@chrono-meta/fh-gate 1.4.34 → 1.4.35

package/CLAUDE.md

@@ -227,6 +227,23 @@ post-compaction 2026-06-12). 2026-06-15+: headless `claude -p` draws from the ha
 subscription — prefer in-session Agent dispatch when the plan gate allows; take the headless fallback
 knowingly. Record sim results in the Axes 2–3 marker + sub-agent invocation log.
 
+**Floor-tier canary (optional pre-screen — token-free, *below* the Sonnet sim)**: a local model weaker
+than or comparable to Sonnet (e.g. `ollama run qwen3:8b` on the local host today; a cross-family local
+panel — qwen3.x:27b / gemma4:12b-qat / gpt-oss:20b / devstral — on a GPU host once its remote-exec path
+is live) can pre-screen a salience-dependent edit *before* the Sonnet dispatch is spent: a rule that
+fires correctly on the floor model is *evidence of* robustness below Sonnet (one floor sample, not proof
+— hold the asymmetric-skepticism discipline). Blind probe — feed the verbatim rule text + a scenario,
+demand a strict YES/NO + one-line reason, judge whether the rule fired (mechanism dogfood-verified
+2026-06-20: a local `qwen3:8b` correctly gated the public install-wizard local-LLM-offload item in both
+directions — a claim checkable against that skill — re-validating that day's salience-binding fix at a
+sub-Sonnet tier). **Canary, NOT gate**: a PASS adds cheap floor confidence and you still run the Sonnet
+sim; a FAIL never blocks alone — the opus orchestrator triages it as a *real salience gap* (fix the
+rule) vs a *floor-model quirk* (small-model loop/hallucination, per the public "Local AI is not Opus"
+finding + the cheap-oracle ceiling — a small model adds nothing where one grep already settles the
+check). The terminal verdict stays with the frontier (Sonnet sim + opus judge) — no judge-only path, no
+weak-local-judge regression of the judge-robustness principle (mechanical anchor over judge-only verdict).
+The cross-family-panel upgrade spec lives in the private companion store's `handoff/` design note.
+
 **Axis ownership** (each skill is already complete — orchestrator only coordinates):
 
 | Axis | Skill | What it catches |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrono-meta/fh-gate",
-  "version": "1.4.34",
+  "version": "1.4.35",
   "description": "FH runtime adapters — run FH governance, skills, and agents via Claude or Codex with machine-parseable gates.",
   "license": "MIT",
   "keywords": [

package/plugins/fh-meta/skills/frontier-digest/SKILL.md

@@ -65,7 +65,7 @@ On **cadence-triggered** runs (7d), ask the operator one line before collecting:
 
 ## Step 1. Data Collection
 
-Collect from four sources (bash per source in §Collection-Bash):
+Collect from five sources (bash per source in §Collection-Bash):
 
 | Source | Method | Cap |
 |---|---|---|
@@ -73,11 +73,14 @@ Collect from four sources (bash per source in §Collection-Bash):
 | arxiv | export API, latest by submittedDate | 6 items |
 | TLDR AI | RSS, title + link | 5 items |
 | The Batch (deeplearning.ai) | HTML scraping, title + issue slug | 5 items |
+| GeekNews (news.hada.io) | Atom feed (`/rss/news` path), title + link, AI/agent/LLM-relevant | 5 items |
 
-Report progress: `📡 HN 15 items · arxiv 5 items · TLDR 5 items · Batch 5 items collected`
+Report progress: `📡 HN 15 items · arxiv 5 items · TLDR 5 items · Batch 5 items · GeekNews 5 items collected`
 
 > **Detail**: See `SKILL_detail.md §Collection-Bash` — curl commands per source with parsing notes — read when executing Step 1.
 
