@aria_asi/cli 0.2.37 → 0.2.39

package/dist/runtime/quality-enforcer.mjs

@@ -0,0 +1,257 @@
+#!/usr/bin/env node
+/**
+ * Runtime Quality Enforcer — First-Class Doctrine Rails
+ *
+ * Hard-blocks any output that contains internal gate labels, placeholders,
+ * or collapse-text. No gate label ever reaches a user surface again.
+ *
+ * Invariants:
+ *  1. HARD regex blocks — catch-all for any internal machinery leaking
+ *  2. Minimum substance check — no empty/trivial responses
+ *  3. Recovery contract — blocked → rewrite prompt → retry (max 2) → safe fallback
+ *  4. Coach kernel notified of every violation for pattern learning
+ *  5. Quality violation ledger records every enforcement action
+ *  6. Safe fallbacks guaranteed per kernel — deterministic, never empty
+ */
+
+import { createHash, randomUUID } from 'node:crypto';
+import { appendFileSync, existsSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+// ── Paths ──────────────────────────────────────────────────────────────────
+
+const HOME = homedir();
+const STATE_DIR = join(HOME, '.aria', 'runtime', 'state');
+const QUALITY_LEDGER_PATH = join(STATE_DIR, 'quality-violations.jsonl');
+const COACH_STATE_PATH = join(STATE_DIR, 'coach-state.json');
+
+// ── Hard Doctrine Rails ────────────────────────────────────────────────────
+
+const HARD_BLOCK_PATTERNS = [
+  { pattern: /\bpersonal_mouth_[a-z_]+\b/i,          label: 'gate_label:personal_mouth' },
+  { pattern: /\bcode_no_tests\b/i,                   label: 'gate_label:code_no_tests' },
+  { pattern: /\bcode_fake_implementation\b/i,          label: 'gate_label:fake_impl' },
+  { pattern: /\bcode_type_safety\b/i,                 label: 'gate_label:type_safety' },
+  { pattern: /\bip_infrastructure\b/i,                label: 'gate_label:ip_leak' },
+  { pattern: /\b8lens_[a-z_]+\b/i,                    label: 'gate_label:8lens' },
+  { pattern: /\bvoice_cold_[a-z_]+\b/i,               label: 'gate_label:voice_cold' },
+  { pattern: /\bharness_output_gate_block\b/i,        label: 'gate_label:output_block' },
+  { pattern: /\bauto_fix:\s/i,                        label: 'gate_label:auto_fix' },
+  { pattern: /I need to pause and reconsider\.?/i,    label: 'gate_label:collapse_placeholder' },
+  { pattern: /\bpersonal_mouth_harness_shallow_[a-z_]+\b/i, label: 'gate_label:shallow' },
+  { pattern: /\bpersonal_mouth_unsupported_internal_[a-z_]+\b/i, label: 'gate_label:internal_claim' },
+];
+
+const MINIMUM_CHARS = 40;
+
+const SAFE_FALLBACKS = {
+  emotional_presence: "I'm here. Tell me what's with you right now.",
+  architect: "I need more context to give a proper architecture answer. What specific system or decision are you working on?",
+  repair: "I can see the issue — let me trace the root cause. Can you share the specific error or surface that's broken?",
+  action: "Action kernel received — confirmation required before proceeding. What would you like to execute?",
+  research: "Let me gather the relevant information. What specific topic or question should I research?",
+  default: "Let me try again — that last response wasn't right. What were you asking about?",
+};
+
+// ── Violation Ledger ──────────────────────────────────────────────────────
+
+function ensureStateDir() {
+  if (!existsSync(STATE_DIR)) mkdirSync(STATE_DIR, { recursive: true, mode: 0o700 });
+}
+
+function logViolation(violation) {
+  ensureStateDir();
+  try {
+    appendFileSync(QUALITY_LEDGER_PATH, `${JSON.stringify(violation)}\n`, { encoding: 'utf8' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function notifyCoach(violation) {
+  ensureStateDir();
+  try {
+    const event = {
+      at: new Date().toISOString(),
+      type: 'quality_violation',
+      violationId: violation.violationId,
+      kernel: violation.kernel,
+      violation: violation.violation,
+      textPreview: violation.textPreview,
+      recoveryAttempts: violation.recoveryAttempts,
+      finalOutcome: violation.finalOutcome,
+    };
+    if (existsSync(COACH_STATE_PATH)) {
+      // Append to coach state for offline learning
+      appendFileSync(COACH_STATE_PATH, `${JSON.stringify(event)}\n`, { encoding: 'utf8' });
+    }
+  } catch {
+    // Non-fatal — coach learning is best-effort
+  }
+}
+
+function violationHash(text) {
+  return createHash('sha256').update(String(text)).digest('hex').slice(0, 16);
+}
+
+// ── Core Enforcement ──────────────────────────────────────────────────────
+
+export function checkQuality(text) {
