@chrono-meta/fh-gate 1.2.2 → 1.3.0

package/plugins/fh-meta/skills/skill-splitter/SKILL.md

@@ -56,7 +56,7 @@ Step 3 — Draft SKILL_detail.md
     Front-matter: name, description, load: on-demand
 
 Step 4 — Verify
-    source-grounding-audit: every §pointer in SKILL.md resolves to ## §SectionName in SKILL_detail.md
+    phantom-quench: every §pointer in SKILL.md resolves to ## §SectionName in SKILL_detail.md
     sim-conductor Area D-skill: consumer agent with SKILL.md only → must reach grade F
     → Any pointer mismatch or grade P/B → fix before commit
 ```
@@ -101,9 +101,9 @@ Run on a SKILL.md when **any one** of:
 | Situation | Skill |
 |---|---|
 | Diagnose which SKILL.md files are candidates | `/context-doctor` or `/harness-doctor` |
-| Verify §pointer grounding after split | `/source-grounding-audit` |
+| Verify §pointer grounding after split | `/phantom-quench` |
 | Verify cold-start still works after split | `/sim-conductor D skill <name>` |
-| Check new SKILL_detail.md for phantom claims | `/source-grounding-audit` |
+| Check new SKILL_detail.md for phantom claims | `/phantom-quench` |
 | Adversarial review of the split result | `/steel-quench` |
 
 ---
@@ -115,7 +115,7 @@ Step 1 classification table produced
 + SKILL.md trimmed: triggers · principles · step overview · decision tables · Done When retained
 + SKILL.md has imperative pointer for every removed section (> **Detail**: See SKILL_detail.md §X)
 + SKILL_detail.md created: ## §SectionName header for every pointer in SKILL.md
-+ source-grounding-audit: 0 phantoms (all §pointers resolve)
++ phantom-quench: 0 phantoms (all §pointers resolve)
   → Fallback (skill unavailable): run §Verification-Checklist manually from SKILL_detail.md
 + sim-conductor Area D-skill: grade F (consumer completes core task from SKILL.md alone)
   → Fallback (skill unavailable): manually confirm "trigger → step overview → key decision → Done When" all present in SKILL.md

package/plugins/fh-meta/skills/skill-splitter/SKILL_detail.md

@@ -164,7 +164,7 @@ grep "^## §" plugins/{plugin}/skills/{name}/SKILL_detail.md
 ```
 
 Then run:
-- `/source-grounding-audit` — artifact: SKILL.md, declared source: SKILL_detail.md
+- `/phantom-quench` — artifact: SKILL.md, declared source: SKILL_detail.md
 - `/sim-conductor D skill {name}` — provide SKILL.md only, attempt core task from trigger phrase
 
 ---
@@ -177,7 +177,7 @@ Use before committing a completed split:
 |---|---|
 | Trigger phrases ≥ 3 | SKILL.md §Trigger Phrases has 3+ entries |
 | Done When defined | SKILL.md has Done When block with ≥1 measurable condition |
-| All §pointers resolve | source-grounding-audit: 0 phantoms |
+| All §pointers resolve | phantom-quench: 0 phantoms |
 | Cold-start grade F | sim-conductor Area D-skill: consumer reaches core completion |
 | No behavioral rule in SKILL_detail only | Any rule governing "what counts as X" present in SKILL.md |
 | No orphan §sections | Every ## §SectionName in SKILL_detail.md has a pointer from SKILL.md |

