@aria_asi/cli 0.2.36 → 0.2.38

package/opencode-plugins/harness-context/task-project-ledger.mjs

@@ -0,0 +1,290 @@
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync, appendFileSync } from 'node:fs';
+import { createHash } from 'node:crypto';
+import { homedir } from 'node:os';
+import { basename, dirname, join } from 'node:path';
+
+export const TASK_PROJECT_LEDGER_VERSION = 'aria.task_project_ledger.v1';
+
+const CLAIM_RX = /\b(?:first[- ]class|production[- ]ready|ready|complete|completed|done|verified|gold[- ]standard|shipped|fixed|landed)\b/i;
+const MAX_LEDGER_EVENTS = 500;
+
+export const TASK_PROJECT_QUALITY_GATES = [
+  { id: 'ledger_created', readinessRequired: true, description: 'A durable task/project ledger exists before work proceeds.' },
+  { id: 'intent_boundary', readinessRequired: true, description: 'The ledger records what task or project is being attempted.' },
+  { id: 'scope_boundary', readinessRequired: true, description: 'The ledger records platform and phase boundaries.' },
+  { id: 'execution_trace', readinessRequired: false, description: 'The ledger records execution, tool, workflow, or background events.' },
+  { id: 'verification_trace', readinessRequired: true, description: 'The ledger records real verification evidence before completion/readiness claims.' },
+  { id: 'post_turn_writeback', readinessRequired: false, description: 'The ledger records post-turn or outcome writeback.' },
+  { id: 'final_claim_guard', readinessRequired: true, description: 'The ledger guards final claims against missing evidence.' },
+];
+
+function stableHash(value = '') {
+  return createHash('sha256').update(String(value || 'unknown')).digest('hex').slice(0, 20);
+}
+
+function firstString(...values) {
+  for (const value of values) {
+    if (typeof value === 'string' && value.trim()) return value.trim();
+    if (typeof value === 'number' && Number.isFinite(value)) return String(value);
+  }
+  return '';
+}
+
+function compactHint(value = '') {
+  const raw = String(value || '').trim();
+  if (!raw) return 'unknown';
+  const tail = raw.includes('/') ? basename(raw) : raw;
+  return tail.replace(/[^a-zA-Z0-9._-]+/g, '-').slice(0, 80) || 'unknown';
+}
+
+function readJsonFile(path) {
+  try {
+    if (!existsSync(path)) return null;
+    return JSON.parse(readFileSync(path, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function writeJsonAtomic(path, value) {
+  mkdirSync(dirname(path), { recursive: true, mode: 0o700 });
+  const tmp = `${path}.${process.pid}.${Date.now()}.tmp`;
+  writeFileSync(tmp, `${JSON.stringify(value, null, 2)}\n`, { mode: 0o600 });
+  renameSync(tmp, path);
+}
+
+function markGate(ledger, gateId, status, evidence = undefined) {
+  const gate = ledger.qualityGates?.[gateId];
+  if (!gate) return;
+  if (gate.status === 'passed' && status !== 'blocked') return;
+  gate.status = status;
+  gate.updatedAt = ledger.updatedAt;
+  if (evidence) gate.evidence = evidence;
+}
+
+function hasPromptIntent(event = {}) {
+  return Boolean(firstString(
+    event.prompt,
+    event.userPrompt,
+    event.user_input,
+    event.message,
+    event.text,
+    event.body,
+    event.sessionID,
+    event.sessionId,
+    event.context?.prompt,
+    event.context?.bodyForAgent
+  ));
+}
+
+function hasVerificationEvidence(evidence = {}, event = {}) {
+  if (evidence.warning_clean === true || evidence.verification === true || evidence.validation_run === true) return true;
+  if (event.verified === true || event.validation?.ok === true || event.test?.ok === true) return true;
+  const text = firstString(event.verification, event.validation, event.testResult, event.commandResult, evidence.commandResult, evidence.outputPreview);
+  return /\b(?:ok|passed|pass|success|succeeded|exit\s*0|0\s*failures?)\b/i.test(text);
+}
+
+function isExecutionPhase(phase = '') {
+  return ['pre_tool', 'post_tool', 'background_worker', 'task_record', 'task_flow', 'lobster_run', 'approval_resume'].includes(phase);
+}
+
+function isPostTurnPhase(phase = '') {
+  return ['post_turn', 'outcome_writeback', 'decision_log'].includes(phase);
+}
+
+export function taskProjectLedgerRoot(env = process.env) {
