loki-mode 7.8.3 → 7.9.1

package/autonomy/lib/proof_redact.py

@@ -0,0 +1,297 @@
+"""Redaction module for Loki Mode proof-of-run artifacts.
+
+This is the single security chokepoint for the proof-of-run feature. The
+generator assembles the full proof dict, then calls redact_tree() exactly
+once before serialization. The HTML page is built only from the redacted
+dict. If redaction did not run, the generator refuses to emit.
+
+RULES_VERSION is part of the frozen schema; bump it only when the redaction
+behavior changes in a way callers must be able to detect.
+
+Patterns implemented (see R1-proof-of-run-PLAN.md REDACTION RULES):
+  - Anthropic keys (sk-ant-...) -> [REDACTED:ANTHROPIC_KEY]
+  - OpenAI-style keys (sk-...)  -> [REDACTED:OPENAI_KEY]
+  - Google API keys (AI...)     -> [REDACTED:GOOGLE_KEY]
+  - GitHub tokens (gh[pousr]_)  -> [REDACTED:GITHUB_TOKEN]
+  - AWS access key ids (AKIA..) -> [REDACTED:AWS_KEY]
+  - AWS secret access keys       -> [REDACTED:AWS_SECRET]
+  - Slack tokens (xox[baprs]-)  -> [REDACTED:SLACK_TOKEN]
+  - Bearer tokens               -> Bearer [REDACTED]
+  - JWTs (eyJ...)               -> [REDACTED:JWT]
+  - PEM PRIVATE KEY blocks      -> dropped whole -> [REDACTED:PRIVATE_KEY]
+  - .env / JSON / YAML secret assigns -> KEY=[REDACTED] / "key": "[REDACTED]"
+  - Connection-string credentials -> scheme://user:[REDACTED]@host
+  - Absolute user home paths    -> ~ (or repo-relative when ctx HOME matches)
+"""
+
+import re
+
+RULES_VERSION = "1.0"
+
+# Module-level context set via set_context() by the generator before
+# redact_tree() runs. Lets path redaction prefer repo-relative output when a
+# repo root is known. Context-free fallbacks always apply regardless.
+_CTX = {"home": None, "repo_root": None}
+
+
+def set_context(home=None, repo_root=None):
+    """Provide optional context used by path redaction.
+
+    home: the user's home dir ($HOME). Absolute paths under it collapse to ~.
+    repo_root: the repository root. Absolute paths under it become repo-rel.
+    Both are best-effort; the generic /Users/<n>/ and /home/<n>/ collapse
+    runs even when this is never called.
+    """
+    if home:
+        _CTX["home"] = home.rstrip("/")
+    if repo_root:
+        _CTX["repo_root"] = repo_root.rstrip("/")
+
+
+def reset_context():
+    """Clear context. Mainly for tests."""
+    _CTX["home"] = None
+    _CTX["repo_root"] = None
+
+
+# Each entry: (compiled_regex, replacement). Order matters: the most specific
+# patterns must run before broader ones (e.g. sk-ant- before sk-).
+_PATTERNS = [
+    # Anthropic keys must precede the generic sk- rule.
+    (re.compile(r"sk-ant-[A-Za-z0-9_-]{20,}"), "[REDACTED:ANTHROPIC_KEY]"),
+    # GitHub tokens: ghp_, gho_, ghu_, ghs_, ghr_.
+    (re.compile(r"gh[pousr]_[A-Za-z0-9]{20,}"), "[REDACTED:GITHUB_TOKEN]"),
+    # Slack tokens: xoxb-, xoxa-, xoxp-, xoxr-, xoxs-.
+    (re.compile(r"xox[baprs]-[A-Za-z0-9-]{10,}"), "[REDACTED:SLACK_TOKEN]"),
+    # AWS access key id.
+    (re.compile(r"AKIA[0-9A-Z]{16}"), "[REDACTED:AWS_KEY]"),
+    # JWTs: three base64url segments separated by dots, starting eyJ.
+    (
+        re.compile(r"eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+"),
+        "[REDACTED:JWT]",
+    ),
+    # Google API keys (broad per app_secrets.py:22).
