@askexenow/exe-os 0.9.99 → 0.9.101

package/dist/hooks/summary-worker.js

@@ -3587,20 +3587,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
@@ -4341,6 +4360,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/index.js

@@ -8410,6 +8410,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/cloud-sync.js

@@ -3480,20 +3480,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"

package/dist/lib/employee-templates.js

@@ -344,6 +344,12 @@ var PLATFORM_PROCEDURES = [
     priority: "p0",
     content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
   },
+  {
+    title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+    domain: "architecture",
+    priority: "p1",
+    content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+  },
   // --- MCP is the ONLY data interface ---
   {
     title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/exe-daemon.js

@@ -5637,20 +5637,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
@@ -5976,6 +5995,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/hybrid-search.js

@@ -4293,6 +4293,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/keychain.js

@@ -399,20 +399,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"

package/dist/lib/schedules.js

@@ -3522,6 +3522,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/lib/store.js

@@ -3522,6 +3522,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/mcp/server.js

@@ -3994,20 +3994,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"
@@ -4942,6 +4961,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/runtime/index.js

@@ -8170,6 +8170,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",

package/dist/tui/App.js

@@ -9141,6 +9141,12 @@ var init_platform_procedures = __esm({
         priority: "p0",
         content: "The master encryption key is stored in macOS Keychain (Secure Enclave) or Linux secret-tool \u2014 NOT as a file. There is no ~/.exe-os/master.key on modern installs. If an older install had one, it was auto-migrated to Keychain and the file deleted. Device linking uses a 24-word BIP39 recovery phrase: Device 1 runs `exe-os cloud link --show-full` in their local Terminal to reveal it, Device 2 runs `exe-os cloud` and pastes the phrase to import the key into its own Keychain, then cloud sync pulls encrypted memories. NEVER display, log, or return the recovery phrase in agent output. MCP tools are hardened \u2014 they cannot reveal it. If the user needs the phrase, tell them: 'Run exe-os cloud link --show-full in your Terminal.' If searching for master.key returns nothing, that is CORRECT \u2014 the key is in Keychain."
       },
+      {
+        title: "Cloud endpoint is cloud.askexe.com \u2014 not askexe.com/cloud",
+        domain: "architecture",
+        priority: "p1",
+        content: "All cloud API calls (auth, sync, licensing, device registry, WebSocket) go to https://cloud.askexe.com, NOT https://askexe.com/cloud. This is a Cloudflare Workers Custom Domain that bypasses the zone-level managed challenge on askexe.com. Datacenter IPs (Hetzner, AWS, etc.) get HTTP 403 on askexe.com due to Bot Fight Mode, but cloud.askexe.com routes directly to the Worker before WAF rules evaluate. If a customer reports 403/challenge errors on cloud sync: verify they are on the latest exe-os version (cloud.askexe.com endpoint). Fix: `npm install -g @askexenow/exe-os@latest`. The EXE_CLOUD_ENDPOINT env var can override the endpoint if needed."
+      },
       // --- MCP is the ONLY data interface ---
       {
         title: "MCP disconnect \u2014 ask the user, never work around it",
@@ -11333,20 +11339,39 @@ async function getKeyStorageInfo() {
 }
 async function setMasterKey(key) {
   const b64 = key.toString("base64");
-  if (macKeychainSet(b64) || linuxSecretSet(b64)) {
-    return;
+  let keychainOk = false;
+  if (macKeychainSet(b64)) {
+    const readBack = macKeychainGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write(
+        "[keychain] macOS Keychain write appeared to succeed but read-back failed.\n  This can happen on macOS Tahoe with new permission patterns.\n"
+      );
+    }
+  } else if (linuxSecretSet(b64)) {
+    const readBack = linuxSecretGet();
+    if (readBack === b64) {
+      keychainOk = true;
+    } else {
+      process.stderr.write("[keychain] Linux secret-tool write appeared to succeed but read-back failed.\n");
+    }
   }
-  const keytar = await tryKeytar();
-  if (keytar) {
-    try {
-      await keytar.setPassword(SERVICE, ACCOUNT, b64);
-      return;
-    } catch {
+  if (!keychainOk) {
+    const keytar = await tryKeytar();
+    if (keytar) {
+      try {
+        await keytar.setPassword(SERVICE, ACCOUNT, b64);
+        keychainOk = true;
+      } catch {
+      }
     }
   }
   const fallback = await writeMachineBoundFileFallback(b64);
-  if (fallback === "encrypted") {
-    process.stderr.write("[keychain] Key stored encrypted (machine-bound).\n");
+  if (keychainOk) {
+    process.stderr.write("[keychain] Key stored in OS keychain (file backup also written).\n");
+  } else if (fallback === "encrypted") {
+    process.stderr.write("[keychain] Key stored encrypted (machine-bound file fallback).\n");
   } else {
     process.stderr.write(
       "[keychain] WARNING: Key stored in plaintext file \u2014 no OS keychain available.\n"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askexenow/exe-os",
-  "version": "0.9.99",
+  "version": "0.9.101",
   "description": "AI employee operating system — persistent memory, task management, and multi-agent coordination for Claude Code.",
   "license": "SEE LICENSE IN LICENSE",
   "type": "module",

package/src/commands/exe/setup.md

@@ -68,7 +68,7 @@ Use AskUserQuestion to ask for their Exe Cloud API key (exe_sk_...).
 
 Validate the key:
 ```bash
-curl -s "https://askexe.com/cloud/auth/verify" \
+curl -s "https://cloud.askexe.com/auth/verify" \
   -H "Authorization: Bearer USER_API_KEY" | cat
 ```