Product updates, cognitive architecture notes, field reports, and comparison guides from building an AI runtime that actually remembers, self-heals, and compounds over time.
NEXO Desktop is a separate closed-source companion app distributed at nexo-desktop.com. When a release mentions NEXO Desktop it refers to a coordinated client release that consumes the Brain CLI/MCP contract; the Brain in this repo remains fully usable on its own.
Minor release over v7.23.13. Home Agents, cognitive quality controls, English operational copy and faster task-open handling are now in main.
Patch release. Brain operational CLI/update copy stays English for the open-source runtime contract while Desktop continues to localize its own UI.
Patch release. Followup runner executable batches now exclude DONE items alongside the other terminal statuses.
Corrective patch release. Standalone Brain update/install now degrades cleanly when the Desktop-only local-presence GGUF is not bundled or already cached locally.
Patch release. Email-monitor temp drafts are guarded before writes, morning-agent closes interrupted/stale claims deterministically, and Codex managed config writes the current hooks flag.
Patch release. Claude CLI 2.1+ drops the result wrapper when output_format=json and the prompt asks for raw JSON. _extract_claude_telemetry now handles both shapes. Unblocks the daily morning-agent briefing.
Minor release. The headless runner pre-emptive surfaces learnings to the agent but never blocks. PreToolUse keeps protecting actual writes. Closes a family of cron and email-monitor abort bugs.
Patch release. The headless runner opts out of the runtime-core block; PreToolUse keeps protecting actual writes. Plain prompt mentions of a core path no longer abort the session.
Patch release. Paths after a known interpreter are recognised as subprocess invocations, ending the runtime-core false positive that demoted every forwarded email to needs_interactive.
Brain captures evidence-backed operational memory from edits, tasks, and durable context; existing installs backfill safely; retrieval refuses unsupported memory claims.
Brain treats normal Codex startup context reads of calibration and project atlas files as healthy bootstrap activity instead of conditioned-file drift.
Brain drains larger self-audit clusters, bounds hook history with migration cleanup, filters normal Codex bootstrap reads, routes email-monitor effort by complexity, and locks morning briefings by date and recipient.
Brain records sent-email continuity across send paths, moves recall to multilingual embeddings, forces tagged learnings into context, hardens email loops and headless runners, exposes learning dates, and writes AUTO-N burst postmortems.
Brain hardens Desktop-managed install/update recovery, detects memory authority conflicts, blocks legacy MEMORY writes, requires real-world post-action verification, and triages stale followups.
Brain moves aside a managed .venv created with unsupported Python <3.10 and recreates it with the supported interpreter prepared by Desktop.
Brain rejects Python <3.10 before dependency setup and uses the interpreter prepared by Desktop, closing the fresh Mac failure where Apple Python 3.9 reached fastmcp dependency resolution.
Brain adds authenticated protocol-card tools so agents can match user requests to official server-side protocols at runtime. The open-source package ships only the client and guidance, not the private catalog.
Patch release over v7.13.5. Codex hook sync now renders managed PreToolUse shell enforcement with native Windows cmd.exe syntax while preserving the existing macOS/Linux POSIX command.
Corrective release over v7.13.3. D.5 correction-learning now blocks closure until persisted, doctor repair explicitly fixes orphan schedules, protected LaunchAgent operations warn with the safe flow, and Codex shell enforcement is live and audited.
Unified release over v7.12.15. Doctor repairs orphan personal script metadata, update cleanup prunes old runtime snapshots, protocol compliance self-heals edit/session gaps, headless automation is bounded, Guardian false positives are tightened, and Codex CLI config/default checks are gated.
Patch over v7.12.14. Safe same-version update maintenance now runs for refreshed packaged bundles; Deep Sleep lock cleanup, sent reply continuity, and script schedule-marker audits are hardened.
Patch over v7.12.13. Dashboard followup execution now respects the configured terminal client and opens the right native path on macOS, Windows via WSL, and Linux instead of stopping at a macOS-only launcher.
Patch over v7.12.1. Legacy task profiles stop overriding model choice, email-monitor now follows caller-driven resonance routing, personal helpers stop injecting stale default models, and runtime updates scrub the retired email routing key automatically.
Patch over v7.12.0. SSH remote-write guards now catch pipe/heredoc/stdin forms, same-task Cortex decisions unlock the next retry for a short TTL, and short personal text automations stop spawning full agent sessions.
Minor release over v7.11.8. `nexo support-snapshot` now exports a generic local runtime diagnostics bundle, while the live Protocol Enforcer path upgrades old `Do not produce visible text` reminders to the explicit full-turn silence contract so background reminders stop leaking orphan assistant text.
Patch over v7.11.7. Lifecycle close/app-exit prompts, post-tool inbox reminders, and the shared enforcement contract now require full-turn silence unless there is a fresh operator message, stopping stray visible prose like En pausa... from leaking into Desktop.
Patch over v7.11.6. Runtime doctor now treats disabled evolution, recent in-flight crons, healed conditioned-file drift, and zero-usage headless success runs correctly, while runner-health-check stops counting supervisor SIGTERM 143 reloads as failures.
Patch over v7.11.5. Guardian G4 now filters slash fragments like /04/2026 and regex-style tokens before they become debt, active sessions with a fresh heartbeat no longer get missing-task debt stored as hard errors, and Deep Sleep extraction rejects schema-invalid JSON instead of silently accepting partial output.
Patch over v7.11.4. Product-mode now blocks dashboard alongside evolution, so Desktop-managed installs stop oscillating between an installation_live warning and a watchdog FAIL over whether com.nexo.dashboard should exist.
Patch over v7.11.3. Packaged runtimes now receive root JSON contracts such as local_model_manifest.json, install/update paths sync core crons from src/crons/manifest.json again, runner-health-check is wired into cron + doctor + dashboard, and the watchdog retries failed crons immediately instead of waiting for stale windows. Validation: 117 targeted tests.
