@aria_asi/cli 0.2.39 → 0.2.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/aria-connector/src/connectors/codex.d.ts.map +1 -1
- package/dist/aria-connector/src/connectors/codex.js +52 -3
- package/dist/aria-connector/src/connectors/codex.js.map +1 -1
- package/dist/assets/hooks/aria-pre-tool-gate.mjs +40 -12
- package/dist/runtime/hooks/aria-pre-tool-gate.mjs +40 -12
- package/dist/runtime/manifest.json +1 -1
- package/dist/runtime/sdk/BUNDLED.json +1 -1
- package/dist/sdk/BUNDLED.json +1 -1
- package/hooks/aria-pre-tool-gate.mjs +40 -12
- package/package.json +1 -1
- package/src/connectors/codex.ts +52 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"codex.d.ts","sourceRoot":"","sources":["../../../../src/connectors/codex.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"codex.d.ts","sourceRoot":"","sources":["../../../../src/connectors/codex.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAkrC/C,wBAAsB,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAkBxE"}
|
|
@@ -499,7 +499,7 @@ try {
|
|
|
499
499
|
}
|
|
500
500
|
function buildCodexPreToolHook() {
|
|
501
501
|
return `#!/usr/bin/env node
|
|
502
|
-
import {
|
|
502
|
+
import {
|
|
503
503
|
inferSessionId,
|
|
504
504
|
classifyAction,
|
|
505
505
|
summarizeTarget,
|
|
@@ -507,6 +507,7 @@ import {
|
|
|
507
507
|
loadTurnState,
|
|
508
508
|
makeEvidenceRef,
|
|
509
509
|
recordCoachPhase,
|
|
510
|
+
runGovernanceGate,
|
|
510
511
|
saveTurnState,
|
|
511
512
|
formatCodexRecoveryBlock,
|
|
512
513
|
emitJson,
|
|
@@ -550,6 +551,42 @@ try {
|
|
|
550
551
|
}),
|
|
551
552
|
});
|
|
552
553
|
}
|
|
554
|
+
let gateEvidence = null;
|
|
555
|
+
try {
|
|
556
|
+
gateEvidence = runGovernanceGate({
|
|
557
|
+
sessionId,
|
|
558
|
+
sourceRuntime: 'codex',
|
|
559
|
+
surface: 'codex-pre-tool-use',
|
|
560
|
+
text: JSON.stringify(event).slice(0, 8000),
|
|
561
|
+
action,
|
|
562
|
+
toolName,
|
|
563
|
+
isDeploy: action === 'deploy',
|
|
564
|
+
isMutation: action === 'write' || action === 'delete',
|
|
565
|
+
evidence: requestRef,
|
|
566
|
+
});
|
|
567
|
+
} catch {}
|
|
568
|
+
if (gateEvidence) {
|
|
569
|
+
const gateRef = makeEvidenceRef('governance_gate', gateEvidence, { sessionId, action, toolName });
|
|
570
|
+
const gateCoach = await recordCoachPhase('pre_tool', {
|
|
571
|
+
requestId: state?.traceId || sessionId,
|
|
572
|
+
sessionId,
|
|
573
|
+
text: target,
|
|
574
|
+
action,
|
|
575
|
+
target,
|
|
576
|
+
evidenceRefs: [requestRef, gateRef],
|
|
577
|
+
metadata: { source: 'codex-pre-tool-hook', toolName, governanceGate: gateEvidence },
|
|
578
|
+
});
|
|
579
|
+
if (gateCoach?.permitted === false) {
|
|
580
|
+
emitJson({
|
|
581
|
+
decision: 'block',
|
|
582
|
+
reason: formatCodexRecoveryBlock({
|
|
583
|
+
surface: 'codex-pre-tool-gate-coach',
|
|
584
|
+
reason: gateCoach.clientMessage || 'Coach Kernel denied after governance gate signal.',
|
|
585
|
+
next: '6. Repair the condition flagged by the governance gate, then request the tool again.',
|
|
586
|
+
}),
|
|
587
|
+
});
|
|
588
|
+
}
|
|
589
|
+
}
|
|
553
590
|
const tools = Array.isArray(state?.tools) ? state.tools.slice(-24) : [];
|
|
554
591
|
tools.push({
|
|
555
592
|
at: new Date().toISOString(),
|
|
@@ -652,6 +689,7 @@ import {
|
|
|
652
689
|
formatValidationFailure,
|
|
653
690
|
formatCodexRecoveryBlock,
|
|
654
691
|
isAriaControlBlock,
|
|
692
|
+
runGovernanceGate,
|
|
655
693
|
updateTaskProjectLedger,
|
|
656
694
|
evaluateTaskProjectClaim,
|
|
657
695
|
recordBlockedTaskProjectClaim,
|
|
@@ -695,6 +733,17 @@ try {
|
|
|
695
733
|
}),
|
|
696
734
|
});
|
|
697
735
|
}
|
|
736
|
+
let gateEvidence = null;
|
|
737
|
+
try {
|
|
738
|
+
gateEvidence = runGovernanceGate({
