NEXO 6.3.0 — Plan Consolidado wave 2 + T4 LLM classifier gate
Published 2026-04-18. Coordinated with NEXO Desktop v0.18.0.
Headline
The Protocol Enforcer gains a real LLM gate. Rules R15 (project context), R23e (force-push to main), R23f (production DELETE/UPDATE without WHERE) and R23h (shebang mismatch) now ask a small classifier "is this regex match actually a drift worth nudging?" before enqueuing an injection. Verdict is tristate — yes proceeds, no skips (cuts false positives), unknown falls through to regex (never silently suppresses a rule on infra flakiness). Byte parity between the Python headless engine and the NEXO Desktop JS twin.
Also in this release
- Extended
cognitive_sentimentshape —is_correction,valence ∈ [-1, 1],intentenum. - Entities schema extension —
aliases,metadata,source,confidence,access_modevia idempotent migrationm44. - 21 labelled rule fixtures + R13 spike gates (FP < 5%, P95 < 3s).
- Fase F telemetry loops —
src/fase_f_loops.py+src/scripts/phase_guardian_analysis.pyfeeding Deep Sleep with per-rule aggregates, FP clustering and FN new-rule candidates. - Local zero-shot classifier skeleton — pinned
MoritzLaurer/mDeBERTa-v3-base-mnli-xnliat revisiona1a5a76a8cb44edb4f92e7e2ea4f0e0ce8ce6e97+ upgrade policy docs. - Hook respects
NEXO_MIGRATING=1— structure migrations no longer need per-file task_open. origincolumn onpersonal_scripts— letsnexo updateand the future Desktop Automations panel separate core vs user scripts without heuristics.- R34 identity coherence added to the system prompt with an explicit anti-example.
- artifact_class preset entries —
shopify_banner_block,changelog_entry,email_to_operator_contact.
Audit trail
Two parallel auditors ran pre-release per the "2-auditor" mandate. Both flagged the same CRITICAL F-01: the first JS wire of the T4 gate called gate.classifyWithLlm (lowercase Llm) while the actual export is classifyWithLLM and is async — the verdict === 'no' check was comparing a Promise to a string, always false, so the gate was dead code. Fixed with await + new integration test. Auditor 1 also found HIGH H1: the existing enforcement_classifier.classify returned False both when the classifier said "no" AND when both retries produced an unparseable response — a T4-gated destructive rule would be silently suppressed on a flaky backend. Fixed by introducing tristate=True that returns "yes" | "no" | "unknown" so unparseable answers fall through to regex instead of disabling the rule. H2 removed "otra vez" from CORRECTION_SIGNALS (benign phrases like "envíame la lista otra vez" were flagged as corrections). Re-audit approved the fixes before tagging.
Deferred
F0.3–F0.6 physical move of ~/.nexo/scripts/, skills/, plugins/, hooks/, rules/, brain/, operations/ into core/ + personal/, plus the breaking v7.0.0 symlink removal, stay tracked as a follow-up. They require coordinated validation on Francisco's and Nora's live runtimes — moving a LaunchAgent-backed cron without verifying its credentials still resolve after the relocation is how runtime outages happen.