nexo-brain 7.1.0 → 7.1.2

package/src/doctor/providers/runtime.py

@@ -25,7 +25,7 @@ from client_preferences import (
     normalize_client_preferences,
     resolve_client_runtime_profile,
 )
-from cron_recovery import resolve_declared_schedule, should_run_at_load
+from cron_recovery import is_cron_enabled, resolve_declared_schedule, should_run_at_load
 from doctor.models import DoctorCheck, safe_check
 
 NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
@@ -43,15 +43,20 @@ IMMUNE_FRESHNESS = 3600  # 1 hour (runs every 30 min)
 WATCHDOG_FRESHNESS = 3600  # 1 hour (runs every 30 min)
 DEFAULT_CRON_THRESHOLD = 7200  # Fallback when manifest data is unavailable
 LIVE_PROTOCOL_SESSION_FRESHNESS = 1800  # 30 minutes
-AUXILIARY_CORE_LAUNCHAGENT_IDS = {"backup", "dashboard", "prevent-sleep", "tcc-approve"}
-SPECIAL_LAUNCHAGENT_IDS = {"prevent-sleep", "tcc-approve"}
-SPECIAL_ENV_NORMALIZE_IDS = SPECIAL_LAUNCHAGENT_IDS
+SPECIAL_ENV_NORMALIZE_IDS = {"prevent-sleep", "tcc-approve"}
 OPTIONALS_FILE = paths.config_dir() / "optionals.json"
 SCHEDULE_FILE = paths.config_dir() / "schedule.json"
 PACKAGE_JSON = NEXO_CODE / "package.json"
 CHANGELOG_FILE = NEXO_CODE / "CHANGELOG.md"
 
 
+def _expected_runtime_code_dir() -> Path:
+    packaged = NEXO_HOME / "core"
+    if packaged.exists() or not (NEXO_HOME / "server.py").is_file():
+        return packaged
+    return NEXO_HOME
+
+
 def _recorded_source_root() -> Path | None:
     version_file = NEXO_HOME / "version.json"
     try:
@@ -832,15 +837,16 @@ def _enabled_optionals() -> dict[str, bool]:
 def _enabled_manifest_crons() -> list[dict]:
     manifest_candidates = [
         paths.crons_dir() / "manifest.json",
+        NEXO_HOME / "crons" / "manifest.json",
         NEXO_CODE / "crons" / "manifest.json",
     ]
     optionals = _enabled_optionals()
-    automation_default = True
+    schedule = {}
     try:
         if SCHEDULE_FILE.is_file():
-            schedule = _load_json(SCHEDULE_FILE)
-            if isinstance(schedule, dict):
-                automation_default = bool(schedule.get("automation_enabled", True))
+            loaded = _load_json(SCHEDULE_FILE)
+            if isinstance(loaded, dict):
+                schedule = loaded
     except Exception:
         pass
     for manifest_path in manifest_candidates:
@@ -856,12 +862,12 @@ def _enabled_manifest_crons() -> list[dict]:
             cron_id = cron.get("id")
             if not cron_id:
                 continue
-            optional_key = cron.get("optional")
-            if optional_key == "automation":
-                optional_enabled = optionals.get(optional_key, automation_default)
-            else:
-                optional_enabled = optionals.get(optional_key, False)
-            if optional_key and not optional_enabled:
+            if not is_cron_enabled(
+                cron,
+                optionals=optionals,
+                schedule_data=schedule,
+                system=os.environ.get("NEXO_PLATFORM") or platform.system(),
+            ):
                 continue
             enabled.append(cron)
         return enabled
@@ -919,6 +925,7 @@ def _launchagent_schedule_expectations() -> dict[str, dict]:
             "StartCalendarInterval": None,
             "RunAtLoad": None,
             "KeepAlive": None,
+            "WatchPaths": None,
             "schedule_configured": False,
         }
         if cron.get("keep_alive"):
@@ -944,12 +951,17 @@ def _launchagent_schedule_expectations() -> dict[str, dict]:
         elif should_run_at_load(cron):
             expected["RunAtLoad"] = True
             expected["schedule_configured"] = True
+        if cron.get("watch_paths"):
+            expected["WatchPaths"] = [
+                str(Path(str(path)).expanduser()) if str(path).startswith("~") else str(path)
+                for path in cron.get("watch_paths", [])
+            ]
         expectations[cron_id] = expected
     return expectations
 
