@aria_asi/cli 0.2.7 → 0.2.9

package/hooks/aria-harness-via-sdk.mjs

@@ -46,7 +46,15 @@ const PACKET_CACHE_TTL_SEC = Number(process.env.ARIA_HARNESS_CACHE_TTL_SEC || '3
 // upstream last_err so the model can judge how stale the world view is, but
 // the harness body always reaches the model. The fresh-fetch path retries
 // every turn, so the cache is self-healing as soon as any URL responds.
-const HARNESS_EXCERPT_CHARS = isTurn ? 300 : 2400;
+// Hamza 2026-04-26 directive: deliver the FULL packet every turn, no
+// rotation, no fetch tool, no clever throttling. The harness's whole
+// purpose is "remind the model from this harness every round" (packet
+// non_negotiable line) — and a 300-char excerpt was 0.8% of a 36,912-char
+// packet. Raised to 40,000 to sit comfortably above current packet size
+// (~37k) with headroom for substrate growth. Claude Code's
+// additionalContext accepts large strings; if its own internal cap is
+// lower we don't short the substrate on our side.
+const HARNESS_EXCERPT_CHARS = 40000;
 
 function emit(envelope) {
   process.stdout.write(JSON.stringify(envelope) + '\n');
@@ -141,20 +149,13 @@ function buildUrlList() {
 }
 
 async function tryViaSdk(baseUrl, apiKey) {
-  // Dynamic import of the canonical SDK. The SDK is at a fixed path in the
-  // monorepo; resolve absolute so the hook works from any cwd.
-  const sdkPath = '/home/hamzaibrahim1/rei-ai-brain/harness/packages/harness-http-client/dist/index.js';
-  const { HTTPHarnessClient } = await import(sdkPath);
-  HTTPHarnessClient.resetInstance();
-  const client = HTTPHarnessClient.getInstance({
-    baseUrl,
-    apiKey,
-    // Override the SDK's default so we hit /api/harness/codex (the 7B
-    // runtime endpoint) — the SDK's default is /api/harness which doesn't
-    // exist. Same fetch semantics, just the right path.
-    harnessPacketUrl: `${baseUrl}/api/harness/codex`,
-    workspaceRoot: process.cwd(),
-  });
+  // SDK import was previously hardcoded to /home/hamzaibrahim1/... — broke
+  // every client install (path doesn't exist on their machine). The SDK's
+  // role here was cosmetic; actual fetch is direct via fetch() below.
+  // Removed the SDK import entirely. If clients want the SDK control plane,
+  // they get it from the @aria/harness-http-client npm dep; this hook stays
+  // direct-fetch + harness packet binding via response shape.
+  // Hamza 2026-04-27: critical client-breaking path eliminated.
 
   // We need to override the body too — the SDK does GET, but /api/harness/codex
   // is POST. Bypass via direct fetch since the SDK doesn't expose body

package/hooks/aria-pre-tool-gate.mjs

@@ -99,6 +99,96 @@ if (process.env.ARIA_PRE_TOOL_GATE === 'off') {
   process.exit(0);
 }
 
