nexo-brain 7.20.12 → 7.20.13

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.20.12",
+  "version": "7.20.13",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,9 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.20.12` is the current packaged-runtime line. Patch release over v7.20.11 — Local Context now keeps the first index pass separate from live change tracking, persists the current indexing start time, caps compact context payloads for agents, and installs the Windows host scheduler needed to keep WSL indexing alive after reboots.
+Version `7.20.13` is the current packaged-runtime line. Patch release over v7.20.12 — Brain recovery now pauses all known DB writers before restoring `nexo.db`, and Doctor can repair the zero-byte/locked database state that made Desktop Local Memory show zero files.
+
+Previously in `7.20.12`: patch release over v7.20.11 — Local Context now keeps the first index pass separate from live change tracking, persists the current indexing start time, caps compact context payloads for agents, and installs the Windows host scheduler needed to keep WSL indexing alive after reboots.
 
 Previously in `7.20.11`: patch release over v7.20.10 — Local Context now starts from real system volume roots plus mounted/removable/network volumes, filters system/cache/app/product artifacts, and injects relevant local evidence automatically into heartbeat, task-open and pre-action context.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.20.12",
+  "version": "7.20.13",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/auto_update.py

@@ -1412,7 +1412,8 @@ def _self_heal_if_wiped() -> dict | None:
             db_looks_wiped,
             db_row_counts,
             find_latest_hourly_backup,
-            kill_nexo_mcp_servers,
+            quiesce_nexo_db_writers,
+            resume_nexo_launchagents,
             safe_sqlite_backup,
             validate_backup_matches_source,
         )
@@ -1467,11 +1468,29 @@ def _self_heal_if_wiped() -> dict | None:
         f"(reference={reference.name}, {ref_total} critical rows). Restoring..."
     )
 
-    # Kill any live MCP servers so they cannot overwrite the restored DB.
-    kill_report = kill_nexo_mcp_servers(dry_run=False)
-    if kill_report.get("terminated"):
-        _log(f"self-heal: terminated {kill_report['terminated']} live MCP server(s).")
-        time.sleep(0.5)
+    # Pause any live DB writers so they cannot overwrite the restored DB or
+    # keep stale handles open. Desktop installs have more writers than the MCP
+    # server: local-index, email-monitor, followup-runner, watchdog and catchup.
+    quiesce_report = quiesce_nexo_db_writers(dry_run=False)
+    stopped_launchagents = list((quiesce_report.get("launchagents") or {}).get("stopped") or [])
+    if quiesce_report.get("terminated") or stopped_launchagents:
+        _log(
+            "self-heal: quiesced DB writers "
+            f"(terminated={quiesce_report.get('terminated', 0)}, "
+            f"launchagents={len(stopped_launchagents)})."
+        )
+    if quiesce_report.get("errors"):
+        _log(f"self-heal: DB writer quiesce warnings: {quiesce_report.get('errors')}")
+
+    def _resume_quiesced() -> dict | None:
+        if not stopped_launchagents:
+            return None
+        report = resume_nexo_launchagents(stopped_launchagents)
+        if report.get("started"):
+            _log(f"self-heal: resumed {len(report['started'])} launchagent(s).")
+        if report.get("errors"):
+            _log(f"self-heal: launchagent resume warnings: {report.get('errors')}")
+        return report
 
     # Snapshot the current (wiped) state so the heal is reversible.
     pre_heal_dir = paths.backups_dir() / f"pre-heal-{time.strftime('%Y-%m-%d-%H%M%S')}"
@@ -1497,27 +1516,34 @@ def _self_heal_if_wiped() -> dict | None:
     ok, err = safe_sqlite_backup(reference, primary)
     if not ok:
         _log(f"self-heal: restore copy failed: {err}")
+        resume_report = _resume_quiesced()
         return {
             "action": "failed",
             "reason": "restore_copy_failed",
             "error": err,
             "reference": str(reference),
             "pre_heal_dir": str(pre_heal_dir),
+            "quiesce": quiesce_report,
+            "resume": resume_report,
         }
     valid, valid_err = validate_backup_matches_source(reference, primary, CRITICAL_TABLES)
     if not valid:
         _log(f"self-heal: post-restore validation failed: {valid_err}")
+        resume_report = _resume_quiesced()
         return {
             "action": "failed",
             "reason": "validation_failed",
             "error": valid_err,
             "reference": str(reference),
             "pre_heal_dir": str(pre_heal_dir),
+            "quiesce": quiesce_report,
+            "resume": resume_report,
         }
 
