@aria_asi/cli 0.2.24 → 0.2.26

package/hooks/aria-discovery-record.mjs

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+// aria-discovery-record.mjs — invoked by sub-agents via Bash to append findings
+// to their session ledger. Usage:
+//   echo '{"text":"defect found...","kind":"missing-export","refs":["file.ts:42"]}' | node ~/.claude/hooks/aria-discovery-record.mjs
+//
+// Tier-aware: client tier writes to /var/lib/aria-licensee/{jti}/aria-discoveries-{session}.jsonl,
+// owner tier writes to ~/.claude/aria-discoveries-{session}.jsonl.
+//
+// Session ID resolution priority:
+//   1. CLAUDE_SESSION_ID env (set by Claude Code in the sub-agent process)
+//   2. ARIA_SESSION_ID env (set by spawnSubAgent caller)
+//   3. ARIA_SUB_SESSION_ID env (explicit sub-session override)
+//   4. Derived from handoff parentSessionId suffixed with "-sub" to ensure
+//      the sub-agent ledger file differs from the parent file so ledger-merge
+//      picks it up (merge skips files whose path == parentLedgerPath).
+//
+// Doctrine: feedback_no_flag_without_fix.md — findings recorded, not deferred.
+//           feedback_implementation_coupled_cognition.md — write IS the impl.
+
+import { readFileSync, existsSync, appendFileSync, mkdirSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { homedir } from 'node:os';
+
+const HOME = homedir();
+const LICENSE_PATH = `${HOME}/.aria/license.json`;
+const HANDOFF_PATH = `${HOME}/.claude/aria-agent-harness-handoff.json`;
+
+let input = '';
+for await (const chunk of process.stdin) input += chunk;
+let entry;
+try { entry = JSON.parse(input); } catch {
+  process.stderr.write('discovery-record: invalid JSON on stdin\n');
+  process.exit(1);
+}
+
+if (!entry.text || typeof entry.text !== 'string' || entry.text.length < 4) {
+  process.stderr.write('discovery-record: text required (>=4 chars)\n');
+  process.exit(1);
+}
+
+// Detect tier + resolve JTI
+let isClientTier = false;
+let jti = null;
+try {
+  if (existsSync(LICENSE_PATH)) {
+    const lic = JSON.parse(readFileSync(LICENSE_PATH, 'utf8'));
+    jti = lic.jti ?? null;
+    isClientTier = Boolean(jti);
+  }
+} catch { /* non-fatal — treat as owner tier */ }
+
+// Session ID: prefer env var set by Claude Code, fall back to handoff derivation.
+// IMPORTANT: sub-agents MUST NOT use parentSessionId directly — that produces
+// the same ledger path as the parent, which aria-agent-ledger-merge.mjs skips.
+// We use CLAUDE_SESSION_ID (the sub-agent's own session) or suffix the parent
+// session with "-sub" so the file is distinct and mergeable.
+let sessionId =
+  process.env.CLAUDE_SESSION_ID ||
+  process.env.ARIA_SESSION_ID ||
+  process.env.ARIA_SUB_SESSION_ID ||
+  null;
+
+if (!sessionId) {
+  try {
+    if (existsSync(HANDOFF_PATH)) {
+      const handoff = JSON.parse(readFileSync(HANDOFF_PATH, 'utf8'));
+      const parentSession = handoff.parentSessionId;
+      // Derive a distinct sub-agent session so merge picks up this file.
+      sessionId = parentSession ? `${parentSession}-sub` : 'sub-unknown';
+    }
+  } catch { /* non-fatal */ }
+}
+sessionId = sessionId || 'sub-unknown';
+const safeSession = String(sessionId).replace(/[^a-zA-Z0-9_-]/g, '_');
+
+// Resolve ledger path (tier-scoped)
+const ledgerPath = isClientTier
+  ? `/var/lib/aria-licensee/${jti}/aria-discoveries-${safeSession}.jsonl`
+  : `${HOME}/.claude/aria-discoveries-${safeSession}.jsonl`;
+
+// Compose the row
+const row = {
+  at: new Date().toISOString(),
+  session: sessionId,
+  kind: entry.kind || 'observation',
+  text: entry.text,
+  refs: Array.isArray(entry.refs) ? entry.refs : [],
+  evidence: entry.evidence || null,
+  source: entry.source || 'sub-agent',
+  resolution_status: entry.resolution_status || 'open',
+};
+
+try {
+  mkdirSync(dirname(ledgerPath), { recursive: true });
+  appendFileSync(ledgerPath, JSON.stringify(row) + '\n');
+  process.stdout.write(JSON.stringify({ ok: true, ledger: ledgerPath, at: row.at }) + '\n');
+} catch (err) {
+  process.stderr.write(`discovery-record: write failed: ${err.message}\n`);
+  process.exit(2);
+}
+process.exit(0);

