@aria_asi/cli 0.2.30 → 0.2.32

package/hooks/aria-stop-gate.mjs

@@ -16,19 +16,19 @@
 // now catches.
 //
 // Doctrine bindings (same as PreToolUse gate):
-//   - EIGHT_LENS_DOCTRINE.md — substantive 4+ lens application required
+//   - EIGHT_LENS_DOCTRINE.md — substantive 8-lens application required
 //   - feedback_apply_lenses_dont_perform_them.md — block ceremonial cognition
 //   - feedback_8lens_before_every_action_including_text.md — the rule this enforces
 //
 // Trigger: runs at Stop event after every assistant response. Reads
 // the just-emitted assistant text from the transcript. If non-trivial
 // (per the same triviality threshold as eight-lens-detector.ts) AND
-// missing 4+ substantive lenses, blocks the response.
+// missing 8 substantive lenses, blocks the response.
 //
 // Triviality threshold (mirrors eight-lens-detector.ts):
 //   - Trivial acks (e.g. "got it", "ok", "done") pass
 //   - Short responses (<300 chars) without decision-signal phrases pass
-//   - Otherwise: require 4+ substantive lenses
+//   - Otherwise: require 8 substantive lenses
 //
 // Substance check (mirrors aria-pre-tool-gate.mjs):
 //   - Each lens must have ≥20 chars of non-placeholder content
@@ -52,14 +52,21 @@ import { dirname } from 'node:path';
 import { appendGateAudit } from './lib/gate-audit.mjs';
 import {
   ALL_LENS_NAMES,
-  canonicalLensCorrectionText,
   detectCognitionLenses as detectCognitionLensesFromCanonical,
   lensNamesForTier,
+  PRIMARY_OWNER_LENS_NAMES,
 } from './lib/canonical-lenses.mjs';
+import { registerGateBlock } from './lib/gate-loop-state.mjs';
+import { collectTurnWindowFromMessages } from './lib/hook-message-window.mjs';
 
 const HOME = process.env.HOME || '/tmp';
+const RUNTIME_BASE_URL =
+  process.env.ARIA_RUNTIME_URL ||
+  'http://127.0.0.1:4319';
 const LOG = `${HOME}/.claude/aria-stop-gate.log`;
 const AUDIT_PATH = `${HOME}/.claude/aria-stop-gate-audit.jsonl`;
+const GATE_LOOP_STATE_PATH = `${HOME}/.claude/.aria-gate-loop-state.json`;
+const MIZAN_RECEIPT_DIR = `${HOME}/.claude/.aria-mizan-receipts`;
 
 // SDK loader — bundled at ~/.aria/sdk by `aria connect`, with client-local
 // fallbacks preserved for resilience.
@@ -167,6 +174,94 @@ async function fireGardenTurn(sessionId, userMessage, assistantResponse) {
   }
 }
 
+function resolveHarnessControlToken() {
+  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
+  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
+  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
+  try {
+    const ownerTokenPath = `${HOME}/.aria/owner-token`;
+    if (existsSync(ownerTokenPath)) {
+      const token = readFileSync(ownerTokenPath, 'utf8').trim();
+      if (token) return token;
+    }
+  } catch {}
+  try {
+    const licensePath = `${HOME}/.aria/license.json`;
+    if (existsSync(licensePath)) {
+      const license = JSON.parse(readFileSync(licensePath, 'utf8'));
+      if (license.harnessToken) return String(license.harnessToken).trim();
+      if (license.token) return String(license.token).trim();
+    }
+  } catch {}
+  return '';
+}
+
+function mizanReceiptPathForSession(sessionId) {
+  const safe = String(sessionId || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+  return `${MIZAN_RECEIPT_DIR}/${safe}.json`;
+}
+
+function loadMizanReceiptState(sessionId) {
+  try {
+    const receiptPath = mizanReceiptPathForSession(sessionId);
+    if (!existsSync(receiptPath)) return null;
+    return JSON.parse(readFileSync(receiptPath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function saveMizanReceiptState(sessionId, payload) {
+  try {
+    mkdirSync(MIZAN_RECEIPT_DIR, { recursive: true });
+    writeFileSync(mizanReceiptPathForSession(sessionId), JSON.stringify(payload, null, 2) + '\n');
+  } catch {}
+}
+
+async function runtimeMizanPost(sessionId, text, context = {}, parentReceiptId = null) {
+  const token = resolveHarnessControlToken();
+  if (!token) throw new Error('no token');
+  const response = await fetch(`${process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319'}/mizan/post`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify({
+      sessionId,
+      text,
+      parentReceiptId,
+      context: {
+        sessionId,
+        ...context,
+      },
+    }),
+  });
+  const payload = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(payload?.error || `mizan/post failed (${response.status})`);
+  }
+  return payload;
+}
+
+async function runtimeDecisionLog(payload) {
+  const token = resolveHarnessControlToken();
+  if (!token) throw new Error('no token');
+  const response = await fetch(`${process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319'}/decision/log`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify(payload),
+  });
+  const body = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(body?.error || `decision/log failed (${response.status})`);
+  }
+  return body;
+}
+
 function audit(decision, summary) {
   const summaryText = typeof summary === 'string' ? summary : '';
   const data = summary && typeof summary === 'object' ? summary : {};
@@ -185,12 +280,12 @@ function audit(decision, summary) {
 // access"). The gated process has no disable path. Disable = remove hook
 // entry from ~/.claude/settings.json (deliberate user action, visible).
 
