@chrono-meta/fh-gate 1.4.36 → 1.4.38

package/CLAUDE.md

@@ -373,6 +373,8 @@ Proposal format: `"I see [X]. Want me to run /[skill] to [one-line description]?
 | "research this deeply", "survey the literature", "comprehensive analysis", "deep research", "look this up thoroughly", "조사해줘", "리서치" (general topic research, not trend-scan) | **Deep-Research Capability Ladder** (`knowledge/shared/harness-core/deep_research_capability_ladder.md`) — route to the highest available rung: built-in `/deep-research` if present → else Claude `WebSearch`+`WebFetch` synthesis (tier-sensitive) → `/frontier-digest` only if it's AI/harness trend-scan. No-reinvention: FH routes, does not build a research engine. |
 | "orchestrate agents", "parallel dispatch", "combine skills", "multiple agents" | `/agent-composer` |
 | "run a simulation", "external user perspective", "internal audit", "quality check" | `/sim-conductor` |
+| "broaden the grounded corpus", "add another version of the corpus", "ingest the full source as the grounding axiom", "여러 버전으로 통째로 가져와" (verbatim-relay corpus expansion — fail-closed grounding, no generator) | `/corpus-grounding-expander` |
+| "broaden these personas", "what other voices fit this cast", "map these roles to a decision lens", "페르소나 후보군 더 넓혀" (persona seed → tiered judgment-mapped cast; pairs with `persona-innovator` for naming) | `/persona-roster-expander` |
 | "first install", "FH setup", "wizard", "install-wizard" | `/install-wizard` |
 | "connect a project", "map this project", "link to hub" | `auto_project_mapping.md` (mapping) |
 | "harness-ify this project", "full harness setup", "프로젝트 하네스화", "promote to full harness" | `auto_project_mapping.md §6` (Full-Harness Mode) |
@@ -518,6 +520,15 @@ harvest-loop Step 0-b uses this file as its source — relying on LLM memory aft
 ```
 Closing phrase detected ("wrap up", "done", "good work", "end session", etc.)
   → ① Check git diff + unpushed commits (status snapshot)
+  → ①-b Open-PR sweep — `gh pr list --author @me --state open` (+ `gh search prs --author @me
+       --state open` for cross-repo). Classify, **surface-not-auto**: a **self-mergeable** PR
+       (operator's own repo, checks green) → *propose merge now* (never auto-merge — HITL); an
+       **awaiting-external** PR (other repos / corp review) → *surface for tracking only*. Why here:
+       the harness's "마감" ≠ the operator's "마감" — a self-authored PR (PR #111) sat open across
+       sessions with un-integrated skills + count drift because no close step surfaced it. Pairs with
+       the count-consistency check (which now runs at BOTH the local pre-commit hook AND the plugins/**
+       PR-CI merge boundary): the sweep surfaces the PR → merging it → the count-check catches any
+       drift at the merge (fh_signal_2026-06-21, gate-locality paired fix).
   → ② If FH assets changed: harvest-loop
   → ③ Sync local/gitignored session state to your durable companion store, if you keep one
   → ④ Memory hygiene — update stale entries + record new session findings
@@ -540,9 +551,10 @@ Closing phrase detected ("wrap up", "done", "good work", "end session", etc.)
   → ⑤ Card update ← ABSOLUTE LAST: must capture ①–④-b outcomes
   → ⑥ Commit card + push
 ```
-**Card-last guard**: ①–④-b must ALL complete before ⑤ runs. Any new information produced
-during ①–④ (new commits, model changes, new findings) feeds INTO ⑤ — card is never
-written mid-sequence and then left open for more work to accumulate after it.
+**Card-last guard**: ①–④-b (incl. ①-b open-PR sweep) must ALL complete before ⑤ runs. Any new
+information produced during ①–④ (new commits from a merged self-PR, model changes, new findings)
+feeds INTO ⑤ — card is never written mid-sequence and then left open for more work to accumulate
+after it.
 
 **Mid-session card writes are drafts**: If a task (e.g., a calibration run) internally updates
 the card, that is a draft. The close chain always re-runs ⑤ to capture post-draft activities.

package/README.md

@@ -182,7 +182,7 @@ All four movements ship. Temper was named before it was built — deliberately (
 two more signatures keep it running: `harvest-loop` (each session's lessons become permanent skills) and
 `agent-composer` (orchestrate the dispatch). The other skills wait until you need them — full list below.
 
