loki-mode 7.64.0 → 7.66.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-driven build system with a built-in trust layer. It does not call work done until it is verified (RARV-C closure loop, 8 quality gates, completion council, verified-completion evidence gate). Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.64.0
+# Loki Mode v7.66.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -406,4 +406,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.64.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.66.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.64.0
+7.66.0

package/autonomy/completion-council.sh

@@ -75,6 +75,12 @@ COUNCIL_CONSECUTIVE_NO_CHANGE=0
 COUNCIL_DONE_SIGNALS=0
 COUNCIL_TOTAL_DONE_SIGNALS=0
 COUNCIL_LAST_DIFF_HASH=""
+# bash-F1: distinguishes a genuine council approval from a force-stop safety
+# valve (stagnation / done-signal flood). council_should_stop sets this to 1
+# ONLY on the force-stop paths; run.sh reads it (same sourced shell) to avoid
+# reporting a non-approved force-stop as a verified-complete product. Guarded
+# default so set -u never trips before the function runs.
+: "${COUNCIL_FORCE_STOPPED:=0}"
 
 #===============================================================================
 # v6.83.0 Phase 1: Managed Agents memory augmentation (opt-in).
@@ -2051,27 +2057,32 @@ ISSUES: CRITICAL:description (optional, one per line per issue)"
                 # no VOTE and default a real APPROVE to REJECT. Capture the full
                 # output; the downstream parse already greps VOTE/REASON/ISSUES.
                 # CAVEMAN_DEFAULT_MODE=off suppression is preserved (see above).
-                verdict=$(echo "$prompt" | env CAVEMAN_DEFAULT_MODE=off claude "${_cm_argv[@]}" -p 2>/dev/null)
+                # bash-F3: timeout-guard the provider subcall so a hung CLI can
+                # not stall the whole council. Default 600s matches the Bun route
+                # (council.ts LOKI_COUNCIL_TIMEOUT_MS=600000). A timeout yields
+                # empty output, which the [ -z "$verdict" ] fallback below turns
+                # into a conservative heuristic review.
+                verdict=$(echo "$prompt" | timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" env CAVEMAN_DEFAULT_MODE=off claude "${_cm_argv[@]}" -p 2>/dev/null)
             fi
             ;;
         codex)
             if command -v codex &>/dev/null; then
-                verdict=$(codex exec --sandbox workspace-write "$prompt" 2>/dev/null)
+                verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" codex exec --sandbox workspace-write "$prompt" 2>/dev/null)
             fi
             ;;
         gemini)
             if command -v gemini &>/dev/null; then
-                verdict=$(echo "$prompt" | gemini 2>/dev/null)
+                verdict=$(echo "$prompt" | timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" gemini 2>/dev/null)
             fi
             ;;
         cline)
             if command -v cline &>/dev/null; then
-                verdict=$(cline -y "$prompt" 2>/dev/null)
+                verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" cline -y "$prompt" 2>/dev/null)
             fi
             ;;
         aider)
             if command -v aider &>/dev/null; then
-                verdict=$(aider --message "$prompt" --yes-always --no-auto-commits --no-git 2>/dev/null)
+                verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" aider --message "$prompt" --yes-always --no-auto-commits --no-git 2>/dev/null)
             fi
             ;;
     esac
@@ -2152,27 +2163,30 @@ REASON: your reasoning"
                 # Inlined on `claude` only (does not cross the pipe). No-op absent.
                 # v7.41.3 BUG A: full capture, no tail-truncation (see member
                 # subcall note). CAVEMAN_DEFAULT_MODE=off suppression preserved.
-                verdict=$(echo "$prompt" | env CAVEMAN_DEFAULT_MODE=off claude "${_co_argv[@]}" -p 2>/dev/null)
+                # bash-F3: timeout-guard the devil's-advocate subcall (same 600s
+                # default as the member subcalls / Bun council.ts). An empty
+                # verdict on timeout hits the conservative REJECT fallback below.
+                verdict=$(echo "$prompt" | timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" env CAVEMAN_DEFAULT_MODE=off claude "${_co_argv[@]}" -p 2>/dev/null)
             fi
             ;;
         codex)
             if command -v codex &>/dev/null; then
-                verdict=$(codex exec --sandbox workspace-write "$prompt" 2>/dev/null)
+                verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" codex exec --sandbox workspace-write "$prompt" 2>/dev/null)
             fi
             ;;
         gemini)
             if command -v gemini &>/dev/null; then
-                verdict=$(echo "$prompt" | gemini 2>/dev/null)
+                verdict=$(echo "$prompt" | timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" gemini 2>/dev/null)
             fi
             ;;
         cline)
             if command -v cline &>/dev/null; then
-                verdict=$(cline -y "$prompt" 2>/dev/null)
+                verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" cline -y "$prompt" 2>/dev/null)
             fi
             ;;
         aider)
             if command -v aider &>/dev/null; then
-                verdict=$(aider --message "$prompt" --yes-always --no-auto-commits --no-git 2>/dev/null)
+                verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" aider --message "$prompt" --yes-always --no-auto-commits --no-git 2>/dev/null)
             fi
             ;;
     esac
@@ -2753,7 +2767,13 @@ council_evaluate() {
         fi
     fi
     if [ -z "$aggregate_result" ]; then
-        aggregate_result=$(council_aggregate_votes)
+        # bash-F2: council_aggregate_votes emits log_info/log_warn lines on
+        # stdout (run.sh log_* helpers do not redirect to stderr) before its
+        # terminal `echo "$verdict"`. Capturing the whole stream and exact-
+        # matching "COMPLETE" never succeeds, so the heuristic path could never
+        # return COMPLETE. Take only the last line (the verdict token); any
+        # degenerate empty output falls through to the safe not-COMPLETE default.
+        aggregate_result=$(council_aggregate_votes | tail -n1)
     fi
 
     if [ "$aggregate_result" = "COMPLETE" ]; then
@@ -3011,6 +3031,11 @@ PYEOF
 #===============================================================================
 
 council_should_stop() {
+    # bash-F1: reset the force-stop sentinel at entry. A return-0 from the
+    # genuine approval path leaves this 0; only the safety-valve paths below
+    # set it to 1 before their return-0.
+    COUNCIL_FORCE_STOPPED=0
+
     if [ "$COUNCIL_ENABLED" != "true" ]; then
         return 1  # Council disabled, don't stop
     fi
@@ -3101,6 +3126,7 @@ council_should_stop() {
         if [ "$COUNCIL_CONSECUTIVE_NO_CHANGE" -ge "$safety_limit" ]; then
             log_error "Safety valve: ${COUNCIL_CONSECUTIVE_NO_CHANGE} iterations with no changes exceeds safety limit ($safety_limit)"
             log_error "Forcing stop to prevent resource waste"
+            COUNCIL_FORCE_STOPPED=1  # bash-F1: force-stop, NOT a council approval
             return 0  # FORCE STOP
         fi
     fi
@@ -3109,6 +3135,7 @@ council_should_stop() {
     if [ "$COUNCIL_TOTAL_DONE_SIGNALS" -ge "$COUNCIL_DONE_SIGNAL_LIMIT" ]; then
         log_error "Safety valve: Agent signaled 'done' $COUNCIL_TOTAL_DONE_SIGNALS times (limit: $COUNCIL_DONE_SIGNAL_LIMIT)"
         log_error "Forcing stop - agent believes work is complete"
+        COUNCIL_FORCE_STOPPED=1  # bash-F1: force-stop, NOT a council approval
         return 0  # FORCE STOP
     fi
 

package/autonomy/run.sh

@@ -15728,6 +15728,23 @@ else:
                 ensure_completion_test_evidence || true
             fi
             if type council_should_stop &>/dev/null && council_should_stop; then
+                # bash-F1: council_should_stop returns 0 from a genuine approval
+                # AND from two force-stop safety valves (stagnation flood /
+                # repeated done-signals). A force-stop is NOT a verified-complete
+                # product, so it must not claim "PROJECT COMPLETE" or open a PR.
+                # The sentinel set inside council_should_stop disambiguates.
