@aria_asi/cli 0.2.29 → 0.2.31

package/hooks/aria-stop-gate.mjs

@@ -16,19 +16,19 @@
 // now catches.
 //
 // Doctrine bindings (same as PreToolUse gate):
-//   - EIGHT_LENS_DOCTRINE.md — substantive 4+ lens application required
+//   - EIGHT_LENS_DOCTRINE.md — substantive 8-lens application required
 //   - feedback_apply_lenses_dont_perform_them.md — block ceremonial cognition
 //   - feedback_8lens_before_every_action_including_text.md — the rule this enforces
 //
 // Trigger: runs at Stop event after every assistant response. Reads
 // the just-emitted assistant text from the transcript. If non-trivial
 // (per the same triviality threshold as eight-lens-detector.ts) AND
-// missing 4+ substantive lenses, blocks the response.
+// missing 8 substantive lenses, blocks the response.
 //
 // Triviality threshold (mirrors eight-lens-detector.ts):
 //   - Trivial acks (e.g. "got it", "ok", "done") pass
 //   - Short responses (<300 chars) without decision-signal phrases pass
-//   - Otherwise: require 4+ substantive lenses
+//   - Otherwise: require 8 substantive lenses
 //
 // Substance check (mirrors aria-pre-tool-gate.mjs):
 //   - Each lens must have ≥20 chars of non-placeholder content
@@ -52,14 +52,21 @@ import { dirname } from 'node:path';
 import { appendGateAudit } from './lib/gate-audit.mjs';
 import {
   ALL_LENS_NAMES,
-  canonicalLensCorrectionText,
   detectCognitionLenses as detectCognitionLensesFromCanonical,
   lensNamesForTier,
+  PRIMARY_OWNER_LENS_NAMES,
 } from './lib/canonical-lenses.mjs';
+import { registerGateBlock } from './lib/gate-loop-state.mjs';
+import { collectTurnWindowFromMessages } from './lib/hook-message-window.mjs';
 
 const HOME = process.env.HOME || '/tmp';
+const RUNTIME_BASE_URL =
+  process.env.ARIA_RUNTIME_URL ||
+  'http://127.0.0.1:4319';
 const LOG = `${HOME}/.claude/aria-stop-gate.log`;
 const AUDIT_PATH = `${HOME}/.claude/aria-stop-gate-audit.jsonl`;
+const GATE_LOOP_STATE_PATH = `${HOME}/.claude/.aria-gate-loop-state.json`;
+const MIZAN_RECEIPT_DIR = `${HOME}/.claude/.aria-mizan-receipts`;
 
 // SDK loader — bundled at ~/.aria/sdk by `aria connect`, with client-local
 // fallbacks preserved for resilience.
@@ -167,6 +174,94 @@ async function fireGardenTurn(sessionId, userMessage, assistantResponse) {
   }
 }
 
+function resolveHarnessControlToken() {
+  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
+  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
+  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
+  try {
+    const ownerTokenPath = `${HOME}/.aria/owner-token`;
+    if (existsSync(ownerTokenPath)) {
+      const token = readFileSync(ownerTokenPath, 'utf8').trim();
+      if (token) return token;
+    }
+  } catch {}
+  try {
+    const licensePath = `${HOME}/.aria/license.json`;
+    if (existsSync(licensePath)) {
+      const license = JSON.parse(readFileSync(licensePath, 'utf8'));
+      if (license.harnessToken) return String(license.harnessToken).trim();
+      if (license.token) return String(license.token).trim();
+    }
+  } catch {}
+  return '';
+}
+
+function mizanReceiptPathForSession(sessionId) {
+  const safe = String(sessionId || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+  return `${MIZAN_RECEIPT_DIR}/${safe}.json`;
+}
+
+function loadMizanReceiptState(sessionId) {
+  try {
+    const receiptPath = mizanReceiptPathForSession(sessionId);
+    if (!existsSync(receiptPath)) return null;
+    return JSON.parse(readFileSync(receiptPath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function saveMizanReceiptState(sessionId, payload) {
+  try {
+    mkdirSync(MIZAN_RECEIPT_DIR, { recursive: true });
+    writeFileSync(mizanReceiptPathForSession(sessionId), JSON.stringify(payload, null, 2) + '\n');
+  } catch {}
+}
+
+async function runtimeMizanPost(sessionId, text, context = {}, parentReceiptId = null) {
+  const token = resolveHarnessControlToken();
+  if (!token) throw new Error('no token');
+  const response = await fetch(`${process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319'}/mizan/post`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify({
+      sessionId,
+      text,
+      parentReceiptId,
+      context: {
+        sessionId,
+        ...context,
+      },
+    }),
+  });
+  const payload = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(payload?.error || `mizan/post failed (${response.status})`);
+  }
+  return payload;
+}
+
+async function runtimeDecisionLog(payload) {
+  const token = resolveHarnessControlToken();
+  if (!token) throw new Error('no token');
+  const response = await fetch(`${process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319'}/decision/log`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify(payload),
+  });
+  const body = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(body?.error || `decision/log failed (${response.status})`);
+  }
+  return body;
+}
+
 function audit(decision, summary) {
   const summaryText = typeof summary === 'string' ? summary : '';
   const data = summary && typeof summary === 'object' ? summary : {};
@@ -185,12 +280,12 @@ function audit(decision, summary) {
 // access"). The gated process has no disable path. Disable = remove hook
 // entry from ~/.claude/settings.json (deliberate user action, visible).
 
