loki-mode 7.14.0 → 7.15.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-to-product system. Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product via the RARV-C closure loop, with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.14.0
+# Loki Mode v7.15.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -383,4 +383,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.14.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.15.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.14.0
+7.15.0

package/autonomy/loki

@@ -25275,6 +25275,173 @@ _loki_gist_upload() {
     echo -e "${GREEN}Shared: ${gist_url}${NC}"
 }
 
+# loki_tier_gate - R9 open-core tier/license seam.
+#
+# OSS-FIRST CONTRACT: this is a no-op ALLOW for OSS users. LOKI_TIER defaults
+# to "oss" and every existing free feature stays fully free. This function is
+# the single place where a future hosted/enterprise build would gate a
+# hosted-only capability. It is NEVER called from any existing free command
+# path; its only caller is the opt-in --hosted publish seam below. For OSS
+# (the default), it always returns 0 (allow).
+#
+# Args: $1 = capability name (informational; e.g. "hosted_publish").
+# Returns: 0 = allowed, 1 = gated (non-OSS tier without entitlement).
+# Env:  LOKI_TIER (default "oss"), LOKI_LICENSE_KEY (optional, non-OSS only).
+loki_tier_gate() {
+    local capability="${1:-}"
+    local tier="${LOKI_TIER:-oss}"
+
+    # OSS tier: everything is allowed, always. No license, no network, no gate.
+    if [ "$tier" = "oss" ]; then
+        return 0
+    fi
+
+    # Non-OSS tiers (hosted/enterprise) are a SEAM only. The hosted backend
+    # and license-verification service do not exist yet, so we cannot validate
+    # an entitlement. Be honest: do not pretend to grant a paid capability.
+    # A real hosted build replaces this branch with a verified license check.
+    if [ -z "${LOKI_LICENSE_KEY:-}" ]; then
+        echo -e "${YELLOW}LOKI_TIER='${tier}' requested but no LOKI_LICENSE_KEY set.${NC}" >&2
+        echo "Hosted/enterprise license verification is not available yet." >&2
+        echo "OSS users: leave LOKI_TIER unset (or 'oss') -- everything stays free." >&2
+        return 1
+    fi
+
+    # A license key is present but there is no verification backend yet. We do
+    # NOT fabricate a successful verification. The capability stays ungated for
+    # OSS-equivalent use; the seam is documented in docs/OPEN-CORE-BOUNDARY.md.
+    echo -e "${YELLOW}LOKI_LICENSE_KEY set but the verification backend is not available yet (R9 seam).${NC}" >&2
+    return 0
+}
+
+# _loki_hosted_publish_proof - R9 hosted proof-publish client stub.
+#
+# Posts an ALREADY-REDACTED proof page to a self-hosted/SaaS endpoint given by
+# LOKI_HOSTED_ENDPOINT. There is NO official Loki hosted backend yet; this is a
+# clean client seam an operator can point at their own endpoint. We never
+# fabricate a hosted URL: on success we print the URL the endpoint returned (or
+# the endpoint itself); on any failure we print an honest error and exit non-0.
+#
+# Args: $1 = proof id, $2 = redacted index.html path, $3 = proof.json path.
+# Returns: 0 on success, non-zero on missing endpoint / transport / non-2xx.
+_loki_hosted_publish_proof() {
+    local id="$1"
+    local html="$2"
+    local pj="$3"
+
+    # Tier seam (no-op allow for OSS). Hosted publish is opt-in regardless.
+    loki_tier_gate "hosted_publish" || true
+
+    local endpoint="${LOKI_HOSTED_ENDPOINT:-}"
+    if [ -z "$endpoint" ]; then
+        echo -e "${YELLOW}Hosted publishing backend not available.${NC}" >&2
+        echo "There is no official Loki hosted service yet (R9 ships the seam, not a live backend)." >&2
+        echo "To publish to your own hosted endpoint, set LOKI_HOSTED_ENDPOINT to its URL." >&2
+        echo "Or publish to a GitHub Gist instead: loki proof share ${id}" >&2
+        return 1
+    fi
+
+    if ! command -v curl &>/dev/null; then
+        echo -e "${RED}curl not found${NC}" >&2
+        echo "Hosted publishing requires curl. Install curl or use: loki proof share ${id}" >&2
+        return 1
+    fi
+
+    # CREDIBILITY: we upload the file the generator already redacted (the same
+    # bytes 'loki proof share' would put on a gist). We do not build a fresh
+    # body that could bypass redaction. If proof.json reports redaction was not
+    # applied, refuse -- never publish an unredacted artifact.
+    if [ -f "$pj" ]; then
+        local redaction_ok
+        redaction_ok=$(LOKI_PROOF_JSON="$pj" python3 - <<'PYEOF' 2>/dev/null || echo "unknown"
+import json, os
+try:
+    d = json.load(open(os.environ["LOKI_PROOF_JSON"]))
+except Exception:
+    print("unknown")
+else:
+    print("yes" if (d.get("redaction") or {}).get("applied") else "no")
+PYEOF
+)
+        if [ "$redaction_ok" = "no" ]; then
+            echo -e "${RED}Refusing to publish: proof redaction was not applied.${NC}" >&2
+            echo "Regenerate the proof (LOKI_PROOF=1) so the redactor runs, then retry." >&2
+            return 1
+        fi
+    fi
+
+    echo -e "${BOLD}Publishing proof '${id}' to hosted endpoint${NC}"
