npm - loki-mode - Versions diffs - 7.5.9 → 7.5.11 - Mend

loki-mode 7.5.9 → 7.5.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +30 -5
package/SKILL.md +28 -12
package/VERSION +1 -1
package/autonomy/run.sh +33 -3
package/dashboard/__init__.py +1 -1
package/dashboard/server.py +1 -1
package/dashboard/static/index.html +9 -9
package/docs/COMPARISON.md +6 -6
package/docs/INSTALLATION.md +32 -22
package/docs/cursor-comparison.md +6 -6
package/events/emit.sh +76 -0
package/loki-ts/dist/loki.js +2 -2
package/loki-ts/package.json +2 -1
package/mcp/__init__.py +1 -1
package/memory/retrieval.py +52 -7
package/memory/storage.py +9 -0
package/package.json +5 -5
package/skills/healing.md +12 -0
package/skills/quality-gates.md +10 -0
package/web-app/requirements.txt +3 -0

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 <div align="center">
-# Loki Mode
+# Loki Mode aka Autonomi
 ### Build the future, faster.
@@ -18,7 +18,7 @@
 ---
-> **How it works:** You provide a PRD. Loki Mode classifies complexity (`run.sh:detect_complexity()`), assembles an agent team from 41 specialized types across 8 swarms, and runs autonomous RARV cycles (Reason - Act - Reflect - Verify, see `run.sh:run_autonomous()`) with 11 quality gates (see `skills/quality-gates.md`). Code is not "done" until it passes automated verification. Output is a Git repo with source, tests, configs, and audit logs.
+> **How it works:** Drop a spec -- a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief. Loki Mode classifies complexity (`run.sh:detect_complexity()`), assembles an agent team from 41 specialized types across 8 swarms, and runs autonomous RARV cycles (Reason - Act - Reflect - Verify, see `run.sh:run_autonomous()`) with 11 quality gates (see `skills/quality-gates.md`). Code is not "done" until it passes automated verification. Output is a Git repo with source, tests, configs, and audit logs.
 ---
@@ -49,7 +49,9 @@ bun install -g loki-mode
 loki doctor                                   # verify environment
 loki init my-app --template simple-todo-app
 cd my-app
-loki start prd.md                             # autonomous build starts
+loki start prd.md                             # autonomous build from a Markdown PRD
+loki start owner/repo#123                     # ...or a GitHub issue
+loki start ./openapi.yaml                     # ...or an OpenAPI/YAML spec
 ```
 Or skip scaffolding and go straight to a quick task:
@@ -64,7 +66,7 @@ loki quick "build a landing page with a signup form"
 |--------|---------|-------|
 | **Bun (recommended)** | `bun install -g loki-mode` | Fastest. v8 will be Bun-only. |
 | **Homebrew** | `brew tap asklokesh/tap && brew install loki-mode` | Auto-installs Bun as a dep |
-| **Docker** | `docker pull asklokesh/loki-mode:7.5.7 && docker run --rm asklokesh/loki-mode:7.5.7 start prd.md` | Bun pre-installed in image |
+| **Docker** | `docker pull asklokesh/loki-mode:7.5.11 && docker run --rm asklokesh/loki-mode:7.5.11 start prd.md` | Bun pre-installed in image |
 | **npm (compat)** | `npm install -g loki-mode` | Works without Bun (bash fallback). Migrate any time with `loki self-update --to bun`. |
 **Upgrading:**
@@ -124,7 +126,7 @@ The next major release sunsets the Bash runtime entirely. There is no firm calen
 | Method | Command |
 |--------|---------|
 | **Homebrew** | `brew tap asklokesh/tap && brew install loki-mode` |
-| **Docker** | `docker pull asklokesh/loki-mode:7.5.7` |
+| **Docker** | `docker pull asklokesh/loki-mode:7.5.11` |
 | **Inside Claude Code** | `claude --dangerously-skip-permissions` then type "Loki Mode" |
 | **Git clone** | `git clone https://github.com/asklokesh/loki-mode.git` |
@@ -132,6 +134,29 @@ See the full [Installation Guide](docs/INSTALLATION.md).
 </details>
+<details>
+<summary><strong>Supported spec formats</strong></summary>
+A "spec" is whatever you hand `loki start`. Loki auto-detects the format and normalises it before the RARV loop. A Markdown PRD is one form of spec; the table below lists every input the v7.5.11 CLI accepts.
+| Format | Example | Notes |
+|--------|---------|-------|
+| Markdown PRD | `loki start ./prd.md` | Canonical form. Headings become section anchors. |
+| JSON spec | `loki start ./spec.json` | Free-form JSON; keys surfaced to agents. |
+| YAML spec | `loki start ./openapi.yaml` | OpenAPI / AsyncAPI / plain YAML all accepted. |
+| Plain text brief | `loki start ./brief.txt` | One-paragraph briefs work; complexity auto-detects to "simple". |
+| GitHub issue URL | `loki start https://github.com/owner/repo/issues/42` | Title + body + labels become the spec. |
+| GitHub shorthand | `loki start owner/repo#42` | Same as above, shorter. |
+| Jira ticket key | `loki start PROJ-456` | Requires `JIRA_BASE_URL` + `JIRA_TOKEN` env vars. |
+| GitLab / Azure DevOps URL | `loki start https://gitlab.com/group/proj/-/issues/7` | GitLab and Azure DevOps issue URLs both supported. |
+| Bare issue number | `loki start #123` or `loki start 123` | Resolved against the current repo's `origin` remote. |
+| OpenSpec change directory | `loki start --openspec ./openspec/change-001` | Reads OpenSpec change manifest + delta files. |
+| Auto-detect (no input) | `loki start` | Picks up `./prd.md`, `./spec.{json,yaml,yml}`, or `./SPEC.md` from cwd. |
+All formats land in the same RARV pipeline and pass the same 11 quality gates (`skills/quality-gates.md`).
+</details>
 ---
 ## What You Can Build

package/SKILL.md CHANGED Viewed

@@ -1,12 +1,14 @@
 ---
 name: loki-mode
-description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
+description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
-# Loki Mode v7.5.9
+# Loki Mode v7.5.11
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
+**Spec in, product out.** A "spec" is whatever describes the work: a Markdown PRD, a GitHub issue, an OpenAPI doc, a Jira ticket -- a PRD is one form of spec.
 **Multi-provider (stable since v5.0.0):** Claude/Codex/Gemini/Cline/Aider with abstract model tiers and degraded mode for non-Claude providers. See `skills/providers.md`. **Current track (v7.5.x):** Phase 1 RARV-C closure -- real provider judges, gate-failure flock, synthetic PRD e2e, status `--json`, dead code cleanup.
 **Runtime migration in progress:** A bash-to-Bun migration is underway on the `feat/bun-migration` branch. The first phase (shipped in v7.3.0) routes a small set of read-only commands -- `version`, `status`, `stats`, `doctor`, `provider show/list`, `memory list/index` -- through a Bun runtime via `bin/loki`. Every other command remains on the Bash runtime (`autonomy/loki`). Rollback is available with `LOKI_LEGACY_BASH=1`. See `UPGRADING.md` and `docs/architecture/ADR-001-runtime-migration.md` for the full plan.
@@ -89,11 +91,11 @@ These rules guide autonomous operation. Test results and code quality always tak
 ## Model Selection
-**Default since v5.3.0 (reaffirmed in v7.5.9):** Haiku disabled for quality. Use `--allow-haiku` or `LOKI_ALLOW_HAIKU=true` to enable.
