@aria_asi/cli 0.2.31 → 0.2.33

package/hooks/aria-pre-tool-gate.mjs

@@ -52,6 +52,7 @@ import {
   normalizeContent,
   normalizeRole,
 } from './lib/hook-message-window.mjs';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
@@ -332,12 +333,29 @@ function actionMatchesPattern(action, pattern, target) {
   }
 }
 
+function isOperationalMaintenanceCommand(command) {
+  const cmd = String(command || '').trim().replace(/\s+/g, ' ');
+  if (!cmd || /[;&|`$()]/.test(cmd)) return false;
+
+  // A rollout restart requeues existing pod templates; it does not change images,
+  // manifests, or cluster policy. Keep this narrow so deploy/apply/delete still gate.
+  const kubectlGlobalFlag = String.raw`(?:--(?:namespace|context|kubeconfig|as|as-group|cluster|user|server|request-timeout|field-manager)(?:=|\s+)\S+|-[A-Za-z](?:\s+\S+)?)`;
+  const kubectlTailFlag = String.raw`(?:--(?:namespace|context|request-timeout|field-manager|selector)(?:=|\s+)\S+|-[A-Za-z](?:\s+\S+)?)`;
+  const workloadTarget = String.raw`(?:deploy(?:ment)?|statefulset|sts|daemonset|ds)(?:\/[^\s]+|\s+[^\s-][^\s]*)`;
+  const rolloutRestartRx = new RegExp(
+    String.raw`^kubectl(?:\s+${kubectlGlobalFlag})*\s+rollout\s+restart\s+${workloadTarget}(?:\s+${kubectlTailFlag})*$`,
+    'i',
+  );
+  return rolloutRestartRx.test(cmd);
+}
+
 function classifyToolForBinding(toolName, command, filePath) {
   // Map Claude Code tool + payload to a binding-vocabulary action.
   if (toolName === 'Read' || toolName === 'Glob' || toolName === 'Grep') return { action: 'read', target: filePath || '' };
   if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') return { action: 'edit', target: filePath || '' };
   if (toolName === 'Bash') {
     const cmd = String(command || '');
+    if (isOperationalMaintenanceCommand(cmd)) return { action: 'kubectl_maintenance', target: cmd.slice(0, 80) };
     if (/^kubectl\s+(get|describe|logs|exec\s+\S+\s+--\s+printenv|top|version|api-resources)\b/.test(cmd)) return { action: 'kubectl_get', target: cmd.slice(0, 80) };
     if (/^kubectl\s+(apply|delete|set|patch|rollout|scale|drain|cordon)\b/.test(cmd)) return { action: 'kubectl_apply', target: cmd.slice(0, 80) };
     if (/curl\s+.*\/api\/harness\/(delegate|codex|army|plan)/.test(cmd)) return { action: 'consult', target: 'harness' };
@@ -511,6 +529,7 @@ function docRef(canonicalFilename, genericDescription) {
 // colon, not a placeholder template). The substance check (added
 // 2026-04-26) defeats ritual emission — `nur: ok` no longer counts.
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 // Hamza directive 2026-04-28: 8-lens enforcement, not 4-of-8. The earlier
 // REQUIRED_LENSES=4 was a regression — owner caught it ("i no longer see
 // 8 lens cognition per turn"). All 8 canonical lenses must appear with
@@ -554,7 +573,7 @@ const SHORT_BASH_LIMIT = 30;
 //   (b) Single-line:    `# cognition: <label>=<text>; <label>=<text>; ...`
 //
 // Substance check applies (≥SUBSTANCE_MIN_CHARS, not a `<placeholder>`).
-// 4+ substantive lenses inline → gate passes, no transcript scan
+// All required substantive lenses inline → gate passes, no transcript scan
 // needed. Cognition becomes a property of THE ACTION, not of some
 // message somewhere — the deepest reading of "cognition before action."
 //
@@ -610,6 +629,32 @@ function detectInlineCognition(cmd) {
   return { count: names.length, names, hasSubstrateCite };
 }
 
