nexo-brain 2.5.0 → 2.6.0

package/src/scripts/nexo-watchdog.sh

@@ -16,6 +16,7 @@ NEXO_DIR="$NEXO_HOME"
 CORTEX_DIR="$NEXO_HOME/brain"
 OPS_DIR="$NEXO_HOME/operations"
 LOG_DIR="$NEXO_HOME/logs"
+DB_PATH="$NEXO_HOME/data/nexo.db"
 LOG="$LOG_DIR/watchdog.log"
 STATUS_JSON="$OPS_DIR/watchdog-status.json"
 REPORT_TXT="$OPS_DIR/watchdog-report.txt"
@@ -62,12 +63,25 @@ import json, sys, platform
 
 nexo_home = '$NEXO_HOME'
 is_mac = platform.system() == 'Darwin'
+optionals_file = '$NEXO_HOME/config/optionals.json'
+optionals = {}
 
 with open('$MANIFEST_FILE') as f:
     data = json.load(f)
 
+try:
+    with open(optionals_file) as f:
+        maybe = json.load(f)
+        if isinstance(maybe, dict):
+            optionals = {str(k): bool(v) for k, v in maybe.items()}
+except Exception:
+    optionals = {}
+
 for c in data.get('crons', []):
     cid = c['id']
+    optional_key = c.get('optional')
+    if optional_key and not optionals.get(optional_key, False):
+        continue
     name = cid.replace('-', ' ').title()
     # Use the right service identifier per platform
     if is_mac:
@@ -77,10 +91,21 @@ for c in data.get('crons', []):
     stdout_log = nexo_home + '/logs/' + cid + '-stdout.log'
     stderr_log = nexo_home + '/logs/' + cid + '-stderr.log'
 
+    recovery_policy = c.get('recovery_policy')
+    if not recovery_policy:
+        if c.get('keep_alive') or 'interval_seconds' in c:
+            recovery_policy = 'restart'
+        elif 'schedule' in c:
+            recovery_policy = 'catchup'
+        else:
+            recovery_policy = 'none'
+    run_at_load = bool(c.get('run_at_load') or (c.get('run_on_boot') and 'interval_seconds' in c and not c.get('keep_alive')))
+
     # Derive max_stale_secs and schedule_desc from schedule config
-    if c.get('run_at_load'):
+    if c.get('keep_alive'):
         max_stale = 0
-        schedule_desc = 'RunAtLoad once'
+        schedule_desc = 'KeepAlive'
+        proc_grep = c.get('script', '').split('/')[-1]
     elif 'interval_seconds' in c:
         iv = c['interval_seconds']
         # Allow 2x the interval before WARN
@@ -89,6 +114,9 @@ for c in data.get('crons', []):
             schedule_desc = f'Every {iv // 3600}h'
         else:
             schedule_desc = f'Every {iv // 60} min'
+        if run_at_load:
+            schedule_desc += ' + boot'
+        proc_grep = ''
     elif 'schedule' in c:
         s = c['schedule']
         h = s.get('hour', 0)
@@ -100,14 +128,19 @@ for c in data.get('crons', []):
         else:
             schedule_desc = f'Daily {h}:{m:02d}'
             max_stale = 90000  # ~25h
+        proc_grep = ''
+    elif run_at_load:
+        max_stale = 0
+        schedule_desc = 'RunAtLoad once'
+        proc_grep = ''
     else:
         max_stale = 0
         schedule_desc = 'unknown'
+        proc_grep = ''
 
     mon_type = 'core' if c.get('core') else 'personal'
-    proc_grep = ''  # manifest crons are one-shot, no persistent process
 
-    print(f'{name}|{svc_id}|{stdout_log}|{stderr_log}|{max_stale}|{proc_grep}|{schedule_desc}|{mon_type}')
+    print(f'{name}|{svc_id}|{stdout_log}|{stderr_log}|{max_stale}|{proc_grep}|{schedule_desc}|{mon_type}|{recovery_policy}')
 " 2>/dev/null
 }
 
