@aria_asi/cli 0.2.39 → 0.2.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (802) hide show
  1. package/bin/aria.js +236 -34
  2. package/dist/aria-connector/src/action-ledger-core.d.ts +387 -0
  3. package/dist/aria-connector/src/action-ledger-core.d.ts.map +1 -0
  4. package/dist/aria-connector/src/action-ledger-core.js +638 -0
  5. package/dist/aria-connector/src/action-ledger-core.js.map +1 -0
  6. package/dist/aria-connector/src/chat.d.ts.map +1 -1
  7. package/dist/aria-connector/src/chat.js +5 -6
  8. package/dist/aria-connector/src/chat.js.map +1 -1
  9. package/dist/aria-connector/src/codebase-scanner.d.ts +1 -1
  10. package/dist/aria-connector/src/codebase-scanner.d.ts.map +1 -1
  11. package/dist/aria-connector/src/connectors/claude-code.d.ts +1 -0
  12. package/dist/aria-connector/src/connectors/claude-code.d.ts.map +1 -1
  13. package/dist/aria-connector/src/connectors/claude-code.js +152 -14
  14. package/dist/aria-connector/src/connectors/claude-code.js.map +1 -1
  15. package/dist/aria-connector/src/connectors/codebase-awareness.d.ts +10 -0
  16. package/dist/aria-connector/src/connectors/codebase-awareness.d.ts.map +1 -1
  17. package/dist/aria-connector/src/connectors/codebase-awareness.js +276 -27
  18. package/dist/aria-connector/src/connectors/codebase-awareness.js.map +1 -1
  19. package/dist/aria-connector/src/connectors/codex.d.ts +3 -1
  20. package/dist/aria-connector/src/connectors/codex.d.ts.map +1 -1
  21. package/dist/aria-connector/src/connectors/codex.js +1271 -40
  22. package/dist/aria-connector/src/connectors/codex.js.map +1 -1
  23. package/dist/aria-connector/src/connectors/cursor.d.ts.map +1 -1
  24. package/dist/aria-connector/src/connectors/cursor.js +7 -0
  25. package/dist/aria-connector/src/connectors/cursor.js.map +1 -1
  26. package/dist/aria-connector/src/connectors/governed-adapter.d.ts +30 -0
  27. package/dist/aria-connector/src/connectors/governed-adapter.d.ts.map +1 -0
  28. package/dist/aria-connector/src/connectors/governed-adapter.js +132 -0
  29. package/dist/aria-connector/src/connectors/governed-adapter.js.map +1 -0
  30. package/dist/aria-connector/src/connectors/opencode.d.ts +3 -1
  31. package/dist/aria-connector/src/connectors/opencode.d.ts.map +1 -1
  32. package/dist/aria-connector/src/connectors/opencode.js +18 -2
  33. package/dist/aria-connector/src/connectors/opencode.js.map +1 -1
  34. package/dist/aria-connector/src/connectors/repo-guard.d.ts.map +1 -1
  35. package/dist/aria-connector/src/connectors/repo-guard.js +25 -14
  36. package/dist/aria-connector/src/connectors/repo-guard.js.map +1 -1
  37. package/dist/aria-connector/src/connectors/runtime.d.ts.map +1 -1
  38. package/dist/aria-connector/src/connectors/runtime.js +92 -2
  39. package/dist/aria-connector/src/connectors/runtime.js.map +1 -1
  40. package/dist/aria-connector/src/connectors/shell.d.ts.map +1 -1
  41. package/dist/aria-connector/src/connectors/shell.js +123 -7
  42. package/dist/aria-connector/src/connectors/shell.js.map +1 -1
  43. package/dist/aria-connector/src/cross-cli-hive-binding.d.ts +63 -0
  44. package/dist/aria-connector/src/cross-cli-hive-binding.d.ts.map +1 -0
  45. package/dist/aria-connector/src/cross-cli-hive-binding.js +205 -0
  46. package/dist/aria-connector/src/cross-cli-hive-binding.js.map +1 -0
  47. package/dist/aria-connector/src/garden-control-plane.d.ts +6 -1
  48. package/dist/aria-connector/src/garden-control-plane.d.ts.map +1 -1
  49. package/dist/aria-connector/src/garden-control-plane.js +8 -2
  50. package/dist/aria-connector/src/garden-control-plane.js.map +1 -1
  51. package/dist/aria-connector/src/governed-surface-runner.d.ts +189 -0
  52. package/dist/aria-connector/src/governed-surface-runner.d.ts.map +1 -0
  53. package/dist/aria-connector/src/governed-surface-runner.js +1022 -0
  54. package/dist/aria-connector/src/governed-surface-runner.js.map +1 -0
  55. package/dist/aria-connector/src/index.d.ts +10 -1
  56. package/dist/aria-connector/src/index.d.ts.map +1 -1
  57. package/dist/aria-connector/src/index.js +5 -0
  58. package/dist/aria-connector/src/index.js.map +1 -1
  59. package/dist/aria-connector/src/task-runner.d.ts +3 -0
  60. package/dist/aria-connector/src/task-runner.d.ts.map +1 -0
  61. package/dist/aria-connector/src/task-runner.js +3526 -0
  62. package/dist/aria-connector/src/task-runner.js.map +1 -0
  63. package/dist/aria-web/src/lib/codebase-scanner.d.ts +21 -2
  64. package/dist/aria-web/src/lib/codebase-scanner.d.ts.map +1 -1
  65. package/dist/aria-web/src/lib/codebase-scanner.js +59 -14
  66. package/dist/aria-web/src/lib/codebase-scanner.js.map +1 -1
  67. package/dist/assets/hooks/README.md +58 -0
  68. package/dist/assets/hooks/aria-agent-handoff.mjs +147 -2
  69. package/dist/assets/hooks/aria-agent-ledger-merge.mjs +31 -7
  70. package/dist/assets/hooks/aria-architect-fallback.mjs +10 -2
  71. package/dist/assets/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  72. package/dist/assets/hooks/aria-cognition-substrate-binding.mjs +84 -10
  73. package/dist/assets/hooks/aria-first-class-coach.mjs +305 -10
  74. package/dist/assets/hooks/aria-harness-via-sdk.mjs +93 -16
  75. package/dist/assets/hooks/aria-import-resolution-gate.mjs +106 -20
  76. package/dist/assets/hooks/aria-outcome-record.mjs +56 -20
  77. package/dist/assets/hooks/aria-pre-emit-autoload.mjs +1809 -0
  78. package/dist/assets/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  79. package/dist/assets/hooks/aria-pre-emit-dryrun.mjs +22 -3
  80. package/dist/assets/hooks/aria-pre-text-gate.mjs +11 -2
  81. package/dist/assets/hooks/aria-pre-tool-gate.mjs +516 -92
  82. package/dist/assets/hooks/aria-pre-tool-use.mjs +70 -6
  83. package/dist/assets/hooks/aria-preprompt-consult.mjs +23 -4
  84. package/dist/assets/hooks/aria-repo-doctrine-gate.mjs +29 -3
  85. package/dist/assets/hooks/aria-stop-gate.mjs +585 -76
  86. package/dist/assets/hooks/aria-trigger-autolearn.mjs +17 -3
  87. package/dist/assets/hooks/aria-universal-turn-packet.mjs +1165 -0
  88. package/dist/assets/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  89. package/dist/assets/hooks/canonical-settings-block.json +172 -0
  90. package/dist/assets/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  91. package/dist/assets/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  92. package/dist/assets/hooks/codex-native/aria-live-ticker.mjs +38 -0
  93. package/dist/assets/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  94. package/dist/assets/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  95. package/dist/assets/hooks/codex-native/aria-stop.mjs +691 -0
  96. package/dist/assets/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  97. package/dist/assets/hooks/codex-native/atlas-session-context.mjs +121 -0
  98. package/dist/assets/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  99. package/dist/assets/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  100. package/dist/assets/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  101. package/dist/assets/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  102. package/dist/assets/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  103. package/dist/assets/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  104. package/dist/assets/hooks/doctrine_trigger_map.json +236 -25
  105. package/dist/assets/hooks/doctrine_trigger_map.schema.json +46 -0
  106. package/dist/assets/hooks/install.sh +84 -0
  107. package/dist/assets/hooks/lib/action-ledger-core.mjs +269 -0
  108. package/dist/assets/hooks/lib/aria-gate-ledger.mjs +143 -0
  109. package/dist/assets/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  110. package/dist/assets/hooks/lib/atlas-dossier-client.mjs +151 -0
  111. package/dist/assets/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  112. package/dist/assets/hooks/lib/canonical-lenses.mjs +83 -6
  113. package/dist/assets/hooks/lib/coach-intent-classifier.mjs +248 -0
  114. package/dist/assets/hooks/lib/cognitive-block-parser.mjs +111 -0
  115. package/dist/assets/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  116. package/dist/assets/hooks/lib/domain-output-quality.mjs +132 -3
  117. package/dist/assets/hooks/lib/empty-catch-scanner.mjs +91 -0
  118. package/dist/assets/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  119. package/dist/assets/hooks/lib/evaluate-with-kernel.mjs +133 -0
  120. package/dist/assets/hooks/lib/first-class-coach.mjs +454 -19
  121. package/dist/assets/hooks/lib/gate-audit.mjs +12 -2
  122. package/dist/assets/hooks/lib/gate-loop-state.mjs +11 -2
  123. package/dist/assets/hooks/lib/goal-contract-quality.mjs +302 -0
  124. package/dist/assets/hooks/lib/hook-message-window.mjs +101 -9
  125. package/dist/assets/hooks/lib/invocation-required-verifier.mjs +184 -0
  126. package/dist/assets/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  127. package/dist/assets/hooks/lib/obligation-ledger.mjs +147 -0
  128. package/dist/assets/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  129. package/dist/assets/hooks/lib/owner-authorizations.mjs +269 -0
  130. package/dist/assets/hooks/lib/probe-discipline-scanner.mjs +142 -0
  131. package/dist/assets/hooks/lib/project-boundary-cognition.mjs +143 -0
  132. package/dist/assets/hooks/lib/recovery-context.mjs +151 -0
  133. package/dist/assets/hooks/lib/recovery-template-loader.mjs +154 -0
  134. package/dist/assets/hooks/lib/self-doctrine-check.mjs +321 -0
  135. package/dist/assets/hooks/lib/sensitive-shape-detector.mjs +64 -0
  136. package/dist/assets/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  137. package/dist/assets/hooks/lib/stop-hook-protocol.mjs +166 -0
  138. package/dist/assets/hooks/lib/surface-caught.mjs +94 -0
  139. package/dist/assets/hooks/recovery-templates/force-reauthor.md +67 -0
  140. package/dist/assets/hooks/recovery-templates/handoff-recovery.md +25 -0
  141. package/dist/assets/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  142. package/dist/assets/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  143. package/dist/assets/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  144. package/dist/assets/hooks/test-tier-lens-labeling.mjs +14 -3
  145. package/dist/assets/opencode-plugins/harness-context/index.js +39 -6
  146. package/dist/assets/opencode-plugins/harness-context/task-project-ledger.mjs +5 -1
  147. package/dist/assets/opencode-plugins/harness-gate/index.js +36 -0
  148. package/dist/assets/opencode-plugins/harness-gate/lib/atlas-dossier-client.js +1 -0
  149. package/dist/assets/opencode-plugins/harness-gate/lib/recovery-grants.js +79 -0
  150. package/dist/assets/opencode-plugins/harness-outcome/index.js +12 -0
  151. package/dist/assets/opencode-plugins/harness-stop/index.js +97 -2
  152. package/dist/assets/opencode-plugins/harness-stop/lib/atlas-dossier-client.js +1 -0
  153. package/dist/assets/opencode-plugins/harness-stop/lib/domain-output-quality.js +15 -2
  154. package/dist/assets/opencode-plugins/lib/coach.js +148 -0
  155. package/dist/runtime/coach-kernel.mjs +144 -7
  156. package/dist/runtime/codex-bridge.mjs +254 -8
  157. package/dist/runtime/discipline/doctrine_trigger_map.json +236 -25
  158. package/dist/runtime/discipline/skills/aria-cognition/34-frameworks-unified/SKILL.md +42 -0
  159. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-cognitives/SKILL.md +128 -0