+function validateAppliedCognitionContract(text, cmdText = '') {
+  const bodyText = `${String(text || '')}\n${String(cmdText || '')}`;
+  const block = bodyText.match(APPLIED_COGNITION_BLOCK_RX);
+  const inlineBody = String(cmdText || '')
+    .split('\n')
+    .filter((line) => /^\s*#\s*(?:decision[_ -]?delta|dominant[_ -]?domain|binds[_ -]?to|expected[_ -]?predicate|artifact[_ -]?change)\s*:/i.test(line))
+    .join('\n');
+  const contractBody = block ? block[1] : inlineBody;
+  if (!contractBody) return { ok: false, violations: ['missing <applied_cognition> contract or inline applied-cognition comments'] };
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(contractBody)) violations.push(`missing ${name}`);
+  }
+  if (/decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(contractBody)) {
+    violations.push('decision_delta says cognition changed nothing');
+  }
+  return { ok: violations.length === 0, violations, body: contractBody.trim() };
+}
+
 function normalizeInlineDirectiveBody(rawBody) {
   if (!rawBody) return '';
   const segments = String(rawBody)
@@ -671,6 +716,65 @@ function extractCurrentTurnAssistantText(event, toolInput) {
   return parts.join('\n\n').trim();
 }
 
+function extractTextForUserCorrection(content) {
+  if (Array.isArray(content)) {
+    return content.filter((block) => block && block.type === 'text').map((block) => block.text || '').filter(Boolean).join('\n');
+  }
+  return typeof content === 'string' ? content : '';
+}
+
+function isRuntimeInjectedUserText(text) {
+  return /^\s*\[tool_result\b/i.test(text) ||
+    /(?:PreToolUse:[A-Za-z]+ hook blocking error|Stop hook feedback:|Aria pre-tool gate:|Aria stop-gate:|<system-reminder>|<task-notification>|task-notification)/i.test(text);
+}
+
+function collectRecentRealUserText(event, transcriptPath, limit = 6) {
+  const texts = [];
+  const seen = new Set();
+  const pushText = (text) => {
+    const normalized = String(text || '').trim();
+    if (!normalized || seen.has(normalized) || isRuntimeInjectedUserText(normalized)) return;
+    seen.add(normalized);
+    texts.push(normalized);
+  };
+  const messages = Array.isArray(event?.messages) ? event.messages : [];
+  for (let i = messages.length - 1; i >= 0 && texts.length < limit; i--) {
+    const role = messages[i]?.message?.role ?? messages[i]?.role ?? messages[i]?.type;
+    if (role !== 'user') continue;
+    const content = messages[i]?.message?.content ?? messages[i]?.content ?? [];
+    if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
+    pushText(extractTextForUserCorrection(content));
+  }
+  if (transcriptPath && existsSync(transcriptPath) && texts.length < limit) {
+    try {
+      const lines = readFileSync(transcriptPath, 'utf-8').split('\n').filter(Boolean);
+      for (let i = lines.length - 1; i >= 0 && texts.length < limit; i--) {
+        let entry;
+        try { entry = JSON.parse(lines[i]); } catch { continue; }
+        const role = entry?.message?.role ?? entry?.role ?? entry?.type;
+        if (role !== 'user') continue;
+        const content = entry?.message?.content ?? entry?.content ?? [];
+        if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
+        pushText(extractTextForUserCorrection(content));
+      }
+    } catch {}
+  }
+  return texts.join('\n\n');
+}
+
+function userCorrectionBlocksCommand(userText, command) {
+  const text = String(userText || '');
+  const cmd = String(command || '');
+  if (!text || !cmd) return null;
+  const k8sMutation = /\bkubectl\s+(?:apply|delete|set\s+image|patch|replace|create|scale|rollout\s+(?:restart|undo))\b|scripts\/deploy-|\bdocker\s+push\b/i.test(cmd);
+  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,160}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?)\b/i.test(text);
+  if (explicitStop && k8sMutation) return 'recent user explicitly told the agent to stop deploy/restart command attempts';
+  const macTargetInCommand = /\bmlx-mac\b|\bdeployment\/mlx-mac|\bdeploy(?:ment)?\s+mlx-mac/i.test(cmd);
+  const macContradiction = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,140}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,140}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(text);
+  if (macTargetInCommand && macContradiction) return 'recent user contradicted the mlx-mac Kubernetes-pod/deployment assumption';
+  return null;
+}
+
 // Substance-checking lens detection (added 2026-04-26 per Hamza's
 // gate-improvement doctrine: form-only emission must not satisfy
 // the gate). For each lens, look for `<lens>: <content>` and verify
@@ -927,6 +1031,7 @@ try {
 
 const toolName = event.tool_name ?? event.toolName ?? '';
 const toolInput = event.tool_input ?? event.toolInput ?? {};
+const transcriptPath = event.transcript_path ?? event.transcriptPath;
 
