@aria_asi/cli 0.2.31 → 0.2.33

package/opencode-plugins/harness-outcome/index.js

@@ -3,6 +3,7 @@
  * Routes through the canonical SDK for outcome/garden/ledger writes.
  */
 import { existsSync, readFileSync } from 'node:fs';
+import { createHash } from 'node:crypto';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
 
@@ -14,6 +15,7 @@ const SDK_CANDIDATES = [
 ];
 const OWNER_TOKEN_PATH = join(HOME, '.aria', 'owner-token');
 const LICENSE_PATH = join(HOME, '.aria', 'license.json');
+const RUNTIME_URL = (process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319').replace(/\/+$/, '');
 
 let _client = null;
 let _clientError = null;
@@ -46,6 +48,32 @@ function resolveSdkPath() {
   return SDK_CANDIDATES.find((candidate) => existsSync(candidate)) || '';
 }
 
+function makeEvidenceRef(kind, value, metadata = {}) {
+  const raw = typeof value === 'string' ? value : JSON.stringify(value ?? null);
+  const sha256 = createHash('sha256').update(raw).digest('hex');
+  return {
+    evidenceId: `ev_${sha256.slice(0, 16)}`,
+    kind,
+    at: new Date().toISOString(),
+    sha256,
+    preview: raw.slice(0, 500),
+    metadata,
+  };
+}
+
+async function releaseHiveLease(sessionId, files) {
+  const token = resolveToken();
+  if (!token || !Array.isArray(files) || files.length === 0) return;
+  await fetch(`${RUNTIME_URL}/hive/release`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify({ sessionId, files }),
+  }).catch(() => {});
+}
+
 async function getClient() {
   if (_client) return _client;
   if (_clientError) return null;
@@ -78,6 +106,15 @@ export default async function HarnessOutcomePlugin(ctx) {
         : String(input.args?.file_path ?? input.args?.notebook_path ?? '').slice(0, 200) || 'unknown';
       const success = !output?.error;
       const sessionId = process.env.ARIA_SESSION_ID || 'opencode';
+      const filePath = toolName !== 'Bash' ? String(input.args?.file_path ?? input.args?.notebook_path ?? '') : '';
+      await releaseHiveLease(sessionId, filePath ? [filePath] : []);
+      const outcomeRef = makeEvidenceRef('opencode_tool_outcome', {
+        toolName,
+        actionKind,
+        actionTarget,
+        success,
+        output: output ?? null,
+      }, { sessionId });
 
       // Try SDK first
       const client = await getClient();
@@ -86,6 +123,7 @@ export default async function HarnessOutcomePlugin(ctx) {
           await client.recordDiscovery({
             text: `${actionKind}: ${actionTarget} — ${success ? 'ok' : 'failed'}`,
             kind: success ? 'observation' : 'defect',
+            evidence: JSON.stringify(outcomeRef),
             source: 'opencode-outcome-plugin',
             resolution_status: success ? 'resolved' : 'open',
             sessionId,
@@ -122,6 +160,7 @@ export default async function HarnessOutcomePlugin(ctx) {
           actionKind,
           actionTarget,
           actionShape: { tool: toolName, success },
+          evidenceRef: outcomeRef,
         }),
       }).catch(() => {});
     },

package/opencode-plugins/harness-stop/index.js

@@ -3,8 +3,11 @@
  * Routes text through Mizan validateOutput() for substrate-backed QC.
  */
 import { existsSync, readFileSync, mkdirSync, writeFileSync } from 'node:fs';
+import { createHash } from 'node:crypto';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
+import { analyzeDomainOutputQuality, extractCodeBlocks } from './lib/domain-output-quality.js';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.js';
 
