@chrono-meta/fh-gate 1.4.0 → 1.4.2

package/CATALOG.md

@@ -9,7 +9,7 @@ AI reads this file first when searching past work. Open individual files for det
 <!-- Add entries in reverse date order (newest at top) -->
 
 ### 2026-06-05 | _audit | sister-asset, gstack, field-harness, garry-tan
-**File:** tracks/_audit/session_2026_06_05_gstack-sister.md (private mirror: fh-be)
+**File:** tracks/_audit/session_2026_06_05_gstack-sister.md (private companion mirror)
 gstack (garrytan, ~66K stars) sister-asset cross-audit — the field/execution-harness counterpart to FH's meta/governance harness, both running on the Claude Code skill substrate. FH governs / gstack executes (composes, not competes). Bidirectional import (frictionless one-command install, opinionated front door, privacy-first telemetry) / propagate (post-ship governance gate, cross-project knowledge compounding, HITL promotion gate) lists recorded.
 - Decision: public index only — bet evidence (B1·ID·SB) + full audit held in private store; external cross-link proposal to garrytan/gstack gated behind 3+ persona × 4-axis audit.
 

package/README.md

@@ -28,9 +28,9 @@
 </p>
 
 <p align="center">
-  <a href="ETHOS.md"><b>The principles</b></a> ·
-  <a href="WHY.md"><b>Why it exists</b></a> ·
-  <a href="OUTPUT_EVIDENCE.md"><b>The evidence</b></a> ·
+  <a href="docs/ETHOS.md"><b>The principles</b></a> ·
+  <a href="docs/WHY.md"><b>Why it exists</b></a> ·
+  <a href="docs/OUTPUT_EVIDENCE.md"><b>The evidence</b></a> ·
   <a href="CHEATSHEET.md"><b>How to use it</b></a>
 </p>
 
@@ -164,7 +164,7 @@ hardened by attack, and only then does it ship faster, for having survived.
 | → **Accelerate** | a blade that survived the forge cuts faster | `goal-quench` — *Pass → Accelerate* |
 
 Three movements are shipped; **temper** is the direction ahead — and naming the movement we have *not*
-finished is the point (see [`ETHOS.md`](ETHOS.md#the-forge)). Around the forge, two more signatures keep
+finished is the point (see [`ETHOS.md`](docs/ETHOS.md#the-forge)). Around the forge, two more signatures keep
 it running: `harvest-loop` (each session's lessons become permanent skills) and `agent-composer`
 (orchestrate the dispatch). The other skills wait until you need them — full list below.
 
@@ -286,5 +286,5 @@ External convergence:
 | [`CHEATSHEET.md`](CHEATSHEET.md) | Full command reference |
 | [`AGENTS.md`](AGENTS.md) | Runtime agent specs |
 | [`CATALOG.md`](CATALOG.md) | Past work search index |
-| [`CONTRIBUTING.md`](CONTRIBUTING.md) | How to contribute skills and patterns |
+| [`CONTRIBUTING.md`](docs/CONTRIBUTING.md) | How to contribute skills and patterns |
 | [`fh_integration_contract.md`](knowledge/shared/harness-core/fh_integration_contract.md) | Governance gate spec |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrono-meta/fh-gate",
-  "version": "1.4.0",
+  "version": "1.4.2",
   "description": "FH runtime adapters — run FH governance, skills, and agents via Claude or Codex with machine-parseable gates.",
   "license": "MIT",
   "keywords": [
@@ -45,7 +45,7 @@
     "CATALOG.md",
     "CHEATSHEET.md",
     "CLAUDE.md",
-    "CONTRIBUTING.md",
+    "docs/CONTRIBUTING.md",
     "bin/fh-gate.js",
     "bin/fh-run.js",
     "bin/fh-goal.js",

