NEXO 7.1.4 — packaged updater verification order fix

Published 2026-04-20. Patch over v7.1.3.

The 7.1.3 line already shipped the honest packaged runtime closure, but live rollout on a real Desktop-managed machine exposed one last updater-ordering regression. The packaged update flow could still verify imports before the runtime layout had recreated the root shim files. This coordinated patch fixes that order so packaged installs stop failing their own post-update health-check.

What changed

src/plugins/update.py now calls _finalize_packaged_runtime_layout() before the post-update import server verification. That matters because packaged npm updates can temporarily replace or remove the root-level shim files that the import path still relies on. Restoring the layout first means the verification step checks the real post-update runtime instead of a half-rebuilt one. The release also adds a dedicated regression test that locks this order in.

Why it matters

This is a small diff with a large product effect. Desktop-managed installs are meant to be self-contained, so a packaged update cannot depend on an operator manually repairing files or rerunning the updater over SSH after the fact. The runtime has to restore itself in the correct order and then pass its own health-check cleanly.

Verification

The coordinated Brain line was validated with the targeted packaged update regression file green (13 passed) and the full public release-readiness validator green after the release surfaces were refreshed.