loki-mode 7.66.1 → 7.68.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-driven build system with a built-in trust layer. It does not call work done until it is verified (RARV-C closure loop, 8 quality gates, completion council, verified-completion evidence gate). Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.66.1
+# Loki Mode v7.68.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -406,4 +406,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.66.1 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.68.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.66.1
+7.68.0

package/autonomy/app-runner.sh

@@ -778,7 +778,12 @@ app_runner_init() {
             local _project_hash
             _project_hash=$(echo "$dir" | (md5sum 2>/dev/null || md5 -r 2>/dev/null || echo "$$") | cut -c1-8)
             _APP_RUNNER_DOCKER_CONTAINER="loki-app-${_project_hash}"
-            _APP_RUNNER_METHOD="docker build -t loki-app . && docker run -d -p ${_APP_RUNNER_PORT}:${_APP_RUNNER_PORT} --name ${_APP_RUNNER_DOCKER_CONTAINER} loki-app"
+            # Hash the image tag the same way the container name is hashed so two
+            # Dockerfile-based projects do not clobber each other's image (an
+            # unhashed `loki-app` tag would be shared across every project). Build
+            # tag and run image arg MUST stay identical.
+            local _image_tag="loki-app-${_project_hash}"
+            _APP_RUNNER_METHOD="docker build -t ${_image_tag} . && docker run -d -p ${_APP_RUNNER_PORT}:${_APP_RUNNER_PORT} --name ${_APP_RUNNER_DOCKER_CONTAINER} ${_image_tag}"
             _APP_RUNNER_IS_DOCKER=true
             _write_detection "dockerfile" "$_APP_RUNNER_METHOD"
             log_info "App Runner: detected Dockerfile"
@@ -1012,6 +1017,59 @@ _app_runner_compose_running_count() {
     return 0
 }
 
+# Decide whether to prepend `exec` to the launched method. `exec` replaces the
+# bash wrapper with the command so the captured PID is the app itself (PID
+# identity for npm start / python app.py etc.). That is ONLY valid for a SINGLE
+# command. A compound method like `docker build ... && docker run ...` must NOT
+# be exec'd: `exec docker build` would replace the shell and the `&& docker run`
+# half would never run (the verified HIGH-1 bug -- image builds, no container).
+# Detection runs on the METHOD STRING ONLY, never the assembled launch line: the
+# assembled line always contains `;` (from the PORT env prefix and the pgid
+# `echo $$`), so testing it would mark every method compound and silently drop
+# the exec optimization for single commands.
+# Echoes "exec " for a single command, or "" (empty) for a compound command.
+_app_runner_exec_prefix() {
+    local method="$1"
+    case "$method" in
+        *"&&"*|*"||"*|*";"*)
+            # Compound: let bash run the full sequence as a child (no exec).
+            printf '%s' ""
+            ;;
+        *)
+            printf '%s' "exec "
+            ;;
+    esac
+}
+
+# Liveness predicate for the Dockerfile (single-image `docker run -d`) path,
+# which -- unlike compose -- has a project-hashed container name in
+# $_APP_RUNNER_DOCKER_CONTAINER. The method is a compound `docker build && docker
+# run -d` launched WITHOUT exec, so the captured PID is the short-lived bash
+# wrapper: it stays alive for the (possibly multi-minute) build, then exits right
+# after `docker run -d` detaches. Therefore liveness is:
+#   alive  = container running  OR  wrapper PID still alive (build in progress)
+#   dead   = wrapper PID dead   AND container not running
+# This tolerates a slow-but-succeeding build while a genuinely broken Dockerfile
+# still trips the watchdog breaker (wrapper dies, no container, 5x). Returns 0
+# when alive, 1 when dead. Never hard-fails (guarded for set -u / future set -e).
+_app_runner_dockerfile_container_running() {
+    local _name="${_APP_RUNNER_DOCKER_CONTAINER:-}"
+    [ -z "$_name" ] && return 1
+    if command -v docker >/dev/null 2>&1; then
+        local _state
+        _state=$(docker inspect -f '{{.State.Running}}' "$_name" 2>/dev/null || true)
+        if [ "$_state" = "true" ]; then
+            return 0
+        fi
+    fi
+    # Container not (yet) running: the build may still be in progress. The wrapper
+    # PID being alive is the build-in-progress signal.
+    if [ -n "${_APP_RUNNER_PID:-}" ] && kill -0 "$_APP_RUNNER_PID" 2>/dev/null; then
+        return 0
+    fi
+    return 1
+}
+
 # Read the RUNTIME published host port of the identified primary web service from
 # `docker compose ps` (the live mapping), as opposed to the config-declared port
 # from `docker compose config`. The config port is correct for fixed mappings
@@ -1127,6 +1185,25 @@ app_runner_start() {
         _port_env_prefix="export PORT=$_APP_RUNNER_PORT HTTP_PORT=$_APP_RUNNER_PORT SERVER_PORT=$_APP_RUNNER_PORT APP_PORT=$_APP_RUNNER_PORT; "
     fi
 
