loki-mode 7.63.1 → 7.64.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-driven build system with a built-in trust layer. It does not call work done until it is verified (RARV-C closure loop, 8 quality gates, completion council, verified-completion evidence gate). Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.63.1
+# Loki Mode v7.64.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -406,4 +406,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.63.1 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.64.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.63.1
+7.64.0

package/autonomy/app-runner.sh

@@ -144,6 +144,76 @@ HEALTH_EOF
     mv "$tmp_file" "$_APP_RUNNER_DIR/health.json"
 }
 
+# L5 fix (PID-file reuse race): capture a disambiguating identity token for a
+# live PID, so a later liveness check can tell "our app is still running" apart
+# from "the OS reassigned the crashed app's PID to an unrelated process". A raw
+# `kill -0 $pid` cannot make that distinction: a reused PID reports a foreign
+# process as a healthy app.
+#
+# Token = the process start time (`lstart`) plus its command name (`comm`), one
+# line, read from `ps`. `lstart` is the strong disambiguator: it is constant for
+# a process lifetime and a reused PID is, by definition, a different (later)
+# process with a different start time. `comm` is a weaker secondary signal kept
+# for human readability. We compare the whole line by plain string equality.
+#
+# Portability: the `ps -o lstart=,comm=` field set works on both BSD (macOS) and
+# GNU/Linux. We never parse the format -- we only ever compare two reads taken on
+# the SAME host (capture at start vs read at check), so the BSD-vs-Linux format
+# difference is irrelevant: the two strings either match or they do not. Returns
+# empty on any `ps` miss (dead/foreign pid) so callers can fall back safely.
+_app_runner_pid_token() {
+    local pid="$1"
+    case "$pid" in
+        ''|0|1) return 0 ;;
+    esac
+    [[ "$pid" =~ ^[0-9]+$ ]] || return 0
+    # Collapse internal whitespace runs to single spaces so a benign formatting
+    # quirk (e.g. extra padding) never causes a spurious mismatch.
+    ps -o lstart=,comm= -p "$pid" 2>/dev/null | tr -s ' ' ' ' | sed 's/^ *//; s/ *$//'
+}
+
+# Write the captured identity token for the current app PID. Best-effort: if the
+# token cannot be read (no ps output) we remove any stale token file rather than
+# leave a wrong one, which makes the later check fall back to trusting kill -0
+# (no false-DEAD regression).
+_write_app_token() {
+    local pid="$1"
+    local tok
+    tok=$(_app_runner_pid_token "$pid")
+    if [ -n "$tok" ]; then
+        local tmp_file="$_APP_RUNNER_DIR/app.token.tmp.$$"
+        printf '%s\n' "$tok" > "$tmp_file" 2>/dev/null && \
+            mv "$tmp_file" "$_APP_RUNNER_DIR/app.token" 2>/dev/null || \
+            rm -f "$tmp_file" 2>/dev/null
+    else
+        rm -f "$_APP_RUNNER_DIR/app.token" 2>/dev/null
+    fi
+}
+
+# Decide whether the live PID is still OUR app, using the captured token.
+# Returns 0 (yes, ours) when:
+#   - no token file exists (app launched by a pre-fix version, or ps was
+#     unavailable at start) -- fall back to trusting kill -0, OR
+#   - the live PID's token matches the stored token.
+# Returns 1 (NOT ours) ONLY when a token file exists AND the live token differs
+# (the strong "PID was reused by a foreign process" signal). This asymmetry is
+# deliberate: we never declare DEAD on a missing/unreadable token, so a
+# legitimate still-running app is never falsely killed (no false-DEAD
+# regression). The residual: if `ps` is entirely unavailable on the host, the
+# token file is never written and we always fall back to bare kill -0 -- i.e. no
+# worse than the pre-fix behavior, never worse.
+_app_runner_pid_is_ours() {
+    local pid="$1"
+    local token_file="$_APP_RUNNER_DIR/app.token"
+    [ -f "$token_file" ] || return 0
+    local stored live
+    stored=$(cat "$token_file" 2>/dev/null)
+    [ -n "$stored" ] || return 0
+    live=$(_app_runner_pid_token "$pid")
+    [ -n "$live" ] || return 0
+    [ "$live" = "$stored" ]
+}
+
 # Re-derive a detection.json field (type/command) so we can rewrite it after a
 # port reconcile without threading those values through globals. Echoes the raw
 # string value (empty on miss). Mirrors the grep-based read style used by
@@ -1148,6 +1218,10 @@ app_runner_start() {
         # live port even when the app ignored PORT. Mutates globals before the
         # state write below. Bounded; no-op when the app honored the chosen port.
         _app_runner_reconcile_port
+        # L5 fix: capture the identity token now that the child has exec'd into
+        # the real app process, so a later health-check/watchdog can detect a
+        # reused PID (foreign process) instead of trusting it blindly.
+        _write_app_token "$_APP_RUNNER_PID"
         _write_app_state "running"
         log_info "App Runner: application started (PID: $_APP_RUNNER_PID) on port $_APP_RUNNER_PORT"
         return 0
@@ -1271,6 +1345,7 @@ app_runner_stop() {
     fi
 
