loki-mode 7.7.9 → 7.7.11

package/SKILL.md

@@ -3,7 +3,7 @@ name: loki-mode
 description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes a spec (PRD, GitHub issue, OpenAPI doc, etc.) to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
 ---
 
-# Loki Mode v7.7.9
+# Loki Mode v7.7.11
 
 **You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
 
@@ -381,4 +381,4 @@ See `CHANGELOG.md` entries [7.5.7], [7.5.8], [7.5.13] for the per-fix list and r
 
 ---
 
-**v7.7.9 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
+**v7.7.11 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**

package/VERSION

@@ -1 +1 @@
-7.7.9
+7.7.11

package/autonomy/loki

@@ -1470,6 +1470,26 @@ cmd_start() {
     # Record session start time for efficiency tracking
     record_session_start
 
+    # UT2-13: Write cli-provider marker when --provider was explicitly passed.
+    # This lets cmd_status_json report provider_source="cli" for the lifetime
+    # of this session (24-hour heuristic). Atomic write via .tmp + mv.
+    # v7.7.11 (council fix): validate provider against canonical set BEFORE
+    # writing so a typo like `--provider xyz` does not pollute status output
+    # with bogus state for 24h. Also write current PID alongside so the reader
+    # can drop the marker when the originating process is no longer alive
+    # (SIGKILL / crash paths that skip our cleanup hooks).
+    case "$provider" in
+        claude|codex|cline|aider)
+            mkdir -p "$LOKI_DIR/state" 2>/dev/null || true
+            printf '%s:%s:%s\n' "$provider" "$(date +%s)" "$$" \
+                > "$LOKI_DIR/state/.cli-provider.tmp" 2>/dev/null \
+                && mv "$LOKI_DIR/state/.cli-provider.tmp" \
+                      "$LOKI_DIR/state/cli-provider" 2>/dev/null || true
+            ;;
+        '') : ;;  # no --provider passed
+        *)  log_warn "UT2-13: skipped cli-provider marker (unknown provider '$provider')" ;;
+    esac
+
     # Emit learning signal: user preference for provider selection (SYN-018)
     if [ -n "$provider" ]; then
         # User explicitly chose a provider
@@ -2272,6 +2292,41 @@ dashboard_port = sys.argv[3]
 env_provider = sys.argv[4]
 result = {}
 
+# UT2-13: Helper -- read cli-provider marker written by --provider flag dispatch.
+# v7.7.11 (council fix): file format is now '<provider>:<unix_ts>:<pid>' so we
+# can drop the marker when the originating process is gone (SIGKILL / crash
+# paths that bypassed our cleanup hooks). Also validates provider name against
+# canonical set so a typo writing the file can't pollute status output.
+# Legacy format '<provider>:<unix_ts>' still parses (no PID liveness check).
+# Returns (provider_name, True) when valid; (None, False) otherwise.
+def _read_cli_provider(loki_dir):
+    cli_file = os.path.join(loki_dir, 'state', 'cli-provider')
+    if not os.path.isfile(cli_file):
+        return None, False
+    try:
+        content = open(cli_file).read().strip()
+        parts = content.split(':')
+        if len(parts) < 2:
+            return None, False
+        prov = parts[0]
+        ts = int(parts[1])
+        if prov not in ('claude', 'codex', 'cline', 'aider'):
+            return None, False
+        if time.time() - ts > 86400:
+            return None, False
+        # If a PID is present, drop the marker when that process is gone.
+        if len(parts) >= 3:
+            try:
+                pid = int(parts[2])
+                if pid > 0:
+                    os.kill(pid, 0)
+            except (ValueError, ProcessLookupError, PermissionError):
+                # PID missing/dead/cross-uid -> treat as stale.
+                return None, False
+        return prov, True
+    except Exception:
+        return None, False
+
 # Version
 version_file = os.path.join(skill_dir, 'VERSION')
 if os.path.isfile(version_file):
@@ -2285,8 +2340,17 @@ if not os.path.isdir(loki_dir):
     result['status'] = 'inactive'
     result['phase'] = None
     result['iteration'] = 0
-    result['provider'] = env_provider if os.environ.get('LOKI_PROVIDER', '') else 'claude'
-    result['provider_source'] = 'env' if os.environ.get('LOKI_PROVIDER', '') else 'default'
+    # UT2-13: CLI check first (inactive path -- loki_dir may not exist yet).
+    _cli_prov, _cli_set = _read_cli_provider(loki_dir)
+    if _cli_set:
+        result['provider'] = _cli_prov
+        result['provider_source'] = 'cli'
+    elif os.environ.get('LOKI_PROVIDER', ''):
+        result['provider'] = env_provider
+        result['provider_source'] = 'env'
+    else:
+        result['provider'] = 'claude'
+        result['provider_source'] = 'default'
     result['dashboard_url'] = None
     result['pid'] = None
     result['elapsed_time'] = 0
@@ -2345,7 +2409,9 @@ else:
         result['iteration'] = 0
 