     final_counts = db_row_counts(primary, CRITICAL_TABLES)
     final_total = sum(v for v in final_counts.values() if isinstance(v, int))
     _log(f"self-heal: restored {final_total} critical rows from {reference.name}.")
+    resume_report = _resume_quiesced()
     try:
         SELF_HEAL_STATE_FILE.parent.mkdir(parents=True, exist_ok=True)
         SELF_HEAL_STATE_FILE.write_text(json.dumps({
@@ -1525,6 +1551,7 @@ def _self_heal_if_wiped() -> dict | None:
             "reference": str(reference),
             "critical_rows_restored": final_total,
             "pre_heal_dir": str(pre_heal_dir),
+            "quiesced_launchagents": stopped_launchagents,
         }))
     except Exception as e:
         _log(f"self-heal: state write warning: {e}")
@@ -1535,7 +1562,9 @@ def _self_heal_if_wiped() -> dict | None:
         "reference_rows": ref_total,
         "restored_rows": final_total,
         "pre_heal_dir": str(pre_heal_dir),
-        "terminated_servers": kill_report.get("terminated", 0),
+        "terminated_servers": int((quiesce_report.get("mcp") or {}).get("terminated") or 0),
+        "quiesce": quiesce_report,
+        "resume": resume_report,
     }
 
 

package/src/db_guard.py

@@ -27,6 +27,8 @@ auto_update.py):
     safe_sqlite_backup(source, dest) -> tuple[bool, str | None]
     validate_backup_matches_source(source, dest, tables) -> tuple[bool, str | None]
     kill_nexo_mcp_servers(dry_run) -> dict
+    quiesce_nexo_db_writers(dry_run) -> dict
+    resume_nexo_launchagents(labels, dry_run) -> dict
 """
 
 from __future__ import annotations
@@ -80,6 +82,27 @@ HOURLY_BACKUP_GLOB = "nexo-*.db"
 # as an automatic self-heal source. 48h matches nexo-backup.sh retention.
 HOURLY_BACKUP_MAX_AGE = 48 * 3600
 
+# Long-lived NEXO services that can keep ``nexo.db`` open while recovery tries
+# to replace it. Keep this list conservative: only product-owned background
+# processes that are safe to stop and restart.
+NEXO_DB_WRITER_LAUNCHAGENTS: tuple[str, ...] = (
+    "com.nexo.local-index",
+    "com.nexo.email-monitor",
+    "com.nexo.followup-runner",
+    "com.nexo.watchdog",
+    "com.nexo.catchup",
+    "com.nexo.immune",
+)
+
+NEXO_DB_WRITER_MARKERS: tuple[str, ...] = (
+    "nexo-local-index.py",
+    "nexo-email-monitor.py",
+    "nexo-followup-runner.py",
+    "nexo-catchup.py",
+    "nexo-watchdog.sh",
+    "nexo-immune.py",
+)
+
 
