@aria_asi/cli 0.2.13 → 0.2.15

package/bin/aria.js

@@ -6,7 +6,7 @@ const require = createRequire(import.meta.url);
 import { loadConfig, saveConfig } from '../dist/aria-connector/src/config.js';
 import { AriaChat } from '../dist/aria-connector/src/chat.js';
 import { checkHarnessHealth } from '../dist/aria-connector/src/harness-client.js';
-import { login, status, logout, revoke } from '../dist/aria-connector/src/auth-commands.js';
+import { login, loginOwner, status, logout, revoke } from '../dist/aria-connector/src/auth-commands.js';
 import { connectClaudeCode } from '../dist/aria-connector/src/connectors/claude-code.js';
 import { maybePrintUpdateNotice, checkForUpdate } from '../dist/aria-connector/src/self-update.js';
 
@@ -75,16 +75,44 @@ if (command === 'check-update') {
         // ── Help text ──────────────────────────────────────────────────────────
         if (arg === '--help' || arg === '-h') {
           console.log('');
-          console.log('  aria login <token>          Log in with an Aria harness license token.');
-          console.log('  aria login --anthropic      Open Anthropic Console, paste your API key back here.');
-          console.log('  aria login -a               Shorthand for --anthropic.');
+          console.log('  aria login <token>              Log in with an Aria harness license token.');
+          console.log('  aria login --anthropic          Open Anthropic Console, paste your API key back here.');
+          console.log('  aria login -a                   Shorthand for --anthropic.');
+          console.log('  aria login --owner <master-token>');
+          console.log('                                  Activate owner mode. Validates the master token');
+          console.log('                                  against the server and stores a signed owner JWT');
+          console.log('                                  in ~/.aria/owner-token (mode 0600). All subsequent');
+          console.log('                                  requests will carry x-aria-owner: true, unlocking');
+          console.log('                                  direct runtime access, owner-only admin endpoints,');
+          console.log('                                  and unfiltered memory writes.');
           console.log('');
-          console.log("  I'll store your Aria license in ~/.aria/license.json and your Anthropic");
-          console.log('  API key in ~/.aria/config.json (mode 0600, readable only by you).');
+          console.log("  I'll store your Aria license in ~/.aria/license.json, your Anthropic");
+          console.log('  API key in ~/.aria/config.json, and your owner JWT in ~/.aria/owner-token');
+          console.log('  (all mode 0600, readable only by you).');
           console.log('');
           process.exit(0);
         }
 
+        // ── Owner-mode flow — master-token → owner JWT ─────────────────────────
+        // aria login --owner <master-token>
+        // The master token travels to the server and is NOT stored locally.
+        // Only the issued JWT (tier:'owner', sub:'hamza') is written to disk.
+        if (arg === '--owner') {
+          const masterToken = args[1];
+          if (!masterToken) {
+            console.error("Usage: aria login --owner <master-token>");
+            process.exit(1);
+          }
+          const result = await loginOwner(masterToken);
+          if (!result.ok) {
+            console.error(`I couldn't activate owner mode: ${result.error}`);
+            process.exit(1);
+          }
+          console.log("Owner mode active. Your owner JWT is saved to ~/.aria/owner-token.");
+          console.log("All requests will now carry x-aria-owner: true.");
+          process.exit(0);
+        }
+
         // ── Anthropic browser-paste flow ───────────────────────────────────────
         if (arg === '--anthropic' || arg === '-a') {
           const { loginAnthropic } = await import('../dist/aria-connector/src/anthropic-oauth.js');
@@ -99,7 +127,7 @@ if (command === 'check-update') {
 
         // ── Original harness-license path (preserved) ─────────────────────────
         if (!arg) {
-          console.error("Usage: aria login <token>  |  aria login --anthropic  |  aria login --help");
+          console.error("Usage: aria login <token>  |  aria login --anthropic  |  aria login --owner <master-token>  |  aria login --help");
           process.exit(1);
         }
         const result = await login(arg);

package/dist/aria-connector/src/auth-commands.d.ts

@@ -1,3 +1,5 @@
+/** Separate credential file for owner-mode JWT. Never holds the master token — only the signed JWT issued by /auth/owner. */
+export declare const OWNER_TOKEN_PATH: string;
 interface LoginResult {
     ok: boolean;
     tier?: string;
@@ -5,6 +7,8 @@ interface LoginResult {
     expiresAt?: string;
     /** Set when loginAnthropic() is used instead of the harness license path. */
     anthropic?: boolean;
+    /** Set when --owner path is used; owner JWT stored in ~/.aria/owner-token. */
+    owner?: boolean;
     error?: string;
 }
 interface StatusResult {
@@ -37,6 +41,17 @@ interface RevokeResult {
  * writes license claims to ~/.aria/license.json.
  */
 export declare function login(token: string): Promise<LoginResult>;
+/**
+ * Log in as owner by posting the master token to /auth/owner.
+ * The server validates the master token and returns a signed JWT with
+ * tier:'owner', sub:'hamza'. We persist ONLY that JWT to
+ * ~/.aria/owner-token (mode 0600). The master token is never written
+ * to disk — it flows in memory only for the duration of this call.
+ *
+ * On success the caller can verify owner mode is active by checking
+ * fs.existsSync(OWNER_TOKEN_PATH).
+ */
+export declare function loginOwner(masterToken: string): Promise<LoginResult>;
 export declare function status(): Promise<StatusResult>;
 export declare function logout(): Promise<LogoutResult>;
 export declare function revoke(reason?: string): Promise<RevokeResult>;

package/dist/aria-connector/src/auth-commands.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-commands.d.ts","sourceRoot":"","sources":["../../../src/auth-commands.ts"],"names":[],"mappings":"AAiBA,UAAU,WAAW;IACnB,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,YAAY;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,YAAY;IACpB,EAAE,EAAE,OAAO,CAAC;CACb;AAED,UAAU,YAAY;IACpB,EAAE,EAAE,OAAO,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAoD/D;AAED,wBAAsB,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC,CAmDpD;AAED,wBAAsB,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC,CAUpD;AAED,wBAAsB,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAuBnE"}
+{"version":3,"file":"auth-commands.d.ts","sourceRoot":"","sources":["../../../src/auth-commands.ts"],"names":[],"mappings":"AAQA,6HAA6H;AAC7H,eAAO,MAAM,gBAAgB,QAA+C,CAAC;AAU7E,UAAU,WAAW;IACnB,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,8EAA8E;IAC9E,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,YAAY;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,UAAU,YAAY;IACpB,EAAE,EAAE,OAAO,CAAC;CACb;AAED,UAAU,YAAY;IACpB,EAAE,EAAE,OAAO,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAoD/D;AAED;;;;;;;;;GASG;AACH,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAmC1E;AAED,wBAAsB,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC,CAmDpD;AAED,wBAAsB,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC,CAepD;AAED,wBAAsB,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAuBnE"}

package/dist/aria-connector/src/auth-commands.js

@@ -5,6 +5,8 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { homedir } from 'node:os';
 const LICENSE_PATH = path.join(homedir(), '.aria', 'license.json');
+/** Separate credential file for owner-mode JWT. Never holds the master token — only the signed JWT issued by /auth/owner. */
+export const OWNER_TOKEN_PATH = path.join(homedir(), '.aria', 'owner-token');
 /**
  * Log in to the Aria harness with a license token, OR authenticate via
  * Anthropic's console (browser-paste flow) when token === '--anthropic' or
@@ -69,6 +71,48 @@ export async function login(token) {
         return { ok: false, error: err.message || 'Unexpected error during login' };
     }
 }
+/**
+ * Log in as owner by posting the master token to /auth/owner.
+ * The server validates the master token and returns a signed JWT with
+ * tier:'owner', sub:'hamza'. We persist ONLY that JWT to
+ * ~/.aria/owner-token (mode 0600). The master token is never written
+ * to disk — it flows in memory only for the duration of this call.
+ *
+ * On success the caller can verify owner mode is active by checking
+ * fs.existsSync(OWNER_TOKEN_PATH).
+ */
+export async function loginOwner(masterToken) {
+    const baseUrl = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
+    let response;
+    try {
+        response = await fetch(`${baseUrl}/auth/owner`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                // Master token in Authorization header — never in body or logs.
+                Authorization: `Bearer ${masterToken}`,
+            },
+        });
+    }
+    catch (err) {
+        return { ok: false, error: err.message || 'Network error reaching /auth/owner' };
+    }
+    if (!response.ok) {
+        const errBody = await response.json().catch(() => ({}));
+        return { ok: false, error: errBody.error || `Server returned ${response.status}` };
+    }
+    const body = await response.json();
+    if (!body.ok || !body.token) {
+        return { ok: false, error: body.error || 'Server returned ok=false with no token' };
+    }
+    // Persist the owner JWT (NOT the master token) to ~/.aria/owner-token (0600).
+    const dir = path.dirname(OWNER_TOKEN_PATH);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    fs.writeFileSync(OWNER_TOKEN_PATH, body.token, { mode: 0o600, encoding: 'utf-8' });
+    return { ok: true, owner: true, tier: 'owner' };
+}
 export async function status() {
     try {
         const license = await loadLicense();
@@ -122,6 +166,11 @@ export async function logout() {
         if (fs.existsSync(LICENSE_PATH)) {
             fs.unlinkSync(LICENSE_PATH);
         }
+        // Also clear owner-token when logging out — per spec section 3:
+        // "aria logout deletes it."
+        if (fs.existsSync(OWNER_TOKEN_PATH)) {
+            fs.unlinkSync(OWNER_TOKEN_PATH);
+        }
         return { ok: true };
     }
     catch {