|
|
739
|
+
sessionId,
|
|
740
|
+
sourceRuntime: 'codex',
|
|
741
|
+
surface: 'codex-stop',
|
|
742
|
+
text: text.slice(0, 8000),
|
|
743
|
+
isOutputCloseout: true,
|
|
744
|
+
evidence: outputRef,
|
|
745
|
+
});
|
|
746
|
+
} catch {}
|
|
698
747
|
const ledgerClaim = evaluateTaskProjectClaim({ text, ledger: ledgerResult.ledger });
|
|
699
748
|
if (!ledgerClaim.ok) {
|
|
700
749
|
recordBlockedTaskProjectClaim({
|
|
@@ -736,8 +785,8 @@ try {
|
|
|
736
785
|
text,
|
|
737
786
|
validation: validation?.validation || null,
|
|
738
787
|
layer3: validation?.layer3 || null,
|
|
739
|
-
evidenceRefs: [outputRef, makeEvidenceRef('runtime_validation', validation, { sessionId, traceId: state?.traceId || null })],
|
|
740
|
-
metadata: { source: 'codex-stop-hook', requireCognitionBlock: false, requireAppliedCognition: false },
|
|
788
|
+
evidenceRefs: [outputRef, makeEvidenceRef('runtime_validation', validation, { sessionId, traceId: state?.traceId || null }), ...(gateEvidence ? [makeEvidenceRef('governance_gate', gateEvidence, { sessionId })] : [])],
|
|
789
|
+
metadata: { source: 'codex-stop-hook', requireCognitionBlock: false, requireAppliedCognition: false, governanceGate: gateEvidence || null },
|
|
741
790
|
});
|
|
742
791
|
if (preOutputCoach?.permitted === false) {
|
|
743
792
|
emitJson({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"codex.js","sourceRoot":"","sources":["../../../../src/connectors/codex.ts"],"names":[],"mappings":"AAAA,8HAA8H;AAE9H,OAAO,EACL,UAAU,EACV,SAAS,EACT,WAAW,EACX,QAAQ,EACR,YAAY,EACZ,SAAS,EACT,aAAa,EACb,YAAY,GACb,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEnE,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,kCAAkC;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;QAC5G,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;KACjH,CAAC;IACF,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB,EAAE,IAAc;IAClD,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,yBAAyB,MAAM,sBAAsB,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE;YAAE,SAAS;QACtC,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;QAC3C,MAAM,EAAE,CAAC;IACX,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,uBAAuB,MAAM,aAAa,MAAM,EAAE,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB,EAAE,IAAc;IAC1D,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO;IAEhC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACxF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5C,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtD,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE;YAAE,SAAS;QACtC,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,KAAK,cAAc;YAAE,SAAS;QACjE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,EAClC,IAAI,CAAC,SAAS,CAAC;QACb,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,qDAAqD;QAClE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE;YACP,GAAG,EAAE;gBACH,KAAK,EAAE,mBAAmB;gBAC1B,MAAM,EAAE,iBAAiB;aAC1B;SACF;QACD,OAAO,EAAE,KAAK;KACf,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAClB,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,2BAA2B;IAClC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0TR,CAAC;AACF,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuGR,CAAC;AACF,CAAC;AAED,SAAS,qBAAqB;IAC5B,OAAO
|
|
1
|
+
