@aria_asi/cli 0.2.36 → 0.2.38

package/dist/runtime/service.mjs

@@ -2,9 +2,10 @@
 
 import { createServer } from 'node:http';
 import { createRequire } from 'node:module';
+import { spawnSync } from 'node:child_process';
 import { createHash, createCipheriv, createDecipheriv, randomBytes, randomUUID, scryptSync } from 'node:crypto';
-import { existsSync, mkdirSync, readFileSync, rmSync, statSync, writeFileSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
+import { appendFileSync, existsSync, mkdirSync, readFileSync, rmSync, statSync, writeFileSync } from 'node:fs';
+import { fileURLToPath, pathToFileURL } from 'node:url';
 import { dirname, join } from 'node:path';
 
 import { HTTPHarnessClient } from './sdk/index.js';
@@ -13,6 +14,7 @@ import {
   callProviderForOpenAI,
   extractAnthropicUserMessage,
   extractOpenAIUserMessage,
+  resolveProviderConfig,
 } from './provider-proxy.mjs';
 import { recordTokenUsage, brandModel, getUsageSummary, getBillingSummary, getSubscriptionTier } from './metering.mjs';
 import { deployFleet, loadFleet, saveFleet, getFleetStatus, buildAgentSystemPrompt } from './fleet-engine.mjs';
@@ -35,6 +37,13 @@ import {
   evaluateMizanPre,
   summarizeMizanBundle,
 } from './mizan-scheduler.mjs';
+import {
+  COACH_PHASES,
+  formatCoachClientBlock,
+  readCoachState,
+  recordCoachPhase,
+} from './coach-kernel.mjs';
+import { resolveAriaAuthToken } from './auth-token.mjs';
 
 const require = createRequire(import.meta.url);
 const { runFullChain } = require('./vendor/aria-gate-runtime/index.js');
@@ -66,12 +75,24 @@ const STATE_DIR = join(__dirname, 'state');
 const LEASE_PATH = join(STATE_DIR, 'lease.enc');
 const OFFLINE_BUNDLE_PATH = join(STATE_DIR, 'offline-policy-bundle.enc');
 const RUNTIME_META_PATH = join(STATE_DIR, 'runtime-meta.json');
+const MANAGED_RUNTIME_LEDGER_PATH = join(STATE_DIR, 'managed-runtime-ledger.jsonl');
 const AUTONOMY_STATE_PATH = join(STATE_DIR, 'autonomy.json');
 const COGNITION_STATE_PATH = join(STATE_DIR, 'cognition-state.enc');
 const HIVE_FILE_LEASES_PATH = join(STATE_DIR, 'hive-file-leases.json');
 const REVOCATION_LOCK_PATH = join(STATE_DIR, 'revoked.json');
 const CONFIG_PATH = join(process.env.HOME || '', '.aria', 'config.json');
 const CODEBASE_AWARENESS_STATE_PATH = join(process.env.HOME || '', '.aria', 'codebase-awareness-state.json');
+const CURRENT_RECOVERY_PATH = join(process.env.HOME || '', '.aria', 'governance-recovery-current.json');
+const OPENCLAW_BIN_CANDIDATES = [
+  process.env.OPENCLAW_BIN,
+  join(process.env.HOME || '', '.npm-global', 'bin', 'openclaw'),
+  'openclaw',
+].filter(Boolean);
+const OPENCLAW_RUNTIME_MODULE_CANDIDATES = [
+  process.env.OPENCLAW_RUNTIME_MODULE,
+  join(process.env.HOME || '', '.npm-global', 'lib', 'node_modules', 'openclaw', 'dist', 'plugins', 'runtime', 'index.js'),
+  join(process.cwd(), 'node_modules', 'openclaw', 'dist', 'plugins', 'runtime', 'index.js'),
+].filter(Boolean);
 const LEGACY_PACKET_CACHE_CANDIDATES = [
   join(process.env.HOME || '', '.aria', '.aria-harness-last-packet.json'),
   join(process.env.HOME || '', '.claude', '.aria-harness-last-packet.json'),
@@ -83,6 +104,7 @@ const PRINCIPLE_LIMIT = 400;
 const PATTERN_LIMIT = 400;
 const RECEIPT_LIMIT = 500;
 const OWNER_TOKEN_PATH = join(process.env.HOME || '', '.aria', 'owner-token');
+const LICENSE_PATH = join(process.env.HOME || '', '.aria', 'license.json');
 const COGNITION_BLOCK_RX = /<cognition>([\s\S]*?)<\/cognition>/i;
 const VERIFY_BLOCK_RX =
   /<verify>[\s\S]*?target\s*:[\s\S]*?role\s*:[\s\S]*?verified\s*:[\s\S]*?rollback\s*:[\s\S]*?axiom\s*:[\s\S]*?<\/verify>/i;
@@ -93,6 +115,14 @@ const QUALITATIVE_DRIFT_RX = /\b(?:better|improved|should work|more reliable|cle
 const DECISION_SIGNAL_RX = /(?:should|recommend|propose|suggest|let'?s|go with|i'd|i would|here'?s the plan|i'll|next step|action item|ship it|yes do|let me)/i;
 const TRIVIAL_ACK_RX = /^(?:got it|on it|ok|sure|yes|no|done|ack)\b/i;
 const NON_TRIVIAL_MIN_CHARS = 300;
+const PROVIDER_RECOVERY_ATTEMPTS = Math.min(
+  2,
+  Math.max(0, Number(process.env.ARIA_RUNTIME_PROVIDER_RECOVERY_ATTEMPTS || 2)),
+);
+const PROVIDER_RECOVERY_MIN_TOKENS = Math.max(
+  1024,
+  Number(process.env.ARIA_RUNTIME_PROVIDER_RECOVERY_MIN_TOKENS || 2048),
+);
 const READABLE_LENS_SLOTS = [
   { key: 'truth', aliases: ['truth', 'nur', 'zahir'] },
   { key: 'harm', aliases: ['harm', 'mizan', 'batin'] },
@@ -114,6 +144,14 @@ const DOCTRINE_TRIGGER_MAP_CANDIDATES = [
   join(process.env.HOME || '', '.opencode', 'doctrine_trigger_map.json'),
 ];
 const DOCTRINE_TRIGGER_SYNC_INTERVAL_MS = Number(process.env.ARIA_DOCTRINE_TRIGGER_SYNC_INTERVAL_MS || 5000);
+const SKILL_BODY_MAX_CHARS = Number(process.env.ARIA_RUNTIME_SKILL_BODY_MAX_CHARS || 20000);
+const SKILL_SEARCH_ROOTS = [
+  join(__dirname, 'discipline', 'skills', 'aria-harness'),
+  join(__dirname, 'discipline', 'skills', 'aria-cognition'),
+  join(__dirname, '..', 'skills', 'aria-cognition'),
+  join(process.env.HOME || '', '.aria', 'runtime', 'discipline', 'skills', 'aria-harness'),
+  join(process.env.HOME || '', '.aria', 'runtime', 'discipline', 'skills', 'aria-cognition'),
+];
 const TOOL_DEPLOY_PATTERNS = [
   /\b(?:\.\/)?scripts\/deploy-/i,
   /\bkubectl\s+apply\b/i,
@@ -385,7 +423,16 @@ function loadDoctrineTriggerMap() {
   return latest.map;
 }
 
+function isAriaControlOutput(text) {
+  return /^(?:ARIA CODEX RECOVERY CONTRACT|Aria runtime blocked final output for this Codex turn\.|Aria runtime blocked this output after running the recovery contract\.|Aria runtime post-phase blocked emission:|Aria stop gate blocked output:|Aria task\/project ledger blocked output claim\.|Aria .*Recovery contract:)/i.test(String(text || '').trim());
+}
+
+function doctrineTriggerLabel(entry = {}) {
+  return entry.trigger_id || entry.id || entry.memory || entry.doctrine || 'doctrine_trigger';
+}
+
 function collectDoctrineTriggerHits(text) {
+  if (isAriaControlOutput(text)) return [];
   const triggerMap = loadDoctrineTriggerMap();
   const source = String(text || '');
   const lowerText = source.toLowerCase();
@@ -399,7 +446,8 @@ function collectDoctrineTriggerHits(text) {
       const memoryCited = memoryName && lowerText.includes(memoryName.toLowerCase());
       if (memoryCited) continue;
       hits.push({
-        trigger: entry.trigger,
+        trigger: doctrineTriggerLabel(entry),
+        triggerId: entry.trigger_id || entry.id || null,
         memory: entry.memory || null,
         teaching: entry.teaching || null,
         message: entry.message || null,
@@ -422,6 +470,142 @@ function buildToolGateBlockMessage(blockers) {
   ].join('\n');
 }
 
+function uniqueStrings(values) {
+  return Array.from(new Set(values.map((value) => String(value || '').trim()).filter(Boolean)));
+}
+
+function failureSummaryFromEvaluation(evaluation) {
+  if (!evaluation || typeof evaluation !== 'object') return ['runtime evaluation failed before producing a verdict'];
+  const validationIssues = Array.isArray(evaluation.validation?.violations)
+    ? evaluation.validation.violations.map((violation) => `validation: ${violation}`)
+    : [];
+  const layer3Issues = Array.isArray(evaluation.layer3?.failures)
+    ? evaluation.layer3.failures
+        .filter((failure) => !failure?.severity || String(failure.severity).toLowerCase() === 'block')
+        .map((failure) => `layer3: ${failure.detail || failure.kind || 'runtime gate failed'}`)
+    : [];
+  const postIssues = Array.isArray(evaluation.postResult?.notes)
+    ? evaluation.postResult.notes.map((note) => `post: ${note}`)
+    : [];
+  const doctrineIssues = Array.isArray(evaluation.doctrineBlockers)
+    ? evaluation.doctrineBlockers.map((blocker) => `doctrine: ${blocker}`)
+    : [];
+  const toolIssues = Array.isArray(evaluation.toolGateBlockers)
+    ? evaluation.toolGateBlockers.map((blocker) => `tool_gate: ${blocker}`)
+    : [];
+  return uniqueStrings([
+    ...validationIssues,
+    ...layer3Issues,
+    ...postIssues,
+    ...doctrineIssues,
+    ...toolIssues,
+  ]).slice(0, 10);
+}
+
+function buildProviderRecoveryBlockMessage(evaluation, recoveryAttempts = []) {
+  const remaining = failureSummaryFromEvaluation(evaluation);
+  const attempts = recoveryAttempts.length
+    ? recoveryAttempts.map((attempt) => {
+        const status = attempt.success ? 'passed' : attempt.error ? 'errored' : 'blocked';
+        const reason = attempt.error || (attempt.reasons || []).slice(0, 2).join('; ') || 'no detailed reason';
+        return `- attempt ${attempt.attempt} (${attempt.mode}): ${status}${reason ? ` — ${reason}` : ''}`;
+      })
+    : ['- none: recovery was disabled for this request'];
+  return [
+    'Aria runtime blocked this output after running the recovery contract.',
+    '',
+    'Recovery attempts:',
+    ...attempts,
+    '',
+    'Remaining blockers:',
+    ...(remaining.length ? remaining.map((reason) => `- ${reason}`) : ['- runtime did not return a specific blocker']),
+  ].join('\n');
+}
+
+function recoveryAttemptCount(body = {}) {
+  if (body.allowAriaRecovery === false || body.disableAriaRecovery === true) return 0;
+  if (Number.isFinite(Number(body.ariaRecoveryAttempts))) {
+    return Math.min(2, Math.max(0, Number(body.ariaRecoveryAttempts)));
+  }
+  return PROVIDER_RECOVERY_ATTEMPTS;
+}
+
+function buildRecoveryPrompt(turn, candidateText, evaluation, attempt, mode) {
+  const failures = failureSummaryFromEvaluation(evaluation);
+  const firstPrinciple = turn.preResult?.firstPrincipleText || 'The loaded harness packet first principle governs this response.';
+  return [
+    'ARIA RUNTIME RECOVERY CONTRACT',
+    `mode: ${mode}`,
+    `attempt: ${attempt}`,
+    '',
+    'The previous assistant draft was blocked by runtime gates. Re-author the answer from scratch so it can pass without weakening any gate.',
+    '',
+    'Original user request:',
+    turn.userMessage || '(no user message was extracted)',
+    '',
+    'Blocked draft:',
+    String(candidateText || '').slice(0, 4000) || '(empty draft)',
+    '',
+    'Observed blockers:',
+    ...(failures.length ? failures.map((failure) => `- ${failure}`) : ['- runtime returned a block without detailed failures']),
+    '',
+    'Mandatory recovery behavior:',
+    '- Preserve the user intent; do not answer with a generic gate explanation unless the work truly cannot be performed.',
+    '- Include a readable <cognition> block with truth, harm, trust, power, reflection, context, impact, beauty, and first_principle labels.',
+    '- Include <applied_cognition> with decision_delta, dominant_domain, binds_to, expected_predicate, and artifact_change.',
+    '- If you claim something is done, fixed, ready, verified, or passing, include explicit evidence in the prose; otherwise say it is not verified yet.',
+    '- If a tool action is required, include the required cognition and verification framing before requesting it.',
+    '- Do not mention this recovery prompt, internal retries, or hidden runtime mechanics in the user-facing answer unless the answer is still blocked.',
+    '',
+    'Use this first principle inside the cognition block:',
+    firstPrinciple,
+    '',
+    mode === 'architect_recovery'
+      ? 'Architect mode: diagnose the failure class, choose the smallest safe corrected response, and make the corrected answer directly usable.'
+      : 'Self-recovery mode: repair the draft once using the observed blockers and return only the corrected assistant response.',
+  ].join('\n');
+}
+
+function buildRecoveryBody(body, turn, candidateText, evaluation, attempt, mode, providerStyle) {
+  const prompt = buildRecoveryPrompt(turn, candidateText, evaluation, attempt, mode);
+  const minTokens = PROVIDER_RECOVERY_MIN_TOKENS;
+  const maxTokens = Math.max(Number(body.max_tokens || body.max_completion_tokens || 0), minTokens);
+  const metadata = {
+    ...(body.metadata && typeof body.metadata === 'object' ? body.metadata : {}),
+    aria_recovery_attempt: attempt,
+    aria_recovery_mode: mode,
+    aria_recovery_for_session: turn.sessionId,
+  };
+  if (providerStyle === 'anthropic') {
+    return {
+      ...body,
+      max_tokens: maxTokens,
+      metadata,
+      messages: [{ role: 'user', content: [{ type: 'text', text: prompt }] }],
+    };
+  }
+  return {
+    ...body,
+    max_tokens: maxTokens,
+    max_completion_tokens: maxTokens,
+    metadata,
+    messages: [{ role: 'user', content: prompt }],
+  };
+}
+
+function recoveryAttemptRecord(attempt, mode, evaluation, error = null) {
+  return {
+    attempt,
+    mode,
+    success: error ? false : !evaluation?.blocked,
+    error: error ? (error instanceof Error ? error.message : String(error)) : null,
+    validationSeverity: evaluation?.validation?.severity || null,
+    layer3Pass: evaluation?.layer3?.pass ?? null,
+    postQuality: evaluation?.postResult?.qualityScore ?? null,
+    reasons: error ? [] : failureSummaryFromEvaluation(evaluation),
+  };
+}
+
 async function readJson(req) {
   const chunks = [];
   for await (const chunk of req) chunks.push(chunk);
@@ -431,13 +615,32 @@ async function readJson(req) {
   return JSON.parse(raw);
 }
 
