@chrono-meta/fh-gate 1.2.1 → 1.3.0

package/plugins/fh-meta/skills/harness-doctor/SKILL_detail.md

@@ -479,6 +479,6 @@ F7 (bash -n parse) is a general-purpose syntax capability. Other skills reuse it
 |---|---|---|
 | harness-doctor Step 10 (this) | Regression detection — new syntax errors from change | *Backward* |
 | steel-quench | Attack vector — "SKILL.md claims bash runs but has syntax errors" | *Adversarial* |
-| source-grounding-audit | Phantom claim — code in docs that doesn't parse = fabricated example | *Forward* |
+| phantom-quench | Phantom claim — code in docs that doesn't parse = fabricated example | *Forward* |
 
 For shared utility: `templates/regression_guard.sh` — extract `count_bad_blocks` function or invoke with ref pair.

package/plugins/fh-meta/skills/install-wizard/SKILL.md

@@ -323,6 +323,7 @@ Auto-check the following items based on detected environment. Each item classifi
 | MCP plugin | ~/.claude.json mcpServers contains entry | `python3 -c "import json,os; d=json.load(open(os.path.expanduser('~/.claude.json'))); print(list(d.get('mcpServers',{}).keys()))"` |
 | `deep-insight plugin` | settings.json plugins contains deep-insight | `grep -r "deep-insight" .claude/settings.json 2>/dev/null` |
 | `fh_env_context.jsonc` | `.claude/rules/fh_env_context.jsonc` exists | `ls .claude/rules/fh_env_context.jsonc` |
+| `phantom-gate` | **(Python + AI-output projects only)** `phantom-gate` present in `requirements.txt` / `pyproject.toml` | `grep "phantom.gate" requirements.txt pyproject.toml 2>/dev/null` |
 | `Streamlit pattern applied` | (Streamlit projects only, if the pattern pack is present) data_editor empty df branch/async wrapper/CSS numeric variables | CC `knowledge/shared/streamlit_patterns.md` Pattern 1-5 check (skip if file absent) |
 
 **Score calculation**: PASS = 1 point / MISS = 0.5 points / FAIL = 0 points → converted to 100-point scale.
@@ -363,6 +364,12 @@ install-wizard — Diagnosis Results ({score}/100)
       Copy: {FH_DIR}/templates/fh_env_context.jsonc → .claude/rules/fh_env_context.jsonc
       Then manually update with actual values for org name, Jira URL, environment status, etc.
       Effect: Each skill references common environment context → eliminate individual setting duplication
+  [9] Install phantom-gate — AI output hallucination detection (Python + AI-output projects only, if MISS)
+      Run: pip install git+https://github.com/chrono-meta/phantom-gate.git
+      Usage: phantom-gate scan output.txt / phantom-gate scan . --project
+      Detectors: M1 (phantom claims) · M2 (self-reference loops) · M3 (unvalidated external-dep claims) · M4 (temporal) · M5 (cross-file version mismatch)
+      Skip condition: non-Python project OR no AI-generated output in pipeline
+
 
 Each item: Y (approve) / N (skip) / L (later) / A (approve all)
 ```
@@ -559,7 +566,7 @@ ls ~/.cc_sentinels/${PROJECT_NAME}_wizard_done 2>/dev/null && echo "Inspection m
 |---|---|
 | Structural anomaly detected | `/harness-doctor` |
 | Token waste pattern detected | `/context-doctor` |
-| External user simulation needed | `/sim-conductor Area A` |
+| External user simulation needed | `/sim-conductor` |
 | Install conflict suspected | `/install-doctor` |
 
 ## Per-Cluster Deferred Loading (Progressive Disclosure)

package/plugins/fh-meta/skills/marketplace-gate/SKILL.md

@@ -187,7 +187,7 @@ All steps 0–2 completed
 + Overall verdict output (🟢 Recommended / 🟡 Conditional / 🔴 On hold)
 ```
 
-**→ Mandatory before 🟢 Recommended verdict: `source-grounding-audit`** — forward axis check on all citations, external URLs, and file path references in the asset being reviewed. A 🟢 verdict without source-grounding-audit is incomplete. If source-grounding-audit finds phantom refs → verdict downgrades to 🟡 Conditional automatically.
+**→ Mandatory before 🟢 Recommended verdict: `phantom-quench`** — forward axis check on all citations, external URLs, and file path references in the asset being reviewed. A 🟢 verdict without phantom-quench is incomplete. If phantom-quench finds phantom refs → verdict downgrades to 🟡 Conditional automatically.
 
