thumbgate 0.9.10 → 0.9.11

package/scripts/statusline.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
 # ThumbGate Status Line for Claude Code
-# Shows ThumbGate feedback stats + most recent lesson at a glance.
-# Thumbs icons trigger CLI feedback capture inline (no browser).
+# Shows ThumbGate feedback stats + package version/tier at a glance.
 # Installed by: npx thumbgate init --agent claude-code
 
 # Resolve script directory safely (CodeQL: no uncontrolled paths)
@@ -17,16 +16,21 @@ CTX_PCT="${CTX_PCT:-0}"
 
 # ── ThumbGate stats from cache ────────────────────────────────────────
 THUMBGATE_CACHE=""
-for base in "${THUMBGATE_FEEDBACK_DIR:-.}" "." "${HOME}"; do
-  for rel in ".thumbgate/statusline_cache.json"; do
-    if [ -f "${base}/${rel}" ]; then
-      THUMBGATE_CACHE="${base}/${rel}"
-      break 2
+_CACHE_CANDIDATES_JSON=$(node "${SCRIPT_DIR}/statusline-cache-path.js" 2>/dev/null)
+if [ -n "$_CACHE_CANDIDATES_JSON" ]; then
+  while IFS= read -r candidate; do
+    [ -z "$candidate" ] && continue
+    if [ -f "$candidate" ]; then
+      THUMBGATE_CACHE="$candidate"
+      break
     fi
-  done
-done
+  done < <(echo "$_CACHE_CANDIDATES_JSON" | jq -r '.candidates[]?' 2>/dev/null)
+fi
+if [ -z "$THUMBGATE_CACHE" ]; then
+  THUMBGATE_CACHE="$(echo "$_CACHE_CANDIDATES_JSON" | jq -r '.candidates[0] // empty' 2>/dev/null)"
+fi
 if [ -z "$THUMBGATE_CACHE" ]; then
-  THUMBGATE_CACHE="${THUMBGATE_FEEDBACK_DIR:-.}/.thumbgate/statusline_cache.json"
+  THUMBGATE_CACHE="${THUMBGATE_FEEDBACK_DIR:-.}/statusline_cache.json"
 fi
 
 UP="0"; DOWN="0"; LESSONS="0"; TREND="?"; CACHE_TS="0"
@@ -59,13 +63,13 @@ except:pass
   disown 2>/dev/null
 fi
 
-# ── Most recent lesson from lesson-inference ──────────────────────
-LESSON_TEXT=""; LESSON_ID=""
-_LESSON_JSON=$(node "${SCRIPT_DIR}/statusline-lesson.js" 2>/dev/null)
-if [ -n "$_LESSON_JSON" ]; then
-  eval "$(echo "$_LESSON_JSON" | jq -r '
-    @sh "LESSON_TEXT=\(.text // "")",
-    @sh "LESSON_ID=\(.lessonId // "")"
+# ── ThumbGate package metadata ────────────────────────────────────────
+TG_VERSION="unknown"; TG_TIER="Free"
+_META_JSON=$(node "${SCRIPT_DIR}/statusline-meta.js" 2>/dev/null)
+if [ -n "$_META_JSON" ]; then
+  eval "$(echo "$_META_JSON" | jq -r '
+    @sh "TG_VERSION=\(.version // "unknown")",
+    @sh "TG_TIER=\(.tier // "Free")"
   ' 2>/dev/null)"
 fi
 
@@ -88,29 +92,17 @@ case "${TREND}" in
   improving) ARROW="↗" ;; degrading) ARROW="↘" ;; stable) ARROW="→" ;; *) ARROW="?" ;;
 esac
 
-# ── OSC 8 clickable links ────────────────────────────────────────
-# Links use CLI commands instead of browser URLs.
-# Clicking 👍 runs: node bin/cli.js feedback --signal=up
-# Clicking 👎 runs: node bin/cli.js feedback --signal=down
-osc_link() { printf '\033]8;;%s\a%s\033]8;;\a' "$1" "$2"; }
-CLI="node ${SCRIPT_DIR}/../bin/cli.js"
-
 # ── Output (single line) ─────────────────────────────────────────
+LINE="ThumbGate v${TG_VERSION} · ${TG_TIER}"
 if [ "$UP" = "0" ] && [ "$DOWN" = "0" ]; then
-  echo -e "${D}ThumbGate: no feedback yet — type 'thumbs up' or 'thumbs down'${RST}"
+  echo -e "${D}${LINE} · no feedback yet${RST}"
 else
-  # Feedback counts
-  LINE="ThumbGate: ${G}${BD}${UP}${RST}👍 ${R}${BD}${DOWN}${RST}👎 · ${M}${BD}${LESSONS}${RST} lessons ${ARROW}"
+  LINE="${LINE} · ${G}${BD}${UP}${RST}👍 ${R}${BD}${DOWN}${RST}👎 ${ARROW}"
 
