@aria_asi/cli 0.2.39 → 0.2.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (802) hide show
  1. package/bin/aria.js +236 -34
  2. package/dist/aria-connector/src/action-ledger-core.d.ts +387 -0
  3. package/dist/aria-connector/src/action-ledger-core.d.ts.map +1 -0
  4. package/dist/aria-connector/src/action-ledger-core.js +638 -0
  5. package/dist/aria-connector/src/action-ledger-core.js.map +1 -0
  6. package/dist/aria-connector/src/chat.d.ts.map +1 -1
  7. package/dist/aria-connector/src/chat.js +5 -6
  8. package/dist/aria-connector/src/chat.js.map +1 -1
  9. package/dist/aria-connector/src/codebase-scanner.d.ts +1 -1
  10. package/dist/aria-connector/src/codebase-scanner.d.ts.map +1 -1
  11. package/dist/aria-connector/src/connectors/claude-code.d.ts +1 -0
  12. package/dist/aria-connector/src/connectors/claude-code.d.ts.map +1 -1
  13. package/dist/aria-connector/src/connectors/claude-code.js +152 -14
  14. package/dist/aria-connector/src/connectors/claude-code.js.map +1 -1
  15. package/dist/aria-connector/src/connectors/codebase-awareness.d.ts +10 -0
  16. package/dist/aria-connector/src/connectors/codebase-awareness.d.ts.map +1 -1
  17. package/dist/aria-connector/src/connectors/codebase-awareness.js +276 -27
  18. package/dist/aria-connector/src/connectors/codebase-awareness.js.map +1 -1
  19. package/dist/aria-connector/src/connectors/codex.d.ts +3 -1
  20. package/dist/aria-connector/src/connectors/codex.d.ts.map +1 -1
  21. package/dist/aria-connector/src/connectors/codex.js +1271 -40
  22. package/dist/aria-connector/src/connectors/codex.js.map +1 -1
  23. package/dist/aria-connector/src/connectors/cursor.d.ts.map +1 -1
  24. package/dist/aria-connector/src/connectors/cursor.js +7 -0
  25. package/dist/aria-connector/src/connectors/cursor.js.map +1 -1
  26. package/dist/aria-connector/src/connectors/governed-adapter.d.ts +30 -0
  27. package/dist/aria-connector/src/connectors/governed-adapter.d.ts.map +1 -0
  28. package/dist/aria-connector/src/connectors/governed-adapter.js +132 -0
  29. package/dist/aria-connector/src/connectors/governed-adapter.js.map +1 -0
  30. package/dist/aria-connector/src/connectors/opencode.d.ts +3 -1
  31. package/dist/aria-connector/src/connectors/opencode.d.ts.map +1 -1
  32. package/dist/aria-connector/src/connectors/opencode.js +18 -2
  33. package/dist/aria-connector/src/connectors/opencode.js.map +1 -1
  34. package/dist/aria-connector/src/connectors/repo-guard.d.ts.map +1 -1
  35. package/dist/aria-connector/src/connectors/repo-guard.js +25 -14
  36. package/dist/aria-connector/src/connectors/repo-guard.js.map +1 -1
  37. package/dist/aria-connector/src/connectors/runtime.d.ts.map +1 -1
  38. package/dist/aria-connector/src/connectors/runtime.js +92 -2
  39. package/dist/aria-connector/src/connectors/runtime.js.map +1 -1
  40. package/dist/aria-connector/src/connectors/shell.d.ts.map +1 -1
  41. package/dist/aria-connector/src/connectors/shell.js +123 -7
  42. package/dist/aria-connector/src/connectors/shell.js.map +1 -1
  43. package/dist/aria-connector/src/cross-cli-hive-binding.d.ts +63 -0
  44. package/dist/aria-connector/src/cross-cli-hive-binding.d.ts.map +1 -0
  45. package/dist/aria-connector/src/cross-cli-hive-binding.js +205 -0
  46. package/dist/aria-connector/src/cross-cli-hive-binding.js.map +1 -0
  47. package/dist/aria-connector/src/garden-control-plane.d.ts +6 -1
  48. package/dist/aria-connector/src/garden-control-plane.d.ts.map +1 -1
  49. package/dist/aria-connector/src/garden-control-plane.js +8 -2
  50. package/dist/aria-connector/src/garden-control-plane.js.map +1 -1
  51. package/dist/aria-connector/src/governed-surface-runner.d.ts +189 -0
  52. package/dist/aria-connector/src/governed-surface-runner.d.ts.map +1 -0
  53. package/dist/aria-connector/src/governed-surface-runner.js +1022 -0
  54. package/dist/aria-connector/src/governed-surface-runner.js.map +1 -0
  55. package/dist/aria-connector/src/index.d.ts +10 -1
  56. package/dist/aria-connector/src/index.d.ts.map +1 -1
  57. package/dist/aria-connector/src/index.js +5 -0
  58. package/dist/aria-connector/src/index.js.map +1 -1
  59. package/dist/aria-connector/src/task-runner.d.ts +3 -0
  60. package/dist/aria-connector/src/task-runner.d.ts.map +1 -0
  61. package/dist/aria-connector/src/task-runner.js +3526 -0
  62. package/dist/aria-connector/src/task-runner.js.map +1 -0
  63. package/dist/aria-web/src/lib/codebase-scanner.d.ts +21 -2
  64. package/dist/aria-web/src/lib/codebase-scanner.d.ts.map +1 -1
  65. package/dist/aria-web/src/lib/codebase-scanner.js +59 -14
  66. package/dist/aria-web/src/lib/codebase-scanner.js.map +1 -1
  67. package/dist/assets/hooks/README.md +58 -0
  68. package/dist/assets/hooks/aria-agent-handoff.mjs +147 -2
  69. package/dist/assets/hooks/aria-agent-ledger-merge.mjs +31 -7
  70. package/dist/assets/hooks/aria-architect-fallback.mjs +10 -2
  71. package/dist/assets/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  72. package/dist/assets/hooks/aria-cognition-substrate-binding.mjs +84 -10
  73. package/dist/assets/hooks/aria-first-class-coach.mjs +305 -10
  74. package/dist/assets/hooks/aria-harness-via-sdk.mjs +93 -16
  75. package/dist/assets/hooks/aria-import-resolution-gate.mjs +106 -20
  76. package/dist/assets/hooks/aria-outcome-record.mjs +56 -20
  77. package/dist/assets/hooks/aria-pre-emit-autoload.mjs +1809 -0
  78. package/dist/assets/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  79. package/dist/assets/hooks/aria-pre-emit-dryrun.mjs +22 -3
  80. package/dist/assets/hooks/aria-pre-text-gate.mjs +11 -2
  81. package/dist/assets/hooks/aria-pre-tool-gate.mjs +516 -92
  82. package/dist/assets/hooks/aria-pre-tool-use.mjs +70 -6
  83. package/dist/assets/hooks/aria-preprompt-consult.mjs +23 -4
  84. package/dist/assets/hooks/aria-repo-doctrine-gate.mjs +29 -3
  85. package/dist/assets/hooks/aria-stop-gate.mjs +585 -76
  86. package/dist/assets/hooks/aria-trigger-autolearn.mjs +17 -3
  87. package/dist/assets/hooks/aria-universal-turn-packet.mjs +1165 -0
  88. package/dist/assets/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  89. package/dist/assets/hooks/canonical-settings-block.json +172 -0
  90. package/dist/assets/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  91. package/dist/assets/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  92. package/dist/assets/hooks/codex-native/aria-live-ticker.mjs +38 -0
  93. package/dist/assets/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  94. package/dist/assets/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  95. package/dist/assets/hooks/codex-native/aria-stop.mjs +691 -0
  96. package/dist/assets/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  97. package/dist/assets/hooks/codex-native/atlas-session-context.mjs +121 -0
  98. package/dist/assets/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  99. package/dist/assets/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  100. package/dist/assets/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  101. package/dist/assets/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  102. package/dist/assets/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  103. package/dist/assets/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  104. package/dist/assets/hooks/doctrine_trigger_map.json +236 -25
  105. package/dist/assets/hooks/doctrine_trigger_map.schema.json +46 -0
  106. package/dist/assets/hooks/install.sh +84 -0
  107. package/dist/assets/hooks/lib/action-ledger-core.mjs +269 -0
  108. package/dist/assets/hooks/lib/aria-gate-ledger.mjs +143 -0
  109. package/dist/assets/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  110. package/dist/assets/hooks/lib/atlas-dossier-client.mjs +151 -0
  111. package/dist/assets/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  112. package/dist/assets/hooks/lib/canonical-lenses.mjs +83 -6
  113. package/dist/assets/hooks/lib/coach-intent-classifier.mjs +248 -0
  114. package/dist/assets/hooks/lib/cognitive-block-parser.mjs +111 -0
  115. package/dist/assets/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  116. package/dist/assets/hooks/lib/domain-output-quality.mjs +132 -3
  117. package/dist/assets/hooks/lib/empty-catch-scanner.mjs +91 -0
  118. package/dist/assets/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  119. package/dist/assets/hooks/lib/evaluate-with-kernel.mjs +133 -0
  120. package/dist/assets/hooks/lib/first-class-coach.mjs +454 -19
  121. package/dist/assets/hooks/lib/gate-audit.mjs +12 -2
  122. package/dist/assets/hooks/lib/gate-loop-state.mjs +11 -2
  123. package/dist/assets/hooks/lib/goal-contract-quality.mjs +302 -0
  124. package/dist/assets/hooks/lib/hook-message-window.mjs +101 -9
  125. package/dist/assets/hooks/lib/invocation-required-verifier.mjs +184 -0
  126. package/dist/assets/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  127. package/dist/assets/hooks/lib/obligation-ledger.mjs +147 -0
  128. package/dist/assets/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  129. package/dist/assets/hooks/lib/owner-authorizations.mjs +269 -0
  130. package/dist/assets/hooks/lib/probe-discipline-scanner.mjs +142 -0
  131. package/dist/assets/hooks/lib/project-boundary-cognition.mjs +143 -0
  132. package/dist/assets/hooks/lib/recovery-context.mjs +151 -0
  133. package/dist/assets/hooks/lib/recovery-template-loader.mjs +154 -0
  134. package/dist/assets/hooks/lib/self-doctrine-check.mjs +321 -0
  135. package/dist/assets/hooks/lib/sensitive-shape-detector.mjs +64 -0
  136. package/dist/assets/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  137. package/dist/assets/hooks/lib/stop-hook-protocol.mjs +166 -0
  138. package/dist/assets/hooks/lib/surface-caught.mjs +94 -0
  139. package/dist/assets/hooks/recovery-templates/force-reauthor.md +67 -0
  140. package/dist/assets/hooks/recovery-templates/handoff-recovery.md +25 -0
  141. package/dist/assets/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  142. package/dist/assets/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  143. package/dist/assets/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  144. package/dist/assets/hooks/test-tier-lens-labeling.mjs +14 -3
  145. package/dist/assets/opencode-plugins/harness-context/index.js +39 -6
  146. package/dist/assets/opencode-plugins/harness-context/task-project-ledger.mjs +5 -1
  147. package/dist/assets/opencode-plugins/harness-gate/index.js +36 -0
  148. package/dist/assets/opencode-plugins/harness-gate/lib/atlas-dossier-client.js +1 -0
  149. package/dist/assets/opencode-plugins/harness-gate/lib/recovery-grants.js +79 -0
  150. package/dist/assets/opencode-plugins/harness-outcome/index.js +12 -0
  151. package/dist/assets/opencode-plugins/harness-stop/index.js +97 -2
  152. package/dist/assets/opencode-plugins/harness-stop/lib/atlas-dossier-client.js +1 -0
  153. package/dist/assets/opencode-plugins/harness-stop/lib/domain-output-quality.js +15 -2
  154. package/dist/assets/opencode-plugins/lib/coach.js +148 -0
  155. package/dist/runtime/coach-kernel.mjs +144 -7
  156. package/dist/runtime/codex-bridge.mjs +254 -8
  157. package/dist/runtime/discipline/doctrine_trigger_map.json +236 -25
  158. package/dist/runtime/discipline/skills/aria-cognition/34-frameworks-unified/SKILL.md +42 -0
  159. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-cognitives/SKILL.md +128 -0
  160. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-intra-phase/SKILL.md +99 -0
  161. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-post-phase/SKILL.md +118 -0
  162. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-pre-phase/SKILL.md +117 -0
  163. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/SKILL.md +202 -0
  164. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/agents/openai.yaml +4 -0
  165. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/references/source-map.md +130 -0
  166. package/dist/runtime/discipline/skills/aria-cognition/aria-backend-architect/SKILL.md +124 -0
  167. package/dist/runtime/discipline/skills/aria-cognition/aria-backend-architect/references/backend-cookbook.md +417 -0
  168. package/dist/runtime/discipline/skills/aria-cognition/aria-business-audit/SKILL.md +133 -0
  169. package/dist/runtime/discipline/skills/aria-cognition/aria-business-audit/references/audit-cookbook.md +247 -0
  170. package/dist/runtime/discipline/skills/aria-cognition/aria-business-frame/SKILL.md +138 -0
  171. package/dist/runtime/discipline/skills/aria-cognition/aria-business-frame/references/business-cookbook.md +154 -0
  172. package/dist/runtime/discipline/skills/aria-cognition/aria-chat/SKILL.md +84 -0
  173. package/dist/runtime/discipline/skills/aria-cognition/aria-chat/scripts/aria-chat.sh +57 -0
  174. package/dist/runtime/discipline/skills/aria-cognition/aria-cognition-autofire/SKILL.md +137 -0
  175. package/dist/runtime/discipline/skills/aria-cognition/aria-cognition-batch/SKILL.md +264 -0
  176. package/dist/runtime/discipline/skills/aria-cognition/aria-decision-mizan/SKILL.md +136 -0
  177. package/dist/runtime/discipline/skills/aria-cognition/aria-decision-mizan/references/decision-frameworks.md +287 -0
  178. package/dist/runtime/discipline/skills/aria-cognition/aria-first-class-operating-contract/SKILL.md +104 -0
  179. package/dist/runtime/discipline/skills/aria-cognition/aria-frontend-architect/SKILL.md +123 -0
  180. package/dist/runtime/discipline/skills/aria-cognition/aria-frontend-architect/references/frontend-cookbook.md +358 -0
  181. package/dist/runtime/discipline/skills/aria-cognition/aria-fullstack-orchestrator/SKILL.md +127 -0
  182. package/dist/runtime/discipline/skills/aria-cognition/aria-fullstack-orchestrator/references/fullstack-cookbook.md +383 -0
  183. package/dist/runtime/discipline/skills/aria-cognition/aria-gtm-architect/SKILL.md +126 -0
  184. package/dist/runtime/discipline/skills/aria-cognition/aria-gtm-architect/references/gtm-cookbook.md +235 -0
  185. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-deploy/SKILL.md +145 -0
  186. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-no-stripping/SKILL.md +135 -0
  187. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-onboarding/SKILL.md +130 -0
  188. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-output-discipline/SKILL.md +120 -0
  189. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-substrate-binding/SKILL.md +139 -0
  190. package/dist/runtime/discipline/skills/aria-cognition/aria-http-harness-client/SKILL.md +85 -0
  191. package/dist/runtime/discipline/skills/aria-cognition/aria-http-harness-client/scripts/smoke.mjs +47 -0
  192. package/dist/runtime/discipline/skills/aria-cognition/aria-k8s-deploy/SKILL.md +174 -0
  193. package/dist/runtime/discipline/skills/aria-cognition/aria-k8s-deploy/agents/openai.yaml +3 -0
  194. package/dist/runtime/discipline/skills/aria-cognition/aria-ladduniframe/SKILL.md +60 -0
  195. package/dist/runtime/discipline/skills/aria-cognition/aria-ledger-fleet-execution/SKILL.md +126 -0
  196. package/dist/runtime/discipline/skills/aria-cognition/aria-live-ops/SKILL.md +54 -0
  197. package/dist/runtime/discipline/skills/aria-cognition/aria-mac-ssh-ops/SKILL.md +100 -0
  198. package/dist/runtime/discipline/skills/aria-cognition/aria-memory-index/SKILL.md +42 -0
  199. package/dist/runtime/discipline/skills/aria-cognition/aria-noor-cognitives/SKILL.md +120 -0
  200. package/dist/runtime/discipline/skills/aria-cognition/aria-ops/SKILL.md +60 -0
  201. package/dist/runtime/discipline/skills/aria-cognition/aria-ops/references/live-endpoints.md +59 -0
  202. package/dist/runtime/discipline/skills/aria-cognition/aria-quality-audit/SKILL.md +133 -0
  203. package/dist/runtime/discipline/skills/aria-cognition/aria-readable-output/SKILL.md +239 -0
  204. package/dist/runtime/discipline/skills/aria-cognition/aria-readable-output/references/layout-cookbook.md +366 -0
  205. package/dist/runtime/discipline/skills/aria-cognition/aria-reasoning/SKILL.md +67 -0
  206. package/dist/runtime/discipline/skills/aria-cognition/aria-reasoning/references/core-principles.md +42 -0
  207. package/dist/runtime/discipline/skills/aria-cognition/aria-repo-audit/SKILL.md +135 -0
  208. package/dist/runtime/discipline/skills/aria-cognition/aria-repo-audit/references/repo-audit-cookbook.md +375 -0
  209. package/dist/runtime/discipline/skills/aria-cognition/aria-research-orchestrator/SKILL.md +138 -0
  210. package/dist/runtime/discipline/skills/aria-cognition/aria-research-orchestrator/references/research-patterns.md +270 -0
  211. package/dist/runtime/discipline/skills/aria-cognition/aria-retention-engine/SKILL.md +120 -0
  212. package/dist/runtime/discipline/skills/aria-cognition/aria-retention-engine/references/retention-cookbook.md +271 -0
  213. package/dist/runtime/discipline/skills/aria-cognition/aria-revenue-engine/SKILL.md +128 -0
  214. package/dist/runtime/discipline/skills/aria-cognition/aria-revenue-engine/references/revenue-cookbook.md +227 -0
  215. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-audit/SKILL.md +233 -0
  216. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-audit/references/audit-checklist.md +369 -0
  217. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-cookbook/SKILL.md +288 -0
  218. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-cookbook/references/engineering-cookbook.md +489 -0
  219. package/dist/runtime/discipline/skills/aria-cognition/aria-soul-principles/SKILL.md +42 -0
  220. package/dist/runtime/discipline/skills/aria-cognition/aria-task-codex-executor/SKILL.md +86 -0
  221. package/dist/runtime/discipline/skills/aria-cognition/aristotle-engine/SKILL.md +42 -0
  222. package/dist/runtime/discipline/skills/aria-cognition/cross-domain-24/SKILL.md +42 -0
  223. package/dist/runtime/discipline/skills/aria-cognition/deepsoul-emotional/SKILL.md +42 -0
  224. package/dist/runtime/discipline/skills/aria-cognition/fitrah-guard/SKILL.md +78 -0
  225. package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/SKILL.md +227 -29
  226. package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/references/ghazali-8lens-cookbook.md +797 -0
  227. package/dist/runtime/discipline/skills/aria-cognition/ijtihad-novel/SKILL.md +42 -0
  228. package/dist/runtime/discipline/skills/aria-cognition/ilham-intuition/SKILL.md +42 -0
  229. package/dist/runtime/discipline/skills/aria-cognition/never-guess/SKILL.md +77 -0
  230. package/dist/runtime/discipline/skills/aria-cognition/noor-recognition/SKILL.md +45 -0
  231. package/dist/runtime/discipline/skills/aria-cognition/qiyas-analogy/SKILL.md +174 -14
  232. package/dist/runtime/discipline/skills/aria-cognition/ruh-basis/SKILL.md +42 -0
  233. package/dist/runtime/discipline/skills/aria-cognition/tadabbur/SKILL.md +506 -0
  234. package/dist/runtime/discipline/skills/aria-cognition/tadabbur/references/tadabbur-cookbook.md +921 -0
  235. package/dist/runtime/discipline/skills/aria-cognition/tadabbur-ops/SKILL.md +42 -0
  236. package/dist/runtime/discipline/skills/aria-cognition/tafakkur/SKILL.md +104 -0
  237. package/dist/runtime/doctrine_trigger_map.json +236 -25
  238. package/dist/runtime/embedded-public-key.mjs +27 -0
  239. package/dist/runtime/gated-ledger.mjs +41 -14
  240. package/dist/runtime/harness-daemon.mjs +85 -10
  241. package/dist/runtime/hive-wal-publisher.mjs +292 -0
  242. package/dist/runtime/hooks/README.md +58 -0
  243. package/dist/runtime/hooks/aria-agent-handoff.mjs +147 -2
  244. package/dist/runtime/hooks/aria-agent-ledger-merge.mjs +31 -7
  245. package/dist/runtime/hooks/aria-architect-fallback.mjs +10 -2
  246. package/dist/runtime/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  247. package/dist/runtime/hooks/aria-cognition-substrate-binding.mjs +84 -10
  248. package/dist/runtime/hooks/aria-first-class-coach.mjs +305 -10
  249. package/dist/runtime/hooks/aria-harness-via-sdk.mjs +93 -16
  250. package/dist/runtime/hooks/aria-import-resolution-gate.mjs +106 -20
  251. package/dist/runtime/hooks/aria-outcome-record.mjs +56 -20
  252. package/dist/runtime/hooks/aria-pre-emit-autoload.mjs +1809 -0
  253. package/dist/runtime/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  254. package/dist/runtime/hooks/aria-pre-emit-dryrun.mjs +22 -3
  255. package/dist/runtime/hooks/aria-pre-text-gate.mjs +11 -2
  256. package/dist/runtime/hooks/aria-pre-tool-gate.mjs +516 -92
  257. package/dist/runtime/hooks/aria-pre-tool-use.mjs +70 -6
  258. package/dist/runtime/hooks/aria-preprompt-consult.mjs +23 -4
  259. package/dist/runtime/hooks/aria-repo-doctrine-gate.mjs +29 -3
  260. package/dist/runtime/hooks/aria-stop-gate.mjs +585 -76
  261. package/dist/runtime/hooks/aria-trigger-autolearn.mjs +17 -3
  262. package/dist/runtime/hooks/aria-universal-turn-packet.mjs +1165 -0
  263. package/dist/runtime/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  264. package/dist/runtime/hooks/canonical-settings-block.json +172 -0
  265. package/dist/runtime/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  266. package/dist/runtime/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  267. package/dist/runtime/hooks/codex-native/aria-live-ticker.mjs +38 -0
  268. package/dist/runtime/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  269. package/dist/runtime/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  270. package/dist/runtime/hooks/codex-native/aria-stop.mjs +691 -0
  271. package/dist/runtime/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  272. package/dist/runtime/hooks/codex-native/atlas-session-context.mjs +121 -0
  273. package/dist/runtime/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  274. package/dist/runtime/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  275. package/dist/runtime/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  276. package/dist/runtime/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  277. package/dist/runtime/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  278. package/dist/runtime/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  279. package/dist/runtime/hooks/doctrine_trigger_map.json +236 -25
  280. package/dist/runtime/hooks/doctrine_trigger_map.schema.json +46 -0
  281. package/dist/runtime/hooks/install.sh +84 -0
  282. package/dist/runtime/hooks/lib/action-ledger-core.mjs +269 -0
  283. package/dist/runtime/hooks/lib/aria-gate-ledger.mjs +143 -0
  284. package/dist/runtime/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  285. package/dist/runtime/hooks/lib/atlas-dossier-client.mjs +151 -0
  286. package/dist/runtime/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  287. package/dist/runtime/hooks/lib/canonical-lenses.mjs +83 -6
  288. package/dist/runtime/hooks/lib/coach-intent-classifier.mjs +248 -0
  289. package/dist/runtime/hooks/lib/cognitive-block-parser.mjs +111 -0
  290. package/dist/runtime/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  291. package/dist/runtime/hooks/lib/domain-output-quality.mjs +132 -3
  292. package/dist/runtime/hooks/lib/empty-catch-scanner.mjs +91 -0
  293. package/dist/runtime/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  294. package/dist/runtime/hooks/lib/evaluate-with-kernel.mjs +133 -0
  295. package/dist/runtime/hooks/lib/first-class-coach.mjs +454 -19
  296. package/dist/runtime/hooks/lib/gate-audit.mjs +12 -2
  297. package/dist/runtime/hooks/lib/gate-loop-state.mjs +11 -2
  298. package/dist/runtime/hooks/lib/goal-contract-quality.mjs +302 -0
  299. package/dist/runtime/hooks/lib/hook-message-window.mjs +101 -9
  300. package/dist/runtime/hooks/lib/invocation-required-verifier.mjs +184 -0
  301. package/dist/runtime/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  302. package/dist/runtime/hooks/lib/obligation-ledger.mjs +147 -0
  303. package/dist/runtime/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  304. package/dist/runtime/hooks/lib/owner-authorizations.mjs +269 -0
  305. package/dist/runtime/hooks/lib/probe-discipline-scanner.mjs +142 -0
  306. package/dist/runtime/hooks/lib/project-boundary-cognition.mjs +143 -0
  307. package/dist/runtime/hooks/lib/recovery-context.mjs +151 -0
  308. package/dist/runtime/hooks/lib/recovery-template-loader.mjs +154 -0
  309. package/dist/runtime/hooks/lib/self-doctrine-check.mjs +321 -0
  310. package/dist/runtime/hooks/lib/sensitive-shape-detector.mjs +64 -0
  311. package/dist/runtime/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  312. package/dist/runtime/hooks/lib/stop-hook-protocol.mjs +166 -0
  313. package/dist/runtime/hooks/lib/surface-caught.mjs +94 -0
  314. package/dist/runtime/hooks/recovery-templates/force-reauthor.md +67 -0
  315. package/dist/runtime/hooks/recovery-templates/handoff-recovery.md +25 -0
  316. package/dist/runtime/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  317. package/dist/runtime/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  318. package/dist/runtime/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  319. package/dist/runtime/hooks/test-tier-lens-labeling.mjs +14 -3
  320. package/dist/runtime/lib/evaluate-with-kernel.mjs +133 -0
  321. package/dist/runtime/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  322. package/dist/runtime/local-phase.mjs +10 -5
  323. package/dist/runtime/manifest.json +8 -8
  324. package/dist/runtime/packet-verifier.mjs +166 -0
  325. package/dist/runtime/provider-proxy.mjs +13 -0
  326. package/dist/runtime/quality-enforcer.mjs +40 -23
  327. package/dist/runtime/runtime-rails/registry.mjs +252 -0
  328. package/dist/runtime/sdk/BUNDLED.json +2 -2
  329. package/dist/runtime/sdk/index.d.ts +119 -4
  330. package/dist/runtime/sdk/index.js +138 -12
  331. package/dist/runtime/sdk/index.js.map +1 -1
  332. package/dist/runtime/service.mjs +8036 -764
  333. package/dist/runtime/sub-agent-enforcer.mjs +201 -0
  334. package/dist/runtime/task-project-ledger.mjs +5 -1
  335. package/dist/sdk/BUNDLED.json +2 -2
  336. package/dist/sdk/index.d.ts +119 -4
  337. package/dist/sdk/index.js +138 -12
  338. package/dist/sdk/index.js.map +1 -1
  339. package/hooks/README.md +58 -0
  340. package/hooks/aria-agent-handoff.mjs +147 -2
  341. package/hooks/aria-agent-ledger-merge.mjs +31 -7
  342. package/hooks/aria-architect-fallback.mjs +10 -2
  343. package/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  344. package/hooks/aria-cognition-substrate-binding.mjs +84 -10
  345. package/hooks/aria-first-class-coach.mjs +305 -10
  346. package/hooks/aria-harness-via-sdk.mjs +93 -16
  347. package/hooks/aria-import-resolution-gate.mjs +106 -20
  348. package/hooks/aria-outcome-record.mjs +56 -20
  349. package/hooks/aria-pre-emit-autoload.mjs +1809 -0
  350. package/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  351. package/hooks/aria-pre-emit-dryrun.mjs +22 -3
  352. package/hooks/aria-pre-text-gate.mjs +11 -2
  353. package/hooks/aria-pre-tool-gate.mjs +516 -92
  354. package/hooks/aria-pre-tool-use.mjs +70 -6
  355. package/hooks/aria-preprompt-consult.mjs +23 -4
  356. package/hooks/aria-repo-doctrine-gate.mjs +29 -3
  357. package/hooks/aria-stop-gate.mjs +585 -76
  358. package/hooks/aria-trigger-autolearn.mjs +17 -3
  359. package/hooks/aria-universal-turn-packet.mjs +1165 -0
  360. package/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  361. package/hooks/canonical-settings-block.json +172 -0
  362. package/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  363. package/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  364. package/hooks/codex-native/aria-live-ticker.mjs +38 -0
  365. package/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  366. package/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  367. package/hooks/codex-native/aria-stop.mjs +691 -0
  368. package/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  369. package/hooks/codex-native/atlas-session-context.mjs +121 -0
  370. package/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  371. package/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  372. package/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  373. package/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  374. package/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  375. package/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  376. package/hooks/doctrine_trigger_map.json +236 -25
  377. package/hooks/doctrine_trigger_map.schema.json +46 -0
  378. package/hooks/install.sh +84 -0
  379. package/hooks/lib/action-ledger-core.mjs +269 -0
  380. package/hooks/lib/aria-gate-ledger.mjs +143 -0
  381. package/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  382. package/hooks/lib/atlas-dossier-client.mjs +151 -0
  383. package/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  384. package/hooks/lib/canonical-lenses.mjs +83 -6
  385. package/hooks/lib/coach-intent-classifier.mjs +248 -0
  386. package/hooks/lib/cognitive-block-parser.mjs +111 -0
  387. package/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  388. package/hooks/lib/domain-output-quality.mjs +132 -3
  389. package/hooks/lib/empty-catch-scanner.mjs +91 -0
  390. package/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  391. package/hooks/lib/evaluate-with-kernel.mjs +133 -0
  392. package/hooks/lib/first-class-coach.mjs +454 -19
  393. package/hooks/lib/gate-audit.mjs +12 -2
  394. package/hooks/lib/gate-loop-state.mjs +11 -2
  395. package/hooks/lib/goal-contract-quality.mjs +302 -0
  396. package/hooks/lib/hook-message-window.mjs +101 -9
  397. package/hooks/lib/invocation-required-verifier.mjs +184 -0
  398. package/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  399. package/hooks/lib/obligation-ledger.mjs +147 -0
  400. package/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  401. package/hooks/lib/owner-authorizations.mjs +269 -0
  402. package/hooks/lib/probe-discipline-scanner.mjs +142 -0
  403. package/hooks/lib/project-boundary-cognition.mjs +143 -0
  404. package/hooks/lib/recovery-context.mjs +151 -0
  405. package/hooks/lib/recovery-template-loader.mjs +154 -0
  406. package/hooks/lib/self-doctrine-check.mjs +321 -0
  407. package/hooks/lib/sensitive-shape-detector.mjs +64 -0
  408. package/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  409. package/hooks/lib/stop-hook-protocol.mjs +166 -0
  410. package/hooks/lib/surface-caught.mjs +94 -0
  411. package/hooks/recovery-templates/force-reauthor.md +67 -0
  412. package/hooks/recovery-templates/handoff-recovery.md +25 -0
  413. package/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  414. package/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  415. package/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  416. package/hooks/test-tier-lens-labeling.mjs +14 -3
