loki-mode 7.13.0 → 7.15.0

package/dashboard/server.py

@@ -5396,6 +5396,100 @@ async def create_checkpoint(body: CheckpointCreate = None):
     return metadata
 
 
+@app.post(
+    "/api/checkpoints/{checkpoint_id}/rollback",
+    dependencies=[Depends(auth.require_scope("control"))],
+)
+async def rollback_checkpoint(checkpoint_id: str):
+    """Restore .loki/ state from a checkpoint (R6: un-deads the dashboard
+    rollback button, which already POSTed here).
+
+    Safety:
+    - require_scope("control"): destructive, so it needs the control scope.
+    - _sanitize_checkpoint_id: blocks path traversal.
+    - Re-undoability invariant: a forced pre-rollback snapshot of current state
+      is captured BEFORE overwriting, so the human can undo the undo. The
+      pre_rollback_snapshot id is returned in the response so the caller can
+      surface it to the user.
+    - Glob-restore: copies back whatever files the checkpoint dir contains, so it
+      works regardless of which writer (run.sh / loki / dashboard) created it.
+    """
+    import shutil
+
+    checkpoint_id = _sanitize_checkpoint_id(checkpoint_id)
+    loki_dir = _get_loki_dir()
+    checkpoints_dir = loki_dir / "state" / "checkpoints"
+    cp_dir = checkpoints_dir / checkpoint_id
+
+    if not cp_dir.is_dir():
+        raise HTTPException(status_code=404, detail="Checkpoint not found")
+
+    # 1. Forced pre-rollback snapshot of current state (re-undoability).
+    now = datetime.now(timezone.utc)
+    pre_id = now.strftime("rb-pre-%Y%m%d-%H%M%S")
+    pre_dir = checkpoints_dir / pre_id
+    pre_dir.mkdir(parents=True, exist_ok=True)
+    for name in ("session.json", "dashboard-state.json", "CONTINUITY.md", "autonomy-state.json"):
+        src = loki_dir / name
+        if src.exists() and src.is_file():
+            try:
+                shutil.copy2(str(src), str(pre_dir / name))
+            except Exception:
+                pass
+    for dname in ("state", "queue"):
+        src = loki_dir / dname
+        if src.exists() and src.is_dir():
+            try:
+                shutil.copytree(str(src), str(pre_dir / dname), dirs_exist_ok=True)
+            except Exception:
+                pass
+    pre_meta = {
+        "id": pre_id,
+        "created_at": now.isoformat(),
+        "message": f"pre-rollback snapshot (before restoring {checkpoint_id})",
+        "created_by": "dashboard rollback",
+    }
+    try:
+        (pre_dir / "metadata.json").write_text(json.dumps(pre_meta, indent=2))
+        with open(str(checkpoints_dir / "index.jsonl"), "a") as f:
+            f.write(json.dumps(pre_meta) + "\n")
+    except Exception:
+        pass
+
+    # 2. Glob-restore the checkpoint contents back into .loki/.
+    # IMPORTANT: never rmtree a destination dir wholesale -- the checkpoint store
+    # itself lives under .loki/state/checkpoints/, so deleting .loki/state/ would
+    # destroy every checkpoint (including the one being restored AND the
+    # pre-rollback snapshot we just made). Merge directories with dirs_exist_ok
+    # so the checkpoints store survives.
+    restored = 0
+    errors = []
+    for item in cp_dir.iterdir():
+        if item.name in ("metadata.json", "worktree-snapshot.txt"):
+            continue
+        dest = loki_dir / item.name
+        try:
+            if item.is_dir():
+                shutil.copytree(str(item), str(dest), dirs_exist_ok=True)
+            else:
+                dest.parent.mkdir(parents=True, exist_ok=True)
+                shutil.copy2(str(item), str(dest))
+            restored += 1
+        except Exception as e:  # noqa: BLE001 -- report, do not abort other files
+            errors.append(f"{item.name}: {e}")
+
+    return {
+        "id": checkpoint_id,
+        "restored": restored,
+        "pre_rollback_snapshot": pre_id,
+        "errors": errors,
+        "message": (
+            f"Restored {restored} item(s) from {checkpoint_id}. "
+            f"Prior state saved as {pre_id} (undo this rollback by restoring it)."