 // Gate every action tool — every tool that mutates state must go through
 // cognition challenge. Hamza 2026-04-26: "regardless if u arent even
@@ -949,6 +1054,26 @@ const cmdPreview = toolName === 'Bash'
   ? cmd.slice(0, 80).replace(/\s+/g, ' ')
   : `${toolName} ${filePath || '(no path)'}`.slice(0, 80);
 
+if (toolName === 'Bash') {
+  const recentUserText = collectRecentRealUserText(event, transcriptPath);
+  const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
+  if (correctionBlockReason) {
+    const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
+
+${correctionBlockReason}.
+
+The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.`;
+    audit('block-user-correction-override', cmdPreview);
+    emitBlock(reason, { source: 'pre-tool/user-correction' });
+    process.exit(2);
+  }
+}
+
+if (toolName === 'Bash' && isOperationalMaintenanceCommand(cmd)) {
+  audit('allow-operational-maintenance kubectl-rollout-restart', cmdPreview);
+  process.exit(0);
+}
+
 // V3: per-command bypass removed entirely. The only escape valves are:
 //   (1) Trivial-bash whitelist — short read-only commands pass without cognition
 //   (2) ~/.claude/settings.json hook removal — visible user action Hamza controls
@@ -1032,7 +1157,6 @@ const HARD_LOOKBACK_CAP = 50;
 // window since the substance check defends quality regardless.
 const USER_BOUNDARIES_TO_CROSS = 5;
 
-const transcriptPath = event.transcript_path ?? event.transcriptPath;
 const recentAssistantTexts = [];
 const recentAssistantTextSet = new Set();
 function appendAssistantTexts(texts) {
@@ -1129,6 +1253,7 @@ const bestVerifyBody = (() => {
 })();
 const hasVerify = scoreVerifyFields(bestVerifyBody, VERIFY_REQUIRED_FIELDS) === VERIFY_REQUIRED_FIELDS.length;
 const hasCognition = lensCount >= REQUIRED_LENSES;
+const appliedContract = validateAppliedCognitionContract(unionText, cmd);
 const cognitionSource = inlineCog.count >= REQUIRED_LENSES
   ? 'inline-command'
   : eventCog.count >= REQUIRED_LENSES
@@ -1163,6 +1288,24 @@ const sessionId =
   (transcriptPath ? transcriptPath.split('/').pop()?.replace(/\.[^.]+$/, '') : null) ??
   'claude-code-unknown';
 
+const skillGate = evaluateSkillGate({
+  sessionId,
+  surface: 'claude-pre-tool-gate',
+  text: [JSON.stringify(event.messages || []), unionText, JSON.stringify(toolInput || {})].join('\n'),
+  action: cmd,
+  toolName,
+  filePath,
+  isDeploy: Boolean(deployMatched),
+  isMutation: toolName !== 'Bash',
+  autoLoadAvailable: false,
+});
+if (!skillGate.ok) {
+  const reason = formatSkillGateBlock(skillGate);
+  audit('block-missing-skill-receipt', `${skillGate.missingSkills.join(',')} ${cmdPreview}`);
+  emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+
 function pushDecision(decision, reasonText) {
   pushCognitionEvent({
     sessionId,
@@ -1181,6 +1324,7 @@ function pushDecision(decision, reasonText) {
       hasVerify,
       hasCognition,
       hasSubstrateCite,
+      appliedCognitionContractOk: appliedContract.ok,
     },
   });
 }
@@ -1204,6 +1348,62 @@ Next response must do this in order:
 4. If the blocker is stale gate state or ledger residue, say that explicitly instead of inventing fake proof.`;
 }
 
