loki-mode 6.21.0 → 6.23.0

package/README.md

@@ -9,7 +9,7 @@
 [![Agent Types](https://img.shields.io/badge/Agent%20Types-41-blue)]()
 [![Autonomi](https://img.shields.io/badge/Autonomi-autonomi.dev-5B4EEA)](https://www.autonomi.dev/)
 
-**Current Version: v6.15.0**
+**Current Version: v6.22.0**
 
 ---
 

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v6.21.0
+# Loki Mode v6.23.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -267,4 +267,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v6.21.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v6.23.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-6.21.0
+6.23.0

package/autonomy/loki

@@ -438,6 +438,7 @@ show_help() {
     echo "  failover [cmd]   Cross-provider auto-failover (status|--enable|--test|--chain)"
     echo "  onboard [path]   Analyze a repo and generate CLAUDE.md (structure, conventions, commands)"
     echo "  plan <PRD>       Dry-run PRD analysis: complexity, cost, and execution plan"
+    echo "  ci [opts]        CI/CD quality gate integration (--pr, --report, --github-comment)"
     echo "  version          Show version"
     echo "  help             Show this help"
     echo ""
@@ -9193,6 +9194,9 @@ main() {
         onboard)
             cmd_onboard "$@"
             ;;
+        ci)
+            cmd_ci "$@"
+            ;;
         version|--version|-v)
             cmd_version
             ;;
@@ -14681,4 +14685,645 @@ Generated by loki onboard (depth $depth) on $(date +%Y-%m-%d)"
     fi
 }
 
+# CI/CD quality gate integration (v6.22.0)
+cmd_ci() {
+    local ci_pr=false
+    local ci_test_suggest=false
+    local ci_report=false
+    local ci_github_comment=false
+    local ci_fail_on=""
+    local ci_format="markdown"
+
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            --help|-h)
+                echo -e "${BOLD}loki ci${NC} - CI/CD quality gate integration"
+                echo ""
+                echo "Usage: loki ci [options]"
+                echo ""
+                echo "Runs Loki Mode quality gates as a CI step. Works with GitHub Actions,"
+                echo "GitLab CI, Jenkins, CircleCI, and other CI systems."
+                echo ""
+                echo "Modes:"
+                echo "  --pr                 Review the current PR diff with all quality gates"
+                echo "  --test-suggest       Generate test suggestions for changed files"
+                echo "  --report             Generate a quality report"
+                echo ""
+                echo "Options:"
+                echo "  --github-comment     Post review results as PR comment (needs GITHUB_TOKEN)"
+                echo "  --fail-on <levels>   Set exit code 1 on severity: critical,high,medium,low"
+                echo "  --format <fmt>       Output format: json, markdown, github (default: markdown)"
+                echo "  --help, -h           Show this help"
+                echo ""
+                echo "Exit codes:"
+                echo "  0  All checks passed (or below --fail-on threshold)"
+                echo "  1  Findings exceed --fail-on threshold"
+                echo "  2  Error (missing tools, invalid arguments)"
+                echo ""
+                echo "Environment variables (auto-detected):"
+                echo "  GITHUB_ACTIONS       Detected when running in GitHub Actions"
+                echo "  GITLAB_CI            Detected when running in GitLab CI"
+                echo "  JENKINS_URL          Detected when running in Jenkins"
+                echo "  CIRCLECI             Detected when running in CircleCI"
+                echo "  GITHUB_TOKEN         Required for --github-comment"
