loki-mode 7.55.0 → 7.56.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-driven build system with a built-in trust layer. It does not call work done until it is verified (RARV-C closure loop, 8 quality gates, completion council, verified-completion evidence gate). Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.55.0
+# Loki Mode v7.56.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -406,4 +406,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.55.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.56.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.55.0
+7.56.0

package/autonomy/loki

@@ -726,8 +726,8 @@ show_help() {
     echo "  help             Show this help ('loki help aliases' for old names)"
     echo ""
     echo "More commands (grill, spec, cleanup, init, watch, demo, web, api,"
-    echo "logs, github, import, council, proof, audit, agent, template, magic,"
-    echo "docs, wiki, ci, test, bench, secrets, telemetry, crash, worktree,"
+    echo "logs, github, import, council, proof, audit, compliance, agent, template,"
+    echo "magic, docs, wiki, ci, test, bench, secrets, telemetry, crash, worktree,"
     echo "failover, monitor, remote, ...) are dispatchable and documented via"
     echo "'loki <command> --help'."
     echo ""
@@ -14530,6 +14530,9 @@ main() {
         audit)
             cmd_audit "$@"
             ;;
+        compliance)
+            cmd_compliance "$@"
+            ;;
         review)
             cmd_review "$@"
             ;;
@@ -15853,6 +15856,211 @@ STATE_QUERY_PY
 }
 
 # Agent action audit log and quality scanning
+# Resolve the repo root (where src/audit lives) from the loki script dir.
+# _LOKI_SCRIPT_DIR is autonomy/; the JS audit modules live at ../src/audit.
+_loki_audit_repo_root() {
+    ( cd "$_LOKI_SCRIPT_DIR/.." && pwd )
+}
+
+# Link the run manifest (.loki/loki-run.json) into the agent audit chain for
+# the TARGET project (not the loki repo). Honest no-op when the manifest is
+# absent. Exit 0 on link or honest no-op; exit 1 only on a real error.
+cmd_audit_link_manifest() {
+    local target_dir="${1:-$PWD}"
+    if ! command -v node &>/dev/null; then
+        echo -e "${RED}Error: node is required for 'loki audit link-manifest'${NC}"
+        echo "Install Node.js, then re-run."
+        return 1
+    fi
+    local repo_root
+    repo_root="$(_loki_audit_repo_root)"
+    local abs_target
+    abs_target="$( cd "$target_dir" 2>/dev/null && pwd )" || {
+        echo -e "${RED}Error: project dir not found: $target_dir${NC}"
+        return 1
+    }
+
+    echo -e "${BOLD}Linking run manifest into the audit chain...${NC}"
+    echo "  Project: $abs_target"
+
+    LOKI_AUDIT_MOD="$repo_root/src/audit" LOKI_AUDIT_TARGET="$abs_target" \
+        node -e '
+const audit = require(process.env.LOKI_AUDIT_MOD);
+const res = audit.linkManifest({ projectDir: process.env.LOKI_AUDIT_TARGET });
+if (res.linked) {
+  console.log("  linked: yes");
+  console.log("  manifest: " + res.manifestPath);
+  console.log("  sha256: " + res.manifestSha256);
+  if (res.manifestSchema) console.log("  schema: " + res.manifestSchema);
+  if (res.anchor && typeof res.anchor.seq !== "undefined") console.log("  anchor seq: " + res.anchor.seq);
+} else {
+  console.log("  linked: no (" + (res.reason || "no-op") + ")");
+  console.log("  manifest: " + res.manifestPath);
+}
+' || {
+        echo -e "${RED}Error: manifest link failed${NC}"
+        return 1
+    }
+    return 0
+}
+
+# Verify the run-manifest link for the TARGET project. Honest empty case
+# (no anchor recorded yet) exits 0; a real tamper/integrity failure exits 1.
+cmd_audit_verify_manifest() {
+    local target_dir="${1:-$PWD}"
+    if ! command -v node &>/dev/null; then
+        echo -e "${RED}Error: node is required for 'loki audit verify-manifest'${NC}"
+        echo "Install Node.js, then re-run."