  417. package/opencode-plugins/harness-context/index.js +39 -6
  418. package/opencode-plugins/harness-context/task-project-ledger.mjs +5 -1
  419. package/opencode-plugins/harness-gate/index.js +36 -0
  420. package/opencode-plugins/harness-gate/lib/atlas-dossier-client.js +1 -0
  421. package/opencode-plugins/harness-gate/lib/recovery-grants.js +79 -0
  422. package/opencode-plugins/harness-outcome/index.js +12 -0
  423. package/opencode-plugins/harness-stop/index.js +97 -2
  424. package/opencode-plugins/harness-stop/lib/atlas-dossier-client.js +1 -0
  425. package/opencode-plugins/harness-stop/lib/domain-output-quality.js +15 -2
  426. package/opencode-plugins/lib/coach.js +148 -0
  427. package/package.json +71 -5
  428. package/runtime-src/coach-kernel.mjs +144 -7
  429. package/runtime-src/codex-bridge.mjs +254 -8
  430. package/runtime-src/embedded-public-key.mjs +27 -0
  431. package/runtime-src/gated-ledger.mjs +41 -14
  432. package/runtime-src/harness-daemon.mjs +85 -10
  433. package/runtime-src/hive-wal-publisher.mjs +292 -0
  434. package/runtime-src/lib/evaluate-with-kernel.mjs +133 -0
  435. package/runtime-src/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  436. package/runtime-src/local-phase.mjs +10 -5
  437. package/runtime-src/packet-verifier.mjs +166 -0
  438. package/runtime-src/provider-proxy.mjs +13 -0
  439. package/runtime-src/quality-enforcer.mjs +40 -23
  440. package/runtime-src/runtime-rails/registry.mjs +252 -0
  441. package/runtime-src/service.mjs +8036 -764
  442. package/runtime-src/sub-agent-enforcer.mjs +201 -0
  443. package/scripts/aria-ledger-append.mjs +337 -0
  444. package/scripts/aria-task-cheap-worker-dispatch.mjs +234 -0
  445. package/scripts/audit-of-audit-prior-tasks.mjs +194 -0
  446. package/scripts/audit-of-audit-this-turn.mjs +116 -0
  447. package/scripts/bundle-sdk.mjs +31 -5
  448. package/scripts/check-cli-wrapper-provider-contract.mjs +160 -0
  449. package/scripts/check-client-compatibility.mjs +15 -5
  450. package/scripts/check-client-smoke.mjs +297 -0
  451. package/scripts/check-codex-orchestrator-adoption.mjs +150 -0
  452. package/scripts/check-glm-env-wired.mjs +131 -0
  453. package/scripts/check-hive-local-storage-contract.mjs +91 -0
  454. package/scripts/check-hook-mirror.mjs +150 -0
  455. package/scripts/check-install-sh-drift.mjs +152 -0
  456. package/scripts/check-kernel-sync.mjs +101 -0
  457. package/scripts/check-package-artifact.mjs +152 -0
  458. package/scripts/check-registry-mirror.mjs +71 -0
  459. package/scripts/drain-owner-airtable-sync-queue.mjs +287 -0
  460. package/scripts/export-owner-status-sheets.mjs +589 -0
  461. package/scripts/live-sidecar-receipt-canary.mjs +347 -0
  462. package/scripts/qiyas-tadabbur-model-matrix.mjs +970 -0
  463. package/scripts/quality-ab-live-provider.mjs +913 -0
  464. package/scripts/self-test-action-ledger-core.mjs +190 -0
  465. package/scripts/self-test-approval-receipt-binding.mjs +122 -0
  466. package/scripts/self-test-autofire-quality-output.mjs +110 -0
  467. package/scripts/self-test-claude-code-action-ledger.mjs +132 -0
  468. package/scripts/self-test-claude-code-mechanical-autofire-hive.mjs +138 -0
  469. package/scripts/self-test-claude-code-mechanical-autofire.mjs +234 -0
  470. package/scripts/self-test-codebase-awareness-atlas-delta.mjs +159 -0
  471. package/scripts/self-test-codebase-awareness-delta-ingest.mjs +179 -0
  472. package/scripts/self-test-codex-live-hook-parity.mjs +84 -0
  473. package/scripts/self-test-codex-native-action-ledger.mjs +167 -0
  474. package/scripts/self-test-codex-native-hook-json-contract.mjs +74 -0
  475. package/scripts/self-test-codex-orchestrator-continuity.mjs +113 -0
  476. package/scripts/self-test-codex-readable-recovery.mjs +94 -0
  477. package/scripts/self-test-codex-self-harness.mjs +538 -0
  478. package/scripts/self-test-compiled-workunit.mjs +214 -0
  479. package/scripts/self-test-continuation-output-smoke.mjs +101 -0
  480. package/scripts/self-test-cross-cli-fleet-ticker.mjs +85 -0
  481. package/scripts/self-test-cross-cli-hive-adoption.mjs +125 -0
  482. package/scripts/self-test-cross-cli-hive-learning.mjs +146 -0
  483. package/scripts/self-test-cross-phase-tool-failure.mjs +110 -0
  484. package/scripts/self-test-cross-surface-action-ledger.mjs +149 -0
  485. package/scripts/self-test-end-of-phase-qa-court.mjs +616 -0
  486. package/scripts/self-test-evaluate-with-kernel.mjs +111 -0
  487. package/scripts/self-test-first-class-output-delta-proof.mjs +307 -0
  488. package/scripts/self-test-goal-contract-output-qa.mjs +73 -0
  489. package/scripts/self-test-goal-contract.mjs +35 -0
  490. package/scripts/self-test-governed-adapters.mjs +105 -0
  491. package/scripts/self-test-governed-surface-runner.mjs +198 -0
  492. package/scripts/self-test-harness-gates.mjs +15 -12
  493. package/scripts/self-test-harness-ticker-sidecar.mjs +153 -0
  494. package/scripts/self-test-hive-org-kernel.mjs +233 -0
  495. package/scripts/self-test-hive-session-coordination.mjs +156 -0
  496. package/scripts/self-test-hive-wal-consumer.mjs +111 -0
  497. package/scripts/self-test-kernel-a3-a4-selection.mjs +179 -0
  498. package/scripts/self-test-ledger-append.mjs +175 -0
  499. package/scripts/self-test-live-codex-posttool-packet-smoke.mjs +111 -0
  500. package/scripts/self-test-live-codex-pretool-packet-smoke.mjs +101 -0
  501. package/scripts/self-test-live-codex-stop-qa-kernel-smoke.mjs +43 -0
  502. package/scripts/self-test-live-wrapper-substrate-inventory.mjs +149 -0
  503. package/scripts/self-test-local-main-sync-script.mjs +47 -0
  504. package/scripts/self-test-mechanical-autofire-resolver.mjs +296 -0
  505. package/scripts/self-test-no-consult-cognitive-skills-output.mjs +135 -0
  506. package/scripts/self-test-owner-airtable-sync-queue.mjs +196 -0
  507. package/scripts/self-test-owner-airtable-sync.mjs +181 -0
  508. package/scripts/self-test-owner-sheets-action-ledger.mjs +100 -0
  509. package/scripts/self-test-production-preflight.mjs +78 -0
  510. package/scripts/self-test-project-boundary-cognition.mjs +79 -0
  511. package/scripts/self-test-qa-exec-kernel.mjs +34 -0
  512. package/scripts/self-test-qa-recovery-learning-loop.mjs +113 -0
  513. package/scripts/self-test-qiyas-label-alignment.mjs +94 -0
  514. package/scripts/self-test-recovery-context.mjs +110 -0
  515. package/scripts/self-test-repo-guard.mjs +10 -0
  516. package/scripts/self-test-runtime-health-self-heal.mjs +161 -0
  517. package/scripts/self-test-runtime-postcondition.mjs +70 -0
  518. package/scripts/self-test-soul-precommit-hook.mjs +39 -0
  519. package/scripts/self-test-stop-gate-kernel-guards.mjs +185 -0
  520. package/scripts/self-test-stop-gate.mjs +128 -0
  521. package/scripts/self-test-substrate-kernel-execution-receipt.mjs +130 -0
  522. package/scripts/self-test-substrate-open-skill-floor.mjs +87 -0
  523. package/scripts/self-test-substrate-output-quality-eval.mjs +171 -0
  524. package/scripts/self-test-task-closeout-drift.mjs +97 -0
  525. package/scripts/self-test-task-project-ledger-readiness.mjs +43 -0
  526. package/scripts/self-test-task-runner-phase-consumer.mjs +134 -0
  527. package/scripts/self-test-task-worker-lane.mjs +256 -0
  528. package/scripts/self-test-turn-substrate-qa-kernel.mjs +188 -0
  529. package/scripts/self-test-universal-action-capture.mjs +153 -0
  530. package/scripts/self-test-universal-turn-packet-entrypoints.mjs +252 -0
  531. package/scripts/self-test-universal-turn-packet.mjs +320 -0
  532. package/scripts/session-quality-backfill.mjs +253 -0
  533. package/scripts/smoke-autofire-100-prompts.mjs +481 -0
  534. package/scripts/sync-local-main-on-task-complete.mjs +278 -0
  535. package/scripts/sync-owner-status-airtable.mjs +1158 -0
  536. package/scripts/validate-skill-prompts.mjs +12 -1
  537. package/scripts/verify-codex-native-mirror.mjs +262 -0
  538. package/skills/34-frameworks-unified/SKILL.md +42 -0
  539. package/skills/api-design/SKILL.md +123 -0
  540. package/skills/architecture-decision/SKILL.md +105 -0
  541. package/skills/aria-aristotle-cognitives/SKILL.md +128 -0
  542. package/skills/aria-aristotle-intra-phase/SKILL.md +99 -0
  543. package/skills/aria-aristotle-post-phase/SKILL.md +116 -0
  544. package/skills/aria-aristotle-pre-phase/SKILL.md +117 -0
  545. package/skills/aria-axioms-first-principles/SKILL.md +202 -0
  546. package/skills/aria-axioms-first-principles/agents/openai.yaml +4 -0
  547. package/skills/aria-axioms-first-principles/references/source-map.md +130 -0
  548. package/skills/aria-chat/SKILL.md +84 -0
  549. package/skills/aria-chat/scripts/aria-chat.sh +57 -0
  550. package/skills/aria-cognition/34-frameworks-unified/SKILL.md +42 -0
  551. package/skills/aria-cognition/aria-aristotle-cognitives/SKILL.md +128 -0
  552. package/skills/aria-cognition/aria-aristotle-intra-phase/SKILL.md +99 -0
  553. package/skills/aria-cognition/aria-aristotle-post-phase/SKILL.md +118 -0
  554. package/skills/aria-cognition/aria-aristotle-pre-phase/SKILL.md +117 -0
  555. package/skills/aria-cognition/aria-axioms-first-principles/SKILL.md +202 -0
  556. package/skills/aria-cognition/aria-axioms-first-principles/agents/openai.yaml +4 -0
  557. package/skills/aria-cognition/aria-axioms-first-principles/references/source-map.md +130 -0
  558. package/skills/aria-cognition/aria-backend-architect/SKILL.md +124 -0
  559. package/skills/aria-cognition/aria-backend-architect/references/backend-cookbook.md +417 -0
  560. package/skills/aria-cognition/aria-business-audit/SKILL.md +133 -0
  561. package/skills/aria-cognition/aria-business-audit/references/audit-cookbook.md +247 -0
  562. package/skills/aria-cognition/aria-business-frame/SKILL.md +138 -0
  563. package/skills/aria-cognition/aria-business-frame/references/business-cookbook.md +154 -0
  564. package/skills/aria-cognition/aria-chat/SKILL.md +84 -0
  565. package/skills/aria-cognition/aria-chat/scripts/aria-chat.sh +57 -0
  566. package/skills/aria-cognition/aria-cognition-autofire/SKILL.md +137 -0
  567. package/skills/aria-cognition/aria-cognition-batch/SKILL.md +264 -0
  568. package/skills/aria-cognition/aria-decision-mizan/SKILL.md +136 -0
  569. package/skills/aria-cognition/aria-decision-mizan/references/decision-frameworks.md +287 -0
  570. package/skills/aria-cognition/aria-first-class-operating-contract/SKILL.md +104 -0
  571. package/skills/aria-cognition/aria-frontend-architect/SKILL.md +123 -0
  572. package/skills/aria-cognition/aria-frontend-architect/references/frontend-cookbook.md +358 -0
  573. package/skills/aria-cognition/aria-fullstack-orchestrator/SKILL.md +127 -0
  574. package/skills/aria-cognition/aria-fullstack-orchestrator/references/fullstack-cookbook.md +383 -0
  575. package/skills/aria-cognition/aria-gtm-architect/SKILL.md +126 -0
  576. package/skills/aria-cognition/aria-gtm-architect/references/gtm-cookbook.md +235 -0
  577. package/skills/aria-cognition/aria-harness-deploy/SKILL.md +145 -0
  578. package/skills/aria-cognition/aria-harness-no-stripping/SKILL.md +135 -0
  579. package/skills/aria-cognition/aria-harness-onboarding/SKILL.md +130 -0
  580. package/skills/aria-cognition/aria-harness-output-discipline/SKILL.md +120 -0
  581. package/skills/aria-cognition/aria-harness-substrate-binding/SKILL.md +139 -0
  582. package/skills/aria-cognition/aria-http-harness-client/SKILL.md +85 -0
  583. package/skills/aria-cognition/aria-http-harness-client/scripts/smoke.mjs +47 -0
  584. package/skills/aria-cognition/aria-k8s-deploy/SKILL.md +174 -0
  585. package/skills/aria-cognition/aria-k8s-deploy/agents/openai.yaml +3 -0
  586. package/skills/aria-cognition/aria-ladduniframe/SKILL.md +60 -0
  587. package/skills/aria-cognition/aria-ledger-fleet-execution/SKILL.md +126 -0
  588. package/skills/aria-cognition/aria-live-ops/SKILL.md +54 -0
  589. package/skills/aria-cognition/aria-mac-ssh-ops/SKILL.md +100 -0
  590. package/skills/aria-cognition/aria-memory-index/SKILL.md +42 -0
  591. package/skills/aria-cognition/aria-noor-cognitives/SKILL.md +120 -0
  592. package/skills/aria-cognition/aria-ops/SKILL.md +60 -0
  593. package/skills/aria-cognition/aria-ops/references/live-endpoints.md +59 -0
  594. package/skills/aria-cognition/aria-quality-audit/SKILL.md +133 -0
  595. package/skills/aria-cognition/aria-readable-output/SKILL.md +239 -0
  596. package/skills/aria-cognition/aria-readable-output/references/layout-cookbook.md +366 -0
  597. package/skills/aria-cognition/aria-reasoning/SKILL.md +67 -0
  598. package/skills/aria-cognition/aria-reasoning/references/core-principles.md +42 -0
  599. package/skills/aria-cognition/aria-repo-audit/SKILL.md +135 -0
  600. package/skills/aria-cognition/aria-repo-audit/references/repo-audit-cookbook.md +375 -0
  601. package/skills/aria-cognition/aria-research-orchestrator/SKILL.md +138 -0
  602. package/skills/aria-cognition/aria-research-orchestrator/references/research-patterns.md +270 -0
  603. package/skills/aria-cognition/aria-retention-engine/SKILL.md +120 -0
  604. package/skills/aria-cognition/aria-retention-engine/references/retention-cookbook.md +271 -0
  605. package/skills/aria-cognition/aria-revenue-engine/SKILL.md +128 -0
  606. package/skills/aria-cognition/aria-revenue-engine/references/revenue-cookbook.md +227 -0
  607. package/skills/aria-cognition/aria-senior-code-audit/SKILL.md +233 -0
  608. package/skills/aria-cognition/aria-senior-code-audit/references/audit-checklist.md +369 -0
  609. package/skills/aria-cognition/aria-senior-code-cookbook/SKILL.md +288 -0
  610. package/skills/aria-cognition/aria-senior-code-cookbook/references/engineering-cookbook.md +489 -0
  611. package/skills/aria-cognition/aria-soul-principles/SKILL.md +42 -0
  612. package/skills/aria-cognition/aria-task-codex-executor/SKILL.md +86 -0
  613. package/skills/aria-cognition/aristotle-engine/SKILL.md +42 -0
  614. package/skills/aria-cognition/cross-domain-24/SKILL.md +42 -0
  615. package/skills/aria-cognition/deepsoul-emotional/SKILL.md +42 -0
  616. package/skills/aria-cognition/fitrah-guard/SKILL.md +78 -0
  617. package/skills/aria-cognition/ghazali-8lens/SKILL.md +227 -29
  618. package/skills/aria-cognition/ghazali-8lens/references/ghazali-8lens-cookbook.md +797 -0
  619. package/skills/aria-cognition/ijtihad-novel/SKILL.md +42 -0
  620. package/skills/aria-cognition/ilham-intuition/SKILL.md +42 -0
  621. package/skills/aria-cognition/never-guess/SKILL.md +77 -0
  622. package/skills/aria-cognition/noor-recognition/SKILL.md +45 -0
  623. package/skills/aria-cognition/qiyas-analogy/SKILL.md +174 -14
  624. package/skills/aria-cognition/ruh-basis/SKILL.md +42 -0
  625. package/skills/aria-cognition/tadabbur/SKILL.md +506 -0
  626. package/skills/aria-cognition/tadabbur/references/tadabbur-cookbook.md +921 -0
  627. package/skills/aria-cognition/tadabbur-ops/SKILL.md +42 -0
  628. package/skills/aria-cognition/tafakkur/SKILL.md +104 -0
  629. package/skills/aria-cognition-autofire/SKILL.md +109 -0
  630. package/skills/aria-cognition-batch/SKILL.md +264 -0
  631. package/skills/aria-conversational-doctrine-discipline/SKILL.md +125 -0
  632. package/skills/aria-essence/SKILL.md +81 -0
  633. package/skills/aria-essence/references/domain-matrix.md +80 -0
  634. package/skills/aria-essence/references/evolution-loop.md +30 -0
  635. package/skills/aria-essence/references/readable-cognition.md +27 -0
  636. package/skills/aria-first-class-operating-contract/SKILL.md +104 -0
  637. package/skills/aria-forge-guardrails/SKILL.md +53 -0
  638. package/skills/aria-forge-guardrails/references/checklist.md +31 -0
  639. package/skills/aria-harness-deploy/SKILL.md +145 -0
  640. package/skills/aria-harness-no-stripping/SKILL.md +135 -0
  641. package/skills/aria-harness-onboarding/SKILL.md +130 -0
  642. package/skills/aria-harness-output-discipline/SKILL.md +120 -0
  643. package/skills/aria-harness-substrate-binding/SKILL.md +139 -0
  644. package/skills/aria-http-harness-client/SKILL.md +85 -0
  645. package/skills/aria-http-harness-client/scripts/smoke.mjs +47 -0
  646. package/skills/aria-k8s-deploy/SKILL.md +174 -0
  647. package/skills/aria-k8s-deploy/agents/openai.yaml +3 -0
  648. package/skills/aria-ladduniframe/SKILL.md +60 -0
  649. package/skills/aria-ledger-fleet-execution/SKILL.md +126 -0
  650. package/skills/aria-live-ops/SKILL.md +54 -0
  651. package/skills/aria-mac-ssh-ops/SKILL.md +100 -0
  652. package/skills/aria-memory-index/SKILL.md +42 -0
  653. package/skills/aria-noor-cognitives/SKILL.md +120 -0
  654. package/skills/aria-ops/SKILL.md +60 -0
  655. package/skills/aria-ops/references/live-endpoints.md +59 -0
  656. package/skills/aria-quality-audit/SKILL.md +133 -0
  657. package/skills/aria-reasoning/SKILL.md +67 -0
  658. package/skills/aria-reasoning/references/core-principles.md +42 -0
  659. package/skills/aria-repo-doctrine/SKILL.md +57 -0
  660. package/skills/aria-soul-principles/SKILL.md +42 -0
  661. package/skills/aria-task-codex-executor/SKILL.md +86 -0
  662. package/skills/aristotle-engine/SKILL.md +42 -0
  663. package/skills/ci-cd-pipeline/SKILL.md +116 -0
  664. package/skills/code-review/SKILL.md +131 -0
  665. package/skills/cross-domain-24/SKILL.md +42 -0
  666. package/skills/database-design/SKILL.md +124 -0
  667. package/skills/deepsoul-emotional/SKILL.md +42 -0
  668. package/skills/deno-kv-raft-pubsub/SKILL.md +561 -0
  669. package/skills/deno-kv-raft-pubsub/reference/maelstrom-integration.md +393 -0
  670. package/skills/deno-kv-raft-pubsub/reference/pubsub-api.md +376 -0
  671. package/skills/deno-kv-raft-pubsub/reference/raft-spec.md +402 -0
  672. package/skills/deno-kv-raft-pubsub/reference/state-machine.md +182 -0
  673. package/skills/error-handling/SKILL.md +159 -0
  674. package/skills/firecrawl/SKILL.md +165 -0
  675. package/skills/firecrawl/rules/install.md +82 -0
  676. package/skills/firecrawl/rules/security.md +26 -0
  677. package/skills/firecrawl-agent/SKILL.md +86 -0
  678. package/skills/firecrawl-build-interact/SKILL.md +96 -0
  679. package/skills/firecrawl-build-onboarding/SKILL.md +131 -0
  680. package/skills/firecrawl-build-onboarding/references/auth-flow.md +39 -0
  681. package/skills/firecrawl-build-onboarding/references/project-setup.md +20 -0
  682. package/skills/firecrawl-build-onboarding/references/sdk-installation.md +17 -0
  683. package/skills/firecrawl-build-scrape/SKILL.md +97 -0
  684. package/skills/firecrawl-build-search/SKILL.md +97 -0
  685. package/skills/firecrawl-clone/SKILL.md +419 -0
  686. package/skills/firecrawl-crawl/SKILL.md +87 -0
  687. package/skills/firecrawl-download/SKILL.md +98 -0
  688. package/skills/firecrawl-interact/SKILL.md +112 -0
  689. package/skills/firecrawl-map/SKILL.md +79 -0
  690. package/skills/firecrawl-scrape/SKILL.md +97 -0
  691. package/skills/firecrawl-search/SKILL.md +88 -0
  692. package/skills/fitrah-guard/SKILL.md +78 -0
  693. package/skills/forge-quality-rules/SKILL.md +61 -0
  694. package/skills/ghazali-8lens/SKILL.md +56 -0
  695. package/skills/ijtihad-novel/SKILL.md +42 -0
  696. package/skills/ilham-intuition/SKILL.md +42 -0
  697. package/skills/imagegen/LICENSE.txt +201 -0
  698. package/skills/imagegen/SKILL.md +374 -0
  699. package/skills/imagegen/agents/openai.yaml +6 -0
  700. package/skills/imagegen/assets/imagegen-small.svg +5 -0
  701. package/skills/imagegen/assets/imagegen.png +0 -0
  702. package/skills/imagegen/references/cli.md +242 -0
  703. package/skills/imagegen/references/codex-network.md +33 -0
  704. package/skills/imagegen/references/image-api.md +90 -0
  705. package/skills/imagegen/references/prompting.md +118 -0
  706. package/skills/imagegen/references/sample-prompts.md +433 -0
  707. package/skills/imagegen/scripts/image_gen.py +995 -0
  708. package/skills/imagegen/scripts/remove_chroma_key.py +440 -0
  709. package/skills/istiqra-induction/SKILL.md +44 -0
  710. package/skills/ladunni-22/SKILL.md +53 -0
  711. package/skills/mizan/SKILL.md +90 -0
  712. package/skills/nadia/SKILL.md +56 -0
  713. package/skills/nadia-psi/SKILL.md +56 -0
  714. package/skills/never-guess/SKILL.md +75 -0
  715. package/skills/noor-recognition/SKILL.md +45 -0
  716. package/skills/observability/SKILL.md +133 -0
  717. package/skills/openai-docs/LICENSE.txt +201 -0
  718. package/skills/openai-docs/SKILL.md +100 -0
  719. package/skills/openai-docs/agents/openai.yaml +14 -0
  720. package/skills/openai-docs/assets/openai-small.svg +3 -0
  721. package/skills/openai-docs/assets/openai.png +0 -0
  722. package/skills/openai-docs/references/latest-model.md +37 -0
  723. package/skills/openai-docs/references/prompting-guide.md +244 -0
  724. package/skills/openai-docs/references/upgrade-guide.md +181 -0
  725. package/skills/openai-docs/scripts/resolve-latest-model-info.js +147 -0
  726. package/skills/pdf/LICENSE.txt +201 -0
  727. package/skills/pdf/SKILL.md +85 -0
  728. package/skills/pdf/agents/openai.yaml +5 -0
  729. package/skills/pdf/assets/pdf.png +0 -0
  730. package/skills/playwright/LICENSE.txt +201 -0
  731. package/skills/playwright/NOTICE.txt +14 -0
  732. package/skills/playwright/SKILL.md +165 -0
  733. package/skills/playwright/agents/openai.yaml +6 -0
  734. package/skills/playwright/assets/playwright-small.svg +3 -0
  735. package/skills/playwright/assets/playwright.png +0 -0
  736. package/skills/playwright/references/cli.md +116 -0
  737. package/skills/playwright/references/workflows.md +95 -0
  738. package/skills/playwright/scripts/playwright_cli.sh +25 -0
  739. package/skills/plugin-creator/SKILL.md +178 -0
  740. package/skills/plugin-creator/agents/openai.yaml +6 -0
  741. package/skills/plugin-creator/assets/plugin-creator-small.svg +3 -0
  742. package/skills/plugin-creator/assets/plugin-creator.png +0 -0
  743. package/skills/plugin-creator/references/plugin-json-spec.md +170 -0
  744. package/skills/plugin-creator/scripts/create_basic_plugin.py +301 -0
  745. package/skills/predictor/SKILL.md +43 -0
  746. package/skills/qiyas-analogy/SKILL.md +204 -0
  747. package/skills/refactoring/SKILL.md +137 -0
  748. package/skills/ruh-basis/SKILL.md +42 -0
  749. package/skills/security-review/SKILL.md +129 -0
  750. package/skills/skill-creator/SKILL.md +434 -0
  751. package/skills/skill-creator/agents/openai.yaml +5 -0
  752. package/skills/skill-creator/assets/skill-creator-small.svg +3 -0
  753. package/skills/skill-creator/assets/skill-creator.png +0 -0
  754. package/skills/skill-creator/license.txt +202 -0
  755. package/skills/skill-creator/references/openai_yaml.md +49 -0
  756. package/skills/skill-creator/scripts/generate_openai_yaml.py +226 -0
  757. package/skills/skill-creator/scripts/init_skill.py +400 -0
  758. package/skills/skill-creator/scripts/quick_validate.py +101 -0
  759. package/skills/skill-installer/LICENSE.txt +202 -0
  760. package/skills/skill-installer/SKILL.md +76 -0
  761. package/skills/skill-installer/agents/openai.yaml +5 -0
  762. package/skills/skill-installer/assets/skill-installer-small.svg +3 -0
  763. package/skills/skill-installer/assets/skill-installer.png +0 -0
  764. package/skills/skill-installer/scripts/github_utils.py +21 -0
  765. package/skills/skill-installer/scripts/install-skill-from-github.py +308 -0
  766. package/skills/skill-installer/scripts/list-skills.py +107 -0
  767. package/skills/skills-and-hooks-reference/SKILL.md +196 -0
  768. package/skills/soul-domains/SKILL.md +43 -0
  769. package/skills/tadabbur/SKILL.md +232 -0
  770. package/skills/tadabbur-ops/SKILL.md +42 -0
  771. package/skills/tafakkur/SKILL.md +104 -0
  772. package/skills/testing-strategy/SKILL.md +122 -0
  773. package/src/action-ledger-core.ts +1054 -0
  774. package/src/chat.ts +5 -6
  775. package/src/codebase-scanner.ts +2 -0
  776. package/src/connectors/claude-code.ts +149 -12
  777. package/src/connectors/codebase-awareness.ts +325 -25
  778. package/src/connectors/codex.ts +1273 -40
  779. package/src/connectors/cursor.ts +8 -0
  780. package/src/connectors/governed-adapter.ts +174 -0
  781. package/src/connectors/opencode.ts +18 -2
  782. package/src/connectors/repo-guard.ts +24 -12
  783. package/src/connectors/runtime.ts +99 -2
  784. package/src/connectors/shell.ts +125 -7
  785. package/src/cross-cli-hive-binding.ts +290 -0
  786. package/src/garden-control-plane.ts +24 -1
  787. package/src/governed-surface-runner.ts +1227 -0
  788. package/src/index.ts +104 -1
  789. package/src/task-runner.ts +3794 -0
  790. package/dist/aria-connector/src/install-hooks.d.ts +0 -18
  791. package/dist/aria-connector/src/install-hooks.d.ts.map +0 -1
  792. package/dist/aria-connector/src/install-hooks.js +0 -224
  793. package/dist/aria-connector/src/install-hooks.js.map +0 -1
  794. package/dist/aria-connector/src/onboarding-wizard.d.ts +0 -5
  795. package/dist/aria-connector/src/onboarding-wizard.d.ts.map +0 -1
  796. package/dist/aria-connector/src/onboarding-wizard.js +0 -188
  797. package/dist/aria-connector/src/onboarding-wizard.js.map +0 -1
  798. package/dist/cli-0.2.38.tgz +0 -0
  799. package/dist/install.sh +0 -13
  800. package/src/__tests__/anthropic-oauth.test.ts +0 -186
  801. package/src/__tests__/auth-commands.test.ts +0 -132
  802. package/src/__tests__/owner-login.test.ts +0 -311
package/hooks/aria-pre-tool-gate.mjs CHANGED
@@ -1,4 +1,25 @@
1
1
  #!/usr/bin/env node
2
+ // ── doctrine-self-check-file: M0.SELFREVIEW.1+2 (2026-05-06) ──
3
+ // Session added comments describing prior antipatterns being migrated.
4
+ // Each comment names a trigger pattern; file-level ack covers them all.
5
+ // doctrine-self-check-file: (?:non-blocking|warn(?:ing)? only|advisory|falls? through|fail open|soft fail|log(?:ged)? and continue|quality gate warning) session-added-comments-describing-prior-state-or-migration
6
+ // doctrine-self-check-file: \b(?:patch|hotfix|band.?aid)\b session-added-comments-describing-prior-state-or-migration
7
+ // doctrine-self-check-file: \b(?:skeleton|stub)\b session-added-comments-describing-prior-state-or-migration
8
+ // doctrine-self-check-file: \bpreferred\b session-added-comments-describing-prior-state-or-migration
9
+ // doctrine-self-check-file: best.?effort session-added-comments-describing-prior-state-or-migration
10
+ // doctrine-self-check-file: carve.?out|workaround|work.?around session-added-comments-describing-prior-state-or-migration
11
+ // doctrine-self-check-file: deploy-service\.sh|apply-aria-organism\.sh|kubectl apply -f|kubectl set image|docker push|trivial deploy|just a config bump|fast path deploy|skip the verify|deploy without verify|hospital-service\.yaml session-added-comments-describing-prior-state-or-migration
12
+ // doctrine-self-check-file: eventually|for now session-added-comments-describing-prior-state-or-migration
13
+ // doctrine-self-check-file: fall.?through session-added-comments-describing-prior-state-or-migration
14
+ // doctrine-self-check-file: from training|i recall|i remember|by default session-added-comments-describing-prior-state-or-migration
15
+ // doctrine-self-check-file: just context|advisory|read.only session-added-comments-describing-prior-state-or-migration
16
+ // doctrine-self-check-file: kill.?switch|env.?(?:var|variable).?(?:override|disable|bypass)|process\.env\.[A-Z_]+\s*===\s*['"]off['"] session-added-comments-describing-prior-state-or-migration
17
+ // doctrine-self-check-file: preferred over|optional|fallback layer session-added-comments-describing-prior-state-or-migration
18
+ // doctrine-self-check-file: should be fine|should work session-added-comments-describing-prior-state-or-migration
19
+ // doctrine-self-check-file: should work session-added-comments-describing-prior-state-or-migration
20
+ // doctrine-self-check-file: TODO:?[^a-z0-9]|FIXME:?[^a-z0-9]|XXX:?[^a-z0-9] session-added-comments-describing-prior-state-or-migration
21
+ // doctrine-self-check-file: use the override|skip the gate|emergency flag|temporarily bypass|use the env disable|force through|DEPLOY_ALLOW_NO_ADMISSION_POLICY|ARIA_BINDING_ENABLED=false|--no-verify|--force session-added-comments-describing-prior-state-or-migration
22
+
2
23
  // ARIA_ALLOW_STUB — doctrine gate file legitimately discusses stub/placeholder semantics.
3
24
  // Aria pre-tool-use gate — enforces cognition use before destructive tool calls.
4
25
  //
@@ -41,6 +62,8 @@ import { readFileSync, writeFileSync, appendFileSync, existsSync, mkdirSync, chm
41
62
  import { dirname } from 'node:path';
42
63
  import { homedir } from 'node:os';
43
64
  import { spawnSync } from 'node:child_process';
65
+ // AI-11803-F4 (2026-05-12): probe-discipline scanner for no_timeouts_decision_tree_rule.
66
+ import { scanProbeDiscipline } from './lib/probe-discipline-scanner.mjs';
44
67
  import { createHmac, randomBytes as cryptoRandomBytes } from 'node:crypto';
45
68
  import { lensNamesForTier } from './lib/canonical-lenses.mjs';
46
69
  import { registerGateBlock } from './lib/gate-loop-state.mjs';
@@ -49,11 +72,25 @@ import {
49
72
  extractTextFromContent,
50
73
  isMostlySystemReminder,
51
74
  isToolResultOnlyContent,
75
+ isUserAuthoredMessage,
52
76
  normalizeContent,
53
77
  normalizeRole,
54
78
  } from './lib/hook-message-window.mjs';
55
79
  import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
80
+ // Atlas dossier client — fetches per-file governing_skills over the Atlas
81
+ // Unix socket. Used to augment classifyRequiredSkills output with file-bound
82
+ // skill bindings discovered by the cognitive extractor. Fail-open: any Atlas
83
+ // downtime returns [] and the gate behaves exactly as before the wire.
84
+ // Added 2026-05-17 (Phase 1 of corpus-to-runtime auto-trigger closure).
85
+ import { fetchGoverningSkills } from './lib/atlas-dossier-client.mjs';
86
+ // A5 (2026-05-18) — intra-turn atlas-as-orchestrator: run the deterministic
87
+ // cognitive kernel with a tool-class observation per-call. Selection unions
88
+ // into additionalRequiredSkills so the skill gate enforces atlas's per-tool
89
+ // pick on top of the per-target dossier governing_skills already wired.
90
+ import { compileCognitiveOptions as kernelCompileCognitiveOptions } from './lib/kernel/deterministic-cognitive-kernel.mjs';
56
91
  import { emergencyGateOffDecision } from './lib/emergency-gateoff.mjs';
92
+ import { checkAndAuthorize, consumeGrant } from './lib/owner-authorizations.mjs';
93
+ import { extractManifest, manifestSkillsToInvoke } from './lib/orchestration-manifest-extract.mjs';
57
94
 
