@aria_asi/cli 0.2.36 → 0.2.37

package/hooks/aria-pre-tool-gate.mjs

@@ -53,6 +53,7 @@ import {
   normalizeRole,
 } from './lib/hook-message-window.mjs';
 import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
+import { emergencyGateOffDecision } from './lib/emergency-gateoff.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
@@ -72,7 +73,20 @@ function runUniversalGovernanceGate(payload) {
   try { result = stdout ? JSON.parse(stdout) : null; } catch {}
   if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
     const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
-    throw new Error(`=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===\n\n${reason}`);
+    throw new Error([
+      '=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===',
+      '',
+      reason,
+      '',
+      'Recovery contract:',
+      '1. Do not retry the same blocked action unchanged.',
+      '2. Load or apply the doctrine/skill named by the governance output.',
+      '3. Re-write the action with <applied_cognition> and concrete proof.',
+      '4. Re-test by submitting the revised action through this same gate.',
+    ].join('\n'));
+  }
+  if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
+    process.stderr.write(`[aria-governance:${result.governanceMode || 'recovery-required'}] ${JSON.stringify(result)}\n`);
   }
   return result;
 }
@@ -181,7 +195,7 @@ function audit(decision, summary) {
 // Bootstrap: if no plan exists, the hook STILL blocks (per Hamza 2026-04-27
 // "the point is to stop wasting my time"). Claude must wait for Aria to issue
 // a plan via preprompt-consult on the next user prompt. NO unbound execution.
-const BINDING_ENABLED = (process.env.ARIA_BINDING_ENABLED || 'true').toLowerCase() !== 'false';
+const BINDING_ENABLED = true;
 const BINDING_AUDIT = `${HOME}/.claude/aria-binding-audit.jsonl`;
 
 function bindingAuditAppend(record) {
@@ -599,12 +613,12 @@ const SHORT_BASH_LIMIT = 30;
 // accept flattened generic aliases because they change the lens meaning.
 const _INLINE_LENS_PATTERN = LENS_NAMES.join('|');
 const INLINE_LENS_LINE_RX_GLOBAL = new RegExp(
-  `^\\s*#\\s*(${_INLINE_LENS_PATTERN})\\s*:\\s*(.+)$`,
+  `^\\s*(?:#|:\\s*["'])\\s*(${_INLINE_LENS_PATTERN})\\s*:\\s*(.+?)(?:["']\\s*)?$`,
   'gim',
 );
-const INLINE_COGNITION_HEADER_RX = /^\s*#\s*cognition\s*:\s*(.+)$/im;
-const INLINE_EXPECTED_LINE_RX = /^\s*#\s*expected\s*:\s*(.+)$/gim;
-const INLINE_VERIFY_LINE_RX = /^\s*#\s*verify\s*:\s*(.+)$/gim;
+const INLINE_COGNITION_HEADER_RX = /^\s*(?:#|:\s*["'])\s*cognition\s*:\s*(.+?)(?:["']\s*)?$/im;
+const INLINE_EXPECTED_LINE_RX = /^\s*(?:#|:\s*["'])\s*expected\s*:\s*(.+?)(?:["']\s*)?$/gim;
+const INLINE_VERIFY_LINE_RX = /^\s*(?:#|:\s*["'])\s*verify\s*:\s*(.+?)(?:["']\s*)?$/gim;
 
 const VERIFY_REQUIRED_FIELDS = [
   { rx: /\btarget\s*:/i, name: 'target' },
@@ -1046,6 +1060,11 @@ try {
   audit('allow-parse-error', 'stdin not JSON');
   process.exit(0);  // fail-open on malformed input
 }
+const emergencyGateOff = emergencyGateOffDecision(event);
+if (emergencyGateOff.off) {
+  audit('allow-emergency-gateoff', `reason=${emergencyGateOff.reason}`);
+  process.exit(0);
+}
 
