
|
|
438
|
+
priority: "p0",
|
|
439
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
440
|
+
},
|
|
434
441
|
// --- MCP is the ONLY data interface ---
|
|
435
442
|
{
|
|
436
443
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-cloud.js
CHANGED
|
@@ -6795,6 +6795,13 @@ var init_platform_procedures = __esm({
|
|
|
6795
6795
|
priority: "p0",
|
|
6796
6796
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
6797
6797
|
},
|
|
6798
|
+
// --- Encryption key + cloud sync ---
|
|
6799
|
+
{
|
|
6800
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
6801
|
+
domain: "security",
|
|
6802
|
+
priority: "p0",
|
|
6803
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
6804
|
+
},
|
|
6798
6805
|
// --- MCP is the ONLY data interface ---
|
|
6799
6806
|
{
|
|
6800
6807
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-dispatch.js
CHANGED
|
@@ -8106,6 +8106,13 @@ var init_platform_procedures = __esm({
|
|
|
8106
8106
|
priority: "p0",
|
|
8107
8107
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8108
8108
|
},
|
|
8109
|
+
// --- Encryption key + cloud sync ---
|
|
8110
|
+
{
|
|
8111
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8112
|
+
domain: "security",
|
|
8113
|
+
priority: "p0",
|
|
8114
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8115
|
+
},
|
|
8109
8116
|
// --- MCP is the ONLY data interface ---
|
|
8110
8117
|
{
|
|
8111
8118
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-doctor.js
CHANGED
|
@@ -4608,6 +4608,13 @@ var init_platform_procedures = __esm({
|
|
|
4608
4608
|
priority: "p0",
|
|
4609
4609
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4610
4610
|
},
|
|
4611
|
+
// --- Encryption key + cloud sync ---
|
|
4612
|
+
{
|
|
4613
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4614
|
+
domain: "security",
|
|
4615
|
+
priority: "p0",
|
|
4616
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4617
|
+
},
|
|
4611
4618
|
// --- MCP is the ONLY data interface ---
|
|
4612
4619
|
{
|
|
4613
4620
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4364,6 +4364,13 @@ var init_platform_procedures = __esm({
|
|
|
4364
4364
|
priority: "p0",
|
|
4365
4365
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4366
4366
|
},
|
|
4367
|
+
// --- Encryption key + cloud sync ---
|
|
4368
|
+
{
|
|
4369
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4370
|
+
domain: "security",
|
|
4371
|
+
priority: "p0",
|
|
4372
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4373
|
+
},
|
|
4367
4374
|
// --- MCP is the ONLY data interface ---
|
|
4368
4375
|
{
|
|
4369
4376
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-forget.js
CHANGED
|
@@ -4288,6 +4288,13 @@ var init_platform_procedures = __esm({
|
|
|
4288
4288
|
priority: "p0",
|
|
4289
4289
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4290
4290
|
},
|
|
4291
|
+
// --- Encryption key + cloud sync ---
|
|
4292
|
+
{
|
|
4293
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4294
|
+
domain: "security",
|
|
4295
|
+
priority: "p0",
|
|
4296
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4297
|
+
},
|
|
4291
4298
|
// --- MCP is the ONLY data interface ---
|
|
4292
4299
|
{
|
|
4293
4300
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-gateway.js
CHANGED
|
@@ -4972,6 +4972,13 @@ var init_platform_procedures = __esm({
|
|
|
4972
4972
|
priority: "p0",
|
|
4973
4973
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4974
4974
|
},
|
|
4975
|
+
// --- Encryption key + cloud sync ---
|
|
4976
|
+
{
|
|
4977
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4978
|
+
domain: "security",
|
|
4979
|
+
priority: "p0",
|
|
4980
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4981
|
+
},
|
|
4975
4982
|
// --- MCP is the ONLY data interface ---
|
|
4976
4983
|
{
|
|
4977
4984
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4327,6 +4327,13 @@ var init_platform_procedures = __esm({
|
|
|
4327
4327
|
priority: "p0",
|
|
4328
4328
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4329
4329
|
},
|
|
4330
|
+
// --- Encryption key + cloud sync ---
|
|
4331
|
+
{
|
|
4332
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4333
|
+
domain: "security",
|
|
4334
|
+
priority: "p0",
|
|
4335
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4336
|
+
},
|
|
4330
4337
|
// --- MCP is the ONLY data interface ---
|
|
4331
4338
|
{
|
|
4332
4339
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-kill.js
CHANGED
|
@@ -4288,6 +4288,13 @@ var init_platform_procedures = __esm({
|
|
|
4288
4288
|
priority: "p0",
|
|
4289
4289
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4290
4290
|
},
