loki-mode 7.5.14 → 7.5.16

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.5.14
+# Loki Mode v7.5.16
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -381,4 +381,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.5.14 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.5.16 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.5.14
+7.5.16

package/autonomy/completion-council.sh

@@ -470,12 +470,171 @@ with open(state_file, 'w') as f:
         "threshold=$effective_threshold" \
         "result=$([ $approve_count -ge $effective_threshold ] && echo 'APPROVED' || echo 'REJECTED')" 2>/dev/null || true
 
+    # Write transcript for this council round (Path A: council_vote path)
+    local _ct_outcome
+    _ct_outcome=$([ $approve_count -ge $effective_threshold ] && echo "APPROVED" || echo "REJECTED")
+    local _ct_triggered="false"
+    local _ct_flipped="false"
+    if [ $approve_count -eq $COUNCIL_SIZE ] && [ $COUNCIL_SIZE -ge 2 ]; then
+        _ct_triggered="true"
+    fi
+    # contrarian_flipped: DA voted REJECT/CANNOT_VALIDATE causing approve_count drop
+    # Detect by checking if approve dropped from unanimous (COUNCIL_SIZE) to less
+    # We infer flip if triggered AND final approve < COUNCIL_SIZE
+    if [ "$_ct_triggered" = "true" ] && [ $approve_count -lt $COUNCIL_SIZE ]; then
+        _ct_flipped="true"
+    fi
+    council_write_transcript "${ITERATION_COUNT:-0}" "$_ct_outcome" "$_ct_triggered" "$_ct_flipped"
+
     if [ $approve_count -ge $effective_threshold ]; then
         return 0  # Council says DONE
     fi
     return 1  # Council says CONTINUE
 }
 
