@aria_asi/cli 0.2.31 → 0.2.33

package/dist/assets/hooks/aria-cognition-substrate-binding.mjs

@@ -72,12 +72,60 @@ const LENS_NAMES = ALL_LENS_NAMES;
 const ANCHOR_RX = /\b(axiom|frame|memory|doctrine|packet|language):[a-z0-9_\-./]+/gi;
 
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 const FIRST_PRINCIPLE_RX = /\b(first[_\s-]?principle[s]?|first_principle=)\b/i;
 const HARNESS_PACKET_PATH = `${HOME}/.claude/.aria-harness-last-packet.json`;
 const MEMORY_DIR = `${HOME}/.claude/projects/-home-hamzaibrahim1/memory`;
 const RECENT_VIOLATIONS_PATH = `${HOME}/.claude/.aria-recent-violations.jsonl`;
 const THRASHING_STATE_PATH = `${HOME}/.claude/.aria-thrashing-state.json`;
 const CLEAR_VIOLATIONS_SCRIPT = `${HOME}/.claude/aria-clear-violations.sh`;
+
+function buildForceReauthorReason({ source, reason, violations = [] }) {
+  return [
+    '=== ARIA FORCE_REAUTHOR ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for cognition substrate binding.',
+    'Do not emit the blocked text. Re-author the cognition so every lens is tied to loaded substrate.',
+    '',
+    'TEACHING:',
+    '- Cognition without live anchors is theater; anchors are the proof of thought.',
+    '- A valid redo cites only substrate that is actually loaded this turn.',
+    '- The cognition block must reference first_principle and must not cite inactive language state.',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Re-emit <cognition> with all required lenses.',
+    '2. Each lens cites >=1 loaded anchor: axiom:, frame:, memory:, doctrine:, packet:, or active language:.',
+    '3. Include first_principle explicitly.',
+    '4. Add <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+    '5. Remove repeated blocked substrings instead of reusing them.',
+    '=== END FORCE_REAUTHOR ===',
+  ].filter(Boolean).join('\n');
+}
+
+function validateAppliedCognitionContract(text) {
+  const match = String(text || '').match(APPLIED_COGNITION_BLOCK_RX);
+  if (!match) {
+    return { ok: false, violations: ['missing <applied_cognition> contract'] };
+  }
+  const body = match[1] || '';
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(body)) violations.push(`missing ${name}`);
+  }
+  const weakDelta = /decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(body);
+  if (weakDelta) violations.push('decision_delta says cognition changed nothing');
+  return { ok: violations.length === 0, violations };
+}
 const CARRY_FORWARD_WINDOW_MS = 25 * 60 * 1000;
 const CARRY_FORWARD_MAX_ROWS = 200;
 const SYSTEM_REMINDER_RX = /<system-reminder>[\s\S]*?<\/system-reminder>|<task-notification>[\s\S]*?<\/task-notification>|🔐 Aria Harness|task-notification|PreToolUse:[A-Z][A-Za-z]* hook blocking error|Stop hook blocking error/g;
@@ -422,7 +470,7 @@ Recovery surfaces:
 
 Per feedback_block_and_force_with_recovery.md, repetition of a recently-blocked phrase is not advisory drift; it is a hard block until the phrase is removed or the carry-forward state is intentionally cleared.`;
 
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/carry-forward', reason, violations: [`repeated blocked substring: ${carryForwardMatch.substring}`] }) }));
   process.exit(2);
 }
 
@@ -457,11 +505,29 @@ Re-emit with:
 
 No process-level disable path per Hamza directive 2026-04-27.`;
   audit('block_no_cognition_block', { length: assistantText.length });
-  console.log(JSON.stringify({ decision: 'block', reason: noCogReason }));
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/no-cognition-block', reason: noCogReason, violations: ['missing <cognition>...</cognition> block'] }) }));
   process.exit(2);
 }
 