+**Default since v5.3.0 (reaffirmed in v7.5.11):** Haiku disabled for quality. Use `--allow-haiku` or `LOKI_ALLOW_HAIKU=true` to enable.
 | Task Type | Tier | Claude (default) | Claude (--allow-haiku) | Codex (GPT-5.3) | Gemini |
 |-----------|------|------------------|------------------------|------------------|--------|
-| PRD analysis, architecture, system design | **planning** | opus | opus | effort=xhigh | thinking=high |
+| Spec analysis, architecture, system design | **planning** | opus | opus | effort=xhigh | thinking=high |
 | Feature implementation, complex bugs | **development** | opus | sonnet | effort=high | thinking=medium |
 | Code review (planned: 3 parallel reviewers) | **development** | opus | sonnet | effort=high | thinking=medium |
 | Integration tests, E2E, deployment | **development** | opus | sonnet | effort=high | thinking=medium |
@@ -113,7 +115,7 @@ These rules guide autonomous operation. Test results and code quality always tak
 ```
 BOOTSTRAP ──[project initialized]──> DISCOVERY
-DISCOVERY ──[PRD analyzed, requirements clear]──> ARCHITECTURE
+DISCOVERY ──[spec analyzed, requirements clear]──> ARCHITECTURE
 ARCHITECTURE ──[design approved, specs written]──> DEEPEN_PLAN (standard/complex only)
 DEEPEN_PLAN ──[plan enhanced by 4 research agents]──> INFRASTRUCTURE
 INFRASTRUCTURE ──[cloud/DB ready]──> DEVELOPMENT
@@ -187,20 +189,21 @@ This protocol governs **skill module** loading -- task-scoped instruction files
 ## Invocation
-**Unified entry point (v6.84.0):** `loki start` auto-detects whether the input is a PRD file, an issue URL, or an issue number. No need to pick between `loki start` and `loki run` -- the single command handles all cases.
+**Unified entry point (v6.84.0):** `loki start [SPEC|ISSUE-REF]` auto-detects whether the input is a PRD file, an issue URL, an issue number, or another spec format (e.g. OpenAPI). No need to pick between `loki start` and `loki run` -- the single command handles all cases.
 ```bash
 # Standard mode (Claude - full features)
 claude --dangerously-skip-permissions
-# Then say: "Loki Mode" or "Loki Mode with PRD at path/to/prd.md" (or .json)
+# Then say: "Loki Mode" or "Loki Mode with spec at path/to/spec" (PRD .md/.json, OpenAPI .yaml, etc.)
 # Unified `loki start` -- one command, auto-detected mode
-loki start                                   # no arg: analyze current dir, auto-generate PRD
-loki start ./prd.md                          # PRD mode (.md/.json/.txt/.yaml)
+loki start                                   # no arg: analyze current dir, auto-generate spec
+loki start ./prd.md                          # PRD mode (.md/.json/.txt/.yaml) -- a PRD is one form of spec
+loki start ./openapi.yaml                    # SPEC mode (OpenAPI doc treated as the spec)
+loki start owner/repo#123                    # ISSUE mode (GitHub specific repo)
 loki start https://github.com/o/r/issues/42  # ISSUE mode (GitHub URL)
 loki start 123                               # ISSUE mode (GitHub issue in current repo)
 loki start PROJ-456                          # ISSUE mode (Jira)
-loki start owner/repo#789                    # ISSUE mode (GitHub specific repo)
 loki start --prd ./prd.md                    # Explicit PRD mode (overrides detection)
 loki start --issue 123                       # Explicit issue mode (overrides detection)
@@ -330,6 +333,19 @@ See `references/core-workflow.md` for the full RARV-C contract.
 ---
+## Concurrency and Security Hardening (v7.5.7 - v7.5.11)
+Three back-to-back patches closed cross-process and security gaps. No user-facing behavior change on the default flow; verify via the cited paths.
+- **Cross-process file locks** on append-or-rewrite state, so parallel runs / dashboard / MCP do not corrupt shared files: gate counter (`autonomy/run.sh` gate-counter writes), task queues (`autonomy/run.sh` queue read-modify-write), checkpoint index (`autonomy/run.sh` checkpoint index updates), `events.jsonl` append (event emission paths in `events/emit.sh` and `autonomy/run.sh`), human intervention signal files (`autonomy/run.sh:check_human_intervention()` at line ~8059 / 7897 per state-machine doc).
+- **MCP path validation** -- file/path arguments to `mcp/server.py` tools are normalized and rejected if they escape the project root (path-traversal fix from v7.5.8).
+- **Dashboard auth** now required on `/api/memory/*`, `/api/learning/*`, and `/api/status` in `dashboard/server.py` (previously unauthenticated read paths).
+- **Bash quoting hardening** across `autonomy/run.sh` and `autonomy/loki` -- variable expansions inside command substitution and `[ ]` tests quoted to prevent word-splitting on paths with spaces.
+See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.11] for the per-fix list and reviewer sign-off.
+---
 ## Implemented Features
 | Feature | Added | Notes |
@@ -342,7 +358,7 @@ See `references/core-workflow.md` for the full RARV-C contract.
 | Notification Triggers | v5.40.0 | `GET/PUT /api/notifications/triggers` |
 | GitHub integration | v5.42.2 | Import, sync-back, PR creation, export. CLI: `loki github`, API: `/api/github/*` |
 | Legacy System Healing | v6.67.0 | `loki heal <path>` -- friction-as-semantics, characterization tests |
-| Unified `loki start` | v6.84.0 | Auto-detects PRD vs issue input |
+| Unified `loki start` | v6.84.0 | Auto-detects spec (PRD, OpenAPI, etc.) vs issue input |
 | Managed Agents (memory mirror) | v7.2.0 | Opt-in via `LOKI_MANAGED_AGENTS` -- see Managed Agents section |
 | Bun runtime (Phase 1) | v7.3.0 | Read-only commands routed through `bin/loki`; `LOKI_LEGACY_BASH=1` to revert |
 | Phase 1 RARV-C closure | v7.5.x | Findings injection, real judges, auto-learnings, handoff.md |
@@ -365,4 +381,4 @@ See `references/core-workflow.md` for the full RARV-C contract.
 ---
-**v7.5.9 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.5.11 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 7.5.9
1	+ 7.5.11

package/autonomy/run.sh CHANGED Viewed

@@ -477,6 +477,18 @@ parse_yaml_with_yq() {
 load_config_file
 # Load JSON settings from loki config set (v6.0.0)
+#
+# SECURITY NOTE (v7.5.10, L12#2 audit): The eval below is intentional and safe.
+# The Python script's output is constrained to a fixed template:
+#     [ -z "${VAR:-}" ] && export VAR=<value>
+# where:
+#   - VAR is a hardcoded env var name from the `mapping` dict (NOT user-controlled).
+#   - <value> is produced by shlex.quote(), which emits POSIX-shell-safe single-
+#     quoted strings even for adversarial input (e.g. quotes, semicolons, $()).
+#   - Non-string values from settings.json are skipped (isinstance check).
+# Therefore no user-controlled bytes can break out of the quoted value or alter
+# the surrounding shell syntax. Do NOT remove the shlex.quote() call or relax
+# the isinstance(val, str) guard without re-auditing this eval.