+  return env.ARIA_TASK_PROJECT_LEDGER_DIR || join(homedir(), '.aria', 'task-project-ledgers');
+}
+
+export function resolveTaskProjectIdentity(event = {}, env = process.env) {
+  const projectRaw = firstString(
+    env.ARIA_PROJECT_ID,
+    event.projectId,
+    event.project_id,
+    event.project,
+    event.workspaceDir,
+    event.workspace_dir,
+    event.cwd,
+    event.currentWorkingDirectory,
+    event.context?.workspaceDir,
+    env.PWD,
+    process.cwd()
+  );
+  const taskRaw = firstString(
+    env.ARIA_TASK_ID,
+    event.taskId,
+    event.task_id,
+    event.sessionID,
+    event.session_id,
+    event.sessionId,
+    event.sessionKey,
+    event.conversationId,
+    event.threadId,
+    event.messageId,
+    event.transcript_path,
+    event.prompt,
+    event.message,
+    projectRaw
+  );
+  const projectHash = stableHash(projectRaw || 'unknown-project');
+  const taskHash = stableHash(`${projectHash}:${taskRaw || 'unknown-task'}`);
+  return {
+    projectHash,
+    taskHash,
+    projectHint: compactHint(projectRaw),
+    taskHint: compactHint(taskRaw),
+  };
+}
+
+export function taskProjectLedgerPaths(identity, env = process.env) {
+  const dir = join(taskProjectLedgerRoot(env), identity.projectHash);
+  return {
+    dir,
+    ledgerPath: join(dir, `${identity.taskHash}.json`),
+    eventPath: join(dir, `${identity.taskHash}.events.jsonl`),
+  };
+}
+
+function createTaskProjectLedger(identity, now) {
+  const qualityGates = Object.fromEntries(TASK_PROJECT_QUALITY_GATES.map((gate) => [
+    gate.id,
+    {
+      status: gate.id === 'ledger_created' || gate.id === 'final_claim_guard' ? 'passed' : 'pending',
+      description: gate.description,
+      readinessRequired: gate.readinessRequired,
+      updatedAt: now,
+    },
+  ]));
+  return {
+    schema: `${TASK_PROJECT_LEDGER_VERSION}.ledger`,
+    version: TASK_PROJECT_LEDGER_VERSION,
+    ledgerId: `tpl_${identity.projectHash}_${identity.taskHash}`,
+    createdAt: now,
+    updatedAt: now,
+    status: 'active',
+    identity,
+    controls: {
+      readinessClaimAllowed: false,
+      readinessClaimRule: 'Completion/readiness claims require all readinessRequired quality gates to pass and no open blockers.',
+    },
+    qualityGates,
+    phaseEvents: [],
+    evidence: [],
+    openBlockers: [],
+    blockedClaims: [],
+  };
+}
+
+export function readinessMissingGates(ledger = {}) {
+  const qualityGates = ledger.qualityGates || {};
+  return TASK_PROJECT_QUALITY_GATES
+    .filter((gate) => gate.readinessRequired)
+    .filter((gate) => qualityGates[gate.id]?.status !== 'passed' && qualityGates[gate.id]?.status !== 'not_applicable')
+    .map((gate) => gate.id);
+}
+
+export function updateTaskProjectLedger({ platform, phase, source = 'task-project-ledger', event = {}, evidence = {}, env = process.env } = {}) {
+  const now = new Date().toISOString();
+  const identity = resolveTaskProjectIdentity(event, env);
+  const paths = taskProjectLedgerPaths(identity, env);
+  const existing = readJsonFile(paths.ledgerPath);
+  const ledger = existing?.schema === `${TASK_PROJECT_LEDGER_VERSION}.ledger`
+    ? existing
+    : createTaskProjectLedger(identity, now);
+
+  ledger.updatedAt = now;
+  ledger.qualityGates = ledger.qualityGates || {};
+  for (const gate of TASK_PROJECT_QUALITY_GATES) {
+    if (!ledger.qualityGates[gate.id]) {
+      ledger.qualityGates[gate.id] = {
+        status: 'pending',
+        description: gate.description,
+        readinessRequired: gate.readinessRequired,
+        updatedAt: now,
+      };
+    }
+  }
+
+  markGate(ledger, 'ledger_created', 'passed', { ledgerPath: paths.ledgerPath });
+  if (hasPromptIntent(event) || phase === 'pre_prompt_injection' || phase === 'session_start') markGate(ledger, 'intent_boundary', 'passed', { source, phase });
+  if (platform && phase && phase !== 'unknown') markGate(ledger, 'scope_boundary', 'passed', { platform, phase });
+  if (isExecutionPhase(phase)) markGate(ledger, 'execution_trace', 'passed', { platform, phase, source });
+  if (hasVerificationEvidence(evidence, event)) markGate(ledger, 'verification_trace', 'passed', { source, phase });
