@aria_asi/cli 0.2.32 → 0.2.34

package/hooks/aria-pre-tool-gate.mjs

@@ -52,11 +52,30 @@ import {
   normalizeContent,
   normalizeRole,
 } from './lib/hook-message-window.mjs';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
 const HEARTBEAT = `${HOME}/.claude/aria-pre-tool-gate-heartbeat.jsonl`;
 const GATE_LOOP_STATE_PATH = `${HOME}/.claude/.aria-gate-loop-state.json`;
+const GOVERNANCE_GATE_PATH = `${HOME}/.aria/bin/aria-governance-gate`;
+
+function runUniversalGovernanceGate(payload) {
+  if (!existsSync(GOVERNANCE_GATE_PATH)) return null;
+  const child = spawnSync(GOVERNANCE_GATE_PATH, {
+    input: `${JSON.stringify(payload)}\n`,
+    encoding: 'utf8',
+    maxBuffer: 1024 * 1024,
+  });
+  const stdout = String(child.stdout || '').trim();
+  let result = null;
+  try { result = stdout ? JSON.parse(stdout) : null; } catch {}
+  if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
+    const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
+    throw new Error(`=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===\n\n${reason}`);
+  }
+  return result;
+}
 
 // ── Heartbeat OUTSIDE the crash boundary (doctrine #123) ───────────────
 // Per feedback_ledger_writes_outside_crash_boundary.md + doctrine #124
@@ -1287,6 +1306,43 @@ const sessionId =
   (transcriptPath ? transcriptPath.split('/').pop()?.replace(/\.[^.]+$/, '') : null) ??
   'claude-code-unknown';
 
+const skillGate = evaluateSkillGate({
+  sessionId,
+  surface: 'claude-pre-tool-gate',
+  text: [JSON.stringify(event.messages || []), unionText, JSON.stringify(toolInput || {})].join('\n'),
+  action: cmd,
+  toolName,
+  filePath,
+  isDeploy: Boolean(deployMatched),
+  isMutation: toolName !== 'Bash',
+  autoLoadAvailable: false,
+});
+if (!skillGate.ok) {
+  const reason = formatSkillGateBlock(skillGate);
+  audit('block-missing-skill-receipt', `${skillGate.missingSkills.join(',')} ${cmdPreview}`);
+  emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+try {
+  runUniversalGovernanceGate({
+    sessionId,
+    sourceRuntime: 'claude-code',
+    surface: 'claude-pre-tool-gate',
+    text: [unionText, JSON.stringify(toolInput || {})].join('\n').slice(0, 8000),
+    action: cmd,
+    toolName,
+    filePath,
+    isDeploy: Boolean(deployMatched),
+    isMutation: toolName !== 'Bash',
+    loadedSkills: skillGate.loadedSkills,
+    evidence: { lensCount, hasVerify, hasCognition, hasSubstrateCite },
+  });
+} catch (err) {
+  audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
+  emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  process.exit(2);
+}
+
 function pushDecision(decision, reasonText) {
   pushCognitionEvent({
     sessionId,
@@ -1440,6 +1496,7 @@ if (deployMatched) {
     //   reads the same file and computes the same HMAC.
     try {
       const justificationPath = `${HOME}/.claude/.aria-deploy-justification.json`;
+      const runtimeAgnosticJustificationPath = `${HOME}/.aria/.aria-deploy-justification.json`;
       const secretPath = `${HOME}/.claude/.aria-gate-secret`;
 
       // Lazy-generate per-installation secret if absent.
@@ -1481,6 +1538,8 @@ if (deployMatched) {
         signatureAlgo: 'HMAC-SHA256',
       };
       writeFileSync(justificationPath, JSON.stringify(justification, null, 2));
+      mkdirSync(dirname(runtimeAgnosticJustificationPath), { recursive: true });
+      writeFileSync(runtimeAgnosticJustificationPath, JSON.stringify(justification, null, 2), { mode: 0o600 });
     } catch (writeErr) {
       // Write failure is non-fatal for the gate decision (the gate itself
       // is the structural enforcement); log loudly per
@@ -2158,7 +2217,7 @@ Claude must either: (a) reframe action to fit allowedActions, OR (b) emit [PLAN_
 // every tool when substrate is down would brick the orchestrator, but the
 // failure is logged for telemetry.
 try {
-  const { HTTPHarnessClient } = await import('@aria/harness-http-client');
+  const { HTTPHarnessClient } = await import('@aria_asi/harness-http-client');
   const { readFileSync: __fsRead, existsSync: __fsExists } = await import('node:fs');
   const { homedir: __homedir } = await import('node:os');
   const __home = __homedir();

