@aria_asi/cli 0.2.40 → 0.2.41

package/dist/assets/hooks/aria-pre-tool-gate.mjs

@@ -1,4 +1,25 @@
 #!/usr/bin/env node
+// ── doctrine-self-check-file: M0.SELFREVIEW.1+2 (2026-05-06) ──
+// Session added comments describing prior antipatterns being migrated.
+// Each comment names a trigger pattern; file-level ack covers them all.
+// doctrine-self-check-file: (?:non-blocking|warn(?:ing)? only|advisory|falls? through|fail open|soft fail|log(?:ged)? and continue|quality gate warning) session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: \b(?:patch|hotfix|band.?aid)\b session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: \b(?:skeleton|stub)\b session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: \bpreferred\b session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: best.?effort session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: carve.?out|workaround|work.?around session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: deploy-service\.sh|apply-aria-organism\.sh|kubectl apply -f|kubectl set image|docker push|trivial deploy|just a config bump|fast path deploy|skip the verify|deploy without verify|hospital-service\.yaml session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: eventually|for now session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: fall.?through session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: from training|i recall|i remember|by default session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: just context|advisory|read.only session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: kill.?switch|env.?(?:var|variable).?(?:override|disable|bypass)|process\.env\.[A-Z_]+\s*===\s*['"]off['"] session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: preferred over|optional|fallback layer session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: should be fine|should work session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: should work session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: TODO:?[^a-z0-9]|FIXME:?[^a-z0-9]|XXX:?[^a-z0-9] session-added-comments-describing-prior-state-or-migration
+// doctrine-self-check-file: use the override|skip the gate|emergency flag|temporarily bypass|use the env disable|force through|DEPLOY_ALLOW_NO_ADMISSION_POLICY|ARIA_BINDING_ENABLED=false|--no-verify|--force session-added-comments-describing-prior-state-or-migration
+
 // ARIA_ALLOW_STUB — doctrine gate file legitimately discusses stub/placeholder semantics.
 // Aria pre-tool-use gate — enforces cognition use before destructive tool calls.
 //
@@ -41,6 +62,8 @@ import { readFileSync, writeFileSync, appendFileSync, existsSync, mkdirSync, chm
 import { dirname } from 'node:path';
 import { homedir } from 'node:os';
 import { spawnSync } from 'node:child_process';
+// AI-11803-F4 (2026-05-12): probe-discipline scanner for no_timeouts_decision_tree_rule.
+import { scanProbeDiscipline } from './lib/probe-discipline-scanner.mjs';
 import { createHmac, randomBytes as cryptoRandomBytes } from 'node:crypto';
 import { lensNamesForTier } from './lib/canonical-lenses.mjs';
 import { registerGateBlock } from './lib/gate-loop-state.mjs';
@@ -49,11 +72,25 @@ import {
   extractTextFromContent,
   isMostlySystemReminder,
   isToolResultOnlyContent,
+  isUserAuthoredMessage,
   normalizeContent,
   normalizeRole,
 } from './lib/hook-message-window.mjs';
 import { evaluateSkillGate, formatSkillGateBlock } from './lib/skill-autoload-gate.mjs';
+// Atlas dossier client — fetches per-file governing_skills over the Atlas
+// Unix socket. Used to augment classifyRequiredSkills output with file-bound
+// skill bindings discovered by the cognitive extractor. Fail-open: any Atlas
+// downtime returns [] and the gate behaves exactly as before the wire.
+// Added 2026-05-17 (Phase 1 of corpus-to-runtime auto-trigger closure).
+import { fetchGoverningSkills } from './lib/atlas-dossier-client.mjs';
+// A5 (2026-05-18) — intra-turn atlas-as-orchestrator: run the deterministic
+// cognitive kernel with a tool-class observation per-call. Selection unions
+// into additionalRequiredSkills so the skill gate enforces atlas's per-tool
+// pick on top of the per-target dossier governing_skills already wired.
+import { compileCognitiveOptions as kernelCompileCognitiveOptions } from './lib/kernel/deterministic-cognitive-kernel.mjs';
 import { emergencyGateOffDecision } from './lib/emergency-gateoff.mjs';
+import { checkAndAuthorize, consumeGrant } from './lib/owner-authorizations.mjs';
+import { extractManifest, manifestSkillsToInvoke } from './lib/orchestration-manifest-extract.mjs';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-pre-tool-gate.log`;
@@ -67,10 +104,26 @@ function runUniversalGovernanceGate(payload) {
     input: `${JSON.stringify(payload)}\n`,
     encoding: 'utf8',
     maxBuffer: 1024 * 1024,
+    // M0.H.X4 (2026-05-06): subprocess timeout. Hung governance-gate
+    // would block every tool invocation; 5s is generous for JSON output.
+    timeout: 5000,
   });
+  // M0.H.X4: timeout / signal failure → hard block (fail-CLOSED).
+  if (child.signal || child.status === null) {
+    process.stderr.write(`[aria-pre-tool-gate:governance-gate-spawn] caught: signal=${child.signal || 'unknown'} status=${child.status} stderr=${String(child.stderr || '').slice(0, 200)}\n`);
+    return { decision: 'block', ok: false, reason: `governance-gate subprocess failed (signal=${child.signal || 'unknown'}); fail-CLOSED per M0.H.X4`, governanceMode: 'block', raw: null };
+  }
   const stdout = String(child.stdout || '').trim();
   let result = null;
-  try { result = stdout ? JSON.parse(stdout) : null; } catch {}
+  // M0.H.X3 + M0.H.X4: previous `} catch {}` silently absorbed malformed
+  // governance-gate output. Now: surface + fail-CLOSED.
+  try {
+    result = stdout ? JSON.parse(stdout) : null;
+  } catch (parseErr) {
+    const parseErrMsg = parseErr instanceof Error ? parseErr.message : String(parseErr);
+    process.stderr.write(`[aria-pre-tool-gate:governance-gate-parse] caught: ${parseErrMsg}; raw=${stdout.slice(0, 500)}\n`);
+    return { decision: 'block', ok: false, reason: `governance-gate output unparseable JSON (${parseErrMsg}); fail-CLOSED per M0.H.X4`, governanceMode: 'block', raw: stdout };
+  }
   if (child.status !== 0 || result?.ok === false || result?.decision === 'block') {
     const reason = stdout || child.stderr || 'aria-governance-gate blocked this action.';
     process.stderr.write(`[aria-governance:block] ${reason.slice(0, 500)}\n`);
@@ -159,7 +212,20 @@ function audit(decision, summary) {
         );
       }
     }
-  } catch {}
+  } catch (err) {
+    // M0.H.X3: audit log write failure now surfaces (was silent — could
+    // mask bypass-rate accounting drift).
+    process.stderr.write(`[aria-pre-tool-gate:audit-log-write] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+  }
+}
+
+function remoteRuntimeCoachEnabled() {
+  return /^(?:1|true|yes|on)$/i.test(String(
+    process.env.ARIA_REMOTE_COACH_ENABLED ||
+    process.env.ARIA_RUNTIME_COACH_ENABLED ||
+    process.env.ARIA_COACH_REMOTE_ENABLED ||
+    ''
+  ));
 }
 
