@chrono-meta/fh-gate 1.4.35 → 1.4.37

package/CLAUDE.md

@@ -103,17 +103,17 @@ Simplification guard: trivial denials with one obvious fix → state block + sin
 
 **4-step summary**: ① Auto-read CLAUDE.md + CATALOG + session card + registry scan + UAP (`tracks/_meta/user_adaptation_profile.md`, if present — apply user-tuned defaults: preferred tier, suppressed proposals, muted nags; see §Operational Adaptation Loop) → ② One-line proposal (new user / exploratory / returning branches) → ③ 5-skill cascade (plugin-recommender → synergy → .claudeignore → model → verify) → ④ Approval + setup
 
-**Greeting branch + door skeleton (summary-level — applies even if the detail file read is skipped)**: the branch test is **mechanical local state — session files under `tracks/`** — never git log / CATALOG residue (a fresh clone carries full history but zero session files: it is a NEW install — origin: a fresh-clone sonnet sim rendered the returning menu off commit messages, `fh_signal_2026-06-11` FP8). Every variant opens with **🐿️ on its own line as the skeleton's first line** — the marker is part of the skeleton, one salience unit with the menu, not a separate rule.
+**Greeting branch + door skeleton (summary-level — applies even if the detail file read is skipped)**: the branch test is **mechanical local state — session files under `tracks/`** — never git log / CATALOG residue (a fresh clone carries full history but zero session files: it is a NEW install — origin: a fresh-clone sonnet sim rendered the returning menu off commit messages, `fh_signal_2026-06-11` FP8). Every variant opens with **🐿️ then an identity-revealing welcome line on the SAME line** (🐿️ is no longer alone on its own line), followed by the menu — one salience unit, not a separate rule. (Put a space after 🐿️; the exact count is **not significant** — a markdown renderer collapses multiple mid-line spaces to one — so the verifiable invariant is *same-line*, NOT a space count.) Welcome line by branch: new / exploratory = "Welcome to FH." · returning = "Welcome back to FH." · operator (FH-dev state) = "The FH operator — good to see you." (rendered in the user's language; the lid/onboarding-smoothness matters even though it is not the substance).
 
 - **New user** (no session files AND no mapped project tracks under `tracks/` — fresh clone/install; underscore meta dirs `_meta`/`_audit`/`_contrib` don't count): 2-door starter, never the returning menu —
 
-  > 🐿️
-  > *"Looks like you're new here! ① Create your first project (guided) · ② Map an existing project — and I can run `/install-wizard` to finish initial setup."*
+  > 🐿️  **Welcome to FH.** *Looks like you're new here! ① Create your first project (guided) · ② Map an existing project — and I can run `/install-wizard` to finish initial setup.*
 
 - **Returning user** (session files OR mapped project tracks exist): fixed 4-door menu —
 
-  > 🐿️
-  > *"① Map a project · ② Create a new project · ③ Accelerate a mapped project (work · Full-Harness · skills/agents/plugins) — {field candidates} · ④ Cross-project synergy"*
+  > 🐿️  **Welcome back to FH.** *① Map a project · ② Create a new project · ③ Accelerate a mapped project (work · Full-Harness · skills/agents/plugins) — {field candidates} · ④ Cross-project synergy*
+  >
+  > (When **FH-dev state exists** — the operator — the welcome line is **"The FH operator — good to see you."** in place of "Welcome back to FH.")
 
   Render conditions: ①②③ always (③'s candidates composed live) · ④ only when **2+ project tracks** exist (underscore meta dirs don't count) — synergy findings flow back into each project, and may *propose* an FH contribution (`/field-harvest` → `tracks/_contrib`) as an **outcome of findings, never a standing door**.
 
@@ -121,7 +121,7 @@ Simplification guard: trivial denials with one obvious fix → state block + sin
 
 Compose session-card candidates **into door ③ (field) and the 🔧 door (FH-dev)**, never as a raw priority dump that replaces the menu. An urgent open item (time-windowed handoff · blocking external deadline) outranks the menu; an explicit task utterance skips it entirely (see Guards below); cadence reminders (§Cadence Rules) ride below it, they don't displace it. Canonical source: `fh_detail_protocols.md` Step 2 — keep branch tests and door labels in sync.
 
