npm - loki-mode - Versions diffs - 7.45.1 → 7.47.0 - Mend

loki-mode 7.45.1 → 7.47.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/docs/competitive/emergence-others-analysis.md CHANGED Viewed

@@ -280,13 +280,13 @@ Developers who value open-source tooling, speed, and terminal-native workflows.
 | Feature | Emergence AI (Agent-E) | Rork | Claude Code CLI | Codex CLI | Loki Mode |
 |---------|:---------------------:|:----:|:--------------:|:---------:|:---------:|
 | **Primary Focus** | Web automation | Mobile apps | Coding assistant | Coding assistant | PRD-to-deploy |
-| **Open Source** | Partial (Agent-E only) | No | Source-available | Yes (Apache-2.0) | Yes |
+| **Open Source / Source model** | Partial (Agent-E only) | No | Source-available | Yes (Apache-2.0) | Source-available (BUSL-1.1) |
 | **Multi-Provider** | Yes (OpenAI, Azure, Ollama) | Yes (Gemini, Claude) | Partial (Claude models via Bedrock/Vertex/Foundry) | No (GPT only) | Yes (5 providers, 3+ model families) |
 | **Multi-Agent** | Yes (2-agent model) | No | Yes (coordinated teams) | Yes (experimental) | Yes (41 agent types) |
 | **Autonomous Iteration** | No (task-level) | No | Partial (/loop, /schedule) | No (requires prompting) | Yes (RARV loop + completion council) |
 | **SDLC Pipeline** | No | No | No | No | Yes (9 phases) |
 | **Code Review** | No | No | Yes (single-pass) | Yes (single-pass) | Yes (3-reviewer blind) |
-| **Quality Gates** | No | No | No | No | Yes (10 gates) |
+| **Quality Gates** | No | No | No | No | Yes (8 gates) |
 | **Anti-Sycophancy** | No | No | No | No | Yes (devil's advocate) |
 | **Memory System** | Enterprise only | No | CLAUDE.md + auto-memory | Session resumption | Episodic/semantic/procedural |
 | **Self-Hosted** | Partial (Agent-E) | No | Partial (CLI local, but subscription or API required) | Yes (with API key) | Yes (fully, any provider API key) |
@@ -383,10 +383,10 @@ Claude Code and Codex CLI offer single-pass code review. Neither provides:
 - 3-reviewer blind parallel review
 - Anti-sycophancy checks (devil's advocate on unanimous approval)
 - Severity-based blocking gates
-- Test coverage enforcement (>80% unit, 100% pass)
+- Test suite enforcement (100% pass; coverage % not measured this release)
 - Static analysis integration (CodeQL, ESLint)
-**Opportunity:** Loki Mode's 10-gate quality system provides enterprise-grade assurance that no competitor matches.
+**Opportunity:** Loki Mode's 8-gate quality system provides enterprise-grade assurance that no competitor matches.
 ### Gap 4: No Persistent Cross-Project Learning
@@ -433,7 +433,7 @@ Rork generates mobile apps but cannot handle backends, APIs, or infrastructure.
 This positioning highlights three unique capabilities no competitor offers together:
 1. **Autonomous SDLC** (not just coding assistance)
 2. **Multi-provider** (not locked to one vendor)
-3. **Quality-assured** (10-gate system, 3-reviewer blind review)
+3. **Quality-assured** (8-gate system, 3-reviewer blind review)
 ### Differentiation by Competitor
@@ -443,7 +443,7 @@ This positioning highlights three unique capabilities no competitor offers toget
 | Autonomy | Semi-autonomous (/loop, /schedule, but no SDLC orchestration) | Fully autonomous (RARV loop + completion council) |
 | Scope | Individual coding tasks, PR reviews | Full SDLC pipeline (9 phases) |
 | Providers | Claude models only (multi-cloud hosting) | 5 providers, 3+ model families |
-| Quality | Single-pass review, GitHub Action | 10-gate, 3-reviewer blind system, anti-sycophancy |
+| Quality | Single-pass review, GitHub Action | 8-gate, 3-reviewer blind system, anti-sycophancy |
 | Memory | CLAUDE.md + auto-memory (session-scoped) | Episodic/semantic/procedural (cross-project) |
 | Cost model | Subscription with rate limits or API | Self-hosted, pay-per-token, any provider |
 | IDE/surface | Terminal, VS Code, JetBrains, Desktop, Web | Terminal, VS Code (via extension) |
@@ -454,11 +454,11 @@ This positioning highlights three unique capabilities no competitor offers toget
 | Dimension | Codex CLI | Loki Mode |
 |-----------|-----------|-----------|
 | Autonomy | Assisted (human prompts each task) | Fully autonomous |
-| Open source | Yes (Apache-2.0) | Yes |
+| Source model | Open source (Apache-2.0) | Source-available (BUSL-1.1) |
 | Speed | 240+ tokens/sec | Depends on provider |
 | Providers | OpenAI only | 5 providers |
 | Multi-agent | Experimental (isolated) | 41 agent types, 8 domains |
-| Quality | Single-pass review | 10-gate system |
+| Quality | Single-pass review | 8-gate system |
 | **Loki Mode advantage:** | Autonomous pipeline, multi-provider, mature multi-agent |
 #### vs. Emergence AI
@@ -467,15 +467,15 @@ This positioning highlights three unique capabilities no competitor offers toget
 | Focus | Web/workflow automation | Software development |
 | Pricing | Enterprise contracts | Free + API costs |
 | Self-hosted | VPC option | Fully self-hosted |
-| Open source | Partial | Yes |