+                if [ "${COUNCIL_FORCE_STOPPED:-0}" = "1" ]; then
+                    echo ""
+                    log_header "COMPLETION COUNCIL: STOPPED WITHOUT APPROVAL"
+                    log_warn "Council force-stopped (stagnation or repeated done-signals); work is NOT verified-complete"
+                    log_info "Running memory consolidation..."
+                    run_memory_consolidation
+                    # No on_run_complete: a force-stop must never open a "done" PR.
+                    emit_completion_summary force_stopped
+                    save_state $retry "force_stopped" 0
+                    rm -f "$iter_output" 2>/dev/null
+                    return 0
+                fi
                 echo ""
                 log_header "COMPLETION COUNCIL: PROJECT COMPLETE"
                 log_info "Council voted to stop (convergence detected + requirements verified)"

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.64.0"
+__version__ = "7.66.0"
 
 # Expose the control app for easy import
 try:

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Loki Mode is a spec-driven autonomous builder with a built-in trust layer that takes any spec to a deployed product and verifies completion with evidence (quality gates plus a completion council), not just a "done" claim. Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.62.0
+**Version:** v7.66.0
 
 ---
 
@@ -395,7 +395,7 @@ provider works inside the container. Provide auth with your Anthropic API key:
 # Run Loki Mode in Docker (Claude provider, API-key auth)
 docker run --rm -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
   -v $(pwd):/workspace -w /workspace \
-  asklokesh/loki-mode:7.62.0 start ./my-spec.md
+  asklokesh/loki-mode:7.66.0 start ./my-spec.md
 ```
 
 ##### docker compose + .env (no host install)

package/loki-ts/dist/loki.js

@@ -1,5 +1,5 @@
 // @bun
-var r6=Object.defineProperty;var t6=($)=>$;function i6($,Q){this[$]=t6.bind(null,Q)}var b=($,Q)=>{for(var Z in Q)r6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:i6.bind(Q,Z)})};var P=($,Q)=>()=>($&&(Q=$($=0)),Q);var q$=import.meta.require;var D1={};b(D1,{lokiDir:()=>j,homeLokiDir:()=>a$,findRepoRootForVersion:()=>n$,REPO_ROOT:()=>g});import{resolve as a,dirname as o$}from"path";import{fileURLToPath as e6}from"url";import{existsSync as j$}from"fs";import{homedir as $Q}from"os";function QQ(){let $=S1;for(let Q=0;Q<6;Q++){if(j$(a($,"VERSION"))&&j$(a($,"autonomy/run.sh")))return $;let Z=o$($);if(Z===$)break;$=Z}return a(S1,"..","..","..")}function n$($){let Q=$;for(let Z=0;Z<6;Z++){if(j$(a(Q,"VERSION"))&&j$(a(Q,"autonomy/run.sh")))return Q;let z=o$(Q);if(z===Q)break;Q=z}return a($,"..","..","..")}function j(){return process.env.LOKI_DIR??a(process.cwd(),".loki")}function a$(){return a($Q(),".loki")}var S1,g;var C=P(()=>{S1=o$(e6(import.meta.url));g=QQ()});import{readFileSync as ZQ}from"fs";import{resolve as zQ,dirname as XQ}from"path";import{fileURLToPath as KQ}from"url";function F$(){if(Q$!==null)return Q$;let $="7.64.0";if(typeof $==="string"&&$.length>0)return Q$=$,Q$;try{let Q=XQ(KQ(import.meta.url)),Z=n$(Q);Q$=ZQ(zQ(Z,"VERSION"),"utf-8").trim()}catch{Q$="unknown"}return Q$}var Q$=null;var s$=P(()=>{C()});var b1={};b(b1,{runOrThrow:()=>qQ,run:()=>k,commandVersion:()=>JQ,commandExists:()=>f,ShellError:()=>r$});async function k($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[q,K,W]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:q,stderr:K,exitCode:W}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function qQ($,Q={}){let Z=await k($,Q);if(Z.exitCode!==0)throw new r$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=VQ($),Z=await k(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function VQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function JQ($,Q="--version"){if(!await f($))return null;let z=await k([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var r$;var d=P(()=>{r$=class r$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function s($){return WQ?"":$}var WQ,T,S,_,wZ,I,R,h,V;var c=P(()=>{WQ=(process.env.NO_COLOR??"").length>0;T=s("\x1B[0;31m"),S=s("\x1B[0;32m"),_=s("\x1B[1;33m"),wZ=s("\x1B[0;34m"),I=s("\x1B[0;36m"),R=s("\x1B[1m"),h=s("\x1B[2m"),V=s("\x1B[0m")});import{existsSync as wQ}from"fs";async function Z$(){if(Y$!==void 0)return Y$;let $="/opt/homebrew/bin/python3.12";if(wQ($))return Y$=$,$;let Q=await f("python3.12");if(Q)return Y$=Q,Q;let Z=await f("python3");return Y$=Z,Z}async function z$($,Q={}){let Z=await Z$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return k([Z,"-c",$],Q)}var Y$;var V$=P(()=>{d()});var e1={};b(e1,{runStatus:()=>uQ});import{existsSync as y,readFileSync as W$,readdirSync as d1,statSync as o1}from"fs";import{resolve as D,basename as DQ}from"path";import{homedir as CQ}from"os";function n1($){let Q=Math.trunc($);if(Q>=1e6)return`${(Math.trunc(Q/1e6*10)/10).toFixed(1)}M`;if(Q>=1000)return`${(Math.trunc(Q/1000*10)/10).toFixed(1)}K`;return String(Q)}function a1($,Q,Z){if(Q===0)return null;let z=Math.trunc($*100/Q),X=Math.trunc($*R$/Q);if(X>R$)X=R$;let q=R$-X,K=S;if(z>=80)K=T;else if(z>=50)K=_;let W="=".repeat(Math.max(0,X))+" ".repeat(Math.max(0,q)),J=n1($),U=n1(Q);return`  ${R}${Z}${V} ${K}[${W}]${V} ${z}% (${J} / ${U})`}async function hQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${V}
+var r6=Object.defineProperty;var t6=($)=>$;function i6($,Q){this[$]=t6.bind(null,Q)}var b=($,Q)=>{for(var Z in Q)r6($,Z,{get:Q[Z],enumerable:!0,configurable:!0,set:i6.bind(Q,Z)})};var P=($,Q)=>()=>($&&(Q=$($=0)),Q);var q$=import.meta.require;var D1={};b(D1,{lokiDir:()=>j,homeLokiDir:()=>a$,findRepoRootForVersion:()=>n$,REPO_ROOT:()=>g});import{resolve as a,dirname as o$}from"path";import{fileURLToPath as e6}from"url";import{existsSync as j$}from"fs";import{homedir as $Q}from"os";function QQ(){let $=S1;for(let Q=0;Q<6;Q++){if(j$(a($,"VERSION"))&&j$(a($,"autonomy/run.sh")))return $;let Z=o$($);if(Z===$)break;$=Z}return a(S1,"..","..","..")}function n$($){let Q=$;for(let Z=0;Z<6;Z++){if(j$(a(Q,"VERSION"))&&j$(a(Q,"autonomy/run.sh")))return Q;let z=o$(Q);if(z===Q)break;Q=z}return a($,"..","..","..")}function j(){return process.env.LOKI_DIR??a(process.cwd(),".loki")}function a$(){return a($Q(),".loki")}var S1,g;var C=P(()=>{S1=o$(e6(import.meta.url));g=QQ()});import{readFileSync as ZQ}from"fs";import{resolve as zQ,dirname as XQ}from"path";import{fileURLToPath as KQ}from"url";function F$(){if(Q$!==null)return Q$;let $="7.66.0";if(typeof $==="string"&&$.length>0)return Q$=$,Q$;try{let Q=XQ(KQ(import.meta.url)),Z=n$(Q);Q$=ZQ(zQ(Z,"VERSION"),"utf-8").trim()}catch{Q$="unknown"}return Q$}var Q$=null;var s$=P(()=>{C()});var b1={};b(b1,{runOrThrow:()=>qQ,run:()=>k,commandVersion:()=>JQ,commandExists:()=>f,ShellError:()=>r$});async function k($,Q={}){let Z=Bun.spawn({cmd:[...$],stdout:"pipe",stderr:"pipe",env:Q.env?