 _load_json_settings() {
     local settings_file="${TARGET_DIR:-.}/.loki/config/settings.json"
     [ -f "$settings_file" ] || return 0
@@ -7100,13 +7112,31 @@ rollback_to_checkpoint() {
     done
     # Log the rollback (use python3 for safe JSON serialization)
-    local timestamp
+    # v7.5.10: route through safe_append_event_jsonl() so parallel-worktree
+    # rollbacks cannot interleave partial JSONL lines (POSIX append is
+    # only atomic for <PIPE_BUF and not all platforms honor it).
+    local timestamp rb_event
     timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-    _RB_CPID="$checkpoint_id" _RB_SHA="$git_sha" _RB_TS="$timestamp" \
+    rb_event=$(_RB_CPID="$checkpoint_id" _RB_SHA="$git_sha" _RB_TS="$timestamp" \
     python3 -c "
 import json,os
 print(json.dumps({'event':'rollback','checkpoint':os.environ['_RB_CPID'],'git_sha':os.environ['_RB_SHA'],'timestamp':os.environ['_RB_TS']}))
-" >> ".loki/events.jsonl" 2>/dev/null || true
+" 2>/dev/null) || rb_event=""
+    if [ -n "$rb_event" ]; then
+        # Source the emit lib once per call to get safe_append_event_jsonl.
+        # Lib-only mode skips the emit script's normal CLI execution.
+        # shellcheck disable=SC1091
+        if [ -z "${_LOKI_EMIT_LIB_LOADED:-}" ]; then
+            LOKI_EMIT_LIB_ONLY=1 . "$(dirname "${BASH_SOURCE[0]}")/../events/emit.sh" 2>/dev/null \
+                && _LOKI_EMIT_LIB_LOADED=1
+        fi
+        if declare -f safe_append_event_jsonl >/dev/null 2>&1; then
+            safe_append_event_jsonl ".loki/events.jsonl" "$rb_event" 2>/dev/null || true
+        else
+            # Last-resort fallback: bare append (preserves prior behavior).
+            printf '%s\n' "$rb_event" >> ".loki/events.jsonl" 2>/dev/null || true
+        fi
+    fi
     log_info "State files restored from checkpoint: ${checkpoint_id}"

package/dashboard/__init__.py CHANGED Viewed

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
-__version__ = "7.5.9"
+__version__ = "7.5.11"
 # Expose the control app for easy import
 try:

package/dashboard/server.py CHANGED Viewed

@@ -740,7 +740,7 @@ async def agent_card() -> dict:
 # Status endpoint - reads from .loki/ flat files (primary) + DB (fallback)
-@app.get("/api/status", response_model=StatusResponse)
+@app.get("/api/status", response_model=StatusResponse, dependencies=[Depends(auth.require_scope("read"))])
 async def get_status() -> StatusResponse:
     """Get system status from .loki/ session files."""
     loki_dir = _get_loki_dir()

package/dashboard/static/index.html CHANGED Viewed

@@ -527,7 +527,7 @@
         </button>
         <button class="nav-link" data-section="prd-checklist" id="nav-prd-checklist">
           <svg viewBox="0 0 24 24"><path d="M9 11l3 3L22 4"/><path d="M21 12v7a2 2 0 01-2 2H5a2 2 0 01-2-2V5a2 2 0 012-2h11"/></svg>
-          PRD Checklist
+          Spec Checklist
         </button>
         <button class="nav-link" data-section="app-runner" id="nav-app-runner">
           <svg viewBox="0 0 24 24"><polygon points="5 3 19 12 5 21 5 3"/></svg>
@@ -618,10 +618,10 @@
         </div>
       </div>
-      <!-- PRD Checklist -->
+      <!-- Spec Checklist -->
       <div class="section-page" id="page-prd-checklist">
         <div class="section-page-header">
-          <h2 class="section-page-title">PRD Checklist</h2>
+          <h2 class="section-page-title">Spec Checklist</h2>
         </div>
         <loki-checklist-viewer id="checklist-viewer"></loki-checklist-viewer>
       </div>
@@ -715,7 +715,7 @@
         <div class="shortcuts-group-title">Navigation</div>
         <div class="shortcut-row"><span class="shortcut-desc">Overview</span><span class="shortcut-keys"><kbd class="shortcut-key">1</kbd></span></div>
         <div class="shortcut-row"><span class="shortcut-desc">Insights</span><span class="shortcut-keys"><kbd class="shortcut-key">2</kbd></span></div>
-        <div class="shortcut-row"><span class="shortcut-desc">PRD Checklist</span><span class="shortcut-keys"><kbd class="shortcut-key">3</kbd></span></div>
+        <div class="shortcut-row"><span class="shortcut-desc">Spec Checklist</span><span class="shortcut-keys"><kbd class="shortcut-key">3</kbd></span></div>
         <div class="shortcut-row"><span class="shortcut-desc">App Runner</span><span class="shortcut-keys"><kbd class="shortcut-key">4</kbd></span></div>
         <div class="shortcut-row"><span class="shortcut-desc">Council</span><span class="shortcut-keys"><kbd class="shortcut-key">5</kbd></span></div>
         <div class="shortcut-row"><span class="shortcut-desc">Quality</span><span class="shortcut-keys"><kbd class="shortcut-key">6</kbd></span></div>
@@ -1267,12 +1267,12 @@ var LokiDashboard=(()=>{var xt=Object.defineProperty;var Qt=Object.getOwnPropert
       </div>
     `}_renderChecklistCard(){let t=this._checklistSummary;if(!t||!t.total)return`
         <div class="overview-card">
-          <div class="card-label">PRD Progress</div>
-          <div class="card-value small-text">${this._data.status==="running"||this._data.status==="autonomous"?"Analyzing PRD...":"No checklist"}</div>
+          <div class="card-label">Spec Progress</div>
+          <div class="card-value small-text">${this._data.status==="running"||this._data.status==="autonomous"?"Analyzing spec...":"No checklist"}</div>
         </div>
       `;let e=Math.round(t.verified/t.total*100),i=t.failing>0?"var(--loki-yellow, #f59e0b)":"var(--loki-green, #22c55e)";return`
       <div class="overview-card">
-        <div class="card-label">PRD Progress</div>
+        <div class="card-label">Spec Progress</div>
         <div class="card-value small-text">${t.verified}/${t.total} (${e}%)</div>
         <div class="mini-progress" style="margin-top:4px;height:4px;background:var(--loki-bg-secondary,#e4e4e7);border-radius:2px;overflow:hidden;">
           <div style="width:${e}%;height:100%;background:${i};transition:width 0.3s;"></div>
@@ -5572,7 +5572,7 @@ var LokiDashboard=(()=>{var xt=Object.defineProperty;var Qt=Object.getOwnPropert
       <style>${this.getBaseStyles()}${this._getStyles()}</style>
       <div class="checklist-viewer">
         <div class="checklist-header">
-          <h2 class="title">PRD Checklist</h2>
+          <h2 class="title">Spec Checklist</h2>
           ${i?this._renderBadges(e.summary):""}
         </div>
         ${i?this._renderGateBanner():""}
@@ -5623,7 +5623,7 @@ var LokiDashboard=(()=>{var xt=Object.defineProperty;var Qt=Object.getOwnPropert
       `}).join(""):'<div class="item" style="color:var(--loki-text-muted)">No items</div>'}_renderEmpty(){return`
       <div class="empty-state">
         <p><strong>No checklist data yet.</strong></p>
-        <p class="hint">The PRD checklist is generated during the first iteration. Start a session with <code>loki start ./prd.md</code> -- groups and items will appear here as the session progresses and can be expanded for details.</p>
