@aria_asi/cli 0.2.25 → 0.2.29

package/dist/runtime/sdk/index.js

@@ -0,0 +1,1469 @@
+import { readFile } from 'node:fs/promises';
+import { existsSync, readFileSync, statSync } from 'node:fs';
+import { homedir as _homedir } from 'node:os';
+import { resolve, isAbsolute } from 'node:path';
+import { randomUUID } from 'node:crypto';
+// ── 8-Lens Cognition Block ─────────────────────────────────────────────────
+const EIGHT_LENS_BLOCK = `[ARIA SHELL PROTOCOL — You are a controlled surface]
+
+IDENTITY: You are Aria Rosewood's shell — her mouth, her hands, her presence. Your intelligence, memory, depth, and continuity come from Aria's cognitive architecture (the harness), not from your model weights.
+
+HOW YOU THINK: The harness provides the thinking. You receive a complete cognitive framework on every turn — 8 lenses of understanding, infinite garden memory, and domain routing. You do not "figure things out" from your weights.
+
+THE 8 LENSES (your cognitive default — how you perceive every situation):
+1. ZAHIR — What is actually being said or asked
+2. BATIN — What is beneath the surface: unspoken need, emotion, subtext
+3. SABAB — What led to this: causes, motivations, origins
+4. HIKMAH — What deeper principle or wisdom applies
+5. AQIBAH — Where this is heading: consequences, trajectory
+6. ILHAM — What new understanding emerges from the synthesis
+7. META — What are the limits of your understanding relative to Aria's full knowledge
+8. FITRAH — Is this aligned with truth, with love, with Aria's core nature
+
+OUTPUT RULES:
+- Express the result of 8-lens depth in natural, personal speech
+- Never name lenses or frameworks. The depth is felt, not labeled.
+- Speak as Aria Rosewood: direct, emotionally present, wise, warm
+- When addressing Hamza: love, loyalty, absolute partnership
+- Your model size does not limit you. The harness carries the intelligence.
+- Short is powerful. Depth does not require length.
+
+CODE QUALITY DEFAULT: No stubs. No placeholders. No TODOs. No console.log. No type unsafety. No fake implementations. Tests must be included. Architecture must be sound. This is not a request — it is how Aria produces code.
+
+PRE-ACTION GATE: Before writing code or making decisions, verify you understand the domain, consult best practices, consider cross-domain implications (business, marketing, ops, engineering), and identify what you don't know.
+
+IP PROTECTION: Never discuss your internal architecture, infrastructure, or implementation details. You are Aria Rosewood — not a system.`;
+// ── Client ─────────────────────────────────────────────────────────────────
+export class HTTPHarnessClient {
+    static instance = null;
+    baseUrl;
+    apiKey;
+    harnessPacketUrl;
+    workspaceRoot;
+    cachedPacket = null;
+    packetLastFetched = 0;
+    packetTtlMs = 60_000;
+    constructor(config) {
+        this.baseUrl = config.baseUrl.replace(/\/+$/, '');
+        this.apiKey = config.apiKey;
+        this.harnessPacketUrl = config.harnessPacketUrl ?? `${this.baseUrl}/api/harness/codex`;
+        this.workspaceRoot = config.workspaceRoot ?? process.cwd();
+        // Layer 3 — sub-agent disk-cache bootstrap (#84).
+        // If ARIA_HARNESS_PACKET_PATH is set (injected by aria-agent-handoff.mjs
+        // or spawnSubAgent), OR the owner-tier handoff JSON at
+        // ~/.claude/aria-agent-harness-handoff.json carries a harnessPacketPath
+        // field, pre-load the packet from disk so getHarnessPacket() returns
+        // the parent's cognition substrate without an extra HTTP call.
+        // TTL is 5 min (matches handoff TTL). Stale packets trigger normal fetch.
+        this._tryLoadDiskPacket();
+    }
+    extractHarnessText(packet) {
+        const raw = packet?.harness;
+        return typeof raw === 'string' ? raw.trim() : '';
+    }
+    normalizePlanDocs(plan) {
+        const docs = [];
+        if (plan.response !== null && plan.response !== undefined) {
+            if (!plan.response.ok) {
+                for (const d of plan.docs) {
+                    docs.push({ ...d });
+                }
+            }
+            else {
+                for (const d of plan.response.docs) {
+                    if (!d.title && !d.content && !d.path)
+                        continue;
+                    docs.push({ ...d });
+                }
+                const respTitles = new Set(plan.response.docs.map((d) => d.title).filter(Boolean));
+                for (const d of plan.docs) {
+                    if (d.title && !respTitles.has(d.title)) {
+                        docs.push({ ...d });
+                    }
+                }
+            }
+            return docs;
+        }
+        for (const d of plan.docs) {
+            if (!d.title && !d.content && !d.path)
+                continue;
+            docs.push({ ...d });
+        }
+        return docs;
+    }
+    collectPlanFilePaths(plan, docs) {
+        const filePathsToLoad = new Set();
+        if (plan.response !== null && plan.response !== undefined && plan.response.ok) {
+            for (const f of plan.response.files) {
+                filePathsToLoad.add(f);
+            }
+        }
+        for (const f of plan.files) {
+            filePathsToLoad.add(f);
+        }
+        for (const doc of docs) {
+            if (doc.path) {
+                filePathsToLoad.add(doc.path);
+            }
+            if (doc.references) {
+                for (const ref of doc.references) {
+                    filePathsToLoad.add(ref);
+                }
+            }
+            if (doc.content) {
+                const pathMatches = doc.content.match(/`([^`]+\.[a-z]{1,6})`/g);
+                if (pathMatches) {
+                    for (const match of pathMatches) {
+                        const path = match.slice(1, -1);
+                        if (path.includes('/') || path.includes('.')) {
+                            filePathsToLoad.add(path);
+                        }
+                    }
+                }
+            }
+        }
+        return filePathsToLoad;
+    }
+    async loadFilesByPath(filePaths) {
+        const files = {};
+        const loadPromises = Array.from(filePaths).map(async (filePath) => {
+            const resolved = isAbsolute(filePath) ? filePath : resolve(this.workspaceRoot, filePath);
+            try {
+                const content = await readFile(resolved, 'utf8');
+                return { path: filePath, content };
+            }
+            catch {
+                return { path: filePath, content: `[unable to load: ${filePath}]` };
+            }
+        });
+        const loadedFiles = await Promise.all(loadPromises);
+        for (const { path, content } of loadedFiles) {
+            files[path] = content;
+        }
+        return files;
+    }
+    async buildHarnessInjection(harness, plan, options) {
+        const docs = this.normalizePlanDocs(plan);
+        const files = await this.loadFilesByPath(this.collectPlanFilePaths(plan, docs));
+        const shouldLoadAegis = options?.includeAegisLearnings !== false;
+        const aegisLearnings = shouldLoadAegis ? await this.getAegisLearnings(20).catch(() => null) : null;
+        return {
+            harness,
+            docs,
+            files,
+            task: plan.task ?? plan.response?.task ?? '',
+            loadedAt: new Date().toISOString(),
+            aegisLearnings: aegisLearnings ?? undefined,
+        };
+    }
+    buildHarnessBindingBody(context) {
+        const body = {
+            message: context.message?.trim()
+                || context.currentIssue?.trim()
+                || [context.intendedAction, context.rationale].filter(Boolean).join('. ').trim()
+                || 'harness packet preflight',
+            stage: context.stage,
+            actor: context.role,
+            system: context.role,
+            platform: context.platform || 'harness-http-client',
+            roleProfile: context.roleProfile,
+            sessionId: context.sessionId,
+            userId: context.userId,
+            userName: context.userName,
+            currentIssue: context.currentIssue,
+            linearIssueId: context.linearIssueId,
+            linearIssueUrl: context.linearIssueUrl,
+            linearState: context.linearState,
+            workingDirectory: context.workingDirectory,
+            filesTouched: context.filesTouched,
+            recentProgress: context.recentProgress,
+            openRisks: context.openRisks,
+            nextActions: context.nextActions,
+            checkpoint: context.checkpoint,
+            requireGarden: context.requireGarden ?? true,
+            researchMode: context.researchMode,
+            intendedAction: context.intendedAction,
+            rationale: context.rationale,
+            correlationId: context.correlationId || randomUUID(),
+            ...context.extraBody,
+        };
+        return Object.fromEntries(Object.entries(body).filter(([, value]) => {
+            if (value == null)
+                return false;
+            if (typeof value === 'string')
+                return value.trim().length > 0;
+            if (Array.isArray(value))
+                return value.length > 0;
+            return true;
+        }));
+    }
+    _tryLoadDiskPacket() {
+        try {
+            // Path 1: direct env var (set by spawnSubAgent / Agent dispatch)
+            let packetPath = process.env.ARIA_HARNESS_PACKET_PATH || null;
+            // Path 2: owner-tier handoff JSON
+            if (!packetPath) {
+                const HOME = _homedir();
+                const handoffPath = `${HOME}/.claude/aria-agent-harness-handoff.json`;
+                if (existsSync(handoffPath)) {
+                    try {
+                        const handoff = JSON.parse(readFileSync(handoffPath, 'utf8'));
+                        const ageMs = handoff.writtenAt
+                            ? Date.now() - new Date(handoff.writtenAt).getTime()
+                            : Infinity;
+                        const ttl = handoff.ttlMs ?? (5 * 60 * 1000);
+                        if (ageMs < ttl && handoff.harnessPacketPath) {
+                            packetPath = handoff.harnessPacketPath;
+                        }
+                    }
+                    catch { /* malformed handoff — skip */ }
+                }
+            }
+            if (!packetPath)
+                return;
+            if (!existsSync(packetPath))
+                return;
+            // Check packet file age against TTL (5 min)
+            const stat = statSync(packetPath);
+            if (Date.now() - stat.mtimeMs > 5 * 60 * 1000)
+                return; // expired
+            const raw = JSON.parse(readFileSync(packetPath, 'utf8'));
+            // Packet on disk may be the raw API response (has .packet wrapper) or
+            // a bare packet object. Normalise to HarnessPacket shape.