+#===============================================================================
+# Council Transcript Writer - persists per-iteration council round as JSON
+#
+# Arguments:
+#   $1 - iteration number
+#   $2 - outcome: APPROVED | REJECTED | BLOCKED_BY_GATE
+#   $3 - contrarian_triggered: true | false
+#   $4 - contrarian_flipped: true | false
+#
+# Output: .loki/council/transcripts/iter-<N>-<TIMESTAMP>.json
+#===============================================================================
+
+council_write_transcript() {
+    local iteration="${1:-${ITERATION_COUNT:-0}}"
+    local outcome="${2:-REJECTED}"
+    local contrarian_triggered="${3:-false}"
+    local contrarian_flipped="${4:-false}"
+    local timestamp
+    timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+    # Remove colons and hyphens from timestamp for filename safety
+    local ts_safe="${timestamp//[:\-]/}"
+    local iteration_id="iter-${iteration}-${ts_safe}"
+    local transcript_dir="$COUNCIL_STATE_DIR/transcripts"
+    mkdir -p "$transcript_dir"
+    local transcript_file="$transcript_dir/${iteration_id}.json"
+
+    # Read prd preview from state or prd file
+    local task_or_prd=""
+    if [ -n "$COUNCIL_PRD_PATH" ] && [ -f "$COUNCIL_PRD_PATH" ]; then
+        task_or_prd=$(head -5 "$COUNCIL_PRD_PATH" | tr '\n' ' ' | cut -c1-200)
+    fi
+
+    local round_file="$COUNCIL_STATE_DIR/votes/round-${iteration}.json"
+    local da_file="$COUNCIL_STATE_DIR/votes/devils-advocate-round-${iteration}.json"
+
+    _IT="$iteration" _TS="$timestamp" _IID="$iteration_id" \
+    _OUTCOME="$outcome" _CT="$contrarian_triggered" _CF="$contrarian_flipped" \
+    _TASK="$task_or_prd" _PRD="${COUNCIL_PRD_PATH:-}" \
+    _ROUND_FILE="${round_file}" _DA_FILE="${da_file}" \
+    _MEMBERS_DIR="$COUNCIL_STATE_DIR/votes/iteration-${iteration}" \
+    _OUT="$transcript_file" \
+    python3 -c "
+import json, os, pathlib, re
+
+iteration_id = os.environ['_IID']
+voters = []
+
+# Priority 1: structured round file (Path B -- council_aggregate_votes)
+rfile = pathlib.Path(os.environ['_ROUND_FILE'])
+if rfile.exists():
+    try:
+        rd = json.loads(rfile.read_text())
+        for v in rd.get('votes', []):
+            voters.append({
+                'name': v.get('role', 'unknown'),
+                'role_index': v.get('member', 0),
+                'verdict': 'APPROVE' if v.get('vote') == 'COMPLETE' else 'REJECT',
+                'reasoning': v.get('reason', ''),
+                'issues': [],
+                'is_contrarian': False,
+            })
+    except Exception:
+        pass
+
+# Priority 2: member txt files (Path A -- council_vote)
+if not voters:
+    mdir = pathlib.Path(os.environ['_MEMBERS_DIR'])
+    roles = ['requirements_verifier', 'test_auditor', 'devils_advocate']
+    if mdir.exists():
+        for mf in sorted(mdir.glob('member-*.txt')):
+            content = mf.read_text(errors='replace').strip()
+            vote_match = re.search(r'VOTE\s*:\s*(APPROVE|REJECT|CANNOT_VALIDATE)', content)
+            reason_match = re.search(r'REASON\s*:\s*(.+?)(?:\n|\$)', content)
+            issues = []
+            for im in re.finditer(r'ISSUES\s*:\s*(CRITICAL|HIGH|MEDIUM|LOW)\s*:\s*(.+?)(?:\n|\$)', content):
+                issues.append({'severity': im.group(1), 'description': im.group(2).strip()})
+            idx = int(re.sub(r'\D', '', mf.stem) or '0') - 1
+            role = roles[idx % len(roles)] if idx >= 0 else 'unknown'
+            voters.append({
+                'name': role,
+                'role_index': idx + 1,
+                'verdict': vote_match.group(1) if vote_match else 'REJECT',
+                'reasoning': reason_match.group(1).strip() if reason_match else '',
+                'issues': issues,
+                'is_contrarian': False,
+            })
+
+# Add DA voter if triggered
+ct = os.environ['_CT'] == 'true'
+cf = os.environ['_CF'] == 'true'
+if ct:
+    da_challenges = []
+    dafile = pathlib.Path(os.environ['_DA_FILE'])
+    if dafile.exists():
+        try:
+            da = json.loads(dafile.read_text())
+            details = da.get('details', '')
+            if details and details != 'none':
+                da_challenges = [d.strip() for d in details.split(';') if d.strip()]
+        except Exception:
+            pass
+    # Also check contrarian.txt for reasoning
+    cfile = pathlib.Path(os.environ['_MEMBERS_DIR']) / 'contrarian.txt'
+    da_reasoning = ''
+    da_verdict = 'REJECT' if cf else 'APPROVE'
+    if cfile.exists():
+        content = cfile.read_text(errors='replace').strip()
+        reason_match = re.search(r'REASON\s*:\s*(.+?)(?:\n|\$)', content)
+        if reason_match:
+            da_reasoning = reason_match.group(1).strip()
+    voters.append({
+        'name': 'devils_advocate',
+        'role_index': len(voters) + 1,
+        'verdict': da_verdict,
+        'reasoning': da_reasoning,
+        'issues': [],
+        'challenges': da_challenges,
+        'is_contrarian': True,
+        'triggered': True,
+    })
+
+task_or_prd = os.environ.get('_TASK', '')[:200]
+non_contrarian = [v for v in voters if not v.get('is_contrarian')]
+transcript = {
+    'iteration_id': iteration_id,
+    'iteration': int(os.environ['_IT']),
+    'timestamp': os.environ['_TS'],
+    'task_or_prd': task_or_prd,
+    'prd_path': os.environ.get('_PRD', ''),
+    'voters': voters,
+    'outcome': os.environ['_OUTCOME'],
+    'contrarian_triggered': ct,
+    'contrarian_flipped': cf,
+    'approve_count': sum(1 for v in non_contrarian if v.get('verdict') == 'APPROVE'),
+    'reject_count': sum(1 for v in non_contrarian if v.get('verdict') in ('REJECT', 'CANNOT_VALIDATE')),
+    'threshold': 2,
+    'total_members': len(non_contrarian),
+}
+with open(os.environ['_OUT'], 'w') as f:
+    json.dump(transcript, f, indent=2)
+" || log_warn "Failed to write council transcript"
+}
+
 #===============================================================================
 # Evidence Gathering - Collect data for council review
 #===============================================================================
@@ -1372,14 +1531,23 @@ council_evaluate() {
             da_result=$(council_devils_advocate_review "$ITERATION_COUNT")
             if [ "$da_result" = "OVERRIDE_CONTINUE" ]; then
                 log_warn "Council evaluate: devil's advocate overrode unanimous COMPLETE"
+                # Write transcript: DA triggered and flipped the outcome (Path B)
+                council_write_transcript "${ITERATION_COUNT:-0}" "REJECTED" "true" "true"
                 return 1  # CONTINUE
             fi
+            # Write transcript: DA triggered but did NOT flip (Path B, unanimous COMPLETE confirmed)
+            council_write_transcript "${ITERATION_COUNT:-0}" "APPROVED" "true" "false"
+        else
+            # Write transcript: not unanimous, DA not triggered (Path B)
+            council_write_transcript "${ITERATION_COUNT:-0}" "APPROVED" "false" "false"
         fi
 