 const cognitionInner = cogMatch[1];
+const appliedContract = validateAppliedCognitionContract(assistantText);
+if (!appliedContract.ok) {
+  const reason = `Aria substrate-binding gate: cognition was emitted without an applied-cognition execution contract.
+
+The harness no longer accepts cognition as prose-only compliance. The response must state what cognition changed and what concrete action/output it binds.
+
+Required block:
+<applied_cognition>
+decision_delta: <what changed because cognition ran; not "none">
+dominant_domain: <engineering_quality | trust | product | operations | security | ...>
+binds_to: <next tool/action/output claim this cognition constrains>
+expected_predicate: <numeric, boolean, or state-string predicate proving success>
+artifact_change: <how the produced artifact differs because cognition ran>
+</applied_cognition>`;
+  audit('block_applied_cognition_missing', { violations: appliedContract.violations, length: assistantText.length });
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/applied-cognition-contract', reason, violations: appliedContract.violations }) }));
+  process.exit(2);
+}
 const lensTexts = extractLensTexts(cognitionInner);
 
 // Substance check — replaces char-count with "lens body has substantive
@@ -691,5 +757,5 @@ Anchor grammar (each anchor must resolve to a real loaded substrate item):
 
 Re-emit cognition with: every lens citing ≥1 verifiable loaded anchor, the block referencing first_principle, and language: citations only for active language tiers. No process-level disable path; gates are unconditional from the gated process per Hamza directive 2026-04-27.`;
 
-console.log(JSON.stringify({ decision: 'block', reason }));
+console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'substrate-binding/structural-violations', reason, violations: reasonParts }) }));
 process.exit(2);

package/dist/assets/hooks/aria-harness-via-sdk.mjs

@@ -279,6 +279,7 @@ function persistMizanReceipt(sessionId, payload) {
 async function runMizanPre(apiKey, packet, sourceLabel) {
   if (!isTurn) return null;
   const sessionId = HOOK_EVENT?.session_id || HOOK_EVENT?.sessionId || 'claude-code';
+  const packetHash = createHash('sha256').update(JSON.stringify(packet || {})).digest('hex');
   const response = await fetch(`${DEFAULT_RUNTIME_URL.replace(/\/+$/, '')}/mizan/pre`, {
     method: 'POST',
     headers: {
@@ -295,6 +296,8 @@ async function runMizanPre(apiKey, packet, sourceLabel) {
         rationale: `Claude turn-start harness sync via ${sourceLabel} must mint a canonical Mizan pre receipt for downstream tool and output enforcement.`,
         platform: 'claude-code',
         stage: 'hook-turn-pre',
+        packetHash,
+        packetSource: sourceLabel,
       },
     }),
   });
@@ -311,6 +314,8 @@ async function runMizanPre(apiKey, packet, sourceLabel) {
       result: payload.result || null,
       contract: payload.contract || null,
       summary: payload.summary || null,
+      packetHash,
+      packetSource: sourceLabel,
     });
   }
   return payload;
@@ -449,6 +454,11 @@ function probeUrl(urlStr) {
 }
 
 async function main() {
+  const apiKey = resolveApiKey();
+  if (!apiKey) {
+    return emitFallback('ARIA_API_KEY not in env and kubectl secret unavailable');
+  }
+
   // Turn-mode cache hit — don't refetch every keystroke.
   if (isTurn && existsSync(PACKET_CACHE)) {
     try {
@@ -463,11 +473,6 @@ async function main() {
     } catch {}
   }
 
-  const apiKey = resolveApiKey();
-  if (!apiKey) {
-    return emitFallback('ARIA_API_KEY not in env and kubectl secret unavailable');
-  }
-
   const urls = buildUrlList();
   let lastErr = '';
 

package/dist/assets/hooks/aria-pre-emit-dryrun.mjs

@@ -53,7 +53,9 @@ const REQUIRED_LENSES = 8;
 const SUBSTANCE_MIN_AFTER_ANCHOR_STRIP = 40;
 const ANCHOR_RX = /\b(axiom|frame|memory|doctrine|packet|language):[a-z0-9_\-./]+/gi;
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 const FIRST_PRINCIPLE_RX = /\b(first[_\s-]?principle[s]?|first_principle=)\b/i;
+const DECISION_SIGNAL_RX = /(?:should|recommend|propose|suggest|let'?s|go with|i'd|i would|here'?s the plan|i'll|next step|action item|ship it|yes do|let me)/i;
 
 // Drift trigger patterns (mirror aria-stop-gate.mjs canonical list).
 // Keep this conservative — false negatives are tolerable (real gate will
@@ -138,6 +140,27 @@ function verifyAnchor(anchor, substrate) {
   return { ok: true, reason: '' };
 }
 