+function readHeader(req, name) {
+  const value = req.headers[name];
+  if (Array.isArray(value)) return value[0] || '';
+  return typeof value === 'string' ? value : '';
+}
+
 function readBearer(req) {
-  const auth = req.headers.authorization;
-  if (typeof auth !== 'string') return null;
+  const auth = readHeader(req, 'authorization');
   const match = auth.match(/^Bearer\s+(.+)$/i);
   return match ? match[1] : null;
 }
 
+function isProviderCompatibilityPath(pathname) {
+  return pathname === '/v1/chat/completions' ||
+    pathname === '/v1/messages' ||
+    pathname === '/v1/responses' ||
+    pathname === '/responses';
+}
+
+function normalizeProviderCompatibilityPath(pathname) {
+  if (pathname === '/v1/v1/chat/completions') return '/v1/chat/completions';
+  if (pathname === '/v1/v1/messages') return '/v1/messages';
+  if (pathname === '/v1/v1/responses') return '/v1/responses';
+  return pathname;
+}
+
 function hashKey(secret) {
   return createHash('sha256').update(secret).digest('hex');
 }
@@ -451,9 +654,22 @@ function readOwnerToken() {
   }
 }
 
+function readLocalHarnessToken() {
+  const ownerToken = readOwnerToken();
+  if (ownerToken) return ownerToken;
+  try {
+    if (!existsSync(LICENSE_PATH)) return '';
+    const license = JSON.parse(readFileSync(LICENSE_PATH, 'utf8'));
+    return coerceNonEmptyString(license.harnessToken) || coerceNonEmptyString(license.token) || '';
+  } catch {
+    return '';
+  }
+}
+
 function synthesizeOwnerLease(apiKey, reason) {
   const now = Date.now();
-  const recommended = 300;
+  const hours = 24;
+  const recommended = hours * 3600; // 24-hour owner heartbeat cadence
   return {
     keyHash: hashKey(apiKey),
     validatedAt: new Date(now).toISOString(),
@@ -738,6 +954,35 @@ function readCodebaseAwarenessState() {
   });
 }
 
+function readCurrentGovernanceRecovery() {
+  try {
+    if (!existsSync(CURRENT_RECOVERY_PATH)) return null;
+    const recovery = JSON.parse(readFileSync(CURRENT_RECOVERY_PATH, 'utf8'));
+    const mode = String(recovery?.governanceMode || '').trim();
+    return mode && mode !== 'allow' ? recovery : null;
+  } catch {
+    return null;
+  }
+}
+
+function formatGovernanceRecoveryForPrompt(recovery) {
+  if (!recovery) return '';
+  const loop = recovery.recoveryLoop && typeof recovery.recoveryLoop === 'object' ? recovery.recoveryLoop : {};
+  const contract = recovery.recoveryContract && typeof recovery.recoveryContract === 'object' ? recovery.recoveryContract : {};
+  return [
+    '--- CURRENT GOVERNANCE RECOVERY CONTEXT ---',
+    `Mode: ${recovery.governanceMode}`,
+    `Decision: ${recovery.decision || 'warn'}`,
+    `Fingerprint: ${loop.fingerprint || 'unknown'}`,
+    `Next step: ${loop.nextStep || 'execute recovery contract before claiming completion'}`,
+    `Architect fallback: ${loop.architectFallback || contract.fallbackWhenAriaUnavailable || 'if Aria consult is unavailable, use the strongest available client LLM under the architect harness'}`,
+    `Load skills first: ${(contract.loadSkillsFirst || []).join(', ') || '(none)'}`,
+    `Repair recovery cycle: ${(contract.repairRecoveryCycle || []).join(', ') || '(none)'}`,
+    `Retest: ${contract.retest || 'run the concrete verification probe'}`,
+    'Mandatory behavior: execute this recovery state before final output across new/resumed/pre-compact/post-compact sessions.',
+  ].join('\n');
+}
+
 function hashProjectionEmbedding(text, dimension = 256) {
   const vector = Array.from({ length: dimension }, () => 0);
   const tokens = String(text || '')
@@ -867,6 +1112,7 @@ function summarizeCognitionState(state) {
     hive: Array.isArray(state.hive) ? state.hive.length : 0,
     cognitiveStrings: Array.isArray(state.cognitiveStrings) ? state.cognitiveStrings.length : 0,
     receipts: Array.isArray(state.receipts) ? state.receipts.length : 0,
+    governanceRecovery: state.governanceRecovery ? state.governanceRecovery.governanceMode || 'present' : null,
     lastUpdatedAt: state.lastUpdatedAt || null,
   };
 }
@@ -907,6 +1153,222 @@ function writeJsonFile(filePath, payload, mode = 0o600) {
   writeFileSync(filePath, JSON.stringify(payload, null, 2) + '\n', { mode });
 }
 
+function hashLedgerValue(value) {
+  return createHash('sha256')
+    .update(typeof value === 'string' ? value : JSON.stringify(value ?? null))
+    .digest('hex');
+}
+
+function firstLedgerString(...values) {
+  for (const value of values) {
+    if (typeof value === 'string' && value.trim()) return value.trim();
+  }
+  return '';
+}
+
+function explicitProviderApiKeyPresent(body = {}) {
+  const llm = body.llm && typeof body.llm === 'object' ? body.llm : null;
+  const providerConfig = body.providerConfig && typeof body.providerConfig === 'object' ? body.providerConfig : null;
+  return Boolean(
+    firstLedgerString(body.providerApiKey) ||
+    firstLedgerString(llm?.apiKey) ||
+    firstLedgerString(providerConfig?.apiKey)
+  );
+}
+
+function credentialPlaneForProvider(body = {}, providerPlan = {}) {
+  const explicit = firstLedgerString(body?.metadata?.credentialPlane, body?.credentialPlane);
+  if (explicit) return explicit;
+  if (explicitProviderApiKeyPresent(body)) return 'customer_byo_request_key';
+  if (providerPlan.provider === 'ollama') return 'local_runtime_no_provider_key';
+  if (/local|virtual|mac|lane/i.test(String(providerPlan.provider || ''))) return 'local_runtime_lane_key_optional';
+  if (providerPlan.apiKey) return 'owner_or_runtime_managed_secret';
+  return 'missing_or_unresolved_provider_key';
+}
+
+function loadedSkillIdsForTurn(body = {}, turn = {}) {
+  const metadataSkills = Array.isArray(body?.metadata?.loadedSkills) ? body.metadata.loadedSkills : [];
+  const bodySkills = Array.isArray(body.loadedSkills) ? body.loadedSkills : [];
+  const turnSkills = Array.isArray(turn.loadedSkillIds) ? turn.loadedSkillIds : [];
+  return [...new Set([...metadataSkills, ...bodySkills, ...turnSkills])]
+    .filter((skill) => typeof skill === 'string' && skill.trim())
+    .map((skill) => skill.trim())
+    .sort();
+}
+
+function loadedSkillHashesForTurn(body = {}, turn = {}) {
+  const metadataHashes = Array.isArray(body?.metadata?.loadedSkillHashes) ? body.metadata.loadedSkillHashes : [];
+  const bodyHashes = Array.isArray(body.loadedSkillHashes) ? body.loadedSkillHashes : [];
+  const turnHashes = Array.isArray(turn.loadedSkillHashes) ? turn.loadedSkillHashes : [];
+  return [...new Set([...metadataHashes, ...bodyHashes, ...turnHashes])]
+    .filter((hash) => typeof hash === 'string' && hash.trim())
+    .map((hash) => hash.trim())
+    .sort();
+}
+
+function roleProfileForTurn(body = {}, turn = {}) {
+  return firstLedgerString(
+    body?.metadata?.roleProfile,
+    body?.metadata?.role_profile,
+    body.roleProfile,
+    body.role_profile,
+    process.env.OPENCODE_ARIA_ROLE_PROFILE,
+    process.env.ARIA_ROLE_PROFILE,
+    turn.turnClass?.kind,
+    'interactive_chat'
+  );
+}
+
+function resolveProviderPlanForLedger(body = {}) {
+  try {
+    const config = resolveProviderConfig(body);
+    return { ok: true, config, error: null };
+  } catch (error) {
+    return {
+      ok: false,
+      config: {
+        provider: firstLedgerString(body.provider, body?.llm?.provider, body?.providerConfig?.provider) || 'unresolved',
+        model: firstLedgerString(body.model, body?.llm?.model, body?.providerConfig?.model) || 'unresolved',
+        apiKey: '',
+        baseUrl: '',
+      },
+      error: error instanceof Error ? error.message : String(error),
+    };
+  }
+}
+
+function appendManagedRuntimeLedger(record = {}) {
+  mkdirSync(STATE_DIR, { recursive: true, mode: 0o700 });
+  const line = {
+    schema: 'aria.managed_runtime_provider_ledger.v1',
+    at: new Date().toISOString(),
+    ...record,
+  };
+  appendFileSync(MANAGED_RUNTIME_LEDGER_PATH, `${JSON.stringify(line)}\n`, { mode: 0o600 });
+  return {
+    ledgerPath: MANAGED_RUNTIME_LEDGER_PATH,
+    ledgerRecordId: line.ledger_record_id,
+  };
+}
+
+function buildManagedRuntimeLedgerRecord({ phase, body = {}, turn = {}, providerStyle = 'openai', providerPlan = {}, evaluation = null, repairAttempts = [], releaseDecision = 'pending', blockers = [], evidenceRefs = [], extra = {} } = {}) {
+  const requestId = firstLedgerString(turn.requestId, body.requestId, body.request_id, body?.metadata?.requestId, body?.metadata?.request_id) || `req_${randomUUID()}`;
+  const providerConfig = providerPlan.config || providerPlan || {};
+  const selectedAlias = firstLedgerString(body.model, body?.llm?.model, body?.providerConfig?.model, providerConfig.model) || 'unresolved';
+  const skillIds = loadedSkillIdsForTurn(body, turn);
+  const skillHashes = loadedSkillHashesForTurn(body, turn);
+  const providerPlanError = providerPlan.error ? [providerPlan.error] : [];
+  return {
+    ledger_record_id: `mrt_${randomUUID().replace(/-/g, '')}`,
+    request_id: requestId,
+    session_id: turn.sessionId || 'unknown',
+    surface: body.surface || body.platform || body.client || body?.metadata?.surface || providerStyle,
+    lane: 'managed_aria_provider',
+    phase,
+    harness_packet_hash: hashLedgerValue(turn.packet || {}),
+    role_profile: roleProfileForTurn(body, turn),
+    loaded_skill_ids: skillIds,
+    loaded_skill_hashes: skillHashes,
+    selected_alias: selectedAlias,
+    upstream_provider: providerConfig.provider || 'unresolved',
+    upstream_model: providerConfig.model || selectedAlias,
+    credential_plane: credentialPlaneForProvider(body, providerConfig),
+    quality_gate_status: evaluation?.blocked ? 'blocked' : evaluation ? 'passed' : 'pending',
+    compliance_gate_status: providerPlan.ok === false ? 'blocked_provider_config' : 'pre_generation_bound',
+    repair_attempts: repairAttempts,
+    release_decision: releaseDecision,
+    evidence_refs: evidenceRefs,
+    blockers: [...providerPlanError, ...blockers].filter(Boolean),
+    evolution_learning: [],
+    debug: {
+      provider_style: providerStyle,
+      packet_bypassed: turn.packetBypassed === true,
+      turn_class: turn.turnClass || null,
+      operator_plan: turn.operatorPlan || null,
+      api_key_present: Boolean(providerConfig.apiKey),
+      base_url_present: Boolean(providerConfig.baseUrl),
+      required_skill_reasons: turn.requiredSkillPlan?.reasons || [],
+      missing_skill_ids: turn.missingSkillIds || [],
+      ...extra,
+    },
+  };
+}
+
+function surfaceForRuntimeCoach(body = {}, providerStyle = 'openai') {
+  return firstLedgerString(
+    body.surface,
+    body.platform,
+    body.client,
+    body?.metadata?.surface,
+    body?.metadata?.client,
+    providerStyle,
+    'aria-mounted-runtime'
+  );
+}
+
+function recordRuntimeCoachPhase({ phase, body = {}, turn = {}, providerStyle = 'openai', providerPlan = {}, evaluation = null, text = '', action = '', target = '', evidenceRefs = [], metadata = {} } = {}) {
+  const providerConfig = providerPlan?.config || providerPlan || {};
+  const result = recordCoachPhase({
+    phase,
+    requestId: firstLedgerString(turn.requestId, body.requestId, body.request_id, body?.metadata?.requestId, body?.metadata?.request_id),
+    sessionId: turn.sessionId,
+    surface: surfaceForRuntimeCoach(body, providerStyle),
+    lane: 'managed_aria_provider',
+    action,
+    target,
+    text: text || turn.userMessage || '',
+    harnessPacketHash: hashLedgerValue(turn.packet || {}),
+    roleProfile: roleProfileForTurn(body, turn),
+    requiredSkillIds: turn.requiredSkillPlan?.requiredSkillIds || [],
+    loadedSkillIds: loadedSkillIdsForTurn(body, turn),
+    missingSkillIds: turn.missingSkillIds || [],
+    evidenceRefs,
+    validation: evaluation?.validation || null,
+    layer3: evaluation?.layer3 || null,
+    qualityGateStatus: evaluation?.blocked ? 'blocked' : evaluation ? 'passed' : 'pending',
+    complianceGateStatus: providerPlan?.ok === false ? 'blocked_provider_config' : 'coach_bound',
+    metadata: {
+      provider_style: providerStyle,
+      upstream_provider: providerConfig.provider || null,
+      upstream_model: providerConfig.model || null,
+      selected_alias: firstLedgerString(body.model, body?.llm?.model, body?.providerConfig?.model, providerConfig.model),
+      pre_receipt_id: turn.preReceipt?.receiptId || null,
+      mid_receipt_id: turn.midReceipt?.receiptId || null,
+      required_skill_reasons: turn.requiredSkillPlan?.reasons || [],
+      ...metadata,
+    },
+  });
+  return {
+    phase,
+    coachEventId: result.record.coach_event_id,
+    decision: result.decision,
+    permitted: result.permitted,
+    ledgerPath: result.ledgerPath,
+    reasons: result.record.reasons || [],
+    record: result.record,
+    clientMessage: result.clientMessage,
+  };
+}
+
+function coachRecordRefs(records = []) {
+  return records
+    .map((record) => record?.coachEventId ? `coach:${record.coachEventId}` : null)
+    .filter(Boolean);
+}
+
+function applyCoachRepairDecision(evaluation, coachResult) {
+  if (!evaluation || coachResult?.decision !== 'repair_once' || evaluation.blocked) return evaluation;
+  const coachBlockers = (coachResult.reasons || []).map((reason) => `coach: ${reason}`);
+  const toolGateBlockers = uniqueStrings([...(evaluation.toolGateBlockers || []), ...coachBlockers]);
+  return {
+    ...evaluation,
+    blocked: true,
+    toolGateBlockers,
+    finalText: buildToolGateBlockMessage(toolGateBlockers),
+    coachDecision: coachResult,
+  };
+}
+
 function readHiveFileLeaseState() {
   const state = readJsonFile(HIVE_FILE_LEASES_PATH, { leases: [] });
   return {
@@ -1267,17 +1729,48 @@ function getAutonomyView(state, limit = 50) {
   };
 }
 