-## 33 skills · 8 agents
+## 35 skills · 8 agents
 
 <details>
 <summary>Full asset activation check</summary>
@@ -208,6 +208,8 @@ two more signatures keep it running: `harvest-loop` (each session's lessons beco
 | `meta-prompt-builder` | Meta prompt design | "Write a prompt for the agent" |
 | `asset-placement-gate` | Hub vs project asset routing | "Should this be shared?" |
 | `cross-ecosystem-synergy-detection` | Cross-tool synergy finder | "Are my tools working together?" |
+| `corpus-grounding-expander` | Multi-version public-domain corpus → verified-axiom grounding store | "Broaden the grounded corpus" |
+| `persona-roster-expander` | Persona seed → tiered, judgment-mapped cast | "Broaden these personas" |
 | `convergence-loop` *(fh-commons)* | N-round convergence loops | "Single-pass seems suspicious" |
 | `token-budget-gate` *(fh-commons)* | Pre-task token cost estimate | "How expensive is this?" |
 | `mcp-circuit-breaker` *(fh-commons)* | MCP tool failure pattern detection | "MCP keeps failing" |
@@ -283,6 +285,21 @@ recommended only for harness-editing sessions. Details: `docs/OUTPUT_EVIDENCE.md
 
 If you use external CLIs (Gemini, Codex, `gh copilot`) as sidecars, their costs are billed to their own quota and not visible in CC's token display.
 
+### Hardware tiers (local sidecars are optional accelerators)
+
+FH needs **no local LLM** — the baseline is whatever runs Claude Code. Local models are *optional*, for
+the canary / cheap-breadth rungs only:
+
+| Tier | Spec | Runs locally | What it buys |
+|---|---|---|---|
+| **Minimum** | anything that runs Claude Code | nothing | full methodology + gates; operating FH is ~model-flat (Opus/Sonnet/Haiku 100/97/94) |
+| **Recommended** | laptop-class, ~16GB RAM | one 8B-class quantized model (e.g. an 8B / small Gemma) | a token-free **floor canary** (pre-screen before a metered sim) · offline triage · a cheap-breadth panel arm |
+| **Optional (heavy)** | ~24GB VRAM GPU | a 27–32B model | a *stronger* decorrelation canary |
+
+> Local tiers are **canaries, never the terminal verdict** — measured: the floor model missed a subtle
+> adversarial case the frontier caught (and even a 27–32B local scored 1/4 on it). They lower the *cost
+> of breadth*; the verdict stays frontier.
+
 ---
 
 ## Multi-Model Sidecar

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chrono-meta/fh-gate",
-  "version": "1.4.36",
+  "version": "1.4.38",
   "description": "FH runtime adapters — run FH governance, skills, and agents via Claude or Codex with machine-parseable gates.",
   "license": "MIT",
   "keywords": [

