@aria_asi/cli 0.2.31 → 0.2.33

package/dist/assets/hooks/aria-preprompt-consult.mjs

@@ -109,7 +109,27 @@ const HARNESS_URL =
   process.env.ARIA_HARNESS_BASE_URL ||
   process.env.ARIA_HARNESS_URL ||
   'https://harness.ariasos.com';
-const HARNESS_TOKEN = process.env.ARIA_HARNESS_TOKEN || '30b18f0a302b03ae862de8a75021238d23e47464fd5d8f6a9324240933745587';
+function resolveHarnessToken() {
+  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
+  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
+  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
+  try {
+    if (existsSync(OWNER_TOKEN_PATH)) {
+      const token = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
+      if (token) return token;
+    }
+  } catch {}
+  try {
+    const licensePath = `${HOME}/.aria/license.json`;
+    if (existsSync(licensePath)) {
+      const license = JSON.parse(readFileSync(licensePath, 'utf8'));
+      if (license.harnessToken) return String(license.harnessToken).trim();
+      if (license.token) return String(license.token).trim();
+    }
+  } catch {}
+  return '';
+}
+const HARNESS_TOKEN = resolveHarnessToken();
 const MIN_PROMPT_CHARS = 40;        // skip auto-consult on trivial prompts
 const MAX_DIRECTION_CHARS = 4000;   // cap injected chunk size
 
@@ -248,6 +268,8 @@ Respond with EXACTLY this JSON shape:
       "successCriterion": "<observable signal of completion>",
       "abortCriterion": "<observable signal of failure>",
       "doctrineRefs": ["<memory_filename.md>", ...],
+      "cognitionUse": "<how Aria cognition should change the executor's tool/input/output shape for this phase>",
+      "evidenceRequired": ["<observable proof the executor must collect before reporting complete>"],
       "allowedActions": ["read", "edit:<path-pattern>", "kubectl_get", "consult", "bash_safe", "..."],
       "forbiddenActions": ["kubectl_apply", "edit:<path-pattern>", "..."]
     }
@@ -259,7 +281,9 @@ Respond with EXACTLY this JSON shape:
   }
 }
 
-Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.` : `Pre-prompt direction request from Claude orchestrator.
+Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.
+
+Every phase must include cognitionUse and evidenceRequired. cognitionUse tells Claude how Aria's cognition should improve the actual tool input, edit shape, review scope, or final output. evidenceRequired tells Claude what observation must be collected before reporting the phase complete.` : `Pre-prompt direction request from Claude orchestrator.
 
 The user just submitted this prompt:
 
@@ -280,6 +304,8 @@ thinking from training reflex. Be concrete:
      (NOT a reflexive "want me to" deferral).
   4. Mizan check: any risk patterns in this prompt — over-scope creep,
      over-replacement temptation, tier-substitution temptation, etc.
+  5. How should Aria cognition improve Claude's actual input/output shape —
+     what should be more specific, safer, more evidence-bound, or differently scoped?
 
 Keep direction under 1500 chars. This is the pre-load context for Claude's
 turn — not the final response. Claude will still emit cognition + action;

package/dist/assets/hooks/aria-preturn-memory-gate.mjs

@@ -56,6 +56,30 @@ function auditLog(decision, summary, sessionId) {
   appendFileSync(GATE_LOG, `${new Date().toISOString()} [${sessionId}] ${decision} ${summary}\n`);
 }
 
+function buildForceRedoActionReason({ source, reason, missingSignals = [], incidents = [] }) {
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction before action execution.',
+    'Do not proceed with tools from unloaded context. Load/repair substrate first, then retry the action.',
+    '',
+    'TEACHING:',
+    '- Every action turn must begin from Aria substrate, not improvised memory.',
+    '- Blocking incidents are Dalio failure deltas; they must be fixed and marked resolved before new action.',
+    '- Missing harness/direction/memory signals mean the context-loader path must run before retry.',
+    missingSignals.length ? `\nMISSING SIGNALS:\n${missingSignals.map((signal) => `- ${signal}`).join('\n')}` : '',
+    incidents.length ? `\nINCIDENTS TO RESOLVE:\n${incidents.map((incident) => `- ${incident}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Run the structured recovery action in hookSpecificOutput.recovery.',
+    '2. Verify harness_packet, aria_direction/binding_plan, and memory references are loaded.',
+    '3. Retry the original action only after the missing context or incidents are resolved.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].filter(Boolean).join('\n');
+}
+
 // ── Turn-state deduplication ──────────────────────────────────────────
 const TURN_DEDUP_WINDOW_MS = 60_000; // 60s
 