   # Control Tower alerts (if any)
   [ "${SLO_V:-0}" -gt 0 ] && LINE="${LINE} ${R}${SLO_V} SLO${RST}"
   [ "${AT_RISK:-0}" -gt 0 ] && LINE="${LINE} ${R}${AT_RISK}⚠${RST}"
   [ "${ANOMALIES:-0}" -gt 0 ] && LINE="${LINE} ${R}${ANOMALIES}☠${RST}"
 
-  # Most recent lesson
-  if [ -n "$LESSON_TEXT" ]; then
-    LINE="${LINE} · ${C}${LESSON_TEXT}${RST}"
-  fi
-
   echo -e "$LINE"
 fi

package/scripts/sync-version.js

@@ -19,6 +19,14 @@ const path = require('path');
 
 const PROJECT_ROOT = path.join(__dirname, '..');
 
+function explicitPinnedServeArgs(version) {
+  return ['--yes', '--package', `thumbgate@${version}`, 'thumbgate', 'serve'];
+}
+
+function explicitLatestServeArgs() {
+  return ['--yes', '--package', 'thumbgate@latest', 'thumbgate', 'serve'];
+}
+
 function readJson(relPath) {
   return JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, relPath), 'utf-8'));
 }
@@ -211,7 +219,7 @@ function syncVersion(opts) {
   if (fs.existsSync(path.join(PROJECT_ROOT, codexPluginConfigPath))) {
     const codexPluginConfig = readJson(codexPluginConfigPath);
     const server = codexPluginConfig.mcpServers && codexPluginConfig.mcpServers.thumbgate;
-    const expectedArgs = ['-y', `thumbgate@${version}`, 'serve'];
+    const expectedArgs = explicitPinnedServeArgs(version);
     const currentArgs = server && Array.isArray(server.args) ? server.args : [];
     if (server && server.command === 'npx' && JSON.stringify(currentArgs) !== JSON.stringify(expectedArgs)) {
       drifted.push({ file: codexPluginConfigPath, field: 'mcpServers.thumbgate.args', current: JSON.stringify(currentArgs) });
@@ -243,7 +251,7 @@ function syncVersion(opts) {
   if (fs.existsSync(path.join(PROJECT_ROOT, claudeCodexBridgeConfigPath))) {
     const bridgeConfig = readJson(claudeCodexBridgeConfigPath);
     const server = bridgeConfig.mcpServers && bridgeConfig.mcpServers.thumbgate;
-    const expectedArgs = ['-y', `thumbgate@${version}`, 'serve'];
+    const expectedArgs = explicitPinnedServeArgs(version);
     const currentArgs = server && Array.isArray(server.args) ? server.args : [];
     if (server && server.command === 'npx' && JSON.stringify(currentArgs) !== JSON.stringify(expectedArgs)) {
       drifted.push({ file: claudeCodexBridgeConfigPath, field: 'mcpServers.thumbgate.args', current: JSON.stringify(currentArgs) });
@@ -260,7 +268,7 @@ function syncVersion(opts) {
   if (fs.existsSync(path.join(PROJECT_ROOT, cursorPluginConfigPath))) {
     const cursorPluginConfig = readJson(cursorPluginConfigPath);
     const server = cursorPluginConfig.mcpServers && cursorPluginConfig.mcpServers.thumbgate;
-    const expectedArgs = ['-y', 'thumbgate@latest', 'serve'];
+    const expectedArgs = explicitLatestServeArgs();
     const currentArgs = server && Array.isArray(server.args) ? server.args : [];
     if (server && server.command === 'npx' && JSON.stringify(currentArgs) !== JSON.stringify(expectedArgs)) {
       drifted.push({ file: cursorPluginConfigPath, field: 'mcpServers.thumbgate.args', current: JSON.stringify(currentArgs) });

package/scripts/test-coverage.js

@@ -16,6 +16,7 @@ const COVERAGE_INCLUDE_GLOBS = [
 const COVERAGE_EXCLUDE_GLOBS = [
   'tests/**/*.js',
 ];
+let cachedCoverageFilterSupport;
 
 function findCoverageTestFiles({
   dir = TESTS_DIR,
@@ -39,29 +40,35 @@ function findCoverageTestFiles({
   return files.sort();
 }
 
