loki-mode 6.71.1 → 6.72.0

package/dashboard/server.py

@@ -93,8 +93,14 @@ def _safe_json_read(path: _Path, default: Any = None) -> Any:
 
 
 def _safe_read_text(path: _Path) -> str:
-    """Read a text file with UTF-8 encoding, replacing non-UTF-8 bytes."""
-    return _Path(path).read_text(encoding="utf-8", errors="replace")
+    """Read a text file with UTF-8 encoding, replacing non-UTF-8 bytes.
+
+    Returns empty string on any I/O or encoding error (truly safe).
+    """
+    try:
+        return _Path(path).read_text(encoding="utf-8", errors="replace")
+    except (OSError, IOError, ValueError):
+        return ""
 
 
 # ---------------------------------------------------------------------------
@@ -362,13 +368,39 @@ async def _push_loki_state_loop() -> None:
                     try:
                         raw = _safe_json_read(state_file, {})
                         # Transform to StatusResponse-compatible format
+                        # BUG-NEW-001: Validate agent PIDs (match get_status behavior)
                         agents_list = raw.get("agents", [])
-                        running_agents = len(agents_list) if isinstance(agents_list, list) else 0
+                        running_agents = 0
+                        if isinstance(agents_list, list):
+                            for _agent in agents_list:
+                                _apid = _agent.get("pid") if isinstance(_agent, dict) else None
+                                if _apid:
+                                    try:
+                                        os.kill(int(_apid), 0)
+                                        running_agents += 1
+                                    except (OSError, ValueError, TypeError):
+                                        pass
+                                else:
+                                    running_agents += 1  # No PID field -- count as running (legacy)
                         tasks = raw.get("tasks", {})
                         pending = tasks.get("pending", [])
                         in_prog = tasks.get("inProgress", [])
+                        # BUG-NEW-006: Cross-check PID to avoid broadcasting
+                        # stale "running" status when process has crashed
+                        _pid_alive = False
+                        _ws_pid_file = loki_dir / "loki.pid"
+                        if _ws_pid_file.exists():
+                            try:
+                                _ws_pid = int(_ws_pid_file.read_text().strip())
+                                os.kill(_ws_pid, 0)
+                                _pid_alive = True
+                            except (ValueError, OSError, ProcessLookupError):
+                                pass
+
                         status_str = raw.get("mode", "autonomous")
-                        if status_str == "paused":
+                        if not _pid_alive:
+                            status_str = "stopped"
+                        elif status_str == "paused":
                             status_str = "paused"
                         elif status_str in ("stopped", ""):
                             status_str = "stopped"
@@ -513,7 +545,7 @@ async def agent_card() -> dict:
             "multi_tenant": True,
             "rbac": True,
             "audit_log": True,
-            "sso": False,
+            "sso": auth.is_oidc_mode(),
         },
         "authentication": {
             "schemes": ["bearer", "api-key"],
@@ -1077,7 +1109,15 @@ async def list_tasks(
             fpath = queue_dir / queue_file
             if fpath.exists():
                 try:
-                    items = json.loads(fpath.read_text())
+                    raw_items = json.loads(fpath.read_text())
+                    # BUG-NEW-002: Support both array [...] and object {"tasks": [...]} formats
+                    # (matches run.sh load_queue_tasks which supports both)
+                    if isinstance(raw_items, dict):
+                        items = raw_items.get("tasks", [])
+                    elif isinstance(raw_items, list):
+                        items = raw_items
+                    else:
+                        items = []
                     if isinstance(items, list):
                         for i, item in enumerate(items):
                             if isinstance(item, dict):
@@ -1592,8 +1632,9 @@ async def sync_registry():
         raise HTTPException(status_code=429, detail="Rate limit exceeded")
 
     try:
+        loop = asyncio.get_running_loop()
         result = await asyncio.wait_for(
-            asyncio.get_event_loop().run_in_executor(None, registry.sync_registry_with_discovery),
+            loop.run_in_executor(None, registry.sync_registry_with_discovery),
             timeout=30.0,
         )
     except asyncio.TimeoutError:
@@ -1630,7 +1671,7 @@ class FocusRequest(BaseModel):
     project_dir: str
 
 
-@app.post("/api/focus")
+@app.post("/api/focus", dependencies=[Depends(auth.require_scope("control"))])
 async def set_focus(request: FocusRequest):
     """Set the active project directory for .loki/ resolution.
 