+**Knowledge-currency augment (on-demand, not weekly-scanned)**: distinct from the trend feeds above, these are fetched when a specific version/fact/spec needs confirming against the model's knowledge cutoff — `docs.anthropic.com` (official Claude/API docs · model IDs · pricing), arxiv (already a feed, also a currency target by ID), and Zenodo (research deposits incl. FH's own). Pull these into context for currency rather than scanning them for trends; in egress-restricted environments (e.g. a company network) route the fetch through the approved bridge (n8n), not a direct call.
+
 ---
 
 ## Step 2. Synthesis

package/plugins/fh-meta/skills/frontier-digest/SKILL_detail.md

@@ -50,7 +50,15 @@ curl -s --max-time 10 -L "https://www.deeplearning.ai/the-batch/"
 
 Extract `"title":"..."` + `"slug":"issue-\d+"` pattern → URL: `https://www.deeplearning.ai/the-batch/{slug}/`. Max 5 items.
 
-Report progress: `📡 HN 15 items · arxiv 5 items · TLDR 5 items · Batch 5 items collected`
+### GeekNews — news.hada.io (RSS)
+
+```bash
+curl -s --max-time 8 "https://news.hada.io/rss/news"
+```
+
+Korean dev-news aggregator (HN-equivalent), AI-heavy. **The `/rss/news` path serves an Atom feed** (`<feed>`/`<entry>`, NOT RSS `<item>` — verified 2026-06-20: 50 `<entry>` elements, 0 `<item>`). Parse `<entry>` → `<title>` + `<link href>`; keep AI/agent/LLM/harness-relevant items only. `/rss/news` is a *general* dev-news feed, so if 0 AI-relevant items remain after filtering, **drop GeekNews from this run's progress line rather than padding to 5**. Endpoint verified HTTP 200 (2026-06-20); `/rss/new` and `/rss/topics` 404 — use `/rss/news`. Max 5 items.
+
+Report progress: `📡 HN 15 items · arxiv 5 items · TLDR 5 items · Batch 5 items · GeekNews 5 items collected`
 
 ---
 

package/plugins/fh-meta/skills/install-wizard/SKILL.md

@@ -102,7 +102,7 @@ Pasting tokens directly in chat exposes them in conversation history; environmen
 
 *(Run after Step 0-A·B pre-checks. Output results as environment card, then continue to Step 0-C.)*
 
-CC runs the detection bash automatically (injection pre-flight scan → FH_DIR/CC_HUB_DIR → cwd project info → plugins → MCP → zshrc hook → optional framework detection), then outputs the environment card.
+CC runs the detection bash automatically (injection pre-flight scan → FH_DIR/CC_HUB_DIR → cwd project info → plugins → MCP → zshrc hook → optional framework detection → local LLM runtime, optional), then outputs the environment card.
 
 **Stop rule (behavioral)**: if `FH_DIR` is not set, output the bootstrap guidance and **do not proceed to subsequent Steps** — install FH first, then rerun.
 
@@ -135,7 +135,9 @@ Y (add integration plan items to Step 1) / N (add-only, keep existing rules) / S
 
 **[Prerequisite] install-doctor conflict diagnosis (only in environments without install history)**: if `~/.cc_sentinels/{project-name}_wizard_done` doesn't exist (first install), call `/install-doctor --plugin fh-meta` first. CONFLICT/WARNING items → add ❗ markers to Step 2 proposal list. Items the doctor already diagnosed (`FH plugin install` · `zshrc hook` · `.claudeignore`) → map results directly, skip re-diagnosis; all other items → check directly.
 