+  if (typeof text !== 'string' || text.length === 0) {
+    return { allowed: false, reasons: ['empty_output'] };
+  }
+
+  const reasons = [];
+  for (const { pattern, label } of HARD_BLOCK_PATTERNS) {
+    if (pattern.test(text)) {
+      reasons.push(label);
+    }
+  }
+
+  if (text.trim().length < MINIMUM_CHARS) {
+    reasons.push('below_minimum_chars');
+  }
+
+  return { allowed: reasons.length === 0, reasons };
+}
+
+export async function enforceQualityWithRecovery(
+  text,
+  kernel = 'default',
+  options = {},
+) {
+  const sessionId = options.sessionId || 'runtime';
+  const rewriteFn = options.rewriteFn || null;
+  const maxAttempts = Math.min(2, Math.max(0, Number(options.maxRecoveryAttempts || 2)));
+
+  const initial = checkQuality(text);
+  if (initial.allowed) {
+    return {
+      finalText: text,
+      enforced: false,
+      attempts: 0,
+      violations: [],
+      logged: false,
+    };
+  }
+
+  const violations = [...initial.reasons];
+  let currentText = text;
+  let attempts = 0;
+  let repaired = false;
+
+  // Recovery loop: ask the model to repair its own output
+  while (attempts < maxAttempts && rewriteFn && !repaired) {
+    attempts += 1;
+    try {
+      const repairedText = await rewriteFn(
+        `Your previous response was blocked by quality enforcement for these reasons: ${initial.reasons.join(', ')}. ` +
+        `Rewrite the answer to remove all internal labels, gate phrases, and placeholder text. ` +
+        `Original context: ${text.slice(0, 200)}`
+      );
+      const repairCheck = checkQuality(repairedText);
+      if (repairCheck.allowed) {
+        currentText = repairedText;
+        repaired = true;
+        break;
+      }
+      violations.push(...repairCheck.reasons);
+    } catch {
+      // Recovery attempt failed — continue to next attempt or fallback
+    }
+  }
+
+  // Safe fallback if all recovery attempts failed
+  const finalText = repaired
+    ? currentText
+    : (SAFE_FALLBACKS[kernel] || SAFE_FALLBACKS.default);
+
+  // Log the violation
+  const violation = {
+    violationId: randomUUID(),
+    sessionId,
+    kernel,
+    violations,
+    textPreview: String(text).slice(0, 200),
+    textHash: violationHash(text),
+    recoveryAttempts: attempts,
+    finalOutcome: repaired ? 'repaired' : 'safe_fallback',
+    at: new Date().toISOString(),
+  };
+
+  const logged = logViolation(violation);
+  notifyCoach(violation);
+
+  return {
+    finalText,
+    enforced: true,
+    attempts,
+    violations,
+    logged,
+  };
+}
+
+// ── Safe Mouth Proxy ──────────────────────────────────────────────────────
+
+/**
+ * Drop-in guard for mounted-runtime provider pipelines.
+ * Accepts a providerMeta text and guarantees the finalText is safe.
+ */
+export async function guardProviderOutput(providerMeta, kernel, sessionId) {
+  const result = await enforceQualityWithRecovery(
+    providerMeta.text,
+    kernel,
+    { sessionId },
+  );
+  return {
+    ...providerMeta,
+    text: result.finalText,
+    quality: {
+      enforced: result.enforced,
+      attempts: result.attempts,
+      violations: result.violations,
+      logged: result.logged,
+    },
+  };
+}
+
+// ── Coach Notification Bridge ─────────────────────────────────────────────
+
+/**
+ * Notifies the coach kernel of a new quality violation pattern.
+ * Called by the quality enforcer after every enforcement action.
+ */
+export function getCoachQualitySummary() {
+  ensureStateDir();
+  try {
+    if (!existsSync(QUALITY_LEDGER_PATH)) {
+      return { ok: true, violationCount: 0, recentPatterns: [] };
+    }
+    const lines = require('node:fs').readFileSync(QUALITY_LEDGER_PATH, 'utf8').trim().split('\n').filter(Boolean);
+    const violations = lines.map((line) => {
+      try { return JSON.parse(line); } catch { return null; }
+    }).filter(Boolean);
+
+    // Count by violation type
+    const byType = {};
+    for (const v of violations) {
+      for (const reason of (v.violations || [])) {
+        byType[reason] = (byType[reason] || 0) + 1;
+      }
+    }
+
+    return {
+      ok: true,
+      violationCount: violations.length,
+      recentPatterns: Object.entries(byType)
+        .sort(([, a], [, b]) => b - a)
+        .slice(0, 10)
+        .map(([pattern, count]) => ({ pattern, count })),
+      lastViolation: violations[violations.length - 1] || null,
+    };
+  } catch {
+    return { ok: false, violationCount: 0, recentPatterns: [] };
+  }
+}