+    (re.compile(r"AI[a-zA-Z0-9_-]{30,}"), "[REDACTED:GOOGLE_KEY]"),
+    # Generic OpenAI-style keys (after sk-ant- so it does not eat them).
+    (re.compile(r"sk-[A-Za-z0-9_-]{20,}"), "[REDACTED:OPENAI_KEY]"),
+]
+
+# Bearer tokens: keep the scheme, redact the credential.
+_BEARER = re.compile(r"(Bearer\s+)[A-Za-z0-9._~+/=-]{20,}")
+
+# PEM PRIVATE KEY blocks (any -----BEGIN ... PRIVATE KEY----- ... END block).
+# DOTALL so the body spanning newlines is matched and dropped whole.
+_PEM = re.compile(
+    r"-----BEGIN[^-]*PRIVATE KEY-----.*?-----END[^-]*PRIVATE KEY-----",
+    re.DOTALL,
+)
+
+# AWS secret access key: 40-char base64-ish token. Anchored to a key hint so
+# it does not nuke arbitrary 40-char strings. We look for an aws-secret style
+# assignment and redact the value.
+_AWS_SECRET_ASSIGN = re.compile(
+    r"(?i)(aws_secret_access_key|aws_secret)\s*[=:]\s*[\"']?[A-Za-z0-9/+=]{40}[\"']?"
+)
+
+# Secret assignments: keep the key, redact the value. Mirrors the bash privacy
+# guard at autonomy/run.sh:9047, extended to tolerate JSON / YAML-quoted forms.
+#
+# Three shapes are covered by one pattern:
+#   bare        DB_PASSWORD=hunter2          DB_PASSWORD: hunter2
+#   JSON-quoted "db_password": "hunter2"     "token":"abc"
+#   single-quote 'client_secret': 'abc'
+#
+# Group layout:
+#   1 -> optional opening quote around the key (" or ' or none); a backref
+#        forces the closing quote to match so we never key off a stray quote.
+#   2 -> the key itself (must contain a secret keyword, case-insensitive).
+#   3 -> the separator run (= or :, with surrounding whitespace).
+#   4 -> the value, either a fully-quoted string or a bare non-space run.
+#
+# The leading \b (placed AFTER the optional opening quote, BEFORE the key
+# word-chars) anchors each attempt to a word boundary. Without it, the greedy
+# [A-Za-z0-9_]* prefix would restart at every offset inside a long
+# word-character run, making the scan O(n^2) (a ReDoS / proof-generator DoS on
+# large diffs). With it the scan is linear.
+_ENV_ASSIGN = re.compile(
+    r"(?i)"
+    r"([\"']?)"                          # 1: optional opening quote
+    r"\b"                                # anchor: keeps the scan linear
+    r"([A-Za-z0-9_]*"
+    r"(?:PASSPHRASE|PASS_PHRASE|PASSWORD|PASSWD|PWD|SECRET|TOKEN|API[_-]?KEY|PRIVATE_KEY"
+    r"|AWS_SECRET_ACCESS_KEY|AWS_SECRET|DB_PASS|CREDENTIAL|CLIENT_SECRET"
+    r"|ACCESS_TOKEN|REFRESH_TOKEN|AUTH(?!ORIZATION))"
+    # AUTH(?!ORIZATION): match auth / auth_token / oauth keys but NOT the HTTP
+    # "Authorization: Bearer <tok>" header, which the Bearer rule owns (it keeps
+    # the scheme word). "authorization_token" still matches via the TOKEN branch.
+    r"[A-Za-z0-9_]*)"                    # 2: key
+    r"\1"                                # matching closing quote
+    r"(\s*[=:]\s*)"                      # 3: separator
+    r"(\"[^\"]*\"|'[^']*'|\S+)"          # 4: quoted-or-bare value
+)
+
+
+def _env_assign_sub(m):
+    """Redact a secret assignment value, preserving key, separator and quotes.
+
+    Quoted values keep their surrounding quotes (so "k": "v" -> "k": "[REDACTED]"
+    stays valid JSON/YAML); bare values are replaced wholesale.
+    """
+    open_q, key, sep, val = m.group(1), m.group(2), m.group(3), m.group(4)
+    if val and val[0] in "\"'" and len(val) >= 2 and val[-1] == val[0]:
+        q = val[0]
+        return open_q + key + open_q + sep + q + "[REDACTED]" + q
+    return open_q + key + open_q + sep + "[REDACTED]"
+
+
+# Connection-string / URI credentials: scheme://user:PASSWORD@host -> redact
+# the password component for ANY scheme, keeping scheme/user/host intact.
+# The leading \b anchors each attempt; the negated classes ([^\s:/@] etc.) make
+# each segment a single linear pass with no nested quantifier overlap.
+#   1 -> scheme://user:    2 -> password    3 -> @
+# Covers postgres://, mongodb://, redis:// (empty user), amqp://, https://, etc.
+# A URL with no "user:pass@" credential (https://host/path) does not match.
+# The password class is [^\s@]+ (stops only at the closing @) so passwords that
+# contain "/" (e.g. postgres://user:p/ss@host) are still fully captured.
+_URI_CREDENTIAL = re.compile(
+    r"\b([A-Za-z][A-Za-z0-9+.\-]*://[^\s:/@]*:)([^\s@]+)(@)"
+)
+
+# Absolute user home paths -> ~ . Applied to every string (paths, diffs,
+# brief, summaries). Windows form handled separately to keep the backslash
+# class readable.
+_UNIX_HOME = re.compile(r"/(?:Users|home)/[^/\s\"']+")
+_WIN_HOME = re.compile(r"[Cc]:\\Users\\[^\\\s\"']+")
+
+
+def _redact_paths(s):
+    """Collapse absolute user paths. Returns (new_string, count)."""
+    count = 0
+
+    def _unix_sub(m):
+        nonlocal count
+        count += 1
+        matched = m.group(0)
+        home = _CTX["home"]
+        repo_root = _CTX["repo_root"]
+        # Prefer repo-relative when the path is inside a known repo root.
+        # Note: m only captured /Users/<n> (no trailing path), so we cannot
+        # reconstruct the full path here. We collapse the home prefix to ~ and
+        # leave the remainder (handled by the caller operating on the whole
+        # string is not possible per-match, so ~ is the safe generic result).
+        if home and matched == home:
+            return "~"
+        if repo_root and matched == repo_root:
+            return "."
+        return "~"
+
+    def _win_sub(m):
+        nonlocal count
+        count += 1
+        return "~"
+
+    # First collapse a full $HOME / repo_root prefix anywhere in the string,
+    # which preserves the trailing path component (e.g. ~/git/x).
+    home = _CTX["home"]
+    repo_root = _CTX["repo_root"]
+    if repo_root and repo_root in s:
+        n = s.count(repo_root)
+        s = s.replace(repo_root, ".")
+        count += n
+    if home and home in s:
+        n = s.count(home)
+        s = s.replace(home, "~")
+        count += n
+
+    s, n1 = _UNIX_HOME.subn(_unix_sub, s)
+    s, n2 = _WIN_HOME.subn(_win_sub, s)
+    return s, count
+
+
+def _redact_value(s):
+    """Redact a single string. Returns (new_string, redactions_count).
+
+    Internal: counts every individual redaction (multiple secrets in one
+    string each increment the count) via re.subn.
+    """
+    if not isinstance(s, str) or not s:
+        return s, 0
+
+    total = 0
+
+    # PEM blocks first: drop the whole block before any token-level rule can
+    # partially match inside it.
+    s, n = _PEM.subn("[REDACTED:PRIVATE_KEY]", s)
+    total += n
+
+    # AWS secret assignments (typed) before generic env-assign so the value
+    # is labelled rather than reduced to a generic [REDACTED].
+    s, n = _AWS_SECRET_ASSIGN.subn(
+        lambda m: m.group(1) + "=[REDACTED:AWS_SECRET]", s
+    )
+    total += n
+
+    # Token patterns (ordered most-specific-first).
+    for pat, repl in _PATTERNS:
+        s, n = pat.subn(repl, s)
+        total += n
+
+    # Bearer tokens (keep scheme).
+    s, n = _BEARER.subn(r"\1[REDACTED]", s)
+    total += n
+
+    # Connection-string / URI credentials: scheme://user:PASSWORD@ -> redact
+    # the password. Runs before the generic env-assign so the "scheme://user:"
+    # prefix is consumed and the assign rule does not double-process it.
+    s, n = _URI_CREDENTIAL.subn(r"\1[REDACTED]\3", s)
+    total += n
+
+    # Secret assignments (bare, JSON-quoted, YAML-quoted): keep key, redact value.
+    s, n = _ENV_ASSIGN.subn(_env_assign_sub, s)
+    total += n
+
+    # Absolute user paths.
+    s, n = _redact_paths(s)
+    total += n
+
+    return s, total
+
+
+def redact_value(s):
+    """Public: redact a single string, returning only the redacted string."""
+    out, _ = _redact_value(s)
+    return out
+
+
+def redact_tree(obj):
+    """Recursively redact every string in a JSON-like structure.
+
+    Recurses both dict KEYS and dict VALUES, list items, and nested
+    structures. Returns (new_object, total_redactions_count).
+    """
+    if isinstance(obj, str):
+        return _redact_value(obj)
+
+    if isinstance(obj, dict):
+        out = {}
+        total = 0
+        for k, v in obj.items():
+            new_k, ck = (k, 0)
+            if isinstance(k, str):
+                new_k, ck = _redact_value(k)
+            new_v, cv = redact_tree(v)
+            out[new_k] = new_v
+            total += ck + cv
+        return out, total
+
+    if isinstance(obj, (list, tuple)):
+        out = []
+        total = 0
+        for item in obj:
+            new_item, c = redact_tree(item)
+            out.append(new_item)
+            total += c
+        return out, total
+
+    # int, float, bool, None: nothing to redact.
+    return obj, 0

package/autonomy/loki

@@ -566,6 +566,7 @@ show_help() {
     echo "  code [cmd]       Codebase intelligence (overview|symbols|deps|hotspots|diff)"
     echo "  report [opts]    Session report generator (--format text|markdown|html, --output)"
     echo "  share [opts]     Share session report as GitHub Gist (--private, --format)"
+    echo "  proof [cmd]      Inspect/share proof-of-run artifacts (list|show|open|share)"
     echo "  version          Show version"
     echo "  help             Show this help"
     echo ""
@@ -13074,6 +13075,9 @@ main() {
         share)
             cmd_share "$@"
             ;;
+        proof)
+            cmd_proof "$@"
+            ;;
         context|ctx)
             cmd_context "$@"
             ;;
@@ -24504,12 +24508,26 @@ cmd_share() {
     # Upload as gist
     echo "Uploading session report..."
     local gist_desc="Loki Mode session report ($(date +%Y-%m-%dT%H:%M:%S))"
+    _loki_gist_upload "$tmpfile" "$gist_desc" "$visibility"
+}
+
+# Internal helper: upload a single file as a GitHub Gist.
+# Args: $1=file path, $2=description, $3=visibility ("--public", "--private",
+# or "" for gh's default). NOTE: $3 is intentionally left unquoted at the
+# gh call site so an empty value collapses (the --private case sets it to "").
+# Removes the input file after the attempt. Prints "Shared: <url>" on success;
+# on failure prints the gh error and exits 1.
+_loki_gist_upload() {
+    local file="$1"
+    local desc="$2"
+    local visibility="$3"
+
     local gist_url
-    gist_url=$(gh gist create "$tmpfile" --desc "$gist_desc" $visibility 2>&1)
+    gist_url=$(gh gist create "$file" --desc "$desc" $visibility 2>&1)
     local gist_exit=$?
 
     # Cleanup temp file
-    rm -f "$tmpfile"
+    rm -f "$file"
 
     if [ $gist_exit -ne 0 ]; then
         echo -e "${RED}Failed to create gist${NC}"
@@ -24517,7 +24535,300 @@ cmd_share() {
         exit 1
     fi
 
+    # Expose the URL to callers (e.g. cmd_proof prints a ready-to-post hook
+    # after this returns). The shared "Shared:" line stays unchanged.
+    LOKI_LAST_GIST_URL="$gist_url"
     echo -e "${GREEN}Shared: ${gist_url}${NC}"
 }
 
+# loki proof - inspect and share proof-of-run artifacts (.loki/proofs/<id>/).
+# Subcommands: list | show <id> | open <id> | share <id>.
+# The proof.json schema is frozen (R1 spec). Reads are tolerant of missing
+# keys (early/degraded proofs) and default to "-".
+cmd_proof() {
+    local loki_dir="${LOKI_DIR:-.loki}"
+    local proofs_dir="${loki_dir}/proofs"
+    local sub="${1:-}"
+    [ $# -gt 0 ] && shift
+
+    case "$sub" in
+        ""|--help|-h|help)
+            echo -e "${BOLD}loki proof${NC} - inspect and share proof-of-run artifacts"
+            echo ""
+            echo "Usage: loki proof <subcommand> [args]"
+            echo ""
+            echo "Subcommands:"
+            echo "  list                 List proof-of-run artifacts in .loki/proofs/"
+            echo "  show <id>            Pretty-print .loki/proofs/<id>/proof.json"
+            echo "  open <id>            Open .loki/proofs/<id>/index.html in a browser"
+            echo "  share <id>           Publish the proof page as a GitHub Gist (opt-in)"
+            echo ""
+            echo "Options for 'share':"
+            echo "  --yes                Skip the redaction-preview confirmation prompt"
+            echo "  --private            Create a secret gist (default: public)"
+            echo "  --hosted             Reserved for hosted publishing (coming in R9)"
+            echo ""
+            echo "Proofs are generated automatically at run completion (LOKI_PROOF=0 to opt out)."
+            [ "$sub" = "" ] && exit 1
+            exit 0
+            ;;
+        list)
+            if [ ! -d "$proofs_dir" ]; then
+                echo -e "${YELLOW}No proofs found.${NC} Run 'loki start' to generate one."
+                exit 0
+            fi
+            local found=0
+            local pj
+            for pj in "$proofs_dir"/*/proof.json; do
+                [ -f "$pj" ] || continue
+                # Print the header lazily, only once a valid proof is found, so
+                # an empty (or proof-less) proofs dir prints just the
+                # "No proofs found" line -- matching the Bun route (proof.ts
+                # listProofs, which returns before the header when rows is empty).
+                if [ "$found" -eq 0 ]; then
+                    printf "%-26s  %-20s  %-10s  %-9s  %s\n" "RUN_ID" "GENERATED_AT" "VERDICT" "COST_USD" "FILES"
+                fi
+                found=1
+                LOKI_PROOF_JSON="$pj" python3 - <<'PYEOF'
+import json, os
+p = os.environ["LOKI_PROOF_JSON"]
+try:
+    with open(p) as f:
+        d = json.load(f)
+except Exception:
+    d = {}
+# Coerce missing AND explicitly-null fields to "-" so a null final_verdict /
+# cost.usd / count renders as "-" rather than Python's str(None) == "None".
+# This matches the Bun route (proof.ts str(): null/undefined -> "-").
+def s(v):
+    return "-" if v is None else str(v)
+run_id = d.get("run_id")
+gen = d.get("generated_at")
+verdict = (d.get("council") or {}).get("final_verdict")
+cost = (d.get("cost") or {}).get("usd")
+files = (d.get("files_changed") or {}).get("count")
+print("{:<26}  {:<20}  {:<10}  {:<9}  {}".format(
+    s(run_id), s(gen), s(verdict), s(cost), s(files)))
+PYEOF
+            done
+            if [ "$found" -eq 0 ]; then
+                echo -e "${YELLOW}No proofs found.${NC} Run 'loki start' to generate one."
+            fi
+            exit 0
+            ;;
+        show)
+            local id="${1:-}"
+            if [ -z "$id" ]; then
+                echo -e "${RED}Missing proof id.${NC} Use 'loki proof list'."
+                exit 2
+            fi
+            local pj="${proofs_dir}/${id}/proof.json"
+            if [ ! -f "$pj" ]; then
+                echo -e "${RED}Proof not found: ${id}${NC}"
+                echo "Use 'loki proof list' to see available proofs."
+                exit 1
+            fi
+            if command -v jq &>/dev/null; then
+                jq . "$pj"
+            else
+                LOKI_PROOF_JSON="$pj" python3 -c "import json,os; print(json.dumps(json.load(open(os.environ['LOKI_PROOF_JSON'])), indent=2))"
+            fi
+            exit 0
+            ;;
+        open)
+            local id="${1:-}"
+            if [ -z "$id" ]; then
+                echo -e "${RED}Missing proof id.${NC} Use 'loki proof list'."
+                exit 2
+            fi
+            local html="${proofs_dir}/${id}/index.html"
+            if [ ! -f "$html" ]; then
+                echo -e "${RED}Proof page not found: ${id}/index.html${NC}"
+                echo "Use 'loki proof list' to see available proofs."
+                exit 1
+            fi
+            echo -e "${GREEN}Opening proof: $html${NC}"
+            if command -v open &>/dev/null; then
+                open "$html"
+            elif command -v xdg-open &>/dev/null; then
+                xdg-open "$html"
+            elif command -v start &>/dev/null; then
+                start "$html"
+            else
+                echo ""
+                echo "Could not detect browser opener."
+                echo "Please open in browser: $html"
+            fi
+            exit 0
+            ;;
+        share)
+            local id=""
+            local skip_confirm=0
+            local visibility="--public"
+            while [[ $# -gt 0 ]]; do
+                case "$1" in
+                    --yes|-y) skip_confirm=1; shift ;;
+                    --private) visibility=""; shift ;;
+                    --public) visibility="--public"; shift ;;
+                    --hosted)
+                        echo -e "${RED}Hosted publishing is not available yet (coming in R9).${NC}"
+                        exit 1
+                        ;;
+                    -*) echo -e "${RED}Unknown option: $1${NC}"; exit 1 ;;
+                    *) id="$1"; shift ;;
+                esac
+            done
+            if [ -z "$id" ]; then
+                echo -e "${RED}Missing proof id.${NC} Use 'loki proof list'."
+                exit 2
+            fi
+            local html="${proofs_dir}/${id}/index.html"
+            if [ ! -f "$html" ]; then
+                echo -e "${RED}Proof page not found: ${id}/index.html${NC}"
+                echo "Use 'loki proof list' to see available proofs."
+                exit 1
+            fi
+            if ! command -v gh &>/dev/null; then
+                echo -e "${RED}gh CLI not found${NC}"
+                echo "Install the GitHub CLI to publish a proof:"
+                echo "  brew install gh        # macOS"
+                echo "  sudo apt install gh    # Ubuntu/Debian"
+                echo "  https://cli.github.com # Other platforms"
+                exit 1
+            fi
+            if ! gh auth status &>/dev/null 2>&1; then
+                echo -e "${RED}GitHub CLI not authenticated${NC}"
+                echo "Run 'gh auth login' to authenticate, then try again."
+                exit 1
+            fi
+
+            # Redaction preview. The generator already redacts the proof
+            # before writing index.html, so this is a transparency summary,
+            # not a second redaction pass.
+            local pj="${proofs_dir}/${id}/proof.json"
+            local vis_label="public"
+            [ -z "$visibility" ] && vis_label="secret"
+            echo -e "${BOLD}Publishing proof '${id}' as a ${vis_label} GitHub Gist${NC}"
+            echo ""
+            echo "What will be shared:"
+            echo "  - ${html}"
+            if [ -f "$pj" ]; then
+                LOKI_PROOF_JSON="$pj" python3 - <<'PYEOF' 2>/dev/null || true
+import json, os
+try:
+    d = json.load(open(os.environ["LOKI_PROOF_JSON"]))
+except Exception:
+    d = {}
+cost = (d.get("cost") or {}).get("usd", "-")
+# usd is null when cost was not collected for this run. Show an honest
+# "not recorded" instead of the literal "None" (a credibility wart in the
+# preview the sharer reads right before publishing).
