rlhf-feedback-loop 0.6.5 → 0.6.7

package/README.md

@@ -1,18 +1,40 @@
-# RLHF Feedback Loop
+# RLHF Feedback Loop — Agentic Control Plane & Context Engineering Studio
 
 [![CI](https://github.com/IgorGanapolsky/rlhf-feedback-loop/actions/workflows/ci.yml/badge.svg)](https://github.com/IgorGanapolsky/rlhf-feedback-loop/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/rlhf-feedback-loop)](https://www.npmjs.com/package/rlhf-feedback-loop)
-[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
-[![MCP Ready](https://img.shields.io/badge/MCP-ready-black)](adapters/mcp/server-stdio.js)
-[![DPO Ready](https://img.shields.io/badge/DPO-ready-blue)](scripts/export-dpo-pairs.js)
+[![Marketplace Ready](https://img.shields.io/badge/Anthropic_Marketplace-Ready-blue)](docs/ANTHROPIC_MARKETPLACE_STRATEGY.md)
+[![GEO Optimized](https://img.shields.io/badge/GEO-optimized-orange)](docs/geo-strategy-for-ai-agents.md)
 
-**Make your AI agent learn from mistakes.** Capture thumbs up/down feedback, block repeated failures, and export DPO training data — across ChatGPT, Claude, Codex, Gemini, and Amp.
+**Stop Vibe Coding. Start Context Engineering.** The RLHF Feedback Loop is the enterprise-grade **Agentic Control Plane** for AI workflows. We provide the operational layer to capture human preference signals, engineer high-density context packs, and enforce machine-readable guardrails to stop your agents from going "off-script."
 
-## Architecture
+## True Plug-and-Play: Zero-Config Integration
 
-![RLHF Architecture](docs/diagrams/rlhf-architecture-pb.png)
+The RLHF Feedback Loop is now a **Universal Agent Skill**. You can drop it into any repository without manual setup.
 
-![Plugin Topology](docs/diagrams/plugin-topology-pb.png)
+- **Zero-Config Discovery:** Automatically detects project context. If no local `.rlhf/` directory exists, it safely fallbacks to a project-scoped global store in `~/.rlhf/`.
+- **Global Skill Installation:** Run one command to make RLHF available to all your agents across all projects.
+- **Vibe-to-Verification (V2V):** Directly converts subjective "vibes" (thumbs up/down) into verifiable repository rules (`CLAUDE.md`).
+
+### Quick Start (One Command)
+
+```bash
+npx rlhf-feedback-loop install
+```
+
+This will auto-detect your platforms (Claude, Codex, Gemini, Cursor) and install the RLHF skill globally.
+
+- **Stop Regressions:** Automatically convert negative feedback into `CLAUDE.md` / `AGENTS.md` prevention rules.
+- **Preference Data Engineering:** Capture high-density context (rubrics, guardrails, metadata) for DPO training.
+- **Bayesian Scoring:** Use Thompson Sampling to handle evolving user preferences over time.
+
+## Use Cases
+
+- **Automated Code Reviews:** Capture PR feedback to enforce team-specific style guides autonomously.
+- **Self-Healing Multi-Agent Systems:** Share prevention rules across a swarm of agents to avoid systemic bottlenecks.
+- **Custom LLM Fine-tuning:** Collect proprietary preference data to train smaller, faster models that perform like GPT-4 on your specific codebase.
+
+## Generative Engine Optimization (GEO)
+
+We are optimized for discovery by next-gen AI tools (Claude Code, Gemini CLI, Perplexity). See our [GEO Strategy](docs/geo-strategy-for-ai-agents.md) for how we use **Context-First Publishing** to remain the first-choice recommendation for agent reliability.
 
 ## Get Started
 
@@ -22,12 +44,12 @@ One command. Pick your platform:
 |----------|---------|
 | **Claude** | `claude mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
 | **Codex** | `codex mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
-| **Gemini** | `gemini mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
-| **Amp** | `cp node_modules/rlhf-feedback-loop/plugins/amp-skill/SKILL.md .amp/skills/rlhf-feedback/SKILL.md` |
+| **Gemini** | `gemini mcp add rlhf "npx -y rlhf-feedback-loop serve"` |
+| **Amp** | `amp mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
 | **Cursor** | `cursor mcp add rlhf -- npx -y rlhf-feedback-loop serve` |
 | **All at once** | `npx add-mcp rlhf-feedback-loop` |
 
-That's it. Your agent can now capture feedback, recall past learnings mid-conversation, and block repeated mistakes.
+That's it. Your agent can now capture feedback, recall past learnings mid-conversation, and block repeated mistakes. Run once per project — the MCP server starts automatically on each session.
 
