nexo-brain 7.11.8 → 7.12.1

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.8",
+  "version": "7.12.1",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,9 +18,9 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.11.8` is the current packaged-runtime line. Patch release — silent Guardian reminders now explicitly own the whole reminder turn: lifecycle close/app-exit diary-stop prompts, post-tool inbox reminders, and the server-side enforcement contract all require empty visible output unless there is a fresh operator message. Result: consecutive silent reminders stop leaking visible prose such as "En pausa..." into Desktop conversations, and canonical lifecycle plans publish the stricter v6 prompt contract. Validation so far: `38` targeted tests across prompt/enforcement/lifecycle surfaces plus release-readiness.
+Version `7.12.1` is the current packaged-runtime line. Patch release — Guardian G3 now sees SSH remote-write intent even when the shell payload arrives through pipe, heredoc, or stdin redirect, recent same-task Cortex decisions unlock the next matching G3 retry for a short TTL, and personal text automations now run as bare one-shots with short timeouts and overlap locks instead of spawning full agent sessions. Result: remote deploy/recovery flows stop dead-ending after `nexo_cortex_decide`, and short cron-owned text jobs stop hanging for hours or stacking parallel subprocesses.
 
-Previously in `7.11.6`: patch release — Guardian G4 now filters more false-positive slash fragments before they become debt, `strict_protocol_write_without_task` downgrades to `warn` when the session has a fresh heartbeat, and Deep Sleep extraction validates the real prompt contract instead of accepting any syntactically valid JSON. Validation so far: `50` targeted tests across hook guardrails and Deep Sleep extraction.
+Previously in `7.12.0`: minor release — adds `nexo support-snapshot` for generic local runtime diagnostics and completes the silent-reminder hardening on the live Protocol Enforcer path. The support collector emits one JSON bundle with version/platform metadata, runtime path presence, health-check output, and recent event/operation tails, while map-driven reminders (`nexo_startup`, `nexo_smart_startup`, `nexo_heartbeat`, `nexo_reminders`, `nexo_session_diary_*`, `nexo_stop`, `nexo_task_close`, compaction checkpoint prompts) now say explicitly that silence owns the entire reminder turn.
 
 Previously in `7.11.5`: patch release — Desktop-managed installs now block the standalone dashboard at the same product-mode layer as evolution, so `installation_live`, cron sync, and watchdog no longer disagree about whether `com.nexo.dashboard` should exist. Validation: `125` targeted tests across product-mode, cron sync, and doctor, plus a full pre-release wrapper (`2321 passed, 2 skipped, 1 xfailed, 4 xpassed`).
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.11.8",
+  "version": "7.12.1",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/cli.py

@@ -29,6 +29,7 @@ Entry points:
   nexo clients sync [--json]
   nexo contributor status|on|off [--json]
   nexo doctor [--tier boot|runtime|deep|all] [--plane runtime_personal|installation_live|database_real] [--json] [--fix]
+  nexo support-snapshot [--json] [--include-doctor] [--log-lines N]
   nexo uninstall [--dry-run] [--delete-data] [--json]
 """
 from __future__ import annotations
@@ -2315,6 +2316,18 @@ def _doctor(args):
     return 0
 
 
+def _support_snapshot(args):
+    """Collect a generic runtime snapshot for support and diagnostics."""
+    from support_snapshot import collect_snapshot
+
+    payload = collect_snapshot(
+        log_lines=getattr(args, "log_lines", 80),
+        include_doctor=bool(getattr(args, "include_doctor", False)),
+    )
+    print(json.dumps(payload, ensure_ascii=False, indent=2))
+    return 0
+
+
 def _skills_list(args):
     from db import init_db, list_skills, sync_skill_directories
 
@@ -2725,6 +2738,7 @@ Commands:
   nexo import-inspect PATH                           Inspect a portable user-data bundle
   nexo import PATH                                   Import a portable user-data bundle
   nexo doctor [--tier boot|runtime|deep|all] [--fix]   System diagnostics
+  nexo support-snapshot [--include-doctor] [--log-lines N]
   nexo scripts list|create|classify|sync|reconcile|ensure-schedules|schedules|schedule|run|doctor|call|unschedule|remove
                                                       Personal scripts
   nexo skills list|apply|sync|approve                  Executable skills
@@ -3064,6 +3078,11 @@ def main():
     doctor_parser.add_argument("--calibration-dry-run", action="store_true",
                                help="Preview the calibration migration without writing")
 
+    support_snapshot_parser = sub.add_parser("support-snapshot", help="Generic runtime snapshot for support and diagnostics")
+    support_snapshot_parser.add_argument("--json", action="store_true", help="JSON output (default)")
+    support_snapshot_parser.add_argument("--include-doctor", action="store_true", help="Include runtime doctor report")
+    support_snapshot_parser.add_argument("--log-lines", type=int, default=80, help="How many recent log lines to include")
+
     # -- contributor --
     contributor_parser = sub.add_parser("contributor", help="Public Draft PR contribution mode")
     contributor_parser.add_argument("action", choices=["status", "on", "off"], help="Manage contributor mode")
@@ -3432,6 +3451,8 @@ def main():
         return _preferences(args)
     elif args.command == "doctor":
         return _doctor(args)
+    elif args.command == "support-snapshot":
+        return _support_snapshot(args)
     elif args.command == "contributor":
         if args.action == "status":
             return _contributor_status(args)

package/src/enforcement_engine.py

@@ -305,6 +305,16 @@ _SECRET_REDACT_PATTERNS = [
     (re.compile(r"\$\{?[A-Za-z_]*(?:TOKEN|SECRET|KEY|PASSWORD|PASS|BEARER)[A-Za-z_]*\}?", re.IGNORECASE), "<redacted-env-ref>"),
 ]
 