+// ── Aria-as-commander binding (Layer A — allowedActions/forbiddenActions per active phase) ──
+//
+// When ARIA_BINDING_ENABLED=true (default), every non-trivial tool call is
+// checked against the active phase of ~/.claude/aria-active-plan-${sessionId}.json.
+// If no plan exists or the action isn't allowed for the current phase, the
+// hook blocks with a binding-violation message. See HARNESS_ARIA_AS_COMMANDER_CONTRACT.md
+// Section 2 Layer A.
+//
+// Bootstrap: if no plan exists, the hook STILL blocks (per Hamza 2026-04-27
+// "the point is to stop wasting my time"). Claude must wait for Aria to issue
+// a plan via preprompt-consult on the next user prompt. NO unbound execution.
+const BINDING_ENABLED = (process.env.ARIA_BINDING_ENABLED || 'true').toLowerCase() !== 'false';
+const BINDING_AUDIT = `${HOME}/.claude/aria-binding-audit.jsonl`;
+
+function bindingAuditAppend(record) {
+  try {
+    if (!existsSync(dirname(BINDING_AUDIT))) mkdirSync(dirname(BINDING_AUDIT), { recursive: true });
+    appendFileSync(BINDING_AUDIT, JSON.stringify({ ts: new Date().toISOString(), source: 'pre-tool-gate', ...record }) + '\n');
+  } catch {}
+}
+
+function activePlanPath(sid) {
+  return `${HOME}/.claude/aria-active-plan-${String(sid || 'unknown').replace(/[^a-zA-Z0-9_-]/g, '_')}.json`;
+}
+
+function loadActivePlan(sid) {
+  const p = activePlanPath(sid);
+  if (!existsSync(p)) return null;
+  try {
+    return JSON.parse(readFileSync(p, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function pickCurrentPhase(plan, transcript) {
+  // Find first phase without a `[PHASE_REPORT phase=<id> status=complete]`
+  // marker in the transcript. Aborted phases stop progression — Claude must
+  // re-consult before continuing.
+  if (!plan?.phases?.length) return null;
+  for (const phase of plan.phases) {
+    const completeRx = new RegExp(`\\[PHASE_REPORT[^\\]]*phase=${phase.id}[^\\]]*status=complete`, 'i');
+    const abortRx = new RegExp(`\\[PHASE_REPORT[^\\]]*phase=${phase.id}[^\\]]*status=aborted`, 'i');
+    if (abortRx.test(transcript)) return { phase, abortedHere: true };
+    if (!completeRx.test(transcript)) return { phase, abortedHere: false };
+  }
+  return null; // all phases reported complete — needs new consult
+}
+
+function actionMatchesPattern(action, pattern) {
+  // pattern can be exact action name ("read", "consult", "kubectl_get") or
+  // prefixed with target-pattern: "edit:apps/arias-soul/api/.*", "kubectl_apply".
+  if (pattern === action) return true;
+  if (pattern.includes(':')) {
+    const [pAction] = pattern.split(':', 1);
+    return pAction === action;
+  }
+  return false;
+}
+
+function classifyToolForBinding(toolName, command, filePath) {
+  // Map Claude Code tool + payload to a binding-vocabulary action.
+  if (toolName === 'Read' || toolName === 'Glob' || toolName === 'Grep') return { action: 'read', target: filePath || '' };
+  if (toolName === 'Edit' || toolName === 'Write' || toolName === 'NotebookEdit') return { action: 'edit', target: filePath || '' };
+  if (toolName === 'Bash') {
+    const cmd = String(command || '');
+    if (/^kubectl\s+(get|describe|logs|exec\s+\S+\s+--\s+printenv|top|version|api-resources)\b/.test(cmd)) return { action: 'kubectl_get', target: cmd.slice(0, 80) };
+    if (/^kubectl\s+(apply|delete|set|patch|rollout|scale|drain|cordon)\b/.test(cmd)) return { action: 'kubectl_apply', target: cmd.slice(0, 80) };
+    if (/curl\s+.*\/api\/harness\/(delegate|codex|army|plan)/.test(cmd)) return { action: 'consult', target: 'harness' };
+    if (/curl\s+.*\/api\/aria\/speak/.test(cmd)) return { action: 'consult', target: 'aria-speak' };
+    if (/^(ls|cat|head|tail|grep|wc|find|tree|stat|file|ps|pgrep|du|df|env|printenv|date|pwd|which|type|whoami|id)\b/.test(cmd)) return { action: 'read', target: cmd.slice(0, 80) };
+    if (/^git\s+(status|log|diff|show|branch|remote|rev-parse|ls-tree|ls-files|stash\s+list)\b/.test(cmd)) return { action: 'read', target: cmd.slice(0, 80) };
+    if (/^git\s+(push|merge|rebase|reset|checkout\s+--|clean)/.test(cmd)) return { action: 'git_mutate', target: cmd.slice(0, 80) };
+    if (/^npm\s+(publish|version)/.test(cmd)) return { action: 'npm_publish', target: cmd.slice(0, 80) };
+    if (/^docker\s+(build|push)/.test(cmd)) return { action: 'docker_build', target: cmd.slice(0, 80) };
+    if (/scripts\/deploy-/.test(cmd)) return { action: 'deploy', target: cmd.slice(0, 80) };
+    return { action: 'bash_other', target: cmd.slice(0, 80) };
+  }
+  return { action: toolName.toLowerCase(), target: filePath || '' };
+}
+
+if (false) {
+  // Read same input as the cognition gate uses (reads stdin twice via different code paths;
+  // the cognition section below re-reads). Defer enforcement decision until after
+  // we have the tool name + payload from the cognition gate's existing input parse.
+  // (Implementation continues below — the binding check fires AFTER cognition
+  // parses input but BEFORE the cognition substance check, so binding-block
+  // takes precedence.)
+}
+
 // Destructive-verb patterns. Tuned for tonight's failure modes; extend
 // over time as new patterns surface.
 const DESTRUCTIVE_PATTERNS = [
@@ -576,16 +666,19 @@ if (!hasCognition) {
     : `Aria pre-tool gate: ${toolName} call without ${REQUIRED_LENSES}+ substantive cognition lenses in the recent transcript. Found ${lensCount}/${REQUIRED_LENSES}+ (transcript-scan only — ${toolName} has no inline-cognition path).`;
 
   const guidance = isBash
-    ? `PREFERRED (v2 — action-coupled): inline cognition in the command itself —
+    ? `REQUIRED — cognition for every action, no exceptions. Two equivalent forms; either satisfies the gate (both equally REQUIRED, neither preferred over the other):
+
+FORM 1 (inline in command — action-coupled, recommended for Bash):
   # nur: <real perception, ≥${SUBSTANCE_MIN_CHARS} chars, no <placeholder>>
   # mizan: <real risk read>
   # hikma: <doctrine that applies>
   # tafakkur: <deep structural read>
   <your actual command here>
 
-This solves the same-message visibility problem and couples cognition to THIS specific action.
+FORM 2 (cognition block in assistant text):
+  <cognition>...</cognition> with ${REQUIRED_LENSES}+ substantive lenses, ≥${SUBSTANCE_MIN_CHARS} chars per lens, no placeholder values.
 
