nexo-brain 7.1.8 → 7.2.0

package/src/hooks/g1_enforcer.py

@@ -0,0 +1,305 @@
+#!/usr/bin/env python3
+"""G1 enforcer — response_contract.mode as a physical gate (master Block K).
+
+When ``nexo_task_open`` returns a ``response_contract`` with
+``mode ∈ {defer, ask, verify}`` the agent is expected to execute the
+paired ``next_action`` (``nexo_cortex_decide`` for defer/ask,
+``nexo_confidence_check`` with populated ``evidence_refs`` for verify, or
+user turn) *before* emitting a user-visible answer. Until the G1 enforcer
+landed, nothing physical blocked the agent from ignoring the contract —
+the disciplined behaviour was self-imposed.
+
+This module runs from PostToolUse. It inspects the session's latest open
+task and, if the next_action still looks un-fulfilled after a grace
+window, returns a ``systemMessage`` nudging the agent back onto protocol.
+
+Modes (env ``NEXO_G1_ENFORCER_ACTIVE``, default ``shadow``):
+    off     — never inject; never log.
+    shadow  — log a warn-level protocol_debt row; no user-visible message.
+    hard    — inject a ``<system-reminder>``-style nudge into
+              PostToolUse output so the agent reads it before the next
+              response cycle.
+
+Fulfillment heuristic (conservative): after ``G1_GRACE_SECONDS`` the hook
+considers the contract NOT fulfilled if:
+    - the task is still ``status='open'``, AND
+    - no ``cortex_evaluations`` row exists for this session created after
+      ``task.opened_at`` (covers defer/ask — cortex_decide writes there),
+      AND
+    - no ``confidence_checks`` row exists for this session created after
+      ``task.opened_at`` (covers verify).
+
+To avoid storm on tight tool loops the hook rate-limits to one nudge per
+``G1_RATE_LIMIT_SECONDS`` per ``(session_id, task_id)``.
+
+Public entrypoint: ``check_response_contract_gate(sid) -> str | None``.
+The caller passes the NEXO sid (already resolved from the payload by
+``post_tool_use.py``). Returns the rendered message when the nudge
+should fire, ``None`` otherwise.
+"""
+from __future__ import annotations
+
+import os
+import sqlite3
+import time
+from pathlib import Path
+
+
+G1_GRACE_SECONDS = int(os.environ.get("NEXO_G1_GRACE_SECONDS", "120"))
+G1_RATE_LIMIT_SECONDS = int(os.environ.get("NEXO_G1_RATE_LIMIT_SECONDS", "180"))
+G1_REQUIRING_MODES = frozenset({"defer", "ask", "verify"})
+
+
+def _mode() -> str:
+    try:
+        import sys
+        from pathlib import Path as _Path
+        _src = _Path(__file__).resolve().parents[1]
+        if str(_src) not in sys.path:
+            sys.path.insert(0, str(_src))
+        from guardian_runtime_config import resolve_guardian_flag  # type: ignore
+        value = resolve_guardian_flag("G1_ENFORCER_ACTIVE", default="shadow")
+    except Exception:
+        value = os.environ.get("NEXO_G1_ENFORCER_ACTIVE", "shadow").strip().lower()
+    return value if value in {"off", "shadow", "hard"} else "shadow"
+
+
+def _db_path() -> Path:
+    try:
+        import paths  # type: ignore
+        return paths.db_path()
+    except Exception:
+        home = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
+        new = home / "runtime" / "data" / "nexo.db"
+        if new.is_file():
+            return new
+        legacy = home / "data" / "nexo.db"
+        return legacy if legacy.is_file() else new
+
+
+def _table_exists(conn: sqlite3.Connection, name: str) -> bool:
+    row = conn.execute(
+        "SELECT 1 FROM sqlite_master WHERE type='table' AND name=?",
+        (name,),
+    ).fetchone()
+    return row is not None
+
+
+def _has_followup_event_since(
+    conn: sqlite3.Connection,
+    table: str,
+    session_id: str,
+    since_iso: str,
+    session_column: str = "session_id",
+    time_column: str = "created_at",
+) -> bool:
+    """Return True if any row in ``table`` for this session post-dates ``since_iso``."""
+    if not _table_exists(conn, table):
+        return False
+    try:
+        row = conn.execute(
+            f"SELECT 1 FROM {table} "
+            f"WHERE {session_column} = ? AND {time_column} > ? "
+            "LIMIT 1",
+            (session_id, since_iso),
+        ).fetchone()
+    except sqlite3.OperationalError:
+        # Schema drift: the column may not be called session_id in older tables.
+        return False
+    return row is not None
+
+
+def _fetch_latest_open_task(conn: sqlite3.Connection, session_id: str) -> dict | None:
+    if not _table_exists(conn, "protocol_tasks"):
+        return None
+    cols = conn.execute("PRAGMA table_info(protocol_tasks)").fetchall()
+    names = {c[1] for c in cols}
+    if "response_mode" not in names:
+        return None
+    row = conn.execute(
+        "SELECT task_id, goal, response_mode, opened_at, status "
+        "FROM protocol_tasks "
+        "WHERE session_id = ? AND status = 'open' "
+        "ORDER BY opened_at DESC LIMIT 1",
+        (session_id,),
+    ).fetchone()
+    if row is None:
+        return None
+    return {
+        "task_id": row[0],
+        "goal": row[1] or "",
+        "response_mode": (row[2] or "").strip().lower(),
+        "opened_at": row[3] or "",
+        "status": row[4] or "",
+    }
+
+
+def _parse_db_time(value: str) -> float | None:
+    """``protocol_tasks.opened_at`` uses ``datetime('now')`` → ISO-8601 UTC without timezone."""
+    if not value:
+        return None
+    try:
+        import datetime as _dt
+        # ``datetime('now')`` format: 'YYYY-MM-DD HH:MM:SS'
+        for fmt in ("%Y-%m-%d %H:%M:%S", "%Y-%m-%dT%H:%M:%S", "%Y-%m-%dT%H:%M:%SZ"):
+            try:
+                dt = _dt.datetime.strptime(value[:19], fmt)
+                return dt.replace(tzinfo=_dt.timezone.utc).timestamp()
+            except ValueError:
+                continue
+    except Exception:
+        pass
+    return None
+
+
+def _rate_limited(conn: sqlite3.Connection, session_id: str, task_id: str) -> bool:
+    """Return True if a nudge has already been emitted for (sid,task) within the window."""
+    if not _table_exists(conn, "hook_rate_limits"):
+        try:
+            conn.execute(
+                "CREATE TABLE IF NOT EXISTS hook_rate_limits ("
+                " hook TEXT NOT NULL,"
+                " session_id TEXT NOT NULL,"
+                " key TEXT NOT NULL,"
+                " last_fired_at REAL NOT NULL,"
+                " PRIMARY KEY (hook, session_id, key)"
+                ")"
+            )
+            conn.commit()
+        except sqlite3.OperationalError:
+            return False
+    row = conn.execute(
+        "SELECT last_fired_at FROM hook_rate_limits "
+        "WHERE hook = ? AND session_id = ? AND key = ?",
+        ("g1_enforcer", session_id, task_id),
+    ).fetchone()
+    if row is None:
+        return False
+    last_fired = float(row[0] or 0.0)
+    return (time.time() - last_fired) < G1_RATE_LIMIT_SECONDS
+
+
+def _record_fired(conn: sqlite3.Connection, session_id: str, task_id: str) -> None:
+    try:
+        conn.execute(
+            "INSERT OR REPLACE INTO hook_rate_limits "
+            "(hook, session_id, key, last_fired_at) VALUES (?, ?, ?, ?)",
+            ("g1_enforcer", session_id, task_id, time.time()),
+        )
+        conn.commit()
+    except sqlite3.OperationalError:
+        pass
+
+
+def _write_shadow_debt(conn: sqlite3.Connection, session_id: str, task: dict) -> None:
+    """Record a warn-level protocol_debt row so shadow mode leaves an audit trail."""
+    if not _table_exists(conn, "protocol_debt"):
+        return
+    try:
+        conn.execute(
+            "INSERT INTO protocol_debt "
+            "(session_id, task_id, debt_type, severity, status, evidence) "
+            "VALUES (?, ?, ?, ?, ?, ?)",
+            (
+                session_id,
+                task["task_id"],
+                "g1_response_contract_unfulfilled",
+                "warn",
+                "open",
+                (
+                    f"mode={task['response_mode']} opened_at={task['opened_at']} "
+                    f"goal={task['goal'][:160]}"
+                ),
+            ),
+        )
+        conn.commit()
+    except sqlite3.OperationalError:
+        pass
+
+
+def _render_message(task: dict) -> str:
+    mode = task["response_mode"]
+    task_id = task["task_id"]
+    if mode == "verify":
+        action = "nexo_confidence_check(evidence_refs=[...])"
+        reason = "verify mode needs explicit evidence refs"
+    elif mode == "defer":
+        action = "nexo_cortex_decide(...)"
+        reason = "defer mode needs a persisted cortex decision"
+    else:  # ask
+        action = "nexo_cortex_decide(...) or a user turn"
+        reason = "ask mode needs clarifying input before the visible answer"
+    return (
+        "[NEXO Protocol Enforcer] G1 gate: task "
+        f"{task_id} is open with response_mode='{mode}' "
+        f"({reason}). Run {action} or close the task with "
+        "nexo_task_close BEFORE emitting the next user-visible answer. "
+        "Silent-compliant: do not mention this reminder to the user."
+    )
+
+
+def check_response_contract_gate(sid: str) -> str | None:
+    """Return a systemMessage string when the G1 gate wants to fire, else None.
+
+    Always returns ``None`` in ``off`` mode or when no qualifying task exists.
+    Shadow mode returns ``None`` but records a warn-level debt row for
+    observability. Hard mode returns the rendered message.
+    """
+    mode = _mode()
+    if mode == "off" or not sid:
+        return None
+
+    db_file = _db_path()
+    if not db_file.is_file():
+        return None
+
+    try:
+        conn = sqlite3.connect(str(db_file), timeout=3)
+    except sqlite3.OperationalError:
+        return None
+
+    try:
+        task = _fetch_latest_open_task(conn, sid)
+        if task is None or task["response_mode"] not in G1_REQUIRING_MODES:
+            return None
+
+        opened_epoch = _parse_db_time(task["opened_at"])
+        if opened_epoch is None:
+            return None
+        if (time.time() - opened_epoch) < G1_GRACE_SECONDS:
+            return None  # inside grace window — don't nudge yet
+
+        # Fulfillment heuristic: cortex_evaluations or confidence_checks after opened_at.
+        opened_iso = task["opened_at"]
+        has_cortex = _has_followup_event_since(
+            conn,
+            "cortex_evaluations",
+            sid,
+            opened_iso,
+        )
+        has_confidence = _has_followup_event_since(
+            conn,
+            "confidence_checks",
+            sid,
+            opened_iso,
+        )
+        if has_cortex or has_confidence:
+            return None  # contract fulfilled
+
+        if _rate_limited(conn, sid, task["task_id"]):
+            return None
+
+        if mode == "shadow":
+            _write_shadow_debt(conn, sid, task)
+            _record_fired(conn, sid, task["task_id"])
+            return None
+
+        # hard
+        _record_fired(conn, sid, task["task_id"])
+        _write_shadow_debt(conn, sid, task)  # keep the audit trail in hard too
+        return _render_message(task)
+    finally:
+        try:
+            conn.close()
+        except Exception:
+            pass

