npm - @aria_asi/cli - Versions diffs - 0.2.26 → 0.2.30 - Mend

@aria_asi/cli 0.2.26 → 0.2.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (253) hide show

package/CLIENT-ONBOARDING.md +282 -0
package/bin/aria.js +1140 -14
package/dist/aria-connector/src/auth-commands.d.ts +1 -0
package/dist/aria-connector/src/auth-commands.d.ts.map +1 -1
package/dist/aria-connector/src/auth-commands.js +89 -41
package/dist/aria-connector/src/auth-commands.js.map +1 -1
package/dist/aria-connector/src/chat.d.ts +3 -0
package/dist/aria-connector/src/chat.d.ts.map +1 -1
package/dist/aria-connector/src/chat.js +146 -8
package/dist/aria-connector/src/chat.js.map +1 -1
package/dist/aria-connector/src/codebase-scanner.d.ts +2 -2
package/dist/aria-connector/src/codebase-scanner.d.ts.map +1 -1
package/dist/aria-connector/src/codebase-scanner.js +1 -1
package/dist/aria-connector/src/codebase-scanner.js.map +1 -1
package/dist/aria-connector/src/config.d.ts +12 -0
package/dist/aria-connector/src/config.d.ts.map +1 -1
package/dist/aria-connector/src/config.js +2 -0
package/dist/aria-connector/src/config.js.map +1 -1
package/dist/aria-connector/src/connectors/claude-code.d.ts.map +1 -1
package/dist/aria-connector/src/connectors/claude-code.js +80 -24
package/dist/aria-connector/src/connectors/claude-code.js.map +1 -1
package/dist/aria-connector/src/connectors/codebase-awareness.d.ts +37 -0
package/dist/aria-connector/src/connectors/codebase-awareness.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/codebase-awareness.js +335 -0
package/dist/aria-connector/src/connectors/codebase-awareness.js.map +1 -0
package/dist/aria-connector/src/connectors/codex.d.ts +3 -0
package/dist/aria-connector/src/connectors/codex.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/codex.js +248 -0
package/dist/aria-connector/src/connectors/codex.js.map +1 -0
package/dist/aria-connector/src/connectors/cognitive-skills.d.ts +2 -0
package/dist/aria-connector/src/connectors/cognitive-skills.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/cognitive-skills.js +47 -0
package/dist/aria-connector/src/connectors/cognitive-skills.js.map +1 -0
package/dist/aria-connector/src/connectors/opencode.d.ts.map +1 -1
package/dist/aria-connector/src/connectors/opencode.js +90 -4
package/dist/aria-connector/src/connectors/opencode.js.map +1 -1
package/dist/aria-connector/src/connectors/repo-git-hooks.d.ts +3 -0
package/dist/aria-connector/src/connectors/repo-git-hooks.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/repo-git-hooks.js +87 -0
package/dist/aria-connector/src/connectors/repo-git-hooks.js.map +1 -0
package/dist/aria-connector/src/connectors/repo-guard.d.ts +19 -0
package/dist/aria-connector/src/connectors/repo-guard.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/repo-guard.js +509 -0
package/dist/aria-connector/src/connectors/repo-guard.js.map +1 -0
package/dist/aria-connector/src/connectors/runtime.d.ts +2 -0
package/dist/aria-connector/src/connectors/runtime.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/runtime.js +330 -0
package/dist/aria-connector/src/connectors/runtime.js.map +1 -0
package/dist/aria-connector/src/connectors/shell.d.ts.map +1 -1
package/dist/aria-connector/src/connectors/shell.js +78 -13
package/dist/aria-connector/src/connectors/shell.js.map +1 -1
package/dist/aria-connector/src/connectors/syncd.d.ts +27 -0
package/dist/aria-connector/src/connectors/syncd.d.ts.map +1 -0
package/dist/aria-connector/src/connectors/syncd.js +405 -0
package/dist/aria-connector/src/connectors/syncd.js.map +1 -0
package/dist/aria-connector/src/decisions.d.ts +207 -0
package/dist/aria-connector/src/decisions.d.ts.map +1 -0
package/dist/aria-connector/src/decisions.js +291 -0