-function supportsCoveragePatternFlags({
-  spawn = spawnSync,
-} = {}) {
+function detectCoverageFilterSupport({ spawn = spawnSync } = {}) {
+  if (spawn === spawnSync && cachedCoverageFilterSupport !== undefined) {
+    return cachedCoverageFilterSupport;
+  }
+
   const result = spawn(process.execPath, ['--help'], {
     encoding: 'utf8',
   });
+  const helpText = `${result.stdout || ''}\n${result.stderr || ''}`;
+  const supported = helpText.includes('--test-coverage-include') && helpText.includes('--test-coverage-exclude');
 
-  if (result.error) {
-    return false;
+  if (spawn === spawnSync) {
+    cachedCoverageFilterSupport = supported;
   }
 
-  const help = `${result.stdout || ''}\n${result.stderr || ''}`;
-  return help.includes('--test-coverage-include') && help.includes('--test-coverage-exclude');
+  return supported;
 }
 
-function buildCoverageArgs(files, { supportsPatternFlags = true } = {}) {
+function buildCoverageArgs(files, { spawn = spawnSync, supportsFilters } = {}) {
   const args = [
     '--test',
     '--test-concurrency=1',
     '--experimental-test-coverage',
   ];
 
-  if (supportsPatternFlags) {
+  const useFilterFlags = supportsFilters === undefined
+    ? detectCoverageFilterSupport({ spawn })
+    : supportsFilters;
+  if (useFilterFlags) {
     args.push(
       ...COVERAGE_INCLUDE_GLOBS.flatMap((pattern) => ['--test-coverage-include', pattern]),
       ...COVERAGE_EXCLUDE_GLOBS.flatMap((pattern) => ['--test-coverage-exclude', pattern]),
@@ -76,17 +83,17 @@ function runCoverage({
   files = findCoverageTestFiles(),
   cwd = PROJECT_ROOT,
   spawn = spawnSync,
-  supportsPatternFlags = supportsCoveragePatternFlags({ spawn }),
+  supportsFilters,
 } = {}) {
   if (files.length === 0) {
     return {
       exitCode: 1,
       error: 'No test files found for coverage run.',
-      args: buildCoverageArgs(files, { supportsPatternFlags }),
+      args: buildCoverageArgs(files, { spawn, supportsFilters }),
     };
   }
 
-  const args = buildCoverageArgs(files, { supportsPatternFlags });
+  const args = buildCoverageArgs(files, { spawn, supportsFilters });
   const result = spawn(process.execPath, args, {
     cwd,
     env: process.env,
@@ -113,8 +120,8 @@ module.exports = {
   COVERAGE_INCLUDE_GLOBS,
   PROJECT_ROOT,
   TESTS_DIR,
+  detectCoverageFilterSupport,
   findCoverageTestFiles,
   buildCoverageArgs,
   runCoverage,
-  supportsCoveragePatternFlags,
 };

package/scripts/tool-registry.js

@@ -512,6 +512,89 @@ const TOOLS = [
       },
     },
   }),
+  destructiveTool({
+    name: 'set_task_scope',
+    description: 'Declare or clear the current task scope so ThumbGate can compare affected files and diffs against the approved path set.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        taskId: { type: 'string', description: 'Optional stable task identifier (ticket, issue, or work item id)' },
+        summary: { type: 'string', description: 'Short summary of the task being worked' },
+        allowedPaths: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Glob patterns that define the allowed file scope for this task',
+        },
+        protectedPaths: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Optional protected-file globs that require explicit approval before editing or publishing',
+        },
+        repoPath: { type: 'string', description: 'Optional repo root used when evaluating git diff scope' },
+        localOnly: { type: 'boolean', description: 'When true, also marks the task as local-only' },
+        clear: { type: 'boolean', description: 'Clear the current task scope instead of setting one' },
+      },
+    },
+  }),
+  readOnlyTool({
+    name: 'get_scope_state',
+    description: 'Return the active task scope and any unexpired protected-file approvals.',
+    inputSchema: {
+      type: 'object',
+      properties: {},
+    },
+  }),
+  destructiveTool({
+    name: 'set_branch_governance',
+    description: 'Declare or clear branch and release governance so PR, merge, release, and publish actions can be evaluated against explicit workflow state.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        branchName: { type: 'string', description: 'Optional branch name the governance applies to' },
+        baseBranch: { type: 'string', description: 'Protected base branch for merge and release operations (defaults to main)' },
+        prRequired: { type: 'boolean', description: 'Whether this lane must go through a pull request (defaults to true)' },
+        prNumber: { type: 'string', description: 'Optional pull request number once a PR exists' },
+        prUrl: { type: 'string', description: 'Optional pull request URL once a PR exists' },
+        queueRequired: { type: 'boolean', description: 'Whether the target branch requires a merge queue' },
+        localOnly: { type: 'boolean', description: 'When true, PR, merge, release, and publish actions are blocked for this lane' },
+        releaseVersion: { type: 'string', description: 'Expected package version for release or publish actions' },
+        releaseEvidence: { type: 'string', description: 'Optional evidence or release plan note for the governed version' },
+        releaseSensitiveGlobs: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Optional custom globs that define release-sensitive files for this branch lane',
+        },
+        clear: { type: 'boolean', description: 'Clear the current branch governance state instead of setting it' },
+      },
+    },
+  }),
+  readOnlyTool({
+    name: 'get_branch_governance',
+    description: 'Return the active branch and release governance state.',
+    inputSchema: {
+      type: 'object',
+      properties: {},
+    },
+  }),
+  destructiveTool({
+    name: 'approve_protected_action',
+    description: 'Grant a time-limited approval for edits or publish actions that touch protected files.',
+    inputSchema: {
+      type: 'object',
+      required: ['pathGlobs', 'reason'],
+      properties: {
+        pathGlobs: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Protected-file globs covered by this approval',
+        },
+        reason: { type: 'string', description: 'Why this protected-file action is approved' },
+        evidence: { type: 'string', description: 'Optional supporting evidence or approval note' },
+        taskId: { type: 'string', description: 'Optional task id this approval is tied to' },
+        ttlMs: { type: 'number', description: 'Optional approval lifetime in milliseconds (defaults to 1 hour, max 24 hours)' },
+      },
+    },
+  }),
   destructiveTool({
     name: 'track_action',
     description: 'Record a verification action in the current session (for example figma_verified or tests_passed). Session actions expire after one hour.',
@@ -535,6 +618,20 @@ const TOOLS = [
       },
     },
   }),
+  readOnlyTool({
+    name: 'check_operational_integrity',
+    description: 'Evaluate whether the current repo state is safe for PR, merge, release, and publish operations.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        repoPath: { type: 'string', description: 'Optional repository path to inspect' },
+        baseBranch: { type: 'string', description: 'Protected base branch to compare against (defaults to main)' },
+        command: { type: 'string', description: 'Optional git, PR, or publish command to evaluate against the current governance state' },
+        requirePrForReleaseSensitive: { type: 'boolean', description: 'When true, release-sensitive changes on non-base branches require an open PR' },
+        requireVersionNotBehindBase: { type: 'boolean', description: 'When true, release-sensitive changes cannot lag behind the base branch package version' },
+      },
+    },
+  }),
   destructiveTool({
     name: 'register_claim_gate',
     description: 'Register a custom claim verification rule in local runtime state without editing tracked repo config.',

package/scripts/train_from_feedback.py

@@ -15,7 +15,7 @@ Usage:
     python train_from_feedback.py --dpo-train          # DPO batch optimization (Feb 2026)
     python train_from_feedback.py --config config.json # Use custom categories
 
-This script only reads and writes local feedback artifacts under .claude/memory/feedback.
+This script only reads and writes local feedback artifacts under the active ThumbGate feedback directory.
 Those runtime outputs are git-ignored even though this utility is intentionally versioned.
 """
 
@@ -23,15 +23,37 @@ import json
 import math
 import random
 import argparse
+import os
 from datetime import datetime
 from pathlib import Path
 from typing import Dict, List, Any, Optional, Tuple
 
 # Configuration
 PROJECT_ROOT = Path(__file__).parent.parent
-FEEDBACK_LOG = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "feedback-log.jsonl"
-MODEL_FILE = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "feedback_model.json"
-SNAPSHOTS_DIR = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "model_snapshots"
+
+def resolve_feedback_dir() -> Path:
+    env_dir = os.environ.get("THUMBGATE_FEEDBACK_DIR")
+    if env_dir:
+        return Path(env_dir)
+
+    local_thumbgate = PROJECT_ROOT / ".thumbgate"
+    if local_thumbgate.exists():
+        return local_thumbgate
+
+    local_rlhf = PROJECT_ROOT / ".rlhf"
+    if local_rlhf.exists():
+        return local_rlhf
+
+    local_legacy = PROJECT_ROOT / ".claude" / "memory" / "feedback"
+    if local_legacy.exists():
+        return local_legacy
+
+    return Path.home() / ".thumbgate" / "projects" / PROJECT_ROOT.name
+
+FEEDBACK_DIR = resolve_feedback_dir()
+FEEDBACK_LOG = FEEDBACK_DIR / "feedback-log.jsonl"
+MODEL_FILE = FEEDBACK_DIR / "feedback_model.json"
+SNAPSHOTS_DIR = FEEDBACK_DIR / "model_snapshots"
 