-Auto-check each item as PASS / MISS / FAIL. Check items: `.claudeignore` · `local_fh_context.md` · `zshrc hook` · `weekly_audit` freshness · `sentinel` setup · FH plugin install · `.git/info/exclude` · MCP plugin · `deep-insight` plugin (optional) · `fh_env_context.jsonc` · `phantom-gate` (Python + AI-output projects only) · domain pattern pack (optional, none ship by default).
+Auto-check each item as PASS / MISS / FAIL. Check items: `.claudeignore` · `local_fh_context.md` · `zshrc hook` · `weekly_audit` freshness · `sentinel` setup · FH plugin install · `.git/info/exclude` · MCP plugin · `deep-insight` plugin (optional) · `fh_env_context.jsonc` · `phantom-gate` (Python + AI-output projects only) · domain pattern pack (optional, none ship by default) · local-LLM offload (optional — surface ONLY if the Step 0 bash emitted the literal line `Local LLM runtime: detected`; absent that line, this item does not exist).
+
+**Local-LLM offload (conditional, recommend-only)**: when Step 0 detected a local LLM runtime (Ollama / LM Studio), surface one optional item — route to `/plugin-recommender` for local-model offload tooling. FH recommends, never rebuilds (no-reinvention). Two complementary offload shapes the user picks per workload: **input-side context routing** (a small local model returns line ranges, so the cloud model receives only the dense slices instead of whole files) and **output-side generation delegation** (the local model generates and self-reviews code while the frontier model decomposes and validates). The benefit is tier-dependent — largest in headless/scripted pipelines and on weaker cloud tiers; an interactive session already triages via targeted reads. Local models suit **bounded, well-specified** work (triage, codebase explanation, instructed maintenance), not long-horizon autonomous tasks where small models loop or hallucinate — so the frontier model keeps decomposition and validation. Skip silently when no local runtime is present.
 
 > **Detail**: See `SKILL_detail.md §Step1-Checks` — full check table with criteria and verification commands per item — read when executing Step 1.
 