+        <p class="hint">The spec checklist is generated during the first iteration. Start a session with <code>loki start ./spec.md</code> (PRD files also accepted) -- groups and items will appear here as the session progresses and can be expanded for details.</p>
       </div>
     `}_attachEventListeners(){let t=this.shadowRoot;t&&(t.querySelectorAll(".category-header[data-category]").forEach(e=>{e.addEventListener("click",()=>this._toggleCategory(e.dataset.category))}),t.querySelectorAll("button[data-waive-id]").forEach(e=>{e.addEventListener("click",i=>{i.stopPropagation(),this._waiveItem(e.dataset.waiveId)})}),t.querySelectorAll("button[data-unwaive-id]").forEach(e=>{e.addEventListener("click",i=>{i.stopPropagation(),this._unwaiveItem(e.dataset.unwaiveId)})}))}_escapeHtml(t){return t?String(t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;"):""}};customElements.define("loki-checklist-viewer",Y);var Nt={not_initialized:{color:"var(--loki-text-muted, #71717a)",label:"Not Started",pulse:!1},starting:{color:"var(--loki-yellow, #ca8a04)",label:"Starting...",pulse:!0},running:{color:"var(--loki-green, #16a34a)",label:"Running",pulse:!0},stale:{color:"var(--loki-yellow, #ca8a04)",label:"Stale",pulse:!1},completed:{color:"var(--loki-text-muted, #a1a1aa)",label:"Completed",pulse:!1},failed:{color:"var(--loki-red, #dc2626)",label:"Failed",pulse:!1},crashed:{color:"var(--loki-red, #dc2626)",label:"Crashed",pulse:!1},stopped:{color:"var(--loki-text-muted, #a1a1aa)",label:"Stopped",pulse:!1},unknown:{color:"var(--loki-text-muted, #71717a)",label:"Unknown",pulse:!1}},W=class extends u{static get observedAttributes(){return["api-url","theme"]}constructor(){super(),this._loading=!1,this._error=null,this._api=null,this._pollInterval=null,this._status=null,this._logs=[],this._lastDataHash=null,this._lastLogsHash=null}connectedCallback(){super.connectedCallback(),this._setupApi(),this._loadData(),this._startPolling()}disconnectedCallback(){super.disconnectedCallback(),this._stopPolling()}attributeChangedCallback(t,e,i){e!==i&&(t==="api-url"&&this._api&&(this._api.baseUrl=i,this._loadData()),t==="theme"&&this._applyTheme())}_setupApi(){let t=this.getAttribute("api-url")||window.location.origin;this._api=g({baseUrl:t})}_startPolling(){this._pollInterval=setInterval(()=>this._loadData(),3e3),this._visibilityHandler=()=>{document.hidden?this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null):this._pollInterval||(this._loadData(),this._pollInterval=setInterval(()=>this._loadData(),3e3))},document.addEventListener("visibilitychange",this._visibilityHandler)}_stopPolling(){this._pollInterval&&(clearInterval(this._pollInterval),this._pollInterval=null),this._visibilityHandler&&(document.removeEventListener("visibilitychange",this._visibilityHandler),this._visibilityHandler=null)}async _loadData(){try{let[t,e]=await Promise.all([this._api.getAppRunnerStatus(),this._api.getAppRunnerLogs()]),i=JSON.stringify({status:t?.status,port:t?.port,restarts:t?.restart_count,url:t?.url}),a=JSON.stringify(e?.lines?.slice(-5)||[]),s=a!==this._lastLogsHash;if(i===this._lastDataHash&&!s)return;this._lastDataHash=i,this._lastLogsHash=a,this._status=t,this._logs=e?.lines||[],this._error=null,this.render(),this._scrollLogsToBottom()}catch(t){this._error||(this._error=`Failed to load app status: ${t.message}`,this.render())}}_scrollLogsToBottom(){let t=this.shadowRoot;if(!t)return;let e=t.querySelector(".log-area");e&&(e.scrollTop=e.scrollHeight)}async _handleRestart(){try{await this._api.restartApp(),this._loadData()}catch(t){this._error=`Restart failed: ${t.message}`,this.render()}}async _handleStop(){try{await this._api.stopApp(),this._loadData()}catch(t){this._error=`Stop failed: ${t.message}`,this.render()}}_formatUptime(t){if(!t)return"--";let e=new Date(t),a=Math.floor((new Date-e)/1e3);if(a<60)return`${a}s`;if(a<3600)return`${Math.floor(a/60)}m ${a%60}s`;let s=Math.floor(a/3600),r=Math.floor(a%3600/60);return`${s}h ${r}m`}_isValidUrl(t){if(!t)return!1;try{let e=new URL(t);return e.protocol==="http:"||e.protocol==="https:"}catch{return!1}}_getStyles(){return`
       .app-status {

package/docs/COMPARISON.md CHANGED Viewed

@@ -37,7 +37,7 @@
 |---------|--------------|-----------|-----------|------------|----------|-----------------|--------------|--------------|
 | **Code Review** | 3 blind reviewers + devil's advocate | Basic | Basic | BugBot PR | Property-based | Artifacts | Doc/Review | Basic |
 | **Anti-Sycophancy** | Yes (CONSENSAGENT) | No | No | No | No | No | No | No |
-| **Quality Gates** | 9 gates + PBT | Basic | Sandbox | Tests | Spec validation | Artifact checks | Tests | Permissions |
+| **Quality Gates** | 11 gates + PBT | Basic | Sandbox | Tests | Spec validation | Artifact checks | Tests | Permissions |
 | **Constitutional AI** | Yes (principles) | No | Refusal training | No | No | No | No | No |
 ---
@@ -47,7 +47,7 @@
 | Feature | **Loki Mode** | **Devin** | **Codex** | **Cursor** | **Kiro** | **Antigravity** | **Amazon Q** | **OpenCode** |
 |---------|--------------|-----------|-----------|------------|----------|-----------------|--------------|--------------|
 | **Spec-First** | OpenAPI-first | Natural lang | Natural lang | Natural lang | requirements.md, design.md, tasks.md | Natural lang | Natural lang | AGENTS.md |
-| **PRD Support** | Native parsing | Ticket-based | Issue-based | No | Native specs | No | Issue-based | No |
+| **Spec Support (PRD / issue / YAML)** | Native parsing across all three | Ticket-based | Issue-based | No | Native specs | No | Issue-based | No |
 | **Design Docs** | Auto-generates | No | No | No | Yes (design.md) | Artifacts | Yes | No |
 ---
@@ -207,7 +207,7 @@
 | **Skills** | Progressive disclosure | 6 slash commands | N/A | 129 skills | N/A | 35 skills | Memory focus |
 | **Multi-Provider** | Yes (Claude/Codex/Gemini) | 3 CLIs (separate) | No | No | No | No | No |
 | **Memory System** | 3-tier (episodic/semantic/procedural) | None | N/A | N/A | Hybrid | N/A | SQLite+FTS5 |
-| **Quality Gates** | 9 gates + Completion Council | User verify only | Two-Stage Review | N/A | Consensus | Tiered | N/A |
+| **Quality Gates** | 11 gates + Completion Council | User verify only | Two-Stage Review | N/A | Consensus | Tiered | N/A |
 | **Context Mgmt** | Standard | Fresh per task (core innovation) | Fresh per task | N/A | N/A | N/A | Progressive |
 | **Autonomy** | High (minimal human) | Semi (checkpoints) | Human-guided | Human-guided | Orchestrated | Human-guided | N/A |
@@ -232,7 +232,7 @@ These are patterns from competing projects that are **practically and scientific
 |----------|---------|-------------------------|
 | **Multi-Provider Support** | Only skill supporting Claude, Codex, and Gemini with graceful degradation | All 8 competitors are Claude-only |
 | **RARV Cycle** | Reason-Act-Reflect-Verify is more rigorous than Plan-Execute | Most use simple Plan-Execute |
