nexo-brain 7.22.0 → 7.23.1

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.22.0",
+  "version": "7.23.0",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.22.0` is the current packaged-runtime line. Minor release over v7.21.0 - heartbeat stays fast in Desktop-managed sessions, MCP writes can be accepted through a durable file-backed queue before SQLite commit, Brain exposes compliance state for Desktop gates, and Local Context adds Entity Dossier for open-domain local evidence aggregation.
+Version `7.23.1` is the current packaged-runtime line. Express patch over v7.23.0 - headless automations no longer hang on silent Claude children, synthetic followup prompts no longer trigger session-end loops, and runtime backups self-prune under a hard cap before creating new large artifacts.
+
+Previously in `7.23.0`: minor release over v7.22.0 - pre-answer routing now consults continuity evidence before visible replies, Memory Observations queue processing converges through a bounded processor, and audits expose saved-but-not-used stores, automation drift, MCP live/catalog gaps, artifact location and transcript coverage.
+
+Previously in `7.22.0`: minor release over v7.21.0 - heartbeat stays fast in Desktop-managed sessions, MCP writes can be accepted through a durable file-backed queue before SQLite commit, Brain exposes compliance state for Desktop gates, and Local Context adds Entity Dossier for open-domain local evidence aggregation.
 
 Previously in `7.21.0`: minor release over v7.20.25 - MCP now starts through a thin compatibility adapter backed by one resident local Runtime Service, reducing duplicate Brain processes and SQLite contention across Claude Code, Codex, Claude Desktop, and NEXO Desktop.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.22.0",
+  "version": "7.23.1",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/agent_runner.py

@@ -1052,9 +1052,10 @@ BARE_MODE_SAFE_CALLERS: frozenset[str] = frozenset({
 # Execution contracts keep background agents disciplined without polluting
 # machine-only child calls that must return strict JSON.
 AUTOMATION_CONTRACT_FULL_NEXO_AGENT = "full_nexo_agent"
+AUTOMATION_CONTRACT_SUPERVISED_CHILD = "supervised_child"
 AUTOMATION_CONTRACT_STRICT_CHILD = "strict_child_json"
 AUTOMATION_CONTRACT_PUBLIC_CHILD = "public_isolated_child"
-AUTOMATION_CONTRACT_DEFAULT = AUTOMATION_CONTRACT_FULL_NEXO_AGENT
+AUTOMATION_CONTRACT_DEFAULT = AUTOMATION_CONTRACT_SUPERVISED_CHILD
 
 FULL_NEXO_AGENT_CALLERS: frozenset[str] = frozenset({
     "catchup/morning",
@@ -1087,17 +1088,30 @@ MACHINE_ONLY_LANGUAGE_CONTRACT_CALLERS: frozenset[str] = frozenset({
 
 def _automation_contract_for_caller(caller: str) -> str:
     clean = str(caller or "").strip()
+    if clean in FULL_NEXO_AGENT_CALLERS:
+        return AUTOMATION_CONTRACT_FULL_NEXO_AGENT
     if clean in STRICT_CHILD_CALLERS:
         return AUTOMATION_CONTRACT_STRICT_CHILD
     if clean in PUBLIC_CHILD_CALLERS:
         return AUTOMATION_CONTRACT_PUBLIC_CHILD
-    return AUTOMATION_CONTRACT_FULL_NEXO_AGENT
+    return AUTOMATION_CONTRACT_DEFAULT
 
 
 def _caller_uses_global_discipline(caller: str) -> bool:
     return _automation_contract_for_caller(caller) == AUTOMATION_CONTRACT_FULL_NEXO_AGENT
 
 
+def _build_supervised_child_system_prompt() -> str:
+    return (
+        "You are running as a supervised NEXO automation child. "
+        "Return the requested result for this job only. Do not open or close "
+        "NEXO tasks, reminders, diary entries, sessions, or followups from "
+        "inside this child process; the parent NEXO runner owns lifecycle, "
+        "timeouts, evidence, retries, and durable state. If the requested "
+        "work cannot be completed safely, return a concise failure reason."
+    )
+
+
 def _should_apply_operator_language_contract(caller: str) -> bool:
     clean = str(caller or "").strip()
     if not clean:
@@ -1191,6 +1205,12 @@ def run_automation_prompt(
             append_system_prompt = append_system_prompt + "\n\n" + enforcement_fragment
         else:
             append_system_prompt = enforcement_fragment
+    elif automation_contract == AUTOMATION_CONTRACT_SUPERVISED_CHILD:
+        supervised_fragment = _build_supervised_child_system_prompt()
+        if append_system_prompt:
+            append_system_prompt = append_system_prompt + "\n\n" + supervised_fragment
+        else:
+            append_system_prompt = supervised_fragment
 
     prompt = _apply_operator_language_contract(prompt, caller=caller)
 

package/src/artifact_locator.py

@@ -0,0 +1,89 @@
+from __future__ import annotations
+
+"""Project/artifact locator helpers with Project Atlas as authority."""
+
+import json
+from pathlib import Path
+from typing import Callable, Iterable
+
+
+FallbackSearch = Callable[[str, int], Iterable[dict]]
+
+
+def load_project_atlas(path: str | Path) -> dict:
+    try:
+        payload = json.loads(Path(path).expanduser().read_text(encoding="utf-8"))
+    except Exception:
+        return {}
+    return payload if isinstance(payload, dict) else {}
+
+
+def _projects(atlas: dict) -> dict:
+    if not isinstance(atlas, dict):
+        return {}
+    if isinstance(atlas.get("projects"), dict):
+        return atlas["projects"]
+    return atlas
+
+
+def resolve_project(atlas: dict, query: str) -> dict | None:
+    clean_query = str(query or "").strip().lower()
+    if not clean_query:
+        return None
+    for key, entry in _projects(atlas).items():
+        if not isinstance(entry, dict):
+            continue
+        aliases = [str(key), *(entry.get("aliases") or [])]
+        haystack = " ".join([*aliases, str(entry.get("description") or "")]).lower()
+        if clean_query == str(key).lower() or clean_query in haystack:
+            return {"key": str(key), **entry}
+    return None
+
+
+def project_locations(project: dict | None) -> dict:
+    if not project:
+        return {}
+    locations = project.get("locations")
+    return locations if isinstance(locations, dict) else {}
+
+
+def locate_artifact(
+    *,
+    atlas: dict,
+    query: str,
+    artifact_kind: str = "",
+    fallback_search: FallbackSearch | None = None,
+    limit: int = 5,
+) -> dict:
+    project = resolve_project(atlas, query)
+    locations = project_locations(project)
+    matches: list[dict] = []
+    if project:
+        for name, value in locations.items():
+            if artifact_kind and artifact_kind not in str(name):
+                continue
+            matches.append({
+                "source": "project_atlas",
+                "project_key": project["key"],
+                "kind": str(name),
+                "path": str(value),
+                "confidence": 1.0,
+            })
+    if not matches and fallback_search:
+        for row in list(fallback_search(query, limit))[:limit]:
+            if not isinstance(row, dict):
+                continue
+            matches.append({
+                "source": str(row.get("source") or "fallback"),
+                "project_key": str(row.get("project_key") or ""),
+                "kind": str(row.get("kind") or artifact_kind or "artifact"),
+                "path": str(row.get("path") or row.get("file") or ""),
+                "confidence": float(row.get("confidence") or row.get("score") or 0.4),
+            })
+    return {
+        "query": query,
+        "artifact_kind": artifact_kind,
+        "project_key": project["key"] if project else "",
+        "matches": matches,
+        "used_fallback": not bool(project) and bool(fallback_search),
+    }

package/src/auto_update.py

@@ -108,6 +108,69 @@ def _backup_validation_tables(db_file: Path) -> tuple[str, ...]:
     return PROTECTED_BACKUP_TABLES
 
 
+def _env_int(name: str, default: int) -> int:
+    try:
+        return int(os.environ.get(name, str(default)))
+    except (TypeError, ValueError):
+        return default
+
+
+BACKUP_MAX_BYTES = _env_int("NEXO_BACKUP_MAX_BYTES", 50 * 1024 * 1024 * 1024)
+BACKUP_MIN_FREE_BYTES = _env_int("NEXO_BACKUP_MIN_FREE_BYTES", 5 * 1024 * 1024 * 1024)
+LOCAL_CONTEXT_MAX_BACKUP_BYTES = _env_int("NEXO_LOCAL_CONTEXT_MAX_BACKUP_BYTES", 2 * 1024 * 1024 * 1024)
+_LAST_BACKUP_ERROR = ""
+
+
+def _run_runtime_backup_prune() -> None:
+    script = SRC_DIR / "scripts" / "prune_runtime_backups.py"
+    if not script.is_file():
+        return
+    try:
+        subprocess.run(
+            [
+                sys.executable,
+                str(script),
+                "--root",
+                str(paths.backups_dir()),
+                "--apply",
+                "--max-bytes",
+                str(BACKUP_MAX_BYTES),
+            ],
+            capture_output=True,
+            text=True,
+            timeout=120,
+        )
+    except Exception as e:
+        _log(f"Backup self-clean warning: {e}")
+
+
+def _backup_free_bytes() -> int | None:
+    backup_root = paths.backups_dir()
+    try:
+        usage = shutil.disk_usage(backup_root if backup_root.exists() else backup_root.parent)
+        return int(usage.free)
+    except Exception:
+        return None
+
+
+def _backup_space_error() -> str | None:
+    _run_runtime_backup_prune()
+    free = _backup_free_bytes()
+    if free is not None and free < BACKUP_MIN_FREE_BYTES:
+        return (
+            "free disk below NEXO backup safety floor after automatic cleanup "
+            f"({free}B < {BACKUP_MIN_FREE_BYTES}B)"
+        )
+    return None
+
+
+def _should_include_local_context_backup(path: Path) -> bool:
+    try:
+        return path.stat().st_size <= LOCAL_CONTEXT_MAX_BACKUP_BYTES
+    except OSError:
+        return False
+
+
 CLASSIFIER_INSTALL_TIMEOUT_SECONDS = 1800
 CLASSIFIER_INSTALL_JOIN_SECONDS = 1500
 CLASSIFIER_INSTALL_LOG = paths.logs_dir() / "classifier-install.log"
@@ -380,6 +443,17 @@ def _create_validated_db_backup() -> tuple[str | None, dict | None]:
     """Create a DB backup and validate that critical tables still contain data."""
     backup_dir = _backup_dbs()
     if not backup_dir:
+        if _LAST_BACKUP_ERROR:
+            return None, {
+                "ok": False,
+                "reports": [{
+                    "ok": False,
+                    "source_db": "",
+                    "backup_db": "",
+                    "errors": [_LAST_BACKUP_ERROR],
+                    "regressions": [],
+                }],
+            }
         return None, None
 
     source_dbs: list[Path] = []
@@ -387,7 +461,7 @@ def _create_validated_db_backup() -> tuple[str | None, dict | None]:
     if primary_db is not None:
         source_dbs.append(primary_db)
     local_context_db = paths.memory_dir() / "local-context.db"
-    if local_context_db.is_file():
+    if local_context_db.is_file() and _should_include_local_context_backup(local_context_db):
         source_dbs.append(local_context_db)
     if not source_dbs:
         return backup_dir, None
@@ -2061,6 +2135,8 @@ def _backup_dbs() -> str | None:
     """Snapshot all .db files before migration. Returns backup dir or None."""
     import sqlite3
     import time as _time
+    global _LAST_BACKUP_ERROR
+    _LAST_BACKUP_ERROR = ""
     # Drop 0-byte .db orphans first — they mask the real DB during primary
     # path selection and turn into empty shells in the backup, breaking both
     # validation and rollback paths. Safe no-op when there are none.
@@ -2070,7 +2146,7 @@ def _backup_dbs() -> str | None:
 
     db_files = list(DATA_DIR.glob("*.db")) if DATA_DIR.is_dir() else []
     local_context_db = paths.memory_dir() / "local-context.db"
-    if local_context_db.is_file():
+    if local_context_db.is_file() and _should_include_local_context_backup(local_context_db):
         db_files.append(local_context_db)
     db_files += [f for f in NEXO_HOME.glob("*.db") if f.is_file()]
     src_db = SRC_DIR / "nexo.db"
@@ -2080,6 +2156,12 @@ def _backup_dbs() -> str | None:
     if not db_files:
         return None
 
+    space_err = _backup_space_error()
+    if space_err:
+        _LAST_BACKUP_ERROR = space_err
+        _log(f"DB backup aborted: {space_err}")
+        return None
+
     backup_dir.mkdir(parents=True, exist_ok=True)
     for db_file in db_files:
         src_conn = None