loki-mode 5.40.0 → 5.41.0

package/dashboard/control.py

@@ -11,10 +11,12 @@ Usage:
 """
 
 import asyncio
+import fcntl
 import json
 import os
 import signal
 import subprocess
+import tempfile
 from datetime import datetime, timezone
 from pathlib import Path
 from typing import Optional
@@ -49,6 +51,57 @@ RUN_SH = SKILL_DIR / "autonomy" / "run.sh"
 STATE_DIR.mkdir(parents=True, exist_ok=True)
 LOG_DIR.mkdir(parents=True, exist_ok=True)
 
+# Utility: atomic write with optional file locking
+def atomic_write_json(file_path: Path, data: dict, use_lock: bool = True):
+    """
+    Atomically write JSON data to a file to prevent TOCTOU race conditions.
+    Uses temporary file + os.rename() for atomicity.
+    Optionally uses fcntl.flock for additional safety.
+    """
+    try:
+        # Write to temporary file in same directory (for atomic rename)
+        temp_fd, temp_path = tempfile.mkstemp(
+            dir=file_path.parent,
+            prefix=f".{file_path.name}.",
+            suffix=".tmp"
+        )
+
+        try:
+            with os.fdopen(temp_fd, 'w') as f:
+                # Acquire exclusive lock if requested
+                if use_lock:
+                    try:
+                        fcntl.flock(f.fileno(), fcntl.LOCK_EX)
+                    except (OSError, AttributeError):
+                        # flock not available on this platform - continue without lock
+                        pass
+
+                # Write data
+                json.dump(data, f, indent=2)
+                f.flush()
+                os.fsync(f.fileno())
+
+                # Release lock (happens automatically on close, but explicit is clearer)
+                if use_lock:
+                    try:
+                        fcntl.flock(f.fileno(), fcntl.LOCK_UN)
+                    except (OSError, AttributeError):
+                        pass
+
+            # Atomic rename
+            os.rename(temp_path, file_path)
+
+        except Exception:
+            # Clean up temp file on error
+            try:
+                os.unlink(temp_path)
+            except OSError:
+                pass
+            raise
+
+    except Exception as e:
+        raise RuntimeError(f"Failed to write {file_path}: {e}")
+
 # FastAPI app
 app = FastAPI(
     title="Loki Mode Control API",
@@ -77,6 +130,42 @@ class StartRequest(BaseModel):
     parallel: bool = False
     background: bool = True
 
+    def validate_provider(self) -> None:
+        """Validate provider is from allowed list."""
+        allowed_providers = ["claude", "codex", "gemini"]
+        if self.provider not in allowed_providers:
+            raise ValueError(f"Invalid provider: {self.provider}. Must be one of: {', '.join(allowed_providers)}")
+
+    def validate_prd_path(self) -> None:
+        """Validate PRD path is safe and exists."""
+        if not self.prd:
+            return
+
+        # Check for path traversal sequences
+        if ".." in self.prd:
+            raise ValueError("PRD path contains path traversal sequence (..)")
+
+        # Resolve to absolute path and verify it exists
+        prd_path = Path(self.prd).resolve()
+        if not prd_path.exists():
+            raise ValueError(f"PRD file does not exist: {self.prd}")
+
+        # Verify it's a file, not a directory
+        if not prd_path.is_file():
+            raise ValueError(f"PRD path is not a file: {self.prd}")
+
+        # Verify path resolves within CWD or a reasonable parent
+        cwd = Path.cwd().resolve()
+        try:
+            prd_path.relative_to(cwd)
+        except ValueError:
+            # Not within CWD - check if it's within user's home or project directory
+            home = Path.home().resolve()
+            try:
+                prd_path.relative_to(home)
+            except ValueError:
+                raise ValueError(f"PRD path is outside allowed directories: {self.prd}")
+
 
 class StatusResponse(BaseModel):
     """Current session status."""
@@ -272,6 +361,13 @@ async def start_session(request: StartRequest):
     Returns:
         ControlResponse with success status and PID
     """
+    # Validate input
+    try:
+        request.validate_provider()
+        request.validate_prd_path()
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
     # Check if already running
     status = get_status()
     if status.state == "running":
@@ -356,10 +452,13 @@ async def stop_session():
     session_file = LOKI_DIR / "session.json"
     if session_file.exists():
         try:
+            # Read current session data
             session_data = json.loads(session_file.read_text())
             session_data["status"] = "stopped"
-            session_file.write_text(json.dumps(session_data))
-        except (json.JSONDecodeError, KeyError):
+
+            # Atomic write with file locking to prevent race conditions
+            atomic_write_json(session_file, session_data, use_lock=True)
+        except (json.JSONDecodeError, KeyError, RuntimeError):
             pass
 
