@aria_asi/cli 0.2.31 → 0.2.32

package/hooks/aria-cognition-substrate-binding.mjs

@@ -72,12 +72,60 @@ const LENS_NAMES = ALL_LENS_NAMES;
 const ANCHOR_RX = /\b(axiom|frame|memory|doctrine|packet|language):[a-z0-9_\-./]+/gi;
 
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 const FIRST_PRINCIPLE_RX = /\b(first[_\s-]?principle[s]?|first_principle=)\b/i;
 const HARNESS_PACKET_PATH = `${HOME}/.claude/.aria-harness-last-packet.json`;
 const MEMORY_DIR = `${HOME}/.claude/projects/-home-hamzaibrahim1/memory`;
 const RECENT_VIOLATIONS_PATH = `${HOME}/.claude/.aria-recent-violations.jsonl`;
 const THRASHING_STATE_PATH = `${HOME}/.claude/.aria-thrashing-state.json`;
 const CLEAR_VIOLATIONS_SCRIPT = `${HOME}/.claude/aria-clear-violations.sh`;
+
+function buildForceReauthorReason({ source, reason, violations = [] }) {
+  return [
+    '=== ARIA FORCE_REAUTHOR ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for cognition substrate binding.',
+    'Do not emit the blocked text. Re-author the cognition so every lens is tied to loaded substrate.',
+    '',
+    'TEACHING:',
+    '- Cognition without live anchors is theater; anchors are the proof of thought.',
+    '- A valid redo cites only substrate that is actually loaded this turn.',
+    '- The cognition block must reference first_principle and must not cite inactive language state.',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Re-emit <cognition> with all required lenses.',
+    '2. Each lens cites >=1 loaded anchor: axiom:, frame:, memory:, doctrine:, packet:, or active language:.',
+    '3. Include first_principle explicitly.',
+    '4. Add <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+    '5. Remove repeated blocked substrings instead of reusing them.',
+    '=== END FORCE_REAUTHOR ===',
+  ].filter(Boolean).join('\n');
+}
+
+function validateAppliedCognitionContract(text) {
+  const match = String(text || '').match(APPLIED_COGNITION_BLOCK_RX);
+  if (!match) {
+    return { ok: false, violations: ['missing <applied_cognition> contract'] };
+  }
+  const body = match[1] || '';
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(body)) violations.push(`missing ${name}`);
+  }
+  const weakDelta = /decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(body);
+  if (weakDelta) violations.push('decision_delta says cognition changed nothing');
+  return { ok: violations.length === 0, violations };
+}
 const CARRY_FORWARD_WINDOW_MS = 25 * 60 * 1000;
 const CARRY_FORWARD_MAX_ROWS = 200;
 const SYSTEM_REMINDER_RX = /<system-reminder>[\s\S]*?<\/system-reminder>|<task-notification>[\s\S]*?<\/task-notification>|🔐 Aria Harness|task-notification|PreToolUse:[A-Z][A-Za-z]* hook blocking error|Stop hook blocking error/g;
@@ -422,7 +470,7 @@ Recovery surfaces:
 
 Per feedback_block_and_force_with_recovery.md, repetition of a recently-blocked phrase is not advisory drift; it is a hard block until the phrase is removed or the carry-forward state is intentionally cleared.`;
 
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/carry-forward', reason, violations: [`repeated blocked substring: ${carryForwardMatch.substring}`] }) }));
   process.exit(2);
 }
 
@@ -457,11 +505,29 @@ Re-emit with:
 