+function validateAppliedCognitionContract(text) {
+  const match = String(text || '').match(APPLIED_COGNITION_BLOCK_RX);
+  if (!match) return { ok: false, violations: ['missing <applied_cognition> contract'] };
+  const body = match[1] || '';
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(body)) violations.push(`missing ${name}`);
+  }
+  if (/decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(body)) {
+    violations.push('decision_delta says cognition changed nothing');
+  }
+  return { ok: violations.length === 0, violations };
+}
+
 // ── Read draft from stdin ─────────────────────────────────────────────
 let stdin = '';
 try {
@@ -165,6 +188,7 @@ if (draft.length < 10) {
 
 const substrate = loadSubstrate();
 const failures = [];
+const requiresAppliedCognition = draft.length >= 300 || DECISION_SIGNAL_RX.test(draft) || ['deploy', 'edit', 'bash', 'text'].includes(actionType);
 
 // ── Cognition block presence + lens count + substance ─────────────────
 const cogMatch = draft.match(COGNITION_BLOCK_RX);
@@ -225,6 +249,17 @@ if (cogMatch) {
   }
 }
 
+if (requiresAppliedCognition) {
+  const applied = validateAppliedCognitionContract(draft);
+  if (!applied.ok) {
+    failures.push({
+      kind: 'applied_cognition_contract_invalid',
+      violations: applied.violations,
+      message: 'Non-trivial drafts must bind cognition to the actual action/output.',
+    });
+  }
+}
+
 // ── Drift triggers ────────────────────────────────────────────────────
 for (const trigger of DRIFT_TRIGGERS) {
   const match = draft.match(trigger.rx);

package/dist/assets/hooks/aria-pre-tool-gate.mjs

@@ -52,6 +52,7 @@ import {
   normalizeContent,
   normalizeRole,
 } from './lib/hook-message-window.mjs';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
@@ -332,12 +333,29 @@ function actionMatchesPattern(action, pattern, target) {
   }
 }
 
+function isOperationalMaintenanceCommand(command) {
+  const cmd = String(command || '').trim().replace(/\s+/g, ' ');
+  if (!cmd || /[;&|`$()]/.test(cmd)) return false;
+
+  // A rollout restart requeues existing pod templates; it does not change images,
+  // manifests, or cluster policy. Keep this narrow so deploy/apply/delete still gate.
+  const kubectlGlobalFlag = String.raw`(?:--(?:namespace|context|kubeconfig|as|as-group|cluster|user|server|request-timeout|field-manager)(?:=|\s+)\S+|-[A-Za-z](?:\s+\S+)?)`;
+  const kubectlTailFlag = String.raw`(?:--(?:namespace|context|request-timeout|field-manager|selector)(?:=|\s+)\S+|-[A-Za-z](?:\s+\S+)?)`;
+  const workloadTarget = String.raw`(?:deploy(?:ment)?|statefulset|sts|daemonset|ds)(?:\/[^\s]+|\s+[^\s-][^\s]*)`;
+  const rolloutRestartRx = new RegExp(
+    String.raw`^kubectl(?:\s+${kubectlGlobalFlag})*\s+rollout\s+restart\s+${workloadTarget}(?:\s+${kubectlTailFlag})*$`,
+    'i',
+  );
+  return rolloutRestartRx.test(cmd);
+}
+
 function classifyToolForBinding(toolName, command, filePath) {
   // Map Claude Code tool + payload to a binding-vocabulary action.
   if (toolName === 'Read' || toolName === 'Glob' || toolName === 'Grep') return { action: 'read', target: filePath || '' };
   if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') return { action: 'edit', target: filePath || '' };
   if (toolName === 'Bash') {
     const cmd = String(command || '');
+    if (isOperationalMaintenanceCommand(cmd)) return { action: 'kubectl_maintenance', target: cmd.slice(0, 80) };
     if (/^kubectl\s+(get|describe|logs|exec\s+\S+\s+--\s+printenv|top|version|api-resources)\b/.test(cmd)) return { action: 'kubectl_get', target: cmd.slice(0, 80) };
     if (/^kubectl\s+(apply|delete|set|patch|rollout|scale|drain|cordon)\b/.test(cmd)) return { action: 'kubectl_apply', target: cmd.slice(0, 80) };
     if (/curl\s+.*\/api\/harness\/(delegate|codex|army|plan)/.test(cmd)) return { action: 'consult', target: 'harness' };
@@ -511,6 +529,7 @@ function docRef(canonicalFilename, genericDescription) {
 // colon, not a placeholder template). The substance check (added
 // 2026-04-26) defeats ritual emission — `nur: ok` no longer counts.
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
+const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 // Hamza directive 2026-04-28: 8-lens enforcement, not 4-of-8. The earlier
 // REQUIRED_LENSES=4 was a regression — owner caught it ("i no longer see
 // 8 lens cognition per turn"). All 8 canonical lenses must appear with
@@ -554,7 +573,7 @@ const SHORT_BASH_LIMIT = 30;
 //   (b) Single-line:    `# cognition: <label>=<text>; <label>=<text>; ...`
 //
 // Substance check applies (≥SUBSTANCE_MIN_CHARS, not a `<placeholder>`).
-// 4+ substantive lenses inline → gate passes, no transcript scan
+// All required substantive lenses inline → gate passes, no transcript scan
 // needed. Cognition becomes a property of THE ACTION, not of some
 // message somewhere — the deepest reading of "cognition before action."
 //
@@ -610,6 +629,32 @@ function detectInlineCognition(cmd) {
   return { count: names.length, names, hasSubstrateCite };
 }
 