     # Emit stop event

package/dashboard/registry.py

@@ -44,7 +44,7 @@ def _save_registry(registry: dict) -> None:
 
 def _generate_project_id(path: str) -> str:
     """Generate a unique project ID from path."""
-    return hashlib.md5(path.encode()).hexdigest()[:12]
+    return hashlib.sha256(path.encode()).hexdigest()[:12]
 
 
 def register_project(
@@ -286,7 +286,8 @@ def discover_projects(
 
             # Search subdirectories
             for child in path.iterdir():
-                if child.is_dir() and not child.name.startswith("."):
+                # Skip symlinks to avoid following into unexpected directories
+                if child.is_dir() and not child.name.startswith(".") and not child.is_symlink():
                     search_dir(child, depth + 1)
 
         except (PermissionError, OSError):

package/dashboard/server.py

@@ -68,14 +68,33 @@ LOKI_TLS_KEY = os.environ.get("LOKI_TLS_KEY", "")    # Path to PEM private key
 class _RateLimiter:
     """Simple in-memory rate limiter for control endpoints."""
 
-    def __init__(self, max_calls: int = 10, window_seconds: int = 60):
+    def __init__(self, max_calls: int = 10, window_seconds: int = 60, max_keys: int = 10000):
         self._max_calls = max_calls
         self._window = window_seconds
+        self._max_keys = max_keys
         self._calls: dict[str, list[float]] = defaultdict(list)
 
     def check(self, key: str) -> bool:
         now = time.time()
+        # Prune old timestamps for this key
         self._calls[key] = [t for t in self._calls[key] if now - t < self._window]
+
+        # Remove keys with empty timestamp lists
+        empty_keys = [k for k, v in self._calls.items() if not v]
+        for k in empty_keys:
+            del self._calls[k]
+
+        # Evict oldest keys if max_keys exceeded
+        if len(self._calls) > self._max_keys:
+            # Sort by oldest timestamp, remove oldest keys
+            sorted_keys = sorted(
+                self._calls.items(),
+                key=lambda x: min(x[1]) if x[1] else 0
+            )
+            keys_to_remove = len(self._calls) - self._max_keys
+            for k, _ in sorted_keys[:keys_to_remove]:
+                del self._calls[k]
+
         if len(self._calls[key]) >= self._max_calls:
             return False
         self._calls[key].append(now)
@@ -83,6 +102,7 @@ class _RateLimiter:
 
 
 _control_limiter = _RateLimiter(max_calls=10, window_seconds=60)
+_read_limiter = _RateLimiter(max_calls=60, window_seconds=60)
 
 # Set up logging
 logger = logging.getLogger(__name__)
@@ -193,11 +213,18 @@ class StatusResponse(BaseModel):
 class ConnectionManager:
     """Manages WebSocket connections for real-time updates."""
 
+    MAX_CONNECTIONS = int(os.environ.get("LOKI_MAX_WS_CONNECTIONS", "100"))
+
     def __init__(self):
         self.active_connections: list[WebSocket] = []
 
     async def connect(self, websocket: WebSocket) -> None:
         """Accept a new WebSocket connection."""
+        if len(self.active_connections) >= self.MAX_CONNECTIONS:
+            await websocket.accept()
+            await websocket.close(code=1013, reason="Connection limit reached. Try again later.")
+            logger.warning(f"WebSocket connection rejected: limit of {self.MAX_CONNECTIONS} reached")
+            return
         await websocket.accept()
         self.active_connections.append(websocket)
 