+                echo "  GITHUB_EVENT_PATH    Auto-set in GitHub Actions for PR context"
+                echo ""
+                echo "Examples:"
+                echo "  loki ci --pr --format json              # Review PR diff as JSON"
+                echo "  loki ci --pr --fail-on critical,high    # Fail CI on critical/high findings"
+                echo "  loki ci --pr --github-comment           # Post results as PR comment"
+                echo "  loki ci --report --format markdown      # Generate quality report"
+                echo "  loki ci --test-suggest                  # Suggest tests for changed files"
+                echo ""
+                echo "GitHub Actions example:"
+                echo "  - uses: asklokesh/loki-mode-action@v1"
+                echo "    with:"
+                echo "      command: loki ci --pr --github-comment --fail-on critical"
+                return 0
+                ;;
+            --pr) ci_pr=true; shift ;;
+            --test-suggest) ci_test_suggest=true; shift ;;
+            --report) ci_report=true; shift ;;
+            --github-comment) ci_github_comment=true; shift ;;
+            --fail-on)
+                shift
+                ci_fail_on="${1:-}"
+                if [ -z "$ci_fail_on" ]; then
+                    echo -e "${RED}Error: --fail-on requires severity levels (e.g., critical,high)${NC}"
+                    return 2
+                fi
+                ci_fail_on="$(echo "$ci_fail_on" | tr '[:upper:]' '[:lower:]')"
+                shift
+                ;;
+            --format)
+                shift
+                ci_format="${1:-markdown}"
+                ci_format="$(echo "$ci_format" | tr '[:upper:]' '[:lower:]')"
+                if [[ "$ci_format" != "json" && "$ci_format" != "markdown" && "$ci_format" != "github" ]]; then
+                    echo -e "${RED}Error: --format must be json, markdown, or github${NC}"
+                    return 2
+                fi
+                shift
+                ;;
+            -*) echo -e "${RED}Unknown option: $1${NC}"; return 2 ;;
+            *) echo -e "${RED}Unknown argument: $1${NC}"; return 2 ;;
+        esac
+    done
+
+    # If no mode specified, default to --pr --report
+    if [ "$ci_pr" = false ] && [ "$ci_test_suggest" = false ] && [ "$ci_report" = false ]; then
+        ci_pr=true
+        ci_report=true
+    fi
+
+    # --- Detect CI environment ---
+    local ci_env="local"
+    local ci_pr_number=""
+    local ci_base_branch="main"
+    local ci_repo=""
+
+    if [ -n "${GITHUB_ACTIONS:-}" ]; then
+        ci_env="github"
+        ci_repo="${GITHUB_REPOSITORY:-}"
+        ci_base_branch="${GITHUB_BASE_REF:-main}"
+        # Extract PR number from GITHUB_EVENT_PATH
+        if [ -n "${GITHUB_EVENT_PATH:-}" ] && [ -f "${GITHUB_EVENT_PATH:-}" ]; then
+            ci_pr_number=$(python3 -c "
+import json, sys
+try:
+    with open('${GITHUB_EVENT_PATH}') as f:
+        event = json.load(f)
+    pr = event.get('pull_request', event.get('number', ''))
+    if isinstance(pr, dict):
+        print(pr.get('number', ''))
+    else:
+        print(pr)
+except Exception:
+    print('')
+" 2>/dev/null || echo "")
+        fi
+        # Fallback: GITHUB_REF_NAME for PR refs like refs/pull/123/merge
+        if [ -z "$ci_pr_number" ] && [[ "${GITHUB_REF:-}" == refs/pull/*/merge ]]; then
+            ci_pr_number=$(echo "${GITHUB_REF}" | sed 's|refs/pull/\([0-9]*\)/merge|\1|')
+        fi
+    elif [ -n "${GITLAB_CI:-}" ]; then
+        ci_env="gitlab"
+        ci_pr_number="${CI_MERGE_REQUEST_IID:-}"
+        ci_base_branch="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-main}"
+        ci_repo="${CI_PROJECT_PATH:-}"
+    elif [ -n "${JENKINS_URL:-}" ]; then
+        ci_env="jenkins"
+        ci_pr_number="${CHANGE_ID:-}"
+        ci_base_branch="${CHANGE_TARGET:-main}"
+    elif [ -n "${CIRCLECI:-}" ]; then
+        ci_env="circleci"
+        ci_pr_number="${CIRCLE_PULL_REQUEST##*/}"
+        ci_repo="${CIRCLE_PROJECT_USERNAME:-}/${CIRCLE_PROJECT_REPONAME:-}"
+    fi
+
+    # --- Gather diff ---
+    local diff_content=""
+    local changed_files=""
+
+    if [ "$ci_pr" = true ] || [ "$ci_test_suggest" = true ] || [ "$ci_report" = true ]; then
+        if [ -n "$ci_pr_number" ] && command -v gh &>/dev/null && [ "$ci_env" = "github" ]; then
+            diff_content=$(gh pr diff "$ci_pr_number" 2>/dev/null || echo "")
+            changed_files=$(gh pr diff "$ci_pr_number" --name-only 2>/dev/null || echo "")
+        fi
+
+        # Fallback: git diff against base branch
+        if [ -z "$diff_content" ]; then
+            # Fetch base branch if in CI
+            if [ "$ci_env" != "local" ]; then
+                git fetch origin "$ci_base_branch" --depth=1 2>/dev/null || true
+            fi
+            diff_content=$(git diff "origin/${ci_base_branch}...HEAD" 2>/dev/null || git diff HEAD~1 2>/dev/null || git diff HEAD 2>/dev/null || echo "")
+            changed_files=$(git diff --name-only "origin/${ci_base_branch}...HEAD" 2>/dev/null || git diff --name-only HEAD~1 2>/dev/null || git diff --name-only HEAD 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$diff_content" ]; then
+            if [ "$ci_format" = "json" ]; then
+                echo '{"status":"skip","message":"No changes to review","ci_environment":"'"$ci_env"'","pr_number":"'"$ci_pr_number"'","findings":[],"summary":{"critical":0,"high":0,"medium":0,"low":0,"info":0,"total":0},"exit_code":0}'
+            else
+                echo -e "${GREEN}No changes to review.${NC}"
+            fi
+            return 0
+        fi
+    fi
+
+    # --- Severity helpers ---
+    _ci_sev_level() {
+        case "$1" in
+            CRITICAL) echo 5 ;;
+            HIGH) echo 4 ;;
+            MEDIUM) echo 3 ;;
+            LOW) echo 2 ;;
+            INFO) echo 1 ;;
+            *) echo 0 ;;
+        esac
+    }
+
+    # Parse --fail-on into a minimum severity threshold
+    local fail_threshold=99  # Default: never fail
+    if [ -n "$ci_fail_on" ]; then
+        # Take the lowest severity from the comma-separated list
+        IFS=',' read -ra fail_levels <<< "$ci_fail_on"
+        for level in "${fail_levels[@]}"; do
+            level=$(echo "$level" | tr -d ' ' | tr '[:lower:]' '[:upper:]')
+            local level_num
+            level_num=$(_ci_sev_level "$level")
+            if [ "$level_num" -gt 0 ] && [ "$level_num" -lt "$fail_threshold" ]; then
+                fail_threshold=$level_num
+            fi
+        done
+    fi
+
+    # --- Run quality gates (reuses cmd_review logic) ---
+    local findings=()
+    local has_critical=false
+    local has_high=false
+
+    _ci_add_finding() {
+        local file="$1" line="$2" sev="$3" cat="$4" finding="$5" suggestion="$6"
+        findings+=("${file}|${line}|${sev}|${cat}|${finding}|${suggestion}")
+        [ "$sev" = "CRITICAL" ] && has_critical=true || true
+        [ "$sev" = "HIGH" ] && has_high=true || true
+    }
+
+    # Gate 1: Static Analysis - shellcheck
+    if command -v shellcheck &>/dev/null; then
+        local shell_files_ci
+        shell_files_ci=$(echo "$changed_files" | grep -E '\.(sh|bash)$' || true)
+        if [ -n "$shell_files_ci" ]; then
+            while IFS= read -r sf; do
+                [ -z "$sf" ] && continue
+                [ ! -f "$sf" ] && continue
+                local sc_out
+                sc_out=$(shellcheck -f gcc "$sf" 2>/dev/null || true)
+                while IFS= read -r sc_line; do
+                    [ -z "$sc_line" ] && continue
+                    local sc_file sc_lineno sc_sev sc_msg
+                    sc_file=$(echo "$sc_line" | cut -d: -f1)
+                    sc_lineno=$(echo "$sc_line" | cut -d: -f2)
+                    sc_sev=$(echo "$sc_line" | sed -n 's/.*: \(warning\|error\|note\|info\):.*/\1/p')
+                    sc_msg=$(echo "$sc_line" | sed 's/.*: \(warning\|error\|note\|info\): //')
+                    local mapped_sev="LOW"
+                    case "$sc_sev" in
+                        error) mapped_sev="HIGH" ;;
+                        warning) mapped_sev="MEDIUM" ;;
+                        *) mapped_sev="LOW" ;;
+                    esac
+                    _ci_add_finding "$sc_file" "$sc_lineno" "$mapped_sev" "static-analysis" "$sc_msg" "Fix shellcheck finding"
+                done <<< "$sc_out"
+            done <<< "$shell_files_ci"
+        fi
+    fi
+
+    # Gate 1b: Static Analysis - eslint
+    if command -v npx &>/dev/null; then
+        local js_files_ci
+        js_files_ci=$(echo "$changed_files" | grep -E '\.(js|ts|jsx|tsx)$' || true)
+        if [ -n "$js_files_ci" ]; then
+            while IFS= read -r jsf; do
+                [ -z "$jsf" ] && continue
+                [ ! -f "$jsf" ] && continue
+                if [ -f ".eslintrc.js" ] || [ -f ".eslintrc.json" ] || [ -f "eslint.config.js" ] || [ -f "eslint.config.mjs" ]; then
+                    local eslint_out
+                    eslint_out=$(npx eslint --format compact "$jsf" 2>/dev/null || true)
+                    while IFS= read -r el; do
+                        [ -z "$el" ] && continue
+                        [[ "$el" == *"problem"* ]] && continue
+                        local el_file el_line el_msg
+                        el_file=$(echo "$el" | cut -d: -f1)
+                        el_line=$(echo "$el" | cut -d: -f2)
+                        el_msg=$(echo "$el" | sed 's/^[^)]*) //')
+                        local el_sev="LOW"
+                        [[ "$el" == *"Error"* ]] && el_sev="MEDIUM"
+                        _ci_add_finding "$el_file" "$el_line" "$el_sev" "static-analysis" "$el_msg" "Fix eslint finding"
+                    done <<< "$eslint_out"
+                fi
+            done <<< "$js_files_ci"
+        fi
+    fi
+
+    # Gate 2: Security Scan
+    _ci_scan() {
+        local pattern="$1" sev="$2" cat="$3" finding="$4" suggestion="$5"
+        while IFS= read -r match; do
+            [ -z "$match" ] && continue
+            local ml
+            ml=$(echo "$match" | cut -d: -f1)
+            _ci_add_finding "diff" "$ml" "$sev" "$cat" "$finding" "$suggestion"
+        done < <(echo "$diff_content" | grep -nE "$pattern" 2>/dev/null || true)
+    }
+
+    # Hardcoded secrets
+    local ci_secret_patterns=(
+        'API_KEY\s*[=:]\s*["\x27][A-Za-z0-9+/=_-]{8,}'
+        'SECRET_KEY\s*[=:]\s*["\x27][A-Za-z0-9+/=_-]{8,}'
+        'PASSWORD\s*[=:]\s*["\x27][^\x27"]{4,}'
+        'PRIVATE_KEY\s*[=:]\s*["\x27][A-Za-z0-9+/=_-]{8,}'
+        'AWS_ACCESS_KEY_ID\s*[=:]\s*["\x27]AK[A-Z0-9]{18}'
+        'ghp_[A-Za-z0-9]{36}'
+        'sk-[A-Za-z0-9]{32,}'
+        'Bearer\s+[A-Za-z0-9._-]{20,}'
+    )
+    for pattern in "${ci_secret_patterns[@]}"; do
+        _ci_scan "$pattern" "CRITICAL" "security" \
+            "Potential hardcoded secret detected" \
+            "Use environment variables or a secrets manager"
+    done
+
+    # SQL injection
+    _ci_scan '(SELECT|INSERT|UPDATE|DELETE|DROP)\s.*\+\s*(req\.|request\.|params\.|user)' \
+        "HIGH" "security" \
+        "Potential SQL injection: string concatenation in query" \
+        "Use parameterized queries or prepared statements"
+
+    # eval/exec
+    _ci_scan '(^|\s)(eval|exec)\s*\(' \
+        "HIGH" "security" \
+        "Dangerous eval/exec usage detected" \
+        "Avoid eval/exec with dynamic input"
+
+    # Unsafe deserialization
+    _ci_scan '(pickle\.loads?|yaml\.load\s*\()' \
+        "HIGH" "security" \
+        "Unsafe deserialization detected" \
+        "Use yaml.safe_load or avoid pickle with untrusted data"
+
+    # Disabled SSL
+    _ci_scan '(verify\s*=\s*False|VERIFY_SSL\s*=\s*False|NODE_TLS_REJECT_UNAUTHORIZED.*0|rejectUnauthorized.*false)' \
+        "HIGH" "security" \
+        "SSL verification disabled" \
+        "Enable SSL verification in production"
+
+    # Gate 3: Anti-patterns
+    _ci_scan 'console\.(log|debug)\(' "LOW" "anti-pattern" \
+        "console.log/debug statement found" \
+        "Remove debug logging or use a proper logger"
+
+    _ci_scan 'except\s*:' "MEDIUM" "anti-pattern" \
+        "Bare except clause" \
+        "Catch specific exceptions"
+
+    # Gate 4: TODO/FIXME markers in new code
+    _ci_scan '^\+.*\b(TODO|FIXME|HACK|XXX):' "INFO" "style" \
+        "TODO/FIXME marker in new code" \
+        "Track in issue tracker"
+
+    # --- Test suggestions ---
+    local test_suggestions=""
+    if [ "$ci_test_suggest" = true ] && [ -n "$changed_files" ]; then
+        test_suggestions=$(python3 << 'TEST_SUGGEST_PY'
+import sys, os
+
+changed = os.environ.get("LOKI_CI_CHANGED_FILES", "").strip().split("\n")
+suggestions = []
+
+for f in changed:
+    f = f.strip()
+    if not f:
+        continue
+
+    base = os.path.basename(f)
+    name, ext = os.path.splitext(base)
+    dirpath = os.path.dirname(f)
+
+    # Skip test files themselves
+    if "test" in name.lower() or "spec" in name.lower():
+        continue
+    # Skip non-code files
+    if ext not in (".py", ".js", ".ts", ".jsx", ".tsx", ".sh", ".bash", ".go", ".rs", ".rb"):
+        continue
+
+    # Suggest test file paths based on language conventions
+    if ext == ".py":
+        test_path = os.path.join(dirpath, f"test_{name}.py")
+        alt_path = os.path.join("tests", f"test_{name}.py")
+        suggestions.append({"file": f, "test_file": test_path, "alt_test_file": alt_path,
+                          "framework": "pytest", "hint": f"Add unit tests for {name} module"})
+    elif ext in (".js", ".ts", ".jsx", ".tsx"):
+        test_ext = ext.replace(".ts", ".test.ts").replace(".js", ".test.js").replace(".tsx", ".test.tsx").replace(".jsx", ".test.jsx")
+        if test_ext == ext:
+            test_ext = f".test{ext}"
+        test_path = os.path.join(dirpath, f"{name}{test_ext}")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "jest/vitest", "hint": f"Add tests for {name} component/module"})
+    elif ext in (".sh", ".bash"):
+        test_path = os.path.join("tests", f"test-{name}.sh")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "bash", "hint": f"Add shell tests for {name}"})
+    elif ext == ".go":
+        test_path = os.path.join(dirpath, f"{name}_test.go")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "go test", "hint": f"Add Go tests for {name}"})
+    elif ext == ".rs":
+        suggestions.append({"file": f, "test_file": f"{f} (mod tests)",
+                          "framework": "cargo test", "hint": f"Add #[cfg(test)] mod tests in {name}"})
+    elif ext == ".rb":
+        test_path = os.path.join("spec", f"{name}_spec.rb")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "rspec", "hint": f"Add RSpec tests for {name}"})
+
+import json
+print(json.dumps(suggestions))
+TEST_SUGGEST_PY
+        )
+    fi
+
+    # --- Tally findings ---
+    local count_critical=0 count_high=0 count_medium=0 count_low=0 count_info=0
+    for f in "${findings[@]}"; do
+        local sev
+        sev=$(echo "$f" | cut -d'|' -f3)
+        case "$sev" in
+            CRITICAL) count_critical=$((count_critical + 1)) ;;
+            HIGH) count_high=$((count_high + 1)) ;;
+            MEDIUM) count_medium=$((count_medium + 1)) ;;
+            LOW) count_low=$((count_low + 1)) ;;
+            INFO) count_info=$((count_info + 1)) ;;
+        esac
+    done
+    local count_total=${#findings[@]}
+
+    # Determine exit code based on --fail-on threshold
+    local exit_code=0
+    if [ "$fail_threshold" -lt 99 ]; then
+        for f in "${findings[@]}"; do
+            local sev sev_num
+            sev=$(echo "$f" | cut -d'|' -f3)
+            sev_num=$(_ci_sev_level "$sev")
+            if [ "$sev_num" -ge "$fail_threshold" ]; then
+                exit_code=1
+                break
+            fi
+        done
+    fi
+
+    # --- Build output ---
+    local report_timestamp
+    report_timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+    local file_count
+    file_count=$(echo "$changed_files" | grep -c '.' 2>/dev/null || echo 0)
+
+    if [ "$ci_format" = "json" ]; then
+        # JSON output via python for proper escaping
+        export LOKI_CI_JSON_FINDINGS=""
+        for f in "${findings[@]}"; do
+            LOKI_CI_JSON_FINDINGS+="${f}"$'\n'
+        done
+        export LOKI_CI_JSON_META="ci_env=${ci_env}|pr=${ci_pr_number}|ts=${report_timestamp}|files=${file_count}|exit=${exit_code}"
+        export LOKI_CI_JSON_COUNTS="critical=${count_critical}|high=${count_high}|medium=${count_medium}|low=${count_low}|info=${count_info}|total=${count_total}"
+        export LOKI_CI_JSON_TESTS="${test_suggestions:-[]}"
+
+        python3 << 'CI_JSON_OUT'
+import json, os
+
+findings_raw = os.environ.get("LOKI_CI_JSON_FINDINGS", "").strip().split("\n")
+meta_raw = os.environ.get("LOKI_CI_JSON_META", "")
+counts_raw = os.environ.get("LOKI_CI_JSON_COUNTS", "")
+tests_raw = os.environ.get("LOKI_CI_JSON_TESTS", "[]")
+
+meta = dict(item.split("=", 1) for item in meta_raw.split("|") if "=" in item)
+counts = dict(item.split("=", 1) for item in counts_raw.split("|") if "=" in item)
+
+findings = []
+for line in findings_raw:
+    if not line or "|" not in line:
+        continue
+    parts = line.split("|", 5)
+    if len(parts) >= 6:
+        findings.append({
+            "file": parts[0],
+            "line": int(parts[1]) if parts[1].isdigit() else 0,
+            "severity": parts[2],
+            "category": parts[3],
+            "finding": parts[4],
+            "suggestion": parts[5]
+        })
+
+try:
+    tests = json.loads(tests_raw)
+except Exception:
+    tests = []
+
+report = {
+    "status": "fail" if int(meta.get("exit", "0")) > 0 else "pass",
+    "ci_environment": meta.get("ci_env", "local"),
+    "pr_number": meta.get("pr", ""),
+    "timestamp": meta.get("ts", ""),
+    "files_changed": int(meta.get("files", "0")),
+    "findings": findings,
+    "summary": {
+        "critical": int(counts.get("critical", "0")),
+        "high": int(counts.get("high", "0")),
+        "medium": int(counts.get("medium", "0")),
+        "low": int(counts.get("low", "0")),
+        "info": int(counts.get("info", "0")),
+        "total": int(counts.get("total", "0"))
+    },
+    "exit_code": int(meta.get("exit", "0"))
+}
+if tests:
+    report["test_suggestions"] = tests
+
+print(json.dumps(report, indent=2))
+CI_JSON_OUT
+        unset LOKI_CI_JSON_FINDINGS LOKI_CI_JSON_META LOKI_CI_JSON_COUNTS LOKI_CI_JSON_TESTS
+
+    elif [ "$ci_format" = "github" ]; then
+        # GitHub-flavored markdown for PR comments
+        echo "## Loki CI Quality Report"
+        echo ""
+        echo "| Metric | Count |"
+        echo "|--------|-------|"
+        echo "| Files changed | $file_count |"
+        echo "| Critical | $count_critical |"
+        echo "| High | $count_high |"
+        echo "| Medium | $count_medium |"
+        echo "| Low | $count_low |"
+        echo "| Info | $count_info |"
+        echo "| **Total** | **$count_total** |"
+        echo ""
+
+        if [ "$count_total" -gt 0 ]; then
+            echo "### Findings"
+            echo ""
+            for sev_name in CRITICAL HIGH MEDIUM LOW INFO; do
+                local has_sev=false
+                for f in "${findings[@]}"; do
+                    local f_sev
+                    f_sev=$(echo "$f" | cut -d'|' -f3)
+                    [ "$f_sev" != "$sev_name" ] && continue
+                    if [ "$has_sev" = false ]; then
+                        echo "#### $sev_name"
+                        echo ""
+                        has_sev=true
+                    fi
+                    local f_file f_line f_cat f_finding f_suggestion
+                    f_file=$(echo "$f" | cut -d'|' -f1)
+                    f_line=$(echo "$f" | cut -d'|' -f2)
+                    f_cat=$(echo "$f" | cut -d'|' -f4)
+                    f_finding=$(echo "$f" | cut -d'|' -f5)
+                    f_suggestion=$(echo "$f" | cut -d'|' -f6)
+                    echo "- **\`$f_file:$f_line\`** [$f_cat] $f_finding"
+                    echo "  - Suggestion: $f_suggestion"
+                done
+                [ "$has_sev" = true ] && echo ""
+            done
+        else
+            echo "No findings. All quality gates passed."
+        fi
+
+        if [ -n "${test_suggestions:-}" ] && [ "$test_suggestions" != "[]" ]; then
+            echo "### Test Suggestions"
+            echo ""
+            python3 -c "
+import json, os
+tests = json.loads(os.environ.get('LOKI_CI_TEST_SUGG', '[]'))
+for t in tests:
+    print(f\"- **{t['file']}**: {t['hint']} ({t['framework']})\")
+    print(f\"  - Suggested: \`{t['test_file']}\`\")
+" 2>/dev/null || true
+        fi
+
+        echo ""
+        if [ "$exit_code" -eq 0 ]; then
+            echo "**Result: PASSED**"
+        else
+            echo "**Result: FAILED** (findings exceed threshold)"
+        fi
+        echo ""
+        echo "_Generated by [Loki Mode](https://github.com/asklokesh/loki-mode) at $report_timestamp_"
+
+    else
+        # Default: markdown (terminal-friendly)
+        echo -e "${BOLD}Loki CI Quality Report${NC}"
+        echo -e "Environment: ${CYAN}$ci_env${NC}"
+        [ -n "$ci_pr_number" ] && echo -e "PR: ${CYAN}#$ci_pr_number${NC}"
+        echo -e "Files changed: ${CYAN}$file_count${NC}"
+        echo -e "Timestamp: ${DIM}$report_timestamp${NC}"
+        echo "---"
+
+        if [ "$count_total" -eq 0 ]; then
+            echo -e "${GREEN}All quality gates passed. No findings.${NC}"
+        else
+            for sev_name in CRITICAL HIGH MEDIUM LOW INFO; do
+                local printed_header=false
+                for f in "${findings[@]}"; do
+                    local f_sev
+                    f_sev=$(echo "$f" | cut -d'|' -f3)
+                    [ "$f_sev" != "$sev_name" ] && continue
+                    if [ "$printed_header" = false ]; then
+                        local sev_color="$NC"
+                        case "$sev_name" in
+                            CRITICAL) sev_color="$RED" ;;
+                            HIGH) sev_color="$RED" ;;
+                            MEDIUM) sev_color="$YELLOW" ;;
+                            LOW) sev_color="$CYAN" ;;
+                            INFO) sev_color="$DIM" ;;
+                        esac
+                        echo ""
+                        echo -e "${sev_color}${BOLD}[$sev_name]${NC}"
+                        printed_header=true
+                    fi
+                    local f_file f_line f_cat f_finding f_suggestion
+                    f_file=$(echo "$f" | cut -d'|' -f1)
+                    f_line=$(echo "$f" | cut -d'|' -f2)
+                    f_cat=$(echo "$f" | cut -d'|' -f4)
+                    f_finding=$(echo "$f" | cut -d'|' -f5)
+                    f_suggestion=$(echo "$f" | cut -d'|' -f6)
+                    echo -e "  ${DIM}$f_file:$f_line${NC} [$f_cat] $f_finding"
+                    echo -e "    -> $f_suggestion"
+                done
+            done
+        fi
+
+        echo ""
+        echo "---"
+        echo -e "Summary: ${RED}$count_critical critical${NC}, ${RED}$count_high high${NC}, ${YELLOW}$count_medium medium${NC}, ${CYAN}$count_low low${NC}, ${DIM}$count_info info${NC} ($count_total total)"
+
+        if [ "$ci_test_suggest" = true ] && [ -n "${test_suggestions:-}" ] && [ "$test_suggestions" != "[]" ]; then
+            echo ""
+            echo -e "${BOLD}Test Suggestions${NC}"
+            export LOKI_CI_TEST_SUGG="${test_suggestions}"
+            python3 -c "
+import json, os
+tests = json.loads(os.environ.get('LOKI_CI_TEST_SUGG', '[]'))
+for t in tests:
+    print(f\"  {t['file']} -> {t['test_file']} ({t['framework']})\")
+    print(f\"    {t['hint']}\")
+" 2>/dev/null || true
+            unset LOKI_CI_TEST_SUGG
+        fi
+
+        if [ "$exit_code" -eq 0 ]; then
+            echo -e "${GREEN}Result: PASSED${NC}"
+        else
+            echo -e "${RED}Result: FAILED (findings exceed threshold)${NC}"
+        fi
+    fi
+
+    # --- Post GitHub comment ---
+    if [ "$ci_github_comment" = true ]; then
+        if [ -z "${GITHUB_TOKEN:-}" ]; then
+            echo -e "${YELLOW}Warning: --github-comment requires GITHUB_TOKEN. Skipping comment.${NC}" >&2
+        elif [ -z "$ci_pr_number" ]; then
+            echo -e "${YELLOW}Warning: No PR number detected. Skipping comment.${NC}" >&2
+        elif command -v gh &>/dev/null; then
+            # Generate GitHub-format report for comment
+            local comment_body
+            comment_body=$("$0" ci --pr --format github 2>/dev/null || echo "Loki CI report generation failed.")
+            gh pr comment "$ci_pr_number" --body "$comment_body" 2>/dev/null && \
+                echo -e "${GREEN}Posted review comment to PR #$ci_pr_number${NC}" >&2 || \
+                echo -e "${YELLOW}Warning: Failed to post PR comment${NC}" >&2
+        else
+            echo -e "${YELLOW}Warning: gh CLI required for --github-comment. Install: https://cli.github.com${NC}" >&2
+        fi
+    fi
+
+    return "$exit_code"
+}
+
 main "$@"

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "6.21.0"
+__version__ = "6.23.0"
 
 # Expose the control app for easy import
 try:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v6.21.0
+**Version:** v6.23.0
 
 ---
 

package/mcp/__init__.py

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '6.21.0'
+__version__ = '6.23.0'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loki-mode",
-  "version": "6.21.0",
+  "version": "6.23.0",
   "description": "Loki Mode by Autonomi - Multi-agent autonomous startup system for Claude Code, Codex CLI, and Gemini CLI",
   "keywords": [
     "agent",