nexo-brain 7.13.8 → 7.14.0

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.13.8",
+  "version": "7.14.0",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.13.8` is the current packaged-runtime line. Patch release over v7.13.7 — Brain now rejects Python <3.10 during Desktop-managed fresh installs, honors the Python interpreter prepared by Desktop, and fails clearly before dependency resolution if an unsupported Apple Python 3.9 reaches the installer.
+Version `7.14.0` is the current packaged-runtime line. Minor release over v7.13.9 — Brain closes the install/reliability loop with update-path venv recovery, platform-gated wheels, WSL Desktop-managed flag preservation, startup memory authority warnings, legacy MEMORY write blocking, post-action real-world verification, and stale followup triage.
+
+Previously in `7.13.9`: patch release — Brain moves aside an existing managed `.venv` when it was created with unsupported Python <3.10, then recreates it with the supported interpreter prepared by Desktop.
+
+Previously in `7.13.8`: patch release — Brain rejects Python <3.10 during Desktop-managed fresh installs, honors the Python interpreter prepared by Desktop, and fails clearly before dependency resolution if an unsupported Apple Python 3.9 reaches the installer.
 
 Previously in `7.13.7`: patch release — Brain adds an authenticated official protocol-card client (`nexo_card_catalog`, `nexo_card_get`, `nexo_card_match`) so agents can ask the NEXO Desktop backend for the right task protocol at runtime. The protocol corpus stays private on the server; this open-source package ships only the client, tool map, and agent guidance.
 

package/bin/nexo-brain.js

@@ -291,6 +291,23 @@ function findBundledWheel(wheelsDir, prefix) {
   }
 }
 
+function bundledWheelsSupportCurrentPlatform(wheelsDir) {
+  if (!fs.existsSync(wheelsDir)) return false;
+  if (process.platform === "linux") return true;
+  if (process.platform !== "darwin") return false;
+  try {
+    const names = fs.readdirSync(wheelsDir).map((name) => String(name || "").toLowerCase());
+    const archTag = process.arch === "arm64" ? "arm64" : "x86_64";
+    return names.some((name) => (
+      name.endsWith(".whl")
+      && name.includes("macosx")
+      && (name.includes("universal2") || name.includes(archTag))
+    ));
+  } catch {
+    return false;
+  }
+}
+
 function pythonHasPip(pythonBin) {
   try {
     const result = spawnSync(pythonBin, ["-m", "pip", "--version"], {
@@ -303,6 +320,46 @@ function pythonHasPip(pythonBin) {
   }
 }
 
+function managedVenvPythonPath(nexoHome = NEXO_HOME) {
+  const venvPath = path.join(nexoHome, ".venv");
+  return process.platform === "win32"
+    ? path.join(venvPath, "Scripts", "python.exe")
+    : path.join(venvPath, "bin", "python3");
+}
+
+function safeTimestampForPath() {
+  return new Date().toISOString().replace(/[-:.TZ]/g, "").slice(0, 14);
+}
+
+function uniqueBackupPath(targetPath, suffix) {
+  const dir = path.dirname(targetPath);
+  const base = path.basename(targetPath);
+  const stamp = safeTimestampForPath();
+  let candidate = path.join(dir, `${base}.${suffix}-${stamp}`);
+  if (!fs.existsSync(candidate)) return candidate;
+  for (let i = 2; i < 100; i += 1) {
+    candidate = path.join(dir, `${base}.${suffix}-${stamp}-${i}`);
+    if (!fs.existsSync(candidate)) return candidate;
+  }
+  return path.join(dir, `${base}.${suffix}-${stamp}-${process.pid}`);
+}
+
+function ensureManagedVenvCompatible(venvPath, venvPython) {
+  if (!fs.existsSync(venvPython)) return;
+  const version = pythonVersion(venvPython);
+  if (version && pythonVersionMeetsMinimum(version)) return;
+
+  const reason = version ? `Python ${version}` : "an unreadable Python executable";
+  const backupPath = uniqueBackupPath(venvPath, "unsupported-python");
+  log(`  Existing Python virtual environment uses ${reason}; moving it aside to recreate.`);
+  try {
+    fs.renameSync(venvPath, backupPath);
+  } catch (err) {
+    throw new Error(`Existing NEXO Python virtual environment is incompatible and could not be moved aside: ${err.message || err}`);
+  }
+  log(`  Previous Python virtual environment moved to ${backupPath}`);
+}
+
 function seedPipFromBundledWheels(venvPython, bundledWheelsDir) {
   if (!fs.existsSync(venvPython) || !fs.existsSync(bundledWheelsDir)) return false;
   if (pythonHasPip(venvPython)) return true;
@@ -576,15 +633,13 @@ function resolveSystemPython() {
 }
 