-**Identity marker**: every greeting response (Step ②) opens with 🐿️ on its own line. It is embedded in both skeletons above (do not strip it when composing doors); the exploratory branch template carries it in `fh_detail_protocols.md` Step 2.
+**Identity marker**: every greeting response (Step ②) opens with 🐿️ then an identity-revealing welcome line **on the same line** (a space after 🐿️; exact count not significant — the renderer collapses it — the invariant is *same-line*, not 🐿️ alone) — new / exploratory = "Welcome to FH." · returning = "Welcome back to FH." · operator (FH-dev state) = "The FH operator — good to see you." It is embedded in all skeletons above (do not strip it when composing doors); the exploratory branch template (`fh_detail_protocols.md` Step 2) uses the "Welcome to FH." line.
 
 **Guards**: explicit task-entry utterance → skip onboarding · once per session · code/debug requests → start working directly · project routing is a suggestion, mention at most once
 **Metadata-is-not-intent guard**: the trigger is the user's **typed message only**. Session metadata — branch name (auto-derived from the first message, e.g. `claude/korean-greeting-*`), repo name, file paths — is **never** a task spec and never suppresses or redirects the greeting trigger. A bare greeting fires onboarding even when the branch name looks like a feature request; if the only "task" signal lives in metadata and not in what the user typed, treat the message as a greeting and run the greeting branch + door skeleton above.
@@ -373,6 +373,8 @@ Proposal format: `"I see [X]. Want me to run /[skill] to [one-line description]?
 | "research this deeply", "survey the literature", "comprehensive analysis", "deep research", "look this up thoroughly", "조사해줘", "리서치" (general topic research, not trend-scan) | **Deep-Research Capability Ladder** (`knowledge/shared/harness-core/deep_research_capability_ladder.md`) — route to the highest available rung: built-in `/deep-research` if present → else Claude `WebSearch`+`WebFetch` synthesis (tier-sensitive) → `/frontier-digest` only if it's AI/harness trend-scan. No-reinvention: FH routes, does not build a research engine. |
 | "orchestrate agents", "parallel dispatch", "combine skills", "multiple agents" | `/agent-composer` |
 | "run a simulation", "external user perspective", "internal audit", "quality check" | `/sim-conductor` |
+| "broaden the grounded corpus", "add another version of the corpus", "ingest the full source as the grounding axiom", "여러 버전으로 통째로 가져와" (verbatim-relay corpus expansion — fail-closed grounding, no generator) | `/corpus-grounding-expander` |
+| "broaden these personas", "what other voices fit this cast", "map these roles to a decision lens", "페르소나 후보군 더 넓혀" (persona seed → tiered judgment-mapped cast; pairs with `persona-innovator` for naming) | `/persona-roster-expander` |
 | "first install", "FH setup", "wizard", "install-wizard" | `/install-wizard` |
 | "connect a project", "map this project", "link to hub" | `auto_project_mapping.md` (mapping) |
 | "harness-ify this project", "full harness setup", "프로젝트 하네스화", "promote to full harness" | `auto_project_mapping.md §6` (Full-Harness Mode) |

package/README.md

@@ -182,7 +182,7 @@ All four movements ship. Temper was named before it was built — deliberately (
 two more signatures keep it running: `harvest-loop` (each session's lessons become permanent skills) and
 `agent-composer` (orchestrate the dispatch). The other skills wait until you need them — full list below.
 
-## 33 skills · 8 agents
+## 35 skills · 8 agents
 
 <details>
 <summary>Full asset activation check</summary>
@@ -208,6 +208,8 @@ two more signatures keep it running: `harvest-loop` (each session's lessons beco
 | `meta-prompt-builder` | Meta prompt design | "Write a prompt for the agent" |
 | `asset-placement-gate` | Hub vs project asset routing | "Should this be shared?" |
 | `cross-ecosystem-synergy-detection` | Cross-tool synergy finder | "Are my tools working together?" |
+| `corpus-grounding-expander` | Multi-version public-domain corpus → verified-axiom grounding store | "Broaden the grounded corpus" |
+| `persona-roster-expander` | Persona seed → tiered, judgment-mapped cast | "Broaden these personas" |
 | `convergence-loop` *(fh-commons)* | N-round convergence loops | "Single-pass seems suspicious" |
 | `token-budget-gate` *(fh-commons)* | Pre-task token cost estimate | "How expensive is this?" |
 | `mcp-circuit-breaker` *(fh-commons)* | MCP tool failure pattern detection | "MCP keeps failing" |
@@ -283,6 +285,21 @@ recommended only for harness-editing sessions. Details: `docs/OUTPUT_EVIDENCE.md
 
 If you use external CLIs (Gemini, Codex, `gh copilot`) as sidecars, their costs are billed to their own quota and not visible in CC's token display.
 