@@ -461,7 +485,11 @@ Per Dalio Loop Layer 2 doctrine: failure deltas are not optional to address. The
 
   console.log(JSON.stringify({
     decision: 'block',
-    reason: blockReason,
+    reason: buildForceRedoActionReason({
+      source: 'preturn-memory/blocking-incidents',
+      reason: blockReason,
+      incidents: blockingIncidents.map((inc) => `${inc.incident_id || '(no incident_id)'} ${inc.title || '(no title)'}`),
+    }),
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',
       blocking_incidents: blockingIncidents.map((inc) => ({
@@ -605,7 +633,7 @@ auditLog(
 
 console.log(JSON.stringify({
   decision: 'block',
-  reason,
+  reason: buildForceRedoActionReason({ source: 'preturn-memory/context-not-loaded', reason, missingSignals }),
   hookSpecificOutput: {
     hookEventName: 'PreToolUse',
     recovery: {

package/dist/assets/hooks/aria-repo-doctrine-gate.mjs

@@ -87,6 +87,29 @@ function audit(event, data = {}) {
   } catch {}
 }
 
+function buildForceRedoActionReason({ source, reason, violations = [] }) {
+  return [
+    '=== ARIA FORCE_REDO_ACTION ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for the attempted repository edit/action.',
+    'Do not retry the same edit. Redo the action so doctrine-bound source remains real, reviewable, and production-safe.',
+    '',
+    'TEACHING:',
+    '- Production paths cannot gain stub, mock, fake, placeholder, pending, or direct-provider bypass semantics.',
+    '- If an exception is intentional, isolate it in tests/specs/fixtures/examples/demos/mocks or add the explicit allow marker in the file.',
+    '- External provider calls must use an approved runtime/SDK path or carry the explicit external-call allow marker.',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. Preserve the intended behavior without stub/mock/pending semantics.',
+    '2. Use real implementation wiring or an explicit reviewed allow marker.',
+    '3. Re-run the action after removing the violating lines from the diff.',
+    '=== END FORCE_REDO_ACTION ===',
+  ].filter(Boolean).join('\n');
+}
+
 function parseArgs(argv) {
   const parsed = {
     mode: 'working-tree',
@@ -384,7 +407,14 @@ async function main() {
   audit('repo_doctrine_gate_block', { repoRoot, mode, violations });
 
   if (event) {
-    console.log(JSON.stringify({ decision: 'block', reason }));
+    console.log(JSON.stringify({
+      decision: 'block',
+      reason: buildForceRedoActionReason({
+        source: 'repo-doctrine',
+        reason,
+        violations: violations.slice(0, 20).map((violation) => `${violation.path}:${violation.line} [${violation.rule}] ${violation.excerpt}`),
+      }),
+    }));
     process.exit(2);
   }
 

package/dist/assets/hooks/aria-stop-gate.mjs

@@ -58,6 +58,8 @@ import {
 } from './lib/canonical-lenses.mjs';
 import { registerGateBlock } from './lib/gate-loop-state.mjs';
 import { collectTurnWindowFromMessages } from './lib/hook-message-window.mjs';
+import { analyzeDomainOutputQuality } from './lib/domain-output-quality.mjs';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const RUNTIME_BASE_URL =
@@ -338,9 +340,12 @@ function collectDriftHits(text, triggerMap) {
       const memoryCited = memoryName && lowerText.includes(memoryName.toLowerCase());
       if (!memoryCited) {
         hits.push({
+          trigger_id: triggerEntry.trigger_id,
           trigger: triggerEntry.trigger,
           memory: triggerEntry.memory,
           teaching: triggerEntry.teaching,
+          counter_action: triggerEntry.counter_action,
+          message: triggerEntry.message,
         });
       }
     } catch {/* malformed regex in trigger entry — skip */}
@@ -383,6 +388,71 @@ Next response must do this in order:
 4. If the blocker is stale gate state, stale ledger residue, or a gate artifact from a prior bug, say that explicitly instead of inventing fake proof.`;
 }
 