{...process.env,...Q.env}:process.env,cwd:Q.cwd}),z,X;if(Q.timeoutMs&&Q.timeoutMs>0)z=setTimeout(()=>{try{Z.kill("SIGTERM")}catch{}X=setTimeout(()=>{try{Z.kill("SIGKILL")}catch{}},2000)},Q.timeoutMs);try{let[q,K,W]=await Promise.all([new Response(Z.stdout).text(),new Response(Z.stderr).text(),Z.exited]);return{stdout:q,stderr:K,exitCode:W}}finally{if(z)clearTimeout(z);if(X)clearTimeout(X)}}async function qQ($,Q={}){let Z=await k($,Q);if(Z.exitCode!==0)throw new r$(`command failed (${Z.exitCode}): ${$.join(" ")}`,Z.exitCode,Z.stdout,Z.stderr);return Z}async function f($){let Q=VQ($),Z=await k(["sh","-c",`command -v ${Q}`],{timeoutMs:5000});if(Z.exitCode===0)return Z.stdout.trim()||null;return null}function VQ($){if(!/^[A-Za-z0-9._/-]+$/.test($))throw Error(`refused to shell-escape suspect token: ${$}`);return $}async function JQ($,Q="--version"){if(!await f($))return null;let z=await k([$,Q],{timeoutMs:5000});if(z.exitCode!==0)return null;return((z.stdout||z.stderr).split(/\r?\n/)[0]?.trim()??"")||null}var r$;var d=P(()=>{r$=class r$ extends Error{message;exitCode;stdout;stderr;constructor($,Q,Z,z){super($);this.message=$;this.exitCode=Q;this.stdout=Z;this.stderr=z;this.name="ShellError"}}});function s($){return WQ?"":$}var WQ,T,S,_,wZ,I,R,h,V;var c=P(()=>{WQ=(process.env.NO_COLOR??"").length>0;T=s("\x1B[0;31m"),S=s("\x1B[0;32m"),_=s("\x1B[1;33m"),wZ=s("\x1B[0;34m"),I=s("\x1B[0;36m"),R=s("\x1B[1m"),h=s("\x1B[2m"),V=s("\x1B[0m")});import{existsSync as wQ}from"fs";async function Z$(){if(Y$!==void 0)return Y$;let $="/opt/homebrew/bin/python3.12";if(wQ($))return Y$=$,$;let Q=await f("python3.12");if(Q)return Y$=Q,Q;let Z=await f("python3");return Y$=Z,Z}async function z$($,Q={}){let Z=await Z$();if(!Z)return{stdout:"",stderr:"python3 not found",exitCode:127};return k([Z,"-c",$],Q)}var Y$;var V$=P(()=>{d()});var e1={};b(e1,{runStatus:()=>uQ});import{existsSync as y,readFileSync as W$,readdirSync as d1,statSync as o1}from"fs";import{resolve as D,basename as DQ}from"path";import{homedir as CQ}from"os";function n1($){let Q=Math.trunc($);if(Q>=1e6)return`${(Math.trunc(Q/1e6*10)/10).toFixed(1)}M`;if(Q>=1000)return`${(Math.trunc(Q/1000*10)/10).toFixed(1)}K`;return String(Q)}function a1($,Q,Z){if(Q===0)return null;let z=Math.trunc($*100/Q),X=Math.trunc($*R$/Q);if(X>R$)X=R$;let q=R$-X,K=S;if(z>=80)K=T;else if(z>=50)K=_;let W="=".repeat(Math.max(0,X))+" ".repeat(Math.max(0,q)),J=n1($),U=n1(Q);return`  ${R}${Z}${V} ${K}[${W}]${V} ${z}% (${J} / ${U})`}async function hQ(){if(await f("jq"))return!0;return process.stdout.write(`${T}Error: jq is required but not installed.${V}
 `),process.stdout.write(`Install with:
 `),process.stdout.write(`  brew install jq    (macOS)
 `),process.stdout.write(`  apt install jq     (Debian/Ubuntu)
@@ -791,4 +791,4 @@ Set LOKI_LEGACY_BASH=1 to force the bash CLI for every command.
 `),2}default:return process.stderr.write(`Unknown command: ${Q}
 `),process.stderr.write(s6),2}}l1();process.on("SIGINT",()=>process.exit(130));process.on("SIGTERM",()=>process.exit(143));var KZ=await XZ(Bun.argv.slice(2));process.exit(KZ);
 
-//# debugId=377AD6A602B0171564756E2164756E21
+//# debugId=7AC7B5725643161B64756E2164756E21

package/mcp/__init__.py

@@ -57,4 +57,4 @@ try:
 except ImportError:
     __all__ = ['mcp']
 
-__version__ = '7.64.0'
+__version__ = '7.66.0'

package/memory/consolidation.py

@@ -240,10 +240,22 @@ class ConsolidationPipeline:
                         self.storage.save_pattern(new_pattern)
                         new_patterns.append(new_pattern)
                         all_patterns.append(new_pattern)
+                        # Add to existing_patterns so a later cluster pattern in
+                        # this same run is deduped against it (mirrors the
+                        # anti-pattern step below). Without this, two clusters
+                        # producing >=0.8-similar patterns would both take the
+                        # create branch, yielding near-duplicate patterns.
+                        existing_patterns.append(new_pattern)
                         result.patterns_created += 1
 
         # 6. Extract anti-patterns from failures
         anti_patterns = self.extract_anti_patterns(failed_episodes)
+        # Track only anti-patterns that were persisted under their OWN id (the
+        # save_pattern branch). Merged anti-patterns are persisted under the
+        # existing pattern's id via update_pattern(merged_pattern); their own
+        # fresh uuid was never saved, so linking against it later would update
+        # a non-existent record (update_pattern -> False) and drop the links.
+        saved_anti_patterns = []
         for anti_pattern in anti_patterns:
             # Check if similar anti-pattern already exists
             merged = False
@@ -264,18 +276,25 @@ class ConsolidationPipeline:
             if not merged:
                 self.storage.save_pattern(anti_pattern)
                 all_patterns.append(anti_pattern)
+                saved_anti_patterns.append(anti_pattern)
                 # Add to existing_patterns so subsequent anti-patterns in this
                 # run are checked against it, preventing current-run duplicates.
                 existing_patterns.append(anti_pattern)
                 result.anti_patterns_created += 1
 
         # 7. Create Zettelkasten links
-        for pattern in new_patterns + anti_patterns:
+        # Only link patterns that were persisted under their own id this run
+        # (new_patterns from step 5 + saved_anti_patterns from step 6). Merged
+        # patterns already live under an existing id and were updated in place.
+        for pattern in new_patterns + saved_anti_patterns:
             links = self.create_zettelkasten_links(pattern, all_patterns)
             if links:
                 pattern.links.extend(links)
-                self.storage.update_pattern(pattern)
-                result.links_created += len(links)
+                # Only count links that actually persisted. update_pattern()
+                # returns False when the target id is not on disk; counting
+                # unconditionally would inflate links_created.
+                if self.storage.update_pattern(pattern):
+                    result.links_created += len(links)
 
         # Flag vector indices as stale when patterns changed (BUG-MEM-007).
         # Callers should rebuild vector indices when this flag is True to

package/memory/engine.py

@@ -332,60 +332,75 @@ class MemoryEngine:
         real topics immediately after a session ends.
         """
         try:
-            index = self.storage.read_json("index.json") or {
-                "version": "1.1.0",
-                "topics": [],
-                "total_memories": 0,
-            }
-            context = episode.get("context", {}) if isinstance(episode.get("context"), dict) else {}
-            phase = (context.get("phase") or episode.get("phase") or "general").lower()
-            goal = (context.get("goal") or episode.get("goal") or "")[:200]
-            # Topic id = phase. Multiple episodes in the same phase share a topic.