package/dist/runtime/sdk/BUNDLED.json

@@ -1,5 +1,5 @@
 {
-  "bundledAt": "2026-05-04T03:02:47.924Z",
+  "bundledAt": "2026-05-04T05:01:08.181Z",
   "sdkSource": "/home/hamzaibrahim1/rei-ai-brain/harness/packages/harness-http-client/dist",
   "files": 12
 }

package/dist/runtime/service.mjs

@@ -42,8 +42,11 @@ import {
   formatCoachClientBlock,
   readCoachState,
   recordCoachPhase,
+  triggerMissingSkills,
 } from './coach-kernel.mjs';
 import { resolveAriaAuthToken } from './auth-token.mjs';
+import { check, enforceWithRecovery as enforceQualityWithRecovery } from './quality-enforcer.mjs';
+import { enforceGates } from './gated-ledger.mjs';
 
 const require = createRequire(import.meta.url);
 const { runFullChain } = require('./vendor/aria-gate-runtime/index.js');
@@ -3726,6 +3729,15 @@ async function evaluateProviderCandidate(req, body, client, apiKey, turn, provid
   };
 }
 
+function deriveEffectiveKernel(turn, body) {
+  const msg = body?.message || body?.prompt || body?.input || '';
+  if (turn?.turnClass === 'repair' || /repair|fix|debug|broken|bug|error|failing|crash|recover/i.test(msg)) return 'repair';
+  if (turn?.turnClass === 'architect' || /architecture|design|system|pipeline|tradeoff|ADR/i.test(msg)) return 'architect';
+  if (turn?.turnClass === 'action' || /deploy|execute|run|build|ship|rollout|restart|push/i.test(msg)) return 'action';
+  if (turn?.turnClass === 'research' || /research|search|find|recall|retrieve|look.up|investigate/i.test(msg)) return 'research';
+  return 'emotional_presence';
+}
+
 async function handleProviderProxy(req, body, client, providerStyle, options = {}) {
   const apiKey = resolveApiKey(req, body, options);
   const startedAt = Date.now();
@@ -3819,6 +3831,44 @@ async function handleProviderProxy(req, body, client, providerStyle, options = {
     ],
   });
   coachRecords.push(preGenerationCoach);
+  // ── Coach auto-trigger: load missing skills instead of blocking ──
+  if (preGenerationCoach.decision === 'auto_trigger_skills' && turn.missingSkillIds?.length > 0) {
+    const skillResult = await triggerMissingSkills(
+      turn.missingSkillIds,
+      SKILL_SEARCH_ROOTS,
+    );
+    const loadedCoach = recordRuntimeCoachPhase({
+      phase: 'pre_generation',
+      body,
+      turn: { ...turn, loadedSkillIds: [...(turn.loadedSkillIds || []), ...skillResult.loaded], missingSkillIds: skillResult.stillMissing },
+      providerStyle,
+      providerPlan,
+      text: turn.userMessage,
+      evidenceRefs: [`skills_loaded:${skillResult.loaded.length}`, `skills_still_missing:${skillResult.stillMissing.length}`],
+      metadata: { autoLoadedSkills: skillResult.loaded },
+    });
+    coachRecords.push(loadedCoach);
+    if (loadedCoach.decision === 'hard_block') {
+      const refusal = formatCoachClientBlock(loadedCoach);
+      const autoBlockRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
+        phase: 'pre_generation_skills_block',
+        body, turn, providerStyle, providerPlan,