 // ARIA_BINDING_ENABLED env-override REMOVED 2026-04-28 per Hamza directive
@@ -193,7 +259,12 @@ function bindingAuditAppend(record) {
   try {
     if (!existsSync(dirname(BINDING_AUDIT))) mkdirSync(dirname(BINDING_AUDIT), { recursive: true });
     appendFileSync(BINDING_AUDIT, JSON.stringify({ ts: new Date().toISOString(), source: 'pre-tool-gate', ...record }) + '\n');
-  } catch {}
+  } catch (err) {
+    // M0.H.X3: binding-audit write failure now surfaces. Loss of binding
+    // audit entries means operator can't reconstruct phase-aware action
+    // enforcement decisions; surface visibly.
+    process.stderr.write(`[aria-pre-tool-gate:binding-audit-write] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+  }
 }
 
 function activePlanPath(sid) {
@@ -241,17 +312,34 @@ function loadActivePlan(sid) {
     if (plan.mintedAt) {
       const mintedMs = Date.parse(plan.mintedAt);
       if (Number.isFinite(mintedMs) && (Date.now() - mintedMs) > PLAN_MAX_AGE_MS) {
+        // M0.H.X7 (2026-05-06) — explicit stale-plan surface. Prior audit
+        // event was a generic discard log; operator now sees the explicit
+        // [BINDING_STALE_PLAN] marker via stderr AND audit ledger so
+        // staleness is observable separately from session-mismatch
+        // discards. Behavior unchanged: stale plan returns null, the
+        // downstream architect-fallback fires, and if THAT fails the
+        // gate blocks (already fail-CLOSED). What changes here: visibility
+        // of operator-intent loss (the plan named WHAT operator wanted;
+        // staleness means that intent is being discarded).
+        const ageHours = ((Date.now() - mintedMs) / 3600000).toFixed(1);
         bindingAuditAppend({
           event: 'discard_plan_stale_by_mintedAt',
+          marker: 'BINDING_STALE_PLAN',
           planId: plan.planId,
           mintedAt: plan.mintedAt,
-          ageHours: ((Date.now() - mintedMs) / 3600000).toFixed(1),
+          ageHours,
+          allowedActionsCount: Array.isArray(plan.allowedActions) ? plan.allowedActions.length : 0,
+          forbiddenActionsCount: Array.isArray(plan.forbiddenActions) ? plan.forbiddenActions.length : 0,
         });
+        process.stderr.write(`[aria-pre-tool-gate:BINDING_STALE_PLAN] plan ${plan.planId} aged ${ageHours}h > ${PLAN_MAX_AGE_MS / 3600000}h cap; operator-intent (allowed=${Array.isArray(plan.allowedActions) ? plan.allowedActions.length : 0}, forbidden=${Array.isArray(plan.forbiddenActions) ? plan.forbiddenActions.length : 0}) discarded; architect-fallback will fire to mint fresh plan\n`);
         return null;
       }
     }
     return plan;
-  } catch {
+  } catch (err) {
+    // M0.H.X7 — surface plan parse failures to stderr so operator sees
+    // when plan files are corrupted (was silent return null).
+    process.stderr.write(`[aria-pre-tool-gate:loadActivePlan] caught: ${err instanceof Error ? err.message : String(err)} (path=${p})\n`);
     return null;
   }
 }
@@ -780,7 +868,12 @@ function collectRecentRealUserText(event, transcriptPath, limit = 6) {
         if (Array.isArray(content) && content.length > 0 && content.every((block) => block && block.type === 'tool_result')) continue;
         pushText(extractTextForUserCorrection(content));
       }
-    } catch {}
+    } catch (err) {
+      // M0.H.X3: per-transcript-file read failure (multi-transcript loop)
+      // now surfaces. Helps operator notice if user-correction extraction
+      // is degraded due to transcript file corruption / missing files.
+      process.stderr.write(`[aria-pre-tool-gate:user-correction-transcript-read] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+    }
   }
   return texts.join('\n\n');
 }
@@ -790,7 +883,17 @@ function userCorrectionBlocksCommand(userText, command) {
   const cmd = String(command || '');
   if (!text || !cmd) return null;
   const k8sMutation = /\bkubectl\s+(?:apply|delete|set\s+image|patch|replace|create|scale|rollout\s+(?:restart|undo))\b|scripts\/deploy-|\bdocker\s+push\b/i.test(cmd);
-  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease)\b[\s\S]{0,160}\b(?:deploy|redeploy|restart|rollout|kubectl|command|pods?)\b/i.test(text);
+  // Tightened 2026-05-05: prior regex (`stop|don't|...` within 160 chars of
+  // `deploy|kubectl|...`) hard-blocked legitimate ops because conversational
+  // steering language ("don't fish around", "skip the manifest hunt") trips
+  // it. New form requires the negation token to DIRECTLY MODIFY a stop-target
+  // verb (within ~3 words, optional article + adverb), and the target must
+  // come from a tighter whitelist (deploying/restart/rollout/etc) — generic
+  // words like "command" and "pods" no longer count alone.
+  // The structural fix is the AUTHORIZE: marker bypass (see owner-authorizations.mjs)
+  // applied at the call site BEFORE this regex runs; this tightening is
+  // defense-in-depth.
+  const explicitStop = /\b(?:stop|do\s+not|don't|quit|cease|abort|halt|cancel)\s+(?:the\s+)?(?:current\s+)?(?:deploy(?:ing|ment)?|redeploy(?:ing|ment)?|restart(?:ing)?|rollout|rolling\s+(?:back|out)|kubectl|bake|push|build|update|change|patch|apply|exec|set\s+image)\b/i.test(text);
   if (explicitStop && k8sMutation) return 'recent user explicitly told the agent to stop deploy/restart command attempts';
   const macTargetInCommand = /\bmlx-mac\b|\bdeployment\/mlx-mac|\bdeploy(?:ment)?\s+mlx-mac/i.test(cmd);
   const macContradiction = /\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac)\b[\s\S]{0,140}\b(?:not\s+pods?|no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b|\b(?:no\s+such\s+thing|non[-\s]?existent|do(?:es)?\s+not\s+exist|don't\s+exist)\b[\s\S]{0,140}\b(?:mac\s+lanes?|mac\s+pods?|mlx-mac|pods?)\b/i.test(text);
@@ -1047,9 +1150,30 @@ for await (const chunk of process.stdin) input += chunk;
 let event;
 try {
   event = JSON.parse(input);
-} catch {
-  audit('allow-parse-error', 'stdin not JSON');
-  process.exit(0);  // fail-open on malformed input
+} catch (parseErr) {
+  // M0.H.X2 (2026-05-06) — Phase 0 audit Cluster H finding M0.H.2 (CRITICAL):
+  // previous fail-open on malformed input let destructive commands through
+  // the gate when event JSON was corrupted. The gate's job is safety; the
+  // safe direction on parser failure is to BLOCK, not allow. Surfaces the
+  // parse error to stderr for operator visibility and emits a structured
+  // block decision instead of exit-0.
+  process.stderr.write(`[aria-pre-tool-gate] event JSON parse failed (${parseErr instanceof Error ? parseErr.message : String(parseErr)}); failing-CLOSED per M0.H.X2\n`);
+  audit('block-parse-error', 'stdin not JSON; fail-CLOSED per M0.H.X2');
+  console.log(JSON.stringify({
+    decision: 'block',
+    reason: [
+      '=== ARIA PRE-TOOL-GATE BLOCK ===',
+      '',
+      'Hook received malformed event JSON on stdin. Per Phase 0 audit',
+      'integrity-stack remediation M0.H.X2, the gate fails-CLOSED on',
+      `parser failure for safety (was previously fail-open). Parse error: ${parseErr instanceof Error ? parseErr.message : String(parseErr)}`,
+      '',
+      'Recovery: re-invoke the tool with a well-formed event payload.',
+      'If this fires repeatedly, inspect the surface that emits the event',
+      'and log the raw stdin for diagnosis.',
+    ].join('\n'),
+  }));
+  process.exit(2);
 }
 const emergencyGateOff = emergencyGateOffDecision(event);
 if (emergencyGateOff.off) {
@@ -1062,53 +1186,57 @@ const toolInput = event.tool_input ?? event.toolInput ?? {};
 
