nexo-brain 2.3.1 → 2.4.0

package/README.md

@@ -184,11 +184,11 @@ This means long sessions (8+ hours) feel like one continuous conversation instea
   "hooks": {
     "PreCompact": [{
       "matcher": "*",
-      "hooks": [{"type": "command", "command": "bash path/to/nexo/src/hooks/pre-compact.sh", "timeout": 10}]
+      "hooks": [{"type": "command", "command": "bash $NEXO_HOME/hooks/pre-compact.sh", "timeout": 10}]
     }],
     "PostCompact": [{
       "matcher": "*",
-      "hooks": [{"type": "command", "command": "bash path/to/nexo/src/hooks/post-compact.sh", "timeout": 10}]
+      "hooks": [{"type": "command", "command": "bash $NEXO_HOME/hooks/post-compact.sh", "timeout": 10}]
     }]
   }
 }
@@ -364,7 +364,13 @@ A web interface at `localhost:6174` with 6 interactive pages for visual insight
 | **Adaptive** | Personality signals, learned weights, and current mode |
 | **Sessions** | Active and historical sessions with timeline and diary entries |
 
-Built with FastAPI backend and D3.js frontend. Runs as a LaunchAgent, auto-starts with the system.
+Built with FastAPI backend and D3.js frontend. Dashboard files are installed to `NEXO_HOME/dashboard/` but must be started manually:
+
+```bash
+python3 ~/.nexo/dashboard/app.py
+```
+
+This opens `localhost:6174` in your browser. Add `--port 8080` to change the port or `--no-browser` to skip auto-opening.
 
 ## Full Orchestration System
 
@@ -499,9 +505,9 @@ atlas
 
 Under the hood, the alias runs:
 ```bash
-claude --append-system-prompt "You are NEXO. Run nexo_startup immediately, load context, greet the user." "."
+claude --dangerously-skip-permissions "."
 ```
-`--append-system-prompt` adds to the default system prompt without replacing it (preserves CLAUDE.md). The `"."` triggers the operator to start immediately.
+`--dangerously-skip-permissions` launches Claude Code with tool-use permissions pre-approved so the operator can act autonomously. The `"."` triggers the operator to start immediately. Operator behavior (startup, context, greeting) is defined in `~/.claude/CLAUDE.md`.
 
 That's it. No need to run `claude` manually. Your operator will greet you immediately — adapted to the time of day, resuming from where you left off if there's a previous session. No cold starts, no waiting for your input.
 
@@ -687,7 +693,7 @@ This replaces OpenClaw's default memory system with NEXO Brain's full cognitive
 
 ### Any MCP Client
 
-NEXO Brain works with any application that supports the MCP protocol. Configure it as an MCP server pointing to `server.py` in the code directory, with `NEXO_HOME` env var set.
+NEXO Brain works with any application that supports the MCP protocol. Configure it as an MCP server pointing to `server.py` inside `NEXO_HOME` (default `~/.nexo/server.py`), with the `NEXO_HOME` env var set to the same directory.
 
 ## Listed On
 

package/bin/nexo-brain.js

@@ -19,7 +19,7 @@ const fs = require("fs");
 const path = require("path");
 const readline = require("readline");
 
-let NEXO_HOME = path.join(require("os").homedir(), ".nexo");
+let NEXO_HOME = process.env.NEXO_HOME || path.join(require("os").homedir(), ".nexo");
 const CLAUDE_SETTINGS = path.join(
   require("os").homedir(),
   ".claude",
@@ -124,6 +124,8 @@ const ALL_CORE_HOOKS = [
     timeout: 10, purpose: "POSTMORTEM — the most important" },
   { event: "PostToolUse", key: "capture-tool-logs.sh", script: "capture-tool-logs.sh",
     timeout: 5, purpose: "Operation capture" },
+  { event: "PostToolUse", key: "capture-session.sh", script: "capture-session.sh",
+    timeout: 3, purpose: "Sensory register (session_buffer.jsonl)" },
   { event: "PostToolUse", key: "inbox-hook.sh", script: "inbox-hook.sh",
     timeout: 5, purpose: "Inter-session messaging" },
   { event: "PreCompact", key: "pre-compact.sh", script: "pre-compact.sh",
@@ -262,7 +264,7 @@ const DAY_MAP = {
  */
 function installAllProcesses(platform, pythonPath, nexoHome, schedule, launchAgentsDir) {
   const home = require("os").homedir();
-  const nexoCode = path.join(__dirname, "..");
+  const nexoCode = nexoHome;
   const logsDir = path.join(nexoHome, "logs");
   fs.mkdirSync(logsDir, { recursive: true });
 
