loki-mode 6.71.0 → 6.72.0

package/autonomy/loki

@@ -126,6 +126,7 @@ SANDBOX_SH="$SKILL_DIR/autonomy/sandbox.sh"
 EMIT_SH="$SKILL_DIR/events/emit.sh"
 LEARNING_EMIT_SH="$SKILL_DIR/learning/emit.sh"
 LOKI_DIR=".loki"
+export LOKI_DIR
 
 # Anonymous usage telemetry
 PROJECT_DIR="$SKILL_DIR"
@@ -400,7 +401,7 @@ show_help() {
     echo "  quick \"task\"     Quick single-task mode (lightweight, 3 iterations max)"
     echo "  monitor [path]   Monitor Docker Compose services with auto-fix (v6.67.0)"
     echo "  demo             Run interactive demo (~60s simulated session)"
-    echo "  init [name]      Project scaffolding with 22 PRD templates"
+    echo "  init [name]      Project scaffolding with 21 PRD templates"
     echo "  issue <url|num>  [DEPRECATED] Use 'loki run' instead"
     echo "  watch [prd]      Auto-rerun on PRD file changes (v6.33.0)"
     echo "  export <format>  Export session data: json|markdown|csv|timeline (v6.0.0)"
@@ -1092,6 +1093,24 @@ cmd_start() {
         --outcome success \
         --context "{\"provider\":\"$effective_provider\",\"prd_path\":\"${prd_file:-}\"}"
 
+    # Pre-flight: check that the provider CLI is installed
+    if ! command -v "$effective_provider" &>/dev/null; then
+        echo -e "${RED}Error: Provider CLI '$effective_provider' is not installed.${NC}"
+        echo ""
+        echo "Install it first:"
+        case "$effective_provider" in
+            claude) echo "  npm install -g @anthropic-ai/claude-code" ;;
+            codex)  echo "  npm install -g @openai/codex" ;;
+            gemini) echo "  npm install -g @google/gemini-cli" ;;
+            cline)  echo "  npm install -g @anthropic-ai/cline" ;;
+            aider)  echo "  pip install aider-chat" ;;
+            *)      echo "  Check the provider documentation for installation." ;;
+        esac
+        echo ""
+        echo "Check your environment: loki doctor"
+        exit 1
+    fi
+
     exec "$RUN_SH" "${args[@]}"
 }
 
@@ -1350,18 +1369,22 @@ cmd_stop() {
         pkill -9 -f "loki-run-" 2>/dev/null || true
 
         # Mark session.json as stopped (skill-invoked sessions)
+        # BUG-ST-008: Atomic session.json update via temp file + mv (matches run.sh)
         if [ -f "$LOKI_DIR/session.json" ]; then
-            python3 -c "
-import json, sys, os
+            _LOKI_SESSION_FILE="$LOKI_DIR/session.json" python3 -c "
+import json, os, tempfile
+sf = os.environ['_LOKI_SESSION_FILE']
 try:
-    p = os.path.join(sys.argv[1], 'session.json')
-    with open(p, 'r+') as f:
+    with open(sf) as f:
         d = json.load(f)
-        d['status'] = 'stopped'
-        f.seek(0); f.truncate()
+    d['status'] = 'stopped'
+    sd = os.path.dirname(sf)
+    fd, tmp = tempfile.mkstemp(dir=sd, suffix='.json')
+    with os.fdopen(fd, 'w') as f:
         json.dump(d, f)
-except: pass
-" "$LOKI_DIR" 2>/dev/null || true
+    os.replace(tmp, sf)
+except (json.JSONDecodeError, OSError): pass
+" 2>/dev/null || true
         fi
 
         # Clean up control files
@@ -1738,12 +1761,15 @@ cmd_status() {
     # Context window usage (token tracking)
     if [ -f "$LOKI_DIR/state/context-usage.json" ]; then
         local ctx_used ctx_total
-        ctx_total=$(python3 -c "import json; d=json.load(open('$LOKI_DIR/state/context-usage.json')); print(d.get('window_size', 200000))" 2>/dev/null || echo "200000")
-        ctx_used=$(python3 -c "import json; d=json.load(open('$LOKI_DIR/state/context-usage.json')); print(d.get('used_tokens', 0))" 2>/dev/null || echo "0")
+        ctx_total=$(_LOKI_CTX_FILE="$LOKI_DIR/state/context-usage.json" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('window_size', 200000))" 2>/dev/null || echo "200000")
+        ctx_used=$(_LOKI_CTX_FILE="$LOKI_DIR/state/context-usage.json" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('used_tokens', 0))" 2>/dev/null || echo "0")
         if type context_gauge &>/dev/null; then
             context_gauge "$ctx_used" "$ctx_total" "Context"
         else
-            local ctx_pct=$((ctx_used * 100 / ctx_total))
+            local ctx_pct=0
+            if [ "$ctx_total" -gt 0 ] 2>/dev/null; then
+                ctx_pct=$((ctx_used * 100 / ctx_total))
+            fi
             echo -e "${CYAN}Context:${NC} ${ctx_pct}% (${ctx_used} / ${ctx_total} tokens)"
         fi
     fi
@@ -3151,6 +3177,22 @@ cmd_web() {
         status)
             cmd_web_status
             ;;
+        logs)
+            shift || true
+            local log_lines="${1:-100}"
+            local log_file="${PURPLE_LAB_STATE_DIR}/logs/purple-lab.log"
+            if [ ! -f "$log_file" ]; then
+                log_file="${LOKI_DIR}/purple-lab/logs/purple-lab.log"
+            fi
+            if [ ! -f "$log_file" ]; then
+                echo -e "${YELLOW}No Purple Lab log file found${NC}"
+                return 0
+            fi
+            echo -e "${BOLD}Purple Lab Logs (last $log_lines lines)${NC}"
+            echo -e "${DIM}Use 'loki web logs <N>' to show more/fewer lines${NC}"
+            echo ""
+            tail -n "$log_lines" "$log_file"
+            ;;
         --help|-h|help)
             cmd_web_help
             ;;
@@ -3171,6 +3213,7 @@ cmd_web_help() {
     echo "  start    Start Purple Lab (default)"
     echo "  stop     Stop Purple Lab server"
     echo "  status   Show Purple Lab server status"
+    echo "  logs     Show Purple Lab server logs"
     echo "  help     Show this help"
     echo ""
     echo "Options (for start):"
@@ -3335,8 +3378,10 @@ cmd_web_start() {
 