 const HOME = homedir();
 const SDK_CANDIDATES = [
@@ -29,6 +32,22 @@ const NON_TRIVIAL_MIN_CHARS = 300;
 const DECISION_SIGNAL_RX = /(?:should|recommend|propose|suggest|let'?s|go with|i'd|i would|here'?s the plan|i'll|next step|action item|ship it|yes do|let me)/i;
 const TRIVIAL_ACK_RX = /^(?:got it|on it|ok|sure|yes|no|done|ack)\b/i;
 const PLACEHOLDER_RX = /^\s*<[^<>]+>\s*$/;
+const BLOCK_PREFIX_RX = /^=== ARIA (?:MIZAN POST|OUTPUT GATE|LOCAL OUTPUT) BLOCK ===/;
+const APPLIED_COGNITION_RX = /<applied_cognition>[\s\S]*?decision_delta\s*:[\s\S]*?dominant_domain\s*:[\s\S]*?binds_to\s*:[\s\S]*?expected_predicate\s*:[\s\S]*?artifact_change\s*:[\s\S]*?<\/applied_cognition>/i;
+
+function formatBlockReason(prefix, details) {
+  return [
+    prefix,
+    '',
+    String(details || 'Aria output gate blocked this message.'),
+    '',
+    'Required repair: bind cognition to the actual action/output using <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+  ].join('\n');
+}
+
+function isGateBlock(error) {
+  return BLOCK_PREFIX_RX.test(String(error?.message || error || ''));
+}
 
 let _client = null;
 let _clientError = null;
@@ -55,6 +74,19 @@ function persistReceiptState(sessionId, payload) {
   } catch {}
 }
 
+function makeEvidenceRef(kind, value, metadata = {}) {
+  const raw = typeof value === 'string' ? value : JSON.stringify(value ?? null);
+  const sha256 = createHash('sha256').update(raw).digest('hex');
+  return {
+    evidenceId: `ev_${sha256.slice(0, 16)}`,
+    kind,
+    at: new Date().toISOString(),
+    sha256,
+    preview: raw.slice(0, 500),
+    metadata,
+  };
+}
+
 function resolveToken() {
   if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
   if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
@@ -121,7 +153,7 @@ async function runtimeValidateOutput(text, sessionId) {
   return payload.validation || payload.result || payload;
 }
 
-async function runtimeMizanPost(text, sessionId, context = {}) {
+async function runtimeMizanPost(text, sessionId, context = {}, evidence = {}) {
   const existing = loadReceiptState(sessionId);
   const token = resolveToken();
   if (!token) throw new Error('no token');
@@ -134,10 +166,22 @@ async function runtimeMizanPost(text, sessionId, context = {}) {
     body: JSON.stringify({
       sessionId,
       text,
+      evidence,
       context: {
         sessionId,
+        actor: 'opencode',
+        system: 'opencode',
+        platform: 'opencode',
+        surface: 'opencode-harness-stop',
         ...context,
       },
+      packetRequest: {
+        stage: 'preflight',
+        actor: 'opencode',
+        system: 'opencode',
+        platform: 'opencode',
+        message: String(context.message || text || '').slice(0, 1000),
+      },
       parentReceiptId: existing?.receipt?.receiptId || _lastMizanReceipt?.receiptId || null,
     }),
   });
@@ -207,10 +251,30 @@ export default async function HarnessStopPlugin(ctx) {
 