+### Hardware tiers (local sidecars are optional accelerators)
+
+FH needs **no local LLM** — the baseline is whatever runs Claude Code. Local models are *optional*, for
+the canary / cheap-breadth rungs only:
+
+| Tier | Spec | Runs locally | What it buys |
+|---|---|---|---|
+| **Minimum** | anything that runs Claude Code | nothing | full methodology + gates; operating FH is ~model-flat (Opus/Sonnet/Haiku 100/97/94) |
+| **Recommended** | laptop-class, ~16GB RAM | one 8B-class quantized model (e.g. an 8B / small Gemma) | a token-free **floor canary** (pre-screen before a metered sim) · offline triage · a cheap-breadth panel arm |
+| **Optional (heavy)** | ~24GB VRAM GPU | a 27–32B model | a *stronger* decorrelation canary |
+
+> Local tiers are **canaries, never the terminal verdict** — measured: the floor model missed a subtle
+> adversarial case the frontier caught (and even a 27–32B local scored 1/4 on it). They lower the *cost
+> of breadth*; the verdict stays frontier.
+
 ---
 
 ## Multi-Model Sidecar

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrono-meta/fh-gate",
-  "version": "1.4.35",
+  "version": "1.4.37",
   "description": "FH runtime adapters — run FH governance, skills, and agents via Claude or Codex with machine-parseable gates.",
   "license": "MIT",
   "keywords": [

package/plugins/fh-meta/skills/corpus-grounding-expander/SKILL.md

@@ -0,0 +1,56 @@
+---
+name: corpus-grounding-expander
+description: Fetches and normalizes multi-version public-domain corpora into a single verified-axiom store for verbatim-relay grounding, recording per-version license and provenance.
+user-invocable: true
+allowed-tools: ["Read", "Bash", "WebFetch", "Write"]
+model: sonnet
+---
+
+# corpus-grounding-expander
+
+Builds or broadens the **grounded axiom** a relay system quotes from. When a system's output must be
+constrained to verbatim source (fail-closed grounding), the corpus IS the axiom — this skill expands
+that corpus from multiple public-domain versions so grounding is robust and non-biased (a quote
+verified in ANY version counts), without ever adding a generator.
+
+> Origin: harvested from the-bible (2026-06-20) — 6 public-domain Bible versions, 197k verses, as the
+> fail-closed grounding axiom. Generalizes to any verbatim-relay corpus (legal statute, RFC text,
+> standards). See `tracks/_contrib/field_harvest_2026-06-20_gate-locality-and-grounding-capabilities.md`.
+
+## Triggers
+- "get more sources" / "broaden the grounded corpus"
+- "add another version of the corpus"
+- "ingest the full <source> as the grounding axiom"
+- `/corpus-grounding-expander {source or version}`
+
+### Natural Language Triggers (example user phrases)
+- "이 코퍼스 여러 버전으로 통째로 가져와줘"
+- "the grounding DB is just a sample — pull the whole thing, multiple editions"
+- "add a second public-domain edition so we're not biased to one"
+
+## Steps
+1. **Source + license check** — identify the public-domain source(s) and confirm each is genuinely
+   free to redistribute. Record the license literally (no assumption).
+2. **Fetch (retry-disciplined)** — pull each version; on transient error, backoff-retry before
+   declaring the source unavailable (do not silently drop a version).
+3. **Normalize to a single key schema** — map every version to the SAME addressable key
+   (e.g. `ref → text`) so cross-version quotation stays aligned. Write per-version files +
+   an `_index` recording version id, license, scope, and record count.
+4. **Wire grounding as a union** — the grounding check passes if the quote matches the canonical text
+   at that key in ANY version. Never add a path that generates text — grounding is quote-only.
+5. **Relay-integrity check** — confirm the consumer (the gate) QUOTES the corpus and cannot emit
+   un-grounded text; run a fabrication probe (a known non-source quote must fail-closed).
+
+## Done When
+- **Each added source carries a verifiable public-domain/license record** in the index. *Check class: mandatory-pass (binary — license field present and non-empty per version).*
+- **Every version is normalized to the same key schema** (cross-version keys align). *Check class: mandatory-pass (a shared sample key resolves in each version or is explicitly canon-scoped).*
+- **The index declares the quote-only union contract** (grounding matches verbatim text in ANY version; no generation path) and ships a fabrication-probe spec for the consumer to run. *Check class: mandatory-pass (binary — quote-only contract + probe-spec present in the index).*
+
+## Guards
+- **Grounding, never a generator** — the relay constraint is structural; this skill wires *grounding*.
+- **License-literal** — record the actual license per source; never assume public-domain.
+- **No silent version drop** — a fetch failure is a named residual in the index, not a quiet omission.
+
+## Independently executable
+Yes — needs only a network fetch + file write. No dependency on other FH skills (a consumer gate that
+reads the corpus is the system's own, not this skill's).