 > When `agent-composer` receives a "comprehensive marketplace listing audit" request,
 > recommend: Wave 0 `fact-checker` → Wave 1 `marketplace-gate` + `hub-persona-auditor` in parallel.

package/plugins/fh-meta/skills/phantom-quench/SKILL.md

@@ -0,0 +1,248 @@
+---
+name: phantom-quench
+description: The grounding member of the quench series — extracts proper nouns, numerical values, and branching conditions from artifacts (TCs, analysis reports, design documents), back-traces them to declared source files, and marks anything not found as a Phantom Claim (ungrounded — present in the artifact but not traceable to a declared source; not a claim that it is necessarily false). If steel-quench attacks output patterns (self-declarations, cushion language), phantom-quench attacks input tracing (where did this come from?). Renamed from source-grounding-audit (2026-06-06, quench-series); `/source-grounding-audit` still resolves as an alias. Triggered by "phantom detection", "phantom-quench", "phantom claim", "hallucinated claim detection", "source back-trace", "source audit", "verify source", "TC evidence tracing", "where did this come from", "grounding audit", "source grounding audit", "false claim detection".
+user-invocable: true
+allowed-tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob"]
+model: sonnet
+---
+
+# phantom-quench — Input Tracing Grounding Audit
+
+> Just because an artifact looks plausible doesn't mean it's grounded in source. plausible ≠ grounded.
+
+> **Renamed from `source-grounding-audit` (2026-06-06)** — the grounding member of the quench series
+> (steel-quench · phantom-quench · goal-quench). Same skill, same ruleset; only the label changed to fit
+> the family. The **v1 paper (Zenodo 10.5281/zenodo.20397566) cites the old name** — that is the
+> historical record, not a phantom. `/source-grounding-audit` still resolves via the deprecated redirect
+> stub at `plugins/fh-meta/skills/source-grounding-audit/SKILL.md` (`successor: phantom-quench`).
+> This is a **label rename, not a capability change** — phantom-quench does not fuse steel-quench or
+> inject faults; those remain separate (orthogonality is deliberate — see Role Separation below).
+>
+> **Quench-series semantics** (resolves the "quench *what*?" question): each member subjects a different
+> thing to the forge — steel-quench hardens an **existing output**; phantom-quench hardens the system
+> against **mistaking the absent for present** (the phantom illusion — *not* the phantom as a material to
+> harden); goal-quench hardens the **goal itself** into an advanced version. Same verb, consistent grammar.
+>
+> **Not the same as `phantom-gate`.** `phantom-gate` is the *productized standalone* phantom detector — a
+> PyPI package run against any repo from the shell. `phantom-quench` is the *in-harness skill* — the same
+> detection lineage as a method invoked inside a Claude session against a declared source set. Tool vs
+> skill; different delivery, shared idea.
+
+When AI generates artifacts without reading the source, those artifacts look like domain knowledge but are actually **Phantom Claims** coming from LLM weights. This skill back-traces each claim in the artifact to the declared source to explicitly mark Phantoms.
+
+## Role Separation from steel-quench
+
+| Dimension | steel-quench | phantom-quench |
+|---|---|---|
+| **Attack target** | Output patterns (self-declarations, cushion language, reason for existence) | Input tracing (is the claim in the source?) |
+| **Core question** | "Is this structure flawed?" | "Where did this content come from?" |
+| **Activation timing** | All-angle quench just before completion | Immediately after source-based artifact generation or at point of suspicion |
+| **Primary attack vector** | Bus factor, self-reference, platform obsolescence | Phantom Claim, source not read, fabricated branching conditions |
+| **Representative pattern** | "Declaration only, no evidence" | "Number in TC that doesn't exist in source" |
+
+**Can be used together**: steel-quench Wave 1 real-code-based attack + phantom-quench Phantom marking can be run sequentially in the same session. But do not mix the roles of the two skills.
+
+---
+
+## Trigger Phrases
+
+| Phrase | Situation |
+|---|---|
+| "phantom detection", "phantom claim", "false claim detection" | Full artifact Phantom scan (primary trigger) |
+| "source back-trace", "source audit" | Analysis report, design document verification |
+| "verify source", "where did this come from" | Suspecting origin of a specific claim |
+| "TC evidence tracing", "TC source verification" | Post-TC-generation source consistency check |
+| "grounding audit", "source grounding audit" | Full artifact Phantom scan |