 
 def _managed_launchagent_plists() -> list[tuple[str, Path]]:
-    ids = set(AUXILIARY_CORE_LAUNCHAGENT_IDS)
+    ids = set()
     for cron_id, expected in _launchagent_schedule_expectations().items():
         if expected.get("schedule_configured"):
             ids.add(cron_id)
@@ -963,7 +975,7 @@ def _managed_launchagent_plists() -> list[tuple[str, Path]]:
 
 
 def _known_nexo_launchagent_ids() -> set[str]:
-    ids = set(AUXILIARY_CORE_LAUNCHAGENT_IDS)
+    ids = set()
     for cron_id, expected in _launchagent_schedule_expectations().items():
         if expected.get("schedule_configured"):
             ids.add(cron_id)
@@ -1088,6 +1100,7 @@ def _repair_launchagents(items: list[tuple[str, Path]]) -> tuple[bool, list[str]
 def _repair_special_launchagent_plists(items: list[tuple[str, Path]]) -> tuple[bool, list[str]]:
     evidence: list[str] = []
     ok = True
+    expected_code = _expected_runtime_code_dir()
     for cron_id, plist_path in items:
         if cron_id not in SPECIAL_ENV_NORMALIZE_IDS:
             continue
@@ -1096,8 +1109,8 @@ def _repair_special_launchagent_plists(items: list[tuple[str, Path]]) -> tuple[b
                 plist_data = plistlib.load(fh)
             env = plist_data.setdefault("EnvironmentVariables", {})
             changed = False
-            if env.get("NEXO_CODE") != str(NEXO_HOME):
-                env["NEXO_CODE"] = str(NEXO_HOME)
+            if env.get("NEXO_CODE") != str(expected_code):
+                env["NEXO_CODE"] = str(expected_code)
                 changed = True
             if env.get("NEXO_HOME") != str(NEXO_HOME):
                 env["NEXO_HOME"] = str(NEXO_HOME)
@@ -1533,12 +1546,14 @@ def check_launchagent_integrity(fix: bool = False) -> DoctorCheck:
                 "StartCalendarInterval": plist_data.get("StartCalendarInterval"),
                 "RunAtLoad": plist_data.get("RunAtLoad"),
                 "KeepAlive": plist_data.get("KeepAlive"),
+                "WatchPaths": plist_data.get("WatchPaths"),
             }
             target_schedule = {
                 "StartInterval": expected_schedule.get("StartInterval"),
                 "StartCalendarInterval": expected_schedule.get("StartCalendarInterval"),
                 "RunAtLoad": expected_schedule.get("RunAtLoad"),
                 "KeepAlive": expected_schedule.get("KeepAlive"),
+                "WatchPaths": expected_schedule.get("WatchPaths"),
             }
             if actual_schedule != target_schedule:
                 problems.append(
@@ -1764,12 +1779,12 @@ def check_personal_script_registry(fix: bool = False) -> DoctorCheck:
             "Run nexo scripts sync to reconcile filesystem scripts and personal LaunchAgents",
             "Run nexo scripts reconcile so declared schedules are recreated through the official flow",
             "Use nexo doctor --tier runtime --fix to apply the safe reconcile path for declared schedules",
-            "Keep personal scripts in NEXO_HOME/scripts so updates do not collide with core",
+            "Keep personal scripts in NEXO_HOME/personal/scripts so updates do not collide with core",
             "Prefer ps- prefixed filenames for new personal scripts so ownership stays obvious at a glance",
         ],
         escalation_prompt=(
             "Personal script metadata, files, and personal cron schedules are out of sync. "
-            "Reconcile NEXO_HOME/scripts with personal LaunchAgents without treating them as core crons."
+            "Reconcile NEXO_HOME/personal/scripts with personal LaunchAgents without treating them as core crons."
         ),
     )
 