         log_info "Council evaluate: verdict is COMPLETE"
         return 0  # COMPLETE (should stop)
     fi
 
+    # Write transcript: aggregate voted CONTINUE (Path B)
+    council_write_transcript "${ITERATION_COUNT:-0}" "REJECTED" "false" "false"
     log_info "Council evaluate: verdict is CONTINUE"
     return 1  # CONTINUE
 }

package/autonomy/loki

@@ -3096,6 +3096,11 @@ cmd_dashboard_help() {
     echo ""
     echo "Usage: loki dashboard <command> [options]"
     echo ""
+    echo "Note: 'loki dashboard' is the operations/observability UI (port ${DASHBOARD_DEFAULT_PORT})."
+    echo "      It is NOT the same as 'loki web' (Purple Lab, port ${PURPLE_LAB_DEFAULT_PORT}, where you input PRDs)."
+    echo "      Use 'loki dashboard' to monitor agents, tasks, costs, council, escalations."
+    echo "      Use 'loki web' to submit a PRD and watch agents build."
+    echo ""
     echo "Commands:"
     echo "  start    Start the dashboard server"
     echo "  stop     Stop the dashboard server"
@@ -3644,6 +3649,11 @@ cmd_web_help() {
     echo ""
     echo "Usage: loki web [command] [options]"
     echo ""
+    echo "Note: 'loki web' is Purple Lab (the PRD-input/build-watch UI, port ${PURPLE_LAB_DEFAULT_PORT})."
+    echo "      It is NOT the same as 'loki dashboard' (operations UI, port ${DASHBOARD_DEFAULT_PORT})."
+    echo "      Use 'loki web' to submit a PRD and watch agents build it."
+    echo "      Use 'loki dashboard' to monitor running agents, tasks, costs, council, escalations."
+    echo ""
     echo "Commands:"
     echo "  start    Start Purple Lab (default)"
     echo "  stop     Stop Purple Lab server"
@@ -6961,6 +6971,20 @@ if disk_gb is not None:
     elif disk_gb < 5:
         disk_status = 'warn'
 
+# v7.5.15: expose the sentrux architectural-drift gate state in --json so
+# dashboards/automation can surface it the same way the text-mode block does
+# (added in v7.5.14). Sibling of checks/disk -- intentionally not counted in
+# the summary tally to keep summary numbers backwards-compatible.
+sentrux_found = shutil.which('sentrux') is not None
+sentrux_version = get_version('sentrux') if sentrux_found else None
+sentrux_status = 'pass' if sentrux_found else 'warn'
+sentrux = {
+    'found': sentrux_found,
+    'version': sentrux_version,
+    'status': sentrux_status,
+    'required': 'optional'
+}
+
 pass_count = sum(1 for c in checks if c['status'] == 'pass')
 fail_count = sum(1 for c in checks if c['status'] == 'fail')
 warn_count = sum(1 for c in checks if c['status'] == 'warn')
@@ -6975,6 +6999,7 @@ result = {
         'available_gb': disk_gb,
         'status': disk_status
     },
+    'sentrux': sentrux,
     'summary': {
         'passed': pass_count,
         'failed': fail_count,
@@ -7011,7 +7036,18 @@ cmd_sentrux() {
 
     local sub="${1:-help}"
     if [ "$#" -gt 0 ]; then shift; fi
-    local target="${1:-.}"
+
+    # Parse --force flag (used by init-rules); collect remaining args into target.
+    local force=0
+    local positional=()
+    while [ "$#" -gt 0 ]; do
+        case "$1" in
+            --force|-f) force=1; shift ;;
+            --) shift; while [ "$#" -gt 0 ]; do positional+=("$1"); shift; done ;;
+            *) positional+=("$1"); shift ;;
+        esac
+    done
+    local target="${positional[0]:-.}"
 
