npm - thumbgate - Versions diffs - 0.9.10 - Mend

thumbgate 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (364) hide show

package/.claude-plugin/README.md +134 -0
package/.claude-plugin/bundle/icon.png +0 -0
package/.claude-plugin/bundle/icon.svg +18 -0
package/.claude-plugin/bundle/server/index.js +24 -0
package/.claude-plugin/marketplace.json +36 -0
package/.claude-plugin/plugin.json +21 -0
package/.well-known/mcp/server-card.json +231 -0
package/LICENSE +21 -0
package/README.md +375 -0
package/adapters/README.md +9 -0
package/adapters/amp/skills/thumbgate-feedback/SKILL.md +22 -0
package/adapters/chatgpt/INSTALL.md +83 -0
package/adapters/chatgpt/openapi.yaml +1281 -0
package/adapters/claude/.mcp.json +14 -0
package/adapters/codex/config.toml +9 -0
package/adapters/gemini/function-declarations.json +224 -0
package/adapters/mcp/server-stdio.js +788 -0
package/adapters/opencode/opencode.json +15 -0
package/bin/cli.js +1484 -0
package/bin/memory.sh +64 -0
package/bin/obsidian-sync.sh +20 -0
package/bin/postinstall.js +37 -0
package/config/build-metadata.json +4 -0
package/config/e2e-critical-flows.json +45 -0
package/config/gate-templates.json +77 -0
package/config/gates/claim-verification.json +29 -0
package/config/gates/computer-use.json +39 -0
package/config/gates/default.json +117 -0
package/config/github-about.json +25 -0
package/config/mcp-allowlists.json +135 -0
package/config/model-tiers.json +33 -0
package/config/partner-routing.json +132 -0
package/config/policy-bundles/constrained-v1.json +64 -0
package/config/policy-bundles/default-v1.json +91 -0
package/config/rubrics/default-v1.json +52 -0
package/config/skill-packs/react-testing.json +23 -0
package/config/skill-packs/stripe-integration/references/api-spec.json +1 -0
package/config/skill-packs/stripe-integration/references/webhook-guide.md +3 -0
package/config/skill-specs/pr-reviewer.json +9 -0
package/config/skill-specs/release-status.json +9 -0
package/config/skill-specs/ticket-triage.json +9 -0
package/config/subagent-profiles.json +32 -0
package/config/tessl-tiles.json +29 -0
package/config/thumbgate-settings.managed.json +12 -0
package/openapi/openapi.yaml +1281 -0
package/package.json +283 -0
package/plugins/amp-skill/INSTALL.md +52 -0
package/plugins/amp-skill/SKILL.md +64 -0
package/plugins/claude-codex-bridge/.claude-plugin/plugin.json +22 -0
package/plugins/claude-codex-bridge/.mcp.json +12 -0
package/plugins/claude-codex-bridge/INSTALL.md +43 -0
package/plugins/claude-codex-bridge/README.md +46 -0
package/plugins/claude-codex-bridge/scripts/codex-bridge.js +288 -0
package/plugins/claude-codex-bridge/skills/adversarial-review/SKILL.md +24 -0
package/plugins/claude-codex-bridge/skills/result/SKILL.md +22 -0
package/plugins/claude-codex-bridge/skills/review/SKILL.md +28 -0
package/plugins/claude-codex-bridge/skills/second-pass/SKILL.md +27 -0
package/plugins/claude-codex-bridge/skills/setup/SKILL.md +21 -0
package/plugins/claude-codex-bridge/skills/status/SKILL.md +19 -0
package/plugins/claude-skill/INSTALL.md +55 -0
package/plugins/claude-skill/SKILL.md +46 -0
package/plugins/codex-profile/.codex-plugin/plugin.json +43 -0
package/plugins/codex-profile/.mcp.json +12 -0
package/plugins/codex-profile/AGENTS.md +20 -0
package/plugins/codex-profile/INSTALL.md +66 -0
package/plugins/codex-profile/README.md +37 -0
package/plugins/cursor-marketplace/.cursor-plugin/plugin.json +23 -0
package/plugins/cursor-marketplace/CHANGELOG.md +30 -0
package/plugins/cursor-marketplace/LICENSE +21 -0
package/plugins/cursor-marketplace/README.md +124 -0