 No process-level disable path per Hamza directive 2026-04-27.`;
   audit('block_no_cognition_block', { length: assistantText.length });
-  console.log(JSON.stringify({ decision: 'block', reason: noCogReason }));
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/no-cognition-block', reason: noCogReason, violations: ['missing <cognition>...</cognition> block'] }) }));
   process.exit(2);
 }
 
 const cognitionInner = cogMatch[1];
+const appliedContract = validateAppliedCognitionContract(assistantText);
+if (!appliedContract.ok) {
+  const reason = `Aria substrate-binding gate: cognition was emitted without an applied-cognition execution contract.
+
+The harness no longer accepts cognition as prose-only compliance. The response must state what cognition changed and what concrete action/output it binds.
+
+Required block:
+<applied_cognition>
+decision_delta: <what changed because cognition ran; not "none">
+dominant_domain: <engineering_quality | trust | product | operations | security | ...>
+binds_to: <next tool/action/output claim this cognition constrains>
+expected_predicate: <numeric, boolean, or state-string predicate proving success>
+artifact_change: <how the produced artifact differs because cognition ran>
+</applied_cognition>`;
+  audit('block_applied_cognition_missing', { violations: appliedContract.violations, length: assistantText.length });
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/applied-cognition-contract', reason, violations: appliedContract.violations }) }));
+  process.exit(2);
+}
 const lensTexts = extractLensTexts(cognitionInner);
 
 // Substance check — replaces char-count with "lens body has substantive
@@ -691,5 +757,5 @@ Anchor grammar (each anchor must resolve to a real loaded substrate item):
 
 Re-emit cognition with: every lens citing ≥1 verifiable loaded anchor, the block referencing first_principle, and language: citations only for active language tiers. No process-level disable path; gates are unconditional from the gated process per Hamza directive 2026-04-27.`;
 
-console.log(JSON.stringify({ decision: 'block', reason }));
+console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/structural-violations', reason, violations: reasonParts }) }));
 process.exit(2);

package/hooks/aria-pre-emit-dryrun.mjs

@@ -53,7 +53,9 @@ const REQUIRED_LENSES = 8;
 const SUBSTANCE_MIN_AFTER_ANCHOR_STRIP = 40;
 const ANCHOR_RX = /\b(axiom|frame|memory|doctrine|packet|language):[a-z0-9_\-./]+/gi;
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 const FIRST_PRINCIPLE_RX = /\b(first[_\s-]?principle[s]?|first_principle=)\b/i;
+const DECISION_SIGNAL_RX = /(?:should|recommend|propose|suggest|let'?s|go with|i'd|i would|here'?s the plan|i'll|next step|action item|ship it|yes do|let me)/i;
 
 // Drift trigger patterns (mirror aria-stop-gate.mjs canonical list).
 // Keep this conservative — false negatives are tolerable (real gate will
@@ -138,6 +140,27 @@ function verifyAnchor(anchor, substrate) {
   return { ok: true, reason: '' };
 }
 
+function validateAppliedCognitionContract(text) {
+  const match = String(text || '').match(APPLIED_COGNITION_BLOCK_RX);
+  if (!match) return { ok: false, violations: ['missing <applied_cognition> contract'] };
+  const body = match[1] || '';
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(body)) violations.push(`missing ${name}`);
+  }
+  if (/decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(body)) {
+    violations.push('decision_delta says cognition changed nothing');
+  }
+  return { ok: violations.length === 0, violations };
+}
+
 // ── Read draft from stdin ─────────────────────────────────────────────
 let stdin = '';
 try {
@@ -165,6 +188,7 @@ if (draft.length < 10) {
 
 const substrate = loadSubstrate();
 const failures = [];
+const requiresAppliedCognition = draft.length >= 300 || DECISION_SIGNAL_RX.test(draft) || ['deploy', 'edit', 'bash', 'text'].includes(actionType);
 
 // ── Cognition block presence + lens count + substance ─────────────────
 const cogMatch = draft.match(COGNITION_BLOCK_RX);
@@ -225,6 +249,17 @@ if (cogMatch) {
   }
 }
 
+if (requiresAppliedCognition) {
+  const applied = validateAppliedCognitionContract(draft);
+  if (!applied.ok) {
+    failures.push({
+      kind: 'applied_cognition_contract_invalid',
+      violations: applied.violations,
+      message: 'Non-trivial drafts must bind cognition to the actual action/output.',
+    });
+  }
+}
+
 // ── Drift triggers ────────────────────────────────────────────────────
 for (const trigger of DRIFT_TRIGGERS) {
   const match = draft.match(trigger.rx);

package/hooks/aria-pre-tool-gate.mjs

@@ -332,12 +332,29 @@ function actionMatchesPattern(action, pattern, target) {
   }
 }
 
