nexo-brain 2.5.0 → 2.6.0

package/src/scripts/nexo-catchup.py

@@ -1,23 +1,26 @@
 #!/usr/bin/env python3
-"""
-NEXO Catch-Up — Runs at boot/wake to recover any missed scheduled tasks.
-
-Tasks are loaded dynamically from crons/manifest.json (single source of truth).
-Only scheduled crons (with hour/minute) are recovered — interval-based crons
-(immune, watchdog, auto-close) restart automatically via launchd/systemd.
+"""NEXO Catch-Up — recover missed core cron windows after boot/wake.
 
-Logic: For each scheduled task, check if its last successful run was before
-the most recent scheduled time. If so, run it now. Only marks success on exit 0.
-Uses cron/launchd weekday convention (0=Sunday) converted to Python (0=Monday).
+Recovery is driven by the explicit manifest contract plus cron_runs.
+Legacy .catchup-state.json is now only a fallback for pre-wrapper history.
 """
 
+import fcntl
 import json
 import os
 import subprocess
 import sys
-from datetime import datetime, timedelta
+from datetime import datetime
 from pathlib import Path
 
+_SCRIPT_DIR = Path(__file__).resolve().parent
+_DEFAULT_RUNTIME_ROOT = _SCRIPT_DIR.parent
+_runtime_root = Path(os.environ.get("NEXO_CODE", str(_DEFAULT_RUNTIME_ROOT)))
+if str(_runtime_root) not in sys.path:
+    sys.path.insert(0, str(_runtime_root))
+
+from cron_recovery import catchup_candidates
+
 HOME = Path.home()
 NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(HOME / ".nexo")))
 
@@ -48,8 +51,10 @@ LOG_DIR = NEXO_HOME / "logs"
 LOG_DIR.mkdir(parents=True, exist_ok=True)
 LOG_FILE = LOG_DIR / "catchup.log"
 STATE_FILE = NEXO_HOME / "operations" / ".catchup-state.json"
+LOCK_FILE = NEXO_HOME / "operations" / ".catchup.lock"
 
 SCRIPTS = NEXO_HOME / "scripts"
+WRAPPER = SCRIPTS / "nexo-cron-wrapper.sh"
 
 # Resolve Python: prefer NEXO's venv, then the same Python running this script
 def _resolve_python() -> str:
@@ -68,52 +73,6 @@ def _resolve_python() -> str:
     return sys.executable
 
 NEXO_PYTHON = _resolve_python()
-NEXO_CODE = Path(os.environ.get("NEXO_CODE", str(Path(__file__).resolve().parent.parent)))
-# Look for manifest in NEXO_HOME first (packaged install), then NEXO_CODE (dev/repo)
-_manifest_home = NEXO_HOME / "crons" / "manifest.json"
-_manifest_code = NEXO_CODE / "crons" / "manifest.json"
-MANIFEST = _manifest_home if _manifest_home.exists() else _manifest_code
-
-
-def _load_tasks_from_manifest() -> list[tuple]:
-    """Read scheduled tasks from manifest.json — single source of truth.
-
-    Only includes crons with a schedule (hour/minute). Excludes interval-based
-    crons (immune, watchdog, auto-close) and run_at_load (catchup itself).
-    Returns: list of (name, hour, minute, python_or_bash, script, weekday)
-    """
-    if not MANIFEST.exists():
-        log(f"WARNING: manifest not found at {MANIFEST}, using empty task list")
-        return []
-
-    with open(MANIFEST) as f:
-        data = json.load(f)
-
-    tasks = []
-    for cron in data.get("crons", []):
-        schedule = cron.get("schedule")
-        if not schedule or "hour" not in schedule:
-            continue  # Skip interval-based and run_at_load crons
-        if cron["id"] == "catchup":
-            continue  # Don't catch up ourselves
-
-        script = cron["script"]
-        script_type = cron.get("type", "python")
-        interpreter = NEXO_PYTHON if script_type == "python" else "/bin/bash"
-        weekday = schedule.get("weekday")
-
-        tasks.append((
-            cron["id"],
-            schedule["hour"],
-            schedule["minute"],
-            interpreter,
-            Path(script).name,
-            weekday,
-        ))
-
-    # Sort by hour, minute for correct execution order
-    tasks.sort(key=lambda t: (t[1], t[2]))
-    return tasks
 
 
 def log(msg: str):
@@ -138,59 +97,48 @@ def save_state(state: dict):
     STATE_FILE.write_text(json.dumps(state, indent=2))
 
