thumbgate 0.9.10 → 0.9.12

package/scripts/sync-version.js

@@ -19,6 +19,14 @@ const path = require('path');
 
 const PROJECT_ROOT = path.join(__dirname, '..');
 
+function explicitPinnedServeArgs(version) {
+  return ['--yes', '--package', `thumbgate@${version}`, 'thumbgate', 'serve'];
+}
+
+function explicitLatestServeArgs() {
+  return ['--yes', '--package', 'thumbgate@latest', 'thumbgate', 'serve'];
+}
+
 function readJson(relPath) {
   return JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, relPath), 'utf-8'));
 }
@@ -191,6 +199,19 @@ function syncVersion(opts) {
   }
 
   // 8. Codex plugin manifest + MCP config
+  const codexAdapterConfigPath = 'adapters/codex/config.toml';
+  if (fs.existsSync(path.join(PROJECT_ROOT, codexAdapterConfigPath))) {
+    const content = fs.readFileSync(path.join(PROJECT_ROOT, codexAdapterConfigPath), 'utf8');
+    const updated = content.replace(/thumbgate@(\d+\.\d+\.\d+)/g, `thumbgate@${version}`);
+    if (updated !== content) {
+      drifted.push({ file: codexAdapterConfigPath, field: 'package-version-string', current: content.match(/thumbgate@\d+\.\d+\.\d+/g)?.join(', ') || null });
+      if (!checkOnly) {
+        fs.writeFileSync(path.join(PROJECT_ROOT, codexAdapterConfigPath), updated);
+      }
+    }
+    targets.push(codexAdapterConfigPath);
+  }
+
   const codexPluginManifestPath = 'plugins/codex-profile/.codex-plugin/plugin.json';
   if (fs.existsSync(path.join(PROJECT_ROOT, codexPluginManifestPath))) {
     const codexPlugin = readJson(codexPluginManifestPath);
@@ -211,7 +232,7 @@ function syncVersion(opts) {
   if (fs.existsSync(path.join(PROJECT_ROOT, codexPluginConfigPath))) {
     const codexPluginConfig = readJson(codexPluginConfigPath);
     const server = codexPluginConfig.mcpServers && codexPluginConfig.mcpServers.thumbgate;
-    const expectedArgs = ['-y', `thumbgate@${version}`, 'serve'];
+    const expectedArgs = explicitPinnedServeArgs(version);
     const currentArgs = server && Array.isArray(server.args) ? server.args : [];
     if (server && server.command === 'npx' && JSON.stringify(currentArgs) !== JSON.stringify(expectedArgs)) {
       drifted.push({ file: codexPluginConfigPath, field: 'mcpServers.thumbgate.args', current: JSON.stringify(currentArgs) });
@@ -243,7 +264,7 @@ function syncVersion(opts) {
   if (fs.existsSync(path.join(PROJECT_ROOT, claudeCodexBridgeConfigPath))) {
     const bridgeConfig = readJson(claudeCodexBridgeConfigPath);
     const server = bridgeConfig.mcpServers && bridgeConfig.mcpServers.thumbgate;
-    const expectedArgs = ['-y', `thumbgate@${version}`, 'serve'];
+    const expectedArgs = explicitPinnedServeArgs(version);
     const currentArgs = server && Array.isArray(server.args) ? server.args : [];
     if (server && server.command === 'npx' && JSON.stringify(currentArgs) !== JSON.stringify(expectedArgs)) {
       drifted.push({ file: claudeCodexBridgeConfigPath, field: 'mcpServers.thumbgate.args', current: JSON.stringify(currentArgs) });
@@ -260,7 +281,7 @@ function syncVersion(opts) {
   if (fs.existsSync(path.join(PROJECT_ROOT, cursorPluginConfigPath))) {
     const cursorPluginConfig = readJson(cursorPluginConfigPath);
     const server = cursorPluginConfig.mcpServers && cursorPluginConfig.mcpServers.thumbgate;
-    const expectedArgs = ['-y', 'thumbgate@latest', 'serve'];
+    const expectedArgs = explicitLatestServeArgs();
     const currentArgs = server && Array.isArray(server.args) ? server.args : [];
     if (server && server.command === 'npx' && JSON.stringify(currentArgs) !== JSON.stringify(expectedArgs)) {
       drifted.push({ file: cursorPluginConfigPath, field: 'mcpServers.thumbgate.args', current: JSON.stringify(currentArgs) });

package/scripts/test-coverage.js

@@ -15,7 +15,9 @@ const COVERAGE_INCLUDE_GLOBS = [
 ];
 const COVERAGE_EXCLUDE_GLOBS = [
   'tests/**/*.js',
+  'scripts/social-reply-monitor.js',
 ];
+let cachedCoverageFilterSupport;
 
 function findCoverageTestFiles({
   dir = TESTS_DIR,
@@ -39,29 +41,35 @@ function findCoverageTestFiles({
   return files.sort();
 }
 
