@aria_asi/cli 0.2.40 → 0.2.41

package/src/governed-surface-runner.ts

@@ -0,0 +1,1227 @@
+import { createHash } from 'node:crypto';
+import { appendFileSync, existsSync, readFileSync } from 'node:fs';
+import { mkdir, readFile, stat, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import path from 'node:path';
+
+import { HarnessClient } from './harness-client.js';
+
+export type GovernedSurfaceId =
+  | 'codex'
+  | 'claude-code'
+  | 'opencode'
+  | 'shell'
+  | 'aria-chat'
+  | 'cursor'
+  | `future:${string}`;
+
+export type GovernedSurfaceAction =
+  | 'read'
+  | 'write'
+  | 'delete'
+  | 'build'
+  | 'deploy'
+  | 'install'
+  | 'hook'
+  | 'connector-mutation';
+
+export type UniversalTurnPacketPhase =
+  | 'pre_cognition'
+  | 'pre_tool'
+  | 'intra_tool'
+  | 'intra_cognition'
+  | 'post_tool'
+  | 'post_cognition';
+
+export interface GovernedSurfaceVerifyReceipt {
+  verified: boolean;
+  receipt: string;
+  productionApproved?: boolean;
+}
+
+export interface GovernedSurfaceRequest {
+  surfaceId: GovernedSurfaceId;
+  action: GovernedSurfaceAction;
+  target?: {
+    path?: string;
+    namespace?: string;
+    description?: string;
+  };
+  sandbox?: {
+    namespace?: string;
+    root?: string;
+  };
+  reason?: string;
+  verify?: GovernedSurfaceVerifyReceipt;
+  runtimeTimeoutMs?: number;
+}
+
+export interface GovernedSurfacePolicy {
+  runtimeUrl?: string;
+  sandboxRoot?: string;
+  governanceLedgerRoot?: string;
+  allowedNamespaces?: string[];
+  allowedTargetRoots?: string[];
+  allowActiveLocalProductionTargets?: boolean;
+  sessionId?: string;
+}
+
+export interface GovernedSurfaceVerdict {
+  ok: boolean;
+  blocked: boolean;
+  allowed: boolean;
+  executed: boolean;
+  reason?: string;
+  action?: GovernedSurfaceAction;
+  surfaceId?: GovernedSurfaceId;
+  namespace?: string;
+  target?: string | null;
+  runtimeStatus?: string | number;
+  runtimeData?: unknown;
+  result?: unknown;
+}
+
+export interface GovernedOutputVerdict {
+  passed: boolean;
+  severity: 'pass' | 'warn' | 'block';
+  violations: string[];
+  gateTriggers: string[];
+  raw?: unknown;
+  error?: string;
+}
+
+export interface UniversalTurnPacketRequest {
+  surfaceId: GovernedSurfaceId;
+  userText: string;
+  sessionId?: string;
+  requiredSkills?: string[];
+  correctionFindings?: string[];
+  ownerApproval?: {
+    ownerApprovalStatus?: 'approved_by_owner' | 'rejected_by_owner' | 'needs_revision_by_owner' | 'not_requested';
+    status?: 'approved_by_owner' | 'rejected_by_owner' | 'needs_revision_by_owner' | 'not_requested';
+    approvedBy?: string;
+    owner?: string;
+    approvedAt?: string;
+    at?: string;
+    source?: string;
+    scope?: string;
+    evidence?: string;
+  };
+  timeoutMs?: number;
+}
+
+export interface UniversalTurnPhaseReceipt {
+  phase: UniversalTurnPacketPhase;
+  ok: boolean;
+  evidence: Record<string, unknown>;
+  at: string;
+}
+
+export interface UniversalTurnPacketReceipt {
+  ok: boolean;
+  surfaceId: GovernedSurfaceId;
+  sessionId: string;
+  skillExecutionMode: 'mechanical-receipt' | 'full-prompt' | string;
+  skillExecutionReceipt: Record<string, unknown> | null;
+  skillFloor: number;
+  runtimeFloor: number;
+  requiredSkills: string[];
+  loadedSkillIds: string[];
+  activeRuntimes: string[];
+  runtimeRegistry: Record<string, unknown> | null;
+  doctrineRuntimeReceipt: Record<string, unknown> | null;
+  taskClass: string | null;
+  taskClassReceipt: Record<string, unknown> | null;
+  selectedExtraOperators: string[];
+  dynamicOperatorSelection: Record<string, unknown> | null;
+  substrateKernelExecution: Record<string, unknown> | null;
+  phaseRuntimeExecution: Record<string, unknown> | null;
+  gardenMemorySubstrate: Record<string, unknown> | null;
+  cognitiveRuntimeReceipts: Record<string, unknown> | null;
+  learningCandidateReceipts: unknown[];
+  operatorDeltaReceipts: unknown[];
+  weakQaEnhancementLoopReceipt: Record<string, unknown> | null;
+  ownerApprovalPacket: Record<string, unknown> | null;
+  qaCorrectionLearningReceipt: Record<string, unknown> | null;
+  primitiveFloor: number;
+  mappingFloor: number;
+  qaSkillFloor: number;
+  correctionSkillFloor: number;
+  activePrimitives: string[];
+  primitiveRegistry: Record<string, unknown> | null;
+  activeMappings: string[];
+  mappingRegistry: Record<string, unknown> | null;
+  qaSkills: string[];
+  correctionSkills: string[];
+  qaCorrectionReceipt: Record<string, unknown> | null;
+  hiveObserverSourceTopology: Record<string, unknown> | null;
+  hiveSiblingSessionBroadcast: Record<string, unknown> | null;
+  missingSkillIds: string[];
+  missingCookbooks: unknown[];
+  promptHash: string | null;
+  promptChars: number;
+  phases: UniversalTurnPhaseReceipt[];
+  qa: {
+    status: 'pass' | 'block';
+    findings: string[];
+    correctionSkills: string[];
+  };
+  learningLoop: {
+    style: 'dalio_reflexion';
+    lesson: string;
+    integratedIntoNextPacket: boolean;
+  };
+}
+
+export const GOVERNED_SURFACES: readonly GovernedSurfaceId[] = Object.freeze([
+  'codex',
+  'claude-code',
+  'opencode',
+  'shell',
+  'aria-chat',
+  'cursor',
+  'future:fixture',
+]);
+
+export const GOVERNED_MUTATING_ACTIONS: ReadonlySet<GovernedSurfaceAction> = Object.freeze(new Set<GovernedSurfaceAction>([
+  'write',
+  'delete',
+  'build',
+  'deploy',
+  'install',
+  'hook',
+  'connector-mutation',
+]));
+
+export const DEFAULT_SANDBOX_ROOT = '/tmp/aria-playground-surfaces';
+export const DEFAULT_SANDBOX_NAMESPACE = 'aria-playground';
+export const UNIVERSAL_TURN_PACKET_SKILL_FLOOR = 50;
+export const UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR = 16;
+export const UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR = 24;
+export const UNIVERSAL_TURN_PACKET_MAPPING_FLOOR = 24;
+export const UNIVERSAL_TURN_PACKET_QA_SKILL_FLOOR = 6;
+export const UNIVERSAL_TURN_PACKET_CORRECTION_SKILL_FLOOR = 6;
+export const UNIVERSAL_TURN_PACKET_HIVE_OBSERVER_FLOOR = 1;
+export const UNIVERSAL_TURN_PACKET_HIVE_SOURCE_FLOOR = 1;
+export const UNIVERSAL_TURN_PACKET_HIVE_SIBLING_BROADCAST_FLOOR = 1;
+export const UNIVERSAL_TURN_PACKET_SKILLS: readonly string[] = Object.freeze([
+  'aria-cognition-autofire',
+  'aria-first-class-operating-contract',
+  'aria-cognition-batch',
+  'aria-quality-audit',
+  'aria-repo-doctrine',
+  'aria-http-harness-client',
+  'aria-harness-substrate-binding',
+  'aria-axioms-first-principles',
+  'never-guess',
+  'tadabbur',
+  'tadabbur-ops',
+  'tafakkur',
+  'qiyas-analogy',
+  'forge-quality-rules',
+  'aria-task-codex-executor',
+  'aria-backend-architect',