     # Wait for server to be ready
     local retries=0
+    local server_ready=false
     while [ $retries -lt 15 ]; do
         if curl -s "http://${PURPLE_LAB_DEFAULT_HOST}:${port}/api/session/status" > /dev/null 2>&1; then
+            server_ready=true
             break
         fi
         sleep 0.5
@@ -3351,21 +3396,33 @@ cmd_web_start() {
     fi
 
     local url="http://${PURPLE_LAB_DEFAULT_HOST}:${port}"
-    echo -e "${GREEN}Purple Lab running at: $url${NC} (PID: $pid)"
+
+    if [ "$server_ready" = true ]; then
+        echo -e "${GREEN}Purple Lab running at: $url${NC} (PID: $pid)"
+    else
+        echo -e "${YELLOW}Purple Lab starting at: $url${NC} (PID: $pid)"
+        echo "Server may still be loading. Refresh the browser if it does not load immediately."
+    fi
     echo -e "Logs: $log_file"
     echo -e "Stop with: ${CYAN}loki web stop${NC}"
 
-    # Open browser
+    # Open browser only after server is confirmed ready
     if [ "$open_browser" = true ]; then
-        echo ""
-        if command -v open &> /dev/null; then
-            open "$url"
-        elif command -v xdg-open &> /dev/null; then
-            xdg-open "$url"
-        elif command -v start &> /dev/null; then
-            start "$url"
+        if [ "$server_ready" = true ]; then
+            echo ""
+            if command -v open &> /dev/null; then
+                open "$url"
+            elif command -v xdg-open &> /dev/null; then
+                xdg-open "$url"
+            elif command -v start &> /dev/null; then
+                start "$url"
+            else
+                echo "Please open in browser: $url"
+            fi
         else
-            echo "Please open in browser: $url"
+            echo ""
+            echo -e "${YELLOW}Browser not opened because server is not ready yet.${NC}"
+            echo "Open manually when ready: $url"
         fi
     fi
 }
@@ -3388,13 +3445,20 @@ cmd_web_stop() {
         local pid
         pid=$(cat "$pid_file" 2>/dev/null)
         if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
-            kill "$pid" 2>/dev/null
-            sleep 1
-            if kill -0 "$pid" 2>/dev/null; then
-                kill -9 "$pid" 2>/dev/null
+            # Verify the PID belongs to a Purple Lab/Python process (PID recycling guard)
+            local pid_cmd
+            pid_cmd=$(ps -p "$pid" -o comm= 2>/dev/null || true)
+            if [[ "$pid_cmd" == *python* ]] || [[ "$pid_cmd" == *uvicorn* ]] || [[ "$pid_cmd" == *Purple* ]]; then
+                kill "$pid" 2>/dev/null
+                sleep 1
+                if kill -0 "$pid" 2>/dev/null; then
+                    kill -9 "$pid" 2>/dev/null
+                fi
+                echo -e "${GREEN}Purple Lab stopped (PID: $pid)${NC}"
+                stopped=true
+            else
+                echo -e "${YELLOW}PID $pid is not a Purple Lab process (found: $pid_cmd), skipping${NC}"
             fi
-            echo -e "${GREEN}Purple Lab stopped (PID: $pid)${NC}"
-            stopped=true
         fi
         rm -f "$PURPLE_LAB_PID_FILE"
     fi
@@ -3513,7 +3577,13 @@ cmd_web_stop() {
 
 cmd_web_status() {
     local port
-    port=$(cat "${LOKI_DIR}/purple-lab/port" 2>/dev/null || echo "$PURPLE_LAB_DEFAULT_PORT")
+    port=$(cat "${PURPLE_LAB_STATE_DIR}/port" 2>/dev/null || cat "${LOKI_DIR}/purple-lab/port" 2>/dev/null || echo "$PURPLE_LAB_DEFAULT_PORT")
+
+    # Resolve log file path (check home-based state dir first, then CWD-based)
+    local log_path="${PURPLE_LAB_STATE_DIR}/logs/purple-lab.log"
+    if [ ! -f "$log_path" ]; then
+        log_path="${LOKI_DIR}/purple-lab/logs/purple-lab.log"
+    fi
 
     # Check PID file
     if [ -f "$PURPLE_LAB_PID_FILE" ]; then
@@ -3523,7 +3593,7 @@ cmd_web_status() {
             echo -e "${GREEN}Purple Lab is running${NC}"
             echo "  PID:  $pid"
             echo "  URL:  http://${PURPLE_LAB_DEFAULT_HOST}:${port}"
-            echo "  Logs: ${LOKI_DIR}/purple-lab/logs/purple-lab.log"
+            echo "  Logs: $log_path"
             return 0
         fi
         rm -f "$PURPLE_LAB_PID_FILE"
@@ -5031,6 +5101,22 @@ cmd_export() {
     esac
 }
 
+# Guard: check if output file exists and warn before overwriting
+_export_check_overwrite() {
+    local output="$1"
+    if [ -n "$output" ] && [ -f "$output" ]; then
+        echo -e "${YELLOW}Warning: File already exists: $output${NC}"
+        echo -n "Overwrite? [y/N] "
+        local reply
+        read -r reply
+        case "$reply" in
+            [yY]|[yY][eE][sS]) return 0 ;;
+            *) echo "Export cancelled."; return 1 ;;
+        esac
+    fi
+    return 0
+}
+
 _export_json() {
     local output="$1"
 