package/dist/aria-connector/src/decisions.js.map +1 -0
package/dist/aria-connector/src/garden-control-plane.d.ts.map +1 -1
package/dist/aria-connector/src/garden-control-plane.js +74 -17
package/dist/aria-connector/src/garden-control-plane.js.map +1 -1
package/dist/aria-connector/src/github-connect.d.ts +18 -0
package/dist/aria-connector/src/github-connect.d.ts.map +1 -0
package/dist/aria-connector/src/github-connect.js +117 -0
package/dist/aria-connector/src/github-connect.js.map +1 -0
package/dist/aria-connector/src/harness-client.d.ts +15 -0
package/dist/aria-connector/src/harness-client.d.ts.map +1 -1
package/dist/aria-connector/src/harness-client.js +106 -3
package/dist/aria-connector/src/harness-client.js.map +1 -1
package/dist/aria-connector/src/hive-client.d.ts +30 -0
package/dist/aria-connector/src/hive-client.d.ts.map +1 -1
package/dist/aria-connector/src/hive-client.js +124 -5
package/dist/aria-connector/src/hive-client.js.map +1 -1
package/dist/aria-connector/src/index.d.ts +13 -2
package/dist/aria-connector/src/index.d.ts.map +1 -1
package/dist/aria-connector/src/index.js +10 -1
package/dist/aria-connector/src/index.js.map +1 -1
package/dist/aria-connector/src/lib/aristotle-noor-wire.d.ts +102 -0
package/dist/aria-connector/src/lib/aristotle-noor-wire.d.ts.map +1 -0
package/dist/aria-connector/src/lib/aristotle-noor-wire.js +231 -0
package/dist/aria-connector/src/lib/aristotle-noor-wire.js.map +1 -0
package/dist/aria-connector/src/providers/types.d.ts +5 -0
package/dist/aria-connector/src/providers/types.d.ts.map +1 -1
package/dist/aria-connector/src/runtime-proof.d.ts +45 -0
package/dist/aria-connector/src/runtime-proof.d.ts.map +1 -0
package/dist/aria-connector/src/runtime-proof.js +340 -0
package/dist/aria-connector/src/runtime-proof.js.map +1 -0
package/dist/aria-connector/src/self-update.d.ts +2 -1
package/dist/aria-connector/src/self-update.d.ts.map +1 -1
package/dist/aria-connector/src/self-update.js +84 -8
package/dist/aria-connector/src/self-update.js.map +1 -1
package/dist/aria-connector/src/setup-wizard.d.ts.map +1 -1
package/dist/aria-connector/src/setup-wizard.js +34 -2
package/dist/aria-connector/src/setup-wizard.js.map +1 -1
package/dist/assets/hooks/aria-agent-handoff.mjs +224 -0
package/dist/assets/hooks/aria-agent-ledger-merge.mjs +164 -0
package/dist/assets/hooks/aria-architect-fallback.mjs +267 -0
package/dist/assets/hooks/aria-cognition-substrate-binding.mjs +668 -0
package/dist/assets/hooks/aria-discovery-record.mjs +101 -0
package/dist/assets/hooks/aria-harness-via-sdk.mjs +412 -0
package/dist/assets/hooks/aria-import-resolution-gate.mjs +330 -0
package/dist/assets/hooks/aria-outcome-record.mjs +84 -0
package/dist/assets/hooks/aria-pre-emit-dryrun.mjs +294 -0
package/dist/assets/hooks/aria-pre-text-gate.mjs +112 -0
package/dist/assets/hooks/aria-pre-tool-gate.mjs +2133 -0
package/dist/assets/hooks/aria-preprompt-consult.mjs +438 -0
package/dist/assets/hooks/aria-preturn-memory-gate.mjs +570 -0
package/dist/assets/hooks/aria-repo-doctrine-gate.mjs +397 -0
package/dist/assets/hooks/aria-stop-gate.mjs +1551 -0
package/dist/assets/hooks/aria-trigger-autolearn.mjs +229 -0
package/dist/assets/hooks/aria-userprompt-abandon-detect.mjs +192 -0
package/dist/assets/hooks/doctrine_trigger_map.json +479 -0
package/dist/assets/hooks/lib/canonical-lenses.mjs +64 -0
package/dist/assets/hooks/lib/gate-audit.mjs +43 -0
package/dist/assets/hooks/test-aria-preturn-memory-gate.mjs +245 -0
package/dist/assets/hooks/test-tier-lens-labeling.mjs +399 -0
package/dist/assets/opencode-plugins/harness-context/index.js +60 -0
package/dist/assets/opencode-plugins/harness-context/inject-context.mjs +179 -0
