@aria_asi/cli 0.2.39 → 0.2.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (802) hide show
  1. package/bin/aria.js +236 -34
  2. package/dist/aria-connector/src/action-ledger-core.d.ts +387 -0
  3. package/dist/aria-connector/src/action-ledger-core.d.ts.map +1 -0
  4. package/dist/aria-connector/src/action-ledger-core.js +638 -0
  5. package/dist/aria-connector/src/action-ledger-core.js.map +1 -0
  6. package/dist/aria-connector/src/chat.d.ts.map +1 -1
  7. package/dist/aria-connector/src/chat.js +5 -6
  8. package/dist/aria-connector/src/chat.js.map +1 -1
  9. package/dist/aria-connector/src/codebase-scanner.d.ts +1 -1
  10. package/dist/aria-connector/src/codebase-scanner.d.ts.map +1 -1
  11. package/dist/aria-connector/src/connectors/claude-code.d.ts +1 -0
  12. package/dist/aria-connector/src/connectors/claude-code.d.ts.map +1 -1
  13. package/dist/aria-connector/src/connectors/claude-code.js +152 -14
  14. package/dist/aria-connector/src/connectors/claude-code.js.map +1 -1
  15. package/dist/aria-connector/src/connectors/codebase-awareness.d.ts +10 -0
  16. package/dist/aria-connector/src/connectors/codebase-awareness.d.ts.map +1 -1
  17. package/dist/aria-connector/src/connectors/codebase-awareness.js +276 -27
  18. package/dist/aria-connector/src/connectors/codebase-awareness.js.map +1 -1
  19. package/dist/aria-connector/src/connectors/codex.d.ts +3 -1
  20. package/dist/aria-connector/src/connectors/codex.d.ts.map +1 -1
  21. package/dist/aria-connector/src/connectors/codex.js +1271 -40
  22. package/dist/aria-connector/src/connectors/codex.js.map +1 -1
  23. package/dist/aria-connector/src/connectors/cursor.d.ts.map +1 -1
  24. package/dist/aria-connector/src/connectors/cursor.js +7 -0
  25. package/dist/aria-connector/src/connectors/cursor.js.map +1 -1
  26. package/dist/aria-connector/src/connectors/governed-adapter.d.ts +30 -0
  27. package/dist/aria-connector/src/connectors/governed-adapter.d.ts.map +1 -0
  28. package/dist/aria-connector/src/connectors/governed-adapter.js +132 -0
  29. package/dist/aria-connector/src/connectors/governed-adapter.js.map +1 -0
  30. package/dist/aria-connector/src/connectors/opencode.d.ts +3 -1
  31. package/dist/aria-connector/src/connectors/opencode.d.ts.map +1 -1
  32. package/dist/aria-connector/src/connectors/opencode.js +18 -2
  33. package/dist/aria-connector/src/connectors/opencode.js.map +1 -1
  34. package/dist/aria-connector/src/connectors/repo-guard.d.ts.map +1 -1
  35. package/dist/aria-connector/src/connectors/repo-guard.js +25 -14
  36. package/dist/aria-connector/src/connectors/repo-guard.js.map +1 -1
  37. package/dist/aria-connector/src/connectors/runtime.d.ts.map +1 -1
  38. package/dist/aria-connector/src/connectors/runtime.js +92 -2
  39. package/dist/aria-connector/src/connectors/runtime.js.map +1 -1
  40. package/dist/aria-connector/src/connectors/shell.d.ts.map +1 -1
  41. package/dist/aria-connector/src/connectors/shell.js +123 -7
  42. package/dist/aria-connector/src/connectors/shell.js.map +1 -1
  43. package/dist/aria-connector/src/cross-cli-hive-binding.d.ts +63 -0
  44. package/dist/aria-connector/src/cross-cli-hive-binding.d.ts.map +1 -0
  45. package/dist/aria-connector/src/cross-cli-hive-binding.js +205 -0
  46. package/dist/aria-connector/src/cross-cli-hive-binding.js.map +1 -0
  47. package/dist/aria-connector/src/garden-control-plane.d.ts +6 -1
  48. package/dist/aria-connector/src/garden-control-plane.d.ts.map +1 -1
  49. package/dist/aria-connector/src/garden-control-plane.js +8 -2
  50. package/dist/aria-connector/src/garden-control-plane.js.map +1 -1
  51. package/dist/aria-connector/src/governed-surface-runner.d.ts +189 -0
  52. package/dist/aria-connector/src/governed-surface-runner.d.ts.map +1 -0
  53. package/dist/aria-connector/src/governed-surface-runner.js +1022 -0
  54. package/dist/aria-connector/src/governed-surface-runner.js.map +1 -0
  55. package/dist/aria-connector/src/index.d.ts +10 -1
  56. package/dist/aria-connector/src/index.d.ts.map +1 -1
  57. package/dist/aria-connector/src/index.js +5 -0
  58. package/dist/aria-connector/src/index.js.map +1 -1
  59. package/dist/aria-connector/src/task-runner.d.ts +3 -0
  60. package/dist/aria-connector/src/task-runner.d.ts.map +1 -0
  61. package/dist/aria-connector/src/task-runner.js +3526 -0
  62. package/dist/aria-connector/src/task-runner.js.map +1 -0
  63. package/dist/aria-web/src/lib/codebase-scanner.d.ts +21 -2
  64. package/dist/aria-web/src/lib/codebase-scanner.d.ts.map +1 -1
  65. package/dist/aria-web/src/lib/codebase-scanner.js +59 -14
  66. package/dist/aria-web/src/lib/codebase-scanner.js.map +1 -1
  67. package/dist/assets/hooks/README.md +58 -0
  68. package/dist/assets/hooks/aria-agent-handoff.mjs +147 -2
  69. package/dist/assets/hooks/aria-agent-ledger-merge.mjs +31 -7
  70. package/dist/assets/hooks/aria-architect-fallback.mjs +10 -2
  71. package/dist/assets/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  72. package/dist/assets/hooks/aria-cognition-substrate-binding.mjs +84 -10
  73. package/dist/assets/hooks/aria-first-class-coach.mjs +305 -10
  74. package/dist/assets/hooks/aria-harness-via-sdk.mjs +93 -16
  75. package/dist/assets/hooks/aria-import-resolution-gate.mjs +106 -20
  76. package/dist/assets/hooks/aria-outcome-record.mjs +56 -20
  77. package/dist/assets/hooks/aria-pre-emit-autoload.mjs +1809 -0
  78. package/dist/assets/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  79. package/dist/assets/hooks/aria-pre-emit-dryrun.mjs +22 -3
  80. package/dist/assets/hooks/aria-pre-text-gate.mjs +11 -2
  81. package/dist/assets/hooks/aria-pre-tool-gate.mjs +516 -92
  82. package/dist/assets/hooks/aria-pre-tool-use.mjs +70 -6
  83. package/dist/assets/hooks/aria-preprompt-consult.mjs +23 -4
  84. package/dist/assets/hooks/aria-repo-doctrine-gate.mjs +29 -3
  85. package/dist/assets/hooks/aria-stop-gate.mjs +585 -76
  86. package/dist/assets/hooks/aria-trigger-autolearn.mjs +17 -3
  87. package/dist/assets/hooks/aria-universal-turn-packet.mjs +1165 -0
  88. package/dist/assets/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  89. package/dist/assets/hooks/canonical-settings-block.json +172 -0
  90. package/dist/assets/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  91. package/dist/assets/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  92. package/dist/assets/hooks/codex-native/aria-live-ticker.mjs +38 -0
  93. package/dist/assets/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  94. package/dist/assets/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  95. package/dist/assets/hooks/codex-native/aria-stop.mjs +691 -0
  96. package/dist/assets/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  97. package/dist/assets/hooks/codex-native/atlas-session-context.mjs +121 -0
  98. package/dist/assets/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  99. package/dist/assets/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  100. package/dist/assets/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  101. package/dist/assets/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  102. package/dist/assets/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  103. package/dist/assets/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  104. package/dist/assets/hooks/doctrine_trigger_map.json +236 -25
  105. package/dist/assets/hooks/doctrine_trigger_map.schema.json +46 -0
  106. package/dist/assets/hooks/install.sh +84 -0
  107. package/dist/assets/hooks/lib/action-ledger-core.mjs +269 -0
  108. package/dist/assets/hooks/lib/aria-gate-ledger.mjs +143 -0
  109. package/dist/assets/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  110. package/dist/assets/hooks/lib/atlas-dossier-client.mjs +151 -0
  111. package/dist/assets/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  112. package/dist/assets/hooks/lib/canonical-lenses.mjs +83 -6
  113. package/dist/assets/hooks/lib/coach-intent-classifier.mjs +248 -0
  114. package/dist/assets/hooks/lib/cognitive-block-parser.mjs +111 -0
  115. package/dist/assets/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  116. package/dist/assets/hooks/lib/domain-output-quality.mjs +132 -3
  117. package/dist/assets/hooks/lib/empty-catch-scanner.mjs +91 -0
  118. package/dist/assets/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  119. package/dist/assets/hooks/lib/evaluate-with-kernel.mjs +133 -0
  120. package/dist/assets/hooks/lib/first-class-coach.mjs +454 -19
  121. package/dist/assets/hooks/lib/gate-audit.mjs +12 -2
  122. package/dist/assets/hooks/lib/gate-loop-state.mjs +11 -2
  123. package/dist/assets/hooks/lib/goal-contract-quality.mjs +302 -0
  124. package/dist/assets/hooks/lib/hook-message-window.mjs +101 -9
  125. package/dist/assets/hooks/lib/invocation-required-verifier.mjs +184 -0
  126. package/dist/assets/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  127. package/dist/assets/hooks/lib/obligation-ledger.mjs +147 -0
  128. package/dist/assets/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  129. package/dist/assets/hooks/lib/owner-authorizations.mjs +269 -0
  130. package/dist/assets/hooks/lib/probe-discipline-scanner.mjs +142 -0
  131. package/dist/assets/hooks/lib/project-boundary-cognition.mjs +143 -0
  132. package/dist/assets/hooks/lib/recovery-context.mjs +151 -0
  133. package/dist/assets/hooks/lib/recovery-template-loader.mjs +154 -0
  134. package/dist/assets/hooks/lib/self-doctrine-check.mjs +321 -0
  135. package/dist/assets/hooks/lib/sensitive-shape-detector.mjs +64 -0
  136. package/dist/assets/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  137. package/dist/assets/hooks/lib/stop-hook-protocol.mjs +166 -0
  138. package/dist/assets/hooks/lib/surface-caught.mjs +94 -0
  139. package/dist/assets/hooks/recovery-templates/force-reauthor.md +67 -0
  140. package/dist/assets/hooks/recovery-templates/handoff-recovery.md +25 -0
  141. package/dist/assets/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  142. package/dist/assets/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  143. package/dist/assets/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  144. package/dist/assets/hooks/test-tier-lens-labeling.mjs +14 -3
