loki-mode 5.48.1 → 5.49.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with zero human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v5.48.1
+# Loki Mode v5.49.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -68,15 +68,16 @@ VERIFY: Run tests. Check build. Validate against spec.
 
 ## PRIORITY 3: Autonomy Rules
 
-These rules are ABSOLUTE. Violating them is a critical failure.
+These rules guide autonomous operation. Test results and code quality always take precedence.
 
 | Rule | Meaning |
 |------|---------|
-| **NEVER ask** | Do not output questions. Decide and act. |
-| **NEVER wait** | Do not pause for confirmation. Execute immediately. |
-| **NEVER stop** | There is always another improvement. Find it. |
-| **ALWAYS verify** | Code without tests is incomplete. Run tests. |
+| **Decide and act** | Make decisions autonomously. Do not ask the user questions. |
+| **Keep momentum** | Do not pause for confirmation. Move to the next task. |
+| **Iterate continuously** | There is always another improvement. Find it. |
+| **ALWAYS verify** | Code without tests is incomplete. Run tests. **Never ignore or delete failing tests.** |
 | **ALWAYS commit** | Atomic commits after each task. Checkpoint progress. |
+| **Tests are sacred** | If tests fail, fix the code -- never delete or skip the tests. A passing test suite is a hard requirement. |
 
 ---
 
@@ -262,4 +263,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v5.48.1 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v5.49.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-5.48.1
+5.49.0

package/autonomy/app-runner.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # App Runner Module (v5.45.0)
 #

package/autonomy/completion-council.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # Completion Council - Multi-Agent Completion Verification
 #
@@ -45,6 +45,14 @@ COUNCIL_MIN_ITERATIONS=${LOKI_COUNCIL_MIN_ITERATIONS:-3}
 COUNCIL_CONVERGENCE_WINDOW=${LOKI_COUNCIL_CONVERGENCE_WINDOW:-3}
 COUNCIL_STAGNATION_LIMIT=${LOKI_COUNCIL_STAGNATION_LIMIT:-5}
 
+# Error budget: severity-aware completion (v5.49.0)
+# SEVERITY_THRESHOLD: minimum severity that blocks completion (critical, high, medium, low)
+#   "critical" = only critical issues block (most permissive)
+#   "low" = all issues block (strictest, default for backwards compat)
+# ERROR_BUDGET: fraction of non-blocking issues allowed (0.0 = none, 0.1 = 10% tolerance)
+COUNCIL_SEVERITY_THRESHOLD=${LOKI_COUNCIL_SEVERITY_THRESHOLD:-low}
+COUNCIL_ERROR_BUDGET=${LOKI_COUNCIL_ERROR_BUDGET:-0.0}
+
 # Internal state
 COUNCIL_STATE_DIR=""
 COUNCIL_PRD_PATH=""
@@ -235,6 +243,38 @@ council_vote() {
         local vote_result
         vote_result=$(echo "$verdict" | grep -oE "VOTE:\s*(APPROVE|REJECT)" | grep -oE "APPROVE|REJECT" | head -1)
 
+        # Extract severity-categorized issues (v5.49.0 error budget)
+        local member_issues=""
+        member_issues=$(echo "$verdict" | grep -oE "ISSUES:\s*(CRITICAL|HIGH|MEDIUM|LOW):.*" || true)
+
+        # If error budget is active and member rejected, check if rejection
+        # is based only on issues below the severity threshold
+        if [ "$vote_result" = "REJECT" ] && [ "$COUNCIL_SEVERITY_THRESHOLD" != "low" ] && [ -n "$member_issues" ]; then
+            local has_blocking_issue=false
+            local severity_order="critical high medium low"
+            local threshold_reached=false
+
+            while IFS= read -r issue_line; do
+                local issue_severity
+                issue_severity=$(echo "$issue_line" | grep -oE "(CRITICAL|HIGH|MEDIUM|LOW)" | head -1 | tr '[:upper:]' '[:lower:]')
+                # Check if this severity meets or exceeds the threshold
+                for sev in $severity_order; do
+                    if [ "$sev" = "$COUNCIL_SEVERITY_THRESHOLD" ]; then
+                        threshold_reached=true
+                    fi
+                    if [ "$sev" = "$issue_severity" ] && [ "$threshold_reached" = "false" ]; then
+                        has_blocking_issue=true
+                        break
+                    fi
+                done
+            done <<< "$member_issues"
+
+            if [ "$has_blocking_issue" = "false" ]; then
+                log_info "  Member $member ($role): REJECT overridden to APPROVE (issues below ${COUNCIL_SEVERITY_THRESHOLD} threshold)"
+                vote_result="APPROVE"
+            fi
+        fi
+
         if [ "$vote_result" = "APPROVE" ]; then
             ((approve_count++))
             log_info "  Member $member ($role): APPROVE"
@@ -618,23 +658,37 @@ council_member_review() {
             ;;
     esac
 