package/plugins/fh-meta/skills/persona-roster-expander/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: persona-roster-expander
+description: Expands a named persona seed into a tiered, judgment-mapped cast — tiering each persona by a domain safety rule, mapping each to a decision-lens in the user's vocabulary, then proposing additional voices with sourced anchors.
+user-invocable: true
+allowed-tools: ["Read", "Grep", "WebSearch", "WebFetch"]
+model: sonnet
+---
+
+# persona-roster-expander
+
+Takes a seed set of named personas and turns it into a usable judgment cast: each persona tiered by a
+domain safety rule, mapped to a concrete decision-lens, plus a few proposed additions filling
+uncovered lenses with real anchors. An innovator-family skill — generative, but bounded by a
+caller-supplied safety rule so the expansion stays faithful to the domain's constraints.
+
+> Origin: harvested from the-bible (2026-06-20) — an operator persona seed (priest/nun/angel/devil/
+> God/Jesus/Holy-Spirit/apostles) tiered relay-vs-lens by a relay-safety rule and mapped to
+> engineering-judgment lenses, +4 sourced proposals. See
+> `tracks/_contrib/field_harvest_2026-06-20_gate-locality-and-grounding-capabilities.md`.
+
+## Triggers
+- "broaden these personas" / "what other voices fit this cast"
+- "map these roles to a decision lens"
+- "expand the persona roster and keep it faithful to <rule>"
+- `/persona-roster-expander {seed personas + domain + safety rule}`
+
+### Natural Language Triggers (example user phrases)
+- "내가 명명한 페르소나 후보군을 더 넓혀줘, 판단 매핑이랑 같이"
+- "take these character archetypes and tell me what engineering judgment each one provides"
+- "add a few more voices that cover a perspective these don't"
+
+## Steps
+1. **Collect the seed + the safety rule** — the named personas, the domain (what decisions they
+   reflect on), and the caller-supplied **tiering rule** (the hard constraint that decides what each
+   persona is allowed to do). Without an explicit safety rule, ask for one — do not invent authority.
+2. **Tier each persona** by the safety rule (e.g. relay/quote-only vs lens/framed-perspective). State
+   a one-line justification per persona; the tier caps what the persona may emit.
+3. **Map each to a decision-lens** in the **user's domain vocabulary** — what concrete judgment-
+   perspective does this voice provide, and when to invoke it. Pair any adversarial voice with a
+   constructive counter-voice (no adversary as the last word).
+4. **Propose 2–4 additions** filling lenses the seed doesn't cover (delegate net-new *name*
+   generation to the `persona-innovator` agent — this skill's distinct value is the tiering +
+   lens-mapping, not naming). For the strongest 2–3, find a real anchor (a sourced
+   example/reference), not a shallow stub.
+5. **Emit the tiered, lens-mapped cast** (named + proposed) as a structured artifact the system can
+   load (e.g. `personas.json`).
+
+## Done When
+- **Every persona has a tier + lens label + invoke-condition.** *Check class: mandatory-pass (binary — all three fields present per persona).*
+- **Each net-new proposal names a real anchor** (not a stub). *Check class: judged, pair: an anchor-existence check (the cited source/reference resolves).*
+- **The tiering respects the caller's safety rule** (no persona exceeds its tier's allowed emission). *Check class: judged, pair: an adversarial read — find a persona whose mapping lets it act beyond its tier.*
+
+## Guards
+- **Caller-supplied safety rule is mandatory** — the skill tiers by the domain's rule, it does not
+  invent one (inventing authority is the failure this guard prevents).
+- **Adversary never last** — any devil's-advocate voice is paired with a constructive counter-voice.
+- **Anchors must be real** — a proposal without a resolvable anchor is a stub, not a candidate.
+
+## Relationship to `persona-innovator` (agent)
+`persona-innovator` *generates* names, frames, and frontier-absorption signals from scratch. This skill
+takes an **existing seed** and adds the **tier-by-safety-rule + lens-to-domain mapping** — it is the
+*structuring/governance* layer, not the *generator*. When net-new names are needed (Step 4), it
+delegates to `persona-innovator` rather than reinventing generation.
+
+## Independently executable
+Yes — needs only the seed + rule + (for anchors) web search. Delegates name *generation* to
+`persona-innovator` when invoked, but has no hard dependency on it for the core tier+lens mapping.

