@aria_asi/cli 0.2.29 → 0.2.30

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aria_asi/cli",
-  "version": "0.2.29",
-  "description": "Aria Smart CLI — the world's first harness-powered terminal companion",
+  "version": "0.2.30",
+  "description": "Aria Smart CLI \u2014 the world's first harness-powered terminal companion",
   "bin": {
     "aria": "./bin/aria.js"
   },

package/runtime-src/local-phase.mjs

@@ -618,6 +618,24 @@ export function buildRuntimeCognitionDirective(packet, bundle = {}) {
     '- Predictor tests whether the answer will survive the next real operational step.',
     '- Mizan keeps the answer proportionate, exact, and high-quality.',
     '',
+    'Visible cognition contract for the user-facing response:',
+    '- For any non-trivial reply, include a readable <cognition> block using everyday labels, not internal lens codenames.',
+    '- If you request any non-trivial tool call, place the <cognition> block BEFORE the tool request.',
+    '- If the action is deploy, destructive, or state-mutating, include both <verify> and <expected> blocks before the tool request.',
+    '- The runtime will canonicalize the readable block into backend JSON automatically, so do not hide it behind private shorthand.',
+    '',
+    '<cognition>',
+    '  truth: <what is actually true here, grounded in visible evidence and substrate anchors>',
+    '  harm: <what could break, mislead, or damage trust if the next step is wrong>',
+    '  trust: <what principle, promise, or user trust boundary governs this turn>',
+    '  power: <what capability is being used and what restraint it requires>',
+    '  reflection: <what deeper structural read changes the action, not just the wording>',
+    '  context: <what surrounding repo/runtime/user context materially changes the correct move>',
+    '  impact: <what second-order consequence or next-step outcome follows from this move>',
+    '  beauty: <what cleaner, more elegant, more durable path preserves the contract>',
+    `  first_principle: ${firstPrincipleText}`,
+    '</cognition>',
+    '',
     dominantModules.length ? 'Current module insights:' : 'Current module insights: none yet',
     ...dominantModules.map((line) => `- ${line}`),
     '',