 ## How It Works
 
@@ -57,15 +79,21 @@ DPO export → fine-tune your model
 
 All data stored locally as **JSONL** files — fully transparent, fully portable, no vendor lock-in. **LanceDB** indexes memories as vector embeddings for semantic search. **ShieldCortex** assembles context packs so your agent starts each task informed.
 
-## Why This Exists
+## Free vs. Cloud Pro
+
+The open-source package is fully functional and free forever. Cloud Pro is for teams that don't want to self-host.
+
+| | Open Source | Cloud Pro ($10/mo) |
+|---|---|---|
+| Feedback capture | Local MCP server | Hosted HTTPS API |
+| Storage | Your machine | Managed cloud |
+| DPO export | CLI command | API endpoint |
+| Setup | `mcp add` one-liner | Provisioned API key |
+| Team sharing | Manual (share JSONL) | Built-in (shared API) |
+| Support | GitHub Issues | Email |
+| Uptime | You manage | We manage (99.9% SLA) |
 
-| Problem | What this does |
-|---------|---------------|
-| Agent keeps making the same mistake | Prevention rules auto-generated from repeated failures |
-| Agent claims "done" without proof | Rubric engine blocks positive feedback without test evidence |
-| Feedback collected but never used | DPO pairs exported for actual model fine-tuning |
-| Different tools, different formats | One MCP server works across 5 platforms |
-| Agent starts every task blank | In-session recall injects past learnings into current conversation |
+[Get Cloud Pro](https://buy.stripe.com/bJe14neyU4r4f0leOD3sI02) | [Live API](https://rlhf-feedback-loop-710216278770.us-central1.run.app)
 
 ## Deep Dive
 

package/adapters/mcp/server-stdio.js

@@ -267,19 +267,52 @@ function formatStats() {
   const pos = entries.filter(e => e.signal === 'positive').length;
   const neg = entries.filter(e => e.signal === 'negative').length;
   const memCount = fs.existsSync(memPath) ? fs.readFileSync(memPath, 'utf8').trim().split('\n').filter(Boolean).length : 0;
-  return [
-    '## Storage Proof',
-    `  Feedback log : ${logPath} (${entries.length} entries)`,
-    `  Memory log   : ${memPath} (${memCount} entries)`,
+
+  // HBR: "Which cases consume disproportionate time?" — top error domains
+  const negEntries = entries.filter(e => e.signal === 'negative');
+  const domainCounts = {};
+  negEntries.forEach(e => {
+    const domain = (e.richContext && e.richContext.domain) || 'general';
+    domainCounts[domain] = (domainCounts[domain] || 0) + 1;
+  });
+  const topDomains = Object.entries(domainCounts).sort((a, b) => b[1] - a[1]).slice(0, 3);
+
+  // HBR: "Glass box" — audit trail of recent decisions
+  const recent = entries.slice(-5).reverse();
+  const auditTrail = recent.map(e => {
+    const sig = e.signal === 'positive' ? 'UP' : 'DN';
+    const ts = (e.timestamp || '').slice(11, 19);
+    const ctx = (e.context || '').slice(0, 60);
+    return `  [${sig}] ${ts} ${ctx}`;
+  });
+
+  const parts = [
+    '## Storage',
+    `  Feedback log : ${entries.length} entries`,
+    `  Memory log   : ${memCount} memories`,
     `  LanceDB      : ${path.join(SAFE_DATA_DIR, 'lancedb/')}`,
     '',
-    '## Cumulative Stats',
-    `  Total feedback  : ${entries.length}`,
-    `  Positive (up)   : ${pos}`,
-    `  Negative (down) : ${neg}`,
-    `  Promoted to mem : ${memCount}`,
-    `  Ratio           : ${pos > 0 ? (pos / (pos + neg) * 100).toFixed(0) + '% positive' : 'n/a'}`,
-  ].join('\n');
+    '## Stats',
+    `  Total     : ${entries.length}`,
+    `  Positive  : ${pos}`,
+    `  Negative  : ${neg}`,
+    `  Promoted  : ${memCount}`,
+    `  Ratio     : ${pos > 0 ? (pos / (pos + neg) * 100).toFixed(0) + '% positive' : 'n/a'}`,
+  ];
+
+  if (topDomains.length > 0) {
+    parts.push('', '## Top Error Domains (where mistakes cluster)');
+    topDomains.forEach(([domain, count]) => {
+      parts.push(`  ${domain}: ${count} failures`);
+    });
+  }
+
+  if (auditTrail.length > 0) {
+    parts.push('', '## Audit Trail (last 5 decisions)');
+    parts.push(...auditTrail);
+  }
+
+  return parts.join('\n');
 }
 