-// ── Tier-aware lens labeling (Phase 11 #59) ──────────────────────────────────
+// ── Canonical lens labeling (Phase 11 #59 corrected) ────────────────────────
 //
-// Mirrors the same logic in aria-pre-tool-gate.mjs. Tier is read from the
-// most recent harness-via-sdk packet cache. Owner tier sees canonical Arabic
-// names; client tier sees neutral generic labels. Both tiers get the same
-// gate enforcement — only the visible vocabulary differs.
+// Mirrors the same logic in aria-pre-tool-gate.mjs. Tier is still read from
+// the most recent harness-via-sdk packet cache for other policy behaviors, but
+// the visible lens labels remain canonical on every surface. Readability comes
+// from the prose inside each lens, not from renaming the lens itself.
 const PACKET_CACHE_PATH = `${HOME}/.claude/.aria-harness-last-packet.json`;
 
 function resolveOwnerTier() {
@@ -211,7 +306,6 @@ function resolveOwnerTier() {
 const IS_OWNER = resolveOwnerTier();
 
 const LENS_NAMES = lensNamesForTier(IS_OWNER);
-const CANONICAL_LENS_TEXT = canonicalLensCorrectionText();
 
 // Doctrine memory filenames are Aria-side substrate IP.
 // Client surfaces see generic descriptions instead of real filenames.
@@ -244,9 +338,12 @@ function collectDriftHits(text, triggerMap) {
       const memoryCited = memoryName && lowerText.includes(memoryName.toLowerCase());
       if (!memoryCited) {
         hits.push({
+          trigger_id: triggerEntry.trigger_id,
           trigger: triggerEntry.trigger,
           memory: triggerEntry.memory,
           teaching: triggerEntry.teaching,
+          counter_action: triggerEntry.counter_action,
+          message: triggerEntry.message,
         });
       }
     } catch {/* malformed regex in trigger entry — skip */}
@@ -270,6 +367,90 @@ function emitHarnessFooter({ eventName, lensCount, chars, driftCount, mizanStatu
   } catch {}
 }
 