Patch over v7.11.2. Root-cause fix for the mcp_restart_required lockup that v7.11.2 only masked at the enforcer layer. _FINGERPRINT_EXCLUDE_DIRS was missing "versions", so the live core/ fingerprint absorbed every retained snapshot under core/versions/ while core/versions/<active>/ hashed only the active snapshot — they never matched after the second-ever nexo update. The marker could not clear itself; every non-allowlisted MCP tool returned mcp_restart_required indefinitely. Adding "versions" to the exclude set restores parity. 1 new regression test, 21 total stay green.
Patch over v7.11.1. Two reliability fixes in the same family. (1) New run_stuck_reaper() sweep in nexo-watchdog.sh reaps stuck cron rows past per-cron stuck_after_seconds thresholds (default 12h global). (2) Guardian/Enforcer now skips reminders asking for nexo_* tools while the MCP has a restart-required marker on disk — previously every periodic ping triggered a guaranteed no-op. cron_id='watchdog' hard-coded skip on the reaper; non-nexo_* reminders still fire on the enforcer.
Patch over v7.11.0. Caches the runtime fingerprint at ~/.nexo/runtime/operations/fingerprint-cache.json so MCP startup and per-tool-call restart checks skip the 263-file rehash when disk hasn't changed. ~11× speedup warm path; ~10-20s/day saved across daily MCP startups. Cache miss is always safe and self-repairs.
Minor release. Runtime fingerprint gates mcp-restart-required.json so doc-only / blog-only / changelog-only releases no longer kick connected Claude Code, Codex, and Claude Desktop sessions. Conservative fallback (#186) preserved; explicit force_restart opt-in for releases the fingerprint can't see.
Patch over v7.10.0. Removes a residual Custom LLM endpoint (advanced) section in README.md that still documented the proxy override as a current feature. The 7.10.0 code revert was complete; the README cleanup landed here.
Minor release. Reverts the override path introduced in 7.9.28 → 7.9.34. NEXO Desktop is now a wrapper over the user's own Claude Code subscription (Max / Pro). Brain hits api.anthropic.com directly. Every proxy symbol gone from call_model_raw.py and agent_runner.py; proxy tests and override docs deleted.
Patch over v7.9.33. Q-encoded RFC822 headers were silently killing inbound emails because the stdlib returned Header objects that .strip() did not survive — every msg.get(...) now goes through _decode_header. PreToolUse Guardian hard blocks now exit 2 + stderr in addition to JSON deny so the terminal cannot ignore the gate.
Patch over v7.9.32. Adds usedforsecurity=False to the SHA-1 call that derives a checkpoint filename — non-security usage that Bandit B324 was failing the 7.9.32 publish on. First npm release that carries the 7.9.32 email-recovery checkpoints.
Patch over v7.9.31. 7-day recovery lookback + per-email checkpoints that capture files touched and last assistant narration, so retried emails continue from where the previous attempt died.
Patch over v7.9.30. Default stop_sequences=["\n", ".", " "] was rejected by Anthropic 400 each stop sequence must contain non-whitespace. Default is now None; whitespace-only caller values rejected locally with two new e2e wire tests and three unit tests.
Patch over v7.9.29. Hotfix for a missing import sys that ruff F821 caught in CI and blocked the 7.9.29 publish; first npm release that carries the 7.9.29 override-path hardening.
Patch over v7.9.28. Bearer now sent as Authorization: Bearer, config dir resolved at call time, caller-controllable Idempotency-Key, strict bearer source so a real ANTHROPIC_API_KEY never leaks to a custom proxy. New end-to-end wire-test suite.
Patch over v7.9.27. Two optional JSON files at ~/.nexo/config/ let third-party orchestrators redirect Brain Anthropic SDK calls and CLI children to a proxy, with Idempotency-Key for retry dedup. Brain libre standalone unaffected.
Patch over v7.9.26. The synchronous task.owner backfill no longer blocks the MCP initialize handshake on a multi-minute classifier load — startup invokes the migration with --rules-only and completes in milliseconds.
Patch over v7.9.25. Headless automation and Deep Sleep now receive the operator-language contract centrally, so generated user-facing text follows calibration even when templates are written in English.
Patch over v7.9.24. Managed Claude Code and Codex bootstraps now share the same configured assistant identity, continuity, autonomy, safety, and calm professional tone contract.
Patch over v7.9.23. Brain now resolves Desktop lifecycle diary aliases back to the registered NEXO session before stopping, closing the real active session instead of an orphan alias.
Patch over v7.9.22. Brain now enriches sparse Desktop lifecycle fallback diaries from continuity snapshots, preserving recent turn context when the live shutdown prompt times out.
Patch over v7.9.21. Desktop close/archive/app-exit can preserve title, goal, session ids, and transcript tail through a Brain fallback diary when the live shutdown prompt cannot complete.
Patch over v7.9.20. LaunchAgent reload/repair now handles macOS already-loaded races and only treats duplicate bootstrap as success when launchd confirms the expected plist.
Patch over v7.9.19. Update and doctor repair now find packaged cron sync, LaunchAgents see managed Claude, and Immune skips optional legacy claude-mem state.
Patch over v7.9.18. Runtime doctor now separates install health from active work, excludes interactive Desktop sessions from automation scoring, prunes stale skills, and clears watchdog false reds.
Patch over v7.9.17. Packaged client-sync imports now work when NEXO_HOME is unset, fixing nexo clients sync, update client-sync checks, and doctor bootstrap checks.
Patch over v7.9.16. Continuity snapshot idempotency now marks SHA-1 as non-security usage for Bandit while retaining the adaptive restart-marker deadlock fix.
Patch over v7.9.5. Brain now persists continuity snapshots, publishes a restart-required contract for installed MCP clients, and uses atomic runtime activation so existing installs reroute to the new runtime cleanly.
Patch over v7.9.4. Brain canonical diary confirmation now follows Desktop/Claude session aliases to the active NEXO SID, preventing false timeouts when the diary exists under the real writer session.