+function isOperationalMaintenanceCommand(command) {
+  const cmd = String(command || '').trim().replace(/\s+/g, ' ');
+  if (!cmd || /[;&|`$()]/.test(cmd)) return false;
+
+  // A rollout restart requeues existing pod templates; it does not change images,
+  // manifests, or cluster policy. Keep this narrow so deploy/apply/delete still gate.
+  const kubectlGlobalFlag = String.raw`(?:--(?:namespace|context|kubeconfig|as|as-group|cluster|user|server|request-timeout|field-manager)(?:=|\s+)\S+|-[A-Za-z](?:\s+\S+)?)`;
+  const kubectlTailFlag = String.raw`(?:--(?:namespace|context|request-timeout|field-manager|selector)(?:=|\s+)\S+|-[A-Za-z](?:\s+\S+)?)`;
+  const workloadTarget = String.raw`(?:deploy(?:ment)?|statefulset|sts|daemonset|ds)(?:\/[^\s]+|\s+[^\s-][^\s]*)`;
+  const rolloutRestartRx = new RegExp(
+    String.raw`^kubectl(?:\s+${kubectlGlobalFlag})*\s+rollout\s+restart\s+${workloadTarget}(?:\s+${kubectlTailFlag})*$`,
+    'i',
+  );
+  return rolloutRestartRx.test(cmd);
+}
+
 function classifyToolForBinding(toolName, command, filePath) {
   // Map Claude Code tool + payload to a binding-vocabulary action.
   if (toolName === 'Read' || toolName === 'Glob' || toolName === 'Grep') return { action: 'read', target: filePath || '' };
   if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') return { action: 'edit', target: filePath || '' };
   if (toolName === 'Bash') {
     const cmd = String(command || '');
+    if (isOperationalMaintenanceCommand(cmd)) return { action: 'kubectl_maintenance', target: cmd.slice(0, 80) };
     if (/^kubectl\s+(get|describe|logs|exec\s+\S+\s+--\s+printenv|top|version|api-resources)\b/.test(cmd)) return { action: 'kubectl_get', target: cmd.slice(0, 80) };
     if (/^kubectl\s+(apply|delete|set|patch|rollout|scale|drain|cordon)\b/.test(cmd)) return { action: 'kubectl_apply', target: cmd.slice(0, 80) };
     if (/curl\s+.*\/api\/harness\/(delegate|codex|army|plan)/.test(cmd)) return { action: 'consult', target: 'harness' };
@@ -511,6 +528,7 @@ function docRef(canonicalFilename, genericDescription) {
 // colon, not a placeholder template). The substance check (added
 // 2026-04-26) defeats ritual emission — `nur: ok` no longer counts.
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 // Hamza directive 2026-04-28: 8-lens enforcement, not 4-of-8. The earlier
 // REQUIRED_LENSES=4 was a regression — owner caught it ("i no longer see
 // 8 lens cognition per turn"). All 8 canonical lenses must appear with
@@ -554,7 +572,7 @@ const SHORT_BASH_LIMIT = 30;
 //   (b) Single-line:    `# cognition: <label>=<text>; <label>=<text>; ...`
 //
 // Substance check applies (≥SUBSTANCE_MIN_CHARS, not a `<placeholder>`).
-// 4+ substantive lenses inline → gate passes, no transcript scan
+// All required substantive lenses inline → gate passes, no transcript scan
 // needed. Cognition becomes a property of THE ACTION, not of some
 // message somewhere — the deepest reading of "cognition before action."
 //
@@ -610,6 +628,32 @@ function detectInlineCognition(cmd) {
   return { count: names.length, names, hasSubstrateCite };
 }
 