package/plugins/fh-meta/skills/install-wizard/SKILL_detail.md

@@ -128,6 +128,16 @@ FRAMEWORK=""
 for fw in streamlit django fastapi flask; do
   if grep -qi "$fw" requirements.txt pyproject.toml 2>/dev/null; then FRAMEWORK="$fw"; echo "Framework: $fw detected"; break; fi
 done
+
+# Local LLM runtime (optional) — gates the conditional local-offload recommendation in Step 1.
+# Ollama default :11434, LM Studio default :1234. Absence is the normal state (no offload item surfaced).
+# Confirm the RESPONSE SHAPE, not just any HTTP 200 — Ollama /api/tags returns {"models":...},
+# LM Studio /v1/models returns {"data":...}; this avoids a non-LLM service squatting the port.
+for url in http://localhost:11434/api/tags http://localhost:1234/v1/models; do
+  if curl -sf -m 1 "$url" 2>/dev/null | grep -q '"models"\|"data"'; then
+    echo "Local LLM runtime: detected ($url)"; break
+  fi
+done
 ```
 
 **Bootstrap guidance when FH_DIR is not set (stop immediately in Step 0):**
@@ -168,6 +178,7 @@ install-wizard — Environment Detection
   CC Hub:       {CC_HUB_DIR or not set}
   Plugins:      {installed plugin list}
   zshrc hook:   {present/absent}
+  Local LLM:    {runtime + url if detected — omit this row when none}
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 ```
 
@@ -251,6 +262,7 @@ Auto-check the following items based on detected environment. Each item classifi
 | `fh_env_context.jsonc` | `.claude/rules/fh_env_context.jsonc` exists | `ls .claude/rules/fh_env_context.jsonc` |
 | `phantom-gate` | **(Python + AI-output projects only)** `phantom-gate` present in `requirements.txt` / `pyproject.toml` | `grep "phantom.gate" requirements.txt pyproject.toml 2>/dev/null` |
 | `Domain pattern pack applied` | (optional — only when a `{framework}_patterns.md` pack is present; none ship by default) framework-specific pattern checks | `knowledge/shared/{framework}_patterns.md` check (skip if file absent — the normal default) |
+| `local-LLM offload` | (optional — only when Step 0 detected a local LLM runtime) recommend local-model offload tooling, recommend-only | route to `/plugin-recommender` (no install performed here; skip silently if no runtime detected) |
 
 ---
 

package/plugins/fh-meta/skills/public-surface-audit/SKILL.md

@@ -170,6 +170,56 @@ token only *contains* an example substring but is otherwise a real private value
 
 ---
 
+## Step 3c. Ignore-Verification — the gitignore-mistake safeguard (root-cause, runs before Step 4)
+
+Steps 3/3b scan what **is** tracked. This step checks the inverse and the upstream cause: a file you
+*intend* to be private that is **not actually ignored** — the gitignore mistake that becomes tomorrow's
+tracked leak. For each expected-private path, `git check-ignore -v` reports whether it is ignored **and
+by which layer** (committed `.gitignore` · local `.git/info/exclude` · global `core.excludesFile`). A
+path that resolves to no ignore rule is a MISS — surface it before it is ever `git add`ed.
+
+```bash
+# Expected-private set = conventional FH local-only files, EXTENDED with any `# private-path: <path>`
+# lines the operator added to the gitignored pattern source (self-extends per repo — not a frozen
+# operator snapshot). Built one-path-per-line + while-read so it is portable across bash AND zsh
+# (zsh does not word-split an unquoted variable, so `for f in $VAR` would break). A non-existent file
+# is skipped; an all-absent set emits n/a, never a silent pass.
+present=$({ printf '%s\n' CLAUDE.local.md .claude/rules/.public-surface-patterns \
+             .claude/rules/local_fh_context.md tracks/_meta/user_adaptation_profile.md
+           grep -E '^# private-path:' .claude/rules/.public-surface-patterns 2>/dev/null \
+             | sed -E 's/^# private-path:[[:space:]]*//'; } \
+         | awk 'NF' | sort -u | while IFS= read -r f; do [ -e "$f" ] && printf '%s\n' "$f"; done)
+[ -z "$present" ] && echo "n/a (no expected-private files present in this repo — add '# private-path:' lines to the pattern source if any exist)"
+printf '%s\n' "$present" | while IFS= read -r f; do
+  [ -z "$f" ] && continue
+  # Tracked status is tested FIRST: a file can match an ignore rule yet still be force-added
+  # (`git add -f`) — the exact ignored-but-committed mechanism behind the PR #109 leak. Tracked wins,
+  # so an ignored-but-committed file reports TRACKED (not a false-clean OK).
+  if git ls-files --error-unmatch "$f" >/dev/null 2>&1; then
+    echo "TRACKED $f (already committed — Step 3 scans its contents; un-track if it must be private: git rm --cached)"
+  elif rule=$(git check-ignore -v "$f" 2>/dev/null); then
+    echo "OK      $f → ignored by [$rule]"
+  else
+    echo "MISS    $f (exists, NOT ignored, NOT tracked — one 'git add .' from a leak; add an ignore rule)"
+  fi
+done
+```
+
+- **OK** — ignored; the report names which layer covers it (operator-private files should resolve to
+  `.git/info/exclude` or `.gitignore`, never end up tracked).
+- **MISS** — exists but no ignore rule covers it → counts as **🟠 MED** in the Step 4 verdict (a latent
+  leak, not yet a breach).
+- **TRACKED** — already committed: Step 3 scans its *contents*; this also flags it for un-tracking if it
+  was meant to be private.
+
+Why this is the safeguard for **gitignore mistakes** (a wrong assumption about what is ignored):
+`.gitignore` is committed/shared, `.git/info/exclude` is local/personal, and a global `core.excludesFile`
+ignores across all repos — `git check-ignore -v` is the one command that says *which* rule (if any)
+applies, so an "I thought it was ignored" error surfaces here instead of in a public PR (the PR #109
+class of leak). Diagnostic-only: this step never writes — it reports, the operator adds the ignore rule.
+
+---
+
 ## Step 4. Report
 
 ```
@@ -180,7 +230,7 @@ public-surface-audit — Operator-Private Token Scan
   🔴 HIGH  ({count})
     {file}:{line}  →  {matched token}   [class: username | company asset]
   🟠 MED   ({count})
-    {file}:{line}  →  {matched token}   [class: absolute home path]
+    {file}:{line}  →  {matched token}   [class: absolute home path | ignore-MISS (Step 3c)]
   🟡 LOW   ({count})
     {file}:{line}  →  {matched token}   [class: companion-store | private wiring]