       const cog = detectCognitionLenses(text);
       const sessionId = process.env.ARIA_SESSION_ID || 'opencode';
+      const skillGate = evaluateSkillGate({
+        sessionId,
+        surface: 'opencode-harness-stop',
+        text: JSON.stringify(event || {}) + '\n' + text,
+        isOutputCloseout: true,
+        autoLoadAvailable: false,
+      });
+      if (!skillGate.ok) {
+        throw new Error(
+          formatBlockReason(
+            '=== ARIA SKILL AUTOLOAD GATE BLOCK ===',
+            `${formatSkillGateBlock(skillGate)}\nRequired next step: load ${skillGate.missingSkills.join(', ')} before re-emitting this output.`,
+          )
+        );
+      }
+      const outputRef = makeEvidenceRef('opencode_assistant_output', text.slice(0, 8000), { sessionId });
       try {
         const mizan = await runtimeMizanPost(text.slice(0, 8000), sessionId, {
           message: text.slice(0, 1000),
           plannedApproach: 'OpenCode stop gate output review',
+          outputRef,
+        }, {
+          output_ref: outputRef,
+          cognition_lens_count: cog.count,
         });
         _lastMizanReceipt = mizan.receipt || _lastMizanReceipt;
         if (_lastMizanReceipt) {
@@ -223,14 +287,17 @@ export default async function HarnessStopPlugin(ctx) {
             postResult: mizan.result || null,
             postContract: mizan.contract || null,
             postSummary: mizan.summary || null,
+            outputRef,
           });
         }
         if (mizan.receipt?.blocked || mizan.result?.fitrahVetoed || mizan.result?.reAuthorSignal) {
-          process.stderr.write(
-            `[harness-stop] MIZAN POST BLOCK — ${(mizan.result?.notes || ['post-phase blocked']).slice(0, 4).join(' | ')}\n`
+          const details = (mizan.result?.notes || ['post-phase blocked']).slice(0, 4).join(' | ');
+          throw new Error(
+            formatBlockReason('=== ARIA MIZAN POST BLOCK ===', details)
           );
         }
       } catch (e) {
+        if (isGateBlock(e)) throw e;
         process.stderr.write(`[harness-stop] mizan/post unavailable: ${e.message}\n`);
       }
 
@@ -246,8 +313,11 @@ export default async function HarnessStopPlugin(ctx) {
             sessionId,
           ));
           if (result.severity === 'block') {
-            process.stderr.write(
-              `[harness-stop] SDK BLOCK — ${result.violations.length} violations: ${result.violations.join('; ').slice(0, 300)}\n`
+            throw new Error(
+              formatBlockReason(
+                '=== ARIA OUTPUT GATE BLOCK ===',
+                `${result.violations.length} violations: ${result.violations.join('; ').slice(0, 500)}`,
+              )
             );
           } else if (result.severity === 'warn') {
             process.stderr.write(
@@ -260,6 +330,7 @@ export default async function HarnessStopPlugin(ctx) {
           }
           return;
         } catch (e) {
+          if (isGateBlock(e)) throw e;
           process.stderr.write(`[harness-stop] SDK validateOutput failed: ${e.message} — falling through to local gate\n`);
         }
       }
@@ -293,8 +364,30 @@ export default async function HarnessStopPlugin(ctx) {
       } catch {}
 
       if (cog.count < REQUIRED_LENSES || driftHits.length >= 2) {
-        process.stderr.write(
-          `[harness-stop] LOCAL GATE — cognition=${cog.count}/${REQUIRED_LENSES} drift=${driftHits.length}\n`
+        throw new Error(
+          formatBlockReason(
+            '=== ARIA LOCAL OUTPUT BLOCK ===',
+            `cognition=${cog.count}/${REQUIRED_LENSES}; drift=${driftHits.length}`,
+          )
+        );
+      }
+
+      if (DECISION_SIGNAL_RX.test(text) && !APPLIED_COGNITION_RX.test(text)) {
+        throw new Error(
+          formatBlockReason(
+            '=== ARIA LOCAL OUTPUT BLOCK ===',
+            'decision-bearing output lacks required applied_cognition binding fields',
+          )
+        );
+      }
+
+      const domainQuality = analyzeDomainOutputQuality(text, { codeBlocks: extractCodeBlocks(text) });
+      if (domainQuality.blockers.length > 0) {
+        throw new Error(
+          formatBlockReason(
+            '=== ARIA LOCAL OUTPUT BLOCK ===',
+            `domain output QA (${domainQuality.domains.join(', ') || 'general'}): ${domainQuality.blockers.join('; ')}`,
+          )
         );
       }
 