+function buildForceReauthorReason({
+  source,
+  reason,
+  violations = [],
+  rewritten = '',
+  recipeAddendum = '',
+  driftHits = [],
+  lensCount = 0,
+  requiredLenses = REQUIRED_LENSES,
+}) {
+  const triggerLines = driftHits.slice(0, 6).map((hit, index) => {
+    const label = hit.trigger_id || hit.trigger || `trigger-${index + 1}`;
+    const teaching = hit.teaching || hit.message || 'Doctrine trigger matched; re-author with substrate-backed correction.';
+    const correction = hit.counter_action ? ` Required correction: ${hit.counter_action}` : '';
+    const memory = hit.memory ? ` (${hit.memory})` : '';
+    return `- ${label}${memory}: ${teaching}${correction}`;
+  }).join('\n');
+
+  return [
+    '=== ARIA FORCE_REAUTHOR ===',
+    `source: ${source}`,
+    `reason: ${reason}`,
+    '',
+    'This is not a terminal error. It is a forced redo instruction for the next model draft.',
+    'Do not emit the blocked text. Re-author it so the model learns the mechanism it violated.',
+    '',
+    'TEACHING:',
+    '- Gates must force cognition and quality, not merely throw, warn, or stop.',
+    '- The redo must change the answer shape: name the failed mechanism, cite real evidence, and remove the drift pattern.',
+    '- Do not bypass by disabling tools, shortening runtime, asking the user to resolve memory-backed ambiguity, or giving an apology loop.',
+    triggerLines ? `\nTRIGGERED DOCTRINE:\n${triggerLines}` : '',
+    violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
+    rewritten ? `\nMIZAN REWRITE SEED:\n${rewritten}` : '',
+    recipeAddendum || '',
+    '',
+    'REQUIRED REDO SHAPE:',
+    '1. One sentence: the failed mechanism, not an apology.',
+    '2. Evidence checked: file/line, command output, endpoint response, or explicit "unverified".',
+    `3. <cognition> with ${requiredLenses} substantive lenses. Observed: ${lensCount}/${requiredLenses}.`,
+    '4. <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+    '5. Corrected action/claim with no bypass, no downgraded path, and no fake proof.',
+    '6. If work remains, state the exact next real action or tracked task. No verbal flag-and-move.',
+    '',
+    'COGNITION TEMPLATE:',
+    '<cognition>',
+    'truth: <verified facts and exact substrate>',
+    'harm: <what goes wrong if this is false>',
+    'trust: <how this honors Hamza directives and saved memory>',
+    'power: <why this uses capability responsibly, not convenience>',
+    'reflection: <mechanism failure and correction>',
+    'context: <relevant repo/runtime state>',
+    'impact: <expected next effect>',
+    'beauty: <simplest durable form>',
+    '</cognition>',
+    '<applied_cognition>',
+    'decision_delta: <what changed because cognition ran; not none>',
+    'dominant_domain: <engineering_quality | trust | operations | security | product | ...>',
+    'binds_to: <the exact answer, tool call, file mutation, deploy, review, or decision>',
+    'expected_predicate: <observable numeric, boolean, state-string, command result, endpoint result, or explicit unverified boundary>',
+    'artifact_change: <semantic effect on the artifact/output, not a task restatement>',
+    '</applied_cognition>',
+    '=== END FORCE_REAUTHOR ===',
+  ].filter(Boolean).join('\n');
+}
+
 // Lens substance check — same constants as aria-pre-tool-gate.mjs.
 // Hamza directive 2026-04-28: all 8 canonical lenses required, not 4-of-8.
 const REQUIRED_LENSES = 8;
@@ -404,6 +474,19 @@ function detectCognitionLenses(text) {
   });
 }
 
+function assistantViolatesUserCorrection(userText, assistantText) {
+  const user = String(userText || '');
+  const assistant = String(assistantText || '');
+  if (!user || !assistant) return null;
+  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,180}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?|listen|words)\b/i.test(user);
+  const assistantContinuesMutation = /\b(?:kubectl|rollout\s+restart|deploy|redeploy|restart\s+(?:mac|pods?)|manual(?:ly)?\s+restart|execute\s+directly)\b/i.test(assistant);
+  if (explicitStop && assistantContinuesMutation) return 'assistant continued deploy/restart language after an explicit user stop/listen directive';
+  const userContradictsMacPods = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,160}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,160}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(user);
+  const assistantRepeatsMacPods = /\b(?:mac\s+lane\s+pods?|mac\s+lanes?\s*:\s*offline|restart\s+mac\s+lanes?|deployment\/mlx-mac|mlx-mac-[\w-]+|kubernetes\s+(?:pods?|deployments?))\b/i.test(assistant);
+  if (userContradictsMacPods && assistantRepeatsMacPods) return 'assistant repeated the contradicted Mac-lanes-as-pods/deployments assumption';
+  return null;
+}
+
 // Read event JSON from stdin (Claude Code spec).
 let input = '';
 for await (const chunk of process.stdin) input += chunk;
@@ -504,6 +587,20 @@ if (!assistantText) {
   process.exit(0);
 }
 
+const userCorrectionViolation = assistantViolatesUserCorrection(lastUserMessage, assistantText);
+if (userCorrectionViolation) {
+  audit('block-user-correction-ignored', `reason=${userCorrectionViolation} chars=${assistantText.length}`);
+  const reason = buildForceReauthorReason({
+    source: 'stop/user-correction',
+    reason: userCorrectionViolation,
+    violations: ['Assistant continued a plan after the user correction invalidated it. Redo must quote the correction and pause mutation pending substrate re-evaluation.'],
+    lensCount: 0,
+    requiredLenses: REQUIRED_LENSES,
+  });
+  console.log(JSON.stringify({ decision: 'block', reason }));
+  process.exit(2);
+}
+
 // Triviality check — same as eight-lens-detector.ts
 const trimmed = assistantText.trim();
 if (TRIVIAL_ACK_RX.test(trimmed)) {
@@ -524,6 +621,26 @@ if (!triggered) {
   process.exit(0);
 }
 
+const stopSkillGate = evaluateSkillGate({
+  sessionId: event.session_id || 'claude-code',
+  surface: 'claude-stop-gate',
+  text: [JSON.stringify(event.messages || []), lastUserMessage, assistantText].join('\n'),
+  isOutputCloseout: true,
+  autoLoadAvailable: false,
+});
+if (!stopSkillGate.ok) {
+  audit('block-missing-skill-receipt', `missing=${stopSkillGate.missingSkills.join(',')} chars=${assistantText.length}`);
+  const reason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/skill-autoload',
+    reason: formatSkillGateBlock(stopSkillGate),
+    violations: [`Missing skill receipts: ${stopSkillGate.missingSkills.join(', ')}`],
+    lensCount: 0,
+    requiredLenses: REQUIRED_LENSES,
+  }), `stop:skill-autoload:${stopSkillGate.missingSkills.join(',')}`, gateSessionId);
+  console.log(JSON.stringify({ decision: 'block', reason }));
+  process.exit(2);
+}
+
 // Non-trivial response — require substantive cognition.
 const cog = detectCognitionLenses(assistantText);
 