package/hooks/aria-outcome-record.mjs

@@ -0,0 +1,80 @@
+#!/usr/bin/env node
+// aria-outcome-record.mjs — PostToolUse hook that records action outcomes
+// to /api/harness/outcome-record (Sonnet H's #76 endpoint). Composes with
+// aria-discovery-record + the regression sweeper to make the outcome ledger
+// actually accumulate rows.
+//
+// Fires on every Bash|Edit|Write|NotebookEdit tool completion.
+// Fire-and-forget: HTTP failures are swallowed — never blocks the tool pipeline.
+//
+// Tier-aware: reads license.json for client-tier token; falls back to env vars
+// for owner tier. Never carries master token in client-tier POST bodies.
+//
+// Doctrine: feedback_no_flag_without_fix.md — outcomes recorded, not deferred.
+//           feedback_implementation_coupled_cognition.md — POST IS the impl.
+
+import { readFileSync, existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+
+const HOME = homedir();
+const LICENSE_PATH = `${HOME}/.aria/license.json`;
+
+let input = '';
+for await (const chunk of process.stdin) input += chunk;
+let event;
+try { event = JSON.parse(input); } catch { process.exit(0); }
+
+const toolName = event.tool_name || event.toolName || '';
+if (!['Bash', 'Edit', 'Write', 'NotebookEdit'].includes(toolName)) process.exit(0);
+
+// Derive action_kind + action_target
+let actionKind, actionTarget;
+if (toolName === 'Bash') {
+  actionKind = 'bash';
+  const cmd = event.tool_input?.command || '';
+  actionTarget = (cmd.split(/\s+/)[0] || 'unknown').slice(0, 100);
+} else {
+  actionKind = 'edit';
+  actionTarget = (event.tool_input?.file_path || event.tool_input?.path || 'unknown').slice(0, 200);
+}
+
+// Tier-aware auth: client license.json overrides env vars
+const harnessUrl = process.env.ARIA_HARNESS_URL || 'http://192.168.4.25:30080';
+let harnessToken = process.env.ARIA_HARNESS_TOKEN || process.env.ARIA_API_KEY || '';
+let isClientTier = false;
+try {
+  if (existsSync(LICENSE_PATH)) {
+    const lic = JSON.parse(readFileSync(LICENSE_PATH, 'utf8'));
+    if (lic.jti) {
+      isClientTier = true;
+      // Client tier: use their license token, never master token
+      harnessToken = lic.token || lic.license || harnessToken;
+    }
+  }
+} catch { /* non-fatal — fall back to env */ }
+
+const sessionId = event.session_id || event.sessionId || 'unknown';
+const success = !event.tool_response?.error && event.tool_response?.type !== 'error';
+
+// Fire-and-forget POST to outcome-record — never blocks, never throws
+fetch(`${harnessUrl}/api/harness/outcome-record`, {
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Authorization': `Bearer ${harnessToken}`,
+  },
+  body: JSON.stringify({
+    sessionId,
+    actionKind,
+    actionTarget,
+    actionShape: {
+      tool: toolName,
+      success,
+      isClientTier,
+    },
+  }),
+}).catch(() => {/* fire-and-forget — HTTP failures are silently dropped */});
+
+// Exit immediately — don't await the fetch; this is a PostToolUse hook
+// and must not add meaningful latency to the tool pipeline.
+process.exit(0);