-| **Loki Mode advantage:** | Purpose-built for software, open source, accessible pricing |
+| Source-available | Partial | Yes (BUSL-1.1) |
+| **Loki Mode advantage:** | Purpose-built for software, source-available, accessible pricing |
 #### vs. Rork
 | Dimension | Rork | Loki Mode |
 |-----------|------|-----------|
 | Focus | Mobile apps (no-code) | Full-stack software |
 | Target user | Non-technical | Developers + technical teams |
-| Quality | No testing/review | 10-gate quality system |
+| Quality | No testing/review | 8-gate quality system |
 | Output | Mobile app only | Any software type |
 | **Loki Mode advantage:** | Developer-grade, full-stack, quality-assured |
@@ -485,7 +485,7 @@ This positioning highlights three unique capabilities no competitor offers toget
 "You already use AI for coding. Loki Mode makes it autonomous -- give it a PRD, and it handles planning, implementation, testing, code review, and deployment. Keep using Claude or Codex under the hood."
 **For engineering leaders evaluating AI tooling:**
-"Loki Mode is the only open-source system with enterprise-grade quality gates (10 gates, 3-reviewer blind review, anti-sycophancy checks) that runs autonomously on any AI provider. Self-hosted, no vendor lock-in."
+"Loki Mode is the only source-available system with enterprise-grade quality gates (8 gates, 3-reviewer blind review, anti-sycophancy checks) that runs autonomously on any AI provider. Self-hosted, no vendor lock-in."
 **For startups and solo developers:**
 "Go from idea to deployed product overnight. Write a PRD, invoke Loki Mode, and let it build, test, and deploy while you sleep. Works with your existing Claude or OpenAI API key."
@@ -557,8 +557,8 @@ The most significant near-term competitive threat is Anthropic's Agent SDK (http
 **However, Loki Mode's structural advantages remain:**
 1. **Multi-provider:** Agent SDK is Claude-only. Loki Mode works with any provider.
-2. **Battle-tested pipeline:** 10 quality gates, completion council, healing, memory -- these took months to build and validate. A new Agent SDK project starts from zero.
-3. **Open source and self-hosted:** No dependency on Anthropic's platform decisions.
+2. **Battle-tested pipeline:** 8 quality gates, completion council, healing, memory -- these took months to build and validate. A new Agent SDK project starts from zero.
+3. **Source-available and self-hosted:** No dependency on Anthropic's platform decisions.
 4. **Research foundation:** Built on patterns from OpenAI, DeepMind, Anthropic, and academic research. Not just engineering, but applied AI safety research (Constitutional AI, anti-sycophancy, alignment faking detection).
 ---

package/docs/competitive/replit-lovable-analysis.md CHANGED Viewed

@@ -26,8 +26,8 @@ Replit and Lovable represent two dominant players in the "vibe coding" / AI app
 | Metric | Replit | Lovable | Loki Mode |
 |--------|--------|---------|-----------|
-| Valuation | $9B (Mar 2026) | $6.6B (Dec 2025) | Open source |
-| ARR | $265M+ (targeting $1B) | $400M+ (Feb 2026) | N/A (open source) |
+| Valuation | $9B (Mar 2026) | $6.6B (Dec 2025) | Source-available (BUSL-1.1) |
+| ARR | $265M+ (targeting $1B) | $400M+ (Feb 2026) | N/A (source-available) |
 | Users | 50M+ registered | 8M+ users | Developer community |
 | Total Funding | $650M+ | $653M | $0 |
 | Employees | ~1,000+ | ~817 | Solo maintainer |
@@ -316,7 +316,7 @@ Replit Agent has evolved rapidly through four major versions:
 | Self-testing loop | Yes | No | Yes (RARV cycle) |
 | Code review | No | No | Yes (3-reviewer blind review) |
 | Anti-sycophancy | No | No | Yes (devil's advocate) |
-| Quality gates | No | Security scan only | 10 gates |
+| Quality gates | No | Security scan only | 8 gates |
 | Memory system | No | Project knowledge | Episodic/semantic/procedural |
 | Model selection | Platform-chosen | Platform-chosen | Task-aware (Opus/Sonnet/Haiku) |
 | Multi-provider support | No (Replit only) | No (Lovable only) | Yes (Claude/Codex/Gemini/Cline/Aider) |
@@ -376,7 +376,7 @@ Replit Agent has evolved rapidly through four major versions:
 | Metric | Replit Agent | Lovable.dev | Loki Mode |
 |--------|:-----------:|:-----------:|:---------:|
-| Free tier | Yes (limited) | Yes (30 credits/mo) | Yes (open source, free) |
+| Free tier | Yes (limited) | Yes (30 credits/mo) | Yes (source-available, free to self-host) |
 | Entry paid | $20/mo (Core) | $25/mo (Pro) | $0 (bring your own API key) |
 | Team plan | $100/mo (Pro) | $50/mo (Business) | $0 |
 | Cost model | Effort-based credits | Per-prompt credits | API key costs only |
@@ -393,7 +393,7 @@ Loki Mode operates as a true autonomous engineering system, not a prompt-respons
 ### 2. Quality Assurance
-Loki Mode's 10-gate quality system (static analysis, 3-reviewer blind review, anti-sycophancy, severity-based blocking, test coverage, backward compatibility) has no equivalent in either platform. Replit and Lovable have zero code review, zero anti-sycophancy, and minimal quality gates. This is Loki Mode's strongest differentiator.
