loki-mode 5.46.0 → 5.47.0

package/README.md

@@ -13,7 +13,7 @@
 [![HumanEval](https://img.shields.io/badge/HumanEval-98.17%25%20Pass%401-brightgreen)](benchmarks/results/)
 [![SWE-bench](https://img.shields.io/badge/SWE--bench-99.67%25%20Patch%20Gen-brightgreen)](benchmarks/results/)
 
-**Current Version: v5.46.0**
+**Current Version: v5.47.0**
 
 **[Autonomi](https://www.autonomi.dev/)** | **[Documentation](https://www.autonomi.dev/docs)** | **[GitHub](https://github.com/asklokesh/loki-mode)**
 

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with zero human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v5.46.0
+# Loki Mode v5.47.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -262,4 +262,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v5.46.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v5.47.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-5.46.0
+5.47.0

package/autonomy/app-runner.sh

@@ -395,8 +395,9 @@ _install_node_deps() {
 _install_python_deps() {
     local dir="$1"
     if [ -f "$dir/requirements.txt" ]; then
-        log_step "App Runner: installing Python dependencies (background)..."
-        (cd "$dir" && pip install -r requirements.txt >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
+        log_step "App Runner: installing Python dependencies..."
+        (cd "$dir" && pip install -r requirements.txt >> "$_APP_RUNNER_DIR/app.log" 2>&1) || \
+            log_warn "App Runner: pip install failed, app may not start"
     fi
 }
 
@@ -425,14 +426,18 @@ app_runner_start() {
     _rotate_app_log
 
     # Start the process in a new process group
-    (cd "$dir" && setsid bash -c "$_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
+    if command -v setsid >/dev/null 2>&1; then
+        (cd "$dir" && setsid bash -c "$_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
+    else
+        (cd "$dir" && bash -c "$_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
+    fi
     _APP_RUNNER_PID=$!
 
     # Write PID file
     echo "$_APP_RUNNER_PID" > "$_APP_RUNNER_DIR/app.pid"
 
     # Capture initial git diff hash for change detection
-    _GIT_DIFF_HASH=$(cd "$dir" && git diff --stat 2>/dev/null | md5sum 2>/dev/null | awk '{print $1}' || echo "none")
+    _GIT_DIFF_HASH=$(cd "$dir" && git diff --stat 2>/dev/null | (md5sum 2>/dev/null || md5 -r 2>/dev/null) | awk '{print $1}' || echo "none")
 
     # Brief pause for process to initialize
     sleep 2
@@ -557,7 +562,7 @@ app_runner_should_restart() {
 
     # Get current git diff hash
     local current_hash
-    current_hash=$(cd "$dir" && git diff --stat 2>/dev/null | md5sum 2>/dev/null | awk '{print $1}' || echo "none")
+    current_hash=$(cd "$dir" && git diff --stat 2>/dev/null | (md5sum 2>/dev/null || md5 -r 2>/dev/null) | awk '{print $1}' || echo "none")
 
     # No change
     if [ "$current_hash" = "$_GIT_DIFF_HASH" ]; then
@@ -631,7 +636,7 @@ app_runner_watchdog() {
     # Clear PID and restart
     rm -f "$_APP_RUNNER_DIR/app.pid"
     _APP_RUNNER_PID=""
-    app_runner_start
+    app_runner_start || log_warn "App Runner: auto-restart failed"
 }
 
 #===============================================================================

package/autonomy/checklist-verify.py

@@ -32,7 +32,7 @@ from pathlib import Path
 
 # Allowed characters in check paths and patterns (security: prevent injection)
 _SAFE_PATH_RE = re.compile(r'^[a-zA-Z0-9_\-./\*\[\]{}?]+$')
-_SAFE_PATTERN_RE = re.compile(r'^[a-zA-Z0-9_\-./\*\[\]{}?|\\()+^$\s]+$')
+_SAFE_PATTERN_RE = re.compile(r'^[a-zA-Z0-9_\-./\*\[\]{}?|\\()+^$\s:=<>@#"\'`,;!&%]+$')
 
