nexo-brain 6.4.0 → 7.0.0

package/src/script_registry.py

@@ -591,42 +591,103 @@ def _script_entry(path: Path, meta: dict, *, is_core: bool, classification: str,
 
 
 def classify_scripts_dir() -> dict:
-    """Classify every file in NEXO_HOME/scripts into personal/core/ignored/non-script buckets."""
+    """Classify every file in scripts dirs into personal/core/ignored/non-script buckets.
+
+    Plan F0.6 — scans every dir returned by paths.all_scripts_dirs():
+    core/scripts, personal/scripts, core-dev/scripts. Falls back to the
+    legacy ~/.nexo/scripts/ if the new layout has no entries (transition
+    safety; remove the fallback once F0.6 has been validated for a week).
+    """
     _apply_legacy_personal_script_backfills()
-    scripts_dir = get_scripts_dir()
-    if not scripts_dir.is_dir():
-        return {"scripts_dir": str(scripts_dir), "entries": [], "summary": {}}
+    import paths
+    candidate_dirs = list(paths.all_scripts_dirs())
+    legacy = get_scripts_dir()
+    if legacy.is_dir() and legacy not in candidate_dirs:
+        candidate_dirs.append(legacy)
 
     core_names = load_core_script_names()
     entries: list[dict] = []
-    for f in sorted(scripts_dir.iterdir()):
-        if not f.is_file():
+    seen_keys: set[tuple[str, str]] = set()
+    for sdir in candidate_dirs:
+        if not sdir.is_dir():
             continue
-
-        meta = parse_inline_metadata(f)
-        if _is_ignored(f):
-            entries.append(_script_entry(f, meta, is_core=False, classification="ignored", reason="internal or hidden artifact"))
-            continue
-
-        if not _is_script_candidate(f, meta):
-            entries.append(_script_entry(f, meta, is_core=False, classification="non-script", reason="not an executable/script candidate"))
-            continue
-
-        is_core = f.name in core_names
-        classification = "core" if is_core else "personal"
-        entries.append(_script_entry(f, meta, is_core=is_core, classification=classification))
+        # Decide default classification per directory: a script dropped
+        # in core/scripts is core unless its name says otherwise; same
+        # for personal and core-dev.
+        if "core-dev" in sdir.parts:
+            dir_classification = "core-dev"
+        elif "personal" in sdir.parts:
+            dir_classification = "personal"
+        elif "core" in sdir.parts:
+            dir_classification = "core"
+        else:
+            dir_classification = None  # legacy — fall back to name-based
+        for f in sorted(sdir.iterdir()):
+            if not f.is_file():
+                continue
+            # Dedup by (name, dir-classification) so a personal script with
+            # the same filename as a core script doesn't disappear (D2 audit fix).
+            dedup_key = (f.name, dir_classification or "legacy")
+            if dedup_key in seen_keys:
+                continue
+            seen_keys.add(dedup_key)
+            meta = parse_inline_metadata(f)
+            if _is_ignored(f):
+                entries.append(_script_entry(f, meta, is_core=False, classification="ignored", reason="internal or hidden artifact"))
+                continue
+            if not _is_script_candidate(f, meta):
+                entries.append(_script_entry(f, meta, is_core=False, classification="non-script", reason="not an executable/script candidate"))
+                continue
+            if dir_classification:
+                cls = dir_classification
+                is_core = cls in ("core", "core-dev")
+            else:
+                is_core = f.name in core_names
+                cls = "core" if is_core else "personal"
+            entries.append(_script_entry(f, meta, is_core=is_core, classification=cls))
 
     summary: dict[str, int] = {}
     for entry in entries:
         summary[entry["classification"]] = summary.get(entry["classification"], 0) + 1
-    return {"scripts_dir": str(scripts_dir), "entries": entries, "summary": summary}
+    return {"scripts_dir": str(candidate_dirs[0]) if candidate_dirs else "", "entries": entries, "summary": summary}
 
 
 def list_scripts(include_core: bool = False) -> list[dict]:
     """List scripts in NEXO_HOME/scripts/.
 