+Loki Mode's 8-gate quality system (static analysis, test suite (pass/fail), blind 3-reviewer review with severity blocking, anti-sycophancy Devil's Advocate, mock-integrity, test-mutation, documentation coverage, Magic Modules debate; backward-compatibility is a conditional healing-mode auditor) has no equivalent in either platform. Replit and Lovable have zero code review, zero anti-sycophancy, and minimal quality gates. This is Loki Mode's strongest differentiator.
 ### 3. Multi-Provider and Multi-Model Intelligence
@@ -531,7 +531,7 @@ Replit now supports React Native/Expo with full backend and RevenueCat monetizat
 When positioning Loki Mode against Replit and Lovable, emphasize:
 1. **"No credit anxiety"** -- You pay your API provider directly. No surprise bills. No credits burned on AI mistakes.
-2. **"Production quality, not prototype quality"** -- 10 quality gates, 3-reviewer blind review, anti-sycophancy. Your code ships to production, not to a rewrite backlog.
+2. **"Production quality, not prototype quality"** -- 8 quality gates, 3-reviewer blind review, anti-sycophancy. Your code ships to production, not to a rewrite backlog.
 3. **"No lock-in"** -- Your code. Your infrastructure. Your choice of AI provider. Export is not a feature -- it is the default.
 4. **"Autonomous, not assistive"** -- Loki Mode does not wait for your next prompt. It plans, builds, tests, reviews, and deploys. You review the output, not babysit the process.
 5. **"Works with your codebase"** -- Legacy systems, brownfield projects, enterprise code. Not just greenfield MVPs.
@@ -585,7 +585,7 @@ The term "vibe coding" (coined by Andrej Karpathy) has driven explosive growth i
 **Medium-term (12 months):** Moderate threat -- as Replit/Lovable improve production quality and add enterprise features, they will attract more professional developers. Loki Mode must ship deployment, dashboard, and Figma integration.
-**Long-term (24 months):** High convergence risk -- all platforms will trend toward autonomous, production-grade, multi-agent systems. Loki Mode's quality gates, memory system, and brownfield support will be critical differentiators. The open-source model is an enduring advantage if the community grows.
+**Long-term (24 months):** High convergence risk -- all platforms will trend toward autonomous, production-grade, multi-agent systems. Loki Mode's quality gates, memory system, and brownfield support will be critical differentiators. The source-available, self-hostable model is an enduring advantage if the community grows.
 ---

package/docs/cursor-comparison.md CHANGED Viewed

@@ -11,7 +11,7 @@
 |-----------|--------|-----------|--------|
 | **Proven Scale** | 1M+ LoC, large agent count | Benchmarks only | Cursor |
 | **Research Foundation** | Empirical iteration | 25+ academic citations | Loki Mode |
-| **Quality Assurance** | Workers self-manage | 11-gate system + anti-sycophancy | Loki Mode |
+| **Quality Assurance** | Workers self-manage | 8-gate system + anti-sycophancy | Loki Mode |
 | **Anti-Sycophancy** | Not mentioned | CONSENSAGENT blind review | Loki Mode |
 | **Velocity-Quality Balance** | Not mentioned | arXiv-backed metrics | Loki Mode |
 | **Full SDLC Coverage** | Code generation focus | Spec (PRD/issue/YAML) to production + growth | Loki Mode |
@@ -57,7 +57,7 @@ velocity_quality_balance:
   thresholds:
     max_new_warnings: 0  # Zero tolerance
-    min_coverage: 80%
+    coverage_target: 80%  # Target only; coverage % not measured this release
 ```
 **Research Basis:** [arXiv 2511.04427v2](https://arxiv.org/abs/2511.04427) - Empirical study of 807 repositories
@@ -66,16 +66,19 @@ velocity_quality_balance:
 ---
-### 3. 11-Gate Quality System
+### 3. 8-Gate Quality System
 **Loki Mode's Gates:**
-1. Input Guardrails - Validate scope, detect injection (OpenAI SDK pattern)
-2. Static Analysis - CodeQL, ESLint, type checking
-3. Blind Review System - 3 parallel reviewers
-4. Anti-Sycophancy Check - Devil's advocate on unanimous approval
-5. Output Guardrails - Code quality, spec compliance, no secrets
-6. Severity-Based Blocking - Critical/High/Medium = BLOCK
-7. Test Coverage Gates - 100% pass, >80% coverage
+1. Static Analysis - CodeQL, ESLint, type checking
+2. Test Suite (pass/fail) - red blocks; coverage % not measured this release
+3. Blind Code Review - 3 parallel reviewers + severity blocking (Critical/High = BLOCK; Medium/Low advisory)
+4. Anti-Sycophancy / Devil's Advocate - on unanimous PASS
+5. Mock Integrity Detector - HIGH blocks
+6. Test Mutation Detector - HIGH blocks
+7. Documentation Coverage
+8. Magic Modules Debate - BLOCK severity
+Conditional auditor (not numbered): backward-compatibility / legacy-healing-auditor (healing mode only).