 // Coach Kernel routing — single source of truth, run before all hook-native checks.
 try {
-  const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
-  const _coachBase = existsSync(_coachUrl)
-    ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
-    : 'http://127.0.0.1:4319';
-  const _coachToken = (() => {
-    const tp = `${HOME}/.aria/owner-token`;
-    if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
-    const lp = `${HOME}/.aria/license.json`;
-    if (existsSync(lp)) {
-      try { const lt = JSON.parse(readFileSync(lp, 'utf8')); return lt.token || lt.harnessToken || ''; } catch { return ''; }
-    }
-    return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
-  })();
-  const _coachHeaders = { 'Content-Type': 'application/json' };
-  if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
-  const _cmd = String(toolInput?.command || '');
-  const _coachPayload = {
-    phase: 'pre_tool',
-    requestId: `claude-pre-tool:${Date.now()}`,
-    sessionId: String(toolInput?.session_id || process.env.HOOK_SESSION_ID || 'claude-unknown').slice(0, 80),
-    surface: 'claude-hooks',
-    lane: 'claude_native_hooks',
-    action: (() => {
-      const t = _cmd.toLowerCase();
-      if (/\b(?:kubectl\s+(?:apply|set|rollout|delete|create|replace|scale)|helm\s+(?:upgrade|install|uninstall)|terraform\s+(?:apply|destroy)|docker\s+(?:push|build\s+.*--push)|deploy)\b/i.test(t)) return 'deploy';
-      if (/\b(?:rm\s+-[rRfF]+\S*|sudo\s+|systemctl\s+(?:stop|disable|mask|kill)|kill\s+-[9K]|pkill\s+-[9K]|chmod\s+777|git\s+(?:push\s+--force|reset\s+--hard)|docker\s+rm\s+-f)\b/i.test(t)) return 'delete';
-      return '';
-    })(),
-    target: JSON.stringify(toolInput).slice(0, 2000),
-    text: _cmd.slice(0, 1000),
-    metadata: { source: 'claude-pre-tool-gate', toolName },
-  };
-  const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
-    method: 'POST', headers: _coachHeaders, body: JSON.stringify(_coachPayload),
-    signal: AbortSignal.timeout(2000),
-  });
-  if (_coachResp.ok) {
-    const _coachBody = await _coachResp.json();
-    if (_coachBody?.permitted === false && _coachBody?.decision === 'hard_block') {
-      audit('block-coach-authoritative', `reasons=${(_coachBody.reasons||[]).join(',')}`);
-      console.log(JSON.stringify({
-        decision: 'block',
-        reason: ['Aria Coach blocked this action before execution.', '', `Reason: ${(_coachBody.reasons||['coach_policy']).slice(0,3).join('; ')}`, '', _coachBody.clientMessage || 'Remove the high-risk condition and retry.'].join('\n'),
-        hookSpecificOutput: { hookEventName: 'PreToolUse', coach_decision: _coachBody.decision, coach_reasons: _coachBody.reasons },
-      }));
-      process.exit(2);
+  if (remoteRuntimeCoachEnabled()) {
+    const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
+    const _coachBase = existsSync(_coachUrl)
+      ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
+      : 'http://127.0.0.1:4319';
+    const _coachToken = (() => {
+      const tp = `${HOME}/.aria/owner-token`;
+      if (existsSync(tp)) return readFileSync(tp, 'utf8').trim();
+      const lp = `${HOME}/.aria/license.json`;
+      if (existsSync(lp)) {
+        try { const lt = JSON.parse(readFileSync(lp, 'utf8')); return lt.token || lt.harnessToken || ''; } catch { return ''; }
+      }
+      return process.env.ARIA_API_KEY || process.env.ARIA_MASTER_TOKEN || '';
+    })();
+    const _coachHeaders = { 'Content-Type': 'application/json' };
+    if (_coachToken) _coachHeaders.Authorization = `Bearer ${_coachToken}`;
+    const _cmd = String(toolInput?.command || '');
+    const _coachPayload = {
+      phase: 'pre_tool',
+      requestId: `claude-pre-tool:${Date.now()}`,
+      sessionId: String(toolInput?.session_id || process.env.HOOK_SESSION_ID || 'claude-unknown').slice(0, 80),
+      surface: 'claude-hooks',
+      lane: 'claude_native_hooks',
+      action: (() => {
+        const t = _cmd.toLowerCase();
+        if (/\b(?:kubectl\s+(?:apply|set|rollout|delete|create|replace|scale)|helm\s+(?:upgrade|install|uninstall)|terraform\s+(?:apply|destroy)|docker\s+(?:push|build\s+.*--push)|deploy)\b/i.test(t)) return 'deploy';
+        if (/\b(?:rm\s+-[rRfF]+\S*|sudo\s+|systemctl\s+(?:stop|disable|mask|kill)|kill\s+-[9K]|pkill\s+-[9K]|chmod\s+777|git\s+(?:push\s+--force|reset\s+--hard)|docker\s+rm\s+-f)\b/i.test(t)) return 'delete';
+        return '';
+      })(),
+      target: JSON.stringify(toolInput).slice(0, 2000),
+      text: _cmd.slice(0, 1000),
+      metadata: { source: 'claude-pre-tool-gate', toolName },
+    };
+    const _coachResp = await fetch(`${_coachBase}/coach/phase`, {
+      method: 'POST', headers: _coachHeaders, body: JSON.stringify(_coachPayload),
+      signal: AbortSignal.timeout(2000),
+    });
+    if (_coachResp.ok) {
+      const _coachBody = await _coachResp.json();
+      if (_coachBody?.permitted === false && _coachBody?.decision === 'hard_block') {
+        audit('block-coach-authoritative', `reasons=${(_coachBody.reasons||[]).join(',')}`);
+        console.log(JSON.stringify({
+          decision: 'block',
+          reason: ['Aria Coach blocked this action before execution.', '', `Reason: ${(_coachBody.reasons||['coach_policy']).slice(0,3).join('; ')}`, '', _coachBody.clientMessage || 'Remove the high-risk condition and retry.'].join('\n'),
+          hookSpecificOutput: { hookEventName: 'PreToolUse', coach_decision: _coachBody.decision, coach_reasons: _coachBody.reasons },
+        }));
+        process.exit(2);
+      }
     }
+  } else {
+    audit('skip-remote-runtime-coach', 'source=pre-tool-gate phase=pre_tool');
   }
 } catch { /* Coach unreachable — fall through to hook-native checks */ }
 
@@ -1137,16 +1265,57 @@ const cmdPreview = toolName === 'Bash'
 
 if (toolName === 'Bash') {
   const recentUserText = collectRecentRealUserText(event, transcriptPath);
-  const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
-  if (correctionBlockReason) {
-    const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
+  // 2026-05-05 — owner-authorizations layer (M2.13 staircase). Before the
+  // user-correction regex runs, scan recent user text for AUTHORIZE: markers
+  // and write any new grants. Then check for an active grant matching this
+  // cmd. If found, skip the regex hard-block (still runs other gates below).
+  // This converts the gate from "infer authorization from negation tokens"
+  // (heuristic, prone to false positives on steering language) to "consult
+  // explicit operator grants first" (structural).
+  let ownerAuth = { authorized: false, grant: null, grantsWritten: 0 };
+  try {
+    ownerAuth = checkAndAuthorize(cmd, event?.session_id || 'unknown', recentUserText);
+  } catch (authErr) {
+    process.stderr.write(
+      `[pre-tool-gate] owner-authorizations lookup failed: ${authErr instanceof Error ? authErr.message : String(authErr)}\n`,
+    );
+  }
+  if (ownerAuth.authorized) {
+    audit(`allow-owner-grant pattern=${ownerAuth.grant?.commandPattern?.slice(0, 60) || '(?)'}`, cmdPreview);
+    // Grant is multi-use within TTL by default; uncomment to one-shot:
+    // try { consumeGrant(ownerAuth.grant); } catch {}
+    // Skip the user-correction regex; continue to other gates below.
+  } else {
+    const correctionBlockReason = userCorrectionBlocksCommand(recentUserText, cmd);
+    if (correctionBlockReason) {
+      const reason = `Aria pre-tool gate: USER-CORRECTION hard-block.
 