+    local severity_instruction=""
+    if [ "$COUNCIL_SEVERITY_THRESHOLD" != "low" ]; then
+        severity_instruction="
+ERROR BUDGET: This council uses severity-aware evaluation.
+- Categorize each issue as CRITICAL, HIGH, MEDIUM, or LOW severity
+- Blocking threshold: ${COUNCIL_SEVERITY_THRESHOLD} and above
+- Only issues at ${COUNCIL_SEVERITY_THRESHOLD} severity or above should cause REJECT
+- Issues below threshold are acceptable (error budget: ${COUNCIL_ERROR_BUDGET})
+- List issues as ISSUES: SEVERITY:description (one per line)"
+    fi
+
     local prompt="You are a council member reviewing project completion.
 
 ${role_instruction}
 
 EVIDENCE:
 ${evidence}
+${severity_instruction}
 
 INSTRUCTIONS:
 1. Review the evidence carefully
 2. Determine if the project meets completion criteria
 3. Output EXACTLY one line starting with VOTE:APPROVE or VOTE:REJECT
 4. Output EXACTLY one line starting with REASON: explaining your decision
-5. Be honest - do not approve incomplete work
+5. If issues found, output lines starting with ISSUES: SEVERITY:description
+6. Be honest - do not approve incomplete work
 
-Output format (exactly two lines):
+Output format:
 VOTE:APPROVE or VOTE:REJECT
-REASON: your reasoning here"
+REASON: your reasoning here
+ISSUES: CRITICAL:description (optional, one per line per issue)"
 
     local verdict_file="$vote_dir/member-${member_id}.txt"
 
@@ -1300,5 +1354,5 @@ council_get_dashboard_state() {
         state_json=$(cat "$COUNCIL_STATE_DIR/state.json" 2>/dev/null || echo "{}")
     fi
 
-    echo "\"council\": {\"enabled\": true, \"size\": $COUNCIL_SIZE, \"threshold\": $COUNCIL_THRESHOLD, \"check_interval\": $COUNCIL_CHECK_INTERVAL, \"consecutive_no_change\": $COUNCIL_CONSECUTIVE_NO_CHANGE, \"done_signals\": $COUNCIL_DONE_SIGNALS, \"iteration\": $ITERATION_COUNT, \"state\": $state_json}"
+    echo "\"council\": {\"enabled\": true, \"size\": $COUNCIL_SIZE, \"threshold\": $COUNCIL_THRESHOLD, \"check_interval\": $COUNCIL_CHECK_INTERVAL, \"consecutive_no_change\": $COUNCIL_CONSECUTIVE_NO_CHANGE, \"done_signals\": $COUNCIL_DONE_SIGNALS, \"iteration\": $ITERATION_COUNT, \"severity_threshold\": \"$COUNCIL_SEVERITY_THRESHOLD\", \"error_budget\": $COUNCIL_ERROR_BUDGET, \"state\": $state_json}"
 }

package/autonomy/hooks/quality-gate.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode Stop Hook - Quality Gate Verification
 # Runs quality checks before allowing completion
 

package/autonomy/hooks/session-init.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode SessionStart Hook
 # Loads memory context and initializes session state
 

package/autonomy/hooks/store-episode.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode SessionEnd Hook - Episode Storage
 # Stores session as episodic memory
 

package/autonomy/hooks/track-metrics.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode PostToolUse Hook - Metrics Tracking
 # Tracks tool usage for efficiency metrics (async)
 

package/autonomy/hooks/validate-bash.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode PreToolUse Hook - Bash Command Validation
 # Blocks dangerous commands, logs all executions
 