 # Provider + provider_source (v7.7.2 B-5 clarity: surface WHY this
-# value won the resolution race: 'saved' vs 'env' vs 'default').
+# value won the resolution race: 'cli' > 'saved' > 'env' > 'default').
+# UT2-13: cli source is checked FIRST -- overrides saved/env/default.
+_cli_prov, _cli_set = _read_cli_provider(loki_dir)
 provider_file = os.path.join(loki_dir, 'state', 'provider')
 if os.path.isfile(provider_file):
     try:
@@ -2356,7 +2422,10 @@ if os.path.isfile(provider_file):
 else:
     saved = ''
 env_set = os.environ.get('LOKI_PROVIDER', '') != ''
-if saved:
+if _cli_set:
+    result['provider'] = _cli_prov
+    result['provider_source'] = 'cli'
+elif saved:
     result['provider'] = saved
     result['provider_source'] = 'saved'
 elif env_set:
@@ -4736,6 +4805,18 @@ cmd_run() {
                 if [[ -n "${2:-}" ]]; then
                     provider_override="$2"
                     start_args+=("--provider" "$2")
+                    # UT2-13: Record CLI provider at parse time (atomic write).
+                    # v7.7.11 (council fix): validate against canonical set; include
+                    # PID so reader can drop the marker when originating process is gone.
+                    case "$2" in
+                        claude|codex|cline|aider)
+                            mkdir -p "${LOKI_DIR:-.loki}/state" 2>/dev/null || true
+                            printf '%s:%s:%s\n' "$2" "$(date +%s)" "$$" \
+                                > "${LOKI_DIR:-.loki}/state/.cli-provider.tmp" 2>/dev/null \
+                                && mv "${LOKI_DIR:-.loki}/state/.cli-provider.tmp" \
+                                      "${LOKI_DIR:-.loki}/state/cli-provider" 2>/dev/null || true
+                            ;;
+                    esac
                     shift 2
                 else
                     echo -e "${RED}--provider requires a value${NC}"
@@ -4745,6 +4826,17 @@ cmd_run() {
             --provider=*)
                 provider_override="${1#*=}"
                 start_args+=("--provider" "$provider_override")
+                # UT2-13: Record CLI provider at parse time (atomic write).
+                # v7.7.11 (council fix): validate + include PID.
+                case "$provider_override" in
+                    claude|codex|cline|aider)
+                        mkdir -p "${LOKI_DIR:-.loki}/state" 2>/dev/null || true
+                        printf '%s:%s:%s\n' "$provider_override" "$(date +%s)" "$$" \
+                            > "${LOKI_DIR:-.loki}/state/.cli-provider.tmp" 2>/dev/null \
+                            && mv "${LOKI_DIR:-.loki}/state/.cli-provider.tmp" \
+                                  "${LOKI_DIR:-.loki}/state/cli-provider" 2>/dev/null || true
+                        ;;
+                esac
                 shift
                 ;;
             --parallel|--bg|--background|--simple|--complex|--no-dashboard|--sandbox|--no-plan)