+function validateAppliedCognitionContract(text, cmdText = '') {
+  const bodyText = `${String(text || '')}\n${String(cmdText || '')}`;
+  const block = bodyText.match(APPLIED_COGNITION_BLOCK_RX);
+  const inlineBody = String(cmdText || '')
+    .split('\n')
+    .filter((line) => /^\s*#\s*(?:decision[_ -]?delta|dominant[_ -]?domain|binds[_ -]?to|expected[_ -]?predicate|artifact[_ -]?change)\s*:/i.test(line))
+    .join('\n');
+  const contractBody = block ? block[1] : inlineBody;
+  if (!contractBody) return { ok: false, violations: ['missing <applied_cognition> contract or inline applied-cognition comments'] };
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(contractBody)) violations.push(`missing ${name}`);
+  }
+  if (/decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(contractBody)) {
+    violations.push('decision_delta says cognition changed nothing');
+  }
+  return { ok: violations.length === 0, violations, body: contractBody.trim() };
+}
+
 function normalizeInlineDirectiveBody(rawBody) {
   if (!rawBody) return '';
   const segments = String(rawBody)
@@ -671,6 +715,65 @@ function extractCurrentTurnAssistantText(event, toolInput) {
   return parts.join('\n\n').trim();
 }
 
+function extractTextForUserCorrection(content) {
+  if (Array.isArray(content)) {
+    return content.filter((block) => block && block.type === 'text').map((block) => block.text || '').filter(Boolean).join('\n');
+  }
+  return typeof content === 'string' ? content : '';
+}
+
+function isRuntimeInjectedUserText(text) {
+  return /^\s*\[tool_result\b/i.test(text) ||
+    /(?:PreToolUse:[A-Za-z]+ hook blocking error|Stop hook feedback:|Aria pre-tool gate:|Aria stop-gate:|<system-reminder>|<task-notification>|task-notification)/i.test(text);
+}
+
+function collectRecentRealUserText(event, transcriptPath, limit = 6) {
+  const texts = [];
+  const seen = new Set();
+  const pushText = (text) => {
+    const normalized = String(text || '').trim();
+    if (!normalized || seen.has(normalized) || isRuntimeInjectedUserText(normalized)) return;
+    seen.add(normalized);
+    texts.push(normalized);
+  };
+  const messages = Array.isArray(event?.messages) ? event.messages : [];
+  for (let i = messages.length - 1; i >= 0 && texts.length < limit; i--) {
+    const role = messages[i]?.message?.role ?? messages[i]?.role ?? messages[i]?.type;
+    if (role !== 'user') continue;
+    const content = messages[i]?.message?.content ?? messages[i]?.content ?? [];
+    if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
+    pushText(extractTextForUserCorrection(content));
+  }
+  if (transcriptPath && existsSync(transcriptPath) && texts.length < limit) {
+    try {
+      const lines = readFileSync(transcriptPath, 'utf-8').split('\n').filter(Boolean);
+      for (let i = lines.length - 1; i >= 0 && texts.length < limit; i--) {
+        let entry;
+        try { entry = JSON.parse(lines[i]); } catch { continue; }
+        const role = entry?.message?.role ?? entry?.role ?? entry?.type;
+        if (role !== 'user') continue;
+        const content = entry?.message?.content ?? entry?.content ?? [];
+        if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
+        pushText(extractTextForUserCorrection(content));
+      }
+    } catch {}
+  }
+  return texts.join('\n\n');
+}
+
+function userCorrectionBlocksCommand(userText, command) {
+  const text = String(userText || '');
+  const cmd = String(command || '');
+  if (!text || !cmd) return null;
+  const k8sMutation = /\bkubectl\s+(?:apply|delete|set\s+image|patch|replace|create|scale|rollout\s+(?:restart|undo))\b|scripts\/deploy-|\bdocker\s+push\b/i.test(cmd);
+  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,160}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?)\b/i.test(text);
+  if (explicitStop && k8sMutation) return 'recent user explicitly told the agent to stop deploy/restart command attempts';
+  const macTargetInCommand = /\bmlx-mac\b|\bdeployment\/mlx-mac|\bdeploy(?:ment)?\s+mlx-mac/i.test(cmd);
+  const macContradiction = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,140}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,140}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(text);
+  if (macTargetInCommand && macContradiction) return 'recent user contradicted the mlx-mac Kubernetes-pod/deployment assumption';
+  return null;
+}
+
 // Substance-checking lens detection (added 2026-04-26 per Hamza's
 // gate-improvement doctrine: form-only emission must not satisfy
 // the gate). For each lens, look for `<lens>: <content>` and verify
@@ -927,6 +1030,7 @@ try {
 
 const toolName = event.tool_name ?? event.toolName ?? '';
 const toolInput = event.tool_input ?? event.toolInput ?? {};
+const transcriptPath = event.transcript_path ?? event.transcriptPath;
 