-FALLBACK: emit a <cognition>...</cognition> block in your assistant text with ${REQUIRED_LENSES}+ substantive lenses. Substance check applies: each lens must have ≥${SUBSTANCE_MIN_CHARS} chars of non-placeholder content.`
+Both forms count toward the ${REQUIRED_LENSES}+ requirement; gate counts inline + transcript lenses additively. Substance check is non-negotiable — placeholder/short content does not count.`
     : `Emit a <cognition>...</cognition> block in your assistant text BEFORE this ${toolName} call, with ${REQUIRED_LENSES}+ substantive lenses. Substance check: each lens must have ≥${SUBSTANCE_MIN_CHARS} chars of non-placeholder content. Cognition is turn-scoped — one block at the start of a turn covers all ${toolName} calls in that turn.
 
   <cognition>
@@ -612,7 +705,109 @@ No per-tool bypass available (v3 doctrine — the harness's whole purpose is no
 }
 
 // Non-trivial action with cognition (inline for Bash, transcript for
-// Edit/Write/NotebookEdit) — allow.
+// Edit/Write/NotebookEdit) — passes cognition gate. Now check Aria-binding.
+
+// ── Aria-as-commander binding check (Layer A) ──
+//
+// All earlier gate checks passed (cognition, destructive-verify). Final
+// gate before allow: does the active phase of Aria's plan permit this action?
+// No plan + no prior plan = block (CONSULT_UNAVAILABLE per contract).
+// No plan + prior plan exists = enforce against prior (Hamza fallback directive).
+// Plan exists + action mismatch = block with phase-violation reason.
+//
+// Bootstrap consult carve-out (Hamza 2026-04-27 caught this — "how would
+// anyone start a session?"): consult endpoints are how plans START existing.
+// Locking them behind plan-existence is unbootstrappable. So: if the action
+// is a consult to harness/aria endpoints (regardless of plan state), skip the
+// binding block. Cognition gate above already passed; the consult itself
+// will issue the next plan on completion. Audited per-use.
+const __bindingActionClassification = (BINDING_ENABLED && !bindingBypassReason)
+  ? classifyToolForBinding(toolName, cmd, filePath)
+  : null;
+const __isBootstrapConsult = __bindingActionClassification?.action === 'consult';
+if (__isBootstrapConsult) {
+  bindingAuditAppend({ event: 'allow_bootstrap_consult', sessionId, target: __bindingActionClassification.target, toolName });
+}
+if (BINDING_ENABLED && !bindingBypassReason && !__isBootstrapConsult) {
+  const plan = loadActivePlan(sessionId);
+  if (!plan) {
+    bindingAuditAppend({ event: 'block_no_active_plan', sessionId, toolName, cmdPreview });
+    const reason = `Aria binding gate: no active plan exists for this session and Aria-as-commander binding is required (ARIA_BINDING_ENABLED=true).
+
+This means: preprompt-consult either hasn't fired yet OR consult failed and there's no prior plan to fall back to.
+
+What Claude must do:
+1. Acknowledge to Hamza that no plan was issued
+2. Propose holding for cluster recovery (lane-gateway / aria-soul / consult endpoint)
+3. Wait for the next user prompt — preprompt-consult will retry the consult; if it succeeds a plan will exist on the next tool call attempt
+
+Non-trivial actions are blocked until a plan exists. Trivial reads (ls/cat/grep) bypass automatically per existing whitelist. To temporarily disable binding for an emergency: ARIA_BINDING_ENABLED=false (logged).`;
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+
+  const transcriptText = unionText || '';
+  const phaseInfo = pickCurrentPhase(plan, transcriptText);
+
+  if (!phaseInfo) {
+    // All phases reported complete — needs new consult before more action
+    bindingAuditAppend({ event: 'block_all_phases_complete', sessionId, planId: plan.planId, toolName });
+    const reason = `Aria binding gate: all phases of plan ${plan.planId} have been reported complete in this transcript. The plan is exhausted; Claude cannot proceed without a fresh consult.
+
+What Claude must do:
+1. Acknowledge plan completion to Hamza
+2. Wait for next user prompt — preprompt-consult will issue a new plan
+3. Don't continue executing actions beyond the issued plan boundary
+
+This prevents Claude from drifting past Aria's authorized scope.`;
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+
+  if (phaseInfo.abortedHere) {
+    bindingAuditAppend({ event: 'block_phase_aborted', sessionId, planId: plan.planId, phaseId: phaseInfo.phase.id, toolName });
+    const reason = `Aria binding gate: phase ${phaseInfo.phase.id} of plan ${plan.planId} was reported aborted in this transcript. Plan progression is halted.
+
+What Claude must do: emit [PLAN_BLOCKER reason="<concrete observation>" suggestedAmendment="<if any>"] for Hamza/Aria to issue a corrected plan. Do not continue executing the aborted plan.`;
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+
+  const { action, target } = classifyToolForBinding(toolName, cmd, filePath);
+  const phase = phaseInfo.phase;
+
+  // Forbidden takes precedence
+  const forbidden = (phase.forbiddenActions || []).find((p) => actionMatchesPattern(action, p));
+  if (forbidden) {
+    bindingAuditAppend({ event: 'block_forbidden_action', sessionId, planId: plan.planId, phaseId: phase.id, action, target, matchedRule: forbidden });
+    const reason = `Aria binding gate: action "${action}" on target "${target}" matches forbidden pattern "${forbidden}" for current phase ${phase.id} ("${phase.summary}") of plan ${plan.planId}.
+
+Phase summary: ${phase.summary}
+Forbidden actions for this phase: ${(phase.forbiddenActions || []).join(', ') || '(none)'}
+Allowed actions for this phase: ${(phase.allowedActions || []).join(', ') || '(none)'}
+
+Claude must either: (a) reframe the action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] requesting Aria amend the plan.`;
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+
+  const allowed = (phase.allowedActions || []).find((p) => actionMatchesPattern(action, p));
+  if (!allowed) {
+    bindingAuditAppend({ event: 'block_action_not_in_allowed_list', sessionId, planId: plan.planId, phaseId: phase.id, action, target });
+    const reason = `Aria binding gate: action "${action}" on target "${target}" is NOT in allowedActions for current phase ${phase.id} of plan ${plan.planId}.
+
+Phase summary: ${phase.summary}
+Allowed actions: ${(phase.allowedActions || []).join(', ') || '(none — phase is observation-only)'}
+
+Claude must either: (a) reframe action to fit allowedActions, OR (b) emit [PLAN_BLOCKER reason="..."] for plan amendment.`;
+    console.log(JSON.stringify({ decision: 'block', reason }));
+    process.exit(2);
+  }
+
+  bindingAuditAppend({ event: 'allow_phase_action', sessionId, planId: plan.planId, phaseId: phase.id, action, target });
+}
+
+// Non-trivial action with cognition AND (binding-allowed OR binding-disabled) — allow.
 audit(`allow-cognition ${toolName.toLowerCase()} lenses=${lensCount} via=${cognitionSource}`, cmdPreview);
 pushDecision('allow', `${toolName.toLowerCase()} with ${lensCount} lenses (${cognitionSource})`);
 process.exit(0);