 
-def last_scheduled_time(hour: int, minute: int, weekday: int = None) -> datetime:
-    """Calculate the most recent time this task should have run."""
-    now = datetime.now()
-    today_at = now.replace(hour=hour, minute=minute, second=0, microsecond=0)
-
-    if weekday is not None:
-        # Weekly task — find the most recent matching weekday
-        # Manifest uses cron/launchd convention: 0=Sunday, 6=Saturday
-        # Python datetime.weekday() uses: 0=Monday, 6=Sunday
-        # Convert: manifest 0 (Sun) -> python 6, manifest 1 (Mon) -> python 0, etc.
-        py_weekday = (weekday - 1) % 7
-        days_since = (now.weekday() - py_weekday) % 7
-        target = now - timedelta(days=days_since)
-        target = target.replace(hour=hour, minute=minute, second=0, microsecond=0)
-        if target > now:
-            target -= timedelta(weeks=1)
-        return target
-
-    # Daily task
-    if today_at <= now:
-        return today_at
-    else:
-        return today_at - timedelta(days=1)
-
+def _resolve_runtime_command(script_type: str) -> str:
+    if script_type == "shell":
+        return "/bin/bash"
+    if script_type == "node":
+        return "node"
+    if script_type == "php":
+        return "php"
+    return NEXO_PYTHON
 
-def should_run(task_name: str, hour: int, minute: int, state: dict, weekday: int = None) -> bool:
-    """Check if task needs catch-up: last run was before last scheduled time."""
-    last_run_str = state.get(task_name)
-    last_scheduled = last_scheduled_time(hour, minute, weekday)
-
-    if not last_run_str:
-        # Never ran — should run
-        return True
 
+def _acquire_lock():
+    LOCK_FILE.parent.mkdir(parents=True, exist_ok=True)
+    handle = LOCK_FILE.open("w")
     try:
-        last_run = datetime.fromisoformat(last_run_str)
-    except ValueError:
-        return True
-
-    return last_run < last_scheduled
+        fcntl.flock(handle.fileno(), fcntl.LOCK_EX | fcntl.LOCK_NB)
+    except BlockingIOError:
+        handle.close()
+        return None
+    handle.write(str(os.getpid()))
+    handle.flush()
+    return handle
 
 
-def run_task(name: str, python: str, script: str, state: dict) -> bool:
+def run_task(candidate: dict, state: dict) -> bool:
     """Execute a task and update state."""
-    script_path = str(SCRIPTS / script)
+    name = candidate["cron_id"]
+    script_name = Path(candidate["script"]).name
+    script_path = str(SCRIPTS / script_name)
     if not Path(script_path).exists():
         log(f"  SKIP {name}: script not found ({script_path})")
         return False
 
-    log(f"  RUNNING {name}: {script}")
+    runtime_cmd = _resolve_runtime_command(candidate.get("type", "python"))
+    if WRAPPER.exists():
+        command = ["/bin/bash", str(WRAPPER), name, runtime_cmd, script_path]
+    else:
+        command = [runtime_cmd, script_path]
+
+    log(f"  RUNNING {name}: {script_name}")
     try:
         result = subprocess.run(
-            [python, script_path],
+            command,
             capture_output=True, text=True, timeout=21600,
             env={**os.environ, "HOME": str(HOME), "NEXO_CATCHUP": "1"}
         )
@@ -205,7 +153,7 @@ def run_task(name: str, python: str, script: str, state: dict) -> bool:
                 log(f"    stderr: {result.stderr[:300]}")
             return False
     except subprocess.TimeoutExpired:
-        log(f"  TIMEOUT {name} (300s)")
+        log(f"  TIMEOUT {name} (21600s)")
         return False
     except Exception as e:
         log(f"  ERROR {name}: {e}")
@@ -214,28 +162,45 @@ def run_task(name: str, python: str, script: str, state: dict) -> bool:
 
 def main():
     log("=== NEXO Catch-Up starting (boot/wake) ===")
-    state = load_state()
+    lock_handle = _acquire_lock()
+    if lock_handle is None:
+        log("Catch-Up already running; skipping overlapping invocation.")
+        return
 