     By default only personal scripts. With include_core=True, also shows core/cron scripts.
+
+    Plan F0.2.4 fix — every entry now carries an `enabled` field
+    hydrated from the `personal_scripts` table. Core entries default
+    to True (they ship enabled and are not toggleable from this entry
+    point); personal entries default to True when no row exists yet
+    (sync hasn't run) so the Desktop toggle has a stable starting
+    state. The flag is what powers the Settings -> Automatizaciones
+    toggle's round-trip.
     """
+    # Build a path -> enabled map once so we don't open a transaction
+    # per entry. Personal_scripts rows that don't match anything in
+    # classify_scripts_dir() are simply ignored.
+    enabled_map: dict[str, bool] = {}
+    if include_core:
+        # Only the Desktop panel (include_core=True) needs the toggle
+        # round-trip. Gating the DB read this way avoids triggering
+        # init_db() in default callers (eg `nexo scripts list`), which
+        # would surface pre-existing test fixture pollution.
+        try:
+            from db import init_db
+            from db._personal_scripts import list_personal_scripts
+            init_db()
+            for row in list_personal_scripts(include_disabled=True):
+                p = row.get("path")
+                if p:
+                    enabled_map[str(p)] = bool(row.get("enabled", True))
+        except Exception:
+            # Missing table (older runtime), locked DB, anything else:
+            # fall through to enabled=True (the cron wrapper gate is
+            # the source of truth at run time).
+            enabled_map = {}
+
     results = []
     for entry in classify_scripts_dir()["entries"]:
         if entry["classification"] not in {"personal", "core"}:
@@ -636,6 +697,7 @@ def list_scripts(include_core: bool = False) -> list[dict]:
         hidden = _truthy(entry.get("metadata", {}).get("hidden"))
         if hidden and not include_core:
             continue
+        entry["enabled"] = enabled_map.get(entry["path"], True)
         results.append(entry)
     return results
 
@@ -1462,6 +1524,78 @@ def remove_personal_script(name_or_path: str, *, keep_file: bool = False) -> dic
     }
 
 
+def set_personal_script_enabled(name_or_path: str, enabled: bool) -> dict:
+    """Plan F0.2.2 — flip the `enabled` flag on a personal script.
+
+    Returns ``{ok: bool, name, enabled, changed: bool}``. Refuses to
+    flip packaged core scripts (they ship enabled and the operator
+    should `nexo scripts unschedule` if they want one to stop).
+
+    The cron wrapper (`nexo-cron-wrapper.sh`, F0.2.4) reads this flag
+    on every tick and exits 0 with `summary='[disabled]'` when the
+    script is disabled, so the LaunchAgent can stay loaded but the
+    script itself is dormant.
+    """
+    from db import init_db, get_personal_script
+    from db._core import get_db
+
+    init_db()
+    sync_personal_scripts()
+    script = get_personal_script(name_or_path) or resolve_script(name_or_path)
+    if not script:
+        return {"ok": False, "error": f"Script not found: {name_or_path}"}
+    if script.get("core") and not _within_scripts_dir(Path(script.get("path", ""))):
+        return {
+            "ok": False,
+            "error": "Refusing to toggle a packaged core script via this entry point — "
+                     "use `nexo scripts unschedule` to stop it instead.",
+        }
+    target = 1 if enabled else 0
+    conn = get_db()
+    cur = conn.execute(
+        "UPDATE personal_scripts SET enabled = ?, updated_at = CURRENT_TIMESTAMP WHERE path = ?",
+        (target, script["path"]),
+    )
+    conn.commit()
+    changed = bool(cur.rowcount)
+    return {
+        "ok": True,
+        "name": script.get("name", name_or_path),
+        "path": script.get("path", ""),
+        "enabled": bool(target),
+        "changed": changed,
+    }
+
+
+def get_personal_script_status(name_or_path: str) -> dict:
+    """Plan F0.2.2 — read-only view of one personal script for the
+    Desktop panel and the `nexo scripts status` CLI verb."""
+    from db import init_db, get_personal_script
+    from db._core import get_db
+
+    init_db()
+    sync_personal_scripts()
+    script = get_personal_script(name_or_path) or resolve_script(name_or_path)
+    if not script:
+        return {"ok": False, "error": f"Script not found: {name_or_path}"}
+    conn = get_db()
+    last = conn.execute(
+        "SELECT exit_code, started_at, ended_at, summary FROM cron_runs "
+        "WHERE cron_id = ? ORDER BY id DESC LIMIT 1",
+        (script.get("name") or "",),
+    ).fetchone()
+    last_run = dict(last) if last else None
+    return {
+        "ok": True,
+        "name": script.get("name"),
+        "path": script.get("path"),
+        "enabled": bool(script.get("enabled", True)),
+        "core": bool(script.get("core")),
+        "classification": script.get("classification", "user"),
+        "last_run": last_run,
+    }
+
+
 def doctor_script(path_or_name: str) -> dict:
     """Validate a single script. Returns dict with pass/warn/fail items."""
     # Resolve

