nexo-brain 7.17.5 → 7.17.6

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.17.5",
+  "version": "7.17.6",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,7 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.17.5` is the current packaged-runtime line. Patch release over v7.17.4 - `nexo --version --json` now returns fast machine-readable update status (`installed`, `latest`, `hasUpdate`, `unknown`, `latestSource`) while the human output keeps the legacy `nexo vX` line plus a compact latest/installed status line for Desktop compatibility.
+Version `7.17.6` is the current packaged-runtime line. Patch release over v7.17.5 - cron health diagnostics are clearer for macOS TCC approval, and catch-up fallback executions now stay visible in `cron_runs` even on legacy or partially migrated runtimes.
 
 Previously in `7.17.4`: corrective patch over v7.17.3 - automation runners now keep full NEXO discipline for real background agents while strict JSON children stay clean, and runtime doctor/metrics expose caller coverage and Guardian injection telemetry instead of hiding blind spots.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.17.5",
+  "version": "7.17.6",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/scripts/nexo-catchup.py

@@ -8,9 +8,10 @@ Legacy .catchup-state.json is now only a fallback for pre-wrapper history.
 import fcntl
 import json
 import os
+import sqlite3
 import subprocess
 import sys
-from datetime import datetime
+from datetime import datetime, timezone
 from pathlib import Path
 
 
@@ -93,6 +94,85 @@ def _resolve_runtime_command(script_type: str) -> str:
     return NEXO_PYTHON
 
 
+def _cron_run_db_path() -> Path:
+    return paths.data_dir() / "nexo.db"
+
+
+def _utc_timestamp() -> str:
+    return datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%S")
+
+
+def _summarize_output(stdout: str, stderr: str) -> tuple[str, str]:
+    combined = "\n".join(part for part in (stdout or "", stderr or "") if part)
+    lines = [line.strip() for line in combined.splitlines() if line.strip()]
+    summary = (lines[-1] if lines else "")[:500]
+    error = ""
+    for line in reversed(lines):
+        lowered = line.lower()
+        if any(marker in lowered for marker in ("error", "exception", "fail", "traceback")):
+            error = line[:500]
+            break
+    return summary, error
+
+
+def _start_direct_cron_run(cron_id: str) -> dict | None:
+    """Record a catch-up run when the shell wrapper is unavailable.
+
+    Normal installs use nexo-cron-wrapper.sh as the single writer. This
+    fallback exists for legacy/partially-migrated runtimes where catch-up can
+    still execute a script directly; without it, the run only updates
+    .catchup-state.json and stays invisible to cron health.
+    """
+    db_path = _cron_run_db_path()
+    started_at = _utc_timestamp()
+    try:
+        conn = sqlite3.connect(str(db_path))
+        try:
+            exists = conn.execute(
+                "SELECT name FROM sqlite_master WHERE type='table' AND name='cron_runs'"
+            ).fetchone()
+            if not exists:
+                return None
+            cur = conn.execute(
+                "INSERT INTO cron_runs (cron_id, started_at, ended_at) VALUES (?, ?, NULL)",
+                (cron_id, started_at),
+            )
+            conn.commit()
+            return {"id": cur.lastrowid, "started_at": started_at}
+        finally:
+            conn.close()
+    except Exception as e:
+        log(f"    WARNING: could not start direct cron_runs record for {cron_id}: {e}")
+        return None
+
+
+def _finish_direct_cron_run(record: dict | None, cron_id: str, exit_code: int, stdout: str = "", stderr: str = ""):
+    if not record:
+        return
+    ended_at = _utc_timestamp()
+    summary, error = _summarize_output(stdout, stderr)
+    if exit_code != 0 and not error:
+        error = (stderr or stdout or f"exit {exit_code}")[:500]
+    db_path = _cron_run_db_path()
+    try:
+        conn = sqlite3.connect(str(db_path))
+        try:
+            conn.execute(
+                """
+                UPDATE cron_runs
+                   SET ended_at=?, exit_code=?, summary=?, error=?,
+                       duration_secs=(julianday(?) - julianday(started_at)) * 86400.0
+                 WHERE id=?
+                """,
+                (ended_at, int(exit_code), summary, error, ended_at, int(record["id"])),
+            )
+            conn.commit()
+        finally:
+            conn.close()
+    except Exception as e:
+        log(f"    WARNING: could not finish direct cron_runs record for {cron_id}: {e}")
+
+
 def _acquire_lock():
     LOCK_FILE.parent.mkdir(parents=True, exist_ok=True)
     handle = LOCK_FILE.open("w")
@@ -150,12 +230,14 @@ def run_task(candidate: dict, state: dict) -> bool:
         command = [runtime_cmd, str(script_path)]
 