@@ -5102,6 +5188,7 @@ EXPORT_JSON
             echo -e "${RED}Error: Output path must not contain '..'${NC}"
             return 1
         fi
+        _export_check_overwrite "$output" || return 0
         echo "$json_output" > "$output"
         echo -e "${GREEN}Exported to $output${NC}"
     else
@@ -5149,6 +5236,7 @@ MDEOF
             echo -e "${RED}Error: Output path must not contain '..'${NC}"
             return 1
         fi
+        _export_check_overwrite "$output" || return 0
         echo "$md_output" > "$output"
         echo -e "${GREEN}Exported to $output${NC}"
     else
@@ -5199,6 +5287,7 @@ EXPORT_CSV
             echo -e "${RED}Error: Output path must not contain '..'${NC}"
             return 1
         fi
+        _export_check_overwrite "$output" || return 0
         echo "$csv_output" > "$output"
         echo -e "${GREEN}Exported to $output${NC}"
     else
@@ -5252,6 +5341,7 @@ EXPORT_TIMELINE
             echo -e "${RED}Error: Output path must not contain '..'${NC}"
             return 1
         fi
+        _export_check_overwrite "$output" || return 0
         echo "$timeline_output" > "$output"
         echo -e "${GREEN}Exported to $output${NC}"
     else
@@ -5399,7 +5489,15 @@ cmd_config_set() {
             fi
             ;;
         *)
-            echo -e "${YELLOW}Warning: Unknown key '$key' - storing anyway${NC}"
+            echo -e "${RED}Unknown configuration key: '$key'${NC}"
+            echo ""
+            echo "Valid keys: maxTier, provider, issue.provider, blind_validation,"
+            echo "  adversarial_testing, spawn_timeout, spawn_retries, budget,"
+            echo "  model.planning, model.development, model.fast,"
+            echo "  notify.slack, notify.discord"
+            echo ""
+            echo "Run 'loki config' for details on each key."
+            return 1
             ;;
     esac
 
@@ -5470,7 +5568,8 @@ cmd_config_get() {
         return 0
     fi
 
-    LOKI_CFG_FILE="$config_store" LOKI_CFG_KEY="$key" \
+    local result
+    result=$(LOKI_CFG_FILE="$config_store" LOKI_CFG_KEY="$key" \
     python3 << 'GET_CONFIG'
 import json, os
 cfg_file = os.environ["LOKI_CFG_FILE"]
@@ -5490,7 +5589,11 @@ for part in parts:
 
 print(current if not isinstance(current, dict) else json.dumps(current, indent=2))
 GET_CONFIG
-    unset LOKI_CFG_FILE LOKI_CFG_KEY
+    ) 2>/dev/null || {
+        echo -e "${RED}Error reading config key '$key'${NC}"
+        return 1
+    }
+    echo "$result"
 }
 
 cmd_config_show() {
@@ -5873,6 +5976,40 @@ cmd_doctor() {
     doctor_check "Gemini CLI"          gemini   optional || true
     doctor_check "Cline CLI"           cline    optional || true
     doctor_check "Aider CLI"           aider    optional || true
+
+    # Check if at least one provider is installed
+    local _any_provider=false
+    for _dp in claude codex gemini cline aider; do
+        command -v "$_dp" &>/dev/null && _any_provider=true && break
+    done
+    if ! $_any_provider; then
+        echo -e "  ${RED}FAIL${NC}  No AI provider CLI installed -- at least one is required"
+        echo -e "         ${YELLOW}Install: npm install -g @anthropic-ai/claude-code${NC}"
+        fail_count=$((fail_count + 1))
+    fi
+    echo ""
+
+    echo -e "${CYAN}API Keys:${NC}"
+    # Note: CLI tools use their own login sessions outside Docker/K8s.
+    # This section helps first-time users verify they can authenticate.
+    if [ -n "${ANTHROPIC_API_KEY:-}" ]; then
+        echo -e "  ${GREEN}PASS${NC}  ANTHROPIC_API_KEY is set"
+        pass_count=$((pass_count + 1))
+    elif command -v claude &>/dev/null; then
+        echo -e "  ${DIM}  --  ${NC}  ANTHROPIC_API_KEY not set (Claude CLI uses its own login)"
+    fi
+    if [ -n "${OPENAI_API_KEY:-}" ]; then
+        echo -e "  ${GREEN}PASS${NC}  OPENAI_API_KEY is set"
+        pass_count=$((pass_count + 1))
+    elif command -v codex &>/dev/null; then
+        echo -e "  ${DIM}  --  ${NC}  OPENAI_API_KEY not set (Codex CLI uses its own login)"
+    fi
+    if [ -n "${GOOGLE_API_KEY:-${GEMINI_API_KEY:-}}" ]; then
+        echo -e "  ${GREEN}PASS${NC}  GOOGLE_API_KEY is set"
+        pass_count=$((pass_count + 1))
+    elif command -v gemini &>/dev/null; then
+        echo -e "  ${DIM}  --  ${NC}  GOOGLE_API_KEY not set (Gemini CLI uses its own login)"
+    fi
     echo ""
 
     echo -e "${CYAN}Skills:${NC}"
@@ -6187,7 +6324,37 @@ for name, info in result.items():
 
 # Show recent logs
 cmd_logs() {
-    local lines="${1:-50}"
+    local lines="50"
+    local follow=false
+
+    # Parse arguments
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            --tail|-n) lines="$2"; shift 2 ;;
+            --tail=*) lines="${1#--tail=}"; shift ;;
+            -n=*) lines="${1#-n=}"; shift ;;
+            --follow|-f) follow=true; shift ;;
+            --all|-a) lines="+1"; shift ;;
+            --help|-h)
+                echo "Usage: loki logs [options]"
+                echo ""
+                echo "Options:"
+                echo "  --tail, -n N   Show last N lines (default: 50)"
+                echo "  --all, -a      Show all lines"
+                echo "  --follow, -f   Follow log output (like tail -f)"
+                echo "  --help, -h     Show this help"
+                return 0
+                ;;
+            *)
+                # Legacy: treat plain number as line count
+                if [[ "$1" =~ ^[0-9]+$ ]]; then
+                    lines="$1"
+                fi
+                shift
+                ;;
+        esac
+    done
+
     local log_file="$LOKI_DIR/logs/session.log"
 
     if [ ! -f "$log_file" ]; then
@@ -6195,9 +6362,16 @@ cmd_logs() {
         exit 0
     fi
 