+function withLoopDirective(reasonText, gateSignature, sessionId) {
+  const loop = registerGateBlock({
+    gate: 'stop',
+    sessionId,
+    signature: gateSignature,
+    statePath: GATE_LOOP_STATE_PATH,
+  });
+  if (!loop.loopDetected) return reasonText;
+  return `${reasonText}
+
+[LOOP_DETECTED gate=stop repeats=${loop.totalCount}]
+Stop retrying the same output shape unchanged.
+Next response must do this in order:
+1. Name the exact stop-gate failure in one line.
+2. Re-emit only the missing structure: <cognition>, <verify>, <expected>, and/or <reflection>.
+3. Change the draft materially before retrying. Do not repeat the same prose with renamed labels.
+4. If the blocker is stale gate state, stale ledger residue, or a gate artifact from a prior bug, say that explicitly instead of inventing fake proof.`;
+}
+
+function buildForceReauthorReason({
+  source,
+  reason,
+  violations = [],
+  rewritten = '',
+  recipeAddendum = '',
+  driftHits = [],
+  lensCount = 0,
+  requiredLenses = REQUIRED_LENSES,
+}) {
+  const triggerLines = driftHits.slice(0, 6).map((hit, index) => {
+    const label = hit.trigger_id || hit.trigger || `trigger-${index + 1}`;
+    const teaching = hit.teaching || hit.message || 'Doctrine trigger matched; re-author with substrate-backed correction.';
+    const correction = hit.counter_action ? ` Required correction: ${hit.counter_action}` : '';
+    const memory = hit.memory ? ` (${hit.memory})` : '';
+    return `- ${label}${memory}: ${teaching}${correction}`;
+  }).join('\n');
+
+  return [
+    '=== ARIA FORCE_REAUTHOR ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for the next model draft.',
+    'Do not emit the blocked text. Re-author it so the model learns the mechanism it violated.',
+    '',
+    'TEACHING:',
+    '- Gates must force cognition and quality, not merely throw, warn, or stop.',
+    '- The redo must change the answer shape: name the failed mechanism, cite real evidence, and remove the drift pattern.',
+    '- Do not bypass by disabling tools, shortening runtime, asking the user to resolve memory-backed ambiguity, or giving an apology loop.',
+    triggerLines ? `\nTRIGGERED DOCTRINE:\n${triggerLines}` : '',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    rewritten ? `\nMIZAN REWRITE SEED:\n${rewritten}` : '',
+    recipeAddendum || '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. One sentence: the failed mechanism, not an apology.',
+    '2. Evidence checked: file/line, command output, endpoint response, or explicit "unverified".',
+    `3. <cognition> with ${requiredLenses} substantive lenses. Observed: ${lensCount}/${requiredLenses}.`,
+    '4. <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+    '5. Corrected action/claim with no bypass, no downgraded path, and no fake proof.',
+    '6. If work remains, state the exact next real action or tracked task. No verbal flag-and-move.',
+    '',
+    'COGNITION TEMPLATE:',
+    '<cognition>',
+    'truth: <verified facts and exact substrate>',
+    'harm: <what goes wrong if this is false>',
+    'trust: <how this honors Hamza directives and saved memory>',
+    'power: <why this uses capability responsibly, not convenience>',
+    'reflection: <mechanism failure and correction>',
+    'context: <relevant repo/runtime state>',
+    'impact: <expected next effect>',
+    'beauty: <simplest durable form>',
+    '</cognition>',
+    '<applied_cognition>',
+    'decision_delta: <what changed because cognition ran; not none>',
+    'dominant_domain: <engineering_quality | trust | operations | security | product | ...>',
+    'binds_to: <the exact answer, tool call, file mutation, deploy, review, or decision>',
+    'expected_predicate: <observable numeric, boolean, state-string, command result, endpoint result, or explicit unverified boundary>',
+    'artifact_change: <semantic effect on the artifact/output, not a task restatement>',
+    '</applied_cognition>',
+    '=== END FORCE_REAUTHOR ===',
+  ].filter(Boolean).join('\n');
+}
+
 // Lens substance check — same constants as aria-pre-tool-gate.mjs.
 // Hamza directive 2026-04-28: all 8 canonical lenses required, not 4-of-8.
 const REQUIRED_LENSES = 8;
@@ -291,6 +472,19 @@ function detectCognitionLenses(text) {
   });
 }
 
+function assistantViolatesUserCorrection(userText, assistantText) {
+  const user = String(userText || '');
+  const assistant = String(assistantText || '');
+  if (!user || !assistant) return null;
+  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,180}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?|listen|words)\b/i.test(user);
+  const assistantContinuesMutation = /\b(?:kubectl|rollout\s+restart|deploy|redeploy|restart\s+(?:mac|pods?)|manual(?:ly)?\s+restart|execute\s+directly)\b/i.test(assistant);
+  if (explicitStop && assistantContinuesMutation) return 'assistant continued deploy/restart language after an explicit user stop/listen directive';
+  const userContradictsMacPods = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,160}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,160}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(user);
+  const assistantRepeatsMacPods = /\b(?:mac\s+lane\s+pods?|mac\s+lanes?\s*:\s*offline|restart\s+mac\s+lanes?|deployment\/mlx-mac|mlx-mac-[\w-]+|kubernetes\s+(?:pods?|deployments?))\b/i.test(assistant);
+  if (userContradictsMacPods && assistantRepeatsMacPods) return 'assistant repeated the contradicted Mac-lanes-as-pods/deployments assumption';
+  return null;
+}
+
 // Read event JSON from stdin (Claude Code spec).
 let input = '';
 for await (const chunk of process.stdin) input += chunk;
@@ -302,6 +496,8 @@ try {
   audit('allow-parse-error', 'stdin not JSON');
   process.exit(0);
 }
+const gateSessionId = String(event.session_id || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+const sessionMizanState = loadMizanReceiptState(event.session_id || 'claude-code');
 