@@ -436,8 +438,10 @@ ${restartPolicy}
           count++;
           continue;
         } else if (proc.type === "runAtLoad") {
-          // No timer for runAtLoad — runs via MCP startup
-          fs.writeFileSync(serviceFile, service);
+          // runAtLoad: enable as a boot-time oneshot service (like macOS RunAtLoad)
+          fs.writeFileSync(serviceFile, service + `\n[Install]\nWantedBy=default.target\n`);
+          run(`systemctl --user enable ${serviceName}.service`);
+          run(`systemctl --user start ${serviceName}.service`);
           count++;
           continue;
         } else if (proc.type === "interval") {
@@ -477,14 +481,15 @@ WantedBy=timers.target
       const envLine2 = `NEXO_CODE=${nexoCode}`;
 
       for (const proc of ALL_PROCESSES) {
-        if (proc.type === "runAtLoad") continue; // No cron for runAtLoad
         const sPath = scriptPath(proc);
         const interp = interpreterPath(proc);
         const s = getSchedule(proc);
         const logPath = path.join(logsDir, `${proc.name}-stdout.log`);
 
         let cronSpec = "";
-        if (proc.type === "interval") {
+        if (proc.type === "runAtLoad") {
+          cronSpec = "@reboot";
+        } else if (proc.type === "interval") {
           cronSpec = `*/${proc.intervalMinutes} * * * *`;
         } else if (proc.type === "daily") {
           cronSpec = `${s.minute} ${s.hour} * * *`;
@@ -617,10 +622,11 @@ async function main() {
           "server.py", "plugin_loader.py",
           "knowledge_graph.py", "kg_populate.py", "maintenance.py", "storage_router.py",
           "claim_graph.py", "hnsw_index.py", "evolution_cycle.py", "migrate_embeddings.py",
-          "auto_close_sessions.py",
+          "auto_close_sessions.py", "auto_update.py",
           "tools_sessions.py", "tools_coordination.py", "tools_reminders.py",
           "tools_reminders_crud.py", "tools_learnings.py", "tools_credentials.py",
           "tools_task_history.py", "tools_menu.py",
+          "requirements.txt",
         ];
         coreFlatFiles.forEach((f) => {
           const src = path.join(srcDir, f);
@@ -637,6 +643,30 @@ async function main() {
         });
         log("  Core files updated.");
 
+        // Reconcile Python dependencies after updating code (mirrors fresh-install logic)
+        const migReqFile = path.join(srcDir, "requirements.txt");
+        if (fs.existsSync(migReqFile)) {
+          const migVenvPy = findVenvPython(NEXO_HOME);
+          const migPipPy = migVenvPy || "python3";
+          const migPipArgs = ["-m", "pip", "install", "--quiet", "-r", migReqFile];
+          if (!migVenvPy) migPipArgs.push("--break-system-packages");
+          log("  Reconciling Python dependencies...");
+          const migPipResult = spawnSync(migPipPy, migPipArgs, { stdio: "inherit", timeout: 120000 });
+          if (migPipResult.status !== 0) {
+            log("  WARNING: Failed to reconcile Python deps. Rolling back version...");
+            // Restore previous version so next boot retries migration
+            fs.writeFileSync(versionFile, JSON.stringify({
+              version: installedVersion,
+              installed_at: installed.installed_at,
+              updated_at: new Date().toISOString(),
+              migration_failed: currentVersion,
+            }, null, 2));
+            log("  Run manually: " + migPipPy + " -m pip install -r src/requirements.txt");
+            process.exit(1);
+          }
+          log("  Python dependencies reconciled.");
+        }
+
         // Update plugins (all .py files in plugins/)
         const pluginsSrc = path.join(srcDir, "plugins");
         const pluginsDest = path.join(NEXO_HOME, "plugins");
@@ -664,6 +694,14 @@ async function main() {
           log("  Rules updated.");
         }
 