+| "verify evidence files" | Analysis report, design document verification |
+| `/phantom-quench` | Explicit call |
+
+---
+
+## Core Concept — Phantom Claim
+
+**Phantom Claim**: A claim that appears in the artifact but cannot be found in the declared source files.
+
+3 paths through which Phantoms are produced:
+
+| Path | Description | Risk |
+|---|---|:---:|
+| **Source not read** | AI generates artifact using domain knowledge without Read-ing source | S |
+| **Partial reading** | Source partially read, rest filled in with inference | A |
+| **Reconstruction contamination** | Source was read but LLM modified values/conditions during paraphrase | A |
+
+---
+
+## Execution Steps
+
+### Step 0. Confirm Audit Target
+
+If not provided by user, explicitly confirm: artifact file path, declared source files, and audit scope. Source not declared = S-grade blocker registered immediately.
+
+> **Detail**: See `SKILL_detail.md §Step0-Detail` — confirmation output format and simplification guard — read when audit target or source list is ambiguous.
+
+---
+
+### Step 0.5. Claim Distribution Profile
+
+> **Schema**: `knowledge/shared/harness-core/tpa_schema.md` — `phantom_risk` derivation rule, gate trigger conditions, §Gate Routing Table.
+
+Runs after Step 0 (target + source confirmed). Skip if user specifies scope explicitly.
+
+Scan artifact quickly to classify claim distribution:
+
+| Dimension | Signal → Audit depth shift |
+|---|---|
+| `claim_density` | > 10 claims → full Step 1-4 audit; ≤ 3 claims → light (S+A only) |
+| `artifact_type` | SKILL.md/design-doc → prioritize Branch/State-transition claims; code → prioritize Proper-noun/API claims |
+| `risk_level` | external publish / arXiv citations → all claim types, max depth |
+| `source_count` | 0 declared sources → S-grade blocker immediately (skip to Step 3 prescription) |
+| `quantitative_density` | > 3 numerical claims → focus numerical+range types first |
+
+Scope recommendation output:
+```
+Claim types to prioritize: [list]
+Audit depth: [full | prioritized | light]
+Immediate blockers detected: [yes/no — 0 sources = immediate S-grade]
+```
+
+**0-source behavioral rule**: When artifact has 0 declared sources, skip Steps 1-2 entirely and go directly to Step 3 with S-grade blocker: "Source not declared — all claims unverifiable."
+
+---
+
+### Step 1. Claim Extraction (Artifact Scan)
+
+Extract claims from the artifact that require source back-tracing. Claim types: Proper nouns (highest), Numerical/range values (highest), Branching conditions (highest), State transitions (high), Preconditions (high), Actors (medium). Exclude generic test methodology descriptions and generic UI patterns.
+
+> **Detail**: See `SKILL_detail.md §Step1-Detail` — full claim types table with examples, exclude list, and Step 1 output format template — read when deciding which claims to include or format the extraction results.
+
+---
+
+### Step 2. Source Read + Back-Trace
+
+Back-trace each claim to the declared source files using Read + Grep directly — no inference judgment. Partial match is not treated as match.
+
+Back-tracing classification:
+
+| Classification | Criteria | Marking |
+|---|---|:---:|
+| **Grounded** | Claim directly confirmed in source | ✅ |
+| **Partial** | Similar content in source but not exact match — needs re-confirmation | ⚠️ |
+| **Phantom** | Cannot be found in source | ❌ |
+| **Source-Missing** | Source itself cannot be Read or was not declared | 🔴 |
+
+> **Detail**: See `SKILL_detail.md §Step2-Detail` — back-tracing execution procedure, classification decision rules, and Step 2 output format template — read when handling edge cases or formatting results.
+
+---
+
+### Step 3. Phantom Classification + Prescription
+
+Classify Phantom and Partial claims by severity and provide prescriptions.
+
+**Severity classification criteria**:
+
+| Severity | Criteria | Examples |
+|:---:|---|---|
+| **S** (Immediate blocker) | If this claim is wrong, TC could Pass-judge incorrect behavior | Monetary boundary values, branching conditions, status values |
+| **A** (Must fix) | If this claim is wrong, TC cannot execute or runs wrong path | API endpoint names, field names, preconditions |
+| **B** (Improvement recommended) | If this claim is wrong, TC can execute but intent may differ | Descriptive text, non-critical names |
+
+Prescriptions: (1) Source Re-read — precisely re-read the relevant source section and fix; (2) Request source specification — when source doesn't exist or wasn't declared; (3) Delete/rewrite — delete claims without source grounding and rewrite from source.
+
+> **Detail**: See `SKILL_detail.md §Step3-Detail` — prescription procedures and Step 3 output format template — read when writing the classification table or applying a prescription.