-    # Read tasks from manifest — single source of truth
-    tasks = _load_tasks_from_manifest()
+    state = load_state()
+    tasks = catchup_candidates()
 
     ran = 0
     skipped = 0
-    for name, hour, minute, python, script, weekday in tasks:
-        if should_run(name, hour, minute, state, weekday):
-            log(f"  {name} — missed scheduled run, catching up...")
-            if run_task(name, python, script, state):
+    skipped_out_of_window = 0
+    try:
+        for candidate in tasks:
+            name = candidate["cron_id"]
+            if not candidate.get("missed"):
+                skipped += 1
+                continue
+            if not candidate.get("within_window"):
+                skipped_out_of_window += 1
+                log(
+                    f"  SKIP {name}: missed window is {candidate['age_seconds']}s old "
+                    f"(max_catchup_age={candidate['contract']['max_catchup_age']}s)"
+                )
+                continue
+            due_at = candidate["last_due_at"].astimezone().strftime("%Y-%m-%d %H:%M")
+            log(f"  {name} — missed scheduled run due at {due_at}, catching up...")
+            if run_task(candidate, state):
                 ran += 1
-        else:
-            skipped += 1
+    finally:
+        lock_handle.close()
 
-    if ran == 0:
+    if ran == 0 and skipped_out_of_window == 0:
         log("All tasks up to date, nothing to catch up.")
     elif ran >= 3:
         # Many tasks caught up — ask CLI to assess system state
         _cli_post_catchup_assessment(ran, skipped, state)
     else:
-        log(f"Caught up {ran} tasks, {skipped} already current.")
+        suffix = f", {skipped_out_of_window} outside recovery window" if skipped_out_of_window else ""
+        log(f"Caught up {ran} tasks, {skipped} already current{suffix}.")
 
     log("=== Catch-Up complete ===")
 

package/src/scripts/nexo-evolution-run.py

@@ -34,36 +34,90 @@ SANDBOX_DIR = CLAUDE_DIR / "sandbox" / "workspace"
 MAX_CONSECUTIVE_FAILURES = 3
 MAX_SNAPSHOTS = 8
 
-# ── Safe zones for AUTO execution ────────────────────────────────────────
-# "review" mode (owner): broader zones, but nothing executes without approval
-# "auto" mode (public users): restricted to user scripts and plugins ONLY
-AUTO_SAFE_PREFIXES = [
-    str(CLAUDE_DIR / "scripts") + "/",
-    str(CLAUDE_DIR / "brain") + "/",
-    str(NEXO_CODE / "plugins") + "/",
-    str(CLAUDE_DIR / "logs") + "/",
-    str(CLAUDE_DIR / "coordination") + "/",
-]
-
-# Public mode: user scripts and plugins only — NEVER core code
-AUTO_SAFE_PREFIXES_PUBLIC = [
-    str(CLAUDE_DIR / "scripts") + "/",
-    str(CLAUDE_DIR / "plugins") + "/",
-]
-
-# ── Immutable files — NEVER touch (applies to ALL modes) ────────────────
-IMMUTABLE_FILES = {
-    "db.py", "server.py", "plugin_loader.py", "nexo-watchdog.sh",
-    "cortex-wrapper.py", "CLAUDE.md", "personality.md",
-    "user-profile.md", "evolution_cycle.py",
-    # Core cognitive engine — never auto-modified
-    "cognitive.py", "knowledge_graph.py", "storage_router.py",
-    # Core tools — never auto-modified
-    "tools_sessions.py", "tools_coordination.py", "tools_reminders.py",
-    "tools_reminders_crud.py", "tools_learnings.py", "tools_credentials.py",
-    "tools_task_history.py", "tools_menu.py",
+# ── Immutable files — split by risk tier ────────────────────────────────
+# These remain locked even in managed mode because they can break bootstrap,
+# persistence, or the evolution engine itself.
+GLOBAL_IMMUTABLE_FILES = {
+    "db.py",
+    "server.py",
+    "plugin_loader.py",
+    "nexo-watchdog.sh",
+    "cortex-wrapper.py",
+    "CLAUDE.md",
+    "personality.md",
+    "user-profile.md",
+    "evolution_cycle.py",
+    "storage_router.py",
 }
 