 
 def _validate_path(path: str, project_dir: str) -> str:
@@ -170,7 +170,8 @@ def run_check(check: dict, project_dir: str, timeout: int) -> dict:
         elif check_type == "http_check":
             path = check.get("path", "/")
             # Validate path is safe
-            if path and not _SAFE_PATH_RE.match(path.lstrip("/")):
+            stripped = path.lstrip("/")
+            if stripped and not _SAFE_PATH_RE.match(stripped):
                 result["passed"] = None
                 result["output"] = f"Unsafe path rejected: {path!r}"
             else:

package/autonomy/completion-council.sh

@@ -461,6 +461,124 @@ try:
 except: print('Results unavailable')
 " >> "$evidence_file" 2>/dev/null || echo "Playwright data unavailable" >> "$evidence_file"
     fi
+
+    # Add hard gate status
+    if [ -f "$COUNCIL_STATE_DIR/gate-block.json" ]; then
+        echo "" >> "$evidence_file"
+        echo "## Hard Gate Status: BLOCKED" >> "$evidence_file"
+        echo "Critical checklist items are failing. Completion is blocked until resolved." >> "$evidence_file"
+        cat "$COUNCIL_STATE_DIR/gate-block.json" >> "$evidence_file"
+    fi
+}
+
+#===============================================================================
+# Council Reverify Checklist - Re-run checklist before evaluation
+#===============================================================================
+
+# Re-verify checklist before council evaluation to ensure fresh data
+council_reverify_checklist() {
+    if type checklist_verify &>/dev/null && [ -f ".loki/checklist/checklist.json" ]; then
+        log_info "[Council] Re-verifying checklist before evaluation..."
+        checklist_verify 2>/dev/null || true
+    fi
+}
+
+#===============================================================================
+# Council Checklist Hard Gate - Block completion on critical failures
+#===============================================================================
+
+# Council hard gate: blocks completion if critical checklist items are failing
+# Returns 0 if gate passes (ok to complete), 1 if gate blocks (critical failures exist)
+council_checklist_gate() {
+    local results_file=".loki/checklist/verification-results.json"
+    local waivers_file=".loki/checklist/waivers.json"
+
+    # No checklist = no gate (backwards compatible)
+    if [ ! -f "$results_file" ]; then
+        return 0
+    fi
+
+    # Check for critical failures, excluding waived items
+    local gate_result
+    gate_result=$(_RESULTS_FILE="$results_file" _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, sys, os
+
+results_file = os.environ['_RESULTS_FILE']
+waivers_file = os.environ.get('_WAIVERS_FILE', '')
+
+try:
+    with open(results_file) as f:
+        results = json.load(f)
+except (json.JSONDecodeError, IOError, KeyError):
+    print('PASS')
+    sys.exit(0)
+
+# Load waivers
+waived_ids = set()
+if waivers_file and os.path.exists(waivers_file):
+    try:
+        with open(waivers_file) as f:
+            waivers = json.load(f)
+        waived_ids = {w['item_id'] for w in waivers.get('waivers', []) if w.get('active', True)}
+    except (json.JSONDecodeError, KeyError):
+        pass
+
+# Find critical failures not waived
+critical_failures = []
+for cat in results.get('categories', []):
+    for item in cat.get('items', []):
+        if item.get('priority') == 'critical' and item.get('status') == 'failing':
+            if item.get('id') not in waived_ids:
+                critical_failures.append(item.get('title', item.get('id', 'unknown')))
+
+if critical_failures:
+    print('BLOCK:' + '|'.join(critical_failures[:5]))
+    sys.exit(0)
+else:
+    print('PASS')
+    sys.exit(0)
+" 2>/dev/null || echo "PASS")
+
+    if [[ "$gate_result" == BLOCK:* ]]; then
+        local failures="${gate_result#BLOCK:}"
+        log_warn "[Council] Hard gate BLOCKED: critical checklist failures: ${failures//|/, }"
+
+        # Write gate block to council state (atomic write via temp file)
+        local gate_file="$COUNCIL_STATE_DIR/gate-block.json"
+        local gate_tmp="${gate_file}.tmp"
+        local timestamp
+        timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+        local failures_json
+        failures_json=$(_FAILURES="$failures" python3 -c "
+import json, os
+items = os.environ['_FAILURES'].split('|')
+print(json.dumps(items))
+" 2>/dev/null || echo '[]')
+        local critical_count
+        critical_count=$(_FAILURES="$failures" python3 -c "
+import os
+print(len(os.environ['_FAILURES'].split('|')))
+" 2>/dev/null || echo '0')
+        cat > "$gate_tmp" << GATE_EOF
+{
+    "status": "blocked",
+    "blocked": true,
+    "blocked_at": "$timestamp",
+    "iteration": ${ITERATION_COUNT:-0},
+    "reason": "critical_checklist_failures",
+    "critical_failures": $critical_count,
+    "failures": $failures_json
+}
+GATE_EOF
+        mv "$gate_tmp" "$gate_file"
+        return 1
+    fi
+
+    # Gate passes
+    if [ -f "$COUNCIL_STATE_DIR/gate-block.json" ]; then
+        rm -f "$COUNCIL_STATE_DIR/gate-block.json"
+    fi
+    return 0
 }
 