+    echo "  endpoint: ${endpoint}"
+    echo "  payload:  ${html} (already redacted by the generator)"
+    echo ""
+
+    # POST the redacted HTML. Auth header is sent only if a license key exists;
+    # OSS users with their own endpoint need no key.
+    local tmp_body tmp_code
+    tmp_body=$(mktemp "/tmp/loki-hosted-XXXXXX.out")
+    local -a curl_args=(-sS -o "$tmp_body" -w '%{http_code}' -X POST
+        -H "Content-Type: text/html"
+        -H "X-Loki-Proof-Id: ${id}"
+        --data-binary "@${html}")
+    if [ -n "${LOKI_LICENSE_KEY:-}" ]; then
+        curl_args+=(-H "Authorization: Bearer ${LOKI_LICENSE_KEY}")
+    fi
+    tmp_code=$(curl "${curl_args[@]}" "$endpoint" 2>/dev/null)
+    local curl_exit=$?
+
+    if [ "$curl_exit" -ne 0 ]; then
+        echo -e "${RED}Failed to reach hosted endpoint (curl exit ${curl_exit}).${NC}" >&2
+        echo "Check LOKI_HOSTED_ENDPOINT or publish to a gist: loki proof share ${id}" >&2
+        rm -f "$tmp_body"
+        return 1
+    fi
+
+    # Accept any 2xx. The published URL comes from the endpoint response if it
+    # returns one (we look for a "url" field), else we report the endpoint. We
+    # NEVER print a fabricated URL.
+    case "$tmp_code" in
+        2*)
+            local published_url
+            published_url=$(LOKI_HOSTED_BODY="$tmp_body" LOKI_HOSTED_EP="$endpoint" python3 - <<'PYEOF' 2>/dev/null || true
+import json, os
+body_path = os.environ["LOKI_HOSTED_BODY"]
+try:
+    txt = open(body_path).read().strip()
+except Exception:
+    txt = ""
+url = ""
+try:
+    d = json.loads(txt)
+    if isinstance(d, dict):
+        url = d.get("url") or d.get("public_url") or ""
+except Exception:
+    url = ""
+print(url)
+PYEOF
+)
+            rm -f "$tmp_body"
+            if [ -n "$published_url" ]; then
+                echo -e "${GREEN}Published: ${published_url}${NC}"
+            else
+                echo -e "${GREEN}Published to ${endpoint} (HTTP ${tmp_code}).${NC}"
+                echo "The endpoint did not return a 'url' field; check your endpoint's response."
+            fi
+            return 0
+            ;;
+        *)
+            echo -e "${RED}Hosted endpoint returned HTTP ${tmp_code}.${NC}" >&2
+            if [ -s "$tmp_body" ]; then
+                echo "Response:" >&2
+                head -c 500 "$tmp_body" >&2
+                echo "" >&2
+            fi
+            echo "Nothing was published. Or publish to a gist: loki proof share ${id}" >&2
+            rm -f "$tmp_body"
+            return 1
+            ;;
+    esac
+}
+
 # loki bench - head-to-head benchmark harness (R2).
 # Subcommands: run <task> | vs <task> | list | verify <result.json>.
 # Thin pass-through to benchmarks/bench/run.sh (shared python core runner.py).
@@ -25342,7 +25509,7 @@ cmd_proof() {
             echo "Options for 'share':"
             echo "  --yes                Skip the redaction-preview confirmation prompt"
             echo "  --private            Create a secret gist (default: public)"
-            echo "  --hosted             Reserved for hosted publishing (coming in R9)"
+            echo "  --hosted             Publish to LOKI_HOSTED_ENDPOINT (open-core seam; no official backend yet)"
             echo ""
             echo "Proofs are generated automatically at run completion (LOKI_PROOF=0 to opt out)."
             [ "$sub" = "" ] && exit 1
@@ -25441,15 +25608,13 @@ PYEOF
             local id=""
             local skip_confirm=0
             local visibility="--public"
+            local hosted=0
             while [[ $# -gt 0 ]]; do
                 case "$1" in
                     --yes|-y) skip_confirm=1; shift ;;
                     --private) visibility=""; shift ;;
                     --public) visibility="--public"; shift ;;
-                    --hosted)
-                        echo -e "${RED}Hosted publishing is not available yet (coming in R9).${NC}"
-                        exit 1
-                        ;;
+                    --hosted) hosted=1; shift ;;
                     -*) echo -e "${RED}Unknown option: $1${NC}"; exit 1 ;;
                     *) id="$1"; shift ;;
                 esac
@@ -25464,6 +25629,17 @@ PYEOF
                 echo "Use 'loki proof list' to see available proofs."
                 exit 1
             fi
+            # R9 open-core hosted-publish seam. Only taken when the user
+            # explicitly passes --hosted. The default gist path below stays
+            # byte-for-byte unchanged for OSS users (zero hosted backend
+            # required). We never silent-fall-back to gist here: the user asked
+            # for hosted, so we POST to a configured LOKI_HOSTED_ENDPOINT or
+            # print an honest "no endpoint configured" message and exit non-zero.
+            # We never fabricate a hosted URL.
+            if [ "$hosted" -eq 1 ]; then
+                _loki_hosted_publish_proof "$id" "$html" "${proofs_dir}/${id}/proof.json"
+                exit $?
+            fi
             if ! command -v gh &>/dev/null; then
                 echo -e "${RED}gh CLI not found${NC}"
                 echo "Install the GitHub CLI to publish a proof:"