+    # Conditional exec (HIGH-1 fix): only `exec` a SINGLE command. A compound
+    # method (`docker build ... && docker run ...`) must run as a child so BOTH
+    # halves execute -- `exec docker build` would replace the shell and never
+    # reach `&& docker run`. Computed on the method string ONLY (see
+    # _app_runner_exec_prefix), not the assembled launch line.
+    local _exec_prefix
+    _exec_prefix=$(_app_runner_exec_prefix "$_APP_RUNNER_METHOD")
+
+    # Dockerfile path: `docker run --name <hashed>` fails if a stale (exited)
+    # container with that name still exists. This happens on a watchdog restart
+    # (the prior run's container was stopped, not removed) and would make every
+    # auto-restart fail with "name already in use". Remove any stale container
+    # by name before launch. Idempotent and safe when none exists. Compose has no
+    # _APP_RUNNER_DOCKER_CONTAINER, so this is Dockerfile-path only.
+    if [ "$_APP_RUNNER_IS_DOCKER" = true ] && [ -n "${_APP_RUNNER_DOCKER_CONTAINER:-}" ] \
+       && command -v docker >/dev/null 2>&1; then
+        docker rm -f "$_APP_RUNNER_DOCKER_CONTAINER" >/dev/null 2>&1 || true
+    fi
+
     # Start the process in a new process group
     if command -v setsid >/dev/null 2>&1; then
         _APP_RUNNER_HAS_SETSID=true
@@ -1136,7 +1213,7 @@ app_runner_start() {
         # Note: $_APP_RUNNER_METHOD has passed _validate_app_command (whitelist).
         # The `--` after `bash -lc` prevents flag injection if the assembled
         # script string ever begins with a `-`.
-        (cd "$dir" && setsid bash -lc -- "$_port_env_prefix"'echo $$ > "'"$_pgid_file"'"; exec '"$_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
+        (cd "$dir" && setsid bash -lc -- "$_port_env_prefix"'echo $$ > "'"$_pgid_file"'"; '"$_exec_prefix$_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
         local _subshell_pid=$!
         # Wait briefly for the pgid file to appear, then read the real PGID
         local _pgid_wait=0
@@ -1154,7 +1231,7 @@ app_runner_start() {
         _APP_RUNNER_HAS_SETSID=false
         # Note: $_APP_RUNNER_METHOD has passed _validate_app_command (whitelist).
         # The `--` after `bash -lc` prevents flag injection.
-        (cd "$dir" && bash -lc -- "${_port_env_prefix}exec $_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
+        (cd "$dir" && bash -lc -- "${_port_env_prefix}${_exec_prefix}$_APP_RUNNER_METHOD" >> "$_APP_RUNNER_DIR/app.log" 2>&1) &
         _APP_RUNNER_PID=$!
     fi
     # Register with central PID registry if available
@@ -1212,6 +1289,24 @@ app_runner_start() {
             _write_app_state "failed"
             return 1
         fi
+    elif [ "$_APP_RUNNER_IS_DOCKER" = true ] && [ -n "${_APP_RUNNER_DOCKER_CONTAINER:-}" ]; then
+        # Dockerfile path (HIGH-1): `docker build && docker run -d` is compound, so
+        # it is launched WITHOUT exec and the captured PID is the short-lived bash
+        # wrapper that exits once the detached container is up. Liveness keys on the
+        # container (or the wrapper still building), NOT the wrapper PID -- the same
+        # reasoning as the compose branch above. Port mapping is the fixed
+        # `-p PORT:PORT` from detection and the URL is already set, so no port
+        # reconciliation or PID identity token is needed here.
+        if _app_runner_dockerfile_container_running; then
+            _write_app_state "running"
+            log_info "App Runner: Dockerfile container '$_APP_RUNNER_DOCKER_CONTAINER' starting/running on port $_APP_RUNNER_PORT"
+            return 0
+        else
+            log_error "App Runner: Dockerfile container failed to start (no running container, build wrapper exited)"
+            _APP_RUNNER_CRASH_COUNT=$(( _APP_RUNNER_CRASH_COUNT + 1 ))
+            _write_app_state "failed"
+            return 1
+        fi
     elif kill -0 "$_APP_RUNNER_PID" 2>/dev/null; then
         # Reconcile recorded port with the port the app actually bound (finding
         # #597), so state.json / detection.json / the preview URL point at the
@@ -1456,6 +1551,23 @@ app_runner_health_check() {
         return 0
     fi
 
