@chrono-meta/fh-gate 1.2.2 → 1.4.0

package/plugins/fh-meta/skills/public-surface-audit/SKILL.md

@@ -24,6 +24,7 @@ breaks the "public repo = model-agnostic methodology only" invariant.
 
 - `/public-surface-audit`
 - `/public-surface-audit --target <repo path>`
+- `/public-surface-audit --json` (machine-parseable verdict for hook-gating — see Step 5)
 - "Did I leak anything into the public repo?", "public surface audit", "private token scan"
 - "Check tracked files for private tokens", "is my public/private split clean?"
 - "Did any operator-private token survive into a tracked file?", "scan before publish"
@@ -137,6 +138,38 @@ not "edit the HTML by hand". Flag them with a `(generated artifact)` note.
 
 ---
 
+## Step 3b. FP Hygiene — Placeholder & Example Exclusion
+
+A scan that flags its own placeholders erodes trust. Two **value-shape** classes are never real leaks
+and are dropped before the report — imported from `gstack-redact`'s canonical-example allowlist, scoped
+in PSA's direction to the *matched token* (not the whole line, so a real leak sharing a substring still
+reports):
+
+- **Angle-bracket placeholders** — the matched token is itself a placeholder (`<your-unix-username>`,
+  `<company-asset>`, `{project}`). PSA dogfoods these in Step 1; the scan must not report them as leaks.
+- **Canonical dummy values** — the matched token is a documented example/dummy (`EXAMPLE`, `dummy`,
+  `changeme`, `REDACTED`, `xxxx`, AWS-doc keys like `AKIAIOSFODNN7EXAMPLE`). A high-entropy *example* is
+  not a secret.
+
+```bash
+# FP-hygiene tests the MATCHED TOKEN only — never the whole line. A line-level `grep -v` would
+# suppress a real leak that merely *mentions* an example (e.g. `user=<realname> # see EXAMPLE.md`),
+# violating PSA's "allowlist tight" rule. So extract the matched span per hit and drop it only when
+# the span is *entirely* a placeholder/example (anchored ^…$).
+PLACEHOLDER='^(<[a-z0-9_-]+>|\{project\}|EXAMPLE|dummy|changeme|REDACTED|xxxx)$'
+grep -nIE "$regex" $(cat /tmp/_psa_tracked.txt) 2>/dev/null | while IFS= read -r hit; do
+  tok=$(printf '%s' "$hit" | grep -oiE "$regex" | head -1)
+  printf '%s' "$tok" | grep -qiE "$PLACEHOLDER" && continue   # token IS a placeholder → drop
+  printf '%s\n' "$hit"
+done
+```
+
+This differs from the Step 2 allowlist: Step 2 suppresses by **file::token legitimacy**, Step 3b by
+**token value-shape**. Both run — Step 2 then Step 3b. Keep it tight (PSA's "allowlist tight" rule): if a
+token only *contains* an example substring but is otherwise a real private value, it still reports.
+
+---
+
 ## Step 4. Report
 
 ```
@@ -175,6 +208,32 @@ tokens in {N} tracked files (X allowlist-suppressed)." Do not print empty severi
 
 ---
 
+## Step 5. Machine Output (`--json`) — Hook-Gateable Verdict
+
+By default PSA prints the Step 4 human report. With `--json`, emit a machine-parseable verdict so a
+**pre-publish / pre-push hook can gate on counts mechanically** — turning PSA from advisory into
+enforceable (FH's "enforcement is a hook, not a prompt" principle). Imported from `gstack-redact --json`.
+
+```json
+{
+  "target": "{REPO_PATH}",
+  "tracked_files": 0,
+  "findings": [
+    {"file": "path", "line": 42, "token": "<matched>", "severity": "HIGH", "class": "username"}
+  ],
+  "counts": {"HIGH": 0, "MED": 0, "LOW": 0, "suppressed": 0},
+  "verdict": "CLEAN"
+}
+```
+
+`verdict` is one of `CLEAN | REVIEW | LEAK | NOT_CONFIGURED` (same thresholds as Step 4). **`verdict` is
+authoritative — never gate on `counts` alone**: a counts-only check (`HIGH==0 && MED==0`) misreads
+`NOT_CONFIGURED` (which also has zero counts) as a pass. A caller blocks when `verdict` is `LEAK` **or**
+`NOT_CONFIGURED` — an unconfigured scan is not a pass (the same silent-failure guard as the human path:
+absence ≠ CLEAN).
+
+---
+
 ## Connected Skills
 
 | Situation | Connected skill |
@@ -182,7 +241,7 @@ tokens in {N} tracked files (X allowlist-suppressed)." Do not print empty severi
 | Broader pre-publish repo readiness (README, license, API keys) | `/marketplace-gate` (Check 5 Public Safety is the wide net; this skill is the private-token detail) |
 | A leak is a recurring process gap, not a one-off | log via `field-harvest` → candidate `#rule-candidate` |
 | Where should the leaked content actually live? | `/asset-placement-gate` (hub vs project vs CLAUDE.local.md) |
-| Phantom refs / stale links on the same surface | `/source-grounding-audit` (forward axis — orthogonal to this leak axis) |