+
+**S-grade Immediate Human Gate** — if 1+ S-grade Phantoms found, pause before Step 4/5 and surface:
+
+```
+⚠️  phantom-quench: N S-grade Phantom(s) found:
+  - [claim 1 — one-line summary, location]
+  - [claim 2 — one-line summary, location]
+
+Options:
+  (a) Continue — AI proceeds to Step 4 pattern diagnosis + Step 5 re-audit
+  (b) Human review first — inspect Phantoms directly, then proceed
+  (c) Abort — fix sources manually and re-run audit
+
+Waiting for input. (Default: a)
+```
+
+Rationale: S-grade Phantoms that enter Step 5 re-audit without human review risk LLM reconstruction contamination — the same pattern that originally produced the Phantoms can "verify" its own fixes. Human review at this threshold breaks the loop.
+
+---
+
+### Step 4. Source Not-Read Pattern Detection (Meta Diagnosis)
+
+Analyze Phantom distribution to diagnose structural problems in the artifact generation process. Reveal "why were these Phantoms produced", not just "this TC is wrong".
+
+**Pattern detection criteria**:
+
+| Pattern | Detection Condition | Meaning |
+|---|---|---|
+| **Source not read** | 3+ Phantoms and no or partial source Read history | AI generated using domain knowledge without reading source |
+| **Partial reading contamination** | Partial items exceed 30% of total | AI read source partially and filled rest with inference |
+| **Reconstruction modification** | Source value exists but unit/format/range modified in TC | LLM paraphrase process contamination |
+| **Source declaration absent** | Source file not specified when generating artifact | Process design stage problem |
+
+**Simplification guard**: If 0 Phantoms, skip Step 4 entirely. Replace with one line: "Source grounding adequate."
+
+> **Detail**: See `SKILL_detail.md §Step4-Detail` — Step 4 output format template — read when writing the pattern diagnosis section.
+
+---
+
+### Step 5. Post-Fix Re-audit (Optional)
+
+Re-run back-trace for S-grade blocker claims after fixes are complete. Activate when 1+ S-grade blockers exist and fix is immediately possible.
+
+**Done When (re-audit)**: Back-trace results for fixed claims all show Grounded (✅) status.
+
+---
+
+## Completion Declaration Format
+
+> **Template**: See `SKILL_detail.md §Report-Template` — full completion declaration format — read when producing the final audit summary.
+
+---
+
+## Connected Skills
+
+| Situation | Connected Skill |
+|---|---|
+| Simultaneously verify output patterns (self-declarations, cushion language) | `/steel-quench` Wave 1 "real-use verification" angle |
+| Re-verify Phantom patterns from external user perspective | `/sim-conductor Area A` |
+| Source not-read is a harness structure problem | `/harness-doctor` |
+| Phantom pattern is a candidate for new rule items | `fh-meta:persona-innovator` |
+| Redesign the artifact generation prompt itself | `/meta-prompt-builder` |
+
+---
+
+## External User Environment Adaptation
+
+This skill can be used independently without the full meta-harness structure.
+
+**How to declare source files**: When generating artifacts, specify "source: [file path list]", or provide source files when invoking this skill.
+
+**External environment fallback**:
+- If no `tracks/_meta/` → skip persistence step
+- If no project-specific rules (like PFD) → output Phantom pattern summary only
+
+---
+
+## Done When
+
+```
+Step 1 claim extraction complete
++ Step 2 all claims back-traced (using Read tool — no inference judgment)
++ Step 3 Phantom severity classification + prescription output
++ Step 4 process pattern diagnosis complete (skip if 0 Phantoms)
++ "phantom-quench Complete" declaration output
+```
+
+Verdict: PASS (0 Phantom claims) | CONDITIONAL_PASS (LOW-severity Phantoms only, prescriptions noted) | FAIL (1+ HIGH/MEDIUM Phantom — broken path, phantom file, or stale external link) | ESCALATE (scope unclear or claim extraction impossible)
+
+---
+
+## Operating Notes
+
+- **Never back-trace by inference**: Judging "this value is probably in the source" treats it as Partial not Phantom. Always directly confirm with Read + Grep.
+- **Partial is not Grounded**: Processing similar-value-in-source as Grounded misses the reconstruction modification pattern.
+- **Source not declared itself is S-grade**: If source is not declared when making an artifact, no claim can subsequently be verified. Recommend mandating source declaration in the process design stage.
+- **Recommended to use with steel-quench**: steel-quench quenches structural flaws, phantom-quench ensures source consistency. The two skills are orthogonal and artifact quality assurance is strengthened when used together.

