nexo-brain 7.1.8 → 7.2.0

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.8",
+  "version": "7.2.0",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.1.8` is the current packaged-runtime line. It batches the Block K Guardian/Enforcer roadmap (auto-drain of stale `protocol_debt` rows, destructive-command pre-tool gate, `guard_check`-required gate, inline guard ack on `nexo_task_open`, Guardian Health in the morning briefing) with Block D hardcode cleanup (classifier-backed `backfill_task_owner`, migration v50 supersedes the duplicate NEXO-product learning pair, new semantic-hardcodes audit) and Block E product guards (LaunchAgent plist protection, agent-name fallbacks no longer leak the product identity, `francisco_emails` removed from the email-config dict export, `runner-health-check.py` + `nexo_personal_automation.py` promoted from personal to core). All new gates ship in shadow mode with env-flag rollout to `hard`. No coordinated Desktop release is required for this patch; Desktop consumers continue against the same CLI / MCP contract.
+Version `7.2.0` is the current packaged-runtime line. It is a minor release that consolidates three parallel workstreams into a single Guardian-active-by-default train. Block K roadmap closure: G1 enforcer active (PostToolUse nudge when the latest `nexo_task_open` returned `mode ∈ {defer, ask, verify}` and the operator has not executed the paired `next_action`), G3 SSH remote-write detector (catches `ssh host "cat > ..."`, `scp upload`, `rsync upload`, `sftp -b batch` and 10+ other patterns the local destructive gate never saw), new `src/guardian_runtime_config.py` resolver (env > `~/.nexo/personal/config/guardian-runtime-overrides.json` > default), and `_persist_guardian_hard_defaults` during `nexo update` so every non-ephemeral install gets Guardian in `hard` without manual env vars. F0.6 hardening wave: `nexo rollback f06` CLI with two-stage safe swap, `src/scripts/prune_runtime_backups.py` promoted from personal to core, the authoritative `docs/f06-layout-contract.md`, three new doctor boot-tier checks (`check_core_dev_packaged_install`, `check_dashboard_desktop_contract`, `check_f06_migration_consistency`), `scripts/nexo-migrate-nora.sh` + `scripts/f0-safe-apply-remote.sh` idempotent migration workflow, and v6.x→F0.6 rollback hardening tests. Adaptive weights: flips from "14-day calendar wait" to "14 days OR (≥200 samples AND ≥2 days)" + `_maybe_promote_adaptive_weights_empirically` auto-promotes shadow→learned during `nexo update` so mature installs feel the Cortex calibration immediately. Small-fixes batch: R34 `bool("unknown")==True` fix, `classify_scripts_dir` dedup by realpath, B10 module-level path constants lazy-evaluated in `public_contribution.py` / `tools_sessions.py` / `plugins/recover.py` / `plugins/update.py`, schedule override audit log at `runtime/logs/core-schedule-overrides.log`, `scripts/pre-release-verify.sh` + `docs/release-discipline.md`, and a pre-commit hook that blocks commits when `tool-enforcement-map.json` drifts from `src/plugins/`.
+
+Previously in `7.1.10`: follow-up over v7.1.8 that shipped two rescue batches of WIP stashed aside during the v7.1.8 release window. First rescue: `src/autonomy_mandate.py` expanded the mandate-detection vocabulary (hazlo todo / no pares / estás al mando / te dejo al mando / sigue sin parar / haz el plan completo), added three honest flags on `MandateState` (`execute_until_blocker`, `suppress_mid_task_menus`, `revalidate_after_compaction`) with session filtering, wired post/pre-compact hooks that read those flags, surfaced them through protocol/workflow handlers and session payload, and introduced the new `src/checkpoint_policy.py` module with tests. Second rescue: `scripts/verify_release_readiness.py` gained a smoke-artifact contract pass that validates `release-contracts/smoke/v<version>.json` before any tag push, the release-final audit skill references the new contract, `src/hook_guardrails.py` + `src/hooks/post_tool_use.py` refine the post-tool protocol reminder path with a new contract test, and a couple of core prompts (task-close evidence, r14 correction learning) got wording polish.
+
+Previously in `7.1.8`: batch release over v7.1.7 consolidating the Block K Guardian/Enforcer roadmap (auto-drain of stale `protocol_debt` rows, destructive-command pre-tool gate, `guard_check`-required gate, inline guard ack on `nexo_task_open`, Guardian Health in the morning briefing) with Block D hardcode cleanup (classifier-backed `backfill_task_owner`, migration v50 supersedes the duplicate NEXO-product learning pair, new semantic-hardcodes audit) and Block E product guards (LaunchAgent plist protection, agent-name fallbacks no longer leak the product identity, `francisco_emails` removed from the email-config dict export, `runner-health-check.py` + `nexo_personal_automation.py` promoted from personal to core).
 