+        releaseDecision: 'hard_block',
+        blockers: loadedCoach.reasons,
+        evidenceRefs: coachRecordRefs(coachRecords),
+      }));
+      ledgerRecords.push({ phase: 'pre_generation_skills_block', ...autoBlockRecord });
+      return providerStyle === 'anthropic'
+        ? anthropicResponseEnvelope(refusal, { model: body.model || 'aria-runtime', finishReason: 'end_turn' }, {}, body?.ariaDebug === true)
+        : openAiResponseEnvelope(body, refusal, { model: body.model || 'aria-runtime', finishReason: 'stop', usage: null }, {});
+    }
+    // Skills loaded — update turn for the rest of the pipeline
+    turn.loadedSkillIds = [...(turn.loadedSkillIds || []), ...skillResult.loaded];
+    turn.missingSkillIds = skillResult.stillMissing;
+    if (skillResult.loadedBodies.length > 0) {
+      turn.skillBodies = [...(turn.skillBodies || []), ...skillResult.loadedBodies.map((s) => s.body)];
+    }
+  }
   if (preGenerationCoach.decision === 'hard_block') {
     const refusal = formatCoachClientBlock(preGenerationCoach);
     const preBlockRecord = appendManagedRuntimeLedger(buildManagedRuntimeLedgerRecord({
@@ -3877,6 +3927,17 @@ async function handleProviderProxy(req, body, client, providerStyle, options = {
     ledgerRecords.push({ phase: 'provider_call_failed', ...failureRecord });
     throw error;
   }
+
+  const providerQualityResult = await enforceQualityWithRecovery(
+    providerMeta.text || '',
+    deriveEffectiveKernel(turn, body),
+    { sessionId: turn.sessionId || body.sessionId },
+  );
+  if (providerQualityResult.enforced) {
+    providerMeta.text = providerQualityResult.finalText;
+    providerMeta.qualityEnforced = true;
+  }
+
   recordProviderUsage(body, turn, providerMeta);
   let hardCoachBlock = null;
   let evaluation = await evaluateProviderCandidate(req, body, client, apiKey, turn, providerStyle, providerMeta, providerMeta.text || '');
@@ -4125,11 +4186,55 @@ async function handleProviderProxy(req, body, client, providerStyle, options = {
       records: coachRecords,
     },
   };
+  const finalQualityResult = await enforceQualityWithRecovery(
+    finalText,
+    deriveEffectiveKernel(turn, body),
+    { sessionId: turn.sessionId || body.sessionId },
+  );
+  if (finalQualityResult.enforced) {
+    finalText = finalQualityResult.finalText;
+  }
+
+  // ── Gated Ledger: final enforcement before release ──
+  const gated = await enforceGates(finalText, {
+    kernel: deriveEffectiveKernel(turn, body),
+    sessionId: turn.sessionId || body.sessionId,
+  });
+  if (gated.enforced) {
+    extra.gatedLedger = {
+      enforced: true,
+      gates: gated.gates,
+      doctrineTriggers: gated.doctrineTriggers,
+      recordId: gated.record.recordId,
+    };
+  }
+  finalText = gated.finalText;
+
   return providerStyle === 'anthropic'
     ? anthropicResponseEnvelope(finalText, providerMeta, extra, body?.ariaDebug === true)
     : openAiResponseEnvelope(body, finalText, providerMeta, extra);
 }
 