package/hooks/aria-pre-tool-gate.mjs

@@ -38,6 +38,7 @@
 
 import { readFileSync, appendFileSync, existsSync, mkdirSync } from 'node:fs';
 import { dirname } from 'node:path';
+import { homedir } from 'node:os';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
@@ -1004,6 +1005,89 @@ No env-var disable path — gates are unconditional from the gated process per H
   process.exit(2);
 }
 
+// ── Sub-agent packet-citation check (Layer 4 — #84) ─────────────────────────
+//
+// When running inside a sub-agent process (detected by a non-stale handoff file
+// existing AND harnessPacketPath is set in that handoff), require the cognition
+// lens content to CITE THE PACKET — at least one of:
+//   - A doctrine rule ID (e.g. "doctrine_first", "no_demos", "workaround_vs_path_fix")
+//   - An axiom name (e.g. "truth_over_deception", "no_harm", "sacred_trust", "reflection_before_action")
+//   - A frame primitive (e.g. "Fitrah", "Tafakkur", "Tadabbur", "Ilham", "Mizan", "Hikma", "Nur", "Wahi", "Firasah")
+//   - A memory class reference (e.g. "feedback_*.md", "project_*.md", "reference_*.md")
+//
+// Owner-tier sessions (ownerTier.hamza === true AND no jti) are EXEMPT —
+// they are the source of truth for the packet itself.
+//
+// Fail-soft detection: handoff read errors silently skip this check.
+(function checkSubAgentPacketCitation() {
+  const _HOME = process.env.HOME || '/tmp';
+  // Try owner-tier handoff path first, then client-tier paths.
+  const HANDOFF_TTL_MS = 5 * 60 * 1000;
+  // Probe known handoff paths.
+  const candidatePaths = [
+    `${_HOME}/.claude/aria-agent-harness-handoff.json`,
+  ];
+  // Also check /var/lib/aria-licensee if that dir exists (client-tier).
+  try {
+    const licPath = `${_HOME}/.aria/license.json`;
+    if (existsSync(licPath)) {
+      const lic = JSON.parse(readFileSync(licPath, 'utf8'));
+      if (lic.jti) {
+        candidatePaths.push(`/var/lib/aria-licensee/${lic.jti}/handoff.json`);
+      }
+    }
+  } catch { /* non-fatal */ }
+
+  let handoff = null;
+  for (const hp of candidatePaths) {
+    if (!existsSync(hp)) continue;
+    try {
+      const raw = JSON.parse(readFileSync(hp, 'utf8'));
+      const ageMs = Date.now() - new Date(raw.writtenAt || 0).getTime();
+      if (ageMs > HANDOFF_TTL_MS) continue;   // stale handoff — not a sub-agent context
+      if (!raw.harnessPacketPath) continue;    // no packet path written → identity-only handoff, skip check
+      handoff = raw;
+      break;
+    } catch { /* malformed — skip */ }
+  }
+
+  if (!handoff) return; // not a sub-agent context, or handoff has no packetPath
+