-            topic_id = phase or "general"
-            now = datetime.now(timezone.utc).isoformat()
-            episode_id = episode.get("id")
-            cost = float(episode.get("cost_usd", 0) or 0)
-            tokens = int(episode.get("tokens_used", 0) or 0)
-            files = list(episode.get("files_modified", []) or [])
-
-            found = None
-            for topic in index.get("topics", []):
-                if topic.get("id") == topic_id:
-                    found = topic
-                    break
-            if found is None:
-                index.setdefault("topics", []).append({
-                    "id": topic_id,
-                    "summary": goal or f"Activity in phase {topic_id}",
-                    "episode_ids": [episode_id] if episode_id else [],
-                    "episode_count": 1,
-                    "total_cost_usd": cost,
-                    "total_tokens": tokens,
-                    "files_touched": files[:20],
-                    "first_seen": now,
-                    "last_accessed": now,
-                    "relevance_score": 0.5,
-                })
-                index["total_memories"] = index.get("total_memories", 0) + 1
-            else:
-                # Only count a given episode once. On resume/checkpoint the same
-                # trace id can be re-saved; without this guard episode_count,
-                # total_cost_usd, and total_tokens would inflate on every re-save
-                # even though episode_ids is already de-duplicated.
-                if episode_id and episode_id not in found.get("episode_ids", []):
-                    found.setdefault("episode_ids", []).append(episode_id)
-                    found["episode_count"] = found.get("episode_count", 0) + 1
-                    found["total_cost_usd"] = float(found.get("total_cost_usd", 0) or 0) + cost
-                    found["total_tokens"] = int(found.get("total_tokens", 0) or 0) + tokens
-                merged = set(found.get("files_touched", []) or []) | set(files[:20])
-                found["files_touched"] = sorted(merged)[:50]
-                found["last_accessed"] = now
-
-            index["last_updated"] = now
-            self.storage.write_json("index.json", index)
+            # H4 lost-update fix (wave-6): hold ONE exclusive lock spanning the
+            # full read-modify-write of index.json. _file_lock is reentrant per
+            # thread (storage._held_locks is threading.local) and cross-process
+            # safe (fcntl.flock), so the inner read_json/write_json calls -- which
+            # re-enter _file_lock on the SAME resolved path -- are no-ops and do
+            # not deadlock. The lock target is derived from storage._resolve_path
+            # so its string key is byte-identical to the one read_json/write_json
+            # compute internally (mismatched keys would self-deadlock).
+            index_lock = Path(self.storage._resolve_path("index.json"))
+            with self.storage._file_lock(index_lock, exclusive=True):
+                index = self.storage.read_json("index.json") or {
+                    "version": "1.1.0",
+                    "topics": [],
+                    "total_memories": 0,
+                }
+                context = episode.get("context", {}) if isinstance(episode.get("context"), dict) else {}
+                phase = (context.get("phase") or episode.get("phase") or "general").lower()
+                goal = (context.get("goal") or episode.get("goal") or "")[:200]
+                # Topic id = phase. Multiple episodes in the same phase share a topic.
+                topic_id = phase or "general"
+                now = datetime.now(timezone.utc).isoformat()
+                episode_id = episode.get("id")
+                cost = float(episode.get("cost_usd", 0) or 0)
+                tokens = int(episode.get("tokens_used", 0) or 0)
+                files = list(episode.get("files_modified", []) or [])
+
+                found = None
+                for topic in index.get("topics", []):
+                    if topic.get("id") == topic_id:
+                        found = topic
+                        break
+                if found is None:
+                    index.setdefault("topics", []).append({
+                        "id": topic_id,
+                        "summary": goal or f"Activity in phase {topic_id}",
+                        "episode_ids": [episode_id] if episode_id else [],
+                        "episode_count": 1,
+                        "total_cost_usd": cost,
+                        "total_tokens": tokens,
+                        "files_touched": files[:20],
+                        "first_seen": now,
+                        "last_accessed": now,
+                        "relevance_score": 0.5,
+                    })
+                    index["total_memories"] = index.get("total_memories", 0) + 1
+                else:
+                    # Only count a given episode once. On resume/checkpoint the same
+                    # trace id can be re-saved; without this guard episode_count,
+                    # total_cost_usd, and total_tokens would inflate on every re-save
+                    # even though episode_ids is already de-duplicated.
+                    if episode_id and episode_id not in found.get("episode_ids", []):
+                        found.setdefault("episode_ids", []).append(episode_id)
+                        found["episode_count"] = found.get("episode_count", 0) + 1
+                        found["total_cost_usd"] = float(found.get("total_cost_usd", 0) or 0) + cost
+                        found["total_tokens"] = int(found.get("total_tokens", 0) or 0) + tokens
+                    merged = set(found.get("files_touched", []) or []) | set(files[:20])
+                    found["files_touched"] = sorted(merged)[:50]
+                    found["last_accessed"] = now
+
+                index["last_updated"] = now
+                self.storage.write_json("index.json", index)
         except Exception:  # noqa: BLE001
-            # Never let index update break episode storage.
-            pass
+            # Never let index update break episode storage, but make the
+            # failure observable instead of swallowing it silently (L2).
+            logger.warning(
+                "Failed to update index.json with episode %s",
+                episode.get("id"),
+                exc_info=True,
+            )
 
     def get_episode(self, episode_id: str) -> Optional[EpisodeTrace]:
         """
@@ -522,8 +537,13 @@ class MemoryEngine:
         for pattern in patterns_data.get("patterns", []):
             if not isinstance(pattern, dict):
                 continue
-            # Filter by confidence
-            if pattern.get("confidence", 0) < min_confidence:
+            # Filter by confidence. Guard against an explicit null confidence
+            # (corrupt/hand-edited record): None < float raises TypeError in
+            # Python 3, so treat a null as 0 (filtered out unless threshold 0).
+            pattern_confidence = pattern.get("confidence")
+            if pattern_confidence is None:
+                pattern_confidence = 0
+            if pattern_confidence < min_confidence:
                 continue
 
             # Filter by category if specified
@@ -550,8 +570,10 @@ class MemoryEngine:
         if pattern_data is None:
             return
 
-        # Update fields
-        pattern_data["usage_count"] = pattern_data.get("usage_count", 0) + 1
+        # Update fields. `or 0` guards against an explicit null usage_count
+        # (corrupt/hand-edited record) crashing the increment with a TypeError;
+        # a null and 0 are equivalent here so `or` is safe.
+        pattern_data["usage_count"] = (pattern_data.get("usage_count") or 0) + 1
         pattern_data["last_used"] = datetime.now(timezone.utc).isoformat()
 
         # Write back via save_pattern which holds an exclusive lock during
@@ -577,9 +599,24 @@ class MemoryEngine:
         skill_id = skill_dict.get("id", f"skill-{self._generate_id()}")
         skill_dict["id"] = skill_id
 
-        # Generate filename from skill name or ID
-        skill_name = skill_dict.get("name", skill_id)
-        filename = skill_name.lower().replace(" ", "-").replace("_", "-")
+        # Generate filename from skill name or ID.
+        # H3 path-traversal fix (wave-6): the previous filename derivation only
+        # replaced spaces and underscores, so a skill name like
+        # "../../../tmp/pwned" kept its "/" and ".." and escaped the memory root
+        # via the raw open(skill_path, "w") below (which bypasses _resolve_path).
+        # Sanitize to safe chars only, matching storage.save_skill's house style,
+        # and fall back to the skill id when sanitization collapses to empty.
+        skill_name = skill_dict.get("name") or skill_id
+        normalized = skill_name.lower().replace(" ", "-").replace("_", "-")
+        filename = "".join(
+            c if (c.isalnum() or c == "-") else "-"
+            for c in normalized
+        ).strip("-")
+        if not filename:
+            filename = "".join(
+                c if (c.isalnum() or c == "-") else "-"
+                for c in skill_id.lower()
+            ).strip("-") or "skill"
 
         # Store as markdown
         content = self._skill_to_markdown(skill_dict)
@@ -899,57 +936,65 @@ class MemoryEngine:
         context = episode.get("context", {})
         action_entry = {
             "timestamp": episode.get("timestamp", datetime.now(timezone.utc).isoformat()),
-            "action": context.get("goal", "Task completed")[:100],
+            "action": (context.get("goal") or "Task completed")[:100],
             "outcome": episode.get("outcome", "unknown"),
-            "topic_id": context.get("phase", "general"),
+            "topic_id": context.get("phase") or "general",
         }
 
         self.storage.update_timeline(action_entry)
 
     def _update_index_with_pattern(self, pattern: Dict[str, Any]) -> None:
         """Update index with pattern topic."""