@@ -1642,10 +1683,17 @@ async def set_focus(request: FocusRequest):
     project_dir = request.project_dir.strip()
     if not project_dir:
         raise HTTPException(status_code=400, detail="project_dir must not be empty")
-    p = _Path(project_dir)
+    p = _Path(project_dir).resolve()
     if not p.is_dir():
         raise HTTPException(status_code=400, detail=f"Directory does not exist: {project_dir}")
-    _active_project_dir = str(p.resolve())
+    # Require the target directory to contain a .loki/ subdirectory to prevent
+    # pointing the dashboard at arbitrary filesystem locations.
+    if not (p / ".loki").is_dir():
+        raise HTTPException(
+            status_code=400,
+            detail=f"Directory does not contain a .loki/ subdirectory: {project_dir}"
+        )
+    _active_project_dir = str(p)
     return {"project_dir": _active_project_dir, "loki_dir": str(_get_loki_dir())}
 
 
@@ -1658,7 +1706,7 @@ async def get_focus():
     }
 
 
-@app.delete("/api/focus")
+@app.delete("/api/focus", dependencies=[Depends(auth.require_scope("control"))])
 async def clear_focus():
     """Clear the active project directory override (revert to CWD-based resolution)."""
     global _active_project_dir
@@ -1752,7 +1800,7 @@ async def create_token(request: TokenCreateRequest):
         raise HTTPException(status_code=400, detail=str(e))
 
 
-@app.get("/api/enterprise/tokens", response_model=list[TokenResponse])
+@app.get("/api/enterprise/tokens", response_model=list[TokenResponse], dependencies=[Depends(auth.require_scope("admin"))])
 async def list_tokens(include_revoked: bool = False):
     """List all API tokens (enterprise only)."""
     if not auth.is_enterprise_mode():
@@ -2347,7 +2395,7 @@ def _read_learning_signals(signal_type: Optional[str] = None, limit: int = 50) -
 
 @app.get("/api/learning/metrics")
 async def get_learning_metrics(
-    timeRange: str = "7d",
+    timeRange: str = Query("7d", pattern=r"^\d{1,4}[hdm]$"),
     signalType: Optional[str] = None,
     source: Optional[str] = None,
 ):
@@ -2416,7 +2464,7 @@ async def get_learning_metrics(
 
 @app.get("/api/learning/trends")
 async def get_learning_trends(
-    timeRange: str = "7d",
+    timeRange: str = Query("7d", pattern=r"^\d{1,4}[hdm]$"),
     signalType: Optional[str] = None,
     source: Optional[str] = None,
 ):
@@ -2436,7 +2484,7 @@ async def get_learning_trends(
 
 @app.get("/api/learning/signals")
 async def get_learning_signals(
-    timeRange: str = "7d",
+    timeRange: str = Query("7d", pattern=r"^\d{1,4}[hdm]$"),
     signalType: Optional[str] = None,
     source: Optional[str] = None,
     limit: int = Query(default=50, ge=1, le=1000),
@@ -2876,14 +2924,30 @@ async def stop_session(request: Request):
     stop_file.parent.mkdir(parents=True, exist_ok=True)
     stop_file.write_text(datetime.now(timezone.utc).isoformat())
 
-    # Try to kill the process
+    # BUG-ST-004: Send SIGTERM and wait for process to actually exit
     pid_file = _get_loki_dir() / "loki.pid"
+    process_stopped = False
     if pid_file.exists():
         try:
             pid = int(pid_file.read_text().strip())
             os.kill(pid, 15)  # SIGTERM
+            # Wait up to 5s for graceful shutdown
+            for _ in range(10):
+                await asyncio.sleep(0.5)
+                try:
+                    os.kill(pid, 0)  # Check if still alive
+                except OSError:
+                    process_stopped = True
+                    break
+            if not process_stopped:
+                # Process didn't exit gracefully, send SIGKILL
+                try:
+                    os.kill(pid, 9)
+                    process_stopped = True
+                except (OSError, ProcessLookupError):
+                    process_stopped = True
         except (ValueError, OSError, ProcessLookupError):
-            pass
+            process_stopped = True
 
     # Mark session.json as stopped
     session_file = _get_loki_dir() / "session.json"
@@ -2895,7 +2959,21 @@ async def stop_session(request: Request):
         except Exception:
             pass
 
-    return {"success": True, "message": "Stop signal sent"}
+    # BUG-NEW-005: Clean up orphaned per-iteration temp files left by killed process
+    logs_dir = _get_loki_dir() / "logs"
+    if logs_dir.exists():
+        import glob as _glob_mod
+        for orphan in _glob_mod.glob(str(logs_dir / "iter-output-*")):
+            try:
+                os.unlink(orphan)
+            except OSError:
+                pass
+
+    return {
+        "success": True,
+        "message": "Session stopped" if process_stopped else "Stop signal sent",
+        "process_stopped": process_stopped,
+    }
 