package/runtime-src/service.mjs

@@ -65,12 +65,229 @@ const PRINCIPLE_LIMIT = 400;
 const PATTERN_LIMIT = 400;
 const RECEIPT_LIMIT = 500;
 const OWNER_TOKEN_PATH = join(process.env.HOME || '', '.aria', 'owner-token');
+const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const VERIFY_BLOCK_RX =
+  /<verify>[\s\S]*?target\s*:[\s\S]*?role\s*:[\s\S]*?verified\s*:[\s\S]*?rollback\s*:[\s\S]*?axiom\s*:[\s\S]*?<\/verify>/i;
+const EXPECTED_BLOCK_RX = /<expected>([\s\S]*?)<\/expected>/i;
+const MEASURABLE_PREDICATE_RX =
+  /\b(?:exit_code|exit|rc|status|state|count|latency|error_rate|healthy|exists|http|rows?|bytes?|sha|heartbeat|predicate)\b\s*(?:[:=]|==|>=|<=|>|<)\s*[^\n]+|\b(?:true|false)\b|\b\d+(?:\.\d+)?%?\b/i;
+const QUALITATIVE_DRIFT_RX = /\b(?:better|improved|should work|more reliable|cleaner|enhanced)\b/i;
+const DECISION_SIGNAL_RX = /(?:should|recommend|propose|suggest|let'?s|go with|i'd|i would|here'?s the plan|i'll|next step|action item|ship it|yes do|let me)/i;
+const TRIVIAL_ACK_RX = /^(?:got it|on it|ok|sure|yes|no|done|ack)\b/i;
+const NON_TRIVIAL_MIN_CHARS = 300;
+const READABLE_LENS_SLOTS = [
+  { key: 'truth', aliases: ['truth', 'nur', 'zahir'] },
+  { key: 'harm', aliases: ['harm', 'mizan', 'batin'] },
+  { key: 'trust', aliases: ['trust', 'hikma', 'hikmah'] },
+  { key: 'power', aliases: ['power', 'tafakkur', 'sabab'] },
+  { key: 'reflection', aliases: ['reflection', 'tadabbur', 'aqibah'] },
+  { key: 'context', aliases: ['context', 'ilham'] },
+  { key: 'impact', aliases: ['impact', 'wahi', 'meta'] },
+  { key: 'beauty', aliases: ['beauty', 'firasah', 'fitrah'] },
+];
+const DOCTRINE_TRIGGER_MAP_CANDIDATES = [
+  join(__dirname, 'discipline', 'doctrine_trigger_map.json'),
+  join(__dirname, 'doctrine_trigger_map.json'),
+  join(process.env.HOME || '', '.claude', 'hooks', 'doctrine_trigger_map.json'),
+  join(process.env.HOME || '', '.claude', 'projects', '-home-hamzaibrahim1', 'memory', 'doctrine_trigger_map.json'),
+  join(process.env.HOME || '', '.codex', 'doctrine_trigger_map.json'),
+];
+const TOOL_DEPLOY_PATTERNS = [
+  /\b(?:\.\/)?scripts\/deploy-/i,
+  /\bkubectl\s+apply\b/i,
+  /\bkubectl\s+set\s+image\b/i,
+  /\bkubectl\s+rollout\s+restart\b/i,
+  /\bkubectl\s+rollout\s+undo\b/i,
+  /\bdocker\s+push\b/i,
+  /\bdocker\s+build\b.*--push\b/i,
+];
+const TOOL_DESTRUCTIVE_PATTERNS = [
+  /(?:^|[;&|]\s*|\$\(\s*|`\s*)sudo\s+\S/i,
+  /systemctl\s+(?:disable|stop|mask|reset-failed|kill)\b/i,
+  /\brm\s+-[rRfF]+/i,
+  /\bgit\s+push\b.*\b--force\b/i,
+  /\bgit\s+reset\s+--hard\b/i,
+  /\bgit\s+checkout\s+--\b/i,
+  /\b--no-verify\b/i,
+  /\b--no-gpg-sign\b/i,
+  /\bkill\s+-(?:9|KILL|TERM|HUP|INT)\b/i,
+  /\bpkill\b/i,
+  /\b(?:DROP|TRUNCATE)\s+(?:TABLE|DATABASE|SCHEMA|INDEX)\b/i,
+  /\bkubectl\s+delete\b/i,
+];
 
 function json(res, status, payload) {
   res.writeHead(status, { 'content-type': 'application/json; charset=utf-8' });
   res.end(JSON.stringify(payload, null, 2));
 }
 