 **Cursor:** Removed dedicated quality roles. Quote: "Dedicated integrator roles created more bottlenecks than they solved."
@@ -174,7 +177,7 @@ Cursor learned through failure:
 ### 3. Simplicity Principle
 > "A surprising amount of the system's behavior comes down to how we prompt the agents. The harness and models matter, but the prompts matter more."
-**Loki Mode:** More elaborate infrastructure (11 gates, 41 agent types, memory systems). May be over-engineered for some use cases.
+**Loki Mode:** More elaborate infrastructure (8 gates, 41 agent types, memory systems). May be over-engineered for some use cases.
 ---
@@ -192,7 +195,7 @@ We incorporated Cursor's proven patterns:
 ## Conclusion
 **Loki Mode is scientifically better in:**
-- Quality assurance (research-backed 11-gate system)
+- Quality assurance (research-backed 8-gate system)
 - Anti-sycophancy (CONSENSAGENT blind review)
 - Velocity-quality balance (arXiv metrics)
 - Full SDLC coverage (spec to growth -- PRD, GitHub issue, or YAML)

package/docs/dashboard-guide.md CHANGED Viewed

@@ -151,13 +151,15 @@ Progress bars for three memory types:
 Shows count and visual progress bar for each.
 #### Quality Gates
-6 quality gates with status icons:
-- **Static Analysis**: CodeQL/ESLint checks
-- **3-Reviewer**: Parallel blind review system
-- **Anti-Sycophancy**: Devil's advocate validation
-- **Test Coverage**: Unit test requirements
-- **Security Scan**: OWASP vulnerability check
-- **Performance**: Performance regression tests
+8 quality gates with status icons:
+- **Static Analysis**: CodeQL/ESLint/type-checker findings on the diff
+- **Test Suite**: Project test runner pass/fail (red blocks)
+- **Blind Code Review**: 3-reviewer council with severity blocking (Critical/High block, Medium/Low advisory)
+- **Anti-Sycophancy**: Devil's Advocate re-review on unanimous PASS
+- **Mock Integrity**: Tautological-assertion and mock-ratio detection
+- **Test Mutation**: Assertion-churn (test-fitting) detection
+- **Documentation Coverage**: README presence, docs freshness, API docs
+- **Magic Modules Debate**: Spec-vs-implementation debate on generated modules
 Status icons:
 - Checkmark (green): Passed

package/docs/enterprise/security.md CHANGED Viewed

@@ -68,11 +68,51 @@ For organizations using identity providers (Okta, Auth0, Azure AD), Loki Mode su
 ```bash
 export LOKI_OIDC_ISSUER="https://your-idp.okta.com/oauth2/default"
 export LOKI_OIDC_CLIENT_ID="your-client-id"
-export LOKI_OIDC_CLIENT_SECRET="your-client-secret"
-export LOKI_OIDC_REDIRECT_URI="http://localhost:57374/auth/callback"
+# Optional: audience override (defaults to LOKI_OIDC_CLIENT_ID)
+export LOKI_OIDC_AUDIENCE="your-api-audience"
 ```
-The system validates OIDC tokens against the issuer's JWKS endpoint and maps claims to Loki Mode roles.
+The system validates OIDC bearer tokens (presented as `Authorization: Bearer <jwt>`)
+against the issuer's JWKS endpoint. When PyJWT + cryptography are installed, the
+JWT signature is cryptographically verified (RS256/RS384/RS512) along with the
+issuer, audience, and expiry. Without PyJWT, tokens are rejected unless
+`LOKI_OIDC_SKIP_SIGNATURE_VERIFY=true` is set explicitly (insecure, local testing
+only).
+**Claims-to-roles mapping:**
+On a valid token, role/group claims are mapped to the four built-in Loki roles
+(`admin`, `operator`, `viewer`, `auditor`). The resolved role's scopes are then
+enforced through the same scope hierarchy used for API tokens. OIDC users are
+NOT granted full access by default.
