nexo-brain 7.11.5 → 7.11.7

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.5",
+  "version": "7.11.7",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.11.5` is the current packaged-runtime line. Patch release — Desktop-managed installs now block the standalone dashboard at the same product-mode layer as evolution, so `installation_live`, cron sync, and watchdog no longer disagree about whether `com.nexo.dashboard` should exist. Validation: `125` targeted tests across product-mode, cron sync, and doctor, plus a full pre-release wrapper (`2321 passed, 2 skipped, 1 xfailed, 4 xpassed`).
+Version `7.11.7` is the current packaged-runtime line. Patch release — runtime doctor now stops treating resolved protocol drift, disabled evolution, successful zero-usage headless runs, and recent in-flight crons as live runtime failures, while `runner-health-check` treats supervisor `SIGTERM 143` reloads as benign and supports both tuple and row-shaped SQLite reads. Result: the runtime doctor/runtime tier goes back to green on the live install. Validation so far: `104` targeted tests across doctor and runner-health.
+
+Previously in `7.11.6`: patch release — Guardian G4 now filters more false-positive slash fragments before they become debt, `strict_protocol_write_without_task` downgrades to `warn` when the session has a fresh heartbeat, and Deep Sleep extraction validates the real prompt contract instead of accepting any syntactically valid JSON. Validation so far: `50` targeted tests across hook guardrails and Deep Sleep extraction.
+
+Previously in `7.11.5`: patch release — Desktop-managed installs now block the standalone dashboard at the same product-mode layer as evolution, so `installation_live`, cron sync, and watchdog no longer disagree about whether `com.nexo.dashboard` should exist. Validation: `125` targeted tests across product-mode, cron sync, and doctor, plus a full pre-release wrapper (`2321 passed, 2 skipped, 1 xfailed, 4 xpassed`).
 
 Previously in `7.11.4`: patch release — packaged runtimes now receive root JSON contracts such as `local_model_manifest.json`, install/update paths sync core crons from `src/crons/manifest.json` instead of depending on a stale JS list, `runner-health-check` is wired into cron/doctor/dashboard instead of writing an unread file, and the watchdog retries failed crons immediately while treating `run_once_on_wake` as catchup-style recovery. Validation: `117` targeted tests across packaged update, cron sync/recovery, dashboard, local models, and runtime update contracts.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.5",
+  "version": "7.11.7",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/doctor/providers/runtime.py

@@ -57,6 +57,28 @@ PACKAGE_JSON = NEXO_CODE / "package.json"
 CHANGELOG_FILE = NEXO_CODE / "CHANGELOG.md"
 
 
+def _evolution_objective_payload() -> dict:
+    candidates = [
+        NEXO_HOME / "brain" / "evolution-objective.json",
+        NEXO_HOME / "cortex" / "evolution-objective.json",
+    ]
+    for path in candidates:
+        if not path.is_file():
+            continue
+        try:
+            payload = json.loads(path.read_text())
+        except Exception:
+            continue
+        if isinstance(payload, dict):
+            return payload
+    return {}
+
+
+def _is_evolution_disabled() -> bool:
+    payload = _evolution_objective_payload()
+    return payload.get("evolution_enabled") is False
+
+
 def _expected_runtime_code_dir() -> Path:
     packaged = NEXO_HOME / "core"
     if packaged.exists() or not (NEXO_HOME / "server.py").is_file():
@@ -887,6 +909,8 @@ def _cron_expectations() -> dict[str, dict]:
         cron_id = cron.get("id")
         if not cron_id or cron.get("keep_alive"):
             continue
+        if cron_id == "evolution" and _is_evolution_disabled():
+            continue
         if cron.get("run_at_load") and not cron.get("interval_seconds") and not cron.get("schedule"):
             continue
 