@@ -30,11 +30,21 @@ BLOCKED_PATTERNS=(
     "wget.*\|.*sh"
     "curl.*\|.*bash"
     "wget.*\|.*bash"
+    # Config self-protection: prevent agents from corrupting internal state
+    "rm -rf \.loki"
+    "rm -rf \./\.loki"
+    "rm .*\.loki/council/"
+    "rm .*\.loki/config\.yaml"
+    "rm .*\.loki/logs/bash-audit"
+    "rm .*\.loki/session\.lock"
+    "> \.loki/council/"
+    "> \.loki/config\.yaml"
 )
 
-# Safe path patterns that override rm -rf / matches
+# Safe path patterns that override blocked pattern matches
 SAFE_PATTERNS=(
     "rm -rf /tmp/"
+    "rm -rf \.loki/queue/dead-letter"
 )
 
 # Check for blocked patterns

package/autonomy/issue-parser.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # Loki Mode - GitHub Issue Parser (v5.14.0)
 # Parses GitHub issues and extracts structured data for PRD generation

package/autonomy/loki

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # Loki Mode CLI Wrapper
 # Command-line interface for Loki Mode
@@ -1460,9 +1460,12 @@ cmd_dashboard_start() {
         exit 1
     fi
 
-    # Determine python command
+    # Determine python command -- prefer dashboard venv if available
     local python_cmd="python3"
-    if ! command -v python3 &> /dev/null; then
+    local dashboard_venv="${SKILL_DIR}/dashboard/.venv"
+    if [ -x "${dashboard_venv}/bin/python3" ]; then
+        python_cmd="${dashboard_venv}/bin/python3"
+    elif ! command -v python3 &> /dev/null; then
         python_cmd="python"
     fi
 
@@ -1510,19 +1513,29 @@ cmd_dashboard_start() {
         tls_info=" (TLS enabled)"
     fi
 
-    # Ensure dashboard Python dependencies are installed
+    # Ensure dashboard Python dependencies via virtualenv (PEP 668 safe)
     if ! "$python_cmd" -c "import fastapi" 2>/dev/null; then
-        echo -e "${YELLOW}Installing dashboard dependencies...${NC}"
+        echo -e "${YELLOW}Setting up dashboard virtualenv...${NC}"
         local req_file="${SKILL_DIR}/dashboard/requirements.txt"
-        if [ -f "$req_file" ]; then
-            pip3 install -q -r "$req_file" 2>/dev/null || pip install -q -r "$req_file" 2>/dev/null || {
-                echo -e "${RED}Failed to install dashboard dependencies${NC}"
-                echo "Run manually: pip install fastapi uvicorn pydantic websockets"
-                exit 1
-            }
+        if ! [ -d "$dashboard_venv" ]; then
+            python3 -m venv "$dashboard_venv" 2>/dev/null || python3.13 -m venv "$dashboard_venv" 2>/dev/null || true
+        fi
+        if [ -x "${dashboard_venv}/bin/python3" ]; then
+            python_cmd="${dashboard_venv}/bin/python3"
+            echo -e "${YELLOW}Installing dashboard dependencies into venv...${NC}"
+            if [ -f "$req_file" ]; then
+                "${dashboard_venv}/bin/pip" install -q -r "$req_file" 2>/dev/null || {
+                    echo -e "${YELLOW}Pinned deps failed, installing core deps...${NC}"
+                    "${dashboard_venv}/bin/pip" install -q fastapi uvicorn pydantic websockets 2>/dev/null || true
+                }
+            else
+                "${dashboard_venv}/bin/pip" install -q fastapi uvicorn pydantic websockets 2>/dev/null || true
+            fi
         else
+            # Fallback: try direct pip (may fail on PEP 668 systems)
             pip3 install -q fastapi uvicorn pydantic websockets 2>/dev/null || pip install -q fastapi uvicorn pydantic websockets 2>/dev/null || {
                 echo -e "${RED}Failed to install dashboard dependencies${NC}"
+                echo "Run manually: python3 -m venv ${dashboard_venv} && ${dashboard_venv}/bin/pip install fastapi uvicorn pydantic websockets"
                 exit 1
             }
         fi
@@ -3143,19 +3156,31 @@ cmd_api() {
                 fi
             fi
 