-        index = self.storage.read_json("index.json") or {
-            "version": "1.0",
-            "topics": [],
-            "total_memories": 0,
-            "total_tokens_available": 0,
-        }
+        # H4 lost-update fix (wave-6): hold ONE exclusive lock spanning the full
+        # read-modify-write of index.json so concurrent store_pattern (and
+        # store_episode) calls cannot clobber each other. See the matching note
+        # in _update_index_with_episode for why the lock target is derived from
+        # storage._resolve_path and why the inner read_json/write_json calls do
+        # not deadlock (reentrant per-thread, cross-process safe via flock).
+        index_lock = Path(self.storage._resolve_path("index.json"))
+        with self.storage._file_lock(index_lock, exclusive=True):
+            index = self.storage.read_json("index.json") or {
+                "version": "1.0",
+                "topics": [],
+                "total_memories": 0,
+                "total_tokens_available": 0,
+            }
 
-        category = pattern.get("category", "general")
-
-        # An index.json that is valid JSON but missing the "topics" key (e.g.
-        # written by an older/partial writer, or hand-edited) would crash here
-        # on index["topics"] because the `or {...}` default only fires when the
-        # whole file is falsy. setdefault matches the defensive pattern used in
-        # the sibling _update_index_with_episode.
-        topics = index.setdefault("topics", [])
-
-        # Find or create topic
-        topic_found = False
-        for topic in topics:
-            if topic.get("id") == category:
-                topic["last_accessed"] = datetime.now(timezone.utc).isoformat()
-                topic["relevance_score"] = max(
-                    topic.get("relevance_score", 0.5),
-                    pattern.get("confidence", 0.5),
-                )
-                topic_found = True
-                break
+            category = pattern.get("category", "general")
+
+            # An index.json that is valid JSON but missing the "topics" key (e.g.
+            # written by an older/partial writer, or hand-edited) would crash here
+            # on index["topics"] because the `or {...}` default only fires when the
+            # whole file is falsy. setdefault matches the defensive pattern used in
+            # the sibling _update_index_with_episode.
+            topics = index.setdefault("topics", [])
+
+            # Find or create topic
+            topic_found = False
+            for topic in topics:
+                if topic.get("id") == category:
+                    topic["last_accessed"] = datetime.now(timezone.utc).isoformat()
+                    topic["relevance_score"] = max(
+                        topic.get("relevance_score", 0.5),
+                        pattern.get("confidence", 0.5),
+                    )
+                    topic_found = True
+                    break
 
-        if not topic_found:
-            topics.append({
-                "id": category,
-                "summary": f"Patterns for {category}",
-                "relevance_score": pattern.get("confidence", 0.5),
-                "last_accessed": datetime.now(timezone.utc).isoformat(),
-                "token_count": len(json.dumps(pattern)) // 4,
-            })
+            if not topic_found:
+                topics.append({
+                    "id": category,
+                    "summary": f"Patterns for {category}",
+                    "relevance_score": pattern.get("confidence", 0.5),
+                    "last_accessed": datetime.now(timezone.utc).isoformat(),
+                    "token_count": len(json.dumps(pattern)) // 4,
+                })
 
-        index["last_updated"] = datetime.now(timezone.utc).isoformat()
-        if not topic_found:
-            index["total_memories"] = index.get("total_memories", 0) + 1
+            index["last_updated"] = datetime.now(timezone.utc).isoformat()
+            if not topic_found:
+                index["total_memories"] = index.get("total_memories", 0) + 1
 
-        self.storage.write_json("index.json", index)
+            self.storage.write_json("index.json", index)
 
     def _search_episode(self, episode_id: str) -> Optional[EpisodeTrace]:
         """Search for episode across all date directories."""
@@ -1190,9 +1235,13 @@ class MemoryEngine:
         Detect task type from context.
         Uses keyword matching based on goal, action, and phase.
         """
-        goal = context.get("goal", "").lower()
-        action = context.get("action_type", "").lower()
-        phase = context.get("phase", "").lower()
+        # M3 None-guard (wave-6): an explicit null value (e.g. {"goal": None})
+        # makes context.get("goal", "") return None, so None.lower() crashed.
+        # The retrieval.py copy was fixed in v7.61.0; this engine.py copy was
+        # the missed sibling. Coalesce to "" before calling string methods.
+        goal = (context.get("goal") or "").lower()
+        action = (context.get("action_type") or "").lower()
+        phase = (context.get("phase") or "").lower()
 
         signals = {
             "exploration": {
@@ -1277,7 +1326,8 @@ class MemoryEngine:
             episodes = self.get_recent_episodes(limit=50)
             for ep in episodes:
                 ep_dict = ep.to_dict() if hasattr(ep, "to_dict") else ep.__dict__.copy()
-                goal = ep_dict.get("context", {}).get("goal", "").lower()
+                ep_context = ep_dict.get("context") or {}
+                goal = (ep_context.get("goal") or "").lower()
                 score = sum(1 for kw in keywords if kw in goal)
                 if score > 0:
                     ep_dict["_score"] = score
@@ -1288,7 +1338,7 @@ class MemoryEngine:
             patterns = self.find_patterns(min_confidence=0.3)
             for pattern in patterns:
                 p_dict = pattern.to_dict() if hasattr(pattern, "to_dict") else pattern.__dict__.copy()
-                pattern_text = p_dict.get("pattern", "").lower()
+                pattern_text = (p_dict.get("pattern") or "").lower()
                 score = sum(1 for kw in keywords if kw in pattern_text)
                 if score > 0:
                     p_dict["_score"] = score
@@ -1299,8 +1349,8 @@ class MemoryEngine:
             skills = self.list_skills()
             for skill in skills:
                 s_dict = skill.to_dict() if hasattr(skill, "to_dict") else skill.__dict__.copy()
-                name = s_dict.get("name", "").lower()
-                desc = s_dict.get("description", "").lower()
+                name = (s_dict.get("name") or "").lower()
+                desc = (s_dict.get("description") or "").lower()
                 score = sum(1 for kw in keywords if kw in name or kw in desc)
                 if score > 0:
                     s_dict["_score"] = score

package/memory/retrieval.py

@@ -940,8 +940,11 @@ class MemoryRetrieval:
         Returns:
             Weighted score incorporating importance
         """
-        source = result.get("_source", "")
-        base_score = result.get("_score", 0.5)
+        source = result.get("_source") or ""
+        # _score is set internally so null is unlikely, but guard for
+        # uniformity since it feeds the arithmetic below.
+        base_score = result.get("_score")
+        base_score = 0.5 if base_score is None else base_score
 
         # Map source to weight key
         weight_key = source
@@ -950,11 +953,17 @@ class MemoryRetrieval:
 
         weight = weights.get(weight_key, 0.0)
 
-        # Get importance score (default 0.5 if not set)
-        importance = result.get("importance", 0.5)
+        # Get importance score (default 0.5 if not set). Defensive: a
+        # corrupt/hand-edited record may carry importance=null, which would
+        # raise TypeError in the arithmetic below. Use the default only when
+        # missing/null; a legitimate 0.0 is preserved.
+        importance = result.get("importance")
+        importance = 0.5 if importance is None else importance
 
-        # Get confidence for semantic patterns
-        confidence = result.get("confidence", 1.0)
+        # Get confidence for semantic patterns. Same null guard; default 1.0
+        # only when missing/null, a legitimate 0.0 is preserved.
+        confidence = result.get("confidence")
+        confidence = 1.0 if confidence is None else confidence
 
         # Combined score: relevance * task_weight * importance * confidence
         # Importance contributes 30% of the final score
@@ -1141,17 +1150,22 @@ class MemoryRetrieval:
                 selected_memories.append(topic)
             budget_remaining -= layer1_tokens
 
-        # Layer 2: Expand summaries for top topics
-        layer2_budget = int(token_budget * 0.4)  # Reserve 40% for summaries
-        if budget_remaining > layer2_budget * 0.5:
+        # Layer 2: Expand summaries for top topics.