package/plugins/fh-meta/skills/sim-conductor/SKILL.md

@@ -9,7 +9,9 @@ model: opus
 # sim-conductor — Meta-Simulation Automation Orchestrator
 
 > Profiles target → derives personas → dispatches parallel agents → M/S/R triage → commit.
-> Personas are sourced installed-first → built-in fallback → external install. Scale: 3 to 16 by task complexity.
+> Personas are sourced installed-first → **filled from the persona-container schema** (6 slots, not an
+> ad-hoc directive) → external install. Scale: 3 to 16, extensible to a crowd behind the
+> marginal-coverage stop (§Scale).
 
 ## Invocation Triggers
 
@@ -97,12 +99,20 @@ Recommendation:
 
 #### Persona Discovery (after profile → before dispatch)
 
+> **Schema**: `knowledge/shared/harness-core/persona_container_schema.md` — the 6-slot persona-definition
+> container. ② below **fills** these slots (lens / internal-logic / external-grounding / output-protocol
+> / cost-tier / lifecycle) instead of injecting a shapeless directive. The container is what makes a
+> synthesized persona reproducible and cost-routable; the old "fallback palette" was undefined.
+
 After profiling, sim-conductor determines the needed perspective types, then maps each to the best available agent:
 
 ```
 For each needed perspective:
   ① Scan installed plugins + .claude/agents/ → exact match? → use it
-  ② Built-in fallback palette → approximate match? → inject as prompt directive
+  ② Fill the 6-slot persona container — lens · internal-logic · external-grounding · output-protocol
+       (= Step 1.5 parallax shape) · cost-tier · lifecycle → a defined, reproducible persona; the filled
+       container IS the dispatch prompt (replaces the old ad-hoc "fallback palette" directive). Assign
+       the cost-tier slot per §Scale cost-tier routing. [Schema: persona_container_schema.md]
   ③ GAP: no ①② match for a high-weight perspective
        → query /plugin-recommender: "find agents for [perspective] matching [artifact_type] context"
        → present: name · install command · estimated fit · token cost
@@ -113,8 +123,8 @@ Persona Discovery output:
 
 ```
 Persona Map:
-  beginner       → [installed agent: beginner] OR [ad-hoc directive]
-  challenger     → [installed agent: challenger] OR [ad-hoc directive]
+  beginner       → [installed agent: beginner] OR [filled 6-slot container]
+  challenger     → [installed agent: challenger] OR [filled 6-slot container]
   [profile-specific role] → ⚠️ GAP — plugin-recommender recommends: [X] (install? y/n)
 ```
 
@@ -203,7 +213,8 @@ sim-conductor does **not** run a fixed persona set. It derives needed perspectiv
 