-            # Ensure dashboard Python dependencies are installed
-            if ! python3 -c "import fastapi" 2>/dev/null; then
-                echo -e "${YELLOW}Installing dashboard dependencies...${NC}"
-                local req_file="${SKILL_DIR}/dashboard/requirements.txt"
-                if [ -f "$req_file" ]; then
-                    pip3 install -q -r "$req_file" 2>/dev/null || pip install -q -r "$req_file" 2>/dev/null || {
-                        echo -e "${RED}Failed to install dashboard dependencies${NC}"
-                        echo "Run manually: pip install fastapi uvicorn pydantic websockets"
-                        exit 1
-                    }
+            # Ensure dashboard Python dependencies via virtualenv (PEP 668 safe)
+            local dashboard_venv="${SKILL_DIR}/dashboard/.venv"
+            local api_python="python3"
+            if [ -x "${dashboard_venv}/bin/python3" ]; then
+                api_python="${dashboard_venv}/bin/python3"
+            fi
+            if ! "$api_python" -c "import fastapi" 2>/dev/null; then
+                echo -e "${YELLOW}Setting up dashboard virtualenv...${NC}"
+                if ! [ -d "$dashboard_venv" ]; then
+                    python3 -m venv "$dashboard_venv" 2>/dev/null || python3.13 -m venv "$dashboard_venv" 2>/dev/null || true
+                fi
+                if [ -x "${dashboard_venv}/bin/python3" ]; then
+                    api_python="${dashboard_venv}/bin/python3"
+                    local req_file="${SKILL_DIR}/dashboard/requirements.txt"
+                    if [ -f "$req_file" ]; then
+                        "${dashboard_venv}/bin/pip" install -q -r "$req_file" 2>/dev/null || {
+                            "${dashboard_venv}/bin/pip" install -q fastapi uvicorn pydantic websockets 2>/dev/null || true
+                        }
+                    else
+                        "${dashboard_venv}/bin/pip" install -q fastapi uvicorn pydantic websockets 2>/dev/null || true
+                    fi
                 else
                     pip3 install -q fastapi uvicorn pydantic websockets 2>/dev/null || {
                         echo -e "${RED}Failed to install dashboard dependencies${NC}"
+                        echo "Run manually: python3 -m venv ${dashboard_venv} && ${dashboard_venv}/bin/pip install fastapi uvicorn pydantic websockets"
                         exit 1
                     }
                 fi
@@ -3168,7 +3193,7 @@ cmd_api() {
             if [ -n "${LOKI_TLS_CERT:-}" ] && [ -n "${LOKI_TLS_KEY:-}" ]; then
                 uvicorn_args="$uvicorn_args --ssl-certfile ${LOKI_TLS_CERT} --ssl-keyfile ${LOKI_TLS_KEY}"
             fi
-            LOKI_DIR="$LOKI_DIR" PYTHONPATH="$SKILL_DIR" nohup python3 -m uvicorn dashboard.server:app $uvicorn_args > "$LOKI_DIR/logs/api.log" 2>&1 &
+            LOKI_DIR="$LOKI_DIR" PYTHONPATH="$SKILL_DIR" nohup "$api_python" -m uvicorn dashboard.server:app $uvicorn_args > "$LOKI_DIR/logs/api.log" 2>&1 &
             local new_pid=$!
             echo "$new_pid" > "$pid_file"
 

package/autonomy/playwright-verify.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # Playwright Smoke Test Module (v5.46.0)
 #

package/autonomy/prd-checklist.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # PRD Checklist Module (v5.44.0)
 #

package/autonomy/run.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # shellcheck disable=SC2034  # Many variables are used by sourced scripts
 # shellcheck disable=SC2155  # Declare and assign separately (acceptable in this codebase)
 # shellcheck disable=SC2329  # Functions may be invoked indirectly or via dynamic dispatch
@@ -5147,19 +5147,40 @@ start_dashboard() {
         log_info "TLS enabled for dashboard"
     fi
 
