loki-mode 5.40.0 → 5.41.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with zero human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v5.40.0
+# Loki Mode v5.41.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -258,8 +258,8 @@ The following features are documented in skill modules but not yet fully automat
 |---------|--------|-------|
 | PRE-ACT goal drift detection | Planned | Agent-level attention check before each action; no automated enforcement yet |
 | CONTINUITY.md working memory | Implemented (v5.35.0) | Auto-managed by run.sh, updated each iteration |
-| GitHub issue import | Planned | Config flags exist (`LOKI_GITHUB_IMPORT`); `gh` CLI integration partial |
+| GitHub integration | Implemented (v5.41.0) | Import, sync-back, PR creation, export. CLI: `loki github`, API: `/api/github/*` |
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v5.40.0 | fix: 46-bug audit across all distributions, JSON injection, Docker mounts, auth hardening | ~260 lines core**
+**v5.41.0 | feat: GitHub sync-back, PR creation, export (fully wired) | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-5.40.0
+5.41.0

package/autonomy/hooks/validate-bash.sh

@@ -10,6 +10,9 @@ CWD=$(echo "$INPUT" | python3 -c "import sys,json; print(json.load(sys.stdin).ge
 
 # Dangerous command patterns (matched anywhere in the command string)
 # Safe paths like /tmp/ and relative paths (./) are excluded below
+# NOTE: This is defense-in-depth, not a security boundary. Motivated attackers
+# can bypass with advanced techniques (heredocs, printf, arbitrary string building).
+# This hook catches common mistakes and simple bypass attempts.
 BLOCKED_PATTERNS=(
     "rm -rf /"
     "rm -rf ~"
@@ -18,6 +21,15 @@ BLOCKED_PATTERNS=(
     "mkfs[. ]"
     "dd if=/dev/zero"
     "chmod -R 777 /"
+    "eval.*base64"
+    "base64.*\|.*sh"
+    "base64.*\|.*bash"
+    "\$\(base64"
+    "eval.*\\\$\("
+    "curl.*\|.*sh"
+    "wget.*\|.*sh"
+    "curl.*\|.*bash"
+    "wget.*\|.*bash"
 )
 
 # Safe path patterns that override rm -rf / matches

package/autonomy/loki

@@ -14,6 +14,7 @@
 #   loki status           - Show current status
 #   loki dashboard        - Open dashboard in browser
 #   loki import           - Import GitHub issues
+#   loki github [cmd]     - GitHub integration (sync|export|pr|status)
 #   loki help             - Show this help
 #===============================================================================
 
@@ -323,6 +324,7 @@ show_help() {
     echo "  notify [cmd]     Send notifications (test|slack|discord|webhook|status)"
     echo "  voice [cmd]      Voice input for PRD creation (status|listen|dictate|speak|start)"
     echo "  import           Import GitHub issues as tasks"
+    echo "  github [cmd]     GitHub integration (sync|export|pr|status)"
     echo "  config [cmd]     Manage configuration (show|init|edit|path)"
     echo "  completions [bash|zsh]  Output shell completion scripts"
     echo "  memory [cmd]     Cross-project learnings (list|show|search|stats)"
@@ -515,7 +517,7 @@ cmd_start() {
     if [ -n "$prd_file" ]; then
         args+=("$prd_file")
     else
-        # No PRD file specified -- warn and confirm before consuming API credits
+        # No PRD file specified -- warn and confirm before starting
         # Auto-confirm in CI environments or when LOKI_AUTO_CONFIRM is set
         # LOKI_AUTO_CONFIRM takes precedence when explicitly set;
         # fall back to CI env var only when LOKI_AUTO_CONFIRM is unset
@@ -524,10 +526,10 @@ cmd_start() {
             echo -e "${YELLOW}Warning: No PRD file specified. Auto-confirming (CI mode).${NC}"
         else
             echo -e "${YELLOW}Warning: No PRD file specified.${NC}"
-            echo "Loki Mode will start autonomous execution in the current directory"
-            echo "without a requirements document."
+            echo "Loki Mode will analyze the existing codebase and generate"
+            echo "a PRD automatically. No requirements document needed."
             echo ""
-            echo -e "This will consume API credits. Continue? [y/N] \c"
+            echo -e "Continue? [y/N] \c"
             read -r confirm
             if [[ ! "$confirm" =~ ^[Yy] ]]; then
                 echo "Aborted. Usage: loki start <path-to-prd.md>"
@@ -1832,6 +1834,183 @@ cmd_import() {
     fi
 }
 
