nexo-brain 7.20.3 → 7.20.8

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.20.3",
+  "version": "7.20.8",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,19 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.20.2` is the current packaged-runtime line. Patch release over v7.20.1 — Local Context now requeues stalled work, reports real macOS/Windows background-service health, records scan errors and preserves Windows drive roots.
+Version `7.20.8` is the current packaged-runtime line. Patch release over v7.20.7 — Local Context recognises Windows Mail package roots and Outlook Mac profile roots as bounded local-email sources instead of rejecting them as generic AppData / Group Containers.
+
+Previously in `7.20.7`: patch release over v7.20.6 — Local Context email-root bootstrap is deterministic across CI, WSL and migrated profiles while preserving macOS Mail.app, Windows Outlook, Thunderbird and NEXO email coverage.
+
+Previously in `7.20.6`: patch release over v7.20.5 — Local Context ranks entity matches at chunk level, keeps old entity-matched assets eligible, adds safe local email roots for macOS/Windows/Linux, extracts `.eml`, `.emlx`, `.msg` and NEXO email DB continuity, and exposes local graph relations in pre-action context.
+
+Previously in `7.20.5`: patch release over v7.20.4 — Local Context status reports elapsed indexing time and a defensive ETA while background jobs remain pending.
+
+Previously in `7.20.4`: patch release over v7.20.3 — Local Context now blocks private dotfiles, hidden project folders and secret-bearing content before chunks, embeddings, graph relations or agent context are created.
+
+Previously in `7.20.3`: patch release over v7.20.2 — installer DMG volumes are no longer added as local-memory roots, removed roots purge stale payloads, and doctor can repair removed-root residue.
+
+Previously in `7.20.2`: patch release over v7.20.1 — Local Context now requeues stalled work, reports real macOS/Windows background-service health, records scan errors and preserves Windows drive roots.
 
 Previously in `7.20.1`: patch release over v7.20.0 — the Local Context service now recovers from orphaned locks and mixed-version cycle failures instead of leaving the background index stuck.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.20.3",
+  "version": "7.20.8",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/doctor/providers/runtime.py

@@ -3840,16 +3840,23 @@ def check_local_index_hygiene(fix: bool = False) -> DoctorCheck:
         result = local_context_api.local_index_hygiene(fix=fix)
         residue = result.get("residue") or {}
         cleanup = result.get("cleanup") or {}
+        privacy = result.get("privacy") or {}
+        privacy_residue = privacy.get("residue") or {}
+        privacy_cleanup = privacy.get("cleanup") or {}
         suspect_roots = [str(path) for path in result.get("removed_roots") or []]
         residue_total = sum(int(residue.get(key, 0) or 0) for key in ("assets", "jobs", "errors", "dirs", "checkpoints"))
         cleanup_total = sum(int(cleanup.get(key, 0) or 0) for key in ("assets", "jobs", "errors", "dirs", "checkpoints"))
+        privacy_residue_total = sum(int(privacy_residue.get(key, 0) or 0) for key in ("assets", "dirs", "content_secret_assets"))
+        privacy_cleanup_total = sum(int(privacy_cleanup.get(key, 0) or 0) for key in ("assets", "jobs", "errors", "chunks", "embeddings", "entities", "relations", "versions", "dirs", "content_secret_assets"))
         evidence = [
             "suspect_installer_roots=" + str(len(suspect_roots)),
             "residue=" + json.dumps(residue, sort_keys=True),
             "cleanup=" + json.dumps(cleanup, sort_keys=True),
+            "privacy_residue=" + json.dumps(privacy_residue, sort_keys=True),
+            "privacy_cleanup=" + json.dumps(privacy_cleanup, sort_keys=True),
         ]
         evidence.extend(f"root={path}" for path in suspect_roots[:5])
-        if residue_total == 0 and not suspect_roots:
+        if residue_total == 0 and privacy_residue_total == 0 and not suspect_roots:
             return DoctorCheck(
                 id="runtime.local_index_hygiene",
                 tier="runtime",
@@ -3868,17 +3875,17 @@ def check_local_index_hygiene(fix: bool = False) -> DoctorCheck:
                 summary="Local memory index hygiene repaired",
                 evidence=evidence,
                 repair_plan=[],
-                fixed=cleanup_total > 0 or bool(suspect_roots),
+                fixed=cleanup_total > 0 or privacy_cleanup_total > 0 or bool(suspect_roots),
             )
         return DoctorCheck(
             id="runtime.local_index_hygiene",
             tier="runtime",
             status="degraded",
             severity="warn",
-            summary="Local memory index has stale removed-root residue",
+            summary="Local memory index has stale or private residue",
             evidence=evidence,
-            repair_plan=["Run `nexo doctor --tier runtime --fix` to purge stale local memory roots and installer-volume residue"],
-            escalation_prompt="Local memory status may show stale pending or failed jobs from removed roots.",
+            repair_plan=["Run `nexo doctor --tier runtime --fix` to purge stale local memory roots and private local-memory residue"],
+            escalation_prompt="Local memory may contain stale or private index payloads that should be purged before indexing continues.",
         )
     except Exception as exc:
         return DoctorCheck(

package/src/local_context/api.py

@@ -14,9 +14,9 @@ from db import get_db, init_db
 from db._schema import run_migrations
 
 from . import embeddings
-from .extractors import chunk_text, entities, extract_text, summarize
+from .extractors import chunk_text, contains_secret, entities, extract_text, summarize
 from .logging import log_event, tail
-from .privacy import classify_path, should_extract, should_skip_tree
+from .privacy import classify_path, is_queryable_path, should_extract, should_skip_file, should_skip_tree
 from .util import content_hash, json_dumps, json_loads, norm_path, now, quick_fingerprint, redact_path, stable_id, system_label, tokenize
 
 LOCAL_INDEX_SERVICE_LABEL = "com.nexo.local-index"
@@ -41,6 +41,9 @@ def _conn():
 def add_root(path: str, *, mode: str = "normal", depth: int | None = None) -> dict:
     conn = _conn()
     root_path = norm_path(path)
+    if should_skip_tree(root_path):
+        log_event("warn", "root_rejected_private", "Root rejected by local memory privacy rules", path=redact_path(root_path))
+        return {"ok": False, "error": "root_blocked_by_privacy", "root_path": root_path}
     depth_value = 2 if depth is None else int(depth)
     conn.execute(
         """
@@ -120,12 +123,44 @@ def _mounted_volume_roots() -> list[str]:
     return roots
 