package/plugins/fh-meta/skills/{source-grounding-audit → phantom-quench}/SKILL_detail.md

@@ -1,4 +1,4 @@
-# source-grounding-audit — Execution Detail
+# phantom-quench — Execution Detail
 
 On-demand reference. Load the section indicated by the pointer in SKILL.md.
 
@@ -153,7 +153,7 @@ Process prescription:
 **Completion Declaration Format**
 
 ```
-## source-grounding-audit Complete
+## phantom-quench Complete
 
 Audit scope: {artifact file} / source {N files}
 {N} total claims audited
@@ -179,4 +179,4 @@ Next actions:
 
 **Evidence Record**
 
-- **Verified in practice**: TC generation without reading source files → steel-quench passes → source-grounding-audit back-trace detects numerous Phantoms (notifications vs. push notifications, version names vs. non-enrolled, bottom sheet vs. screen navigation). **Procedure**: Read sources in order then regenerate → replace with source-based TCs. **Recurrence prevention**: Source gate implementation — FileNotFoundError if required source files absent. steel-quench misses this because: outputs look logically sound so pattern attacks cannot identify Phantoms — only source back-tracing can detect them.
+- **Verified in practice**: TC generation without reading source files → steel-quench passes → phantom-quench back-trace detects numerous Phantoms (notifications vs. push notifications, version names vs. non-enrolled, bottom sheet vs. screen navigation). **Procedure**: Read sources in order then regenerate → replace with source-based TCs. **Recurrence prevention**: Source gate implementation — FileNotFoundError if required source files absent. steel-quench misses this because: outputs look logically sound so pattern attacks cannot identify Phantoms — only source back-tracing can detect them.

package/plugins/fh-meta/skills/pipeline-conductor/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: pipeline-conductor
-description: Chains the four core FH verification pipelines (harvest-loop → steel-quench → source-grounding-audit → sim-conductor) into a single gated sweep. Accepts a scope (single skill, specific asset, full harness) and aggregates results into one structured report. Supports --quick mode (steps 2+3 only) and --full mode (all four steps). Triggered by "run the full pipeline", "chain all verifications", "end-to-end sweep", "pipeline-conductor", or "verify everything".
+description: Chains the four core FH verification pipelines (harvest-loop → steel-quench → phantom-quench → sim-conductor) into a single gated sweep. Accepts a scope (single skill, specific asset, full harness) and aggregates results into one structured report. Supports --quick mode (steps 2+3 only) and --full mode (all four steps). Triggered by "run the full pipeline", "chain all verifications", "end-to-end sweep", "pipeline-conductor", or "verify everything".
 user-invocable: true
 allowed-tools: ["Read", "Write", "Bash", "Grep", "Glob", "Agent"]
 model: sonnet
@@ -10,7 +10,7 @@ model: sonnet
 
 Chains the four standalone FH verification pipelines into a gated sequence. Each step receives the previous step's verdict before proceeding. Aggregates all findings into a single structured report at the end.
 
-The gap this closes: harvest-loop, steel-quench, source-grounding-audit, and sim-conductor are each invocable independently but have no automatic hand-off between them. Running them sequentially by hand loses inter-step signal — a FAIL in step 2 should block step 3 rather than silently continuing. pipeline-conductor enforces that ordering.
+The gap this closes: harvest-loop, steel-quench, phantom-quench, and sim-conductor are each invocable independently but have no automatic hand-off between them. Running them sequentially by hand loses inter-step signal — a FAIL in step 2 should block step 3 rather than silently continuing. pipeline-conductor enforces that ordering.
 
 ## Triggers
 
@@ -92,7 +92,7 @@ Do not infer scope — a wrong scope produces misleading verdicts.
 
 The four constituent skills use heterogeneous scope models. Translate the pipeline scope to each skill's invocation form before running any step:
 
-| Pipeline scope | harvest-loop (Step 1) | steel-quench (Step 2) | source-grounding-audit (Step 3) | sim-conductor (Step 4) |
+| Pipeline scope | harvest-loop (Step 1) | steel-quench (Step 2) | phantom-quench (Step 3) | sim-conductor (Step 4) |
 |---|---|---|---|---|
 | Single SKILL.md | Check session findings relevant to this skill; propose mode only | Adversarial attack on this SKILL.md | Back-trace claims in this SKILL.md to declared sources | Area D (artifact review) on this SKILL.md |
 | Specific directory | Check session findings in this domain | Attack all SKILL.md files in directory | Back-trace all claims in directory | Area A + Area D on the domain |
@@ -219,13 +219,13 @@ Run steel-quench against the target scope.
 
 ---
 
-## Step 3. source-grounding-audit — Phantom Claim Detection
+## Step 3. phantom-quench — Phantom Claim Detection
 
-Run source-grounding-audit against the target scope.
+Run phantom-quench against the target scope.
 
 **What it checks**: Proper nouns, numerical values, file paths, and branching conditions back-traced to declared source files. Claims not found in source are marked Phantom.
 
-**Invocation**: Run source-grounding-audit scoped to the same target as Steps 1 and 2.
+**Invocation**: Run phantom-quench scoped to the same target as Steps 1 and 2.
 
 **Load-bearing Phantom** (binary test — apply mechanically):
 
@@ -238,7 +238,7 @@ All other locations (§Triggers, advisory §Chains language, frontmatter descrip
 
 **Verdict criteria**:
 
-| source-grounding-audit result | pipeline-conductor verdict |
+| phantom-quench result | pipeline-conductor verdict |
 |---|---|
 | 0 Phantoms, all claims grounded | `PASS` |
 | Phantom claims found, none load-bearing (binary test) | `CONDITIONAL_PASS` — list Phantoms |
@@ -246,12 +246,12 @@ All other locations (§Triggers, advisory §Chains language, frontmatter descrip
 | Grounding ambiguous (source file exists but content unclear) | `ESCALATE` |
 
 **On FAIL**: Output the load-bearing Phantom(s). Ask:
-> "source-grounding-audit found a load-bearing Phantom claim. Fix and re-run Step 3, or abort the sweep?"
+> "phantom-quench found a load-bearing Phantom claim. Fix and re-run Step 3, or abort the sweep?"
 
 **On CONDITIONAL_PASS**: Capture non-load-bearing Phantoms. Continue to Step 4.
 
 ```
-[Step 3 — source-grounding-audit]
+[Step 3 — phantom-quench]
   Verdict: {verdict}
   Basis:   {one-line}
   Phantoms: {count} — {load-bearing: Y/N} — {top item or "none"}
@@ -320,7 +320,7 @@ pipeline-conductor — Sweep Report
   Step 0.5 — return-path-gate:       {PASS / CONDITIONAL_PASS / FAIL / SKIPPED / degraded}
   Step 1   — harvest-loop:           {PASS / CONDITIONAL_PASS / FAIL / ESCALATE / SKIPPED}
   Step 2   — steel-quench:           {verdict}
-  Step 3   — source-grounding-audit: {verdict}
+  Step 3   — phantom-quench: {verdict}
   Step 4   — sim-conductor:          {verdict}
 
   Overall: {CLEAN (--full) / CLEAN (--quick) / CLEAN (--no-sim) / PENDING / BLOCKED}

package/plugins/fh-meta/skills/public-surface-audit/SKILL.md

@@ -24,6 +24,7 @@ breaks the "public repo = model-agnostic methodology only" invariant.
 
 - `/public-surface-audit`
 - `/public-surface-audit --target <repo path>`
+- `/public-surface-audit --json` (machine-parseable verdict for hook-gating — see Step 5)
 - "Did I leak anything into the public repo?", "public surface audit", "private token scan"
 - "Check tracked files for private tokens", "is my public/private split clean?"
 - "Did any operator-private token survive into a tracked file?", "scan before publish"
@@ -137,6 +138,38 @@ not "edit the HTML by hand". Flag them with a `(generated artifact)` note.
 
 ---
 
+## Step 3b. FP Hygiene — Placeholder & Example Exclusion
+
+A scan that flags its own placeholders erodes trust. Two **value-shape** classes are never real leaks
+and are dropped before the report — imported from `gstack-redact`'s canonical-example allowlist, scoped
+in PSA's direction to the *matched token* (not the whole line, so a real leak sharing a substring still
+reports):
+
+- **Angle-bracket placeholders** — the matched token is itself a placeholder (`<your-unix-username>`,
+  `<company-asset>`, `{project}`). PSA dogfoods these in Step 1; the scan must not report them as leaks.
+- **Canonical dummy values** — the matched token is a documented example/dummy (`EXAMPLE`, `dummy`,
+  `changeme`, `REDACTED`, `xxxx`, AWS-doc keys like `AKIAIOSFODNN7EXAMPLE`). A high-entropy *example* is
+  not a secret.
+
+```bash
+# FP-hygiene tests the MATCHED TOKEN only — never the whole line. A line-level `grep -v` would
+# suppress a real leak that merely *mentions* an example (e.g. `user=<realname> # see EXAMPLE.md`),
+# violating PSA's "allowlist tight" rule. So extract the matched span per hit and drop it only when
+# the span is *entirely* a placeholder/example (anchored ^…$).
+PLACEHOLDER='^(<[a-z0-9_-]+>|\{project\}|EXAMPLE|dummy|changeme|REDACTED|xxxx)$'
+grep -nIE "$regex" $(cat /tmp/_psa_tracked.txt) 2>/dev/null | while IFS= read -r hit; do
+  tok=$(printf '%s' "$hit" | grep -oiE "$regex" | head -1)
+  printf '%s' "$tok" | grep -qiE "$PLACEHOLDER" && continue   # token IS a placeholder → drop
+  printf '%s\n' "$hit"
+done
+```
+
+This differs from the Step 2 allowlist: Step 2 suppresses by **file::token legitimacy**, Step 3b by
+**token value-shape**. Both run — Step 2 then Step 3b. Keep it tight (PSA's "allowlist tight" rule): if a
+token only *contains* an example substring but is otherwise a real private value, it still reports.
+
+---
+
 ## Step 4. Report
 
 ```
@@ -175,6 +208,32 @@ tokens in {N} tracked files (X allowlist-suppressed)." Do not print empty severi
 
 ---
 
+## Step 5. Machine Output (`--json`) — Hook-Gateable Verdict
+
+By default PSA prints the Step 4 human report. With `--json`, emit a machine-parseable verdict so a
+**pre-publish / pre-push hook can gate on counts mechanically** — turning PSA from advisory into
+enforceable (FH's "enforcement is a hook, not a prompt" principle). Imported from `gstack-redact --json`.
+
+```json
+{
+  "target": "{REPO_PATH}",
+  "tracked_files": 0,
+  "findings": [
+    {"file": "path", "line": 42, "token": "<matched>", "severity": "HIGH", "class": "username"}
+  ],
+  "counts": {"HIGH": 0, "MED": 0, "LOW": 0, "suppressed": 0},
+  "verdict": "CLEAN"
+}
+```
+
+`verdict` is one of `CLEAN | REVIEW | LEAK | NOT_CONFIGURED` (same thresholds as Step 4). **`verdict` is
+authoritative — never gate on `counts` alone**: a counts-only check (`HIGH==0 && MED==0`) misreads
+`NOT_CONFIGURED` (which also has zero counts) as a pass. A caller blocks when `verdict` is `LEAK` **or**
+`NOT_CONFIGURED` — an unconfigured scan is not a pass (the same silent-failure guard as the human path:
+absence ≠ CLEAN).
+
+---
+
 ## Connected Skills
 
 | Situation | Connected skill |
@@ -182,7 +241,7 @@ tokens in {N} tracked files (X allowlist-suppressed)." Do not print empty severi
 | Broader pre-publish repo readiness (README, license, API keys) | `/marketplace-gate` (Check 5 Public Safety is the wide net; this skill is the private-token detail) |
 | A leak is a recurring process gap, not a one-off | log via `field-harvest` → candidate `#rule-candidate` |
 | Where should the leaked content actually live? | `/asset-placement-gate` (hub vs project vs CLAUDE.local.md) |
-| Phantom refs / stale links on the same surface | `/source-grounding-audit` (forward axis — orthogonal to this leak axis) |
+| Phantom refs / stale links on the same surface | `/phantom-quench` (forward axis — orthogonal to this leak axis) |
 
 ---
 
@@ -222,3 +281,20 @@ Verdict: **CLEAN** (0 tokens after allowlist) | **REVIEW** (LOW-only — drift,
   leak even though hand-editing it is wrong — report it, prescribe "regenerate from sanitized source".
 - **Allowlist tight, not loose**: when unsure whether a reference is legitimate, report it. A false LEAK
   the user dismisses is cheaper than a real leak suppressed by an over-broad allowlist.
+- **Auto-redact deliberately not imported**: `gstack-redact` offers `--auto-redact` (rewrite + diff). PSA's
+  philosophy is *report + prescribe; the human decides where the line goes* — auto-redacting a HIGH
+  (username/company) hit would pre-empt that judgment, and auto-editing a generated artifact is explicitly
+  wrong (regenerate from source). If ever imported, restrict to the MED absolute-home-path class only
+  (mechanically safe: `/Users/<user>/` → `~/` or `{project}`), never HIGH, never generated files.
+
+---
+
+## Sister-Asset Provenance
+
+Step 3b (FP hygiene) and Step 5 (`--json`) were imported from **garrytan/gstack** `gstack-redact`
+(`lib/redact-engine.ts`) during a hands-on sister-asset cross-audit (2026-06-06; see
+`tracks/_audit/session_2026_06_06_gstack_sister_handson.md`). They are adapted to PSA's operator-IP
+ontology — `gstack-redact`'s generic secret/PII classes (AWS / PEM / JWT / hostname) stay out of PSA's
+scope (orthogonal coverage: PSA = operator-IP leak, redact = generic secret). The reverse direction
+(PSA's operator private-codename + bare-username classes, which `gstack-redact` structurally cannot
+detect) is a candidate contribution back to gstack.

package/plugins/fh-meta/skills/return-path-gate/SKILL.md

@@ -132,7 +132,7 @@ Apply the following decision rules per (caller → callee) pair.
 | Caller identity | Tier |
 |---|:---:|
 | Core pipeline skill (harvest-loop, steel-quench, apex-review, agent-composer, sim-conductor, pipeline-conductor) | HIGH |
-| Diagnostic or gate skill (harness-doctor, source-grounding-audit, verify-bidirectional, return-path-gate) | MEDIUM |
+| Diagnostic or gate skill (harness-doctor, phantom-quench, verify-bidirectional, return-path-gate) | MEDIUM |
 | Utility or advisory skill (context-doctor, plugin-recommender, frontier-digest, etc.) | LOW |
 
 *Callee consequence tier*:
@@ -239,7 +239,7 @@ Verdict: PASS (0 HIGH severity OPEN chains) | CONDITIONAL_PASS (MEDIUM/LOW sever
 | Situation | Connected Skill |
 |---|---|
 | Check harness structural completeness alongside chain closure | `/harness-doctor` |
-| Verify phantom references in §Chains targets (callee skill actually exists) | `/source-grounding-audit` |
+| Verify phantom references in §Chains targets (callee skill actually exists) | `/phantom-quench` |
 | Run chain audit as pre-flight before parallel dispatch | `pipeline-conductor` Step 0.5 calls this skill |
 | Prescribe verdict format for callee skills missing structured output | `/meta-prompt-builder` |
 | Chain OPEN finding becomes improvement candidate | `/field-harvest` |

package/plugins/fh-meta/skills/sim-conductor/SKILL.md

@@ -79,7 +79,7 @@ Read target artifact(s) → classify on 5 dimensions → output recommendation
 | `audience` | external installer / first-time user → newcomer↑ · internal team only → devil↑ |
 | `claim_density` | 3+ stated benefits or superlatives → devil-advocate↑ |
 | `risk_level` | external publish / marketplace listing → steel-quench prerequisite triggered |
-| `novelty` | first-of-its-kind / no prior session evidence → source-grounding-audit recommended |
+| `novelty` | first-of-its-kind / no prior session evidence → phantom-quench recommended |
 