+| Phantom refs / stale links on the same surface | `/phantom-quench` (forward axis — orthogonal to this leak axis) |
 
 ---
 
@@ -222,3 +281,20 @@ Verdict: **CLEAN** (0 tokens after allowlist) | **REVIEW** (LOW-only — drift,
   leak even though hand-editing it is wrong — report it, prescribe "regenerate from sanitized source".
 - **Allowlist tight, not loose**: when unsure whether a reference is legitimate, report it. A false LEAK
   the user dismisses is cheaper than a real leak suppressed by an over-broad allowlist.
+- **Auto-redact deliberately not imported**: `gstack-redact` offers `--auto-redact` (rewrite + diff). PSA's
+  philosophy is *report + prescribe; the human decides where the line goes* — auto-redacting a HIGH
+  (username/company) hit would pre-empt that judgment, and auto-editing a generated artifact is explicitly
+  wrong (regenerate from source). If ever imported, restrict to the MED absolute-home-path class only
+  (mechanically safe: `/Users/<user>/` → `~/` or `{project}`), never HIGH, never generated files.
+
+---
+
+## Sister-Asset Provenance
+
+Step 3b (FP hygiene) and Step 5 (`--json`) were imported from **garrytan/gstack** `gstack-redact`
+(`lib/redact-engine.ts`) during a hands-on sister-asset cross-audit (2026-06-06; see
+`tracks/_audit/session_2026_06_06_gstack_sister_handson.md`). They are adapted to PSA's operator-IP
+ontology — `gstack-redact`'s generic secret/PII classes (AWS / PEM / JWT / hostname) stay out of PSA's
+scope (orthogonal coverage: PSA = operator-IP leak, redact = generic secret). The reverse direction
+(PSA's operator private-codename + bare-username classes, which `gstack-redact` structurally cannot
+detect) is a candidate contribution back to gstack.

package/plugins/fh-meta/skills/return-path-gate/SKILL.md

@@ -132,7 +132,7 @@ Apply the following decision rules per (caller → callee) pair.
 | Caller identity | Tier |
 |---|:---:|
 | Core pipeline skill (harvest-loop, steel-quench, apex-review, agent-composer, sim-conductor, pipeline-conductor) | HIGH |
-| Diagnostic or gate skill (harness-doctor, source-grounding-audit, verify-bidirectional, return-path-gate) | MEDIUM |
+| Diagnostic or gate skill (harness-doctor, phantom-quench, verify-bidirectional, return-path-gate) | MEDIUM |
 | Utility or advisory skill (context-doctor, plugin-recommender, frontier-digest, etc.) | LOW |
 
 *Callee consequence tier*:
@@ -239,7 +239,7 @@ Verdict: PASS (0 HIGH severity OPEN chains) | CONDITIONAL_PASS (MEDIUM/LOW sever
 | Situation | Connected Skill |
 |---|---|
 | Check harness structural completeness alongside chain closure | `/harness-doctor` |
-| Verify phantom references in §Chains targets (callee skill actually exists) | `/source-grounding-audit` |
+| Verify phantom references in §Chains targets (callee skill actually exists) | `/phantom-quench` |
 | Run chain audit as pre-flight before parallel dispatch | `pipeline-conductor` Step 0.5 calls this skill |
 | Prescribe verdict format for callee skills missing structured output | `/meta-prompt-builder` |
 | Chain OPEN finding becomes improvement candidate | `/field-harvest` |

package/plugins/fh-meta/skills/sim-conductor/SKILL.md

@@ -32,7 +32,7 @@ Proposal format: `"If it's related to [X], should I simulate with /sim-conductor
 | "Test it with personas", "Run an external user simulation" | External user reaction | Area A |
 | "Look at it through someone else's eyes" | External perspective | Area A |
 | "Validate that this actually works" | Real-usage validation | Area D |
-| "Find problems aggressively" | Adversarial validation | Area B (devil persona) |
+| "Find problems aggressively" | Adversarial validation | Area B (`challenger`) |
 
 ## Triggers
 
@@ -76,10 +76,10 @@ Read target artifact(s) → classify on 5 dimensions → output recommendation
 | Dimension | Signal → Weight shift |
 |---|---|
 | `artifact_type` | SKILL.md / design-doc → Area B + D-skill↑ · README / CHEATSHEET → Area A↑ · code / config → Area D-code↑ |
-| `audience` | external installer / first-time user → newcomer↑ · internal team only → devil↑ |
-| `claim_density` | 3+ stated benefits or superlatives → devil-advocate↑ |
+| `audience` | external installer / first-time user → beginner↑ · internal team only → challenger↑ |
+| `claim_density` | 3+ stated benefits or superlatives → challenger↑ |
 | `risk_level` | external publish / marketplace listing → steel-quench prerequisite triggered |
-| `novelty` | first-of-its-kind / no prior session evidence → source-grounding-audit recommended |
+| `novelty` | first-of-its-kind / no prior session evidence → phantom-quench recommended |
 
