nexo-brain 7.11.3 → 7.11.6

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.3",
+  "version": "7.11.6",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,13 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.11.3` is the current packaged-runtime line. Patch release — root-cause fix for the `mcp_restart_required` lockup that v7.11.2 only masked at the enforcer layer. `_FINGERPRINT_EXCLUDE_DIRS` in `src/runtime_versioning.py` was missing `"versions"`, so `compute_mcp_runtime_fingerprint()` walked into `core/versions/<old>/**.py` whenever it was called against the live runtime root. `installed_runtime_fingerprint()` (which resolves through `active_runtime_root()` → `core/versions/<active>/`) returned a clean per-snapshot hash, while `prime_process_fingerprint()` (which starts from `Path(__file__).resolve().parent` → live `core/`) accumulated every retained snapshot. The two never matched after the second-ever `nexo update` on a host. Every update wrote `mcp-restart-required.json` and the marker could never be cleared by `_ack_current_client_if_restarted()` because the `installed_fp != process_fp` test always returned `True`. Every non-allowlisted MCP tool (`nexo_reminders`, `nexo_smart_startup`, `nexo_guard_check`, `nexo_task_open`, …) returned `{"error": "mcp_restart_required", "reason": "fingerprint_mismatch"}` indefinitely, even after the operator restarted the client (the new client connected to the same server with the same cached `PROCESS_FINGERPRINT`). v7.11.2 silenced the enforcer-side noise but the marker itself stayed stuck, so user-driven calls kept failing across sessions. Adding `"versions"` to `_FINGERPRINT_EXCLUDE_DIRS` restores parity: both fingerprint computations now hash the same set of files regardless of which entry path the caller starts from. 1 new regression test (`test_fingerprint_ignores_versions_subtree`) seeds three snapshot directories under `versions/` and asserts the fingerprint does not shift. The two existing exclude-dir tests now also cover `"versions"`. All 21 tests in `tests/test_runtime_fingerprint.py` stay green.
+Version `7.11.6` is the current packaged-runtime line. Patch release — Guardian G4 now filters more false-positive slash fragments before they become debt, `strict_protocol_write_without_task` downgrades to `warn` when the session has a fresh heartbeat, and Deep Sleep extraction validates the real prompt contract instead of accepting any syntactically valid JSON. Validation so far: `50` targeted tests across hook guardrails and Deep Sleep extraction.
+
+Previously in `7.11.5`: patch release — Desktop-managed installs now block the standalone dashboard at the same product-mode layer as evolution, so `installation_live`, cron sync, and watchdog no longer disagree about whether `com.nexo.dashboard` should exist. Validation: `125` targeted tests across product-mode, cron sync, and doctor, plus a full pre-release wrapper (`2321 passed, 2 skipped, 1 xfailed, 4 xpassed`).
+
+Previously in `7.11.4`: patch release — packaged runtimes now receive root JSON contracts such as `local_model_manifest.json`, install/update paths sync core crons from `src/crons/manifest.json` instead of depending on a stale JS list, `runner-health-check` is wired into cron/doctor/dashboard instead of writing an unread file, and the watchdog retries failed crons immediately while treating `run_once_on_wake` as catchup-style recovery. Validation: `117` targeted tests across packaged update, cron sync/recovery, dashboard, local models, and runtime update contracts.
+
+Previously in `7.11.3`: patch release — root-cause fix for the `mcp_restart_required` lockup that v7.11.2 only masked at the enforcer layer. `_FINGERPRINT_EXCLUDE_DIRS` in `src/runtime_versioning.py` was missing `"versions"`, so `compute_mcp_runtime_fingerprint()` walked into `core/versions/<old>/**.py` whenever it was called against the live runtime root. `installed_runtime_fingerprint()` (which resolves through `active_runtime_root()` → `core/versions/<active>/`) returned a clean per-snapshot hash, while `prime_process_fingerprint()` (which starts from `Path(__file__).resolve().parent` → live `core/`) accumulated every retained snapshot. The two never matched after the second-ever `nexo update` on a host. Every update wrote `mcp-restart-required.json` and the marker could never be cleared by `_ack_current_client_if_restarted()` because the `installed_fp != process_fp` test always returned `True`. Every non-allowlisted MCP tool (`nexo_reminders`, `nexo_smart_startup`, `nexo_guard_check`, `nexo_task_open`, …) returned `{"error": "mcp_restart_required", "reason": "fingerprint_mismatch"}` indefinitely, even after the operator restarted the client. Adding `"versions"` to `_FINGERPRINT_EXCLUDE_DIRS` restores parity; 21 runtime-fingerprint tests stayed green.
 