+        ),
+    }
+
+
 # =============================================================================
 # Agent Management API (v5.25.0)
 # =============================================================================

package/dashboard/static/index.html

@@ -6914,7 +6914,7 @@ var LokiDashboard=(()=>{var $t=Object.defineProperty;var ae=Object.getOwnPropert
           </div>
         </div>
       </div>
-    `}};customElements.get("loki-cost-dashboard")||customElements.define("loki-cost-dashboard",X);var Z=class extends h{static get observedAttributes(){return["api-url","theme"]}constructor(){super(),this._loading=!1,this._error=null,this._api=null,this._checkpoints=[],this._pollInterval=null,this._lastDataHash=null,this._showCreateForm=!1,this._creating=!1,this._rollingBack=!1,this._rollbackTarget=null}connectedCallback(){super.connectedCallback(),this._setupApi(),this._loadData(),this._startPolling()}disconnectedCallback(){super.disconnectedCallback(),this._stopPolling()}attributeChangedCallback(t,e,i){e!==i&&(t==="api-url"&&this._api&&(this._api.baseUrl=i,this._loadData()),t==="theme"&&this._applyTheme())}_setupApi(){let t=this.getAttribute("api-url")||window.location.origin;this._api=g({baseUrl:t})}_startPolling(){this._pollInterval=setInterval(()=>this._loadData(),3e3),this._visibilityHandler=()=>{document.hidden?this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null):this._pollInterval||(this._loadData(),this._pollInterval=setInterval(()=>this._loadData(),3e3))},document.addEventListener("visibilitychange",this._visibilityHandler)}_stopPolling(){this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null),this._visibilityHandler&&(document.removeEventListener("visibilitychange",this._visibilityHandler),this._visibilityHandler=null)}async _loadData(){try{let[e]=await Promise.allSettled([this._api._get("/api/checkpoints?limit=50")]);e.status==="fulfilled"&&(this._checkpoints=Array.isArray(e.value)?e.value:e.value?.checkpoints||[]),this._error=null}catch(e){this._error=e.message}let t=JSON.stringify({c:this._checkpoints,e:this._error});t!==this._lastDataHash&&(this._lastDataHash=t,this.render())}async _createCheckpoint(){let t=this.shadowRoot.getElementById("checkpoint-message"),e=t?t.value.trim():"";if(e){this._creating=!0,this.render();try{await this._api._post("/api/checkpoints",{message:e}),this._showCreateForm=!1,this._creating=!1,this.dispatchEvent(new CustomEvent("checkpoint-action",{detail:{action:"create",message:e},bubbles:!0})),this._lastDataHash=null,await this._loadData()}catch(i){this._creating=!1,this._error=`Failed to create checkpoint: ${i.message}`,this.render()}}}async _rollbackCheckpoint(t){if(!this._rollingBack){this._rollingBack=!0,this.render();try{await this._api._post(`/api/checkpoints/${t}/rollback`),this._rollbackTarget=null,this.dispatchEvent(new CustomEvent("checkpoint-action",{detail:{action:"rollback",checkpointId:t},bubbles:!0})),this._lastDataHash=null,await this._loadData()}catch(e){this._rollbackTarget=null,this._error=`Failed to rollback: ${e.message}`}finally{this._rollingBack=!1,this.render()}}}_toggleCreateForm(){this._showCreateForm=!this._showCreateForm,this._rollbackTarget=null,this.render()}_confirmRollback(t){this._rollbackTarget=t,this.render()}_cancelRollback(){this._rollbackTarget=null,this.render()}_formatRelativeTime(t){if(!t)return"";try{let e=Date.now(),i=new Date(t).getTime(),a=Math.floor((e-i)/1e3);return a<60?`${a}s ago`:a<3600?`${Math.floor(a/60)}m ago`:a<86400?`${Math.floor(a/3600)}h ago`:`${Math.floor(a/86400)}d ago`}catch{return this._escapeHTML(t)}}render(){let t=this.shadowRoot;if(!t)return;let e=this._checkpoints.length;t.innerHTML=`