+        return 1
+    fi
+    local repo_root
+    repo_root="$(_loki_audit_repo_root)"
+    local abs_target
+    abs_target="$( cd "$target_dir" 2>/dev/null && pwd )" || {
+        echo -e "${RED}Error: project dir not found: $target_dir${NC}"
+        return 1
+    }
+
+    echo -e "${BOLD}Verifying run-manifest link...${NC}"
+    echo "  Project: $abs_target"
+
+    LOKI_AUDIT_MOD="$repo_root/src/audit" LOKI_AUDIT_TARGET="$abs_target" \
+        node -e '
+const audit = require(process.env.LOKI_AUDIT_MOD);
+const res = audit.verifyManifestLink({ projectDir: process.env.LOKI_AUDIT_TARGET });
+const chainValid = res.chain && res.chain.valid;
+console.log("  chain integrity: " + (chainValid ? "valid" : "INVALID"));
+if (!res.present) {
+  console.log("  manifest link: none recorded yet (no-op)");
+  // Honest empty case: success only if the chain itself is valid.
+  process.exit(chainValid ? 0 : 1);
+}
+const m = res.manifest || {};
+console.log("  manifest: " + (m.manifestPath || "?"));
+console.log("  pinned sha256:  " + (m.pinnedSha256 || "?"));
+console.log("  current sha256: " + (m.currentSha256 || "(absent)"));
+if (res.valid) {
+  console.log("  verdict: VALID (manifest matches anchored hash)");
+  process.exit(0);
+} else {
+  console.log("  verdict: TAMPERED / INVALID");
+  if (m.error) console.log("  reason: " + m.error);
+  process.exit(1);
+}
+'
+    return $?
+}
+
+# loki compliance - periodic compliance snapshot (SOC2 / ISO27001 / GDPR).
+# The scheduler is default-disabled (LOKI_COMPLIANCE_SNAPSHOT_INTERVAL_HOURS
+# unset or 0). `loki compliance snapshot` runs the self-rate-limiting check;
+# `--force` generates a snapshot now regardless of interval/elapsed gate.
+cmd_compliance() {
+    local subcommand="${1:-help}"
+
+    case "$subcommand" in
+        snapshot)
+            shift
+            local force="" target_dir="$PWD"
+            while [[ $# -gt 0 ]]; do
+                case "$1" in
+                    --force|-f) force="1"; shift ;;
+                    --help|-h)
+                        echo -e "${BOLD}loki compliance snapshot${NC} - Generate/check a compliance snapshot"
+                        echo ""
+                        echo "Usage: loki compliance snapshot [PROJECT_DIR] [--force]"
+                        echo ""
+                        echo "Without --force, respects the default-disabled interval"
+                        echo "(LOKI_COMPLIANCE_SNAPSHOT_INTERVAL_HOURS). Reports honestly:"
+                        echo "  disabled     interval unset/0 (default)"
+                        echo "  not-elapsed  interval not yet elapsed since last snapshot"
+                        echo "  generated    a new snapshot was written"
+                        echo ""
+                        echo "With --force, a snapshot is generated now regardless."
+                        echo "Snapshots are written to .loki/audit/compliance-snapshots/ in the project dir."
+                        return 0
+                        ;;
+                    -*) echo -e "${RED}Unknown option: $1${NC}"; return 1 ;;
+                    *) target_dir="$1"; shift ;;
+                esac
+            done
+
+            if ! command -v node &>/dev/null; then
+                echo -e "${RED}Error: node is required for 'loki compliance snapshot'${NC}"
+                echo "Install Node.js, then re-run."
