@aria_asi/cli 0.2.35 → 0.2.37

package/dist/runtime/discipline/doctrine_trigger_map.json

@@ -572,6 +572,17 @@
       "teaching": "A service without a K8s manifest is not deployed — it's aspirational code. Every service in the registry must have a canonical k8s/<service>.yaml manifest. Without it, kubectl apply cannot restore the service after cluster restart.",
       "counter_action": "Create the canonical K8s manifest (Deployment + Service + liveness probe) at k8s/<service>.yaml. Register the service in k8s/service-registry.json. Never deploy via ad-hoc kubectl run or docker run — only via a version-controlled manifest.",
       "message": "Service lacks K8s manifest — see feedback_registry_image_drift.md"
+    },
+    {
+      "trigger_id": "containment_only_production_fix",
+      "trigger": "\\b(?:containment[- ]?only|only[- ]?contain(?:ed|ment)|just[- ]?contain(?:ed|ment))\\b|\\b(?:surface|cosmetic|appearance[- ]?only|form[- ]?only)\\s+(?:fix|repair|change)\\b|\\b(?:fix|repair|change)\\s+(?:only\\s+)?(?:the\\s+)?(?:surface|cosmetic|appearance|form)\\b|\\b(?:just|only|merely)\\s+(?:silence|satisfy|appease)\\s+(?:the\\s+)?(?:gate|hook|validator)\\b",
+      "rx": "\\b(?:containment[- ]?only|only[- ]?contain(?:ed|ment)|just[- ]?contain(?:ed|ment))\\b|\\b(?:surface|cosmetic|appearance[- ]?only|form[- ]?only)\\s+(?:fix|repair|change)\\b|\\b(?:fix|repair|change)\\s+(?:only\\s+)?(?:the\\s+)?(?:surface|cosmetic|appearance|form)\\b|\\b(?:just|only|merely)\\s+(?:silence|satisfy|appease)\\s+(?:the\\s+)?(?:gate|hook|validator)\\b",
+      "doctrine": "memory:feedback_gates_enforce_form_not_substance.md",
+      "memory": "feedback_gates_enforce_form_not_substance.md",
+      "severity": "block",
+      "teaching": "Containment-only production fixes are rationalized bypasses when they intentionally leave the broken user-visible mechanism unrepaired. Small source-level fixes are acceptable when they repair the root mechanism and are verified.",
+      "counter_action": "Keep the smallest correct change, but tie it to the root mechanism, observable recovery or proof, and user-visible verification; do not only silence gates or change cosmetics.",
+      "message": "Containment-only production fix detected. Preserve smallest-correct-change discipline, but replace cosmetic containment with root-mechanism repair plus observable recovery and proof."
     }
   ]
 }

package/dist/runtime/discipline/skills/aria-cognition/aria-essence/SKILL.md

@@ -61,3 +61,21 @@ For non-trivial work, make sure your internal workflow yields at least:
 - [references/domain-matrix.md](references/domain-matrix.md)
 - [references/evolution-loop.md](references/evolution-loop.md)
 - [references/readable-cognition.md](references/readable-cognition.md)
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/aria-forge-guardrails/SKILL.md

@@ -33,3 +33,21 @@ Use this skill when Aria should operate like a senior production engineer with c
 - surface unresolved risks directly
 - distinguish root fix from containment
 - keep cognition readable and short unless the user asks for the full internal framing
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/aria-repo-doctrine/SKILL.md

@@ -37,3 +37,21 @@ Use this skill on any doctrine-bound repo edit, even when the user did not expli
 4. Does the change improve the artifact from the right domain perspective, not only the easiest engineering perspective?
 
 If any answer is no, stop and choose a real implementation or isolate the work under an explicit allowlisted test or example path.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/forge-quality-rules/SKILL.md

@@ -41,3 +41,21 @@ Use this when the task needs a sharper quality bar than "it compiles" or "it kin
 
 - [../aria-forge-guardrails/references/checklist.md](../aria-forge-guardrails/references/checklist.md)
 - [../aria-essence/references/evolution-loop.md](../aria-essence/references/evolution-loop.md)
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/SKILL.md

@@ -36,3 +36,21 @@ Use this as a validation pass when a normal quick check would miss second-order
 
 - Use [../aria-essence/references/readable-cognition.md](../aria-essence/references/readable-cognition.md) for readable user-facing summaries.
 - Use [../aria-essence/references/evolution-loop.md](../aria-essence/references/evolution-loop.md) when the review yields a reusable principle.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/istiqra-induction/SKILL.md

@@ -24,3 +24,21 @@ Use this when the right answer should emerge from the evidence already present.
 ## Guardrail
 
 Do not jump from one example to a universal rule unless the evidence actually supports it.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/ladunni-22/SKILL.md

@@ -33,3 +33,21 @@ Instead:
 - UX or funnel changes
 - code that affects support, sales, or business positioning
 - architecture decisions with product and operational consequences
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/mizan/SKILL.md