-    echo -e "${BOLD}Recent Logs (last $lines lines)${NC}"
-    echo ""
-    tail -n "$lines" "$log_file"
+    if [ "$follow" = true ]; then
+        echo -e "${BOLD}Following logs (Ctrl+C to stop)${NC}"
+        echo ""
+        tail -f "$log_file"
+    else
+        echo -e "${BOLD}Recent Logs (last $lines lines)${NC}"
+        echo -e "${DIM}Use --all to show all lines, --follow to stream${NC}"
+        echo ""
+        tail -n "$lines" "$log_file"
+    fi
 }
 
 # API server management (delegates to unified FastAPI dashboard server)
@@ -6997,8 +7171,10 @@ cmd_quick() {
     echo ""
 
     # Create quick PRD from task description
+    # BUG-PU-005: Use unique filename to prevent race conditions when
+    # multiple simultaneous `loki quick` commands run in the same project
     mkdir -p "$LOKI_DIR"
-    local quick_prd="$LOKI_DIR/quick-prd.md"
+    local quick_prd="$LOKI_DIR/quick-prd-$$.md"
     cat > "$quick_prd" << QPRDEOF
 # Quick Task
 
@@ -7046,6 +7222,25 @@ QPRDEOF
     # Emit event
     emit_event session cli quick_start "task=$(echo "$task_desc" | head -c 100)"
 
+    # Pre-flight: check that the provider CLI is installed
+    local _quick_provider="${LOKI_PROVIDER:-claude}"
+    if ! command -v "$_quick_provider" &>/dev/null; then
+        echo -e "${RED}Error: Provider CLI '$_quick_provider' is not installed.${NC}"
+        echo ""
+        echo "Install your AI provider CLI first:"
+        case "$_quick_provider" in
+            claude) echo "  npm install -g @anthropic-ai/claude-code" ;;
+            codex)  echo "  npm install -g @openai/codex" ;;
+            gemini) echo "  npm install -g @google/gemini-cli" ;;
+            cline)  echo "  npm install -g @anthropic-ai/cline" ;;
+            aider)  echo "  pip install aider-chat" ;;
+            *)      echo "  Check the provider documentation for installation." ;;
+        esac
+        echo ""
+        echo "Then verify: loki doctor"
+        exit 1
+    fi
+
     # Run the orchestrator with quick settings
     exec "$RUN_SH" "$quick_prd"
 }
@@ -7364,7 +7559,7 @@ cmd_init() {
     local list_mode=false
     local json_mode=false
 
-    # 22 built-in template names (order: simple, standard, complex)
+    # 21 built-in template names (order: simple, standard, complex)
     local TEMPLATE_NAMES=(
         simple-todo-app
         static-landing-page
@@ -7384,7 +7579,6 @@ cmd_init() {
         npm-library
         microservice
         mobile-app
-        saas-app
         saas-starter
         e-commerce
         ai-chatbot
@@ -7411,7 +7605,6 @@ cmd_init() {
             npm-library) echo "npm Library" ;;
             microservice) echo "Microservice" ;;
             mobile-app) echo "Mobile App" ;;
-            saas-app) echo "SaaS Application" ;;
             saas-starter) echo "SaaS Starter Kit" ;;
             e-commerce) echo "E-Commerce Store" ;;
             ai-chatbot) echo "AI Chatbot (RAG)" ;;
@@ -7469,7 +7662,7 @@ cmd_init() {
                 echo "  .gitignore               Git ignore rules (with git init)"
                 echo ""
                 echo "Options:"
-                echo "  --template, -t TYPE     Template name (e.g., saas-app, cli-tool)"
+                echo "  --template, -t TYPE     Template name (e.g., saas-starter, cli-tool)"
                 echo "  --no-git                Skip git init"
                 echo "  --stdout                Print PRD to stdout instead of writing files"
                 echo "  --list                  List all available templates"
@@ -7478,7 +7671,7 @@ cmd_init() {
                 echo "  --help, -h              Show this help"
                 echo ""
                 echo "Examples:"
-                echo "  loki init my-saas --template saas-app    Create my-saas/ with SaaS PRD"
+                echo "  loki init my-saas --template saas-starter    Create my-saas/ with SaaS PRD"
                 echo "  loki init --template cli-tool            Scaffold current dir with CLI PRD"
                 echo "  loki init my-app                         Create my-app/ (prompts for template)"
                 echo "  loki init --list                         Show all $template_count templates"
@@ -7748,11 +7941,17 @@ ENDGITIGNORE
             echo -e "${RED}Directory already exists: $target_dir${NC}"
             exit 1
         fi
-        mkdir -p "$target_dir"
+        if ! mkdir -p "$target_dir"; then
+            echo -e "${RED}Failed to create directory: $target_dir${NC}"
+            exit 1
+        fi
     fi
 
     # Create .loki config directory
-    mkdir -p "$target_dir/.loki"
+    if ! mkdir -p "$target_dir/.loki"; then
+        echo -e "${RED}Failed to create .loki directory in: $target_dir${NC}"
+        exit 1
+    fi
 
     # Write files
     echo "$prd_content" > "$target_dir/prd.md"
@@ -7799,6 +7998,25 @@ ENDGITIGNORE
         echo -e "  1. Review and edit: ${BOLD}prd.md${NC}"
         echo -e "  2. Run: ${BOLD}loki start prd.md${NC}"
     fi
+
+    # Check if an AI provider CLI is available
+    local _has_provider=false
+    for _pcli in claude codex gemini cline aider; do
+        if command -v "$_pcli" &>/dev/null; then
+            _has_provider=true
+            break
+        fi
+    done
+    if ! $_has_provider; then
+        echo ""
+        echo -e "${YELLOW}Note: No AI provider CLI detected.${NC}"
+        echo "  Install at least one before running 'loki start':"
+        echo "    npm install -g @anthropic-ai/claude-code   (recommended)"
+        echo "    npm install -g @openai/codex"
+        echo "    npm install -g @google/gemini-cli"
+        echo ""
+        echo "  Then verify your setup: ${BOLD}loki doctor${NC}"
+    fi
 }
 