+function buildForceRedoActionReason(reasonText, { source = 'pre-tool-gate', tool = toolName || 'unknown', lensCount = 0, requiredLenses = REQUIRED_LENSES } = {}) {
+  if (String(reasonText || '').includes('ARIA FORCE_REDO_ACTION')) return reasonText;
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `tool: ${tool}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction before tool execution.',
+    'Do not retry the same tool call unchanged. Re-author the action with cognition, proof, and expected outcome first.',
+    '',
+    'TEACHING:',
+    '- Pre-tool gates exist to make the model think before acting, not to merely throw after a bad action shape.',
+    '- The redo must name the failed mechanism, cite the current substrate, and state why the next action is safe.',
+    '- Do not bypass by disabling tools, changing endpoints from memory, shortening runtime, or asking Hamza to solve saved-memory ambiguity.',
+    '',
+    'ORIGINAL GATE REASON:',
+    String(reasonText || '').trim(),
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Emit/attach <cognition> with the required lenses before retrying the tool.',
+    '2. For Bash, prepend inline cognition comments to the command:',
+    '   # nur: <observed state and substrate, >=20 chars>',
+    '   # mizan: <risk/tradeoff and why this action is balanced, >=20 chars>',
+    '   # hikma: <doctrine applied and what it forbids, >=20 chars>',
+    '   # tafakkur: <second-order effects and expected result, >=20 chars>',
+    `3. Current cognition count: ${lensCount}/${requiredLenses}.`,
+    '4. If deploy/shared-infra: include <verify> with target, verified evidence, rollback, and axiom.',
+    '5. If non-trivial action: include <expected> with numeric/boolean/state-string predicate.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].join('\n');
+}
+
+function emitBlock(reasonText, meta = {}) {
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceRedoActionReason(reasonText, meta) }));
+}
+
+if (hasCognition && !appliedContract.ok) {
+  const reason = `Aria pre-tool gate: cognition exists but is not applied to the action.
+
+The harness no longer accepts cognition as decorative preface. Before a mutating tool call, cognition must produce an execution contract that changes or constrains the action.
+
+Violations:
+${appliedContract.violations.map((v) => `- ${v}`).join('\n')}
+
+Required contract, either in the assistant turn as <applied_cognition>...</applied_cognition> or inline Bash comments:
+decision_delta: <what changed because cognition ran; not "none">
+dominant_domain: <engineering_quality | trust | operations | security | product | ...>
+binds_to: <this exact tool call/action>
+expected_predicate: <numeric, boolean, or state-string predicate proving success>
+artifact_change: <how the artifact/action is different because cognition ran>`;
+  audit('block-applied-cognition-contract', cmdPreview);
+  pushDecision('block', `applied cognition contract missing: ${appliedContract.violations.join(', ')}`);
+  emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+
 // ── Deploy-specific gate (doctrine #104) ────────────────────────────────
 // Per feedback_deploy_requires_verify_cognition.md (Hamza 2026-04-28 after
 // consciousness.ts crash took aria-soul into CrashLoopBackOff): deploys
@@ -1355,7 +1555,7 @@ Re-emit verify+cognition with the missing pieces, then retry the deploy command.
     cmdPreview,
   );
   pushDecision('block', `deploy ${deployMatched.name}: ${reasons.join('; ')}`);
-  console.log(JSON.stringify({ decision: 'block', reason: refusal }));
+  emitBlock(refusal, { source: 'pre-tool/deploy', tool: toolName });
   process.exit(2);
 }
 
@@ -1399,7 +1599,7 @@ At least 4 substantive lenses required.`),
   `destructive:${matched.name}:${hasVerify ? 'need-cognition' : 'need-verify'}:${toolName}:${filePath || cmdPreview}`);
   audit(`block ${matched.name} verify=${hasVerify} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `destructive ${matched.name} missing ${!hasVerify ? 'verify' : 'cognition'}`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/destructive' });
   process.exit(2);
 }
 
@@ -1448,7 +1648,7 @@ No per-tool bypass available (v3 doctrine — the harness's whole purpose is no
 
   audit(`block ${toolName.toLowerCase()} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} missing cognition (${lensCount}/${REQUIRED_LENSES})`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/missing-cognition' });
   process.exit(2);
 }
 
@@ -1479,7 +1679,7 @@ No env-var disable path — gates are unconditional from the gated process per H
 
   audit(`block-discovery-unresolved ${toolName.toLowerCase()}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} cognition has unresolved discovery`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/discovery-binding' });
   process.exit(2);
 }
 