 Previously in `7.0.1`: hotfix over v7.0.0 (db._core.DB_PATH was only caller still hardcoded to legacy ~/.nexo/data/nexo.db; every shared-DB command silently returned empty results post-migration). Previously in `7.0.0`: **BREAKING — Plan Consolidado fase F0.6**: physical separation of the runtime tree into `~/.nexo/{core,personal,runtime}/`. The flat layout (`~/.nexo/scripts/`, `brain/`, `data/`, `operations/`, ...) is gone. Operators on v6.x are auto-migrated on first `nexo update`; fresh installs land directly in the new tree. New `paths.py` helpers are transition-aware.
 

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "nexo-brain",
-  "version": "7.1.8",
+  "version": "7.2.0",
   "mcpName": "io.github.wazionapps/nexo",
-  "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
+  "description": "NEXO Brain \u2014 Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",
   "bin": {
     "nexo-brain": "./bin/nexo-brain.js",

package/src/auto_update.py

@@ -389,25 +389,65 @@ def _write_last_check(data: dict):
 
 
 def _sync_watchdog_hash_registry():
-    """Keep the immutable-hash registry aligned with the installed watchdog script."""
+    """Keep the immutable-hash registry aligned with the installed watchdog script.
+
+    Folds any pre-F0.6 legacy registry at ``paths.legacy_watchdog_hashes_path()``
+    into the canonical F0.6 file and then drops the legacy artifact so a later
+    ``ls ~/.nexo/scripts/.watchdog-hashes`` is empty (unless ``~/.nexo/scripts``
+    is itself a symlink to the canonical dir, in which case both paths already
+    point at the same inode).
+    """
     try:
         watchdog_file = paths.core_scripts_dir() / "nexo-watchdog.sh"
         if not watchdog_file.exists():
             return
         registry_file = paths.core_scripts_dir() / ".watchdog-hashes"
+        legacy_registry_file = paths.legacy_watchdog_hashes_path()
         entries: dict[str, str] = {}
-        if registry_file.exists():
-            for line in registry_file.read_text().splitlines():
-                if "|" not in line:
-                    continue
-                filepath, expected = line.split("|", 1)
-                if filepath:
-                    entries[filepath] = expected
+
+        def _load(path: Path) -> None:
+            if not path.exists():
+                return
+            try:
+                for line in path.read_text().splitlines():
+                    if "|" not in line:
+                        continue
+                    filepath, expected = line.split("|", 1)
+                    if filepath:
+                        entries[filepath] = expected
+            except Exception as load_error:
+                _log(f"watchdog hash registry load error at {path}: {load_error}")
+
+        _load(registry_file)
+
+        legacy_is_canonical_alias = False
+        if legacy_registry_file.exists():
+            try:
+                legacy_is_canonical_alias = (
+                    registry_file.exists()
+                    and legacy_registry_file.resolve() == registry_file.resolve()
+                )
+            except Exception:
+                legacy_is_canonical_alias = False
+            if not legacy_is_canonical_alias:
+                _load(legacy_registry_file)
+
         actual_hash = hashlib.sha256(watchdog_file.read_bytes()).hexdigest()
         entries[str(watchdog_file)] = actual_hash
         registry_file.write_text(
             "\n".join(f"{filepath}|{digest}" for filepath, digest in sorted(entries.items())) + "\n"
         )
+
+        if (
+            legacy_registry_file.exists()
+            and not legacy_is_canonical_alias
+            and legacy_registry_file != registry_file
+        ):
+            try:
+                legacy_registry_file.unlink()
+                _log(f"watchdog hash registry migrated from legacy path: {legacy_registry_file}")
+            except Exception as unlink_error:
+                _log(f"watchdog hash registry legacy cleanup skipped: {unlink_error}")
     except Exception as e:
         _log(f"watchdog hash registry sync error: {e}")
 
@@ -4608,6 +4648,26 @@ def _run_runtime_post_sync(dest: Path = NEXO_HOME, progress_fn=None) -> tuple[bo
     except Exception as exc:
         actions.append(f"classifier-install-warning:{exc.__class__.__name__}")
 