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.14.0"
+__version__ = "7.15.0"
 
 # Expose the control app for easy import
 try:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.14.0
+**Version:** v7.15.0
 
 ---
 

package/docs/OPEN-CORE-BOUNDARY.md

@@ -0,0 +1,58 @@
+# Loki Mode open-core boundary
+
+Loki Mode is and stays open source. This document draws the line between what is
+free forever and what hosted/paid/enterprise plans would add on top. R9 ships
+the SEAMS for that line; it does not ship a hosted backend, a license server, or
+any paywall on existing functionality.
+
+## Principle
+
+OSS is fully functional with zero hosted backend. Every capability Loki has
+today runs locally, free, with no account, no license key, and no network call
+to any Loki service. Hosted/paid features are ADDITIVE convenience and
+team/enterprise layers, never a removal or gating of something that is free
+today.
+
+## Free forever (OSS, the default)
+
+Everything that exists today, including:
+
+- The full RARV-C autonomous loop (`loki start`), all providers
+  (Claude/Cline/Codex/Aider), multi-project, dashboard, memory system.
+- 3-reviewer council + RARV-C closure (the trust engine).
+- proof-of-run generation and local inspection: `loki proof list|show|open`.
+- Sharing a proof to a GitHub Gist: `loki proof share <id>` (uses your own `gh`
+  auth; no Loki service involved).
+- Benchmark harness (`loki bench`), healing (`loki heal`), all CLI commands.
+- Self-hosting the hosted publish endpoint: `loki proof share --hosted` posts to
+  YOUR `LOKI_HOSTED_ENDPOINT`. Running your own endpoint is free.
+- Enterprise auth seams that already exist and are env-gated, not paywalled:
+  token auth (`LOKI_ENTERPRISE_AUTH`), OIDC/SSO (`LOKI_OIDC_*`), audit logging.
+
+The default tier is `oss` (`LOKI_TIER` unset or `oss`). In OSS tier the
+tier/license gate is a no-op that allows everything.
+
+## What hosted / paid / enterprise would add (seams, not yet built)
+
+These are the attachment points R9 reserves. None of them are live; none gate
+any free feature.
+
+| Capability | Seam (env / hook) | Status |
+|---|---|---|
+| Hosted proof publishing to a managed Loki URL (instead of a gist or self-hosted endpoint) | `LOKI_HOSTED_ENDPOINT` + `loki proof share --hosted` | Seam only. No official Loki endpoint exists. Operators can point it at their own. |
+| Tier / license entitlement | `LOKI_TIER` (default `oss`), `LOKI_LICENSE_KEY`, `loki_tier_gate` (bash) / `tierGate` (Bun) | Seam only. No verification backend. OSS = allow-all no-op. |
+| Managed team memory / cross-project sync | `LOKI_MANAGED_MEMORY` (pre-existing) | Pre-existing gated seam. |
+| Enterprise SSO / RBAC / audit retention | `LOKI_ENTERPRISE_AUTH`, `LOKI_OIDC_*` | Pre-existing env seams (free to self-configure). |
+
+A future hosted build would replace the honest stubs (no-op allow / "backend not
+available" messages) with real verification and a managed endpoint. Until then,
+the stubs are labeled honestly and never fabricate a hosted service or URL.
+
+## Integrity rules (binding for any future hosted work)
+
+1. Never gate or remove a feature that is free today.
+2. Never fabricate a hosted URL, a successful license verification, or a hosted
+   service that does not exist. Honest "not available yet" messaging only.
+3. OSS path must work with zero hosted env vars set.
+4. Any artifact published via a hosted seam must pass through the same redactor
+   the gist path uses (`proof_redact`); never publish an unredacted artifact.