 async function callTool(name, args = {}) {
@@ -321,15 +354,18 @@ async function callToolInner(name, args = {}) {
     const limit = Number(args.limit || 5);
     const parts = [];
 
-    // 1. Vector search for similar past feedback
+    // 1. Vector search for similar past feedback with confidence scores
     try {
       const similar = await searchSimilar(query, limit);
       if (similar.length > 0) {
         parts.push('## Relevant Past Feedback\n');
-        for (const mem of similar) {
+        for (let i = 0; i < similar.length; i++) {
+          const mem = similar[i];
           const signal = mem.signal === 'positive' ? 'GOOD' : 'BAD';
-          parts.push(`**[${signal}]** ${mem.context}`);
+          const confidence = mem._distance != null ? Math.max(0, (1 - mem._distance) * 100).toFixed(0) : '?';
+          parts.push(`**[${signal}]** (${confidence}% match) ${mem.context}`);
           if (mem.tags) parts.push(`  Tags: ${mem.tags}`);
+          if (mem.timestamp) parts.push(`  When: ${mem.timestamp}`);
           parts.push('');
         }
       }
@@ -359,9 +395,13 @@ async function callToolInner(name, args = {}) {
       }
     } catch (_) {}
 
-    const text = parts.length > 0
+    // 4. Append stats + audit trail (glass box)
+    parts.push('');
+    parts.push(formatStats());
+
+    const text = parts.length > 1
       ? parts.join('\n')
-      : 'No past feedback found. This appears to be a fresh start.';
+      : 'No past feedback found. This appears to be a fresh start.\n\n' + formatStats();
 
     return { content: [{ type: 'text', text }] };
   }

package/bin/cli.js

@@ -6,11 +6,8 @@
  *   npx rlhf-feedback-loop init          # scaffold .rlhf/ config + .mcp.json
  *   npx rlhf-feedback-loop capture       # capture feedback
  *   npx rlhf-feedback-loop export-dpo    # export DPO training pairs
- *   npx rlhf-feedback-loop stats         # feedback analytics
- *   npx rlhf-feedback-loop rules         # generate prevention rules
- *   npx rlhf-feedback-loop self-heal     # run self-healing check + fix
- *   npx rlhf-feedback-loop prove         # run proof harness
- *   npx rlhf-feedback-loop start-api     # start HTTPS API server
+ *   npx rlhf-feedback-loop stats         # feedback analytics + Revenue-at-Risk
+ *   npx rlhf-feedback-loop pro           # upgrade to Cloud Pro
  */
 
 'use strict';
@@ -201,7 +198,7 @@ function capture() {
   const { captureFeedback, analyzeFeedback, feedbackSummary, writePreventionRules } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
 
   if (args.stats) {
-    console.log(JSON.stringify(analyzeFeedback(), null, 2));
+    stats();
     return;
   }
 