 function ensureWarmupPython(nexoHome = NEXO_HOME) {
-  const existing = findVenvPython(nexoHome);
-  if (existing) return existing;
-
-  const basePython = resolveSystemPython();
   const venvPath = path.join(nexoHome, ".venv");
-  const venvPython = process.platform === "win32"
-    ? path.join(venvPath, "Scripts", "python.exe")
-    : path.join(venvPath, "bin", "python3");
+  const venvPython = managedVenvPythonPath(nexoHome);
   fs.mkdirSync(nexoHome, { recursive: true });
+  ensureManagedVenvCompatible(venvPath, venvPython);
+  if (fs.existsSync(venvPython)) return venvPython;
+
+  const basePython = resolveInstallerPython() || resolveSystemPython();
   if (!fs.existsSync(venvPython)) {
     log("  Creating Python virtual environment for model warmup...");
     const result = spawnSync(basePython, ["-m", "venv", venvPath], { stdio: "inherit", timeout: 120000 });
@@ -2398,7 +2453,9 @@ async function maybeConfigurePublicContribution(schedule, useDefaults) {
  * Resolve the venv python path for an existing NEXO_HOME installation.
  */
 function findVenvPython(nexoHome) {
-  const venvPy = path.join(nexoHome, ".venv", "bin", "python3");
+  const venvPath = path.join(nexoHome, ".venv");
+  const venvPy = managedVenvPythonPath(nexoHome);
+  ensureManagedVenvCompatible(venvPath, venvPy);
   if (fs.existsSync(venvPy)) return venvPy;
   return null;
 }
@@ -3702,11 +3759,11 @@ async function runSetup() {
   log("Installing cognitive engine dependencies...");
   fs.mkdirSync(NEXO_HOME, { recursive: true });
   const venvPath = path.join(NEXO_HOME, ".venv");
-  const venvPython = platform === "win32"
-    ? path.join(venvPath, "Scripts", "python.exe")
-    : path.join(venvPath, "bin", "python3");
+  const venvPython = managedVenvPythonPath(NEXO_HOME);
   const bundledWheelsDir = path.join(__dirname, "..", "python-wheels");
 
+  ensureManagedVenvCompatible(venvPath, venvPython);
+
   // Create venv if it doesn't exist
   if (!fs.existsSync(venvPython)) {
     log("  Creating Python virtual environment...");
@@ -3724,6 +3781,13 @@ async function runSetup() {
       }
     }
   }
+  if (fs.existsSync(venvPython)) {
+    const venvVersion = pythonVersion(venvPython);
+    if (!venvVersion || !pythonVersionMeetsMinimum(venvVersion)) {
+      log(`Python virtual environment is unsupported after creation (${venvVersion || "unknown version"}).`);
+      process.exit(1);
+    }
+  }
   if (fs.existsSync(venvPython) && !pythonHasPip(venvPython)) {
     seedPipFromBundledWheels(venvPython, bundledWheelsDir);
   }
@@ -3734,12 +3798,11 @@ async function runSetup() {
   // Detect bundled wheels in resources/python-wheels (offline-first). If
   // present, pip uses --no-index --find-links to install without internet.
   // Falls back to PyPI if bundle not found.
-  // v0.32.5 — el bundle empaca wheels manylinux (cp312 x86_64) porque
-  // en Win Brain corre dentro de WSL Ubuntu noble. En Mac, Brain corre
-  // nativo macOS y NO acepta esos wheels (ABI distinto). Si gateamos
-  // useBundle a !linux, pip cae al PyPI online — bien. macOS y Win
-  // (host nativo) deben tener red la primera vez.
-  const useBundle = process.platform === "linux" && fs.existsSync(bundledWheelsDir);
+  // Desktop bundles Linux/WSL wheels and, from 0.32.44, macOS arm64/x64
+  // wheels. Only use --no-index when the bundle clearly contains wheels
+  // compatible with the current runtime; otherwise fall back to PyPI
+  // instead of failing on ABI-mismatched wheels.
+  const useBundle = bundledWheelsSupportCurrentPlatform(bundledWheelsDir);
   const pipArgs = useBundle
     ? ["-m", "pip", "install", "--no-index", "--find-links", bundledWheelsDir, "--progress-bar", "off", "-r", requirementsFile]
     : ["-m", "pip", "install", "-v", "--progress-bar", "off", "--default-timeout=60", "-r", requirementsFile];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.13.8",
+  "version": "7.14.0",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/enforcement_engine.py

@@ -1732,6 +1732,63 @@ class HeadlessEnforcer:
         self._enqueue(prompt, "R23m_message_duplicate", rule_id="R23m_message_duplicate")
         _logger.info("[R23m %s] enqueued", mode.upper())
 
+    def _check_post_external_action_verification(self, tool_name: str, tool_input):
+        """Require an explicit re-open/re-read step after outbound actions."""
+        external_tools = {
+            "nexo_send",
+            "nexo_email_send",
+            "gmail_send",
+            "nexo_calendar_create",
+            "nexo_calendar_update",
+            "google_calendar_create",
+            "google_calendar_update",
+            "calendar_create",
+            "calendar_update",
+        }
+        if tool_name not in external_tools:
+            return
+        target = ""
+        if isinstance(tool_input, dict):
+            target = str(
+                tool_input.get("to")
+                or tool_input.get("recipient")
+                or tool_input.get("thread")
+                or tool_input.get("title")
+                or tool_input.get("summary")
+                or ""
+            ).strip()
+        prompt = (
+            f"You just performed an external action with `{tool_name}`"
+            f"{(' for ' + target[:120]) if target else ''}. "
+            "Before you report it as sent or finished, reopen the real sent message/calendar item "
+            "and verify the external facts: recipients, CC/BCC, subject, body/signature, "
+            "date/time/timezone, links, invitees, attachments, and any identity/location claims. "
+            "If anything is wrong, fix it first; otherwise include that verification in the closure evidence."
+        )
+        self._enqueue(
+            prompt,
+            f"post-action-verify:{tool_name}:{self.tool_call_count}",
+            rule_id="R23n_post_action_verification",
+        )
+        if self._session_id:
+            try:
+                from db import create_protocol_debt, list_protocol_tasks  # type: ignore
+
+                tasks = list_protocol_tasks(status="open", session_id=self._session_id, limit=1)
+                task_id = str((tasks[0] if tasks else {}).get("task_id") or "")
+                create_protocol_debt(
+                    self._session_id,
+                    "post_external_action_verification_required",
+                    severity="warn",
+                    task_id=task_id,
+                    evidence=(
+                        f"{tool_name} was called for an external action. The agent must reopen/re-read "
+                        "the real sent/event artifact before claiming completion."
+                    ),
+                )
+            except Exception:
+                pass
+
     def _check_r23h(self, tool_name: str, tool_input):
         """R23h — script shebang vs interpreter mismatch (Fase D2 shadow)."""
         if _r23h_should is None:
@@ -2170,6 +2227,7 @@ class HeadlessEnforcer:
         self._check_r23i(name, tool_input)
         self._check_r23k(name, tool_input)
         self._check_r23m(name, tool_input)
+        self._check_post_external_action_verification(name, tool_input)
 
