loki-mode 7.13.0 → 7.15.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-to-product system. Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product via the RARV-C closure loop, with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.13.0
+# Loki Mode v7.15.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -160,6 +160,8 @@ GROWTH ──[continuous improvement loop]──> GROWTH
 | `.loki/signals/HUMAN_REVIEW_NEEDED` | Never | When human decision required |
 | `.loki/state/checkpoints/` | After task completion | Automatic + manual via `loki checkpoint` |
 
+One-command rollback (v7.5.2+): `loki rollback latest` or `loki rollback to <id>` restores `.loki/` state from a checkpoint. It first captures a forced pre-rollback snapshot of the current state and prints its id, so a rollback is itself undoable (`loki rollback to <that-id>`). Use `loki rollback list` to see checkpoints.
+
 ---
 
 ## Module Loading Protocol (Skills)
@@ -381,4 +383,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.13.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.15.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.13.0
+7.15.0

package/autonomy/loki

@@ -13111,6 +13111,9 @@ main() {
         checkpoint|cp)
             cmd_checkpoint "$@"
             ;;
+        rollback)
+            cmd_rollback "$@"
+            ;;
         council)
             cmd_council "$@"
             ;;
@@ -16438,12 +16441,19 @@ SHOW_EOF
             local restored=0
             for item in "$cp_dir"/*; do
                 [ -e "$item" ] || continue
-                local name=$(basename "$item")
+                local name
+                name=$(basename "$item")
                 [ "$name" = "metadata.json" ] && continue
+                # R6: do not restore the worktree-snapshot sidecar as state.
+                [ "$name" = "worktree-snapshot.txt" ] && continue
 
                 if [ -d "$item" ]; then
-                    rm -rf ".loki/$name"
-                    cp -r "$item" ".loki/$name" 2>/dev/null && restored=$((restored + 1))
+                    # R6 data-loss fix: NEVER `rm -rf ".loki/$name"` -- the
+                    # checkpoint store lives under .loki/state/checkpoints/, so
+                    # blowing away .loki/state/ would destroy every checkpoint
+                    # (including this one). Merge-copy directory contents instead.
+                    mkdir -p ".loki/$name"
+                    cp -r "$item"/. ".loki/$name"/ 2>/dev/null && restored=$((restored + 1))
                 else
                     cp "$item" ".loki/$name" 2>/dev/null && restored=$((restored + 1))
                 fi
@@ -16451,17 +16461,28 @@ SHOW_EOF
 
             echo -e "  Restored: ${GREEN}$restored${NC} state items from $cp_id"
 
-            # Show git info for manual code rollback
-            local cp_sha=$(_CP_METADATA="$metadata" python3 -c "import json, os; d=json.load(open(os.environ['_CP_METADATA'])); print(d.get('git_sha','unknown'))" 2>/dev/null)
-            if [ -n "$cp_sha" ] && [ "$cp_sha" != "unknown" ] && [ "$cp_sha" != "not-a-git-repo" ]; then
+            # Show how to also restore code. R6: prefer the anchored working-tree
+            # snapshot over `git reset --hard <git_sha>`. git_sha is HEAD (the last
+            # commit), and Loki does not commit per iteration, so a hard reset
+            # discards the iteration's work instead of reconstructing it -- the old
+            # hint was misleading.
+            if git rev-parse --verify "refs/loki/cp/${cp_id}" >/dev/null 2>&1; then
                 echo ""
-                echo -e "  ${YELLOW}Note:${NC} Session state has been restored, but code is unchanged."
-                echo "  To also roll back code to the checkpoint's git state:"
+                echo -e "  ${YELLOW}Note:${NC} Session state restored. Code is unchanged."
+                echo "  To also restore the working tree to this checkpoint's snapshot:"
                 echo ""
-                echo -e "    ${DIM}git reset --hard ${cp_sha:0:8}${NC}"
+                echo -e "    ${DIM}git stash apply refs/loki/cp/${cp_id}${NC}"
                 echo ""
-                echo -e "  ${RED}Warning:${NC} git reset --hard will discard uncommitted changes."
-                echo "  Consider 'git stash' first to preserve current work."
+                echo -e "  ${DIM}(restores tracked files; newly-added files are not removed)${NC}"
+            else
+                local cp_sha
+                cp_sha=$(_CP_METADATA="$metadata" python3 -c "import json, os; d=json.load(open(os.environ['_CP_METADATA'])); print(d.get('git_sha','unknown'))" 2>/dev/null)
+                if [ -n "$cp_sha" ] && [ "$cp_sha" != "unknown" ] && [ "$cp_sha" != "not-a-git-repo" ]; then
+                    echo ""
+                    echo -e "  ${YELLOW}Note:${NC} Session state restored, but no working-tree snapshot"
+                    echo "  was captured for this checkpoint, so code changes since the last"
+                    echo -e "  commit (${cp_sha:0:8}) are not restorable from here."
+                fi
             fi
             ;;
 
