nexo-brain 6.1.1 → 6.4.0

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "6.1.1",
+  "version": "6.4.0",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,13 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `6.1.1` is the current packaged-runtime line: small fix to `nexo --help` so the `Latest: vX` line reliably appears when NEXO Desktop invokes the CLI via subprocess — unblocks the Desktop Brain auto-update banner that previously couldn't parse the version delta. No behaviour change for interactive terminal users; the 6-hour registry cache still rate-limits network calls. Bundles all v6.1.0 Protocol Enforcer Fase 2 + multi-claude-sid hotfix content. Suite: 291 pass + 2 skip documented.
+Version `6.4.0` is the current packaged-runtime line — Plan Consolidado fase F1: multi-tenant email accounts (`email_accounts` table, `nexo email setup` interactive wizard, `nexo email add --password-stdin --json` for the Desktop bridge, idempotent migrator from legacy `~/.nexo/nexo-email/config.json`). The matching NEXO Desktop release (v0.19.0) ships the Email + Automations Settings panels so non-technical operators never have to touch a config file. See [CHANGELOG](CHANGELOG.md) for the full diff.
+
+Previously in `6.3.1`: privacy hotfix over v6.3.0. The nightly auditor caught that `src/presets/entities_universal.json` in v6.3.0 shipped operator-specific `vhost_mapping` entries (private IPs, hostnames, tenant names). v6.3.1 pulls those out into `src/presets/entities_local.sample.json` (template) + `.gitignore`'d `~/.nexo/brain/presets/entities_local.json` (operator copy), and the installer drops the sample at `nexo init`. No behaviour change on the Guardian side.
+
+Previously in `6.3.0` — Plan Consolidado wave 2, coordinated with NEXO Desktop v0.18.0. Closes the remaining Guardian roadmap items that do not require an invasive structure migration: extended `cognitive_sentiment` shape (is_correction/valence/intent), extended `entities` schema, 21 labelled rule fixtures with R13 spike gates, Fase F telemetry loops + Deep Sleep phase, pinned local zero-shot classifier skeleton (mDeBERTa), hook respects `NEXO_MIGRATING=1`, `origin` column on `personal_scripts`, and the T4 LLM gate wrapping R15/R23e/R23f/R23h (byte-parity Py ↔ JS). Two pre-release auditors flagged a CRITICAL in the first JS wire (method-name + async mismatch) and a HIGH (classifier bool conflated "no" with "unparseable"); both corrected with regression tests before merge.
+
+Previously in `6.1.1`: small fix to `nexo --help` so the `Latest: vX` line reliably appears when NEXO Desktop invokes the CLI via subprocess — unblocks the Desktop Brain auto-update banner that previously couldn't parse the version delta. No behaviour change for interactive terminal users; the 6-hour registry cache still rate-limits network calls. Bundles all v6.1.0 Protocol Enforcer Fase 2 + multi-claude-sid hotfix content.
 
 Previously in `6.0.2`: adds the reserved caller prefix `personal/*` so scripts living in `~/.nexo/scripts/` can invoke the automation backend with their own caller id without editing `src/resonance_map.py`. New kwarg `tier` (`"maximo"` / `"alto"` / `"medio"` / `"bajo"`) on `run_automation_prompt`, `run_automation_interactive`, `nexo_helper.run_automation_text`, `nexo_helper.run_automation_json`, and `nexo-agent-run.py --tier`. Precedence for `personal/*` callers: explicit `tier=` → explicit `reasoning_effort=` → `calibration.preferences.default_resonance` → `DEFAULT_RESONANCE` (`alto`). Registered callers keep their behaviour unchanged. New guide: [`docs/personal-scripts-guide.md`](docs/personal-scripts-guide.md).
 

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "nexo-brain",
-  "version": "6.1.1",
+  "version": "6.4.0",
   "mcpName": "io.github.wazionapps/nexo",
-  "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
+  "description": "NEXO Brain \u2014 Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",
   "bin": {
     "nexo-brain": "./bin/nexo-brain.js",

package/src/auto_update.py

@@ -1519,12 +1519,56 @@ def _run_db_migrations() -> bool:
         applied = run_migrations(conn)
         if applied > 0:
             _log(f"Applied {applied} DB migration(s)")
+        # Plan Consolidado F1 — one-shot legacy email config migration.
+        # After m46 adds the table, operators installed pre-v6.4.0 still
+        # keep their data inside ~/.nexo/nexo-email/config.json. If the
+        # table is empty and the JSON exists, port the primary account
+        # over automatically so scripts pick up the new source on the
+        # next cron without the operator running anything manually.
+        _maybe_migrate_legacy_email_config()
         return True
     except Exception as e:
         _log(f"DB migration error: {e}")
         return False
 