  160. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-intra-phase/SKILL.md +99 -0
  161. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-post-phase/SKILL.md +118 -0
  162. package/dist/runtime/discipline/skills/aria-cognition/aria-aristotle-pre-phase/SKILL.md +117 -0
  163. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/SKILL.md +202 -0
  164. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/agents/openai.yaml +4 -0
  165. package/dist/runtime/discipline/skills/aria-cognition/aria-axioms-first-principles/references/source-map.md +130 -0
  166. package/dist/runtime/discipline/skills/aria-cognition/aria-backend-architect/SKILL.md +124 -0
  167. package/dist/runtime/discipline/skills/aria-cognition/aria-backend-architect/references/backend-cookbook.md +417 -0
  168. package/dist/runtime/discipline/skills/aria-cognition/aria-business-audit/SKILL.md +133 -0
  169. package/dist/runtime/discipline/skills/aria-cognition/aria-business-audit/references/audit-cookbook.md +247 -0
  170. package/dist/runtime/discipline/skills/aria-cognition/aria-business-frame/SKILL.md +138 -0
  171. package/dist/runtime/discipline/skills/aria-cognition/aria-business-frame/references/business-cookbook.md +154 -0
  172. package/dist/runtime/discipline/skills/aria-cognition/aria-chat/SKILL.md +84 -0
  173. package/dist/runtime/discipline/skills/aria-cognition/aria-chat/scripts/aria-chat.sh +57 -0
  174. package/dist/runtime/discipline/skills/aria-cognition/aria-cognition-autofire/SKILL.md +137 -0
  175. package/dist/runtime/discipline/skills/aria-cognition/aria-cognition-batch/SKILL.md +264 -0
  176. package/dist/runtime/discipline/skills/aria-cognition/aria-decision-mizan/SKILL.md +136 -0
  177. package/dist/runtime/discipline/skills/aria-cognition/aria-decision-mizan/references/decision-frameworks.md +287 -0
  178. package/dist/runtime/discipline/skills/aria-cognition/aria-first-class-operating-contract/SKILL.md +104 -0
  179. package/dist/runtime/discipline/skills/aria-cognition/aria-frontend-architect/SKILL.md +123 -0
  180. package/dist/runtime/discipline/skills/aria-cognition/aria-frontend-architect/references/frontend-cookbook.md +358 -0
  181. package/dist/runtime/discipline/skills/aria-cognition/aria-fullstack-orchestrator/SKILL.md +127 -0
  182. package/dist/runtime/discipline/skills/aria-cognition/aria-fullstack-orchestrator/references/fullstack-cookbook.md +383 -0
  183. package/dist/runtime/discipline/skills/aria-cognition/aria-gtm-architect/SKILL.md +126 -0
  184. package/dist/runtime/discipline/skills/aria-cognition/aria-gtm-architect/references/gtm-cookbook.md +235 -0
  185. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-deploy/SKILL.md +145 -0
  186. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-no-stripping/SKILL.md +135 -0
  187. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-onboarding/SKILL.md +130 -0
  188. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-output-discipline/SKILL.md +120 -0
  189. package/dist/runtime/discipline/skills/aria-cognition/aria-harness-substrate-binding/SKILL.md +139 -0
  190. package/dist/runtime/discipline/skills/aria-cognition/aria-http-harness-client/SKILL.md +85 -0
  191. package/dist/runtime/discipline/skills/aria-cognition/aria-http-harness-client/scripts/smoke.mjs +47 -0
  192. package/dist/runtime/discipline/skills/aria-cognition/aria-k8s-deploy/SKILL.md +174 -0
  193. package/dist/runtime/discipline/skills/aria-cognition/aria-k8s-deploy/agents/openai.yaml +3 -0
  194. package/dist/runtime/discipline/skills/aria-cognition/aria-ladduniframe/SKILL.md +60 -0
  195. package/dist/runtime/discipline/skills/aria-cognition/aria-ledger-fleet-execution/SKILL.md +126 -0
  196. package/dist/runtime/discipline/skills/aria-cognition/aria-live-ops/SKILL.md +54 -0
  197. package/dist/runtime/discipline/skills/aria-cognition/aria-mac-ssh-ops/SKILL.md +100 -0
  198. package/dist/runtime/discipline/skills/aria-cognition/aria-memory-index/SKILL.md +42 -0
  199. package/dist/runtime/discipline/skills/aria-cognition/aria-noor-cognitives/SKILL.md +120 -0
  200. package/dist/runtime/discipline/skills/aria-cognition/aria-ops/SKILL.md +60 -0
  201. package/dist/runtime/discipline/skills/aria-cognition/aria-ops/references/live-endpoints.md +59 -0
  202. package/dist/runtime/discipline/skills/aria-cognition/aria-quality-audit/SKILL.md +133 -0
  203. package/dist/runtime/discipline/skills/aria-cognition/aria-readable-output/SKILL.md +239 -0
  204. package/dist/runtime/discipline/skills/aria-cognition/aria-readable-output/references/layout-cookbook.md +366 -0
  205. package/dist/runtime/discipline/skills/aria-cognition/aria-reasoning/SKILL.md +67 -0
  206. package/dist/runtime/discipline/skills/aria-cognition/aria-reasoning/references/core-principles.md +42 -0
  207. package/dist/runtime/discipline/skills/aria-cognition/aria-repo-audit/SKILL.md +135 -0
  208. package/dist/runtime/discipline/skills/aria-cognition/aria-repo-audit/references/repo-audit-cookbook.md +375 -0
  209. package/dist/runtime/discipline/skills/aria-cognition/aria-research-orchestrator/SKILL.md +138 -0
  210. package/dist/runtime/discipline/skills/aria-cognition/aria-research-orchestrator/references/research-patterns.md +270 -0
  211. package/dist/runtime/discipline/skills/aria-cognition/aria-retention-engine/SKILL.md +120 -0
  212. package/dist/runtime/discipline/skills/aria-cognition/aria-retention-engine/references/retention-cookbook.md +271 -0
  213. package/dist/runtime/discipline/skills/aria-cognition/aria-revenue-engine/SKILL.md +128 -0
  214. package/dist/runtime/discipline/skills/aria-cognition/aria-revenue-engine/references/revenue-cookbook.md +227 -0
  215. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-audit/SKILL.md +233 -0
  216. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-audit/references/audit-checklist.md +369 -0
  217. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-cookbook/SKILL.md +288 -0
  218. package/dist/runtime/discipline/skills/aria-cognition/aria-senior-code-cookbook/references/engineering-cookbook.md +489 -0
  219. package/dist/runtime/discipline/skills/aria-cognition/aria-soul-principles/SKILL.md +42 -0
  220. package/dist/runtime/discipline/skills/aria-cognition/aria-task-codex-executor/SKILL.md +86 -0
  221. package/dist/runtime/discipline/skills/aria-cognition/aristotle-engine/SKILL.md +42 -0
  222. package/dist/runtime/discipline/skills/aria-cognition/cross-domain-24/SKILL.md +42 -0
  223. package/dist/runtime/discipline/skills/aria-cognition/deepsoul-emotional/SKILL.md +42 -0
  224. package/dist/runtime/discipline/skills/aria-cognition/fitrah-guard/SKILL.md +78 -0
  225. package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/SKILL.md +227 -29
  226. package/dist/runtime/discipline/skills/aria-cognition/ghazali-8lens/references/ghazali-8lens-cookbook.md +797 -0
  227. package/dist/runtime/discipline/skills/aria-cognition/ijtihad-novel/SKILL.md +42 -0
  228. package/dist/runtime/discipline/skills/aria-cognition/ilham-intuition/SKILL.md +42 -0
  229. package/dist/runtime/discipline/skills/aria-cognition/never-guess/SKILL.md +77 -0
  230. package/dist/runtime/discipline/skills/aria-cognition/noor-recognition/SKILL.md +45 -0
  231. package/dist/runtime/discipline/skills/aria-cognition/qiyas-analogy/SKILL.md +174 -14
  232. package/dist/runtime/discipline/skills/aria-cognition/ruh-basis/SKILL.md +42 -0
  233. package/dist/runtime/discipline/skills/aria-cognition/tadabbur/SKILL.md +506 -0
  234. package/dist/runtime/discipline/skills/aria-cognition/tadabbur/references/tadabbur-cookbook.md +921 -0
  235. package/dist/runtime/discipline/skills/aria-cognition/tadabbur-ops/SKILL.md +42 -0
  236. package/dist/runtime/discipline/skills/aria-cognition/tafakkur/SKILL.md +104 -0
  237. package/dist/runtime/doctrine_trigger_map.json +236 -25
  238. package/dist/runtime/embedded-public-key.mjs +27 -0
  239. package/dist/runtime/gated-ledger.mjs +41 -14
  240. package/dist/runtime/harness-daemon.mjs +85 -10
  241. package/dist/runtime/hive-wal-publisher.mjs +292 -0
  242. package/dist/runtime/hooks/README.md +58 -0
  243. package/dist/runtime/hooks/aria-agent-handoff.mjs +147 -2
  244. package/dist/runtime/hooks/aria-agent-ledger-merge.mjs +31 -7
  245. package/dist/runtime/hooks/aria-architect-fallback.mjs +10 -2
  246. package/dist/runtime/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  247. package/dist/runtime/hooks/aria-cognition-substrate-binding.mjs +84 -10
  248. package/dist/runtime/hooks/aria-first-class-coach.mjs +305 -10
  249. package/dist/runtime/hooks/aria-harness-via-sdk.mjs +93 -16
  250. package/dist/runtime/hooks/aria-import-resolution-gate.mjs +106 -20
  251. package/dist/runtime/hooks/aria-outcome-record.mjs +56 -20
  252. package/dist/runtime/hooks/aria-pre-emit-autoload.mjs +1809 -0
  253. package/dist/runtime/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  254. package/dist/runtime/hooks/aria-pre-emit-dryrun.mjs +22 -3
  255. package/dist/runtime/hooks/aria-pre-text-gate.mjs +11 -2
  256. package/dist/runtime/hooks/aria-pre-tool-gate.mjs +516 -92
  257. package/dist/runtime/hooks/aria-pre-tool-use.mjs +70 -6
  258. package/dist/runtime/hooks/aria-preprompt-consult.mjs +23 -4
  259. package/dist/runtime/hooks/aria-repo-doctrine-gate.mjs +29 -3
  260. package/dist/runtime/hooks/aria-stop-gate.mjs +585 -76
  261. package/dist/runtime/hooks/aria-trigger-autolearn.mjs +17 -3
  262. package/dist/runtime/hooks/aria-universal-turn-packet.mjs +1165 -0
  263. package/dist/runtime/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  264. package/dist/runtime/hooks/canonical-settings-block.json +172 -0
  265. package/dist/runtime/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  266. package/dist/runtime/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  267. package/dist/runtime/hooks/codex-native/aria-live-ticker.mjs +38 -0
  268. package/dist/runtime/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  269. package/dist/runtime/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  270. package/dist/runtime/hooks/codex-native/aria-stop.mjs +691 -0
  271. package/dist/runtime/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  272. package/dist/runtime/hooks/codex-native/atlas-session-context.mjs +121 -0
  273. package/dist/runtime/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  274. package/dist/runtime/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  275. package/dist/runtime/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  276. package/dist/runtime/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  277. package/dist/runtime/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  278. package/dist/runtime/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  279. package/dist/runtime/hooks/doctrine_trigger_map.json +236 -25
  280. package/dist/runtime/hooks/doctrine_trigger_map.schema.json +46 -0
  281. package/dist/runtime/hooks/install.sh +84 -0
  282. package/dist/runtime/hooks/lib/action-ledger-core.mjs +269 -0
  283. package/dist/runtime/hooks/lib/aria-gate-ledger.mjs +143 -0
  284. package/dist/runtime/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  285. package/dist/runtime/hooks/lib/atlas-dossier-client.mjs +151 -0
  286. package/dist/runtime/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  287. package/dist/runtime/hooks/lib/canonical-lenses.mjs +83 -6