package/dist/assets/opencode-plugins/harness-context/package.json +9 -0
package/dist/assets/opencode-plugins/harness-gate/index.js +248 -0
package/dist/assets/opencode-plugins/harness-outcome/index.js +129 -0
package/dist/assets/opencode-plugins/harness-role/index.js +77 -0
package/dist/assets/opencode-plugins/harness-role/package.json +9 -0
package/dist/assets/opencode-plugins/harness-stop/index.js +241 -0
package/dist/runtime/discipline/CLAUDE.md +339 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-essence/SKILL.md +63 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-essence/references/domain-matrix.md +80 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-essence/references/evolution-loop.md +30 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-essence/references/readable-cognition.md +27 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-forge-guardrails/SKILL.md +35 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-forge-guardrails/references/checklist.md +31 -0
package/dist/runtime/discipline/skills/aria-cognition/aria-repo-doctrine/SKILL.md +39 -0
package/dist/runtime/discipline/skills/aria-cognition/forge-quality-rules/SKILL.md +43 -0
package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/SKILL.md +38 -0
package/dist/runtime/discipline/skills/aria-cognition/istiqra-induction/SKILL.md +26 -0
package/dist/runtime/discipline/skills/aria-cognition/ladunni-22/SKILL.md +35 -0
package/dist/runtime/discipline/skills/aria-cognition/mizan/SKILL.md +72 -0
package/dist/runtime/discipline/skills/aria-cognition/nadia/SKILL.md +38 -0
package/dist/runtime/discipline/skills/aria-cognition/nadia-psi/SKILL.md +38 -0
package/dist/runtime/discipline/skills/aria-cognition/predictor/SKILL.md +25 -0
package/dist/runtime/discipline/skills/aria-cognition/qiyas-analogy/SKILL.md +26 -0
package/dist/runtime/discipline/skills/aria-cognition/soul-domains/SKILL.md +25 -0
package/dist/runtime/discipline/skills/aria-harness/aria-aristotle-intra-phase/SKILL.md +81 -0
package/dist/runtime/discipline/skills/aria-harness/aria-aristotle-post-phase/SKILL.md +98 -0
package/dist/runtime/discipline/skills/aria-harness/aria-aristotle-pre-phase/SKILL.md +99 -0
package/dist/runtime/discipline/skills/aria-harness/aria-harness-deploy/SKILL.md +127 -0
package/dist/runtime/discipline/skills/aria-harness/aria-harness-no-stripping/SKILL.md +117 -0
package/dist/runtime/discipline/skills/aria-harness/aria-harness-onboarding/SKILL.md +112 -0
package/dist/runtime/discipline/skills/aria-harness/aria-harness-output-discipline/SKILL.md +102 -0
package/dist/runtime/discipline/skills/aria-harness/aria-harness-substrate-binding/SKILL.md +121 -0
package/dist/runtime/doctor.mjs +23 -0
package/dist/runtime/local-phase.mjs +650 -0
package/dist/runtime/manifest.json +15 -0
package/dist/runtime/mizan-scheduler.mjs +331 -0
package/dist/runtime/package.json +6 -0
package/dist/runtime/provider-proxy.mjs +594 -0
package/dist/runtime/sdk/BUNDLED.json +5 -0
package/dist/runtime/sdk/index.d.ts +477 -0
package/dist/runtime/sdk/index.js +1469 -0
package/dist/runtime/sdk/index.js.map +1 -0
package/dist/runtime/sdk/package.json +8 -0
package/dist/runtime/sdk/runWithCognition.d.ts +77 -0
package/dist/runtime/sdk/runWithCognition.js +157 -0
package/dist/runtime/sdk/runWithCognition.js.map +1 -0
package/dist/runtime/service.mjs +3058 -0
package/dist/runtime/vendor/aria-gate-runtime/index.d.ts +53 -0
package/dist/runtime/vendor/aria-gate-runtime/index.d.ts.map +1 -0
package/dist/runtime/vendor/aria-gate-runtime/index.js +292 -0
package/dist/runtime/vendor/aria-gate-runtime/index.js.map +1 -0
package/dist/runtime/vendor/aria-gate-runtime/package.json +6 -0