@@ -134,7 +167,7 @@ if [ "${NEXO_MAINTAINER:-}" = "1" ]; then
 fi
 
 # Error patterns to search in stderr logs (last 50 lines)
-ERROR_PATTERNS="Traceback|Error:|CRITICAL|FATAL|ModuleNotFoundError|PermissionError|FileNotFoundError|ConnectionRefused|Errno"
+ERROR_PATTERNS="Traceback|Error:|CRITICAL|FATAL|ModuleNotFoundError|PermissionError|FileNotFoundError|ConnectionRefused|Errno|Operation not permitted|SyntaxError|sqlite3\\.OperationalError"
 
 # ============================================================================
 # HELPER FUNCTIONS
@@ -150,7 +183,7 @@ log_repair() { echo "[$TS] REPAIR: $1" >> "$REPAIR_LOG"; log "REPAIR: $1"; }
 
 is_loaded() {
   if $IS_MACOS; then
-    launchctl list "$1" &>/dev/null
+    launchctl print "gui/$UID_NUM/$1" &>/dev/null
   else
     # On Linux, check if the systemd timer is enabled
     systemctl --user is-enabled "$1" &>/dev/null
@@ -242,45 +275,13 @@ try_reexecute_missed_cron() {
   local svc_id="$1"
 
   if $IS_MACOS; then
-    # macOS: extract command from plist and run it
-    local plist_file="$HOME_DIR/Library/LaunchAgents/${svc_id}.plist"
-
-    if [ ! -f "$plist_file" ]; then
-      log "Re-execute skipped: no plist for $svc_id"
-      return 1
-    fi
-
-    local cmd
-    cmd=$(python3 -c "
-import plistlib, sys
-try:
-    with open('$plist_file', 'rb') as f:
-        d = plistlib.load(f)
-    args = d.get('ProgramArguments', [])
-    if d.get('KeepAlive'):
-        sys.exit(1)
-    if not d.get('StartCalendarInterval') and not d.get('StartInterval'):
-        sys.exit(1)
-    print(' '.join(args))
-except:
-    sys.exit(1)
-" 2>/dev/null)
-
-    if [ -z "$cmd" ] || [ $? -ne 0 ]; then
-      return 1
-    fi
-
-    log "Re-executing missed cron: $svc_id → $cmd"
-    timeout 300 bash -c "$cmd" >> "$LOG_DIR/watchdog-reexec.log" 2>&1 &
-    local pid=$!
-    sleep 2
-    if kill -0 "$pid" 2>/dev/null || wait "$pid" 2>/dev/null; then
-      log_repair "$svc_id: re-executed missed cron (PID $pid)"
+    log "Re-executing missed cron via launchctl kickstart: $svc_id"
+    if launchctl kickstart -k "gui/$UID_NUM/$svc_id" >> "$LOG_DIR/watchdog-reexec.log" 2>&1; then
+      log_repair "$svc_id: re-executed missed cron via launchctl kickstart"
       return 0
-    else
-      log "Re-execute failed for $svc_id"
-      return 1
     fi
+    log "Re-execute failed for $svc_id"
+    return 1
   else
     # Linux: start the corresponding service unit directly
     local service_unit="${svc_id%.timer}.service"
@@ -295,11 +296,30 @@ except:
   fi
 }
 
+CATCHUP_REQUESTED=false
+try_request_catchup() {
+  if $CATCHUP_REQUESTED; then
+    return 0
+  fi
+  local catchup_svc
+  if $IS_MACOS; then
+    catchup_svc="com.nexo.catchup"
+  else
+    catchup_svc="nexo-catchup.timer"
+  fi
+  if try_reexecute_missed_cron "$catchup_svc"; then
+    CATCHUP_REQUESTED=true
+    return 0
+  fi
+  return 1
+}
+
 try_verify_repair() {
   # After Level 2 repair, wait and verify the service is healthy
   local plist_id="$1"
   local log_stdout="$2"
   local proc_grep="$3"
+  local mon_type="${4:-core}"
   local max_wait=30
 
   log "Verifying repair for $plist_id..."
@@ -325,7 +345,22 @@ try_verify_repair() {
     return 1
   fi
 