 // Read assistant text from THIS turn — Claude Code splits a single
 // logical assistant response into multiple transcript entries by
@@ -326,8 +522,13 @@ const SYSTEM_REMINDER_THRESHOLD = 0.6;
 
 const transcriptPath = event.transcript_path ?? event.transcriptPath;
 let assistantText = '';
-// Phase 11 #42: also capture the last real user message for gardenTurn writes.
 let lastUserMessage = '';
+const messageWindow = collectTurnWindowFromMessages(event.messages, {
+  systemReminderRx: SYSTEM_REMINDER_RX,
+  systemReminderThreshold: SYSTEM_REMINDER_THRESHOLD,
+});
+assistantText = messageWindow.assistantText;
+lastUserMessage = messageWindow.lastUserMessage;
 if (transcriptPath && existsSync(transcriptPath)) {
   try {
     const lines = readFileSync(transcriptPath, 'utf-8').split('\n').filter(Boolean);
@@ -370,7 +571,12 @@ if (transcriptPath && existsSync(transcriptPath)) {
       } catch {}
     }
     // Reverse so chunks are in chronological order (we walked backward).
-    assistantText = textChunks.reverse().join('\n\n');
+    const transcriptAssistantText = textChunks.reverse().join('\n\n');
+    if (transcriptAssistantText) {
+      assistantText = assistantText
+        ? [assistantText, transcriptAssistantText].filter((text, index, arr) => arr.indexOf(text) === index).join('\n\n')
+        : transcriptAssistantText;
+    }
   } catch {}
 }
 