 Previously in `7.11.2`: patch release — two reliability fixes in the same family ("components ignoring signals they should respect"): (1) `STUCK CRON REAPER` added to `nexo-watchdog.sh` and (2) the Guardian/Enforcer now honors the `mcp-restart-required` marker. The watchdog reaper closes the v5.8.1 in-flight gap: truly hung wrappers (e.g. headless `claude --bare` blocked on an MCP that flagged `mcp_restart_required`) used to hold their slot for days. The reaper sweeps `cron_runs` rows with `ended_at IS NULL` past `stuck_after_seconds` (per-cron from `manifest.json`, fallback 12h global), SIGTERMs the wrapper (trap closes row at `exit 143`), grace 10s, SIGKILL on survivors. Generous defaults (deep-sleep 8h, sleep/evolution 4h) prevent any v5.8.1 regression. The enforcer gate skips `nexo_*`-mentioning reminders when the marker file is present (cached per-instance, 30s TTL); reminders that don't reference `nexo_*` still fire. 12 new tests; 3 existing watchdog tests + 52 existing enforcer tests stay green.
 

package/bin/nexo-brain.js

@@ -847,11 +847,12 @@ function getCoreRuntimeFlatFiles(srcDir = path.join(__dirname, "..", "src")) {
         if (isDuplicateArtifactName(name, srcDir)) return false;
         const stat = fs.statSync(path.join(srcDir, name));
         if (!stat.isFile()) return false;
-        // Include Python modules and any flat JSON config the Python runtime
-        // reads at import time (e.g. model_defaults.json). The "_defaults.json"
-        // suffix convention lets us add future config JSONs without touching
-        // this list.
-        return name.endsWith(".py") || name.endsWith("_defaults.json");
+        // Include Python modules and flat JSON contracts that the runtime
+        // reads directly from the installed core tree.
+        return (
+          name.endsWith(".py")
+          || /(?:_defaults|_manifest|_tiers)\.json$/.test(name)
+        );
       })
     : [];
   return [...new Set([...staticFiles, ...discoveredRootModules])];
@@ -2351,6 +2352,42 @@ WantedBy=timers.target
   }
 }
 
+function syncCoreProcessesFromManifest(pythonPath, nexoHome, sourceRoot = "") {
+  const candidateSyncPaths = [
+    path.join(resolveRuntimeCronsDir(nexoHome), "sync.py"),
+    sourceRoot ? path.join(sourceRoot, "sync.py") : "",
+  ].filter(Boolean);
+  const runtimeCode = runtimeCodeDir(nexoHome);
+  let lastError = "";
+
+  for (const syncPath of candidateSyncPaths) {
+    if (!fs.existsSync(syncPath)) continue;
+    const syncResult = spawnSync(
+      pythonPath || "python3",
+      [syncPath],
+      {
+        env: {
+          ...process.env,
+          HOME: require("os").homedir(),
+          NEXO_HOME: nexoHome,
+          NEXO_CODE: runtimeCode,
+        },
+        stdio: "pipe",
+        encoding: "utf8",
+      },
+    );
+    if (syncResult.status === 0) {
+      return { ok: true, syncPath };
+    }
+    lastError = (syncResult.stderr || syncResult.stdout || "").trim() || `exit ${syncResult.status}`;
+  }
+
+  return {
+    ok: false,
+    error: lastError || "cron sync script not found",
+  };
+}
+
 async function runSetup() {
   // Non-interactive mode: --defaults, --yes, --skip, or -y all skip prompts
   // and apply the recommended defaults end-to-end (v6.0.0 adds --skip).
@@ -2587,8 +2624,14 @@ async function runSetup() {
           const optFile = path.join(resolveRuntimeConfigDir(NEXO_HOME), "optionals.json");
           if (fs.existsSync(optFile)) migOptionals = JSON.parse(fs.readFileSync(optFile, "utf8"));
         } catch {}
-        installAllProcesses(platform, migPython, NEXO_HOME, migSchedule, LAUNCH_AGENTS, migOptionals);
-        log("  All automated processes updated.");
+        const migCronSync = syncCoreProcessesFromManifest(migPython, NEXO_HOME, cronsMigSrc);
+        if (migCronSync.ok) {
+          log("  Core crons reconciled with manifest.");
+        } else {
+          log(`  Cron sync warning: ${migCronSync.error}. Falling back to legacy installer.`);
+          installAllProcesses(platform, migPython, NEXO_HOME, migSchedule, LAUNCH_AGENTS, migOptionals);
+          log("  Automated processes updated via legacy installer fallback.");
+        }
 
         // Update version file
         fs.writeFileSync(versionFile, JSON.stringify({
@@ -2701,19 +2744,11 @@ async function runSetup() {
         copyDirRec2(cronsSrc, cronsDest);
         log("Refreshed crons/ directory.");
 
-        const cronSyncPath = path.join(cronsSrc, "sync.py");
-        if (fs.existsSync(cronSyncPath)) {
-          const syncResult = spawnSync(syncPython, [cronSyncPath], {
-            env: { ...process.env, NEXO_HOME, NEXO_CODE: path.join(__dirname, "..", "src") },
-            stdio: "pipe",
-            encoding: "utf8",
-          });
-          if (syncResult.status === 0) {
-            log("Core crons reconciled with manifest.");
-          } else {
-            const syncErr = (syncResult.stderr || syncResult.stdout || "").trim();
-            log(`Cron sync warning: ${syncErr || `exit ${syncResult.status}`}`);
-          }
+        const syncStatus = syncCoreProcessesFromManifest(syncPython, NEXO_HOME, cronsSrc);
+        if (syncStatus.ok) {
+          log("Core crons reconciled with manifest.");
+        } else {
+          log(`Cron sync warning: ${syncStatus.error}`);
         }
       }
 