package/autonomy/run.sh

@@ -8755,10 +8755,68 @@ _intelligent_usage_regen() {
             _manifests="${_manifests}=== $f ===\n$(head -50 "$target_dir/$f" 2>/dev/null)\n\n"
         fi
     done
+    # v7.7.10 F-3 fix: include entrypoint file content so the model can read
+    # the ACTUAL port / host bindings instead of guessing from package.json
+    # scripts (which often imply port 3000 by convention but server.js may
+    # bind a different port like 3001). Without this the regen wrote
+    # "curl http://localhost:3000" for projects where the server bound 3001.
+    local _entrypoints=""
+    local _ep_candidates=""
+    # Detect entrypoint from package.json main field if present
+    if [ -f "$target_dir/package.json" ]; then
+        local _pkg_main
+        _pkg_main=$(python3 -c "import json,sys; d=json.load(open('$target_dir/package.json'));print(d.get('main') or '')" 2>/dev/null)
+        [ -n "$_pkg_main" ] && _ep_candidates="$_ep_candidates $_pkg_main"
+        # Extract files referenced in `scripts.start` and `scripts.dev`
+        local _pkg_scripts
+        _pkg_scripts=$(python3 -c "import json,re,sys; d=json.load(open('$target_dir/package.json'));s=d.get('scripts',{});c=' '.join([s.get('start',''),s.get('dev','')]);[print(t) for t in re.findall(r'[\\w/.-]+\\.(?:js|mjs|cjs|ts|mts|cts|py)\\b',c)]" 2>/dev/null)
+        [ -n "$_pkg_scripts" ] && _ep_candidates="$_ep_candidates $_pkg_scripts"
+    fi
+    # Fallback convention names for common stacks
+    for _ep in server.js server.ts server.mjs index.js index.ts app.js app.ts \
+               main.py app.py server.py manage.py wsgi.py asgi.py \
+               main.go cmd/server/main.go src/main.rs src/index.ts dist/server.js \
+               build/server.js; do
+        _ep_candidates="$_ep_candidates $_ep"
+    done
+    # Read first 80 lines of up to 3 unique existing candidates, scrubbing
+    # common secret-bearing lines before they ship to the haiku endpoint.
+    # v7.7.10 privacy guard: replaces lines matching API_KEY/SECRET/PASSWORD/
+    # TOKEN/PRIVATE_KEY/AUTH/CREDENTIAL/BEARER assignments with [REDACTED]
+    # so default-on regen does not exfiltrate hardcoded secrets. Port-binding
+    # lines (listen/run/ListenAndServe with numeric literals) are preserved.
+    # Opt out entirely with LOKI_INTELLIGENT_USAGE_INCLUDE_SOURCE=0.
+    local _include_source="${LOKI_INTELLIGENT_USAGE_INCLUDE_SOURCE:-1}"
+    local _seen="" _count=0
+    for _ep in $_ep_candidates; do
+        # Skip duplicates and non-existent files
+        case " $_seen " in *" $_ep "*) continue ;; esac
+        _seen="$_seen $_ep"
+        if [ -f "$target_dir/$_ep" ]; then
+            local _ep_body
+            if [ "$_include_source" = "0" ]; then
+                _ep_body="(entrypoint source omitted: LOKI_INTELLIGENT_USAGE_INCLUDE_SOURCE=0)"
+            else
+                # Scrub: any line whose text contains a credential keyword
+                # has its value (everything after the first `:` or `=`)
+                # replaced with [REDACTED]. Then any literal high-entropy
+                # token shape (stripe sk-, github ghp_/ghs_, slack xox, GCP
+                # AIza, AWS AKIA) is replaced inline. Port-binding lines
+                # (no credential keyword) pass through unchanged.
+                _ep_body=$(head -80 "$target_dir/$_ep" 2>/dev/null \
+                    | sed -E \
+                        -e '/[Aa][Pp][Ii][_-]?[Kk][Ee][Yy]|[Ss][Ee][Cc][Rr][Ee][Tt]|[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]|[Tt][Oo][Kk][Ee][Nn]|[Pp][Rr][Ii][Vv][Aa][Tt][Ee][_-]?[Kk][Ee][Yy]|[Cc][Rr][Ee][Dd][Ee][Nn][Tt][Ii][Aa][Ll]|[Bb][Ee][Aa][Rr][Ee][Rr]/ s/[:=].*$/= [REDACTED]/' \
+                        -e 's/(sk-[A-Za-z0-9_-]{16,}|pk_[A-Za-z0-9_-]{16,}|ghp_[A-Za-z0-9]{16,}|ghs_[A-Za-z0-9]{16,}|xox[bpoa]-[A-Za-z0-9-]{16,}|AIza[A-Za-z0-9_-]{32,}|AKIA[A-Z0-9]{12,})/[REDACTED]/g')
+            fi
+            _entrypoints="${_entrypoints}=== Entrypoint: $_ep ===\n${_ep_body}\n\n"
+            _count=$((_count + 1))
+            [ "$_count" -ge 3 ] && break
+        fi
+    done
     _commits=$(cd "$target_dir" && git log --oneline -10 2>/dev/null || true)
 