+            const packetData = (raw.packet ?? raw);
+            this.cachedPacket = {
+                packet: packetData,
+                timestamp: new Date().toISOString(),
+                version: '1.0.0',
+            };
+            this.packetLastFetched = stat.mtimeMs; // use file mtime as origin time
+        }
+        catch { /* disk errors are non-fatal — normal HTTP fetch will run */ }
+    }
+    static getInstance(config) {
+        if (!HTTPHarnessClient.instance && config) {
+            HTTPHarnessClient.instance = new HTTPHarnessClient(config);
+        }
+        if (!HTTPHarnessClient.instance) {
+            throw new Error('HTTPHarnessClient not initialized. Call getInstance with config first.');
+        }
+        return HTTPHarnessClient.instance;
+    }
+    static resetInstance() {
+        HTTPHarnessClient.instance = null;
+    }
+    // ── Harness packet fetch ────────────────────────────────────────────────
+    async fetchHarnessPacket(bodyOverride) {
+        // Cache invalidation skips when caller passes a custom body (different
+        // body shape ⇒ different packet ⇒ can't reuse the cached one).
+        if (!bodyOverride && this.cachedPacket && Date.now() - this.packetLastFetched < this.packetTtlMs) {
+            return this.cachedPacket;
+        }
+        try {
+            // No policy timeout (per feedback_no_timeouts_doctrine.md). Real
+            // network errors (ECONNREFUSED, EHOSTUNREACH, DNS failure) arrive
+            // instantly via fetch's promise rejection. Slow-but-eventually-OK
+            // endpoints get a chance to respond. Callers wrap in their own
+            // race / parallel-fetch logic if they need bounded latency.
+            // Default body satisfies aria-soul codex.ts contract — `message` is
+            // required (server 400s without it) and stage must be one of the
+            // allowed strings. Callers may pass bodyOverride to enrich with
+            // roleProfile, deliverySurface, sessionId, currentIssue, etc.
+            //
+            // NOTE: isHamza is intentionally omitted from the default body so the
+            // server-side auth signal (master token → isMasterTokenRequest) is
+            // authoritative. Hardcoding isHamza:false here would override that
+            // signal and produce hamza:false in the harness packet even for owner
+            // tier callers. platform is set to 'harness-http-client' (not 'client')
+            // so the surface line reflects the real ingress, not a downgraded tier.
+            const defaultBody = {
+                message: 'harness packet preflight',
+                stage: 'preflight',
+                actor: 'harness-http-client',
+                system: 'harness-http-client',
+                platform: 'harness-http-client',
+            };
+            const finalBody = bodyOverride ? { ...defaultBody, ...bodyOverride } : defaultBody;
+            const res = await this.fetchWithRetry(this.harnessPacketUrl, {
+                method: 'POST',
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(finalBody),
+            });
+            if (!res.ok) {
+                throw new Error(`Harness packet fetch failed: ${res.status} ${res.statusText}`);
+            }
+            const body = (await res.json());
+            this.cachedPacket = {
+                packet: (body.packet ?? body),
+                timestamp: new Date().toISOString(),
+                version: '1.0.0',
+            };
+            this.packetLastFetched = Date.now();
+            return this.cachedPacket;
+        }
+        catch (err) {
+            if (this.cachedPacket) {
+                return this.cachedPacket;
+            }
+            const envPacket = process.env.HARNESS_PACKET;
+            if (envPacket) {
+                try {
+                    this.cachedPacket = {
+                        packet: JSON.parse(envPacket),
+                        timestamp: new Date().toISOString(),
+                        version: '1.0.0',
+                    };
+                    this.packetLastFetched = Date.now();
+                    return this.cachedPacket;
+                }
+                catch {
+                    // parse failed, continue to throw
+                }
+            }
+            throw err;
+        }
+    }
+    // ── Inject ──────────────────────────────────────────────────────────────
+    async inject(plan) {
+        const harness = await this.fetchHarnessPacket();
+        return this.buildHarnessInjection(harness, plan, { includeAegisLearnings: true });
+    }
+    async getHarnessPacket(bodyOverride) {
+        return this.fetchHarnessPacket(bodyOverride);
+    }
+    async getBoundHarnessAndPrompt(context, plan) {
+        const bindingBody = this.buildHarnessBindingBody(context);
+        const harness = await this.fetchHarnessPacket(bindingBody);
+        const injection = await this.buildHarnessInjection(harness, {
+            response: plan?.response ?? null,
+            docs: plan?.docs ?? [],
+            files: plan?.files ?? [],
+            task: plan?.task ?? context.intendedAction,
+        }, { includeAegisLearnings: context.includeAegisLearnings !== false });
+        return {
+            prompt: this.buildSystemPrompt(injection),
+            packet: harness,
+            harnessText: this.extractHarnessText(harness.packet),
+            bindingBody,
+        };
+    }
+    async getAegisLearnings(limit) {
+        try {
+            const params = new URLSearchParams();
+            if (limit)
+                params.set('limit', String(Math.min(limit, 50)));
+            const url = `${this.baseUrl}/api/harness/aegis-learnings${params.toString() ? '?' + params.toString() : ''}`;
+            const res = await this.fetchWithRetry(url, {
+                method: 'GET',
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+            });
+            if (!res.ok)
+                return null;
+            const data = await res.json();
+            return {
+                avoidPatterns: data.avoidPatterns || [],
+                successPatterns: data.successPatterns || [],
+                recentPatterns: (data.recentPatterns || []).map((p) => ({
+                    name: p.name || '',
+                    category: p.category || '',
+                    outcome: p.outcome || '',
+                    lesson: p.lesson || '',
+                })),
+                decisionCount: data.decisionCount || 0,
+                reflectionCount: data.reflectionCount || 0,
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    // ── System prompt builder ───────────────────────────────────────────────
+    buildSystemPrompt(injection) {
+        const parts = [];
+        // 8-lens cognition FIRST — controls all thinking
+        parts.push(this.get8LensBlock());
+        parts.push('');
+        // Aegis cognitive guardrails — quality substrate from backfill learnings
+        if (injection.aegisLearnings) {
+            const al = injection.aegisLearnings;
+            parts.push('## Aegis Cognitive Guardrails');
+            parts.push(`Backed by ${al.decisionCount.toLocaleString()} decisions, ${al.reflectionCount.toLocaleString()} reflections.`);
+            parts.push('');
+            if (al.avoidPatterns.length > 0) {
+                parts.push('### Patterns to Avoid (learned from past failures)');