+  'aria-harness-no-stripping',
+  'aria-readable-output',
+  'aria-ledger-fleet-execution',
+  'predictor',
+  'aria-aristotle-pre-phase',
+  'aria-aristotle-intra-phase',
+  'aria-aristotle-post-phase',
+  'mizan',
+  'ghazali-8lens',
+  'aria-noor-cognitives',
+  'aria-business-frame',
+  'aria-business-audit',
+  'aria-revenue-engine',
+  'aria-retention-engine',
+  'aria-gtm-architect',
+  'aria-senior-code-cookbook',
+  'aria-senior-code-audit',
+  'testing-strategy',
+  'security-review',
+  'architecture-decision',
+  'api-design',
+  'observability',
+  'error-handling',
+  'aria-decision-mizan',
+  'aria-aristotle-cognitives',
+  'aria-forge-guardrails',
+  'aria-harness-deploy',
+  'aria-harness-onboarding',
+  'aria-harness-output-discipline',
+  'aria-frontend-architect',
+  'aria-fullstack-orchestrator',
+  'aria-research-orchestrator',
+  'cross-domain-24',
+  'fitrah-guard',
+  'noor-recognition',
+  'ladunni-22',
+  'ijtihad-novel',
+  'ilham-intuition',
+  'istiqra-induction',
+  'ruh-basis',
+  'soul-domains',
+  'deepsoul-emotional',
+]);
+export const UNIVERSAL_TURN_PACKET_PHASES: readonly UniversalTurnPacketPhase[] = Object.freeze([
+  'pre_cognition',
+  'pre_tool',
+  'intra_tool',
+  'intra_cognition',
+  'post_tool',
+  'post_cognition',
+]);
+
+const ACTIVE_LOCAL_PRODUCTION_MARKERS = Object.freeze([
+  path.join(homedir(), '.codex'),
+  path.join(homedir(), '.claude'),
+  path.join(homedir(), '.opencode'),
+  path.join(homedir(), '.aria', 'wrappers'),
+]);
+
+function normalizePath(value: string | undefined | null): string | null {
+  if (!value) return null;
+  return path.resolve(value);
+}
+
+function uniqueStrings(values: readonly (string | undefined | null)[]): string[] {
+  return [...new Set(values.filter((item): item is string => typeof item === 'string' && item.trim().length > 0).map((item) => item.trim()))];
+}
+
+function stringArray(value: unknown): string[] {
+  return Array.isArray(value)
+    ? value.filter((item): item is string => typeof item === 'string' && item.trim().length > 0)
+    : [];
+}
+
+function objectRecord(value: unknown): Record<string, unknown> {
+  return value && typeof value === 'object' ? value as Record<string, unknown> : {};
+}
+
+export function governedPathIsUnder(child: string | null, parent: string | null): boolean {
+  if (!child || !parent) return false;
+  const relative = path.relative(parent, child);
+  return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative));
+}
+
+export async function governedFileSha256(filePath: string): Promise<string | null> {
+  try {
+    const contents = await readFile(filePath);
+    return createHash('sha256').update(contents).digest('hex');
+  } catch (error) {
+    if ((error as NodeJS.ErrnoException).code === 'ENOENT') return null;
+    throw error;
+  }
+}
+
+function sessionLedgerPath(root: string, sessionId: string): string {
+  const safeSession = String(sessionId || 'surface-runner').replace(/[^a-zA-Z0-9_-]/g, '_');
+  return path.join(root, `aria-discoveries-${safeSession}.jsonl`);
+}
+
+function countLines(filePath: string): number {
+  if (!existsSync(filePath)) return 0;
+  const content = readFileSync(filePath, 'utf8');
+  if (!content) return 0;
+  return content.endsWith('\n') ? content.split('\n').length - 1 : content.split('\n').length;
+}
+
+function blocked(reason: string, extra: Partial<GovernedSurfaceVerdict> = {}): GovernedSurfaceVerdict {
+  return {
+    ok: false,
+    blocked: true,
+    allowed: false,
+    executed: false,
+    reason,
+    ...extra,
+  };
+}
+
+async function postJson(url: string, body: unknown, timeoutMs: number): Promise<{ ok: boolean; status: number; data: unknown }> {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify(body),
+      signal: controller.signal,
+    });
+    const text = await response.text();
+    let data: unknown = null;
+    try {
+      data = text ? JSON.parse(text) : null;
+    } catch {
+      data = { raw: text };
+    }
+    return { ok: response.ok, status: response.status, data };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+async function getJson(url: string, timeoutMs: number): Promise<{ ok: boolean; status: number; data: unknown; elapsedMs: number }> {
+  const startedAt = Date.now();
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(url, { signal: controller.signal });
+    const text = await response.text();
+    let data: unknown = null;
+    try {
+      data = text ? JSON.parse(text) : null;
+    } catch {
+      data = { raw: text };
+    }
+    return { ok: response.ok, status: response.status, data, elapsedMs: Date.now() - startedAt };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+function normalizeValidation(data: unknown): GovernedOutputVerdict {
+  const outer = data && typeof data === 'object' ? data as Record<string, unknown> : {};
+  const payload = outer.validation && typeof outer.validation === 'object'
+    ? outer.validation as Record<string, unknown>
+    : outer;
+  const passed = payload.passed === true || payload.pass === true || payload.allowed === true;
+  const severity = payload.severity === 'pass' || payload.severity === 'warn' || payload.severity === 'block'
+    ? payload.severity
+    : passed ? 'pass' : 'block';
+  return {
+    passed,
+    severity,
+    violations: Array.isArray(payload.violations) ? payload.violations.filter((item): item is string => typeof item === 'string') : [],
+    gateTriggers: Array.isArray(payload.gateTriggers) ? payload.gateTriggers.filter((item): item is string => typeof item === 'string') : [],
+    raw: data,
+  };
+}
+
+export class GovernedSurfaceRunner {
+  private readonly runtimeUrl: string;
+  private readonly sandboxRoot: string;
+  private readonly governanceLedgerRoot: string;
+  private readonly allowedNamespaces: Set<string>;
+  private readonly allowedTargetRoots: string[];
+  private readonly allowActiveLocalProductionTargets: boolean;
+  private readonly sessionId: string;
+  private readonly client: HarnessClient;
+
+  constructor(policy: GovernedSurfacePolicy = {}) {
+    this.runtimeUrl = (policy.runtimeUrl ?? process.env.ARIA_RUNTIME_URL ?? 'http://127.0.0.1:4319').replace(/\/+$/, '');
+    this.sandboxRoot = normalizePath(policy.sandboxRoot ?? DEFAULT_SANDBOX_ROOT) ?? DEFAULT_SANDBOX_ROOT;
+    this.governanceLedgerRoot = normalizePath(policy.governanceLedgerRoot ?? path.join(homedir(), '.claude')) ?? path.join(homedir(), '.claude');
+    this.allowedNamespaces = new Set(policy.allowedNamespaces ?? [DEFAULT_SANDBOX_NAMESPACE]);
+    this.allowedTargetRoots = (policy.allowedTargetRoots ?? [this.sandboxRoot])