+function validateAppliedCognitionContract(text, cmdText = '') {
+  const bodyText = `${String(text || '')}\n${String(cmdText || '')}`;
+  const block = bodyText.match(APPLIED_COGNITION_BLOCK_RX);
+  const inlineBody = String(cmdText || '')
+    .split('\n')
+    .filter((line) => /^\s*#\s*(?:decision[_ -]?delta|dominant[_ -]?domain|binds[_ -]?to|expected[_ -]?predicate|artifact[_ -]?change)\s*:/i.test(line))
+    .join('\n');
+  const contractBody = block ? block[1] : inlineBody;
+  if (!contractBody) return { ok: false, violations: ['missing <applied_cognition> contract or inline applied-cognition comments'] };
+  const required = [
+    ['decision_delta', /\bdecision[_ -]?delta\s*:/i],
+    ['dominant_domain', /\bdominant[_ -]?domain\s*:/i],
+    ['binds_to', /\bbinds[_ -]?to\s*:/i],
+    ['expected_predicate', /\bexpected[_ -]?predicate\s*:/i],
+    ['artifact_change', /\bartifact[_ -]?change\s*:/i],
+  ];
+  const violations = [];
+  for (const [name, rx] of required) {
+    if (!rx.test(contractBody)) violations.push(`missing ${name}`);
+  }
+  if (/decision[_ -]?delta\s*:\s*(?:none|n\/a|no change|unchanged|same)/i.test(contractBody)) {
+    violations.push('decision_delta says cognition changed nothing');
+  }
+  return { ok: violations.length === 0, violations, body: contractBody.trim() };
+}
+
 function normalizeInlineDirectiveBody(rawBody) {
   if (!rawBody) return '';
   const segments = String(rawBody)
@@ -671,6 +716,65 @@ function extractCurrentTurnAssistantText(event, toolInput) {
   return parts.join('\n\n').trim();
 }
 