package/dist/aria-connector/src/auth-commands.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-commands.js","sourceRoot":"","sources":["../../../src/auth-commands.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAe,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;AAsCnE;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,KAAa;IACvC,+EAA+E;IAC/E,IAAI,KAAK,KAAK,aAAa,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QAC5C,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAED,+EAA+E;IAC/E,IAAI,CAAC;QACH,8DAA8D;QAC9D,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,wBAAwB,EAAE;gBAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;YACnD,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBACxD,IAAI,EAAE,EAAE,KAAK,EAAE;aAChB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,cAAc,EAAE,CAAC;QAC/D,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,MAAM,GAAkB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QAElD,iDAAiD;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAC9D,IAAI,EAAE,KAAK;YACX,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QAEH,OAAO;YACL,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SACrD,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,+BAA+B,EAAE,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,wBAAwB,EAAE;YACjE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,GAAG,EAAE,EAAE;SACpD,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,iBAAiB;YACjB,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;gBAC/E,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,MAAM,GAAkB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QAElD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YACpD,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,2CAA2C;QAC3C,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;YAC/E,OAAO,EAAE,SAAS,EAAE,UAAU;SAC/B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,kCAAkC;QAClC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,MAAe;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,qBAAqB,EAAE;YAC/D,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,IAAI,2BAA2B,EAAE,SAAS,EAAE,MAAM,EAAE;SAC7F,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,mBAAmB,EAAE,CAAC;QACpE,CAAC;QAED,oBAAoB;QACpB,MAAM,MAAM,EAAE,CAAC;QAEf,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,oCAAoC,EAAE,CAAC;IACnF,CAAC;AACH,CAAC"}
+{"version":3,"file":"auth-commands.js","sourceRoot":"","sources":["../../../src/auth-commands.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAe,MAAM,WAAW,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;AACnE,6HAA6H;AAC7H,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AAwC7E;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,KAAa;IACvC,+EAA+E;IAC/E,IAAI,KAAK,KAAK,aAAa,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QAC5C,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAED,+EAA+E;IAC/E,IAAI,CAAC;QACH,8DAA8D;QAC9D,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,wBAAwB,EAAE;gBAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;YACnD,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBACxD,IAAI,EAAE,EAAE,KAAK,EAAE;aAChB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,cAAc,EAAE,CAAC;QAC/D,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,MAAM,GAAkB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QAElD,iDAAiD;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAC9D,IAAI,EAAE,KAAK;YACX,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QAEH,OAAO;YACL,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SACrD,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,+BAA+B,EAAE,CAAC;IAC9E,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,WAAmB;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;IACnF,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,aAAa,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,gEAAgE;gBAChE,aAAa,EAAE,UAAU,WAAW,EAAE;aACvC;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,oCAAoC,EAAE,CAAC;IACnF,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAG,OAAe,CAAC,KAAK,IAAI,mBAAmB,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;IAC9F,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAkF,CAAC;IAEnH,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,wCAAwC,EAAE,CAAC;IACtF,CAAC;IAED,8EAA8E;IAC9E,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IAEnF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,wBAAwB,EAAE;YACjE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,GAAG,EAAE,EAAE;SACpD,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,iBAAiB;YACjB,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;gBAC/E,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,MAAM,GAAkB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QAElD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YACpD,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,2CAA2C;QAC3C,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;YAC/E,OAAO,EAAE,SAAS,EAAE,UAAU;SAC/B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAC9B,CAAC;QACD,gEAAgE;QAChE,4BAA4B;QAC5B,IAAI,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,kCAAkC;QAClC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,MAAe;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;QAC7D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,qBAAqB,EAAE;YAC/D,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,IAAI,2BAA2B,EAAE,SAAS,EAAE,MAAM,EAAE;SAC7F,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,mBAAmB,EAAE,CAAC;QACpE,CAAC;QAED,oBAAoB;QACpB,MAAM,MAAM,EAAE,CAAC;QAEf,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,oCAAoC,EAAE,CAAC;IACnF,CAAC;AACH,CAAC"}

package/dist/aria-connector/src/harness-client.d.ts

@@ -87,13 +87,6 @@ export declare class HarnessClient {
     private tryExtractError;
     private pushGateLog;
 }
-/**
- * Raw-fetch compatibility shim used by auth-commands.ts.
- * Exposes .get() and .post() that make bare fetch() calls with the
- * configured base URL. Callers receive the native Response object
- * (so they can call .ok, .status, .json() etc. themselves).
- * Paths are absolute from the base URL (e.g. '/api/license/heartbeat').
- */
 export declare const harnessClient: {
     get(path: string, init?: {
         headers?: Record<string, string>;

package/dist/aria-connector/src/harness-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"harness-client.d.ts","sourceRoot":"","sources":["../../../src/harness-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAc,eAAe,EAAuB,MAAM,YAAY,CAAC;AAMnF,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,UAAU,GAAG,OAAO,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,CAAC;IACpE,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,YAAY,CAAC,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGvC,YAAY,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;QACzB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,eAAe,EAAE,MAAM,CAAC;QACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,MAAM,CAAC,EAAE,YAAY,EAAE,CAAC;CACzB;AAED;;;;;;;;;GASG;AAEH,UAAU,oBAAoB;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,YAAY,CAAuC;gBAE/C,OAAO,GAAE,oBAAyB;IAI9C;;;OAGG;YACW,QAAQ;YAQR,YAAY;IAsB1B;;;;;OAKG;IACG,OAAO,CAAC,CAAC,GAAG,OAAO,EACvB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAwF9B;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAI5F;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAI7G;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAM9F,eAAe;YASf,WAAW;CAe1B;AAaD;;;;;;GAMG;AACH,eAAO,MAAM,aAAa;cACd,MAAM,SAAS;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,QAAQ,CAAC;eAOtE,MAAM,SAAS;QAAE,IAAI,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,QAAQ,CAAC;CAQnG,CAAC;AAIF;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAuBhC;AAID;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAiCnE;AAID;;;;GAIG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,OAAO,CAAC,CAW3D;AAID;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAoBpG;AAID;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,KAAK,CAAC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAYlE"}
+{"version":3,"file":"harness-client.d.ts","sourceRoot":"","sources":["../../../src/harness-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAc,eAAe,EAAuB,MAAM,YAAY,CAAC;AAWnF,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,UAAU,GAAG,OAAO,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,CAAC;IACpE,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,YAAY,CAAC,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGvC,YAAY,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;QACzB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,eAAe,EAAE,MAAM,CAAC;QACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,MAAM,CAAC,EAAE,YAAY,EAAE,CAAC;CACzB;AAED;;;;;;;;;GASG;AAEH,UAAU,oBAAoB;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,YAAY,CAAuC;gBAE/C,OAAO,GAAE,oBAAyB;IAI9C;;;OAGG;YACW,QAAQ;YAQR,YAAY;IAsB1B;;;;;OAKG;IACG,OAAO,CAAC,CAAC,GAAG,OAAO,EACvB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAyG9B;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAI5F;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAI7G;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAM9F,eAAe;YASf,WAAW;CAe1B;AA6BD,eAAO,MAAM,aAAa;cACd,MAAM,SAAS;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,QAAQ,CAAC;eAOtE,MAAM,SAAS;QAAE,IAAI,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,QAAQ,CAAC;CAQnG,CAAC;AAIF;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAuBhC;AAID;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAiCnE;AAID;;;;GAIG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,OAAO,CAAC,CAW3D;AAID;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAoBpG;AAID;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,KAAK,CAAC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAYlE"}

