NEXO 7.17.4 — automation discipline contracts and Guardian observability
Published 2026-05-11. Corrective patch release over v7.17.3.
Why this patch exists
Some automation paths needed opposite behavior. Real background agents such as email monitor, followup runner, sleep, evolution and immune must keep full NEXO discipline: task tracking, evidence, closure, diary, learnings and followups when they apply. Strict technical children such as Deep Sleep extraction, synthesis and morning JSON generation must stay clean so their JSON does not get polluted by global protocol prompts.
What changed
The runner now classifies automation callers into full NEXO agents, strict JSON children and isolated children. Full agents keep the enforcement wrapper. Strict children run under their local output contract while the parent job remains accountable for the work.
Automation telemetry now records caller, session type and automation contract consistently across Claude and Codex. Guardian metrics also count the real injection event, and runtime doctor now warns when core cron activity has no matching caller-attributed automation row.
Validation
PYTHONPATH=src pytest -q tests/test_agent_runner.py tests/test_guardian_metrics_aggregate.py tests/test_doctor.py tests/test_runner_guard_path_extraction.py tests/test_agent_runner_bare_mode.py tests/test_operator_language.py tests/test_protocol_strictness_tty.py
# 175 passed
PYTHONPATH=src python3 src/scripts/nexo-morning-agent.py --dry-run
# generated valid subject/body JSON and did not send email
python3 scripts/guardian_metrics_aggregate.py
# capture_rate=1.0 in live guardian-metrics.ndjson