 ```
 Target Profile output:
@@ -92,7 +92,7 @@ Recommendation:
   Areas: [list + rationale]
   Persona composition: [list + weight]
   Scale: [Minimum 3 | Extended 4–8 | Full ≤16]
-  Prerequisites: [steel-quench / source-grounding-audit / none]
+  Prerequisites: [steel-quench / phantom-quench / none]
 ```
 
 #### Persona Discovery (after profile → before dispatch)
@@ -113,8 +113,8 @@ Persona Discovery output:
 
 ```
 Persona Map:
-  newcomer       → [installed agent name] OR [built-in fallback]
-  devil-advocate → [installed agent name] OR [built-in fallback]
+  beginner       → [installed agent: beginner] OR [ad-hoc directive]
+  challenger     → [installed agent: challenger] OR [ad-hoc directive]
   [profile-specific role] → ⚠️ GAP — plugin-recommender recommends: [X] (install? y/n)
 ```
 
@@ -165,17 +165,20 @@ sim-conductor does **not** run a fixed persona set. It derives needed perspectiv
 ③ External fetch — chain to /plugin-recommender when ①② insufficient for high-stakes tasks
 ```
 
-Built-in fallback palette (② tier):
+Shipped standpoint agents (① tier — sourced installed-first):
 
-| Role | Perspective | Focus |
-|---|---|---|
-| Newcomer | First-time user, zero development context | Clarity, terminology, onboarding friction |
-| Power-user | Advanced user, edge cases | Undocumented behavior, limits |
-| Devil-advocate | Adversarial critic | Claim-evidence gaps, naming-substance mismatch |
-| Domain-expert | Adjacent-field subject matter expert | Technical accuracy, completeness |
-| Skeptic | Pragmatic outsider | ROI, "why not just X?" |
+FH ships a coherent **user-mastery spectrum** as real, reusable agents (not prompt-directive shells) — found by the ① installed-first scan, reusable across skills, and each isolated-context dispatchable for a true cold read (the bias-isolation value: an evaluator outside the author's context reads cold):
+
+| Agent | Spectrum tier | Standpoint | Type |
+|---|---|---|---|
+| `beginner` | entry | First-contact cold-read — onboarding friction a fluent author cannot feel | reasoning |
+| `main-player` | core | Engaged user; intelligently scopes Light / Midcore / Heavy (Heavy = classic power-user edge/limit lens) | reasoning |
+| `expert` | frontier | Domain authority; web-grounded accuracy + SOTA currency, citation-enforced | data (WebSearch/WebFetch) |
+| `challenger` | adversarial axis | Frontier adversary; U1 absorbs the skeptic "why not just X?" lens | adversarial |
+
+> **Lineage**: `beginner` / `main-player` / `expert` are the FH-native frontier successors to the field deep-insight `user` group (newcomer / power-user) — re-derived to FH grade with embedded methodology + Done-When, not name-copied. `challenger` is the advanced form of the field `devil-advocate`. The former standalone skeptic standpoint is folded into `challenger` U1.
 