+    `}};customElements.get("loki-cost-dashboard")||customElements.define("loki-cost-dashboard",X);var Z=class extends h{static get observedAttributes(){return["api-url","theme"]}constructor(){super(),this._loading=!1,this._error=null,this._api=null,this._checkpoints=[],this._pollInterval=null,this._lastDataHash=null,this._showCreateForm=!1,this._creating=!1,this._rollingBack=!1,this._rollbackTarget=null,this._notice=null}connectedCallback(){super.connectedCallback(),this._setupApi(),this._loadData(),this._startPolling()}disconnectedCallback(){super.disconnectedCallback(),this._stopPolling()}attributeChangedCallback(t,e,i){e!==i&&(t==="api-url"&&this._api&&(this._api.baseUrl=i,this._loadData()),t==="theme"&&this._applyTheme())}_setupApi(){let t=this.getAttribute("api-url")||window.location.origin;this._api=g({baseUrl:t})}_startPolling(){this._pollInterval=setInterval(()=>this._loadData(),3e3),this._visibilityHandler=()=>{document.hidden?this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null):this._pollInterval||(this._loadData(),this._pollInterval=setInterval(()=>this._loadData(),3e3))},document.addEventListener("visibilitychange",this._visibilityHandler)}_stopPolling(){this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null),this._visibilityHandler&&(document.removeEventListener("visibilitychange",this._visibilityHandler),this._visibilityHandler=null)}async _loadData(){try{let[e]=await Promise.allSettled([this._api._get("/api/checkpoints?limit=50")]);e.status==="fulfilled"&&(this._checkpoints=Array.isArray(e.value)?e.value:e.value?.checkpoints||[]),this._error=null}catch(e){this._error=e.message}let t=JSON.stringify({c:this._checkpoints,e:this._error});t!==this._lastDataHash&&(this._lastDataHash=t,this.render())}async _createCheckpoint(){let t=this.shadowRoot.getElementById("checkpoint-message"),e=t?t.value.trim():"";if(e){this._creating=!0,this.render();try{await this._api._post("/api/checkpoints",{message:e}),this._showCreateForm=!1,this._creating=!1,this.dispatchEvent(new CustomEvent("checkpoint-action",{detail:{action:"create",message:e},bubbles:!0})),this._lastDataHash=null,await this._loadData()}catch(i){this._creating=!1,this._error=`Failed to create checkpoint: ${i.message}`,this.render()}}}async _rollbackCheckpoint(t){if(!this._rollingBack){this._rollingBack=!0,this._notice=null,this.render();try{let e=await this._api._post(`/api/checkpoints/${t}/rollback`);this._rollbackTarget=null;let i=e&&e.pre_rollback_snapshot;this._notice=i?`Rolled back to ${t}. Undo this with checkpoint ${i}`:`Rolled back to ${t}.`,this.dispatchEvent(new CustomEvent("checkpoint-action",{detail:{action:"rollback",checkpointId:t,preRollbackSnapshot:i||null},bubbles:!0})),this._lastDataHash=null,await this._loadData()}catch(e){this._rollbackTarget=null,this._error=`Failed to rollback: ${e.message}`}finally{this._rollingBack=!1,this.render()}}}_toggleCreateForm(){this._showCreateForm=!this._showCreateForm,this._rollbackTarget=null,this._notice=null,this.render()}_confirmRollback(t){this._rollbackTarget=t,this.render()}_cancelRollback(){this._rollbackTarget=null,this._notice=null,this.render()}_formatRelativeTime(t){if(!t)return"";try{let e=Date.now(),i=new Date(t).getTime(),a=Math.floor((e-i)/1e3);return a<60?`${a}s ago`:a<3600?`${Math.floor(a/60)}m ago`:a<86400?`${Math.floor(a/3600)}h ago`:`${Math.floor(a/86400)}d ago`}catch{return this._escapeHTML(t)}}render(){let t=this.shadowRoot;if(!t)return;let e=this._checkpoints.length;t.innerHTML=`
       <style>${this.getBaseStyles()}${this._getStyles()}</style>
       <div class="checkpoint-viewer">
         <div class="checkpoint-header">
@@ -6935,6 +6935,7 @@ var LokiDashboard=(()=>{var $t=Object.defineProperty;var ae=Object.getOwnPropert
           ${this._checkpoints.map(i=>this._renderCheckpointCard(i)).join("")}
         </div>
 
+        ${this._notice?`<div class="notice-banner">${this._escapeHTML(this._notice)}</div>`:""}
         ${this._error?`<div class="error-banner">${this._escapeHTML(this._error)}</div>`:""}
       </div>
     `,this._attachEventListeners()}_renderCreateForm(){return`
@@ -7222,6 +7223,16 @@ var LokiDashboard=(()=>{var $t=Object.defineProperty;var ae=Object.getOwnPropert