package/plugins/fh-meta/skills/source-grounding-audit/SKILL.md

@@ -1,230 +1,42 @@
 ---
 name: source-grounding-audit
-description: Extracts proper nouns, numerical values, and branching conditions from artifacts (TCs, analysis reports, design documents), back-traces them to declared source files, and marks as Phantom (false) if not found in source. If steel-quench attacks output patterns (self-declarations, cushion language), source-grounding-audit attacks input tracing (where did this come from?). Triggered by "phantom detection", "source back-trace", "source audit", "verify source", "TC evidence tracing", "where did this come from", "grounding audit", "source grounding audit", "phantom claim", "false claim detection".
-user-invocable: true
-allowed-tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob"]
+description: >-
+  RENAMED to phantom-quench (2026-06-06, quench-series rebrand). Same skill, same ruleset — only the
+  label changed to fit the quench family (steel-quench · phantom-quench · goal-quench). Use
+  /phantom-quench. This alias is retained so old references and the v1 paper's name still resolve.
+user-invocable: false
+allowed-tools: []
 model: sonnet
+deprecated: true
+deprecated_reason: renamed to phantom-quench (label-only; not a merge — same skill)
+deprecated_date: 2026-06-06
+successor: phantom-quench
 ---
 
-# source-grounding-audit — Input Tracing Grounding Audit
+# source-grounding-audit — RENAMED to `phantom-quench`
 
-> Just because an artifact looks plausible doesn't mean it's grounded in source. plausible ≠ grounded.
+> **Renamed to `phantom-quench` (2026-06-06).** This is a **label rename, not a deprecation-by-merge** —
+> the skill is unchanged and fully active under its new name. Invoke **`/phantom-quench`**.
 
-When AI generates artifacts without reading the source, those artifacts look like domain knowledge but are actually **Phantom Claims** coming from LLM weights. This skill back-traces each claim in the artifact to the declared source to explicitly mark Phantoms.
+## Why the rename
 
-## Role Separation from steel-quench
+phantom-quench is the **grounding member of the quench series** (steel-quench attacks output patterns ·
+phantom-quench traces inputs for Phantom Claims · goal-quench gates autonomous runs). The old descriptive
+name did not signal that family membership; the function is identical.
 
-| Dimension | steel-quench | source-grounding-audit |
-|---|---|---|
-| **Attack target** | Output patterns (self-declarations, cushion language, reason for existence) | Input tracing (is the claim in the source?) |
-| **Core question** | "Is this structure flawed?" | "Where did this content come from?" |
-| **Activation timing** | All-angle quench just before completion | Immediately after source-based artifact generation or at point of suspicion |
-| **Primary attack vector** | Bus factor, self-reference, platform obsolescence | Phantom Claim, source not read, fabricated branching conditions |
-| **Representative pattern** | "Declaration only, no evidence" | "Number in TC that doesn't exist in source" |
+## Where the skill lives now
 
-**Can be used together**: steel-quench Wave 1 real-code-based attack + source-grounding-audit Phantom marking can be run sequentially in the same session. But do not mix the roles of the two skills.
+`plugins/fh-meta/skills/phantom-quench/SKILL.md` (+ `SKILL_detail.md`) — full ruleset preserved
+(S-grade blocker, Human Gate, Pattern Diagnosis, etc.).
 