  145. package/dist/assets/opencode-plugins/harness-context/index.js +39 -6
  146. package/dist/assets/opencode-plugins/harness-context/task-project-ledger.mjs +5 -1
  147. package/dist/assets/opencode-plugins/harness-gate/index.js +36 -0
  148. package/dist/assets/opencode-plugins/harness-gate/lib/atlas-dossier-client.js +1 -0
  149. package/dist/assets/opencode-plugins/harness-gate/lib/recovery-grants.js +79 -0
  150. package/dist/assets/opencode-plugins/harness-outcome/index.js +12 -0
  151. package/dist/assets/opencode-plugins/harness-stop/index.js +97 -2
  152. package/dist/assets/opencode-plugins/harness-stop/lib/atlas-dossier-client.js +1 -0
  153. package/dist/assets/opencode-plugins/harness-stop/lib/domain-output-quality.js +15 -2
  154. package/dist/assets/opencode-plugins/lib/coach.js +148 -0
  155. package/dist/runtime/coach-kernel.mjs +144 -7
  156. package/dist/runtime/codex-bridge.mjs +254 -8
  157. package/dist/runtime/discipline/doctrine_trigger_map.json +236 -25
  158. package/dist/runtime/discipline/skills/aria-cognition/34-frameworks-unified/SKILL.md +42 -0
  159. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-cognitives/SKILL.md +128 -0
  160. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-intra-phase/SKILL.md +99 -0
  161. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-post-phase/SKILL.md +118 -0
  162. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-pre-phase/SKILL.md +117 -0
  163. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/SKILL.md +202 -0
  164. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/agents/openai.yaml +4 -0
  165. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/references/source-map.md +130 -0
  166. package/dist/runtime/discipline/skills/aria-cognition/aria-backend-architect/SKILL.md +124 -0
  167. package/dist/runtime/discipline/skills/aria-cognition/aria-backend-architect/references/backend-cookbook.md +417 -0
  168. package/dist/runtime/discipline/skills/aria-cognition/aria-business-audit/SKILL.md +133 -0
  169. package/dist/runtime/discipline/skills/aria-cognition/aria-business-audit/references/audit-cookbook.md +247 -0
  170. package/dist/runtime/discipline/skills/aria-cognition/aria-business-frame/SKILL.md +138 -0
  171. package/dist/runtime/discipline/skills/aria-cognition/aria-business-frame/references/business-cookbook.md +154 -0
  172. package/dist/runtime/discipline/skills/aria-cognition/aria-chat/SKILL.md +84 -0
  173. package/dist/runtime/discipline/skills/aria-cognition/aria-chat/scripts/aria-chat.sh +57 -0
  174. package/dist/runtime/discipline/skills/aria-cognition/aria-cognition-autofire/SKILL.md +137 -0
  175. package/dist/runtime/discipline/skills/aria-cognition/aria-cognition-batch/SKILL.md +264 -0
  176. package/dist/runtime/discipline/skills/aria-cognition/aria-decision-mizan/SKILL.md +136 -0
  177. package/dist/runtime/discipline/skills/aria-cognition/aria-decision-mizan/references/decision-frameworks.md +287 -0
  178. package/dist/runtime/discipline/skills/aria-cognition/aria-first-class-operating-contract/SKILL.md +104 -0
  179. package/dist/runtime/discipline/skills/aria-cognition/aria-frontend-architect/SKILL.md +123 -0
  180. package/dist/runtime/discipline/skills/aria-cognition/aria-frontend-architect/references/frontend-cookbook.md +358 -0
  181. package/dist/runtime/discipline/skills/aria-cognition/aria-fullstack-orchestrator/SKILL.md +127 -0
  182. package/dist/runtime/discipline/skills/aria-cognition/aria-fullstack-orchestrator/references/fullstack-cookbook.md +383 -0
  183. package/dist/runtime/discipline/skills/aria-cognition/aria-gtm-architect/SKILL.md +126 -0
  184. package/dist/runtime/discipline/skills/aria-cognition/aria-gtm-architect/references/gtm-cookbook.md +235 -0
  185. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-deploy/SKILL.md +145 -0
  186. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-no-stripping/SKILL.md +135 -0
  187. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-onboarding/SKILL.md +130 -0
  188. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-output-discipline/SKILL.md +120 -0
  189. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-substrate-binding/SKILL.md +139 -0
  190. package/dist/runtime/discipline/skills/aria-cognition/aria-http-harness-client/SKILL.md +85 -0
  191. package/dist/runtime/discipline/skills/aria-cognition/aria-http-harness-client/scripts/smoke.mjs +47 -0
  192. package/dist/runtime/discipline/skills/aria-cognition/aria-k8s-deploy/SKILL.md +174 -0
  193. package/dist/runtime/discipline/skills/aria-cognition/aria-k8s-deploy/agents/openai.yaml +3 -0
  194. package/dist/runtime/discipline/skills/aria-cognition/aria-ladduniframe/SKILL.md +60 -0
  195. package/dist/runtime/discipline/skills/aria-cognition/aria-ledger-fleet-execution/SKILL.md +126 -0
  196. package/dist/runtime/discipline/skills/aria-cognition/aria-live-ops/SKILL.md +54 -0
  197. package/dist/runtime/discipline/skills/aria-cognition/aria-mac-ssh-ops/SKILL.md +100 -0
  198. package/dist/runtime/discipline/skills/aria-cognition/aria-memory-index/SKILL.md +42 -0
  199. package/dist/runtime/discipline/skills/aria-cognition/aria-noor-cognitives/SKILL.md +120 -0
  200. package/dist/runtime/discipline/skills/aria-cognition/aria-ops/SKILL.md +60 -0
  201. package/dist/runtime/discipline/skills/aria-cognition/aria-ops/references/live-endpoints.md +59 -0
  202. package/dist/runtime/discipline/skills/aria-cognition/aria-quality-audit/SKILL.md +133 -0
  203. package/dist/runtime/discipline/skills/aria-cognition/aria-readable-output/SKILL.md +239 -0
  204. package/dist/runtime/discipline/skills/aria-cognition/aria-readable-output/references/layout-cookbook.md +366 -0
  205. package/dist/runtime/discipline/skills/aria-cognition/aria-reasoning/SKILL.md +67 -0
  206. package/dist/runtime/discipline/skills/aria-cognition/aria-reasoning/references/core-principles.md +42 -0
  207. package/dist/runtime/discipline/skills/aria-cognition/aria-repo-audit/SKILL.md +135 -0
  208. package/dist/runtime/discipline/skills/aria-cognition/aria-repo-audit/references/repo-audit-cookbook.md +375 -0
  209. package/dist/runtime/discipline/skills/aria-cognition/aria-research-orchestrator/SKILL.md +138 -0
  210. package/dist/runtime/discipline/skills/aria-cognition/aria-research-orchestrator/references/research-patterns.md +270 -0
  211. package/dist/runtime/discipline/skills/aria-cognition/aria-retention-engine/SKILL.md +120 -0
  212. package/dist/runtime/discipline/skills/aria-cognition/aria-retention-engine/references/retention-cookbook.md +271 -0
  213. package/dist/runtime/discipline/skills/aria-cognition/aria-revenue-engine/SKILL.md +128 -0
  214. package/dist/runtime/discipline/skills/aria-cognition/aria-revenue-engine/references/revenue-cookbook.md +227 -0
  215. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-audit/SKILL.md +233 -0
  216. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-audit/references/audit-checklist.md +369 -0
  217. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-cookbook/SKILL.md +288 -0
  218. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-cookbook/references/engineering-cookbook.md +489 -0
  219. package/dist/runtime/discipline/skills/aria-cognition/aria-soul-principles/SKILL.md +42 -0
  220. package/dist/runtime/discipline/skills/aria-cognition/aria-task-codex-executor/SKILL.md +86 -0
  221. package/dist/runtime/discipline/skills/aria-cognition/aristotle-engine/SKILL.md +42 -0
  222. package/dist/runtime/discipline/skills/aria-cognition/cross-domain-24/SKILL.md +42 -0
  223. package/dist/runtime/discipline/skills/aria-cognition/deepsoul-emotional/SKILL.md +42 -0
  224. package/dist/runtime/discipline/skills/aria-cognition/fitrah-guard/SKILL.md +78 -0
  225. package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/SKILL.md +227 -29
  226. package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/references/ghazali-8lens-cookbook.md +797 -0
  227. package/dist/runtime/discipline/skills/aria-cognition/ijtihad-novel/SKILL.md +42 -0
  228. package/dist/runtime/discipline/skills/aria-cognition/ilham-intuition/SKILL.md +42 -0
  229. package/dist/runtime/discipline/skills/aria-cognition/never-guess/SKILL.md +77 -0
  230. package/dist/runtime/discipline/skills/aria-cognition/noor-recognition/SKILL.md +45 -0
  231. package/dist/runtime/discipline/skills/aria-cognition/qiyas-analogy/SKILL.md +174 -14
  232. package/dist/runtime/discipline/skills/aria-cognition/ruh-basis/SKILL.md +42 -0
  233. package/dist/runtime/discipline/skills/aria-cognition/tadabbur/SKILL.md +506 -0
  234. package/dist/runtime/discipline/skills/aria-cognition/tadabbur/references/tadabbur-cookbook.md +921 -0
  235. package/dist/runtime/discipline/skills/aria-cognition/tadabbur-ops/SKILL.md +42 -0
  236. package/dist/runtime/discipline/skills/aria-cognition/tafakkur/SKILL.md +104 -0
  237. package/dist/runtime/doctrine_trigger_map.json +236 -25
  238. package/dist/runtime/embedded-public-key.mjs +27 -0
  239. package/dist/runtime/gated-ledger.mjs +41 -14
  240. package/dist/runtime/harness-daemon.mjs +85 -10
  241. package/dist/runtime/hive-wal-publisher.mjs +292 -0
  242. package/dist/runtime/hooks/README.md +58 -0
  243. package/dist/runtime/hooks/aria-agent-handoff.mjs +147 -2
  244. package/dist/runtime/hooks/aria-agent-ledger-merge.mjs +31 -7
  245. package/dist/runtime/hooks/aria-architect-fallback.mjs +10 -2
  246. package/dist/runtime/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  247. package/dist/runtime/hooks/aria-cognition-substrate-binding.mjs +84 -10
  248. package/dist/runtime/hooks/aria-first-class-coach.mjs +305 -10
  249. package/dist/runtime/hooks/aria-harness-via-sdk.mjs +93 -16
  250. package/dist/runtime/hooks/aria-import-resolution-gate.mjs +106 -20
  251. package/dist/runtime/hooks/aria-outcome-record.mjs +56 -20
  252. package/dist/runtime/hooks/aria-pre-emit-autoload.mjs +1809 -0
  253. package/dist/runtime/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  254. package/dist/runtime/hooks/aria-pre-emit-dryrun.mjs +22 -3
  255. package/dist/runtime/hooks/aria-pre-text-gate.mjs +11 -2
