nexo-brain 7.1.10 → 7.3.0

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.10",
+  "version": "7.3.0",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.1.10` is the current packaged-runtime line. It is a follow-up over v7.1.8 that ships two rescue batches of WIP that were stashed aside during the v7.1.8 release window. First rescue: `src/autonomy_mandate.py` expands the mandate-detection vocabulary (hazlo todo / no pares / estás al mando / te dejo al mando / sigue sin parar / haz el plan completo), adds three honest flags on `MandateState` (`execute_until_blocker`, `suppress_mid_task_menus`, `revalidate_after_compaction`) with session filtering, wires post/pre-compact hooks that read those flags, surfaces them through protocol/workflow handlers and session payload, and introduces the new `src/checkpoint_policy.py` module with tests. Second rescue: `scripts/verify_release_readiness.py` gains a smoke-artifact contract pass that validates `release-contracts/smoke/v<version>.json` before any tag push, the release-final audit skill references the new contract, `src/hook_guardrails.py` + `src/hooks/post_tool_use.py` refine the post-tool protocol reminder path with a new contract test, and a couple of core prompts (task-close evidence, r14 correction learning) get wording polish. Both rescues are orthogonal to v7.1.8 and fully covered by tests.
+Version `7.3.0` is the current packaged-runtime line. Hotfix minor release correcting three critical bugs that surfaced right after v7.2.0. B11 Guardian wire: new `src/hooks/pre_tool_use.py` entrypoint is now registered in `src/hooks/manifest.json` and `hooks/hooks.json` so the Claude Code PreToolUse event actually reaches Guardian — before this, `guardian-runtime-overrides.json` in hard mode was silently inert for G3-destructive, G3-SSH, and G4-guard_check gates. A parallel SSH prescreen in `hook_guardrails.process_pre_tool_event` forces `op=write` on remote-write patterns the local shell classifier could not see. B10 post-sync: `_run_post_install_hooks_fresh(dest, env)` invokes each whitelisted hook (`_persist_guardian_hard_defaults`, `_maybe_promote_adaptive_weights_empirically`) in a clean subprocess against the newly copied tree, so the first `nexo update` that introduces a new post-install hook actually runs it — previously the hook dispatch used the pre-upgrade module held in memory and silently no-op'd. B12 map distribution: `tool-enforcement-map.json` is now part of the npm `files` whitelist so fresh `npm install -g nexo-brain` ships it, closing the three-way gap (Brain npm + Desktop bundle + runtime sync) that prevented Desktop from ever discovering the map on new installs. Also ships the PE1 rapid items promised for this milestone: 5 additional `destructive_command` entries in `src/presets/entities_universal.json` (`curl_pipe_shell`, `dd_to_device`, `chmod_recursive_wide_open`, `ssh_remote_overwrite`, `scp_rsync_upload`; coverage floor raised from 7 to 12) and the `guardian-metrics` daily cron at 02:15 that feeds Fase C gate and the Guardian Proposals panel.
+
+Previously in `7.2.0`: minor release consolidating three parallel workstreams into a single Guardian-active-by-default train. Block K roadmap closure (G1 enforcer active, G3 SSH remote-write detector, `src/guardian_runtime_config.py` resolver, `_persist_guardian_hard_defaults` during `nexo update`). F0.6 hardening wave (`nexo rollback f06` CLI, `src/scripts/prune_runtime_backups.py` promoted to core, `docs/f06-layout-contract.md`, three new doctor boot-tier checks, `scripts/nexo-migrate-nora.sh` + `scripts/f0-safe-apply-remote.sh` idempotent migration). Adaptive weights flipped from "14-day calendar wait" to "14 days OR (≥200 samples AND ≥2 days)" with auto-promotion during `nexo update`. Small-fixes batch: R34 `bool("unknown")==True` fix, `classify_scripts_dir` dedup, B10 module-level path constants lazy-evaluated, schedule override audit log, `scripts/pre-release-verify.sh` + `docs/release-discipline.md`, pre-commit hook that blocks commits when `tool-enforcement-map.json` drifts from `src/plugins/`.
+
+Previously in `7.1.10`: follow-up over v7.1.8 that shipped two rescue batches of WIP stashed aside during the v7.1.8 release window. First rescue: `src/autonomy_mandate.py` expanded the mandate-detection vocabulary (hazlo todo / no pares / estás al mando / te dejo al mando / sigue sin parar / haz el plan completo), added three honest flags on `MandateState` (`execute_until_blocker`, `suppress_mid_task_menus`, `revalidate_after_compaction`) with session filtering, wired post/pre-compact hooks that read those flags, surfaced them through protocol/workflow handlers and session payload, and introduced the new `src/checkpoint_policy.py` module with tests. Second rescue: `scripts/verify_release_readiness.py` gained a smoke-artifact contract pass that validates `release-contracts/smoke/v<version>.json` before any tag push, the release-final audit skill references the new contract, `src/hook_guardrails.py` + `src/hooks/post_tool_use.py` refine the post-tool protocol reminder path with a new contract test, and a couple of core prompts (task-close evidence, r14 correction learning) got wording polish.
 
 Previously in `7.1.8`: batch release over v7.1.7 consolidating the Block K Guardian/Enforcer roadmap (auto-drain of stale `protocol_debt` rows, destructive-command pre-tool gate, `guard_check`-required gate, inline guard ack on `nexo_task_open`, Guardian Health in the morning briefing) with Block D hardcode cleanup (classifier-backed `backfill_task_owner`, migration v50 supersedes the duplicate NEXO-product learning pair, new semantic-hardcodes audit) and Block E product guards (LaunchAgent plist protection, agent-name fallbacks no longer leak the product identity, `francisco_emails` removed from the email-config dict export, `runner-health-check.py` + `nexo_personal_automation.py` promoted from personal to core).
 

package/hooks/hooks.json

@@ -40,6 +40,18 @@
         ]
       }
     ],
+    "PreToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "NEXO_HOME=\"${CLAUDE_PLUGIN_DATA}\" NEXO_CODE=\"${CLAUDE_PLUGIN_ROOT}/src\" python3 \"${CLAUDE_PLUGIN_ROOT}/src/hooks/pre_tool_use.py\"",
+            "timeout": 8
+          }
+        ]
+      }
+    ],
     "PostToolUse": [
       {
         "matcher": "*",

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.10",
+  "version": "7.3.0",
   "mcpName": "io.github.wazionapps/nexo",
-  "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
+  "description": "NEXO Brain \u2014 Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",
   "bin": {
     "nexo-brain": "./bin/nexo-brain.js",
@@ -89,6 +89,7 @@
     ".claude-plugin/",
     ".mcp.json",
     "hooks/hooks.json",
+    "tool-enforcement-map.json",
     "README.md",
     "LICENSE"
   ]

package/src/auto_update.py

@@ -389,25 +389,65 @@ def _write_last_check(data: dict):
 
 
 def _sync_watchdog_hash_registry():
-    """Keep the immutable-hash registry aligned with the installed watchdog script."""
+    """Keep the immutable-hash registry aligned with the installed watchdog script.
+
+    Folds any pre-F0.6 legacy registry at ``paths.legacy_watchdog_hashes_path()``
+    into the canonical F0.6 file and then drops the legacy artifact so a later
+    ``ls ~/.nexo/scripts/.watchdog-hashes`` is empty (unless ``~/.nexo/scripts``
+    is itself a symlink to the canonical dir, in which case both paths already
+    point at the same inode).
+    """
     try:
         watchdog_file = paths.core_scripts_dir() / "nexo-watchdog.sh"
         if not watchdog_file.exists():
             return
         registry_file = paths.core_scripts_dir() / ".watchdog-hashes"
+        legacy_registry_file = paths.legacy_watchdog_hashes_path()
         entries: dict[str, str] = {}
-        if registry_file.exists():
-            for line in registry_file.read_text().splitlines():
-                if "|" not in line:
-                    continue
-                filepath, expected = line.split("|", 1)
-                if filepath:
-                    entries[filepath] = expected
+
+        def _load(path: Path) -> None:
+            if not path.exists():
+                return
+            try:
+                for line in path.read_text().splitlines():
+                    if "|" not in line:
+                        continue
+                    filepath, expected = line.split("|", 1)
+                    if filepath:
+                        entries[filepath] = expected
+            except Exception as load_error:
+                _log(f"watchdog hash registry load error at {path}: {load_error}")
+
+        _load(registry_file)
+
+        legacy_is_canonical_alias = False
+        if legacy_registry_file.exists():
+            try:
+                legacy_is_canonical_alias = (
+                    registry_file.exists()
+                    and legacy_registry_file.resolve() == registry_file.resolve()
+                )
+            except Exception:
+                legacy_is_canonical_alias = False
+            if not legacy_is_canonical_alias:
+                _load(legacy_registry_file)
+
         actual_hash = hashlib.sha256(watchdog_file.read_bytes()).hexdigest()
         entries[str(watchdog_file)] = actual_hash
         registry_file.write_text(
             "\n".join(f"{filepath}|{digest}" for filepath, digest in sorted(entries.items())) + "\n"
         )
+
+        if (
+            legacy_registry_file.exists()
+            and not legacy_is_canonical_alias
+            and legacy_registry_file != registry_file
+        ):
+            try:
+                legacy_registry_file.unlink()
+                _log(f"watchdog hash registry migrated from legacy path: {legacy_registry_file}")
+            except Exception as unlink_error:
+                _log(f"watchdog hash registry legacy cleanup skipped: {unlink_error}")
     except Exception as e:
         _log(f"watchdog hash registry sync error: {e}")
 
@@ -4608,6 +4648,28 @@ def _run_runtime_post_sync(dest: Path = NEXO_HOME, progress_fn=None) -> tuple[bo
     except Exception as exc:
         actions.append(f"classifier-install-warning:{exc.__class__.__name__}")
 
+    # v7.3.0 fix for the post-v7.2.0 bug: ``_run_runtime_post_sync`` was
+    # invoking post-install hooks directly against the ``auto_update``
+    # module already loaded in this process (the OLD code). Any function
+    # added to auto_update in the CURRENT release therefore never ran on
+    # the first ``nexo update`` that introduced it — only on the next
+    # one. Exhibit A: v7.2.0 shipped ``_persist_guardian_hard_defaults``
+    # and ``_maybe_promote_adaptive_weights_empirically`` but
+    # ``guardian-runtime-overrides.json`` was not written on the operator's
+    # first upgrade until the functions were invoked manually.
+    #
+    # The fix runs those post-install hooks inside a clean Python
+    # subprocess that imports from the freshly-copied tree at
+    # ``dest/core`` (packaged) or ``dest`` (dev/legacy layout). The
+    # subprocess emits a single JSON line so the parent process can
+    # record each hook's outcome in ``actions``.
+    try:
+        _emit_progress(progress_fn, "Running post-install hooks from fresh code...")
+        fresh_actions = _run_post_install_hooks_fresh(dest, env=env)
+        actions.extend(fresh_actions)
+    except Exception as exc:
+        actions.append(f"post-install-hooks-fresh-warning:{exc.__class__.__name__}")
+
     _emit_progress(progress_fn, "Verifying runtime imports...")
     verify = subprocess.run(
         [sys.executable, "-c", "import server"],
@@ -4655,6 +4717,286 @@ def _emit_progress(progress_fn, message: str) -> None:
             pass
 
 
+_GUARDIAN_PERSIST_HARD_DEFAULTS = {
+    "G1_ENFORCER_ACTIVE": "hard",
+    "G3_ENFORCE_DESTRUCTIVE": "hard",
+    "G3_SSH_ENFORCE_REMOTE_WRITE": "hard",
+    "G4_ENFORCE_GUARD_CHECK": "hard",
+}
+
+
+def _persist_guardian_hard_defaults(dest: Path) -> tuple[bool, str | None]:
+    """Write ``~/.nexo/config/guardian-runtime-overrides.json`` with the
+    v7.2.0 "Guardian-on by default" matrix so operators get the active
+    enforcer experience without setting env vars every shell.
+
+    Returns (persisted, message). ``persisted`` is True when the file was
+    written or updated during this call; False when we left it alone
+    (operator opt-out, or file already matches the defaults).
+
+    Contract:
+        - Operator opt-out with ``NEXO_GUARDIAN_PERSIST_HARD=off`` in env
+          at update time: leave the file untouched.
+        - Ephemeral runtimes: skip.
+        - Never overwrite a key the operator already customized to a
+          non-default value (``shadow`` / ``off`` / anything else). Only
+          fills missing keys or upgrades explicit defaults.
+    """
+    if _is_ephemeral_runtime_install(dest):
+        return False, "guardian-hard-persist-skipped:ephemeral"
+    if os.environ.get("NEXO_GUARDIAN_PERSIST_HARD", "").strip().lower() == "off":
+        return False, "guardian-hard-persist-skipped:operator-opt-out"
+
+    config_path = dest / "personal" / "config" / "guardian-runtime-overrides.json"
+    config_path.parent.mkdir(parents=True, exist_ok=True)
+
+    current: dict[str, str] = {}
+    if config_path.is_file():
+        try:
+            raw = json.loads(config_path.read_text())
+            if isinstance(raw, dict):
+                current = {str(k): str(v) for k, v in raw.items()}
+        except Exception:
+            # Malformed file — treat as empty. We write the fresh defaults
+            # and keep the malformed copy for the operator to inspect.
+            try:
+                config_path.rename(
+                    config_path.with_suffix(
+                        config_path.suffix + f".broken-{int(time.time())}"
+                    )
+                )
+            except Exception:
+                pass
+            current = {}
+
+    original = dict(current)
+    for key, default in _GUARDIAN_PERSIST_HARD_DEFAULTS.items():
+        if key not in current:
+            current[key] = default
+
+    if current == original and config_path.is_file():
+        return False, None
+
+    try:
+        tmp_path = config_path.with_suffix(config_path.suffix + ".tmp")
+        tmp_path.write_text(json.dumps(current, indent=2, ensure_ascii=False) + "\n")
+        tmp_path.replace(config_path)
+    except Exception as exc:  # pragma: no cover - filesystem failures
+        return False, f"guardian-hard-persist-error:{exc.__class__.__name__}"
+
+    return True, None
+
+
+from datetime import datetime as _adaptive_datetime  # isolated alias; other modules use ``time.time()``
+
+_ADAPTIVE_PROMOTE_MIN_SAMPLES = 200
+_ADAPTIVE_PROMOTE_MIN_DAYS = 2
+
+
+def _maybe_promote_adaptive_weights_empirically(dest: Path) -> tuple[bool, str | None]:
+    """Promote ``shadow_weights`` to ``learned_weights`` during ``nexo update``
+    when the install already has enough empirical signal.
+
+    Mirrors the empirical path in ``adaptive_mode.learn_weights`` (the
+    background learner cron). Without this, operators upgrading to v7.2.0
+    with a mature shadow dataset would still have to wait for the next
+    learner tick to feel the calibration — which can be hours or days.
+
+    Conditions to promote:
+        - adaptive_state.json exists and parses.
+        - ``shadow_weights`` dict is present.
+        - ``shadow_weights_samples >= 200`` AND the learner has been
+          running for at least 2 calendar days
+          (``learned_weights_first_date`` ≥ 2 days ago).
+        - ``learned_weights`` is absent or empty (never overwrite an
+          already-active set of weights).
+        - Operator opt-out flag ``NEXO_ADAPTIVE_EMPIRICAL_PROMOTION=off``
