loki-mode 7.68.0 → 7.70.0

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Autonomous spec-driven build system with a built-in trust layer. It does not call work done until it is verified (RARV-C closure loop, 8 quality gates, completion council, verified-completion evidence gate). Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Provider-agnostic. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.68.0
+# Loki Mode v7.70.0
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -406,4 +406,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.68.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.70.0 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.68.0
+7.70.0

package/autonomy/app-runner.sh

@@ -1799,8 +1799,14 @@ app_runner_watchdog() {
     log_info "App Runner: auto-restarting in ${backoff}s..."
     sleep "$backoff"
 
-    # Clear PID and restart
+    # Clear PID and restart. Remove the identity token alongside app.pid (LOW-3):
+    # the token belongs to the now-dead process, and if the upcoming start fails
+    # (e.g. the old port is still held) no new token is written, so a leftover
+    # token would outlive its pid and could mislead a later _app_runner_pid_is_ours
+    # check. Every site that removes app.pid removes app.token (cf. stop:1443,
+    # watchdog crash-limit:1789).
     rm -f "$_APP_RUNNER_DIR/app.pid"
+    rm -f "$_APP_RUNNER_DIR/app.token"
     _APP_RUNNER_PID=""
     app_runner_start || log_warn "App Runner: auto-restart failed"
 }
@@ -1829,8 +1835,14 @@ app_runner_cleanup() {
         fi
     fi
 
-    # Remove PID file
+    # Remove PID file and its paired identity token (LOW-3). app_runner_stop
+    # above removes both when a pid is present, but it early-returns without
+    # touching either when called with no pid (the post-failed-restart leftover
+    # state: token present, app.pid already gone). Removing the token here too
+    # guarantees no stale token survives session end regardless of how cleanup
+    # was reached.
     rm -f "$_APP_RUNNER_DIR/app.pid"
+    rm -f "$_APP_RUNNER_DIR/app.token"
 
     # Update state
     _write_app_state "stopped"

package/autonomy/completion-council.sh

@@ -1971,6 +1971,9 @@ council_member_review() {
     fi
 
     local verdict=""
+    # bash-F4: exit code of the provider subcall (0 when no subcall ran, i.e.
+    # no-provider degraded mode). 124/137/143 => timeout => conservative REJECT.
+    local _provider_rc=0
     local role_instruction=""
     case "$role" in
         requirements_verifier)
@@ -2059,34 +2062,62 @@ ISSUES: CRITICAL:description (optional, one per line per issue)"
                 # CAVEMAN_DEFAULT_MODE=off suppression is preserved (see above).
                 # bash-F3: timeout-guard the provider subcall so a hung CLI can
                 # not stall the whole council. Default 600s matches the Bun route
-                # (council.ts LOKI_COUNCIL_TIMEOUT_MS=600000). A timeout yields
-                # empty output, which the [ -z "$verdict" ] fallback below turns
-                # into a conservative heuristic review.
+                # (council.ts LOKI_COUNCIL_TIMEOUT_MS=600000).
+                # bash-F4 (WAVE10 SAFE-DEFAULT): capture the subcall exit code so a
+                # timeout (124) is NOT silently routed into council_heuristic_review.
+                # The heuristic fallback defaults to APPROVE on benign evidence, so
+                # a full provider timeout used to let a 2-of-3 heuristic APPROVE mark
+                # the project COMPLETE (force-review path) -- the opposite of the
+                # required safe default. pipefail (run.sh:172) makes the assignment's
+                # $? equal timeout's 124 when the CLI is killed. _provider_rc is read
+                # after the case to force a conservative REJECT on timeout.
                 verdict=$(echo "$prompt" | timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" env CAVEMAN_DEFAULT_MODE=off claude "${_cm_argv[@]}" -p 2>/dev/null)
+                _provider_rc=$?
             fi
             ;;
         codex)
             if command -v codex &>/dev/null; then
                 verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" codex exec --sandbox workspace-write "$prompt" 2>/dev/null)
+                _provider_rc=$?
             fi
             ;;
         gemini)
             if command -v gemini &>/dev/null; then
                 verdict=$(echo "$prompt" | timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" gemini 2>/dev/null)
+                _provider_rc=$?
             fi
             ;;
         cline)
             if command -v cline &>/dev/null; then
                 verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" cline -y "$prompt" 2>/dev/null)
+                _provider_rc=$?
             fi
             ;;
         aider)
             if command -v aider &>/dev/null; then
                 verdict=$(timeout "${LOKI_COUNCIL_REVIEW_TIMEOUT:-600}" aider --message "$prompt" --yes-always --no-auto-commits --no-git 2>/dev/null)
+                _provider_rc=$?
             fi
             ;;
     esac
 