  256. package/dist/runtime/hooks/aria-pre-tool-gate.mjs +516 -92
  257. package/dist/runtime/hooks/aria-pre-tool-use.mjs +70 -6
  258. package/dist/runtime/hooks/aria-preprompt-consult.mjs +23 -4
  259. package/dist/runtime/hooks/aria-repo-doctrine-gate.mjs +29 -3
  260. package/dist/runtime/hooks/aria-stop-gate.mjs +585 -76
  261. package/dist/runtime/hooks/aria-trigger-autolearn.mjs +17 -3
  262. package/dist/runtime/hooks/aria-universal-turn-packet.mjs +1165 -0
  263. package/dist/runtime/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  264. package/dist/runtime/hooks/canonical-settings-block.json +172 -0
  265. package/dist/runtime/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  266. package/dist/runtime/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  267. package/dist/runtime/hooks/codex-native/aria-live-ticker.mjs +38 -0
  268. package/dist/runtime/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  269. package/dist/runtime/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  270. package/dist/runtime/hooks/codex-native/aria-stop.mjs +691 -0
  271. package/dist/runtime/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  272. package/dist/runtime/hooks/codex-native/atlas-session-context.mjs +121 -0
  273. package/dist/runtime/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  274. package/dist/runtime/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  275. package/dist/runtime/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  276. package/dist/runtime/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  277. package/dist/runtime/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  278. package/dist/runtime/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  279. package/dist/runtime/hooks/doctrine_trigger_map.json +236 -25
  280. package/dist/runtime/hooks/doctrine_trigger_map.schema.json +46 -0
  281. package/dist/runtime/hooks/install.sh +84 -0
  282. package/dist/runtime/hooks/lib/action-ledger-core.mjs +269 -0
  283. package/dist/runtime/hooks/lib/aria-gate-ledger.mjs +143 -0
  284. package/dist/runtime/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  285. package/dist/runtime/hooks/lib/atlas-dossier-client.mjs +151 -0
  286. package/dist/runtime/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  287. package/dist/runtime/hooks/lib/canonical-lenses.mjs +83 -6
  288. package/dist/runtime/hooks/lib/coach-intent-classifier.mjs +248 -0
  289. package/dist/runtime/hooks/lib/cognitive-block-parser.mjs +111 -0
  290. package/dist/runtime/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  291. package/dist/runtime/hooks/lib/domain-output-quality.mjs +132 -3
  292. package/dist/runtime/hooks/lib/empty-catch-scanner.mjs +91 -0
  293. package/dist/runtime/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  294. package/dist/runtime/hooks/lib/evaluate-with-kernel.mjs +133 -0
  295. package/dist/runtime/hooks/lib/first-class-coach.mjs +454 -19
  296. package/dist/runtime/hooks/lib/gate-audit.mjs +12 -2
  297. package/dist/runtime/hooks/lib/gate-loop-state.mjs +11 -2
  298. package/dist/runtime/hooks/lib/goal-contract-quality.mjs +302 -0
  299. package/dist/runtime/hooks/lib/hook-message-window.mjs +101 -9
  300. package/dist/runtime/hooks/lib/invocation-required-verifier.mjs +184 -0
  301. package/dist/runtime/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  302. package/dist/runtime/hooks/lib/obligation-ledger.mjs +147 -0
  303. package/dist/runtime/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  304. package/dist/runtime/hooks/lib/owner-authorizations.mjs +269 -0
  305. package/dist/runtime/hooks/lib/probe-discipline-scanner.mjs +142 -0
  306. package/dist/runtime/hooks/lib/project-boundary-cognition.mjs +143 -0
  307. package/dist/runtime/hooks/lib/recovery-context.mjs +151 -0
  308. package/dist/runtime/hooks/lib/recovery-template-loader.mjs +154 -0
  309. package/dist/runtime/hooks/lib/self-doctrine-check.mjs +321 -0
  310. package/dist/runtime/hooks/lib/sensitive-shape-detector.mjs +64 -0
  311. package/dist/runtime/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  312. package/dist/runtime/hooks/lib/stop-hook-protocol.mjs +166 -0
  313. package/dist/runtime/hooks/lib/surface-caught.mjs +94 -0
  314. package/dist/runtime/hooks/recovery-templates/force-reauthor.md +67 -0
  315. package/dist/runtime/hooks/recovery-templates/handoff-recovery.md +25 -0
  316. package/dist/runtime/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  317. package/dist/runtime/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  318. package/dist/runtime/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  319. package/dist/runtime/hooks/test-tier-lens-labeling.mjs +14 -3
  320. package/dist/runtime/lib/evaluate-with-kernel.mjs +133 -0
  321. package/dist/runtime/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  322. package/dist/runtime/local-phase.mjs +10 -5
  323. package/dist/runtime/manifest.json +8 -8
  324. package/dist/runtime/packet-verifier.mjs +166 -0
  325. package/dist/runtime/provider-proxy.mjs +13 -0
  326. package/dist/runtime/quality-enforcer.mjs +40 -23
  327. package/dist/runtime/runtime-rails/registry.mjs +252 -0
  328. package/dist/runtime/sdk/BUNDLED.json +2 -2
  329. package/dist/runtime/sdk/index.d.ts +119 -4
  330. package/dist/runtime/sdk/index.js +138 -12
  331. package/dist/runtime/sdk/index.js.map +1 -1
  332. package/dist/runtime/service.mjs +8036 -764
  333. package/dist/runtime/sub-agent-enforcer.mjs +201 -0
  334. package/dist/runtime/task-project-ledger.mjs +5 -1
  335. package/dist/sdk/BUNDLED.json +2 -2
  336. package/dist/sdk/index.d.ts +119 -4
  337. package/dist/sdk/index.js +138 -12
  338. package/dist/sdk/index.js.map +1 -1
  339. package/hooks/README.md +58 -0
  340. package/hooks/aria-agent-handoff.mjs +147 -2
  341. package/hooks/aria-agent-ledger-merge.mjs +31 -7
  342. package/hooks/aria-architect-fallback.mjs +10 -2
  343. package/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  344. package/hooks/aria-cognition-substrate-binding.mjs +84 -10
  345. package/hooks/aria-first-class-coach.mjs +305 -10
  346. package/hooks/aria-harness-via-sdk.mjs +93 -16
  347. package/hooks/aria-import-resolution-gate.mjs +106 -20
  348. package/hooks/aria-outcome-record.mjs +56 -20
  349. package/hooks/aria-pre-emit-autoload.mjs +1809 -0
  350. package/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  351. package/hooks/aria-pre-emit-dryrun.mjs +22 -3
  352. package/hooks/aria-pre-text-gate.mjs +11 -2
  353. package/hooks/aria-pre-tool-gate.mjs +516 -92
  354. package/hooks/aria-pre-tool-use.mjs +70 -6
  355. package/hooks/aria-preprompt-consult.mjs +23 -4
  356. package/hooks/aria-repo-doctrine-gate.mjs +29 -3
  357. package/hooks/aria-stop-gate.mjs +585 -76
  358. package/hooks/aria-trigger-autolearn.mjs +17 -3
  359. package/hooks/aria-universal-turn-packet.mjs +1165 -0
  360. package/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  361. package/hooks/canonical-settings-block.json +172 -0
  362. package/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  363. package/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  364. package/hooks/codex-native/aria-live-ticker.mjs +38 -0
  365. package/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  366. package/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  367. package/hooks/codex-native/aria-stop.mjs +691 -0
  368. package/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  369. package/hooks/codex-native/atlas-session-context.mjs +121 -0
  370. package/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  371. package/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  372. package/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  373. package/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  374. package/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  375. package/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  376. package/hooks/doctrine_trigger_map.json +236 -25
  377. package/hooks/doctrine_trigger_map.schema.json +46 -0
  378. package/hooks/install.sh +84 -0
  379. package/hooks/lib/action-ledger-core.mjs +269 -0
  380. package/hooks/lib/aria-gate-ledger.mjs +143 -0
  381. package/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  382. package/hooks/lib/atlas-dossier-client.mjs +151 -0
  383. package/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  384. package/hooks/lib/canonical-lenses.mjs +83 -6
  385. package/hooks/lib/coach-intent-classifier.mjs +248 -0
  386. package/hooks/lib/cognitive-block-parser.mjs +111 -0
  387. package/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  388. package/hooks/lib/domain-output-quality.mjs +132 -3
  389. package/hooks/lib/empty-catch-scanner.mjs +91 -0
  390. package/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  391. package/hooks/lib/evaluate-with-kernel.mjs +133 -0
  392. package/hooks/lib/first-class-coach.mjs +454 -19
  393. package/hooks/lib/gate-audit.mjs +12 -2
  394. package/hooks/lib/gate-loop-state.mjs +11 -2
  395. package/hooks/lib/goal-contract-quality.mjs +302 -0
  396. package/hooks/lib/hook-message-window.mjs +101 -9
  397. package/hooks/lib/invocation-required-verifier.mjs +184 -0
  398. package/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  399. package/hooks/lib/obligation-ledger.mjs +147 -0
  400. package/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  401. package/hooks/lib/owner-authorizations.mjs +269 -0
  402. package/hooks/lib/probe-discipline-scanner.mjs +142 -0
  403. package/hooks/lib/project-boundary-cognition.mjs +143 -0
  404. package/hooks/lib/recovery-context.mjs +151 -0
  405. package/hooks/lib/recovery-template-loader.mjs +154 -0
  406. package/hooks/lib/self-doctrine-check.mjs +321 -0
  407. package/hooks/lib/sensitive-shape-detector.mjs +64 -0
  408. package/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  409. package/hooks/lib/stop-hook-protocol.mjs +166 -0
  410. package/hooks/lib/surface-caught.mjs +94 -0
  411. package/hooks/recovery-templates/force-reauthor.md +67 -0
  412. package/hooks/recovery-templates/handoff-recovery.md +25 -0