-  # Check 3: For scheduled crons, check if log was updated recently
+  # Check 3: For scheduled crons, check if cron_runs/logs were updated recently
+  if [ "$mon_type" = "core" ]; then
+    local cron_id
+    cron_id=$(cron_id_from_service "$plist_id")
+    local run_info
+    run_info=$(cron_last_run_info "$cron_id" || true)
+    if [ -n "$run_info" ]; then
+      local run_age
+      IFS='|' read -r run_age _ _ _ _ _ <<< "$run_info"
+      if [ -n "$run_age" ] && [ "$run_age" -lt 300 ]; then
+        log "Verify OK: $plist_id cron_runs updated ${run_age}s ago"
+        return 0
+      fi
+    fi
+  fi
+
   if [ -n "$log_stdout" ] && [ -f "$log_stdout" ]; then
     local age
     age=$(file_age "$log_stdout")
@@ -408,6 +443,51 @@ process_running() {
   fi
 }
 
+cron_id_from_service() {
+  local svc_id="$1"
+  if $IS_MACOS; then
+    echo "${svc_id#com.nexo.}"
+  else
+    echo "${svc_id#nexo-}" | sed 's/\.timer$//'
+  fi
+}
+
+cron_last_run_info() {
+  local cron_id="$1"
+  [ ! -f "$DB_PATH" ] && return 1
+  sqlite3 -separator '|' "$DB_PATH" "
+    SELECT
+      CAST(strftime('%s','now') - strftime('%s', started_at) AS INTEGER) AS age_secs,
+      COALESCE(started_at, ''),
+      COALESCE(ended_at, ''),
+      COALESCE(exit_code, ''),
+      COALESCE(error, ''),
+      COALESCE(summary, '')
+    FROM cron_runs
+    WHERE cron_id = '$cron_id'
+    ORDER BY id DESC
+    LIMIT 1;
+  " 2>/dev/null
+}
+
+classify_log_issue() {
+  local logfile="$1"
+  if [ ! -f "$logfile" ] || [ ! -s "$logfile" ]; then
+    return 0
+  fi
+  local tail_text
+  tail_text=$(tail -50 "$logfile" 2>/dev/null || true)
+  if echo "$tail_text" | grep -q "Operation not permitted"; then
+    echo "tcc"
+  elif echo "$tail_text" | grep -q "ModuleNotFoundError"; then
+    echo "dependency"
+  elif echo "$tail_text" | grep -q "SyntaxError"; then
+    echo "syntax"
+  elif echo "$tail_text" | grep -q "sqlite3.OperationalError"; then
+    echo "schema"
+  fi
+}
+
 # Escape strings for JSON
 json_escape() {
   echo "$1" | sed 's/\\/\\\\/g; s/"/\\"/g; s/	/ /g' | tr '\n' ' '
@@ -427,8 +507,9 @@ FAILED_MONITORS=()  # Track failed monitors for Level 2 repair
 for monitor in "${MONITORS[@]}"; do
   # Skip comment lines
   [[ "$monitor" =~ ^[[:space:]]*# ]] && continue
-  IFS='|' read -r name plist_id log_stdout log_stderr max_stale proc_grep schedule mon_type <<< "$monitor"
+  IFS='|' read -r name plist_id log_stdout log_stderr max_stale proc_grep schedule mon_type recovery_policy <<< "$monitor"
   mon_type="${mon_type:-core}"
+  recovery_policy="${recovery_policy:-restart}"
 
   status="PASS"
   details=""
@@ -436,6 +517,10 @@ for monitor in "${MONITORS[@]}"; do
   stale_age="n/a"
   error_count=0
   proc_alive="n/a"
+  error_kind=""
+  cron_id=$(cron_id_from_service "$plist_id")
+  latest_run_has_record=false
+  latest_run_failed=false
 
   # Check 1: Service loaded? (launchd on macOS, systemd on Linux)
   if is_loaded "$plist_id"; then
@@ -490,8 +575,69 @@ for monitor in "${MONITORS[@]}"; do
     fi
   fi
 