+function isNonTrivialAssistantTurn(text, toolIntents = []) {
+  const body = String(text || '').trim();
+  if (toolIntents.length > 0) return true;
+  if (!body) return false;
+  if (TRIVIAL_ACK_RX.test(body)) return false;
+  return body.length >= NON_TRIVIAL_MIN_CHARS || DECISION_SIGNAL_RX.test(body);
+}
+
+function extractVisibleCognitionContract(text) {
+  const match = String(text || '').match(COGNITION_BLOCK_RX);
+  if (!match) {
+    return {
+      present: false,
+      readable: null,
+      rawBlock: null,
+      firstPrinciple: null,
+      labels: [],
+    };
+  }
+
+  const inner = match[1];
+  const readable = {};
+  const labels = [];
+  for (const slot of READABLE_LENS_SLOTS) {
+    const aliasPattern = slot.aliases.join('|');
+    const lensRx = new RegExp(
+      `\\b(?:${aliasPattern})\\s*:\\s*([^\\n]*(?:\\n(?!\\s*(?:${READABLE_LENS_SLOTS.flatMap((entry) => entry.aliases).join('|')})\\s*:|<\\/cognition>)[^\\n]*)*)`,
+      'i',
+    );
+    const lensMatch = inner.match(lensRx);
+    if (!lensMatch) continue;
+    readable[slot.key] = (lensMatch[1] || '').trim();
+    labels.push(slot.key);
+  }
+
+  const firstPrincipleMatch = inner.match(/\bfirst[_\s-]?principle\s*:\s*([^\n][\s\S]*?)(?=\n\s*[a-z_ -]+\s*:|$)/i);
+  return {
+    present: true,
+    readable,
+    rawBlock: match[0],
+    firstPrinciple: firstPrincipleMatch ? firstPrincipleMatch[1].trim() : null,
+    labels,
+  };
+}
+
+function hasMeasurableExpectedBlock(text) {
+  const match = String(text || '').match(EXPECTED_BLOCK_RX);
+  if (!match) return false;
+  const inner = match[1].trim();
+  if (!inner) return false;
+  if (QUALITATIVE_DRIFT_RX.test(inner) && !MEASURABLE_PREDICATE_RX.test(inner)) return false;
+  return MEASURABLE_PREDICATE_RX.test(inner);
+}
+
+function parseToolArgs(rawArgs) {
+  if (!rawArgs) return {};
+  if (typeof rawArgs === 'object') return rawArgs;
+  if (typeof rawArgs !== 'string') return {};
+  try {
+    return JSON.parse(rawArgs);
+  } catch {
+    return { raw: rawArgs };
+  }
+}
+
+function inferToolAction(toolName, args) {
+  const lower = String(toolName || '').toLowerCase();
+  if (args && typeof args.command === 'string') return 'bash';
+  if (args && (typeof args.file_path === 'string' || typeof args.notebook_path === 'string')) return 'edit';
+  if (/\b(?:bash|shell|terminal|command)\b/.test(lower)) return 'bash';
+  if (/\b(?:edit|write|notebook)\b/.test(lower)) return 'edit';
+  if (/\b(?:deploy|rollout|release)\b/.test(lower)) return 'deploy';
+  if (/\b(?:delete|destroy|drop|wipe|purge)\b/.test(lower)) return 'delete';
+  if (/\b(?:build|compile)\b/.test(lower)) return 'build';
+  return 'tool';
+}
+
+function summarizeToolTarget(toolName, args) {
+  if (typeof args?.command === 'string' && args.command.trim()) return args.command.trim();
+  if (typeof args?.file_path === 'string' && args.file_path.trim()) return args.file_path.trim();
+  if (typeof args?.notebook_path === 'string' && args.notebook_path.trim()) return args.notebook_path.trim();
+  if (typeof args?.path === 'string' && args.path.trim()) return args.path.trim();
+  if (typeof args?.target === 'string' && args.target.trim()) return args.target.trim();
+  return `${toolName}${Object.keys(args || {}).length ? ` ${JSON.stringify(args).slice(0, 200)}` : ''}`.trim();
+}
+
+function extractProviderToolIntents(providerStyle, providerMeta) {
+  if (providerStyle === 'anthropic') {
+    const content = Array.isArray(providerMeta?.raw?.content) ? providerMeta.raw.content : [];
+    return content
+      .filter((block) => block?.type === 'tool_use')
+      .map((block) => {
+        const args = parseToolArgs(block.input || {});
+        return {
+          provider: 'anthropic',
+          id: block.id || null,
+          toolName: block.name || 'tool_use',
+          args,
+          action: inferToolAction(block.name || 'tool_use', args),
+          target: summarizeToolTarget(block.name || 'tool_use', args),
+          raw: block,
+        };
+      });
+  }
+
+  const rawMessage = providerMeta?.raw?.choices?.[0]?.message || {};
+  const toolCalls = Array.isArray(rawMessage.tool_calls) ? rawMessage.tool_calls : [];
+  return toolCalls.map((toolCall) => {
+    const name = toolCall?.function?.name || toolCall?.name || 'tool_call';
+    const args = parseToolArgs(toolCall?.function?.arguments || toolCall?.arguments || {});
+    return {
+      provider: 'openai',
+      id: toolCall?.id || null,
+      toolName: name,
+      args,
+      action: inferToolAction(name, args),
+      target: summarizeToolTarget(name, args),
+      raw: toolCall,
+    };
+  });
+}
+
+function loadDoctrineTriggerMap() {
+  for (const candidate of DOCTRINE_TRIGGER_MAP_CANDIDATES) {
+    const map = readJsonFile(candidate, null);
+    if (map && Array.isArray(map.triggers)) return map;
+  }
+  return { triggers: [] };
+}
+
+function collectDoctrineTriggerHits(text) {
+  const triggerMap = loadDoctrineTriggerMap();
+  const source = String(text || '');
+  const lowerText = source.toLowerCase();
+  const hits = [];
+  for (const entry of triggerMap.triggers || []) {
+    try {
+      const rx = new RegExp(entry.trigger, 'ig');
+      const matched = [...source.matchAll(rx)][0];
+      if (!matched) continue;
+      const memoryName = typeof entry.memory === 'string' ? entry.memory.replace(/\.md$/, '') : '';
+      const memoryCited = memoryName && lowerText.includes(memoryName.toLowerCase());
+      if (memoryCited) continue;
+      hits.push({
+        trigger: entry.trigger,
+        memory: entry.memory || null,
+        teaching: entry.teaching || null,
+        message: entry.message || null,
+        severity: entry.severity || 'block',
+      });
+    } catch {}
+  }
+  return hits;
+}
+
+function buildToolGateBlockMessage(blockers) {
+  const reasons = blockers.map((blocker) => `- ${blocker}`).join('\n');
+  return [
+    'Aria runtime blocked the requested tool action.',
+    '',
+    reasons,
+    '',
+    'Re-draft with a readable <cognition> block before the tool request.',
+    'If the action is deploy, destructive, or state-mutating, include <verify> and <expected> blocks as well.',
+  ].join('\n');
+}
+
 async function readJson(req) {
   const chunks = [];
   for await (const chunk of req) chunks.push(chunk);
@@ -982,6 +1199,9 @@ async function buildDirectTurnContext(req, body, client, options = {}) {
 
