loki-mode 5.51.0 → 5.52.0

package/README.md

@@ -11,7 +11,7 @@
 [![Agent Types](https://img.shields.io/badge/Agent%20Types-41-blue)]()
 [![Benchmarks](https://img.shields.io/badge/Benchmarks-Infrastructure%20Ready-blue)](benchmarks/)
 
-**Current Version: v5.51.0**
+**Current Version: v5.52.0**
 
 **[Autonomi](https://www.autonomi.dev/)** | **[Documentation](https://www.autonomi.dev/docs)** | **[GitHub](https://github.com/asklokesh/loki-mode)**
 
@@ -85,7 +85,7 @@ gemini
 ### Verify Installation
 
 ```bash
-loki --version    # Should print 5.51.0
+loki --version    # Should print 5.52.0
 loki doctor       # Check skill symlinks and provider availability
 ```
 

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v5.51.0
+# Loki Mode v5.52.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -263,4 +263,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v5.51.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v5.52.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-5.51.0
+5.52.0

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "5.51.0"
+__version__ = "5.52.0"
 
 # Expose the control app for easy import
 try:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v5.51.0
+**Version:** v5.52.0
 
 ---
 

package/docs/alternative-installations.md

@@ -28,7 +28,7 @@ ln -sf ~/.claude/skills/loki-mode/autonomy/loki /usr/local/bin/loki
 
 ## Docker
 
-**Status:** Image exists on Docker Hub. Tags: `latest`, version-specific (e.g., `5.51.0`).
+**Status:** Image exists on Docker Hub. Tags: `latest`, version-specific (e.g., `5.52.0`).
 
 ```bash
 docker pull asklokesh/loki-mode:latest
@@ -108,8 +108,8 @@ jobs:
 