+Recognized claim sources (case-insensitive; values may be a string,
+space-separated string, or list):
+| Claim | Provider |
+|-------|----------|
+| value of `LOKI_OIDC_ROLES_CLAIM` (supports dotted paths, e.g. `realm_access.roles`) | configurable |
+| `roles` | generic |
+| `groups` | generic |
+| `realm_access.roles` | Keycloak |
+| `cognito:groups` | AWS Cognito |
+Only claim values that exactly match a built-in role name (`admin`, `operator`,
+`viewer`, `auditor`) grant that role. Arbitrary group names (common in `groups`
+or `cognito:groups`) do not map to a role and fall through to the default.
+When multiple recognized roles are present, the highest-privilege match wins
+(precedence: `admin` > `operator` > `auditor` > `viewer`).
+**Default role (when no recognized role claim is present):**
+```bash
+# Defaults to the least-privileged role (viewer). Never admin.
+export LOKI_OIDC_DEFAULT_ROLE="viewer"
+```
+If `LOKI_OIDC_DEFAULT_ROLE` is unset or set to an unrecognized value, it falls
+back to `viewer`. The default is never `admin` / full access.
 ## Authorization

package/docs/prd-purple-lab-platform-v2.md CHANGED Viewed

@@ -86,7 +86,7 @@ Three review loops identified these critical gaps in v1 of this PRD:
 Tabbed panel below the editor (collapsible, resizable height):
 - **Build Log:** Real-time loki output (WebSocket, already works on HomePage)
 - **Agents:** Active agent cards with status (already built as AgentDashboard)
-- **Quality Gates:** 9-gate display (already built as QualityGatesPanel)
+- **Quality Gates:** 8-gate display (already built as QualityGatesPanel)
 - **AI Chat:** NEW -- text input that sends prompts to iterate on the project
 **2b. AI Chat (key differentiator)**

package/docs/prd-purple-lab-platform.md CHANGED Viewed

@@ -97,7 +97,7 @@ Loki Mode already has 75+ commands and 120+ API endpoints. The platform doesn't
 - **Terminal tab:** Real-time loki session output (already streamed via WebSocket)
 - **Agent Log tab:** Shows which agents are active, what they're working on (uses `/api/agents` and `/api/session/agents`)
 - **Build Output tab:** Structured build phases -- RARV cycle visualization, iteration count, current phase
-- **Quality Gates tab:** 9-gate status display (uses existing checklist/quality endpoints)
+- **Quality Gates tab:** 8-gate status display (uses existing checklist/quality endpoints)
 - **AI Chat tab:** Send messages to iterate on the project ("fix the login page", "add dark mode") -- triggers `loki start` with the prompt as PRD amendment
 **Header toolbar:**
@@ -182,12 +182,12 @@ This is the "Loki way" -- instead of just editing code, users can talk to the AI
 ### Quality Gates Panel
-Shows the 9 Loki quality gates in real-time:
+Shows the Loki quality gates and checks in real-time:
 1. Static Analysis (CodeQL/ESLint)
 2. 3-Reviewer Blind Review
 3. Anti-Sycophancy Check
 4. Severity Blocking (Critical/High)
-5. Test Coverage (>80%)
+5. Test Suite (pass/fail; coverage % not measured this release)
 6. Security Scan (OWASP)
 7. Performance Check
 8. Mock Detector

package/docs/show-hn-post.md CHANGED Viewed

@@ -2,7 +2,7 @@
 ## Title
-Show HN: Loki Mode - PRD in, tested code out (41 agent roles, 9 quality gates, RARV self-verification)
+Show HN: Loki Mode - PRD in, tested code out (41 agent roles, 8 quality gates, RARV self-verification)
 ## Body
@@ -24,7 +24,7 @@ I built Loki Mode because I got tired of the copy-paste loop between AI coding a
 **Test suite:** 683 npm tests, 631 pytest tests, 16 shell tests. Self-reported HumanEval score of 162/164 (98.78%).
-Built solo. MIT licensed.
+Built solo. BUSL-1.1 source-available.
 ## Try it
@@ -40,7 +40,7 @@ Integrations: Jira, Slack, Teams, GitHub Actions.
 ## Feedback wanted
-- Is the 9-gate quality system overkill, or does it actually help for your use cases?
+- Is the 8-gate quality system overkill, or does it actually help for your use cases?
 - How do you handle the tension between autonomous agent speed and code review thoroughness?
 - What PRD complexity level breaks this approach? I have hit walls with highly coupled distributed systems.