     log_info "Regenerating USAGE.md from final project state (intelligent mode)..."
-    local _ic_prompt="You are writing a USAGE.md for the project below. Detect the stack from the manifest files; emit a concise (under 100 lines) Markdown doc with sections: ## Prerequisites, ## Install, ## Start, ## Verify (2-3 copy-paste curl/browser/CLI commands with expected output), ## Stop. Use the ACTUAL command names from package.json scripts or pyproject entry points -- never generic placeholders. Output ONLY the Markdown body (no code-fence wrapper, no preamble).
+    local _ic_prompt="You are writing a USAGE.md for the project below. Detect the stack from the manifest files; emit a concise (under 100 lines) Markdown doc with sections: ## Prerequisites, ## Install, ## Start, ## Verify (2-3 copy-paste curl/browser/CLI commands with expected output), ## Stop. Use the ACTUAL command names from package.json scripts or pyproject entry points -- never generic placeholders. For ports, read the ENTRYPOINT file contents below (server.listen / app.listen / app.run / http.ListenAndServe / uvicorn.run port arg) -- do NOT infer port from script names or convention. If the entrypoint reads from process.env.PORT with a literal default, use the literal default. Output ONLY the Markdown body (no code-fence wrapper, no preamble).
 
 === Project tree (max 30 files, 3 levels deep) ===
 ${_tree}
@@ -8766,6 +8824,9 @@ ${_tree}
 === Manifest files ===
 ${_manifests}
 
+=== Entrypoint file contents (port bindings live here, NOT in package.json) ===
+${_entrypoints}
+
 === Last 10 commits ===
 ${_commits}"
 