+function extractTextForUserCorrection(content) {
+  if (Array.isArray(content)) {
+    return content.filter((block) => block && block.type === 'text').map((block) => block.text || '').filter(Boolean).join('\n');
+  }
+  return typeof content === 'string' ? content : '';
+}
+
+function isRuntimeInjectedUserText(text) {
+  return /^\s*\[tool_result\b/i.test(text) ||
+    /(?:PreToolUse:[A-Za-z]+ hook blocking error|Stop hook feedback:|Aria pre-tool gate:|Aria stop-gate:|<system-reminder>|<task-notification>|task-notification)/i.test(text);
+}
+
+function collectRecentRealUserText(event, transcriptPath, limit = 6) {
+  const texts = [];
+  const seen = new Set();
+  const pushText = (text) => {
+    const normalized = String(text || '').trim();
+    if (!normalized || seen.has(normalized) || isRuntimeInjectedUserText(normalized)) return;
+    seen.add(normalized);
+    texts.push(normalized);
+  };
+  const messages = Array.isArray(event?.messages) ? event.messages : [];
+  for (let i = messages.length - 1; i >= 0 && texts.length < limit; i--) {
+    const role = messages[i]?.message?.role ?? messages[i]?.role ?? messages[i]?.type;
+    if (role !== 'user') continue;
+    const content = messages[i]?.message?.content ?? messages[i]?.content ?? [];
+    if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
+    pushText(extractTextForUserCorrection(content));
+  }
+  if (transcriptPath && existsSync(transcriptPath) && texts.length < limit) {
+    try {
+      const lines = readFileSync(transcriptPath, 'utf-8').split('\n').filter(Boolean);
+      for (let i = lines.length - 1; i >= 0 && texts.length < limit; i--) {
+        let entry;
+        try { entry = JSON.parse(lines[i]); } catch { continue; }
+        const role = entry?.message?.role ?? entry?.role ?? entry?.type;
+        if (role !== 'user') continue;
+        const content = entry?.message?.content ?? entry?.content ?? [];
+        if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
+        pushText(extractTextForUserCorrection(content));
+      }
+    } catch {}
+  }
+  return texts.join('\n\n');
+}
+
+function userCorrectionBlocksCommand(userText, command) {
+  const text = String(userText || '');
+  const cmd = String(command || '');
+  if (!text || !cmd) return null;
+  const k8sMutation = /\bkubectl\s+(?:apply|delete|set\s+image|patch|replace|create|scale|rollout\s+(?:restart|undo))\b|scripts\/deploy-|\bdocker\s+push\b/i.test(cmd);
+  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,160}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?)\b/i.test(text);
+  if (explicitStop && k8sMutation) return 'recent user explicitly told the agent to stop deploy/restart command attempts';
+  const macTargetInCommand = /\bmlx-mac\b|\bdeployment\/mlx-mac|\bdeploy(?:ment)?\s+mlx-mac/i.test(cmd);
+  const macContradiction = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,140}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,140}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(text);
+  if (macTargetInCommand && macContradiction) return 'recent user contradicted the mlx-mac Kubernetes-pod/deployment assumption';
+  return null;
+}
+
 // Substance-checking lens detection (added 2026-04-26 per Hamza's
 // gate-improvement doctrine: form-only emission must not satisfy
 // the gate). For each lens, look for `<lens>: <content>` and verify
@@ -927,6 +1031,7 @@ try {
 
 const toolName = event.tool_name ?? event.toolName ?? '';
 const toolInput = event.tool_input ?? event.toolInput ?? {};
+const transcriptPath = event.transcript_path ?? event.transcriptPath;
 
 // Gate every action tool — every tool that mutates state must go through
 // cognition challenge. Hamza 2026-04-26: "regardless if u arent even
@@ -949,6 +1054,26 @@ const cmdPreview = toolName === 'Bash'
   ? cmd.slice(0, 80).replace(/\s+/g, ' ')
   : `${toolName} ${filePath || '(no path)'}`.slice(0, 80);
 
+if (toolName === 'Bash') {
+  const recentUserText = collectRecentRealUserText(event, transcriptPath);
+  const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
+  if (correctionBlockReason) {
+    const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
+
+${correctionBlockReason}.
+
+The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.`;
+    audit('block-user-correction-override', cmdPreview);
+    emitBlock(reason, { source: 'pre-tool/user-correction' });
+    process.exit(2);
+  }
+}
+
+if (toolName === 'Bash' && isOperationalMaintenanceCommand(cmd)) {
+  audit('allow-operational-maintenance kubectl-rollout-restart', cmdPreview);
+  process.exit(0);
+}
+
 // V3: per-command bypass removed entirely. The only escape valves are:
 //   (1) Trivial-bash whitelist — short read-only commands pass without cognition
 //   (2) ~/.claude/settings.json hook removal — visible user action Hamza controls
@@ -1032,7 +1157,6 @@ const HARD_LOOKBACK_CAP = 50;
 // window since the substance check defends quality regardless.
 const USER_BOUNDARIES_TO_CROSS = 5;
 