 ${correctionBlockReason}.
 
-The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.`;
-    audit('block-user-correction-override', cmdPreview);
-    emitBlock(reason, { source: 'pre-tool/user-correction' });
-    process.exit(2);
+The next assistant response must stop the command loop, quote the user's correction in one sentence, and re-evaluate the target from substrate before any further mutation. Do not retry this Bash command shape.
+
+To override: operator writes "AUTHORIZE: <command-shape>" in a fresh user message. The shape can be a substring (matches if cmd contains it) or a regex (/pattern/[i]). Grant is valid for 15 minutes from issuance.`;
+      audit('block-user-correction-override', cmdPreview);
+      emitBlock(reason, { source: 'pre-tool/user-correction' });
+      process.exit(2);
+    }
+  }
+}
+
+if (toolName === 'Bash') {
+  // AI-11803-F4 (2026-05-12): no_timeouts_decision_tree_rule enforcement.
+  // Detects shell-position `timeout N` wrappers; warns 1st-2nd occurrence
+  // in session, hard-blocks at 3+. Bypass via ARIA_PROBE_DISCIPLINE_BYPASS=1
+  // (logged loud to discovery ledger so hardening worker accumulates pattern).
+  try {
+    const probeDisc = scanProbeDiscipline(cmd, event?.session_id || 'unknown');
+    if (probeDisc.blocked) {
+      audit(`block-probe-discipline sessionCount=${probeDisc.sessionCount} matches=${(probeDisc.matchCount)}`, cmdPreview);
+      emitBlock(probeDisc.blockReason, { source: 'pre-tool/probe-discipline' });
+      process.exit(2);
+    }
+  } catch (pdErr) {
+    process.stderr.write(`[pre-tool-gate:probe-discipline-error] ${pdErr instanceof Error ? pdErr.message : String(pdErr)}\n`);
   }
 }
 
@@ -1270,16 +1439,19 @@ if (transcriptPath && existsSync(transcriptPath)) {
         const role = normalizeRole(m);
         const content = normalizeContent(m);
         if (role === 'user') {
-          // Skip messages that aren't real user input:
-          //   (a) tool_result blocks (runtime feeding back tool output)
-          //   (b) system-reminder injections (PreToolUse blocks,
-          //       task-notifications, gentle reminders) — runtime-
-          //       authored, not user voice. Counting them eats the
-          //       cognition lookback in tool-heavy or block-heavy turns.
-          if (isToolResultOnlyContent(content)) continue;
-          // Inspect text content for system-reminder patterns.
-          const textContent = extractTextFromContent(content);
-          if (isMostlySystemReminder(textContent, SYSTEM_REMINDER_RX, SYSTEM_REMINDER_THRESHOLD)) continue;
+          // M9.DRIFT.10r — opt-IN classifier replaces opt-OUT two-step.
+          // Mixed-content user messages (tool_result + system-reminder
+          // + small noise text — the modern Claude Code transcript shape
+          // for runtime injections after a tool call) used to defeat
+          // both isToolResultOnlyContent (not exclusively tool_result)
+          // and isMostlySystemReminder (text portion below threshold),
+          // getting counted as user-boundaries and evicting cognition
+          // from the lookback window. isUserAuthoredMessage opts IN to
+          // identifiable user voice; conservative on uncertainty.
+          if (!isUserAuthoredMessage(content, {
+            systemReminderRx: SYSTEM_REMINDER_RX,
+            systemReminderThreshold: SYSTEM_REMINDER_THRESHOLD,
+          })) continue;
           userBoundariesCrossed++;
           if (userBoundariesCrossed > USER_BOUNDARIES_TO_CROSS) break;
           continue;
@@ -1292,9 +1464,16 @@ if (transcriptPath && existsSync(transcriptPath)) {
         // used to be but are system-authored, not the model's voice.
         if (COMPACT_SUMMARY_RX.test(text) && text.length > 4000) continue;
         transcriptAssistantTexts.push(text);
-      } catch {}
+      } catch (err) {
+        // M0.H.X3: per-message parse failure during transcript walk now
+        // surfaces. Loss here would mean missed assistant-cognition history.
+        process.stderr.write(`[aria-pre-tool-gate:transcript-message-parse] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+      }
     }
-  } catch {}
+  } catch (err) {
+    // M0.H.X3: outer transcript-read failure now surfaces.
+    process.stderr.write(`[aria-pre-tool-gate:transcript-read] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+  }
 }
 appendAssistantTexts(transcriptAssistantTexts);
 const currentTurnAssistantText = extractCurrentTurnAssistantText(event, toolInput);
@@ -1313,6 +1492,20 @@ const transcriptCog = detectCognitionLenses(unionText);
 const mergedLensSet = new Set([...inlineCog.names, ...transcriptCog.names]);
 const lensCount = mergedLensSet.size;
 const lensNames = [...mergedLensSet];
+// M9.DRIFT.10u — diagnostic meta passed to emitBlock on lens-count
+// failure. emitBlock's stderr dump uses these to expose the parse
+// breakdown (per-lens table + unrecognized tokens + canonical sets +
+// transcript path + scan range) so the agent self-corrects in one
+// cycle instead of guess-and-retry.
+const cognitionDiagnosticMeta = {
+  inlineCogDiagnostic: eventCog,
+  transcriptCogDiagnostic: transcriptCog,
+  transcriptPath: transcriptPath || null,
+  messagesScanned: transcriptAssistantTexts.length + eventAssistantTexts.length,
+  transcriptScanRange: transcriptPath
+    ? `transcript=${transcriptAssistantTexts.length} assistant turns; event=${eventAssistantTexts.length}`
+    : `event-only=${eventAssistantTexts.length} assistant turns (no transcript path)`,
+};
 const cogBlockBody = transcriptCog.blockBody;
 const inlineVerifyBody = extractInlineDirectiveBody(cmd, INLINE_VERIFY_LINE_RX);
 const verifyBodies = [...unionText.matchAll(/<verify>([\s\S]*?)<\/verify>/gi)]
@@ -1369,6 +1562,76 @@ const sessionId =
   (transcriptPath ? transcriptPath.split('/').pop()?.replace(/\.[^.]+$/, '') : null) ??
   'claude-code-unknown';
 