  413. package/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  414. package/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  415. package/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  416. package/hooks/test-tier-lens-labeling.mjs +14 -3
  417. package/opencode-plugins/harness-context/index.js +39 -6
  418. package/opencode-plugins/harness-context/task-project-ledger.mjs +5 -1
  419. package/opencode-plugins/harness-gate/index.js +36 -0
  420. package/opencode-plugins/harness-gate/lib/atlas-dossier-client.js +1 -0
  421. package/opencode-plugins/harness-gate/lib/recovery-grants.js +79 -0
  422. package/opencode-plugins/harness-outcome/index.js +12 -0
  423. package/opencode-plugins/harness-stop/index.js +97 -2
  424. package/opencode-plugins/harness-stop/lib/atlas-dossier-client.js +1 -0
  425. package/opencode-plugins/harness-stop/lib/domain-output-quality.js +15 -2
  426. package/opencode-plugins/lib/coach.js +148 -0
  427. package/package.json +71 -5
  428. package/runtime-src/coach-kernel.mjs +144 -7
  429. package/runtime-src/codex-bridge.mjs +254 -8
  430. package/runtime-src/embedded-public-key.mjs +27 -0
  431. package/runtime-src/gated-ledger.mjs +41 -14
  432. package/runtime-src/harness-daemon.mjs +85 -10
  433. package/runtime-src/hive-wal-publisher.mjs +292 -0
  434. package/runtime-src/lib/evaluate-with-kernel.mjs +133 -0
  435. package/runtime-src/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  436. package/runtime-src/local-phase.mjs +10 -5
  437. package/runtime-src/packet-verifier.mjs +166 -0
  438. package/runtime-src/provider-proxy.mjs +13 -0
  439. package/runtime-src/quality-enforcer.mjs +40 -23
  440. package/runtime-src/runtime-rails/registry.mjs +252 -0
  441. package/runtime-src/service.mjs +8036 -764
  442. package/runtime-src/sub-agent-enforcer.mjs +201 -0
  443. package/scripts/aria-ledger-append.mjs +337 -0
  444. package/scripts/aria-task-cheap-worker-dispatch.mjs +234 -0
  445. package/scripts/audit-of-audit-prior-tasks.mjs +194 -0
  446. package/scripts/audit-of-audit-this-turn.mjs +116 -0
  447. package/scripts/bundle-sdk.mjs +31 -5
  448. package/scripts/check-cli-wrapper-provider-contract.mjs +160 -0
  449. package/scripts/check-client-compatibility.mjs +15 -5
  450. package/scripts/check-client-smoke.mjs +297 -0
  451. package/scripts/check-codex-orchestrator-adoption.mjs +150 -0
  452. package/scripts/check-glm-env-wired.mjs +131 -0
  453. package/scripts/check-hive-local-storage-contract.mjs +91 -0
  454. package/scripts/check-hook-mirror.mjs +150 -0
  455. package/scripts/check-install-sh-drift.mjs +152 -0
  456. package/scripts/check-kernel-sync.mjs +101 -0
  457. package/scripts/check-package-artifact.mjs +152 -0
  458. package/scripts/check-registry-mirror.mjs +71 -0
  459. package/scripts/drain-owner-airtable-sync-queue.mjs +287 -0
  460. package/scripts/export-owner-status-sheets.mjs +589 -0
  461. package/scripts/live-sidecar-receipt-canary.mjs +347 -0
  462. package/scripts/qiyas-tadabbur-model-matrix.mjs +970 -0
  463. package/scripts/quality-ab-live-provider.mjs +913 -0
  464. package/scripts/self-test-action-ledger-core.mjs +190 -0
  465. package/scripts/self-test-approval-receipt-binding.mjs +122 -0
  466. package/scripts/self-test-autofire-quality-output.mjs +110 -0
  467. package/scripts/self-test-claude-code-action-ledger.mjs +132 -0
  468. package/scripts/self-test-claude-code-mechanical-autofire-hive.mjs +138 -0
  469. package/scripts/self-test-claude-code-mechanical-autofire.mjs +234 -0
  470. package/scripts/self-test-codebase-awareness-atlas-delta.mjs +159 -0
  471. package/scripts/self-test-codebase-awareness-delta-ingest.mjs +179 -0
  472. package/scripts/self-test-codex-live-hook-parity.mjs +84 -0
  473. package/scripts/self-test-codex-native-action-ledger.mjs +167 -0
  474. package/scripts/self-test-codex-native-hook-json-contract.mjs +74 -0
  475. package/scripts/self-test-codex-orchestrator-continuity.mjs +113 -0
  476. package/scripts/self-test-codex-readable-recovery.mjs +94 -0
  477. package/scripts/self-test-codex-self-harness.mjs +538 -0
  478. package/scripts/self-test-compiled-workunit.mjs +214 -0
  479. package/scripts/self-test-continuation-output-smoke.mjs +101 -0
  480. package/scripts/self-test-cross-cli-fleet-ticker.mjs +85 -0
  481. package/scripts/self-test-cross-cli-hive-adoption.mjs +125 -0
  482. package/scripts/self-test-cross-cli-hive-learning.mjs +146 -0
  483. package/scripts/self-test-cross-phase-tool-failure.mjs +110 -0
  484. package/scripts/self-test-cross-surface-action-ledger.mjs +149 -0
  485. package/scripts/self-test-end-of-phase-qa-court.mjs +616 -0
  486. package/scripts/self-test-evaluate-with-kernel.mjs +111 -0
  487. package/scripts/self-test-first-class-output-delta-proof.mjs +307 -0
  488. package/scripts/self-test-goal-contract-output-qa.mjs +73 -0
  489. package/scripts/self-test-goal-contract.mjs +35 -0
  490. package/scripts/self-test-governed-adapters.mjs +105 -0
  491. package/scripts/self-test-governed-surface-runner.mjs +198 -0
  492. package/scripts/self-test-harness-gates.mjs +15 -12
  493. package/scripts/self-test-harness-ticker-sidecar.mjs +153 -0
  494. package/scripts/self-test-hive-org-kernel.mjs +233 -0
  495. package/scripts/self-test-hive-session-coordination.mjs +156 -0
  496. package/scripts/self-test-hive-wal-consumer.mjs +111 -0
  497. package/scripts/self-test-kernel-a3-a4-selection.mjs +179 -0
  498. package/scripts/self-test-ledger-append.mjs +175 -0
  499. package/scripts/self-test-live-codex-posttool-packet-smoke.mjs +111 -0
  500. package/scripts/self-test-live-codex-pretool-packet-smoke.mjs +101 -0
  501. package/scripts/self-test-live-codex-stop-qa-kernel-smoke.mjs +43 -0
  502. package/scripts/self-test-live-wrapper-substrate-inventory.mjs +149 -0
  503. package/scripts/self-test-local-main-sync-script.mjs +47 -0
  504. package/scripts/self-test-mechanical-autofire-resolver.mjs +296 -0
  505. package/scripts/self-test-no-consult-cognitive-skills-output.mjs +135 -0
  506. package/scripts/self-test-owner-airtable-sync-queue.mjs +196 -0
  507. package/scripts/self-test-owner-airtable-sync.mjs +181 -0
  508. package/scripts/self-test-owner-sheets-action-ledger.mjs +100 -0
  509. package/scripts/self-test-production-preflight.mjs +78 -0
  510. package/scripts/self-test-project-boundary-cognition.mjs +79 -0
  511. package/scripts/self-test-qa-exec-kernel.mjs +34 -0
  512. package/scripts/self-test-qa-recovery-learning-loop.mjs +113 -0
  513. package/scripts/self-test-qiyas-label-alignment.mjs +94 -0
  514. package/scripts/self-test-recovery-context.mjs +110 -0
  515. package/scripts/self-test-repo-guard.mjs +10 -0
  516. package/scripts/self-test-runtime-health-self-heal.mjs +161 -0
  517. package/scripts/self-test-runtime-postcondition.mjs +70 -0
  518. package/scripts/self-test-soul-precommit-hook.mjs +39 -0
  519. package/scripts/self-test-stop-gate-kernel-guards.mjs +185 -0
  520. package/scripts/self-test-stop-gate.mjs +128 -0
  521. package/scripts/self-test-substrate-kernel-execution-receipt.mjs +130 -0
  522. package/scripts/self-test-substrate-open-skill-floor.mjs +87 -0
  523. package/scripts/self-test-substrate-output-quality-eval.mjs +171 -0
  524. package/scripts/self-test-task-closeout-drift.mjs +97 -0
  525. package/scripts/self-test-task-project-ledger-readiness.mjs +43 -0
  526. package/scripts/self-test-task-runner-phase-consumer.mjs +134 -0
  527. package/scripts/self-test-task-worker-lane.mjs +256 -0
  528. package/scripts/self-test-turn-substrate-qa-kernel.mjs +188 -0
  529. package/scripts/self-test-universal-action-capture.mjs +153 -0
  530. package/scripts/self-test-universal-turn-packet-entrypoints.mjs +252 -0
  531. package/scripts/self-test-universal-turn-packet.mjs +320 -0
  532. package/scripts/session-quality-backfill.mjs +253 -0
  533. package/scripts/smoke-autofire-100-prompts.mjs +481 -0
  534. package/scripts/sync-local-main-on-task-complete.mjs +278 -0
  535. package/scripts/sync-owner-status-airtable.mjs +1158 -0
  536. package/scripts/validate-skill-prompts.mjs +12 -1
  537. package/scripts/verify-codex-native-mirror.mjs +262 -0
  538. package/skills/34-frameworks-unified/SKILL.md +42 -0
  539. package/skills/api-design/SKILL.md +123 -0
  540. package/skills/architecture-decision/SKILL.md +105 -0
  541. package/skills/aria-aristotle-cognitives/SKILL.md +128 -0
  542. package/skills/aria-aristotle-intra-phase/SKILL.md +99 -0
  543. package/skills/aria-aristotle-post-phase/SKILL.md +116 -0
  544. package/skills/aria-aristotle-pre-phase/SKILL.md +117 -0
  545. package/skills/aria-axioms-first-principles/SKILL.md +202 -0
  546. package/skills/aria-axioms-first-principles/agents/openai.yaml +4 -0
  547. package/skills/aria-axioms-first-principles/references/source-map.md +130 -0
  548. package/skills/aria-chat/SKILL.md +84 -0
  549. package/skills/aria-chat/scripts/aria-chat.sh +57 -0
  550. package/skills/aria-cognition/34-frameworks-unified/SKILL.md +42 -0
  551. package/skills/aria-cognition/aria-aristotle-cognitives/SKILL.md +128 -0
  552. package/skills/aria-cognition/aria-aristotle-intra-phase/SKILL.md +99 -0
  553. package/skills/aria-cognition/aria-aristotle-post-phase/SKILL.md +118 -0
  554. package/skills/aria-cognition/aria-aristotle-pre-phase/SKILL.md +117 -0
  555. package/skills/aria-cognition/aria-axioms-first-principles/SKILL.md +202 -0
  556. package/skills/aria-cognition/aria-axioms-first-principles/agents/openai.yaml +4 -0
  557. package/skills/aria-cognition/aria-axioms-first-principles/references/source-map.md +130 -0
  558. package/skills/aria-cognition/aria-backend-architect/SKILL.md +124 -0
  559. package/skills/aria-cognition/aria-backend-architect/references/backend-cookbook.md +417 -0
  560. package/skills/aria-cognition/aria-business-audit/SKILL.md +133 -0
  561. package/skills/aria-cognition/aria-business-audit/references/audit-cookbook.md +247 -0
  562. package/skills/aria-cognition/aria-business-frame/SKILL.md +138 -0
  563. package/skills/aria-cognition/aria-business-frame/references/business-cookbook.md +154 -0
  564. package/skills/aria-cognition/aria-chat/SKILL.md +84 -0