+  if (isPostTurnPhase(phase)) markGate(ledger, 'post_turn_writeback', 'passed', { platform, phase, source });
+  markGate(ledger, 'final_claim_guard', 'passed', { source: 'task_project_ledger_claim_guard' });
+
+  const row = {
+    at: now,
+    platform: platform || 'unknown',
+    phase: phase || 'unknown',
+    source,
+    evidence,
+  };
+  ledger.phaseEvents = Array.isArray(ledger.phaseEvents) ? ledger.phaseEvents : [];
+  ledger.phaseEvents.push(row);
+  if (ledger.phaseEvents.length > MAX_LEDGER_EVENTS) ledger.phaseEvents = ledger.phaseEvents.slice(-MAX_LEDGER_EVENTS);
+  if (Object.keys(evidence || {}).length > 0) {
+    ledger.evidence = Array.isArray(ledger.evidence) ? ledger.evidence : [];
+    ledger.evidence.push({ at: now, source, phase: row.phase, evidence });
+    if (ledger.evidence.length > MAX_LEDGER_EVENTS) ledger.evidence = ledger.evidence.slice(-MAX_LEDGER_EVENTS);
+  }
+
+  const missingReadinessGates = readinessMissingGates(ledger);
+  ledger.controls = ledger.controls || {};
+  ledger.controls.readinessClaimAllowed = missingReadinessGates.length === 0 && (ledger.openBlockers || []).length === 0;
+  ledger.controls.missingReadinessGates = missingReadinessGates;
+
+  writeJsonAtomic(paths.ledgerPath, ledger);
+  mkdirSync(dirname(paths.eventPath), { recursive: true, mode: 0o700 });
+  appendFileSync(paths.eventPath, `${JSON.stringify({ schema: `${TASK_PROJECT_LEDGER_VERSION}.event`, ledgerId: ledger.ledgerId, ...row })}\n`, { mode: 0o600 });
+  return { ledger, paths, identity };
+}
+
+export function formatTaskProjectLedgerContext({ ledger, paths, platform = 'unknown', phase = 'unknown' } = {}) {
+  const missing = readinessMissingGates(ledger);
+  return [
+    '--- ARIA TASK/PROJECT LEDGER CONTRACT ---',
+    `version: ${TASK_PROJECT_LEDGER_VERSION}`,
+    `ledger_id: ${ledger?.ledgerId || 'unknown'}`,
+    `platform: ${platform}`,
+    `phase: ${phase}`,
+    `project_ref: ${ledger?.identity?.projectHint || 'unknown'}`,
+    `task_ref: ${ledger?.identity?.taskHint || 'unknown'}`,
+    `ledger_event_count: ${Array.isArray(ledger?.phaseEvents) ? ledger.phaseEvents.length : 0}`,
+    `readiness_claim_allowed: ${ledger?.controls?.readinessClaimAllowed === true ? 'true' : 'false'}`,
+    `missing_readiness_gates: ${missing.length > 0 ? missing.join(', ') : 'none'}`,
+    `ledger_path: ${paths?.ledgerPath || 'unknown'}`,
+    'required_behavior: create/update this ledger for every task and project; use it as the controlling anti-drift artifact before tool use, final claims, and long-running handoff.',
+    'claim_rule: do not say done/complete/ready/verified/fixed/shipped unless this ledger has verification evidence and no open blockers.',
+    'quality_rule: every phase must preserve intent, scope, evidence, verification, recovery, and post-turn writeback where applicable.',
+    '--- /ARIA TASK/PROJECT LEDGER CONTRACT ---',
+  ].join('\n');
+}
+
+export function evaluateTaskProjectClaim({ text = '', ledger = {} } = {}) {
+  const claim = CLAIM_RX.test(String(text || ''));
+  if (!claim) return { ok: true, claim: false, missingReadinessGates: [], openBlockers: [] };
+  const missingReadinessGates = readinessMissingGates(ledger);
+  const openBlockers = Array.isArray(ledger.openBlockers) ? ledger.openBlockers : [];
+  return {
+    ok: missingReadinessGates.length === 0 && openBlockers.length === 0 && ledger.controls?.readinessClaimAllowed === true,
+    claim: true,
+    missingReadinessGates,
+    openBlockers,
+  };
+}
+
+export function recordBlockedTaskProjectClaim({ ledger, paths, text, evaluation } = {}) {
+  if (!ledger || !paths?.ledgerPath) return null;
+  const now = new Date().toISOString();
+  ledger.blockedClaims = Array.isArray(ledger.blockedClaims) ? ledger.blockedClaims : [];
+  ledger.blockedClaims.push({
+    at: now,
+    textHash: stableHash(text || ''),
+    missingReadinessGates: evaluation?.missingReadinessGates || [],
+    openBlockerCount: evaluation?.openBlockers?.length || 0,
+  });
+  ledger.updatedAt = now;
+  writeJsonAtomic(paths.ledgerPath, ledger);
+  return ledger.blockedClaims[ledger.blockedClaims.length - 1];
+}