package/src/scripts/nexo-backup.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
-# NEXO DB hourly backup — crontab: 0 * * * * $NEXO_HOME/scripts/nexo-backup.sh
+# NEXO DB hourly backup — crontab: 0 * * * * $NEXO_HOME/core/scripts/nexo-backup.sh
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
 NEXO_DIR="$NEXO_HOME"
 BACKUP_DIR="$NEXO_HOME/backups"
 WEEKLY_DIR="$BACKUP_DIR/weekly"
-DB="$NEXO_HOME/data/nexo.db"
+DB="$NEXO_HOME/runtime/data/nexo.db"
 RETENTION_HOURS=48
 
 mkdir -p "$BACKUP_DIR" "$WEEKLY_DIR"

package/src/scripts/nexo-cron-wrapper.sh

@@ -22,8 +22,8 @@ CRON_ID="${1:?Usage: nexo-cron-wrapper.sh <cron_id> <command...>}"
 shift
 
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
-DB="$NEXO_HOME/data/nexo.db"
-SPOOL_DIR="$NEXO_HOME/operations/cron-spool"
+DB="$NEXO_HOME/runtime/data/nexo.db"
+SPOOL_DIR="$NEXO_HOME/runtime/operations/cron-spool"
 
 # Unlock macOS Keychain so headless Claude Code can read auth tokens.
 # Claude Code stores its API key in the login keychain which auto-locks.
@@ -185,6 +185,44 @@ trap 'on_signal SIGTERM 143' TERM
 trap 'on_signal SIGINT 130' INT
 trap 'on_signal SIGHUP 129' HUP
 
+
+# Plan F0.2.4 — disabled-script gate. Personal_scripts table holds an
+# `enabled` flag flipped via `nexo scripts enable|disable <name>`. When
+# the operator disables a cron the LaunchAgent stays loaded (no
+# launchctl churn) but this wrapper short-circuits to a clean exit 0
+# with summary='[disabled]'. The corresponding cron_runs row gets an
+# explicit "skipped (disabled)" note so the daily audit can tell apart
+# "didn't run because off" from "ran with exit 0".
+DISABLED_GATE_OUTPUT=$(python3 - "$DB" "$CRON_ID" <<'PYGATE' 2>/dev/null || true
+from __future__ import annotations
+import sqlite3
+import sys
+db_path, cron_id = sys.argv[1:]
+try:
+    conn = sqlite3.connect(db_path)
+    try:
+        row = conn.execute(
+            "SELECT enabled FROM personal_scripts WHERE name = ? LIMIT 1",
+            (cron_id,),
+        ).fetchone()
+    finally:
+        conn.close()
+except Exception:
+    sys.exit(0)
+if row is not None and not int(row[0] or 0):
+    print("disabled")
+PYGATE
+)
+if [ "$DISABLED_GATE_OUTPUT" = "disabled" ]; then
+    EXIT_CODE=0
+    SIGNAL_NAME=""
+    : > "$OUTPUT_FILE"
+    echo "[disabled] $CRON_ID skipped - re-enable with: nexo scripts enable $CRON_ID" > "$OUTPUT_FILE"
+    finalize_row
+    cleanup
+    exit 0
+fi
+
 "$@" > "$OUTPUT_FILE" 2>&1 &
 CHILD_PID=$!
 

package/src/scripts/nexo-deep-sleep.sh

@@ -5,14 +5,14 @@
 # Watermark approach: tracks the last processed timestamp so nothing is missed.
 # Sessions from late-night/early-morning work are included in the next run.
 #
-# Logs to $NEXO_HOME/logs/deep-sleep.log
+# Logs to $NEXO_HOME/runtime/logs/deep-sleep.log
 
 set -euo pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
 LOG_DIR="$NEXO_HOME/logs"
-DEEP_SLEEP_DIR="$NEXO_HOME/operations/deep-sleep"
+DEEP_SLEEP_DIR="$NEXO_HOME/runtime/operations/deep-sleep"
 WATERMARK_FILE="$DEEP_SLEEP_DIR/.watermark"
 RUN_ID=$(date +%Y-%m-%d)
 

package/src/scripts/nexo-inbox-hook.sh

@@ -27,7 +27,7 @@ echo "$NOW" > "$DEBOUNCE_FILE"
 