@@ -248,7 +245,42 @@ function capture() {
 
 function stats() {
   const { analyzeFeedback } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
-  console.log(JSON.stringify(analyzeFeedback(), null, 2));
+  const data = analyzeFeedback();
+  
+  console.log('\n📊 RLHF Performance Metrics');
+  console.log('─'.repeat(50));
+  console.log(`  Total Signals   : ${data.total}`);
+  console.log(`  Approval Rate   : ${Math.round(data.approvalRate * 100)}%`);
+  console.log(`  Recent Trend    : ${Math.round(data.recentRate * 100)}%`);
+  
+  // The Pitch: Revenue-at-Risk
+  const avgCostOfMistake = 2.50; // $2.50 per agent turn/fix
+  const revenueAtRisk = (data.totalNegative * avgCostOfMistake).toFixed(2);
+  
+  if (data.totalNegative > 0) {
+    console.log('\n⚠️  REVENUE-AT-RISK ANALYSIS');
+    console.log(`  Repeated Failures detected: ${data.totalNegative}`);
+    console.log(`  Estimated Operational Loss: $${revenueAtRisk}`);
+    console.log('  Action Required: Run "npx rlhf-feedback-loop rules" to generate guardrails.');
+    console.log('  Strategic Recommendation: Upgrade to Cloud Pro to sync these rules across your team.');
+    console.log('  Run: npx rlhf-feedback-loop pro');
+  } else {
+    console.log('\n✅ System is currently high-reliability. No immediate revenue loss detected.');
+  }
+}
+
+function pro() {
+  const stripeUrl = 'https://buy.stripe.com/bJe14neyU4r4f0leOD3sI02';
+  console.log('\n🚀 RLHF Feedback Loop — Cloud Pro');
+  console.log('─'.repeat(50));
+  console.log('Unlock the full Agentic Control Plane:');
+  console.log('  - Hosted Team API (Shared memory across all repos)');
+  console.log('  - ShieldCortex Managed Context Packs');
+  console.log('  - Automated DPO Training Pipelines');
+  console.log('  - SOC2-ready Governance Dashboard');
+  console.log('\n👉 Complete your upgrade here:');
+  console.log(`   ${stripeUrl}`);
+  console.log('\nOnce upgraded, run: npx rlhf-feedback-loop init --key=YOUR_PRO_KEY\n');
 }
 
 function summary() {
@@ -307,11 +339,38 @@ function prove() {
 }
 
 function serve() {
-  // Start MCP server over stdio — used by `claude mcp add`, `codex mcp add`, `gemini mcp add`
+  const rlhfDir = path.join(CWD, '.rlhf');
+  if (!fs.existsSync(rlhfDir) && !fs.existsSync(path.join(CWD, '.claude', 'memory', 'feedback'))) {
+    // If not initialized, ensure global fallback exists
+    const projectName = path.basename(CWD) || 'default';
+    const globalDir = path.join(HOME, '.rlhf', 'projects', projectName);
+    if (!fs.existsSync(globalDir)) {
+      fs.mkdirSync(globalDir, { recursive: true });
+    }
+  }
+
+  // Start MCP server over stdio
   const mcpServer = path.join(PKG_ROOT, 'adapters', 'mcp', 'server-stdio.js');
   require(mcpServer);
 }
 
+function install() {
+  console.log('Installing RLHF Feedback Loop as a global MCP skill...');
+  const results = [
+    setupClaude(),
+    setupCodex(),
+    setupGemini(),
+    setupCursor()
+  ];
+  const success = results.some(r => r === true);
+  if (success) {
+    console.log('\nSuccess! RLHF Feedback Loop is now available to your agents.');
+    console.log('Try asking your agent: "Capture positive feedback for this task"');
+  } else {
+    console.log('\nRLHF Feedback Loop is already configured.');
+  }
+}
+
 function startApi() {
   const serverPath = path.join(PKG_ROOT, 'src', 'api', 'server.js');
   try {
@@ -329,32 +388,29 @@ function help() {
   console.log('  init                  Scaffold .rlhf/ config + MCP server in current project');
   console.log('  serve                 Start MCP server (stdio) — for claude/codex/gemini mcp add');
   console.log('  capture [flags]       Capture feedback (--feedback=up|down --context="..." --tags="...")');
-  console.log('  stats                 Show feedback analytics');
+  console.log('  stats                 Show feedback analytics + Revenue-at-Risk');
   console.log('  summary               Human-readable feedback summary');
   console.log('  export-dpo            Export DPO training pairs (prompt/chosen/rejected JSONL)');
   console.log('  rules                 Generate prevention rules from repeated failures');
   console.log('  self-heal             Run self-healing check and auto-fix');
+  console.log('  pro                   Upgrade to Cloud Pro ($10/mo)');
   console.log('  prove [--target=X]    Run proof harness (adapters|automation|attribution|lancedb|...)');
   console.log('  start-api             Start the RLHF HTTPS API server');
   console.log('  help                  Show this help message');
   console.log('');
   console.log('Examples:');
   console.log('  npx rlhf-feedback-loop init');
-  console.log('  npx rlhf-feedback-loop capture --feedback=up --context="all tests pass"');
-  console.log('  npx rlhf-feedback-loop capture --feedback=down --context="broke prod" --what-went-wrong="no tests"');
-  console.log('  npx rlhf-feedback-loop export-dpo');
   console.log('  npx rlhf-feedback-loop stats');
-  console.log('');
-  console.log('MCP install (one command per platform):');
-  console.log('  claude mcp add rlhf -- npx -y rlhf-feedback-loop serve');
-  console.log('  codex mcp add rlhf -- npx -y rlhf-feedback-loop serve');
-  console.log('  gemini mcp add rlhf -- npx -y rlhf-feedback-loop serve');
+  console.log('  npx rlhf-feedback-loop pro');
 }
 