@@ -1543,7 +1743,7 @@ No bypass — doctrine:dalio_expected_required is unconditional for non-trivial
 
     audit(`block-expected-missing ${toolName.toLowerCase()}`, cmdPreview);
     pushDecision('block', `${toolName.toLowerCase()} missing <expected> measurable predicate`);
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/discovery-binding' });
     process.exit(2);
   }
 }
@@ -1626,7 +1826,7 @@ Read it first (it is in your environment as ARIA_HARNESS_PACKET_PATH), then refe
 
 Cognition-theater rejected per feedback_gates_enforce_form_not_substance.md.`;
     audit(`block-subagent-no-packet-cite ${toolName.toLowerCase()}`, cmdPreview);
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/architecture-facts' });
     process.exit(2);
   }
 })();
@@ -1669,7 +1869,7 @@ Rule references:
   R10 no_kubectl_apply_for_image_drift — kubectl apply on aria-soul-stateful (project_forge_psi_oom_cascade.md)
   R11 no_console_log_secrets         — console.log with TOKEN/PASSWORD/SECRET/API_KEY/JWT/BEARER`;
     audit(`block-arch-facts ${toolName.toLowerCase()} path=${filePath}`, `violations=${archResult.violations?.length ?? 0}`);
-    console.log(JSON.stringify({ decision: 'block', reason: archReason }));
+    emitBlock(archReason, { source: 'pre-tool/architecture-facts' });
     process.exit(2);
   }
 }
@@ -1771,7 +1971,7 @@ What Claude must do:
 3. Wait for next user prompt — preprompt-consult will retry; if it succeeds a plan will exist on next tool call
 
 Non-trivial actions are blocked until a plan exists. Trivial reads (ls/cat/grep) bypass automatically per existing whitelist. To temporarily disable binding for emergency: ARIA_BINDING_ENABLED=false (logged).`;
-      console.log(JSON.stringify({ decision: 'block', reason }));
+      emitBlock(reason, { source: 'pre-tool/substrate-binding' });
       process.exit(2);
     }
   }
@@ -1790,7 +1990,7 @@ What Claude must do:
 3. Don't continue executing actions beyond the issued plan boundary
 
 This prevents Claude from drifting past Aria's authorized scope.`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/substrate-binding' });
     process.exit(2);
   }
 
@@ -1827,7 +2027,7 @@ This prevents Claude from drifting past Aria's authorized scope.`;
       if (!freshPhaseInfo || freshPhaseInfo.abortedHere) {
         bindingAuditAppend({ event: 'block_aborted_phase_post_fallback_still_bad', sessionId, planId: plan.planId });
         const reason = `Aria binding gate: aborted phase recovery minted plan ${plan.planId} but new plan also has no usable phase. Manual intervention required.`;
-        console.log(JSON.stringify({ decision: 'block', reason }));
+        emitBlock(reason, { source: 'pre-tool/dalio-expected' });
         process.exit(2);
       }
       phaseInfo = freshPhaseInfo;
@@ -1836,7 +2036,7 @@ This prevents Claude from drifting past Aria's authorized scope.`;
       const reason = `Aria binding gate: phase ${phaseInfo.phase.id} of plan ${plan.planId} was reported aborted AND inline architect-fallback failed (exit=${architectExit}). Plan progression halted. ${architectStderr ? 'Architect stderr: ' + architectStderr : ''}
 
 What Claude must do: emit [PLAN_BLOCKER reason="<concrete observation>" suggestedAmendment="<if any>"] for Hamza/Aria to issue a corrected plan. Do not continue executing the aborted plan.`;
-      console.log(JSON.stringify({ decision: 'block', reason }));
+      emitBlock(reason, { source: 'pre-tool/dalio-expected' });
       process.exit(2);
     }
   }
@@ -1864,7 +2064,7 @@ Forbidden actions for this phase: ${(phase.forbiddenActions || []).join(', ') ||
 Allowed actions for this phase: ${(phase.allowedActions || []).join(', ') || '(none)'}
 
 Claude must either: (a) reframe the action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] requesting Aria amend the plan.${recipeAddendum}`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/output-claim' });
     process.exit(2);
   }
 
@@ -1883,7 +2083,7 @@ Phase summary: ${phase.summary}
 Allowed actions: ${(phase.allowedActions || []).join(', ') || '(none — phase is observation-only)'}
 