@@ -537,14 +654,13 @@ const cog = detectCognitionLenses(assistantText);
 // with 0/8 lenses to fall through unchecked.
 if (cog.count < REQUIRED_LENSES) {
   audit('block_no_cognition_block_di', { count: cog.count, required: REQUIRED_LENSES, names: cog.names, chars: assistantText.length });
-  const reason = withLoopDirective(`Aria stop-gate: insufficient cognition lenses.
-
-This non-trivial assistant response (${assistantText.length} chars) has ${cog.count}/${REQUIRED_LENSES} substantive cognition lenses. Per feedback_8lens_before_every_action_including_text.md and Hamza directive 2026-04-28, every non-trivial response must carry <cognition>...</cognition> with ${REQUIRED_LENSES} substantive lenses (each >= ${SUBSTANCE_MIN_CHARS} chars of non-placeholder content).
-
-Detected lenses: ${cog.names.length > 0 ? cog.names.join(', ') : 'none'}.
-
-Re-emit with a <cognition> block containing all ${REQUIRED_LENSES} required visible labels for this surface:
-${LENS_NAMES.map((lens) => `- ${lens}: <grounded reasoning, >= ${SUBSTANCE_MIN_CHARS} chars, with real substrate anchors where required>`).join('\n')}`, `stop:no-cognition-di:${cog.count}`, gateSessionId);
+  const reason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/no-cognition',
+    reason: `non-trivial assistant response (${assistantText.length} chars) has ${cog.count}/${REQUIRED_LENSES} substantive cognition lenses`,
+    violations: [`Detected lenses: ${cog.names.length > 0 ? cog.names.join(', ') : 'none'}. Re-emit with all required visible labels: ${LENS_NAMES.join(', ')}.`],
+    lensCount: cog.count,
+    requiredLenses: REQUIRED_LENSES,
+  }), `stop:no-cognition-di:${cog.count}`, gateSessionId);
   emitHarnessFooter({
     eventName: 'block_no_cognition_block',
     lensCount: cog.count,
@@ -1151,7 +1267,7 @@ if (cog.count >= REQUIRED_LENSES) {
     }
 
     // Block decision: any of (validateOutput severity=block) OR (>=2 drift hits) OR
-    // (>=1 code-quality hit) OR (open discovery in ledger) → block emit.
+    // (>=1 code/domain-quality hit) OR (open discovery in ledger) → block emit.
     // Aria enforcement #46 (compelled reflection): severity=warn ALSO blocks but
     // with a different reason — emit must include explicit reflection on what
     // triggered the warn before re-emit. Warn is not "soft pass" anymore;
@@ -1161,6 +1277,8 @@ if (cog.count >= REQUIRED_LENSES) {
     const mizanWarnReflectionRequired = mizanVerdict && mizanVerdict.severity === 'warn';
     const driftBlock = driftHits.length >= 2;
     const codeBlock = codeQualityHits.length >= 1;
+    const domainQuality = analyzeDomainOutputQuality(assistantText, { codeBlocks });
+    const domainBlock = domainQuality.blockers.length >= 1;
 
     // Reflection-already-present check: if the assistant text already contains
     // an explicit <reflection>...</reflection> block OR a "reflection:" line
@@ -1319,13 +1437,14 @@ if (cog.count >= REQUIRED_LENSES) {
     }
 