 # Dogfooding statistics
@@ -9166,8 +9384,8 @@ for f in data.get('frictions', []):
         fi
         echo -e "${BOLD}Healing Report${NC}"
         echo ""
-        echo "  Friction map:               $(python3 -c "import json; print(len(json.load(open('$heal_dir/friction-map.json')).get('frictions', [])))" 2>/dev/null || echo '0') points"
-        echo "  Failure modes:              $(python3 -c "import json; print(len(json.load(open('$heal_dir/failure-modes.json')).get('modes', [])))" 2>/dev/null || echo '0') cataloged"
+        echo "  Friction map:               $(_HEAL_FILE="$heal_dir/friction-map.json" python3 -c "import json, os; print(len(json.load(open(os.environ['_HEAL_FILE'])).get('frictions', [])))" 2>/dev/null || echo '0') points"
+        echo "  Failure modes:              $(_HEAL_FILE="$heal_dir/failure-modes.json" python3 -c "import json, os; print(len(json.load(open(os.environ['_HEAL_FILE'])).get('modes', [])))" 2>/dev/null || echo '0') cataloged"
         echo "  Institutional knowledge:    $(wc -l < "$heal_dir/institutional-knowledge.md" 2>/dev/null || echo '0') lines"
         echo "  Characterization tests:     $(find "$heal_dir/characterization-tests/" -name "*.json" 2>/dev/null | wc -l | tr -d ' ') tests"
         echo ""
@@ -9200,6 +9418,21 @@ for f in data.get('frictions', []):
     local heal_dir="$codebase_path/.loki/healing"
     mkdir -p "$heal_dir"/{behavioral-baseline,characterization-tests}
 
+    # BUG-HEAL-004: Source migration hooks for healing enforcement
+    local hooks_file
+    hooks_file="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/hooks/migration-hooks.sh"
+    if [[ -f "$hooks_file" ]]; then
+        # shellcheck source=hooks/migration-hooks.sh
+        source "$hooks_file"
+        load_migration_hook_config "$codebase_path"
+    fi
+
+    # Export healing environment variables for hooks
+    export LOKI_HEAL_MODE="true"
+    export LOKI_HEAL_PHASE="$phase"
+    export LOKI_HEAL_STRICT="$strict"
+    export LOKI_CODEBASE_PATH="$codebase_path"
+
     # Initialize healing state files if they don't exist
     [[ ! -f "$heal_dir/friction-map.json" ]] && echo '{"frictions":[]}' > "$heal_dir/friction-map.json"
     [[ ! -f "$heal_dir/failure-modes.json" ]] && echo '{"modes":[]}' > "$heal_dir/failure-modes.json"
@@ -9223,6 +9456,20 @@ with open('$heal_dir/healing-progress.json', 'w') as f:
 " || true
     fi
 
+    # BUG-HEAL-004: Validate phase gate when resuming from a previous phase
+    if [ "$do_resume" = "true" ] && [[ -f "$heal_dir/healing-progress.json" ]] && type hook_healing_phase_gate &>/dev/null; then
+        local prev_phase
+        prev_phase=$(python3 -c "import json; print(json.load(open('$heal_dir/healing-progress.json')).get('current_phase', 'archaeology'))" 2>/dev/null || echo "archaeology")
+        if [[ "$prev_phase" != "$phase" ]]; then
+            local gate_result
+            if ! gate_result=$(hook_healing_phase_gate "$prev_phase" "$phase" 2>&1); then
+                echo -e "${RED}Phase gate check failed:${NC}"
+                echo "  $gate_result"
+                return 1
+            fi
+        fi
+    fi
+
     emit_event healing cli start "phase=$phase" "codebase=$codebase_path" "strict=$strict" 2>/dev/null || true
 
     echo -e "${BOLD}Legacy System Healing${NC}"
@@ -9329,6 +9576,12 @@ except Exception: pass
             # shellcheck disable=SC2086
             (cd "$codebase_path" && aider --message "$heal_prompt" --yes-always --no-auto-commits --model "$aider_model" $aider_flags 2>&1) || heal_exit=$?
             ;;
+        # BUG-HEAL-003: Unknown provider should error, not silently succeed
+        *)
+            echo -e "${RED}Error: Unknown provider: $provider${NC}"
+            echo "Supported providers: claude, codex, gemini, cline, aider"
+            return 1
+            ;;
     esac
 
     emit_event healing cli complete "phase=$phase" "exit=$heal_exit" 2>/dev/null || true
@@ -9852,7 +10105,7 @@ print(json.loads(p.read_text()).get('port', 7373) if p.exists() else 7373)
             local sched_file=".loki/triggers/schedules.json"
             if [[ -f "$sched_file" ]]; then
                 local count
-                count=$(python3 -c "import json; d=json.load(open('$sched_file')); print(len(d) if isinstance(d,list) else len(d.get('schedules',[])))" 2>/dev/null || echo "?")
+                count=$(_SCHED_FILE="$sched_file" python3 -c "import json, os; d=json.load(open(os.environ['_SCHED_FILE'])); print(len(d) if isinstance(d,list) else len(d.get('schedules',[])))" 2>/dev/null || echo "?")
                 echo "Schedules configured: $count"
             else
                 echo "Schedules configured: 0"
@@ -10165,7 +10418,7 @@ with open('$failover_file', 'w') as f: json.dump(d, f, indent=2)
 
                 local chain_providers="claude,codex,gemini"
                 if [ -f "$failover_file" ]; then
-                    chain_providers=$(python3 -c "import json; print(','.join(json.load(open('$failover_file')).get('chain', ['claude','codex','gemini'])))" 2>/dev/null || echo "claude,codex,gemini")
+                    chain_providers=$(_FAILOVER_FILE="$failover_file" python3 -c "import json, os; print(','.join(json.load(open(os.environ['_FAILOVER_FILE'])).get('chain', ['claude','codex','gemini'])))" 2>/dev/null || echo "claude,codex,gemini")
                 fi
 
                 local IFS=','
@@ -11477,9 +11730,10 @@ cmd_worktree() {
                         local status="running"
                         local stream_name=""
 