Patch over v7.9.3. Brain canonical lifecycle now requires real diary evidence before stop/archive/delete/quit, fixes CLI onboarding guard regressions, and adds install/update model warmup.
Patch over v7.9.2. Brain canonical_actions now publish action.type plus payload.prompt, keeping one-release compatibility mirrors for older Desktop clients so close/archive/delete/app-exit diary execution remains exact.
Patch over v7.9.1. Remaining Brain decision callers now declare named semantic_router decision_kinds, and packaged headless Guardian jobs load the map from ~/.nexo/core. 225 targeted tests plus release-readiness.
Patch over v7.9.0. Six conversational Brain decisions now route through semantic_router with explicit decision_kind policies and semantic labels: session_end_intent, r14_correction, r16_declared_done, r17_promise_debt, autonomy_mandate, and guard_verbal_ack. Router/reasoner local paths now classify live context, not static prompt templates. 105 targeted tests.
Minor release under the ONEPASS LLM Coverage plan. 18 decision_kinds, router + reasoner (Mode A multipass_local + Mode B cached_llm), scripts/semantic-classify.py CLI, NEXO_SEMANTIC_REASONER runtime kill switch. Two product-bug fixes: templates/ root sync in upgrade path, and 13-tool preload in the nexo_startup inject_prompt. 50 new tests. Companion: Desktop v0.28.0.
Patch over v7.8.1. New compact_session_resolver walks sessions → aliases → per-conv sidecar → legacy global sidecar to resolve the NEXO sid. pre_compact.py + post_compact.py store the real sid in hook_runs.session_id (ending the 7/8 empty-row rate) and stash claude_session_id + sid_source in metadata. 9 new tests. No Desktop bump.
Patch over v7.8.0. pre-compact.sh Layer 2 emergency auto-diary + Layer 3 record_auto_flush now use exact TARGET_SID resolved from CLAUDE_SESSION_ID (not "latest active"). Fail-closed when no SID resolves. last_diary_ts scoped by session_id. Two new behavioural tests drive the real shell. Fixed latent bash-escape bug where a double-quoted phrase inside a Python comment silently closed the python3 -c argument.
Minor release. PostCompact is now a real registered hook (canonical 8→9). pre-compact.sh uses exact CLAUDE_SESSION_ID (LATEST_SID fallback gone). Sidecar /tmp → $NEXO_HOME so multi-conv cannot race. post-compact.sh fail-closed on SID mismatch — no cross-conv leak. Engine drains hook-emitted NDJSON events each tick. 11 new invariants. No Desktop bump.
Minor release. Pass 2 of the obedience checklist: autonomous multi_step_task_detected detector, R16 vocabulary expansion, R_CATALOG extended to plain Edit/Write, new R_PRIMITIVE_CHOICE rule gating SK-CREATE-NEXO-PRIMITIVE, R11_plugin_load soft→hard, 12 new contract tests across 6 rails. 2070 pytest passing. Companion: NEXO Desktop v0.27.0.
Minor release. Closes drift between map v2.2 and the two engines: Brain dispatches all eight declared rule types (not just 5). after_tool is per-instance, not once-per-session. Map tightens learning_add grace 3→0 and task_open threshold 10→4 must. guardian_default v1.4.0 hardens R15/R17/R22/R_CATALOG and raises R34 from shadow to soft. Six new contract parity invariants. MCP tools unchanged (263). Companion: NEXO Desktop v0.26.0.
Minor release. nexo_lifecycle_event is now the canonical authority of session-end: Brain owns prompt + sequence + timing; Desktop v0.25.0 executes Brain's plan against the live Claude process. New 2-call contract with nexo_lifecycle_complete_canonical, deterministic canonical_plan_id, session_diary dedupe on re-delivery, seven delivery_status values. Migration m52. 24/24 lifecycle tests green. MCP tools 262 → 263.
Patch release. Honest correction of v7.4.0's role: nexo_lifecycle_event is a ledger + reconciliation authority, NOT the canonical executor of diary+stop. Canonical diary+stop execution inside the handler is explicitly deferred to v7.5 (needs a Brain↔Claude-session bridge that does not exist yet). Paired Desktop v0.24.1 wires the remaining switch/window-close/app-exit routes through the durable service, adds NDJSON telemetry and exponential backoff. No schema migration; VALID_ACTIONS stays frozen.
Minor release. Ships the Brain-side first slice of the guardian-claude-desktop-plan.md pipeline: new nexo_lifecycle_event and nexo_lifecycle_status MCP tools, a lifecycle_events table (migration m51) keyed by event_id, and a nexo lifecycle CLI subcommand so Desktop v0.24.0 can persist close/delete/archive transitions durably and replay on the next boot. 12 new contract tests. No breaking changes.
Hotfix minor release. B11 wires the new pre_tool_use.py entrypoint so Claude Code's PreToolUse event actually reaches Guardian (guardian-runtime-overrides.json hard mode was silently inert before this). B10 runs post-install hooks from the freshly copied tree via subprocess so the first nexo update that introduces them actually executes. B12 ships tool-enforcement-map.json via the npm bundle so Desktop can discover it on fresh installs. Also PE1 0.4 (5 new destructive presets, floor 7→12) and PE1 0.25 (guardian-metrics daily cron).
Minor release consolidating three parallel workstreams. Block K closure: G1 enforcer, G3 SSH wrapper, persist hard defaults during nexo update. F0.6 hardening: nexo rollback f06, layout contract, doctor checks, Nora migration. Adaptive weights empirical promotion. B10 path constants lazy. Schedule audit log. Pre-release discipline pack.
Follow-up over v7.1.8. Ships two rescue batches: autonomy-mandate vocabulary expansion + session flags + post/pre-compact hooks + new checkpoint_policy module; and verify_release_readiness.py smoke-artifact contract pass + core prompt polish.
