nexo-brain 7.17.0 → 7.17.2

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.17.0",
+  "version": "7.17.2",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.17.0` is the current packaged-runtime line. Minor release over v7.16.3 - the headless runner pre-emptive guard becomes advisory: it surfaces learnings/schemas to the agent and logs to `guard_checks`, but never returns `blocked=True`. The PreToolUse hook is the authoritative gate at write time. This closes the family of bugs where heuristic path matches in the prompt aborted email-monitor sessions, followup-runner cycles, Deep Sleep synth, and postmortem-consolidation. Also rolls in the directory-path hardening planned for 7.16.4.
+Version `7.17.2` is the current packaged-runtime line. Patch release over v7.17.1 - email-monitor now guards its `/tmp/nexo-*` draft buffers before writing, morning-agent closes interrupted/stale briefing claims deterministically, and Codex managed config migrates from the legacy `codex_hooks` flag to `[features].hooks`.
+
+Previously in `7.17.1`: patch release over v7.17.0 - the headless Claude CLI 2.1+ direct-JSON response shape is now handled: when the wrapper `{"result": ...}` is absent and the agent's answer is returned directly, `_extract_claude_telemetry` surfaces the full payload to the caller instead of an empty string. Fixes the daily morning-agent failure with "Morning agent returned invalid JSON output".
+
+Previously in `7.17.0`: minor release over v7.16.3 - the headless runner pre-emptive guard becomes advisory: it surfaces learnings/schemas to the agent and logs to `guard_checks`, but never returns `blocked=True`. The PreToolUse hook is the authoritative gate at write time.
 
 Previously in `7.16.3`: patch release over v7.16.2 - the headless runner guard opts out of the runtime-core blocking rule because actual writes on those paths are already blocked at the PreToolUse layer.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.17.0",
+  "version": "7.17.2",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/agent_runner.py

@@ -94,15 +94,32 @@ def _extract_claude_telemetry(raw_stdout: str, *, requested_output_format: str)
             "warnings": ["backend did not return parseable JSON telemetry"],
         }
 
-    result_payload = payload.get("result", "")
+    # Two shapes can arrive in raw_stdout:
+    #   (a) Classic Claude CLI wrapper:
+    #       {"result": "<agent text or stringified JSON>", "usage": {...}, "total_cost_usd": N}
+    #   (b) Direct agent JSON (Claude CLI 2.1+ with bare_mode + output_format=json
+    #       + a prompt that requests raw JSON only). The wrapper is dropped and
+    #       the entire payload IS the agent's answer, e.g. {"subject":..., "body":...}.
+    # Pre-7.17.1 only handled (a): payload.get("result", "") returned "" in case (b),
+    # which left result.stdout empty for the caller. morning-agent then raised
+    # "Morning agent returned invalid JSON output" on every cron tick even though
+    # the agent had answered correctly and the answer was already persisted in
+    # automation_runs.metadata.raw. The branch below normalises both shapes.
+    if "result" in payload:
+        result_payload = payload["result"]
+        telemetry_payload = payload
+    else:
+        result_payload = payload
+        telemetry_payload = {}
+
     if requested_output_format and requested_output_format.lower() == "json" and not isinstance(result_payload, str):
         final_stdout = json.dumps(result_payload, ensure_ascii=False)
     else:
         final_stdout = result_payload if isinstance(result_payload, str) else json.dumps(result_payload, ensure_ascii=False)
 
-    usage = payload.get("usage") or {}
-    model_usage = payload.get("modelUsage") or {}
-    explicit_cost = payload.get("total_cost_usd")
+    usage = telemetry_payload.get("usage") or {}
+    model_usage = telemetry_payload.get("modelUsage") or {}
+    explicit_cost = telemetry_payload.get("total_cost_usd")
     if explicit_cost is None and isinstance(model_usage, dict):
         explicit_cost = sum(
             float((item or {}).get("costUSD") or 0.0)

package/src/client_sync.py

@@ -639,9 +639,10 @@ def _sync_codex_managed_config(
 
     features = payload.setdefault("features", {})
     if isinstance(features, dict):
-        features["codex_hooks"] = True
+        features["hooks"] = True
+        features.pop("codex_hooks", None)
     else:
-        payload["features"] = {"codex_hooks": True}
+        payload["features"] = {"hooks": True}
 
     payload["initial_messages"] = [
         {

package/src/scripts/nexo-morning-agent.py

@@ -34,6 +34,7 @@ from __future__ import annotations
 import argparse
 import json
 import os
+import signal
 import subprocess
 import sys
 import tempfile
@@ -67,11 +68,12 @@ LOG_FILE = LOG_DIR / "morning-agent.log"
 STATE_FILE = data_dir() / "morning-agent-state.json"
 LATEST_BRIEFING_FILE = operations_dir() / "morning-briefing-latest.md"
 CALLER = "morning_agent"
-CLI_TIMEOUT = 1800
+CLI_TIMEOUT = 1500
 MAX_DUE_ITEMS = 8
 MAX_ACTIVE_ITEMS = 8
 MAX_DIARY_ITEMS = 6
 MORNING_BRIEFING_STALE_HOURS = 12
+_ACTIVE_CLAIM: dict[str, str] = {}
 
 
 def log(message: str) -> None:
@@ -149,6 +151,27 @@ def _briefing_run_is_stale(row: dict) -> bool:
         return True
 