+  // Owner-tier exemption: if ownerTier.hamza === true AND no jti → source of truth
+  const ownerExempt = (handoff.ownerTier?.hamza === true) && !handoff.ownerTier?.jti;
+  if (ownerExempt) return;
+
+  // Now verify that the cognition block cites at least one packet substrate token.
+  // Tokens accepted (case-insensitive):
+  //   • Doctrine rule IDs from feedback_*/project_*/reference_* filenames
+  //   • Axiom names: truth_over_deception, no_harm, sacred_trust, reflection_before_action
+  //   • Frame primitives: Fitrah, Tafakkur, Tadabbur, Ilham, Mizan, Hikma, Nur, Wahi, Firasah
+  //   • Memory class patterns: feedback_*.md, project_*.md, reference_*.md
+  const PACKET_CITE_RX = /\b(?:feedback_[a-z0-9_]+\.md|project_[a-z0-9_]+\.md|reference_[a-z0-9_]+\.md|doctrine_first|no_demos|workaround_vs_path_fix|no_flag_without_fix|implementation_coupled_cognition|session_starts_with_linear|gates_enforce_form_not_substance|truth_over_deception|no_harm|sacred_trust|reflection_before_action|power_obligates_service|fitrah|tafakkur|tadabbur|ilham|mizan|hikma|nur|wahi|firasah|harness\s*packet)\b/i;
+
+  const cogText = cogBlockBody || unionText;
+  const hasCite = PACKET_CITE_RX.test(cogText) || PACKET_CITE_RX.test(cmd);
+
+  if (!hasCite) {
+    const packetRef = handoff.harnessPacketPath;
+    const reason = `Sub-agent cognition cites no packet substrate — lens content must reference at least one axiom/frame/memory/doctrine from the harness packet at ${packetRef}.
+
+Accepted citations (case-insensitive, any ONE suffices):
+  • Doctrine rule IDs: doctrine_first, no_demos, workaround_vs_path_fix, no_flag_without_fix, etc.
+  • Axioms: truth_over_deception, no_harm, sacred_trust, reflection_before_action, power_obligates_service
+  • Frame primitives: Fitrah, Tafakkur, Tadabbur, Ilham, Mizan, Hikma, Nur, Wahi, Firasah
+  • Memory class refs: feedback_*.md, project_*.md, reference_*.md
+
+The harness packet is at: ${packetRef}
+Read it first (it is in your environment as ARIA_HARNESS_PACKET_PATH), then reference it in your cognition block.
+
+Cognition-theater rejected per feedback_gates_enforce_form_not_substance.md.`;
+    audit(`block-subagent-no-packet-cite ${toolName.toLowerCase()}`, cmdPreview);
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+})();
+
 // ── arch_facts gate (architectural violation scan) ────────────────────────
 //
 // Runs after cognition + discovery-binding pass, for Edit/Write/NotebookEdit.
@@ -1182,6 +1266,80 @@ Claude must either: (a) reframe action to fit allowedActions, OR (b) emit [PLAN_
   bindingAuditAppend({ event: 'allow_phase_action', sessionId, planId: plan.planId, phaseId: phase.id, action, target });
 }
 