 
+def _local_email_roots() -> list[str]:
+    home = Path.home()
+    roots: list[Path] = [home / ".nexo" / "runtime" / "nexo-email"]
+    mac_roots = [
+        home / "Library" / "Mail",
+        home / "Library" / "Group Containers" / "UBF8T346G9.Office" / "Outlook" / "Outlook 15 Profiles",
+    ]
+    local_app_data = Path(os.environ.get("LOCALAPPDATA") or home / "AppData" / "Local")
+    roaming_app_data = Path(os.environ.get("APPDATA") or home / "AppData" / "Roaming")
+    windows_roots = [
+        home / "Documents" / "Outlook Files",
+        local_app_data / "Microsoft" / "Outlook",
+        roaming_app_data / "Microsoft" / "Outlook",
+        local_app_data / "Packages" / "microsoft.windowscommunicationsapps_8wekyb3d8bbwe" / "LocalState",
+    ]
+    linux_roots = [home / ".thunderbird", home / ".mozilla-thunderbird"]
+
+    if sys.platform == "darwin":
+        roots.extend(mac_roots)
+    elif sys.platform.startswith("win"):
+        roots.extend(windows_roots)
+    else:
+        roots.extend(linux_roots)
+
+    # CI and migrated profiles can expose platform-specific mail stores while
+    # running on another OS. Include only the stores that actually exist.
+    for optional_root in [*mac_roots, *windows_roots, *linux_roots]:
+        if optional_root.exists() and optional_root not in roots:
+            roots.append(optional_root)
+    return [str(root) for root in roots]
+
+
 def default_roots() -> list[str]:
     home = Path.home()
     configured = os.environ.get("NEXO_LOCAL_INDEX_DEFAULT_ROOTS", "").strip()
     if configured:
         return _dedupe_roots([item for item in configured.split(os.pathsep) if item.strip()])
-    return _dedupe_roots([str(home), *_mounted_volume_roots()])
+    return _dedupe_roots([str(home), *_local_email_roots(), *_mounted_volume_roots()])
 
 
 def ensure_default_roots() -> dict:
@@ -220,6 +255,7 @@ def _purge_removed_root_payloads(conn, *, root_paths: list[str] | None = None) -
     for table in ("local_embeddings", "local_chunks", "local_entities", "local_asset_versions"):
         conn.execute(f"DELETE FROM {table} WHERE asset_id IN ({asset_subquery})", tuple(params))
     conn.execute(f"DELETE FROM local_relations WHERE source_asset_id IN ({asset_subquery})", tuple(params))
+    conn.execute(f"DELETE FROM local_relations WHERE target_asset_id IN ({asset_subquery})", tuple(params))
     conn.execute(f"DELETE FROM local_relations WHERE target_ref IN ({asset_subquery})", tuple(params))
     conn.execute(f"DELETE FROM local_index_jobs WHERE asset_id IN ({asset_subquery})", tuple(params))
     conn.execute(f"DELETE FROM local_index_errors WHERE asset_id IN ({asset_subquery})", tuple(params))
@@ -235,12 +271,136 @@ def _purge_removed_root_payloads(conn, *, root_paths: list[str] | None = None) -
     return counts
 
 
+def _purge_asset_ids(conn, asset_ids: list[str]) -> dict:
+    unique_ids = [asset_id for asset_id in dict.fromkeys(asset_ids) if asset_id]
+    counts = {"assets": len(unique_ids), "jobs": 0, "errors": 0, "chunks": 0, "embeddings": 0, "entities": 0, "relations": 0, "versions": 0}
+    if not unique_ids:
+        return counts
+    for start in range(0, len(unique_ids), 500):
+        batch = unique_ids[start:start + 500]
+        placeholders = ",".join("?" for _ in batch)
+        for key, table in (
+            ("embeddings", "local_embeddings"),
+            ("chunks", "local_chunks"),
+            ("entities", "local_entities"),
+            ("versions", "local_asset_versions"),
+            ("jobs", "local_index_jobs"),
+            ("errors", "local_index_errors"),
+        ):
+            counts[key] += int(conn.execute(f"DELETE FROM {table} WHERE asset_id IN ({placeholders})", tuple(batch)).rowcount or 0)
+        counts["relations"] += int(conn.execute(f"DELETE FROM local_relations WHERE source_asset_id IN ({placeholders})", tuple(batch)).rowcount or 0)
+        counts["relations"] += int(conn.execute(f"DELETE FROM local_relations WHERE target_asset_id IN ({placeholders})", tuple(batch)).rowcount or 0)
+        counts["relations"] += int(conn.execute(f"DELETE FROM local_relations WHERE target_ref IN ({placeholders})", tuple(batch)).rowcount or 0)
+        conn.execute(f"DELETE FROM local_assets WHERE asset_id IN ({placeholders})", tuple(batch))
+    return counts
+
+
+def _privacy_unsafe_asset_ids(conn) -> list[str]:
+    rows = conn.execute("SELECT asset_id, path, privacy_class FROM local_assets").fetchall()
+    unsafe: list[str] = []
+    for row in rows:
+        privacy_class = str(row["privacy_class"] or "")
+        if should_skip_file(str(row["path"] or "")) or privacy_class in {"private_profile_blocked", "system_blocked", "sensitive_inventory_only"}:
+            unsafe.append(str(row["asset_id"]))
+    return unsafe
+
+
+def _privacy_unsafe_dir_ids(conn) -> list[str]:
+    rows = conn.execute("SELECT dir_id, path FROM local_index_dirs").fetchall()
+    return [str(row["dir_id"]) for row in rows if should_skip_tree(str(row["path"] or ""))]
+
+
+def _content_secret_asset_ids(conn) -> list[str]:
+    rows = conn.execute(
+        """
+        SELECT c.asset_id, c.text
+        FROM local_chunks c
+        JOIN local_assets a ON a.asset_id=c.asset_id
+        WHERE a.status='active'
+          AND COALESCE(a.privacy_class, 'normal')='normal'
+        ORDER BY c.asset_id, c.chunk_index
+        """
+    ).fetchall()
+    secret_ids: set[str] = set()
+    for row in rows:
+        asset_id = str(row["asset_id"])
+        if asset_id in secret_ids:
+            continue
+        if contains_secret(str(row["text"] or "")):
+            secret_ids.add(asset_id)
+    return sorted(secret_ids)
+
+
+def _mark_content_secret_assets(conn, asset_ids: list[str]) -> int:
+    unique_ids = [asset_id for asset_id in dict.fromkeys(asset_ids) if asset_id]
+    if not unique_ids:
+        return 0
+    for start in range(0, len(unique_ids), 500):
+        batch = unique_ids[start:start + 500]
+        placeholders = ",".join("?" for _ in batch)
+        for table in ("local_embeddings", "local_chunks", "local_entities"):
+            conn.execute(f"DELETE FROM {table} WHERE asset_id IN ({placeholders})", tuple(batch))
+        conn.execute(f"DELETE FROM local_relations WHERE source_asset_id IN ({placeholders})", tuple(batch))
+        conn.execute(f"DELETE FROM local_relations WHERE target_asset_id IN ({placeholders})", tuple(batch))
+        conn.execute(f"DELETE FROM local_relations WHERE target_ref IN ({placeholders})", tuple(batch))
+        conn.execute(
+            f"""
+            UPDATE local_index_jobs
+            SET status='done', last_error_code='content_secret_blocked', updated_at=?
+            WHERE asset_id IN ({placeholders})
+            """,
+            (now(), *batch),
+        )
+        conn.execute(
+            f"""
+            UPDATE local_asset_versions
+            SET summary='', metadata_json=?
+            WHERE asset_id IN ({placeholders})
+            """,
+            (json_dumps({"content_blocked": "secret_pattern"}), *batch),
+        )
+        conn.execute(
+            f"""
+            UPDATE local_assets
+            SET privacy_class='content_secret_inventory_only',
+                depth=1,
+                depth_reason='content_secret',
+                phase='privacy_blocked',
+                updated_at=?
+            WHERE asset_id IN ({placeholders})
+            """,
+            (now(), *batch),
+        )
+    return len(unique_ids)
+
+
+def local_index_privacy_hygiene(*, fix: bool = False) -> dict:
+    conn = _conn()
+    asset_ids = _privacy_unsafe_asset_ids(conn)
+    dir_ids = _privacy_unsafe_dir_ids(conn)
+    content_secret_ids = _content_secret_asset_ids(conn)
+    residue = {"assets": len(asset_ids), "dirs": len(dir_ids), "content_secret_assets": len(content_secret_ids)}
+    cleanup = {"assets": 0, "jobs": 0, "errors": 0, "chunks": 0, "embeddings": 0, "entities": 0, "relations": 0, "versions": 0, "dirs": 0, "content_secret_assets": 0}
+    if fix:
+        cleanup.update(_purge_asset_ids(conn, asset_ids))
+        if dir_ids:
+            for start in range(0, len(dir_ids), 500):
+                batch = dir_ids[start:start + 500]
+                placeholders = ",".join("?" for _ in batch)
+                cleanup["dirs"] += int(conn.execute(f"DELETE FROM local_index_dirs WHERE dir_id IN ({placeholders})", tuple(batch)).rowcount or 0)
+        cleanup["content_secret_assets"] = _mark_content_secret_assets(conn, content_secret_ids)
+        conn.commit()
+        if asset_ids or dir_ids or content_secret_ids:
+            log_event("warn", "privacy_hygiene_repaired", "Local memory privacy hygiene repaired", cleanup=cleanup)
+    return {"ok": True, "fix": fix, "residue": residue, "cleanup": cleanup}
+
+
 def local_index_hygiene(*, fix: bool = False) -> dict:
     conn = _conn()
     removed_paths: list[str] = []
     for row in conn.execute("SELECT id, root_path FROM local_index_roots").fetchall():
         path = str(row["root_path"] or "")
-        if _should_skip_mounted_root(Path(path)):
+        if _should_skip_mounted_root(Path(path)) or should_skip_tree(path):
             removed_paths.append(path)
             if fix:
                 conn.execute("UPDATE local_index_roots SET status='removed', updated_at=? WHERE id=?", (now(), row["id"]))
@@ -249,9 +409,10 @@ def local_index_hygiene(*, fix: bool = False) -> dict:
     if fix:
         cleanup = _purge_removed_root_payloads(conn)
     conn.commit()
+    privacy = local_index_privacy_hygiene(fix=fix)
     if fix and (removed_paths or any(int(cleanup.get(key, 0) or 0) for key in ("assets", "jobs", "errors", "dirs", "checkpoints"))):
         log_event("info", "index_hygiene_repaired", "Local memory index hygiene repaired", roots=[redact_path(path) for path in removed_paths], cleanup=cleanup)
-    return {"ok": True, "fix": fix, "removed_roots": removed_paths, "residue": before, "cleanup": cleanup}
+    return {"ok": True, "fix": fix, "removed_roots": removed_paths, "residue": before, "cleanup": cleanup, "privacy": privacy}
 