+# Managed mode may autoevolve behavior/tooling modules, but auto/review keep
+# these guarded to stay conservative for public installs.
+STANDARD_MODE_IMMUTABLE_FILES = {
+    "cognitive.py",
+    "knowledge_graph.py",
+    "tools_sessions.py",
+    "tools_coordination.py",
+    "tools_reminders.py",
+    "tools_reminders_crud.py",
+    "tools_learnings.py",
+    "tools_credentials.py",
+    "tools_task_history.py",
+    "tools_menu.py",
+}
+
+
+def _repo_root() -> Path | None:
+    candidate = NEXO_CODE.parent
+    if (candidate / "package.json").exists():
+        return candidate
+    return None
+
+
+def _public_safe_prefixes() -> list[str]:
+    return [
+        str(CLAUDE_DIR / "scripts") + "/",
+        str(CLAUDE_DIR / "plugins") + "/",
+        str(CLAUDE_DIR / "skills") + "/",
+        str(CLAUDE_DIR / "skills-runtime") + "/",
+    ]
+
+
+def _managed_safe_prefixes() -> list[str]:
+    prefixes = [
+        str(CLAUDE_DIR / "scripts") + "/",
+        str(CLAUDE_DIR / "plugins") + "/",
+        str(CLAUDE_DIR / "brain") + "/",
+        str(CLAUDE_DIR / "coordination") + "/",
+        str(CLAUDE_DIR / "logs") + "/",
+        str(CLAUDE_DIR / "skills") + "/",
+        str(CLAUDE_DIR / "skills-core") + "/",
+        str(CLAUDE_DIR / "skills-runtime") + "/",
+        str(NEXO_CODE) + "/",
+    ]
+    repo_root = _repo_root()
+    if repo_root:
+        for rel in ("bin", "docs", "templates", "tests"):
+            prefixes.append(str(repo_root / rel) + "/")
+    return prefixes
+
+
+def _normalize_mode(mode: str) -> str:
+    value = str(mode or "auto").strip().lower()
+    aliases = {
+        "owner": "managed",
+        "core": "managed",
+        "hybrid": "managed",
+        "manual": "review",
+    }
+    return aliases.get(value, value if value in {"auto", "review", "managed"} else "auto")
+
+
+def _immutable_files_for_mode(mode: str) -> set[str]:
+    normalized = _normalize_mode(mode)
+    if normalized == "managed":
+        return set(GLOBAL_IMMUTABLE_FILES)
+    return set(GLOBAL_IMMUTABLE_FILES) | set(STANDARD_MODE_IMMUTABLE_FILES)
+
 # ── Claude CLI path ──────────────────────────────────────────────────────
 def _resolve_claude_cli() -> Path:
     """Find claude CLI: saved path > PATH > common locations."""
@@ -162,16 +216,18 @@ def call_claude_cli(prompt: str) -> str:
 # ── File safety validation ───────────────────────────────────────────────
 def is_safe_path(filepath: str, mode: str = "auto") -> bool:
     """Check if a file path is within safe zones and not immutable.
-    mode='auto' (public): restricted to scripts/ and plugins/ only.
-    mode='review' (owner): broader zones but nothing executes without approval anyway.
+    mode='auto' (public): restricted to personal automation surfaces.
+    mode='managed' (owner): broader repo/core surfaces with rollback.
+    mode='review': broader zones for proposal validation, but no execution.
     """
     expanded = str(Path(filepath).expanduser().resolve())
     filename = Path(expanded).name
+    mode = _normalize_mode(mode)
 
-    if filename in IMMUTABLE_FILES:
+    if filename in _immutable_files_for_mode(mode):
         return False
 