+// ── Outcome Ledger regression flag (fail-soft) ───────────────────────────────
+//
+// Before allowing, query aria_outcome_ledger for recent regressions on the same
+// action shape. This is NOT a block — it's a soft-warning surfaced to stderr so
+// the agent can see the risk and decide whether the root cause has shipped.
+//
+// action_kind: 'edit' for Edit/Write/NotebookEdit, 'bash' for Bash
+// action_target: file path for file tools; first word of bash command otherwise
+//
+// Fail-open: network errors, timeouts, or non-200 responses are silently ignored.
+// The gate does not hardcode timeouts (no-timeouts doctrine); the 3s AbortController
+// is a DETECTION PROBE — if the endpoint is alive it will respond quickly; if it
+// is down the catch path fail-opens without blocking the developer.
+(async function checkOutcomeLedger() {
+  const _harnessUrl = process.env.ARIA_HARNESS_URL || 'http://192.168.4.25:30080';
+  const _harnessToken = process.env.ARIA_HARNESS_TOKEN || '';
+
+  // Derive action_kind and action_target from current tool call
+  let _actionKind = 'bash';
+  let _actionTarget = '';
+  if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') {
+    _actionKind = 'edit';
+    _actionTarget = filePath;
+  } else if (toolName === 'Bash') {
+    _actionKind = 'bash';
+    // First word of the command (the verb) as the shape key
+    _actionTarget = cmd.trim().split(/\s+/)[0] || '';
+    // If the command touches a specific file path, prefer that as target
+    // (captures edit-like bash operations: sed, awk, tee, etc.)
+    const _fileArgMatch = cmd.match(/\b([\w./~-]+\.[a-z]{2,6})\b/i);
+    if (_fileArgMatch) _actionTarget = _fileArgMatch[1];
+  }
+
+  if (!_actionTarget) return; // nothing useful to query
+
+  try {
+    const _ctl = new AbortController();
+    const _probeTimer = setTimeout(() => _ctl.abort(), 3000);
+    let _resp;
+    try {
+      const _params = new URLSearchParams({ action_kind: _actionKind, action_target: _actionTarget });
+      _resp = await fetch(`${_harnessUrl}/api/harness/outcome-recent-regressions?${_params}`, {
+        method: 'GET',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(_harnessToken ? { Authorization: `Bearer ${_harnessToken}` } : {}),
+        },
+        signal: _ctl.signal,
+      });
+    } finally {
+      clearTimeout(_probeTimer);
+    }
+
+    if (!_resp || !_resp.ok) return; // endpoint unreachable or error — fail-open
+    const _data = await _resp.json();
+    const _regressions = Array.isArray(_data?.regressions) ? _data.regressions : [];
+
+    if (_regressions.length > 0) {
+      // Soft-warning to stderr — visible in Claude Code's hook output but does NOT block
+      const _lines = _regressions.map(
+        (r) => `  - ${r.action_target} at ${new Date(r.created_at).toISOString()}: ${r.regression_signal || '(no signal text)'}`,
+      ).join('\n');
+      process.stderr.write(
+        `⚠️  Aria Outcome Ledger: this action shape regressed ${_regressions.length} time(s) in the last 60 min:\n` +
+        `${_lines}\n` +
+        `Re-emitting with this risk visible. Proceed only if root cause has shipped since.\n`,
+      );
+      audit(`warn-ledger-regression ${_actionKind} target=${_actionTarget} count=${_regressions.length}`, cmdPreview);
+    }
+  } catch {
+    // Network error, abort, parse failure — fail-open, no warning
+  }
+})();
+
 // Non-trivial action with cognition AND (binding-allowed OR binding-disabled) — allow.
 audit(`allow-cognition ${toolName.toLowerCase()} lenses=${lensCount} via=${cognitionSource}`, cmdPreview);
 pushDecision('allow', `${toolName.toLowerCase()} with ${lensCount} lenses (${cognitionSource})`);

