nexo-brain 7.1.8 → 7.1.10

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.8",
+  "version": "7.1.10",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,9 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.1.8` is the current packaged-runtime line. It batches the Block K Guardian/Enforcer roadmap (auto-drain of stale `protocol_debt` rows, destructive-command pre-tool gate, `guard_check`-required gate, inline guard ack on `nexo_task_open`, Guardian Health in the morning briefing) with Block D hardcode cleanup (classifier-backed `backfill_task_owner`, migration v50 supersedes the duplicate NEXO-product learning pair, new semantic-hardcodes audit) and Block E product guards (LaunchAgent plist protection, agent-name fallbacks no longer leak the product identity, `francisco_emails` removed from the email-config dict export, `runner-health-check.py` + `nexo_personal_automation.py` promoted from personal to core). All new gates ship in shadow mode with env-flag rollout to `hard`. No coordinated Desktop release is required for this patch; Desktop consumers continue against the same CLI / MCP contract.
+Version `7.1.10` is the current packaged-runtime line. It is a follow-up over v7.1.8 that ships two rescue batches of WIP that were stashed aside during the v7.1.8 release window. First rescue: `src/autonomy_mandate.py` expands the mandate-detection vocabulary (hazlo todo / no pares / estás al mando / te dejo al mando / sigue sin parar / haz el plan completo), adds three honest flags on `MandateState` (`execute_until_blocker`, `suppress_mid_task_menus`, `revalidate_after_compaction`) with session filtering, wires post/pre-compact hooks that read those flags, surfaces them through protocol/workflow handlers and session payload, and introduces the new `src/checkpoint_policy.py` module with tests. Second rescue: `scripts/verify_release_readiness.py` gains a smoke-artifact contract pass that validates `release-contracts/smoke/v<version>.json` before any tag push, the release-final audit skill references the new contract, `src/hook_guardrails.py` + `src/hooks/post_tool_use.py` refine the post-tool protocol reminder path with a new contract test, and a couple of core prompts (task-close evidence, r14 correction learning) get wording polish. Both rescues are orthogonal to v7.1.8 and fully covered by tests.
+
+Previously in `7.1.8`: batch release over v7.1.7 consolidating the Block K Guardian/Enforcer roadmap (auto-drain of stale `protocol_debt` rows, destructive-command pre-tool gate, `guard_check`-required gate, inline guard ack on `nexo_task_open`, Guardian Health in the morning briefing) with Block D hardcode cleanup (classifier-backed `backfill_task_owner`, migration v50 supersedes the duplicate NEXO-product learning pair, new semantic-hardcodes audit) and Block E product guards (LaunchAgent plist protection, agent-name fallbacks no longer leak the product identity, `francisco_emails` removed from the email-config dict export, `runner-health-check.py` + `nexo_personal_automation.py` promoted from personal to core).
 
 Previously in `7.0.1`: hotfix over v7.0.0 (db._core.DB_PATH was only caller still hardcoded to legacy ~/.nexo/data/nexo.db; every shared-DB command silently returned empty results post-migration). Previously in `7.0.0`: **BREAKING — Plan Consolidado fase F0.6**: physical separation of the runtime tree into `~/.nexo/{core,personal,runtime}/`. The flat layout (`~/.nexo/scripts/`, `brain/`, `data/`, `operations/`, ...) is gone. Operators on v6.x are auto-migrated on first `nexo update`; fresh installs land directly in the new tree. New `paths.py` helpers are transition-aware.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.8",
+  "version": "7.1.10",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/autonomy_mandate.py

@@ -45,8 +45,15 @@ MARKERS = (
     "autonomía total",
     "autonomia total",
     "sin esperas",
+    "hazlo todo",
     "todo ya",
+    "no pares",
+    "estás al mando",
+    "estas al mando",
+    "te dejo al mando",
     "no esperes",
+    "sigue sin parar",
+    "haz el plan completo",
     "no te escondas",
     "llevo 3 veces",
     "lo quiero ya",
@@ -81,6 +88,9 @@ class MandateState:
     expires_at: float
     marker: str
     source: str
+    execute_until_blocker: bool = True
+    suppress_mid_task_menus: bool = True
+    revalidate_after_compaction: bool = True
 
     def remaining_seconds(self, now: Optional[float] = None) -> float:
         now = time.time() if now is None else now
@@ -94,6 +104,9 @@ class MandateState:
             "expires_at": self.expires_at,
             "marker": self.marker,
             "source": self.source,
+            "execute_until_blocker": self.execute_until_blocker,
+            "suppress_mid_task_menus": self.suppress_mid_task_menus,
+            "revalidate_after_compaction": self.revalidate_after_compaction,
         }
 