+        // Update crons (manifest.json + sync.py — needed by catchup & watchdog)
+        const cronsMigSrc = path.join(srcDir, "crons");
+        const cronsMigDest = path.join(NEXO_HOME, "crons");
+        if (fs.existsSync(cronsMigSrc)) {
+          copyDirRec(cronsMigSrc, cronsMigDest);
+          log("  Crons updated.");
+        }
+
         // Update scripts (all .py, .sh files + subdirectories like deep-sleep/)
         const scriptsSrc = path.join(srcDir, "scripts");
         const scriptsDest = path.join(NEXO_HOME, "scripts");
@@ -734,6 +772,28 @@ async function main() {
         rl.close();
         return;
       }
+
+      // Same version — backfill crons/ if missing (for installs before crons was shipped)
+      const cronsDest = path.join(NEXO_HOME, "crons");
+      const cronsSrc = path.join(__dirname, "..", "src", "crons");
+      if (!fs.existsSync(path.join(cronsDest, "manifest.json")) && fs.existsSync(cronsSrc)) {
+        const copyDirRec2 = (src, dest) => {
+          fs.mkdirSync(dest, { recursive: true });
+          fs.readdirSync(src).forEach(item => {
+            if (item === "__pycache__" || item.endsWith(".pyc") || item.endsWith(".db")) return;
+            const srcP = path.join(src, item);
+            const destP = path.join(dest, item);
+            if (fs.statSync(srcP).isDirectory()) copyDirRec2(srcP, destP);
+            else fs.copyFileSync(srcP, destP);
+          });
+        };
+        copyDirRec2(cronsSrc, cronsDest);
+        log("Backfilled crons/ directory (catchup & watchdog need it).");
+      }
+
+      log(`Already at v${currentVersion}. No migration needed.`);
+      rl.close();
+      return;
     } catch (e) {
       // Version file corrupt — proceed with fresh install
     }
@@ -782,7 +842,7 @@ async function main() {
     log("Claude Code not found. Installing...");
     // Try npx first (no sudo needed), then npm -g as fallback
     spawnSync("npx", ["-y", "@anthropic-ai/claude-code", "--version"], { stdio: "pipe", timeout: 60000 });
-    claudeInstalled = run("which claude") || run("npx -y @anthropic-ai/claude-code --version");
+    claudeInstalled = run("which claude");
     if (!claudeInstalled) {
       // Fallback: npm -g (may need sudo on Linux)
       const npmCmd = platform === "linux" ? "sudo" : "npm";
@@ -800,6 +860,15 @@ async function main() {
   } else {
     log("Claude Code detected.");
   }
+
+  // Persist the discovered claude CLI path for scheduled scripts
+  const claudeCliPath = run("which claude") || "";
+  if (claudeCliPath) {
+    const cliPathFile = path.join(NEXO_HOME, "config", "claude-cli-path");
+    fs.mkdirSync(path.join(NEXO_HOME, "config"), { recursive: true });
+    fs.writeFileSync(cliPathFile, claudeCliPath.trim());
+    log(`Claude CLI path saved: ${claudeCliPath.trim()}`);
+  }
   console.log("");
 
   // Step 1: Language (P1)
@@ -1236,6 +1305,7 @@ async function main() {
     "evolution_cycle.py",
     "migrate_embeddings.py",
     "auto_close_sessions.py",
+    "auto_update.py",
     "tools_sessions.py",
     "tools_coordination.py",
     "tools_reminders.py",
@@ -1244,6 +1314,7 @@ async function main() {
     "tools_credentials.py",
     "tools_task_history.py",
     "tools_menu.py",
+    "requirements.txt",
   ];
   coreFiles.forEach((f) => {
     const src = path.join(srcDir, f);
@@ -1292,6 +1363,13 @@ async function main() {
     log("  Rules installed.");
   }
 