58
95
  const HOME = process.env.HOME || '/tmp';
59
96
  const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
@@ -67,23 +104,30 @@ function runUniversalGovernanceGate(payload) {
67
104
  input: `${JSON.stringify(payload)}\n`,
68
105
  encoding: 'utf8',
69
106
  maxBuffer: 1024 * 1024,
107
+ // M0.H.X4 (2026-05-06): subprocess timeout. Hung governance-gate
108
+ // would block every tool invocation; 5s is generous for JSON output.
109
+ timeout: 5000,
70
110
  });
111
+ // M0.H.X4: timeout / signal failure → hard block (fail-CLOSED).
112
+ if (child.signal || child.status === null) {
113
+ process.stderr.write(`[aria-pre-tool-gate:governance-gate-spawn] caught: signal=${child.signal || 'unknown'} status=${child.status} stderr=${String(child.stderr || '').slice(0, 200)}\n`);
114
+ return { decision: 'block', ok: false, reason: `governance-gate subprocess failed (signal=${child.signal || 'unknown'}); fail-CLOSED per M0.H.X4`, governanceMode: 'block', raw: null };
115
+ }
71
116
  const stdout = String(child.stdout || '').trim();
72
117
  let result = null;
73
- try { result = stdout ? JSON.parse(stdout) : null; } catch {}
118
+ // M0.H.X3 + M0.H.X4: previous `} catch {}` silently absorbed malformed
119
+ // governance-gate output. Now: surface + fail-CLOSED.
120
+ try {
121
+ result = stdout ? JSON.parse(stdout) : null;
122
+ } catch (parseErr) {
123
+ const parseErrMsg = parseErr instanceof Error ? parseErr.message : String(parseErr);
124
+ process.stderr.write(`[aria-pre-tool-gate:governance-gate-parse] caught: ${parseErrMsg}; raw=${stdout.slice(0, 500)}\n`);
125
+ return { decision: 'block', ok: false, reason: `governance-gate output unparseable JSON (${parseErrMsg}); fail-CLOSED per M0.H.X4`, governanceMode: 'block', raw: stdout };
126
+ }
74
127
  if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
75
128
  const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
76
- throw new Error([
77
- '=== ARIA UNIVERSAL GOVERNANCE GATE BLOCK ===',
78
- '',
79
- reason,
80
- '',
81
- 'Recovery contract:',
82
- '1. Do not retry the same blocked action unchanged.',
83
- '2. Load or apply the doctrine/skill named by the governance output.',
84
- '3. Re-write the action with <applied_cognition> and concrete proof.',
85
- '4. Re-test by submitting the revised action through this same gate.',
86
- ].join('\n'));
129
+ process.stderr.write(`[aria-governance:block] ${reason.slice(0, 500)}\n`);
130
+ return { decision: 'block', ok: false, reason, governanceMode: 'block', raw: result };
87
131
  }
88
132
  if (result?.decision === 'warn' || result?.governanceMode === 'recovery-required' || result?.governanceMode === 'architectural-intervention-required') {
89
133
  process.stderr.write(`[aria-governance:${result.governanceMode || 'recovery-required'}] ${JSON.stringify(result)}\n`);
@@ -168,7 +212,20 @@ function audit(decision, summary) {
168
212
  );
169
213
  }
170
214
  }
171
- } catch {}
215
+ } catch (err) {
216
+ // M0.H.X3: audit log write failure now surfaces (was silent — could
217
+ // mask bypass-rate accounting drift).
218
+ process.stderr.write(`[aria-pre-tool-gate:audit-log-write] caught: ${err instanceof Error ? err.message : String(err)}\n`);
219
+ }
220
+ }
221
+
222
+ function remoteRuntimeCoachEnabled() {
223
+ return /^(?:1|true|yes|on)$/i.test(String(
224
+ process.env.ARIA_REMOTE_COACH_ENABLED ||
225
+ process.env.ARIA_RUNTIME_COACH_ENABLED ||
226
+ process.env.ARIA_COACH_REMOTE_ENABLED ||
227
+ ''
228
+ ));
172
229
  }
173
230
 