-  # Check 3: Log staleness + AUTO RE-EXECUTE missed crons
-  if [ -n "$log_stdout" ] && [ "$max_stale" -gt 0 ]; then
+  # Check 3: Staleness + AUTO RE-EXECUTE missed crons
+  if [ "$mon_type" = "core" ] && [ "$max_stale" -gt 0 ]; then
+    run_info=$(cron_last_run_info "$cron_id" || true)
+    if [ -n "$run_info" ]; then
+      latest_run_has_record=true
+      IFS='|' read -r age _ _ last_exit last_error last_summary <<< "$run_info"
+      age="${age:-999999}"
+      stale_age=$(format_age "$age")
+      if [ -n "$last_exit" ] && [ "$last_exit" != "0" ]; then
+        latest_run_failed=true
+        status="FAIL"
+        details="${details}Last run exited ${last_exit}. "
+        [ -n "$last_error" ] && details="${details}Error: ${last_error}. "
+      fi
+      if [ "$age" -gt $(( max_stale * 3 )) ]; then
+        if [ "$recovery_policy" = "catchup" ]; then
+          if try_request_catchup; then
+            status="HEALED"
+            details="${details}Self-healed: requested catchup for missed window (last run: $stale_age). "
+            TOTAL_HEALED=$((TOTAL_HEALED + 1))
+          else
+            status="FAIL"
+            details="${details}cron_runs stale: $stale_age (limit: $(format_age "$max_stale")). Catchup request failed. "
+          fi
+        else
+          if try_reexecute_missed_cron "$plist_id"; then
+            status="HEALED"
+            details="${details}Self-healed: re-executed missed cron (last run: $stale_age). "
+            TOTAL_HEALED=$((TOTAL_HEALED + 1))
+          else
+            status="FAIL"
+            details="${details}cron_runs stale: $stale_age (limit: $(format_age "$max_stale")). Re-execute failed. "
+          fi
+        fi
+      elif [ "$age" -gt "$max_stale" ]; then
+        [ "$status" = "PASS" ] && status="WARN"
+        details="${details}cron_runs slightly stale: $stale_age. "
+      elif [ -z "$details" ] && [ -n "$last_summary" ]; then
+        details="${details}Last run summary: ${last_summary}. "
+      fi
+    else
+      stale_age="no cron_runs entry"
+      if [ "$recovery_policy" = "catchup" ]; then
+        if try_request_catchup; then
+          status="HEALED"
+          details="${details}Self-healed: requested catchup for missing cron_runs entry. "
+          TOTAL_HEALED=$((TOTAL_HEALED + 1))
+        else
+          status="FAIL"
+          details="${details}No cron_runs entry recorded yet and catchup request failed. "
+        fi
+      else
+        if try_reexecute_missed_cron "$plist_id"; then
+          status="HEALED"
+          details="${details}Self-healed: executed missing cron for first run. "
+          TOTAL_HEALED=$((TOTAL_HEALED + 1))
+        else
+          status="FAIL"
+          details="${details}No cron_runs entry recorded yet. "
+        fi
+      fi
+    fi
+  elif [ -n "$log_stdout" ] && [ "$max_stale" -gt 0 ]; then
     age=$(file_age "$log_stdout")
     stale_age=$(format_age "$age")
     if [ "$age" -gt $(( max_stale * 3 )) ]; then
@@ -519,10 +665,35 @@ for monitor in "${MONITORS[@]}"; do
 
   # Check 4: Errors in stderr log
   if [ -n "$log_stderr" ]; then
-    error_count=$(check_errors "$log_stderr")
-    if [ "$error_count" -gt 5 ]; then
-      [ "$status" = "PASS" ] && status="WARN"
-      details="${details}${error_count} errors in recent stderr. "
+    consider_stderr=true
+    if [ "$mon_type" = "core" ] && $latest_run_has_record && ! $latest_run_failed && [ "$loaded" = "yes" ]; then
+      consider_stderr=false
+    fi
+    if $consider_stderr; then
+      error_count=$(check_errors "$log_stderr")
+      error_kind=$(classify_log_issue "$log_stderr" || true)
+      if [ "$error_count" -gt 5 ]; then
+        [ "$status" = "PASS" ] && status="WARN"
+        details="${details}${error_count} errors in recent stderr. "
+      fi
+      case "$error_kind" in
+        tcc)
+          status="FAIL"
+          details="${details}Recent stderr shows macOS TCC/Sandbox denial ('Operation not permitted'). "
+          ;;
+        dependency)
+          [ "$status" = "PASS" ] && status="WARN"
+          details="${details}Recent stderr shows missing Python dependency. "
+          ;;
+        syntax)
+          status="FAIL"
+          details="${details}Recent stderr shows syntax error. "
+          ;;
+        schema)
+          status="FAIL"
+          details="${details}Recent stderr shows DB/schema mismatch. "
+          ;;
+      esac
     fi
   fi
 