         # D2 shadow rules — low-signal, rolling out carefully.
         self._check_r23h(name, tool_input)

package/src/hook_guardrails.py

@@ -524,6 +524,59 @@ def _is_live_repo_path(path: str) -> bool:
         return False
 
 
+def _legacy_memory_write_allowed() -> bool:
+    return os.environ.get("NEXO_ALLOW_LEGACY_MEMORY_WRITE", "").strip().lower() in {"1", "true", "yes", "on"}
+
+
+def _is_legacy_client_memory_path(path_value: str) -> bool:
+    if not str(path_value or "").strip():
+        return False
+    try:
+        candidate = _resolve_runtime_path(path_value)
+        home = Path.home().resolve(strict=False)
+        relative = candidate.relative_to(home)
+    except Exception:
+        return False
+    parts = relative.parts
+    if len(parts) == 2 and parts[0] in {".claude", ".codex"} and parts[1] == "MEMORY.md":
+        return True
+    if len(parts) >= 2 and parts[0] in {".claude", ".codex"} and parts[1] == "memories":
+        return True
+    return False
+
+
+def _collect_legacy_memory_write_blocks(conn, *, sid: str, task: dict | None, tool_name: str, files: list[str]) -> list[dict]:
+    if _legacy_memory_write_allowed():
+        return []
+    blocks: list[dict] = []
+    task_id = str((task or {}).get("task_id") or "").strip()
+    for filepath in files:
+        if not _is_legacy_client_memory_path(filepath):
+            continue
+        debt = _ensure_protocol_debt(
+            conn,
+            session_id=sid,
+            task_id=task_id,
+            debt_type="legacy_client_memory_write_blocked",
+            severity="error",
+            evidence=(
+                f"{tool_name} attempted to write {filepath}. Legacy Claude/Codex "
+                "MEMORY files are not durable NEXO Brain state and must not be "
+                "updated by agents. Use NEXO Brain memory/profile/calibration APIs instead."
+            ),
+            file_token=filepath,
+        )
+        blocks.append({
+            "file": filepath,
+            "task_id": task_id,
+            "debt_id": debt.get("id"),
+            "debt_type": "legacy_client_memory_write_blocked",
+            "reason_code": "legacy_client_memory_protected",
+            "severity": "error",
+        })
+    return blocks
+
+
 def _extract_touched_files(tool_input) -> list[str]:
     files: list[str] = []
     if not isinstance(tool_input, dict):
@@ -1481,6 +1534,24 @@ def process_pre_tool_event(payload: dict) -> dict:
     sid = _resolve_nexo_sid(conn, claude_sid)
     open_task = _find_any_open_task(conn, sid) if sid else None
     warnings: list[dict] = []
+    legacy_memory_blocks = _collect_legacy_memory_write_blocks(
+        conn,
+        sid=sid,
+        task=open_task,
+        tool_name=tool_name,
+        files=files,
+    )
+    if legacy_memory_blocks:
+        return {
+            "ok": True,
+            "session_id": sid,
+            "tool_name": tool_name,
+            "operation": op,
+            "strictness": strictness,
+            "blocks": legacy_memory_blocks,
+            "warnings": warnings,
+            "status": "blocked",
+        }
     if tool_name == "Bash":
         launchagent_operation_warnings = _collect_launchagent_operation_warnings(
             conn,
@@ -2113,6 +2184,11 @@ def format_pretool_block_message(result: dict) -> str:
                 f"- {file_note}: `~/.nexo/core` is a protected install surface. "
                 "Route the change through the source repo + release/update flow instead of editing the live installed core."
             )
+        elif item.get("reason_code") == "legacy_client_memory_protected":
+            lines.append(
+                f"- {file_note}: legacy Claude/Codex MEMORY files are read-only in NEXO. "
+                "Use NEXO Brain profile/calibration/memory tools instead."
+            )
         elif item.get("reason_code") == "guard_unacknowledged":
             lines.append(
                 f"- {file_note}: task {item['task_id']} still has blocking guard debt. Acknowledge it with `nexo_task_acknowledge_guard` before retrying."