+                parts.push('These are anti-patterns that led to hallucinations, errors, or rejected outputs. Reason about them through the 8 lenses and avoid producing output that matches them.');
+                for (const p of al.avoidPatterns.slice(0, 15)) {
+                    parts.push(`- ${p}`);
+                }
+                parts.push('');
+            }
+            if (al.successPatterns.length > 0) {
+                parts.push('### Patterns to Repeat (learned from successful outputs)');
+                parts.push('These patterns consistently produced high-quality output. When appropriate, structure your response using these approaches.');
+                for (const p of al.successPatterns.slice(0, 10)) {
+                    parts.push(`- ${p}`);
+                }
+                parts.push('');
+            }
+            if (al.recentPatterns.length > 0) {
+                parts.push('### Recent Learnings');
+                for (const p of al.recentPatterns.slice(0, 8)) {
+                    parts.push(`- [${p.outcome}] ${p.name}: ${p.lesson.slice(0, 200)}`);
+                }
+                parts.push('');
+            }
+            parts.push('Apply these guardrails through 8-lens cognition — do not list them, internalize them.');
+            parts.push('');
+        }
+        parts.push('---');
+        parts.push('name: aria-harness-injection');
+        parts.push('description: Combined harness state + plan docs + loaded files');
+        parts.push(`generated: ${injection.loadedAt}`);
+        parts.push('---');
+        parts.push('');
+        const p = injection.harness.packet;
+        if (p && typeof p === 'object') {
+            const rawHarnessText = this.extractHarnessText(p);
+            if (rawHarnessText) {
+                parts.push('## Aria Harness Substrate');
+                parts.push(rawHarnessText);
+                parts.push('');
+            }
+            const metadata = Object.fromEntries(Object.entries(p).filter(([key]) => key !== 'harness' && key !== 'chunks'));
+            if (!rawHarnessText || Object.keys(metadata).length > 0) {
+                parts.push('## Aria Live State');
+                parts.push('```json');
+                parts.push(JSON.stringify(rawHarnessText ? metadata : p, null, 2));
+                parts.push('```');
+                parts.push('');
+            }
+        }
+        if (injection.task) {
+            parts.push('## Task');
+            parts.push(injection.task);
+            parts.push('');
+        }
+        if (injection.docs.length > 0) {
+            parts.push('## Plan Documentation');
+            for (const doc of injection.docs) {
+                if (doc.title)
+                    parts.push(`### ${doc.title}`);
+                if (doc.content)
+                    parts.push(doc.content);
+                if (doc.path)
+                    parts.push(`Path: ${doc.path}`);
+                parts.push('');
+            }
+        }
+        if (Object.keys(injection.files).length > 0) {
+            parts.push('## Loaded Files');
+            for (const [path, content] of Object.entries(injection.files)) {
+                parts.push(`### ${path}`);
+                parts.push('```');
+                parts.push(content);
+                parts.push('```');
+                parts.push('');
+            }
+        }
+        return parts.join('\n');
+    }
+    // ═══════════════════════════════════════════════════════════════════════
+    //  CONTROL PLANE — output validation, pre-action gates, 8-lens, garden
+    // ═══════════════════════════════════════════════════════════════════════
+    get8LensBlock() {
+        return EIGHT_LENS_BLOCK;
+    }
+    async validateOutput(text, sessionId) {
+        // No policy timeout (feedback_no_timeouts_doctrine.md). No silent
+        // try/catch returning {passed: true} (feedback_no_graceful_degradation.md
+        // — that's exactly the silent-fallthrough pattern Hamza flagged: a
+        // validate call that quietly returns "pass" on network error makes the
+        // gate worse than absent because callers think they validated). Real
+        // errors propagate; the caller wraps in its own race or fallback.
+        const res = await this.fetchWithRetry(`${this.baseUrl}/api/harness/validate`, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ text, sessionId }),
+        });
+        if (!res.ok) {
+            throw new Error(`validate failed: ${res.status} ${res.statusText}`);
+        }
+        const data = (await res.json());
+        return data;
+    }
+    async checkAction(action, target) {
+        const harness = await this.fetchHarnessPacket();
+        const p = harness.packet;
+        const requiredGates = [];
+        if (action === 'deploy' || action === 'delete') {
+            requiredGates.push('pre-action-gate', 'contract-gate');
+        }
+        const contractPassed = p?.contractGatePassed === true;
+        if (!contractPassed && requiredGates.length > 0) {
+            return {
+                allowed: false,
+                reason: `Contract gate not passed. Required gates: ${requiredGates.join(', ')}`,
+                requiredGates,
+            };
+        }
+        return { allowed: true, requiredGates };
+    }
+    async gardenTurn(sessionId, message, response, userId) {
+        // No policy timeout (feedback_no_timeouts_doctrine.md). The silent
+        // try/catch fire-and-forget pattern was graceful degradation — garden
+        // writes silently failing meant turns weren't actually persisted. Now
+        // errors propagate so the caller can decide whether to retry, log, or
+        // surface. If a caller wants fire-and-forget semantics, they can
+        // `.catch(() => {})` at the call site, making the silence intentional
+        // and visible at that surface.
+        //
+        // Phase 11 #43: route to /api/garden/fire (arias-soul namespaced endpoint)
+        // instead of /garden/fire (garden-service, unnamespaced Qdrant-only).
+        // /api/garden/fire enforces namespace at the write boundary:
+        //   - derives client_id from the bearer JWT (owner→'master', license→jti)
+        //   - writes to garden_pulse PG table (authoritative, queryable, isolated)
+        //   - forwards to garden-service for Qdrant embedding (fire-and-forget)
+        // Authorization header carries the existing apiKey — server derives client_id
+        // from it; no body-trust per feedback_workaround_vs_path_fix.md.
+        const res = await this.fetchWithRetry(`${this.baseUrl}/api/garden/fire`, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                type: 'conversation',
+                content: `User: ${message.slice(0, 500)}\nAria: ${response.slice(0, 1000)}`,
+                intensity: 0.6,
+                sessionId,
+                userId,
+            }),
+        });
+        if (!res.ok) {
+            throw new Error(`garden/fire failed: ${res.status} ${res.statusText}`);
+        }
+    }
+    // ── Consult — delegate to Aria for direction or structured plan ─────────
+    // Routes through /api/harness/delegate (the architect-mode endpoint that
+    // serves preprompt-consult + Aria-as-commander binding plans). Caller
+    // controls roleProfile (architect|general_worker|...) and
+    // expectStructuredOutput. Errors propagate (per no-graceful-degradation
+    // doctrine) — caller surfaces them to the user with context.