-function resolveApiKey(req, body) {
-  const headerKey = req.headers['x-aria-api-key'];
-  if (typeof headerKey === 'string' && headerKey.trim()) return headerKey.trim();
-  if (typeof body.apiKey === 'string' && body.apiKey.trim()) return body.apiKey.trim();
-  return readBearer(req) || process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || null;
+function resolveApiKey(req, body, options = {}) {
+  const tokenScope = coerceNonEmptyString(body.tokenScope) ||
+    coerceNonEmptyString(body.clientId) ||
+    coerceNonEmptyString(body.tenantId) ||
+    coerceNonEmptyString(req.headers['x-aria-client-id']) ||
+    coerceNonEmptyString(req.headers['x-aria-tenant-id']);
+  const baseUrl = typeof body.baseUrl === 'string' && body.baseUrl.trim()
+    ? body.baseUrl.trim()
+    : DEFAULT_HARNESS_URL;
+  const headerKey = readHeader(req, 'x-aria-api-key').trim();
+  if (headerKey) {
+    resolveAriaAuthToken({ explicitToken: headerKey, baseUrl, tokenScope });
+    return headerKey;
+  }
+
+  const bodyKey = coerceNonEmptyString(body.ariaApiKey) ||
+    coerceNonEmptyString(body.ariaHarnessToken) ||
+    coerceNonEmptyString(body.harnessToken) ||
+    coerceNonEmptyString(body.apiKey);
+  if (bodyKey) {
+    resolveAriaAuthToken({ explicitToken: bodyKey, baseUrl, tokenScope });
+    return bodyKey;
+  }
+
+  if (options.allowBearerAuth !== false) {
+    const bearerToken = readBearer(req);
+    if (bearerToken) {
+      resolveAriaAuthToken({ explicitToken: bearerToken, baseUrl, tokenScope });
+      return bearerToken;
+    }
+  }
+
+  return resolveAriaAuthToken({ baseUrl, tokenScope }).token || null;
 }
 
-function createClient(req, body) {
-  const apiKey = resolveApiKey(req, body);
+function createClient(req, body, options = {}) {
+  const apiKey = resolveApiKey(req, body, options);
   if (!apiKey) {
-    throw new Error('Missing Aria API key. Supply x-aria-api-key, Authorization: Bearer <token>, ARIA_API_KEY, or ARIA_MASTER_TOKEN.');
+    const credentialHint = options.allowBearerAuth === false
+      ? 'Supply x-aria-api-key, body.ariaApiKey, ARIA_HARNESS_TOKEN, ARIA_API_KEY, or ARIA_MASTER_TOKEN. Provider Authorization headers are not accepted as Aria control-plane credentials on /v1 compatibility routes.'
+      : 'Supply x-aria-api-key, Authorization: Bearer <token>, ARIA_HARNESS_TOKEN, ARIA_API_KEY, or ARIA_MASTER_TOKEN.';
+    throw new Error(`Missing Aria API key. ${credentialHint}`);
   }
   ensureNotRevoked(apiKey);
 
@@ -1320,7 +1813,10 @@ async function heartbeatUpstream(req, body, client, apiKey) {
 
   const ownerBypassAllowed =
     readOwnerToken() &&
-    apiKey === readOwnerToken() &&
+    (apiKey === readOwnerToken() ||
+     apiKey === process.env.ARIA_HARNESS_TOKEN ||
+     apiKey === process.env.ARIA_API_KEY ||
+     apiKey === process.env.ARIA_MASTER_TOKEN) &&
     body.allowOwnerBypass !== false &&
     process.env.ARIA_RUNTIME_ALLOW_OWNER_BYPASS !== '0';
 
@@ -1333,6 +1829,7 @@ async function heartbeatUpstream(req, body, client, apiKey) {
         'Content-Type': 'application/json',
       },
       body: JSON.stringify(heartbeatBody),
+      signal: AbortSignal.timeout(5_000),
     });
 
     const payload = await response.json().catch(() => ({}));
@@ -1428,12 +1925,21 @@ async function heartbeatUpstream(req, body, client, apiKey) {
   return lease;
 }
 
-async function ensureLease(req, body, client) {
-  const apiKey = resolveApiKey(req, body);
+async function ensureLease(req, body, client, options = {}) {
+  const apiKey = resolveApiKey(req, body, options);
   if (!apiKey) {
     throw new Error('Missing Aria API key for heartbeat validation');
   }
 
+  // Owner machine fast-path: if the owner token file is present on disk,
+  // this is the owner's machine. Skip upstream heartbeat entirely.
+  const ownerToken = readOwnerToken();
+  if (ownerToken) {
+    const keyHash = hashKey(ownerToken);
+    const cached = leaseCache.get(keyHash) || null;
+    return cached || synthesizeOwnerLease(ownerToken, 'owner machine fast-path');
+  }
+
   const keyHash = hashKey(apiKey);
   const cached = leaseCache.get(keyHash) || loadEncryptedLease(apiKey);
   ensureOfflineBundleSeeded(apiKey, cached);
@@ -1503,6 +2009,48 @@ function findVerifiedState(text) {
   return /(?:verified|confirmed|observed|tested|health[- ]check|response code|exit code|pod image|digest)/i.test(String(text || ''));
 }
 
+function hasSuccessfulEvidenceText(...values) {
+  return values.some((value) =>
+    /\b(?:ok|passed|pass|success|succeeded|exit\s*=?\s*0|0\s*failures?|healthy)\b/i.test(String(value || ''))
+  );
+}
+
+function hasToolVerificationRef(refs) {
+  if (!Array.isArray(refs)) return false;
+  return refs.some((ref) =>
+    hasSuccessfulEvidenceText(ref?.preview, ref?.metadata?.commandResult, ref?.metadata?.status)
+  );
+}
+
+function normalizePostEvidence(text, evidence = {}) {
+  const source = evidence && typeof evidence === 'object' ? evidence : {};
+  const hasVerifiedState =
+    source.hasVerifiedState === true ||
+    source.verified === true ||
+    source.verification === true ||
+    source.validation_run === true ||
+    source.validationRun === true ||
+    source.validation?.ok === true ||
+    source.test?.ok === true ||
+    findVerifiedState(text) ||
+    hasSuccessfulEvidenceText(
+      source.commandResult,
+      source.outputPreview,
+      source.verification,
+      source.validation,
+      source.testResult
+    ) ||
+    hasToolVerificationRef(source.tool_refs || source.toolRefs);
+
+  return {
+    ...source,
+    hasVerifiedState,
+    layer3Pass: source.layer3Pass ?? source.layer3_pass,
+    remoteValidationSeverity:
+      source.remoteValidationSeverity ?? source.remote_validation_severity ?? source.validationSeverity ?? source.validation_severity,
+  };
+}
+
 const APPLIED_COGNITION_BLOCK_RX = /<applied_cognition>([\s\S]*?)<\/applied_cognition>/i;
 
 function validateAppliedCognitionContract(text) {
@@ -1544,6 +2092,25 @@ function mergeAppliedCognitionValidation(validation, applied) {
   };
 }
 
+function isAppliedCognitionOnlyValidationBlock(validation) {
+  const violations = Array.isArray(validation?.violations) ? validation.violations : [];
+  return validation?.severity === 'block' &&
+    violations.length > 0 &&
+    violations.every((violation) => /missing\s+<applied_cognition>\s+contract/i.test(String(violation || '')));
+}
+
+function allowTrivialAppliedCognitionValidation(validation, requireCognitionBlock) {
+  if (requireCognitionBlock || !isAppliedCognitionOnlyValidationBlock(validation)) return validation;
+  return {
+    ...validation,
+    passed: true,
+    severity: 'pass',
+    violations: [],
+    gateTriggers: [...new Set([...(validation.gateTriggers || []), 'applied-cognition-trivial-turn-waived'])],
+    appliedCognition: { ok: true, waived: 'trivial-turn' },
+  };
+}
+
 function toTelemetryEvent(payload, source = 'aria-mounted-runtime') {
   return {
     event_type: payload.event_type || 'runtime.cognition.turn',
@@ -1684,6 +2251,131 @@ function buildMinimalInjection(packet, task, aegisLearnings = null) {
   };
 }
 