     rm -f "$_APP_RUNNER_DIR/app.pid"
+    rm -f "$_APP_RUNNER_DIR/app.token"
     _write_app_state "stopped"
     log_info "App Runner: application stopped"
     _APP_RUNNER_PID=""
@@ -1282,7 +1357,20 @@ app_runner_restart() {
     log_step "App Runner: restarting (restart #$_APP_RUNNER_RESTART_COUNT)..."
     app_runner_stop
     sleep 1
+    # L6 fix (non-atomic restart): the old code returned app_runner_start's status
+    # unhandled, so a failed start (e.g. the old port still in TIME_WAIT after the
+    # 1s wait, tripping the port-conflict guard) left the app stopped with only an
+    # internal log_warn -- silent to the caller, which saw the restart "succeed".
+    # Surface the failure loudly via log_error and return the failure status
+    # explicitly so the restart's failure is visible and actionable. The
+    # happy-path behavior (start succeeds -> return 0) is unchanged.
     app_runner_start
+    local _start_rc=$?
+    if [ "$_start_rc" -ne 0 ]; then
+        log_error "App Runner: restart failed -- app stopped but could not be started again (start exit $_start_rc). Check $_APP_RUNNER_DIR/app.log; the previous port may still be held (TIME_WAIT) or the start command may be failing."
+        return "$_start_rc"
+    fi
+    return 0
 }
 
 #===============================================================================
@@ -1374,6 +1462,18 @@ app_runner_health_check() {
         return 1
     fi
 
+    # L5 fix (PID-file reuse race): kill -0 only proves SOME process owns this
+    # PID, not that it is OUR app. The OS may have reassigned the crashed app's
+    # PID to an unrelated process. Verify the captured identity token; on a
+    # mismatch the live PID is a foreign process, so the app is DEAD. (When no
+    # token was captured we fall back to trusting kill -0 -- see
+    # _app_runner_pid_is_ours -- so a still-running legitimate app is never
+    # falsely marked dead.)
+    if ! _app_runner_pid_is_ours "$_APP_RUNNER_PID"; then
+        _write_health "false"
+        return 1
+    fi
+
     # For HTTP apps, try an HTTP health check.
     if [ -n "$_APP_RUNNER_PORT" ] && [ "$_APP_RUNNER_PORT" -gt 0 ] 2>/dev/null; then
         # The health signal is "is the server answering HTTP at all", NOT "does /
@@ -1524,7 +1624,15 @@ app_runner_watchdog() {
     # app_runner_health_check (HTTP-aware for apps that declared a port), and
     # treat an unhealthy-but-alive process as a crash so the same circuit
     # breaker + backoff + restart path handles it.
-    if kill -0 "$_APP_RUNNER_PID" 2>/dev/null; then
+    # L5 fix: gate on BOTH liveness AND identity. If kill -0 succeeds but the
+    # PID is a foreign process the OS reassigned our crashed app's PID to
+    # (_app_runner_pid_is_ours false), we must NOT enter this branch: the
+    # alive-but-unhealthy path below calls app_runner_stop, which would send
+    # TERM/KILL to an innocent stranger. Instead let a reused PID fall through to
+    # the dead path, which only increments the crash count and restarts -- it
+    # never signals the PID. (No token captured -> is_ours returns true ->
+    # behaves exactly as before, so no regression for legitimately-running apps.)
+    if kill -0 "$_APP_RUNNER_PID" 2>/dev/null && _app_runner_pid_is_ours "$_APP_RUNNER_PID"; then
         if app_runner_health_check; then
             # BUG 3 fix: a confirmed-healthy observation clears the accumulated
             # crash count so the breaker fires only on 5 CONSECUTIVE failures,
@@ -1557,6 +1665,7 @@ app_runner_watchdog() {
         done
         _write_app_state "crashed"
         rm -f "$_APP_RUNNER_DIR/app.pid"
+        rm -f "$_APP_RUNNER_DIR/app.token"
         _APP_RUNNER_PID=""
         return 1
     fi