 const toolName = event.tool_name ?? event.toolName ?? '';
 const toolInput = event.tool_input ?? event.toolInput ?? {};
@@ -1317,7 +1336,7 @@ const skillGate = evaluateSkillGate({
   isMutation: toolName !== 'Bash',
   autoLoadAvailable: false,
 });
-if (!skillGate.ok) {
+if (!skillGate.ok && !skillGate.redirectOnly) {
   const reason = formatSkillGateBlock(skillGate);
   audit('block-missing-skill-receipt', `${skillGate.missingSkills.join(',')} ${cmdPreview}`);
   emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
@@ -1403,6 +1422,12 @@ function buildForceRedoActionReason(reasonText, { source = 'pre-tool-gate', tool
     'ORIGINAL GATE REASON:',
     String(reasonText || '').trim(),
     '',
+    'Recovery contract:',
+    '1. Do not retry the same blocked tool call unchanged.',
+    '2. Apply the teaching above to the next action draft before re-running the tool.',
+    '3. Re-test by submitting the revised action through this same pre-tool gate.',
+    '4. If the blocker is stale state, name the stale state and clear or repair it before retrying.',
+    '',
     'REQUIRED REDO SHAPE:',
     '1. Emit/attach <cognition> with the required lenses before retrying the tool.',
     '2. For Bash, prepend inline cognition comments to the command:',
@@ -2010,7 +2035,7 @@ What Claude must do:
 2. Surface the failure LOUDLY — this is a substrate-level break, not a routine consult miss
 3. Wait for next user prompt — preprompt-consult will retry; if it succeeds a plan will exist on next tool call
 
-Non-trivial actions are blocked until a plan exists. Trivial reads (ls/cat/grep) bypass automatically per existing whitelist. To temporarily disable binding for emergency: ARIA_BINDING_ENABLED=false (logged).`;
+Non-trivial actions are blocked until a plan exists. Trivial reads (ls/cat/grep) bypass automatically per existing whitelist. Emergency disable requires removing the hook entry or a signed owner override; env-var disable is not honored.`;
       emitBlock(reason, { source: 'pre-tool/substrate-binding' });
       process.exit(2);
     }

package/hooks/aria-preprompt-consult.mjs

@@ -93,16 +93,15 @@ const PACKET_CACHE_PATHS = [
   `${HOME}/.claude/.aria-harness-last-packet.json`,
 ];
 const SUBSTRATE_MANIFEST_PATH = `${HOME}/.claude/.aria-loaded-substrate.json`;
-// Default ON. Disable explicitly via ARIA_BINDING_ENABLED=false only when the
-// commander/binding architecture is actively being modified (otherwise the
-// modification turn itself would be unable to land its own changes). The
-// bootstrap path handles the no-plan-yet case by AUTO-ISSUING the first plan
-// at hook fire time, so "no plan exists" never becomes "operate unbound."
+// Default ON. Env-var disable is intentionally not honored here; emergency
+// bypass must be an owner-visible hook change, not ambient subprocess drift.
+// The bootstrap path handles the no-plan-yet case by AUTO-ISSUING the first
+// plan at hook fire time, so "no plan exists" never becomes "operate unbound."
 //
 // Hamza 2026-04-27: "why would enforcing brick the session? the point is to
 // stop wasting my time and do quality work." Default-off was convenience-
 // seeking dressed as responsible-staging. Flipped to default-on per directive.
-const BINDING_ENABLED = (process.env.ARIA_BINDING_ENABLED || 'true').toLowerCase() !== 'false';
+const BINDING_ENABLED = true;
 
 const HARNESS_URL =
   process.env.ARIA_HIVE_RUNTIME_URL ||

package/hooks/aria-preturn-memory-gate.mjs

@@ -72,6 +72,11 @@ function buildForceRedoActionReason({ source, reason, missingSignals = [], incid
     missingSignals.length ? `\nMISSING SIGNALS:\n${missingSignals.map((signal) => `- ${signal}`).join('\n')}` : '',
     incidents.length ? `\nINCIDENTS TO RESOLVE:\n${incidents.map((incident) => `- ${incident}`).join('\n')}` : '',
     '',
+    'Recovery contract:',
+    '1. Do not proceed with tools from the blocked context unchanged.',
+    '2. Run the structured recovery action in hookSpecificOutput.recovery.',
+    '3. Re-test by verifying harness_packet, aria_direction/binding_plan, and memory references are loaded.',
+    '',
     'REQUIRED REDO SHAPE:',
     '1. Run the structured recovery action in hookSpecificOutput.recovery.',
     '2. Verify harness_packet, aria_direction/binding_plan, and memory references are loaded.',