-const transcriptPath = event.transcript_path ?? event.transcriptPath;
 const recentAssistantTexts = [];
 const recentAssistantTextSet = new Set();
 function appendAssistantTexts(texts) {
@@ -1129,6 +1253,7 @@ const bestVerifyBody = (() => {
 })();
 const hasVerify = scoreVerifyFields(bestVerifyBody, VERIFY_REQUIRED_FIELDS) === VERIFY_REQUIRED_FIELDS.length;
 const hasCognition = lensCount >= REQUIRED_LENSES;
+const appliedContract = validateAppliedCognitionContract(unionText, cmd);
 const cognitionSource = inlineCog.count >= REQUIRED_LENSES
   ? 'inline-command'
   : eventCog.count >= REQUIRED_LENSES
@@ -1163,6 +1288,24 @@ const sessionId =
   (transcriptPath ? transcriptPath.split('/').pop()?.replace(/\.[^.]+$/, '') : null) ??
   'claude-code-unknown';
 
+const skillGate = evaluateSkillGate({
+  sessionId,
+  surface: 'claude-pre-tool-gate',
+  text: [JSON.stringify(event.messages || []), unionText, JSON.stringify(toolInput || {})].join('\n'),
+  action: cmd,
+  toolName,
+  filePath,
+  isDeploy: Boolean(deployMatched),
+  isMutation: toolName !== 'Bash',
+  autoLoadAvailable: false,
+});
+if (!skillGate.ok) {
+  const reason = formatSkillGateBlock(skillGate);
+  audit('block-missing-skill-receipt', `${skillGate.missingSkills.join(',')} ${cmdPreview}`);
+  emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+
 function pushDecision(decision, reasonText) {
   pushCognitionEvent({
     sessionId,
@@ -1181,6 +1324,7 @@ function pushDecision(decision, reasonText) {
       hasVerify,
       hasCognition,
       hasSubstrateCite,
+      appliedCognitionContractOk: appliedContract.ok,
     },
   });
 }
@@ -1204,6 +1348,62 @@ Next response must do this in order:
 4. If the blocker is stale gate state or ledger residue, say that explicitly instead of inventing fake proof.`;
 }
 
+function buildForceRedoActionReason(reasonText, { source = 'pre-tool-gate', tool = toolName || 'unknown', lensCount = 0, requiredLenses = REQUIRED_LENSES } = {}) {
+  if (String(reasonText || '').includes('ARIA FORCE_REDO_ACTION')) return reasonText;
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `tool: ${tool}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction before tool execution.',
+    'Do not retry the same tool call unchanged. Re-author the action with cognition, proof, and expected outcome first.',
+    '',
+    'TEACHING:',
+    '- Pre-tool gates exist to make the model think before acting, not to merely throw after a bad action shape.',
+    '- The redo must name the failed mechanism, cite the current substrate, and state why the next action is safe.',
+    '- Do not bypass by disabling tools, changing endpoints from memory, shortening runtime, or asking Hamza to solve saved-memory ambiguity.',
+    '',
+    'ORIGINAL GATE REASON:',
+    String(reasonText || '').trim(),
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Emit/attach <cognition> with the required lenses before retrying the tool.',
+    '2. For Bash, prepend inline cognition comments to the command:',
+    '   # nur: <observed state and substrate, >=20 chars>',
+    '   # mizan: <risk/tradeoff and why this action is balanced, >=20 chars>',
+    '   # hikma: <doctrine applied and what it forbids, >=20 chars>',
+    '   # tafakkur: <second-order effects and expected result, >=20 chars>',
+    `3. Current cognition count: ${lensCount}/${requiredLenses}.`,
+    '4. If deploy/shared-infra: include <verify> with target, verified evidence, rollback, and axiom.',
+    '5. If non-trivial action: include <expected> with numeric/boolean/state-string predicate.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].join('\n');
+}
+
+function emitBlock(reasonText, meta = {}) {
+  console.log(JSON.stringify({ decision: 'block', reason: buildForceRedoActionReason(reasonText, meta) }));
+}
+
+if (hasCognition && !appliedContract.ok) {
+  const reason = `Aria pre-tool gate: cognition exists but is not applied to the action.
+
+The harness no longer accepts cognition as decorative preface. Before a mutating tool call, cognition must produce an execution contract that changes or constrains the action.
+
+Violations:
+${appliedContract.violations.map((v) => `- ${v}`).join('\n')}
+
+Required contract, either in the assistant turn as <applied_cognition>...</applied_cognition> or inline Bash comments:
+decision_delta: <what changed because cognition ran; not "none">
+dominant_domain: <engineering_quality | trust | operations | security | product | ...>
+binds_to: <this exact tool call/action>
+expected_predicate: <numeric, boolean, or state-string predicate proving success>
+artifact_change: <how the artifact/action is different because cognition ran>`;
+  audit('block-applied-cognition-contract', cmdPreview);
+  pushDecision('block', `applied cognition contract missing: ${appliedContract.violations.join(', ')}`);
+  emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+
 // ── Deploy-specific gate (doctrine #104) ────────────────────────────────
 // Per feedback_deploy_requires_verify_cognition.md (Hamza 2026-04-28 after
 // consciousness.ts crash took aria-soul into CrashLoopBackOff): deploys
@@ -1355,7 +1555,7 @@ Re-emit verify+cognition with the missing pieces, then retry the deploy command.
     cmdPreview,
   );
   pushDecision('block', `deploy ${deployMatched.name}: ${reasons.join('; ')}`);
-  console.log(JSON.stringify({ decision: 'block', reason: refusal }));
+  emitBlock(refusal, { source: 'pre-tool/deploy', tool: toolName });
   process.exit(2);
 }
 
