loki-mode 6.36.6 → 6.37.1

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v6.36.6
+# Loki Mode v6.37.1
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -267,4 +267,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v6.36.6 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v6.37.1 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-6.36.6
+6.37.1

package/autonomy/loki

@@ -2635,6 +2635,21 @@ cmd_dashboard_start() {
     echo "$host" > "${DASHBOARD_PID_DIR}/host"
     echo "$url_scheme" > "${DASHBOARD_PID_DIR}/scheme"
 
+    # Wait for PID file to be written (up to 10 seconds)
+    # Fixes race condition where PID file may not exist yet when checked
+    local pid_wait_retries=20
+    local pid_wait_interval=0.5
+    while [[ $pid_wait_retries -gt 0 ]]; do
+        if [[ -f "$DASHBOARD_PID_FILE" ]]; then
+            break
+        fi
+        sleep "$pid_wait_interval"
+        pid_wait_retries=$((pid_wait_retries - 1))
+    done
+    if [[ ! -f "$DASHBOARD_PID_FILE" ]]; then
+        echo -e "${YELLOW}Warning: Dashboard PID file not written within timeout${NC}"
+    fi
+
     # Wait a moment and check if process is still running
     sleep 1
 
@@ -3002,6 +3017,16 @@ cmd_web_start() {
         esac
     done
 
+    # Validate port: must be numeric and in valid range
+    if [[ ! "$port" =~ ^[0-9]+$ ]]; then
+        echo -e "${RED}Error: Port must be a number, got '$port'${NC}"
+        exit 1
+    fi
+    if [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
+        echo -e "${RED}Error: Port must be between 1 and 65535, got $port${NC}"
+        exit 1
+    fi
+
     # Validate --prd file if provided
     if [ -n "$prd_file" ]; then
         if [ ! -f "$prd_file" ]; then
@@ -4624,6 +4649,7 @@ cmd_export() {
             exit 0
             ;;
         json)
+            require_jq || return 1
             _export_json "$output_path"
             ;;
         markdown|md)
@@ -4633,6 +4659,7 @@ cmd_export() {
             _export_csv "$output_path"
             ;;
         timeline)
+            require_jq || return 1
             _export_timeline "$output_path"
             ;;
         *)

package/autonomy/run.sh

@@ -5887,14 +5887,20 @@ run_adversarial_testing() {
     echo "$diff_content" > "$diff_file"
     echo "$changed_files" > "$files_file"
 
-    # Build adversarial prompt
-    local adversarial_prompt="You are an ADVERSARIAL TESTER. Your goal is to BREAK the implementation.
+    # Build adversarial prompt -- use heredoc with quoted delimiter to prevent
+    # shell variable expansion in diff content (fixes #78)
+    local files_content changed_content
+    files_content=$(cat "$files_file")
+    changed_content=$(head -500 "$diff_file")
+    local adversarial_prompt
+    read -r -d '' adversarial_prompt <<'ADVERSARIAL_EOF' || true
+You are an ADVERSARIAL TESTER. Your goal is to BREAK the implementation.
 
 CHANGED FILES:
-$(cat "$files_file")
+__FILES_PLACEHOLDER__
 
 DIFF:
-$(head -500 "$diff_file")
+__DIFF_PLACEHOLDER__
 
 YOUR MISSION:
 1. Find edge cases that will cause crashes or incorrect behavior
@@ -5913,7 +5919,11 @@ ATTACK_VECTORS:
 SUGGESTED_TESTS:
 - Test description that would catch this issue
 
-OVERALL_RISK: HIGH or MEDIUM or LOW"
+OVERALL_RISK: HIGH or MEDIUM or LOW
+ADVERSARIAL_EOF
+    # Substitute placeholders with actual content (safe from shell expansion)
+    adversarial_prompt="${adversarial_prompt/__FILES_PLACEHOLDER__/$files_content}"
+    adversarial_prompt="${adversarial_prompt/__DIFF_PLACEHOLDER__/$changed_content}"
 
     local result_file="$adversarial_dir/$test_id/result.txt"
 
@@ -8862,7 +8872,8 @@ if __name__ == "__main__":
                 # Uses positional prompt after exec subcommand
                 # Note: Effort is set via env var, not CLI flag
                 # Uses dynamic tier from RARV phase (tier_param already set above)
-                { CODEX_MODEL_REASONING_EFFORT="$tier_param" \
+                { LOKI_CODEX_REASONING_EFFORT="$tier_param" \
+                CODEX_MODEL_REASONING_EFFORT="$tier_param" \
                 codex exec --full-auto \
                     "$prompt" 2>&1 | tee -a "$log_file" "$agent_log"; \
                 } && exit_code=0 || exit_code=$?

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "6.36.6"
+__version__ = "6.37.1"
 
 # Expose the control app for easy import
 try:

package/dashboard/auth.py

@@ -468,17 +468,69 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
     - Audience matches OIDC_AUDIENCE or OIDC_CLIENT_ID
     - Token is not expired
 
-    SECURITY WARNING: Cryptographic signature verification is NOT performed
-    unless PyJWT is installed. This implementation only validates claims.
-    An attacker can forge JWTs unless LOKI_OIDC_SKIP_SIGNATURE_VERIFY is
-    explicitly set to 'true' (which is INSECURE and only for local testing).
-
-    For production: Install PyJWT + cryptography for proper RSA/HMAC
-    signature verification.
+    SECURITY CRITICAL: Without PyJWT, JWT signatures are NOT cryptographically
+    verified. An attacker can forge tokens with arbitrary claims. For any
+    production deployment, you MUST install PyJWT + cryptography so that
+    this function verifies the RS256/RS384/RS512 signature against the
+    provider's JWKS endpoint. Without signature verification, OIDC
+    authentication provides ZERO security.
+
+    For production: pip install PyJWT cryptography
     """
     if not OIDC_ENABLED:
         return None
 
+    import logging as _logging
+    import sys
+    _auth_logger = _logging.getLogger("loki.auth")
+
+    # -- Attempt PyJWT-based cryptographic verification first --
+    # This is the ONLY secure path. Without this, tokens are NOT verified.
+    try:
+        import jwt as _pyjwt
+        from jwt import PyJWKClient
+
+        jwks_config = _get_oidc_config()
+        jwks_uri = jwks_config.get("jwks_uri")
+        if not jwks_uri:
+            _auth_logger.error("OIDC discovery document missing jwks_uri -- cannot verify token")
+            return None
+
+        jwks_client = PyJWKClient(jwks_uri)
+        signing_key = jwks_client.get_signing_key_from_jwt(token_str)
+
+        expected_aud = OIDC_AUDIENCE or OIDC_CLIENT_ID
+        decoded = _pyjwt.decode(
+            token_str,
+            signing_key.key,
+            algorithms=["RS256", "RS384", "RS512"],
+            audience=expected_aud,
+            issuer=OIDC_ISSUER,
+        )
+
+        return {
+            "id": decoded.get("sub", ""),
+            "name": decoded.get("name", decoded.get("email", decoded.get("sub", ""))),
+            "email": decoded.get("email", ""),
+            "scopes": ["*"],  # OIDC users get full access
+            "auth_method": "oidc",
+            "issuer": decoded.get("iss"),
+        }
+    except ImportError:
+        # PyJWT not installed -- fall through to claims-only path with loud warning
+        _warning_msg = (
+            "WARNING: OIDC JWT signatures are NOT cryptographically verified. "
+            "Install PyJWT with 'pip install PyJWT cryptography' for production use."
+        )
+        _auth_logger.warning(_warning_msg)
+        # Also print to stderr so operators notice even without log config
+        print(_warning_msg, file=sys.stderr)
+    except Exception as exc:
+        _auth_logger.error("PyJWT signature verification failed: %s", exc)
+        return None
+
+    # -- Fallback: claims-only validation (INSECURE without PyJWT) --
+
     try:
         parts = token_str.split(".")
         if len(parts) != 3:
@@ -487,16 +539,14 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
         # Basic sanity check: signature part must not be empty
         header_b64, payload_b64, signature_b64 = parts
         if not signature_b64 or len(signature_b64) < 10:
-            import logging as _logging
-            _logging.getLogger("loki.auth").error(
+            _auth_logger.error(
                 "OIDC token rejected: signature part is missing or too short"
             )
             return None
 
         # CRITICAL: Check if signature verification is explicitly skipped
         if not OIDC_SKIP_SIGNATURE_VERIFY:
-            import logging as _logging
-            _logging.getLogger("loki.auth").critical(
+            _auth_logger.critical(
                 "OIDC token received but signature verification is NOT implemented. "
                 "Set LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true to explicitly allow "
                 "unverified tokens (INSECURE - local testing only), or install "

package/dashboard/control.py

@@ -266,7 +266,8 @@ def get_status() -> StatusResponse:
                         running = True
                 else:
                     running = True
-        except (json.JSONDecodeError, KeyError):
+        except (json.JSONDecodeError, OSError, KeyError):
+            # Partial JSON from concurrent write -- treat as unavailable
             pass
 
     # Determine state
@@ -304,7 +305,8 @@ def get_status() -> StatusResponse:
                 pending_tasks = len(pending)
             elif isinstance(pending, dict):
                 pending_tasks = len(pending.get("tasks", []))
-        except (json.JSONDecodeError, KeyError):
+        except (json.JSONDecodeError, OSError, KeyError):
+            # Partial JSON from concurrent write -- treat as unavailable
             pass
 
     # Read provider from state
@@ -318,7 +320,8 @@ def get_status() -> StatusResponse:
         try:
             orch = json.loads(orch_file.read_text())
             current_task = orch.get("currentTask", "")
-        except (json.JSONDecodeError, KeyError):
+        except (json.JSONDecodeError, OSError, KeyError):
+            # Partial JSON from concurrent write -- treat as unavailable
             pass
 
     return StatusResponse(
@@ -458,7 +461,7 @@ async def stop_session():
 
             # Atomic write with file locking to prevent race conditions
             atomic_write_json(session_file, session_data, use_lock=True)
-        except (json.JSONDecodeError, KeyError, RuntimeError):
+        except (json.JSONDecodeError, OSError, KeyError, RuntimeError):
             pass
 
     # Emit stop event

package/dashboard/server.py

@@ -263,7 +263,7 @@ class ConnectionManager:
     async def broadcast(self, message: dict[str, Any]) -> None:
         """Broadcast a message to all connected clients."""
         disconnected = []
-        for connection in self.active_connections:
+        for connection in list(self.active_connections):
             try:
                 await connection.send_json(message)
             except Exception as e:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v6.36.6
+**Version:** v6.37.1
 
 ---
 

package/events/bus.py

@@ -139,9 +139,10 @@ class EventBus:
         """Save event ID as processed."""
         self._processed_ids.add(event_id)
 
-        # Prune to last 1000
+        # Prune to last 1000 (always, regardless of disk write outcome)
         if len(self._processed_ids) > 1000:
-            self._processed_ids = set(list(self._processed_ids)[-1000:])
+            pruned = list(self._processed_ids)[-1000:]
+            self._processed_ids = set(pruned)
 
         try:
             with open(self.processed_file, 'w') as f:
@@ -151,6 +152,7 @@ class EventBus:
                 finally:
                     fcntl.flock(f.fileno(), fcntl.LOCK_UN)
         except IOError:
+            # Disk write failed -- set is already pruned in memory above
             pass
 
     def emit(self, event: LokiEvent) -> str:
@@ -338,6 +340,24 @@ class EventBus:
             self._thread.join(timeout=2.0)
             self._thread = None
 
+    def close(self) -> None:
+        """Clean up all threading resources."""
+        self.stop_background_processing()
+        self._subscribers.clear()
+
+    def __del__(self) -> None:
+        """Ensure threads are cleaned up on garbage collection."""
+        try:
+            self.close()
+        except Exception:
+            pass
+
+    def __enter__(self) -> 'EventBus':
+        return self
+
+    def __exit__(self, *exc) -> None:
+        self.close()
+
     def get_event_history(
         self,
         types: Optional[List[EventType]] = None,

package/mcp/__init__.py

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '6.36.6'
+__version__ = '6.37.1'

package/mcp/server.py

@@ -143,11 +143,31 @@ def validate_path(path: str, allowed_dirs: List[str] = None) -> str:
 
     project_root = get_project_root()
 
-    # Resolve to absolute path, following symlinks
+    # Build absolute path without resolving symlinks first
     if os.path.isabs(path):
-        resolved_path = os.path.realpath(path)
+        abs_path = path
     else:
-        resolved_path = os.path.realpath(os.path.join(project_root, path))
+        abs_path = os.path.join(project_root, path)
+
+    # Walk each component to detect symlink chains escaping allowed dirs
+    # This prevents symlinks that hop through directories outside the project
+    parts = os.path.normpath(abs_path).split(os.sep)
+    current = os.sep if abs_path.startswith(os.sep) else ''
+    for part in parts:
+        if not part:
+            continue
+        current = os.path.join(current, part)
+        if os.path.islink(current):
+            link_target = os.path.realpath(current)
+            # Each symlink target must resolve within the project root
+            if not link_target.startswith(project_root + os.sep) and link_target != project_root:
+                raise PathTraversalError(
+                    f"Access denied: Symlink '{current}' escapes project root "
+                    f"(target: '{link_target}')"
+                )
+
+    # Resolve to absolute path, following all symlinks for final check
+    resolved_path = os.path.realpath(abs_path)
 
     # Check if path is within any of the allowed directories
     for allowed_dir in allowed_dirs:
@@ -1022,11 +1042,11 @@ async def loki_start_project(prd_content: str = "", prd_path: str = "") -> str:
     try:
         content = prd_content
         if not content and prd_path:
-            # Resolve relative paths against project root, absolute paths used as-is
-            if os.path.isabs(prd_path):
-                resolved = os.path.realpath(prd_path)
-            else:
-                resolved = os.path.realpath(os.path.join(get_project_root(), prd_path))
+            # Resolve symlinks and validate path is within project root
+            try:
+                resolved = validate_path(prd_path, allowed_dirs=['.'])
+            except PathTraversalError as e:
+                return json.dumps({"error": str(e)})
             if os.path.exists(resolved) and os.path.isfile(resolved):
                 with open(resolved, 'r', encoding='utf-8') as f:
                     content = f.read()

package/memory/namespace.py

@@ -458,9 +458,21 @@ class NamespaceManager:
 
         Returns:
             Path to the namespace's storage directory
+
+        Raises:
+            ValueError: If namespace contains path traversal characters
         """
         if namespace == DEFAULT_NAMESPACE:
             return self.base_path
+        # Block path traversal -- only allow alphanumeric, hyphen, underscore
+        if not re.match(r'^[a-zA-Z0-9_-]+$', namespace):
+            raise ValueError(
+                f"Invalid namespace '{namespace}': "
+                "only alphanumeric characters, hyphens, and underscores are allowed"
+            )
+        resolved = (self.base_path / namespace).resolve()
+        if not str(resolved).startswith(str(self.base_path.resolve())):
+            raise ValueError(f"Namespace '{namespace}' resolves outside base path")
         return self.base_path / namespace
 
     def ensure_namespace_exists(self, namespace: str) -> Path:

package/memory/storage.py

@@ -66,6 +66,15 @@ class MemoryStorage:
         self._root_path = Path(base_path)
         self._namespace = namespace
 
+        # Validate namespace to prevent path traversal
+        if namespace and namespace != DEFAULT_NAMESPACE:
+            import re
+            if not re.match(r'^[a-zA-Z0-9_-]+$', namespace):
+                raise ValueError(
+                    f"Invalid namespace '{namespace}': "
+                    "only alphanumeric characters, hyphens, and underscores are allowed"
+                )
+
         # Calculate effective base path (with namespace if specified)
         if namespace and namespace != DEFAULT_NAMESPACE:
             self.base_path = self._root_path / namespace
@@ -97,7 +106,17 @@ class MemoryStorage:
 
         Returns:
             New MemoryStorage instance for the specified namespace
+
+        Raises:
+            ValueError: If namespace contains path traversal characters
         """
+        import re
+        if namespace and namespace != DEFAULT_NAMESPACE:
+            if not re.match(r'^[a-zA-Z0-9_-]+$', namespace):
+                raise ValueError(
+                    f"Invalid namespace '{namespace}': "
+                    "only alphanumeric characters, hyphens, and underscores are allowed"
+                )
         return MemoryStorage(
             base_path=str(self._root_path),
             namespace=namespace,
@@ -122,13 +141,21 @@ class MemoryStorage:
         self._cleanup_stale_locks()
 
     def _cleanup_stale_locks(self) -> None:
-        """Remove stale .lock files older than 5 minutes (safe with concurrent processes)."""
+        """Remove stale .lock files older than 5 minutes (safe with concurrent processes).
+
+        Uses file age in seconds (monotonic comparison) instead of wall-clock
+        datetime comparison, which breaks when the system clock jumps.
+        """
         try:
-            stale_cutoff = datetime.now(timezone.utc) - timedelta(minutes=5)
+            import time
+            now_mono = time.monotonic()
+            now_real = time.time()
+            stale_seconds = 300  # 5 minutes
             for lock_file in self.base_path.rglob("*.lock"):
                 try:
-                    mtime = datetime.fromtimestamp(lock_file.stat().st_mtime, tz=timezone.utc)
-                    if mtime < stale_cutoff:
+                    file_mtime = lock_file.stat().st_mtime
+                    age_seconds = now_real - file_mtime
+                    if age_seconds > stale_seconds:
                         lock_file.unlink()
                 except OSError:
                     pass

package/memory/token_economics.py

@@ -19,8 +19,11 @@ import os
 from dataclasses import dataclass, field, asdict
 from datetime import datetime, timezone
 from pathlib import Path
+import logging
 from typing import Any, Dict, List, Optional
 
+logger = logging.getLogger(__name__)
+
 
 # -----------------------------------------------------------------------------
 # Constants
@@ -367,6 +370,7 @@ def evaluate_thresholds(metrics: dict) -> List[Action]:
 
         metric_value = metrics.get(metric_name)
         if metric_value is None:
+            logger.warning("Threshold metric '%s' not found in metrics; skipping evaluation", metric_name)
             continue
 
         triggered = False

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loki-mode",
-  "version": "6.36.6",
+  "version": "6.37.1",
   "description": "Loki Mode by Autonomi - Multi-agent autonomous startup system for Claude Code, Codex CLI, and Gemini CLI",
   "keywords": [
     "agent",

package/providers/codex.sh

@@ -153,11 +153,15 @@ resolve_model_for_tier() {
 
 # Tier-aware invocation
 # Codex CLI uses CODEX_MODEL_REASONING_EFFORT env var for effort control
+# LOKI_CODEX_REASONING_EFFORT is the canonical namespaced env var (v6.37.1+)
+# CODEX_MODEL_REASONING_EFFORT is supported for backward compatibility (deprecated)
 provider_invoke_with_tier() {
     local tier="$1"
     local prompt="$2"
     shift 2
     local effort
     effort=$(resolve_model_for_tier "$tier")
-    CODEX_MODEL_REASONING_EFFORT="$effort" codex exec --full-auto "$prompt" "$@"
+    LOKI_CODEX_REASONING_EFFORT="$effort" \
+    CODEX_MODEL_REASONING_EFFORT="$effort" \
+    codex exec --full-auto "$prompt" "$@"
 }

package/web-app/server.py

@@ -316,7 +316,8 @@ async def start_session(req: StartRequest) -> JSONResponse:
                 text=True,
                 cwd=project_dir,
                 env={**os.environ, "LOKI_DIR": os.path.join(project_dir, ".loki")},
-                start_new_session=True,  # create new process group for clean kill
+                **({"start_new_session": True} if sys.platform != "win32"
+                   else {"creationflags": subprocess.CREATE_NEW_PROCESS_GROUP}),
             )
         except FileNotFoundError:
             return JSONResponse(
@@ -371,23 +372,37 @@ async def stop_session() -> JSONResponse:
         await session.cleanup()
 
         # 3. Kill the process group (catches child processes too)
-        try:
-            pgid = os.getpgid(proc.pid)
-            os.killpg(pgid, signal.SIGTERM)
-        except (ProcessLookupError, PermissionError, OSError):
-            # Fallback: kill the process directly
+        if sys.platform != "win32":
+            try:
+                pgid = os.getpgid(proc.pid)
+                os.killpg(pgid, signal.SIGTERM)
+            except (ProcessLookupError, PermissionError, OSError):
+                try:
+                    proc.terminate()
+                except Exception:
+                    pass
+        else:
             try:
-                proc.terminate()
+                subprocess.call(["taskkill", "/F", "/T", "/PID", str(proc.pid)])
             except Exception:
-                pass
+                try:
+                    proc.terminate()
+                except Exception:
+                    pass
 
         try:
             proc.wait(timeout=5)
         except subprocess.TimeoutExpired:
-            try:
-                pgid = os.getpgid(proc.pid)
-                os.killpg(pgid, signal.SIGKILL)
-            except (ProcessLookupError, PermissionError, OSError):
+            if sys.platform != "win32":
+                try:
+                    pgid = os.getpgid(proc.pid)
+                    os.killpg(pgid, signal.SIGKILL)
+                except (ProcessLookupError, PermissionError, OSError):
+                    try:
+                        proc.kill()
+                    except Exception:
+                        pass
+            else:
                 try:
                     proc.kill()
                 except Exception:
@@ -966,7 +981,7 @@ async def get_session_detail(session_id: str) -> JSONResponse:
     """Get details of a past session for read-only viewing."""
     import re
     # Validate session_id format (prevent path traversal)
-    if not re.match(r"^[a-zA-Z0-9_-]+$", session_id):
+    if not re.match(r"^[a-zA-Z0-9._-]+$", session_id):
         return JSONResponse(status_code=400, content={"error": "Invalid session ID"})
 
     search_dirs = [
@@ -1032,7 +1047,9 @@ async def onboard_session(req: OnboardRequest) -> JSONResponse:
     except (ValueError, OSError):
         return JSONResponse(status_code=400, content={"error": "Invalid path"})
     home = Path.home().resolve()
-    if not str(target).startswith(str(home)):
+    try:
+        target.relative_to(home)
+    except ValueError:
         return JSONResponse(status_code=400, content={"error": "Path must be within your home directory"})
     if not target.exists():
         return JSONResponse(status_code=400, content={"error": "Path does not exist"})