-Derive task-specific personas (e.g. "security auditor", "non-native reader") when the task profile demands it.
+**Ad-hoc roles** (② tier — prompt-directive fallback): when the profile demands a standpoint with no shipped agent (e.g. "security auditor", "non-native reader"), inject the role as a directive into a general-purpose Agent. Prefer ① shipped agents; use ② only for genuinely task-specific one-offs.
 
 #### Scale
 
@@ -197,9 +200,9 @@ Pre-entry user confirmation required before multi-team execution.
 
 > **Detail**: See `SKILL_detail.md §MultiTeam` — team formation table (T0–T4), CLI detection bash, confirmation dialog, cross-team synthesis format — read when multi-team mode activates.
 
-**A-1** (Newcomer Agent) — description friendliness · onboarding friction · terminology clarity
-**A-2** (Power-user Agent) — install conflicts · duplication · silent overwrite
-**A-3** (challenger Agent, artifact_type="SKILL") — claim-evidence gaps · angles U3, U5, S2
+**A-1** (`beginner`) — first-contact friendliness · onboarding friction · terminology clarity
+**A-2** (`main-player`) — engaged-use fit; Heavy tier: install conflicts · duplication · silent overwrite
+**A-3** (`challenger`, artifact_type="SKILL") — claim-evidence gaps · angles U3, U5, S2
 
 > ⚠️ **Human review gate**: Area A S-tier judgments require owner review before entering AI-AI loop.
 
@@ -246,10 +249,10 @@ Persona composition adapts to `artifact_type` from Step 0.3 profile:
 
 | Artifact type | Primary persona | Supporting persona | Focus |
 |---|---|---|---|
-| SKILL.md / design doc | challenger (artifact_type="SKILL") | Newcomer | Governance gaps, behavioral rule coverage |
-| Python / JS / bash code | challenger (artifact_type="Code") | Power-user | Edge cases, performance, security surface |
-| Prompt / config | Newcomer | challenger | Interpretation errors, implicit assumptions |
-| Auth / security-sensitive | challenger + Security-auditor† | Power-user | Attack surface, privilege escalation |
+| SKILL.md / design doc | challenger (artifact_type="SKILL") | `beginner` | Governance gaps, behavioral rule coverage |
+| Python / JS / bash code | challenger (artifact_type="Code") | `main-player` (Heavy) | Edge cases, performance, security surface |
+| Prompt / config | `beginner` | challenger | Interpretation errors, implicit assumptions |
+| Auth / security-sensitive | challenger + Security-auditor† | `main-player` (Heavy) | Attack surface, privilege escalation |
 
 † Security-auditor = built-in fallback role (② tier) injected as prompt directive.
 
@@ -265,12 +268,76 @@ Consumer agent attempts actual use (not just reads and judges). Grades: F (funct
 
 ### Area E — Artifact Quality Review
 
-Domain-expert objection (E-1) + Practitioner confusion (E-2) in parallel → Pattern structuring (E-3) integrates both.
+`expert` objection (E-1) + Practitioner confusion (E-2) in parallel → Pattern structuring (E-3) integrates both.
 
 > **Detail**: See `SKILL_detail.md §AreaE-Detail` — E-1/E-2/E-3 execution, finding format, pattern naming procedure — read when executing Area E.
 