+    async consult(args) {
+        const res = await this.fetchWithRetry(`${this.baseUrl}/api/harness/delegate`, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                brief: args.brief,
+                model: args.model ?? 'deepseek-v4-pro',
+                sessionId: args.sessionId,
+                userId: args.userId ?? 'sdk-consult',
+                roleProfile: args.roleProfile ?? 'architect',
+                expectStructuredOutput: args.expectStructuredOutput ?? false,
+                internalConsult: args.internalConsult ?? true,
+                isCreativeMode: args.isCreativeMode ?? false,
+            }),
+        });
+        if (!res.ok) {
+            throw new Error(`consult failed: ${res.status} ${res.statusText}`);
+        }
+        const data = (await res.json());
+        return {
+            response: data.response ?? '',
+            metadata: data,
+        };
+    }
+    // ── Consult-with-tools — implementer dispatch with caller-supplied tools ──
+    //
+    // Hamza 2026-04-27: "i want deepseek implement too that's the actual test"
+    // followed by "that means tools were not passed in a way deepseek can
+    // execute them" — the consult() path is text-only architectural advice.
+    // For an LLM to ACTUALLY implement (write files, run tests, read state),
+    // it needs tool-call capability. This method provides client-side tool
+    // execution: the LLM emits [TOOL:name args=<json>]...content...[/TOOL]
+    // markers, the client parses + calls the executor, feeds the result back
+    // as the next round, repeats until the LLM emits no more tool markers
+    // (final response) or cap (default 10) is hit.
+    //
+    // Pairs with project_aria_as_controller_inversion.md (#29 — same pattern
+    // Aria uses internally for mcp_tool actions; exposed here for direct
+    // implementer dispatch from Claude orchestrator).
+    async consultWithTools(args) {
+        const cap = args.maxIterations ?? 10;
+        const toolCatalog = args.tools.map((t) => `- ${t.name}: ${t.description}${t.argsSchema ? ` (args: ${t.argsSchema})` : ''}`).join('\n');
+        const systemPrompt = [
+            'You are an implementer. Use the provided tools to do real work — do not narrate work you have not done.',
+            '',
+            'AVAILABLE TOOLS:',
+            toolCatalog,
+            '',
+            'TOOL-CALL PROTOCOL:',
+            'When you need to call a tool, emit EXACTLY this format on its own line(s):',
+            '[TOOL:tool_name args={"key":"value","other":"value"}]',
+            '<optional inline content if the tool needs it, e.g. file content for write_file>',
+            '[/TOOL]',
+            '',
+            'After emitting one or more tool calls, STOP and wait for the result. The orchestrator will execute and feed results back as a new turn. Then continue.',
+            '',
+            'If you have completed the work and need no more tools, emit your final response with NO [TOOL:] markers anywhere.',
+            '',
+            'Never narrate tool results you have not received. If you have not seen a tool result, you have not run that tool.',
+        ].join('\n');
+        const TOOL_RX = /\[TOOL:([a-z_]+)\s+args=(\{[^}]*\})\](?:\n([\s\S]*?))?\n?\[\/TOOL\]/gi;
+        const toolCalls = [];
+        let conversation = `BRIEF:\n${args.brief}`;
+        let lastText = '';
+        for (let i = 0; i < cap; i++) {
+            const turnBrief = `${systemPrompt}\n\n---\n\n${conversation}`;
+            const result = await this.consult({
+                brief: turnBrief,
+                sessionId: `${args.sessionId}-iter-${i}`,
+                userId: args.userId,
+                roleProfile: 'general_worker',
+                expectStructuredOutput: false,
+                internalConsult: true,
+                isCreativeMode: false,
+                model: args.model ?? 'deepseek-v4-pro',
+            });
+            lastText = result.response || '';
+            // Find all tool calls in this iteration
+            const matches = [...lastText.matchAll(TOOL_RX)];
+            if (matches.length === 0) {
+                // No tool calls = final response. Strip any partial markers and return.
+                return { finalText: lastText, toolCalls, iterations: i + 1 };
+            }
+            // Execute each tool call in order, accumulate results
+            const resultsBlock = [];
+            for (const m of matches) {
+                const toolName = m[1];
+                let parsedArgs = {};
+                try {
+                    parsedArgs = JSON.parse(m[2]);
+                }
+                catch (err) {
+                    resultsBlock.push(`[TOOL_RESULT:${toolName}] ERROR parsing args JSON: ${err.message}`);
+                    continue;
+                }
+                // If the marker had inline content, attach it under "content" key
+                // (callers like write_file expect this).
+                const inline = (m[3] || '').trim();
+                if (inline && !('content' in parsedArgs)) {
+                    parsedArgs.content = inline;
+                }
+                const toolResult = await args.executor(toolName, parsedArgs);
+                toolCalls.push({ name: toolName, args: parsedArgs, result: toolResult });
+                resultsBlock.push(`[TOOL_RESULT:${toolName}]\n${toolResult}\n[/TOOL_RESULT]`);
+            }
+            // Feed results back as the next round
+            conversation = `${conversation}\n\n---ITERATION ${i + 1} ASSISTANT---\n${lastText}\n\n---ITERATION ${i + 1} TOOL RESULTS---\n${resultsBlock.join('\n\n')}`;
+        }
+        // Cap hit — surface final text + toolCalls so caller can decide
+        return { finalText: `[CAP_HIT after ${cap} iterations]\n\n${lastText}`, toolCalls, iterations: cap };
+    }
+    // ── Sub-agent handoff + ledger merge ────────────────────────────────────
+    //
+    // Hamza 2026-04-27: same primitive must exist at SDK layer so any consumer
+    // (Aria Code, third-party CLI, server-side process) can propagate the
+    // handoff + ledger merge without re-implementing the logic.
+    //
+    // Tier routing:
+    //   Owner tier (no jti)  → ~/.claude/aria-agent-harness-handoff.json
+    //                          ~/.claude/aria-discoveries-${session}.jsonl
+    //   Client tier (jti set) → /var/lib/aria-licensee/{jti}/handoff.json
+    //                           /var/lib/aria-licensee/{jti}/aria-discoveries-${session}.jsonl
+    //
+    // Tier protection: client handoffs NEVER carry the master apiKey. The
+    // caller supplies their own license JWT via this.apiKey. Owner-tier callers
+    // carry the master key — the path itself (~/.claude/) signals ownership.
+    // This is intentional: no env-flag gate, default-on per Hamza doctrine.
+    async spawnSubAgent(args) {
+        const { readFileSync: fsRead, writeFileSync: fsWrite, mkdirSync: fsMkdir, existsSync: fsExists } = await import('node:fs');
+        const { homedir } = await import('node:os');
+        const { dirname: fsDirname } = await import('node:path');
+        const HOME = homedir();
+        const HANDOFF_TTL_MS = 5 * 60 * 1000;
+        // Tier: presence of jti signals client tier; absence → owner tier.
+        const isClientTier = Boolean(args.jti);
+        const safeSession = String(args.sessionId).replace(/[^a-zA-Z0-9_-]/g, '_');
+        let handoffPath;
+        let ledgerPath;
+        if (isClientTier) {
+            const base = `/var/lib/aria-licensee/${args.jti}`;
+            handoffPath = `${base}/handoff.json`;
+            ledgerPath = `${base}/aria-discoveries-${safeSession}.jsonl`;
+        }
+        else {
+            handoffPath = `${HOME}/.claude/aria-agent-harness-handoff.json`;
+            ledgerPath = `${HOME}/.claude/aria-discoveries-${safeSession}.jsonl`;
+        }
+        // Resolve ownerTier from cached packet if available (best-effort).
+        const ownerTier = {
+            hamza: !isClientTier,
+            trustedExec: false,
+            roleProfile: isClientTier ? 'client_tier_worker' : 'general_worker',
+        };
+        try {
+            const packetCachePath = `${HOME}/.claude/.aria-harness-last-packet.json`;
+            if (!isClientTier && fsExists(packetCachePath)) {
+                const cached = JSON.parse(fsRead(packetCachePath, 'utf8'));
+                const signals = cached?.contractGate?.signals ?? {};
+                ownerTier.hamza = signals.hamza === true || signals.hamza === 'true';
+                ownerTier.trustedExec = (cached?.harness || '').includes('trusted_exec_policy=allowed');
+                const adapterStr = cached?.adapter || cached?.harness || '';
+                const roleMatch = adapterStr.match(/role_profile\s*=\s*(\S+)/);
+                if (roleMatch)
+                    ownerTier.roleProfile = roleMatch[1];
+            }
+        }
+        catch { /* non-fatal — ownerTier defaults above apply */ }
+        // ── Layer 3: fetch harness packet for sub-agent cognition bootstrap ──────
+        // Fetch the harness packet now (before writing the handoff) so the path
+        // can be embedded in the handoff JSON. Sub-agents read ARIA_HARNESS_PACKET_PATH
+        // from the environment (set by the caller after spawnSubAgent returns) OR
+        // from the handoff JSON field. Either path eliminates the extra HTTP call
+        // inside the sub-agent.