@@ -379,6 +585,20 @@ if (!assistantText) {
   process.exit(0);
 }
 
+const userCorrectionViolation = assistantViolatesUserCorrection(lastUserMessage, assistantText);
+if (userCorrectionViolation) {
+  audit('block-user-correction-ignored', `reason=${userCorrectionViolation} chars=${assistantText.length}`);
+  const reason = buildForceReauthorReason({
+    source: 'stop/user-correction',
+    reason: userCorrectionViolation,
+    violations: ['Assistant continued a plan after the user correction invalidated it. Redo must quote the correction and pause mutation pending substrate re-evaluation.'],
+    lensCount: 0,
+    requiredLenses: REQUIRED_LENSES,
+  });
+  console.log(JSON.stringify({ decision: 'block', reason }));
+  process.exit(2);
+}
+
 // Triviality check — same as eight-lens-detector.ts
 const trimmed = assistantText.trim();
 if (TRIVIAL_ACK_RX.test(trimmed)) {
@@ -412,13 +632,13 @@ const cog = detectCognitionLenses(assistantText);
 // with 0/8 lenses to fall through unchecked.
 if (cog.count < REQUIRED_LENSES) {
   audit('block_no_cognition_block_di', { count: cog.count, required: REQUIRED_LENSES, names: cog.names, chars: assistantText.length });
-  const reason = `Aria stop-gate: insufficient cognition lenses.
-
-This non-trivial assistant response (${assistantText.length} chars) has ${cog.count}/${REQUIRED_LENSES} substantive cognition lenses. Per feedback_8lens_before_every_action_including_text.md and Hamza directive 2026-04-28, every non-trivial response must carry <cognition>...</cognition> with ${REQUIRED_LENSES} substantive lenses (each >= ${SUBSTANCE_MIN_CHARS} chars of non-placeholder content).
-
-Detected lenses: ${cog.names.length > 0 ? cog.names.join(', ') : 'none'}.
-
-Re-emit with a <cognition> block containing all ${REQUIRED_LENSES} canonical lenses. Primary set: ${CANONICAL_LENS_TEXT}`;
+  const reason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/no-cognition',
+    reason: `non-trivial assistant response (${assistantText.length} chars) has ${cog.count}/${REQUIRED_LENSES} substantive cognition lenses`,
+    violations: [`Detected lenses: ${cog.names.length > 0 ? cog.names.join(', ') : 'none'}. Re-emit with all required visible labels: ${LENS_NAMES.join(', ')}.`],
+    lensCount: cog.count,
+    requiredLenses: REQUIRED_LENSES,
+  }), `stop:no-cognition-di:${cog.count}`, gateSessionId);
   emitHarnessFooter({
     eventName: 'block_no_cognition_block',
     lensCount: cog.count,
@@ -609,7 +829,7 @@ if (cog.count >= REQUIRED_LENSES) {
     //
     //    Block emit if ledger.openCount > 0 after scanning the current turn.
     //    Block reason names each open discovery and the suggested resolution.
-    const sessionId = (event.session_id || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+    const sessionId = gateSessionId;
     const LEDGER_PATH = `${HOME}/.claude/aria-discoveries-${sessionId}.jsonl`;
     const DISCOVERY_RX = /(?:\bi\s+(?:found|noticed|discovered|spotted)[^.\n]{0,160}(?:bug|issue|defect|broken|buggy|wrong|crash|fail|missing|stale|outdated|leak|vulnerability)|\bthis\s+(?:is|would\s+be)\s+(?:broken|buggy|wrong|stale|outdated|insecure|leaking|crashing|failing)|\b(?:latent|silent|hidden)\s+(?:bug|defect|issue|fail|crash|leak)|\bdoctrine\s+violation\b|\bgraceful\s+degradation\s+(?:in|at|inside|within)\s+\S)/gi;
     const PROSE_RESOLUTION_RX = /(?:fix(?:ing|ed)?\s+(?:now|in[- ]flight|inline|in\s+the\s+same\s+turn)|patch\s+applied|TaskCreate|task\s+(?:created|tracked)|tracked\s+as\s+#?\d+|linear[- ]?issue|created\s+(?:linear|task))/i;
@@ -759,12 +979,36 @@ if (cog.count >= REQUIRED_LENSES) {
     let ledgerOpenCount = 0;
     let ledgerOpenSamples = [];
     let ledgerCorruptedCount = 0;
+    const ledgerRewriteRows = [];
+    let ledgerNeedsRewrite = false;
     try {
       if (existsSync(LEDGER_PATH)) {
         const lines = readFileSync(LEDGER_PATH, 'utf8').split('\n').filter(Boolean);
         for (const line of lines) {
           try {
             const e = JSON.parse(line);
+            const isSubstrateBindingArtifact =
+              (e.source === 'aria-cognition-substrate-binding') &&
+              (e.kind === 'substrate_binding_gap' || (typeof e.text === 'string' && e.text.startsWith('substrate_binding:')));
+            const isOpenBeforeAutoHeal = e.status === 'open' || e.resolution_status === 'open';
+            if (isSubstrateBindingArtifact && isOpenBeforeAutoHeal) {
+              // If the current emit already passed aria-cognition-substrate-binding
+              // and reached stop-gate, older open substrate-binding rows from the
+              // same session are stale gate artifacts, not live unresolved
+              // discoveries. Auto-heal them so the discovery ledger cannot loop
+              // forever on the residue of a gate bug.
+              ledgerNeedsRewrite = true;
+              e.status = 'resolved';
+              e.resolution_status = 'resolved';
+              e.resolved_at = new Date().toISOString();
+              e.resolved_by = 'subsequent_valid_substrate_bound_cognition';
+              e.resolutionType = 'subsequent_valid_substrate_bound_cognition';
+              e.proofOfFix = {
+                type: 'subsequent_valid_substrate_bound_cognition',
+                anchorTs: new Date().toISOString(),
+                evidence: 'Current emit passed aria-cognition-substrate-binding and reached aria-stop-gate; stale substrate-binding ledger artifacts from the earlier cognition bug were auto-cleared.',
+              };
+            }
             const isOpen = e.status === 'open' || e.resolution_status === 'open';
             const isLegacyTracked = e.status === 'tracked';
             const proofValid = e.proofOfFix
@@ -784,8 +1028,16 @@ if (cog.count >= REQUIRED_LENSES) {
                 ledgerOpenSamples.push(`${tag}${e.text || '(no text)'}`);
               }
             }
+            ledgerRewriteRows.push(JSON.stringify(e));
           } catch {/* skip malformed line */}
         }
+        if (ledgerNeedsRewrite) {
+          try {
+            writeFileSync(LEDGER_PATH, `${ledgerRewriteRows.join('\n')}\n`);
+          } catch (rewriteErr) {
+            audit('ledger-autoheal-write-err', `${String(rewriteErr).slice(0, 200)}`);
+          }
+        }
       }
     } catch {/* ledger unreadable — degrade to drift-only */}
 
@@ -1040,7 +1292,7 @@ if (cog.count >= REQUIRED_LENSES) {
       const FILE_LINE_RX = /([\w./\-]+\.[a-zA-Z]{1,5})\s*[:\s]\s*(\d+(?:[-:]\d+)?)/g;
       const inlineDictations = [];
       const lensRangePositions = [];
-      for (const lensName of LENS_NAMES_CANONICAL) {
+      for (const lensName of PRIMARY_OWNER_LENS_NAMES) {
         const lensRx = new RegExp(`\\b${lensName}\\s*(?:lens)?\\s*[:\\-]`, 'gi');
         let m;
         while ((m = lensRx.exec(assistantText)) !== null) {
@@ -1138,10 +1390,11 @@ if (cog.count >= REQUIRED_LENSES) {
       if (apiKey && assistantText && assistantText.length > 0) {
         const client = new HTTPHarnessClient({
           baseUrl:
+            process.env.ARIA_RUNTIME_URL ||
             process.env.ARIA_HIVE_RUNTIME_URL ||
             process.env.ARIA_HARNESS_BASE_URL ||
             process.env.ARIA_HARNESS_URL ||
-            'https://harness.ariasos.com',
+            RUNTIME_BASE_URL,
           apiKey,
         });
         const v = await client.validateOutput(assistantText, sessionId);
@@ -1255,7 +1508,16 @@ if (cog.count >= REQUIRED_LENSES) {
         }
       })();
 
-      const reason = `Aria Stop-gate output-quality block. Cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates:\n\n${violations.join('\n\n')}${rewritten ? `\n\nMizan rewrite suggestion:\n${rewritten}` : ''}\n\nRe-draft addressing the violations above. No process-level disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27.${recipeAddendum}`;
+      const reason = withLoopDirective(buildForceReauthorReason({
+        source: 'stop/output-quality',
+        reason: `cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates`,
+        violations,
+        rewritten,
+        recipeAddendum,
+        driftHits,
+        lensCount: cog.count,
+        requiredLenses: REQUIRED_LENSES,
+      }), `stop:output-qc:${violations.join('|').slice(0, 240)}`, gateSessionId);
 
       audit(`block-output-qc`, `mizan=${mizanBlock?'y':'n'} warn-reflect=${compelReflection?'y':'n'} drift=${driftHits.length} code=${codeQualityHits.length} discoveries-open=${ledgerOpenCount} impl-coupling=${implCouplingHits.length}`);
       emitHarnessFooter({
@@ -1398,31 +1660,20 @@ const dalioHasMeasurablePredicate = dalioExpectedText
 
 // Block stop if non-trivial action taken AND expected block is missing
 if (hadNonTrivialAction && (!dalioExpectedMatch || !dalioHasMeasurablePredicate)) {
-  const missingReason = dalioExpectedMatch
-    ? `Aria Stop-gate: action taken in this turn had an <expected> block, but it contains only qualitative drift phrases without a measurable predicate. Qualitative drift is not accountability — it defeats the Dalio feedback loop.
-
-Your <expected> block must contain at least one measurable predicate:
-  • Numeric:      exit_code==0, count>=1, error_rate=0%, latency<200ms
-  • Boolean:      exit=0, status=healthy, rc=0, file=exists
-  • State-string: "status=running", "200 OK", "no_error"
-
-REJECTED phrases: "better", "improved", "should work", "more reliable", "cleaner"
-
-Re-emit with a corrected <expected> block. Per doctrine:dalio_expected_required — no bypass path.`
-    : `Aria Stop-gate: a non-trivial action (${lastActionSummary.slice(0, 120)}) was taken in this turn but no <expected> block was found in the assistant text.
-
-Per doctrine:dalio_expected_required, every non-trivial action must declare what measurable outcome it expects BEFORE the action fires. This is Dalio Loop Layer 1 — without it, outcome comparison is impossible and learning collapses.
-
-Add to your assistant text:
-
-<expected>
-  predicate: <exact measurable assertion — e.g. "exit_code==0", "status=running", "count=3 of 3">
-  measurable_type: numeric | boolean | state_string
-  threshold: <optional>
-  eval_window_minutes: <optional>
-</expected>
-
-No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces it AFTER. Both gates are now wired.`;
+  const missingReason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/dalio-expected',
+    reason: dalioExpectedMatch
+      ? 'action had an <expected> block, but it was qualitative instead of measurable'
+      : `non-trivial action (${lastActionSummary.slice(0, 120)}) had no <expected> block`,
+    violations: [
+      dalioExpectedMatch
+        ? 'Rejected qualitative expected phrases: better, improved, should work, more reliable, cleaner. Expected outcome must be numeric, boolean, or state-string.'
+        : 'Missing <expected> block after non-trivial action. Dalio feedback loop cannot compare outcome without a measurable predicate.',
+      'Required block: <expected> predicate: "exit_code==0" | "status=running" | "count=3 of 3"; measurable_type: numeric | boolean | state_string; threshold/eval_window optional.',
+    ],
+    lensCount: cog.count,
+    requiredLenses: REQUIRED_LENSES,
+  }), `stop:dalio-expected:${hadNonTrivialAction}:${!!dalioExpectedMatch}:${dalioHasMeasurablePredicate}`, gateSessionId);
 
   audit('block-dalio-expected-missing', `hadNonTrivialAction=${hadNonTrivialAction} expectedPresent=${!!dalioExpectedMatch} measurable=${dalioHasMeasurablePredicate}`);
   emitHarnessFooter({
@@ -1445,7 +1696,37 @@ No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces
 // Per feedback_no_timeouts_doctrine.md: no AbortController/setTimeout timeout.
 {
   const DALIO_LEDGER_PATH = `${HOME}/.claude/.aria-dalio-ledger.jsonl`;
-  const ARIA_SOUL_DECISIONS_URL = 'http://aria-soul.aria.svc.cluster.local:8080/api/decisions';
+  let postReceipt = null;
+  try {
+    const post = await runtimeMizanPost(
+      event.session_id || 'claude-code',
+      assistantText.slice(0, 8000),
+      {
+        message: lastUserMessage || `stop-gate turn (${assistantText.length} chars)`,
+        plannedApproach: lastActionSummary || 'Finalize and validate the just-emitted Claude response.',
+        platform: 'claude-code',
+        stage: 'hook-stop-post',
+      },
+      sessionMizanState?.receipt?.receiptId || null,
+    );
+    postReceipt = post?.receipt || null;
+    if (postReceipt) {
+      saveMizanReceiptState(event.session_id || 'claude-code', {
+        ...(sessionMizanState || {}),
+        updatedAt: new Date().toISOString(),
+        sessionId: event.session_id || 'claude-code',
+        postReceipt,
+        postResult: post?.result || null,
+        postContract: post?.contract || null,
+        postSummary: post?.summary || null,
+      });
+    }
+  } catch (postErr) {
+    console.error(
+      `[aria-stop-gate] MIZAN POST FAILED — runtime receipt not recorded. Error: ${postErr instanceof Error ? postErr.message : String(postErr)}`,
+    );
+    audit('mizan-post-failed', `session=${event.session_id || 'claude-code'} err=${String(postErr).slice(0, 200)}`);
+  }
 
   const ledgerEntry = {
     ts: new Date().toISOString(),
@@ -1469,7 +1750,11 @@ No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces
           measurable_type: 'state_string',
         }
       : null,
-    source: 'claude-code-stop-gate',
+    metadata: {
+      pre_receipt_id: sessionMizanState?.receipt?.receiptId || null,
+      post_receipt_id: postReceipt?.receiptId || null,
+    },
+    source: 'claude-code-stop-gate-runtime',
     model_used: 'claude-opus-4-7',
   };
 
@@ -1484,40 +1769,20 @@ No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces
     );
   }
 