-// ── Tier-aware lens labeling (Phase 11 #59) ──────────────────────────────────
+// ── Canonical lens labeling (Phase 11 #59 corrected) ────────────────────────
 //
-// Mirrors the same logic in aria-pre-tool-gate.mjs. Tier is read from the
-// most recent harness-via-sdk packet cache. Owner tier sees canonical Arabic
-// names; client tier sees neutral generic labels. Both tiers get the same
-// gate enforcement — only the visible vocabulary differs.
+// Mirrors the same logic in aria-pre-tool-gate.mjs. Tier is still read from
+// the most recent harness-via-sdk packet cache for other policy behaviors, but
+// the visible lens labels remain canonical on every surface. Readability comes
+// from the prose inside each lens, not from renaming the lens itself.
 const PACKET_CACHE_PATH = `${HOME}/.claude/.aria-harness-last-packet.json`;
 
 function resolveOwnerTier() {
@@ -211,7 +306,6 @@ function resolveOwnerTier() {
 const IS_OWNER = resolveOwnerTier();
 
 const LENS_NAMES = lensNamesForTier(IS_OWNER);
-const CANONICAL_LENS_TEXT = canonicalLensCorrectionText();
 
 // Doctrine memory filenames are Aria-side substrate IP.
 // Client surfaces see generic descriptions instead of real filenames.
@@ -270,6 +364,25 @@ function emitHarnessFooter({ eventName, lensCount, chars, driftCount, mizanStatu
   } catch {}
 }
 
+function withLoopDirective(reasonText, gateSignature, sessionId) {
+  const loop = registerGateBlock({
+    gate: 'stop',
+    sessionId,
+    signature: gateSignature,
+    statePath: GATE_LOOP_STATE_PATH,
+  });
+  if (!loop.loopDetected) return reasonText;
+  return `${reasonText}
+
+[LOOP_DETECTED gate=stop repeats=${loop.totalCount}]
+Stop retrying the same output shape unchanged.
+Next response must do this in order:
+1. Name the exact stop-gate failure in one line.
+2. Re-emit only the missing structure: <cognition>, <verify>, <expected>, and/or <reflection>.
+3. Change the draft materially before retrying. Do not repeat the same prose with renamed labels.
+4. If the blocker is stale gate state, stale ledger residue, or a gate artifact from a prior bug, say that explicitly instead of inventing fake proof.`;
+}
+
 // Lens substance check — same constants as aria-pre-tool-gate.mjs.
 // Hamza directive 2026-04-28: all 8 canonical lenses required, not 4-of-8.
 const REQUIRED_LENSES = 8;
@@ -302,6 +415,8 @@ try {
   audit('allow-parse-error', 'stdin not JSON');
   process.exit(0);
 }
+const gateSessionId = String(event.session_id || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+const sessionMizanState = loadMizanReceiptState(event.session_id || 'claude-code');
 