|
|
4291
|
+
// --- Encryption key + cloud sync ---
|
|
4292
|
+
{
|
|
4293
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4294
|
+
domain: "security",
|
|
4295
|
+
priority: "p0",
|
|
4296
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4297
|
+
},
|
|
4291
4298
|
// --- MCP is the ONLY data interface ---
|
|
4292
4299
|
{
|
|
4293
4300
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4386,6 +4386,13 @@ var init_platform_procedures = __esm({
|
|
|
4386
4386
|
priority: "p0",
|
|
4387
4387
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4388
4388
|
},
|
|
4389
|
+
// --- Encryption key + cloud sync ---
|
|
4390
|
+
{
|
|
4391
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4392
|
+
domain: "security",
|
|
4393
|
+
priority: "p0",
|
|
4394
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4395
|
+
},
|
|
4389
4396
|
// --- MCP is the ONLY data interface ---
|
|
4390
4397
|
{
|
|
4391
4398
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -2808,6 +2808,13 @@ var PLATFORM_PROCEDURES = [
|
|
|
2808
2808
|
priority: "p0",
|
|
2809
2809
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
2810
2810
|
},
|
|
2811
|
+
// --- Encryption key + cloud sync ---
|
|
2812
|
+
{
|
|
2813
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
2814
|
+
domain: "security",
|
|
2815
|
+
priority: "p0",
|
|
2816
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
2817
|
+
},
|
|
2811
2818
|
// --- MCP is the ONLY data interface ---
|
|
2812
2819
|
{
|
|
2813
2820
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4767,6 +4767,13 @@ var init_platform_procedures = __esm({
|
|
|
4767
4767
|
priority: "p0",
|
|
4768
4768
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4769
4769
|
},
|
|
4770
|
+
// --- Encryption key + cloud sync ---
|
|
4771
|
+
{
|
|
4772
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4773
|
+
domain: "security",
|
|
4774
|
+
priority: "p0",
|
|
4775
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4776
|
+
},
|
|
4770
4777
|
// --- MCP is the ONLY data interface ---
|
|
4771
4778
|
{
|
|
4772
4779
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4833,6 +4833,13 @@ var init_platform_procedures = __esm({
|
|
|
4833
4833
|
priority: "p0",
|
|
4834
4834
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4835
4835
|
},
|
|
4836
|
+
// --- Encryption key + cloud sync ---
|
|
4837
|
+
{
|
|
4838
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4839
|
+
domain: "security",
|
|
4840
|
+
priority: "p0",
|
|
4841
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4842
|
+
},
|
|
4836
4843
|
// --- MCP is the ONLY data interface ---
|
|
4837
4844
|
{
|
|
4838
4845
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4872,6 +4872,13 @@ var init_platform_procedures = __esm({
|
|
|
4872
4872
|
priority: "p0",
|
|
4873
4873
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4874
4874
|
},
|
|
4875
|
+
// --- Encryption key + cloud sync ---
|
|
4876
|
+
{
|
|
4877
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4878
|
+
domain: "security",
|
|
4879
|
+
priority: "p0",
|
|
4880
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4881
|
+
},
|
|
4875
4882
|
// --- MCP is the ONLY data interface ---
|
|
4876
4883
|
{
|
|
4877
4884
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-rename.js
CHANGED
|
@@ -3171,6 +3171,13 @@ var init_platform_procedures = __esm({
|
|
|
3171
3171
|
priority: "p0",
|
|
3172
3172
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3173
3173
|
},
|
|
3174
|
+
// --- Encryption key + cloud sync ---
|
|
3175
|
+
{
|
|
3176
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3177
|
+
domain: "security",
|
|
3178
|
+
priority: "p0",
|
|
3179
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3180
|
+
},
|
|
3174
3181
|
// --- MCP is the ONLY data interface ---
|
|
3175
3182
|
{
|
|
3176
3183
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-review.js
CHANGED
|
@@ -4302,6 +4302,13 @@ var init_platform_procedures = __esm({
|
|
|
4302
4302
|
priority: "p0",
|
|
4303
4303
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4304
4304
|
},
|
|
4305
|
+
// --- Encryption key + cloud sync ---
|
|
4306
|
+
{
|
|
4307
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4308
|
+
domain: "security",
|
|
4309
|
+
priority: "p0",
|
|
4310
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4311
|
+
},
|
|
4305
4312
|
// --- MCP is the ONLY data interface ---
|
|
4306
4313
|
{
|
|
4307
4314
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-search.js
CHANGED
|
@@ -4287,6 +4287,13 @@ var init_platform_procedures = __esm({
|
|
|
4287
4287
|
priority: "p0",
|
