loki-mode 7.45.1 → 7.47.0

package/dashboard/auth.py

@@ -477,6 +477,111 @@ def _base64url_decode(data: str) -> bytes:
     return base64.urlsafe_b64decode(data)
 
 
+# Role precedence (highest privilege first). When a token carries multiple
+# recognized role claims, the highest-privilege match wins.
+_ROLE_PRECEDENCE = ("admin", "operator", "auditor", "viewer")
+
+
+def _normalize_claim_values(value) -> set[str]:
+    """Normalize an OIDC claim value into a lowercased set of strings.
+
+    Claim values may be a single string, a space-separated string, or a
+    list of strings (different providers use different shapes). All are
+    flattened into a set of lowercased tokens for matching against ROLES.
+    """
+    out: set[str] = set()
+    if value is None:
+        return out
+    if isinstance(value, str):
+        for part in value.split():
+            if part:
+                out.add(part.strip().lower())
+    elif isinstance(value, (list, tuple, set)):
+        for item in value:
+            if isinstance(item, str):
+                s = item.strip().lower()
+                if s:
+                    out.add(s)
+    return out
+
+
+def _collect_role_claims(claims: dict) -> set[str]:
+    """Collect candidate role/group values from standard OIDC claim shapes.
+
+    Recognized sources (case-insensitive values flattened into one set):
+    - A configurable claim named by LOKI_OIDC_ROLES_CLAIM (supports a dotted
+      path for nested claims, e.g. "realm_access.roles" for Keycloak).
+    - "roles" (generic)
+    - "groups" (generic)
+    - "realm_access.roles" (Keycloak)
+    - "cognito:groups" (AWS Cognito)
+
+    Note: "groups"/"cognito:groups" typically carry arbitrary group names,
+    not Loki role names. Only values that exactly match one of the four
+    built-in role names (admin/operator/viewer/auditor, case-insensitive)
+    grant a role. Everything else is ignored and the default role applies.
+    """
+    candidates: set[str] = set()
+
+    def _read_dotted(path: str):
+        node = claims
+        for key in path.split("."):
+            if isinstance(node, dict) and key in node:
+                node = node[key]
+            else:
+                return None
+        return node
+
+    configured = os.environ.get("LOKI_OIDC_ROLES_CLAIM", "").strip()
+    sources = []
+    if configured:
+        sources.append(configured)
+    sources.extend(["roles", "groups", "realm_access.roles", "cognito:groups"])
+
+    for src in sources:
+        if "." in src:
+            val = _read_dotted(src)
+        else:
+            val = claims.get(src)
+        candidates |= _normalize_claim_values(val)
+
+    return candidates
+
+
+def _default_oidc_role() -> str:
+    """Return the configured default OIDC role, validated against ROLES.
+
+    Defaults to the least-privileged role ("viewer"). If LOKI_OIDC_DEFAULT_ROLE
+    is set to an unrecognized value, falls back to "viewer" (never admin).
+    """
+    configured = os.environ.get("LOKI_OIDC_DEFAULT_ROLE", "").strip().lower()
+    if configured in ROLES:
+        return configured
+    return "viewer"
+
+
+def _scopes_from_claims(claims: dict) -> tuple[list[str], str]:
+    """Map OIDC token claims to Loki scopes via the existing ROLES mapping.
+
+    Returns a tuple of (scopes, role_name). If no recognized role claim is
+    present, the safe default role (viewer, or LOKI_OIDC_DEFAULT_ROLE) is
+    applied. This function NEVER returns ["*"]/admin by default: full access
+    is granted only when an explicit admin role claim is present.
+    """
+    candidate_values = _collect_role_claims(claims)
+
+    matched_role = None
+    for role in _ROLE_PRECEDENCE:
+        if role in candidate_values:
+            matched_role = role
+            break
+
+    if matched_role is None:
+        matched_role = _default_oidc_role()
+
+    return resolve_scopes(matched_role), matched_role
+
+
 def validate_oidc_token(token_str: str) -> Optional[dict]:
     """Validate an OIDC JWT token.
 
@@ -489,6 +594,12 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
     - Audience matches OIDC_AUDIENCE or OIDC_CLIENT_ID
     - Token is not expired
 
+    On success, role/group claims are mapped to Loki roles (admin/operator/
+    viewer/auditor) via _scopes_from_claims. When no recognized role claim is
+    present, the least-privileged default role (viewer, configurable via
+    LOKI_OIDC_DEFAULT_ROLE) is applied. OIDC users are never granted ["*"]
+    unless an explicit admin role claim is present.
+
     SECURITY CRITICAL: Without PyJWT, JWT signatures are NOT cryptographically
     verified. An attacker can forge tokens with arbitrary claims. For any
     production deployment, you MUST install PyJWT + cryptography so that
@@ -529,11 +640,13 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
             issuer=OIDC_ISSUER,
         )
 
+        scopes, role = _scopes_from_claims(decoded)
         return {
             "id": decoded.get("sub", ""),
             "name": decoded.get("name", decoded.get("email", decoded.get("sub", ""))),
             "email": decoded.get("email", ""),
-            "scopes": ["*"],  # OIDC users get full access
+            "scopes": scopes,  # mapped from OIDC role/group claims
+            "role": role,
             "auth_method": "oidc",
             "issuer": decoded.get("iss"),
         }
@@ -602,11 +715,13 @@ def validate_oidc_token(token_str: str) -> Optional[dict]:
             return None
 
         # Return user info from claims
+        scopes, role = _scopes_from_claims(claims)
         return {
             "id": claims.get("sub", ""),
             "name": claims.get("name", claims.get("email", claims.get("sub", ""))),
             "email": claims.get("email", ""),
-            "scopes": ["*"],  # OIDC users get full access
+            "scopes": scopes,  # mapped from OIDC role/group claims
+            "role": role,
             "auth_method": "oidc",
             "issuer": claims.get("iss"),
         }

package/dashboard/server.py

@@ -885,7 +885,7 @@ async def agent_card() -> dict:
         "capabilities": {
             "agents": 41,
             "swarms": 8,
-            "quality_gates": 9,
+            "quality_gates": 8,
             "providers": ["claude", "codex", "cline", "aider"],
             "streaming": True,
             "pushNotifications": False,
@@ -7177,15 +7177,14 @@ async def remove_checklist_waiver(item_id: str):
 # =============================================================================
 
 _DEFAULT_QUALITY_GATES = [
-    {"name": "Static Analysis", "description": "CodeQL, ESLint, type checking", "status": "pending"},
-    {"name": "Parallel Code Review", "description": "3-reviewer blind review system", "status": "pending"},
-    {"name": "Anti-Sycophancy Check", "description": "Devil's advocate on unanimous approval", "status": "pending"},
-    {"name": "Severity Assessment", "description": "Critical/High/Medium = BLOCK", "status": "pending"},
-    {"name": "Unit Test Coverage", "description": "Target >80% coverage, 100% pass", "status": "pending"},
-    {"name": "Integration Tests", "description": "End-to-end verification", "status": "pending"},
-    {"name": "Security Scan", "description": "Dependency audit, OWASP checks", "status": "pending"},
-    {"name": "Build Verification", "description": "Clean build with no warnings", "status": "pending"},
-    {"name": "Council Vote", "description": "Completion council consensus", "status": "pending"},
+    {"name": "Static Analysis", "description": "CodeQL, ESLint/Pylint, type-checker findings on the diff", "status": "pending"},
+    {"name": "Test Suite", "description": "Project test runner pass/fail (red blocks)", "status": "pending"},
+    {"name": "Blind Code Review", "description": "3-reviewer blind review; Critical/High = BLOCK; Medium/Low advisory", "status": "pending"},
+    {"name": "Anti-Sycophancy", "description": "Devil's Advocate re-review on unanimous PASS", "status": "pending"},
+    {"name": "Mock Integrity", "description": "Tautological-assertion and mock-ratio detection", "status": "pending"},
+    {"name": "Test Mutation", "description": "Assertion-churn (test-fitting) detection", "status": "pending"},
+    {"name": "Documentation Coverage", "description": "README presence, docs freshness, API docs for exported symbols", "status": "pending"},
+    {"name": "Magic Modules Debate", "description": "Spec-vs-implementation debate on generated modules", "status": "pending"},
 ]
 
 

package/docs/ACKNOWLEDGEMENTS.md

@@ -336,7 +336,7 @@ Based on research synthesis, the following improvements are planned:
 
 This acknowledgements file documents the research and resources that influenced Loki Mode's design. All referenced works retain their original licenses and copyrights.
 
-Loki Mode itself is released under the MIT License.
+Loki Mode itself is released under the Business Source License 1.1 (BUSL-1.1), a source-available license.
 
 ---
 

package/docs/COMPARISON.md

@@ -14,8 +14,8 @@
 | **Type** | Skill/Framework | Enterprise Platform | Standalone Agent | Cloud Agent | AI IDE | CLI Agent | AI IDE | AI IDE | Cloud Agent | AI IDE (OSS) |
 | **Autonomy Level** | High (minimal human) | High | Full | High | Medium-High | High | High | High | High | High |
 | **Max Runtime** | Unlimited | Async/Scheduled | Hours | Per-task | Session | Session | Days | Async | Per-task | Session |
-| **Pricing** | Free (OSS) | Enterprise | $20/mo | ChatGPT Plus | $20/mo | API costs | Free preview | Free preview | $19/mo | Free (OSS) |
-| **Open Source** | Yes | No | No | No | No | No | No | No | No | Yes |
+| **Pricing** | Free (source-available) | Enterprise | $20/mo | ChatGPT Plus | $20/mo | API costs | Free preview | Free preview | $19/mo | Free (OSS) |
+| **Source model** | Source-available (BUSL-1.1) | No | No | No | No | No | No | No | No | Yes |
 | **GitHub Stars** | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | 70.9k |
 
 ---
@@ -37,7 +37,7 @@
 |---------|--------------|-----------|-----------|------------|----------|-----------------|--------------|--------------|
 | **Code Review** | 3 blind reviewers + devil's advocate | Basic | Basic | BugBot PR | Property-based | Artifacts | Doc/Review | Basic |
 | **Anti-Sycophancy** | Yes (CONSENSAGENT) | No | No | No | No | No | No | No |
-| **Quality Gates** | 11 gates + PBT | Basic | Sandbox | Tests | Spec validation | Artifact checks | Tests | Permissions |
+| **Quality Gates** | 8 gates + PBT | Basic | Sandbox | Tests | Spec validation | Artifact checks | Tests | Permissions |
 | **Constitutional AI** | Yes (principles) | No | Refusal training | No | No | No | No | No |
 
 ---
@@ -146,10 +146,10 @@
 
 | Feature | **Zencoder** | **Loki Mode** | **Assessment** |
 |---------|-------------|---------------|----------------|
-| **Four Pillars** | Structured Workflows, SDD, Multi-Agent Verification, Parallel Execution | SDLC + RARV + 9 Gates + Worktrees | TIE |
+| **Four Pillars** | Structured Workflows, SDD, Multi-Agent Verification, Parallel Execution | SDLC + RARV + 8 Gates + Worktrees | TIE |
 | **Spec-Driven Dev** | Specs as first-class objects | OpenAPI-first | TIE |
 | **Multi-Agent Verification** | Model diversity (Claude vs OpenAI, 54% improvement) | 3 blind reviewers + devil's advocate | Different approach (N/A for Claude Code - only Claude models) |
-| **Quality Gates** | Built-in verification loops | 7 explicit gates + anti-sycophancy | **Loki Mode** |
+| **Quality Gates** | Built-in verification loops | 8 explicit gates + anti-sycophancy | **Loki Mode** |
 | **Memory System** | Not documented | 3-tier episodic/semantic/procedural | **Loki Mode** |
 | **Agent Specialization** | Custom Zen Agents | 41 pre-defined specialized agent roles | **Loki Mode** |
 | **CI Failure Analysis** | Explicit pattern with auto-fix | DevOps agent only | **ADOPTED from Zencoder** |
@@ -178,7 +178,7 @@
 
 ### Where Loki Mode EXCEEDS Zencoder
 
-1. **Quality Control**: 7 explicit gates + blind review + devil's advocate vs built-in loops
+1. **Quality Control**: 8 explicit gates + blind review + devil's advocate vs built-in loops
 2. **Memory System**: 3-tier (episodic/semantic/procedural) with cross-project learning
 3. **Agent Specialization**: 41 pre-defined specialized agent roles across 8 domains
 4. **Anti-Sycophancy**: CONSENSAGENT patterns prevent reviewer groupthink
@@ -207,7 +207,7 @@
 | **Skills** | Progressive disclosure | 6 slash commands | N/A | 129 skills | N/A | 35 skills | Memory focus |
 | **Multi-Provider** | Yes (Claude/Codex/Gemini) | 3 CLIs (separate) | No | No | No | No | No |
 | **Memory System** | 3-tier (episodic/semantic/procedural) | None | N/A | N/A | Hybrid | N/A | SQLite+FTS5 |
-| **Quality Gates** | 11 gates + Completion Council | User verify only | Two-Stage Review | N/A | Consensus | Tiered | N/A |
+| **Quality Gates** | 8 gates + Completion Council | User verify only | Two-Stage Review | N/A | Consensus | Tiered | N/A |
 | **Context Mgmt** | Standard | Fresh per task (core innovation) | Fresh per task | N/A | N/A | N/A | Progressive |
 | **Autonomy** | High (minimal human) | Semi (checkpoints) | Human-guided | Human-guided | Orchestrated | Human-guided | N/A |
 
@@ -232,7 +232,7 @@ These are patterns from competing projects that are **practically and scientific
 |----------|---------|-------------------------|
 | **Multi-Provider Support** | Only skill supporting Claude, Codex, and Gemini with graceful degradation | All 8 competitors are Claude-only |
 | **RARV Cycle** | Reason-Act-Reflect-Verify is more rigorous than Plan-Execute | Most use simple Plan-Execute |
-| **11-Gate Quality System** | Static analysis + 3 reviewers + devil's advocate + anti-sycophancy + severity blocking + coverage + debate + backward-compat (healing) + Phase 1 closure | Superpowers has 2-stage, others have less |
+| **8-Gate Quality System** | Static analysis + test suite (pass/fail) + 3 blind reviewers with severity blocking + devil's advocate + mock-integrity + test-mutation + documentation coverage + Magic Modules debate (backward-compat is a conditional healing auditor) + Phase 1 closure | Superpowers has 2-stage, others have less |
 | **Constitutional AI Integration** | Principles-based self-critique from Anthropic research | None have this |
 | **Anti-Sycophancy (CONSENSAGENT)** | Blind review + devil's advocate prevents groupthink | None have this |
 | **Provider Abstraction Layer** | Clean degradation from full-featured to sequential-only | Claude-only projects can't degrade |
@@ -359,12 +359,12 @@ Tiered agent architecture with explicit escalation:
 |-----------|-------------------|
 | **Autonomy** | Designed for high autonomy with minimal human intervention |
 | **Multi-Agent** | 41 prompt-defined agent roles in 8 domains adopted per phase (parallel review council + optional worktree streams on Claude, sequential elsewhere) vs 1-8 in competitors, with all output gated by blind review + council |
-| **Quality** | 11 gates + blind review + devil's advocate + property-based testing |
+| **Quality** | 8 gates + blind review + devil's advocate + property-based testing |
 | **Research** | 10+ academic papers integrated vs proprietary/undisclosed |
 | **Anti-Sycophancy** | Only agent with CONSENSAGENT-based blind review |
 | **Memory** | 3-tier memory (episodic/semantic/procedural) + review learning + cross-project |
 | **Transformation** | Code migration workflows (language, database, framework) |
-| **Cost** | Free (open source) vs $20-500/month |
+| **Cost** | Free (source-available, BUSL-1.1) vs $20-500/month |
 | **Customization** | Full source access vs black box |
 
 ---

package/docs/COMPETITIVE-ANALYSIS.md

@@ -20,7 +20,7 @@ GSD is the closest competitor -- a context engineering system that spawns fresh
 | Adoption | 594 stars, 6K/wk npm | 11,903 stars, 21K/wk npm | GSD (20x) |
 | Simplicity | Complex (5.4K-line run.sh, 12 Python modules) | Simple (markdown agents + slash commands) | GSD |
 | Full autonomy | Walk away, come back to deployed product | Human checkpoints at discuss/verify/milestone | Loki |
-| Quality gates | 9-gate + Completion Council + anti-sycophancy | User verification only | Loki |
+| Quality gates | 8-gate + Completion Council + anti-sycophancy | User verification only | Loki |
 | Memory system | Episodic/semantic/procedural + vector search | None | Loki |
 | Context management | Standard | Fresh subagent contexts per task (core innovation) | GSD |
 | Time to value | Learn architecture, understand CLI flags | `npx get-shit-done-cc` and go | GSD |
@@ -45,7 +45,7 @@ GSD is the closest competitor -- a context engineering system that spawns fresh
 | **Enterprise Security** | `--dangerously-skip-permissions` | MCP sandboxed | Sandboxed | Audit logs, RBAC | Staged autonomy | Sandboxed |
 | **Cross-Project Learning** | No | AgentDB | No | No | No | Limited |
 | **Observability** | Dashboard + STATUS.txt | Real-time tracing | Logs | Full tracing | Built-in | Full |
-| **Pricing** | Free (OSS) | Free (OSS) | Free (OSS) | $25+/mo | $20-400/mo | $20-500/mo |
+| **Pricing** | Free (source-available) | Free (OSS) | Free (OSS) | $25+/mo | $20-400/mo | $20-500/mo |
 | **Production Ready** | Experimental | Production | Production | Production | Production | Production |
 | **Resource Monitoring** | Yes (v2.18.5) | Unknown | No | No | No | No |
 | **State Recovery** | Yes (checkpoints) | Yes (AgentDB) | Limited | Yes | Git worktrees | Yes |

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Loki Mode is a spec-driven autonomous builder with a built-in trust layer that takes any spec to a deployed product and verifies completion with evidence (quality gates plus a completion council), not just a "done" claim. Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.45.1
+**Version:** v7.47.0
 
 ---
 
@@ -389,7 +389,7 @@ provider works inside the container. Provide auth with your Anthropic API key:
 # Run Loki Mode in Docker (Claude provider, API-key auth)
 docker run --rm -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
   -v $(pwd):/workspace -w /workspace \
-  asklokesh/loki-mode:7.45.1 start ./my-spec.md
+  asklokesh/loki-mode:7.47.0 start ./my-spec.md
 ```
 
 ##### docker compose + .env (no host install)

package/docs/OPEN-CORE-BOUNDARY.md

@@ -1,15 +1,16 @@
 # Loki Mode open-core boundary
 
-Loki Mode is and stays open source. This document draws the line between what is
-free forever and what hosted/paid/enterprise plans would add on top. R9 ships
+Loki Mode is and stays source-available (BUSL-1.1) and free to self-host. This
+document draws the line between what is free forever and what
+hosted/paid/enterprise plans would add on top. R9 ships
 the SEAMS for that line; it does not ship a hosted backend, a license server, or
 any paywall on existing functionality.
 
 ## Principle
 
-OSS is fully functional with zero hosted backend. Every capability Loki has
-today runs locally, free, with no account, no license key, and no network call
-to any Loki service. Hosted/paid features are ADDITIVE convenience and
+The free self-hosted tier is fully functional with zero hosted backend. Every
+capability Loki has today runs locally, free, with no account, no license key,
+and no network call to any Loki service. Hosted/paid features are ADDITIVE convenience and
 team/enterprise layers, never a removal or gating of something that is free
 today.
 

package/docs/P0-SWEEP-PLAN.md

@@ -0,0 +1,163 @@
+# P0 Verification-Credibility Sweep -- Architecture Plan
+
+Persisted from the Architect (opus). Every line number re-verified by grep.
+Goal: make Loki's verification layer honest and real. A hollow wedge is
+existential for a "proof of done" product. Fix or remove every false/hollow gate
+claim, wire the unwired detectors, make anti-sycophancy act.
+
+## 0. Verified ground truth
+
+- P0-1: enforce_test_coverage() at autonomy/run.sh:7031. `local coverage_pct=0`
+  at 7038 is never reassigned; no coverage tool invoked. 7257 emits min_coverage
+  (the threshold), not a measured value. Gate decides purely on test_passed.
+- P0-2: skills/quality-gates.md:5-17 lists 11 gates; gates 1 (Input Guardrails)
+  and 5 (Output Guardrails) have NO gate function. wiki/Quality-Gates.md:14-28
+  duplicates. (21 'guardrail' refs in autonomy/ are CLI help/comments/flags.)
+- P0-3: tests/detect-mock-problems.sh + tests/detect-test-mutations.sh invoked
+  0 times in autonomy/run.sh. quality-gates.md:74-77 claims HIGH=FAIL.
+- P0-4: anti-sycophancy block run.sh:8316-8323 only logs + writes
+  anti-sycophancy.txt. No Devil's-Advocate re-review. INERT. Bun mirror
+  loki-ts/src/runner/quality_gates.ts:804-808 equally inert.
+- Gate inventory: phantom (Input/Output Guardrails); wired-but-unlisted
+  (run_magic_debate_gate at run.sh:14067); "Gate 10 Backward Compat" is the
+  legacy-healing-auditor SPECIALIST (run.sh:7875-7979), conditional, not a loop
+  gate; "Gate 6 Severity Blocking" is the block policy inside code review, not a
+  function.
+
+### Functions actually invoked in orchestration (run.sh:13938-14084)
+enforce_static_analysis (13945); enforce_test_coverage (13967); run_code_review
+(13987); run_doc_quality_gate (14058); run_magic_debate_gate (14070); plus
+conditional legacy-healing-auditor reviewer.
+
+## 1. Canonical final gate list (THE CONTRACT -- docs transcribe, never recompute)
+
+Honest count after this sweep: 8 gates.
+
+| # | Gate | Function / mechanism | Blocking | Opt-out flag |
+|---|------|---------------------|----------|--------------|
+| 1 | Static Analysis | enforce_static_analysis (run.sh:6699) | Yes (ladder) | PHASE_STATIC_ANALYSIS=false |
+| 2 | Test Suite (pass/fail) | enforce_test_coverage (run.sh:7031) | Yes (red blocks) | PHASE_UNIT_TESTS=false |
+| 3 | Blind Code Review (3-reviewer council + severity blocking) | run_code_review (run.sh:7788) | Yes (Crit/High block) | PHASE_CODE_REVIEW=false |
+| 4 | Anti-Sycophancy / Devil's Advocate (on unanimous PASS) | run_code_review sub-step (run.sh:8316+) | Yes (DA Crit/High block) | LOKI_GATE_DEVILS_ADVOCATE=false |
+| 5 | Mock Integrity Detector | enforce_mock_integrity -> tests/detect-mock-problems.sh | Yes (HIGH blocks) | LOKI_GATE_MOCK=false |
+| 6 | Test Mutation Detector | enforce_mutation_integrity -> tests/detect-test-mutations.sh | Yes (HIGH blocks) | LOKI_GATE_MUTATION=false |
+| 7 | Documentation Coverage | run_doc_quality_gate (run.sh:7388) | Yes | LOKI_GATE_DOC_COVERAGE=false |
+| 8 | Magic Modules Debate | run_magic_debate_gate (run.sh:7495) | Yes (BLOCK sev) | LOKI_GATE_MAGIC_DEBATE=false |
+
+Conditional auditor (documented separately, NOT numbered): Backward-Compatibility
+/ legacy-healing-auditor (healing mode only). Removed: Input/Output Guardrails.
+
+### Doc files to update to "8 gates" (docs owner)
+README.md (22,29,196,255); SKILL.md (3,10); CLAUDE.md (44);
+plugins/loki-mode/README.md (4); wiki/Quality-Gates.md (14-48);
+wiki/Environment-Variables.md (62); wiki/Home.md (3,13); wiki/CLI-Reference.md
+(230); docs/cursor-comparison.md (14,177,195); docs/COMPARISON.md (40,210,362);
+skills/quality-gates.md (5,13,14-17,19-66,69-82,650,655,668); skills/00-index.md
+(51). CHANGELOG.md: NEW top entry ONLY; never rewrite historical entries
+(5837/6181/6335/6340).
+
+## 2. P0-1 Coverage honesty (Fix B) -- Slice A (run.sh owner) + Slice B (docs)
+- run.sh: remove dead `local coverage_pct=0` (7038). Relabel logs: 13966
+  "test suite (pass/fail)"; 7265/7270 "Test suite gate".
+- KEEP the min_coverage JSON field at 7257 (consumed by autonomy/loki:27529-27530,
+  16138 and asserted in tests/test-report-command.sh:116,
+  tests/test-completion-council-affirmative-evidence.sh:126,
+  tests/test-evidence-gate.sh:155). Only change misleading consumer strings in
+  autonomy/loki (27530, 16138) to "Min coverage TARGET (not measured)".
+- docs (skills/quality-gates.md): :13 drop ">80% coverage" -> "coverage % not
+  measured in this release"; :650/:655 reword to pass/fail + target-only; :668
+  remove coverage.json artifact line. Note Fix A (real measurement) as follow-up.
+
+## 3. P0-2 Phantom guardrails -- Slice B (docs only)
+Remove gates 1 & 5 entirely (do not "mark planned"). Renumber to the 8-gate
+table. Edit skills/quality-gates.md:5-17, wiki/Quality-Gates.md:14-28, + all
+list files in section 1.
+
+## 4. P0-3 Wire detectors -- Slice A (run.sh) + Slice D (scripts) + Slice C (Bun)
+Exit-code asymmetry (load-bearing):
+- detect-mock-problems.sh exits 1 on CRITICAL/HIGH (179-182), 0 otherwise.
+  Exit code already = block-on-HIGH.
+- detect-test-mutations.sh exits 0 unless --strict; --strict blocks on ANY
+  finding (over-blocks MED/LOW). DO NOT use --strict. Wrapper greps stdout for
+  [HIGH] to decide block; route MED/LOW to findings injection.
+
+New run.sh functions (place after run_magic_debate_gate ~7560):
+  enforce_mock_integrity()      # HIGH -> return 1; MED/LOW -> findings file
+  enforce_mutation_integrity()  # grep -c '\[HIGH\]' >0 -> return 1; MED/LOW -> findings
+Both cd "${TARGET_DIR}", use LOKI_GATE_TIMEOUT wrapping, write findings into
+${TARGET_DIR}/.loki/quality/ for the Phase-1 findings injector.
+
+Orchestration insert: after the pause-check at 13983, before code-review at
+13985. Mirror the existing pattern with track_gate_failure/clear_gate_failure +
+gate_failures string. Toggles LOKI_GATE_MOCK / LOKI_GATE_MUTATION (matches
+existing LOKI_GATE_DOC_COVERAGE / LOKI_GATE_MAGIC_DEBATE convention).
+
+Detector-script (Slice D): optional --block-high mode on detect-test-mutations.sh
+(exit 2 on HIGH) keeping --strict intact; OR rely on wrapper grep (no script
+change). Verify detect-mock-problems.sh exit semantics. Do NOT touch run.sh.
+
+## 5. P0-4 Anti-sycophancy acts -- Slice A (run.sh) + Slice C (Bun)
+Read run_code_review 7788-8316 first. At 8316-8323 unanimous block: dispatch ONE
+Devil's-Advocate reviewer reusing the existing reviewer-invocation +
+parse_verdict helpers; if DA returns Crit/High set has_blocking=true so the
+EXISTING block at 8326-8330 fires (return 1). Keep anti-sycophancy.txt for audit.
+Gate behind LOKI_GATE_DEVILS_ADVOCATE (default true).
+
+## 6. P0-5 Honest per-gate table -- Slice B (docs)
+Replace skills/quality-gates.md:5-17 + prose 19-82 with the 8-gate table plus
+columns: detects X / does NOT detect Y / opt-out flag / blocking. Honesty
+entries: gate 2 "does NOT detect coverage %"; gate 5 "does NOT detect semantic
+correctness of mocks"; gate 6 "does NOT detect logically-correct-but-weak
+assertions".
+
+## 7. Bash <-> Bun parity matrix
+| Change | Bun mirror | File |
+|--------|-----------|------|
+| P0-1 label/honesty | Yes (light) | quality_gates.ts runTestCoverage (402): no false % strings |
+| P0-2 gate count | docs only | -- |
+| P0-3 mock gate | Yes | quality_gates.ts: add mock_integrity to GateName (69-74) + runMockIntegrity + sequence (1474-1480) + toggle |
+| P0-3 mutation gate | Yes | quality_gates.ts: add mutation_integrity + runMutationIntegrity + sequence + toggle |
+| P0-4 devil's advocate | Yes | quality_gates.ts runCodeReview (709), inert at 804-808: add DA dispatch + block |
+| P0-5 doc table | docs only | -- |
+Bun escalation ladder is generic; new gates inherit once added to union+sequence.
+
+## 8. Slice boundaries (independent; no file collisions)
+- Slice A -- run.sh runtime (ONE owner, serialized): P0-1 (run.sh + autonomy/loki
+  strings), P0-3 new funcs + orchestration insert, P0-4. Owns autonomy/run.sh +
+  autonomy/loki exclusively.
+- Slice B -- Docs (ONE owner): P0-2 + P0-5 + all "11->8 gates" edits. Both edit
+  skills/quality-gates.md so MUST be one slice. New CHANGELOG entry only.
+- Slice C -- Bun parity (ONE owner): loki-ts/src/runner/quality_gates.ts only.
+- Slice D -- Detector scripts (ONE owner): tests/detect-test-mutations.sh
+  --block-high; verify detect-mock-problems.sh. No run.sh.
+- Slice E -- SDET tests (ONE owner; after A/C/D): fixtures + assertions.
+Order: D and B parallel anytime; A depends on D contract; C mirrors A; E last.
+
+## 9. Test plan (SDET, Slice E)
+- P0-1: grep assert no ">80%"/"min_coverage: 80% # Never drop"/"coverage.json"
+  in any list doc. Behavior: passing tests pass, failing tests block.
+- P0-2: grep assert zero live "11 gates"/"Input Guardrails"/"Output Guardrails"
+  (CHANGELOG excepted); "8" present in quality-gates.md + wiki.
+- P0-3 mock: fixture with tautological assertion -> enforce_mock_integrity
+  returns 1, BLOCKS, track_gate_failure increments. Clean -> 0, clears. MED-only
+  -> 0 + findings file.
+- P0-3 mutation: fixture commit changing assertion values + impl (HIGH) ->
+  returns 1, BLOCKS. MED-only -> 0 + findings (proves not over-blocking).
+- P0-4: unanimous PASS + DA High -> run_code_review returns 1. Unanimous PASS +
+  DA clean -> 0 + anti-sycophancy.txt exists.
+- Parity: Bun sequence includes mock_integrity + mutation_integrity; runCodeReview
+  blocks on DA High; existing loki-ts tests green.
+
+## 10. Risks + binding constraints
+Risks: (1) min_coverage JSON field has live consumers + 3 test assertions -- keep
+field, fix strings only. (2) mutation --strict over-blocks -- parse HIGH instead.
+(3) detectors run against TARGET project test files -- cd TARGET_DIR + timeout
+wrap. (4) stale cross-file comment line refs exist; do not chase, do not add new.
+
+Binding constraints (every dev agent): NO version bumps (integrator once); NO
+commits/push; NO emojis; NO em dashes; full gate applies (touches runtime/gates/
+parity); stay inside your slice file ownership; run.sh is single-owner.
+
+Canonical count decision: 8 (recommended). Keeping backward-compat numbered
+would make it 9 but reintroduces the listed-but-not-a-loop-gate honesty gap this
+sweep exists to close.