nexo-brain 5.3.10 → 5.3.11

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "5.3.10",
+  "version": "5.3.11",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,7 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `5.3.10` is the current packaged-runtime line: packaged installs and updates now refresh `~/.nexo/package.json` from the published npm package so runtime metadata stops drifting after successful updates, `nexo doctor --tier deep` no longer flags a healthy runtime as degraded just because the first daily `self-audit-summary.json` has not been produced yet, weekly Evolution once again emits explicit dimension telemetry instead of leaving `nexo_evolution_status` blank, and daily synthesis only pulls startup/update summaries into the briefing when they are operationally actionable.
+Version `5.3.11` is the current packaged-runtime line: protocol and Cortex now reject malformed `outcome`, `task_type`, and `impact_level` values explicitly instead of silently coercing them into other valid states, so task history, debt, hot context, and decision telemetry stay trustworthy even when a caller passes a bad contract payload.
 
 Start here:
 - [5-minute quickstart](docs/quickstart-5-minutes.md)
@@ -89,7 +89,7 @@ Versions `3.1.7` through `3.2.0` close the recent-memory gap:
 - when even that misses, NEXO now exposes raw transcript fallback tools for Claude Code and Codex session stores
 - NEXO can now inspect itself through a live system catalog derived from canonical sources instead of relying only on stale docs or operator memory
 
