nexo-brain 7.1.7 → 7.1.10

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.7",
+  "version": "7.1.10",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,9 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.1.7` is the current packaged-runtime line. It hardens operator-facing email automation language: `email-monitor` now carries the calibrated operator language through its prompt contract and localizes direct `needs_interactive` escalation emails, so Spanish operators stop receiving fallback English monitor mail. No coordinated Desktop release was needed for this patch; the fix lives in Brain.
+Version `7.1.10` is the current packaged-runtime line. It is a follow-up over v7.1.8 that ships two rescue batches of WIP that were stashed aside during the v7.1.8 release window. First rescue: `src/autonomy_mandate.py` expands the mandate-detection vocabulary (hazlo todo / no pares / estás al mando / te dejo al mando / sigue sin parar / haz el plan completo), adds three honest flags on `MandateState` (`execute_until_blocker`, `suppress_mid_task_menus`, `revalidate_after_compaction`) with session filtering, wires post/pre-compact hooks that read those flags, surfaces them through protocol/workflow handlers and session payload, and introduces the new `src/checkpoint_policy.py` module with tests. Second rescue: `scripts/verify_release_readiness.py` gains a smoke-artifact contract pass that validates `release-contracts/smoke/v<version>.json` before any tag push, the release-final audit skill references the new contract, `src/hook_guardrails.py` + `src/hooks/post_tool_use.py` refine the post-tool protocol reminder path with a new contract test, and a couple of core prompts (task-close evidence, r14 correction learning) get wording polish. Both rescues are orthogonal to v7.1.8 and fully covered by tests.
+
+Previously in `7.1.8`: batch release over v7.1.7 consolidating the Block K Guardian/Enforcer roadmap (auto-drain of stale `protocol_debt` rows, destructive-command pre-tool gate, `guard_check`-required gate, inline guard ack on `nexo_task_open`, Guardian Health in the morning briefing) with Block D hardcode cleanup (classifier-backed `backfill_task_owner`, migration v50 supersedes the duplicate NEXO-product learning pair, new semantic-hardcodes audit) and Block E product guards (LaunchAgent plist protection, agent-name fallbacks no longer leak the product identity, `francisco_emails` removed from the email-config dict export, `runner-health-check.py` + `nexo_personal_automation.py` promoted from personal to core).
 
 Previously in `7.0.1`: hotfix over v7.0.0 (db._core.DB_PATH was only caller still hardcoded to legacy ~/.nexo/data/nexo.db; every shared-DB command silently returned empty results post-migration). Previously in `7.0.0`: **BREAKING — Plan Consolidado fase F0.6**: physical separation of the runtime tree into `~/.nexo/{core,personal,runtime}/`. The flat layout (`~/.nexo/scripts/`, `brain/`, `data/`, `operations/`, ...) is gone. Operators on v6.x are auto-migrated on first `nexo update`; fresh installs land directly in the new tree. New `paths.py` helpers are transition-aware.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.7",
+  "version": "7.1.10",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/auto_update.py

@@ -3007,10 +3007,11 @@ def _check_npm_version() -> str | None:
             return None
         if latest != current and not current.endswith(latest):
             try:
-                from user_context import get_context
-                _name = get_context().assistant_name
+                from user_context import get_context, DEFAULT_ASSISTANT_NAME
+                _name = get_context().assistant_name or DEFAULT_ASSISTANT_NAME
             except Exception:
-                _name = "NEXO"
+                from user_context import DEFAULT_ASSISTANT_NAME
+                _name = DEFAULT_ASSISTANT_NAME
             return f"{_name} update available: {current} -> {latest}. Run: npm update -g {pkg_name}"
     except Exception:
         pass
@@ -3385,12 +3386,17 @@ def _find_user_claude_md() -> Path | None:
 