+    # bash-F4 (WAVE10 SAFE-DEFAULT): a provider timeout (124, incl. 128+SIGTERM
+    # variants 137/143 if a wrapper kills it) must NEVER fall through to the
+    # APPROVE-leaning heuristic review. A reviewer whose CLI hung produced NO
+    # judgement, so the only safe verdict is REJECT (conservative re-iterate).
+    # Note: when no provider CLI is installed, the command -v guard above means
+    # the subcall never runs and _provider_rc stays 0, so legitimate no-provider
+    # degraded mode still reaches the heuristic fallback unchanged.
+    if [ "$_provider_rc" -eq 124 ] || [ "$_provider_rc" -eq 137 ] || [ "$_provider_rc" -eq 143 ]; then
+        # run.sh's log_warn writes to STDOUT (see bash-F2 note); council_member_review's
+        # stdout is captured as the verdict, so redirect to stderr to keep the
+        # captured verdict clean (the log line carries no VOTE: token, so the
+        # parse stays REJECT regardless, but this avoids polluting the capture).
+        log_warn "Council member $member_id ($role): provider review timed out (rc=$_provider_rc); defaulting to REJECT" >&2
+        verdict="VOTE:REJECT
+REASON: Provider review timed out (rc=$_provider_rc); no judgement produced, defaulting to conservative REJECT"
+    fi
+
     # Fallback: if no AI provider available, use heuristic-based review
     if [ -z "$verdict" ]; then
         verdict=$(council_heuristic_review "$role" "$evidence_file")

package/autonomy/hooks/migration-hooks.sh

@@ -393,7 +393,7 @@ for friction in data.get('frictions', []):
             print(f'BLOCKED (strict): Friction {friction.get(\"id\", \"?\")} in {loc} - strict mode requires explicit approval')
             sys.exit(0)
 print('OK')
-" "$file_path" "$strict" "$heal_dir/friction-map.json" 2>/dev/null || echo "OK")
+" "$file_path" "$strict" "$heal_dir/friction-map.json" 2>/dev/null || echo "BLOCKED: friction-map check failed (corrupt/unreadable friction-map.json or python3 unavailable) -- failing closed")
 
         if [[ "$blocked" == BLOCKED* ]]; then
             echo "HOOK_BLOCKED: $blocked"