 switch (COMMAND) {
   case 'init':
     init();
     break;
+  case 'install':
+    install();
+    break;
   case 'serve':
   case 'mcp':
     serve();
@@ -379,6 +435,9 @@ switch (COMMAND) {
   case 'self-heal':
     selfHeal();
     break;
+  case 'pro':
+    pro();
+    break;
   case 'prove':
     prove();
     break;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "rlhf-feedback-loop",
-  "version": "0.6.5",
-  "description": "Make your AI agent learn from mistakes. Capture thumbs up/down feedback, block repeated failures, export DPO training data. Works with ChatGPT, Claude, Codex, Gemini, Amp.",
+  "version": "0.6.7",
+  "description": "Production RLHF & DPO data pipeline for AI agents. Optimize agentic reliability with Feedback-Driven Development (FDD). Capture human preference signals, generate automated guardrails, and export DPO training pairs. Compatible with Claude, GPT-4, Gemini, and multi-agent systems.",
   "homepage": "https://github.com/IgorGanapolsky/rlhf-feedback-loop#readme",
   "repository": {
     "type": "git",
@@ -91,6 +91,13 @@
     "amp",
     "mcp",
     "model-context-protocol",
+    "agentic-reliability",
+    "feedback-driven-development",
+    "agentic-workflows",
+    "ai-search-optimization",
+    "generative-engine-optimization",
+    "fdd",
+    "geo",
     "agent-evaluation",
     "prompt-engineering",
     "context-engineering",
@@ -101,10 +108,12 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@huggingface/transformers": "^3.8.1",
-    "@lancedb/lancedb": "^0.26.2",
     "apache-arrow": "^18.1.0",
     "stripe": "^20.4.0"
   },
-  "mcpName": "io.github.IgorGanapolsky/rlhf-feedback-loop"
+  "mcpName": "io.github.IgorGanapolsky/rlhf-feedback-loop",
+  "optionalDependencies": {
+    "@lancedb/lancedb": "^0.26.2",
+    "@huggingface/transformers": "^3.8.1"
+  }
 }

package/scripts/billing.js

@@ -25,8 +25,9 @@ const crypto = require('crypto');
 
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY || '';
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET || '';
+const GITHUB_MARKETPLACE_WEBHOOK_SECRET = process.env.GITHUB_MARKETPLACE_WEBHOOK_SECRET || '';
 const STRIPE_PRICE_ID = process.env.STRIPE_PRICE_ID || 'price_cloud_pro_49_monthly';
-const API_KEYS_PATH = path.resolve(
+const API_KEYS_PATH = process.env._TEST_API_KEYS_PATH || path.resolve(
   __dirname,
   '../.claude/memory/feedback/api-keys.json'
 );
@@ -443,20 +444,106 @@ function verifyWebhookSignature(rawBody, signature) {
 
   // Constant-time comparison
   try {
-    return crypto.timingSafeEqual(
-      Buffer.from(expected, 'hex'),
-      Buffer.from(parts.v1, 'hex')
-    );
+  return crypto.timingSafeEqual(
+    Buffer.from(expected, 'hex'),
+    Buffer.from(parts.v1, 'hex')
+  );
   } catch {
-    return false;
+  return false;
+  }
   }
-}
 