 #===============================================================================
@@ -1019,6 +1137,15 @@ council_evaluate() {
 
     log_info "Running council evaluation pipeline (round $ITERATION_COUNT)..."
 
+    # Phase 4: Re-verify checklist for fresh data
+    council_reverify_checklist
+
+    # Phase 4: Hard gate check - block if critical checklist items failing
+    if ! council_checklist_gate; then
+        log_info "[Council] Completion blocked by checklist hard gate"
+        return 1  # CONTINUE - can't complete with critical failures
+    fi
+
     # Step 1: Aggregate votes from all members
     local aggregate_result
     aggregate_result=$(council_aggregate_votes)
@@ -1082,8 +1209,8 @@ council_should_stop() {
         return 1  # Not time to check yet
     fi
 
-    # Run the council vote
-    if council_vote; then
+    # Run the council evaluation (includes hard gate + aggregate votes + devil's advocate)
+    if council_evaluate; then
         log_header "COMPLETION COUNCIL: PROJECT APPROVED"
         log_info "The council has determined this project is complete."
 

package/autonomy/prd-checklist.sh

@@ -158,7 +158,9 @@ checklist_summary() {
         return 0
     fi
 
-    _CHECKLIST_RESULTS="$CHECKLIST_RESULTS_FILE" python3 -c "
+    _CHECKLIST_RESULTS="$CHECKLIST_RESULTS_FILE" \
+    _CHECKLIST_WAIVERS="${CHECKLIST_DIR:-".loki/checklist"}/waivers.json" \
+    python3 -c "
 import json, sys, os
 try:
     fpath = os.environ.get('_CHECKLIST_RESULTS', '')
@@ -168,18 +170,39 @@ try:
     verified = s.get('verified', 0)
     failing = s.get('failing', 0)
     pending = s.get('pending', 0)
+
+    # Load waivers
+    waived_ids = set()
+    waivers_path = os.environ.get('_CHECKLIST_WAIVERS', '')
+    if waivers_path and os.path.exists(waivers_path):
+        try:
+            with open(waivers_path) as wf:
+                wdata = json.load(wf)
+            for w in wdata.get('waivers', []):
+                if w.get('active', True):
+                    waived_ids.add(w['item_id'])
+        except Exception:
+            pass
+
+    # Count waived items and adjust failing list
+    waived_count = 0
     if total == 0:
         print('')
     else:
         failing_items = []
         for cat in data.get('categories', []):
             for item in cat.get('items', []):
+                item_id = item.get('id', '')
+                if item_id in waived_ids:
+                    waived_count += 1
+                    continue
                 if item.get('status') == 'failing' and item.get('priority') in ('critical', 'major'):
                     failing_items.append(item.get('title', item.get('id', '?')))
         detail = ''
         if failing_items:
             detail = ' FAILING: ' + ', '.join(failing_items[:5])
-        print(f'{verified}/{total} verified, {failing} failing, {pending} pending.{detail}')
+        waived_str = f', {waived_count} waived' if waived_count > 0 else ''
+        print(f'{verified}/{total} verified, {failing} failing{waived_str}, {pending} pending.{detail}')
 except Exception:
     print('', file=sys.stderr)
 " 2>/dev/null || echo ""
@@ -221,3 +244,141 @@ except Exception:
 " 2>/dev/null || echo "Checklist data unavailable"
     } >> "${evidence_file:-/dev/stdout}"
 }
+
+#===============================================================================
+# Waiver Support (Phase 4)
+#===============================================================================
+
+# Load waivers from .loki/checklist/waivers.json
+# Returns waived item IDs (one per line) to stdout
+checklist_waiver_load() {
+    local waivers_file="${CHECKLIST_DIR:-".loki/checklist"}/waivers.json"
