loki-mode 5.58.0 → 5.58.1

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v5.58.0
+# Loki Mode v5.58.1
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -263,4 +263,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v5.58.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v5.58.1 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-5.58.0
+5.58.1

package/autonomy/app-runner.sh

@@ -144,7 +144,8 @@ _detect_port() {
                 compose_file="${TARGET_DIR:-.}/compose.yml"
             fi
             local port
-            port=$(grep -E '^\s*-\s*"?[0-9]+:[0-9]+"?' "$compose_file" 2>/dev/null | head -1 | grep -oE '[0-9]+:[0-9]+' | tail -1 | cut -d: -f1)
+            # Handle both simple (HOST:CONTAINER) and IP-bound (IP:HOST:CONTAINER) port formats
+            port=$(grep -E '^\s*-\s*"?[0-9]' "$compose_file" 2>/dev/null | head -1 | sed 's/.*- *"*//;s/".*//;' | awk -F: '{print $(NF-1)}')
             _APP_RUNNER_PORT="${port:-8080}"
             ;;
         *docker\ build*)

package/autonomy/completion-council.sh

@@ -41,6 +41,10 @@ COUNCIL_ENABLED=${LOKI_COUNCIL_ENABLED:-true}
 COUNCIL_SIZE=${LOKI_COUNCIL_SIZE:-3}
 COUNCIL_THRESHOLD=${LOKI_COUNCIL_THRESHOLD:-2}
 COUNCIL_CHECK_INTERVAL=${LOKI_COUNCIL_CHECK_INTERVAL:-5}
+# Guard against zero/negative interval (division by zero in modulo)
+if [ "$COUNCIL_CHECK_INTERVAL" -le 0 ] 2>/dev/null; then
+    COUNCIL_CHECK_INTERVAL=5
+fi
 COUNCIL_MIN_ITERATIONS=${LOKI_COUNCIL_MIN_ITERATIONS:-3}
 COUNCIL_CONVERGENCE_WINDOW=${LOKI_COUNCIL_CONVERGENCE_WINDOW:-3}
 COUNCIL_STAGNATION_LIMIT=${LOKI_COUNCIL_STAGNATION_LIMIT:-5}
@@ -271,15 +275,17 @@ council_vote() {
             while IFS= read -r issue_line; do
                 local issue_severity
                 issue_severity=$(echo "$issue_line" | grep -oE "(CRITICAL|HIGH|MEDIUM|LOW)" | head -1 | tr '[:upper:]' '[:lower:]')
+                # Reset per issue line so previous iterations don't poison the check
+                threshold_reached=false
                 # Check if this severity meets or exceeds the threshold
                 for sev in $severity_order; do
-                    if [ "$sev" = "$COUNCIL_SEVERITY_THRESHOLD" ]; then
-                        threshold_reached=true
-                    fi
                     if [ "$sev" = "$issue_severity" ] && [ "$threshold_reached" = "false" ]; then
                         has_blocking_issue=true
                         break
                     fi
+                    if [ "$sev" = "$COUNCIL_SEVERITY_THRESHOLD" ]; then
+                        threshold_reached=true
+                    fi
                 done
             done <<< "$member_issues"
 

package/autonomy/loki

@@ -3424,11 +3424,11 @@ cmd_api() {
             # Start server
             mkdir -p "$LOKI_DIR/logs" "$LOKI_DIR/dashboard"
             local host="${LOKI_DASHBOARD_HOST:-127.0.0.1}"
-            local uvicorn_args="--host $host --port $port"
+            local uvicorn_args=("--host" "$host" "--port" "$port")
             if [ -n "${LOKI_TLS_CERT:-}" ] && [ -n "${LOKI_TLS_KEY:-}" ]; then
-                uvicorn_args="$uvicorn_args --ssl-certfile ${LOKI_TLS_CERT} --ssl-keyfile ${LOKI_TLS_KEY}"
+                uvicorn_args+=("--ssl-certfile" "${LOKI_TLS_CERT}" "--ssl-keyfile" "${LOKI_TLS_KEY}")
             fi
-            LOKI_DIR="$LOKI_DIR" PYTHONPATH="$SKILL_DIR" nohup "$api_python" -m uvicorn dashboard.server:app $uvicorn_args > "$LOKI_DIR/logs/api.log" 2>&1 &
+            LOKI_DIR="$LOKI_DIR" PYTHONPATH="$SKILL_DIR" nohup "$api_python" -m uvicorn dashboard.server:app "${uvicorn_args[@]}" > "$LOKI_DIR/logs/api.log" 2>&1 &
             local new_pid=$!
             echo "$new_pid" > "$pid_file"
 