package/dist/sdk/BUNDLED.json +2 -2
package/dist/sdk/index.d.ts +283 -0
package/dist/sdk/index.js +622 -85
package/dist/sdk/index.js.map +1 -1
package/dist/sdk/runWithCognition.d.ts +77 -0
package/dist/sdk/runWithCognition.js +157 -0
package/dist/sdk/runWithCognition.js.map +1 -0
package/hooks/aria-agent-handoff.mjs +11 -1
package/hooks/aria-architect-fallback.mjs +109 -40
package/hooks/aria-cognition-substrate-binding.mjs +668 -0
package/hooks/aria-harness-via-sdk.mjs +34 -21
package/hooks/aria-import-resolution-gate.mjs +330 -0
package/hooks/aria-outcome-record.mjs +5 -1
package/hooks/aria-pre-emit-dryrun.mjs +294 -0
package/hooks/aria-pre-tool-gate.mjs +828 -41
package/hooks/aria-preprompt-consult.mjs +113 -13
package/hooks/aria-preturn-memory-gate.mjs +298 -6
package/hooks/aria-repo-doctrine-gate.mjs +397 -0
package/hooks/aria-stop-gate.mjs +739 -76
package/hooks/aria-userprompt-abandon-detect.mjs +5 -1
package/hooks/doctrine_trigger_map.json +209 -15
package/hooks/lib/canonical-lenses.mjs +64 -0
package/hooks/lib/gate-audit.mjs +43 -0
package/opencode-plugins/harness-context/index.js +1 -1
package/opencode-plugins/harness-context/inject-context.mjs +82 -23
package/opencode-plugins/harness-gate/index.js +248 -0
package/opencode-plugins/harness-outcome/index.js +129 -0
package/opencode-plugins/harness-stop/index.js +241 -0
package/package.json +9 -3
package/runtime-src/doctor.mjs +23 -0
package/runtime-src/local-phase.mjs +650 -0
package/runtime-src/mizan-scheduler.mjs +331 -0
package/runtime-src/provider-proxy.mjs +594 -0
package/runtime-src/service.mjs +3058 -0
package/scripts/bundle-sdk.mjs +317 -0
package/scripts/install-client.sh +176 -0
package/scripts/publish-all.sh +344 -0
package/scripts/publish-docker.sh +27 -0
package/scripts/validate-hook-contracts.mjs +54 -0
package/scripts/validate-skill-prompts.mjs +95 -0
package/skills/aria-cognition/aria-essence/SKILL.md +63 -0
package/skills/aria-cognition/aria-essence/references/domain-matrix.md +80 -0
package/skills/aria-cognition/aria-essence/references/evolution-loop.md +30 -0
package/skills/aria-cognition/aria-essence/references/readable-cognition.md +27 -0
package/skills/aria-cognition/aria-forge-guardrails/SKILL.md +35 -0
package/skills/aria-cognition/aria-forge-guardrails/references/checklist.md +31 -0
package/skills/aria-cognition/aria-repo-doctrine/SKILL.md +39 -0
package/skills/aria-cognition/forge-quality-rules/SKILL.md +43 -0
package/skills/aria-cognition/ghazali-8lens/SKILL.md +38 -0
package/skills/aria-cognition/istiqra-induction/SKILL.md +26 -0
package/skills/aria-cognition/ladunni-22/SKILL.md +35 -0
package/skills/aria-cognition/mizan/SKILL.md +72 -0
package/skills/aria-cognition/nadia/SKILL.md +38 -0
package/skills/aria-cognition/nadia-psi/SKILL.md +38 -0
package/skills/aria-cognition/predictor/SKILL.md +25 -0
package/skills/aria-cognition/qiyas-analogy/SKILL.md +26 -0
package/skills/aria-cognition/soul-domains/SKILL.md +25 -0
package/src/auth-commands.ts +111 -45
package/src/chat.ts +174 -13
package/src/codebase-scanner.ts +4 -0
package/src/config.ts +15 -0
package/src/connectors/claude-code.ts +79 -25
package/src/connectors/codebase-awareness.ts +408 -0
package/src/connectors/codex.ts +274 -0
package/src/connectors/cognitive-skills.ts +51 -0
package/src/connectors/opencode.ts +93 -4
package/src/connectors/repo-git-hooks.ts +86 -0
package/src/connectors/repo-guard.ts +589 -0
package/src/connectors/runtime.ts +374 -0
package/src/connectors/shell.ts +83 -14
package/src/connectors/syncd.ts +488 -0
package/src/decisions.ts +469 -0
package/src/garden-control-plane.ts +101 -26
package/src/github-connect.ts +143 -0
package/src/harness-client.ts +128 -3