----
-
-## Trigger Phrases
-
-| Phrase | Situation |
-|---|---|
-| "phantom detection", "phantom claim", "false claim detection" | Full artifact Phantom scan (primary trigger) |
-| "source back-trace", "source audit" | Analysis report, design document verification |
-| "verify source", "where did this come from" | Suspecting origin of a specific claim |
-| "TC evidence tracing", "TC source verification" | Post-TC-generation source consistency check |
-| "grounding audit", "source grounding audit" | Full artifact Phantom scan |
-| "verify evidence files" | Analysis report, design document verification |
-| `/source-grounding-audit` | Explicit call |
-
----
-
-## Core Concept — Phantom Claim
-
-**Phantom Claim**: A claim that appears in the artifact but cannot be found in the declared source files.
-
-3 paths through which Phantoms are produced:
-
-| Path | Description | Risk |
-|---|---|:---:|
-| **Source not read** | AI generates artifact using domain knowledge without Read-ing source | S |
-| **Partial reading** | Source partially read, rest filled in with inference | A |
-| **Reconstruction contamination** | Source was read but LLM modified values/conditions during paraphrase | A |
-
----
-
-## Execution Steps
-
-### Step 0. Confirm Audit Target
-
-If not provided by user, explicitly confirm: artifact file path, declared source files, and audit scope. Source not declared = S-grade blocker registered immediately.
-
-> **Detail**: See `SKILL_detail.md §Step0-Detail` — confirmation output format and simplification guard — read when audit target or source list is ambiguous.
-
----
-
-### Step 0.5. Claim Distribution Profile
-
-> **Schema**: `knowledge/shared/harness-core/tpa_schema.md` — `phantom_risk` derivation rule, gate trigger conditions, §Gate Routing Table.
-
-Runs after Step 0 (target + source confirmed). Skip if user specifies scope explicitly.
-
-Scan artifact quickly to classify claim distribution:
-
-| Dimension | Signal → Audit depth shift |
-|---|---|
-| `claim_density` | > 10 claims → full Step 1-4 audit; ≤ 3 claims → light (S+A only) |
-| `artifact_type` | SKILL.md/design-doc → prioritize Branch/State-transition claims; code → prioritize Proper-noun/API claims |
-| `risk_level` | external publish / arXiv citations → all claim types, max depth |
-| `source_count` | 0 declared sources → S-grade blocker immediately (skip to Step 3 prescription) |
-| `quantitative_density` | > 3 numerical claims → focus numerical+range types first |
-
-Scope recommendation output:
-```
-Claim types to prioritize: [list]
-Audit depth: [full | prioritized | light]
-Immediate blockers detected: [yes/no — 0 sources = immediate S-grade]
-```
-
-**0-source behavioral rule**: When artifact has 0 declared sources, skip Steps 1-2 entirely and go directly to Step 3 with S-grade blocker: "Source not declared — all claims unverifiable."
-
----
-
-### Step 1. Claim Extraction (Artifact Scan)
-
-Extract claims from the artifact that require source back-tracing. Claim types: Proper nouns (highest), Numerical/range values (highest), Branching conditions (highest), State transitions (high), Preconditions (high), Actors (medium). Exclude generic test methodology descriptions and generic UI patterns.
-
-> **Detail**: See `SKILL_detail.md §Step1-Detail` — full claim types table with examples, exclude list, and Step 1 output format template — read when deciding which claims to include or format the extraction results.
-
----
-
-### Step 2. Source Read + Back-Trace
-
-Back-trace each claim to the declared source files using Read + Grep directly — no inference judgment. Partial match is not treated as match.
-
-Back-tracing classification:
-
-| Classification | Criteria | Marking |
-|---|---|:---:|
-| **Grounded** | Claim directly confirmed in source | ✅ |
-| **Partial** | Similar content in source but not exact match — needs re-confirmation | ⚠️ |
-| **Phantom** | Cannot be found in source | ❌ |
-| **Source-Missing** | Source itself cannot be Read or was not declared | 🔴 |
-
-> **Detail**: See `SKILL_detail.md §Step2-Detail` — back-tracing execution procedure, classification decision rules, and Step 2 output format template — read when handling edge cases or formatting results.
-
----
-
-### Step 3. Phantom Classification + Prescription
-
-Classify Phantom and Partial claims by severity and provide prescriptions.
-
-**Severity classification criteria**:
+## Record note (do not "fix")
 