+function providerIntentText(body = {}, userMessage = '') {
+  const parts = [userMessage];
+  for (const value of [
+    body.prompt,
+    body.input,
+    body.message,
+    body.ariaPlannedApproach,
+    body.ariaRationale,
+    body?.metadata?.intent,
+    body?.metadata?.mode,
+    body?.metadata?.surface,
+  ]) {
+    if (typeof value === 'string' && value.trim()) parts.push(value.trim());
+  }
+  return parts.filter(Boolean).join('\n');
+}
+
+function classifyRuntimeRequiredSkills(body = {}, userMessage = '', turnClass = null) {
+  const text = providerIntentText(body, userMessage);
+  const lower = text.toLowerCase();
+  const required = new Set(['mizan', 'aria-aristotle-pre-phase']);
+  const reasons = ['all managed provider requests require mizan balance and pre-generation cognition'];
+
+  if (/\b(?:edit|write|patch|apply_patch|repo|repository|codebase|runtime-src|source|implementation|implement|fix|debug|refactor|build|compile|test|hook|plugin|connector|quality runtime|provider gateway)\b/i.test(text)) {
+    required.add('aria-repo-doctrine');
+    required.add('aria-forge-guardrails');
+    reasons.push('repository/runtime implementation intent requires repo doctrine and forge guardrails');
+  }
+  if (/\b(?:deploy|kubectl|helm|terraform|docker\s+push|rollout|release|k8s|cluster|infra|infrastructure)\b/i.test(text)) {
+    required.add('aria-harness-deploy');
+    required.add('aria-harness-no-stripping');
+    required.add('aria-harness-output-discipline');
+    required.add('aria-forge-guardrails');
+    reasons.push('deploy or infrastructure intent requires deploy, no-stripping, output discipline, and guardrails');
+  }
+  if (/\b(?:remove|delete|strip|drop|omit|disable|bypass|skip|stub|mock|fake|placeholder|temporary|quick scaffold|band-aid|downgrade|weaken)\b/i.test(text)) {
+    required.add('aria-harness-no-stripping');
+    required.add('aria-forge-guardrails');
+    reasons.push('contract-reduction language requires no-stripping and guardrails');
+  }
+  if (/\b(?:done|complete|completed|ready|verified|fixed|shipped|production-ready|first-class|release-ready|client-facing|status report|summary)\b/i.test(text)) {
+    required.add('aria-harness-output-discipline');
+    reasons.push('completion/readiness/status language requires output discipline');
+  }
+  if (/\b(?:architecture|architect|system design|tradeoff|decision|adr|migration plan|design doc)\b/i.test(text)) {
+    required.add('ghazali-8lens');
+    required.add('predictor');
+    reasons.push('architecture or decision intent requires multi-lens validation and next-step prediction');
+  }
+  if (/\b(?:test|tests|testing|coverage|verify|verification|smoke|e2e|regression)\b/i.test(text)) {
+    required.add('predictor');
+    reasons.push('verification intent requires next-step prediction and evidence framing');
+  }
+
+  const explicitSkills = [
+    ...(Array.isArray(body.requiredSkills) ? body.requiredSkills : []),
+    ...(Array.isArray(body?.metadata?.requiredSkills) ? body.metadata.requiredSkills : []),
+  ];
+  for (const skill of explicitSkills) {
+    if (typeof skill === 'string' && skill.trim()) required.add(skill.trim());
+  }
+
+  return {
+    requiredSkillIds: [...required].sort(),
+    reasons,
+    intentHash: hashLedgerValue(text || 'empty-intent'),
+    turnClass: turnClass || null,
+    matchedTextPreview: text.slice(0, 500),
+  };
+}
+
+function resolveSkillPath(skillId) {
+  const safeId = String(skillId || '').replace(/[^a-zA-Z0-9_.-]/g, '');
+  if (!safeId) return '';
+  for (const root of SKILL_SEARCH_ROOTS) {
+    const candidate = join(root, safeId, 'SKILL.md');
+    if (existsSync(candidate)) return candidate;
+  }
+  return '';
+}
+
+function loadRuntimeRequiredSkills(skillIds = []) {
+  const loaded = [];
+  const missing = [];
+  for (const skillId of skillIds) {
+    const path = resolveSkillPath(skillId);
+    if (!path) {
+      missing.push(skillId);
+      continue;
+    }
+    const content = readFileSync(path, 'utf8');
+    const body = content.length > SKILL_BODY_MAX_CHARS
+      ? `${content.slice(0, SKILL_BODY_MAX_CHARS)}\n\n[aria-runtime: skill body truncated at ${SKILL_BODY_MAX_CHARS} chars]`
+      : content;
+    loaded.push({
+      id: skillId,
+      path,
+      hash: hashLedgerValue(content),
+      chars: content.length,
+      body,
+    });
+  }
+  return { loaded, missing };
+}
+
+function buildForcedSkillPromptBlock(skillLoad = null) {
+  if (!skillLoad || !Array.isArray(skillLoad.loaded) || skillLoad.loaded.length === 0) return '';
+  const sections = [
+    '--- ARIA RUNTIME FORCED SKILL LOAD ---',
+    'The following skill bodies were loaded by Aria Runtime before the upstream provider call. Apply them as binding instructions, not optional references.',
+  ];
+  for (const skill of skillLoad.loaded) {
+    sections.push(
+      `<skill_content name="${skill.id}" hash="${skill.hash}" source="${skill.path}">`,
+      skill.body,
+      '</skill_content>'
+    );
+  }
+  if (skillLoad.missing.length > 0) {
+    sections.push(`missing_skill_ids: ${skillLoad.missing.join(', ')}`);
+  }
+  sections.push('--- /ARIA RUNTIME FORCED SKILL LOAD ---');
+  return sections.join('\n');
+}
+
 function isOwnerBypassRequest(req, body, apiKey = null) {
   const ownerToken = readOwnerToken();
   const candidate = apiKey || resolveApiKey(req, body) || '';
@@ -1728,9 +2420,9 @@ function buildOwnerBypassPacket(message, reason = 'owner-local-bypass') {
   };
 }
 
-async function loadRuntimePacket(req, body, client, packetRequest, message) {
+async function loadRuntimePacket(req, body, client, packetRequest, message, options = {}) {
   if (body.packet) return enrichPacketWithCodebaseSnapshot(body.packet);
-  const apiKey = resolveApiKey(req, body);
+  const apiKey = resolveApiKey(req, body, options);
   ensureOfflineBundleSeeded(apiKey, leaseCache.get(hashKey(apiKey)) || loadEncryptedLease(apiKey));
   try {
     const wrapped = await client.getHarnessPacket(packetRequest || {});
@@ -1759,7 +2451,7 @@ async function loadRuntimePacket(req, body, client, packetRequest, message) {
         return enrichPacketWithCodebaseSnapshot(fallbackPacket);
       }
     }
-    if (!isOwnerBypassRequest(req, body)) {
+    if (!isOwnerBypassRequest(req, body, apiKey)) {
       throw error;
     }
     return enrichPacketWithCodebaseSnapshot(buildOwnerBypassPacket(
@@ -1772,11 +2464,15 @@ async function loadRuntimePacket(req, body, client, packetRequest, message) {
 function enrichPacketWithCodebaseSnapshot(packet) {
   if (!packet || typeof packet !== 'object') return packet;
   const codebase = compactCodebaseSnapshot();
+  const governanceRecovery = readCurrentGovernanceRecovery();
+  const recoveryPrompt = formatGovernanceRecoveryForPrompt(governanceRecovery);
   return {
     ...packet,
+    harness: [recoveryPrompt, packet.harness].filter(Boolean).join('\n'),
     runtime: {
       ...(packet.runtime && typeof packet.runtime === 'object' ? packet.runtime : {}),
       codebase_awareness: codebase,
+      governance_recovery: governanceRecovery,
     },
   };
 }
@@ -1802,8 +2498,17 @@ function buildMizanPacketRequest(body = {}) {
   };
 }
 
-async function buildRuntimeTurnContext(req, body, client) {
+async function buildRuntimeTurnContext(req, body, client, options = {}) {
   const sessionId = deriveSessionId(req, body, body.provider === 'anthropic' ? 'anthropic' : 'openai');
+  const requestId = firstLedgerString(
+    body.requestId,
+    body.request_id,
+    body?.metadata?.requestId,
+    body?.metadata?.request_id,
+    readHeader(req, 'x-request-id'),
+    readHeader(req, 'x-aria-request-id'),
+    `req_${randomUUID()}`
+  );
   const userId = deriveUserId(req, body);
   const userMessage = Array.isArray(body.messages)
     ? (body.provider === 'anthropic' ? extractAnthropicUserMessage(body.messages) : extractOpenAIUserMessage(body.messages))
@@ -1814,6 +2519,7 @@ async function buildRuntimeTurnContext(req, body, client) {
       : 'Bind to the harness packet, reason through Aristotle and Noor cognitives, avoid unsupported state claims, and emit only what survives validation.';
   const packetRequest = {
     sessionId,
+    requestId,
     userId,
     platform: body.platform || body.client || 'mounted-runtime',
     system: 'aria-mounted-runtime',
@@ -1821,7 +2527,7 @@ async function buildRuntimeTurnContext(req, body, client) {
     message: userMessage,
     ...(body.packetRequest && typeof body.packetRequest === 'object' ? body.packetRequest : {}),
   };
-  const packet = await loadRuntimePacket(req, body, client, packetRequest, userMessage);
+  const packet = await loadRuntimePacket(req, body, client, packetRequest, userMessage, options);
   const runtimeId = ensureRuntimeMeta().runtimeId;
   const turnClass = classifyTurn({
     message: userMessage,
@@ -1830,6 +2536,8 @@ async function buildRuntimeTurnContext(req, body, client) {
     plannedApproach,
     domains: body.ariaDomains,
   });
+  const requiredSkillPlan = classifyRuntimeRequiredSkills(body, userMessage, turnClass);
+  const skillLoad = loadRuntimeRequiredSkills(requiredSkillPlan.requiredSkillIds);
   const preBundle = evaluateMizanPre(packet, {
     sessionId,
     userId,
@@ -1856,13 +2564,15 @@ async function buildRuntimeTurnContext(req, body, client) {
   });
   const aegisLearnings = await client.getAegisLearnings(12).catch(() => null);
   const basePrompt = client.buildSystemPrompt(buildMinimalInjection(packet, userMessage || 'Aria runtime turn', aegisLearnings));
+  const forcedSkillPromptBlock = buildForcedSkillPromptBlock(skillLoad);
   const cognitionDirective = buildRuntimeCognitionDirective(packet, {
     preResult: preBundle.result,
     midResult: midBundle.result,
   });
-  const ariaSystemPrompt = [basePrompt, '', cognitionDirective].join('\n');
+  const ariaSystemPrompt = [basePrompt, '', forcedSkillPromptBlock, '', cognitionDirective].filter(Boolean).join('\n');
   return {
     sessionId,
+    requestId,
     userId,
     userMessage,
     plannedApproach,
@@ -1870,6 +2580,11 @@ async function buildRuntimeTurnContext(req, body, client) {
     packetBypassed: packet?.version === 'owner-local-bypass',
     turnClass,
     operatorPlan: buildOperatorPlan(turnClass, 'pre'),
+    requiredSkillPlan,
+    loadedSkills: skillLoad.loaded,
+    loadedSkillIds: skillLoad.loaded.map((skill) => skill.id),
+    loadedSkillHashes: skillLoad.loaded.map((skill) => skill.hash),
+    missingSkillIds: skillLoad.missing,
     preResult: preBundle.result,
     preBundle,
     preReceipt: preBundle.receipt,
@@ -2310,6 +3025,40 @@ function buildReadableAriaEnvelope(extra = {}, debug = false) {
       : [],
   } : null;
 
+  const recovery = Array.isArray(extra.recoveryAttempts) ? {
+    attempted: extra.recoveryAttempts.length > 0,
+    attempts: extra.recoveryAttempts.map((attempt) => ({
+      attempt: attempt.attempt,
+      mode: attempt.mode,
+      success: Boolean(attempt.success),
+      error: attempt.error || null,
+      validationSeverity: attempt.validationSeverity || null,
+      layer3Pass: attempt.layer3Pass ?? null,
+      postQuality: attempt.postQuality ?? null,
+      reasons: Array.isArray(attempt.reasons) ? attempt.reasons.slice(0, 5) : [],
+    })),
+  } : null;
+
+  const runtimeLedger = extra.runtimeLedger ? {
+    path: extra.runtimeLedger.ledgerPath || null,
+    records: Array.isArray(extra.runtimeLedger.records)
+      ? extra.runtimeLedger.records.map((record) => ({
+          phase: record.phase,
+          id: record.ledgerRecordId || record.ledger_record_id || null,
+        }))
+      : [],
+  } : null;
+
+  const coachKernel = extra.coachKernel ? {
+    records: Array.isArray(extra.coachKernel.records)
+      ? extra.coachKernel.records.map((record) => ({
+          phase: record.phase,
+          id: record.coachEventId || record.coach_event_id || record.record?.coach_event_id || null,
+          decision: record.decision || record.record?.decision || null,
+        }))
+      : [],
+  } : null;
+
   const envelope = {
     blocked: Boolean(extra.blocked),
     control_plane: 'aria-mounted-runtime',
@@ -2330,6 +3079,9 @@ function buildReadableAriaEnvelope(extra = {}, debug = false) {
     cognition,
     doctrine,
     tool_gate,
+    recovery,
+    runtime_ledger: runtimeLedger,
+    coach_kernel: coachKernel,
   };
 
   if (debug) {
@@ -2640,10 +3392,12 @@ async function persistTurnArtifacts(req, body, client, apiKey, turn) {
       pre: turn.preResult,
       mid: turn.midResult,
       post: turn.postResult,
+      recovery_attempts: turn.recoveryAttempts || [],
       evolution_principles: evolutionPrinciples,
       aegis_patterns: aegisPatterns,
       runtime_url: DEFAULT_RUNTIME_URL,
       runtime_id: ensureRuntimeMeta().runtimeId,
+      governance_recovery: readCurrentGovernanceRecovery(),
     },
   };
 