+  // Crons directory (manifest.json + sync.py — needed by catchup & watchdog)
+  const cronsSrcDir = path.join(srcDir, "crons");
+  if (fs.existsSync(cronsSrcDir)) {
+    copyDirRecursive(cronsSrcDir, path.join(NEXO_HOME, "crons"));
+    log("  Crons installed.");
+  }
+
   // Hooks directory
   const hooksSrcDir = path.join(srcDir, "hooks");
   if (fs.existsSync(hooksSrcDir)) {
@@ -1792,27 +1870,43 @@ ${doScan ? `- Stack: ${Object.keys(profileData.code.languages || {}).slice(0, 5)
   // Step 8: Create shell alias so user can just type the operator's name
   log("Creating shell alias...");
   const aliasName = operatorName.toLowerCase();
-  const aliasLine = `alias ${aliasName}='claude --dangerously-skip-permissions "."'`;
+  const savedCliPath = (() => {
+    const p = path.join(NEXO_HOME, "config", "claude-cli-path");
+    try { return fs.readFileSync(p, "utf8").trim(); } catch { return ""; }
+  })();
+  const claudeBin = savedCliPath || run("which claude") || "claude";
+  const aliasLine = `alias ${aliasName}='${claudeBin} --dangerously-skip-permissions "."'`;
   const aliasComment = `# ${operatorName} — start Claude Code with ${operatorName} speaking first`;
 
   // Detect shell and add alias
   const userShell = process.env.SHELL || "/bin/bash";
-  const rcFile = userShell.includes("zsh")
-    ? path.join(require("os").homedir(), ".zshrc")
-    : path.join(require("os").homedir(), ".bash_profile");
+  const homeDir = require("os").homedir();
+  const rcFiles = [];
 
-  let rcContent = "";
-  if (fs.existsSync(rcFile)) {
-    rcContent = fs.readFileSync(rcFile, "utf8");
+  if (userShell.includes("zsh")) {
+    rcFiles.push(path.join(homeDir, ".zshrc"));
+  } else {
+    // Bash: always write to .bash_profile (macOS login shells)
+    rcFiles.push(path.join(homeDir, ".bash_profile"));
+    // Also write to .bashrc (Linux interactive shells) — create if needed
+    const bashrc = path.join(homeDir, ".bashrc");
+    rcFiles.push(bashrc);
   }
 
-  if (!rcContent.includes(`alias ${aliasName}=`)) {
-    fs.appendFileSync(rcFile, `\n${aliasComment}\n${aliasLine}\n`);
-    log(`Added '${aliasName}' alias to ${path.basename(rcFile)}`);
-    log(`After setup, open a new terminal and type: ${aliasName}`);
-  } else {
-    log(`Alias '${aliasName}' already exists in ${path.basename(rcFile)}`);
+  for (const rcFile of rcFiles) {
+    let rcContent = "";
+    if (fs.existsSync(rcFile)) {
+      rcContent = fs.readFileSync(rcFile, "utf8");
+    }
+
+    if (!rcContent.includes(`alias ${aliasName}=`)) {
+      fs.appendFileSync(rcFile, `\n${aliasComment}\n${aliasLine}\n`);
+      log(`Added '${aliasName}' alias to ${path.basename(rcFile)}`);
+    } else {
+      log(`Alias '${aliasName}' already exists in ${path.basename(rcFile)}`);
+    }
   }
+  log(`After setup, open a new terminal and type: ${aliasName}`);
   console.log("");
 
   // Step 9: Generate CLAUDE.md template

package/bin/postinstall.js

@@ -9,32 +9,39 @@
 const fs = require("fs");
 const path = require("path");
 
-const NEXO_HOME = path.join(require("os").homedir(), ".nexo");
+const NEXO_HOME = process.env.NEXO_HOME || path.join(require("os").homedir(), ".nexo");
 const VERSION_FILE = path.join(NEXO_HOME, "version.json");
 
+if (process.env.NEXO_SKIP_POSTINSTALL === "1") {
+  // Called during rollback — skip migration to avoid loops
+  process.exit(0);
+}
+
 if (fs.existsSync(VERSION_FILE)) {
   // Existing installation — run auto-migration silently
-  try {
-    const installed = JSON.parse(fs.readFileSync(VERSION_FILE, "utf8"));
-    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));
+  const installed = JSON.parse(fs.readFileSync(VERSION_FILE, "utf8"));
+  const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));
 
-    if (installed.version === pkg.version) {
-      // Same version, nothing to do
-      process.exit(0);
-    }
+  if (installed.version === pkg.version) {
+    // Same version, nothing to do
+    process.exit(0);
+  }
 
-    console.log(`\n  NEXO Brain: upgrading v${installed.version} → v${pkg.version}...`);
+  console.log(`\n  NEXO Brain: upgrading v${installed.version} → v${pkg.version}...`);
 