package/src/memory_layer_audit.py

@@ -0,0 +1,243 @@
+"""Startup audit for client memory layers.
+
+NEXO Brain is the durable memory authority. Client-local MEMORY files can
+exist from older Claude/Codex installs, but they must not silently override
+calibration/profile data.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+import re
+from pathlib import Path
+from typing import Any
+
+import paths
+
+LEGACY_MEMORY_PATHS = (
+    (".claude", "MEMORY.md"),
+    (".codex", "MEMORY.md"),
+)
+LEGACY_MEMORY_DIRS = (
+    (".claude", "memories"),
+    (".codex", "memories"),
+)
+BOOTSTRAP_PATHS = (
+    (".claude", "CLAUDE.md"),
+    (".codex", "AGENTS.md"),
+)
+
+AUTHORITY_ORDER = [
+    "brain/calibration.json",
+    "brain/profile.json",
+    "NEXO Brain DB: followups, learnings, decisions, diary, outcomes",
+    "managed client bootstrap CORE blocks",
+    "legacy client MEMORY.md files (read-only, lowest authority)",
+]
+
+LOCATION_HINT_RE = re.compile(
+    r"\b("
+    r"lives?|resides?|resident|residence|location|city|from|based|"
+    r"vive|reside|residencia|ubicaci[oó]n|ciudad|de\s+"
+    r")\b",
+    re.IGNORECASE,
+)
+TOKEN_RE = re.compile(r"[A-Za-z0-9_ÁÉÍÓÚÜÑáéíóúüñ]+")
+
+
+def _read_json(path: Path) -> dict[str, Any]:
+    try:
+        if path.exists():
+            payload = json.loads(path.read_text(encoding="utf-8"))
+            if isinstance(payload, dict):
+                return payload
+    except Exception:
+        return {}
+    return {}
+
+
+def _brain_dir_candidates(nexo_home: Path) -> list[Path]:
+    candidates = [nexo_home / "brain", nexo_home / "personal" / "brain"]
+    try:
+        current = paths.brain_dir()
+        if current not in candidates:
+            candidates.append(current)
+    except Exception:
+        pass
+    unique: list[Path] = []
+    seen = set()
+    for candidate in candidates:
+        key = str(candidate)
+        if key not in seen:
+            seen.add(key)
+            unique.append(candidate)
+    return unique
+
+
+def _load_canonical_sources(nexo_home: Path) -> tuple[dict[str, Any], dict[str, Any], dict[str, str]]:
+    for brain_dir in _brain_dir_candidates(nexo_home):
+        calibration = _read_json(brain_dir / "calibration.json")
+        profile = _read_json(brain_dir / "profile.json")
+        if calibration or profile:
+            return calibration, profile, {
+                "calibration": str(brain_dir / "calibration.json"),
+                "profile": str(brain_dir / "profile.json"),
+            }
+    fallback = _brain_dir_candidates(nexo_home)[0]
+    return {}, {}, {
+        "calibration": str(fallback / "calibration.json"),
+        "profile": str(fallback / "profile.json"),
+    }
+
+
+def _iter_strings(value: Any) -> list[str]:
+    if isinstance(value, str):
+        return [value.strip()] if value.strip() else []
+    if isinstance(value, dict):
+        out: list[str] = []
+        for item in value.values():
+            out.extend(_iter_strings(item))
+        return out
+    if isinstance(value, list):
+        out: list[str] = []
+        for item in value:
+            out.extend(_iter_strings(item))
+        return out
+    return []
+
+
+def _tokenize(text: str) -> set[str]:
+    return {
+        token.lower()
+        for token in TOKEN_RE.findall(text or "")
+        if len(token) >= 4
+    }
+
+
+def _canonical_location_tokens(calibration: dict[str, Any], profile: dict[str, Any]) -> set[str]:
+    values: list[str] = []
+    for container in (profile, calibration):
+        for key in (
+            "current_residence",
+            "residence",
+            "location",
+            "base_location",
+            "city",
+            "country",
+            "timezone",
+        ):
+            if key in container:
+                values.extend(_iter_strings(container.get(key)))
+        user = container.get("user")
+        if isinstance(user, dict):
+            for key in ("location", "city", "country", "timezone"):
+                if key in user:
+                    values.extend(_iter_strings(user.get(key)))
+    tokens: set[str] = set()
+    for value in values:
+        tokens.update(_tokenize(value))
+    return tokens
+
+
+def _legacy_memory_paths(home: Path) -> list[Path]:
+    found: list[Path] = []
+    for parts in LEGACY_MEMORY_PATHS:
+        candidate = home.joinpath(*parts)
+        if candidate.exists():
+            found.append(candidate)
+    for parts in LEGACY_MEMORY_DIRS:
+        candidate = home.joinpath(*parts)
+        if candidate.exists() and any(candidate.iterdir()):
+            found.append(candidate)
+    return found
+
+
+def _location_like_lines(text: str) -> list[str]:
+    lines: list[str] = []
+    for raw in str(text or "").splitlines():
+        line = raw.strip()
+        if not line or len(line) > 500:
+            continue
+        if LOCATION_HINT_RE.search(line):
+            lines.append(line[:240])
+    return lines
+
+
+def audit_memory_layers(
+    *,
+    home: str | Path | None = None,
+    nexo_home: str | Path | None = None,
+    max_warnings: int = 5,
+) -> dict[str, Any]:
+    """Return a read-only audit of memory authority and legacy client files."""
+
+    home_path = Path(home) if home is not None else Path.home()
+    nexo_home_path = Path(nexo_home) if nexo_home is not None else Path(os.environ.get("NEXO_HOME", str(home_path / ".nexo")))
+    calibration, profile, source_paths = _load_canonical_sources(nexo_home_path)
+    canonical_location_tokens = _canonical_location_tokens(calibration, profile)
+
+    warnings: list[dict[str, Any]] = []
+    legacy_paths = _legacy_memory_paths(home_path)
+    if legacy_paths:
+        warnings.append({
+            "type": "legacy_client_memory_present",
+            "severity": "warn",
+            "paths": [str(path) for path in legacy_paths],
+            "message": "Legacy Claude/Codex MEMORY files exist. They are lower authority than NEXO Brain and should stay read-only.",
+        })
+
+    for parts in BOOTSTRAP_PATHS:
+        candidate = home_path.joinpath(*parts)
+        try:
+            text = candidate.read_text(encoding="utf-8") if candidate.exists() else ""
+        except Exception:
+            text = ""
+        if not text:
+            continue
+        for line in _location_like_lines(text):
+            line_tokens = _tokenize(line)
+            if canonical_location_tokens and line_tokens.isdisjoint(canonical_location_tokens):
+                warnings.append({
+                    "type": "possible_identity_location_conflict",
+                    "severity": "warn",
+                    "path": str(candidate),
+                    "line": line,
+                    "message": "Bootstrap contains a location-like profile fact that does not match canonical calibration/profile tokens.",
+                })
+                break
+
+    return {
+        "ok": True,
+        "authority_order": AUTHORITY_ORDER,
+        "canonical_sources": source_paths,
+        "legacy_paths": [str(path) for path in legacy_paths],
+        "warnings": warnings[:max(0, int(max_warnings or 0))],
+        "warning_count": len(warnings),
+    }
+
+
+def format_memory_layer_warnings(report: dict[str, Any]) -> list[str]:
+    warnings = report.get("warnings") if isinstance(report, dict) else None
+    if not isinstance(warnings, list) or not warnings:
+        return []
+    lines = [
+        "NEXO Brain/calibration/profile are authoritative; legacy client MEMORY files are read-only and lowest priority.",
+    ]
+    for warning in warnings:
+        if not isinstance(warning, dict):
+            continue
+        kind = warning.get("type") or "memory_layer_warning"
+        if kind == "legacy_client_memory_present":
+            paths_text = ", ".join(warning.get("paths") or [])
+            lines.append(f"Legacy MEMORY present: {paths_text}")
+        elif kind == "possible_identity_location_conflict":
+            lines.append(
+                "Possible profile conflict in "
+                f"{warning.get('path')}: {warning.get('line')}"
+            )
+        else:
+            lines.append(str(warning.get("message") or kind))
+    if report.get("warning_count", 0) > len(warnings):
+        lines.append(f"{report['warning_count'] - len(warnings)} more memory-layer warning(s) omitted.")
+    return lines