@@ -4227,15 +4262,9 @@ ${doScan ? `- Stack: ${Object.keys(profileData.code.languages || {}).slice(0, 5)
   schedule = await maybeConfigurePublicContribution(schedule, useDefaults);
   schedule = await maybeConfigureFullDiskAccess(schedule, useDefaults, python);
   const enabledOptionals = { dashboard: doDashboard, automation: schedule.automation_enabled !== false };
-  if (smokeTestMode) {
-    log("Smoke test mode detected — skipping LaunchAgents installation.");
-  } else if (isEphemeralInstall(NEXO_HOME)) {
-    log("Ephemeral HOME/NEXO_HOME detected — skipping LaunchAgents installation.");
-  } else {
-    installAllProcesses(platform, python, NEXO_HOME, schedule, LAUNCH_AGENTS, enabledOptionals);
-  }
 
-  // Persist optional process preferences for auto-update
+  // Persist optional process preferences before cron sync so the manifest
+  // installer reads the same automation/dashboard state we just computed.
   try {
     const configDir = resolveRuntimeConfigDir(NEXO_HOME);
     fs.mkdirSync(configDir, { recursive: true });
@@ -4243,8 +4272,23 @@ ${doScan ? `- Stack: ${Object.keys(profileData.code.languages || {}).slice(0, 5)
     fs.writeFileSync(optFile, JSON.stringify(enabledOptionals, null, 2));
   } catch {}
 
-  // Note: prevent-sleep and tcc-approve are now part of ALL_PROCESSES
-  // and installed by installAllProcesses() above. No separate caffeinate block needed.
+  if (smokeTestMode) {
+    log("Smoke test mode detected — skipping LaunchAgents installation.");
+  } else if (isEphemeralInstall(NEXO_HOME)) {
+    log("Ephemeral HOME/NEXO_HOME detected — skipping LaunchAgents installation.");
+  } else {
+    const cronSync = syncCoreProcessesFromManifest(python, NEXO_HOME, path.join(__dirname, "..", "src", "crons"));
+    if (cronSync.ok) {
+      log("Core crons reconciled with manifest.");
+    } else {
+      log(`Cron sync warning: ${cronSync.error}. Falling back to legacy installer.`);
+      installAllProcesses(platform, python, NEXO_HOME, schedule, LAUNCH_AGENTS, enabledOptionals);
+      log("Automated processes configured via legacy installer fallback.");
+    }
+  }
+
+  // Manifest-driven cron sync now owns the steady-state install path.
+  // The legacy installer remains only as a bootstrap fallback.
 
   // Step 7b: macOS Keychain setup for headless automation
   await setupKeychainPassFile(NEXO_HOME);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.3",
+  "version": "7.11.6",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/auto_update.py

@@ -4135,7 +4135,14 @@ def _discover_runtime_root_python_modules(base_dir: Path) -> list[str]:
 def _runtime_flat_files(base_dir: Path) -> list[str]:
     ordered: list[str] = []
     seen: set[str] = set()
-    for name in _discover_runtime_root_python_modules(base_dir) + ["requirements.txt", "package.json", "version.json"]:
+    json_contracts = [
+        item.name
+        for item in sorted(base_dir.iterdir(), key=lambda p: p.name)
+        if item.is_file()
+        and re.search(r"(?:_defaults|_manifest|_tiers)\.json$", item.name)
+        and not is_duplicate_artifact_name(item.name)
+    ]
+    for name in _discover_runtime_root_python_modules(base_dir) + json_contracts + ["requirements.txt", "package.json", "version.json"]:
         if name in seen:
             continue
         seen.add(name)

package/src/crons/manifest.json

@@ -92,6 +92,20 @@
       "run_on_boot": true,
       "run_on_wake": true
     },
+    {
+      "id": "runner-health-check",
+      "script": "scripts/runner-health-check.py",
+      "interval_seconds": 21600,
+      "description": "Watchdog check — verifies that automation runners produce recent useful output",
+      "core": true,
+      "optional": "automation",
+      "recovery_policy": "catchup",
+      "idempotent": true,
+      "max_catchup_age": 43200,
+      "stuck_after_seconds": 600,
+      "run_on_boot": true,
+      "run_on_wake": true
+    },
     {
       "id": "backup",
       "script": "scripts/nexo-backup.sh",

package/src/dashboard/app.py

@@ -1257,6 +1257,38 @@ async def api_watchdog():
         return JSONResponse({"error": f"Invalid JSON: {e}"}, status_code=500)
 