package/docs/R9-OPEN-CORE-HOOKS-PLAN.md

@@ -0,0 +1,113 @@
+# R9: Hosted/paid open-core hooks - design note
+
+Status: SEAMS implemented (this worktree). NOT a live hosted backend.
+
+R9 in the competitive-stickiness arc is the open-core monetization layer: keep
+Loki fully open source and free, while adding the SEAMS where hosted, enterprise,
+and paid plans would attach later. R9 ships the seams only. There is no Loki
+hosted service, no license-verification backend, and no paid gate on any
+existing feature. Every honest stub is labeled as such.
+
+## What already existed (verified in source, pre-R9)
+
+- proof-of-run `public_url` seam: `autonomy/lib/proof-generator.py:392` writes
+  `"deployment": {"deployed_url": deployed_url, "public_url": None}`. The
+  `public_url` field is reserved and always null today (no hosted publish wrote
+  it). R9 does NOT populate it (see "Deliberate gaps").
+- `loki proof share --hosted` stub: BOTH routes errored "Hosted publishing is
+  not available yet (coming in R9)" -- bash `autonomy/loki` (share case in
+  `cmd_proof`) and Bun `loki-ts/src/commands/proof.ts` (`shareProof`). This was
+  the explicit seam to implement.
+- `loki proof share` (gist): default opt-in publish via `gh gist create`
+  through `_loki_gist_upload` (bash) / `shareProof` (Bun). Redaction-preview +
+  confirm. This is the free path and stays byte-unchanged.
+- `cmd_enterprise` (`autonomy/loki`): already env-driven feature flags
+  (`LOKI_ENTERPRISE_AUTH`, `LOKI_OIDC_ISSUER`/`LOKI_OIDC_CLIENT_ID`,
+  `LOKI_AUDIT_DISABLED`/`LOKI_ENTERPRISE_AUTH`). Good precedent: enterprise
+  features are env-gated seams, not paywalls. R9 follows the same pattern.
+- No `LOKI_TIER`, `LOKI_LICENSE_KEY`, or `LOKI_HOSTED_ENDPOINT` existed anywhere
+  before R9. All three are new with this change.
+- Redaction: the generator redacts the proof ONCE before writing index.html and
+  records `redaction.applied` in proof.json (`proof-generator.py`, module
+  `proof_redact`). The share path publishes the already-redacted artifact; it
+  does not run a second redaction pass.
+
+## What R9 adds (seams, no backend)
+
+1. Hosted proof-publish seam. `loki proof share --hosted <id>`:
+   - If `LOKI_HOSTED_ENDPOINT` is set: POST the ALREADY-REDACTED `index.html`
+     (the same bytes the gist path would publish) to that endpoint. On 2xx,
+     print the URL the endpoint returned (`url` or `public_url` JSON field), or,
+     if none, the endpoint itself + HTTP status. NEVER a fabricated URL.
+   - If `LOKI_HOSTED_ENDPOINT` is NOT set: print an honest "Hosted publishing
+     backend not available" message (there is no official Loki hosted service
+     yet), tell the user to set the env var or use the gist path, and exit
+     non-zero. We do NOT silent-fall-back to gist when the user explicitly asked
+     for `--hosted` (see "Fallback decision").
+   - If proof.json reports `redaction.applied == false`: refuse to publish.
+   - bash: `_loki_hosted_publish_proof` (curl). Bun:
+     `hostedPublishProof` (fetch). Parity-matched messages + exit codes.
+
+2. Tier/license hook. `LOKI_TIER` (default `oss`) + optional `LOKI_LICENSE_KEY`:
+   - bash `loki_tier_gate <capability>`; Bun `tierGate(capability)` in