 ---
 
+## Step 1.5 — Persona Output Protocol + Neutral Synthesizer (parallax)
+
+Generalized from the field `deep-insight` multi-persona pattern (fh-be #7), domain-stripped — the *pattern*
+is renamed **parallax** for public FH (it is a mode of this skill, not a separate skill — see asset-placement
+2026-06-06). It gives the persona dispatch above a shared output contract + a neutral aggregator, so
+multi-persona findings stay comparable and the synthesis injects no bias of its own.
+
+> **Naming provenance (precise)**: "renamed" above refers to the *pattern* (→ parallax), not the personas.
+> The company-team-coupled field personas (fe/be/ios/pm/ux-writer/compliance/qa) were domain-stripped
+> entirely. The generic `user` group (newcomer/power-user) was **re-derived to FH grade as the shipped
+> `beginner` / `main-player` / `expert` mastery-spectrum agents** (embedded methodology + Done-When, not
+> name-copied shells), and the field `devil-advocate` was **advanced into `challenger`** (sandboxed-adversary
+> + adaptive attack matrix). Lineage is acknowledged; nothing is carried verbatim as a shell.
+
+**Shared persona output protocol** — every dispatched persona emits the same shape, whatever its lens:
+
+```
+### Strengths        (0–3, from this persona's viewpoint)
+### Concerns
+  Critical   — compile/runtime failure · clear logic error · data corruption · security leak
+  Important  — significant user/service impact in a plausible scenario
+  Suggestion — optional improvement
+  (each item: [file:line or quoted span] one-line summary — rationale)
+### Open questions   (0–3 items needed for a decision)
+### Absence check    (outside-vantage personas — beginner/integrator: what does the artifact FAIL to
+                      specify that this standpoint needs? discoverability · undocumented contract ·
+                      unstated assumption. A normal, self-administrable rubric item — surfaces real gaps.)
+```
+
+**FP judgment discipline** — only escalate when confident. Never escalate: pre-existing issues not
+introduced by this change · style/quality without a quotable rule · linter-catchable · speculative
+("might break if…") · subjective preference (→ Suggestion). **If not confident, do not mark it** — false
+positives erode reviewer trust.
+
+**Neutral synthesizer** — the aggregator is a NON-persona; it adds no opinion of its own:
+- No opinion injection — never a conclusion no persona stated.
+- Preserve attribution — always traceable which persona said what.
+- Priority labels verbatim — Critical/Important/Suggestion carried as the persona set them.
+- No forced consensus or forced conflict — report Common opinions (2+ personas agree) and Conflicts
+  (position A vs B, each with rationale) as-is. Feeds Step 2 M/S/R triage (M ← Critical or 2+ personas).
+
+The two severity vocabularies are layered, not redundant: a persona running **in isolation** assigns only
+its own Critical/Important/Suggestion — it cannot assign M/S/R, since `S = found by 3+ personas` depends on
+cross-persona agreement the isolated persona never sees. The synthesizer is the only context that can triage
+to M/S/R. So isolation *requires* the per-persona → synthesized two-layer split.
+
+**External-harness persona sourcing** — isomorphic to steel-quench Step 0.4 (Specialized Reviewer
+Discovery) + Wave 5 (external CLI teams). A needed lens may be sourced from an **installed sibling
+harness**, not only the built-in palette — e.g. gstack `/review` (staff-engineer), `/cso`
+(security-officer), `/qa` (QA-lead) when gstack is installed. sim-conductor orchestrates; the sibling
+supplies the specialist lens. Same ①installed → ②fallback → ③fetch priority as Persona Discovery — an
+external harness's review-skills count as ① installed sources, widening the persona pool without FH
+shipping every specialist.
+
+> **Absence check — resolved (added above)**: the clean replication (fh-be RESULT9 Arm F: identical
+> artifact, explicit omission prompt, ownership-only variable) found self ≈ isolated (~90% overlap) —
+> **omission-detection is self-administrable when explicitly asked**, refuting the earlier "the author
+> can't see their own omissions" (Arm E, a prompt/design-drift artifact). So the Absence check is a
+> normal, valuable rubric item (it surfaces real undocumented-contract gaps), not a special isolation-only
+> power. The pattern's value is rubric/standpoint *supply + routine enforcement* (copyable utility), not
+> de-biasing — see `knowledge/shared/patterns/multi-persona-review.md`.
+
+---
+
 ## Step 2 — Synthesis
 
 | Tier | Criteria | Action |

package/plugins/fh-meta/skills/sim-conductor/SKILL_detail.md

@@ -64,11 +64,11 @@ GAP detected for [perspective X]:
 
 | Artifact type | Optimal personas | Likely GAP (not in FH native) |
 |---|---|---|
-| SKILL.md / governance doc | challenger · newcomer · governance-expert | governance-expert → query plugin-recommender |
-| README / marketing copy | newcomer · devil-advocate · domain-expert | domain-expert (field-specific) → query |
-| Python / JS code | challenger/Code · power-user · security-auditor | security-auditor → query if auth/data |
-| Auth / security-sensitive code | security-auditor · challenger/Code · power-user | security-auditor → block if GAP (high-weight) |
-| Design doc + citations | challenger · domain-expert · skeptic | domain-expert (field-specific) → query |
+| SKILL.md / governance doc | challenger · beginner · expert | deep org-specific governance role → query plugin-recommender |
+| README / marketing copy | beginner · challenger · expert | none native (challenger U1 covers the skeptic lens); niche field depth → query |
+| Python / JS code | challenger/Code · main-player (Heavy) · security-auditor | security-auditor → query if auth/data |
+| Auth / security-sensitive code | security-auditor · challenger/Code · main-player (Heavy) | security-auditor → block if GAP (high-weight) |
+| Design doc + citations | challenger · expert | expert web-grounds citations natively; deep niche subfield → query |
 