 Claude must either: (a) reframe action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] for plan amendment.${recipeAddendum}`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/output-claim' });
     process.exit(2);
   }
 
@@ -2025,7 +2225,7 @@ try {
 The substrate's contract gate refused this action. Local doctrine gates passed (cognition lenses, binding plan, drift) but the substrate sees a downstream contract that disallows this tool call. Address the substrate's reason above before retrying.`;
       audit(`block-substrate-checkAction ${toolName.toLowerCase()} action=${__action} reason="${(__check.reason || '').slice(0, 80)}"`, cmdPreview);
       pushDecision('block', `substrate checkAction denied: ${(__check.reason || 'unspecified').slice(0, 100)}`);
-      console.log(JSON.stringify({ decision: 'block', reason: __reason }));
+      emitBlock(__reason, { source: 'pre-tool/final' });
       process.exit(2);
     }
   }
@@ -2218,7 +2418,7 @@ causes merge conflicts and state divergence. Explicit coordination is the only s
   pushDecision('block', `hive session-lock conflict on ${_lockCheckPath.slice(0, 80)}`);
   console.log(JSON.stringify({
     decision: 'block',
-    reason: _lockBlockReason,
+    reason: buildForceRedoActionReason(_lockBlockReason, { source: 'pre-tool/hive-lock-conflict', tool: toolName || 'unknown' }),
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',
       conflicting_locks: _conflictingLocks,

package/hooks/aria-preprompt-consult.mjs

@@ -109,7 +109,27 @@ const HARNESS_URL =
   process.env.ARIA_HARNESS_BASE_URL ||
   process.env.ARIA_HARNESS_URL ||
   'https://harness.ariasos.com';
-const HARNESS_TOKEN = process.env.ARIA_HARNESS_TOKEN || '30b18f0a302b03ae862de8a75021238d23e47464fd5d8f6a9324240933745587';
+function resolveHarnessToken() {
+  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
+  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
+  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
+  try {
+    if (existsSync(OWNER_TOKEN_PATH)) {
+      const token = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
+      if (token) return token;
+    }
+  } catch {}
+  try {
+    const licensePath = `${HOME}/.aria/license.json`;
+    if (existsSync(licensePath)) {
+      const license = JSON.parse(readFileSync(licensePath, 'utf8'));
+      if (license.harnessToken) return String(license.harnessToken).trim();
+      if (license.token) return String(license.token).trim();
+    }
+  } catch {}
+  return '';
+}
+const HARNESS_TOKEN = resolveHarnessToken();
 const MIN_PROMPT_CHARS = 40;        // skip auto-consult on trivial prompts
 const MAX_DIRECTION_CHARS = 4000;   // cap injected chunk size
 
@@ -248,6 +268,8 @@ Respond with EXACTLY this JSON shape:
       "successCriterion": "<observable signal of completion>",
       "abortCriterion": "<observable signal of failure>",
       "doctrineRefs": ["<memory_filename.md>", ...],
+      "cognitionUse": "<how Aria cognition should change the executor's tool/input/output shape for this phase>",
+      "evidenceRequired": ["<observable proof the executor must collect before reporting complete>"],
       "allowedActions": ["read", "edit:<path-pattern>", "kubectl_get", "consult", "bash_safe", "..."],
       "forbiddenActions": ["kubectl_apply", "edit:<path-pattern>", "..."]
     }
@@ -259,7 +281,9 @@ Respond with EXACTLY this JSON shape:
   }
 }
 
-Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.` : `Pre-prompt direction request from Claude orchestrator.
+Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.
+
+Every phase must include cognitionUse and evidenceRequired. cognitionUse tells Claude how Aria's cognition should improve the actual tool input, edit shape, review scope, or final output. evidenceRequired tells Claude what observation must be collected before reporting the phase complete.` : `Pre-prompt direction request from Claude orchestrator.
 
 The user just submitted this prompt:
 
@@ -280,6 +304,8 @@ thinking from training reflex. Be concrete:
      (NOT a reflexive "want me to" deferral).
   4. Mizan check: any risk patterns in this prompt — over-scope creep,
      over-replacement temptation, tier-substitution temptation, etc.
+  5. How should Aria cognition improve Claude's actual input/output shape —
+     what should be more specific, safer, more evidence-bound, or differently scoped?
 