@@ -1485,7 +1509,17 @@ def check_cron_freshness() -> DoctorCheck:
                 )
             # Latest run per cron
             rows = conn.execute(
-                "SELECT cron_id, MAX(started_at) as last_run FROM cron_runs GROUP BY cron_id"
+                """
+                SELECT cr.cron_id, cr.started_at, cr.ended_at, cr.exit_code
+                FROM cron_runs cr
+                INNER JOIN (
+                    SELECT cron_id, MAX(started_at) AS last_run
+                    FROM cron_runs
+                    GROUP BY cron_id
+                ) latest
+                  ON latest.cron_id = cr.cron_id
+                 AND latest.last_run = cr.started_at
+                """
             ).fetchall()
         finally:
             conn.close()
@@ -1510,8 +1544,16 @@ def check_cron_freshness() -> DoctorCheck:
 
             age = now - parsed.timestamp()
             expected = expectations.get(cron_id, {"threshold": DEFAULT_CRON_THRESHOLD, "label": "runtime default"})
+            in_flight = row[2] is None and row[3] is None
+            if in_flight and age <= max(expected["threshold"] * 4, 3600):
+                continue
             if age > expected["threshold"]:
-                stale.append(f"{cron_id}: {int(age / 3600)}h ago (expected {expected['label']})")
+                if in_flight:
+                    stale.append(
+                        f"{cron_id}: in-flight for {int(age / 60)}m (expected {expected['label']})"
+                    )
+                else:
+                    stale.append(f"{cron_id}: {int(age / 3600)}h ago (expected {expected['label']})")
 
         if stale:
             return DoctorCheck(
@@ -2318,6 +2360,11 @@ def check_codex_conditioned_file_discipline() -> DoctorCheck:
         repair_plan.append("Keep using managed Codex bootstrap so conditioned-file discipline remains visible in transcripts")
 
     no_open_conditioned_debt = debt_summary["available"] and debt_summary["open_total"] == 0
+    historical_no_open_debt_drift = (
+        no_open_conditioned_debt
+        and audit.get("latest_violation_age_seconds") is not None
+        and float(audit["latest_violation_age_seconds"]) >= LIVE_PROTOCOL_SESSION_FRESHNESS
+    )
     historical_read_only = (
         no_open_conditioned_debt
         and audit["read_without_protocol"] > 0
@@ -2334,13 +2381,16 @@ def check_codex_conditioned_file_discipline() -> DoctorCheck:
     )
 