 # ── Types ───────────────────────────────────────────────────────────────
 
@@ -447,3 +470,252 @@ def _looks_like_nexo_mcp(cmd: str) -> bool:
     if "nexo_sdk" in lowered or "nexo-mcp" in lowered:
         return True
     return False
+
+
+# ── DB writer quiescence ────────────────────────────────────────────────
+
+def quiesce_nexo_db_writers(
+    dry_run: bool = False,
+    *,
+    stop_launchagents: bool = True,
+    settle_seconds: float = 0.75,
+) -> dict:
+    """Stop known NEXO background writers before replacing ``nexo.db``.
+
+    ``kill_nexo_mcp_servers`` is not enough for Desktop installs: local-index,
+    email monitor, followup-runner and catchup can keep a stale DB handle open
+    even after the MCP server exits. This helper is intentionally narrow and
+    only targets product-owned long-lived writers.
+    """
+    result: dict = {
+        "dry_run": dry_run,
+        "mcp": {},
+        "launchagents": {"stopped": [], "errors": [], "unsupported": False},
+        "processes": {"scanned": 0, "terminated": 0, "pids": [], "errors": []},
+        "terminated": 0,
+        "errors": [],
+    }
+
+    mcp_report = kill_nexo_mcp_servers(dry_run=dry_run)
+    result["mcp"] = mcp_report
+    result["terminated"] += int(mcp_report.get("terminated") or 0)
+    result["errors"].extend(mcp_report.get("errors") or [])
+
+    if stop_launchagents:
+        la_report = _stop_nexo_launchagents(dry_run=dry_run)
+        result["launchagents"] = la_report
+        result["errors"].extend(la_report.get("errors") or [])
+
+    process_report = _terminate_nexo_db_writer_processes(dry_run=dry_run)
+    result["processes"] = process_report
+    result["terminated"] += int(process_report.get("terminated") or 0)
+    result["errors"].extend(process_report.get("errors") or [])
+
+    if not dry_run and (result["terminated"] or result["launchagents"].get("stopped")):
+        time.sleep(max(settle_seconds, 0.0))
+    return result
+
+
+def resume_nexo_launchagents(labels: list[str] | tuple[str, ...] | None = None, dry_run: bool = False) -> dict:
+    """Best-effort restart of LaunchAgents stopped by DB recovery."""
+    result: dict = {"dry_run": dry_run, "started": [], "errors": [], "unsupported": False}
+    if os.name != "posix" or sys_platform() != "darwin":
+        result["unsupported"] = True
+        return result
+    uid = os.getuid()
+    launch_agents_dir = Path.home() / "Library" / "LaunchAgents"
+    chosen = tuple(labels or NEXO_DB_WRITER_LAUNCHAGENTS)
+    for label in chosen:
+        plist = launch_agents_dir / f"{label}.plist"
+        if not plist.is_file():
+            continue
+        target = f"gui/{uid}/{label}"
+        if dry_run:
+            result["started"].append(label)
+            continue
+        try:
+            subprocess.run(
+                ["launchctl", "bootstrap", f"gui/{uid}", str(plist)],
+                capture_output=True,
+                text=True,
+                timeout=5,
+            )
+            subprocess.run(
+                ["launchctl", "kickstart", "-k", target],
+                capture_output=True,
+                text=True,
+                timeout=5,
+            )
+            result["started"].append(label)
+        except Exception as exc:
+            result["errors"].append(f"{label}: {exc}")
+    return result
+
+
+def sys_platform() -> str:
+    # Small indirection makes tests easy to monkeypatch without importing sys at
+    # module import time in older runtimes.
+    import sys
+    return sys.platform
+
+
+def _stop_nexo_launchagents(dry_run: bool = False) -> dict:
+    result: dict = {"stopped": [], "errors": [], "unsupported": False}
+    if os.name != "posix" or sys_platform() != "darwin":
+        result["unsupported"] = True
+        return result
+    uid = os.getuid()
+    launch_agents_dir = Path.home() / "Library" / "LaunchAgents"
+    for label in NEXO_DB_WRITER_LAUNCHAGENTS:
+        plist = launch_agents_dir / f"{label}.plist"
+        if not plist.is_file():
+            continue
+        if dry_run:
+            result["stopped"].append(label)
+            continue
+        try:
+            proc = subprocess.run(
+                ["launchctl", "bootout", f"gui/{uid}", str(plist)],
+                capture_output=True,
+                text=True,
+                timeout=5,
+            )
+        except Exception as exc:
+            result["errors"].append(f"{label}: {exc}")
+            continue
+        if proc.returncode == 0:
+            result["stopped"].append(label)
+        else:
+            stderr = (proc.stderr or "").strip()