 
 # =============================================================================
@@ -4956,7 +5034,7 @@ async def run_quality_scan(preset: str = Query("default")):
 
 
 @app.get("/api/quality-report")
-def get_quality_report(fmt: str = Query("json", alias="format")):
+def get_quality_report(fmt: str = Query("json", alias="format", pattern="^(json|markdown|html)$")):
     """Get an exportable quality audit report."""
     if not _read_limiter.check("quality-report"):
         raise HTTPException(status_code=429, detail="Rate limit exceeded")
@@ -5034,6 +5112,10 @@ def start_migration(request_body: dict):
     options = request_body.get("options", {})
     if not codebase_path or not target:
         raise HTTPException(status_code=400, detail="codebase_path and target are required")
+    if not isinstance(codebase_path, str) or not isinstance(target, str):
+        raise HTTPException(status_code=400, detail="codebase_path and target must be strings")
+    if len(target) > 255:
+        raise HTTPException(status_code=400, detail="target must be 255 characters or fewer")
     # Check raw input for traversal BEFORE resolving
     if '..' in codebase_path:
         raise HTTPException(status_code=400, detail="Path traversal not allowed")

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v6.71.1
+**Version:** v6.72.0
 
 ---
 
@@ -476,7 +476,7 @@ loki-mode/
 │   └── INSTALLATION.md   # This file
 ├── CHANGELOG.md          # Version history
 ├── VERSION               # Current version number
-├── LICENSE               # MIT License
+├── LICENSE               # Business Source License 1.1
 ├── references/           # Agent and deployment references
 │   ├── agents.md
 │   ├── deployment.md
@@ -484,11 +484,11 @@ loki-mode/
 ├── autonomy/             # Autonomous runner (CLI only)
 │   ├── run.sh
 │   └── README.md
-├── examples/             # Sample PRDs for testing
+├── templates/            # 22 PRD templates for project scaffolding
 │   ├── simple-todo-app.md
 │   ├── api-only.md
 │   ├── static-landing-page.md
-│   └── full-stack-demo.md
+│   └── ... (22 templates total)
 ├── tests/                # Test suite (CLI only)
 │   ├── run-all-tests.sh
 │   ├── test-bootstrap.sh
@@ -497,7 +497,7 @@ loki-mode/
     └── vibe-kanban.md
 ```
 
-**Note:** Some files/directories (autonomy, tests, examples) are only available with full installation (Options A or B).
+**Note:** Some files/directories (autonomy, tests, templates) are only available with full installation (Options A or B).
 
 ---
 
@@ -795,16 +795,25 @@ rm -rf ~/.claude/skills/loki-mode
 
 After installation:
 
-1. **Quick Test:** Run a simple example
+1. **Verify Setup:** Check your environment is ready
    ```bash
-   ./autonomy/run.sh examples/simple-todo-app.md
+   loki doctor
    ```
 
-2. **Read Documentation:** Check out [README.md](README.md) for usage guides
+2. **Scaffold a Project:** Create a project from a template
+   ```bash
+   loki init my-app --template simple-todo-app
+   cd my-app
+   ```
+
+3. **Start Building:** Launch autonomous development
+   ```bash
+   loki start prd.md
+   ```
 
-3. **Create Your First PRD:** See the Quick Start section in README
+4. **Read Documentation:** Check out [README.md](../README.md) for usage guides
 
-4. **Join the Community:** Report issues or contribute at [GitHub](https://github.com/asklokesh/loki-mode)
+5. **Join the Community:** Report issues or contribute at [GitHub](https://github.com/asklokesh/loki-mode)
 
 ---
 
@@ -812,7 +821,7 @@ After installation:
 
 - **Issues/Bugs:** [GitHub Issues](https://github.com/asklokesh/loki-mode/issues)
 - **Discussions:** [GitHub Discussions](https://github.com/asklokesh/loki-mode/discussions)
-- **Documentation:** [README.md](README.md)
+- **Documentation:** [README.md](../README.md)
 
 ---
 

package/docs/bug-fixes/agent-01-cli-fixes.md

@@ -0,0 +1,101 @@
+# Agent 01 - CLI Functional Testing Bug Fixes
+
+File modified: `autonomy/loki`
+Total changes: 166 insertions, 39 deletions
+
+## Known Bugs Fixed
+
+### BUG-CLI-003 | PID recycling guard for `cmd_web_stop`
+- **Location**: `cmd_web_stop()` PID file kill block
+- **Fix**: Before killing a PID from the PID file, verify the process command matches `python`, `uvicorn`, or `Purple` via `ps -p PID -o comm=`. If the PID has been recycled by the OS to a non-Purple-Lab process, skip the kill and warn the user.
