@aria_asi/cli 0.2.30 → 0.2.32

package/dist/assets/hooks/aria-cognition-substrate-binding.mjs

@@ -37,7 +37,8 @@
 import { readFileSync, appendFileSync, existsSync, mkdirSync } from 'node:fs';
 import { dirname } from 'node:path';
 import { homedir } from 'node:os';
-import { ALL_LENS_NAMES } from './lib/canonical-lenses.mjs';
+import { ALL_LENS_NAMES, lensNamesForTier } from './lib/canonical-lenses.mjs';
+import { collectTurnWindowFromMessages } from './lib/hook-message-window.mjs';
 
 const HOME = homedir();
 const AUDIT = `${HOME}/.claude/aria-cognition-substrate-binding-audit.jsonl`;
@@ -71,14 +72,64 @@ const LENS_NAMES = ALL_LENS_NAMES;
 const ANCHOR_RX = /\b(axiom|frame|memory|doctrine|packet|language):[a-z0-9_\-./]+/gi;
 
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 const FIRST_PRINCIPLE_RX = /\b(first[_\s-]?principle[s]?|first_principle=)\b/i;
 const HARNESS_PACKET_PATH = `${HOME}/.claude/.aria-harness-last-packet.json`;
 const MEMORY_DIR = `${HOME}/.claude/projects/-home-hamzaibrahim1/memory`;
 const RECENT_VIOLATIONS_PATH = `${HOME}/.claude/.aria-recent-violations.jsonl`;
 const THRASHING_STATE_PATH = `${HOME}/.claude/.aria-thrashing-state.json`;
 const CLEAR_VIOLATIONS_SCRIPT = `${HOME}/.claude/aria-clear-violations.sh`;
+
+function buildForceReauthorReason({ source, reason, violations = [] }) {
+  return [
+    '=== ARIA FORCE_REAUTHOR ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for cognition substrate binding.',
+    'Do not emit the blocked text. Re-author the cognition so every lens is tied to loaded substrate.',
+    '',
+    'TEACHING:',
+    '- Cognition without live anchors is theater; anchors are the proof of thought.',
+    '- A valid redo cites only substrate that is actually loaded this turn.',
+    '- The cognition block must reference first_principle and must not cite inactive language state.',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Re-emit <cognition> with all required lenses.',
+    '2. Each lens cites >=1 loaded anchor: axiom:, frame:, memory:, doctrine:, packet:, or active language:.',
+    '3. Include first_principle explicitly.',
+    '4. Add <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+    '5. Remove repeated blocked substrings instead of reusing them.',
+    '=== END FORCE_REAUTHOR ===',
+  ].filter(Boolean).join('\n');
+}
+
+function validateAppliedCognitionContract(text) {
+  const match = String(text || '').match(APPLIED_COGNITION_BLOCK_RX);
+  if (!match) {
+    return { ok: false, violations: ['missing <applied_cognition> contract'] };
+  }
+  const body = match[1] || '';
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(body)) violations.push(`missing ${name}`);
+  }
+  const weakDelta = /decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(body);
+  if (weakDelta) violations.push('decision_delta says cognition changed nothing');
+  return { ok: violations.length === 0, violations };
+}
 const CARRY_FORWARD_WINDOW_MS = 25 * 60 * 1000;
 const CARRY_FORWARD_MAX_ROWS = 200;
+const SYSTEM_REMINDER_RX = /<system-reminder>[\s\S]*?<\/system-reminder>|<task-notification>[\s\S]*?<\/task-notification>|🔐 Aria Harness|task-notification|PreToolUse:[A-Z][A-Za-z]* hook blocking error|Stop hook blocking error/g;
+const SYSTEM_REMINDER_THRESHOLD = 0.6;
 
 function extractLensTexts(cognitionInner) {
   const out = {};
@@ -130,6 +181,22 @@ function loadCarryForwardViolations() {
   return rows;
 }
 