package/autonomy/loki

@@ -7358,8 +7358,8 @@ cmd_config() {
             echo "  issue.provider       Default issue provider: github, gitlab, jira, azure_devops"
             echo "  blind_validation     Blind validation mode: true, false (default: true)"
             echo "  adversarial_testing  Adversarial testing: true, false (default: true)"
-            echo "  spawn_timeout        Provider spawn timeout in seconds (default: 120)"
-            echo "  spawn_retries        Provider spawn retry count (default: 2)"
+            echo "  spawn_timeout        [DEPRECATED] No effect since WAVE9 (no consumer); accepted for back-compat"
+            echo "  spawn_retries        [DEPRECATED] No effect since WAVE9 (no consumer); accepted for back-compat"
             echo "  notify.slack         Slack webhook URL"
             echo "  notify.discord       Discord webhook URL"
             echo "  budget               Cost budget limit in USD"
@@ -7437,6 +7437,7 @@ cmd_config_set() {
             if ! echo "$value" | grep -qE '^[0-9]+$'; then
                 echo -e "${RED}Invalid $key: $value (expected: integer)${NC}"; return 1
             fi
+            echo -e "${YELLOW}Note: '$key' is deprecated and has no effect since WAVE9 (no consumer in the runtime). Accepted for back-compat only.${NC}" >&2
             ;;
         budget)
             if ! echo "$value" | grep -qE '^[0-9]+(\.[0-9]+)?$'; then
@@ -7518,8 +7519,8 @@ SET_CONFIG
         provider)         export LOKI_PROVIDER="$value" ;;
         blind_validation) export LOKI_BLIND_VALIDATION="$value" ;;
         adversarial_testing) export LOKI_ADVERSARIAL_TESTING="$value" ;;
-        spawn_timeout)    export LOKI_SPAWN_TIMEOUT="$value" ;;
-        spawn_retries)    export LOKI_SPAWN_RETRIES="$value" ;;
+        # spawn_timeout / spawn_retries: deprecated, no runtime consumer (WAVE9);
+        # intentionally not exported.
         budget)           export LOKI_BUDGET_LIMIT="$value" ;;
     esac
 }
@@ -7626,8 +7627,8 @@ cmd_config_show() {
     echo "  maxTier:              ${LOKI_MAX_TIER:-(unlimited)}"
     echo "  blind_validation:     ${LOKI_BLIND_VALIDATION:-true}"
     echo "  adversarial_testing:  ${LOKI_ADVERSARIAL_TESTING:-true}"
-    echo "  spawn_timeout:        ${LOKI_SPAWN_TIMEOUT:-120}s"
-    echo "  spawn_retries:        ${LOKI_SPAWN_RETRIES:-2}"
+    echo "  spawn_timeout:        (deprecated, no effect)"
+    echo "  spawn_retries:        (deprecated, no effect)"
     echo "  issue_provider:       ${LOKI_ISSUE_PROVIDER:-(auto-detect)}"
     echo "  budget:               ${LOKI_BUDGET_LIMIT:-(no limit)}"
     echo ""
@@ -13012,47 +13013,60 @@ else:
                 return 1
             fi
 
-            # Fire lifecycle hooks and record state
-            PYTHONPATH="${SKILL_DIR:-.}" python3 -c "
-import json, sys
-sys.path.insert(0, '${SKILL_DIR:-.}')
+            # Fire lifecycle hooks and record state.
+            # WAVE10: pass cluster_id / template_name / template_file / SKILL_DIR
+            # via os.environ instead of interpolating into the python source.
+            # A --cluster-id containing a single quote (e.g. "o'brien") made the
+            # heredoc body a SyntaxError, skipping all state recording while the
+            # green "Cluster: ..." line still printed (silent false success).
+            _LOKI_SKILL_DIR="${SKILL_DIR:-.}" \
+            _LOKI_TEMPLATE_FILE="${template_file}" \
+            _LOKI_CLUSTER_ID="${cluster_id}" \
+            _LOKI_TEMPLATE_NAME="${template_name}" \
+            _LOKI_DO_RESUME="${do_resume}" \
+            PYTHONPATH="${SKILL_DIR:-.}" python3 -c '
+import json, sys, os
+skill_dir = os.environ["_LOKI_SKILL_DIR"]
+sys.path.insert(0, skill_dir)
 from swarm.patterns import ClusterLifecycleHooks
 from state.sqlite_backend import SqliteStateBackend
 
 # Load template hooks config
-with open('${template_file}') as f:
+with open(os.environ["_LOKI_TEMPLATE_FILE"]) as f:
     tpl = json.load(f)
 
-hooks = ClusterLifecycleHooks(tpl.get('hooks', {}))
+hooks = ClusterLifecycleHooks(tpl.get("hooks", {}))
 db = SqliteStateBackend()
 