package/loki-ts/dist/loki.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-var n6=Object.defineProperty;var a6=($)=>$;function s6($,Q){this[$]=a6.bind(null,Q)}var h=($,Q)=>{for(var Z in Q)n6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:s6.bind(Q,Z)})};var L=($,Q)=>()=>($&&(Q=$($=0)),Q);var K$=import.meta.require;var S1={};h(S1,{lokiDir:()=>P,homeLokiDir:()=>o$,findRepoRootForVersion:()=>d$,REPO_ROOT:()=>m});import{resolve as n,dirname as l$}from"path";import{fileURLToPath as t6}from"url";import{existsSync as P$}from"fs";import{homedir as r6}from"os";function i6(){let $=N1;for(let Q=0;Q<6;Q++){if(P$(n($,"VERSION"))&&P$(n($,"autonomy/run.sh")))return $;let Z=l$($);if(Z===$)break;$=Z}return n(N1,"..","..","..")}function d$($){let Q=$;for(let Z=0;Z<6;Z++){if(P$(n(Q,"VERSION"))&&P$(n(Q,"autonomy/run.sh")))return Q;let z=l$(Q);if(z===Q)break;Q=z}return n($,"..","..","..")}function P(){return process.env.LOKI_DIR??n(process.cwd(),".loki")}function o$(){return n(r6(),".loki")}var N1,m;var C=L(()=>{N1=l$(t6(import.meta.url));m=i6()});import{readFileSync as e6}from"fs";import{resolve as $Q,dirname as QQ}from"path";import{fileURLToPath as ZQ}from"url";function F$(){if($$!==null)return $$;let $="7.45.1";if(typeof $==="string"&&$.length>0)return $$=$,$$;try{let Q=QQ(ZQ(import.meta.url)),Z=d$(Q);$$=e6($Q(Z,"VERSION"),"utf-8").trim()}catch{$$="unknown"}return $$}var $$=null;var n$=L(()=>{C()});var C1={};h(C1,{runOrThrow:()=>zQ,run:()=>j,commandVersion:()=>KQ,commandExists:()=>f,ShellError:()=>a$});async function j($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[W,K,U]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:W,stderr:K,exitCode:U}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function zQ($,Q={}){let Z=await j($,Q);if(Z.exitCode!==0)throw new a$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=XQ($),Z=await j(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function XQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function KQ($,Q="--version"){if(!await f($))return null;let z=await j([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var a$;var d=L(()=>{a$=class a$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function a($){return WQ?"":$}var WQ,T,S,I,TZ,w,R,y,q;var c=L(()=>{WQ=(process.env.NO_COLOR??"").length>0;T=a("\x1B[0;31m"),S=a("\x1B[0;32m"),I=a("\x1B[1;33m"),TZ=a("\x1B[0;34m"),w=a("\x1B[0;36m"),R=a("\x1B[1m"),y=a("\x1B[2m"),q=a("\x1B[0m")});import{existsSync as TQ}from"fs";async function Q$(){if(B$!==void 0)return B$;let $="/opt/homebrew/bin/python3.12";if(TQ($))return B$=$,$;let Q=await f("python3.12");if(Q)return B$=Q,Q;let Z=await f("python3");return B$=Z,Z}async function Z$($,Q={}){let Z=await Q$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return j([Z,"-c",$],Q)}var B$;var W$=L(()=>{d()});var t1={};h(t1,{runStatus:()=>gQ});import{existsSync as v,readFileSync as U$,readdirSync as l1,statSync as d1}from"fs";import{resolve as D,basename as xQ}from"path";import{homedir as NQ}from"os";async function DQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${q}
+var n6=Object.defineProperty;var a6=($)=>$;function s6($,Q){this[$]=a6.bind(null,Q)}var h=($,Q)=>{for(var Z in Q)n6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:s6.bind(Q,Z)})};var L=($,Q)=>()=>($&&(Q=$($=0)),Q);var K$=import.meta.require;var S1={};h(S1,{lokiDir:()=>P,homeLokiDir:()=>o$,findRepoRootForVersion:()=>d$,REPO_ROOT:()=>m});import{resolve as n,dirname as l$}from"path";import{fileURLToPath as t6}from"url";import{existsSync as P$}from"fs";import{homedir as r6}from"os";function i6(){let $=N1;for(let Q=0;Q<6;Q++){if(P$(n($,"VERSION"))&&P$(n($,"autonomy/run.sh")))return $;let Z=l$($);if(Z===$)break;$=Z}return n(N1,"..","..","..")}function d$($){let Q=$;for(let Z=0;Z<6;Z++){if(P$(n(Q,"VERSION"))&&P$(n(Q,"autonomy/run.sh")))return Q;let z=l$(Q);if(z===Q)break;Q=z}return n($,"..","..","..")}function P(){return process.env.LOKI_DIR??n(process.cwd(),".loki")}function o$(){return n(r6(),".loki")}var N1,m;var C=L(()=>{N1=l$(t6(import.meta.url));m=i6()});import{readFileSync as e6}from"fs";import{resolve as $Q,dirname as QQ}from"path";import{fileURLToPath as ZQ}from"url";function F$(){if($$!==null)return $$;let $="7.47.0";if(typeof $==="string"&&$.length>0)return $$=$,$$;try{let Q=QQ(ZQ(import.meta.url)),Z=d$(Q);$$=e6($Q(Z,"VERSION"),"utf-8").trim()}catch{$$="unknown"}return $$}var $$=null;var n$=L(()=>{C()});var C1={};h(C1,{runOrThrow:()=>zQ,run:()=>j,commandVersion:()=>KQ,commandExists:()=>f,ShellError:()=>a$});async function j($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[W,K,U]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:W,stderr:K,exitCode:U}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function zQ($,Q={}){let Z=await j($,Q);if(Z.exitCode!