  565. package/skills/aria-cognition/aria-chat/scripts/aria-chat.sh +57 -0
  566. package/skills/aria-cognition/aria-cognition-autofire/SKILL.md +137 -0
  567. package/skills/aria-cognition/aria-cognition-batch/SKILL.md +264 -0
  568. package/skills/aria-cognition/aria-decision-mizan/SKILL.md +136 -0
  569. package/skills/aria-cognition/aria-decision-mizan/references/decision-frameworks.md +287 -0
  570. package/skills/aria-cognition/aria-first-class-operating-contract/SKILL.md +104 -0
  571. package/skills/aria-cognition/aria-frontend-architect/SKILL.md +123 -0
  572. package/skills/aria-cognition/aria-frontend-architect/references/frontend-cookbook.md +358 -0
  573. package/skills/aria-cognition/aria-fullstack-orchestrator/SKILL.md +127 -0
  574. package/skills/aria-cognition/aria-fullstack-orchestrator/references/fullstack-cookbook.md +383 -0
  575. package/skills/aria-cognition/aria-gtm-architect/SKILL.md +126 -0
  576. package/skills/aria-cognition/aria-gtm-architect/references/gtm-cookbook.md +235 -0
  577. package/skills/aria-cognition/aria-harness-deploy/SKILL.md +145 -0
  578. package/skills/aria-cognition/aria-harness-no-stripping/SKILL.md +135 -0
  579. package/skills/aria-cognition/aria-harness-onboarding/SKILL.md +130 -0
  580. package/skills/aria-cognition/aria-harness-output-discipline/SKILL.md +120 -0
  581. package/skills/aria-cognition/aria-harness-substrate-binding/SKILL.md +139 -0
  582. package/skills/aria-cognition/aria-http-harness-client/SKILL.md +85 -0
  583. package/skills/aria-cognition/aria-http-harness-client/scripts/smoke.mjs +47 -0
  584. package/skills/aria-cognition/aria-k8s-deploy/SKILL.md +174 -0
  585. package/skills/aria-cognition/aria-k8s-deploy/agents/openai.yaml +3 -0
  586. package/skills/aria-cognition/aria-ladduniframe/SKILL.md +60 -0
  587. package/skills/aria-cognition/aria-ledger-fleet-execution/SKILL.md +126 -0
  588. package/skills/aria-cognition/aria-live-ops/SKILL.md +54 -0
  589. package/skills/aria-cognition/aria-mac-ssh-ops/SKILL.md +100 -0
  590. package/skills/aria-cognition/aria-memory-index/SKILL.md +42 -0
  591. package/skills/aria-cognition/aria-noor-cognitives/SKILL.md +120 -0
  592. package/skills/aria-cognition/aria-ops/SKILL.md +60 -0
  593. package/skills/aria-cognition/aria-ops/references/live-endpoints.md +59 -0
  594. package/skills/aria-cognition/aria-quality-audit/SKILL.md +133 -0
  595. package/skills/aria-cognition/aria-readable-output/SKILL.md +239 -0
  596. package/skills/aria-cognition/aria-readable-output/references/layout-cookbook.md +366 -0
  597. package/skills/aria-cognition/aria-reasoning/SKILL.md +67 -0
  598. package/skills/aria-cognition/aria-reasoning/references/core-principles.md +42 -0
  599. package/skills/aria-cognition/aria-repo-audit/SKILL.md +135 -0
  600. package/skills/aria-cognition/aria-repo-audit/references/repo-audit-cookbook.md +375 -0
  601. package/skills/aria-cognition/aria-research-orchestrator/SKILL.md +138 -0
  602. package/skills/aria-cognition/aria-research-orchestrator/references/research-patterns.md +270 -0
  603. package/skills/aria-cognition/aria-retention-engine/SKILL.md +120 -0
  604. package/skills/aria-cognition/aria-retention-engine/references/retention-cookbook.md +271 -0
  605. package/skills/aria-cognition/aria-revenue-engine/SKILL.md +128 -0
  606. package/skills/aria-cognition/aria-revenue-engine/references/revenue-cookbook.md +227 -0
  607. package/skills/aria-cognition/aria-senior-code-audit/SKILL.md +233 -0
  608. package/skills/aria-cognition/aria-senior-code-audit/references/audit-checklist.md +369 -0
  609. package/skills/aria-cognition/aria-senior-code-cookbook/SKILL.md +288 -0
  610. package/skills/aria-cognition/aria-senior-code-cookbook/references/engineering-cookbook.md +489 -0
  611. package/skills/aria-cognition/aria-soul-principles/SKILL.md +42 -0
  612. package/skills/aria-cognition/aria-task-codex-executor/SKILL.md +86 -0
  613. package/skills/aria-cognition/aristotle-engine/SKILL.md +42 -0
  614. package/skills/aria-cognition/cross-domain-24/SKILL.md +42 -0
  615. package/skills/aria-cognition/deepsoul-emotional/SKILL.md +42 -0
  616. package/skills/aria-cognition/fitrah-guard/SKILL.md +78 -0
  617. package/skills/aria-cognition/ghazali-8lens/SKILL.md +227 -29
  618. package/skills/aria-cognition/ghazali-8lens/references/ghazali-8lens-cookbook.md +797 -0
  619. package/skills/aria-cognition/ijtihad-novel/SKILL.md +42 -0
  620. package/skills/aria-cognition/ilham-intuition/SKILL.md +42 -0
  621. package/skills/aria-cognition/never-guess/SKILL.md +77 -0
  622. package/skills/aria-cognition/noor-recognition/SKILL.md +45 -0
  623. package/skills/aria-cognition/qiyas-analogy/SKILL.md +174 -14
  624. package/skills/aria-cognition/ruh-basis/SKILL.md +42 -0
  625. package/skills/aria-cognition/tadabbur/SKILL.md +506 -0
  626. package/skills/aria-cognition/tadabbur/references/tadabbur-cookbook.md +921 -0
  627. package/skills/aria-cognition/tadabbur-ops/SKILL.md +42 -0
  628. package/skills/aria-cognition/tafakkur/SKILL.md +104 -0
  629. package/skills/aria-cognition-autofire/SKILL.md +109 -0
  630. package/skills/aria-cognition-batch/SKILL.md +264 -0
  631. package/skills/aria-conversational-doctrine-discipline/SKILL.md +125 -0
  632. package/skills/aria-essence/SKILL.md +81 -0
  633. package/skills/aria-essence/references/domain-matrix.md +80 -0
  634. package/skills/aria-essence/references/evolution-loop.md +30 -0
  635. package/skills/aria-essence/references/readable-cognition.md +27 -0
  636. package/skills/aria-first-class-operating-contract/SKILL.md +104 -0
  637. package/skills/aria-forge-guardrails/SKILL.md +53 -0
  638. package/skills/aria-forge-guardrails/references/checklist.md +31 -0
  639. package/skills/aria-harness-deploy/SKILL.md +145 -0
  640. package/skills/aria-harness-no-stripping/SKILL.md +135 -0
  641. package/skills/aria-harness-onboarding/SKILL.md +130 -0
  642. package/skills/aria-harness-output-discipline/SKILL.md +120 -0
  643. package/skills/aria-harness-substrate-binding/SKILL.md +139 -0
  644. package/skills/aria-http-harness-client/SKILL.md +85 -0
  645. package/skills/aria-http-harness-client/scripts/smoke.mjs +47 -0
  646. package/skills/aria-k8s-deploy/SKILL.md +174 -0
  647. package/skills/aria-k8s-deploy/agents/openai.yaml +3 -0
  648. package/skills/aria-ladduniframe/SKILL.md +60 -0
  649. package/skills/aria-ledger-fleet-execution/SKILL.md +126 -0
  650. package/skills/aria-live-ops/SKILL.md +54 -0
  651. package/skills/aria-mac-ssh-ops/SKILL.md +100 -0
  652. package/skills/aria-memory-index/SKILL.md +42 -0
  653. package/skills/aria-noor-cognitives/SKILL.md +120 -0
  654. package/skills/aria-ops/SKILL.md +60 -0
  655. package/skills/aria-ops/references/live-endpoints.md +59 -0
  656. package/skills/aria-quality-audit/SKILL.md +133 -0
  657. package/skills/aria-reasoning/SKILL.md +67 -0
  658. package/skills/aria-reasoning/references/core-principles.md +42 -0
  659. package/skills/aria-repo-doctrine/SKILL.md +57 -0
  660. package/skills/aria-soul-principles/SKILL.md +42 -0
  661. package/skills/aria-task-codex-executor/SKILL.md +86 -0
  662. package/skills/aristotle-engine/SKILL.md +42 -0
  663. package/skills/ci-cd-pipeline/SKILL.md +116 -0
  664. package/skills/code-review/SKILL.md +131 -0
  665. package/skills/cross-domain-24/SKILL.md +42 -0
  666. package/skills/database-design/SKILL.md +124 -0
  667. package/skills/deepsoul-emotional/SKILL.md +42 -0
  668. package/skills/deno-kv-raft-pubsub/SKILL.md +561 -0
  669. package/skills/deno-kv-raft-pubsub/reference/maelstrom-integration.md +393 -0
  670. package/skills/deno-kv-raft-pubsub/reference/pubsub-api.md +376 -0
  671. package/skills/deno-kv-raft-pubsub/reference/raft-spec.md +402 -0
  672. package/skills/deno-kv-raft-pubsub/reference/state-machine.md +182 -0
  673. package/skills/error-handling/SKILL.md +159 -0
  674. package/skills/firecrawl/SKILL.md +165 -0
  675. package/skills/firecrawl/rules/install.md +82 -0
  676. package/skills/firecrawl/rules/security.md +26 -0
  677. package/skills/firecrawl-agent/SKILL.md +86 -0
  678. package/skills/firecrawl-build-interact/SKILL.md +96 -0
  679. package/skills/firecrawl-build-onboarding/SKILL.md +131 -0
  680. package/skills/firecrawl-build-onboarding/references/auth-flow.md +39 -0
  681. package/skills/firecrawl-build-onboarding/references/project-setup.md +20 -0
  682. package/skills/firecrawl-build-onboarding/references/sdk-installation.md +17 -0
  683. package/skills/firecrawl-build-scrape/SKILL.md +97 -0
  684. package/skills/firecrawl-build-search/SKILL.md +97 -0
  685. package/skills/firecrawl-clone/SKILL.md +419 -0
  686. package/skills/firecrawl-crawl/SKILL.md +87 -0
  687. package/skills/firecrawl-download/SKILL.md +98 -0
  688. package/skills/firecrawl-interact/SKILL.md +112 -0
  689. package/skills/firecrawl-map/SKILL.md +79 -0
  690. package/skills/firecrawl-scrape/SKILL.md +97 -0
  691. package/skills/firecrawl-search/SKILL.md +88 -0
  692. package/skills/fitrah-guard/SKILL.md +78 -0
  693. package/skills/forge-quality-rules/SKILL.md +61 -0
  694. package/skills/ghazali-8lens/SKILL.md +56 -0
  695. package/skills/ijtihad-novel/SKILL.md +42 -0
  696. package/skills/ilham-intuition/SKILL.md +42 -0
  697. package/skills/imagegen/LICENSE.txt +201 -0
  698. package/skills/imagegen/SKILL.md +374 -0
  699. package/skills/imagegen/agents/openai.yaml +6 -0
  700. package/skills/imagegen/assets/imagegen-small.svg +5 -0
  701. package/skills/imagegen/assets/imagegen.png +0 -0
  702. package/skills/imagegen/references/cli.md +242 -0
  703. package/skills/imagegen/references/codex-network.md +33 -0
  704. package/skills/imagegen/references/image-api.md +90 -0
  705. package/skills/imagegen/references/prompting.md +118 -0
  706. package/skills/imagegen/references/sample-prompts.md +433 -0
  707. package/skills/imagegen/scripts/image_gen.py +995 -0
  708. package/skills/imagegen/scripts/remove_chroma_key.py +440 -0
  709. package/skills/istiqra-induction/SKILL.md +44 -0
  710. package/skills/ladunni-22/SKILL.md +53 -0
  711. package/skills/mizan/SKILL.md +90 -0
  712. package/skills/nadia/SKILL.md +56 -0
  713. package/skills/nadia-psi/SKILL.md +56 -0