     case "$sub" in
         baseline)
@@ -7075,13 +7111,75 @@ cmd_sentrux() {
             fi
             return 0
             ;;
+        init-rules)
+            # Scaffold a conservative default .sentrux/rules.toml in <target>/.sentrux/.
+            # Does not require sentrux binary -- the file is plain text.
+            local rules_dir="$target/.sentrux"
+            local rules_file="$rules_dir/rules.toml"
+            local abs_path
+            if [ -e "$rules_file" ] && [ "$force" -ne 1 ]; then
+                echo -e "${YELLOW}Refusing to overwrite existing $rules_file${NC}" >&2
+                echo "  Re-run with --force to replace it." >&2
+                return 1
+            fi
+            if ! mkdir -p "$rules_dir" 2>/dev/null; then
+                echo -e "${RED}Failed to create $rules_dir${NC}" >&2
+                return 2
+            fi
+            if ! cat > "$rules_file" <<'SENTRUX_RULES_EOF'
+# Sentrux architectural rules scaffolded by `loki sentrux init-rules` (Loki Mode v7.5.15).
+# Conservative defaults -- tighten per-project as needed.
+# See https://github.com/sentrux/sentrux for full spec.
+
+[constraints]
+# Block any iteration that introduces an import cycle.
+max_cycles = 0
+# Block files that grow into "god files" (very high churn + many dependents).
+no_god_files = true
+# Cap cyclomatic complexity per function (sentrux default is liberal).
+max_cc = 30
+
+# Layer enforcement is project-specific. Uncomment + edit when you know the
+# layout you want enforced. Example for a typical app:
+#
+# [[layers]]
+# name = "core"
+# paths = ["src/core/*"]
+# order = 0
+#
+# [[layers]]
+# name = "app"
+# paths = ["src/app/*"]
+# order = 2
+#
+# [[boundaries]]
+# from = "src/app/*"
+# to = "src/core/internal/*"
+# reason = "app must not depend on core internals"
+SENTRUX_RULES_EOF
+            then
+                echo -e "${RED}Failed to write $rules_file${NC}" >&2
+                return 2
+            fi
+            # Resolve absolute path for friendly output (portable across macOS/Linux).
+            if command -v python3 >/dev/null 2>&1; then
+                abs_path=$(python3 -c "import os,sys; print(os.path.abspath(sys.argv[1]))" "$rules_file" 2>/dev/null || echo "$rules_file")
+            else
+                abs_path=$(cd "$(dirname "$rules_file")" 2>/dev/null && pwd)/$(basename "$rules_file")
+            fi
+            echo -e "${GREEN}Wrote $abs_path${NC}"
+            echo "Edit it to add layer/boundary rules, then run: loki sentrux baseline $target"
+            return 0
+            ;;
         help|--help|-h|"")
             echo -e "${BOLD}loki sentrux${NC} - Architectural drift gate (opt-in, requires sentrux binary)"
             echo ""
             echo "Usage:"
-            echo "  loki sentrux baseline [<path>]   Save current architecture as baseline"
-            echo "  loki sentrux gate     [<path>]   Compare current vs baseline (exit 1 on DEGRADED)"
-            echo "  loki sentrux status   [<path>]   Show binary version + saved baseline quality"
+            echo "  loki sentrux baseline   [<path>]         Save current architecture as baseline"
+            echo "  loki sentrux gate       [<path>]         Compare current vs baseline (exit 1 on DEGRADED)"
+            echo "  loki sentrux status     [<path>]         Show binary version + saved baseline quality"
+            echo "  loki sentrux init-rules [<path>] [--force]"
+            echo "                                           Scaffold a default .sentrux/rules.toml"
             echo ""
             echo "Default path is the current directory."
             echo ""

package/autonomy/run.sh

@@ -5916,6 +5916,29 @@ except (json.JSONDecodeError, FileNotFoundError, OSError):
 # Results stored in .loki/quality/test-results.json
 # ============================================================================
 
