NEXO 7.17.6 — cron health diagnostics and catch-up observability

Published 2026-05-11. Patch release over v7.17.5.

Why this patch exists

Runtime cron health should distinguish a real failure from an observability gap. A local audit showed tcc-approve could fail with an empty wrapper summary, while some legacy catch-up paths could update .catchup-state.json without leaving a matching cron_runs row.

What changed

nexo-tcc-approve.sh now logs the concrete sqlite3 failure for each macOS TCC service, keeps version markers unset until all approvals succeed, and prints a concise status that the cron wrapper can capture.

nexo-catchup.py still prefers nexo-cron-wrapper.sh as the single writer, but if a legacy or partially migrated runtime has to execute a task directly, catch-up now inserts and closes a cron_runs row around that direct execution.

Validation

python3 -m pytest -q tests/test_tcc_approve.py tests/test_catchup_direct_fallback.py \
  tests/test_cron_wrapper_contract.py tests/test_cron_recovery.py tests/test_cron_sync.py
# 42 passed

python3 -m py_compile src/scripts/nexo-catchup.py
bash -n src/scripts/nexo-tcc-approve.sh src/scripts/nexo-cron-wrapper.sh

Full changelog entry → · Previous v7.17.5 release