|
4288
4288
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4289
4289
|
},
|
|
4290
|
+
// --- Encryption key + cloud sync ---
|
|
4291
|
+
{
|
|
4292
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4293
|
+
domain: "security",
|
|
4294
|
+
priority: "p0",
|
|
4295
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4296
|
+
},
|
|
4290
4297
|
// --- MCP is the ONLY data interface ---
|
|
4291
4298
|
{
|
|
4292
4299
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4331,6 +4331,13 @@ var init_platform_procedures = __esm({
|
|
|
4331
4331
|
priority: "p0",
|
|
4332
4332
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4333
4333
|
},
|
|
4334
|
+
// --- Encryption key + cloud sync ---
|
|
4335
|
+
{
|
|
4336
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4337
|
+
domain: "security",
|
|
4338
|
+
priority: "p0",
|
|
4339
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4340
|
+
},
|
|
4334
4341
|
// --- MCP is the ONLY data interface ---
|
|
4335
4342
|
{
|
|
4336
4343
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3603,6 +3603,13 @@ var init_platform_procedures = __esm({
|
|
|
3603
3603
|
priority: "p0",
|
|
3604
3604
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3605
3605
|
},
|
|
3606
|
+
// --- Encryption key + cloud sync ---
|
|
3607
|
+
{
|
|
3608
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3609
|
+
domain: "security",
|
|
3610
|
+
priority: "p0",
|
|
3611
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3612
|
+
},
|
|
3606
3613
|
// --- MCP is the ONLY data interface ---
|
|
3607
3614
|
{
|
|
3608
3615
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3603,6 +3603,13 @@ var init_platform_procedures = __esm({
|
|
|
3603
3603
|
priority: "p0",
|
|
3604
3604
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3605
3605
|
},
|
|
3606
|
+
// --- Encryption key + cloud sync ---
|
|
3607
|
+
{
|
|
3608
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3609
|
+
domain: "security",
|
|
3610
|
+
priority: "p0",
|
|
3611
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3612
|
+
},
|
|
3606
3613
|
// --- MCP is the ONLY data interface ---
|
|
3607
3614
|
{
|
|
3608
3615
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-status.js
CHANGED
|
@@ -4310,6 +4310,13 @@ var init_platform_procedures = __esm({
|
|
|
4310
4310
|
priority: "p0",
|
|
4311
4311
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4312
4312
|
},
|
|
4313
|
+
// --- Encryption key + cloud sync ---
|
|
4314
|
+
{
|
|
4315
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4316
|
+
domain: "security",
|
|
4317
|
+
priority: "p0",
|
|
4318
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4319
|
+
},
|
|
4313
4320
|
// --- MCP is the ONLY data interface ---
|
|
4314
4321
|
{
|
|
4315
4322
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/exe-team.js
CHANGED
|
@@ -4299,6 +4299,13 @@ var init_platform_procedures = __esm({
|
|
|
4299
4299
|
priority: "p0",
|
|
4300
4300
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4301
4301
|
},
|
|
4302
|
+
// --- Encryption key + cloud sync ---
|
|
4303
|
+
{
|
|
4304
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4305
|
+
domain: "security",
|
|
4306
|
+
priority: "p0",
|
|
4307
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4308
|
+
},
|
|
4302
4309
|
// --- MCP is the ONLY data interface ---
|
|
4303
4310
|
{
|
|
4304
4311
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/git-sweep.js
CHANGED
|
@@ -8056,6 +8056,13 @@ var init_platform_procedures = __esm({
|
|
|
8056
8056
|
priority: "p0",
|
|
8057
8057
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8058
8058
|
},
|
|
8059
|
+
// --- Encryption key + cloud sync ---
|
|
8060
|
+
{
|
|
8061
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8062
|
+
domain: "security",
|
|
8063
|
+
priority: "p0",
|
|
8064
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8065
|
+
},
|
|
8059
8066
|
// --- MCP is the ONLY data interface ---
|
|
8060
8067
|
{
|
|
8061
8068
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3516,6 +3516,13 @@ var init_platform_procedures = __esm({
|
|
|
3516
3516
|
priority: "p0",
|
|
3517
3517
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3518
3518
|
},
|
|
3519
|
+
// --- Encryption key + cloud sync ---
|
|
3520
|
+
{
|
|
3521
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3522
|
+
domain: "security",
|
|
3523
|
+
priority: "p0",
|
|
3524
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3525
|
+
},
|
|
3519
3526
|
// --- MCP is the ONLY data interface ---
|
|
3520
3527
|
{
|
|
3521
3528
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|