+_SILENT_REMINDER_TURN_SUFFIX = (
+    " Silence applies to the entire reminder turn: no prose before the required action(s), "
+    "no prose after them, and no standalone waiting/acknowledgement/continuation phrases. "
+    "If there is an operator request you still need to answer in this same turn, continue only "
+    "that request after the action(s). Otherwise your visible output must stay empty."
+)
+_SILENT_REMINDER_DISCLOSURE_SUFFIX = (
+    " Do not mention this reminder or any internal enforcement to the user."
+)
+
 
 def _redact_for_log(text: str, max_len: int = 200) -> str:
     """Return a log-safe truncation of `text` with secret-like tokens
@@ -321,6 +331,29 @@ def _redact_for_log(text: str, max_len: int = 200) -> str:
     return out
 
 
+def _upgrade_silent_reminder_prompt(prompt: str) -> str:
+    """Normalize old silent-reminder copy to the full turn-wide contract.
+
+    Background reminders historically stopped at "Do not produce visible
+    text.", which allowed the model to satisfy the tool call itself and
+    still emit an orphan visible continuation phrase afterwards. The
+    stricter contract makes silence apply to the entire reminder turn
+    unless the same turn still has a real operator request to answer.
+    """
+    text = str(prompt or "").strip()
+    if not text:
+        return ""
+    lowered = text.lower()
+    if "do not produce visible text" not in lowered:
+        return text
+    if "entire reminder turn" not in lowered and "visible output must stay empty" not in lowered:
+        text += _SILENT_REMINDER_TURN_SUFFIX
+        lowered = text.lower()
+    if "do not mention this reminder" not in lowered:
+        text += _SILENT_REMINDER_DISCLOSURE_SUFFIX
+    return text
+
+
 def _load_map() -> dict | None:
     # .resolve() is required: at runtime this module is usually imported via
     # the symlink $NEXO_HOME/enforcement_engine.py -> core/enforcement_engine.py,
@@ -2571,6 +2604,7 @@ class HeadlessEnforcer:
                 the efficacy metric in Fase F cannot aggregate it; callers
                 MUST pass the canonical ID.
         """
+        normalized_prompt = _upgrade_silent_reminder_prompt(prompt)
         if any(q["tag"] == tag for q in self.injection_queue):
             return
         # v7.11.2: suppress reminders that ask the agent to call nexo_*
@@ -2581,7 +2615,7 @@ class HeadlessEnforcer:
         # and the agent burns cycles on guaranteed no-ops. Reminders that
         # don't reference nexo_* (R23 deploy guards, R25 nora/maria
         # read-only, etc) still fire — they don't depend on the MCP.
-        if "nexo_" in prompt and self._mcp_restart_pending():
+        if "nexo_" in normalized_prompt and self._mcp_restart_pending():
             _logger.info(
                 "SKIP: %s — mcp_restart_required marker present (rule_id=%s)",
                 tag,
@@ -2599,7 +2633,7 @@ class HeadlessEnforcer:
             if tool in self.tools_called and not tag.startswith("periodic_"):
                 _logger.info("SKIP: %s — already called", tag)
                 return
-        localized_prompt = append_operator_language_contract(prompt)
+        localized_prompt = append_operator_language_contract(normalized_prompt)
         self.injection_queue.append({"prompt": localized_prompt, "tag": tag, "at": time.time(), "rule_id": rule_id})
         _logger.info("ENQUEUED: %s (queue size: %d rule_id=%s)", tag, len(self.injection_queue), rule_id or "?")
         # Fase F telemetry — log one "injection" event per enqueue. The

package/src/hook_guardrails.py

@@ -191,6 +191,14 @@ _SFTP_BATCH_RE = re.compile(
     r"\bsftp\b(?:[^|&;]*\s)?-b\s+\S+",
     re.IGNORECASE,
 )
+_SSH_REMOTE_PIPE_RE = re.compile(
+    r"\|\s*ssh\b",
+    re.IGNORECASE,
+)
+_SSH_REMOTE_STDIN_RE = re.compile(
+    r"\bssh\b[^\n|&;]*(?:<\s*\S+|<<-?\s*(?:['\"]?[A-Za-z0-9_]+['\"]?))",
+    re.IGNORECASE,
+)
 
 
 def _classify_ssh_remote_write(command: str) -> str | None:
@@ -231,6 +239,10 @@ def _classify_ssh_remote_write(command: str) -> str | None:
         for pattern in _SSH_REMOTE_WRITE_VERBS:
             if pattern.search(trimmed):
                 return "ssh_remote_shell_write"
+    if _SSH_REMOTE_PIPE_RE.search(cmd):
+        return "ssh_remote_shell_write"
+    if _SSH_REMOTE_STDIN_RE.search(cmd):
+        return "ssh_remote_shell_write"
     return None
 
