nexo-brain 7.11.5 → 7.11.6

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.5",
+  "version": "7.11.6",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,9 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.11.5` is the current packaged-runtime line. Patch release — Desktop-managed installs now block the standalone dashboard at the same product-mode layer as evolution, so `installation_live`, cron sync, and watchdog no longer disagree about whether `com.nexo.dashboard` should exist. Validation: `125` targeted tests across product-mode, cron sync, and doctor, plus a full pre-release wrapper (`2321 passed, 2 skipped, 1 xfailed, 4 xpassed`).
+Version `7.11.6` is the current packaged-runtime line. Patch release — Guardian G4 now filters more false-positive slash fragments before they become debt, `strict_protocol_write_without_task` downgrades to `warn` when the session has a fresh heartbeat, and Deep Sleep extraction validates the real prompt contract instead of accepting any syntactically valid JSON. Validation so far: `50` targeted tests across hook guardrails and Deep Sleep extraction.
+
+Previously in `7.11.5`: patch release — Desktop-managed installs now block the standalone dashboard at the same product-mode layer as evolution, so `installation_live`, cron sync, and watchdog no longer disagree about whether `com.nexo.dashboard` should exist. Validation: `125` targeted tests across product-mode, cron sync, and doctor, plus a full pre-release wrapper (`2321 passed, 2 skipped, 1 xfailed, 4 xpassed`).
 
 Previously in `7.11.4`: patch release — packaged runtimes now receive root JSON contracts such as `local_model_manifest.json`, install/update paths sync core crons from `src/crons/manifest.json` instead of depending on a stale JS list, `runner-health-check` is wired into cron/doctor/dashboard instead of writing an unread file, and the watchdog retries failed crons immediately while treating `run_once_on_wake` as catchup-style recovery. Validation: `117` targeted tests across packaged update, cron sync/recovery, dashboard, local models, and runtime update contracts.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.5",
+  "version": "7.11.6",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/hook_guardrails.py

@@ -8,11 +8,12 @@ import os
 import re
 import shlex
 import sys
+import time
 from pathlib import Path
 import paths
 
 from core_prompts import render_core_prompt
-from db import create_protocol_debt, get_db
+from db import create_protocol_debt, get_db, get_last_heartbeat_ts
 from operator_language import append_operator_language_contract
 from plugins.guard import _load_conditioned_learnings, _normalize_path_token
 from protocol_settings import get_protocol_strictness
@@ -262,10 +263,13 @@ _PATH_ARTIFACT_RE = re.compile(
     [\$\`]                # unresolved shell substitution / backtick boundary
     | [\*\?]              # glob metacharacter
     | [\[\]\{\}]          # bracket/range/heredoc markers
+    | [\|\=\;]            # regex fragments / shell assignment / command separators
     | \s                  # embedded whitespace (most likely truncation)
     """,
     re.VERBOSE,
 )
+_DATE_LIKE_PATH_RE = re.compile(r"^/\d{1,4}/\d{1,4}(?:/\d{1,4})?$")
+_STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS = 300
 
 # Single-segment ``/word`` candidates that match a small dictionary block-list
 # of confirmed false positives observed in the live debt log.
@@ -303,6 +307,8 @@ def _looks_like_real_path(path: str) -> bool:
         return False
     if _PATH_ARTIFACT_RE.search(raw):
         return False
+    if _DATE_LIKE_PATH_RE.fullmatch(raw):
+        return False
     # Pure numeric segments (``/166``, ``/487``, ``/1000``) are almost
     # always status codes or counters lifted out of a log line.
     stripped = raw.lstrip("/")
@@ -321,9 +327,38 @@ def _looks_like_real_path(path: str) -> bool:
                 return False
         except OSError:
             return False
+    parts = [segment for segment in stripped.split("/") if segment]
+    if len(parts) > 1 and "." not in parts[-1]:
+        try:
+            if not Path(raw).exists():
+                return False
+        except OSError:
+            return False
     return True
 
 
+def _strict_write_without_task_severity(session_id: str) -> str:
+    """Downgrade missing-task debt when the session is clearly alive.
+
+    A recent heartbeat shows the session is connected to a real ongoing
+    conversation even if the operator skipped `nexo_task_open`. We still
+    block strict writes, but store the debt as warn so dashboards separate
+    protocol drift from completely untracked edits.
+    """
+
+    if not session_id:
+        return "error"
+    try:
+        last_hb = get_last_heartbeat_ts(session_id)
+    except Exception:
+        return "error"
+    if last_hb is None:
+        return "error"
+    if time.time() - float(last_hb) <= _STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS:
+        return "warn"
+    return "error"
+
+
 def _resolve_runtime_path(path: str) -> Path:
     candidate = Path(str(path or "")).expanduser()
     if not candidate.is_absolute():
@@ -1394,12 +1429,13 @@ def process_pre_tool_event(payload: dict) -> dict:
     if not files:
         task = _find_any_open_task(conn, sid)
         if not task:
+            severity = _strict_write_without_task_severity(sid)
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
                 task_id="",
                 debt_type="strict_protocol_write_without_task",
-                severity="error",
+                severity=severity,
                 evidence=f"{tool_name} attempted without a detectable file path and without an open protocol task.",
                 file_token="unknown-target",
             )
@@ -1425,12 +1461,13 @@ def process_pre_tool_event(payload: dict) -> dict:
     for filepath in files:
         task = _find_open_task_for_file(conn, sid, filepath)
         if not task:
+            severity = _strict_write_without_task_severity(sid)
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
                 task_id="",
                 debt_type="strict_protocol_write_without_task",
-                severity="error",
+                severity=severity,
                 evidence=f"{tool_name} attempted on {filepath} without an open protocol task for that file.",
                 file_token=filepath,
             )