+function resolveOwnerTier() {
+  try {
+    if (!existsSync(HARNESS_PACKET_PATH)) return false;
+    const packet = JSON.parse(readFileSync(HARNESS_PACKET_PATH, 'utf8'));
+    const sigHamza = packet?.contractGate?.signals?.hamza;
+    if (sigHamza === true || sigHamza === 'true') return true;
+    const harnessStr = packet?.harness ?? '';
+    return /\bhamza:true\b/.test(harnessStr);
+  } catch {
+    return false;
+  }
+}
+
+const IS_OWNER = resolveOwnerTier();
+const VISIBLE_LENS_NAMES = lensNamesForTier(IS_OWNER);
+
 function findCarryForwardMatch(text, rows) {
   const haystack = String(text || '').toLowerCase();
   for (const row of rows) {
@@ -325,31 +392,39 @@ try {
 }
 
 const transcriptPath = payload.transcript_path;
-if (!transcriptPath || !existsSync(transcriptPath)) {
-  audit('skip_no_transcript', { transcriptPath });
-  process.exit(0);
-}
-
 let assistantText = '';
-try {
-  const transcript = readFileSync(transcriptPath, 'utf8');
-  const lines = transcript.split('\n').filter(Boolean);
-  for (let i = lines.length - 1; i >= 0; i--) {
-    try {
-      const entry = JSON.parse(lines[i]);
-      if (entry.type === 'assistant' && entry.message && entry.message.content) {
-        const blocks = Array.isArray(entry.message.content) ? entry.message.content : [];
-        for (const b of blocks) {
-          if (b.type === 'text' && typeof b.text === 'string') {
-            assistantText = b.text + '\n' + assistantText;
-          }
-        }
-        if (assistantText) break;
-      }
-    } catch {}
+const messageWindow = collectTurnWindowFromMessages(payload.messages, {
+  systemReminderRx: SYSTEM_REMINDER_RX,
+  systemReminderThreshold: SYSTEM_REMINDER_THRESHOLD,
+});
+assistantText = messageWindow.assistantText;
+
+if (transcriptPath && existsSync(transcriptPath)) {
+  try {
+    const transcriptEntries = readFileSync(transcriptPath, 'utf8')
+      .split('\n')
+      .filter(Boolean)
+      .map((line) => {
+        try { return JSON.parse(line); } catch { return null; }
+      })
+      .filter(Boolean);
+    const transcriptWindow = collectTurnWindowFromMessages(transcriptEntries, {
+      systemReminderRx: SYSTEM_REMINDER_RX,
+      systemReminderThreshold: SYSTEM_REMINDER_THRESHOLD,
+    });
+    const transcriptAssistantText = transcriptWindow.assistantText;
+    if (transcriptAssistantText) {
+      assistantText = assistantText
+        ? [assistantText, transcriptAssistantText].filter((text, index, arr) => arr.indexOf(text) === index).join('\n\n')
+        : transcriptAssistantText;
+    }
+  } catch (err) {
+    audit('skip_transcript_read_err', { err: String(err).slice(0, 200) });
   }
-} catch (err) {
-  audit('skip_transcript_read_err', { err: String(err).slice(0, 200) });
+}
+
+if (!assistantText) {
+  audit('skip_no_assistant_text', { transcriptPath });
   process.exit(0);
 }
 
@@ -395,7 +470,7 @@ Recovery surfaces:
 
 Per feedback_block_and_force_with_recovery.md, repetition of a recently-blocked phrase is not advisory drift; it is a hard block until the phrase is removed or the carry-forward state is intentionally cleared.`;
 
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/carry-forward', reason, violations: [`repeated blocked substring: ${carryForwardMatch.substring}`] }) }));
   process.exit(2);
 }
 
@@ -424,17 +499,35 @@ This non-trivial assistant response (${assistantText.length} chars) contains no
 The prior exit-0 pattern ("defer to aria-stop-gate.mjs") was a structural lie: this hook runs before the stop-gate, so exit(0) prevented all downstream enforcement. This is now a hard block.
 
 Re-emit with:
-  1. A <cognition>...</cognition> block containing all 8 canonical lenses (nur, mizan, hikma, tafakkur, tadabbur, ilham, wahi, firasah)
+  1. A <cognition>...</cognition> block containing all 8 required visible labels for this surface (${VISIBLE_LENS_NAMES.join(', ')})
   2. Each lens citing >=1 verifiable loaded substrate anchor
   3. The block referencing first_principle from the loaded harness packet
 