package/hooks/aria-stop-gate.mjs

@@ -49,6 +49,7 @@
 
 import { readFileSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { dirname } from 'node:path';
+import { spawnSync } from 'node:child_process';
 import { appendGateAudit } from './lib/gate-audit.mjs';
 import {
   ALL_LENS_NAMES,
@@ -58,6 +59,8 @@ import {
 } from './lib/canonical-lenses.mjs';
 import { registerGateBlock } from './lib/gate-loop-state.mjs';
 import { collectTurnWindowFromMessages } from './lib/hook-message-window.mjs';
+import { analyzeDomainOutputQuality } from './lib/domain-output-quality.mjs';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const RUNTIME_BASE_URL =
@@ -67,6 +70,24 @@ const LOG = `${HOME}/.claude/aria-stop-gate.log`;
 const AUDIT_PATH = `${HOME}/.claude/aria-stop-gate-audit.jsonl`;
 const GATE_LOOP_STATE_PATH = `${HOME}/.claude/.aria-gate-loop-state.json`;
 const MIZAN_RECEIPT_DIR = `${HOME}/.claude/.aria-mizan-receipts`;
+const GOVERNANCE_GATE_PATH = `${HOME}/.aria/bin/aria-governance-gate`;
+
+function runUniversalGovernanceGate(payload) {
+  if (!existsSync(GOVERNANCE_GATE_PATH)) return null;
+  const child = spawnSync(GOVERNANCE_GATE_PATH, {
+    input: `${JSON.stringify(payload)}\n`,
+    encoding: 'utf8',
+    maxBuffer: 1024 * 1024,
+  });
+  const stdout = String(child.stdout || '').trim();
+  let result = null;
+  try { result = stdout ? JSON.parse(stdout) : null; } catch {}
+  if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
+    const reason = stdout || child.stderr || 'aria-governance-gate blocked this output.';
+    throw new Error(`=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===\n\n${reason}`);
+  }
+  return result;
+}
 
 // SDK loader — bundled at ~/.aria/sdk by `aria connect`, with client-local
 // fallbacks preserved for resilience.
@@ -619,6 +640,48 @@ if (!triggered) {
   process.exit(0);
 }
 
+const stopSkillGate = evaluateSkillGate({
+  sessionId: event.session_id || 'claude-code',
+  surface: 'claude-stop-gate',
+  text: [JSON.stringify(event.messages || []), lastUserMessage, assistantText].join('\n'),
+  isOutputCloseout: true,
+  autoLoadAvailable: false,
+});
+if (!stopSkillGate.ok) {
+  audit('block-missing-skill-receipt', `missing=${stopSkillGate.missingSkills.join(',')} chars=${assistantText.length}`);
+  const reason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/skill-autoload',
+    reason: formatSkillGateBlock(stopSkillGate),
+    violations: [`Missing skill receipts: ${stopSkillGate.missingSkills.join(', ')}`],
+    lensCount: 0,
+    requiredLenses: REQUIRED_LENSES,
+  }), `stop:skill-autoload:${stopSkillGate.missingSkills.join(',')}`, gateSessionId);
+  console.log(JSON.stringify({ decision: 'block', reason }));
+  process.exit(2);
+}
+try {
+  runUniversalGovernanceGate({
+    sessionId: event.session_id || 'claude-code',
+    sourceRuntime: 'claude-code',
+    surface: 'claude-stop-gate',
+    text: assistantText.slice(0, 8000),
+    isOutputCloseout: true,
+    loadedSkills: stopSkillGate.loadedSkills,
+    evidence: { chars: assistantText.length, hasDecisionSignal, isLong },
+  });
+} catch (err) {
+  audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
+  const reason = withLoopDirective(buildForceReauthorReason({
+    source: 'stop/universal-governance',
+    reason: err instanceof Error ? err.message : String(err),
+    violations: ['Universal governance gate blocked this output.'],
+    lensCount: 0,
+    requiredLenses: REQUIRED_LENSES,
+  }), 'stop:universal-governance', gateSessionId);
+  console.log(JSON.stringify({ decision: 'block', reason }));
+  process.exit(2);
+}
+
 // Non-trivial response — require substantive cognition.
 const cog = detectCognitionLenses(assistantText);
 
@@ -1245,7 +1308,7 @@ if (cog.count >= REQUIRED_LENSES) {
     }
 
     // Block decision: any of (validateOutput severity=block) OR (>=2 drift hits) OR
-    // (>=1 code-quality hit) OR (open discovery in ledger) → block emit.
+    // (>=1 code/domain-quality hit) OR (open discovery in ledger) → block emit.
     // Aria enforcement #46 (compelled reflection): severity=warn ALSO blocks but
     // with a different reason — emit must include explicit reflection on what
     // triggered the warn before re-emit. Warn is not "soft pass" anymore;
@@ -1255,6 +1318,8 @@ if (cog.count >= REQUIRED_LENSES) {
     const mizanWarnReflectionRequired = mizanVerdict && mizanVerdict.severity === 'warn';
     const driftBlock = driftHits.length >= 2;
     const codeBlock = codeQualityHits.length >= 1;
+    const domainQuality = analyzeDomainOutputQuality(assistantText, { codeBlocks });
+    const domainBlock = domainQuality.blockers.length >= 1;
 
     // Reflection-already-present check: if the assistant text already contains
     // an explicit <reflection>...</reflection> block OR a "reflection:" line
@@ -1374,7 +1439,7 @@ if (cog.count >= REQUIRED_LENSES) {
     let substrateViolations = [];
     let substrateGateTriggers = [];
     try {
-      const { HTTPHarnessClient } = await import('@aria/harness-http-client');
+      const { HTTPHarnessClient } = await import('@aria_asi/harness-http-client');
       const tokenPath = `${HOME}/.aria/owner-token`;
       // Tier-aware resolution: ARIA_HARNESS_TOKEN env first (both tiers).
       // ONLY on owner tier, fall back to master/api-key env or owner-token
@@ -1413,13 +1478,14 @@ if (cog.count >= REQUIRED_LENSES) {
     }
 
