loki-mode 5.26.1 → 5.27.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with zero human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v5.26.1
+# Loki Mode v5.27.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -260,4 +260,4 @@ Auto-detected or force with `LOKI_COMPLEXITY`:
 
 ---
 
-**v5.26.1 | Release workflow fix, shell/dashboard/CI bugs | ~270 lines core**
+**v5.27.0 | 57-bug audit fix (10 parallel agents, 3-member council review) | ~270 lines core**

package/VERSION

@@ -1 +1 @@
-5.26.1
+5.27.0

package/autonomy/completion-council.sh

@@ -226,6 +226,7 @@ council_vote() {
             1) role="requirements_verifier" ;;
             2) role="test_auditor" ;;
             3) role="devils_advocate" ;;
+            *) role="generalist" ;;
         esac
 
         log_info "Council member $member/$COUNCIL_SIZE ($role) reviewing..."
@@ -255,7 +256,24 @@ council_vote() {
         ((member++))
     done
 
-    # Record vote results
+    # Anti-sycophancy check: if unanimous APPROVE, run devil's advocate
+    if [ $approve_count -eq $COUNCIL_SIZE ] && [ $COUNCIL_SIZE -ge 3 ]; then
+        log_warn "Unanimous approval detected - running anti-sycophancy check..."
+        local contrarian_verdict
+        contrarian_verdict=$(council_devils_advocate "$evidence_file" "$vote_dir")
+        local contrarian_vote
+        contrarian_vote=$(echo "$contrarian_verdict" | grep -oE "VOTE:\s*(APPROVE|REJECT)" | grep -oE "APPROVE|REJECT" | head -1)
+
+        if [ "$contrarian_vote" = "REJECT" ]; then
+            log_warn "Anti-sycophancy: Devil's advocate REJECTED unanimous approval"
+            log_warn "Overriding to require one more iteration for verification"
+            approve_count=$((approve_count - 1))
+        else
+            log_info "Anti-sycophancy: Devil's advocate confirmed approval"
+        fi
+    fi
+
+    # Record vote results (AFTER anti-sycophancy check so verdict reflects any override)
     _COUNCIL_STATE_FILE="$COUNCIL_STATE_DIR/state.json" \
     _COUNCIL_SIZE="$COUNCIL_SIZE" \
     _COUNCIL_APPROVE="$approve_count" \
@@ -291,23 +309,6 @@ with open(state_file, 'w') as f:
     json.dump(state, f, indent=2)
 " || log_warn "Failed to record council vote results"
 
-    # Anti-sycophancy check: if unanimous APPROVE, run devil's advocate
-    if [ $approve_count -eq $COUNCIL_SIZE ] && [ $COUNCIL_SIZE -ge 3 ]; then
-        log_warn "Unanimous approval detected - running anti-sycophancy check..."
-        local contrarian_verdict
-        contrarian_verdict=$(council_devils_advocate "$evidence_file" "$vote_dir")
-        local contrarian_vote
-        contrarian_vote=$(echo "$contrarian_verdict" | grep -oE "VOTE:\s*(APPROVE|REJECT)" | grep -oE "APPROVE|REJECT" | head -1)
-
-        if [ "$contrarian_vote" = "REJECT" ]; then
-            log_warn "Anti-sycophancy: Devil's advocate REJECTED unanimous approval"
-            log_warn "Overriding to require one more iteration for verification"
-            approve_count=$((approve_count - 1))
-        else
-            log_info "Anti-sycophancy: Devil's advocate confirmed approval"
-        fi
-    fi
-
     echo ""
     log_info "Council verdict: $approve_count APPROVE / $reject_count REJECT (threshold: $COUNCIL_THRESHOLD)"
     echo -e "$verdicts"