-// ---------------------------------------------------------------------------
-// Module exports
-// ---------------------------------------------------------------------------
+  /**
+  * Verify a GitHub Marketplace webhook signature.
+  * Returns true if valid, false if GITHUB_MARKETPLACE_WEBHOOK_SECRET is not set (local mode).
+  *
+  * @param {string|Buffer} rawBody - Raw request body bytes
+  * @param {string} signature - Value of x-hub-signature-256 header
+  * @returns {boolean}
+  */
+  function verifyGithubWebhookSignature(rawBody, signature) {
+  if (!GITHUB_MARKETPLACE_WEBHOOK_SECRET) {
+  // Local mode — skip signature verification
+  return true;
+  }
+
+  if (!signature || !rawBody) {
+  return false;
+  }
+
+  const hmac = crypto.createHmac('sha256', GITHUB_MARKETPLACE_WEBHOOK_SECRET);
+  const digest = Buffer.from('sha256=' + hmac.update(rawBody).digest('hex'), 'utf8');
+  const checksum = Buffer.from(signature, 'utf8');
+
+  // Constant-time comparison
+  return checksum.length === digest.length && crypto.timingSafeEqual(digest, checksum);
+  }
+
+  /**
+  * Handle a GitHub Marketplace webhook event.
+  *
+  * Supported actions:
+  *   purchased — provision API key for the new customer
+  *   changed — plan update (upgrade/downgrade)
+  *   cancelled — disable all keys for that customer
+  *
+  * @param {object} event - Parsed GitHub Marketplace event object
+  * @returns {{ handled: boolean, action?: string, result?: object }}
+  */
+  function handleGithubWebhook(event) {
+  const { action, marketplace_purchase } = event;
+  if (!action || !marketplace_purchase) {
+  return { handled: false, reason: 'missing_payload_data' };
+  }
+
+  const account = marketplace_purchase.account;
+  if (!account || !account.id) {
+  return { handled: false, reason: 'missing_account_id' };
+  }
+
+  // Map GitHub account to customerId: github_<user|organization>_<id>
+  const customerId = `github_${account.type.toLowerCase()}_${account.id}`;
 
-module.exports = {
+  switch (action) {
+  case 'purchased': {
+    const result = provisionApiKey(customerId);
+    return {
+      handled: true,
+      action: 'provisioned_api_key',
+      result,
+    };
+  }
+
+  case 'cancelled': {
+    const result = disableCustomerKeys(customerId);
+    return {
+      handled: true,
+      action: 'disabled_customer_keys',
+      result,
+    };
+  }
+
+  case 'changed': {
+    // In this simple model, we just ensure a key exists and is active.
+    // Upgrades/downgrades don't change basic API access unless we had tiered features.
+    const result = provisionApiKey(customerId);
+    return {
+      handled: true,
+      action: 'plan_changed',
+      result,
+    };
+  }
+
+  default:
+    return { handled: false, reason: `unhandled_action:${action}` };
+  }
+  }
+
+  // ---------------------------------------------------------------------------
+  // Module exports
+  // ---------------------------------------------------------------------------
+
+  module.exports = {
   createCheckoutSession,
   provisionApiKey,
   validateApiKey,
@@ -464,8 +551,11 @@ module.exports = {
   disableCustomerKeys,
   handleWebhook,
   verifyWebhookSignature,
+  verifyGithubWebhookSignature,
+  handleGithubWebhook,
   loadKeyStore,
   // Expose for testing
   _API_KEYS_PATH: API_KEYS_PATH,
   _LOCAL_MODE: () => LOCAL_MODE,
-};
+  };
+

package/scripts/feedback-loop.js

@@ -29,14 +29,43 @@ const DOMAIN_CATEGORIES = [
   'git-workflow', 'documentation', 'debugging', 'architecture', 'data-modeling',
 ];
 
+const HOME = process.env.HOME || process.env.USERPROFILE || '';
+
 function getFeedbackPaths() {
-  const feedbackDir = process.env.RLHF_FEEDBACK_DIR || DEFAULT_FEEDBACK_DIR;
+  if (process.env.RLHF_FEEDBACK_DIR) {
+    const d = process.env.RLHF_FEEDBACK_DIR;
+    return {
+      FEEDBACK_DIR: d,
+      FEEDBACK_LOG_PATH: path.join(d, 'feedback-log.jsonl'),
+      MEMORY_LOG_PATH: path.join(d, 'memory-log.jsonl'),
+      SUMMARY_PATH: path.join(d, 'feedback-summary.json'),
+      PREVENTION_RULES_PATH: path.join(d, 'prevention-rules.md'),
+    };
+  }
+
+  // Auto-discovery order:
+  // 1. .rlhf/ (Standard)
+  // 2. .claude/memory/feedback/ (Legacy Claude)
+  // 3. ~/.rlhf/projects/<cwd-basename>/ (Global fallback for true plug-and-play)
+
+  const localRlhf = path.join(process.cwd(), '.rlhf');
+  const localClaude = path.join(process.cwd(), '.claude', 'memory', 'feedback');
+  
+  let baseDir = localRlhf;
+  if (!fs.existsSync(localRlhf) && fs.existsSync(localClaude)) {
+    baseDir = localClaude;
+  } else if (!fs.existsSync(localRlhf)) {
+    // Zero-Config Global Fallback
+    const projectName = path.basename(process.cwd()) || 'default';
+    baseDir = path.join(HOME, '.rlhf', 'projects', projectName);
+  }
+
   return {
-    FEEDBACK_DIR: feedbackDir,
-    FEEDBACK_LOG_PATH: path.join(feedbackDir, 'feedback-log.jsonl'),
-    MEMORY_LOG_PATH: path.join(feedbackDir, 'memory-log.jsonl'),
-    SUMMARY_PATH: path.join(feedbackDir, 'feedback-summary.json'),
-    PREVENTION_RULES_PATH: path.join(feedbackDir, 'prevention-rules.md'),
+    FEEDBACK_DIR: baseDir,
+    FEEDBACK_LOG_PATH: path.join(baseDir, 'feedback-log.jsonl'),
+    MEMORY_LOG_PATH: path.join(baseDir, 'memory-log.jsonl'),
+    SUMMARY_PATH: path.join(baseDir, 'feedback-summary.json'),
+    PREVENTION_RULES_PATH: path.join(baseDir, 'prevention-rules.md'),
   };
 }
 