         color: var(--loki-red);
         font-size: 12px;
       }
+
+      .notice-banner {
+        margin-top: 12px;
+        padding: 10px 14px;
+        background: var(--loki-green-muted, rgba(34, 197, 94, 0.12));
+        border: 1px solid var(--loki-green-muted, rgba(34, 197, 94, 0.3));
+        border-radius: 4px;
+        color: var(--loki-green, #22c55e);
+        font-size: 12px;
+      }
     `}};customElements.get("loki-checkpoint-viewer")||customElements.define("loki-checkpoint-viewer",Z);var tt=class extends h{static get observedAttributes(){return["api-url","theme"]}constructor(){super(),this._data=null,this._connected=!1,this._activeTab="gauge",this._api=null,this._pollInterval=null}connectedCallback(){super.connectedCallback(),this._setupApi(),this._loadContext(),this._startPolling()}disconnectedCallback(){super.disconnectedCallback(),this._stopPolling()}attributeChangedCallback(t,e,i){e!==i&&(t==="api-url"&&this._api&&(this._api.baseUrl=i,this._loadContext()),t==="theme"&&this._applyTheme())}_setupApi(){let t=this.getAttribute("api-url")||window.location.origin;this._api=g({baseUrl:t})}async _loadContext(){try{let t=this.getAttribute("api-url")||window.location.origin,e=await fetch(t+"/api/context");e.ok&&(this._data=await e.json(),this._connected=!0)}catch{this._connected=!1}this.render()}_startPolling(){this._pollInterval=setInterval(()=>{this._loadContext()},5e3),this._visibilityHandler=()=>{document.hidden?this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null):this._pollInterval||(this._loadContext(),this._pollInterval=setInterval(()=>this._loadContext(),5e3))},document.addEventListener("visibilitychange",this._visibilityHandler)}_stopPolling(){this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null),this._visibilityHandler&&(document.removeEventListener("visibilitychange",this._visibilityHandler),this._visibilityHandler=null)}_setTab(t){this._activeTab=t,this.render()}_formatTokens(t){return!t||t===0?"0":t>=1e6?(t/1e6).toFixed(2)+"M":t>=1e3?(t/1e3).toFixed(1)+"K":String(t)}_formatUSD(t){return!t||t===0?"$0.00":t<.01?"<$0.01":"$"+t.toFixed(2)}_escapeHTML(t){return t?String(t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;"):""}_getGaugeColor(t){return t>80?"var(--loki-red)":t>=60?"var(--loki-yellow)":"var(--loki-green)"}_getGaugeColorClass(t){return t>80?"gauge-red":t>=60?"gauge-yellow":"gauge-green"}_renderGaugeTab(){let t=this._data?.current||{},e=this._data?.totals||{},i=t.context_window_pct||0,a=this._getGaugeColor(i),s=this._getGaugeColorClass(i),r=70,o=2*Math.PI*r,n=o-i/100*o;return`
       <div class="gauge-tab">
         <div class="gauge-container">

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.13.0
+**Version:** v7.15.0
 
 ---
 

package/docs/OPEN-CORE-BOUNDARY.md

@@ -0,0 +1,58 @@
+# Loki Mode open-core boundary
+
+Loki Mode is and stays open source. This document draws the line between what is
+free forever and what hosted/paid/enterprise plans would add on top. R9 ships
+the SEAMS for that line; it does not ship a hosted backend, a license server, or
+any paywall on existing functionality.
+
+## Principle
+
+OSS is fully functional with zero hosted backend. Every capability Loki has
+today runs locally, free, with no account, no license key, and no network call
+to any Loki service. Hosted/paid features are ADDITIVE convenience and
+team/enterprise layers, never a removal or gating of something that is free
+today.
+
+## Free forever (OSS, the default)
+
+Everything that exists today, including:
+
+- The full RARV-C autonomous loop (`loki start`), all providers
+  (Claude/Cline/Codex/Aider), multi-project, dashboard, memory system.
+- 3-reviewer council + RARV-C closure (the trust engine).
+- proof-of-run generation and local inspection: `loki proof list|show|open`.
+- Sharing a proof to a GitHub Gist: `loki proof share <id>` (uses your own `gh`
+  auth; no Loki service involved).