     if audit["write_without_protocol"] or audit["write_without_guard_ack"]:
-        if tracked_mutation_without_open_debt:
+        if historical_no_open_debt_drift:
+            status = "healthy"
+            severity = "info"
+        elif tracked_mutation_without_open_debt:
             status = "healthy"
             severity = "info"
         else:
             status = "critical"
             severity = "error"
-    elif historical_read_only:
+    elif historical_no_open_debt_drift or historical_read_only:
         status = "healthy"
         severity = "info"
     elif audit["read_without_protocol"]:
@@ -2357,7 +2407,7 @@ def check_codex_conditioned_file_discipline() -> DoctorCheck:
         severity=severity,
         summary=(
             "Historical Codex conditioned-file drift has no open protocol debt"
-            if historical_read_only
+            if historical_no_open_debt_drift or historical_read_only
             else "Tracked Codex conditioned-file mutation drift has no open protocol debt"
             if tracked_mutation_without_open_debt
             else "Recent Codex sessions respect conditioned-file discipline"
@@ -2685,7 +2735,10 @@ def check_protocol_compliance() -> DoctorCheck:
                     closed_tasks = [row for row in tasks if row["status"] != "open"]
                     verify_required = [row for row in closed_tasks if row["must_verify"] and row["status"] == "done"]
                     verify_ok = [row for row in verify_required if (row["close_evidence"] or "").strip()]
-                    change_required = [row for row in closed_tasks if row["must_change_log"]]
+                    change_required = [
+                        row for row in closed_tasks
+                        if row["must_change_log"] and row["status"] in {"done", "partial", "failed"}
+                    ]
                     change_ok = [row for row in change_required if row["change_log_id"]]
                     learning_required = [row for row in closed_tasks if row["correction_happened"]]
                     learning_ok = [row for row in learning_required if row["learning_id"]]
@@ -3216,16 +3269,23 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
                 interactive_expr = "0"
                 if "session_type" in columns:
                     interactive_expr = "COALESCE(session_type, '') LIKE 'interactive%'"
+                headless_unmetered_expr = (
+                    f"status = 'ok' AND NOT ({interactive_expr}) "
+                    "AND (input_tokens + cached_input_tokens + output_tokens) = 0 "
+                    "AND COALESCE(total_cost_usd, 0) <= 0 "
+                    "AND COALESCE(cost_source, '') IN ('', 'backend', 'missing')"
+                )
                 row = conn.execute(
                     f"""
                     SELECT
                         COUNT(*) AS runs,
                         SUM(CASE WHEN status = 'ok' THEN 1 ELSE 0 END) AS successful_runs,
                         SUM(CASE WHEN status != 'ok' THEN 1 ELSE 0 END) AS failed_runs,
-                        SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) THEN 1 ELSE 0 END) AS scored_successful_runs,
+                        SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND NOT ({headless_unmetered_expr}) THEN 1 ELSE 0 END) AS scored_successful_runs,
                         SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND (input_tokens + cached_input_tokens + output_tokens) > 0 THEN 1 ELSE 0 END) AS usage_runs,
                         SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND total_cost_usd IS NOT NULL THEN 1 ELSE 0 END) AS cost_runs,
                         SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND cost_source = 'pricing_unavailable' THEN 1 ELSE 0 END) AS pricing_gaps,
+                        SUM(CASE WHEN {headless_unmetered_expr} THEN 1 ELSE 0 END) AS headless_unmetered_runs,
                         SUM(CASE WHEN status = 'ok' AND ({interactive_expr}) AND ((input_tokens + cached_input_tokens + output_tokens) = 0 OR total_cost_usd IS NULL) THEN 1 ELSE 0 END) AS interactive_unmetered_runs,
                         GROUP_CONCAT(DISTINCT backend) AS backends
                     FROM automation_runs
@@ -3284,9 +3344,10 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
     usage_runs = int((row["usage_runs"] if row else 0) or 0)
     cost_runs = int((row["cost_runs"] if row else 0) or 0)
     pricing_gaps = int((row["pricing_gaps"] if row else 0) or 0)
+    headless_unmetered_runs = int((row["headless_unmetered_runs"] if row and "headless_unmetered_runs" in row.keys() else 0) or 0)
     interactive_unmetered_runs = int((row["interactive_unmetered_runs"] if row and "interactive_unmetered_runs" in row.keys() else 0) or 0)
-    usage_denominator = scored_successful_runs or (successful_runs if not interactive_unmetered_runs else 0)
-    cost_denominator = scored_successful_runs or (successful_runs if not interactive_unmetered_runs else 0)
+    usage_denominator = scored_successful_runs or (successful_runs if not interactive_unmetered_runs and not headless_unmetered_runs else 0)
+    cost_denominator = scored_successful_runs or (successful_runs if not interactive_unmetered_runs and not headless_unmetered_runs else 0)
     missing_usage_runs = max(0, usage_denominator - usage_runs) if usage_denominator else 0
     usage_coverage = round((usage_runs / usage_denominator) * 100, 1) if usage_denominator else 100.0
     cost_coverage = round((cost_runs / cost_denominator) * 100, 1) if cost_denominator else 100.0
@@ -3302,6 +3363,8 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
     ]
     if missing_usage_runs:
         evidence.append(f"missing_usage_runs={missing_usage_runs}")
+    if headless_unmetered_runs:
+        evidence.append(f"headless_unmetered_runs_excluded={headless_unmetered_runs}")
     if interactive_unmetered_runs:
         evidence.append(f"interactive_unmetered_runs_excluded={interactive_unmetered_runs}")
     backends = str((row["backends"] if row else "") or "").strip()

package/src/hook_guardrails.py

@@ -8,11 +8,12 @@ import os
 import re
 import shlex
 import sys
+import time
 from pathlib import Path
 import paths
 
 from core_prompts import render_core_prompt
-from db import create_protocol_debt, get_db
+from db import create_protocol_debt, get_db, get_last_heartbeat_ts
 from operator_language import append_operator_language_contract
 from plugins.guard import _load_conditioned_learnings, _normalize_path_token
 from protocol_settings import get_protocol_strictness
@@ -262,10 +263,13 @@ _PATH_ARTIFACT_RE = re.compile(
     [\$\`]                # unresolved shell substitution / backtick boundary
     | [\*\?]              # glob metacharacter
     | [\[\]\{\}]          # bracket/range/heredoc markers
+    | [\|\=\;]            # regex fragments / shell assignment / command separators
     | \s                  # embedded whitespace (most likely truncation)
     """,
     re.VERBOSE,
 )
+_DATE_LIKE_PATH_RE = re.compile(r"^/\d{1,4}/\d{1,4}(?:/\d{1,4})?$")
+_STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS = 300
 