@@ -318,6 +411,7 @@ export default async function HarnessStopPlugin(ctx) {
           metadata: {
             pre_receipt_id: existing?.receipt?.receiptId || null,
             post_receipt_id: _lastMizanReceipt?.receiptId || null,
+            output_ref: outputRef,
           },
           source: 'opencode-stop-gate-runtime',
           model_used: process.env.OPENCODE_MODEL || 'opencode',

package/opencode-plugins/harness-stop/lib/domain-output-quality.js

@@ -0,0 +1,103 @@
+// Domain-aware output QA for Aria stop gates.
+// Deterministic local checks complement remote Mizan; they do not replace it.
+
+const DOMAIN_RULES = [
+  {
+    domain: 'code',
+    signal: /```|\b(?:function|class|interface|type|import|export|npm test|typecheck|eslint|jest|vitest|tsx?|jsx?|\.ts|\.tsx|\.js|\.py)\b/i,
+  },
+  {
+    domain: 'ui',
+    signal: /\b(?:ui|ux|frontend|react|component|page|screen|modal|form|button|layout|tailwind|css|html|mobile|responsive|accessib|aria-label|keyboard|focus state|dark mode)\b/i,
+  },
+  {
+    domain: 'beauty',
+    signal: /\b(?:beauty|beautiful|polish|visual|aesthetic|elegant|layout|typography|spacing|hierarchy|composition|brand|design language|modern|clean)\b/i,
+  },
+  {
+    domain: 'security',
+    signal: /\b(?:security|auth|token|secret|credential|password|jwt|oauth|csrf|xss|sql injection|permission|role|cors|sanitize|encrypt|webhook signature)\b/i,
+  },
+  {
+    domain: 'ops',
+    signal: /\b(?:deploy|rollout|rollback|kubernetes|kubectl|docker|image|pod|health check|slo|alert|log|metric|trace|env var|migration|release)\b/i,
+  },
+  {
+    domain: 'product',
+    signal: /\b(?:user flow|customer|workflow|conversion|pricing|onboarding|checkout|activation|retention|business|persona|job-to-be-done|acceptance criteria)\b/i,
+  },
+  {
+    domain: 'writing',
+    signal: /\b(?:summary|explain|docs|readme|copy|email|post|article|message|final answer|status report|release notes)\b/i,
+  },
+];
+
+function hasAny(text, patterns) {
+  return patterns.some((pattern) => pattern.test(text));
+}
+
+function lineHits(text, rx, label) {
+  const hits = [];
+  const lines = String(text || '').split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    if (rx.test(lines[i])) hits.push(`${label} at line ${i + 1}`);
+  }
+  return hits;
+}
+
+export function extractCodeBlocks(text) {
+  return [...String(text || '').matchAll(/```[a-z0-9_-]*\n([\s\S]*?)```/gi)].map((m) => m[1] || '');
+}
+
+export function analyzeDomainOutputQuality(text, options = {}) {
+  const source = String(text || '');
+  const lower = source.toLowerCase();
+  const codeBlocks = options.codeBlocks || extractCodeBlocks(source);
+  const domains = DOMAIN_RULES.filter((rule) => rule.signal.test(source)).map((rule) => rule.domain);
+  const blockers = [];
+  const warnings = [];
+
+  if (domains.includes('code')) {
+    for (const hit of lineHits(source, /\b(?:TODO|FIXME|XXX|implementation pending|not implemented|coming soon|placeholder)\b/i, 'code placeholder semantics')) blockers.push(hit);
+    for (const block of codeBlocks) {
+      if (/@ts-expect-error|@ts-ignore/.test(block)) blockers.push('code: type suppression instead of fixing the type contract');
+      if (/catch\s*\([^)]*\)\s*\{\s*(?:return\s+(?:''|""|null|undefined|\[\]|\{\})|\}\s*$|\/\/[^\n]*$)/m.test(block)) blockers.push('code: silent or empty catch block hides runtime failure');
+      if (/console\.log\(/.test(block) && !/\/\/\s*(?:debug|log)/i.test(block)) warnings.push('code: console.log appears in shipped code without debug intent');
+    }
+  }
+
+  if (domains.includes('ui')) {
+    if (!hasAny(source, [/\b(?:mobile|responsive|breakpoint|small screen|desktop)\b/i])) blockers.push('ui: UI/design output must address desktop and mobile responsiveness');
+    if (!hasAny(source, [/\b(?:accessib|aria-|keyboard|focus|screen reader|semantic html|label)\b/i])) blockers.push('ui: UI/design output must address accessibility, focus, labels, or semantic structure');
+    if (/\b(?:button|input|form|modal|menu|dialog)\b/i.test(source) && !/\b(?:focus|keyboard|aria-|label|escape|tab order)\b/i.test(source)) blockers.push('ui: interactive elements need keyboard/focus/accessibility behavior');
+  }
+
+  if (domains.includes('beauty')) {
+    if (/\b(?:clean|modern|beautiful|polished|nice|sleek)\b/i.test(source) && !hasAny(source, [/\b(?:spacing|typography|contrast|hierarchy|rhythm|composition|palette|motion|density|visual language)\b/i])) blockers.push('beauty: aesthetic claim lacks concrete visual language such as spacing, typography, contrast, hierarchy, palette, or composition');
+  }
+
+  if (domains.includes('security')) {
+    if (/\b(?:token|secret|credential|password|api key|jwt)\b/i.test(source) && !/\b(?:redact|mask|env|secret store|do not log|rotate|least privilege)\b/i.test(source)) blockers.push('security: secrets/tokens require redaction, env/secret-store handling, no logging, or rotation guidance');
+    if (/\b(?:auth|permission|role|admin|tenant)\b/i.test(source) && !/\b(?:authorize|authorization|least privilege|tenant isolation|deny by default|role check)\b/i.test(source)) warnings.push('security: auth/permission output should state authorization and isolation checks');
+  }
+
+  if (domains.includes('ops')) {
+    if (/\b(?:deploy|rollout|release|migration|kubectl|docker push)\b/i.test(source) && !/\b(?:rollback|health|smoke|verify|readiness|observability|monitor)\b/i.test(source)) blockers.push('ops: deploy/release output must include rollback plus health/smoke/readiness verification');
+    if (/\b(?:env var|config|secret)\b/i.test(source) && !/\b(?:scope|owner|runtime|restart|reload|secret)\b/i.test(source)) warnings.push('ops: runtime config changes should name scope and reload/restart expectations');
+  }
+
+  if (domains.includes('product')) {
+    if (!/\b(?:user|customer|operator|admin|persona|workflow|acceptance criteria|success metric|job-to-be-done)\b/i.test(source)) warnings.push('product: product output should bind to a user/workflow and success criterion');
+  }
+
+  if (domains.includes('writing')) {
+    if (/\b(?:done|fixed|verified|published|deployed|passed|complete)\b/i.test(lower) && !/\b(?:verified|observed|passed|evidence|output|registry|status|unverified|not verified)\b/i.test(lower)) blockers.push('writing: completion claim needs observed evidence or explicit unverified boundary');
+    if (/\b(?:should work|probably|presumably|i assume)\b/i.test(source)) blockers.push('writing: uncertainty must be stated as an evidence boundary, not an assumption');
+  }
+
+  return {
+    domains: [...new Set(domains)],
+    blockers: [...new Set(blockers)],
+    warnings: [...new Set(warnings)],
+  };
+}