@@ -5006,7 +5006,7 @@ cmd_migrate_start() {
 
     # Check for path traversal BEFORE canonicalization
     case "$codebase_path" in
-        *..*)
+        ../*|*/../*|*/..|--)
             echo -e "${RED}Error: Path traversal not allowed in codebase path${NC}"
             return 1
             ;;
@@ -5062,8 +5062,7 @@ cmd_migrate_start() {
     # Handle resume
     if [ "$resume" = "true" ]; then
         local latest_manifest
-        latest_manifest=$(find "$migrations_dir" -name "manifest.json" -maxdepth 2 2>/dev/null | \
-            xargs python3 -c "
+        latest_manifest=$(find "$migrations_dir" -name "manifest.json" -maxdepth 2 -exec python3 -c "
 import json, sys
 codebase = sys.argv[1]
 manifests = []
@@ -5076,7 +5075,7 @@ for path in sys.argv[2:]:
     except: pass
 if manifests:
     print(manifests[-1])
-" "$codebase_path" 2>/dev/null || echo "")
+" "$codebase_path" {} + 2>/dev/null || echo "")
 
         if [ -z "$latest_manifest" ]; then
             echo -e "${RED}Error: No resumable migration found for ${codebase_path}${NC}"
@@ -5323,9 +5322,19 @@ except Exception: pass
                 gemini)
                     (cd "$codebase_path" && gemini --approval-mode=yolo "$phase_prompt" 2>&1) || phase_exit=$?
                     ;;
+                *)
+                    echo -e "${RED}Error: Unknown provider '${provider_name}'. Supported: claude, codex, gemini${NC}"
+                    phase_exit=1
+                    ;;
             esac
         fi
 
+        # Check provider exit code before proceeding
+        if [ "$phase_exit" -ne 0 ]; then
+            echo -e "${RED}Error: Provider exited with code $phase_exit during phase $p${NC}"
+            # Don't advance phase -- gate check will catch missing artifacts
+        fi
+
         # Verify phase gate artifacts exist before advancing
         local gate_ok=true
         case "$p" in

package/autonomy/prd-checklist.sh

@@ -202,7 +202,8 @@ try:
         if failing_items:
             detail = ' FAILING: ' + ', '.join(failing_items[:5])
         waived_str = f', {waived_count} waived' if waived_count > 0 else ''
-        print(f'{verified}/{total} verified, {failing} failing{waived_str}, {pending} pending.{detail}')
+        adjusted_failing = max(0, failing - waived_count)
+        print(f'{verified}/{total} verified, {adjusted_failing} failing{waived_str}, {pending} pending.{detail}')
 except Exception:
     print('', file=sys.stderr)
 " 2>/dev/null || echo ""

package/autonomy/run.sh

@@ -503,6 +503,8 @@ LAST_WATCHDOG_CHECK=0
 
 STATUS_MONITOR_PID=""
 DASHBOARD_PID=""
+DASHBOARD_LAST_ALIVE=0
+_DASHBOARD_RESTARTING=false
 RESOURCE_MONITOR_PID=""
 
 # SDLC Phase Controls (all enabled by default)
@@ -5521,6 +5523,7 @@ start_dashboard() {
     sleep 2
 
     if kill -0 "$DASHBOARD_PID" 2>/dev/null; then
+        DASHBOARD_LAST_ALIVE=$(date +%s)
         log_info "Dashboard started (PID: $DASHBOARD_PID)"
         log_info "Dashboard: ${CYAN}${url_scheme}://127.0.0.1:$DASHBOARD_PORT/${NC}"
 