  714. package/skills/never-guess/SKILL.md +75 -0
  715. package/skills/noor-recognition/SKILL.md +45 -0
  716. package/skills/observability/SKILL.md +133 -0
  717. package/skills/openai-docs/LICENSE.txt +201 -0
  718. package/skills/openai-docs/SKILL.md +100 -0
  719. package/skills/openai-docs/agents/openai.yaml +14 -0
  720. package/skills/openai-docs/assets/openai-small.svg +3 -0
  721. package/skills/openai-docs/assets/openai.png +0 -0
  722. package/skills/openai-docs/references/latest-model.md +37 -0
  723. package/skills/openai-docs/references/prompting-guide.md +244 -0
  724. package/skills/openai-docs/references/upgrade-guide.md +181 -0
  725. package/skills/openai-docs/scripts/resolve-latest-model-info.js +147 -0
  726. package/skills/pdf/LICENSE.txt +201 -0
  727. package/skills/pdf/SKILL.md +85 -0
  728. package/skills/pdf/agents/openai.yaml +5 -0
  729. package/skills/pdf/assets/pdf.png +0 -0
  730. package/skills/playwright/LICENSE.txt +201 -0
  731. package/skills/playwright/NOTICE.txt +14 -0
  732. package/skills/playwright/SKILL.md +165 -0
  733. package/skills/playwright/agents/openai.yaml +6 -0
  734. package/skills/playwright/assets/playwright-small.svg +3 -0
  735. package/skills/playwright/assets/playwright.png +0 -0
  736. package/skills/playwright/references/cli.md +116 -0
  737. package/skills/playwright/references/workflows.md +95 -0
  738. package/skills/playwright/scripts/playwright_cli.sh +25 -0
  739. package/skills/plugin-creator/SKILL.md +178 -0
  740. package/skills/plugin-creator/agents/openai.yaml +6 -0
  741. package/skills/plugin-creator/assets/plugin-creator-small.svg +3 -0
  742. package/skills/plugin-creator/assets/plugin-creator.png +0 -0
  743. package/skills/plugin-creator/references/plugin-json-spec.md +170 -0
  744. package/skills/plugin-creator/scripts/create_basic_plugin.py +301 -0
  745. package/skills/predictor/SKILL.md +43 -0
  746. package/skills/qiyas-analogy/SKILL.md +204 -0
  747. package/skills/refactoring/SKILL.md +137 -0
  748. package/skills/ruh-basis/SKILL.md +42 -0
  749. package/skills/security-review/SKILL.md +129 -0
  750. package/skills/skill-creator/SKILL.md +434 -0
  751. package/skills/skill-creator/agents/openai.yaml +5 -0
  752. package/skills/skill-creator/assets/skill-creator-small.svg +3 -0
  753. package/skills/skill-creator/assets/skill-creator.png +0 -0
  754. package/skills/skill-creator/license.txt +202 -0
  755. package/skills/skill-creator/references/openai_yaml.md +49 -0
  756. package/skills/skill-creator/scripts/generate_openai_yaml.py +226 -0
  757. package/skills/skill-creator/scripts/init_skill.py +400 -0
  758. package/skills/skill-creator/scripts/quick_validate.py +101 -0
  759. package/skills/skill-installer/LICENSE.txt +202 -0
  760. package/skills/skill-installer/SKILL.md +76 -0
  761. package/skills/skill-installer/agents/openai.yaml +5 -0
  762. package/skills/skill-installer/assets/skill-installer-small.svg +3 -0
  763. package/skills/skill-installer/assets/skill-installer.png +0 -0
  764. package/skills/skill-installer/scripts/github_utils.py +21 -0
  765. package/skills/skill-installer/scripts/install-skill-from-github.py +308 -0
  766. package/skills/skill-installer/scripts/list-skills.py +107 -0
  767. package/skills/skills-and-hooks-reference/SKILL.md +196 -0
  768. package/skills/soul-domains/SKILL.md +43 -0
  769. package/skills/tadabbur/SKILL.md +232 -0
  770. package/skills/tadabbur-ops/SKILL.md +42 -0
  771. package/skills/tafakkur/SKILL.md +104 -0
  772. package/skills/testing-strategy/SKILL.md +122 -0
  773. package/src/action-ledger-core.ts +1054 -0
  774. package/src/chat.ts +5 -6
  775. package/src/codebase-scanner.ts +2 -0
  776. package/src/connectors/claude-code.ts +149 -12
  777. package/src/connectors/codebase-awareness.ts +325 -25
  778. package/src/connectors/codex.ts +1273 -40
  779. package/src/connectors/cursor.ts +8 -0
  780. package/src/connectors/governed-adapter.ts +174 -0
  781. package/src/connectors/opencode.ts +18 -2
  782. package/src/connectors/repo-guard.ts +24 -12
  783. package/src/connectors/runtime.ts +99 -2
  784. package/src/connectors/shell.ts +125 -7
  785. package/src/cross-cli-hive-binding.ts +290 -0
  786. package/src/garden-control-plane.ts +24 -1
  787. package/src/governed-surface-runner.ts +1227 -0
  788. package/src/index.ts +104 -1
  789. package/src/task-runner.ts +3794 -0
  790. package/dist/aria-connector/src/install-hooks.d.ts +0 -18
  791. package/dist/aria-connector/src/install-hooks.d.ts.map +0 -1
  792. package/dist/aria-connector/src/install-hooks.js +0 -224
  793. package/dist/aria-connector/src/install-hooks.js.map +0 -1
  794. package/dist/aria-connector/src/onboarding-wizard.d.ts +0 -5
  795. package/dist/aria-connector/src/onboarding-wizard.d.ts.map +0 -1
  796. package/dist/aria-connector/src/onboarding-wizard.js +0 -188
  797. package/dist/aria-connector/src/onboarding-wizard.js.map +0 -1
  798. package/dist/cli-0.2.38.tgz +0 -0
  799. package/dist/install.sh +0 -13
  800. package/src/__tests__/anthropic-oauth.test.ts +0 -186
  801. package/src/__tests__/auth-commands.test.ts +0 -132
  802. package/src/__tests__/owner-login.test.ts +0 -311
package/dist/runtime/hooks/lib/obligation-ledger.mjs ADDED
@@ -0,0 +1,147 @@
1
+ // AI-11803-OBLIG-LEDGER-AUDIT (2026-05-12) — first-class hardening pass.
2
+ // Prior 60-line version had: silent-corrupt-line read failure, no
3
+ // closeObligation API, silent schema-mismatch drop, mode-on-creation-only,
4
+ // no tests. This pass: try/catch with LOUD audit on corrupt lines, new
5
+ // closeObligation()/markFixed() API, schema-mismatch counter exposed in
6
+ // return, idempotent obligation lookup by id, regression tests co-located
7
+ // under __tests__/.
8
+ //
9
+ // Concurrency note: appendFileSync is not file-locked. Two concurrent
10
+ // writes of small JSONL rows (< PIPE_BUF, ~4KB POSIX) are atomic at the
11
+ // line level; large rows with deep evidence may interleave. Owner-decision
12
+ // pending on whether to add flock(2)-style mutual exclusion for >4KB rows.
13
+
14
+ import { appendFileSync, existsSync, mkdirSync, readFileSync, chmodSync } from 'node:fs';
15
+ import { createHash } from 'node:crypto';
16
+ import { dirname } from 'node:path';
17
+ import { homedir } from 'node:os';
18
+
19
+ const HOME = process.env.HOME || homedir();
20
+ const DEFAULT_LEDGER = `${HOME}/.aria/obligations.jsonl`;
21
+ export const OBLIGATION_SCHEMA_V1 = 'aria.obligation.v1';
22
+
23
+ function normalizeText(value) {
24
+ return String(value || '').replace(/\s+/g, ' ').trim();
25
+ }
26
+
27
+ function resolveLedgerPath(explicit) {
28
+ if (typeof explicit === 'string' && explicit) return explicit;
29
+ return process.env.ARIA_OBLIGATION_LEDGER || DEFAULT_LEDGER;
30
+ }
31
+
32
+ export function obligationHash({ sourceRuntime = 'unknown', kind = 'issue', description = '' } = {}) {
33
+ return createHash('sha256')
34
+ .update([sourceRuntime, kind, normalizeText(description).toLowerCase()].join('\0'))
35
+ .digest('hex');
36
+ }
37
+
38
+ function appendRow(ledgerPath, row) {
39
+ if (!existsSync(dirname(ledgerPath))) mkdirSync(dirname(ledgerPath), { recursive: true, mode: 0o700 });
40
+ appendFileSync(ledgerPath, `${JSON.stringify(row)}\n`, { mode: 0o600 });
41
+ // Enforce mode even when file pre-existed (appendFileSync mode applies
42
+ // only at creation). Defensive: catch chmod failures (e.g., perms denied
43
+ // on a foreign-owned ledger) without dying — LOUD-log so operator sees.
44
+ try {
45
+ chmodSync(ledgerPath, 0o600);
46
+ } catch (err) {
47
+ process.stderr.write(`[obligation-ledger:chmod-warn] path=${ledgerPath} ${err instanceof Error ? err.message : String(err)} — appended but mode-enforcement skipped\n`);
48
+ }
49
+ }
50
+
51
+ export function recordObligation(input = {}) {
52
+ const description = normalizeText(input.description || input.text || input.summary);
53
+ if (!description) throw new Error('recordObligation requires a description');
54
+ const sourceRuntime = normalizeText(input.sourceRuntime || input.source_runtime || 'unknown');
55
+ const kind = normalizeText(input.kind || 'issue');
56
+ const row = {
57
+ schema: OBLIGATION_SCHEMA_V1,
58
+ id: obligationHash({ sourceRuntime, kind, description }),
59
+ at: new Date().toISOString(),
60
+ sourceRuntime,
61
+ source: normalizeText(input.source || 'unknown'),
62
+ sessionId: normalizeText(input.sessionId || input.session_id || 'unknown'),
63
+ kind,
64
+ description,
65
+ severity: normalizeText(input.severity || 'high'),
66
+ state: normalizeText(input.state || 'open'),
67
+ requiredAction: normalizeText(input.requiredAction || 'fix_and_verify'),
68
+ evidence: input.evidence || null,
69
+ proofOfFix: input.proofOfFix || null,
70
+ };
71
+ appendRow(resolveLedgerPath(input.ledgerPath), row);
72
+ return row;
73
+ }
74
+
75
+ // AI-11803-OBLIG-LEDGER-AUDIT — new API to close an obligation.
76
+ // Append-only model: closing writes a NEW row with state=closed and the
77
+ // supplied proofOfFix. readOpenObligations folds by id and keeps the
78
+ // LATEST row's state, so the closing row supersedes the opening row.
79
+ export function closeObligation({ id, proofOfFix, sessionId = 'unknown', ledgerPath } = {}) {
80
+ if (!id || typeof id !== 'string') throw new Error('closeObligation requires obligation id (string)');
81
+ if (!proofOfFix || typeof proofOfFix !== 'object') throw new Error('closeObligation requires proofOfFix object');
82
+ if (typeof proofOfFix.type !== 'string' || typeof proofOfFix.anchorTs !== 'string') {
83
+ throw new Error('proofOfFix must include type (string) and anchorTs (ISO string)');
84
+ }
85
+ const row = {
86
+ schema: OBLIGATION_SCHEMA_V1,
87
+ id,
88
+ at: new Date().toISOString(),
89
+ sessionId: normalizeText(sessionId),
90
+ state: 'closed',
91
+ proofOfFix,
92
+ };
93
+ appendRow(resolveLedgerPath(ledgerPath), row);
94
+ return row;
95
+ }
96
+
97
+ // AI-11803-OBLIG-LEDGER-AUDIT — read with corrupt-line tolerance + schema
98
+ // mismatch counter. Returns { obligations: [...open...], corruptLines,
99
+ // schemaMismatches } so callers can surface drift without dying.