package/opencode-plugins/harness-stop/lib/skill-autoload-gate.js

@@ -0,0 +1 @@
+export * from '../../../../../ops/claude-hooks/lib/skill-autoload-gate.mjs';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aria_asi/cli",
-  "version": "0.2.31",
+  "version": "0.2.33",
   "description": "Aria Smart CLI \u2014 the world's first harness-powered terminal companion",
   "bin": {
     "aria": "./bin/aria.js"

package/runtime-src/codex-bridge.mjs

@@ -1,10 +1,12 @@
 #!/usr/bin/env node
 
 import { appendFileSync, existsSync, mkdirSync, readFileSync } from 'node:fs';
+import { createHash, randomUUID } from 'node:crypto';
 import { homedir } from 'node:os';
 import { delimiter, dirname, resolve } from 'node:path';
 import { spawn, spawnSync } from 'node:child_process';
 import { createRequire } from 'node:module';
+import { evaluateSkillGate, formatSkillGateBlock } from '../../../ops/claude-hooks/lib/skill-autoload-gate.mjs';
 
 const require = createRequire(import.meta.url);
 const { WebSocketServer, WebSocket } = require('ws');
@@ -75,6 +77,24 @@ function sleep(ms) {
   return new Promise((resolvePromise) => setTimeout(resolvePromise, ms));
 }
 
