nexo-brain 7.9.12 → 7.9.14

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.9.12",
+  "version": "7.9.13",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,7 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.9.12` is the current packaged-runtime line. Patch release over `7.9.11`: managed `~/.nexo/bin/nexo` wrappers now self-repair `core/current` when it lags behind `~/.nexo/core`, so installed users stop executing stale snapshots and `nexo update` no longer gets stuck claiming “Already up to date” from the old runtime. Coordinated Desktop release: v0.28.13.
+Version `7.9.14` is the current packaged-runtime line. Patch release over `7.9.13`: `task_close(done)` now hard-blocks missing verify/change-log/cortex evidence instead of silently degrading to debt-only closes, self-audit auto-drains stale `protocol_debt` every day, and Codex session parity now flags partial bootstrap/startup/heartbeat drift instead of passing as healthy when only one recent session behaved correctly. Coordinated Desktop release remains v0.28.14.
 
 Previously in `7.9.5`: patch release that fixes canonical diary confirmation for Desktop: Brain resolves the Desktop/Claude session UUID through NEXO SID aliases before checking `session_diary`, so archive/delete/app-exit can confirm diaries written by `nexo_session_diary_write` under the active `nexo-...` SID. Verification: `pytest tests/test_lifecycle_events.py` (28 passing) plus coordinated Desktop v0.28.6 shutdown/archive/delete/app-exit checks.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.9.12",
+  "version": "7.9.14",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/auto_update.py

@@ -4257,7 +4257,7 @@ def _restore_runtime_tree(backup_dir: str, dest: Path = NEXO_HOME) -> None:
 def _copy_runtime_from_source(src_dir: Path, repo_dir: Path, dest: Path = NEXO_HOME, progress_fn=None) -> dict:
     import shutil
 
-    packages = ["db", "cognitive", "doctor", "dashboard", "rules", "crons", "hooks"]
+    packages = ["db", "cognitive", "doctor", "dashboard", "rules", "crons", "hooks", "presets"]
     flat_files = _runtime_flat_files(src_dir)
     copied_packages = 0
     copied_files = 0

package/src/doctor/providers/runtime.py

@@ -2112,14 +2112,32 @@ def check_codex_session_parity() -> DoctorCheck:
     status = "healthy"
     severity = "info"
     repair_plan: list[str] = []
-    if audit["bootstrap_sessions"] == 0:
+    missing_bootstrap = max(0, audit["files"] - audit["bootstrap_sessions"])
+    missing_startup = max(0, audit["files"] - audit["startup_sessions"])
+    missing_heartbeat = max(0, audit["files"] - audit["heartbeat_sessions"])
+    if missing_bootstrap:
         status = "degraded"
         severity = "warn"
-        repair_plan.append("Run `nexo update` or `nexo clients sync` so plain Codex sessions inherit the managed bootstrap")
-    if audit["startup_sessions"] == 0:
+        repair_plan.append(
+            "Run `nexo update` or `nexo clients sync` so every Codex session inherits the managed bootstrap, not just a subset"
+        )
+    if missing_startup:
+        status = "degraded"
+        severity = "warn"
+        repair_plan.append(
+            "Use `nexo chat` or keep the global Codex bootstrap intact so every Codex session actually calls `nexo_startup`"
+        )
+    if missing_heartbeat:
         status = "degraded"
         severity = "warn"
-        repair_plan.append("Use `nexo chat` or keep the global Codex bootstrap intact so sessions actually call `nexo_startup`")
+        repair_plan.append("Keep `nexo_heartbeat` on every user turn so restored/plain Codex sessions do not drift off-protocol")
+    if missing_bootstrap or missing_startup or missing_heartbeat:
+        evidence.append(
+            "session drift: "
+            f"{missing_bootstrap} missing bootstrap, "
+            f"{missing_startup} missing startup, "
+            f"{missing_heartbeat} missing heartbeat"
+        )
 
     return DoctorCheck(
         id="runtime.codex_sessions",

package/src/enforcement_engine.py

@@ -17,6 +17,7 @@ from pathlib import Path
 import re
 import paths
 from core_prompts import render_core_prompt
+from operator_language import append_operator_language_contract
 
 try:
     from r13_pre_edit_guard import should_inject_r13, ToolCallRecord, WATCHED_WRITE_TOOLS
@@ -2493,7 +2494,7 @@ class HeadlessEnforcer:
             if entry["enf"].get("level") == "must":
                 p = entry["enf"].get("session_end_inject_prompt") or entry["enf"].get("inject_prompt", "")
                 if p:
-                    prompts.append(p)
+                    prompts.append(append_operator_language_contract(p))
         _logger.info("END_PROMPTS: %d prompts to inject", len(prompts))
         return prompts
 