{"version":3,"file":"codex.js","sourceRoot":"","sources":["../../../../src/connectors/codex.ts"],"names":[],"mappings":"AAAA,8HAA8H;AAE9H,OAAO,EACL,UAAU,EACV,SAAS,EACT,WAAW,EACX,QAAQ,EACR,YAAY,EACZ,SAAS,EACT,aAAa,EACb,YAAY,GACb,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEnE,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,kCAAkC;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;QAC5G,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,yBAAyB,CAAC;KACjH,CAAC;IACF,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB,EAAE,IAAc;IAClD,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,yBAAyB,MAAM,sBAAsB,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE;YAAE,SAAS;QACtC,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;QAC3C,MAAM,EAAE,CAAC;IACX,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,uBAAuB,MAAM,aAAa,MAAM,EAAE,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB,EAAE,IAAc;IAC1D,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO;IAEhC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACxF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5C,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtD,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE;YAAE,SAAS;QACtC,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,KAAK,cAAc;YAAE,SAAS;QACjE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,EAClC,IAAI,CAAC,SAAS,CAAC;QACb,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,qDAAqD;QAClE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE;YACP,GAAG,EAAE;gBACH,KAAK,EAAE,mBAAmB;gBAC1B,MAAM,EAAE,iBAAiB;aAC1B;SACF;QACD,OAAO,EAAE,KAAK;KACf,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAClB,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,2BAA2B;IAClC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0TR,CAAC;AACF,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuGR,CAAC;AACF,CAAC;AAED,SAAS,qBAAqB;IAC5B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+GR,CAAC;AACF,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6DR,CAAC;AACF,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuPR,CAAC;AACF,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;IAClF,OAAO;;gBAEO,UAAU,CAAC,QAAQ,CAAC;;;yCAGK,OAAO,CAAC,4BAA4B,CAAC;;;;yCAIrC,OAAO,CAAC,uBAAuB,CAAC;;;;yCAIhC,OAAO,CAAC,wBAAwB,CAAC;;;yCAGjC,OAAO,CAAC,eAAe,CAAC;;CAEhE,CAAC;AACF,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB,EAAE,IAAc;IAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,WAAW,GAAG,gEAAgE,CAAC;IACrF,IAAI,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,IAAI,IAAI,IAAI,CAAC;QAC/C,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;IAC9B,CAAC;IACD,aAAa,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,CAAC,0CAA0C,UAAU,EAAE,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,IAAc;IACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxE,MAAM,eAAe,GAAG,kCAAkC,EAAE,CAAC;IAC7D,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,uCAAuC,eAAe,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,KAAK,GAA4B;QACrC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,oBAAoB,CAAC,EAAE,2BAA2B,EAAE,CAAC;QACjF,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,4BAA4B,CAAC,EAAE,wBAAwB,EAAE,CAAC;QAC/E,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,EAAE,qBAAqB,EAAE,CAAC;QACvE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,wBAAwB,CAAC,EAAE,sBAAsB,EAAE,CAAC;QACzE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC;KAC7D,CAAC;IAEF,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;QACxC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC;YAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IAC9C,CAAC;IACD,YAAY,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,yBAAyB,CAAC,CAAC,CAAC;IACrF,IAAI,CAAC;QAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,yBAAyB,CAAC,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEzF,IAAI,CAAC,IAAI,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;IACxD,uBAAuB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,eAAe,CAAC,OAAmB;IAC1C,OAAO;;;;;;;;;;;6BAWoB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC;0BACvC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC;2BACzC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,qBAAqB,CAAC;oBACzF,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,0BAA0B,EAAE,SAAS,EAAE,WAAW,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAoCzG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,0BAA0B,EAAE,SAAS,EAAE,WAAW,CAAC;;;;;;OAM5F,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,0BAA0B,EAAE,SAAS,EAAE,WAAW,CAAC;;CAElG,CAAC;AACF,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAkB;IAC5C,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtF,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC;SACnD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,KAAK,EAAE,CAAC;SAC/C,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO;;;;EAIP,aAAa,CAAC,OAAO,CAAC;;;EAGtB,QAAQ,IAAI,mBAAmB;;;EAG/B,UAAU,IAAI,iDAAiD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyChE,CAAC;AACF,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+CR,CAAC;AACF,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB,EAAE,MAAkB,EAAE,IAAc;IACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,0BAA0B,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACjD,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEvD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,eAAe,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IACpD,aAAa,CAAC,SAAS,EAAE,gBAAgB,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9D,IAAI,CAAC;QAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAE7C,IAAI,CAAC,IAAI,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,MAAkB,EAAE,IAAc;IAC3E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACpD,aAAa,CAAC,UAAU,EAAE,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACvE,IAAI,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;IAC9D,aAAa,CAAC,YAAY,EAAE,kBAAkB,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,IAAI,CAAC,IAAI,CAAC,qCAAqC,YAAY,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAkB;IACnD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;IAEhD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC3B,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACnC,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACrC,iBAAiB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,0BAA0B,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC3C,sBAAsB,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -73,17 +73,8 @@ function runUniversalGovernanceGate(payload) {
|
|
|
73
73
|
try { result = stdout ? JSON.parse(stdout) : null; } catch {}
|
|
74
74
|
if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
|
|
75
75
|
const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
'',
|
|
79
|
-
reason,
|
|
80
|
-
'',
|
|
81
|
-
'Recovery contract:',
|
|
82
|
-
'1. Do not retry the same blocked action unchanged.',
|
|
83
|
-
'2. Load or apply the doctrine/skill named by the governance output.',
|
|
84
|
-
'3. Re-write the action with <applied_cognition> and concrete proof.',
|
|
85
|
-
'4. Re-test by submitting the revised action through this same gate.',
|
|
86
|
-
].join('\n'));
|
|
76
|
+
process.stderr.write(`[aria-governance:block] ${reason.slice(0, 500)}\n`);
|
|
77
|
+
return { decision: 'block', ok: false, reason, governanceMode: 'block', raw: result };
|
|
87
78
|
}
|
|
88
79
|
if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
|
|
89
80
|
process.stderr.write(`[aria-governance:${result.governanceMode || 'recovery-required'}] ${JSON.stringify(result)}\n`);
|
|
@@ -1396,7 +1387,7 @@ if (!skillGate.ok && !skillGate.redirectOnly) {
|
|
|
1396
1387
|
process.exit(2);
|
|
1397
1388
|
}
|
|
1398
1389
|
try {
|
|
1399
|
-
runUniversalGovernanceGate({
|
|
1390
|
+
const govGateResult = runUniversalGovernanceGate({
|
|
1400
1391
|
sessionId,
|
|