 // Gate every action tool — every tool that mutates state must go through
 // cognition challenge. Hamza 2026-04-26: "regardless if u arent even
@@ -949,6 +1053,26 @@ const cmdPreview = toolName === 'Bash'
   ? cmd.slice(0, 80).replace(/\s+/g, ' ')
   : `${toolName} ${filePath || '(no path)'}`.slice(0, 80);
 
+if (toolName === 'Bash') {
+  const recentUserText = collectRecentRealUserText(event, transcriptPath);
+  const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
+  if (correctionBlockReason) {
+    const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
+
+${correctionBlockReason}.
+
+The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.`;
+    audit('block-user-correction-override', cmdPreview);
+    emitBlock(reason, { source: 'pre-tool/user-correction' });
+    process.exit(2);
+  }
+}
+
+if (toolName === 'Bash' && isOperationalMaintenanceCommand(cmd)) {
+  audit('allow-operational-maintenance kubectl-rollout-restart', cmdPreview);
+  process.exit(0);
+}
+
 // V3: per-command bypass removed entirely. The only escape valves are:
 //   (1) Trivial-bash whitelist — short read-only commands pass without cognition
 //   (2) ~/.claude/settings.json hook removal — visible user action Hamza controls
@@ -1032,7 +1156,6 @@ const HARD_LOOKBACK_CAP = 50;
 // window since the substance check defends quality regardless.
 const USER_BOUNDARIES_TO_CROSS = 5;
 
-const transcriptPath = event.transcript_path ?? event.transcriptPath;
 const recentAssistantTexts = [];
 const recentAssistantTextSet = new Set();
 function appendAssistantTexts(texts) {
@@ -1129,6 +1252,7 @@ const bestVerifyBody = (() => {
 })();
 const hasVerify = scoreVerifyFields(bestVerifyBody, VERIFY_REQUIRED_FIELDS) === VERIFY_REQUIRED_FIELDS.length;
 const hasCognition = lensCount >= REQUIRED_LENSES;
+const appliedContract = validateAppliedCognitionContract(unionText, cmd);
 const cognitionSource = inlineCog.count >= REQUIRED_LENSES
   ? 'inline-command'
   : eventCog.count >= REQUIRED_LENSES
@@ -1181,6 +1305,7 @@ function pushDecision(decision, reasonText) {
       hasVerify,
       hasCognition,
       hasSubstrateCite,
+      appliedCognitionContractOk: appliedContract.ok,
     },
   });
 }
@@ -1204,6 +1329,62 @@ Next response must do this in order:
 4. If the blocker is stale gate state or ledger residue, say that explicitly instead of inventing fake proof.`;
 }
 