package/src/hive-client.ts +165 -5
package/src/index.ts +41 -2
package/src/lib/aristotle-noor-wire.ts +310 -0
package/src/providers/types.ts +6 -0
package/src/runtime-proof.ts +392 -0
package/src/self-update.ts +89 -8
package/src/setup-wizard.ts +37 -2

package/dist/assets/hooks/aria-repo-doctrine-gate.mjs ADDED Viewed

@@ -0,0 +1,397 @@
+#!/usr/bin/env node
+import { appendFileSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
+import { dirname, extname, isAbsolute, join, resolve } from 'node:path';
+import { execFileSync } from 'node:child_process';
+import { homedir } from 'node:os';
+const HOME = homedir();
+const AUDIT_PATH = `${HOME}/.claude/aria-repo-doctrine-gate-audit.jsonl`;
+const ALLOW_MARKER = 'ARIA_ALLOW_STUB';
+const TEACHING_PROSE_MARKER = 'ARIA_TEACHING_PROSE';
+const ALLOW_EXTERNAL_LLM_CALL_MARKER = 'ARIA_ALLOW_EXTERNAL_LLM_CALL';
+const CODE_EXTENSIONS = new Set([
+  '.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs',
+  '.py', '.sh', '.bash', '.zsh', '.rb', '.go', '.rs', '.java', '.kt', '.cs',
+  '.php', '.swift', '.scala', '.yml', '.yaml',
+]);
+const DOCTRINE_ROOT_PREFIXES = ['apps/', 'packages/', 'harness/', 'ops/', 'scripts/'];
+const IGNORE_PATH_RX = [
+  /(^|\/)(node_modules|dist|build|coverage|archive|generated|telegram_env|backup-opencode-config|training-data|\.next|\.turbo|\.cache)(\/|$)/i,
+  /(^|\/)(package-lock\.json|pnpm-lock\.yaml|yarn\.lock)$/i,
+  /\.map$/i,
+];
+const ALLOW_PATH_RX = [
+  /(^|\/)(__tests__|tests?|specs?|fixtures?|examples?|demos?|benchmarks?|mocks?)(\/|$)/i,
+  /\.(test|spec)\.[^.]+$/i,
+];
+const DIRECT_LLM_GUARDED_PATH_RX = [
+  /(^|\/)packages\/aria-hardening-worker\//i,
+  /(^|\/)packages\/openclaw-shared\//i,
+  /(^|\/)packages\/aria-connector\/hooks\//i,
+  /(^|\/)packages\/aria-connector\/opencode-plugins\//i,
+  /(^|\/)packages\/aria-connector\/src\/connectors\//i,
+];
+const DIRECT_LLM_INTERNAL_ALLOW_RX = [
+  /(^|\/)harness\/packages\/harness-http-client\/src\//i,
+  /(^|\/)packages\/aria-connector\/runtime-src\//i,
+  /(^|\/)packages\/aria-connector\/hooks\/aria-architect-fallback\.mjs$/i,
+  /(^|\/)apps\/arias-soul\/api\/v1\//i,
+  /(^|\/)apps\/arias-soul\/api\/harness\//i,
+];
+const BLOCK_RULES = [
+  {
+    id: 'stub_semantics',
+    message: 'stub or mock semantics in doctrine-bound source',
+    rx: /\b(?:stub|stubs|mock|mocks|implementation pending|not implemented|fake implementation|synthetic payload|synthetic response|synthetic data|coming soon|will be wired)\b/i,
+  },
+  {
+    id: 'placeholder_semantics',
+    message: 'placeholder implementation semantics in doctrine-bound source',
+    rx: /\bplaceholder\b(?!(?:\s*=))[^\n]{0,40}\b(?:implementation|handler|route|logic|response|payload|data|endpoint|function|service)\b/i,
+  },
+  {
+    id: 'todo_stub_semantics',
+    message: 'TODO tied to stub or pending implementation in doctrine-bound source',
+    rx: /\bTODO\b[^\n]{0,120}\b(?:stub|mock|placeholder|pending|implement)\b/i,
+  },
+  {
+    id: 'http_501_pending',
+    message: '501 or pending-path marker in doctrine-bound source',
+    rx: /(?:\bstatus\s*\(\s*501\s*\)|\bsendStatus\s*\(\s*501\s*\)|\b501\b)[^\n]{0,120}\b(?:TODO|pending|not implemented|placeholder)\b|(?:\bTODO\b|\bpending\b|\bnot implemented\b)[^\n]{0,120}(?:\bstatus\s*\(\s*501\s*\)|\bsendStatus\s*\(\s*501\s*\)|\b501\b)/i,
+  },
+  {
+    id: 'mock_import',
+    message: 'mock or stub import in doctrine-bound source',
+    rx: /\b(?:from|require\s*\()\s*['"][^'"]*(?:mock|stub|fake)[^'"]*['"]/i,
+  },
+  {
+    id: 'direct_llm_bypass',
+    message: 'bare direct LLM/provider call outside approved runtime or SDK surface',