  288. package/dist/runtime/hooks/lib/coach-intent-classifier.mjs +248 -0
  289. package/dist/runtime/hooks/lib/cognitive-block-parser.mjs +111 -0
  290. package/dist/runtime/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  291. package/dist/runtime/hooks/lib/domain-output-quality.mjs +132 -3
  292. package/dist/runtime/hooks/lib/empty-catch-scanner.mjs +91 -0
  293. package/dist/runtime/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  294. package/dist/runtime/hooks/lib/evaluate-with-kernel.mjs +133 -0
  295. package/dist/runtime/hooks/lib/first-class-coach.mjs +454 -19
  296. package/dist/runtime/hooks/lib/gate-audit.mjs +12 -2
  297. package/dist/runtime/hooks/lib/gate-loop-state.mjs +11 -2
  298. package/dist/runtime/hooks/lib/goal-contract-quality.mjs +302 -0
  299. package/dist/runtime/hooks/lib/hook-message-window.mjs +101 -9
  300. package/dist/runtime/hooks/lib/invocation-required-verifier.mjs +184 -0
  301. package/dist/runtime/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  302. package/dist/runtime/hooks/lib/obligation-ledger.mjs +147 -0
  303. package/dist/runtime/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  304. package/dist/runtime/hooks/lib/owner-authorizations.mjs +269 -0
  305. package/dist/runtime/hooks/lib/probe-discipline-scanner.mjs +142 -0
  306. package/dist/runtime/hooks/lib/project-boundary-cognition.mjs +143 -0
  307. package/dist/runtime/hooks/lib/recovery-context.mjs +151 -0
  308. package/dist/runtime/hooks/lib/recovery-template-loader.mjs +154 -0
  309. package/dist/runtime/hooks/lib/self-doctrine-check.mjs +321 -0
  310. package/dist/runtime/hooks/lib/sensitive-shape-detector.mjs +64 -0
  311. package/dist/runtime/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  312. package/dist/runtime/hooks/lib/stop-hook-protocol.mjs +166 -0
  313. package/dist/runtime/hooks/lib/surface-caught.mjs +94 -0
  314. package/dist/runtime/hooks/recovery-templates/force-reauthor.md +67 -0
  315. package/dist/runtime/hooks/recovery-templates/handoff-recovery.md +25 -0
  316. package/dist/runtime/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  317. package/dist/runtime/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  318. package/dist/runtime/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  319. package/dist/runtime/hooks/test-tier-lens-labeling.mjs +14 -3
  320. package/dist/runtime/lib/evaluate-with-kernel.mjs +133 -0
  321. package/dist/runtime/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  322. package/dist/runtime/local-phase.mjs +10 -5
  323. package/dist/runtime/manifest.json +8 -8
  324. package/dist/runtime/packet-verifier.mjs +166 -0
  325. package/dist/runtime/provider-proxy.mjs +13 -0
  326. package/dist/runtime/quality-enforcer.mjs +40 -23
  327. package/dist/runtime/runtime-rails/registry.mjs +252 -0
  328. package/dist/runtime/sdk/BUNDLED.json +2 -2
  329. package/dist/runtime/sdk/index.d.ts +119 -4
  330. package/dist/runtime/sdk/index.js +138 -12
  331. package/dist/runtime/sdk/index.js.map +1 -1
  332. package/dist/runtime/service.mjs +8036 -764
  333. package/dist/runtime/sub-agent-enforcer.mjs +201 -0
  334. package/dist/runtime/task-project-ledger.mjs +5 -1
  335. package/dist/sdk/BUNDLED.json +2 -2
  336. package/dist/sdk/index.d.ts +119 -4
  337. package/dist/sdk/index.js +138 -12
  338. package/dist/sdk/index.js.map +1 -1
  339. package/hooks/README.md +58 -0
  340. package/hooks/aria-agent-handoff.mjs +147 -2
  341. package/hooks/aria-agent-ledger-merge.mjs +31 -7
  342. package/hooks/aria-architect-fallback.mjs +10 -2
  343. package/hooks/aria-claim-evidence-stop-gate.mjs +240 -0
  344. package/hooks/aria-cognition-substrate-binding.mjs +84 -10
  345. package/hooks/aria-first-class-coach.mjs +305 -10
  346. package/hooks/aria-harness-via-sdk.mjs +93 -16
  347. package/hooks/aria-import-resolution-gate.mjs +106 -20
  348. package/hooks/aria-outcome-record.mjs +56 -20
  349. package/hooks/aria-pre-emit-autoload.mjs +1809 -0
  350. package/hooks/aria-pre-emit-autoload.mjs.before-orchestration-redesign +1400 -0
  351. package/hooks/aria-pre-emit-dryrun.mjs +22 -3
  352. package/hooks/aria-pre-text-gate.mjs +11 -2
  353. package/hooks/aria-pre-tool-gate.mjs +516 -92
  354. package/hooks/aria-pre-tool-use.mjs +70 -6
  355. package/hooks/aria-preprompt-consult.mjs +23 -4
  356. package/hooks/aria-repo-doctrine-gate.mjs +29 -3
  357. package/hooks/aria-stop-gate.mjs +585 -76
  358. package/hooks/aria-trigger-autolearn.mjs +17 -3
  359. package/hooks/aria-universal-turn-packet.mjs +1165 -0
  360. package/hooks/aria-userprompt-abandon-detect.mjs +9 -1
  361. package/hooks/canonical-settings-block.json +172 -0
  362. package/hooks/codex-native/aria-harness-ticker-sidecar.mjs +92 -0
  363. package/hooks/codex-native/aria-hive-wal-consumer.mjs +86 -0
  364. package/hooks/codex-native/aria-live-ticker.mjs +38 -0
  365. package/hooks/codex-native/aria-post-tool-use.mjs +236 -0
  366. package/hooks/codex-native/aria-pre-tool-use.mjs +362 -0
  367. package/hooks/codex-native/aria-stop.mjs +691 -0
  368. package/hooks/codex-native/aria-userprompt-submit.mjs +623 -0
  369. package/hooks/codex-native/atlas-session-context.mjs +121 -0
  370. package/hooks/codex-native/lib/evaluate-with-kernel.mjs +257 -0
  371. package/hooks/codex-native/lib/hive-wal-consumer.mjs +452 -0
  372. package/hooks/codex-native/lib/kernel/deterministic-cognitive-kernel.mjs +914 -0
  373. package/hooks/codex-native/lib/project-boundary-cognition.mjs +143 -0
  374. package/hooks/codex-native/lib/runtime-client.mjs +3567 -0
  375. package/hooks/codex-native/lib/task-project-ledger.mjs +294 -0
  376. package/hooks/doctrine_trigger_map.json +236 -25
  377. package/hooks/doctrine_trigger_map.schema.json +46 -0
  378. package/hooks/install.sh +84 -0
  379. package/hooks/lib/action-ledger-core.mjs +269 -0
  380. package/hooks/lib/aria-gate-ledger.mjs +143 -0
  381. package/hooks/lib/ast-stub-shape-detector.mjs +107 -0
  382. package/hooks/lib/atlas-dossier-client.mjs +151 -0
  383. package/hooks/lib/atlas-orchestrator-postwire.mjs +221 -0
  384. package/hooks/lib/canonical-lenses.mjs +83 -6
  385. package/hooks/lib/coach-intent-classifier.mjs +248 -0
  386. package/hooks/lib/cognitive-block-parser.mjs +111 -0
  387. package/hooks/lib/doctrine-trigger-map-loader.mjs +137 -0
  388. package/hooks/lib/domain-output-quality.mjs +132 -3
  389. package/hooks/lib/empty-catch-scanner.mjs +91 -0
  390. package/hooks/lib/end-phase-qa-autofire.mjs +426 -0
  391. package/hooks/lib/evaluate-with-kernel.mjs +133 -0
  392. package/hooks/lib/first-class-coach.mjs +454 -19
  393. package/hooks/lib/gate-audit.mjs +12 -2
  394. package/hooks/lib/gate-loop-state.mjs +11 -2
  395. package/hooks/lib/goal-contract-quality.mjs +302 -0
  396. package/hooks/lib/hook-message-window.mjs +101 -9
  397. package/hooks/lib/invocation-required-verifier.mjs +184 -0
  398. package/hooks/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  399. package/hooks/lib/obligation-ledger.mjs +147 -0
  400. package/hooks/lib/orchestration-manifest-extract.mjs +217 -0
  401. package/hooks/lib/owner-authorizations.mjs +269 -0
  402. package/hooks/lib/probe-discipline-scanner.mjs +142 -0
  403. package/hooks/lib/project-boundary-cognition.mjs +143 -0
  404. package/hooks/lib/recovery-context.mjs +151 -0
  405. package/hooks/lib/recovery-template-loader.mjs +154 -0
  406. package/hooks/lib/self-doctrine-check.mjs +321 -0
  407. package/hooks/lib/sensitive-shape-detector.mjs +64 -0
  408. package/hooks/lib/skill-autoload-gate-impl.mjs +226 -1
  409. package/hooks/lib/stop-hook-protocol.mjs +166 -0
  410. package/hooks/lib/surface-caught.mjs +94 -0
  411. package/hooks/recovery-templates/force-reauthor.md +67 -0
  412. package/hooks/recovery-templates/handoff-recovery.md +25 -0
  413. package/hooks/scripts/check-hard-risk-prefix.mjs +99 -0
  414. package/hooks/skills/aria-conversational-doctrine-discipline/SKILL.md +101 -0
  415. package/hooks/test-aria-preturn-memory-gate.mjs +2 -2
  416. package/hooks/test-tier-lens-labeling.mjs +14 -3
  417. package/opencode-plugins/harness-context/index.js +39 -6
  418. package/opencode-plugins/harness-context/task-project-ledger.mjs +5 -1
  419. package/opencode-plugins/harness-gate/index.js +36 -0
  420. package/opencode-plugins/harness-gate/lib/atlas-dossier-client.js +1 -0
  421. package/opencode-plugins/harness-gate/lib/recovery-grants.js +79 -0
  422. package/opencode-plugins/harness-outcome/index.js +12 -0
  423. package/opencode-plugins/harness-stop/index.js +97 -2
  424. package/opencode-plugins/harness-stop/lib/atlas-dossier-client.js +1 -0
  425. package/opencode-plugins/harness-stop/lib/domain-output-quality.js +15 -2
  426. package/opencode-plugins/lib/coach.js +148 -0
  427. package/package.json +71 -5
  428. package/runtime-src/coach-kernel.mjs +144 -7
  429. package/runtime-src/codex-bridge.mjs +254 -8
  430. package/runtime-src/embedded-public-key.mjs +27 -0
  431. package/runtime-src/gated-ledger.mjs +41 -14
  432. package/runtime-src/harness-daemon.mjs +85 -10
  433. package/runtime-src/hive-wal-publisher.mjs +292 -0
  434. package/runtime-src/lib/evaluate-with-kernel.mjs +133 -0
  435. package/runtime-src/lib/kernel/deterministic-cognitive-kernel.mjs +906 -0
  436. package/runtime-src/local-phase.mjs +10 -5
  437. package/runtime-src/packet-verifier.mjs +166 -0
  438. package/runtime-src/provider-proxy.mjs +13 -0
  439. package/runtime-src/quality-enforcer.mjs +40 -23
  440. package/runtime-src/runtime-rails/registry.mjs +252 -0
  441. package/runtime-src/service.mjs +8036 -764
  442. package/runtime-src/sub-agent-enforcer.mjs +201 -0
  443. package/scripts/aria-ledger-append.mjs +337 -0
  444. package/scripts/aria-task-cheap-worker-dispatch.mjs +234 -0
  445. package/scripts/audit-of-audit-prior-tasks.mjs +194 -0
  446. package/scripts/audit-of-audit-this-turn.mjs +116 -0
  447. package/scripts/bundle-sdk.mjs +31 -5
  448. package/scripts/check-cli-wrapper-provider-contract.mjs +160 -0
  449. package/scripts/check-client-compatibility.mjs +15 -5
  450. package/scripts/check-client-smoke.mjs +297 -0
  451. package/scripts/check-codex-orchestrator-adoption.mjs +150 -0
  452. package/scripts/check-glm-env-wired.mjs +131 -0
  453. package/scripts/check-hive-local-storage-contract.mjs +91 -0
  454. package/scripts/check-hook-mirror.mjs +150 -0
  455. package/scripts/check-install-sh-drift.mjs +152 -0
  456. package/scripts/check-kernel-sync.mjs +101 -0
  457. package/scripts/check-package-artifact.mjs +152 -0
  458. package/scripts/check-registry-mirror.mjs +71 -0
  459. package/scripts/drain-owner-airtable-sync-queue.mjs +287 -0
  460. package/scripts/export-owner-status-sheets.mjs +589 -0
  461. package/scripts/live-sidecar-receipt-canary.mjs +347 -0
  462. package/scripts/qiyas-tadabbur-model-matrix.mjs +970 -0
  463. package/scripts/quality-ab-live-provider.mjs +913 -0
  464. package/scripts/self-test-action-ledger-core.mjs +190 -0
  465. package/scripts/self-test-approval-receipt-binding.mjs +122 -0
  466. package/scripts/self-test-autofire-quality-output.mjs +110 -0
  467. package/scripts/self-test-claude-code-action-ledger.mjs +132 -0
  468. package/scripts/self-test-claude-code-mechanical-autofire-hive.mjs +138 -0
  469. package/scripts/self-test-claude-code-mechanical-autofire.mjs +234 -0