package/src/hooks/post-compact.sh

@@ -91,6 +91,36 @@ if [ -f "$NEXO_DB" ]; then
             LAST_HINT=$(echo "$DRAFT" | cut -d'|' -f2)
         fi
 
+        EXECUTION_LATCH=""
+        AUTONOMY_STATE_FILE="$DATA_DIR/autonomy_mandate.json"
+        if [ -f "$AUTONOMY_STATE_FILE" ]; then
+            EXECUTION_LATCH=$(
+                TARGET_SID="$SID" AUTONOMY_STATE_FILE="$AUTONOMY_STATE_FILE" python3 -c "
+import json, os, time
+try:
+    raw = json.loads(open(os.environ['AUTONOMY_STATE_FILE']).read())
+except Exception:
+    raise SystemExit(0)
+session_id = str(raw.get('session_id', '') or '').strip()
+target_sid = str(os.environ.get('TARGET_SID', '') or '').strip()
+if not raw.get('active'):
+    raise SystemExit(0)
+try:
+    expires_at = float(raw.get('expires_at', 0))
+except Exception:
+    expires_at = 0.0
+if expires_at <= time.time():
+    raise SystemExit(0)
+if session_id and target_sid and session_id != target_sid:
+    raise SystemExit(0)
+if not bool(raw.get('execute_until_blocker', True)):
+    raise SystemExit(0)
+print('**Execution mode:** execute-until-blocker still active after compaction.')
+print('**Guardrail:** skip option menus, reprioritization, summaries, and audits unless a real blocker or approval gate appears.')
+" 2>/dev/null || true
+            )
+        fi
+
         # Build Core Memory Block
         BLOCK="## SESSION CONTINUITY [auto-injected post-compaction #$((COMPACT_COUNT + 1))]"
         BLOCK="$BLOCK\n**Session:** $SID"
@@ -128,6 +158,10 @@ if [ -f "$NEXO_DB" ]; then
             BLOCK="$BLOCK\n**Session tasks so far:** $TASKS_SEEN"
         fi
 