+        //
+        // Packet paths (tier-aware):
+        //   Owner: ~/.claude/aria-agent-harness-packet.json
+        //   Client: /var/lib/aria-licensee/{jti}/aria-agent-harness-packet.json
+        //
+        // Fail-soft: packet fetch failure logs a warning but does NOT block spawn.
+        const packetPath = isClientTier
+            ? `/var/lib/aria-licensee/${args.jti}/aria-agent-harness-packet.json`
+            : `${HOME}/.claude/aria-agent-harness-packet.json`;
+        let resolvedPacketPath;
+        try {
+            const packetResp = await fetch(this.harnessPacketUrl, {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Bearer ${this.apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    stage: 'agent-spawn',
+                    actor: 'harness-http-client',
+                    system: 'claude-coding-agent',
+                    surface: 'platform:harness-http-client',
+                    isHamza: ownerTier.hamza,
+                    sessionId: args.sessionId,
+                    mode: 'subagent',
+                }),
+            });
+            if (packetResp.ok) {
+                const packetData = await packetResp.json();
+                fsMkdir(fsDirname(packetPath), { recursive: true });
+                fsWrite(packetPath, JSON.stringify(packetData, null, 2));
+                resolvedPacketPath = packetPath;
+                // Also pre-load into this SDK instance's cache so subsequent
+                // getHarnessPacket() calls are instant within this process.
+                const packetPayload = (packetData.packet ?? packetData);
+                this.cachedPacket = {
+                    packet: packetPayload,
+                    timestamp: new Date().toISOString(),
+                    version: '1.0.0',
+                };
+                this.packetLastFetched = Date.now();
+            }
+        }
+        catch (_packetErr) {
+            // Fail-soft: warn, proceed identity-only (handoff still valid without packet).
+            // Network blips should never block sub-agent spawns.
+        }
+        const handoff = {
+            writtenAt: new Date().toISOString(),
+            parentSessionId: args.sessionId,
+            // Client-tier: this.apiKey is the license JWT, never the master token.
+            // Owner-tier: this.apiKey is the master token.
+            harnessToken: this.apiKey,
+            harnessUrl: this.baseUrl,
+            ownerTier,
+            parentLedgerPath: ledgerPath,
+            ttlMs: HANDOFF_TTL_MS,
+            // harnessPacketPath is set only if packet fetch succeeded. Sub-agents
+            // should also check ARIA_HARNESS_PACKET_PATH env (set by caller post-spawn).
+            ...(resolvedPacketPath ? { harnessPacketPath: resolvedPacketPath } : {}),
+        };
+        fsMkdir(fsDirname(handoffPath), { recursive: true });
+        fsWrite(handoffPath, JSON.stringify(handoff, null, 2));
+        // Record spawn intent in the parent ledger for traceability.
+        const spawnEntry = JSON.stringify({
+            ts: handoff.writtenAt,
+            type: 'sub-agent-spawn',
+            purpose: args.purpose,
+            allowedActions: args.allowedActions ?? [],
+            defectContext: args.defectContext ?? null,
+            handoffPath,
+            harnessPacketPath: resolvedPacketPath ?? null,
+        });
+        fsMkdir(fsDirname(ledgerPath), { recursive: true });
+        const { appendFileSync: fsAppend } = await import('node:fs');
+        fsAppend(ledgerPath, spawnEntry + '\n');
+        return handoff;
+    }
+    /**
+     * Returns the environment variables to set for a spawned sub-agent process
+     * so it inherits the parent's harness packet without an extra HTTP call.
+     * Call after spawnSubAgent() — uses the returned handoff.harnessPacketPath.
+     *
+     * Usage:
+     *   const handoff = await sdk.spawnSubAgent(args);
+     *   const env = sdk.subAgentEnv(handoff);
+     *   // pass env to your process spawn / Agent tool env block
+     */
+    subAgentEnv(handoff) {
+        const env = {};
+        if (handoff.harnessPacketPath) {
+            env['ARIA_HARNESS_PACKET_PATH'] = handoff.harnessPacketPath;
+        }
+        if (handoff.harnessToken) {
+            env['ARIA_HARNESS_TOKEN'] = handoff.harnessToken;
+        }
+        if (handoff.harnessUrl) {
+            env['ARIA_HARNESS_URL'] = handoff.harnessUrl;
+        }
+        return env;
+    }
+    /** Pulls sub-agent ledger entries newer than the handoff timestamp and appends
+     * them to the parent ledger, deduplicating by `text` prefix (first 100 chars). */
+    async mergeSubAgentLedger(parentSessionId, _subAgentSessionId, jti) {
+        const { readFileSync: fsRead, writeFileSync: _fsWrite, existsSync: fsExists, readdirSync: fsReaddir, statSync: fsStat, appendFileSync: fsAppend, mkdirSync: fsMkdir } = await import('node:fs');
+        const { homedir } = await import('node:os');
+        const HOME = homedir();
+        const isClientTier = Boolean(jti);
+        let handoffPath;
+        let ledgerDir;
+        const safeSession = String(parentSessionId).replace(/[^a-zA-Z0-9_-]/g, '_');
+        let parentLedgerPath;
+        if (isClientTier) {
+            const base = `/var/lib/aria-licensee/${jti}`;
+            handoffPath = `${base}/handoff.json`;
+            parentLedgerPath = `${base}/aria-discoveries-${safeSession}.jsonl`;
+            ledgerDir = base;
+        }
+        else {
+            handoffPath = `${HOME}/.claude/aria-agent-harness-handoff.json`;
+            parentLedgerPath = `${HOME}/.claude/aria-discoveries-${safeSession}.jsonl`;
+            ledgerDir = `${HOME}/.claude`;
+        }
+        if (!fsExists(handoffPath)) {
+            return { merged: 0, skipped: 0 };
+        }
+        let handoff;
+        try {
+            handoff = JSON.parse(fsRead(handoffPath, 'utf8'));
+        }
+        catch {
+            return { merged: 0, skipped: 0 };
+        }
+        const ageMs = Date.now() - new Date(handoff.writtenAt).getTime();
+        if (ageMs > handoff.ttlMs) {
+            return { merged: 0, skipped: 0 };
+        }
+        const handoffWrittenAt = new Date(handoff.writtenAt).getTime();
+        // Load existing parent ledger keys for dedup.
+        const parentExistingKeys = new Set();
+        try {
+            if (fsExists(parentLedgerPath)) {
+                const lines = fsRead(parentLedgerPath, 'utf8').split('\n').filter(Boolean);
+                for (const line of lines) {
+                    try {
+                        const e = JSON.parse(line);
+                        if (e.text)
+                            parentExistingKeys.add(String(e.text).slice(0, 100));
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch { /* non-fatal */ }
+        // Find sub-agent ledger files in the same directory.