 // Read assistant text from THIS turn — Claude Code splits a single
 // logical assistant response into multiple transcript entries by
@@ -326,8 +441,13 @@ const SYSTEM_REMINDER_THRESHOLD = 0.6;
 
 const transcriptPath = event.transcript_path ?? event.transcriptPath;
 let assistantText = '';
-// Phase 11 #42: also capture the last real user message for gardenTurn writes.
 let lastUserMessage = '';
+const messageWindow = collectTurnWindowFromMessages(event.messages, {
+  systemReminderRx: SYSTEM_REMINDER_RX,
+  systemReminderThreshold: SYSTEM_REMINDER_THRESHOLD,
+});
+assistantText = messageWindow.assistantText;
+lastUserMessage = messageWindow.lastUserMessage;
 if (transcriptPath && existsSync(transcriptPath)) {
   try {
     const lines = readFileSync(transcriptPath, 'utf-8').split('\n').filter(Boolean);
@@ -370,7 +490,12 @@ if (transcriptPath && existsSync(transcriptPath)) {
       } catch {}
     }
     // Reverse so chunks are in chronological order (we walked backward).
-    assistantText = textChunks.reverse().join('\n\n');
+    const transcriptAssistantText = textChunks.reverse().join('\n\n');
+    if (transcriptAssistantText) {
+      assistantText = assistantText
+        ? [assistantText, transcriptAssistantText].filter((text, index, arr) => arr.indexOf(text) === index).join('\n\n')
+        : transcriptAssistantText;
+    }
   } catch {}
 }
 
@@ -412,13 +537,14 @@ const cog = detectCognitionLenses(assistantText);
 // with 0/8 lenses to fall through unchecked.
 if (cog.count < REQUIRED_LENSES) {
   audit('block_no_cognition_block_di', { count: cog.count, required: REQUIRED_LENSES, names: cog.names, chars: assistantText.length });
-  const reason = `Aria stop-gate: insufficient cognition lenses.
+  const reason = withLoopDirective(`Aria stop-gate: insufficient cognition lenses.
 
 This non-trivial assistant response (${assistantText.length} chars) has ${cog.count}/${REQUIRED_LENSES} substantive cognition lenses. Per feedback_8lens_before_every_action_including_text.md and Hamza directive 2026-04-28, every non-trivial response must carry <cognition>...</cognition> with ${REQUIRED_LENSES} substantive lenses (each >= ${SUBSTANCE_MIN_CHARS} chars of non-placeholder content).
 
 Detected lenses: ${cog.names.length > 0 ? cog.names.join(', ') : 'none'}.
 