+            # launchctl returns non-zero when an agent is already unloaded. That
+            # is not a recovery blocker, so keep it as quiet evidence.
+            if stderr and "No such process" not in stderr and "not found" not in stderr:
+                result["errors"].append(f"{label}: {stderr[:200]}")
+    return result
+
+
+def _terminate_nexo_db_writer_processes(dry_run: bool = False) -> dict:
+    result: dict = {"scanned": 0, "terminated": 0, "pids": [], "errors": [], "dry_run": dry_run}
+    if os.name == "posix":
+        return _terminate_posix_db_writer_processes(dry_run=dry_run)
+    if os.name == "nt":
+        return _terminate_windows_db_writer_processes(dry_run=dry_run)
+    result["errors"].append("unsupported platform")
+    return result
+
+
+def _terminate_posix_db_writer_processes(dry_run: bool = False) -> dict:
+    result: dict = {"scanned": 0, "terminated": 0, "pids": [], "errors": [], "dry_run": dry_run}
+    try:
+        proc = subprocess.run(
+            ["ps", "-axo", "pid=,command="],
+            capture_output=True,
+            text=True,
+            timeout=5,
+        )
+    except Exception as exc:
+        result["errors"].append(f"ps failed: {exc}")
+        return result
+    if proc.returncode != 0:
+        result["errors"].append(f"ps exit {proc.returncode}: {proc.stderr.strip()[:200]}")
+        return result
+
+    my_pid = os.getpid()
+    for raw in proc.stdout.splitlines():
+        line = raw.strip()
+        if not line:
+            continue
+        head, _, rest = line.partition(" ")
+        if not head.isdigit():
+            continue
+        pid = int(head)
+        if pid == my_pid:
+            continue
+        cmd = rest.strip()
+        if not _looks_like_nexo_db_writer(cmd):
+            continue
+        result["scanned"] += 1
+        result["pids"].append({"pid": pid, "command": cmd[:180]})
+        if dry_run:
+            continue
+        try:
+            os.kill(pid, signal.SIGTERM)
+            result["terminated"] += 1
+        except ProcessLookupError:
+            pass
+        except Exception as exc:
+            result["errors"].append(f"kill {pid} failed: {exc}")
+    return result
+
+
+def _terminate_windows_db_writer_processes(dry_run: bool = False) -> dict:
+    result: dict = {"scanned": 0, "terminated": 0, "pids": [], "errors": [], "dry_run": dry_run}
+    ps_script = (
+        "Get-CimInstance Win32_Process | "
+        "Select-Object ProcessId,CommandLine | ConvertTo-Json -Compress"
+    )
+    try:
+        proc = subprocess.run(
+            ["powershell", "-NoProfile", "-Command", ps_script],
+            capture_output=True,
+            text=True,
+            timeout=10,
+        )
+    except Exception as exc:
+        result["errors"].append(f"powershell process scan failed: {exc}")
+        return result
+    if proc.returncode != 0:
+        result["errors"].append(f"powershell exit {proc.returncode}: {proc.stderr.strip()[:200]}")
+        return result
+    try:
+        import json
+        rows = json.loads(proc.stdout or "[]")
+    except Exception as exc:
+        result["errors"].append(f"process json parse failed: {exc}")
+        return result
+    if isinstance(rows, dict):
+        rows = [rows]
+    my_pid = os.getpid()
+    for row in rows if isinstance(rows, list) else []:
+        try:
+            pid = int(row.get("ProcessId"))
+        except Exception:
+            continue
+        if pid == my_pid:
+            continue
+        cmd = str(row.get("CommandLine") or "")
+        if not _looks_like_nexo_db_writer(cmd):
+            continue
+        result["scanned"] += 1
+        result["pids"].append({"pid": pid, "command": cmd[:180]})
+        if dry_run:
+            continue
+        try:
+            subprocess.run(
+                ["taskkill", "/PID", str(pid), "/T", "/F"],
+                capture_output=True,
+                text=True,
+                timeout=5,
+            )
+            result["terminated"] += 1
+        except Exception as exc:
+            result["errors"].append(f"taskkill {pid} failed: {exc}")
+    return result
+
+
+def _looks_like_nexo_db_writer(cmd: str) -> bool:
+    if not cmd:
+        return False
+    lowered = cmd.lower()
+    if _looks_like_nexo_mcp(cmd):
+        return True
+    if "nexo-cron-wrapper.sh" in lowered and any(label in lowered for label in (
+        "local-index",
+        "email-monitor",
+        "followup-runner",
+        "watchdog",
+        "catchup",
+        "immune",
+    )):
+        return True
+    return any(marker in lowered for marker in NEXO_DB_WRITER_MARKERS)