+# v7.5.15 (Triage #14): wrap pytest with a configurable timeout so a
+# deadlocked or infinite-loop test under /test cannot hang the gate
+# indefinitely. Uses `timeout` on Linux, `gtimeout` (coreutils) on macOS,
+# and degrades gracefully if neither is available (logs a warning, runs
+# unbounded). Configurable via LOKI_PYTEST_TIMEOUT (default 300s).
+#
+# Usage: _loki_run_pytest_with_timeout <target_dir> [pytest_args...]
+# Stdout: combined pytest output
+# Exit: 0 on pass, non-zero on fail. Exit 124 indicates the timeout fired.
+_loki_run_pytest_with_timeout() {
+    local target_dir="$1"; shift
+    local pytest_timeout="${LOKI_PYTEST_TIMEOUT:-${LOKI_GATE_TIMEOUT:-300}}"
+    local _to_cmd=()
+    if command -v gtimeout >/dev/null 2>&1; then
+        _to_cmd=(gtimeout "${pytest_timeout}s")
+    elif command -v timeout >/dev/null 2>&1; then
+        _to_cmd=(timeout "${pytest_timeout}s")
+    else
+        log_warn "Neither gtimeout nor timeout available; pytest gate will run unbounded (install coreutils on macOS)"
+    fi
+    (cd "$target_dir" && "${_to_cmd[@]}" pytest "$@" 2>&1)
+}
+
 enforce_test_coverage() {
     local loki_dir="${TARGET_DIR:-.}/.loki"
     local quality_dir="$loki_dir/quality"
@@ -6037,9 +6060,19 @@ enforce_test_coverage() {
         fi
         if [ "$has_python_project" = "true" ] && command -v pytest &>/dev/null; then
             test_runner="pytest"
-            local output
-            output=$(cd "${TARGET_DIR:-.}" && pytest --tb=short 2>&1) || test_passed=false
-            details="pytest: $(echo "$output" | tail -5 | tr '\n' ' ')"
+            local output pytest_exit
+            # v7.5.15 (Triage #14): wrapped with configurable timeout via helper.
+            output=$(_loki_run_pytest_with_timeout "${TARGET_DIR:-.}" --tb=short)
+            pytest_exit=$?
+            if [ "$pytest_exit" -eq 124 ]; then
+                local _pt_to="${LOKI_PYTEST_TIMEOUT:-${LOKI_GATE_TIMEOUT:-300}}"
+                test_passed=false
+                log_warn "pytest gate timed out after ${_pt_to}s (exit 124)"
+                details="pytest: TIMED OUT after ${_pt_to}s -- $(echo "$output" | tail -3 | tr '\n' ' ')"
+            else
+                [ "$pytest_exit" -ne 0 ] && test_passed=false
+                details="pytest: $(echo "$output" | tail -5 | tr '\n' ' ')"
+            fi
         fi
     fi
 
@@ -10487,11 +10520,79 @@ PRD_PARSE_EOF
 # Main Autonomous Loop
 #===============================================================================
 
+#-------------------------------------------------------------------------------
+# Sentrux architectural-drift gate hooks (v7.5.15).
+#
+# Opt-in via LOKI_SENTRUX_GATE=1. Default OFF -- zero behavior change for users
+# who don't opt in. The helper at autonomy/lib/sentrux-gate.sh is sourced inside
+# run_autonomous() under the same guard. Both hook functions no-op silently if
+# the helper is not loaded or the sentrux binary is not on PATH.
+#-------------------------------------------------------------------------------
+_loki_sentrux_iteration_start() {
+    local target="${1:-${TARGET_DIR:-.}}"
+    if [ "${LOKI_SENTRUX_GATE:-0}" != "1" ]; then
+        return 0
+    fi
+    if ! type sentrux_available >/dev/null 2>&1 || ! sentrux_available; then
+        return 0
+    fi
+    sentrux_baseline_save "$target" >/dev/null 2>&1 || true
+    return 0
+}
+
+_loki_sentrux_iteration_end() {
+    local iter="${1:-0}"
+    local target="${2:-${TARGET_DIR:-.}}"
+    if [ "${LOKI_SENTRUX_GATE:-0}" != "1" ]; then
+        return 0
+    fi
+    if ! type sentrux_available >/dev/null 2>&1 || ! sentrux_available; then
+        return 0
+    fi
+    local diff before after verdict
+    diff=$(sentrux_gate_diff "$target" 2>/dev/null || true)
+    if [ -z "$diff" ]; then
+        return 0
+    fi
+    before="${diff%%|*}"
+    local rest="${diff#*|}"
+    after="${rest%%|*}"
+    verdict="${rest#*|}"
+    if type log_info >/dev/null 2>&1; then
+        log_info "sentrux gate iter=$iter verdict=$verdict before=${before:-?} after=${after:-?}"
+    fi
+    if [ "$verdict" = "DEGRADED" ]; then
+        local state_dir="$target/.loki/state"
+        mkdir -p "$state_dir" 2>/dev/null || true
+        local finding_path="$state_dir/findings-sentrux-${iter}.json"
+        local ts
+        ts=$(date -u +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null || echo "")
+        local before_json="${before:-0}"
+        local after_json="${after:-0}"
+        # Guard against non-numeric values when serializing to JSON.
+        if ! [[ "$before_json" =~ ^[0-9]+$ ]]; then before_json=0; fi
+        if ! [[ "$after_json"  =~ ^[0-9]+$ ]]; then after_json=0; fi
+        printf '{"type":"architectural-drift","iteration":%s,"before":%s,"after":%s,"verdict":"DEGRADED","timestamp":"%s","source":"sentrux"}\n' \
+            "$iter" "$before_json" "$after_json" "$ts" \
+            > "$finding_path" 2>/dev/null || true
+    fi
+    return 0
+}
+
 run_autonomous() {
     local prd_path="$1"
 