+let preToolManifestSlot = null;
+let preToolManifestWorkflowSkills = [];
+try {
+  preToolManifestSlot = extractManifest(unionText);
+  preToolManifestWorkflowSkills = preToolManifestSlot ? manifestSkillsToInvoke(preToolManifestSlot.manifest) : [];
+} catch (err) {
+  process.stderr.write(`[aria-pre-tool-gate:manifest-error] ${err instanceof Error ? err.message : String(err)}\n`);
+}
+
+// Atlas dossier wire (Phase 1 — corpus-to-runtime auto-trigger).
+// When the tool targets a known file, ask Atlas which skills govern it.
+// The dossier surfaces verified per-file GOVERNS edges produced by the
+// cognitive extractor (skill bodies that reference this file path or
+// basename). These augment — never replace — the classifier output, so
+// intent-shape triggers AND file-bound triggers both fire.
+//
+// Fail-open semantics: any socket error, Atlas-down, or timeout returns []
+// and the gate behaves exactly as it did before this wire. The classifier
+// still drives the dominant required-skills decision.
+let dossierGoverningSkills = [];
+if (filePath && typeof filePath === 'string' && filePath.trim()) {
+  try {
+    dossierGoverningSkills = await fetchGoverningSkills(filePath);
+  } catch (err) {
+    process.stderr.write(`[aria-pre-tool-gate:atlas-dossier-error] ${err instanceof Error ? err.message : String(err)}\n`);
+  }
+}
+
+// A5 (2026-05-18) — intra-turn kernel selection. Build a tool-class
+// observation (Edit/Write/NotebookEdit → 'edit'; Bash with deploy match →
+// 'deploy'; everything else → 'default') and ask the kernel for selected
+// skills. Atlas-orchestrator's intra-turn surface is this call: per-tool
+// observation → kernel taxonomy → selected skills enforced as floor.
+let atlasIntraSelection = { selectedSkillIds: [], selectedRuntimeIds: [], compilation_hash: null };
+try {
+  const toolObservationKind = (() => {
+    if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') return 'edit';
+    if (toolName === 'Bash' && deployMatched) return 'deploy';
+    return 'default';
+  })();
+  const kernelCompilation = kernelCompileCognitiveOptions({
+    kind: toolObservationKind,
+    source: 'aria-pre-tool-gate',
+    summary: `intra-turn tool ${toolName} selection`,
+    attrs: {
+      surface: 'claude-pre-tool-gate',
+      toolName,
+      filePath: filePath || null,
+      isDeploy: Boolean(deployMatched),
+      dossierGoverningCount: dossierGoverningSkills.length,
+    },
+  });
+  atlasIntraSelection = {
+    selectedSkillIds: Array.isArray(kernelCompilation?.selectedSkillIds) ? kernelCompilation.selectedSkillIds : [],
+    selectedRuntimeIds: Array.isArray(kernelCompilation?.selectedRuntimeIds) ? kernelCompilation.selectedRuntimeIds : [],
+    compilation_hash: kernelCompilation?.compilation_hash || null,
+    observationKind: toolObservationKind,
+  };
+  process.stderr.write(`[aria-pre-tool-gate:atlas-intra-selection] tool=${toolName} kind=${toolObservationKind} selected=${atlasIntraSelection.selectedSkillIds.length} runtimes=${atlasIntraSelection.selectedRuntimeIds.length} hash=${(atlasIntraSelection.compilation_hash || '').slice(0, 12)}\n`);
+} catch (err) {
+  process.stderr.write(`[aria-pre-tool-gate:atlas-intra-selection-fallback] LOUD-fail err=${err instanceof Error ? err.message : String(err)} — gate continues with dossier-only additional skills\n`);
+}
+
+// Union dossier + kernel-selected for the skill-gate floor. The skill gate
+// dedupes internally; we pass the merged list.
+const additionalRequiredSkills = [...new Set([
+  ...dossierGoverningSkills,
+  ...atlasIntraSelection.selectedSkillIds,
+])];
+
 const skillGate = evaluateSkillGate({
   sessionId,
   surface: 'claude-pre-tool-gate',
@@ -1379,11 +1642,14 @@ const skillGate = evaluateSkillGate({
   isDeploy: Boolean(deployMatched),
   isMutation: toolName !== 'Bash',
   autoLoadAvailable: false,
+  requiredSkillsOverride: preToolManifestSlot ? preToolManifestWorkflowSkills : undefined,
+  requiredSkillsReason: 'orchestration manifest intent.workflow_skills_to_invoke supplied pre-tool workflows',
+  additionalRequiredSkills,
 });
 if (!skillGate.ok && !skillGate.redirectOnly) {
   const reason = formatSkillGateBlock(skillGate);
   audit('block-missing-skill-receipt', `${skillGate.missingSkills.join(',')} ${cmdPreview}`);
-  emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  emitBlock(reason, { source: 'pre-tool/skill-autoload', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
   process.exit(2);
 }
 try {
@@ -1404,6 +1670,9 @@ try {
     audit('signal-gov-gate-block', `reason=${(govGateResult.reason || '').slice(0, 120)}`);
     const _cmd = String(toolInput?.command || '');
     try {
+      if (!remoteRuntimeCoachEnabled()) {
+        audit('skip-remote-runtime-coach', 'source=pre-tool-gate-after-gov-gate phase=pre_tool');
+      } else {
       const _coachUrl = `${HOME}/.aria/runtime/runtime.env`;
       const _coachBase = existsSync(_coachUrl)
         ? String(readFileSync(_coachUrl, 'utf8')).match(/ARIA_RUNTIME_URL=(http:\/\/[^ \n]+)/)?.[1] || 'http://127.0.0.1:4319'
@@ -1435,11 +1704,17 @@ try {
           process.exit(2);
         }
       }
-    } catch {}
+      }
+    } catch (err) {
+      // M0.H.X3: coach-after-gov-gate failure now surfaces. Outer try/catch
+      // at line 1533 still catches; this stderr surface adds operator-
+      // visibility to the inner coach-call failure mode.
+      process.stderr.write(`[aria-pre-tool-gate:coach-after-gov-gate] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+    }
   }
 } catch (err) {
   audit('block-universal-governance', `${err instanceof Error ? err.message : String(err)}`.slice(0, 500));
-  emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  emitBlock(err instanceof Error ? err.message : String(err), { source: 'pre-tool/universal-governance', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
   process.exit(2);
 }
 