+function buildForceRedoActionReason(reasonText, { source = 'pre-tool-gate', tool = toolName || 'unknown', lensCount = 0, requiredLenses = REQUIRED_LENSES } = {}) {
+  if (String(reasonText || '').includes('ARIA FORCE_REDO_ACTION')) return reasonText;
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `tool: ${tool}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction before tool execution.',
+    'Do not retry the same tool call unchanged. Re-author the action with cognition, proof, and expected outcome first.',
+    '',
+    'TEACHING:',
+    '- Pre-tool gates exist to make the model think before acting, not to merely throw after a bad action shape.',
+    '- The redo must name the failed mechanism, cite the current substrate, and state why the next action is safe.',
+    '- Do not bypass by disabling tools, changing endpoints from memory, shortening runtime, or asking Hamza to solve saved-memory ambiguity.',
+    '',
+    'ORIGINAL GATE REASON:',
+    String(reasonText || '').trim(),
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Emit/attach <cognition> with the required lenses before retrying the tool.',
+    '2. For Bash, prepend inline cognition comments to the command:',
+    '   # nur: <observed state and substrate, >=20 chars>',
+    '   # mizan: <risk/tradeoff and why this action is balanced, >=20 chars>',
+    '   # hikma: <doctrine applied and what it forbids, >=20 chars>',
+    '   # tafakkur: <second-order effects and expected result, >=20 chars>',
+    `3. Current cognition count: ${lensCount}/${requiredLenses}.`,
+    '4. If deploy/shared-infra: include <verify> with target, verified evidence, rollback, and axiom.',
+    '5. If non-trivial action: include <expected> with numeric/boolean/state-string predicate.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].join('\n');
+}
+
+function emitBlock(reasonText, meta = {}) {
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceRedoActionReason(reasonText, meta) }));
+}
+
+if (hasCognition && !appliedContract.ok) {
+  const reason = `Aria pre-tool gate: cognition exists but is not applied to the action.
+
+The harness no longer accepts cognition as decorative preface. Before a mutating tool call, cognition must produce an execution contract that changes or constrains the action.
+
+Violations:
+${appliedContract.violations.map((v) => `- ${v}`).join('\n')}
+
+Required contract, either in the assistant turn as <applied_cognition>...</applied_cognition> or inline Bash comments:
+decision_delta: <what changed because cognition ran; not "none">
+dominant_domain: <engineering_quality | trust | operations | security | product | ...>
+binds_to: <this exact tool call/action>
+expected_predicate: <numeric, boolean, or state-string predicate proving success>
+artifact_change: <how the artifact/action is different because cognition ran>`;
+  audit('block-applied-cognition-contract', cmdPreview);
+  pushDecision('block', `applied cognition contract missing: ${appliedContract.violations.join(', ')}`);
+  emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+
 // ── Deploy-specific gate (doctrine #104) ────────────────────────────────
 // Per feedback_deploy_requires_verify_cognition.md (Hamza 2026-04-28 after
 // consciousness.ts crash took aria-soul into CrashLoopBackOff): deploys
@@ -1355,7 +1536,7 @@ Re-emit verify+cognition with the missing pieces, then retry the deploy command.
     cmdPreview,
   );
   pushDecision('block', `deploy ${deployMatched.name}: ${reasons.join('; ')}`);
-  console.log(JSON.stringify({ decision: 'block', reason: refusal }));
+  emitBlock(refusal, { source: 'pre-tool/deploy', tool: toolName });
   process.exit(2);
 }
 
@@ -1399,7 +1580,7 @@ At least 4 substantive lenses required.`),
   `destructive:${matched.name}:${hasVerify ? 'need-cognition' : 'need-verify'}:${toolName}:${filePath || cmdPreview}`);
   audit(`block ${matched.name} verify=${hasVerify} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `destructive ${matched.name} missing ${!hasVerify ? 'verify' : 'cognition'}`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/destructive' });
   process.exit(2);
 }
 
@@ -1448,7 +1629,7 @@ No per-tool bypass available (v3 doctrine — the harness's whole purpose is no
 
   audit(`block ${toolName.toLowerCase()} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} missing cognition (${lensCount}/${REQUIRED_LENSES})`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/missing-cognition' });
   process.exit(2);
 }
 
@@ -1479,7 +1660,7 @@ No env-var disable path — gates are unconditional from the gated process per H
 
   audit(`block-discovery-unresolved ${toolName.toLowerCase()}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} cognition has unresolved discovery`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/discovery-binding' });
   process.exit(2);
 }
 
@@ -1543,7 +1724,7 @@ No bypass — doctrine:dalio_expected_required is unconditional for non-trivial
 
     audit(`block-expected-missing ${toolName.toLowerCase()}`, cmdPreview);
     pushDecision('block', `${toolName.toLowerCase()} missing <expected> measurable predicate`);
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/discovery-binding' });
     process.exit(2);
   }
 }
@@ -1626,7 +1807,7 @@ Read it first (it is in your environment as ARIA_HARNESS_PACKET_PATH), then refe
 