 ```
 ① Installed first — scan installed plugins + .claude/agents/ for a matching persona/agent
-② Built-in fallback — inject role as prompt directive into general-purpose Agent (Path B)
+② Container fill — fill the 6-slot persona container for the standpoint; the filled container IS the
+     dispatch prompt into a general-purpose Agent (Path B — replaces the old ad-hoc role directive)
 ③ External fetch — chain to /plugin-recommender when ①② insufficient for high-stakes tasks
 ```
 
@@ -220,7 +231,7 @@ FH ships a coherent **user-mastery spectrum** as real, reusable agents (not prom
 
 > **Lineage**: `beginner` / `main-player` / `expert` are the FH-native frontier successors to the field deep-insight `user` group (newcomer / power-user) — re-derived to FH grade with embedded methodology + Done-When, not name-copied. `challenger` is the advanced form of the field `devil-advocate`. The former standalone skeptic standpoint is folded into `challenger` U1.
 
-**Ad-hoc roles** (② tier — prompt-directive fallback): when the profile demands a standpoint with no shipped agent (e.g. "security auditor", "non-native reader"), inject the role as a directive into a general-purpose Agent. Prefer ① shipped agents; use ② only for genuinely task-specific one-offs.
+**Ad-hoc roles** (② tier — container fill): when the profile demands a standpoint with no shipped agent (e.g. "security auditor", "non-native reader"), fill the 6-slot persona container for that standpoint — the filled container is the dispatch prompt. Prefer ① shipped agents; use ② only for genuinely task-specific one-offs.
 
 #### Scale
 
@@ -229,8 +240,30 @@ FH ships a coherent **user-mastery spectrum** as real, reusable agents (not prom
 | **Minimum** | 3 | Routine Area A — most task-relevant 3 perspectives |
 | **Extended** | 4–8 | High-stakes publish / external release |
 | **Full** | Up to 16 parallel | Pre-major-version / architecture review |
-
-All personas run as **parallel Agents** — no sequential bottleneck. Use agent-composer Medium/Large fan-out for Extended/Full.
+| **Crowd** | 16+ — **no fixed cap; bounded by the marginal-coverage stop** | Only when the marginal-coverage stop has demonstrably **not** fired at 16 — i.e. persona #17 is still decorrelated and finding-productive. **Not** chosen by artifact size or audience count (Full already covers those); the stop, not a headcount, opens this tier |
+
+**Crowd is output-driven, never a target** (per the container schema): the 16-cap lifts only behind the
+**marginal-coverage stop** — add a persona only if it is *decorrelated* (a distinct viewpoint, or — at
+crowd scale — a different model family) from those already running; **stop when the marginal new-finding
+rate → 0**. A crowd of identical-output personas is decorative (steel-quench Wave-1 angle #1). Do not
+name a headcount goal; the count is whatever the stop allows.
+
+**Cost-tier routing (the economy lever)** — each persona's `cost-tier` slot routes it to a model so
+breadth is cheap and the verdict stays trustworthy:
+- **floor-local / heavy-local** (e.g. a local Ollama sidecar) carry cheap *breadth* — extra decorrelated
+  standpoints at near-zero token cost. A heavier local (27–32B) is a stronger canary than a floor model,
+  but **on one probe, not a benchmark** (`[[persona-container-schema]]` §tier-distribution) — so a local
+  tier is a **canary, never the gate**.
+- **frontier** carries the **terminal verdict** — the M/S/R triage and any auto-commit decision stay
+  frontier. This is the same anchor as Step 0.6: local breadth *decorrelates*, it does not *decide*.
+- Cost-tier routing and the Step 0.6 cross-model gate are complementary, not duplicate: 0.6 *requires* a
+  non-session source for risk≥medium (blind-spot closure); cost-tier *distributes* breadth for economy.
+  A local-sidecar persona can satisfy both at once (cross-family **and** cheap), but only Step 0.6's
+  quoted-artifact rule lets it count as `external` coverage.
+
+All personas run as **parallel Agents** — no sequential bottleneck. Use agent-composer Medium/Large
+fan-out for Extended/Full; Crowd scale dispatches in decorrelated waves, re-checking the marginal-coverage
+stop between waves rather than firing all at once.
 
 **Simplification guard**: Routine internal audits → ② built-in fallback at Minimum scale. Chain to ③ only when a needed perspective has no ①② match, or stakes are high.
 
@@ -296,7 +329,7 @@ Persona composition adapts to `artifact_type` from Step 0.3 profile:
 | Prompt / config | `beginner` | challenger | Interpretation errors, implicit assumptions |
 | Auth / security-sensitive | challenger + Security-auditor† | `main-player` (Heavy) | Attack surface, privilege escalation |
 
-† Security-auditor = built-in fallback role (② tier) injected as prompt directive.
+† Security-auditor = ② tier — the 6-slot persona container filled for a security-auditor standpoint.
 