@@ -16497,6 +16518,157 @@ SHOW_EOF
     esac
 }
 
+# R6: one-command rollback. Top-level, obvious entry point that mirrors the Bun
+# `loki rollback` subcommands (list/show/to/latest) so both routes are at parity.
+# Restore is destructive on .loki/ state, so it ALWAYS captures a forced
+# pre-rollback snapshot first (re-undoability invariant) and then glob-restores
+# whatever the checkpoint dir contains (works across all three checkpoint writers).
+cmd_rollback() {
+    local subcommand="${1:-help}"
+    shift 2>/dev/null || true
+
+    local checkpoints_dir=".loki/state/checkpoints"
+    local index_file="$checkpoints_dir/index.jsonl"
+
+    # Resolve the most recent checkpoint id from on-disk cp-*/chk-* dirs, sorted
+    # by mtime (newest last). Mirrors the Bun "latest = last entry" semantics but
+    # is robust to the three differing id formats.
+    _rollback_latest_id() {
+        [ -d "$checkpoints_dir" ] || return 1
+        ls -1dt "$checkpoints_dir"/*/ 2>/dev/null | head -1 | sed 's#/$##' | xargs -I{} basename {} 2>/dev/null
+    }
+
+    # Force a pre-rollback snapshot of current state, then glob-restore the target.
+    # Delegates the actual restore to `cmd_checkpoint rollback`, which already
+    # glob-restores and is shared with the manual path (no duplication).
+    _rollback_restore() {
+        local target_id="$1"
+        local want_code="$2"
+
+        # Validate id (defense in depth; cmd_checkpoint validates again).
+        if [[ ! "$target_id" =~ ^[a-zA-Z0-9_-]+$ ]]; then
+            echo -e "${RED}Error: Invalid checkpoint ID${NC}"
+            return 1
+        fi
+        if [ ! -d "$checkpoints_dir/$target_id" ]; then
+            echo -e "${RED}Error: Checkpoint not found: $target_id${NC}"
+            echo "Run 'loki rollback list' to see available checkpoints."
+            return 1
+        fi
+
+        # Re-undoability: snapshot current state before overwriting it.
+        local pre_id
+        pre_id="rb-pre-$(date -u '+%Y%m%d-%H%M%S')"
+        local pre_dir="$checkpoints_dir/$pre_id"
+        mkdir -p "$pre_dir"
+        local saved=0
+        for item in .loki/session.json .loki/dashboard-state.json .loki/CONTINUITY.md .loki/autonomy-state.json .loki/state .loki/queue; do
+            if [ -e "$item" ]; then
+                cp -r "$item" "$pre_dir/" 2>/dev/null && saved=$((saved + 1))
+            fi
+        done
+        _RB_PID="$pre_id" _RB_TS="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" _RB_DIR="$pre_dir" \
+        _RB_INDEX="$index_file" _RB_CHKDIR="$checkpoints_dir" python3 << 'RB_PRE_EOF' 2>/dev/null || true
+import json, os
+meta = {"id": os.environ["_RB_PID"], "timestamp": os.environ["_RB_TS"],
+        "message": "pre-rollback snapshot", "created_by": "loki rollback"}
+d = os.environ["_RB_DIR"]
+os.makedirs(d, exist_ok=True)
+with open(os.path.join(d, "metadata.json"), "w") as f:
+    json.dump(meta, f, indent=2)
+os.makedirs(os.environ["_RB_CHKDIR"], exist_ok=True)
+with open(os.environ["_RB_INDEX"], "a") as f:
+    f.write(json.dumps({"id": meta["id"], "timestamp": meta["timestamp"], "message": meta["message"]}) + "\n")
+RB_PRE_EOF
+        echo -e "  ${DIM}Saved prior state as ${pre_id} (undo this rollback with: loki rollback to ${pre_id})${NC}"
+
+        # Perform the actual state restore via the shared glob-restore path.
+        cmd_checkpoint rollback "$target_id"
+
+        # Optional code restore from the anchored working-tree snapshot.
+        if [ "$want_code" = "1" ]; then
+            if git rev-parse --verify "refs/loki/cp/${target_id}" >/dev/null 2>&1; then
+                echo ""