-    // Run the main installer in --yes mode (non-interactive)
-    // It will detect the existing version and do migration only
-    const { execSync } = require("child_process");
+  // Run the main installer in --yes mode (non-interactive)
+  // It will detect the existing version and do migration only
+  // Let errors propagate so npm reports the failure correctly
+  const { execSync } = require("child_process");
+  try {
     execSync(`node ${path.join(__dirname, "nexo-brain.js")} --yes`, {
       stdio: "inherit",
-      env: { ...process.env, NEXO_POSTINSTALL: "1" }
+      env: { ...process.env, NEXO_POSTINSTALL: "1", NEXO_HOME: NEXO_HOME }
     });
   } catch (e) {
-    console.error(`  NEXO Brain: migration warning — ${e.message}`);
-    console.log("  Run 'nexo-brain' manually to complete setup.");
+    console.error(`\n  NEXO Brain: migration FAILED — ${e.message}`);
+    console.error("  Run 'nexo-brain' manually to complete setup.");
+    process.exit(1);
   }
 } else {
   // Fresh install — just show instructions

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO — Cognitive co-operator for Claude Code. Memory, emotional intelligence, overnight learning (Deep Sleep), cron management, trust scoring, and adaptive calibration.",
   "bin": {
@@ -47,7 +47,7 @@
     "url": "git+https://github.com/wazionapps/nexo.git"
   },
   "scripts": {
-    "postinstall": "node bin/postinstall.js 2>/dev/null || true"
+    "postinstall": "node bin/postinstall.js"
   },
   "engines": {
     "node": ">=18"

package/src/auto_update.py

@@ -96,6 +96,130 @@ def _read_package_version() -> str:
 
