loki-mode 7.27.0 → 7.28.1

package/README.md

@@ -27,6 +27,7 @@
 - **Spec-driven, autonomous, with a built-in trust layer** -- Hand Loki a spec, walk away, come back to working code with tests. The full RARV-C closure loop (Reason - Act - Reflect - Verify - Close) runs until the work is actually done, not just attempted. The verified-completion evidence gate (`skills/quality-gates.md`) refuses any "done" claim on an empty git diff against the run-start commit, and blocks completion when tests run red, so "complete" means proven, not promised.
 - **Production quality built in** -- 11 quality gates (`skills/quality-gates.md`), blind 3-reviewer code review (`run.sh:run_code_review()`), anti-sycophancy checks
 - **Standalone verification: `loki verify`** -- Run Loki's deterministic gates (build, tests, static analysis, secret scan, dependency audit) against any branch or PR diff, including code written by other agents or humans. CI-ready exit codes (0 VERIFIED, 1 CONCERNS, 2 BLOCKED), machine-readable evidence at `.loki/verify/evidence.json`. Inconclusive evidence is never reported as VERIFIED (v7.27.0).
+- **Living spec and pre-build interrogation** -- `loki spec` locks a spec and detects drift deterministically (`spec.lock`, `drift-report.json`, and a `SPEC_DRIFT` finding in `loki verify` with CI exit codes), so you can tell when the build diverges from what was agreed. `loki grill` runs a Devil's-Advocate interrogation of the spec before you build, surfacing gaps and contradictions early (v7.28.0).
 - **Live App Preview** -- The dashboard embeds the locally-running app in an iframe so you can interact with it immediately during a build. Use `loki preview` (alias `loki open`) to print the URL and open it in your browser. Local-first: no hosted service, no vendor lock (v7.24.0).
 - **Compose-first fullstack** -- When a spec needs more than one service (web + database + cache) Loki generates a 12-factor `docker-compose.yml` with healthchecks, `depends_on` wiring, env-var config, and a `.env.example`. The Live App Preview surfaces the web service URL (not a database port), and health reflects the web service's Docker healthcheck so a crashed app shows as crashed even when the database stays up. Single-service apps stay on a plain run command. All local-first, no hosted service (v7.26.0).
 - **Intelligent `loki start`** -- For interactive foreground runs the dashboard auto-opens in the browser (cross-platform; skipped in CI, SSH-without-TTY, and piped runs; opt out with `LOKI_NO_AUTO_OPEN=1`). The completion summary shows "Your app is live at <url>" so you know exactly where to try what Loki just built. The autonomous loop passes Claude Code's `--effort`, `--max-budget-usd`, and `--fallback-model` on every iteration (each gated on CLI support and individual opt-out env vars) for better long-run unattended execution (v7.25.0).
@@ -90,7 +91,7 @@ loki quick "build a landing page with a signup form"
 |--------|---------|-------|
 | **Bun (recommended)** | `bun install -g loki-mode` | Fastest startup for CLI commands. |
 | **Homebrew** | `brew tap asklokesh/tap && brew install loki-mode` | Auto-installs Bun as a dep |
-| **Docker** | `docker pull asklokesh/loki-mode:7.7.31 && docker run --rm asklokesh/loki-mode:7.7.31 start prd.md` | Bun pre-installed in image |
+| **Docker** | `docker pull asklokesh/loki-mode:7.28.1 && docker run --rm asklokesh/loki-mode:7.28.1 start prd.md` | Bun pre-installed in image |
 | **npm (compat)** | `npm install -g loki-mode` | Works without Bun (bash fallback). Migrate any time with `loki self-update --to bun`. |
 
 **Upgrading:**
@@ -150,7 +151,7 @@ The next major release sunsets the Bash runtime entirely. There is no firm calen
 | Method | Command |
 |--------|---------|
 | **Homebrew** | `brew tap asklokesh/tap && brew install loki-mode` |
-| **Docker** | `docker pull asklokesh/loki-mode:7.7.31` |
+| **Docker** | `docker pull asklokesh/loki-mode:7.28.1` |
 | **Inside Claude Code** | `claude --dangerously-skip-permissions` then type "Loki Mode" |
 | **Git clone** | `git clone https://github.com/asklokesh/loki-mode.git` |
 

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-driven build system with a built-in trust layer. It does not call work done until it is verified (RARV-C closure loop, 11 quality gates, completion council, verified-completion evidence gate). Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.27.0
+# Loki Mode v7.28.1
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -335,6 +335,15 @@ See `references/core-workflow.md` for the full RARV-C contract.
 