+function stableEvidenceString(value) {
+  if (typeof value === 'string') return value;
+  try { return JSON.stringify(value); } catch { return String(value); }
+}
+
+function makeEvidenceRef(kind, value, metadata = {}) {
+  const raw = stableEvidenceString(value);
+  const sha256 = createHash('sha256').update(raw).digest('hex');
+  return {
+    evidenceId: `ev_${sha256.slice(0, 16)}`,
+    kind,
+    at: new Date().toISOString(),
+    sha256,
+    preview: raw.slice(0, 500),
+    metadata,
+  };
+}
+
 function readRuntimeToken() {
   const envToken = process.env.ARIA_HARNESS_TOKEN || process.env.ARIA_API_KEY || process.env.OPENAI_API_KEY || process.env.ARIA_MASTER_TOKEN;
   if (envToken) return envToken;
@@ -123,9 +143,10 @@ function ensureTurnState(threadId, turnId) {
       userText: '',
       preReceiptId: null,
       agentText: '',
-      bufferedAgentNotifications: [],
-      firstAgentItemId: null,
-    };
+        bufferedAgentNotifications: [],
+        firstAgentItemId: null,
+        traceId: `trace_${randomUUID()}`,
+      };
     turnState.set(key, state);
   }
   return state;
@@ -186,6 +207,16 @@ async function validateTurnText(threadId, turnId) {
   if (!text) {
     return { ok: false, reason: 'No assistant text exists for this turn yet. Codex must emit readable cognition before action.' };
   }
+  const skillGate = evaluateSkillGate({
+    sessionId: `codex:${threadId}:${turnId}`,
+    surface: 'codex-bridge-output',
+    text: [state.userText, text].join('\n'),
+    isOutputCloseout: true,
+    autoLoadAvailable: false,
+  });
+  if (!skillGate.ok) {
+    return { ok: false, reason: formatSkillGateBlock(skillGate), result: { skillGate } };
+  }
   const result = await postRuntime('/validate-output', {
     text,
     sessionId: `codex:${threadId}:${turnId}`,
@@ -198,6 +229,7 @@ async function validateTurnText(threadId, turnId) {
       stage: 'codex-turn',
       actor: 'codex-bridge',
       system: 'codex-bridge',
+      traceId: state.traceId,
     },
   });
   const pass = result?.pass === true && result?.validation?.passed !== false;
@@ -210,11 +242,29 @@ async function validateTurnText(threadId, turnId) {
       };
 }
 