+- Benchmark harness (`loki bench`), healing (`loki heal`), all CLI commands.
+- Self-hosting the hosted publish endpoint: `loki proof share --hosted` posts to
+  YOUR `LOKI_HOSTED_ENDPOINT`. Running your own endpoint is free.
+- Enterprise auth seams that already exist and are env-gated, not paywalled:
+  token auth (`LOKI_ENTERPRISE_AUTH`), OIDC/SSO (`LOKI_OIDC_*`), audit logging.
+
+The default tier is `oss` (`LOKI_TIER` unset or `oss`). In OSS tier the
+tier/license gate is a no-op that allows everything.
+
+## What hosted / paid / enterprise would add (seams, not yet built)
+
+These are the attachment points R9 reserves. None of them are live; none gate
+any free feature.
+
+| Capability | Seam (env / hook) | Status |
+|---|---|---|
+| Hosted proof publishing to a managed Loki URL (instead of a gist or self-hosted endpoint) | `LOKI_HOSTED_ENDPOINT` + `loki proof share --hosted` | Seam only. No official Loki endpoint exists. Operators can point it at their own. |
+| Tier / license entitlement | `LOKI_TIER` (default `oss`), `LOKI_LICENSE_KEY`, `loki_tier_gate` (bash) / `tierGate` (Bun) | Seam only. No verification backend. OSS = allow-all no-op. |
+| Managed team memory / cross-project sync | `LOKI_MANAGED_MEMORY` (pre-existing) | Pre-existing gated seam. |
+| Enterprise SSO / RBAC / audit retention | `LOKI_ENTERPRISE_AUTH`, `LOKI_OIDC_*` | Pre-existing env seams (free to self-configure). |
+
+A future hosted build would replace the honest stubs (no-op allow / "backend not
+available" messages) with real verification and a managed endpoint. Until then,
+the stubs are labeled honestly and never fabricate a hosted service or URL.
+
+## Integrity rules (binding for any future hosted work)
+
+1. Never gate or remove a feature that is free today.
+2. Never fabricate a hosted URL, a successful license verification, or a hosted
+   service that does not exist. Honest "not available yet" messaging only.
+3. OSS path must work with zero hosted env vars set.
+4. Any artifact published via a hosted seam must pass through the same redactor
+   the gist path uses (`proof_redact`); never publish an unredacted artifact.

package/docs/R6-ROLLBACK-CHECKPOINT-PLAN.md

@@ -0,0 +1,107 @@
+# R6: 1-Click Rollback + Checkpoint UX (Design Note)
+
+Status: implemented in this worktree (not committed to main). For integrator cherry-pick.
+Goal: make Loki's existing checkpoint/rollback infra EXCELLENT and OBVIOUS so users
+run autonomous work boldly, knowing a mistake is one action from undone.
+
+## 1. Verified existing code (read, not assumed)
+
+### Checkpoint writers (THREE divergent formats, one shared index.jsonl)
+
+| Writer | ID format | Files captured | Source |
+|---|---|---|---|
+| `create_checkpoint()` (automatic, per iteration) | `cp-{iter}-{epoch}` | `state/orchestrator.json`, `autonomy-state.json`, `queue/{pending,completed,in-progress,current-task}.json` | `autonomy/run.sh:7373` |
+| `cmd_checkpoint create` (manual CLI) | `cp-{ts}` | `session.json`, `dashboard-state.json`, `queue/`, `memory/`, `metrics/`, `council/` (recursive copy) | `autonomy/loki:16122` |
+| `POST /api/checkpoints` (dashboard) | `chk-{ts}` | `dashboard-state.json`, `session.json`, `queue/` | `dashboard/server.py:5085` |
+
+All three append to `.loki/state/checkpoints/index.jsonl` (field names differ; the
+dashboard `GET /api/checkpoints` normalizes them).
+
+### Restore (rollback) paths
+
+| Path | Restores | Source |
+|---|---|---|
+| `rollback_to_checkpoint()` (internal, run.sh) | state + queue json (NOT autonomy-state) | `autonomy/run.sh:7473` |
+| `loki checkpoint rollback <id>` (bash CLI) | glob-restores whatever is in the cp dir | `autonomy/loki:16263` |
+| `loki rollback to|latest <id>` (Bun) | the 5 RESTORE_FILES | `loki-ts/src/commands/rollback.ts` + `loki-ts/src/runner/checkpoint.ts:632` |
+
+### Bun runner checkpoint API (`loki-ts/src/runner/checkpoint.ts`, 700 lines)
+- `createCheckpoint`, `listCheckpoints`, `readCheckpoint`, `rollbackToCheckpoint` (planner),
+  `executeRollback` (copier). Byte-for-byte parity with bash `create_checkpoint`.