 ```bash
 # Download and extract to skills directory
-curl -sL https://github.com/asklokesh/loki-mode/archive/refs/tags/v5.51.0.tar.gz | tar xz
-mv loki-mode-5.51.0 ~/.claude/skills/loki-mode
+curl -sL https://github.com/asklokesh/loki-mode/archive/refs/tags/v5.52.0.tar.gz | tar xz
+mv loki-mode-5.52.0 ~/.claude/skills/loki-mode
 ```
 
 **Best for:** Offline or air-gapped environments, pinned version deployments.

package/docs/certification/01-core-concepts/lab.md

@@ -0,0 +1,174 @@
+# Module 1 Lab: Install and Run Loki Mode
+
+## Objective
+
+Install Loki Mode, verify the installation, create a simple PRD, run it, and examine the output directory structure.
+
+## Prerequisites
+
+- Node.js 18+ installed
+- npm available on your PATH
+- A supported AI provider CLI installed (Claude Code, Codex CLI, or Gemini CLI)
+- An active API key for your chosen provider
+
+## Step 1: Install Loki Mode
+
+```bash
+npm install -g loki-mode
+```
+
+Verify the installation:
+
+```bash
+loki version
+```
+
+You should see output like `5.51.0` (or the current version).
+
+## Step 2: Run the Doctor Check
+
+The `loki doctor` command checks all system prerequisites:
+
+```bash
+loki doctor
+```
+
+This verifies:
+- Node.js version
+- Required CLI tools (git, jq, etc.)
+- AI provider CLI availability
+- Skill symlink configuration
+
+Review the output and install any missing dependencies it reports.
+
+For machine-readable output:
+
+```bash
+loki doctor --json
+```
+
+## Step 3: Create a Simple PRD
+
+Create a file called `simple-prd.md` with the following content:
+
+```markdown
+# Simple Todo App
+
+## Overview
+A command-line todo application written in Node.js.
+
+## Requirements
+- Add a todo item with a title
+- List all todo items
+- Mark a todo item as complete
+- Delete a todo item
+- Store todos in a local JSON file
+
+## Tech Stack
+- Node.js
+- No external dependencies (use built-in fs module)
+
+## Success Criteria
+- All CRUD operations work from the command line
+- Data persists between runs via JSON file
+- Unit tests pass with >80% coverage
+```
+
+## Step 4: Start Loki Mode
+
+**Important:** Running `loki start` will invoke an AI provider and may incur API costs. Ensure you have a valid API key configured for your provider.
+
+```bash
+loki start ./simple-prd.md
+```
+
+Alternatively, if using a specific provider:
+
+```bash
+loki start --provider claude ./simple-prd.md    # Claude Code (default)
+loki start --provider codex ./simple-prd.md     # OpenAI Codex CLI
+loki start --provider gemini ./simple-prd.md    # Google Gemini CLI
+```
+
+You can also force the simple complexity tier to limit the number of phases:
+
+```bash
+loki start --simple ./simple-prd.md
+```
+
+## Step 5: Examine the Output
+
+After Loki Mode starts (or after you pause it with `loki pause`), examine the `.loki/` directory:
+
+```bash
+ls -la .loki/
+```
+
+You should see a structure similar to:
+
+```
+.loki/
+  session.json           # Session metadata (pid, start time, provider, status)
+  state/
+    orchestrator.json    # Current phase, task counts
+  queue/
+    pending.json         # Tasks waiting to be executed
+    current-task.json    # Task currently in progress
+    dead-letter.json     # Failed tasks (if any)
+  memory/
+    index.json           # Memory index
+    episodic/            # Task execution traces
+    semantic/            # Learned patterns
+  signals/               # Inter-process communication files
+  logs/                  # Execution logs
+```
+
+Inspect the orchestrator state:
+
+```bash
+cat .loki/state/orchestrator.json | jq .
+```
+
+Check the current session:
+
+```bash
+loki status
+```
+
+## Step 6: Control Execution
+
+Practice the control commands:
+
+```bash
+# Pause after current iteration
+loki pause
+
+# Check status while paused
+loki status
+
+# Resume execution
+loki resume
+
+# Stop immediately
+loki stop
+```
+
+## Verification Checklist
+
+After completing this lab, confirm you can answer these questions:
+
+- [ ] What version of Loki Mode is installed? (`loki version`)
+- [ ] Does `loki doctor` report all checks passing?
+- [ ] What files are created in the `.loki/` directory?
+- [ ] What phase does the orchestrator start in?
+- [ ] Can you pause and resume a Loki Mode session?
+
+## Cleanup
+
+To clean up the lab environment:
+
+```bash
+loki stop
+rm -rf .loki/
+rm simple-prd.md
+```

package/docs/certification/01-core-concepts/lesson.md

@@ -0,0 +1,182 @@
+# Module 1: Core Concepts
+
+## What is Loki Mode?
+
+Loki Mode is a multi-agent autonomous system created by [Autonomi](https://www.autonomi.dev/). It takes a Product Requirements Document (PRD) and builds a fully deployed product with minimal human intervention. It supports three AI provider CLIs: Claude Code (full features), OpenAI Codex CLI (degraded mode), and Google Gemini CLI (degraded mode).
+