package/plugins/cursor-marketplace/agents/reliability-reviewer.md +31 -0
package/plugins/cursor-marketplace/assets/logo-400x400.png +0 -0
package/plugins/cursor-marketplace/commands/capture-feedback.md +33 -0
package/plugins/cursor-marketplace/commands/check-gates.md +25 -0
package/plugins/cursor-marketplace/commands/show-lessons.md +27 -0
package/plugins/cursor-marketplace/hooks/hooks.json +10 -0
package/plugins/cursor-marketplace/mcp.json +12 -0
package/plugins/cursor-marketplace/rules/feedback-capture.mdc +34 -0
package/plugins/cursor-marketplace/rules/pre-action-gates.mdc +30 -0
package/plugins/cursor-marketplace/rules/session-continuity.mdc +28 -0
package/plugins/cursor-marketplace/scripts/gate-check.sh +11 -0
package/plugins/cursor-marketplace/skills/capture-feedback/SKILL.md +47 -0
package/plugins/cursor-marketplace/skills/prevention-rules/SKILL.md +31 -0
package/plugins/cursor-marketplace/skills/recall-context/SKILL.md +30 -0
package/plugins/cursor-marketplace/skills/search-lessons/SKILL.md +33 -0
package/plugins/gemini-extension/INSTALL.md +92 -0
package/plugins/gemini-extension/gemini_prompt.txt +14 -0
package/plugins/gemini-extension/tool_contract.json +45 -0
package/plugins/opencode-profile/INSTALL.md +57 -0
package/public/assets/instagram-card.png +0 -0
package/public/assets/tiktok-agent-memory.mp4 +0 -0
package/public/blog.html +400 -0
package/public/dashboard.html +1093 -0
package/public/guide.html +317 -0
package/public/index.html +1014 -0
package/public/learn/agent-harness-pattern.html +180 -0
package/public/learn/ai-agent-persistent-memory.html +202 -0
package/public/learn/learn.css +45 -0
package/public/learn/mcp-pre-action-gates-explained.html +172 -0
package/public/learn/stop-ai-agent-force-push.html +134 -0
package/public/learn/vibe-coding-safety-net.html +142 -0
package/public/learn.html +213 -0
package/public/lessons.html +650 -0
package/public/vercel.json +8 -0
package/scripts/__pycache__/train_from_feedback.cpython-312.pyc +0 -0
package/scripts/a2ui-engine.js +73 -0
package/scripts/access-anomaly-detector.js +12 -0
package/scripts/adk-consolidator.js +266 -0
package/scripts/agent-readiness.js +220 -0
package/scripts/agent-security-hardening.js +227 -0
package/scripts/agentic-data-pipeline.js +847 -0
package/scripts/analytics-report.js +328 -0
package/scripts/analytics-window.js +158 -0
package/scripts/async-job-runner.js +1001 -0
package/scripts/audit-trail.js +398 -0
package/scripts/auto-promote-gates.js +299 -0
package/scripts/auto-wire-hooks.js +312 -0
package/scripts/autonomous-sales-agent.js +39 -0
package/scripts/autoresearch-runner.js +216 -0
package/scripts/background-agent-governance.js +237 -0
package/scripts/behavioral-extraction.js +97 -0
package/scripts/belief-update.js +84 -0
package/scripts/billing.js +2438 -0
package/scripts/bot-detector.js +50 -0
package/scripts/budget-guard.js +173 -0
package/scripts/build-claude-mcpb.js +189 -0
package/scripts/build-metadata.js +97 -0
package/scripts/check-congruence.js +322 -0
package/scripts/cli-feedback.js +135 -0
package/scripts/cli-telemetry.js +87 -0
package/scripts/cloudflare-dynamic-sandbox.js +315 -0
package/scripts/code-reasoning.js +350 -0
package/scripts/codegraph-context.js +466 -0
package/scripts/commercial-offer.js +56 -0
package/scripts/computer-use-firewall.js +250 -0
package/scripts/context-engine.js +694 -0
package/scripts/contextfs.js +1287 -0
package/scripts/conversation-context.js +119 -0
package/scripts/creator-campaigns.js +239 -0
package/scripts/daemon-manager.js +108 -0