package/dist/aria-connector/src/harness-client.js

@@ -1,5 +1,9 @@
 import { loadLicense } from './auth.js';
 import { pushCognitionLog } from './cognition-log.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { homedir } from 'node:os';
+const OWNER_TOKEN_PATH = path.join(homedir(), '.aria', 'owner-token');
 export class HarnessClient {
     baseUrl;
     token = null;
@@ -53,6 +57,23 @@ export class HarnessClient {
         if (token) {
             headers['Authorization'] = `Bearer ${token}`;
         }
+        // Owner mode: if ~/.aria/owner-token exists, attach the owner JWT as the
+        // Authorization header and flag x-aria-owner: true so the server middleware
+        // knows to decode it for req.isOwner. The owner JWT supersedes the license
+        // token for authentication — owner tier has all capabilities.
+        if (fs.existsSync(OWNER_TOKEN_PATH)) {
+            try {
+                const ownerJWT = fs.readFileSync(OWNER_TOKEN_PATH, 'utf-8').trim();
+                if (ownerJWT) {
+                    headers['Authorization'] = `Bearer ${ownerJWT}`;
+                    headers['x-aria-owner'] = 'true';
+                }
+            }
+            catch (err) {
+                // File exists but is unreadable — surface the error, do not silently skip.
+                throw new Error(`Owner token file exists but cannot be read: ${err.message}`);
+            }
+        }
         let response;
         try {
             response = await fetch(`${this.baseUrl}/api/harness${path}`, {
@@ -179,25 +200,35 @@ function getDefaultClient() {
     return _defaultClient;
 }
 /**
- * Raw-fetch compatibility shim used by auth-commands.ts.
- * Exposes .get() and .post() that make bare fetch() calls with the
- * configured base URL. Callers receive the native Response object
- * (so they can call .ok, .status, .json() etc. themselves).
- * Paths are absolute from the base URL (e.g. '/api/license/heartbeat').
+ * Resolve owner-mode headers for the raw shim.
+ * If ~/.aria/owner-token exists and is readable, returns the owner JWT
+ * Authorization header + x-aria-owner flag. Otherwise returns empty object.
+ * Throws on unreadable file (file exists but can't be read) — no silent skip.
  */
+function ownerHeaders() {
+    if (!fs.existsSync(OWNER_TOKEN_PATH))
+        return {};
+    const ownerJWT = fs.readFileSync(OWNER_TOKEN_PATH, 'utf-8').trim();
+    if (!ownerJWT)
+        return {};
+    return {
+        Authorization: `Bearer ${ownerJWT}`,
+        'x-aria-owner': 'true',
+    };
+}
 export const harnessClient = {
     get(path, init) {
         const baseUrl = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
         return fetch(`${baseUrl}${path}`, {
             method: 'GET',
-            headers: { 'Content-Type': 'application/json', ...(init?.headers ?? {}) },
+            headers: { 'Content-Type': 'application/json', ...ownerHeaders(), ...(init?.headers ?? {}) },
         });
     },
     post(path, init) {
         const baseUrl = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
         return fetch(`${baseUrl}${path}`, {
             method: 'POST',
-            headers: { 'Content-Type': 'application/json', ...(init?.headers ?? {}) },
+            headers: { 'Content-Type': 'application/json', ...ownerHeaders(), ...(init?.headers ?? {}) },
             body: init?.body ? JSON.stringify(init.body) : undefined,
         });
     },

package/dist/aria-connector/src/harness-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"harness-client.js","sourceRoot":"","sources":["../../../src/harness-client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AA4DtD,MAAM,OAAO,aAAa;IAChB,OAAO,CAAS;IAChB,KAAK,GAAkB,IAAI,CAAC;IAC5B,YAAY,GAAkC,IAAI,CAAC;IAE3D,YAAY,UAAgC,EAAE;QAC5C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;IACvG,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,QAAQ;QACpB,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC;QAClC,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC;QAEhD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;YACpC,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC;gBAClC,OAAO,IAAI,CAAC,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;QAED,yBAAyB;QACzB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;YACtB,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,MAAc,EACd,IAAY,EACZ,IAAc,EACd,WAAyB;QAEzB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAEpC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,IAAI,EAAE,EAAE;gBAC3D,MAAM;gBACN,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6DAA6D;YAC7D,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,kBAAmB,GAAa,CAAC,OAAO,EAAE;iBACnD,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,8BAA8B;YACpD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;YACzD,GAAW,CAAC,MAAM,GAAG,GAAG,CAAC;YACzB,GAAW,CAAC,IAAI,GAAG,eAAe,CAAC;YACpC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,aAAa,MAAM,EAAE;iBAC9B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;YAC3D,GAAW,CAAC,MAAM,GAAG,GAAG,CAAC;YACzB,GAAW,CAAC,IAAI,GAAG,iBAAiB,CAAC;YACtC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,aAAa,MAAM,EAAE;iBAC9B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC,CAAC;YAC/E,GAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;YACtC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,QAAQ,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE;iBAC7C,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAM,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtC,qCAAqC;QACrC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,WAAW,CAAC;gBACrB,GAAG,WAAW;gBACd,MAAM,EAAE,IAAI;aACb,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACrB,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAc,IAAY,EAAE,WAAyB;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAc,IAAY,EAAE,IAAc,EAAE,WAAyB;QAC7E,OAAO,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAc,IAAY,EAAE,IAAc,EAAE,WAAyB;QAC5E,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,oEAAoE;IAE5D,KAAK,CAAC,eAAe,CAAC,QAAkB;QAC9C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC,UAAU,CAAC;QAC7B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,OAAoB;QAC5C,IAAI,CAAC;YACH,MAAM,gBAAgB,CAAC;gBACrB,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;IACH,CAAC;CACF;AAED,yEAAyE;AACzE,kEAAkE;AAClE,yDAAyD;AAEzD,IAAI,cAAc,GAAyB,IAAI,CAAC;AAEhD,SAAS,gBAAgB;IACvB,IAAI,CAAC,cAAc;QAAE,cAAc,GAAG,IAAI,aAAa,EAAE,CAAC;IAC1D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,GAAG,CAAC,IAAY,EAAE,IAA2C;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACnF,OAAO,KAAK,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC,EAAE;SAC1E,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,IAAY,EAAE,IAA2D;QAC5E,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACnF,OAAO,KAAK,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC,EAAE;YACzE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SACzD,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,yEAAyE;AAEzE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAMlC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,IAAI,GAA4B;YACpC,KAAK,EAAE,WAAW;YAClB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,UAAU;YACjB,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,MAAM,KAAK,OAAO;YAChC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,MAAM;YAC7B,gBAAgB,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;SAC5C,CAAC;QACF,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACxC,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAgB,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACjD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAqB;IACzD,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,IAAI,MAAM,CAAC;IAEjD,IAAI,IAAI,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,uEAAuE;QACvE,sEAAsE;QACtE,qEAAqE;QACrE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM;aACvB,KAAK,EAAE;aACP,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;aACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;aACrB,IAAI,CAAC,MAAM,CAAC,CAAC;QAChB,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,EAAE,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACzE,OAAO,CACL,iCAAiC,KAAK,YAAY,KAAK,YAAY,MAAM,cAAc;YACvF,IAAI,CACL,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO,mBAAmB,MAAM,CAAC,OAAO,EAAE,CAAC;IAE/D,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,OAAO,MAAM,CAAC,MAAM;aACjB,KAAK,EAAE;aACP,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;aACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;aACrB,IAAI,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,yEAAyE;AAEzE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,qEAAqE;QACrE,iDAAiD;QACjD,MAAM,OAAO,GAAY,MAAc,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACtH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,aAAa,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAGpC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAQlC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAe,WAAW,EAAE;YAC1D,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACjD,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;QACxD,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAGpC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,OAAO,GAAY,MAAc,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACtH,MAAM,GAAG,GAAG,GAAG,OAAO,4BAA4B,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QACxG,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAsF,CAAC;QACnH,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}
+{"version":3,"file":"harness-client.js","sourceRoot":"","sources":["../../../src/harness-client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AA4DtE,MAAM,OAAO,aAAa;IAChB,OAAO,CAAS;IAChB,KAAK,GAAkB,IAAI,CAAC;IAC5B,YAAY,GAAkC,IAAI,CAAC;IAE3D,YAAY,UAAgC,EAAE;QAC5C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;IACvG,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,QAAQ;QACpB,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC;QAClC,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC;QAEhD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,sBAAsB;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;YACpC,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC;gBAClC,OAAO,IAAI,CAAC,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;QACjD,CAAC;QAED,yBAAyB;QACzB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;YACtB,OAAO,IAAI,CAAC,KAAK,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CACX,MAAc,EACd,IAAY,EACZ,IAAc,EACd,WAAyB;QAEzB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAEpC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,yEAAyE;QACzE,4EAA4E;QAC5E,2EAA2E;QAC3E,8DAA8D;QAC9D,IAAI,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBACnE,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,QAAQ,EAAE,CAAC;oBAChD,OAAO,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC;gBACnC,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,2EAA2E;gBAC3E,MAAM,IAAI,KAAK,CAAC,+CAAgD,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3F,CAAC;QACH,CAAC;QAED,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,IAAI,EAAE,EAAE;gBAC3D,MAAM;gBACN,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC9C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,6DAA6D;YAC7D,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,kBAAmB,GAAa,CAAC,OAAO,EAAE;iBACnD,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,8BAA8B;YACpD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;YACzD,GAAW,CAAC,MAAM,GAAG,GAAG,CAAC;YACzB,GAAW,CAAC,IAAI,GAAG,eAAe,CAAC;YACpC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,aAAa,MAAM,EAAE;iBAC9B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;YAC3D,GAAW,CAAC,MAAM,GAAG,GAAG,CAAC;YACzB,GAAW,CAAC,IAAI,GAAG,iBAAiB,CAAC;YACtC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,aAAa,MAAM,EAAE;iBAC9B,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACpD,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC,CAAC;YAC/E,GAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;YACtC,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,WAAW,CAAC;oBACrB,GAAG,WAAW;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,QAAQ,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE;iBAC7C,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAM,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtC,qCAAqC;QACrC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,WAAW,CAAC;gBACrB,GAAG,WAAW;gBACd,MAAM,EAAE,IAAI;aACb,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACrB,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAc,IAAY,EAAE,WAAyB;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAc,IAAY,EAAE,IAAc,EAAE,WAAyB;QAC7E,OAAO,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAc,IAAY,EAAE,IAAc,EAAE,WAAyB;QAC5E,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,oEAAoE;IAE5D,KAAK,CAAC,eAAe,CAAC,QAAkB;QAC9C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,OAAO,IAAI,QAAQ,CAAC,UAAU,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC,UAAU,CAAC;QAC7B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,OAAoB;QAC5C,IAAI,CAAC;YACH,MAAM,gBAAgB,CAAC;gBACrB,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;IACH,CAAC;CACF;AAED,yEAAyE;AACzE,kEAAkE;AAClE,yDAAyD;AAEzD,IAAI,cAAc,GAAyB,IAAI,CAAC;AAEhD,SAAS,gBAAgB;IACvB,IAAI,CAAC,cAAc;QAAE,cAAc,GAAG,IAAI,aAAa,EAAE,CAAC;IAC1D,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY;IACnB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAAE,OAAO,EAAE,CAAC;IAChD,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACnE,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,OAAO;QACL,aAAa,EAAE,UAAU,QAAQ,EAAE;QACnC,cAAc,EAAE,MAAM;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,GAAG,CAAC,IAAY,EAAE,IAA2C;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACnF,OAAO,KAAK,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,YAAY,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC,EAAE;SAC7F,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,IAAY,EAAE,IAA2D;QAC5E,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACnF,OAAO,KAAK,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,YAAY,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC,EAAE;YAC5F,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SACzD,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,yEAAyE;AAEzE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAMlC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,IAAI,GAA4B;YACpC,KAAK,EAAE,WAAW;YAClB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,UAAU;YACjB,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,MAAM,KAAK,OAAO;YAChC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,MAAM;YAC7B,gBAAgB,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;SAC5C,CAAC;QACF,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACxC,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAgB,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACjD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAqB;IACzD,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,IAAI,MAAM,CAAC;IAEjD,IAAI,IAAI,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,uEAAuE;QACvE,sEAAsE;QACtE,qEAAqE;QACrE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM;aACvB,KAAK,EAAE;aACP,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;aACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;aACrB,IAAI,CAAC,MAAM,CAAC,CAAC;QAChB,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,EAAE,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,EAAE,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACzE,OAAO,CACL,iCAAiC,KAAK,YAAY,KAAK,YAAY,MAAM,cAAc;YACvF,IAAI,CACL,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO,mBAAmB,MAAM,CAAC,OAAO,EAAE,CAAC;IAE/D,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,OAAO,MAAM,CAAC,MAAM;aACjB,KAAK,EAAE;aACP,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;aACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;aACrB,IAAI,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,yEAAyE;AAEzE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,qEAAqE;QACrE,iDAAiD;QACjD,MAAM,OAAO,GAAY,MAAc,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACtH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,aAAa,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAGpC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAQlC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAe,WAAW,EAAE;YAC1D,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACjD,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;QACxD,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAGpC;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,OAAO,GAAY,MAAc,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,6BAA6B,CAAC;QACtH,MAAM,GAAG,GAAG,GAAG,OAAO,4BAA4B,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QACxG,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAsF,CAAC;QACnH,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/sdk/BUNDLED.json