-                        # Check for merge signal
-                        if [[ "$branch" == loki-parallel-* ]]; then
-                            stream_name="${branch#loki-parallel-}"
+                        # Check for merge signal (branches named parallel-<stream> by run.sh)
+                        if [[ "$branch" == parallel-* ]] || [[ "$branch" == loki-parallel-* ]]; then
+                            stream_name="${branch#parallel-}"
+                            stream_name="${stream_name#loki-}"
                             if [ -f ".loki/signals/MERGE_REQUESTED_${stream_name}" ]; then
                                 status="merge-ready"
                             elif [ -f ".loki/signals/WORKTREE_FAILED_${stream_name}" ]; then
@@ -11536,13 +11790,27 @@ except Exception as e:
 MERGE_VALIDATE_PY
             then
                 echo -e "${RED}Invalid or corrupted merge signal file${NC}"
-                exit 1
+                return 1
             fi
 
             local branch
-            branch=$(LOKI_SIGNAL_FILE="$signal_file" python3 -c "import json, os; print(json.load(open(os.environ['LOKI_SIGNAL_FILE']))['branch'])")
+            branch=$(LOKI_SIGNAL_FILE="$signal_file" python3 -c "import json, os; print(json.load(open(os.environ['LOKI_SIGNAL_FILE']))['branch'])" 2>/dev/null)
             local worktree_path
-            worktree_path=$(LOKI_SIGNAL_FILE="$signal_file" python3 -c "import json, os; print(json.load(open(os.environ['LOKI_SIGNAL_FILE']))['worktree'])")
+            worktree_path=$(LOKI_SIGNAL_FILE="$signal_file" python3 -c "import json, os; print(json.load(open(os.environ['LOKI_SIGNAL_FILE']))['worktree'])" 2>/dev/null)
+
+            # Validate branch was extracted successfully
+            if [ -z "$branch" ]; then
+                echo -e "${RED}Could not extract branch name from merge signal${NC}"
+                return 1
+            fi
+
+            # Verify branch exists before attempting merge
+            if ! git rev-parse --verify "$branch" &>/dev/null; then
+                echo -e "${RED}Branch '$branch' does not exist${NC}"
+                echo "The worktree may have been cleaned up already."
+                rm -f "$signal_file"
+                return 1
+            fi
 
             if git merge --no-ff "$branch" -m "merge($name): auto-merge from parallel worktree"; then
                 echo -e "${GREEN}Merge successful${NC}"
@@ -11563,14 +11831,50 @@ MERGE_VALIDATE_PY
             local removed=0
             local main_wt
             main_wt=$(git rev-parse --show-toplevel 2>/dev/null || echo "")
-            while read -r line; do
-                local wt="${line#worktree }"
-                if [ -n "$wt" ] && [ "$wt" != "$main_wt" ]; then
-                    echo "  Removing: $wt"
-                    git worktree remove "$wt" --force 2>/dev/null || true
-                    removed=$((removed + 1))
-                fi
-            done < <(git worktree list --porcelain 2>/dev/null | grep "^worktree ")
+            # BUG-PU-001: Track branches to clean up after worktree removal
+            local branches_to_delete=()
+            local current_wt_clean=""
+            local current_branch_clean=""
+            while IFS= read -r line; do
+                case "$line" in
+                    "worktree "*)
+                        current_wt_clean="${line#worktree }"
+                        ;;
+                    "branch "*)
+                        current_branch_clean="${line#branch refs/heads/}"
+                        if [ -n "$current_wt_clean" ] && [ "$current_wt_clean" != "$main_wt" ]; then
+                            # Kill any running session in this worktree before removing
+                            local wt_pid_file="$current_wt_clean/.loki/loki.pid"
+                            if [ -f "$wt_pid_file" ]; then
+                                local wt_pid
+                                wt_pid=$(cat "$wt_pid_file" 2>/dev/null)
+                                if [ -n "$wt_pid" ] && kill -0 "$wt_pid" 2>/dev/null; then
+                                    echo "  Stopping session in $current_wt_clean (PID: $wt_pid)..."
+                                    kill "$wt_pid" 2>/dev/null || true
+                                    sleep 1
+                                    kill -0 "$wt_pid" 2>/dev/null && kill -9 "$wt_pid" 2>/dev/null || true
+                                fi
+                            fi
+                            echo "  Removing: $current_wt_clean"
+                            git worktree remove "$current_wt_clean" --force 2>/dev/null || true
+                            removed=$((removed + 1))
+                            # Queue branch for deletion (can only delete after worktree is gone)
+                            if [[ "$current_branch_clean" == loki-parallel-* ]] || \
+                               [[ "$current_branch_clean" == parallel-* ]]; then
+                                branches_to_delete+=("$current_branch_clean")
+                            fi
+                        fi
+                        current_wt_clean=""
+                        current_branch_clean=""
+                        ;;
+                esac
+            done <<< "$(git worktree list --porcelain 2>/dev/null)"
+            # Prune worktree metadata for any already-removed directories
+            git worktree prune 2>/dev/null || true
+            # Clean up orphaned parallel branches
+            for branch in "${branches_to_delete[@]}"; do
+                git branch -D "$branch" 2>/dev/null || true
+            done
             rm -f .loki/signals/MERGE_REQUESTED_* .loki/signals/WORKTREE_FAILED_* 2>/dev/null || true
             echo -e "${GREEN}Cleanup complete ($removed worktrees removed)${NC}"
             ;;
@@ -11755,7 +12059,7 @@ cmd_audit() {
             if [ ! -f "$audit_file" ]; then
                 echo -e "${YELLOW}No audit log found at $audit_file${NC}"
                 echo "Agent action auditing records entries during loki sessions."
-                exit 0
+                return 0
             fi
             local lines="${2:-50}"
             echo -e "${BOLD}Agent Audit Log${NC} (last $lines entries)"
@@ -11781,7 +12085,7 @@ except: print(f'  {sys.argv[1]}')
         count)
             if [ ! -f "$audit_file" ]; then
                 echo -e "${YELLOW}No audit log found${NC}"
-                exit 0
+                return 0
             fi
             echo -e "${BOLD}Agent Action Counts${NC}"
             echo "---"
@@ -11823,15 +12127,15 @@ print(f'  {\"TOTAL\":25s} {sum(counts.values())}')
                         echo "  --preset NAME   Compliance preset (default|healthcare|fintech|government)"
                         echo "  --export        Save report to .loki/quality/report-{date}.json"
                         echo ""
-                        exit 0
+                        return 0
                         ;;
-                    *) echo -e "${RED}Unknown option: $1${NC}"; exit 1 ;;
+                    *) echo -e "${RED}Unknown option: $1${NC}"; return 1 ;;
                 esac
             done
 