package/opencode-plugins/harness-gate/index.js

@@ -2,12 +2,14 @@
  * Aria Harness Gate — pre-tool cognition enforcement for OpenCode.
  * Routes through HTTPHarnessClient SDK for substrate-backed validation.
  */
-import { existsSync, readFileSync, mkdirSync, writeFileSync } from 'node:fs';
+import { existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { createHash } from 'node:crypto';
 import { spawnSync } from 'node:child_process';
 import { homedir } from 'node:os';
-import { join } from 'node:path';
+import { dirname, join } from 'node:path';
 import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.js';
+import { updateTaskProjectLedger } from '../harness-context/task-project-ledger.mjs';
+import { resolveAriaAuthToken } from '../harness-context/auth-token.mjs';
 
 const HOME = homedir();
 const SDK_CANDIDATES = [
@@ -15,11 +17,12 @@ const SDK_CANDIDATES = [
   join(HOME, '.codex', 'aria-sdk', 'index.js'),
   join(HOME, '.claude', 'aria-sdk', 'index.js'),
 ];
-const OWNER_TOKEN_PATH = join(HOME, '.aria', 'owner-token');
-const LICENSE_PATH = join(HOME, '.aria', 'license.json');
 const GOVERNANCE_GATE_PATH = join(HOME, '.aria', 'bin', 'aria-governance-gate');
 const RUNTIME_URL = (process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319').replace(/\/+$/, '');
 const RECEIPT_DIR = join(HOME, '.opencode', 'aria-mizan-receipts');
+const GATEOFF_MARKER_PATH = join(HOME, '.aria', 'gates-off.manual');
+const GATEOFF_ENV_RX = /^(?:1|true|yes|on)$/i;
+const GATEOFF_PHRASE_RX = /\bGATEOFF\b/;
 
 const DESTRUCTIVE_PATTERNS = [
   { rx: /(?:^|[;&|]\s*|\$\(\s*|`\s*)sudo\s+\S/, name: 'sudo' },
@@ -63,6 +66,34 @@ let _clientError = null;
 let _lastMizanReceipt = null;
 let _lastActionSummary = '';
 
+function textFromPayload(payload) {
+  if (!payload) return '';
+  if (typeof payload === 'string') return payload;
+  try { return JSON.stringify(payload); } catch { return String(payload); }
+}
+
+function persistEmergencyGateOff(reason = 'phrase') {
+  mkdirSync(dirname(GATEOFF_MARKER_PATH), { recursive: true, mode: 0o700 });
+  writeFileSync(GATEOFF_MARKER_PATH, JSON.stringify({
+    disabled: true,
+    reason,
+    disabledAt: new Date().toISOString(),
+    reenable: 'Manual owner action only: remove this marker and unset ARIA_GATES_OFF/ARIA_HARNESS_GATES_OFF.',
+  }, null, 2) + '\n', { mode: 0o600 });
+}
+
+function emergencyGateOffDecision(payload = '') {
+  if (GATEOFF_ENV_RX.test(String(process.env.ARIA_GATES_OFF || process.env.ARIA_HARNESS_GATES_OFF || ''))) {
+    return { off: true, reason: 'env' };
+  }
+  if (existsSync(GATEOFF_MARKER_PATH)) return { off: true, reason: 'marker' };
+  if (GATEOFF_PHRASE_RX.test(textFromPayload(payload))) {
+    persistEmergencyGateOff('phrase');
+    return { off: true, reason: 'phrase' };
+  }
+  return { off: false, reason: null };
+}
+
 function receiptPath(sessionId) {
   return join(RECEIPT_DIR, `${String(sessionId || 'opencode').replace(/[^a-zA-Z0-9_-]/g, '_')}.json`);
 }
@@ -109,29 +140,22 @@ function runUniversalGovernanceGate(payload) {
   if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
     throw new Error(
       `=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===\n\n` +
-      `${stdout || child.stderr || 'aria-governance-gate blocked this action.'}`
+      `${stdout || child.stderr || 'aria-governance-gate blocked this action.'}\n\n` +
+      'Recovery contract:\n' +
+      '1. Do not retry the same blocked action unchanged.\n' +
+      '2. If this is post-compaction, emit post_compact_continuation with current objective, known blockers, next executable step, what not to touch, and verification already run.\n' +
+      '3. If this is emergency owner recovery, emit GATEOFF once or set ARIA_GATES_OFF=1, then manually re-enable after recovery.\n' +
+      '4. Otherwise load the named skills, re-write with <applied_cognition>, and re-test before retrying.'
     );
   }
+  if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
+    process.stderr.write(`[aria-governance] ${result.governanceMode || 'recovery-required'}\n`);
+  }
   return result;
 }
 
