loki-mode 6.60.0 → 6.62.0

package/autonomy/sandbox.sh

@@ -356,19 +356,24 @@ CREATED_AT=$(date -Iseconds)
 PARENT_DIR=$PROJECT_DIR
 EOF
 
-    # Save state
+    # Save state using python3 for safe JSON encoding (avoids shell injection
+    # from paths containing quotes, backslashes, or other special characters)
     mkdir -p "$(dirname "$WORKTREE_STATE_FILE")"
-    cat > "$WORKTREE_STATE_FILE" << EOF
-{
-    "sandbox_path": "$sandbox_path",
-    "sandbox_branch": "$sandbox_branch",
-    "created_at": "$(date -Iseconds)",
-    "provider": "$provider",
-    "prd_path": "$prd_path",
-    "status": "created",
-    "isolation_type": "worktree"
+    python3 -c "
+import json, sys, datetime
+data = {
+    'sandbox_path': sys.argv[1],
+    'sandbox_branch': sys.argv[2],
+    'created_at': datetime.datetime.now().astimezone().isoformat(),
+    'provider': sys.argv[3],
+    'prd_path': sys.argv[4],
+    'status': 'created',
+    'isolation_type': 'worktree'
 }
-EOF
+with open(sys.argv[5], 'w') as f:
+    json.dump(data, f, indent=4)
+    f.write('\n')
+" "$sandbox_path" "$sandbox_branch" "$provider" "$prd_path" "$WORKTREE_STATE_FILE"
 
     log_success "Worktree sandbox created: $sandbox_path"
     return 0
@@ -621,18 +626,44 @@ _desktop_install_provider_cli() {
 }
 
 # Build environment variable args for docker sandbox exec
+# Uses printf %q to escape values and prevent shell expansion corruption
+# (API keys can contain $, !, and other special characters)
 _desktop_build_env_args() {
     DESKTOP_ENV_ARGS=()
-    [[ -n "${ANTHROPIC_API_KEY:-}" ]] && DESKTOP_ENV_ARGS+=("-e" "ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY")
-    [[ -n "${OPENAI_API_KEY:-}" ]] && DESKTOP_ENV_ARGS+=("-e" "OPENAI_API_KEY=$OPENAI_API_KEY")
-    [[ -n "${GOOGLE_API_KEY:-}" ]] && DESKTOP_ENV_ARGS+=("-e" "GOOGLE_API_KEY=$GOOGLE_API_KEY")
-    [[ -n "${GITHUB_TOKEN:-}" ]] && DESKTOP_ENV_ARGS+=("-e" "GITHUB_TOKEN=$GITHUB_TOKEN")
-    [[ -n "${GH_TOKEN:-}" ]] && DESKTOP_ENV_ARGS+=("-e" "GH_TOKEN=$GH_TOKEN")
-    # Forward all LOKI_* env vars
+    local _escaped
+    if [[ -n "${ANTHROPIC_API_KEY:-}" ]]; then
+        printf -v _escaped '%s' "$ANTHROPIC_API_KEY"
+        DESKTOP_ENV_ARGS+=("-e" "ANTHROPIC_API_KEY=$_escaped")
+    fi
+    if [[ -n "${OPENAI_API_KEY:-}" ]]; then
+        printf -v _escaped '%s' "$OPENAI_API_KEY"
+        DESKTOP_ENV_ARGS+=("-e" "OPENAI_API_KEY=$_escaped")
+    fi
+    if [[ -n "${GOOGLE_API_KEY:-}" ]]; then
+        printf -v _escaped '%s' "$GOOGLE_API_KEY"
+        DESKTOP_ENV_ARGS+=("-e" "GOOGLE_API_KEY=$_escaped")
+    fi
+    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        printf -v _escaped '%s' "$GITHUB_TOKEN"
+        DESKTOP_ENV_ARGS+=("-e" "GITHUB_TOKEN=$_escaped")
+    fi
+    if [[ -n "${GH_TOKEN:-}" ]]; then
+        printf -v _escaped '%s' "$GH_TOKEN"
+        DESKTOP_ENV_ARGS+=("-e" "GH_TOKEN=$_escaped")
+    fi
+    # Forward all LOKI_* env vars via --env-file to avoid shell expansion issues
+    local _env_file="${TMPDIR:-/tmp}/loki-sandbox-env-$$"
+    local _has_loki_vars=false
     local var
     while IFS= read -r var; do
-        [[ -n "$var" ]] && DESKTOP_ENV_ARGS+=("-e" "$var=${!var}")
+        if [[ -n "$var" ]]; then
+            printf '%s=%s\n' "$var" "${!var}" >> "$_env_file"
+            _has_loki_vars=true
+        fi
     done < <(compgen -v LOKI_ 2>/dev/null || true)
+    if [[ "$_has_loki_vars" == "true" ]] && [[ -f "$_env_file" ]]; then
+        DESKTOP_ENV_ARGS+=("--env-file" "$_env_file")
+    fi
 }
 