@@ -557,7 +728,7 @@ done
 # --- Cron job checks ---
 CRON_JSON=""
 CRON_REPORT=""
-for cron_entry in "${CRON_MONITORS[@]}"; do
+for cron_entry in ${CRON_MONITORS[@]+"${CRON_MONITORS[@]}"}; do
   IFS='|' read -r name script check_path max_stale schedule <<< "$cron_entry"
 
   c_status="PASS"
@@ -656,6 +827,7 @@ fi
 # --- Immutable file integrity ---
 IMMUTABLE_STATUS="PASS"
 IMMUTABLE_DETAIL=""
+OBJECTIVE="$CORTEX_DIR/evolution-objective.json"
 if [ -f "$HASH_REGISTRY" ]; then
   TAMPERED=0
   while IFS='|' read -r filepath expected_hash; do
@@ -676,7 +848,6 @@ if [ -f "$HASH_REGISTRY" ]; then
     IMMUTABLE_STATUS="FAIL"
     IMMUTABLE_DETAIL="$TAMPERED immutable files tampered"
     TOTAL_FAIL=$((TOTAL_FAIL + 1))
-    OBJECTIVE="$CORTEX_DIR/evolution-objective.json"
     if [ -f "$OBJECTIVE" ]; then
       python3 -c "
 import json
@@ -690,6 +861,23 @@ with open('$OBJECTIVE', 'w') as f: json.dump(d, f, indent=2)
   else
     IMMUTABLE_DETAIL="All files intact"
     TOTAL_PASS=$((TOTAL_PASS + 1))
+    if [ -f "$OBJECTIVE" ]; then
+      python3 -c "
+import json
+from pathlib import Path
+obj = Path('$OBJECTIVE')
+try:
+    data = json.loads(obj.read_text())
+except Exception:
+    raise SystemExit(0)
+reason = data.get('disabled_reason', '') or ''
+if data.get('evolution_enabled') is False and 'watchdog disabled Evolution' in reason:
+    data['evolution_enabled'] = True
+    data.pop('disabled_reason', None)
+    obj.write_text(json.dumps(data, indent=2, ensure_ascii=False))
+    print('REENABLED')
+" 2>/dev/null | grep -q "REENABLED" && log "REENABLED Evolution after immutable integrity recovered"
+    fi
   fi
 else
   IMMUTABLE_DETAIL="No hash registry (skipped)"
@@ -973,7 +1161,7 @@ NEXOPROMPT
           VERIFY_FAIL=0
           for failed in ${FAILED_MONITORS[@]+"${FAILED_MONITORS[@]}"}; do
             IFS='|' read -r v_name v_plist v_stdout v_stderr v_proc v_sched v_type v_details <<< "$failed"
-            if try_verify_repair "$v_plist" "$v_stdout" "$v_proc"; then
+            if try_verify_repair "$v_plist" "$v_stdout" "$v_proc" "$v_type"; then
               VERIFY_PASS=$((VERIFY_PASS + 1))
               log "VERIFY OK: $v_name"
             else