+- `metadata.json` keys are pinned by `loki-ts/tests/runner/checkpoint.test.ts:62-91`
+  (`Object.keys(m).sort()`) -- they MUST NOT change.
+
+### Dashboard
+- `GET /api/checkpoints`, `GET /api/checkpoints/{id}`, `POST /api/checkpoints` exist.
+- The UI component `dashboard-ui/components/loki-checkpoint-viewer.js` (601 lines) ALREADY
+  renders list + create + rollback-with-two-step-confirm and POSTs to
+  `POST /api/checkpoints/{id}/rollback` -- but that endpoint **did not exist**. The
+  dashboard rollback button was DEAD.
+
+## 2. Three decisions (verified facts, not assumptions)
+
+### Decision A: what "truly undo an iteration" restores
+Verified fact: Loki does NOT commit per iteration (`grep "git commit" autonomy/run.sh`
+finds only merge-conflict `git add`, no per-iteration commit). Therefore the captured
+`git_sha` is HEAD (the last commit), and `git reset --hard <git_sha>` would discard the
+iteration's work PLUS anything since the last commit -- it cannot reconstruct a specific
+iteration's working tree. The pre-existing printed hint `git reset --hard <git_sha>`
+(run.sh:7541, loki:16314) was therefore actively MISLEADING.
+
+Resolution: capture a real working-tree snapshot at checkpoint time via `git stash create`
+(captures tracked changes without disturbing the tree), then ANCHOR it with
+`git update-ref refs/loki/cp/<id> <sha>` so `git gc` cannot prune the dangling commit.
+The snapshot sha is written to a SIDECAR file `worktree-snapshot.txt` in the checkpoint
+dir (NOT metadata.json, to preserve byte parity). Restore of code is opt-in
+(`loki rollback to <id> --code`) because it overwrites tracked files; by default the
+durable, correct recovery command is printed: `git stash apply refs/loki/cp/<id>`.
+
+State + `.loki/CONTINUITY.md` (the iteration/conversation handoff context) are
+auto-restored -- this is the always-on "undo the iteration's state + context".
+
+Honest gap: `git stash create` captures tracked changes only; it does NOT capture
+untracked or ignored files. Files the iteration newly ADDED and never committed are not in
+the snapshot, and an apply will not delete them. Documented, not hidden.
+
+### Decision B: re-undoability invariant
+Every restore path FORCES a pre-rollback snapshot of current state before overwriting, so
+a rollback is itself trivially undoable. The Bun `executePlan`, the dashboard endpoint, and
+bash `cmd_rollback` all create a forced checkpoint first (bash `create_checkpoint`
+early-returns on a clean tree, so the new code path forces it). The human dashboard path
+ALSO keeps the existing two-step confirm. Autonomous paths never block on a prompt.
+
+### Decision C: do not add a 4th format, do not unify the 3
+Unifying would break the byte-for-byte parity test; a 4th compounds the problem. The new
+dashboard restore endpoint GLOB-restores whatever the checkpoint dir contains (mirrors bash
+`cmd_checkpoint rollback`), so it works for all three writers. New fields go in sidecars.
+
+## 3. Changes (parity-organized)
+
+- **bash `autonomy/loki`**: add top-level `rollback)` dispatch + `cmd_rollback`
+  (`list|show|to|latest`, `--code` flag). `to|latest` delegate to the existing
+  `cmd_checkpoint rollback` restore body after forcing a pre-rollback snapshot, then
+  optionally apply the anchored code snapshot. Prominent "you can undo this" output.
+- **bash `autonomy/run.sh`**: `create_checkpoint` also copies `CONTINUITY.md`, creates +
+  anchors the worktree snapshot (sidecar), echoes the checkpoint id; `rollback_to_checkpoint`
+  also restores `CONTINUITY.md` and forces the pre-rollback snapshot. The per-iteration call
+  site emits a prominent "Checkpoint <id> created -- undo with `loki rollback to <id>`".