@@ -1,5 +1,5 @@
 {
-  "bundledAt": "2026-04-27T15:46:30.312Z",
+  "bundledAt": "2026-04-27T16:20:59.869Z",
   "sdkSource": "/home/hamzaibrahim1/rei-ai-brain/harness/packages/harness-http-client/dist",
   "files": 3
 }

package/hooks/aria-pre-tool-gate.mjs

@@ -27,9 +27,9 @@
 // traceable to a gate bug, not a legitimate exception.):
 //   - Trivial-bash whitelist: short read-only commands (ls/cat/grep/etc.)
 //     pass without cognition.
-//   - Set env ARIA_PRE_TOOL_GATE=off to disable globally (kill-switch).
-//     Setting an env var is a deliberate, audit-trailed override —
-//     deliberate enough that it's not the model's reflex.
+//   - No env-var disable path (Hamza 2026-04-27 — env-var kill-switches
+//     gave the gated process a free escape; that was the doctrine
+//     violation). Disable = remove the hook from ~/.claude/settings.json.
 //   - When the gate misfires on legitimate work: fix the gate. The
 //     misfire IS the bug. Don't route around it.
 //
@@ -93,11 +93,11 @@ function audit(decision, summary) {
   } catch {}
 }
 
-// Kill-switch
-if (process.env.ARIA_PRE_TOOL_GATE === 'off') {
-  audit('bypass-killswitch', 'env ARIA_PRE_TOOL_GATE=off');
-  process.exit(0);
-}
+// Env-var kill-switch removed 2026-04-27 per Hamza directive ("those
+// should've been my choice to give you to turn off not free for you to
+// access"). Disable = remove hook entry from ~/.claude/settings.json
+// (deliberate user action). Future: signed-grant override file at
+// ~/.aria/owner-overrides/<hook>.json with HMAC using Hamza-only secret.
 
 // ── Aria-as-commander binding (Layer A — allowedActions/forbiddenActions per active phase) ──
 //
@@ -437,9 +437,10 @@ const cmdPreview = toolName === 'Bash'
   : `${toolName} ${filePath || '(no path)'}`.slice(0, 80);
 
 // V3: per-command bypass removed entirely. The only escape valves are:
-//   (1) Kill-switch env ARIA_PRE_TOOL_GATE=off — handled at top of file
-//   (2) Trivial-bash whitelist — short read-only commands pass without cognition
-// Compliance is the only path for non-trivial work.
+//   (1) Trivial-bash whitelist — short read-only commands pass without cognition
+//   (2) ~/.claude/settings.json hook removal — visible user action Hamza controls
+// No env-var kill-switch (removed 2026-04-27). Compliance is the only path
+// for non-trivial work from the gated process's perspective.
 
 // V2 primary path — inline command cognition. If the command carries
 // 4+ substantive lenses inline, gate passes immediately (still need
@@ -663,7 +664,7 @@ if (matched) {
   axiom: <which harness rule applies>
 </verify>
 
-Re-issue after producing the block. Bypass: '# doctrine-authorized: <reason>' inline. Kill: ARIA_PRE_TOOL_GATE=off.`
+Re-issue after producing the block. Bypass: '# doctrine-authorized: <reason>' inline..`
     : `Aria pre-tool gate: destructive pattern '${matched.name}' has its <verify> block, but the <cognition> block is missing or shows only ${lensCount}/${REQUIRED_LENSES}+ required lenses. Per EIGHT_LENS_DOCTRINE.md every non-trivial action requires visible 8-lens application.
 
