@chrono-meta/fh-gate 1.4.1 → 1.4.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrono-meta/fh-gate",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "description": "FH runtime adapters — run FH governance, skills, and agents via Claude or Codex with machine-parseable gates.",
   "license": "MIT",
   "keywords": [

package/plugins/fh-meta/skills/steel-quench/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: steel-quench
 description: >-
-  A meta-skill that concretizes a designer's anxiety into AI-driven all-angle challenger attacks (via fh-commons:quench-challenger) and shakes off flaws through defensive rounds. Systematically surfaces root weaknesses of near-complete projects wave by wave, guaranteeing near-human-review quality without direct human deep inspection. Wave 4 (Meta-Aware Adversary) is an advanced mode where the challenger uses its own AI nature — hallucination, context collapse, prompt injection, tool lock-in — as attack vectors. Built-in fh-commons:quench-challenger agent outputs harness structure 6-axis attack+prescription pairs; after convergence, fh-meta:persona-innovator auto-extracts new patterns. Triggered by: "quench this", "devil's judgment", "all-angle review", "end-to-end verification", "steel quench", "deep pre-completion inspection", "shake out design anxiety", "attack from the root".
+  A meta-skill that concretizes a designer's anxiety into AI-driven all-angle challenger attacks (via fh-commons:quench-challenger) and shakes off flaws through defensive rounds. Systematically surfaces root weaknesses of near-complete projects wave by wave, guaranteeing near-human-review quality without direct human deep inspection. Wave 4 (Meta-Aware Adversary) is an advanced mode where the challenger uses its own AI nature — hallucination, context collapse, prompt injection, tool lock-in — as attack vectors. Wave-P3 (gate-passage re-attack) re-attacks an artifact on Coverage/Narrative/False-confidence right after an upstream gate declares PASS. Built-in fh-commons:quench-challenger agent outputs harness structure 6-axis attack+prescription pairs; after convergence, fh-meta:persona-innovator auto-extracts new patterns. Triggered by: "quench this", "devil's judgment", "all-angle review", "end-to-end verification", "steel quench", "deep pre-completion inspection", "shake out design anxiety", "attack from the root", "did it really pass?".
 user-invocable: true
 allowed-tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob", "WebSearch", "Agent"]
 model: opus
@@ -25,6 +25,7 @@ A designer's anxiety is most dangerous when vague. steel-quench breaks that anxi
 | "shake out design anxiety", "deep pre-completion inspection" | Concretize vague anxiety |
 | "attack from the root" | Re-verify from reason for existence |
 | "diagnose with counterexample", "use this bad case as reference" | Phase 0 calibration |
+| "did it really pass?", "re-attack after the gate", "the gate said PASS" | Wave-P3 gate-passage re-attack |
 | `/steel-quench` | Explicit call |
 
 ---
@@ -38,7 +39,7 @@ A designer's anxiety is most dangerous when vague. steel-quench breaks that anxi
 | **Wave 2** | Defense — defend or state as residual risk | — |
 | **Wave 3+** | Convergence — repeat until zero new S-grade | Zero new S-grade |
 | **Wave 4** (optional) | Meta-Aware Adversary — AI uses its own nature as attack vector | Zero new S-grade + AI-specific criteria |
-| **Wave-P3** (reserved) | Domain gate integration slot | Future use |
+| **Wave-P3** (optional) | Gate-passage re-attack — when an upstream gate declares PASS, re-attack the just-passed artifact on Coverage / Narrative / False-confidence | All 3 dimensions Attack Failed |
 | **Wave 5** (optional) | Multi-Team Adversarial Panel — external CLIs or cross-session Claude | Zero new S-grade cross-team |
 
 ---
@@ -148,6 +149,49 @@ Wave 4 convergence = Wave 3 criteria + 3 AI-specific vectors actually reviewed +
 
 ---
 
+## Wave-P3 — Gate-Passage Re-Attack (optional)
+
+**Activation**: When an upstream gate declares PASS on an artifact — any "declared-complete boundary"
+(a verification gate's terminal PASS, a `/pipeline-conductor` green sweep, a `/marketplace-gate` listing
+verdict, the 4-axis auto-gate marker, a domain TC/coverage gate). Propose preemptively, run after approval.
+No gate-PASS in scope → skip Wave-P3 entirely.
+
+> A 1-round gate PASS is exactly when reviewers stop looking — "we just passed" is the lowest-vigilance
+> moment in any workflow. Wave-P3 distrusts the declaration and re-attacks the just-passed artifact on three
+> dimensions the gate's own pass criteria structurally could not check. Only when all three Attack Failed can
+> a **"Real PASS"** be declared.
+
+**Agent utilization**:
+- `fh-commons:quench-challenger` (optional) — adds 6-axis structural attack to each dimension. If absent, run the 3 dimensions directly.
+- `fh-meta:persona-innovator` (after convergence) — error/gap patterns found during Wave-P3 → auto-propose new Cross-Project Pattern rows or skill-candidate signals.
+
+The three dimensions generalize the gate's three blind spots:
+
+| # | Dimension | The blind spot it attacks |
+|:---:|---|---|
+| Wave-P3a | **Coverage** | *What did the gate not check?* Items marked covered/passed that lack a traceable artifact (ID, test, file, citation). |
+| Wave-P3b | **Narrative** | *What story does the passed artifact tell that may be wrong?* Residual hardcoded/environment-coupled values and vague, unverifiable claims the PASS declaration smuggled through. |
+| Wave-P3c | **False-confidence** | *Did the gate produce false confidence?* High-risk items that passed carrying only a binary pass/fail, with no residual-risk or failure-mode caveat. |
+
+Each dimension is `Attack Succeeded` (defect found) or `Attack Failed` (clean).
+
+**Wave-P3 Done When**:
+```
+All 3 dimensions [Attack Failed] → ✅ Real PASS → activate fh-meta:persona-innovator (extract new patterns)
+Any 1 [Attack Succeeded]        → fix affected items, re-run Wave-P3 (max 2 re-runs)
+Still [Attack Succeeded] after 2 re-runs → "gate structural redesign required" → ESCALATE
+```
+
+**Basis**: reverse-imported from a field-side sister harness (private companion signal, 2026-06-08). Field
+evidence: a test-case coverage gate declared a 1-round PASS, then additional FAILs surfaced in rounds 2–3 —
+the gate-PASS-then-defect-found-in-next-stage pattern Wave-P3 collapses. Generalized from the field's
+domain-coupled (a spec→test-case gate) form to a gate-agnostic boundary hook. Shares its root with
+`fh-commons:convergence-loop` (single-pass distrust).
+
+> **Detail**: See `SKILL_detail.md §WaveP3` — per-dimension attack questions, gap criteria, and output format — read when running a gate-passage re-attack.
+
+---
+
 ## External-GT Adjudication (when the target has a public ground truth)
 