 function resolveToken() {
-  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
-  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
-  if (process.env.ARIA_MASTER_TOKEN) return process.env.ARIA_MASTER_TOKEN;
-  try {
-    if (existsSync(OWNER_TOKEN_PATH)) {
-      const v = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
-      if (v) return v;
-    }
-  } catch {}
-  try {
-    if (existsSync(LICENSE_PATH)) {
-      const j = JSON.parse(readFileSync(LICENSE_PATH, 'utf8'));
-      if (j.token) return j.token;
-    }
-  } catch {}
-  return '';
+  return resolveAriaAuthToken({ baseUrl: resolveBaseUrl() }).token;
 }
 
 function resolveBaseUrl() {
@@ -206,6 +230,10 @@ export default async function HarnessGatePlugin(ctx) {
   return {
     'tool.execute.before': async (input, output) => {
       const args = output?.args ?? input.args ?? {};
+      const emergencyGateOff = emergencyGateOffDecision({ input, output, args });
+      if (emergencyGateOff.off) {
+        return;
+      }
       const rawToolName = String(input.tool || input.name || input.type || '');
       const normalizedToolName = rawToolName.toLowerCase();
       const toolName = normalizedToolName.includes('bash') ? 'Bash'
@@ -235,6 +263,13 @@ export default async function HarnessGatePlugin(ctx) {
       const action = toolName === 'Bash' ? 'bash' : 'edit';
       const target = toolName === 'Bash' ? cmd.slice(0, 200) : filePath.slice(0, 200);
       const actionRef = makeEvidenceRef('opencode_tool_request', { toolName, action, target }, { sessionId, label });
+      updateTaskProjectLedger({
+        platform: 'opencode',
+        phase: 'pre_tool',
+        source: 'opencode-harness-gate',
+        event: { ...input, sessionId, cwd: process.cwd() },
+        evidence: { action_ref: actionRef },
+      });
       runUniversalGovernanceGate({
         sessionId,
         sourceRuntime: 'opencode',
@@ -258,11 +293,10 @@ export default async function HarnessGatePlugin(ctx) {
         isMutation: Boolean(isFileMutation),
         autoLoadAvailable: false,
       });
-      if (!skillGate.ok) {
+      if (!skillGate.ok && !skillGate.redirectOnly) {
         throw new Error(
           `=== ARIA SKILL AUTOLOAD GATE: ${label} ===\n\n` +
-          `${formatSkillGateBlock(skillGate)}\n\n` +
-          `Required next step: call the skill loader for ${skillGate.missingSkills.join(', ')} before retrying this tool.`
+          `${formatSkillGateBlock(skillGate)}`
         );
       }
       const rationale =
@@ -309,7 +343,15 @@ export default async function HarnessGatePlugin(ctx) {
             `=== ARIA MIZAN PRE BLOCK: ${label} ===\n\n` +
             `${(pre.result?.notes || ['Mizan pre-phase blocked this action.']).slice(0, 4).join('\n')}\n\n` +
             `Required packs: ${(pre.operatorPlan?.requiredPacks || []).join(', ')}\n` +
-            `Required operators: ${(pre.operatorPlan?.priorityOperators || []).join(', ')}`
+            `Required operators: ${(pre.operatorPlan?.priorityOperators || []).join(', ')}\n\n` +
+            `TEACHING:\n` +
+            `- Mizan pre blocks mean the action shape failed before execution; do not force the tool through.\n` +
+            `- The retry must add cognition, proof, and an expected predicate for this exact action.\n\n` +
+            `Recovery contract:\n` +
+            `1. Do not retry the same blocked action unchanged.\n` +
+            `2. Re-write the action with inline cognition or a <cognition> block.\n` +
+            `3. Add <verify> for deploy/shared-infra actions and <expected> for non-trivial actions.\n` +
+            `4. Re-test by submitting the revised tool call through this same gate.`
           );
         }
         if (_lastMizanReceipt?.receiptId && _lastActionSummary && _lastActionSummary !== cmdPreview) {
@@ -349,14 +391,23 @@ export default async function HarnessGatePlugin(ctx) {
                 `Reason: ${check.reason || 'tool lane contention'}\n` +
                 `Job: ${check.queue?.jobId || 'unknown'} (${check.queue?.status || 'queued'})\n` +
                 `Queue depth: ${check.queue?.queueDepth ?? 'unknown'}\n\n` +
-                `Recovery: retry after overlapping Hive lease expires, or let the tool-lane worker claim the queued job.`
+                `Recovery contract:\n` +
+                `1. Do not retry immediately in a tight loop.\n` +
+                `2. Wait for the overlapping Hive lease to expire or let the tool-lane worker claim the queued job.\n` +
+                `3. Re-test by submitting the same action only after the lease/queue state changes.`
               );
             }
             throw new Error(
               `=== ARIA SD GATE: ${label} ===\n\n` +
               `Blocked by substrate gate: ${check.reason || 'no reason provided'}\n` +
               `Required gates: ${(check.requiredGates || []).join(', ')}\n\n` +
-              `Complete a <cognition> block or inline cognition comments before this action.`
+              `TEACHING:\n` +
+              `- Substrate gates block when the action lacks required proof or cognition for its risk class.\n\n` +
+              `Recovery contract:\n` +
+              `1. Do not retry the same blocked action unchanged.\n` +
+              `2. Complete a <cognition> block or inline cognition comments before this action.\n` +
+              `3. Add any required gates listed above, especially verify evidence for high-risk actions.\n` +
+              `4. Re-test by submitting the revised action through this same gate.`
             );
           }
           return;
@@ -379,6 +430,15 @@ export default async function HarnessGatePlugin(ctx) {
         '  # tafakkur: [reflection — second-order effects, ≥20 chars]',
         '',
         `${deploy ? 'DEPLOY requires a <verify> block with target, verified, rollback, axiom fields.\n' : ''}`,
+        'TEACHING:',
+        '- Local fallback blocks because the SDK path was unavailable or declined to allow without local cognition proof.',
+        '- The safe retry changes the action shape; it does not bypass the gate.',
+        '',
+        'Recovery contract:',
+        '1. Do not retry the same blocked action unchanged.',
+        '2. Add the inline cognition comments shown above.',
+        '3. Add <verify> for deploy/shared-infra actions and <expected> for non-trivial actions.',
+        '4. Re-test by submitting the revised action through this same gate.',
         `Run \`aria connect\` to install the full SDK-backed gate (substrate checkAction).`,
       ].filter(Boolean).join('\n');
       throw new Error(msg);