 start_docker_desktop_sandbox() {
@@ -669,8 +700,9 @@ start_docker_desktop_sandbox() {
     # Build environment variable args
     _desktop_build_env_args
 
-    # Build loki command
-    local loki_cmd="bash ${PROJECT_DIR}/autonomy/run.sh"
+    # Build loki command - use SKILL_DIR (the loki-mode install directory) rather than
+    # PROJECT_DIR, which is the user's project and may not contain autonomy/run.sh
+    local loki_cmd="bash ${SKILL_DIR}/autonomy/run.sh"
     if [[ -n "$prd_path" ]]; then
         local abs_prd
         abs_prd=$(cd "$(dirname "$prd_path")" && pwd)/$(basename "$prd_path")
@@ -1028,8 +1060,14 @@ start_sandbox() {
     # Mount project directory
     if [[ "$SANDBOX_READONLY" == "true" ]]; then
         docker_args+=("--volume" "$PROJECT_DIR:/workspace:ro")
-        # Need a writable .loki directory
-        docker_args+=("--volume" "loki-sandbox-state:/workspace/.loki:rw")
+        # Need a writable .loki directory - copy existing state to a temp dir so we
+        # do not start with an empty volume (which would lose config/state)
+        local _loki_state_tmp="${TMPDIR:-/tmp}/loki-sandbox-state-$$"
+        mkdir -p "$_loki_state_tmp"
+        if [[ -d "$PROJECT_DIR/.loki" ]]; then
+            cp -a "$PROJECT_DIR/.loki/." "$_loki_state_tmp/" 2>/dev/null || true
+        fi
+        docker_args+=("--volume" "$_loki_state_tmp:/workspace/.loki:rw")
     else
         docker_args+=("--volume" "$PROJECT_DIR:/workspace:rw")
     fi
@@ -1152,8 +1190,11 @@ start_sandbox() {
     local loki_cmd="loki start"
     if [[ -n "$prd_path" ]]; then
         # Convert to container path (handle paths with spaces)
+        # macOS realpath does not support --relative-to, so use Python fallback
         local relative_prd
-        relative_prd=$(realpath --relative-to="$PROJECT_DIR" "$prd_path" 2>/dev/null || basename "$prd_path")
+        relative_prd=$(realpath --relative-to="$PROJECT_DIR" "$prd_path" 2>/dev/null \
+            || python3 -c "import os.path; print(os.path.relpath('$prd_path', '$PROJECT_DIR'))" 2>/dev/null \
+            || basename "$prd_path")
         local container_prd="/workspace/${relative_prd}"
         # Quote path to handle spaces
         loki_cmd="$loki_cmd \"$container_prd\""
@@ -1324,6 +1365,17 @@ sandbox_serve() {
 
     log_success "Starting dev server: $serve_cmd"
     log_info ""
+
+    # Warn if the dev server port was not published when the container started
+    local port_published
+    port_published=$(docker port "$CONTAINER_NAME" "$port" 2>/dev/null || true)
+    if [[ -z "$port_published" ]]; then
+        log_warn "Port $port is NOT published to the host."
+        log_warn "The dev server will run inside the container but will not be accessible from localhost."
+        log_warn "To fix, restart the sandbox with: LOKI_EXTRA_PORTS='$port:$port' loki sandbox start"
+        log_info ""
+    fi
+
     log_info "Access the app at:"
     log_info "  http://localhost:$port"
     log_info ""
@@ -1658,10 +1710,25 @@ main() {
     done
 