+                echo -e "  ${YELLOW}Restoring working tree from snapshot refs/loki/cp/${target_id}...${NC}"
+                if git stash apply "refs/loki/cp/${target_id}" 2>/dev/null; then
+                    echo -e "  ${GREEN}Working tree restored.${NC} (tracked files only; newly-added files were not removed)"
+                else
+                    echo -e "  ${RED}Could not apply snapshot cleanly.${NC} Resolve conflicts, or run: git stash apply refs/loki/cp/${target_id}"
+                fi
+            else
+                echo ""
+                echo -e "  ${YELLOW}No working-tree snapshot anchored for ${target_id}; code not restored.${NC}"
+            fi
+        fi
+    }
+
+    case "$subcommand" in
+        list|ls)
+            cmd_checkpoint list
+            ;;
+        show)
+            cmd_checkpoint show "$@"
+            ;;
+        to)
+            local target="${1:-}"
+            local want_code=0
+            shift 2>/dev/null || true
+            for a in "$@"; do [ "$a" = "--code" ] && want_code=1; done
+            if [ -z "$target" ]; then
+                echo -e "${RED}Error: Specify a checkpoint ID${NC}"
+                echo "Usage: loki rollback to <id> [--code]"
+                echo "Run 'loki rollback list' to see available checkpoints."
+                return 1
+            fi
+            echo -e "${BOLD}Rolling back to checkpoint: $target${NC}"
+            echo ""
+            _rollback_restore "$target" "$want_code"
+            ;;
+        latest)
+            local want_code=0
+            for a in "$@"; do [ "$a" = "--code" ] && want_code=1; done
+            local latest_id
+            latest_id=$(_rollback_latest_id)
+            if [ -z "$latest_id" ]; then
+                echo -e "${RED}No checkpoints found to roll back to.${NC}"
+                return 1
+            fi
+            echo -e "${BOLD}Rolling back to latest checkpoint: $latest_id${NC}"
+            echo ""
+            _rollback_restore "$latest_id" "$want_code"
+            ;;
+        help|--help|-h)
+            echo -e "${BOLD}loki rollback${NC} - One-command rollback to a checkpoint"
+            echo ""
+            echo "Restore .loki/ state and iteration/conversation context to a"
+            echo "previous checkpoint. Every rollback first saves your current state"
+            echo "as a pre-rollback snapshot, so you can always undo the undo."
+            echo ""
+            echo "Usage: loki rollback <command> [args]"
+            echo ""
+            echo "Commands:"
+            echo "  list              List recent checkpoints"
+            echo "  show <id>         Show checkpoint details"
+            echo "  to <id> [--code]  Restore to checkpoint <id>"
+            echo "  latest [--code]   Restore to the most recent checkpoint"
+            echo ""
+            echo "  --code            Also restore the working tree from the anchored"
+            echo "                    git snapshot (tracked files only; overwrites them)."
+            echo ""
+            echo "Examples:"
+            echo "  loki rollback list"
+            echo "  loki rollback latest"
+            echo "  loki rollback to cp-3-1717000000"
+            echo "  loki rollback to cp-3-1717000000 --code"
+            ;;
+        *)
+            echo -e "${RED}Unknown rollback command: $subcommand${NC}"
+            echo "Run 'loki rollback help' for usage."
+            return 1
+            ;;
+    esac
+}
+
 # Completion Council management
 cmd_council() {
     local subcommand="${1:-status}"
@@ -25103,6 +25275,173 @@ _loki_gist_upload() {
     echo -e "${GREEN}Shared: ${gist_url}${NC}"
 }
 