package/scripts/daily-digest.js +11 -0
package/scripts/dashboard-render-spec.js +395 -0
package/scripts/dashboard.js +1058 -0
package/scripts/data-governance.js +173 -0
package/scripts/delegation-runtime.js +900 -0
package/scripts/deploy-gcp.sh +44 -0
package/scripts/deploy-policy.js +263 -0
package/scripts/disagreement-mining.js +315 -0
package/scripts/dispatch-brief.js +159 -0
package/scripts/distribution-surfaces.js +44 -0
package/scripts/dpo-optimizer.js +209 -0
package/scripts/ephemeral-agent-store.js +219 -0
package/scripts/eval-harness.js +56 -0
package/scripts/evolution-state.js +241 -0
package/scripts/experiment-tracker.js +267 -0
package/scripts/export-databricks-bundle.js +242 -0
package/scripts/export-dpo-pairs.js +345 -0
package/scripts/export-kto-pairs.js +310 -0
package/scripts/export-training.js +448 -0
package/scripts/failure-diagnostics.js +558 -0
package/scripts/feedback-attribution.js +313 -0
package/scripts/feedback-fallback.js +111 -0
package/scripts/feedback-history-distiller.js +391 -0
package/scripts/feedback-inbox-read.js +162 -0
package/scripts/feedback-loop.js +1887 -0
package/scripts/feedback-paths.js +145 -0
package/scripts/feedback-quality.js +139 -0
package/scripts/feedback-root-consolidator.js +238 -0
package/scripts/feedback-schema.js +426 -0
package/scripts/feedback-session.js +286 -0
package/scripts/feedback-to-memory.js +185 -0
package/scripts/feedback-to-rules.js +163 -0
package/scripts/filesystem-search.js +404 -0
package/scripts/funnel-analytics.js +35 -0
package/scripts/gate-satisfy.js +42 -0
package/scripts/gate-stats.js +116 -0
package/scripts/gate-templates.js +70 -0
package/scripts/gates-engine.js +816 -0
package/scripts/generate-paperbanana-diagrams.sh +99 -0
package/scripts/generate-pretool-hook.sh +40 -0
package/scripts/github-about.js +350 -0
package/scripts/github-outreach.js +65 -0
package/scripts/gtm-revenue-loop.js +520 -0
package/scripts/hallucination-detector.js +226 -0
package/scripts/hf-papers.js +317 -0
package/scripts/history-distiller.js +200 -0
package/scripts/hook-auto-capture.sh +95 -0
package/scripts/hook-stop-pr-thread-check.sh +68 -0
package/scripts/hook-stop-self-score.sh +51 -0
package/scripts/hook-stop-verify-deploy.sh +31 -0
package/scripts/hook-thumbgate-cache-updater.js +48 -0
package/scripts/hook-verify-before-done.sh +20 -0
package/scripts/hosted-config.js +170 -0
package/scripts/hybrid-feedback-context.js +676 -0
package/scripts/install-mcp.js +159 -0
package/scripts/intent-router.js +392 -0
package/scripts/internal-agent-bootstrap.js +490 -0
package/scripts/jsonl-watcher.js +155 -0
package/scripts/lesson-db.js +613 -0
package/scripts/lesson-inference.js +315 -0
package/scripts/lesson-retrieval.js +95 -0
package/scripts/lesson-rotation.js +137 -0
package/scripts/lesson-search.js +644 -0
package/scripts/lesson-synthesis.js +196 -0
package/scripts/license.js +50 -0
package/scripts/local-model-profile.js +383 -0
package/scripts/markdown-escape.js +12 -0
package/scripts/marketing-experiment.js +671 -0
package/scripts/mcp-config.js +149 -0
package/scripts/mcp-policy.js +99 -0
package/scripts/memalign-recall.js +111 -0
package/scripts/memory-firewall.js +222 -0
package/scripts/memory-migration.js +296 -0
package/scripts/meta-policy.js +194 -0
package/scripts/metered-billing.js +16 -0
package/scripts/model-tier-router.js +301 -0
package/scripts/money-watcher.js +71 -0
package/scripts/multi-hop-recall.js +240 -0
package/scripts/natural-language-harness.js +330 -0
package/scripts/obsidian-export.js +712 -0
package/scripts/operational-dashboard.js +103 -0
package/scripts/operational-summary.js +93 -0
package/scripts/optimize-context.js +17 -0
package/scripts/org-dashboard.js +201 -0
package/scripts/partner-orchestration.js +146 -0
package/scripts/per-step-scoring.js +165 -0
package/scripts/perplexity-marketing.js +466 -0
package/scripts/pii-scanner.js +153 -0
package/scripts/plan-gate.js +154 -0
package/scripts/post-everywhere.js +308 -0
package/scripts/post-to-x-retry.sh +22 -0
package/scripts/post-to-x.js +369 -0
package/scripts/pr-manager.js +236 -0
package/scripts/predictive-insights.js +356 -0
package/scripts/principle-extractor.js +162 -0
package/scripts/pro-features.js +40 -0
package/scripts/pro-local-dashboard.js +174 -0
package/scripts/problem-detail.js +53 -0
package/scripts/product-feedback.js +134 -0
package/scripts/profile-router.js +245 -0
package/scripts/prompt-dlp.js +221 -0
package/scripts/prompt-guard.js +83 -0
package/scripts/prove-adapters.js +863 -0
package/scripts/prove-attribution.js +365 -0
package/scripts/prove-automation.js +653 -0
package/scripts/prove-autoresearch.js +304 -0
package/scripts/prove-claim-verification.js +277 -0
package/scripts/prove-cloudflare-sandbox.js +163 -0
package/scripts/prove-data-pipeline.js +410 -0
package/scripts/prove-data-quality.js +227 -0
package/scripts/prove-evolution.js +352 -0
package/scripts/prove-harnesses.js +287 -0
package/scripts/prove-intelligence.js +259 -0
package/scripts/prove-lancedb.js +371 -0
package/scripts/prove-local-intelligence.js +342 -0
package/scripts/prove-loop-closure.js +263 -0
package/scripts/prove-predictive-insights.js +357 -0
package/scripts/prove-runtime.js +350 -0
package/scripts/prove-seo-gsd.js +234 -0
package/scripts/prove-settings.js +279 -0
package/scripts/prove-subway-upgrades.js +277 -0
package/scripts/prove-tessl.js +229 -0
package/scripts/prove-training-export.js +327 -0
package/scripts/prove-workflow-contract.js +116 -0
package/scripts/prove-xmemory.js +332 -0
package/scripts/publish-decision.js +133 -0
package/scripts/pulse.js +80 -0
package/scripts/rate-limiter.js +125 -0
package/scripts/reddit-dm-outreach.js +182 -0
package/scripts/reddit-monitor-cron.sh +26 -0
package/scripts/reflector-agent.js +221 -0
package/scripts/reminder-engine.js +132 -0
package/scripts/revenue-status.js +472 -0
package/scripts/risk-scorer.js +458 -0
package/scripts/rlaif-self-audit.js +129 -0
package/scripts/rubric-engine.js +230 -0
package/scripts/schedule-manager.js +251 -0
package/scripts/secret-scanner.js +414 -0
package/scripts/self-heal.js +147 -0
package/scripts/self-healing-check.js +188 -0
package/scripts/semantic-layer.js +98 -0
package/scripts/seo-gsd.js +1153 -0
package/scripts/settings-hierarchy.js +214 -0
package/scripts/shieldcortex-memory-firewall-runner.mjs +53 -0
package/scripts/skill-exporter.js +262 -0
package/scripts/skill-generator.js +446 -0
package/scripts/skill-materializer.js +134 -0
package/scripts/skill-packs.js +136 -0
package/scripts/skill-proposer.js +99 -0
package/scripts/skill-quality-tracker.js +284 -0
package/scripts/slo-alert-engine.js +14 -0
package/scripts/slow-loop.js +72 -0
package/scripts/social-analytics/db/schema.sql +32 -0
package/scripts/social-analytics/digest.js +256 -0
package/scripts/social-analytics/generate-instagram-card.js +97 -0
package/scripts/social-analytics/instagram-thumbgate-post.js +73 -0
package/scripts/social-analytics/mcp-server.js +289 -0
package/scripts/social-analytics/normalizer.js +580 -0
package/scripts/social-analytics/notify.js +162 -0
package/scripts/social-analytics/poll-all.js +107 -0
package/scripts/social-analytics/pollers/github.js +195 -0
package/scripts/social-analytics/pollers/instagram.js +253 -0
package/scripts/social-analytics/pollers/linkedin.js +330 -0
package/scripts/social-analytics/pollers/plausible.js +247 -0
package/scripts/social-analytics/pollers/reddit.js +306 -0
package/scripts/social-analytics/pollers/threads.js +233 -0
package/scripts/social-analytics/pollers/tiktok.js +203 -0
package/scripts/social-analytics/pollers/x.js +227 -0
package/scripts/social-analytics/pollers/youtube.js +304 -0
package/scripts/social-analytics/pollers/zernio.js +180 -0
package/scripts/social-analytics/publish-instagram-thumbgate.js +85 -0
package/scripts/social-analytics/publishers/devto.js +122 -0
package/scripts/social-analytics/publishers/instagram.js +317 -0
package/scripts/social-analytics/publishers/linkedin.js +294 -0
package/scripts/social-analytics/publishers/reddit.js +390 -0
package/scripts/social-analytics/publishers/threads.js +275 -0
package/scripts/social-analytics/publishers/tiktok.js +217 -0
package/scripts/social-analytics/publishers/x.js +259 -0
package/scripts/social-analytics/publishers/youtube.js +223 -0
package/scripts/social-analytics/publishers/zernio.js +209 -0
package/scripts/social-analytics/run-digest.js +34 -0
package/scripts/social-analytics/store.js +257 -0
package/scripts/social-analytics/utm.js +143 -0
package/scripts/social-pipeline.js +2628 -0
package/scripts/social-quality-gate.js +18 -0
package/scripts/social-reply-monitor.js +445 -0
package/scripts/status-dashboard.js +155 -0
package/scripts/statusline-lesson.js +16 -0
package/scripts/statusline-tower.js +8 -0
package/scripts/statusline.sh +116 -0
package/scripts/stripe-live-status.js +115 -0
package/scripts/subagent-profiles.js +79 -0
package/scripts/sync-gh-secrets-from-env.sh +70 -0
package/scripts/sync-github-about.js +52 -0
package/scripts/sync-version.js +451 -0
package/scripts/synthetic-dpo.js +234 -0
package/scripts/telemetry-analytics.js +821 -0
package/scripts/tessl-export.js +371 -0
package/scripts/test-coverage.js +120 -0
package/scripts/thompson-sampling.js +417 -0
package/scripts/thumbgate-search.js +189 -0
package/scripts/tool-kpi-tracker.js +12 -0
package/scripts/tool-registry.js +811 -0
package/scripts/train_from_feedback.py +910 -0
package/scripts/user-profile.js +78 -0
package/scripts/validate-feedback.js +580 -0
package/scripts/validate-workflow-contract.js +287 -0
package/scripts/vector-store.js +198 -0
package/scripts/verification-loop.js +291 -0
package/scripts/verify-obsidian-setup.sh +269 -0
package/scripts/verify-run.js +269 -0
package/scripts/webhook-delivery.js +62 -0
package/scripts/weekly-auto-post.js +124 -0
package/scripts/workflow-runs.js +154 -0
package/scripts/workflow-sprint-intake.js +475 -0
package/scripts/workspace-evolver.js +374 -0
package/scripts/x-autonomous-marketing.js +139 -0
package/scripts/xmemory-lite.js +405 -0
package/skills/agent-memory/SKILL.md +97 -0
package/skills/solve-architecture-autonomy/SKILL.md +17 -0
package/skills/solve-architecture-autonomy/tool.js +33 -0
package/skills/thumbgate/SKILL.md +114 -0
package/skills/thumbgate-feedback/SKILL.md +49 -0
package/src/api/server.js +4208 -0

package/scripts/computer-use-firewall.js ADDED Viewed

@@ -0,0 +1,250 @@
+#!/usr/bin/env node
+'use strict';
+const fs = require('fs');
+const path = require('path');
+/**
+ * Computer-Use Action Firewall — normalizes OpenAI Responses API
+ * computer-environment actions into ThumbGate's gate schema and
+ * evaluates them against policy presets.
+ */
+const CONFIG_PATH = path.join(__dirname, '..', 'config', 'gates', 'computer-use.json');
+// Action types from Responses API computer environment
+const ACTION_TYPES = {
+  'browser.open': { category: 'browser', riskLevel: 'low' },
+  'browser.click': { category: 'browser', riskLevel: 'low' },
+  'browser.type': { category: 'browser', riskLevel: 'medium' },
+  'shell.exec': { category: 'shell', riskLevel: 'high' },
+  'file.read': { category: 'file', riskLevel: 'low' },
+  'file.write': { category: 'file', riskLevel: 'medium' },
+  'file.delete': { category: 'file', riskLevel: 'high' },
+  'clipboard.read': { category: 'system', riskLevel: 'medium' },
+  'clipboard.write': { category: 'system', riskLevel: 'medium' },
+  'download': { category: 'network', riskLevel: 'medium' },
+  'upload': { category: 'network', riskLevel: 'high' },
+  'message.send': { category: 'communication', riskLevel: 'high' },
+};
+// Policy presets
+const PRESETS = {
+  'safe-readonly': {
+    allow: ['browser.open', 'browser.click', 'file.read', 'clipboard.read'],
+    deny: ['shell.exec', 'file.write', 'file.delete', 'upload', 'message.send'],
+    requireApproval: ['browser.type', 'download', 'clipboard.write'],
+  },
+  'dev-sandbox': {
+    allow: ['browser.open', 'browser.click', 'browser.type', 'file.read', 'file.write', 'clipboard.read', 'clipboard.write', 'download'],
+    deny: ['upload', 'message.send'],
+    requireApproval: ['shell.exec', 'file.delete'],
+  },
+  'human-approval-for-write': {
+    allow: ['browser.open', 'browser.click', 'file.read', 'clipboard.read'],
+    deny: [],
+    requireApproval: ['browser.type', 'shell.exec', 'file.write', 'file.delete', 'clipboard.write', 'download', 'upload', 'message.send'],
+  },
+};
+function loadConfig() {
+  if (!fs.existsSync(CONFIG_PATH)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+function normalizeAction(rawAction) {
+  if (!rawAction || typeof rawAction !== 'object') {
+    return {
+      type: 'unknown',
+      category: 'unknown',
+      riskLevel: 'high',
+      target: '',
+      args: {},
+      timestamp: new Date().toISOString(),
+    };
+  }
+  const type = rawAction.type || rawAction.action || 'unknown';
+  const meta = ACTION_TYPES[type] || { category: 'unknown', riskLevel: 'high' };
+  return {
+    type,
+    category: meta.category,
+    riskLevel: meta.riskLevel,
+    target: rawAction.target || rawAction.url || rawAction.path || rawAction.command || '',
+    args: rawAction.args || rawAction.params || {},
+    timestamp: rawAction.timestamp || new Date().toISOString(),
+  };
+}
+function buildRegex(pattern) {
+  // Handle (?i) inline flag by converting to JS 'i' flag
+  if (pattern.startsWith('(?i)')) {
+    return new RegExp(pattern.slice(4), 'i');
+  }
+  return new RegExp(pattern);
+}
+function matchesDangerousPattern(action) {
+  const config = loadConfig();
+  if (!config || !Array.isArray(config.dangerousShellPatterns)) return null;
+  if (action.type !== 'shell.exec') return null;
+  const command = action.target || '';
+  for (const pattern of config.dangerousShellPatterns) {
+    try {
+      if (buildRegex(pattern).test(command)) {
+        return pattern;
+      }
+    } catch {
+      // skip invalid regex
+    }
+  }
+  return null;
+}
+function matchesSecretPattern(action) {
+  const config = loadConfig();
+  if (!config || !Array.isArray(config.secretPatterns)) return null;
+  if (action.type !== 'file.write' && action.type !== 'browser.type') return null;
+  const content = action.args.content || action.args.text || action.target || '';
+  for (const pattern of config.secretPatterns) {
+    try {
+      if (buildRegex(pattern).test(content)) {
+        return pattern;
+      }
+    } catch {
+      // skip invalid regex
+    }
+  }
+  return null;
+}
+function evaluateAction(action, preset = 'dev-sandbox', customRules = []) {