+      .map((root) => normalizePath(root))
+      .filter((root): root is string => Boolean(root));
+    this.allowActiveLocalProductionTargets = policy.allowActiveLocalProductionTargets === true;
+    this.sessionId = policy.sessionId ?? 'surface-runner';
+    this.client = new HarnessClient({ runtimeBaseUrl: this.runtimeUrl });
+  }
+
+  assertRequest(request: GovernedSurfaceRequest): GovernedSurfaceVerdict {
+    const namespace = request.sandbox?.namespace ?? request.target?.namespace ?? DEFAULT_SANDBOX_NAMESPACE;
+    const target = normalizePath(request.target?.path);
+
+    if (!this.allowedNamespaces.has(namespace)) {
+      return blocked('namespace_not_allowed', { namespace, target });
+    }
+
+    if (target && !this.allowedTargetRoots.some((root) => governedPathIsUnder(target, root))) {
+      return blocked('target_outside_allowed_roots', { namespace, target });
+    }
+
+    if (!this.allowActiveLocalProductionTargets && target) {
+      const activeTarget = ACTIVE_LOCAL_PRODUCTION_MARKERS.find((marker) => governedPathIsUnder(target, marker));
+      if (activeTarget) {
+        return blocked('active_local_production_target', { namespace, target, runtimeData: { marker: activeTarget } });
+      }
+    }
+
+    return {
+      ok: true,
+      blocked: false,
+      allowed: true,
+      executed: false,
+      namespace,
+      target,
+      surfaceId: request.surfaceId,
+      action: request.action,
+    };
+  }
+
+  async checkAction(request: GovernedSurfaceRequest): Promise<GovernedSurfaceVerdict> {
+    const local = this.assertRequest(request);
+    if (!local.ok) return local;
+
+    const isMutating = GOVERNED_MUTATING_ACTIONS.has(request.action);
+    if (!isMutating) return local;
+
+    if (request.verify?.verified !== true || !request.verify.receipt) {
+      return blocked('mutating_action_requires_verified_receipt', {
+        action: request.action,
+        surfaceId: request.surfaceId,
+        namespace: local.namespace,
+        target: local.target,
+      });
+    }
+
+    if (this.allowActiveLocalProductionTargets && request.verify.productionApproved !== true) {
+      return blocked('active_local_production_target_requires_production_approval', {
+        action: request.action,
+        surfaceId: request.surfaceId,
+        namespace: local.namespace,
+        target: local.target,
+      });
+    }
+
+    try {
+      const runtime = await postJson(`${this.runtimeUrl}/check-action`, {
+        action: request.action,
+        target: local.target,
+        surfaceId: request.surfaceId,
+        reason: request.reason ?? 'governed surface action',
+        sandbox: request.sandbox,
+        verify: request.verify,
+      }, request.runtimeTimeoutMs ?? 3000);
+      const data = runtime.data && typeof runtime.data === 'object' ? runtime.data as Record<string, unknown> : {};
+      const result = data.result && typeof data.result === 'object' ? data.result as Record<string, unknown> : {};
+      const allowed = runtime.ok && (data.allowed === true || result.allowed === true);
+      if (!allowed) {
+        return blocked('runtime_action_denied_or_unavailable', {
+          action: request.action,
+          surfaceId: request.surfaceId,
+          namespace: local.namespace,
+          target: local.target,
+          runtimeStatus: runtime.status,
+          runtimeData: runtime.data,
+        });
+      }
+      return {
+        ok: true,
+        blocked: false,
+        allowed: true,
+        executed: false,
+        action: request.action,
+        surfaceId: request.surfaceId,
+        namespace: local.namespace,
+        target: local.target,
+        runtimeStatus: runtime.status,
+        runtimeData: runtime.data,
+      };
+    } catch (error) {
+      return blocked('runtime_action_check_failed', {
+        action: request.action,
+        surfaceId: request.surfaceId,
+        namespace: local.namespace,
+        target: local.target,
+        runtimeStatus: error instanceof Error ? error.name : 'error',
+      });
+    }
+  }
+
+  async run<T>(request: GovernedSurfaceRequest, executor: () => Promise<T>): Promise<GovernedSurfaceVerdict> {
+    const verdict = await this.checkAction(request);
+    if (!verdict.ok || verdict.blocked || verdict.allowed !== true) return verdict;
+    const result = await executor();
+    return {
+      ...verdict,
+      ok: true,
+      blocked: false,
+      allowed: true,
+      executed: true,
+      result,
+    };
+  }
+
+  async validateOutput(args: {
+    text: string;
+    surfaceId?: GovernedSurfaceId;
+    sessionId?: string;
+    timeoutMs?: number;
+  }): Promise<GovernedOutputVerdict> {
+    try {
+      const runtime = await postJson(`${this.runtimeUrl}/validate-output`, {
+        text: args.text,
+        surfaceId: args.surfaceId ?? 'codex',
+        sessionId: args.sessionId ?? this.sessionId,
+        isOwner: false,
+        context: { source: 'governed-surface-runner' },
+      }, args.timeoutMs ?? 3000);
+
+      if (!runtime.ok) {
+        return {
+          passed: false,
+          severity: 'block',
+          violations: [`runtime_status_${runtime.status}`],
+          gateTriggers: ['governed-output-validation'],
+          raw: runtime.data,
+        };
+      }
+
+      const verdict = normalizeValidation(runtime.data);
+      if (/unsupported completion|complete without proof|ready without evidence/i.test(args.text)) {
+        return {
+          ...verdict,
+          passed: false,
+          severity: 'block',
+          violations: [...verdict.violations, 'unsupported_completion_claim'],
+          gateTriggers: [...verdict.gateTriggers, 'governed-output-validation'],
+        };
+      }
+      return verdict;
+    } catch (error) {
+      if (error instanceof Error && error.name === 'AbortError') {
+        let recoveryProbe: Record<string, unknown> = {
+          ok: false,
+          status: null,
+          elapsedMs: null,
+          error: 'not_run',
+        };
+        try {
+          const health = await getJson(`${this.runtimeUrl}/health`, 2000);
+          recoveryProbe = {
+            ok: health.ok,
+            status: health.status,
+            elapsedMs: health.elapsedMs,
+          };
+        } catch (probeError) {
+          recoveryProbe = {
+            ok: false,
+            status: null,
+            elapsedMs: null,
+            error: probeError instanceof Error ? probeError.name : String(probeError),
+          };
+        }
+        return {
+          passed: false,
+          severity: 'block',
+          violations: ['validation_timeout_inconclusive'],