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.63.1"
+__version__ = "7.64.0"
 
 # Expose the control app for easy import
 try:

package/dashboard/server.py

@@ -436,23 +436,51 @@ class ConnectionManager:
         if websocket in self.active_connections:
             self.active_connections.remove(websocket)
 
+    # Per-client send timeout (seconds). A client that does not stop reading
+    # fills its TCP send buffer; without a bound the await blocks indefinitely
+    # and one stalled client would freeze the whole fan-out (and the 2s
+    # _push_loki_state_loop) for every other client. Drop the slow client
+    # instead of blocking everyone.
+    SEND_TIMEOUT_SECONDS = 5.0
+
     async def broadcast(self, message: dict[str, Any]) -> None:
-        """Broadcast a message to all connected clients."""
-        disconnected = []
-        for connection in list(self.active_connections):
+        """Broadcast a message to all connected clients.
+
+        Sends run concurrently with a per-client timeout so a single stalled
+        or dead client is dropped rather than blocking the fan-out.
+        """
+        connections = list(self.active_connections)
+        if not connections:
+            return
+
+        async def _send(conn: WebSocket) -> bool:
             try:
-                await connection.send_json(message)
+                await asyncio.wait_for(
+                    conn.send_json(message), timeout=self.SEND_TIMEOUT_SECONDS
+                )
+                return True
+            except asyncio.TimeoutError:
+                logger.debug("WebSocket send timed out, dropping slow client")
+                return False
             except Exception as e:
                 logger.debug(f"WebSocket send failed, client disconnected: {e}")
-                disconnected.append(connection)
-        # Clean up disconnected clients
-        for conn in disconnected:
-            self.disconnect(conn)
+                return False
+
+        results = await asyncio.gather(*(_send(c) for c in connections))
+        # Clean up clients that timed out or errored.
+        for conn, ok in zip(connections, results):
+            if not ok:
+                self.disconnect(conn)
 
     async def send_personal(self, websocket: WebSocket, message: dict[str, Any]) -> None:
         """Send a message to a specific client."""
         try:
-            await websocket.send_json(message)
+            await asyncio.wait_for(
+                websocket.send_json(message), timeout=self.SEND_TIMEOUT_SECONDS
+            )
+        except asyncio.TimeoutError:
+            logger.debug("WebSocket personal send timed out, dropping slow client")
+            self.disconnect(websocket)
         except Exception as e:
             logger.debug(f"WebSocket personal send failed: {e}")
             self.disconnect(websocket)
@@ -5257,6 +5285,11 @@ def _compute_cost_snapshot() -> dict:
         for eff_file in sorted(efficiency_dir.glob("*.json")):
             try:
                 data = json.loads(eff_file.read_text())
+                # A corrupt/truncated efficiency file can parse to a non-object
+                # (list / null / scalar); data.get(...) would then raise
+                # AttributeError. Skip such files rather than 500 the endpoint.
+                if not isinstance(data, dict):
+                    continue
 
                 inp = data.get("input_tokens", 0)
                 out = data.get("output_tokens", 0)
@@ -5284,7 +5317,7 @@ def _compute_cost_snapshot() -> dict:
                 by_model[model]["input_tokens"] += inp
                 by_model[model]["output_tokens"] += out
                 by_model[model]["cost_usd"] += cost
-            except (json.JSONDecodeError, KeyError, TypeError):
+            except (json.JSONDecodeError, KeyError, TypeError, AttributeError):
                 pass
 