package/plugins/fh-meta/skills/corpus-grounding-expander/SKILL.md

@@ -0,0 +1,56 @@
+---
+name: corpus-grounding-expander
+description: Fetches and normalizes multi-version public-domain corpora into a single verified-axiom store for verbatim-relay grounding, recording per-version license and provenance.
+user-invocable: true
+allowed-tools: ["Read", "Bash", "WebFetch", "Write"]
+model: sonnet
+---
+
+# corpus-grounding-expander
+
+Builds or broadens the **grounded axiom** a relay system quotes from. When a system's output must be
+constrained to verbatim source (fail-closed grounding), the corpus IS the axiom — this skill expands
+that corpus from multiple public-domain versions so grounding is robust and non-biased (a quote
+verified in ANY version counts), without ever adding a generator.
+
+> Origin: harvested from the-bible (2026-06-20) — 6 public-domain Bible versions, 197k verses, as the
+> fail-closed grounding axiom. Generalizes to any verbatim-relay corpus (legal statute, RFC text,
+> standards). See `tracks/_contrib/field_harvest_2026-06-20_gate-locality-and-grounding-capabilities.md`.
+
+## Triggers
+- "get more sources" / "broaden the grounded corpus"
+- "add another version of the corpus"
+- "ingest the full <source> as the grounding axiom"
+- `/corpus-grounding-expander {source or version}`
+
+### Natural Language Triggers (example user phrases)
+- "이 코퍼스 여러 버전으로 통째로 가져와줘"
+- "the grounding DB is just a sample — pull the whole thing, multiple editions"
+- "add a second public-domain edition so we're not biased to one"
+
+## Steps
+1. **Source + license check** — identify the public-domain source(s) and confirm each is genuinely
+   free to redistribute. Record the license literally (no assumption).
+2. **Fetch (retry-disciplined)** — pull each version; on transient error, backoff-retry before
+   declaring the source unavailable (do not silently drop a version).
+3. **Normalize to a single key schema** — map every version to the SAME addressable key
+   (e.g. `ref → text`) so cross-version quotation stays aligned. Write per-version files +
+   an `_index` recording version id, license, scope, and record count.
+4. **Wire grounding as a union** — the grounding check passes if the quote matches the canonical text
+   at that key in ANY version. Never add a path that generates text — grounding is quote-only.
+5. **Relay-integrity check** — confirm the consumer (the gate) QUOTES the corpus and cannot emit
+   un-grounded text; run a fabrication probe (a known non-source quote must fail-closed).
+
+## Done When
+- **Each added source carries a verifiable public-domain/license record** in the index. *Check class: mandatory-pass (binary — license field present and non-empty per version).*
+- **Every version is normalized to the same key schema** (cross-version keys align). *Check class: mandatory-pass (a shared sample key resolves in each version or is explicitly canon-scoped).*
+- **The index declares the quote-only union contract** (grounding matches verbatim text in ANY version; no generation path) and ships a fabrication-probe spec for the consumer to run. *Check class: mandatory-pass (binary — quote-only contract + probe-spec present in the index).*
+
+## Guards
+- **Grounding, never a generator** — the relay constraint is structural; this skill wires *grounding*.
+- **License-literal** — record the actual license per source; never assume public-domain.
+- **No silent version drop** — a fetch failure is a named residual in the index, not a quiet omission.
+
+## Independently executable
+Yes — needs only a network fetch + file write. No dependency on other FH skills (a consumer gate that
+reads the corpus is the system's own, not this skill's).

package/plugins/fh-meta/skills/harness-doctor/SKILL.md

@@ -136,9 +136,23 @@ File: {path}
 | settings.json JSON syntax error | M-tier |
 | Hooks in settings.json (PostToolUse/Stop) that don't fire in Agent View | S-tier or M-tier |
 | Public-surface FH recommendation or default changed — no N-shot measurement evidence traceable in session records or PR body | S-tier |
+| Pre-commit-adjacent gate reads the working tree (cat/glob of a *tracked* path) with no `--staged`/`--cached`/`git show :` on that path, when its verdict is about *what's committed* | S-tier |
 
 Hook divergence verdict: 0 hooks = Normal · 1+ hooks (session-end/Stop) = S-tier · 1+ hooks (PostToolUse file writes or external API) = M-tier (data loss risk in Agent View).
 
+**Index-vs-worktree gate lint** (2026-06-21, gate-locality corollary — `[[feedback_gate_locality_principle]]`):
+a gate whose verdict is about *what is being committed* must read the **staged index**
+(`git ls-files --cached` / `git show :path`), not the working tree (`cat`/glob of a tracked file) —
+else it false-PASSes a commit whose staged content ≠ disk (origin: `count_check.sh` read the worktree
+while the pre-commit hook fired on the index; the sibling `regression_guard` already used `--staged`,
+so the lesson existed but was non-local). Mechanical scan — in the pre-commit hook + the scripts it
+invokes (+ `scripts/*-check.sh`): flag a `cat`/`<`/glob read of a tracked path with no
+`--staged`/`--cached`/`git show :` on that path. **Conditional (NOT universal)**: a gate whose verdict is
+about what *runs/deploys* (pre-push tests, build, an auto-fixer that rewrites the worktree) correctly
+reads the working tree — a line-level `# worktree-intentional:` comment suppresses the flag. FP surface
+(isolated-critic): display/log reads and untracked generated files are not violations → keep advisory
+(S-tier, never M).
+
 ### Step 5. L4 — Connection Diagnosis *(FH only)*
 