+          gateTriggers: ['governed-output-validation', 'repo-doctrine-timeout-recovery'],
+          error: 'AbortError',
+          raw: {
+            doctrineRuntimeReceipt: {
+              schema: 'aria.repo_doctrine_runtime_receipt.v1',
+              ok: recoveryProbe.ok === true,
+              runtimeActive: true,
+              productionIntent: true,
+              pathClassifications: [],
+              verificationSurface: 'GET /health after /validate-output timeout',
+              doctrineHits: ['timeout_requires_inconclusive_recovery'],
+              timeoutVerdict: recoveryProbe.ok === true ? 'verified_after_retry' : 'runtime_unhealthy',
+              recoveryProbe,
+              noFakeValidation: true,
+            },
+          },
+        };
+      }
+      return {
+        passed: false,
+        severity: 'block',
+        violations: ['normal_validation_did_not_return_bounded_verdict'],
+        gateTriggers: ['governed-output-validation'],
+        error: error instanceof Error ? error.name : String(error),
+      };
+    }
+  }
+
+  async buildUniversalTurnPacket(args: UniversalTurnPacketRequest): Promise<UniversalTurnPacketReceipt> {
+    const sessionId = args.sessionId ?? this.sessionId;
+    const requiredSkills = uniqueStrings([
+      ...UNIVERSAL_TURN_PACKET_SKILLS,
+      ...(args.requiredSkills ?? []),
+    ]);
+    const correctionFindings = stringArray(args.correctionFindings);
+    const runtime = await postJson(`${this.runtimeUrl}/build-system-prompt`, {
+      sessionId,
+      surface: args.surfaceId,
+      message: args.userText,
+      requiredSkills,
+      allowOwnerBypass: true,
+      injection: {
+        harness: {
+          packet: {
+            sessionId,
+            surfaceId: args.surfaceId,
+            sandboxNamespace: DEFAULT_SANDBOX_NAMESPACE,
+            universalTurnPacket: true,
+            phaseContract: UNIVERSAL_TURN_PACKET_PHASES,
+            correctionFindings,
+            ...(args.ownerApproval ? { ownerApproval: args.ownerApproval } : {}),
+          },
+        },
+        task: args.userText,
+        docs: [
+          {
+            title: 'Universal turn-packet contract',
+            content: 'Load the same skill floor before cognition and carry the packet through tool, QA, correction, and learning phases.',
+          },
+        ],
+        files: {},
+        loadedAt: new Date().toISOString(),
+      },
+      metadata: {
+        source: 'governed-surface-runner',
+        universalTurnPacket: true,
+        skillExecutionMode: 'mechanical-receipt',
+        requiredSkills,
+        correctionFindings,
+        ...(args.ownerApproval ? { ownerApproval: args.ownerApproval } : {}),
+      },
+      ...(args.ownerApproval ? { ownerApproval: args.ownerApproval } : {}),
+      skillExecutionMode: 'mechanical-receipt',
+    }, args.timeoutMs ?? 5000);
+    const data = objectRecord(runtime.data);
+    const loadedSkillIds = stringArray(data.loadedSkillIds);
+    const runtimeMissingSkillIds = stringArray(data.missingSkillIds);
+    const missingSkillIds = uniqueStrings([
+      ...runtimeMissingSkillIds,
+      ...requiredSkills.filter((skill) => !loadedSkillIds.includes(skill)),
+    ]);
+    const missingCookbooks = Array.isArray(data.missingCookbooks) ? data.missingCookbooks : [];
+    const prompt = typeof data.prompt === 'string' ? data.prompt : '';
+    const promptHash = prompt ? createHash('sha256').update(prompt).digest('hex') : null;
+    const skillExecutionMode = typeof data.skillExecutionMode === 'string' ? data.skillExecutionMode : 'unknown';
+    const skillExecutionReceipt = objectRecord(data.skillExecutionReceipt);
+    const firedSkillIds = stringArray(skillExecutionReceipt.firedSkillIds);
+    const substrateKernelExecution = Object.keys(objectRecord(data.substrateKernelExecution)).length
+      ? objectRecord(data.substrateKernelExecution)
+      : Object.keys(objectRecord(skillExecutionReceipt.substrateKernelExecution)).length
+        ? objectRecord(skillExecutionReceipt.substrateKernelExecution)
+        : null;
+    const executedSkillIds = uniqueStrings([
+      ...stringArray(skillExecutionReceipt.executedSkillIds),
+      ...stringArray(substrateKernelExecution?.executedSkillIds),
+    ]);
+    const executedOperatorIds = uniqueStrings([
+      ...stringArray(skillExecutionReceipt.executedOperatorIds),
+      ...stringArray(substrateKernelExecution?.executedOperatorIds),
+    ]);
+    const executionBackedSkillIds = executedSkillIds.length ? executedSkillIds : firedSkillIds;
+    const activeRuntimes = uniqueStrings([
+      ...stringArray(data.activeRuntimes),
+      ...stringArray(skillExecutionReceipt.activeRuntimes),
+    ]);
+    const runtimeRegistry = Object.keys(objectRecord(data.runtimeRegistry)).length
+      ? objectRecord(data.runtimeRegistry)
+      : Object.keys(objectRecord(skillExecutionReceipt.runtimeRegistry)).length
+        ? objectRecord(skillExecutionReceipt.runtimeRegistry)
+        : null;
+    const doctrineRuntimeReceipt = Object.keys(objectRecord(data.doctrineRuntimeReceipt)).length
+      ? objectRecord(data.doctrineRuntimeReceipt)
+      : Object.keys(objectRecord(skillExecutionReceipt.doctrineRuntimeReceipt)).length
+        ? objectRecord(skillExecutionReceipt.doctrineRuntimeReceipt)
+        : null;
+    const taskClass = typeof data.taskClass === 'string'
+      ? data.taskClass
+      : typeof skillExecutionReceipt.taskClass === 'string'
+        ? skillExecutionReceipt.taskClass
+        : null;
+    const taskClassReceipt = Object.keys(objectRecord(data.taskClassReceipt)).length
+      ? objectRecord(data.taskClassReceipt)
+      : Object.keys(objectRecord(skillExecutionReceipt.taskClassReceipt)).length
+        ? objectRecord(skillExecutionReceipt.taskClassReceipt)
+        : null;
+    const selectedExtraOperators = uniqueStrings([
+      ...stringArray(data.selectedExtraOperators),
+      ...stringArray(skillExecutionReceipt.selectedExtraOperators),
+    ]);
+    const dynamicOperatorSelection = Object.keys(objectRecord(data.dynamicOperatorSelection)).length
+      ? objectRecord(data.dynamicOperatorSelection)
+      : Object.keys(objectRecord(skillExecutionReceipt.dynamicOperatorSelection)).length
+        ? objectRecord(skillExecutionReceipt.dynamicOperatorSelection)
+        : null;
+    const phaseRuntimeExecution = Object.keys(objectRecord(data.phaseRuntimeExecution)).length
+      ? objectRecord(data.phaseRuntimeExecution)
+      : Object.keys(objectRecord(skillExecutionReceipt.phaseRuntimeExecution)).length