 
 def repair_index_hygiene() -> dict:
@@ -342,7 +503,7 @@ def _file_type(path: Path) -> str:
         return "photo"
     if suffix in {".py", ".js", ".ts", ".tsx", ".jsx", ".php", ".sql", ".css", ".html"}:
         return "code"
-    if suffix in {".eml"}:
+    if suffix in {".eml", ".emlx", ".msg", ".pst", ".ost"}:
         return "email"
     if suffix in {".pdf", ".docx", ".pptx", ".xlsx", ".md", ".txt", ".csv", ".tsv"}:
         return "document"
@@ -424,6 +585,8 @@ def _upsert_asset(conn, root_id: int, path: Path, seen_at: float, root_depth: in
     raw_path = str(path)
     normalized = norm_path(raw_path)
     asset_id = stable_id("asset", normalized)
+    if should_skip_file(normalized):
+        return asset_id, False, "skipped"
     perm = _permission_state(path)
     depth, privacy_class, depth_reason = classify_path(normalized)
     depth = min(depth, root_depth)
@@ -546,6 +709,20 @@ def _mark_dir_subtree_deleted(conn, dir_path: str, deleted_at: float | None = No
     return len(rows)
 
 
+def _purge_dir_subtree(conn, dir_path: str) -> int:
+    normalized = norm_path(dir_path)
+    prefix = _path_prefix(normalized)
+    rows = conn.execute(
+        "SELECT asset_id FROM local_assets WHERE path=? OR path LIKE ?",
+        (normalized, prefix + "%"),
+    ).fetchall()
+    asset_ids = [str(row["asset_id"]) for row in rows]
+    _purge_asset_ids(conn, asset_ids)
+    conn.execute("DELETE FROM local_index_dirs WHERE path=? OR path LIKE ?", (normalized, prefix + "%"))
+    conn.execute("DELETE FROM local_index_errors WHERE path=? OR path LIKE ?", (normalized, prefix + "%"))
+    return len(asset_ids)
+
+
 def _record_index_error(
     conn,
     *,
@@ -651,6 +828,8 @@ def _iter_files(
                 continue
             if entry.is_file():
                 normalized = norm_path(entry)
+                if should_skip_file(normalized):
+                    continue
                 if start_after_norm and normalized <= start_after_norm:
                     continue
                 yield entry
@@ -729,7 +908,11 @@ def _reconcile_known_assets(conn, exclusions: list[str], *, limit: int) -> dict:
         path = str(row["path"])
         root_path = Path(row["root_path"]).expanduser() if row["root_path"] else None
         if _is_excluded(path, exclusions):
-            _mark_asset_deleted(conn, row["asset_id"], seen_at)
+            _purge_asset_ids(conn, [row["asset_id"]])
+            stats["excluded"] += 1
+            continue
+        if should_skip_file(path):
+            _purge_asset_ids(conn, [row["asset_id"]])
             stats["excluded"] += 1
             continue
         if root_path is not None and not root_path.exists():
@@ -836,6 +1019,8 @@ def _scan_known_directory(
                         stack.append(entry)
                     continue
                 if entry.is_file():
+                    if should_skip_file(str(entry)):
+                        continue
                     seen_files.add(norm_path(entry))
                     if stats["files_scanned"] >= file_limit:
                         continue
@@ -843,7 +1028,7 @@ def _scan_known_directory(
                     stats["files_scanned"] += 1
                     if changed:
                         stats["files_changed"] += 1
-                    if state != "ok":
+                    if state not in {"ok", "skipped"}:
                         stats["errors"] += 1
             except Exception as exc:
                 _record_scan_error(conn, stats, str(entry), "live_reconcile", exc)
@@ -887,6 +1072,10 @@ def _reconcile_known_dirs(conn, exclusions: list[str], *, dir_limit: int, file_l
             stats["files_deleted"] += _mark_dir_subtree_deleted(conn, str(dir_path), seen_at)
             stats["excluded_dirs"] += 1
             continue
+        if should_skip_tree(str(dir_path)):
+            stats["files_deleted"] += _purge_dir_subtree(conn, str(dir_path))
+            stats["excluded_dirs"] += 1
+            continue
         if root_path is not None and not root_path.exists():
             stats["offline"] += 1
             continue
@@ -966,6 +1155,12 @@ def scan_once(*, limit: int | None = None) -> dict:
     for root in roots:
         root_path = Path(root["root_path"]).expanduser()
         root_id = int(root["id"])
+        if should_skip_tree(str(root_path)):
+            conn.execute(
+                "UPDATE local_index_roots SET status='removed', last_scan_at=?, updated_at=? WHERE id=?",
+                (now(), now(), root_id),
+            )
+            continue
         if not root_path.exists():
             conn.execute(
                 "UPDATE local_index_roots SET status='offline', last_scan_at=?, updated_at=? WHERE id=?",
@@ -997,7 +1192,7 @@ def scan_once(*, limit: int | None = None) -> dict:
             seen_for_root += 1
             if changed:
                 totals["changed"] += 1
-            if state != "ok":
+            if state not in {"ok", "skipped"}:
                 totals["errors"] += 1
         partial_root = bool(limit and seen_for_root >= limit)
         totals["partial"] = bool(totals["partial"] or partial_root)
@@ -1121,7 +1316,7 @@ def process_jobs(*, limit: int = 100) -> dict:
     recovered = _requeue_due_jobs(conn)
     rows = conn.execute(
         """
-        SELECT j.*, a.path, a.depth, a.status AS asset_status
+        SELECT j.*, a.path, a.depth, a.privacy_class, a.status AS asset_status
         FROM local_index_jobs j
         JOIN local_assets a ON a.asset_id = j.asset_id
         WHERE j.status='pending'
@@ -1143,9 +1338,24 @@ def process_jobs(*, limit: int = 100) -> dict:
         try:
             if row["asset_status"] != "active":
                 raise FileNotFoundError(row["path"])
+            if str(row["privacy_class"] or "normal") != "normal":
+                conn.execute(
+                    "UPDATE local_index_jobs SET status='done', updated_at=?, last_error_code='privacy_blocked' WHERE job_id=?",
+                    (now(), job_id),
+                )
+                processed += 1
+                continue
             if job_type == "light_extraction":
                 text, metadata = extract_text(Path(row["path"]))
                 version_id = _latest_version_id(conn, asset_id)
+                if contains_secret(text):
+                    _mark_content_secret_assets(conn, [asset_id])
+                    conn.execute(
+                        "UPDATE local_index_jobs SET status='done', updated_at=?, last_error_code='content_secret_blocked' WHERE job_id=?",
+                        (now(), job_id),
+                    )
+                    processed += 1
+                    continue
                 summary = summarize(text)
                 conn.execute(
                     "UPDATE local_asset_versions SET summary=?, metadata_json=? WHERE version_id=?",
@@ -1202,6 +1412,9 @@ def run_once(
     live_dir_limit: int = DEFAULT_LIVE_DIR_LIMIT,
     live_file_limit: int = DEFAULT_LIVE_FILE_LIMIT,
 ) -> dict:
+    if _get_state("privacy_hygiene_v2", "0") != "1":
+        local_index_privacy_hygiene(fix=True)
+        _set_state("privacy_hygiene_v2", "1")
     if root:
         add_root(root)
     elif (
@@ -1471,6 +1684,29 @@ def _service_cycle_observation(conn) -> dict:
     return observation
 