 
@@ -270,6 +282,64 @@ _PATH_ARTIFACT_RE = re.compile(
 )
 _DATE_LIKE_PATH_RE = re.compile(r"^/\d{1,4}/\d{1,4}(?:/\d{1,4})?$")
 _STRICT_WRITE_HEARTBEAT_WINDOW_SECONDS = 300
+_G3_CORTEX_AUTH_WINDOW_SECONDS = max(
+    60,
+    int(os.environ.get("NEXO_G3_CORTEX_AUTH_WINDOW_SECONDS", "900")),
+)
+_CORTEX_NEGATIVE_TOKENS = (
+    "abort",
+    "avoid",
+    "block",
+    "cancel",
+    "decline",
+    "defer",
+    "deny",
+    "do_not",
+    "dont",
+    "no_",
+    "not_now",
+    "reject",
+    "skip",
+    "wait",
+)
+_G3_CORTEX_GENERIC_APPROVAL_TOKENS = (
+    "allow",
+    "apply",
+    "approve",
+    "continue",
+    "deploy",
+    "execute",
+    "go_ahead",
+    "proceed",
+    "publish",
+    "retry",
+    "run",
+)
+_G3_CORTEX_FAMILY_TOKENS = {
+    "destructive": (
+        "chmod",
+        "cleanup",
+        "delete",
+        "drop",
+        "force",
+        "git_push",
+        "purge",
+        "remove",
+        "rm",
+        "truncate",
+        "wipe",
+    ),
+    "ssh": (
+        "deploy",
+        "remote",
+        "rsync",
+        "scp",
+        "sftp",
+        "ssh",
+        "sync",
+        "upload",
+    ),
+}
 
 # Single-segment ``/word`` candidates that match a small dictionary block-list
 # of confirmed false positives observed in the live debt log.
@@ -655,6 +725,7 @@ def _find_open_task_for_file(conn, sid: str, filepath: str) -> dict | None:
     target = _normalize_file_path(filepath)
     rows = conn.execute(
         """SELECT task_id, files, guard_has_blocking, guard_acknowledged, task_type, plan, unknowns,
+                  opened_at,
                   verification_step, opened_with_guard, must_change_log, must_verify
            FROM protocol_tasks
            WHERE session_id = ? AND status = 'open'
@@ -675,6 +746,7 @@ def _find_open_task_for_file(conn, sid: str, filepath: str) -> dict | None:
 def _find_any_open_task(conn, sid: str) -> dict | None:
     row = conn.execute(
         """SELECT task_id, files, guard_has_blocking, guard_acknowledged, task_type, plan, unknowns,
+                  opened_at,
                   verification_step, opened_with_guard, must_change_log, must_verify
            FROM protocol_tasks
            WHERE session_id = ? AND status = 'open'
@@ -685,6 +757,86 @@ def _find_any_open_task(conn, sid: str) -> dict | None:
     return dict(row) if row else None
 