 # Single-segment ``/word`` candidates that match a small dictionary block-list
 # of confirmed false positives observed in the live debt log.
@@ -303,6 +307,8 @@ def _looks_like_real_path(path: str) -> bool:
         return False
     if _PATH_ARTIFACT_RE.search(raw):
         return False
+    if _DATE_LIKE_PATH_RE.fullmatch(raw):
+        return False
     # Pure numeric segments (``/166``, ``/487``, ``/1000``) are almost
     # always status codes or counters lifted out of a log line.
     stripped = raw.lstrip("/")
@@ -321,9 +327,38 @@ def _looks_like_real_path(path: str) -> bool:
                 return False
         except OSError:
             return False
+    parts = [segment for segment in stripped.split("/") if segment]
+    if len(parts) > 1 and "." not in parts[-1]:
+        try:
+            if not Path(raw).exists():
+                return False
+        except OSError:
+            return False
     return True
 
 
+def _strict_write_without_task_severity(session_id: str) -> str:
+    """Downgrade missing-task debt when the session is clearly alive.
+
+    A recent heartbeat shows the session is connected to a real ongoing
+    conversation even if the operator skipped `nexo_task_open`. We still
+    block strict writes, but store the debt as warn so dashboards separate
+    protocol drift from completely untracked edits.
+    """
+
+    if not session_id:
+        return "error"
+    try:
+        last_hb = get_last_heartbeat_ts(session_id)
+    except Exception:
+        return "error"
+    if last_hb is None:
+        return "error"
+    if time.time() - float(last_hb) <= _STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS:
+        return "warn"
+    return "error"
+
+
 def _resolve_runtime_path(path: str) -> Path:
     candidate = Path(str(path or "")).expanduser()
     if not candidate.is_absolute():
@@ -1394,12 +1429,13 @@ def process_pre_tool_event(payload: dict) -> dict:
     if not files:
         task = _find_any_open_task(conn, sid)
         if not task:
+            severity = _strict_write_without_task_severity(sid)
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
                 task_id="",
                 debt_type="strict_protocol_write_without_task",
-                severity="error",
+                severity=severity,
                 evidence=f"{tool_name} attempted without a detectable file path and without an open protocol task.",
                 file_token="unknown-target",
             )
@@ -1425,12 +1461,13 @@ def process_pre_tool_event(payload: dict) -> dict:
     for filepath in files:
         task = _find_open_task_for_file(conn, sid, filepath)
         if not task:
+            severity = _strict_write_without_task_severity(sid)
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
                 task_id="",
                 debt_type="strict_protocol_write_without_task",
-                severity="error",
+                severity=severity,
                 evidence=f"{tool_name} attempted on {filepath} without an open protocol task for that file.",
                 file_token=filepath,
             )

package/src/scripts/deep-sleep/extract.py

@@ -68,6 +68,7 @@ TRANSIENT_ERROR_KINDS = {
     "timeout",
     "signal",
 }
+REQUIRED_PROTOCOL_SUMMARY_KEYS = ("guard_check", "heartbeat", "change_log")
 
 
 def _classify_cli_result(result) -> tuple[str, str]:
@@ -133,6 +134,53 @@ def extract_json_from_response(text: str) -> dict | None:
     return None
 