package/hooks/aria-repo-doctrine-gate.mjs

@@ -102,6 +102,11 @@ function buildForceRedoActionReason({ source, reason, violations = [] }) {
     '- External provider calls must use an approved runtime/SDK path or carry the explicit external-call allow marker.',
     violations.length ? `\nVIOLATIONS TO FIX:\n${violations.map((v) => `- ${v}`).join('\n')}` : '',
     '',
+    'Recovery contract:',
+    '1. Do not retry the same blocked edit/action unchanged.',
+    '2. Apply the teaching above by removing or isolating every violating production-path pattern.',
+    '3. Re-test by running this repo doctrine gate before retrying the original action.',
+    '',
     'REQUIRED REDO SHAPE:',
     '1. Preserve the intended behavior without stub/mock/pending semantics.',
     '2. Use real implementation wiring or an explicit reviewed allow marker.',
@@ -373,6 +378,16 @@ function renderReason(repoRoot, violations, mode) {
     '',
     `Allow path categories: tests/specs/fixtures/examples/demos/mocks, or add ${ALLOW_MARKER} in the file when the exception is intentional and reviewable.`,
     `External provider calls require explicit ${ALLOW_EXTERNAL_LLM_CALL_MARKER} marker or an approved internal runtime/SDK path.`,
+    '',
+    'TEACHING:',
+    '- Repo doctrine blocks protect production paths from fake or placeholder behavior.',
+    '- If this is a real implementation, replace the flagged language with shipped behavior or isolate it under an allowed test/example surface.',
+    '',
+    'Recovery contract:',
+    '1. Do not retry the same commit/tool action unchanged.',
+    '2. Remove or replace each flagged stub/mock/pending/external-call pattern in production paths.',
+    `3. If an exception is intentional, add ${ALLOW_MARKER} or ${ALLOW_EXTERNAL_LLM_CALL_MARKER} with a reviewable reason.`,
+    '4. Re-run this repo doctrine gate before retrying the original action.',
   ].join('\n');
 }
 

package/hooks/aria-stop-gate.mjs

@@ -47,8 +47,9 @@
 // Future: signed-grant override mechanism at ~/.aria/owner-overrides/<hook>.json
 // with HMAC signature using a secret only Hamza holds. Deferred to next session.
 
-import { readFileSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
+import { appendFileSync, readFileSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { dirname } from 'node:path';
+import { createHash } from 'node:crypto';
 import { spawnSync } from 'node:child_process';
 import { appendGateAudit } from './lib/gate-audit.mjs';
 import {
@@ -61,6 +62,7 @@ import { registerGateBlock } from './lib/gate-loop-state.mjs';
 import { collectTurnWindowFromMessages } from './lib/hook-message-window.mjs';
 import { analyzeDomainOutputQuality } from './lib/domain-output-quality.mjs';
 import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
+import { emergencyGateOffDecision } from './lib/emergency-gateoff.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const RUNTIME_BASE_URL =
@@ -71,6 +73,15 @@ const AUDIT_PATH = `${HOME}/.claude/aria-stop-gate-audit.jsonl`;
 const GATE_LOOP_STATE_PATH = `${HOME}/.claude/.aria-gate-loop-state.json`;
 const MIZAN_RECEIPT_DIR = `${HOME}/.claude/.aria-mizan-receipts`;
 const GOVERNANCE_GATE_PATH = `${HOME}/.aria/bin/aria-governance-gate`;
+const CURRENT_RECOVERY_PATH = `${HOME}/.aria/governance-recovery-current.json`;
+const HANDOFF_MODE_RX = /\b(?:post[_ -]?compact[_ -]?continuation|handoff[_ -]?resume|continuation[_ -]?handoff|post-compact|compact(?:ion)? handoff|post\s+commission)\b/i;
+const HANDOFF_REQUIRED_FIELDS = [
+  { label: 'current objective', rx: /\bcurrent\s+objective\b\s*:/i },
+  { label: 'known blockers', rx: /\bknown\s+blockers\b\s*:/i },
+  { label: 'next executable step', rx: /\bnext\s+executable\s+step\b\s*:/i },
+  { label: 'what not to touch', rx: /\bwhat\s+not\s+to\s+touch\b\s*:/i },
+  { label: 'verification already run', rx: /\bverification\s+already\s+run\b\s*:/i },
+];
 