Batch over v7.1.7. Ships Block K Guardian/Enforcer items G2/G3/G4/G7/G8 (auto-drain stale debts, destructive-command gate, guard_check-required gate, inline guard ack, Guardian Health briefing), Block D hardcode cleanup, and Block E product guards.
Patch over v7.1.6. email-monitor now carries the operator language into its prompt contract and localizes direct needs_interactive escalation emails, so Spanish operators stop receiving fallback English monitor mail.
Patch over v7.1.5. Structural core crons now expose dedicated cadence overrides, Desktop gets a matching Core schedules tab, and the shipped synthesis template/docs are back in sync with the live runtime schedule.
Patch over v7.1.4. Standalone catchup/runtime-root flows now lazy-load interactive helpers, explicit-home Desktop detection stops inheriting the operator machine's app state, and legacy nexo_doctor callers keep working without an explicit plane.
Patch over v7.1.3. Packaged Desktop-managed updates now finalize the runtime layout before verifying imports, so root shim files are restored before the updater health-check executes.
Read more →Patch over v7.1.2. Desktop-managed Brain updates can reuse the bundled npm runtime, portable restores are inspectable before import, product-mode detection is tighter on packaged machines, and the public release surfaces stay aligned with the shipped runtime line.
Read more →Patch over v7.1.1. The shared prompt catalog is now the single source of truth, standalone runtime paths stop eager-loading prompt or DB state too early, and the public release surfaces finally describe the shipped runtime line again.
Read more →Hotfix over v7.1.0. Packaged installs no longer confuse ~/.nexo/core with a mutable source repo, and compatibility shims such as db, cognitive, skills-core, root Python modules, and script/plugin links stop breaking real updates and rollbacks.
v7.1.0 closes the remaining “half migration, half product” gap after the F0.6 runtime split. Brain now treats ~/.nexo/core as the canonical shipped code root, exports Guardian runtime surfaces for Desktop, productises email-monitor, followup-runner, and morning-agent, upgrades the email routing model, and auto-installs the local classifier baseline on fresh installs and updates.
CRITICAL hotfix sobre v7.0.0. src/db/_core.py::DB_PATH era el único caller que seguía hardcoded a la ruta legacy pre-F0.6. Tras la migración F0.6 el DB vive en ~/.nexo/runtime/data/nexo.db, pero ese módulo seguía abriendo ~/.nexo/data/nexo.db (inexistente). Resultado: nexo email list, nexo scripts list, nexo_task_open y todo lo demás que comparte la conexión DB devolvían resultados vacíos. Fix: DB_PATH ahora es transition-aware (igual que el resto de paths.py).
Plan Consolidado fase F0.6 (BREAKING). Separación física del runtime tree en ~/.nexo/{core,personal,runtime}/; la estructura flat (scripts/, brain/, data/, operations/...) desaparece. Auto-migración en primer nexo update; fresh installs caen directos en la nueva estructura. Nuevo módulo paths.py centraliza todos los path helpers transition-aware. 24 archivos src refactorizados, 7 shell scripts actualizados, 71 personal_scripts.path rows UPDATEd, 40 LaunchAgents reescritos. El cliente NEXO Desktop (v0.21.0, closed-source separado) actualiza sus paths para que auto-update siga funcionando.
Plan Consolidado fase F0.2. Tres verbos nuevos en el CLI (nexo scripts enable|disable|status <name>, todos con --json) + un gate en el wrapper del cron que sale en silencio cuando el script está desactivado, sin tocar el LaunchAgent. La flag es sticky a través de nexo scripts sync. El cliente NEXO Desktop (producto separado, closed-source) cablea el mismo toggle en su panel Automatizaciones.
Plan Consolidado fase F1. Nueva tabla email_accounts (m46) con passwords apuntados a la credentials table existente. Wizard interactivo nexo email setup y comando no-interactivo nexo email add --password-stdin --json para el bridge de NEXO Desktop v0.19.0 (panel Settings → Email). Migrador idempotente desde el legacy ~/.nexo/nexo-email/config.json; los operadores existentes actualizan sin tocar nada.
El auditor Opus 4.7 xhigh nocturno cazó que entities_universal.json en v6.3.0 incluía entradas vhost_mapping específicas de operador. v6.3.1 las saca a un archivo local .gitignore'd seeded por el installer con entities_local.sample.json. No hay cambio en la lógica del Guardian.
Coordinated with NEXO Desktop v0.18.0. Extends the cognitive_sentiment shape with is_correction, valence and intent; amplia el schema de entities vía la migración m44; ship 21 fixtures etiquetadas con R13 spike gates (FP < 5%, P95 < 3s); bucles Fáse F + fase Deep Sleep; pinned classifier local zero-shot; hook respeta NEXO_MIGRATING=1; origin column en personal_scripts; gate T4 envuelve R15/R23e/R23f/R23h con paridad Py ↔ JS. Dos auditores pre-release detectaron un wire JS dead-code (CRITICAL) y una ambigüedad del classifier (HIGH); ambos corregidos con regression tests antes del merge.
Coordinated with NEXO Desktop v0.17.0. Primer release vía el plan de dos olas. Introduce R26–R34 en el system prompt, R-CATALOG (0.X.2) como gate pre-*_create, la sección locations en nexo_system_catalog, T5 R34 identity coherence con paridad CLAUDE.md / AGENTS.md, T0/T1/T2/T3 deuda Desktop, Fase B cerrada 12/12 con tests unitarios y el bug modal bullets corregido.
Small follow-up to v6.1.0. The Brain auto-update banner in NEXO Desktop relies on parsing Latest: vX | Installed: vY from nexo --help output. Prior gate at _should_refresh_latest_version() checked sys.stdout.isatty() to decide whether to hit the npm registry for a fresh latest, which excluded Desktop’s subprocess call (stdio piped, no TTY). The version cache never populated, the banner never saw a newer version, and users had to run nexo update manually in a terminal. v6.1.1 drops the TTY gate; the 6-hour cache max-age at _load_latest_version_cache() remains as the real rate-limit. Fail-closed: _fetch_latest_version catches every subprocess error and returns None, so the help line degrades to installed-only when npm is unreachable. Ships together with NEXO Desktop v0.16.0 (beta channel toggle, composer cross-conversation aislation, Guardian Proposals hidden by default, i18n audit ES→EN, status dot sync with background tasks).