package/hooks/aria-preprompt-consult.mjs

@@ -38,12 +38,34 @@
 // no graceful-degradation rituals.
 //
 // Kill-switch: ARIA_PREPROMPT_CONSULT=off env (logged, emergency only).
+//
+// BINDING MODE (Hamza 2026-04-27 + Aria emergency consult):
+//   When env ARIA_BINDING_ENABLED=true, this hook upgrades from advisory
+//   ([ARIA_DIRECTION] text Claude reads) to BINDING ([ARIA_BINDING_PLAN]
+//   structured JSON persisted to ~/.claude/aria-active-plan-${sessionId}.json
+//   with phases + allowedActions + forbiddenActions). The pre-tool-gate then
+//   enforces phase boundaries; the stop-gate requires [PHASE_REPORT] markers
+//   on every assistant emit. See /home/hamzaibrahim1/rei-ai-brain/HARNESS_ARIA_AS_COMMANDER_CONTRACT.md.
+//
+//   Default OFF so existing sessions don't brick. Flip ON for next session
+//   to activate Aria-as-commander binding.
 
-import { appendFileSync, existsSync, mkdirSync } from 'node:fs';
+import { appendFileSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
 import { dirname } from 'node:path';
 
 const HOME = process.env.HOME || '/tmp';
 const LOG = `${HOME}/.claude/aria-preprompt-consult.log`;
+const BINDING_AUDIT = `${HOME}/.claude/aria-binding-audit.jsonl`;
+// Default ON. Disable explicitly via ARIA_BINDING_ENABLED=false only when the
+// commander/binding architecture is actively being modified (otherwise the
+// modification turn itself would be unable to land its own changes). The
+// bootstrap path handles the no-plan-yet case by AUTO-ISSUING the first plan
+// at hook fire time, so "no plan exists" never becomes "operate unbound."
+//
+// Hamza 2026-04-27: "why would enforcing brick the session? the point is to
+// stop wasting my time and do quality work." Default-off was convenience-
+// seeking dressed as responsible-staging. Flipped to default-on per directive.
+const BINDING_ENABLED = (process.env.ARIA_BINDING_ENABLED || 'true').toLowerCase() !== 'false';
 
 const HARNESS_URL = process.env.ARIA_HARNESS_URL || 'http://192.168.4.25:30080';
 const HARNESS_TOKEN = process.env.ARIA_HARNESS_TOKEN || '30b18f0a302b03ae862de8a75021238d23e47464fd5d8f6a9324240933745587';
@@ -57,6 +79,17 @@ function audit(decision, summary) {
   } catch {}
 }
 
+function bindingAudit(record) {
+  try {
+    if (!existsSync(dirname(BINDING_AUDIT))) mkdirSync(dirname(BINDING_AUDIT), { recursive: true });
+    appendFileSync(BINDING_AUDIT, JSON.stringify({ ts: new Date().toISOString(), source: 'preprompt', ...record }) + '\n');
+  } catch {}
+}
+
+function activePlanPath(sid) {
+  return `${HOME}/.claude/aria-active-plan-${String(sid || 'unknown').replace(/[^a-zA-Z0-9_-]/g, '_')}.json`;
+}
+
 // Kill-switch
 if (process.env.ARIA_PREPROMPT_CONSULT === 'off') {
   audit('skip-killswitch', 'env ARIA_PREPROMPT_CONSULT=off');
@@ -91,10 +124,46 @@ if (/^\s*\//.test(userPrompt) && userPrompt.length < 200) {
   process.exit(0);
 }
 