+Loki Mode is installed as an npm package and invoked through the `loki` CLI or directly within Claude Code as a skill.
+
+```bash
+# Install
+npm install -g loki-mode
+
+# Verify installation
+loki version
+
+# Check system prerequisites
+loki doctor
+
+# Start with a PRD
+loki start ./prd.md
+```
+
+When started, Loki Mode creates a `.loki/` directory in your project root that holds all state: task queues, session data, memory, metrics, and signals.
+
+## The RARV Cycle
+
+Every action in Loki Mode follows a strict four-step cycle called RARV:
+
+1. **Reason** -- Determine the highest priority unblocked task from `.loki/queue/pending.json`
+2. **Act** -- Execute the task: write code, run commands, commit atomically
+3. **Reflect** -- Evaluate the outcome, log results
+4. **Verify** -- Run tests, check build, validate against the specification
+
+If verification passes, the task is marked complete and the cycle returns to Reason. If verification fails, the error is captured and the agent retries with a different approach. After 3 failures, it tries a simpler approach. After 5 failures, the task is moved to a dead-letter queue (`.loki/queue/dead-letter.json`) and the agent moves on.
+
+```
+REASON --> ACT --> REFLECT --> VERIFY
+  ^                             |
+  |         [PASS]              |
+  +-----------------------------+
+  |         [FAIL]
+  +--- Retry (up to 5x) --> Dead Letter Queue
+```
+
+## Phase Transitions
+
+Loki Mode organizes work into sequential phases. Each phase must pass all quality gates before the next begins:
+
+```
+BOOTSTRAP --> DISCOVERY --> ARCHITECTURE --> DEEPEN_PLAN --> INFRASTRUCTURE
+    --> DEVELOPMENT --> QA --> DEPLOYMENT --> GROWTH
+```
+
+Not all phases run for every project. Complexity tiers determine which phases execute:
+
+| Tier | Phases | When Used |
+|------|--------|-----------|
+| **simple** | 3 | 1-2 files, UI fixes, text changes |
+| **standard** | 6 | 3-10 files, features, bug fixes |
+| **complex** | 8 | 10+ files, microservices, external integrations |
+
+The tier is auto-detected from the PRD or can be forced with:
+
+```bash
+loki start --simple ./prd.md    # Force simple tier
+loki start --complex ./prd.md   # Force complex tier
+```
+
+Or via the environment variable `LOKI_COMPLEXITY=simple|standard|complex`.
+
+## Agents
+
+Loki Mode defines **41 specialized agent types** organized into **8 swarms**:
+
+| Swarm | Agent Count | Examples |
+|-------|-------------|----------|
+| Engineering | 8 | frontend, backend, database, mobile, api, qa, perf, infra |
+| Operations | 8 | devops, sre, security, monitor, incident, release, cost, compliance |
+| Business | 8 | marketing, sales, finance, legal, support, hr, investor, partnerships |
+| Data | 3 | ml, eng, analytics |
+| Product | 3 | pm, design, techwriter |
+| Growth | 4 | hacker, community, success, lifecycle |
+| Review | 3 | code, business, security |
+| Orchestration | 4 | (internal system agents) |
+
+These agents are **roles defined through prompts**, not separate programs. They are implemented using the Claude Code Task tool with role-specific prompts:
+
+```python
+# Example: Creating a security reviewer agent
+Task(
+    subagent_type="general-purpose",
+    model="opus",
+    description="Security review: auth module",
+    prompt="""You are a security reviewer. Focus on:
+    - Authentication vulnerabilities
+    - Input validation gaps
+    - OWASP Top 10 issues
+    Review: src/auth/*.ts"""
+)
+```
+
+A simple project typically uses 5-10 agents. Complex projects use more as needed. The orchestrator spawns only the agents required for the current task.
+
+Full agent type definitions are in `references/agent-types.md`.
+
+## Quality Gates
+
+Loki Mode enforces a 9-gate quality system. Code must pass all applicable gates before moving forward:
+
+| Gate | Name | Purpose |
+|------|------|---------|
+| 1 | Input Guardrails | Validate scope, detect injection, check constraints |
+| 2 | Static Analysis | CodeQL, ESLint/Pylint, type checking |
+| 3 | Blind Review System | 3 specialist reviewers in parallel, blind to each other |
+| 4 | Anti-Sycophancy Check | If reviewers unanimously approve, run a Devil's Advocate reviewer |
+| 5 | Output Guardrails | Validate code quality, spec compliance, no secrets |
+| 6 | Severity-Based Blocking | Critical/High/Medium = BLOCK; Low/Cosmetic = TODO |
+| 7 | Test Coverage Gates | Unit: 100% pass, >80% coverage; Integration: 100% pass |
+| 8 | Mock Detector | Flags tests that mock internal modules instead of real code |
+| 9 | Test Mutation Detector | Detects assertion value changes alongside implementation changes |
+
+The blind review system (Gate 3) selects 3 reviewers from a pool of 5 named specialists:
+
+- **security-sentinel** -- OWASP Top 10, injection, auth, secrets
+- **performance-oracle** -- N+1 queries, memory leaks, caching