-    prefixes = AUTO_SAFE_PREFIXES if mode == "review" else AUTO_SAFE_PREFIXES_PUBLIC
+    prefixes = _managed_safe_prefixes() if mode in {"managed", "review"} else _public_safe_prefixes()
     for prefix in prefixes:
         resolved_prefix = str(Path(prefix).expanduser().resolve())
         if expanded.startswith(resolved_prefix):
@@ -218,13 +274,13 @@ def validate_syntax(filepath: str) -> tuple[bool, str]:
 
 
 # ── Apply a single change operation ──────────────────────────────────────
-def apply_change(change: dict) -> tuple[bool, str]:
+def apply_change(change: dict, mode: str = "auto") -> tuple[bool, str]:
     """Apply a single file change operation. Returns (success, message)."""
     filepath = str(Path(change["file"]).expanduser())
     operation = change.get("operation", "")
     content = change.get("content", "")
 
-    if not is_safe_path(filepath):
+    if not is_safe_path(filepath, mode=mode):
         return False, f"BLOCKED: {filepath} is outside safe zones or immutable"
 
     try:
@@ -269,7 +325,7 @@ def apply_change(change: dict) -> tuple[bool, str]:
 
 
 # ── Execute AUTO proposals ───────────────────────────────────────────────
-def execute_auto_proposal(proposal: dict, cycle_num: int, conn: sqlite3.Connection) -> dict:
+def execute_auto_proposal(proposal: dict, cycle_num: int, conn: sqlite3.Connection, mode: str = "auto") -> dict:
     """Execute an AUTO proposal with snapshot/apply/validate/rollback."""
     changes = proposal.get("changes", [])
     if not changes:
@@ -278,7 +334,7 @@ def execute_auto_proposal(proposal: dict, cycle_num: int, conn: sqlite3.Connecti
     # Validate all paths first
     for change in changes:
         filepath = str(Path(change["file"]).expanduser())
-        if not is_safe_path(filepath):
+        if not is_safe_path(filepath, mode=mode):
             return {"status": "blocked", "reason": f"Unsafe path: {filepath}"}
 
     # Collect files to snapshot (existing files only)
@@ -299,7 +355,7 @@ def execute_auto_proposal(proposal: dict, cycle_num: int, conn: sqlite3.Connecti
     all_results = []
     try:
         for change in changes:
-            success, msg = apply_change(change)
+            success, msg = apply_change(change, mode=mode)
             all_results.append(msg)
             log(f"    {msg}")
             if not success:
@@ -343,57 +399,102 @@ def execute_auto_proposal(proposal: dict, cycle_num: int, conn: sqlite3.Connecti
                     log(f"  Removed created file: {filepath}")
 
         return {
-            "status": "failed",
+            "status": "rolled_back",
             "snapshot_ref": snapshot_ref,
             "files_changed": [],
             "test_result": f"ROLLBACK: {e}; " + "; ".join(all_results),
         }
 
 
-# ── Review followup for owner mode ──────────────────────────────────────
-def _create_review_followup(conn: sqlite3.Connection, cycle_num: int,
-                            items: list[dict], analysis: str):
-    """Create a followup summarizing Evolution proposals for owner review."""
+# ── Followups for managed/review modes ──────────────────────────────────
+def _insert_followup(conn: sqlite3.Connection, followup_id: str, description: str,
+                     verification: str, due_date: str | None = None):
+    now_epoch = datetime.now().timestamp()
+    conn.execute(
+        "INSERT OR REPLACE INTO followups (id, description, date, status, verification, created_at, updated_at) "
+        "VALUES (?, ?, ?, 'PENDING', ?, ?, ?)",
+        (followup_id, description, due_date, verification, now_epoch, now_epoch)
+    )
+    conn.commit()
+
+
+def _create_cycle_followup(conn: sqlite3.Connection, cycle_num: int,
+                           items: list[dict], analysis: str, mode: str):
+    """Create a followup summarizing pending proposals or owner review items."""
     tomorrow = (date.today() + timedelta(days=1)).isoformat()
     followup_id = f"NF-EVO-C{cycle_num}"
 
     public_items = [i for i in items if i.get("scope") == "public"]
     local_items = [i for i in items if i.get("scope") != "public"]
 