1401
1392
|
sourceRuntime: 'claude-code',
|
|
1402
1393
|
surface: 'claude-pre-tool-gate',
|
|
@@ -1409,6 +1400,43 @@ try {
|
|
|
1409
1400
|
loadedSkills: skillGate.loadedSkills,
|
|
1410
1401
|
evidence: { lensCount, hasVerify, hasCognition, hasSubstrateCite },
|
|
1411
1402
|
});
|
|
1403
|
+
if (govGateResult?.decision === 'block') {
|
|
1404
|
+
audit('signal-gov-gate-block', `reason=${(govGateResult.reason || '').slice(0, 120)}`);
|
|
1405
|
+
const _cmd = String(toolInput?.command || '');
|
|
1406
|
+
try {
|
|
1407
|
+
const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
|
|
1408
|
+
const _coachBase = existsSync(_coachUrl)
|
|
1409
|
+
? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
|
|
1410
|
+
: 'http://127.0.0.1:4319';
|
|
1411
|
+
const _coachToken = (() => {
|
|
1412
|
+
const tp = `${HOME}/.aria/owner-token`;
|
|
1413
|
+
if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
|
|
1414
|
+
return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
|
|
1415
|
+
})();
|
|
1416
|
+
const _coachHeaders = { 'Content-Type': 'application/json' };
|
|
1417
|
+
if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
|
|
1418
|
+
const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
|
|
1419
|
+
method: 'POST', headers: _coachHeaders,
|
|
1420
|
+
body: JSON.stringify({
|
|
1421
|
+
phase: 'pre_tool', requestId: `claude-gov-gate:${Date.now()}`,
|
|
1422
|
+
sessionId, surface: 'claude-hooks', lane: 'claude_native_hooks',
|
|
1423
|
+
action: deployMatched ? 'deploy' : '',
|
|
1424
|
+
text: _cmd.slice(0, 1000),
|
|
1425
|
+
metadata: { source: 'claude-governance-gate', toolName, governanceGateBlock: true },
|
|
1426
|
+
evidenceRefs: [{ kind: 'governance_gate', reason: govGateResult.reason }],
|
|
1427
|
+
}),
|
|
1428
|
+
signal: AbortSignal.timeout(2000),
|
|
1429
|
+
});
|
|
1430
|
+
if (_coachResp.ok) {
|
|
1431
|
+
const _coachBody = await _coachResp.json();
|
|
1432
|
+
if (_coachBody?.permitted === false) {
|
|
1433
|
+
audit('block-coach-after-gov-gate', `reasons=${(_coachBody.reasons||[]).join(',')}`);
|
|
1434
|
+
emitBlock(`Aria Coach blocked after governance gate signal: ${(_coachBody.reasons||['gate_violation']).join('; ')}`, { source: 'pre-tool/coach-after-gov-gate', tool: toolName });
|
|
1435
|
+
process.exit(2);
|
|
1436
|
+
}
|
|
1437
|
+
}
|
|
1438
|
+
} catch {}
|
|
1439
|
+
}
|
|
1412
1440
|
} catch (err) {
|
|
1413
1441
|
audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
|
|
1414
1442
|
emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
|
|
@@ -73,17 +73,8 @@ function runUniversalGovernanceGate(payload) {
|
|
|
73
73
|
try { result = stdout ? JSON.parse(stdout) : null; } catch {}
|
|
74
74
|
if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
|
|
75
75
|
const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
'',
|
|
79
|
-
reason,
|
|
80
|
-
'',
|
|
81
|
-
'Recovery contract:',
|
|
82
|
-
'1. Do not retry the same blocked action unchanged.',
|
|
83
|
-
'2. Load or apply the doctrine/skill named by the governance output.',
|
|
84
|
-
'3. Re-write the action with <applied_cognition> and concrete proof.',
|
|
85
|
-
'4. Re-test by submitting the revised action through this same gate.',
|
|
86
|
-
].join('\n'));
|
|
76
|
+
process.stderr.write(`[aria-governance:block] ${reason.slice(0, 500)}\n`);
|
|
77
|
+
return { decision: 'block', ok: false, reason, governanceMode: 'block', raw: result };
|
|
87
78
|
}
|
|
88
79
|
if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
|
|
89
80
|
process.stderr.write(`[aria-governance:${result.governanceMode || 'recovery-required'}] ${JSON.stringify(result)}\n`);
|
|
@@ -1396,7 +1387,7 @@ if (!skillGate.ok && !skillGate.redirectOnly) {
|
|
|
