@askexenow/exe-os 0.9.98 → 0.9.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/agentic-ontology-backfill.js +7 -0
- package/dist/bin/agentic-reflection-backfill.js +7 -0
- package/dist/bin/agentic-semantic-label.js +7 -0
- package/dist/bin/backfill-conversations.js +7 -0
- package/dist/bin/backfill-responses.js +7 -0
- package/dist/bin/backfill-vectors.js +7 -0
- package/dist/bin/bulk-sync-postgres.js +7 -0
- package/dist/bin/cleanup-stale-review-tasks.js +7 -0
- package/dist/bin/cli.js +7 -0
- package/dist/bin/exe-agent.js +7 -0
- package/dist/bin/exe-assign.js +7 -0
- package/dist/bin/exe-boot.js +7 -0
- package/dist/bin/exe-call.js +7 -0
- package/dist/bin/exe-cloud.js +7 -0
- package/dist/bin/exe-dispatch.js +7 -0
- package/dist/bin/exe-doctor.js +7 -0
- package/dist/bin/exe-export-behaviors.js +7 -0
- package/dist/bin/exe-forget.js +7 -0
- package/dist/bin/exe-gateway.js +7 -0
- package/dist/bin/exe-heartbeat.js +7 -0
- package/dist/bin/exe-kill.js +7 -0
- package/dist/bin/exe-launch-agent.js +7 -0
- package/dist/bin/exe-new-employee.js +7 -0
- package/dist/bin/exe-pending-messages.js +7 -0
- package/dist/bin/exe-pending-notifications.js +7 -0
- package/dist/bin/exe-pending-reviews.js +7 -0
- package/dist/bin/exe-rename.js +7 -0
- package/dist/bin/exe-review.js +7 -0
- package/dist/bin/exe-search.js +7 -0
- package/dist/bin/exe-session-cleanup.js +7 -0
- package/dist/bin/exe-start-codex.js +7 -0
- package/dist/bin/exe-start-opencode.js +7 -0
- package/dist/bin/exe-status.js +7 -0
- package/dist/bin/exe-team.js +7 -0
- package/dist/bin/git-sweep.js +7 -0
- package/dist/bin/graph-backfill.js +7 -0
- package/dist/bin/graph-export.js +7 -0
- package/dist/bin/intercom-check.js +7 -0
- package/dist/bin/scan-tasks.js +7 -0
- package/dist/bin/setup.js +7 -0
- package/dist/bin/shard-migrate.js +7 -0
- package/dist/gateway/index.js +7 -0
- package/dist/hooks/bug-report-worker.js +7 -0
- package/dist/hooks/codex-stop-task-finalizer.js +7 -0
- package/dist/hooks/commit-complete.js +7 -0
- package/dist/hooks/error-recall.js +7 -0
- package/dist/hooks/ingest.js +7 -0
- package/dist/hooks/instructions-loaded.js +7 -0
- package/dist/hooks/notification.js +7 -0
- package/dist/hooks/post-compact.js +7 -0
- package/dist/hooks/post-tool-combined.js +7 -0
- package/dist/hooks/pre-compact.js +7 -0
- package/dist/hooks/pre-tool-use.js +7 -0
- package/dist/hooks/prompt-submit.js +7 -0
- package/dist/hooks/session-end.js +7 -0
- package/dist/hooks/session-start.js +7 -0
- package/dist/hooks/stop.js +7 -0
- package/dist/hooks/subagent-stop.js +7 -0
- package/dist/hooks/summary-worker.js +7 -0
- package/dist/index.js +7 -0
- package/dist/lib/employee-templates.js +7 -0
- package/dist/lib/exe-daemon.js +7 -0
- package/dist/lib/hybrid-search.js +7 -0
- package/dist/lib/schedules.js +7 -0
- package/dist/lib/store.js +7 -0
- package/dist/mcp/server.js +7 -0
- package/dist/runtime/index.js +7 -0
- package/dist/tui/App.js +7 -0
- package/package.json +1 -1
package/dist/bin/graph-export.js
CHANGED
|
@@ -4288,6 +4288,13 @@ var init_platform_procedures = __esm({
|
|
|
4288
4288
|
priority: "p0",
|
|
4289
4289
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4290
4290
|
},
|
|
4291
|
+
// --- Encryption key + cloud sync ---
|
|
4292
|
+
{
|
|
4293
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4294
|
+
domain: "security",
|
|
4295
|
+
priority: "p0",
|
|
4296
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4297
|
+
},
|
|
4291
4298
|
// --- MCP is the ONLY data interface ---
|
|
4292
4299
|
{
|
|
4293
4300
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4397,6 +4397,13 @@ var init_platform_procedures = __esm({
|
|
|
4397
4397
|
priority: "p0",
|
|
4398
4398
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4399