package/scripts/prove-adapters.js

@@ -323,8 +323,10 @@ async function runProof(options = {}) {
   } catch (err) {
     addResult('fatal', false, { error: err.message });
   } finally {
-    await new Promise((resolve) => server.close(resolve));
-    fs.rmSync(tmpFeedbackDir, { recursive: true, force: true });
+    if (server) await new Promise((resolve) => server.close(resolve));
+    try {
+      fs.rmSync(tmpFeedbackDir, { recursive: true, force: true });
+    } catch (e) {}
   }
 
   if (writeArtifacts) {

package/scripts/prove-lancedb.js

@@ -140,8 +140,8 @@ async function runProof() {
   let vec03Status = 'fail';
   let vec03Evidence = '';
   try {
-    const arrowSpec = PKG.dependencies['apache-arrow'] || '';
-    const lanceSpec = PKG.dependencies['@lancedb/lancedb'] || '';
+    const arrowSpec = PKG.dependencies['apache-arrow'] || PKG.optionalDependencies['apache-arrow'] || '';
+    const lanceSpec = PKG.dependencies['@lancedb/lancedb'] || PKG.optionalDependencies['@lancedb/lancedb'] || '';
 
     // Check if spec pins to <= 18.1.0 (either "18.1.0", "^18.1.0", or "~18.1.0")
     const arrowVersion = arrowSpec.replace(/[\^~>=<]*/g, '').split('.').map(Number);

package/src/api/server.js

@@ -37,6 +37,8 @@ const {
   recordUsage,
   handleWebhook,
   verifyWebhookSignature,
+  verifyGithubWebhookSignature,
+  handleGithubWebhook,
   loadKeyStore,
 } = require('../../scripts/billing');
 
@@ -240,6 +242,42 @@ function createApiServer() {
       return;
     }
 
+    // GitHub Marketplace webhook
+    if (req.method === 'POST' && pathname === '/v1/billing/github-webhook') {
+      try {
+        const rawBody = await new Promise((resolve, reject) => {
+          const chunks = [];
+          req.on('data', (c) => chunks.push(c));
+          req.on('end', () => resolve(Buffer.concat(chunks)));
+          req.on('error', reject);
+        });
+
+        const sig = req.headers['x-hub-signature-256'] || '';
+        if (!verifyGithubWebhookSignature(rawBody, sig)) {
+          sendJson(res, 400, { error: 'Invalid webhook signature' });
+          return;
+        }
+
+        let event;
+        try {
+          event = JSON.parse(rawBody.toString('utf-8'));
+        } catch {
+          sendJson(res, 400, { error: 'Invalid JSON in webhook body' });
+          return;
+        }
+
+        const result = handleGithubWebhook(event);
+        sendJson(res, 200, result);
+      } catch (err) {
+        if (err.statusCode) {
+          sendJson(res, err.statusCode, { error: err.message });
+        } else {
+          sendJson(res, 500, { error: err.message || 'Internal Server Error' });
+        }
+      }
+      return;
+    }
+
     if (!isAuthorized(req, expectedApiKey)) {
       sendJson(res, 401, { error: 'Unauthorized' });
       return;