package/src/doctor/providers/boot.py

@@ -37,6 +37,153 @@ def check_db_exists() -> DoctorCheck:
     )
 
 
+def check_db_integrity(fix: bool = False) -> DoctorCheck:
+    """Detect and optionally repair a wiped/corrupt local Brain database."""
+    import sqlite3
+    import paths
+    from db_guard import (
+        CRITICAL_TABLES,
+        EMPTY_DB_SIZE_BYTES,
+        MIN_REFERENCE_ROWS,
+        db_looks_wiped,
+        db_row_counts,
+        find_latest_hourly_backup,
+    )
+
+    db_path = paths.db_path()
+    if not db_path.is_file():
+        return DoctorCheck(
+            id="boot.db_integrity",
+            tier="boot",
+            status="critical",
+            severity="error",
+            summary="Database file not found",
+            evidence=[str(db_path)],
+            repair_plan=["Run nexo-brain to initialize the database"],
+        )
+
+    try:
+        size_bytes = db_path.stat().st_size
+    except OSError:
+        size_bytes = -1
+
+    quick_ok = False
+    quick_error = ""
+    try:
+        conn = sqlite3.connect(str(db_path), timeout=2)
+        try:
+            row = conn.execute("PRAGMA quick_check").fetchone()
+            quick_ok = bool(row and str(row[0]).lower() == "ok")
+            if not quick_ok:
+                quick_error = str(row[0] if row else "quick_check returned no row")
+        finally:
+            conn.close()
+    except Exception as exc:
+        quick_error = f"{type(exc).__name__}: {exc}"
+
+    looks_wiped = db_looks_wiped(db_path, CRITICAL_TABLES)
+    reference = find_latest_hourly_backup(
+        paths.backups_dir(),
+        min_critical_rows=MIN_REFERENCE_ROWS,
+    )
+    reference_counts = db_row_counts(reference, CRITICAL_TABLES) if reference else {}
+    reference_rows = sum(v for v in reference_counts.values() if isinstance(v, int))
+    lower_error = quick_error.lower()
+    corrupt_error = any(token in lower_error for token in (
+        "database disk image is malformed",
+        "file is not a database",
+        "malformed",
+        "not a database",
+    ))
+    recoverable_wipe = bool(
+        reference
+        and looks_wiped
+        and (
+            size_bytes <= EMPTY_DB_SIZE_BYTES
+            or corrupt_error
+            or not quick_ok
+        )
+    )
+
+    if quick_ok and not recoverable_wipe:
+        if looks_wiped and not reference:
+            return DoctorCheck(
+                id="boot.db_integrity",
+                tier="boot",
+                status="healthy",
+                severity="info",
+                summary="Database is readable and looks like a fresh install",
+                evidence=[f"Size: {size_bytes} bytes", "No usable backup with user data found"],
+            )
+        return DoctorCheck(
+            id="boot.db_integrity",
+            tier="boot",
+            status="healthy",
+            severity="info",
+            summary="Database integrity OK",
+            evidence=[f"Size: {size_bytes} bytes"],
+        )
+
+    evidence = [
+        f"DB: {db_path}",
+        f"Size: {size_bytes} bytes",
+        f"quick_check: {'ok' if quick_ok else quick_error or 'not ok'}",
+        f"looks_wiped: {looks_wiped}",
+    ]
+    if reference:
+        evidence.append(f"Reference backup: {reference} ({reference_rows} critical rows)")
+
+    if fix and recoverable_wipe:
+        from plugins.recover import recover
+
+        report = recover(source=str(reference), force=True)
+        if report.get("ok"):
+            final_counts = report.get("final_row_counts") or {}
+            restored_rows = sum(v for v in final_counts.values() if isinstance(v, int))
+            return DoctorCheck(
+                id="boot.db_integrity",
+                tier="boot",
+                status="healthy",
+                severity="info",
+                summary=f"Database restored from backup ({restored_rows} critical rows)",
+                evidence=evidence + [f"Pre-recover snapshot: {report.get('pre_recover_dir', '')}"],
+                fixed=True,
+            )
+        return DoctorCheck(
+            id="boot.db_integrity",
+            tier="boot",
+            status="critical",
+            severity="error",
+            summary="Database repair failed",
+            evidence=evidence + [f"Recover errors: {report.get('errors') or []}"],
+            repair_plan=["Run nexo recover --force --yes, then restart Desktop"],
+        )
+
+    if recoverable_wipe:
+        return DoctorCheck(
+            id="boot.db_integrity",
+            tier="boot",
+            status="critical",
+            severity="error",
+            summary="Database appears wiped or corrupt but a valid backup exists",
+            evidence=evidence,
+            repair_plan=["Run nexo doctor --tier boot --plane database_real --fix"],
+            escalation_prompt="NEXO database needs automatic recovery from backup.",
+        )
+
+    status = "critical" if corrupt_error else "degraded"
+    severity = "error" if status == "critical" else "warn"
+    return DoctorCheck(
+        id="boot.db_integrity",
+        tier="boot",
+        status=status,
+        severity=severity,
+        summary="Database is not fully readable" if quick_error else "Database integrity is uncertain",
+        evidence=evidence,
+        repair_plan=["Close NEXO Desktop and run nexo doctor --tier boot --plane database_real --fix"],
+    )
+
+
 def check_required_dirs() -> DoctorCheck:
     """Check that required NEXO_HOME directories exist (post-F0.6 layout
     or pre-F0.6 fallback)."""
@@ -411,6 +558,7 @@ def run_boot_checks(fix: bool = False) -> list[DoctorCheck]:
     """Run all boot-tier checks."""
     checks = [
         safe_check(check_db_exists),
+        safe_check(check_db_integrity, fix=fix),
         safe_check(check_required_dirs),
         safe_check(check_disk_space),
         safe_check(check_wrapper_scripts),