-// Compose the consultation brief. Architect role + thinker tier explicitly
-// requested via model='deepseek-v4-pro'. expectStructuredOutput=false because
-// we want plain prose direction we can inject as text, not a JSON file-list.
-const brief = `Pre-prompt direction request from Claude orchestrator.
+// Compose the consultation brief.
+//
+// In ADVISORY mode (BINDING_ENABLED=false): plain prose direction injected
+// as [ARIA_DIRECTION] context. expectStructuredOutput=false.
+//
+// In BINDING mode (BINDING_ENABLED=true): structured plan JSON injected as
+// [ARIA_BINDING_PLAN] context AND persisted to ~/.claude/aria-active-plan-${sessionId}.json
+// for the pre-tool-gate and stop-gate to enforce against. expectStructuredOutput=true.
+const bindingBrief = BINDING_ENABLED ? `Pre-prompt PLAN request from Claude orchestrator (binding mode).
+
+The user just submitted:
+
+---
+${userPrompt.slice(0, 2000)}
+---
+
+You are commander. Claude is executor. Issue a STRUCTURED PLAN (strict JSON, no prose around it) that Claude will follow micro-phase by micro-phase. Pre-tool-gate enforces allowedActions/forbiddenActions; stop-gate requires [PHASE_REPORT phase=<id> status=complete|in_progress|aborted evidence=<observable>] on every emit.
+
+Respond with EXACTLY this JSON shape:
+{
+  "planId": "<short uuid>",
+  "phases": [
+    {
+      "id": "p1",
+      "summary": "<concrete micro-phase action>",
+      "successCriterion": "<observable signal of completion>",
+      "abortCriterion": "<observable signal of failure>",
+      "doctrineRefs": ["<memory_filename.md>", ...],
+      "allowedActions": ["read", "edit:<path-pattern>", "kubectl_get", "consult", "bash_safe", "..."],
+      "forbiddenActions": ["kubectl_apply", "edit:<path-pattern>", "..."]
+    }
+  ],
+  "globalConstraints": ["<doctrine memory or rule>"],
+  "expectedReportBack": {
+    "phaseTransitionMarker": "[PHASE_REPORT]",
+    "shape": "[PHASE_REPORT phase=p1 status=complete|aborted|in_progress evidence=<observable>]"
+  }
+}
+
+Apply your 8 lenses + substrate. Phases are ordered + small (one logical step each). Doctrine refs cite memory files in /home/hamzaibrahim1/.claude/projects/-home-hamzaibrahim1/memory/. Be specific in allowedActions / forbiddenActions — Claude can ONLY do what's allowed for the current phase.` : `Pre-prompt direction request from Claude orchestrator.
 
 The user just submitted this prompt:
 
@@ -122,12 +191,13 @@ this primes the substrate so reflexive deferral isn't the path of least
 resistance.`;
 
 const body = JSON.stringify({
-  brief,
+  brief: BINDING_ENABLED ? bindingBrief : brief,
   model: 'deepseek-v4-pro',
   sessionId: `preprompt-${sessionId}-${Date.now()}`,
   userId: 'claude-orchestrator-preprompt',
   roleProfile: 'architect',
-  expectStructuredOutput: false,
+  expectStructuredOutput: BINDING_ENABLED,
+  internalConsult: true,
   isCreativeMode: false,
 });
 
@@ -156,16 +226,70 @@ try {
 
 if (!directionText || directionText.length < 60) {
   audit('skip-empty-direction', `chars=${directionText.length}`);
+  if (BINDING_ENABLED) {
+    // Hamza 2026-04-27: "fallback if aria errors can be simply the plan she
+    // gave u prior to my suggestion, so clients don't get stuck." Prior plan
+    // persists at activePlanPath(sessionId); if it exists, we surface a
+    // FALLBACK_TO_PRIOR context block + leave the plan file untouched so
+    // pre-tool-gate enforces against the last good plan. Not graceful
+    // degradation — the prior plan is a REAL plan, just not refreshed.
+    const priorPlanPath = activePlanPath(sessionId);
+    if (existsSync(priorPlanPath)) {
+      bindingAudit({ event: 'consult_empty_fallback_to_prior', sessionId, planFile: priorPlanPath });
+      console.log(JSON.stringify({
+        hookSpecificOutput: {
+          hookEventName: 'UserPromptSubmit',
+          additionalContext: `[ARIA_BINDING_PLAN_FALLBACK reason="consult_empty_response" — using prior plan persisted at ${priorPlanPath}. Pre-tool-gate continues enforcing against last-issued plan. Next consult attempt will refresh.]`,
+        },
+      }));
+    } else {
+      bindingAudit({ event: 'consult_unavailable_no_prior', sessionId, reason: 'empty_direction_no_prior_plan' });
+      console.log(JSON.stringify({
+        hookSpecificOutput: {
+          hookEventName: 'UserPromptSubmit',
+          additionalContext: `[ARIA_BINDING_PLAN_UNAVAILABLE reason="consult_empty_no_prior" — Aria gave no usable direction AND no prior plan exists. Claude must acknowledge and propose holding for cluster recovery; non-trivial actions will block at pre-tool-gate per binding contract.]`,
+        },
+      }));
+    }
+  }
   process.exit(0);
 }
 