+# loki_tier_gate - R9 open-core tier/license seam.
+#
+# OSS-FIRST CONTRACT: this is a no-op ALLOW for OSS users. LOKI_TIER defaults
+# to "oss" and every existing free feature stays fully free. This function is
+# the single place where a future hosted/enterprise build would gate a
+# hosted-only capability. It is NEVER called from any existing free command
+# path; its only caller is the opt-in --hosted publish seam below. For OSS
+# (the default), it always returns 0 (allow).
+#
+# Args: $1 = capability name (informational; e.g. "hosted_publish").
+# Returns: 0 = allowed, 1 = gated (non-OSS tier without entitlement).
+# Env:  LOKI_TIER (default "oss"), LOKI_LICENSE_KEY (optional, non-OSS only).
+loki_tier_gate() {
+    local capability="${1:-}"
+    local tier="${LOKI_TIER:-oss}"
+
+    # OSS tier: everything is allowed, always. No license, no network, no gate.
+    if [ "$tier" = "oss" ]; then
+        return 0
+    fi
+
+    # Non-OSS tiers (hosted/enterprise) are a SEAM only. The hosted backend
+    # and license-verification service do not exist yet, so we cannot validate
+    # an entitlement. Be honest: do not pretend to grant a paid capability.
+    # A real hosted build replaces this branch with a verified license check.
+    if [ -z "${LOKI_LICENSE_KEY:-}" ]; then
+        echo -e "${YELLOW}LOKI_TIER='${tier}' requested but no LOKI_LICENSE_KEY set.${NC}" >&2
+        echo "Hosted/enterprise license verification is not available yet." >&2
+        echo "OSS users: leave LOKI_TIER unset (or 'oss') -- everything stays free." >&2
+        return 1
+    fi
+
+    # A license key is present but there is no verification backend yet. We do
+    # NOT fabricate a successful verification. The capability stays ungated for
+    # OSS-equivalent use; the seam is documented in docs/OPEN-CORE-BOUNDARY.md.
+    echo -e "${YELLOW}LOKI_LICENSE_KEY set but the verification backend is not available yet (R9 seam).${NC}" >&2
+    return 0
+}
+
+# _loki_hosted_publish_proof - R9 hosted proof-publish client stub.
+#
+# Posts an ALREADY-REDACTED proof page to a self-hosted/SaaS endpoint given by
+# LOKI_HOSTED_ENDPOINT. There is NO official Loki hosted backend yet; this is a
+# clean client seam an operator can point at their own endpoint. We never
+# fabricate a hosted URL: on success we print the URL the endpoint returned (or
+# the endpoint itself); on any failure we print an honest error and exit non-0.
+#
+# Args: $1 = proof id, $2 = redacted index.html path, $3 = proof.json path.
+# Returns: 0 on success, non-zero on missing endpoint / transport / non-2xx.
+_loki_hosted_publish_proof() {
+    local id="$1"
+    local html="$2"
+    local pj="$3"
+
+    # Tier seam (no-op allow for OSS). Hosted publish is opt-in regardless.
+    loki_tier_gate "hosted_publish" || true
+
+    local endpoint="${LOKI_HOSTED_ENDPOINT:-}"
+    if [ -z "$endpoint" ]; then
+        echo -e "${YELLOW}Hosted publishing backend not available.${NC}" >&2
+        echo "There is no official Loki hosted service yet (R9 ships the seam, not a live backend)." >&2
+        echo "To publish to your own hosted endpoint, set LOKI_HOSTED_ENDPOINT to its URL." >&2
+        echo "Or publish to a GitHub Gist instead: loki proof share ${id}" >&2