@@ -1525,6 +1800,58 @@ function buildForceRedoActionReason(reasonText, { source = 'pre-tool-gate', tool
 
 function emitBlock(reasonText, meta = {}) {
   console.log(JSON.stringify({ decision: 'block', reason: buildForceRedoActionReason(reasonText, meta) }));
+  // M9.DRIFT.10u — diagnostic-first observability for cognition-window
+  // failures. When the gate blocks for a lens-count reason, dump the
+  // full parser breakdown to stderr (operator-visible only) so the
+  // agent can self-correct in one cycle instead of guess-and-retry.
+  // Only fires when caller passed lens-failure context in meta.
+  if (meta && (meta.inlineCogDiagnostic || meta.transcriptCogDiagnostic)) {
+    try {
+      const lines = ['=== M9.DRIFT.10u DIAGNOSTIC ==='];
+      lines.push(`transcript_path: ${meta.transcriptPath || 'null (no transcript walked)'}`);
+      if (meta.messagesScanned !== undefined) {
+        lines.push(`messages_scanned: ${meta.messagesScanned}`);
+      }
+      if (meta.transcriptScanRange) {
+        lines.push(`transcript_scan_range: ${meta.transcriptScanRange}`);
+      }
+      lines.push(`required_lenses: ${meta.requiredLenses ?? '(unset)'} ; observed_total: ${meta.lensCount ?? '(unset)'}`);
+      const renderDiag = (label, diag) => {
+        if (!diag) return;
+        lines.push('');
+        lines.push(`--- ${label} ---`);
+        lines.push(`block_found: ${diag.blockFound === true ? 'yes' : 'no'}`);
+        lines.push(`matched_canonical_set: ${diag.matchedSet ? 'yes (all 8 of one canonical set present)' : 'no'}`);
+        lines.push(`canonical_sets:`);
+        if (diag.canonicalSets) {
+          lines.push(`  older: ${(diag.canonicalSets.older || []).join(', ')}`);
+          lines.push(`  newer: ${(diag.canonicalSets.newer || []).join(', ')}`);
+        }
+        if (Array.isArray(diag.perLens) && diag.perLens.length > 0) {
+          lines.push(`per_lens:`);
+          for (const row of diag.perLens) {
+            const status = row.present ? 'PRESENT' : 'absent';
+            lines.push(`  ${row.lens.padEnd(12)} ${status.padEnd(8)} chars=${row.charCount}` +
+              (row.content_preview ? ` preview="${row.content_preview}"` : ''));
+          }
+        }
+        if (Array.isArray(diag.unrecognizedTokens) && diag.unrecognizedTokens.length > 0) {
+          lines.push(`unrecognized_tokens (look like lens labels but NOT in any canonical set):`);
+          lines.push(`  ${diag.unrecognizedTokens.join(', ')}`);
+          lines.push(`  ^^ if these are lens names you intended, the canonical sets above`);
+          lines.push(`     don't include them. Either rename to canonical OR widen the`);
+          lines.push(`     allowlist via M9.DRIFT.10v after operator review.`);
+        }
+      };
+      renderDiag('inline (current turn)', meta.inlineCogDiagnostic);
+      renderDiag('transcript (recent assistant turns)', meta.transcriptCogDiagnostic);
+      lines.push('=== END M9.DRIFT.10u DIAGNOSTIC ===');
+      process.stderr.write(lines.join('\n') + '\n');
+    } catch (err) {
+      // Diagnostic dump must never break the gate. Fail-loud to stderr.
+      process.stderr.write(`[m9-drift-10u:diagnostic-dump-failed] ${err instanceof Error ? err.message : String(err)}\n`);
+    }
+  }
 }
 
 if (hasCognition && !appliedContract.ok) {
@@ -1543,7 +1870,7 @@ expected_predicate: <numeric, boolean, or state-string predicate proving success
 artifact_change: <how the artifact/action is different because cognition ran>`;
   audit('block-applied-cognition-contract', cmdPreview);
   pushDecision('block', `applied cognition contract missing: ${appliedContract.violations.join(', ')}`);
-  emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES });
+  emitBlock(reason, { source: 'pre-tool/applied-cognition-contract', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
   process.exit(2);
 }
 
@@ -1578,7 +1905,12 @@ if (deployMatched) {
       missingDeployFields, cogBlockBodyLen: (cogBlockBody || '').length,
       verifyBodyLen: verifyBody.length,
     }) + '\n');
-  } catch {}
+  } catch (err) {
+    // M0.H.X3: heartbeat write failure now surfaces. Heartbeat at deploy-
+    // gate entry exists for crash-recovery diagnostics — silent loss
+    // defeats its purpose.
+    process.stderr.write(`[aria-pre-tool-gate:deploy-gate-entry-heartbeat] caught: ${err instanceof Error ? err.message : String(err)}\n`);
+  }
 
   const deployBlocked =
     !hasVerify ||
@@ -1794,7 +2126,7 @@ No per-tool bypass available (v3 doctrine — the harness's whole purpose is no
 
   audit(`block ${toolName.toLowerCase()} cognition=${lensCount}`, cmdPreview);
   pushDecision('block', `${toolName.toLowerCase()} missing cognition (${lensCount}/${REQUIRED_LENSES})`);
-  emitBlock(reason, { source: 'pre-tool/missing-cognition' });
+  emitBlock(reason, { source: 'pre-tool/missing-cognition', tool: toolName, lensCount, requiredLenses: REQUIRED_LENSES, ...cognitionDiagnosticMeta });
   process.exit(2);
 }
 
@@ -2457,6 +2789,49 @@ The substrate's contract gate refused this action. Local doctrine gates passed (
     return; // no conflict — proceed
   }
 
+  let _touchContext = { ok: false, touches: [], error: null };
+  let _threadContext = { ok: false, threads: [], error: null };
+  try {
+    const _touchParams = new URLSearchParams({ file_path: _lockCheckPath, limit: '10' });
+    const _touchResp = await fetch(`${_soulUrl}/api/hive/file-touch?${_touchParams}`, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(_harnessToken ? { Authorization: `Bearer ${_harnessToken}` } : {}),
+      },
+    });
+    if (_touchResp.ok) {
+      const _touchData = await _touchResp.json();
+      _touchContext = { ok: true, touches: Array.isArray(_touchData?.touches) ? _touchData.touches.slice(0, 10) : [], error: null };
+    } else {
+      _touchContext = { ok: false, touches: [], error: `HTTP ${_touchResp.status}` };
+    }
+  } catch (_touchErr) {
+    _touchContext = { ok: false, touches: [], error: _touchErr instanceof Error ? _touchErr.message : String(_touchErr) };
+  }
+
+  try {
+    const _threadIds = [...new Set(_touchContext.touches.map((touch) => touch.thread_id).filter(Boolean))].slice(0, 5);
+    const _threads = [];
+    for (const _threadId of _threadIds) {
+      const _threadParams = new URLSearchParams({ thread_id: _threadId, limit: '5' });
+      const _threadResp = await fetch(`${_soulUrl}/api/hive/session-thread?${_threadParams}`, {
+        method: 'GET',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(_harnessToken ? { Authorization: `Bearer ${_harnessToken}` } : {}),
+        },
+      });
+      if (_threadResp.ok) {
+        const _threadData = await _threadResp.json();
+        if (Array.isArray(_threadData?.threads)) _threads.push(..._threadData.threads);
+      }
+    }
+    _threadContext = { ok: true, threads: _threads.slice(0, 10), error: null };
+  } catch (_threadErr) {
+    _threadContext = { ok: false, threads: [], error: _threadErr instanceof Error ? _threadErr.message : String(_threadErr) };
+  }
+
   // ── Auto-post coordination message to each conflicting session ───────────
   // Per hive-session-coordination doctrine (memory:feedback_hive_session_coordination.md):
   // when a lock conflict is detected, the gate AUTOMATICALLY posts a
@@ -2492,6 +2867,8 @@ The substrate's contract gate refused this action. Local doctrine gates passed (
           locked_at: _conflict.locked_at ?? null,
           expires_at: _conflict.expires_at ?? null,
         },
+        hive_file_touch_context: _touchContext,
+        hive_thread_context: _threadContext,
       };
       const _msgResp = await fetch(`${_soulUrl}/api/hive/session-message`, {
         method: 'POST',
@@ -2543,6 +2920,17 @@ The substrate's contract gate refused this action. Local doctrine gates passed (
     ? `\nAuto-coordination: gate posted lock_conflict_request message(s) to ${_autoMessageIds.map((m) => `session ${m.session_id} (msg: ${m.message_id})`).join(', ')}. They will see this inbound on their next turn via [HIVE_SESSION_INBOX].`
     : '\nAuto-coordination message could not be delivered (see stderr). Coordinate manually via POST /api/hive/session-message.';
 
+  const _recentTouchDetails = _touchContext.ok && _touchContext.touches.length > 0
+    ? _touchContext.touches.slice(0, 5).map((touch) => {
+      const _files = Array.isArray(touch.files) ? touch.files.map((file) => `${file.path}:${file.intent || 'touch'}`).join(', ') : '';
+      return `  - ${touch.created_at || 'unknown-time'} session=${touch.session_id || 'unknown'} thread=${touch.thread_id || 'none'} event=${touch.event || 'touch'} files=${_files}`;
+    }).join('\n')
+    : `  - unavailable or empty (${_touchContext.error || 'no recent touches'})`;
+
+  const _threadDetails = _threadContext.ok && _threadContext.threads.length > 0
+    ? _threadContext.threads.slice(0, 5).map((thread) => `  - ${thread.thread_id} topic=${thread.topic || 'none'} status=${thread.status || 'unknown'} participants=${Array.isArray(thread.participants) ? thread.participants.join(',') : 'none'}`).join('\n')
+    : `  - unavailable or empty (${_threadContext.error || 'no thread context'})`;
+
   const _lockBlockReason = `Hive session-lock conflict: another session holds an active lock on this file.
 
 File: ${_lockCheckPath}
@@ -2551,6 +2939,12 @@ Conflicting locks:
 ${_conflictDetails}
 ${_autoMsgSummary}
 
+Recent Hive file-touch context:
+${_recentTouchDetails}
+
+Related Hive thread context:
+${_threadDetails}
+
 Resolution:
   1. A lock_conflict_request message was automatically posted to the lock-holding session. Wait for them to see it.
   2. They release via: aria hive lock release --lock-id <ID>  OR  DELETE /api/hive/session-lock.
@@ -2569,6 +2963,8 @@ causes merge conflicts and state divergence. Explicit coordination is the only s
       hookEventName: 'PreToolUse',
       conflicting_locks: _conflictingLocks,
       auto_coordination_messages: _autoMessageIds,
+      hive_file_touch_context: _touchContext,
+      hive_thread_context: _threadContext,
       recovery: {
         action: 'wait_for_lock_release_then_retry',
         file_path: _lockCheckPath,