 # 4. Find NEXO SID mapped to this Claude session_id
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
-DB="$NEXO_HOME/data/nexo.db"
+DB="$NEXO_HOME/runtime/data/nexo.db"
 [ -f "$DB" ] || exit 0
 
 NEXO_SID=$(sqlite3 "$DB" "SELECT sid FROM sessions WHERE (external_session_id = '${CLAUDE_SID}' OR claude_session_id = '${CLAUDE_SID}') AND last_update_epoch > (strftime('%s','now') - 900) ORDER BY last_update_epoch DESC LIMIT 1;" 2>/dev/null)

package/src/scripts/nexo-snapshot-restore.sh

@@ -6,7 +6,7 @@ set -euo pipefail
 SNAP_DIR="${1:?Usage: nexo-snapshot-restore.sh <snapshot-dir>}"
 MANIFEST="$SNAP_DIR/manifest.json"
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
-RESTORE_LOG="$NEXO_HOME/logs/snapshot-restores.log"
+RESTORE_LOG="$NEXO_HOME/runtime/logs/snapshot-restores.log"
 
 if [ ! -f "$MANIFEST" ]; then
     echo "ERROR: No manifest.json in $SNAP_DIR" >&2

package/src/scripts/nexo-tcc-approve.sh

@@ -23,8 +23,8 @@ fi
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
 TCC_DB="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
 VERSIONS_DIR="$HOME/.local/share/claude/versions"
-MARKER_DIR="$NEXO_HOME/data/.tcc-approved"
-LOG="$NEXO_HOME/logs/tcc-auto-approve.log"
+MARKER_DIR="$NEXO_HOME/runtime/data/.tcc-approved"
+LOG="$NEXO_HOME/runtime/logs/tcc-auto-approve.log"
 
 mkdir -p "$MARKER_DIR" "$(dirname "$LOG")"
 

package/src/scripts/nexo-watchdog.sh

@@ -13,16 +13,16 @@ set -uo pipefail
 HOME_DIR="$HOME"
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
 NEXO_DIR="$NEXO_HOME"
-CORTEX_DIR="$NEXO_HOME/brain"
-OPS_DIR="$NEXO_HOME/operations"
-LOG_DIR="$NEXO_HOME/logs"
-DB_PATH="$NEXO_HOME/data/nexo.db"
+CORTEX_DIR="$NEXO_HOME/personal/brain"
+OPS_DIR="$NEXO_HOME/runtime/operations"
+LOG_DIR="$NEXO_HOME/runtime/logs"
+DB_PATH="$NEXO_HOME/runtime/data/nexo.db"
 LOG="$LOG_DIR/watchdog.log"
 STATUS_JSON="$OPS_DIR/watchdog-status.json"
 REPORT_TXT="$OPS_DIR/watchdog-report.txt"
 ALERT_FILE="$OPS_DIR/.watchdog-alert"
-HASH_REGISTRY="$NEXO_HOME/scripts/.watchdog-hashes"
-FAIL_COUNT_FILE="$NEXO_HOME/scripts/.watchdog-fails"
+HASH_REGISTRY="$NEXO_HOME/core/scripts/.watchdog-hashes"
+FAIL_COUNT_FILE="$NEXO_HOME/core/scripts/.watchdog-fails"
 MAX_FAILS=3
 
 mkdir -p "$LOG_DIR" "$OPS_DIR"
@@ -47,8 +47,8 @@ log() { echo "[$TS] $1" >> "$LOG"; }
 # Add personal (non-manifest) monitors to PERSONAL_MONITORS below.
 NEXO_CODE="${NEXO_CODE:-$(cd "$(dirname "$0")/.." 2>/dev/null && pwd)}"
 # Look for manifest in NEXO_HOME first (packaged install), then NEXO_CODE (dev/repo)
-if [ -f "$NEXO_HOME/crons/manifest.json" ]; then
-  MANIFEST_FILE="$NEXO_HOME/crons/manifest.json"
+if [ -f "$NEXO_HOME/runtime/crons/manifest.json" ]; then
+  MANIFEST_FILE="$NEXO_HOME/runtime/crons/manifest.json"
 else
   MANIFEST_FILE="$NEXO_CODE/crons/manifest.json"
 fi
@@ -166,7 +166,7 @@ done < <(_build_monitors_from_manifest)
 # Personal (non-manifest) monitors — add yours below.
 # These are NOT in manifest.json and won't be synced by cron-sync.
 PERSONAL_MONITORS=(
-  # "My Service|com.nexo.my-service|$NEXO_HOME/logs/my-service.log||3600||Every 30 min|personal"
+  # "My Service|com.nexo.my-service|$NEXO_HOME/runtime/logs/my-service.log||3600||Every 30 min|personal"
 )
 MONITORS+=("${PERSONAL_MONITORS[@]+"${PERSONAL_MONITORS[@]}"}")
 