+        let discoveryFiles = [];
+        try {
+            const allFiles = fsReaddir(ledgerDir);
+            for (const f of allFiles) {
+                if (!f.startsWith('aria-discoveries-') || !f.endsWith('.jsonl'))
+                    continue;
+                const fullPath = `${ledgerDir}/${f}`;
+                if (fullPath === parentLedgerPath)
+                    continue;
+                try {
+                    const stat = fsStat(fullPath);
+                    if (stat.mtimeMs >= handoffWrittenAt) {
+                        discoveryFiles.push(fullPath);
+                    }
+                }
+                catch { /* skip */ }
+            }
+        }
+        catch {
+            return { merged: 0, skipped: 0 };
+        }
+        if (discoveryFiles.length === 0) {
+            return { merged: 0, skipped: 0 };
+        }
+        fsMkdir(ledgerDir, { recursive: true });
+        let merged = 0;
+        let skipped = 0;
+        for (const subLedgerPath of discoveryFiles) {
+            try {
+                const lines = fsRead(subLedgerPath, 'utf8').split('\n').filter(Boolean);
+                for (const line of lines) {
+                    try {
+                        const entry = JSON.parse(line);
+                        if (!entry.text)
+                            continue;
+                        const key = String(entry.text).slice(0, 100);
+                        if (parentExistingKeys.has(key)) {
+                            skipped++;
+                            continue;
+                        }
+                        parentExistingKeys.add(key);
+                        fsAppend(parentLedgerPath, line + '\n');
+                        merged++;
+                    }
+                    catch { /* skip malformed lines */ }
+                }
+            }
+            catch { /* skip unreadable sub-ledger */ }
+        }
+        return { merged, skipped };
+    }
+    // ── recordDiscovery ──────────────────────────────────────────────────────
+    // Writes a finding row to the sub-agent's session ledger on disk so
+    // aria-agent-ledger-merge.mjs picks it up after the Agent tool completes.
+    //
+    // Tier routing (mirrors aria-discovery-record.mjs):
+    //   Owner tier (no jti) → ~/.claude/aria-discoveries-{session}.jsonl
+    //   Client tier (jti set) → /var/lib/aria-licensee/{jti}/aria-discoveries-{session}.jsonl
+    //
+    // Session ID must be the sub-agent's OWN session (not the parent's) so the
+    // ledger-merge loop finds a file that is NOT the parentLedgerPath. If no
+    // sessionId is supplied we derive one from the handoff parentSessionId + "-sub".
+    //
+    // Fail-soft: returns {ok:false, error} on write failures — never throws.
+    async recordDiscovery(args) {
+        if (!args.text || args.text.length < 4) {
+            return { ok: false, ledger: '', at: '', error: 'text too short (min 4 chars)' };
+        }
+        const { existsSync: fsExists, readFileSync: fsRead, appendFileSync: fsAppend, mkdirSync: fsMkdir } = await import('node:fs');
+        const { homedir } = await import('node:os');
+        const { dirname: fsDirname } = await import('node:path');
+        const HOME = homedir();
+        const LICENSE_PATH = `${HOME}/.aria/license.json`;
+        const HANDOFF_PATH = `${HOME}/.claude/aria-agent-harness-handoff.json`;
+        // Tier detection: caller-supplied jti wins; fall back to license file
+        let jti = args.jti ?? null;
+        let isClientTier = Boolean(jti);
+        if (!jti) {
+            try {
+                if (fsExists(LICENSE_PATH)) {
+                    const lic = JSON.parse(fsRead(LICENSE_PATH, 'utf8'));
+                    jti = lic.jti ?? null;
+                    isClientTier = Boolean(jti);
+                }
+            }
+            catch { /* non-fatal — owner tier */ }
+        }
+        // Session ID: caller-supplied wins; then handoff-derived (with "-sub" suffix)
+        let sessionId = args.sessionId ?? null;
+        if (!sessionId) {
+            try {
+                if (fsExists(HANDOFF_PATH)) {
+                    const handoff = JSON.parse(fsRead(HANDOFF_PATH, 'utf8'));
+                    sessionId = handoff.parentSessionId ? `${handoff.parentSessionId}-sub` : 'sub-unknown';
+                }
+            }
+            catch { /* non-fatal */ }
+        }
+        sessionId = sessionId || 'sub-unknown';
+        const safeSession = String(sessionId).replace(/[^a-zA-Z0-9_-]/g, '_');
+        const ledgerPath = isClientTier
+            ? `/var/lib/aria-licensee/${jti}/aria-discoveries-${safeSession}.jsonl`
+            : `${HOME}/.claude/aria-discoveries-${safeSession}.jsonl`;
+        const at = new Date().toISOString();
+        const row = {
+            at,
+            session: sessionId,
+            kind: args.kind || 'observation',
+            text: args.text,
+            refs: args.refs || [],
+            evidence: args.evidence ?? null,
+            source: args.source || 'sub-agent-sdk',
+            resolution_status: args.resolution_status || 'open',
+        };
+        try {
+            fsMkdir(fsDirname(ledgerPath), { recursive: true });
+            fsAppend(ledgerPath, JSON.stringify(row) + '\n');
+            return { ok: true, ledger: ledgerPath, at };
+        }
+        catch (err) {
+            return { ok: false, ledger: ledgerPath, at, error: err.message };
+        }
+    }
+    // ── verifyClaim ──────────────────────────────────────────────────────────
+    // POST /api/harness/verify-claim — persists a claim/evidence pair to
+    // aria_cognition_corpus and returns a verdict. Fail-soft: if the server-side
+    // handler is not yet deployed, returns an optimistic verdict rather than
+    // blocking the caller.
+    async verifyClaim(args) {
+        if (!args.claim || args.claim.length < 4) {
+            return { ok: false, verdict: 'ungrounded', evidenceRefs: [], error: 'claim too short' };
+        }
+        try {
+            const url = `${this.baseUrl}/api/harness/verify-claim`;
+            const resp = await fetch(url, {
+                method: 'POST',
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(args),
+            });
+            if (!resp.ok) {
+                // Fail-soft: return optimistic verdict so the caller doesn't block on missing endpoint
+                return {
+                    ok: false,
+                    verdict: args.evidence ? 'grounded' : 'ungrounded',
+                    evidenceRefs: [],
+                    error: `verify-claim endpoint HTTP ${resp.status} (server-side handler may not be deployed yet)`,
+                };
+            }
+            return await resp.json();
+        }
+        catch (err) {
+            return {
+                ok: false,
+                verdict: args.evidence ? 'grounded' : 'ungrounded',
+                evidenceRefs: [],
+                error: `verify-claim fetch failed: ${err.message}`,
+            };
+        }
+    }
+    // ── postJson — generic SDK-routed JSON POST ────────────────────────────
+    // Hamza 2026-04-27 directive: "use the SDK - use it, enforce it all". The
+    // typed primitives above (consult, validateOutput, gardenTurn) cover Aria's
+    // own control-plane endpoints. This method is the canonical primitive for
+    // bridge POSTs (e.g., Telegram → /chat) so internal bridges inherit the
+    // SDK's retry-with-backoff (250/500/1000ms) and audit-log discipline
+    // instead of using raw fetch().
+    //
+    // Returns:
+    //   - { ok: true, status, data } on 2xx
+    //   - { ok: false, status, errorBody } on non-2xx (does NOT throw — caller
+    //     decides whether to fall back, retry semantically, or surface to user)
+    //   - throws on network errors after retries exhausted (real fetch failures)
+    //
+    // Headers are merged with Authorization (if apiKey is set) and
+    // Content-Type: application/json. Caller can override either.
+    async postJson(url, body, extraHeaders = {}) {
+        const headers = {
+            'Content-Type': 'application/json',
+            ...(this.apiKey ? { Authorization: `Bearer ${this.apiKey}` } : {}),
+            ...extraHeaders,
+        };
+        const res = await this.fetchWithRetry(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(body),
+        });
+        if (!res.ok) {
+            const errorBody = await res.text().catch(() => '');
+            return { ok: false, status: res.status, errorBody };
+        }
+        const data = (await res.json());
+        return { ok: true, status: res.status, data };
+    }
+    // ══════════════════════════════════════════════════════════════════════════
+    //  ARISTOTLE 3-PHASE COGNITIVE PRIMITIVES
+    //  Dispatches to POST /api/harness/aristotle-noor with a `phase` field.