 function runUniversalGovernanceGate(payload) {
   if (!existsSync(GOVERNANCE_GATE_PATH)) return null;
@@ -84,11 +95,49 @@ function runUniversalGovernanceGate(payload) {
   try { result = stdout ? JSON.parse(stdout) : null; } catch {}
   if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
     const reason = stdout || child.stderr || 'aria-governance-gate blocked this output.';
-    throw new Error(`=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===\n\n${reason}`);
+    throw new Error([
+      '=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===',
+      '',
+      reason,
+      '',
+      'Recovery contract:',
+      '1. Do not retry the same blocked output unchanged.',
+      '2. Load or apply the doctrine/skill named by the governance output.',
+      '3. Re-write the output with <applied_cognition> and concrete proof.',
+      '4. Re-test by submitting the revised output through this same gate.',
+    ].join('\n'));
+  }
+  if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
+    process.stderr.write(`[aria-governance:${result.governanceMode || 'recovery-required'}] ${JSON.stringify(result)}\n`);
   }
   return result;
 }
 
+function classifyContinuationHandoff(text) {
+  const body = String(text || '');
+  const isContinuation = HANDOFF_MODE_RX.test(body);
+  const missingFields = HANDOFF_REQUIRED_FIELDS.filter((field) => !field.rx.test(body)).map((field) => field.label);
+  return { isContinuation, ok: isContinuation && missingFields.length === 0, missingFields };
+}
+
+function formatHandoffRecovery(missingFields = []) {
+  return [
+    '=== ARIA LOCAL OUTPUT BLOCK ===',
+    '',
+    `post-compact continuation handoff malformed: missing fields: ${missingFields.join(', ') || '(none)'}`,
+    '',
+    'Recovery contract:',
+    '1. Do not retry the same blocked text.',
+    '2. Rewrite the output using this exact shape:',
+    'post_compact_continuation',
+    'current objective: <one sentence of the still-active task>',
+    'known blockers: <specific blockers, or "none verified" if truly none>',
+    'next executable step: <single command/edit/read/action the next agent should run first>',
+    'what not to touch: <unrelated dirty files, secrets, protected systems, or deploys to avoid>',
+    'verification already run: <commands/probes already run and exact result, or "not run">',
+  ].join('\n');
+}
+
 // SDK loader — bundled at ~/.aria/sdk by `aria connect`, with client-local
 // fallbacks preserved for resilience.
 // All control-plane fetches (validateOutput, gardenTurn) route through the
@@ -442,6 +491,12 @@ function buildForceReauthorReason({
     rewritten ? `\nMIZAN REWRITE SEED:\n${rewritten}` : '',
     recipeAddendum || '',
     '',
+    'Recovery contract:',
+    '1. Do not retry the same blocked text unchanged.',
+    '2. Apply the teaching above to the next draft before re-emitting.',
+    '3. Re-test by submitting the revised output through this same gate.',
+    '4. If the blocker is stale state, name the stale state and clear or repair it before retrying.',
+    '',
     'REQUIRED REDO SHAPE:',
     '1. One sentence: the failed mechanism, not an apology.',
     '2. Evidence checked: file/line, command output, endpoint response, or explicit "unverified".',
@@ -472,6 +527,50 @@ function buildForceReauthorReason({
   ].filter(Boolean).join('\n');
 }
 