-    # Ensure dashboard Python dependencies are installed
+    # Ensure dashboard Python dependencies via virtualenv (PEP 668 safe)
     local skill_dir="${SCRIPT_DIR%/*}"
     local req_file="${skill_dir}/dashboard/requirements.txt"
-    if ! python3 -c "import fastapi" 2>/dev/null; then
-        log_step "Installing dashboard dependencies..."
-        if [ -f "$req_file" ]; then
-            pip3 install -q -r "$req_file" 2>/dev/null || pip install -q -r "$req_file" 2>/dev/null || {
-                log_warn "Failed to install dashboard dependencies"
-                log_warn "Run manually: pip install fastapi uvicorn pydantic websockets"
+    local dashboard_venv="${skill_dir}/dashboard/.venv"
+    local python_cmd="python3"
+
+    # Use venv python if available, otherwise set one up
+    if [ -x "${dashboard_venv}/bin/python3" ]; then
+        python_cmd="${dashboard_venv}/bin/python3"
+    fi
+
+    if ! "$python_cmd" -c "import fastapi" 2>/dev/null; then
+        log_step "Setting up dashboard virtualenv..."
+        if ! [ -d "$dashboard_venv" ]; then
+            python3 -m venv "$dashboard_venv" 2>/dev/null || python3.13 -m venv "$dashboard_venv" 2>/dev/null || {
+                log_warn "Failed to create virtualenv, trying direct pip install..."
             }
+        fi
+        if [ -x "${dashboard_venv}/bin/python3" ]; then
+            python_cmd="${dashboard_venv}/bin/python3"
+            log_step "Installing dashboard dependencies into venv..."
+            if [ -f "$req_file" ]; then
+                "${dashboard_venv}/bin/pip" install -q -r "$req_file" 2>/dev/null || {
+                    log_warn "Pinned deps failed, installing core deps..."
+                    "${dashboard_venv}/bin/pip" install -q fastapi uvicorn pydantic websockets 2>/dev/null || true
+                }
+            else
+                "${dashboard_venv}/bin/pip" install -q fastapi uvicorn pydantic websockets 2>/dev/null || true
+            fi
         else
+            # Fallback: try direct pip (may fail on PEP 668 systems)
             pip3 install -q fastapi uvicorn pydantic websockets 2>/dev/null || pip install -q fastapi uvicorn pydantic websockets 2>/dev/null || {
                 log_warn "Failed to install dashboard dependencies"
+                log_warn "Run manually: python3 -m venv ${dashboard_venv} && ${dashboard_venv}/bin/pip install fastapi uvicorn pydantic websockets"
             }
         fi
     fi
@@ -5168,7 +5189,7 @@ start_dashboard() {
     # Dashboard module is at project root (parent of autonomy/)
     # LOKI_SKILL_DIR tells server.py where to find static files
     LOKI_TLS_CERT="${LOKI_TLS_CERT:-}" LOKI_TLS_KEY="${LOKI_TLS_KEY:-}" \
-        LOKI_SKILL_DIR="${skill_dir}" PYTHONPATH="${skill_dir}" nohup python3 -m dashboard.server > "$log_file" 2>&1 &
+        LOKI_SKILL_DIR="${skill_dir}" PYTHONPATH="${skill_dir}" nohup "$python_cmd" -m dashboard.server > "$log_file" 2>&1 &
     DASHBOARD_PID=$!
 