 def _resolve_placeholders(template_text: str) -> str:
     """Fill {{NAME}} and {{NEXO_HOME}} from the user's existing CLAUDE.md or config."""
-    # Read operator name from calibration/version
+    # Read operator name from calibration/version. The fallback must never be a
+    # reserved product identity ("NEXO", "NEXO Brain", "NEXO Desktop"); those
+    # are rejected by desktop_bridge.RESERVED_ASSISTANT_NAME_VALUES and leaking
+    # them into the managed CLAUDE.md would conflate the agent (Nova/Nero/etc.)
+    # with the product itself.
     try:
-        from user_context import get_context
-        name = get_context().assistant_name
+        from user_context import get_context, DEFAULT_ASSISTANT_NAME
+        name = get_context().assistant_name or DEFAULT_ASSISTANT_NAME
     except Exception:
-        name = "NEXO"
+        from user_context import DEFAULT_ASSISTANT_NAME
+        name = DEFAULT_ASSISTANT_NAME
 
     return (
         template_text

package/src/autonomy_mandate.py

@@ -45,8 +45,15 @@ MARKERS = (
     "autonomía total",
     "autonomia total",
     "sin esperas",
+    "hazlo todo",
     "todo ya",
+    "no pares",
+    "estás al mando",
+    "estas al mando",
+    "te dejo al mando",
     "no esperes",
+    "sigue sin parar",
+    "haz el plan completo",
     "no te escondas",
     "llevo 3 veces",
     "lo quiero ya",
@@ -81,6 +88,9 @@ class MandateState:
     expires_at: float
     marker: str
     source: str
+    execute_until_blocker: bool = True
+    suppress_mid_task_menus: bool = True
+    revalidate_after_compaction: bool = True
 
     def remaining_seconds(self, now: Optional[float] = None) -> float:
         now = time.time() if now is None else now
@@ -94,6 +104,9 @@ class MandateState:
             "expires_at": self.expires_at,
             "marker": self.marker,
             "source": self.source,
+            "execute_until_blocker": self.execute_until_blocker,
+            "suppress_mid_task_menus": self.suppress_mid_task_menus,
+            "revalidate_after_compaction": self.revalidate_after_compaction,
         }
 
 
@@ -137,6 +150,9 @@ def load_state() -> Optional[MandateState]:
             expires_at=float(raw.get("expires_at", 0.0)),
             marker=str(raw.get("marker", "")),
             source=str(raw.get("source", "")),
+            execute_until_blocker=bool(raw.get("execute_until_blocker", True)),
+            suppress_mid_task_menus=bool(raw.get("suppress_mid_task_menus", True)),
+            revalidate_after_compaction=bool(raw.get("revalidate_after_compaction", True)),
         )
     except (TypeError, ValueError):
         return None
@@ -150,6 +166,9 @@ def set_mandate(
     marker: str,
     source: str = "manual",
     ttl_seconds: int = DEFAULT_TTL_SECONDS,
+    execute_until_blocker: bool = True,
+    suppress_mid_task_menus: bool = True,
+    revalidate_after_compaction: bool = True,
 ) -> MandateState:
     _ensure_dir()
     now = time.time()
@@ -160,6 +179,9 @@ def set_mandate(
         expires_at=now + max(60, int(ttl_seconds)),
         marker=marker,
         source=source,
+        execute_until_blocker=bool(execute_until_blocker),
+        suppress_mid_task_menus=bool(suppress_mid_task_menus),
+        revalidate_after_compaction=bool(revalidate_after_compaction),
     )
     STATE_PATH.write_text(json.dumps(st.to_dict(), ensure_ascii=False, indent=2))
     return st
@@ -196,6 +218,46 @@ def maybe_ingest_from_text(
     )
 
 
+def _state_applies_to_session(state: MandateState, session_id: str = "") -> bool:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return True
+    return not state.session_id or state.session_id == clean_sid
+
+
+def is_execute_until_blocker_active(
+    session_id: str = "",
+    state: Optional[MandateState] = None,
+) -> bool:
+    st = state if state is not None else load_state()
+    if st is None or not _state_applies_to_session(st, session_id):
+        return False
+    return bool(st.active and st.execute_until_blocker)
+
+
+def format_execution_latch_notice(
+    session_id: str = "",
+    state: Optional[MandateState] = None,
+) -> str:
+    st = state if state is not None else load_state()
+    if st is None or not _state_applies_to_session(st, session_id):
+        return ""
+    if not st.active or not st.execute_until_blocker:
+        return ""
+
+    lines = [
+        (
+            "EXECUTION MODE: execute-until-blocker active "
+            f"(marker='{st.marker}', source={st.source})."
+        ),
+        "Do not stop for option menus, reprioritization, summaries, or audits.",
+        "Pause only for a real blocker, an explicit approval gate, or a requested report.",
+    ]
+    if st.revalidate_after_compaction:
+        lines.append("Re-validate this latch after compaction and continue from the stored next step.")
+    return "\n".join(lines)
+
+
 def _description_has_exception(description: str, exception: str) -> bool:
     haystack = f"{description or ''}\n{exception or ''}".lower()
     return any(kw in haystack for kw in EXCEPTION_KEYWORDS)

package/src/checkpoint_policy.py

@@ -0,0 +1,302 @@
+"""Durable checkpoint policy for long-running multi-step work.
+
+This module turns task/workflow milestones into a small persistent state file
+and periodically flushes that state into ``session_checkpoints`` so compaction
+and phase switches recover a richer next-step snapshot than the heartbeat-only
+goal stub.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+
+NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
+STATE_PATH = NEXO_HOME / "runtime" / "data" / "durable_checkpoint_state.json"
+DEFAULT_MILESTONE_INTERVAL = 3
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+
+def _ensure_dir() -> None:
+    STATE_PATH.parent.mkdir(parents=True, exist_ok=True)
+
+
+def _load_all() -> dict[str, dict[str, Any]]:
+    try:
+        raw = json.loads(STATE_PATH.read_text())
+    except FileNotFoundError:
+        return {}
+    except (OSError, json.JSONDecodeError):
+        return {}
+    return raw if isinstance(raw, dict) else {}
+
+
+def _save_all(payload: dict[str, dict[str, Any]]) -> None:
+    _ensure_dir()
+    STATE_PATH.write_text(json.dumps(payload, ensure_ascii=False, indent=2, sort_keys=True))
+
+
+def _blank_session_state(session_id: str) -> dict[str, Any]:
+    return {
+        "session_id": session_id,
+        "milestone_count": 0,
+        "updated_at": _now_iso(),
+        "last_reason": "",
+        "task": "",
+        "task_status": "active",
+        "active_files": [],
+        "current_goal": "",
+        "decisions_summary": "",
+        "blockers": "",
+        "reasoning_thread": "",
+        "next_step": "",
+        "last_flushed_at": "",
+        "last_flush_reason": "",
+    }
+
+
+def _coalesce_text(new_value: str, old_value: str = "") -> str:
+    clean = str(new_value or "").strip()
+    return clean or str(old_value or "").strip()
+
+
+def _normalize_active_files(active_files: Any) -> list[str]:
+    if active_files is None:
+        return []
+    if isinstance(active_files, str):
+        stripped = active_files.strip()
+        if not stripped:
+            return []
+        if stripped.startswith("["):
+            try:
+                parsed = json.loads(stripped)
+            except json.JSONDecodeError:
+                parsed = [part.strip() for part in stripped.split(",") if part.strip()]
+        else:
+            parsed = [part.strip() for part in stripped.split(",") if part.strip()]
+    elif isinstance(active_files, (list, tuple, set)):
+        parsed = list(active_files)
+    else:
+        parsed = [str(active_files).strip()]
+
+    seen: list[str] = []
+    for item in parsed:
+        clean = str(item or "").strip()
+        if clean and clean not in seen:
+            seen.append(clean)
+    return seen
+
+
+def _session_state(all_state: dict[str, dict[str, Any]], session_id: str) -> dict[str, Any]:
+    existing = all_state.get(session_id)
+    if not isinstance(existing, dict):
+        return _blank_session_state(session_id)
+    base = _blank_session_state(session_id)
+    base.update(existing)
+    base["session_id"] = session_id
+    base["active_files"] = _normalize_active_files(base.get("active_files"))
+    try:
+        base["milestone_count"] = max(0, int(base.get("milestone_count", 0)))
+    except (TypeError, ValueError):
+        base["milestone_count"] = 0
+    return base
+
+
+def _extract_active_files_from_payload(payload: dict[str, Any] | None) -> list[str]:
+    if not isinstance(payload, dict):
+        return []
+    for key in ("active_files", "files", "tracked_files"):
+        files = _normalize_active_files(payload.get(key))
+        if files:
+            return files
+    return []
+
+
+def _flush_state(
+    all_state: dict[str, dict[str, Any]],
+    session_id: str,
+    state: dict[str, Any],
+    *,
+    reason: str,
+) -> dict[str, Any]:
+    from db import save_checkpoint
+
+    decisions_summary = _coalesce_text(state.get("decisions_summary", ""))
+    if reason:
+        reason_note = f"checkpoint_reason={reason}"
+        decisions_summary = f"{decisions_summary} | {reason_note}".strip(" |")
+
+    active_files = _normalize_active_files(state.get("active_files"))
+    save_result = save_checkpoint(
+        sid=session_id,
+        task=_coalesce_text(state.get("task", ""), state.get("current_goal", "")),
+        task_status=_coalesce_text(state.get("task_status", ""), "active"),
+        active_files=json.dumps(active_files, ensure_ascii=False),
+        current_goal=_coalesce_text(state.get("current_goal", ""), state.get("task", "")),
+        decisions_summary=decisions_summary,
+        errors_found=_coalesce_text(state.get("blockers", "")),
+        reasoning_thread=_coalesce_text(state.get("reasoning_thread", "")),
+        next_step=_coalesce_text(state.get("next_step", "")),
+    )
+
+    state["active_files"] = active_files
+    state["milestone_count"] = 0
+    state["last_flushed_at"] = _now_iso()
+    state["last_flush_reason"] = reason
+    state["updated_at"] = _now_iso()
+    all_state[session_id] = state
+    _save_all(all_state)
+    return {
+        "ok": True,
+        "checkpoint_written": True,
+        "session_id": session_id,
+        "milestone_count": 0,
+        "last_flush_reason": reason,
+        "compaction_count": save_result.get("compaction_count", 0),
+    }
+
+
+def record_milestone(
+    session_id: str,
+    *,
+    reason: str,
+    task: str = "",
+    task_status: str = "active",
+    active_files: Any = None,
+    current_goal: str = "",
+    decisions_summary: str = "",
+    blockers: str = "",
+    reasoning_thread: str = "",
+    next_step: str = "",
+    interval: int = DEFAULT_MILESTONE_INTERVAL,
+    force_flush: bool = False,
+) -> dict[str, Any]:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return {"ok": False, "error": "session_id is required"}
+
+    all_state = _load_all()
+    state = _session_state(all_state, clean_sid)
+
+    state["last_reason"] = str(reason or "").strip()
+    state["updated_at"] = _now_iso()
+    state["task"] = _coalesce_text(task, state.get("task", ""))
+    state["task_status"] = _coalesce_text(task_status, state.get("task_status", "active"))
+    state["current_goal"] = _coalesce_text(current_goal, state.get("current_goal", ""))
+    state["decisions_summary"] = _coalesce_text(decisions_summary, state.get("decisions_summary", ""))
+    state["blockers"] = _coalesce_text(blockers, state.get("blockers", ""))
+    state["reasoning_thread"] = _coalesce_text(reasoning_thread, state.get("reasoning_thread", ""))
+    state["next_step"] = _coalesce_text(next_step, state.get("next_step", ""))
+
+    files = _normalize_active_files(active_files)
+    if files:
+        state["active_files"] = files
+
+    state["milestone_count"] = max(0, int(state.get("milestone_count", 0))) + 1
+    all_state[clean_sid] = state
+
+    flush_every = max(1, int(interval or DEFAULT_MILESTONE_INTERVAL))
+    if force_flush or state["milestone_count"] >= flush_every:
+        return _flush_state(all_state, clean_sid, state, reason=str(reason or "").strip())
+
+    _save_all(all_state)
+    return {
+        "ok": True,
+        "checkpoint_written": False,
+        "session_id": clean_sid,
+        "milestone_count": state["milestone_count"],
+        "flush_interval": flush_every,
+        "pending_reason": state["last_reason"],
+    }
+
+
+def force_runtime_checkpoint(session_id: str, *, reason: str = "pre-compact") -> dict[str, Any]:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return {"ok": False, "error": "session_id is required"}
+
+    from db import get_db, read_checkpoint
+
+    all_state = _load_all()
+    state = _session_state(all_state, clean_sid)
+    conn = get_db()
+
+    session_row = conn.execute(
+        "SELECT task FROM sessions WHERE sid = ? LIMIT 1",
+        (clean_sid,),
+    ).fetchone()
+    existing_checkpoint = read_checkpoint(clean_sid) or {}
+    workflow_row = conn.execute(
+        """SELECT goal, status, current_step_key, next_action, shared_state
+           FROM workflow_runs
+           WHERE session_id = ?
+           ORDER BY updated_at DESC LIMIT 1""",
+        (clean_sid,),
+    ).fetchone()
+
+    workflow_state: dict[str, Any] = {}
+    if workflow_row and workflow_row["shared_state"]:
+        try:
+            parsed = json.loads(workflow_row["shared_state"])
+            if isinstance(parsed, dict):
+                workflow_state = parsed
+        except json.JSONDecodeError:
+            workflow_state = {}
+
+    workflow_blocker = ""
+    if workflow_row and workflow_row["status"] in {"blocked", "waiting_approval"}:
+        workflow_blocker = (
+            f"Workflow {workflow_row['status']} at "
+            f"{workflow_row['current_step_key'] or 'current-step'}"
+        )
+
+    merged_files = (
+        _normalize_active_files(state.get("active_files"))
+        or _extract_active_files_from_payload(workflow_state)
+        or _normalize_active_files(existing_checkpoint.get("active_files"))
+    )
+
+    state["task"] = _coalesce_text(
+        state.get("task", ""),
+        (session_row["task"] if session_row else "") or existing_checkpoint.get("task", ""),
+    )
+    state["current_goal"] = _coalesce_text(
+        state.get("current_goal", ""),
+        (workflow_row["goal"] if workflow_row else "") or existing_checkpoint.get("current_goal", "") or state.get("task", ""),
+    )
+    state["decisions_summary"] = _coalesce_text(
+        state.get("decisions_summary", ""),
+        existing_checkpoint.get("decisions_summary", "") or f"Forced durable checkpoint before {reason}.",
+    )
+    current_blockers = _coalesce_text(
+        state.get("blockers", ""),
+        existing_checkpoint.get("errors_found", ""),
+    )
+    if workflow_blocker:
+        if workflow_blocker not in current_blockers:
+            current_blockers = f"{workflow_blocker} | {current_blockers}".strip(" |")
+    state["blockers"] = current_blockers
+    state["reasoning_thread"] = _coalesce_text(
+        state.get("reasoning_thread", ""),
+        existing_checkpoint.get("reasoning_thread", "") or f"Auto-flushed by checkpoint_policy ({reason}).",
+    )
+    state["next_step"] = _coalesce_text(
+        state.get("next_step", ""),
+        (workflow_row["next_action"] if workflow_row else "") or existing_checkpoint.get("next_step", ""),
+    )
+    state["task_status"] = _coalesce_text(
+        state.get("task_status", ""),
+        (workflow_row["status"] if workflow_row else "") or existing_checkpoint.get("task_status", "") or "active",
+    )
+    state["active_files"] = merged_files
+    state["updated_at"] = _now_iso()
+    state["last_reason"] = reason
+    all_state[clean_sid] = state
+    return _flush_state(all_state, clean_sid, state, reason=reason)