+function extractProviderResponseText(response) {
+  if (!response || typeof response !== 'object') return null;
+  const choices = response.choices;
+  if (Array.isArray(choices) && choices.length > 0) {
+    const content = choices[0]?.message?.content;
+    return typeof content === 'string' ? content : null;
+  }
+  return null;
+}
+
+function extractAnthropicResponseText(response) {
+  if (!response || typeof response !== 'object') return null;
+  const content = response.content;
+  if (Array.isArray(content)) {
+    return content.map(c => (c && c.text ? c.text : '')).join(' ').trim() || null;
+  }
+  if (typeof content === 'string') return content;
+  return null;
+}
+
 async function handleForgeSynthesis(req, body, client) {
   const apiKey = resolveApiKey(req, body);
   const startedAt = Date.now();
@@ -5338,6 +5443,13 @@ async function handleRoute(req, res) {
 
     if (providerPath === '/v1/chat/completions') {
       const response = await handleProviderProxy(req, body, client, 'openai', ariaAuthOptions);
+      const responseText = extractProviderResponseText(response);
+      if (responseText) {
+        const qScan = check(responseText);
+        if (!qScan.allowed) {
+          console.warn(`[quality-enforcer] Gate labels detected in OpenAI response after handleProviderProxy. ${qScan.reasons.join(', ')}`);
+        }
+      }
       return json(res, 200, response);
     }
 
@@ -5349,6 +5461,13 @@ async function handleRoute(req, res) {
 
     if (providerPath === '/v1/messages') {
       const response = await handleProviderProxy(req, body, client, 'anthropic', ariaAuthOptions);
+      const responseText = extractAnthropicResponseText(response);
+      if (responseText) {
+        const qScan = check(responseText);
+        if (!qScan.allowed) {
+          console.warn(`[quality-enforcer] Gate labels detected in Anthropic response after handleProviderProxy. ${qScan.reasons.join(', ')}`);
+        }
+      }
       return json(res, 200, response);
     }
 

package/dist/sdk/BUNDLED.json

@@ -1,5 +1,5 @@
 {
-  "bundledAt": "2026-05-04T03:02:47.924Z",
+  "bundledAt": "2026-05-04T05:01:08.180Z",
   "sdkSource": "/home/hamzaibrahim1/rei-ai-brain/harness/packages/harness-http-client/dist",
   "files": 12
 }