 function openAiResponseEnvelope(body, text, providerMeta, extra = {}) {
   const debug = body?.ariaDebug === true;
+  const toolCalls = !extra.blocked && Array.isArray(providerMeta?.raw?.choices?.[0]?.message?.tool_calls)
+    ? providerMeta.raw.choices[0].message.tool_calls
+    : undefined;
   return {
     id: `chatcmpl_${randomUUID().replace(/-/g, '')}`,
     object: 'chat.completion',
@@ -990,10 +1210,11 @@ function openAiResponseEnvelope(body, text, providerMeta, extra = {}) {
     choices: [
       {
         index: 0,
-        finish_reason: providerMeta.finishReason || 'stop',
+        finish_reason: toolCalls?.length ? (providerMeta.finishReason || 'tool_calls') : (providerMeta.finishReason || 'stop'),
         message: {
           role: 'assistant',
           content: text,
+          ...(toolCalls?.length ? { tool_calls: toolCalls } : {}),
         },
       },
     ],
@@ -1009,13 +1230,32 @@ function openAiResponseEnvelope(body, text, providerMeta, extra = {}) {
 }
 
 function anthropicResponseEnvelope(text, providerMeta, extra = {}, debug = false) {
+  const rawContent = Array.isArray(providerMeta?.raw?.content) ? providerMeta.raw.content : [];
+  const content = !extra.blocked && rawContent.length
+    ? rawContent.map((block) => {
+        if (block?.type === 'text') {
+          return { type: 'text', text: typeof block.text === 'string' ? block.text : text };
+        }
+        if (block?.type === 'tool_use') {
+          return {
+            type: 'tool_use',
+            id: block.id,
+            name: block.name,
+            input: block.input || {},
+          };
+        }
+        return block;
+      })
+    : [{ type: 'text', text }];
   return {
     id: `msg_${randomUUID().replace(/-/g, '')}`,
     type: 'message',
     role: 'assistant',
     model: providerMeta.model,
-    stop_reason: providerMeta.finishReason || 'end_turn',
-    content: [{ type: 'text', text }],
+    stop_reason: rawContent.some((block) => block?.type === 'tool_use') && !extra.blocked
+      ? (providerMeta.finishReason || 'tool_use')
+      : (providerMeta.finishReason || 'end_turn'),
+    content,
     usage: providerMeta.usage
       ? {
           input_tokens: providerMeta.usage.promptTokens || 0,
@@ -1111,6 +1351,30 @@ function buildReadableAriaEnvelope(extra = {}, debug = false) {
       : [],
   } : null;
 