     log(f"  RUNNING {name}: {script_name}")
+    direct_record = None if WRAPPER.exists() else _start_direct_cron_run(name)
     try:
         result = subprocess.run(
             command,
             capture_output=True, text=True, timeout=AUTOMATION_SUBPROCESS_TIMEOUT,
             env={**os.environ, "HOME": str(HOME), "NEXO_CATCHUP": "1"}
         )
+        _finish_direct_cron_run(direct_record, name, result.returncode, result.stdout, result.stderr)
         if result.returncode == 0:
             log(f"  OK {name} (exit 0)")
             state[name] = datetime.now().isoformat()
@@ -167,9 +249,11 @@ def run_task(candidate: dict, state: dict) -> bool:
                 log(f"    stderr: {result.stderr[:300]}")
             return False
     except subprocess.TimeoutExpired:
+        _finish_direct_cron_run(direct_record, name, 124, stderr=f"TIMEOUT after {AUTOMATION_SUBPROCESS_TIMEOUT}s")
         log(f"  TIMEOUT {name} ({AUTOMATION_SUBPROCESS_TIMEOUT}s)")
         return False
     except Exception as e:
+        _finish_direct_cron_run(direct_record, name, 1, stderr=str(e))
         log(f"  ERROR {name}: {e}")
         return False
 

package/src/scripts/nexo-tcc-approve.sh

@@ -28,6 +28,54 @@ LOG="$NEXO_HOME/runtime/logs/tcc-auto-approve.log"
 
 mkdir -p "$MARKER_DIR" "$(dirname "$LOG")"
 
+FAILED=0
+APPROVED_VERSIONS=0
+PYTHON_APPROVED=0
+
+log_line() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') $*" >> "$LOG"
+}
+
+approve_service() {
+    local svc="$1"
+    local client="$2"
+    local output
+
+    if output=$(sqlite3 "$TCC_DB" "
+        INSERT OR REPLACE INTO access (service, client, client_type, auth_value, auth_reason, auth_version)
+        VALUES ('$svc', '$client', 1, 2, 4, 1);
+        " 2>&1); then
+        return 0
+    fi
+
+    log_line "WARN: failed TCC approval service=$svc client=$client: ${output:-sqlite3 failed}"
+    return 1
+}
+
+approve_client() {
+    local label="$1"
+    local client="$2"
+    local marker="${3:-}"
+    local failed=0
+
+    log_line "Approving $label"
+
+    for svc in "${SERVICES[@]}"; do
+        if ! approve_service "$svc" "$client"; then
+            failed=$((failed + 1))
+        fi
+    done
+
+    if [ "$failed" -eq 0 ]; then
+        [ -n "$marker" ] && touch "$marker"
+        log_line "Done: $label — ${#SERVICES[@]} services approved"
+        return 0
+    fi
+
+    log_line "FAILED: $label — $failed/${#SERVICES[@]} services failed"
+    return 1
+}
+
 # TCC services Claude Code needs
 SERVICES=(
     kTCCServiceSystemPolicyDocumentsFolder
@@ -49,17 +97,11 @@ if [ -d "$VERSIONS_DIR" ]; then
         # Skip if already approved
         [ -f "$marker" ] && continue
 
-        echo "$(date '+%Y-%m-%d %H:%M:%S') Approving Claude $version" >> "$LOG"
-
-        for svc in "${SERVICES[@]}"; do
-            sqlite3 "$TCC_DB" "
-            INSERT OR REPLACE INTO access (service, client, client_type, auth_value, auth_reason, auth_version)
-            VALUES ('$svc', '$bin_path', 1, 2, 4, 1);
-            " 2>/dev/null
-        done
-
-        touch "$marker"
-        echo "$(date '+%Y-%m-%d %H:%M:%S') Done: Claude $version — ${#SERVICES[@]} services approved" >> "$LOG"
+        if approve_client "Claude $version" "$bin_path" "$marker"; then
+            APPROVED_VERSIONS=$((APPROVED_VERSIONS + 1))
+        else
+            FAILED=1
+        fi
     done
 fi
 
@@ -69,11 +111,21 @@ if [ -n "$NEXO_CODE" ]; then
     PYTHON_BIN="$(dirname "$NEXO_CODE")/.venv/bin/python"
     if [ -e "$PYTHON_BIN" ]; then
         PYTHON_REAL=$(readlink -f "$PYTHON_BIN" 2>/dev/null || echo "$PYTHON_BIN")
-        for svc in "${SERVICES[@]}"; do
-            sqlite3 "$TCC_DB" "
-            INSERT OR REPLACE INTO access (service, client, client_type, auth_value, auth_reason, auth_version)
-            VALUES ('$svc', '$PYTHON_REAL', 1, 2, 4, 1);
-            " 2>/dev/null
-        done
+        if approve_client "NEXO Python" "$PYTHON_REAL"; then
+            PYTHON_APPROVED=1
+        else
+            FAILED=1
+        fi
     fi
 fi
+
+if [ "$FAILED" -ne 0 ]; then
+    echo "TCC auto-approve failed; see $LOG" >&2
+    exit 1
+fi
+
+if [ "$APPROVED_VERSIONS" -eq 0 ] && [ "$PYTHON_APPROVED" -eq 0 ]; then
+    echo "TCC auto-approve: nothing pending"
+else
+    echo "TCC auto-approve: approved $APPROVED_VERSIONS Claude version(s)"
+fi