+        # Gate on the remaining budget (not a fraction of the layer-2 reserve)
+        # and trim the summary set to fit via optimize_context, mirroring
+        # Layer 3 below. Previously this admitted summaries all-or-nothing: a
+        # set that exceeded budget_remaining was dropped entirely, and the gate
+        # compared against layer2_budget*0.5 (a fraction of the reserve) rather
+        # than the budget actually left.
+        if budget_remaining > 100:
             summaries = self._get_topic_summaries(relevant_topics[:5], query, weights)
-            layer2_tokens = sum(estimate_memory_tokens(s) for s in summaries)
+            for summary in summaries:
+                summary["_layer"] = 2
 
-            if layer2_tokens <= budget_remaining:
-                for summary in summaries:
-                    summary["_layer"] = 2
-                    selected_memories.append(summary)
-                budget_remaining -= layer2_tokens
+            # Optimize to fit remaining budget (trimmed set, not all-or-nothing)
+            optimized = optimize_context(summaries, budget_remaining)
+            selected_memories.extend(optimized)
+            budget_remaining -= sum(estimate_memory_tokens(s) for s in optimized)
 
         # Layer 3: Full details for highest priority items
         if budget_remaining > 100:  # At least 100 tokens remaining
@@ -1189,14 +1203,36 @@ class MemoryRetrieval:
 
         scored_topics = []
         for topic in topics:
-            topic_name = topic.get("topic", "").lower()
-            memory_type = topic.get("type", "").lower()
+            if not isinstance(topic, dict):
+                continue
+            # The index.json writer (engine.py _stamp_topic at ~368 and
+            # store_pattern at ~978) emits topics keyed by "id" (a phase or
+            # category slug, e.g. "implementation", "auth") and "summary"
+            # (prose: the goal text or "Patterns for <category>"). It does NOT
+            # emit "topic", "type", or "last_updated". Previously this scorer
+            # read only "topic"/"type"/"last_updated", so word overlap, type
+            # weighting, and the recency boost were all silent no-ops on real
+            # data. Score against the real keys (id + summary for word overlap,
+            # id as the type/category for the strategy weight, the real recency
+            # keys), and keep the legacy "topic"/"type"/"last_updated" keys as
+            # fallbacks so any older-shape index still ranks.
+            topic_text = " ".join(
+                str(v) for v in (
+                    topic.get("summary"),
+                    topic.get("id"),
+                    topic.get("topic"),
+                ) if v
+            ).lower()
+            # The category/phase slug doubles as the memory-type weight key
+            # (the writer uses the category name as the id). Fall back to the
+            # legacy "type" key for older-shape indexes.
+            memory_type = (topic.get("id") or topic.get("type") or "").lower()
 
             # Calculate relevance score
             score = 0.0
 
             # Word overlap
-            topic_words = set(topic_name.split())
+            topic_words = set(topic_text.split())
             overlap = len(query_words & topic_words)
             score += overlap * 0.3
 
@@ -1204,8 +1240,11 @@ class MemoryRetrieval:
             type_weight = weights.get(memory_type, 0.1)
             score += type_weight
 
-            # Recency boost
-            if topic.get("last_updated"):
+            # Recency boost. The writer stamps "last_accessed"/"first_seen";
+            # "last_updated" is the legacy key.
+            if (topic.get("last_accessed")
+                    or topic.get("first_seen")
+                    or topic.get("last_updated")):
                 score += 0.1
 
             if score > 0:
@@ -1226,8 +1265,15 @@ class MemoryRetrieval:
         summaries = []
 
         for topic in topics:
-            topic_name = topic.get("topic", "")
-            memory_type = topic.get("type", "episodic")
+            if not isinstance(topic, dict):
+                continue
+            # Mirror _filter_relevant_topics: the writer emits "id"/"summary",
+            # not "topic". Fall back to the legacy "topic" key so both shapes
+            # resolve a usable name. Default type stays "episodic".
+            topic_name = (
+                topic.get("id") or topic.get("topic") or topic.get("summary") or ""
+            )
+            memory_type = topic.get("type") or "episodic"
 
             # Try to load summary from appropriate collection
             if memory_type == "episodic":
@@ -1426,7 +1472,12 @@ class MemoryRetrieval:
             parts.append(f"action: {context['action_type']}")
 
         if context.get("files"):
-            parts.append(f"files: {', '.join(context['files'][:3])}")
+            # Defensive: filter to str elements so a list carrying None or
+            # non-str entries (corrupt/hand-edited record) does not raise
+            # TypeError inside join. Mirrors the steps-join in skills search.
+            files = [f for f in context["files"][:3] if isinstance(f, str)]
+            if files:
+                parts.append(f"files: {', '.join(files)}")
 
         return " ".join(parts) if parts else ""
 
@@ -1458,13 +1509,16 @@ class MemoryRetrieval:
                 if not data:
                     continue
 
-                # Score based on keyword matches in goal
-                context = data.get("context", {})
-                goal = context.get("goal", "").lower()
+                # Score based on keyword matches in goal.
+                # Defensive: a corrupt or hand-edited record may carry
+                # context=null or null string fields; (x or "") avoids
+                # AttributeError on None.
+                context = data.get("context") or {}
+                goal = (context.get("goal") or "").lower()
                 score = sum(1 for kw in keywords if kw in goal)
 
                 # Also check phase
-                phase = context.get("phase", "").lower()
+                phase = (context.get("phase") or "").lower()
                 score += sum(0.5 for kw in keywords if kw in phase)
 
                 if score > 0:
@@ -1487,16 +1541,21 @@ class MemoryRetrieval:
         for pattern in patterns_data.get("patterns", []):
             if not isinstance(pattern, dict):
                 continue
-            pattern_text = pattern.get("pattern", "").lower()
-            category = pattern.get("category", "").lower()
-            correct = pattern.get("correct_approach", "").lower()
+            # Defensive: corrupt or hand-edited records may carry null
+            # string fields; (x or "") avoids AttributeError on None.
+            pattern_text = (pattern.get("pattern") or "").lower()
+            category = (pattern.get("category") or "").lower()
+            correct = (pattern.get("correct_approach") or "").lower()
 
             score = sum(1 for kw in keywords if kw in pattern_text)
             score += sum(0.5 for kw in keywords if kw in category)
             score += sum(0.3 for kw in keywords if kw in correct)
 
-            # Weight by confidence
-            confidence = pattern.get("confidence", 0.5)
+            # Weight by confidence. Defensive: a null confidence would make
+            # score *= None raise TypeError. Use 0.5 only when missing/null;
+            # a legitimate 0.0 is preserved (it correctly zeroes the score).
+            confidence = pattern.get("confidence")
+            confidence = 0.5 if confidence is None else confidence
             score *= confidence
 
             if score > 0:
@@ -1521,8 +1580,8 @@ class MemoryRetrieval:
             if not data:
                 continue
 
-            name = data.get("name", "").lower()
-            description = data.get("description", "").lower()
+            name = (data.get("name") or "").lower()
+            description = (data.get("description") or "").lower()
             steps_text = " ".join(
                 s for s in (data.get("steps") or []) if isinstance(s, str)
             ).lower()
@@ -1549,9 +1608,14 @@ class MemoryRetrieval:
         anti_data = self.storage.read_json("semantic/anti-patterns.json") or {}
 
         for anti in anti_data.get("anti_patterns", []):
-            what_fails = anti.get("what_fails", "").lower()
-            why = anti.get("why", "").lower()
-            prevention = anti.get("prevention", "").lower()
+            # Defensive: mirror the sibling loop below. A corrupt or
+            # hand-edited record may be a non-dict or carry null fields;
+            # the isinstance guard and (x or "") avoid AttributeError.
