nexo-brain 5.3.7 → 5.3.8

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "5.3.7",
+  "version": "5.3.8",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,7 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `5.3.4` closes the last packaged-runtime core/personal leak from the hook migration work: legacy hook aliases stay out of the personal bucket, `nexo update` removes those retired aliases when the canonical hooks already exist, and both `nexo` and `nexo chat` now show latest vs installed version at a glance.
+Version `5.3.8` is the current packaged-runtime line: packaged installs now self-heal more of the update path, portable user-data export/import is explicit, tracked Codex drift no longer leaves runtime doctor red after cleanup, and the packaged migrator copies newly added root runtime modules into `~/.nexo` instead of leaving them stranded in the npm tarball.
 
 Start here:
 - [5-minute quickstart](docs/quickstart-5-minutes.md)
@@ -89,7 +89,7 @@ Versions `3.1.7` through `3.2.0` close the recent-memory gap:
 - when even that misses, NEXO now exposes raw transcript fallback tools for Claude Code and Codex session stores
 - NEXO can now inspect itself through a live system catalog derived from canonical sources instead of relying only on stale docs or operator memory
 
-Version `5.3.7` closes the remaining packaged-runtime happy-path gap and finally exposes portable user-data migration commands: packaged `nexo update` now self-heals cron definitions and LaunchAgents after a successful npm bump, new `nexo export` / `nexo import` commands move operator data as a safe bundle instead of leaving that flow implicit, and runtime doctor now distinguishes tracked historical Codex drift from an actually broken runtime so cleaned installs stop staying red for stale transcript debt alone. Version `5.3.6` hardened the Claude Code bootstrap path and related runtime hygiene: managed client sync now writes the NEXO MCP server where current Claude Code actually reads it (`~/.claude.json`), script classification is stricter about core-vs-personal runtime artifacts, schedule status distinguishes genuinely running jobs from broken ones, and retroactive learnings stop opening keyword-only false positives outside their declared `applies_to` scope. Version `5.3.5` already keeps CLI version visibility honest right after `nexo update`: if the cached npm version lags behind the runtime you just installed, `nexo` / `nexo chat` now clamp `Latest` to the installed version and refresh the cache instead of showing a stale older release. Version `5.3.4` already cleaned up legacy core alias leakage and added the version-status banner. Version `5.3.3` closed the remaining packaged-runtime doctor mismatch: the built-in hourly backup helper is now inventoried as a core LaunchAgent, so clean installs no longer get a false unknown-LaunchAgent warning. Version `5.3.2` already hardened the runtime boundary by persisting which runtime scripts/hooks are core product artifacts, keeping `nexo scripts` from mixing those into the personal bucket, and migrating the legacy Claude Code heartbeat wrappers into managed core hooks.
+Version `5.3.8` is the immediate packaged-migration hotfix for `5.3.7`: the installer/runtime migrator now discovers all top-level runtime Python modules from `src/` dynamically instead of relying on a manual allowlist, so new product surfaces like `nexo export` / `nexo import` actually arrive in `~/.nexo` after update instead of being present only in the published npm tarball. Version `5.3.7` closed the remaining packaged-runtime happy-path gap and finally exposed portable user-data migration commands: packaged `nexo update` now self-heals cron definitions and LaunchAgents after a successful npm bump, new `nexo export` / `nexo import` commands move operator data as a safe bundle instead of leaving that flow implicit, and runtime doctor now distinguishes tracked historical Codex drift from an actually broken runtime so cleaned installs stop staying red for stale transcript debt alone. Version `5.3.6` hardened the Claude Code bootstrap path and related runtime hygiene: managed client sync now writes the NEXO MCP server where current Claude Code actually reads it (`~/.claude.json`), script classification is stricter about core-vs-personal runtime artifacts, schedule status distinguishes genuinely running jobs from broken ones, and retroactive learnings stop opening keyword-only false positives outside their declared `applies_to` scope. Version `5.3.5` already keeps CLI version visibility honest right after `nexo update`: if the cached npm version lags behind the runtime you just installed, `nexo` / `nexo chat` now clamp `Latest` to the installed version and refresh the cache instead of showing a stale older release. Version `5.3.4` already cleaned up legacy core alias leakage and added the version-status banner. Version `5.3.3` closed the remaining packaged-runtime doctor mismatch: the built-in hourly backup helper is now inventoried as a core LaunchAgent, so clean installs no longer get a false unknown-LaunchAgent warning. Version `5.3.2` already hardened the runtime boundary by persisting which runtime scripts/hooks are core product artifacts, keeping `nexo scripts` from mixing those into the personal bucket, and migrating the legacy Claude Code heartbeat wrappers into managed core hooks.
 