package/autonomy/hooks/quality-gate.sh

@@ -29,7 +29,7 @@ fi
 
 # Check for TODO/FIXME in recent changes
 if [ -d "$CWD/.git" ]; then
-    TODOS=$(git -C "$CWD" diff HEAD~1 2>/dev/null | grep -c "TODO\|FIXME" || echo "0")
+    TODOS=$(git -C "$CWD" diff HEAD~1 2>/dev/null | grep -c "TODO\|FIXME" 2>/dev/null) || TODOS=0
     if [ "$TODOS" -gt 0 ]; then
         GATE_RESULTS+=("new_todos: $TODOS")
     fi

package/autonomy/hooks/track-metrics.sh

@@ -11,6 +11,7 @@ METRICS_DIR="$CWD/.loki/metrics"
 mkdir -p "$METRICS_DIR"
 
 TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)
-echo "{\"timestamp\":\"$TIMESTAMP\",\"tool\":\"$TOOL_NAME\",\"event\":\"PostToolUse\"}" >> "$METRICS_DIR/tool-usage.jsonl"
+tool_escaped=$(printf '%s' "$TOOL_NAME" | sed 's/\\/\\\\/g; s/"/\\"/g')
+echo "{\"timestamp\":\"$TIMESTAMP\",\"tool\":\"$tool_escaped\",\"event\":\"PostToolUse\"}" >> "$METRICS_DIR/tool-usage.jsonl"
 
 exit 0

package/autonomy/hooks/validate-bash.sh

@@ -10,13 +10,13 @@ CWD=$(echo "$INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).ge
 
 # Dangerous command patterns
 BLOCKED_PATTERNS=(
-    "^rm -rf /$"
-    "^rm -rf ~$"
-    "^rm -rf \\\$HOME$"
+    "^rm -rf /"
+    "^rm -rf ~"
+    "^rm -rf \\\$HOME"
     "> /dev/sd"
     "^mkfs "
     "^dd if=/dev/zero"
-    "^chmod -R 777 /$"
+    "^chmod -R 777 /"
 )
 
 # Check for blocked patterns
@@ -38,7 +38,8 @@ done
 # Log command to audit trail
 LOG_DIR="$CWD/.loki/logs"
 mkdir -p "$LOG_DIR"
-echo "{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"command\":$(echo "$COMMAND" | python3 -c 'import sys,json; print(json.dumps(sys.stdin.read()))')}" >> "$LOG_DIR/bash-audit.jsonl"
+printf '%s' "{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"command\":$(echo "$COMMAND" | python3 -c 'import sys,json; print(json.dumps(sys.stdin.read()))')}" >> "$LOG_DIR/bash-audit.jsonl"
+echo >> "$LOG_DIR/bash-audit.jsonl"
 
 # Allow command
 cat << EOF

package/autonomy/loki

@@ -55,9 +55,12 @@ find_skill_dir() {
     local script_dir
     script_dir=$(dirname "$script_path")
 
+    # Check script's own parent first (most likely current), then installed skill, then cwd
+    local script_parent
+    script_parent="$(cd "$script_dir/.." 2>/dev/null && pwd)"
     local dirs=(
+        "$script_parent"
         "$HOME/.claude/skills/loki-mode"
-        "$script_dir/.."
         "."
     )
 
@@ -444,6 +447,18 @@ cmd_start() {
 
     if [ -n "$prd_file" ]; then
         args+=("$prd_file")
+    else
+        # No PRD file specified -- warn and confirm before consuming API credits
+        echo -e "${YELLOW}Warning: No PRD file specified.${NC}"
+        echo "Loki Mode will start autonomous execution in the current directory"
+        echo "without a requirements document."
+        echo ""
+        echo -e "This will consume API credits. Continue? [y/N] \c"
+        read -r confirm
+        if [[ ! "$confirm" =~ ^[Yy] ]]; then
+            echo "Aborted. Usage: loki start <path-to-prd.md>"
+            exit 0
+        fi
     fi
 