-Version `5.3.10` tightens the packaged-runtime truth layer again: installs and updates now keep `~/.nexo/package.json` aligned with the published npm package so runtime metadata and doctor evidence no longer drift to an old version, `nexo doctor --tier deep` treats a missing `self-audit-summary.json` as a pending bootstrap artifact when the runtime was just installed or updated instead of reporting a false degradation, weekly Evolution now asks for explicit `dimension_scores` / `score_evidence` so telemetry can persist instead of staying blank, and daily synthesis only ingests `update-last-summary.json` when it carries actionable runtime signals. Version `5.3.9` is the packaged core-artifact manifest heal for `5.3.8`: packaged updates now rebuild `runtime-core-artifacts.json` from the canonical npm package `src/` tree instead of scanning the live `~/.nexo/scripts` directory, script classification prefers that canonical packaged source when available, and runtime doctor syncs personal scripts before LaunchAgent inventory so personal automations recover cleanly instead of being mistaken for unknown core drift. Version `5.3.8` was the immediate packaged-migration hotfix for `5.3.7`: the installer/runtime migrator now discovers all top-level runtime Python modules from `src/` dynamically instead of relying on a manual allowlist, so new product surfaces like `nexo export` / `nexo import` actually arrive in `~/.nexo` after update instead of being present only in the published npm tarball. Version `5.3.7` closed the remaining packaged-runtime happy-path gap and finally exposed portable user-data migration commands: packaged `nexo update` now self-heals cron definitions and LaunchAgents after a successful npm bump, new `nexo export` / `nexo import` commands move operator data as a safe bundle instead of leaving that flow implicit, and runtime doctor now distinguishes tracked historical Codex drift from an actually broken runtime so cleaned installs stop staying red for stale transcript debt alone. Version `5.3.6` hardened the Claude Code bootstrap path and related runtime hygiene: managed client sync now writes the NEXO MCP server where current Claude Code actually reads it (`~/.claude.json`), script classification is stricter about core-vs-personal runtime artifacts, schedule status distinguishes genuinely running jobs from broken ones, and retroactive learnings stop opening keyword-only false positives outside their declared `applies_to` scope. Version `5.3.5` already keeps CLI version visibility honest right after `nexo update`: if the cached npm version lags behind the runtime you just installed, `nexo` / `nexo chat` now clamp `Latest` to the installed version and refresh the cache instead of showing a stale older release. Version `5.3.4` already cleaned up legacy core alias leakage and added the version-status banner. Version `5.3.3` closed the remaining packaged-runtime doctor mismatch: the built-in hourly backup helper is now inventoried as a core LaunchAgent, so clean installs no longer get a false unknown-LaunchAgent warning. Version `5.3.2` already hardened the runtime boundary by persisting which runtime scripts/hooks are core product artifacts, keeping `nexo scripts` from mixing those into the personal bucket, and migrating the legacy Claude Code heartbeat wrappers into managed core hooks.
+Version `5.3.11` hardens protocol and Cortex contracts: malformed `outcome`, `task_type`, and `impact_level` values now fail explicitly instead of being coerced into other valid states, so persisted task history, debt, hot context, and decision telemetry stay faithful to what the caller actually asked for. Version `5.3.10` tightened the packaged-runtime truth layer again: installs and updates now keep `~/.nexo/package.json` aligned with the published npm package so runtime metadata and doctor evidence no longer drift to an old version, `nexo doctor --tier deep` treats a missing `self-audit-summary.json` as a pending bootstrap artifact when the runtime was just installed or updated instead of reporting a false degradation, weekly Evolution now asks for explicit `dimension_scores` / `score_evidence` so telemetry can persist instead of staying blank, and daily synthesis only ingests `update-last-summary.json` when it carries actionable runtime signals. Version `5.3.9` is the packaged core-artifact manifest heal for `5.3.8`: packaged updates now rebuild `runtime-core-artifacts.json` from the canonical npm package `src/` tree instead of scanning the live `~/.nexo/scripts` directory, script classification prefers that canonical packaged source when available, and runtime doctor syncs personal scripts before LaunchAgent inventory so personal automations recover cleanly instead of being mistaken for unknown core drift. Version `5.3.8` was the immediate packaged-migration hotfix for `5.3.7`: the installer/runtime migrator now discovers all top-level runtime Python modules from `src/` dynamically instead of relying on a manual allowlist, so new product surfaces like `nexo export` / `nexo import` actually arrive in `~/.nexo` after update instead of being present only in the published npm tarball. Version `5.3.7` closed the remaining packaged-runtime happy-path gap and finally exposed portable user-data migration commands: packaged `nexo update` now self-heals cron definitions and LaunchAgents after a successful npm bump, new `nexo export` / `nexo import` commands move operator data as a safe bundle instead of leaving that flow implicit, and runtime doctor now distinguishes tracked historical Codex drift from an actually broken runtime so cleaned installs stop staying red for stale transcript debt alone. Version `5.3.6` hardened the Claude Code bootstrap path and related runtime hygiene: managed client sync now writes the NEXO MCP server where current Claude Code actually reads it (`~/.claude.json`), script classification is stricter about core-vs-personal runtime artifacts, schedule status distinguishes genuinely running jobs from broken ones, and retroactive learnings stop opening keyword-only false positives outside their declared `applies_to` scope. Version `5.3.5` already keeps CLI version visibility honest right after `nexo update`: if the cached npm version lags behind the runtime you just installed, `nexo` / `nexo chat` now clamp `Latest` to the installed version and refresh the cache instead of showing a stale older release. Version `5.3.4` already cleaned up legacy core alias leakage and added the version-status banner. Version `5.3.3` closed the remaining packaged-runtime doctor mismatch: the built-in hourly backup helper is now inventoried as a core LaunchAgent, so clean installs no longer get a false unknown-LaunchAgent warning. Version `5.3.2` already hardened the runtime boundary by persisting which runtime scripts/hooks are core product artifacts, keeping `nexo scripts` from mixing those into the personal bucket, and migrating the legacy Claude Code heartbeat wrappers into managed core hooks.
 
 Version `5.3.1` normalizes packaged npm installs so they behave like packaged npm installs: `nexo update` now keeps the runtime anchored to `~/.nexo`, refreshes packaged bootstrap/client artifacts after upgrade, avoids repo-only release-artifact drift in installed runtimes, and keeps personal scripts on the canonical packaged path.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "5.3.10",
+  "version": "5.3.11",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/db/__init__.py

@@ -147,13 +147,16 @@ from db._cron_runs import (
 
 # Protocol discipline runtime
 from db._protocol import (
+    VALID_IMPACT_LEVELS,
+    VALID_TASK_TYPES,
+    VALID_CLOSE_OUTCOMES,
     create_protocol_task, get_protocol_task, close_protocol_task,
     create_protocol_debt, resolve_protocol_debts, list_protocol_debts,
     protocol_compliance_summary,
     create_cortex_evaluation, get_cortex_evaluation, list_cortex_evaluations,
     cortex_evaluation_summary,
     latest_cortex_evaluation_for_task, task_has_cortex_evaluation,
-    override_cortex_evaluation,
+    override_cortex_evaluation, validate_close_outcome, validate_impact_level, validate_task_type,
 )
 