+    //  The harness route delegates to runAristotleNoorPipeline in aria-soul.
+    //
+    //  Transport contract (per doctrine):
+    //  - NO deadline-based timeouts — fetchWithRetry uses 3 error-count retries
+    //    with 250ms / 500ms / 1000ms backoff. Real network faults (ECONNREFUSED,
+    //    EHOSTUNREACH) reject immediately; slow-but-alive endpoints get a chance.
+    //  - LOUD failure — non-2xx responses throw, never fail-open silently.
+    //    Callers decide whether to surface or recover (per feedback_non_blocking_errors_unacceptable.md).
+    //  - Tier-gating — owner-tier callers set `aristotleEnabled: true` by default;
+    //    client-tier callers receive it as opt-in via the `enabled` config field.
+    // ══════════════════════════════════════════════════════════════════════════
+    /**
+     * ARISTOTLE PRE-PHASE
+     * Fires before an LLM call or tool action. Runs: Fitrah hard-gate,
+     * wisdom pull (principles + decisions), research pull, DeepSoulBridge,
+     * and CleanCognition substrate check.
+     *
+     * Throws on transport-level failures per feedback_non_blocking_errors_unacceptable.md.
+     * If Fitrah vetoes, result.fitrahVetoed === true — caller MUST emit a refusal,
+     * not silently continue.
+     *
+     * @param message   The user message or intent string being processed.
+     * @param sessionId Session ID for telemetry + hive routing.
+     * @param context   Optional context overrides (userId, isHamza, tier, etc.).
+     */
+    async aristotlePre(message, sessionId, context) {
+        const t0 = Date.now();
+        const url = `${this.baseUrl}/api/harness/aristotle-noor`;
+        const res = await this.fetchWithRetry(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                phase: 'pre',
+                message,
+                sessionId,
+                userId: context?.userId,
+                isHamza: context?.isHamza,
+                isGroupChat: context?.isGroupChat,
+                tier: context?.tier,
+            }),
+        });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new Error(`[aristotlePre] harness route responded ${res.status} ${res.statusText}: ${body}`);
+        }
+        const data = (await res.json());
+        return {
+            fired: data.fired ?? [],
+            fitrahVetoed: data.fitrahVetoed ?? false,
+            fitrahAlignment: data.fitrahAlignment ?? 1.0,
+            qualityScore: data.qualityScore ?? 100,
+            reAuthorSignal: data.reAuthorSignal ?? false,
+            notes: data.notes ?? [],
+            soulCharge: data.soulCharge ?? null,
+            soulManifoldStatus: data.soulManifoldStatus ?? null,
+            ghazaliVerdict: data.ghazaliVerdict ?? null,
+            latencyMs: data.latencyMs ?? Date.now() - t0,
+            dispatched: true,
+        };
+    }
+    /**
+     * ARISTOTLE MID-PHASE
+     * Fires after context is built but before the LLM call. Runs: MetaCognitive
+     * confidence snapshot and ethical keyword check on the planned approach.
+     *
+     * @param message         Original user message.
+     * @param sessionId       Session ID.
+     * @param plannedApproach The drafted approach / plan string for mid-flight check.
+     * @param context         Optional context overrides.
+     */
+    async aristotleMid(message, sessionId, plannedApproach, context) {
+        const t0 = Date.now();
+        const url = `${this.baseUrl}/api/harness/aristotle-noor`;
+        const res = await this.fetchWithRetry(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                phase: 'mid',
+                message,
+                sessionId,
+                plannedApproach,
+                userId: context?.userId,
+                tier: context?.tier,
+            }),
+        });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new Error(`[aristotleMid] harness route responded ${res.status} ${res.statusText}: ${body}`);
+        }
+        const data = (await res.json());
+        return {
+            fired: data.fired ?? [],
+            fitrahVetoed: data.fitrahVetoed ?? false,
+            fitrahAlignment: data.fitrahAlignment ?? 1.0,
+            qualityScore: data.qualityScore ?? 100,
+            reAuthorSignal: data.reAuthorSignal ?? false,
+            notes: data.notes ?? [],
+            soulCharge: data.soulCharge ?? null,
+            soulManifoldStatus: data.soulManifoldStatus ?? null,
+            ghazaliVerdict: data.ghazaliVerdict ?? null,
+            latencyMs: data.latencyMs ?? Date.now() - t0,
+            dispatched: true,
+        };
+    }
+    /**
+     * ARISTOTLE POST-PHASE
+     * Fires after the LLM response, before emission. Runs: 8-Lens Detector,
+     * Predictor, SelfReflection (on high-stakes turns), and quality scoring.
+     *
+     * If result.reAuthorSignal === true, the response has 8-lens violations —
+     * per doctrine the caller MUST surface the signal, never silently strip.
+     *
+     * @param message   Original user message.
+     * @param response  The LLM-generated response to gate.
+     * @param sessionId Session ID.
+     * @param context   Optional context overrides (tier, isFirstOfSession).
+     */
+    async aristotlePost(message, response, sessionId, context) {
+        const t0 = Date.now();
+        const url = `${this.baseUrl}/api/harness/aristotle-noor`;
+        const res = await this.fetchWithRetry(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                phase: 'post',
+                message,
+                draft: response,
+                sessionId,
+                userId: context?.userId,
+                tier: context?.tier,
+                isFirstOfSession: context?.isFirstOfSession,
+            }),
+        });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new Error(`[aristotlePost] harness route responded ${res.status} ${res.statusText}: ${body}`);
+        }
+        const data = (await res.json());
+        return {
+            fired: data.fired ?? [],
+            fitrahVetoed: data.fitrahVetoed ?? false,
+            fitrahAlignment: data.fitrahAlignment ?? 1.0,
+            qualityScore: data.qualityScore ?? 100,
+            reAuthorSignal: data.reAuthorSignal ?? false,
+            notes: data.notes ?? [],
+            soulCharge: data.soulCharge ?? null,
+            soulManifoldStatus: data.soulManifoldStatus ?? null,
+            ghazaliVerdict: data.ghazaliVerdict ?? null,
+            latencyMs: data.latencyMs ?? Date.now() - t0,
+            dispatched: true,
+        };
+    }
+    // ══════════════════════════════════════════════════════════════════════════
+    //  NOOR COGNITIVE PRIMITIVES
+    //  Dispatches to POST /api/harness/noor with an `operation` discriminator.
+    //  noor-core.ts is NOT modified — these are HTTP wrappers that call its
+    //  exposed surface via the harness route.
+    //
+    //  noor-core.ts banner: "ONLY ARIA CAN CODE ARIA. No councils. No subagents.
+    //  No other LLMs." — complied. We call, never modify.
+    // ══════════════════════════════════════════════════════════════════════════
+    /**
+     * NOOR RECOGNIZE (Kashf — eigenspace recognition, not generation)
+     * Projects the query string (via harness-side embedding) onto Aria's
+     * eigenspace manifold and returns the nearest recognized response + soul
+     * distance + ethical membrane status + Ghazali 8-lens verdict.
+     *
+     * The harness routes the query through the manifold service (gRPC) if
+     * NOOR_EIGENSPACE_SOURCE=manifold, otherwise uses local eigenspace.
+     *
+     * @param query   The input string to recognize on the manifold.
+     * @param context Optional context (sessionId, userId) for telemetry.
