nexo-brain 7.9.17 → 7.9.19

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.9.17",
+  "version": "7.9.19",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md

@@ -18,7 +18,11 @@
 
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
 
-Version `7.9.17` is the current packaged-runtime line. Patch release over `7.9.16`: continuity snapshot idempotency now marks its SHA-1 digest as non-security usage, keeping the high-severity Bandit gate green while preserving stable idempotency keys. It includes the v7.9.16 restart-marker deadlock fix.
+Version `7.9.19` is the current packaged-runtime line. Patch release over `7.9.18`: runtime doctor now distinguishes real install breakage from tracked in-progress work, interactive Desktop sessions no longer poison automation telemetry scoring, stale filesystem skill rows are pruned during sync, stale protocol debt draining marks rows resolved, and watchdog treats LaunchAgent SIGTERM reloads as supervisor interruptions instead of failures. It includes the v7.9.18 client-sync bootstrap fix.
+
+Previously in `7.9.18`: packaged client-sync imports now work when `NEXO_HOME` is unset, so `nexo clients sync`, `nexo update`, and runtime doctor bootstrap checks no longer hit the `_user_home` import-order crash.
+
+Previously in `7.9.17`: continuity snapshot idempotency marks its SHA-1 digest as non-security usage, keeping the high-severity Bandit gate green while preserving stable idempotency keys.
 
 Previously in `7.9.5`: patch release that fixes canonical diary confirmation for Desktop: Brain resolves the Desktop/Claude session UUID through NEXO SID aliases before checking `session_diary`, so archive/delete/app-exit can confirm diaries written by `nexo_session_diary_write` under the active `nexo-...` SID. Verification: `pytest tests/test_lifecycle_events.py` (28 passing) plus coordinated Desktop v0.28.6 shutdown/archive/delete/app-exit checks.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.9.17",
+  "version": "7.9.19",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/bootstrap_docs.py

@@ -19,6 +19,11 @@ from client_preferences import (
 )
 from runtime_home import resolve_nexo_home
 
+
+def _user_home() -> Path:
+    return Path(os.environ.get("HOME", str(Path.home()))).expanduser()
+
+
 def _resolve_templates_dir(module_file: str | os.PathLike[str]) -> Path:
     module_dir = Path(module_file).resolve().parent
     direct = module_dir / "templates"
@@ -66,10 +71,6 @@ BOOTSTRAP_SPECS = {
 }
 
 
-def _user_home() -> Path:
-    return Path(os.environ.get("HOME", str(Path.home()))).expanduser()
-
-
 def _default_nexo_home() -> Path:
     return resolve_nexo_home(os.environ.get("NEXO_HOME", str(_user_home() / ".nexo")))
 

package/src/db/_skills.py

@@ -90,8 +90,16 @@ def _normalize_level(value: str | None) -> str:
 
 def _normalize_mode(value: str | None, *, has_script: bool = False, has_content: bool = False) -> str:
     mode = (value or "").strip().lower()
-    if mode in VALID_MODES:
+    if mode == "guide":
         return mode
+    if mode == "execute":
+        return "execute" if has_script else "guide"
+    if mode == "hybrid":
+        if has_script and has_content:
+            return "hybrid"
+        if has_script:
+            return "execute"
+        return "guide"
     if has_script and has_content:
         return "hybrid"
     if has_script:
@@ -161,6 +169,14 @@ def _sync_dirs() -> list[tuple[str, Path]]:
     ]
 
 
+def _is_relative_to(path: Path, parent: Path) -> bool:
+    try:
+        path.resolve(strict=False).relative_to(parent.resolve(strict=False))
+        return True
+    except (OSError, ValueError):
+        return False
+
+
 def _ensure_skill_dirs():
     PERSONAL_SKILLS_DIR.mkdir(parents=True, exist_ok=True)
     RUNTIME_SKILLS_DIR.mkdir(parents=True, exist_ok=True)
@@ -1379,7 +1395,50 @@ def sync_skill_directories() -> dict:
     for skill in discovered.values():
         synced.append(_upsert_filesystem_skill(skill)["id"])
 
-    return {"synced": len(synced), "ids": sorted(synced), "issues": issues}
+    pruned: list[str] = []
+    discovered_ids = set(discovered)
+    conn = get_db()
+    rows = conn.execute(
+        """SELECT id, source_kind, definition_path, file_path
+           FROM skills
+           WHERE source_kind IN ('core', 'community', 'personal')
+             AND definition_path != ''"""
+    ).fetchall()
+    sync_roots = [root.resolve(strict=False) for _source_kind, root in _sync_dirs()]
+    sync_roots.extend(
+        path.resolve(strict=False)
+        for path in (
+            NEXO_HOME / "core" / "skills",
+            NEXO_HOME / "skills-core",
+            NEXO_HOME / "personal" / "skills",
+            NEXO_HOME / "skills",
+            NEXO_HOME / "community" / "skills",
+        )
+    )
+    for row in rows:
+        skill_id = str(row["id"] or "")
+        if not skill_id or skill_id in discovered_ids:
+            continue
+        definition_path = Path(str(row["definition_path"] or "")).expanduser()
+        try:
+            definition_resolved = definition_path.resolve(strict=False)
+        except OSError:
+            definition_resolved = definition_path
+        if not any(_is_relative_to(definition_resolved, root) for root in sync_roots):
+            continue
+        if definition_path.is_file():
+            continue
+        runtime_file = Path(str(row["file_path"] or "")).expanduser()
+        conn.execute("DELETE FROM skill_usage WHERE skill_id = ?", (skill_id,))
+        conn.execute("DELETE FROM skills WHERE id = ?", (skill_id,))
+        conn.execute("DELETE FROM unified_search WHERE source = 'skill' AND source_id = ?", (skill_id,))
+        if runtime_file.is_file() and _is_relative_to(runtime_file, RUNTIME_SKILLS_DIR):
+            runtime_file.unlink(missing_ok=True)
+        pruned.append(skill_id)
+    if pruned:
+        conn.commit()
+
+    return {"synced": len(synced), "ids": sorted(synced), "pruned": sorted(pruned), "issues": issues}
 
 
 def import_skill_from_directory(path: str, source_kind: str = "personal") -> dict:

package/src/doctor/providers/runtime.py

@@ -2122,14 +2122,10 @@ def check_codex_session_parity() -> DoctorCheck:
             "Run `nexo update` or `nexo clients sync` so every Codex session inherits the managed bootstrap, not just a subset"
         )
     if missing_startup:
-        status = "degraded"
-        severity = "warn"
         repair_plan.append(
             "Use `nexo chat` or keep the global Codex bootstrap intact so every Codex session actually calls `nexo_startup`"
         )
     if missing_heartbeat:
-        status = "degraded"
-        severity = "warn"
         repair_plan.append("Keep `nexo_heartbeat` on every user turn so restored/plain Codex sessions do not drift off-protocol")
     if missing_bootstrap or missing_startup or missing_heartbeat:
         evidence.append(
@@ -2247,16 +2243,15 @@ def check_codex_conditioned_file_discipline() -> DoctorCheck:
         and audit["delete_without_protocol"] == 0
         and audit["delete_without_guard_ack"] == 0
     )
-    tracked_write_without_open_debt = (
+    tracked_mutation_without_open_debt = (
         no_open_conditioned_debt
         and audit["write_without_protocol"] > 0
         and audit["write_without_guard_ack"] == 0
-        and audit["delete_without_protocol"] == 0
         and audit["delete_without_guard_ack"] == 0
     )
 
     if audit["write_without_protocol"] or audit["write_without_guard_ack"]:
-        if tracked_write_without_open_debt:
+        if tracked_mutation_without_open_debt:
             status = "healthy"
             severity = "info"
         else:
@@ -2280,8 +2275,8 @@ def check_codex_conditioned_file_discipline() -> DoctorCheck:
         summary=(
             "Historical Codex conditioned-file drift has no open protocol debt"
             if historical_read_only
-            else "Tracked Codex conditioned-file drift has no open protocol debt"
-            if tracked_write_without_open_debt
+            else "Tracked Codex conditioned-file mutation drift has no open protocol debt"
+            if tracked_mutation_without_open_debt
             else "Recent Codex sessions respect conditioned-file discipline"
             if status == "healthy"
             else "Recent Codex sessions are bypassing conditioned-file discipline"
@@ -2524,6 +2519,7 @@ def check_protocol_compliance() -> DoctorCheck:
                                 continue
                             live_guard_task_ids.add(str(row["task_id"] or ""))
                     live_guard_debt = 0
+                    open_task_debt = 0
                     if {"task_id", "session_id"}.issubset(protocol_debt_cols):
                         task_status_expr = "'' AS task_status"
                         if "status" in protocol_task_cols:
@@ -2549,12 +2545,13 @@ def check_protocol_compliance() -> DoctorCheck:
                             session_id = str(row["session_id"] or "")
                             task_id = str(row["task_id"] or "")
                             task_status = str(row["task_status"] or "")
-                            if (
-                                debt_type == "unacknowledged_guard_blocking"
-                                and task_status == "open"
-                                and session_id in active_session_ids
-                            ):
-                                live_guard_task_ids.add(task_id or f"debt:{session_id}:{row['created_at']}")
+                            if task_status == "open":
+                                open_task_debt += 1
+                                if (
+                                    debt_type == "unacknowledged_guard_blocking"
+                                    and session_id in active_session_ids
+                                ):
+                                    live_guard_task_ids.add(task_id or f"debt:{session_id}:{row['created_at']}")
                                 continue
                             debt_counter[(severity, debt_type)] = debt_counter.get((severity, debt_type), 0) + 1
                         live_guard_debt = len(live_guard_task_ids)
@@ -2662,6 +2659,8 @@ def check_protocol_compliance() -> DoctorCheck:
                             evidence.append("high-stakes decision-eval rollout not yet seeded in the live window")
                     for row in debt_rows[:5]:
                         evidence.append(f"open {row['severity']} debt — {row['debt_type']}: {row['total']}")
+                    if open_task_debt:
+                        evidence.append(f"in-progress task protocol debt pending: {open_task_debt}")
                     if live_guard_debt:
                         evidence.append(f"live in-progress guard acknowledgements pending: {live_guard_debt}")
 
@@ -3131,15 +3130,20 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
                 "created_at",
             }.issubset(columns)
             if schema_has_status:
+                interactive_expr = "0"
+                if "session_type" in columns:
+                    interactive_expr = "COALESCE(session_type, '') LIKE 'interactive%'"
                 row = conn.execute(
-                    """
+                    f"""
                     SELECT
                         COUNT(*) AS runs,
                         SUM(CASE WHEN status = 'ok' THEN 1 ELSE 0 END) AS successful_runs,
                         SUM(CASE WHEN status != 'ok' THEN 1 ELSE 0 END) AS failed_runs,
-                        SUM(CASE WHEN status = 'ok' AND (input_tokens + cached_input_tokens + output_tokens) > 0 THEN 1 ELSE 0 END) AS usage_runs,
-                        SUM(CASE WHEN status = 'ok' AND total_cost_usd IS NOT NULL THEN 1 ELSE 0 END) AS cost_runs,
-                        SUM(CASE WHEN status = 'ok' AND cost_source = 'pricing_unavailable' THEN 1 ELSE 0 END) AS pricing_gaps,
+                        SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) THEN 1 ELSE 0 END) AS scored_successful_runs,
+                        SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND (input_tokens + cached_input_tokens + output_tokens) > 0 THEN 1 ELSE 0 END) AS usage_runs,
+                        SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND total_cost_usd IS NOT NULL THEN 1 ELSE 0 END) AS cost_runs,
+                        SUM(CASE WHEN status = 'ok' AND NOT ({interactive_expr}) AND cost_source = 'pricing_unavailable' THEN 1 ELSE 0 END) AS pricing_gaps,
+                        SUM(CASE WHEN status = 'ok' AND ({interactive_expr}) AND ((input_tokens + cached_input_tokens + output_tokens) = 0 OR total_cost_usd IS NULL) THEN 1 ELSE 0 END) AS interactive_unmetered_runs,
                         GROUP_CONCAT(DISTINCT backend) AS backends
                     FROM automation_runs
                     WHERE created_at >= datetime('now', ?)
@@ -3153,9 +3157,11 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
                         COUNT(*) AS runs,
                         COUNT(*) AS successful_runs,
                         0 AS failed_runs,
+                        COUNT(*) AS scored_successful_runs,
                         SUM(CASE WHEN (input_tokens + cached_input_tokens + output_tokens) > 0 THEN 1 ELSE 0 END) AS usage_runs,
                         SUM(CASE WHEN total_cost_usd IS NOT NULL THEN 1 ELSE 0 END) AS cost_runs,
                         SUM(CASE WHEN cost_source = 'pricing_unavailable' THEN 1 ELSE 0 END) AS pricing_gaps,
+                        0 AS interactive_unmetered_runs,
                         GROUP_CONCAT(DISTINCT backend) AS backends
                     FROM automation_runs
                     WHERE created_at >= datetime('now', ?)
@@ -3191,11 +3197,13 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
 
     successful_runs = int((row["successful_runs"] if row else 0) or 0)
     failed_runs = int((row["failed_runs"] if row else 0) or 0)
+    scored_successful_runs = int((row["scored_successful_runs"] if row and "scored_successful_runs" in row.keys() else successful_runs) or 0)
     usage_runs = int((row["usage_runs"] if row else 0) or 0)
     cost_runs = int((row["cost_runs"] if row else 0) or 0)
     pricing_gaps = int((row["pricing_gaps"] if row else 0) or 0)
-    usage_denominator = successful_runs or total_runs
-    cost_denominator = successful_runs or total_runs
+    interactive_unmetered_runs = int((row["interactive_unmetered_runs"] if row and "interactive_unmetered_runs" in row.keys() else 0) or 0)
+    usage_denominator = scored_successful_runs or (successful_runs if not interactive_unmetered_runs else 0)
+    cost_denominator = scored_successful_runs or (successful_runs if not interactive_unmetered_runs else 0)
     missing_usage_runs = max(0, usage_denominator - usage_runs) if usage_denominator else 0
     usage_coverage = round((usage_runs / usage_denominator) * 100, 1) if usage_denominator else 100.0
     cost_coverage = round((cost_runs / cost_denominator) * 100, 1) if cost_denominator else 100.0
@@ -3204,12 +3212,15 @@ def check_automation_telemetry(days: int = 7) -> DoctorCheck:
         f"runs={total_runs}",
         f"successful_runs={successful_runs}",
         f"failed_runs={failed_runs}",
+        f"scored_successful_runs={scored_successful_runs}",
         f"usage_coverage={usage_coverage}%",
         f"cost_coverage={cost_coverage}%",
         f"pricing_gaps={pricing_gaps}",
     ]
     if missing_usage_runs:
         evidence.append(f"missing_usage_runs={missing_usage_runs}")
+    if interactive_unmetered_runs:
+        evidence.append(f"interactive_unmetered_runs_excluded={interactive_unmetered_runs}")
     backends = str((row["backends"] if row else "") or "").strip()
     if backends:
         evidence.append(f"backends={backends}")

package/src/scripts/deep-sleep/phase_protocol_debt_drain.py

@@ -207,7 +207,7 @@ def run(
                 report["drained_ids"].append(int(row["id"]))
                 if not dry_run:
                     conn.execute(
-                        "UPDATE protocol_debt SET resolved_at = ?, resolution = ? "
+                        "UPDATE protocol_debt SET status = 'resolved', resolved_at = ?, resolution = ? "
                         "WHERE id = ? AND resolved_at IS NULL",
                         (
                             now.strftime("%Y-%m-%d %H:%M:%S"),

package/src/scripts/nexo-watchdog.sh

@@ -652,10 +652,14 @@ for monitor in "${MONITORS[@]}"; do
         fi
       else
         if [ -n "$last_exit" ] && [ "$last_exit" != "0" ]; then
-          latest_run_failed=true
-          status="FAIL"
-          details="${details}Last run exited ${last_exit}. "
-          [ -n "$last_error" ] && details="${details}Error: ${last_error}. "
+          if [ "$last_exit" = "143" ] && echo "$last_error" | grep -qi "SIGTERM"; then
+            details="${details}Last run ended by SIGTERM; treated as supervisor reload/interruption, not cron failure. "
+          else
+            latest_run_failed=true
+            status="FAIL"
+            details="${details}Last run exited ${last_exit}. "
+            [ -n "$last_error" ] && details="${details}Error: ${last_error}. "
+          fi
         fi
         if [ "$age" -gt $(( max_stale * 3 )) ]; then
           if [ "$recovery_policy" = "catchup" ]; then