 
+def _index_timing(conn, *, done: int, active_jobs: int, percent: int) -> dict:
+    first_seen = conn.execute(
+        """
+        SELECT MIN(created_at) AS created_at
+        FROM local_index_logs
+        WHERE event IN ('root_added', 'scan_started', 'scan_finished', 'jobs_processed', 'service_cycle_finished')
+        """
+    ).fetchone()["created_at"] or 0
+    if not first_seen:
+        first_seen = conn.execute(
+            """
+            SELECT MIN(first_seen_at) AS first_seen_at
+            FROM local_assets
+            WHERE status!='deleted'
+            """
+        ).fetchone()["first_seen_at"] or 0
+    elapsed_seconds = max(0, int(now() - float(first_seen))) if first_seen else 0
+    eta_seconds = None
+    if elapsed_seconds > 0 and done > 0 and active_jobs > 0 and 0 < percent < 100:
+        eta_seconds = max(0, int((elapsed_seconds / max(done, 1)) * active_jobs))
+    return {"elapsed_seconds": elapsed_seconds, "eta_seconds": eta_seconds}
+
+
 def _service_scheduler_has_error(service: dict) -> bool:
     if service.get("manager") == "launchagent":
         code = str(service.get("last_exit_code") or "").strip()
@@ -1544,6 +1780,7 @@ def status() -> dict:
     active_jobs = pending + running_jobs + failed_jobs
     total_jobs = active_jobs + done
     percent = 100 if total_jobs == 0 else int((done / max(total_jobs, 1)) * 100)
+    timing = _index_timing(conn, done=done, active_jobs=active_jobs, percent=percent)
     roots = list_roots()
     volumes = []
     by_volume = conn.execute(
@@ -1589,8 +1826,8 @@ def status() -> dict:
             "jobs_pending": pending,
             "jobs_running": running_jobs,
             "jobs_failed": failed_jobs,
-            "elapsed_seconds": 0,
-            "eta_seconds": None,
+            "elapsed_seconds": timing["elapsed_seconds"],
+            "eta_seconds": timing["eta_seconds"],
         },
         "volumes": volumes,
         "roots": roots,
@@ -1675,26 +1912,183 @@ def _search_text_score(query: str, text: str) -> float:
     return len(q & tokens) / max(len(q), 1)
 