+  The misleading `git reset --hard` hint replaced with `git stash apply refs/loki/cp/<id>`.
+- **Bun `loki-ts/src/runner/checkpoint.ts`**: copy `CONTINUITY.md` into the checkpoint
+  (additive, parity-safe), add `CONTINUITY.md` to RESTORE_FILES, expose
+  `executeRollbackWithSnapshot` that forces a pre-rollback snapshot before restoring.
+  metadata.json keys unchanged.
+- **Bun `loki-ts/src/commands/rollback.ts`**: `executePlan` forces a pre-rollback snapshot
+  before restoring; HELP text made honest about state+context restore and the printed code
+  command.
+- **dashboard `dashboard/server.py`**: add `POST /api/checkpoints/{id}/rollback`
+  (`require_scope("control")`, `_sanitize_checkpoint_id`, forced pre-snapshot, glob-restore).
+  Un-deads the existing UI button.
+
+## 4. Tests (extend existing suites, no parallels)
+- `loki-ts/tests/runner/checkpoint.test.ts`: CONTINUITY round-trip restore + forced
+  pre-rollback snapshot.
+- `loki-ts/tests/commands/rollback.test.ts`: `to` forces a pre-rollback snapshot (re-undo).
+- `tests/test-checkpoint-cli.sh`: top-level `loki rollback list|to|latest`, restore actually
+  reverts, pre-rollback snapshot exists.
+- `dashboard/tests/test_rollback_endpoint.py`: POST rollback reverts, scope, 404.
+No paid model calls anywhere.

package/docs/R9-OPEN-CORE-HOOKS-PLAN.md

@@ -0,0 +1,113 @@
+# R9: Hosted/paid open-core hooks - design note
+
+Status: SEAMS implemented (this worktree). NOT a live hosted backend.
+
+R9 in the competitive-stickiness arc is the open-core monetization layer: keep
+Loki fully open source and free, while adding the SEAMS where hosted, enterprise,
+and paid plans would attach later. R9 ships the seams only. There is no Loki
+hosted service, no license-verification backend, and no paid gate on any
+existing feature. Every honest stub is labeled as such.
+
+## What already existed (verified in source, pre-R9)
+
+- proof-of-run `public_url` seam: `autonomy/lib/proof-generator.py:392` writes
+  `"deployment": {"deployed_url": deployed_url, "public_url": None}`. The
+  `public_url` field is reserved and always null today (no hosted publish wrote
+  it). R9 does NOT populate it (see "Deliberate gaps").
+- `loki proof share --hosted` stub: BOTH routes errored "Hosted publishing is
+  not available yet (coming in R9)" -- bash `autonomy/loki` (share case in
+  `cmd_proof`) and Bun `loki-ts/src/commands/proof.ts` (`shareProof`). This was
+  the explicit seam to implement.
+- `loki proof share` (gist): default opt-in publish via `gh gist create`
+  through `_loki_gist_upload` (bash) / `shareProof` (Bun). Redaction-preview +
+  confirm. This is the free path and stays byte-unchanged.
+- `cmd_enterprise` (`autonomy/loki`): already env-driven feature flags
+  (`LOKI_ENTERPRISE_AUTH`, `LOKI_OIDC_ISSUER`/`LOKI_OIDC_CLIENT_ID`,
+  `LOKI_AUDIT_DISABLED`/`LOKI_ENTERPRISE_AUTH`). Good precedent: enterprise
+  features are env-gated seams, not paywalls. R9 follows the same pattern.
+- No `LOKI_TIER`, `LOKI_LICENSE_KEY`, or `LOKI_HOSTED_ENDPOINT` existed anywhere
+  before R9. All three are new with this change.
+- Redaction: the generator redacts the proof ONCE before writing index.html and
+  records `redaction.applied` in proof.json (`proof-generator.py`, module
+  `proof_redact`). The share path publishes the already-redacted artifact; it
+  does not run a second redaction pass.
+
+## What R9 adds (seams, no backend)
+
+1. Hosted proof-publish seam. `loki proof share --hosted <id>`:
+   - If `LOKI_HOSTED_ENDPOINT` is set: POST the ALREADY-REDACTED `index.html`
+     (the same bytes the gist path would publish) to that endpoint. On 2xx,
+     print the URL the endpoint returned (`url` or `public_url` JSON field), or,
+     if none, the endpoint itself + HTTP status. NEVER a fabricated URL.