+                return 1
+            fi
+            local repo_root
+            repo_root="$(_loki_audit_repo_root)"
+            local abs_target
+            abs_target="$( cd "$target_dir" 2>/dev/null && pwd )" || {
+                echo -e "${RED}Error: project dir not found: $target_dir${NC}"
+                return 1
+            }
+
+            echo -e "${BOLD}Compliance snapshot${NC}"
+            echo "  Project: $abs_target"
+
+            LOKI_SCHED_MOD="$repo_root/src/audit/compliance-scheduler.js" \
+            LOKI_SCHED_TARGET="$abs_target" LOKI_SCHED_FORCE="$force" \
+                node -e '
+const sched = require(process.env.LOKI_SCHED_MOD);
+const target = process.env.LOKI_SCHED_TARGET;
+const force = process.env.LOKI_SCHED_FORCE === "1";
+if (force) {
+  const now = Date.now();
+  const snapshot = sched.buildSnapshot({ projectDir: target, nowMs: now });
+  const file = sched.persistSnapshot({ projectDir: target, snapshot: snapshot, nowMs: now });
+  console.log("  result: generated (forced)");
+  console.log("  path: " + file);
+  console.log("  audit entries: " + snapshot.totalAuditEntries);
+  process.exit(0);
+}
+const res = sched.maybeGenerateSnapshot({ projectDir: target });
+if (res.generated) {
+  console.log("  result: generated");
+  console.log("  path: " + res.path);
+  console.log("  interval (hours): " + res.intervalHours);
+} else if (res.reason === "disabled") {
+  console.log("  result: disabled (scheduler off; default)");
+  console.log("  enable: set LOKI_COMPLIANCE_SNAPSHOT_INTERVAL_HOURS=<N>, or use --force to generate now");
+} else if (res.reason === "not-elapsed") {
+  console.log("  result: not-elapsed (interval not yet reached)");
+  console.log("  interval (hours): " + res.intervalHours);
+  if (res.nextEligibleAtMs) console.log("  next eligible: " + new Date(res.nextEligibleAtMs).toISOString());
+  console.log("  override: use --force to generate now");
+} else {
+  console.log("  result: " + (res.reason || "no-op"));
+}
+process.exit(0);
+' || {
+                echo -e "${RED}Error: compliance snapshot failed${NC}"
+                return 1
+            }
+            return 0
+            ;;
+        --help|-h|help)
+            echo -e "${BOLD}loki compliance${NC} - Periodic compliance snapshots"
+            echo ""
+            echo "Usage: loki compliance <subcommand> [options]"
+            echo ""
+            echo "Subcommands:"
+            echo "  snapshot [DIR] [--force]   Generate/check a compliance snapshot"
+            echo "  help                       Show this help"
+            echo ""
+            echo "The compliance scheduler is default-disabled. A snapshot bundles the"
+            echo "SOC2, ISO27001 and GDPR reports plus the audit chain-integrity verdict"
+            echo "into .loki/audit/compliance-snapshots/. Enable periodic generation by setting"
+            echo "LOKI_COMPLIANCE_SNAPSHOT_INTERVAL_HOURS, or run with --force on demand."
+            ;;
+        *)
+            echo -e "${RED}Unknown compliance subcommand: $subcommand${NC}"
+            echo "Run 'loki compliance help' for usage."
+            exit 1
+            ;;
+    esac
+}
+
 cmd_audit() {
     local subcommand="${1:-help}"
     local audit_file="$LOKI_DIR/logs/agent-audit.jsonl"
@@ -16148,23 +16356,51 @@ print()
             fi
             ;;
 
+        link-manifest)
+            # Fold the run manifest (.loki/loki-run.json bill-of-materials) into
+            # the agent audit chain so it becomes tamper-evident and verifiable
+            # against the evidence chain. Explicit, on-demand command: cmd_start
+            # execs run.sh and replaces the loki process, so there is no
+            # post-completion return point in this CLI wrapper to auto-invoke
+            # from. Honest no-op (exit 0) when the manifest is absent.
+            shift
+            local target_dir="${1:-$PWD}"
+            cmd_audit_link_manifest "$target_dir"
+            ;;
+        verify-manifest)
+            # Verify the run-manifest link: agent chain integrity AND the on-disk
+            # manifest still matching the hash pinned by the most recent
+            # manifest-link anchor. Honest empty case (exit 0) when no anchor was
+            # recorded yet; nonzero only on a real tamper/integrity failure.