     # Fallback: read from context tracking if efficiency files have no token data
@@ -5293,7 +5326,13 @@ def _compute_cost_snapshot() -> dict:
         if ctx_file.exists():
             try:
                 ctx = json.loads(ctx_file.read_text())
+                # A corrupt/truncated tracking.json can parse to a non-object;
+                # ctx.get(...) would then raise AttributeError. Skip it.
+                if not isinstance(ctx, dict):
+                    ctx = {}
                 totals = ctx.get("totals", {})
+                if not isinstance(totals, dict):
+                    totals = {}
                 total_input = totals.get("total_input", 0)
                 total_output = totals.get("total_output", 0)
                 if total_input > 0 or total_output > 0:
@@ -5309,7 +5348,7 @@ def _compute_cost_snapshot() -> dict:
                         by_model[model]["input_tokens"] += inp
                         by_model[model]["output_tokens"] += out
                         by_model[model]["cost_usd"] += cost
-            except (json.JSONDecodeError, KeyError):
+            except (json.JSONDecodeError, KeyError, TypeError, AttributeError):
                 pass
 
     # Read budget configuration
@@ -5386,13 +5425,26 @@ async def get_budget():
             except (json.JSONDecodeError, KeyError):
                 pass
 
+    # Coerce defensively: a budget.json with a non-numeric budget_used/limit
+    # (e.g. "n/a", null, a list) parses as valid JSON but would crash float()
+    # with ValueError/TypeError. Treat non-numeric values as 0.0 / None so the
+    # endpoint returns a clean payload instead of a 500.
+    def _to_float(value, default=0.0):
+        try:
+            return float(value)
+        except (ValueError, TypeError):
+            return default
+
+    budget_limit_f = _to_float(budget_limit, None) if budget_limit is not None else None
+    budget_used_f = _to_float(budget_used, 0.0)
+
     remaining = None
-    if budget_limit is not None:
-        remaining = max(0.0, float(budget_limit) - float(budget_used))
+    if budget_limit_f is not None:
+        remaining = max(0.0, budget_limit_f - budget_used_f)
 
     return {
-        "budget_limit": float(budget_limit) if budget_limit is not None else None,
-        "current_cost": round(float(budget_used), 4),
+        "budget_limit": budget_limit_f,
+        "current_cost": round(budget_used_f, 4),
         "exceeded": exceeded,
         "exceeded_at": exceeded_at,
         "remaining": round(remaining, 4) if remaining is not None else None,
@@ -6590,10 +6642,17 @@ async def resume_agent(agent_id: str):
 
 @app.get("/api/logs")
 async def get_logs(lines: int = Query(default=100, ge=1, le=10000), token: Optional[dict] = Depends(auth.get_current_token)):
-    """Get recent log entries from session log files."""
+    """Get recent log entries from session log files (redacted)."""
     log_dir = _get_loki_dir() / "logs"
     entries = []
 