package/src/scripts/deep-sleep/extract.py

@@ -68,6 +68,7 @@ TRANSIENT_ERROR_KINDS = {
     "timeout",
     "signal",
 }
+REQUIRED_PROTOCOL_SUMMARY_KEYS = ("guard_check", "heartbeat", "change_log")
 
 
 def _classify_cli_result(result) -> tuple[str, str]:
@@ -133,6 +134,53 @@ def extract_json_from_response(text: str) -> dict | None:
     return None
 
 
+def _is_valid_extraction(
+    parsed: dict,
+    *,
+    expected_session_id: str | None = None,
+) -> bool:
+    """Validate the minimum Deep Sleep extraction contract.
+
+    The extractor prompt's real top-level shape is
+    ``session_id/findings/protocol_summary`` plus optional richer sections.
+    We intentionally validate the live prompt contract rather than an older
+    proposal so a syntactically valid but structurally degraded JSON payload
+    does not silently count as success.
+    """
+
+    if not isinstance(parsed, dict):
+        return False
+    session_id = parsed.get("session_id")
+    if not isinstance(session_id, str) or not session_id.strip():
+        return False
+    if expected_session_id and session_id != expected_session_id:
+        return False
+    findings = parsed.get("findings")
+    if not isinstance(findings, list):
+        return False
+    if any(not isinstance(item, dict) for item in findings):
+        return False
+    protocol_summary = parsed.get("protocol_summary")
+    if not isinstance(protocol_summary, dict):
+        return False
+    for key in REQUIRED_PROTOCOL_SUMMARY_KEYS:
+        if not isinstance(protocol_summary.get(key), dict):
+            return False
+    for key in ("emotional_timeline", "abandoned_projects", "skill_candidates"):
+        if key in parsed and not isinstance(parsed.get(key), list):
+            return False
+    if "productivity_score" in parsed and not isinstance(parsed.get("productivity_score"), dict):
+        return False
+    return True
+
+
+def _write_debug_extract(session_id: str, kind: str, raw_output: str) -> Path:
+    debug_file = _deep_sleep_dir() / f"debug-extract-{session_id[:20]}-{kind}.txt"
+    debug_file.parent.mkdir(parents=True, exist_ok=True)
+    debug_file.write_text((raw_output or "")[:5000])
+    return debug_file
+
+
 def _safe_session_slug(session_id: str) -> str:
     return (
         session_id
@@ -215,6 +263,8 @@ def analyze_session(
             if not line.strip().startswith("Post-mortem") and line.strip()
         )
         parsed = extract_json_from_response(output)
+        debug_output = output
+        parse_failure_kind = "json_parse"
 
         # Fallback: if Claude returned text instead of JSON, ask a short conversion call
         if not parsed and len(output.strip()) > 50:
@@ -231,17 +281,23 @@ def analyze_session(
                 append_system_prompt=json_system_prompt,
             )
             if convert_result.returncode == 0:
+                debug_output = convert_result.stdout
                 parsed = extract_json_from_response(convert_result.stdout)
                 if parsed:
                     print(f"    Conversion succeeded")
 
+        if parsed and not _is_valid_extraction(parsed, expected_session_id=session_id):
+            parse_failure_kind = "json_schema"
+            debug_output = json.dumps(parsed, indent=2, ensure_ascii=False)
+            parsed = None
+
         if not parsed:
-            # Save raw output for debugging
-            debug_file = _deep_sleep_dir() / f"debug-extract-{session_id[:20]}.txt"
-            debug_file.parent.mkdir(parents=True, exist_ok=True)
-            debug_file.write_text(result.stdout[:5000])
-            print(f"    Failed to parse JSON. Raw output saved to {debug_file}", file=sys.stderr)
-            return None, "json_parse"
+            debug_file = _write_debug_extract(session_id, parse_failure_kind, debug_output)
+            print(
+                f"    Failed to validate extraction ({parse_failure_kind}). Raw output saved to {debug_file}",
+                file=sys.stderr,
+            )
+            return None, parse_failure_kind
 
         return parsed, None