@@ -12136,6 +12197,8 @@ cleanup() {
         # v7.5.12: Kill any running provider pipeline first, before slow cleanup.
         kill_provider_child 2>/dev/null || true
         rm -f "$loki_dir/STOP" "$loki_dir/PAUSE" "$loki_dir/PAUSED.md" 2>/dev/null
+        # UT2-13: Clear cli-provider marker on session end.
+        rm -f "$loki_dir/state/cli-provider" 2>/dev/null || true
         if type app_runner_cleanup &>/dev/null; then
             app_runner_cleanup
         fi
@@ -12183,6 +12246,8 @@ except (json.JSONDecodeError, OSError): pass
         stop_status_monitor
         kill_all_registered
         rm -f "$loki_dir/loki.pid" "$loki_dir/PAUSE" 2>/dev/null
+        # UT2-13: Clear cli-provider marker on session end.
+        rm -f "$loki_dir/state/cli-provider" 2>/dev/null || true
         # Clean up per-session PID file if running with session ID
         if [ -n "${LOKI_SESSION_ID:-}" ]; then
             rm -f "$loki_dir/sessions/${LOKI_SESSION_ID}/loki.pid" 2>/dev/null
@@ -12789,6 +12854,8 @@ main() {
     stop_status_monitor
     local loki_dir="${TARGET_DIR:-.}/.loki"
     rm -f "$loki_dir/loki.pid" 2>/dev/null
+    # UT2-13: Clear cli-provider marker on normal session end.
+    rm -f "$loki_dir/state/cli-provider" 2>/dev/null || true
     # Clean up per-session PID file if running with session ID
     if [ -n "${LOKI_SESSION_ID:-}" ]; then
         rm -f "$loki_dir/sessions/${LOKI_SESSION_ID}/loki.pid" 2>/dev/null

package/dashboard/__init__.py

@@ -7,7 +7,7 @@ Modules:
     control: Session control API (start/stop/pause/resume)
 """
 
-__version__ = "7.7.9"
+__version__ = "7.7.11"
 