-| **9-Gate Quality System** | Static analysis + 3 reviewers + devil's advocate + anti-sycophancy + severity blocking + coverage + debate | Superpowers has 2-stage, others have less |
+| **11-Gate Quality System** | Static analysis + 3 reviewers + devil's advocate + anti-sycophancy + severity blocking + coverage + debate + backward-compat (healing) + Phase 1 closure | Superpowers has 2-stage, others have less |
 | **Constitutional AI Integration** | Principles-based self-critique from Anthropic research | None have this |
 | **Anti-Sycophancy (CONSENSAGENT)** | Blind review + devil's advocate prevents groupthink | None have this |
 | **Provider Abstraction Layer** | Clean degradation from full-featured to sequential-only | Claude-only projects can't degrade |
@@ -342,7 +342,7 @@ Tiered agent architecture with explicit escalation:
 | Agent | Killer Feature |
 |-------|---------------|
-| **Loki Mode** | Minimal-human-intervention full SDLC, 41 agents in 8 swarms, Constitutional AI, anti-sycophancy, cross-project learning, code transformation, property-based testing |
+| **Loki Mode** | Minimal-human-intervention full SDLC from any spec (PRD, GitHub issue, or YAML), 41 agents in 8 swarms, Constitutional AI, anti-sycophancy, cross-project learning, code transformation, property-based testing |
 | **Devin** | Full software engineer persona, Slack integration, 67% PR merge rate |
 | **OpenAI Codex** | Skills marketplace, $skill-creator, GPT-5.2-Codex, secure sandbox |
 | **Cursor** | 8 parallel agents, BugBot, Memories, $10B valuation, Composer model (250 tok/s) |
@@ -359,7 +359,7 @@ Tiered agent architecture with explicit escalation:
 |-----------|-------------------|
 | **Autonomy** | Designed for high autonomy with minimal human intervention |
 | **Multi-Agent** | 41 specialized agents in 8 swarms vs 1-8 in competitors |
-| **Quality** | 9 gates + blind review + devil's advocate + property-based testing |
+| **Quality** | 11 gates + blind review + devil's advocate + property-based testing |
 | **Research** | 10+ academic papers integrated vs proprietary/undisclosed |
 | **Anti-Sycophancy** | Only agent with CONSENSAGENT-based blind review |
 | **Memory** | 3-tier memory (episodic/semantic/procedural) + review learning + cross-project |

package/docs/INSTALLATION.md CHANGED Viewed

@@ -2,7 +2,7 @@
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
-**Version:** v7.5.9
+**Version:** v7.5.11
 ---
@@ -128,15 +128,25 @@ package, while `loki-mode-sdk` is the thin client.
 ## Quick Start
+Drop a spec -- any artifact that describes what you want built -- and Loki
+Mode takes it from spec to deployed app. Specs can be a markdown PRD, a
+GitHub issue URL, or a YAML feature description.
 ```bash
-# CLI mode (works with any provider)
-loki start ./prd.md
-loki start ./prd.md --provider codex
-loki start ./prd.md --provider gemini
+# CLI mode (works with any provider) -- spec as markdown PRD
+loki start ./spec.md
+loki start ./spec.md --provider codex
+loki start ./spec.md --provider gemini
+# Spec as a GitHub issue
+loki start --github-issue https://github.com/owner/repo/issues/42
+# Spec as a YAML feature description
+loki start ./feature.yaml
 # Interactive mode (inside your coding agent)
 claude --dangerously-skip-permissions
-# Then say: "Loki Mode with PRD at ./my-prd.md"
+# Then say: "Loki Mode with spec at ./my-spec.md"
 ```
 ---
@@ -198,11 +208,11 @@ Run Loki Mode in an isolated Docker container for enhanced security.
 ### Usage
 ```bash
-# Run in sandbox mode
-./autonomy/sandbox.sh ./my-prd.md
+# Run in sandbox mode (spec can be PRD, issue link, or YAML)
+./autonomy/sandbox.sh ./my-spec.md
 # With provider selection
-./autonomy/sandbox.sh --provider codex ./my-prd.md
+./autonomy/sandbox.sh --provider codex ./my-spec.md
 ```
 ### Security Controls
@@ -213,10 +223,10 @@ By default, prompt injection is **disabled** for enterprise safety:
 ```bash
 # Default: prompt injection disabled
-./autonomy/run.sh ./my-prd.md
+./autonomy/run.sh ./my-spec.md
 # Opt-in to enable prompt injection
-LOKI_PROMPT_INJECTION_ENABLED=true ./autonomy/run.sh ./my-prd.md
+LOKI_PROMPT_INJECTION_ENABLED=true ./autonomy/run.sh ./my-spec.md
 ```
 #### Human Input Security
@@ -228,7 +238,7 @@ The `HUMAN_INPUT.md` file has security controls:
 ### When to Use Sandbox Mode
-- Running untrusted PRD files
+- Running untrusted spec files (PRD, issue export, YAML)
 - Enterprise environments with strict security requirements
 - Automated CI/CD pipelines
 - Multi-tenant deployments
@@ -272,13 +282,13 @@ Use the `--provider` flag when invoking Loki Mode:
 ```bash
 # Use Claude (default)
-loki start ./my-prd.md --provider claude
+loki start ./my-spec.md --provider claude
 # Use OpenAI Codex
-loki start ./my-prd.md --provider codex
+loki start ./my-spec.md --provider codex
 # Use Google Gemini
-loki start ./my-prd.md --provider gemini
+loki start ./my-spec.md --provider gemini
 ```
 #### Docker
@@ -289,12 +299,12 @@ Pass the provider as an environment variable:
 # Use Codex with Docker
 docker run -e LOKI_PROVIDER=codex \
   -v $(pwd):/workspace -w /workspace \
-  asklokesh/loki-mode:latest start ./my-prd.md
+  asklokesh/loki-mode:latest start ./my-spec.md
 # Use Gemini with Docker
 docker run -e LOKI_PROVIDER=gemini \
   -v $(pwd):/workspace -w /workspace \
-  asklokesh/loki-mode:latest start ./my-prd.md
+  asklokesh/loki-mode:latest start ./my-spec.md
 ```
 ### Degraded Mode
@@ -445,7 +455,7 @@ description: Multi-Agent Autonomous Startup System
 1. Start a new conversation
 2. Type: `Loki Mode`
-3. Claude should recognize the skill and ask for a PRD
+3. Claude should recognize the skill and ask for a spec (PRD, GitHub issue link, or YAML)
 ### For API Console
@@ -475,7 +485,7 @@ loki-mode/
 ├── autonomy/             # Autonomous runner (CLI only)
 │   ├── run.sh
 │   └── README.md
-├── templates/            # 22 PRD templates for project scaffolding
+├── templates/            # 22 spec templates (PRD-style) for project scaffolding
 │   ├── simple-todo-app.md
 │   ├── api-only.md
 │   ├── static-landing-page.md
@@ -628,7 +638,7 @@ The completion scripts support:
 * **Smart Context**
   * `loki start --provider <TAB>` shows only installed providers (`claude`, `codex`, `gemini`).
-  * `loki start <TAB>` defaults to file completion for PRD templates.
+  * `loki start <TAB>` defaults to file completion for spec files (PRD templates, YAML).
 * **Nested Commands**
   Handles specific subcommands for `council`, `memory`, `config`, `audit`, `metrics`, `watchdog`, and `secrets`.
@@ -797,9 +807,9 @@ After installation:
    cd my-app
    ```
-3. **Start Building:** Launch autonomous development
+3. **Start Building:** Launch autonomous development from any spec (PRD, GitHub issue, or YAML)
    ```bash
-   loki start prd.md
+   loki start spec.md
    ```
 4. **Read Documentation:** Check out [README.md](../README.md) for usage guides