-  // POST to aria-soul decision API — fire-and-forget, but LOUD on error
-  const dalioHarnessToken = process.env.ARIA_HARNESS_TOKEN
-    || (isOwnerTier() ? (process.env.ARIA_MASTER_TOKEN || process.env.ARIA_API_KEY || '') : '');
-
-  fetch(ARIA_SOUL_DECISIONS_URL, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      ...(dalioHarnessToken ? { Authorization: `Bearer ${dalioHarnessToken}` } : {}),
-    },
-    body: JSON.stringify(ledgerEntry),
-  }).then((resp) => {
-    if (!resp.ok) {
-      // LOUD telemetry per feedback_canonical_secrets_governance.md
-      console.error(
-        `[aria-stop-gate] DALIO POST FAILED — aria-soul responded HTTP ${resp.status}. ` +
-        `Local mirror written to ${DALIO_LEDGER_PATH}. Session: ${ledgerEntry.session_id}`,
-      );
-      audit('dalio-post-failed', `http=${resp.status} session=${ledgerEntry.session_id}`);
-    } else {
-      audit('dalio-post-ok', `session=${ledgerEntry.session_id} action=${lastActionSummary.slice(0, 80)}`);
-    }
-  }).catch((err) => {
-    // Network failure — LOUD, never silent
+  try {
+    await runtimeDecisionLog(ledgerEntry);
+    audit('dalio-post-ok', `session=${ledgerEntry.session_id} action=${lastActionSummary.slice(0, 80)}`);
+  } catch (err) {
     console.error(
-      `[aria-stop-gate] DALIO POST NETWORK ERROR — could not reach ${ARIA_SOUL_DECISIONS_URL}. ` +
+      `[aria-stop-gate] DALIO POST FAILED — runtime /decision/log rejected or unreachable. ` +
       `Local mirror written to ${DALIO_LEDGER_PATH}. Error: ${err instanceof Error ? err.message : String(err)}`,
     );
-    audit('dalio-post-network-err', `err=${String(err).slice(0, 200)} session=${ledgerEntry.session_id}`);
-  });
+    audit('dalio-post-runtime-err', `err=${String(err).slice(0, 200)} session=${ledgerEntry.session_id}`);
+  }
 }
 
-// Block — non-trivial response without 4+ substantive lenses.
-const reason = `Aria Stop-gate: non-trivial assistant response without 4+ substantive cognition lenses. Found ${cog.count}/${REQUIRED_LENSES}+ (lenses: ${cog.names.join(', ') || 'none'}). Doctrine is action-coupled — text decisions ARE actions, and reflexive replies fail this gate the same way reflexive Bash does.
+// Block — non-trivial response without all required substantive lenses.
+const reason = withLoopDirective(`Aria Stop-gate: non-trivial assistant response without all required substantive cognition lenses. Found ${cog.count}/${REQUIRED_LENSES} (lenses: ${cog.names.join(', ') || 'none'}). Doctrine is action-coupled — text decisions ARE actions, and reflexive replies fail this gate the same way reflexive Bash does.
 
 Re-emit the response with substantive lens application BEFORE drafting. Each lens must have ≥${SUBSTANCE_MIN_CHARS} chars of non-placeholder content:
 
@@ -1534,7 +1799,7 @@ Re-emit the response with substantive lens application BEFORE drafting. Each len
 
 The block reflects work done BEFORE drafting. Don't emit it as ceremony; apply each lens as a thinking tool. Substance check defeats ritual emission.
 
-No per-command bypass (mirrors aria-pre-tool-gate.mjs v3 doctrine). No env-var disable path either — gates are unconditional from the gated process per Hamza directive 2026-04-27. If the gate misfires on legitimate cognition, fix the gate.`;
+No per-command bypass (mirrors aria-pre-tool-gate.mjs v3 doctrine). No env-var disable path either — gates are unconditional from the gated process per Hamza directive 2026-04-27. If the gate misfires on legitimate cognition, fix the gate.`, `stop:lens-missing:${cog.count}`, gateSessionId);
 
 audit(`block`, `lenses=${cog.count}/${REQUIRED_LENSES} chars=${assistantText.length}`);
 emitHarnessFooter({
@@ -1547,5 +1812,5 @@ emitHarnessFooter({
   codeCount: 0,
   implCouplingCount: 0,
 });
-console.log(JSON.stringify({ decision: 'block', reason }));
+console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'stop/lens-missing', reason, lensCount: cog.count, requiredLenses: REQUIRED_LENSES }) }));
 process.exit(2);