 # Expose the control app for easy import
 try:

package/dashboard/static/index.html

@@ -492,6 +492,24 @@
       font-size: 13px;
       color: var(--loki-text-secondary);
     }
+
+    /* USAGE.md markdown render styles */
+    .usage-md { max-height: 480px; overflow: auto; padding: 12px; background: var(--loki-bg-secondary, #111); border-radius: 4px; color: var(--loki-text-primary, #eee); font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; font-size: 13px; line-height: 1.6; }
+    .usage-md h1 { font-size: 1.35rem; font-weight: 600; margin: 0.75em 0 0.4em; border-bottom: 1px solid var(--loki-border, #333); padding-bottom: 4px; }
+    .usage-md h2 { font-size: 1.15rem; font-weight: 600; margin: 0.75em 0 0.4em; }
+    .usage-md h3 { font-size: 1rem; font-weight: 600; margin: 0.65em 0 0.3em; }
+    .usage-md p { margin: 0.4em 0; }
+    .usage-md ul, .usage-md ol { margin: 0.4em 0 0.4em 1.5em; padding: 0; }
+    .usage-md li { margin: 0.15em 0; }
+    .usage-md pre { background: var(--loki-bg-tertiary, #0a0a0a); border: 1px solid var(--loki-border, #333); border-radius: 4px; padding: 10px 12px; overflow-x: auto; margin: 0.5em 0; }
+    .usage-md pre code { font-family: 'JetBrains Mono', 'Fira Code', monospace; font-size: 11.5px; background: none; padding: 0; white-space: pre; }
+    .usage-md code { font-family: 'JetBrains Mono', 'Fira Code', monospace; font-size: 11.5px; background: var(--loki-bg-tertiary, #0a0a0a); padding: 1px 4px; border-radius: 3px; }
+    .usage-md blockquote { border-left: 3px solid var(--loki-accent, #553de9); margin: 0.5em 0; padding: 4px 12px; color: var(--loki-text-secondary, #888); }
+    .usage-md hr { border: none; border-top: 1px solid var(--loki-border, #333); margin: 0.75em 0; }
+    .usage-md strong { font-weight: 600; }
+    .usage-md em { font-style: italic; }
+    .usage-md a { color: var(--loki-accent, #553de9); text-decoration: none; }
+    .usage-md a:hover { text-decoration: underline; }
   </style>
 </head>
 <body>
@@ -707,10 +725,148 @@
             <h3 style="font-family: 'DM Serif Display', Georgia, serif; font-size: 1.15rem; font-weight: 400; color: var(--loki-text-primary); margin-bottom: 12px;">How to Run (USAGE.md)</h3>
             <div id="usage-doc-panel" style="background: var(--loki-bg-card, #1a1a1a); border: 1px solid var(--loki-border, #333); border-radius: 5px; padding: 12px;">
               <div id="usage-doc-meta" style="font-size: 11px; color: var(--loki-text-muted, #888); margin-bottom: 8px;">Loading...</div>
-              <pre id="usage-doc-content" style="margin: 0; padding: 12px; background: var(--loki-bg-secondary, #111); border-radius: 4px; font-family: 'JetBrains Mono', monospace; font-size: 12px; white-space: pre-wrap; word-break: break-word; color: var(--loki-text-primary, #eee); max-height: 480px; overflow: auto;"></pre>
+              <div id="usage-doc-content" class="usage-md"></div>
             </div>
             <script>
               (function(){
+                // Minimal markdown-to-HTML converter for USAGE.md content.
+                // Handles: fenced code blocks, headings, horizontal rules,
+                // blockquotes, unordered/ordered lists, inline bold/italic/code,
+                // and paragraphs. Script tags are stripped from non-code text.
+                function renderUsageMarkdown(md) {
+                  if (!md) return '';
+                  var lines = md.split('
+');
+                  var html = '';
+                  var i = 0;
+                  var inList = null; // 'ul' or 'ol'
+
+                  function escapeHtml(s) {
+                    return s.replace(/&/g, '&amp;')
+                            .replace(/</g, '&lt;')
+                            .replace(/>/g, '&gt;')
+                            .replace(/"/g, '&quot;');
+                  }
+
+                  function closeList() {
+                    if (inList) { html += '</' + inList + '>'; inList = null; }
+                  }
+
+                  function inlineFormat(s) {
+                    // Escape HTML first (outside code spans)
+                    // Process inline code spans before escaping the rest
+                    var BT = '`'; // backtick -- avoid literal backtick inside template literal
+                    var result = '';
+                    var codeSpanRe = new RegExp('(' + BT + '[^' + BT + ']+' + BT + ')');
+                    var chunks = s.split(codeSpanRe);
+                    for (var ci = 0; ci < chunks.length; ci++) {
+                      var ch = chunks[ci];
+                      if (ch.charAt(0) === BT && ch.charAt(ch.length - 1) === BT && ch.length > 2) {
+                        result += '<code>' + escapeHtml(ch.slice(1, -1)) + '</code>';
+                      } else {
+                        var esc = escapeHtml(ch);
+                        // strip any residual <script tags that survived escaping (defensive)
+                        esc = esc.replace(/&lt;script/gi, '&lt;sc​ript');
+                        esc = esc.replace(/**([^*]+)**/g, '<strong>$1</strong>');
+                        esc = esc.replace(/__([^_]+)__/g, '<strong>$1</strong>');
+                        esc = esc.replace(/*([^*]+)*/g, '<em>$1</em>');
+                        esc = esc.replace(/_([^_]+)_/g, '<em>$1</em>');
+                        // v7.7.11 XSS guard (Opus 1 council): only allow http/https/mailto/anchor/relative href.