+    # Dockerfile path (HIGH-1): the detached `docker run -d` container's liveness
+    # is the container running (or the build wrapper still building), NOT the
+    # ephemeral bash wrapper PID. Without this branch the wrapper PID dies after
+    # the build detaches the container and the PID check below would report the
+    # live container as crashed -> watchdog tears it down and rebuilds forever.
+    if [ "$_APP_RUNNER_IS_DOCKER" = true ] && [ -n "${_APP_RUNNER_DOCKER_CONTAINER:-}" ]; then
+        if _app_runner_dockerfile_container_running; then
+            _write_health "true"
+            _write_app_state "running"
+            return 0
+        else
+            _write_health "false"
+            _write_app_state "crashed"
+            return 1
+        fi
+    fi
+
     # Check PID is alive (non-docker-compose methods)
     if ! kill -0 "$_APP_RUNNER_PID" 2>/dev/null; then
         _write_health "false"
@@ -1580,7 +1692,16 @@ app_runner_watchdog() {
     # This is what makes the service-aware health logic actually fire in the
     # live monitoring loop (not just in isolation). On an unhealthy web service
     # it restarts the stack under the same crash-count circuit breaker.
-    if [ "$_APP_RUNNER_IS_DOCKER" = true ] && echo "$_APP_RUNNER_METHOD" | grep -q "docker compose"; then
+    # Detached-docker paths (compose stacks AND the Dockerfile `docker run -d`
+    # container) both exit their captured wrapper PID once the container is up, so
+    # `kill -0` is the wrong liveness signal. Delegate to app_runner_health_check,
+    # whose container-aware branches (compose web service / hashed Dockerfile
+    # container) own the real liveness check, under the same crash-count circuit
+    # breaker. Without including the Dockerfile container here, the wrapper PID
+    # would read as dead after the build detaches and the watchdog would tear the
+    # live container down and rebuild forever (the HIGH-1 symptom).
+    if [ "$_APP_RUNNER_IS_DOCKER" = true ] && \
+       { echo "$_APP_RUNNER_METHOD" | grep -q "docker compose" || [ -n "${_APP_RUNNER_DOCKER_CONTAINER:-}" ]; }; then
         if app_runner_health_check; then
             # BUG 3 fix: the breaker is meant to fire on 5 CONSECUTIVE failures.
             # A confirmed-healthy observation clears any accumulated count so a
@@ -1590,7 +1711,7 @@ app_runner_watchdog() {
             return 0
         fi
         _APP_RUNNER_CRASH_COUNT=$(( _APP_RUNNER_CRASH_COUNT + 1 ))
-        log_warn "App Runner: compose web service unhealthy (crash #$_APP_RUNNER_CRASH_COUNT)"
+        log_warn "App Runner: docker container unhealthy (crash #$_APP_RUNNER_CRASH_COUNT)"
         if [ "$_APP_RUNNER_CRASH_COUNT" -ge 5 ]; then
             log_error "App Runner: crash limit reached (5), marking as crashed"
             tail -20 "$_APP_RUNNER_DIR/app.log" 2>/dev/null | while IFS= read -r line; do
@@ -1601,9 +1722,9 @@ app_runner_watchdog() {
         fi
         local _c_backoff=$(( 1 << _APP_RUNNER_CRASH_COUNT ))
         [ "$_c_backoff" -gt 30 ] && _c_backoff=30
-        log_info "App Runner: restarting compose stack in ${_c_backoff}s..."
+        log_info "App Runner: restarting docker app in ${_c_backoff}s..."
         sleep "$_c_backoff"
-        app_runner_start || log_warn "App Runner: compose auto-restart failed"
+        app_runner_start || log_warn "App Runner: docker auto-restart failed"
         return 0
     fi
 