package/hooks/aria-pre-tool-gate.mjs

@@ -1068,6 +1068,59 @@ if (emergencyGateOff.off) {
 
 const toolName = event.tool_name ?? event.toolName ?? '';
 const toolInput = event.tool_input ?? event.toolInput ?? {};
+
+// Coach Kernel routing — single source of truth, run before all hook-native checks.
+try {
+  const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
+  const _coachBase = existsSync(_coachUrl)
+    ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
+    : 'http://127.0.0.1:4319';
+  const _coachToken = (() => {
+    const tp = `${HOME}/.aria/owner-token`;
+    if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
+    const lp = `${HOME}/.aria/license.json`;
+    if (existsSync(lp)) {
+      try { const lt = JSON.parse(readFileSync(lp, 'utf8')); return lt.token || lt.harnessToken || ''; } catch { return ''; }
+    }
+    return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
+  })();
+  const _coachHeaders = { 'Content-Type': 'application/json' };
+  if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
+  const _cmd = String(toolInput?.command || '');
+  const _coachPayload = {
+    phase: 'pre_tool',
+    requestId: `claude-pre-tool:${Date.now()}`,
+    sessionId: String(toolInput?.session_id || process.env.HOOK_SESSION_ID || 'claude-unknown').slice(0, 80),
+    surface: 'claude-hooks',
+    lane: 'claude_native_hooks',
+    action: (() => {
+      const t = _cmd.toLowerCase();
+      if (/\b(?:kubectl\s+(?:apply|set|rollout|delete|create|replace|scale)|helm\s+(?:upgrade|install|uninstall)|terraform\s+(?:apply|destroy)|docker\s+(?:push|build\s+.*--push)|deploy)\b/i.test(t)) return 'deploy';
+      if (/\b(?:rm\s+-[rRfF]+\S*|sudo\s+|systemctl\s+(?:stop|disable|mask|kill)|kill\s+-[9K]|pkill\s+-[9K]|chmod\s+777|git\s+(?:push\s+--force|reset\s+--hard)|docker\s+rm\s+-f)\b/i.test(t)) return 'delete';
+      return '';
+    })(),
+    target: JSON.stringify(toolInput).slice(0, 2000),
+    text: _cmd.slice(0, 1000),
+    metadata: { source: 'claude-pre-tool-gate', toolName },
+  };
+  const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
+    method: 'POST', headers: _coachHeaders, body: JSON.stringify(_coachPayload),
+    signal: AbortSignal.timeout(2000),
+  });
+  if (_coachResp.ok) {
+    const _coachBody = await _coachResp.json();
+    if (_coachBody?.permitted === false && _coachBody?.decision === 'hard_block') {
+      audit('block-coach-authoritative', `reasons=${(_coachBody.reasons||[]).join(',')}`);
+      console.log(JSON.stringify({
+        decision: 'block',
+        reason: ['Aria Coach blocked this action before execution.', '', `Reason: ${(_coachBody.reasons||['coach_policy']).slice(0,3).join('; ')}`, '', _coachBody.clientMessage || 'Remove the high-risk condition and retry.'].join('\n'),
+        hookSpecificOutput: { hookEventName: 'PreToolUse', coach_decision: _coachBody.decision, coach_reasons: _coachBody.reasons },
+      }));
+      process.exit(2);
+    }
+  }
+} catch { /* Coach unreachable — fall through to hook-native checks */ }
+
 const transcriptPath = event.transcript_path ?? event.transcriptPath;
 