 
+@app.get("/api/runner-health")
+async def api_runner_health():
+    """Read runner health status from file."""
+    report_path = paths.operations_dir() / "runner-health-report.json"
+    if not report_path.exists():
+        return JSONResponse(
+            {"error": "runner-health-report.json not found", "path": str(report_path)},
+            status_code=404,
+        )
+    try:
+        data = json.loads(report_path.read_text(encoding="utf-8"))
+        return data
+    except json.JSONDecodeError as e:
+        return JSONResponse({"error": f"Invalid JSON: {e}"}, status_code=500)
+
+
+@app.get("/api/morning-briefing")
+async def api_morning_briefing():
+    """Read the latest generated morning briefing artifact."""
+    briefing_path = paths.operations_dir() / "morning-briefing-latest.md"
+    if not briefing_path.exists():
+        return JSONResponse(
+            {"error": "morning-briefing-latest.md not found", "path": str(briefing_path)},
+            status_code=404,
+        )
+    return {
+        "path": str(briefing_path),
+        "updated_at": datetime.datetime.fromtimestamp(briefing_path.stat().st_mtime).isoformat(),
+        "content": briefing_path.read_text(encoding="utf-8"),
+    }
+
+
 # ===========================================================================
 # NEW API ENDPOINTS — Dashboard v3.0 modules
 # ===========================================================================
@@ -1377,6 +1409,18 @@ async def api_chat(body: ChatMessage):
             return {"answer": "Watchdog status:", "data": json.loads(wp.read_text()), "query_type": "watchdog"}
         return {"answer": "Watchdog not available.", "data": [], "query_type": "watchdog"}
 
+    elif any(w in msg for w in ["runner health", "morning agent", "followup runner"]):
+        rp = paths.operations_dir() / "runner-health-report.json"
+        if rp.exists():
+            return {"answer": "Runner health:", "data": json.loads(rp.read_text()), "query_type": "runner_health"}
+        return {"answer": "Runner health report not available.", "data": [], "query_type": "runner_health"}
+
+    elif any(w in msg for w in ["morning briefing", "briefing", "resumen matinal"]):
+        bp = paths.operations_dir() / "morning-briefing-latest.md"
+        if bp.exists():
+            return {"answer": "Latest morning briefing:", "data": {"content": bp.read_text(encoding="utf-8")}, "query_type": "morning_briefing"}
+        return {"answer": "Morning briefing not available.", "data": [], "query_type": "morning_briefing"}
+
     elif any(w in msg for w in ["skill", "habilidad"]):
         rows = conn.execute(
             "SELECT id, name, level, trust_score, use_count FROM skills ORDER BY trust_score DESC LIMIT 20"

package/src/doctor/providers/runtime.py

@@ -47,6 +47,7 @@ PROTECTED_MACOS_ROOTS = (
 # Freshness thresholds in seconds
 IMMUNE_FRESHNESS = 3600  # 1 hour (runs every 30 min)
 WATCHDOG_FRESHNESS = 3600  # 1 hour (runs every 30 min)
+RUNNER_HEALTH_FRESHNESS = 43200  # 12 hours (runner-health-check runs every 6h)
 DEFAULT_CRON_THRESHOLD = 7200  # Fallback when manifest data is unavailable
 LIVE_PROTOCOL_SESSION_FRESHNESS = 1800  # 30 minutes
 SPECIAL_ENV_NORMALIZE_IDS = {"prevent-sleep", "tcc-approve"}
@@ -1314,6 +1315,96 @@ def check_watchdog_status() -> DoctorCheck:
         )
 
 
+def check_runner_health_status() -> DoctorCheck:
+    """Check runner-health-report.json freshness and overall status."""
+    schedule = {}
+    try:
+        if SCHEDULE_FILE.is_file():
+            schedule = _load_json(SCHEDULE_FILE)
+    except Exception:
+        schedule = {}
+
+    prefs = normalize_client_preferences(schedule)
+    if not prefs.get("automation_enabled", True):
+        return DoctorCheck(
+            id="runtime.runner_health",
+            tier="runtime",
+            status="healthy",
+            severity="info",
+            summary="Automation disabled; runner health check not expected",
+        )
+
+    report_file = paths.operations_dir() / "runner-health-report.json"
+    age = _file_age_seconds(report_file)
+    if age is None:
+        return DoctorCheck(
+            id="runtime.runner_health",
+            tier="runtime",
+            status="degraded",
+            severity="warn",
+            summary="Runner health report not found",
+            evidence=[f"Expected: {report_file}"],
+            repair_plan=[
+                "Check that runner-health-check exists in crons/manifest.json and was synced into LaunchAgents/systemd",
+                "Verify followup-runner and morning-agent are enabled under automation",
+            ],
+            escalation_prompt="Automation runners are enabled but runner-health-report.json was never produced.",
+        )
+
+    age_hours = age / 3600
+    if age > RUNNER_HEALTH_FRESHNESS:
+        return DoctorCheck(
+            id="runtime.runner_health",
+            tier="runtime",
+            status="degraded",
+            severity="warn",
+            summary=f"Runner health report stale ({age_hours:.1f}h old)",
+            evidence=[
+                f"{report_file} last modified {age_hours:.1f} hours ago",
+                f"Expected freshness threshold: {RUNNER_HEALTH_FRESHNESS / 3600:.0f} hours",
+            ],
+            repair_plan=[
+                "Inspect runner-health-check cron installation and recent stderr",
+                "Verify automation crons are installed from the manifest, not a stale legacy process list",
+            ],
+        )
+
+    try:
+        data = _load_json(report_file)
+        runners = data.get("runners") or []
+        overall = str(data.get("overall", "UNKNOWN")).upper()
+        fail_count = sum(1 for runner in runners if str(runner.get("status", "")).upper() == "FAIL")
+        warn_count = sum(1 for runner in runners if str(runner.get("status", "")).upper() == "WARN")
+        if overall == "FAIL" or fail_count > 0:
+            status = "critical"
+            severity = "error"
+        elif overall == "WARN" or warn_count > 0:
+            status = "degraded"
+            severity = "warn"
+        else:
+            status = "healthy"
+            severity = "info"
+        return DoctorCheck(
+            id="runtime.runner_health",
+            tier="runtime",
+            status=status,
+            severity=severity,
+            summary=(
+                f"Runner health: {overall} ({len(runners)} runner(s), {warn_count} warn, {fail_count} fail, "
+                f"{age_hours:.1f}h ago)"
+            ),
+        )
+    except Exception as e:
+        return DoctorCheck(
+            id="runtime.runner_health",
+            tier="runtime",
+            status="degraded",
+            severity="warn",
+            summary=f"Runner health report unreadable ({age_hours:.1f}h ago)",
+            evidence=[str(e)],
+        )
+
+
 def check_stale_sessions() -> DoctorCheck:
     """Check for stale sessions from DB."""
     try:
@@ -3252,6 +3343,7 @@ def run_runtime_checks(fix: bool = False) -> list[DoctorCheck]:
     return [
         safe_check(check_immune_status),
         safe_check(check_watchdog_status),
+        safe_check(check_runner_health_status),
         safe_check(check_stale_sessions),
         safe_check(check_cron_freshness),
         safe_check(check_client_backend_preferences, fix=fix),