 ### Degraded coverage flag
 
@@ -96,7 +96,7 @@ Target Profile:
 
 Recommendation:
   Areas: B (internal meta audit) + D-skill (cold-start validation)
-  Persona composition: challenger (high — claim verification), newcomer (medium — onboarding), governance-expert (medium)
+  Persona composition: challenger (high — claim verification), beginner (medium — onboarding), expert (medium — governance accuracy)
   Scale: Minimum (3)
   Prerequisites: none (not yet external publish)
 ```
@@ -112,7 +112,7 @@ Target Profile:
 
 Recommendation:
   Areas: A (external user perspective — primary) + C (naming gap scan)
-  Persona composition: newcomer (high), devil-advocate (high — claim density), power-user (medium)
+  Persona composition: beginner (high), challenger (high — claim density), main-player (medium)
   Scale: Extended (4–5)
   Prerequisites: steel-quench REQUIRED before Area A proceeds
 ```
@@ -128,7 +128,7 @@ Target Profile:
 
 Recommendation:
   Areas: D-code (primary)
-  Persona composition: challenger/Code (edge cases, security surface), power-user (performance)
+  Persona composition: challenger/Code (edge cases, security surface), main-player (Heavy — performance, limits)
   Scale: Minimum (2 — third persona adds minimal value for bash)
   Prerequisites: none
 ```
@@ -144,10 +144,10 @@ Target Profile:
   novelty: high (references recent paper)
 
 Recommendation:
-  Areas: D-code + source-grounding-audit (quantitative claims)
-  Persona composition: challenger (claim-evidence), domain-expert (arXiv validity)
+  Areas: D-code + phantom-quench (quantitative claims)
+  Persona composition: challenger (claim-evidence), expert (arXiv validity, web-grounded)
   Scale: Minimum (3)
-  Prerequisites: source-grounding-audit recommended (novelty + citations)
+  Prerequisites: phantom-quench recommended (novelty + citations)
 ```
 
 ---
@@ -167,11 +167,11 @@ Run multi-team? (a) Full panel  (b) Claude sub-agents only  (c) Skip to Area B
 
 | Team | CLI | Personas | Dispatch method |
 |---|---|---|---|
-| T0 Claude | Agent sub-agent | hub-persona-auditor · challenger · domain-expert | Agent() call |
-| T1 Gemini | `gemini` pipe | newcomer · power-user · devil | `echo PROMPT \| gemini` |
-| T2 Copilot | `gh copilot suggest` | devil · domain-expert | `gh copilot suggest -t shell` |
-| T3 Ollama | `ollama run` | devil | `ollama run llama3 PROMPT` |
-| T4 Codex | `npx @openai/codex exec` | devil · edge-case-hunter | `echo PROMPT \| npx @openai/codex exec -m gpt-5 -` |
+| T0 Claude | Agent sub-agent | hub-persona-auditor · challenger · expert | Agent() call |
+| T1 Gemini | `gemini` pipe | beginner · main-player · challenger | `echo PROMPT \| gemini` |
+| T2 Copilot | `gh copilot suggest` | challenger · expert | `gh copilot suggest -t shell` |
+| T3 Ollama | `ollama run` | challenger | `ollama run llama3 PROMPT` |
+| T4 Codex | `npx @openai/codex exec` | challenger · edge-case-hunter | `echo PROMPT \| npx @openai/codex exec -m gpt-5 -` |
 
 ### CLI detection bash
 
@@ -205,7 +205,7 @@ Claude blind spots (external-only findings):
 
 Structural methods to reduce self-reference risk in Area B:
 