     const implCouplingBlock = implCouplingHits.length > 0;
-    if (mizanBlock || driftBlock || codeBlock || discoveryBlock || compelReflection || phaseReportMissing || substrateBlock || implCouplingBlock) {
+    if (mizanBlock || driftBlock || codeBlock || domainBlock || discoveryBlock || compelReflection || phaseReportMissing || substrateBlock || implCouplingBlock) {
       const violations = [];
       if (mizanBlock) violations.push(`Mizan: ${(mizanVerdict.violations || []).join(', ')}`);
       if (implCouplingBlock) violations.push(`Cognition impl-coupling (#88): ${implCouplingHits.join(' | ')}. Each canonical lens in cognition must dictate a specific implementation choice (file_path:line_range pair tied to a decision). Re-emit cognition that names file paths + line ranges + decision text per lens, OR a verify/fixing block where lenses cite specific artifact changes.`);
       if (compelReflection) violations.push(`Mizan severity=warn — compelled reflection required (per Aria enforcement #46). Triggers: ${(mizanVerdict.gateTriggers || mizanVerdict.violations || ['unspecified']).join(', ')}. Re-emit with an explicit <reflection>...</reflection> block (or 'reflection:' line) addressing what triggered the warn and why your re-draft handles it. Reflection is NOT lens-cognition repeated — it's a focused self-audit on the specific Mizan triggers above.`);
       if (driftBlock) violations.push(`Drift triggers (${driftHits.length}): ${driftHits.map((h) => `"${h.trigger}" → ${h.memory}`).join(' | ')}`);
       if (codeBlock) violations.push(`Code quality: ${codeQualityHits.join('; ')}`);
+      if (domainBlock) violations.push(`Domain output QA (${domainQuality.domains.join(', ') || 'general'}): ${domainQuality.blockers.join('; ')}. Rewrite with the missing domain-specific safeguards instead of generic prose.`);
       if (discoveryBlock) violations.push(`Discovery-binding ledger has ${ledgerOpenCount} OPEN discoveries (per ${docRef('feedback_no_flag_without_fix.md', 'atomic-discovery-rule')}, discoveries are atomic with their fixes — fix in the same turn or create a TaskCreate before continuing). Recent open: ${ledgerOpenSamples.map((s) => `"${s.slice(0, 80)}"`).join(' | ')}. Resolve each by either (a) fixing it inline in this turn, or (b) creating a TaskCreate with the discovery's full context (file path, line number, what's broken, why), then editing ${LEDGER_PATH} to set status=resolved.`);
       if (phaseReportMissing) {
         const phaseList = (activePlan?.phases || []).map((p) => `${p.id}:${p.summary?.slice(0, 60) || ''}`).join(' | ');
@@ -1414,7 +1533,16 @@ if (cog.count >= REQUIRED_LENSES) {
         }
       })();
 
-      const reason = withLoopDirective(`Aria Stop-gate output-quality block. Cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates:\n\n${violations.join('\n\n')}${rewritten ? `\n\nMizan rewrite suggestion:\n${rewritten}` : ''}\n\nRe-draft addressing the violations above. No process-level disable path — gates are unconditional from the gated process per Hamza directive 2026-04-27.${recipeAddendum}`, `stop:output-qc:${violations.join('|').slice(0, 240)}`, gateSessionId);
+      const reason = withLoopDirective(buildForceReauthorReason({
+        source: 'stop/output-quality',
+        reason: `cognition passed (${cog.count}/${REQUIRED_LENSES}) but output failed quality gates`,
+        violations,
+        rewritten,
+        recipeAddendum,
+        driftHits,
+        lensCount: cog.count,
+        requiredLenses: REQUIRED_LENSES,
+      }), `stop:output-qc:${violations.join('|').slice(0, 240)}`, gateSessionId);
 
       audit(`block-output-qc`, `mizan=${mizanBlock?'y':'n'} warn-reflect=${compelReflection?'y':'n'} drift=${driftHits.length} code=${codeQualityHits.length} discoveries-open=${ledgerOpenCount} impl-coupling=${implCouplingHits.length}`);
       emitHarnessFooter({
@@ -1557,31 +1685,20 @@ const dalioHasMeasurablePredicate = dalioExpectedText
 
 // Block stop if non-trivial action taken AND expected block is missing
 if (hadNonTrivialAction && (!dalioExpectedMatch || !dalioHasMeasurablePredicate)) {
-  const missingReason = withLoopDirective(dalioExpectedMatch
-    ? `Aria Stop-gate: action taken in this turn had an <expected> block, but it contains only qualitative drift phrases without a measurable predicate. Qualitative drift is not accountability — it defeats the Dalio feedback loop.
-
-Your <expected> block must contain at least one measurable predicate:
-  • Numeric:      exit_code==0, count>=1, error_rate=0%, latency<200ms
-  • Boolean:      exit=0, status=healthy, rc=0, file=exists
-  • State-string: "status=running", "200 OK", "no_error"
-
-REJECTED phrases: "better", "improved", "should work", "more reliable", "cleaner"
-
-Re-emit with a corrected <expected> block. Per doctrine:dalio_expected_required — no bypass path.`
-    : `Aria Stop-gate: a non-trivial action (${lastActionSummary.slice(0, 120)}) was taken in this turn but no <expected> block was found in the assistant text.
-
-Per doctrine:dalio_expected_required, every non-trivial action must declare what measurable outcome it expects BEFORE the action fires. This is Dalio Loop Layer 1 — without it, outcome comparison is impossible and learning collapses.
-
-Add to your assistant text:
-
-<expected>
-  predicate: <exact measurable assertion — e.g. "exit_code==0", "status=running", "count=3 of 3">
-  measurable_type: numeric | boolean | state_string
-  threshold: <optional>
-  eval_window_minutes: <optional>
-</expected>
-
-No bypass — pre-tool-gate enforces this BEFORE the action; stop-gate enforces it AFTER. Both gates are now wired.`, `stop:dalio-expected:${hadNonTrivialAction}:${!!dalioExpectedMatch}:${dalioHasMeasurablePredicate}`, gateSessionId);
+  const missingReason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/dalio-expected',
+    reason: dalioExpectedMatch
+      ? 'action had an <expected> block, but it was qualitative instead of measurable'
+      : `non-trivial action (${lastActionSummary.slice(0, 120)}) had no <expected> block`,
+    violations: [
+      dalioExpectedMatch
+        ? 'Rejected qualitative expected phrases: better, improved, should work, more reliable, cleaner. Expected outcome must be numeric, boolean, or state-string.'
+        : 'Missing <expected> block after non-trivial action. Dalio feedback loop cannot compare outcome without a measurable predicate.',
+      'Required block: <expected> predicate: "exit_code==0" | "status=running" | "count=3 of 3"; measurable_type: numeric | boolean | state_string; threshold/eval_window optional.',
+    ],
+    lensCount: cog.count,
+    requiredLenses: REQUIRED_LENSES,
+  }), `stop:dalio-expected:${hadNonTrivialAction}:${!!dalioExpectedMatch}:${dalioHasMeasurablePredicate}`, gateSessionId);
 