package/src/hook_guardrails.py

@@ -8,11 +8,12 @@ import os
 import re
 import shlex
 import sys
+import time
 from pathlib import Path
 import paths
 
 from core_prompts import render_core_prompt
-from db import create_protocol_debt, get_db
+from db import create_protocol_debt, get_db, get_last_heartbeat_ts
 from operator_language import append_operator_language_contract
 from plugins.guard import _load_conditioned_learnings, _normalize_path_token
 from protocol_settings import get_protocol_strictness
@@ -252,6 +253,112 @@ def _normalize_file_path(path: str) -> str:
     return _normalize_path_token(str(Path(path)))
 
 
+# Tokens that look like absolute paths but never refer to real files. They
+# typically come from shell heredocs, JSON keys (``/DTEND``), regex/glob
+# fragments, or numeric/dictionary substrings the bash extractor lifted out
+# of a quoted argument. Without this filter the hook keeps emitting
+# unack-eable g4_guard_check_required entries (self-audit 2026-04-24 C2).
+_PATH_ARTIFACT_RE = re.compile(
+    r"""
+    [\$\`]                # unresolved shell substitution / backtick boundary
+    | [\*\?]              # glob metacharacter
+    | [\[\]\{\}]          # bracket/range/heredoc markers
+    | [\|\=\;]            # regex fragments / shell assignment / command separators
+    | \s                  # embedded whitespace (most likely truncation)
+    """,
+    re.VERBOSE,
+)
+_DATE_LIKE_PATH_RE = re.compile(r"^/\d{1,4}/\d{1,4}(?:/\d{1,4})?$")
+_STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS = 300
+
+# Single-segment ``/word`` candidates that match a small dictionary block-list
+# of confirmed false positives observed in the live debt log.
+_PATH_DICTIONARY_BLOCKLIST = frozenset(
+    {
+        "/diary",
+        "/stdout",
+        "/stderr",
+        "/estancada",
+        "/confirmacion",
+        "/confirmación",
+        "/window",
+        "/restaurar",
+        "/dtend",
+        "/dtstart",
+        "/summary",
+    }
+)
+
+
+def _looks_like_real_path(path: str) -> bool:
+    """Return True only when ``path`` plausibly refers to a real file.
+
+    The protocol-pretool guardrail uses this filter to suppress noise
+    coming from shell heredocs, glob fragments, and dictionary words that
+    the bash extractor sometimes mistakes for absolute paths. Without it
+    every false positive becomes a permanent ``g4_guard_check_required``
+    debt row that nobody can ack.
+    """
+
+    raw = str(path or "").strip()
+    if not raw:
+        return False
+    if not raw.startswith("/"):
+        return False
+    if _PATH_ARTIFACT_RE.search(raw):
+        return False
+    if _DATE_LIKE_PATH_RE.fullmatch(raw):
+        return False
+    # Pure numeric segments (``/166``, ``/487``, ``/1000``) are almost
+    # always status codes or counters lifted out of a log line.
+    stripped = raw.lstrip("/")
+    if stripped and re.fullmatch(r"\d+", stripped):
+        return False
+    if raw.lower() in _PATH_DICTIONARY_BLOCKLIST:
+        return False
+    # Reject single-segment ``/word`` candidates that do not exist on the
+    # filesystem and have no extension. Real edits target nested paths or
+    # well-known top-level files (``/etc/hosts`` etc.) that already pass
+    # the dictionary check above. Globs hitting ``/etc`` etc. are rare
+    # and acceptable to over-filter compared with the noise we suppress.
+    if "/" not in stripped and "." not in stripped:
+        try:
+            if not Path(raw).exists():
+                return False
+        except OSError:
+            return False
+    parts = [segment for segment in stripped.split("/") if segment]
+    if len(parts) > 1 and "." not in parts[-1]:
+        try:
+            if not Path(raw).exists():
+                return False
+        except OSError:
+            return False
+    return True
+
+
+def _strict_write_without_task_severity(session_id: str) -> str:
+    """Downgrade missing-task debt when the session is clearly alive.
+
+    A recent heartbeat shows the session is connected to a real ongoing
+    conversation even if the operator skipped `nexo_task_open`. We still
+    block strict writes, but store the debt as warn so dashboards separate
+    protocol drift from completely untracked edits.
+    """
+
+    if not session_id:
+        return "error"
+    try:
+        last_hb = get_last_heartbeat_ts(session_id)
+    except Exception:
+        return "error"
+    if last_hb is None:
+        return "error"
+    if time.time() - float(last_hb) <= _STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS:
+        return "warn"
+    return "error"
+
+
 def _resolve_runtime_path(path: str) -> Path:
     candidate = Path(str(path or "")).expanduser()
     if not candidate.is_absolute():
@@ -328,6 +435,8 @@ def _extract_touched_files(tool_input) -> list[str]:
     unique: list[str] = []
     seen = set()
     for item in files:
+        if not _looks_like_real_path(item):
+            continue
         normalized = _normalize_file_path(item)
         if normalized and normalized not in seen:
             seen.add(normalized)
@@ -414,6 +523,8 @@ def _extract_bash_touched_files(tool_input) -> list[str]:
 