+function recoveryFingerprint(reason, source = 'stop-gate') {
+  return createHash('sha256')
+    .update([source, String(reason || '').replace(/\s+/g, ' ').trim().slice(0, 1200)].join('\0'))
+    .digest('hex');
+}
+
+function emitRecoverableStopGate(reason, { source = 'stop-gate', sessionId = gateSessionId } = {}) {
+  const fingerprint = recoveryFingerprint(reason, source);
+  const recovery = {
+    schema: 'aria.governance_recovery_current.v1',
+    updatedAt: new Date().toISOString(),
+    deliveryRule: 'This file is injected into the next system prompt. Execute recoveryLoop.nextStep before any completion claim.',
+    ok: true,
+    decision: 'warn',
+    source: 'aria-stop-gate',
+    governanceMode: 'recovery-required',
+    recoveryLoop: {
+      fingerprint,
+      allowedRecoveryAttempts: 1,
+      priorRecoveryAttempts: 0,
+      remainingRecoveryAttempts: 1,
+      nextStep: 'Re-author the blocked output using the recovery contract, load required skills if named, run a concrete verification probe when tools are available, then emit the corrected output.',
+      architectFallback: 'If Aria consult is unavailable or this same fingerprint repeats, use the strongest available client LLM under the architect harness, produce and execute the recovery plan, then verify.',
+    },
+    recoveryContract: {
+      retry: 'One recovery attempt is allowed for this exact output-gate fingerprint; repeat failure enters architect execution mode.',
+      architectMode: 'On repeat, load architecture-decision and the named domain skills, define the smallest executable plan, execute the first recovery action, and verify before output.',
+      fallbackWhenAriaUnavailable: 'Do not stop or ask the owner to fix it. Bind the strongest available client LLM to the architect harness, give it this JSON contract and failed evidence, execute its recovery plan, then verify.',
+      repairRecoveryCycle: ['re-author output according to the gate reason', 'verify the corrected claim or state explicit unverified boundary'],
+      retest: 'Submit the revised output through the same stop gate and run the concrete verification probe named by the recovery plan.',
+      blockedReason: reason,
+    },
+  };
+  try {
+    mkdirSync(dirname(CURRENT_RECOVERY_PATH), { recursive: true, mode: 0o700 });
+    writeFileSync(CURRENT_RECOVERY_PATH, `${JSON.stringify(recovery, null, 2)}\n`, { mode: 0o600 });
+  } catch (error) {
+    audit('recovery-state-write-failed', error instanceof Error ? error.message : String(error));
+  }
+  audit('recovery-required-output-gate', `${source} ${fingerprint}`);
+  console.log(JSON.stringify({ decision: 'allow', recoveryRequired: recovery }));
+  process.exit(0);
+}
+
 // Lens substance check — same constants as aria-pre-tool-gate.mjs.
 // Hamza directive 2026-04-28: all 8 canonical lenses required, not 4-of-8.
 const REQUIRED_LENSES = 8;
@@ -517,6 +616,11 @@ try {
   audit('allow-parse-error', 'stdin not JSON');
   process.exit(0);
 }
+const emergencyGateOff = emergencyGateOffDecision(event);
+if (emergencyGateOff.off) {
+  audit('allow-emergency-gateoff', `reason=${emergencyGateOff.reason}`);
+  process.exit(0);
+}
 const gateSessionId = String(event.session_id || 'claude-code').replace(/[^a-zA-Z0-9_-]/g, '_');
 const sessionMizanState = loadMizanReceiptState(event.session_id || 'claude-code');
 
@@ -616,8 +720,7 @@ if (userCorrectionViolation) {
     lensCount: 0,
     requiredLenses: REQUIRED_LENSES,
   });
-  console.log(JSON.stringify({ decision: 'block', reason }));
-  process.exit(2);
+  emitRecoverableStopGate(reason, { source: 'stop/user-correction', sessionId: gateSessionId });
 }
 
 // Triviality check — same as eight-lens-detector.ts
@@ -640,6 +743,17 @@ if (!triggered) {
   process.exit(0);
 }
 