+    if [ ! -f "$waivers_file" ]; then
+        return 0
+    fi
+    _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, sys, os
+try:
+    waivers_file = os.environ['_WAIVERS_FILE']
+    with open(waivers_file) as f:
+        waivers = json.load(f)
+    for w in waivers.get('waivers', []):
+        if w.get('active', True):
+            print(w['item_id'])
+except Exception:
+    pass
+" 2>/dev/null || true
+}
+
+# Add a waiver for a checklist item
+# Usage: checklist_waiver_add <item_id> <reason> [waived_by]
+checklist_waiver_add() {
+    local item_id="${1:?item_id required}"
+    local reason="${2:?reason required}"
+    local waived_by="${3:-manual}"
+    local waivers_file="${CHECKLIST_DIR:-".loki/checklist"}/waivers.json"
+    local timestamp
+    timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+    _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, os, sys
+
+waivers_file = os.environ['_WAIVERS_FILE']
+item_id = sys.argv[1]
+reason = sys.argv[2]
+waived_by = sys.argv[3]
+timestamp = sys.argv[4]
+
+# Load existing or create new
+waivers = {'waivers': []}
+if os.path.exists(waivers_file):
+    try:
+        with open(waivers_file) as f:
+            waivers = json.load(f)
+    except (json.JSONDecodeError, IOError):
+        pass
+
+# Check for duplicate
+for w in waivers.get('waivers', []):
+    if w.get('item_id') == item_id and w.get('active', True):
+        print(f'Waiver already exists for {item_id}')
+        sys.exit(0)
+
+# Add new waiver
+waivers.setdefault('waivers', []).append({
+    'item_id': item_id,
+    'reason': reason,
+    'waived_by': waived_by,
+    'waived_at': timestamp,
+    'active': True
+})
+
+# Atomic write
+tmp = waivers_file + '.tmp'
+with open(tmp, 'w') as f:
+    json.dump(waivers, f, indent=2)
+os.replace(tmp, waivers_file)
+print(f'Waiver added for {item_id}')
+" "$item_id" "$reason" "$waived_by" "$timestamp" 2>/dev/null
+}
+
+# Remove (deactivate) a waiver for a checklist item
+# Usage: checklist_waiver_remove <item_id>
+checklist_waiver_remove() {
+    local item_id="${1:?item_id required}"
+    local waivers_file="${CHECKLIST_DIR:-".loki/checklist"}/waivers.json"
+
+    if [ ! -f "$waivers_file" ]; then
+        echo "No waivers file found"
+        return 1
+    fi
+
+    _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, os, sys
+
+waivers_file = os.environ['_WAIVERS_FILE']
+item_id = sys.argv[1]
+
+with open(waivers_file) as f:
+    waivers = json.load(f)
+
+found = False
+for w in waivers.get('waivers', []):
+    if w.get('item_id') == item_id and w.get('active', True):
+        w['active'] = False
+        found = True
+
+if not found:
+    print(f'No active waiver found for {item_id}')
+    sys.exit(1)
+
+tmp = waivers_file + '.tmp'
+with open(tmp, 'w') as f:
+    json.dump(waivers, f, indent=2)
+os.replace(tmp, waivers_file)
+print(f'Waiver removed for {item_id}')
+" "$item_id" 2>/dev/null
+}
+
+# List all active waivers
+checklist_waiver_list() {
+    local waivers_file="${CHECKLIST_DIR:-".loki/checklist"}/waivers.json"
+
+    if [ ! -f "$waivers_file" ]; then
+        echo "No waivers configured"
+        return 0
+    fi
+
+    _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, os
+waivers_file = os.environ['_WAIVERS_FILE']
+with open(waivers_file) as f:
+    waivers = json.load(f)
+active = [w for w in waivers.get('waivers', []) if w.get('active', True)]
+if not active:
+    print('No active waivers')
+else:
+    for w in active:
+        print(f\"  {w['item_id']}: {w.get('reason', 'no reason')} (by {w.get('waived_by', 'unknown')} at {w.get('waived_at', '?')})\")
+" 2>/dev/null
+}