 
+def _normalize_cortex_tokens(value: str) -> str:
+    return re.sub(r"[^a-z0-9]+", "_", str(value or "").lower()).strip("_")
+
+
+def _text_has_any_token(value: str, tokens: tuple[str, ...]) -> bool:
+    normalized = _normalize_cortex_tokens(value)
+    if not normalized:
+        return False
+    return any(token in normalized for token in tokens)
+
+
+def _cortex_choice_is_negative(value: str) -> bool:
+    return _text_has_any_token(value, _CORTEX_NEGATIVE_TOKENS)
+
+
+def _find_recent_cortex_authorization(
+    conn,
+    *,
+    sid: str,
+    task: dict | None,
+    gate_family: str,
+    pattern_name: str = "",
+) -> dict | None:
+    if not sid or not task:
+        return None
+    task_id = str(task.get("task_id") or "").strip()
+    if not task_id:
+        return None
+    params: list[object] = [
+        sid,
+        task_id,
+        f"-{_G3_CORTEX_AUTH_WINDOW_SECONDS} seconds",
+    ]
+    sql = (
+        """SELECT id, task_id, recommended_choice, selected_choice,
+                  recommended_reasoning, selection_reason, context_hint, created_at
+           FROM cortex_evaluations
+           WHERE session_id = ?
+             AND task_id = ?
+             AND created_at >= datetime('now', ?)"""
+    )
+    opened_at = str(task.get("opened_at") or "").strip()
+    if opened_at:
+        sql += " AND created_at >= ?"
+        params.append(opened_at)
+    sql += " ORDER BY created_at DESC, id DESC LIMIT 5"
+    try:
+        rows = conn.execute(sql, params).fetchall()
+    except sqlite3.OperationalError:
+        return None
+    family_tokens = _G3_CORTEX_FAMILY_TOKENS.get(gate_family, ())
+    pattern_tokens = tuple(
+        token for token in _normalize_cortex_tokens(pattern_name).split("_") if token
+    )
+    fallback_candidates: list[dict] = []
+    for row in rows:
+        item = dict(row)
+        choice = str(item.get("selected_choice") or item.get("recommended_choice") or "").strip()
+        if not choice or _cortex_choice_is_negative(choice):
+            continue
+        combined = " ".join(
+            [
+                choice,
+                str(item.get("selection_reason") or ""),
+                str(item.get("recommended_reasoning") or ""),
+                str(item.get("context_hint") or ""),
+            ]
+        )
+        if (
+            _text_has_any_token(choice, _G3_CORTEX_GENERIC_APPROVAL_TOKENS)
+            or _text_has_any_token(combined, family_tokens)
+            or _text_has_any_token(combined, pattern_tokens)
+        ):
+            return item
+        fallback_candidates.append(item)
+    if len(fallback_candidates) == 1:
+        return fallback_candidates[0]
+    return None
+
+
 def _find_any_open_workflow(conn, sid: str) -> dict | None:
     row = conn.execute(
         """SELECT run_id, protocol_task_id, current_step_key
@@ -1164,6 +1316,7 @@ def process_pre_tool_event(payload: dict) -> dict:
     if not claude_sid:
         claude_sid = _read_claude_session_id_from_coordination()
     sid = _resolve_nexo_sid(conn, claude_sid)
+    open_task = _find_any_open_task(conn, sid) if sid else None
     automation_blocks = _collect_automation_live_repo_blocks(
         conn,
         sid=sid,
@@ -1228,12 +1381,22 @@ def process_pre_tool_event(payload: dict) -> dict:
     if g3_mode in {"shadow", "hard"} and tool_name == "Bash":
         shell_command = _extract_bash_command(tool_input)
         destructive_pattern = _classify_destructive_intent(shell_command)
+        if destructive_pattern:
+            if _find_recent_cortex_authorization(
+                conn,
+                sid=sid,
+                task=open_task,
+                gate_family="destructive",
+                pattern_name=destructive_pattern,
+            ):
+                destructive_pattern = None
         if destructive_pattern:
             severity = "error" if g3_mode == "hard" else "warn"
+            task_id = str((open_task or {}).get("task_id") or "").strip()
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
-                task_id="",
+                task_id=task_id,
                 debt_type="g3_destructive_command_requires_cortex",
                 severity=severity,
                 evidence=(
@@ -1253,7 +1416,7 @@ def process_pre_tool_event(payload: dict) -> dict:
                     "blocks": [
                         {
                             "file": "",
-                            "task_id": "",
+                            "task_id": task_id,
                             "debt_id": debt.get("id"),
                             "debt_type": "g3_destructive_command_requires_cortex",
                             "reason_code": "g3_destructive_blocked",
@@ -1283,12 +1446,22 @@ def process_pre_tool_event(payload: dict) -> dict:
     if g3_ssh_mode in {"shadow", "hard"} and tool_name == "Bash":
         shell_command = _extract_bash_command(tool_input)
         ssh_pattern = _classify_ssh_remote_write(shell_command)
+        if ssh_pattern:
+            if _find_recent_cortex_authorization(
+                conn,
+                sid=sid,
+                task=open_task,
+                gate_family="ssh",
+                pattern_name=ssh_pattern,
+            ):
+                ssh_pattern = None
         if ssh_pattern:
             severity = "error" if g3_ssh_mode == "hard" else "warn"
+            task_id = str((open_task or {}).get("task_id") or "").strip()
             debt = _ensure_protocol_debt(
                 conn,
                 session_id=sid,
-                task_id="",
+                task_id=task_id,
                 debt_type="g3_ssh_remote_write_requires_cortex",
                 severity=severity,
                 evidence=(
@@ -1309,7 +1482,7 @@ def process_pre_tool_event(payload: dict) -> dict:
                     "blocks": [
                         {
                             "file": "",
-                            "task_id": "",
+                            "task_id": task_id,
                             "debt_id": debt.get("id"),
                             "debt_type": "g3_ssh_remote_write_requires_cortex",
                             "reason_code": "g3_ssh_remote_write_blocked",

package/src/scripts/nexo-agent-run.py

@@ -50,6 +50,12 @@ def main(argv: list[str] | None = None) -> int:
     parser.add_argument("--timeout", type=int, default=AUTOMATION_SUBPROCESS_TIMEOUT, help="Timeout in seconds")
     parser.add_argument("--output-format", default="text", help="Requested output format")
     parser.add_argument("--allowed-tools", default="", help="Claude-style allowed tools contract")
+    parser.add_argument(
+        "--bare-mode",
+        choices=("auto", "on", "off"),
+        default="auto",
+        help="Bare mode for one-shot runs: auto|on|off.",
+    )
     parser.add_argument("--append-system-prompt", default="", help="Extra system prompt text")
     parser.add_argument("--append-system-prompt-file", default="", help="Read extra system prompt from a file")
     args = parser.parse_args(argv)
@@ -62,6 +68,11 @@ def main(argv: list[str] | None = None) -> int:
         return 1
 
     append_system_prompt = args.append_system_prompt or _read_text(args.append_system_prompt_file)
+    bare_mode = None
+    if args.bare_mode == "on":
+        bare_mode = True
+    elif args.bare_mode == "off":
+        bare_mode = False
 
     try:
         result = run_automation_prompt(
@@ -76,6 +87,7 @@ def main(argv: list[str] | None = None) -> int:
             output_format=args.output_format,
             append_system_prompt=append_system_prompt,
             allowed_tools=args.allowed_tools,
+            bare_mode=bare_mode,
         )
     except AutomationBackendUnavailableError as exc:
         print(str(exc), file=sys.stderr)

package/src/scripts/nexo_personal_automation.py

@@ -17,8 +17,11 @@ Both paths are probed so dev and live operators get identical behaviour.
 """
 from __future__ import annotations
 