4399
|
},
|
|
4400
|
+
// --- Encryption key + cloud sync ---
|
|
4401
|
+
{
|
|
4402
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4403
|
+
domain: "security",
|
|
4404
|
+
priority: "p0",
|
|
4405
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4406
|
+
},
|
|
4400
4407
|
// --- MCP is the ONLY data interface ---
|
|
4401
4408
|
{
|
|
4402
4409
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/scan-tasks.js
CHANGED
|
@@ -8127,6 +8127,13 @@ var init_platform_procedures = __esm({
|
|
|
8127
8127
|
priority: "p0",
|
|
8128
8128
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8129
8129
|
},
|
|
8130
|
+
// --- Encryption key + cloud sync ---
|
|
8131
|
+
{
|
|
8132
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8133
|
+
domain: "security",
|
|
8134
|
+
priority: "p0",
|
|
8135
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8136
|
+
},
|
|
8130
8137
|
// --- MCP is the ONLY data interface ---
|
|
8131
8138
|
{
|
|
8132
8139
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/bin/setup.js
CHANGED
|
@@ -6698,6 +6698,13 @@ var init_platform_procedures = __esm({
|
|
|
6698
6698
|
priority: "p0",
|
|
6699
6699
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
6700
6700
|
},
|
|
6701
|
+
// --- Encryption key + cloud sync ---
|
|
6702
|
+
{
|
|
6703
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
6704
|
+
domain: "security",
|
|
6705
|
+
priority: "p0",
|
|
6706
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
6707
|
+
},
|
|
6701
6708
|
// --- MCP is the ONLY data interface ---
|
|
6702
6709
|
{
|
|
6703
6710
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -3516,6 +3516,13 @@ var init_platform_procedures = __esm({
|
|
|
3516
3516
|
priority: "p0",
|
|
3517
3517
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3518
3518
|
},
|
|
3519
|
+
// --- Encryption key + cloud sync ---
|
|
3520
|
+
{
|
|
3521
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3522
|
+
domain: "security",
|
|
3523
|
+
priority: "p0",
|
|
3524
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3525
|
+
},
|
|
3519
3526
|
// --- MCP is the ONLY data interface ---
|
|
3520
3527
|
{
|
|
3521
3528
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/gateway/index.js
CHANGED
|
@@ -4956,6 +4956,13 @@ var init_platform_procedures = __esm({
|
|
|
4956
4956
|
priority: "p0",
|
|
4957
4957
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4958
4958
|
},
|
|
4959
|
+
// --- Encryption key + cloud sync ---
|
|
4960
|
+
{
|
|
4961
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4962
|
+
domain: "security",
|
|
4963
|
+
priority: "p0",
|
|
4964
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4965
|
+
},
|
|
4959
4966
|
// --- MCP is the ONLY data interface ---
|
|
4960
4967
|
{
|
|
4961
4968
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4698,6 +4698,13 @@ var init_platform_procedures = __esm({
|
|
|
4698
4698
|
priority: "p0",
|
|
4699
4699
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4700
4700
|
},
|
|
4701
|
+
// --- Encryption key + cloud sync ---
|
|
4702
|
+
{
|
|
4703
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4704
|
+
domain: "security",
|
|
4705
|
+
priority: "p0",
|
|
4706
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4707
|
+
},
|
|
4701
4708
|
// --- MCP is the ONLY data interface ---
|
|
4702
4709
|
{
|
|
4703
4710
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4381,6 +4381,13 @@ var init_platform_procedures = __esm({
|
|
|
4381
4381
|
priority: "p0",
|
|
4382
4382
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4383
4383
|
},
|
|
4384
|
+
// --- Encryption key + cloud sync ---
|
|
4385
|
+
{
|
|
4386
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4387
|
+
domain: "security",
|
|
4388