1396
1387
|
process.exit(2);
|
|
1397
1388
|
}
|
|
1398
1389
|
try {
|
|
1399
|
-
runUniversalGovernanceGate({
|
|
1390
|
+
const govGateResult = runUniversalGovernanceGate({
|
|
1400
1391
|
sessionId,
|
|
1401
1392
|
sourceRuntime: 'claude-code',
|
|
1402
1393
|
surface: 'claude-pre-tool-gate',
|
|
@@ -1409,6 +1400,43 @@ try {
|
|
|
1409
1400
|
loadedSkills: skillGate.loadedSkills,
|
|
1410
1401
|
evidence: { lensCount, hasVerify, hasCognition, hasSubstrateCite },
|
|
1411
1402
|
});
|
|
1403
|
+
if (govGateResult?.decision === 'block') {
|
|
1404
|
+
audit('signal-gov-gate-block', `reason=${(govGateResult.reason || '').slice(0, 120)}`);
|
|
1405
|
+
const _cmd = String(toolInput?.command || '');
|
|
1406
|
+
try {
|
|
1407
|
+
const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
|
|
1408
|
+
const _coachBase = existsSync(_coachUrl)
|
|
1409
|
+
? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
|
|
1410
|
+
: 'http://127.0.0.1:4319';
|
|
1411
|
+
const _coachToken = (() => {
|
|
1412
|
+
const tp = `${HOME}/.aria/owner-token`;
|
|
1413
|
+
if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
|
|
1414
|
+
return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
|
|
1415
|
+
})();
|
|
1416
|
+
const _coachHeaders = { 'Content-Type': 'application/json' };
|
|
1417
|
+
if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
|
|
1418
|
+
const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
|
|
1419
|
+
method: 'POST', headers: _coachHeaders,
|
|
1420
|
+
body: JSON.stringify({
|
|
1421
|
+
phase: 'pre_tool', requestId: `claude-gov-gate:${Date.now()}`,
|
|
1422
|
+
sessionId, surface: 'claude-hooks', lane: 'claude_native_hooks',
|
|
1423
|
+
action: deployMatched ? 'deploy' : '',
|
|
1424
|
+
text: _cmd.slice(0, 1000),
|
|
1425
|
+
metadata: { source: 'claude-governance-gate', toolName, governanceGateBlock: true },
|
|
1426
|
+
evidenceRefs: [{ kind: 'governance_gate', reason: govGateResult.reason }],
|
|
1427
|
+
}),
|
|
1428
|
+
signal: AbortSignal.timeout(2000),
|
|
1429
|
+
});
|
|
1430
|
+
if (_coachResp.ok) {
|
|
1431
|
+
const _coachBody = await _coachResp.json();
|
|
1432
|
+
if (_coachBody?.permitted === false) {
|
|
1433
|
+
audit('block-coach-after-gov-gate', `reasons=${(_coachBody.reasons||[]).join(',')}`);
|
|
1434
|
+
emitBlock(`Aria Coach blocked after governance gate signal: ${(_coachBody.reasons||['gate_violation']).join('; ')}`, { source: 'pre-tool/coach-after-gov-gate', tool: toolName });
|
|
1435
|
+
process.exit(2);
|
|
1436
|
+
}
|
|
1437
|
+
}
|
|
1438
|
+
} catch {}
|
|
1439
|
+
}
|
|
1412
1440
|
} catch (err) {
|
|
1413
1441
|
audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
|
|
1414
1442
|
emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
{
|
|
2
|
-
"bundledAt": "2026-05-04T05:
|
|
2
|
+
"bundledAt": "2026-05-04T05:20:41.263Z",
|
|
3
3
|
"sdkFiles": 12,
|
|
4
4
|
"runtimeTemplate": "/home/hamzaibrahim1/rei-ai-brain/packages/aria-connector/runtime-src",
|
|
5
5
|
"gateRuntimeSource": "/home/hamzaibrahim1/rei-ai-brain/packages/aria-gate-runtime/dist",
|
package/dist/sdk/BUNDLED.json
CHANGED
|
@@ -73,17 +73,8 @@ function runUniversalGovernanceGate(payload) {
|
|
|
73
73
|
try { result = stdout ? JSON.parse(stdout) : null; } catch {}
|
|
74
74
|
if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
|
|
75
75
|
const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
'',
|
|
79
|
-
reason,
|
|
80
|
-
'',
|
|
81
|
-
'Recovery contract:',
|
|
82
|
-
'1. Do not retry the same blocked action unchanged.',
|
|
83
|
-
'2. Load or apply the doctrine/skill named by the governance output.',
|
|
84
|
-
'3. Re-write the action with <applied_cognition> and concrete proof.',
|
|
85
|
-