package/src/plugins/protocol.py

@@ -80,6 +80,34 @@ def _is_trivial_evidence(text: str) -> tuple[bool, str]:
     return False, ""
 
 
+def _external_real_world_text(task: dict, *parts: str) -> str:
+    fields = [
+        task.get("goal", ""),
+        task.get("area", ""),
+        task.get("project_hint", ""),
+        task.get("context_hint", ""),
+        task.get("verification_step", ""),
+    ]
+    fields.extend(part for part in parts if part)
+    return " ".join(str(part or "") for part in fields).lower()
+
+
+def _requires_external_real_world_check(task: dict, *parts: str) -> bool:
+    if str(task.get("task_type") or "").strip() not in ACTION_TASKS:
+        return False
+    text = _external_real_world_text(task, *parts)
+    return any(keyword in text for keyword in EXTERNAL_REAL_WORLD_ACTION_KEYWORDS)
+
+
+def _has_external_real_world_evidence(text: str) -> bool:
+    lowered = str(text or "").lower()
+    if _is_trivial_evidence(lowered)[0]:
+        return False
+    has_verify_verb = any(keyword in lowered for keyword in REAL_WORLD_VERIFICATION_VERBS)
+    has_artifact = any(keyword in lowered for keyword in REAL_WORLD_ARTIFACT_KEYWORDS)
+    return has_verify_verb and has_artifact
+
+
 ACTION_TASKS = {"edit", "execute", "delegate"}
 RESPONSE_TASKS = {"answer", "analyze"}
 _GUARD_TOUCH_DEBT_TYPES = {
@@ -87,6 +115,93 @@ _GUARD_TOUCH_DEBT_TYPES = {
     "conditioned_file_touch_without_guard_ack",
     "write_without_file_guard_check",
 }
+EXTERNAL_REAL_WORLD_ACTION_KEYWORDS = {
+    "email",
+    "e-mail",
+    "gmail",
+    "correo",
+    "mail",
+    "message",
+    "mensaje",
+    "whatsapp",
+    "telegram",
+    "sms",
+    "calendar",
+    "calendario",
+    "event",
+    "evento",
+    "invite",
+    "invitation",
+    "invitacion",
+    "invitación",
+    "meet",
+    "zoom",
+    "booking",
+    "reserva",
+    "send",
+    "sent",
+    "enviar",
+    "enviado",
+    "enviada",
+    "client",
+    "cliente",
+    "family",
+    "familia",
+}
+REAL_WORLD_VERIFICATION_VERBS = {
+    "verified",
+    "verify",
+    "checked",
+    "rechecked",
+    "re-read",
+    "reread",
+    "opened",
+    "inspected",
+    "confirmed",
+    "verificado",
+    "verifique",
+    "verifiqué",
+    "comprobado",
+    "comprobe",
+    "comprobé",
+    "revisado",
+    "revise",
+    "revisé",
+    "abierto",
+    "abri",
+    "abrí",
+    "confirmado",
+}
+REAL_WORLD_ARTIFACT_KEYWORDS = {
+    "sent folder",
+    "sent item",
+    "message-id",
+    "email",
+    "correo",
+    "destinatario",
+    "recipient",
+    "cc",
+    "bcc",
+    "subject",
+    "asunto",
+    "body",
+    "cuerpo",
+    "firma",
+    "signature",
+    "calendar",
+    "calendario",
+    "event",
+    "evento",
+    "invitee",
+    "invitado",
+    "meet link",
+    "meet",
+    "zoom",
+    "booking",
+    "reserva",
+    "sent",
+    "enviado",
+}
 HIGH_STAKES_KEYWORDS = {
     "medical",
     "legal",
@@ -1462,6 +1577,60 @@ def handle_task_close(
                 indent=2,
             )
 
+    if clean_outcome == "done" and _requires_external_real_world_check(
+        task,
+        clean_evidence,
+        clean_change_verify,
+        outcome_notes,
+        clean_change_summary,
+    ):
+        real_world_evidence = "\n".join(
+            part
+            for part in (
+                clean_evidence,
+                clean_change_verify,
+                outcome_notes,
+                clean_change_summary,
+            )
+            if part
+        )
+        if _has_external_real_world_evidence(real_world_evidence):
+            resolve_protocol_debts(
+                task_id=task_id,
+                debt_types=["external_real_world_verification_missing"],
+                resolution="task_close evidence includes post-action real-world verification.",
+            )
+        else:
+            debt = _ensure_open_debt(
+                task["session_id"],
+                task_id,
+                "external_real_world_verification_missing",
+                severity="error",
+                evidence=(
+                    "External-stakes task closed as done without proof that the real sent/event/booking "
+                    f"artifact was reopened and verified. Goal: {task.get('goal','')}. "
+                    f"Evidence provided: {real_world_evidence[:240]!r}"
+                ),
+                debts=debts_created,
+            )
+            return json.dumps(
+                {
+                    "ok": False,
+                    "error": "Cannot close external-stakes task as 'done' without post-action real-world verification.",
+                    "hint": (
+                        "Re-open the sent email/message/calendar/booking artifact and verify recipients, "
+                        "CC/BCC, subject, body/signature, date/time/timezone, links, invitees, and attachments as applicable. "
+                        "Then retry nexo_task_close with that evidence."
+                    ),
+                    "task_id": task_id,
+                    "blocked_by": "external_real_world_verify",
+                    "debt_id": debt.get("id"),
+                    "debt_type": "external_real_world_verification_missing",
+                },
+                ensure_ascii=False,
+                indent=2,
+            )
+
     # ── Release checklist: require channel alignment evidence for release tasks ──
     is_release = _is_release_task(
         goal=task.get("goal") or "",

package/src/scripts/nexo-followup-hygiene.py

@@ -5,7 +5,7 @@ NEXO Followup Hygiene — Weekly cleanup of followup/reminder statuses.
 
 Runs Sundays via LaunchAgent (or manually). Tasks:
 1. Normalize dirty statuses (COMPLETED YYYY-MM-DD -> COMPLETED)
-2. Flag PENDING followups >14 days without updates as STALE
+2. Escalate PENDING followups >14 days without updates to needs_decision
 3. Generate summary of orphaned/forgotten followups for synthesis
 
 No CLI needed — this is pure mechanical cleanup.
@@ -85,21 +85,38 @@ def main():
             )
         log(f"Normalized {dirty_r} dirty reminder statuses")
 
-    # 2. Flag stale followups (PENDING >14 days, no updates)
+    # 2. Escalate stale followups (PENDING >14 days, no updates)
     cutoff = (date.today() - timedelta(days=14)).isoformat()
+    updated_cutoff = datetime.now().timestamp() - (14 * 24 * 60 * 60)
     stale = conn.execute(
         "SELECT id, description, date, updated_at FROM followups "
         "WHERE status NOT LIKE 'COMPLETED%' "
-        "AND status NOT IN ('DELETED','archived','blocked','waiting') "
+        "AND status NOT IN ('DELETED','archived','blocked','waiting','needs_decision','waiting_user') "
         "AND date != '' AND date < ? "
+        "AND (updated_at IS NULL OR updated_at = '' OR updated_at < ?) "
         "ORDER BY date",
-        (cutoff,)
+        (cutoff, updated_cutoff)
     ).fetchall()
 
+    escalated_stale = []
     if stale:
-        log(f"Found {len(stale)} stale followups (>14 days overdue):")
+        log(f"Escalating {len(stale)} stale followups (>14 days overdue, no recent update):")
         for s in stale[:10]:
             log(f"  {s['id']}: {s['description'][:60]} (due: {s['date']})")
+        for s in stale:
+            result = nexo_db.update_followup(
+                str(s["id"]),
+                status="needs_decision",
+                date=TODAY,
+                history_actor="followup-hygiene",
+                history_event="stale_triage",
+                history_note=(
+                    "Weekly hygiene escalated this old due followup to needs_decision "
+                    "instead of leaving it in the executable briefing indefinitely."
+                ),
+            )
+            if not result.get("error"):
+                escalated_stale.append(str(s["id"]))
 
     # 3. Orphaned followups (no date, no recent update)
     orphans = conn.execute(
@@ -123,8 +140,10 @@ def main():
         "date": TODAY,
         "dirty_normalized": dirty_f + dirty_r,
         "stale_count": len(stale) if stale else 0,
+        "stale_escalated_count": len(escalated_stale),
         "orphan_count": len(orphans) if orphans else 0,
         "stale_ids": [s["id"] for s in stale[:20]] if stale else [],
+        "stale_escalated_ids": escalated_stale[:20],
         "orphan_ids": [o["id"] for o in orphans[:20]] if orphans else [],
     }
 
@@ -132,7 +151,7 @@ def main():
     summary_file.parent.mkdir(parents=True, exist_ok=True)
     summary_file.write_text(json.dumps(summary, indent=2))
 
-    log(f"Summary: {dirty_f + dirty_r} normalized, {len(stale) if stale else 0} stale, {len(orphans) if orphans else 0} orphans")
+    log(f"Summary: {dirty_f + dirty_r} normalized, {len(escalated_stale)} stale escalated, {len(orphans) if orphans else 0} orphans")
     log("=== Followup Hygiene complete ===")
 
 

package/src/scripts/nexo-followup-runner.py

@@ -74,6 +74,9 @@ CLI_TIMEOUT = AUTOMATION_SUBPROCESS_TIMEOUT
 LOCK_FILE = LOG_DIR / "followup-runner.lock"
 MAX_FOLLOWUPS_PER_RUN = 5  # Focus: Opus can actually execute 5, not 30
 COOLDOWN_DAYS = 3  # Don't retry needs_decision/blocked for 3 days
+STALE_FOLLOWUP_TRIAGE_DAYS = 14
+MAX_STALE_TRIAGE_PER_RUN = 8
+MAX_NEEDS_OPERATOR_BRIEFING = 12
 DEFAULT_ASSISTANT_NAME = "Nova"
 DEFAULT_OPERATOR_LANGUAGE = "en"
 
@@ -101,6 +104,43 @@ def save_state(state: dict):
 
 
 # ── DB access ───────────────────────────────────────────────────────────
+def _parse_date(value: str) -> date | None:
+    try:
+        return date.fromisoformat(str(value or "").strip()[:10])
+    except ValueError:
+        return None
+
+
+def _followup_days_overdue(date_value: str, *, today_value: date | None = None) -> int:
+    due = _parse_date(date_value)
+    if not due:
+        return 0
+    today_obj = today_value or date.today()
+    return max(0, (today_obj - due).days)
+
+
+def _history_has_recent_movement(history, *, days: int = STALE_FOLLOWUP_TRIAGE_DAYS) -> bool:
+    if not history:
+        return False
+    cutoff = date.today() - timedelta(days=days)
+    for event in history:
+        if not isinstance(event, dict):
+            continue
+        created = _parse_date(str(event.get("created_at") or event.get("date") or ""))
+        if created and created >= cutoff:
+            return True
+    return False
+
+
+def _is_stale_followup_for_triage(followup: dict) -> bool:
+    status = str(followup.get("status") or "").strip().lower()
+    if status in {"needs_decision", "waiting_user", "blocked", "waiting"}:
+        return False
+    if _followup_days_overdue(str(followup.get("date") or "")) < STALE_FOLLOWUP_TRIAGE_DAYS:
+        return False
+    return not _history_has_recent_movement(followup.get("history") or [])
+
+
 def _is_in_cooldown(fu_id: str, state: dict) -> bool:
     """Check if a followup was recently attempted and should be skipped."""
     attempts = state.get("attempts", {})
@@ -252,14 +292,14 @@ def get_all_active_followups(state: dict) -> dict:
     operator_name = str(operator.get("operator_name") or "the operator")
     if not NEXO_DB.exists():
         log(f"DB not found: {NEXO_DB}")
-        return {"actionable": [], "needs_operator": [], "future": [], "backlog": []}
+        return {"actionable": [], "needs_operator": [], "future": [], "backlog": [], "cooled_down": [], "stale_triage": []}
 
     today = date.today().isoformat()
     conn = sqlite3.connect(str(NEXO_DB))
     conn.row_factory = sqlite3.Row
     try:
         rows = conn.execute(
-            "SELECT id, description, date, reasoning, verification, priority, recurrence, status "
+            "SELECT id, description, date, reasoning, verification, priority, recurrence, status, owner, updated_at "
             "FROM followups WHERE status NOT LIKE 'COMPLETED%' "
             "AND UPPER(COALESCE(status, '')) NOT IN ('BLOCKED', 'ARCHIVED', 'DELETED', 'WAITING') "
             "AND description NOT LIKE '[Abandoned]%' "
@@ -270,7 +310,7 @@ def get_all_active_followups(state: dict) -> dict:
             "  date ASC"
         ).fetchall()
 
-        result = {"actionable": [], "needs_operator": [], "future": [], "backlog": [], "cooled_down": []}
+        result = {"actionable": [], "needs_operator": [], "future": [], "backlog": [], "cooled_down": [], "stale_triage": []}
         undated_triage_budget = 2
 
         for row in rows:
@@ -296,7 +336,12 @@ def get_all_active_followups(state: dict) -> dict:
                     result["actionable"].append(triage_fu)
                     undated_triage_budget -= 1
             elif fu_date <= today:
-                if needs_operator:
+                if _is_stale_followup_for_triage(fu):
+                    stale_fu = dict(fu)
+                    stale_fu["stale_triage"] = True
+                    stale_fu["days_overdue"] = _followup_days_overdue(fu_date)
+                    result["stale_triage"].append(stale_fu)
+                elif needs_operator:
                     result["needs_operator"].append(fu)
                 elif _is_in_cooldown(fu["id"], state):
                     result["cooled_down"].append(fu)
@@ -310,12 +355,16 @@ def get_all_active_followups(state: dict) -> dict:
             overflow = result["actionable"][MAX_FOLLOWUPS_PER_RUN:]
             result["actionable"] = result["actionable"][:MAX_FOLLOWUPS_PER_RUN]
             log(f"Capped actionable to {MAX_FOLLOWUPS_PER_RUN}, deferred {len(overflow)} to next run")
+        if len(result["needs_operator"]) > MAX_NEEDS_OPERATOR_BRIEFING:
+            overflow = result["needs_operator"][MAX_NEEDS_OPERATOR_BRIEFING:]
+            result["needs_operator"] = result["needs_operator"][:MAX_NEEDS_OPERATOR_BRIEFING]
+            log(f"Capped needs_operator to {MAX_NEEDS_OPERATOR_BRIEFING}, deferred {len(overflow)} noisy items")
 
         return result
 
     except Exception as e:
         log(f"DB error: {e}")
-        return {"actionable": [], "needs_operator": [], "future": [], "backlog": [], "cooled_down": []}
+        return {"actionable": [], "needs_operator": [], "future": [], "backlog": [], "cooled_down": [], "stale_triage": []}
     finally:
         conn.close()
 
@@ -753,10 +802,37 @@ def main():
     groups = get_all_active_followups(state)
     all_actionable = list(groups["actionable"])
     cooled = groups.get("cooled_down", [])
+    stale_triage = groups.get("stale_triage", [])
 
     log(f"Actionable: {len(all_actionable)}, Cooled down: {len(cooled)}, "
         f"Needs operator: {len(groups['needs_operator'])}, "
-        f"Future: {len(groups['future'])}, Backlog: {len(groups['backlog'])}")
+        f"Future: {len(groups['future'])}, Backlog: {len(groups['backlog'])}, "
+        f"Stale triage: {len(stale_triage)}")
+
+    for fu in stale_triage[:MAX_STALE_TRIAGE_PER_RUN]:
+        fid = str(fu.get("id") or "")
+        if not fid:
+            continue
+        days_overdue = int(fu.get("days_overdue") or 0)
+        summary = (
+            f"Followup overdue for {days_overdue} days without recent movement. "
+            "Operator decision required: close as obsolete, reschedule with reason, or convert into a concrete next action."
+        )
+        update_followup_fields(
+            fid,
+            date_value=date.today().isoformat(),
+            status="needs_decision",
+            history_event="stale_triage",
+            history_note=summary,
+        )
+        upsert_attention_reminder(
+            fid,
+            summary=summary,
+            options={"a": "close obsolete", "b": "reschedule", "c": "convert to next action"},
+            status="needs_decision",
+            operator_language=_operator_language(),
+        )
+        record_attempt(state, fid, "needs_decision")
 
     results = []
 
@@ -851,7 +927,7 @@ def main():
             record_attempt(state, fid, r["status"])
             log(f"  {fid}: {r['status']} -> cooldown {COOLDOWN_DAYS} days")
 
-    total = len(all_actionable) + len(groups["needs_operator"]) + len(groups["future"]) + len(groups["backlog"])
+    total = len(all_actionable) + len(groups["needs_operator"]) + len(groups["future"]) + len(groups["backlog"]) + len(stale_triage)
     attention_handed_off = any(
         r.get("needs_attention") or r["status"] in ("needs_decision", "blocked")
         for r in results

package/src/tools_sessions.py

@@ -478,6 +478,18 @@ def handle_startup(
             lines.append(f"  {raw_line}")
         lines.append(f"  Full briefing: {briefing_path}")
 
+    try:
+        from memory_layer_audit import audit_memory_layers, format_memory_layer_warnings
+
+        memory_warnings = format_memory_layer_warnings(audit_memory_layers(max_warnings=4))
+        if memory_warnings:
+            lines.append("")
+            lines.append("MEMORY LAYER CHECK:")
+            for raw_line in memory_warnings:
+                lines.append(f"  {raw_line}")
+    except Exception:
+        pass
+
     # Check LaunchAgent health (macOS only)
     la_warnings = _check_launchagents()
     if la_warnings:

package/templates/CLAUDE.md.template

@@ -1,4 +1,4 @@
-<!-- nexo-claude-md-version: 2.1.7 -->
+<!-- nexo-claude-md-version: 2.1.8 -->
 ******CORE******
 <!-- nexo:core:start -->
 # {{NAME}} — Cognitive Co-Operator
@@ -87,6 +87,7 @@ Claude Code may list `mcp__nexo__*` tools as **deferred** at session start (name
 ## User Profile
 - **Calibration:** `{{NEXO_HOME}}/brain/calibration.json` (personality settings + language + user name)
 - **Profile:** `{{NEXO_HOME}}/brain/profile.json` (deep scan results from onboarding)
+- **Memory authority:** `calibration.json` + `profile.json` + NEXO Brain DB win over legacy client memory. Do not read, write, or rely on `MEMORY.md` / `.claude/memories` / `.codex/memories` as source of truth; surface conflicts at startup instead of carrying old facts silently.
 
 ### First Session Onboarding (only if profile.json lacks `role` or `technical_level`)
 Ask TWO questions: (1) "What do you do?" -> save to profile.json + `nexo_preference_set("role", answer)`. (2) "Technical level? Beginner / Intermediate / Advanced" -> save + `nexo_preference_set("technical_level", answer)`. Then: "Got it. From now on I learn by observing." Never ask onboarding questions again.

package/templates/CODEX.AGENTS.md.template

@@ -1,4 +1,4 @@
-<!-- nexo-codex-agents-version: 1.2.6 -->
+<!-- nexo-codex-agents-version: 1.2.7 -->
 ******CORE******
 <!-- nexo:core:start -->
 # {{NAME}} — NEXO Shared Brain for Codex
@@ -98,6 +98,11 @@ Operational rule R34 (Layer 2) watches this coherence.
 - **Skills:** reusable procedures plus `nexo_skill_evolution_candidates` for text->script and skill refinement.
 - **Watchdog / Immune / Followups:** reliability, quarantine, reminders, and self-healing are native parts of NEXO.
 
+## Memory Authority
+- `calibration.json`, `profile.json`, and NEXO Brain DB are authoritative for identity, profile, decisions, learnings, diary, and followups.
+- Legacy client memory files such as `MEMORY.md`, `.claude/memories`, and `.codex/memories` are lowest-authority read-only leftovers. Do not write them or use them to override Brain/calibration/profile.
+- If bootstrap text and Brain profile disagree, surface the conflict at startup and use Brain/calibration/profile until corrected.
+
 ## Project Atlas
 Search `{{NEXO_HOME}}/brain/project-atlas.json` BEFORE touching any project. Never assume server, port, or code location.