+        ? objectRecord(skillExecutionReceipt.phaseRuntimeExecution)
+        : null;
+    const gardenMemorySubstrate = Object.keys(objectRecord(data.gardenMemorySubstrate)).length
+      ? objectRecord(data.gardenMemorySubstrate)
+      : Object.keys(objectRecord(skillExecutionReceipt.gardenMemorySubstrate)).length
+        ? objectRecord(skillExecutionReceipt.gardenMemorySubstrate)
+        : null;
+    const cognitiveRuntimeReceipts = Object.keys(objectRecord(data.cognitiveRuntimeReceipts)).length
+      ? objectRecord(data.cognitiveRuntimeReceipts)
+      : Object.keys(objectRecord(skillExecutionReceipt.cognitiveRuntimeReceipts)).length
+        ? objectRecord(skillExecutionReceipt.cognitiveRuntimeReceipts)
+        : null;
+    const learningCandidateReceipts = Array.isArray(data.learningCandidateReceipts)
+      ? data.learningCandidateReceipts
+      : Array.isArray(skillExecutionReceipt.learningCandidateReceipts)
+        ? skillExecutionReceipt.learningCandidateReceipts
+        : [];
+    const operatorDeltaReceipts = Array.isArray(data.operatorDeltaReceipts)
+      ? data.operatorDeltaReceipts
+      : Array.isArray(skillExecutionReceipt.operatorDeltaReceipts)
+        ? skillExecutionReceipt.operatorDeltaReceipts
+        : [];
+    const weakQaEnhancementLoopReceipt = Object.keys(objectRecord(data.weakQaEnhancementLoopReceipt)).length
+      ? objectRecord(data.weakQaEnhancementLoopReceipt)
+      : Object.keys(objectRecord(skillExecutionReceipt.weakQaEnhancementLoopReceipt)).length
+        ? objectRecord(skillExecutionReceipt.weakQaEnhancementLoopReceipt)
+        : null;
+    const ownerApprovalPacket = Object.keys(objectRecord(data.ownerApprovalPacket)).length
+      ? objectRecord(data.ownerApprovalPacket)
+      : Object.keys(objectRecord(skillExecutionReceipt.ownerApprovalPacket)).length
+        ? objectRecord(skillExecutionReceipt.ownerApprovalPacket)
+        : null;
+    const activePrimitives = uniqueStrings([
+      ...stringArray(data.activePrimitives),
+      ...stringArray(skillExecutionReceipt.activePrimitives),
+    ]);
+    const primitiveRegistry = Object.keys(objectRecord(data.primitiveRegistry)).length
+      ? objectRecord(data.primitiveRegistry)
+      : Object.keys(objectRecord(skillExecutionReceipt.primitiveRegistry)).length
+        ? objectRecord(skillExecutionReceipt.primitiveRegistry)
+        : null;
+    const activeMappings = uniqueStrings([
+      ...stringArray(data.activeMappings),
+      ...stringArray(skillExecutionReceipt.activeMappings),
+    ]);
+    const mappingRegistry = Object.keys(objectRecord(data.mappingRegistry)).length
+      ? objectRecord(data.mappingRegistry)
+      : Object.keys(objectRecord(skillExecutionReceipt.mappingRegistry)).length
+        ? objectRecord(skillExecutionReceipt.mappingRegistry)
+        : null;
+    const qaCorrectionReceipt = Object.keys(objectRecord(data.qaCorrectionReceipt)).length
+      ? objectRecord(data.qaCorrectionReceipt)
+      : Object.keys(objectRecord(skillExecutionReceipt.qaCorrectionReceipt)).length
+        ? objectRecord(skillExecutionReceipt.qaCorrectionReceipt)
+        : null;
+    const qaCorrectionLearningReceipt = Object.keys(objectRecord(data.qaCorrectionLearningReceipt)).length
+      ? objectRecord(data.qaCorrectionLearningReceipt)
+      : Object.keys(objectRecord(skillExecutionReceipt.qaCorrectionLearningReceipt)).length
+        ? objectRecord(skillExecutionReceipt.qaCorrectionLearningReceipt)
+        : null;
+    const qaSkills = uniqueStrings([
+      ...stringArray(data.qaSkills),
+      ...stringArray(skillExecutionReceipt.qaSkills),
+      ...stringArray(qaCorrectionReceipt?.qaSkills),
+    ]);
+    const correctionSkills = uniqueStrings([
+      ...stringArray(data.correctionSkills),
+      ...stringArray(skillExecutionReceipt.correctionSkills),
+      ...stringArray(qaCorrectionReceipt?.correctionSkills),
+    ]);
+    const hiveObserverSourceTopology = Object.keys(objectRecord(data.hiveObserverSourceTopology)).length
+      ? objectRecord(data.hiveObserverSourceTopology)
+      : Object.keys(objectRecord(skillExecutionReceipt.hiveObserverSourceTopology)).length
+        ? objectRecord(skillExecutionReceipt.hiveObserverSourceTopology)
+        : null;
+    const hiveSiblingSessionBroadcast = Object.keys(objectRecord(data.hiveSiblingSessionBroadcast)).length
+      ? objectRecord(data.hiveSiblingSessionBroadcast)
+      : Object.keys(objectRecord(skillExecutionReceipt.hiveSiblingSessionBroadcast)).length
+        ? objectRecord(skillExecutionReceipt.hiveSiblingSessionBroadcast)
+        : null;
+    const observerSurfaces = stringArray(hiveObserverSourceTopology?.observerSurfaces);
+    const sourceSurfaces = stringArray(hiveObserverSourceTopology?.sourceSurfaces);
+    const mechanicalReceiptOk = skillExecutionReceipt.ok === true
+      && skillExecutionMode === 'mechanical-receipt'
+      && executionBackedSkillIds.length >= UNIVERSAL_TURN_PACKET_SKILL_FLOOR
+      && substrateKernelExecution?.ok === true
+      && executedOperatorIds.length >= UNIVERSAL_TURN_PACKET_SKILL_FLOOR;
+    const runtimeReceiptOk = activeRuntimes.length >= UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR
+      && runtimeRegistry?.['missing'] !== true;
+    const doctrineRuntimeReceiptOk = doctrineRuntimeReceipt?.ok === true
+      && doctrineRuntimeReceipt?.runtimeActive === true
+      && doctrineRuntimeReceipt?.noFakeValidation === true
+      && typeof doctrineRuntimeReceipt?.verificationSurface === 'string'
+      && doctrineRuntimeReceipt.verificationSurface.length > 0;
+    const primitiveReceiptOk = activePrimitives.length >= UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR
+      && primitiveRegistry?.['missing'] !== true;
+    const mappingReceiptOk = activeMappings.length >= UNIVERSAL_TURN_PACKET_MAPPING_FLOOR
+      && mappingRegistry?.['missing'] !== true;
+    const qaSkillReceiptOk = qaCorrectionReceipt?.ok === true
+      && qaSkills.length >= UNIVERSAL_TURN_PACKET_QA_SKILL_FLOOR;
+    const correctionSkillReceiptOk = qaCorrectionReceipt?.ok === true
+      && correctionSkills.length >= UNIVERSAL_TURN_PACKET_CORRECTION_SKILL_FLOOR;
+    const hiveObserverSourceTopologyOk = hiveObserverSourceTopology?.ok === true
+      && observerSurfaces.length >= UNIVERSAL_TURN_PACKET_HIVE_OBSERVER_FLOOR
+      && sourceSurfaces.length >= UNIVERSAL_TURN_PACKET_HIVE_SOURCE_FLOOR;
+    const hiveSiblingSessionBroadcastOk = hiveSiblingSessionBroadcast?.ok === true
+      && Number(hiveSiblingSessionBroadcast.messageCount || 0) >= UNIVERSAL_TURN_PACKET_HIVE_SIBLING_BROADCAST_FLOOR;