     def add(candidate: str) -> None:
         resolved = _resolve_shell_candidate_path(candidate, cwd)
+        if not resolved or not _looks_like_real_path(resolved):
+            return
         normalized = _normalize_file_path(resolved) if resolved else ""
         if resolved and normalized and normalized not in seen:
             seen.add(normalized)
@@ -1318,12 +1429,13 @@ def process_pre_tool_event(payload: dict) -> dict:
     if not files:
         task = _find_any_open_task(conn, sid)
         if not task:
+            severity = _strict_write_without_task_severity(sid)
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
                 task_id="",
                 debt_type="strict_protocol_write_without_task",
-                severity="error",
+                severity=severity,
                 evidence=f"{tool_name} attempted without a detectable file path and without an open protocol task.",
                 file_token="unknown-target",
             )
@@ -1349,12 +1461,13 @@ def process_pre_tool_event(payload: dict) -> dict:
     for filepath in files:
         task = _find_open_task_for_file(conn, sid, filepath)
         if not task:
+            severity = _strict_write_without_task_severity(sid)
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
                 task_id="",
                 debt_type="strict_protocol_write_without_task",
-                severity="error",
+                severity=severity,
                 evidence=f"{tool_name} attempted on {filepath} without an open protocol task for that file.",
                 file_token=filepath,
             )

package/src/product_mode.py

@@ -15,7 +15,7 @@ DESKTOP_PRODUCT_ENV = "NEXO_DESKTOP_MANAGED"
 ALLOW_CORE_WRITES_ENV = "NEXO_ALLOW_CORE_WRITES"
 PRODUCT_MODE_FILENAME = "product-mode.json"
 DESKTOP_PRODUCT_MODE = "desktop_closed_product"
-DESKTOP_DISABLED_FEATURES = ("evolution",)
+DESKTOP_DISABLED_FEATURES = ("evolution", "dashboard")
 DESKTOP_EVOLUTION_DISABLED_REASON = "Disabled by NEXO Desktop product contract"
 
 
@@ -199,7 +199,7 @@ def enforce_desktop_product_contract(*, source: str = "desktop") -> dict[str, An
 
 def is_cron_blocked(cron_id: str | None) -> bool:
     clean = str(cron_id or "").strip().lower()
-    return clean == "evolution" and desktop_product_requested()
+    return clean in DESKTOP_DISABLED_FEATURES and desktop_product_requested()
 
 
 def filter_blocked_crons(crons: list[dict[str, Any]]) -> list[dict[str, Any]]:

package/src/scripts/deep-sleep/extract.py

@@ -68,6 +68,7 @@ TRANSIENT_ERROR_KINDS = {
     "timeout",
     "signal",
 }
+REQUIRED_PROTOCOL_SUMMARY_KEYS = ("guard_check", "heartbeat", "change_log")
 
 
 def _classify_cli_result(result) -> tuple[str, str]:
@@ -133,6 +134,53 @@ def extract_json_from_response(text: str) -> dict | None:
     return None
 