+import inspect
 import os
+import re
 import sys
+import time
 from pathlib import Path
 
 
@@ -31,6 +34,12 @@ if str(_repo_src) not in sys.path:
 
 NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
 DEFAULT_ALLOWED_TOOLS = "Read,Write,Edit,Glob,Grep,Bash,mcp__nexo__*"
+DEFAULT_SHORT_TEXT_ALLOWED_TOOLS = ""
+DEFAULT_SHORT_TEXT_TIMEOUT = max(
+    30,
+    int(os.environ.get("NEXO_PERSONAL_AUTOMATION_TIMEOUT", "180")),
+)
+_PROCESS_LOCK_COUNTS: dict[str, int] = {}
 
 # Templates live next to the code at repo time and at ``~/.nexo/templates``
 # once installed. Probe both and surface whichever exists first so the
@@ -50,14 +59,126 @@ except Exception:
 from nexo_helper import run_automation_text as _run_automation_text
 
 
+def _infer_personal_caller() -> str:
+    env_caller = str(os.environ.get("NEXO_AUTOMATION_CALLER") or "").strip()
+    if env_caller:
+        return env_caller
+    candidates: list[Path] = []
+    argv0 = str(sys.argv[0] or "").strip()
+    if argv0:
+        candidates.append(Path(argv0).expanduser())
+    current = Path(__file__).resolve()
+    for frame in inspect.stack()[1:]:
+        try:
+            path = Path(frame.filename).resolve()
+        except Exception:
+            continue
+        if path != current:
+            candidates.append(path)
+    for candidate in candidates:
+        parts = candidate.parts
+        if "personal" in parts and "scripts" in parts:
+            stem = candidate.stem.strip()
+            if stem:
+                return f"personal/{stem}"
+    if argv0:
+        stem = Path(argv0).stem.strip()
+        if stem and stem not in {"python", "python3", "-m"}:
+            return f"personal/{stem}"
+    return "agent_run/generic"
+
+
+def _caller_lock_path(caller: str) -> Path:
+    slug = re.sub(r"[^A-Za-z0-9_.-]+", "-", caller).strip("-") or "generic"
+    return NEXO_HOME / "runtime" / "locks" / "personal-automation" / f"{slug}.lock"
+
+
+def _read_lock_pid(path: Path) -> int:
+    try:
+        raw = path.read_text().splitlines()
+    except Exception:
+        return 0
+    if not raw:
+        return 0
+    try:
+        return int(raw[0].strip())
+    except Exception:
+        return 0
+
+
+def _pid_is_alive(pid: int) -> bool:
+    if pid <= 0:
+        return False
+    try:
+        os.kill(pid, 0)
+    except ProcessLookupError:
+        return False
+    except PermissionError:
+        return True
+    return True
+
+
+def _acquire_personal_caller_lock(caller: str) -> str:
+    clean = str(caller or "").strip()
+    if not clean.startswith("personal/"):
+        return ""
+    if _PROCESS_LOCK_COUNTS.get(clean, 0) > 0:
+        _PROCESS_LOCK_COUNTS[clean] += 1
+        return clean
+    pid = os.getpid()
+    lock_path = _caller_lock_path(clean)
+    lock_path.parent.mkdir(parents=True, exist_ok=True)
+    while True:
+        try:
+            fd = os.open(str(lock_path), os.O_CREAT | os.O_EXCL | os.O_WRONLY)
+        except FileExistsError:
+            existing_pid = _read_lock_pid(lock_path)
+            if existing_pid == pid:
+                _PROCESS_LOCK_COUNTS[clean] = 1
+                return clean
+            if existing_pid and _pid_is_alive(existing_pid):
+                raise RuntimeError(
+                    f"Automation caller {clean} already has a live run (pid {existing_pid})."
+                )
+            try:
+                lock_path.unlink()
+            except FileNotFoundError:
+                pass
+            continue
+        with os.fdopen(fd, "w", encoding="ascii") as handle:
+            handle.write(f"{pid}\n{int(time.time())}\n{clean}\n")
+        _PROCESS_LOCK_COUNTS[clean] = 1
+        return clean
+
+
+def _release_personal_caller_lock(caller: str) -> None:
+    clean = str(caller or "").strip()
+    if not clean.startswith("personal/"):
+        return
+    count = _PROCESS_LOCK_COUNTS.get(clean, 0)
+    if count > 1:
+        _PROCESS_LOCK_COUNTS[clean] = count - 1
+        return
+    _PROCESS_LOCK_COUNTS.pop(clean, None)
+    lock_path = _caller_lock_path(clean)
+    if _read_lock_pid(lock_path) == os.getpid():
+        try:
+            lock_path.unlink()
+        except FileNotFoundError:
+            pass
+
+
 def run_personal_automation_text(
     prompt: str,
     *,
     model: str = "",
     cwd: str = "",
-    timeout: int = 21600,
-    allowed_tools: str = DEFAULT_ALLOWED_TOOLS,
+    timeout: int = DEFAULT_SHORT_TEXT_TIMEOUT,
+    allowed_tools: str = DEFAULT_SHORT_TEXT_ALLOWED_TOOLS,
     append_system_prompt: str = "",
+    caller: str = "",
+    tier: str = "",
+    bare_mode: bool | None = True,
 ) -> str:
     """Run ``prompt`` through the configured NEXO automation backend.
 