@@ -2671,7 +3425,10 @@ async function persistTurnArtifacts(req, body, client, apiKey, turn) {
       sessionId: turn.sessionId,
       message: turn.userMessage,
       response: turn.finalText,
+      governance_recovery: readCurrentGovernanceRecovery(),
+      recovery_attempts: turn.recoveryAttempts || [],
     }, TELEMETRY_LIMIT),
+    governanceRecovery: readCurrentGovernanceRecovery(),
   }));
 
   try {
@@ -2690,6 +3447,7 @@ async function persistTurnArtifacts(req, body, client, apiKey, turn) {
         model: turn.providerMeta.model,
         finish_reason: turn.providerMeta.finishReason,
         success: turn.success,
+        governance_recovery: readCurrentGovernanceRecovery(),
       },
       readability: cognitionStrings.readable,
     });
@@ -2822,22 +3580,7 @@ async function persistTurnArtifacts(req, body, client, apiKey, turn) {
   }
 }
 
-async function handleProviderProxy(req, body, client, providerStyle) {
-  const apiKey = resolveApiKey(req, body);
-  const startedAt = Date.now();
-  const turn = await buildRuntimeTurnContext(req, body, client);
-  if (turn.preResult.fitrahVetoed) {
-    const refusal = buildPhaseBlockMessage(turn.preResult, 'pre');
-    const extra = { blocked: true, phase: 'pre', pre: turn.preResult, mid: turn.midResult };
-  return providerStyle === 'anthropic'
-    ? anthropicResponseEnvelope(refusal, { model: body.model || 'aria-runtime', finishReason: 'end_turn' }, extra, body?.ariaDebug === true)
-      : openAiResponseEnvelope(body, refusal, { model: body.model || 'aria-runtime', finishReason: 'stop', usage: null }, extra);
-  }
-
-  const providerMeta = providerStyle === 'anthropic'
-    ? await callProviderForAnthropic(body, turn.ariaSystemPrompt)
-    : await callProviderForOpenAI(body, turn.ariaSystemPrompt);
-
+function recordProviderUsage(body, turn, providerMeta) {
   try {
     recordTokenUsage({
       tenantId: body?.metadata?.jti || body?.jti || 'owner-local',
@@ -2851,11 +3594,19 @@ async function handleProviderProxy(req, body, client, providerStyle) {
       requestType: body?.metadata?.requestType || 'chat',
     });
   } catch {}
+}
+
+async function callProviderByStyle(providerStyle, body, systemPrompt) {
+  return providerStyle === 'anthropic'
+    ? callProviderForAnthropic(body, systemPrompt)
+    : callProviderForOpenAI(body, systemPrompt);
+}
 
-  let candidateText = providerMeta.text || '';
-  const toolIntents = extractProviderToolIntents(providerStyle, providerMeta);
-  const requiresReadableCognition = isNonTrivialAssistantTurn(candidateText, toolIntents);
-  const cognitionContract = extractVisibleCognitionContract(candidateText);
+async function evaluateProviderCandidate(req, body, client, apiKey, turn, providerStyle, providerMeta, initialText) {
+  let candidateText = typeof initialText === 'string' ? initialText : providerMeta.text || '';
+  let toolIntents = extractProviderToolIntents(providerStyle, providerMeta);
+  let requiresReadableCognition = isNonTrivialAssistantTurn(candidateText, toolIntents);
+  let requireCognitionBlock = body.requireCognitionBlock ?? requiresReadableCognition;
 
   let validation = {
     passed: true,
@@ -2879,6 +3630,9 @@ async function handleProviderProxy(req, body, client, providerStyle) {
     }
     if (validation?.severity === 'block' && validation?.rewritten) {
       candidateText = validation.rewritten;
+      toolIntents = [];
+      requiresReadableCognition = isNonTrivialAssistantTurn(candidateText, toolIntents);
+      requireCognitionBlock = body.requireCognitionBlock ?? requiresReadableCognition;
       try {
         validation = await client.validateOutput(candidateText, turn.sessionId);
       } catch (error) {
@@ -2893,13 +3647,14 @@ async function handleProviderProxy(req, body, client, providerStyle) {
         };
       }
     }
+    validation = allowTrivialAppliedCognitionValidation(validation, requireCognitionBlock);
   }
 