package/docs/cursor-comparison.md CHANGED Viewed

@@ -11,10 +11,10 @@
 |-----------|--------|-----------|--------|
 | **Proven Scale** | 1M+ LoC, large agent count | Benchmarks only | Cursor |
 | **Research Foundation** | Empirical iteration | 25+ academic citations | Loki Mode |
-| **Quality Assurance** | Workers self-manage | 9-gate system + anti-sycophancy | Loki Mode |
+| **Quality Assurance** | Workers self-manage | 11-gate system + anti-sycophancy | Loki Mode |
 | **Anti-Sycophancy** | Not mentioned | CONSENSAGENT blind review | Loki Mode |
 | **Velocity-Quality Balance** | Not mentioned | arXiv-backed metrics | Loki Mode |
-| **Full SDLC Coverage** | Code generation focus | PRD to production + growth | Loki Mode |
+| **Full SDLC Coverage** | Code generation focus | Spec (PRD/issue/YAML) to production + growth | Loki Mode |
 | **Memory Systems** | Not detailed | Episodic/semantic/procedural | Loki Mode |
 | **Scale Patterns** | Battle-tested | Now incorporated (v3.3.0) | Tie |
@@ -66,7 +66,7 @@ velocity_quality_balance:
 ---
-### 3. 9-Gate Quality System
+### 3. 11-Gate Quality System
 **Loki Mode's Gates:**
 1. Input Guardrails - Validate scope, detect injection (OpenAI SDK pattern)
@@ -174,7 +174,7 @@ Cursor learned through failure:
 ### 3. Simplicity Principle
 > "A surprising amount of the system's behavior comes down to how we prompt the agents. The harness and models matter, but the prompts matter more."
-**Loki Mode:** More complex infrastructure (9 gates, 41 agent types, memory systems). May be over-engineered for some use cases.
+**Loki Mode:** More elaborate infrastructure (11 gates, 41 agent types, memory systems). May be over-engineered for some use cases.
 ---
@@ -192,10 +192,10 @@ We incorporated Cursor's proven patterns:
 ## Conclusion
 **Loki Mode is scientifically better in:**
-- Quality assurance (research-backed 9-gate system)
+- Quality assurance (research-backed 11-gate system)
 - Anti-sycophancy (CONSENSAGENT blind review)
 - Velocity-quality balance (arXiv metrics)
-- Full SDLC coverage (PRD to growth)
+- Full SDLC coverage (spec to growth -- PRD, GitHub issue, or YAML)
 - Memory architecture (episodic/semantic/procedural)
 **Cursor is operationally better in:**

package/events/emit.sh CHANGED Viewed

@@ -11,6 +11,82 @@
 #
 # Environment:
 #   LOKI_DIR - Path to .loki directory (default: .loki)
+#
+# Sourcing:
+#   This script can also be sourced (LOKI_EMIT_LIB_ONLY=1) to expose the
+#   safe_append_event_jsonl() helper without performing an emit.
+# safe_append_event_jsonl <events_jsonl_path> <line>
+#
+# Cross-process serialized append to .loki/events.jsonl. POSIX append is
+# atomic only for writes <PIPE_BUF (typically 4KB) and not all filesystems
+# honor it; under parallel-worktree contention bare `>>` can interleave
+# partial JSONL lines. This helper serializes appends across processes.
+#
+# Strategy (v7.5.10):
+#   - Prefer flock(1) when available (Linux, util-linux). Uses an
+#     exclusive lock on a sentinel FD bound to <events>.lock so the lock
+#     is released automatically when the subshell exits.
+#   - Fall back to a mkdir() mutex on macOS / BSDs where flock is not
+#     installed by default. mkdir is atomic on POSIX -- exactly one
+#     concurrent caller wins the create. We retry with backoff up to
+#     ~5s, and treat a stale lockdir (>30s old) as abandonable.
+#   - The newline is appended by the helper -- callers pass the JSON
+#     payload only.
+safe_append_event_jsonl() {
+    local events_path="$1"
+    local line="$2"
+    local lock_target="${events_path}.lock"
+    local events_dir
+    events_dir="$(dirname "$events_path")"
+    mkdir -p "$events_dir" 2>/dev/null || true
+    if command -v flock >/dev/null 2>&1; then
+        # flock path: bind FD 9 to the sentinel file (created if absent),
+        # take an exclusive lock, append, release on subshell exit.
+        (
+            flock -x 9
+            printf '%s\n' "$line" >> "$events_path"
+        ) 9>"$lock_target"
+        return $?
+    fi
+    # Fallback: mkdir-based mutex. mkdir is atomic on POSIX.
+    local lock_dir="${events_path}.lockdir"
+    local attempts=0
+    local max_attempts=500   # ~5s at 10ms sleep
+    while ! mkdir "$lock_dir" 2>/dev/null; do
+        attempts=$((attempts + 1))
+        if [ "$attempts" -ge "$max_attempts" ]; then
+            # Stale lock: if the dir is older than 30s, force-remove it.
+            local age
+            age=$(( $(date +%s) - $(stat -f%m "$lock_dir" 2>/dev/null \
+                                    || stat -c%Y "$lock_dir" 2>/dev/null \
+                                    || echo 0) ))
+            if [ "$age" -gt 30 ]; then
+                rmdir "$lock_dir" 2>/dev/null || rm -rf "$lock_dir" 2>/dev/null || true
+                attempts=0
+                continue
+            fi
+            # Give up -- best-effort write so observability never blocks.
+            printf '%s\n' "$line" >> "$events_path" 2>/dev/null || true
+            return 1
+        fi
+        # Sleep ~10ms (perl avoids `sleep 0.01` portability issues).
+        perl -e 'select(undef,undef,undef,0.01)' 2>/dev/null || sleep 1
+    done
+    # Critical section.
+    printf '%s\n' "$line" >> "$events_path"
+    local rc=$?
+    rmdir "$lock_dir" 2>/dev/null || true
+    return $rc
+}
+# Library-only mode: source this file to get safe_append_event_jsonl
+# without executing the emit logic below.
+if [ "${LOKI_EMIT_LIB_ONLY:-0}" = "1" ]; then
+    return 0 2>/dev/null || exit 0
+fi
 set -euo pipefail