+    rx: /\bfetch\s*\([^\n]{0,240}(?:\/v1\/chat\/completions|\/v1\/messages|api\.anthropic\.com\/v1\/messages|api\.openai\.com\/v1\/chat\/completions|api\.deepseek\.com(?:\/v1)?\/chat\/completions|openrouter\.ai\/api\/v1\/chat\/completions|integrate\.api\.nvidia\.com\/v1\/chat\/completions|api\.x\.ai\/v1\/chat\/completions|open\.bigmodel\.cn\/api\/paas\/v4\/chat\/completions)\b/i,
+  },
+  {
+    id: 'direct_llm_sdk_bypass',
+    message: 'direct provider SDK call outside approved runtime or SDK surface',
+    rx: /\b(?:anthropic\.messages\.create|client\.messages\.create|chat\.completions\.create)\s*\(/i,
+  },
+];
+function audit(event, data = {}) {
+  try {
+    mkdirSync(dirname(AUDIT_PATH), { recursive: true, mode: 0o700 });
+    appendFileSync(
+      AUDIT_PATH,
+      JSON.stringify({ ts: new Date().toISOString(), event, ...data }) + '\n',
+    );
+  } catch {}
+}
+function parseArgs(argv) {
+  const parsed = {
+    mode: 'working-tree',
+    repo: null,
+    paths: [],
+  };
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === '--mode' && argv[i + 1]) {
+      parsed.mode = argv[++i];
+    } else if (arg === '--repo' && argv[i + 1]) {
+      parsed.repo = argv[++i];
+    } else if (arg === '--path' && argv[i + 1]) {
+      parsed.paths.push(argv[++i]);
+    } else if (arg === '--paths') {
+      parsed.paths.push(...argv.slice(i + 1));
+      break;
+    }
+  }
+  return parsed;
+}
+function runGit(args, cwd, options = {}) {
+  return execFileSync('git', args, {
+    cwd,
+    encoding: 'utf8',
+    stdio: ['pipe', 'pipe', 'pipe'],
+    ...options,
+  }).trim();
+}
+function resolveRepoRoot(hint, fallbackPaths = []) {
+  const candidates = [hint, ...fallbackPaths, process.cwd()].filter(Boolean);
+  for (const candidate of candidates) {
+    const base = existsSync(candidate) ? candidate : dirname(candidate);
+    try {
+      const root = runGit(['-C', base, 'rev-parse', '--show-toplevel'], base);
+      if (root) return root;
+    } catch {}
+  }
+  return null;
+}
+function readStdin() {
+  return new Promise((resolvePromise) => {
+    let input = '';
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', (chunk) => { input += chunk; });
+    process.stdin.on('end', () => resolvePromise(input));
+    process.stdin.on('error', () => resolvePromise(''));
+    if (process.stdin.isTTY) resolvePromise('');
+  });
+}
+function isDoctrineBound(relPath) {
+  return DOCTRINE_ROOT_PREFIXES.some((prefix) => relPath.startsWith(prefix));
+}
+function isIgnored(relPath) {
+  return IGNORE_PATH_RX.some((rx) => rx.test(relPath));
+}
+function isAllowlisted(relPath, text) {
+  if (text.includes(ALLOW_MARKER) || text.includes(TEACHING_PROSE_MARKER)) return true;
+  return ALLOW_PATH_RX.some((rx) => rx.test(relPath));
+}
+function stripQuotedContent(line) {
+  return line
+    .replace(/`(?:\\.|[^`])*`/g, '``')
+    .replace(/"(?:\\.|[^"])*"/g, '""')
+    .replace(/'(?:\\.|[^'])*'/g, "''");
+}
+function buildMultilineStringMask(text) {
+  const lines = String(text || '').split('\n');
+  const mask = new Array(lines.length).fill(false);
+  let inTemplate = false;
+  for (let lineIndex = 0; lineIndex < lines.length; lineIndex++) {
+    const line = lines[lineIndex];
+    let escaped = false;
+    let inSingle = false;
+    let inDouble = false;
+    let lineInsideTemplate = inTemplate;
+    for (let i = 0; i < line.length; i++) {
+      const ch = line[i];
+      if (escaped) {
+        escaped = false;
+        continue;
+      }
+      if (ch === '\\') {
+        escaped = true;
+        continue;
+      }
+      if (!inDouble && !inTemplate && ch === '\'') {
+        inSingle = !inSingle;
+        continue;
+      }
+      if (!inSingle && !inTemplate && ch === '"') {
+        inDouble = !inDouble;