 No process-level disable path per Hamza directive 2026-04-27.`;
   audit('block_no_cognition_block', { length: assistantText.length });
-  console.log(JSON.stringify({ decision: 'block', reason: noCogReason }));
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/no-cognition-block', reason: noCogReason, violations: ['missing <cognition>...</cognition> block'] }) }));
   process.exit(2);
 }
 
 const cognitionInner = cogMatch[1];
+const appliedContract = validateAppliedCognitionContract(assistantText);
+if (!appliedContract.ok) {
+  const reason = `Aria substrate-binding gate: cognition was emitted without an applied-cognition execution contract.
+
+The harness no longer accepts cognition as prose-only compliance. The response must state what cognition changed and what concrete action/output it binds.
+
+Required block:
+<applied_cognition>
+decision_delta: <what changed because cognition ran; not "none">
+dominant_domain: <engineering_quality | trust | product | operations | security | ...>
+binds_to: <next tool/action/output claim this cognition constrains>
+expected_predicate: <numeric, boolean, or state-string predicate proving success>
+artifact_change: <how the produced artifact differs because cognition ran>
+</applied_cognition>`;
+  audit('block_applied_cognition_missing', { violations: appliedContract.violations, length: assistantText.length });
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/applied-cognition-contract', reason, violations: appliedContract.violations }) }));
+  process.exit(2);
+}
 const lensTexts = extractLensTexts(cognitionInner);
 
 // Substance check — replaces char-count with "lens body has substantive
@@ -664,5 +757,5 @@ Anchor grammar (each anchor must resolve to a real loaded substrate item):
 
 Re-emit cognition with: every lens citing ≥1 verifiable loaded anchor, the block referencing first_principle, and language: citations only for active language tiers. No process-level disable path; gates are unconditional from the gated process per Hamza directive 2026-04-27.`;
 
-console.log(JSON.stringify({ decision: 'block', reason }));
+console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/structural-violations', reason, violations: reasonParts }) }));
 process.exit(2);

package/dist/assets/hooks/aria-harness-via-sdk.mjs

@@ -26,7 +26,10 @@ const LOG_FILE = `${HOME}/.claude/aria-harness-history.log`;
 const LAST_URL_CACHE = `${HOME}/.claude/.aria-harness-last-url`;
 const PACKET_CACHE = `${HOME}/.claude/.aria-harness-last-packet.json`;
 const SHARED_PACKET_CACHE = `${HOME}/.aria/.aria-harness-last-packet.json`;
+const MIZAN_RECEIPT_DIR = `${HOME}/.claude/.aria-mizan-receipts`;
 const HEADER_PREFIX = '🔐 Aria Harness';
+const DEFAULT_RUNTIME_URL = process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319';
+const RUNTIME_PACKET_SUFFIX = '/packet';
 
 const args = process.argv.slice(2);
 const MODE = args.includes('--mode') ? args[args.indexOf('--mode') + 1] : 'session';
@@ -133,6 +136,8 @@ function buildUrlList() {
   const list = [];
   const cached = loadCachedUrl();
   if (cached) list.push(cached);
+  if (process.env.ARIA_RUNTIME_URL) list.push(process.env.ARIA_RUNTIME_URL.replace(/\/+$/, ''));
+  list.push(DEFAULT_RUNTIME_URL.replace(/\/+$/, ''));
   if (process.env.ARIA_HIVE_RUNTIME_URL) list.push(process.env.ARIA_HIVE_RUNTIME_URL.replace(/\/+$/, ''));
   if (process.env.ARIA_HARNESS_BASE_URL) list.push(process.env.ARIA_HARNESS_BASE_URL.replace(/\/+$/, ''));
   if (process.env.ARIA_HARNESS_URL) list.push(process.env.ARIA_HARNESS_URL.replace(/\/+$/, ''));
@@ -155,6 +160,21 @@ function buildUrlList() {
   return list.filter((u) => (seen.has(u) ? false : (seen.add(u), true)));
 }
 