             case "$preset" in
                 default|healthcare|fintech|government) ;;
-                *) echo -e "${RED}Error: Invalid preset '$preset'. Must be one of: default, healthcare, fintech, government${NC}"; exit 1 ;;
+                *) echo -e "${RED}Error: Invalid preset '$preset'. Must be one of: default, healthcare, fintech, government${NC}"; return 1 ;;
             esac
 
             local port="${LOKI_DASHBOARD_PORT:-57374}"
@@ -11848,12 +12152,12 @@ print(f'  {\"TOTAL\":25s} {sum(counts.values())}')
             if [ -z "$http_code" ] || [ "$http_code" = "000" ]; then
                 echo -e "${RED}Error: Could not connect to dashboard API at http://${host}:${port}${NC}"
                 echo "Make sure the dashboard is running: loki serve"
-                exit 1
+                return 1
             fi
             if [ "$http_code" -ge 400 ] 2>/dev/null; then
                 echo -e "${RED}Error: Dashboard API returned HTTP $http_code${NC}"
                 [ -n "$response" ] && echo "$response"
-                exit 1
+                return 1
             fi
 
             if ! command -v python3 &>/dev/null; then
@@ -12294,7 +12598,7 @@ if count == 0:
                 *)
                     echo -e "${RED}Unknown type: $type${NC}"
                     echo "Valid types: patterns, mistakes, successes, all"
-                    exit 1
+                    return 1
                     ;;
             esac
             ;;
@@ -12317,11 +12621,13 @@ if count == 0:
                 _search_py="python3.12"
             fi
 
-            # Try vector search first, fall back to keyword
-            $_search_py << PYEOF
+            # BUG-PU-010: Pass query via environment variable instead of embedding
+            # directly in heredoc to prevent shell/Python injection via triple-quotes
+            export LOKI_MEM_QUERY="$query"
+            $_search_py << 'PYEOF'
 import os, json, sys, glob
 
-query = """$query"""
+query = os.environ.get('LOKI_MEM_QUERY', '')
 results = []
 
 # Keyword search across all memory files
@@ -12450,7 +12756,7 @@ PYEOF
                     *)
                         echo -e "${RED}Unknown type: $type${NC}"
                         echo "Valid types: patterns, mistakes, successes"
-                        exit 1
+                        return 1
                         ;;
                 esac
             fi
@@ -12886,7 +13192,7 @@ except Exception as e:
                     if ls -1 .loki/memory/vectors/*.npz 2>/dev/null | head -1 >/dev/null 2>&1; then
                         for f in .loki/memory/vectors/*.npz; do
                             if [ -f "$f" ]; then
-                                count=$(python3 -c "import numpy as np; d=np.load('$f'); print(len(d['ids']))" 2>/dev/null || echo "error")
+                                count=$(_NPZ_FILE="$f" python3 -c "import numpy as np, os; d=np.load(os.environ['_NPZ_FILE']); print(len(d['ids']))" 2>/dev/null || echo "error")
                                 echo "  $(basename "$f"): $count vectors"
                             fi
                         done
@@ -14837,6 +15143,18 @@ cmd_telemetry() {
             local endpoint="${LOKI_OTEL_ENDPOINT:-}"
             if [ -n "$endpoint" ] && [ "$persistently_disabled" = false ]; then
                 echo -e "  Endpoint:  ${GREEN}$endpoint${NC}"
+                # BUG-PU-004: Actually test connectivity to the endpoint instead of
+                # failing silently when Jaeger/collector is down
+                local health_url="${endpoint}/v1/traces"
+                local health_code
+                health_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 3 "$health_url" 2>/dev/null) || health_code="000"
+                if [ "$health_code" = "000" ]; then
+                    echo -e "  Reachable: ${RED}NO (connection failed - is the collector running?)${NC}"
+                elif [ "$health_code" -ge 400 ] 2>/dev/null && [ "$health_code" -ne 405 ]; then
+                    echo -e "  Reachable: ${YELLOW}HTTP $health_code (may not be accepting traces)${NC}"
+                else
+                    echo -e "  Reachable: ${GREEN}YES${NC}"
+                fi
             elif [ "$persistently_disabled" = true ]; then
                 echo -e "  Endpoint:  ${YELLOW}ignored (opted out)${NC}"
             else
@@ -14861,7 +15179,7 @@ try {
             local config_file=".loki/config.json"
             if [ -f "$config_file" ]; then
                 local saved_endpoint
-                saved_endpoint=$(python3 -c "import json; print(json.load(open('$config_file')).get('otel_endpoint',''))" 2>/dev/null || echo "")
+                saved_endpoint=$(_CFG_FILE="$config_file" python3 -c "import json, os; print(json.load(open(os.environ['_CFG_FILE'])).get('otel_endpoint',''))" 2>/dev/null || echo "")
                 if [ -n "$saved_endpoint" ]; then
                     echo -e "  Saved:     $saved_endpoint"
                 fi
@@ -14886,7 +15204,9 @@ try {
             mkdir -p .loki
             local config_file=".loki/config.json"
             if [ -f "$config_file" ]; then
-                LOKI_TELEM_CFG="$config_file" LOKI_TELEM_ENDPOINT="$endpoint" \
+                # BUG-PU-011: Use separate if/then/fi to prevent python3 failure
+                # from falling through to else and overwriting config
+                if ! LOKI_TELEM_CFG="$config_file" LOKI_TELEM_ENDPOINT="$endpoint" \
                 python3 << 'TELEM_ENABLE_PY'
 import json, os
 cfg = os.environ['LOKI_TELEM_CFG']
@@ -14897,6 +15217,10 @@ config['otel_endpoint'] = ep
 with open(cfg, 'w') as f:
     json.dump(config, f, indent=2)
 TELEM_ENABLE_PY
+                then
+                    echo -e "${YELLOW}Warning: Could not update existing config, recreating${NC}"
+                    echo "{\"otel_endpoint\": \"$endpoint\"}" > "$config_file"
+                fi
             else
                 echo "{\"otel_endpoint\": \"$endpoint\"}" > "$config_file"
             fi
@@ -15771,17 +16095,20 @@ _context_show() {
     local ctx_file="$loki_dir/state/context-usage.json"
     if [ -f "$ctx_file" ]; then
         local total_tokens used_tokens input_tokens output_tokens cache_tokens
-        total_tokens=$(python3 -c "import json; d=json.load(open('$ctx_file')); print(d.get('window_size', 200000))" 2>/dev/null || echo "200000")
-        used_tokens=$(python3 -c "import json; d=json.load(open('$ctx_file')); print(d.get('used_tokens', 0))" 2>/dev/null || echo "0")
-        input_tokens=$(python3 -c "import json; d=json.load(open('$ctx_file')); print(d.get('input_tokens', 0))" 2>/dev/null || echo "0")
-        output_tokens=$(python3 -c "import json; d=json.load(open('$ctx_file')); print(d.get('output_tokens', 0))" 2>/dev/null || echo "0")
-        cache_tokens=$(python3 -c "import json; d=json.load(open('$ctx_file')); print(d.get('cache_read_tokens', 0))" 2>/dev/null || echo "0")
+        total_tokens=$(_LOKI_CTX_FILE="$ctx_file" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('window_size', 200000))" 2>/dev/null || echo "200000")
+        used_tokens=$(_LOKI_CTX_FILE="$ctx_file" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('used_tokens', 0))" 2>/dev/null || echo "0")
+        input_tokens=$(_LOKI_CTX_FILE="$ctx_file" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('input_tokens', 0))" 2>/dev/null || echo "0")
+        output_tokens=$(_LOKI_CTX_FILE="$ctx_file" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('output_tokens', 0))" 2>/dev/null || echo "0")
+        cache_tokens=$(_LOKI_CTX_FILE="$ctx_file" python3 -c "import json, os; d=json.load(open(os.environ['_LOKI_CTX_FILE'])); print(d.get('cache_read_tokens', 0))" 2>/dev/null || echo "0")
 