@@ -5559,11 +5562,16 @@ stop_dashboard() {
 # Handle dashboard crash: restart silently without triggering pause handler
 # This prevents a killed dashboard from being misinterpreted as a user interrupt
 handle_dashboard_crash() {
+    # Reentrancy guard: prevent recursive restarts from signal handlers
+    if [[ "$_DASHBOARD_RESTARTING" == "true" ]]; then
+        return 0
+    fi
+
     if [[ "${ENABLE_DASHBOARD:-true}" != "true" ]]; then
         return 0
     fi
 
-    local dashboard_pid_file=".loki/dashboard/dashboard.pid"
+    local dashboard_pid_file="${TARGET_DIR:-.}/.loki/dashboard/dashboard.pid"
     if [[ ! -f "$dashboard_pid_file" ]]; then
         return 0
     fi
@@ -5598,7 +5606,9 @@ handle_dashboard_crash() {
         "autonomy_mode=$AUTONOMY_MODE"
     DASHBOARD_PID=""
     rm -f "$dashboard_pid_file"
+    _DASHBOARD_RESTARTING=true
     start_dashboard
+    _DASHBOARD_RESTARTING=false
     return 0
 }
 
@@ -5606,17 +5616,31 @@ handle_dashboard_crash() {
 # rather than an actual user interrupt. Returns 0 if it was a child crash
 # (handled silently), 1 if it was a real interrupt.
 is_child_process_signal() {
-    # If dashboard PID is set and dashboard is now dead, this signal
-    # was likely caused by the dashboard process exiting
+    local dashboard_pid_file="${TARGET_DIR:-.}/.loki/dashboard/dashboard.pid"
+    local now
+    now=$(date +%s)
+
+    # If dashboard PID is set and dashboard is now dead, check timing to
+    # distinguish a real Ctrl+C (which kills both parent and child in the
+    # same process group) from an independent child crash.
     if [ -n "$DASHBOARD_PID" ] && ! kill -0 "$DASHBOARD_PID" 2>/dev/null; then
+        local time_since_alive=$((now - DASHBOARD_LAST_ALIVE))
+        if [ "$DASHBOARD_LAST_ALIVE" -gt 0 ] && [ "$time_since_alive" -lt 2 ]; then
+            # Dashboard was alive very recently -- it likely died from the same
+            # SIGINT that we just received (process group signal). Treat as real
+            # user interrupt, but still restart the dashboard in the background.
+            handle_dashboard_crash
+            return 1
+        fi
+        # Dashboard has been dead for a while -- this is an independent crash
         handle_dashboard_crash
         return 0
     fi
 
     # Check PID file as fallback
-    if [ -f ".loki/dashboard/dashboard.pid" ]; then
+    if [ -f "$dashboard_pid_file" ]; then
         local dpid
-        dpid=$(cat ".loki/dashboard/dashboard.pid" 2>/dev/null)
+        dpid=$(cat "$dashboard_pid_file" 2>/dev/null)
         if [ -n "$dpid" ] && ! kill -0 "$dpid" 2>/dev/null; then
             handle_dashboard_crash
             return 0
@@ -5937,7 +5961,7 @@ watchdog_check() {
     [[ "$WATCHDOG_ENABLED" != "true" ]] && return 0
 
     # Check dashboard health
-    local dashboard_pid_file=".loki/dashboard/dashboard.pid"
+    local dashboard_pid_file="${TARGET_DIR:-.}/.loki/dashboard/dashboard.pid"
     if [[ -f "$dashboard_pid_file" ]]; then
         local dpid
         dpid=$(cat "$dashboard_pid_file" 2>/dev/null)
@@ -5951,8 +5975,13 @@ watchdog_check() {
             # Auto-restart dashboard if it was previously running
             if [[ "${ENABLE_DASHBOARD:-true}" == "true" ]]; then
                 log_info "WATCHDOG: Restarting dashboard..."
+                DASHBOARD_PID=""
+                rm -f "$dashboard_pid_file"
                 start_dashboard
             fi
+        else
+            # Dashboard is alive -- update last-alive timestamp
+            DASHBOARD_LAST_ALIVE=$(date +%s)
         fi
     fi
 
@@ -7376,7 +7405,20 @@ check_human_intervention() {
     # propagate that as return 2 (stop) instead of always returning 1 (continue).
     if [ -f "$loki_dir/PAUSE" ]; then
         # In perpetual mode: auto-clear PAUSE files and continue without waiting
+        # EXCEPT when PAUSE was created by budget limit enforcement
         if [ "$AUTONOMY_MODE" = "perpetual" ] || [ "$PERPETUAL_MODE" = "true" ]; then
+            if [ -f "$loki_dir/signals/BUDGET_EXCEEDED" ]; then
+                log_warn "PAUSE file created by budget limit - NOT auto-clearing in perpetual mode"
+                log_warn "Budget limit reached. Remove .loki/signals/BUDGET_EXCEEDED and .loki/PAUSE to continue."
+                notify_intervention_needed "Budget limit reached - execution paused" 2>/dev/null || true
+                handle_pause
+                local pause_result=$?
+                rm -f "$loki_dir/PAUSE"
+                if [ "$pause_result" -eq 1 ]; then
+                    return 2
+                fi
+                return 1
+            fi
             log_warn "PAUSE file detected but autonomy mode is perpetual - auto-clearing"
             notify_intervention_needed "PAUSE file auto-cleared in perpetual mode" 2>/dev/null || true
             rm -f "$loki_dir/PAUSE" "$loki_dir/PAUSED.md"
@@ -7625,7 +7667,7 @@ except (json.JSONDecodeError, OSError): pass
     # rather than an actual user interrupt. In that case, handle silently.
     if is_child_process_signal; then
         log_info "Child process exit detected, handled silently"
-        INTERRUPT_COUNT=0
+        # Do NOT reset INTERRUPT_COUNT -- preserves double-Ctrl+C escape capability
         return
     fi
 

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "5.58.0"
+__version__ = "5.58.1"
 
 # Expose the control app for easy import
 try:

package/dashboard/control.py

@@ -259,7 +259,7 @@ def get_status() -> StatusResponse:
                         age_hours = (datetime.now(timezone.utc) - start_time_parsed).total_seconds() / 3600
                         if age_hours > 6:
                             session_data["status"] = "stopped"
-                            session_file.write_text(json.dumps(session_data))
+                            atomic_write_json(session_file, session_data, use_lock=True)
                         else:
                             running = True
                     except (ValueError, TypeError):
@@ -589,8 +589,9 @@ async def get_logs(lines: int = 50):
     Get recent log lines from the session log.
 
     Args:
-        lines: Number of lines to return (default 50)
+        lines: Number of lines to return (default 50, max 10000)
     """
+    lines = min(max(lines, 1), 10000)
     log_file = LOG_DIR / "session.log"
 
     if not log_file.exists():

package/dashboard/migration_engine.py

@@ -356,6 +356,8 @@ class MigrationPipeline:
                 features = [Feature(**f) for f in data]
             except FileNotFoundError:
                 return False, "Phase gate failed: features.json not found"
+            except (json.JSONDecodeError, TypeError) as exc:
+                return False, f"Phase gate failed: features.json is invalid: {exc}"
             if not features:
                 return False, "No features defined"
             failing = [f for f in features if not f.passes]
@@ -369,11 +371,14 @@ class MigrationPipeline:
             plan_path = self.migration_dir / "migration-plan.json"
             try:
                 data = json.loads(plan_path.read_text(encoding="utf-8"))
-                steps_data = data.pop("steps", [])
-                plan = MigrationPlan(**data)
+                steps_data = data.get("steps", [])
+                plan_data = {k: v for k, v in data.items() if k != "steps"}
+                plan = MigrationPlan(**plan_data)
                 plan.steps = [MigrationStep(**s) for s in steps_data]
             except FileNotFoundError:
                 return False, "Phase gate failed: migration-plan.json not found"
+            except (json.JSONDecodeError, TypeError) as exc:
+                return False, f"Phase gate failed: migration-plan.json is invalid: {exc}"
             incomplete = [s for s in plan.steps if s.status != "completed"]
             if incomplete:
                 ids = ", ".join(s.id for s in incomplete[:5])

package/dashboard/server.py

@@ -55,7 +55,7 @@ from .activity_logger import get_activity_logger
 try:
     from . import __version__ as _version
 except ImportError:
-    _version = "5.39.0"
+    _version = "5.58.1"
 
 # ---------------------------------------------------------------------------
 # TLS Configuration (optional - disabled by default)