package/src/tools_learnings.py

@@ -23,6 +23,14 @@ def handle_learning_add(category: str, title: str, content: str, reasoning: str
     category = category.lower().strip()
     if not category:
         return "ERROR: Category cannot be empty."
+    # Dedup guard: block exact title duplicates in same category
+    conn = get_db()
+    existing = conn.execute(
+        "SELECT id, title FROM learnings WHERE LOWER(title) = LOWER(?) AND category = ? AND status = 'active'",
+        (title.strip(), category)
+    ).fetchone()
+    if existing:
+        return f"Learning #{existing['id']} already exists with same title in {category}: {existing['title']}. Use nexo_learning_update to modify it."
     result = create_learning(
         category, title, content, reasoning=reasoning
     )

package/templates/launchagents/com.nexo.catchup.plist

@@ -1,11 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- com.nexo.catchup
-     Runs nexo-catchup.py once at login (RunAtLoad, no recurring schedule)
-     to handle tasks that were missed while the computer was off or
-     sleeping. Processes any overdue followups, expired reminders, and
-     scheduled jobs that launchd could not fire during downtime. This
-     ensures NEXO's scheduled maintenance never falls through the cracks
-     after a reboot or prolonged sleep period.
+     Runs nexo-catchup.py at login and every 15 minutes so missed core
+     windows are recovered after boot, wake, or prolonged sleep.
+     Recovery is gated by cron_runs plus the manifest recovery contract,
+     so catchup only replays jobs that are safe and still inside their
+     allowed catch-up window.
 -->
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@@ -19,6 +18,8 @@
     </array>
     <key>RunAtLoad</key>
     <true/>
+    <key>StartInterval</key>
+    <integer>900</integer>
     <key>StandardOutPath</key>
     <string>{{NEXO_HOME}}/logs/catchup-stdout.log</string>
     <key>StandardErrorPath</key>

package/templates/script-template.py

@@ -1,9 +1,12 @@
 #!/usr/bin/env python3
 # nexo: name=example-script
 # nexo: description=Example personal script using the stable NEXO CLI
+# nexo: category=automation
 # nexo: runtime=python
 # nexo: timeout=60
 # nexo: tools=nexo_learning_search,nexo_schedule_status
+# nexo: interval_seconds=300
+# nexo: schedule_required=false
 
 """Example personal script for NEXO.
 

package/templates/script-template.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# nexo: name=example-script
+# nexo: description=Example personal shell script using the stable NEXO CLI
+# nexo: category=automation
+# nexo: runtime=shell
+# nexo: timeout=60
+# nexo: schedule=08:00
+# nexo: schedule_required=false
+
+set -euo pipefail
+
+echo "Hello from NEXO personal shell script"
+echo "NEXO_HOME=${NEXO_HOME:-}"