+    # Session logs (.loki/logs/*.log) are written raw by run.sh and can contain
+    # secrets an agent/tool echoed to stdout (sk-ant-, ghp_, Bearer, AWS keys).
+    # Redact every returned message exactly like the /api/app-runner/logs and
+    # /errors endpoints do. The response shape is unchanged; only the message
+    # content passes through the redactor.
+    _redact = _get_log_redactor()
+
     # Regex for full timestamp: [2026-02-07T01:32:00] [INFO] msg  or  2026-02-07 01:32:00 INFO msg
     _LOG_TS_FULL = re.compile(
         r'^\[?(\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2})\]?\s*\[?(\w+)\]?\s*(.*)'
@@ -6661,7 +6720,7 @@ async def get_logs(lines: int = Query(default=100, ge=1, le=10000), token: Optio
                         timestamp = file_mtime
 
                     entries.append({
-                        "message": message,
+                        "message": _redact(message),
                         "level": level,
                         "timestamp": timestamp,
                     })
@@ -7171,6 +7230,10 @@ def _build_metrics_text() -> str:
             for eff_file in efficiency_dir.glob("*.json"):
                 try:
                     data = json.loads(eff_file.read_text())
+                    # Skip non-object (corrupt/truncated) efficiency files so a
+                    # bad file does not 500 the Prometheus scrape.
+                    if not isinstance(data, dict):
+                        continue
                     cost = data.get("cost_usd")
                     if cost is not None:
                         estimated_cost += float(cost)
@@ -7180,7 +7243,7 @@ def _build_metrics_text() -> str:
                         estimated_cost += _calculate_model_cost(
                             data.get("model", "sonnet").lower(), inp, out
                         )
-                except (json.JSONDecodeError, KeyError, TypeError):
+                except (json.JSONDecodeError, KeyError, TypeError, AttributeError):
                     pass
         except OSError:
             pass