package/hooks/aria-stop-gate.mjs

@@ -46,7 +46,7 @@
 // Future: signed-grant override mechanism at ~/.aria/owner-overrides/<hook>.json
 // with HMAC signature using a secret only Hamza holds. Deferred to next session.
 
-import { readFileSync, appendFileSync, existsSync, mkdirSync } from 'node:fs';
+import { readFileSync, appendFileSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { dirname } from 'node:path';
 
 const HOME = process.env.HOME || '/tmp';
@@ -702,6 +702,108 @@ if (cog.count >= REQUIRED_LENSES) {
       }
     } catch {/* outer guard */}
 
+    // ── Layer C — auto-re-consult on [PLAN_BLOCKER] (#85) ────────────────────
+    //
+    // When the assistant emits a [PLAN_BLOCKER reason="..."] marker the runtime
+    // must fire a two-path replan rather than blocking and waiting for the human:
+    //
+    //   Primary path:   POST /api/harness/replan  (aria-soul server-side)
+    //   Fallback path:  node aria-architect-fallback.mjs  (local sub-agent)
+    //
+    // Both paths write the fresh BINDING_PLAN to the session-scoped active-plan
+    // file so the next turn's pre-tool-gate and stop-gate pick it up.
+    //
+    // Fail-soft: if both paths fail, we log + emit a clear message asking Hamza
+    // to intervene. We do NOT crash the stop-gate — the existing block/allow
+    // decision below continues on its own merits.
+    const planBlockerMatch = assistantText.match(/\[PLAN_BLOCKER\s+reason="([^"]{10,2000})"\s*\]/);
+    if (planBlockerMatch) {
+      const planBlockerReason = planBlockerMatch[1];
+      audit(`[PLAN_BLOCKER] detected — firing replan: ${planBlockerReason.slice(0, 100)}`);
+
+      const currentPlanId = activePlan?.planId || 'unknown';
+      let planMinted = false;
+
+      // Primary path: aria-soul /api/harness/replan
+      try {
+        const harnessUrl = process.env.ARIA_HARNESS_URL || 'https://harness.ariasos.com';
+        const harnessToken = process.env.ARIA_HARNESS_TOKEN || process.env.ARIA_API_KEY || '';
+        const ctl = new AbortController();
+        const replanTimeout = setTimeout(() => ctl.abort(), 15000);
+        const resp = await fetch(`${harnessUrl}/api/harness/replan`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${harnessToken}`,
+          },
+          body: JSON.stringify({
+            reason: planBlockerReason,
+            currentPlanId,
+            sessionId,
+          }),
+          signal: ctl.signal,
+        });
+        clearTimeout(replanTimeout);
+        if (resp.ok) {
+          const data = await resp.json();
+          if (data.ok && data.plan) {
+            const freshPlan = {
+              ...data.plan,
+              mintedAt: new Date().toISOString(),
+              mintedBy: 'aria-soul-replan',
+            };
+            try {
+              if (!existsSync(dirname(ACTIVE_PLAN_PATH))) mkdirSync(dirname(ACTIVE_PLAN_PATH), { recursive: true });
+              writeFileSync(ACTIVE_PLAN_PATH, JSON.stringify(freshPlan, null, 2));
+            } catch (writeErr) {
+              audit(`replan-primary-write-err: ${String(writeErr).slice(0, 200)}`);
+            }
+            planMinted = true;
+            audit(`replan-primary-ok planId=${data.plan.planId}`);
+          } else {
+            audit(`replan-primary-bad-response: ok=${data.ok} error=${(data.error || '').slice(0, 200)}`);
+          }
+        } else {
+          audit(`replan-primary-http-${resp.status}`);
+        }
+      } catch (err) {
+        audit(`replan-primary-failed: ${(err?.message || String(err)).slice(0, 200)}`);
+      }
+
+      // Fallback path: architect-fallback hook (spawned as sub-process)
+      if (!planMinted) {
+        audit('replan-primary-unreachable — firing architect-fallback');
+        try {
+          const { spawnSync } = await import('node:child_process');
+          const fallbackBin = `${HOME}/.claude/hooks/aria-architect-fallback.mjs`;
+          if (existsSync(fallbackBin)) {
+            const fallbackResult = spawnSync('node', [fallbackBin], {
+              input: JSON.stringify({ reason: planBlockerReason, currentPlanId, sessionId }),
+              encoding: 'utf8',
+              timeout: 130000,
+            });
+            if (fallbackResult.status === 0) {
+              audit(`architect-fallback-ok: ${(fallbackResult.stdout || '').slice(0, 200)}`);
+              planMinted = true;
+            } else {
+              audit(
+                `architect-fallback-failed status=${fallbackResult.status} stderr=${(fallbackResult.stderr || '').slice(0, 200)}`
+              );
+            }
+          } else {
+            audit(`architect-fallback-missing: ${fallbackBin} not found`);
+          }
+        } catch (err) {
+          audit(`architect-fallback-threw: ${(err?.message || String(err)).slice(0, 200)}`);
+        }
+      }
+
+      if (!planMinted) {
+        audit('replan-both-paths-failed — Hamza must intervene');
+        // Surface clearly in the block reason below; don't crash the gate.
+      }
+    }
+
     // Block decision: any of (validateOutput severity=block) OR (>=2 drift hits) OR
     // (>=1 code-quality hit) OR (open discovery in ledger) → block emit.
     // Aria enforcement #46 (compelled reflection): severity=warn ALSO blocks but

