loki-mode 6.37.3 → 6.37.4

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v6.37.3
+# Loki Mode v6.37.4
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -267,4 +267,4 @@ The following features are documented in skill modules but not yet fully automat
 | Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
 | Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
 
-**v6.37.3 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v6.37.4 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-6.37.3
+6.37.4

package/autonomy/loki

@@ -7788,6 +7788,36 @@ print(json.dumps({'id': manifest.id, 'dir': str(pipeline.migration_dir)}))
         phases_to_run=("understand" "guardrail" "migrate" "verify")
     fi
 
+    # Validate prerequisite artifacts exist before running phases (#81)
+    for p in "${phases_to_run[@]}"; do
+        case "$p" in
+            guardrail)
+                if [ ! -f "${migration_dir}/docs/analysis.md" ] || [ ! -f "${migration_dir}/seams.json" ]; then
+                    echo -e "${RED}Error: Phase 'guardrail' requires artifacts from 'understand' phase${NC}"
+                    echo -e "${DIM}  Missing: analysis.md or seams.json in ${migration_dir}${NC}"
+                    echo "Run: loki migrate ${codebase_path} --target ${target} --phase understand"
+                    return 1
+                fi
+                ;;
+            migrate)
+                if [ ! -f "${migration_dir}/features.json" ]; then
+                    echo -e "${RED}Error: Phase 'migrate' requires artifacts from 'guardrail' phase${NC}"
+                    echo -e "${DIM}  Missing: features.json in ${migration_dir}${NC}"
+                    echo "Run: loki migrate ${codebase_path} --target ${target} --phase guardrail"
+                    return 1
+                fi
+                ;;
+            verify)
+                if [ ! -f "${migration_dir}/migration-plan.json" ]; then
+                    echo -e "${RED}Error: Phase 'verify' requires migration-plan.json from 'migrate' phase${NC}"
+                    echo -e "${DIM}  Missing: migration-plan.json in ${migration_dir}${NC}"
+                    echo "Run: loki migrate ${codebase_path} --target ${target} --phase migrate"
+                    return 1
+                fi
+                ;;
+        esac
+    done
+
     # Execute phases
     for p in "${phases_to_run[@]}"; do
         echo -e "${CYAN}[Phase: ${p}]${NC} Starting..."
@@ -12595,24 +12625,32 @@ cmd_council() {
 
             if [ -f "$council_dir/state.json" ]; then
                 LOKI_COUNCIL_STATE="$council_dir/state.json" python3 -c "
-import json, os
-with open(os.environ['LOKI_COUNCIL_STATE']) as f:
-    state = json.load(f)
-print(f\"Enabled: {state.get('initialized', False)}\")
-print(f\"Total votes: {state.get('total_votes', 0)}\")
-print(f\"Approve votes: {state.get('approve_votes', 0)}\")
-print(f\"Reject votes: {state.get('reject_votes', 0)}\")
-print(f\"Stagnation streak: {state.get('consecutive_no_change', 0)}\")
-print(f\"Done signals: {state.get('done_signals', 0)}\")
-print(f\"Last check: iteration {state.get('last_check_iteration', 'none')}\")
-verdicts = state.get('verdicts', [])
-if verdicts:
-    print(f\"\nRecent verdicts:\")
-    for v in verdicts[-5:]:
-        print(f\"  Iteration {v['iteration']}: {v['result']} ({v['approve']} approve / {v['reject']} reject)\")
-else:
-    print(f\"\nNo verdicts yet\")
-" 2>/dev/null
+import json, os, sys
+try:
+    with open(os.environ['LOKI_COUNCIL_STATE']) as f:
+        state = json.load(f)
+    print(f\"Enabled: {state.get('initialized', False)}\")
+    print(f\"Total votes: {state.get('total_votes', 0)}\")
+    print(f\"Approve votes: {state.get('approve_votes', 0)}\")
+    print(f\"Reject votes: {state.get('reject_votes', 0)}\")
+    print(f\"Stagnation streak: {state.get('consecutive_no_change', 0)}\")
+    print(f\"Done signals: {state.get('done_signals', 0)}\")
+    print(f\"Last check: iteration {state.get('last_check_iteration', 'none')}\")
+    verdicts = state.get('verdicts', [])
+    if verdicts:
+        print(f\"\nRecent verdicts:\")
+        for v in verdicts[-5:]:
+            print(f\"  Iteration {v['iteration']}: {v['result']} ({v['approve']} approve / {v['reject']} reject)\")
+    else:
+        print(f\"\nNo verdicts yet\")
+except (json.JSONDecodeError, KeyError, TypeError) as e:
+    print(f'Error: Council state file is corrupted or invalid: {e}', file=sys.stderr)
+    print('Delete .loki/council/state.json and restart the session to reset.')
+    sys.exit(1)
+except Exception as e:
+    print(f'Error reading council state: {e}', file=sys.stderr)
+    sys.exit(1)
+" 2>&1
             else
                 echo "Council state file not found"
             fi
@@ -12623,9 +12661,14 @@ else:
 