package/loki-ts/dist/loki.js

@@ -1,5 +1,5 @@
 // @bun
-var r6=Object.defineProperty;var t6=($)=>$;function i6($,Q){this[$]=t6.bind(null,Q)}var b=($,Q)=>{for(var Z in Q)r6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:i6.bind(Q,Z)})};var P=($,Q)=>()=>($&&(Q=$($=0)),Q);var q$=import.meta.require;var D1={};b(D1,{lokiDir:()=>j,homeLokiDir:()=>a$,findRepoRootForVersion:()=>n$,REPO_ROOT:()=>g});import{resolve as a,dirname as o$}from"path";import{fileURLToPath as e6}from"url";import{existsSync as j$}from"fs";import{homedir as $Q}from"os";function QQ(){let $=S1;for(let Q=0;Q<6;Q++){if(j$(a($,"VERSION"))&&j$(a($,"autonomy/run.sh")))return $;let Z=o$($);if(Z===$)break;$=Z}return a(S1,"..","..","..")}function n$($){let Q=$;for(let Z=0;Z<6;Z++){if(j$(a(Q,"VERSION"))&&j$(a(Q,"autonomy/run.sh")))return Q;let z=o$(Q);if(z===Q)break;Q=z}return a($,"..","..","..")}function j(){return process.env.LOKI_DIR??a(process.cwd(),".loki")}function a$(){return a($Q(),".loki")}var S1,g;var C=P(()=>{S1=o$(e6(import.meta.url));g=QQ()});import{readFileSync as ZQ}from"fs";import{resolve as zQ,dirname as XQ}from"path";import{fileURLToPath as KQ}from"url";function F$(){if(Q$!==null)return Q$;let $="7.63.1";if(typeof $==="string"&&$.length>0)return Q$=$,Q$;try{let Q=XQ(KQ(import.meta.url)),Z=n$(Q);Q$=ZQ(zQ(Z,"VERSION"),"utf-8").trim()}catch{Q$="unknown"}return Q$}var Q$=null;var s$=P(()=>{C()});var b1={};b(b1,{runOrThrow:()=>qQ,run:()=>k,commandVersion:()=>JQ,commandExists:()=>f,ShellError:()=>r$});async function k($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[q,K,W]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:q,stderr:K,exitCode:W}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function qQ($,Q={}){let Z=await k($,Q);if(Z.exitCode!==0)throw new r$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=VQ($),Z=await k(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function VQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function JQ($,Q="--version"){if(!await f($))return null;let z=await k([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var r$;var d=P(()=>{r$=class r$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function s($){return WQ?"":$}var WQ,T,S,_,wZ,I,R,h,V;var c=P(()=>{WQ=(process.env.NO_COLOR??"").length>0;T=s("\x1B[0;31m"),S=s("\x1B[0;32m"),_=s("\x1B[1;33m"),wZ=s("\x1B[0;34m"),I=s("\x1B[0;36m"),R=s("\x1B[1m"),h=s("\x1B[2m"),V=s("\x1B[0m")});import{existsSync as wQ}from"fs";async function Z$(){if(Y$!==void 0)return Y$;let $="/opt/homebrew/bin/python3.12";if(wQ($))return Y$=$,$;let Q=await f("python3.12");if(Q)return Y$=Q,Q;let Z=await f("python3");return Y$=Z,Z}async function z$($,Q={}){let Z=await Z$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return k([Z,"-c",$],Q)}var Y$;var V$=P(()=>{d()});var e1={};b(e1,{runStatus:()=>uQ});import{existsSync as y,readFileSync as W$,readdirSync as d1,statSync as o1}from"fs";import{resolve as D,basename as DQ}from"path";import{homedir as CQ}from"os";function n1($){let Q=Math.trunc($);if(Q>=1e6)return`${(Math.trunc(Q/1e6*10)/10).toFixed(1)}M`;if(Q>=1000)return`${(Math.trunc(Q/1000*10)/10).toFixed(1)}K`;return String(Q)}function a1($,Q,Z){if(Q===0)return null;let z=Math.trunc($*100/Q),X=Math.trunc($*R$/Q);if(X>R$)X=R$;let q=R$-X,K=S;if(z>=80)K=T;else if(z>=50)K=_;let W="=".repeat(Math.max(0,X))+" ".repeat(Math.max(0,q)),J=n1($),U=n1(Q);return`  ${R}${Z}${V} ${K}[${W}]${V} ${z}% (${J} / ${U})`}async function hQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${V}