 When quenching a **public artifact that has its own ground truth** — a repo's open issues, test suite, or
@@ -242,6 +286,7 @@ sim-conductor Area A (external user perspective)
 - **Always check self-referential pattern (P3).** Cross-validate Wave results with external criteria.
 - **Public target → adjudicate against external GT before claiming.** A finding the target's own docs/policy/threat-model marks intentional or out-of-scope is a false positive, not a catch. See §External-GT Adjudication.
 - **Attack surface limit**: steel-quench attacks output content patterns. Phantom Claim detection → `phantom-quench`.
+- **Gate cross-reference**: any FH skill that declares a PASS / green / listing-ready verdict (`pipeline-conductor`, `marketplace-gate`, the 4-axis auto-gate, `convergence-loop`, domain coverage gates) is a valid Wave-P3 entry point. Invoke `/steel-quench` Wave-P3 on the just-passed artifact rather than editing each gate to embed it — the hook lives here, callers reference it.
 
 ## Failure Fallback
 

package/plugins/fh-meta/skills/steel-quench/SKILL_detail.md

@@ -170,6 +170,64 @@ New S-grade blockers: N (from AI-specific vectors: N)
 
 ---
 
+## §WaveP3 — Gate-Passage Re-Attack (per-dimension spec + output format)
+
+> Summary, activation, agent utilization, and Done When live in `SKILL.md §Wave-P3`. This section holds the
+> per-dimension attack questions and the output format — read when actually running a gate-passage re-attack.
+
+### Wave-P3a — Coverage re-attack
+
+Second-pass search for gaps hiding behind the pass declaration — *what the gate did not check.*
+
+| Attack Question | Gap Criterion |
+|---|---|
+| Do items the gate marked "covered" / "documented" / "done" actually have a traceable artifact (test ID, file, commit, citation)? | Marked-covered item without a backing artifact = gap |
+| Are boundary/edge cases the gate's scope implied actually each enumerated? | Implied-but-absent case = gap |
+| Does every claimed mapping (state→test, requirement→implementation, claim→source) resolve 1:1? | Unresolved mapping = gap |
+
+Verdict: `[Wave-P3a: Attack Succeeded]` (gap found) / `[Wave-P3a: Attack Failed]` (no gap)
+
+### Wave-P3b — Narrative re-attack
+
+Residue the pass declaration carried through unexamined — *the story the artifact tells that may be wrong.*
+
+| Attack Question | Residue Criterion |
+|---|---|
+| Do passed outputs hardcode concrete values where a parameter/placeholder belongs? | 1 hardcoded value = residue |
+| Do passed outputs contain unverifiable vague terms ("works correctly", "handled properly", "normally")? | 1 vague term = residue |
+| Do passed outputs assume environment-coupled values (absolute paths, fixed accounts, machine-specific config)? | 1 coupled assumption = residue |
+
+Verdict: `[Wave-P3b: Attack Succeeded]` (residue found) / `[Wave-P3b: Attack Failed]` (clean)
+
+### Wave-P3c — False-confidence re-attack
+
+High-risk items that passed without a caveat — *did the gate manufacture confidence it had not earned?*
+
+| Attack Question | Missing Criterion |
+|---|---|
+| Do high-risk items (irreversible action, security boundary, branch/assignment logic) carry a failure-mode / FP caveat? | Missing caveat on a high-risk item = gap |
+| Do items prone to confusion (near-identical states, off-by-one boundaries) carry a confusion warning? | Missing warning = gap |
+| Among the highest-priority items, do >50% carry only binary pass/fail with no residual-risk note? | Ratio exceeded = gap |
+
+Verdict: `[Wave-P3c: Attack Succeeded]` (missing found) / `[Wave-P3c: Attack Failed]` (all labeled)
+
+### Wave-P3 Output Format
+
+```
+## Wave-P3 — Gate-Passage Re-Attack Results (gate: {which gate declared PASS})
+
+| Dimension | Attack Result | Discovered Items | Fix Required |
+|:---:|:---:|---|:---:|
+| Wave-P3a (Coverage)          | Succeeded/Failed | [gaps or none]    | Y/N |
+| Wave-P3b (Narrative)         | Succeeded/Failed | [residue or none] | Y/N |
+| Wave-P3c (False-confidence)  | Succeeded/Failed | [missing or none] | Y/N |
+
+✅ Real PASS → persona-innovator: [N new pattern/rule candidates]
+❌ Fix required, re-run (round N)
+```
+
+---
+
 ## §Wave5 — Multi-Team Adversarial Panel (Full Spec)
 
 **Activation**: After Wave 1~4 convergence + A-grade items remain. `--sidecar` flag or "run sidecar wave".