 
-def context_query(query: str, *, intent: str = "answer", limit: int = 12, evidence_required: bool = True, current_context: str = "") -> dict:
-    conn = _conn()
-    qvec = embeddings.embed_text(query)
+_QUERY_STOPWORDS = {
+    "about",
+    "archivos",
+    "con",
+    "context",
+    "contexto",
+    "cuanto",
+    "dame",
+    "del",
+    "desde",
+    "documentos",
+    "donde",
+    "esta",
+    "está",
+    "file",
+    "files",
+    "hay",
+    "los",
+    "para",
+    "que",
+    "qué",
+    "related",
+    "relacionado",
+    "sabes",
+    "sobre",
+    "todo",
+    "what",
+    "where",
+}
+
+
+def _query_terms(query: str) -> list[str]:
+    terms = []
+    for token in tokenize(query):
+        if len(token) < 3 or token in _QUERY_STOPWORDS:
+            continue
+        if token not in terms:
+            terms.append(token)
+    return terms[:10]
+
+
+def _entity_match_score(query_lower: str, terms: list[str], name: str) -> float:
+    entity = (name or "").strip().lower()
+    if not entity:
+        return 0.0
+    entity_terms = set(tokenize(entity))
+    if entity and entity in query_lower:
+        return 1.0
+    if not terms:
+        return 0.0
+    term_set = set(terms)
+    overlap = term_set & entity_terms
+    if overlap:
+        return min(0.95, 0.45 + (len(overlap) / max(len(entity_terms), 1)) * 0.5)
+    if any(term in entity for term in terms):
+        return 0.6
+    return 0.0
+
+
+def _entity_matches_for_query(conn, query: str, *, limit: int) -> tuple[list[dict], dict[str, float]]:
+    query_lower = (query or "").strip().lower()
+    terms = _query_terms(query)
+    if not query_lower or not terms:
+        return [], {}
+
+    clauses = " OR ".join("lower(e.name) LIKE ?" for _ in terms)
+    params = [f"%{term}%" for term in terms]
     rows = conn.execute(
+        f"""
+        SELECT DISTINCT e.name, e.entity_type, e.asset_id, a.path, a.privacy_class
+        FROM local_entities e
+        JOIN local_assets a ON a.asset_id = e.asset_id
+        WHERE a.status='active'
+          AND a.privacy_class='normal'
+          AND ({clauses})
+        LIMIT ?
+        """,
+        [*params, max(int(limit) * 20, 40)],
+    ).fetchall()
+
+    matches = []
+    boosts: dict[str, float] = {}
+    seen = set()
+    for row in rows:
+        if not is_queryable_path(str(row["path"] or ""), str(row["privacy_class"] or "")):
+            continue
+        score = _entity_match_score(query_lower, terms, str(row["name"] or ""))
+        if score <= 0:
+            continue
+        key = (row["name"], row["entity_type"], row["asset_id"])
+        if key not in seen:
+            matches.append({
+                "name": row["name"],
+                "entity_type": row["entity_type"],
+                "asset_id": row["asset_id"],
+                "score": round(float(score), 4),
+            })
+            seen.add(key)
+        boosts[row["asset_id"]] = max(boosts.get(row["asset_id"], 0.0), float(score))
+
+    matches.sort(key=lambda item: item.get("score", 0), reverse=True)
+    return matches[: int(limit)], boosts
+
+
+def _context_candidate_rows(conn, entity_asset_ids: list[str], *, base_limit: int = 5000) -> list:
+    base_rows = conn.execute(
         """
-        SELECT c.chunk_id, c.asset_id, c.text, a.path, a.file_type, v.summary, e.vector_json
+        SELECT c.chunk_id, c.asset_id, c.text, a.path, a.file_type, a.privacy_class, v.summary, e.vector_json
         FROM local_chunks c
         JOIN local_assets a ON a.asset_id = c.asset_id
         LEFT JOIN local_asset_versions v ON v.version_id = c.version_id
         LEFT JOIN local_embeddings e ON e.chunk_id = c.chunk_id
         WHERE a.status='active'
-        LIMIT 1000
-        """
+          AND a.privacy_class='normal'
+        ORDER BY c.created_at DESC
+        LIMIT ?
+        """,
+        (int(base_limit),),
+    ).fetchall()
+    if not entity_asset_ids:
+        return base_rows
+
+    placeholders = ",".join("?" for _ in entity_asset_ids)
+    entity_rows = conn.execute(
+        f"""
+        SELECT c.chunk_id, c.asset_id, c.text, a.path, a.file_type, a.privacy_class, v.summary, e.vector_json
+        FROM local_chunks c
+        JOIN local_assets a ON a.asset_id = c.asset_id
+        LEFT JOIN local_asset_versions v ON v.version_id = c.version_id
+        LEFT JOIN local_embeddings e ON e.chunk_id = c.chunk_id
+        WHERE a.status='active'
+          AND a.privacy_class='normal'
+          AND c.asset_id IN ({placeholders})
+        ORDER BY c.chunk_index ASC
+        LIMIT ?
+        """,
+        [*entity_asset_ids, max(1000, len(entity_asset_ids) * 80)],
     ).fetchall()
+
+    rows = []
+    seen_chunks = set()
+    for row in [*entity_rows, *base_rows]:
+        chunk_id = row["chunk_id"]
+        if chunk_id in seen_chunks:
+            continue
+        seen_chunks.add(chunk_id)
+        rows.append(row)
+    return rows
+
+
+def context_query(query: str, *, intent: str = "answer", limit: int = 12, evidence_required: bool = True, current_context: str = "") -> dict:
+    conn = _conn()
+    qvec = embeddings.embed_text(query)
+    entities_payload, entity_boosts = _entity_matches_for_query(conn, query, limit=max(int(limit), 1))
+    rows = _context_candidate_rows(conn, list(entity_boosts.keys()), base_limit=5000)
     scored = []
     for row in rows:
+        if not is_queryable_path(str(row["path"] or ""), str(row["privacy_class"] or "")):
+            continue
         vector = json_loads(row["vector_json"], [])
-        score = max(_search_text_score(query, row["text"]), embeddings.cosine(qvec, vector))
+        text_score = _search_text_score(query, row["text"])
+        path_score = _search_text_score(query, row["path"] or "")
+        summary_score = _search_text_score(query, row["summary"] or "")
+        entity_score = entity_boosts.get(row["asset_id"], 0.0)
+        vector_score = embeddings.cosine(qvec, vector)
+        score = max(text_score, path_score, summary_score, vector_score)
+        if entity_score > 0:
+            direct_score = max(text_score, path_score, summary_score)
+            if direct_score > 0:
+                entity_rank = 0.82 + (0.42 * text_score) + (0.18 * path_score) + (0.12 * summary_score)
+                score = max(score, entity_rank + min(0.2, entity_score * 0.2))
+            else:
+                # Entity-level matches keep older assets eligible, but do not let
+                # unrelated chunks from a long document outrank direct evidence.
+                score = max(score, min(0.48, 0.28 + entity_score * 0.2))
         if score > 0:
-            scored.append((score, row))
+            scored.append((min(float(score), 1.6), row))
     scored.sort(key=lambda item: item[0], reverse=True)
     assets = []
     chunks = []
@@ -1704,7 +2098,6 @@ def context_query(query: str, *, intent: str = "answer", limit: int = 12, eviden
         if row["asset_id"] not in seen_assets:
             assets.append({
                 "asset_id": row["asset_id"],
-                "path": row["path"],
                 "display_path": redact_path(row["path"]),
                 "file_type": row["file_type"],
                 "score": round(float(score), 4),
@@ -1718,14 +2111,10 @@ def context_query(query: str, *, intent: str = "answer", limit: int = 12, eviden
             "score": round(float(score), 4),
         })
         evidence_refs.append(f"local_asset:{row['asset_id']}#chunk:{row['chunk_id']}")
-    entity_rows = conn.execute(
-        "SELECT DISTINCT name, entity_type, asset_id FROM local_entities WHERE lower(name) LIKE ? LIMIT ?",
-        (f"%{query.lower()}%", int(limit)),
-    ).fetchall()
-    entities_payload = [dict(row) for row in entity_rows]
     relations_payload: list[dict] = []
-    if seen_assets:
-        asset_ids = list(seen_assets)[: int(limit)]
+    relation_asset_ids = list(dict.fromkeys([*seen_assets, *entity_boosts.keys()]))[: int(limit)]
+    if relation_asset_ids:
+        asset_ids = relation_asset_ids
         placeholders = ",".join("?" for _ in asset_ids)
         relation_rows = conn.execute(
             f"""
@@ -1798,13 +2187,7 @@ def get_neighbors(asset_id: str, *, limit: int = 30) -> dict:
 
 def purge_asset(asset_id: str) -> dict:
     conn = _conn()
-    for table in ("local_embeddings", "local_chunks", "local_entities"):
-        conn.execute(f"DELETE FROM {table} WHERE asset_id=?", (asset_id,))
-    conn.execute("DELETE FROM local_relations WHERE source_asset_id=?", (asset_id,))
-    conn.execute("DELETE FROM local_index_errors WHERE asset_id=?", (asset_id,))
-    conn.execute("DELETE FROM local_index_jobs WHERE asset_id=?", (asset_id,))
-    conn.execute("DELETE FROM local_asset_versions WHERE asset_id=?", (asset_id,))
-    conn.execute("DELETE FROM local_assets WHERE asset_id=?", (asset_id,))
+    _purge_asset_ids(conn, [asset_id])
     conn.commit()
     log_event("info", "asset_purged", "Asset purged", asset_id=asset_id)
     return {"ok": True, "asset_id": asset_id}

package/src/local_context/extractors.py

@@ -4,12 +4,15 @@ import csv
 import html
 import json
 import re
+import sqlite3
 import zipfile
 from email import policy
 from email.parser import BytesParser
 from pathlib import Path
 from xml.etree import ElementTree
 