     log_header "Starting Autonomous Execution"
 
+    # Sentrux architectural-drift gate (opt-in via LOKI_SENTRUX_GATE=1, v7.5.15).
+    # Source the helper only when the gate is enabled to avoid hot-path overhead
+    # for the default-off case. Failure to source is non-fatal -- the wrapper
+    # functions degrade to no-ops via type checks.
+    if [ "${LOKI_SENTRUX_GATE:-0}" = "1" ]; then
+        # shellcheck disable=SC1090,SC1091
+        source "${SCRIPT_DIR}/lib/sentrux-gate.sh" 2>/dev/null || true
+    fi
+
     # Auto-detect PRD if not provided
     if [ -z "$prd_path" ]; then
         log_step "No PRD provided, searching for existing PRD files..."
@@ -10670,6 +10771,9 @@ except Exception as exc:
         # Auto-track iteration start (for dashboard task queue)
         track_iteration_start "$ITERATION_COUNT" "$prd_path"
 
+        # Sentrux architectural-drift baseline snapshot (opt-in, v7.5.15).
+        _loki_sentrux_iteration_start "${TARGET_DIR:-.}"
+
         local prompt
         prompt=$(build_prompt "$retry" "$prd_path" "$ITERATION_COUNT")
 
@@ -11149,6 +11253,9 @@ if __name__ == "__main__":
         # Auto-track iteration completion (for dashboard task queue)
         track_iteration_complete "$ITERATION_COUNT" "$exit_code"
 
+        # Sentrux architectural-drift gate diff + finding emission (opt-in, v7.5.15).
+        _loki_sentrux_iteration_end "$ITERATION_COUNT" "${TARGET_DIR:-.}"
+
         # End OTEL phase span (if OTEL is enabled)
         if [ -n "${LOKI_OTEL_ENDPOINT:-}" ]; then
             emit_event_pending "otel_span_end" \

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.5.14"
+__version__ = "7.5.16"
 
 # Expose the control app for easy import
 try:

package/dashboard/server.py

@@ -3782,6 +3782,80 @@ async def force_council_review():
     return {"success": True, "message": "Council review requested"}
 
