NEXO 7.1.8 — Guardian/Enforcer roadmap batch: G2 / G3 / G4 / G7 / G8
Published 2026-04-22. Batch release over v7.1.7.
This release consolidates an overnight session that closed a large chunk of the Guardian/Enforcer roadmap, dropped several hardcoded language regexes in favour of the local classifier, and hardened a handful of product guards that had been tracked for a while.
Block K — Guardian/Enforcer
- G2: nightly Deep Sleep phase drains stale
protocol_debtrows with a transparent audit JSON. Operator never wakes up to a bucket of 20+ open debts from two days ago. - G3: destructive Bash commands (
rm -rf,git push --force,DROP TABLE,curl|bash,dd of=/dev/…,chmod -R 777) route through a new pre-tool gate. Ships in shadow mode by default;NEXO_G3_ENFORCE_DESTRUCTIVE=hardpromotes to a hard block so the operator can ramp up after observing the shadow rate. - G4:
nexo_guard_checkis now a gated pre-step for everyEdit/Write. Same shadow/hard rollout viaNEXO_G4_ENFORCE_GUARD_CHECK. Kills theunacknowledged_guard_blockingbacklog at the source. - G7:
nexo_task_openaccepts an inlineack_rulespayload. No more "open task → read response → call ack → retry", all in one MCP call. - G8: morning briefing surfaces a
## Guardian Healthsection with open-debt totals, per-type breakdown, guard-check activity, and failing hooks, with an ACTION NEEDED banner when thresholds are crossed.
Block D — hardcode cleanup
backfill_task_ownerroutes textual classification through the local zero-shot classifier; the ES/EN keyword ladder stays only as a graceful fallback._m50_dedupe_nexo_product_learning_pairphysically supersedes the duplicate "NEXO Brain producto vs instancia personal" learning pair so downstream list/search flows stop seeing it twice.- New
scripts/audit_semantic_hardcodes.pywalkssrc/and lists the remaining keyword/regex candidates for classifier replacement with their suggested refactor target.
Block E — product guards
- Pre-tool hook now rejects agentic edits to
~/Library/LaunchAgents/com.nexo.*.plistunless a core flow has setcore_writes_allowed(). Keeps plist regeneration on the canonical surfaces (nexo scripts ensure-schedules,nexo core-schedules). auto_updateagent-name fallbacks now route throughDEFAULT_ASSISTANT_NAMEinstead of leaking the reserved product identity.email_configstops exporting thefrancisco_emailslegacy key from the dict surface; callers must now readoperator_aliases. Legacy ingest from older config JSON stays intact so upgrades do not break.runner-health-check.pyandnexo_personal_automation.pypromoted from personal to core so every install gets them uniformly.
Fixes
nexo chatnow surfaces every installed terminal client (Claude Code + Codex) when both are on disk, so the picker stops silently dropping the operator into whichever CLI was last used.add_email_accountwraps its SELECT + upsert insideBEGIN IMMEDIATEso a concurrent writer cannot race the metadata-preserve branch.check_no_personal_data.shprivacy guard gains a regex shape layer with allowlist so the check catches leak shapes from any operator identity, not just the historical 14 tokens.
Verification
Focused Brain pytest suite green: tests/test_protocol.py, tests/test_hook_guardrails.py, tests/test_email_accounts.py, tests/test_phase_protocol_debt_drain.py, tests/test_m50_dedupe_learning_pair.py, tests/test_backfill_task_owner_classifier_hook.py, tests/test_server_protocol_exports.py, tests/test_cron_wrapper_disabled_gate.py, tests/test_assistant_name_reserved_fallbacks.py. scripts/verify_client_parity.py → 179 passed + docs OK + parity OK.