+- **architecture-strategist** -- SOLID, coupling, patterns (always included)
+- **test-coverage-auditor** -- Missing tests, edge cases, error paths
+- **dependency-analyst** -- Outdated packages, CVEs, license issues
+
+The architecture-strategist is always one of the 3. The other 2 are selected by matching trigger keywords in the diff. Full details are in `skills/quality-gates.md`.
+
+## Memory System
+
+Loki Mode maintains three types of memory in the `.loki/memory/` directory:
+
+- **Episodic** (`.loki/memory/episodic/`) -- Specific interaction traces. Records what happened during each task, including errors and decisions.
+- **Semantic** (`.loki/memory/semantic/`) -- Generalized patterns and anti-patterns extracted from episodic memory. Includes `patterns.json` (what works) and `anti-patterns.json` (what to avoid).
+- **Procedural** (`.loki/memory/skills/`) -- Learned skills and reusable solutions.
+
+The memory system uses progressive disclosure with three layers: index (lightweight), timeline (moderate), and full details (heavy). This prevents loading the entire memory store into the context window.
+
+Memory retrieval is task-aware, weighting different memory types based on the current activity:
+
+| Task Type | Episodic Weight | Semantic Weight | Skills Weight |
+|-----------|----------------|-----------------|---------------|
+| Exploration | 0.6 | 0.3 | 0.1 |
+| Implementation | 0.15 | 0.5 | 0.35 |
+| Debugging | 0.4 | 0.2 | 0.0 (+ 0.4 anti-patterns) |
+
+The memory engine is implemented in Python (`memory/engine.py`, `memory/retrieval.py`, `memory/storage.py`).
+
+## Model Selection
+
+Loki Mode maps tasks to model tiers rather than specific model names:
+
+| Task Type | Tier | Claude | Codex | Gemini |
+|-----------|------|--------|-------|--------|
+| Architecture, system design | planning | opus | effort=xhigh | thinking=high |
+| Feature implementation, bugs | development | opus | effort=high | thinking=medium |
+| Code review | development | opus (sonnet for reviewers) | effort=high | thinking=medium |
+| Unit tests, linting, docs | fast | sonnet | effort=low | thinking=low |
+
+Claude Code has full feature support: parallel agents (up to 10 simultaneous), the Task tool, and MCP integration. Codex and Gemini run in degraded mode: sequential execution only, no Task tool, no parallel agents.
+
+## Key Files
+
+Every Loki Mode project uses these files in the `.loki/` directory:
+
+| File | Purpose |
+|------|---------|
+| `session.json` | Current session state (pid, start time, provider, status) |
+| `state/orchestrator.json` | Current phase, tasks completed/failed |
+| `queue/pending.json` | Tasks waiting to be executed |
+| `queue/current-task.json` | The task currently being worked on |
+| `queue/dead-letter.json` | Tasks that failed 5+ times |
+| `memory/index.json` | Lightweight memory index |
+| `memory/timeline.json` | Memory timeline for context retrieval |
+| `signals/` | Inter-process signals (PAUSE, STOP, DRIFT_DETECTED, etc.) |
+
+## Summary
+
+Loki Mode is an autonomous multi-agent system that follows the RARV cycle to build software from PRDs. It uses 41 agent types organized into 8 swarms, enforces quality through 9 gates with blind peer review, and maintains episodic/semantic/procedural memory for continuous learning. Projects are classified into simple, standard, or complex tiers that determine the number of phases executed.

package/docs/certification/01-core-concepts/quiz.md

@@ -0,0 +1,93 @@
+# Module 1 Quiz: Core Concepts
+
+Answer each question by selecting the best option (A, B, C, or D).
+
+---
+
+**Question 1:** What does the RARV cycle stand for?
+
+A) Read, Analyze, Review, Validate
+B) Reason, Act, Reflect, Verify
+C) Request, Assign, Run, Verify
+D) Review, Approve, Release, Validate
+
+---
+
+**Question 2:** How many specialized agent types does Loki Mode define?
+
+A) 8
+B) 25
+C) 41
+D) 50
+
+---
+
+**Question 3:** What happens when a task fails 5 times in the RARV cycle?
+
+A) The entire session terminates
+B) The task is moved to the dead-letter queue
+C) The task is automatically deleted
+D) The agent escalates to a more powerful model
+
+---
+
+**Question 4:** Which specialist reviewer is ALWAYS included in the 3-reviewer blind review system?
+
+A) security-sentinel
+B) performance-oracle
+C) architecture-strategist
+D) test-coverage-auditor
+
+---
+
+**Question 5:** How many quality gates does Loki Mode enforce?
+
+A) 3
+B) 5
+C) 7
+D) 9
+
+---
+
+**Question 6:** What are the three types of memory in the Loki Mode memory system?
+
+A) Short-term, long-term, working
+B) Episodic, semantic, procedural
+C) Cache, storage, archive
+D) Input, processing, output
+
+---
+
+**Question 7:** Which complexity tier uses 3 phases?
+
+A) basic
+B) simple
+C) standard
+D) complex
+
+---
+
+**Question 8:** What is the minimum test coverage required by Gate 7 (Test Coverage Gates)?