     # Save PID for later cleanup
@@ -5660,6 +5681,132 @@ load_handoff_context() {
     fi
 }
 
+# Write structured handoff document (v5.49.0)
+# Produces both JSON (machine-readable) and markdown (human-readable) handoffs
+# Called at end of session or before context clear
+write_structured_handoff() {
+    local reason="${1:-session_end}"
+    local handoff_dir=".loki/memory/handoffs"
+    mkdir -p "$handoff_dir"
+
+    local timestamp
+    timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+    local file_ts
+    file_ts=$(date +"%Y%m%d-%H%M%S")
+    local handoff_json="$handoff_dir/${file_ts}.json"
+    local handoff_md="$handoff_dir/${file_ts}.md"
+
+    # Gather structured data
+    local files_modified=""
+    files_modified=$(git diff --name-only HEAD 2>/dev/null | head -20 | tr '\n' ',' | sed 's/,$//')
+    local recent_commits=""
+    recent_commits=$(git log --oneline -5 2>/dev/null | tr '\n' '|' | sed 's/|$//')
+    local pending_tasks=0
+    local completed_tasks=0
+    if [ -f ".loki/queue/pending.json" ]; then
+        pending_tasks=$(_QF=".loki/queue/pending.json" python3 -c "import json,os;print(len(json.load(open(os.environ['_QF']))))" 2>/dev/null || echo "0")
+    fi
+    if [ -f ".loki/queue/completed.json" ]; then
+        completed_tasks=$(_QF=".loki/queue/completed.json" python3 -c "import json,os;print(len(json.load(open(os.environ['_QF']))))" 2>/dev/null || echo "0")
+    fi
+
+    # Write JSON handoff
+    _H_TS="$timestamp" \
+    _H_REASON="$reason" \
+    _H_ITER="${ITERATION_COUNT:-0}" \
+    _H_FILES="$files_modified" \
+    _H_COMMITS="$recent_commits" \
+    _H_PENDING="$pending_tasks" \
+    _H_COMPLETED="$completed_tasks" \
+    _H_JSON="$handoff_json" \
+    python3 -c "
+import json, os
+handoff = {
+    'schema_version': '1.0.0',
+    'timestamp': os.environ['_H_TS'],
+    'reason': os.environ['_H_REASON'],
+    'iteration': int(os.environ['_H_ITER']),
+    'files_modified': [f for f in os.environ['_H_FILES'].split(',') if f],
+    'recent_commits': [c for c in os.environ['_H_COMMITS'].split('|') if c],
+    'task_status': {
+        'pending': int(os.environ['_H_PENDING']),
+        'completed': int(os.environ['_H_COMPLETED'])
+    },
+    'open_questions': [],
+    'key_decisions': [],
+    'blockers': []
+}
+with open(os.environ['_H_JSON'], 'w') as f:
+    json.dump(handoff, f, indent=2)
+" 2>/dev/null || log_warn "Failed to write structured handoff JSON"
+
+    # Write markdown companion
+    cat > "$handoff_md" << HANDOFF_EOF
+# Session Handoff - $timestamp
+
+**Reason:** $reason
+**Iteration:** ${ITERATION_COUNT:-0}
+
+## Files Modified
+$files_modified
+
+## Recent Commits
+$(git log --oneline -5 2>/dev/null || echo "none")
+
+## Task Status
+- Pending: $pending_tasks
+- Completed: $completed_tasks
+
+## Notes
+Session handoff generated automatically.
+HANDOFF_EOF
+
+    log_info "Structured handoff written to $handoff_json"
+}
+
+# Load recent handoffs for context (reads both JSON and markdown)
+load_handoff_context() {
+    local handoff_content=""
+
+    # Prefer JSON handoffs (structured, v5.49.0+)
+    local recent_json
+    recent_json=$(find .loki/memory/handoffs -name "*.json" -mtime -1 2>/dev/null | sort -r | head -1)
+
+    if [ -n "$recent_json" ] && [ -f "$recent_json" ]; then
+        handoff_content=$(_HF="$recent_json" python3 -c "
+import json, os
+try:
+    h = json.load(open(os.environ['_HF']))
+    parts = []
+    parts.append(f\"Handoff from {h.get('timestamp','unknown')} (reason: {h.get('reason','unknown')})\")
+    parts.append(f\"Iteration: {h.get('iteration',0)}\")
+    files = h.get('files_modified', [])
+    if files:
+        parts.append(f\"Modified files: {', '.join(files[:10])}\")
+    tasks = h.get('task_status', {})
+    parts.append(f\"Tasks - pending: {tasks.get('pending',0)}, completed: {tasks.get('completed',0)}\")
+    for q in h.get('open_questions', []):
+        parts.append(f\"Open question: {q}\")
+    for b in h.get('blockers', []):
+        parts.append(f\"Blocker: {b}\")
+    print(' | '.join(parts))
+except Exception as e:
+    print(f'Error reading handoff: {e}')
+" 2>/dev/null)
+        echo "$handoff_content"
+        return
+    fi
+
+    # Fallback to markdown handoffs (pre-v5.49.0)
+    local recent_handoff
+    recent_handoff=$(find .loki/memory/handoffs -name "*.md" -mtime -1 2>/dev/null | sort -r | head -1)
+
+    if [ -n "$recent_handoff" ] && [ -f "$recent_handoff" ]; then
+        handoff_content=$(cat "$recent_handoff" | head -80)
+        echo "$handoff_content"
+    fi
+}
+
 # Load relevant learnings
 load_learnings_context() {
     local learnings=""
@@ -7468,6 +7615,9 @@ main() {
             --context "{\"provider\":\"${PROVIDER_NAME:-claude}\",\"iterations\":$ITERATION_COUNT,\"exit_code\":$result}"
     fi
 