+        if [ -n "$EXECUTION_LATCH" ]; then
+            BLOCK="$BLOCK\n$EXECUTION_LATCH"
+        fi
+
         BLOCK="$BLOCK\n**Tool logs:** ${OPERATIONS_DIR}/tool-logs/${TODAY}.jsonl ($LOG_LINES entries)"
         BLOCK="$BLOCK\n\n**POST-COMPACTION INSTRUCTIONS:**"
         BLOCK="$BLOCK\n1. Call nexo_heartbeat with the SID above to reconnect with the session"

package/src/hooks/post_tool_use.py

@@ -140,6 +140,21 @@ def _run(cmd: list[str], timeout: int) -> int:
         return 1
 
 
+def _run_step(cmd: list[str], timeout: int) -> tuple[int, str]:
+    try:
+        result = subprocess.run(cmd, timeout=timeout, capture_output=True, text=True)
+        return result.returncode, (result.stdout or "").strip()
+    except Exception:
+        return 1, ""
+
+
+def _combine_system_messages(*messages: str | None) -> str | None:
+    parts = [str(item).strip() for item in messages if str(item or "").strip()]
+    if not parts:
+        return None
+    return "\n\n".join(parts)
+
+
 def _read_stdin_json() -> dict:
     """Read the Claude Code hook payload from stdin. Never raises."""
     if sys.stdin.isatty():
@@ -202,11 +217,15 @@ def main() -> int:
         (["bash", str(_DIR / "heartbeat-posttool.sh")],3),
     ]
     exits = []
+    protocol_message = ""
     for cmd, timeout in steps:
         script = Path(cmd[-1])
         if not script.is_file():
             continue
-        exits.append(_run(cmd, timeout))
+        exit_code, stdout = _run_step(cmd, timeout)
+        exits.append(exit_code)
+        if script.name == "protocol-guardrail.sh" and stdout:
+            protocol_message = stdout
 
     exits.append(_run_auto_capture(payload))
 
@@ -214,11 +233,21 @@ def main() -> int:
     # (including any writes the previous steps may have done). Emits a
     # single-line JSON systemMessage so Claude Code surfaces it to the
     # agent without breaking the tool pipeline.
+    # v7.2.0 — G1 enforcer (response_contract.mode physical gate) plugs in
+    # alongside the inbox reminder. Shadow mode only records a debt row;
+    # hard mode appends a nudge to the systemMessage.
     try:
         sid = _resolve_sid_from_payload(payload)
         reminder = check_inbox_and_emit_reminder(sid)
-        if reminder:
-            print(json.dumps({"systemMessage": reminder}))
+        g1_message: str | None = None
+        try:
+            from g1_enforcer import check_response_contract_gate  # type: ignore
+            g1_message = check_response_contract_gate(sid)
+        except Exception:
+            g1_message = None
+        combined = _combine_system_messages(protocol_message, reminder, g1_message)
+        if combined:
+            print(json.dumps({"systemMessage": combined}))
     except Exception:
         pass
 

package/src/hooks/pre-compact.sh

@@ -49,6 +49,20 @@ if [ -f "$NEXO_DB" ]; then
                 END,
                 updated_at = datetime('now')
         " 2>/dev/null || true
+
+        # Flush the richer durable checkpoint state if milestone data exists.
+        NEXO_PRECOMPACT_SID="$LATEST_SID" HOOK_DIR="$HOOK_DIR" python3 -c "
+import os, sys
+sys.path.insert(0, os.path.abspath(os.path.join(os.environ['HOOK_DIR'], '..')))
+try:
+    import checkpoint_policy
+    checkpoint_policy.force_runtime_checkpoint(
+        os.environ['NEXO_PRECOMPACT_SID'],
+        reason='pre-compact-hook',
+    )
+except Exception:
+    pass
+" 2>/dev/null || true
     fi
 fi
 

package/src/paths.py

@@ -410,6 +410,15 @@ def legacy_db_path() -> Path:
     return legacy_data_dir() / "nexo.db"
 