+   - If `LOKI_HOSTED_ENDPOINT` is NOT set: print an honest "Hosted publishing
+     backend not available" message (there is no official Loki hosted service
+     yet), tell the user to set the env var or use the gist path, and exit
+     non-zero. We do NOT silent-fall-back to gist when the user explicitly asked
+     for `--hosted` (see "Fallback decision").
+   - If proof.json reports `redaction.applied == false`: refuse to publish.
+   - bash: `_loki_hosted_publish_proof` (curl). Bun:
+     `hostedPublishProof` (fetch). Parity-matched messages + exit codes.
+
+2. Tier/license hook. `LOKI_TIER` (default `oss`) + optional `LOKI_LICENSE_KEY`:
+   - bash `loki_tier_gate <capability>`; Bun `tierGate(capability)` in
+     `loki-ts/src/util/tier.ts`.
+   - OSS (the default): always ALLOW, zero notes, no network, no license. This
+     is a pure no-op for every OSS user.
+   - Non-OSS without a license key: NOT allowed (honest -- we cannot verify an
+     entitlement; there is no backend). Never a fabricated grant.
+   - Non-OSS with a license key: allow, but flag that the verification backend
+     does not exist yet. We do NOT pretend the key was verified.
+   - WIRING: the gate is called ONLY from the opt-in `--hosted` seam. It is not
+     wired into any existing command path, so it cannot gate a free feature.
+
+3. Open-core boundary doc: `docs/OPEN-CORE-BOUNDARY.md` -- what is free forever
+   vs. what hosted/paid would add.
+
+## Fallback decision (reconciled)
+
+The task phrased the fallback two ways. We follow the precise deliverable:
+`share --hosted` with no endpoint prints "set LOKI_HOSTED_ENDPOINT or use gist"
+and EXITS non-zero. We do NOT silently publish to gist when the user explicitly
+asked for `--hosted`. Rationale: silent fallback would surprise a user who
+intended a private/hosted destination by publishing to a public gist instead.
+The plain `loki proof share <id>` (no flag) remains the gist path, unchanged.
+
+## OSS-unchanged guarantee
+
+- The default `loki proof share` (no `--hosted`) gist path is byte-identical:
+  `--hosted` is captured as a mode flag during arg-parse and branches only AFTER
+  id + html validation; the gist code below it is untouched.
+- `LOKI_TIER` unset vs set produces identical output/exit for existing commands
+  (asserted in tests).
+- No existing env var, command, or default changed behavior.
+
+## Deliberate gaps (honest, not omissions)
+
+- No live Loki hosted backend, no SaaS, no license server. `--hosted` only works
+  against an endpoint the operator supplies. This is by design for R9.
+- `public_url` in proof.json is NOT written back after a hosted publish.
+  Mutating the frozen R1 proof artifact post-hoc is risk we deliberately skip;
+  the published URL is printed to the user instead. A future release can wire
+  write-back once the artifact-mutation story is designed.
+- The tier gate does not verify license keys (no backend). It is a seam only.
+- No retries/backoff on the hosted POST (clean client stub, not a transport
+  library).
+
+## Tests
+
+`loki-ts/tests/commands/proof_hosted_r9.test.ts` (mock endpoint via Bun.serve,
+no network): tier gate OSS allow-all + honest non-OSS; hosted POST hits the
+mocked endpoint with the redacted payload (both bash + Bun routes); honest
+no-endpoint message + non-zero exit; non-2xx honest error; unredacted-proof
+refusal; license-key auth header; OSS-not-gated guarantee (identical output with
+LOKI_TIER unset vs enterprise). Existing `proof.test.ts` parity unchanged.
+
+## Files changed
+
+- `autonomy/loki` (bash): `loki_tier_gate`, `_loki_hosted_publish_proof`,
+  `--hosted` branch in `cmd_proof` share, help text.
+- `loki-ts/src/util/tier.ts` (new): `tierGate`, `currentTier`.
+- `loki-ts/src/commands/proof.ts` (Bun): `hostedPublishProof`, `--hosted`
+  branch, help text.
+- `docs/OPEN-CORE-BOUNDARY.md` (new).
+- `loki-ts/tests/commands/proof_hosted_r9.test.ts` (new).