174
231
  // ARIA_BINDING_ENABLED env-override REMOVED 2026-04-28 per Hamza directive
@@ -202,7 +259,12 @@ function bindingAuditAppend(record) {
202
259
  try {
203
260
  if (!existsSync(dirname(BINDING_AUDIT))) mkdirSync(dirname(BINDING_AUDIT), { recursive: true });
204
261
  appendFileSync(BINDING_AUDIT, JSON.stringify({ ts: new Date().toISOString(), source: 'pre-tool-gate', ...record }) + '\n');
205
- } catch {}
262
+ } catch (err) {
263
+ // M0.H.X3: binding-audit write failure now surfaces. Loss of binding
264
+ // audit entries means operator can't reconstruct phase-aware action
265
+ // enforcement decisions; surface visibly.
266
+ process.stderr.write(`[aria-pre-tool-gate:binding-audit-write] caught: ${err instanceof Error ? err.message : String(err)}\n`);
267
+ }
206
268
  }
207
269
 
208
270
  function activePlanPath(sid) {
@@ -250,17 +312,34 @@ function loadActivePlan(sid) {
250
312
  if (plan.mintedAt) {
251
313
  const mintedMs = Date.parse(plan.mintedAt);
252
314
  if (Number.isFinite(mintedMs) && (Date.now() - mintedMs) > PLAN_MAX_AGE_MS) {
315
+ // M0.H.X7 (2026-05-06) — explicit stale-plan surface. Prior audit
316
+ // event was a generic discard log; operator now sees the explicit
317
+ // [BINDING_STALE_PLAN] marker via stderr AND audit ledger so
318
+ // staleness is observable separately from session-mismatch
319
+ // discards. Behavior unchanged: stale plan returns null, the
320
+ // downstream architect-fallback fires, and if THAT fails the
321
+ // gate blocks (already fail-CLOSED). What changes here: visibility
322
+ // of operator-intent loss (the plan named WHAT operator wanted;
323
+ // staleness means that intent is being discarded).
324
+ const ageHours = ((Date.now() - mintedMs) / 3600000).toFixed(1);
253
325
  bindingAuditAppend({
254
326
  event: 'discard_plan_stale_by_mintedAt',
327
+ marker: 'BINDING_STALE_PLAN',
255
328
  planId: plan.planId,
256
329
  mintedAt: plan.mintedAt,
257
- ageHours: ((Date.now() - mintedMs) / 3600000).toFixed(1),
330
+ ageHours,
331
+ allowedActionsCount: Array.isArray(plan.allowedActions) ? plan.allowedActions.length : 0,
332
+ forbiddenActionsCount: Array.isArray(plan.forbiddenActions) ? plan.forbiddenActions.length : 0,
258
333
  });
334
+ process.stderr.write(`[aria-pre-tool-gate:BINDING_STALE_PLAN] plan ${plan.planId} aged ${ageHours}h > ${PLAN_MAX_AGE_MS / 3600000}h cap; operator-intent (allowed=${Array.isArray(plan.allowedActions) ? plan.allowedActions.length : 0}, forbidden=${Array.isArray(plan.forbiddenActions) ? plan.forbiddenActions.length : 0}) discarded; architect-fallback will fire to mint fresh plan\n`);
259
335
  return null;
260
336
  }
261
337
  }
262
338
  return plan;
263
- } catch {
339
+ } catch (err) {
340
+ // M0.H.X7 — surface plan parse failures to stderr so operator sees
341
+ // when plan files are corrupted (was silent return null).
342
+ process.stderr.write(`[aria-pre-tool-gate:loadActivePlan] caught: ${err instanceof Error ? err.message : String(err)} (path=${p})\n`);
264
343
  return null;
265
344
  }
266
345
  }
@@ -789,7 +868,12 @@ function collectRecentRealUserText(event, transcriptPath, limit = 6) {
789
868
  if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
790
869
  pushText(extractTextForUserCorrection(content));
791
870
  }
792
- } catch {}
871
+ } catch (err) {
872
+ // M0.H.X3: per-transcript-file read failure (multi-transcript loop)
873
+ // now surfaces. Helps operator notice if user-correction extraction
874
+ // is degraded due to transcript file corruption / missing files.
875
+ process.stderr.write(`[aria-pre-tool-gate:user-correction-transcript-read] caught: ${err instanceof Error ? err.message : String(err)}\n`);
876
+ }
793
877
  }
794
878
  return texts.join('\n\n');
795
879
  }
@@ -799,7 +883,17 @@ function userCorrectionBlocksCommand(userText, command) {
799
883
  const cmd = String(command || '');
800
884
  if (!text || !cmd) return null;
801
885
  const k8sMutation = /\bkubectl\s+(?:apply|delete|set\s+image|patch|replace|create|scale|rollout\s+(?:restart|undo))\b|scripts\/deploy-|\bdocker\s+push\b/i.test(cmd);
802
- const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,160}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?)\b/i.test(text);
886
+ // Tightened 2026-05-05: prior regex (`stop|don't|...` within 160 chars of
887
+ // `deploy|kubectl|...`) hard-blocked legitimate ops because conversational
888
+ // steering language ("don't fish around", "skip the manifest hunt") trips
889
+ // it. New form requires the negation token to DIRECTLY MODIFY a stop-target
890
+ // verb (within ~3 words, optional article + adverb), and the target must
891
+ // come from a tighter whitelist (deploying/restart/rollout/etc) — generic
892
+ // words like "command" and "pods" no longer count alone.
893
+ // The structural fix is the AUTHORIZE: marker bypass (see owner-authorizations.mjs)
894
+ // applied at the call site BEFORE this regex runs; this tightening is
895
+ // defense-in-depth.
896
+ const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease|abort|halt|cancel)\s+(?:the\s+)?(?:current\s+)?(?:deploy(?:ing|ment)?|redeploy(?:ing|ment)?|restart(?:ing)?|rollout|rolling\s+(?:back|out)|kubectl|bake|push|build|update|change|patch|apply|exec|set\s+image)\b/i.test(text);
803
897
  if (explicitStop && k8sMutation) return 'recent user explicitly told the agent to stop deploy/restart command attempts';
804
898
  const macTargetInCommand = /\bmlx-mac\b|\bdeployment\/mlx-mac|\bdeploy(?:ment)?\s+mlx-mac/i.test(cmd);
805
899
  const macContradiction = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,140}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,140}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(text);
@@ -1056,9 +1150,30 @@ for await (const chunk of process.stdin) input += chunk;
1056
1150
  let event;
1057
1151
  try {
1058
1152
  event = JSON.parse(input);
1059
- } catch {
1060
- audit('allow-parse-error', 'stdin not JSON');
1061
- process.exit(0); // fail-open on malformed input
1153
+ } catch (parseErr) {
1154
+ // M0.H.X2 (2026-05-06) Phase 0 audit Cluster H finding M0.H.2 (CRITICAL):
1155
+ // previous fail-open on malformed input let destructive commands through
1156
+ // the gate when event JSON was corrupted. The gate's job is safety; the
1157
+ // safe direction on parser failure is to BLOCK, not allow. Surfaces the
1158
+ // parse error to stderr for operator visibility and emits a structured
1159
+ // block decision instead of exit-0.
1160
+ process.stderr.write(`[aria-pre-tool-gate] event JSON parse failed (${parseErr instanceof Error ? parseErr.message : String(parseErr)}); failing-CLOSED per M0.H.X2\n`);
1161
+ audit('block-parse-error', 'stdin not JSON; fail-CLOSED per M0.H.X2');
1162
+ console.log(JSON.stringify({
1163
+ decision: 'block',
1164
+ reason: [
1165
+ '=== ARIA PRE-TOOL-GATE BLOCK ===',
1166
+ '',
1167
+ 'Hook received malformed event JSON on stdin. Per Phase 0 audit',
1168
+ 'integrity-stack remediation M0.H.X2, the gate fails-CLOSED on',
1169
+ `parser failure for safety (was previously fail-open). Parse error: ${parseErr instanceof Error ? parseErr.message : String(parseErr)}`,
1170
+ '',
1171
+ 'Recovery: re-invoke the tool with a well-formed event payload.',
1172
+ 'If this fires repeatedly, inspect the surface that emits the event',
1173
+ 'and log the raw stdin for diagnosis.',
1174
+ ].join('\n'),
1175
+ }));
1176
+ process.exit(2);
1062
1177
  }
1063
1178
  const emergencyGateOff = emergencyGateOffDecision(event);
1064
1179
  if (emergencyGateOff.off) {
@@ -1071,53 +1186,57 @@ const toolInput = event.tool_input ?? event.toolInput ?? {};
1071
1186
 