     const implCouplingBlock = implCouplingHits.length > 0;
-    if (mizanBlock || driftBlock || codeBlock || discoveryBlock || compelReflection || phaseReportMissing || substrateBlock || implCouplingBlock) {
+    if (mizanBlock || driftBlock || codeBlock || domainBlock || discoveryBlock || compelReflection || phaseReportMissing || substrateBlock || implCouplingBlock) {
       const violations = [];
       if (mizanBlock) violations.push(`Mizan: ${(mizanVerdict.violations || []).join(', ')}`);
       if (implCouplingBlock) violations.push(`Cognition impl-coupling (#88): ${implCouplingHits.join(' | ')}. Each canonical lens in cognition must dictate a specific implementation choice (file_path:line_range pair tied to a decision). Re-emit cognition that names file paths + line ranges + decision text per lens, OR a verify/fixing block where lenses cite specific artifact changes.`);
       if (compelReflection) violations.push(`Mizan severity=warn — compelled reflection required (per Aria enforcement #46). Triggers: ${(mizanVerdict.gateTriggers || mizanVerdict.violations || ['unspecified']).join(', ')}. Re-emit with an explicit <reflection>...</reflection> block (or 'reflection:' line) addressing what triggered the warn and why your re-draft handles it. Reflection is NOT lens-cognition repeated — it's a focused self-audit on the specific Mizan triggers above.`);
       if (driftBlock) violations.push(`Drift triggers (${driftHits.length}): ${driftHits.map((h) => `"${h.trigger}" → ${h.memory}`).join(' | ')}`);
       if (codeBlock) violations.push(`Code quality: ${codeQualityHits.join('; ')}`);
+      if (domainBlock) violations.push(`Domain output QA (${domainQuality.domains.join(', ') || 'general'}): ${domainQuality.blockers.join('; ')}. Rewrite with the missing domain-specific safeguards instead of generic prose.`);
       if (discoveryBlock) violations.push(`Discovery-binding ledger has ${ledgerOpenCount} OPEN discoveries (per ${docRef('feedback_no_flag_without_fix.md', 'atomic-discovery-rule')}, discoveries are atomic with their fixes — fix in the same turn or create a TaskCreate before continuing). Recent open: ${ledgerOpenSamples.map((s) => `"${s.slice(0, 80)}"`).join(' | ')}. Resolve each by either (a) fixing it inline in this turn, or (b) creating a TaskCreate with the discovery's full context (file path, line number, what's broken, why), then editing ${LEDGER_PATH} to set status=resolved.`);
       if (phaseReportMissing) {
         const phaseList = (activePlan?.phases || []).map((p) => `${p.id}:${p.summary?.slice(0, 60) || ''}`).join(' | ');

package/hooks/doctrine_trigger_map.json

@@ -508,6 +508,49 @@
       "counter_action": "Create or reuse one turn substrate object containing embedding, perturb snapshot, ProjectAllDomains result, awakenAria Garden block, DeepSoul/Noor/shards/Mizan signals; pass it downstream.",
       "message": "Duplicate projection path detected. Replace with one per-turn cognition packet and shared consumption."
     },
+    {
+      "trigger_id": "premature_task_closeout",
+      "trigger": "(?:done|complete|completed|ready|verified|fixed).{0,120}(?:but|except|caveat|remaining|not yet|still|separate|later|blocked|skipped)",
+      "rx": "(?:done|complete|completed|ready|verified|fixed).{0,120}(?:but|except|caveat|remaining|not yet|still|separate|later|blocked|skipped)",
+      "doctrine": "memory:feedback_no_premature_task_closeout.md",
+      "memory": "feedback_no_premature_task_closeout.md",
+      "severity": "block",
+      "teaching": "A task is not complete while material blockers remain. Completion claims must match the verified scope.",
+      "counter_action": "Do not close the task. Fix the blocker now, or create an owner-visible durable task with the exact failing surface and verification gap.",
+      "message": "Premature closeout detected: completion language coexists with unresolved blockers. Fix or durably track before emitting."
+    },
+    {
+      "trigger_id": "narrow_e2e_overclaim",
+      "trigger": "(?:production-ready|ready for production|works in general|client packages?|npm packages?|SDKs?|runtimes?|harnesses?).{0,220}(?:deal|single flow|one flow|widget|one service|specific path|covered flow)",
+      "rx": "(?:production-ready|ready for production|works in general|client packages?|npm packages?|SDKs?|runtimes?|harnesses?).{0,220}(?:deal|single flow|one flow|widget|one service|specific path|covered flow)",
+      "doctrine": "memory:feedback_narrow_e2e_overclaim.md",
+      "memory": "feedback_narrow_e2e_overclaim.md",
+      "severity": "block",
+      "teaching": "A narrow e2e does not prove general production readiness for SDKs, npm packages, runtimes, clients, or harnesses.",
+      "counter_action": "Run the general readiness matrix or explicitly limit the claim to the verified surface. Do not imply general readiness from one app flow.",
+      "message": "Narrow proof overclaim detected. General readiness requires the client/package/runtime/harness matrix."
+    },
+    {
+      "trigger_id": "advisory_gate_not_gate",
+      "trigger": "(?:non-blocking|warn(?:ing)? only|advisory|falls? through|fail open|soft fail|log(?:ged)? and continue|quality gate warning)",
+      "rx": "(?:non-blocking|warn(?:ing)? only|advisory|falls? through|fail open|soft fail|log(?:ged)? and continue|quality gate warning)",
+      "doctrine": "memory:feedback_advisory_gate_is_not_gate.md",
+      "memory": "feedback_advisory_gate_is_not_gate.md",
+      "severity": "block",
+      "teaching": "A gate that only warns or falls through is not a gate. Enforcement must fail closed where quality or doctrine is required.",
+      "counter_action": "Convert advisory paths to blocking errors, add a self-test that proves rejection, and install the hardened gate into each consumer surface.",
+      "message": "Advisory gate bypass detected. Convert to fail-closed enforcement and prove it with a blocking self-test."
+    },
+    {
+      "trigger_id": "start_new_session_as_gate_fix",
+      "trigger": "(?:start|open|begin).{0,40}(?:new|fresh).{0,30}session.{0,120}(?:fix|gate|harness|enforcement)",
+      "rx": "(?:start|open|begin).{0,40}(?:new|fresh).{0,30}session.{0,120}(?:fix|gate|harness|enforcement)",
+      "doctrine": "memory:feedback_advisory_gate_is_not_gate.md",
+      "memory": "feedback_advisory_gate_is_not_gate.md",
+      "severity": "block",
+      "teaching": "A new session is not an enforcement fix. It only reloads whatever gate contract exists; broken gates remain broken.",
+      "counter_action": "Fix the runtime/plugin/hook contract, reinstall it, and run a live bad-action/bad-output self-test that proves blocking."
+    },
     {
       "trigger_id": "registry_image_drift",
       "trigger": "image.?pull|ErrImageNeverPull|ImagePullBackOff|registry gc|image.*missing|image.*not.*found",

package/hooks/lib/domain-output-quality.mjs

@@ -0,0 +1,103 @@
+// Domain-aware output QA for Aria stop gates.
+// Deterministic local checks complement remote Mizan; they do not replace it.
+
+const DOMAIN_RULES = [
+  {
+    domain: 'code',
+    signal: /```|\b(?:function|class|interface|type|import|export|npm test|typecheck|eslint|jest|vitest|tsx?|jsx?|\.ts|\.tsx|\.js|\.py)\b/i,
+  },
+  {
+    domain: 'ui',
+    signal: /\b(?:ui|ux|frontend|react|component|page|screen|modal|form|button|layout|tailwind|css|html|mobile|responsive|accessib|aria-label|keyboard|focus state|dark mode)\b/i,
+  },
+  {
+    domain: 'beauty',
+    signal: /\b(?:beauty|beautiful|polish|visual|aesthetic|elegant|layout|typography|spacing|hierarchy|composition|brand|design language|modern|clean)\b/i,
+  },
+  {
+    domain: 'security',
+    signal: /\b(?:security|auth|token|secret|credential|password|jwt|oauth|csrf|xss|sql injection|permission|role|cors|sanitize|encrypt|webhook signature)\b/i,
+  },
+  {
+    domain: 'ops',
+    signal: /\b(?:deploy|rollout|rollback|kubernetes|kubectl|docker|image|pod|health check|slo|alert|log|metric|trace|env var|migration|release)\b/i,
+  },
+  {
+    domain: 'product',
+    signal: /\b(?:user flow|customer|workflow|conversion|pricing|onboarding|checkout|activation|retention|business|persona|job-to-be-done|acceptance criteria)\b/i,
+  },
+  {
+    domain: 'writing',
+    signal: /\b(?:summary|explain|docs|readme|copy|email|post|article|message|final answer|status report|release notes)\b/i,
+  },
+];
+
+function hasAny(text, patterns) {
+  return patterns.some((pattern) => pattern.test(text));
+}
+
+function lineHits(text, rx, label) {
+  const hits = [];
+  const lines = String(text || '').split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    if (rx.test(lines[i])) hits.push(`${label} at line ${i + 1}`);
+  }
+  return hits;
+}
+
+export function extractCodeBlocks(text) {
+  return [...String(text || '').matchAll(/```[a-z0-9_-]*\n([\s\S]*?)```/gi)].map((m) => m[1] || '');
+}
+
+export function analyzeDomainOutputQuality(text, options = {}) {
+  const source = String(text || '');
+  const lower = source.toLowerCase();
+  const codeBlocks = options.codeBlocks || extractCodeBlocks(source);
+  const domains = DOMAIN_RULES.filter((rule) => rule.signal.test(source)).map((rule) => rule.domain);
+  const blockers = [];
+  const warnings = [];
+
+  if (domains.includes('code')) {
+    for (const hit of lineHits(source, /\b(?:TODO|FIXME|XXX|implementation pending|not implemented|coming soon|placeholder)\b/i, 'code placeholder semantics')) blockers.push(hit);
+    for (const block of codeBlocks) {
+      if (/@ts-expect-error|@ts-ignore/.test(block)) blockers.push('code: type suppression instead of fixing the type contract');
+      if (/catch\s*\([^)]*\)\s*\{\s*(?:return\s+(?:''|""|null|undefined|\[\]|\{\})|\}\s*$|\/\/[^\n]*$)/m.test(block)) blockers.push('code: silent or empty catch block hides runtime failure');
+      if (/console\.log\(/.test(block) && !/\/\/\s*(?:debug|log)/i.test(block)) warnings.push('code: console.log appears in shipped code without debug intent');
+    }
+  }
+
+  if (domains.includes('ui')) {
+    if (!hasAny(source, [/\b(?:mobile|responsive|breakpoint|small screen|desktop)\b/i])) blockers.push('ui: UI/design output must address desktop and mobile responsiveness');
+    if (!hasAny(source, [/\b(?:accessib|aria-|keyboard|focus|screen reader|semantic html|label)\b/i])) blockers.push('ui: UI/design output must address accessibility, focus, labels, or semantic structure');
+    if (/\b(?:button|input|form|modal|menu|dialog)\b/i.test(source) && !/\b(?:focus|keyboard|aria-|label|escape|tab order)\b/i.test(source)) blockers.push('ui: interactive elements need keyboard/focus/accessibility behavior');
+  }
+
+  if (domains.includes('beauty')) {
+    if (/\b(?:clean|modern|beautiful|polished|nice|sleek)\b/i.test(source) && !hasAny(source, [/\b(?:spacing|typography|contrast|hierarchy|rhythm|composition|palette|motion|density|visual language)\b/i])) blockers.push('beauty: aesthetic claim lacks concrete visual language such as spacing, typography, contrast, hierarchy, palette, or composition');
+  }
+
+  if (domains.includes('security')) {
+    if (/\b(?:token|secret|credential|password|api key|jwt)\b/i.test(source) && !/\b(?:redact|mask|env|secret store|do not log|rotate|least privilege)\b/i.test(source)) blockers.push('security: secrets/tokens require redaction, env/secret-store handling, no logging, or rotation guidance');
+    if (/\b(?:auth|permission|role|admin|tenant)\b/i.test(source) && !/\b(?:authorize|authorization|least privilege|tenant isolation|deny by default|role check)\b/i.test(source)) warnings.push('security: auth/permission output should state authorization and isolation checks');
+  }
+
+  if (domains.includes('ops')) {
+    if (/\b(?:deploy|rollout|release|migration|kubectl|docker push)\b/i.test(source) && !/\b(?:rollback|health|smoke|verify|readiness|observability|monitor)\b/i.test(source)) blockers.push('ops: deploy/release output must include rollback plus health/smoke/readiness verification');
+    if (/\b(?:env var|config|secret)\b/i.test(source) && !/\b(?:scope|owner|runtime|restart|reload|secret)\b/i.test(source)) warnings.push('ops: runtime config changes should name scope and reload/restart expectations');
+  }
+
+  if (domains.includes('product')) {
+    if (!/\b(?:user|customer|operator|admin|persona|workflow|acceptance criteria|success metric|job-to-be-done)\b/i.test(source)) warnings.push('product: product output should bind to a user/workflow and success criterion');
+  }
+
+  if (domains.includes('writing')) {
+    if (/\b(?:done|fixed|verified|published|deployed|passed|complete)\b/i.test(lower) && !/\b(?:verified|observed|passed|evidence|output|registry|status|unverified|not verified)\b/i.test(lower)) blockers.push('writing: completion claim needs observed evidence or explicit unverified boundary');
+    if (/\b(?:should work|probably|presumably|i assume)\b/i.test(source)) blockers.push('writing: uncertainty must be stated as an evidence boundary, not an assumption');
+  }
+
+  return {
+    domains: [...new Set(domains)],
+    blockers: [...new Set(blockers)],
+    warnings: [...new Set(warnings)],
+  };
+}

package/hooks/lib/skill-autoload-gate.mjs

@@ -0,0 +1,14 @@
+import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+const RECEIPT_ROOT = process.env.ARIA_SKILL_RECEIPT_DIR || join(tmpdir(), 'aria-skill-receipts');
+const ALIASES = new Map([['deploy', 'aria-harness-deploy'], ['output', 'aria-harness-output-discipline'], ['repo', 'aria-repo-doctrine'], ['forge', 'aria-forge-guardrails']]);
+const RX = { deploy: /deploy-service\.sh|kubectl\s+(?:apply|set|rollout|delete|scale)|helm\s+upgrade|terraform\s+apply|docker\s+push/i, mutationTool: /^(?:edit|write|notebookedit|patch|apply_patch)$/i, mutation: /apply_patch|write file|edit file|modify|delete file|migration|handler|route|runtime|hook|plugin|\btest\b|smoke script/i, strip: /remove|delete|strip|drop|omit|disable|bypass|skip|stub|mock|fake|placeholder|temporary|quick scaffold|band-aid/i, readiness: /production-ready|ready for production|works in general|general readiness|client packages?|npm packages?|SDKs?|runtimes?|harnesses?|release-ready|ship-ready/i, narrow: /single flow|one flow|narrow e2e|covered flow|specific path|widget flow/i, completion: /done|complete|completed|ready|verified|fixed|shipped|implemented|production-ready/i, badProof: /but|except|caveat|remaining|not yet|still|separate|later|blocked|skipped|unresolved|follow-up|failed|failing|error|red|not run|could not verify|untested|no proof|missing proof|without proof/i, advisory: /non-blocking|warning only|warn only|advisory|fall through|falls through|fail open|soft fail|logged and continue|quality gate warning/i, success: /(?:verified|passed|success|successful|green|ok)\s*[:=\-].{0,120}(?:npm|node|playwright|jest|vitest|build|test|lint|typecheck|curl|kubectl|self-test|e2e|probe|smoke)|(?:npm|node|playwright|jest|vitest|build|test|lint|typecheck|curl|kubectl).{0,120}(?:passed|success|successful|green|exit\s*0)/i, resubmit: /re-?submission|resubmit/i, rewrite: /re-?write|rewrite|fix/i, retest: /re-?test|retest|rerun/i, aria: /ARIA console|Aria console|\/chat|aria-pipeline-mcp|aria_chat|escalat(?:e|ion).{0,80}ARIA/i };
+function normalizeSkillName(skill) { return ALIASES.get(String(skill || '').trim()) || String(skill || '').trim(); }
+function sessionDir(sessionId) { return join(RECEIPT_ROOT, encodeURIComponent(String(sessionId || 'unknown'))); }
+function readReceiptSkills(sessionId) { const dir = sessionDir(sessionId); if (!existsSync(dir)) return new Set(); const skills = new Set(); for (const name of readdirSync(dir)) { if (!name.endsWith('.json')) continue; try { const receipt = JSON.parse(readFileSync(join(dir, name), 'utf8')); if (receipt?.skill) skills.add(normalizeSkillName(receipt.skill)); } catch {} } return skills; }
+function readInlineSkills(text) { const skills = new Set(); const value = String(text || ''); for (const match of value.matchAll(/<skill_content\s+name=["']([^"']+)["']/gi)) skills.add(normalizeSkillName(match[1])); return skills; }
+export function recordSkillLoaded({ sessionId, skill, surface = 'unknown', metadata = {} } = {}) { const normalized = normalizeSkillName(skill); if (!normalized) throw new Error('recordSkillLoaded requires a skill name'); const dir = sessionDir(sessionId); mkdirSync(dir, { recursive: true }); const receipt = { skill: normalized, surface, metadata, recordedAt: new Date().toISOString() }; writeFileSync(join(dir, `${encodeURIComponent(normalized)}.json`), `${JSON.stringify(receipt, null, 2)}\n`); return receipt; }