-Re-emit with a <cognition> block containing all ${REQUIRED_LENSES} canonical lenses. Primary set: ${CANONICAL_LENS_TEXT}`;
+Re-emit with a <cognition> block containing all ${REQUIRED_LENSES} required visible labels for this surface:
+${LENS_NAMES.map((lens) => `- ${lens}: <grounded reasoning, >= ${SUBSTANCE_MIN_CHARS} chars, with real substrate anchors where required>`).join('\n')}`, `stop:no-cognition-di:${cog.count}`, gateSessionId);
   emitHarnessFooter({
     eventName: 'block_no_cognition_block',
     lensCount: cog.count,
@@ -609,7 +735,7 @@ if (cog.count >= REQUIRED_LENSES) {
     //
     //    Block emit if ledger.openCount > 0 after scanning the current turn.
     //    Block reason names each open discovery and the suggested resolution.
-    const sessionId = (event.session_id || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+    const sessionId = gateSessionId;
     const LEDGER_PATH = `${HOME}/.claude/aria-discoveries-${sessionId}.jsonl`;
     const DISCOVERY_RX = /(?:\bi\s+(?:found|noticed|discovered|spotted)[^.\n]{0,160}(?:bug|issue|defect|broken|buggy|wrong|crash|fail|missing|stale|outdated|leak|vulnerability)|\bthis\s+(?:is|would\s+be)\s+(?:broken|buggy|wrong|stale|outdated|insecure|leaking|crashing|failing)|\b(?:latent|silent|hidden)\s+(?:bug|defect|issue|fail|crash|leak)|\bdoctrine\s+violation\b|\bgraceful\s+degradation\s+(?:in|at|inside|within)\s+\S)/gi;
     const PROSE_RESOLUTION_RX = /(?:fix(?:ing|ed)?\s+(?:now|in[- ]flight|inline|in\s+the\s+same\s+turn)|patch\s+applied|TaskCreate|task\s+(?:created|tracked)|tracked\s+as\s+#?\d+|linear[- ]?issue|created\s+(?:linear|task))/i;
@@ -759,12 +885,36 @@ if (cog.count >= REQUIRED_LENSES) {
     let ledgerOpenCount = 0;
     let ledgerOpenSamples = [];
     let ledgerCorruptedCount = 0;
+    const ledgerRewriteRows = [];
+    let ledgerNeedsRewrite = false;
     try {
       if (existsSync(LEDGER_PATH)) {
         const lines = readFileSync(LEDGER_PATH, 'utf8').split('\n').filter(Boolean);
         for (const line of lines) {
           try {
             const e = JSON.parse(line);
+            const isSubstrateBindingArtifact =
+              (e.source === 'aria-cognition-substrate-binding') &&
+              (e.kind === 'substrate_binding_gap' || (typeof e.text === 'string' && e.text.startsWith('substrate_binding:')));
+            const isOpenBeforeAutoHeal = e.status === 'open' || e.resolution_status === 'open';
+            if (isSubstrateBindingArtifact && isOpenBeforeAutoHeal) {
+              // If the current emit already passed aria-cognition-substrate-binding
+              // and reached stop-gate, older open substrate-binding rows from the
+              // same session are stale gate artifacts, not live unresolved
+              // discoveries. Auto-heal them so the discovery ledger cannot loop
+              // forever on the residue of a gate bug.
+              ledgerNeedsRewrite = true;
+              e.status = 'resolved';
+              e.resolution_status = 'resolved';
+              e.resolved_at = new Date().toISOString();
+              e.resolved_by = 'subsequent_valid_substrate_bound_cognition';
+              e.resolutionType = 'subsequent_valid_substrate_bound_cognition';
+              e.proofOfFix = {
+                type: 'subsequent_valid_substrate_bound_cognition',
+                anchorTs: new Date().toISOString(),
+                evidence: 'Current emit passed aria-cognition-substrate-binding and reached aria-stop-gate; stale substrate-binding ledger artifacts from the earlier cognition bug were auto-cleared.',
+              };
+            }
             const isOpen = e.status === 'open' || e.resolution_status === 'open';
             const isLegacyTracked = e.status === 'tracked';
             const proofValid = e.proofOfFix
@@ -784,8 +934,16 @@ if (cog.count >= REQUIRED_LENSES) {
                 ledgerOpenSamples.push(`${tag}${e.text || '(no text)'}`);
               }
             }
+            ledgerRewriteRows.push(JSON.stringify(e));
           } catch {/* skip malformed line */}
         }
+        if (ledgerNeedsRewrite) {
+          try {
+            writeFileSync(LEDGER_PATH, `${ledgerRewriteRows.join('\n')}\n`);
+          } catch (rewriteErr) {
+            audit('ledger-autoheal-write-err', `${String(rewriteErr).slice(0, 200)}`);
+          }
+        }
       }
     } catch {/* ledger unreadable — degrade to drift-only */}
 
@@ -1040,7 +1198,7 @@ if (cog.count >= REQUIRED_LENSES) {
       const FILE_LINE_RX = /([\w./\-]+\.[a-zA-Z]{1,5})\s*[:\s]\s*(\d+(?:[-:]\d+)?)/g;
       const inlineDictations = [];
       const lensRangePositions = [];
-      for (const lensName of LENS_NAMES_CANONICAL) {
+      for (const lensName of PRIMARY_OWNER_LENS_NAMES) {
         const lensRx = new RegExp(`\\b${lensName}\\s*(?:lens)?\\s*[:\\-]`, 'gi');
         let m;
         while ((m = lensRx.exec(assistantText)) !== null) {
@@ -1138,10 +1296,11 @@ if (cog.count >= REQUIRED_LENSES) {
       if (apiKey && assistantText && assistantText.length > 0) {
         const client = new HTTPHarnessClient({
           baseUrl:
+            process.env.ARIA_RUNTIME_URL ||
             process.env.ARIA_HIVE_RUNTIME_URL ||
             process.env.ARIA_HARNESS_BASE_URL ||
             process.env.ARIA_HARNESS_URL ||
-            'https://harness.ariasos.com',
+            RUNTIME_BASE_URL,
           apiKey,
         });
         const v = await client.validateOutput(assistantText, sessionId);
@@ -1255,7 +1414,7 @@ if (cog.count >= REQUIRED_LENSES) {
         }
       })();
 