|
+
priority: "p0",
|
|
4389
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4390
|
+
},
|
|
4384
4391
|
// --- MCP is the ONLY data interface ---
|
|
4385
4392
|
{
|
|
4386
4393
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -8121,6 +8121,13 @@ var init_platform_procedures = __esm({
|
|
|
8121
8121
|
priority: "p0",
|
|
8122
8122
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8123
8123
|
},
|
|
8124
|
+
// --- Encryption key + cloud sync ---
|
|
8125
|
+
{
|
|
8126
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8127
|
+
domain: "security",
|
|
8128
|
+
priority: "p0",
|
|
8129
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8130
|
+
},
|
|
8124
8131
|
// --- MCP is the ONLY data interface ---
|
|
8125
8132
|
{
|
|
8126
8133
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4289,6 +4289,13 @@ var init_platform_procedures = __esm({
|
|
|
4289
4289
|
priority: "p0",
|
|
4290
4290
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4291
4291
|
},
|
|
4292
|
+
// --- Encryption key + cloud sync ---
|
|
4293
|
+
{
|
|
4294
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4295
|
+
domain: "security",
|
|
4296
|
+
priority: "p0",
|
|
4297
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4298
|
+
},
|
|
4292
4299
|
// --- MCP is the ONLY data interface ---
|
|
4293
4300
|
{
|
|
4294
4301
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/hooks/ingest.js
CHANGED
|
@@ -4465,6 +4465,13 @@ var init_platform_procedures = __esm({
|
|
|
4465
4465
|
priority: "p0",
|
|
4466
4466
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4467
4467
|
},
|
|
4468
|
+
// --- Encryption key + cloud sync ---
|
|
4469
|
+
{
|
|
4470
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4471
|
+
domain: "security",
|
|
4472
|
+
priority: "p0",
|
|
4473
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4474
|
+
},
|
|
4468
4475
|
// --- MCP is the ONLY data interface ---
|
|
4469
4476
|
{
|
|
4470
4477
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4290,6 +4290,13 @@ var init_platform_procedures = __esm({
|
|
|
4290
4290
|
priority: "p0",
|
|
4291
4291
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4292
4292
|
},
|
|
4293
|
+
// --- Encryption key + cloud sync ---
|
|
4294
|
+
{
|
|
4295
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4296
|
+
domain: "security",
|
|
4297
|
+
priority: "p0",
|
|
4298
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4299
|
+
},
|
|
4293
4300
|
// --- MCP is the ONLY data interface ---
|
|
4294
4301
|
{
|
|
4295
4302
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4290,6 +4290,13 @@ var init_platform_procedures = __esm({
|
|
|
4290
4290
|
priority: "p0",
|
|
4291
4291
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4292
4292
|
},
|
|
4293
|
+
// --- Encryption key + cloud sync ---
|
|
4294
|
+
{
|
|
4295
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4296
|
+
domain: "security",
|
|
4297
|
+
priority: "p0",
|
|
4298
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4299
|
+
},
|
|
4293
4300
|
// --- MCP is the ONLY data interface ---
|
|
4294
4301
|
{
|
|
4295
4302
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4910,6 +4910,13 @@ var init_platform_procedures = __esm({
|
|
|
4910
4910
|
priority: "p0",
|
|
4911
4911
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4912
4912
|
},
|
|
4913
|
+
// --- Encryption key + cloud sync ---
|
|
4914
|
+
{
|
|
4915
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4916
|
+
domain: "security",
|
|
4917
|
+
priority: "p0",
|
|
4918
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4919
|
+
},
|
|
4913
4920
|
// --- MCP is the ONLY data interface ---
|
|
4914
4921
|
{
|
|
4915
4922
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4541,6 +4541,13 @@ var init_platform_procedures = __esm({
|
|
|
4541
4541
|
priority: "p0",
|
|
4542
4542
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4543
4543
|
},
|
|
4544
|
+
// --- Encryption key + cloud sync ---
|
|
4545
|
+
{
|
|
4546
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4547
|
+
domain: "security",
|
|
4548
|
+
priority: "p0",
|
|
4549
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4550
|
+
},
|
|
4544
4551
|
// --- MCP is the ONLY data interface ---
|
|
4545
4552
|
{
|
|
4546
4553
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -8105,6 +8105,13 @@ var init_platform_procedures = __esm({
|
|
|
8105
8105
|
priority: "p0",
|
|
8106
8106
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8107
8107
|
},
|
|
8108
|
+
// --- Encryption key + cloud sync ---
|
|
8109
|
+
{
|
|
8110
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8111
|
+
domain: "security",
|
|
8112
|
+
priority: "p0",
|
|
8113
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8114
|
+
},
|
|
8108
8115
|
// --- MCP is the ONLY data interface ---
|
|
8109
8116
|
{
|
|
8110
8117
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -5241,6 +5241,13 @@ var init_platform_procedures = __esm({
|
|
|
5241
5241
|
priority: "p0",
|
|
5242
5242
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
5243
5243
|
},
|
|
5244
|
+
// --- Encryption key + cloud sync ---
|
|
5245
|
+
{
|
|
5246
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
5247
|
+
domain: "security",
|
|
5248
|
+
priority: "p0",
|
|
5249
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
5250
|
+
},
|
|
5244
5251
|
// --- MCP is the ONLY data interface ---
|
|
5245
5252
|
{
|
|
5246
5253
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4698,6 +4698,13 @@ var init_platform_procedures = __esm({
|
|
|
4698
4698
|
priority: "p0",
|
|
4699
4699
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4700
4700
|
},
|
|
4701
|
+
// --- Encryption key + cloud sync ---
|
|
4702
|
+
{
|
|
4703
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4704
|
+
domain: "security",
|
|
4705
|
+
priority: "p0",
|
|
4706
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4707
|
+
},
|
|
4701
4708
|
// --- MCP is the ONLY data interface ---
|
|
4702
4709
|
{
|
|
4703
4710
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -8314,6 +8314,13 @@ var init_platform_procedures = __esm({
|
|
|
8314
8314
|
priority: "p0",
|
|
8315
8315
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8316
8316
|
},
|
|
8317
|
+
// --- Encryption key + cloud sync ---
|
|
8318
|
+
{
|
|
8319
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8320
|
+
domain: "security",
|
|
8321
|
+
priority: "p0",
|
|
8322
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8323
|
+
},
|
|
8317
8324
|
// --- MCP is the ONLY data interface ---
|
|
8318
8325
|
{
|
|
8319
8326
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4698,6 +4698,13 @@ var init_platform_procedures = __esm({
|
|
|
4698
4698
|
priority: "p0",
|
|
4699
4699
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4700
4700
|
},
|
|
4701
|
+
// --- Encryption key + cloud sync ---
|
|
4702
|
+
{
|
|
4703
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4704
|
+
domain: "security",
|
|
4705
|
+
priority: "p0",
|
|
4706
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4707
|
+
},
|
|
4701
4708
|
// --- MCP is the ONLY data interface ---
|
|
4702
4709
|
{
|
|
4703
4710
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/hooks/stop.js
CHANGED
|
@@ -4814,6 +4814,13 @@ var init_platform_procedures = __esm({
|
|
|
4814
4814
|
priority: "p0",
|
|
4815
4815
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4816
4816
|
},
|
|
4817
|
+
// --- Encryption key + cloud sync ---
|
|
4818
|
+
{
|
|
4819