+function isMountedRuntimeUrl(baseUrl) {
+  return /:\/\/(?:127\.0\.0\.1|localhost):4319$/i.test(String(baseUrl || '').replace(/\/+$/, ''));
+}
+
+function normalizeHarnessPacketPayload(payload) {
+  let current = payload;
+  for (let depth = 0; depth < 3; depth++) {
+    if (!current || typeof current !== 'object' || Array.isArray(current)) break;
+    if (!('packet' in current) || !current.packet || typeof current.packet !== 'object') break;
+    if (!('timestamp' in current) && !('version' in current)) break;
+    current = current.packet;
+  }
+  return current;
+}
+
 // SDK loader — dynamic-import the bundled HTTPHarnessClient from the shared
 // ~/.aria/sdk bundle first, then client-local bundles. Module-cached after
 // first load so we don't repeatedly read disk.
@@ -204,6 +224,7 @@ async function loadSdkClass() {
 // before forwarding to avoid blowing the POST body size limit; the most recent
 // messages are the most relevant for history-count purposes.
 let HOOK_EVENT_MESSAGES = undefined;
+let HOOK_EVENT = null;
 try {
   // Claude Code hooks receive the event JSON on stdin. We read it synchronously
   // only if data is already available (i.e. piped); we don't block waiting for
@@ -211,6 +232,7 @@ try {
   // a terminal (e.g. manual invocation for testing).
   const stdinBuf = readFileSync('/dev/stdin', { flag: 'r' });
   const hookEvent = JSON.parse(stdinBuf.toString('utf8'));
+  HOOK_EVENT = hookEvent;
   if (Array.isArray(hookEvent?.messages) && hookEvent.messages.length > 0) {
     // Cap to last 50 messages. The server-side handler slices further if needed.
     HOOK_EVENT_MESSAGES = hookEvent.messages.slice(-50);
@@ -219,6 +241,81 @@ try {
   // stdin not available / not JSON / no messages field — HOOK_EVENT_MESSAGES stays undefined.
 }
 
+function sanitizeSessionId(sessionId) {
+  return String(sessionId || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
+}
+
+function lastUserMessageFromEvent() {
+  const messages = Array.isArray(HOOK_EVENT?.messages) ? HOOK_EVENT.messages : [];
+  for (let index = messages.length - 1; index >= 0; index -= 1) {
+    const message = messages[index];
+    const role = message?.role || message?.message?.role || message?.type;
+    if (role !== 'user') continue;
+    const content = message?.content ?? message?.message?.content;
+    if (typeof content === 'string' && content.trim()) return content.trim();
+    if (Array.isArray(content)) {
+      const text = content
+        .filter((entry) => entry?.type === 'text' && typeof entry?.text === 'string')
+        .map((entry) => entry.text.trim())
+        .filter(Boolean)
+        .join('\n');
+      if (text) return text;
+    }
+  }
+  return isTurn ? 'Claude turn refresh via harness hook' : 'Claude session start via harness hook';
+}
+
+function receiptPathForSession(sessionId) {
+  return `${MIZAN_RECEIPT_DIR}/${sanitizeSessionId(sessionId)}.json`;
+}
+
+function persistMizanReceipt(sessionId, payload) {
+  try {
+    mkdirSync(MIZAN_RECEIPT_DIR, { recursive: true });
+    writeFileSync(receiptPathForSession(sessionId), JSON.stringify(payload, null, 2) + '\n');
+  } catch {}
+}
+
+async function runMizanPre(apiKey, packet, sourceLabel) {
+  if (!isTurn) return null;
+  const sessionId = HOOK_EVENT?.session_id || HOOK_EVENT?.sessionId || 'claude-code';
+  const response = await fetch(`${DEFAULT_RUNTIME_URL.replace(/\/+$/, '')}/mizan/pre`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      sessionId,
+      packet,
+      context: {
+        sessionId,
+        message: lastUserMessageFromEvent().slice(0, 4000),
+        intendedAction: 'Establish canonical pre-turn cognition receipt for this Claude turn before any tool or output work.',
+        rationale: `Claude turn-start harness sync via ${sourceLabel} must mint a canonical Mizan pre receipt for downstream tool and output enforcement.`,
+        platform: 'claude-code',
+        stage: 'hook-turn-pre',
+      },
+    }),
+  });
+  const payload = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(payload?.error || `mizan/pre failed (${response.status})`);
+  }
+  if (payload?.receipt) {
+    persistMizanReceipt(sessionId, {
+      updatedAt: new Date().toISOString(),
+      source: sourceLabel,
+      sessionId,
+      receipt: payload.receipt,
+      result: payload.result || null,
+      contract: payload.contract || null,
+      summary: payload.summary || null,
+    });
+  }
+  return payload;
+}
+
 async function tryViaSdk(baseUrl, apiKey) {
   // Canonical path: HTTPHarnessClient.getHarnessPacket(). The SDK POSTs to
   // /api/harness/codex with the right shape and returns { packet, timestamp,
@@ -228,16 +325,19 @@ async function tryViaSdk(baseUrl, apiKey) {
   // SDK's `body.packet ?? body` passes the body through unchanged).
   const Cls = await loadSdkClass();
   if (Cls) {
+    const packetUrl = isMountedRuntimeUrl(baseUrl)
+      ? `${baseUrl}${RUNTIME_PACKET_SUFFIX}`
+      : `${baseUrl}/api/harness/codex`;
     const client = new Cls({
       baseUrl,
       apiKey,
-      harnessPacketUrl: `${baseUrl}/api/harness/codex`,
+      harnessPacketUrl: packetUrl,
     });
     // Pass a bodyOverride that does NOT include isHamza:false. The server
     // identifies owner tier from the Bearer token (isMasterTokenRequest).
     // Hardcoding isHamza:false in the body would override that server-side
     // signal and produce hamza:false in the packet even for master-token callers.
-    const bodyOverride = {
+      const bodyOverride = {
       message: isTurn ? 'Claude turn refresh — harness via SDK' : 'Claude session start — harness via SDK',
       stage: isTurn ? 'checkpoint' : 'preflight',
       actor: 'claude-code',
@@ -246,15 +346,19 @@ async function tryViaSdk(baseUrl, apiKey) {
       // Bonus #74: forward conversation history so codex handler can report
       // a non-zero conversation_history_count in the packet.
       ...(HOOK_EVENT_MESSAGES ? { messages: HOOK_EVENT_MESSAGES } : {}),
-    };
-    const wrapped = await client.getHarnessPacket(bodyOverride);
-    const json = wrapped.packet;
-    if (json && json.ok === false) throw new Error(`ok=false: ${json.error || 'unknown'}`);
-    return { json, raw: JSON.stringify(json) };
-  }
+      };
+      const wrapped = await client.getHarnessPacket(bodyOverride);
+      const json = normalizeHarnessPacketPayload(wrapped.packet);
+      if (json && json.ok === false) throw new Error(`ok=false: ${json.error || 'unknown'}`);
+      await runMizanPre(apiKey, wrapped.packet, `${baseUrl}${RUNTIME_PACKET_SUFFIX}`);
+      return { json, raw: JSON.stringify(json) };
+    }
 