+  const cognition = extra.cognitionContract ? {
+    visible: Boolean(extra.cognitionContract.present),
+    labels: Array.isArray(extra.cognitionContract.labels) ? extra.cognitionContract.labels : [],
+    readable: extra.cognitionContract.readable || null,
+    first_principle: extra.cognitionContract.firstPrinciple || null,
+  } : null;
+
+  const doctrine = extra.doctrine ? {
+    blocked: Boolean(extra.doctrine.blocked),
+    hits: Array.isArray(extra.doctrine.hits) ? extra.doctrine.hits.slice(0, 3) : [],
+  } : null;
+
+  const tool_gate = extra.toolGate ? {
+    blocked: Boolean(extra.toolGate.blocked),
+    blockers: Array.isArray(extra.toolGate.blockers) ? extra.toolGate.blockers.slice(0, 5) : [],
+    intents: Array.isArray(extra.toolGate.intents)
+      ? extra.toolGate.intents.map((intent) => ({
+          tool: intent.toolName,
+          action: intent.action,
+          target: intent.target,
+        }))
+      : [],
+  } : null;
+
   const envelope = {
     blocked: Boolean(extra.blocked),
     control_plane: 'aria-mounted-runtime',
@@ -1128,6 +1392,9 @@ function buildReadableAriaEnvelope(extra = {}, debug = false) {
     receipts,
     validation,
     layer3,
+    cognition,
+    doctrine,
+    tool_gate,
   };
 
   if (debug) {
@@ -1141,6 +1408,34 @@ function coerceNonEmptyString(value) {
   return typeof value === 'string' && value.trim() ? value.trim() : '';
 }
 
+function analyzeToolIntentContract(intent, assistantText) {
+  const target = String(intent?.target || '');
+  const action = String(intent?.action || 'tool');
+  const blockers = [];
+  const isDeploy = action === 'deploy' || TOOL_DEPLOY_PATTERNS.some((rx) => rx.test(target));
+  const isDestructive = action === 'delete' || TOOL_DESTRUCTIVE_PATTERNS.some((rx) => rx.test(target));
+  const isMutation = isDeploy || isDestructive || action === 'edit' || action === 'write' || action === 'bash' || action === 'build';
+
+  if (!assistantText.match(COGNITION_BLOCK_RX)) {
+    blockers.push(`${intent.toolName}: missing readable <cognition> block before tool request`);
+  }
+  if (isMutation && !assistantText.match(EXPECTED_BLOCK_RX)) {
+    blockers.push(`${intent.toolName}: missing <expected> block before non-trivial tool request`);
+  } else if (isMutation && !hasMeasurableExpectedBlock(assistantText)) {
+    blockers.push(`${intent.toolName}: <expected> block lacks a measurable predicate`);
+  }
+  if ((isDeploy || isDestructive) && !VERIFY_BLOCK_RX.test(assistantText)) {
+    blockers.push(`${intent.toolName}: missing <verify> block before deploy/destructive tool request`);
+  }
+
+  return {
+    isMutation,
+    isDeploy,
+    isDestructive,
+    blockers,
+  };
+}
+
 function extractJsonObject(text) {
   const raw = String(text || '').trim();
   if (!raw) {
@@ -1547,22 +1842,17 @@ async function handleProviderProxy(req, body, client, providerStyle) {
     : await callProviderForOpenAI(body, turn.ariaSystemPrompt);
 
   let candidateText = providerMeta.text || '';
-  let validation;
-  try {
-    validation = await client.validateOutput(candidateText, turn.sessionId);
-  } catch (error) {
-    if (!turn.packetBypassed) throw error;
-    validation = {
-      passed: true,
-      severity: 'warn',
-      violations: [
-        `remote validate unavailable: ${error instanceof Error ? error.message : String(error)}`,
-      ],
-      gateTriggers: ['owner-local-bypass'],
-    };
-  }
-  if (validation?.severity === 'block' && validation?.rewritten) {
-    candidateText = validation.rewritten;
+  const toolIntents = extractProviderToolIntents(providerStyle, providerMeta);
+  const requiresReadableCognition = isNonTrivialAssistantTurn(candidateText, toolIntents);
+  const cognitionContract = extractVisibleCognitionContract(candidateText);
+
+  let validation = {
+    passed: true,
+    severity: 'pass',
+    violations: [],
+    gateTriggers: [],
+  };
+  if (candidateText.trim()) {
     try {
       validation = await client.validateOutput(candidateText, turn.sessionId);
     } catch (error) {
@@ -1571,19 +1861,60 @@ async function handleProviderProxy(req, body, client, providerStyle) {
         passed: true,
         severity: 'warn',
         violations: [
-          `remote validate unavailable after rewrite: ${error instanceof Error ? error.message : String(error)}`,
+          `remote validate unavailable: ${error instanceof Error ? error.message : String(error)}`,
         ],
         gateTriggers: ['owner-local-bypass'],
       };
     }
+    if (validation?.severity === 'block' && validation?.rewritten) {
+      candidateText = validation.rewritten;
+      try {
+        validation = await client.validateOutput(candidateText, turn.sessionId);
+      } catch (error) {
+        if (!turn.packetBypassed) throw error;
+        validation = {
+          passed: true,
+          severity: 'warn',
+          violations: [
+            `remote validate unavailable after rewrite: ${error instanceof Error ? error.message : String(error)}`,
+          ],
+          gateTriggers: ['owner-local-bypass'],
+        };
+      }
+    }
   }
 