package/src/email_config.py

@@ -4,7 +4,7 @@
 The loader prefers the `email_accounts` table. When the table is empty
 (fresh install that hasn't run `nexo email setup` yet) it falls back
 to the legacy JSON for backwards compatibility — no crons stall while
-Francisco migrates.
+the operator migrates.
 
 Usage from any script:
 
@@ -117,6 +117,8 @@ def _account_to_legacy_shape(
         "password": runtime_account["password"],
         "operator_email": default_operator_email,
         "operator_aliases": list(extra_operator_emails or []),
+        # Transitional compatibility for older scripts that still read the
+        # pre-F2 alias key directly.
         "francisco_emails": list(extra_operator_emails or []),
         "trusted_domains": runtime_account["trusted_domains"],
         "sender_policy": runtime_account["sender_policy"],
@@ -205,19 +207,26 @@ def load_email_runtime_snapshot() -> dict[str, Any] | None:
     }
 
 
-def load_email_config(label: str | None = None) -> dict | None:
-    """Return the email config for a given label (or the primary account).
+def load_email_config(label: str | None = None, account_id: int | str | None = None) -> dict | None:
+    """Return the email config for a given selector (or the primary account).
 
     Preference order:
-      1. email_accounts table (via label or get_primary_email_account).
+      1. email_accounts table (via id, label, or get_primary_email_account).
       2. ~/.nexo/nexo-email/config.json legacy file.
       3. None if neither is available.
     """
     account: dict | None = None
     operator_accounts: list[dict] = []
     try:
-        from db._email_accounts import get_email_account, get_primary_email_account, list_email_accounts
-        if label:
+        from db._email_accounts import (
+            get_email_account,
+            get_email_account_by_id,
+            get_primary_email_account,
+            list_email_accounts,
+        )
+        if account_id is not None:
+            account = get_email_account_by_id(account_id)
+        elif label:
             account = get_email_account(label)
         else:
             account = get_primary_email_account()
@@ -231,9 +240,9 @@ def load_email_config(label: str | None = None) -> dict | None:
             value = str(op.get("email") or "").strip().lower()
             if value and value not in extra:
                 extra.append(value)
-        # F1/F2 — operator aliases are canonical now. Keep the legacy
-        # `francisco_emails` compatibility shape in the returned payload
-        # so old code paths do not break during transition.
+        # F1/F2 — operator aliases are canonical now. Keep the legacy alias
+        # compatibility key in the returned payload so old code paths do not
+        # break during transition.
         aliases = (account.get("metadata") or {}).get("operator_aliases") or []
         for a in aliases:
             if a and a not in extra:

package/src/enforcement_classifier.py

@@ -40,24 +40,15 @@ import time
 from typing import Callable
 
 from call_model_raw import ClassifierUnavailableError, call_model_raw
+from core_prompts import render_core_prompt
 
 
 _logger = logging.getLogger("nexo.enforcement_classifier")
 
 
-_STRICT_SYSTEM_PROMPT = (
-    "You are a binary classifier for the NEXO Protocol Enforcer. "
-    "Respond with EXACTLY ONE WORD: yes OR no. "
-    "No explanation. No preface. No punctuation. No quotes. "
-    "Only 'yes' or 'no', lowercase, no surrounding text."
-)
+_STRICT_SYSTEM_PROMPT = render_core_prompt("enforcement-classifier-strict")
 
-_RETRY_SYSTEM_PROMPT = (
-    "Your previous response was not valid. "
-    "Answer with only the single word 'yes' or the single word 'no'. "
-    "Any other output is rejected. Do not explain. Do not apologise. "
-    "Do not repeat the question. Emit 'yes' or 'no' and stop."
-)
+_RETRY_SYSTEM_PROMPT = render_core_prompt("enforcement-classifier-retry")
 