-| Severity | Criteria | Examples |
-|:---:|---|---|
-| **S** (Immediate blocker) | If this claim is wrong, TC could Pass-judge incorrect behavior | Monetary boundary values, branching conditions, status values |
-| **A** (Must fix) | If this claim is wrong, TC cannot execute or runs wrong path | API endpoint names, field names, preconditions |
-| **B** (Improvement recommended) | If this claim is wrong, TC can execute but intent may differ | Descriptive text, non-critical names |
-
-Prescriptions: (1) Source Re-read — precisely re-read the relevant source section and fix; (2) Request source specification — when source doesn't exist or wasn't declared; (3) Delete/rewrite — delete claims without source grounding and rewrite from source.
-
-> **Detail**: See `SKILL_detail.md §Step3-Detail` — prescription procedures and Step 3 output format template — read when writing the classification table or applying a prescription.
-
-**S-grade Immediate Human Gate** — if 1+ S-grade Phantoms found, pause before Step 4/5 and surface:
-
-```
-⚠️  source-grounding-audit: N S-grade Phantom(s) found:
-  - [claim 1 — one-line summary, location]
-  - [claim 2 — one-line summary, location]
-
-Options:
-  (a) Continue — AI proceeds to Step 4 pattern diagnosis + Step 5 re-audit
-  (b) Human review first — inspect Phantoms directly, then proceed
-  (c) Abort — fix sources manually and re-run audit
-
-Waiting for input. (Default: a)
-```
-
-Rationale: S-grade Phantoms that enter Step 5 re-audit without human review risk LLM reconstruction contamination — the same pattern that originally produced the Phantoms can "verify" its own fixes. Human review at this threshold breaks the loop.
-
----
-
-### Step 4. Source Not-Read Pattern Detection (Meta Diagnosis)
-
-Analyze Phantom distribution to diagnose structural problems in the artifact generation process. Reveal "why were these Phantoms produced", not just "this TC is wrong".
-
-**Pattern detection criteria**:
-
-| Pattern | Detection Condition | Meaning |
-|---|---|---|
-| **Source not read** | 3+ Phantoms and no or partial source Read history | AI generated using domain knowledge without reading source |
-| **Partial reading contamination** | Partial items exceed 30% of total | AI read source partially and filled rest with inference |
-| **Reconstruction modification** | Source value exists but unit/format/range modified in TC | LLM paraphrase process contamination |
-| **Source declaration absent** | Source file not specified when generating artifact | Process design stage problem |
-
-**Simplification guard**: If 0 Phantoms, skip Step 4 entirely. Replace with one line: "Source grounding adequate."
-
-> **Detail**: See `SKILL_detail.md §Step4-Detail` — Step 4 output format template — read when writing the pattern diagnosis section.
-
----
-
-### Step 5. Post-Fix Re-audit (Optional)
-
-Re-run back-trace for S-grade blocker claims after fixes are complete. Activate when 1+ S-grade blockers exist and fix is immediately possible.
-
-**Done When (re-audit)**: Back-trace results for fixed claims all show Grounded (✅) status.
-
----
-
-## Completion Declaration Format
-
-> **Template**: See `SKILL_detail.md §Report-Template` — full completion declaration format — read when producing the final audit summary.
-
----
-
-## Connected Skills
-
-| Situation | Connected Skill |
-|---|---|
-| Simultaneously verify output patterns (self-declarations, cushion language) | `/steel-quench` Wave 1 "real-use verification" angle |
-| Re-verify Phantom patterns from external user perspective | `/sim-conductor Area A` |
-| Source not-read is a harness structure problem | `/harness-doctor` |
-| Phantom pattern is a candidate for new rule items | `fh-meta:persona-innovator` |
-| Redesign the artifact generation prompt itself | `/meta-prompt-builder` |
-
----
-
-## External User Environment Adaptation
-
-This skill can be used independently without the full meta-harness structure.
-
-**How to declare source files**: When generating artifacts, specify "source: [file path list]", or provide source files when invoking this skill.
-
-**External environment fallback**:
-- If no `tracks/_meta/` → skip persistence step
-- If no project-specific rules (like PFD) → output Phantom pattern summary only
-
----
+The **v1 paper** (Zenodo 10.5281/zenodo.20397566; arXiv submission) cites `source-grounding-audit`.
+That is the **immutable historical name**, not a phantom — `paper/forge_harness_v1.0.html` is left
+unchanged by design. Future readers map: *source-grounding-audit (v1 paper) = phantom-quench (current)*.
 