'4. Re-test by submitting the revised action through this same gate.',
|
|
86
|
-
].join('\n'));
|
|
76
|
+
process.stderr.write(`[aria-governance:block] ${reason.slice(0, 500)}\n`);
|
|
77
|
+
return { decision: 'block', ok: false, reason, governanceMode: 'block', raw: result };
|
|
87
78
|
}
|
|
88
79
|
if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
|
|
89
80
|
process.stderr.write(`[aria-governance:${result.governanceMode || 'recovery-required'}] ${JSON.stringify(result)}\n`);
|
|
@@ -1396,7 +1387,7 @@ if (!skillGate.ok && !skillGate.redirectOnly) {
|
|
|
1396
1387
|
process.exit(2);
|
|
1397
1388
|
}
|
|
1398
1389
|
try {
|
|
1399
|
-
runUniversalGovernanceGate({
|
|
1390
|
+
const govGateResult = runUniversalGovernanceGate({
|
|
1400
1391
|
sessionId,
|
|
1401
1392
|
sourceRuntime: 'claude-code',
|
|
1402
1393
|
surface: 'claude-pre-tool-gate',
|
|
@@ -1409,6 +1400,43 @@ try {
|
|
|
1409
1400
|
loadedSkills: skillGate.loadedSkills,
|
|
1410
1401
|
evidence: { lensCount, hasVerify, hasCognition, hasSubstrateCite },
|
|
1411
1402
|
});
|
|
1403
|
+
if (govGateResult?.decision === 'block') {
|
|
1404
|
+
audit('signal-gov-gate-block', `reason=${(govGateResult.reason || '').slice(0, 120)}`);
|
|
1405
|
+
const _cmd = String(toolInput?.command || '');
|
|
1406
|
+
try {
|
|
1407
|
+
const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
|
|
1408
|
+
const _coachBase = existsSync(_coachUrl)
|
|
1409
|
+
? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
|
|
1410
|
+
: 'http://127.0.0.1:4319';
|
|
1411
|
+
const _coachToken = (() => {
|
|
1412
|
+
const tp = `${HOME}/.aria/owner-token`;
|
|
1413
|
+
if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
|
|
1414
|
+
return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
|
|
1415
|
+
})();
|
|
1416
|
+
const _coachHeaders = { 'Content-Type': 'application/json' };
|
|
1417
|
+
if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
|
|
1418
|
+
const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
|
|
1419
|
+
method: 'POST', headers: _coachHeaders,
|
|
1420
|
+
body: JSON.stringify({
|
|
1421
|
+
phase: 'pre_tool', requestId: `claude-gov-gate:${Date.now()}`,
|
|
1422
|
+
sessionId, surface: 'claude-hooks', lane: 'claude_native_hooks',
|
|
1423
|
+
action: deployMatched ? 'deploy' : '',
|
|
1424
|
+
text: _cmd.slice(0, 1000),
|
|
1425
|
+
metadata: { source: 'claude-governance-gate', toolName, governanceGateBlock: true },
|
|
1426
|
+
evidenceRefs: [{ kind: 'governance_gate', reason: govGateResult.reason }],
|
|
1427
|
+
}),
|
|
1428
|
+
signal: AbortSignal.timeout(2000),
|
|
1429
|
+
});
|
|
1430
|
+
if (_coachResp.ok) {
|
|
1431
|
+
const _coachBody = await _coachResp.json();
|
|
1432
|
+
if (_coachBody?.permitted === false) {
|
|
1433
|
+
audit('block-coach-after-gov-gate', `reasons=${(_coachBody.reasons||[]).join(',')}`);
|
|
1434
|
+
emitBlock(`Aria Coach blocked after governance gate signal: ${(_coachBody.reasons||['gate_violation']).join('; ')}`, { source: 'pre-tool/coach-after-gov-gate', tool: toolName });
|
|
1435
|
+
process.exit(2);
|
|
1436
|
+
}
|
|
1437
|
+
}
|
|
1438
|
+
} catch {}
|
|
1439
|
+
}
|
|
1412
1440
|
} catch (err) {
|
|
1413
1441
|
audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
|
|
1414
1442
|
emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
|
package/package.json
CHANGED
package/src/connectors/codex.ts
CHANGED
|
@@ -524,7 +524,7 @@ try {
|
|
|
524
524
|
|
|
525
525
|
function buildCodexPreToolHook(): string {
|
|
526
526
|
return `#!/usr/bin/env node
|
|
527
|
-
import {
|
|
527
|
+
import {
|
|
528
528
|
inferSessionId,
|
|
529
529
|
classifyAction,
|
|
530
530
|
summarizeTarget,
|
|
@@ -532,6 +532,7 @@ import {
|
|
|
532
532
|
loadTurnState,