+        return 1
+    fi
+
+    if ! command -v curl &>/dev/null; then
+        echo -e "${RED}curl not found${NC}" >&2
+        echo "Hosted publishing requires curl. Install curl or use: loki proof share ${id}" >&2
+        return 1
+    fi
+
+    # CREDIBILITY: we upload the file the generator already redacted (the same
+    # bytes 'loki proof share' would put on a gist). We do not build a fresh
+    # body that could bypass redaction. If proof.json reports redaction was not
+    # applied, refuse -- never publish an unredacted artifact.
+    if [ -f "$pj" ]; then
+        local redaction_ok
+        redaction_ok=$(LOKI_PROOF_JSON="$pj" python3 - <<'PYEOF' 2>/dev/null || echo "unknown"
+import json, os
+try:
+    d = json.load(open(os.environ["LOKI_PROOF_JSON"]))
+except Exception:
+    print("unknown")
+else:
+    print("yes" if (d.get("redaction") or {}).get("applied") else "no")
+PYEOF
+)
+        if [ "$redaction_ok" = "no" ]; then
+            echo -e "${RED}Refusing to publish: proof redaction was not applied.${NC}" >&2
+            echo "Regenerate the proof (LOKI_PROOF=1) so the redactor runs, then retry." >&2
+            return 1
+        fi
+    fi
+
+    echo -e "${BOLD}Publishing proof '${id}' to hosted endpoint${NC}"
+    echo "  endpoint: ${endpoint}"
+    echo "  payload:  ${html} (already redacted by the generator)"
+    echo ""
+
+    # POST the redacted HTML. Auth header is sent only if a license key exists;
+    # OSS users with their own endpoint need no key.
+    local tmp_body tmp_code
+    tmp_body=$(mktemp "/tmp/loki-hosted-XXXXXX.out")
+    local -a curl_args=(-sS -o "$tmp_body" -w '%{http_code}' -X POST
+        -H "Content-Type: text/html"
+        -H "X-Loki-Proof-Id: ${id}"
+        --data-binary "@${html}")
+    if [ -n "${LOKI_LICENSE_KEY:-}" ]; then
+        curl_args+=(-H "Authorization: Bearer ${LOKI_LICENSE_KEY}")
+    fi
+    tmp_code=$(curl "${curl_args[@]}" "$endpoint" 2>/dev/null)
+    local curl_exit=$?
+
+    if [ "$curl_exit" -ne 0 ]; then
+        echo -e "${RED}Failed to reach hosted endpoint (curl exit ${curl_exit}).${NC}" >&2
+        echo "Check LOKI_HOSTED_ENDPOINT or publish to a gist: loki proof share ${id}" >&2
+        rm -f "$tmp_body"
+        return 1
+    fi
+
+    # Accept any 2xx. The published URL comes from the endpoint response if it
+    # returns one (we look for a "url" field), else we report the endpoint. We
+    # NEVER print a fabricated URL.
+    case "$tmp_code" in
+        2*)
+            local published_url
+            published_url=$(LOKI_HOSTED_BODY="$tmp_body" LOKI_HOSTED_EP="$endpoint" python3 - <<'PYEOF' 2>/dev/null || true
+import json, os
+body_path = os.environ["LOKI_HOSTED_BODY"]
+try:
+    txt = open(body_path).read().strip()
+except Exception:
+    txt = ""
+url = ""
+try:
+    d = json.loads(txt)
+    if isinstance(d, dict):
+        url = d.get("url") or d.get("public_url") or ""
+except Exception:
+    url = ""
+print(url)
+PYEOF
+)
+            rm -f "$tmp_body"
+            if [ -n "$published_url" ]; then
+                echo -e "${GREEN}Published: ${published_url}${NC}"
+            else
+                echo -e "${GREEN}Published to ${endpoint} (HTTP ${tmp_code}).${NC}"