+  const packetUrl = isMountedRuntimeUrl(baseUrl)
+    ? `${baseUrl}${RUNTIME_PACKET_SUFFIX}`
+    : `${baseUrl}/api/harness/codex`;
   // SDK absent (dev environment) — direct fetch with identical wire shape.
-  const resp = await fetch(`${baseUrl}/api/harness/codex`, {
+  const resp = await fetch(packetUrl, {
     method: 'POST',
     headers: {
       Authorization: `Bearer ${apiKey}`,
@@ -272,8 +376,10 @@ async function tryViaSdk(baseUrl, apiKey) {
     }),
   });
   if (!resp.ok) throw new Error(`HTTP ${resp.status}`);
-  const json = await resp.json();
+  const responseBody = await resp.json();
+  const json = normalizeHarnessPacketPayload(responseBody.packet ?? responseBody);
   if (json && json.ok === false) throw new Error(`ok=false: ${json.error || 'unknown'}`);
+  await runMizanPre(apiKey, responseBody.packet ?? responseBody, packetUrl);
   return { json, raw: JSON.stringify(json) };
 }
 
@@ -284,6 +390,9 @@ function renderPacket(json, source, ageNote = '') {
   const con = json.contractGate || {};
   const mc = json.missingCritical || [];
   const loaded = json.loadedByClass || {};
+  const offlineBundle = json.runtimeOfflineBundle && typeof json.runtimeOfflineBundle === 'object'
+    ? json.runtimeOfflineBundle
+    : null;
 
   let header = `${HEADER_PREFIX} (${MODE}${ageNote}, sdk=harness-http-client) hash=${phash.slice(0, 16)} via=${source}\n`;
   header += `  preStateGate: passed=${pre.passed} score=${(pre.score || 0).toFixed(2)}`;
@@ -292,6 +401,9 @@ function renderPacket(json, source, ageNote = '') {
   if (mc.length) header += `\n  missingCritical: ${JSON.stringify(mc.slice(0, 5))}`;
   const loadedSummary = Object.entries(loaded).sort().map(([k, v]) => `${k}=${v}`).join(' ');
   if (loadedSummary) header += `\n  loadedByClass: ${loadedSummary}`;
+  if (offlineBundle) {
+    header += `\n  offlineBundle: phase=${offlineBundle.phase || 'unknown'} age=${offlineBundle.ageSeconds ?? 'unknown'}s source=${offlineBundle.source || 'runtime-cache'}`;
+  }
 