+        continue;
+      }
+      if (!inSingle && !inDouble && ch === '`') {
+        inTemplate = !inTemplate;
+        lineInsideTemplate = true;
+      }
+    }
+    mask[lineIndex] = lineInsideTemplate;
+  }
+  return mask;
+}
+function isCommentOnlyLine(line) {
+  return /^\s*(?:\/\/|#|\*)/.test(line);
+}
+function isPolicyOrRuleDefinitionLine(line) {
+  const lower = String(line || '').toLowerCase();
+  if (!lower) return false;
+  if (/\bpattern\s*:\s*\/.*\/[a-z]*\s*,\s*violation\s*:/.test(line)) return true;
+  if (lower.includes('code quality default')) return true;
+  if (lower.includes('anti-patterns')) return true;
+  if (lower.includes('produce real working code')) return true;
+  if (lower.includes('non-stub check')) return true;
+  if (lower.includes('output file is a stub')) return true;
+  if (/\bno stubs?\b/.test(lower)) return true;
+  if (/\bno placeholders?\b/.test(lower)) return true;
+  if (/\bno fake implementations?\b/.test(lower)) return true;
+  return false;
+}
+function isDirectLlmGuardedPath(relPath) {
+  return DIRECT_LLM_GUARDED_PATH_RX.some((rx) => rx.test(relPath));
+}
+function isDirectLlmAllowlisted(relPath, text) {
+  if (text.includes(ALLOW_EXTERNAL_LLM_CALL_MARKER)) return true;
+  return DIRECT_LLM_INTERNAL_ALLOW_RX.some((rx) => rx.test(relPath));
+}
+function shouldScan(relPath, absPath) {
+  if (!existsSync(absPath)) return false;
+  if (isIgnored(relPath)) return false;
+  if (!isDoctrineBound(relPath)) return false;
+  return CODE_EXTENSIONS.has(extname(relPath).toLowerCase());
+}
+function collectViolations(repoRoot, relPaths) {
+  const violations = [];
+  for (const relPath of relPaths) {
+    const absPath = resolve(repoRoot, relPath);
+    if (!shouldScan(relPath, absPath)) continue;
+    let text;
+    try {
+      text = readFileSync(absPath, 'utf8');
+    } catch {
+      continue;
+    }
+    if (isAllowlisted(relPath, text)) continue;
+    const lines = text.split('\n');
+    const multilineStringMask = buildMultilineStringMask(text);
+    lines.forEach((line, index) => {
+      const semanticLine = stripQuotedContent(line);
+      const commentOnly = isCommentOnlyLine(line);
+      const inMultilineString = multilineStringMask[index] === true;
+      for (const rule of BLOCK_RULES) {
+        if (
+          (rule.id === 'stub_semantics' || rule.id === 'placeholder_semantics') &&
+          isPolicyOrRuleDefinitionLine(line)
+        ) {
+          continue;
+        }
+        if ((rule.id === 'direct_llm_bypass' || rule.id === 'direct_llm_sdk_bypass')) {
+          if (!isDirectLlmGuardedPath(relPath)) continue;
+          if (isDirectLlmAllowlisted(relPath, text)) continue;
+        }
+        const scanLine =
+          (rule.id === 'stub_semantics' || rule.id === 'placeholder_semantics')
+            ? (commentOnly || inMultilineString ? '' : semanticLine)
+            : (rule.id === 'todo_stub_semantics' || rule.id === 'http_501_pending' || rule.id === 'mock_import')
+              ? (inMultilineString ? '' : semanticLine)
+              : line;
+        if (rule.rx.test(scanLine)) {
+          violations.push({
+            path: relPath,
+            line: index + 1,
+            rule: rule.id,
+            message: rule.message,
+            excerpt: line.trim().slice(0, 240),
+          });
+        }
+      }
+    });
+  }
+  return violations;
+}
+function parsePrePushRefs(stdin) {
+  const ranges = [];
+  for (const line of String(stdin || '').split('\n').filter(Boolean)) {
+    const [localRef, localSha, remoteRef, remoteSha] = line.trim().split(/\s+/);
+    if (!localSha || !remoteSha) continue;
+    ranges.push({ localRef, localSha, remoteRef, remoteSha });