+            shift
+            local target_dir="${1:-$PWD}"
+            cmd_audit_verify_manifest "$target_dir"
+            ;;
         --help|-h|help)
             echo -e "${BOLD}loki audit${NC} - Agent audit log and quality scanning"
             echo ""
             echo "Usage: loki audit <subcommand> [options]"
             echo ""
             echo "Subcommands:"
-            echo "  log [N]     Show last N audit log entries (default: 50)"
-            echo "  count       Count actions by type"
-            echo "  scan        Run quality scan against dashboard API"
-            echo "  lint        Run static analysis on project files"
-            echo "  test        Run test coverage check"
-            echo "  help        Show this help"
+            echo "  log [N]            Show last N audit log entries (default: 50)"
+            echo "  count              Count actions by type"
+            echo "  scan               Run quality scan against dashboard API"
+            echo "  lint               Run static analysis on project files"
+            echo "  test               Run test coverage check"
+            echo "  link-manifest [P]  Link the run manifest into the audit chain (tamper-evidence)"
+            echo "  verify-manifest [P] Verify the run-manifest link against the evidence chain"
+            echo "  help               Show this help"
             echo ""
             echo "Quality Scan Options (loki audit scan):"
             echo "  --preset NAME   Compliance preset (default|healthcare|fintech|government)"
             echo "  --export        Save report to .loki/quality/report-{date}.json"
             echo ""
+            echo "Manifest tamper-evidence (loki audit link-manifest / verify-manifest):"
+            echo "  Hashes .loki/loki-run.json (the build bill-of-materials) into the"
+            echo "  agent audit chain. link-manifest no-ops honestly if the manifest is"
+            echo "  absent; verify-manifest reports honestly if no anchor exists yet."
+            echo "  Optional [P] is the project dir (default: current directory)."
+            echo ""
             echo "The agent audit log records actions taken during Loki sessions,"
             echo "including CLI invocations, git commits, and session lifecycle events."
             echo "Log file: $audit_file"

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.55.0"
+__version__ = "7.56.0"
 
 # Expose the control app for easy import
 try:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Loki Mode is a spec-driven autonomous builder with a built-in trust layer that takes any spec to a deployed product and verifies completion with evidence (quality gates plus a completion council), not just a "done" claim. Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.55.0
+**Version:** v7.56.0
 
 ---
 
@@ -395,7 +395,7 @@ provider works inside the container. Provide auth with your Anthropic API key:
 # Run Loki Mode in Docker (Claude provider, API-key auth)
 docker run --rm -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
   -v $(pwd):/workspace -w /workspace \
-  asklokesh/loki-mode:7.55.0 start ./my-spec.md
+  asklokesh/loki-mode:7.56.0 start ./my-spec.md
 ```
 
 ##### docker compose + .env (no host install)

package/loki-ts/dist/loki.js

@@ -1,5 +1,5 @@
 // @bun
-var r6=Object.defineProperty;var t6=($)=>$;function i6($,Q){this[$]=t6.bind(null,Q)}var h=($,Q)=>{for(var Z in Q)r6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:i6.bind(Q,Z)})};var L=($,Q)=>()=>($&&(Q=$($=0)),Q);var K$=import.meta.require;var D1={};h(D1,{lokiDir:()=>P,homeLokiDir:()=>n$,findRepoRootForVersion:()=>o$,REPO_ROOT:()=>g});import{resolve as n,dirname as d$}from"path";import{fileURLToPath as e6}from"url";import{existsSync as P$}from"fs";import{homedir as $Q}from"os";function QQ(){let $=S1;for(let Q=0;Q<6;Q++){if(P$(n($,"VERSION"))&&P$(n($,"autonomy/run.sh")))return $;let Z=d$($);if(Z===$)break;$=Z}return n(S1,"..","..","..")