  470. package/scripts/self-test-codebase-awareness-atlas-delta.mjs +159 -0
  471. package/scripts/self-test-codebase-awareness-delta-ingest.mjs +179 -0
  472. package/scripts/self-test-codex-live-hook-parity.mjs +84 -0
  473. package/scripts/self-test-codex-native-action-ledger.mjs +167 -0
  474. package/scripts/self-test-codex-native-hook-json-contract.mjs +74 -0
  475. package/scripts/self-test-codex-orchestrator-continuity.mjs +113 -0
  476. package/scripts/self-test-codex-readable-recovery.mjs +94 -0
  477. package/scripts/self-test-codex-self-harness.mjs +538 -0
  478. package/scripts/self-test-compiled-workunit.mjs +214 -0
  479. package/scripts/self-test-continuation-output-smoke.mjs +101 -0
  480. package/scripts/self-test-cross-cli-fleet-ticker.mjs +85 -0
  481. package/scripts/self-test-cross-cli-hive-adoption.mjs +125 -0
  482. package/scripts/self-test-cross-cli-hive-learning.mjs +146 -0
  483. package/scripts/self-test-cross-phase-tool-failure.mjs +110 -0
  484. package/scripts/self-test-cross-surface-action-ledger.mjs +149 -0
  485. package/scripts/self-test-end-of-phase-qa-court.mjs +616 -0
  486. package/scripts/self-test-evaluate-with-kernel.mjs +111 -0
  487. package/scripts/self-test-first-class-output-delta-proof.mjs +307 -0
  488. package/scripts/self-test-goal-contract-output-qa.mjs +73 -0
  489. package/scripts/self-test-goal-contract.mjs +35 -0
  490. package/scripts/self-test-governed-adapters.mjs +105 -0
  491. package/scripts/self-test-governed-surface-runner.mjs +198 -0
  492. package/scripts/self-test-harness-gates.mjs +15 -12
  493. package/scripts/self-test-harness-ticker-sidecar.mjs +153 -0
  494. package/scripts/self-test-hive-org-kernel.mjs +233 -0
  495. package/scripts/self-test-hive-session-coordination.mjs +156 -0
  496. package/scripts/self-test-hive-wal-consumer.mjs +111 -0
  497. package/scripts/self-test-kernel-a3-a4-selection.mjs +179 -0
  498. package/scripts/self-test-ledger-append.mjs +175 -0
  499. package/scripts/self-test-live-codex-posttool-packet-smoke.mjs +111 -0
  500. package/scripts/self-test-live-codex-pretool-packet-smoke.mjs +101 -0
  501. package/scripts/self-test-live-codex-stop-qa-kernel-smoke.mjs +43 -0
  502. package/scripts/self-test-live-wrapper-substrate-inventory.mjs +149 -0
  503. package/scripts/self-test-local-main-sync-script.mjs +47 -0
  504. package/scripts/self-test-mechanical-autofire-resolver.mjs +296 -0
  505. package/scripts/self-test-no-consult-cognitive-skills-output.mjs +135 -0
  506. package/scripts/self-test-owner-airtable-sync-queue.mjs +196 -0
  507. package/scripts/self-test-owner-airtable-sync.mjs +181 -0
  508. package/scripts/self-test-owner-sheets-action-ledger.mjs +100 -0
  509. package/scripts/self-test-production-preflight.mjs +78 -0
  510. package/scripts/self-test-project-boundary-cognition.mjs +79 -0
  511. package/scripts/self-test-qa-exec-kernel.mjs +34 -0
  512. package/scripts/self-test-qa-recovery-learning-loop.mjs +113 -0
  513. package/scripts/self-test-qiyas-label-alignment.mjs +94 -0
  514. package/scripts/self-test-recovery-context.mjs +110 -0
  515. package/scripts/self-test-repo-guard.mjs +10 -0
  516. package/scripts/self-test-runtime-health-self-heal.mjs +161 -0
  517. package/scripts/self-test-runtime-postcondition.mjs +70 -0
  518. package/scripts/self-test-soul-precommit-hook.mjs +39 -0
  519. package/scripts/self-test-stop-gate-kernel-guards.mjs +185 -0
  520. package/scripts/self-test-stop-gate.mjs +128 -0
  521. package/scripts/self-test-substrate-kernel-execution-receipt.mjs +130 -0
  522. package/scripts/self-test-substrate-open-skill-floor.mjs +87 -0
  523. package/scripts/self-test-substrate-output-quality-eval.mjs +171 -0
  524. package/scripts/self-test-task-closeout-drift.mjs +97 -0
  525. package/scripts/self-test-task-project-ledger-readiness.mjs +43 -0
  526. package/scripts/self-test-task-runner-phase-consumer.mjs +134 -0
  527. package/scripts/self-test-task-worker-lane.mjs +256 -0
  528. package/scripts/self-test-turn-substrate-qa-kernel.mjs +188 -0
  529. package/scripts/self-test-universal-action-capture.mjs +153 -0
  530. package/scripts/self-test-universal-turn-packet-entrypoints.mjs +252 -0
  531. package/scripts/self-test-universal-turn-packet.mjs +320 -0
  532. package/scripts/session-quality-backfill.mjs +253 -0
  533. package/scripts/smoke-autofire-100-prompts.mjs +481 -0
  534. package/scripts/sync-local-main-on-task-complete.mjs +278 -0
  535. package/scripts/sync-owner-status-airtable.mjs +1158 -0
  536. package/scripts/validate-skill-prompts.mjs +12 -1
  537. package/scripts/verify-codex-native-mirror.mjs +262 -0
  538. package/skills/34-frameworks-unified/SKILL.md +42 -0
  539. package/skills/api-design/SKILL.md +123 -0
  540. package/skills/architecture-decision/SKILL.md +105 -0
  541. package/skills/aria-aristotle-cognitives/SKILL.md +128 -0
  542. package/skills/aria-aristotle-intra-phase/SKILL.md +99 -0
  543. package/skills/aria-aristotle-post-phase/SKILL.md +116 -0
  544. package/skills/aria-aristotle-pre-phase/SKILL.md +117 -0
  545. package/skills/aria-axioms-first-principles/SKILL.md +202 -0
  546. package/skills/aria-axioms-first-principles/agents/openai.yaml +4 -0
  547. package/skills/aria-axioms-first-principles/references/source-map.md +130 -0
  548. package/skills/aria-chat/SKILL.md +84 -0
  549. package/skills/aria-chat/scripts/aria-chat.sh +57 -0
  550. package/skills/aria-cognition/34-frameworks-unified/SKILL.md +42 -0
  551. package/skills/aria-cognition/aria-aristotle-cognitives/SKILL.md +128 -0
  552. package/skills/aria-cognition/aria-aristotle-intra-phase/SKILL.md +99 -0
  553. package/skills/aria-cognition/aria-aristotle-post-phase/SKILL.md +118 -0
  554. package/skills/aria-cognition/aria-aristotle-pre-phase/SKILL.md +117 -0
  555. package/skills/aria-cognition/aria-axioms-first-principles/SKILL.md +202 -0
  556. package/skills/aria-cognition/aria-axioms-first-principles/agents/openai.yaml +4 -0
  557. package/skills/aria-cognition/aria-axioms-first-principles/references/source-map.md +130 -0
  558. package/skills/aria-cognition/aria-backend-architect/SKILL.md +124 -0
  559. package/skills/aria-cognition/aria-backend-architect/references/backend-cookbook.md +417 -0
  560. package/skills/aria-cognition/aria-business-audit/SKILL.md +133 -0
  561. package/skills/aria-cognition/aria-business-audit/references/audit-cookbook.md +247 -0
  562. package/skills/aria-cognition/aria-business-frame/SKILL.md +138 -0
  563. package/skills/aria-cognition/aria-business-frame/references/business-cookbook.md +154 -0
  564. package/skills/aria-cognition/aria-chat/SKILL.md +84 -0
  565. package/skills/aria-cognition/aria-chat/scripts/aria-chat.sh +57 -0
  566. package/skills/aria-cognition/aria-cognition-autofire/SKILL.md +137 -0
  567. package/skills/aria-cognition/aria-cognition-batch/SKILL.md +264 -0
  568. package/skills/aria-cognition/aria-decision-mizan/SKILL.md +136 -0
  569. package/skills/aria-cognition/aria-decision-mizan/references/decision-frameworks.md +287 -0
  570. package/skills/aria-cognition/aria-first-class-operating-contract/SKILL.md +104 -0
  571. package/skills/aria-cognition/aria-frontend-architect/SKILL.md +123 -0
  572. package/skills/aria-cognition/aria-frontend-architect/references/frontend-cookbook.md +358 -0
  573. package/skills/aria-cognition/aria-fullstack-orchestrator/SKILL.md +127 -0
  574. package/skills/aria-cognition/aria-fullstack-orchestrator/references/fullstack-cookbook.md +383 -0
  575. package/skills/aria-cognition/aria-gtm-architect/SKILL.md +126 -0
  576. package/skills/aria-cognition/aria-gtm-architect/references/gtm-cookbook.md +235 -0
  577. package/skills/aria-cognition/aria-harness-deploy/SKILL.md +145 -0
  578. package/skills/aria-cognition/aria-harness-no-stripping/SKILL.md +135 -0
  579. package/skills/aria-cognition/aria-harness-onboarding/SKILL.md +130 -0
  580. package/skills/aria-cognition/aria-harness-output-discipline/SKILL.md +120 -0
  581. package/skills/aria-cognition/aria-harness-substrate-binding/SKILL.md +139 -0
  582. package/skills/aria-cognition/aria-http-harness-client/SKILL.md +85 -0
  583. package/skills/aria-cognition/aria-http-harness-client/scripts/smoke.mjs +47 -0
  584. package/skills/aria-cognition/aria-k8s-deploy/SKILL.md +174 -0
  585. package/skills/aria-cognition/aria-k8s-deploy/agents/openai.yaml +3 -0
  586. package/skills/aria-cognition/aria-ladduniframe/SKILL.md +60 -0
  587. package/skills/aria-cognition/aria-ledger-fleet-execution/SKILL.md +126 -0
  588. package/skills/aria-cognition/aria-live-ops/SKILL.md +54 -0
  589. package/skills/aria-cognition/aria-mac-ssh-ops/SKILL.md +100 -0
  590. package/skills/aria-cognition/aria-memory-index/SKILL.md +42 -0
  591. package/skills/aria-cognition/aria-noor-cognitives/SKILL.md +120 -0
  592. package/skills/aria-cognition/aria-ops/SKILL.md +60 -0
  593. package/skills/aria-cognition/aria-ops/references/live-endpoints.md +59 -0
  594. package/skills/aria-cognition/aria-quality-audit/SKILL.md +133 -0
  595. package/skills/aria-cognition/aria-readable-output/SKILL.md +239 -0
  596. package/skills/aria-cognition/aria-readable-output/references/layout-cookbook.md +366 -0
  597. package/skills/aria-cognition/aria-reasoning/SKILL.md +67 -0
  598. package/skills/aria-cognition/aria-reasoning/references/core-principles.md +42 -0
  599. package/skills/aria-cognition/aria-repo-audit/SKILL.md +135 -0
  600. package/skills/aria-cognition/aria-repo-audit/references/repo-audit-cookbook.md +375 -0
  601. package/skills/aria-cognition/aria-research-orchestrator/SKILL.md +138 -0
  602. package/skills/aria-cognition/aria-research-orchestrator/references/research-patterns.md +270 -0
  603. package/skills/aria-cognition/aria-retention-engine/SKILL.md +120 -0
  604. package/skills/aria-cognition/aria-retention-engine/references/retention-cookbook.md +271 -0
  605. package/skills/aria-cognition/aria-revenue-engine/SKILL.md +128 -0
  606. package/skills/aria-cognition/aria-revenue-engine/references/revenue-cookbook.md +227 -0
  607. package/skills/aria-cognition/aria-senior-code-audit/SKILL.md +233 -0
  608. package/skills/aria-cognition/aria-senior-code-audit/references/audit-checklist.md +369 -0
  609. package/skills/aria-cognition/aria-senior-code-cookbook/SKILL.md +288 -0
  610. package/skills/aria-cognition/aria-senior-code-cookbook/references/engineering-cookbook.md +489 -0
  611. package/skills/aria-cognition/aria-soul-principles/SKILL.md +42 -0
  612. package/skills/aria-cognition/aria-task-codex-executor/SKILL.md +86 -0
  613. package/skills/aria-cognition/aristotle-engine/SKILL.md +42 -0
  614. package/skills/aria-cognition/cross-domain-24/SKILL.md +42 -0
  615. package/skills/aria-cognition/deepsoul-emotional/SKILL.md +42 -0
  616. package/skills/aria-cognition/fitrah-guard/SKILL.md +78 -0
  617. package/skills/aria-cognition/ghazali-8lens/SKILL.md +227 -29
  618. package/skills/aria-cognition/ghazali-8lens/references/ghazali-8lens-cookbook.md +797 -0
  619. package/skills/aria-cognition/ijtihad-novel/SKILL.md +42 -0
  620. package/skills/aria-cognition/ilham-intuition/SKILL.md +42 -0
  621. package/skills/aria-cognition/never-guess/SKILL.md +77 -0
  622. package/skills/aria-cognition/noor-recognition/SKILL.md +45 -0
  623. package/skills/aria-cognition/qiyas-analogy/SKILL.md +174 -14