 
@@ -137,6 +150,9 @@ def load_state() -> Optional[MandateState]:
             expires_at=float(raw.get("expires_at", 0.0)),
             marker=str(raw.get("marker", "")),
             source=str(raw.get("source", "")),
+            execute_until_blocker=bool(raw.get("execute_until_blocker", True)),
+            suppress_mid_task_menus=bool(raw.get("suppress_mid_task_menus", True)),
+            revalidate_after_compaction=bool(raw.get("revalidate_after_compaction", True)),
         )
     except (TypeError, ValueError):
         return None
@@ -150,6 +166,9 @@ def set_mandate(
     marker: str,
     source: str = "manual",
     ttl_seconds: int = DEFAULT_TTL_SECONDS,
+    execute_until_blocker: bool = True,
+    suppress_mid_task_menus: bool = True,
+    revalidate_after_compaction: bool = True,
 ) -> MandateState:
     _ensure_dir()
     now = time.time()
@@ -160,6 +179,9 @@ def set_mandate(
         expires_at=now + max(60, int(ttl_seconds)),
         marker=marker,
         source=source,
+        execute_until_blocker=bool(execute_until_blocker),
+        suppress_mid_task_menus=bool(suppress_mid_task_menus),
+        revalidate_after_compaction=bool(revalidate_after_compaction),
     )
     STATE_PATH.write_text(json.dumps(st.to_dict(), ensure_ascii=False, indent=2))
     return st
@@ -196,6 +218,46 @@ def maybe_ingest_from_text(
     )
 
 
+def _state_applies_to_session(state: MandateState, session_id: str = "") -> bool:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return True
+    return not state.session_id or state.session_id == clean_sid
+
+
+def is_execute_until_blocker_active(
+    session_id: str = "",
+    state: Optional[MandateState] = None,
+) -> bool:
+    st = state if state is not None else load_state()
+    if st is None or not _state_applies_to_session(st, session_id):
+        return False
+    return bool(st.active and st.execute_until_blocker)
+
+
+def format_execution_latch_notice(
+    session_id: str = "",
+    state: Optional[MandateState] = None,
+) -> str:
+    st = state if state is not None else load_state()
+    if st is None or not _state_applies_to_session(st, session_id):
+        return ""
+    if not st.active or not st.execute_until_blocker:
+        return ""
+
+    lines = [
+        (
+            "EXECUTION MODE: execute-until-blocker active "
+            f"(marker='{st.marker}', source={st.source})."
+        ),
+        "Do not stop for option menus, reprioritization, summaries, or audits.",
+        "Pause only for a real blocker, an explicit approval gate, or a requested report.",
+    ]
+    if st.revalidate_after_compaction:
+        lines.append("Re-validate this latch after compaction and continue from the stored next step.")
+    return "\n".join(lines)
+
+
 def _description_has_exception(description: str, exception: str) -> bool:
     haystack = f"{description or ''}\n{exception or ''}".lower()
     return any(kw in haystack for kw in EXCEPTION_KEYWORDS)