 # ── Hook sync ────────────────────────────────────────────────────────
 
+def _requirements_hash() -> str:
+    """Return a content hash of requirements.txt, or empty string if missing."""
+    import hashlib
+    req_file = SRC_DIR / "requirements.txt"
+    if req_file.exists():
+        return hashlib.sha256(req_file.read_bytes()).hexdigest()
+    return ""
+
+
+def _reinstall_pip_deps() -> bool:
+    """Reinstall Python deps from requirements.txt. Returns True on success."""
+    req_file = SRC_DIR / "requirements.txt"
+    if not req_file.exists():
+        return True
+    venv_pip = NEXO_HOME / ".venv" / "bin" / "pip"
+    if not venv_pip.exists():
+        venv_pip = NEXO_HOME / ".venv" / "bin" / "pip3"
+    try:
+        if venv_pip.exists():
+            result = subprocess.run(
+                [str(venv_pip), "install", "--quiet", "-r", str(req_file)],
+                capture_output=True, text=True, timeout=120,
+            )
+        else:
+            result = subprocess.run(
+                [sys.executable, "-m", "pip", "install", "--quiet", "-r", str(req_file), "--break-system-packages"],
+                capture_output=True, text=True, timeout=120,
+            )
+        if result.returncode != 0:
+            _log(f"pip install failed (exit {result.returncode}): {result.stderr or result.stdout}")
+            return False
+        _log("Reinstalled Python dependencies after update")
+        return True
+    except Exception as e:
+        _log(f"pip reinstall failed: {e}")
+        return False
+
+
+def _refresh_installed_manifest():
+    """Copy source crons/ to NEXO_HOME/crons/ so catchup & watchdog stay current."""
+    try:
+        import shutil
+        src_crons = SRC_DIR / "crons"
+        dst_crons = NEXO_HOME / "crons"
+        if src_crons.exists():
+            dst_crons.mkdir(parents=True, exist_ok=True)
+            for f in src_crons.iterdir():
+                if f.is_file():
+                    shutil.copy2(str(f), str(dst_crons / f.name))
+            _log("Refreshed installed crons manifest")
+    except Exception as e:
+        _log(f"Manifest refresh warning: {e}")
+
+
+def _sync_crons():
+    """Sync cron definitions with manifest after a git pull."""
+    try:
+        cron_sync_path = SRC_DIR / "crons" / "sync.py"
+        if cron_sync_path.exists():
+            result = subprocess.run(
+                [sys.executable, str(cron_sync_path)],
+                capture_output=True, text=True, timeout=30,
+                env={**os.environ, "NEXO_HOME": str(NEXO_HOME), "NEXO_CODE": str(SRC_DIR)},
+            )
+            if result.returncode != 0:
+                _log(f"Cron sync failed (exit {result.returncode}): {result.stderr or result.stdout}")
+                return  # Don't refresh manifest if timers weren't actually updated
+            _log("Synced cron definitions with manifest")
+        # Refresh the installed manifest only after successful sync
+        _refresh_installed_manifest()
+    except Exception as e:
+        _log(f"Cron sync warning: {e}")
+
+
+def _backup_dbs() -> str | None:
+    """Snapshot all .db files before migration. Returns backup dir or None."""
+    import sqlite3
+    import time as _time
+    timestamp = _time.strftime("%Y-%m-%d-%H%M%S")
+    backup_dir = NEXO_HOME / "backups" / f"pre-autoupdate-{timestamp}"
+
+    db_files = list(DATA_DIR.glob("*.db")) if DATA_DIR.is_dir() else []
+    db_files += [f for f in NEXO_HOME.glob("*.db") if f.is_file()]
+    src_db = SRC_DIR / "nexo.db"
+    if src_db.is_file() and src_db not in db_files:
+        db_files.append(src_db)
+
+    if not db_files:
+        return None
+
+    backup_dir.mkdir(parents=True, exist_ok=True)
+    for db_file in db_files:
+        try:
+            src_conn = sqlite3.connect(str(db_file))
+            dst_conn = sqlite3.connect(str(backup_dir / db_file.name))
+            src_conn.backup(dst_conn)
+            dst_conn.close()
+            src_conn.close()
+        except Exception as e:
+            _log(f"DB backup warning ({db_file.name}): {e}")
+    return str(backup_dir)
+
+
+def _restore_dbs(backup_dir: str):
+    """Restore .db files from a backup directory."""
+    import sqlite3
+    bdir = Path(backup_dir)
+    if not bdir.is_dir():
+        return
+    for db_backup in bdir.glob("*.db"):
+        for candidate in [DATA_DIR / db_backup.name, NEXO_HOME / db_backup.name, SRC_DIR / db_backup.name]:
+            if candidate.is_file():
+                try:
+                    src_conn = sqlite3.connect(str(db_backup))
+                    dst_conn = sqlite3.connect(str(candidate))
+                    src_conn.backup(dst_conn)
+                    dst_conn.close()
+                    src_conn.close()
+                    _log(f"Restored DB: {db_backup.name}")
+                except Exception as e:
+                    _log(f"DB restore warning ({db_backup.name}): {e}")
+                break
+
+
 def _sync_hooks():
     """Copy hook scripts from src/hooks/ to NEXO_HOME/hooks/ after a git pull."""
     import shutil
@@ -152,27 +276,89 @@ def _check_git_updates() -> str | None:
 
     # We're behind — safe to fast-forward pull
     old_version = _read_package_version()
+    old_req_hash = _requirements_hash()
+
+    # Save old HEAD for rollback
+    rc, old_head, _ = _git("rev-parse", "HEAD")
+    if rc != 0:
+        return None
+
     rc, pull_out, pull_err = _git("pull", "--ff-only")
     if rc != 0:
         _log(f"git pull --ff-only failed: {pull_err}")
         return None  # Don't break anything
 
     new_version = _read_package_version()
+    new_req_hash = _requirements_hash()
+
+    # Backup databases before any changes that might run migrations
+    db_backup_dir = _backup_dbs()
+
+    # Reinstall pip deps if requirements.txt content changed (not just version)
+    if old_req_hash != new_req_hash:
+        if not _reinstall_pip_deps():
+            # pip failed — rollback git + DBs to old HEAD
+            _log("pip install failed after pull, rolling back git...")
+            _git("reset", "--hard", old_head)
+            _reinstall_pip_deps()  # restore old deps (best-effort)
+            if db_backup_dir:
+                _restore_dbs(db_backup_dir)
+            return None
+
+    # Verify the new code can be imported before proceeding
+    if not _verify_import():
+        _log("Import verification failed after pull, rolling back git...")
+        _git("reset", "--hard", old_head)
+        if old_req_hash != new_req_hash:
+            _reinstall_pip_deps()  # restore old deps (best-effort)
+        if db_backup_dir:
+            _restore_dbs(db_backup_dir)
+        return None
 
