5.3.9 exists to restore trust in the packaged runtime boundary. Personal scripts under ~/.nexo/scripts are not product artifacts. If an update path starts treating them as core runtime files, daily automation, diagnostics, and portable export all stop telling the truth about the machine.
What the real-machine validation exposed after 5.3.8
The 5.3.8 update succeeded on paper: the runtime had the new portability module, Claude MCP still connected, and the published package looked correct. But the actual machine immediately showed a deeper problem. Portable export started omitting personal scripts, and runtime doctor began treating personal com.nexo.* LaunchAgents like unexplained core drift.
Why it happened
In packaged mode, the update path rebuilt runtime-core-artifacts.json from the live runtime tree instead of the canonical npm package source. That meant the manifest could absorb files from the operator's own ~/.nexo/scripts directory. Once that happened, script classification started trusting a poisoned manifest and personal scripts stopped looking personal.
What 5.3.9 changes in the packaged update path
The packaged updater now resolves the canonical npm package src/ directory and rebuilds the runtime core-artifact manifest from that authoritative source. Product-owned scripts, hooks, and cron definitions still stay tracked, but personal files no longer leak into the core inventory just because they exist in the live runtime tree.
How existing bad installs recover
Fixing the updater alone would not have been enough for machines already hit by the bad 5.3.8 manifest. So 5.3.9 also changes the script registry to prefer the canonical packaged source whenever it is available. Existing installs can self-heal their personal-script classification instead of staying permanently dependent on a poisoned runtime manifest.
Why doctor also changes in this release
Runtime doctor now re-syncs personal scripts before it audits unknown com.nexo.* LaunchAgents. That is what lets a recovered machine stop looking broken for the wrong reason. Personal automations become personal again, and doctor starts describing the runtime honestly instead of reporting operator-owned jobs as mysterious drift.
What this means for portable continuity
nexo export and nexo import remain the explicit operator-continuity surface introduced in 5.3.7 and made real in 5.3.8. 5.3.9 ensures those surfaces stay truthful by keeping personal scripts inside the operator bundle instead of letting them vanish behind a broken core manifest.
Upgrade
Open the 5.3.9 changelog section for the exact release note. For installed users, the intended path now looks like this:
npm install -g nexo-brain@5.3.9nexo updatenexo exportnexo doctor --tier runtime
The important outcome is simple: packaged updates keep the runtime replaceable, the operator data explicit, and personal automation ownership intact. That is the boundary a daily-work cognitive runtime has to preserve if it wants to stay trustworthy.