package/plugins/fh-meta/skills/harness-doctor/SKILL_detail.md

@@ -420,7 +420,6 @@ fi
 
 ```bash
 if echo "$changed" | grep -q "^README\.md$"; then
-  grep -n "chrono-code" README.md 2>/dev/null && echo "STALE: 'chrono-code' found — should be 'chrono-meta'" || true
   actual=$(ls -d plugins/fh-meta/skills/*/ plugins/fh-commons/skills/*/ 2>/dev/null | wc -l | tr -d ' ')
   readme_count=$(grep -oE '[0-9]+ (fh-meta[^)]+)?skills' README.md 2>/dev/null | head -1 || echo "not found")
   echo "Actual skills: $actual | README mentions: $readme_count"

package/plugins/fh-meta/skills/sim-conductor/SKILL.md

@@ -276,7 +276,7 @@ Consumer agent attempts actual use (not just reads and judges). Grades: F (funct
 
 ## Step 1.5 — Persona Output Protocol + Neutral Synthesizer (parallax)
 
-Generalized from the field `deep-insight` multi-persona pattern (fh-be #7), domain-stripped — the *pattern*
+Generalized from the field `deep-insight` multi-persona pattern (private companion store), domain-stripped — the *pattern*
 is renamed **parallax** for public FH (it is a mode of this skill, not a separate skill — see asset-placement
 2026-06-06). It gives the persona dispatch above a shared output contract + a neutral aggregator, so
 multi-persona findings stay comparable and the synthesis injects no bias of its own.
@@ -328,7 +328,7 @@ supplies the specialist lens. Same ①installed → ②fallback → ③fetch pri
 external harness's review-skills count as ① installed sources, widening the persona pool without FH
 shipping every specialist.
 
-> **Absence check — resolved (added above)**: the clean replication (fh-be RESULT9 Arm F: identical
+> **Absence check — resolved (added above)**: the clean replication (companion-store experiment, Arm F: identical
 > artifact, explicit omission prompt, ownership-only variable) found self ≈ isolated (~90% overlap) —
 > **omission-detection is self-administrable when explicitly asked**, refuting the earlier "the author
 > can't see their own omissions" (Arm E, a prompt/design-drift artifact). So the Absence check is a

package/plugins/fh-meta/skills/steel-quench/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: steel-quench
 description: >-
-  A meta-skill that concretizes a designer's anxiety into AI-driven all-angle challenger attacks (via fh-commons:quench-challenger) and shakes off flaws through defensive rounds. Systematically surfaces root weaknesses of near-complete projects wave by wave, guaranteeing near-human-review quality without direct human deep inspection. Wave 4 (Meta-Aware Adversary) is an advanced mode where the challenger uses its own AI nature — hallucination, context collapse, prompt injection, tool lock-in — as attack vectors. Built-in fh-commons:quench-challenger agent outputs harness structure 6-axis attack+prescription pairs; after convergence, fh-meta:persona-innovator auto-extracts new patterns. Triggered by: "quench this", "devil's judgment", "all-angle review", "end-to-end verification", "steel quench", "deep pre-completion inspection", "shake out design anxiety", "attack from the root".
+  A meta-skill that concretizes a designer's anxiety into AI-driven all-angle challenger attacks (via fh-commons:quench-challenger) and shakes off flaws through defensive rounds. Systematically surfaces root weaknesses of near-complete projects wave by wave, guaranteeing near-human-review quality without direct human deep inspection. Wave 4 (Meta-Aware Adversary) is an advanced mode where the challenger uses its own AI nature — hallucination, context collapse, prompt injection, tool lock-in — as attack vectors. Wave-P3 (gate-passage re-attack) re-attacks an artifact on Coverage/Narrative/False-confidence right after an upstream gate declares PASS. Built-in fh-commons:quench-challenger agent outputs harness structure 6-axis attack+prescription pairs; after convergence, fh-meta:persona-innovator auto-extracts new patterns. Triggered by: "quench this", "devil's judgment", "all-angle review", "end-to-end verification", "steel quench", "deep pre-completion inspection", "shake out design anxiety", "attack from the root", "did it really pass?".
 user-invocable: true
 allowed-tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob", "WebSearch", "Agent"]
 model: opus
