NEXO 7.1.8 — Guardian/Enforcer roadmap batch: G2 / G3 / G4 / G7 / G8

Published 2026-04-22. Batch release over v7.1.7.

This release consolidates an overnight session that closed a large chunk of the Guardian/Enforcer roadmap, dropped several hardcoded language regexes in favour of the local classifier, and hardened a handful of product guards that had been tracked for a while.

Block K — Guardian/Enforcer

• G2: nightly Deep Sleep phase drains stale protocol_debt rows with a transparent audit JSON. Operator never wakes up to a bucket of 20+ open debts from two days ago.
• G3: destructive Bash commands (rm -rf, git push --force, DROP TABLE, curl|bash, dd of=/dev/…, chmod -R 777) route through a new pre-tool gate. Ships in shadow mode by default; NEXO_G3_ENFORCE_DESTRUCTIVE=hard promotes to a hard block so the operator can ramp up after observing the shadow rate.
• G4: nexo_guard_check is now a gated pre-step for every Edit/Write. Same shadow/hard rollout via NEXO_G4_ENFORCE_GUARD_CHECK. Kills the unacknowledged_guard_blocking backlog at the source.
• G7: nexo_task_open accepts an inline ack_rules payload. No more "open task → read response → call ack → retry", all in one MCP call.
• G8: morning briefing surfaces a ## Guardian Health section with open-debt totals, per-type breakdown, guard-check activity, and failing hooks, with an ACTION NEEDED banner when thresholds are crossed.

Block D — hardcode cleanup

• backfill_task_owner routes textual classification through the local zero-shot classifier; the ES/EN keyword ladder stays only as a graceful fallback.
• _m50_dedupe_nexo_product_learning_pair physically supersedes the duplicate "NEXO Brain producto vs instancia personal" learning pair so downstream list/search flows stop seeing it twice.
• New scripts/audit_semantic_hardcodes.py walks src/ and lists the remaining keyword/regex candidates for classifier replacement with their suggested refactor target.

Block E — product guards

• Pre-tool hook now rejects agentic edits to ~/Library/LaunchAgents/com.nexo.*.plist unless a core flow has set core_writes_allowed(). Keeps plist regeneration on the canonical surfaces (nexo scripts ensure-schedules, nexo core-schedules).
• auto_update agent-name fallbacks now route through DEFAULT_ASSISTANT_NAME instead of leaking the reserved product identity.
• email_config stops exporting the francisco_emails legacy key from the dict surface; callers must now read operator_aliases. Legacy ingest from older config JSON stays intact so upgrades do not break.
• runner-health-check.py and nexo_personal_automation.py promoted from personal to core so every install gets them uniformly.

Fixes

• nexo chat now surfaces every installed terminal client (Claude Code + Codex) when both are on disk, so the picker stops silently dropping the operator into whichever CLI was last used.
• add_email_account wraps its SELECT + upsert inside BEGIN IMMEDIATE so a concurrent writer cannot race the metadata-preserve branch.
• check_no_personal_data.sh privacy guard gains a regex shape layer with allowlist so the check catches leak shapes from any operator identity, not just the historical 14 tokens.

Verification

Focused Brain pytest suite green: tests/test_protocol.py, tests/test_hook_guardrails.py, tests/test_email_accounts.py, tests/test_phase_protocol_debt_drain.py, tests/test_m50_dedupe_learning_pair.py, tests/test_backfill_task_owner_classifier_hook.py, tests/test_server_protocol_exports.py, tests/test_cron_wrapper_disabled_gate.py, tests/test_assistant_name_reserved_fallbacks.py. scripts/verify_client_parity.py → 179 passed + docs OK + parity OK.