 ---
 
+## Trust-layer additions (v7.28.0)
+
+Two completion-trust features extend the verification gates. Full details in `skills/quality-gates.md`.
+
+- **Held-out spec evals:** ~25% of checklist items (deterministic `sha256(id)` order, `N >= 4`) are reserved into `.loki/checklist/held-out.json` and excluded from the build prompt feed; the completion council blocks if a held-out item fails. Opt out with `LOKI_HELDOUT_GATE=0`. Honest limit: this guards the prompt feed, not a sandbox; the reservation file is on disk and an agent with filesystem access can read it.
+- **Inconclusive-baseline disclosure:** when the evidence gate cannot establish a diff baseline (`no_git_repo` / `no_run_start_sha`) it writes `.loki/state/evidence-inconclusive.json` and `COMPLETION.txt` carries an honest "not independently verified" line. It never blocks non-git projects; red tests still block.
+
+---
+
 ## Concurrency and Security Hardening (v7.5.7 - v7.5.13)
 
 Three back-to-back patches closed cross-process and security gaps. No user-facing behavior change on the default flow; verify via the cited paths.
@@ -383,4 +392,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.27.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.28.1 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.27.0
+7.28.1

package/autonomy/completion-council.sh

@@ -1098,19 +1098,24 @@ council_reverify_checklist() {
 council_checklist_gate() {
     local results_file=".loki/checklist/verification-results.json"
     local waivers_file=".loki/checklist/waivers.json"
+    local heldout_file=".loki/checklist/held-out.json"
 
     # No checklist = no gate (backwards compatible)
     if [ ! -f "$results_file" ]; then
         return 0
     fi
 
-    # Check for critical failures, excluding waived items
+    # Check for critical failures, excluding waived AND held-out items. Held-out
+    # items (v7.28.0) must NOT block here: they are evaluated separately by
+    # council_heldout_gate at the ship gate, and surfacing them in this gate's
+    # block report would leak their identity back into the build loop.
     local gate_result
-    gate_result=$(_RESULTS_FILE="$results_file" _WAIVERS_FILE="$waivers_file" python3 -c "
+    gate_result=$(_RESULTS_FILE="$results_file" _WAIVERS_FILE="$waivers_file" _HELDOUT_FILE="$heldout_file" python3 -c "
 import json, sys, os
 
 results_file = os.environ['_RESULTS_FILE']
 waivers_file = os.environ.get('_WAIVERS_FILE', '')
+heldout_file = os.environ.get('_HELDOUT_FILE', '')
 
 try:
     with open(results_file) as f:
@@ -1129,12 +1134,22 @@ if waivers_file and os.path.exists(waivers_file):
     except (json.JSONDecodeError, KeyError):
         pass
 
-# Find critical failures not waived
+# Load held-out item ids (excluded from this gate)
+heldout_ids = set()
+if heldout_file and os.path.exists(heldout_file):
+    try:
+        with open(heldout_file) as f:
+            heldout_ids = set(json.load(f).get('held_out', []))
+    except (json.JSONDecodeError, KeyError):
+        pass
+
+# Find critical failures not waived and not held-out
 critical_failures = []
 for cat in results.get('categories', []):
     for item in cat.get('items', []):
         if item.get('priority') == 'critical' and item.get('status') == 'failing':
-            if item.get('id') not in waived_ids:
+            iid = item.get('id')
+            if iid not in waived_ids and iid not in heldout_ids:
                 critical_failures.append(item.get('title', item.get('id', 'unknown')))
 