100
+ export function readOpenObligations({ ledgerPath } = {}) {
101
+ const resolvedPath = resolveLedgerPath(ledgerPath);
102
+ if (!existsSync(resolvedPath)) {
103
+ return { obligations: [], corruptLines: 0, schemaMismatches: 0 };
104
+ }
105
+ const latest = new Map();
106
+ let corruptLines = 0;
107
+ let schemaMismatches = 0;
108
+ const raw = readFileSync(resolvedPath, 'utf8');
109
+ const lines = raw.split('\n').filter(Boolean);
110
+ for (const line of lines) {
111
+ let row;
112
+ try {
113
+ row = JSON.parse(line);
114
+ } catch (err) {
115
+ corruptLines += 1;
116
+ process.stderr.write(`[obligation-ledger:corrupt-line] path=${resolvedPath} line-prefix=${line.slice(0, 80)} ${err instanceof Error ? err.message : String(err)}\n`);
117
+ continue;
118
+ }
119
+ if (row?.schema !== OBLIGATION_SCHEMA_V1) {
120
+ schemaMismatches += 1;
121
+ continue;
122
+ }
123
+ if (!row.id) {
124
+ schemaMismatches += 1;
125
+ continue;
126
+ }
127
+ // Idempotent fold: latest row wins for each id.
128
+ latest.set(row.id, row);
129
+ }
130
+ const obligations = [...latest.values()].filter((row) => {
131
+ if (row.state !== 'open') return false;
132
+ const proof = row.proofOfFix;
133
+ return !(proof && typeof proof.type === 'string' && typeof proof.anchorTs === 'string');
134
+ });
135
+ if (schemaMismatches > 0) {
136
+ process.stderr.write(`[obligation-ledger:schema-mismatch] path=${resolvedPath} skipped=${schemaMismatches} (expected schema=${OBLIGATION_SCHEMA_V1})\n`);
137
+ }
138
+ return { obligations, corruptLines, schemaMismatches };
139
+ }
140
+
141
+ // AI-11803-OBLIG-LEDGER-AUDIT — backward-compat shim. Existing callers
142
+ // (if any are wired) used `readOpenObligations()` returning a bare array.
143
+ // Keep that shape available; new callers should use readOpenObligations
144
+ // for the diagnostic-rich return.
145
+ export function listOpenObligations(opts = {}) {
146
+ return readOpenObligations(opts).obligations;
147
+ }
package/dist/runtime/hooks/lib/orchestration-manifest-extract.mjs ADDED
@@ -0,0 +1,217 @@
1
+ // Phase 2 Step 6 — manifest extraction primitive shared across hooks.
2
+ //
3
+ // Hooks consume the typed fields they enforce, while no-manifest turns keep
4
+ // the existing text-pattern path. The canonical schema lives in TypeScript at
5
+ // apps/arias-soul/api/lib/aria-runtime/orchestration-manifest.ts; this local
6
+ // hook helper mirrors only the fields needed by hook runtime.
7
+
8
+ import { createHash } from 'node:crypto';
9
+
10
+ const MANIFEST_TAG_RX = /<orchestration_manifest>([\s\S]*?)<\/orchestration_manifest>/i;
11
+ const JSON_FENCE_RX = /```(?:json|orchestration)?\s*\n(\{[\s\S]*?"schema_version"\s*:\s*"v1"[\s\S]*?\})\s*\n```/i;
12
+ const MANIFEST_MARKER_RX = /"schema_version"\s*:\s*"v1"/;
13
+
14
+ const REQUIRED_KEYS = [
15
+ 'schema_version',
16
+ 'tadabbur_mode',
17
+ 'substrate',
18
+ 'faculties',
19
+ 'kernel_emphasis',
20
+ 'voice',
21
+ 'depth_budget',
22
+ 'intent',
23
+ 'gates',
24
+ 'meta',
25
+ ];
26
+
27
+ function isPlainObject(v) {
28
+ return v !== null && typeof v === 'object' && !Array.isArray(v);
29
+ }
30
+
31
+ function hasRequiredKeys(obj) {
32
+ if (!isPlainObject(obj)) return false;
33
+ for (const k of REQUIRED_KEYS) {
34
+ if (!(k in obj)) return false;
35
+ }
36
+ return obj.schema_version === 'v1';
37
+ }
38
+
39
+ function tryParse(jsonText) {
40
+ try {
41
+ return JSON.parse(jsonText);
42
+ } catch {
43
+ return null;
44
+ }
45
+ }
46
+
47
+ export function extractManifest(text) {
48
+ if (typeof text !== 'string' || text.length === 0) return null;
49
+ if (!MANIFEST_MARKER_RX.test(text)) return null;
50
+
51
+ const tagMatch = text.match(MANIFEST_TAG_RX);
52
+ if (tagMatch) {
53
+ const parsed = tryParse(tagMatch[1]);
54
+ if (hasRequiredKeys(parsed)) return { manifest: parsed, raw: tagMatch[1] };
55
+ }
56
+
57
+ const fenceMatch = text.match(JSON_FENCE_RX);
58
+ if (fenceMatch) {
59
+ const parsed = tryParse(fenceMatch[1]);
60
+ if (hasRequiredKeys(parsed)) return { manifest: parsed, raw: fenceMatch[1] };
61
+ }
62
+
63
+ const idx = text.search(MANIFEST_MARKER_RX);
64
+ if (idx >= 0) {
65
+ let start = text.lastIndexOf('{', idx);
66
+ while (start >= 0) {
67
+ const candidate = extractBalancedObject(text, start);
68
+ if (candidate) {
69
+ const parsed = tryParse(candidate);
70
+ if (hasRequiredKeys(parsed)) return { manifest: parsed, raw: candidate };
71
+ }
72
+ start = text.lastIndexOf('{', start - 1);
73
+ if (start >= 0 && idx - start > 4096) break;
74
+ }
75
+ }
76
+
77
+ return null;
78
+ }
79
+
80
+ function extractBalancedObject(text, start) {
81
+ if (text[start] !== '{') return null;
82
+ let depth = 0;
83
+ let inString = false;
84
+ let escape = false;
85
+ const max = Math.min(text.length, start + 32768);
86
+ for (let i = start; i < max; i++) {
87
+ const ch = text[i];
88
+ if (escape) {
89
+ escape = false;
90
+ continue;
91
+ }
92
+ if (ch === '\\') {
93
+ escape = true;
94
+ continue;
95
+ }
96
+ if (ch === '"') {
97
+ inString = !inString;
98
+ continue;
99
+ }
100
+ if (inString) continue;
101
+ if (ch === '{') depth++;
102
+ else if (ch === '}') {
103
+ depth--;
104
+ if (depth === 0) return text.slice(start, i + 1);
105
+ }
106
+ }
107
+ return null;
108
+ }
109
+
110
+ export function fingerprintManifest(manifest) {
111
+ if (!isPlainObject(manifest)) return null;
112
+ return createHash('sha256').update(canonicalize(manifest)).digest('hex');
113
+ }
114
+
115
+ function canonicalize(value) {
116
+ if (Array.isArray(value)) {
117
+ return '[' + value.map(canonicalize).join(',') + ']';
118
+ }
119
+ if (isPlainObject(value)) {
120
+ return (
121
+ '{' +
122
+ Object.keys(value)
123
+ .sort()
124
+ .map((k) => JSON.stringify(k) + ':' + canonicalize(value[k]))
125
+ .join(',') +
126
+ '}'
127
+ );
128
+ }
129
+ return JSON.stringify(value);
130
+ }
131
+
132
+ export function manifestSkillsToInvoke(manifest) {
133
+ const skills = manifest?.intent?.workflow_skills_to_invoke;
134
+ return Array.isArray(skills) ? skills.filter((s) => typeof s === 'string') : [];
135
+ }
136
+
137
+ export function manifestRequiredSkillFiles(manifest) {
138
+ const files = manifest?.substrate?.skill_files;
139
+ if (!Array.isArray(files)) return [];
140
+ return files
141
+ .filter((s) => isPlainObject(s) && typeof s.name === 'string')
142
+ .map((s) => ({
143
+ name: s.name,
144
+ weight: typeof s.weight === 'number' ? s.weight : 0,
145
+ invoke_workflow: s.invoke_workflow === true,
146
+ }));
147
+ }
148
+
149
+ export function manifestGateRequirements(manifest) {
150
+ const g = manifest?.gates;
151
+ if (!isPlainObject(g)) return null;
152
+ return {
153
+ pre_tool: g.pre_tool ?? 'full_strength',
154
+ post_tool: g.post_tool ?? 'full_strength',
155
+ stop: g.stop ?? 'full_strength',
156
+ cognition_block_required: g.cognition_block_required === true,
157
+ applied_cognition_block_required: g.applied_cognition_block_required === true,
158
+ verification_block_required: g.verification_block_required === true,
159
+ };
160
+ }
161
+
162
+ export function manifestCognitionVisibility(manifest) {
163
+ return manifest?.voice?.cognition_visibility ?? null;
164
+ }
165
+
166
+ export function manifestHash(manifest) {
167
+ const stored = manifest?.meta?.manifest_hash;
168
+ if (typeof stored === 'string' && /^[a-f0-9]{64}$/.test(stored)) return stored;
169
+ return fingerprintManifest(manifest);
170
+ }
171
+
172
+ export function manifestMode(manifest) {
173
+ return manifest?.meta?.mode ?? null;
174
+ }
175
+
176
+ export function manifestSatisfiesStopCognitionGate(manifest) {
177
+ const gates = manifestGateRequirements(manifest);
178
+ const visibility = manifestCognitionVisibility(manifest);
179
+ const hash = manifestHash(manifest);
180
+ const mode = manifestMode(manifest) || 'unknown';
181
+ if (gates?.stop === 'off') {
182
+ return {
183
+ ok: true,
184
+ reason: `manifest.gates.stop=off manifest_hash=${hash} mode=${mode}`,
185
+ gates,
186
+ visibility,
187
+ hash,
188
+ mode,
189
+ };
190
+ }
191
+ if (gates?.cognition_block_required === false && visibility === 'hidden') {
192
+ return {
193
+ ok: true,
194
+ reason: `manifest cognition hidden manifest_hash=${hash} mode=${mode}`,
195
+ gates,
196
+ visibility,
197
+ hash,
198
+ mode,
199
+ };
200
+ }
201
+ return {
202
+ ok: false,
203
+ reason: null,
204
+ gates,
205
+ visibility,
206
+ hash,
207
+ mode,
208
+ };
209
+ }
210
+
211
+ export function manifestVerificationRequired(manifest) {
212
+ return manifest?.intent?.verification_required === true;
213
+ }
214
+
215
+ export function manifestOwnerDecisionRequired(manifest) {
216
+ return manifest?.intent?.owner_decision_required === true;
217
+ }
package/dist/runtime/hooks/lib/owner-authorizations.mjs ADDED
@@ -0,0 +1,269 @@
1
+ /**
2
+ * Owner authorization grants — gate bypass for explicitly-authorized
3
+ * Bash commands. Closes the false-positive class where the
4
+ * userCorrectionBlocksCommand regex hard-blocks legitimate operations
5
+ * because of conversational steering language ("don't fish around")
6
+ * within 160 chars of a kubectl/docker verb.
7
+ *
8
+ * Doctrine bind:
9
+ * - aria-repo-doctrine — real implementation, real proof. Coach
10
+ * drives quality by holding explicit authorization state, not by
11
+ * having gates infer authorization from regex over user text.