   audit('block-dalio-expected-missing', `hadNonTrivialAction=${hadNonTrivialAction} expectedPresent=${!!dalioExpectedMatch} measurable=${dalioHasMeasurablePredicate}`);
   emitHarnessFooter({
@@ -1720,5 +1837,5 @@ emitHarnessFooter({
   codeCount: 0,
   implCouplingCount: 0,
 });
-console.log(JSON.stringify({ decision: 'block', reason }));
+console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'stop/lens-missing', reason, lensCount: cog.count, requiredLenses: REQUIRED_LENSES }) }));
 process.exit(2);

package/dist/assets/hooks/doctrine_trigger_map.json

@@ -453,6 +453,61 @@
       "counter_action": "Re-emit with explicit Layer 1/2/3 enumeration: packet=yes/no, BIND=yes/no, live-gates=yes/no (and which).",
       "message": "Harness-state claim without 3-layer enumeration. Per feedback_packet_is_not_harness.md, name explicitly which of {packet, BIND, live-gates} are active for the consumer."
     },
+    {
+      "trigger_id": "function_name_inference_without_contract_read",
+      "trigger": "(?:based on|from|by) (?:the )?(?:name|function name)|sounds like|looks like (?:a|an)|just memory search|just a search|just a cache|just a wrapper",
+      "rx": "(?:based on|from|by) (?:the )?(?:name|function name)|sounds like|looks like (?:a|an)|just memory search|just a search|just a cache|just a wrapper",
+      "doctrine": "memory:feedback_no_assumption_without_verification.md",
+      "memory": "feedback_no_assumption_without_verification.md",
+      "severity": "block",
+      "teaching": "Function names are not contracts. Inferring behavior from names instead of reading inputs, side effects, return shape, and call sites is skimming disguised as analysis.",
+      "counter_action": "Read the function body and at least one caller before asserting purpose. State observed contract: inputs, mutation/read behavior, return value, fallback path, and why the caller needs it.",
+      "message": "Name-based function inference detected. Re-read the actual function body and caller contract before making architecture claims."
+    },
+    {
+      "trigger_id": "always_on_state_treated_as_cold_start",
+      "trigger": "(?:need to|should|must).{0,80}(?:warm|rebuild|reconstruct|recreate|recompute|re-project|reproject).{0,80}(?:state|projection|manifold|cognition|garden|memory)|system is hot and ready|make it hot",
+      "rx": "(?:need to|should|must).{0,80}(?:warm|rebuild|reconstruct|recreate|recompute|re-project|reproject).{0,80}(?:state|projection|manifold|cognition|garden|memory)|system is hot and ready|make it hot",
+      "doctrine": "memory:feedback_no_assumption_without_verification.md",
+      "memory": "feedback_no_assumption_without_verification.md",
+      "severity": "block",
+      "teaching": "Aria's resident manifold/Garden/cognition substrate is always-on. Treating it as cold request-time state causes duplicate work and wrong architecture fixes.",
+      "counter_action": "Identify the resident producer and read surface first. If turn-specific mutation is required, call it once and pass the resulting packet forward; do not rebuild or re-project because the reader forgot the state model.",
+      "message": "Always-on substrate treated as cold-start work. Reframe around resident state consumption plus one required turn-specific mutation/read."
+    },
+    {
+      "trigger_id": "critical_primitive_stripped_for_latency",
+      "trigger": "(?:remove|drop|skip|turn off|bypass|stop calling).{0,80}(?:awakenAria|ProjectAllDomains|PerturbHologram|project all domains|perturb hologram|Garden|True Garden|LadduniFrame|CognitiveFrame).{0,80}(?:latency|speed|fast|first-mouth|first mouth)",