   const layer3 = await runLayer3(req, {
-    text: candidateText,
+    text: candidateText || (toolIntents.length > 0 ? `<cognition>\n</cognition>` : ''),
     packet: turn.packet,
     fetchPacket: false,
-    requireCognitionBlock: body.requireCognitionBlock ?? false,
+    requireCognitionBlock: body.requireCognitionBlock ?? requiresReadableCognition,
   }, client);
+  const doctrineHits = candidateText.trim() ? collectDoctrineTriggerHits(candidateText) : [];
+  const doctrineBlockers = doctrineHits
+    .filter((hit) => String(hit.severity || 'block').toLowerCase() === 'block')
+    .map((hit) => hit.message || hit.teaching || hit.trigger);
+
+  const toolGateBlockers = [];
+  for (const intent of toolIntents) {
+    const contract = analyzeToolIntentContract(intent, candidateText);
+    toolGateBlockers.push(...contract.blockers);
+    try {
+      const runtimeCheck = await client.checkAction(
+        contract.isDeploy ? 'deploy'
+          : contract.isDestructive ? 'delete'
+            : intent.action === 'build' ? 'build'
+              : 'write',
+        intent.target || intent.toolName,
+      );
+      if (!runtimeCheck.allowed) {
+        toolGateBlockers.push(`${intent.toolName}: ${runtimeCheck.reason || 'runtime action gate blocked this tool request'}`);
+      }
+    } catch (error) {
+      if (!turn.packetBypassed) throw error;
+      toolGateBlockers.push(`${intent.toolName}: runtime action gate unavailable during owner-local-bypass`);
+    }
+  }
   const postBundle = evaluateMizanPost(candidateText, {
     hasVerifiedState: findVerifiedState(candidateText),
     layer3Pass: layer3.pass,
@@ -1601,8 +1932,17 @@ async function handleProviderProxy(req, body, client, providerStyle) {
   });
   const postResult = postBundle.result;
 
-  const blocked = validation.severity === 'block' || !layer3.pass || postResult.reAuthorSignal;
-  const finalText = blocked ? buildPhaseBlockMessage(postResult, 'post') : candidateText;
+  const blocked =
+    validation.severity === 'block' ||
+    !layer3.pass ||
+    postResult.reAuthorSignal ||
+    doctrineBlockers.length > 0 ||
+    toolGateBlockers.length > 0;
+  const finalText = toolGateBlockers.length > 0
+    ? buildToolGateBlockMessage(toolGateBlockers)
+    : blocked
+      ? buildPhaseBlockMessage(postResult, 'post')
+      : candidateText;
   await persistTurnArtifacts(req, body, client, apiKey, {
     ...turn,
     postResult,
@@ -1632,6 +1972,16 @@ async function handleProviderProxy(req, body, client, providerStyle) {
     operatorPlan: turn.operatorPlan,
     validation,
     layer3,
+    cognitionContract,
+    doctrine: {
+      blocked: doctrineBlockers.length > 0,
+      hits: doctrineHits,
+    },
+    toolGate: {
+      blocked: toolGateBlockers.length > 0,
+      blockers: toolGateBlockers,
+      intents: toolIntents,
+    },
   };
   return providerStyle === 'anthropic'
     ? anthropicResponseEnvelope(finalText, providerMeta, extra, body?.ariaDebug === true)