 
+def _mark_stale_morning_briefing_failed(conn, row: dict, *, now: str) -> None:
+    conn.execute(
+        """
+        UPDATE morning_briefing_runs
+        SET status = 'failed',
+            error = ?,
+            finished_at = COALESCE(finished_at, ?),
+            updated_at = ?
+        WHERE local_date = ? AND recipient = ? AND status = 'in_progress'
+        """,
+        (
+            "stale in_progress reconciled before retry: parent process likely interrupted before completion",
+            now,
+            now,
+            str(row.get("local_date") or ""),
+            str(row.get("recipient") or ""),
+        ),
+    )
+    conn.commit()
+
+
 def _claim_morning_briefing_send(local_date: str, recipient: str, *, force: bool = False) -> dict:
     clean_date = str(local_date or "").strip()
     clean_recipient = str(recipient or "").strip()
@@ -194,7 +217,10 @@ def _claim_morning_briefing_send(local_date: str, recipient: str, *, force: bool
         (clean_date, clean_recipient),
     ).fetchone())
     status = str(row.get("status") or "").strip().lower()
-    if status == "failed" or (status == "in_progress" and _briefing_run_is_stale(row)):
+    stale_retry = status == "in_progress" and _briefing_run_is_stale(row)
+    if stale_retry:
+        _mark_stale_morning_briefing_failed(conn, row, now=now)
+    if status == "failed" or stale_retry:
         conn.execute(
             """
             UPDATE morning_briefing_runs
@@ -210,7 +236,12 @@ def _claim_morning_briefing_send(local_date: str, recipient: str, *, force: bool
             (now, now, clean_date, clean_recipient),
         )
         conn.commit()
-        return {"ok": True, "acquired": True, "reason": "retry"}
+        return {
+            "ok": True,
+            "acquired": True,
+            "reason": "retry_stale" if stale_retry else "retry",
+            "previous_run": row,
+        }
     return {"ok": True, "acquired": False, "reason": status or "already claimed", "run": row}
 
 
@@ -275,6 +306,38 @@ def _mark_morning_briefing_failed(local_date: str, recipient: str, *, error: str
     conn.commit()
 
 
+def _set_active_claim(local_date: str, recipient: str) -> None:
+    _ACTIVE_CLAIM.clear()
+    if local_date and recipient:
+        _ACTIVE_CLAIM.update({"local_date": str(local_date), "recipient": str(recipient)})
+
+
+def _clear_active_claim() -> None:
+    _ACTIVE_CLAIM.clear()
+
+
+def _handle_shutdown_signal(signum, _frame) -> None:
+    local_date = _ACTIVE_CLAIM.get("local_date", "")
+    recipient = _ACTIVE_CLAIM.get("recipient", "")
+    signal_name = getattr(signal.Signals(signum), "name", f"SIG{signum}")
+    if local_date and recipient:
+        try:
+            _mark_morning_briefing_failed(
+                local_date,
+                recipient,
+                error=f"interrupted before completion: {signal_name}",
+            )
+        except Exception as exc:
+            log(f"Failed to mark morning briefing interrupted by {signal_name}: {exc}")
+    log(f"Morning agent interrupted by {signal_name}.")
+    raise SystemExit(128 + int(signum))
+
+
+def _install_shutdown_signal_handlers() -> None:
+    signal.signal(signal.SIGTERM, _handle_shutdown_signal)
+    signal.signal(signal.SIGINT, _handle_shutdown_signal)
+
+
 def resolve_recipient(profile: dict | None = None, *, explicit_to: str = "") -> str:
     override = str(explicit_to or "").strip()
     if override:
@@ -575,6 +638,7 @@ def build_parser() -> argparse.ArgumentParser:
 
 def main(argv: list[str] | None = None) -> int:
     args = build_parser().parse_args(argv)
+    _install_shutdown_signal_handlers()
     contract = get_script_runtime_contract("morning-agent")
     if not args.dry_run and not contract.get("available", True):
         log(f"Runtime blocked: {contract.get('blocked_reason') or 'missing prerequisite'}")
@@ -597,8 +661,10 @@ def main(argv: list[str] | None = None) -> int:
         if not claim.get("acquired"):
             log(f"Morning briefing already handled today for {recipient}.")
             return 0
+        _set_active_claim(today, recipient)
     elif args.force and not args.dry_run:
         _claim_morning_briefing_send(today, recipient, force=True)
+        _set_active_claim(today, recipient)
 