+var r6=Object.defineProperty;var t6=($)=>$;function i6($,Q){this[$]=t6.bind(null,Q)}var b=($,Q)=>{for(var Z in Q)r6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:i6.bind(Q,Z)})};var P=($,Q)=>()=>($&&(Q=$($=0)),Q);var q$=import.meta.require;var D1={};b(D1,{lokiDir:()=>j,homeLokiDir:()=>a$,findRepoRootForVersion:()=>n$,REPO_ROOT:()=>g});import{resolve as a,dirname as o$}from"path";import{fileURLToPath as e6}from"url";import{existsSync as j$}from"fs";import{homedir as $Q}from"os";function QQ(){let $=S1;for(let Q=0;Q<6;Q++){if(j$(a($,"VERSION"))&&j$(a($,"autonomy/run.sh")))return $;let Z=o$($);if(Z===$)break;$=Z}return a(S1,"..","..","..")}function n$($){let Q=$;for(let Z=0;Z<6;Z++){if(j$(a(Q,"VERSION"))&&j$(a(Q,"autonomy/run.sh")))return Q;let z=o$(Q);if(z===Q)break;Q=z}return a($,"..","..","..")}function j(){return process.env.LOKI_DIR??a(process.cwd(),".loki")}function a$(){return a($Q(),".loki")}var S1,g;var C=P(()=>{S1=o$(e6(import.meta.url));g=QQ()});import{readFileSync as ZQ}from"fs";import{resolve as zQ,dirname as XQ}from"path";import{fileURLToPath as KQ}from"url";function F$(){if(Q$!==null)return Q$;let $="7.64.0";if(typeof $==="string"&&$.length>0)return Q$=$,Q$;try{let Q=XQ(KQ(import.meta.url)),Z=n$(Q);Q$=ZQ(zQ(Z,"VERSION"),"utf-8").trim()}catch{Q$="unknown"}return Q$}var Q$=null;var s$=P(()=>{C()});var b1={};b(b1,{runOrThrow:()=>qQ,run:()=>k,commandVersion:()=>JQ,commandExists:()=>f,ShellError:()=>r$});async function k($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[q,K,W]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:q,stderr:K,exitCode:W}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function qQ($,Q={}){let Z=await k($,Q);if(Z.exitCode!==0)throw new r$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=VQ($),Z=await k(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function VQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function JQ($,Q="--version"){if(!await f($))return null;let z=await k([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var r$;var d=P(()=>{r$=class r$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function s($){return WQ?"":$}var WQ,T,S,_,wZ,I,R,h,V;var c=P(()=>{WQ=(process.env.NO_COLOR??"").length>0;T=s("\x1B[0;31m"),S=s("\x1B[0;32m"),_=s("\x1B[1;33m"),wZ=s("\x1B[0;34m"),I=s("\x1B[0;36m"),R=s("\x1B[1m"),h=s("\x1B[2m"),V=s("\x1B[0m")});import{existsSync as wQ}from"fs";async function Z$(){if(Y$!==void 0)return Y$;let $="/opt/homebrew/bin/python3.12";if(wQ($))return Y$=$,$;let Q=await f("python3.12");if(Q)return Y$=Q,Q;let Z=await f("python3");return Y$=Z,Z}async function z$($,Q={}){let Z=await Z$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return k([Z,"-c",$],Q)}var Y$;var V$=P(()=>{d()});var e1={};b(e1,{runStatus:()=>uQ});import{existsSync as y,readFileSync as W$,readdirSync as d1,statSync as o1}from"fs";import{resolve as D,basename as DQ}from"path";import{homedir as CQ}from"os";function n1($){let Q=Math.trunc($);if(Q>=1e6)return`${(Math.trunc(Q/1e6*10)/10).toFixed(1)}M`;if(Q>=1000)return`${(Math.trunc(Q/1000*10)/10).toFixed(1)}K`;return String(Q)}function a1($,Q,Z){if(Q===0)return null;let z=Math.trunc($*100/Q),X=Math.trunc($*R$/Q);if(X>R$)X=R$;let q=R$-X,K=S;if(z>=80)K=T;else if(z>=50)K=_;let W="=".repeat(Math.max(0,X))+" ".repeat(Math.max(0,q)),J=n1($),U=n1(Q);return`  ${R}${Z}${V} ${K}[${W}]${V} ${z}% (${J} / ${U})`}async function hQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${V}
 `),process.stdout.write(`Install with:
 `),process.stdout.write(`  brew install jq    (macOS)
 `),process.stdout.write(`  apt install jq     (Debian/Ubuntu)
@@ -791,4 +791,4 @@ Set LOKI_LEGACY_BASH=1 to force the bash CLI for every command.
 `),2}default:return process.stderr.write(`Unknown command: ${Q}
 `),process.stderr.write(s6),2}}l1();process.on("SIGINT",()=>process.exit(130));process.on("SIGTERM",()=>process.exit(143));var KZ=await XZ(Bun.argv.slice(2));process.exit(KZ);
 