+# GitHub integration management (v5.41.0)
+cmd_github() {
+    local subcmd="${1:-help}"
+    shift 2>/dev/null || true
+
+    case "$subcmd" in
+        sync)
+            # Sync completed tasks back to GitHub issues
+            if [ ! -d "$LOKI_DIR" ]; then
+                echo -e "${RED}No active Loki session found${NC}"
+                exit 1
+            fi
+
+            if ! command -v gh &>/dev/null; then
+                echo -e "${RED}Error: gh CLI not found. Install with: brew install gh${NC}"
+                exit 1
+            fi
+
+            if ! gh auth status &>/dev/null; then
+                echo -e "${RED}Error: gh CLI not authenticated. Run: gh auth login${NC}"
+                exit 1
+            fi
+
+            export LOKI_GITHUB_SYNC=true
+            source "$RUN_SH" 2>/dev/null || true
+
+            echo -e "${GREEN}Syncing completed tasks to GitHub...${NC}"
+            if type sync_github_completed_tasks &>/dev/null; then
+                sync_github_completed_tasks
+                echo -e "${GREEN}Sync complete.${NC}"
+
+                # Show what was synced
+                if [ -f "$LOKI_DIR/github/synced.log" ]; then
+                    local count
+                    count=$(wc -l < "$LOKI_DIR/github/synced.log" | tr -d ' ')
+                    echo -e "${DIM}Total synced status updates: $count${NC}"
+                fi
+            else
+                echo -e "${YELLOW}Sync function not available.${NC}"
+            fi
+            ;;
+
+        export)
+            # Export local tasks as GitHub issues
+            if [ ! -d "$LOKI_DIR" ]; then
+                echo -e "${RED}No active Loki session found${NC}"
+                exit 1
+            fi
+
+            if ! command -v gh &>/dev/null; then
+                echo -e "${RED}Error: gh CLI not found. Install with: brew install gh${NC}"
+                exit 1
+            fi
+
+            echo -e "${GREEN}Exporting local tasks to GitHub issues...${NC}"
+            source "$RUN_SH" 2>/dev/null || true
+            if type export_tasks_to_github &>/dev/null; then
+                export_tasks_to_github
+                echo -e "${GREEN}Export complete.${NC}"
+            else
+                echo -e "${YELLOW}Export function not available.${NC}"
+            fi
+            ;;
+
+        pr)
+            # Create PR from completed work
+            if ! command -v gh &>/dev/null; then
+                echo -e "${RED}Error: gh CLI not found. Install with: brew install gh${NC}"
+                exit 1
+            fi
+
+            local feature_name="${1:-Loki Mode changes}"
+            export LOKI_GITHUB_PR=true
+            source "$RUN_SH" 2>/dev/null || true
+
+            echo -e "${GREEN}Creating pull request: $feature_name${NC}"
+            if type create_github_pr &>/dev/null; then
+                create_github_pr "$feature_name"
+            else
+                echo -e "${YELLOW}PR function not available.${NC}"
+            fi
+            ;;
+
+        status)
+            # Show GitHub integration status
+            echo -e "${BOLD}GitHub Integration Status${NC}"
+            echo ""
+
+            # gh CLI
+            if command -v gh &>/dev/null; then
+                echo -e "  gh CLI:       ${GREEN}installed$(gh --version 2>/dev/null | head -1 | sed 's/gh version /v/')${NC}"
+                if gh auth status &>/dev/null 2>&1; then
+                    echo -e "  Auth:         ${GREEN}authenticated${NC}"
+                else
+                    echo -e "  Auth:         ${RED}not authenticated${NC}"
+                fi
+            else
+                echo -e "  gh CLI:       ${RED}not installed${NC}"
+            fi
+