 All personas run in parallel. Findings = M/S/R → M-tier items fixed immediately.
 
@@ -356,6 +389,10 @@ positives erode reviewer trust.
 - Priority labels verbatim — Critical/Important/Suggestion carried as the persona set them.
 - No forced consensus or forced conflict — report Common opinions (2+ personas agree) and Conflicts
   (position A vs B, each with rationale) as-is. Feeds Step 2 M/S/R triage (M ← Critical or 2+ personas).
+- Cost-tier aware triage — a frontier-tier persona's verdict is terminal; a floor/heavy-local persona's
+  finding enters only as decorrelated **breadth** (it can raise a standpoint to `covered`, never solely
+  set an M-tier on its own). This enforces in the aggregator the §Scale "local breadth decorrelates, it
+  does not decide" lock — without it, a local canary's finding would drive triage identically to frontier.
 
 **Zero-coverage map (mandatory synthesizer output)** — the synthesizer must emit, mechanically, the set
 of standpoints that produced **no** finding, not only the ones that did (judge-robustness swarm,
@@ -441,6 +478,30 @@ as normal. (This withdraws one privilege, not the run — the report and fixes s
 
 ---
 
+## Step 5 — Graduate a Proven Persona (optional, rare)
+
+Most synthesized personas are **throwaway** — the run accelerated the work and the persona is discarded.
+A persona earns a permanent home only by passing the container schema's **admission test** (the analogue
+of "app-ification"; `[[persona-container-schema]]` §Lifecycle):
+
+| Check | Criterion | Class |
+|---|---|---|
+| **Recurrence** | surfaced **≥1 unique S/M finding** (one no other persona in the run produced) across **≥2 distinct targets** — not a one-off lucky fire | measured |
+| **Trust bar (skills only)** | if graduating into a *skill* rather than a project's persona set, additionally clears the **FH 6-item creation gate** | mandatory-pass |
+
+- **Pass → into a project's static set**: route the write through `asset-placement-gate` (expected
+  verdict: project-local) before writing the filled container to the project's persona file (e.g.
+  the-bible `core/personas.json`) — sim-conductor proposes the target, the placement gate confirms it,
+  the operator approves. A project-local asset, not an FH change, but the cross-boundary write is still gated.
+- **Pass → into a skill**: route through `asset-placement-gate` + the New-Skill creation gate (the
+  skill-foundry inversion — the trust bar is non-negotiable). This is **HITL**, never auto-graduated.
+- **Fail the recurrence check** → stays ephemeral. Do not graduate on a single run.
+
+Graduation is **never automatic** and is **out of scope for auto-commit** — it is a deliberate,
+operator-approved promotion. A clean simulation that graduated nothing is a normal, complete run.
+
+---
+
 ## Human Gate Principle
 
 Convergence within an AI-AI loop is **provisional**. Elevated to final only after human gate.

package/plugins/fh-meta/skills/steel-quench/SKILL.md

@@ -135,11 +135,11 @@ Treat the adapter output as the isolated challenger result for Wave 1. This pres
 
 ---
 
-## Wave 1 — 5 Mandatory Attack Angles
+## Wave 1 — 6 Mandatory Attack Angles
 
 **Execution principles**: Attacks must be based on real code/files/configs — abstract criticism prohibited.
 Assign severity: **S** (immediate blocker) / **A** (required before deployment) / **B** (improvement recommended).
-Call **fh-commons:quench-challenger** in isolation first (6-axis structural attack); apply 5 angles in parallel.
+Call **fh-commons:quench-challenger** in isolation first (6-axis structural attack); apply 6 angles in parallel.
 
 Isolation can be achieved by Claude Code `Agent(...)` or by `fh-run --agent fh-commons:quench-challenger` under Codex. Do not run the challenger inline in the same reasoning pass when the attack result gates the defense.
 
@@ -150,6 +150,7 @@ Isolation can be achieved by Claude Code `Agent(...)` or by `fh-run --agent fh-c
 | 3 | **Bus factor** | "Single-person dependency — can it operate if that person is absent?" |
 | 4 | **Platform obsolescence** | "Does this structure survive when the external ecosystem expands or changes?" |
 | 5 | **Self-referential structure** | "Is there a closed circuit that evaluates itself by its own criteria?" |
+| 6 | **Gate-locality** | "Is every safety gate readable by the actor that must enforce it? Name any gate defined only in a file/layer the enforcing runtime never loads (e.g. a rule in a Claude-only `CLAUDE.md` that a Gemini/Codex orchestrator reading `AGENTS.md` never sees; a provenance check described in a doc but absent from the write path)." (see `knowledge/shared/harness-core/gate_locality_principle.md`) |
 
 **S-grade Immediate Human Gate**: If Wave 1 contains 1+ S-grade blocker → pause, surface options (a) proceed to Wave 2 / (b) human review first / (c) abort. Do not silently enter Wave 2 with unreviewed S-grade items.