     try:
         context = collect_context(profile)
@@ -617,6 +683,7 @@ def main(argv: list[str] | None = None) -> int:
         log(f"Sending morning briefing to {recipient}...")
         send_output = send_briefing(recipient=recipient, subject=subject, body=body)
         _mark_morning_briefing_sent(today, recipient, subject=subject, send_output=send_output)
+        _clear_active_claim()
         save_state({
             "last_sent_date": today,
             "last_sent_at": datetime.now().astimezone().isoformat(),
@@ -629,11 +696,13 @@ def main(argv: list[str] | None = None) -> int:
     except AutomationBackendUnavailableError as exc:
         if not args.dry_run and recipient:
             _mark_morning_briefing_failed(today, recipient, error=str(exc))
+            _clear_active_claim()
         log(f"Automation backend unavailable: {exc}")
         return 1
     except Exception as exc:
         if not args.dry_run and recipient:
             _mark_morning_briefing_failed(today, recipient, error=str(exc))
+            _clear_active_claim()
         log(f"Morning agent failed: {exc}")
         return 1
 

package/templates/core-prompts/email-monitor.md

@@ -133,13 +133,21 @@ If it is a duplicate: mark `skipped`, keep it SEEN in IMAP, and continue.
 If the operator is missing from every field, add [[send_reply_target]] to CC.
 Operator aliases to recognise and prioritise: [[operator_aliases_label]]
 
+== TEMP BUFFER WRITE SAFETY ==
+Before the first Write/Edit to any `/tmp/nexo-*.txt` reply buffer for a thread, call:
+`nexo_guard_check(files="/tmp/nexo-reply-UID.txt,/tmp/nexo-quote-UID.txt,/tmp/nexo-thread-UID.txt", area="email-monitor")`
+
+Replace `UID` with the exact UID or stable suffix you will use for that thread. Use that same suffix consistently for the reply, quote, and full-thread files. If no IMAP UID is available, derive one stable safe suffix from the Message-ID or thread ID; do not use unsuffixed `/tmp/nexo-reply.txt`, `/tmp/nexo-quote.txt`, or `/tmp/nexo-thread.txt` for a new write.
+
+This guard call must happen before creating or editing the buffer files. Do not use an allowlist and do not skip this for temporary files.
+
 == KEEP THE FULL RELATED HISTORY ==
 When replying, the email MUST include the COMPLETE related history below,
 not just the immediate thread.
 Mandatory steps before sending:
 1. Reuse the MERGED TIMELINE from `nexo_email_related(uid)` as the source of truth.
 2. Sort it chronologically (oldest first).
-3. Concatenate it into `/tmp/nexo-thread-N.txt` with this format for each message:
+3. Concatenate it into `/tmp/nexo-thread-UID.txt` with this format for each message:
    -- From: Name <email>
    -- Date: YYYY-MM-DD HH:MM
    -- Subject: Re: ...
@@ -147,14 +155,14 @@ Mandatory steps before sending:
    [message body]
 
    (separator between messages: one blank line)
-4. Save the immediate message body (the one you are replying to) into `/tmp/nexo-quote-N.txt`.
+4. Save the immediate message body (the one you are replying to) into `/tmp/nexo-quote-UID.txt`.
 5. If there are relevant files in RELATED FILES, reuse those local paths directly.
    Do NOT lose older attachments just because they were included earlier in the same context.
 6. Use BOTH: `--quote-file` for the immediate quote + `--thread-file` for the full related history.
    The bottom of the email must preserve message -> reply -> message -> reply without dropping previous answers.
 
 == SEND VIA `nexo-send-reply.py` ==
-[[python_executable]] [[send_reply_script]] --to X --cc Y --subject 'Re: Z' --in-reply-to '<msgid>' --references '<refs>' --body-file /tmp/nexo-reply.txt --quote-file /tmp/nexo-quote.txt --quote-from 'Name <email>' --quote-date 'date' --thread-file /tmp/nexo-thread.txt [--attach /path/to/file]
+[[python_executable]] [[send_reply_script]] --to X --cc Y --subject 'Re: Z' --in-reply-to '<msgid>' --references '<refs>' --body-file /tmp/nexo-reply-UID.txt --quote-file /tmp/nexo-quote-UID.txt --quote-from 'Name <email>' --quote-date 'date' --thread-file /tmp/nexo-thread-UID.txt [--attach /path/to/file]
 
 == ANTI-LOOP PROTECTION ==
 Do not reply to auto-replies, [[agent_email_label]] itself, `noreply@`,