+            # Repo detection
+            local repo=""
+            repo=$(git remote get-url origin 2>/dev/null | sed 's|.*github.com[:/]||;s|\.git$||' || echo "")
+            if [ -n "$repo" ]; then
+                echo -e "  Repository:   ${GREEN}$repo${NC}"
+            else
+                echo -e "  Repository:   ${YELLOW}not detected${NC}"
+            fi
+
+            # Config flags
+            echo ""
+            echo -e "${BOLD}Configuration${NC}"
+            echo -e "  LOKI_GITHUB_IMPORT:  ${LOKI_GITHUB_IMPORT:-false}"
+            echo -e "  LOKI_GITHUB_SYNC:    ${LOKI_GITHUB_SYNC:-false}"
+            echo -e "  LOKI_GITHUB_PR:      ${LOKI_GITHUB_PR:-false}"
+            echo -e "  LOKI_GITHUB_LABELS:  ${LOKI_GITHUB_LABELS:-(all)}"
+            echo -e "  LOKI_GITHUB_LIMIT:   ${LOKI_GITHUB_LIMIT:-100}"
+
+            # Sync log
+            if [ -f "$LOKI_DIR/github/synced.log" ]; then
+                echo ""
+                echo -e "${BOLD}Sync History${NC}"
+                local total
+                total=$(wc -l < "$LOKI_DIR/github/synced.log" | tr -d ' ')
+                echo -e "  Total synced updates: $total"
+                echo -e "  Recent:"
+                tail -5 "$LOKI_DIR/github/synced.log" | sed 's/^/    /'
+            fi
+
+            # Imported tasks
+            if [ -f "$LOKI_DIR/queue/pending.json" ]; then
+                local gh_tasks
+                gh_tasks=$(python3 -c "
+import json
+try:
+    with open('$LOKI_DIR/queue/pending.json') as f:
+        data = json.load(f)
+    tasks = data.get('tasks', data) if isinstance(data, dict) else data
+    gh = [t for t in tasks if t.get('source') == 'github']
+    print(len(gh))
+except: print(0)
+" 2>/dev/null || echo "0")
+                echo ""
+                echo -e "${BOLD}Imported Issues${NC}"
+                echo -e "  GitHub tasks in queue: $gh_tasks"
+            fi
+            ;;
+
+        help|*)
+            echo -e "${BOLD}loki github${NC} - GitHub integration management"
+            echo ""
+            echo "Commands:"
+            echo "  status       Show GitHub integration status"
+            echo "  sync         Sync completed task status back to GitHub issues"
+            echo "  export       Export local tasks as new GitHub issues"
+            echo "  pr [name]    Create pull request from completed work"
+            echo ""
+            echo "Environment Variables:"
+            echo "  LOKI_GITHUB_IMPORT=true    Import open issues as tasks on start"
+            echo "  LOKI_GITHUB_SYNC=true      Sync status back to issues during session"
+            echo "  LOKI_GITHUB_PR=true        Create PR when session completes successfully"
+            echo "  LOKI_GITHUB_LABELS=bug     Filter issues by label (comma-separated)"
+            echo "  LOKI_GITHUB_MILESTONE=v2   Filter by milestone"
+            echo "  LOKI_GITHUB_ASSIGNEE=me    Filter by assignee"
+            echo "  LOKI_GITHUB_LIMIT=50       Max issues to import (default: 100)"
+            echo "  LOKI_GITHUB_PR_LABEL=loki  Label to add to created PRs"
+            echo ""
+            echo "Examples:"
+            echo "  loki github status"
+            echo "  loki github sync"
+            echo "  loki github export"
+            echo "  loki github pr \"Add user authentication\""
+            echo "  LOKI_GITHUB_SYNC=true loki start --github ./prd.md"
+            ;;
+    esac
+}
+
 # Parse GitHub issue using issue-parser.sh
 cmd_issue_parse() {
     local issue_ref=""
@@ -4278,6 +4457,9 @@ main() {
         import)
             cmd_import
             ;;
+        github)
+            cmd_github "$@"
+            ;;
         issue)
             cmd_issue "$@"
             ;;