-cluster_id = '${cluster_id}'
-resume = '${do_resume}' == 'true'
+cluster_id = os.environ["_LOKI_CLUSTER_ID"]
+template_name = os.environ["_LOKI_TEMPLATE_NAME"]
+resume = os.environ["_LOKI_DO_RESUME"] == "true"
 
 if resume:
-    events = db.query_events(event_type='cluster_state', migration_id=cluster_id, limit=1)
+    events = db.query_events(event_type="cluster_state", migration_id=cluster_id, limit=1)
     if events:
-        print(f'Resuming cluster {cluster_id} from last checkpoint')
+        print(f"Resuming cluster {cluster_id} from last checkpoint")
     else:
-        print(f'No previous state found for {cluster_id}. Starting fresh.')
+        print(f"No previous state found for {cluster_id}. Starting fresh.")
 
 # Fire pre_run hooks
-results = hooks.fire('pre_run', {'cluster_id': cluster_id, 'template': '${template_name}'})
+results = hooks.fire("pre_run", {"cluster_id": cluster_id, "template": template_name})
 for r in results:
-    if not r['success']:
-        print(f'Pre-run hook failed: {r[\"output\"]}')
+    if not r["success"]:
+        print("Pre-run hook failed: " + str(r.get("output", "")))
 
 # Record cluster start
-db.record_event('cluster_start', {
-    'cluster_id': cluster_id,
-    'template': '${template_name}',
-    'agents': len(tpl.get('agents', [])),
-    'resume': resume,
+db.record_event("cluster_start", {
+    "cluster_id": cluster_id,
+    "template": template_name,
+    "agents": len(tpl.get("agents", [])),
+    "resume": resume,
 }, migration_id=cluster_id)
 
-print(f'Cluster {cluster_id} initialized with {len(tpl.get(\"agents\", []))} agents')
-print('Template validated. Lifecycle hooks active.')
-" 2>&1
+_n_agents = len(tpl.get("agents", []))
+print(f"Cluster {cluster_id} initialized with {_n_agents} agents")
+print("Template validated. Lifecycle hooks active.")
+' 2>&1
 
             echo -e "${GREEN}Cluster: $cluster_id${NC}"
             echo -e "Template: $template_name"
@@ -23325,10 +23339,10 @@ except: pass
         output=$(cat <<ENDJSON
 {
   "project": {
-    "name": "$project_name",
+    "name": $(_VAL="$project_name" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$project_name\""),
     "description": $(_DESC="$project_description" python3 -c "import json, os; print(json.dumps(os.environ.get('_DESC','')))" 2>/dev/null || echo "\"$project_description\""),
-    "version": "$project_version",
-    "path": "$target_path"
+    "version": $(_VAL="$project_version" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$project_version\""),
+    "path": $(_VAL="$target_path" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$target_path\"")
   },
   "languages": "$(echo $languages | sed 's/  */ /g')",
   "frameworks": "$(echo $frameworks | sed 's/  */ /g')",
@@ -23342,9 +23356,9 @@ except: pass
     "docs": $doc_count
   },
   "commands": {
-    "build": "$build_cmd",
-    "run": "$run_cmd",
-    "test": "$test_cmd"
+    "build": $(_VAL="$build_cmd" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$build_cmd\""),
+    "run": $(_VAL="$run_cmd" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$run_cmd\""),
+    "test": $(_VAL="$test_cmd" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$test_cmd\"")
   },
   "depth": $depth
 }
@@ -23354,10 +23368,10 @@ ENDJSON
         # YAML output
         output=$(cat <<ENDYAML
 project:
-  name: $project_name
-  description: "$project_description"
-  version: "$project_version"
-  path: $target_path
+  name: $(_VAL="$project_name" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$project_name\"")
+  description: $(_VAL="$project_description" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$project_description\"")
+  version: $(_VAL="$project_version" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$project_version\"")
+  path: $(_VAL="$target_path" python3 -c "import json, os; print(json.dumps(os.environ.get('_VAL','')))" 2>/dev/null || echo "\"$target_path\"")
 languages: $languages
 frameworks: $frameworks
 build_system: $build_system