package/autonomy/loki

@@ -2204,6 +2204,72 @@ _kill_pid() {
     fi
 }
 
+# v7.7.34 group-kill, factored (loki-stop-F1). Reaps the orchestrator's whole
+# process group via the recorded pgid so the autonomous agent (claude/codex/
+# aider), which shares the orchestrator group and would otherwise reparent to
+# init and keep editing files, is killed atomically. This is the SAME logic the
+# no-arg `loki stop` path used inline; it is now shared so the by-id path
+# (`loki stop <session-id>`) gets identical reaping instead of skipping it.
+#
+# Args: one or more pgid-file paths. Each is read, validated (numeric, > 1, NOT
+# this shell's own group), and group-killed; the file is removed after. A
+# protected-pid conflict (dashboard / app-runner / registered pids that happen
+# to share the group) downgrades the kill to a per-pid kill that excludes the
+# protected pids, so a group-kill never tears down the dashboard. Every kill is
+# `|| true` guarded -- safe under set -e (killing an already-dead member, or an
+# empty group, returns non-zero legitimately).
+_stop_group_by_pgid_files() {
+    local _stop_pgid_file
+    for _stop_pgid_file in "$@"; do
+        [ -f "$_stop_pgid_file" ] || continue
+        local _spgid
+        _spgid=$(cat "$_stop_pgid_file" 2>/dev/null | tr -d ' ')
+        case "$_spgid" in ''|*[!0-9]*) continue ;; esac
+        [ "$_spgid" -gt 1 ] 2>/dev/null || continue
+        local _my_pgid
+        _my_pgid=$(ps -o pgid= -p $$ 2>/dev/null | tr -d ' ')
+        [ "$_spgid" = "$_my_pgid" ] && continue   # never kill our own group
+        # Collect protected pids (dashboard, app-runner, registered pids) so
+        # a group-kill never takes down the dashboard if it happens to share
+        # the orchestrator group. Mirrors the dashboard Python route.
+        local _protected=" "
+        local _pf
+        if [ -d "$LOKI_DIR/pids" ]; then
+            for _pf in "$LOKI_DIR/pids"/*.json; do
+                [ -f "$_pf" ] || continue
+                _protected="${_protected}$(basename "$_pf" .json) "
+            done
+        fi
+        for _pf in "$LOKI_DIR/dashboard/dashboard.pid" "${HOME}/.loki/dashboard/dashboard.pid"; do
+            [ -f "$_pf" ] && _protected="${_protected}$(cat "$_pf" 2>/dev/null | tr -d ' ') "
+        done
+        # Does any protected pid share this group?
+        local _conflict=0 _gp
+        for _gp in $(ps -axo pid=,pgid= 2>/dev/null | awk -v g="$_spgid" '$2==g{print $1}'); do
+            case "$_protected" in *" $_gp "*) _conflict=1; break ;; esac
+        done
+        if [ "$_conflict" = "1" ]; then
+            # Per-pid kill of group members EXCLUDING protected pids.
+            for _gp in $(ps -axo pid=,pgid= 2>/dev/null | awk -v g="$_spgid" '$2==g{print $1}'); do
+                case "$_protected" in *" $_gp "*) continue ;; esac
+                [ "$_gp" = "$$" ] && continue
+                kill -TERM "$_gp" 2>/dev/null || true
+            done
+            sleep 1
+            for _gp in $(ps -axo pid=,pgid= 2>/dev/null | awk -v g="$_spgid" '$2==g{print $1}'); do
+                case "$_protected" in *" $_gp "*) continue ;; esac
+                [ "$_gp" = "$$" ] && continue
+                kill -KILL "$_gp" 2>/dev/null || true
+            done
+        else
+            kill -TERM -- -"$_spgid" 2>/dev/null || true
+            sleep 1
+            kill -KILL -- -"$_spgid" 2>/dev/null || true
+        fi
+        rm -f "$_stop_pgid_file" 2>/dev/null || true
+    done
+}
+
 # Stop a specific session by its session ID
 _stop_session_by_id() {
     local sid="$1"
@@ -2296,6 +2362,29 @@ cmd_stop() {
     # Stop a specific session by ID
     if [ -n "$target_session" ]; then
         if is_session_running "$target_session"; then
+            # loki-stop-F1: group-kill FIRST (v7.7.34 discipline), scoped to THIS
+            # session's recorded pgid. Without this the by-id path reaped only the
+            # orchestrator pid (via _stop_session_by_id -> _kill_pid), leaving the
+            # autonomous agent (claude/codex/aider) -- which shares the
+            # orchestrator's process group -- to reparent to init and keep editing
+            # files. That is exactly the v7.7.34 orphaned-agent bug, reopened on
+            # the by-id path. The pgid is session-scoped: run.sh writes it next to
+            # the session pid as ${pid_file%.pid}.pgid, so we only ever touch THIS
+            # session's group (modern sessions/<id>/loki.pgid + legacy
+            # run-<id>.pgid), never a sibling session or another folder.