+const handoff = classifyContinuationHandoff(assistantText);
+if (handoff.isContinuation) {
+  if (handoff.ok) {
+    audit('allow-post-compact-continuation', `chars=${assistantText.length}`);
+    await fireGardenTurn(event.session_id || 'claude-code', lastUserMessage, assistantText);
+    process.exit(0);
+  }
+  audit('block-post-compact-continuation', `missing=${handoff.missingFields.join(',')}`);
+  emitRecoverableStopGate(formatHandoffRecovery(handoff.missingFields), { source: 'stop/post-compact-continuation', sessionId: gateSessionId });
+}
+
 const stopSkillGate = evaluateSkillGate({
   sessionId: event.session_id || 'claude-code',
   surface: 'claude-stop-gate',
@@ -647,7 +761,7 @@ const stopSkillGate = evaluateSkillGate({
   isOutputCloseout: true,
   autoLoadAvailable: false,
 });
-if (!stopSkillGate.ok) {
+if (!stopSkillGate.ok && !stopSkillGate.redirectOnly) {
   audit('block-missing-skill-receipt', `missing=${stopSkillGate.missingSkills.join(',')} chars=${assistantText.length}`);
   const reason = withLoopDirective(buildForceReauthorReason({
     source: 'stop/skill-autoload',
@@ -656,8 +770,7 @@ if (!stopSkillGate.ok) {
     lensCount: 0,
     requiredLenses: REQUIRED_LENSES,
   }), `stop:skill-autoload:${stopSkillGate.missingSkills.join(',')}`, gateSessionId);
-  console.log(JSON.stringify({ decision: 'block', reason }));
-  process.exit(2);
+  emitRecoverableStopGate(reason, { source: 'stop/skill-autoload', sessionId: gateSessionId });
 }
 try {
   runUniversalGovernanceGate({
@@ -678,8 +791,7 @@ try {
     lensCount: 0,
     requiredLenses: REQUIRED_LENSES,
   }), 'stop:universal-governance', gateSessionId);
-  console.log(JSON.stringify({ decision: 'block', reason }));
-  process.exit(2);
+  emitRecoverableStopGate(reason, { source: 'stop/universal-governance', sessionId: gateSessionId });
 }
 
 // Non-trivial response — require substantive cognition.
@@ -712,8 +824,7 @@ if (cog.count < REQUIRED_LENSES) {
     codeCount: 0,
     implCouplingCount: 0,
   });
-  console.log(JSON.stringify({ decision: 'block', reason }));
-  process.exit(2);
+  emitRecoverableStopGate(reason, { source: 'stop/no-cognition', sessionId: gateSessionId });
 }
 
 // Question-emission visibility (Phase 11 promotes to block-mode):
@@ -1596,8 +1707,7 @@ if (cog.count >= REQUIRED_LENSES) {
         codeCount: codeQualityHits.length,
         implCouplingCount: implCouplingHits.length,
       });
-      console.log(JSON.stringify({ decision: 'block', reason }));
-      process.exit(2);
+      emitRecoverableStopGate(reason, { source: 'stop/output-quality', sessionId: gateSessionId });
     }
 
     audit('allow-output-qc',
@@ -1752,8 +1862,7 @@ if (hadNonTrivialAction && (!dalioExpectedMatch || !dalioHasMeasurablePredicate)
     codeCount: 0,
     implCouplingCount: 0,
   });
-  console.log(JSON.stringify({ decision: 'block', reason: missingReason }));
-  process.exit(2);
+  emitRecoverableStopGate(missingReason, { source: 'stop/dalio-expected', sessionId: gateSessionId });
 }
 
 // Dalio ledger write — fire-and-forget HTTP POST + local JSONL mirror.
@@ -1878,5 +1987,4 @@ emitHarnessFooter({
   codeCount: 0,
   implCouplingCount: 0,
 });
-console.log(JSON.stringify({ decision: 'block', reason: buildForceReauthorReason({ source: 'stop/lens-missing', reason, lensCount: cog.count, requiredLenses: REQUIRED_LENSES }) }));
-process.exit(2);
+emitRecoverableStopGate(buildForceReauthorReason({ source: 'stop/lens-missing', reason, lensCount: cog.count, requiredLenses: REQUIRED_LENSES }), { source: 'stop/lens-missing', sessionId: gateSessionId });