+     `loki-ts/src/util/tier.ts`.
+   - OSS (the default): always ALLOW, zero notes, no network, no license. This
+     is a pure no-op for every OSS user.
+   - Non-OSS without a license key: NOT allowed (honest -- we cannot verify an
+     entitlement; there is no backend). Never a fabricated grant.
+   - Non-OSS with a license key: allow, but flag that the verification backend
+     does not exist yet. We do NOT pretend the key was verified.
+   - WIRING: the gate is called ONLY from the opt-in `--hosted` seam. It is not
+     wired into any existing command path, so it cannot gate a free feature.
+
+3. Open-core boundary doc: `docs/OPEN-CORE-BOUNDARY.md` -- what is free forever
+   vs. what hosted/paid would add.
+
+## Fallback decision (reconciled)
+
+The task phrased the fallback two ways. We follow the precise deliverable:
+`share --hosted` with no endpoint prints "set LOKI_HOSTED_ENDPOINT or use gist"
+and EXITS non-zero. We do NOT silently publish to gist when the user explicitly
+asked for `--hosted`. Rationale: silent fallback would surprise a user who
+intended a private/hosted destination by publishing to a public gist instead.
+The plain `loki proof share <id>` (no flag) remains the gist path, unchanged.
+
+## OSS-unchanged guarantee
+
+- The default `loki proof share` (no `--hosted`) gist path is byte-identical:
+  `--hosted` is captured as a mode flag during arg-parse and branches only AFTER
+  id + html validation; the gist code below it is untouched.
+- `LOKI_TIER` unset vs set produces identical output/exit for existing commands
+  (asserted in tests).
+- No existing env var, command, or default changed behavior.
+
+## Deliberate gaps (honest, not omissions)
+
+- No live Loki hosted backend, no SaaS, no license server. `--hosted` only works
+  against an endpoint the operator supplies. This is by design for R9.
+- `public_url` in proof.json is NOT written back after a hosted publish.
+  Mutating the frozen R1 proof artifact post-hoc is risk we deliberately skip;
+  the published URL is printed to the user instead. A future release can wire
+  write-back once the artifact-mutation story is designed.
+- The tier gate does not verify license keys (no backend). It is a seam only.
+- No retries/backoff on the hosted POST (clean client stub, not a transport
+  library).
+
+## Tests
+
+`loki-ts/tests/commands/proof_hosted_r9.test.ts` (mock endpoint via Bun.serve,
+no network): tier gate OSS allow-all + honest non-OSS; hosted POST hits the
+mocked endpoint with the redacted payload (both bash + Bun routes); honest
+no-endpoint message + non-zero exit; non-2xx honest error; unredacted-proof
+refusal; license-key auth header; OSS-not-gated guarantee (identical output with
+LOKI_TIER unset vs enterprise). Existing `proof.test.ts` parity unchanged.
+
+## Files changed
+
+- `autonomy/loki` (bash): `loki_tier_gate`, `_loki_hosted_publish_proof`,
+  `--hosted` branch in `cmd_proof` share, help text.
+- `loki-ts/src/util/tier.ts` (new): `tierGate`, `currentTier`.
+- `loki-ts/src/commands/proof.ts` (Bun): `hostedPublishProof`, `--hosted`
+  branch, help text.
+- `docs/OPEN-CORE-BOUNDARY.md` (new).
+- `loki-ts/tests/commands/proof_hosted_r9.test.ts` (new).