 ```
 Target Profile output:
@@ -92,7 +92,7 @@ Recommendation:
   Areas: [list + rationale]
   Persona composition: [list + weight]
   Scale: [Minimum 3 | Extended 4–8 | Full ≤16]
-  Prerequisites: [steel-quench / source-grounding-audit / none]
+  Prerequisites: [steel-quench / phantom-quench / none]
 ```
 
 #### Persona Discovery (after profile → before dispatch)
@@ -271,6 +271,63 @@ Domain-expert objection (E-1) + Practitioner confusion (E-2) in parallel → Pat
 
 ---
 
+## Step 1.5 — Persona Output Protocol + Neutral Synthesizer (parallax)
+
+Generalized from the field `deep-insight` multi-persona pattern (fh-be #7), domain-stripped and renamed
+**parallax** for public FH (it is a mode of this skill, not a separate skill — see asset-placement
+2026-06-06). It gives the persona dispatch above a shared output contract + a neutral aggregator, so
+multi-persona findings stay comparable and the synthesis injects no bias of its own.
+
+**Shared persona output protocol** — every dispatched persona emits the same shape, whatever its lens:
+
+```
+### Strengths        (0–3, from this persona's viewpoint)
+### Concerns
+  Critical   — compile/runtime failure · clear logic error · data corruption · security leak
+  Important  — significant user/service impact in a plausible scenario
+  Suggestion — optional improvement
+  (each item: [file:line or quoted span] one-line summary — rationale)
+### Open questions   (0–3 items needed for a decision)
+### Absence check    (outside-vantage personas — newcomer/integrator: what does the artifact FAIL to
+                      specify that this standpoint needs? discoverability · undocumented contract ·
+                      unstated assumption. A normal, self-administrable rubric item — surfaces real gaps.)
+```
+
+**FP judgment discipline** — only escalate when confident. Never escalate: pre-existing issues not
+introduced by this change · style/quality without a quotable rule · linter-catchable · speculative
+("might break if…") · subjective preference (→ Suggestion). **If not confident, do not mark it** — false
+positives erode reviewer trust.
+
+**Neutral synthesizer** — the aggregator is a NON-persona; it adds no opinion of its own:
+- No opinion injection — never a conclusion no persona stated.
+- Preserve attribution — always traceable which persona said what.
+- Priority labels verbatim — Critical/Important/Suggestion carried as the persona set them.
+- No forced consensus or forced conflict — report Common opinions (2+ personas agree) and Conflicts
+  (position A vs B, each with rationale) as-is. Feeds Step 2 M/S/R triage (M ← Critical or 2+ personas).
+
+The two severity vocabularies are layered, not redundant: a persona running **in isolation** assigns only
+its own Critical/Important/Suggestion — it cannot assign M/S/R, since `S = found by 3+ personas` depends on
+cross-persona agreement the isolated persona never sees. The synthesizer is the only context that can triage
+to M/S/R. So isolation *requires* the per-persona → synthesized two-layer split.
+
+**External-harness persona sourcing** — isomorphic to steel-quench Step 0.4 (Specialized Reviewer
+Discovery) + Wave 5 (external CLI teams). A needed lens may be sourced from an **installed sibling
+harness**, not only the built-in palette — e.g. gstack `/review` (staff-engineer), `/cso`
+(security-officer), `/qa` (QA-lead) when gstack is installed. sim-conductor orchestrates; the sibling
+supplies the specialist lens. Same ①installed → ②fallback → ③fetch priority as Persona Discovery — an
+external harness's review-skills count as ① installed sources, widening the persona pool without FH
+shipping every specialist.
+
+> **Absence check — resolved (added above)**: the clean replication (fh-be RESULT9 Arm F: identical
+> artifact, explicit omission prompt, ownership-only variable) found self ≈ isolated (~90% overlap) —
+> **omission-detection is self-administrable when explicitly asked**, refuting the earlier "the author
+> can't see their own omissions" (Arm E, a prompt/design-drift artifact). So the Absence check is a
+> normal, valuable rubric item (it surfaces real undocumented-contract gaps), not a special isolation-only
+> power. The pattern's value is rubric/standpoint *supply + routine enforcement* (copyable utility), not
+> de-biasing — see `knowledge/shared/patterns/multi-persona-review.md`.
+
+---
+
 ## Step 2 — Synthesis
 
 | Tier | Criteria | Action |

package/plugins/fh-meta/skills/sim-conductor/SKILL_detail.md

@@ -144,10 +144,10 @@ Target Profile:
   novelty: high (references recent paper)
 
 Recommendation:
-  Areas: D-code + source-grounding-audit (quantitative claims)
+  Areas: D-code + phantom-quench (quantitative claims)
   Persona composition: challenger (claim-evidence), domain-expert (arXiv validity)
   Scale: Minimum (3)
-  Prerequisites: source-grounding-audit recommended (novelty + citations)
+  Prerequisites: phantom-quench recommended (novelty + citations)
 ```
 
 ---