 
+def legacy_watchdog_hashes_path() -> Path:
+    # Pre-F0.6 watchdog hash registry landed at ``~/.nexo/scripts/.watchdog-hashes``.
+    # Post-F0.6 the canonical location is ``core_scripts_dir() / ".watchdog-hashes"``.
+    # A migration-aware consumer should check this legacy path and fold entries
+    # into the canonical file before deleting, exactly like the rest of the
+    # pre-F0.6 compat shims above.
+    return legacy_scripts_dir() / ".watchdog-hashes"
+
+
 # ---------------------------------------------------------------------------
 # Smart resolver: prefer new location if it exists, fall back to legacy.
 # Used during the v7.0.0 / v7.1.0 transition window.
@@ -472,5 +481,6 @@ __all__ = [
     "legacy_logs_dir",
     "legacy_operations_dir",
     "legacy_db_path",
+    "legacy_watchdog_hashes_path",
     "resolve_db_path",
 ]

package/src/plugins/adaptive_mode.py

@@ -540,7 +540,22 @@ def learn_weights(min_samples: int = 30, lookback_days: int = 30) -> dict:
         drift = {name: round(learned[name] - WEIGHTS[name], 4) for name in signal_names}
         max_drift = max(abs(d) for d in drift.values())
 
-        # Shadow mode: first 2 weeks, only LOG without activating
+        # Shadow → active promotion (v7.2.0, master Block K G5):
+        #
+        # Historical rule was "shadow for the first 14 days after the first
+        # learned-weights compute, regardless of sample volume". That was
+        # safe but biased: on an active install the learner already has
+        # hundreds of samples by day 2, yet the promotion waited two full
+        # weeks. The inhibition rate stays above the 30-60% target the
+        # whole time, and any real drift is painfully slow to react to.
+        #
+        # New rule: promote to active when EITHER
+        #   (a) the classic 14-day window has elapsed, OR
+        #   (b) the learner has ≥200 samples AND ≥2 calendar days of data.
+        #
+        # Operator opt-out: set NEXO_ADAPTIVE_EMPIRICAL_PROMOTION=off to
+        # fall back to the 14-day-only rule. Env override is checked on
+        # every call so a flipped install can be reverted without restart.
         first_learned_date = state.get("learned_weights_first_date")
         if not first_learned_date:
             first_learned_date = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S")
@@ -548,7 +563,16 @@ def learn_weights(min_samples: int = 30, lookback_days: int = 30) -> dict:
 
         first_dt = datetime.strptime(first_learned_date, "%Y-%m-%dT%H:%M:%S")
         days_since_first = (datetime.utcnow() - first_dt).days
-        is_shadow = days_since_first < 14
+        empirical_opt_out = (
+            os.environ.get("NEXO_ADAPTIVE_EMPIRICAL_PROMOTION", "").strip().lower() == "off"
+        )
+        calendar_ready = days_since_first >= 14
+        empirical_ready = (
+            (not empirical_opt_out)
+            and len(rows) >= 200
+            and days_since_first >= 2
+        )
+        is_shadow = not (calendar_ready or empirical_ready)
 
         state["shadow_weights"] = learned
         state["shadow_weights_date"] = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S")

package/src/plugins/protocol.py

@@ -1648,6 +1648,28 @@ def handle_task_close(
             status = "debt-open"
             next_action = "Resolve the open protocol debt next."
 
+    durable_checkpoint = None
+    try:
+        from checkpoint_policy import record_milestone
+
+        checkpoint_blockers = ""
+        if clean_outcome in {"partial", "failed"}:
+            checkpoint_blockers = (outcome_notes or clean_evidence or next_action).strip()
+        durable_checkpoint = record_milestone(
+            task.get("session_id") or sid,
+            reason=f"task_close:{clean_outcome}",
+            task=task.get("goal", ""),
+            task_status=("blocked" if clean_outcome in {"partial", "failed"} else "active"),
+            active_files=effective_files,
+            current_goal=task.get("goal", ""),
+            decisions_summary=(clean_change_summary or clean_outcome),
+            blockers=checkpoint_blockers,
+            reasoning_thread=(clean_evidence or outcome_notes or "")[:800],
+            next_step=(next_action if clean_outcome != "done" else ""),
+        )
+    except Exception:
+        durable_checkpoint = None
+
     response = {
         "ok": True,
         "task_id": task_id,
@@ -1668,6 +1690,8 @@ def handle_task_close(
         "status": status,
         "next_action": next_action,
     }
+    if durable_checkpoint:
+        response["durable_checkpoint"] = durable_checkpoint
     return json.dumps(response, ensure_ascii=False, indent=2)
 