 Cognition-theater rejected per feedback_gates_enforce_form_not_substance.md.`;
     audit(`block-subagent-no-packet-cite ${toolName.toLowerCase()}`, cmdPreview);
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/architecture-facts' });
     process.exit(2);
   }
 })();
@@ -1669,7 +1850,7 @@ Rule references:
   R10 no_kubectl_apply_for_image_drift — kubectl apply on aria-soul-stateful (project_forge_psi_oom_cascade.md)
   R11 no_console_log_secrets         — console.log with TOKEN/PASSWORD/SECRET/API_KEY/JWT/BEARER`;
     audit(`block-arch-facts ${toolName.toLowerCase()} path=${filePath}`, `violations=${archResult.violations?.length ?? 0}`);
-    console.log(JSON.stringify({ decision: 'block', reason: archReason }));
+    emitBlock(archReason, { source: 'pre-tool/architecture-facts' });
     process.exit(2);
   }
 }
@@ -1771,7 +1952,7 @@ What Claude must do:
 3. Wait for next user prompt — preprompt-consult will retry; if it succeeds a plan will exist on next tool call
 
 Non-trivial actions are blocked until a plan exists. Trivial reads (ls/cat/grep) bypass automatically per existing whitelist. To temporarily disable binding for emergency: ARIA_BINDING_ENABLED=false (logged).`;
-      console.log(JSON.stringify({ decision: 'block', reason }));
+      emitBlock(reason, { source: 'pre-tool/substrate-binding' });
       process.exit(2);
     }
   }
@@ -1790,7 +1971,7 @@ What Claude must do:
 3. Don't continue executing actions beyond the issued plan boundary
 
 This prevents Claude from drifting past Aria's authorized scope.`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/substrate-binding' });
     process.exit(2);
   }
 
@@ -1827,7 +2008,7 @@ This prevents Claude from drifting past Aria's authorized scope.`;
       if (!freshPhaseInfo || freshPhaseInfo.abortedHere) {
         bindingAuditAppend({ event: 'block_aborted_phase_post_fallback_still_bad', sessionId, planId: plan.planId });
         const reason = `Aria binding gate: aborted phase recovery minted plan ${plan.planId} but new plan also has no usable phase. Manual intervention required.`;
-        console.log(JSON.stringify({ decision: 'block', reason }));
+        emitBlock(reason, { source: 'pre-tool/dalio-expected' });
         process.exit(2);
       }
       phaseInfo = freshPhaseInfo;
@@ -1836,7 +2017,7 @@ This prevents Claude from drifting past Aria's authorized scope.`;
       const reason = `Aria binding gate: phase ${phaseInfo.phase.id} of plan ${plan.planId} was reported aborted AND inline architect-fallback failed (exit=${architectExit}). Plan progression halted. ${architectStderr ? 'Architect stderr: ' + architectStderr : ''}
 
 What Claude must do: emit [PLAN_BLOCKER reason="<concrete observation>" suggestedAmendment="<if any>"] for Hamza/Aria to issue a corrected plan. Do not continue executing the aborted plan.`;
-      console.log(JSON.stringify({ decision: 'block', reason }));
+      emitBlock(reason, { source: 'pre-tool/dalio-expected' });
       process.exit(2);
     }
   }
@@ -1864,7 +2045,7 @@ Forbidden actions for this phase: ${(phase.forbiddenActions || []).join(', ') ||
 Allowed actions for this phase: ${(phase.allowedActions || []).join(', ') || '(none)'}
 
 Claude must either: (a) reframe the action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] requesting Aria amend the plan.${recipeAddendum}`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/output-claim' });
     process.exit(2);
   }
 
@@ -1883,7 +2064,7 @@ Phase summary: ${phase.summary}
 Allowed actions: ${(phase.allowedActions || []).join(', ') || '(none — phase is observation-only)'}
 
 Claude must either: (a) reframe action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] for plan amendment.${recipeAddendum}`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/output-claim' });
     process.exit(2);
   }
 