 # Durable workflow runtime

package/src/db/_protocol.py

@@ -9,6 +9,7 @@ from db._core import get_db
 
 VALID_TASK_TYPES = {"answer", "analyze", "edit", "execute", "delegate"}
 VALID_OUTCOMES = {"open", "done", "partial", "blocked", "failed", "cancelled"}
+VALID_CLOSE_OUTCOMES = VALID_OUTCOMES - {"open"}
 VALID_DEBT_STATUS = {"open", "forgiven", "resolved"}
 VALID_IMPACT_LEVELS = {"medium", "high", "critical"}
 
@@ -33,6 +34,30 @@ def _row_to_dict(row):
     return dict(row) if row else None
 
 
+def validate_task_type(task_type: str) -> str:
+    clean_type = (task_type or "").strip()
+    if clean_type not in VALID_TASK_TYPES:
+        expected = ", ".join(sorted(VALID_TASK_TYPES))
+        raise ValueError(f"Invalid task_type '{clean_type or '<empty>'}'. Expected one of: {expected}.")
+    return clean_type
+
+
+def validate_impact_level(impact_level: str) -> str:
+    clean_level = (impact_level or "").strip()
+    if clean_level not in VALID_IMPACT_LEVELS:
+        expected = ", ".join(sorted(VALID_IMPACT_LEVELS))
+        raise ValueError(f"Invalid impact_level '{clean_level or '<empty>'}'. Expected one of: {expected}.")
+    return clean_level
+
+
+def validate_close_outcome(outcome: str) -> str:
+    clean_outcome = (outcome or "").strip()
+    if clean_outcome not in VALID_CLOSE_OUTCOMES:
+        expected = ", ".join(sorted(VALID_CLOSE_OUTCOMES))
+        raise ValueError(f"Invalid close outcome '{clean_outcome or '<empty>'}'. Expected one of: {expected}.")
+    return clean_outcome
+
+
 def create_protocol_task(
     session_id: str,
     goal: str,
@@ -68,7 +93,7 @@ def create_protocol_task(
 ) -> dict:
     conn = get_db()
     task_id = _task_id()
-    clean_type = task_type if task_type in VALID_TASK_TYPES else "answer"
+    clean_type = validate_task_type(task_type)
     conn.execute(
         """INSERT INTO protocol_tasks (
                task_id, session_id, goal, task_type, area, project_hint, context_hint,
@@ -144,7 +169,7 @@ def create_cortex_evaluation(
     selection_source: str = "recommended",
 ) -> dict:
     conn = get_db()
-    clean_level = impact_level if impact_level in VALID_IMPACT_LEVELS else "high"
+    clean_level = validate_impact_level(impact_level)
     cursor = conn.execute(
         """INSERT INTO cortex_evaluations (
                session_id, task_id, goal, task_type, area, impact_level, context_hint,
@@ -335,7 +360,7 @@ def close_protocol_task(
     outcome_notes: str = "",
 ) -> dict:
     conn = get_db()
-    clean_outcome = outcome if outcome in VALID_OUTCOMES else "failed"
+    clean_outcome = validate_close_outcome(outcome)
     conn.execute(
         """UPDATE protocol_tasks
            SET status = ?,

package/src/plugins/cortex.py

@@ -22,6 +22,8 @@ import time
 from datetime import datetime, timedelta
 from pathlib import Path
 
+from db import VALID_IMPACT_LEVELS, VALID_TASK_TYPES, validate_impact_level, validate_task_type
+
 
 def _get_db():
     from db import get_db
@@ -734,9 +736,19 @@ def handle_cortex_check(
     Returns:
         Mode (ask/propose/act), available tools, warnings, and relevant Core Rules
     """
+    try:
+        clean_type = validate_task_type(task_type)
+    except ValueError as exc:
+        return "\n".join(
+            [
+                f"ERROR: {exc}",
+                f"Valid task types: {', '.join(sorted(VALID_TASK_TYPES))}",
+            ]
+        )
+
     state = {
         "goal": goal.strip() if goal else "",
-        "task_type": task_type if task_type in ("answer", "analyze", "edit", "execute", "delegate") else "answer",
+        "task_type": clean_type,
         "plan": _parse_json_list(plan),
         "known_facts": _parse_json_list(known_facts),
         "unknowns": _parse_json_list(unknowns),
@@ -860,8 +872,30 @@ def handle_cortex_decide(
             indent=2,
         )
 