+from .privacy import is_local_email_db
+
 MAX_TEXT_BYTES = 512 * 1024
 MAX_CHARS = 120_000
 
@@ -32,6 +35,26 @@ TEXT_SUFFIXES = {
     ".css",
 }
 
+SECRET_PATTERNS: tuple[re.Pattern, ...] = (
+    re.compile(r"\bBearer\s+[A-Za-z0-9._\-~+/]{12,}\b", re.I),
+    re.compile(r"\bsk-(?:[a-z]+-)?[A-Za-z0-9_\-]{20,}\b"),
+    re.compile(r"\bpk-(?:[a-z]+-)?[A-Za-z0-9_\-]{20,}\b"),
+    re.compile(r"\b(ghp|gho|ghu|ghs|ghr|github_pat|glpat|xoxb|xoxp|shpat)_[A-Za-z0-9_]{16,}\b", re.I),
+    re.compile(r"\b(AKIA|ASIA)[A-Z0-9]{16,}\b"),
+    re.compile(r"\bey[A-Za-z0-9_-]{10,}\.ey[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b"),
+    re.compile(r"-----BEGIN (?:RSA |DSA |EC |OPENSSH |PGP )?PRIVATE KEY-----", re.I),
+    re.compile(r"\b([A-Z][A-Z0-9_]*(?:TOKEN|SECRET|KEY|PASSWORD|PASS)\s*[:=]\s*)['\"]?[A-Za-z0-9._/+=\-]{12,}", re.I),
+    re.compile(r"\b(?:api[_-]?key|secret[_-]?key|auth[_-]?token)\s*[:=]\s*['\"]?[A-Za-z0-9._/+=\-]{12,}", re.I),
+    re.compile(r"\b(?:password|passwd|pwd)\s*[:=]\s*['\"][^'\"]{6,}['\"]", re.I),
+)
+
+
+def contains_secret(text: str) -> bool:
+    if not text:
+        return False
+    sample = text[:MAX_CHARS]
+    return any(pattern.search(sample) for pattern in SECRET_PATTERNS)
+
 
 def _read_text(path: Path) -> str:
     data = path.read_bytes()[:MAX_TEXT_BYTES]
@@ -53,8 +76,8 @@ def _extract_csv(path: Path) -> str:
     return "\n".join(rows)[:MAX_CHARS]
 
 
-def _extract_eml(path: Path) -> tuple[str, dict]:
-    msg = BytesParser(policy=policy.default).parsebytes(path.read_bytes()[:MAX_TEXT_BYTES])
+def _extract_email_bytes(data: bytes) -> tuple[str, dict]:
+    msg = BytesParser(policy=policy.default).parsebytes(data[:MAX_TEXT_BYTES])
     meta = {
         "subject": str(msg.get("subject") or ""),
         "from": str(msg.get("from") or ""),
@@ -72,6 +95,99 @@ def _extract_eml(path: Path) -> tuple[str, dict]:
     return "\n".join([meta["subject"], meta["from"], meta["to"], text])[:MAX_CHARS], meta
 
 
+def _extract_eml(path: Path) -> tuple[str, dict]:
+    return _extract_email_bytes(path.read_bytes()[:MAX_TEXT_BYTES])
+
+
+def _extract_emlx(path: Path) -> tuple[str, dict]:
+    data = path.read_bytes()[:MAX_TEXT_BYTES]
+    first_line, separator, rest = data.partition(b"\n")
+    if separator and first_line.strip().isdigit():
+        declared = int(first_line.strip() or b"0")
+        payload = rest[:declared] if declared > 0 else rest
+    else:
+        payload = data
+    if b"\n<?xml" in payload:
+        payload = payload.split(b"\n<?xml", 1)[0]
+    text, meta = _extract_email_bytes(payload)
+    meta["apple_mail_message"] = True
+    return text, meta
+
+
+def _printable_binary_text(path: Path) -> str:
+    data = path.read_bytes()[:MAX_TEXT_BYTES]
+    decoded = data.decode("utf-16", errors="ignore") if b"\x00" in data[:2000] else data.decode("latin-1", errors="ignore")
+    pieces = re.findall(r"[\wÀ-ÿ@./:=+\- ,;()\\[\\]{}]{4,}", decoded)
+    return "\n".join(piece.strip() for piece in pieces if piece.strip())[:MAX_CHARS]
+
+
+def _extract_msg(path: Path) -> tuple[str, dict]:
+    try:
+        import extract_msg  # type: ignore
+        message = extract_msg.Message(str(path))
+        meta = {
+            "subject": str(getattr(message, "subject", "") or ""),
+            "from": str(getattr(message, "sender", "") or ""),
+            "to": str(getattr(message, "to", "") or ""),
+            "date": str(getattr(message, "date", "") or ""),
+            "extractor": "msg",
+        }
+        body = str(getattr(message, "body", "") or "")
+        close = getattr(message, "close", None)
+        if callable(close):
+            close()
+        return "\n".join([meta["subject"], meta["from"], meta["to"], body])[:MAX_CHARS], meta
+    except Exception:
+        return _printable_binary_text(path), {"extractor": "msg_fallback"}
+
+
+def _table_names(conn: sqlite3.Connection) -> set[str]:
+    rows = conn.execute("SELECT name FROM sqlite_master WHERE type='table'").fetchall()
+    return {str(row[0]) for row in rows}
+
+
+def _select_existing_columns(conn: sqlite3.Connection, table: str, columns: list[str]) -> list[str]:
+    found = {str(row[1]) for row in conn.execute(f"PRAGMA table_info({table})").fetchall()}
+    return [column for column in columns if column in found]
+
+
+def _extract_nexo_email_db(path: Path) -> tuple[str, dict]:
+    if not is_local_email_db(str(path)):
+        return "", {"extractor": "sqlite_blocked"}
+    uri = f"file:{path}?mode=ro"
+    parts: list[str] = []
+    try:
+        conn = sqlite3.connect(uri, uri=True, timeout=1)
+    except Exception:
+        return "", {"extractor": "nexo_email_db", "state": "locked_or_unavailable"}
+    try:
+        tables = _table_names(conn)
+        if "emails" in tables:
+            cols = _select_existing_columns(
+                conn,
+                "emails",
+                ["from_addr", "from_name", "subject", "received_at", "status", "body", "response"],
+            )
+            if not cols:
+                return "", {"extractor": "nexo_email_db", "tables": sorted(tables)}
+            order = "received_at" if "received_at" in cols else "rowid"
+            for row in conn.execute(f"SELECT {', '.join(cols)} FROM emails ORDER BY {order} DESC LIMIT 1000").fetchall():
+                parts.append(" | ".join(str(value or "")[:4000] for value in row))
+        if "sent_email_events" in tables:
+            cols = _select_existing_columns(
+                conn,
+                "sent_email_events",
+                ["sender", "to_addrs", "cc_addrs", "subject", "sent_at", "status", "body_text"],
+            )
+            if cols:
+                order = "sent_at" if "sent_at" in cols else "rowid"
+                for row in conn.execute(f"SELECT {', '.join(cols)} FROM sent_email_events ORDER BY {order} DESC LIMIT 1000").fetchall():
+                    parts.append(" | ".join(str(value or "")[:4000] for value in row))
+    finally:
+        conn.close()
+    return "\n".join(parts)[:MAX_CHARS], {"extractor": "nexo_email_db", "tables": sorted(tables) if "tables" in locals() else []}
+
+
 def _zip_xml_text(path: Path, members: list[str]) -> str:
     pieces: list[str] = []
     with zipfile.ZipFile(path) as zf:
@@ -156,6 +272,14 @@ def extract_text(path: Path) -> tuple[str, dict]:
     elif suffix == ".eml":
         text, metadata = _extract_eml(path)
         metadata["extractor"] = "eml"
+    elif suffix == ".emlx":
+        text, metadata = _extract_emlx(path)
+        metadata["extractor"] = "emlx"
+    elif suffix == ".msg":
+        text, metadata = _extract_msg(path)
+        metadata["extractor"] = metadata.get("extractor") or "msg"
+    elif suffix == ".db" and is_local_email_db(str(path)):
+        text, metadata = _extract_nexo_email_db(path)
     elif suffix == ".pdf":
         text = _extract_pdf(path)
     elif suffix == ".docx":

