NEXO 7.12.1 — Guardian retries round-trip and personal one-shots stop hanging

Published 2026-04-29. Patch release over v7.12.0 — closes the remaining G3 authorization dead-end and the short-text automation hang path.

SSH remote-write guards now see more than one shell shape

src/hook_guardrails.py no longer limits SSH remote-write detection to ssh host "cmd". The same G3 gate now catches the equivalent intent when the remote shell payload arrives through stdin, heredoc, or pipe-to-SSH forms such as ssh host < script.sh, ssh -T host <<EOF, and printf ... | ssh host bash.

The Cortex path now unlocks the retry it asks for

The guard was previously telling operators to run nexo_cortex_decide and then blocking the same retry anyway. A recent positive Cortex evaluation inside the same session and open task now authorizes the next matching destructive or SSH remote-write retry for a short TTL, so the contract stops dead-ending right after the approval step.

Short personal automation text jobs now run as bare one-shots

src/scripts/nexo_personal_automation.py now routes short text-only cron tasks through bare one-shot runs: no bootstrap, no default tool exposure, 180-second timeout, inferred personal/<script> caller ids, and per-caller overlap locks. That closes the reproducible path where jobs such as short replies/comments could sit alive for hours or stack overlapping subprocesses between cron ticks.

Result

Remote deploy/recovery flows stop dead-ending after nexo_cortex_decide, and personal short-text automations stop behaving like mini interactive agent sessions when all they need is a few lines of text.

Validation

pytest -q tests/test_g1_g3_enforcer_active.py tests/test_hook_guardrails.py tests/test_nexo_agent_run_tier_flag.py tests/test_nexo_personal_automation.py tests/test_agent_runner_bare_mode.py tests/test_personal_caller_prefix.py tests/test_run_automation_prompt_tier_kwarg.py

110 passed

Full changelog entry → · src/hook_guardrails.py · src/scripts/nexo_personal_automation.py