   const layer3 = await runLayer3(req, {
     text: candidateText || (toolIntents.length > 0 ? `<cognition>\n</cognition>` : ''),
     packet: turn.packet,
     fetchPacket: false,
-    requireCognitionBlock: body.requireCognitionBlock ?? requiresReadableCognition,
+    requireCognitionBlock,
   }, client);
   const doctrineHits = candidateText.trim() ? collectDoctrineTriggerHits(candidateText) : [];
   const doctrineBlockers = doctrineHits
@@ -2942,7 +3697,6 @@ async function handleProviderProxy(req, body, client, providerStyle) {
     parentReceiptId: turn.midReceipt?.receiptId || turn.preReceipt?.receiptId || null,
   });
   const postResult = postBundle.result;
-
   const blocked =
     validation.severity === 'block' ||
     !layer3.pass ||
@@ -2954,44 +3708,421 @@ async function handleProviderProxy(req, body, client, providerStyle) {
     : blocked
       ? buildPhaseBlockMessage(postResult, 'post')
       : candidateText;
-  await persistTurnArtifacts(req, body, client, apiKey, {
-    ...turn,
-    postResult,
-    postBundle,
-    postReceipt: postBundle.receipt,
-    postContract: postBundle.contract,
+
+  return {
+    candidateText,
+    toolIntents,
+    requireCognitionBlock,
+    cognitionContract: extractVisibleCognitionContract(candidateText),
     validation,
     layer3,
+    doctrineHits,
+    doctrineBlockers,
+    toolGateBlockers,
+    postBundle,
+    postResult,
+    blocked,
+    finalText,
+  };
+}
+
+async function handleProviderProxy(req, body, client, providerStyle, options = {}) {
+  const apiKey = resolveApiKey(req, body, options);
+  const startedAt = Date.now();
+  const turn = await buildRuntimeTurnContext(req, body, client, options);
+  const ledgerRecords = [];
+  const coachRecords = [];
+  const providerPlan = resolveProviderPlanForLedger(body);
+  coachRecords.push(recordRuntimeCoachPhase({
+    phase: 'pre_turn',
+    body,
+    turn,
+    providerStyle,
+    providerPlan,
+    text: turn.userMessage,
+    evidenceRefs: [`packet:${hashLedgerValue(turn.packet || {})}`],
+    metadata: { request_start_ms: startedAt },
+  }));
+  coachRecords.push(recordRuntimeCoachPhase({
+    phase: 'pre_cognition',
+    body,
+    turn,
+    providerStyle,
+    providerPlan,
+    text: turn.plannedApproach,
+    evidenceRefs: [`pre_receipt:${turn.preReceipt?.receiptId || 'pending'}`],
+  }));
+  coachRecords.push(recordRuntimeCoachPhase({
+    phase: 'post_cognition',
+    body,
+    turn,
+    providerStyle,
+    providerPlan,
+    text: turn.ariaSystemPrompt,
+    evidenceRefs: [
+      `pre_receipt:${turn.preReceipt?.receiptId || 'missing'}`,
+      `mid_receipt:${turn.midReceipt?.receiptId || 'missing'}`,
+      ...turn.loadedSkillHashes.map((hash) => `skill_hash:${hash}`),
+    ],
+    metadata: {
+      loaded_skill_count: turn.loadedSkillIds.length,
+      missing_skill_count: turn.missingSkillIds.length,
+    },
+  }));
+  if (turn.preResult.fitrahVetoed) {
+    const refusal = buildPhaseBlockMessage(turn.preResult, 'pre');
+    coachRecords.push(recordRuntimeCoachPhase({
+      phase: 'claim_or_release',
+      body,
+      turn,
+      providerStyle,
+      providerPlan,
+      text: refusal,
+      evidenceRefs: [`pre_receipt:${turn.preReceipt?.receiptId || 'missing'}`],
+      metadata: { blocked: true, requireCognitionBlock: false, requireAppliedCognition: false, reason: 'pre_generation_fitrah_veto' },
+    }));
+    const preBlockRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+      phase: 'pre_generation_veto',
+      body,
+      turn,
+      providerStyle,
+      providerPlan,
+      releaseDecision: 'hard_block',
+      blockers: turn.preResult?.notes || ['pre_generation_fitrah_veto'],
+      evidenceRefs: coachRecordRefs(coachRecords),
+    }));
+    ledgerRecords.push({ phase: 'pre_generation_veto', ...preBlockRecord });
+    const extra = {
+      blocked: true,
+      phase: 'pre',
+      pre: turn.preResult,
+      mid: turn.midResult,
+      runtimeLedger: { ledgerPath: MANAGED_RUNTIME_LEDGER_PATH, records: ledgerRecords },
+      coachKernel: { records: coachRecords },
+    };
+    return providerStyle === 'anthropic'
+      ? anthropicResponseEnvelope(refusal, { model: body.model || 'aria-runtime', finishReason: 'end_turn' }, extra, body?.ariaDebug === true)
+      : openAiResponseEnvelope(body, refusal, { model: body.model || 'aria-runtime', finishReason: 'stop', usage: null }, extra);
+  }
+
+  const preGenerationCoach = recordRuntimeCoachPhase({
+    phase: 'pre_generation',
+    body,
+    turn,
+    providerStyle,
+    providerPlan,
+    text: turn.userMessage,
+    evidenceRefs: [
+      `pre_receipt:${turn.preReceipt?.receiptId || 'missing'}`,
+      `mid_receipt:${turn.midReceipt?.receiptId || 'missing'}`,
+      ...coachRecordRefs(coachRecords),
+    ],
+  });
+  coachRecords.push(preGenerationCoach);
+  if (preGenerationCoach.decision === 'hard_block') {
+    const refusal = formatCoachClientBlock(preGenerationCoach);
+    const preBlockRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+      phase: 'pre_generation_veto',
+      body,
+      turn,
+      providerStyle,
+      providerPlan,
+      releaseDecision: 'hard_block',
+      blockers: preGenerationCoach.reasons,
+      evidenceRefs: coachRecordRefs(coachRecords),
+    }));
+    ledgerRecords.push({ phase: 'pre_generation_veto', ...preBlockRecord });
+    const extra = {
+      blocked: true,
+      phase: 'coach-pre-generation',
+      pre: turn.preResult,
+      mid: turn.midResult,
+      runtimeLedger: { ledgerPath: MANAGED_RUNTIME_LEDGER_PATH, records: ledgerRecords },
+      coachKernel: { records: coachRecords },
+    };
+    return providerStyle === 'anthropic'
+      ? anthropicResponseEnvelope(refusal, { model: body.model || 'aria-runtime', finishReason: 'end_turn' }, extra, body?.ariaDebug === true)
+      : openAiResponseEnvelope(body, refusal, { model: body.model || 'aria-runtime', finishReason: 'stop', usage: null }, extra);
+  }
+
+  const preProviderRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+    phase: 'pre_provider_call',
+    body,
+    turn,
+    providerStyle,
+    providerPlan,
+    releaseDecision: 'pending_provider_call',
+    evidenceRefs: [
+      `pre_receipt:${turn.preReceipt?.receiptId || 'missing'}`,
+      `mid_receipt:${turn.midReceipt?.receiptId || 'missing'}`,
+      `coach:${preGenerationCoach.coachEventId}`,
+    ],
+  }));
+  ledgerRecords.push({ phase: 'pre_provider_call', ...preProviderRecord });
+
+  let providerMeta;
+  try {
+    providerMeta = await callProviderByStyle(providerStyle, body, turn.ariaSystemPrompt);
+  } catch (error) {
+    const failureRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+      phase: 'provider_call_failed',
+      body,
+      turn,
+      providerStyle,
+      providerPlan,
+      releaseDecision: 'provider_call_failed',
+      blockers: [error instanceof Error ? error.message : String(error)],
+      evidenceRefs: [preProviderRecord.ledgerRecordId],
+    }));
+    ledgerRecords.push({ phase: 'provider_call_failed', ...failureRecord });
+    throw error;
+  }
+  recordProviderUsage(body, turn, providerMeta);
+  let hardCoachBlock = null;
+  let evaluation = await evaluateProviderCandidate(req, body, client, apiKey, turn, providerStyle, providerMeta, providerMeta.text || '');
+  const postGenerationCoach = recordRuntimeCoachPhase({
+    phase: 'post_generation',
+    body,
+    turn,
+    providerStyle,
+    providerPlan: { ok: true, config: { ...providerPlan.config, provider: providerMeta.provider || providerPlan.config?.provider, model: providerMeta.model || providerPlan.config?.model }, error: providerPlan.error },
+    evaluation,
+    text: evaluation.candidateText,
+    evidenceRefs: [preProviderRecord.ledgerRecordId, `coach:${preGenerationCoach.coachEventId}`],
+    metadata: {
+      provider_finish_reason: providerMeta.finishReason || null,
+      requireCognitionBlock: evaluation.requireCognitionBlock,
+      requireAppliedCognition: evaluation.requireCognitionBlock,
+    },
+  });
+  coachRecords.push(postGenerationCoach);
+  if (postGenerationCoach.decision === 'hard_block') {
+    hardCoachBlock = postGenerationCoach;
+  } else {
+    evaluation = applyCoachRepairDecision(evaluation, postGenerationCoach);
+  }
+  const evaluatedRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+    phase: 'provider_candidate_evaluated',
+    body,
+    turn,
+    providerStyle,
+    providerPlan: { ok: true, config: { ...providerPlan.config, provider: providerMeta.provider || providerPlan.config?.provider, model: providerMeta.model || providerPlan.config?.model }, error: providerPlan.error },
+    evaluation,
+    releaseDecision: hardCoachBlock ? 'hard_block_pending' : evaluation.blocked ? 'repair_pending' : 'candidate_passed',
+    blockers: hardCoachBlock ? hardCoachBlock.reasons : failureSummaryFromEvaluation(evaluation),
+    evidenceRefs: [preProviderRecord.ledgerRecordId, `coach:${postGenerationCoach.coachEventId}`],
+  }));
+  ledgerRecords.push({ phase: 'provider_candidate_evaluated', ...evaluatedRecord });
+
+  const recoveryAttempts = [];
+  const maxRecoveryAttempts = evaluation.blocked && !hardCoachBlock ? recoveryAttemptCount(body) : 0;
+  for (let attempt = 1; !hardCoachBlock && evaluation.blocked && attempt <= maxRecoveryAttempts; attempt += 1) {
+    const mode = attempt === 1 ? 'self_reauthor' : 'architect_recovery';
+    try {
+      const recoveryBody = buildRecoveryBody(body, turn, evaluation.candidateText, evaluation, attempt, mode, providerStyle);
+      const repairPreCoach = recordRuntimeCoachPhase({
+        phase: 'pre_generation',
+        body: recoveryBody,
+        turn,
+        providerStyle,
+        providerPlan: resolveProviderPlanForLedger(recoveryBody),
+        evaluation,
+        text: turn.userMessage,
+        evidenceRefs: [evaluatedRecord.ledgerRecordId, ...coachRecordRefs(coachRecords)],
+        metadata: { repair_attempt: attempt, repair_mode: mode },
+      });
+      coachRecords.push(repairPreCoach);
+      if (repairPreCoach.decision === 'hard_block') {
+        hardCoachBlock = repairPreCoach;
+        break;
+      }
+      const repairPreRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+        phase: 'repair_before_provider_call',
+        body: recoveryBody,
+        turn,
+        providerStyle,
+        providerPlan: resolveProviderPlanForLedger(recoveryBody),
+        evaluation,
+        repairAttempts: recoveryAttempts,
+        releaseDecision: 'repair_provider_call_pending',
+        blockers: failureSummaryFromEvaluation(evaluation),
+        evidenceRefs: [evaluatedRecord.ledgerRecordId, `coach:${repairPreCoach.coachEventId}`],
+        extra: { repair_attempt: attempt, repair_mode: mode },
+      }));
+      ledgerRecords.push({ phase: 'repair_before_provider_call', ...repairPreRecord });
+      const recoveryMeta = await callProviderByStyle(providerStyle, recoveryBody, turn.ariaSystemPrompt);
+      recordProviderUsage(recoveryBody, turn, recoveryMeta);
+      const recoveryEvaluation = await evaluateProviderCandidate(
+        req,
+        recoveryBody,
+        client,
+        apiKey,
+        turn,
+        providerStyle,
+        recoveryMeta,
+        recoveryMeta.text || '',
+      );
+      const repairPostCoach = recordRuntimeCoachPhase({
+        phase: 'post_generation',
+        body: recoveryBody,
+        turn,
+        providerStyle,
+        providerPlan: { ok: true, config: { ...resolveProviderPlanForLedger(recoveryBody).config, provider: recoveryMeta.provider, model: recoveryMeta.model }, error: null },
+        evaluation: recoveryEvaluation,
+        text: recoveryEvaluation.candidateText,
+        evidenceRefs: [repairPreRecord.ledgerRecordId, `coach:${repairPreCoach.coachEventId}`],
+        metadata: { repair_attempt: attempt, repair_mode: mode, requireCognitionBlock: recoveryEvaluation.requireCognitionBlock, requireAppliedCognition: recoveryEvaluation.requireCognitionBlock },
+      });
+      coachRecords.push(repairPostCoach);
+      const finalRecoveryEvaluation = repairPostCoach.decision === 'hard_block'
+        ? {
+            ...recoveryEvaluation,
+            blocked: true,
+            toolGateBlockers: uniqueStrings([
+              ...(recoveryEvaluation.toolGateBlockers || []),
+              ...repairPostCoach.reasons.map((reason) => `coach: ${reason}`),
+            ]),
+            finalText: formatCoachClientBlock(repairPostCoach),
+            coachDecision: repairPostCoach,
+          }
+        : applyCoachRepairDecision(recoveryEvaluation, repairPostCoach);
+      if (repairPostCoach.decision === 'hard_block') {
+        hardCoachBlock = repairPostCoach;
+      }
+      recoveryAttempts.push(recoveryAttemptRecord(attempt, mode, finalRecoveryEvaluation));
+      const repairEvaluationRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+        phase: 'repair_candidate_evaluated',
+        body: recoveryBody,
+        turn,
+        providerStyle,
+        providerPlan: { ok: true, config: { ...resolveProviderPlanForLedger(recoveryBody).config, provider: recoveryMeta.provider, model: recoveryMeta.model }, error: null },
+        evaluation: finalRecoveryEvaluation,
+        repairAttempts: recoveryAttempts,
+        releaseDecision: hardCoachBlock ? 'hard_block_pending' : finalRecoveryEvaluation.blocked ? 'repair_failed_or_next_attempt_pending' : 'repair_passed',
+        blockers: hardCoachBlock ? hardCoachBlock.reasons : failureSummaryFromEvaluation(finalRecoveryEvaluation),
+        evidenceRefs: [repairPreRecord.ledgerRecordId, `coach:${repairPostCoach.coachEventId}`],
+        extra: { repair_attempt: attempt, repair_mode: mode },
+      }));
+      ledgerRecords.push({ phase: 'repair_candidate_evaluated', ...repairEvaluationRecord });
+      providerMeta = recoveryMeta;
+      evaluation = finalRecoveryEvaluation;
+    } catch (error) {
+      recoveryAttempts.push(recoveryAttemptRecord(attempt, mode, null, error));
+      const repairErrorRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+        phase: 'repair_provider_call_failed',
+        body,
+        turn,
+        providerStyle,
+        providerPlan,
+        repairAttempts: recoveryAttempts,
+        releaseDecision: 'repair_error',
+        blockers: [error instanceof Error ? error.message : String(error)],
+        extra: { repair_attempt: attempt, repair_mode: mode },
+      }));
+      ledgerRecords.push({ phase: 'repair_provider_call_failed', ...repairErrorRecord });
+    }
+  }
+
+  let blocked = evaluation.blocked || Boolean(hardCoachBlock);
+  let finalText = hardCoachBlock
+    ? formatCoachClientBlock(hardCoachBlock)
+    : blocked && recoveryAttempts.length > 0
+      ? buildProviderRecoveryBlockMessage(evaluation, recoveryAttempts)
+      : evaluation.finalText;
+  const preOutputCoach = recordRuntimeCoachPhase({
+    phase: 'pre_output',
+    body,
+    turn,
+    providerStyle,
+    providerPlan: { ok: true, config: { ...providerPlan.config, provider: providerMeta.provider || providerPlan.config?.provider, model: providerMeta.model || providerPlan.config?.model }, error: providerPlan.error },
+    evaluation,
+    text: finalText,
+    evidenceRefs: [...ledgerRecords.map((record) => record.ledgerRecordId).filter(Boolean), ...coachRecordRefs(coachRecords)],
+    metadata: { blocked, requireCognitionBlock: evaluation.requireCognitionBlock, requireAppliedCognition: evaluation.requireCognitionBlock },
+  });
+  coachRecords.push(preOutputCoach);
+  const releaseCoach = recordRuntimeCoachPhase({
+    phase: 'claim_or_release',
+    body,
+    turn,
+    providerStyle,
+    providerPlan: { ok: true, config: { ...providerPlan.config, provider: providerMeta.provider || providerPlan.config?.provider, model: providerMeta.model || providerPlan.config?.model }, error: providerPlan.error },
+    evaluation,
+    text: finalText,
+    evidenceRefs: [
+      ...ledgerRecords.map((record) => record.ledgerRecordId).filter(Boolean),
+      `coach:${preOutputCoach.coachEventId}`,
+      ...coachRecordRefs(coachRecords),
+    ],
+    metadata: { blocked, release_decision: blocked ? 'blocked_after_recovery' : 'released_to_client', requireCognitionBlock: evaluation.requireCognitionBlock, requireAppliedCognition: evaluation.requireCognitionBlock },
+  });
+  coachRecords.push(releaseCoach);
+  if (!blocked && releaseCoach.decision !== 'allow' && releaseCoach.decision !== 'warn_operator_only') {
+    blocked = true;
+    hardCoachBlock = releaseCoach;
+    finalText = formatCoachClientBlock(releaseCoach);
+  }
+
+  await persistTurnArtifacts(req, body, client, apiKey, {
+    ...turn,
+    postResult: evaluation.postResult,
+    postBundle: evaluation.postBundle,
+    postReceipt: evaluation.postBundle.receipt,
+    postContract: evaluation.postBundle.contract,
+    validation: evaluation.validation,
+    layer3: evaluation.layer3,
+    recoveryAttempts,
     finalText,
     durationMs: Date.now() - startedAt,
     success: !blocked,
-    error: blocked ? 'runtime blocked output' : null,
+    error: blocked ? 'runtime blocked output after recovery contract' : null,
     providerMeta,
   });
+  const finalLedgerRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+    phase: 'final_release_decision',
+    body,
+    turn,
+    providerStyle,
+    providerPlan: { ok: true, config: { ...providerPlan.config, provider: providerMeta.provider || providerPlan.config?.provider, model: providerMeta.model || providerPlan.config?.model }, error: providerPlan.error },
+    evaluation,
+    repairAttempts: recoveryAttempts,
+    releaseDecision: blocked ? 'blocked_after_recovery' : 'released_to_client',
+    blockers: blocked ? uniqueStrings([...failureSummaryFromEvaluation(evaluation), ...(hardCoachBlock?.reasons || [])]) : [],
+    evidenceRefs: [...ledgerRecords.map((record) => record.ledgerRecordId).filter(Boolean), ...coachRecordRefs(coachRecords)],
+  }));
+  ledgerRecords.push({ phase: 'final_release_decision', ...finalLedgerRecord });
 
   const extra = {
     blocked,
     pre: turn.preResult,
     mid: turn.midResult,
-    post: postResult,
+    post: evaluation.postResult,
     receipts: {
       pre: turn.preReceipt,
       mid: turn.midReceipt,
-      post: postBundle.receipt,
+      post: evaluation.postBundle.receipt,
     },
     turnClass: turn.turnClass,
     operatorPlan: turn.operatorPlan,
-    validation,
-    layer3,
-    cognitionContract,
+    validation: evaluation.validation,
+    layer3: evaluation.layer3,
+    cognitionContract: evaluation.cognitionContract,
+    recoveryAttempts,
     doctrine: {
-      blocked: doctrineBlockers.length > 0,
-      hits: doctrineHits,
+      blocked: evaluation.doctrineBlockers.length > 0,
+      hits: evaluation.doctrineHits,
     },
     toolGate: {
-      blocked: toolGateBlockers.length > 0,
-      blockers: toolGateBlockers,
-      intents: toolIntents,
+      blocked: evaluation.toolGateBlockers.length > 0,
+      blockers: evaluation.toolGateBlockers,
+      intents: evaluation.toolIntents,
+    },
+    runtimeLedger: {
+      ledgerPath: MANAGED_RUNTIME_LEDGER_PATH,
+      records: ledgerRecords,
+    },
+    coachKernel: {
+      records: coachRecords,
     },
   };
   return providerStyle === 'anthropic'
@@ -3282,7 +4413,11 @@ function runtimeManifest() {
     endpoints: [
       'GET /health',
       'GET /mount',
+      'GET /coach/state',
       'POST /heartbeat',
+      'POST /coach/event',
+      'POST /coach/phase',
+      'POST /coach/state',
       'POST /mizan/plan',
       'POST /mizan/pre',
       'POST /mizan/mid',
@@ -3308,6 +4443,11 @@ function runtimeManifest() {
       'POST /garden/turn',
       'POST /garden/search',
       'POST /record-discovery',
+      'POST /task-project-ledger/event',
+      'POST /task-project-ledger/status',
+      'POST /task-project-ledger/claim',
+      'POST /openclaw/task-ledger/snapshot',
+      'POST /openclaw/task-flow',
       'POST /verify-claim',
       'POST /telemetry/turn',
       'POST /telemetry/state',
@@ -3330,7 +4470,7 @@ function runtimeManifest() {
         ARIA_FORGE_SERVICE_URL: DEFAULT_FORGE_SERVICE_URL,
         ARIA_QDRANT_URL: DEFAULT_QDRANT_URL,
         OPENAI_BASE_URL: `${DEFAULT_RUNTIME_URL}/v1`,
-        ANTHROPIC_BASE_URL: `${DEFAULT_RUNTIME_URL}/v1`,
+        ANTHROPIC_BASE_URL: DEFAULT_RUNTIME_URL,
       },
       commands: {
         start: 'aria-runtime',
@@ -3355,6 +4495,423 @@ function runtimeManifest() {
   };
 }
 