             if [ -f "$council_dir/state.json" ]; then
                 LOKI_COUNCIL_STATE="$council_dir/state.json" python3 -c "
-import json, os
-with open(os.environ['LOKI_COUNCIL_STATE']) as f:
-    state = json.load(f)
+import json, os, sys
+try:
+    with open(os.environ['LOKI_COUNCIL_STATE']) as f:
+        state = json.load(f)
+except (json.JSONDecodeError, KeyError, TypeError) as e:
+    print(f'Error: Council state file is corrupted: {e}', file=sys.stderr)
+    print('Delete .loki/council/state.json and restart the session to reset.')
+    sys.exit(1)
 verdicts = state.get('verdicts', [])
 if not verdicts:
     print('No decisions recorded yet')

package/autonomy/run.sh

@@ -5502,10 +5502,11 @@ run_code_review() {
     log_info "Selecting 3 specialist reviewers from pool..."
 
     # Write diff/files to temp files for python to read (avoid env var size limits)
+    # Use printf to prevent shell variable expansion in diff content (#78)
     local diff_file="$review_dir/$review_id/diff.txt"
     local files_file="$review_dir/$review_id/files.txt"
-    echo "$diff_content" > "$diff_file"
-    echo "$changed_files" > "$files_file"
+    printf '%s\n' "$diff_content" > "$diff_file"
+    printf '%s\n' "$changed_files" > "$files_file"
 
     # Select specialists via keyword scoring (python3 reads files, not env vars)
     # Loads from agents/types.json when available, falls back to hardcoded pool (v6.7.0)
@@ -5881,11 +5882,11 @@ run_adversarial_testing() {
     local changed_files
     changed_files=$(git -C "${TARGET_DIR:-.}" diff --name-only HEAD~1 2>/dev/null || git -C "${TARGET_DIR:-.}" diff --name-only --cached 2>/dev/null || echo "")
 
-    # Write analysis files
+    # Write analysis files -- use printf to prevent shell variable expansion (#78)
     local diff_file="$adversarial_dir/$test_id/diff.txt"
     local files_file="$adversarial_dir/$test_id/files.txt"
-    echo "$diff_content" > "$diff_file"
-    echo "$changed_files" > "$files_file"
+    printf '%s\n' "$diff_content" > "$diff_file"
+    printf '%s\n' "$changed_files" > "$files_file"
 
     # Build adversarial prompt -- use heredoc with quoted delimiter to prevent
     # shell variable expansion in diff content (fixes #78)

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "6.37.3"
+__version__ = "6.37.4"
 
 # Expose the control app for easy import
 try:

package/dashboard/auth.py

@@ -59,17 +59,29 @@ _SCOPE_HIERARCHY = {
 if OIDC_ENABLED:
     import logging as _logging
     _logger = _logging.getLogger("loki.auth")
+    _pyjwt_available = False
+    try:
+        import jwt as _pyjwt_check  # noqa: F401
+        from jwt import PyJWKClient as _PyJWKClient_check  # noqa: F401
+        _pyjwt_available = True
+    except ImportError:
+        _pyjwt_available = False
+
     if OIDC_SKIP_SIGNATURE_VERIFY:
         _logger.critical(
             "OIDC/SSO signature verification DISABLED (LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true). "
             "This is INSECURE and allows forged JWTs. Only use for local testing. "
             "For production, install PyJWT + cryptography and remove this env var."
         )
+    elif _pyjwt_available:
+        _logger.info(
+            "OIDC/SSO enabled with PyJWT cryptographic signature verification (RS256/RS384/RS512)."
+        )
     else:
-        _logger.warning(
-            "OIDC/SSO enabled (EXPERIMENTAL). Claims-based validation only -- "
-            "JWT signatures are NOT cryptographically verified. Install PyJWT + "
-            "cryptography for production signature verification."
+        _logger.critical(
+            "OIDC/SSO enabled but PyJWT is NOT installed. Tokens will be REJECTED "
+            "unless LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true is set. "
+            "Install PyJWT + cryptography: pip install PyJWT cryptography"
         )
 
 # OIDC JWKS cache (issuer URL -> (keys_dict, fetch_timestamp))
@@ -526,14 +538,18 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
             "issuer": decoded.get("iss"),
         }
     except ImportError:
-        # PyJWT not installed -- fall through to claims-only path with loud warning
-        _warning_msg = (
-            "WARNING: OIDC JWT signatures are NOT cryptographically verified. "
-            "Install PyJWT with 'pip install PyJWT cryptography' for production use."
+        # PyJWT not installed -- only allow claims-only path if explicitly opted in
+        if not OIDC_SKIP_SIGNATURE_VERIFY:
+            _auth_logger.error(
+                "OIDC token rejected: PyJWT not installed and "
+                "LOKI_OIDC_SKIP_SIGNATURE_VERIFY is not set. "
+                "Install PyJWT: pip install PyJWT cryptography"
+            )
+            return None
+        _auth_logger.warning(
+            "PyJWT not installed -- using claims-only validation "
+            "(LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true). This is INSECURE."
         )
-        _auth_logger.warning(_warning_msg)
-        # Also print to stderr so operators notice even without log config
-        print(_warning_msg, file=sys.stderr)
     except Exception as exc:
         _auth_logger.error("PyJWT signature verification failed: %s", exc)
         return None

package/dashboard/server.py

@@ -30,7 +30,7 @@ from fastapi import (
 )
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse, PlainTextResponse
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, field_validator
 from sqlalchemy import select, update, delete
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
@@ -75,6 +75,27 @@ def _safe_int_env(name: str, default: int) -> int:
         return default
 
 
+def _safe_json_read(path: _Path, default: Any = None) -> Any:
+    """Read a JSON file with retry on partial/corrupt data from concurrent writes."""
+    for attempt in range(2):
+        try:
+            text = path.read_text(encoding="utf-8", errors="replace")
+            return json.loads(text)
+        except json.JSONDecodeError:
+            if attempt == 0:
+                time.sleep(0.1)
+                continue
+            return default
+        except (OSError, IOError):
+            return default
+    return default
+
+
+def _safe_read_text(path: _Path) -> str:
+    """Read a text file with UTF-8 encoding, replacing non-UTF-8 bytes."""
+    return open(path, encoding="utf-8", errors="replace").read()
+
+
 # ---------------------------------------------------------------------------
 # Simple in-memory rate limiter for control endpoints
 # ---------------------------------------------------------------------------
@@ -98,12 +119,12 @@ class _RateLimiter:
         for k in empty_keys:
             del self._calls[k]
 
-        # Evict oldest keys if max_keys exceeded
+        # Evict least-recently-accessed keys if max_keys exceeded
         if len(self._calls) > self._max_keys:
-            # Sort by oldest timestamp, remove oldest keys
+            # Sort by last-access time (most recent timestamp), evict least recent
             sorted_keys = sorted(
                 self._calls.items(),
-                key=lambda x: min(x[1]) if x[1] else 0
+                key=lambda x: max(x[1]) if x[1] else 0
             )
             keys_to_remove = len(self._calls) - self._max_keys
             for k, _ in sorted_keys[:keys_to_remove]:
@@ -123,12 +144,30 @@ logger = logging.getLogger(__name__)
 
 
 # Pydantic schemas for API
+def _sanitize_text_field(value: str) -> str:
+    """Strip/reject control characters from text fields."""
+    import unicodedata
+    # Remove control characters (except common whitespace like space)
+    cleaned = "".join(
+        ch for ch in value if unicodedata.category(ch)[0] != "C" or ch in (" ",)
+    )
+    cleaned = cleaned.strip()
+    if not cleaned:
+        raise ValueError("Field must not be empty after removing control characters")
+    return cleaned
+
+
 class ProjectCreate(BaseModel):
     """Schema for creating a project."""
     name: str = Field(..., min_length=1, max_length=255)
     description: Optional[str] = None
     prd_path: Optional[str] = None
 
+    @field_validator("name")
+    @classmethod
+    def validate_name(cls, v: str) -> str:
+        return _sanitize_text_field(v)
+
 
 class ProjectUpdate(BaseModel):
     """Schema for updating a project."""
@@ -165,6 +204,11 @@ class TaskCreate(BaseModel):
     parent_task_id: Optional[int] = None
     estimated_duration: Optional[int] = None
 
+    @field_validator("title")
+    @classmethod
+    def validate_title(cls, v: str) -> str:
+        return _sanitize_text_field(v)
+
 
 class TaskUpdate(BaseModel):
     """Schema for updating a task."""
@@ -315,7 +359,7 @@ async def _push_loki_state_loop() -> None:
                 if mtime != last_mtime:
                     last_mtime = mtime
                     try:
-                        raw = json.loads(state_file.read_text())
+                        raw = _safe_json_read(state_file, {})
                         # Transform to StatusResponse-compatible format
                         agents_list = raw.get("agents", [])
                         running_agents = len(agents_list) if isinstance(agents_list, list) else 0
@@ -515,10 +559,10 @@ async def get_status() -> StatusResponse:
     pending_tasks = 0
     running_agents = 0
 
-    # Read dashboard state
+    # Read dashboard state (with retry for concurrent writes)
     if state_file.exists():
         try:
-            state = json.loads(state_file.read_text())
+            state = _safe_json_read(state_file, {})
             phase = state.get("phase", "")
             iteration = state.get("iteration", 0)
             complexity = state.get("complexity", "standard")
@@ -561,7 +605,7 @@ async def get_status() -> StatusResponse:
     # Also check session.json for skill-invoked sessions
     if not running and session_file.exists():
         try:
-            sd = json.loads(session_file.read_text())
+            sd = _safe_json_read(session_file, {})
             if sd.get("status") == "running":
                 running = True
         except (json.JSONDecodeError, KeyError):
@@ -673,21 +717,41 @@ async def get_status() -> StatusResponse:
 @app.get("/api/projects", response_model=list[ProjectResponse])
 async def list_projects(
     status: Optional[str] = Query(None),
+    limit: int = Query(default=50, ge=1, le=500),
+    offset: int = Query(default=0, ge=0),
     db: AsyncSession = Depends(get_db),
 ) -> list[ProjectResponse]:
-    """List all projects."""
-    query = select(Project).options(selectinload(Project.tasks))
+    """List projects with pagination. Does not eager-load tasks for efficiency."""
+    from sqlalchemy import func as sa_func
+
+    query = select(Project)
     if status:
         query = query.where(Project.status == status)
-    query = query.order_by(Project.created_at.desc())
+    query = query.order_by(Project.created_at.desc()).offset(offset).limit(limit)
 
     result = await db.execute(query)
     projects = result.scalars().all()
 
+    # Batch-fetch task counts instead of N+1 eager loading
+    project_ids = [p.id for p in projects]
     response = []
+    if project_ids:
+        count_query = (
+            select(
+                Task.project_id,
+                sa_func.count().label("total"),
+                sa_func.count().filter(Task.status == TaskStatus.DONE).label("done"),
+            )
+            .where(Task.project_id.in_(project_ids))
+            .group_by(Task.project_id)
+        )
+        count_result = await db.execute(count_query)
+        counts = {row.project_id: (row.total, row.done) for row in count_result}
+    else:
+        counts = {}
+
     for project in projects:
-        task_count = len(project.tasks)
-        completed_count = len([t for t in project.tasks if t.status == TaskStatus.DONE])
+        total, done = counts.get(project.id, (0, 0))
         response.append(
             ProjectResponse(
                 id=project.id,
@@ -697,8 +761,8 @@ async def list_projects(
                 status=project.status,
                 created_at=project.created_at,
                 updated_at=project.updated_at,
-                task_count=task_count,
-                completed_task_count=completed_count,
+                task_count=total,
+                completed_task_count=done,
             )
         )
     return response
@@ -1066,12 +1130,29 @@ async def create_task(
                 Task.project_id == task.project_id
             )
         )
-        if not result.scalar_one_or_none():
+        parent = result.scalar_one_or_none()
+        if not parent:
             raise HTTPException(
                 status_code=400,
                 detail="Parent task not found or belongs to different project"
             )
 
+        # Detect circular reference: walk parent chain
+        visited = set()
+        current_parent_id = task.parent_task_id
+        while current_parent_id is not None:
+            if current_parent_id in visited:
+                raise HTTPException(
+                    status_code=422,
+                    detail="Circular reference detected in parent task chain"
+                )
+            visited.add(current_parent_id)
+            parent_result = await db.execute(
+                select(Task.parent_task_id).where(Task.id == current_parent_id)
+            )
+            row = parent_result.scalar_one_or_none()
+            current_parent_id = row if row else None
+
     db_task = Task(
         project_id=task.project_id,
         title=task.title,
@@ -1192,6 +1273,15 @@ async def delete_task(
     })
 
 
+# Valid status transitions for task state machine
+_TASK_STATE_MACHINE: dict[TaskStatus, set[TaskStatus]] = {
+    TaskStatus.BACKLOG: {TaskStatus.PENDING},
+    TaskStatus.PENDING: {TaskStatus.IN_PROGRESS},
+    TaskStatus.IN_PROGRESS: {TaskStatus.REVIEW, TaskStatus.DONE},
+    TaskStatus.REVIEW: {TaskStatus.DONE, TaskStatus.IN_PROGRESS},
+}
+
+
 @app.post("/api/tasks/{task_id}/move", response_model=TaskResponse, dependencies=[Depends(auth.require_scope("control"))])
 async def move_task(
     task_id: int,
@@ -1208,6 +1298,18 @@ async def move_task(
         raise HTTPException(status_code=404, detail="Task not found")
 
     old_status = task.status
+
+    # Validate status transition
+    if move.status != old_status:
+        allowed = _TASK_STATE_MACHINE.get(old_status, set())
+        if move.status not in allowed:
+            raise HTTPException(
+                status_code=422,
+                detail=f"Invalid status transition: {old_status.value} -> {move.status.value}. "
+                       f"Allowed transitions from {old_status.value}: "
+                       f"{', '.join(s.value for s in allowed) if allowed else 'none'}",
+            )
+
     task.status = move.status
     task.position = move.position
 
@@ -1252,8 +1354,9 @@ async def websocket_endpoint(websocket: WebSocket) -> None:
     # proxy access logs -- configure log sanitization for /ws in production.
     # FastAPI Depends() is not supported on @app.websocket() routes.
 
-    # Rate limit WebSocket connections by IP
-    client_ip = websocket.client.host if websocket.client else "unknown"
+    # Rate limit WebSocket connections by IP (use unique key when client info unavailable)
+    import uuid as _uuid
+    client_ip = websocket.client.host if websocket.client else f"ws-{_uuid.uuid4().hex}"
     if not _read_limiter.check(f"ws_{client_ip}"):
         await websocket.close(code=1008)  # Policy Violation
         return
@@ -1447,7 +1550,13 @@ async def sync_registry():
     if not _read_limiter.check("registry_sync"):
         raise HTTPException(status_code=429, detail="Rate limit exceeded")
 
-    result = registry.sync_registry_with_discovery()
+    try:
+        result = await asyncio.wait_for(
+            asyncio.get_event_loop().run_in_executor(None, registry.sync_registry_with_discovery),
+            timeout=30.0,
+        )
+    except asyncio.TimeoutError:
+        raise HTTPException(status_code=504, detail="Registry sync timed out after 30 seconds")
     return {
         "added": result["added"],
         "updated": result["updated"],
@@ -1815,11 +1924,14 @@ async def list_episodes(limit: int = Query(default=50, ge=1, le=1000)):
         except Exception:
             pass
 
-    # Fallback to JSON files
+    # Fallback to JSON files -- use heapq to avoid sorting all files
+    import heapq
     ep_dir = _get_loki_dir() / "memory" / "episodic"
     episodes = []
     if ep_dir.exists():
-        files = sorted(ep_dir.glob("*.json"), reverse=True)[:limit]
+        all_files = ep_dir.glob("*.json")
+        # nlargest by filename (timestamps sort lexicographically) avoids full sort
+        files = heapq.nlargest(limit, all_files, key=lambda f: f.name)
         for f in files:
             try:
                 episodes.append(json.loads(f.read_text()))
@@ -3525,7 +3637,7 @@ async def get_logs(lines: int = 100, token: Optional[dict] = Depends(auth.get_cu
                 file_mtime = datetime.fromtimestamp(log_file.stat().st_mtime, tz=timezone.utc).strftime(
                     "%Y-%m-%dT%H:%M:%S"
                 )
-                content = log_file.read_text()
+                content = _safe_read_text(log_file)
                 for raw_line in content.strip().split("\n")[-lines:]:
                     timestamp = ""
                     level = "info"
@@ -4310,7 +4422,7 @@ async def get_app_runner_logs(lines: int = Query(default=100, ge=1, le=1000)):
     if not log_file.exists():
         return {"lines": []}
     try:
-        all_lines = log_file.read_text().splitlines()
+        all_lines = _safe_read_text(log_file).splitlines()
         return {"lines": all_lines[-lines:]}
     except OSError:
         return {"lines": []}
@@ -4573,25 +4685,16 @@ async def serve_index():
         if os.path.isfile(index_path):
             return FileResponse(index_path, media_type="text/html")
 
-    # Return helpful error message
-    return HTMLResponse(
-        content="""
-        <html>
-        <head><title>Loki Dashboard</title></head>
-        <body style="font-family: system-ui; padding: 40px; max-width: 600px; margin: 0 auto;">
-            <h1>Dashboard Frontend Not Found</h1>
-            <p>The dashboard API is running, but the frontend files were not found.</p>
-            <p>To fix this, run:</p>
-            <pre style="background: #f5f5f5; padding: 15px; border-radius: 5px;">cd dashboard-ui && npm run build</pre>
-            <p><strong>API Endpoints:</strong></p>
-            <ul>
-                <li><a href="/health">/health</a> - Health check</li>
-                <li><a href="/docs">/docs</a> - API documentation</li>
-            </ul>
-        </body>
-        </html>
-        """,
-        status_code=200
+    # Return 503 when frontend files are not found
+    return JSONResponse(
+        content={
+            "error": "dashboard_frontend_not_found",
+            "detail": "The dashboard API is running, but the frontend files were not found. "
+                      "Run: cd dashboard-ui && npm run build",
+            "api_docs": "/docs",
+            "health": "/health",
+        },
+        status_code=503,
     )
 
 

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v6.37.3
+**Version:** v6.37.4
 
 ---
 

package/mcp/__init__.py

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '6.37.3'
+__version__ = '6.37.4'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "loki-mode",
-  "version": "6.37.3",
+  "version": "6.37.4",
   "description": "Loki Mode by Autonomi - Multi-agent autonomous startup system for Claude Code, Codex CLI, and Gemini CLI",
   "keywords": [
     "agent",