-1. **Regular devil attacks**: Area B once/month + devil attack (challenger) once/quarter. Route devil → defense results directly into SKILL.md via steel-quench handoff after Area B ends.
+1. **Regular adversarial attacks**: Area B once/month + `challenger` attack once/quarter. Route challenger → defense results directly into SKILL.md via steel-quench handoff after Area B ends.
 2. **Direct external user validation**: Non-owner attempts install + invocation → collect reactions. (cascade β validated: first autonomous external run confirmed.)
 3. **steel-quench integration**: After Area B ends, hand off challenger findings to `/steel-quench` for deeper adversarial review + SKILL.md inscription.
 4. **Dual validation principle**: Internal validation (Area B) alone is insufficient — minimized only when combined with external install reaction collection or cross-model validation.
@@ -266,7 +266,7 @@ Findings format: `[judgment type · pattern · root cause · fix direction]`
 
 ### E-2 — Practitioner Confusion
 
-Agent (Newcomer brief): confusing items, fix suggestions more awkward than original, classification criteria consistency breaks.
+Agent (`beginner` brief): confusing items, fix suggestions more awkward than original, classification criteria consistency breaks.
 
 Findings format: `[item · confusion cause · improvement direction]`
 

package/plugins/fh-meta/skills/skill-splitter/SKILL.md

@@ -56,7 +56,7 @@ Step 3 — Draft SKILL_detail.md
     Front-matter: name, description, load: on-demand
 
 Step 4 — Verify
-    source-grounding-audit: every §pointer in SKILL.md resolves to ## §SectionName in SKILL_detail.md
+    phantom-quench: every §pointer in SKILL.md resolves to ## §SectionName in SKILL_detail.md
     sim-conductor Area D-skill: consumer agent with SKILL.md only → must reach grade F
     → Any pointer mismatch or grade P/B → fix before commit
 ```
@@ -101,9 +101,9 @@ Run on a SKILL.md when **any one** of:
 | Situation | Skill |
 |---|---|
 | Diagnose which SKILL.md files are candidates | `/context-doctor` or `/harness-doctor` |
-| Verify §pointer grounding after split | `/source-grounding-audit` |
+| Verify §pointer grounding after split | `/phantom-quench` |
 | Verify cold-start still works after split | `/sim-conductor D skill <name>` |
-| Check new SKILL_detail.md for phantom claims | `/source-grounding-audit` |
+| Check new SKILL_detail.md for phantom claims | `/phantom-quench` |
 | Adversarial review of the split result | `/steel-quench` |
 
 ---
@@ -115,7 +115,7 @@ Step 1 classification table produced
 + SKILL.md trimmed: triggers · principles · step overview · decision tables · Done When retained
 + SKILL.md has imperative pointer for every removed section (> **Detail**: See SKILL_detail.md §X)
 + SKILL_detail.md created: ## §SectionName header for every pointer in SKILL.md
-+ source-grounding-audit: 0 phantoms (all §pointers resolve)
++ phantom-quench: 0 phantoms (all §pointers resolve)
   → Fallback (skill unavailable): run §Verification-Checklist manually from SKILL_detail.md
 + sim-conductor Area D-skill: grade F (consumer completes core task from SKILL.md alone)
   → Fallback (skill unavailable): manually confirm "trigger → step overview → key decision → Done When" all present in SKILL.md

package/plugins/fh-meta/skills/skill-splitter/SKILL_detail.md

@@ -164,7 +164,7 @@ grep "^## §" plugins/{plugin}/skills/{name}/SKILL_detail.md
 ```
 
 Then run:
-- `/source-grounding-audit` — artifact: SKILL.md, declared source: SKILL_detail.md
+- `/phantom-quench` — artifact: SKILL.md, declared source: SKILL_detail.md
 - `/sim-conductor D skill {name}` — provide SKILL.md only, attempt core task from trigger phrase
 
 ---
@@ -177,7 +177,7 @@ Use before committing a completed split:
 |---|---|
 | Trigger phrases ≥ 3 | SKILL.md §Trigger Phrases has 3+ entries |
 | Done When defined | SKILL.md has Done When block with ≥1 measurable condition |
-| All §pointers resolve | source-grounding-audit: 0 phantoms |
+| All §pointers resolve | phantom-quench: 0 phantoms |
 | Cold-start grade F | sim-conductor Area D-skill: consumer reaches core completion |
 | No behavioral rule in SKILL_detail only | Any rule governing "what counts as X" present in SKILL.md |
 | No orphan §sections | Every ## §SectionName in SKILL_detail.md has a pointer from SKILL.md |