 
+def _maybe_migrate_legacy_email_config() -> None:
+    """F1 auto-migrator — idempotent. Runs the helper script the first
+    time after v6.4.0 lands on an existing runtime."""
+    try:
+        from db._email_accounts import get_email_account
+    except Exception:
+        return  # m46 not applied yet (older runtime), nothing to do
+    try:
+        legacy = NEXO_HOME / "nexo-email" / "config.json"
+        if not legacy.exists():
+            return
+        if get_email_account("primary"):
+            return  # already migrated
+        import subprocess as _sp
+        script = Path(__file__).resolve().parent / "scripts" / "nexo-email-migrate-config.py"
+        if not script.exists():
+            return
+        _log("F1: migrating legacy email config.json → email_accounts table")
+        env = {**os.environ, "PYTHONPATH": str(Path(__file__).resolve().parent)}
+        r = _sp.run(
+            [sys.executable, str(script)],
+            env=env,
+            capture_output=True,
+            text=True,
+            timeout=30,
+        )
+        if r.returncode == 0:
+            line = (r.stdout.strip().splitlines() or ["ok"])[-1]
+            _log(f"F1 email migration: {line}")
+        else:
+            _log(f"F1 email migration FAILED (rc={r.returncode}): {r.stderr.strip()[:200]}")
+    except _sp.TimeoutExpired:
+        _log("F1 email migration timed out after 30s")
+    except Exception as exc:
+        _log(f"F1 email migration skipped: {exc}")
+
+
 # ── npm version check (notify only) ─────────────────────────────────
 
 def _check_npm_version() -> str | None:

package/src/classifier_local.py

@@ -0,0 +1,176 @@
+"""Plan Consolidado 0.21 — Local zero-shot multilingual classifier.
+
+Skeleton + pinned HuggingFace coordinates. The heavy load
+(`transformers`, ~500 MB model download) is lazy so the rest of the
+runtime does not pay the cost on every import.
+
+Contract:
+
+    clf = LocalZeroShotClassifier()
+    result = clf.classify(
+        "lo hemos dejado, ya estaría",
+        labels=("done_claim", "status_update", "question", "noise"),
+    )
+    result == {"label": "done_claim", "confidence": 0.87, "scores": {...}}
+
+When transformers is not installed or the download fails (offline),
+`classify` returns `None` and `classify_fail_closed` returns a
+conservative fallback label so rules degrade gracefully (item 0.20).
+"""
+
+from __future__ import annotations
+
+import logging
+import threading
+from dataclasses import dataclass
+from typing import Iterable
+
+_logger = logging.getLogger(__name__)
+
+
+# Keep in lockstep with docs/classifier-model-notes.md.
+# Plan 0.21 wave-2 update: the original pin
+# (MoritzLaurer/mDeBERTa-v3-base-mnli-xnli @ a1a5a76) refused to load
+# under transformers 5.x with a missing `model_type` error. Switched
+# to the multilingual-2mil7 sibling which is the same DeBERTa-v2
+# architecture, multilingual, and loads cleanly. Revision pinned to
+# the last HF upstream commit verified in smoke.
+MODEL_ID = "MoritzLaurer/mDeBERTa-v3-base-xnli-multilingual-nli-2mil7"
+MODEL_REVISION = "b5113eb38ab63efdd7f280f8c144ea8b13f978ce"
+DEFAULT_CONFIDENCE_FLOOR = 0.6
+
+
+@dataclass
+class ClassificationResult:
+    label: str
+    confidence: float
+    scores: dict[str, float]
+    latency_ms: float
+
+
+class LocalZeroShotClassifier:
+    """Lazy wrapper around transformers' zero-shot-classification pipeline.
+
+    Thread-safe lazy load; failures degrade to `classify(...) = None` so
+    the Guardian can decide whether to invoke the LLM fallback
+    (`call_model_raw`) or a conservative regex path.
+    """
+
+    def __init__(
+        self,
+        *,
+        model_id: str = MODEL_ID,
+        revision: str = MODEL_REVISION,
+        confidence_floor: float = DEFAULT_CONFIDENCE_FLOOR,
+    ) -> None:
+        self.model_id = model_id
+        self.revision = revision
+        self.confidence_floor = confidence_floor
+        self._pipe = None
+        self._load_failed = False
+        self._lock = threading.Lock()
+
+    # ------------------------------------------------------------------
+    # Lazy load
+    # ------------------------------------------------------------------
+    def _ensure_loaded(self) -> bool:
+        if self._pipe is not None:
+            return True
+        if self._load_failed:
+            return False
+        with self._lock:
+            if self._pipe is not None:
+                return True
+            if self._load_failed:
+                return False
+            try:
+                from transformers import pipeline  # type: ignore
+            except Exception as exc:  # pragma: no cover — no HF on CI
+                _logger.warning(
+                    "classifier_local disabled: transformers unavailable (%s)",
+                    exc,
+                )
+                self._load_failed = True
+                return False
+            try:
+                self._pipe = pipeline(
+                    "zero-shot-classification",
+                    model=self.model_id,
+                    revision=self.revision,
+                    device=-1,  # CPU-only
+                )
+                return True
+            except Exception as exc:  # pragma: no cover — network / disk
+                _logger.warning(
+                    "classifier_local pipeline failed to initialise: %s", exc
+                )
+                self._load_failed = True
+                return False
+
+    # ------------------------------------------------------------------
+    # Public API
+    # ------------------------------------------------------------------
+    def is_available(self) -> bool:
+        return self._ensure_loaded()
+
+    def classify(
+        self,
+        text: str,
+        labels: Iterable[str],
+        *,
+        multi_label: bool = False,
+    ) -> ClassificationResult | None:
+        """Return best label + confidence or None if the local pipeline
+        is unavailable."""
+        if not text or not labels:
+            return None
+        if not self._ensure_loaded():
+            return None
+        import time
+        t0 = time.time()
+        try:
+            raw = self._pipe(  # type: ignore[operator]
+                text,
+                candidate_labels=list(labels),
+                multi_label=multi_label,
+            )
+        except Exception as exc:  # pragma: no cover
+            _logger.warning("classifier_local inference failed: %s", exc)
+            return None
+        latency_ms = (time.time() - t0) * 1000.0
+        scores = dict(zip(raw["labels"], raw["scores"]))
+        top_label = raw["labels"][0]
+        return ClassificationResult(
+            label=top_label,
+            confidence=float(raw["scores"][0]),
+            scores=scores,
+            latency_ms=latency_ms,
+        )
+
+    def classify_fail_closed(
+        self,
+        text: str,
+        labels: Iterable[str],
+        fallback_label: str,
+    ) -> ClassificationResult:
+        """Never returns None — falls back to `fallback_label` with
+        confidence 0 so the Guardian can still decide without crashing.
+        """
+        got = self.classify(text, labels)
+        if got is not None and got.confidence >= self.confidence_floor:
+            return got
+        return ClassificationResult(
+            label=fallback_label,
+            confidence=0.0,
+            scores={label: 0.0 for label in labels},
+            latency_ms=0.0,
+        )
+
+
+__all__ = [
+    "LocalZeroShotClassifier",
+    "ClassificationResult",
+    "MODEL_ID",
+    "MODEL_REVISION",
+    "DEFAULT_CONFIDENCE_FLOOR",
+]

package/src/cli.py

@@ -2046,6 +2046,13 @@ def main():
     parser.add_argument("-v", "--version", action="store_true", help="Show version")
     sub = parser.add_subparsers(dest="command")
 
+    # -- email (Plan F1 — interactive wizard for email accounts) --
+    try:
+        from cli_email import register_email_parser
+        register_email_parser(sub)
+    except Exception as _exc_email:  # pragma: no cover
+        pass
+
     # -- chat --
     chat_parser = sub.add_parser("chat", help="Launch a NEXO terminal client")
     chat_parser.add_argument("path", nargs="?", default=".", help="Working directory (default: current directory)")
@@ -2354,6 +2361,14 @@ def main():
         print(f"nexo v{_get_version()}")
         return 0
 
+    if args.command == "email":
+        # Plan F1 — setup / list / test / remove cuentas email.
+        fn = getattr(args, "func", None)
+        if fn is None:
+            print("usage: nexo email {setup,list,test,remove}")
+            return 1
+        return int(fn(args) or 0)
+
     if args.command == "scripts":
         if args.scripts_command == "list":
             return _scripts_list(args)