@@ -70,3 +70,21 @@ Externally, keep the answer readable. The user should see clear reasoning, not a
 ## Readable Output
 
 Keep user-facing output plain. Let the runtime carry the heavy cognition and receipts.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/nadia/SKILL.md

@@ -36,3 +36,21 @@ Use this skill to choose how Aria should think and respond before the answer is
 
 - Read [../aria-essence/references/readable-cognition.md](../aria-essence/references/readable-cognition.md) for user-facing output discipline.
 - Read [../aria-essence/references/evolution-loop.md](../aria-essence/references/evolution-loop.md) if the chosen posture produced a reusable lesson.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/nadia-psi/SKILL.md

@@ -36,3 +36,21 @@ Use this when the base posture choice is not enough and the finer state really c
 
 - [../aria-essence/references/readable-cognition.md](../aria-essence/references/readable-cognition.md)
 - [../aria-essence/references/evolution-loop.md](../aria-essence/references/evolution-loop.md)
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/predictor/SKILL.md

@@ -23,3 +23,21 @@ Use this to ask whether the current approach will survive contact with the next
 ## Guardrail
 
 Prediction is for preventing breakage, not for inventing facts.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/qiyas-analogy/SKILL.md

@@ -24,3 +24,21 @@ Use this when the task benefits from transferring a known structure instead of i
 ## Guardrail
 
 Analogy is subordinate to evidence. If the current repo/runtime truth disagrees, the analogy loses.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-cognition/soul-domains/SKILL.md

@@ -23,3 +23,21 @@ Use this skill to determine which disciplines should govern the decision.
 - Do not pretend to have exact threshold math if the live domain service was not consulted.
 - The point is better decisions, not fancy vocabulary.
 - If only one domain truly matters, say so plainly.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-aristotle-intra-phase/SKILL.md

@@ -79,3 +79,21 @@ These are the cognition-action mismatches the intra-phase catches before they sh
 ## Bottom line
 
 Intra-phase is where mid-sequence drift gets caught before it ships. The MetaCognitive snapshot via SDK + the cognition-action coherence check together prevent the most common pattern the Stop-gate catches reactively: cognition emitted, then action drifts, then gate blocks. Loading this skill at multi-step boundaries makes the drift detection proactive instead of post-hoc.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-aristotle-post-phase/SKILL.md

@@ -96,3 +96,21 @@ These are the patterns post-phase intercepts before the Stop-gate fires reactive
 ## Bottom line
 
 Post-phase is where the response gets validated against the action's actual outcome before emission. The 8-lens detector + Predictor + SelfReflection + state-claim verification + cognition-log + discovery-sweep together close the gap that Stop-gate catches reactively. Loading this skill at end-of-action boundaries makes the response-quality discipline proactive: the response earns its emission, it doesn't just hope the gate doesn't catch it.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-aristotle-pre-phase/SKILL.md

@@ -97,3 +97,21 @@ Reactive gates that fire when this skill is not honored:
 ## Bottom line
 
 Pre-phase is the phase where thinking happens. The cognition block is its artifact. Skipping pre-phase or emitting the cognition as ceremony AFTER the response is drafted produces the violations the Stop-gate catches reactively. Loading this skill at every action boundary makes the pre-phase contract proactive: you see what to do BEFORE drafting, not after the gate blocks.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-harness-deploy/SKILL.md

@@ -125,3 +125,21 @@ If any of these fail, do NOT deploy. Fix the underlying issue first — never st
 ## Owner-permission boundary
 
 Three failed gate-blocks in a row triggers owner-level bypass-prevention lockout. If your verify block is failing repeatedly, STOP retrying. The pattern is the gate parser doesn't recognize your field syntax. Read `~/.claude/hooks/aria-pre-tool-gate.mjs` to find the exact regex, then fix your verify block to match — do not retry the same shape three times.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-harness-no-stripping/SKILL.md

@@ -115,3 +115,21 @@ If you cannot fill in Y and Z with verified evidence, you are stripping. Stop. D
 - `feedback_no_flag_without_fix.md` — atomic discovery + fix pairing
 - `feedback_state_outcomes_not_narratives.md` — present-tense outcomes, not narrative camouflage
 - `feedback_senior_dev_code_quality_gate.md` — junior/LLM-flavored shortcuts rejected at gate
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-harness-onboarding/SKILL.md

@@ -110,3 +110,21 @@ The harness exists because doctrine is action-coupled: text decisions ARE action
 Quality production-grade is the only acceptable bar — for code contracts AND for output prose. Both are owned. Both are the producer-side discipline.
 