package/autonomy/run.sh

@@ -1273,10 +1273,12 @@ create_github_pr() {
     local pr_body=".loki/reports/pr-body.md"
     mkdir -p "$(dirname "$pr_body")"
 
+    local version
+    version=$(cat "${SCRIPT_DIR%/*}/VERSION" 2>/dev/null || echo "unknown")
     cat > "$pr_body" << EOF
 ## Summary
 
-Automated implementation by Loki Mode v4.1.0
+Automated implementation by Loki Mode v$version ($ITERATION_COUNT iterations, provider: ${PROVIDER_NAME:-claude})
 
 ### Feature: $feature_name
 
@@ -1349,24 +1351,105 @@ sync_github_status() {
         return 1
     fi
 
+    # Track synced issues to avoid duplicate comments
+    mkdir -p .loki/github
+    local sync_log=".loki/github/synced.log"
+    local sync_key="${issue_number}:${status}"
+    if [ -f "$sync_log" ] && grep -qF "$sync_key" "$sync_log" 2>/dev/null; then
+        return 0  # Already synced this status
+    fi
+
     case "$status" in
         "in_progress")
             gh issue comment "$issue_number" --repo "$repo" \
-                --body "Loki Mode: Task in progress - ${message:-implementing solution...}" \
+                --body "**Loki Mode** -- Working on this issue (iteration $ITERATION_COUNT)" \
                 2>/dev/null || true
             ;;
         "completed")
+            local branch
+            branch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "main")
+            local commit
+            commit=$(git rev-parse --short HEAD 2>/dev/null || echo "unknown")
             gh issue comment "$issue_number" --repo "$repo" \
-                --body "Loki Mode: Implementation complete. ${message:-}" \
+                --body "**Loki Mode** -- Implementation complete on \`$branch\` ($commit). ${message:-}" \
                 2>/dev/null || true
             ;;
         "closed")
             gh issue close "$issue_number" --repo "$repo" \
                 --reason "completed" \
-                --comment "Loki Mode: Fixed. ${message:-}" \
+                --comment "**Loki Mode** -- Resolved. ${message:-}" \
                 2>/dev/null || true
             ;;
     esac
+
+    # Record sync to avoid duplicates
+    echo "$sync_key" >> "$sync_log"
+}
+
+# Sync all completed GitHub-sourced tasks back to their issues
+# Called after each iteration and at session end
+sync_github_completed_tasks() {
+    if [ "$GITHUB_SYNC" != "true" ]; then
+        return 0
+    fi
+
+    if ! check_github_cli; then
+        return 0
+    fi
+
+    local completed_file=".loki/queue/completed.json"
+    if [ ! -f "$completed_file" ]; then
+        return 0
+    fi
+
+    # Find GitHub-sourced tasks in completed queue that haven't been synced
+    python3 -c "
+import json, sys
+try:
+    with open('$completed_file') as f:
+        tasks = json.load(f)
+    for t in tasks:
+        tid = t.get('id', '')
+        if tid.startswith('github-'):
+            print(tid)
+except Exception:
+    pass
+" 2>/dev/null | while read -r task_id; do
+        sync_github_status "$task_id" "completed"
+    done
+}
+
+# Sync GitHub-sourced tasks currently in-progress
+sync_github_in_progress_tasks() {
+    if [ "$GITHUB_SYNC" != "true" ]; then
+        return 0
+    fi
+
+    if ! check_github_cli; then
+        return 0
+    fi
+
+    local pending_file=".loki/queue/pending.json"
+    if [ ! -f "$pending_file" ]; then
+        return 0
+    fi
+
+    # Find GitHub-sourced tasks in pending queue (about to be worked on)
+    python3 -c "
+import json
+try:
+    with open('$pending_file') as f:
+        data = json.load(f)
+    tasks = data.get('tasks', data) if isinstance(data, dict) else data
+    for t in tasks:
+        tid = t.get('id', '')
+        if tid.startswith('github-'):
+            print(tid)
+except Exception:
+    pass
+" 2>/dev/null | while read -r task_id; do
+        sync_github_status "$task_id" "in_progress"
+    done
 }
 
 # Export tasks to GitHub issues (reverse sync)
@@ -2147,13 +2230,32 @@ init_loki_dir() {
 
     # Clean up stale control files ONLY if no other session is running
     # Deleting these while another session is active would destroy its signals
-    local existing_pid=""
-    if [ -f ".loki/loki.pid" ]; then
-        existing_pid=$(cat ".loki/loki.pid" 2>/dev/null)
+    # Use flock if available to avoid TOCTOU race
+    local lock_file=".loki/session.lock"
+    local can_cleanup=false
+
+    if command -v flock >/dev/null 2>&1 && [ -f "$lock_file" ]; then
+        # Try non-blocking lock - if we get it, no other session is running
+        {
+            if flock -n 201 2>/dev/null; then
+                can_cleanup=true
+            fi
+        } 201>"$lock_file"
+    else
+        # Fallback: check PID file
+        local existing_pid=""
+        if [ -f ".loki/loki.pid" ]; then
+            existing_pid=$(cat ".loki/loki.pid" 2>/dev/null)
+        fi
+        if [ -z "$existing_pid" ] || ! kill -0 "$existing_pid" 2>/dev/null; then
+            can_cleanup=true
+        fi
     fi
-    if [ -z "$existing_pid" ] || ! kill -0 "$existing_pid" 2>/dev/null; then
+
+    if [ "$can_cleanup" = "true" ]; then
         rm -f .loki/PAUSE .loki/STOP .loki/HUMAN_INPUT.md 2>/dev/null
         rm -f .loki/loki.pid 2>/dev/null
+        rm -f .loki/session.lock 2>/dev/null
     fi
 
     mkdir -p .loki/{state,queue,messages,logs,config,prompts,artifacts,scripts}
@@ -2785,6 +2887,9 @@ EFF_EOF
     # Check notification triggers (v5.40.0)
     check_notification_triggers "$iteration"
 