package/src/checkpoint_policy.py

@@ -0,0 +1,302 @@
+"""Durable checkpoint policy for long-running multi-step work.
+
+This module turns task/workflow milestones into a small persistent state file
+and periodically flushes that state into ``session_checkpoints`` so compaction
+and phase switches recover a richer next-step snapshot than the heartbeat-only
+goal stub.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+
+NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
+STATE_PATH = NEXO_HOME / "runtime" / "data" / "durable_checkpoint_state.json"
+DEFAULT_MILESTONE_INTERVAL = 3
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+
+def _ensure_dir() -> None:
+    STATE_PATH.parent.mkdir(parents=True, exist_ok=True)
+
+
+def _load_all() -> dict[str, dict[str, Any]]:
+    try:
+        raw = json.loads(STATE_PATH.read_text())
+    except FileNotFoundError:
+        return {}
+    except (OSError, json.JSONDecodeError):
+        return {}
+    return raw if isinstance(raw, dict) else {}
+
+
+def _save_all(payload: dict[str, dict[str, Any]]) -> None:
+    _ensure_dir()
+    STATE_PATH.write_text(json.dumps(payload, ensure_ascii=False, indent=2, sort_keys=True))
+
+
+def _blank_session_state(session_id: str) -> dict[str, Any]:
+    return {
+        "session_id": session_id,
+        "milestone_count": 0,
+        "updated_at": _now_iso(),
+        "last_reason": "",
+        "task": "",
+        "task_status": "active",
+        "active_files": [],
+        "current_goal": "",
+        "decisions_summary": "",
+        "blockers": "",
+        "reasoning_thread": "",
+        "next_step": "",
+        "last_flushed_at": "",
+        "last_flush_reason": "",
+    }
+
+
+def _coalesce_text(new_value: str, old_value: str = "") -> str:
+    clean = str(new_value or "").strip()
+    return clean or str(old_value or "").strip()
+
+
+def _normalize_active_files(active_files: Any) -> list[str]:
+    if active_files is None:
+        return []
+    if isinstance(active_files, str):
+        stripped = active_files.strip()
+        if not stripped:
+            return []
+        if stripped.startswith("["):
+            try:
+                parsed = json.loads(stripped)
+            except json.JSONDecodeError:
+                parsed = [part.strip() for part in stripped.split(",") if part.strip()]
+        else:
+            parsed = [part.strip() for part in stripped.split(",") if part.strip()]
+    elif isinstance(active_files, (list, tuple, set)):
+        parsed = list(active_files)
+    else:
+        parsed = [str(active_files).strip()]
+
+    seen: list[str] = []
+    for item in parsed:
+        clean = str(item or "").strip()
+        if clean and clean not in seen:
+            seen.append(clean)
+    return seen
+
+
+def _session_state(all_state: dict[str, dict[str, Any]], session_id: str) -> dict[str, Any]:
+    existing = all_state.get(session_id)
+    if not isinstance(existing, dict):
+        return _blank_session_state(session_id)
+    base = _blank_session_state(session_id)
+    base.update(existing)
+    base["session_id"] = session_id
+    base["active_files"] = _normalize_active_files(base.get("active_files"))
+    try:
+        base["milestone_count"] = max(0, int(base.get("milestone_count", 0)))
+    except (TypeError, ValueError):
+        base["milestone_count"] = 0
+    return base
+
+
+def _extract_active_files_from_payload(payload: dict[str, Any] | None) -> list[str]:
+    if not isinstance(payload, dict):
+        return []
+    for key in ("active_files", "files", "tracked_files"):
+        files = _normalize_active_files(payload.get(key))
+        if files:
+            return files
+    return []
+
+
+def _flush_state(
+    all_state: dict[str, dict[str, Any]],
+    session_id: str,
+    state: dict[str, Any],
+    *,
+    reason: str,
+) -> dict[str, Any]:
+    from db import save_checkpoint
+
+    decisions_summary = _coalesce_text(state.get("decisions_summary", ""))
+    if reason:
+        reason_note = f"checkpoint_reason={reason}"
+        decisions_summary = f"{decisions_summary} | {reason_note}".strip(" |")
+
+    active_files = _normalize_active_files(state.get("active_files"))
+    save_result = save_checkpoint(
+        sid=session_id,
+        task=_coalesce_text(state.get("task", ""), state.get("current_goal", "")),
+        task_status=_coalesce_text(state.get("task_status", ""), "active"),
+        active_files=json.dumps(active_files, ensure_ascii=False),
+        current_goal=_coalesce_text(state.get("current_goal", ""), state.get("task", "")),
+        decisions_summary=decisions_summary,
+        errors_found=_coalesce_text(state.get("blockers", "")),
+        reasoning_thread=_coalesce_text(state.get("reasoning_thread", "")),
+        next_step=_coalesce_text(state.get("next_step", "")),
+    )
+
+    state["active_files"] = active_files
+    state["milestone_count"] = 0
+    state["last_flushed_at"] = _now_iso()
+    state["last_flush_reason"] = reason
+    state["updated_at"] = _now_iso()
+    all_state[session_id] = state
+    _save_all(all_state)
+    return {
+        "ok": True,
+        "checkpoint_written": True,
+        "session_id": session_id,
+        "milestone_count": 0,
+        "last_flush_reason": reason,
+        "compaction_count": save_result.get("compaction_count", 0),
+    }
+
+
+def record_milestone(
+    session_id: str,
+    *,
+    reason: str,
+    task: str = "",
+    task_status: str = "active",
+    active_files: Any = None,
+    current_goal: str = "",
+    decisions_summary: str = "",
+    blockers: str = "",
+    reasoning_thread: str = "",
+    next_step: str = "",
+    interval: int = DEFAULT_MILESTONE_INTERVAL,
+    force_flush: bool = False,
+) -> dict[str, Any]:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return {"ok": False, "error": "session_id is required"}
+
+    all_state = _load_all()
+    state = _session_state(all_state, clean_sid)
+
+    state["last_reason"] = str(reason or "").strip()
+    state["updated_at"] = _now_iso()
+    state["task"] = _coalesce_text(task, state.get("task", ""))
+    state["task_status"] = _coalesce_text(task_status, state.get("task_status", "active"))
+    state["current_goal"] = _coalesce_text(current_goal, state.get("current_goal", ""))
+    state["decisions_summary"] = _coalesce_text(decisions_summary, state.get("decisions_summary", ""))
+    state["blockers"] = _coalesce_text(blockers, state.get("blockers", ""))
+    state["reasoning_thread"] = _coalesce_text(reasoning_thread, state.get("reasoning_thread", ""))
+    state["next_step"] = _coalesce_text(next_step, state.get("next_step", ""))
+
+    files = _normalize_active_files(active_files)
+    if files:
+        state["active_files"] = files
+
+    state["milestone_count"] = max(0, int(state.get("milestone_count", 0))) + 1
+    all_state[clean_sid] = state
+
+    flush_every = max(1, int(interval or DEFAULT_MILESTONE_INTERVAL))
+    if force_flush or state["milestone_count"] >= flush_every:
+        return _flush_state(all_state, clean_sid, state, reason=str(reason or "").strip())
+
+    _save_all(all_state)
+    return {
+        "ok": True,
+        "checkpoint_written": False,
+        "session_id": clean_sid,
+        "milestone_count": state["milestone_count"],
+        "flush_interval": flush_every,
+        "pending_reason": state["last_reason"],
+    }
+
+
+def force_runtime_checkpoint(session_id: str, *, reason: str = "pre-compact") -> dict[str, Any]:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return {"ok": False, "error": "session_id is required"}
+
+    from db import get_db, read_checkpoint
+
+    all_state = _load_all()
+    state = _session_state(all_state, clean_sid)
+    conn = get_db()
+
+    session_row = conn.execute(
+        "SELECT task FROM sessions WHERE sid = ? LIMIT 1",
+        (clean_sid,),
+    ).fetchone()
+    existing_checkpoint = read_checkpoint(clean_sid) or {}
+    workflow_row = conn.execute(
+        """SELECT goal, status, current_step_key, next_action, shared_state
+           FROM workflow_runs
+           WHERE session_id = ?
+           ORDER BY updated_at DESC LIMIT 1""",
+        (clean_sid,),
+    ).fetchone()
+
+    workflow_state: dict[str, Any] = {}
+    if workflow_row and workflow_row["shared_state"]:
+        try:
+            parsed = json.loads(workflow_row["shared_state"])
+            if isinstance(parsed, dict):
+                workflow_state = parsed
+        except json.JSONDecodeError:
+            workflow_state = {}
+
+    workflow_blocker = ""
+    if workflow_row and workflow_row["status"] in {"blocked", "waiting_approval"}:
+        workflow_blocker = (
+            f"Workflow {workflow_row['status']} at "
+            f"{workflow_row['current_step_key'] or 'current-step'}"
+        )
+
+    merged_files = (
+        _normalize_active_files(state.get("active_files"))
+        or _extract_active_files_from_payload(workflow_state)
+        or _normalize_active_files(existing_checkpoint.get("active_files"))
+    )
+
+    state["task"] = _coalesce_text(
+        state.get("task", ""),
+        (session_row["task"] if session_row else "") or existing_checkpoint.get("task", ""),
+    )
+    state["current_goal"] = _coalesce_text(
+        state.get("current_goal", ""),
+        (workflow_row["goal"] if workflow_row else "") or existing_checkpoint.get("current_goal", "") or state.get("task", ""),
+    )
+    state["decisions_summary"] = _coalesce_text(
+        state.get("decisions_summary", ""),
+        existing_checkpoint.get("decisions_summary", "") or f"Forced durable checkpoint before {reason}.",
+    )
+    current_blockers = _coalesce_text(
+        state.get("blockers", ""),
+        existing_checkpoint.get("errors_found", ""),
+    )
+    if workflow_blocker:
+        if workflow_blocker not in current_blockers:
+            current_blockers = f"{workflow_blocker} | {current_blockers}".strip(" |")
+    state["blockers"] = current_blockers
+    state["reasoning_thread"] = _coalesce_text(
+        state.get("reasoning_thread", ""),
+        existing_checkpoint.get("reasoning_thread", "") or f"Auto-flushed by checkpoint_policy ({reason}).",
+    )
+    state["next_step"] = _coalesce_text(
+        state.get("next_step", ""),
+        (workflow_row["next_action"] if workflow_row else "") or existing_checkpoint.get("next_step", ""),
+    )
+    state["task_status"] = _coalesce_text(
+        state.get("task_status", ""),
+        (workflow_row["status"] if workflow_row else "") or existing_checkpoint.get("task_status", "") or "active",
+    )
+    state["active_files"] = merged_files
+    state["updated_at"] = _now_iso()
+    state["last_reason"] = reason
+    all_state[clean_sid] = state
+    return _flush_state(all_state, clean_sid, state, reason=reason)

package/src/hook_guardrails.py

@@ -701,12 +701,18 @@ def _collect_protocol_warnings(conn, *, sid: str, tool_name: str) -> list[dict]:
             if task.get("must_change_log")
             else ""
         )
+        closeout_note = (
+            " If this edit wave came from a user correction or you are leaving a blocker unresolved, "
+            "include `correction_happened=true` with a reusable learning, or `followup_needed=true`, "
+            "when you call `nexo_task_close(...)`."
+        )
         _append_protocol_warning(
             warnings,
             render_core_prompt(
                 "hook-protocol-warning-task-close-evidence",
                 task_id=task_id,
                 change_note=change_note,
+                closeout_note=closeout_note,
             ),
         )
 

package/src/hooks/post-compact.sh

@@ -91,6 +91,36 @@ if [ -f "$NEXO_DB" ]; then
             LAST_HINT=$(echo "$DRAFT" | cut -d'|' -f2)
         fi
 
+        EXECUTION_LATCH=""
+        AUTONOMY_STATE_FILE="$DATA_DIR/autonomy_mandate.json"
+        if [ -f "$AUTONOMY_STATE_FILE" ]; then
+            EXECUTION_LATCH=$(
+                TARGET_SID="$SID" AUTONOMY_STATE_FILE="$AUTONOMY_STATE_FILE" python3 -c "
+import json, os, time
+try:
+    raw = json.loads(open(os.environ['AUTONOMY_STATE_FILE']).read())
+except Exception:
+    raise SystemExit(0)
+session_id = str(raw.get('session_id', '') or '').strip()
+target_sid = str(os.environ.get('TARGET_SID', '') or '').strip()
+if not raw.get('active'):
+    raise SystemExit(0)
+try:
+    expires_at = float(raw.get('expires_at', 0))
+except Exception:
+    expires_at = 0.0
+if expires_at <= time.time():
+    raise SystemExit(0)
+if session_id and target_sid and session_id != target_sid:
+    raise SystemExit(0)
+if not bool(raw.get('execute_until_blocker', True)):
+    raise SystemExit(0)
+print('**Execution mode:** execute-until-blocker still active after compaction.')
+print('**Guardrail:** skip option menus, reprioritization, summaries, and audits unless a real blocker or approval gate appears.')
+" 2>/dev/null || true
+            )
+        fi
+
         # Build Core Memory Block
         BLOCK="## SESSION CONTINUITY [auto-injected post-compaction #$((COMPACT_COUNT + 1))]"
         BLOCK="$BLOCK\n**Session:** $SID"
@@ -128,6 +158,10 @@ if [ -f "$NEXO_DB" ]; then
             BLOCK="$BLOCK\n**Session tasks so far:** $TASKS_SEEN"
         fi
 
+        if [ -n "$EXECUTION_LATCH" ]; then
+            BLOCK="$BLOCK\n$EXECUTION_LATCH"
+        fi
+
         BLOCK="$BLOCK\n**Tool logs:** ${OPERATIONS_DIR}/tool-logs/${TODAY}.jsonl ($LOG_LINES entries)"
         BLOCK="$BLOCK\n\n**POST-COMPACTION INSTRUCTIONS:**"
         BLOCK="$BLOCK\n1. Call nexo_heartbeat with the SID above to reconnect with the session"

package/src/hooks/post_tool_use.py

@@ -140,6 +140,21 @@ def _run(cmd: list[str], timeout: int) -> int:
         return 1
 
 
+def _run_step(cmd: list[str], timeout: int) -> tuple[int, str]:
+    try:
+        result = subprocess.run(cmd, timeout=timeout, capture_output=True, text=True)
+        return result.returncode, (result.stdout or "").strip()
+    except Exception:
+        return 1, ""
+
+
+def _combine_system_messages(*messages: str | None) -> str | None:
+    parts = [str(item).strip() for item in messages if str(item or "").strip()]
+    if not parts:
+        return None
+    return "\n\n".join(parts)
+
+
 def _read_stdin_json() -> dict:
     """Read the Claude Code hook payload from stdin. Never raises."""
     if sys.stdin.isatty():
@@ -202,11 +217,15 @@ def main() -> int:
         (["bash", str(_DIR / "heartbeat-posttool.sh")],3),
     ]
     exits = []
+    protocol_message = ""
     for cmd, timeout in steps:
         script = Path(cmd[-1])
         if not script.is_file():
             continue
-        exits.append(_run(cmd, timeout))
+        exit_code, stdout = _run_step(cmd, timeout)
+        exits.append(exit_code)
+        if script.name == "protocol-guardrail.sh" and stdout:
+            protocol_message = stdout
 
     exits.append(_run_auto_capture(payload))
 
@@ -217,8 +236,9 @@ def main() -> int:
     try:
         sid = _resolve_sid_from_payload(payload)
         reminder = check_inbox_and_emit_reminder(sid)
-        if reminder:
-            print(json.dumps({"systemMessage": reminder}))
+        combined = _combine_system_messages(protocol_message, reminder)
+        if combined:
+            print(json.dumps({"systemMessage": combined}))
     except Exception:
         pass
 

package/src/hooks/pre-compact.sh

@@ -49,6 +49,20 @@ if [ -f "$NEXO_DB" ]; then
                 END,
                 updated_at = datetime('now')
         " 2>/dev/null || true
+
+        # Flush the richer durable checkpoint state if milestone data exists.
+        NEXO_PRECOMPACT_SID="$LATEST_SID" HOOK_DIR="$HOOK_DIR" python3 -c "
+import os, sys
+sys.path.insert(0, os.path.abspath(os.path.join(os.environ['HOOK_DIR'], '..')))
+try:
+    import checkpoint_policy
+    checkpoint_policy.force_runtime_checkpoint(
+        os.environ['NEXO_PRECOMPACT_SID'],
+        reason='pre-compact-hook',
+    )
+except Exception:
+    pass
+" 2>/dev/null || true
     fi
 fi
 

package/src/plugins/protocol.py

@@ -1648,6 +1648,28 @@ def handle_task_close(
             status = "debt-open"
             next_action = "Resolve the open protocol debt next."
 
+    durable_checkpoint = None
+    try:
+        from checkpoint_policy import record_milestone
+
+        checkpoint_blockers = ""
+        if clean_outcome in {"partial", "failed"}:
+            checkpoint_blockers = (outcome_notes or clean_evidence or next_action).strip()
+        durable_checkpoint = record_milestone(
+            task.get("session_id") or sid,
+            reason=f"task_close:{clean_outcome}",
+            task=task.get("goal", ""),
+            task_status=("blocked" if clean_outcome in {"partial", "failed"} else "active"),
+            active_files=effective_files,
+            current_goal=task.get("goal", ""),
+            decisions_summary=(clean_change_summary or clean_outcome),
+            blockers=checkpoint_blockers,
+            reasoning_thread=(clean_evidence or outcome_notes or "")[:800],
+            next_step=(next_action if clean_outcome != "done" else ""),
+        )
+    except Exception:
+        durable_checkpoint = None
+
     response = {
         "ok": True,
         "task_id": task_id,
@@ -1668,6 +1690,8 @@ def handle_task_close(
         "status": status,
         "next_action": next_action,
     }
+    if durable_checkpoint:
+        response["durable_checkpoint"] = durable_checkpoint
     return json.dumps(response, ensure_ascii=False, indent=2)
 
 

package/src/plugins/workflow.py

@@ -71,6 +71,43 @@ def _parse_json_object(value: str) -> dict | None:
     return parsed if isinstance(parsed, dict) else None
 
 
+def _checkpoint_active_files(*payloads: dict | None) -> list[str]:
+    seen: list[str] = []
+    for payload in payloads:
+        if not isinstance(payload, dict):
+            continue
+        for key in ("active_files", "files", "tracked_files"):
+            raw = payload.get(key)
+            if raw is None:
+                continue
+            if isinstance(raw, str):
+                items = [item.strip() for item in raw.split(",") if item.strip()]
+            elif isinstance(raw, (list, tuple, set)):
+                items = [str(item).strip() for item in raw if str(item).strip()]
+            else:
+                items = [str(raw).strip()] if str(raw).strip() else []
+            for item in items:
+                if item and item not in seen:
+                    seen.append(item)
+    return seen
+
+
+def _workflow_blocker_text(
+    *,
+    step_status: str,
+    run_status: str,
+    summary: str,
+    next_action: str,
+    requires_approval: bool,
+) -> str:
+    status_tokens = {str(step_status or "").strip().lower(), str(run_status or "").strip().lower()}
+    if "blocked" in status_tokens:
+        return summary or next_action or "Workflow blocked."
+    if requires_approval or "waiting_approval" in status_tokens:
+        return summary or next_action or "Workflow waiting for approval."
+    return ""
+
+
 def handle_workflow_open(
     sid: str,
     goal: str,
@@ -387,6 +424,34 @@ def handle_workflow_update(
             "attempt_count": resume["next_step"].get("attempt_count", 0),
             "max_retries": resume["next_step"].get("max_retries", 0),
         }
+    try:
+        from checkpoint_policy import record_milestone
+
+        durable_checkpoint = record_milestone(
+            run.get("session_id", ""),
+            reason=f"workflow:{(step_key or run.get('current_step_key') or 'update')}",
+            task=run.get("goal", ""),
+            task_status=("blocked" if run["status"] in {"blocked", "waiting_approval"} else "active"),
+            active_files=_checkpoint_active_files(
+                _parse_json_object(shared_state) if str(shared_state).strip() else None,
+                _parse_json_object(state_patch) if str(state_patch).strip() else None,
+                run.get("shared_state") if isinstance(run.get("shared_state"), dict) else None,
+            ),
+            current_goal=run.get("goal", ""),
+            decisions_summary=(summary or checkpoint_label or step_title or step_key or run.get("last_checkpoint_label", "")),
+            blockers=_workflow_blocker_text(
+                step_status=step_status,
+                run_status=run["status"],
+                summary=summary,
+                next_action=next_action or run.get("next_action", ""),
+                requires_approval=requires_approval,
+            ),
+            reasoning_thread=(evidence or compensation or "").strip(),
+            next_step=(next_action or run.get("next_action", "")),
+        )
+        response["durable_checkpoint"] = durable_checkpoint
+    except Exception:
+        pass
     return json.dumps(response, ensure_ascii=False, indent=2)
 
 

package/src/skills/run-release-final-audit/guide.md

@@ -10,7 +10,9 @@ Use this before claiming a release/publication is closed when you need a live ch
 
 ## Gotchas
 - A missing auto-resolved contract is a real blocker for the final release audit.
-- Smoke is version-line scoped. If no runner exists, the skill reports the skip explicitly instead of pretending it ran.
+- Smoke is version-line scoped. The audit now requires a passing smoke artifact for the current version during final closeout, and the contract can tighten it further with `smoke.required_groups` and `smoke.max_age_hours`.
+- Contracts may declare `critical_surfaces` to open installed/user-facing files or directories and verify markers before publication is considered closed.
+- Contracts may declare `publication.status`, `publication.checklist_complete`, and `publication.blockers`; any open `high`/`critical` blocker now keeps publication blocked.
 - The script is read-only except for the optional official `nexo update` step during `final_closeout`; it still does not bump versions, tag, publish, or edit website worktrees.
 - `final_closeout` is intentionally stricter than the repo-only readiness pass: it fails if the release task was not closed with evidence or if its `change_log` row is missing.
 - If the touched area includes bootstrap, startup, or public claims, finish with the manual watchpoints in `docs/client-parity-checklist.md`.

package/src/skills/run-release-final-audit/script.py

@@ -245,6 +245,8 @@ def main() -> int:
             readiness_cmd.append("--require-contract-complete")
     elif require_contract_complete:
         print("[release-final-audit] require_contract_complete ignored because contract=none")
+    if include_smoke or final_closeout:
+        readiness_cmd.append("--require-smoke")
     if final_closeout:
         readiness_cmd.append("--final-closeout")
         if protocol_task_id.strip():

package/src/tools_sessions.py

@@ -556,6 +556,27 @@ def handle_heartbeat(sid: str, task: str, context_hint: str = '') -> str:
 def _handle_heartbeat_inner(sid: str, task: str, context_hint: str = '') -> str:
     """Inner body of handle_heartbeat — wrapped by tool_span above."""
     from db import get_db, update_last_heartbeat_ts
+
+    mandate_state = None
+    if context_hint:
+        try:
+            from autonomy_mandate import maybe_ingest_from_text
+
+            mandate_state = maybe_ingest_from_text(
+                context_hint,
+                session_id=sid,
+                source="heartbeat",
+            )
+        except Exception:
+            mandate_state = None
+    if mandate_state is None:
+        try:
+            from autonomy_mandate import load_state
+
+            mandate_state = load_state()
+        except Exception:
+            mandate_state = None
+
     update_session(sid, task)
     # v6.0.1 — stamp last_heartbeat_ts so the PostToolUse hook can
     # decide whether to surface a pending-inbox reminder on autopilot
@@ -602,6 +623,16 @@ def _handle_heartbeat_inner(sid: str, task: str, context_hint: str = '') -> str:
         except Exception:
             pass
 
+    try:
+        from autonomy_mandate import format_execution_latch_notice
+
+        latch_notice = format_execution_latch_notice(sid, state=mandate_state)
+        if latch_notice:
+            parts.append("")
+            parts.append(latch_notice)
+    except Exception:
+        pass
+
     # Incremental diary draft — accumulate every heartbeat, full UPSERT every 5
     _hb_count = 0  # Hoisted for Layer 3 DIARY_OVERDUE signal
     try:

package/templates/core-prompts/hook-protocol-warning-task-close-evidence.md

@@ -1 +1 @@
-Protocol reminder for [[task_id]]: keep `nexo_heartbeat(...)` current and close it with `nexo_task_close(...)` plus evidence before saying it is resolved.[[change_note]]
+Protocol reminder for [[task_id]]: keep `nexo_heartbeat(...)` current and do not close the conversation optimistically. Finish with `nexo_task_close(...)` plus concrete evidence before saying it is resolved.[[change_note]][[closeout_note]]

package/templates/core-prompts/r14-correction-learning-injection.md

@@ -1 +1 @@
-R14 post-user-correction: the last user message was classified as a correction (or carried strongly negative valence) and three tool calls have elapsed without a nexo_learning_add. Capture the rule you just learned NOW via nexo_learning_add(category=..., title=..., content=..., reasoning=..., prevention=...). The auto_capture hook fires in parallel, but this reminder stays active until you either call learning_add or acknowledge the correction via nexo_cognitive_trust(event='correction'). Do not produce visible text for this reminder — act on it. After handling the silent action, continue with your previous task; this reminder is silent context, not a new instruction.
+R14 post-user-correction: the last user message was classified as a correction (or carried strongly negative valence) and three tool calls have elapsed without a nexo_learning_add. Capture the rule you just learned NOW via nexo_learning_add(category=..., title=..., content=..., reasoning=..., prevention=...). If the correction led to real edits, close the task with `nexo_task_close(...)` plus concrete evidence and let that closeout capture the `change_log`; if you cannot finish cleanly in this turn, use `followup_needed=true` on the closeout instead of ending the conversation loosely. The auto_capture hook fires in parallel, but this reminder stays active until you either call learning_add or acknowledge the correction via nexo_cognitive_trust(event='correction'). Do not produce visible text for this reminder — act on it. After handling the silent action, continue with your previous task; this reminder is silent context, not a new instruction.