+  }
+  return ranges;
+}
+function emptyTreeSha(repoRoot) {
+  return runGit(['hash-object', '-t', 'tree', '/dev/null'], repoRoot);
+}
+function changedPathsForMode(repoRoot, mode, explicitPaths, stdin) {
+  if (explicitPaths.length > 0) {
+    return explicitPaths.map((candidate) => {
+      const abs = isAbsolute(candidate) ? candidate : resolve(process.cwd(), candidate);
+      return resolve(repoRoot, abs).startsWith(repoRoot) ? abs.slice(repoRoot.length + 1).replace(/\\/g, '/') : candidate;
+    });
+  }
+  if (mode === 'staged') {
+    return runGit(['diff', '--cached', '--name-only', '--diff-filter=ACMR'], repoRoot)
+      .split('\n')
+      .filter(Boolean);
+  }
+  if (mode === 'push') {
+    const refs = parsePrePushRefs(stdin);
+    const paths = new Set();
+    const emptyTree = emptyTreeSha(repoRoot);
+    for (const ref of refs) {
+      const remoteSha = /^0+$/.test(ref.remoteSha) ? emptyTree : ref.remoteSha;
+      const diff = runGit(['diff', '--name-only', '--diff-filter=ACMR', `${remoteSha}...${ref.localSha}`], repoRoot);
+      diff.split('\n').filter(Boolean).forEach((entry) => paths.add(entry));
+    }
+    if (paths.size > 0) return [...paths];
+  }
+  return runGit(['diff', '--name-only', '--diff-filter=ACMR'], repoRoot)
+    .split('\n')
+    .filter(Boolean);
+}
+function renderReason(repoRoot, violations, mode) {
+  const lines = violations
+    .slice(0, 20)
+    .map((violation) => `- ${violation.path}:${violation.line} [${violation.rule}] ${violation.excerpt}`);
+  return [
+    `Aria repo doctrine gate blocked ${mode}.`,
+    '',
+    'Doctrine-bound source cannot introduce stub/mock/pending semantics outside explicit allowlists.',
+    `Repo: ${repoRoot}`,
+    '',
+    'Violations:',
+    ...lines,
+    '',
+    `Allow path categories: tests/specs/fixtures/examples/demos/mocks, or add ${ALLOW_MARKER} in the file when the exception is intentional and reviewable.`,
+    `External provider calls require explicit ${ALLOW_EXTERNAL_LLM_CALL_MARKER} marker or an approved internal runtime/SDK path.`,
+  ].join('\n');
+}
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const stdin = await readStdin();
+  let event = null;
+  try { event = stdin ? JSON.parse(stdin) : null; } catch {}
+  const eventPaths = [];
+  if (event?.tool_input?.file_path) eventPaths.push(event.tool_input.file_path);
+  if (event?.tool_input?.path) eventPaths.push(event.tool_input.path);
+  if (event?.tool_input?.command && typeof event.tool_input.command === 'string') {
+    // For Bash mutations, scan repo diff rather than trying to parse arbitrary shell.
+  }
+  const repoRoot = resolveRepoRoot(
+    args.repo || event?.cwd || event?.working_directory || event?.tool_input?.file_path || event?.tool_input?.path,
+    eventPaths,
+  );
+  if (!repoRoot) process.exit(0);
+  const mode = args.mode || (event ? 'working-tree' : 'working-tree');
+  const relPaths = changedPathsForMode(repoRoot, mode, args.paths, stdin);
+  const violations = collectViolations(repoRoot, relPaths);
+  if (violations.length === 0) {
+    audit('repo_doctrine_gate_pass', { repoRoot, mode, scanned: relPaths.length });
+    process.exit(0);
+  }
+  const reason = renderReason(repoRoot, violations, mode);
+  audit('repo_doctrine_gate_block', { repoRoot, mode, violations });
+  if (event) {
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+  console.error(reason);
+  process.exit(1);
+}
+main().catch((err) => {
+  audit('repo_doctrine_gate_error', { err: err instanceof Error ? err.message : String(err) });
+  console.error(`Aria repo doctrine gate failed closed: ${err instanceof Error ? err.message : String(err)}`);
+  process.exit(1);
+});