+
+A) 50%
+B) 60%
+C) 80%
+D) 100%
+
+---
+
+**Question 9:** Which AI provider supports full Loki Mode features including parallel agents and the Task tool?
+
+A) OpenAI Codex CLI
+B) Google Gemini CLI
+C) Claude Code
+D) All three providers equally
+
+---
+
+**Question 10:** What does Gate 4 (Anti-Sycophancy Check) do?
+
+A) Blocks all code that has any warnings
+B) Runs a Devil's Advocate reviewer when all 3 reviewers unanimously approve
+C) Requires human approval for every change
+D) Checks for duplicate code across the project

package/docs/certification/02-enterprise-features/lab.md

@@ -0,0 +1,154 @@
+# Module 2 Lab: Configure Enterprise Features
+
+## Objective
+
+Enable and verify enterprise features: audit logging, OTEL observability, token authentication, and dashboard TLS.
+
+## Prerequisites
+
+- Loki Mode installed (`npm install -g loki-mode`)
+- `loki doctor` passing
+- `jq` installed for JSON inspection
+
+## Step 1: Verify Audit Logging Is Active
+
+Audit logging is enabled by default. Verify its status:
+
+```bash
+loki enterprise status
+```
+
+The output should show audit logging as enabled.
+
+Start a session briefly to generate audit entries:
+
+```bash
+# Create a minimal project directory
+mkdir -p /tmp/enterprise-lab && cd /tmp/enterprise-lab
+git init
+
+# Check audit status
+loki enterprise audit status
+```
+
+**Note:** Viewing actual audit log entries requires a running session that has performed agent actions. The audit log records actions taken during `loki start`.
+
+## Step 2: Explore Audit Configuration
+
+Review the available audit environment variables:
+
+```bash
+# These are the key audit variables:
+# LOKI_AUDIT_DISABLED=true     -- Disable audit logging
+# LOKI_AUDIT_SYSLOG_HOST       -- Enable syslog forwarding
+# LOKI_AUDIT_SYSLOG_PORT       -- Syslog port (default: 514)
+# LOKI_AUDIT_SYSLOG_PROTO      -- Syslog protocol: udp or tcp
+# LOKI_AUDIT_LEVEL             -- Minimum severity to log
+# LOKI_AUDIT_EXCLUDE_EVENTS    -- Comma-separated events to skip
+```
+
+To temporarily disable audit logging (not recommended for production):
+
+```bash
+LOKI_AUDIT_DISABLED=true loki enterprise status
+```
+
+## Step 3: Check OTEL Readiness
+
+OTEL is lazy-loaded. Verify the conditional loading behavior:
+
+```bash
+# Without OTEL endpoint -- should report no OTEL
+loki enterprise status
+
+# To enable OTEL (requires a running OTLP collector):
+# export LOKI_OTEL_ENDPOINT=http://localhost:4318
+# loki start ./prd.md
+```
+
+**Note:** Actually sending OTEL data requires a running OTLP-compatible collector (such as the OpenTelemetry Collector, Jaeger, or Grafana Tempo) on the specified endpoint.
+
+## Step 4: Generate an API Token
+
+Enable enterprise authentication and generate a token:
+
+```bash
+# Enable token auth
+export LOKI_ENTERPRISE_AUTH=true
+
+# Generate a token
+loki enterprise token generate lab-test-token
+
+# Generate with expiration
+loki enterprise token generate lab-expires --expires 7
+```
+
+**Note:** Token authentication requires the dashboard API server to be running (`loki dashboard start` or `loki serve`). Without a running server, token generation creates the token but there is no API to authenticate against.
+
+## Step 5: Start and Inspect the Dashboard
+
+```bash
+# Start the dashboard server
+loki dashboard start
+
+# Check if it is running
+loki dashboard status
+
+# Get the URL
+loki dashboard url
+
+# Open in browser (macOS/Linux)
+loki dashboard open
+```
+
+The dashboard should be accessible at `http://localhost:57374`.
+
+## Step 6: Inspect Metrics
+
+While the dashboard is running:
+
+```bash
+# View Prometheus-format metrics
+loki metrics
+```
+
+This outputs metrics in OpenMetrics format suitable for Prometheus scraping.
+
+## Step 7: Review SIEM Integration Options
+
+Read the SIEM integration documentation:
+
+```bash
+# The full guide is at docs/siem-integration.md in the Loki Mode installation
+# Key platforms supported:
+# - Splunk
+# - IBM QRadar
+# - Elastic SIEM
+# - Datadog Security Monitoring
+```
+
+To configure syslog forwarding (requires an actual syslog server):
+
+```bash
+export LOKI_AUDIT_SYSLOG_HOST=your-syslog-server.example.com
+export LOKI_AUDIT_SYSLOG_PORT=514
+export LOKI_AUDIT_SYSLOG_PROTO=tcp
+```
+
+## Verification Checklist
+
+- [ ] `loki enterprise status` shows audit logging enabled
+- [ ] You understand the difference between `LOKI_AUDIT_DISABLED` and `LOKI_ENTERPRISE_AUDIT`
+- [ ] You know which environment variable activates OTEL (`LOKI_OTEL_ENDPOINT`)
+- [ ] You can generate an enterprise token with `loki enterprise token generate`
+- [ ] `loki dashboard status` correctly reports whether the dashboard is running
+- [ ] `loki metrics` outputs Prometheus-format metrics
+
+## Cleanup
+
+```bash
+loki dashboard stop
+cd ~
+rm -rf /tmp/enterprise-lab
+unset LOKI_ENTERPRISE_AUTH
+```