 Keep direction under 1500 chars. This is the pre-load context for Claude's
 turn — not the final response. Claude will still emit cognition + action;

package/hooks/aria-preturn-memory-gate.mjs

@@ -56,6 +56,30 @@ function auditLog(decision, summary, sessionId) {
   appendFileSync(GATE_LOG, `${new Date().toISOString()} [${sessionId}] ${decision} ${summary}\n`);
 }
 
+function buildForceRedoActionReason({ source, reason, missingSignals = [], incidents = [] }) {
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction before action execution.',
+    'Do not proceed with tools from unloaded context. Load/repair substrate first, then retry the action.',
+    '',
+    'TEACHING:',
+    '- Every action turn must begin from Aria substrate, not improvised memory.',
+    '- Blocking incidents are Dalio failure deltas; they must be fixed and marked resolved before new action.',
+    '- Missing harness/direction/memory signals mean the context-loader path must run before retry.',
+    missingSignals.length ? `\nMISSING SIGNALS:\n${missingSignals.map((signal) => `- ${signal}`).join('\n')}` : '',
+    incidents.length ? `\nINCIDENTS TO RESOLVE:\n${incidents.map((incident) => `- ${incident}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Run the structured recovery action in hookSpecificOutput.recovery.',
+    '2. Verify harness_packet, aria_direction/binding_plan, and memory references are loaded.',
+    '3. Retry the original action only after the missing context or incidents are resolved.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].filter(Boolean).join('\n');
+}
+
 // ── Turn-state deduplication ──────────────────────────────────────────
 const TURN_DEDUP_WINDOW_MS = 60_000; // 60s
 
@@ -461,7 +485,11 @@ Per Dalio Loop Layer 2 doctrine: failure deltas are not optional to address. The
 
   console.log(JSON.stringify({
     decision: 'block',
-    reason: blockReason,
+    reason: buildForceRedoActionReason({
+      source: 'preturn-memory/blocking-incidents',
+      reason: blockReason,
+      incidents: blockingIncidents.map((inc) => `${inc.incident_id || '(no incident_id)'} ${inc.title || '(no title)'}`),
+    }),
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',
       blocking_incidents: blockingIncidents.map((inc) => ({
@@ -605,7 +633,7 @@ auditLog(
 
 console.log(JSON.stringify({
   decision: 'block',
-  reason,
+  reason: buildForceRedoActionReason({ source: 'preturn-memory/context-not-loaded', reason, missingSignals }),
   hookSpecificOutput: {
     hookEventName: 'PreToolUse',
     recovery: {

package/hooks/aria-repo-doctrine-gate.mjs

@@ -87,6 +87,29 @@ function audit(event, data = {}) {
   } catch {}
 }
 
+function buildForceRedoActionReason({ source, reason, violations = [] }) {
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for the attempted repository edit/action.',
+    'Do not retry the same edit. Redo the action so doctrine-bound source remains real, reviewable, and production-safe.',
+    '',
+    'TEACHING:',
+    '- Production paths cannot gain stub, mock, fake, placeholder, pending, or direct-provider bypass semantics.',
+    '- If an exception is intentional, isolate it in tests/specs/fixtures/examples/demos/mocks or add the explicit allow marker in the file.',
+    '- External provider calls must use an approved runtime/SDK path or carry the explicit external-call allow marker.',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Preserve the intended behavior without stub/mock/pending semantics.',
+    '2. Use real implementation wiring or an explicit reviewed allow marker.',
+    '3. Re-run the action after removing the violating lines from the diff.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].filter(Boolean).join('\n');
+}
+
 function parseArgs(argv) {
   const parsed = {
     mode: 'working-tree',
@@ -384,7 +407,14 @@ async function main() {
   audit('repo_doctrine_gate_block', { repoRoot, mode, violations });
 
   if (event) {
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    console.log(JSON.stringify({
+      decision: 'block',
+      reason: buildForceRedoActionReason({
+        source: 'repo-doctrine',
+        reason,
+        violations: violations.slice(0, 20).map((violation) => `${violation.path}:${violation.line} [${violation.rule}] ${violation.excerpt}`),
+      }),
+    }));
     process.exit(2);
   }