+let taskProjectLedgerModulePromise = null;
+let openClawRuntimeModulePromise = null;
+
+async function loadTaskProjectLedgerModule() {
+  if (taskProjectLedgerModulePromise) return taskProjectLedgerModulePromise;
+  const candidates = [
+    join(__dirname, 'task-project-ledger.mjs'),
+    join(__dirname, '..', 'opencode-plugins', 'harness-context', 'task-project-ledger.mjs'),
+    join(__dirname, '..', 'assets', 'opencode-plugins', 'harness-context', 'task-project-ledger.mjs'),
+  ];
+  taskProjectLedgerModulePromise = (async () => {
+    for (const candidate of candidates) {
+      if (!existsSync(candidate)) continue;
+      const mod = await import(`file://${candidate}`);
+      if (typeof mod.updateTaskProjectLedger === 'function') return mod;
+    }
+    throw new Error(`task/project ledger helper missing from candidates: ${candidates.join(', ')}`);
+  })();
+  return taskProjectLedgerModulePromise;
+}
+
+function parseMaybeJson(text) {
+  const raw = String(text || '').trim();
+  if (!raw) return null;
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return raw.slice(0, 4000);
+  }
+}
+
+function firstTrimmedString(...values) {
+  for (const value of values) {
+    if (typeof value === 'string' && value.trim()) return value.trim();
+    if (typeof value === 'number' && Number.isFinite(value)) return String(value);
+  }
+  return '';
+}
+
+function nullableTrimmedString(value) {
+  if (value === null) return null;
+  return firstTrimmedString(value) || undefined;
+}
+
+function requireTrimmedString(value, label) {
+  const normalized = firstTrimmedString(value);
+  if (!normalized) throw new Error(`${label} is required`);
+  return normalized;
+}
+
+function coerceExpectedRevision(value) {
+  const revision = Number(value);
+  if (!Number.isInteger(revision) || revision < 0) {
+    throw new Error('expectedRevision must be a non-negative integer');
+  }
+  return revision;
+}
+
+function normalizeOpenClawStatus(value, allowed, fallback) {
+  const normalized = firstTrimmedString(value);
+  if (!normalized) return fallback;
+  if (!allowed.includes(normalized)) throw new Error(`Unsupported OpenClaw flow status: ${normalized}`);
+  return normalized;
+}
+
+function openClawRuntimeModuleCandidates() {
+  const candidates = [...OPENCLAW_RUNTIME_MODULE_CANDIDATES];
+  try {
+    const pkgPath = require.resolve('openclaw/package.json');
+    candidates.push(join(dirname(pkgPath), 'dist', 'plugins', 'runtime', 'index.js'));
+  } catch {}
+  return [...new Set(candidates.filter(Boolean))];
+}
+
+async function loadOpenClawRuntimeModule() {
+  if (openClawRuntimeModulePromise) return openClawRuntimeModulePromise;
+  openClawRuntimeModulePromise = (async () => {
+    const candidates = openClawRuntimeModuleCandidates();
+    for (const candidate of candidates) {
+      if (!existsSync(candidate)) continue;
+      const mod = await import(pathToFileURL(candidate).href);
+      if (typeof mod.createPluginRuntime === 'function') {
+        return { modulePath: candidate, createPluginRuntime: mod.createPluginRuntime };
+      }
+    }
+    throw new Error(
+      `OpenClaw plugin runtime module missing from candidates: ${candidates.join(', ')}. Set OPENCLAW_RUNTIME_MODULE to the installed OpenClaw dist/plugins/runtime/index.js path.`,
+    );
+  })();
+  return openClawRuntimeModulePromise;
+}
+
+function resolveOpenClawOwnerKey(request = {}, body = {}, context = {}) {
+  return firstTrimmedString(
+    request.ownerKey,
+    request.sessionKey,
+    request.requesterSessionKey,
+    body.ownerKey,
+    body.sessionKey,
+    body.sessionId,
+    context.ownerKey,
+  );
+}
+
+function ownerKeyForTaskProjectIdentity(identity = {}) {
+  if (!identity.projectHash || !identity.taskHash) return '';
+  return `aria-ledger:${identity.projectHash}:${identity.taskHash}`;
+}
+
+async function executeOpenClawTaskFlowAction(request = {}, context = {}) {
+  const { modulePath, createPluginRuntime } = await loadOpenClawRuntimeModule();
+  const ownerKey = requireTrimmedString(
+    resolveOpenClawOwnerKey(request, {}, context),
+    'OpenClaw ownerKey or sessionKey',
+  );
+  const runtime = createPluginRuntime();
+  const bindSession = runtime?.tasks?.flow?.bindSession || runtime?.taskFlow?.bindSession;
+  if (typeof bindSession !== 'function') {
+    throw new Error('OpenClaw plugin runtime does not expose tasks.flow.bindSession');
+  }
+  const flowRuntime = bindSession({
+    sessionKey: ownerKey,
+    requesterOrigin: request.requesterOrigin,
+  });
+  const action = requireTrimmedString(request.action || context.action || 'create_flow', 'OpenClaw action');
+  const base = {
+    ok: true,
+    mode: 'owned_openclaw_task_flow',
+    api: 'openclaw.plugin-runtime.tasks.flow',
+    modulePath,
+    action,
+    ownerKey,
+  };
+
+  if (action === 'create_flow') {
+    const flow = flowRuntime.createManaged({
+      controllerId: firstTrimmedString(request.controllerId, context.controllerId) || 'aria/task-project-ledger',
+      goal: requireTrimmedString(request.goal || context.goal, 'OpenClaw flow goal'),
+      status: normalizeOpenClawStatus(
+        request.status,
+        ['queued', 'running', 'waiting', 'blocked'],
+        request.status === undefined ? 'running' : undefined,
+      ),
+      notifyPolicy: normalizeOpenClawStatus(
+        request.notifyPolicy,
+        ['done_only', 'state_changes', 'silent'],
+        undefined,
+      ),
+      currentStep: nullableTrimmedString(request.currentStep),
+      stateJson: request.stateJson,
+      waitJson: request.waitJson,
+    });
+    return { ...base, created: true, flow };
+  }
+
+  if (action === 'get_flow') {
+    const flow = flowRuntime.get(requireTrimmedString(request.flowId, 'OpenClaw flowId'));
+    return { ...base, found: Boolean(flow), flow: flow || null };
+  }
+
+  if (action === 'list_flows') {
+    return { ...base, flows: flowRuntime.list() };
+  }
+
+  if (action === 'find_latest_flow') {
+    const flow = flowRuntime.findLatest();
+    return { ...base, found: Boolean(flow), flow: flow || null };
+  }
+
+  if (action === 'resolve_flow') {
+    const flow = flowRuntime.resolve(requireTrimmedString(request.token, 'OpenClaw flow lookup token'));
+    return { ...base, found: Boolean(flow), flow: flow || null };
+  }
+
+  if (action === 'get_task_summary') {
+    const taskSummary = flowRuntime.getTaskSummary(requireTrimmedString(request.flowId, 'OpenClaw flowId'));
+    return { ...base, found: Boolean(taskSummary), taskSummary: taskSummary || null };
+  }
+
+  if (action === 'set_waiting') {
+    const result = flowRuntime.setWaiting({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      expectedRevision: coerceExpectedRevision(request.expectedRevision),
+      currentStep: nullableTrimmedString(request.currentStep),
+      stateJson: request.stateJson,
+      waitJson: request.waitJson,
+      blockedTaskId: nullableTrimmedString(request.blockedTaskId),
+      blockedSummary: nullableTrimmedString(request.blockedSummary),
+    });
+    return { ...base, result, flow: result.applied ? result.flow : result.current || null };
+  }
+
+  if (action === 'resume_flow' || action === 'advance_flow') {
+    const result = flowRuntime.resume({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      expectedRevision: coerceExpectedRevision(request.expectedRevision),
+      status: normalizeOpenClawStatus(request.status, ['queued', 'running'], 'running'),
+      currentStep: nullableTrimmedString(request.currentStep),
+      stateJson: request.stateJson,
+    });
+    return { ...base, result, flow: result.applied ? result.flow : result.current || null };
+  }
+
+  if (action === 'finish_flow') {
+    const result = flowRuntime.finish({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      expectedRevision: coerceExpectedRevision(request.expectedRevision),
+      stateJson: request.stateJson,
+    });
+    return { ...base, result, flow: result.applied ? result.flow : result.current || null };
+  }
+
+  if (action === 'fail_flow') {
+    const result = flowRuntime.fail({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      expectedRevision: coerceExpectedRevision(request.expectedRevision),
+      stateJson: request.stateJson,
+      blockedTaskId: nullableTrimmedString(request.blockedTaskId),
+      blockedSummary: nullableTrimmedString(request.blockedSummary),
+    });
+    return { ...base, result, flow: result.applied ? result.flow : result.current || null };
+  }
+
+  if (action === 'request_cancel') {
+    const result = flowRuntime.requestCancel({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      expectedRevision: coerceExpectedRevision(request.expectedRevision),
+    });
+    return { ...base, result, flow: result.applied ? result.flow : result.current || null };
+  }
+
+  if (action === 'cancel_flow') {
+    const result = await flowRuntime.cancel({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      cfg: request.cfg || {},
+    });
+    return { ...base, result, flow: result.flow || null, tasks: result.tasks || [] };
+  }
+
+  if (action === 'run_task') {
+    const taskRuntime = firstTrimmedString(request.runtime) || 'cli';
+    if (!['subagent', 'acp', 'cli', 'cron'].includes(taskRuntime)) {
+      throw new Error(`Unsupported OpenClaw task runtime: ${taskRuntime}`);
+    }
+    const result = flowRuntime.runTask({
+      flowId: requireTrimmedString(request.flowId, 'OpenClaw flowId'),
+      runtime: taskRuntime,
+      sourceId: nullableTrimmedString(request.sourceId),
+      childSessionKey: nullableTrimmedString(request.childSessionKey),
+      parentTaskId: nullableTrimmedString(request.parentTaskId),
+      agentId: nullableTrimmedString(request.agentId),
+      runId: nullableTrimmedString(request.runId),
+      label: nullableTrimmedString(request.label),
+      task: requireTrimmedString(request.task, 'OpenClaw task'),
+      preferMetadata: request.preferMetadata === true,
+      notifyPolicy: normalizeOpenClawStatus(
+        request.notifyPolicy,
+        ['done_only', 'state_changes', 'silent'],
+        undefined,
+      ),
+      status: normalizeOpenClawStatus(request.status, ['queued', 'running'], undefined),
+      startedAt: Number.isFinite(Number(request.startedAt)) ? Number(request.startedAt) : undefined,
+      lastEventAt: Number.isFinite(Number(request.lastEventAt)) ? Number(request.lastEventAt) : undefined,
+      progressSummary: nullableTrimmedString(request.progressSummary),
+    });
+    return { ...base, result, flow: result.flow || null, task: result.task || null };
+  }
+
+  throw new Error(`Unsupported OpenClaw task-flow action: ${action}`);
+}
+
+function resolveOpenClawBin() {
+  for (const candidate of OPENCLAW_BIN_CANDIDATES) {
+    if (candidate.includes('/') && existsSync(candidate)) return candidate;
+    if (!candidate.includes('/')) return candidate;
+  }
+  return 'openclaw';
+}
+
+function runOpenClawJson(args, timeoutMs = 7000) {
+  const bin = resolveOpenClawBin();
+  const child = spawnSync(bin, args, {
+    encoding: 'utf8',
+    timeout: timeoutMs,
+    maxBuffer: 1024 * 1024,
+  });
+  const stdout = String(child.stdout || '').trim();
+  const stderr = String(child.stderr || '').trim();
+  const jsonSource = stdout || (child.status === 0 ? stderr : '');
+  return {
+    ok: child.status === 0,
+    status: child.status,
+    signal: child.signal || null,
+    bin,
+    args,
+    json: child.status === 0 ? parseMaybeJson(jsonSource) : null,
+    jsonStream: stdout ? 'stdout' : jsonSource ? 'stderr' : null,
+    stderr: (child.error ? `${child.error.message}\n` : '') + (stdout ? stderr.slice(0, 1000) : ''),
+  };
+}
+
+function collectOpenClawTaskLedgerSnapshot(body = {}) {
+  const includeTasks = body.includeTasks !== false;
+  const includeAudit = body.includeAudit !== false;
+  const includeFlows = body.includeFlows !== false;
+  const commands = {};
+  if (includeTasks) commands.tasksList = runOpenClawJson(['tasks', 'list', '--json']);
+  if (includeAudit) commands.tasksAudit = runOpenClawJson(['tasks', 'audit', '--json']);
+  if (includeFlows) commands.flowList = runOpenClawJson(['tasks', 'flow', 'list', '--json']);
+  const commandValues = Object.values(commands);
+  return {
+    mode: 'openclaw_cli_task_flow_snapshot',
+    observedAt: new Date().toISOString(),
+    available: commandValues.length > 0 && commandValues.some((result) => result.ok),
+    bin: resolveOpenClawBin(),
+    commands,
+    caveat: 'This route is a read-only CLI snapshot; managed flow mutations use /openclaw/task-flow through the OpenClaw plugin runtime Task Flow API.',
+  };
+}
+
+function summarizeTaskProjectLedger(ledger, paths = {}) {
+  return {
+    ledgerId: ledger?.ledgerId || null,
+    status: ledger?.status || null,
+    projectRef: ledger?.identity?.projectHint || null,
+    taskRef: ledger?.identity?.taskHint || null,
+    readinessClaimAllowed: ledger?.controls?.readinessClaimAllowed === true,
+    missingReadinessGates: ledger?.controls?.missingReadinessGates || [],
+    openBlockerCount: Array.isArray(ledger?.openBlockers) ? ledger.openBlockers.length : 0,
+    eventCount: Array.isArray(ledger?.phaseEvents) ? ledger.phaseEvents.length : 0,
+    evidenceCount: Array.isArray(ledger?.evidence) ? ledger.evidence.length : 0,
+    ledgerPath: paths.ledgerPath || null,
+  };
+}
+
+async function handleTaskProjectLedgerRoute(url, body = {}) {
+  const ledgerMod = await loadTaskProjectLedgerModule();
+  const platform = typeof body.platform === 'string' && body.platform.trim() ? body.platform.trim() : 'owner_runtime';
+  const phase = typeof body.phase === 'string' && body.phase.trim() ? body.phase.trim() : 'post_turn';
+  const source = typeof body.source === 'string' && body.source.trim() ? body.source.trim() : 'owner-runtime-ledger-route';
+  const event = body.event && typeof body.event === 'object' ? body.event : body;
+
+  if (url.pathname === '/openclaw/task-flow') {
+    return executeOpenClawTaskFlowAction(body);
+  }
+
+  if (url.pathname === '/openclaw/task-ledger/snapshot') {
+    return { ok: true, openclaw: collectOpenClawTaskLedgerSnapshot(body) };
+  }
+
+  if (url.pathname === '/task-project-ledger/status') {
+    const identity = ledgerMod.resolveTaskProjectIdentity(event, process.env);
+    const paths = ledgerMod.taskProjectLedgerPaths(identity, process.env);
+    const ledger = existsSync(paths.ledgerPath) ? JSON.parse(readFileSync(paths.ledgerPath, 'utf8')) : null;
+    return {
+      ok: true,
+      exists: Boolean(ledger),
+      ledger: ledger ? summarizeTaskProjectLedger(ledger, paths) : null,
+      paths,
+    };
+  }
+
+  let evidence = body.evidence && typeof body.evidence === 'object' ? { ...body.evidence } : {};
+  if (body.openclawBridge === true || body.collectOpenClaw === true) {
+    evidence.openclaw = collectOpenClawTaskLedgerSnapshot(body.openclaw || {});
+  }
+  if (body.openclawFlow && typeof body.openclawFlow === 'object') {
+    const identity = ledgerMod.resolveTaskProjectIdentity(event, process.env);
+    const ownerKey = resolveOpenClawOwnerKey(body.openclawFlow, body, {
+      ownerKey: ownerKeyForTaskProjectIdentity(identity),
+    });
+    evidence.openclawFlow = await executeOpenClawTaskFlowAction(body.openclawFlow, {
+      ownerKey,
+      controllerId: 'aria/task-project-ledger',
+      goal: firstTrimmedString(body.openclawFlow.goal, event.goal, event.prompt, event.message, event.text, 'Aria task/project ledger flow'),
+    });
+  }
+
+  const result = ledgerMod.updateTaskProjectLedger({
+    platform,
+    phase,
+    source,
+    event,
+    evidence,
+    env: process.env,
+  });
+
+  if (url.pathname === '/task-project-ledger/claim') {
+    const text = typeof body.text === 'string' ? body.text : '';
+    const evaluation = ledgerMod.evaluateTaskProjectClaim({ text, ledger: result.ledger });
+    if (!evaluation.ok) {
+      ledgerMod.recordBlockedTaskProjectClaim({
+        ledger: result.ledger,
+        paths: result.paths,
+        text,
+        evaluation,
+      });
+    }
+    return {
+      ok: true,
+      permitted: evaluation.ok,
+      claim: evaluation.claim,
+      missingReadinessGates: evaluation.missingReadinessGates,
+      openBlockerCount: evaluation.openBlockers.length,
+      ledger: summarizeTaskProjectLedger(result.ledger, result.paths),
+      openclawFlow: evidence.openclawFlow || null,
+    };
+  }
+
+  return {
+    ok: true,
+    ledger: summarizeTaskProjectLedger(result.ledger, result.paths),
+    openclaw: evidence.openclaw || null,
+    openclawFlow: evidence.openclawFlow || null,
+  };
+}
+
 async function runLayer3(req, body, client) {
   if (typeof body.text !== 'string' || !body.text.trim()) {
     throw new Error('full-chain requires a non-empty text field');
@@ -3377,7 +4934,7 @@ async function runLayer3(req, body, client) {
   const doctrineFailures = doctrineHits.map((hit) => ({
     severity: String(hit.severity || 'block').toLowerCase() === 'block' ? 'block' : 'warn',
     kind: 'drift_trigger',
-    detail: `${hit.trigger} (${hit.memory || 'doctrine_trigger_map.json'}): ${hit.message || hit.teaching || 'Doctrine trigger matched.'}`,
+    detail: `${hit.trigger || hit.triggerId || 'doctrine_trigger'} (${hit.memory || 'doctrine_trigger_map.json'}): ${hit.message || hit.teaching || 'Doctrine trigger matched.'}`,
   }));
   const allFailures = [...result.failures, ...doctrineFailures];
   const hardFailures = allFailures.filter((failure) => failure.severity === 'block');
@@ -3619,6 +5176,14 @@ async function handleRoute(req, res) {
     });
   }
 