package/hooks/doctrine_trigger_map.json

@@ -572,6 +572,17 @@
       "teaching": "A service without a K8s manifest is not deployed — it's aspirational code. Every service in the registry must have a canonical k8s/<service>.yaml manifest. Without it, kubectl apply cannot restore the service after cluster restart.",
       "counter_action": "Create the canonical K8s manifest (Deployment + Service + liveness probe) at k8s/<service>.yaml. Register the service in k8s/service-registry.json. Never deploy via ad-hoc kubectl run or docker run — only via a version-controlled manifest.",
       "message": "Service lacks K8s manifest — see feedback_registry_image_drift.md"
+    },
+    {
+      "trigger_id": "containment_only_production_fix",
+      "trigger": "\\b(?:containment[- ]?only|only[- ]?contain(?:ed|ment)|just[- ]?contain(?:ed|ment))\\b|\\b(?:surface|cosmetic|appearance[- ]?only|form[- ]?only)\\s+(?:fix|repair|change)\\b|\\b(?:fix|repair|change)\\s+(?:only\\s+)?(?:the\\s+)?(?:surface|cosmetic|appearance|form)\\b|\\b(?:just|only|merely)\\s+(?:silence|satisfy|appease)\\s+(?:the\\s+)?(?:gate|hook|validator)\\b",
+      "rx": "\\b(?:containment[- ]?only|only[- ]?contain(?:ed|ment)|just[- ]?contain(?:ed|ment))\\b|\\b(?:surface|cosmetic|appearance[- ]?only|form[- ]?only)\\s+(?:fix|repair|change)\\b|\\b(?:fix|repair|change)\\s+(?:only\\s+)?(?:the\\s+)?(?:surface|cosmetic|appearance|form)\\b|\\b(?:just|only|merely)\\s+(?:silence|satisfy|appease)\\s+(?:the\\s+)?(?:gate|hook|validator)\\b",
+      "doctrine": "memory:feedback_gates_enforce_form_not_substance.md",
+      "memory": "feedback_gates_enforce_form_not_substance.md",
+      "severity": "block",
+      "teaching": "Containment-only production fixes are rationalized bypasses when they intentionally leave the broken user-visible mechanism unrepaired. Small source-level fixes are acceptable when they repair the root mechanism and are verified.",
+      "counter_action": "Keep the smallest correct change, but tie it to the root mechanism, observable recovery or proof, and user-visible verification; do not only silence gates or change cosmetics.",
+      "message": "Containment-only production fix detected. Preserve smallest-correct-change discipline, but replace cosmetic containment with root-mechanism repair plus observable recovery and proof."
     }
   ]
 }

package/hooks/lib/emergency-gateoff-impl.mjs

@@ -0,0 +1,39 @@
+import { existsSync, mkdirSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, join } from 'node:path';
+
+const GATEOFF_ENV_RX = /^(?:1|true|yes|on)$/i;
+const GATEOFF_PHRASE_RX = /\bGATEOFF\b/;
+
+export const gateOffMarkerPath = join(homedir(), '.aria', 'gates-off.manual');
+
+function textFromPayload(payload) {
+  if (!payload) return '';
+  if (typeof payload === 'string') return payload;
+  try { return JSON.stringify(payload); } catch { return String(payload); }
+}
+
+export function persistEmergencyGateOff(reason = 'phrase') {
+  mkdirSync(dirname(gateOffMarkerPath), { recursive: true, mode: 0o700 });
+  writeFileSync(gateOffMarkerPath, JSON.stringify({
+    disabled: true,
+    reason,
+    disabledAt: new Date().toISOString(),
+    reenable: 'Manual owner action only: remove this marker and unset ARIA_GATES_OFF/ARIA_HARNESS_GATES_OFF.',
+  }, null, 2) + '\n', { mode: 0o600 });
+}
+
+export function detectEmergencyGateOff(payload = '') {
+  if (GATEOFF_ENV_RX.test(String(process.env.ARIA_GATES_OFF || process.env.ARIA_HARNESS_GATES_OFF || ''))) {
+    return { off: true, reason: 'env' };
+  }
+  if (existsSync(gateOffMarkerPath)) return { off: true, reason: 'marker' };
+  if (GATEOFF_PHRASE_RX.test(textFromPayload(payload))) return { off: true, reason: 'phrase' };
+  return { off: false, reason: null };
+}
+
+export function emergencyGateOffDecision(payload = '') {
+  const decision = detectEmergencyGateOff(payload);
+  if (decision.off && decision.reason === 'phrase') persistEmergencyGateOff('phrase');
+  return decision;
+}

package/hooks/lib/emergency-gateoff.mjs

@@ -0,0 +1,6 @@
+export {
+  detectEmergencyGateOff,
+  emergencyGateOffDecision,
+  gateOffMarkerPath,
+  persistEmergencyGateOff,
+} from './emergency-gateoff-impl.mjs';