@@ -68,18 +189,29 @@ def run_personal_automation_text(
     Every other kwarg passes through verbatim.
     """
     effective_model = model or _USER_MODEL or "opus"
-    return _run_automation_text(
-        prompt,
-        model=effective_model,
-        cwd=cwd or "",
-        timeout=timeout,
-        allowed_tools=allowed_tools,
-        append_system_prompt=append_system_prompt,
-    )
+    effective_caller = caller or _infer_personal_caller()
+    lock_token = _acquire_personal_caller_lock(effective_caller)
+    try:
+        return _run_automation_text(
+            prompt,
+            model=effective_model,
+            cwd=cwd or "",
+            timeout=timeout,
+            allowed_tools=allowed_tools,
+            append_system_prompt=append_system_prompt,
+            include_bootstrap=False,
+            caller=effective_caller,
+            tier=tier,
+            bare_mode=bare_mode,
+        )
+    finally:
+        _release_personal_caller_lock(lock_token)
 
 
 __all__ = [
     "DEFAULT_ALLOWED_TOOLS",
+    "DEFAULT_SHORT_TEXT_ALLOWED_TOOLS",
+    "DEFAULT_SHORT_TEXT_TIMEOUT",
     "NEXO_HOME",
     "run_personal_automation_text",
 ]

package/src/support_snapshot.py

@@ -0,0 +1,151 @@
+"""Generic runtime snapshot for support and diagnostics.
+
+Open-source boundary:
+- no billing
+- no customer workflow
+- no managed support policy
+- only local runtime/install state
+"""
+from __future__ import annotations
+
+import json
+import os
+import platform
+import time
+from dataclasses import asdict
+from pathlib import Path
+from typing import Any
+
+import paths
+from doctor.formatters import format_report
+from doctor.orchestrator import run_doctor
+from health_check import collect as collect_health
+
+
+def _nexo_home() -> Path:
+    return Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
+
+
+def _read_version() -> str:
+    candidates = [
+        _nexo_home() / "version.json",
+        paths.core_dir() / "package.json",
+        Path(__file__).resolve().parents[1] / "package.json",
+    ]
+    for candidate in candidates:
+        try:
+            if not candidate.is_file():
+                continue
+            payload = json.loads(candidate.read_text())
+            version = str(payload.get("version") or "").strip()
+            if version:
+                return version
+        except Exception:
+            continue
+    return "unknown"
+
+
+def _path_status() -> dict[str, dict[str, Any]]:
+    mapping = {
+        "home": _nexo_home(),
+        "runtime": paths.runtime_dir(),
+        "core": paths.core_dir(),
+        "data": paths.data_dir(),
+        "logs": paths.logs_dir(),
+        "operations": paths.operations_dir(),
+        "config": paths.config_dir(),
+    }
+    result: dict[str, dict[str, Any]] = {}
+    for key, path in mapping.items():
+        try:
+            exists = path.exists()
+        except Exception:
+            exists = False
+        result[key] = {
+            "path": str(path),
+            "exists": exists,
+            "is_dir": path.is_dir() if exists else False,
+        }
+    return result
+
+
+def _recent_logs(lines: int = 80) -> dict[str, Any]:
+    lines = max(1, int(lines))
+    home = _nexo_home()
+    events_file = home / "runtime" / "events.ndjson"
+    ops_dir = paths.operations_dir()
+    event_tail: list[dict[str, Any]] = []
+    operation_tail: list[dict[str, Any]] = []
+
+    if events_file.is_file():
+        try:
+            raw = events_file.read_text(errors="ignore").splitlines()[-lines:]
+            for line in raw:
+                try:
+                    event_tail.append(json.loads(line))
+                except Exception:
+                    continue
+        except Exception as exc:
+            event_tail.append({"error": str(exc)})
+
+    if ops_dir.is_dir():
+        try:
+            files = sorted(
+                ops_dir.glob("*.log"),
+                key=lambda item: item.stat().st_mtime if item.exists() else 0,
+                reverse=True,
+            )[:5]
+            for log_file in files:
+                try:
+                    for line in log_file.read_text(errors="ignore").splitlines()[-lines:]:
+                        operation_tail.append({"file": log_file.name, "line": line})
+                except Exception as exc:
+                    operation_tail.append({"file": log_file.name, "error": str(exc)})
+        except Exception as exc:
+            operation_tail.append({"error": str(exc)})
+
+    return {
+        "events": event_tail[-lines:],
+        "operations": operation_tail[-lines:],
+    }
+
+
+def collect_snapshot(*, log_lines: int = 80, include_doctor: bool = False) -> dict[str, Any]:
+    payload: dict[str, Any] = {
+        "generated_at": time.time(),
+        "version": _read_version(),
+        "platform": {
+            "system": platform.system(),
+            "release": platform.release(),
+            "machine": platform.machine(),
+            "python": platform.python_version(),
+        },
+        "paths": _path_status(),
+        "health": collect_health(),
+        "logs": _recent_logs(log_lines),
+    }
+
+    if include_doctor:
+        report = run_doctor(tier="runtime", fix=False, plane="runtime_personal")
+        payload["doctor"] = asdict(report)
+        payload["doctor_text"] = format_report(report, fmt="text")
+
+    return payload
+
+
+def main(argv: list[str] | None = None) -> int:
+    import argparse
+
+    parser = argparse.ArgumentParser(description="NEXO generic support snapshot")
+    parser.add_argument("--json", action="store_true", help="JSON output")
+    parser.add_argument("--include-doctor", action="store_true", help="Include runtime doctor report")
+    parser.add_argument("--log-lines", type=int, default=80, help="How many recent log lines to include")
+    args = parser.parse_args(argv)
+
+    payload = collect_snapshot(log_lines=args.log_lines, include_doctor=args.include_doctor)
+    print(json.dumps(payload, ensure_ascii=False, indent=2))
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