package/src/plugins/recover.py

@@ -41,7 +41,8 @@ from db_guard import (
     db_row_counts,
     diff_row_counts,
     find_latest_hourly_backup,
-    kill_nexo_mcp_servers,
+    quiesce_nexo_db_writers,
+    resume_nexo_launchagents,
     safe_sqlite_backup,
     validate_backup_matches_source,
 )
@@ -257,15 +258,20 @@ def recover(
         result["steps"].append("dry-run: stopping before any write")
         return result
 
-    # Step 3: kill live MCP servers
+    stopped_launchagents: list[str] = []
+
+    # Step 3: quiesce live DB writers
     if not skip_kill:
-        kill_report = kill_nexo_mcp_servers(dry_run=False)
-        result["steps"].append(f"kill_mcp: terminated={kill_report['terminated']} scanned={kill_report['scanned']}")
-        if kill_report.get("errors"):
-            result["warnings"].extend(kill_report["errors"])
-        # Tiny settle so the ex-server releases file locks.
-        if kill_report["terminated"]:
-            time.sleep(0.5)
+        quiesce_report = quiesce_nexo_db_writers(dry_run=False)
+        result["quiesce"] = quiesce_report
+        stopped_launchagents = list((quiesce_report.get("launchagents") or {}).get("stopped") or [])
+        result["steps"].append(
+            "quiesce_db_writers: "
+            f"terminated={quiesce_report.get('terminated', 0)} "
+            f"launchagents={len(stopped_launchagents)}"
+        )
+        if quiesce_report.get("errors"):
+            result["warnings"].extend(quiesce_report["errors"])
 
     # Step 4: snapshot current state to pre-recover/
     pre_recover_dir = _backup_base() / f"pre-recover-{time.strftime('%Y-%m-%d-%H%M%S')}"
@@ -297,17 +303,24 @@ def recover(
     ok, copy_err = safe_sqlite_backup(chosen, target_path)
     if not ok:
         result["errors"].append(f"restore copy failed: {copy_err}")
+        if stopped_launchagents:
+            result["resume"] = resume_nexo_launchagents(stopped_launchagents)
         return result
     result["steps"].append(f"restored {chosen.name} -> {target_path}")
 
     valid, valid_err = validate_backup_matches_source(chosen, target_path)
     if not valid:
         result["errors"].append(f"post-restore validation failed: {valid_err}")
+        if stopped_launchagents:
+            result["resume"] = resume_nexo_launchagents(stopped_launchagents)
         return result
     result["steps"].append("validated post-restore row counts")
 
     final_counts = db_row_counts(target_path)
     result["final_row_counts"] = {k: v for k, v in final_counts.items() if v is not None}
+    if stopped_launchagents:
+        result["resume"] = resume_nexo_launchagents(stopped_launchagents)
+        result["steps"].append(f"resumed {len((result['resume'] or {}).get('started') or [])} launchagent(s)")
     result["ok"] = True
     return result