@@ -1399,7 +1599,7 @@ At least 4 substantive lenses required.`),
   `destructive:${matched.name}:${hasVerify ? 'need-cognition' : 'need-verify'}:${toolName}:${filePath || cmdPreview}`);
   audit(`block ${matched.name} verify=${hasVerify} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `destructive ${matched.name} missing ${!hasVerify ? 'verify' : 'cognition'}`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/destructive' });
   process.exit(2);
 }
 
@@ -1448,7 +1648,7 @@ No per-tool bypass available (v3 doctrine — the harness's whole purpose is no
 
   audit(`block ${toolName.toLowerCase()} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} missing cognition (${lensCount}/${REQUIRED_LENSES})`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/missing-cognition' });
   process.exit(2);
 }
 
@@ -1479,7 +1679,7 @@ No env-var disable path — gates are unconditional from the gated process per H
 
   audit(`block-discovery-unresolved ${toolName.toLowerCase()}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} cognition has unresolved discovery`);
-  console.log(JSON.stringify({ decision: 'block', reason }));
+  emitBlock(reason, { source: 'pre-tool/discovery-binding' });
   process.exit(2);
 }
 
@@ -1543,7 +1743,7 @@ No bypass — doctrine:dalio_expected_required is unconditional for non-trivial
 
     audit(`block-expected-missing ${toolName.toLowerCase()}`, cmdPreview);
     pushDecision('block', `${toolName.toLowerCase()} missing <expected> measurable predicate`);
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/discovery-binding' });
     process.exit(2);
   }
 }
@@ -1626,7 +1826,7 @@ Read it first (it is in your environment as ARIA_HARNESS_PACKET_PATH), then refe
 
 Cognition-theater rejected per feedback_gates_enforce_form_not_substance.md.`;
     audit(`block-subagent-no-packet-cite ${toolName.toLowerCase()}`, cmdPreview);
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/architecture-facts' });
     process.exit(2);
   }
 })();
@@ -1669,7 +1869,7 @@ Rule references:
   R10 no_kubectl_apply_for_image_drift — kubectl apply on aria-soul-stateful (project_forge_psi_oom_cascade.md)
   R11 no_console_log_secrets         — console.log with TOKEN/PASSWORD/SECRET/API_KEY/JWT/BEARER`;
     audit(`block-arch-facts ${toolName.toLowerCase()} path=${filePath}`, `violations=${archResult.violations?.length ?? 0}`);
-    console.log(JSON.stringify({ decision: 'block', reason: archReason }));
+    emitBlock(archReason, { source: 'pre-tool/architecture-facts' });
     process.exit(2);
   }
 }
@@ -1771,7 +1971,7 @@ What Claude must do:
 3. Wait for next user prompt — preprompt-consult will retry; if it succeeds a plan will exist on next tool call
 