 
+@app.get("/api/council/transcripts")
+async def get_council_transcripts(
+    limit: int = Query(default=20, ge=1, le=200),
+    since: Optional[str] = Query(default=None),
+    iter_min: Optional[int] = Query(default=None),
+):
+    """List council transcript records, sorted descending by iteration number.
+
+    Query params:
+      limit    int, default=20, max=200
+      since    ISO8601 string (optional), filter to transcripts after this time
+      iter_min int (optional), filter to iteration >= N
+    """
+    transcripts_dir = _get_loki_dir() / "council" / "transcripts"
+    if not transcripts_dir.exists():
+        return {"transcripts": [], "total": 0, "latest_id": None}
+
+    since_dt = None
+    if since:
+        try:
+            since_dt = datetime.fromisoformat(since.replace("Z", "+00:00"))
+        except ValueError:
+            raise HTTPException(status_code=400, detail="Invalid 'since' timestamp format; expected ISO8601")
+
+    records = []
+    for f in sorted(transcripts_dir.glob("iter-*.json"), reverse=True):
+        try:
+            rec = json.loads(f.read_text())
+        except Exception:
+            logger.warning("Skipping corrupt council transcript file: %s", f.name)
+            continue
+        if not isinstance(rec, dict):
+            logger.warning("Skipping non-object council transcript file: %s", f.name)
+            continue
+        if since_dt is not None:
+            ts_str = rec.get("timestamp", "")
+            try:
+                ts = datetime.fromisoformat(ts_str.replace("Z", "+00:00"))
+            except (ValueError, AttributeError):
+                continue
+            if ts <= since_dt:
+                continue
+        if iter_min is not None and rec.get("iteration", 0) < iter_min:
+            continue
+        records.append(rec)
+        if len(records) >= limit:
+            break
+
+    return {
+        "transcripts": records,
+        "total": len(records),
+        "latest_id": records[0]["iteration_id"] if records else None,
+    }
+
+
+@app.get("/api/council/transcripts/{iteration_id}")
+async def get_council_transcript(iteration_id: str):
+    """Fetch a single council transcript by iteration_id.
+
+    Returns the record body or 404 if not found.
+    Path traversal attempts (containing '/' or '..') are rejected with 404.
+    """
+    # Reject path traversal: iteration_id must be a plain filename component.
+    if "/" in iteration_id or "\\" in iteration_id or ".." in iteration_id:
+        raise HTTPException(status_code=404, detail="Transcript not found")
+    transcript_file = _get_loki_dir() / "council" / "transcripts" / f"{iteration_id}.json"
+    if not transcript_file.exists():
+        raise HTTPException(status_code=404, detail="Transcript not found")
+    try:
+        return json.loads(transcript_file.read_text())
+    except Exception:
+        raise HTTPException(status_code=500, detail="Corrupt transcript file")
+
+
 # =============================================================================
 # Context Window Tracking API (v5.40.0)
 # =============================================================================
@@ -5955,6 +6029,68 @@ async def get_findings(iteration: int):
                         detail=f"No findings for iteration {iteration}")
 
 
+@app.get("/api/quality/architecture")
+async def get_quality_architecture():
+    """Return the sentrux architectural-drift series.
+
+    Globs `.loki/state/findings-sentrux-*.json` (written by the iteration
+    loop when LOKI_SENTRUX_GATE=1), sorts by iteration ascending, and
+    returns a series suitable for plotting drift over time.
+
+    Per-file JSON parse errors are logged and skipped; the endpoint stays
+    200 OK even when no files exist or every file is corrupt.
+    """
+    base = _get_loki_dir()
+    state_dir = base / "state"
+    series: list[dict[str, Any]] = []
+    if state_dir.exists():
+        try:
+            paths = list(state_dir.glob("findings-sentrux-*.json"))
+        except OSError as exc:
+            logger.warning("sentrux: failed to glob %s: %s", state_dir, exc)
+            paths = []
+        for path in paths:
+            try:
+                text = path.read_text(encoding="utf-8", errors="replace")
+                data = json.loads(text)
+            except (OSError, IOError) as exc:
+                logger.warning("sentrux: skipping unreadable %s: %s",
+                               path.name, exc)
+                continue
+            except json.JSONDecodeError as exc:
+                logger.warning("sentrux: skipping corrupt JSON %s: %s",
+                               path.name, exc)
+                continue
+            if not isinstance(data, dict):
+                logger.warning("sentrux: skipping non-object payload in %s",
+                               path.name)
+                continue
+            try:
+                iteration = int(data.get("iteration"))
+                before = int(data.get("before"))
+                after = int(data.get("after"))
+            except (TypeError, ValueError) as exc:
+                logger.warning("sentrux: skipping %s, bad ints: %s",
+                               path.name, exc)
+                continue
+            verdict = data.get("verdict")
+            if verdict not in ("DEGRADED", "OK", "UNKNOWN"):
+                verdict = "UNKNOWN"
+            timestamp = data.get("timestamp")
+            if not isinstance(timestamp, str):
+                timestamp = ""
+            series.append({
+                "iteration": iteration,
+                "before": before,
+                "after": after,
+                "verdict": verdict,
+                "timestamp": timestamp,
+            })
+    series.sort(key=lambda e: e["iteration"])
+    current = series[-1]["after"] if series else None
+    return {"series": series, "current": current, "samples": len(series)}
+
+
 @app.get("/api/learnings")
 async def get_learnings(limit: int = 50):
     """Read recent learnings (newest first)."""