Capa 2 runtime guardian lands. 25 rules (R13–R25 + R23b–R23m) watch every tool call, every user message, and every assistant text block as they stream through Claude Code / Codex / NEXO Desktop. Core rules (R13 pre-Edit guard, R14 post-correction learning window, R16 declared-done, R25 Nora/María read-only destructive block) ship with defence-in-depth: guardian.json cannot turn them off. Incident-driven D2 batch covers --force to main/master, DELETE/UPDATE without WHERE, scp to the wrong docroot, chown -R on root-ish paths, secrets echoed into output streams, duplicate outbound messages, shebang-vs-interpreter mismatch (no shell injection), and seven more. Templates are byte-for-byte identical across the Python headless engine (src/enforcement_engine.py) and the NEXO Desktop JS twin (enforcement-engine.js). Companion migration v43 session_claude_aliases fixes Desktop multi-conversation: every spawn’s Claude UUID is registered so subsequent PreToolUse hooks resolve to the same NEXO sid. External-LLM audit + Opus 4.7 self-audit cycle applied: log redaction covers Bearer/sk-/pk-/api_key/JWT/AWS/GitHub/Shopify/KEY=VALUE/mysql -p<pass>; R23f multiline heredoc; R23h native PATH resolution; R14 awaited; hermetic map lookup; cross-engine parity harness in strict mode. Red-team suite (32 attempts across 12 rules). Guardian telemetry NDJSON + scripts/install_guardian.py installer + docs/guardian-quickstart.md. Suite: 291 pass + 2 skip documented.
$NEXO_HOME/bin into the developer’s shell profileAny pytest run with NEXO_HOME=/tmp/pytest-xxx used to append a stale export PATH="/tmp/pytest-xxx/bin:$PATH" line to the developer’s real ~/.bash_profile, ~/.bashrc, and ~/.zshrc. Both installer paths — the Python one in src/auto_update.py::_ensure_runtime_cli_in_shell() and the two JavaScript sites in bin/nexo-brain.js (install Step 8 + migration restore) — computed the rc file list from Path.home() / os.homedir() regardless of where NEXO_HOME pointed. v6.0.6 gates every write with _should_skip_shell_profile_backfill() / shouldSkipShellProfileBackfill(): skip when NEXO_HOME is not the canonical $HOME/.nexo, or when NEXO_SKIP_SHELL_PROFILE=1. Fresh canonical installs unchanged. Five new regression tests in tests/test_auto_update_shell_profile.py. The pytest CI gate introduced in v6.0.5 caught this drift on merge. Also removes a duplicate .github/workflows/tests 2.yml that slipped in with v6.0.5. Suite: 1098 passed, 2 xfailed, 1 skipped.
The block storm several Claude Code versions caused in 6.0.2–6.0.4 finally goes away. src/hook_guardrails.py::process_pre_tool_event now falls back to $NEXO_HOME/coordination/.claude-session-id when the PreToolUse payload omits session_id. Fail-closed preserved (missing payload AND missing file still blocks with missing_startup). Also fixes three pre-tool tests that had silently regressed since 6.0.2 — the reason they shipped is that CI only ran ruff, bandit, verify_release_readiness, and verify_client_parity; never pytest. New .github/workflows/tests.yml runs pytest tests/ -q --maxfail=5 on every PR and push to main. Merged together with the legacy Python Claude hooks purge (commit 9e42b03) and the macOS test/runtime isolation hardening (commit 6005288). Two pre-existing tests/test_protocol.py cases (stale handle_task_close API) are pytest.mark.xfail(strict=False) pending NF-TEST-PROTOCOL-API-REFACTOR. Suite: 1093 passed, 2 xfailed, 1 skipped.
default_resonanceScoped fix. nexo chat and the dashboard's "Open followup in Terminal" action were building the claude / codex command straight from client_runtime_profiles in config/schedule.json, so users who changed their Resonance in NEXO Desktop Preferences (Alto → writes brain/calibration.json) kept getting the stale tier cached in the legacy profile — usually max. Headless runs (run_automation_prompt) and NEXO Desktop new-sessions already honoured the preference correctly; only the two terminal launchers were stuck. A new _resolve_interactive_model_and_effort(caller, backend, ...) helper consults resonance_map.resolve_model_and_effort first and falls back to client_runtime_profiles only when the resonance contract is missing. nexo_followup_terminal joins nexo_chat / desktop_new_session / nexo_update_interactive in the user-facing caller map. 8 tests updated, full suite green.
guard_checks.session_id FixDouble-fix release. (1) resonance_tiers.json now lands at ~/.nexo/brain/resonance_tiers.json — the public contract path v6.0.0 defined and NEXO Desktop ≥ 0.12.0 reads. Pre-v6.0.3 the installer wrote it to ~/.nexo/, so Desktop refused to start Claude with "NEXO Brain contract missing" on every fresh install and every update from 6.0.0 / 6.0.1 / 6.0.2 unless the user copied the file by hand. A new publishBrainContracts() helper in bin/nexo-brain.js, a three-step lookup in src/resonance_map.py, and an idempotent migration in auto_update.py reconcile existing runtimes on nexo update. (2) nexo_guard_check now persists the caller's SID on every guard_checks row instead of the empty string v6.0.2 hardcoded. hook_guardrails._session_has_guard_check can finally match the call to the current session, so strict-protocol sessions stop tripping "no guard_check seen" after a successful guard call. 9 new pytest cases.
personal/ Caller Prefix + tier Kwarg + Personal Scripts GuideA small patch that unblocks every user-owned script living in ~/.nexo/scripts/. Before 6.0.2 they had to either register in the core resonance_map.py (impossible from outside the repo) or fall through to the generic agent_run/generic tier and lose identity. 6.0.2 introduces the reserved caller prefix personal/ — any caller starting with it bypasses the registry entirely and picks its resonance from an explicit tier= kwarg, the user's default_resonance preference, or DEFAULT_RESONANCE. New --tier flag on the runner, new caller=/tier= kwargs on the nexo_helper wrappers, and a new docs/personal-scripts-guide.md so any NEXO session helping an operator write a personal script knows the pattern. Registered callers unchanged; non-personal/ ids still require an entry and raise UnregisteredCallerError when missing.
NEXO_INTERACTIVE Override + PostToolUse Inbox AutodetectTwo hotfixes on top of 6.0.0. NEXO Desktop 0.12.0 spawns claude through pipes, and 6.0.0's isatty()-only detector fell back to lenient even with a human in the loop; 6.0.1 accepts NEXO_INTERACTIVE=1 as an explicit interactive override (Brain↔Electron contract, not user-facing, only the literal "1" opts in). PostToolUse also gains an inbox-autodetect stage that emits a systemMessage when the session has unread nexo_send messages and 60s+ have passed since the last heartbeat, rate-limited to one reminder per minute per SID via the new hook_inbox_reminders table (migration m42). New column sessions.last_heartbeat_ts. 6 new pytest modules, suite stays green.
auto_capture Wired to Live EventsBREAKING. Onboarding no longer asks for model or reasoning effort — one resonance tier (maximo/alto/medio/bajo) drives every backend via src/resonance_tiers.json. Protocol strictness stops being configurable: TTY runs strict, non-TTY runs lenient. The seven core hooks unify behind src/hooks/manifest.json (plugin and npm read the same file) and two new hooks ship: Notification records live activity, SubagentStop auto-closes stale protocol_tasks. auto_capture is wired to UserPromptSubmit + PostToolUse with persistent 1h dedup and automatic nexo_learning_add on correction matches. ~/.nexo/hooks_status.json is published for NEXO Desktop ≥0.12.0. 1057 passed.
brain/profile.json From Calibration + Desktop Explains Each BlockNEXO Desktop's Preferencias → Avanzado tab used to render an empty {} for profile.json when the onboarding flow had been interrupted — looked broken. v5.10.2 adds a conservative bootstrap that seeds profile.json from calibration.meta.role, meta.technical_level, name, and language when the file is missing/empty/corrupt. Paired with NEXO Desktop v0.11.2 which prefixes each JSON block with a short explanation of what lives where. Never overwrites a populated profile, idempotent, never raises. 10 new tests (1021 passed, 1 skipped).
reasoning_effort=max to the Resonance Mapv5.10.0 made the resonance map prevail over the legacy reasoning_effort hint. Anyone whose only recorded preference was reasoning_effort="max" silently fell back to alto — a one-tier downgrade. v5.10.1 adds a one-shot, non-destructive migration inside _run_runtime_post_sync(): max→maximo, xhigh→alto, high→medio, medium→bajo. No-op when an explicit default_resonance is already set. Idempotent. Never raises. 10 new tests plus a test-harness fix that unblocks test_cron_recovery.py against main (1011 passed, 1 skipped).
Deep-sleep Session 1 used to take 57 minutes on some installs because every claude -p child reloaded an 11 KB CLAUDE.md, hook sync, plugin refresh, keychain probe. New bare_mode on run_automation_prompt wires claude --bare for JSON-only callers (~4.3× faster per child). caller= is now mandatory — no silent fallback. Five personal scripts joined the resonance map. 65 legacy protocol debts bulk-resolved. 10 new bare-mode tests (974 total).
v5.9.0 shipped resonance tiers + a CLI control. v5.9.1 surfaces the selector in NEXO Desktop's existing Preferences dialog without requiring a Desktop release — Desktop fetches its fields via nexo schema --json, so adding preferences.default_resonance at the Brain end makes it appear automatically. Value now lives in brain/calibration.json with a fallback to schedule.json; CLI writes both.
Every Claude/Codex invocation now flows through a central resonance map (MAXIMO / ALTO / MEDIO / BAJO) and a unified automation_runs table. User-facing callers (nexo chat, Desktop, interactive nexo update) honour the user's default_resonance; system-owned callers are pinned per caller in src/resonance_map.py. Migration #41 adds caller, session_type, started_at, ended_at, pid, resonance_tier. New run_automation_interactive(), MCP tools nexo_session_log_create/_close for Desktop, and nexo preferences --resonance CLI. 20 new tests.
v5.8.0 shipped an auto-classifier in the Brain core that matched NEXO-specific ID prefixes (NF-PROTOCOL-*, NF-DS-*, …), Spanish user-verbs (debes, revisar, firmar), and agent keywords (monitor, auditoría diaria). Fine for NEXO’s own DB, poison for every third-party agent plugged into the shared Brain. 5.8.2 removes it entirely. The core persists internal=0 and owner=NULL when callers omit them; clients that want classification compute it themselves. Desktop’s existing _legacyClassifyOwner handles the fallback so users see no visual change.
Between 2026-04-14 and 2026-04-17 the nightly deep-sleep stopped producing artifacts because three components fell into a feedback loop: the wrapper only wrote cron_runs at end, the watchdog used cron_runs as source of truth for “stuck”, and launchctl kickstart -k killed the running worker every 30 min. 5.8.1 adds two-phase cron_runs recording, in-flight detection, transient vs deterministic failure classification in the extractor, and a silent heal for installs already stuck in the loop.
Task classification moves from client-side regex into persistent storage every MCP client shares. Migration #40 adds internal and owner columns on followups and reminders, with an idempotent one-shot backfill. Taxonomy is owner in {user, waiting, agent, shared} — agent is deliberately generic so third-party deployments render their own assistant label instead of hardcoding “NEXO”. Closes a UX paradox where tasks labelled “Para ti” could be hidden by the “Tareas internas” filter.
nexo update now keeps your terminal CLIs in lockstep with NEXO Brain itself. When the global @anthropic-ai/claude-code or @openai/codex packages are installed, the updater checks the npm registry and runs npm install -g <pkg>@latest in-line before the post-update verify step — so the boot model stays aligned with the settings NEXO already wrote to ~/.claude/settings.json. Pass nexo update --no-clis to pin them manually.
Two small-but-sharp fixes in nexo update. 0-byte .db orphans left behind by interrupted installs or aborted sqlite3.connect calls now get purged from ~/.nexo/ and ~/.nexo/data/ before the pre-update backup runs, so backup validation no longer trips over empty shells. And the new sync_claude_code_model() helper propagates the NEXO-recommended model into ~/.claude/settings.json — the file Claude Code actually reads — when heal_runtime_profiles() migrates the claude_code default.
Same-day follow-up to v5.5.5. The data-loss guardrails in v5.5.5 neutralised the consequences of the 2026-04-16 incident; v5.5.6 closes the cause. nexo_backup_now, nexo_backup_restore, and export_user_bundle now refuse reentrant calls inside 30 s / 60 s / 120 s windows, so a runaway MCP client stuck in a tool-use loop can no longer hammer sqlite3.Connection.backup() the way it did when this incident first struck.
A hotfix for the 2026-04-16 incident where one user's ~/.nexo/data/nexo.db was reset to a 4 KB empty-schema file while three consecutive nexo update attempts each captured the already-empty DB into a new pre-update-* snapshot, masking the wipe. v5.5.5 adds a pre-flight wipe guard, validated sqlite3.backup copies, a post-migration row-count gate, a startup self-heal that auto-restores from the newest hourly backup, and a new nexo recover CLI + nexo_recover MCP tool.
NEXO Brain now ships with Claude Opus 4.7 and reasoning_effort: "max" — the highest reasoning tier available. Auto-migration on nexo update silently upgrades existing users from claude-opus-4-6* to claude-opus-4-7, preserving the 1M context suffix. Codex profiles are untouched.
Phase 2 extraction was retrying the same session three times with identical prompt and context, hiding a 6h per-attempt safety net that silently drifted out of alignment with its own 3h comment. Retries dropped from 3 to 2, the JSON system prompt gained an escape hatch so the model always returns parseable output, and all 10 automation subprocess timeouts now live in a single AUTOMATION_SUBPROCESS_TIMEOUT constant.
Aligned models were rejecting enforcer injections as suspected prompt injection, breaking heartbeat, diary, and checkpoints. A new CORE section teaches the model that <system-reminder> messages prefixed with [NEXO Protocol Enforcer] are legitimate protocol instructions. Paired with NEXO Desktop v0.9.25 that wraps every injection accordingly.
Startup and ensure_schedules now verify launchctl loaded state, repair stale launchd entries with checked bootstrap/bootout calls, and core automation scripts defer empty model selection to the configured runtime profile.
Read more →Fixed silent import failure when headless sessions run from non-NEXO directories. Added comprehensive logging to enforcer-headless.log and dedup logic.
Read more →Headless sessions now use stream-json mode with real-time monitoring and injection. No more trusting the model to follow rules.
Read more →All headless sessions (Deep Sleep, email-monitor, followup-runner, etc.) now receive enforcement rules automatically via append_system_prompt.
Complete rewrite of the enforcement map with must/should/may levels, dependency chains, internal call tracking, and conditional rules. 247 tools analyzed from source code.
Read more →Canonical map of all 247 NEXO Brain tools with enforcement metadata. Desktop and headless session-guard read this map to mechanically enforce protocol compliance.
Read more →Canonical map of all 247 MCP tools with enforcement metadata. Desktop and headless sessions read it to mechanically enforce protocol compliance.
Read more →nexo update now manages external runtime dependencies declared in runtimeDependencies. First dependency: Claude Code. Plus a daily auto-update cron.
Increases subprocess timeout from 10s to 30s for test_update_uses_recorded_source_repo. Completes the v5.4.2 publish workflow fix.
Hotfix: 2 tests that broke the v5.4.2 publish workflow now correctly copy tree_hygiene.py into their isolated runtime directories.
NEXO 5.4.2 stops treating every local/runtime operation as fake repo commit_ref debt, lets the nocturnal postmortem drain pending session_buffer.jsonl events as a real queue, rewrites the buffer atomically, and aligns the docs with the real stop-hook / reflection boundary. No downgrade of the Claude/Opus-assisted layer.
NEXO 5.4.1: the PostToolUse hook that feeds ~/.nexo/brain/session_buffer.jsonl had been reading a nonexistent env var since its introduction two days earlier, writing 100% noise. This release parses the tool name from stdin JSON, keeps Bash in the stream, removes a runtime-only duplicate, and purges pre-fix entries on update. Honest post-mortem inside.
NEXO 5.4.0: append-only event bus at ~/.nexo/runtime/events.ndjson, nexo notify for proactive events, nexo health --json for subsystem status, nexo logs --tail --json for structured log access, plus a safe flat→nested calibration.json migration that runs silently inside nexo update.
NEXO 5.3.30: four new read-only CLI commands — nexo schema, nexo identity, nexo onboard, nexo scan-profile — expose the editable schema, canonical assistant identity, onboarding wizard, and profile heuristics as JSON. External UIs stop hardcoding fields and start auto-adapting.
A release-engineering hardening pass for the shared brain: duplicate * 2 artifacts now fail hygiene gates instead of hiding in the tree, update paths converge on one core, startup preflight runs synchronously, corrupt DB state fails closed, and cron runs spool locally when SQLite is unavailable.
One JSON shared by the Python runtime and JS installer for all model defaults. Codex profiles self-heal on update, fresh installs get headless-safe permissions.allow so cron automation stops zombie-waiting for approvals, and a one-time upgrade prompt ships when a new model recommendation is published.