   let ctx = header;
   if (harness) {
@@ -344,8 +456,9 @@ async function main() {
       const stat = fs.statSync(PACKET_CACHE);
       const ageSec = (Date.now() - stat.mtimeMs) / 1000;
       if (ageSec < PACKET_CACHE_TTL_SEC) {
-        const cached = JSON.parse(fs.readFileSync(PACKET_CACHE, 'utf8'));
-        return renderPacket(cached, '(cache)', ` cached ${Math.round(ageSec)}s`);
+      const cached = JSON.parse(fs.readFileSync(PACKET_CACHE, 'utf8'));
+      await runMizanPre(apiKey, cached, '(cache)');
+      return renderPacket(cached, '(cache)', ` cached ${Math.round(ageSec)}s`);
       }
     } catch {}
   }
@@ -396,6 +509,7 @@ async function main() {
       const ageSec = (Date.now() - stat.mtimeMs) / 1000;
       if (ageSec >= 0) {
         const cached = JSON.parse(fs.readFileSync(PACKET_CACHE, 'utf8'));
+        await runMizanPre(apiKey, cached, '(stale-cache)');
         try {
           appendFileSync(LOG_FILE, `${new Date().toISOString()} stale mode=${MODE} cache_age=${Math.round(ageSec)}s last_err="${lastErr.replace(/"/g, "'")}" sdk=harness-http-client\n`);
         } catch {}

package/dist/assets/hooks/aria-pre-emit-dryrun.mjs

@@ -53,7 +53,9 @@ const REQUIRED_LENSES = 8;
 const SUBSTANCE_MIN_AFTER_ANCHOR_STRIP = 40;
 const ANCHOR_RX = /\b(axiom|frame|memory|doctrine|packet|language):[a-z0-9_\-./]+/gi;
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 const FIRST_PRINCIPLE_RX = /\b(first[_\s-]?principle[s]?|first_principle=)\b/i;
+const DECISION_SIGNAL_RX = /(?:should|recommend|propose|suggest|let'?s|go with|i'd|i would|here'?s the plan|i'll|next step|action item|ship it|yes do|let me)/i;
 
 // Drift trigger patterns (mirror aria-stop-gate.mjs canonical list).
 // Keep this conservative — false negatives are tolerable (real gate will
@@ -138,6 +140,27 @@ function verifyAnchor(anchor, substrate) {
   return { ok: true, reason: '' };
 }
 
+function validateAppliedCognitionContract(text) {
+  const match = String(text || '').match(APPLIED_COGNITION_BLOCK_RX);
+  if (!match) return { ok: false, violations: ['missing <applied_cognition> contract'] };
+  const body = match[1] || '';
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(body)) violations.push(`missing ${name}`);
+  }
+  if (/decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(body)) {
+    violations.push('decision_delta says cognition changed nothing');
+  }
+  return { ok: violations.length === 0, violations };
+}
+
 // ── Read draft from stdin ─────────────────────────────────────────────
 let stdin = '';
 try {
@@ -165,6 +188,7 @@ if (draft.length < 10) {
 
 const substrate = loadSubstrate();
 const failures = [];
+const requiresAppliedCognition = draft.length >= 300 || DECISION_SIGNAL_RX.test(draft) || ['deploy', 'edit', 'bash', 'text'].includes(actionType);
 
 // ── Cognition block presence + lens count + substance ─────────────────
 const cogMatch = draft.match(COGNITION_BLOCK_RX);
@@ -225,6 +249,17 @@ if (cogMatch) {
   }
 }
 
+if (requiresAppliedCognition) {
+  const applied = validateAppliedCognitionContract(draft);
+  if (!applied.ok) {
+    failures.push({
+      kind: 'applied_cognition_contract_invalid',
+      violations: applied.violations,
+      message: 'Non-trivial drafts must bind cognition to the actual action/output.',
+    });
+  }
+}
+
 // ── Drift triggers ────────────────────────────────────────────────────
 for (const trigger of DRIFT_TRIGGERS) {
   const match = draft.match(trigger.rx);