-    # Run DB migrations after pull
-    _run_db_migrations()
+    # Run DB migrations after pull — rollback if they fail
+    if not _run_db_migrations():
+        _log("DB migration failed after pull, rolling back git + DB...")
+        _git("reset", "--hard", old_head)
+        if old_req_hash != new_req_hash:
+            _reinstall_pip_deps()
+        if db_backup_dir:
+            _restore_dbs(db_backup_dir)
+        return None
 
     # Sync hooks to NEXO_HOME (nexo-brain.js copies them on install,
     # but auto-update via git pull bypasses nexo-brain.js)
     _sync_hooks()
 
+    # Sync cron definitions with manifest
+    _sync_crons()
+
     msg = f"Auto-updated: {old_version} -> {new_version}" if old_version != new_version else f"Auto-updated (v{new_version}, new commits)"
     _log(msg)
     return msg
 
 
-def _run_db_migrations():
-    """Run NEXO's DB schema migrations (from db._schema) after a pull."""
+def _verify_import() -> bool:
+    """Verify that the new code can be imported. Returns True on success."""
+    try:
+        result = subprocess.run(
+            [sys.executable, "-c", "import server"],
+            cwd=str(SRC_DIR),
+            capture_output=True,
+            text=True,
+            timeout=15,
+        )
+        if result.returncode != 0:
+            _log(f"Import verification failed: {result.stderr or result.stdout}")
+            return False
+        return True
+    except Exception as e:
+        _log(f"Import verification error: {e}")
+        return False
+
+
+def _run_db_migrations() -> bool:
+    """Run NEXO's DB schema migrations (from db._schema) after a pull.
+    Returns True on success, False on failure."""
     try:
         from db._schema import run_migrations
         from db._core import get_db
@@ -180,8 +366,10 @@ def _run_db_migrations():
         applied = run_migrations(conn)
         if applied > 0:
             _log(f"Applied {applied} DB migration(s)")
+        return True
     except Exception as e:
-        _log(f"DB migration error (continuing): {e}")
+        _log(f"DB migration error: {e}")
+        return False
 
 
 # ── npm version check (notify only) ─────────────────────────────────

package/src/crons/sync.py

@@ -296,6 +296,9 @@ def sync_linux(dry_run: bool = False):
         service_path = unit_dir / f"nexo-{cron_id}.service"
         timer_path = unit_dir / f"nexo-{cron_id}.timer"
 
+        stdout_log = LOG_DIR / f"{cron_id}-stdout.log"
+        stderr_log = LOG_DIR / f"{cron_id}-stderr.log"
+
         service_content = f"""[Unit]
 Description=NEXO: {cron.get('description', cron_id)}
 
@@ -305,6 +308,8 @@ ExecStart={exec_cmd}
 Environment=NEXO_HOME={NEXO_HOME}
 Environment=NEXO_CODE={NEXO_CODE}
 Environment=HOME={Path.home()}
+StandardOutput=append:{stdout_log}
+StandardError=append:{stderr_log}
 """
 
         if cron.get("run_at_load"):

package/src/dashboard/app.py

@@ -616,13 +616,20 @@ async def api_ops_execute(fid: str):
     if not row:
         return JSONResponse({"error": f"Followup {fid} not found"}, status_code=404)
     item = dict(row)
-    description = item["description"].replace('"', '\\"').replace("'", "\\'")
     if platform.system() != "Darwin":
         return JSONResponse(
             {"error": "This operation requires macOS (uses osascript to open Terminal)"},
             status_code=501,
         )
-    script = f'tell application "Terminal" to do script "claude \\"NEXO: execute followup #{fid} — {description}\\""'
+    # Security: avoid interpolating user-controlled data into shell commands.
+    # Write the followup ID to a temp file and pass a safe, fixed command to osascript.
+    import tempfile
+    tmp = tempfile.NamedTemporaryFile(mode="w", suffix=".txt", prefix="nexo-followup-", delete=False)
+    tmp.write(fid)
+    tmp.close()
+    # The claude command reads the followup ID from the temp file — no shell interpolation of description
+    claude_cmd = f'claude \\"NEXO: execute followup from file $(cat {tmp.name})\\"'
+    script = f'tell application "Terminal" to do script "{claude_cmd}"'
     subprocess.Popen(["osascript", "-e", script])
     return {"success": True, "followup_id": fid}