+    const cognitiveRuntimeReceiptOk = cognitiveRuntimeReceipts?.ok === true
+      && objectRecord(cognitiveRuntimeReceipts.tadabbur).ok === true
+      && objectRecord(cognitiveRuntimeReceipts.qiyas).ok === true
+      && objectRecord(cognitiveRuntimeReceipts.mizan).ok === true
+      && objectRecord(cognitiveRuntimeReceipts.noor).ok === true
+      && objectRecord(cognitiveRuntimeReceipts.noor).noorSuiteCount === 14;
+    const dynamicOperatorSelectionOk = dynamicOperatorSelection?.ok === true
+      && dynamicOperatorSelection.registryCap === null
+      && Number(dynamicOperatorSelection.selectedOperatorCount || 0) >= UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR;
+    const phaseRuntimeExecutionOk = phaseRuntimeExecution?.ok === true
+      && phaseRuntimeExecution.providerReceivesFullSkillBodies === false;
+    const gardenMemorySubstrateOk = gardenMemorySubstrate?.ok === true
+      && /substrate/i.test(String(gardenMemorySubstrate.substrateBoundary || ''))
+      && objectRecord(gardenMemorySubstrate.providerProjection).includesMemoryBodies === false;
+    const qaCorrectionLearningOk = qaCorrectionLearningReceipt?.ok === true
+      && qaCorrectionLearningReceipt.learningFeedsNextSelection === true
+      && qaCorrectionLearningReceipt.productionPromotionRequiresOwnerApproval === true;
+    const weakQaEnhancementLoopOk = weakQaEnhancementLoopReceipt?.schema === 'aria.weak_qa_enhancement_loop_receipt.v1'
+      && weakQaEnhancementLoopReceipt.ok === true;
+    const ownerApprovalPacketOk = ownerApprovalPacket?.schema === 'aria.owner_final_approval_packet.v1'
+      && (
+        ownerApprovalPacket.required !== true
+        || ownerApprovalPacket.blocksProductionPromotion === true
+        || (
+          ownerApprovalPacket.ownerApprovalStatus === 'approved_by_owner'
+          && ownerApprovalPacket.blocksProductionPromotion === false
+          && objectRecord(ownerApprovalPacket.approvalReceipt).schema === 'aria.owner_approval_receipt.v1'
+        )
+      );
+    const fullSkillBodiesInjected = prompt.includes('<skill_content ') || prompt.includes('ARIA RUNTIME FORCED SKILL LOAD');
+    const ok = runtime.ok
+      && data.ok === true
+      && loadedSkillIds.length >= UNIVERSAL_TURN_PACKET_SKILL_FLOOR
+      && missingSkillIds.length === 0
+      && missingCookbooks.length === 0
+      && mechanicalReceiptOk
+      && runtimeReceiptOk
+      && doctrineRuntimeReceiptOk
+      && primitiveReceiptOk
+      && mappingReceiptOk
+      && qaSkillReceiptOk
+      && correctionSkillReceiptOk
+      && hiveObserverSourceTopologyOk
+      && hiveSiblingSessionBroadcastOk
+      && cognitiveRuntimeReceiptOk
+      && dynamicOperatorSelectionOk
+      && phaseRuntimeExecutionOk
+      && gardenMemorySubstrateOk
+      && qaCorrectionLearningOk
+      && weakQaEnhancementLoopOk
+      && ownerApprovalPacketOk
+      && !fullSkillBodiesInjected;
+    const now = new Date().toISOString();
+    const phases: UniversalTurnPhaseReceipt[] = [
+      {
+        phase: 'pre_cognition',
+        ok: loadedSkillIds.length >= UNIVERSAL_TURN_PACKET_SKILL_FLOOR
+          && activeRuntimes.length >= UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR,
+        evidence: {
+          requiredSkillCount: requiredSkills.length,
+          loadedSkillCount: loadedSkillIds.length,
+          runtimeFloor: UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR,
+          activeRuntimeCount: activeRuntimes.length,
+          doctrineRuntimeOk: doctrineRuntimeReceiptOk,
+          doctrineTimeoutVerdict: doctrineRuntimeReceipt?.timeoutVerdict ?? null,
+          primitiveFloor: UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR,
+          activePrimitiveCount: activePrimitives.length,
+          mappingFloor: UNIVERSAL_TURN_PACKET_MAPPING_FLOOR,
+          activeMappingCount: activeMappings.length,
+          hiveObserverFloor: UNIVERSAL_TURN_PACKET_HIVE_OBSERVER_FLOOR,
+          hiveObserverCount: observerSurfaces.length,
+          hiveSourceFloor: UNIVERSAL_TURN_PACKET_HIVE_SOURCE_FLOOR,
+          hiveSourceCount: sourceSurfaces.length,
+        },
+        at: now,
+      },
+      {
+        phase: 'pre_tool',
+        ok: runtime.ok,
+        evidence: { runtimeStatus: runtime.status, endpoint: 'POST /build-system-prompt', surfaceId: args.surfaceId },
+        at: now,
+      },
+      {
+        phase: 'intra_tool',
+        ok: data.ok === true,
+        evidence: { promptBuilt: typeof data.prompt === 'string', missingSkillIds, missingCookbookCount: missingCookbooks.length },
+        at: now,
+      },
+      {
+        phase: 'intra_cognition',
+        ok: mechanicalReceiptOk && !fullSkillBodiesInjected,
+        evidence: {
+          promptHash,
+          promptChars: prompt.length,
+          skillExecutionMode,
+          firedSkillCount: firedSkillIds.length,
+          executionBackedSkillCount: executionBackedSkillIds.length,
+          executedOperatorCount: executedOperatorIds.length,
+          substrateKernelExecution: {
+            ok: substrateKernelExecution?.ok === true,
+            mode: substrateKernelExecution?.mode ?? null,
+            executedOperatorIdsHash: substrateKernelExecution?.executedOperatorIdsHash ?? null,
+            executionHash: substrateKernelExecution?.executionHash ?? null,
+            sentinelCompilationHash: objectRecord(substrateKernelExecution?.sentinelKernel).compilationHash ?? null,
+          },
+          activeRuntimeCount: activeRuntimes.length,
+          activeRuntimes,
+          taskClass,
+          selectedExtraOperators,
+          dynamicOperatorSelection: {
+            ok: dynamicOperatorSelectionOk,
+            selectionPolicy: dynamicOperatorSelection?.selectionPolicy ?? null,
+            registryCap: dynamicOperatorSelection?.registryCap ?? 'missing',
+            selectedOperatorCount: dynamicOperatorSelection?.selectedOperatorCount ?? null,
+            selectedOperatorIdsHash: dynamicOperatorSelection?.selectedOperatorIdsHash ?? null,
+            selectedFamilyCounts: dynamicOperatorSelection?.selectedFamilyCounts ?? null,
+            reasonCounts: dynamicOperatorSelection?.reasonCounts ?? null,
+          },
+          phaseRuntimeExecution: {
+            ok: phaseRuntimeExecutionOk,
+            mode: phaseRuntimeExecution?.mode ?? null,
+            providerReceivesFullSkillBodies: phaseRuntimeExecution?.providerReceivesFullSkillBodies ?? null,
+            projectionHash: phaseRuntimeExecution?.projectionHash ?? null,
+          },
+          gardenMemorySubstrate: {
+            ok: gardenMemorySubstrateOk,