package/src/classifier_local.py

@@ -11,7 +11,12 @@ Contract:
         "lo hemos dejado, ya estaría",
         labels=("done_claim", "status_update", "question", "noise"),
     )
-    result == {"label": "done_claim", "confidence": 0.87, "scores": {...}}
+    # result is a ``ClassificationResult`` dataclass (see below):
+    #   result.label       == "done_claim"
+    #   result.confidence  == 0.87
+    #   result.scores      == {"done_claim": 0.87, ...}
+    # The dataclass keeps attribute access + ``asdict()`` compatibility
+    # for callers that previously consumed it as a dict.
 
 When transformers is not installed or the download fails (offline),
 `classify` returns `None` and `classify_fail_closed` returns a

package/src/cli.py

@@ -1755,6 +1755,21 @@ def _terminal_client_label(client: str) -> str:
 
 
 def _ordered_available_terminal_clients(preferences: dict, detected: dict) -> list[str]:
+    """Return the terminal clients we should offer the operator, in priority order.
+
+    Policy:
+      1. Clients that are BOTH detected installed AND enabled in preferences
+         keep their priority (``last_used`` → ``default`` → TERMINAL_CLIENT_ORDER).
+      2. If that primary list ends up with ≤1 choice, we also surface every
+         other DETECTED-INSTALLED client even when it is not yet marked
+         ``enabled`` in preferences. Rationale (bug Francisco 2026-04-22):
+         operators with both Claude Code and Codex installed were being
+         dropped straight into whichever one was last used (or the only one
+         ever enabled) with no chance to pick. ``nexo chat`` must offer the
+         picker whenever more than one interactive client is available on
+         the machine; the preferences flag stays as a *priority* signal, not
+         as a hard filter that hides a legitimately installed CLI.
+    """
     enabled = preferences.get("interactive_clients", {})
     last_used = str(preferences.get("last_terminal_client", "")).strip()
     preferred = str(preferences.get("default_terminal_client", "")).strip()
@@ -1764,11 +1779,22 @@ def _ordered_available_terminal_clients(preferences: dict, detected: dict) -> li
         if client in TERMINAL_CLIENT_ORDER and client not in ordered:
             ordered.append(client)
 
-    return [
+    primary = [
         client
         for client in ordered
         if enabled.get(client, False) and detected.get(client, {}).get("installed", False)
     ]
+    if len(primary) <= 1:
+        # Surface additional installed clients so the operator gets to pick
+        # whenever there is a genuine competing install on disk. We preserve
+        # the priority order built above so the picker still highlights the
+        # last-used/default client first.
+        for client in ordered:
+            if client in primary:
+                continue
+            if detected.get(client, {}).get("installed", False):
+                primary.append(client)
+    return primary
 
 
 def _preferred_terminal_client_label(preferences: dict, clients: list[str]) -> str:

package/src/db/_email_accounts.py

@@ -78,6 +78,22 @@ def add_email_account(
         raise ValueError("label and email are required")
     if role not in VALID_ROLES:
         raise ValueError(f"role must be one of {VALID_ROLES}, got {role!r}")
+    # AUDITOR-3RDPASS §Risk 3: the SELECT (``get_email_account``) and the
+    # follow-up INSERT ... ON CONFLICT DO UPDATE below used to run as two
+    # independent statements on the shared connection. A concurrent writer
+    # (Desktop + cron overlap) could slip a metadata mutation between them
+    # and get silently overwritten by whatever ``existing.get("metadata")``
+    # we captured here. Wrap the read-modify-write in ``BEGIN IMMEDIATE``
+    # so the row is pinned against concurrent writers for the duration of
+    # the upsert. WAL mode still lets readers through, so no lock storm.
+    conn = _get_db()
+    try:
+        conn.execute("BEGIN IMMEDIATE")
+        _owns_txn = True
+    except Exception:
+        # Already inside a transaction (e.g. caller wrapped the whole flow);
+        # trust the caller's boundary instead of nesting an IMMEDIATE.
+        _owns_txn = False
     existing = get_email_account(label) or {}
     clean_account_type = str(account_type or existing.get("account_type") or "agent").strip().lower()
     if clean_account_type not in VALID_ACCOUNT_TYPES:
@@ -166,7 +182,10 @@ def add_email_account(
             now,
         ),
     )
-    conn.commit()
+    # Only commit/close the transaction we opened ourselves. Callers that
+    # already wrapped the flow in their own transaction must keep control.
+    if _owns_txn:
+        conn.commit()
     return get_email_account(label) or {}
 