+                        // javascript: / data: / vbscript: are stripped to a plain code span so the URL stays visible
+                        // but is not clickable. USAGE.md absorbs agent output + PRD text; treat as untrusted.
+                        esc = esc.replace(/[([^]]+)](([^)]+))/g, function(_m, label, url){
+                          var safe = /^(https?://|mailto:|#|/(?!/))/.test(url);
+                          if (safe) return '<a href="' + url + '" rel="noopener noreferrer">' + label + '</a>';
+                          return '<code>' + label + ' (' + url + ')</code>';
+                        });
+                        result += esc;
+                      }
+                    }
+                    return result;
+                  }
+
+                  while (i < lines.length) {
+                    var line = lines[i];
+
+                    // Fenced code block (BT3 = three backticks)
+                    var BT3 = '```';
+                    if (line.slice(0, 3) === BT3) {
+                      closeList();
+                      var lang = line.slice(3).trim();
+                      var codeLines = [];
+                      i++;
+                      while (i < lines.length && lines[i].slice(0, 3) !== BT3) {
+                        codeLines.push(lines[i]);
+                        i++;
+                      }
+                      var codeContent = escapeHtml(codeLines.join('
+'));
+                      html += '<pre><code' + (lang ? ' class="language-' + escapeHtml(lang) + '"' : '') + '>' + codeContent + '</code></pre>';
+                      i++;
+                      continue;
+                    }
+
+                    // Headings
+                    var hMatch = line.match(/^(#{1,6})s+(.*)/);
+                    if (hMatch) {
+                      closeList();
+                      var level = hMatch[1].length;
+                      html += '<h' + level + '>' + inlineFormat(hMatch[2]) + '</h' + level + '>';
+                      i++;
+                      continue;
+                    }
+
+                    // Horizontal rule
+                    if (/^(-{3,}|*{3,}|_{3,})$/.test(line.trim())) {
+                      closeList();
+                      html += '<hr>';
+                      i++;
+                      continue;
+                    }
+
+                    // Blockquote
+                    if (/^>/.test(line)) {
+                      closeList();
+                      html += '<blockquote>' + inlineFormat(line.replace(/^>s?/, '')) + '</blockquote>';
+                      i++;
+                      continue;
+                    }
+
+                    // Unordered list
+                    var ulMatch = line.match(/^(s*[-*+])s+(.*)/);
+                    if (ulMatch) {
+                      if (inList !== 'ul') { closeList(); html += '<ul>'; inList = 'ul'; }
+                      html += '<li>' + inlineFormat(ulMatch[2]) + '</li>';
+                      i++;
+                      continue;
+                    }
+
+                    // Ordered list
+                    var olMatch = line.match(/^s*d+.s+(.*)/);
+                    if (olMatch) {
+                      if (inList !== 'ol') { closeList(); html += '<ol>'; inList = 'ol'; }
+                      html += '<li>' + inlineFormat(olMatch[1]) + '</li>';
+                      i++;
+                      continue;
+                    }
+
+                    // Blank line
+                    if (line.trim() === '') {
+                      closeList();
+                      i++;
+                      continue;
+                    }
+
+                    // Paragraph
+                    closeList();
+                    html += '<p>' + inlineFormat(line) + '</p>';
+                    i++;
+                  }
+
+                  closeList();
+                  return html;
+                }
+
                 function loadUsage(){
                   fetch('/api/usage').then(function(r){ return r.json(); }).then(function(j){
                     var meta = document.getElementById('usage-doc-meta');
@@ -718,13 +874,13 @@
                     if (!meta || !body) return;
                     if (!j || !j.exists){
                       meta.textContent = 'USAGE.md not generated yet. Loki writes it at the end of each session.';
-                      body.textContent = '';
+                      body.innerHTML = '';
                       return;
                     }
                     var size = j.size > 1024 ? (j.size/1024).toFixed(1) + ' KB' : j.size + ' B';
                     var when = j.mtime ? new Date(j.mtime*1000).toLocaleString() : '';
                     meta.textContent = j.path + '  (' + size + (j.truncated ? ', truncated' : '') + ', ' + when + ')';
-                    body.textContent = j.content || '';
+                    body.innerHTML = renderUsageMarkdown(j.content || '');
                   }).catch(function(e){
                     var meta = document.getElementById('usage-doc-meta');
                     if (meta) meta.textContent = 'Failed to load USAGE.md: ' + (e && e.message ? e.message : 'unknown');

package/docs/INSTALLATION.md

@@ -2,7 +2,7 @@
 
 The flagship product of [Autonomi](https://www.autonomi.dev/). Complete installation instructions for all platforms and use cases.
 
-**Version:** v7.7.9
+**Version:** v7.7.11
 
 ---