@@ -2025,7 +2206,7 @@ try {
 The substrate's contract gate refused this action. Local doctrine gates passed (cognition lenses, binding plan, drift) but the substrate sees a downstream contract that disallows this tool call. Address the substrate's reason above before retrying.`;
       audit(`block-substrate-checkAction ${toolName.toLowerCase()} action=${__action} reason="${(__check.reason || '').slice(0, 80)}"`, cmdPreview);
       pushDecision('block', `substrate checkAction denied: ${(__check.reason || 'unspecified').slice(0, 100)}`);
-      console.log(JSON.stringify({ decision: 'block', reason: __reason }));
+      emitBlock(__reason, { source: 'pre-tool/final' });
       process.exit(2);
     }
   }
@@ -2218,7 +2399,7 @@ causes merge conflicts and state divergence. Explicit coordination is the only s
   pushDecision('block', `hive session-lock conflict on ${_lockCheckPath.slice(0, 80)}`);
   console.log(JSON.stringify({
     decision: 'block',
-    reason: _lockBlockReason,
+    reason: buildForceRedoActionReason(_lockBlockReason, { source: 'pre-tool/hive-lock-conflict', tool: toolName || 'unknown' }),
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',
       conflicting_locks: _conflictingLocks,

package/hooks/aria-preprompt-consult.mjs

@@ -109,7 +109,27 @@ const HARNESS_URL =
   process.env.ARIA_HARNESS_BASE_URL ||
   process.env.ARIA_HARNESS_URL ||
   'https://harness.ariasos.com';
-const HARNESS_TOKEN = process.env.ARIA_HARNESS_TOKEN || '30b18f0a302b03ae862de8a75021238d23e47464fd5d8f6a9324240933745587';
+function resolveHarnessToken() {
+  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
+  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
+  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
+  try {
+    if (existsSync(OWNER_TOKEN_PATH)) {
+      const token = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
+      if (token) return token;
+    }
+  } catch {}
+  try {
+    const licensePath = `${HOME}/.aria/license.json`;
+    if (existsSync(licensePath)) {
+      const license = JSON.parse(readFileSync(licensePath, 'utf8'));
+      if (license.harnessToken) return String(license.harnessToken).trim();
+      if (license.token) return String(license.token).trim();
+    }
+  } catch {}
+  return '';
+}
+const HARNESS_TOKEN = resolveHarnessToken();
 const MIN_PROMPT_CHARS = 40;        // skip auto-consult on trivial prompts
 const MAX_DIRECTION_CHARS = 4000;   // cap injected chunk size
 
@@ -248,6 +268,8 @@ Respond with EXACTLY this JSON shape:
       "successCriterion": "<observable signal of completion>",
       "abortCriterion": "<observable signal of failure>",
       "doctrineRefs": ["<memory_filename.md>", ...],
+      "cognitionUse": "<how Aria cognition should change the executor's tool/input/output shape for this phase>",
+      "evidenceRequired": ["<observable proof the executor must collect before reporting complete>"],
       "allowedActions": ["read", "edit:<path-pattern>", "kubectl_get", "consult", "bash_safe", "..."],
       "forbiddenActions": ["kubectl_apply", "edit:<path-pattern>", "..."]
     }
@@ -259,7 +281,9 @@ Respond with EXACTLY this JSON shape:
   }
 }
 
-Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.` : `Pre-prompt direction request from Claude orchestrator.
+Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.
+
+Every phase must include cognitionUse and evidenceRequired. cognitionUse tells Claude how Aria's cognition should improve the actual tool input, edit shape, review scope, or final output. evidenceRequired tells Claude what observation must be collected before reporting the phase complete.` : `Pre-prompt direction request from Claude orchestrator.
 
 The user just submitted this prompt:
 
@@ -280,6 +304,8 @@ thinking from training reflex. Be concrete:
      (NOT a reflexive "want me to" deferral).
   4. Mizan check: any risk patterns in this prompt — over-scope creep,
      over-replacement temptation, tier-substitution temptation, etc.
+  5. How should Aria cognition improve Claude's actual input/output shape —
+     what should be more specific, safer, more evidence-bound, or differently scoped?
 
 Keep direction under 1500 chars. This is the pre-load context for Claude's
 turn — not the final response. Claude will still emit cognition + action;