 Version `5.3.1` normalizes packaged npm installs so they behave like packaged npm installs: `nexo update` now keeps the runtime anchored to `~/.nexo`, refreshes packaged bootstrap/client artifacts after upgrade, avoids repo-only release-artifact drift in installed runtimes, and keeps personal scripts on the canonical packaged path.
 

package/bin/nexo-brain.js

@@ -120,8 +120,8 @@ function writeRuntimeCoreArtifactsManifest(nexoHome, srcDir) {
   }
 }
 
-function getCoreRuntimeFlatFiles() {
-  return [
+function getCoreRuntimeFlatFiles(srcDir = path.join(__dirname, "..", "src")) {
+  const staticFiles = [
     "server.py",
     "plugin_loader.py",
     "knowledge_graph.py",
@@ -155,6 +155,11 @@ function getCoreRuntimeFlatFiles() {
     "runtime_power.py",
     "requirements.txt",
   ];
+  const discoveredRootModules = fs.existsSync(srcDir)
+    ? fs.readdirSync(srcDir)
+      .filter((name) => name.endsWith(".py") && fs.statSync(path.join(srcDir, name)).isFile())
+    : [];
+  return [...new Set([...staticFiles, ...discoveredRootModules])];
 }
 
 function getCoreRuntimePackages() {
@@ -1480,7 +1485,7 @@ async function main() {
         log("  Hooks updated.");
 
         // Update core Python files (flat .py files in src/)
-        const coreFlatFiles = getCoreRuntimeFlatFiles();
+        const coreFlatFiles = getCoreRuntimeFlatFiles(srcDir);
         coreFlatFiles.forEach((f) => {
           const src = path.join(srcDir, f);
           if (fs.existsSync(src)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "5.3.7",
+  "version": "5.3.8",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/user_data_portability.py

@@ -95,12 +95,32 @@ def _copy_file_if_present(src: Path, dest: Path) -> bool:
 
 
 def _safe_extract(archive_path: Path, dest_dir: Path) -> None:
+    resolved_dest = dest_dir.resolve()
     with tarfile.open(archive_path, "r:*") as tar:
-        for member in tar.getmembers():
+        members = tar.getmembers()
+        for member in members:
             target = (dest_dir / member.name).resolve()
-            if not str(target).startswith(str(dest_dir.resolve())):
+            if target != resolved_dest and resolved_dest not in target.parents:
                 raise ValueError(f"archive path escapes destination: {member.name}")
-        tar.extractall(dest_dir)
+            if member.issym() or member.islnk():
+                raise ValueError(f"archive contains unsupported link member: {member.name}")
+
+        for member in members:
+            target = (dest_dir / member.name).resolve()
+            if member.isdir():
+                target.mkdir(parents=True, exist_ok=True)
+                target.chmod(member.mode & 0o777)
+                continue
+            if not member.isfile():
+                raise ValueError(f"archive contains unsupported member type: {member.name}")
+
+            target.parent.mkdir(parents=True, exist_ok=True)
+            extracted = tar.extractfile(member)
+            if extracted is None:
+                raise ValueError(f"archive member could not be read: {member.name}")
+            with extracted, target.open("wb") as handle:
+                shutil.copyfileobj(extracted, handle)
+            target.chmod(member.mode & 0o777)
 
 
 def _load_personal_scripts() -> tuple[list[dict], list[dict]]:
@@ -298,5 +318,11 @@ def import_user_bundle(bundle_path: str) -> dict:
             "restored": restored,
             "reconciled": reconcile_result,
         }
+    except Exception as exc:
+        return {
+            "ok": False,
+            "error": str(exc),
+            "safety_backup": str(safety_backup),
+        }
     finally:
         shutil.rmtree(stage_dir, ignore_errors=True)