 _PARSER_REGEX = re.compile(r"^\s*(yes|no)\b", flags=re.IGNORECASE)
 

package/src/evolution_cycle.py

@@ -14,6 +14,7 @@ import sqlite3
 import time
 from datetime import datetime, date, timedelta
 from pathlib import Path
+from core_prompts import render_core_prompt
 
 NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
 NEXO_CODE = Path(os.environ.get("NEXO_CODE", str(NEXO_HOME)))
@@ -230,7 +231,7 @@ def dry_run_restore_test() -> bool:
 
     test_file.write_text("modified_content")
 
-    # Find restore script: NEXO_CODE/scripts/ first, then NEXO_HOME/scripts/
+    # Find restore script: repo scripts/ first, then installed core/scripts/.
     _nexo_code = Path(os.environ.get("NEXO_CODE", ""))
     restore_script = None
     for candidate in [_nexo_code / "scripts" / "nexo-snapshot-restore.sh",
@@ -290,11 +291,11 @@ def build_evolution_prompt(week_data: dict, objective: dict) -> str:
     max_auto = max_auto_changes(total)
     if mode == "review":
         mode_desc = "review-only, nothing executes automatically"
-        safe_zones = "~/.nexo/scripts/, ~/.nexo/plugins/, ~/.nexo/brain/"
+        safe_zones = "~/.nexo/personal/scripts/, ~/.nexo/personal/plugins/, ~/.nexo/personal/brain/"
         immutable_files = "db.py, server.py, plugin_loader.py, storage_router.py, cognitive.py, knowledge_graph.py, tools_*.py, nexo-watchdog.sh, evolution_cycle.py, CLAUDE.md, AGENTS.md"
     elif mode == "managed":
         mode_desc = f"owner-managed, max {max_auto} auto-applied changes with rollback and followups"
-        safe_zones = "~/.nexo/scripts/, ~/.nexo/plugins/, ~/.nexo/brain/, NEXO_CODE/src, repo bin/docs/templates/tests"
+        safe_zones = "~/.nexo/personal/scripts/, ~/.nexo/personal/plugins/, ~/.nexo/personal/brain/, NEXO_CODE/src, repo bin/docs/templates/tests"
         immutable_files = "db.py, server.py, plugin_loader.py, storage_router.py, nexo-watchdog.sh, evolution_cycle.py, CLAUDE.md, AGENTS.md, personality.md, user-profile.md"
     elif mode == "public_core":
         mode_desc = "public core contribution via isolated checkout and Draft PR"
@@ -302,82 +303,25 @@ def build_evolution_prompt(week_data: dict, objective: dict) -> str:
         immutable_files = "personal runtime, ~/.nexo/**, local DBs/logs, CLAUDE.md, AGENTS.md, user-profile.md"
     else:
         mode_desc = f"public auto, max {max_auto} auto-applied changes in personal safe zones"
-        safe_zones = "~/.nexo/scripts/, ~/.nexo/plugins/"
+        safe_zones = "~/.nexo/personal/scripts/, ~/.nexo/personal/plugins/"
         immutable_files = "db.py, server.py, plugin_loader.py, storage_router.py, cognitive.py, knowledge_graph.py, tools_*.py, nexo-watchdog.sh, evolution_cycle.py, CLAUDE.md, AGENTS.md"
 
-    prompt = f"""You are NEXO Evolution — the weekly self-improvement cycle.
-
-YOUR JOB: Analyze the past week and propose concrete improvements to NEXO's codebase.
-
-WEEK SUMMARY:
-- {stats['learnings_this_week']} new learnings
-- {stats['decisions_this_week']} decisions made
-- {stats['changes_this_week']} code changes deployed
-- {stats['diaries_this_week']} session diaries
-- {stats['evolution_history']} past evolution proposals
-- Current scores: {json.dumps(stats['current_scores'])}
-
-MODE: {mode} ({mode_desc})
-CYCLE: #{total + 1}
-
-INVESTIGATE using these tools:
-1. Bash: sqlite3 {NEXO_DB} "SELECT category, title FROM learnings WHERE created_at > {time.time() - 7*86400} ORDER BY created_at DESC LIMIT 30"
-2. Bash: sqlite3 {NEXO_DB} "SELECT area, COUNT(*) as cnt FROM error_repetitions GROUP BY area ORDER BY cnt DESC LIMIT 10"
-3. Read ~/.nexo/coordination/daily-synthesis.md — today's context
-4. Read ~/.nexo/coordination/postmortem-daily.md — self-critique patterns
-5. Read ~/.nexo/logs/self-audit-summary.json — system health
-6. Glob ~/.nexo/scripts/*.py — existing scripts
-7. Glob ~/.nexo/plugins/*.py — existing plugins
-
-LOOK FOR:
-- Repeated errors that guard isn't preventing
-- Scripts or processes that are failing or underperforming
-- Missing functionality that session diaries keep asking for
-- Redundant code or config that could be simplified
-- Patterns in self-critique that suggest systemic issues
-
-SAFETY:
-- Safe zones for this mode: {safe_zones}
-- IMMUTABLE files (never touch in this mode): {immutable_files}
-- Every change needs: what file, what to change, why, risk, how to verify
-- AUTO changes must be deterministic. If the edit is ambiguous, risky, or needs human taste, mark it as "propose".
-- In managed mode, failed AUTO changes will be rolled back automatically and turned into followups with evidence.
-
-OUTPUT FORMAT (JSON):
-{{
-  "analysis": "one paragraph summary of what you found",
-  "dimension_scores": {{
-    "episodic_memory": 0,
-    "autonomy": 0,
-    "proactivity": 0,
-    "self_improvement": 0,
-    "agi": 0
-  }},
-  "score_evidence": {{
-    "episodic_memory": "why this score changed or stayed flat",
-    "autonomy": "why this score changed or stayed flat",
-    "proactivity": "why this score changed or stayed flat",
-    "self_improvement": "why this score changed or stayed flat",
-    "agi": "why this score changed or stayed flat"
-  }},
-  "patterns": [{{"type": "...", "description": "...", "frequency": "..."}}],
-  "proposals": [
-    {{
-      "classification": "auto" or "propose",
-      "dimension": "reliability|proactivity|efficiency|safety|learning",
-      "action": "what to do",
-      "reasoning": "why",
-      "scope": "local",
-      "changes": [{{"file": "path", "operation": "create|replace|append", "search": "text to find", "content": "new text"}}]
-    }}
-  ]
-}}
-
-Always include all five canonical keys in `dimension_scores` and `score_evidence`.
-Scores must be integers in the 0-100 range and reflect the current week, not targets.
-Max 3 proposals. Quality over quantity. If nothing needs improving, say so."""
-
-    return prompt
+    return render_core_prompt(
+        "evolution-weekly",
+        learnings_this_week=stats["learnings_this_week"],
+        decisions_this_week=stats["decisions_this_week"],
+        changes_this_week=stats["changes_this_week"],
+        diaries_this_week=stats["diaries_this_week"],
+        evolution_history=stats["evolution_history"],
+        current_scores_json=json.dumps(stats["current_scores"]),
+        mode=mode,
+        mode_desc=mode_desc,
+        cycle_number=total + 1,
+        nexo_db=NEXO_DB,
+        week_cutoff_ts=time.time() - 7 * 86400,
+        safe_zones=safe_zones,
+        immutable_files=immutable_files,
+    )
 
 
 def build_public_contribution_prompt(
@@ -414,39 +358,12 @@ needs the same change and port it if necessary. If the repo is already correct,
 make the smallest validating change that captures the same gap.
 """
 
-    return f"""You are NEXO Public Evolution.
-
-You are running inside an isolated checkout of the public NEXO repository.
-Your job is to make one technically coherent improvement to the public core and
-prepare it for a Draft PR.
-
-STRICT RULES:
-- Work only inside this repository checkout: {repo_root}
-- You may modify only public core surfaces: src/, bin/, tests/, templates/, hooks/, migrations/, .claude-plugin/
-- Do not read or use ~/.nexo, local DBs, personal scripts, emails, logs, prompts, secrets, or any user-identifying paths
-- Do not push, open PRs, or change git remotes yourself
-- Do not touch README, website, gh-pages, changelog, or release metadata in this mode
-- Focus on one concrete improvement only
-- Run validation for the files you touched
-
-What to do:
-1. Inspect the repo and find a real, self-contained improvement in reliability, install/update behavior, cron recovery, diagnostics, hooks, tests, or other core infrastructure.
-2. Implement the change directly in this checkout.
-3. Run the smallest relevant validation commands.
-4. Return ONLY valid JSON with this shape:
-
-{{
-  "title": "type: short title",
-  "problem": "what was wrong",
-  "summary": "what you changed",
-  "tests": ["command 1", "command 2"],
-  "risks": ["risk 1", "risk 2"]
-}}
-
-Cycle: #{cycle_number}
-Quality over quantity. One strong improvement is better than three weak ones.
-{queued_section}
-"""
+    return render_core_prompt(
+        "evolution-public-contribution",
+        repo_root=repo_root,
+        cycle_number=cycle_number,
+        queued_section=queued_section,
+    )
 
 
 def build_public_pr_review_prompt(
@@ -470,45 +387,16 @@ def build_public_pr_review_prompt(
     if len(trimmed_diff) > 80000:
         trimmed_diff = trimmed_diff[:80000] + "\n\n[diff truncated by NEXO]"
 
-    return f"""You are NEXO Public Evolution Review.
-
-You are reviewing another opt-in public evolution PR. You must NOT merge, rebase,
-push, or edit the PR. Your only job is to decide whether it deserves an approval
-or whether it should receive a review comment without approval.
-
-STRICT RULES:
-- Review only this PR:
-  - Number: #{pr_number}
-  - Author: {author}
-  - URL: {url}
-- Base the review only on the provided title, body, file list, and diff
-- Do not assume hidden context
-- If confidence is not strong, choose `comment`, not `approve`
-- If the diff is too incomplete, too risky, or too ambiguous, choose `skip`
-- Never suggest merge authority; maintainers decide that later
-- Keep the review concise, technical, and useful
-
-PR TITLE:
-{title}
-
-PR BODY:
-{body or "(empty)"}
-
-FILES CHANGED:
-{rendered_files}
-
-DIFF:
-```diff
-{trimmed_diff or "(empty diff)"}
-```
-
-Return ONLY valid JSON:
-{{
-  "decision": "approve|comment|skip",
-  "summary": "one-line verdict",
-  "body": "the exact markdown text to post as the review body"
-}}
-"""
+    return render_core_prompt(
+        "evolution-public-pr-review",
+        pr_number=pr_number,
+        author=author,
+        url=url,
+        title=title,
+        body=body or "(empty)",
+        rendered_files=rendered_files,
+        trimmed_diff=trimmed_diff or "(empty diff)",
+    )
 
 
 def max_auto_changes(total_evolutions: int) -> int:

package/src/guardian_telemetry.py

@@ -29,14 +29,15 @@ import threading
 import time
 from typing import Any
 
+from paths import logs_dir
+
 
 DEFAULT_MAX_BYTES = 10 * 1024 * 1024  # 10 MB per file before rotation
 _LOCK = threading.Lock()
 
 
 def _telemetry_path() -> pathlib.Path:
-    home = pathlib.Path(os.environ.get("NEXO_HOME") or (pathlib.Path.home() / ".nexo"))
-    return home / "logs" / "guardian-telemetry.ndjson"
+    return logs_dir() / "guardian-telemetry.ndjson"
 
 
 def _rotate_if_needed(path: pathlib.Path, max_bytes: int) -> None:

package/src/hook_guardrails.py

@@ -12,6 +12,7 @@ import paths
 from db import create_protocol_debt, get_db
 from plugins.guard import _load_conditioned_learnings, _normalize_path_token
 from protocol_settings import get_protocol_strictness
+from product_mode import core_writes_allowed, is_protected_runtime_core_path
 
 READ_LIKE_TOOLS = {"Read"}
 WRITE_LIKE_TOOLS = {"Edit", "MultiEdit", "Write"}
@@ -520,6 +521,44 @@ def _collect_automation_live_repo_blocks(
     return blocks
 
 
+def _collect_runtime_core_write_blocks(
+    conn,
+    *,
+    sid: str,
+    tool_name: str,
+    files: list[str],
+) -> list[dict]:
+    if core_writes_allowed():
+        return []
+    blocks: list[dict] = []
+    for filepath in files:
+        if not is_protected_runtime_core_path(filepath):
+            continue
+        debt = _ensure_protocol_debt(
+            conn,
+            session_id=sid,
+            task_id="",
+            debt_type="runtime_core_write_blocked",
+            severity="error",
+            evidence=(
+                f"{tool_name} attempted on protected runtime core path {filepath}. "
+                "Install-time core files must be changed through the source repo/release flow, "
+                "not by editing ~/.nexo/core in place."
+            ),
+            file_token=filepath,
+        )
+        blocks.append(
+            {
+                "file": filepath,
+                "task_id": "",
+                "debt_id": debt.get("id"),
+                "debt_type": "runtime_core_write_blocked",
+                "reason_code": "runtime_core_protected",
+            }
+        )
+    return blocks
+
+
 def _read_claude_session_id_from_coordination() -> str:
     """Fallback claude_session_id when Claude Code's PreToolUse payload omits it.
 
@@ -598,6 +637,23 @@ def process_pre_tool_event(payload: dict) -> dict:
             "status": "blocked",
         }
 
+    core_blocks = _collect_runtime_core_write_blocks(
+        conn,
+        sid=sid,
+        tool_name=tool_name,
+        files=files,
+    )
+    if core_blocks:
+        return {
+            "ok": True,
+            "session_id": sid,
+            "tool_name": tool_name,
+            "operation": op,
+            "strictness": strictness,
+            "blocks": core_blocks,
+            "status": "blocked",
+        }
+
     if strictness == "lenient":
         return {"ok": True, "skipped": True, "reason": "lenient mode", "strictness": strictness}
 
@@ -904,6 +960,11 @@ def format_pretool_block_message(result: dict) -> str:
                 f"- {file_note}: automation sessions cannot write to the live NEXO repo. "
                 "Use an isolated checkout/worktree or the public contribution Draft PR flow."
             )
+        elif item.get("reason_code") == "runtime_core_protected":
+            lines.append(
+                f"- {file_note}: `~/.nexo/core` is a protected install surface. "
+                "Route the change through the source repo + release/update flow instead of editing the live installed core."
+            )
         elif item.get("reason_code") == "guard_unacknowledged":
             lines.append(
                 f"- {file_note}: task {item['task_id']} still has blocking guard debt. Acknowledge it with `nexo_task_acknowledge_guard` before retrying."

package/src/hooks/capture-tool-logs.sh

@@ -17,7 +17,15 @@ case "$TOOL_NAME" in
 esac
 
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
-LOG_DIR="$NEXO_HOME/operations/tool-logs"
+OPERATIONS_DIR="$NEXO_HOME/runtime/operations"
+if [ ! -d "$OPERATIONS_DIR" ] && [ -d "$NEXO_HOME/operations" ]; then
+    OPERATIONS_DIR="$NEXO_HOME/operations"
+fi
+DATA_DIR="$NEXO_HOME/runtime/data"
+if [ ! -d "$DATA_DIR" ] && [ -d "$NEXO_HOME/data" ]; then
+    DATA_DIR="$NEXO_HOME/data"
+fi
+LOG_DIR="$OPERATIONS_DIR/tool-logs"
 mkdir -p "$LOG_DIR"
 