}function o$($){let Q=$;for(let Z=0;Z<6;Z++){if(P$(n(Q,"VERSION"))&&P$(n(Q,"autonomy/run.sh")))return Q;let z=d$(Q);if(z===Q)break;Q=z}return n($,"..","..","..")}function P(){return process.env.LOKI_DIR??n(process.cwd(),".loki")}function n$(){return n($Q(),".loki")}var S1,g;var b=L(()=>{S1=d$(e6(import.meta.url));g=QQ()});import{readFileSync as ZQ}from"fs";import{resolve as zQ,dirname as XQ}from"path";import{fileURLToPath as KQ}from"url";function j$(){if($$!==null)return $$;let $="7.55.0";if(typeof $==="string"&&$.length>0)return $$=$,$$;try{let Q=XQ(KQ(import.meta.url)),Z=o$(Q);$$=ZQ(zQ(Z,"VERSION"),"utf-8").trim()}catch{$$="unknown"}return $$}var $$=null;var a$=L(()=>{b()});var b1={};h(b1,{runOrThrow:()=>qQ,run:()=>k,commandVersion:()=>WQ,commandExists:()=>f,ShellError:()=>s$});async function k($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[q,K,W]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:q,stderr:K,exitCode:W}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function qQ($,Q={}){let Z=await k($,Q);if(Z.exitCode!==0)throw new s$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=VQ($),Z=await k(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function VQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function WQ($,Q="--version"){if(!await f($))return null;let z=await k([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var s$;var d=L(()=>{s$=class s$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function a($){return JQ?"":$}var JQ,T,S,_,wZ,I,R,y,V;var c=L(()=>{JQ=(process.env.NO_COLOR??"").length>0;T=a("\x1B[0;31m"),S=a("\x1B[0;32m"),_=a("\x1B[1;33m"),wZ=a("\x1B[0;34m"),I=a("\x1B[0;36m"),R=a("\x1B[1m"),y=a("\x1B[2m"),V=a("\x1B[0m")});import{existsSync as wQ}from"fs";async function Q$(){if(G$!==void 0)return G$;let $="/opt/homebrew/bin/python3.12";if(wQ($))return G$=$,$;let Q=await f("python3.12");if(Q)return G$=Q,Q;let Z=await f("python3");return G$=Z,Z}async function Z$($,Q={}){let Z=await Q$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return k([Z,"-c",$],Q)}var G$;var q$=L(()=>{d()});var e1={};h(e1,{runStatus:()=>uQ});import{existsSync as v,readFileSync as W$,readdirSync as d1,statSync as o1}from"fs";import{resolve as C,basename as DQ}from"path";import{homedir as CQ}from"os";function n1($){let Q=Math.trunc($);if(Q>=1e6)return`${(Math.trunc(Q/1e6*10)/10).toFixed(1)}M`;if(Q>=1000)return`${(Math.trunc(Q/1000*10)/10).toFixed(1)}K`;return String(Q)}function a1($,Q,Z){if(Q===0)return null;let z=Math.trunc($*100/Q),X=Math.trunc($*k$/Q);if(X>k$)X=k$;let q=k$-X,K=S;if(z>=80)K=T;else if(z>=50)K=_;let W="=".repeat(Math.max(0,X))+" ".repeat(Math.max(0,q)),J=n1($),U=n1(Q);return`  ${R}${Z}${V} ${K}[${W}]${V} ${z}% (${J} / ${U})`}async function hQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${V}
+var r6=Object.defineProperty;var t6=($)=>$;function i6($,Q){this[$]=t6.bind(null,Q)}var h=($,Q)=>{for(var Z in Q)r6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:i6.bind(Q,Z)})};var L=($,Q)=>()=>($&&(Q=$($=0)),Q);var K$=import.meta.require;var D1={};h(D1,{lokiDir:()=>P,homeLokiDir:()=>n$,findRepoRootForVersion:()=>o$,REPO_ROOT:()=>g});import{resolve as n,dirname as d$}from"path";import{fileURLToPath as e6}from"url";import{existsSync as P$}from"fs";import{homedir as $Q}from"os";function QQ(){let $=S1;for(let Q=0;Q<6;Q++){if(P$(n($,"VERSION"))&&P$(n($,"autonomy/run.sh")))return $;let Z=d$($);if(Z===$)break;$=Z}return n(S1,"..","..","..")}function o$($){let Q=$;for(let Z=0;Z<6;Z++){if(P$(n(Q,"VERSION"))&&P$(n(Q,"autonomy/run.sh")))return Q;let z=d$(Q);if(z===Q)break;Q=z}return n($,"..","..","..")}function P(){return process.env.LOKI_DIR??n(process.cwd(),".loki")}function n$(){return n($Q(),".loki")}var S1,g;var b=L(()=>{S1=d$(e6(import.meta.url));g=QQ()});import{readFileSync as ZQ}from"fs";import{resolve as zQ,dirname as XQ}from"path";import{fileURLToPath as KQ}from"url";function j$(){if($$!