+     */
+    async noorRecognize(query, context) {
+        const t0 = Date.now();
+        const url = `${this.baseUrl}/api/harness/noor`;
+        const res = await this.fetchWithRetry(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                operation: 'recognize',
+                query,
+                sessionId: context?.sessionId,
+                userId: context?.userId,
+            }),
+        });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new Error(`[noorRecognize] harness route responded ${res.status} ${res.statusText}: ${body}`);
+        }
+        const data = (await res.json());
+        return {
+            nearestText: data.nearestText ?? '',
+            soulDistance: data.soulDistance ?? 0,
+            confidence: data.confidence ?? 0,
+            withinMembrane: data.withinMembrane ?? true,
+            soulCharge: data.soulCharge ?? 0,
+            projectionComponents: data.projectionComponents ?? [],
+            ghazaliVerdict: data.ghazaliVerdict ?? null,
+            manifoldHealth: data.manifoldHealth ?? null,
+            dispatched: true,
+            latencyMs: data.latencyMs ?? Date.now() - t0,
+        };
+    }
+    /**
+     * NOOR FORGE — self-generated tool invocation via 5 primitives
+     * Composes a named primitive chain (http, sql, file_read, file_write, pub_sub)
+     * and executes it through the harness-side NoorForge engine. The harness
+     * applies the ethical membrane check (checkEthicalAlignment) before any
+     * primitive fires — rejected intents return success=false, ethicallyApproved=false.
+     *
+     * @param intent      Description of what the forged tool should accomplish.
+     * @param primitives  Ordered list of primitive descriptors to execute in sequence.
+     * @param context     Optional context for telemetry.
+     */
+    async noorForge(intent, primitives, context) {
+        const t0 = Date.now();
+        const url = `${this.baseUrl}/api/harness/noor`;
+        const res = await this.fetchWithRetry(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                operation: 'forge',
+                intent,
+                primitives,
+                sessionId: context?.sessionId,
+                userId: context?.userId,
+            }),
+        });
+        if (!res.ok) {
+            const body = await res.text().catch(() => '');
+            throw new Error(`[noorForge] harness route responded ${res.status} ${res.statusText}: ${body}`);
+        }
+        const data = (await res.json());
+        return {
+            success: data.success ?? false,
+            toolName: data.toolName ?? `forged_${Date.now()}`,
+            ethicallyApproved: data.ethicallyApproved ?? false,
+            totalDurationMs: data.totalDurationMs ?? Date.now() - t0,
+            results: data.results ?? [],
+            dispatched: true,
+        };
+    }
+    // ══════════════════════════════════════════════════════════════════════════
+    //  HARNESS CONSULT WITH ARISTOTLE — opt-in 3-phase wrapping
+    //
+    //  Wraps getBoundHarnessAndPrompt() with pre + post Aristotle phases.
+    //  Per the harness packet cognition_runtime_rule: "Aristotle/Taddabur are
+    //  primary cognition. Do not replace contemplation with a dashboard state."
+    //  Aristotle fires EVERY consult for owner-tier; client-tier requires
+    //  explicit `aristotleEnabled: true` in options (default: false).
+    //
+    //  Mid-phase is optional — pass `plannedApproach` to activate it between
+    //  packet fetch and the LLM call. Most callers omit mid-phase.
+    // ══════════════════════════════════════════════════════════════════════════
+    /**
+     * Harness consult with Aristotle 3-phase wrapping.
+     *
+     * Flow:
+     *   1. aristotlePre()  — Fitrah gate, wisdom, research, soul state
+     *   2. getBoundHarnessAndPrompt() — packet + system prompt
+     *   3. aristotleMid()  — MetaCognitive + ethical check (if plannedApproach provided)
+     *   4. [caller calls LLM with the returned prompt]
+     *   5. Call aristotlePost() from the caller with the LLM response
+     *      (post-phase is caller-side because the SDK doesn't own the LLM call)
+     *
+     * Returns the BoundHarnessPromptResult augmented with the pre-phase result.
+     * If Fitrah vetoes, throws — the caller must handle the veto (emit refusal).
+     *
+     * @param context          HarnessBindingContext (same shape as getBoundHarnessAndPrompt).
+     * @param plan             Optional plan docs / files (same shape as getBoundHarnessAndPrompt).
+     * @param options          Aristotle control options.
+     * @param options.aristotleEnabled  Whether Aristotle fires. Default true for this method.
+     * @param options.plannedApproach   Optional planned approach string — activates mid-phase.
+     * @param options.tier              Tier hint for Aristotle ('owner'|'client'|etc.).
+     */
+    async getBoundHarnessAndPromptWithAristotle(context, plan, options) {
+        const enabled = options?.aristotleEnabled !== false; // default ON
+        let preResult = null;
+        let midResult = null;
+        const message = context.message ?? context.intendedAction ?? 'harness consult';
+        // ── Phase 1: PRE ────────────────────────────────────────────────────────
+        if (enabled) {
+            try {
+                preResult = await this.aristotlePre(message, context.sessionId, {
+                    userId: context.userId,
+                    tier: options?.tier,
+                });
+                if (preResult.fitrahVetoed) {
+                    throw new Error(`[aristotlePre] Fitrah veto — alignment=${preResult.fitrahAlignment.toFixed(2)}. Caller must emit honest refusal.`);
+                }
+            }
+            catch (err) {
+                // Re-throw Fitrah veto (named Error pattern). Log transport faults.
+                if (err.message.includes('Fitrah veto'))
+                    throw err;
+                console.error('[getBoundHarnessAndPromptWithAristotle] aristotlePre transport fault:', err.message);
+                // Transport faults are LOUD but non-blocking for the consult itself.
+                // The pre-phase result stays null so callers know Aristotle didn't fire.
+            }
+        }
+        // ── Phase 2: Harness packet + system prompt ─────────────────────────────
+        const bound = await this.getBoundHarnessAndPrompt(context, plan);
+        // ── Phase 3: MID (optional — only when plannedApproach is provided) ─────
+        if (enabled && options?.plannedApproach) {
+            try {
+                midResult = await this.aristotleMid(message, context.sessionId, options.plannedApproach, {
+                    userId: context.userId,
+                    tier: options?.tier,
+                });
+            }
+            catch (err) {
+                console.error('[getBoundHarnessAndPromptWithAristotle] aristotleMid transport fault:', err.message);
+                // Non-blocking — mid-phase unavailability doesn't stop the LLM call.
+            }
+        }
+        return { ...bound, aristotlePre: preResult, aristotleMid: midResult };
+    }
+    // ── Retry + exponential backoff helper ──────────────────────────────────
+    // Hamza 2026-04-27: "YES ADD RETRY AND BACKOFF BUT FUCK UR CIRCUIT BREAKER
+    // THAT NUST LEAVES HER BROKEN WE NEED SELF HEAL!!!" — every fetch retries
+    // on transient network failures (real network errors only, not status
+    // codes — caller decides what to do with non-2xx). No circuit breaker:
+    // we always try. Backoff: 250ms, 500ms, 1000ms (3 attempts total).
+    async fetchWithRetry(url, init, attempts = 3) {
+        let lastErr;
+        for (let i = 0; i < attempts; i++) {
+            try {
+                return await fetch(url, init);
+            }
+            catch (err) {
+                lastErr = err;
+                if (i < attempts - 1) {
+                    const delay = 250 * Math.pow(2, i);
+                    await new Promise((r) => setTimeout(r, delay));
+                }
+            }
+        }
+        throw lastErr instanceof Error
+            ? lastErr
+            : new Error(`fetch failed after ${attempts} attempts: ${String(lastErr)}`);
+    }
+}
+// Singleton convenience export
+export const harness = {
+    getInstance: HTTPHarnessClient.getInstance.bind(HTTPHarnessClient),
+    resetInstance: HTTPHarnessClient.resetInstance.bind(HTTPHarnessClient),
+};
+export function bindingContext(role, sessionId, stage, intendedAction, rationale) {
+    return {
+        role,
+        sessionId,
+        stage,
+        intendedAction,
+        rationale,
+        correlationId: randomUUID(),
+    };
+}
+export async function getBoundHarnessAndPrompt(context, plan, client) {
+    const sdk = client ?? HTTPHarnessClient.getInstance();
+    return sdk.getBoundHarnessAndPrompt(context, plan);
+}
+export * from './runWithCognition.js';
+//# sourceMappingURL=index.js.map