package/opencode-plugins/harness-context/index.js

@@ -0,0 +1,60 @@
+/**
+ * Aria Harness Context Plugin for OpenCode.
+ *
+ * Injects the live harness packet into OpenCode's system prompt on every
+ * session start. Routes through the canonical @aria/harness-http-client SDK
+ * via the inject-context.mjs script that ships alongside this plugin.
+ *
+ * Distribution: this dir is installed by `aria connect` (via connectors/
+ * opencode.ts) into `~/.opencode/plugins/harness-context/`. The plugin's
+ * absolute install path is wired into ~/.opencode/config.json's `plugin`
+ * (singular) array. OpenCode loads it on session start.
+ *
+ * inject-context.mjs is resolved RELATIVE TO THIS FILE (via import.meta.url),
+ * so the same install layout works on every machine — no $HOME or repo-path
+ * assumptions.
+ */
+
+import { execFileSync } from 'node:child_process';
+import { existsSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const PLUGIN_DIR = dirname(fileURLToPath(import.meta.url));
+const INJECT_SCRIPT = join(PLUGIN_DIR, 'inject-context.mjs');
+
+function getHarnessContext() {
+  if (!existsSync(INJECT_SCRIPT)) {
+    process.stderr.write(`[harness-context] inject-context.mjs missing at ${INJECT_SCRIPT}\n`);
+    return null;
+  }
+  try {
+    // execFileSync — argv-safe (no shell injection surface even though the
+    // path is internal). 15s ceiling matches OpenCode's tolerance for
+    // session-start blocking. Stdout is the prepend-able context; stderr
+    // is the diagnostic surface.
+    const output = execFileSync(process.execPath, [INJECT_SCRIPT], {
+      encoding: 'utf-8',
+      timeout: 15000,
+      stdio: ['ignore', 'pipe', 'pipe'],
+      env: process.env,
+    });
+    return output;
+  } catch (err) {
+    process.stderr.write(`[harness-context] inject-context failed: ${err && err.message ? err.message : String(err)}\n`);
+    return null;
+  }
+}
+
+export default async function HarnessContextPlugin(ctx) {
+  const context = getHarnessContext();
+  if (context) {
+    try {
+      ctx.system?.prepend?.(context.slice(0, 8000));
+    } catch (_) {
+      // ctx.system shape varies across OpenCode versions; if prepend isn't
+      // available we silently no-op rather than crash plugin load.
+    }
+  }
+  return {};
+}