 <cognition>
@@ -725,7 +726,7 @@ Both forms count toward the ${REQUIRED_LENSES}+ requirement; gate counts inline
 
 ${guidance}
 
-No per-tool bypass available (v3 doctrine — the harness's whole purpose is no exceptions). Kill-switch: ARIA_PRE_TOOL_GATE=off (logged, emergency only). If the gate misfires on legitimate cognition, fix the gate.`;
+No per-tool bypass available (v3 doctrine — the harness's whole purpose is no exceptions). No env-var disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27. If the gate misfires on legitimate cognition, fix the gate.`;
 
   audit(`block ${toolName.toLowerCase()} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} missing cognition (${lensCount}/${REQUIRED_LENSES})`);
@@ -756,7 +757,7 @@ OR inline within an existing lens:
 
 Acceptable resolution markers: 'discoveries:' / 'addressing:' / 'fixing:' / 'TaskCreate' / 'tracked as #N' / 'linear issue' / 'fix-now' / 'same-turn fix'.
 
-Bypass: ARIA_PRE_TOOL_GATE=off (logged, emergency only). If gate misfires on legitimate cognition, fix the gate.`;
+No env-var disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27. If gate misfires on legitimate cognition, fix the gate.`;
 
   audit(`block-discovery-unresolved ${toolName.toLowerCase()}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} cognition has unresolved discovery`);

package/hooks/aria-preprompt-consult.mjs

@@ -37,7 +37,9 @@
 // killed and Claude proceeds without the direction. Real-error driven,
 // no graceful-degradation rituals.
 //
-// Kill-switch: ARIA_PREPROMPT_CONSULT=off env (logged, emergency only).
+// No env-var kill-switch (Hamza 2026-04-27 — env-var disable paths gave
+// the gated process free escape access; that was the doctrine violation).
+// Disable = remove hook entry from ~/.claude/settings.json.
 //
 // BINDING MODE (Hamza 2026-04-27 + Aria emergency consult):
 //   When env ARIA_BINDING_ENABLED=true, this hook upgrades from advisory
@@ -112,11 +114,8 @@ function activePlanPath(sid) {
   return `${HOME}/.claude/aria-active-plan-${String(sid || 'unknown').replace(/[^a-zA-Z0-9_-]/g, '_')}.json`;
 }
 
-// Kill-switch
-if (process.env.ARIA_PREPROMPT_CONSULT === 'off') {
-  audit('skip-killswitch', 'env ARIA_PREPROMPT_CONSULT=off');
-  process.exit(0);
-}
+// Env-var kill-switch removed 2026-04-27 per Hamza directive — gated
+// process has no disable path. Disable = settings.json hook removal.
 
 // Read event JSON from stdin
 let input = '';

package/hooks/aria-preturn-memory-gate.mjs

@@ -37,12 +37,9 @@ const GATE_LOG = `${HOME}/.claude/aria-preturn-memory-gate.log`;
 // Turn-state dir is the same ~/.claude/ home as all other aria state files
 const CLAUDE_DIR = `${HOME}/.claude`;
 
-// Kill-switch — deliberate, audit-trailed override only. Per doctrine: if the
-// gate misfires on legitimate work, fix the gate. Don't route around it.
-if (process.env.ARIA_PRETURN_MEMORY_GATE === 'off') {
-  auditLog('bypass-killswitch', 'env ARIA_PRETURN_MEMORY_GATE=off', 'unknown');
-  process.exit(0);
-}
+// Env-var kill-switch removed 2026-04-27 per Hamza directive ("those
+// should've been my choice to give you to turn off not free for you to
+// access"). Disable = remove hook entry from ~/.claude/settings.json.
 
 // ── Audit log ─────────────────────────────────────────────────────────
 function auditLog(decision, summary, sessionId) {

package/hooks/aria-stop-gate.mjs

@@ -35,7 +35,16 @@
 //   - <placeholder> template values don't count
 //
 // No bypass mechanism — same v3 doctrine as the PreToolUse gate.
-// Kill-switch: ARIA_STOP_GATE=off (env, audit-logged).
+//
+// Hamza 2026-04-27 ("those should've been my choice to give you to turn
+// off not free for you to access"): the env-var kill-switches I authored
+// (ARIA_STOP_GATE=off, ARIA_OUTPUT_QC_ENABLED=false) gave the gated
+// process free disable-access. That was the doctrine violation. Stripped.
+// To genuinely disable in emergency, Hamza removes the hook entry from
+// ~/.claude/settings.json — a visible, auditable user action he controls,
+// not a process-level escape.
+// Future: signed-grant override mechanism at ~/.aria/owner-overrides/<hook>.json
+// with HMAC signature using a secret only Hamza holds. Deferred to next session.
 
 import { readFileSync, appendFileSync, existsSync, mkdirSync } from 'node:fs';
 import { dirname } from 'node:path';
@@ -65,6 +74,47 @@ async function loadSdkClass() {
   return null;
 }
 
+// Phase 11 #42 — fire-and-forget gardenTurn after every allow decision.
+// Writes the completed turn to the harness control-plane garden so the
+// next turn's pulse auto-injection carries this turn's content. Without
+// this write the pulse is one turn stale (the core defect #42 closes).
+//
+// Per feedback_no_graceful_degradation.md: errors must be logged to the
+// audit file, NOT silently swallowed. Per feedback_no_timeouts_doctrine.md:
+// no AbortSignal.timeout — the SDK already has retry + backoff. The caller
+// passes in a userMessage string (extracted from the transcript at the
+// turn boundary). If extraction failed the empty string is passed — the
+// garden write records the assistant emit at minimum.
+async function fireGardenTurn(sessionId, userMessage, assistantResponse) {
+  const harnessUrl = process.env.ARIA_HARNESS_URL || 'https://harness.ariasos.com';
+  const harnessToken = process.env.ARIA_HARNESS_TOKEN || '';
+  if (!harnessToken) {
+    audit('garden-turn-skip', `no ARIA_HARNESS_TOKEN — turn not written to harness pulse`);
+    return;
+  }
+  const Cls = await loadSdkClass();
+  if (!Cls) {
+    audit('garden-turn-skip', `sdk not available — turn not written to harness pulse`);
+    return;
+  }
+  try {
+    const sdkClient = new Cls({
+      baseUrl: harnessUrl,
+      apiKey: harnessToken,
+      harnessPacketUrl: `${harnessUrl}/api/harness/codex`,
+    });
+    await sdkClient.gardenTurn(
+      sessionId,
+      userMessage,
+      assistantResponse,
+    );
+    audit('garden-turn-ok', `session=${sessionId} chars=${assistantResponse.length}`);
+  } catch (err) {
+    // Logged — not silent. Per feedback_no_graceful_degradation.md.
+    audit('garden-turn-err', `session=${sessionId} err=${(err?.message || String(err)).slice(0, 200)}`);
+  }
+}
+
 function audit(decision, summary) {
   try {
     if (!existsSync(dirname(LOG))) mkdirSync(dirname(LOG), { recursive: true });
@@ -72,11 +122,10 @@ function audit(decision, summary) {
   } catch {}
 }
 
-// Kill-switch
-if (process.env.ARIA_STOP_GATE === 'off') {
-  audit('bypass-killswitch', 'env ARIA_STOP_GATE=off');
-  process.exit(0);
-}
+// Env-var kill-switch removed 2026-04-27 per Hamza directive ("those
+// should've been my choice to give you to turn off not free for you to
+// access"). The gated process has no disable path. Disable = remove hook
+// entry from ~/.claude/settings.json (deliberate user action, visible).
 
 // Lens substance check — same constants as aria-pre-tool-gate.mjs
 const LENS_NAMES = ['nur', 'mizan', 'hikma', 'tafakkur', 'tadabbur', 'ilham', 'wahi', 'firasah'];
@@ -145,6 +194,8 @@ const SYSTEM_REMINDER_THRESHOLD = 0.6;
 
 const transcriptPath = event.transcript_path ?? event.transcriptPath;
 let assistantText = '';
+// Phase 11 #42: also capture the last real user message for gardenTurn writes.
+let lastUserMessage = '';
 if (transcriptPath && existsSync(transcriptPath)) {
   try {
     const lines = readFileSync(transcriptPath, 'utf-8').split('\n').filter(Boolean);
@@ -172,7 +223,8 @@ if (transcriptPath && existsSync(transcriptPath)) {
               if (fraction >= SYSTEM_REMINDER_THRESHOLD) continue;
             }
           }
-          // Real user message — that's the turn boundary.
+          // Real user message — that's the turn boundary. Capture it for gardenTurn.
+          if (!lastUserMessage && textContent) lastUserMessage = textContent;
           break;
         }
         if (role !== 'assistant') continue;
@@ -199,6 +251,8 @@ if (!assistantText) {
 const trimmed = assistantText.trim();
 if (TRIVIAL_ACK_RX.test(trimmed)) {
   audit('allow-trivial-ack', `chars=${trimmed.length}`);
+  // Phase 11 #42: fire-and-forget gardenTurn even for trivial acks — pulse must be current.
+  await fireGardenTurn(event.session_id || 'claude-code', lastUserMessage, assistantText);
   process.exit(0);
 }
 
@@ -208,6 +262,8 @@ const triggered = isLong || hasDecisionSignal;
 
 if (!triggered) {
   audit('allow-trivial', `chars=${assistantText.length} hasDecision=${hasDecisionSignal}`);
+  // Phase 11 #42: fire-and-forget gardenTurn — pulse must be current even for short turns.
+  await fireGardenTurn(event.session_id || 'claude-code', lastUserMessage, assistantText);
   process.exit(0);
 }
 
@@ -246,9 +302,11 @@ if (cog.count >= REQUIRED_LENSES) {
   // these output-quality checks since they're typically yes/no acks where
   // pattern-match would false-positive.
   const OUTPUT_QC_MIN_CHARS = 200;
-  const OUTPUT_QC_ENABLED = (process.env.ARIA_OUTPUT_QC_ENABLED || 'true').toLowerCase() !== 'false';
+  // ARIA_OUTPUT_QC_ENABLED env-var bypass removed 2026-04-27 per Hamza
+  // directive — gated process has no disable path. The min-chars threshold
+  // remains as a triviality filter only.
 