==null)return $$;let $="7.56.0";if(typeof $==="string"&&$.length>0)return $$=$,$$;try{let Q=XQ(KQ(import.meta.url)),Z=o$(Q);$$=ZQ(zQ(Z,"VERSION"),"utf-8").trim()}catch{$$="unknown"}return $$}var $$=null;var a$=L(()=>{b()});var b1={};h(b1,{runOrThrow:()=>qQ,run:()=>k,commandVersion:()=>WQ,commandExists:()=>f,ShellError:()=>s$});async function k($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[q,K,W]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:q,stderr:K,exitCode:W}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function qQ($,Q={}){let Z=await k($,Q);if(Z.exitCode!==0)throw new s$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=VQ($),Z=await k(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function VQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function WQ($,Q="--version"){if(!await f($))return null;let z=await k([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var s$;var d=L(()=>{s$=class s$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function a($){return JQ?"":$}var JQ,T,S,_,wZ,I,R,y,V;var c=L(()=>{JQ=(process.env.NO_COLOR??"").length>0;T=a("\x1B[0;31m"),S=a("\x1B[0;32m"),_=a("\x1B[1;33m"),wZ=a("\x1B[0;34m"),I=a("\x1B[0;36m"),R=a("\x1B[1m"),y=a("\x1B[2m"),V=a("\x1B[0m")});import{existsSync as wQ}from"fs";async function Q$(){if(G$!==void 0)return G$;let $="/opt/homebrew/bin/python3.12";if(wQ($))return G$=$,$;let Q=await f("python3.12");if(Q)return G$=Q,Q;let Z=await f("python3");return G$=Z,Z}async function Z$($,Q={}){let Z=await Q$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return k([Z,"-c",$],Q)}var G$;var q$=L(()=>{d()});var e1={};h(e1,{runStatus:()=>uQ});import{existsSync as v,readFileSync as W$,readdirSync as d1,statSync as o1}from"fs";import{resolve as C,basename as DQ}from"path";import{homedir as CQ}from"os";function n1($){let Q=Math.trunc($);if(Q>=1e6)return`${(Math.trunc(Q/1e6*10)/10).toFixed(1)}M`;if(Q>=1000)return`${(Math.trunc(Q/1000*10)/10).toFixed(1)}K`;return String(Q)}function a1($,Q,Z){if(Q===0)return null;let z=Math.trunc($*100/Q),X=Math.trunc($*k$/Q);if(X>k$)X=k$;let q=k$-X,K=S;if(z>=80)K=T;else if(z>=50)K=_;let W="=".repeat(Math.max(0,X))+" ".repeat(Math.max(0,q)),J=n1($),U=n1(Q);return`  ${R}${Z}${V} ${K}[${W}]${V} ${z}% (${J} / ${U})`}async function hQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${V}
 `),process.stdout.write(`Install with:
 `),process.stdout.write(`  brew install jq    (macOS)
 `),process.stdout.write(`  apt install jq     (Debian/Ubuntu)
@@ -790,4 +790,4 @@ Set LOKI_LEGACY_BASH=1 to force the bash CLI for every command.
 `),2}default:return process.stderr.write(`Unknown command: ${Q}
 `),process.stderr.write(s6),2}}l1();process.on("SIGINT",()=>process.exit(130));process.on("SIGTERM",()=>process.exit(143));var KZ=await XZ(Bun.argv.slice(2));process.exit(KZ);
 
-//# debugId=75540993435DE5C864756E2164756E21
+//# debugId=3D16FCC1B4694B0E64756E2164756E21

package/mcp/__init__.py

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '7.55.0'
+__version__ = '7.56.0'

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "loki-mode",
   "mcpName": "io.github.asklokesh/loki-mode",
-  "version": "7.55.0",
+  "version": "7.56.0",
   "description": "Loki Mode by Autonomi. Autonomous spec-to-product system: takes a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief to a deployed app via the RARV-C closure loop with 8 quality gates. Provider-agnostic (Claude Code, OpenAI Codex, Cline, Aider).",
   "keywords": [
     "agent",

package/plugins/loki-mode/.claude-plugin/plugin.json

@@ -2,7 +2,7 @@
   "$schema": "https://json.schemastore.org/claude-code-plugin-manifest.json",
   "name": "loki-mode",
   "displayName": "Loki Mode",
-  "version": "7.55.0",
+  "version": "7.56.0",
   "description": "Autonomous spec-to-product build system with a built-in trust layer (RARV-C closure loop, 8 quality gates, completion council). Ships Loki's spec-hardening, drift-detection, and deterministic PR verification commands plus the Loki MCP server.",
   "author": {
     "name": "Autonomi",