 
+def _is_valid_extraction(
+    parsed: dict,
+    *,
+    expected_session_id: str | None = None,
+) -> bool:
+    """Validate the minimum Deep Sleep extraction contract.
+
+    The extractor prompt's real top-level shape is
+    ``session_id/findings/protocol_summary`` plus optional richer sections.
+    We intentionally validate the live prompt contract rather than an older
+    proposal so a syntactically valid but structurally degraded JSON payload
+    does not silently count as success.
+    """
+
+    if not isinstance(parsed, dict):
+        return False
+    session_id = parsed.get("session_id")
+    if not isinstance(session_id, str) or not session_id.strip():
+        return False
+    if expected_session_id and session_id != expected_session_id:
+        return False
+    findings = parsed.get("findings")
+    if not isinstance(findings, list):
+        return False
+    if any(not isinstance(item, dict) for item in findings):
+        return False
+    protocol_summary = parsed.get("protocol_summary")
+    if not isinstance(protocol_summary, dict):
+        return False
+    for key in REQUIRED_PROTOCOL_SUMMARY_KEYS:
+        if not isinstance(protocol_summary.get(key), dict):
+            return False
+    for key in ("emotional_timeline", "abandoned_projects", "skill_candidates"):
+        if key in parsed and not isinstance(parsed.get(key), list):
+            return False
+    if "productivity_score" in parsed and not isinstance(parsed.get("productivity_score"), dict):
+        return False
+    return True
+
+
+def _write_debug_extract(session_id: str, kind: str, raw_output: str) -> Path:
+    debug_file = _deep_sleep_dir() / f"debug-extract-{session_id[:20]}-{kind}.txt"
+    debug_file.parent.mkdir(parents=True, exist_ok=True)
+    debug_file.write_text((raw_output or "")[:5000])
+    return debug_file
+
+
 def _safe_session_slug(session_id: str) -> str:
     return (
         session_id
@@ -215,6 +263,8 @@ def analyze_session(
             if not line.strip().startswith("Post-mortem") and line.strip()
         )
         parsed = extract_json_from_response(output)
+        debug_output = output
+        parse_failure_kind = "json_parse"
 
         # Fallback: if Claude returned text instead of JSON, ask a short conversion call
         if not parsed and len(output.strip()) > 50:
@@ -231,17 +281,23 @@ def analyze_session(
                 append_system_prompt=json_system_prompt,
             )
             if convert_result.returncode == 0:
+                debug_output = convert_result.stdout
                 parsed = extract_json_from_response(convert_result.stdout)
                 if parsed:
                     print(f"    Conversion succeeded")
 
+        if parsed and not _is_valid_extraction(parsed, expected_session_id=session_id):
+            parse_failure_kind = "json_schema"
+            debug_output = json.dumps(parsed, indent=2, ensure_ascii=False)
+            parsed = None
+
         if not parsed:
-            # Save raw output for debugging
-            debug_file = _deep_sleep_dir() / f"debug-extract-{session_id[:20]}.txt"
-            debug_file.parent.mkdir(parents=True, exist_ok=True)
-            debug_file.write_text(result.stdout[:5000])
-            print(f"    Failed to parse JSON. Raw output saved to {debug_file}", file=sys.stderr)
-            return None, "json_parse"
+            debug_file = _write_debug_extract(session_id, parse_failure_kind, debug_output)
+            print(
+                f"    Failed to validate extraction ({parse_failure_kind}). Raw output saved to {debug_file}",
+                file=sys.stderr,
+            )
+            return None, parse_failure_kind
 
         return parsed, None
 

package/src/scripts/runner-health-check.py

@@ -71,6 +71,25 @@ RUNNERS = [
 ]
 
 
+def _row_value(row: sqlite3.Row | tuple, key: str):
+    if isinstance(row, sqlite3.Row):
+        return row[key]
+    column_index = {
+        "exit_code": 0,
+        "error": 1,
+        "started_at": 2,
+    }
+    return row[column_index[key]]
+
+
+def _is_benign_supervisor_interrupt(row: sqlite3.Row | tuple) -> bool:
+    exit_code = _row_value(row, "exit_code")
+    error = _row_value(row, "error")
+    if int(exit_code or 0) != 143:
+        return False
+    return "Killed by SIGTERM" in str(error or "")
+
+
 def _recent_summary_evidence(conn: sqlite3.Connection, cron_id: str, cutoff: str) -> Optional[dict]:
     row = conn.execute(
         "SELECT summary, started_at FROM cron_runs WHERE cron_id=? AND started_at > ? AND summary != '' ORDER BY started_at DESC LIMIT 1",
@@ -113,27 +132,33 @@ def _recent_log_evidence(now: datetime, max_age_hours: int, *sources: tuple[str,
 