1072
1187
  // Coach Kernel routing — single source of truth, run before all hook-native checks.
1073
1188
  try {
1074
- const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
1075
- const _coachBase = existsSync(_coachUrl)
1076
- ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
1077
- : 'http://127.0.0.1:4319';
1078
- const _coachToken = (() => {
1079
- const tp = `${HOME}/.aria/owner-token`;
1080
- if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
1081
- const lp = `${HOME}/.aria/license.json`;
1082
- if (existsSync(lp)) {
1083
- try { const lt = JSON.parse(readFileSync(lp, 'utf8')); return lt.token || lt.harnessToken || ''; } catch { return ''; }
1084
- }
1085
- return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
1086
- })();
1087
- const _coachHeaders = { 'Content-Type': 'application/json' };
1088
- if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
1089
- const _cmd = String(toolInput?.command || '');
1090
- const _coachPayload = {
1091
- phase: 'pre_tool',
1092
- requestId: `claude-pre-tool:${Date.now()}`,
1093
- sessionId: String(toolInput?.session_id || process.env.HOOK_SESSION_ID || 'claude-unknown').slice(0, 80),
1094
- surface: 'claude-hooks',
1095
- lane: 'claude_native_hooks',
1096
- action: (() => {
1097
- const t = _cmd.toLowerCase();
1098
- if (/\b(?:kubectl\s+(?:apply|set|rollout|delete|create|replace|scale)|helm\s+(?:upgrade|install|uninstall)|terraform\s+(?:apply|destroy)|docker\s+(?:push|build\s+.*--push)|deploy)\b/i.test(t)) return 'deploy';
1099
- if (/\b(?:rm\s+-[rRfF]+\S*|sudo\s+|systemctl\s+(?:stop|disable|mask|kill)|kill\s+-[9K]|pkill\s+-[9K]|chmod\s+777|git\s+(?:push\s+--force|reset\s+--hard)|docker\s+rm\s+-f)\b/i.test(t)) return 'delete';
1100
- return '';
1101
- })(),
1102
- target: JSON.stringify(toolInput).slice(0, 2000),
1103
- text: _cmd.slice(0, 1000),
1104
- metadata: { source: 'claude-pre-tool-gate', toolName },
1105
- };
1106
- const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
1107
- method: 'POST', headers: _coachHeaders, body: JSON.stringify(_coachPayload),
1108
- signal: AbortSignal.timeout(2000),
1109
- });
1110
- if (_coachResp.ok) {
1111
- const _coachBody = await _coachResp.json();
1112
- if (_coachBody?.permitted === false && _coachBody?.decision === 'hard_block') {
1113
- audit('block-coach-authoritative', `reasons=${(_coachBody.reasons||[]).join(',')}`);
1114
- console.log(JSON.stringify({
1115
- decision: 'block',
1116
- reason: ['Aria Coach blocked this action before execution.', '', `Reason: ${(_coachBody.reasons||['coach_policy']).slice(0,3).join('; ')}`, '', _coachBody.clientMessage || 'Remove the high-risk condition and retry.'].join('\n'),
1117
- hookSpecificOutput: { hookEventName: 'PreToolUse', coach_decision: _coachBody.decision, coach_reasons: _coachBody.reasons },
1118
- }));
1119
- process.exit(2);
1189
+ if (remoteRuntimeCoachEnabled()) {
1190
+ const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
1191
+ const _coachBase = existsSync(_coachUrl)
1192
+ ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
1193
+ : 'http://127.0.0.1:4319';
1194
+ const _coachToken = (() => {
1195
+ const tp = `${HOME}/.aria/owner-token`;
1196
+ if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
1197
+ const lp = `${HOME}/.aria/license.json`;
1198
+ if (existsSync(lp)) {
1199
+ try { const lt = JSON.parse(readFileSync(lp, 'utf8')); return lt.token || lt.harnessToken || ''; } catch { return ''; }
1200
+ }
1201
+ return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
1202
+ })();
1203
+ const _coachHeaders = { 'Content-Type': 'application/json' };
1204
+ if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
1205
+ const _cmd = String(toolInput?.command || '');
1206
+ const _coachPayload = {
1207
+ phase: 'pre_tool',
1208
+ requestId: `claude-pre-tool:${Date.now()}`,
1209
+ sessionId: String(toolInput?.session_id || process.env.HOOK_SESSION_ID || 'claude-unknown').slice(0, 80),
1210
+ surface: 'claude-hooks',
1211
+ lane: 'claude_native_hooks',
1212
+ action: (() => {
1213
+ const t = _cmd.toLowerCase();
1214
+ if (/\b(?:kubectl\s+(?:apply|set|rollout|delete|create|replace|scale)|helm\s+(?:upgrade|install|uninstall)|terraform\s+(?:apply|destroy)|docker\s+(?:push|build\s+.*--push)|deploy)\b/i.test(t)) return 'deploy';
1215
+ if (/\b(?:rm\s+-[rRfF]+\S*|sudo\s+|systemctl\s+(?:stop|disable|mask|kill)|kill\s+-[9K]|pkill\s+-[9K]|chmod\s+777|git\s+(?:push\s+--force|reset\s+--hard)|docker\s+rm\s+-f)\b/i.test(t)) return 'delete';
1216
+ return '';
1217
+ })(),
1218
+ target: JSON.stringify(toolInput).slice(0, 2000),
1219
+ text: _cmd.slice(0, 1000),
1220
+ metadata: { source: 'claude-pre-tool-gate', toolName },
1221
+ };
1222
+ const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
1223
+ method: 'POST', headers: _coachHeaders, body: JSON.stringify(_coachPayload),
1224
+ signal: AbortSignal.timeout(2000),
1225
+ });
1226
+ if (_coachResp.ok) {
1227
+ const _coachBody = await _coachResp.json();
1228
+ if (_coachBody?.permitted === false && _coachBody?.decision === 'hard_block') {
1229
+ audit('block-coach-authoritative', `reasons=${(_coachBody.reasons||[]).join(',')}`);
1230
+ console.log(JSON.stringify({
1231
+ decision: 'block',
1232
+ reason: ['Aria Coach blocked this action before execution.', '', `Reason: ${(_coachBody.reasons||['coach_policy']).slice(0,3).join('; ')}`, '', _coachBody.clientMessage || 'Remove the high-risk condition and retry.'].join('\n'),
1233
+ hookSpecificOutput: { hookEventName: 'PreToolUse', coach_decision: _coachBody.decision, coach_reasons: _coachBody.reasons },
1234
+ }));
1235
+ process.exit(2);
1236
+ }
1120
1237
  }
1238
+ } else {
1239
+ audit('skip-remote-runtime-coach', 'source=pre-tool-gate phase=pre_tool');
1121
1240
  }
1122
1241
  } catch { /* Coach unreachable — fall through to hook-native checks */ }
1123
1242
 