-//# debugId=57FA9507F46D167A64756E2164756E21
+//# debugId=377AD6A602B0171564756E2164756E21

package/mcp/__init__.py

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '7.63.1'
+__version__ = '7.64.0'

package/mcp/server.py

@@ -15,6 +15,7 @@ Usage:
     python -m mcp.server --transport http   # HTTP mode
 """
 
+import asyncio
 import sys
 import os
 import json
@@ -811,7 +812,10 @@ async def loki_task_queue_add(
             "created_at": datetime.now(timezone.utc).isoformat()
         }
 
-        queue["tasks"].append(task)
+        # Use setdefault so an existing-but-malformed queue dict that lacks a
+        # "tasks" key does not raise KeyError, consistent with the safe
+        # queue.get("tasks", ...) read above.
+        queue.setdefault("tasks", []).append(task)
 
         # Save using StateManager if available
         if manager and STATE_MANAGER_AVAILABLE:
@@ -1710,7 +1714,10 @@ async def loki_code_search(
                                        'type_filter': type_filter})
 
     # Warn-if-stale (default) or opt-in auto-reindex before querying.
-    _maybe_autoreindex_code()
+    # _maybe_autoreindex_code runs a synchronous subprocess (timeout up to
+    # 300s) when LOKI_CODE_INDEX_AUTOREINDEX=1; offload it so it cannot
+    # freeze the MCP event loop while the indexer runs.
+    await asyncio.to_thread(_maybe_autoreindex_code)
     _staleness = _code_index_staleness()
 
     collection = _get_chroma_collection()
@@ -1743,7 +1750,10 @@ async def loki_code_search(
         where = {"$and": where_clauses}
 
     try:
-        results = collection.query(
+        # collection.query is a blocking HTTP call to ChromaDB; offload it so
+        # the MCP event loop is not frozen for the duration of the request.
+        results = await asyncio.to_thread(
+            collection.query,
             query_texts=[query],
             n_results=n_results,
             where=where,
@@ -2209,6 +2219,13 @@ async def loki_get_co_changes(
                 continue
             if not isinstance(pair_files, (list, tuple)) or len(pair_files) != 2:
                 continue
+            # Coerce the count to int so a mixed-type producer (one row's
+            # count a string, another's an int) does not raise TypeError when
+            # results are sorted below. Skip rows whose count is not numeric.
+            try:
+                count = int(count)
+            except (ValueError, TypeError):
+                continue
             a, b = pair_files[0], pair_files[1]
             if a == b:
                 continue
@@ -2323,6 +2340,7 @@ async def loki_findings(iteration: int = -1) -> str:
                 return json.dumps(data)
         reviews_dir = safe_path_join('.loki', 'quality', 'reviews')
         if not os.path.exists(reviews_dir):
+            _emit_tool_event_async('loki_findings', 'complete', result_status='success')
             return json.dumps({"iteration": iteration, "review_id": None, "findings": []})
         candidates = sorted([d for d in os.listdir(reviews_dir)
                              if d.startswith('review-')
@@ -2330,6 +2348,7 @@ async def loki_findings(iteration: int = -1) -> str:
         if iteration >= 0:
             candidates = [c for c in candidates if c.endswith(f'-{iteration}')]
         if not candidates:
+            _emit_tool_event_async('loki_findings', 'complete', result_status='success')
             return json.dumps({"iteration": iteration, "review_id": None, "findings": []})
         latest = candidates[-1]
         review_path = safe_path_join('.loki', 'quality', 'reviews', latest)
@@ -2425,9 +2444,14 @@ async def loki_counter_evidence_template(iteration: int) -> str:
     try:
         findings_data = json.loads(await loki_findings(iteration=iteration))
         if 'error' in findings_data:
+            _emit_tool_event_async('loki_counter_evidence_template', 'complete',
+                                   result_status='error',
+                                   error=findings_data.get('error'))
             return json.dumps(findings_data)
         findings = findings_data.get('findings', [])
         if not findings:
+            _emit_tool_event_async('loki_counter_evidence_template', 'complete',
+                                   result_status='success')
             return json.dumps({"iteration": iteration, "template": None,
                                "message": f"No findings for iteration {iteration}."})
         evidence = []

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "loki-mode",
   "mcpName": "io.github.asklokesh/loki-mode",
-  "version": "7.63.1",
+  "version": "7.64.0",
   "description": "Loki Mode by Autonomi. Autonomous spec-to-product system: takes a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief to a deployed app via the RARV-C closure loop with 8 quality gates. Provider-agnostic (Claude Code, OpenAI Codex, Cline, Aider).",
   "keywords": [
     "agent",

package/plugins/loki-mode/.claude-plugin/plugin.json

@@ -2,7 +2,7 @@
   "$schema": "https://json.schemastore.org/claude-code-plugin-manifest.json",
   "name": "loki-mode",
   "displayName": "Loki Mode",
-  "version": "7.63.1",
+  "version": "7.64.0",
   "description": "Autonomous spec-to-product build system with a built-in trust layer (RARV-C closure loop, 8 quality gates, completion council). Ships Loki's spec-hardening, drift-detection, and deterministic PR verification commands plus the Loki MCP server.",
   "author": {
     "name": "Autonomi",