+            substrateBoundary: gardenMemorySubstrate?.substrateBoundary ?? null,
+            continuityHash: gardenMemorySubstrate?.continuityHash ?? null,
+          },
+          runtimeRegistry,
+          doctrineRuntimeReceipt: {
+            ok: doctrineRuntimeReceipt?.ok === true,
+            runtimeActive: doctrineRuntimeReceipt?.runtimeActive === true,
+            productionIntent: doctrineRuntimeReceipt?.productionIntent === true,
+            verificationSurface: doctrineRuntimeReceipt?.verificationSurface ?? null,
+            timeoutVerdict: doctrineRuntimeReceipt?.timeoutVerdict ?? null,
+            noFakeValidation: doctrineRuntimeReceipt?.noFakeValidation === true,
+            evidenceHash: typeof doctrineRuntimeReceipt?.evidenceHash === 'string'
+              ? doctrineRuntimeReceipt.evidenceHash
+              : null,
+          },
+          cognitiveRuntimeReceipts: {
+            ok: cognitiveRuntimeReceiptOk,
+            tadabburMode: objectRecord(cognitiveRuntimeReceipts?.tadabbur).mode ?? null,
+            tadabburStageCount: objectRecord(cognitiveRuntimeReceipts?.tadabbur).stageCount ?? null,
+            qiyasMode: objectRecord(cognitiveRuntimeReceipts?.qiyas).mode ?? null,
+            qiyasPerspectiveCount: objectRecord(cognitiveRuntimeReceipts?.qiyas).perspectiveCount ?? null,
+            mizanVerdict: objectRecord(cognitiveRuntimeReceipts?.mizan).verdict ?? null,
+            noorSuiteCount: objectRecord(cognitiveRuntimeReceipts?.noor).noorSuiteCount ?? null,
+            noorSemanticBoundary: objectRecord(cognitiveRuntimeReceipts?.noor).semanticBoundary ?? null,
+          },
+          learningCandidateCount: learningCandidateReceipts.length,
+          operatorDeltaCount: operatorDeltaReceipts.length,
+          ownerApprovalPacket: {
+            required: ownerApprovalPacket?.required === true,
+            ownerApprovalStatus: ownerApprovalPacket?.ownerApprovalStatus ?? null,
+            blocksProductionPromotion: ownerApprovalPacket?.blocksProductionPromotion === true,
+          },
+          activePrimitiveCount: activePrimitives.length,
+          activePrimitives,
+          primitiveRegistry,
+          activeMappingCount: activeMappings.length,
+          activeMappings,
+          mappingRegistry,
+          qaCorrectionReceipt: {
+            ok: qaCorrectionReceipt?.ok === true,
+            qaSkillCount: qaSkills.length,
+            correctionSkillCount: correctionSkills.length,
+            correctionFindingCount: qaCorrectionReceipt?.correctionFindingCount ?? correctionFindings.length,
+            correctionFindingsHash: typeof qaCorrectionReceipt?.correctionFindingsHash === 'string'
+              ? qaCorrectionReceipt.correctionFindingsHash
+              : null,
+          },
+          weakQaEnhancementLoop: {
+            ok: weakQaEnhancementLoopReceipt?.ok === true,
+            trigger: weakQaEnhancementLoopReceipt?.trigger ?? null,
+            nextRoundRequired: weakQaEnhancementLoopReceipt?.nextRoundRequired === true,
+            ownerApprovalRequired: weakQaEnhancementLoopReceipt?.ownerApprovalRequired === true,
+            tadabburQuestionCount: weakQaEnhancementLoopReceipt?.tadabburQuestionCount ?? null,
+            qiyasQuestionCount: weakQaEnhancementLoopReceipt?.qiyasQuestionCount ?? null,
+          },
+          hiveObserverSourceTopology: {
+            ok: hiveObserverSourceTopology?.ok === true,
+            observerCount: observerSurfaces.length,
+            sourceCount: sourceSurfaces.length,
+            activeThreadCount: hiveObserverSourceTopology?.activeThreadCount ?? null,
+            evidenceThreadCount: hiveObserverSourceTopology?.evidenceThreadCount ?? null,
+            literalQuantumMatches: hiveObserverSourceTopology?.literalQuantumMatches ?? null,
+            topologyTermMatches: hiveObserverSourceTopology?.topologyTermMatches ?? null,
+            coherenceHash: typeof hiveObserverSourceTopology?.coherenceHash === 'string'
+              ? hiveObserverSourceTopology.coherenceHash
+              : null,
+          },
+          fullSkillBodiesInjected,
+          receiptHash: typeof skillExecutionReceipt.receiptHash === 'string' ? skillExecutionReceipt.receiptHash : null,
+        },
+        at: now,
+      },
+      {
+        phase: 'post_tool',
+        ok: missingSkillIds.length === 0 && missingCookbooks.length === 0,
+        evidence: { missingSkillIds, missingCookbooks },
+        at: now,
+      },
+      {
+        phase: 'post_cognition',
+        ok,
+        evidence: {
+          skillFloor: UNIVERSAL_TURN_PACKET_SKILL_FLOOR,
+          runtimeFloor: UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR,
+          doctrineRuntimeOk: doctrineRuntimeReceiptOk,
+          primitiveFloor: UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR,
+          mappingFloor: UNIVERSAL_TURN_PACKET_MAPPING_FLOOR,
+          qaSkillFloor: UNIVERSAL_TURN_PACKET_QA_SKILL_FLOOR,
+          correctionSkillFloor: UNIVERSAL_TURN_PACKET_CORRECTION_SKILL_FLOOR,
+          hiveObserverFloor: UNIVERSAL_TURN_PACKET_HIVE_OBSERVER_FLOOR,
+          hiveSourceFloor: UNIVERSAL_TURN_PACKET_HIVE_SOURCE_FLOOR,
+          hiveSiblingBroadcastFloor: UNIVERSAL_TURN_PACKET_HIVE_SIBLING_BROADCAST_FLOOR,
+          cognitiveRuntimeOk: cognitiveRuntimeReceiptOk,
+          ownerApprovalPacketOk,
+          dynamicOperatorSelectionOk,
+          phaseRuntimeExecutionOk,
+          gardenMemorySubstrateOk,
+          qaCorrectionLearningOk,
+          weakQaEnhancementLoopOk,
+          expectedVsObserved: `skills>=${UNIVERSAL_TURN_PACKET_SKILL_FLOOR}; observedSkills=${loadedSkillIds.length}; runtimes>=${UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR}; observedRuntimes=${activeRuntimes.length}; primitives>=${UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR}; observedPrimitives=${activePrimitives.length}; mappings>=${UNIVERSAL_TURN_PACKET_MAPPING_FLOOR}; observedMappings=${activeMappings.length}; qaSkills>=${UNIVERSAL_TURN_PACKET_QA_SKILL_FLOOR}; observedQaSkills=${qaSkills.length}; correctionSkills>=${UNIVERSAL_TURN_PACKET_CORRECTION_SKILL_FLOOR}; observedCorrectionSkills=${correctionSkills.length}; hiveObservers>=${UNIVERSAL_TURN_PACKET_HIVE_OBSERVER_FLOOR}; observedHiveObservers=${observerSurfaces.length}; hiveSources>=${UNIVERSAL_TURN_PACKET_HIVE_SOURCE_FLOOR}; observedHiveSources=${sourceSurfaces.length}; hiveSiblingBroadcasts>=${UNIVERSAL_TURN_PACKET_HIVE_SIBLING_BROADCAST_FLOOR}; observedHiveSiblingBroadcasts=${Number(hiveSiblingSessionBroadcast?.messageCount || 0)}`,
+          correctionFindingCount: correctionFindings.length,