+            #
+            # Deliberately NOT mirrored from the no-arg path: the docker reap,
+            # session.json->stopped, and dashboard registry mark are folder/global
+            # side effects (the docker container is named by workspace sha with no
+            # per-session container; registry.mark_project_stopped marks the whole
+            # project; session.json is the folder-level skill session). Firing them
+            # on a by-id stop would mismark the project / kill a docker run while a
+            # sibling session in the same folder is still building. The group-kill
+            # alone closes the stated orphaned-agent hole; folder-global teardown
+            # stays on the no-arg / --all paths.
+            _stop_group_by_pgid_files \
+                "$LOKI_DIR/sessions/$target_session/loki.pgid" \
+                "$LOKI_DIR/run-${target_session}.pgid"
             _stop_session_by_id "$target_session"
             echo "Stopped session: $target_session"
         else
@@ -2381,56 +2470,9 @@ cmd_stop() {
         # session leader), so signaling the whole group reaps the orchestrator
         # AND the agent child atomically. Killing only the orchestrator pid lets
         # the agent reparent to init and keep editing files -- the reported bug.
-        # Guards: only a numeric pgid > 1 that is NOT this shell's own group.
-        local _stop_pgid_file
-        for _stop_pgid_file in "$LOKI_DIR/loki.pgid" "$LOKI_DIR/run.pgid"; do
-            [ -f "$_stop_pgid_file" ] || continue
-            local _spgid
-            _spgid=$(cat "$_stop_pgid_file" 2>/dev/null | tr -d ' ')
-            case "$_spgid" in ''|*[!0-9]*) continue ;; esac
-            [ "$_spgid" -gt 1 ] 2>/dev/null || continue
-            local _my_pgid
-            _my_pgid=$(ps -o pgid= -p $$ 2>/dev/null | tr -d ' ')
-            [ "$_spgid" = "$_my_pgid" ] && continue   # never kill our own group
-            # Collect protected pids (dashboard, app-runner, registered pids) so
-            # a group-kill never takes down the dashboard if it happens to share
-            # the orchestrator group. Mirrors the dashboard Python route.
-            local _protected=" "
-            local _pf
-            if [ -d "$LOKI_DIR/pids" ]; then
-                for _pf in "$LOKI_DIR/pids"/*.json; do
-                    [ -f "$_pf" ] || continue
-                    _protected="${_protected}$(basename "$_pf" .json) "
-                done
-            fi
-            for _pf in "$LOKI_DIR/dashboard/dashboard.pid" "${HOME}/.loki/dashboard/dashboard.pid"; do
-                [ -f "$_pf" ] && _protected="${_protected}$(cat "$_pf" 2>/dev/null | tr -d ' ') "
-            done
-            # Does any protected pid share this group?
-            local _conflict=0 _gp
-            for _gp in $(ps -axo pid=,pgid= 2>/dev/null | awk -v g="$_spgid" '$2==g{print $1}'); do
-                case "$_protected" in *" $_gp "*) _conflict=1; break ;; esac
-            done
-            if [ "$_conflict" = "1" ]; then
-                # Per-pid kill of group members EXCLUDING protected pids.
-                for _gp in $(ps -axo pid=,pgid= 2>/dev/null | awk -v g="$_spgid" '$2==g{print $1}'); do
-                    case "$_protected" in *" $_gp "*) continue ;; esac
-                    [ "$_gp" = "$$" ] && continue
-                    kill -TERM "$_gp" 2>/dev/null || true
-                done
-                sleep 1
-                for _gp in $(ps -axo pid=,pgid= 2>/dev/null | awk -v g="$_spgid" '$2==g{print $1}'); do
-                    case "$_protected" in *" $_gp "*) continue ;; esac
-                    [ "$_gp" = "$$" ] && continue
-                    kill -KILL "$_gp" 2>/dev/null || true
-                done
-            else
-                kill -TERM -- -"$_spgid" 2>/dev/null || true
-                sleep 1
-                kill -KILL -- -"$_spgid" 2>/dev/null || true
-            fi
-            rm -f "$_stop_pgid_file" 2>/dev/null || true
-        done
+        # Factored into _stop_group_by_pgid_files (loki-stop-F1) so the by-id stop
+        # path performs identical reaping. Here we pass the GLOBAL pgid files.
+        _stop_group_by_pgid_files "$LOKI_DIR/loki.pgid" "$LOKI_DIR/run.pgid"
 
         local killed_pid=""
         for pid_file in "$LOKI_DIR/loki.pid" "$LOKI_DIR/run.pid"; do
@@ -3029,7 +3071,7 @@ cmd_status_json() {
     local dashboard_port="${LOKI_DASHBOARD_PORT:-57374}"
     local env_provider="${LOKI_PROVIDER:-claude}"
 