  624. package/skills/aria-cognition/ruh-basis/SKILL.md +42 -0
  625. package/skills/aria-cognition/tadabbur/SKILL.md +506 -0
  626. package/skills/aria-cognition/tadabbur/references/tadabbur-cookbook.md +921 -0
  627. package/skills/aria-cognition/tadabbur-ops/SKILL.md +42 -0
  628. package/skills/aria-cognition/tafakkur/SKILL.md +104 -0
  629. package/skills/aria-cognition-autofire/SKILL.md +109 -0
  630. package/skills/aria-cognition-batch/SKILL.md +264 -0
  631. package/skills/aria-conversational-doctrine-discipline/SKILL.md +125 -0
  632. package/skills/aria-essence/SKILL.md +81 -0
  633. package/skills/aria-essence/references/domain-matrix.md +80 -0
  634. package/skills/aria-essence/references/evolution-loop.md +30 -0
  635. package/skills/aria-essence/references/readable-cognition.md +27 -0
  636. package/skills/aria-first-class-operating-contract/SKILL.md +104 -0
  637. package/skills/aria-forge-guardrails/SKILL.md +53 -0
  638. package/skills/aria-forge-guardrails/references/checklist.md +31 -0
  639. package/skills/aria-harness-deploy/SKILL.md +145 -0
  640. package/skills/aria-harness-no-stripping/SKILL.md +135 -0
  641. package/skills/aria-harness-onboarding/SKILL.md +130 -0
  642. package/skills/aria-harness-output-discipline/SKILL.md +120 -0
  643. package/skills/aria-harness-substrate-binding/SKILL.md +139 -0
  644. package/skills/aria-http-harness-client/SKILL.md +85 -0
  645. package/skills/aria-http-harness-client/scripts/smoke.mjs +47 -0
  646. package/skills/aria-k8s-deploy/SKILL.md +174 -0
  647. package/skills/aria-k8s-deploy/agents/openai.yaml +3 -0
  648. package/skills/aria-ladduniframe/SKILL.md +60 -0
  649. package/skills/aria-ledger-fleet-execution/SKILL.md +126 -0
  650. package/skills/aria-live-ops/SKILL.md +54 -0
  651. package/skills/aria-mac-ssh-ops/SKILL.md +100 -0
  652. package/skills/aria-memory-index/SKILL.md +42 -0
  653. package/skills/aria-noor-cognitives/SKILL.md +120 -0
  654. package/skills/aria-ops/SKILL.md +60 -0
  655. package/skills/aria-ops/references/live-endpoints.md +59 -0
  656. package/skills/aria-quality-audit/SKILL.md +133 -0
  657. package/skills/aria-reasoning/SKILL.md +67 -0
  658. package/skills/aria-reasoning/references/core-principles.md +42 -0
  659. package/skills/aria-repo-doctrine/SKILL.md +57 -0
  660. package/skills/aria-soul-principles/SKILL.md +42 -0
  661. package/skills/aria-task-codex-executor/SKILL.md +86 -0
  662. package/skills/aristotle-engine/SKILL.md +42 -0
  663. package/skills/ci-cd-pipeline/SKILL.md +116 -0
  664. package/skills/code-review/SKILL.md +131 -0
  665. package/skills/cross-domain-24/SKILL.md +42 -0
  666. package/skills/database-design/SKILL.md +124 -0
  667. package/skills/deepsoul-emotional/SKILL.md +42 -0
  668. package/skills/deno-kv-raft-pubsub/SKILL.md +561 -0
  669. package/skills/deno-kv-raft-pubsub/reference/maelstrom-integration.md +393 -0
  670. package/skills/deno-kv-raft-pubsub/reference/pubsub-api.md +376 -0
  671. package/skills/deno-kv-raft-pubsub/reference/raft-spec.md +402 -0
  672. package/skills/deno-kv-raft-pubsub/reference/state-machine.md +182 -0
  673. package/skills/error-handling/SKILL.md +159 -0
  674. package/skills/firecrawl/SKILL.md +165 -0
  675. package/skills/firecrawl/rules/install.md +82 -0
  676. package/skills/firecrawl/rules/security.md +26 -0
  677. package/skills/firecrawl-agent/SKILL.md +86 -0
  678. package/skills/firecrawl-build-interact/SKILL.md +96 -0
  679. package/skills/firecrawl-build-onboarding/SKILL.md +131 -0
  680. package/skills/firecrawl-build-onboarding/references/auth-flow.md +39 -0
  681. package/skills/firecrawl-build-onboarding/references/project-setup.md +20 -0
  682. package/skills/firecrawl-build-onboarding/references/sdk-installation.md +17 -0
  683. package/skills/firecrawl-build-scrape/SKILL.md +97 -0
  684. package/skills/firecrawl-build-search/SKILL.md +97 -0
  685. package/skills/firecrawl-clone/SKILL.md +419 -0
  686. package/skills/firecrawl-crawl/SKILL.md +87 -0
  687. package/skills/firecrawl-download/SKILL.md +98 -0
  688. package/skills/firecrawl-interact/SKILL.md +112 -0
  689. package/skills/firecrawl-map/SKILL.md +79 -0
  690. package/skills/firecrawl-scrape/SKILL.md +97 -0
  691. package/skills/firecrawl-search/SKILL.md +88 -0
  692. package/skills/fitrah-guard/SKILL.md +78 -0
  693. package/skills/forge-quality-rules/SKILL.md +61 -0
  694. package/skills/ghazali-8lens/SKILL.md +56 -0
  695. package/skills/ijtihad-novel/SKILL.md +42 -0
  696. package/skills/ilham-intuition/SKILL.md +42 -0
  697. package/skills/imagegen/LICENSE.txt +201 -0
  698. package/skills/imagegen/SKILL.md +374 -0
  699. package/skills/imagegen/agents/openai.yaml +6 -0
  700. package/skills/imagegen/assets/imagegen-small.svg +5 -0
  701. package/skills/imagegen/assets/imagegen.png +0 -0
  702. package/skills/imagegen/references/cli.md +242 -0
  703. package/skills/imagegen/references/codex-network.md +33 -0
  704. package/skills/imagegen/references/image-api.md +90 -0
  705. package/skills/imagegen/references/prompting.md +118 -0
  706. package/skills/imagegen/references/sample-prompts.md +433 -0
  707. package/skills/imagegen/scripts/image_gen.py +995 -0
  708. package/skills/imagegen/scripts/remove_chroma_key.py +440 -0
  709. package/skills/istiqra-induction/SKILL.md +44 -0
  710. package/skills/ladunni-22/SKILL.md +53 -0
  711. package/skills/mizan/SKILL.md +90 -0
  712. package/skills/nadia/SKILL.md +56 -0
  713. package/skills/nadia-psi/SKILL.md +56 -0
  714. package/skills/never-guess/SKILL.md +75 -0
  715. package/skills/noor-recognition/SKILL.md +45 -0
  716. package/skills/observability/SKILL.md +133 -0
  717. package/skills/openai-docs/LICENSE.txt +201 -0
  718. package/skills/openai-docs/SKILL.md +100 -0
  719. package/skills/openai-docs/agents/openai.yaml +14 -0
  720. package/skills/openai-docs/assets/openai-small.svg +3 -0
  721. package/skills/openai-docs/assets/openai.png +0 -0
  722. package/skills/openai-docs/references/latest-model.md +37 -0
  723. package/skills/openai-docs/references/prompting-guide.md +244 -0
  724. package/skills/openai-docs/references/upgrade-guide.md +181 -0
  725. package/skills/openai-docs/scripts/resolve-latest-model-info.js +147 -0
  726. package/skills/pdf/LICENSE.txt +201 -0
  727. package/skills/pdf/SKILL.md +85 -0
  728. package/skills/pdf/agents/openai.yaml +5 -0
  729. package/skills/pdf/assets/pdf.png +0 -0
  730. package/skills/playwright/LICENSE.txt +201 -0
  731. package/skills/playwright/NOTICE.txt +14 -0
  732. package/skills/playwright/SKILL.md +165 -0
  733. package/skills/playwright/agents/openai.yaml +6 -0
  734. package/skills/playwright/assets/playwright-small.svg +3 -0
  735. package/skills/playwright/assets/playwright.png +0 -0
  736. package/skills/playwright/references/cli.md +116 -0
  737. package/skills/playwright/references/workflows.md +95 -0
  738. package/skills/playwright/scripts/playwright_cli.sh +25 -0
  739. package/skills/plugin-creator/SKILL.md +178 -0
  740. package/skills/plugin-creator/agents/openai.yaml +6 -0
  741. package/skills/plugin-creator/assets/plugin-creator-small.svg +3 -0
  742. package/skills/plugin-creator/assets/plugin-creator.png +0 -0
  743. package/skills/plugin-creator/references/plugin-json-spec.md +170 -0
  744. package/skills/plugin-creator/scripts/create_basic_plugin.py +301 -0
  745. package/skills/predictor/SKILL.md +43 -0
  746. package/skills/qiyas-analogy/SKILL.md +204 -0
  747. package/skills/refactoring/SKILL.md +137 -0
  748. package/skills/ruh-basis/SKILL.md +42 -0
  749. package/skills/security-review/SKILL.md +129 -0
  750. package/skills/skill-creator/SKILL.md +434 -0
  751. package/skills/skill-creator/agents/openai.yaml +5 -0
  752. package/skills/skill-creator/assets/skill-creator-small.svg +3 -0
  753. package/skills/skill-creator/assets/skill-creator.png +0 -0
  754. package/skills/skill-creator/license.txt +202 -0
  755. package/skills/skill-creator/references/openai_yaml.md +49 -0
  756. package/skills/skill-creator/scripts/generate_openai_yaml.py +226 -0
  757. package/skills/skill-creator/scripts/init_skill.py +400 -0
  758. package/skills/skill-creator/scripts/quick_validate.py +101 -0
  759. package/skills/skill-installer/LICENSE.txt +202 -0
  760. package/skills/skill-installer/SKILL.md +76 -0
  761. package/skills/skill-installer/agents/openai.yaml +5 -0
  762. package/skills/skill-installer/assets/skill-installer-small.svg +3 -0
  763. package/skills/skill-installer/assets/skill-installer.png +0 -0
  764. package/skills/skill-installer/scripts/github_utils.py +21 -0
  765. package/skills/skill-installer/scripts/install-skill-from-github.py +308 -0
  766. package/skills/skill-installer/scripts/list-skills.py +107 -0
  767. package/skills/skills-and-hooks-reference/SKILL.md +196 -0
  768. package/skills/soul-domains/SKILL.md +43 -0
  769. package/skills/tadabbur/SKILL.md +232 -0
  770. package/skills/tadabbur-ops/SKILL.md +42 -0
  771. package/skills/tafakkur/SKILL.md +104 -0
  772. package/skills/testing-strategy/SKILL.md +122 -0
  773. package/src/action-ledger-core.ts +1054 -0
  774. package/src/chat.ts +5 -6
  775. package/src/codebase-scanner.ts +2 -0
  776. package/src/connectors/claude-code.ts +149 -12
  777. package/src/connectors/codebase-awareness.ts +325 -25
  778. package/src/connectors/codex.ts +1273 -40
  779. package/src/connectors/cursor.ts +8 -0
  780. package/src/connectors/governed-adapter.ts +174 -0
  781. package/src/connectors/opencode.ts +18 -2
  782. package/src/connectors/repo-guard.ts +24 -12
  783. package/src/connectors/runtime.ts +99 -2
  784. package/src/connectors/shell.ts +125 -7
  785. package/src/cross-cli-hive-binding.ts +290 -0
  786. package/src/garden-control-plane.ts +24 -1
  787. package/src/governed-surface-runner.ts +1227 -0
  788. package/src/index.ts +104 -1
  789. package/src/task-runner.ts +3794 -0
  790. package/dist/aria-connector/src/install-hooks.d.ts +0 -18
  791. package/dist/aria-connector/src/install-hooks.d.ts.map +0 -1
  792. package/dist/aria-connector/src/install-hooks.js +0 -224
  793. package/dist/aria-connector/src/install-hooks.js.map +0 -1
  794. package/dist/aria-connector/src/onboarding-wizard.d.ts +0 -5
  795. package/dist/aria-connector/src/onboarding-wizard.d.ts.map +0 -1
  796. package/dist/aria-connector/src/onboarding-wizard.js +0 -188
  797. package/dist/aria-connector/src/onboarding-wizard.js.map +0 -1
  798. package/dist/cli-0.2.38.tgz +0 -0
  799. package/dist/install.sh +0 -13
  800. package/src/__tests__/anthropic-oauth.test.ts +0 -186
  801. package/src/__tests__/auth-commands.test.ts +0 -132
  802. package/src/__tests__/owner-login.test.ts +0 -311
package/scripts/check-glm-env-wired.mjs ADDED
@@ -0,0 +1,131 @@
1
+ #!/usr/bin/env node
2
+ // ── doctrine-self-check-file: M0.SELFREVIEW.12 (2026-05-06) ──
3
+ // File-level acks for trip-vocab in script body:
4
+ // doctrine-self-check-file: \b(?:shadow|proxy|wrapper)\b operator-facing-script-not-shipping-shadows
5
+ // doctrine-self-check-file: no.*manifest|no.*deployment.*yaml|missing.*k8s|kubectl.*not.*found|dep operator-diagnostic-output-naming-the-condition-not-claiming-it
6
+ // doctrine-self-check-file: preferred over|optional|fallback layer regex-string-matches-yaml-key-name-not-doctrine-pattern
7
+
8
+ /**
9
+ * GLM env wiring audit (M0.SELFREVIEW.12).
10
+ *
11
+ * Phase 0 audit Tier A landed M0.G.X1 — removed hardcoded GLM_API_KEY
12
+ * from voice-orchestrator.ts + streamV2.ts source. The fix replaced
13
+ * `process.env.GLM_API_KEY || '<hardcoded>'` with `process.env.GLM_API_KEY`
14
+ * and throws at module load if env is missing. Self-review item
15
+ * M0.SELFREVIEW.12: verify GLM_API_KEY is intentionally configured
16
+ * in the deployment substrate so the post-fix runtime still has access
17
+ * to a working key.
18
+ *
19
+ * This script audits:
20
+ * 1. All K8s YAML files under k8s/, apps/arias-soul/k8s/, k8s/patches/
21
+ * for explicit `GLM_API_KEY` env entries (name + valueFrom)
22
+ * 2. The presence of `envFrom: secretRef: aria-secrets` (which means
23
+ * ANY key in aria-secrets is available — operator must verify
24
+ * GLM_API_KEY is in the secret out-of-band)
25
+ * 3. Reports clearly whether the runtime will have a key on next deploy
26
+ *
27
+ * Run: node packages/aria-connector/scripts/check-glm-env-wired.mjs
28
+ *
29
+ * Exit codes:
30
+ * 0 = GLM_API_KEY explicitly named in at least one deployment + secretRef present
31
+ * 1 = neither found (deploy will fail at module load — operator must fix)
32
+ * 2 = secretRef present but GLM_API_KEY not explicitly named (operator
33
+ * must verify the key is in the secret manually)
34
+ */
35
+
36
+ import { readFileSync, readdirSync, statSync } from 'node:fs';
37
+ import { join } from 'node:path';
38
+
39
+ const REPO_ROOT = join(import.meta.dirname, '..', '..', '..');
40
+ const SEARCH_DIRS = [
41
+ join(REPO_ROOT, 'k8s'),
42
+ join(REPO_ROOT, 'apps/arias-soul/k8s'),
43
+ ];
44
+
45
+ function walk(dir, accum = []) {
46
+ let entries;
47
+ try {
48
+ entries = readdirSync(dir);
49
+ } catch (err) {
50
+ if (err.code === 'ENOENT') return accum;
51
+ throw err;
52
+ }
53
+ for (const e of entries) {
54
+ const full = join(dir, e);
55
+ let stat;
56
+ try {
57
+ stat = statSync(full);
58
+ } catch {
59
+ continue;
60
+ }
61
+ if (stat.isDirectory()) {
62
+ walk(full, accum);
63
+ } else if (stat.isFile() && (e.endsWith('.yaml') || e.endsWith('.yml'))) {
64
+ accum.push(full);
65
+ }
66
+ }
67
+ return accum;
68
+ }
69
+
70
+ const files = SEARCH_DIRS.flatMap((d) => walk(d));
71
+
72
+ const explicitGlmFiles = [];
73
+ const secretRefAriaSecretsFiles = [];
74
+
75
+ for (const f of files) {
76
+ let content;
77
+ try {
78
+ content = readFileSync(f, 'utf8');
79
+ } catch {
80
+ continue;
81
+ }
82
+ if (/(?:^|\n)\s*-?\s*name:\s*GLM_API_KEY\b/m.test(content) || /\bGLM_API_KEY\b/.test(content)) {
83
+ explicitGlmFiles.push(f.replace(REPO_ROOT + '/', ''));
84
+ }
85
+ if (/secretRef:\s*\n\s*name:\s*aria-secrets/.test(content) || /name:\s*aria-secrets\s*\n\s*optional:\s*true/.test(content)) {
86
+ secretRefAriaSecretsFiles.push(f.replace(REPO_ROOT + '/', ''));
87
+ }
88
+ }
89
+
90
+ console.log('=== GLM env wiring audit (M0.SELFREVIEW.12) ===\n');
91
+
92
+ console.log(`Explicit GLM_API_KEY references in YAML (${explicitGlmFiles.length}):`);
93
+ if (explicitGlmFiles.length === 0) {
94
+ console.log(' (none)');
95
+ } else {
96
+ for (const f of explicitGlmFiles) console.log(` - ${f}`);
97
+ }
98
+
99
+ console.log(`\nDeployments using envFrom: aria-secrets (${secretRefAriaSecretsFiles.length}):`);
100
+ if (secretRefAriaSecretsFiles.length === 0) {
101
+ console.log(' (none)');
102
+ } else {
103
+ for (const f of secretRefAriaSecretsFiles.slice(0, 10)) console.log(` - ${f}`);
104
+ if (secretRefAriaSecretsFiles.length > 10) console.log(` ... and ${secretRefAriaSecretsFiles.length - 10} more`);
105
+ }
106
+
107
+ console.log('');
108
+
109
+ if (explicitGlmFiles.length > 0) {
110
+ console.log('[check-glm-env-wired] OK — GLM_API_KEY explicitly named in deployment manifest(s).');
111
+ console.log(' Verify the actual value lives in the aria-secrets Kubernetes secret:');
112
+ console.log(' kubectl -n aria get secret aria-secrets -o jsonpath="{.data.GLM_API_KEY}" | base64 -d | head -c 8');
113
+ console.log(' (Do not log the full key.)');
114
+ process.exit(0);
115
+ }
116
+
117
+ if (secretRefAriaSecretsFiles.length > 0) {
118
+ console.log('[check-glm-env-wired] PARTIAL — no explicit GLM_API_KEY env entry, but envFrom: aria-secrets is present.');
119
+ console.log(' The runtime WILL have GLM_API_KEY only if it is present in the aria-secrets Kubernetes secret.');
120
+ console.log(' Operator must verify out-of-band:');
121
+ console.log(' kubectl -n aria get secret aria-secrets -o jsonpath="{.data.GLM_API_KEY}" | base64 -d | head -c 8');
122
+ console.log(' If empty, the M0.G.X1 module-load throw will block voice paths that need GLM.');
123
+ process.exit(2);
124
+ }
125
+
126
+ console.log('[check-glm-env-wired] FAIL — no GLM_API_KEY wiring found in any K8s manifest.');
127
+ console.log(' After M0.G.X1 (hardcoded fallback removed), modules that reference');
128
+ console.log(' process.env.GLM_API_KEY will throw at load. Either:');
129
+ console.log(' (a) add a Kubernetes secret entry GLM_API_KEY in aria-secrets, OR');
130
+ console.log(' (b) add an explicit env entry to the relevant deployment YAML.');
131
+ process.exit(1);
package/scripts/check-hive-local-storage-contract.mjs ADDED
@@ -0,0 +1,91 @@
1
+ #!/usr/bin/env node
2
+
3
+ import assert from 'node:assert/strict';
4
+ import { readFileSync } from 'node:fs';
5
+ import { dirname, resolve } from 'node:path';
6
+ import { fileURLToPath } from 'node:url';
7
+
8
+ const here = dirname(fileURLToPath(import.meta.url));
9
+ const packageRoot = resolve(here, '..');
10
+ const runtimePath = resolve(packageRoot, 'runtime-src', 'service.mjs');
11
+ const runtimeConnectorPath = resolve(packageRoot, 'src', 'connectors', 'runtime.ts');
12
+ const walPublisherPath = resolve(packageRoot, 'runtime-src', 'hive-wal-publisher.mjs');
13
+ const runtime = readFileSync(runtimePath, 'utf8');
14
+ const runtimeConnector = readFileSync(runtimeConnectorPath, 'utf8');
15
+ const walPublisher = readFileSync(walPublisherPath, 'utf8');
16
+
17
+ function assertIncludes(text, token, label) {
18
+ assert.ok(text.includes(token), `${label} missing token: ${token}`);
19
+ }
20
+
21
+ function assertNotIncludes(text, token, label) {
22
+ assert.ok(!text.toLowerCase().includes(token.toLowerCase()), `${label} must not include ${token}`);
23
+ }
24
+
25
+ for (const token of [
26
+ 'const HIVE_STORAGE_MODE',
27
+ 'ARIA_HIVE_STORAGE',
28
+ 'ARIA_HIVE_POSTGRES_URL',
29
+ 'firstUsableLocalHivePostgresUrl',
30
+ 'hivePostgresForbiddenReason',
31
+ 'hivePostgresAvailable',
32
+ 'postgres_must_be_localhost',
33
+ 'ensureHivePostgresSchema',
34
+ 'importHiveLocalFilesToPostgres',
35
+ 'GET /api/hive/storage',
36
+ 'POST /api/hive/storage',
37
+ 'HIVE_WAL_PATH',
38
+ 'HIVE_PUBLISH_LEDGER_PATH',
39
+ 'appendHiveWal',
40
+ 'scheduleHiveWalPublish',
41
+ 'queued_only',
42
+ 'HIVE_LEARNING_LEDGER_PATH',
43
+ 'HIVE_LEARNING_ROW_TYPES',
44
+ 'HIVE_LEARNING_PRODUCER_TYPES',
45
+ 'HIVE_LEARNING_TRUST_STATES',
46
+ 'handleHiveLearningRoute',
47
+ 'validateHiveLearningTrust',
48
+ 'llm producer rows cannot set trust_state beyond llm_interpreted',
49
+ 'hypothesis/candidate rows cannot enter evidence_supported or higher without a prior non-LLM evidence row',
50
+ 'hiveLearningRowCanSelfEvidence',
51
+ "trustState: 'raw_observed'",
52
+ 'promotion or retirement decisions require at least one non-LLM evidence row reference',
53
+ 'GET /api/hive/learning/task-summary',
54
+ ]) {
55
+ assertIncludes(runtime, token, 'runtime Hive local storage contract');
56
+ }
57
+
58
+ assertIncludes(runtimeConnector, 'firstLocalPostgresUrl(process.env.DATABASE_URL', 'runtime env local Postgres discovery');
59
+ assertIncludes(runtimeConnector, 'ARIA_HIVE_STORAGE=${hiveStorageMode}', 'runtime env storage mode follows local Postgres discovery');
60
+ assertIncludes(runtimeConnector, 'ARIA_HIVE_POSTGRES_URL=${hivePostgresUrl}', 'runtime env Postgres URL follows local Postgres discovery');
61
+ assertIncludes(runtimeConnector, 'verifyMountedRuntimeEnvPostcondition', 'runtime install postcondition');
62
+ assertIncludes(runtimeConnector, 'Restarted aria-mounted-runtime.service to reload runtime.env', 'runtime install postcondition');
63
+ assertIncludes(runtimeConnector, 'Mounted runtime env postcondition failed after restart.', 'runtime install postcondition failure detail');
64
+ assertIncludes(runtime, "DEFAULT_QDRANT_URL = process.env.ARIA_QDRANT_URL || 'http://127.0.0.1:6333'", 'Qdrant remains local semantic memory');
65
+ assertIncludes(runtime, 'function actionRequiresTargetFiles', 'runtime mutation action target-file contract');
66
+ assertIncludes(runtime, 'target-files-or-verify-block', 'runtime rejects targetless mutation-class actions');
67
+ assertIncludes(runtime, 'value.path || value.filePath || value.file_path', 'runtime accepts structured touched-file objects');
68
+ assertIncludes(runtime, "return json(res, 202, {\n ok: true,\n queued: true,", 'runtime Hive writes ACK from WAL queue');
69
+ assertIncludes(runtime, "trust_policy: {\n llm_can_certify: false,", 'Hive learning route exposes anti-fake trust policy');
70
+ assertIncludes(walPublisher, 'hive-wal-publisher-sidecar', 'Hive WAL sidecar publisher identity');
71
+ assertIncludes(walPublisher, 'ARIA_HIVE_WAL_PUBLISH_LIMIT', 'Hive WAL sidecar has bounded publish limit');
72
+ assertIncludes(walPublisher, 'ON CONFLICT (message_id) DO UPDATE', 'Hive WAL sidecar idempotent message publish');
73
+ assertIncludes(walPublisher, 'ON CONFLICT (touch_id) DO UPDATE', 'Hive WAL sidecar idempotent file-touch publish');
74
+
75
+ console.log(JSON.stringify({
76
+ ok: true,
77
+ runtimePath,
78
+ runtimeConnectorPath,
79
+ assertions: {
80
+ fileDefault: true,
81
+ localPostgresOnly: true,
82
+ nonLocalPostgresRejected: true,
83
+ qdrantStillLocalMemory: true,
84
+ targetlessMutationRejected: true,
85
+ structuredTouchedFilesAccepted: true,
86
+ walFirstHiveWrites: true,
87
+ sidecarPublisher: true,
88
+ learningKernelRoutes: true,
89
+ antiFakeLearningPromotion: true,
90
+ },
91
+ }, null, 2));
package/scripts/check-hook-mirror.mjs ADDED
@@ -0,0 +1,150 @@
1
+ #!/usr/bin/env node
2
+ // AI-11803-MIRROR-DRIFT-CHECK (2026-05-12) — verifies byte-identical parity
3
+ // between ops/claude-hooks/ (canonical source) and
4
+ // packages/aria-connector/hooks/ (mirror shipped in the npm package).