+                echo "The endpoint did not return a 'url' field; check your endpoint's response."
+            fi
+            return 0
+            ;;
+        *)
+            echo -e "${RED}Hosted endpoint returned HTTP ${tmp_code}.${NC}" >&2
+            if [ -s "$tmp_body" ]; then
+                echo "Response:" >&2
+                head -c 500 "$tmp_body" >&2
+                echo "" >&2
+            fi
+            echo "Nothing was published. Or publish to a gist: loki proof share ${id}" >&2
+            rm -f "$tmp_body"
+            return 1
+            ;;
+    esac
+}
+
 # loki bench - head-to-head benchmark harness (R2).
 # Subcommands: run <task> | vs <task> | list | verify <result.json>.
 # Thin pass-through to benchmarks/bench/run.sh (shared python core runner.py).
@@ -25170,7 +25509,7 @@ cmd_proof() {
             echo "Options for 'share':"
             echo "  --yes                Skip the redaction-preview confirmation prompt"
             echo "  --private            Create a secret gist (default: public)"
-            echo "  --hosted             Reserved for hosted publishing (coming in R9)"
+            echo "  --hosted             Publish to LOKI_HOSTED_ENDPOINT (open-core seam; no official backend yet)"
             echo ""
             echo "Proofs are generated automatically at run completion (LOKI_PROOF=0 to opt out)."
             [ "$sub" = "" ] && exit 1
@@ -25269,15 +25608,13 @@ PYEOF
             local id=""
             local skip_confirm=0
             local visibility="--public"
+            local hosted=0
             while [[ $# -gt 0 ]]; do
                 case "$1" in
                     --yes|-y) skip_confirm=1; shift ;;
                     --private) visibility=""; shift ;;
                     --public) visibility="--public"; shift ;;
-                    --hosted)
-                        echo -e "${RED}Hosted publishing is not available yet (coming in R9).${NC}"
-                        exit 1
-                        ;;
+                    --hosted) hosted=1; shift ;;
                     -*) echo -e "${RED}Unknown option: $1${NC}"; exit 1 ;;
                     *) id="$1"; shift ;;
                 esac
@@ -25292,6 +25629,17 @@ PYEOF
                 echo "Use 'loki proof list' to see available proofs."
                 exit 1
             fi
+            # R9 open-core hosted-publish seam. Only taken when the user
+            # explicitly passes --hosted. The default gist path below stays
+            # byte-for-byte unchanged for OSS users (zero hosted backend
+            # required). We never silent-fall-back to gist here: the user asked
+            # for hosted, so we POST to a configured LOKI_HOSTED_ENDPOINT or
+            # print an honest "no endpoint configured" message and exit non-zero.
+            # We never fabricate a hosted URL.
+            if [ "$hosted" -eq 1 ]; then
+                _loki_hosted_publish_proof "$id" "$html" "${proofs_dir}/${id}/proof.json"
+                exit $?
+            fi
             if ! command -v gh &>/dev/null; then
                 echo -e "${RED}gh CLI not found${NC}"
                 echo "Install the GitHub CLI to publish a proof:"