-  if (OUTPUT_QC_ENABLED && assistantText.length >= OUTPUT_QC_MIN_CHARS) {
+  if (assistantText.length >= OUTPUT_QC_MIN_CHARS) {
     // 1. Drift_guard pattern scan — fast, local, deterministic.
     //
     // Trigger map is shipped in the connector bundle. Resolution order:
@@ -644,7 +702,7 @@ if (cog.count >= REQUIRED_LENSES) {
       }
       const rewritten = mizanVerdict?.rewritten || '';
 
-      const reason = `Aria Stop-gate output-quality block. Cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates:\n\n${violations.join('\n\n')}${rewritten ? `\n\nMizan rewrite suggestion:\n${rewritten}` : ''}\n\nRe-draft addressing the violations above. ARIA_OUTPUT_QC_ENABLED=false to disable in emergency (logged).`;
+      const reason = `Aria Stop-gate output-quality block. Cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates:\n\n${violations.join('\n\n')}${rewritten ? `\n\nMizan rewrite suggestion:\n${rewritten}` : ''}\n\nRe-draft addressing the violations above. No process-level disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27.`;
 
       audit(`block-output-qc`, `mizan=${mizanBlock?'y':'n'} warn-reflect=${compelReflection?'y':'n'} drift=${driftHits.length} code=${codeQualityHits.length} discoveries-open=${ledgerOpenCount}`);
       console.log(JSON.stringify({ decision: 'block', reason }));
@@ -656,11 +714,15 @@ if (cog.count >= REQUIRED_LENSES) {
       `mizan=${mizanVerdict ? mizanVerdict.severity : `unavailable(${mizanError || 'unknown'})`} ` +
       `code=${codeQualityHits.length} discoveries-new=${newDiscoveries.length} ` +
       `discoveries-open=${ledgerOpenCount}`);
+    // Phase 11 #42: write this turn to harness garden pulse on allow-output-qc path.
+    await fireGardenTurn(event.session_id || 'claude-code', lastUserMessage, assistantText);
   } else {
     audit('allow-cognition',
       `lenses=${cog.count} chars=${assistantText.length} ` +
       `qPatt=${hasQuestionToUser ? 'y' : 'n'} substrateEv=${hasSubstrateEvidence ? 'y' : 'n'} ` +
       (questionWithoutEvidence ? 'WARN-question-without-substrate' : 'ok'));
+    // Phase 11 #42: write this turn to harness garden pulse on allow-cognition path.
+    await fireGardenTurn(event.session_id || 'claude-code', lastUserMessage, assistantText);
   }
   process.exit(0);
 }
@@ -683,7 +745,7 @@ Re-emit the response with substantive lens application BEFORE drafting. Each len
 
 The block reflects work done BEFORE drafting. Don't emit it as ceremony; apply each lens as a thinking tool. Substance check defeats ritual emission.
 
-No per-command bypass (mirrors aria-pre-tool-gate.mjs v3 doctrine). Kill-switch: ARIA_STOP_GATE=off env (logged, emergency only). If the gate misfires on legitimate cognition, fix the gate.`;
+No per-command bypass (mirrors aria-pre-tool-gate.mjs v3 doctrine). No env-var disable path either — gates are unconditional from the gated process per Hamza directive 2026-04-27. If the gate misfires on legitimate cognition, fix the gate.`;
 
 audit(`block`, `lenses=${cog.count}/${REQUIRED_LENSES} chars=${assistantText.length}`);
 console.log(JSON.stringify({ decision: 'block', reason }));

package/hooks/aria-trigger-autolearn.mjs

@@ -27,7 +27,9 @@
 // purely additive — its absence doesn't break correctness, just slows
 // learning.
 //
-// Kill-switch: ARIA_AUTOLEARN=off env (logged, emergency only).
+// No env-var kill-switch (Hamza 2026-04-27 — env-var disable paths gave
+// the gated process free escape; doctrine violation). Disable = remove
+// hook entry from ~/.claude/settings.json.
 
 import { appendFileSync, existsSync, mkdirSync, readFileSync } from 'node:fs';
 import { dirname } from 'node:path';
@@ -44,10 +46,7 @@ function audit(decision, summary) {
 }
 
 // Kill-switch
-if (process.env.ARIA_AUTOLEARN === 'off') {
-  audit('skip-killswitch', 'env ARIA_AUTOLEARN=off');
-  process.exit(0);
-}
+// Env-var kill-switch removed 2026-04-27 per Hamza directive.
 
 // Read event JSON from stdin
 let input = '';

package/hooks/aria-userprompt-abandon-detect.mjs

@@ -27,7 +27,9 @@
 // Non-blocking — UserPromptSubmit hooks don't block the user's prompt.
 // Audit-only surface; the orchestrator decides what to do with the warning.
 //
-// Kill-switch: ARIA_ABANDON_DETECT=off env (logged).
+// No env-var kill-switch (Hamza 2026-04-27 — env-var disable paths gave
+// the gated process free escape; doctrine violation). Disable = remove
+// hook entry from ~/.claude/settings.json.
 
 import { appendFileSync, existsSync, mkdirSync, readFileSync } from 'node:fs';
 import { dirname } from 'node:path';
@@ -42,10 +44,7 @@ function audit(decision, summary) {
   } catch {}
 }
 
-if (process.env.ARIA_ABANDON_DETECT === 'off') {
-  audit('skip-killswitch', 'env ARIA_ABANDON_DETECT=off');
-  process.exit(0);
-}
+// Env-var kill-switch removed 2026-04-27 per Hamza directive.
 
 let input = '';
 for await (const chunk of process.stdin) input += chunk;
@@ -125,7 +124,11 @@ for (const phase of plan.phases) {
 }
 
 const overlap = [...promptTokens].filter((t) => phaseKeywordsSet.has(t));
-const OVERLAP_THRESHOLD = Number(process.env.ARIA_ABANDON_THRESHOLD || '1');
+// Threshold default raised to 2 per Aria consult 2026-04-27 — single-keyword
+// match fires too often on benign intent shifts (especially in exploratory
+// sessions); 2 filters noise while still catching genuine abandonment before
+// drift compounds.
+const OVERLAP_THRESHOLD = Number(process.env.ARIA_ABANDON_THRESHOLD || '2');
 const isAbandonment = overlap.length < OVERLAP_THRESHOLD;
 
 if (!isAbandonment) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aria_asi/cli",
-  "version": "0.2.13",
+  "version": "0.2.15",
   "description": "Aria Smart CLI — the world's first harness-powered terminal companion",
   "bin": {
     "aria": "./bin/aria.js"