 Non-trivial actions are blocked until a plan exists. Trivial reads (ls/cat/grep) bypass automatically per existing whitelist. To temporarily disable binding for emergency: ARIA_BINDING_ENABLED=false (logged).`;
-      console.log(JSON.stringify({ decision: 'block', reason }));
+      emitBlock(reason, { source: 'pre-tool/substrate-binding' });
       process.exit(2);
     }
   }
@@ -1790,7 +1990,7 @@ What Claude must do:
 3. Don't continue executing actions beyond the issued plan boundary
 
 This prevents Claude from drifting past Aria's authorized scope.`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/substrate-binding' });
     process.exit(2);
   }
 
@@ -1827,7 +2027,7 @@ This prevents Claude from drifting past Aria's authorized scope.`;
       if (!freshPhaseInfo || freshPhaseInfo.abortedHere) {
         bindingAuditAppend({ event: 'block_aborted_phase_post_fallback_still_bad', sessionId, planId: plan.planId });
         const reason = `Aria binding gate: aborted phase recovery minted plan ${plan.planId} but new plan also has no usable phase. Manual intervention required.`;
-        console.log(JSON.stringify({ decision: 'block', reason }));
+        emitBlock(reason, { source: 'pre-tool/dalio-expected' });
         process.exit(2);
       }
       phaseInfo = freshPhaseInfo;
@@ -1836,7 +2036,7 @@ This prevents Claude from drifting past Aria's authorized scope.`;
       const reason = `Aria binding gate: phase ${phaseInfo.phase.id} of plan ${plan.planId} was reported aborted AND inline architect-fallback failed (exit=${architectExit}). Plan progression halted. ${architectStderr ? 'Architect stderr: ' + architectStderr : ''}
 
 What Claude must do: emit [PLAN_BLOCKER reason="<concrete observation>" suggestedAmendment="<if any>"] for Hamza/Aria to issue a corrected plan. Do not continue executing the aborted plan.`;
-      console.log(JSON.stringify({ decision: 'block', reason }));
+      emitBlock(reason, { source: 'pre-tool/dalio-expected' });
       process.exit(2);
     }
   }
@@ -1864,7 +2064,7 @@ Forbidden actions for this phase: ${(phase.forbiddenActions || []).join(', ') ||
 Allowed actions for this phase: ${(phase.allowedActions || []).join(', ') || '(none)'}
 
 Claude must either: (a) reframe the action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] requesting Aria amend the plan.${recipeAddendum}`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/output-claim' });
     process.exit(2);
   }
 
@@ -1883,7 +2083,7 @@ Phase summary: ${phase.summary}
 Allowed actions: ${(phase.allowedActions || []).join(', ') || '(none — phase is observation-only)'}
 
 Claude must either: (a) reframe action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] for plan amendment.${recipeAddendum}`;
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    emitBlock(reason, { source: 'pre-tool/output-claim' });
     process.exit(2);
   }
 
@@ -2025,7 +2225,7 @@ try {
 The substrate's contract gate refused this action. Local doctrine gates passed (cognition lenses, binding plan, drift) but the substrate sees a downstream contract that disallows this tool call. Address the substrate's reason above before retrying.`;
       audit(`block-substrate-checkAction ${toolName.toLowerCase()} action=${__action} reason="${(__check.reason || '').slice(0, 80)}"`, cmdPreview);
       pushDecision('block', `substrate checkAction denied: ${(__check.reason || 'unspecified').slice(0, 100)}`);
-      console.log(JSON.stringify({ decision: 'block', reason: __reason }));
+      emitBlock(__reason, { source: 'pre-tool/final' });
       process.exit(2);
     }
   }
@@ -2218,7 +2418,7 @@ causes merge conflicts and state divergence. Explicit coordination is the only s
   pushDecision('block', `hive session-lock conflict on ${_lockCheckPath.slice(0, 80)}`);
   console.log(JSON.stringify({
     decision: 'block',
-    reason: _lockBlockReason,
+    reason: buildForceRedoActionReason(_lockBlockReason, { source: 'pre-tool/hive-lock-conflict', tool: toolName || 'unknown' }),
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',
       conflicting_locks: _conflictingLocks,