==0)throw new a$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=XQ($),Z=await j(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function XQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function KQ($,Q="--version"){if(!await f($))return null;let z=await j([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var a$;var d=L(()=>{a$=class a$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function a($){return WQ?"":$}var WQ,T,S,I,TZ,w,R,y,q;var c=L(()=>{WQ=(process.env.NO_COLOR??"").length>0;T=a("\x1B[0;31m"),S=a("\x1B[0;32m"),I=a("\x1B[1;33m"),TZ=a("\x1B[0;34m"),w=a("\x1B[0;36m"),R=a("\x1B[1m"),y=a("\x1B[2m"),q=a("\x1B[0m")});import{existsSync as TQ}from"fs";async function Q$(){if(B$!==void 0)return B$;let $="/opt/homebrew/bin/python3.12";if(TQ($))return B$=$,$;let Q=await f("python3.12");if(Q)return B$=Q,Q;let Z=await f("python3");return B$=Z,Z}async function Z$($,Q={}){let Z=await Q$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return j([Z,"-c",$],Q)}var B$;var W$=L(()=>{d()});var t1={};h(t1,{runStatus:()=>gQ});import{existsSync as v,readFileSync as U$,readdirSync as l1,statSync as d1}from"fs";import{resolve as D,basename as xQ}from"path";import{homedir as NQ}from"os";async function DQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${q}
 `),process.stdout.write(`Install with:
 `),process.stdout.write(`  brew install jq    (macOS)
 `),process.stdout.write(`  apt install jq     (Debian/Ubuntu)
@@ -789,4 +789,4 @@ Set LOKI_LEGACY_BASH=1 to force the bash CLI for every command.
 `),2}default:return process.stderr.write(`Unknown command: ${Q}
 `),process.stderr.write(o6),2}}p1();process.on("SIGINT",()=>process.exit(130));process.on("SIGTERM",()=>process.exit(143));var ZZ=await QZ(Bun.argv.slice(2));process.exit(ZZ);
-//# debugId=91DA611FDFEA183B64756E2164756E21
+//# debugId=3DD935606FD979EE64756E2164756E21

package/mcp/__init__.py CHANGED Viewed

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
-__version__ = '7.45.1'
+__version__ = '7.47.0'

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "loki-mode",
   "mcpName": "io.github.asklokesh/loki-mode",
-  "version": "7.45.1",
-  "description": "Loki Mode by Autonomi. Autonomous spec-to-product system: takes a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief to a deployed app via the RARV-C closure loop with 11 quality gates. Provider-agnostic (Claude Code, OpenAI Codex, Cline, Aider).",
+  "version": "7.47.0",
+  "description": "Loki Mode by Autonomi. Autonomous spec-to-product system: takes a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief to a deployed app via the RARV-C closure loop with 8 quality gates. Provider-agnostic (Claude Code, OpenAI Codex, Cline, Aider).",
   "keywords": [
     "agent",
     "agent-orchestration",

package/plugins/loki-mode/.claude-plugin/plugin.json CHANGED Viewed

@@ -2,8 +2,8 @@
   "$schema": "https://json.schemastore.org/claude-code-plugin-manifest.json",
   "name": "loki-mode",
   "displayName": "Loki Mode",
-  "version": "7.45.1",
-  "description": "Autonomous spec-to-product build system with a built-in trust layer (RARV-C closure loop, 11 quality gates, completion council). Ships Loki's spec-hardening, drift-detection, and deterministic PR verification commands plus the Loki MCP server.",
+  "version": "7.47.0",
+  "description": "Autonomous spec-to-product build system with a built-in trust layer (RARV-C closure loop, 8 quality gates, completion council). Ships Loki's spec-hardening, drift-detection, and deterministic PR verification commands plus the Loki MCP server.",
   "author": {
     "name": "Autonomi",
     "url": "https://www.autonomi.dev/"

package/plugins/loki-mode/README.md CHANGED Viewed

@@ -1,7 +1,7 @@
 # Loki Mode plugin for Claude Code
 Loki Mode is the autonomous spec-to-product build system with a built-in trust
-layer (RARV-C closure loop, 11 quality gates, completion council). This plugin
+layer (RARV-C closure loop, 8 quality gates, completion council). This plugin
 brings Loki's spec-hardening, drift-detection, and deterministic PR verification
 into Claude Code as slash commands, and wires up the Loki MCP server.

package/references/magic-rarv-integration.md CHANGED Viewed

@@ -84,4 +84,4 @@ PRD says: "Add a login form with email, password, and submit button."