+
+### BUG-CLI-012 | Shell injection via unquoted Python file paths
+- **Location**: Multiple `python3 -c` calls throughout the CLI
+- **Fix**: Replaced all `open('$variable')` patterns in `python3 -c` calls with environment-variable-based parameter passing (`_VAR="$value" python3 -c "import os; open(os.environ['_VAR'])"`). Fixed 14 instances across:
+  - `cmd_status` context window (lines ~1741-1742)
+  - Healing report (friction map, failure modes)
+  - Trigger schedule count
+  - Failover chain providers
+  - Vector index stats (numpy)
+  - Context show (5 token metrics)
+  - Budget cost display (2 metrics)
+  - OTEL config endpoint
+  - Project description JSON output
+
+### BUG-CLI-005 | `cmd_web_status` wrong port and log paths
+- **Location**: `cmd_web_status()`
+- **Fix**: Port lookup now checks `$PURPLE_LAB_STATE_DIR/port` (home-based) first before CWD-based fallback. Log path resolves against home-based state dir first, falling back to CWD-based path.
+
+### BUG-CLI-006 | `loki logs` truncates to 50 lines silently
+- **Location**: `cmd_logs()`
+- **Fix**: Added full argument parsing with `--tail/-n`, `--follow/-f`, `--all/-a`, and `--help`. The 50-line default is now documented in a hint line shown with output. Added `--follow` for live streaming.
+
+### BUG-CLI-007 | `loki init` skips directory creation on failure
+- **Location**: `cmd_init()` project directory creation
+- **Fix**: Added `if ! mkdir -p` guards for both the project directory and `.loki` directory creation. Script now exits with an error message if directory creation fails.
+
+### BUG-CLI-008 | `loki export` overwrites without confirmation
+- **Location**: `_export_json()`, `_export_markdown()`, `_export_csv()`, `_export_timeline()`
+- **Fix**: Added `_export_check_overwrite()` helper that checks if the output file exists and prompts `Overwrite? [y/N]` before writing. Called in all four export format functions.
+
+### BUG-CLI-009 | `loki share` generates non-unique IDs
+- **Location**: `cmd_share()` gist description
+- **Fix**: Changed gist description timestamp from `%Y-%m-%d` (day granularity) to `%Y-%m-%dT%H:%M:%S` (second granularity) to avoid collisions when sharing multiple times per day.
+
+### BUG-CLI-010 | `loki config set` accepts any key without validation
+- **Location**: `cmd_config_set()` wildcard case
+- **Fix**: Changed from a warning that stores the value anyway to a hard error that lists valid keys and returns 1. Unknown keys are now rejected.
+
+### BUG-CLI-011 | `config_get` error handling
+- **Location**: `cmd_config_get()`
+- **Fix**: Wrapped the Python heredoc in a subshell capture with `|| { error; return 1; }` pattern to gracefully handle python3 failures without leaking state. Removed unnecessary `unset` of inline env vars.
+
+### BUG-CLI-008 (Medium) | `LOKI_DIR` not exported for Python heredocs
+- **Location**: Line 129
+- **Fix**: Added `export LOKI_DIR` immediately after assignment. This ensures all Python heredocs using `os.environ.get("LOKI_DIR", ".loki")` receive the correct value.
+
+### BUG-PAR-002 | `worktree list` branch pattern never matches
+- **Location**: `cmd_worktree()` list subcommand
+- **Fix**: Branch matching pattern changed from `loki-parallel-*` to match both `parallel-*` and `loki-parallel-*`. The actual branches created by `run.sh` use `parallel-<stream>` prefix (line 2130 of run.sh), not `loki-parallel-`.
+
+### BUG-PAR-010 | `worktree clean` doesn't kill running sessions
+- **Location**: `cmd_worktree()` clean subcommand
+- **Fix**: Before removing a worktree via `git worktree remove`, check for `.loki/loki.pid` in the worktree directory. If a session is running, send SIGTERM, wait 1 second, then SIGKILL if needed.
+
+## New Bugs Found and Fixed
+
+### NEW-CLI-001 | Division by zero in context percentage calculation
+- **Location**: `cmd_status()` and `_context_show()`
+- **Fix**: Added `if [ "$ctx_total" -gt 0 ]` / `if [ "$total_tokens" -gt 0 ]` guards before the `$((used * 100 / total))` arithmetic. If total is zero, percentage defaults to 0.
+
+### NEW-CLI-002 | Missing `loki web logs` subcommand
+- **Location**: `cmd_web()` case dispatch