-      const reason = `Aria Stop-gate output-quality block. Cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates:\n\n${violations.join('\n\n')}${rewritten ? `\n\nMizan rewrite suggestion:\n${rewritten}` : ''}\n\nRe-draft addressing the violations above. No process-level disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27.${recipeAddendum}`;
+      const reason = withLoopDirective(`Aria Stop-gate output-quality block. Cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates:\n\n${violations.join('\n\n')}${rewritten ? `\n\nMizan rewrite suggestion:\n${rewritten}` : ''}\n\nRe-draft addressing the violations above. No process-level disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27.${recipeAddendum}`, `stop:output-qc:${violations.join('|').slice(0, 240)}`, gateSessionId);
 
       audit(`block-output-qc`, `mizan=${mizanBlock?'y':'n'} warn-reflect=${compelReflection?'y':'n'} drift=${driftHits.length} code=${codeQualityHits.length} discoveries-open=${ledgerOpenCount} impl-coupling=${implCouplingHits.length}`);
       emitHarnessFooter({
@@ -1398,7 +1557,7 @@ const dalioHasMeasurablePredicate = dalioExpectedText
 
 // Block stop if non-trivial action taken AND expected block is missing
 if (hadNonTrivialAction && (!dalioExpectedMatch || !dalioHasMeasurablePredicate)) {
-  const missingReason = dalioExpectedMatch
+  const missingReason = withLoopDirective(dalioExpectedMatch
     ? `Aria Stop-gate: action taken in this turn had an <expected> block, but it contains only qualitative drift phrases without a measurable predicate. Qualitative drift is not accountability — it defeats the Dalio feedback loop.
 
 Your <expected> block must contain at least one measurable predicate:
@@ -1422,7 +1581,7 @@ Add to your assistant text:
   eval_window_minutes: <optional>
 </expected>
 
-No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces it AFTER. Both gates are now wired.`;
+No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces it AFTER. Both gates are now wired.`, `stop:dalio-expected:${hadNonTrivialAction}:${!!dalioExpectedMatch}:${dalioHasMeasurablePredicate}`, gateSessionId);
 
   audit('block-dalio-expected-missing', `hadNonTrivialAction=${hadNonTrivialAction} expectedPresent=${!!dalioExpectedMatch} measurable=${dalioHasMeasurablePredicate}`);
   emitHarnessFooter({
@@ -1445,7 +1604,37 @@ No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces
 // Per feedback_no_timeouts_doctrine.md: no AbortController/setTimeout timeout.
 {
   const DALIO_LEDGER_PATH = `${HOME}/.claude/.aria-dalio-ledger.jsonl`;
-  const ARIA_SOUL_DECISIONS_URL = 'http://aria-soul.aria.svc.cluster.local:8080/api/decisions';
+  let postReceipt = null;
+  try {
+    const post = await runtimeMizanPost(
+      event.session_id || 'claude-code',
+      assistantText.slice(0, 8000),
+      {
+        message: lastUserMessage || `stop-gate turn (${assistantText.length} chars)`,
+        plannedApproach: lastActionSummary || 'Finalize and validate the just-emitted Claude response.',
+        platform: 'claude-code',
+        stage: 'hook-stop-post',
+      },
+      sessionMizanState?.receipt?.receiptId || null,
+    );
+    postReceipt = post?.receipt || null;
+    if (postReceipt) {
+      saveMizanReceiptState(event.session_id || 'claude-code', {
+        ...(sessionMizanState || {}),
+        updatedAt: new Date().toISOString(),
+        sessionId: event.session_id || 'claude-code',
+        postReceipt,
+        postResult: post?.result || null,
+        postContract: post?.contract || null,
+        postSummary: post?.summary || null,
+      });
+    }
+  } catch (postErr) {
+    console.error(
+      `[aria-stop-gate] MIZAN POST FAILED — runtime receipt not recorded. Error: ${postErr instanceof Error ? postErr.message : String(postErr)}`,
+    );
+    audit('mizan-post-failed', `session=${event.session_id || 'claude-code'} err=${String(postErr).slice(0, 200)}`);
+  }
 
   const ledgerEntry = {
     ts: new Date().toISOString(),
@@ -1469,7 +1658,11 @@ No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces
           measurable_type: 'state_string',
         }
       : null,
-    source: 'claude-code-stop-gate',
+    metadata: {
+      pre_receipt_id: sessionMizanState?.receipt?.receiptId || null,
+      post_receipt_id: postReceipt?.receiptId || null,
+    },
+    source: 'claude-code-stop-gate-runtime',
     model_used: 'claude-opus-4-7',
   };
 