 - Tracks with no sync in 30+ days → R-tier

package/plugins/fh-meta/skills/persona-roster-expander/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: persona-roster-expander
+description: Expands a named persona seed into a tiered, judgment-mapped cast — tiering each persona by a domain safety rule, mapping each to a decision-lens in the user's vocabulary, then proposing additional voices with sourced anchors.
+user-invocable: true
+allowed-tools: ["Read", "Grep", "WebSearch", "WebFetch"]
+model: sonnet
+---
+
+# persona-roster-expander
+
+Takes a seed set of named personas and turns it into a usable judgment cast: each persona tiered by a
+domain safety rule, mapped to a concrete decision-lens, plus a few proposed additions filling
+uncovered lenses with real anchors. An innovator-family skill — generative, but bounded by a
+caller-supplied safety rule so the expansion stays faithful to the domain's constraints.
+
+> Origin: harvested from the-bible (2026-06-20) — an operator persona seed (priest/nun/angel/devil/
+> God/Jesus/Holy-Spirit/apostles) tiered relay-vs-lens by a relay-safety rule and mapped to
+> engineering-judgment lenses, +4 sourced proposals. See
+> `tracks/_contrib/field_harvest_2026-06-20_gate-locality-and-grounding-capabilities.md`.
+
+## Triggers
+- "broaden these personas" / "what other voices fit this cast"
+- "map these roles to a decision lens"
+- "expand the persona roster and keep it faithful to <rule>"
+- `/persona-roster-expander {seed personas + domain + safety rule}`
+
+### Natural Language Triggers (example user phrases)
+- "내가 명명한 페르소나 후보군을 더 넓혀줘, 판단 매핑이랑 같이"
+- "take these character archetypes and tell me what engineering judgment each one provides"
+- "add a few more voices that cover a perspective these don't"
+
+## Steps
+1. **Collect the seed + the safety rule** — the named personas, the domain (what decisions they
+   reflect on), and the caller-supplied **tiering rule** (the hard constraint that decides what each
+   persona is allowed to do). Without an explicit safety rule, ask for one — do not invent authority.
+2. **Tier each persona** by the safety rule (e.g. relay/quote-only vs lens/framed-perspective). State
+   a one-line justification per persona; the tier caps what the persona may emit.
+3. **Map each to a decision-lens** in the **user's domain vocabulary** — what concrete judgment-
+   perspective does this voice provide, and when to invoke it. Pair any adversarial voice with a
+   constructive counter-voice (no adversary as the last word).
+4. **Propose 2–4 additions** filling lenses the seed doesn't cover (delegate net-new *name*
+   generation to the `persona-innovator` agent — this skill's distinct value is the tiering +
+   lens-mapping, not naming). For the strongest 2–3, find a real anchor (a sourced
+   example/reference), not a shallow stub.
+5. **Emit the tiered, lens-mapped cast** (named + proposed) as a structured artifact the system can
+   load (e.g. `personas.json`).
+
+## Done When
+- **Every persona has a tier + lens label + invoke-condition.** *Check class: mandatory-pass (binary — all three fields present per persona).*
+- **Each net-new proposal names a real anchor** (not a stub). *Check class: judged, pair: an anchor-existence check (the cited source/reference resolves).*
+- **The tiering respects the caller's safety rule** (no persona exceeds its tier's allowed emission). *Check class: judged, pair: an adversarial read — find a persona whose mapping lets it act beyond its tier.*
+
+## Guards
+- **Caller-supplied safety rule is mandatory** — the skill tiers by the domain's rule, it does not
+  invent one (inventing authority is the failure this guard prevents).
+- **Adversary never last** — any devil's-advocate voice is paired with a constructive counter-voice.
+- **Anchors must be real** — a proposal without a resolvable anchor is a stub, not a candidate.
+
+## Relationship to `persona-innovator` (agent)
+`persona-innovator` *generates* names, frames, and frontier-absorption signals from scratch. This skill
+takes an **existing seed** and adds the **tier-by-safety-rule + lens-to-domain mapping** — it is the
+*structuring/governance* layer, not the *generator*. When net-new names are needed (Step 4), it
+delegates to `persona-innovator` rather than reinventing generation.
+
+## Independently executable
+Yes — needs only the seed + rule + (for anchors) web search. Delegates name *generation* to
+`persona-innovator` when invoked, but has no hard dependency on it for the core tier+lens mapping.

package/plugins/fh-meta/skills/steel-quench/SKILL.md

@@ -135,11 +135,11 @@ Treat the adapter output as the isolated challenger result for Wave 1. This pres
 
 ---
 
-## Wave 1 — 5 Mandatory Attack Angles
+## Wave 1 — 6 Mandatory Attack Angles
 
 **Execution principles**: Attacks must be based on real code/files/configs — abstract criticism prohibited.
 Assign severity: **S** (immediate blocker) / **A** (required before deployment) / **B** (improvement recommended).
-Call **fh-commons:quench-challenger** in isolation first (6-axis structural attack); apply 5 angles in parallel.
+Call **fh-commons:quench-challenger** in isolation first (6-axis structural attack); apply 6 angles in parallel.
 