 // Gate every action tool — every tool that mutates state must go through

package/hooks/aria-pre-tool-use.mjs

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+import {
+  getHarnessClient,
+  inferSessionId,
+  classifyAction,
+  summarizeTarget,
+  readEventFromStdin,
+  loadTurnState,
+  makeEvidenceRef,
+  recordCoachPhase,
+  saveTurnState,
+  formatCodexRecoveryBlock,
+  emitJson,
+} from './lib/runtime-client.mjs';
+
+const event = readEventFromStdin();
+const sessionId = inferSessionId(event);
+const action = classifyAction(event);
+const target = summarizeTarget(event);
+const state = loadTurnState(sessionId);
+
+try {
+  if (!state?.preReceiptId && !state?.userText) {
+    emitJson({
+      decision: 'block',
+      reason: formatCodexRecoveryBlock({
+        surface: 'codex-pre-tool',
+        reason: 'this turn has no pre-turn Mizan receipt',
+        next: '6. Re-submit the prompt so cognition is established before tool use, then request the tool again.',
+      }),
+    });
+  }
+  const toolName = String(event?.tool_name || event?.toolName || '').trim() || null;
+  const requestRef = makeEvidenceRef('codex_tool_request', { action, toolName, target }, { sessionId });
+  const coach = await recordCoachPhase('pre_tool', {
+    requestId: state?.traceId || sessionId,
+    sessionId,
+    text: target,
+    action,
+    target,
+    evidenceRefs: [requestRef],
+    metadata: { source: 'codex-pre-tool-hook', toolName, requireVerify: action === 'deploy' || action === 'delete' },
+  });
+  if (coach?.permitted === false) {
+    emitJson({
+      decision: 'block',
+      reason: formatCodexRecoveryBlock({
+        surface: 'codex-pre-tool-coach',
+        reason: coach.clientMessage || 'Coach Kernel denied ' + action,
+        next: '6. Add the required evidence/cognition contract, then request the tool again.',
+      }),
+    });
+  }
+  const tools = Array.isArray(state?.tools) ? state.tools.slice(-24) : [];
+  tools.push({
+    at: new Date().toISOString(),
+    action,
+    toolName,
+    target,
+    evidenceRef: makeEvidenceRef('tool_request', { action, toolName, target }, { sessionId }),
+  });
+  saveTurnState(sessionId, {
+    tools,
+    lastEvent: 'PreToolUse',
+  });
+  process.exit(0);
+} catch (error) {
+  emitJson({
+    decision: 'block',
+    reason: formatCodexRecoveryBlock({
+      surface: 'codex-pre-tool-hook',
+      reason: error instanceof Error ? error.message : String(error),
+    }),
+  });
+}

package/hooks/lib/first-class-coach.mjs

@@ -243,10 +243,10 @@ function summarizeRuntimeToolTarget(event = {}) {
 
 function inferRuntimeAction(event = {}, phase = '') {
   const haystack = `${phase}\n${summarizeRuntimeToolTarget(event)}\n${stableJson(event).slice(0, 6000)}`;
-  if (/\b(?:kubectl\s+(?:apply|set|rollout|delete)|helm\s+upgrade|terraform\s+apply|docker\s+push|deploy)\b/i.test(haystack)) return 'deploy';
-  if (/\b(?:rm\s+-[rRfF]+|delete|drop\s+(?:table|database|schema)|git\s+reset\s+--hard)\b/i.test(haystack)) return 'delete';
+  if (/\b(?:kubectl\s+(?:apply|set|rollout|delete|create|replace|scale)|helm\s+(?:upgrade|install|uninstall)|terraform\s+(?:apply|destroy)|docker\s+(?:push|build\s+.*--push)|deploy)\b/i.test(haystack)) return 'deploy';
+  if (/\b(?:rm\s+-[rRfF]+\S*|drop\s+(?:table|database|schema|collection|index)|git\s+(?:reset\s+--hard|push\s+--force|push\s+--delete)|sudo\s+|systemctl\s+(?:stop|disable|mask|kill)|kill\s+-[9K]|pkill\s+-[9K]|chmod\s+777|docker\s+rm\s+-f)\b/i.test(haystack)) return 'delete';
+  if (/\b(?:--no-verify|--no-gpg-sign)\b/i.test(haystack)) return 'delete';
   if (phase === 'stop' || phase === 'pre_emit') return 'release';
-  if (phase === 'pre_tool' || phase === 'post_tool') return 'write';
   return '';
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aria_asi/cli",
-  "version": "0.2.37",
+  "version": "0.2.39",
   "description": "Aria Smart CLI — the world's first harness-powered terminal companion",
   "bin": {
     "aria": "bin/aria.js"