+- **Fix**: Added `logs)` case to `cmd_web()` that displays Purple Lab server logs using `tail -n`. Defaults to 100 lines. Also checks home-based state dir and CWD-based fallback for log file location. Updated `cmd_web_help()` to list the `logs` subcommand.
+
+## Bugs Investigated But Not Fixed (Already Correct)
+
+### BUG-CLI-001 / BUG-CLI-002 | `--port` / `--prd` unbound variable
+- **Status**: Already fixed in current code. `cmd_web_start()` initializes `port="${PURPLE_LAB_DEFAULT_PORT}"` and `prd_file=""` before the argument parsing loop. The `--port` and `--prd` handlers properly check `${2:-}` before accessing `$2`.
+
+### BUG-CLI-004 | `--no-open` flag ignored
+- **Status**: Already working correctly. The `open_browser` variable is set to `false` by `--no-open` and checked with `if [ "$open_browser" = true ]` before any browser-open calls.
+
+### BUG-CLI-009 (Medium) | Empty array with `set -u` in `list_running_sessions`
+- **Status**: Already fixed. Uses `${sessions[@]+"${sessions[@]}"}` pattern throughout, which is the correct `set -u`-safe array expansion.
+
+### BUG-CMD-001 | `cmd_web` wildcard duplicates arguments
+- **Status**: Analyzed and found to be working correctly. The `*)` case properly shifts the subcommand-as-flag, then passes it along with remaining args to `cmd_web_start`.
+
+## Bugs Found But Not Fixed (Out of Scope or Extensive)
+
+### Missing `$2` guards in `shift 2` patterns
+- **Location**: Multiple argument parsers (e.g., `cmd_state query`, trigger config parsing)
+- **Issue**: Under `set -u`, if a flag like `--agent` is the last argument without a value, `$2` is unset, causing a crash. The pattern `shift 2 ;;` should be guarded with `${2:-}` checks.
+- **Impact**: Low -- only triggers on malformed user input.
+- **Scope**: 20+ occurrences across the file; would require systematic refactoring.
+
+### Remaining shell-expanded heredocs with `$variable` in `open()` calls
+- **Location**: Lines 3745, 8002, 9332, 10228, 10262, 12604, 16844, etc.
+- **Issue**: Double-quoted heredocs (`<< HEREDOC`) interpolate shell variables into Python `open()` calls. While the variables are internally-constructed paths (not user input), specially-crafted directory names with quotes could theoretically cause injection.
+- **Impact**: Very low -- would require the user to be working in a directory with Python metacharacters in its path.
+- **Scope**: 15+ occurrences; fixing all requires converting to single-quoted heredocs with env var passing.

package/docs/bug-fixes/agent-02-purplelab-fixes.md

@@ -0,0 +1,88 @@
+# Agent 02: Purple Lab Functional Testing - Bug Fix Report
+
+## Summary
+
+Audited `web-app/server.py` (5,679 lines) and all frontend components in `web-app/src/` (50 files).
+Fixed 8 bugs (3 security, 2 resource leaks, 2 race conditions, 1 missing validation).
+Verified all 13 bugs from BUG-AUDIT-v6.61.0 against the current codebase.
+
+## Bugs Fixed
+
+### FIX-1: `_save_secrets()` crashes when crypto module is missing (BUG-PL-013 related)
+- **File**: `web-app/server.py:2431`
+- **Severity**: Medium
+- **Problem**: `_save_secrets()` calls `from crypto import encrypt_value, encryption_available` without try/except ImportError. When the crypto module is not installed, saving any secret (POST /api/secrets) crashes with an unhandled ImportError. The counterpart `_load_secrets()` already handles this correctly.
+- **Fix**: Wrapped the crypto import in try/except ImportError with plaintext fallback, matching the pattern in `_load_secrets()`.
+
+### FIX-2: `fix_session` orphans child processes (BUG-PL-007 related)
+- **File**: `web-app/server.py:4203`
+- **Severity**: High
+- **Problem**: `run_fix()` in the `/api/sessions/{id}/fix` endpoint spawns a subprocess but never calls `_track_child_pid()` or `_untrack_child_pid()`. When `loki web stop` runs, these fix processes are not found in the tracking list and remain as orphans, consuming resources. The chat endpoint (`run_chat()`) correctly tracks and untracks -- this was a missed pattern.
+- **Fix**: Added `_track_child_pid(proc.pid)` after process creation and `_untrack_child_pid(proc.pid)` in the finally block.
+
+### FIX-3: Session history leaks full filesystem paths (BUG-PL-003 from task description)
+- **File**: `web-app/server.py:3411`
+- **Severity**: Medium (security/information disclosure)