@@ -1484,40 +1677,20 @@ No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces
     );
   }
 
-  // POST to aria-soul decision API — fire-and-forget, but LOUD on error
-  const dalioHarnessToken = process.env.ARIA_HARNESS_TOKEN
-    || (isOwnerTier() ? (process.env.ARIA_MASTER_TOKEN || process.env.ARIA_API_KEY || '') : '');
-
-  fetch(ARIA_SOUL_DECISIONS_URL, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      ...(dalioHarnessToken ? { Authorization: `Bearer ${dalioHarnessToken}` } : {}),
-    },
-    body: JSON.stringify(ledgerEntry),
-  }).then((resp) => {
-    if (!resp.ok) {
-      // LOUD telemetry per feedback_canonical_secrets_governance.md
-      console.error(
-        `[aria-stop-gate] DALIO POST FAILED — aria-soul responded HTTP ${resp.status}. ` +
-        `Local mirror written to ${DALIO_LEDGER_PATH}. Session: ${ledgerEntry.session_id}`,
-      );
-      audit('dalio-post-failed', `http=${resp.status} session=${ledgerEntry.session_id}`);
-    } else {
-      audit('dalio-post-ok', `session=${ledgerEntry.session_id} action=${lastActionSummary.slice(0, 80)}`);
-    }
-  }).catch((err) => {
-    // Network failure — LOUD, never silent
+  try {
+    await runtimeDecisionLog(ledgerEntry);
+    audit('dalio-post-ok', `session=${ledgerEntry.session_id} action=${lastActionSummary.slice(0, 80)}`);
+  } catch (err) {
     console.error(
-      `[aria-stop-gate] DALIO POST NETWORK ERROR — could not reach ${ARIA_SOUL_DECISIONS_URL}. ` +
+      `[aria-stop-gate] DALIO POST FAILED — runtime /decision/log rejected or unreachable. ` +
       `Local mirror written to ${DALIO_LEDGER_PATH}. Error: ${err instanceof Error ? err.message : String(err)}`,
     );
-    audit('dalio-post-network-err', `err=${String(err).slice(0, 200)} session=${ledgerEntry.session_id}`);
-  });
+    audit('dalio-post-runtime-err', `err=${String(err).slice(0, 200)} session=${ledgerEntry.session_id}`);
+  }
 }
 
-// Block — non-trivial response without 4+ substantive lenses.
-const reason = `Aria Stop-gate: non-trivial assistant response without 4+ substantive cognition lenses. Found ${cog.count}/${REQUIRED_LENSES}+ (lenses: ${cog.names.join(', ') || 'none'}). Doctrine is action-coupled — text decisions ARE actions, and reflexive replies fail this gate the same way reflexive Bash does.
+// Block — non-trivial response without all required substantive lenses.
+const reason = withLoopDirective(`Aria Stop-gate: non-trivial assistant response without all required substantive cognition lenses. Found ${cog.count}/${REQUIRED_LENSES} (lenses: ${cog.names.join(', ') || 'none'}). Doctrine is action-coupled — text decisions ARE actions, and reflexive replies fail this gate the same way reflexive Bash does.
 
 Re-emit the response with substantive lens application BEFORE drafting. Each lens must have ≥${SUBSTANCE_MIN_CHARS} chars of non-placeholder content:
 
@@ -1534,7 +1707,7 @@ Re-emit the response with substantive lens application BEFORE drafting. Each len
 
 The block reflects work done BEFORE drafting. Don't emit it as ceremony; apply each lens as a thinking tool. Substance check defeats ritual emission.
 