 # Default categories (overridden by --config)
 DEFAULT_CATEGORIES = {
@@ -132,10 +154,11 @@ def create_initial_model(categories: Dict) -> Dict:
 
 def save_model(model: Dict):
     """Save model to disk."""
-    # Resolve and verify path stays within project root (CodeQL S2083)
+    # Resolve and verify path stays within trusted local ThumbGate roots (CodeQL S2083)
     resolved = MODEL_FILE.resolve()
-    if not str(resolved).startswith(str(PROJECT_ROOT.resolve())):
-        raise ValueError(f"Model path escapes project root: {resolved}")
+    allowed_roots = [PROJECT_ROOT.resolve(), FEEDBACK_DIR.resolve()]
+    if not any(str(resolved).startswith(str(root)) for root in allowed_roots):
+        raise ValueError(f"Model path escapes allowed ThumbGate roots: {resolved}")
     resolved.parent.mkdir(parents=True, exist_ok=True)
     model["updated"] = datetime.now().isoformat()
     resolved.write_text(json.dumps(model, indent=2))
@@ -344,7 +367,7 @@ def save_snapshot(model: Dict) -> Path:
 # Based on: Meta-Policy Reflexion (arXiv:2509.03990)
 # ============================================
 
-META_POLICY_FILE = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "meta_policy_rules.json"
+META_POLICY_FILE = FEEDBACK_DIR / "meta_policy_rules.json"
 
 
 def extract_meta_policy_rules(min_occurrences: int = 3) -> List[Dict[str, Any]]:
@@ -508,7 +531,7 @@ def load_meta_policy_rules() -> List[Dict[str, Any]]:
 # Reference: Rafailov et al. 2023 (arXiv:2305.18290)
 # ============================================
 
-DPO_MODEL_FILE = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "dpo_model.json"
+DPO_MODEL_FILE = FEEDBACK_DIR / "dpo_model.json"
 DPO_BETA = 0.1  # Temperature parameter (lower = more aggressive preference following)
 
 

package/scripts/validate-feedback.js

@@ -26,15 +26,16 @@
 
 const fs = require('fs');
 const path = require('path');
+const { resolveFeedbackDir } = require('./feedback-paths');
 
 // =============================================================================
 // PATH RESOLUTION
 // =============================================================================
 
-const DEFAULT_FEEDBACK_DIR = path.join(__dirname, '..', '.claude', 'memory', 'feedback');
+const DEFAULT_FEEDBACK_DIR = resolveFeedbackDir();
 
 function getFeedbackDir() {
-  return process.env.THUMBGATE_FEEDBACK_DIR || DEFAULT_FEEDBACK_DIR;
+  return resolveFeedbackDir();
 }
 
 function getFeedbackPaths() {

package/scripts/vector-store.js

@@ -8,8 +8,7 @@ const {
   resolveFeedbackDir,
 } = require('./local-model-profile');
 
-const PROJECT_ROOT = path.join(__dirname, '..');
-const DEFAULT_FEEDBACK_DIR = path.join(PROJECT_ROOT, '.claude', 'memory', 'feedback');
+const DEFAULT_FEEDBACK_DIR = resolveFeedbackDir();
 const DEFAULT_LANCE_DIR = path.join(DEFAULT_FEEDBACK_DIR, 'lancedb');
 
 // Module-level cache — prevents re-importing on every upsertFeedback() call
@@ -29,7 +28,7 @@ async function getLanceDB() {
 }
 
 function getFeedbackDir() {
-  return resolveFeedbackDir(process.env.THUMBGATE_FEEDBACK_DIR || DEFAULT_FEEDBACK_DIR);
+  return resolveFeedbackDir();
 }
 
 function getLanceDir() {

package/scripts/verify-obsidian-setup.sh

@@ -134,9 +134,9 @@ check_path_documented() {
   fi
 }
 
-check_path_documented ".claude/memory/feedback/memory-log.jsonl" "memory-log.jsonl"
-check_path_documented ".claude/memory/feedback/prevention-rules.md" "prevention-rules.md"
-check_path_documented ".claude/memory/feedback/feedback-log.jsonl" "feedback-log.jsonl"
+check_path_documented ".thumbgate/memory-log.jsonl" "memory-log.jsonl"
+check_path_documented ".thumbgate/prevention-rules.md" "prevention-rules.md"
+check_path_documented ".thumbgate/feedback-log.jsonl" "feedback-log.jsonl"
 
 # primer.md must exist (it is committed)
 if [ -f "$REPO_ROOT/primer.md" ]; then