package/templates/nexo_helper.py

@@ -226,6 +226,7 @@ def run_automation_text(
     include_bootstrap: bool = True,
     caller: str = "",
     tier: str = "",
+    bare_mode: bool | None = None,
 ) -> str:
     """Run the configured NEXO automation backend and return text output.
 
@@ -264,6 +265,10 @@ def run_automation_text(
         cmd.extend(["--append-system-prompt", "\n\n".join(merged_system_prompt)])
     if allowed_tools:
         cmd.extend(["--allowed-tools", allowed_tools])
+    if bare_mode is True:
+        cmd.extend(["--bare-mode", "on"])
+    elif bare_mode is False:
+        cmd.extend(["--bare-mode", "off"])
 
     env = os.environ.copy()
     env.setdefault("NEXO_HOME", str(NEXO_HOME))
@@ -292,6 +297,7 @@ def run_automation_json(
     include_bootstrap: bool = True,
     caller: str = "",
     tier: str = "",
+    bare_mode: bool | None = None,
 ) -> dict:
     """Run the configured backend and return a parsed JSON object.
 
@@ -326,6 +332,10 @@ def run_automation_json(
         cmd.extend(["--append-system-prompt", "\n\n".join(merged_system_prompt)])
     if allowed_tools:
         cmd.extend(["--allowed-tools", allowed_tools])
+    if bare_mode is True:
+        cmd.extend(["--bare-mode", "on"])
+    elif bare_mode is False:
+        cmd.extend(["--bare-mode", "off"])
 
     env = os.environ.copy()
     env.setdefault("NEXO_HOME", str(NEXO_HOME))