|
|
533
533
|
makeEvidenceRef,
|
|
534
534
|
recordCoachPhase,
|
|
535
|
+
runGovernanceGate,
|
|
535
536
|
saveTurnState,
|
|
536
537
|
formatCodexRecoveryBlock,
|
|
537
538
|
emitJson,
|
|
@@ -575,6 +576,42 @@ try {
|
|
|
575
576
|
}),
|
|
576
577
|
});
|
|
577
578
|
}
|
|
579
|
+
let gateEvidence = null;
|
|
580
|
+
try {
|
|
581
|
+
gateEvidence = runGovernanceGate({
|
|
582
|
+
sessionId,
|
|
583
|
+
sourceRuntime: 'codex',
|
|
584
|
+
surface: 'codex-pre-tool-use',
|
|
585
|
+
text: JSON.stringify(event).slice(0, 8000),
|
|
586
|
+
action,
|
|
587
|
+
toolName,
|
|
588
|
+
isDeploy: action === 'deploy',
|
|
589
|
+
isMutation: action === 'write' || action === 'delete',
|
|
590
|
+
evidence: requestRef,
|
|
591
|
+
});
|
|
592
|
+
} catch {}
|
|
593
|
+
if (gateEvidence) {
|
|
594
|
+
const gateRef = makeEvidenceRef('governance_gate', gateEvidence, { sessionId, action, toolName });
|
|
595
|
+
const gateCoach = await recordCoachPhase('pre_tool', {
|
|
596
|
+
requestId: state?.traceId || sessionId,
|
|
597
|
+
sessionId,
|
|
598
|
+
text: target,
|
|
599
|
+
action,
|
|
600
|
+
target,
|
|
601
|
+
evidenceRefs: [requestRef, gateRef],
|
|
602
|
+
metadata: { source: 'codex-pre-tool-hook', toolName, governanceGate: gateEvidence },
|
|
603
|
+
});
|
|
604
|
+
if (gateCoach?.permitted === false) {
|
|
605
|
+
emitJson({
|
|
606
|
+
decision: 'block',
|
|
607
|
+
reason: formatCodexRecoveryBlock({
|
|
608
|
+
surface: 'codex-pre-tool-gate-coach',
|
|
609
|
+
reason: gateCoach.clientMessage || 'Coach Kernel denied after governance gate signal.',
|
|
610
|
+
next: '6. Repair the condition flagged by the governance gate, then request the tool again.',
|
|
611
|
+
}),
|
|
612
|
+
});
|
|
613
|
+
}
|
|
614
|
+
}
|
|
578
615
|
const tools = Array.isArray(state?.tools) ? state.tools.slice(-24) : [];
|
|
579
616
|
tools.push({
|
|
580
617
|
at: new Date().toISOString(),
|
|
@@ -679,6 +716,7 @@ import {
|
|
|
679
716
|
formatValidationFailure,
|
|
680
717
|
formatCodexRecoveryBlock,
|
|
681
718
|
isAriaControlBlock,
|
|
719
|
+
runGovernanceGate,
|
|
682
720
|
updateTaskProjectLedger,
|
|
683
721
|
evaluateTaskProjectClaim,
|
|
684
722
|
recordBlockedTaskProjectClaim,
|
|
@@ -722,6 +760,17 @@ try {
|
|
|
722
760
|
}),
|
|
723
761
|
});
|
|
724
762
|
}
|
|
763
|
+
let gateEvidence = null;
|
|
764
|
+
try {
|
|
765
|
+
gateEvidence = runGovernanceGate({
|
|
766
|
+
sessionId,
|
|
767
|
+
sourceRuntime: 'codex',
|
|
768
|
+
surface: 'codex-stop',
|
|
769
|
+
text: text.slice(0, 8000),
|
|
770
|
+
isOutputCloseout: true,
|
|
771
|
+
evidence: outputRef,
|
|
772
|
+
});
|
|
773
|
+
} catch {}
|
|
725
774
|
const ledgerClaim = evaluateTaskProjectClaim({ text, ledger: ledgerResult.ledger });
|
|
726
775
|
if (!ledgerClaim.ok) {
|
|
727
776
|
recordBlockedTaskProjectClaim({
|
|
@@ -763,8 +812,8 @@ try {
|
|
|
763
812
|
text,
|
|
764
813
|
validation: validation?.validation || null,
|
|
765
814
|
layer3: validation?.layer3 || null,
|
|
766
|
-
evidenceRefs: [outputRef, makeEvidenceRef('runtime_validation', validation, { sessionId, traceId: state?.traceId || null })],
|
|
767
|
-
metadata: { source: 'codex-stop-hook', requireCognitionBlock: false, requireAppliedCognition: false },
|
|
815
|
+
evidenceRefs: [outputRef, makeEvidenceRef('runtime_validation', validation, { sessionId, traceId: state?.traceId || null }), ...(gateEvidence ? [makeEvidenceRef('governance_gate', gateEvidence, { sessionId })] : [])],
|
|
816
|
+
metadata: { source: 'codex-stop-hook', requireCognitionBlock: false, requireAppliedCognition: false, governanceGate: gateEvidence || null },
|
|
768
817
|
});
|
|
769
818
|
if (preOutputCoach?.permitted === false) {
|
|
770
819
|
emitJson({
|