 

package/src/db/_schema.py

@@ -1222,6 +1222,75 @@ def _m45_personal_scripts_origin(conn):
     _migrate_add_index(conn, "idx_personal_scripts_origin", "personal_scripts", "origin")
 
 
+def _m49_protocol_guard_ack_backfill(conn):
+    """Backfill protocol guard-ack columns for installs that already marked
+    migration v22 as applied before those columns were added to the migration
+    body.
+
+    This must remain a standalone migration instead of reusing v22 because
+    real runtimes can legitimately sit at schema version 48 with an older
+    ``protocol_tasks`` shape. Re-running ``init_db()`` skips v22 once it is
+    recorded in ``schema_migrations``, so the missing columns never land
+    without a new version.
+    """
+    _migrate_add_column(conn, "protocol_tasks", "guard_acknowledged", "INTEGER NOT NULL DEFAULT 0")
+    _migrate_add_column(conn, "protocol_tasks", "guard_acknowledged_at", "TEXT DEFAULT NULL")
+
+
+def _m50_dedupe_nexo_product_learning_pair(conn):
+    """Block D.2 / G7-adjacent: dedupe the two learnings that encode the
+    "NEXO Brain producto público vs instancia personal de Francisco"
+    invariant as a physically separate pair.
+
+    Francisco's runtime has this concept stored twice (historical IDs 212
+    and 224). Guard dedup already collapses them at display time, but
+    the underlying rows stayed split, so list/search/update flows still
+    saw two rows. Physically supersede the older one by pointing its
+    ``supersedes_id`` at the newer duplicate and flipping its status to
+    ``superseded``. Anything newer than both is left untouched.
+
+    Idempotent. Fresh installs that never created either row silently
+    do nothing; installs where an operator has already set the relation
+    manually do nothing. The migration matches on a text-normalised form
+    of the title so synonymous wording on both rows is enough — we don't
+    need identical strings, and we don't need the IDs to literally be
+    212 and 224.
+    """
+    try:
+        rows = conn.execute(
+            "SELECT id, title, content, status, supersedes_id FROM learnings "
+            "WHERE status = 'active'"
+        ).fetchall()
+    except Exception:
+        return
+
+    def _norm(text: str) -> str:
+        # Collapse whitespace and strip punctuation/case so "NEXO Brain
+        # producto público vs instancia personal" matches its twin no
+        # matter how the operator rephrased it.
+        import re as _re
+        stripped = _re.sub(r"[\W_]+", " ", str(text or "")).strip().lower()
+        return _re.sub(r"\s+", " ", stripped)
+
+    marker = "nexo brain producto"
+    candidates = [r for r in rows if marker in _norm(r[1] or "")]
+    # Need at least two rows for this migration to do anything.
+    if len(candidates) < 2:
+        return
+    # Sort by id ascending; the highest id is the canonical survivor.
+    candidates.sort(key=lambda r: int(r[0] or 0))
+    survivor = candidates[-1]
+    for older in candidates[:-1]:
+        older_id = int(older[0] or 0)
+        if int(older[4] or 0) == int(survivor[0] or 0):
+            continue  # already linked
+        conn.execute(
+            "UPDATE learnings SET supersedes_id = ?, status = 'superseded', "
+            "updated_at = strftime('%s','now') WHERE id = ? AND status = 'active'",
+            (int(survivor[0] or 0), older_id),
+        )
+
+
 def _m44_entities_extended_schema(conn):
     """Plan Consolidado 0.3 — extend entities with aliases/metadata/source/confidence/access_mode.
 
@@ -1291,6 +1360,8 @@ MIGRATIONS = [
     (46, "email_accounts", _m46_email_accounts),
     (47, "email_operator_accounts", _m47_email_operator_accounts),
     (48, "email_agent_contract_backfill", _m48_email_agent_contract_backfill),
+    (49, "protocol_guard_ack_backfill", _m49_protocol_guard_ack_backfill),
+    (50, "dedupe_nexo_product_learning_pair", _m50_dedupe_nexo_product_learning_pair),
 ]