package/loki-ts/dist/loki.js CHANGED Viewed

@@ -423,7 +423,7 @@ Subcommands:
 This command is invoked by autonomy/run.sh between iterations. Users
 should not run it directly -- run \`loki start\` instead.
-`,T5;var $6=w(()=>{m();T1();T5=c1});m();import{readFileSync as U6}from"fs";import{resolve as q6,dirname as H6}from"path";import{fileURLToPath as G6}from"url";var o=null;function r1(){if(o!==null)return o;let $="7.5.9";if(typeof $==="string"&&$.length>0)return o=$,o;try{let Q=H6(G6(import.meta.url)),z=E1(Q);o=U6(q6(z,"VERSION"),"utf-8").trim()}catch{o="unknown"}return o}function s1(){return process.stdout.write(`Loki Mode v${r1()}
+`,T5;var $6=w(()=>{m();T1();T5=c1});m();import{readFileSync as U6}from"fs";import{resolve as q6,dirname as H6}from"path";import{fileURLToPath as G6}from"url";var o=null;function r1(){if(o!==null)return o;let $="7.5.11";if(typeof $==="string"&&$.length>0)return o=$,o;try{let Q=H6(G6(import.meta.url)),z=E1(Q);o=U6(q6(z,"VERSION"),"utf-8").trim()}catch{o="unknown"}return o}function s1(){return process.stdout.write(`Loki Mode v${r1()}
 `),0}p();n();m();import{readFileSync as A6,existsSync as T6}from"fs";import{resolve as O6}from"path";var j6=["claude","codex","gemini","cline","aider"];function i1(){let $=O6(P(),"state","provider");if(!T6($))return"";try{return A6($,"utf-8").trim()}catch{return""}}function _6($,Q){return $||Q||process.env.LOKI_PROVIDER||"claude"}function I6($){let Q=i1(),z=_6($,Q);switch(process.stdout.write(`${D}Current Provider${W}
 `),process.stdout.write(`
 `),process.stdout.write(`${A}Provider:${W} ${z}
@@ -506,4 +506,4 @@ Set LOKI_LEGACY_BASH=1 to force the bash CLI for every command.
 `),2}default:return process.stderr.write(`Unknown command: ${Q}
 `),process.stderr.write(z6),2}}process.on("SIGINT",()=>process.exit(130));process.on("SIGTERM",()=>process.exit(143));var _5=await j5(Bun.argv.slice(2));process.exit(_5);
-//# debugId=CACEACF76B85BD5C64756E2164756E21
+//# debugId=8438E5E6200ECBFA64756E2164756E21

package/loki-ts/package.json CHANGED Viewed

@@ -5,7 +5,8 @@
   "private": true,
   "type": "module",
   "engines": {
-    "bun": ">=1.3.0"
+    "bun": ">=1.3.0",
+    "node": ">=20.0.0"
   },
   "scripts": {
     "version": "bun src/cli.ts version",

package/mcp/__init__.py CHANGED Viewed

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
-__version__ = '7.5.9'
+__version__ = '7.5.11'

package/memory/retrieval.py CHANGED Viewed

@@ -295,6 +295,42 @@ class MemoryRetrieval:
         """Get the current namespace."""
         return self._namespace
+    # Track which legacy entries we've already warned about to avoid log spam.
+    _LEGACY_WARN_LIMIT = 5
+    _legacy_warned_count: int = 0
+    def _belongs_to_namespace(self, result: Dict[str, Any]) -> bool:
+        """
+        Check if a memory result belongs to the current namespace.
+        Cross-namespace leak defense (v7.5.10). Storage layer should isolate
+        files by directory, but this filter provides defense-in-depth and
+        handles cases where vector indices span namespaces.
+        Behavior:
+        - If self._namespace is None, accept all (backward compat for unscoped retrieval).
+        - If result has "_namespace" matching, accept.
+        - If result lacks "_namespace" (legacy entry written before stamping),
+          log a deprecation warning (rate-limited) and ACCEPT for backward compat.
+        - Otherwise, reject.
+        """
+        if self._namespace is None:
+            return True
+        result_ns = result.get("_namespace")
+        if result_ns is None:
+            # Legacy entry without namespace stamp; accept for backward compat
+            # but warn so operators can re-save to add stamps.
+            if MemoryRetrieval._legacy_warned_count < MemoryRetrieval._LEGACY_WARN_LIMIT:
+                logger.warning(
+                    "Memory entry id=%s lacks '_namespace' stamp (legacy "
+                    "entry). Including in results for backward compatibility. "
+                    "Re-save this entry to enable namespace isolation.",
+                    result.get("id", "<unknown>"),
+                )
+                MemoryRetrieval._legacy_warned_count += 1
+            return True
+        return result_ns == self._namespace
     def with_namespace(self, namespace: str) -> "MemoryRetrieval":
         """
         Create a new MemoryRetrieval instance with a different namespace.
@@ -761,7 +797,10 @@ class MemoryRetrieval:
             item["id"] = item_id
             item["_score"] = float(score)
             item["_source"] = collection
-            items.append(item)
+            # Cross-namespace leak defense (v7.5.10): vector indices may be
+            # shared across namespaces, so filter here too.
+            if self._belongs_to_namespace(item):
+                items.append(item)
         return items
@@ -810,7 +849,8 @@ class MemoryRetrieval:
                     )
                     if data:
                         data["_source"] = "episodic"
-                        results.append(data)
+                        if self._belongs_to_namespace(data):
+                            results.append(data)
         # Filter semantic patterns by last_used
         patterns_data = self.storage.read_json("semantic/patterns.json") or {}
@@ -831,7 +871,8 @@ class MemoryRetrieval:
                     if since <= last_used_dt <= until:
                         pattern["_source"] = "semantic"
-                        results.append(pattern)
+                        if self._belongs_to_namespace(pattern):
+                            results.append(pattern)
                 except (ValueError, TypeError):
                     continue
@@ -1428,7 +1469,8 @@ class MemoryRetrieval:
                     data_copy = dict(data)
                     data_copy["_score"] = score
                     data_copy["_source"] = "episodic"
-                    results.append(data_copy)
+                    if self._belongs_to_namespace(data_copy):
+                        results.append(data_copy)
         return results
@@ -1457,7 +1499,8 @@ class MemoryRetrieval:
                 pattern_copy = dict(pattern)
                 pattern_copy["_score"] = score
                 pattern_copy["_source"] = "semantic"
-                results.append(pattern_copy)
+                if self._belongs_to_namespace(pattern_copy):
+                    results.append(pattern_copy)
         return results
@@ -1486,7 +1529,8 @@ class MemoryRetrieval:
                 data_copy = dict(data)
                 data_copy["_score"] = score
                 data_copy["_source"] = "skills"
-                results.append(data_copy)
+                if self._belongs_to_namespace(data_copy):
+                    results.append(data_copy)
         return results
@@ -1511,7 +1555,8 @@ class MemoryRetrieval:
                 anti_copy = dict(anti)
                 anti_copy["_score"] = score
                 anti_copy["_source"] = "anti_patterns"
-                results.append(anti_copy)
+                if self._belongs_to_namespace(anti_copy):
+                    results.append(anti_copy)
         return results