package/autonomy/run.sh

@@ -7443,10 +7443,18 @@ create_checkpoint() {
 
     mkdir -p "$checkpoint_dir"
 
-    # Only checkpoint if there are uncommitted changes
-    if git diff --quiet 2>/dev/null && git diff --cached --quiet 2>/dev/null; then
-        log_info "No uncommitted changes to checkpoint"
-        return 0
+    # Only checkpoint if there are uncommitted changes.
+    # R6: _LOKI_CP_FORCE=1 bypasses this guard. Used by rollback to guarantee a
+    # pre-rollback snapshot of .loki/ state even when the git tree is clean (the
+    # .loki/ state files about to be overwritten are not git-tracked, so the
+    # clean-tree guard would otherwise skip the safety snapshot). Mirrors the
+    # Bun `forceCreate` seam in checkpoint.ts.
+    if [ "${_LOKI_CP_FORCE:-0}" != "1" ]; then
+        if git diff --quiet 2>/dev/null && git diff --cached --quiet 2>/dev/null; then
+            log_info "No uncommitted changes to checkpoint"
+            _LAST_CHECKPOINT_ID=""
+            return 0
+        fi
     fi
 
     # Capture git state
@@ -7465,7 +7473,9 @@ create_checkpoint() {
 
     # Copy critical state files (lightweight -- not full .loki/)
     # BUG-ST-009: Include autonomy-state.json in checkpoint backup
-    for f in state/orchestrator.json autonomy-state.json queue/pending.json queue/completed.json queue/in-progress.json queue/current-task.json; do
+    # R6: Include CONTINUITY.md so a rollback also restores iteration/conversation
+    # handoff context, not just machine state. Mirrors Bun COPIED_FILES.
+    for f in state/orchestrator.json autonomy-state.json queue/pending.json queue/completed.json queue/in-progress.json queue/current-task.json CONTINUITY.md; do
         if [ -f ".loki/$f" ]; then
             local target_dir="$cp_dir/$(dirname "$f")"
             mkdir -p "$target_dir"
@@ -7473,6 +7483,23 @@ create_checkpoint() {
         fi
     done
 
+    # R6: capture a real working-tree snapshot so code can be truly undone later.
+    # Loki does not commit per iteration, so git_sha (HEAD) cannot reconstruct
+    # this iteration's working tree. `git stash create` builds a commit object
+    # capturing tracked changes WITHOUT disturbing the tree; we then anchor it
+    # under refs/loki/cp/<id> so `git gc` cannot prune the dangling commit. The
+    # snapshot sha goes in a sidecar (worktree-snapshot.txt), NOT metadata.json,
+    # to preserve byte-for-byte parity with the Bun port.
+    # Honest limit: captures tracked changes only (not untracked/ignored files).
+    if git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+        local snap_sha
+        snap_sha=$(git stash create "loki checkpoint ${checkpoint_id}" 2>/dev/null || echo "")
+        if [ -n "$snap_sha" ]; then
+            git update-ref "refs/loki/cp/${checkpoint_id}" "$snap_sha" 2>/dev/null \
+                && printf '%s\n' "$snap_sha" > "$cp_dir/worktree-snapshot.txt" 2>/dev/null || true
+        fi
+    fi
+
     # Write checkpoint metadata (use python3 json.dumps for safe serialization)
     local phase_val
     phase_val=$(cat .loki/state/orchestrator.json 2>/dev/null | python3 -c 'import sys,json; print(json.load(sys.stdin).get("currentPhase","unknown"))' 2>/dev/null || echo 'unknown')
@@ -7531,6 +7558,10 @@ print(json.dumps({'id':m['id'],'ts':m['timestamp'],'iter':m['iteration'],'task':
     fi
 
     log_info "Checkpoint created: ${checkpoint_id} (git: ${git_sha:0:8})"
+    # R6: expose the id via a global so callers (rollback, run loop) can reference
+    # it without parsing stdout (log_info writes to stdout, so command-substitution
+    # capture would include log lines).
+    _LAST_CHECKPOINT_ID="$checkpoint_id"
 }
 
 rollback_to_checkpoint() {
@@ -7558,11 +7589,18 @@ rollback_to_checkpoint() {
 
     log_warn "Rolling back to checkpoint: ${checkpoint_id}"
 