package/src/local_context/privacy.py

@@ -6,21 +6,58 @@ SENSITIVE_FILE_NAMES = {
     ".env",
     ".env.local",
     ".env.production",
+    ".npmrc",
+    ".pypirc",
+    ".netrc",
+    ".boto",
+    ".pgpass",
+    ".my.cnf",
+    ".git-credentials",
+    ".mcp_publisher_token",
+    ".mcpregistry_github_token",
+    ".mcpregistry_registry_token",
     "id_rsa",
     "id_dsa",
     "id_ecdsa",
     "id_ed25519",
+    "known_hosts",
+    "authorized_keys",
     "cookies.sqlite",
     "login data",
     "keychain-2.db",
 }
 
+SENSITIVE_NAME_MARKERS = {
+    "api_key",
+    "apikey",
+    "auth_token",
+    "bearer",
+    "client_secret",
+    "credential",
+    "credentials",
+    "oauth",
+    "password",
+    "passwd",
+    "private_key",
+    "secret",
+    "token",
+}
+
+SENSITIVE_SUFFIXES = {
+    ".key",
+    ".pem",
+    ".p12",
+    ".pfx",
+    ".kdbx",
+}
+
 SENSITIVE_PARTS = {
     ".ssh",
     ".gnupg",
     ".aws",
     ".azure",
     ".kube",
+    ".docker",
     "password",
     "passwords",
     "1password",
@@ -30,6 +67,29 @@ SENSITIVE_PARTS = {
     "browser profile",
 }
 
+EMAIL_RUNTIME_DB_NAMES = {
+    "email.db",
+    "email-tracker.db",
+    "emails.db",
+    "monitor.db",
+    "nexo-email.db",
+}
+
+EMAIL_ATTACHMENT_SUFFIXES = {
+    ".csv",
+    ".docx",
+    ".eml",
+    ".emlx",
+    ".html",
+    ".md",
+    ".pdf",
+    ".pptx",
+    ".txt",
+    ".xlsx",
+}
+
+EMAIL_EXTRACTABLE_SUFFIXES = {".eml", ".emlx", ".msg"}
+
 NOISY_PARTS = {
     "node_modules",
     "vendor",
@@ -53,9 +113,64 @@ NOISY_PARTS = {
     ".parcel-cache",
     ".bun",
     ".gradle",
+    "$tmp",
     "target",
 }
 
+TRANSIENT_PARTS = {"tmp", "temp"}
+
+PRIVATE_PROFILE_PARTS = {
+    ".nexo",
+    ".claude",
+    ".codex",
+    ".gemini",
+    ".cursor",
+    ".config",
+    ".local",
+    ".npm",
+    ".yarn",
+    ".pnpm-store",
+    ".ollama",
+    ".docker",
+    ".vscode",
+    ".idea",
+    "appdata",
+    "application data",
+    "library/application support",
+    "library/containers",
+    "library/group containers",
+    "library/keychains",
+    "library/logs",
+    "library/mail",
+    "library/messages",
+    "library/safari",
+    "library/saved application state",
+}
+
+PROFILE_HIDDEN_FILE_NAMES = {
+    ".aider.chat.history.md",
+    ".aider.input.history",
+    ".bash_history",
+    ".bash_profile",
+    ".bashrc",
+    ".claude.json",
+    ".codex.json",
+    ".cursorignore",
+    ".ds_store",
+    ".gitconfig",
+    ".gitignore_global",
+    ".lesshst",
+    ".python_history",
+    ".sqlite_history",
+    ".viminfo",
+    ".wget-hsts",
+    ".zprofile",
+    ".zsh_history",
+    ".zshrc",
+}
+
+ALLOWED_HIDDEN_FILE_NAMES = set()
+
 SYSTEM_PARTS = {
     "system volume information",
     "$recycle.bin",
@@ -69,35 +184,206 @@ SYSTEM_PARTS = {
 }
 
 
-def classify_path(path: str) -> tuple[int, str, str]:
-    """Return (depth, privacy_class, reason)."""
+def _normalized(path: str) -> str:
+    return str(Path(path)).replace("\\", "/").lower()
+
+
+def _parts(path: str) -> set[str]:
+    return {part for part in _normalized(path).replace(":", "/").split("/") if part}
+
+
+def _contains_path_marker(lowered: str, markers: set[str]) -> bool:
+    return any(marker in lowered for marker in markers)
+
+
+def _is_under_marker(lowered: str, marker: str) -> bool:
+    marker = marker.strip("/").lower()
+    if not marker:
+        return False
+    return lowered.endswith("/" + marker) or f"/{marker}/" in lowered
+
+
+def _is_inside_windows_mail_package(lowered: str) -> bool:
+    return "/appdata/local/packages/microsoft.windowscommunicationsapps" in lowered
+
+
+def _is_inside_outlook_mac_profile(lowered: str) -> bool:
+    return "/library/group containers/ubf8t346g9.office/outlook" in lowered
+
+
+def is_local_email_tree(path: str) -> bool:
+    lowered = _normalized(path)
+    if _is_inside_windows_mail_package(lowered) or _is_inside_outlook_mac_profile(lowered):
+        return True
+    return any(
+        _is_under_marker(lowered, marker)
+        for marker in (
+            "library/mail",
+            ".nexo/runtime/nexo-email",
+            "documents/outlook files",
+            "appdata/local/microsoft/outlook",
+            "appdata/roaming/microsoft/outlook",
+            "appdata/local/packages/microsoft.windowscommunicationsapps",
+            ".thunderbird",
+            ".mozilla-thunderbird",
+        )
+    )
+
+
+def is_local_email_db(path: str) -> bool:
+    p = Path(path)
+    return is_local_email_tree(path) and p.name.lower() in EMAIL_RUNTIME_DB_NAMES
+
+
+def is_allowed_local_email_file(path: str) -> bool:
+    if not is_local_email_tree(path):
+        return False
+    p = Path(path)
+    lowered = _normalized(path)
+    suffix = p.suffix.lower()
+    if is_sensitive_path(path):
+        return False
+    if _is_under_marker(lowered, ".nexo/runtime/nexo-email"):
+        if is_local_email_db(path):
+            return True
+        if _is_under_marker(lowered, ".nexo/runtime/nexo-email/attachments"):
+            return suffix in EMAIL_ATTACHMENT_SUFFIXES
+        return suffix in {".eml", ".emlx"}
+    if _is_under_marker(lowered, "library/mail"):
+        return suffix in {".eml", ".emlx"}
+    if any(
+        _is_under_marker(lowered, marker)
+        for marker in (
+            "library/group containers/ubf8t346g9.office/outlook",
+            "documents/outlook files",
+            "appdata/local/microsoft/outlook",
+            "appdata/roaming/microsoft/outlook",
+            "appdata/local/packages/microsoft.windowscommunicationsapps",
+        )
+    ) or _is_inside_windows_mail_package(lowered) or _is_inside_outlook_mac_profile(lowered):
+        return suffix in {".eml", ".msg", ".pst", ".ost"}
+    if _is_under_marker(lowered, ".thunderbird") or _is_under_marker(lowered, ".mozilla-thunderbird"):
+        return suffix in {".eml", ".mbox", ""}
+    return False
+
+
+def _has_transient_project_part(path: str) -> bool:
+    parts = list(_normalized(path).replace(":", "/").split("/"))
+    for index, part in enumerate(parts):
+        if part in TRANSIENT_PARTS and index >= 2:
+            return True
+    return False
+
+
+def _has_hidden_dir_part(path: str) -> bool:
+    parts = [part for part in _normalized(path).replace(":", "/").split("/") if part]
+    return any(part.startswith(".") and part not in {".", ".."} for part in parts[:-1])
+
+
+def _is_home_hidden_path(path: str) -> bool:
+    try:
+        p = Path(path).expanduser()
+        home = Path.home().expanduser()
+        rel = p.relative_to(home)
+    except Exception:
+        return False
+    return bool(rel.parts) and rel.parts[0].startswith(".")
+
+
+def is_sensitive_path(path: str) -> bool:
     p = Path(path)
-    lowered = str(p).replace("\\", "/").lower()
+    lowered = _normalized(path)
     name = p.name.lower()
-    parts = {part.lower() for part in p.parts}
+    stem = p.stem.lower()
+    parts = _parts(path)
+    if name in SENSITIVE_FILE_NAMES:
+        return True
+    if name.startswith(".") and name not in ALLOWED_HIDDEN_FILE_NAMES:
+        return True
+    if name.startswith("~$"):
+        return True
+    if name.endswith((".tmp", ".swp", ".swo")):
+        return True
+    if p.suffix.lower() in SENSITIVE_SUFFIXES:
+        return True
+    if parts & SENSITIVE_PARTS:
+        return True
+    if any(marker in name or marker in stem for marker in SENSITIVE_NAME_MARKERS):
+        return True
+    return _contains_path_marker(lowered, SENSITIVE_PARTS)
+
 
-    if name in SENSITIVE_FILE_NAMES or parts & SENSITIVE_PARTS:
+def is_private_profile_path(path: str) -> bool:
+    lowered = _normalized(path)
+    parts = _parts(path)
+    if parts & PRIVATE_PROFILE_PARTS:
+        return True
+    if _contains_path_marker(lowered, PRIVATE_PROFILE_PARTS):
+        return True
+    name = Path(path).name.lower()
+    if name in PROFILE_HIDDEN_FILE_NAMES:
+        return True
+    if _is_home_hidden_path(path):
+        return True
+    return False
+
+
+def classify_path(path: str) -> tuple[int, str, str]:
+    """Return (depth, privacy_class, reason)."""
+    lowered = _normalized(path)
+    parts = _parts(path)
+
+    if is_local_email_tree(path) and (Path(path).suffix == "" or is_allowed_local_email_file(path)):
+        return 2, "normal", "local_email_path"
+    if is_sensitive_path(path):
         return 1, "sensitive_inventory_only", "sensitive_path"
+    if is_private_profile_path(path):
+        return 0, "private_profile_blocked", "private_profile_path"
     if any(item in lowered for item in SYSTEM_PARTS):
         return 0, "system_blocked", "system_path"
-    if parts & NOISY_PARTS:
+    if parts & NOISY_PARTS or _has_transient_project_part(path) or _has_hidden_dir_part(path):
         return 1, "inventory_only", "noisy_tree"
     return 2, "normal", "default"
 
 
 def should_skip_tree(path: str) -> bool:
-    p = Path(path)
-    lowered = str(p).replace("\\", "/").lower()
-    parts = {part.lower() for part in p.parts}
+    lowered = _normalized(path)
+    parts = _parts(path)
+    if is_local_email_tree(path):
+        return False
+    if any(item in lowered for item in SYSTEM_PARTS):
+        return True
+    if is_sensitive_path(path) or is_private_profile_path(path):
+        return True
+    return bool(parts & NOISY_PARTS or _has_transient_project_part(path) or _has_hidden_dir_part(path))
+
+
+def should_skip_file(path: str) -> bool:
+    lowered = _normalized(path)
+    parts = _parts(path)
+    if is_local_email_tree(path):
+        return not is_allowed_local_email_file(path)
     if any(item in lowered for item in SYSTEM_PARTS):
         return True
-    return bool(parts & NOISY_PARTS)
+    if is_sensitive_path(path) or is_private_profile_path(path):
+        return True
+    return bool(parts & NOISY_PARTS or _has_transient_project_part(path) or _has_hidden_dir_part(path))
+
+
+def is_queryable_path(path: str, privacy_class: str = "") -> bool:
+    if privacy_class and privacy_class != "normal":
+        return False
+    return not should_skip_file(path)
 
 
 def should_extract(path: str, depth: int) -> bool:
     if depth < 2:
         return False
+    if should_skip_file(path):
+        return False
     suffix = Path(path).suffix.lower()
+    if is_local_email_db(path):
+        return True
     if suffix in {
         ".txt",
         ".md",
@@ -118,6 +404,8 @@ def should_extract(path: str, depth: int) -> bool:
         ".csv",
         ".tsv",
         ".eml",
+        ".emlx",
+        ".msg",
         ".pdf",
         ".docx",
         ".pptx",

package/src/tools_hot_context.py

@@ -43,6 +43,15 @@ def _format_local_context_evidence(query: str, *, limit: int = 4) -> str:
     refs = result.get("evidence_refs") or []
     if refs:
         lines.append(f"Evidence refs: {', '.join(str(ref) for ref in refs[:limit])}")
+    relations = result.get("relations") or []
+    if relations:
+        lines.append("Local relations:")
+        for relation in relations[:limit]:
+            relation_type = str(relation.get("relation_type") or "related")
+            target = str(relation.get("target_ref") or relation.get("target_asset_id") or "").strip()
+            evidence = str(relation.get("evidence") or "").strip()
+            suffix = f" — {evidence[:120]}" if evidence else ""
+            lines.append(f"- {relation_type}: {target}{suffix}")
     return "\n".join(lines)