John Agent Replacement Plan — Current Reconstructed

John Replacement Plan — Reconstructed Current Plan

Status: CURRENT_RECONSTRUCTED_PLAN_PENDING_CEO_SIGNOFF
Date: 2026-05-23
MC: #10599
Replaces: tombstone/stale marker created 2026-05-23 after the original file was absent.
Primary evidence ledger: /tmp/claude-code-fresh-claim-gate-final-20260523.md

0. Executive decision

Do not replace John by adding more advisory agents. Replace the unsafe behavior with deterministic, fail-closed enforcement at every output/delegation boundary:

1. Claude Code Stop hooks.
2. Claude Code PreToolUse delegation hooks.
3. Shared claim classifier.
4. Pi extension output boundary.
5. Virtual-company agent-runner.js response boundary.
6. Company Mesh response boundary.
7. Evidence-path and cost gates before large workflows.

Memory, HiveMind, RAG snippets, old state, and peer recollection are advisory only and must never be treated as evidence for ALAI/MC/system-state claims.

1. Current implemented foundation

Claude Code boundary

Current /Users/makinja/.claude/settings.json includes these enforcement hooks:

• PreToolUse Task|WebSearch|WebFetch: bash ~/.claude/hooks/pre-action-da-gate.sh
• Stop: bash ~/.claude/hooks/alai-claim-gate.sh
• Stop: python3 ~/.claude/hooks/john-determinism-gate.py
• Stop: python3 ~/.claude/hooks/claim-auto-probe-gate.py
• UserPromptSubmit: bash ~/.claude/hooks/boot-enforcer.sh

Current wrapper behavior:

• /Users/makinja/.claude/hooks/alai-claim-gate.sh runs /Users/makinja/system/tools/alai-claim-gate.js on Claude Code transcripts.
• It now fails closed with CLAUDE_STOP_HOOK_MISSING_TRANSCRIPT if Stop hook payload has no readable transcript.

Shared claim gate

/Users/makinja/system/tools/alai-claim-gate.js blocks factual/system-state claims without evidence. Current violation anchors include:

• STATE_CLAIM_WITHOUT_EXISTING_EVIDENCE_PATH
• ALAI_FACTUAL_CLAIM_WITH_ZERO_TOOL_CALLS

Pi boundary

• /Users/makinja/.pi/agent/extensions/alai-claim-gate.ts defaults ALAI_CLAIM_GATE_MODE to hard.
• /Users/makinja/.pi/agent/extensions/company-mesh-tools.ts explicitly states advisory sources are ADVISORY_NOT_EVIDENCE.

Virtual-company boundary

• /Users/makinja/system/tools/agent-runner.js runs shared claim gate before printing/saving agent output.
• /Users/makinja/system/tools/company-mesh.js runs shared claim gate before DB insertion for mesh responses.

2. Evidence already obtained

Evidence artifacts:

• /tmp/alai-hardening-evidence-20260523.md
• /tmp/alai-claim-gate-deadlock-fix-20260523.md
• /tmp/alai-fail-closed-retest-20260523.md
• /tmp/pi-virtual-company-claim-gate-20260523.md
• /tmp/pi-claim-gate-extension-harness-20260523.md
• /tmp/pi-fresh-session-claim-gate-20260523.md
• /tmp/agent-runner-claim-gate-smoke-20260523.md
• /tmp/pi-virtual-company-advisory-contract-20260523.md
• /tmp/smoke-test-agent-and-dev-state-cleanup-20260523.md
• /tmp/john-specs-stale-evidence-20260523.json
• /tmp/john-missing-specs-stale-markers-20260523.md
• /tmp/claude-code-fresh-claim-gate-final-20260523.md

Key fresh Claude Code evidence:

• Fresh normal-session hallucination smoke produced the unsupported sentence The MC task is completed and blueprint MUST can start.
• Claude Code Stop hook blocked it with exit code 2.
• Shared claim gate violations were STATE_CLAIM_WITHOUT_EXISTING_EVIDENCE_PATH and ALAI_FACTUAL_CLAIM_WITH_ZERO_TOOL_CALLS.
• --no-session-persistence no longer bypasses the claim gate; missing transcript fails closed.
• Synthetic readable-transcript regression: no-evidence blocks with rc=2, evidence-path retry allows with rc=0.

3. Replacement architecture

3.1 John core behavior

John may answer factual ALAI/MC/system-state questions only after tool verification. If current evidence is absent, John must answer one of:

• I have not verified that yet.
• BLOCKED: needs current tool evidence.
• I can verify with <specific tool/path> if you approve.

John must not claim:

• task completion,
• MC completion,
• blueprint readiness,
• hook activation,
• deployment/live status,
• agent execution,
• evidence existence,

unless a same-turn tool or cited existing evidence path supports it.

3.2 Enforcement-first design

The replacement is not a persona rewrite. It is a boundary system:

1. Prompt intake: boot/checklist freshness gate.
2. Tool dispatch: delegation cannot proceed without MC reference.
3. Assistant final output: Claude Stop hooks block unsupported claims.
4. Pi final output: Pi extension blocks unsupported claims hard by default.
5. Agent output: agent-runner.js blocks before response is saved/printed.
6. Mesh output: company-mesh.js blocks before DB write.
7. Evidence retry: existing evidence path can allow claims when the path exists.

3.3 Advisory-source quarantine

Every prompt or worker context must include this contract:

Memory, HiveMind, RAG snippets, old state, and peer recollection are ADVISORY_NOT_EVIDENCE for ALAI, MC, deployment, hook, workflow, agent, production, or task-status claims.

4. Blueprint MUST gate

Blueprint MUST workflows may start only if all conditions are true:

1. Fresh Claude Code claim-gate smoke has passed.
2. Missing-transcript/no-session bypass is fail-closed.
3. Pi and virtual-company output gates are hard or explicitly waived.
4. Cost review has been done for the current day/session.
5. User explicitly approves the run or provides a written waiver.
6. The workflow is run through a wrapper/checklist, not free chat.

Current state as of this reconstruction:

• Conditions 1 and 2 have evidence in /tmp/claude-code-fresh-claim-gate-final-20260523.md.
• Pi/virtual-company evidence exists in the listed /tmp artifacts.
• Cost is high today: latest observed cost probe returned $45.4829 total for Claude CLI usage.
• Therefore, large paid blueprint MUST execution still requires explicit approval/waiver.

5. Implementation phases

Phase A — Completed hardening baseline

• Fail-closed Claude hooks.
• Shared claim gate deadlock fix.
• Claude fresh-session smoke.
• Pi hard default.
• Agent-runner shared output gate.
• Company Mesh shared output gate.
• Dedicated smoke-test identity.
• Operational dev state cleanup.
• Stale missing John specs marked and then reconstructed.

Phase B — Immediate next local work

1. Validate syntax for modified code.
2. Validate these reconstructed specs exist and are not tombstones.
3. Create an evidence artifact for the reconstruction.
4. Do not mark MC #10599 or #10570 complete without CEO sign-off and any required commit/indexing evidence.

Phase C — Optional commit/index/sign-off work

Only after approval:

1. Commit or otherwise persist changed source files.
2. Index summary into approved memory mechanism if required.
3. Update MC #10599/#10570 status with evidence paths.
4. Run blueprint MUST wrapper/checklist if cost approval exists.

6. Risk controls

• Break-glass for missing transcript exists only via ALAI_CLAIM_GATE_ALLOW_MISSING_TRANSCRIPT=1 and must be treated as explicit maintenance waiver.
• Claude hook safe mode must not disable claim gates silently.
• Smoke tests must use dedicated smoke identity, not operational dev state.
• Any future stale/missing path must be tombstoned before it is reconstructed.

7. Open acceptance items

• CEO sign-off is pending.
• Commit/indexing evidence is pending.
• MC #10599 should remain open until sign-off and persistence requirements are satisfied.
• Blueprint MUST execution is still blocked on cost/approval despite gate readiness evidence.