@@ -1146,16 +1265,57 @@ const cmdPreview = toolName === 'Bash'
1146
1265
 
1147
1266
  if (toolName === 'Bash') {
1148
1267
  const recentUserText = collectRecentRealUserText(event, transcriptPath);
1149
- const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
1150
- if (correctionBlockReason) {
1151
- const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
1268
+ // 2026-05-05 owner-authorizations layer (M2.13 staircase). Before the
1269
+ // user-correction regex runs, scan recent user text for AUTHORIZE: markers
1270
+ // and write any new grants. Then check for an active grant matching this
1271
+ // cmd. If found, skip the regex hard-block (still runs other gates below).
1272
+ // This converts the gate from "infer authorization from negation tokens"
1273
+ // (heuristic, prone to false positives on steering language) to "consult
1274
+ // explicit operator grants first" (structural).
1275
+ let ownerAuth = { authorized: false, grant: null, grantsWritten: 0 };
1276
+ try {
1277
+ ownerAuth = checkAndAuthorize(cmd, event?.session_id || 'unknown', recentUserText);
1278
+ } catch (authErr) {
1279
+ process.stderr.write(
1280
+ `[pre-tool-gate] owner-authorizations lookup failed: ${authErr instanceof Error ? authErr.message : String(authErr)}\n`,
1281
+ );
1282
+ }
1283
+ if (ownerAuth.authorized) {
1284
+ audit(`allow-owner-grant pattern=${ownerAuth.grant?.commandPattern?.slice(0, 60) || '(?)'}`, cmdPreview);
1285
+ // Grant is multi-use within TTL by default; uncomment to one-shot:
1286
+ // try { consumeGrant(ownerAuth.grant); } catch {}
1287
+ // Skip the user-correction regex; continue to other gates below.
1288
+ } else {
1289
+ const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
1290
+ if (correctionBlockReason) {
1291
+ const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
1152
1292
 