 if critical_failures:
@@ -1187,6 +1202,221 @@ GATE_EOF
     return 0
 }
 
+#===============================================================================
+# Council Held-out Spec Eval Gate (v7.28.0) - anti-reward-hacking
+#===============================================================================
+# Held-out checklist items are reserved at PRD-checklist generation time and are
+# excluded from the prompt feed the build loop sees (checklist_summary, the build
+# prompt, and council_checklist_gate). The completion council evaluates them only
+# here, at the ship gate. Scope of the guarantee: this protects the prompt feed,
+# not a sandbox. .loki/checklist/held-out.json is plain on-disk JSON, so a
+# non-cooperative agent with filesystem tools can read the reservation directly;
+# the protection is against feeding held-out items to the loop, not isolation.
+# The gate uses the SAME verification machinery the
+# checklist already uses: council_reverify_checklist re-runs checklist-verify.py
+# over the FULL checklist (including held-out items), so this gate just reads
+# the held-out items' freshly-computed statuses from verification-results.json.
+#
+# A held-out item with status 'failing' blocks completion exactly like the
+# evidence gate (return 1 = CONTINUE). Pending/inconclusive items pass through.
+# Default-on ONLY when held-out items exist; opt out with LOKI_HELDOUT_GATE=0
+# (byte-identical to prior behavior: no read, no write).
+council_heldout_gate() {
+    # Knob first: opt-out is exact-as-today, before any file read or write.
+    [ "${LOKI_HELDOUT_GATE:-1}" = "0" ] && return 0
+
+    local results_file=".loki/checklist/verification-results.json"
+    local heldout_file=".loki/checklist/held-out.json"
+    local waivers_file=".loki/checklist/waivers.json"
+
+    # No held-out reservation = no gate (default-off when nothing reserved).
+    if [ ! -f "$heldout_file" ] || [ ! -f "$results_file" ]; then
+        return 0
+    fi
+
+    if [ -z "${COUNCIL_STATE_DIR:-}" ]; then
+        COUNCIL_STATE_DIR="${TARGET_DIR:-.}/.loki/council"
+    fi
+
+    # Evaluate held-out items against their freshly-verified statuses. Output is
+    # a single line "<verdict> <pass> <fail>" where verdict is NONE (no held-out
+    # items reserved, gate inert), STALE (ids reserved but ZERO matched current
+    # items -> reservation orphaned by a checklist regeneration), PASS, or BLOCK.
+    # The failing titles are NOT carried in this line (a checklist title may
+    # contain ':' or '|'); they are read separately from the held-out JSON block
+    # below in the BLOCK branch.
+    local gate_result
+    gate_result=$(_RESULTS_FILE="$results_file" _HELDOUT_FILE="$heldout_file" _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, sys, os
+
+results_file = os.environ['_RESULTS_FILE']
+heldout_file = os.environ['_HELDOUT_FILE']
+waivers_file = os.environ.get('_WAIVERS_FILE', '')
+
+try:
+    with open(results_file) as f:
+        results = json.load(f)
+    with open(heldout_file) as f:
+        heldout_ids = set(json.load(f).get('held_out', []))
+except (json.JSONDecodeError, IOError, KeyError):
+    print('NONE 0 0')
+    sys.exit(0)
+
+# No held-out items reserved (e.g. N<4): gate is inert. Emit NONE so the caller
+# skips the trust-event entirely (no no-op heldout_eval pollution per round).
+if not heldout_ids:
+    print('NONE 0 0')
+    sys.exit(0)
+
+# Waived held-out items are not counted as failures (operator override path).
+waived_ids = set()
+if waivers_file and os.path.exists(waivers_file):
+    try:
+        with open(waivers_file) as f:
+            waived_ids = {w['item_id'] for w in json.load(f).get('waivers', []) if w.get('active', True)}
+    except (json.JSONDecodeError, KeyError):
+        pass
+
+# HIGH-1(b): track how many held-out ids actually matched a current item. If the
+# reservation lists ids but ZERO matched (orphaned after a checklist regen), the
+# gate must NOT report PASS (that reads as evaluated-and-passed). 'matched' is
+# distinct from passed/failed: an all-pending matched set legitimately yields
+# passed=0 failed=0 and must stay PASS/pass-through, not STALE.
+matched = 0
+passed = 0
+failed = 0
+for cat in results.get('categories', []):
+    for item in cat.get('items', []):
+        iid = item.get('id', '')
+        if iid not in heldout_ids:
+            continue
+        matched += 1
+        if iid in waived_ids:
+            continue
+        status = item.get('status')
+        if status == 'verified':
+            passed += 1
+        elif status == 'failing':
+            failed += 1
+        # pending/inconclusive: pass-through (not counted as pass or fail block)
+
+if matched == 0:
+    # Reservation is stale: ids exist but none map to a current item. Selection-
+    # side repair (checklist_select_heldout) fixes this next iteration; emit STALE
+    # so this round is recorded honestly rather than as a silent PASS.
+    print('STALE 0 0')
+    sys.exit(0)
+
+verdict = 'BLOCK' if failed > 0 else 'PASS'
+print('%s %d %d' % (verdict, passed, failed))
+" 2>/dev/null || echo "NONE 0 0")
+
+    local verdict pass_count fail_count
+    read -r verdict pass_count fail_count <<< "$gate_result"
+    [ -z "$verdict" ] && verdict="NONE"
+    [ -z "$pass_count" ] && pass_count=0
+    [ -z "$fail_count" ] && fail_count=0
+
+    # NONE: no held-out items reserved -> gate inert, no trust-event, no block.
+    # LOW-5: still clear any stale block report so a prior BLOCK does not linger
+    # after the reservation is emptied (matches the PASS branch cleanup).
+    if [ "$verdict" = "NONE" ]; then
+        if [ -n "${COUNCIL_STATE_DIR:-}" ] && [ -f "$COUNCIL_STATE_DIR/heldout-block.json" ]; then
+            rm -f "$COUNCIL_STATE_DIR/heldout-block.json"
+        fi
+        return 0
+    fi
+
+    # STALE: reservation orphaned by a checklist regeneration (ids reserved but
+    # zero matched current items). Emit a STALE trust event so the round is not
+    # silently counted as a pass, warn, clear any stale block file (LOW-5), and
+    # return 0 (pass-through): blocking here would loop forever, and the
+    # selection-side repair re-selects valid ids on the next iteration.
+    if [ "$verdict" = "STALE" ]; then
+        log_warn "[Council] Held-out reservation is stale (checklist regenerated; reserved ids match no current item). Selection will re-select next iteration; not treating this as an evaluated PASS."
+        if type record_trust_event_bash &>/dev/null; then
+            record_trust_event_bash "heldout_eval" \
+                "verdict=STALE" \
+                "pass=0" \
+                "fail=0" \
+                >/dev/null 2>&1 || true
+        fi
+        if [ -n "${COUNCIL_STATE_DIR:-}" ] && [ -f "$COUNCIL_STATE_DIR/heldout-block.json" ]; then
+            rm -f "$COUNCIL_STATE_DIR/heldout-block.json"
+        fi
+        return 0
+    fi
+
+    # Trust-metrics: durable per-evaluation record (pass/fail counts). Emitted
+    # only when held-out items actually exist (verdict PASS or BLOCK).
+    if type record_trust_event_bash &>/dev/null; then
+        record_trust_event_bash "heldout_eval" \
+            "verdict=$verdict" \
+            "pass=$pass_count" \
+            "fail=$fail_count" \
+            >/dev/null 2>&1 || true
+    fi
+
+    if [ "$verdict" = "BLOCK" ]; then
+        # Read failing held-out titles directly from the data (colon/pipe-safe).
+        local titles_json titles_display
+        titles_json=$(_RESULTS_FILE="$results_file" _HELDOUT_FILE="$heldout_file" _WAIVERS_FILE="$waivers_file" python3 -c "
+import json, os
+results = json.load(open(os.environ['_RESULTS_FILE']))
+heldout_ids = set(json.load(open(os.environ['_HELDOUT_FILE'])).get('held_out', []))
+waived_ids = set()
+wf = os.environ.get('_WAIVERS_FILE', '')
+if wf and os.path.exists(wf):
+    try:
+        waived_ids = {w['item_id'] for w in json.load(open(wf)).get('waivers', []) if w.get('active', True)}
+    except Exception:
+        pass
+titles = []
+for cat in results.get('categories', []):
+    for item in cat.get('items', []):
+        iid = item.get('id', '')
+        if iid in heldout_ids and iid not in waived_ids and item.get('status') == 'failing':
+            titles.append(item.get('title', iid))
+print(json.dumps(titles[:5]))
+" 2>/dev/null || echo '[]')
+        titles_display=$(_T="$titles_json" python3 -c "
+import json, os
+try:
+    print(', '.join(json.loads(os.environ['_T'])))
+except Exception:
+    print('')
+" 2>/dev/null || echo "")
+        log_warn "[Council] Held-out gate BLOCKED: ${fail_count} held-out acceptance check(s) failing: ${titles_display}"
+        log_warn "[Council] Held-out checks are hidden from the build loop and verified only at completion. To opt out: set LOKI_HELDOUT_GATE=0"
+
+        mkdir -p "$COUNCIL_STATE_DIR" 2>/dev/null || true
+        local ho_file="$COUNCIL_STATE_DIR/heldout-block.json"
+        local ho_tmp="${ho_file}.tmp"
+        local timestamp
+        timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+        cat > "$ho_tmp" << HELDOUT_EOF
+{
+    "status": "blocked",
+    "blocked": true,
+    "blocked_at": "$timestamp",
+    "iteration": ${ITERATION_COUNT:-0},
+    "reason": "held_out_checks_failing",
+    "passed": $pass_count,
+    "failed": $fail_count,
+    "failures": $titles_json
+}
+HELDOUT_EOF
+        mv "$ho_tmp" "$ho_file"
+        return 1
+    fi
+
+    # Gate passes: remove any stale block report.
+    if [ -f "$COUNCIL_STATE_DIR/heldout-block.json" ]; then
+        rm -f "$COUNCIL_STATE_DIR/heldout-block.json"
+    fi
+    return 0
+}
+
 #===============================================================================
 # Council Evidence Hard Gate (v7.19.1) - "verified completion"
 #===============================================================================
@@ -1224,13 +1454,20 @@ council_evidence_gate() {
     # read, so none is tracked (avoids SC2034 dead-assignment).
     local diff_fails="false"
     local diff_files=0
+    # v7.28.0: track WHY the diff baseline could not be established, so the
+    # inconclusive case is surfaced honestly instead of passing through silently.
+    # diff_inconclusive stays "false" on the conclusive branch below.
+    local diff_inconclusive="false"
+    local diff_inconclusive_reason=""
     if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
         # No git repo => cannot prove fabrication => inconclusive => pass-through.
-        :
+        diff_inconclusive="true"
+        diff_inconclusive_reason="no_git_repo"
     elif [ -z "$base_sha" ]; then
         # No baseline captured (non-git/zero-commit run, or never set) =>
         # inconclusive => pass-through. Never false-block a legit first run.
-        :
+        diff_inconclusive="true"
+        diff_inconclusive_reason="no_run_start_sha"
     else
         # Count the UNION of three change sources (auto-commit is not guaranteed,
         # so committed-only would false-block a dirty-but-real working tree):
@@ -1308,6 +1545,40 @@ else:
     # Missing test-results.json (the else of the -f check) likewise leaves
     # test_fails="false" => inconclusive => pass-through (no file = no gate).
 
+    # --- v7.28.0: inconclusive-baseline lifecycle -------------------------------
+    # When the gate cannot establish a diff baseline (no git repo, or no run-start
+    # SHA) it does NOT block (would break non-git projects), but completion is no
+    # longer independently verified. Record that fact durably so the completion
+    # summary can surface one honest line, and emit a trust-event. The record is
+    # about the DIFF baseline only, so it is written regardless of the test
+    # outcome. On any CONCLUSIVE baseline we remove a stale record.
+    local inconclusive_file="${TARGET_DIR:-.}/.loki/state/evidence-inconclusive.json"
+    if [ "$diff_inconclusive" = "true" ]; then
+        mkdir -p "${TARGET_DIR:-.}/.loki/state" 2>/dev/null || true
+        local inc_tmp="${inconclusive_file}.tmp"
+        local inc_ts
+        inc_ts=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+        cat > "$inc_tmp" << INCONCLUSIVE_EOF
+{
+    "inconclusive": true,
+    "recorded_at": "$inc_ts",
+    "iteration": ${ITERATION_COUNT:-0},
+    "reason": "$diff_inconclusive_reason"
+}
+INCONCLUSIVE_EOF
+        mv "$inc_tmp" "$inconclusive_file" 2>/dev/null || rm -f "$inc_tmp" 2>/dev/null || true
+        if type record_trust_event_bash &>/dev/null; then
+            record_trust_event_bash "evidence_inconclusive" \
+                "reason=$diff_inconclusive_reason" \
+                >/dev/null 2>&1 || true
+        fi
+    else
+        # Conclusive baseline: clear any stale inconclusive record.
+        if [ -f "$inconclusive_file" ]; then
+            rm -f "$inconclusive_file"
+        fi
+    fi
+
     # --- Block decision: block iff DIFF FAILS or TEST FAILS ---
     if [ "$diff_fails" != "true" ] && [ "$test_fails" != "true" ]; then
         # Gate passes: remove any stale block report.
@@ -2025,6 +2296,14 @@ council_evaluate() {
         return 1  # CONTINUE - can't complete with critical failures
     fi
 
+    # v7.28.0: held-out spec eval gate - verify the hidden acceptance checks the
+    # build loop never saw. Runs after the visible-checklist gate, using the
+    # statuses council_reverify_checklist just recomputed over the full checklist.
+    if ! council_heldout_gate; then
+        log_info "[Council] Completion blocked by held-out spec eval gate"
+        return 1  # CONTINUE - cannot complete with failing held-out checks
+    fi
+
     # Phase 2.5 (v7.19.1): evidence hard gate - block completion unless there is
     # real evidence that files changed AND tests are green.
     if ! council_evidence_gate; then

package/autonomy/context-tracker.py

@@ -21,6 +21,7 @@ Usage:
 import argparse
 import json
 import os
+import re
 import sys
 from datetime import datetime, timezone
 from pathlib import Path
@@ -61,13 +62,31 @@ def get_pricing(provider):
     return PRICING_BY_PROVIDER.get(provider, PRICING_BY_PROVIDER["claude"])
 
 
-def derive_project_slug():
-    """Derive Claude's project slug from cwd (matches Claude's naming convention)."""
-    cwd = os.getcwd()
-    # Claude uses: /Users/name/project -> -Users-name-project
+def derive_naive_project_slug():
+    """Legacy slug rule: replace only '/' with '-'.
+
+    Kept for backward compatibility: stale sessions created before the
+    sanitization fix live under this naming. find_session_file falls back to
+    it when the correctly-sanitized slug dir does not exist.
+    """
+    cwd = os.path.realpath(os.getcwd())
     return "-" + cwd.lstrip("/").replace("/", "-")
 
 
+def derive_project_slug():
+    """Derive Claude's project slug from cwd.
+
+    Claude Code sanitizes EVERY non-alphanumeric character in the realpath to
+    '-' (rule: re.sub(r'[^a-zA-Z0-9]', '-', path)). The earlier implementation
+    replaced only '/', so any path with underscores, dots, or other special
+    characters produced a slug that did not match Claude's real session dir,
+    silently zeroing token/cost capture. realpath resolves symlinks (e.g.
+    /tmp -> /private/tmp) to match Claude's own keying.
+    """
+    cwd = os.path.realpath(os.getcwd())
+    return "-" + re.sub(r"[^a-zA-Z0-9]", "-", cwd.lstrip("/"))
+
+
 def find_session_file(provider, session_file_arg=None):
     """Find the most recently modified session file for the given provider.
 
@@ -84,10 +103,16 @@ def find_session_file(provider, session_file_arg=None):
         return path if path.exists() else None
 
     if provider == "claude":
-        project_slug = derive_project_slug()
-        session_dir = Path.home() / ".claude" / "projects" / project_slug
+        projects_root = Path.home() / ".claude" / "projects"
+        session_dir = projects_root / derive_project_slug()
+        # Backward compatibility: if the correctly-sanitized slug dir does not
+        # exist but a stale session under the old naive slug does, use it.
         if not session_dir.is_dir():
-            return None
+            naive_dir = projects_root / derive_naive_project_slug()
+            if naive_dir.is_dir():
+                session_dir = naive_dir
+            else:
+                return None
         jsonl_files = sorted(session_dir.glob("*.jsonl"), key=lambda p: p.stat().st_mtime, reverse=True)
         return jsonl_files[0] if jsonl_files else None