     # Load saved provider if not specified on command line
@@ -604,15 +619,16 @@ cmd_stop() {
         if [ -f "$LOKI_DIR/session.json" ]; then
             # Use python for reliable JSON update, fall back to overwrite
             python3 -c "
-import json, sys
+import json, sys, os
 try:
-    with open('$LOKI_DIR/session.json', 'r+') as f:
+    p = os.path.join(sys.argv[1], 'session.json')
+    with open(p, 'r+') as f:
         d = json.load(f)
         d['status'] = 'stopped'
         f.seek(0); f.truncate()
         json.dump(d, f)
 except: pass
-" 2>/dev/null || true
+" "$LOKI_DIR" 2>/dev/null || true
         fi
 
         # Clean up control files
@@ -692,15 +708,31 @@ cmd_pause() {
 cmd_resume() {
     if [ ! -d "$LOKI_DIR" ]; then
         echo -e "${YELLOW}No .loki directory found.${NC}"
-        echo "Nothing to resume. Start a session with: loki start"
+        echo "No session to resume. Start a session with: loki start"
+        exit 0
+    fi
+
+    # Check if there is anything to resume before touching signal files
+    local has_pause_signal=false
+    local has_stop_signal=false
+    [ -f "$LOKI_DIR/PAUSE" ] && has_pause_signal=true
+    [ -f "$LOKI_DIR/STOP" ] && has_stop_signal=true
+    local session_running=false
+    is_session_running && session_running=true
+
+    # If nothing is paused/stopped and no session is running, exit early
+    if ! $has_pause_signal && ! $has_stop_signal && ! $session_running; then
+        echo -e "${YELLOW}No session to resume.${NC}"
+        echo "Start a session with: loki start"
         exit 0
     fi
 
+    # Clear the signal file if one exists
     local removed_signal=""
-    if [ -f "$LOKI_DIR/PAUSE" ]; then
+    if $has_pause_signal; then
         rm -f "$LOKI_DIR/PAUSE"
         removed_signal="PAUSE"
-    elif [ -f "$LOKI_DIR/STOP" ]; then
+    elif $has_stop_signal; then
         rm -f "$LOKI_DIR/STOP"
         removed_signal="STOP"
     fi
@@ -716,19 +748,15 @@ cmd_resume() {
             --action-sequence '["check_signals", "clear_signal", "resume"]' \
             --outcome success \
             --confidence 0.85
-        if is_session_running; then
+        if $session_running; then
             echo -e "${GREEN}$removed_signal signal cleared. Session will resume automatically.${NC}"
         else
             echo -e "${GREEN}$removed_signal signal cleared.${NC}"
             echo "Session is not running. Start with: loki start"
         fi
     else
-        if is_session_running; then
-            echo -e "${CYAN}Session is running normally.${NC}"
-        else
-            echo -e "${YELLOW}No pause/stop signals found.${NC}"
-            echo "Session is not running. Start with: loki start"
-        fi
+        # Session is running but no signals to clear
+        echo -e "${CYAN}Session is running normally. Nothing to resume.${NC}"
     fi
 }
 
@@ -914,7 +942,7 @@ cmd_provider_set() {
                 echo "Install: npm install -g @openai/codex"
                 ;;
             gemini)
-                echo "Install: npm install -g @anthropic-ai/gemini-cli"
+                echo "Install: npm install -g @google/gemini-cli"
                 ;;
         esac
         echo ""
@@ -998,7 +1026,7 @@ cmd_provider_info() {
             echo "Name:        Codex CLI"
             echo "Vendor:      OpenAI"
             echo "CLI:         codex"
-            echo "Flag:        exec --dangerously-bypass-approvals-and-sandbox"
+            echo "Flag:        --full-auto"
             echo ""
             echo "Features:"
             echo "  - Autonomous mode"
@@ -1010,7 +1038,7 @@ cmd_provider_info() {
             echo "Name:        Gemini CLI"
             echo "Vendor:      Google"
             echo "CLI:         gemini"
-            echo "Flag:        --yolo"
+            echo "Flag:        --approval-mode=yolo"
             echo ""
             echo "Features:"
             echo "  - Autonomous mode"
@@ -1544,7 +1572,7 @@ cmd_issue_parse() {
                 ;;
             --format)
                 format="${2:-yaml}"
-                shift 2
+                if [ $# -ge 2 ]; then shift 2; else shift; fi
                 ;;
             --format=*)
                 format="${1#*=}"
@@ -1552,7 +1580,7 @@ cmd_issue_parse() {
                 ;;
             --output|-o)
                 output_file="${2:-}"
-                shift 2
+                if [ $# -ge 2 ]; then shift 2; else shift; fi
                 ;;
             --output=*)
                 output_file="${1#*=}"
@@ -2263,7 +2291,7 @@ cmd_api() {
             fi
 