-    python3 -c "
+    if ! python3 -c "
 import json, os, sys, time
 
 skill_dir = sys.argv[1]
@@ -3317,9 +3359,14 @@ if os.path.isfile(gate_count_file):
 result['phase1'] = phase1
 
 print(json.dumps(result, indent=2))
-" "$skill_dir" "$loki_dir" "$dashboard_port" "$env_provider"
-
-    if [ $? -ne 0 ]; then
+" "$skill_dir" "$loki_dir" "$dashboard_port" "$env_provider"; then
+        # WAVE8 loki-F2: under `set -euo pipefail` a bare python3 call aborts
+        # the whole function on non-zero exit, so the old post-call
+        # `if [ $? -ne 0 ]` fallback was DEAD code -- a missing/broken python3
+        # crashed `loki status --json` instead of degrading. Guarding the call
+        # with `if ! ...; then` catches the non-zero exit and emits the honest
+        # error object. (Most malformed state files already degrade internally
+        # via per-file try/except; this covers the interpreter-failure case.)
         echo '{"error": "Failed to generate JSON status. Ensure python3 is available."}' >&2
         return 1
     fi
@@ -12443,18 +12490,27 @@ for f in data.get('frictions', []):
 
     # Initialize or update healing progress
     if [[ ! -f "$heal_dir/healing-progress.json" ]] || [ "$do_resume" != "true" ]; then
+        # WAVE8 loki-est: pass codebase/phase/strict/out-path via env instead of
+        # interpolating raw bash into the python source. A codebase path or phase
+        # containing an apostrophe made this a SyntaxError; under `|| true` the
+        # progress file was then silently never written (and the later
+        # prev_phase read would fail), breaking healing resume.
+        LOKI_HEAL_CODEBASE="$codebase_path" \
+        LOKI_HEAL_PHASE_VAL="$phase" \
+        LOKI_HEAL_STRICT_VAL="$strict" \
+        LOKI_HEAL_OUT="$heal_dir/healing-progress.json" \
         python3 -c "
-import json
+import json, os
 from datetime import datetime
 progress = {
-    'codebase': '$codebase_path',
+    'codebase': os.environ.get('LOKI_HEAL_CODEBASE', ''),
     'started': datetime.now().isoformat(),
-    'current_phase': '$phase',
-    'strict_mode': $( [ "$strict" = "true" ] && echo "True" || echo "False" ),
+    'current_phase': os.environ.get('LOKI_HEAL_PHASE_VAL', ''),
+    'strict_mode': os.environ.get('LOKI_HEAL_STRICT_VAL', '') == 'true',
     'components': [],
     'overall_health': 0.0
 }
-with open('$heal_dir/healing-progress.json', 'w') as f:
+with open(os.environ['LOKI_HEAL_OUT'], 'w') as f:
     json.dump(progress, f, indent=2)
 " || true
     fi
@@ -12462,7 +12518,7 @@ with open('$heal_dir/healing-progress.json', 'w') as f:
     # BUG-HEAL-004: Validate phase gate when resuming from a previous phase
     if [ "$do_resume" = "true" ] && [[ -f "$heal_dir/healing-progress.json" ]] && type hook_healing_phase_gate &>/dev/null; then
         local prev_phase
-        prev_phase=$(python3 -c "import json; print(json.load(open('$heal_dir/healing-progress.json')).get('current_phase', 'archaeology'))" 2>/dev/null || echo "archaeology")
+        prev_phase=$(LOKI_HEAL_PROG="$heal_dir/healing-progress.json" python3 -c "import json, os; print(json.load(open(os.environ['LOKI_HEAL_PROG'])).get('current_phase', 'archaeology'))" 2>/dev/null || echo "archaeology")
         if [[ "$prev_phase" != "$phase" ]]; then
             local gate_result
             if ! gate_result=$(hook_healing_phase_gate "$prev_phase" "$phase" 2>&1); then