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4820
|
+
domain: "security",
|
|
4821
|
+
priority: "p0",
|
|
4822
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4823
|
+
},
|
|
4817
4824
|
// --- MCP is the ONLY data interface ---
|
|
4818
4825
|
{
|
|
4819
4826
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4777,6 +4777,13 @@ var init_platform_procedures = __esm({
|
|
|
4777
4777
|
priority: "p0",
|
|
4778
4778
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4779
4779
|
},
|
|
4780
|
+
// --- Encryption key + cloud sync ---
|
|
4781
|
+
{
|
|
4782
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4783
|
+
domain: "security",
|
|
4784
|
+
priority: "p0",
|
|
4785
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4786
|
+
},
|
|
4780
4787
|
// --- MCP is the ONLY data interface ---
|
|
4781
4788
|
{
|
|
4782
4789
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4334,6 +4334,13 @@ var init_platform_procedures = __esm({
|
|
|
4334
4334
|
priority: "p0",
|
|
4335
4335
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4336
4336
|
},
|
|
4337
|
+
// --- Encryption key + cloud sync ---
|
|
4338
|
+
{
|
|
4339
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4340
|
+
domain: "security",
|
|
4341
|
+
priority: "p0",
|
|
4342
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4343
|
+
},
|
|
4337
4344
|
// --- MCP is the ONLY data interface ---
|
|
4338
4345
|
{
|
|
4339
4346
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/index.js
CHANGED
|
@@ -8403,6 +8403,13 @@ var init_platform_procedures = __esm({
|
|
|
8403
8403
|
priority: "p0",
|
|
8404
8404
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8405
8405
|
},
|
|
8406
|
+
// --- Encryption key + cloud sync ---
|
|
8407
|
+
{
|
|
8408
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8409
|
+
domain: "security",
|
|
8410
|
+
priority: "p0",
|
|
8411
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8412
|
+
},
|
|
8406
8413
|
// --- MCP is the ONLY data interface ---
|
|
8407
8414
|
{
|
|
8408
8415
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -337,6 +337,13 @@ var PLATFORM_PROCEDURES = [
|
|
|
337
337
|
priority: "p0",
|
|
338
338
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
339
339
|
},
|
|
340
|
+
// --- Encryption key + cloud sync ---
|
|
341
|
+
{
|
|
342
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
343
|
+
domain: "security",
|
|
344
|
+
priority: "p0",
|
|
345
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
346
|
+
},
|
|
340
347
|
// --- MCP is the ONLY data interface ---
|
|
341
348
|
{
|
|
342
349
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/lib/exe-daemon.js
CHANGED
|
@@ -5969,6 +5969,13 @@ var init_platform_procedures = __esm({
|
|
|
5969
5969
|
priority: "p0",
|
|
5970
5970
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
5971
5971
|
},
|
|
5972
|
+
// --- Encryption key + cloud sync ---
|
|
5973
|
+
{
|
|
5974
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
5975
|
+
domain: "security",
|
|
5976
|
+
priority: "p0",
|
|
5977
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
5978
|
+
},
|
|
5972
5979
|
// --- MCP is the ONLY data interface ---
|
|
5973
5980
|
{
|
|
5974
5981
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
|
@@ -4286,6 +4286,13 @@ var init_platform_procedures = __esm({
|
|
|
4286
4286
|
priority: "p0",
|
|
4287
4287
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4288
4288
|
},
|
|
4289
|
+
// --- Encryption key + cloud sync ---
|
|
4290
|
+
{
|
|
4291
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4292
|
+
domain: "security",
|
|
4293
|
+
priority: "p0",
|
|
4294
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4295
|
+
},
|
|
4289
4296
|
// --- MCP is the ONLY data interface ---
|
|
4290
4297
|
{
|
|
4291