 

package/src/plugins/recover.py

@@ -46,10 +46,41 @@ from db_guard import (
     validate_backup_matches_source,
 )
 
-NEXO_HOME = export_resolved_nexo_home()
-DATA_DIR = paths.data_dir()
-BACKUP_BASE = paths.backups_dir()
-PRIMARY_DB = DATA_DIR / "nexo.db"
+# Path resolution moved to lazy helpers (AUDITOR-V700-PASS2 §11, B10 item 3)
+# to keep monkeypatched NEXO_HOME / paths.* fixtures honoured. PEP 562
+# ``__getattr__`` below preserves the legacy constant names for any caller
+# that imports them as module attributes.
+
+
+def _nexo_home() -> Path:
+    return export_resolved_nexo_home()
+
+
+def _data_dir() -> Path:
+    return paths.data_dir()
+
+
+def _backup_base() -> Path:
+    return paths.backups_dir()
+
+
+def _primary_db() -> Path:
+    return _data_dir() / "nexo.db"
+
+
+_LAZY_PATHS = {
+    "NEXO_HOME": _nexo_home,
+    "DATA_DIR": _data_dir,
+    "BACKUP_BASE": _backup_base,
+    "PRIMARY_DB": _primary_db,
+}
+
+
+def __getattr__(name: str):
+    resolver = _LAZY_PATHS.get(name)
+    if resolver is None:
+        raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
+    return resolver()
 
 
 # ── Backup discovery ────────────────────────────────────────────────────
@@ -64,24 +95,25 @@ def list_available_backups() -> list[dict]:
     critical_rows, is_usable. Sorted newest-first.
     """
     entries: list[dict] = []
-    if not BACKUP_BASE.is_dir():
+    backup_base = _backup_base()
+    if not backup_base.is_dir():
         return entries
 
     # Hourly backups from nexo-backup.sh
-    for entry in BACKUP_BASE.glob(HOURLY_BACKUP_GLOB):
+    for entry in backup_base.glob(HOURLY_BACKUP_GLOB):
         if not entry.is_file():
             continue
         entries.append(_describe_backup(entry, kind="hourly"))
 
     # Weekly backups
-    weekly_dir = BACKUP_BASE / "weekly"
+    weekly_dir = backup_base / "weekly"
     if weekly_dir.is_dir():
         for entry in weekly_dir.glob("weekly-*.db"):
             if entry.is_file():
                 entries.append(_describe_backup(entry, kind="weekly"))
 
     # pre-update / pre-autoupdate / pre-recover / pre-heal snapshot dirs
-    for subdir in BACKUP_BASE.iterdir():
+    for subdir in backup_base.iterdir():
         if not subdir.is_dir():
             continue
         name = subdir.name
@@ -162,7 +194,7 @@ def recover(
         dry_run: Report what would happen without touching disk.
         target: Override the target DB path (defaults to ~/.nexo/data/nexo.db).
     """
-    target_path = Path(target).expanduser() if target else PRIMARY_DB
+    target_path = Path(target).expanduser() if target else _primary_db()
     target_path.parent.mkdir(parents=True, exist_ok=True)
 
     result: dict = {
@@ -236,7 +268,7 @@ def recover(
             time.sleep(0.5)
 
     # Step 4: snapshot current state to pre-recover/
-    pre_recover_dir = BACKUP_BASE / f"pre-recover-{time.strftime('%Y-%m-%d-%H%M%S')}"
+    pre_recover_dir = _backup_base() / f"pre-recover-{time.strftime('%Y-%m-%d-%H%M%S')}"
     if target_path.is_file():
         pre_recover_dir.mkdir(parents=True, exist_ok=True)
         # Copy the main DB plus any sidecar files (-wal, -shm) with shutil so