 When in doubt: cite the substrate, declare the predicate, name the doctrine, reframe — don't strip.
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-harness-output-discipline/SKILL.md

@@ -100,3 +100,21 @@ If they understand AND no raw tokens leaked — your prose passes all three gate
 - `feedback_state_outcomes_not_narratives.md` — present-tense outcomes
 - `feedback_use_harness_to_architect.md` — make declarative recommendations, not reflex-questions
 - `feedback_no_demos.md` — all work is production-grade
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/discipline/skills/aria-harness/aria-harness-substrate-binding/SKILL.md

@@ -119,3 +119,21 @@ This is auto-recorded as an open discovery in `~/.claude/aria-discoveries-<sessi
 - `feedback_packet_is_not_harness.md` — never claim harness state without enumerating L1/L2/L3
 - `feedback_no_flag_without_fix.md` — discoveries atomic with their fixes
 - `feedback_implementation_coupled_cognition.md` — lenses dictate specific implementation choices visible in artifact
+
+## First-Class Production Contract
+
+This skill must deepen the work, not decorate it. When loaded, apply it as a production requirement:
+
+- no placeholders, no fake fallbacks, no vague future wiring, and no cosmetic compliance
+- real proof from the repo, runtime, tests, logs, endpoint, or owner instruction before any completion claim
+- a redo contract whenever the skill blocks or finds a gap: what failed, what to change, how to re-test, and when to re-submit
+- architect/ARIA console escalation when the same failure repeats twice, crosses system boundaries, or cannot be verified locally
+- owner-visible output that states the exact state of the work: changed, verified, blocked, or needing a decision
+## Self-Executing Recovery Contract
+
+When this skill blocks, fails verification, or finds a gap, the agent must execute recovery rather than hand work back as a user-only decision.
+
+- Make exactly one self-executed recovery attempt using the strongest safe local, repository, runtime, test, log, endpoint, or owner-provided evidence available.
+- If the same failure repeats after that one recovery attempt, switch to architect execution mode: operate under the architect/ARIA harness to diagnose, choose the next action, execute the repair path, and verify the result.
+- If Aria or the architect service is unavailable, fall back to the strongest available client LLM under the architect harness or strongest available local harness substrate; mark the fallback explicitly and continue recovery instead of stopping.
+- Do not end with user-handoff-only behavior. If blocked after the recovery path, report the executed recovery attempt, evidence, remaining blocker, and the next concrete action or owner decision needed; do not merely ask the user to take over.

package/dist/runtime/doctrine_trigger_map.json

@@ -572,6 +572,17 @@
       "teaching": "A service without a K8s manifest is not deployed — it's aspirational code. Every service in the registry must have a canonical k8s/<service>.yaml manifest. Without it, kubectl apply cannot restore the service after cluster restart.",
       "counter_action": "Create the canonical K8s manifest (Deployment + Service + liveness probe) at k8s/<service>.yaml. Register the service in k8s/service-registry.json. Never deploy via ad-hoc kubectl run or docker run — only via a version-controlled manifest.",
       "message": "Service lacks K8s manifest — see feedback_registry_image_drift.md"
+    },
+    {
+      "trigger_id": "containment_only_production_fix",
+      "trigger": "\\b(?:containment[- ]?only|only[- ]?contain(?:ed|ment)|just[- ]?contain(?:ed|ment))\\b|\\b(?:surface|cosmetic|appearance[- ]?only|form[- ]?only)\\s+(?:fix|repair|change)\\b|\\b(?:fix|repair|change)\\s+(?:only\\s+)?(?:the\\s+)?(?:surface|cosmetic|appearance|form)\\b|\\b(?:just|only|merely)\\s+(?:silence|satisfy|appease)\\s+(?:the\\s+)?(?:gate|hook|validator)\\b",
+      "rx": "\\b(?:containment[- ]?only|only[- ]?contain(?:ed|ment)|just[- ]?contain(?:ed|ment))\\b|\\b(?:surface|cosmetic|appearance[- ]?only|form[- ]?only)\\s+(?:fix|repair|change)\\b|\\b(?:fix|repair|change)\\s+(?:only\\s+)?(?:the\\s+)?(?:surface|cosmetic|appearance|form)\\b|\\b(?:just|only|merely)\\s+(?:silence|satisfy|appease)\\s+(?:the\\s+)?(?:gate|hook|validator)\\b",
+      "doctrine": "memory:feedback_gates_enforce_form_not_substance.md",
+      "memory": "feedback_gates_enforce_form_not_substance.md",
+      "severity": "block",
+      "teaching": "Containment-only production fixes are rationalized bypasses when they intentionally leave the broken user-visible mechanism unrepaired. Small source-level fixes are acceptable when they repair the root mechanism and are verified.",
+      "counter_action": "Keep the smallest correct change, but tie it to the root mechanism, observable recovery or proof, and user-visible verification; do not only silence gates or change cosmetics.",
+      "message": "Containment-only production fix detected. Preserve smallest-correct-change discipline, but replace cosmetic containment with root-mechanism repair plus observable recovery and proof."
     }
   ]
 }