+            if not isinstance(anti, dict):
+                continue
+            what_fails = (anti.get("what_fails") or "").lower()
+            why = (anti.get("why") or "").lower()
+            prevention = (anti.get("prevention") or "").lower()
 
             score = sum(2 for kw in keywords if kw in what_fails)
             score += sum(1 for kw in keywords if kw in why)
@@ -1576,10 +1640,10 @@ class MemoryRetrieval:
                 continue
             if pat.get("category") != "anti-pattern":
                 continue
-            what_fails = (pat.get("incorrect_approach", "")
-                          or pat.get("pattern", "")).lower()
-            why = pat.get("description", "").lower()
-            prevention = pat.get("correct_approach", "").lower()
+            what_fails = (pat.get("incorrect_approach")
+                          or pat.get("pattern") or "").lower()
+            why = (pat.get("description") or "").lower()
+            prevention = (pat.get("correct_approach") or "").lower()
 
             score = sum(2 for kw in keywords if kw in what_fails)
             score += sum(1 for kw in keywords if kw in why)

package/memory/storage.py

@@ -10,6 +10,7 @@ Supports namespace-based project isolation (v5.19.0).
 import json
 import math
 import os
+import re
 import tempfile
 import shutil
 import fcntl
@@ -168,6 +169,28 @@ class MemoryStorage:
                     file_mtime = lock_file.stat().st_mtime
                     age_seconds = now_real - file_mtime
                     if age_seconds > stale_seconds:
+                        # mtime alone is not proof the lock is abandoned: a
+                        # long-running (>5min) writer still holds it. Unlinking
+                        # it creates a new inode so a fresh writer can flock the
+                        # new file while the old holder keeps writing the old
+                        # one (two concurrent writers). Only remove it if we can
+                        # take the lock ourselves (i.e. nobody holds it).
+                        probe_fd = None
+                        try:
+                            probe_fd = open(lock_file, "a")
+                            fcntl.flock(probe_fd.fileno(),
+                                        fcntl.LOCK_EX | fcntl.LOCK_NB)
+                        except (OSError, BlockingIOError):
+                            # Held by a live process -- leave it alone.
+                            continue
+                        finally:
+                            if probe_fd is not None:
+                                try:
+                                    fcntl.flock(probe_fd.fileno(),
+                                                fcntl.LOCK_UN)
+                                except OSError:
+                                    pass
+                                probe_fd.close()
                         lock_file.unlink()
                 except OSError:
                     pass
@@ -436,10 +459,25 @@ class MemoryStorage:
         else:
             date_str = timestamp.strftime("%Y-%m-%d")
 
+        # Path-traversal defense: a poisoned/round-tripped episode whose
+        # timestamp is e.g. "../../../../tmp/evil" would otherwise escape the
+        # memory root because the path is built straight from the field. Only
+        # an exact YYYY-MM-DD date string is allowed as the directory; anything
+        # else falls back to today's UTC date. The episode_id is also
+        # sanitized (mirrors save_skill) so separators and "." segments cannot
+        # leak into the filename.
+        if not re.fullmatch(r"\d{4}-\d{2}-\d{2}", date_str):
+            date_str = datetime.now(timezone.utc).strftime("%Y-%m-%d")
+
+        safe_episode_id = "".join(
+            c if c.isalnum() or c in "-_" else "_"
+            for c in str(episode_id)
+        )
+
         date_dir = self.base_path / "episodic" / date_str
         date_dir.mkdir(parents=True, exist_ok=True)
 
-        file_path = date_dir / f"task-{episode_id}.json"
+        file_path = date_dir / f"task-{safe_episode_id}.json"
         self._atomic_write(file_path, episode_data)
 
         return episode_id
@@ -1153,7 +1191,12 @@ class MemoryStorage:
         Returns:
             Calculated importance score between 0.0 and 1.0
         """
-        base = memory.get("importance", 0.5)
+        # Guard against an explicit null importance (corrupt or hand-edited
+        # record) crashing the arithmetic below with a TypeError. Use an is-None
+        # check (not `or`) so a legitimate stored importance of 0.0 is preserved
+        # rather than silently promoted to 0.5.
+        base = memory.get("importance")
+        base = 0.5 if base is None else base
 
         # Outcome adjustment for episodes
         outcome = memory.get("outcome", "")
@@ -1169,8 +1212,10 @@ class MemoryStorage:
             if outcome == "success":
                 base = min(1.0, base + 0.05 * min(len(errors), 3))
 
-        # Access frequency boost (diminishing returns)
-        access_count = memory.get("access_count", 0)
+        # Access frequency boost (diminishing returns).
+        # `or 0` guards against an explicit null access_count crashing the
+        # comparison and log1p call below.
+        access_count = memory.get("access_count") or 0
         if access_count > 0:
             # Log scale boost, caps at about 0.15 for 100+ accesses
             access_boost = 0.05 * math.log1p(access_count)
@@ -1184,9 +1229,9 @@ class MemoryStorage:
 
         # Task type relevance boost
         if task_type:
-            context = memory.get("context", {})
-            phase = context.get("phase", memory.get("phase", "")).lower()
-            category = memory.get("category", "").lower()
+            context = memory.get("context") or {}
+            phase = (context.get("phase") or memory.get("phase") or "").lower()
+            category = (memory.get("category") or "").lower()
 
             task_type_lower = task_type.lower()
 
@@ -1254,7 +1299,12 @@ class MemoryStorage:
                 continue
 
             # Apply exponential decay
-            current_importance = memory.get("importance", 0.5)
+            # Use an is-None check (not get(..., 0.5) or `or`) so a record with
+            # an explicit null importance (corrupt/hand-edited file) falls back
+            # to the default instead of crashing the arithmetic, while a
+            # legitimate stored 0.0 is preserved (it then floors at 0.01 below).
+            current_importance = memory.get("importance")
+            current_importance = 0.5 if current_importance is None else current_importance
             decay_factor = math.exp(-decay_rate * days_elapsed / half_life_days)
             decayed_importance = current_importance * decay_factor
 
@@ -1283,12 +1333,17 @@ class MemoryStorage:
         """
         now = datetime.now(timezone.utc)
 
-        # Update access tracking
+        # Update access tracking. `or 0` guards against an explicit null
+        # access_count (corrupt/hand-edited record) crashing the increment.
         memory["last_accessed"] = now.isoformat()
-        memory["access_count"] = memory.get("access_count", 0) + 1
+        memory["access_count"] = (memory.get("access_count") or 0) + 1
 
-        # Boost importance (with diminishing returns for high importance)
-        current_importance = memory.get("importance", 0.5)
+        # Boost importance (with diminishing returns for high importance).
+        # Use an is-None check (not `or`) so an explicit null importance
+        # (corrupt/hand-edited record) falls back to the default without
+        # crashing, while a legitimate stored 0.0 is preserved.
+        current_importance = memory.get("importance")
+        current_importance = 0.5 if current_importance is None else current_importance
 
         # Diminishing returns: boost is reduced as importance approaches 1.0
         effective_boost = boost * (1.0 - current_importance)
@@ -1346,11 +1401,23 @@ class MemoryStorage:
                 continue
 
             for file_path in date_dir.glob("task-*.json"):
-                data = self._load_json(file_path)
-                if data:
-                    original_importance = data.get("importance", 0.5)
+                # Hold one exclusive lock spanning the read-mutate-write so a
+                # concurrent writer cannot clobber the decayed record (lost
+                # update). Raw open/json.load inside the lock mirrors
+                # save_pattern; _atomic_write re-enters the same lock (no-op).
+                with self._file_lock(file_path, exclusive=True):
+                    if not file_path.exists():
+                        continue
+                    try:
+                        with open(file_path, "r", encoding="utf-8") as f:
+                            data = json.load(f)
+                    except (json.JSONDecodeError, OSError, UnicodeDecodeError):
+                        continue
+                    if not data:
+                        continue
+                    original_importance = data.get("importance") or 0.5
                     memories = self.apply_decay([data], decay_rate, half_life_days)
-                    if abs(memories[0].get("importance", 0.5) - original_importance) > 0.001:
+                    if abs((memories[0].get("importance") or 0.5) - original_importance) > 0.001:
                         self._atomic_write(file_path, memories[0])
                         updated += 1
 
@@ -1362,26 +1429,40 @@ class MemoryStorage:
         if not patterns_path.exists():
             return 0
 
-        patterns_file = self._load_json(patterns_path)
-        if not patterns_file:
-            return 0
+        # Hold ONE exclusive lock spanning the read-mutate-write. Previously
+        # the read (_load_json) and write (_atomic_write) each took a separate
+        # lock scope, so a concurrent save_pattern/update_pattern between them
+        # was clobbered (stale-snapshot lost update). Mirror save_pattern:
+        # raw open/json.load inside the lock for the read; _atomic_write
+        # re-enters the same reentrant lock (no-op) for the write.