 ## Done When
 
-```
-Step 1 claim extraction complete
-+ Step 2 all claims back-traced (using Read tool — no inference judgment)
-+ Step 3 Phantom severity classification + prescription output
-+ Step 4 process pattern diagnosis complete (skip if 0 Phantoms)
-+ "source-grounding-audit Complete" declaration output
-```
-
-Verdict: PASS (0 Phantom claims) | CONDITIONAL_PASS (LOW-severity Phantoms only, prescriptions noted) | FAIL (1+ HIGH/MEDIUM Phantom — broken path, phantom file, or stale external link) | ESCALATE (scope unclear or claim extraction impossible)
-
----
-
-## Operating Notes
-
-- **Never back-trace by inference**: Judging "this value is probably in the source" treats it as Partial not Phantom. Always directly confirm with Read + Grep.
-- **Partial is not Grounded**: Processing similar-value-in-source as Grounded misses the reconstruction modification pattern.
-- **Source not declared itself is S-grade**: If source is not declared when making an artifact, no claim can subsequently be verified. Recommend mandating source declaration in the process design stage.
-- **Recommended to use with steel-quench**: steel-quench quenches structural flaws, source-grounding-audit ensures source consistency. The two skills are orthogonal and artifact quality assurance is strengthened when used together.
+Deprecated alias — no active execution path of its own. Done When: all invocation routes through
+`/phantom-quench` (the successor); this entry exists only so old names resolve. Satisfies the
+harness-doctor L2 M-tier Done-When requirement (CLAUDE.md §New Skill Creation Pre-Commit Gate).

package/plugins/fh-meta/skills/steel-quench/SKILL.md

@@ -148,6 +148,27 @@ Wave 4 convergence = Wave 3 criteria + 3 AI-specific vectors actually reviewed +
 
 ---
 
+## External-GT Adjudication (when the target has a public ground truth)
+
+When quenching a **public artifact that has its own ground truth** — a repo's open issues, test suite, or
+stated policy/threat-model (a frontier codebase, a sister project — *not* your own in-progress draft) — add
+an adjudication pass after the panel produces findings. The panel (Wave 5 cross-family) gives decorrelated
+detection; this pass adds the *external check* the panel cannot self-supply. For each finding, classify:
+
+| Class | Test | Meaning |
+|---|---|---|
+| **Corroborated** | matches an OPEN issue / a failing test | independent rediscovery — strongest |
+| **Novel** | no matching issue, but confirmed by logic or a written test | caught what the target missed |
+| **Reframe / reject** | the target's own docs/policy/threat-model marks it intentional or out-of-scope | NOT a confident catch — a false positive |
+
+The GT (not a cross-family vote) resolves contention objectively, and it catches the panel's own
+**shared training-prior** false positives. Report only Corroborated + Novel as confident catches; a null
+result on sound code is the correct answer, not a failure. **Basis**: 2026-06-06 frontier-quench sweep —
+a single-family pass repeated still misses what cross-family catches, and a target's `SECURITY.md` reframed
+"security" findings to "correctness" (its permission layer was UX, not a boundary).
+
+---
+
 ## Cross-Project Common Patterns (initial seed)
 
 | # | Pattern Name | Description | Response Direction |
@@ -194,7 +215,7 @@ Verdict: PASS (zero S-grade, convergence reached) | CONDITIONAL_PASS (A/B-grade
 | Attack angle is a harness structure problem | `/harness-doctor` | optional |
 | After Wave convergence, propose new pattern rules | `fh-meta:persona-innovator` | optional |
 | Wave 1 structure-specific attack (6-axis) | `fh-commons:quench-challenger` | priority |
-| Back-trace whether claims exist in source files | `/source-grounding-audit` | **mandatory** when `phantom_risk=true` OR `scope=external` (see tpa_schema.md §Gate Routing Table) |
+| Back-trace whether claims exist in source files | `/phantom-quench` | **mandatory** when `phantom_risk=true` OR `scope=external` (see tpa_schema.md §Gate Routing Table) |
 
 **steel-quench → sim-conductor gate**: After Wave convergence in external-publish context, `/sim-conductor Area A` is the mandatory next step.
 
@@ -219,7 +240,8 @@ sim-conductor Area A (external user perspective)
 - **Attacks without real code are invalid.** Abstract criticism is not included in Wave 1 results.
 - **quench-challenger first.** Call fh-commons:quench-challenger in isolation in Wave 1 if available.
 - **Always check self-referential pattern (P3).** Cross-validate Wave results with external criteria.
-- **Attack surface limit**: steel-quench attacks output content patterns. Phantom Claim detection → `source-grounding-audit`.
+- **Public target → adjudicate against external GT before claiming.** A finding the target's own docs/policy/threat-model marks intentional or out-of-scope is a false positive, not a catch. See §External-GT Adjudication.
+- **Attack surface limit**: steel-quench attacks output content patterns. Phantom Claim detection → `phantom-quench`.
 
 ## Failure Fallback
 

package/plugins/fh-meta/skills/steel-quench/SKILL_detail.md

@@ -443,11 +443,11 @@ External CLIs available: check at runtime via Step 0-pre bash detection
 **Wave selection**:
 ```
 Run:  Wave 1 (claim density), Wave 2 (structural defense, weight↑),
-      Wave 3 (weight↑ — arXiv/DOI phantom risk; pair with /source-grounding-audit),
+      Wave 3 (weight↑ — arXiv/DOI phantom risk; pair with /phantom-quench),
       Wave 4 (novelty: new architecture)
       Wave 5 (cross-team scope — activate if risk_level=high or user requests)
 Skip: Phase 0 (unless user supplies an external bad-case doc)
 External CLIs available: check at runtime
 ```
 
-**Degraded coverage note**: Wave 3 without `/source-grounding-audit` available → flag as "Axis 3 skipped (skill unavailable)" and note in residual risk card.
+**Degraded coverage note**: Wave 3 without `/phantom-quench` available → flag as "Axis 3 skipped (skill unavailable)" and note in residual risk card.

package/scripts/fh-gate.sh

@@ -329,16 +329,10 @@ if [[ "$FIRST_OUTPUT_LINE" != "FH_STATUS: SUCCESS" ]]; then
   exit $EXIT_HARNESS_ERROR
 fi
 
-FH_STATUS="SUCCESS"
+# Harness-failure guard is already enforced above: the first non-empty output line
+# must be "FH_STATUS: SUCCESS" (see check at top of this block) or we exit HARNESS_ERROR.
 VERDICT=$(grep -m 1 "^FH_GATE_VERDICT:" "$PARSE_FILE" 2>/dev/null | awk '{print $2}' | tr -d '[:space:]' || true)
 
-# Harness failure guard (fail-safe: missing status → BLOCKED)
-if [[ "$FH_STATUS" != "SUCCESS" ]]; then
-  echo "ERROR: FH_STATUS=${FH_STATUS:-MISSING} — harness failure (fail-safe: BLOCKED)" >&2
-  cat "$OUTPUT_FILE" >&2
-  exit $EXIT_HARNESS_ERROR
-fi
-
 # Emit structured output to stdout
 cat "$PARSE_FILE"
 
@@ -368,7 +362,7 @@ case "$VERDICT" in
   BLOCKED)  echo "→ verdict: BLOCKED" >&2;  exit $EXIT_BLOCKED ;;
   ESCALATE) echo "→ verdict: ESCALATE" >&2; exit $EXIT_ESCALATE ;;
   *)
-    echo "ERROR: unrecognized verdict '${VERDICT:-EMPTY}' — fail-safe BLOCKED" >&2
+    echo "ERROR: unrecognized verdict '${VERDICT:-EMPTY}' — harness error, failing safe (commit not allowed)" >&2
     exit $EXIT_HARNESS_ERROR
     ;;
 esac

package/scripts/fh-run.sh

@@ -35,7 +35,7 @@ Environment:
   FH_DRY_RUN=1                   Print assembled prompt only
 
 Examples:
-  FH_BACKEND=codex fh-run --skill source-grounding-audit --file docs/foo.md
+  FH_BACKEND=codex fh-run --skill phantom-quench --file docs/foo.md
   FH_BACKEND=codex fh-run --agent fh-commons:quench-challenger --file plugins/fh-meta/skills/foo/SKILL.md
 USAGE
 }