-    # Create a pre-rollback checkpoint first
-    create_checkpoint "pre-rollback snapshot" "rollback"
+    # R6 re-undoability invariant: force a pre-rollback snapshot of CURRENT state
+    # before overwriting, even if the git tree is clean (the .loki/ state we are
+    # about to clobber is not git-tracked). _LOKI_CP_FORCE bypasses the clean-tree
+    # guard. Capture the snapshot id so we can tell the user how to undo the undo.
+    _LOKI_CP_FORCE=1 create_checkpoint "pre-rollback snapshot (before restoring ${checkpoint_id})" "rollback"
+    local pre_rollback_id="${_LAST_CHECKPOINT_ID:-}"
+    if [ -n "$pre_rollback_id" ]; then
+        log_info "Saved prior state as ${pre_rollback_id} (undo this rollback with: loki rollback to ${pre_rollback_id})"
+    fi
 
-    # Restore state files
-    for f in state/orchestrator.json queue/pending.json queue/completed.json queue/in-progress.json queue/current-task.json; do
+    # Restore state files (R6: CONTINUITY.md restores iteration/conversation context)
+    for f in state/orchestrator.json queue/pending.json queue/completed.json queue/in-progress.json queue/current-task.json CONTINUITY.md; do
         if [ -f "${cp_dir}/${f}" ]; then
             local target_dir=".loki/$(dirname "$f")"
             mkdir -p "$target_dir"
@@ -7599,9 +7637,17 @@ print(json.dumps({'event':'rollback','checkpoint':os.environ['_RB_CPID'],'git_sh
 
     log_info "State files restored from checkpoint: ${checkpoint_id}"
 
-    if [ -n "$git_sha" ] && [ "$git_sha" != "no-git" ]; then
-        log_info "Git SHA at checkpoint: ${git_sha}"
-        log_info "To rollback code: git reset --hard ${git_sha}"
+    # R6: the prior hint `git reset --hard ${git_sha}` was MISLEADING. git_sha is
+    # HEAD (the last commit), and Loki does not commit per iteration, so a hard
+    # reset would discard the iteration's work rather than reconstruct it. The
+    # correct, durable recovery is the anchored working-tree snapshot, if present.
+    if [ -f "${cp_dir}/worktree-snapshot.txt" ]; then
+        log_info "To also restore the working tree to this checkpoint:"
+        log_info "  git stash apply refs/loki/cp/${checkpoint_id}"
+    elif [ -n "$git_sha" ] && [ "$git_sha" != "no-git" ]; then
+        log_info "Git SHA at checkpoint (last commit): ${git_sha}"
+        log_info "Note: no working-tree snapshot was captured for this checkpoint;"
+        log_info "code changes since the last commit are not restorable from here."
     fi
 }
 
@@ -12001,6 +12047,10 @@ if __name__ == "__main__":
 
         # Checkpoint after each iteration (v5.57.0)
         create_checkpoint "iteration-${ITERATION_COUNT} complete" "iteration-${ITERATION_COUNT}"
+        # R6: prominent "you can safely undo this" signal so users run boldly.
+        if [ -n "${_LAST_CHECKPOINT_ID:-}" ]; then
+            log_info "Safety net: checkpoint ${_LAST_CHECKPOINT_ID} saved. Undo this iteration with: loki rollback to ${_LAST_CHECKPOINT_ID}"
+        fi
 
         # Quality gates (v6.10.0 - escalation ladder)
         log_step "Post-iteration: running quality gates..."

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.13.0"
+__version__ = "7.15.0"
 
 # Expose the control app for easy import
 try: