npm - nexo-brain - Versions diffs - 7.9.33 → 7.9.34 - Mend

nexo-brain 7.9.33 → 7.9.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.claude-plugin/plugin.json +1 -1
package/README.md +3 -1
package/package.json +1 -1
package/src/hooks/pre_tool_use.py +13 -1
package/src/scripts/nexo-email-monitor.py +18 -6

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.9.33",
+  "version": "7.9.34",
   "description": "Local cognitive runtime for Claude Code \u2014 persistent memory, overnight learning, doctor diagnostics, personal scripts, recovery-aware jobs, startup preflight, and optional dashboard/power helper.",
   "author": {
     "name": "NEXO Brain",

package/README.md CHANGED Viewed

@@ -18,7 +18,9 @@
 [Watch the overview video](https://nexo-brain.com/watch/) · [Watch on YouTube](https://www.youtube.com/watch?v=i2lkGhKyVqI) · [Open the infographic](https://nexo-brain.com/assets/nexo-brain-infographic-v5.png)
-Version `7.9.33` is the current packaged-runtime line. Patch release over `7.9.32`: adds ``usedforsecurity=False`` to the SHA-1 call that derives a filesystem-safe checkpoint filename from the email's Message-ID, so Bandit's B324 audit no longer fails the publish workflow on a non-security usage. The ``v7.9.32`` git tag is preserved for traceability but no npm release ever shipped for it; ``nexo-brain@7.9.33`` is the first release that carries the 7.9.32 email-recovery checkpoints.
+Version `7.9.34` is the current packaged-runtime line. Patch release with two fixes. First, the email monitor's header parser was dropping any email whose RFC822 headers came back as ``email.header.Header`` instances (Q-encoded utf-8 / quoted-printable, common when sender names or subjects contain non-ASCII). ``msg.get("Message-ID").strip()`` raised ``TypeError: 'Header' object is not subscriptable``, the exception was swallowed at DEBUG, and the email was discarded silently — operators only noticed when Nero stopped replying. Every ``msg.get(...)`` now goes through ``_decode_header`` (which decodes Q-encoding AND coerces to ``str``), and the failure log is lifted from DEBUG to WARNING so a future regression cannot drop emails silently. Second, the PreToolUse Guardian gate emitted JSON ``permissionDecision: deny`` on a hard-mode block but exit 0 — terminal Claude Code occasionally proceeded with the next tool anyway because the JSON deny channel was being dropped or out-of-order delivered mid-tool-loop. Hard blocks now also write the structured Guardian reason to stderr and exit 2, the documented PreToolUse blocking exit. Belt-and-suspenders enforcement: the model receives the same Guardian reason through both channels and self-corrects instead of blindly retrying.
+Previously in `7.9.33`: adds ``usedforsecurity=False`` to the SHA-1 call that derives a filesystem-safe checkpoint filename from the email's Message-ID, so Bandit's B324 audit no longer fails the publish workflow on a non-security usage. The ``v7.9.32`` git tag is preserved for traceability but no npm release ever shipped for it; ``nexo-brain@7.9.33`` is the first release that carries the 7.9.32 email-recovery checkpoints.
 Previously in `7.9.32`: hardens the email monitor's recovery so emails that fall between Brain releases never end up in a permanent limbo. The periodic ``_recover_unreplied_processed`` sweep now looks back 7 days (was 24h), and every failed worker run persists a per-email checkpoint at ``~/.nexo/nexo-email/checkpoints/`` capturing files touched, last assistant narration, and error. Retry attempts inject that context into the next prompt so a long task (drafting a presentation, multi-step analysis) continues from where the previous attempt died instead of restarting from scratch. Stale checkpoints are pruned automatically after 7 days. 15 new unit tests cover the helpers.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nexo-brain",
-  "version": "7.9.33",
+  "version": "7.9.34",
   "mcpName": "io.github.wazionapps/nexo",
   "description": "NEXO Brain — Shared brain for AI agents. Persistent memory, semantic RAG, natural forgetting, metacognitive guard, trust scoring, 150+ MCP tools. Works with Claude Code, Codex, Claude Desktop & any MCP client. 100% local, free.",
   "homepage": "https://nexo-brain.com",

package/src/hooks/pre_tool_use.py CHANGED Viewed

@@ -143,8 +143,20 @@ def main() -> int:
                     "permissionDecisionReason": "Guardian gate blocked this tool call.",
                 },
             }))
+        # 7.9.34 hardening: terminal Claude Code sometimes ignored the
+        # JSON deny channel mid-tool-loop and ran the next tool anyway.
+        # Belt-and-suspenders — also write the reason to stderr and exit
+        # with code 2, the documented blocking exit for PreToolUse. The
+        # JSON response stays the primary contract, but exit 2 forces
+        # the block at the process-exit layer and surfaces the reason to
+        # the model so it self-corrects instead of retrying blindly.
+        try:
+            sys.stderr.write(reason + "\n")
+            sys.stderr.flush()
+        except Exception:
+            pass
         summary = "blocked"
-        exit_code = 0  # JSON response is the canonical path; non-zero is redundant
+        exit_code = 2
     elif isinstance(result, dict) and result.get("skipped"):
         summary = f"skipped:{result.get('reason', '')[:40]}"

package/src/scripts/nexo-email-monitor.py CHANGED Viewed

@@ -1037,7 +1037,15 @@ def _decode_header(raw):
 def _parse_email_headers(raw_bytes):
     """Parse minimal headers from RFC822 header bytes. Returns dict with
     message_id, from_addr, from_name, subject, received_at, thread_id,
-    in_reply_to. Empty strings on failure."""
+    in_reply_to. Empty strings on failure.
+    Q-encoded headers (utf-8 / quoted-printable) come back as
+    `email.header.Header` instances rather than plain strings. Plain
+    `str(Header)` returns the still-encoded `=?utf-8?q?...?=` form, and
+    `Header` itself does not support `.strip()` / `in` — both of which
+    used to drop the email silently in production. Every `msg.get(...)`
+    therefore goes through `_decode_header`, which decodes Q-encoding
+    AND coerces to a real `str`."""
     try:
         import email as _email
         msg = _email.message_from_bytes(raw_bytes)
@@ -1047,17 +1055,21 @@ def _parse_email_headers(raw_bytes):
         if "<" in from_raw and ">" in from_raw:
             name = from_raw.split("<")[0].strip().strip('"')
             addr = from_raw.split("<")[1].split(">")[0].strip()
+        references_raw = _decode_header(msg.get("References", ""))
+        in_reply_to_raw = _decode_header(msg.get("In-Reply-To", ""))
+        thread_seed = (references_raw or in_reply_to_raw).strip()
+        thread_id = thread_seed.split()[-1] if thread_seed else ""
         return {
-            "message_id": (msg.get("Message-ID") or "").strip(),
+            "message_id": _decode_header(msg.get("Message-ID", "")).strip(),
             "from_addr": addr.strip().lower(),
             "from_name": name,
             "subject": _decode_header(msg.get("Subject", "")),
-            "received_at": (msg.get("Date") or "").strip(),
-            "in_reply_to": (msg.get("In-Reply-To") or "").strip(),
-            "thread_id": (msg.get("References") or msg.get("In-Reply-To") or "").strip().split()[-1] if msg.get("References") or msg.get("In-Reply-To") else "",
+            "received_at": _decode_header(msg.get("Date", "")).strip(),
+            "in_reply_to": in_reply_to_raw.strip(),
+            "thread_id": thread_id,
         }
     except Exception as e:
-        log.debug(f"Header parse failed: {e}")
+        log.warning(f"Header parse failed: {e}")
         return {}