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.68.0"
+__version__ = "7.70.0"
 
 # Expose the control app for easy import
 try:

package/dashboard/server.py

@@ -122,32 +122,43 @@ class _RateLimiter:
         self._window = window_seconds
         self._max_keys = max_keys
         self._calls: dict[str, list[float]] = defaultdict(list)
+        # Sync route handlers (plain `def`) run in Starlette's threadpool, so
+        # check() can be entered by several threads at once against this one
+        # shared instance. Without a guard, one thread iterating self._calls
+        # (the empty-key prune or the LRU-eviction sort) while another inserts
+        # or deletes a key raises "dictionary changed size during iteration",
+        # which surfaces to the caller as a 500 on a trivial rate-limit guard.
+        # The lock is held only around the in-memory bookkeeping (no I/O, no
+        # await), so contention is negligible and it cannot deadlock async
+        # callers that reach this via run_in_threadpool.
+        self._lock = threading.Lock()
 
     def check(self, key: str) -> bool:
         now = time.time()
-        # Prune old timestamps for this key
-        self._calls[key] = [t for t in self._calls[key] if now - t < self._window]
-
-        # Remove keys with empty timestamp lists
-        empty_keys = [k for k, v in self._calls.items() if not v]
-        for k in empty_keys:
-            del self._calls[k]
-
-        # Evict least-recently-accessed keys if max_keys exceeded
-        if len(self._calls) > self._max_keys:
-            # Sort by last-access time (most recent timestamp), evict least recent
-            sorted_keys = sorted(
-                self._calls.items(),
-                key=lambda x: max(x[1]) if x[1] else 0
-            )
-            keys_to_remove = len(self._calls) - self._max_keys
-            for k, _ in sorted_keys[:keys_to_remove]:
+        with self._lock:
+            # Prune old timestamps for this key
+            self._calls[key] = [t for t in self._calls[key] if now - t < self._window]
+
+            # Remove keys with empty timestamp lists
+            empty_keys = [k for k, v in self._calls.items() if not v]
+            for k in empty_keys:
                 del self._calls[k]
 
-        if len(self._calls[key]) >= self._max_calls:
-            return False
-        self._calls[key].append(now)
-        return True
+            # Evict least-recently-accessed keys if max_keys exceeded
+            if len(self._calls) > self._max_keys:
+                # Sort by last-access time (most recent timestamp), evict least recent
+                sorted_keys = sorted(
+                    self._calls.items(),
+                    key=lambda x: max(x[1]) if x[1] else 0
+                )
+                keys_to_remove = len(self._calls) - self._max_keys
+                for k, _ in sorted_keys[:keys_to_remove]:
+                    del self._calls[k]
+
+            if len(self._calls[key]) >= self._max_calls:
+                return False
+            self._calls[key].append(now)
+            return True
 
 
 _control_limiter = _RateLimiter(max_calls=10, window_seconds=60)

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Loki Mode is a spec-driven autonomous builder with a built-in trust layer that takes any spec to a deployed product and verifies completion with evidence (quality gates plus a completion council), not just a "done" claim. Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.68.0
+**Version:** v7.70.0
 
 ---
 
@@ -395,7 +395,7 @@ provider works inside the container. Provide auth with your Anthropic API key:
 # Run Loki Mode in Docker (Claude provider, API-key auth)
 docker run --rm -e ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" \
   -v $(pwd):/workspace -w /workspace \
-  asklokesh/loki-mode:7.68.0 start ./my-spec.md
+  asklokesh/loki-mode:7.70.0 start ./my-spec.md
 ```
 
 ##### docker compose + .env (no host install)