-    lines = [f"Evolution Cycle #{cycle_num} — {len(items)} proposals to review."]
+    title = "proposals to review" if mode == "review" else "items needing attention"
+    lines = [f"Evolution Cycle #{cycle_num} — {len(items)} {title}."]
     lines.append(f"Analysis: {analysis[:200]}")
     lines.append("")
 
     if public_items:
         lines.append(f"FOR EVERYONE ({len(public_items)}):")
         for i, item in enumerate(public_items, 1):
-            lines.append(f"  {i}. [{item['dimension']}] {item['action'][:120]}")
+            status = item.get("status", "proposed").upper()
+            lines.append(f"  {i}. [{status}] [{item['dimension']}] {item['action'][:120]}")
             lines.append(f"     Why: {item['reasoning'][:100]}")
+            if item.get("detail"):
+                lines.append(f"     Detail: {item['detail'][:160]}")
         lines.append("")
 
     if local_items:
         lines.append(f"FOR YOU ONLY ({len(local_items)}):")
         for i, item in enumerate(local_items, 1):
-            lines.append(f"  {i}. [{item['dimension']}] {item['action'][:120]}")
+            status = item.get("status", "proposed").upper()
+            lines.append(f"  {i}. [{status}] [{item['dimension']}] {item['action'][:120]}")
             lines.append(f"     Why: {item['reasoning'][:100]}")
+            if item.get("detail"):
+                lines.append(f"     Detail: {item['detail'][:160]}")
 
     description = "\n".join(lines)
 
     try:
-        now_epoch = datetime.now().timestamp()
-        conn.execute(
-            "INSERT OR REPLACE INTO followups (id, description, date, status, verification, created_at, updated_at) "
-            "VALUES (?, ?, ?, 'pending', ?, ?, ?)",
-            (followup_id, description, tomorrow,
-             f"SELECT * FROM evolution_log WHERE cycle_number={cycle_num}",
-             now_epoch, now_epoch)
+        _insert_followup(
+            conn,
+            followup_id,
+            description,
+            f"SELECT * FROM evolution_log WHERE cycle_number={cycle_num}",
+            due_date=tomorrow,
         )
-        conn.commit()
         log(f"  Followup {followup_id} created for {tomorrow}")
     except Exception as e:
         log(f"  WARN: Failed to create followup: {e}")
 
 
+def _create_failure_followup(conn: sqlite3.Connection, cycle_num: int, log_id: int,
+                             proposal: dict, result: dict):
+    """Create an incident-style followup for a failed or blocked AUTO proposal."""
+    followup_id = f"NF-EVO-L{log_id}"
+    lines = [
+        f"Evolution AUTO proposal failed in cycle #{cycle_num}.",
+        f"Action: {proposal.get('action', '')[:200]}",
+        f"Dimension: {proposal.get('dimension', 'other')}",
+        f"Status: {result.get('status', 'failed')}",
+        f"Reason: {(result.get('reason') or result.get('test_result') or 'unknown')[:400]}",
+    ]
+    snapshot_ref = result.get("snapshot_ref")
+    if snapshot_ref:
+        lines.append(f"Snapshot: {snapshot_ref}")
+    description = "\n".join(lines)
+
+    try:
+        _insert_followup(
+            conn,
+            followup_id,
+            description,
+            f"SELECT * FROM evolution_log WHERE id={log_id}",
+            due_date=(date.today() + timedelta(days=1)).isoformat(),
+        )
+        log(f"  Failure followup {followup_id} created")
+    except Exception as e:
+        log(f"  WARN: Failed to create failure followup: {e}")
+
+
 # ── Main run ─────────────────────────────────────────────────────────────
 def run():
     log("=" * 60)
@@ -482,14 +583,12 @@ def run():
     max_auto = max_auto_changes(objective.get("total_evolutions", 0))
     auto_count = 0
     auto_applied = 0
-    evolution_mode = objective.get("evolution_mode", "auto")  # "auto" (public) or "review" (owner)
+    evolution_mode = _normalize_mode(objective.get("evolution_mode", "auto"))
 
     conn = sqlite3.connect(str(NEXO_DB), timeout=10)
     conn.execute("PRAGMA busy_timeout=5000")
 