 - `skills/magic-modules.md` -- skill module for agents
 - `references/magic-modules-patterns.md` -- full API and pattern reference
 - `references/memory-system.md` -- memory engine details
-- `skills/quality-gates.md` -- all 12 gates documented
+- `skills/quality-gates.md` -- all 8 deterministic quality gates documented

package/references/quality-control.md CHANGED Viewed

@@ -240,15 +240,15 @@ This diversity prevents groupthink and catches more issues.
 |----------|--------|-----------|
 | **Critical** | BLOCK - Fix immediately | NO |
 | **High** | BLOCK - Fix immediately | NO |
-| **Medium** | BLOCK - Fix before proceeding | NO |
+| **Medium** | Advisory - Add `// TODO(review): ...` comment | YES |
 | **Low** | Add `// TODO(review): ...` comment | YES |
 | **Cosmetic** | Add `// FIXME(nitpick): ...` comment | YES |
-**Critical/High/Medium = BLOCK and fix before proceeding**
-**Low/Cosmetic = Add TODO/FIXME comment, continue**
+**Critical/High = BLOCK and fix before proceeding**
+**Medium/Low/Cosmetic = Add TODO/FIXME comment, continue (advisory)**
 ### 4. Test Coverage Gates
-- Unit tests: 100% pass, >80% coverage
+- Unit tests: 100% pass (coverage % not measured in this release)
 - Integration tests: 100% pass
 - E2E tests: critical flows pass
@@ -445,7 +445,7 @@ Quality gates are enforced by `autonomy/CONSTITUTION.md`:
 **Pre-Commit (BLOCKING):**
 - Linting (auto-fix enabled)
 - Type checking (strict mode)
-- Contract tests (80% coverage minimum)
+- Contract tests (coverage % not enforced as a gate)
 - Spec validation (Spectral)
 **Post-Implementation (AUTO-FIX):**

package/references/sdlc-phases.md CHANGED Viewed

@@ -233,8 +233,7 @@ npm run test:unit
 # or
 pytest tests/unit/
 ```
-- Coverage: >80% required
-- All tests must pass
+- All tests must pass (coverage % not measured in this release)
 **INTEGRATION Phase:**
 ```bash

package/skills/00-index.md CHANGED Viewed

@@ -48,7 +48,7 @@
 ### quality-gates.md
 **When:** Code review, pre-commit checks, quality assurance
-- 11-gate quality system (Gate 10: backward compatibility for healing; Gate 11: documentation coverage, v6.75.0)
+- 8-gate quality system (gate 7: documentation coverage, v6.75.0; backward compatibility is a conditional healing-mode auditor, not numbered)
 - Blind review + anti-sycophancy
 - Velocity-quality feedback loop (arXiv research)
 - Mandatory quality checks per task

package/skills/artifacts.md CHANGED Viewed

@@ -36,7 +36,7 @@ format: "markdown"
 contents:
   - Phase name and duration
   - Tasks completed (from queue)
-  - Quality gate results (9 gates)
+  - Quality gate results (8 gates)
   - Coverage metrics
   - Known issues / TODOs
 ```

package/skills/healing.md CHANGED Viewed

@@ -43,7 +43,7 @@ friction_detection:
   rule: "Before 'fixing' any quirk, verify it is not an undocumented business rule"
   action: "Document in .loki/healing/friction-map.json"
   classification:
-    business_rule: "Keep and document. Gate 10 blocks removal."
+    business_rule: "Keep and document. The backward-compatibility / legacy-healing auditor (healing mode) blocks removal."
     true_bug: "Fix with characterization test proving the fix."
     unknown: "Keep until classified. NEVER remove unknown friction."
 ```

package/skills/magic-modules.md CHANGED Viewed

@@ -84,8 +84,8 @@ The combination means: specs drive generation, debate drives quality, and the re
 ### With Quality Gates
-- Gate 11 (documentation coverage) now includes component docs -- each spec becomes part of COMPONENTS.md
-- Gate 5 (test coverage) applies to generated tests in `.loki/magic/generated/tests/`
+- Gate 7 (documentation coverage) now includes component docs -- each spec becomes part of COMPONENTS.md
+- Gate 2 (test suite) applies to generated tests in `.loki/magic/generated/tests/`
 - A new healing-style hook blocks merging when a component's spec has been manually edited but the implementation was not regenerated
 ---
@@ -190,7 +190,7 @@ loki magic diff Button
 |-------|-------------|
 | `skills/healing.md` | Healing-style hooks protect spec edits; friction-map tracks manually edited generated files |
 | `skills/documentation.md` | Component specs feed COMPONENTS.md; registry feeds ARCHITECTURE.md |
-| `skills/quality-gates.md` | Gate 11 includes component doc coverage; debate block = gate failure |
+| `skills/quality-gates.md` | Gate 7 includes component doc coverage; Magic Modules debate (gate 8) block = gate failure |
 | `skills/agents.md` | `component-designer`, `a11y-auditor` agent types map to personas |
 | `skills/testing.md` | Generated Vitest and Playwright tests execute under the normal test gates |
 | `skills/artifacts.md` | Generated components count as artifacts and flow through the artifact pipeline |