package/autonomy/run.sh

@@ -6843,7 +6843,9 @@ check_human_intervention() {
     if [ -f "$loki_dir/signals/COUNCIL_REVIEW_REQUESTED" ]; then
         log_info "Council force-review requested from dashboard"
         rm -f "$loki_dir/signals/COUNCIL_REVIEW_REQUESTED"
-        if type council_vote &>/dev/null && council_vote; then
+        if type council_checklist_gate &>/dev/null && ! council_checklist_gate; then
+            log_info "Council force-review: blocked by checklist hard gate"
+        elif type council_vote &>/dev/null && council_vote; then
             log_header "COMPLETION COUNCIL: FORCE REVIEW - PROJECT COMPLETE"
             # BUG #17 fix: Write COMPLETED marker, generate council report, and
             # run memory consolidation (matching the normal council approval path
@@ -7452,6 +7454,9 @@ main() {
     audit_agent_action "session_stop" "Session ended" "result=$result,iterations=$ITERATION_COUNT"
 
     # Cleanup
+    if type app_runner_cleanup &>/dev/null; then
+        app_runner_cleanup
+    fi
     stop_dashboard
     stop_status_monitor
     rm -f .loki/loki.pid 2>/dev/null

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "5.46.0"
+__version__ = "5.47.0"
 
 # Expose the control app for easy import
 try:

package/dashboard/server.py

@@ -26,7 +26,7 @@ from fastapi import (
     WebSocketDisconnect,
 )
 from fastapi.middleware.cors import CORSMiddleware
-from fastapi.responses import PlainTextResponse
+from fastapi.responses import JSONResponse, PlainTextResponse
 from pydantic import BaseModel, Field
 from sqlalchemy import select, update, delete
 from sqlalchemy.ext.asyncio import AsyncSession
@@ -3402,6 +3402,132 @@ async def get_prd_observations():
         return PlainTextResponse("Error reading PRD observations.", status_code=500)
 
 
+# =============================================================================
+# Checklist Waiver Management Endpoints (Phase 4)
+# =============================================================================
+
+@app.get("/api/checklist/waivers")
+async def get_checklist_waivers():
+    """Get all checklist waivers."""
+    waivers_file = _get_loki_dir() / "checklist" / "waivers.json"
+    if not waivers_file.exists():
+        return {"waivers": []}
+    try:
+        return json.loads(waivers_file.read_text())
+    except (json.JSONDecodeError, IOError):
+        return {"waivers": [], "error": "Failed to read waivers file"}
+
+
+@app.post("/api/checklist/waivers", dependencies=[Depends(auth.require_scope("control"))])
+async def add_checklist_waiver(request: Request):
+    """Add a waiver for a checklist item."""
+    if not _control_limiter.check("control"):
+        raise HTTPException(status_code=429, detail="Rate limit exceeded")
+    try:
+        body = await request.json()
+    except Exception:
+        return JSONResponse(status_code=400, content={"error": "Invalid JSON"})
+
+    item_id = body.get("item_id")
+    reason = body.get("reason")
+    if not item_id or not reason:
+        return JSONResponse(status_code=400, content={"error": "item_id and reason required"})
+
+    if not isinstance(reason, str) or len(reason) > 1024:
+        return JSONResponse(status_code=400, content={"error": "reason must be a string (max 1024 chars)"})
+
+    # Sanitize item_id: non-empty, max 256 chars, no path traversal
+    if not isinstance(item_id, str) or len(item_id) > 256 or ".." in item_id or "/" in item_id or "\\" in item_id:
+        return JSONResponse(status_code=400, content={"error": "Invalid item_id: must be 1-256 chars, no path traversal characters"})
+
+    waivers_file = _get_loki_dir() / "checklist" / "waivers.json"
+
+    # Load existing
+    waivers = {"waivers": []}
+    if waivers_file.exists():
+        try:
+            waivers = json.loads(waivers_file.read_text())
+        except (json.JSONDecodeError, IOError):
+            pass
+
+    # Check duplicate
+    for w in waivers.get("waivers", []):
+        if w.get("item_id") == item_id and w.get("active", True):
+            return JSONResponse(status_code=409, content={"status": "already_exists", "item_id": item_id})
+
+    # Add waiver
+    waiver = {
+        "item_id": item_id,
+        "reason": reason,
+        "waived_by": body.get("waived_by", "dashboard"),
+        "waived_at": datetime.now(timezone.utc).isoformat(),
+        "active": True
+    }
+    waivers.setdefault("waivers", []).append(waiver)
+
+    # Ensure directory exists
+    waivers_file.parent.mkdir(parents=True, exist_ok=True)
+
+    # Atomic write
+    tmp_file = waivers_file.with_suffix(".tmp")
+    tmp_file.write_text(json.dumps(waivers, indent=2))
+    tmp_file.replace(waivers_file)
+
+    return {"status": "added", "waiver": waiver}
+
+
+@app.delete("/api/checklist/waivers/{item_id}", dependencies=[Depends(auth.require_scope("control"))])
+async def remove_checklist_waiver(item_id: str):
+    """Deactivate a waiver for a checklist item."""
+    if not _control_limiter.check("control"):
+        raise HTTPException(status_code=429, detail="Rate limit exceeded")
+
+    # Sanitize item_id: non-empty, max 256 chars, no path traversal
+    if not item_id or len(item_id) > 256 or ".." in item_id or "/" in item_id or "\\" in item_id:
+        raise HTTPException(status_code=400, detail="Invalid item_id: must be 1-256 chars, no path traversal characters")
+
+    waivers_file = _get_loki_dir() / "checklist" / "waivers.json"
+    if not waivers_file.exists():
+        return JSONResponse(status_code=404, content={"error": "No waivers file"})
+
+    try:
+        waivers = json.loads(waivers_file.read_text())
+    except (json.JSONDecodeError, IOError):
+        return JSONResponse(status_code=500, content={"error": "Failed to read waivers"})
+
+    found = False
+    for w in waivers.get("waivers", []):
+        if w.get("item_id") == item_id and w.get("active", True):
+            w["active"] = False
+            found = True
+
+    if not found:
+        return JSONResponse(status_code=404, content={"error": f"No active waiver for {item_id}"})
+
+    # Atomic write
+    tmp_file = waivers_file.with_suffix(".tmp")
+    tmp_file.write_text(json.dumps(waivers, indent=2))
+    tmp_file.replace(waivers_file)
+
+    return {"status": "removed", "item_id": item_id}
+
+
+# =============================================================================
+# Council Hard Gate Endpoint (Phase 4)
+# =============================================================================
+
+@app.get("/api/council/gate")
+async def get_council_gate():
+    """Get council hard gate status."""
+    gate_file = _get_loki_dir() / "council" / "gate-block.json"
+    if not gate_file.exists():
+        return {"blocked": False}
+    try:
+        return json.loads(gate_file.read_text())
+    except (json.JSONDecodeError, IOError):
+        return {"blocked": False, "error": "Failed to read gate file"}
+
+
 # =============================================================================
 # App Runner Endpoints (v5.45.0)
 # =============================================================================
@@ -3436,7 +3562,7 @@ async def get_app_runner_logs(lines: int = Query(default=100, ge=1, le=1000)):
 @app.post("/api/control/app-restart", dependencies=[Depends(auth.require_scope("control"))])
 async def control_app_restart(request: Request):
     """Signal app runner to restart the application."""
-    if not _control_limiter.check(str(request.client.host)):
+    if not _control_limiter.check(request.client.host if request.client else "unknown"):
         raise HTTPException(status_code=429, detail="Rate limit exceeded")
     loki_dir = _get_loki_dir()
     signal_dir = loki_dir / "app-runner"
@@ -3449,7 +3575,7 @@ async def control_app_restart(request: Request):
 @app.post("/api/control/app-stop", dependencies=[Depends(auth.require_scope("control"))])
 async def control_app_stop(request: Request):
     """Signal app runner to stop the application."""
-    if not _control_limiter.check(str(request.client.host)):
+    if not _control_limiter.check(request.client.host if request.client else "unknown"):
         raise HTTPException(status_code=429, detail="Rate limit exceeded")
     loki_dir = _get_loki_dir()
     signal_dir = loki_dir / "app-runner"
@@ -3487,7 +3613,7 @@ async def get_playwright_screenshot():
     screenshots = sorted(screenshots_dir.glob("*.png"), key=lambda p: p.stat().st_mtime, reverse=True)
     if not screenshots:
         return {"screenshot": None}
-    return {"screenshot": str(screenshots[0])}
+    return FileResponse(str(screenshots[0]), media_type="image/png")
 
 
 # =============================================================================