+    try:
+        _emit_progress(progress_fn, "Persisting Guardian enforcement defaults...")
+        persisted, persist_message = _persist_guardian_hard_defaults(dest)
+        if persisted:
+            actions.append("guardian-hard-persisted")
+        if persist_message:
+            actions.append(persist_message)
+    except Exception as exc:
+        actions.append(f"guardian-hard-persist-warning:{exc.__class__.__name__}")
+
+    try:
+        _emit_progress(progress_fn, "Promoting adaptive weights if enough data...")
+        promoted, promote_message = _maybe_promote_adaptive_weights_empirically(dest)
+        if promoted:
+            actions.append("adaptive-weights-promoted")
+        if promote_message:
+            actions.append(promote_message)
+    except Exception as exc:
+        actions.append(f"adaptive-weights-promote-warning:{exc.__class__.__name__}")
+
     _emit_progress(progress_fn, "Verifying runtime imports...")
     verify = subprocess.run(
         [sys.executable, "-c", "import server"],
@@ -4655,6 +4715,177 @@ def _emit_progress(progress_fn, message: str) -> None:
             pass
 
 
+_GUARDIAN_PERSIST_HARD_DEFAULTS = {
+    "G1_ENFORCER_ACTIVE": "hard",
+    "G3_ENFORCE_DESTRUCTIVE": "hard",
+    "G3_SSH_ENFORCE_REMOTE_WRITE": "hard",
+    "G4_ENFORCE_GUARD_CHECK": "hard",
+}
+
+
+def _persist_guardian_hard_defaults(dest: Path) -> tuple[bool, str | None]:
+    """Write ``~/.nexo/config/guardian-runtime-overrides.json`` with the
+    v7.2.0 "Guardian-on by default" matrix so operators get the active
+    enforcer experience without setting env vars every shell.
+
+    Returns (persisted, message). ``persisted`` is True when the file was
+    written or updated during this call; False when we left it alone
+    (operator opt-out, or file already matches the defaults).
+
+    Contract:
+        - Operator opt-out with ``NEXO_GUARDIAN_PERSIST_HARD=off`` in env
+          at update time: leave the file untouched.
+        - Ephemeral runtimes: skip.
+        - Never overwrite a key the operator already customized to a
+          non-default value (``shadow`` / ``off`` / anything else). Only
+          fills missing keys or upgrades explicit defaults.
+    """
+    if _is_ephemeral_runtime_install(dest):
+        return False, "guardian-hard-persist-skipped:ephemeral"
+    if os.environ.get("NEXO_GUARDIAN_PERSIST_HARD", "").strip().lower() == "off":
+        return False, "guardian-hard-persist-skipped:operator-opt-out"
+
+    config_path = dest / "personal" / "config" / "guardian-runtime-overrides.json"
+    config_path.parent.mkdir(parents=True, exist_ok=True)
+
+    current: dict[str, str] = {}
+    if config_path.is_file():
+        try:
+            raw = json.loads(config_path.read_text())
+            if isinstance(raw, dict):
+                current = {str(k): str(v) for k, v in raw.items()}
+        except Exception:
+            # Malformed file — treat as empty. We write the fresh defaults
+            # and keep the malformed copy for the operator to inspect.
+            try:
+                config_path.rename(
+                    config_path.with_suffix(
+                        config_path.suffix + f".broken-{int(time.time())}"
+                    )
+                )
+            except Exception:
+                pass
+            current = {}
+
+    original = dict(current)
+    for key, default in _GUARDIAN_PERSIST_HARD_DEFAULTS.items():
+        if key not in current:
+            current[key] = default
+
+    if current == original and config_path.is_file():
+        return False, None
+
+    try:
+        tmp_path = config_path.with_suffix(config_path.suffix + ".tmp")
+        tmp_path.write_text(json.dumps(current, indent=2, ensure_ascii=False) + "\n")
+        tmp_path.replace(config_path)
+    except Exception as exc:  # pragma: no cover - filesystem failures
+        return False, f"guardian-hard-persist-error:{exc.__class__.__name__}"
+
+    return True, None
+
+
+from datetime import datetime as _adaptive_datetime  # isolated alias; other modules use ``time.time()``
+
+_ADAPTIVE_PROMOTE_MIN_SAMPLES = 200
+_ADAPTIVE_PROMOTE_MIN_DAYS = 2
+
+
+def _maybe_promote_adaptive_weights_empirically(dest: Path) -> tuple[bool, str | None]:
+    """Promote ``shadow_weights`` to ``learned_weights`` during ``nexo update``
+    when the install already has enough empirical signal.
+
+    Mirrors the empirical path in ``adaptive_mode.learn_weights`` (the
+    background learner cron). Without this, operators upgrading to v7.2.0
+    with a mature shadow dataset would still have to wait for the next
+    learner tick to feel the calibration — which can be hours or days.
+
+    Conditions to promote:
+        - adaptive_state.json exists and parses.
+        - ``shadow_weights`` dict is present.
+        - ``shadow_weights_samples >= 200`` AND the learner has been
+          running for at least 2 calendar days
+          (``learned_weights_first_date`` ≥ 2 days ago).
+        - ``learned_weights`` is absent or empty (never overwrite an
+          already-active set of weights).
+        - Operator opt-out flag ``NEXO_ADAPTIVE_EMPIRICAL_PROMOTION=off``
+          is NOT set. Same flag the learner already honours, so
+          operators who opted out stay opted out everywhere.
+
+    Returns ``(promoted, message)``:
+        - ``(True, None)``: weights were promoted, audit trail written.
+        - ``(False, None)``: no-op (no shadow data, not enough samples,
+          already promoted, or ephemeral install).
+        - ``(False, "adaptive-promote-skipped:<reason>")``: explicit skip
+          for the install log.
+    """
+    if _is_ephemeral_runtime_install(dest):
+        return False, "adaptive-promote-skipped:ephemeral"
+    if os.environ.get("NEXO_ADAPTIVE_EMPIRICAL_PROMOTION", "").strip().lower() == "off":
+        return False, "adaptive-promote-skipped:operator-opt-out"
+
+    state_path = dest / "personal" / "brain" / "adaptive_state.json"
+    if not state_path.is_file():
+        # Fall back to the legacy pre-F0.6 location for half-migrated
+        # installs; the migrator will eventually move it.
+        legacy = dest / "brain" / "adaptive_state.json"
+        if legacy.is_file():
+            state_path = legacy
+        else:
+            return False, None  # no data yet — nothing to promote
+
+    try:
+        raw = json.loads(state_path.read_text())
+    except Exception:
+        return False, "adaptive-promote-skipped:state-parse-error"
+    if not isinstance(raw, dict):
+        return False, "adaptive-promote-skipped:state-not-dict"
+
+    learned = raw.get("learned_weights")
+    if isinstance(learned, dict) and learned:
+        return False, None  # already active — nothing to do
+
+    shadow = raw.get("shadow_weights")
+    if not isinstance(shadow, dict) or not shadow:
+        return False, None  # no shadow data yet
+
+    samples = 0
+    try:
+        samples = int(raw.get("shadow_weights_samples", 0) or 0)
+    except (TypeError, ValueError):
+        samples = 0
+    if samples < _ADAPTIVE_PROMOTE_MIN_SAMPLES:
+        return False, None
+
+    first_date_raw = str(raw.get("learned_weights_first_date") or "").strip()
+    if not first_date_raw:
+        return False, None
+    try:
+        first_dt = _adaptive_datetime.strptime(first_date_raw[:19], "%Y-%m-%dT%H:%M:%S")
+    except ValueError:
+        return False, "adaptive-promote-skipped:first-date-parse-error"
+    days_since_first = (_adaptive_datetime.utcnow() - first_dt).days
+    if days_since_first < _ADAPTIVE_PROMOTE_MIN_DAYS:
+        return False, None
+
+    # Promote — deep-copy so callers holding references to the original
+    # dict don't see phantom mutations mid-update.
+    raw["learned_weights"] = {str(k): v for k, v in shadow.items()}
+    raw["learned_weights_date"] = _adaptive_datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S")
+    raw["learned_weights_samples"] = samples
+    raw["learned_weights_promoted_by"] = "nexo_update_empirical_v7_2_0"
+    raw["learned_weights_promoted_at"] = _adaptive_datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S")
+
+    try:
+        tmp_path = state_path.with_suffix(state_path.suffix + ".tmp")
+        tmp_path.write_text(json.dumps(raw, indent=2, ensure_ascii=False) + "\n")
+        tmp_path.replace(state_path)
+    except Exception as exc:  # pragma: no cover - filesystem failures
+        return False, f"adaptive-promote-error:{exc.__class__.__name__}"
+
+    return True, None
+
+
 def _parse_runtime_init_payload(stdout: str) -> dict:
     """Extract the JSON payload emitted by the runtime init helper."""
     lines = [line.strip() for line in stdout.splitlines() if line.strip()]

package/src/autonomy_mandate.py

@@ -45,8 +45,15 @@ MARKERS = (
     "autonomía total",
     "autonomia total",
     "sin esperas",
+    "hazlo todo",
     "todo ya",
+    "no pares",
+    "estás al mando",
+    "estas al mando",
+    "te dejo al mando",
     "no esperes",
+    "sigue sin parar",
+    "haz el plan completo",
     "no te escondas",
     "llevo 3 veces",
     "lo quiero ya",
@@ -81,6 +88,9 @@ class MandateState:
     expires_at: float
     marker: str
     source: str
+    execute_until_blocker: bool = True
+    suppress_mid_task_menus: bool = True
+    revalidate_after_compaction: bool = True
 
     def remaining_seconds(self, now: Optional[float] = None) -> float:
         now = time.time() if now is None else now
@@ -94,6 +104,9 @@ class MandateState:
             "expires_at": self.expires_at,
             "marker": self.marker,
             "source": self.source,
+            "execute_until_blocker": self.execute_until_blocker,
+            "suppress_mid_task_menus": self.suppress_mid_task_menus,
+            "revalidate_after_compaction": self.revalidate_after_compaction,
         }
 
 
@@ -137,6 +150,9 @@ def load_state() -> Optional[MandateState]:
             expires_at=float(raw.get("expires_at", 0.0)),
             marker=str(raw.get("marker", "")),
             source=str(raw.get("source", "")),
+            execute_until_blocker=bool(raw.get("execute_until_blocker", True)),
+            suppress_mid_task_menus=bool(raw.get("suppress_mid_task_menus", True)),
+            revalidate_after_compaction=bool(raw.get("revalidate_after_compaction", True)),
         )
     except (TypeError, ValueError):
         return None
@@ -150,6 +166,9 @@ def set_mandate(
     marker: str,
     source: str = "manual",
     ttl_seconds: int = DEFAULT_TTL_SECONDS,
+    execute_until_blocker: bool = True,
+    suppress_mid_task_menus: bool = True,
+    revalidate_after_compaction: bool = True,
 ) -> MandateState:
     _ensure_dir()
     now = time.time()
@@ -160,6 +179,9 @@ def set_mandate(
         expires_at=now + max(60, int(ttl_seconds)),
         marker=marker,
         source=source,
+        execute_until_blocker=bool(execute_until_blocker),
+        suppress_mid_task_menus=bool(suppress_mid_task_menus),
+        revalidate_after_compaction=bool(revalidate_after_compaction),
     )
     STATE_PATH.write_text(json.dumps(st.to_dict(), ensure_ascii=False, indent=2))
     return st
@@ -196,6 +218,46 @@ def maybe_ingest_from_text(
     )
 
 
+def _state_applies_to_session(state: MandateState, session_id: str = "") -> bool:
+    clean_sid = str(session_id or "").strip()
+    if not clean_sid:
+        return True
+    return not state.session_id or state.session_id == clean_sid
+
+
+def is_execute_until_blocker_active(
+    session_id: str = "",
+    state: Optional[MandateState] = None,
+) -> bool:
+    st = state if state is not None else load_state()
+    if st is None or not _state_applies_to_session(st, session_id):
+        return False
+    return bool(st.active and st.execute_until_blocker)
+
+
+def format_execution_latch_notice(
+    session_id: str = "",
+    state: Optional[MandateState] = None,
+) -> str:
+    st = state if state is not None else load_state()
+    if st is None or not _state_applies_to_session(st, session_id):
+        return ""
+    if not st.active or not st.execute_until_blocker:
+        return ""
+
+    lines = [
+        (
+            "EXECUTION MODE: execute-until-blocker active "
+            f"(marker='{st.marker}', source={st.source})."
+        ),
+        "Do not stop for option menus, reprioritization, summaries, or audits.",
+        "Pause only for a real blocker, an explicit approval gate, or a requested report.",
+    ]
+    if st.revalidate_after_compaction:
+        lines.append("Re-validate this latch after compaction and continue from the stored next step.")
+    return "\n".join(lines)
+
+
 def _description_has_exception(description: str, exception: str) -> bool:
     haystack = f"{description or ''}\n{exception or ''}".lower()
     return any(kw in haystack for kw in EXCEPTION_KEYWORDS)