-function supportsCoveragePatternFlags({
-  spawn = spawnSync,
-} = {}) {
+function detectCoverageFilterSupport({ spawn = spawnSync } = {}) {
+  if (spawn === spawnSync && cachedCoverageFilterSupport !== undefined) {
+    return cachedCoverageFilterSupport;
+  }
+
   const result = spawn(process.execPath, ['--help'], {
     encoding: 'utf8',
   });
+  const helpText = `${result.stdout || ''}\n${result.stderr || ''}`;
+  const supported = helpText.includes('--test-coverage-include') && helpText.includes('--test-coverage-exclude');
 
-  if (result.error) {
-    return false;
+  if (spawn === spawnSync) {
+    cachedCoverageFilterSupport = supported;
   }
 
-  const help = `${result.stdout || ''}\n${result.stderr || ''}`;
-  return help.includes('--test-coverage-include') && help.includes('--test-coverage-exclude');
+  return supported;
 }
 
-function buildCoverageArgs(files, { supportsPatternFlags = true } = {}) {
+function buildCoverageArgs(files, { spawn = spawnSync, supportsFilters } = {}) {
   const args = [
     '--test',
     '--test-concurrency=1',
     '--experimental-test-coverage',
   ];
 
-  if (supportsPatternFlags) {
+  const useFilterFlags = supportsFilters === undefined
+    ? detectCoverageFilterSupport({ spawn })
+    : supportsFilters;
+  if (useFilterFlags) {
     args.push(
       ...COVERAGE_INCLUDE_GLOBS.flatMap((pattern) => ['--test-coverage-include', pattern]),
       ...COVERAGE_EXCLUDE_GLOBS.flatMap((pattern) => ['--test-coverage-exclude', pattern]),
@@ -76,17 +84,17 @@ function runCoverage({
   files = findCoverageTestFiles(),
   cwd = PROJECT_ROOT,
   spawn = spawnSync,
-  supportsPatternFlags = supportsCoveragePatternFlags({ spawn }),
+  supportsFilters,
 } = {}) {
   if (files.length === 0) {
     return {
       exitCode: 1,
       error: 'No test files found for coverage run.',
-      args: buildCoverageArgs(files, { supportsPatternFlags }),
+      args: buildCoverageArgs(files, { spawn, supportsFilters }),
     };
   }
 
-  const args = buildCoverageArgs(files, { supportsPatternFlags });
+  const args = buildCoverageArgs(files, { spawn, supportsFilters });
   const result = spawn(process.execPath, args, {
     cwd,
     env: process.env,
@@ -113,8 +121,8 @@ module.exports = {
   COVERAGE_INCLUDE_GLOBS,
   PROJECT_ROOT,
   TESTS_DIR,
+  detectCoverageFilterSupport,
   findCoverageTestFiles,
   buildCoverageArgs,
   runCoverage,
-  supportsCoveragePatternFlags,
 };