12
+ * - feedback_no_graceful_degradation.md — the prior heuristic was
13
+ * graceful degradation: "guess intent from negation tokens near
14
+ * action verbs." This replaces guessing with explicit grants.
15
+ * - "Coach drives, gates catch" — the gate consults coach-side
16
+ * authorization state FIRST. The regex is a fallback for when
17
+ * no explicit grant exists.
18
+ *
19
+ * Background:
20
+ * The ops/claude-hooks/aria-pre-tool-gate.mjs userCorrectionBlocksCommand
21
+ * function (~line 788) regex-scans the last ~6 user messages for
22
+ * negation tokens within 160 chars of action verbs and hard-blocks
23
+ * the matching Bash. Conversational steering ("Don't fish around.
24
+ * Apply the runtime-flags patch") trips it because "don't" sits
25
+ * within 160 chars of "kubectl patch."
26
+ *
27
+ * Heuristic fix (tighten the regex) reduces false positives but
28
+ * doesn't eliminate them — natural language has too many shapes.
29
+ * Structural fix: let the operator write explicit grants the gate
30
+ * reads BEFORE the regex.
31
+ *
32
+ * Grant lifecycle:
33
+ * 1. Operator writes "AUTHORIZE: <command-shape>" in user message
34
+ * (e.g., "AUTHORIZE: docker build ... && kubectl set image ...").
35
+ * 2. pre-tool-gate scans recent user text on each Bash, calls
36
+ * detectAndRecordGrants(recentUserText, sessionId) to write
37
+ * any new grants found.
38
+ * 3. pre-tool-gate calls findActiveGrant(cmd, sessionId) before the
39
+ * user-correction regex. If a current grant matches, gate skips
40
+ * the regex check (still runs other gates).
41
+ * 4. Grants expire by TTL (default 15 min) or on-use (configurable).
42
+ *
43
+ * Storage:
44
+ * ~/.aria/runtime/state/owner-authorizations.jsonl
45
+ * - Append-only audit log: every grant + every consumption written
46
+ * - Reader filters expired entries on read; writer doesn't compact
47
+ * (rotation is a separate cron concern)
48
+ *
49
+ * Security note:
50
+ * AUTHORIZE: markers are NOT signed today. Anyone with write access
51
+ * to the operator's terminal could inject one. M2.13 (signed-grant
52
+ * override per Hamza 2026-04-27) is the canonical solution: HMAC-
53
+ * signed grants from a secret only the operator holds. This helper
54
+ * is the structural staircase to that — once grants exist as a
55
+ * first-class concept, M2.13 only changes the signature check.
56
+ */
57
+
58
+ import { appendFileSync, existsSync, mkdirSync, readFileSync, statSync } from 'node:fs';
59
+ import { homedir } from 'node:os';
60
+ import { dirname, join } from 'node:path';
61
+
62
+ const HOME = homedir();
63
+ const STATE_DIR = join(HOME, '.aria', 'runtime', 'state');
64
+ const GRANTS_PATH = join(STATE_DIR, 'owner-authorizations.jsonl');
65
+ const DEFAULT_TTL_MS = 15 * 60 * 1000; // 15 min
66
+ const MARKER_RX = /AUTHORIZE:\s*([^\n\r]{1,500})/g;
67
+
68
+ function ensureDir() {
69
+ if (!existsSync(STATE_DIR)) mkdirSync(STATE_DIR, { recursive: true, mode: 0o700 });
70
+ }
71
+
72
+ /**
73
+ * Read all grants from the JSONL log. Filters out expired entries.
74
+ * Returns { grants: [...], maxLines: N } — caller can use N to detect
75
+ * if rotation is warranted.
76
+ */
77
+ function readActiveGrants() {
78
+ if (!existsSync(GRANTS_PATH)) return { grants: [], maxLines: 0 };
79
+ let raw;
80
+ try {
81
+ raw = readFileSync(GRANTS_PATH, 'utf8');
82
+ } catch (err) {
83
+ process.stderr.write(
84
+ `[owner-authorizations] read failed: ${err instanceof Error ? err.message : String(err)}\n`,
85
+ );
86
+ return { grants: [], maxLines: 0 };
87
+ }
88
+ const lines = raw.split(/\r?\n/).filter(Boolean);
89
+ const now = Date.now();
90
+ const grants = [];
91
+ for (const line of lines) {
92
+ let entry;
93
+ try {
94
+ entry = JSON.parse(line);
95
+ } catch {
96
+ continue;
97
+ }
98
+ if (entry.kind !== 'grant') continue;
99
+ if (typeof entry.expiresAt !== 'number') continue;
100
+ if (entry.expiresAt < now) continue;
101
+ if (entry.consumed === true) continue;
102
+ grants.push(entry);
103
+ }
104
+ return { grants, maxLines: lines.length };
105
+ }
106
+
107
+ /**
108
+ * Write a grant entry to the log. Idempotent on (commandPattern, sessionId)
109
+ * — duplicates within the TTL window are skipped to avoid log bloat from
110
+ * repeated AUTHORIZE: marker scans.
111
+ */
112
+ export function recordOwnerGrant({
113
+ commandPattern,
114
+ sessionId,
115
+ ttlMs = DEFAULT_TTL_MS,
116
+ source = 'marker',
117
+ } = {}) {
118
+ if (!commandPattern || typeof commandPattern !== 'string') return null;
119
+ ensureDir();
120
+ const { grants } = readActiveGrants();
121
+ // Idempotency: same pattern + session within TTL → no-op
122
+ for (const g of grants) {
123
+ if (g.commandPattern === commandPattern && g.sessionId === sessionId) {
124
+ return g;
125
+ }
126
+ }
127
+ const now = Date.now();
128
+ const entry = {
129
+ kind: 'grant',
130
+ commandPattern,
131
+ sessionId: sessionId || 'unknown',
132
+ source,
133
+ grantedAt: now,
134
+ expiresAt: now + ttlMs,
135
+ consumed: false,
136
+ };
137
+ try {
138
+ appendFileSync(GRANTS_PATH, `${JSON.stringify(entry)}\n`, { mode: 0o600 });
139
+ } catch (err) {
140
+ process.stderr.write(
141
+ `[owner-authorizations] write failed: ${err instanceof Error ? err.message : String(err)}\n`,
142
+ );
143
+ return null;
144
+ }
145
+ return entry;
146
+ }
147
+
148
+ /**
149
+ * Compile a grant's commandPattern to a matcher. Patterns can be:
150
+ * - Substring (default): grant matches if cmd contains the pattern
151
+ * - Regex (/.../i form): grant matches if cmd matches the regex
152
+ * Returns a predicate (cmd) => boolean.
153
+ */
154
+ function compileGrantMatcher(pattern) {
155
+ const trimmed = String(pattern || '').trim();
156
+ if (!trimmed) return () => false;
157
+ // Regex form: /.../[i]
158
+ const rxMatch = trimmed.match(/^\/(.+)\/([gimsuy]*)$/);
159
+ if (rxMatch) {
160
+ try {
161
+ const rx = new RegExp(rxMatch[1], rxMatch[2] || 'i');
162
+ return (cmd) => rx.test(cmd);
163
+ } catch {
164
+ return () => false;
165
+ }
166
+ }
167
+ // Substring form: cmd must contain the pattern (case-insensitive)
168
+ const lower = trimmed.toLowerCase();
169
+ return (cmd) => String(cmd || '').toLowerCase().includes(lower);
170
+ }
171
+
172
+ /**
173
+ * Find an active grant matching the given command for this session.
174
+ * Returns the matching entry or null.
175
+ *
176
+ * Matching rules:
177
+ * - Grant must not be expired
178
+ * - Grant's sessionId must match (or be 'any' / '*')
179
+ * - Grant's commandPattern must match the cmd
180
+ *
181
+ * Does NOT mark the grant as consumed — that's a separate call so
182
+ * the gate can decide whether to one-shot or keep alive.
183
+ */
184
+ export function findActiveGrant(cmd, sessionId) {
185
+ if (!cmd) return null;
186
+ const { grants } = readActiveGrants();
187
+ for (const g of grants) {
188
+ if (g.sessionId !== sessionId && g.sessionId !== 'any' && g.sessionId !== '*') continue;
189
+ const matcher = compileGrantMatcher(g.commandPattern);
190
+ if (matcher(cmd)) return g;
191
+ }
192
+ return null;
193
+ }
194
+
195
+ /**
196
+ * Mark a grant as consumed. Used for one-shot grants; multi-use grants
197
+ * are kept alive until TTL.
198
+ */
199
+ export function consumeGrant(grant) {
200
+ if (!grant) return;
201
+ ensureDir();
202
+ const consumption = {
203
+ kind: 'consume',
204
+ commandPattern: grant.commandPattern,
205
+ sessionId: grant.sessionId,
206
+ consumedAt: Date.now(),
207
+ grantGrantedAt: grant.grantedAt,
208
+ };
209
+ try {
210
+ appendFileSync(GRANTS_PATH, `${JSON.stringify(consumption)}\n`, { mode: 0o600 });
211
+ } catch (err) {
212
+ process.stderr.write(
213
+ `[owner-authorizations] consume write failed: ${err instanceof Error ? err.message : String(err)}\n`,
214
+ );
215
+ }
216
+ }
217
+
218
+ /**
219
+ * Scan recent user text for AUTHORIZE: markers and write any new
220
+ * grants to the log. Returns the count of grants written.
221
+ *
222
+ * Each marker becomes one grant with:
223
+ * - commandPattern: text after "AUTHORIZE:" up to newline (max 500 chars)
224
+ * - ttlMs: default (15 min)
225
+ * - source: 'marker'
226
+ *
227
+ * Idempotency is handled by recordOwnerGrant (same pattern + session
228
+ * within TTL = no-op). So scanning the same user text twice doesn't
229
+ * duplicate grants.
230
+ */
231
+ export function detectAndRecordGrants(recentUserText, sessionId) {
232
+ if (!recentUserText || typeof recentUserText !== 'string') return 0;
233
+ let written = 0;
234
+ const text = recentUserText;
235
+ let m;
236
+ MARKER_RX.lastIndex = 0;
237
+ while ((m = MARKER_RX.exec(text)) !== null) {
238
+ const pattern = (m[1] || '').trim();
239
+ if (!pattern) continue;
240
+ const entry = recordOwnerGrant({
241
+ commandPattern: pattern,
242
+ sessionId,
243
+ source: 'marker',
244
+ });
245
+ if (entry) written += 1;
246
+ }
247
+ return written;
248
+ }
249
+
250
+ /**
251
+ * Convenience: detect markers + check for active grant in one call.
252
+ * Returns { authorized: boolean, grant: entry|null, grantsWritten: number }.
253
+ *
254
+ * This is the primary entry point pre-tool-gate uses.
255
+ */
256
+ export function checkAndAuthorize(cmd, sessionId, recentUserText) {
257
+ const grantsWritten = detectAndRecordGrants(recentUserText, sessionId);
258
+ const grant = findActiveGrant(cmd, sessionId);
259
+ return { authorized: Boolean(grant), grant, grantsWritten };
260
+ }
261
+
262
+ /**
263
+ * Diagnostic helper: returns the current active grant set for inspection.
264
+ * Used by tests + the pre-tool-gate audit trail.
265
+ */
266
+ export function listActiveGrants() {
267
+ const { grants } = readActiveGrants();
268
+ return grants;
269
+ }