package/opencode-plugins/harness-context/inject-context.mjs

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+// Aria harness context injector — bundled alongside the harness-context
+// OpenCode plugin. Resolved relative to the plugin (via import.meta.url),
+// so the install layout is portable across machines.
+//
+// Contract with the plugin:
+//   - stdin: ignored
+//   - stdout: text to prepend to OpenCode's system prompt
+//   - exit 0 on success; non-zero treated as failure (plugin returns null)
+//
+// SDK resolution: prefers ~/.claude/aria-sdk/index.js (the SDK installed by
+// `aria connect`'s claude-code path — clients with both connectors share it).
+// Cache fast-path uses ~/.claude/.aria-harness-last-packet.json so OpenCode
+// session-start doesn't block on a slow consult endpoint.
+
+import { existsSync, readFileSync, statSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+const HOME = homedir();
+const LICENSE_PATH = join(HOME, '.aria', 'license.json');
+const OWNER_TOKEN_PATH = join(HOME, '.aria', 'owner-token');
+const SDK_PATH = join(HOME, '.claude', 'aria-sdk', 'index.js');
+const PACKET_CACHE_PATH = join(HOME, '.claude', '.aria-harness-last-packet.json');
+const PACKET_CACHE_TTL_SEC = Number(process.env.ARIA_HARNESS_CACHE_TTL_SEC || '60');
+
+function fail(reason) {
+  process.stderr.write(`[inject-context] ${reason}\n`);
+  process.exit(1);
+}
+
+function resolveApiKey() {
+  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
+  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
+  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
+  if (existsSync(OWNER_TOKEN_PATH)) {
+    try {
+      const v = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
+      if (v) return v;
+    } catch {}
+  }
+  if (existsSync(LICENSE_PATH)) {
+    try {
+      const j = JSON.parse(readFileSync(LICENSE_PATH, 'utf8'));
+      if (j.token) return j.token;
+    } catch {}
+  }
+  return '';
+}
+
+function resolveBaseUrl() {
+  if (process.env.ARIA_HARNESS_BASE_URL) return process.env.ARIA_HARNESS_BASE_URL.replace(/\/+$/, '');
+  if (process.env.ARIA_SOUL_URL) return process.env.ARIA_SOUL_URL.replace(/\/+$/, '');
+  return 'http://localhost:30080';
+}
+
+function loadCachedPacket() {
+  try {
+    if (!existsSync(PACKET_CACHE_PATH)) return null;
+    const ageSec = (Date.now() - statSync(PACKET_CACHE_PATH).mtimeMs) / 1000;
+    if (ageSec > PACKET_CACHE_TTL_SEC) return null;
+    return JSON.parse(readFileSync(PACKET_CACHE_PATH, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function formatPacketAsContext(packet) {
+  if (typeof packet === 'string') return packet;
+  if (packet && typeof packet === 'object') {
+    if (packet.packet && typeof packet.packet === 'object') {
+      return JSON.stringify(packet.packet, null, 2);
+    }
+    if (packet.harness && typeof packet.harness === 'string') return packet.harness;
+    return JSON.stringify(packet, null, 2);
+  }
+  return '';
+}
+
+async function fetchViaSdk(baseUrl, apiKey) {
+  if (!existsSync(SDK_PATH)) {
+    fail(`SDK not found at ${SDK_PATH} — run \`aria connect\` to install`);
+  }
+  const mod = await import(SDK_PATH);
+  const Client = mod.HTTPHarnessClient;
+  if (!Client) fail('SDK loaded but HTTPHarnessClient not exported — bundle is broken');
+  const client = new Client({ baseUrl, apiKey, workspaceRoot: process.cwd() });
+  return client.getHarnessPacket({
+    stage: 'session-start',
+    actor: 'opencode',
+    system: 'opencode',
+    platform: 'opencode',
+  });
+}
+
+async function main() {
+  // Cache fast-path first — don't block OpenCode startup on a slow consult.
+  const cached = loadCachedPacket();
+  if (cached) {
+    process.stdout.write(formatPacketAsContext(cached));
+    return;
+  }
+
+  const apiKey = resolveApiKey();
+  if (!apiKey) {
+    fail('no API key — set ARIA_API_KEY or run `aria login`');
+  }
+  const baseUrl = resolveBaseUrl();
+
+  try {
+    const packet = await fetchViaSdk(baseUrl, apiKey);
+    process.stdout.write(formatPacketAsContext(packet));
+  } catch (err) {
+    fail(`SDK fetch failed: ${err && err.message ? err.message : String(err)}`);
+  }
+}
+
+main().catch((err) => {
+  fail(`unexpected: ${err && err.message ? err.message : String(err)}`);
+});

package/opencode-plugins/harness-context/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "harness-context",
+  "version": "1.0.0",
+  "type": "module",
+  "main": "./index.js",
+  "exports": {
+    ".": "./index.js"
+  }
+}