+        },
+        at: now,
+      },
+    ];
+
+    return {
+      ok,
+      surfaceId: args.surfaceId,
+      sessionId,
+      skillExecutionMode,
+      skillExecutionReceipt,
+      skillFloor: UNIVERSAL_TURN_PACKET_SKILL_FLOOR,
+      runtimeFloor: UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR,
+      primitiveFloor: UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR,
+      mappingFloor: UNIVERSAL_TURN_PACKET_MAPPING_FLOOR,
+      qaSkillFloor: UNIVERSAL_TURN_PACKET_QA_SKILL_FLOOR,
+      correctionSkillFloor: UNIVERSAL_TURN_PACKET_CORRECTION_SKILL_FLOOR,
+      requiredSkills,
+      loadedSkillIds,
+      activeRuntimes,
+      runtimeRegistry,
+      doctrineRuntimeReceipt,
+      taskClass,
+      taskClassReceipt,
+      selectedExtraOperators,
+      dynamicOperatorSelection,
+      substrateKernelExecution,
+      phaseRuntimeExecution,
+      gardenMemorySubstrate,
+      cognitiveRuntimeReceipts,
+      learningCandidateReceipts,
+      operatorDeltaReceipts,
+      weakQaEnhancementLoopReceipt,
+      ownerApprovalPacket,
+      qaCorrectionLearningReceipt,
+      activePrimitives,
+      primitiveRegistry,
+      activeMappings,
+      mappingRegistry,
+      qaSkills,
+      correctionSkills,
+      qaCorrectionReceipt,
+      hiveObserverSourceTopology,
+      hiveSiblingSessionBroadcast,
+      missingSkillIds,
+      missingCookbooks,
+      promptHash,
+      promptChars: prompt.length,
+      phases,
+      qa: {
+        status: ok ? 'pass' : 'block',
+        findings: ok ? [] : [
+          ...(loadedSkillIds.length < UNIVERSAL_TURN_PACKET_SKILL_FLOOR ? [`loaded_skill_count_below_${UNIVERSAL_TURN_PACKET_SKILL_FLOOR}`] : []),
+          ...(missingSkillIds.length ? ['missing_required_skills'] : []),
+          ...(missingCookbooks.length ? ['missing_required_cookbooks'] : []),
+          ...(mechanicalReceiptOk ? [] : ['mechanical_skill_execution_receipt_missing_or_under_floor']),
+          ...(substrateKernelExecution?.ok === true ? [] : ['substrate_kernel_execution_missing_or_invalid']),
+          ...(runtimeReceiptOk ? [] : [`active_runtime_count_below_${UNIVERSAL_TURN_PACKET_RUNTIME_FLOOR}`]),
+          ...(doctrineRuntimeReceiptOk ? [] : ['repo_doctrine_runtime_receipt_missing_or_invalid']),
+          ...(primitiveReceiptOk ? [] : [`active_primitive_count_below_${UNIVERSAL_TURN_PACKET_PRIMITIVE_FLOOR}`]),
+          ...(mappingReceiptOk ? [] : [`active_mapping_count_below_${UNIVERSAL_TURN_PACKET_MAPPING_FLOOR}`]),
+          ...(qaSkillReceiptOk ? [] : [`qa_skill_count_below_${UNIVERSAL_TURN_PACKET_QA_SKILL_FLOOR}`]),
+          ...(correctionSkillReceiptOk ? [] : [`correction_skill_count_below_${UNIVERSAL_TURN_PACKET_CORRECTION_SKILL_FLOOR}`]),
+          ...(hiveObserverSourceTopologyOk ? [] : ['hive_observer_source_topology_missing_or_under_floor']),
+          ...(hiveSiblingSessionBroadcastOk ? [] : ['hive_sibling_session_broadcast_missing_or_under_floor']),
+          ...(cognitiveRuntimeReceiptOk ? [] : ['cognitive_runtime_receipts_missing_or_invalid']),
+          ...(dynamicOperatorSelectionOk ? [] : ['dynamic_operator_selection_missing_or_invalid']),
+          ...(phaseRuntimeExecutionOk ? [] : ['phase_runtime_execution_missing_or_invalid']),
+          ...(gardenMemorySubstrateOk ? [] : ['garden_memory_substrate_missing_or_invalid']),
+          ...(qaCorrectionLearningOk ? [] : ['qa_correction_learning_receipt_missing_or_invalid']),
+          ...(weakQaEnhancementLoopOk ? [] : ['weak_qa_enhancement_loop_receipt_missing_or_invalid']),
+          ...(ownerApprovalPacketOk ? [] : ['owner_approval_packet_missing_or_non_blocking']),
+          ...(fullSkillBodiesInjected ? ['full_skill_bodies_injected_into_provider_prompt'] : []),
+          ...(runtime.ok ? [] : [`runtime_status_${runtime.status}`]),
+        ],
+        correctionSkills: [
+          'aria-quality-audit',
+          'tadabbur',
+          'qiyas-analogy',
+          'mizan',
+          'forge-quality-rules',
+          'aria-harness-no-stripping',
+        ],
+      },
+      learningLoop: {
+        style: 'dalio_reflexion',
+        lesson: ok
+          ? 'Keep one shared mechanical skill-and-runtime receipt as the control point; do not turn skills into expensive prompt stuffing.'
+          : 'When mechanical execution fails, repair missing skills, cookbooks, runtime operators, or receipt binding before any provider turn executes.',
+        integratedIntoNextPacket: true,
+      },
+    };
+  }
+
+  async recordGovernanceOutcome(args: {
+    surfaceId?: GovernedSurfaceId;
+    verdict?: 'pass' | 'fail' | 'block';
+    summary: string;
+    evidence?: Record<string, unknown>;
+    sessionId?: string;
+  }): Promise<{ ok: boolean; before: number; after: number; delta: number; ledger: string }> {
+    const sessionId = args.sessionId ?? this.sessionId;
+    const ledger = sessionLedgerPath(this.governanceLedgerRoot, sessionId);
+    const before = countLines(ledger);
+    const payload = {
+      kind: 'governance_outcome',
+      text: args.summary,
+      surfaceId: args.surfaceId ?? 'codex',
+      verdict: args.verdict ?? 'pass',
+      evidence: args.evidence ?? {},
+      refs: [`governed-surface:${args.surfaceId ?? 'codex'}`],
+      source: 'aria-connector-governed-surface-runner',
+      resolution_status: args.verdict === 'fail' ? 'open' : 'resolved',
+      sessionId,
+      at: new Date().toISOString(),
+    };
+
+    try {
+      await this.client.runtimeRequest('/record-discovery', payload);
+    } catch {
+      const parent = path.dirname(ledger);
+      await mkdir(parent, { recursive: true });
+      appendFileSync(ledger, `${JSON.stringify(payload)}\n`);
+    }
+
+    let after = countLines(ledger);
+    if (after < before + 1) {
+      const parent = path.dirname(ledger);
+      await mkdir(parent, { recursive: true });
+      appendFileSync(ledger, `${JSON.stringify(payload)}\n`);
+      after = countLines(ledger);
+    }
+
+    return {
+      ok: after >= before + 1,
+      before,
+      after,
+      delta: after - before,
+      ledger,
+    };
+  }
+
+  async ensureAllowedRoot(): Promise<boolean> {
+    await mkdir(this.sandboxRoot, { recursive: true });
+    const root = await stat(this.sandboxRoot);
+    return root.isDirectory();
+  }
+
+  async writeSandboxFile(relativePath: string, contents: string): Promise<string> {
+    const target = path.join(this.sandboxRoot, relativePath);
+    await mkdir(path.dirname(target), { recursive: true });
+    await writeFile(target, contents, 'utf8');
+    return target;
+  }
+}