@@ -25,6 +25,7 @@ A designer's anxiety is most dangerous when vague. steel-quench breaks that anxi
 | "shake out design anxiety", "deep pre-completion inspection" | Concretize vague anxiety |
 | "attack from the root" | Re-verify from reason for existence |
 | "diagnose with counterexample", "use this bad case as reference" | Phase 0 calibration |
+| "did it really pass?", "re-attack after the gate", "the gate said PASS" | Wave-P3 gate-passage re-attack |
 | `/steel-quench` | Explicit call |
 
 ---
@@ -38,7 +39,7 @@ A designer's anxiety is most dangerous when vague. steel-quench breaks that anxi
 | **Wave 2** | Defense — defend or state as residual risk | — |
 | **Wave 3+** | Convergence — repeat until zero new S-grade | Zero new S-grade |
 | **Wave 4** (optional) | Meta-Aware Adversary — AI uses its own nature as attack vector | Zero new S-grade + AI-specific criteria |
-| **Wave-P3** (reserved) | Domain gate integration slot | Future use |
+| **Wave-P3** (optional) | Gate-passage re-attack — when an upstream gate declares PASS, re-attack the just-passed artifact on Coverage / Narrative / False-confidence | All 3 dimensions Attack Failed |
 | **Wave 5** (optional) | Multi-Team Adversarial Panel — external CLIs or cross-session Claude | Zero new S-grade cross-team |
 
 ---
@@ -148,6 +149,49 @@ Wave 4 convergence = Wave 3 criteria + 3 AI-specific vectors actually reviewed +
 
 ---
 
+## Wave-P3 — Gate-Passage Re-Attack (optional)
+
+**Activation**: When an upstream gate declares PASS on an artifact — any "declared-complete boundary"
+(a verification gate's terminal PASS, a `/pipeline-conductor` green sweep, a `/marketplace-gate` listing
+verdict, the 4-axis auto-gate marker, a domain TC/coverage gate). Propose preemptively, run after approval.
+No gate-PASS in scope → skip Wave-P3 entirely.
+
+> A 1-round gate PASS is exactly when reviewers stop looking — "we just passed" is the lowest-vigilance
+> moment in any workflow. Wave-P3 distrusts the declaration and re-attacks the just-passed artifact on three
+> dimensions the gate's own pass criteria structurally could not check. Only when all three Attack Failed can
+> a **"Real PASS"** be declared.
+
+**Agent utilization**:
+- `fh-commons:quench-challenger` (optional) — adds 6-axis structural attack to each dimension. If absent, run the 3 dimensions directly.
+- `fh-meta:persona-innovator` (after convergence) — error/gap patterns found during Wave-P3 → auto-propose new Cross-Project Pattern rows or skill-candidate signals.
+
+The three dimensions generalize the gate's three blind spots:
+
+| # | Dimension | The blind spot it attacks |
+|:---:|---|---|
+| Wave-P3a | **Coverage** | *What did the gate not check?* Items marked covered/passed that lack a traceable artifact (ID, test, file, citation). |
+| Wave-P3b | **Narrative** | *What story does the passed artifact tell that may be wrong?* Residual hardcoded/environment-coupled values and vague, unverifiable claims the PASS declaration smuggled through. |
+| Wave-P3c | **False-confidence** | *Did the gate produce false confidence?* High-risk items that passed carrying only a binary pass/fail, with no residual-risk or failure-mode caveat. |
+
+Each dimension is `Attack Succeeded` (defect found) or `Attack Failed` (clean).
+
+**Wave-P3 Done When**:
+```
+All 3 dimensions [Attack Failed] → ✅ Real PASS → activate fh-meta:persona-innovator (extract new patterns)
+Any 1 [Attack Succeeded]        → fix affected items, re-run Wave-P3 (max 2 re-runs)
+Still [Attack Succeeded] after 2 re-runs → "gate structural redesign required" → ESCALATE
+```
+
+**Basis**: reverse-imported from a field-side sister harness (private companion signal, 2026-06-08). Field
+evidence: a test-case coverage gate declared a 1-round PASS, then additional FAILs surfaced in rounds 2–3 —
+the gate-PASS-then-defect-found-in-next-stage pattern Wave-P3 collapses. Generalized from the field's
+domain-coupled (a spec→test-case gate) form to a gate-agnostic boundary hook. Shares its root with
+`fh-commons:convergence-loop` (single-pass distrust).
+
+> **Detail**: See `SKILL_detail.md §WaveP3` — per-dimension attack questions, gap criteria, and output format — read when running a gate-passage re-attack.
+
+---
+
 ## External-GT Adjudication (when the target has a public ground truth)
 
 When quenching a **public artifact that has its own ground truth** — a repo's open issues, test suite, or