+    # Sync completed GitHub tasks back to issues (v5.41.0)
+    sync_github_completed_tasks
+
     # Get task from in-progress
     local in_progress_file=".loki/queue/in-progress.json"
     local completed_file=".loki/queue/completed.json"
@@ -6945,16 +7050,50 @@ main() {
     update_continuity
 
     # Session lock: prevent concurrent sessions on same repo
+    # Use flock for atomic locking to prevent TOCTOU race conditions
     local pid_file=".loki/loki.pid"
-    if [ -f "$pid_file" ]; then
-        local existing_pid
-        existing_pid=$(cat "$pid_file" 2>/dev/null)
-        # Skip if it's our own PID or parent PID (background mode writes PID before child starts)
-        if [ -n "$existing_pid" ] && [ "$existing_pid" != "$$" ] && [ "$existing_pid" != "$PPID" ] && kill -0 "$existing_pid" 2>/dev/null; then
-            log_error "Another Loki session is already running (PID: $existing_pid)"
+    local lock_file=".loki/session.lock"
+
+    # Try to acquire exclusive lock with flock (if available)
+    if command -v flock >/dev/null 2>&1; then
+        # Create lock file
+        touch "$lock_file"
+
+        # Open FD 200 at process scope so flock persists for entire session lifetime
+        # (block-scoped redirection would release the lock when the block exits)
+        exec 200>"$lock_file"
+
+        # Try to acquire exclusive lock (non-blocking)
+        if ! flock -n 200 2>/dev/null; then
+            log_error "Another Loki session is already running (locked)"
             log_error "Stop it first with: loki stop"
             exit 1
         fi
+
+        # Check PID file after acquiring lock
+        if [ -f "$pid_file" ]; then
+            local existing_pid
+            existing_pid=$(cat "$pid_file" 2>/dev/null)
+            # Skip if it's our own PID or parent PID (background mode writes PID before child starts)
+            if [ -n "$existing_pid" ] && [ "$existing_pid" != "$$" ] && [ "$existing_pid" != "$PPID" ] && kill -0 "$existing_pid" 2>/dev/null; then
+                log_error "Another Loki session is already running (PID: $existing_pid)"
+                log_error "Stop it first with: loki stop"
+                exit 1
+            fi
+        fi
+    else
+        # Fallback to original behavior if flock not available
+        log_warn "flock not available - using non-atomic PID check (race condition possible)"
+        if [ -f "$pid_file" ]; then
+            local existing_pid
+            existing_pid=$(cat "$pid_file" 2>/dev/null)
+            # Skip if it's our own PID or parent PID (background mode writes PID before child starts)
+            if [ -n "$existing_pid" ] && [ "$existing_pid" != "$$" ] && [ "$existing_pid" != "$PPID" ] && kill -0 "$existing_pid" 2>/dev/null; then
+                log_error "Another Loki session is already running (PID: $existing_pid)"
+                log_error "Stop it first with: loki stop"
+                exit 1
+            fi
+        fi
     fi
 
     # Write PID file for ALL modes (foreground + background)
@@ -6967,6 +7106,8 @@ main() {
     # Import GitHub issues if enabled (v4.1.0)
     if [ "$GITHUB_IMPORT" = "true" ]; then
         import_github_issues
+        # Notify GitHub that imported issues are being worked on (v5.41.0)
+        sync_github_in_progress_tasks
     fi
 
     # Start web dashboard (if enabled)
@@ -7056,6 +7197,14 @@ main() {
         run_autonomous "$PRD_PATH" || result=$?
     fi
 
+    # Final GitHub sync: sync all completed tasks and create PR (v5.41.0)
+    sync_github_completed_tasks
+    if [ "$GITHUB_PR" = "true" ] && [ "$result" = "0" ]; then
+        local feature_name="${PRD_PATH:-Codebase improvements}"
+        feature_name=$(basename "$feature_name" .md 2>/dev/null || echo "$feature_name")
+        create_github_pr "$feature_name"
+    fi
+
     # Extract and save learnings from this session
     extract_learnings_from_session
 