package/opencode-plugins/harness-gate/lib/skill-autoload-gate.js

@@ -1,14 +1 @@
-import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { tmpdir } from 'node:os';
-const RECEIPT_ROOT = process.env.ARIA_SKILL_RECEIPT_DIR || join(tmpdir(), 'aria-skill-receipts');
-const ALIASES = new Map([['deploy', 'aria-harness-deploy'], ['output', 'aria-harness-output-discipline'], ['repo', 'aria-repo-doctrine'], ['forge', 'aria-forge-guardrails']]);
-const RX = { deploy: /deploy-service\.sh|kubectl\s+(?:apply|set|rollout|delete|scale)|helm\s+upgrade|terraform\s+apply|docker\s+push/i, mutationTool: /^(?:edit|write|notebookedit|patch|apply_patch)$/i, mutation: /apply_patch|write file|edit file|modify|delete file|migration|handler|route|runtime|hook|plugin|\btest\b|smoke script/i, strip: /remove|delete|strip|drop|omit|disable|bypass|skip|stub|mock|fake|placeholder|temporary|quick scaffold|band-aid/i, readiness: /production-ready|ready for production|works in general|general readiness|client packages?|npm packages?|SDKs?|runtimes?|harnesses?|release-ready|ship-ready/i, narrow: /single flow|one flow|narrow e2e|covered flow|specific path|widget flow/i, completion: /done|complete|completed|ready|verified|fixed|shipped|implemented|production-ready/i, badProof: /but|except|caveat|remaining|not yet|still|separate|later|blocked|skipped|unresolved|follow-up|failed|failing|error|red|not run|could not verify|untested|no proof|missing proof|without proof/i, advisory: /non-blocking|warning only|warn only|advisory|fall through|falls through|fail open|soft fail|logged and continue|quality gate warning/i, success: /(?:verified|passed|success|successful|green|ok)\s*[:=\-].{0,120}(?:npm|node|playwright|jest|vitest|build|test|lint|typecheck|curl|kubectl|self-test|e2e|probe|smoke)|(?:npm|node|playwright|jest|vitest|build|test|lint|typecheck|curl|kubectl).{0,120}(?:passed|success|successful|green|exit\s*0)/i, resubmit: /re-?submission|resubmit/i, rewrite: /re-?write|rewrite|fix/i, retest: /re-?test|retest|rerun/i, aria: /ARIA console|Aria console|\/chat|aria-pipeline-mcp|aria_chat|escalat(?:e|ion).{0,80}ARIA/i };
-function normalizeSkillName(skill) { return ALIASES.get(String(skill || '').trim()) || String(skill || '').trim(); }
-function sessionDir(sessionId) { return join(RECEIPT_ROOT, encodeURIComponent(String(sessionId || 'unknown'))); }
-function readReceiptSkills(sessionId) { const dir = sessionDir(sessionId); if (!existsSync(dir)) return new Set(); const skills = new Set(); for (const name of readdirSync(dir)) { if (!name.endsWith('.json')) continue; try { const receipt = JSON.parse(readFileSync(join(dir, name), 'utf8')); if (receipt?.skill) skills.add(normalizeSkillName(receipt.skill)); } catch {} } return skills; }
-function readInlineSkills(text) { const skills = new Set(); const value = String(text || ''); for (const match of value.matchAll(/<skill_content\s+name=["']([^"']+)["']/gi)) skills.add(normalizeSkillName(match[1])); return skills; }
-export function recordSkillLoaded({ sessionId, skill, surface = 'unknown', metadata = {} } = {}) { const normalized = normalizeSkillName(skill); if (!normalized) throw new Error('recordSkillLoaded requires a skill name'); const dir = sessionDir(sessionId); mkdirSync(dir, { recursive: true }); const receipt = { skill: normalized, surface, metadata, recordedAt: new Date().toISOString() }; writeFileSync(join(dir, `${encodeURIComponent(normalized)}.json`), `${JSON.stringify(receipt, null, 2)}\n`); return receipt; }