package/src/__tests__/owner-login.test.ts

@@ -0,0 +1,281 @@
+/**
+ * Smoke test — Phase 11 #25 owner-login mode
+ *
+ * Verifies the end-to-end owner-mode flow with mocked network:
+ *   1. loginOwner() writes ~/.aria/owner-token with mode 0600.
+ *   2. Subsequent harness requests include x-aria-owner: true.
+ *   3. ownerMiddleware logic: valid JWT → isOwner=true; invalid → 401.
+ *   4. /api/admin/state returns 501 when authed; 401 when not.
+ *
+ * No real network calls — fetch is mocked globally.
+ * No real FS writes beyond the tmp owner-token path (cleaned up in afterEach).
+ */
+
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as crypto from 'node:crypto';
+
+// ── Isolate the owner-token path to a temp dir so we don't pollute ~/.aria ──
+const TEST_ARIA_DIR = path.join(os.tmpdir(), `aria-owner-test-${process.pid}`);
+const TEST_OWNER_TOKEN_PATH = path.join(TEST_ARIA_DIR, 'owner-token');
+
+// We need to mock the OWNER_TOKEN_PATH used in the modules under test.
+// Because the path is derived from homedir() at module load time, we intercept
+// via jest.mock on the 'node:os' module to redirect homedir to our temp dir.
+jest.mock('node:os', () => ({
+  ...jest.requireActual('node:os'),
+  homedir: () => TEST_ARIA_DIR,
+}));
+
+// Mock fetch globally — no real network calls in unit tests.
+const mockFetch = jest.fn();
+global.fetch = mockFetch as any;
+
+// Import under test AFTER mocks are established.
+import { loginOwner, logout, OWNER_TOKEN_PATH } from '../auth-commands';
+
+const JWT_SECRET = 'arya-hq-jwt-secret-2026-reinationwide';
+
+/** Build a valid owner JWT signed with the default HQ_JWT_SECRET. */
+function buildOwnerJWT(overrides: { sub?: string; tier?: string; exp?: number } = {}): string {
+  const header = Buffer.from(JSON.stringify({ alg: 'HS256', typ: 'JWT' })).toString('base64url');
+  const now = Math.floor(Date.now() / 1000);
+  const payload = Buffer.from(
+    JSON.stringify({
+      sub: overrides.sub ?? 'hamza',
+      tier: overrides.tier ?? 'owner',
+      iat: now,
+      exp: overrides.exp ?? now + 365 * 24 * 3600,
+    }),
+  ).toString('base64url');
+  const sig = crypto
+    .createHmac('sha256', JWT_SECRET)
+    .update(`${header}.${payload}`)
+    .digest('base64url');
+  return `${header}.${payload}.${sig}`;
+}
+
+beforeAll(() => {
+  if (!fs.existsSync(TEST_ARIA_DIR)) {
+    fs.mkdirSync(TEST_ARIA_DIR, { recursive: true, mode: 0o700 });
+  }
+});
+
+afterEach(() => {
+  jest.clearAllMocks();
+  // Clean up owner-token between tests.
+  try { fs.unlinkSync(TEST_OWNER_TOKEN_PATH); } catch {}
+});
+
+afterAll(() => {
+  // Remove temp dir.
+  try { fs.rmSync(TEST_ARIA_DIR, { recursive: true, force: true }); } catch {}
+});
+
+// ── 1. loginOwner() writes ~/.aria/owner-token with mode 0600 ──────────────
+
+describe('loginOwner()', () => {
+  it('writes owner-token with mode 0600 on success', async () => {
+    const ownerJWT = buildOwnerJWT();
+    mockFetch.mockResolvedValueOnce({
+      ok: true,
+      json: async () => ({ ok: true, token: ownerJWT, tier: 'owner', sub: 'hamza' }),
+    });
+
+    const result = await loginOwner('valid-master-token');
+
+    expect(result.ok).toBe(true);
+    expect(result.owner).toBe(true);
+    expect(result.tier).toBe('owner');
+
+    // File must exist.
+    expect(fs.existsSync(OWNER_TOKEN_PATH)).toBe(true);
+
+    // File content must be the JWT.
+    const stored = fs.readFileSync(OWNER_TOKEN_PATH, 'utf-8').trim();
+    expect(stored).toBe(ownerJWT);
+
+    // File permissions must be 0600.
+    const stat = fs.statSync(OWNER_TOKEN_PATH);
+    // mode & 0o777 masks the file-type bits, leaving only permission bits.
+    expect(stat.mode & 0o777).toBe(0o600);
+  });
+
+  it('returns error when server returns 401', async () => {
+    mockFetch.mockResolvedValueOnce({
+      ok: false,
+      status: 401,
+      json: async () => ({ ok: false, error: 'Invalid master token' }),
+    });
+
+    const result = await loginOwner('bad-master-token');
+
+    expect(result.ok).toBe(false);
+    expect(result.error).toBe('Invalid master token');
+    expect(fs.existsSync(OWNER_TOKEN_PATH)).toBe(false);
+  });
+
+  it('returns error on network failure', async () => {
+    mockFetch.mockRejectedValueOnce(new Error('ECONNREFUSED'));
+
+    const result = await loginOwner('some-token');
+
+    expect(result.ok).toBe(false);
+    expect(result.error).toContain('ECONNREFUSED');
+    expect(fs.existsSync(OWNER_TOKEN_PATH)).toBe(false);
+  });
+
+  it('posts to /auth/owner with Authorization header (master token never in body)', async () => {
+    const ownerJWT = buildOwnerJWT();
+    mockFetch.mockResolvedValueOnce({
+      ok: true,
+      json: async () => ({ ok: true, token: ownerJWT }),
+    });
+
+    await loginOwner('super-secret-master');
+
+    const [url, init] = mockFetch.mock.calls[0];
+    expect(url).toContain('/auth/owner');
+    expect(init.headers['Authorization']).toBe('Bearer super-secret-master');
+    // Body must be empty (master token not in body).
+    expect(init.body).toBeUndefined();
+  });
+});
+
+// ── 2. logout() deletes owner-token ────────────────────────────────────────
+
+describe('logout()', () => {
+  it('deletes owner-token on logout', async () => {
+    fs.writeFileSync(OWNER_TOKEN_PATH, 'some-jwt', { mode: 0o600 });
+    expect(fs.existsSync(OWNER_TOKEN_PATH)).toBe(true);
+
+    const result = await logout();
+
+    expect(result.ok).toBe(true);
+    expect(fs.existsSync(OWNER_TOKEN_PATH)).toBe(false);
+  });
+
+  it('succeeds even when owner-token does not exist', async () => {
+    expect(fs.existsSync(OWNER_TOKEN_PATH)).toBe(false);
+    const result = await logout();
+    expect(result.ok).toBe(true);
+  });
+});
+
+// ── 3. ownerMiddleware JWT validation logic (unit-tested inline) ────────────
+// The middleware lives in server.ts (Express runtime). We test the JWT
+// verification logic directly here — same HMAC-HS256 algorithm.
+
+describe('owner JWT verification logic', () => {
+  function verifyOwnerJWT(
+    token: string,
+    secret: string = JWT_SECRET,
+  ): { valid: boolean; claims?: { sub?: string; tier?: string; exp?: number }; reason?: string } {
+    try {
+      const parts = token.split('.');
+      if (parts.length !== 3) return { valid: false, reason: 'wrong part count' };
+      const [headerB64, payloadB64, sigB64] = parts;
+      const expectedSig = crypto
+        .createHmac('sha256', secret)
+        .update(`${headerB64}.${payloadB64}`)
+        .digest('base64url');
+      if (sigB64 !== expectedSig) return { valid: false, reason: 'signature mismatch' };
+      const claims = JSON.parse(Buffer.from(payloadB64, 'base64url').toString('utf-8'));
+      if (claims.exp && claims.exp < Math.floor(Date.now() / 1000)) {
+        return { valid: false, reason: 'expired' };
+      }
+      return { valid: true, claims };
+    } catch (e) {
+      return { valid: false, reason: String(e) };
+    }
+  }
+
+  it('validates a well-formed owner JWT with tier:owner sub:hamza', () => {
+    const jwt = buildOwnerJWT();
+    const result = verifyOwnerJWT(jwt);
+    expect(result.valid).toBe(true);
+    expect(result.claims?.tier).toBe('owner');
+    expect(result.claims?.sub).toBe('hamza');
+  });
+
+  it('rejects a JWT with wrong secret', () => {
+    const jwt = buildOwnerJWT();
+    const result = verifyOwnerJWT(jwt, 'wrong-secret');
+    expect(result.valid).toBe(false);
+    expect(result.reason).toContain('signature');
+  });
+
+  it('rejects an expired JWT', () => {
+    const expiredJWT = buildOwnerJWT({ exp: Math.floor(Date.now() / 1000) - 3600 });
+    const result = verifyOwnerJWT(expiredJWT);
+    expect(result.valid).toBe(false);
+    expect(result.reason).toBe('expired');
+  });
+
+  it('middleware logic: rejects when tier is owner but sub is not hamza (defense-in-depth)', () => {
+    const jwt = buildOwnerJWT({ sub: 'eve', tier: 'owner' });
+    const result = verifyOwnerJWT(jwt);
+    // JWT itself is valid — the middleware must ALSO check sub === 'hamza'.
+    expect(result.valid).toBe(true);
+    expect(result.claims?.sub).not.toBe('hamza');
+    // Simulate middleware check:
+    const isOwner = result.valid && result.claims?.tier === 'owner' && result.claims?.sub === 'hamza';
+    expect(isOwner).toBe(false);
+  });
+});
+
+// ── 4. Admin route gate behavior (simulated) ───────────────────────────────
+// The actual Express handler for /api/admin/state lives in api/admin/state.ts.
+// We test its exported function directly to verify 401/501 behavior.
+
+describe('admin/state handler gate', () => {
+  let handler: (req: any, res: any) => any;
+
+  beforeAll(async () => {
+    // Import the handler directly — no Express middleware chain needed.
+    const mod = await import('../../apps/arias-soul/api/admin/state.ts').catch(() => null);
+    if (!mod) {
+      // If cross-package import fails in this test runner, use a local re-implementation
+      // of the gate logic to verify the contract.
+      handler = (req, res) => {
+        if (!req.isOwner) {
+          return res.status(401).json({ ok: false, error: 'owner token required' });
+        }
+        return res.status(501).json({ ok: false, error: 'Not implemented — Phase 11 #25 follow-up task' });
+      };
+    } else {
+      handler = mod.default;
+    }
+  });
+
+  it('returns 401 when isOwner is falsy', () => {
+    const req = { isOwner: false } as any;
+    const res = {
+      _status: 0,
+      _body: null as any,
+      status(code: number) { this._status = code; return this; },
+      json(body: any) { this._body = body; return this; },
+    };
+    handler(req, res);
+    expect(res._status).toBe(401);
+    expect(res._body.error).toContain('owner token required');
+  });
+
+  it('returns 501 with TODO body when isOwner is true', () => {
+    const req = { isOwner: true } as any;
+    const res = {
+      _status: 0,
+      _body: null as any,
+      status(code: number) { this._status = code; return this; },
+      json(body: any) { this._body = body; return this; },
+    };
+    handler(req, res);
+    expect(res._status).toBe(501);
+    expect(res._body.ok).toBe(false);
+    expect(res._body.error).toContain('Not implemented');
+    // Must have TODO body, not silently no-op.
+    expect(res._body.todo).toBeDefined();
+    expect(res._body.todo.description).toBeTruthy();
+  });
+});