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "5.40.0"
+__version__ = "5.41.0"
 
 # Expose the control app for easy import
 try:

package/dashboard/auth.py

@@ -33,6 +33,7 @@ TOKEN_FILE = TOKEN_DIR / "tokens.json"
 OIDC_ISSUER = os.environ.get("LOKI_OIDC_ISSUER", "")  # e.g., https://accounts.google.com
 OIDC_CLIENT_ID = os.environ.get("LOKI_OIDC_CLIENT_ID", "")
 OIDC_AUDIENCE = os.environ.get("LOKI_OIDC_AUDIENCE", "")  # Usually same as client_id
+OIDC_SKIP_SIGNATURE_VERIFY = os.environ.get("LOKI_OIDC_SKIP_SIGNATURE_VERIFY", "").lower() in ("true", "1", "yes")
 OIDC_ENABLED = bool(OIDC_ISSUER and OIDC_CLIENT_ID)
 
 # Role-to-scope mapping (predefined roles)
@@ -54,11 +55,19 @@ _SCOPE_HIERARCHY = {
 
 if OIDC_ENABLED:
     import logging as _logging
-    _logging.getLogger("loki.auth").warning(
-        "OIDC/SSO enabled (EXPERIMENTAL). Claims-based validation only -- "
-        "JWT signatures are NOT cryptographically verified. Install PyJWT + "
-        "cryptography for production signature verification."
-    )
+    _logger = _logging.getLogger("loki.auth")
+    if OIDC_SKIP_SIGNATURE_VERIFY:
+        _logger.critical(
+            "OIDC/SSO signature verification DISABLED (LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true). "
+            "This is INSECURE and allows forged JWTs. Only use for local testing. "
+            "For production, install PyJWT + cryptography and remove this env var."
+        )
+    else:
+        _logger.warning(
+            "OIDC/SSO enabled (EXPERIMENTAL). Claims-based validation only -- "
+            "JWT signatures are NOT cryptographically verified. Install PyJWT + "
+            "cryptography for production signature verification."
+        )
 
 # OIDC JWKS cache (issuer URL -> (keys_dict, fetch_timestamp))
 _oidc_jwks_cache = {}  # type: dict[str, tuple[dict, float]]
@@ -452,15 +461,18 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
 
     This is a claims-based validation that checks:
     - Token structure (3 base64url-encoded parts)
+    - Signature part is not empty (basic sanity check)
     - Issuer matches OIDC_ISSUER
     - Audience matches OIDC_AUDIENCE or OIDC_CLIENT_ID
     - Token is not expired
 
-    NOTE: Full cryptographic signature verification requires an RSA
-    library (e.g., PyJWT + cryptography). This implementation validates
-    claims and relies on HTTPS transport security for the token. For
-    production deployments with untrusted networks, consider adding
-    PyJWT for full signature verification.
+    SECURITY WARNING: Cryptographic signature verification is NOT performed
+    unless PyJWT is installed. This implementation only validates claims.
+    An attacker can forge JWTs unless LOKI_OIDC_SKIP_SIGNATURE_VERIFY is
+    explicitly set to 'true' (which is INSECURE and only for local testing).
+
+    For production: Install PyJWT + cryptography for proper RSA/HMAC
+    signature verification.
     """
     if not OIDC_ENABLED:
         return None
@@ -470,8 +482,29 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
         if len(parts) != 3:
             return None
 
+        # Basic sanity check: signature part must not be empty
+        header_b64, payload_b64, signature_b64 = parts
+        if not signature_b64 or len(signature_b64) < 10:
+            import logging as _logging
+            _logging.getLogger("loki.auth").error(
+                "OIDC token rejected: signature part is missing or too short"
+            )
+            return None
+
+        # CRITICAL: Check if signature verification is explicitly skipped
+        if not OIDC_SKIP_SIGNATURE_VERIFY:
+            import logging as _logging
+            _logging.getLogger("loki.auth").critical(
+                "OIDC token received but signature verification is NOT implemented. "
+                "Set LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true to explicitly allow "
+                "unverified tokens (INSECURE - local testing only), or install "
+                "PyJWT + cryptography for production signature verification. "
+                "Rejecting token for security."
+            )
+            return None
+
         # Decode payload (claims)
-        claims = json.loads(_base64url_decode(parts[1]))
+        claims = json.loads(_base64url_decode(payload_b64))
 
         # Validate issuer
         if claims.get("iss") != OIDC_ISSUER: