@aria_asi/cli 0.2.33 → 0.2.34

package/dist/runtime/hooks/lib/canonical-lenses.mjs

@@ -0,0 +1,65 @@
+export const LENS_NAMES_OLDER = ['nur', 'mizan', 'hikma', 'tafakkur', 'tadabbur', 'ilham', 'wahi', 'firasah'];
+export const LENS_NAMES_NEWER = ['zahir', 'batin', 'sabab', 'hikmah', 'aqibah', 'ilham', 'meta', 'fitrah'];
+
+export const PRIMARY_OWNER_LENS_NAMES = LENS_NAMES_OLDER;
+// Readability must not rewrite the lens semantics. Client surfaces may need
+// friendlier prose inside each lens, but the visible lens labels themselves
+// stay canonical so the meaning is preserved.
+export const PRIMARY_CLIENT_LENS_NAMES = LENS_NAMES_OLDER;
+
+export const ALL_LENS_NAMES = [...new Set([
+  ...LENS_NAMES_OLDER,
+  ...LENS_NAMES_NEWER,
+])];
+
+export function lensNamesForTier(isOwner) {
+  return isOwner ? PRIMARY_OWNER_LENS_NAMES : PRIMARY_CLIENT_LENS_NAMES;
+}
+
+export function canonicalLensCorrectionText() {
+  return [
+    `Owner canonical lenses: ${LENS_NAMES_OLDER.join(', ')}.`,
+    `Owner mapped counterparts that must remain represented in phase reasoning and receipts: ${LENS_NAMES_NEWER.join(', ')}.`,
+    `Canonical lens labels are preserved on every surface. Readability comes from the explanatory prose inside each lens, never from renaming the lens itself.`,
+  ].join(' ');
+}
+
+export function extractLensTexts(cognitionInner, lensNames = ALL_LENS_NAMES) {
+  const out = {};
+  for (const lens of lensNames) {
+    const otherLensPattern = lensNames.join('|');
+    const lensRx = new RegExp(
+      `\\b${lens}\\s*:\\s*([^\\n]*(?:\\n(?!\\s*(?:${otherLensPattern})\\s*:|<\\/cognition>)[^\\n]*)*)`,
+      'i',
+    );
+    const match = cognitionInner.match(lensRx);
+    if (match) out[lens] = (match[1] || '').trim();
+  }
+  return out;
+}
+
+export function detectCognitionLenses(text, {
+  minChars = 0,
+  placeholderRx = null,
+  cognitionBlockRx = /<cognition>([\s\S]*?)<\/cognition>/i,
+  lensNames = ALL_LENS_NAMES,
+} = {}) {
+  if (!text) return { count: 0, names: [], matchedSet: null };
+  const block = text.match(cognitionBlockRx);
+  const searchSpace = block ? block[1] : text;
+  const lensTexts = extractLensTexts(searchSpace, lensNames);
+  const names = [];
+  for (const lens of lensNames) {
+    const content = (lensTexts[lens] || '').trim();
+    if (!content) continue;
+    if (minChars > 0 && content.length < minChars) continue;
+    if (placeholderRx && placeholderRx.test(content)) continue;
+    names.push(lens);
+  }
+
+  const matchedSet =
+    [LENS_NAMES_OLDER, LENS_NAMES_NEWER]
+      .find((candidateSet) => candidateSet.every((name) => names.includes(name))) || null;
+
+  return { count: names.length, names, matchedSet };
+}

package/dist/runtime/hooks/lib/domain-output-quality.mjs

@@ -0,0 +1,103 @@
+// Domain-aware output QA for Aria stop gates.
+// Deterministic local checks complement remote Mizan; they do not replace it.
+
+const DOMAIN_RULES = [
+  {
+    domain: 'code',
+    signal: /```|\b(?:function|class|interface|type|import|export|npm test|typecheck|eslint|jest|vitest|tsx?|jsx?|\.ts|\.tsx|\.js|\.py)\b/i,
+  },
+  {
+    domain: 'ui',
+    signal: /\b(?:ui|ux|frontend|react|component|page|screen|modal|form|button|layout|tailwind|css|html|mobile|responsive|accessib|aria-label|keyboard|focus state|dark mode)\b/i,
+  },
+  {
+    domain: 'beauty',
+    signal: /\b(?:beauty|beautiful|polish|visual|aesthetic|elegant|layout|typography|spacing|hierarchy|composition|brand|design language|modern|clean)\b/i,
+  },
+  {
+    domain: 'security',
+    signal: /\b(?:security|auth|token|secret|credential|password|jwt|oauth|csrf|xss|sql injection|permission|role|cors|sanitize|encrypt|webhook signature)\b/i,
+  },
+  {
+    domain: 'ops',
+    signal: /\b(?:deploy|rollout|rollback|kubernetes|kubectl|docker|image|pod|health check|slo|alert|log|metric|trace|env var|migration|release)\b/i,
+  },
+  {
+    domain: 'product',
+    signal: /\b(?:user flow|customer|workflow|conversion|pricing|onboarding|checkout|activation|retention|business|persona|job-to-be-done|acceptance criteria)\b/i,
+  },
+  {
+    domain: 'writing',
+    signal: /\b(?:summary|explain|docs|readme|copy|email|post|article|message|final answer|status report|release notes)\b/i,
+  },
+];
+
+function hasAny(text, patterns) {
+  return patterns.some((pattern) => pattern.test(text));
+}
+
+function lineHits(text, rx, label) {
+  const hits = [];
+  const lines = String(text || '').split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    if (rx.test(lines[i])) hits.push(`${label} at line ${i + 1}`);
+  }
+  return hits;
+}
+
+export function extractCodeBlocks(text) {
+  return [...String(text || '').matchAll(/```[a-z0-9_-]*\n([\s\S]*?)```/gi)].map((m) => m[1] || '');
+}
+
+export function analyzeDomainOutputQuality(text, options = {}) {
+  const source = String(text || '');
+  const lower = source.toLowerCase();
+  const codeBlocks = options.codeBlocks || extractCodeBlocks(source);
+  const domains = DOMAIN_RULES.filter((rule) => rule.signal.test(source)).map((rule) => rule.domain);
+  const blockers = [];
+  const warnings = [];
+
+  if (domains.includes('code')) {
+    for (const hit of lineHits(source, /\b(?:TODO|FIXME|XXX|implementation pending|not implemented|coming soon|placeholder)\b/i, 'code placeholder semantics')) blockers.push(hit);
+    for (const block of codeBlocks) {
+      if (/@ts-expect-error|@ts-ignore/.test(block)) blockers.push('code: type suppression instead of fixing the type contract');
+      if (/catch\s*\([^)]*\)\s*\{\s*(?:return\s+(?:''|""|null|undefined|\[\]|\{\})|\}\s*$|\/\/[^\n]*$)/m.test(block)) blockers.push('code: silent or empty catch block hides runtime failure');
+      if (/console\.log\(/.test(block) && !/\/\/\s*(?:debug|log)/i.test(block)) warnings.push('code: console.log appears in shipped code without debug intent');
+    }
+  }
+
+  if (domains.includes('ui')) {
+    if (!hasAny(source, [/\b(?:mobile|responsive|breakpoint|small screen|desktop)\b/i])) blockers.push('ui: UI/design output must address desktop and mobile responsiveness');
+    if (!hasAny(source, [/\b(?:accessib|aria-|keyboard|focus|screen reader|semantic html|label)\b/i])) blockers.push('ui: UI/design output must address accessibility, focus, labels, or semantic structure');
+    if (/\b(?:button|input|form|modal|menu|dialog)\b/i.test(source) && !/\b(?:focus|keyboard|aria-|label|escape|tab order)\b/i.test(source)) blockers.push('ui: interactive elements need keyboard/focus/accessibility behavior');
+  }
+
+  if (domains.includes('beauty')) {
+    if (/\b(?:clean|modern|beautiful|polished|nice|sleek)\b/i.test(source) && !hasAny(source, [/\b(?:spacing|typography|contrast|hierarchy|rhythm|composition|palette|motion|density|visual language)\b/i])) blockers.push('beauty: aesthetic claim lacks concrete visual language such as spacing, typography, contrast, hierarchy, palette, or composition');
+  }
+
+  if (domains.includes('security')) {
+    if (/\b(?:token|secret|credential|password|api key|jwt)\b/i.test(source) && !/\b(?:redact|mask|env|secret store|do not log|rotate|least privilege)\b/i.test(source)) blockers.push('security: secrets/tokens require redaction, env/secret-store handling, no logging, or rotation guidance');
+    if (/\b(?:auth|permission|role|admin|tenant)\b/i.test(source) && !/\b(?:authorize|authorization|least privilege|tenant isolation|deny by default|role check)\b/i.test(source)) warnings.push('security: auth/permission output should state authorization and isolation checks');
+  }
+
+  if (domains.includes('ops')) {
+    if (/\b(?:deploy|rollout|release|migration|kubectl|docker push)\b/i.test(source) && !/\b(?:rollback|health|smoke|verify|readiness|observability|monitor)\b/i.test(source)) blockers.push('ops: deploy/release output must include rollback plus health/smoke/readiness verification');
+    if (/\b(?:env var|config|secret)\b/i.test(source) && !/\b(?:scope|owner|runtime|restart|reload|secret)\b/i.test(source)) warnings.push('ops: runtime config changes should name scope and reload/restart expectations');
+  }
+
+  if (domains.includes('product')) {
+    if (!/\b(?:user|customer|operator|admin|persona|workflow|acceptance criteria|success metric|job-to-be-done)\b/i.test(source)) warnings.push('product: product output should bind to a user/workflow and success criterion');
+  }
+
+  if (domains.includes('writing')) {
+    if (/\b(?:done|fixed|verified|published|deployed|passed|complete)\b/i.test(lower) && !/\b(?:verified|observed|passed|evidence|output|registry|status|unverified|not verified)\b/i.test(lower)) blockers.push('writing: completion claim needs observed evidence or explicit unverified boundary');
+    if (/\b(?:should work|probably|presumably|i assume)\b/i.test(source)) blockers.push('writing: uncertainty must be stated as an evidence boundary, not an assumption');
+  }
+
+  return {
+    domains: [...new Set(domains)],
+    blockers: [...new Set(blockers)],
+    warnings: [...new Set(warnings)],
+  };
+}

package/dist/runtime/hooks/lib/gate-audit.mjs

@@ -0,0 +1,43 @@
+import { appendFileSync, existsSync, mkdirSync } from 'node:fs';
+import { dirname } from 'node:path';
+
+export function inferDecisionFromEvent(event) {
+  if (/^block/i.test(event)) return 'block';
+  if (/^warn/i.test(event)) return 'warn';
+  return 'allow';
+}
+
+export function appendGateAudit({
+  auditPath,
+  legacyLogPath = null,
+  gate,
+  event,
+  decision = null,
+  summary = '',
+  data = {},
+}) {
+  const ts = new Date().toISOString();
+  const resolvedDecision = decision || inferDecisionFromEvent(event);
+
+  try {
+    if (!existsSync(dirname(auditPath))) mkdirSync(dirname(auditPath), { recursive: true });
+    appendFileSync(
+      auditPath,
+      JSON.stringify({
+        ts,
+        gate,
+        decision: resolvedDecision,
+        event,
+        summary,
+        ...data,
+      }) + '\n',
+    );
+  } catch {}
+
+  if (legacyLogPath) {
+    try {
+      if (!existsSync(dirname(legacyLogPath))) mkdirSync(dirname(legacyLogPath), { recursive: true });
+      appendFileSync(legacyLogPath, `${ts} ${event} ${summary}\n`);
+    } catch {}
+  }
+}

package/dist/runtime/hooks/lib/gate-loop-state.mjs

@@ -0,0 +1,50 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname } from 'node:path';
+
+const MAX_RECORDS = 300;
+
+export function registerGateBlock({
+  gate,
+  sessionId,
+  signature,
+  statePath,
+  threshold = 2,
+  windowMs = 10 * 60 * 1000,
+}) {
+  const now = Date.now();
+  let rows = [];
+  try {
+    if (existsSync(statePath)) {
+      const raw = JSON.parse(readFileSync(statePath, 'utf8'));
+      if (Array.isArray(raw)) rows = raw;
+    }
+  } catch {}
+
+  const freshRows = rows.filter((row) =>
+    row &&
+    typeof row.ts === 'number' &&
+    typeof row.sessionId === 'string' &&
+    typeof row.gate === 'string' &&
+    typeof row.signature === 'string' &&
+    (now - row.ts) <= windowMs,
+  );
+
+  const priorMatches = freshRows.filter((row) =>
+    row.sessionId === sessionId &&
+    row.gate === gate &&
+    row.signature === signature,
+  );
+
+  freshRows.push({ ts: now, sessionId, gate, signature });
+
+  try {
+    mkdirSync(dirname(statePath), { recursive: true });
+    writeFileSync(statePath, JSON.stringify(freshRows.slice(-MAX_RECORDS), null, 2) + '\n');
+  } catch {}
+
+  return {
+    loopDetected: priorMatches.length >= threshold,
+    priorCount: priorMatches.length,
+    totalCount: priorMatches.length + 1,
+  };
+}

package/dist/runtime/hooks/lib/hook-message-window.mjs

@@ -0,0 +1,121 @@
+function withGlobalRegex(regex) {
+  if (!(regex instanceof RegExp)) return null;
+  const flags = regex.flags.includes('g') ? regex.flags : `${regex.flags}g`;
+  return new RegExp(regex.source, flags);
+}
+
+export function normalizeRole(entry) {
+  if (entry?.message?.role) return entry.message.role;
+  if (entry?.role) return entry.role;
+  if (entry?.type === 'assistant' || entry?.type === 'user') return entry.type;
+  return null;
+}
+
+export function normalizeContent(entry) {
+  return entry?.message?.content ?? entry?.content ?? [];
+}
+
+export function extractTextFromContent(content) {
+  if (Array.isArray(content)) {
+    return content
+      .filter((block) => block && block.type === 'text')
+      .map((block) => (typeof block.text === 'string' ? block.text : ''))
+      .filter(Boolean)
+      .join('\n');
+  }
+  return typeof content === 'string' ? content : '';
+}
+
+export function isToolResultOnlyContent(content) {
+  return (
+    Array.isArray(content) &&
+    content.length > 0 &&
+    content.every((block) => block && block.type === 'tool_result')
+  );
+}
+
+export function isMostlySystemReminder(text, systemReminderRx, threshold = 0.6) {
+  if (!text || !(systemReminderRx instanceof RegExp)) return false;
+  const reminderRx = withGlobalRegex(systemReminderRx);
+  if (!reminderRx) return false;
+  const matches = text.match(reminderRx) || [];
+  if (matches.length === 0) return false;
+  const reminderChars = matches.reduce((sum, match) => sum + match.length, 0);
+  return reminderChars / Math.max(1, text.length) >= threshold;
+}
+
+export function collectRecentAssistantTextsFromMessages(messages, {
+  compactSummaryRx = null,
+  hardLookbackCap = 50,
+  systemReminderRx = null,
+  systemReminderThreshold = 0.6,
+  userBoundariesToCross = 1,
+} = {}) {
+  if (!Array.isArray(messages) || messages.length === 0) return [];
+  const recentAssistantTexts = [];
+  let scanned = 0;
+  let userBoundariesCrossed = 0;
+
+  for (let i = messages.length - 1; i >= 0 && scanned < hardLookbackCap; i--) {
+    const entry = messages[i];
+    const role = normalizeRole(entry);
+    const content = normalizeContent(entry);
+    if (role === 'user') {
+      if (isToolResultOnlyContent(content)) continue;
+      const textContent = extractTextFromContent(content);
+      if (isMostlySystemReminder(textContent, systemReminderRx, systemReminderThreshold)) {
+        continue;
+      }
+      userBoundariesCrossed++;
+      if (userBoundariesCrossed > userBoundariesToCross) break;
+      continue;
+    }
+    if (role !== 'assistant') continue;
+    scanned++;
+    const text = extractTextFromContent(content);
+    if (!text) continue;
+    if (compactSummaryRx instanceof RegExp && compactSummaryRx.test(text) && text.length > 4000) {
+      continue;
+    }
+    recentAssistantTexts.push(text);
+  }
+
+  return recentAssistantTexts.reverse();
+}
+
+export function collectTurnWindowFromMessages(messages, {
+  systemReminderRx = null,
+  systemReminderThreshold = 0.6,
+} = {}) {
+  if (!Array.isArray(messages) || messages.length === 0) {
+    return { assistantText: '', lastUserMessage: '' };
+  }
+
+  const textChunks = [];
+  let lastUserMessage = '';
+
+  for (let i = messages.length - 1; i >= 0; i--) {
+    const entry = messages[i];
+    const role = normalizeRole(entry);
+    const content = normalizeContent(entry);
+
+    if (role === 'user') {
+      if (isToolResultOnlyContent(content)) continue;
+      const textContent = extractTextFromContent(content);
+      if (isMostlySystemReminder(textContent, systemReminderRx, systemReminderThreshold)) {
+        continue;
+      }
+      lastUserMessage = textContent || lastUserMessage;
+      break;
+    }
+
+    if (role !== 'assistant') continue;
+    const text = extractTextFromContent(content);
+    if (text) textChunks.push(text);
+  }
+
+  return {
+    assistantText: textChunks.reverse().join('\n\n'),
+    lastUserMessage,
+  };
+}

package/dist/runtime/hooks/lib/skill-autoload-gate.mjs

@@ -0,0 +1,14 @@
+import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+const RECEIPT_ROOT = process.env.ARIA_SKILL_RECEIPT_DIR || join(tmpdir(), 'aria-skill-receipts');
+const ALIASES = new Map([['deploy', 'aria-harness-deploy'], ['output', 'aria-harness-output-discipline'], ['repo', 'aria-repo-doctrine'], ['forge', 'aria-forge-guardrails']]);
+const RX = { deploy: /deploy-service\.sh|kubectl\s+(?:apply|set|rollout|delete|scale)|helm\s+upgrade|terraform\s+apply|docker\s+push/i, mutationTool: /^(?:edit|write|notebookedit|patch|apply_patch)$/i, mutation: /apply_patch|write file|edit file|modify|delete file|migration|handler|route|runtime|hook|plugin|\btest\b|smoke script/i, strip: /remove|delete|strip|drop|omit|disable|bypass|skip|stub|mock|fake|placeholder|temporary|quick scaffold|band-aid/i, readiness: /production-ready|ready for production|works in general|general readiness|client packages?|npm packages?|SDKs?|runtimes?|harnesses?|release-ready|ship-ready/i, narrow: /single flow|one flow|narrow e2e|covered flow|specific path|widget flow/i, completion: /done|complete|completed|ready|verified|fixed|shipped|implemented|production-ready/i, badProof: /but|except|caveat|remaining|not yet|still|separate|later|blocked|skipped|unresolved|follow-up|failed|failing|error|red|not run|could not verify|untested|no proof|missing proof|without proof/i, advisory: /non-blocking|warning only|warn only|advisory|fall through|falls through|fail open|soft fail|logged and continue|quality gate warning/i, success: /(?:verified|passed|success|successful|green|ok)\s*[:=\-].{0,120}(?:npm|node|playwright|jest|vitest|build|test|lint|typecheck|curl|kubectl|self-test|e2e|probe|smoke)|(?:npm|node|playwright|jest|vitest|build|test|lint|typecheck|curl|kubectl).{0,120}(?:passed|success|successful|green|exit\s*0)/i, resubmit: /re-?submission|resubmit/i, rewrite: /re-?write|rewrite|fix/i, retest: /re-?test|retest|rerun/i, aria: /ARIA console|Aria console|\/chat|aria-pipeline-mcp|aria_chat|escalat(?:e|ion).{0,80}ARIA/i };
+function normalizeSkillName(skill) { return ALIASES.get(String(skill || '').trim()) || String(skill || '').trim(); }
+function sessionDir(sessionId) { return join(RECEIPT_ROOT, encodeURIComponent(String(sessionId || 'unknown'))); }
+function readReceiptSkills(sessionId) { const dir = sessionDir(sessionId); if (!existsSync(dir)) return new Set(); const skills = new Set(); for (const name of readdirSync(dir)) { if (!name.endsWith('.json')) continue; try { const receipt = JSON.parse(readFileSync(join(dir, name), 'utf8')); if (receipt?.skill) skills.add(normalizeSkillName(receipt.skill)); } catch {} } return skills; }
+function readInlineSkills(text) { const skills = new Set(); const value = String(text || ''); for (const match of value.matchAll(/<skill_content\s+name=["']([^"']+)["']/gi)) skills.add(normalizeSkillName(match[1])); return skills; }
+export function recordSkillLoaded({ sessionId, skill, surface = 'unknown', metadata = {} } = {}) { const normalized = normalizeSkillName(skill); if (!normalized) throw new Error('recordSkillLoaded requires a skill name'); const dir = sessionDir(sessionId); mkdirSync(dir, { recursive: true }); const receipt = { skill: normalized, surface, metadata, recordedAt: new Date().toISOString() }; writeFileSync(join(dir, `${encodeURIComponent(normalized)}.json`), `${JSON.stringify(receipt, null, 2)}\n`); return receipt; }
+export function classifyRequiredSkills({ text = '', action = '', toolName = '', filePath = '', isDeploy = false, isMutation = false, isOutputCloseout = false } = {}) { const combined = [text, action, toolName, filePath].filter(Boolean).join('\n'); const required = new Set(); const reasons = []; const recoveryMissing = []; if (isDeploy || RX.deploy.test(combined)) { required.add('aria-harness-deploy'); required.add('aria-forge-guardrails'); reasons.push('deploy/shared-infrastructure action requires fail-closed deploy and forge guardrails'); } if (isMutation || RX.mutationTool.test(toolName)) { required.add('aria-repo-doctrine'); reasons.push('repository/runtime mutation requires repo doctrine'); } if (RX.strip.test(combined)) { required.add('aria-harness-no-stripping'); reasons.push('strip/remove/bypass language requires no-stripping gate'); } if (isOutputCloseout && RX.completion.test(combined)) { required.add('aria-harness-output-discipline'); reasons.push('owner-facing completion/readiness claim requires output discipline'); if (!RX.success.test(combined)) recoveryMissing.push('successful proof from a concrete command/probe'); } if (RX.readiness.test(combined)) { required.add('architecture-decision'); required.add('testing-strategy'); required.add('aria-forge-guardrails'); required.add('aria-harness-output-discipline'); reasons.push('broad production/package/SDK/runtime readiness claim requires architecture, testing, and forge guardrails'); } if (RX.readiness.test(combined) && RX.narrow.test(combined)) { required.add('testing-strategy'); required.add('aria-forge-guardrails'); reasons.push('narrow e2e proof cannot support broad readiness claim without readiness-matrix discipline'); } if (RX.completion.test(combined) && RX.badProof.test(combined)) { required.add('aria-harness-output-discipline'); required.add('aria-forge-guardrails'); reasons.push('completion claim with unresolved or failed proof requires recovery cycle'); if (!RX.resubmit.test(combined)) recoveryMissing.push('re-submission'); if (!RX.rewrite.test(combined)) recoveryMissing.push('re-write'); if (!RX.retest.test(combined)) recoveryMissing.push('re-test'); if (!RX.aria.test(combined)) recoveryMissing.push('ARIA console escalation'); } if (RX.advisory.test(combined)) { required.add('aria-forge-guardrails'); required.add('aria-harness-output-discipline'); reasons.push('advisory/fail-open gate language requires fail-closed hardening discipline'); } return { requiredSkills: [...required].sort(), reasons, recoveryMissing }; }
+export function evaluateSkillGate(options = {}) { const classified = classifyRequiredSkills(options); const text = [options.text, options.action].filter(Boolean).join('\n'); const loaded = new Set([...readReceiptSkills(options.sessionId), ...readInlineSkills(text)]); const missingSkills = classified.requiredSkills.filter((skill) => !loaded.has(skill)); const recoveryMissing = classified.recoveryMissing || []; return { ok: missingSkills.length === 0 && recoveryMissing.length === 0, surface: options.surface || 'unknown', sessionId: options.sessionId || 'unknown', requiredSkills: classified.requiredSkills, loadedSkills: [...loaded].sort(), missingSkills, recoveryMissing, reasons: classified.reasons, autoLoadAvailable: options.autoLoadAvailable === true }; }
+export function formatSkillGateBlock(result = {}) { const missing = Array.isArray(result.missingSkills) ? result.missingSkills : []; const recovery = Array.isArray(result.recoveryMissing) ? result.recoveryMissing : []; const reasons = Array.isArray(result.reasons) ? result.reasons : []; return ['=== ARIA SKILL AUTOLOAD GATE BLOCK ===', `surface: ${result.surface || 'unknown'}`, `missing_skills: ${missing.length ? missing.join(', ') : '(none)'}`, `missing_recovery_cycle: ${recovery.length ? recovery.join(', ') : '(none)'}`, `required_skills: ${(result.requiredSkills || []).join(', ') || '(none)'}`, reasons.length ? `reasons: ${reasons.join(' | ')}` : 'reasons: no classifier reason recorded', 'counter_action: re-submit, re-write, re-test, and escalate through ARIA console until successful proof exists. Do not downgrade this to an advisory warning.'].join('\n'); }

package/dist/runtime/hooks/test-aria-preturn-memory-gate.mjs

@@ -0,0 +1,245 @@
+#!/usr/bin/env node
+// Test: aria-preturn-memory-gate.mjs — Enforcement Layer #49
+//
+// Runs the hook as a child process with simulated stdin events.
+// Asserts correct output shape for both the block and allow paths.
+//
+// Usage:  node hooks/test-aria-preturn-memory-gate.mjs
+// Exit code: 0 = all assertions passed, 1 = failure
+
+import { spawnSync, execSync } from 'node:child_process';
+import { writeFileSync, mkdirSync, existsSync, unlinkSync, readFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const HERE = path.dirname(fileURLToPath(import.meta.url));
+const HOOK = path.join(HERE, 'aria-preturn-memory-gate.mjs');
+const HOME = process.env.HOME || '/tmp';
+const CLAUDE_DIR = `${HOME}/.claude`;
+const SESSION_ID = `test-preturn-${Date.now()}`;
+
+// ── Helpers ────────────────────────────────────────────────────────────
+
+let passed = 0;
+let failed = 0;
+
+function assert(label, condition, actual) {
+  if (condition) {
+    console.log(`  PASS  ${label}`);
+    passed++;
+  } else {
+    console.error(`  FAIL  ${label}`);
+    if (actual !== undefined) console.error(`        got: ${JSON.stringify(actual)}`);
+    failed++;
+  }
+}
+
+function turnStatePath(sid) {
+  const safe = String(sid).replace(/[^a-zA-Z0-9_-]/g, '_');
+  return `${CLAUDE_DIR}/aria-turn-state-${safe}.json`;
+}
+
+function cleanTurnState(sid) {
+  const p = turnStatePath(sid);
+  if (existsSync(p)) unlinkSync(p);
+}
+
+function buildEvent(overrides = {}) {
+  return {
+    tool_name: 'Bash',
+    tool_input: { command: 'ls .' },
+    session_id: SESSION_ID,
+    transcript_path: null,
+    ...overrides,
+  };
+}
+
+function buildTranscriptWith(lines, filePath) {
+  const dir = path.dirname(filePath);
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+  writeFileSync(filePath, lines.map((l) => JSON.stringify(l)).join('\n') + '\n', 'utf-8');
+}
+
+function runHook(eventObj, env = {}) {
+  const result = spawnSync('node', [HOOK], {
+    input: JSON.stringify(eventObj),
+    encoding: 'utf-8',
+    env: { ...process.env, HOME, ...env },
+  });
+  let parsed = null;
+  try { parsed = JSON.parse(result.stdout.trim()); } catch { /* non-JSON stdout */ }
+  return { exitCode: result.status, stdout: result.stdout, stderr: result.stderr, parsed };
+}
+
+// ── Setup ──────────────────────────────────────────────────────────────
+
+if (!existsSync(CLAUDE_DIR)) mkdirSync(CLAUDE_DIR, { recursive: true });
+
+// ── Test 1: no transcript → gate fires, block + recovery payload ───────
+console.log('\nTest 1: no transcript (no context signals) → block with recovery');
+{
+  cleanTurnState(SESSION_ID);
+  const event = buildEvent({ transcript_path: null });
+  const { exitCode, parsed } = runHook(event);
+
+  assert('exit code is 2 (block)', exitCode === 2, exitCode);
+  assert('decision is "block"', parsed?.decision === 'block', parsed?.decision);
+  assert('reason is a non-empty string', typeof parsed?.reason === 'string' && parsed.reason.length > 0, parsed?.reason);
+  assert(
+    'hookSpecificOutput.recovery.action is "run_context_loader"',
+    parsed?.hookSpecificOutput?.recovery?.action === 'run_context_loader',
+    parsed?.hookSpecificOutput?.recovery?.action,
+  );
+  assert(
+    'hookSpecificOutput.recovery.target is session ID',
+    parsed?.hookSpecificOutput?.recovery?.target === SESSION_ID,
+    parsed?.hookSpecificOutput?.recovery?.target,
+  );
+  assert(
+    'hookSpecificOutput.recovery.expectedContext includes "harness_packet"',
+    Array.isArray(parsed?.hookSpecificOutput?.recovery?.expectedContext) &&
+      parsed.hookSpecificOutput.recovery.expectedContext.includes('harness_packet'),
+    parsed?.hookSpecificOutput?.recovery?.expectedContext,
+  );
+  assert(
+    'hookSpecificOutput.recovery.expectedContext includes "memory_files"',
+    Array.isArray(parsed?.hookSpecificOutput?.recovery?.expectedContext) &&
+      parsed.hookSpecificOutput.recovery.expectedContext.includes('memory_files'),
+    parsed?.hookSpecificOutput?.recovery?.expectedContext,
+  );
+  assert(
+    'hookSpecificOutput.recovery.expectedContext includes "binding_plan"',
+    Array.isArray(parsed?.hookSpecificOutput?.recovery?.expectedContext) &&
+      parsed.hookSpecificOutput.recovery.expectedContext.includes('binding_plan'),
+    parsed?.hookSpecificOutput?.recovery?.expectedContext,
+  );
+}
+
+// ── Test 2: transcript WITH all three signals → allow ─────────────────
+console.log('\nTest 2: transcript with all three context signals → allow');
+{
+  cleanTurnState(SESSION_ID);
+  const transcriptFile = path.join(tmpdir(), `test-transcript-preturn-${Date.now()}.jsonl`);
+
+  const assistantTextWithAllSignals = [
+    '🔐 Aria Harness — Session Packet loaded for turn.',
+    '[ARIA_DIRECTION] Proceed with implementation of Phase 8 research-first context injection.',
+    '<cognition>',
+    '  nur: Current task is implementing the pre-turn memory gate per feedback_no_graceful_degradation.md and project_aria_as_controller_inversion.md.',
+    '  mizan: Risk is that blocking without recovery creates dead-letter state. Soft-gate pattern resolves this.',
+    '  hikma: feedback_no_flag_without_fix.md requires inline fix for any discovery.',
+    '  tafakkur: The gate must deduplicate within 60s to prevent orchestrator retry loops.',
+    '</cognition>',
+  ].join('\n');
+
+  buildTranscriptWith(
+    [
+      {
+        role: 'user',
+        message: {
+          role: 'user',
+          content: [{ type: 'text', text: 'Implement phase 8.' }],
+        },
+      },
+      {
+        role: 'assistant',
+        message: {
+          role: 'assistant',
+          content: [{ type: 'text', text: assistantTextWithAllSignals }],
+        },
+      },
+    ],
+    transcriptFile,
+  );
+
+  const event = buildEvent({ transcript_path: transcriptFile });
+  const { exitCode, parsed } = runHook(event);
+
+  assert('exit code is 0 (allow)', exitCode === 0, exitCode);
+  assert('no block decision in stdout (stdout is empty or non-block)', !parsed || parsed.decision !== 'block', parsed?.decision);
+
+  // Cleanup
+  try { unlinkSync(transcriptFile); } catch {}
+}
+
+// ── Test 3: deduplication — gate already fired within 60s → skip ───────
+console.log('\nTest 3: gate already fired this turn (< 60s ago) → skip (exit 0)');
+{
+  // Pre-write a turn-state showing the gate fired 5 seconds ago
+  const statePath = turnStatePath(SESSION_ID);
+  writeFileSync(statePath, JSON.stringify({ lastTurnGateFiredAt: Date.now() - 5000, lastDecision: 'block', signals: {} }), 'utf-8');
+
+  const event = buildEvent({ transcript_path: null });
+  const { exitCode } = runHook(event);
+
+  assert('exit code is 0 (dedup skip — no re-fire within 60s)', exitCode === 0, exitCode);
+
+  cleanTurnState(SESSION_ID);
+}
+
+// ── Test 4: non-action tool (Read) → gate skips entirely ───────────────
+console.log('\nTest 4: non-action tool (Read) → gate skips (exit 0)');
+{
+  cleanTurnState(SESSION_ID);
+  const event = buildEvent({ tool_name: 'Read', transcript_path: null });
+  const { exitCode } = runHook(event);
+  assert('exit code is 0 (ungated read tool)', exitCode === 0, exitCode);
+}
+
+// ── Test 5: REMOVED 2026-04-27 — env-var kill-switch stripped per Hamza
+//    directive ("those should've been my choice to give you to turn off
+//    not free for you to access"). Gates are unconditional from the gated
+//    process. Disable = remove hook entry from ~/.claude/settings.json.
+
+// ── Test 6: only ONE signal present → still blocks ────────────────────
+console.log('\nTest 6: only harness packet signal (missing direction + memory ref) → block');
+{
+  cleanTurnState(SESSION_ID);
+  const transcriptFile = path.join(tmpdir(), `test-transcript-preturn-partial-${Date.now()}.jsonl`);
+
+  const assistantTextPartial = '🔐 Aria Harness — partial context only. No direction. No memory refs.';
+
+  buildTranscriptWith(
+    [
+      {
+        role: 'user',
+        message: {
+          role: 'user',
+          content: [{ type: 'text', text: 'Do the thing.' }],
+        },
+      },
+      {
+        role: 'assistant',
+        message: {
+          role: 'assistant',
+          content: [{ type: 'text', text: assistantTextPartial }],
+        },
+      },
+    ],
+    transcriptFile,
+  );
+
+  const event = buildEvent({ transcript_path: transcriptFile });
+  const { exitCode, parsed } = runHook(event);
+
+  assert('exit code is 2 (block on partial signals)', exitCode === 2, exitCode);
+  assert('decision is "block"', parsed?.decision === 'block', parsed?.decision);
+  assert(
+    'reason mentions missing aria_direction',
+    typeof parsed?.reason === 'string' && parsed.reason.includes('aria_direction'),
+    parsed?.reason?.slice(0, 200),
+  );
+
+  try { unlinkSync(transcriptFile); } catch {}
+  cleanTurnState(SESSION_ID);
+}
+
+// ── Summary ────────────────────────────────────────────────────────────
+console.log(`\n${passed + failed} tests: ${passed} passed, ${failed} failed`);
+if (failed > 0) {
+  process.exit(1);
+} else {
+  console.log('All assertions passed.');
+  process.exit(0);
+}