 
+def _is_valid_extraction(
+    parsed: dict,
+    *,
+    expected_session_id: str | None = None,
+) -> bool:
+    """Validate the minimum Deep Sleep extraction contract.
+
+    The extractor prompt's real top-level shape is
+    ``session_id/findings/protocol_summary`` plus optional richer sections.
+    We intentionally validate the live prompt contract rather than an older
+    proposal so a syntactically valid but structurally degraded JSON payload
+    does not silently count as success.
+    """
+
+    if not isinstance(parsed, dict):
+        return False
+    session_id = parsed.get("session_id")
+    if not isinstance(session_id, str) or not session_id.strip():
+        return False
+    if expected_session_id and session_id != expected_session_id:
+        return False
+    findings = parsed.get("findings")
+    if not isinstance(findings, list):
+        return False
+    if any(not isinstance(item, dict) for item in findings):
+        return False
+    protocol_summary = parsed.get("protocol_summary")
+    if not isinstance(protocol_summary, dict):
+        return False
+    for key in REQUIRED_PROTOCOL_SUMMARY_KEYS:
+        if not isinstance(protocol_summary.get(key), dict):
+            return False
+    for key in ("emotional_timeline", "abandoned_projects", "skill_candidates"):
+        if key in parsed and not isinstance(parsed.get(key), list):
+            return False
+    if "productivity_score" in parsed and not isinstance(parsed.get("productivity_score"), dict):
+        return False
+    return True
+
+
+def _write_debug_extract(session_id: str, kind: str, raw_output: str) -> Path:
+    debug_file = _deep_sleep_dir() / f"debug-extract-{session_id[:20]}-{kind}.txt"
+    debug_file.parent.mkdir(parents=True, exist_ok=True)
+    debug_file.write_text((raw_output or "")[:5000])
+    return debug_file
+
+
 def _safe_session_slug(session_id: str) -> str:
     return (
         session_id
@@ -215,6 +263,8 @@ def analyze_session(
             if not line.strip().startswith("Post-mortem") and line.strip()
         )
         parsed = extract_json_from_response(output)
+        debug_output = output
+        parse_failure_kind = "json_parse"
 
         # Fallback: if Claude returned text instead of JSON, ask a short conversion call
         if not parsed and len(output.strip()) > 50:
@@ -231,17 +281,23 @@ def analyze_session(
                 append_system_prompt=json_system_prompt,
             )
             if convert_result.returncode == 0:
+                debug_output = convert_result.stdout
                 parsed = extract_json_from_response(convert_result.stdout)
                 if parsed:
                     print(f"    Conversion succeeded")
 
+        if parsed and not _is_valid_extraction(parsed, expected_session_id=session_id):
+            parse_failure_kind = "json_schema"
+            debug_output = json.dumps(parsed, indent=2, ensure_ascii=False)
+            parsed = None
+
         if not parsed:
-            # Save raw output for debugging
-            debug_file = _deep_sleep_dir() / f"debug-extract-{session_id[:20]}.txt"
-            debug_file.parent.mkdir(parents=True, exist_ok=True)
-            debug_file.write_text(result.stdout[:5000])
-            print(f"    Failed to parse JSON. Raw output saved to {debug_file}", file=sys.stderr)
-            return None, "json_parse"
+            debug_file = _write_debug_extract(session_id, parse_failure_kind, debug_output)
+            print(
+                f"    Failed to validate extraction ({parse_failure_kind}). Raw output saved to {debug_file}",
+                file=sys.stderr,
+            )
+            return None, parse_failure_kind
 
         return parsed, None
 

package/src/scripts/nexo-watchdog.sh

@@ -350,6 +350,17 @@ try_request_catchup() {
   return 1
 }
 
+recovery_uses_catchup() {
+  case "$1" in
+    catchup|run_once_on_wake)
+      return 0
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+}
+
 try_verify_repair() {
   # After Level 2 repair, wait and verify the service is healthy
   local plist_id="$1"
@@ -604,12 +615,19 @@ lookup_stuck_threshold() {
   fi
 }
 
+escape_extended_regex() {
+  printf '%s\n' "$1" | sed 's/[][(){}.^$*+?|\\]/\\&/g'
+}
+
 find_wrapper_pids() {
   local cron_id="$1"
-  # Match the wrapper's exact arg slot: "nexo-cron-wrapper.sh CRON_ID "
-  # The trailing space prevents prefix collisions (e.g. "morning-agent" vs
-  # a hypothetical "morning-agent-v2").
-  pgrep -f "nexo-cron-wrapper\.sh ${cron_id} " 2>/dev/null
+  local wrapper_script="${NEXO_CODE}/scripts/nexo-cron-wrapper.sh"
+  local wrapper_pattern cron_pattern
+  wrapper_pattern=$(escape_extended_regex "$wrapper_script")
+  cron_pattern=$(escape_extended_regex "$cron_id")
+  # Match the wrapper path for this runtime only. This avoids reaping
+  # another install's wrapper that happens to share the same cron_id.
+  pgrep -f "${wrapper_pattern} ${cron_pattern} " 2>/dev/null
 }
 
 reap_stuck_cron_pids() {
@@ -735,6 +753,7 @@ for monitor in "${MONITORS[@]}"; do
   cron_id=$(cron_id_from_service "$plist_id")
   latest_run_has_record=false
   latest_run_failed=false
+  recovered_failed_run=false
 