+          is NOT set. Same flag the learner already honours, so
+          operators who opted out stay opted out everywhere.
+
+    Returns ``(promoted, message)``:
+        - ``(True, None)``: weights were promoted, audit trail written.
+        - ``(False, None)``: no-op (no shadow data, not enough samples,
+          already promoted, or ephemeral install).
+        - ``(False, "adaptive-promote-skipped:<reason>")``: explicit skip
+          for the install log.
+    """
+    if _is_ephemeral_runtime_install(dest):
+        return False, "adaptive-promote-skipped:ephemeral"
+    if os.environ.get("NEXO_ADAPTIVE_EMPIRICAL_PROMOTION", "").strip().lower() == "off":
+        return False, "adaptive-promote-skipped:operator-opt-out"
+
+    state_path = dest / "personal" / "brain" / "adaptive_state.json"
+    if not state_path.is_file():
+        # Fall back to the legacy pre-F0.6 location for half-migrated
+        # installs; the migrator will eventually move it.
+        legacy = dest / "brain" / "adaptive_state.json"
+        if legacy.is_file():
+            state_path = legacy
+        else:
+            return False, None  # no data yet — nothing to promote
+
+    try:
+        raw = json.loads(state_path.read_text())
+    except Exception:
+        return False, "adaptive-promote-skipped:state-parse-error"
+    if not isinstance(raw, dict):
+        return False, "adaptive-promote-skipped:state-not-dict"
+
+    learned = raw.get("learned_weights")
+    if isinstance(learned, dict) and learned:
+        return False, None  # already active — nothing to do
+
+    shadow = raw.get("shadow_weights")
+    if not isinstance(shadow, dict) or not shadow:
+        return False, None  # no shadow data yet
+
+    samples = 0
+    try:
+        samples = int(raw.get("shadow_weights_samples", 0) or 0)
+    except (TypeError, ValueError):
+        samples = 0
+    if samples < _ADAPTIVE_PROMOTE_MIN_SAMPLES:
+        return False, None
+
+    first_date_raw = str(raw.get("learned_weights_first_date") or "").strip()
+    if not first_date_raw:
+        return False, None
+    try:
+        first_dt = _adaptive_datetime.strptime(first_date_raw[:19], "%Y-%m-%dT%H:%M:%S")
+    except ValueError:
+        return False, "adaptive-promote-skipped:first-date-parse-error"
+    days_since_first = (_adaptive_datetime.utcnow() - first_dt).days
+    if days_since_first < _ADAPTIVE_PROMOTE_MIN_DAYS:
+        return False, None
+
+    # Promote — deep-copy so callers holding references to the original
+    # dict don't see phantom mutations mid-update.
+    raw["learned_weights"] = {str(k): v for k, v in shadow.items()}
+    raw["learned_weights_date"] = _adaptive_datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S")
+    raw["learned_weights_samples"] = samples
+    raw["learned_weights_promoted_by"] = "nexo_update_empirical_v7_2_0"
+    raw["learned_weights_promoted_at"] = _adaptive_datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S")
+
+    try:
+        tmp_path = state_path.with_suffix(state_path.suffix + ".tmp")
+        tmp_path.write_text(json.dumps(raw, indent=2, ensure_ascii=False) + "\n")
+        tmp_path.replace(state_path)
+    except Exception as exc:  # pragma: no cover - filesystem failures
+        return False, f"adaptive-promote-error:{exc.__class__.__name__}"
+
+    return True, None
+
+
+# Whitelist of post-install hooks to invoke from the fresh tree. Each entry
+# is the function name inside ``auto_update.py`` of the freshly-copied
+# code. The subprocess resolves them on the NEW module and calls
+# ``fn(dest)`` returning ``(bool, str | None)``. New hooks added in
+# future releases only need an entry here — no extra wiring.
+_POST_INSTALL_FRESH_HOOKS = (
+    ("guardian-hard-persisted", "_persist_guardian_hard_defaults"),
+    ("adaptive-weights-promoted", "_maybe_promote_adaptive_weights_empirically"),
+)
+
+
+def _run_post_install_hooks_fresh(dest: Path, *, env: dict | None = None) -> list[str]:
+    """Execute post-install hooks from the freshly-copied code, not the old
+    module already loaded in this process.
+
+    Without this, any function added to ``auto_update.py`` in the current
+    release never runs on the first ``nexo update`` — only on the next
+    one. See the post-v7.2.0 bug: ``_persist_guardian_hard_defaults`` and
+    ``_maybe_promote_adaptive_weights_empirically`` both shipped in
+    v7.2.0 but neither fired until the operator ran the functions
+    manually.
+
+    Resolution order for the fresh code root:
+        1. ``<dest>/core`` (packaged/F0.6 layout).
+        2. ``<dest>`` (legacy/dev layout).
+
+    Subprocess contract: emits a single JSON line on stdout with per-hook
+    ``{"action": ..., "ok": bool, "changed": bool, "message": str|null}``.
+    Returns a list of action strings mirroring the shape the old in-process
+    path used, so callers that read ``actions`` keep working unchanged.
+    """
+    code_root = dest / "core"
+    if not code_root.is_dir():
+        code_root = dest
+    hook_specs = list(_POST_INSTALL_FRESH_HOOKS)
+    hook_specs_json = json.dumps(hook_specs)
+    dest_str = str(dest)
+    script = (
+        "import json, sys\n"
+        "from pathlib import Path\n"
+        f"sys.path.insert(0, {repr(str(code_root))})\n"
+        "hooks = json.loads(" + repr(hook_specs_json) + ")\n"
+        f"dest = Path({repr(dest_str)})\n"
+        "results = []\n"
+        "try:\n"
+        "    import auto_update as fresh\n"
+        "except Exception as exc:\n"
+        "    print(json.dumps({'error': 'import_auto_update_failed', 'detail': repr(exc)}))\n"
+        "    sys.exit(0)\n"
+        "for tag, fn_name in hooks:\n"
+        "    fn = getattr(fresh, fn_name, None)\n"
+        "    if fn is None:\n"
+        "        results.append({'action': tag, 'ok': False, 'changed': False, 'message': 'fn_missing:' + fn_name})\n"
+        "        continue\n"
+        "    try:\n"
+        "        changed, message = fn(dest)\n"
+        "        results.append({'action': tag, 'ok': True, 'changed': bool(changed), 'message': message})\n"
+        "    except Exception as exc:\n"
+        "        results.append({'action': tag, 'ok': False, 'changed': False, 'message': 'error:' + exc.__class__.__name__})\n"
+        "print(json.dumps({'hooks': results}))\n"
+    )
+    try:
+        proc = subprocess.run(
+            [sys.executable, "-c", script],
+            capture_output=True,
+            text=True,
+            timeout=60,
+            env=env or os.environ.copy(),
+        )
+    except subprocess.TimeoutExpired:
+        return ["post-install-hooks-fresh-warning:timeout"]
+    except Exception as exc:
+        return [f"post-install-hooks-fresh-warning:{exc.__class__.__name__}"]
+
+    if proc.returncode != 0:
+        return [f"post-install-hooks-fresh-warning:exit-{proc.returncode}"]
+
+    stdout = (proc.stdout or "").strip()
+    payload = None
+    for line in reversed(stdout.splitlines()):
+        line = line.strip()
+        if not line:
+            continue
+        try:
+            payload = json.loads(line)
+            break
+        except Exception:
+            continue
+    if not isinstance(payload, dict):
+        return ["post-install-hooks-fresh-warning:no-json-line"]
+    if "error" in payload:
+        return [f"post-install-hooks-fresh-warning:{payload['error']}"]
+
+    actions: list[str] = []
+    hooks_out = payload.get("hooks")
+    if not isinstance(hooks_out, list):
+        return ["post-install-hooks-fresh-warning:bad-shape"]
+    for entry in hooks_out:
+        if not isinstance(entry, dict):
+            continue
+        tag = str(entry.get("action") or "")
+        if entry.get("ok") and entry.get("changed"):
+            actions.append(tag)
+        message = entry.get("message")
+        if message:
+            actions.append(str(message))
+    return actions
+
+
 def _parse_runtime_init_payload(stdout: str) -> dict:
     """Extract the JSON payload emitted by the runtime init helper."""
     lines = [line.strip() for line in stdout.splitlines() if line.strip()]