package/src/auth-commands.ts

@@ -6,6 +6,8 @@ import * as path from 'node:path';
 import { homedir } from 'node:os';
 
 const LICENSE_PATH = path.join(homedir(), '.aria', 'license.json');
+/** Separate credential file for owner-mode JWT. Never holds the master token — only the signed JWT issued by /auth/owner. */
+export const OWNER_TOKEN_PATH = path.join(homedir(), '.aria', 'owner-token');
 
 interface LicenseClaims {
   jti: string;
@@ -22,6 +24,8 @@ interface LoginResult {
   expiresAt?: string;
   /** Set when loginAnthropic() is used instead of the harness license path. */
   anthropic?: boolean;
+  /** Set when --owner path is used; owner JWT stored in ~/.aria/owner-token. */
+  owner?: boolean;
   error?: string;
 }
 
@@ -111,6 +115,53 @@ export async function login(token: string): Promise<LoginResult> {
   }
 }
 
+/**
+ * Log in as owner by posting the master token to /auth/owner.
+ * The server validates the master token and returns a signed JWT with
+ * tier:'owner', sub:'hamza'. We persist ONLY that JWT to
+ * ~/.aria/owner-token (mode 0600). The master token is never written
+ * to disk — it flows in memory only for the duration of this call.
+ *
+ * On success the caller can verify owner mode is active by checking
+ * fs.existsSync(OWNER_TOKEN_PATH).
+ */
+export async function loginOwner(masterToken: string): Promise<LoginResult> {
+  const baseUrl = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
+  let response: Response;
+  try {
+    response = await fetch(`${baseUrl}/auth/owner`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        // Master token in Authorization header — never in body or logs.
+        Authorization: `Bearer ${masterToken}`,
+      },
+    });
+  } catch (err: any) {
+    return { ok: false, error: err.message || 'Network error reaching /auth/owner' };
+  }
+
+  if (!response.ok) {
+    const errBody = await response.json().catch(() => ({}));
+    return { ok: false, error: (errBody as any).error || `Server returned ${response.status}` };
+  }
+
+  const body = await response.json() as { ok: boolean; token?: string; tier?: string; sub?: string; error?: string };
+
+  if (!body.ok || !body.token) {
+    return { ok: false, error: body.error || 'Server returned ok=false with no token' };
+  }
+
+  // Persist the owner JWT (NOT the master token) to ~/.aria/owner-token (0600).
+  const dir = path.dirname(OWNER_TOKEN_PATH);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+  fs.writeFileSync(OWNER_TOKEN_PATH, body.token, { mode: 0o600, encoding: 'utf-8' });
+
+  return { ok: true, owner: true, tier: 'owner' };
+}
+
 export async function status(): Promise<StatusResult> {
   try {
     const license = await loadLicense();
@@ -169,6 +220,11 @@ export async function logout(): Promise<LogoutResult> {
     if (fs.existsSync(LICENSE_PATH)) {
       fs.unlinkSync(LICENSE_PATH);
     }
+    // Also clear owner-token when logging out — per spec section 3:
+    // "aria logout deletes it."
+    if (fs.existsSync(OWNER_TOKEN_PATH)) {
+      fs.unlinkSync(OWNER_TOKEN_PATH);
+    }
     return { ok: true };
   } catch {
     // Best-effort; file may not exist

package/src/harness-client.ts

@@ -1,6 +1,11 @@
 import type { AuthConfig, HarnessResponse, HarnessGateDecision } from './types.js';
 import { loadLicense } from './auth.js';
 import { pushCognitionLog } from './cognition-log.js';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { homedir } from 'node:os';
+
+const OWNER_TOKEN_PATH = path.join(homedir(), '.aria', 'owner-token');
 
 // ── Public types ──────────────────────────────────────────────────────
 
@@ -125,6 +130,23 @@ export class HarnessClient {
       headers['Authorization'] = `Bearer ${token}`;
     }
 
+    // Owner mode: if ~/.aria/owner-token exists, attach the owner JWT as the
+    // Authorization header and flag x-aria-owner: true so the server middleware
+    // knows to decode it for req.isOwner. The owner JWT supersedes the license
+    // token for authentication — owner tier has all capabilities.
+    if (fs.existsSync(OWNER_TOKEN_PATH)) {
+      try {
+        const ownerJWT = fs.readFileSync(OWNER_TOKEN_PATH, 'utf-8').trim();
+        if (ownerJWT) {
+          headers['Authorization'] = `Bearer ${ownerJWT}`;
+          headers['x-aria-owner'] = 'true';
+        }
+      } catch (err) {
+        // File exists but is unreadable — surface the error, do not silently skip.
+        throw new Error(`Owner token file exists but cannot be read: ${(err as Error).message}`);
+      }
+    }
+
     let response: Response;
     try {
       response = await fetch(`${this.baseUrl}/api/harness${path}`, {
@@ -263,25 +285,34 @@ function getDefaultClient(): HarnessClient {
 }
 
 /**
- * Raw-fetch compatibility shim used by auth-commands.ts.
- * Exposes .get() and .post() that make bare fetch() calls with the
- * configured base URL. Callers receive the native Response object
- * (so they can call .ok, .status, .json() etc. themselves).
- * Paths are absolute from the base URL (e.g. '/api/license/heartbeat').
+ * Resolve owner-mode headers for the raw shim.
+ * If ~/.aria/owner-token exists and is readable, returns the owner JWT
+ * Authorization header + x-aria-owner flag. Otherwise returns empty object.
+ * Throws on unreadable file (file exists but can't be read) — no silent skip.
  */
+function ownerHeaders(): Record<string, string> {
+  if (!fs.existsSync(OWNER_TOKEN_PATH)) return {};
+  const ownerJWT = fs.readFileSync(OWNER_TOKEN_PATH, 'utf-8').trim();
+  if (!ownerJWT) return {};
+  return {
+    Authorization: `Bearer ${ownerJWT}`,
+    'x-aria-owner': 'true',
+  };
+}
+
 export const harnessClient = {
   get(path: string, init?: { headers?: Record<string, string> }): Promise<Response> {
     const baseUrl = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
     return fetch(`${baseUrl}${path}`, {
       method: 'GET',
-      headers: { 'Content-Type': 'application/json', ...(init?.headers ?? {}) },
+      headers: { 'Content-Type': 'application/json', ...ownerHeaders(), ...(init?.headers ?? {}) },
     });
   },
   post(path: string, init?: { body?: unknown; headers?: Record<string, string> }): Promise<Response> {
     const baseUrl = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
     return fetch(`${baseUrl}${path}`, {
       method: 'POST',
-      headers: { 'Content-Type': 'application/json', ...(init?.headers ?? {}) },
+      headers: { 'Content-Type': 'application/json', ...ownerHeaders(), ...(init?.headers ?? {}) },
       body: init?.body ? JSON.stringify(init.body) : undefined,
     });
   },