@@ -882,7 +882,7 @@ if [ -f "$HASH_REGISTRY" ]; then
       if [ "$ACTUAL" != "$expected_hash" ]; then
         TAMPERED=$((TAMPERED + 1))
         log "CRITICAL: Immutable file modified: $filepath"
-        LATEST_SNAP=$(ls -td "$NEXO_HOME/snapshots/"*/ 2>/dev/null | head -1)
+        LATEST_SNAP=$(ls -td "$NEXO_HOME/runtime/snapshots/"*/ 2>/dev/null | head -1)
         if [ -n "$LATEST_SNAP" ] && [ -f "${LATEST_SNAP}files/${filepath#$HOME_DIR/}" ]; then
           cp "${LATEST_SNAP}files/${filepath#$HOME_DIR/}" "$filepath"
           log "RESTORED immutable file from snapshot"
@@ -1075,7 +1075,7 @@ fi
 # ============================================================================
 # Only triggers if: (a) there are FAILs after mechanical repair, (b) no NEXO
 # repair is already running, (c) no interactive session is active (avoid conflict)
-REPAIR_LOCK="$NEXO_HOME/scripts/.watchdog-nexo-repair.lock"
+REPAIR_LOCK="$NEXO_HOME/core/scripts/.watchdog-nexo-repair.lock"
 REPAIR_COOLDOWN=1800  # 30 min between NEXO repair attempts
 
 if [ "$TOTAL_FAIL" -gt 0 ]; then
@@ -1162,19 +1162,19 @@ STEPS:
 2. Check stderr/stdout logs for the actual error
 3. Fix the root cause (missing file, bad config, dependency issue, etc.)
 4. Reload the service and verify it is running (launchctl on macOS, systemctl on Linux)
-5. Log what you did to $NEXO_HOME/logs/watchdog-repair-result.log
+5. Log what you did to $NEXO_HOME/runtime/logs/watchdog-repair-result.log
 ${PROPAGATE_BLOCK}
 
 CONSTRAINTS:
 - Do NOT modify CLAUDE.md, AGENTS.md, or any protected file
 - Do NOT start interactive conversations
 - Keep it under 5 minutes
-- Log what you did to $NEXO_HOME/logs/watchdog-repair-result.log
+- Log what you did to $NEXO_HOME/runtime/logs/watchdog-repair-result.log
 NEXOPROMPT
 
       # Launch NEXO in background with the configured automation backend.
       # Keep the hardened Claude fallback for older runtimes or partial installs.
-      AGENT_RUNNER="$NEXO_HOME/scripts/nexo-agent-run.py"
+      AGENT_RUNNER="$NEXO_HOME/core/scripts/nexo-agent-run.py"
       NEXO_PYTHON="$NEXO_HOME/.venv/bin/python3"
       if [ ! -x "$NEXO_PYTHON" ]; then
         NEXO_PYTHON=$(command -v python3 2>/dev/null || echo "python3")

package/src/system_catalog.py

@@ -6,6 +6,7 @@ import importlib.util
 import inspect
 import json
 import os
+import paths
 import re
 import sys
 from pathlib import Path
@@ -17,8 +18,8 @@ from script_registry import list_scripts
 NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
 NEXO_CODE = Path(__file__).resolve().parent
 SERVER_PATH = NEXO_CODE / "server.py"
-MANIFEST_PATHS = [NEXO_CODE / "crons" / "manifest.json", NEXO_HOME / "crons" / "manifest.json"]
-ATLAS_PATH = NEXO_HOME / "brain" / "project-atlas.json"
+MANIFEST_PATHS = [NEXO_CODE / "crons" / "manifest.json", paths.crons_dir() / "manifest.json"]
+ATLAS_PATH = paths.brain_dir() / "project-atlas.json"
 