 TODAY=$(date +%Y-%m-%d)
@@ -58,10 +66,10 @@ print(json.dumps(record))
 # ── Layer 1: Auto-diary every 10 tool calls (session-scoped) ─────────
 # Extract session_id for per-session counters (prevents cross-terminal contamination)
 SESSION_ID=$(echo "$INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).get('session_id','global'))" 2>/dev/null || echo "global")
-COUNTER_DIR="$NEXO_HOME/operations/counters"
+COUNTER_DIR="$OPERATIONS_DIR/counters"
 mkdir -p "$COUNTER_DIR"
 COUNTER_FILE="$COUNTER_DIR/.tool-call-count-${SESSION_ID}"
-NEXO_DB="$NEXO_HOME/data/nexo.db"
+NEXO_DB="$DATA_DIR/nexo.db"
 
 # Increment counter (atomic: read+write in one step)
 COUNT=1

package/src/hooks/daily-briefing-check.sh

@@ -6,8 +6,13 @@
 # Frequency: Monday, Wednesday, Friday (3x/week)
 
 NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
-BRIEFING_FILE="$NEXO_HOME/operations/.briefing-last-sent"
-FLAG_FILE="$NEXO_HOME/operations/.briefing-pending"
+OPERATIONS_DIR="$NEXO_HOME/runtime/operations"
+if [ ! -d "$OPERATIONS_DIR" ] && [ -d "$NEXO_HOME/operations" ]; then
+    OPERATIONS_DIR="$NEXO_HOME/operations"
+fi
+mkdir -p "$OPERATIONS_DIR"
+BRIEFING_FILE="$OPERATIONS_DIR/.briefing-last-sent"
+FLAG_FILE="$OPERATIONS_DIR/.briefing-pending"
 TODAY=$(date +%Y-%m-%d)
 HOUR=$(date +%H)
 DOW=$(date +%u)  # 1=Monday, 7=Sunday

package/src/hooks/heartbeat-enforcement.py

@@ -18,7 +18,20 @@ import sys
 import time
 from pathlib import Path
 
-STATE_FILE = Path(os.environ.get("NEXO_HOME", Path.home() / ".nexo")) / "operations" / ".heartbeat-state.json"
+try:
+    import paths
+except ModuleNotFoundError as exc:
+    if getattr(exc, "name", "") != "paths":
+        raise
+
+    class _PathsFallback:
+        @staticmethod
+        def operations_dir():
+            return Path(os.environ.get("NEXO_HOME", Path.home() / ".nexo")) / "operations"
+
+    paths = _PathsFallback()
+
+STATE_FILE = paths.operations_dir() / ".heartbeat-state.json"
 THRESHOLD = 2
 HEARTBEAT_TOOL = "nexo_heartbeat"
 SKIP_TOOLS = {"nexo_startup", "nexo_stop", "nexo_smart_startup"}

package/src/hooks/heartbeat-posttool.sh

@@ -9,6 +9,8 @@ NEXO_HOME="${NEXO_HOME:-$HOME/.nexo}"
 HELPER=""
 if [ -n "${NEXO_CODE:-}" ] && [ -f "${NEXO_CODE%/}/hooks/heartbeat-enforcement.py" ]; then
     HELPER="${NEXO_CODE%/}/hooks/heartbeat-enforcement.py"
+elif [ -f "$NEXO_HOME/core/hooks/heartbeat-enforcement.py" ]; then
+    HELPER="$NEXO_HOME/core/hooks/heartbeat-enforcement.py"
 elif [ -f "$NEXO_HOME/hooks/heartbeat-enforcement.py" ]; then
     HELPER="$NEXO_HOME/hooks/heartbeat-enforcement.py"
 fi