+- **Problem**: `get_sessions_history()` returned `"path": str(entry)` which exposes full paths like `/Users/lokesh/purple-lab-projects/project-123`. In deployed scenarios this leaks the server's filesystem structure, username, and directory layout.
+- **Fix**: Replaced with sanitized relative paths using `~/` prefix (e.g., `~/purple-lab-projects/project-123`). This is safe because the session history path is display-only on the frontend.
+
+### FIX-4: `delete_session` leaks filesystem path in response
+- **File**: `web-app/server.py:3495`
+- **Severity**: Low (security/information disclosure)
+- **Problem**: `delete_session()` returned `"path": str(target)` in its response, exposing the full filesystem path to the client.
+- **Fix**: Changed to return `"session_id": session_id` instead.
+
+### FIX-5: `start_session` accepts arbitrary projectDir without validation
+- **File**: `web-app/server.py:2510`
+- **Severity**: High (security)
+- **Problem**: The `projectDir` field from StartRequest was used directly without any path validation. A malicious client could pass `/etc`, `/root`, or any system path, and the server would create directories and write PRD files there. The `onboard_session` endpoint already validates paths correctly.
+- **Fix**: Added validation ensuring user-supplied `projectDir` resolves to within the home directory, matching the pattern in `onboard_session`.
+
+### FIX-6: `create_session_file` missing content size limit (BUG-PL-005 from task description)
+- **File**: `web-app/server.py:3691`
+- **Severity**: Medium
+- **Problem**: `create_session_file()` (POST) accepts file content without any size validation. The sibling `save_session_file()` (PUT) correctly enforces a 1MB limit. A client could create arbitrarily large files via the POST endpoint.
+- **Fix**: Added `len(req.content.encode(...)) > 1_048_576` check matching the PUT endpoint.
+
+### FIX-7: `pause_session` and `resume_session` mutate state without lock
+- **File**: `web-app/server.py:2972, 2989`
+- **Severity**: Medium (race condition)
+- **Problem**: Both `pause_session()` and `resume_session()` read `session.running`, `session.process`, and write `session.paused` without holding `session._lock`. Concurrent pause/resume and stop operations could produce torn state. The `stop_session` and `start_session` endpoints correctly use `async with session._lock`.
+- **Fix**: Wrapped both endpoints' state access in `async with session._lock`.
+
+### FIX-8: `delete_secret` endpoint missing key format validation
+- **File**: `web-app/server.py:4340`
+- **Severity**: Low (defense in depth)
+- **Problem**: The `delete_secret()` endpoint accepts arbitrary strings as the `key` parameter without validation. While not exploitable (used only as dict key lookup), the `set_secret()` endpoint validates key format -- the inconsistency could mask bugs.
+- **Fix**: Added `re.match(r'^[A-Za-z_][A-Za-z0-9_]*$', key)` validation matching `set_secret()`.
+
+## Bugs from Audit Already Fixed in Current Codebase
+
+The following bugs from BUG-AUDIT-v6.61.0 were already fixed before this audit:
+
+| Bug ID | Description | Status |
+|--------|-------------|--------|
+| BUG-PL-001 | Dead code after `stop_session` return | Fixed: no early return, full cleanup runs |
+| BUG-PL-002 | `session.reset()` never called on stop | Fixed: `session.reset()` called at line 2742 |
+| BUG-PL-003 (audit) | Reader task sets `running=False` without lock | Fixed: uses `async with session._lock` at line 2361 |
+| BUG-PL-004 | Chat/fix missing secrets injection | Fixed: both endpoints call `_load_secrets()` |
+| BUG-PL-005 (audit) | Pause state never tracked | Fixed: `session.paused` set in both pause/resume |
+| BUG-PL-006 | `delete_session` can delete active session | Fixed: explicit active session check at line 3458 |
+| BUG-PL-009 | Project dir name collision (second-granularity) | Fixed: uses milliseconds (`time.time() * 1000`) |
+| BUG-PL-010 | `get_status` mutates `running` without lock | Fixed: uses local `is_running` variable, not session state |
+| BUG-PL-011 | Session history breaks after first non-empty dir | Fixed: no early `break` in history loop |
+| BUG-PL-012 | `cancel_chat` unhandled `TimeoutExpired` | Fixed: caught at line 4133 |
+
+## New Bugs Discovered (Beyond Audit)
+
+All bugs listed in the "Bugs Fixed" section above (FIX-1 through FIX-8) are new discoveries not covered by the original BUG-AUDIT-v6.61.0 for the Purple Lab category. FIX-1, FIX-2, FIX-5, FIX-6, FIX-7, and FIX-8 are entirely new findings.