package/memory/storage.py CHANGED Viewed

@@ -391,6 +391,11 @@ class MemoryStorage:
         episode_id = episode_data.get("id") or self._generate_id("episode")
         episode_data["id"] = episode_id
+        # Stamp namespace so retrieval can verify isolation (cross-namespace
+        # leak defense, v7.5.10). Defaults to DEFAULT_NAMESPACE for unscoped
+        # storage instances.
+        episode_data["_namespace"] = self._namespace or DEFAULT_NAMESPACE
         # Determine storage path based on date
         timestamp = episode_data.get("timestamp", datetime.now(timezone.utc).isoformat())
         if isinstance(timestamp, str):
@@ -557,6 +562,8 @@ class MemoryStorage:
             "created_at",
             datetime.now(timezone.utc).isoformat()
         )
+        # Stamp namespace for cross-namespace leak defense (v7.5.10).
+        pattern_data["_namespace"] = self._namespace or DEFAULT_NAMESPACE
         patterns_path = self.base_path / "semantic" / "patterns.json"
@@ -750,6 +757,8 @@ class MemoryStorage:
             "created_at",
             datetime.now(timezone.utc).isoformat()
         )
+        # Stamp namespace for cross-namespace leak defense (v7.5.10).
+        skill_data["_namespace"] = self._namespace or DEFAULT_NAMESPACE
         # Use skill name for filename if available, otherwise use ID
         skill_name = skill_data.get("name", skill_id)

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "loki-mode",
-  "version": "7.5.9",
-  "description": "Loki Mode by Autonomi - Multi-agent autonomous startup system for Claude Code, Codex CLI, and Gemini CLI",
+  "version": "7.5.11",
+  "description": "Loki Mode by Autonomi. Multi-agent autonomous SDLC framework. Spec to deployed app: PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief. 5 AI providers (Claude Code, OpenAI Codex, Google Gemini, Cline, Aider). 11 quality gates.",
   "keywords": [
     "agent",
     "agent-orchestration",
@@ -102,7 +102,7 @@
   ],
   "scripts": {
     "prepack": "find . -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null; find . -name '*.pyc' -delete 2>/dev/null; if command -v bun >/dev/null 2>&1; then (cd loki-ts && bun install --production && bun run build) || echo 'WARN: loki-ts build failed, using existing dist if present'; else echo 'WARN: bun not on PATH, skipping loki-ts build (using committed dist if present)'; fi; true",
-    "prepublishOnly": "cd dashboard-ui && npm ci && npm run build:all",
+    "prepublishOnly": "cd dashboard-ui && npm ci && npm run build:all && test -f ../dashboard/static/index.html",
     "test": "bash -n autonomy/run.sh && bash -n autonomy/loki && bash -n autonomy/completion-council.sh && bash -n autonomy/app-runner.sh && bash -n autonomy/prd-checklist.sh && bash -n autonomy/playwright-verify.sh && node --test tests/protocols/*.test.js && node --test tests/protocols/a2a/*.test.js && node --test tests/observability/*.test.js && node --test tests/policies/*.test.js && node --test tests/audit/*.test.js && node --test tests/integrations/*.test.js && node --test tests/integrations/jira/*.test.js && node --test tests/integrations/github/*.test.js && node --test tests/integrations/slack/*.test.js && bash tests/managed_memory/test_flag_matrix.sh && bash tests/managed_memory/test_sdk_isolation.sh && bash tests/managed_memory/test_kill_switch.sh && python3 -m unittest tests.managed_memory.test_shadow_write_mock tests.managed_memory.test_retrieve_mock && echo 'All checks passed'",
     "test:visual": "node --experimental-vm-modules node_modules/jest/bin/jest.js dashboard-ui/tests/visual-regression.test.js",
     "test:parity": "node --experimental-vm-modules dashboard-ui/scripts/check-parity.js",
@@ -111,7 +111,7 @@
     "test:integration": "bash tests/integration/run_integration_suite.sh"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=20.0.0"
   },
   "os": [
     "darwin",
@@ -124,7 +124,7 @@
     "@opentelemetry/exporter-trace-otlp-http": "^0.57.0"
   },
   "overrides": {
-    "protobufjs": ">=7.5.9"
+    "protobufjs": ">=7.5.6"
   },
   "devDependencies": {
     "@types/node": "^25.2.0",

package/skills/healing.md CHANGED Viewed

@@ -505,3 +505,15 @@ loki heal --report
 # Strict mode: block any behavioral change without approval
 LOKI_HEAL_STRICT=true loki heal ./legacy-app
 ```
+## Checkpoint metadata hardening (v7.5.8)
+As defense-in-depth for the healing checkpoint store, the checkpoint
+writer now rejects ASCII control characters (U+0000-U+001F except TAB,
+LF, CR, plus U+007F) anywhere in checkpoint metadata keys or values
+before persisting `.loki/healing/checkpoints/<phase>.json`. This blocks
+log-injection and JSON-poisoning vectors where adapter output, friction
+notes, or institutional-knowledge excerpts could smuggle terminal
+escapes or NUL bytes into the resume path. Rejected writes raise a
+typed error and never partially overwrite the prior checkpoint, so
+`loki heal --resume` always restarts from a clean, validated state.

package/skills/quality-gates.md CHANGED Viewed

@@ -160,6 +160,16 @@ are silently dropped at load time. The override council uses a stub
 judge in v7.5.x that approves any of those six trusted proofTypes;
 real provider-backed judges land in Phase 2 of Part B.
+**Cross-process gate counter (v7.5.5+)**: the per-iteration gate counter
+at `.loki/state/gate-counter-<iter>.json` is now incremented under a
+cross-process file lock via `withFileLockSync` in
+`loki-ts/src/util/atomic.ts`. Concurrent gate runs (parallel worktrees,
+overlapping `runQualityGates` invocations) no longer race the
+read-modify-write, so override-council quotas and per-finding counters
+remain consistent across processes. The lock file lives at
+`.loki/state/gate-counter-<iter>.json.lock` and is released even on
+crash via the primitive's `finally` cleanup.
 ---
 ## Guardrails Execution Modes

package/web-app/requirements.txt CHANGED Viewed

@@ -25,3 +25,6 @@ passlib[bcrypt]>=1.7.4
 # Encryption (optional) -- Fernet encryption for user secrets.
 # Needed only for the /api/secrets endpoints in cloud mode.
 cryptography>=41.0.0
+# YAML parsing -- used by server.py for config loading
+pyyaml>=6.0