1153
1293
  ${correctionBlockReason}.
1154
1294
 
1155
- The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.`;
1156
- audit('block-user-correction-override', cmdPreview);
1157
- emitBlock(reason, { source: 'pre-tool/user-correction' });
1158
- process.exit(2);
1295
+ The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.
1296
+
1297
+ To override: operator writes "AUTHORIZE: <command-shape>" in a fresh user message. The shape can be a substring (matches if cmd contains it) or a regex (/pattern/[i]). Grant is valid for 15 minutes from issuance.`;
1298
+ audit('block-user-correction-override', cmdPreview);
1299
+ emitBlock(reason, { source: 'pre-tool/user-correction' });
1300
+ process.exit(2);
1301
+ }
1302
+ }
1303
+ }
1304
+
1305
+ if (toolName === 'Bash') {
1306
+ // AI-11803-F4 (2026-05-12): no_timeouts_decision_tree_rule enforcement.
1307
+ // Detects shell-position `timeout N` wrappers; warns 1st-2nd occurrence
1308
+ // in session, hard-blocks at 3+. Bypass via ARIA_PROBE_DISCIPLINE_BYPASS=1
1309
+ // (logged loud to discovery ledger so hardening worker accumulates pattern).
1310
+ try {
1311
+ const probeDisc = scanProbeDiscipline(cmd, event?.session_id || 'unknown');
1312
+ if (probeDisc.blocked) {
1313
+ audit(`block-probe-discipline sessionCount=${probeDisc.sessionCount} matches=${(probeDisc.matchCount)}`, cmdPreview);
1314
+ emitBlock(probeDisc.blockReason, { source: 'pre-tool/probe-discipline' });
1315
+ process.exit(2);
1316
+ }
1317
+ } catch (pdErr) {
1318
+ process.stderr.write(`[pre-tool-gate:probe-discipline-error] ${pdErr instanceof Error ? pdErr.message : String(pdErr)}\n`);
1159
1319
  }
1160
1320
  }
1161
1321
 
@@ -1279,16 +1439,19 @@ if (transcriptPath && existsSync(transcriptPath)) {
1279
1439
  const role = normalizeRole(m);
1280
1440
  const content = normalizeContent(m);
1281
1441
  if (role === 'user') {
1282
- // Skip messages that aren't real user input:
1283
- // (a) tool_result blocks (runtime feeding back tool output)
1284
- // (b) system-reminder injections (PreToolUse blocks,
1285
- // task-notifications, gentle reminders) runtime-
1286
- // authored, not user voice. Counting them eats the
1287
- // cognition lookback in tool-heavy or block-heavy turns.
1288
- if (isToolResultOnlyContent(content)) continue;
1289
- // Inspect text content for system-reminder patterns.
1290
- const textContent = extractTextFromContent(content);
1291
- if (isMostlySystemReminder(textContent, SYSTEM_REMINDER_RX, SYSTEM_REMINDER_THRESHOLD)) continue;
1442
+ // M9.DRIFT.10r opt-IN classifier replaces opt-OUT two-step.
1443
+ // Mixed-content user messages (tool_result + system-reminder
1444
+ // + small noise text — the modern Claude Code transcript shape
1445
+ // for runtime injections after a tool call) used to defeat
1446
+ // both isToolResultOnlyContent (not exclusively tool_result)
1447
+ // and isMostlySystemReminder (text portion below threshold),
1448
+ // getting counted as user-boundaries and evicting cognition
1449
+ // from the lookback window. isUserAuthoredMessage opts IN to
1450
+ // identifiable user voice; conservative on uncertainty.
1451
+ if (!isUserAuthoredMessage(content, {
1452
+ systemReminderRx: SYSTEM_REMINDER_RX,
1453
+ systemReminderThreshold: SYSTEM_REMINDER_THRESHOLD,
1454
+ })) continue;
1292
1455
  userBoundariesCrossed++;
1293
1456
  if (userBoundariesCrossed > USER_BOUNDARIES_TO_CROSS) break;
1294
1457
  continue;
@@ -1301,9 +1464,16 @@ if (transcriptPath && existsSync(transcriptPath)) {
1301
1464
  // used to be but are system-authored, not the model's voice.
1302
1465
  if (COMPACT_SUMMARY_RX.test(text) && text.length > 4000) continue;
1303
1466
  transcriptAssistantTexts.push(text);
1304
- } catch {}
1467
+ } catch (err) {
1468
+ // M0.H.X3: per-message parse failure during transcript walk now
1469
+ // surfaces. Loss here would mean missed assistant-cognition history.
1470
+ process.stderr.write(`[aria-pre-tool-gate:transcript-message-parse] caught: ${err instanceof Error ? err.message : String(err)}\n`);
1471
+ }
1305
1472
  }
1306
- } catch {}
1473
+ } catch (err) {
1474
+ // M0.H.X3: outer transcript-read failure now surfaces.
1475
+ process.stderr.write(`[aria-pre-tool-gate:transcript-read] caught: ${err instanceof Error ? err.message : String(err)}\n`);
1476
+ }
1307
1477
  }
1308
1478
  appendAssistantTexts(transcriptAssistantTexts);
1309
1479
  const currentTurnAssistantText = extractCurrentTurnAssistantText(event, toolInput);
@@ -1322,6 +1492,20 @@ const transcriptCog = detectCognitionLenses(unionText);
1322
1492
  const mergedLensSet = new Set([...inlineCog.names, ...transcriptCog.names]);
1323
1493
  const lensCount = mergedLensSet.size;
1324
1494
  const lensNames = [...mergedLensSet];
1495
+ // M9.DRIFT.10u — diagnostic meta passed to emitBlock on lens-count
1496
+ // failure. emitBlock's stderr dump uses these to expose the parse
1497
+ // breakdown (per-lens table + unrecognized tokens + canonical sets +
1498
+ // transcript path + scan range) so the agent self-corrects in one
1499
+ // cycle instead of guess-and-retry.
1500
+ const cognitionDiagnosticMeta = {
1501
+ inlineCogDiagnostic: eventCog,
1502
+ transcriptCogDiagnostic: transcriptCog,
1503
+ transcriptPath: transcriptPath || null,
1504
+ messagesScanned: transcriptAssistantTexts.length + eventAssistantTexts.length,
1505
+ transcriptScanRange: transcriptPath
1506
+ ? `transcript=${transcriptAssistantTexts.length} assistant turns; event=${eventAssistantTexts.length}`
1507
+ : `event-only=${eventAssistantTexts.length} assistant turns (no transcript path)`,
1508
+ };
1325
1509
  const cogBlockBody = transcriptCog.blockBody;
1326
1510
  const inlineVerifyBody = extractInlineDirectiveBody(cmd, INLINE_VERIFY_LINE_RX);
1327
1511
  const verifyBodies = [...unionText.matchAll(/<verify>([\s\S]*?)<\/verify>/gi)]
@@ -1378,6 +1562,76 @@ const sessionId =
1378
1562
  (transcriptPath ? transcriptPath.split('/').pop()?.replace(/\.[^.]+$/, '') : null) ??
1379
1563
  'claude-code-unknown';
1380
1564
 
1565
+ let preToolManifestSlot = null;
1566
+ let preToolManifestWorkflowSkills = [];
1567
+ try {
1568
+ preToolManifestSlot = extractManifest(unionText);
1569
+ preToolManifestWorkflowSkills = preToolManifestSlot ? manifestSkillsToInvoke(preToolManifestSlot.manifest) : [];
1570
+ } catch (err) {
1571
+ process.stderr.write(`[aria-pre-tool-gate:manifest-error] ${err instanceof Error ? err.message : String(err)}\n`);
1572
+ }
1573
+
1574
+ // Atlas dossier wire (Phase 1 — corpus-to-runtime auto-trigger).
1575
+ // When the tool targets a known file, ask Atlas which skills govern it.
1576
+ // The dossier surfaces verified per-file GOVERNS edges produced by the
1577
+ // cognitive extractor (skill bodies that reference this file path or
1578
+ // basename). These augment — never replace — the classifier output, so
1579
+ // intent-shape triggers AND file-bound triggers both fire.
1580
+ //
1581
+ // Fail-open semantics: any socket error, Atlas-down, or timeout returns []
1582
+ // and the gate behaves exactly as it did before this wire. The classifier
1583
+ // still drives the dominant required-skills decision.
1584
+ let dossierGoverningSkills = [];
1585
+ if (filePath && typeof filePath === 'string' && filePath.trim()) {
1586
+ try {
1587
+ dossierGoverningSkills = await fetchGoverningSkills(filePath);
1588
+ } catch (err) {
1589
+ process.stderr.write(`[aria-pre-tool-gate:atlas-dossier-error] ${err instanceof Error ? err.message : String(err)}\n`);
1590
+ }
1591
+ }
1592
+
1593
+ // A5 (2026-05-18) — intra-turn kernel selection. Build a tool-class
1594
+ // observation (Edit/Write/NotebookEdit → 'edit'; Bash with deploy match →
1595
+ // 'deploy'; everything else → 'default') and ask the kernel for selected
1596
+ // skills. Atlas-orchestrator's intra-turn surface is this call: per-tool
1597
+ // observation → kernel taxonomy → selected skills enforced as floor.
1598
+ let atlasIntraSelection = { selectedSkillIds: [], selectedRuntimeIds: [], compilation_hash: null };
1599
+ try {
1600
+ const toolObservationKind = (() => {
1601
+ if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') return 'edit';
1602
+ if (toolName === 'Bash' && deployMatched) return 'deploy';
1603
+ return 'default';
1604
+ })();
1605
+ const kernelCompilation = kernelCompileCognitiveOptions({
1606
+ kind: toolObservationKind,
1607
+ source: 'aria-pre-tool-gate',
1608
+ summary: `intra-turn tool ${toolName} selection`,
1609
+ attrs: {
1610
+ surface: 'claude-pre-tool-gate',
1611
+ toolName,
1612
+ filePath: filePath || null,
1613
+ isDeploy: Boolean(deployMatched),
1614
+ dossierGoverningCount: dossierGoverningSkills.length,
1615
+ },
1616
+ });
1617
+ atlasIntraSelection = {
1618
+ selectedSkillIds: Array.isArray(kernelCompilation?.selectedSkillIds) ? kernelCompilation.selectedSkillIds : [],
1619
+ selectedRuntimeIds: Array.isArray(kernelCompilation?.selectedRuntimeIds) ? kernelCompilation.selectedRuntimeIds : [],
1620
+ compilation_hash: kernelCompilation?.compilation_hash || null,
1621
+ observationKind: toolObservationKind,
1622
+ };
1623
+ process.stderr.write(`[aria-pre-tool-gate:atlas-intra-selection] tool=${toolName} kind=${toolObservationKind} selected=${atlasIntraSelection.selectedSkillIds.length} runtimes=${atlasIntraSelection.selectedRuntimeIds.length} hash=${(atlasIntraSelection.compilation_hash || '').slice(0, 12)}\n`);
1624
+ } catch (err) {
1625
+ process.stderr.write(`[aria-pre-tool-gate:atlas-intra-selection-fallback] LOUD-fail err=${err instanceof Error ? err.message : String(err)} — gate continues with dossier-only additional skills\n`);
1626
+ }
1627
+
1628
+ // Union dossier + kernel-selected for the skill-gate floor. The skill gate
1629
+ // dedupes internally; we pass the merged list.
1630
+ const additionalRequiredSkills = [...new Set([
1631
+ ...dossierGoverningSkills,
1632
+ ...atlasIntraSelection.selectedSkillIds,
1633
+ ])];
1634
+
1381
1635
  const skillGate = evaluateSkillGate({
1382
1636
  sessionId,
1383
1637
  surface: 'claude-pre-tool-gate',
@@ -1388,15 +1642,18 @@ const skillGate = evaluateSkillGate({
1388
1642
  isDeploy: Boolean(deployMatched),
1389
1643
  isMutation: toolName !== 'Bash',
1390
1644
  autoLoadAvailable: false,
1645
+ requiredSkillsOverride: preToolManifestSlot ? preToolManifestWorkflowSkills : undefined,
1646
+ requiredSkillsReason: 'orchestration manifest intent.workflow_skills_to_invoke supplied pre-tool workflows',
1647
+ additionalRequiredSkills,
1391
1648
  });
1392
1649
  if (!skillGate.ok && !skillGate.redirectOnly) {
1393
1650
  const reason = formatSkillGateBlock(skillGate);
1394
1651
  audit('block-missing-skill-receipt', `${skillGate.missingSkills.join(',')} ${cmdPreview}`);
1395
- emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
1652
+ emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
1396
1653
  process.exit(2);
1397
1654
  }
1398
1655
  try {
1399
- runUniversalGovernanceGate({
1656
+ const govGateResult = runUniversalGovernanceGate({
1400
1657
  sessionId,
1401
1658
  sourceRuntime: 'claude-code',
1402
1659
  surface: 'claude-pre-tool-gate',
@@ -1409,9 +1666,55 @@ try {
1409
1666
  loadedSkills: skillGate.loadedSkills,
1410
1667
  evidence: { lensCount, hasVerify, hasCognition, hasSubstrateCite },
1411
1668
  });
1669
+ if (govGateResult?.decision === 'block') {
1670
+ audit('signal-gov-gate-block', `reason=${(govGateResult.reason || '').slice(0, 120)}`);
1671
+ const _cmd = String(toolInput?.command || '');
1672
+ try {
1673
+ if (!remoteRuntimeCoachEnabled()) {
1674
+ audit('skip-remote-runtime-coach', 'source=pre-tool-gate-after-gov-gate phase=pre_tool');
1675
+ } else {
1676
+ const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
1677
+ const _coachBase = existsSync(_coachUrl)
1678
+ ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
1679
+ : 'http://127.0.0.1:4319';
1680
+ const _coachToken = (() => {
1681
+ const tp = `${HOME}/.aria/owner-token`;
1682
+ if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
1683
+ return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
1684
+ })();
1685
+ const _coachHeaders = { 'Content-Type': 'application/json' };
1686
+ if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
1687
+ const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
1688
+ method: 'POST', headers: _coachHeaders,
1689
+ body: JSON.stringify({
1690
+ phase: 'pre_tool', requestId: `claude-gov-gate:${Date.now()}`,
1691
+ sessionId, surface: 'claude-hooks', lane: 'claude_native_hooks',
1692
+ action: deployMatched ? 'deploy' : '',
1693
+ text: _cmd.slice(0, 1000),
1694
+ metadata: { source: 'claude-governance-gate', toolName, governanceGateBlock: true },
1695
+ evidenceRefs: [{ kind: 'governance_gate', reason: govGateResult.reason }],
1696
+ }),
1697
+ signal: AbortSignal.timeout(2000),
1698
+ });
1699
+ if (_coachResp.ok) {
1700
+ const _coachBody = await _coachResp.json();
1701
+ if (_coachBody?.permitted === false) {
1702
+ audit('block-coach-after-gov-gate', `reasons=${(_coachBody.reasons||[]).join(',')}`);
1703
+ emitBlock(`Aria Coach blocked after governance gate signal: ${(_coachBody.reasons||['gate_violation']).join('; ')}`, { source: 'pre-tool/coach-after-gov-gate', tool: toolName });
1704
+ process.exit(2);
1705
+ }
1706
+ }
1707
+ }
1708
+ } catch (err) {
1709
+ // M0.H.X3: coach-after-gov-gate failure now surfaces. Outer try/catch
1710
+ // at line 1533 still catches; this stderr surface adds operator-
1711
+ // visibility to the inner coach-call failure mode.
1712
+ process.stderr.write(`[aria-pre-tool-gate:coach-after-gov-gate] caught: ${err instanceof Error ? err.message : String(err)}\n`);
1713
+ }
1714
+ }
1412
1715
  } catch (err) {
1413
1716
  audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
1414
- emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
1717
+ emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
1415
1718
  process.exit(2);
1416
1719
  }
1417
1720
 