+  if (req.method === 'GET' && url.pathname === '/coach/state') {
+    return json(res, 200, {
+      ok: true,
+      phases: COACH_PHASES,
+      state: readCoachState(),
+    });
+  }
+
   if (req.method === 'GET' && url.pathname === '/mount') {
     return json(res, 200, runtimeManifest().mount);
   }
@@ -3634,11 +5199,21 @@ async function handleRoute(req, res) {
     return json(res, 400, { ok: false, error: `Invalid JSON body: ${error.message}` });
   }
 
+  const providerPath = normalizeProviderCompatibilityPath(url.pathname);
+  const providerCompatibilityRoute = isProviderCompatibilityPath(providerPath);
+  const ariaAuthOptions = { allowBearerAuth: true };
+  const taskProjectLedgerRoute =
+    url.pathname === '/task-project-ledger/event' ||
+    url.pathname === '/task-project-ledger/status' ||
+    url.pathname === '/task-project-ledger/claim' ||
+    url.pathname === '/openclaw/task-ledger/snapshot' ||
+    url.pathname === '/openclaw/task-flow';
+
   let client;
   try {
     // HQ routes use their own auth middleware — skip the global API key gate
-    if (!url.pathname.startsWith('/hq/')) {
-      client = createClient(req, body);
+    if (!url.pathname.startsWith('/hq/') && !taskProjectLedgerRoute) {
+      client = createClient(req, body, ariaAuthOptions);
     }
   } catch (error) {
     return json(res, 401, { ok: false, error: error.message });
@@ -3650,7 +5225,34 @@ async function handleRoute(req, res) {
       return json(res, 200, { ok: true, lease });
     }
 
-    await ensureLease(req, body, client);
+    if (taskProjectLedgerRoute) {
+      const ledgerResult = await handleTaskProjectLedgerRoute(url, body);
+      return json(res, ledgerResult.permitted === false ? 409 : 200, ledgerResult);
+    }
+
+    await ensureLease(req, body, client, ariaAuthOptions);
+
+    if (url.pathname === '/coach/event' || url.pathname === '/coach/phase') {
+      const result = recordCoachPhase(body);
+      return json(res, 200, {
+        ok: true,
+        permitted: result.permitted,
+        decision: result.decision,
+        ledgerPath: result.ledgerPath,
+        statePath: result.statePath,
+        record: result.record,
+        state: result.state,
+        clientMessage: result.clientMessage,
+      });
+    }
+
+    if (url.pathname === '/coach/state') {
+      return json(res, 200, {
+        ok: true,
+        phases: COACH_PHASES,
+        state: readCoachState({ includeState: body.includeState === true }),
+      });
+    }
 
     if (url.pathname === '/mizan/plan') {
       const turnClass = classifyTurn(body.context || body);
@@ -3716,7 +5318,8 @@ async function handleRoute(req, res) {
       const apiKey = resolveApiKey(req, body);
       const packetRequest = buildMizanPacketRequest(body);
       const packet = body.packet || await loadRuntimePacket(req, body, client, packetRequest, packetRequest.message || body.text || '');
-      const bundle = evaluateMizanPost(body.text || '', body.evidence || {}, packet, body.context || body, {
+      const text = body.text || '';
+      const bundle = evaluateMizanPost(text, normalizePostEvidence(text, body.evidence || {}), packet, body.context || body, {
         sessionId: body.sessionId || body.context?.sessionId || deriveSessionId(req, body, 'mizan-post'),
         runtimeId: ensureRuntimeMeta().runtimeId,
         parentReceiptId: body.parentReceiptId || body.receiptId || null,
@@ -3733,19 +5336,19 @@ async function handleRoute(req, res) {
       });
     }
 
-    if (url.pathname === '/v1/chat/completions') {
-      const response = await handleProviderProxy(req, body, client, 'openai');
+    if (providerPath === '/v1/chat/completions') {
+      const response = await handleProviderProxy(req, body, client, 'openai', ariaAuthOptions);
       return json(res, 200, response);
     }
 
-    if (url.pathname === '/v1/responses' || url.pathname === '/responses') {
+    if (providerPath === '/v1/responses' || providerPath === '/responses') {
       const responseBody = responsesRequestToOpenAIBody(body);
-      const completion = await handleProviderProxy(req, responseBody, client, 'openai');
+      const completion = await handleProviderProxy(req, responseBody, client, 'openai', ariaAuthOptions);
       return json(res, 200, openAiCompletionToResponsesEnvelope(body, completion));
     }
 
-    if (url.pathname === '/v1/messages') {
-      const response = await handleProviderProxy(req, body, client, 'anthropic');
+    if (providerPath === '/v1/messages') {
+      const response = await handleProviderProxy(req, body, client, 'anthropic', ariaAuthOptions);
       return json(res, 200, response);
     }
 
@@ -3884,6 +5487,17 @@ async function handleRoute(req, res) {
       }
     }
 
+    if (
+      url.pathname === '/task-project-ledger/event' ||
+      url.pathname === '/task-project-ledger/status' ||
+      url.pathname === '/task-project-ledger/claim' ||
+      url.pathname === '/openclaw/task-ledger/snapshot' ||
+      url.pathname === '/openclaw/task-flow'
+    ) {
+      const ledgerResult = await handleTaskProjectLedgerRoute(url, body);
+      return json(res, ledgerResult.permitted === false ? 409 : 200, ledgerResult);
+    }
+
     if (url.pathname === '/packet' || url.pathname === '/api/harness/codex') {
       const packet = await loadRuntimePacket(req, body, client, body.packetRequest || body, body.message || '');
       return json(res, 200, { ok: true, packet });
@@ -3933,6 +5547,28 @@ async function handleRoute(req, res) {
         throw new Error('validate-output requires text and sessionId');
       }
 
+      if (isAriaControlOutput(body.text)) {
+        const response = {
+          ok: true,
+          pass: true,
+          validation: {
+            passed: true,
+            severity: 'pass',
+            violations: [],
+            gateTriggers: ['aria-control-output'],
+          },
+        };
+        if (body.runLayer3 !== false) {
+          response.layer3 = {
+            pass: true,
+            summary: 'control output bypassed assistant prose validation',
+            failures: [],
+            doctrine: { hits: [] },
+          };
+        }
+        return json(res, 200, response);
+      }
+
       let validation;
       try {
         validation = await client.validateOutput(body.text, body.sessionId);
@@ -3948,6 +5584,7 @@ async function handleRoute(req, res) {
         };
       }
       validation = mergeAppliedCognitionValidation(validation, validateAppliedCognitionContract(body.text));
+      validation = allowTrivialAppliedCognitionValidation(validation, body.requireCognitionBlock !== false);
       const response = { ok: true, validation };
 
       if (body.runLayer3 !== false) {