4298
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/lib/schedules.js
CHANGED
|
@@ -3515,6 +3515,13 @@ var init_platform_procedures = __esm({
|
|
|
3515
3515
|
priority: "p0",
|
|
3516
3516
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3517
3517
|
},
|
|
3518
|
+
// --- Encryption key + cloud sync ---
|
|
3519
|
+
{
|
|
3520
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3521
|
+
domain: "security",
|
|
3522
|
+
priority: "p0",
|
|
3523
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3524
|
+
},
|
|
3518
3525
|
// --- MCP is the ONLY data interface ---
|
|
3519
3526
|
{
|
|
3520
3527
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/lib/store.js
CHANGED
|
@@ -3515,6 +3515,13 @@ var init_platform_procedures = __esm({
|
|
|
3515
3515
|
priority: "p0",
|
|
3516
3516
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
3517
3517
|
},
|
|
3518
|
+
// --- Encryption key + cloud sync ---
|
|
3519
|
+
{
|
|
3520
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
3521
|
+
domain: "security",
|
|
3522
|
+
priority: "p0",
|
|
3523
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
3524
|
+
},
|
|
3518
3525
|
// --- MCP is the ONLY data interface ---
|
|
3519
3526
|
{
|
|
3520
3527
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/mcp/server.js
CHANGED
|
@@ -4935,6 +4935,13 @@ var init_platform_procedures = __esm({
|
|
|
4935
4935
|
priority: "p0",
|
|
4936
4936
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
4937
4937
|
},
|
|
4938
|
+
// --- Encryption key + cloud sync ---
|
|
4939
|
+
{
|
|
4940
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
4941
|
+
domain: "security",
|
|
4942
|
+
priority: "p0",
|
|
4943
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
4944
|
+
},
|
|
4938
4945
|
// --- MCP is the ONLY data interface ---
|
|
4939
4946
|
{
|
|
4940
4947
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/runtime/index.js
CHANGED
|
@@ -8163,6 +8163,13 @@ var init_platform_procedures = __esm({
|
|
|
8163
8163
|
priority: "p0",
|
|
8164
8164
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
8165
8165
|
},
|
|
8166
|
+
// --- Encryption key + cloud sync ---
|
|
8167
|
+
{
|
|
8168
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
8169
|
+
domain: "security",
|
|
8170
|
+
priority: "p0",
|
|
8171
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
8172
|
+
},
|
|
8166
8173
|
// --- MCP is the ONLY data interface ---
|
|
8167
8174
|
{
|
|
8168
8175
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/dist/tui/App.js
CHANGED
|
@@ -9134,6 +9134,13 @@ var init_platform_procedures = __esm({
|
|
|
9134
9134
|
priority: "p0",
|
|
9135
9135
|
content: "Tasks live in the DB. Intercom (tmux send-keys) is fire-and-forget \u2014 it may fail, get garbled, or arrive mid-work. Never rely on intercom for task delivery. The UserPromptSubmit hook checks the DB for new tasks on every prompt. Your operating procedures step 7 says check for next work. The daemon nudges idle agents as a speedup. If you have no tasks, you found them all."
|
|
9136
9136
|
},
|
|
9137
|
+
// --- Encryption key + cloud sync ---
|
|
9138
|
+
{
|
|
9139
|
+
title: "Encryption key lives in Keychain, not on disk \u2014 never expose the recovery phrase",
|
|
9140
|
+
domain: "security",
|
|
9141
|
+
priority: "p0",
|
|
9142
|
+
content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
|
|
9143
|
+
},
|
|
9137
9144
|
// --- MCP is the ONLY data interface ---
|
|
9138
9145
|
{
|
|
9139
9146
|
title: "MCP disconnect \u2014 ask the user, never work around it",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@askexenow/exe-os",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.99",
|
|
4
4
|
"description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"type": "module",
|