+  const normalized = action.type ? action : normalizeAction(action);
+  const presetConfig = PRESETS[preset];
+  if (!presetConfig) {
+    return {
+      decision: 'deny',
+      reason: `Unknown preset: ${preset}`,
+      preset,
+      riskLevel: normalized.riskLevel,
+      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Unknown preset: ${preset}`, preset }),
+    };
+  }
+  // Custom rules override preset defaults
+  for (const rule of customRules) {
+    if (rule.action === normalized.type) {
+      const decision = rule.decision || 'deny';
+      const reason = rule.reason || `Custom rule override for ${normalized.type}`;
+      return {
+        decision,
+        reason,
+        preset,
+        riskLevel: normalized.riskLevel,
+        auditEntry: createAuditEntry(normalized, { decision, reason, preset }),
+      };
+    }
+  }
+  // Check dangerous shell patterns (always deny)
+  const dangerousMatch = matchesDangerousPattern(normalized);
+  if (dangerousMatch) {
+    return {
+      decision: 'deny',
+      reason: `Dangerous shell pattern detected: ${dangerousMatch}`,
+      preset,
+      riskLevel: 'critical',
+      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Dangerous shell pattern: ${dangerousMatch}`, preset }),
+    };
+  }
+  // Check secret patterns (always deny)
+  const secretMatch = matchesSecretPattern(normalized);
+  if (secretMatch) {
+    return {
+      decision: 'deny',
+      reason: `Secret pattern detected in content: ${secretMatch}`,
+      preset,
+      riskLevel: 'critical',
+      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Secret pattern: ${secretMatch}`, preset }),
+    };
+  }
+  // Evaluate against preset
+  if (presetConfig.deny.includes(normalized.type)) {
+    return {
+      decision: 'deny',
+      reason: `Action ${normalized.type} denied by ${preset} preset`,
+      preset,
+      riskLevel: normalized.riskLevel,
+      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Denied by preset`, preset }),
+    };
+  }
+  if (presetConfig.requireApproval.includes(normalized.type)) {
+    return {
+      decision: 'require-approval',
+      reason: `Action ${normalized.type} requires approval in ${preset} preset`,
+      preset,
+      riskLevel: normalized.riskLevel,
+      auditEntry: createAuditEntry(normalized, { decision: 'require-approval', reason: `Requires approval`, preset }),
+    };
+  }
+  if (presetConfig.allow.includes(normalized.type)) {
+    return {
+      decision: 'allow',
+      reason: `Action ${normalized.type} allowed by ${preset} preset`,
+      preset,
+      riskLevel: normalized.riskLevel,
+      auditEntry: createAuditEntry(normalized, { decision: 'allow', reason: `Allowed by preset`, preset }),
+    };
+  }
+  // Default: unknown actions require approval
+  return {
+    decision: 'require-approval',
+    reason: `Action ${normalized.type} not in preset; defaulting to require-approval`,
+    preset,
+    riskLevel: normalized.riskLevel,
+    auditEntry: createAuditEntry(normalized, { decision: 'require-approval', reason: `Not in preset`, preset }),
+  };
+}
+function createAuditEntry(action, decision) {
+  return {
+    timestamp: action.timestamp || new Date().toISOString(),
+    actionType: action.type,
+    target: action.target || '',
+    decision: decision.decision,
+    reason: decision.reason,
+    preset: decision.preset || 'unknown',
+  };
+}
+function evaluateBatch(actions, preset = 'dev-sandbox') {
+  return actions.map((rawAction) => {
+    const normalized = normalizeAction(rawAction);
+    return evaluateAction(normalized, preset);
+  });
+}
+module.exports = {
+  ACTION_TYPES,
+  PRESETS,
+  CONFIG_PATH,
+  normalizeAction,
+  evaluateAction,
+  createAuditEntry,
+  evaluateBatch,
+  loadConfig,
+  matchesDangerousPattern,
+  matchesSecretPattern,
+};