             # Start server
-            mkdir -p "$LOKI_DIR"
+            mkdir -p "$LOKI_DIR/logs"
             nohup node "$api_server" --port "$port" > "$LOKI_DIR/logs/api.log" 2>&1 &
             local new_pid=$!
             echo "$new_pid" > "$pid_file"
@@ -2584,6 +2612,8 @@ send_slack_notification() {
     project_name=$(basename "$(pwd)")
     local timestamp
     timestamp=$(date '+%Y-%m-%d %H:%M:%S')
+    local message_escaped
+    message_escaped=$(printf '%s' "$message" | sed 's/\\/\\\\/g; s/"/\\"/g; s/	/\\t/g')
 
     # Build Slack payload with blocks for better formatting
     local payload
@@ -2601,7 +2631,7 @@ send_slack_notification() {
             "type": "section",
             "text": {
                 "type": "mrkdwn",
-                "text": "$message"
+                "text": "$message_escaped"
             }
         },
         {
@@ -2638,6 +2668,8 @@ send_discord_notification() {
     project_name=$(basename "$(pwd)")
     local timestamp
     timestamp=$(date '+%Y-%m-%d %H:%M:%S')
+    local message_escaped
+    message_escaped=$(printf '%s' "$message" | sed 's/\\/\\\\/g; s/"/\\"/g; s/	/\\t/g')
 
     # Build Discord embed payload
     local payload
@@ -2646,7 +2678,7 @@ send_discord_notification() {
     "embeds": [
         {
             "title": "Loki Mode: $event_type",
-            "description": "$message",
+            "description": "$message_escaped",
             "color": 5814783,
             "footer": {
                 "text": "Project: $project_name | $timestamp"
@@ -2677,6 +2709,8 @@ send_webhook_notification() {
     project_name=$(basename "$(pwd)")
     local timestamp
     timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+    local message_escaped
+    message_escaped=$(printf '%s' "$message" | sed 's/\\/\\\\/g; s/"/\\"/g; s/	/\\t/g')
 