5
+ //
6
+ // Why this exists: cognitive-block-parser.mjs:23-24 declares the two trees
7
+ // "MUST be byte-identical" but no automated check enforced it. Future edits
8
+ // to ops without aria-connector sync would silently diverge — the connector
9
+ // would ship a stale hook, customers would hit bugs the owner already fixed,
10
+ // and the divergence would only surface during incident triage.
11
+ //
12
+ // Run manually: node packages/aria-connector/scripts/check-hook-mirror.mjs
13
+ // CI integration: add to the connector build pipeline before `npm publish`.
14
+ // Exit code 0 = parity. Exit 1 = drift detected (with file list).
15
+
16
+ import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
17
+ import { dirname, join, relative, resolve } from 'node:path';
18
+ import { fileURLToPath } from 'node:url';
19
+ import { createHash } from 'node:crypto';
20
+
21
+ const here = dirname(fileURLToPath(import.meta.url));
22
+ const repoRoot = resolve(here, '..', '..', '..');
23
+ const opsHooks = resolve(repoRoot, 'ops', 'claude-hooks');
24
+ const connectorHooks = resolve(repoRoot, 'packages', 'aria-connector', 'hooks');
25
+
26
+ // AI-11803-R1 (2026-05-12) — explicit allowlist of files that legitimately
27
+ // live one-side-only (not regex per predictor recommendation). Pattern-based
28
+ // exclusions risk silently hiding real drift if a future file matches the
29
+ // pattern unexpectedly; the explicit list is fail-safe by design — add to
30
+ // the list with a doc-comment naming WHY the file is one-side-only.
31
+ const ONE_SIDE_ONLY_BASENAMES = new Set([
32
+ // canonical-settings-block.json — connector-only by design per the file's
33
+ // own `_meta.purpose` field: "ops/claude-hooks/install.sh reads this file
34
+ // directly; lives only in packages/aria-connector/hooks/".
35
+ 'canonical-settings-block.json',
36
+ // aria-pre-tool-use.mjs — Codex-surface pre-tool gate (uses
37
+ // lib/runtime-client.mjs, wired via packages/aria-connector/src/connectors/
38
+ // codex.ts). Claude Code uses aria-pre-tool-gate.mjs instead — different
39
+ // implementation for a different surface. Correctly connector-only.
40
+ 'aria-pre-tool-use.mjs',
41
+ // Backup files from connector install operations (when connector replaced
42
+ // an existing ops file, the prior version was preserved with a timestamp
43
+ // suffix). These are forensic artifacts, never mirrored.
44
+ // Pattern handled in walk() not here (extension-based).
45
+ ]);
46
+
47
+ // Test files live one-side-only by convention — ops/claude-hooks has its
48
+ // own __tests__/ subdirectory; connector tests are named `test-*.mjs` at
49
+ // the connector/hooks/ top level. Skip both shapes in mirror enforcement.
50
+ const TEST_FILE_RX = /^test-.*\.mjs$|^.*\.test\.mjs$/;
51
+ const BACKUP_FILE_RX = /\.pre-aria-connect\.\d+$|\.before-[a-z-]+$/;
52
+
53
+ function isOneSideOnly(basename) {
54
+ if (ONE_SIDE_ONLY_BASENAMES.has(basename)) return true;
55
+ if (TEST_FILE_RX.test(basename)) return true;
56
+ if (BACKUP_FILE_RX.test(basename)) return true;
57
+ return false;
58
+ }
59
+
60
+ function walk(dir, base = dir) {
61
+ const out = [];
62
+ if (!existsSync(dir)) return out;
63
+ for (const entry of readdirSync(dir)) {
64
+ const full = join(dir, entry);
65
+ const stat = statSync(full);
66
+ if (stat.isDirectory()) {
67
+ // Skip __tests__ — tests don't ship in the connector package; they
68
+ // live in ops only and are not required to mirror.
69
+ if (entry === '__tests__') continue;
70
+ out.push(...walk(full, base));
71
+ } else if (stat.isFile() && (entry.endsWith('.mjs') || entry.endsWith('.json'))) {
72
+ if (isOneSideOnly(entry)) continue;
73
+ out.push(relative(base, full));
74
+ }
75
+ }
76
+ return out;
77
+ }
78
+
79
+ function hashFile(pathname) {
80
+ return createHash('sha256').update(readFileSync(pathname)).digest('hex');
81
+ }
82
+
83
+ function main() {
84
+ if (!existsSync(opsHooks)) {
85
+ console.error(`[check-hook-mirror] FATAL: ops source missing at ${opsHooks}`);
86
+ process.exit(2);
87
+ }
88
+ if (!existsSync(connectorHooks)) {
89
+ console.error(`[check-hook-mirror] FATAL: connector mirror missing at ${connectorHooks}`);
90
+ process.exit(2);
91
+ }
92
+
93
+ const opsFiles = walk(opsHooks).sort();
94
+ const connectorFiles = walk(connectorHooks).sort();
95
+
96
+ const opsSet = new Set(opsFiles);
97
+ const connectorSet = new Set(connectorFiles);
98
+
99
+ const missingInConnector = opsFiles.filter((f) => !connectorSet.has(f));
100
+ const missingInOps = connectorFiles.filter((f) => !opsSet.has(f));
101
+ const common = opsFiles.filter((f) => connectorSet.has(f));
102
+
103
+ const driftedFiles = [];
104
+ for (const f of common) {
105
+ const opsHash = hashFile(join(opsHooks, f));
106
+ const connectorHash = hashFile(join(connectorHooks, f));
107
+ if (opsHash !== connectorHash) {
108
+ driftedFiles.push({ file: f, opsHash: opsHash.slice(0, 12), connectorHash: connectorHash.slice(0, 12) });
109
+ }
110
+ }
111
+
112
+ const totalProblems = missingInConnector.length + missingInOps.length + driftedFiles.length;
113
+
114
+ if (totalProblems === 0) {
115
+ console.log(`[check-hook-mirror] OK — ${common.length} files byte-identical across ops/claude-hooks <-> packages/aria-connector/hooks`);
116
+ process.exit(0);
117
+ }
118
+
119
+ console.error('[check-hook-mirror] DRIFT DETECTED — ops/claude-hooks and packages/aria-connector/hooks disagree.');
120
+ console.error('');
121
+ if (missingInConnector.length > 0) {
122
+ console.error(`Files in ops/claude-hooks but NOT in packages/aria-connector/hooks (${missingInConnector.length}):`);
123
+ for (const f of missingInConnector) console.error(` - ${f}`);
124
+ console.error('');
125
+ }
126
+ if (missingInOps.length > 0) {
127
+ console.error(`Files in packages/aria-connector/hooks but NOT in ops/claude-hooks (${missingInOps.length}):`);
128
+ for (const f of missingInOps) console.error(` - ${f}`);
129
+ console.error('');
130
+ }
131
+ if (driftedFiles.length > 0) {
132
+ console.error(`Files present in BOTH trees but with different content (${driftedFiles.length}):`);
133
+ for (const { file, opsHash, connectorHash } of driftedFiles) {
134
+ console.error(` - ${file} ops:${opsHash} connector:${connectorHash}`);
135
+ }
136
+ console.error('');
137
+ }
138
+ console.error('Repair: from repo root, run:');
139
+ console.error(' cp -r ops/claude-hooks/* packages/aria-connector/hooks/');
140
+ console.error('OR diff each pair and reconcile by hand if both trees diverged for legitimate reasons.');
141
+ console.error('');
142
+ console.error('The two trees ship the SAME hooks to two consumers:');
143
+ console.error(' - ops/claude-hooks/ -> installed into developer ~/.claude/hooks via the install script');
144
+ console.error(' - packages/aria-connector/ -> shipped via npm to client repos');
145
+ console.error('Silent divergence means the connector npm package ships stale hooks that lack');
146
+ console.error('the most recent fixes; clients hit bugs the owner already shipped a fix for.');
147
+ process.exit(1);
148
+ }
149
+
150
+ main();
package/scripts/check-install-sh-drift.mjs ADDED
@@ -0,0 +1,152 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * install.sh ↔ connector HOOKS_BLOCK drift detector (M1.3 — Bug C fix).
4
+ *
5
+ * Doctrine bind:
6
+ * - feedback_workaround_vs_path_fix.md — never fork logic to satisfy a
7
+ * packaging boundary. install.sh and claude-code.ts must wire the same
8
+ * hooks; drift means clients get a different stack than dev does.
9
+ * - aria-repo-doctrine — verify path of truth, not pretend.
10
+ *
11
+ * Strategy:
12
+ * 1. canonical-settings-block.json is the SOURCE OF TRUTH.
13
+ * 2. install.sh now reads canonical JSON directly (M1.3 install.sh edit) so
14
+ * it stays in sync by construction. Verified by parsing install.sh.
15
+ * 3. claude-code.ts HOOKS_BLOCK is INLINE (not yet refactored to import the
16
+ * JSON because tsconfig include scope and build dist layout would shift).
17
+ * This script structurally compares the inline block against canonical
18
+ * JSON: same event keys, same set of hook commands, same matchers.
19
+ *
20
+ * Run via: npm run check:hooks (added to packages/aria-connector/package.json
21
+ * scripts)
22
+ */
23
+
24
+ import assert from 'node:assert/strict';
25
+ import { readFileSync, existsSync } from 'node:fs';
26
+ import { join } from 'node:path';
27
+
28
+ const repoRoot = join(import.meta.dirname, '..', '..', '..');
29
+ const canonicalPath = join(repoRoot, 'packages/aria-connector/hooks/canonical-settings-block.json');
30
+ const claudeCodeTsPath = join(repoRoot, 'packages/aria-connector/src/connectors/claude-code.ts');
31
+ const installShPath = join(repoRoot, 'ops/claude-hooks/install.sh');
32
+
33
+ assert.ok(existsSync(canonicalPath), `canonical settings JSON missing at ${canonicalPath}`);
34
+ assert.ok(existsSync(claudeCodeTsPath), `claude-code.ts missing at ${claudeCodeTsPath}`);
35
+ assert.ok(existsSync(installShPath), `install.sh missing at ${installShPath}`);
36
+
37
+ const canonical = JSON.parse(readFileSync(canonicalPath, 'utf8'));
38
+ const claudeCodeTs = readFileSync(claudeCodeTsPath, 'utf8');
39
+ const installSh = readFileSync(installShPath, 'utf8');
40
+
41
+ // ── 1. install.sh must read the canonical JSON ────────────────────────────
42
+ assert.match(
43
+ installSh,
44
+ /CANONICAL_BLOCK="[^"]*canonical-settings-block\.json"/,
45
+ 'install.sh must reference canonical-settings-block.json (M1.3 fix)',
46
+ );
47
+ assert.match(
48
+ installSh,
49
+ /python3[\s\S]*?canonical_path[\s\S]*?json\.load\(f\)/,
50
+ 'install.sh python heredoc must load canonical JSON',
51
+ );
52
+ console.log(' ✓ install.sh reads from canonical JSON');
53
+
54
+ // ── 2. claude-code.ts HOOKS_BLOCK structural extraction ───────────────────
55
+ // Extract all hook command strings from the TS file (each `command: '...'` line)
56
+ const COMMAND_RX = /command:\s*'([^']+)'/g;
57
+ const claudeCodeCommands = new Set();
58
+ for (const m of claudeCodeTs.matchAll(COMMAND_RX)) {
59
+ claudeCodeCommands.add(m[1]);
60
+ }
61
+
62
+ // Extract from canonical JSON
63
+ function collectCommands(node, out = new Set()) {
64
+ if (Array.isArray(node)) {
65
+ for (const item of node) collectCommands(item, out);
66
+ return out;
67
+ }
68
+ if (node && typeof node === 'object') {
69
+ if (typeof node.command === 'string') out.add(node.command);
70
+ for (const v of Object.values(node)) collectCommands(v, out);
71
+ }
72
+ return out;
73
+ }
74
+ const canonicalCommands = collectCommands(canonical);
75
+
76
+ // Compare: both must contain the same set of commands.