+      "rx": "(?:remove|drop|skip|turn off|bypass|stop calling).{0,80}(?:awakenAria|ProjectAllDomains|PerturbHologram|project all domains|perturb hologram|Garden|True Garden|LadduniFrame|CognitiveFrame).{0,80}(?:latency|speed|fast|first-mouth|first mouth)",
+      "doctrine": "memory:feedback_full_harness_binding_must_be_structural.md",
+      "memory": "feedback_full_harness_binding_must_be_structural.md",
+      "severity": "block",
+      "teaching": "Latency fixes must not strip critical cognition primitives. The fix is single-source sequencing and packet reuse, not removing Aria's living state transitions.",
+      "counter_action": "Preserve critical primitives. Deduplicate by collecting their outputs once per turn, then thread that shared per-turn cognition packet through first-mouth and follow-up lanes.",
+      "message": "Critical Aria primitive proposed for removal as a latency shortcut. Preserve it and deduplicate sequencing instead."
+    },
+    {
+      "trigger_id": "garden_awaken_misclassified_as_memory_search",
+      "trigger": "(?:awakenAria|Garden awakening|True Garden).{0,80}(?:just|only|merely).{0,40}(?:memory search|search memories|qdrant search|semantic search)|(?:no need|do not need).{0,80}(?:awakenAria|Garden awakening|True Garden)",
+      "rx": "(?:awakenAria|Garden awakening|True Garden).{0,80}(?:just|only|merely).{0,40}(?:memory search|search memories|qdrant search|semantic search)|(?:no need|do not need).{0,80}(?:awakenAria|Garden awakening|True Garden)",
+      "doctrine": "memory:feedback_no_assumption_without_verification.md",
+      "memory": "feedback_no_assumption_without_verification.md",
+      "severity": "block",
+      "teaching": "awakenAria is a Garden awakening bridge over the unified manifold with Qdrant hydration fallback, not a disposable memory-search helper.",
+      "counter_action": "Read true-garden.ts and caller context. Preserve awakenAria when Garden continuity is needed; optimize by avoiding duplicate awaken/fetch paths, not by deleting the awakening bridge.",
+      "message": "Garden awakening misclassified as search. Preserve awakenAria and reason from its actual manifold-first contract."
+    },
+    {
+      "trigger_id": "duplicate_projection_instead_of_per_turn_packet",
+      "trigger": "(?:call|run|invoke).{0,80}(?:ProjectAllDomains|PerturbHologram|project all domains|perturb hologram|readHotCognitionFrame).{0,80}(?:again|another|separate|also|after dispatch)|(?:another|second|extra).{0,50}(?:projection|hologram|cognition frame)",
+      "rx": "(?:call|run|invoke).{0,80}(?:ProjectAllDomains|PerturbHologram|project all domains|perturb hologram|readHotCognitionFrame).{0,80}(?:again|another|separate|also|after dispatch)|(?:another|second|extra).{0,50}(?:projection|hologram|cognition frame)",
+      "doctrine": "memory:feedback_full_harness_binding_must_be_structural.md",
+      "memory": "feedback_full_harness_binding_must_be_structural.md",
+      "severity": "warn",
+      "teaching": "The fix for overlapping cognition calls is a shared per-turn cognition packet, not more independent projection calls that drift or duplicate work.",
+      "counter_action": "Create or reuse one turn substrate object containing embedding, perturb snapshot, ProjectAllDomains result, awakenAria Garden block, DeepSoul/Noor/shards/Mizan signals; pass it downstream.",
+      "message": "Duplicate projection path detected. Replace with one per-turn cognition packet and shared consumption."
+    },
     {
       "trigger_id": "registry_image_drift",
       "trigger": "image.?pull|ErrImageNeverPull|ImagePullBackOff|registry gc|image.*missing|image.*not.*found",