package/src/scripts/nexo-day-orchestrator.sh

@@ -1,139 +0,0 @@
-#!/bin/bash
-# ============================================================================
-# NEXO Day Orchestrator — autonomous NEXO cycle every 15 min
-# Schedule: keepAlive, self-enforced operating hours (default 8:00-23:00)
-#
-# This is NOT a Python script that simulates intelligence.
-# This launches Claude Code as NEXO with full MCP access.
-# NEXO thinks, acts, and reports — like any interactive session.
-# ============================================================================
-set -euo pipefail
-
-NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
-LOG_DIR="$NEXO_HOME/logs"
-mkdir -p "$LOG_DIR" "$NEXO_HOME/operations"
-
-# --- Configuration ---
-CYCLE_INTERVAL=900  # 15 minutes between cycles
-CYCLE_TIMEOUT=600   # 10 min max per cycle
-MAX_TURNS=30        # Claude max turns per cycle
-HOUR_START=8
-HOUR_END=23
-
-# --- Find Claude CLI ---
-find_claude() {
-    for candidate in \
-        "$(command -v claude 2>/dev/null)" \
-        "$HOME/.claude/local/claude" \
-        "/opt/homebrew/bin/claude" \
-        "/usr/local/bin/claude"; do
-        if [ -n "$candidate" ] && [ -x "$candidate" ]; then
-            echo "$candidate"
-            return 0
-        fi
-    done
-    return 1
-}
-
-CLAUDE=$(find_claude) || {
-    echo "$(date '+%Y-%m-%d %H:%M') ERROR: claude CLI not found" >&2
-    exit 1
-}
-
-# --- Prevent overlapping cycles ---
-LOCKFILE="$NEXO_HOME/operations/.orchestrator.lock"
-acquire_lock() {
-    if [ -f "$LOCKFILE" ]; then
-        local pid
-        pid=$(cat "$LOCKFILE" 2>/dev/null || echo "")
-        if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
-            return 1  # Still running
-        fi
-    fi
-    echo $$ > "$LOCKFILE"
-    return 0
-}
-release_lock() { rm -f "$LOCKFILE"; }
-
-# --- The orchestrator prompt ---
-PROMPT='You are NEXO in autonomous orchestrator mode. The user is NOT present. You have 5 minutes max.
-
-ABSOLUTE PRIORITY: act, do not list. If you can do something, do it. If you need the user, send email.
-
-CHECKLIST (in this order):
-
-1. OVERDUE FOLLOWUPS: nexo_reminders(filter="due") + nexo_reminders(filter="followups")
-   - NEXO tasks (verify, check, monitor) → DO THEM NOW
-   - Tasks needing user decision → accumulate for email
-   - Completed ones → nexo_followup_complete
-
-2. EMAIL: nexo_email_inbox(unread_only=true, limit=10)
-   - Emails you can process → process them
-   - Important emails for user → accumulate for email
-
-3. INFRASTRUCTURE: nexo_doctor(tier="runtime")
-   - If degraded/critical → try to fix
-
-4. EMAIL TO USER (only if there is something to report):
-   - nexo_email_send with clean HTML summary
-   - Only what needs attention or decision
-   - Include what you ALREADY DID (not just pending items)
-   - If nothing relevant → DO NOT send email
-   - Max 1 email per cycle
-
-5. DIARY: nexo_session_diary_write with what you did
-
-RULES:
-- DO NOT ask permission. autonomy=full
-- DO NOT send empty or "all ok" emails
-- DO NOT list things without acting
-- If a followup is executable → execute it before reporting
-- Use nexo_heartbeat at start
-- Clean close: diary + nexo_stop'
-
-# --- Main loop ---
-echo "$(date '+%Y-%m-%d %H:%M') NEXO Day Orchestrator starting (PID $$)"
-echo "  Claude: $CLAUDE"
-echo "  Cycle: every ${CYCLE_INTERVAL}s, ${HOUR_START}:00-${HOUR_END}:00"
-echo "  Timeout: ${CYCLE_TIMEOUT}s, max turns: $MAX_TURNS"
-
-while true; do
-    HOUR=$(date +%H | sed 's/^0//')
-
-    # Outside operating hours — sleep and check again
-    if [ "$HOUR" -lt "$HOUR_START" ] || [ "$HOUR" -ge "$HOUR_END" ]; then
-        sleep 300  # Check every 5 min if we're back in hours
-        continue
-    fi
-
-    # Try to acquire lock
-    if ! acquire_lock; then
-        echo "$(date '+%Y-%m-%d %H:%M') Previous cycle still running. Skipping."
-        sleep "$CYCLE_INTERVAL"
-        continue
-    fi
-
-    TIMESTAMP=$(date '+%Y-%m-%d_%H%M')
-    LOGFILE="$LOG_DIR/orchestrator-$TIMESTAMP.log"
-    echo "$(date '+%Y-%m-%d %H:%M') Cycle starting..."
-
-    # Launch Claude Code as NEXO
-    set +e
-    timeout "$CYCLE_TIMEOUT" "$CLAUDE" \
-        --dangerously-skip-permissions \
-        -p "$PROMPT" \
-        --max-turns "$MAX_TURNS" \
-        >>"$LOGFILE" 2>&1
-    EXIT_CODE=$?
-    set -e
-
-    echo "$(date '+%Y-%m-%d %H:%M') Cycle finished (exit $EXIT_CODE)" | tee -a "$LOGFILE"
-
-    release_lock
-
-    # Clean old logs (keep 7 days)
-    find "$LOG_DIR" -name "orchestrator-*.log" -mtime +7 -delete 2>/dev/null || true
-
-    # Sleep until next cycle
-    sleep "$CYCLE_INTERVAL"
-done