+if cost is None:
+    cost = "not recorded"
+files = (d.get("files_changed") or {}).get("count", "-")
+verdict = (d.get("council") or {}).get("final_verdict", "-")
+red = d.get("redaction") or {}
+print("  - cost.usd:        {}".format(cost))
+print("  - files_changed:   {}".format(files))
+print("  - council verdict: {}".format(verdict))
+print("  - redaction:       applied={} rules_version={} redactions_count={}".format(
+    red.get("applied", False), red.get("rules_version", "-"), red.get("redactions_count", "-")))
+PYEOF
+            fi
+            echo ""
+            echo -e "${YELLOW}Secrets, API keys, tokens, env values, and absolute paths have already been stripped by the generator.${NC}"
+            echo ""
+
+            if [ "$skip_confirm" -ne 1 ]; then
+                printf "Publish this proof to a %s gist? [y/N] " "$vis_label"
+                local reply=""
+                read -r reply
+                case "$reply" in
+                    y|Y|yes|YES|Yes) ;;
+                    *) echo "Aborted. Nothing was published."; exit 0 ;;
+                esac
+            fi
+
+            # Copy to a temp file so _loki_gist_upload can remove it after.
+            local tmpfile
+            tmpfile=$(mktemp "/tmp/loki-proof-XXXXXX.html")
+            cp "$html" "$tmpfile"
+            echo "Uploading proof page..."
+            local gist_desc="Loki Mode proof-of-run ${id}"
+            _loki_gist_upload "$tmpfile" "$gist_desc" "$visibility"
+
+            # Print a ready-to-post one-line hook (real cost + url) so the user
+            # can paste it straight to X/HN. When cost was not collected, omit
+            # the cost (never fabricate a number, never print "$0.00").
+            if [ -n "${LOKI_LAST_GIST_URL:-}" ] && [ -f "$pj" ]; then
+                local hook
+                hook=$(LOKI_PROOF_JSON="$pj" LOKI_GIST_URL="$LOKI_LAST_GIST_URL" python3 - <<'PYEOF' 2>/dev/null || true
+import json, os
+try:
+    d = json.load(open(os.environ["LOKI_PROOF_JSON"]))
+except Exception:
+    d = {}
+cost = (d.get("cost") or {})
+usd = cost.get("usd")
+
+
+def fmt_usd(v):
+    if v is None:
+        return None
+    try:
+        n = float(v)
+    except Exception:
+        return None
+    s = ("%.4f" % n).rstrip("0").rstrip(".")
+    if "." not in s:
+        s += ".00"
+    elif len(s.split(".")[1]) == 1:
+        s += "0"
+    return "$" + s
+
+
+def council_ratio(d):
+    c = d.get("council") or {}
+    if not c.get("enabled"):
+        return None
+    revs = c.get("reviewers") or []
+    if not isinstance(revs, list) or not revs:
+        return None
+    ok = sum(1 for r in revs if isinstance(r, dict)
+             and str(r.get("vote") or "").upper() in ("APPROVE", "APPROVED"))
+    return ok, len(revs)
+
+
+u = fmt_usd(usd)
+lead = ("Built autonomously for " + u) if u is not None \
+    else "Built autonomously by Loki Mode"
+parts = [lead]
+fc = (d.get("files_changed") or {}).get("count", 0)
+try:
+    fc = int(fc)
+except Exception:
+    fc = 0
+parts.append("%d file%s changed" % (fc, "" if fc == 1 else "s"))
+cr = council_ratio(d)
+if cr:
+    parts.append("%d-of-%d reviewers approved" % (cr[0], cr[1]))
+print(" - ".join(parts) + " " + os.environ.get("LOKI_GIST_URL", ""))
+PYEOF
+)
+                if [ -n "$hook" ]; then
+                    echo ""
+                    echo "Ready to post:"
+                    echo "  ${hook}"
+                fi
+            fi
+            exit 0
+            ;;
+        *)
+            echo -e "${RED}Unknown subcommand: ${sub}${NC}"
+            echo "Run 'loki proof --help' for usage."
+            exit 1
+            ;;
+    esac
+}
+
 main "$@"