-export function classifyRequiredSkills({ text = '', action = '', toolName = '', filePath = '', isDeploy = false, isMutation = false, isOutputCloseout = false } = {}) { const combined = [text, action, toolName, filePath].filter(Boolean).join('\n'); const required = new Set(); const reasons = []; const recoveryMissing = []; if (isDeploy || RX.deploy.test(combined)) { required.add('aria-harness-deploy'); required.add('aria-forge-guardrails'); reasons.push('deploy/shared-infrastructure action requires fail-closed deploy and forge guardrails'); } if (isMutation || RX.mutationTool.test(toolName)) { required.add('aria-repo-doctrine'); reasons.push('repository/runtime mutation requires repo doctrine'); } if (RX.strip.test(combined)) { required.add('aria-harness-no-stripping'); reasons.push('strip/remove/bypass language requires no-stripping gate'); } if (isOutputCloseout && RX.completion.test(combined)) { required.add('aria-harness-output-discipline'); reasons.push('owner-facing completion/readiness claim requires output discipline'); if (!RX.success.test(combined)) recoveryMissing.push('successful proof from a concrete command/probe'); } if (RX.readiness.test(combined)) { required.add('architecture-decision'); required.add('testing-strategy'); required.add('aria-forge-guardrails'); required.add('aria-harness-output-discipline'); reasons.push('broad production/package/SDK/runtime readiness claim requires architecture, testing, and forge guardrails'); } if (RX.readiness.test(combined) && RX.narrow.test(combined)) { required.add('testing-strategy'); required.add('aria-forge-guardrails'); reasons.push('narrow e2e proof cannot support broad readiness claim without readiness-matrix discipline'); } if (RX.completion.test(combined) && RX.badProof.test(combined)) { required.add('aria-harness-output-discipline'); required.add('aria-forge-guardrails'); reasons.push('completion claim with unresolved or failed proof requires recovery cycle'); if (!RX.resubmit.test(combined)) recoveryMissing.push('re-submission'); if (!RX.rewrite.test(combined)) recoveryMissing.push('re-write'); if (!RX.retest.test(combined)) recoveryMissing.push('re-test'); if (!RX.aria.test(combined)) recoveryMissing.push('ARIA console escalation'); } if (RX.advisory.test(combined)) { required.add('aria-forge-guardrails'); required.add('aria-harness-output-discipline'); reasons.push('advisory/fail-open gate language requires fail-closed hardening discipline'); } return { requiredSkills: [...required].sort(), reasons, recoveryMissing }; }
-export function evaluateSkillGate(options = {}) { const classified = classifyRequiredSkills(options); const text = [options.text, options.action].filter(Boolean).join('\n'); const loaded = new Set([...readReceiptSkills(options.sessionId), ...readInlineSkills(text)]); const missingSkills = classified.requiredSkills.filter((skill) => !loaded.has(skill)); const recoveryMissing = classified.recoveryMissing || []; return { ok: missingSkills.length === 0 && recoveryMissing.length === 0, surface: options.surface || 'unknown', sessionId: options.sessionId || 'unknown', requiredSkills: classified.requiredSkills, loadedSkills: [...loaded].sort(), missingSkills, recoveryMissing, reasons: classified.reasons, autoLoadAvailable: options.autoLoadAvailable === true }; }
-export function formatSkillGateBlock(result = {}) { const missing = Array.isArray(result.missingSkills) ? result.missingSkills : []; const recovery = Array.isArray(result.recoveryMissing) ? result.recoveryMissing : []; const reasons = Array.isArray(result.reasons) ? result.reasons : []; return ['=== ARIA SKILL AUTOLOAD GATE BLOCK ===', `surface: ${result.surface || 'unknown'}`, `missing_skills: ${missing.length ? missing.join(', ') : '(none)'}`, `missing_recovery_cycle: ${recovery.length ? recovery.join(', ') : '(none)'}`, `required_skills: ${(result.requiredSkills || []).join(', ') || '(none)'}`, reasons.length ? `reasons: ${reasons.join(' | ')}` : 'reasons: no classifier reason recorded', 'counter_action: re-submit, re-write, re-test, and escalate through ARIA console until successful proof exists. Do not downgrade this to an advisory warning.'].join('\n'); }
+export * from '../../../hooks/lib/skill-autoload-gate.mjs';