-    clean_type = task_type if task_type in {"answer", "analyze", "edit", "execute", "delegate"} else "execute"
-    clean_level = impact_level if impact_level in {"medium", "high", "critical"} else "high"
+    try:
+        clean_type = validate_task_type(task_type)
+    except ValueError as exc:
+        return json.dumps(
+            {
+                "ok": False,
+                "error": str(exc),
+                "valid_task_types": sorted(VALID_TASK_TYPES),
+            },
+            ensure_ascii=False,
+            indent=2,
+        )
+    try:
+        clean_level = validate_impact_level(impact_level)
+    except ValueError as exc:
+        return json.dumps(
+            {
+                "ok": False,
+                "error": str(exc),
+                "valid_impact_levels": sorted(VALID_IMPACT_LEVELS),
+            },
+            ensure_ascii=False,
+            indent=2,
+        )
     parsed_constraints = _parse_json_list(constraints)
     parsed_evidence = _parse_json_list(evidence_refs)
     try:

package/src/plugins/protocol.py

@@ -10,6 +10,8 @@ import secrets
 import time
 
 from db import (
+    VALID_TASK_TYPES,
+    VALID_CLOSE_OUTCOMES,
     close_protocol_task,
     create_followup,
     latest_cortex_evaluation_for_task,
@@ -28,6 +30,8 @@ from db import (
     resolve_protocol_debts,
     search_learnings,
     task_has_cortex_evaluation,
+    validate_close_outcome,
+    validate_task_type,
 )
 from plugins.cortex import evaluate_cortex_state
 from plugins.guard import handle_guard_check
@@ -651,7 +655,18 @@ def handle_confidence_check(
     clean_goal = (goal or "").strip()
     if not clean_goal:
         return json.dumps({"ok": False, "error": "goal is required"}, ensure_ascii=False, indent=2)
-    clean_type = task_type if task_type in {"answer", "analyze", "edit", "execute", "delegate"} else "answer"
+    try:
+        clean_type = validate_task_type(task_type)
+    except ValueError as exc:
+        return json.dumps(
+            {
+                "ok": False,
+                "error": str(exc),
+                "valid_task_types": sorted(VALID_TASK_TYPES),
+            },
+            ensure_ascii=False,
+            indent=2,
+        )
     result = evaluate_response_confidence(
         goal=clean_goal,
         task_type=clean_type,
@@ -693,7 +708,18 @@ def handle_task_open(
     if not clean_goal:
         return json.dumps({"ok": False, "error": "goal is required"}, ensure_ascii=False, indent=2)
 
-    clean_type = task_type if task_type in {"answer", "analyze", "edit", "execute", "delegate"} else "answer"
+    try:
+        clean_type = validate_task_type(task_type)
+    except ValueError as exc:
+        return json.dumps(
+            {
+                "ok": False,
+                "error": str(exc),
+                "valid_task_types": sorted(VALID_TASK_TYPES),
+            },
+            ensure_ascii=False,
+            indent=2,
+        )
     files_list = _parse_list(files)
     protocol_strictness = get_protocol_strictness()
     if protocol_strictness in {"strict", "learning"} and clean_type == "edit" and not files_list:
@@ -949,7 +975,19 @@ def handle_task_close(
             indent=2,
         )
 
-    clean_outcome = outcome if outcome in {"done", "partial", "blocked", "failed", "cancelled"} else "failed"
+    try:
+        clean_outcome = validate_close_outcome(outcome)
+    except ValueError as exc:
+        return json.dumps(
+            {
+                "ok": False,
+                "error": str(exc),
+                "task_id": task_id,
+                "valid_outcomes": sorted(VALID_CLOSE_OUTCOMES),
+            },
+            ensure_ascii=False,
+            indent=2,
+        )
     clean_evidence = (evidence or "").strip()
     files_changed_list = _parse_list(files_changed)
     planned_files = _parse_list(task.get("files") or "[]")