     # Detect sandbox mode for commands that need it
+    # For stop/status/etc, read persisted mode first so we stop the correct sandbox type
     local sandbox_mode=""
+    local _mode_file="${PROJECT_DIR}/.loki/sandbox/mode"
     case "$command" in
-        start|stop|status|prompt|shell|logs|run|serve|test|phase)
+        start)
             sandbox_mode=$(detect_sandbox_mode "$mode") || exit 1
+            # Persist the detected mode so stop/status use the same mode
+            mkdir -p "$(dirname "$_mode_file")"
+            echo "$sandbox_mode" > "$_mode_file"
+            ;;
+        stop|status|prompt|shell|logs|run|serve|test|phase)
+            # Read persisted mode if no explicit mode override was given
+            if [[ "$mode" == "auto" ]] && [[ -f "$_mode_file" ]]; then
+                sandbox_mode=$(cat "$_mode_file" 2>/dev/null || true)
+            fi
+            # Fall back to detection if no persisted mode
+            if [[ -z "$sandbox_mode" ]]; then
+                sandbox_mode=$(detect_sandbox_mode "$mode") || exit 1
+            fi
             ;;
     esac
 

package/bin/loki-mode.js

@@ -11,8 +11,7 @@ const lokiScript = path.join(__dirname, '..', 'autonomy', 'loki');
 const args = process.argv.slice(2);
 
 const child = spawn(lokiScript, args, {
-  stdio: 'inherit',
-  shell: true
+  stdio: 'inherit'
 });
 
 child.on('close', (code) => {

package/bin/postinstall.js

@@ -93,11 +93,17 @@ try {
   const pathDirs = (process.env.PATH || '').split(':');
   const lokiBinInPath = pathDirs.some(d => d === npmBinDir || d === npmBin);
 
-  // On macOS with Homebrew Node, npm global bin path changes on every Node version upgrade.
-  // Auto-create stable symlinks in /opt/homebrew/bin/ so `loki` always works.
+  // On macOS with Homebrew Node, npm global bin path changes on every Node version upgrade
+  // (e.g., /opt/homebrew/Cellar/node/22.x/bin -> /opt/homebrew/Cellar/node/23.x/bin).
+  // Use the npm prefix bin directory which is stable across upgrades.
   if (os.platform() === 'darwin') {
-    const stableDir = '/opt/homebrew/bin';
-    if (fs.existsSync(stableDir)) {
+    let stableDir;
+    try {
+      stableDir = execSync('npm prefix -g', { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] }).trim() + '/bin';
+    } catch {
+      stableDir = '/opt/homebrew/bin';
+    }
+    if (fs.existsSync(stableDir) && stableDir !== npmBinDir) {
       for (const bin of ['loki', 'loki-mode']) {
         const src = path.join(npmBinDir, bin);
         const dest = path.join(stableDir, bin);

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "6.60.0"
+__version__ = "6.62.0"
 
 # Expose the control app for easy import
 try:

package/dashboard/control.py

@@ -56,48 +56,58 @@ def atomic_write_json(file_path: Path, data: dict, use_lock: bool = True):
     """
     Atomically write JSON data to a file to prevent TOCTOU race conditions.
     Uses temporary file + os.rename() for atomicity.
-    Optionally uses fcntl.flock for additional safety.
+    Optionally uses fcntl.flock on a dedicated lock file for mutual exclusion.
     """
     try:
-        # Write to temporary file in same directory (for atomic rename)
-        temp_fd, temp_path = tempfile.mkstemp(
-            dir=file_path.parent,
-            prefix=f".{file_path.name}.",
-            suffix=".tmp"
-        )
+        lock_fd = -1
+        lock_path = str(file_path) + ".lock"
+
+        # Acquire exclusive lock on a dedicated lock file if requested.
+        # This ensures all writers to the same target contend on the same
+        # lock, unlike the previous approach which locked the temp file
+        # (each caller got its own temp file so the lock was a no-op).
+        if use_lock:
+            try:
+                lock_fd = os.open(lock_path, os.O_CREAT | os.O_RDWR, 0o644)
+                fcntl.flock(lock_fd, fcntl.LOCK_EX)
+            except (OSError, AttributeError):
+                # flock not available on this platform - continue without lock
+                if lock_fd >= 0:
+                    os.close(lock_fd)
+                lock_fd = -1
 
         try:
-            with os.fdopen(temp_fd, 'w') as f:
-                # Acquire exclusive lock if requested
-                if use_lock:
-                    try:
-                        fcntl.flock(f.fileno(), fcntl.LOCK_EX)
-                    except (OSError, AttributeError):
-                        # flock not available on this platform - continue without lock
-                        pass
-
-                # Write data
-                json.dump(data, f, indent=2)
-                f.flush()
-                os.fsync(f.fileno())
-
-                # Release lock (happens automatically on close, but explicit is clearer)
-                if use_lock:
-                    try:
-                        fcntl.flock(f.fileno(), fcntl.LOCK_UN)
-                    except (OSError, AttributeError):
-                        pass
-
-            # Atomic rename
-            os.rename(temp_path, file_path)
+            # Write to temporary file in same directory (for atomic rename)
+            temp_fd, temp_path = tempfile.mkstemp(
+                dir=file_path.parent,
+                prefix=f".{file_path.name}.",
+                suffix=".tmp"
+            )
 
-        except Exception:
-            # Clean up temp file on error
             try:
-                os.unlink(temp_path)
-            except OSError:
-                pass
-            raise
+                with os.fdopen(temp_fd, 'w') as f:
+                    json.dump(data, f, indent=2)
+                    f.flush()
+                    os.fsync(f.fileno())
+
+                # Atomic rename
+                os.rename(temp_path, file_path)
+
+            except Exception:
+                # Clean up temp file on error
+                try:
+                    os.unlink(temp_path)
+                except OSError:
+                    pass
+                raise
+
+        finally:
+            # Release the lock file (close releases flock automatically)
+            if lock_fd >= 0:
+                try:
+                    os.close(lock_fd)
+                except OSError:
+                    pass
 
     except Exception as e:
         raise RuntimeError(f"Failed to write {file_path}: {e}")

package/dashboard/database.py

@@ -4,10 +4,13 @@ Database setup for Loki Mode Dashboard.
 Uses SQLAlchemy 2.0 with async support and SQLite.
 """
 
+import logging
 import os
 from contextlib import asynccontextmanager
 from typing import AsyncGenerator
 
+logger = logging.getLogger(__name__)
+
 from sqlalchemy.ext.asyncio import (
     AsyncSession,
     async_sessionmaker,
@@ -40,11 +43,14 @@ async_session_factory = async_sessionmaker(
 
 async def init_db() -> None:
     """Initialize the database, creating all tables."""
-    # Ensure database directory exists
     os.makedirs(DATABASE_DIR, exist_ok=True)
-
-    async with engine.begin() as conn:
-        await conn.run_sync(Base.metadata.create_all)
+    try:
+        async with engine.begin() as conn:
+            await conn.run_sync(Base.metadata.create_all)
+        logger.info("Database initialized at %s", DATABASE_PATH)
+    except Exception as exc:
+        logger.error("Database initialization failed: %s", exc, exc_info=True)
+        raise
 
 
 async def close_db() -> None:
@@ -52,6 +58,17 @@ async def close_db() -> None:
     await engine.dispose()
 
 
+async def check_db_health() -> bool:
+    """Check if the database is accessible."""
+    try:
+        async with async_session_factory() as session:
+            from sqlalchemy import text
+            await session.execute(text("SELECT 1"))
+        return True
+    except Exception:
+        return False
+
+
 @asynccontextmanager
 async def get_session() -> AsyncGenerator[AsyncSession, None]:
     """Get an async database session."""