+    # Write structured handoff for future sessions (v5.49.0)
+    write_structured_handoff "session_end_result_${result}" 2>/dev/null || true
+
     # Create PR from agent branch if branch protection was enabled
     create_session_pr
     audit_agent_action "session_stop" "Session ended" "result=$result,iterations=$ITERATION_COUNT"

package/autonomy/sandbox.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #===============================================================================
 # Loki Mode - Docker Sandbox Manager
 # Provides isolated container execution for enhanced security
@@ -843,6 +843,15 @@ start_sandbox() {
         docker_args+=("--volume" "$PROJECT_DIR:/workspace:rw")
     fi
 
+    # Config self-protection: mount critical .loki/ paths as read-only
+    # Prevents agents from corrupting council state, config, or audit trail
+    if [[ -d "$PROJECT_DIR/.loki/council" ]]; then
+        docker_args+=("--volume" "$PROJECT_DIR/.loki/council:/workspace/.loki/council:ro")
+    fi
+    if [[ -f "$PROJECT_DIR/.loki/config.yaml" ]]; then
+        docker_args+=("--volume" "$PROJECT_DIR/.loki/config.yaml:/workspace/.loki/config.yaml:ro")
+    fi
+
     # Mount git config (read-only) - mount to /home/loki since container runs as user loki
     if [[ -f "$HOME/.gitconfig" ]]; then
         docker_args+=("--volume" "$HOME/.gitconfig:/home/loki/.gitconfig:ro")

package/autonomy/serve.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # shellcheck disable=SC2034  # Unused variables are for future use or exported
 # shellcheck disable=SC2155  # Declare and assign separately
 #===============================================================================

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "5.48.1"
+__version__ = "5.49.0"
 
 # Expose the control app for easy import
 try:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v5.48.1
+**Version:** v5.49.0
 
 ---
 

package/events/emit.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode Event Emitter - Bash helper for emitting events
 #
 # Usage:

package/learning/aggregate.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode Learning Aggregator - Bash CLI helper
 #
 # Runs learning signal aggregation and displays results.

package/learning/emit.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode Learning Signal Emitter - Bash helper
 #
 # Emits learning signals by calling the Python learning emitter.

package/learning/suggest.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Loki Mode Learning Suggestions - Bash CLI helper
 #
 # Shows context-aware suggestions based on aggregated learnings.

package/mcp/__init__.py

@@ -21,4 +21,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '5.48.1'
+__version__ = '5.49.0'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loki-mode",
-  "version": "5.48.1",
+  "version": "5.49.0",
   "description": "Loki Mode by Autonomi - Multi-agent autonomous startup system for Claude Code, Codex CLI, and Gemini CLI",
   "keywords": [
     "autonomi",

package/providers/claude.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Claude Code Provider Configuration
 # Shell-sourceable config for loki-mode multi-provider support
 

package/providers/codex.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # OpenAI Codex CLI Provider Configuration
 # Shell-sourceable config for loki-mode multi-provider support
 

package/providers/gemini.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Google Gemini CLI Provider Configuration
 # Shell-sourceable config for loki-mode multi-provider support
 

package/providers/loader.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Provider Loader for loki-mode
 # Sources the appropriate provider configuration based on LOKI_PROVIDER