     # Build generic JSON payload
     local payload
@@ -2684,7 +2718,7 @@ send_webhook_notification() {
 {
     "source": "loki-mode",
     "event": "$event_type",
-    "message": "$message",
+    "message": "$message_escaped",
     "project": "$project_name",
     "timestamp": "$timestamp",
     "cwd": "$(pwd)"
@@ -2855,14 +2889,15 @@ cmd_reset() {
                 # Reset only retry count
                 if command -v python3 &> /dev/null; then
                     python3 -c "
-import json
-with open('$LOKI_DIR/autonomy-state.json', 'r') as f:
+import json, sys, os
+p = os.path.join(sys.argv[1], 'autonomy-state.json')
+with open(p, 'r') as f:
     state = json.load(f)
 state['retryCount'] = 0
 state['status'] = 'reset'
-with open('$LOKI_DIR/autonomy-state.json', 'w') as f:
+with open(p, 'w') as f:
     json.dump(state, f, indent=4)
-" 2>/dev/null
+" "$LOKI_DIR" 2>/dev/null
                     echo -e "${GREEN}Retry count reset to 0${NC}"
                 else
                     rm -f "$LOKI_DIR/autonomy-state.json"
@@ -2970,11 +3005,12 @@ cmd_memory() {
                     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
                     if [ -f "$learnings_dir/patterns.jsonl" ]; then
                         python3 -c "
-import json
-limit = $limit
-project_filter = '$project'
+import json, sys, os
+limit = int(sys.argv[1])
+project_filter = sys.argv[2]
+filepath = os.path.join(sys.argv[3], 'patterns.jsonl')
 count = 0
-with open('$learnings_dir/patterns.jsonl', 'r') as f:
+with open(filepath, 'r') as f:
     for line in f:
         if count >= limit:
             break
@@ -2988,7 +3024,7 @@ with open('$learnings_dir/patterns.jsonl', 'r') as f:
         except: pass
 if count == 0:
     print('(empty - no patterns recorded)')
-" 2>/dev/null
+" "$limit" "$project" "$learnings_dir" 2>/dev/null
                     else
                         echo "(empty - no patterns recorded)"
                     fi
@@ -2999,11 +3035,12 @@ if count == 0:
                     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
                     if [ -f "$learnings_dir/mistakes.jsonl" ]; then
                         python3 -c "
-import json
-limit = $limit
-project_filter = '$project'
+import json, sys, os
+limit = int(sys.argv[1])
+project_filter = sys.argv[2]
+filepath = os.path.join(sys.argv[3], 'mistakes.jsonl')
 count = 0
-with open('$learnings_dir/mistakes.jsonl', 'r') as f:
+with open(filepath, 'r') as f:
     for line in f:
         if count >= limit:
             break
@@ -3017,7 +3054,7 @@ with open('$learnings_dir/mistakes.jsonl', 'r') as f:
         except: pass
 if count == 0:
     print('(empty - no mistakes recorded)')
-" 2>/dev/null
+" "$limit" "$project" "$learnings_dir" 2>/dev/null
                     else
                         echo "(empty - no mistakes recorded)"
                     fi
@@ -3028,11 +3065,12 @@ if count == 0:
                     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
                     if [ -f "$learnings_dir/successes.jsonl" ]; then
                         python3 -c "
-import json
-limit = $limit
-project_filter = '$project'
+import json, sys, os
+limit = int(sys.argv[1])
+project_filter = sys.argv[2]
+filepath = os.path.join(sys.argv[3], 'successes.jsonl')
 count = 0
-with open('$learnings_dir/successes.jsonl', 'r') as f:
+with open(filepath, 'r') as f:
     for line in f:
         if count >= limit:
             break
@@ -3046,18 +3084,18 @@ with open('$learnings_dir/successes.jsonl', 'r') as f:
         except: pass
 if count == 0:
     print('(empty - no successes recorded)')
-" 2>/dev/null
+" "$limit" "$project" "$learnings_dir" 2>/dev/null
                     else
                         echo "(empty - no successes recorded)"
                     fi
                     ;;
 
                 all)
-                    cmd_memory show patterns --limit "$limit"
+                    cmd_memory show patterns --limit "$limit" --project "$project"
                     echo ""
-                    cmd_memory show mistakes --limit "$limit"
+                    cmd_memory show mistakes --limit "$limit" --project "$project"
                     echo ""
-                    cmd_memory show successes --limit "$limit"
+                    cmd_memory show successes --limit "$limit" --project "$project"
                     ;;
 
                 *)
@@ -3078,12 +3116,13 @@ if count == 0:
             echo -e "${BOLD}Search Results for: $query${NC}"
             echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 
+            local query_escaped="${query//\'/\'\\\'\'}"
             python3 -c "
 import json
 import os
 
 learnings_dir = '$learnings_dir'
-query = '$query'.lower()
+query = '${query_escaped}'.lower()
 
 for filename in ['patterns.jsonl', 'mistakes.jsonl', 'successes.jsonl']:
     filepath = os.path.join(learnings_dir, filename)