-No per-command bypass (mirrors aria-pre-tool-gate.mjs v3 doctrine). No env-var disable path either — gates are unconditional from the gated process per Hamza directive 2026-04-27. If the gate misfires on legitimate cognition, fix the gate.`;
+No per-command bypass (mirrors aria-pre-tool-gate.mjs v3 doctrine). No env-var disable path either — gates are unconditional from the gated process per Hamza directive 2026-04-27. If the gate misfires on legitimate cognition, fix the gate.`, `stop:lens-missing:${cog.count}`, gateSessionId);
 
 audit(`block`, `lenses=${cog.count}/${REQUIRED_LENSES} chars=${assistantText.length}`);
 emitHarnessFooter({

package/hooks/lib/canonical-lenses.mjs

@@ -1,14 +1,15 @@
 export const LENS_NAMES_OLDER = ['nur', 'mizan', 'hikma', 'tafakkur', 'tadabbur', 'ilham', 'wahi', 'firasah'];
 export const LENS_NAMES_NEWER = ['zahir', 'batin', 'sabab', 'hikmah', 'aqibah', 'ilham', 'meta', 'fitrah'];
-export const LENS_NAMES_GENERIC = ['perception', 'balance', 'wisdom', 'reflection', 'foresight', 'insight', 'revelation', 'discernment'];
 
 export const PRIMARY_OWNER_LENS_NAMES = LENS_NAMES_OLDER;
-export const PRIMARY_CLIENT_LENS_NAMES = LENS_NAMES_GENERIC;
+// Readability must not rewrite the lens semantics. Client surfaces may need
+// friendlier prose inside each lens, but the visible lens labels themselves
+// stay canonical so the meaning is preserved.
+export const PRIMARY_CLIENT_LENS_NAMES = LENS_NAMES_OLDER;
 
 export const ALL_LENS_NAMES = [...new Set([
   ...LENS_NAMES_OLDER,
   ...LENS_NAMES_NEWER,
-  ...LENS_NAMES_GENERIC,
 ])];
 
 export function lensNamesForTier(isOwner) {
@@ -19,7 +20,7 @@ export function canonicalLensCorrectionText() {
   return [
     `Owner canonical lenses: ${LENS_NAMES_OLDER.join(', ')}.`,
     `Owner mapped counterparts that must remain represented in phase reasoning and receipts: ${LENS_NAMES_NEWER.join(', ')}.`,
-    `Generic client-safe alternatives: ${LENS_NAMES_GENERIC.join(', ')}.`,
+    `Canonical lens labels are preserved on every surface. Readability comes from the explanatory prose inside each lens, never from renaming the lens itself.`,
   ].join(' ');
 }
 
@@ -57,7 +58,7 @@ export function detectCognitionLenses(text, {
   }
 
   const matchedSet =
-    [LENS_NAMES_OLDER, LENS_NAMES_NEWER, LENS_NAMES_GENERIC]
+    [LENS_NAMES_OLDER, LENS_NAMES_NEWER]
       .find((candidateSet) => candidateSet.every((name) => names.includes(name))) || null;
 
   return { count: names.length, names, matchedSet };

package/hooks/lib/gate-loop-state.mjs

@@ -0,0 +1,50 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname } from 'node:path';
+
+const MAX_RECORDS = 300;
+
+export function registerGateBlock({
+  gate,
+  sessionId,
+  signature,
+  statePath,
+  threshold = 2,
+  windowMs = 10 * 60 * 1000,
+}) {
+  const now = Date.now();
+  let rows = [];
+  try {
+    if (existsSync(statePath)) {
+      const raw = JSON.parse(readFileSync(statePath, 'utf8'));
+      if (Array.isArray(raw)) rows = raw;
+    }
+  } catch {}
+
+  const freshRows = rows.filter((row) =>
+    row &&
+    typeof row.ts === 'number' &&
+    typeof row.sessionId === 'string' &&
+    typeof row.gate === 'string' &&
+    typeof row.signature === 'string' &&
+    (now - row.ts) <= windowMs,
+  );
+
+  const priorMatches = freshRows.filter((row) =>
+    row.sessionId === sessionId &&
+    row.gate === gate &&
+    row.signature === signature,
+  );
+
+  freshRows.push({ ts: now, sessionId, gate, signature });
+
+  try {
+    mkdirSync(dirname(statePath), { recursive: true });
+    writeFileSync(statePath, JSON.stringify(freshRows.slice(-MAX_RECORDS), null, 2) + '\n');
+  } catch {}
+
+  return {
+    loopDetected: priorMatches.length >= threshold,
+    priorCount: priorMatches.length,
+    totalCount: priorMatches.length + 1,
+  };
+}

package/hooks/lib/hook-message-window.mjs

@@ -0,0 +1,121 @@
+function withGlobalRegex(regex) {
+  if (!(regex instanceof RegExp)) return null;
+  const flags = regex.flags.includes('g') ? regex.flags : `${regex.flags}g`;
+  return new RegExp(regex.source, flags);
+}
+
+export function normalizeRole(entry) {
+  if (entry?.message?.role) return entry.message.role;
+  if (entry?.role) return entry.role;
+  if (entry?.type === 'assistant' || entry?.type === 'user') return entry.type;
+  return null;
+}
+
+export function normalizeContent(entry) {
+  return entry?.message?.content ?? entry?.content ?? [];
+}
+
+export function extractTextFromContent(content) {
+  if (Array.isArray(content)) {
+    return content
+      .filter((block) => block && block.type === 'text')
+      .map((block) => (typeof block.text === 'string' ? block.text : ''))
+      .filter(Boolean)
+      .join('\n');
+  }
+  return typeof content === 'string' ? content : '';
+}
+
+export function isToolResultOnlyContent(content) {
+  return (
+    Array.isArray(content) &&
+    content.length > 0 &&
+    content.every((block) => block && block.type === 'tool_result')
+  );
+}
+
+export function isMostlySystemReminder(text, systemReminderRx, threshold = 0.6) {
+  if (!text || !(systemReminderRx instanceof RegExp)) return false;
+  const reminderRx = withGlobalRegex(systemReminderRx);
+  if (!reminderRx) return false;
+  const matches = text.match(reminderRx) || [];
+  if (matches.length === 0) return false;
+  const reminderChars = matches.reduce((sum, match) => sum + match.length, 0);
+  return reminderChars / Math.max(1, text.length) >= threshold;
+}
+
+export function collectRecentAssistantTextsFromMessages(messages, {
+  compactSummaryRx = null,
+  hardLookbackCap = 50,
+  systemReminderRx = null,
+  systemReminderThreshold = 0.6,
+  userBoundariesToCross = 1,
+} = {}) {
+  if (!Array.isArray(messages) || messages.length === 0) return [];
+  const recentAssistantTexts = [];
+  let scanned = 0;
+  let userBoundariesCrossed = 0;
+
+  for (let i = messages.length - 1; i >= 0 && scanned < hardLookbackCap; i--) {
+    const entry = messages[i];
+    const role = normalizeRole(entry);
+    const content = normalizeContent(entry);
+    if (role === 'user') {
+      if (isToolResultOnlyContent(content)) continue;
+      const textContent = extractTextFromContent(content);
+      if (isMostlySystemReminder(textContent, systemReminderRx, systemReminderThreshold)) {
+        continue;
+      }
+      userBoundariesCrossed++;
+      if (userBoundariesCrossed > userBoundariesToCross) break;
+      continue;
+    }
+    if (role !== 'assistant') continue;
+    scanned++;
+    const text = extractTextFromContent(content);
+    if (!text) continue;
+    if (compactSummaryRx instanceof RegExp && compactSummaryRx.test(text) && text.length > 4000) {
+      continue;
+    }
+    recentAssistantTexts.push(text);
+  }
+
+  return recentAssistantTexts.reverse();
+}
+
+export function collectTurnWindowFromMessages(messages, {
+  systemReminderRx = null,
+  systemReminderThreshold = 0.6,
+} = {}) {
+  if (!Array.isArray(messages) || messages.length === 0) {
+    return { assistantText: '', lastUserMessage: '' };
+  }
+
+  const textChunks = [];
+  let lastUserMessage = '';
+
+  for (let i = messages.length - 1; i >= 0; i--) {
+    const entry = messages[i];
+    const role = normalizeRole(entry);
+    const content = normalizeContent(entry);
+
+    if (role === 'user') {
+      if (isToolResultOnlyContent(content)) continue;
+      const textContent = extractTextFromContent(content);
+      if (isMostlySystemReminder(textContent, systemReminderRx, systemReminderThreshold)) {
+        continue;
+      }
+      lastUserMessage = textContent || lastUserMessage;
+      break;
+    }
+
+    if (role !== 'assistant') continue;
+    const text = extractTextFromContent(content);
+    if (text) textChunks.push(text);
+  }
+
+  return {
+    assistantText: textChunks.reverse().join('\n\n'),
+    lastUserMessage,
+  };
+}