+
+## Verification
+
+- Python syntax: `ast.parse()` passes on modified server.py
+- Frontend build: `npm run build` succeeds with no new errors
+- All changes are backward-compatible (no API contract changes except delete_session response field rename from `path` to `session_id`)
+
+## Files Modified
+
+- `web-app/server.py` -- 8 bug fixes (50 insertions, 26 deletions)

package/docs/bug-fixes/agent-03-dashboard-fixes.md

@@ -0,0 +1,119 @@
+# Agent 03: Dashboard API Functional Testing - Bug Fix Report
+
+## Scope
+File: `dashboard/server.py` (~5,259 lines, FastAPI)
+Focus: All API routes, WebSocket handlers, task board features, security audit
+
+## Bug Audit Status from BUG-AUDIT-v6.61.0.md
+
+### Already Fixed (verified in current codebase)
+
+| Bug ID | Description | Status |
+|--------|-------------|--------|
+| BUG-DASH-001 | Token creation endpoint has no authentication | FIXED - `require_scope("admin")` dependency at line 1719 |
+| BUG-DASH-002 | WebSocket rate-limit calls close() on unaccepted connection | FIXED - `accept()` then `close()` at lines 1396-1397 |
+| BUG-DASH-003 | WebSocket connection limit rejection enters receive loop | FIXED - `connect()` returns False, caller returns at line 1421-1422 |
+| BUG-DASH-004 | `create_project` doesn't validate tenant_id | FIXED - Tenant existence check + `Field(..., gt=0)` validation |
+| BUG-DASH-005 | `update_task` doesn't clear completed_at on reopen | FIXED - `completed_at = None` in else branch at line 1254 |
+| BUG-DASH-006 | Task state machine missing DONE transitions | FIXED - `DONE: {IN_PROGRESS, REVIEW}` at line 1316 |
+| BUG-DASH-009 | ProjectUpdate.status allows arbitrary strings | FIXED - `Literal["active", "archived", "completed", "paused"]` at line 179 |
+| BUG-DASH-010 | Audit log offset allows negative values | FIXED - `ge=0` constraint at line 1824 |
+| BUG-DASH-011 | Learning signals offset allows negative values | FIXED - `ge=0` constraint at line 2443 |
+| BUG-DASH-012 | WebSocket idle timeout doesn't call disconnect | FIXED - `finally: manager.disconnect(websocket)` at line 1469 |
+| BUG-DASH-013 | GET /api/tasks ignores project_id parameter | FIXED - Filter applied at lines 1132-1134 |
+
+### Not Applicable (code removed)
+
+| Bug ID | Description | Status |
+|--------|-------------|--------|
+| BUG-PL-001 | Dead code after stop_session return | N/A - Purple Lab code removed from server.py |
+| BUG-PL-002 | session.reset() never called on stop | N/A - Purple Lab code removed from server.py |
+| BUG-PL-003 | Reader task sets running=False without lock | N/A - Purple Lab code removed |
+| BUG-PL-004 | Chat/fix/auto-fix missing secrets injection | N/A - Purple Lab code removed |
+| BUG-PL-005 | Pause state never tracked | N/A - Purple Lab code removed |
+| BUG-PL-006 | delete_session can delete active directory | N/A - Purple Lab code removed |
+| BUG-PL-007 | Chat PIDs tracked but never untracked | N/A - Purple Lab code removed |
+| BUG-DS-002 | Auto-fix restart double-wraps command | N/A - Dev server code removed |
+| BUG-DS-003 | Overly broad port regex | N/A - Dev server code removed |
+| BUG-DS-004 | pip install into server's own environment | N/A - Dev server code removed |
+| BUG-DS-005 | Docker Compose port parsing crash | N/A - Dev server code removed |
+| BUG-DASH-007 | pause_session polling loop is dead code | N/A - pause_session rewritten (no polling loop) |
+
+## Fixes Applied in This Session
+
+### 1. BUG-DASH-008: `_safe_read_text` not truly safe (lines 95-101)
+
+**Problem**: `_safe_read_text` used `Path.read_text()` directly without exception handling. While `Path.read_text()` properly manages file handles (no leak), the function could raise `OSError` on permission errors or missing files. The "safe" name was misleading -- callers expected it to never raise.
+
+**Fix**: Wrapped in try/except to return empty string on any I/O error, making the function truly safe as its name implies.
+
+### 2. SECURITY: `/api/focus` POST/DELETE missing authentication (lines 1637, 1672)
+
+**Problem**: The `/api/focus` POST and DELETE endpoints had no auth dependency. Any network-reachable client could redirect the dashboard to read from an arbitrary project directory, potentially exposing data from other projects or causing the dashboard to process attacker-controlled state files.