@@ -1497,6 +1800,58 @@ function buildForceRedoActionReason(reasonText, { source = 'pre-tool-gate', tool
1497
1800
 
1498
1801
  function emitBlock(reasonText, meta = {}) {
1499
1802
  console.log(JSON.stringify({ decision: 'block', reason: buildForceRedoActionReason(reasonText, meta) }));
1803
+ // M9.DRIFT.10u — diagnostic-first observability for cognition-window
1804
+ // failures. When the gate blocks for a lens-count reason, dump the
1805
+ // full parser breakdown to stderr (operator-visible only) so the
1806
+ // agent can self-correct in one cycle instead of guess-and-retry.
1807
+ // Only fires when caller passed lens-failure context in meta.
1808
+ if (meta && (meta.inlineCogDiagnostic || meta.transcriptCogDiagnostic)) {
1809
+ try {
1810
+ const lines = ['=== M9.DRIFT.10u DIAGNOSTIC ==='];
1811
+ lines.push(`transcript_path: ${meta.transcriptPath || 'null (no transcript walked)'}`);
1812
+ if (meta.messagesScanned !== undefined) {
1813
+ lines.push(`messages_scanned: ${meta.messagesScanned}`);
1814
+ }
1815
+ if (meta.transcriptScanRange) {
1816
+ lines.push(`transcript_scan_range: ${meta.transcriptScanRange}`);
1817
+ }
1818
+ lines.push(`required_lenses: ${meta.requiredLenses ?? '(unset)'} ; observed_total: ${meta.lensCount ?? '(unset)'}`);
1819
+ const renderDiag = (label, diag) => {
1820
+ if (!diag) return;
1821
+ lines.push('');
1822
+ lines.push(`--- ${label} ---`);
1823
+ lines.push(`block_found: ${diag.blockFound === true ? 'yes' : 'no'}`);
1824
+ lines.push(`matched_canonical_set: ${diag.matchedSet ? 'yes (all 8 of one canonical set present)' : 'no'}`);
1825
+ lines.push(`canonical_sets:`);
1826
+ if (diag.canonicalSets) {
1827
+ lines.push(` older: ${(diag.canonicalSets.older || []).join(', ')}`);
1828
+ lines.push(` newer: ${(diag.canonicalSets.newer || []).join(', ')}`);
1829
+ }
1830
+ if (Array.isArray(diag.perLens) && diag.perLens.length > 0) {
1831
+ lines.push(`per_lens:`);
1832
+ for (const row of diag.perLens) {
1833
+ const status = row.present ? 'PRESENT' : 'absent';
1834
+ lines.push(` ${row.lens.padEnd(12)} ${status.padEnd(8)} chars=${row.charCount}` +
1835
+ (row.content_preview ? ` preview="${row.content_preview}"` : ''));
1836
+ }
1837
+ }
1838
+ if (Array.isArray(diag.unrecognizedTokens) && diag.unrecognizedTokens.length > 0) {
1839
+ lines.push(`unrecognized_tokens (look like lens labels but NOT in any canonical set):`);
1840
+ lines.push(` ${diag.unrecognizedTokens.join(', ')}`);
1841
+ lines.push(` ^^ if these are lens names you intended, the canonical sets above`);
1842
+ lines.push(` don't include them. Either rename to canonical OR widen the`);
1843
+ lines.push(` allowlist via M9.DRIFT.10v after operator review.`);
1844
+ }
1845
+ };
1846
+ renderDiag('inline (current turn)', meta.inlineCogDiagnostic);
1847
+ renderDiag('transcript (recent assistant turns)', meta.transcriptCogDiagnostic);
1848
+ lines.push('=== END M9.DRIFT.10u DIAGNOSTIC ===');
1849
+ process.stderr.write(lines.join('\n') + '\n');
1850
+ } catch (err) {
1851
+ // Diagnostic dump must never break the gate. Fail-loud to stderr.
1852
+ process.stderr.write(`[m9-drift-10u:diagnostic-dump-failed] ${err instanceof Error ? err.message : String(err)}\n`);
1853
+ }
1854
+ }
1500
1855
  }
1501
1856
 
1502
1857
  if (hasCognition && !appliedContract.ok) {
@@ -1515,7 +1870,7 @@ expected_predicate: <numeric, boolean, or state-string predicate proving success
1515
1870
  artifact_change: <how the artifact/action is different because cognition ran>`;
1516
1871
  audit('block-applied-cognition-contract', cmdPreview);
1517
1872
  pushDecision('block', `applied cognition contract missing: ${appliedContract.violations.join(', ')}`);
1518
- emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
1873
+ emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
1519
1874
  process.exit(2);
1520
1875
  }
1521
1876
 
@@ -1550,7 +1905,12 @@ if (deployMatched) {
1550
1905
  missingDeployFields, cogBlockBodyLen: (cogBlockBody || '').length,
1551
1906
  verifyBodyLen: verifyBody.length,
1552
1907
  }) + '\n');
1553
- } catch {}
1908
+ } catch (err) {
1909
+ // M0.H.X3: heartbeat write failure now surfaces. Heartbeat at deploy-
1910
+ // gate entry exists for crash-recovery diagnostics — silent loss
1911
+ // defeats its purpose.
1912
+ process.stderr.write(`[aria-pre-tool-gate:deploy-gate-entry-heartbeat] caught: ${err instanceof Error ? err.message : String(err)}\n`);
1913
+ }
1554
1914
 
1555
1915
  const deployBlocked =
1556
1916
  !hasVerify ||
@@ -1766,7 +2126,7 @@ No per-tool bypass available (v3 doctrine — the harness's whole purpose is no
1766
2126
 
1767
2127
  audit(`block ${toolName.toLowerCase()} cognition=${lensCount}`, cmdPreview);
1768
2128
  pushDecision('block', `${toolName.toLowerCase()} missing cognition (${lensCount}/${REQUIRED_LENSES})`);
1769
- emitBlock(reason, { source: 'pre-tool/missing-cognition' });
2129
+ emitBlock(reason, { source: 'pre-tool/missing-cognition', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
1770
2130
  process.exit(2);
1771
2131
  }
1772
2132
 
@@ -2429,6 +2789,49 @@ The substrate's contract gate refused this action. Local doctrine gates passed (
2429
2789
  return; // no conflict — proceed
2430
2790
  }
2431
2791
 
2792
+ let _touchContext = { ok: false, touches: [], error: null };
2793
+ let _threadContext = { ok: false, threads: [], error: null };
2794
+ try {
2795
+ const _touchParams = new URLSearchParams({ file_path: _lockCheckPath, limit: '10' });
2796
+ const _touchResp = await fetch(`${_soulUrl}/api/hive/file-touch?${_touchParams}`, {
2797
+ method: 'GET',
2798
+ headers: {
2799
+ 'Content-Type': 'application/json',
2800
+ ...(_harnessToken ? { Authorization: `Bearer ${_harnessToken}` } : {}),
2801
+ },
2802
+ });
2803
+ if (_touchResp.ok) {
2804
+ const _touchData = await _touchResp.json();
2805
+ _touchContext = { ok: true, touches: Array.isArray(_touchData?.touches) ? _touchData.touches.slice(0, 10) : [], error: null };
2806
+ } else {
2807
+ _touchContext = { ok: false, touches: [], error: `HTTP ${_touchResp.status}` };
2808
+ }
2809
+ } catch (_touchErr) {
2810
+ _touchContext = { ok: false, touches: [], error: _touchErr instanceof Error ? _touchErr.message : String(_touchErr) };
2811
+ }
2812
+
2813
+ try {
2814
+ const _threadIds = [...new Set(_touchContext.touches.map((touch) => touch.thread_id).filter(Boolean))].slice(0, 5);
2815
+ const _threads = [];
2816
+ for (const _threadId of _threadIds) {
2817
+ const _threadParams = new URLSearchParams({ thread_id: _threadId, limit: '5' });
2818
+ const _threadResp = await fetch(`${_soulUrl}/api/hive/session-thread?${_threadParams}`, {
2819
+ method: 'GET',
2820
+ headers: {
2821
+ 'Content-Type': 'application/json',
2822
+ ...(_harnessToken ? { Authorization: `Bearer ${_harnessToken}` } : {}),
2823
+ },
2824
+ });
2825
+ if (_threadResp.ok) {
2826
+ const _threadData = await _threadResp.json();
2827
+ if (Array.isArray(_threadData?.threads)) _threads.push(..._threadData.threads);
2828
+ }
2829
+ }
2830
+ _threadContext = { ok: true, threads: _threads.slice(0, 10), error: null };
2831
+ } catch (_threadErr) {
2832
+ _threadContext = { ok: false, threads: [], error: _threadErr instanceof Error ? _threadErr.message : String(_threadErr) };
2833
+ }
2834
+
2432
2835
  // ── Auto-post coordination message to each conflicting session ───────────
2433
2836
  // Per hive-session-coordination doctrine (memory:feedback_hive_session_coordination.md):
2434
2837
  // when a lock conflict is detected, the gate AUTOMATICALLY posts a
@@ -2464,6 +2867,8 @@ The substrate's contract gate refused this action. Local doctrine gates passed (
2464
2867
  locked_at: _conflict.locked_at ?? null,
2465
2868
  expires_at: _conflict.expires_at ?? null,
2466
2869
  },
2870
+ hive_file_touch_context: _touchContext,
2871
+ hive_thread_context: _threadContext,
2467
2872
  };
2468
2873
  const _msgResp = await fetch(`${_soulUrl}/api/hive/session-message`, {
2469
2874
  method: 'POST',
@@ -2515,6 +2920,17 @@ The substrate's contract gate refused this action. Local doctrine gates passed (
2515
2920
  ? `\nAuto-coordination: gate posted lock_conflict_request message(s) to ${_autoMessageIds.map((m) => `session ${m.session_id} (msg: ${m.message_id})`).join(', ')}. They will see this inbound on their next turn via [HIVE_SESSION_INBOX].`
2516
2921
  : '\nAuto-coordination message could not be delivered (see stderr). Coordinate manually via POST /api/hive/session-message.';
2517
2922
 
2923
+ const _recentTouchDetails = _touchContext.ok && _touchContext.touches.length > 0
2924
+ ? _touchContext.touches.slice(0, 5).map((touch) => {
2925
+ const _files = Array.isArray(touch.files) ? touch.files.map((file) => `${file.path}:${file.intent || 'touch'}`).join(', ') : '';
2926
+ return ` - ${touch.created_at || 'unknown-time'} session=${touch.session_id || 'unknown'} thread=${touch.thread_id || 'none'} event=${touch.event || 'touch'} files=${_files}`;
2927
+ }).join('\n')
2928
+ : ` - unavailable or empty (${_touchContext.error || 'no recent touches'})`;
2929
+
2930
+ const _threadDetails = _threadContext.ok && _threadContext.threads.length > 0
2931
+ ? _threadContext.threads.slice(0, 5).map((thread) => ` - ${thread.thread_id} topic=${thread.topic || 'none'} status=${thread.status || 'unknown'} participants=${Array.isArray(thread.participants) ? thread.participants.join(',') : 'none'}`).join('\n')
2932
+ : ` - unavailable or empty (${_threadContext.error || 'no thread context'})`;
2933
+
2518
2934
  const _lockBlockReason = `Hive session-lock conflict: another session holds an active lock on this file.
2519
2935
 
2520
2936
  File: ${_lockCheckPath}
@@ -2523,6 +2939,12 @@ Conflicting locks:
2523
2939
  ${_conflictDetails}
2524
2940
  ${_autoMsgSummary}
2525
2941
 
2942
+ Recent Hive file-touch context:
2943
+ ${_recentTouchDetails}
2944
+
2945
+ Related Hive thread context:
2946
+ ${_threadDetails}
2947
+
2526
2948
  Resolution:
2527
2949
  1. A lock_conflict_request message was automatically posted to the lock-holding session. Wait for them to see it.
2528
2950
  2. They release via: aria hive lock release --lock-id <ID> OR DELETE /api/hive/session-lock.
@@ -2541,6 +2963,8 @@ causes merge conflicts and state divergence. Explicit coordination is the only s
2541
2963
  hookEventName: 'PreToolUse',
2542
2964
  conflicting_locks: _conflictingLocks,
2543
2965
  auto_coordination_messages: _autoMessageIds,
2966
+ hive_file_touch_context: _touchContext,
2967
+ hive_thread_context: _threadContext,
2544
2968
  recovery: {
2545
2969
  action: 'wait_for_lock_release_then_retry',
2546
2970
  file_path: _lockCheckPath,