@@ -2545,7 +2546,8 @@ class HeadlessEnforcer:
             if tool in self.tools_called and not tag.startswith("periodic_"):
                 _logger.info("SKIP: %s — already called", tag)
                 return
-        self.injection_queue.append({"prompt": prompt, "tag": tag, "at": time.time(), "rule_id": rule_id})
+        localized_prompt = append_operator_language_contract(prompt)
+        self.injection_queue.append({"prompt": localized_prompt, "tag": tag, "at": time.time(), "rule_id": rule_id})
         _logger.info("ENQUEUED: %s (queue size: %d rule_id=%s)", tag, len(self.injection_queue), rule_id or "?")
         # Fase F telemetry — log one "injection" event per enqueue. The
         # engine does not see the final event lifecycle (compliance / FP);

package/src/hook_guardrails.py

@@ -13,6 +13,7 @@ import paths
 
 from core_prompts import render_core_prompt
 from db import create_protocol_debt, get_db
+from operator_language import append_operator_language_contract
 from plugins.guard import _load_conditioned_learnings, _normalize_path_token
 from protocol_settings import get_protocol_strictness
 from product_mode import core_writes_allowed, is_protected_runtime_core_path
@@ -709,7 +710,7 @@ def _task_needs_workflow(task: dict | None) -> bool:
 
 
 def _append_protocol_warning(warnings: list[dict], message: str) -> None:
-    clean = (message or "").strip()
+    clean = append_operator_language_contract(message)
     if not clean:
         return
     if any((item.get("message") or "").strip() == clean for item in warnings):

package/src/hooks/g1_enforcer.py

@@ -44,6 +44,8 @@ import sqlite3
 import time
 from pathlib import Path
 
+from operator_language import append_operator_language_contract
+
 
 G1_GRACE_SECONDS = int(os.environ.get("NEXO_G1_GRACE_SECONDS", "120"))
 G1_RATE_LIMIT_SECONDS = int(os.environ.get("NEXO_G1_RATE_LIMIT_SECONDS", "180"))
@@ -229,12 +231,14 @@ def _render_message(task: dict) -> str:
     else:  # ask
         action = "nexo_cortex_decide(...) or a user turn"
         reason = "ask mode needs clarifying input before the visible answer"
-    return (
+    return append_operator_language_contract(
+        (
         "[NEXO Protocol Enforcer] G1 gate: task "
         f"{task_id} is open with response_mode='{mode}' "
         f"({reason}). Run {action} or close the task with "
         "nexo_task_close BEFORE emitting the next user-visible answer. "
         "Silent-compliant: do not mention this reminder to the user."
+        )
     )
 
 

package/src/hooks/post_tool_use.py

@@ -31,6 +31,7 @@ if str(_DIR.parent) not in sys.path:
     sys.path.insert(0, str(_DIR.parent))
 
 from core_prompts import render_core_prompt
+from operator_language import append_operator_language_contract
 
 _NEXO_HOME = Path(os.environ.get("NEXO_HOME", str(Path.home() / ".nexo")))
 
@@ -112,9 +113,11 @@ def check_inbox_and_emit_reminder(sid: str, now: float | None = None) -> str | N
     if current - last_rem < INBOX_CHECK_THRESHOLD_SECONDS:
         return None  # rate limit: max 1 reminder/min/session
     mark_reminder_sent(sid, current)
-    return render_core_prompt(
-        "post-tool-inbox-reminder",
-        pending=str(pending),
+    return append_operator_language_contract(
+        render_core_prompt(
+            "post-tool-inbox-reminder",
+            pending=str(pending),
+        )
     )
 
 

package/src/hooks/session-start.sh

@@ -35,6 +35,9 @@ fi
 NEXO_HOOK_START_MS=$(python3 -c "import time; print(int(time.time()*1000))" 2>/dev/null || echo 0)
 NEXO_HOOK_NAME="session-start"
 _nexo_record_hook_run() {
+    if [ "${NEXO_DISABLE_SHELL_HOOK_RECORD:-0}" = "1" ]; then
+        return
+    fi
     local exit_code=$?
     local duration_ms=0
     if [ "$NEXO_HOOK_START_MS" != "0" ]; then
@@ -283,7 +286,7 @@ try:
     try:
         row = _conn.execute(
             \"SELECT COUNT(*) FROM hook_runs \"
-            \"WHERE exit_code != 0 AND started_at > datetime('now', '-1 day')\"
+            \"WHERE exit_code != 0 AND started_at > (strftime('%s','now') - 24*3600)\"
         ).fetchone()
         _health['failing_hooks_24h'] = int(row[0] or 0) if row else 0
     except Exception:

package/src/hooks/session_start.py

@@ -47,12 +47,16 @@ def _record(duration_ms: int, exit_code: int, summary: str) -> None:
 
 
 def _run_step(cmd: list[str], timeout: int) -> tuple[int, str]:
+    env = os.environ.copy()
+    if cmd and str(cmd[-1]).endswith("session-start.sh"):
+        env["NEXO_DISABLE_SHELL_HOOK_RECORD"] = "1"
     try:
         result = subprocess.run(
             cmd,
             timeout=timeout,
             capture_output=True,
             text=True,
+            env=env,
         )
         tail = (result.stdout or result.stderr or "").strip().splitlines()[-1:] or [""]
         return result.returncode, tail[0][:200]

package/src/lifecycle_prompts.py

@@ -18,8 +18,10 @@ import hashlib
 import json
 from typing import Any, Dict, List, Optional
 
+from core_prompts import render_core_prompt
+from operator_language import build_operator_language_contract
 
-PLAN_VERSION = 4
+PLAN_VERSION = 5
 
 
 # Actions that trigger a canonical diary+stop plan. `switch` and
@@ -69,15 +71,11 @@ def _diary_prompt_for_action(
         "app-exit": "The operator quit NEXO Desktop",
     }
     trailing = reason_by_action.get(action, "The conversation ended")
-    return (
-        f"[NEXO Protocol Enforcer] {trailing} "
-        f"(title: {title!r}). Execute nexo_session_diary_write with a "
-        "complete summary: decisions made, pending items, context for "
-        "next session, mental state, and self-critique. Then execute "
-        "nexo_stop with the current SID. Do not produce visible text. "
-        "Apply the required action silently. Do not mention this "
-        "reminder, Guardian, Protocol Enforcer, system reminders, or "
-        "any internal enforcement to the user."
+    return render_core_prompt(
+        "lifecycle-diary-stop",
+        trailing=trailing,
+        title_repr=repr(title),
+        operator_language_contract_block=f" {build_operator_language_contract()}",
     )
 
 

package/src/operator_language.py

@@ -0,0 +1,79 @@
+from __future__ import annotations
+
+"""Operator-language helpers shared by prompts, hooks, and automations."""
+
+from functools import lru_cache
+
+from core_prompts import render_core_prompt
+
+
+_LANGUAGE_LABELS = {
+    "ca": "Catalan (ca)",
+    "de": "German (de)",
+    "en": "English (en)",
+    "es": "Spanish (es)",
+    "fr": "French (fr)",
+    "it": "Italian (it)",
+    "ja": "Japanese (ja)",
+    "pt": "Portuguese (pt)",
+    "zh": "Chinese (zh)",
+}
+
+
+def normalize_operator_language(value: str | None = "") -> str:
+    raw = str(value or "").strip().lower().replace("_", "-")
+    if not raw:
+        return ""
+    primary = raw.split("-", 1)[0]
+    return primary or raw
+
+
+def load_operator_language() -> str:
+    try:
+        from calibration_runtime import load_runtime_calibration
+        from paths import brain_dir
+
+        payload = load_runtime_calibration(brain_dir() / "calibration.json")
+    except Exception:
+        payload = {}
+    user = payload.get("user") if isinstance(payload.get("user"), dict) else {}
+    return normalize_operator_language(
+        str(user.get("language") or "").strip()
+        or str(payload.get("language") or "").strip()
+        or str(payload.get("lang") or "").strip()
+    )
+
+
+def describe_operator_language(language: str | None = "") -> str:
+    normalized = normalize_operator_language(language)
+    if not normalized:
+        return "the user's current conversation language"
+    return _LANGUAGE_LABELS.get(normalized, f"{normalized} language")
+
+
+@lru_cache(maxsize=8)
+def build_operator_language_contract(language: str | None = "") -> str:
+    label = describe_operator_language(language or load_operator_language())
+    return render_core_prompt(
+        "operator-language-contract",
+        operator_language_label=label,
+    )
+
+
+def append_operator_language_contract(prompt: str, language: str | None = "") -> str:
+    clean = str(prompt or "").strip()
+    if not clean:
+        return clean
+    contract = build_operator_language_contract(language).strip()
+    if contract and contract not in clean:
+        clean = f"{clean} {contract}"
+    return clean
+
+
+__all__ = [
+    "append_operator_language_contract",
+    "build_operator_language_contract",
+    "describe_operator_language",
+    "load_operator_language",
+    "normalize_operator_language",
+]

package/src/plugins/protocol.py

@@ -898,6 +898,46 @@ def _auto_capture_learning(task: dict, task_id: str, effective_files: list[str],
     )
 
 
+def _append_debt_ref(debts: list[dict], debt: dict, *, debt_type: str, severity: str):
+    debt_id = debt.get("id")
+    if debt_id and any(item.get("id") == debt_id for item in debts):
+        return
+    debts.append(
+        {
+            "id": debt_id,
+            "debt_type": debt_type,
+            "severity": severity,
+        }
+    )
+
+
+def _ensure_open_debt(
+    session_id: str,
+    task_id: str,
+    debt_type: str,
+    *,
+    severity: str,
+    evidence: str,
+    debts: list[dict],
+) -> dict:
+    existing = list_protocol_debts(
+        status="open",
+        task_id=task_id,
+        session_id="" if task_id else session_id,
+        debt_type=debt_type,
+        limit=1,
+    )
+    debt = existing[0] if existing else create_protocol_debt(
+        session_id,
+        debt_type,
+        severity=severity,
+        task_id=task_id,
+        evidence=evidence,
+    )
+    _append_debt_ref(debts, debt, debt_type=debt_type, severity=severity)
+    return debt
+
+
 def _record_debt(session_id: str, task_id: str, debt_type: str, *, severity: str, evidence: str, debts: list[dict]):
     debt = create_protocol_debt(
         session_id,
@@ -906,13 +946,7 @@ def _record_debt(session_id: str, task_id: str, debt_type: str, *, severity: str
         task_id=task_id,
         evidence=evidence,
     )
-    debts.append(
-        {
-            "id": debt.get("id"),
-            "debt_type": debt_type,
-            "severity": severity,
-        }
-    )
+    _append_debt_ref(debts, debt, debt_type=debt_type, severity=severity)
 
 
 def handle_confidence_check(
@@ -1336,10 +1370,10 @@ def handle_task_close(
         high_stakes=bool(task.get("response_high_stakes")),
     )
 
-    # ── Evidence enforcement: reject 'done' without proof in strict mode ──
-    # Fase 2 R03 extension: "evidence" must not be empty, nor <50 chars, nor
-    # a single filler word like "done" / "listo" / "ok". Trivial evidence is
-    # rejected in strict mode and logged as protocol debt in any other mode.
+    # ── Evidence enforcement: reject 'done' without proof ──
+    # G1 hardening: "done" is no longer allowed to degrade into a debt-only
+    # close when verify evidence is missing. Keep the task open, open/dedupe
+    # the debt, and force the caller to provide real proof before closing.
     if task.get("must_verify") and clean_outcome == "done":
         is_trivial, trivial_reason = _is_trivial_evidence(clean_evidence)
         if not is_trivial:
@@ -1349,39 +1383,7 @@ def handle_task_close(
                 resolution="Verification evidence supplied during task_close",
             )
         else:
-            protocol_strictness = get_protocol_strictness()
-            if protocol_strictness == "strict":
-                if trivial_reason == "empty":
-                    err = "Cannot close task as 'done' without evidence."
-                    hint = (
-                        "Provide the `evidence` parameter with verifiable proof: "
-                        "test output, curl response, screenshot path, or real "
-                        "command output."
-                    )
-                else:
-                    err = (
-                        "Cannot close task as 'done' with trivial evidence "
-                        f"({trivial_reason})."
-                    )
-                    hint = (
-                        f"Evidence must be substantive: >= {R03_MIN_EVIDENCE_CHARS} "
-                        "characters AND not a single filler word. Attach real "
-                        "proof — test output excerpt, curl response, DB row, "
-                        "screenshot path, or command stdout."
-                    )
-                return json.dumps(
-                    {
-                        "ok": False,
-                        "error": err,
-                        "hint": hint,
-                        "task_id": task_id,
-                        "protocol_strictness": protocol_strictness,
-                        "evidence_quality_reason": trivial_reason,
-                    },
-                    ensure_ascii=False,
-                    indent=2,
-                )
-            _record_debt(
+            debt = _ensure_open_debt(
                 task["session_id"],
                 task_id,
                 "claimed_done_without_evidence",
@@ -1393,6 +1395,39 @@ def handle_task_close(
                 ),
                 debts=debts_created,
             )
+            if trivial_reason == "empty":
+                err = "Cannot close task as 'done' without evidence."
+                hint = (
+                    "Provide the `evidence` parameter with verifiable proof: "
+                    "test output, curl response, screenshot path, or real "
+                    "command output."
+                )
+            else:
+                err = (
+                    "Cannot close task as 'done' with trivial evidence "
+                    f"({trivial_reason})."
+                )
+                hint = (
+                    f"Evidence must be substantive: >= {R03_MIN_EVIDENCE_CHARS} "
+                    "characters AND not a single filler word. Attach real "
+                    "proof — test output excerpt, curl response, DB row, "
+                    "screenshot path, or command stdout."
+                )
+            return json.dumps(
+                {
+                    "ok": False,
+                    "error": err,
+                    "hint": hint,
+                    "task_id": task_id,
+                    "blocked_by": "g1_verify",
+                    "debt_id": debt.get("id"),
+                    "debt_type": "claimed_done_without_evidence",
+                    "evidence_quality_reason": trivial_reason,
+                    "protocol_strictness": get_protocol_strictness(),
+                },
+                ensure_ascii=False,
+                indent=2,
+            )
 
     # ── Release checklist: require channel alignment evidence for release tasks ──
     is_release = _is_release_task(
@@ -1430,7 +1465,7 @@ def handle_task_close(
                 (clean_change_verify or clean_evidence)[:500],
             )
             if "error" in change:
-                _record_debt(
+                debt = _ensure_open_debt(
                     task["session_id"],
                     task_id,
                     "missing_change_log",
@@ -1438,6 +1473,21 @@ def handle_task_close(
                     evidence=f"change_log failed: {change['error']}",
                     debts=debts_created,
                 )
+                if clean_outcome == "done":
+                    return json.dumps(
+                        {
+                            "ok": False,
+                            "error": "Cannot close task as 'done' because change_log creation failed.",
+                            "hint": "Capture the changed files and create the change log successfully before closing as done.",
+                            "task_id": task_id,
+                            "blocked_by": "g1_change_log",
+                            "debt_id": debt.get("id"),
+                            "debt_type": "missing_change_log",
+                            "change_log_error": change.get("error"),
+                        },
+                        ensure_ascii=False,
+                        indent=2,
+                    )
             else:
                 change_log_id = change.get("id")
                 resolve_protocol_debts(
@@ -1446,7 +1496,7 @@ def handle_task_close(
                     resolution="Change log created by nexo_task_close",
                 )
         else:
-            _record_debt(
+            debt = _ensure_open_debt(
                 task["session_id"],
                 task_id,
                 "missing_change_log",
@@ -1454,6 +1504,20 @@ def handle_task_close(
                 evidence="Task required change_log but no changed files were supplied or recorded.",
                 debts=debts_created,
             )
+            if clean_outcome == "done":
+                return json.dumps(
+                    {
+                        "ok": False,
+                        "error": "Cannot close task as 'done' without changed files for the required change_log.",
+                        "hint": "Pass `files_changed` (or open the task with files) so nexo_task_close can persist the change log before closing as done.",
+                        "task_id": task_id,
+                        "blocked_by": "g1_change_log",
+                        "debt_id": debt.get("id"),
+                        "debt_type": "missing_change_log",
+                    },
+                    ensure_ascii=False,
+                    indent=2,
+                )
 
     if correction:
         if (learning_title or "").strip() and (learning_content or "").strip():
@@ -1564,7 +1628,7 @@ def handle_task_close(
                 resolution="High-stakes action task has a persisted Cortex evaluation.",
             )
         else:
-            _record_debt(
+            debt = _ensure_open_debt(
                 task["session_id"],
                 task_id,
                 "missing_cortex_evaluation",
@@ -1572,6 +1636,20 @@ def handle_task_close(
                 evidence="High-stakes action task closed without nexo_cortex_decide / persisted evaluation.",
                 debts=debts_created,
             )
+            if clean_outcome == "done":
+                return json.dumps(
+                    {
+                        "ok": False,
+                        "error": "Cannot close high-stakes action task as 'done' without a persisted cortex evaluation.",
+                        "hint": "Run `nexo_cortex_decide(...)` for this task and then close it again with the final evidence.",
+                        "task_id": task_id,
+                        "blocked_by": "g1_cortex",
+                        "debt_id": debt.get("id"),
+                        "debt_type": "missing_cortex_evaluation",
+                    },
+                    ensure_ascii=False,
+                    indent=2,
+                )
 
     if task.get("guard_has_blocking") and not files_changed_list:
         open_task_debts = list_protocol_debts(status="open", task_id=task_id, limit=200)

package/src/scripts/nexo-daily-self-audit.py

@@ -18,6 +18,7 @@ Runs via launchd at 7:00 AM daily.
 """
 import json
 import hashlib
+import importlib.util
 import os
 import py_compile
 import re
@@ -1901,6 +1902,31 @@ def _sync_managed_bootstraps_inline() -> list[str]:
     return results
 
 
+def _run_protocol_debt_drain_inline() -> dict:
+    try:
+        phase_path = NEXO_CODE / "scripts" / "deep-sleep" / "phase_protocol_debt_drain.py"
+        spec = importlib.util.spec_from_file_location("phase_protocol_debt_drain_inline", phase_path)
+        if not spec or not spec.loader:
+            raise RuntimeError(f"Cannot load phase module from {phase_path}")
+        module = importlib.util.module_from_spec(spec)
+        spec.loader.exec_module(module)
+    except Exception as exc:
+        return {"ok": False, "error": f"import_failed: {exc}"}
+
+    try:
+        report = module.run()
+    except Exception as exc:
+        return {"ok": False, "error": f"run_failed: {exc}"}
+
+    return {
+        "ok": "error" not in report,
+        "error": report.get("error", ""),
+        "drained_count": len(report.get("drained_ids") or []),
+        "requires_user_summary": report.get("requires_user_summary") or [],
+        "audit_path": report.get("audit_path", ""),
+    }
+
+
 def _sanitize_watchdog_registry_inline() -> dict:
     hash_registry = _hash_registry_path()
     if not hash_registry.exists():
@@ -1984,6 +2010,24 @@ def _disable_broken_personal_plugins_inline(conn: sqlite3.Connection | None) ->
 def run_mechanical_autofixes():
     conn = None
     try:
+        debt_drain = _run_protocol_debt_drain_inline()
+        if debt_drain.get("ok"):
+            drained_count = int(debt_drain.get("drained_count") or 0)
+            requires_user_summary = debt_drain.get("requires_user_summary") or []
+            if drained_count or requires_user_summary:
+                detail_bits: list[str] = []
+                if drained_count:
+                    detail_bits.append(f"drained {drained_count} stale protocol debt item(s)")
+                if requires_user_summary:
+                    summary = ", ".join(
+                        f"{item.get('debt_type')} x{int(item.get('count') or 0)}"
+                        for item in requires_user_summary[:4]
+                    )
+                    detail_bits.append(f"still needs user review: {summary}")
+                finding("INFO", "autofix", "Self-audit protocol debt drain: " + " | ".join(detail_bits))
+        elif debt_drain.get("error"):
+            finding("WARN", "autofix", f"Protocol debt drain inline failed: {debt_drain['error']}")
+
         if NEXO_DB.exists():
             conn = sqlite3.connect(str(NEXO_DB))
             conn.row_factory = sqlite3.Row

package/src/scripts/nexo-followup-runner.py

@@ -59,6 +59,7 @@ from automation_controls import (
 )
 from client_preferences import resolve_automation_backend, resolve_client_runtime_profile
 from core_prompts import render_core_prompt
+from operator_language import build_operator_language_contract, normalize_operator_language
 import db as nexo_db
 
 NEXO_DB = db_path()
@@ -73,6 +74,7 @@ LOCK_FILE = LOG_DIR / "followup-runner.lock"
 MAX_FOLLOWUPS_PER_RUN = 5  # Focus: Opus can actually execute 5, not 30
 COOLDOWN_DAYS = 3  # Don't retry needs_decision/blocked for 3 days
 DEFAULT_ASSISTANT_NAME = "Nova"
+DEFAULT_OPERATOR_LANGUAGE = "en"
 
 # ── Logging ─────────────────────────────────────────────────────────────
 def log(msg: str):
@@ -137,6 +139,17 @@ def _operator_attention_label_set(operator_name: str = "") -> tuple[str, str, st
     )
 
 
+def _operator_language(operator: dict | None = None) -> str:
+    payload = operator if isinstance(operator, dict) else get_operator_profile()
+    return normalize_operator_language(
+        str(payload.get("language") or DEFAULT_OPERATOR_LANGUAGE).strip() or DEFAULT_OPERATOR_LANGUAGE
+    )
+
+
+def _uses_spanish(language: str) -> bool:
+    return _operator_language({"language": language}).startswith("es")
+
+
 def _fallback_operator_attention_hint(followup: dict) -> bool:
     """Last-resort structural fallback.
 
@@ -428,15 +441,25 @@ def attention_reminder_category(status: str) -> str:
     return "decisions" if status == "needs_decision" else "waiting"
 
 
-def attention_reminder_description(fu_id: str, *, summary: str, options, status: str) -> str:
-    prefix = "Decision needed" if status == "needs_decision" else "Execution blocked"
+def attention_reminder_description(
+    fu_id: str,
+    *,
+    summary: str,
+    options,
+    status: str,
+    operator_language: str,
+) -> str:
     detail = " ".join((summary or "").split())
     if not detail:
-        detail = "The runner cannot close this item without operator input."
-    description = f"{prefix} en {fu_id}: {detail}"
+        detail = (
+            "El runner no puede cerrar este punto sin intervención del operador."
+            if _uses_spanish(operator_language)
+            else "The runner cannot close this item without operator input."
+        )
+    description = f"{fu_id}: {detail}"
     opts_text = render_options(options)
     if opts_text:
-        description += f" Options: {opts_text}"
+        description += f" {'Opciones' if _uses_spanish(operator_language) else 'Options'}: {opts_text}"
     return description[:480]
 
 
@@ -446,9 +469,16 @@ def upsert_attention_reminder(
     summary: str,
     options,
     status: str,
+    operator_language: str,
 ):
     reminder_id = attention_reminder_id(fu_id)
-    description = attention_reminder_description(fu_id, summary=summary, options=options, status=status)
+    description = attention_reminder_description(
+        fu_id,
+        summary=summary,
+        options=options,
+        status=status,
+        operator_language=operator_language,
+    )
     category = attention_reminder_category(status)
     today = date.today().isoformat()
     existing = nexo_db.get_reminder(reminder_id)
@@ -462,7 +492,7 @@ def upsert_attention_reminder(
             category=category,
             history_actor="followup-runner",
             history_event="updated",
-            history_note=f"{fu_id}: refreshed after {status}.",
+            history_note=f"{fu_id}: status={status}",
         )
         if result.get("error"):
             log(f"  {fu_id}: failed to update reminder {reminder_id} ({result['error']})")
@@ -482,7 +512,7 @@ def upsert_attention_reminder(
         return
     nexo_db.add_reminder_note(
         reminder_id,
-        f"Creado desde {fu_id} tras resultado {status}.",
+        f"source_followup={fu_id} status={status}",
         actor="followup-runner",
     )
     log(f"  {fu_id}: reminder {reminder_id} creado para orchestrator")
@@ -516,6 +546,7 @@ def defer_followup_after_attention(
     options,
     status: str,
     priority: str = "",
+    operator_language: str,
 ):
     next_review = (date.today() + timedelta(days=1)).isoformat()
     details = summary.strip()
@@ -536,7 +567,7 @@ def defer_followup_after_attention(
         status="PENDING",
         priority=priority,
         history_event="rescheduled",
-        history_note=f"Runner deferred after {status}; next review scheduled for {next_review}.",
+        history_note=f"status={status}; next_review={next_review}",
     )
     if ok:
         log(f"  {fu_id}: {status} → reprogramado para {next_review}")
@@ -545,6 +576,7 @@ def defer_followup_after_attention(
         summary=summary,
         options=options,
         status=status,
+        operator_language=operator_language,
     )
 
 
@@ -636,6 +668,7 @@ def build_prompt(actionable: list[dict]) -> str:
     operator = get_operator_profile()
     operator_name = str(operator.get("operator_name") or "the operator")
     assistant_name = str(operator.get("assistant_name") or DEFAULT_ASSISTANT_NAME)
+    operator_language = _operator_language(operator)
     operator_email = str(operator.get("operator_email") or "").strip()
     send_reply_script = get_send_reply_script_path(local_script_dir=_script_dir)
     send_target = operator_email or "OPERATOR_EMAIL_NOT_CONFIGURED"
@@ -691,6 +724,7 @@ Do not repeat queries, verifications, or operator emails that already happened t
         recent_block=recent_block,
         proactive_block=proactive_block,
         extra_instructions_block=(extra_instructions_block + "\n\n") if extra_instructions_block else "",
+        operator_language_contract_block=build_operator_language_contract(operator_language) + "\n\n",
         python_executable=sys.executable,
         send_reply_script=send_reply_script,
         send_target=send_target,
@@ -810,6 +844,7 @@ def main():
                 options=options,
                 status=r["status"],
                 priority=priority,
+                operator_language=_operator_language(),
             )
             # Cooldown: don't retry for COOLDOWN_DAYS
             record_attempt(state, fid, r["status"])

package/templates/core-prompts/followup-runner.md

@@ -1,7 +1,7 @@
 You are [[assistant_name]] running automated followups in headless mode (no user present).
 [[work_intro]]
 
-[[followup_block]][[recent_block]][[proactive_block]][[extra_instructions_block]]== STARTUP AND SHUTDOWN ==
+[[operator_language_contract_block]][[followup_block]][[recent_block]][[proactive_block]][[extra_instructions_block]]== STARTUP AND SHUTDOWN ==
 
 Start:
 - `nexo_startup(task="followup-runner-cycle")`
@@ -69,6 +69,7 @@ Statuses:
 - EXECUTE first, report after
 - NEVER mark something complete without real verification
 - `summary` must ALWAYS include REAL facts about what you DID (metrics, values, URLs, dates)
+- `summary`, `options`, and any operator-facing text MUST stay in the operator's language
 - NEVER include internal NEXO system noise (diaries, buffers, post-mortem)
 - The operator needs results, not internal runtime chatter
 - If there is nothing pending and nothing worth fixing, finish quickly — do not invent work

package/templates/core-prompts/lifecycle-diary-stop.md

@@ -0,0 +1 @@
+[NEXO Protocol Enforcer] [[trailing]] (title: [[title_repr]]). Execute nexo_session_diary_write with a complete summary: decisions made, pending items, context for next session, mental state, and self-critique. Then execute nexo_stop with the current SID. Do not produce visible text. Apply the required action silently. Do not mention this reminder, Guardian, Protocol Enforcer, system reminders, or any internal enforcement to the user.[[operator_language_contract_block]]

package/templates/core-prompts/operator-language-contract.md

@@ -0,0 +1 @@
+CRITICAL LANGUAGE CONTRACT: even when this reminder or automation prompt is written in English, any operator-facing reply, diary entry, reminder/followup note, summary, escalation, or answer you generate while handling it MUST be written in [[operator_language_label]]. Keep machine identifiers, JSON keys, and explicit code/tool names unchanged only when the schema requires them.

package/tool-enforcement-map.json

@@ -1970,6 +1970,32 @@
       },
       "triggers_after": []
     },
+    "nexo_lifecycle_wait_for_stop": {
+      "description": "Wait until a canonical lifecycle event no longer has an active NEXO session.",
+      "category": "lifecycle",
+      "source": "plugin:lifecycle_events",
+      "requires": [],
+      "provides": [],
+      "internal_calls": [],
+      "enforcement": {
+        "level": "none",
+        "rules": []
+      },
+      "triggers_after": []
+    },
+    "nexo_lifecycle_stop_nexo_session": {
+      "description": "Best-effort explicit stop of a NEXO SID for Desktop lifecycle cleanup.",
+      "category": "lifecycle",
+      "source": "plugin:lifecycle_events",
+      "requires": [],
+      "provides": [],
+      "internal_calls": [],
+      "enforcement": {
+        "level": "none",
+        "rules": []
+      },
+      "triggers_after": []
+    },
     "nexo_media_memory_add": {
       "description": "Store non-text artifact metadata",
       "category": "media",