   # Check 1: Service loaded? (launchd on macOS, systemd on Linux)
   if is_loaded "$plist_id"; then
@@ -808,7 +827,7 @@ for monitor in "${MONITORS[@]}"; do
         if [ "$age" -gt $(( max_stale * 3 )) ] && [ -n "$proc_grep" ] && ! process_running "$proc_grep"; then
           status="FAIL"
           details="${details}In-flight for ${stale_age} but process '$proc_grep' dead — stale row. "
-          if [ "$recovery_policy" = "catchup" ]; then
+          if recovery_uses_catchup "$recovery_policy"; then
             if try_request_catchup; then
               status="HEALED"
               details="${details}Self-healed: requested catchup for crashed in-flight run. "
@@ -836,10 +855,31 @@ for monitor in "${MONITORS[@]}"; do
             status="FAIL"
             details="${details}Last run exited ${last_exit}. "
             [ -n "$last_error" ] && details="${details}Error: ${last_error}. "
+            if recovery_uses_catchup "$recovery_policy"; then
+              if try_request_catchup; then
+                status="HEALED"
+                recovered_failed_run=true
+                details="${details}Self-healed: requested catchup after failed run. "
+                TOTAL_HEALED=$((TOTAL_HEALED + 1))
+              else
+                details="${details}Catchup request after failed run failed. "
+              fi
+            else
+              if try_reexecute_missed_cron "$plist_id"; then
+                status="HEALED"
+                recovered_failed_run=true
+                details="${details}Self-healed: re-executed failed run immediately. "
+                TOTAL_HEALED=$((TOTAL_HEALED + 1))
+              else
+                details="${details}Immediate re-execute after failed run failed. "
+              fi
+            fi
           fi
         fi
-        if [ "$age" -gt $(( max_stale * 3 )) ]; then
-          if [ "$recovery_policy" = "catchup" ]; then
+        if $recovered_failed_run; then
+          :
+        elif [ "$age" -gt $(( max_stale * 3 )) ]; then
+          if recovery_uses_catchup "$recovery_policy"; then
             if try_request_catchup; then
               status="HEALED"
               details="${details}Self-healed: requested catchup for missed window (last run: $stale_age). "
@@ -867,7 +907,7 @@ for monitor in "${MONITORS[@]}"; do
       fi
     else
       stale_age="no cron_runs entry"
-      if [ "$recovery_policy" = "catchup" ]; then
+      if recovery_uses_catchup "$recovery_policy"; then
         if try_request_catchup; then
           status="HEALED"
           details="${details}Self-healed: requested catchup for missing cron_runs entry. "

package/src/scripts/runner-health-check.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 # nexo: name=runner-health-check
-# nexo: description=Watchdog check: verifica que runners (followup-runner, morning-agent) producen trabajo real. Alerta si 48h sin ejecución o sin output útil.
+# nexo: description=Watchdog check: verify that automation runners produce real work. Alert if they go 48h without runs or useful output.
 # nexo: category=watchdog
 # nexo: runtime=python
 # nexo: timeout=60
@@ -14,15 +14,15 @@
 # nexo: doctor_allow_db=true
 
 """
-Runner Health Check — verifica que los runners NEXO producen trabajo real.
+Runner Health Check — verify that NEXO runners produce real work.
 
 Checks:
-1. followup-runner: ¿ha ejecutado en las últimas 48h? ¿Ha cambiado estado de algún followup?
-2. morning-agent: ¿ha ejecutado exitosamente en las últimas 48h?
-3. Log de resultados: ¿los logs no están vacíos?
-4. Minimum execution count: ¿al menos N ejecuciones en la última semana?
+1. followup-runner: has it run in the last 48h? has any followup changed state?
+2. morning-agent: has it run successfully in the last 48h?
+3. Output evidence: are the logs non-empty and recent?
+4. Minimum execution count: at least N successful runs in the last week?
 
-Output: JSON report + alerta en .watchdog-alert si hay problemas.
+Output: JSON report + .watchdog-alert entry if there are failures.
 """
 
 import json
@@ -142,6 +142,7 @@ def check_runner(conn: sqlite3.Connection, runner: dict) -> dict:
     now = datetime.now(timezone.utc)
     cutoff_48h = (now - timedelta(hours=MAX_HOURS_NO_RUN)).strftime("%Y-%m-%d %H:%M:%S")
     cutoff_7d = (now - timedelta(days=7)).strftime("%Y-%m-%d %H:%M:%S")
+    cutoff_7d_ts = (now - timedelta(days=7)).timestamp()
 
     result = {
         "cron_id": cron_id,
@@ -237,18 +238,24 @@ def check_runner(conn: sqlite3.Connection, runner: dict) -> dict:
             detail = "; ".join(log_issues[:2]) if log_issues else "no recent log evidence"
             result["issues"].append(f"no recent log evidence ({detail})")
 
-    # Check 6: For followup-runner specifically — check if followups change state
+    # Check 6: For followup-runner specifically — look for actual followup activity
     if cron_id == "followup-runner":
-        row = conn.execute(
+        transitioned = conn.execute(
             "SELECT COUNT(*) FROM followups WHERE status != 'PENDING' AND updated_at > ?",
-            (cutoff_7d,),
+            (cutoff_7d_ts,),
         ).fetchone()
-        # updated_at is epoch float
         recent_updated = conn.execute(
             "SELECT COUNT(*) FROM followups WHERE updated_at > ?",
-            ((now - timedelta(days=7)).timestamp(),),
+            (cutoff_7d_ts,),
         ).fetchone()
-        result["followups_updated_last_7d"] = recent_updated[0] if recent_updated else 0
+        transitioned_count = transitioned[0] if transitioned else 0
+        updated_count = recent_updated[0] if recent_updated else 0
+        result["followups_non_pending_last_7d"] = transitioned_count
+        result["followups_updated_last_7d"] = updated_count
+        if success_7d > 0 and transitioned_count == 0 and updated_count == 0:
+            if result["status"] == "PASS":
+                result["status"] = "WARN"
+            result["issues"].append("No followup updates or state transitions in last 7d")
 
     return result