+
+**Fix**:
+- Added `dependencies=[Depends(auth.require_scope("control"))]` to both POST and DELETE
+- Added validation requiring the target directory to contain a `.loki/` subdirectory to prevent pointing the dashboard at arbitrary filesystem locations
+- Changed to resolve path before checking, preventing TOCTOU issues
+
+### 3. SECURITY: `/api/enterprise/tokens` GET missing authentication (line 1766)
+
+**Problem**: The token listing endpoint had no auth dependency. When enterprise mode was enabled, any client could enumerate all API tokens (names, scopes, creation dates, expiration). While raw token values are not returned, the metadata exposure is still a security risk for token enumeration and scope discovery.
+
+**Fix**: Added `dependencies=[Depends(auth.require_scope("admin"))]` to require admin authentication.
+
+### 4. Deprecated `asyncio.get_event_loop()` in sync_registry (line 1600)
+
+**Problem**: Used `asyncio.get_event_loop()` which is deprecated in Python 3.10+ for getting the running loop from within an async function. This could cause `DeprecationWarning` or incorrect behavior in future Python versions.
+
+**Fix**: Changed to `asyncio.get_running_loop()` which is the correct API for async contexts.
+
+### 5. Input validation: timeRange parameters on learning endpoints (lines 2361, 2430, 2450)
+
+**Problem**: The `timeRange` parameters on `/api/learning/metrics`, `/api/learning/trends`, and `/api/learning/signals` accepted arbitrary strings with no validation. While `_parse_time_range()` handles invalid input gracefully (returns None), passing malformed strings wastes processing and could be used for fuzzing.
+
+**Fix**: Added `Query(..., pattern=r"^\d{1,4}[hdm]$")` constraint to validate format (1-4 digit number followed by h/d/m).
+
+### 6. Input validation: quality report format parameter (line 4970)
+
+**Problem**: The `format` parameter on `/api/quality-report` accepted any string, passing it to `rigour.export_report()`. Arbitrary format strings could cause unexpected behavior in the export function.
+
+**Fix**: Added `pattern="^(json|markdown|html)$"` constraint to limit to known formats.
+
+### 7. Input validation: migration start target and codebase_path (line 5048)
+
+**Problem**: The `start_migration` endpoint accepted `codebase_path` and `target` without type checking. Non-string values (lists, dicts) from JSON body would cause cryptic errors downstream.
+
+**Fix**: Added type validation (`isinstance` check for str) and length limit (255 chars) for `target`.
+
+## Security Audit Summary (OWASP Top 10)
+
+| OWASP Category | Status | Notes |
+|----------------|--------|-------|
+| A01: Broken Access Control | FIXED | Added auth to /api/focus, /api/enterprise/tokens |
+| A02: Cryptographic Failures | OK | Token generation uses `secrets` module |
+| A03: Injection | OK | SQLAlchemy ORM prevents SQL injection; list-form subprocess calls prevent shell injection; realpath + regex prevent path traversal |
+| A04: Insecure Design | FIXED | Focus endpoint now requires .loki/ subdirectory |
+| A05: Security Misconfiguration | OK | CORS restricted to localhost; default bind to 127.0.0.1; TLS optional |
+| A06: Vulnerable Components | N/A | Dependency audit out of scope |
+| A07: Auth Failures | OK | Rate limiting on sensitive endpoints; token management requires admin |
+| A08: Data Integrity | OK | Atomic file writes for state mutations (tmp + rename) |
+| A09: Logging Failures | OK | Audit logging on destructive operations (delete, stop, kill) |
+| A10: SSRF | MITIGATED | Focus endpoint restricted to dirs with .loki/ subdirectory |
+
+## Route Coverage Audit
+
+Verified all 100+ routes in server.py for:
+- Authentication requirements (auth scope dependencies)
+- Input validation (Pydantic models, Query constraints, regex patterns)
+- Error handling (try/except with proper HTTP status codes)
+- Rate limiting (control and read limiters)
+- Path traversal protection (realpath checks, SAFE_ID_RE regex)
+- Resource cleanup (WebSocket disconnect in finally block)
+
+## Verification
+
+```
+python3 -c "import ast; ast.parse(open('dashboard/server.py').read()); print('Syntax OK')"
+# Output: Syntax OK
+```