 SECTION_ORDER = (
     "core_tools",

package/src/tools_sessions.py

@@ -3,6 +3,7 @@ from __future__ import annotations
 
 import json
 import os
+import paths
 import time
 import secrets
 import threading
@@ -26,7 +27,7 @@ from db import (
 
 KEEPALIVE_INTERVAL = 600  # 10 min — well inside the 15-min TTL
 NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
-SESSION_PORTABILITY_DIR = NEXO_HOME / "operations" / "session-portability"
+SESSION_PORTABILITY_DIR = paths.operations_dir() / "session-portability"
 
 _keepalive_threads: dict[str, threading.Event] = {}  # sid → stop_event
 

package/src/user_data_portability.py

@@ -4,6 +4,7 @@ from __future__ import annotations
 
 import json
 import os
+import paths
 import shutil
 import sqlite3
 import tarfile
@@ -17,7 +18,7 @@ from runtime_home import export_resolved_nexo_home
 
 NEXO_HOME = export_resolved_nexo_home()
 NEXO_CODE = Path(os.environ.get("NEXO_CODE", str(Path(__file__).resolve().parent)))
-EXPORTS_DIR = NEXO_HOME / "exports"
+EXPORTS_DIR = paths.exports_dir()
 STAGING_DIR = EXPORTS_DIR / ".staging"
 USER_DIRS = ("brain", "coordination", "nexo-email", "assets")
 USER_CONFIG_FILES = ("schedule.json",)
@@ -182,12 +183,12 @@ def export_user_bundle(output_path: str = "") -> dict:
     sections: dict[str, dict] = {}
 
     try:
-        data_db = NEXO_HOME / "data" / "nexo.db"
+        data_db = paths.db_path()
         if data_db.is_file():
             _sqlite_backup(data_db, bundle_root / "data" / "nexo.db")
             sections["data_db"] = {"path": "data/nexo.db"}
 
-        brain_dir = NEXO_HOME / "brain"
+        brain_dir = paths.brain_dir()
         if brain_dir.is_dir():
             copied = _copy_tree_filtered(brain_dir, bundle_root / "brain", exclude_names={"nexo.db"})
             brain_db = brain_dir / "nexo.db"
@@ -271,7 +272,7 @@ def import_user_bundle(bundle_path: str) -> dict:
     if not archive_path.is_file():
         return {"ok": False, "error": f"bundle not found: {archive_path}"}
 
-    backups_dir = NEXO_HOME / "backups"
+    backups_dir = paths.backups_dir()
     backups_dir.mkdir(parents=True, exist_ok=True)
     safety_backup = backups_dir / f"pre-import-user-data-{_now_stamp()}.tar.gz"
     safety_result = export_user_bundle(str(safety_backup))
@@ -300,15 +301,15 @@ def import_user_bundle(bundle_path: str) -> dict:
 
         data_db = bundle_root / "data" / "nexo.db"
         if data_db.is_file():
-            _sqlite_backup(data_db, NEXO_HOME / "data" / "nexo.db")
+            _sqlite_backup(data_db, paths.db_path())
             restored["data_db"] = {"path": "data/nexo.db"}
 
         brain_dir = bundle_root / "brain"
         if brain_dir.is_dir():
-            copied = _copy_tree_filtered(brain_dir, NEXO_HOME / "brain", exclude_names={"nexo.db"})
+            copied = _copy_tree_filtered(brain_dir, paths.brain_dir(), exclude_names={"nexo.db"})
             brain_db = brain_dir / "nexo.db"
             if brain_db.is_file():
-                _sqlite_backup(brain_db, NEXO_HOME / "brain" / "nexo.db")
+                _sqlite_backup(brain_db, paths.brain_dir() / "nexo.db")
                 copied += 1
             restored["brain"] = {"path": "brain", "files": copied}
 
@@ -328,7 +329,7 @@ def import_user_bundle(bundle_path: str) -> dict:
 
         imported_scripts = 0
         scripts_dir = bundle_root / "personal-scripts"
-        target_scripts_dir = NEXO_HOME / "scripts"
+        target_scripts_dir = paths.personal_scripts_dir()
         target_scripts_dir.mkdir(parents=True, exist_ok=True)
         if scripts_dir.is_dir():
             for script_path in sorted(scripts_dir.iterdir()):