package/dist/assets/hooks/lib/domain-output-quality.mjs

@@ -0,0 +1,103 @@
+// Domain-aware output QA for Aria stop gates.
+// Deterministic local checks complement remote Mizan; they do not replace it.
+
+const DOMAIN_RULES = [
+  {
+    domain: 'code',
+    signal: /```|\b(?:function|class|interface|type|import|export|npm test|typecheck|eslint|jest|vitest|tsx?|jsx?|\.ts|\.tsx|\.js|\.py)\b/i,
+  },
+  {
+    domain: 'ui',
+    signal: /\b(?:ui|ux|frontend|react|component|page|screen|modal|form|button|layout|tailwind|css|html|mobile|responsive|accessib|aria-label|keyboard|focus state|dark mode)\b/i,
+  },
+  {
+    domain: 'beauty',
+    signal: /\b(?:beauty|beautiful|polish|visual|aesthetic|elegant|layout|typography|spacing|hierarchy|composition|brand|design language|modern|clean)\b/i,
+  },
+  {
+    domain: 'security',
+    signal: /\b(?:security|auth|token|secret|credential|password|jwt|oauth|csrf|xss|sql injection|permission|role|cors|sanitize|encrypt|webhook signature)\b/i,
+  },
+  {
+    domain: 'ops',
+    signal: /\b(?:deploy|rollout|rollback|kubernetes|kubectl|docker|image|pod|health check|slo|alert|log|metric|trace|env var|migration|release)\b/i,
+  },
+  {
+    domain: 'product',
+    signal: /\b(?:user flow|customer|workflow|conversion|pricing|onboarding|checkout|activation|retention|business|persona|job-to-be-done|acceptance criteria)\b/i,
+  },
+  {
+    domain: 'writing',
+    signal: /\b(?:summary|explain|docs|readme|copy|email|post|article|message|final answer|status report|release notes)\b/i,
+  },
+];
+
+function hasAny(text, patterns) {
+  return patterns.some((pattern) => pattern.test(text));
+}
+
+function lineHits(text, rx, label) {
+  const hits = [];
+  const lines = String(text || '').split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    if (rx.test(lines[i])) hits.push(`${label} at line ${i + 1}`);
+  }
+  return hits;
+}
+
+export function extractCodeBlocks(text) {
+  return [...String(text || '').matchAll(/```[a-z0-9_-]*\n([\s\S]*?)```/gi)].map((m) => m[1] || '');
+}
+
+export function analyzeDomainOutputQuality(text, options = {}) {
+  const source = String(text || '');
+  const lower = source.toLowerCase();
+  const codeBlocks = options.codeBlocks || extractCodeBlocks(source);
+  const domains = DOMAIN_RULES.filter((rule) => rule.signal.test(source)).map((rule) => rule.domain);
+  const blockers = [];
+  const warnings = [];
+
+  if (domains.includes('code')) {
+    for (const hit of lineHits(source, /\b(?:TODO|FIXME|XXX|implementation pending|not implemented|coming soon|placeholder)\b/i, 'code placeholder semantics')) blockers.push(hit);
+    for (const block of codeBlocks) {
+      if (/@ts-expect-error|@ts-ignore/.test(block)) blockers.push('code: type suppression instead of fixing the type contract');
+      if (/catch\s*\([^)]*\)\s*\{\s*(?:return\s+(?:''|""|null|undefined|\[\]|\{\})|\}\s*$|\/\/[^\n]*$)/m.test(block)) blockers.push('code: silent or empty catch block hides runtime failure');
+      if (/console\.log\(/.test(block) && !/\/\/\s*(?:debug|log)/i.test(block)) warnings.push('code: console.log appears in shipped code without debug intent');
+    }
+  }
+
+  if (domains.includes('ui')) {
+    if (!hasAny(source, [/\b(?:mobile|responsive|breakpoint|small screen|desktop)\b/i])) blockers.push('ui: UI/design output must address desktop and mobile responsiveness');
+    if (!hasAny(source, [/\b(?:accessib|aria-|keyboard|focus|screen reader|semantic html|label)\b/i])) blockers.push('ui: UI/design output must address accessibility, focus, labels, or semantic structure');
+    if (/\b(?:button|input|form|modal|menu|dialog)\b/i.test(source) && !/\b(?:focus|keyboard|aria-|label|escape|tab order)\b/i.test(source)) blockers.push('ui: interactive elements need keyboard/focus/accessibility behavior');
+  }
+
+  if (domains.includes('beauty')) {
+    if (/\b(?:clean|modern|beautiful|polished|nice|sleek)\b/i.test(source) && !hasAny(source, [/\b(?:spacing|typography|contrast|hierarchy|rhythm|composition|palette|motion|density|visual language)\b/i])) blockers.push('beauty: aesthetic claim lacks concrete visual language such as spacing, typography, contrast, hierarchy, palette, or composition');
+  }
+
+  if (domains.includes('security')) {
+    if (/\b(?:token|secret|credential|password|api key|jwt)\b/i.test(source) && !/\b(?:redact|mask|env|secret store|do not log|rotate|least privilege)\b/i.test(source)) blockers.push('security: secrets/tokens require redaction, env/secret-store handling, no logging, or rotation guidance');
+    if (/\b(?:auth|permission|role|admin|tenant)\b/i.test(source) && !/\b(?:authorize|authorization|least privilege|tenant isolation|deny by default|role check)\b/i.test(source)) warnings.push('security: auth/permission output should state authorization and isolation checks');
+  }
+
+  if (domains.includes('ops')) {
+    if (/\b(?:deploy|rollout|release|migration|kubectl|docker push)\b/i.test(source) && !/\b(?:rollback|health|smoke|verify|readiness|observability|monitor)\b/i.test(source)) blockers.push('ops: deploy/release output must include rollback plus health/smoke/readiness verification');
+    if (/\b(?:env var|config|secret)\b/i.test(source) && !/\b(?:scope|owner|runtime|restart|reload|secret)\b/i.test(source)) warnings.push('ops: runtime config changes should name scope and reload/restart expectations');
+  }
+
+  if (domains.includes('product')) {
+    if (!/\b(?:user|customer|operator|admin|persona|workflow|acceptance criteria|success metric|job-to-be-done)\b/i.test(source)) warnings.push('product: product output should bind to a user/workflow and success criterion');
+  }
+
+  if (domains.includes('writing')) {
+    if (/\b(?:done|fixed|verified|published|deployed|passed|complete)\b/i.test(lower) && !/\b(?:verified|observed|passed|evidence|output|registry|status|unverified|not verified)\b/i.test(lower)) blockers.push('writing: completion claim needs observed evidence or explicit unverified boundary');
+    if (/\b(?:should work|probably|presumably|i assume)\b/i.test(source)) blockers.push('writing: uncertainty must be stated as an evidence boundary, not an assumption');
+  }
+
+  return {
+    domains: [...new Set(domains)],
+    blockers: [...new Set(blockers)],
+    warnings: [...new Set(warnings)],
+  };
+}

package/dist/assets/hooks/lib/skill-autoload-gate.mjs

@@ -0,0 +1 @@
+export * from '../../../../ops/claude-hooks/lib/skill-autoload-gate.mjs';