         # Display gauge
         if type context_gauge &>/dev/null; then
             context_gauge "$used_tokens" "$total_tokens" "Window"
         else
-            local pct=$((used_tokens * 100 / total_tokens))
+            local pct=0
+            if [ "$total_tokens" -gt 0 ] 2>/dev/null; then
+                pct=$((used_tokens * 100 / total_tokens))
+            fi
             echo -e "  ${CYAN}Context:${NC} ${pct}% used (${used_tokens} / ${total_tokens} tokens)"
         fi
         echo ""
@@ -15802,8 +16129,8 @@ _context_show() {
         echo ""
         echo -e "  ${BOLD}Cost${NC}"
         local budget_used budget_limit
-        budget_used=$(python3 -c "import json; d=json.load(open('$budget_file')); print(round(d.get('budget_used', 0), 4))" 2>/dev/null || echo "0")
-        budget_limit=$(python3 -c "import json; d=json.load(open('$budget_file')); print(d.get('budget_limit', 0))" 2>/dev/null || echo "0")
+        budget_used=$(_BUDGET_FILE="$budget_file" python3 -c "import json, os; d=json.load(open(os.environ['_BUDGET_FILE'])); print(round(d.get('budget_used', 0), 4))" 2>/dev/null || echo "0")
+        budget_limit=$(_BUDGET_FILE="$budget_file" python3 -c "import json, os; d=json.load(open(os.environ['_BUDGET_FILE'])); print(d.get('budget_limit', 0))" 2>/dev/null || echo "0")
 
         if [ "$budget_limit" != "0" ]; then
             echo -e "  ${DIM}Spent:${NC}     \$${budget_used} / \$${budget_limit}"
@@ -16431,7 +16758,15 @@ for a in agents:
                 return 1
             fi
 
-            local full_prompt="$persona $prompt"
+            # BUG-PU-003: Separate persona from user prompt with clear delimiter
+            # so the AI provider can distinguish role instruction from task
+            local full_prompt="You are acting as the following specialist agent:
+
+${persona}
+
+---
+
+USER TASK: ${prompt}"
             echo -e "${BOLD}Running as: $agent_type${NC}"
             echo -e "${DIM}Persona: ${persona:0:80}...${NC}"
             echo ""
@@ -16508,13 +16843,15 @@ for a in agents:
                 cmd_start "$prd"
             else
                 # Treat as inline prompt - create temp PRD
-                local tmp_prd
-                tmp_prd=$(mktemp /tmp/loki-agent-prd-XXXXXX.md)
+                # BUG-PU-003: Use .loki/ directory instead of /tmp so run.sh
+                # can find it after exec replaces this process. The temp file
+                # in /tmp was never cleaned because cmd_start uses exec.
+                mkdir -p "$LOKI_DIR"
+                local tmp_prd="$LOKI_DIR/agent-prd-$$.md"
                 echo "# Agent Task: $agent_type" > "$tmp_prd"
                 echo "" >> "$tmp_prd"
                 echo "$prd" >> "$tmp_prd"
                 cmd_start "$tmp_prd"
-                rm -f "$tmp_prd"
             fi
             ;;
 
@@ -17183,7 +17520,7 @@ except: pass
 {
   "project": {
     "name": "$project_name",
-    "description": $(python3 -c "import json; print(json.dumps('$project_description'))" 2>/dev/null || echo "\"$project_description\""),
+    "description": $(_DESC="$project_description" python3 -c "import json, os; print(json.dumps(os.environ.get('_DESC','')))" 2>/dev/null || echo "\"$project_description\""),
     "version": "$project_version",
     "path": "$target_path"
   },
@@ -20280,7 +20617,7 @@ cmd_share() {
 
     # Upload as gist
     echo "Uploading session report..."
-    local gist_desc="Loki Mode session report ($(date +%Y-%m-%d))"
+    local gist_desc="Loki Mode session report ($(date +%Y-%m-%dT%H:%M:%S))"
     local gist_url
     gist_url=$(gh gist create "$tmpfile" --desc "$gist_desc" $visibility 2>&1)
     local gist_exit=$?