@@ -853,6 +880,13 @@ async def websocket_endpoint(websocket: WebSocket) -> None:
     # Authorization headers on WS upgrade. Tokens may appear in reverse
     # proxy access logs -- configure log sanitization for /ws in production.
     # FastAPI Depends() is not supported on @app.websocket() routes.
+
+    # Rate limit WebSocket connections by IP
+    client_ip = websocket.client.host if websocket.client else "unknown"
+    if not _read_limiter.check(f"ws_{client_ip}"):
+        await websocket.close(code=1008)  # Policy Violation
+        return
+
     if auth.is_enterprise_mode() or auth.is_oidc_mode():
         ws_token: Optional[str] = websocket.query_params.get("token")
         if not ws_token:
@@ -1019,8 +1053,9 @@ async def update_project_access(identifier: str):
 
 
 @app.get("/api/registry/discover", response_model=list[DiscoverResponse])
-async def discover_projects(max_depth: int = 3):
+async def discover_projects(max_depth: int = Query(default=3, ge=1, le=10)):
     """Discover projects with .loki directories."""
+    max_depth = min(max_depth, 10)
     discovered = registry.discover_projects(max_depth=max_depth)
     return discovered
 
@@ -1028,6 +1063,9 @@ async def discover_projects(max_depth: int = 3):
 @app.post("/api/registry/sync", response_model=SyncResponse)
 async def sync_registry():
     """Sync the registry with discovered projects."""
+    if not _read_limiter.check("registry_sync"):
+        raise HTTPException(status_code=429, detail="Rate limit exceeded")
+
     result = registry.sync_registry_with_discovery()
     return {
         "added": result["added"],
@@ -1109,6 +1147,9 @@ async def create_token(request: TokenCreateRequest):
 
     The raw token is only returned once on creation - save it securely.
     """
+    if not _read_limiter.check("token_create"):
+        raise HTTPException(status_code=429, detail="Rate limit exceeded")
+
     if not auth.is_enterprise_mode():
         raise HTTPException(
             status_code=403,
@@ -1562,6 +1603,9 @@ async def get_learning_aggregation():
 @app.post("/api/learning/aggregate", dependencies=[Depends(auth.require_scope("control"))])
 async def trigger_aggregation():
     """Aggregate learning signals from events.jsonl into structured metrics."""
+    if not _read_limiter.check("learning_aggregate"):
+        raise HTTPException(status_code=429, detail="Rate limit exceeded")
+
     events_file = _get_loki_dir() / "events.jsonl"
     preferences: dict = {}
     error_patterns: dict = {}
@@ -1693,17 +1737,34 @@ def _parse_time_range(time_range: str) -> Optional[datetime]:
     return datetime.now(timezone.utc) - delta
 
 
-def _read_events(time_range: str = "7d") -> list:
-    """Read events from .loki/events.jsonl with time filter."""
+def _read_events(time_range: str = "7d", max_events: int = 10000) -> list:
+    """Read events from .loki/events.jsonl with time filter and size limits."""
     events_file = _get_loki_dir() / "events.jsonl"
     if not events_file.exists():
         return []
 
     cutoff = _parse_time_range(time_range)
     events = []
+    max_file_size = 10 * 1024 * 1024  # 10MB
+
     try:
-        for line in events_file.read_text().strip().split("\n"):
-            if line.strip():
+        file_size = events_file.stat().st_size
+
+        # If file > 10MB, seek to last 10MB
+        with open(events_file, 'r') as f:
+            if file_size > max_file_size:
+                f.seek(max(0, file_size - max_file_size))
+                # Skip partial first line after seek
+                f.readline()
+
+            for line in f:
+                if len(events) >= max_events:
+                    break
+
+                line = line.strip()
+                if not line:
+                    continue
+
                 try:
                     event = json.loads(line)
                     # Filter by time_range if cutoff was parsed successfully
@@ -2728,6 +2789,130 @@ async def get_secrets_status():
     }
 
 
+# =============================================================================
+# GitHub Integration API (v5.41.0)
+# =============================================================================
+
+
+@app.get("/api/github/status")
+async def get_github_status(token: Optional[dict] = Depends(auth.get_current_token)):
+    """Get GitHub integration status and configuration."""
+    loki_dir = _get_loki_dir()
+    result: dict[str, Any] = {
+        "import_enabled": os.environ.get("LOKI_GITHUB_IMPORT", "false") == "true",
+        "sync_enabled": os.environ.get("LOKI_GITHUB_SYNC", "false") == "true",
+        "pr_enabled": os.environ.get("LOKI_GITHUB_PR", "false") == "true",
+        "labels_filter": os.environ.get("LOKI_GITHUB_LABELS", ""),
+        "milestone_filter": os.environ.get("LOKI_GITHUB_MILESTONE", ""),
+        "limit": int(os.environ.get("LOKI_GITHUB_LIMIT", "100")),
+        "imported_tasks": 0,
+        "synced_updates": 0,
+        "repo": None,
+    }
+
+    # Count imported GitHub tasks from pending queue
+    pending_file = loki_dir / "queue" / "pending.json"
+    if pending_file.exists():
+        try:
+            data = json.loads(pending_file.read_text())
+            tasks = data.get("tasks", data) if isinstance(data, dict) else data
+            result["imported_tasks"] = sum(1 for t in tasks if t.get("source") == "github")
+        except Exception:
+            pass
+
+    # Count sync log entries
+    sync_log = loki_dir / "github" / "synced.log"
+    if sync_log.exists():
+        try:
+            result["synced_updates"] = sum(1 for _ in sync_log.open())
+        except Exception:
+            pass
+
+    # Detect repo from git
+    try:
+        import subprocess
+        url = subprocess.run(
+            ["git", "remote", "get-url", "origin"],
+            capture_output=True, text=True, timeout=5,
+            cwd=str(loki_dir.parent) if loki_dir.name == ".loki" else None
+        )
+        if url.returncode == 0:
+            repo = url.stdout.strip()
+            # Parse owner/repo from URL
+            for prefix in ["https://github.com/", "git@github.com:"]:
+                if repo.startswith(prefix):
+                    repo = repo[len(prefix):]
+                    break
+            result["repo"] = repo.removesuffix(".git")
+    except Exception:
+        pass
+
+    return result
+
+
+@app.get("/api/github/tasks")
+async def get_github_tasks(token: Optional[dict] = Depends(auth.get_current_token)):
+    """Get all GitHub-sourced tasks and their sync status."""
+    loki_dir = _get_loki_dir()
+    tasks: list[dict] = []
+
+    # Collect GitHub tasks from all queues
+    for queue_name in ["pending", "in-progress", "completed", "failed"]:
+        queue_file = loki_dir / "queue" / f"{queue_name}.json"
+        if queue_file.exists():
+            try:
+                data = json.loads(queue_file.read_text())
+                items = data.get("tasks", data) if isinstance(data, dict) else data
+                for t in items:
+                    if t.get("source") == "github" or str(t.get("id", "")).startswith("github-"):
+                        t["queue"] = queue_name
+                        tasks.append(t)
+            except Exception:
+                pass
+
+    # Load sync log to annotate sync status
+    synced: set[str] = set()
+    sync_log = loki_dir / "github" / "synced.log"
+    if sync_log.exists():
+        try:
+            synced = set(sync_log.read_text().strip().splitlines())
+        except Exception:
+            pass
+
+    for t in tasks:
+        issue_num = str(t.get("github_issue", ""))
+        if not issue_num:
+            issue_num = str(t.get("id", "")).replace("github-", "")
+        t["synced_statuses"] = [
+            s.split(":")[1] for s in synced if s.startswith(f"{issue_num}:")
+        ]
+
+    return {"tasks": tasks, "total": len(tasks)}
+
+
+@app.get("/api/github/sync-log")
+async def get_github_sync_log(
+    limit: int = Query(default=50, ge=1, le=500),
+    token: Optional[dict] = Depends(auth.get_current_token)
+):
+    """Get the GitHub sync log (status updates sent to issues)."""
+    loki_dir = _get_loki_dir()
+    sync_log = loki_dir / "github" / "synced.log"
+    entries: list[dict] = []
+
+    if sync_log.exists():
+        try:
+            lines = sync_log.read_text().strip().splitlines()
+            for line in lines[-limit:]:
+                parts = line.split(":", 1)
+                if len(parts) == 2:
+                    entries.append({"issue": parts[0], "status": parts[1]})
+        except Exception:
+            pass
+
+    return {"entries": entries, "total": len(entries)}
+
+
 # =============================================================================
 # Process Health / Watchdog API
 # =============================================================================