 
 def _last_error_state(conn: sqlite3.Connection, cron_id: str) -> Optional[dict]:
-    row = conn.execute(
-        "SELECT error, started_at FROM cron_runs WHERE cron_id=? AND error != '' AND error IS NOT NULL ORDER BY started_at DESC LIMIT 1",
+    rows = conn.execute(
+        "SELECT exit_code, error, started_at FROM cron_runs WHERE cron_id=? AND error != '' AND error IS NOT NULL ORDER BY started_at DESC",
         (cron_id,),
-    ).fetchone()
-    if not row:
+    ).fetchall()
+    row = next((candidate for candidate in rows if not _is_benign_supervisor_interrupt(candidate)), None)
+    if row is None:
         return None
 
     successful_since = conn.execute(
-        "SELECT COUNT(*) FROM cron_runs WHERE cron_id=? AND started_at > ? AND (exit_code=0 OR exit_code IS NULL)",
-        (cron_id, row[1]),
-    ).fetchone()
+        "SELECT exit_code, error, started_at FROM cron_runs WHERE cron_id=? AND started_at > ?",
+        (cron_id, _row_value(row, "started_at")),
+    ).fetchall()
+    successful_count = sum(
+        1
+        for candidate in successful_since
+        if int(_row_value(candidate, "exit_code") or 0) == 0 or _is_benign_supervisor_interrupt(candidate)
+    )
     age_row = conn.execute(
         "SELECT ROUND((julianday('now') - julianday(?)) * 24, 1)",
-        (row[1],),
+        (_row_value(row, "started_at"),),
     ).fetchone()
 
     return {
-        "last_error": row[0][:200],
-        "last_error_at": row[1],
+        "last_error": str(_row_value(row, "error") or "")[:200],
+        "last_error_at": _row_value(row, "started_at"),
         "last_error_age_hours": age_row[0] if age_row else None,
-        "successful_runs_since_last_error": successful_since[0] if successful_since else 0,
+        "successful_runs_since_last_error": successful_count,
     }
 
 
@@ -167,11 +192,15 @@ def check_runner(conn: sqlite3.Connection, runner: dict) -> dict:
         result["issues"].append(f"No runs in the last {MAX_HOURS_NO_RUN}h (last: {last_run})")
 
     # Check 2: Successful runs in the last week
-    row = conn.execute(
-        "SELECT COUNT(*) FROM cron_runs WHERE cron_id=? AND started_at > ? AND (exit_code=0 OR exit_code IS NULL)",
+    run_rows_7d = conn.execute(
+        "SELECT exit_code, error, started_at FROM cron_runs WHERE cron_id=? AND started_at > ?",
         (cron_id, cutoff_7d),
-    ).fetchone()
-    success_7d = row[0] or 0
+    ).fetchall()
+    success_7d = sum(
+        1
+        for row in run_rows_7d
+        if int(_row_value(row, "exit_code") or 0) == 0 or _is_benign_supervisor_interrupt(row)
+    )
     result["successful_runs_last_7d"] = success_7d
 
     if success_7d < runner["min_weekly"]:
@@ -183,11 +212,11 @@ def check_runner(conn: sqlite3.Connection, runner: dict) -> dict:
         )
 
     # Check 3: Error rate in last week
-    row = conn.execute(
-        "SELECT COUNT(*) FROM cron_runs WHERE cron_id=? AND started_at > ? AND exit_code IS NOT NULL AND exit_code != 0",
-        (cron_id, cutoff_7d),
-    ).fetchone()
-    errors_7d = row[0] or 0
+    errors_7d = sum(
+        1
+        for row in run_rows_7d
+        if int(_row_value(row, "exit_code") or 0) != 0 and not _is_benign_supervisor_interrupt(row)
+    )
     total_7d = success_7d + errors_7d
     result["errors_last_7d"] = errors_7d
     result["total_runs_last_7d"] = total_7d
@@ -266,6 +295,7 @@ def main() -> int:
         return 1
 
     conn = sqlite3.connect(str(DB_PATH), timeout=10)
+    conn.row_factory = sqlite3.Row
     now = datetime.now(timezone.utc)
 
     report = {