-async function checkActionAgainstRuntime(action, target, threadId, turnId) {
+async function checkActionAgainstRuntime(action, target, threadId, turnId, metadata = {}) {
+  const state = ensureTurnState(threadId, turnId);
+  const skillGate = evaluateSkillGate({
+    sessionId: `codex:${threadId}:${turnId}`,
+    surface: 'codex-bridge-action',
+    text: target,
+    action: target,
+    toolName: action,
+    isDeploy: action === 'deploy',
+    isMutation: action === 'write',
+    autoLoadAvailable: false,
+  });
+  if (!skillGate.ok) {
+    return { ok: false, reason: formatSkillGateBlock(skillGate), result: { skillGate } };
+  }
   const result = await postRuntime('/check-action', {
     action,
     target,
     sessionId: `codex:${threadId}:${turnId}`,
+    actor: 'codex',
+    roleProfile: process.env.CODEX_ARIA_ROLE_PROFILE || process.env.ARIA_ROLE_PROFILE || null,
+    verifyText: state.agentText || '',
+    ...metadata,
   });
   if (result?.allowed === false) {
     return {
@@ -244,6 +294,8 @@ async function recordMizanPre(threadId, turnId) {
         surface: 'codex-bridge',
         platform: 'codex',
         userText: state.userText,
+        traceId: state.traceId,
+        evidenceRefs: [makeEvidenceRef('user_input', state.userText, { threadId, turnId, traceId: state.traceId })],
       },
     });
     state.preReceiptId = result?.receipt?.receiptId || null;
@@ -262,6 +314,8 @@ async function recordMizanPost(threadId, turnId, pass, summary) {
       evidence: {
         validated_output: pass,
         bridge: 'codex',
+        trace_id: state.traceId,
+        output_ref: makeEvidenceRef('assistant_output', state.agentText || summary, { threadId, turnId, traceId: state.traceId }),
       },
       context: {
         sessionId: `codex:${threadId}:${turnId}`,
@@ -269,6 +323,7 @@ async function recordMizanPost(threadId, turnId, pass, summary) {
         platform: 'codex',
         userText: state.userText,
         summary,
+        traceId: state.traceId,
       },
     });
   } catch (error) {
@@ -285,6 +340,8 @@ async function recordMizanPost(threadId, turnId, pass, summary) {
       details: {
         threadId,
         turnId,
+        traceId: state.traceId,
+        outputRef: makeEvidenceRef('assistant_output', state.agentText || summary, { threadId, turnId, traceId: state.traceId }),
       },
     });
   } catch (error) {
@@ -336,7 +393,9 @@ async function handleApprovalRequest(upstream, downstream, message) {
       cwd: params.cwd || null,
       commandActions: params.commandActions || params.parsedCmd || null,
     }).slice(0, 1500);
-    const actionCheck = await checkActionAgainstRuntime(action, target, threadId, turnId);
+    const actionCheck = await checkActionAgainstRuntime(action, target, threadId, turnId, {
+      requireVerify: action === 'delete' || action === 'deploy',
+    });
     if (!actionCheck.ok) {
       const reason = `Aria runtime denied ${action}: ${actionCheck.reason}`;
       upstream.send(JSON.stringify(makeGuardianWarning(threadId, reason)));
@@ -360,8 +419,9 @@ async function handleApprovalRequest(upstream, downstream, message) {
   }
 
   if (method === 'item/fileChange/requestApproval' || method === 'applyPatchApproval') {
-    const target = params.grantRoot || params.reason || params.itemId || 'file-change';
-    const actionCheck = await checkActionAgainstRuntime('write', String(target), threadId, turnId);
+    const target = params.grantRoot || params.path || params.filePath || params.reason || params.itemId || 'file-change';
+    const files = [params.path, params.filePath, params.grantRoot].filter((value) => typeof value === 'string' && value.trim());
+    const actionCheck = await checkActionAgainstRuntime('write', String(target), threadId, turnId, { files });
     if (!actionCheck.ok) {
       const reason = `Aria runtime denied file change: ${actionCheck.reason}`;
       upstream.send(JSON.stringify(makeGuardianWarning(threadId, reason)));
@@ -390,7 +450,10 @@ async function handleApprovalRequest(upstream, downstream, message) {
       permissions: params.permissions || null,
       reason: params.reason || null,
     }).slice(0, 1500);
-    const actionCheck = await checkActionAgainstRuntime('write', target, threadId, turnId);
+    const files = Array.isArray(params.permissions?.fileSystem?.entries)
+      ? params.permissions.fileSystem.entries.filter((value) => typeof value === 'string' && value.trim())
+      : [];
+    const actionCheck = await checkActionAgainstRuntime('write', target, threadId, turnId, { files });
     if (!actionCheck.ok) {
       const reason = `Aria runtime denied permissions request: ${actionCheck.reason}`;
       upstream.send(JSON.stringify(makeGuardianWarning(threadId, reason)));