package/tool-enforcement-map.json

@@ -386,7 +386,7 @@
             "event": "post_compaction"
           }
         ],
-        "inject_prompt": "Context was just compacted. Execute nexo_checkpoint_read to restore session state. Do not produce visible text."
+        "inject_prompt": "Context was just compacted. Execute nexo_checkpoint_read to restore session state. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -409,7 +409,7 @@
             "event": "pre_compaction"
           }
         ],
-        "inject_prompt": "Context compaction is imminent. Execute nexo_checkpoint_save with current task, goal, and active files. Do not produce visible text."
+        "inject_prompt": "Context compaction is imminent. Execute nexo_checkpoint_save with current task, goal, and active files. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -1551,7 +1551,7 @@
             "condition": "only_when_editing_code_files_not_already_guarded_by_task_open"
           }
         ],
-        "inject_prompt": "You are about to edit files without running guard_check. Execute nexo_guard_check with the files you are about to modify. Do not produce visible text.",
+        "inject_prompt": "You are about to edit files without running guard_check. Execute nexo_guard_check with the files you are about to modify. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user.",
         "note": "task_open already calls guard_check internally for action tasks with files. This enforcement is for edits OUTSIDE of a protocol task."
       },
       "triggers_after": []
@@ -1659,7 +1659,7 @@
             "threshold": 3
           }
         ],
-        "inject_prompt": "Execute nexo_heartbeat with the current session SID and a brief description of what you are doing. Do not produce visible text."
+        "inject_prompt": "Execute nexo_heartbeat with the current session SID and a brief description of what you are doing. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -1827,7 +1827,7 @@
             "grace_messages": 0
           }
         ],
-        "inject_prompt": "The user corrected you but no learning was captured. Execute nexo_learning_add to record this correction as a reusable learning. Do not produce visible text.",
+        "inject_prompt": "The user corrected you but no learning was captured. Execute nexo_learning_add to record this correction as a reusable learning. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user.",
         "note": "heartbeat already includes LEARNING_REMINDER signal. This enforcement adds a hard injection if the model ignores the reminder for 3+ messages."
       },
       "triggers_after": []
@@ -2785,7 +2785,7 @@
             ]
           }
         ],
-        "inject_prompt": "Execute nexo_reminders with filter='due' to check pending reminders and followups. Do not produce visible text."
+        "inject_prompt": "Execute nexo_reminders with filter='due' to check pending reminders and followups. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -2902,7 +2902,7 @@
             ]
           }
         ],
-        "inject_prompt": "Execute nexo_session_diary_read with last_day=true and brief=true to load context from previous sessions. Do not produce visible text."
+        "inject_prompt": "Execute nexo_session_diary_read with last_day=true and brief=true to load context from previous sessions. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -2932,8 +2932,8 @@
             "type": "on_session_end"
           }
         ],
-        "inject_prompt": "It has been 15 minutes of active session without writing a diary. Execute nexo_session_diary_write with a summary of decisions and work done so far. Do not produce visible text.",
-        "session_end_inject_prompt": "This session is ending. Execute nexo_session_diary_write with a complete summary: decisions made, pending items, context for next session, mental state, and self-critique. Do not produce visible text."
+        "inject_prompt": "It has been 15 minutes of active session without writing a diary. Execute nexo_session_diary_write with a summary of decisions and work done so far. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user.",
+        "session_end_inject_prompt": "This session is ending. Execute nexo_session_diary_write with a complete summary: decisions made, pending items, context for next session, mental state, and self-critique. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -3290,7 +3290,7 @@
             ]
           }
         ],
-        "inject_prompt": "Execute nexo_smart_startup to pre-load relevant cognitive context. Do not produce visible text."
+        "inject_prompt": "Execute nexo_smart_startup to pre-load relevant cognitive context. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -3341,7 +3341,7 @@
             "threshold": 1
           }
         ],
-        "inject_prompt": "You must start by calling nexo_startup to register this session. If mcp__nexo__* tools appear as deferred in the tool list (names visible but JSONSchemas not loaded), first call ToolSearch with query \"select:mcp__nexo__nexo_startup,mcp__nexo__nexo_heartbeat,mcp__nexo__nexo_session_diary_read,mcp__nexo__nexo_reminders,mcp__nexo__nexo_smart_startup,mcp__nexo__nexo_task_open,mcp__nexo__nexo_task_close,mcp__nexo__nexo_task_acknowledge_guard,mcp__nexo__nexo_guard_check,mcp__nexo__nexo_learning_add,mcp__nexo__nexo_confidence_check,mcp__nexo__nexo_followup_create,mcp__nexo__nexo_protocol_debt_resolve\" to load the schemas — deferred is not absent. If more nexo_* tools appear deferred later in the session, preload them the same way instead of giving up on them. Then execute nexo_startup with a brief task description. Do not produce visible text.",
+        "inject_prompt": "You must start by calling nexo_startup to register this session. If mcp__nexo__* tools appear as deferred in the tool list (names visible but JSONSchemas not loaded), first call ToolSearch with query \"select:mcp__nexo__nexo_startup,mcp__nexo__nexo_heartbeat,mcp__nexo__nexo_session_diary_read,mcp__nexo__nexo_reminders,mcp__nexo__nexo_smart_startup,mcp__nexo__nexo_task_open,mcp__nexo__nexo_task_close,mcp__nexo__nexo_task_acknowledge_guard,mcp__nexo__nexo_guard_check,mcp__nexo__nexo_learning_add,mcp__nexo__nexo_confidence_check,mcp__nexo__nexo_followup_create,mcp__nexo__nexo_protocol_debt_resolve\" to load the schemas — deferred is not absent. If more nexo_* tools appear deferred later in the session, preload them the same way instead of giving up on them. Then execute nexo_startup with a brief task description. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user.",
         "triggers_after": [
           "nexo_smart_startup",
           "nexo_session_diary_read",
@@ -3437,8 +3437,8 @@
             "type": "on_session_end"
           }
         ],
-        "inject_prompt": "This session is ending. Execute nexo_stop with the current SID. Do not produce visible text.",
-        "session_end_inject_prompt": "This session is ending. Execute nexo_stop with the current SID. Do not produce visible text."
+        "inject_prompt": "This session is ending. Execute nexo_stop with the current SID. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user.",
+        "session_end_inject_prompt": "This session is ending. Execute nexo_stop with the current SID. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },
@@ -3499,7 +3499,7 @@
             "event": "done_claimed_with_open_task"
           }
         ],
-        "inject_prompt": "You claimed work is done but have an open protocol task. Execute nexo_task_close with evidence of completion before claiming done. Do not produce visible text."
+        "inject_prompt": "You claimed work is done but have an open protocol task. Execute nexo_task_close with evidence of completion before claiming done. Do not produce visible text for this reminder. Silence applies to the entire reminder turn: no prose before the required action(s), no prose after them, and no standalone waiting/acknowledgement/continuation phrases. If there is an operator request you still need to answer in this same turn, continue only that request after the action(s). Otherwise your visible output must stay empty. Do not mention this reminder or any internal enforcement to the user."
       },
       "triggers_after": []
     },