 Isolation can be achieved by Claude Code `Agent(...)` or by `fh-run --agent fh-commons:quench-challenger` under Codex. Do not run the challenger inline in the same reasoning pass when the attack result gates the defense.
 
@@ -150,6 +150,7 @@ Isolation can be achieved by Claude Code `Agent(...)` or by `fh-run --agent fh-c
 | 3 | **Bus factor** | "Single-person dependency — can it operate if that person is absent?" |
 | 4 | **Platform obsolescence** | "Does this structure survive when the external ecosystem expands or changes?" |
 | 5 | **Self-referential structure** | "Is there a closed circuit that evaluates itself by its own criteria?" |
+| 6 | **Gate-locality** | "Is every safety gate readable by the actor that must enforce it? Name any gate defined only in a file/layer the enforcing runtime never loads (e.g. a rule in a Claude-only `CLAUDE.md` that a Gemini/Codex orchestrator reading `AGENTS.md` never sees; a provenance check described in a doc but absent from the write path)." (see `knowledge/shared/harness-core/gate_locality_principle.md`) |
 
 **S-grade Immediate Human Gate**: If Wave 1 contains 1+ S-grade blocker → pause, surface options (a) proceed to Wave 2 / (b) human review first / (c) abort. Do not silently enter Wave 2 with unreviewed S-grade items.
 

package/scripts/selfcheck.sh

@@ -35,35 +35,13 @@ done
 # Count consistency: stated skill/agent counts vs actual directories.
 # Drift class recurred 4x on 2026-06-10 alone (local_fh_context 26, plugin.json "3 agents",
 # README "5 agents", marketplace.json "3 agents") — this makes the check mechanical and permanent.
-# Active skill = SKILL.md without a deprecation marker (frontmatter `deprecated: true` or
-# "DEPRECATED" in the description block).
-count_active() { # count_active <plugin>
-  local n=0 s
-  for s in plugins/"$1"/skills/*/SKILL.md; do
-    [ -f "$s" ] || continue
-    head -20 "$s" | grep -qE 'deprecated: true|DEPRECATED' || n=$((n+1))
-  done
-  echo "$n"
-}
-count_agents() { ls plugins/"$1"/agents/*.md 2>/dev/null | wc -l | tr -d ' '; }
-
-meta_sk=$(count_active fh-meta); meta_ag=$(count_agents fh-meta)
-com_sk=$(count_active fh-commons); com_ag=$(count_agents fh-commons)
-total_sk=$((meta_sk + com_sk)); total_ag=$((meta_ag + com_ag))
-
-count_check() { # count_check <label> <file> <expected-string>
-  if grep -q "$3" "$2"; then
-    echo "PASS  count: $1"
-  else
-    echo "FAIL  count: $1 — expected \"$3\" in $2 (actual: fh-meta ${meta_sk}sk/${meta_ag}ag, fh-commons ${com_sk}sk/${com_ag}ag)"
-    fail=1
-  fi
-}
-count_check "fh-meta plugin.json"      plugins/fh-meta/.claude-plugin/plugin.json    "${meta_sk} skills + ${meta_ag} agents"
-count_check "fh-commons plugin.json"   plugins/fh-commons/.claude-plugin/plugin.json "${com_sk} skills"
-count_check "marketplace.json fh-meta" .claude-plugin/marketplace.json               "${meta_sk} skills + ${meta_ag} agents"
-count_check "README header"            README.md                                     "${total_sk} skills · ${total_ag} agents"
-count_check "local_fh_context fh-meta" templates/local_fh_context.md                 "(fh-meta, ${meta_sk})"
+# Logic extracted to scripts/count_check.sh so the SAME check also runs at commit time in
+# the pre-commit hook (shift-left, gated on a skills-dir add/remove — fh_signal_2026-06-21
+# gate-locality gap: the check previously lived only here at the publish boundary, so a
+# skill-adding PR could merge with stale counts undetected until the next publish).
+if ! bash scripts/count_check.sh; then
+  fail=1
+fi
 
 # Referenced-path existence: backtick-quoted repo-relative file refs in the always-loaded
 # governance surface (CLAUDE.md + .claude/rules/*.md) must exist. Phantom-reference class