+export function classifyRequiredSkills({ text = '', action = '', toolName = '', filePath = '', isDeploy = false, isMutation = false, isOutputCloseout = false } = {}) { const combined = [text, action, toolName, filePath].filter(Boolean).join('\n'); const required = new Set(); const reasons = []; const recoveryMissing = []; if (isDeploy || RX.deploy.test(combined)) { required.add('aria-harness-deploy'); required.add('aria-forge-guardrails'); reasons.push('deploy/shared-infrastructure action requires fail-closed deploy and forge guardrails'); } if (isMutation || RX.mutationTool.test(toolName)) { required.add('aria-repo-doctrine'); reasons.push('repository/runtime mutation requires repo doctrine'); } if (RX.strip.test(combined)) { required.add('aria-harness-no-stripping'); reasons.push('strip/remove/bypass language requires no-stripping gate'); } if (isOutputCloseout && RX.completion.test(combined)) { required.add('aria-harness-output-discipline'); reasons.push('owner-facing completion/readiness claim requires output discipline'); if (!RX.success.test(combined)) recoveryMissing.push('successful proof from a concrete command/probe'); } if (RX.readiness.test(combined)) { required.add('architecture-decision'); required.add('testing-strategy'); required.add('aria-forge-guardrails'); required.add('aria-harness-output-discipline'); reasons.push('broad production/package/SDK/runtime readiness claim requires architecture, testing, and forge guardrails'); } if (RX.readiness.test(combined) && RX.narrow.test(combined)) { required.add('testing-strategy'); required.add('aria-forge-guardrails'); reasons.push('narrow e2e proof cannot support broad readiness claim without readiness-matrix discipline'); } if (RX.completion.test(combined) && RX.badProof.test(combined)) { required.add('aria-harness-output-discipline'); required.add('aria-forge-guardrails'); reasons.push('completion claim with unresolved or failed proof requires recovery cycle'); if (!RX.resubmit.test(combined)) recoveryMissing.push('re-submission'); if (!RX.rewrite.test(combined)) recoveryMissing.push('re-write'); if (!RX.retest.test(combined)) recoveryMissing.push('re-test'); if (!RX.aria.test(combined)) recoveryMissing.push('ARIA console escalation'); } if (RX.advisory.test(combined)) { required.add('aria-forge-guardrails'); required.add('aria-harness-output-discipline'); reasons.push('advisory/fail-open gate language requires fail-closed hardening discipline'); } return { requiredSkills: [...required].sort(), reasons, recoveryMissing }; }
+export function evaluateSkillGate(options = {}) { const classified = classifyRequiredSkills(options); const text = [options.text, options.action].filter(Boolean).join('\n'); const loaded = new Set([...readReceiptSkills(options.sessionId), ...readInlineSkills(text)]); const missingSkills = classified.requiredSkills.filter((skill) => !loaded.has(skill)); const recoveryMissing = classified.recoveryMissing || []; return { ok: missingSkills.length === 0 && recoveryMissing.length === 0, surface: options.surface || 'unknown', sessionId: options.sessionId || 'unknown', requiredSkills: classified.requiredSkills, loadedSkills: [...loaded].sort(), missingSkills, recoveryMissing, reasons: classified.reasons, autoLoadAvailable: options.autoLoadAvailable === true }; }
+export function formatSkillGateBlock(result = {}) { const missing = Array.isArray(result.missingSkills) ? result.missingSkills : []; const recovery = Array.isArray(result.recoveryMissing) ? result.recoveryMissing : []; const reasons = Array.isArray(result.reasons) ? result.reasons : []; return ['=== ARIA SKILL AUTOLOAD GATE BLOCK ===', `surface: ${result.surface || 'unknown'}`, `missing_skills: ${missing.length ? missing.join(', ') : '(none)'}`, `missing_recovery_cycle: ${recovery.length ? recovery.join(', ') : '(none)'}`, `required_skills: ${(result.requiredSkills || []).join(', ') || '(none)'}`, reasons.length ? `reasons: ${reasons.join(' | ')}` : 'reasons: no classifier reason recorded', 'counter_action: re-submit, re-write, re-test, and escalate through ARIA console until successful proof exists. Do not downgrade this to an advisory warning.'].join('\n'); }

package/opencode-plugins/harness-context/index.js

@@ -2,7 +2,7 @@
  * Aria Harness Context Plugin for OpenCode.
  *
  * Injects the live harness packet into OpenCode's system prompt on every
- * session start. Routes through the canonical @aria/harness-http-client SDK
+ * session start. Routes through the canonical @aria_asi/harness-http-client SDK
  * via the inject-context.mjs script that ships alongside this plugin.
  *
  * Distribution: this dir is installed by `aria connect` (via connectors/

package/opencode-plugins/harness-gate/index.js

@@ -3,8 +3,11 @@
  * Routes through HTTPHarnessClient SDK for substrate-backed validation.
  */
 import { existsSync, readFileSync, mkdirSync, writeFileSync } from 'node:fs';
+import { createHash } from 'node:crypto';
+import { spawnSync } from 'node:child_process';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
+import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.js';
 
 const HOME = homedir();
 const SDK_CANDIDATES = [
@@ -14,6 +17,7 @@ const SDK_CANDIDATES = [
 ];
 const OWNER_TOKEN_PATH = join(HOME, '.aria', 'owner-token');
 const LICENSE_PATH = join(HOME, '.aria', 'license.json');
+const GOVERNANCE_GATE_PATH = join(HOME, '.aria', 'bin', 'aria-governance-gate');
 const RUNTIME_URL = (process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319').replace(/\/+$/, '');
 const RECEIPT_DIR = join(HOME, '.opencode', 'aria-mizan-receipts');
 
@@ -70,6 +74,19 @@ function persistReceipt(sessionId, payload) {
   } catch {}
 }
 
+function makeEvidenceRef(kind, value, metadata = {}) {
+  const raw = typeof value === 'string' ? value : JSON.stringify(value ?? null);
+  const sha256 = createHash('sha256').update(raw).digest('hex');
+  return {
+    evidenceId: `ev_${sha256.slice(0, 16)}`,
+    kind,
+    at: new Date().toISOString(),
+    sha256,
+    preview: raw.slice(0, 500),
+    metadata,
+  };
+}
+
 function countInlineCognitionLenses(text) {
   const seen = new Set();
   for (const match of String(text || '').matchAll(INLINE_LENS_RX)) {
@@ -79,6 +96,25 @@ function countInlineCognitionLenses(text) {
   return seen.size;
 }
 
+function runUniversalGovernanceGate(payload) {
+  if (!existsSync(GOVERNANCE_GATE_PATH)) return null;
+  const child = spawnSync(GOVERNANCE_GATE_PATH, {
+    input: `${JSON.stringify(payload)}\n`,
+    encoding: 'utf8',
+    maxBuffer: 1024 * 1024,
+  });
+  const stdout = String(child.stdout || '').trim();
+  let result = null;
+  try { result = stdout ? JSON.parse(stdout) : null; } catch {}
+  if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
+    throw new Error(
+      `=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===\n\n` +
+      `${stdout || child.stderr || 'aria-governance-gate blocked this action.'}`
+    );
+  }
+  return result;
+}
+
 function resolveToken() {
   if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
   if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
@@ -127,7 +163,7 @@ async function getClient() {
   return _client;
 }
 
-async function runtimeCheckAction(action, target) {
+async function runtimeCheckAction(action, target, metadata = {}) {
   const token = resolveToken();
   if (!token) throw new Error('no token');
   const response = await fetch(`${RUNTIME_URL}/check-action`, {
@@ -136,7 +172,7 @@ async function runtimeCheckAction(action, target) {
       'Content-Type': 'application/json',
       Authorization: `Bearer ${token}`,
     },
-    body: JSON.stringify({ action, target }),
+    body: JSON.stringify({ action, target, ...metadata }),
   });
   if (!response.ok) {
     const body = await response.text().catch(() => response.statusText);
@@ -169,28 +205,66 @@ export default async function HarnessGatePlugin(ctx) {
 
   return {
     'tool.execute.before': async (input, output) => {
-      const toolName = input.tool;
+      const args = output?.args ?? input.args ?? {};
+      const rawToolName = String(input.tool || input.name || input.type || '');
+      const normalizedToolName = rawToolName.toLowerCase();
+      const toolName = normalizedToolName.includes('bash') ? 'Bash'
+        : normalizedToolName.includes('edit') ? 'Edit'
+          : normalizedToolName.includes('write') ? 'Write'
+            : rawToolName;
       if (!['Bash', 'Edit', 'Write', 'NotebookEdit'].includes(toolName)) return;
 
-      const cmd = toolName === 'Bash' ? String(input.args?.command ?? '') : '';
-      const filePath = toolName !== 'Bash' ? String(input.args?.file_path ?? input.args?.notebook_path ?? '') : '';
+      const cmd = toolName === 'Bash' ? String(args?.command ?? '') : '';
+      const filePath = toolName !== 'Bash' ? String(args?.file_path ?? args?.filePath ?? args?.notebook_path ?? args?.notebookPath ?? '') : '';
       const cmdPreview = toolName === 'Bash' ? cmd.slice(0, 80) : `${toolName} ${filePath || '(no path)'}`.slice(0, 80);
 
-      // Trivial reads pass
-      if (toolName === 'Bash' && TRIVIAL_BASH_RX.test(cmd) && cmd.length < 200) return;
-      if (toolName === 'Bash' && cmd.length < SHORT_BASH_LIMIT) return;
       const destructive = DESTRUCTIVE_PATTERNS.find(({ rx }) => rx.test(cmd));
       const deploy = DEPLOY_PATTERNS.find(({ rx }) => rx.test(cmd));
       const isFileMutation = ['Edit', 'Write', 'NotebookEdit'].includes(toolName) && filePath;
 
+      // Trivial reads pass only after high-risk patterns are classified.
+      if (!destructive && !deploy && toolName === 'Bash' && TRIVIAL_BASH_RX.test(cmd) && cmd.length < 200) return;
+      if (!destructive && !deploy && toolName === 'Bash' && cmd.length < SHORT_BASH_LIMIT) return;
+
       if (!destructive && !deploy && !isFileMutation) return;
 
       // Try SDK checkAction() first — substrate-backed validation
       const client = await getClient();
-      const sessionId = process.env.ARIA_SESSION_ID || 'opencode';
+      const sessionId = input.sessionID || process.env.ARIA_SESSION_ID || process.env.OPENCODE_SESSION_ID || 'opencode';
       const label = destructive?.name || deploy?.name || `${toolName}:${filePath?.split('/').pop() || ''}`;
       const action = toolName === 'Bash' ? 'bash' : 'edit';
       const target = toolName === 'Bash' ? cmd.slice(0, 200) : filePath.slice(0, 200);
+      const actionRef = makeEvidenceRef('opencode_tool_request', { toolName, action, target }, { sessionId, label });
+      runUniversalGovernanceGate({
+        sessionId,
+        sourceRuntime: 'opencode',
+        surface: 'opencode-harness-gate',
+        text: JSON.stringify({ toolName, action, target, args }).slice(0, 8000),
+        action: cmd,
+        toolName,
+        filePath,
+        isDeploy: Boolean(deploy),
+        isMutation: Boolean(isFileMutation),
+        evidence: actionRef,
+      });
+      const skillGate = evaluateSkillGate({
+        sessionId,
+        surface: 'opencode-harness-gate',
+        text: JSON.stringify(input || {}),
+        action: cmd,
+        toolName,
+        filePath,
+        isDeploy: Boolean(deploy),
+        isMutation: Boolean(isFileMutation),
+        autoLoadAvailable: false,
+      });
+      if (!skillGate.ok) {
+        throw new Error(
+          `=== ARIA SKILL AUTOLOAD GATE: ${label} ===\n\n` +
+          `${formatSkillGateBlock(skillGate)}\n\n` +
+          `Required next step: call the skill loader for ${skillGate.missingSkills.join(', ')} before retrying this tool.`
+        );
+      }
       const rationale =
         destructive ? `High-risk action ${label} requested in OpenCode and must satisfy Mizan truth, protection, and quality before execution.`
           : deploy ? `Deployment action ${label} requested in OpenCode and must satisfy Mizan survivability before execution.`
@@ -201,10 +275,21 @@ export default async function HarnessGatePlugin(ctx) {
           sessionId,
           context: {
             sessionId,
+            actor: 'opencode',
+            system: 'opencode',
+            platform: 'opencode',
+            surface: 'opencode-harness-gate',
             message: cmdPreview,
             intendedAction: target || cmdPreview,
             rationale,
           },
+          packetRequest: {
+            stage: 'preflight',
+            actor: 'opencode',
+            system: 'opencode',
+            platform: 'opencode',
+            message: cmdPreview,
+          },
         });
         _lastMizanReceipt = pre.receipt || null;
         if (_lastMizanReceipt) {
@@ -215,6 +300,7 @@ export default async function HarnessGatePlugin(ctx) {
             preResult: pre.result || null,
             preContract: pre.contract || null,
             preSummary: pre.summary || null,
+            actionRef,
           });
         }
         _lastActionSummary = cmdPreview;
@@ -247,8 +333,25 @@ export default async function HarnessGatePlugin(ctx) {
 
       if (client) {
         try {
-          const check = await runtimeCheckAction(action, target).catch(() => client.checkAction(action, target));
+          const check = await runtimeCheckAction(action, target, {
+            sessionId,
+            actor: 'opencode',
+            roleProfile: process.env.OPENCODE_ARIA_ROLE_PROFILE || process.env.ARIA_ROLE_PROFILE || null,
+            files: filePath ? [filePath] : [],
+            requireVerify: Boolean(destructive || deploy),
+            verifyText: String(args?.verifyText || args?.verifyBlock || args?.verify || ''),
+          }).catch(() => client.checkAction(action, target));
           if (!check.allowed) {
+            if (check.queued) {
+              throw new Error(
+                `=== ARIA TOOL LANE QUEUED: ${label} ===\n\n` +
+                `Immediate execution paused; action was queued instead of failed.\n` +
+                `Reason: ${check.reason || 'tool lane contention'}\n` +
+                `Job: ${check.queue?.jobId || 'unknown'} (${check.queue?.status || 'queued'})\n` +
+                `Queue depth: ${check.queue?.queueDepth ?? 'unknown'}\n\n` +
+                `Recovery: retry after overlapping Hive lease expires, or let the tool-lane worker claim the queued job.`
+              );
+            }
             throw new Error(
               `=== ARIA SD GATE: ${label} ===\n\n` +
               `Blocked by substrate gate: ${check.reason || 'no reason provided'}\n` +
@@ -258,6 +361,7 @@ export default async function HarnessGatePlugin(ctx) {
           }
           return;
         } catch (e) {
+          if (e.message.startsWith('=== ARIA TOOL LANE QUEUED')) throw e;
           if (e.message.startsWith('=== ARIA SD GATE')) throw e;
           // SDK unreachable — fall through to local gate below
           process.stderr.write(`[harness-gate] SDK checkAction failed: ${e.message} — falling through to local gate\n`);