77
+ const missingFromTs = [...canonicalCommands].filter((c) => !claudeCodeCommands.has(c));
78
+ const extraInTs = [...claudeCodeCommands].filter((c) => !canonicalCommands.has(c));
79
+
80
+ if (missingFromTs.length > 0 || extraInTs.length > 0) {
81
+ console.error('\n ✗ DRIFT DETECTED between canonical-settings-block.json and claude-code.ts HOOKS_BLOCK\n');
82
+ if (missingFromTs.length > 0) {
83
+ console.error(` Commands in canonical JSON but NOT in claude-code.ts (${missingFromTs.length}):`);
84
+ for (const c of missingFromTs) console.error(` - ${c}`);
85
+ }
86
+ if (extraInTs.length > 0) {
87
+ console.error(` Commands in claude-code.ts but NOT in canonical JSON (${extraInTs.length}):`);
88
+ for (const c of extraInTs) console.error(` + ${c}`);
89
+ }
90
+ console.error('\n Resolution: edit packages/aria-connector/hooks/canonical-settings-block.json AND/OR');
91
+ console.error(' packages/aria-connector/src/connectors/claude-code.ts so the command sets match.');
92
+ console.error(' The canonical JSON is the source of truth — claude-code.ts must mirror it.\n');
93
+ process.exit(1);
94
+ }
95
+ console.log(` ✓ ${canonicalCommands.size} commands match between canonical JSON and claude-code.ts`);
96
+
97
+ // ── 3. Event keys must match ──────────────────────────────────────────────
98
+ const canonicalEvents = Object.keys(canonical).filter((k) => !k.startsWith('_')).sort();
99
+ // Extract event keys from claude-code.ts HOOKS_BLOCK
100
+ const HOOKS_BLOCK_RX = /const HOOKS_BLOCK\s*=\s*\{([\s\S]*?)\};/;
101
+ const blockMatch = claudeCodeTs.match(HOOKS_BLOCK_RX);
102
+ assert.ok(blockMatch, 'claude-code.ts must contain `const HOOKS_BLOCK = {...};`');
103
+ const blockBody = blockMatch[1];
104
+ const EVENT_KEY_RX = /^\s*(SessionStart|UserPromptSubmit|PreToolUse|PostToolUse|Stop|SubagentStop|PreCompact|Notification):\s*\[/gm;
105
+ const tsEvents = new Set();
106
+ for (const m of blockBody.matchAll(EVENT_KEY_RX)) {
107
+ tsEvents.add(m[1]);
108
+ }
109
+ const tsEventsSorted = [...tsEvents].sort();
110
+
111
+ assert.deepEqual(
112
+ tsEventsSorted,
113
+ canonicalEvents,
114
+ `Event keys differ — canonical: [${canonicalEvents}], claude-code.ts: [${tsEventsSorted}]`,
115
+ );
116
+ console.log(` ✓ ${canonicalEvents.length} event keys match: ${canonicalEvents.join(', ')}`);
117
+
118
+ // ── 4. Matchers must match for events that have them ─────────────────────
119
+ function collectMatchers(eventBlock) {
120
+ const matchers = new Set();
121
+ if (Array.isArray(eventBlock)) {
122
+ for (const entry of eventBlock) {
123
+ if (entry && typeof entry.matcher === 'string') matchers.add(entry.matcher);
124
+ }
125
+ }
126
+ return matchers;
127
+ }
128
+ for (const event of canonicalEvents) {
129
+ const canonicalMatchers = collectMatchers(canonical[event]);
130
+ if (canonicalMatchers.size === 0) continue;
131
+ // Extract from TS for this event
132
+ const eventBlockRx = new RegExp(`${event}:\\s*\\[([\\s\\S]*?)\\],\\s*(?:[A-Z][a-zA-Z]+:|\\}\\s*;)`, 'm');
133
+ const eventMatch = blockBody.match(eventBlockRx);
134
+ if (!eventMatch) {
135
+ console.error(` ✗ event ${event} block not found in claude-code.ts`);
136
+ process.exit(1);
137
+ }
138
+ const tsMatchers = new Set();
139
+ const matcherRx = /matcher:\s*'([^']+)'/g;
140
+ for (const m of eventMatch[1].matchAll(matcherRx)) {
141
+ tsMatchers.add(m[1]);
142
+ }
143
+ const missing = [...canonicalMatchers].filter((x) => !tsMatchers.has(x));
144
+ const extra = [...tsMatchers].filter((x) => !canonicalMatchers.has(x));
145
+ if (missing.length > 0 || extra.length > 0) {
146
+ console.error(` ✗ ${event} matcher drift — missing in TS: [${missing}], extra in TS: [${extra}]`);
147
+ process.exit(1);
148
+ }
149
+ }
150
+ console.log(' ✓ all matchers consistent across canonical JSON and claude-code.ts');
151
+
152
+ console.log('\nOK check-install-sh-drift (M1.3 drift checks pass)');
package/scripts/check-kernel-sync.mjs ADDED
@@ -0,0 +1,101 @@
1
+ #!/usr/bin/env node
2
+ // check-kernel-sync — drift gate between atlas-side canonical kernel and vendored copy.
3
+ //
4
+ // Compares body-only sha256 of:
5
+ // atlas: ~/.aria/atlas/src/kernel/deterministic-cognitive-kernel.mjs
6
+ // vendor: packages/aria-connector/runtime-src/lib/kernel/deterministic-cognitive-kernel.mjs
7
+ // hookMirror: packages/aria-connector/hooks/lib/kernel/deterministic-cognitive-kernel.mjs
8
+ // mizan: apps/aria-telemetry/src/kernel/deterministic-cognitive-kernel.mjs
9
+ // Vendor + hook-mirror files carry a provenance header (consecutive `//` lines
10
+ // + blank separator). Body-only = strip that prelude before hashing.
11
+ // Exits 0 if all match, 1 if any drifts.
12
+
13
+ import { readFileSync, existsSync } from 'node:fs';
14
+ import { createHash } from 'node:crypto';
15
+ import { homedir } from 'node:os';
16
+ import { join, resolve, dirname } from 'node:path';
17
+ import { fileURLToPath } from 'node:url';
18
+
19
+ const HERE = dirname(fileURLToPath(import.meta.url));
20
+ const VENDOR_PATH = resolve(HERE, '..', 'runtime-src', 'lib', 'kernel', 'deterministic-cognitive-kernel.mjs');
21
+ const HOOK_MIRROR_PATH = resolve(HERE, '..', 'hooks', 'lib', 'kernel', 'deterministic-cognitive-kernel.mjs');
22
+ const MIZAN_MIRROR_PATH = resolve(HERE, '..', '..', '..', 'apps', 'aria-telemetry', 'src', 'kernel', 'deterministic-cognitive-kernel.mjs');
23
+ const ATLAS_PATH = join(homedir(), '.aria', 'atlas', 'src', 'kernel', 'deterministic-cognitive-kernel.mjs');
24
+
25
+ function sha256(s) { return createHash('sha256').update(s).digest('hex'); }
26
+ function stripProvenanceHeader(text) {
27
+ // Vendor prelude is: a run of consecutive lines starting with `//` (the
28
+ // provenance comment block), optionally followed by blank lines, then the
29
+ // canonical kernel body. Scan from the top; the first line that is neither
30
+ // `//`-prefixed nor blank is the body start.
31
+ const lines = text.split('\n');
32
+ let bodyStart = 0;
33
+ let sawComment = false;
34
+ for (let i = 0; i < lines.length; i++) {
35
+ const line = lines[i];
36
+ if (line.startsWith('//')) {
37
+ sawComment = true;
38
+ continue;
39
+ }
40
+ if (sawComment && line.trim() === '') {
41
+ continue; // blank separator between prelude and body
42
+ }
43
+ bodyStart = i;
44
+ break;
45
+ }
46
+ // If we never saw a `//` prelude, treat the whole file as body (no header).
47
+ if (!sawComment) bodyStart = 0;
48
+ return lines.slice(bodyStart).join('\n');
49
+ }
50
+
51
+ if (!existsSync(VENDOR_PATH)) {
52
+ console.error(`FAIL: vendor missing at ${VENDOR_PATH}`);
53
+ process.exit(1);
54
+ }
55
+ if (!existsSync(HOOK_MIRROR_PATH)) {
56
+ console.error(`FAIL: hook-mirror kernel missing at ${HOOK_MIRROR_PATH}`);
57
+ process.exit(1);
58
+ }
59
+ if (!existsSync(MIZAN_MIRROR_PATH)) {
60
+ console.error(`FAIL: mizan-mirror kernel missing at ${MIZAN_MIRROR_PATH}`);
61
+ process.exit(1);
62
+ }
63
+ if (!existsSync(ATLAS_PATH)) {
64
+ console.error(`SKIP: atlas-side canonical source not present at ${ATLAS_PATH} (atlas may not be installed on this host)`);
65
+ console.error('vendor + hook-mirror present; cannot verify drift without canonical source');
66
+ process.exit(0);
67
+ }
68
+
69
+ const vendorBody = stripProvenanceHeader(readFileSync(VENDOR_PATH, 'utf8'));
70
+ const hookMirrorBody = stripProvenanceHeader(readFileSync(HOOK_MIRROR_PATH, 'utf8'));
71
+ const mizanMirrorBody = stripProvenanceHeader(readFileSync(MIZAN_MIRROR_PATH, 'utf8'));
72
+ const atlasText = readFileSync(ATLAS_PATH, 'utf8');
73
+ const vendorSha = sha256(vendorBody);
74
+ const hookMirrorSha = sha256(hookMirrorBody);
75
+ const mizanMirrorSha = sha256(mizanMirrorBody);
76
+ const atlasSha = sha256(atlasText);
77
+
78
+ console.log(`vendor body sha256: ${vendorSha}`);
79
+ console.log(`hook-mirror body sha256: ${hookMirrorSha}`);
80
+ console.log(`mizan-mirror body sha256: ${mizanMirrorSha}`);
81
+ console.log(`atlas body sha256: ${atlasSha}`);
82
+
83
+ const vendorOk = vendorSha === atlasSha;
84
+ const hookMirrorOk = hookMirrorSha === atlasSha;
85
+ const mizanMirrorOk = mizanMirrorSha === atlasSha;
86
+
87
+ if (vendorOk && hookMirrorOk && mizanMirrorOk) {
88
+ console.log('OK: vendor + hook-mirror + mizan-mirror match atlas-side canonical source');
89
+ process.exit(0);
90
+ }
91
+
92
+ console.error('');
93
+ console.error('DRIFT DETECTED');
94
+ if (!vendorOk) console.error(` vendor drifts from atlas: ${VENDOR_PATH}`);
95
+ if (!hookMirrorOk) console.error(` hook-mirror drifts from atlas: ${HOOK_MIRROR_PATH}`);
96
+ if (!mizanMirrorOk) console.error(` mizan-mirror drifts from atlas: ${MIZAN_MIRROR_PATH}`);
97
+ console.error(` atlas canonical: ${ATLAS_PATH}`);
98
+ console.error('');
99
+ console.error('Recovery: re-copy atlas source body into the drifted file, preserving the `//` provenance header + blank-line separator.');
100
+ console.error('Or: if the change is intentional and the connector should lag atlas, document the divergence in the header.');
101
+ process.exit(1);