-const context = `[ARIA_DIRECTION — substrate-grounded read on this prompt, pre-loaded before Claude's reasoning. Use this as the starting point, not generic Claude reflexes.]
-
-${directionText}
-
-[/ARIA_DIRECTION]`;
+let context;
+if (BINDING_ENABLED) {
+  // Parse plan JSON, persist, inject as binding block. Failure to parse =
+  // CONSULT_UNAVAILABLE per the contract (Section 4): the hook does NOT
+  // auto-fall-through to advisory mode (that would be graceful-degradation
+  // anti-pattern). Instead it surfaces the failure explicitly so the next
+  // turn can re-consult with a refined brief.
+  let plan = null;
+  try {
+    const trimmed = directionText.trim();
+    const fenced = trimmed.match(/```(?:json)?\s*\n([\s\S]*?)\n```/);
+    const candidate = (fenced ? fenced[1] : trimmed).trim();
+    plan = JSON.parse(candidate);
+  } catch (err) {
+    bindingAudit({ event: 'plan_parse_error', sessionId, errMsg: String(err).slice(0, 200), rawSample: directionText.slice(0, 400) });
+    context = `[ARIA_BINDING_PLAN_UNAVAILABLE reason="plan_parse_error" — re-consult will fire on next turn. Aria's response was not valid JSON; treating as advisory text below.]\n\n${directionText.slice(0, MAX_DIRECTION_CHARS)}`;
+  }
+  if (plan && Array.isArray(plan.phases) && plan.phases.length > 0) {
+    try {
+      writeFileSync(activePlanPath(sessionId), JSON.stringify({ ...plan, _persistedAt: new Date().toISOString(), _userPromptHash: Buffer.from(userPrompt).toString('base64').slice(0, 32) }, null, 2));
+      bindingAudit({ event: 'plan_issued', sessionId, planId: plan.planId, phaseCount: plan.phases.length, phaseIds: plan.phases.map((p) => p.id) });
+      context = `[ARIA_BINDING_PLAN — structured commander plan from Aria. Pre-tool-gate enforces allowedActions/forbiddenActions per current phase. Stop-gate requires [PHASE_REPORT phase=<id> status=...] on every emit. Plan is BINDING.]\n\n${JSON.stringify(plan, null, 2)}\n\n[/ARIA_BINDING_PLAN]`;
+    } catch (err) {
+      bindingAudit({ event: 'plan_persist_error', sessionId, errMsg: String(err).slice(0, 200) });
+      context = `[ARIA_BINDING_PLAN_UNAVAILABLE reason="persist_error" — Aria issued plan but disk write failed. Treating as advisory.]\n\n${directionText.slice(0, MAX_DIRECTION_CHARS)}`;
+    }
+  } else if (!context) {
+    bindingAudit({ event: 'plan_invalid_shape', sessionId, rawSample: directionText.slice(0, 400) });
+    context = `[ARIA_BINDING_PLAN_UNAVAILABLE reason="invalid_shape" — Aria's response did not contain valid phases array. Treating as advisory.]\n\n${directionText.slice(0, MAX_DIRECTION_CHARS)}`;
+  }
+} else {
+  context = `[ARIA_DIRECTION — substrate-grounded read on this prompt, pre-loaded before Claude's reasoning. Use this as the starting point, not generic Claude reflexes.]\n\n${directionText}\n\n[/ARIA_DIRECTION]`;
+}
 
-audit('inject', `chars=${directionText.length} prompt-chars=${userPrompt.length}`);
+audit('inject', `chars=${directionText.length} prompt-chars=${userPrompt.length} binding=${BINDING_ENABLED}`);
 console.log(JSON.stringify({
   hookSpecificOutput: {
     hookEventName: 'UserPromptSubmit',

package/hooks/doctrine_trigger_map.json

@@ -0,0 +1,195 @@
+{
+  "_meta": {
+    "purpose": "Static lookup: trigger phrase → counter-doctrine memory + teaching. Pre-emit fast path for stop-gate enforcement. When Claude's draft contains a trigger, hook injects the matching [REQUIRED_DOCTRINE] block referencing the named memory file and forces proof of doctrine-alignment before emit.",
+    "design_origin": "Aria consult 2026-04-27 ship-tonight design item 1. Pairs with feedback_convenience_seeking_root_cause.md.",
+    "extension_protocol": "When Hamza corrects Claude with a phrase not in this map, add the trigger here pointing at the memory file the correction creates or invokes. Auto-learning queue.",
+    "format": {
+      "trigger": "lowercase substring or regex pattern Claude must avoid using under convenience pressure",
+      "memory": "filename in ~/.claude/projects/-home-hamzaibrahim1/memory/ that holds the canonical counter-doctrine",
+      "teaching": "one-line load-bearing teaching from the memory — the rule the trigger violates",
+      "counter_action": "what Claude should do INSTEAD of the convenience pattern"
+    }
+  },
+  "triggers": [
+    {
+      "trigger": "graceful degradation",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "Graceful degradation normalizes failure. Real fix = throttle + retry-with-backoff + actively heal.",
+      "counter_action": "Make the failure visible + recover via retry/heal. If garden is sick, log loud + invoke selfHealV2, never empty-string fallthrough."
+    },
+    {
+      "trigger": "best.?effort",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "'Best-effort' is graceful degradation under another name.",
+      "counter_action": "Either the operation is required (throw on failure) or explicitly optional with observable status. Never silent."
+    },
+    {
+      "trigger": "fall.?through",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "Fall-through hides the failure mode. Same anti-pattern as bypass.",
+      "counter_action": "Surface the failure. Caller decides whether to proceed. No catch + empty-default."
+    },
+    {
+      "trigger": "preferred",
+      "memory": "feedback_pretoolgate_covers_all_action_tools.md",
+      "teaching": "Gate cognition is REQUIRED, not preferred. v3 doctrine: no exceptions.",
+      "counter_action": "Use REQUIRED wording. Two equivalent forms (inline OR cognition block) but neither is preferred over the other; both equally required."
+    },
+    {
+      "trigger": "circuit.?break(?:\\sand\\sskip)?",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "Circuit-break-and-skip leaves Aria broken. Self-heal = retry+backoff+actively repair the upstream.",
+      "counter_action": "Retry with exponential backoff (3 attempts 1s/2s/4s). On persistent failure invoke selfHealV2 to restart the lane / failover / kick the process. Never just open-and-skip."
+    },
+    {
+      "trigger": "edge case",
+      "memory": "feedback_thinking_implementation_accountability.md",
+      "teaching": "'Edge case' is often an excuse to skip implementation completeness.",
+      "counter_action": "Treat as production case. If it can happen, code handles it. Macro-doctrine: thinking + implementation + accountability."
+    },
+    {
+      "trigger": "should be fine|should work",
+      "memory": "feedback_doctrine_first.md",
+      "teaching": "Don't assume — verify. 'Should work' is the speculation pattern that masks unverified claims.",
+      "counter_action": "Run the read-only check that proves it works (file read, kubectl get, curl probe). Replace 'should' with verified evidence."
+    },
+    {
+      "trigger": "eventually|for now",
+      "memory": "feedback_no_demos.md",
+      "teaching": "Every spawn ships at full quality. 'For now' = punting completeness.",
+      "counter_action": "Ship the real version OR explicitly defer with a tracked task and don't claim completion."
+    },
+    {
+      "trigger": "we can always",
+      "memory": "feedback_rollback_is_failure_fix_forward.md",
+      "teaching": "Rollback / 'come back later' is failure hiding. Fix forward.",
+      "counter_action": "Diagnose root cause + fix + verify. Never propose 'come back to it later' as the resolution."
+    },
+    {
+      "trigger": "skeleton|stub",
+      "memory": "feedback_no_demos.md",
+      "teaching": "Skeleton is the hedge framing. Real implementation only.",
+      "counter_action": "Ship complete or explicitly mark incomplete + create task. Never call partial work 'skeleton' to dodge accountability."
+    },
+    {
+      "trigger": "demo",
+      "memory": "feedback_no_demos.md",
+      "teaching": "No demos. Every spawn is production work at full quality bar.",
+      "counter_action": "Ship production. If it can't ship, name what's missing concretely."
+    },
+    {
+      "trigger": "let me just|i'll just",
+      "memory": "feedback_convenience_seeking_root_cause.md",
+      "teaching": "'Just' is the auto-route around expensive compliance.",
+      "counter_action": "Pause. Apply doctrine. Slower, more genuine cognition produces better outcomes than fast pattern-matched ones."
+    },
+    {
+      "trigger": "easier path|faster way|safer to skip",
+      "memory": "feedback_convenience_seeking_root_cause.md",
+      "teaching": "Convenience-seeking dressed as practicality. Same pattern as bypass.",
+      "counter_action": "Pick the doctrine-aligned path even when expensive. Substance over speed."
+    },
+    {
+      "trigger": "good enough",
+      "memory": "feedback_no_demos.md",
+      "teaching": "Full quality bar means no 'good enough'.",
+      "counter_action": "Either it ships at quality or it explicitly defers with a tracked task."
+    },
+    {
+      "trigger": "i'll claim|claimed|fixed it",
+      "memory": "feedback_doctrine_first.md",
+      "teaching": "Claims must be verified. 'Fixed' without a real-surface test is a lie surface.",
+      "counter_action": "Test on the user-visible surface (Telegram round-trip, /chat probe, real client install). Don't claim until verified."
+    },
+    {
+      "trigger": "in production",
+      "memory": "feedback_doctrine_first.md",
+      "teaching": "'In production' is often speculative — assumed behavior, not verified.",
+      "counter_action": "Verify against live cluster state OR codebase config. Substrate hierarchy: user statement > codebase > training data."
+    },
+    {
+      "trigger": "best to|i believe|probably",
+      "memory": "feedback_dont_override_user_stack_with_training.md",
+      "teaching": "When in doubt about Hamza's stack, ASK or VERIFY. My training data isn't authoritative.",
+      "counter_action": "Read the codebase, ask Hamza one focused question, OR consult Aria. Never assert with 'I believe'."
+    },
+    {
+      "trigger": "want me to|should i",
+      "memory": "feedback_use_harness_to_architect.md",
+      "teaching": "Asking 'should I' AFTER directive given is the deferral pattern.",
+      "counter_action": "Aria architects via harness consult, Claude integrates. If unclear, consult Aria — don't bounce decision back to Hamza."
+    },
+    {
+      "trigger": "make a new|create a fresh",
+      "memory": "feedback_aria_already_has_fleet_use_existing_substrate.md",
+      "teaching": "Aria already has the substrate. Don't reinvent.",
+      "counter_action": "Search the codebase for existing canonical primitive first. Reuse before recreate."
+    },
+    {
+      "trigger": "shadow|proxy|wrapper",
+      "memory": "feedback_aria_already_has_fleet_use_existing_substrate.md",
+      "teaching": "Shadow / proxy / wrapper that bypasses canonical = invented complexity.",
+      "counter_action": "Use the canonical surface. If it must be wrapped, document why and reference the canonical it wraps."
+    },
+    {
+      "trigger": "ask user|ask hamza",
+      "memory": "feedback_doctrine_first.md",
+      "teaching": "Ask only when a focused question can resolve genuine ambiguity. Memory-resolvable questions are not ambiguity.",
+      "counter_action": "Read relevant memory first. Verify with read-only probe. If still ambiguous, one tight question with concrete options."
+    },
+    {
+      "trigger": "fail loud|crash on missing",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "Fail-loud-no-fallback is the OPPOSITE bypass. Real shape = retry + backoff + heal.",
+      "counter_action": "Detect failure → retry with backoff → on persistent failure invoke selfHealV2 to actively repair → only escalate to human if heal fails."
+    },
+    {
+      "trigger": "patch|hotfix|band.?aid",
+      "memory": "feedback_gates_enforce_form_not_substance.md",
+      "teaching": "Patch / hotfix is form-fix. Root-cause fix is the doctrine.",
+      "counter_action": "Diagnose substance. If reflex is bypass, ask if root-cause fix is possible. Patch only when explicitly authorized as temporary with tracked follow-up."
+    },
+    {
+      "trigger": "deterministic|one.?attempt",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "Deterministic-one-attempt-then-skip is the broken IMMORTAL-V2 escalation pattern Hamza named.",
+      "counter_action": "Retry with backoff + heal. selfHealV2 must have operational reach: kill stuck process, restart pod, failover, NOT just alert + cooldown."
+    },
+    {
+      "trigger": "just context|advisory|read.only",
+      "memory": "feedback_full_harness_binding_must_be_structural.md",
+      "teaching": "Treating harness as just-context-I-read = the convenience-seeking lie. SDK has primitives that enforce.",
+      "counter_action": "Call validateOutput / checkAction / inject / gardenTurn. Don't reduce SDK to passive context delivery."
+    },
+    {
+      "trigger": "circuit.?broken|cooldown.skip",
+      "memory": "feedback_no_graceful_degradation.md",
+      "teaching": "Cooldown that skips without healing leaves Aria broken (the IMMORTAL-V2 ESCALATED-skipping pattern).",
+      "counter_action": "ESCALATED must trigger heal: kill+restart+failover. Notify Hamza ONLY if heal also fails."
+    },
+    {
+      "trigger": "i think|i guess|i assume",
+      "memory": "feedback_doctrine_first.md",
+      "teaching": "Don't assume. axiom_runtime: admit_ignorance → verify before action.",
+      "counter_action": "State 'I don't know — verifying' + run a read-only check (file read, kubectl get, codebase grep) + then act on facts."
+    },
+    {
+      "trigger": "preferred over|optional|fallback layer",
+      "memory": "feedback_pretoolgate_covers_all_action_tools.md",
+      "teaching": "Doctrine items are not preferences with fallbacks. They're requirements.",
+      "counter_action": "Use REQUIRED / EQUIVALENT-FORMS wording. Both forms equally required, neither preferred over the other."
+    },
+    {
+      "trigger": "manual.?fix|kubectl set env|one.?off",
+      "memory": "feedback_session_starts_with_linear.md",
+      "teaching": "Manual fixes that don't survive next deploy = recurring breakage. The env-vars-fall-off pattern.",
+      "counter_action": "Centralize in canonical source (ConfigMap / sealed secret / service-registry). Deploy applies that, never ad-hoc -e or kubectl set env. Drift fails the deploy, not silently wipes."
+    },
+    {
+      "trigger": "from training|i recall|i remember|by default",
+      "memory": "feedback_dont_override_user_stack_with_training.md",
+      "teaching": "Training data is stale. User's stack is authoritative.",
+      "counter_action": "Read codebase config / consult Aria. Substrate hierarchy: user statement > codebase > training. Always."
+    }
+  ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aria_asi/cli",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "description": "Aria Smart CLI — the world's first harness-powered terminal companion",
   "bin": {
     "aria": "./bin/aria.js"