package/opencode-plugins/harness-outcome/index.js

@@ -2,10 +2,12 @@
  * Aria Harness Outcome — post-tool recording via HTTPHarnessClient SDK.
  * Routes through the canonical SDK for outcome/garden/ledger writes.
  */
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import { createHash } from 'node:crypto';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
+import { updateTaskProjectLedger } from '../harness-context/task-project-ledger.mjs';
+import { resolveAriaAuthToken } from '../harness-context/auth-token.mjs';
 
 const HOME = homedir();
 const SDK_CANDIDATES = [
@@ -13,29 +15,13 @@ const SDK_CANDIDATES = [
   join(HOME, '.codex', 'aria-sdk', 'index.js'),
   join(HOME, '.claude', 'aria-sdk', 'index.js'),
 ];
-const OWNER_TOKEN_PATH = join(HOME, '.aria', 'owner-token');
-const LICENSE_PATH = join(HOME, '.aria', 'license.json');
 const RUNTIME_URL = (process.env.ARIA_RUNTIME_URL || 'http://127.0.0.1:4319').replace(/\/+$/, '');
 
 let _client = null;
 let _clientError = null;
 
 function resolveToken() {
-  if (process.env.ARIA_HARNESS_TOKEN) return process.env.ARIA_HARNESS_TOKEN;
-  if (process.env.ARIA_API_KEY) return process.env.ARIA_API_KEY;
-  try {
-    if (existsSync(OWNER_TOKEN_PATH)) {
-      const v = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
-      if (v) return v;
-    }
-  } catch {}
-  try {
-    if (existsSync(LICENSE_PATH)) {
-      const j = JSON.parse(readFileSync(LICENSE_PATH, 'utf8'));
-      if (j.token) return j.token;
-    }
-  } catch {}
-  return '';
+  return resolveAriaAuthToken({ baseUrl: resolveBaseUrl() }).token;
 }
 
 function resolveBaseUrl() {
@@ -61,6 +47,19 @@ function makeEvidenceRef(kind, value, metadata = {}) {
   };
 }
 
+function looksLikeVerification(input, output, success) {
+  if (!success) return false;
+  const text = [
+    input?.args?.command,
+    output?.stdout,
+    output?.stderr,
+    output?.text,
+    output?.output,
+    output?.message,
+  ].map((value) => typeof value === 'string' ? value : '').join('\n');
+  return /\b(?:npm\s+run\s+(?:check|test|build|lint|typecheck)|(?:npx\s+)?(?:jest|vitest|tsc|eslint)|check:|test:|build:|passed|exit\s*0|0\s*failures?)\b/i.test(text);
+}
+
 async function releaseHiveLease(sessionId, files) {
   const token = resolveToken();
   if (!token || !Array.isArray(files) || files.length === 0) return;
@@ -115,6 +114,17 @@ export default async function HarnessOutcomePlugin(ctx) {
         success,
         output: output ?? null,
       }, { sessionId });
+      updateTaskProjectLedger({
+        platform: 'opencode',
+        phase: 'post_tool',
+        source: 'opencode-harness-outcome',
+        event: { ...input, sessionId, cwd: process.cwd() },
+        evidence: {
+          outcome_ref: outcomeRef,
+          verification: looksLikeVerification(input, output, success),
+          commandResult: success ? 'success' : 'failed',
+        },
+      });
 
       // Try SDK first
       const client = await getClient();
@@ -141,12 +151,7 @@ export default async function HarnessOutcomePlugin(ctx) {
         process.env.ARIA_HARNESS_BASE_URL ||
         process.env.ARIA_HARNESS_URL ||
         'https://harness.ariasos.com';
-      let harnessToken = process.env.ARIA_HARNESS_TOKEN || process.env.ARIA_API_KEY || '';
-      try {
-        if (!harnessToken) {
-          if (existsSync(OWNER_TOKEN_PATH)) harnessToken = readFileSync(OWNER_TOKEN_PATH, 'utf8').trim();
-        }
-      } catch {}
+      const harnessToken = resolveAriaAuthToken({ baseUrl: harnessUrl }).token;
       if (!harnessToken) return;
 
       fetch(`${harnessUrl}/api/harness/outcome-record`, {