@@ -22792,35 +22848,39 @@ cmd_onboard() {
         fi
         # Extract metadata from package.json
         if command -v python3 &>/dev/null; then
+            # WAVE8 loki-est (same class as cmd_explain): pass the repo path via
+            # env (os.environ) instead of interpolating into the python source.
+            # A path with an apostrophe made each heredoc a SyntaxError, silently
+            # dropping the package.json name/version/description under `|| true`.
             local pkg_name
-            pkg_name=$(python3 -c "
-import json, sys
+            pkg_name=$(LOKI_ONB_PKG="$target_path/package.json" python3 -c "
+import json, os
 try:
-    d = json.load(open('$target_path/package.json'))
+    d = json.load(open(os.environ['LOKI_ONB_PKG']))
     print(d.get('name', ''))
 except: pass
 " 2>/dev/null || true)
             if [ -n "$pkg_name" ]; then
                 project_name="$pkg_name"
             fi
-            project_description=$(python3 -c "
-import json, sys
+            project_description=$(LOKI_ONB_PKG="$target_path/package.json" python3 -c "
+import json, os
 try:
-    d = json.load(open('$target_path/package.json'))
+    d = json.load(open(os.environ['LOKI_ONB_PKG']))
     print(d.get('description', ''))
 except: pass
 " 2>/dev/null || true)
-            project_version=$(python3 -c "
-import json, sys
+            project_version=$(LOKI_ONB_PKG="$target_path/package.json" python3 -c "
+import json, os
 try:
-    d = json.load(open('$target_path/package.json'))
+    d = json.load(open(os.environ['LOKI_ONB_PKG']))
     print(d.get('version', ''))
 except: pass
 " 2>/dev/null || true)
-            entry_points=$(python3 -c "
-import json, sys
+            entry_points=$(LOKI_ONB_PKG="$target_path/package.json" python3 -c "
+import json, os
 try:
-    d = json.load(open('$target_path/package.json'))
+    d = json.load(open(os.environ['LOKI_ONB_PKG']))
     main = d.get('main', '')
     if main: print(main)
     scripts = d.get('scripts', {})
@@ -23200,10 +23260,11 @@ $imports"
     if [ -f "$target_path/package.json" ]; then
         if command -v python3 &>/dev/null; then
             local scripts_json
-            scripts_json=$(python3 -c "
-import json
+            # WAVE8 loki-est: env-passed path (see cmd_onboard metadata block).
+            scripts_json=$(LOKI_ONB_PKG="$target_path/package.json" python3 -c "
+import json, os
 try:
-    d = json.load(open('$target_path/package.json'))
+    d = json.load(open(os.environ['LOKI_ONB_PKG']))
     s = d.get('scripts', {})
     for k in ['build', 'dev', 'start', 'test', 'lint', 'format', 'check', 'typecheck']:
         if k in s:
@@ -23595,10 +23656,14 @@ cmd_explain() {
 
         if command -v python3 &>/dev/null; then
             local pkg_meta
-            pkg_meta=$(python3 -c "
-import json
+            # WAVE8 loki-est: pass the path via env (os.environ) instead of
+            # interpolating into the python source -- a repo path containing an
+            # apostrophe broke the string literal and dropped all package.json
+            # metadata.
+            pkg_meta=$(LOKI_EXP_PKG="$target_path/package.json" python3 -c "
+import json, os
 try:
-    d = json.load(open('$target_path/package.json'))
+    d = json.load(open(os.environ['LOKI_EXP_PKG']))
     print(d.get('name', ''))
     print(d.get('description', ''))
     print(d.get('version', ''))
@@ -23827,17 +23892,67 @@ $devdeps_list"
 