@@ -242,6 +286,7 @@ sim-conductor Area A (external user perspective)
 - **Always check self-referential pattern (P3).** Cross-validate Wave results with external criteria.
 - **Public target → adjudicate against external GT before claiming.** A finding the target's own docs/policy/threat-model marks intentional or out-of-scope is a false positive, not a catch. See §External-GT Adjudication.
 - **Attack surface limit**: steel-quench attacks output content patterns. Phantom Claim detection → `phantom-quench`.
+- **Gate cross-reference**: any FH skill that declares a PASS / green / listing-ready verdict (`pipeline-conductor`, `marketplace-gate`, the 4-axis auto-gate, `convergence-loop`, domain coverage gates) is a valid Wave-P3 entry point. Invoke `/steel-quench` Wave-P3 on the just-passed artifact rather than editing each gate to embed it — the hook lives here, callers reference it.
 
 ## Failure Fallback
 

package/plugins/fh-meta/skills/steel-quench/SKILL_detail.md

@@ -170,6 +170,64 @@ New S-grade blockers: N (from AI-specific vectors: N)
 
 ---
 
+## §WaveP3 — Gate-Passage Re-Attack (per-dimension spec + output format)
+
+> Summary, activation, agent utilization, and Done When live in `SKILL.md §Wave-P3`. This section holds the
+> per-dimension attack questions and the output format — read when actually running a gate-passage re-attack.
+
+### Wave-P3a — Coverage re-attack
+
+Second-pass search for gaps hiding behind the pass declaration — *what the gate did not check.*
+
+| Attack Question | Gap Criterion |
+|---|---|
+| Do items the gate marked "covered" / "documented" / "done" actually have a traceable artifact (test ID, file, commit, citation)? | Marked-covered item without a backing artifact = gap |
+| Are boundary/edge cases the gate's scope implied actually each enumerated? | Implied-but-absent case = gap |
+| Does every claimed mapping (state→test, requirement→implementation, claim→source) resolve 1:1? | Unresolved mapping = gap |
+
+Verdict: `[Wave-P3a: Attack Succeeded]` (gap found) / `[Wave-P3a: Attack Failed]` (no gap)
+
+### Wave-P3b — Narrative re-attack
+
+Residue the pass declaration carried through unexamined — *the story the artifact tells that may be wrong.*
+
+| Attack Question | Residue Criterion |
+|---|---|
+| Do passed outputs hardcode concrete values where a parameter/placeholder belongs? | 1 hardcoded value = residue |
+| Do passed outputs contain unverifiable vague terms ("works correctly", "handled properly", "normally")? | 1 vague term = residue |
+| Do passed outputs assume environment-coupled values (absolute paths, fixed accounts, machine-specific config)? | 1 coupled assumption = residue |
+
+Verdict: `[Wave-P3b: Attack Succeeded]` (residue found) / `[Wave-P3b: Attack Failed]` (clean)
+
+### Wave-P3c — False-confidence re-attack
+
+High-risk items that passed without a caveat — *did the gate manufacture confidence it had not earned?*
+
+| Attack Question | Missing Criterion |
+|---|---|
+| Do high-risk items (irreversible action, security boundary, branch/assignment logic) carry a failure-mode / FP caveat? | Missing caveat on a high-risk item = gap |
+| Do items prone to confusion (near-identical states, off-by-one boundaries) carry a confusion warning? | Missing warning = gap |
+| Among the highest-priority items, do >50% carry only binary pass/fail with no residual-risk note? | Ratio exceeded = gap |
+
+Verdict: `[Wave-P3c: Attack Succeeded]` (missing found) / `[Wave-P3c: Attack Failed]` (all labeled)
+
+### Wave-P3 Output Format
+
+```
+## Wave-P3 — Gate-Passage Re-Attack Results (gate: {which gate declared PASS})
+
+| Dimension | Attack Result | Discovered Items | Fix Required |
+|:---:|:---:|---|:---:|
+| Wave-P3a (Coverage)          | Succeeded/Failed | [gaps or none]    | Y/N |
+| Wave-P3b (Narrative)         | Succeeded/Failed | [residue or none] | Y/N |
+| Wave-P3c (False-confidence)  | Succeeded/Failed | [missing or none] | Y/N |
+
+✅ Real PASS → persona-innovator: [N new pattern/rule candidates]
+❌ Fix required, re-run (round N)
+```
+
+---
+
 ## §Wave5 — Multi-Team Adversarial Panel (Full Spec)
 
 **Activation**: After Wave 1~4 convergence + A-grade items remain. `--sidecar` flag or "run sidecar wave".