+        with self._file_lock(patterns_path, exclusive=True):
+            if not patterns_path.exists():
+                return 0
+            try:
+                with open(patterns_path, "r", encoding="utf-8") as f:
+                    patterns_file = json.load(f)
+            except (json.JSONDecodeError, OSError, UnicodeDecodeError):
+                return 0
 
-        patterns = patterns_file.get("patterns", [])
-        if not patterns:
-            return 0
+            if not patterns_file:
+                return 0
 
-        updated = 0
-        for pattern in patterns:
-            if not isinstance(pattern, dict):
-                continue
-            original = pattern.get("importance", 0.5)
-            self.apply_decay([pattern], decay_rate, half_life_days)
-            if abs(pattern.get("importance", 0.5) - original) > 0.001:
-                updated += 1
+            patterns = patterns_file.get("patterns", [])
+            if not patterns:
+                return 0
 
-        if updated > 0:
-            patterns_file["last_updated"] = datetime.now(timezone.utc).isoformat()
-            self._atomic_write(patterns_path, patterns_file)
+            updated = 0
+            for pattern in patterns:
+                if not isinstance(pattern, dict):
+                    continue
+                original = pattern.get("importance") or 0.5
+                self.apply_decay([pattern], decay_rate, half_life_days)
+                if abs((pattern.get("importance") or 0.5) - original) > 0.001:
+                    updated += 1
+
+            if updated > 0:
+                patterns_file["last_updated"] = datetime.now(timezone.utc).isoformat()
+                self._atomic_write(patterns_path, patterns_file)
 
         return updated
 
@@ -1393,13 +1474,23 @@ class MemoryStorage:
             return 0
 
         for file_path in skills_dir.glob("*.json"):
-            data = self._load_json(file_path)
-            if data:
-                original = data.get("importance", 0.5)
-                self.apply_decay([data], decay_rate, half_life_days)
-                if abs(data.get("importance", 0.5) - original) > 0.001:
-                    self._atomic_write(file_path, data)
-                    updated += 1
+            # Hold one exclusive lock spanning the read-mutate-write so a
+            # concurrent writer cannot clobber the decayed record (lost
+            # update). Mirrors _decay_semantic / save_pattern.
+            with self._file_lock(file_path, exclusive=True):
+                if not file_path.exists():
+                    continue
+                try:
+                    with open(file_path, "r", encoding="utf-8") as f:
+                        data = json.load(f)
+                except (json.JSONDecodeError, OSError, UnicodeDecodeError):
+                    continue
+                if data:
+                    original = data.get("importance") or 0.5
+                    self.apply_decay([data], decay_rate, half_life_days)
+                    if abs((data.get("importance") or 0.5) - original) > 0.001:
+                        self._atomic_write(file_path, data)
+                        updated += 1
 
         return updated
 

package/memory/token_economics.py

@@ -153,6 +153,7 @@ def optimize_context(
     importance_weight: float = 0.4,
     recency_weight: float = 0.3,
     relevance_weight: float = 0.3,
+    slack_ratio: float = 0.0,
 ) -> list:
     """
     Optimize memory selection to fit within token budget.
@@ -166,6 +167,19 @@ def optimize_context(
     first, expanding to layer 2 (summary) and layer 3 (full) only if
     budget allows.
 
+    Budget adherence is strict by default: the returned memories never
+    exceed `budget` total tokens. This matters because callers chain the
+    result (for example, layered retrieval subtracts each layer's tokens
+    from a running budget), so any overshoot here leaks into the overall
+    context budget and can blow the model's context window.
+
+    A caller that deliberately wants a greedy fill (admit one more small
+    item that nearly fits) can opt in via `slack_ratio`. The effective
+    cap is then `int(budget * (1.0 + slack_ratio))`, and only an item
+    whose own size is under 10% of `budget` is eligible for the slack so
+    a single large item can never consume the slack. With the default
+    `slack_ratio=0.0` the cap equals `budget` exactly (no overage).
+
     Args:
         memories: List of memory dictionaries with optional fields:
             - _score: relevance score from retrieval
@@ -178,10 +192,14 @@ def optimize_context(
         importance_weight: Weight for importance scoring (default 0.4)
         recency_weight: Weight for recency scoring (default 0.3)
         relevance_weight: Weight for relevance scoring (default 0.3)
+        slack_ratio: Optional fractional overage allowed above `budget`
+            for small items only (default 0.0 = strict, never exceed
+            `budget`). Negative values are clamped to 0.0.
 
     Returns:
-        List of memories that fit within the token budget, sorted by
-        combined score.
+        List of memories that fit within the (slack-adjusted) token
+        budget, sorted by combined score. With the default
+        slack_ratio=0.0 the total never exceeds `budget`.
     """
     from datetime import datetime, timezone
 
@@ -195,9 +213,14 @@ def optimize_context(
     now = datetime.now(timezone.utc)
 
     for memory in memories:
-        # Calculate importance score (0-1)
-        confidence = memory.get("confidence", 0.5)
-        usage_count = memory.get("usage_count", 0)
+        # Calculate importance score (0-1). Guard against explicit null fields
+        # (corrupt/hand-edited record): .get(key, default) returns None when the
+        # key is present but null, which would crash the arithmetic below. Use an
+        # is-None check for confidence (not `or`) so a legitimate stored 0.0 is
+        # preserved; usage_count of None and 0 are equivalent so `or 0` is fine.
+        confidence = memory.get("confidence")
+        confidence = 0.5 if confidence is None else confidence
+        usage_count = memory.get("usage_count") or 0
         # Normalize usage count with diminishing returns
         usage_score = min(1.0, usage_count / 10.0) if usage_count > 0 else 0.0
         importance = (confidence + usage_score) / 2.0
@@ -261,7 +284,13 @@ def optimize_context(
     # Sort by score (highest first)
     scored_memories.sort(key=lambda x: x["score"], reverse=True)
 
-    # Select memories that fit within budget
+    # Select memories that fit within budget.
+    # Strict by default (slack_ratio=0.0 -> hard_cap == budget): the total
+    # never exceeds `budget`. A positive slack_ratio opts into a bounded
+    # greedy fill for small items only.
+    slack = max(0.0, slack_ratio)
+    hard_cap = int(budget * (1.0 + slack))
+
     selected = []
     total_tokens = 0
 
@@ -269,9 +298,9 @@ def optimize_context(
         if total_tokens + item["tokens"] <= budget:
             selected.append(item["memory"])
             total_tokens += item["tokens"]
-        elif item["tokens"] < budget * 0.1:
-            # Allow small memories even if slightly over budget
-            if total_tokens + item["tokens"] <= budget * 1.1:
+        elif slack > 0.0 and item["tokens"] < budget * 0.1:
+            # Allow small memories into the explicit, bounded slack region.
+            if total_tokens + item["tokens"] <= hard_cap:
                 selected.append(item["memory"])
                 total_tokens += item["tokens"]
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "loki-mode",
   "mcpName": "io.github.asklokesh/loki-mode",
-  "version": "7.64.0",
+  "version": "7.66.0",
   "description": "Loki Mode by Autonomi. Autonomous spec-to-product system: takes a PRD, GitHub issue, OpenAPI/JSON/YAML, or one-line brief to a deployed app via the RARV-C closure loop with 8 quality gates. Provider-agnostic (Claude Code, OpenAI Codex, Cline, Aider).",
   "keywords": [
     "agent",

package/plugins/loki-mode/.claude-plugin/plugin.json

@@ -2,7 +2,7 @@
   "$schema": "https://json.schemastore.org/claude-code-plugin-manifest.json",
   "name": "loki-mode",
   "displayName": "Loki Mode",
-  "version": "7.64.0",
+  "version": "7.66.0",
   "description": "Autonomous spec-to-product build system with a built-in trust layer (RARV-C closure loop, 8 quality gates, completion council). Ships Loki's spec-hardening, drift-detection, and deterministic PR verification commands plus the Loki MCP server.",
   "author": {
     "name": "Autonomi",