A trust-layer patch for the shared brain: malformed outcome, task_type, and impact_level payloads now fail explicitly instead of being silently rewritten into other valid states.
A small but important truthfulness patch for packaged users and the shared-brain loop: successful installs now keep runtime metadata aligned, deep doctor stays honest during fresh bootstrap, Evolution asks for explicit scores again, and synthesis absorbs only actionable startup/update signals.
Read articleA real-machine recovery hotfix for packaged users: updates now rebuild the core-artifact manifest from the canonical npm source, so personal scripts stop being mistaken for core and runtime doctor/export recover cleanly after a bad 5.3.8 install.
Read articleA fast follow-up to 5.3.7: packaged migration now carries newly added top-level runtime Python modules into ~/.nexo, so portability commands work immediately on real upgraded installs.
A daily-work release for packaged users: nexo update now re-syncs runtime crons and reloads LaunchAgents after version bumps, new nexo export / nexo import commands finally make operator continuity explicit, and doctor stops overstating tracked Codex drift.
A practical daily-work patch: Claude Code now picks up the managed NEXO MCP server from the user config it actually reads, schedule status treats open runs honestly, and runtime hygiene gets tighter around script inventory and release checks.
Read articleA small packaging honesty patch: the installer already shipped the built-in backup LaunchAgent as core, and now nexo doctor recognizes that same inventory instead of flagging a clean runtime as unknown.
A trust-boundary patch for packaged users: NEXO now tracks which runtime scripts and hooks are product artifacts, `nexo scripts` stops mixing them into the personal bucket, and `nexo update` migrates the last legacy Claude Code heartbeat wrappers into managed core hooks.
Read articleA packaging patch that makes nexo update behave like a normal user expects: the installed runtime stays anchored to ~/.nexo, packaged artifacts refresh after upgrade, repo-only drift stays out of user installs, and personal scripts keep resolving against the canonical packaged home.
Two focused gaps close in the Cortex layer: Spanish/English high-stakes detection with bilingual negation suppression, positive signals on the confidence score, a numeric safeguard over the decision tree, and a cortex-quality cache reader that finally consumes the v5.1.0 cron's write-only snapshot.
Read articleThe full NEXO-AUDIT-2026-04-11 roadmap lands as one minor bump. Evolution/adaptive/cognitive/skills loops close under themselves, bitemporal KG export, OpenTelemetry spans, and lint/security/coverage/release gates on every PR.
Read articleNEXO 5.0.0 connects goal profiles, Decision Cortex v2, measured outcomes, reusable skill evolution, and a stronger benchmark/release surface, turning a powerful runtime into a much more closed-loop one.
Read articleNEXO 4.0.1 packages the post-4.0.0 mainline fix as a real public patch release, aligning git, npm, GitHub Releases, and the website while adding a heartbeat reminder after visible user corrections without nearby learning capture.
Read articleNEXO 4.0.0 turns memory into a broader product surface: multimodal artifact refs, structured auto-flush before compaction, a public claim wiki with evidence/freshness, readable exports, richer user-state adaptation, and public retrieval/backend controls.
Read articleNEXO now makes the last 24 hours operationally explicit, adds MCP access to recent Claude Code and Codex transcripts when memory capture is thin, and exposes a live system catalog built from the runtime's canonical sources.
Read articleAn honest field guide to the five MCP memory tools we keep seeing in the wild — mem0, Letta, Zep, mcp-memory and NEXO Brain. Storage shape, extraction philosophy, forgetting and operational footprint, with guidance on which to pick for which agent.
Read articleNEXO now measures protocol compliance, project pressure, and engineering output across weekly/monthly Deep Sleep summaries, surfaces that signal in the dashboard, and enforces release readiness inside the repo before publish.
Read articleDeep Sleep now deduplicates followups by meaning, consolidates overlapping learnings into canonical records, flags contradictions for review, and backfills concrete engineering followups when recurring patterns imply a real fix.
Read articleNEXO now persists a managed Codex MCP contract in config, audits real recent Codex sessions and Claude Desktop metadata, writes weekly/monthly Deep Sleep summaries, and makes retrieval explanations more honest.
Read articleNEXO now backfills pre-existing Codex integrations during update, fixes blank bootstrap identities when operator metadata is missing, and persists that repaired client state so later syncs stay aligned.
Read articleNEXO now manages Codex global bootstrap and model sync, auto-enables HyDE and shallow spreading for the right queries, tracks per-memory stability and difficulty, and gives Deep Sleep a 60-day blended horizon.
Read articleNEXO now manages Claude and Codex bootstraps with a protected CORE/USER contract, explicitly starts Codex sessions as NEXO, and feeds Codex session transcripts into Deep Sleep overnight analysis.
Read articleNEXO now gives Claude Code, Codex, and Claude Desktop the same brain, lets users choose their terminal client and automation backend, and removes a frustrating false-critical runtime edge case with managed KeepAlive recovery.
Read articleVersion drift across npm, OpenClaw, and ClawHub is now impossible. NEXO 2.6.9 introduces automated artifact synchronization, a full CI/CD pipeline, and hardened packaging for every distribution channel.
Read articleNEXO Brain 2.6.7 introduces opt-in contributor evolution that lets any installation propose improvements to the core, personal MCP plugins that survive updates, and smoother memory continuity for daily use.
Read articleEvery AI agent starts each conversation from zero. Here is how persistent memory works, why context windows are not enough, and how NEXO Brain solves the problem with a cognitive architecture inspired by human psychology.
Read articleIn 1968 Atkinson and Shiffrin described how human memory flows through three stores. We applied their model to AI agents. Here is why cognitive psychology holds the key to building agents that learn over time.
Read articleStoring everything forever sounds smart until your agent drowns in irrelevant context. Memory decay is not a bug. Here is how Ebbinghaus forgetting curves keep AI memory clean, fast, and relevant.
Read articleOpen source, AGPL-3.0 licensed, and built for builders who want their AI to actually remember.