-    # In "review" mode: log everything as pending_review, create followup
-    # In "auto" mode: execute AUTO proposals, log PROPOSE as proposed
-    review_items = []
+    followup_items = []
 
     for p in proposals:
         classification = p.get("classification", "propose")
@@ -499,30 +598,29 @@ def run():
         scope = p.get("scope", "local")  # "public" or "local"
 
         if evolution_mode == "review":
-            # Owner mode: nothing executes, everything queued for review
             log(f"  QUEUED [{scope}]: {action[:80]}")
             conn.execute(
                 "INSERT INTO evolution_log (cycle_number, dimension, proposal, classification, "
                 "reasoning, status) VALUES (?, ?, ?, ?, ?, ?)",
                 (cycle_num, dimension, action, classification, reasoning, "pending_review")
             )
-            review_items.append({
+            followup_items.append({
                 "dimension": dimension,
                 "action": action,
                 "reasoning": reasoning,
                 "scope": scope,
                 "classification": classification,
+                "status": "pending_review",
             })
 
         elif classification == "auto" and auto_count < max_auto:
-            # Public mode: execute AUTO proposals
             auto_count += 1
             log(f"  AUTO #{auto_count}/{max_auto}: {action[:80]}")
 
-            result = execute_auto_proposal(p, cycle_num, conn)
+            result = execute_auto_proposal(p, cycle_num, conn, mode=evolution_mode)
             status = result["status"]
 
-            conn.execute(
+            cur = conn.execute(
                 "INSERT INTO evolution_log (cycle_number, dimension, proposal, classification, "
                 "reasoning, status, files_changed, snapshot_ref, test_result) "
                 "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
@@ -531,16 +629,20 @@ def run():
                  result.get("snapshot_ref", ""),
                  result.get("test_result", ""))
             )
+            log_id = cur.lastrowid
 
             if status == "applied":
                 auto_applied += 1
                 log(f"    APPLIED successfully")
             elif status == "blocked":
-                log(f"    BLOCKED: {result.get('test_result', '')}")
+                detail = result.get("reason") or result.get("test_result", "")
+                log(f"    BLOCKED: {detail[:100]}")
+                _create_failure_followup(conn, cycle_num, log_id, p, result)
             elif status == "skipped":
                 log(f"    SKIPPED: {result.get('reason', '')}")
             else:
-                log(f"    FAILED: {result.get('test_result', '')[:100]}")
+                log(f"    ROLLED BACK: {result.get('test_result', '')[:100]}")
+                _create_failure_followup(conn, cycle_num, log_id, p, result)
 
         else:
             # PROPOSE or over auto limit
@@ -555,12 +657,20 @@ def run():
                 "reasoning, status) VALUES (?, ?, ?, ?, ?, ?)",
                 (cycle_num, dimension, action, classification, reasoning, "proposed")
             )
+            if evolution_mode in {"review", "managed"}:
+                followup_items.append({
+                    "dimension": dimension,
+                    "action": action,
+                    "reasoning": reasoning,
+                    "scope": scope,
+                    "classification": classification,
+                    "status": "proposed",
+                })
 
     conn.commit()
 
-    # In review mode: create followup for owner
-    if evolution_mode == "review" and review_items:
-        _create_review_followup(conn, cycle_num, review_items, response.get("analysis", ""))
+    if evolution_mode in {"review", "managed"} and followup_items:
+        _create_cycle_followup(conn, cycle_num, followup_items, response.get("analysis", ""), evolution_mode)
 
     # Update metrics
     scores = response.get("dimension_scores", {})
@@ -591,6 +701,7 @@ def run():
     objective.setdefault("history", []).insert(0, {
         "cycle": cycle_num,
         "date": str(date.today()),
+        "mode": evolution_mode,
         "proposals": len(proposals),
         "auto_count": auto_count,
         "auto_applied": auto_applied,