package/scripts/tool-registry.js

@@ -512,6 +512,89 @@ const TOOLS = [
       },
     },
   }),
+  destructiveTool({
+    name: 'set_task_scope',
+    description: 'Declare or clear the current task scope so ThumbGate can compare affected files and diffs against the approved path set.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        taskId: { type: 'string', description: 'Optional stable task identifier (ticket, issue, or work item id)' },
+        summary: { type: 'string', description: 'Short summary of the task being worked' },
+        allowedPaths: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Glob patterns that define the allowed file scope for this task',
+        },
+        protectedPaths: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Optional protected-file globs that require explicit approval before editing or publishing',
+        },
+        repoPath: { type: 'string', description: 'Optional repo root used when evaluating git diff scope' },
+        localOnly: { type: 'boolean', description: 'When true, also marks the task as local-only' },
+        clear: { type: 'boolean', description: 'Clear the current task scope instead of setting one' },
+      },
+    },
+  }),
+  readOnlyTool({
+    name: 'get_scope_state',
+    description: 'Return the active task scope and any unexpired protected-file approvals.',
+    inputSchema: {
+      type: 'object',
+      properties: {},
+    },
+  }),
+  destructiveTool({
+    name: 'set_branch_governance',
+    description: 'Declare or clear branch and release governance so PR, merge, release, and publish actions can be evaluated against explicit workflow state.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        branchName: { type: 'string', description: 'Optional branch name the governance applies to' },
+        baseBranch: { type: 'string', description: 'Protected base branch for merge and release operations (defaults to main)' },
+        prRequired: { type: 'boolean', description: 'Whether this lane must go through a pull request (defaults to true)' },
+        prNumber: { type: 'string', description: 'Optional pull request number once a PR exists' },
+        prUrl: { type: 'string', description: 'Optional pull request URL once a PR exists' },
+        queueRequired: { type: 'boolean', description: 'Whether the target branch requires a merge queue' },
+        localOnly: { type: 'boolean', description: 'When true, PR, merge, release, and publish actions are blocked for this lane' },
+        releaseVersion: { type: 'string', description: 'Expected package version for release or publish actions' },
+        releaseEvidence: { type: 'string', description: 'Optional evidence or release plan note for the governed version' },
+        releaseSensitiveGlobs: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Optional custom globs that define release-sensitive files for this branch lane',
+        },
+        clear: { type: 'boolean', description: 'Clear the current branch governance state instead of setting it' },
+      },
+    },
+  }),
+  readOnlyTool({
+    name: 'get_branch_governance',
+    description: 'Return the active branch and release governance state.',
+    inputSchema: {
+      type: 'object',
+      properties: {},
+    },
+  }),
+  destructiveTool({
+    name: 'approve_protected_action',
+    description: 'Grant a time-limited approval for edits or publish actions that touch protected files.',
+    inputSchema: {
+      type: 'object',
+      required: ['pathGlobs', 'reason'],
+      properties: {
+        pathGlobs: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Protected-file globs covered by this approval',
+        },
+        reason: { type: 'string', description: 'Why this protected-file action is approved' },
+        evidence: { type: 'string', description: 'Optional supporting evidence or approval note' },
+        taskId: { type: 'string', description: 'Optional task id this approval is tied to' },
+        ttlMs: { type: 'number', description: 'Optional approval lifetime in milliseconds (defaults to 1 hour, max 24 hours)' },
+      },
+    },
+  }),
   destructiveTool({
     name: 'track_action',
     description: 'Record a verification action in the current session (for example figma_verified or tests_passed). Session actions expire after one hour.',
@@ -535,6 +618,20 @@ const TOOLS = [
       },
     },
   }),
+  readOnlyTool({
+    name: 'check_operational_integrity',
+    description: 'Evaluate whether the current repo state is safe for PR, merge, release, and publish operations.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        repoPath: { type: 'string', description: 'Optional repository path to inspect' },
+        baseBranch: { type: 'string', description: 'Protected base branch to compare against (defaults to main)' },
+        command: { type: 'string', description: 'Optional git, PR, or publish command to evaluate against the current governance state' },
+        requirePrForReleaseSensitive: { type: 'boolean', description: 'When true, release-sensitive changes on non-base branches require an open PR' },
+        requireVersionNotBehindBase: { type: 'boolean', description: 'When true, release-sensitive changes cannot lag behind the base branch package version' },
+      },
+    },
+  }),
   destructiveTool({
     name: 'register_claim_gate',
     description: 'Register a custom claim verification rule in local runtime state without editing tracked repo config.',

package/scripts/train_from_feedback.py

@@ -15,7 +15,7 @@ Usage:
     python train_from_feedback.py --dpo-train          # DPO batch optimization (Feb 2026)
     python train_from_feedback.py --config config.json # Use custom categories
 
-This script only reads and writes local feedback artifacts under .claude/memory/feedback.
+This script only reads and writes local feedback artifacts under the active ThumbGate feedback directory.
 Those runtime outputs are git-ignored even though this utility is intentionally versioned.
 """
 
@@ -23,15 +23,37 @@ import json
 import math
 import random
 import argparse
+import os
 from datetime import datetime
 from pathlib import Path
 from typing import Dict, List, Any, Optional, Tuple
 
 # Configuration
 PROJECT_ROOT = Path(__file__).parent.parent
-FEEDBACK_LOG = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "feedback-log.jsonl"
-MODEL_FILE = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "feedback_model.json"
-SNAPSHOTS_DIR = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "model_snapshots"
+
+def resolve_feedback_dir() -> Path:
+    env_dir = os.environ.get("THUMBGATE_FEEDBACK_DIR")
+    if env_dir:
+        return Path(env_dir)
+
+    local_thumbgate = PROJECT_ROOT / ".thumbgate"
+    if local_thumbgate.exists():
+        return local_thumbgate
+
+    local_rlhf = PROJECT_ROOT / ".rlhf"
+    if local_rlhf.exists():
+        return local_rlhf
+
+    local_legacy = PROJECT_ROOT / ".claude" / "memory" / "feedback"
+    if local_legacy.exists():
+        return local_legacy
+
+    return Path.home() / ".thumbgate" / "projects" / PROJECT_ROOT.name
+
+FEEDBACK_DIR = resolve_feedback_dir()
+FEEDBACK_LOG = FEEDBACK_DIR / "feedback-log.jsonl"
+MODEL_FILE = FEEDBACK_DIR / "feedback_model.json"
+SNAPSHOTS_DIR = FEEDBACK_DIR / "model_snapshots"
 
 # Default categories (overridden by --config)
 DEFAULT_CATEGORIES = {
@@ -132,10 +154,11 @@ def create_initial_model(categories: Dict) -> Dict:
 
 def save_model(model: Dict):
     """Save model to disk."""
-    # Resolve and verify path stays within project root (CodeQL S2083)
+    # Resolve and verify path stays within trusted local ThumbGate roots (CodeQL S2083)
     resolved = MODEL_FILE.resolve()
-    if not str(resolved).startswith(str(PROJECT_ROOT.resolve())):
-        raise ValueError(f"Model path escapes project root: {resolved}")
+    allowed_roots = [PROJECT_ROOT.resolve(), FEEDBACK_DIR.resolve()]
+    if not any(str(resolved).startswith(str(root)) for root in allowed_roots):
+        raise ValueError(f"Model path escapes allowed ThumbGate roots: {resolved}")
     resolved.parent.mkdir(parents=True, exist_ok=True)
     model["updated"] = datetime.now().isoformat()
     resolved.write_text(json.dumps(model, indent=2))
@@ -344,7 +367,7 @@ def save_snapshot(model: Dict) -> Path:
 # Based on: Meta-Policy Reflexion (arXiv:2509.03990)
 # ============================================
 
-META_POLICY_FILE = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "meta_policy_rules.json"
+META_POLICY_FILE = FEEDBACK_DIR / "meta_policy_rules.json"
 
 
 def extract_meta_policy_rules(min_occurrences: int = 3) -> List[Dict[str, Any]]:
@@ -508,7 +531,7 @@ def load_meta_policy_rules() -> List[Dict[str, Any]]:
 # Reference: Rafailov et al. 2023 (arXiv:2305.18290)
 # ============================================
 
-DPO_MODEL_FILE = PROJECT_ROOT / ".claude" / "memory" / "feedback" / "dpo_model.json"
+DPO_MODEL_FILE = FEEDBACK_DIR / "dpo_model.json"
 DPO_BETA = 0.1  # Temperature parameter (lower = more aggressive preference following)
 
 

package/scripts/validate-feedback.js

@@ -26,15 +26,16 @@
 
 const fs = require('fs');
 const path = require('path');
+const { resolveFeedbackDir } = require('./feedback-paths');
 
 // =============================================================================
 // PATH RESOLUTION
 // =============================================================================
 
-const DEFAULT_FEEDBACK_DIR = path.join(__dirname, '..', '.claude', 'memory', 'feedback');
+const DEFAULT_FEEDBACK_DIR = resolveFeedbackDir();
 
 function getFeedbackDir() {
-  return process.env.THUMBGATE_FEEDBACK_DIR || DEFAULT_FEEDBACK_DIR;
+  return resolveFeedbackDir();
 }
 
 function getFeedbackPaths() {

package/scripts/vector-store.js

@@ -8,8 +8,7 @@ const {
   resolveFeedbackDir,
 } = require('./local-model-profile');
 
-const PROJECT_ROOT = path.join(__dirname, '..');
-const DEFAULT_FEEDBACK_DIR = path.join(PROJECT_ROOT, '.claude', 'memory', 'feedback');
+const DEFAULT_FEEDBACK_DIR = resolveFeedbackDir();
 const DEFAULT_LANCE_DIR = path.join(DEFAULT_FEEDBACK_DIR, 'lancedb');
 
 // Module-level cache — prevents re-importing on every upsertFeedback() call
@@ -29,7 +28,7 @@ async function getLanceDB() {
 }
 
 function getFeedbackDir() {
-  return resolveFeedbackDir(process.env.THUMBGATE_FEEDBACK_DIR || DEFAULT_FEEDBACK_DIR);
+  return resolveFeedbackDir();
 }
 
 function getLanceDir() {

package/scripts/verify-obsidian-setup.sh

@@ -134,9 +134,9 @@ check_path_documented() {
   fi
 }
 
-check_path_documented ".claude/memory/feedback/memory-log.jsonl" "memory-log.jsonl"
-check_path_documented ".claude/memory/feedback/prevention-rules.md" "prevention-rules.md"
-check_path_documented ".claude/memory/feedback/feedback-log.jsonl" "feedback-log.jsonl"
+check_path_documented ".thumbgate/memory-log.jsonl" "memory-log.jsonl"
+check_path_documented ".thumbgate/prevention-rules.md" "prevention-rules.md"
+check_path_documented ".thumbgate/feedback-log.jsonl" "feedback-log.jsonl"
 
 # primer.md must exist (it is committed)
 if [ -f "$REPO_ROOT/primer.md" ]; then