     # --- JSON output ---
     if [ "$output_json" = true ]; then
+        # WAVE8 loki-est: pass every value via the environment and read it with
+        # os.environ instead of interpolating raw bash into the python source.
+        # Interpolation broke on any apostrophe/quote/newline in a project name,
+        # version, description, or path (e.g. a dir named `my'app`), silently
+        # degrading real analysis to `{"error": "JSON generation failed"}`.
+        # env-passing is injection-proof and keeps the same output shape.
+        LOKI_EXP_NAME="$project_name" \
+        LOKI_EXP_DESC="$project_description" \
+        LOKI_EXP_VERSION="$project_version" \
+        LOKI_EXP_PATH="$target_path" \
+        LOKI_EXP_LANGUAGES="$languages" \
+        LOKI_EXP_FRAMEWORKS="$frameworks" \
+        LOKI_EXP_BUILD="$build_system" \
+        LOKI_EXP_PKGMGR="$package_manager" \
+        LOKI_EXP_TESTFW="$test_framework" \
+        LOKI_EXP_CI="$ci_system" \
+        LOKI_EXP_PATTERNS="$detected_patterns" \
+        LOKI_EXP_TOTAL="$total_files" \
+        LOKI_EXP_SRC="$src_count" \
+        LOKI_EXP_TEST="$test_count" \
+        LOKI_EXP_DOC="$doc_count" \
+        LOKI_EXP_CONFIG="$config_count" \
+        LOKI_EXP_BUILDCMD="$build_cmd" \
+        LOKI_EXP_RUNCMD="$run_cmd" \
+        LOKI_EXP_TESTCMD="$test_cmd" \
+        LOKI_EXP_LINTCMD="$lint_cmd" \
+        LOKI_EXP_ENTRY="$major_files" \
+        LOKI_EXP_MONOREPO="$is_monorepo" \
+        LOKI_EXP_DOCKER="$has_docker" \
         python3 -c "
-import json
+import json, os
+
+def _s(name):
+    return os.environ.get(name, '')
+
+def _list(name):
+    v = _s(name).strip()
+    return v.split() if v else []
+
+def _opt(name):
+    v = _s(name).strip()
+    return v or None
+
+def _int(name):
+    try:
+        return int(_s(name).strip())
+    except (ValueError, TypeError):
+        return 0
+
+def _bool(name):
+    return _s(name).strip() == 'true'
+
 data = {
-    'project': {'name': '$project_name', 'description': '''$(echo "$project_description" | sed "s/'/\\\\'/g")''', 'version': '$project_version', 'path': '$target_path'},
-    'stack': {'languages': '${languages}'.split() if '${languages}'.strip() else [], 'frameworks': '${frameworks}'.split() if '${frameworks}'.strip() else [], 'build_system': '$build_system' or None, 'package_manager': '$package_manager' or None, 'test_framework': '${test_framework}'.split() if '${test_framework}'.strip() else [], 'ci': '${ci_system}'.strip() or None},
-    'patterns': '${detected_patterns}'.split() if '${detected_patterns}'.strip() else [],
-    'files': {'total': $total_files, 'source': $src_count, 'test': $test_count, 'docs': $doc_count, 'config': $config_count},
-    'commands': {'build': '${build_cmd}' or None, 'run': '${run_cmd}' or None, 'test': '${test_cmd}' or None, 'lint': '${lint_cmd}' or None},
-    'entry_points': '${major_files}'.split() if '${major_files}'.strip() else [],
-    'monorepo': $( [ "$is_monorepo" = true ] && echo "True" || echo "False" ),
-    'has_docker': $( [ "$has_docker" = true ] && echo "True" || echo "False" )
+    'project': {'name': _s('LOKI_EXP_NAME'), 'description': _s('LOKI_EXP_DESC'), 'version': _s('LOKI_EXP_VERSION'), 'path': _s('LOKI_EXP_PATH')},
+    'stack': {'languages': _list('LOKI_EXP_LANGUAGES'), 'frameworks': _list('LOKI_EXP_FRAMEWORKS'), 'build_system': _opt('LOKI_EXP_BUILD'), 'package_manager': _opt('LOKI_EXP_PKGMGR'), 'test_framework': _list('LOKI_EXP_TESTFW'), 'ci': _opt('LOKI_EXP_CI')},
+    'patterns': _list('LOKI_EXP_PATTERNS'),
+    'files': {'total': _int('LOKI_EXP_TOTAL'), 'source': _int('LOKI_EXP_SRC'), 'test': _int('LOKI_EXP_TEST'), 'docs': _int('LOKI_EXP_DOC'), 'config': _int('LOKI_EXP_CONFIG')},
+    'commands': {'build': _opt('LOKI_EXP_BUILDCMD'), 'run': _opt('LOKI_EXP_RUNCMD'), 'test': _opt('LOKI_EXP_TESTCMD'), 'lint': _opt('LOKI_EXP_LINTCMD')},
+    'entry_points': _list('LOKI_EXP_ENTRY'),
+    'monorepo': _bool('LOKI_EXP_MONOREPO'),
+    'has_docker': _bool('LOKI_EXP_DOCKER')
 }
 print(json.dumps(data, indent=2))
 " 2>/dev/null || echo '{"error": "JSON generation failed"}'