thumbgate 0.9.10

package/scripts/pro-local-dashboard.js

@@ -0,0 +1,174 @@
+'use strict';
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const DEFAULT_PRO_API = 'https://thumbgate-production.up.railway.app';
+const CREATOR_BYPASS_VALUE = process.env.THUMBGATE_DEV_SECRET || '';
+const CREATOR_BYPASS_ENV = 'THUMBGATE_DEV_BYPASS';
+const CREATOR_SYNTHETIC_KEY = process.env.THUMBGATE_DEV_KEY || '';
+
+/**
+ * Creator/dogfooding bypass — returns true when the tool creator is running locally.
+ * Two layers (PostHog/Laravel pattern):
+ *   1. Config file: ~/.config/thumbgate/dev.json with {"bypass":"[set via THUMBGATE_DEV_SECRET env var]"}
+ *   2. Env var: THUMBGATE_DEV_BYPASS=[set via THUMBGATE_DEV_SECRET env var]
+ * Requires a specific non-obvious value (not boolean) to prevent accidental activation.
+ */
+function isCreatorDev({ env = process.env, homeDir = os.homedir() } = {}) {
+  // Layer 1: env var with specific value
+  if (CREATOR_BYPASS_VALUE && String(env[CREATOR_BYPASS_ENV] || '') === CREATOR_BYPASS_VALUE) {
+    return true;
+  }
+  // Layer 2: persistent config file (set once, never think about it again)
+  try {
+    const configPath = path.join(homeDir, '.config', 'thumbgate', 'dev.json');
+    const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    if (CREATOR_BYPASS_VALUE && config && config.bypass === CREATOR_BYPASS_VALUE) {
+      return true;
+    }
+  } catch { /* not a dev machine */ }
+  return false;
+}
+
+/**
+ * Developer override: returns true when ~/.config/thumbgate/dev.json exists
+ * with any non-empty bypass value. No env var needed — just the config file.
+ * Used by the server to skip auth on localhost during local development.
+ */
+function hasDevOverride(homeDir = os.homedir()) {
+  // Disabled during test runs to avoid interfering with auth assertions
+  if (process.env.NODE_TEST_CONTEXT || process.env.THUMBGATE_TESTING) return false;
+  try {
+    const configPath = path.join(homeDir, '.config', 'thumbgate', 'dev.json');
+    const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    return config && typeof config.bypass === 'string' && config.bypass.length > 0;
+  } catch { return false; }
+}
+
+function getLicenseDir(homeDir = os.homedir()) {
+  return path.join(homeDir, '.thumbgate');
+}
+
+function getLicensePath(homeDir = os.homedir()) {
+  return path.join(getLicenseDir(homeDir), 'license.json');
+}
+
+function readLicense({ homeDir } = {}) {
+  try {
+    return JSON.parse(fs.readFileSync(getLicensePath(homeDir), 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function saveLicense(key, { homeDir, version } = {}) {
+  const licenseDir = getLicenseDir(homeDir);
+  const licensePath = getLicensePath(homeDir);
+  fs.mkdirSync(licenseDir, { recursive: true });
+  fs.writeFileSync(
+    licensePath,
+    JSON.stringify({
+      key: String(key || '').trim(),
+      savedAt: new Date().toISOString(),
+      version: version || null,
+    }, null, 2) + '\n'
+  );
+  return licensePath;
+}
+
+function resolveProKey({ env = process.env, homeDir } = {}) {
+  // Creator bypass — unlocks Pro without any license key
+  if (isCreatorDev({ env, homeDir })) {
+    return {
+      key: CREATOR_SYNTHETIC_KEY,
+      source: 'creator-dev',
+      plan: 'enterprise',
+    };
+  }
+
+  const envKey = String(env.THUMBGATE_API_KEY || '').trim();
+  if (envKey) {
+    return {
+      key: envKey,
+      source: 'env',
+    };
+  }
+
+  const license = readLicense({ homeDir });
+  const licenseKey = String(license && license.key ? license.key : '').trim();
+  if (licenseKey) {
+    return {
+      key: licenseKey,
+      source: 'license',
+      licensePath: getLicensePath(homeDir),
+    };
+  }
+
+  return null;
+}
+
+async function validateProKey(key, { apiBaseUrl = DEFAULT_PRO_API, fetchImpl = globalThis.fetch } = {}) {
+  if (!key || typeof fetchImpl !== 'function') {
+    return false;
+  }
+
+  try {
+    const res = await fetchImpl(`${apiBaseUrl}/v1/billing/usage`, {
+      headers: {
+        'Authorization': `Bearer ${String(key).trim()}`,
+      },
+    });
+    if (!res.ok) {
+      return false;
+    }
+    const data = await res.json().catch(() => ({}));
+    return Boolean(data && data.key);
+  } catch {
+    return false;
+  }
+}
+
+async function startLocalProDashboard({
+  key,
+  env = process.env,
+  port,
+  startServerImpl,
+  homeDir,
+} = {}) {
+  const normalizedKey = String(key || '').trim();
+  if (!normalizedKey && !isCreatorDev({ env, homeDir })) {
+    throw new Error('Pro license key required.');
+  }
+
+  env.THUMBGATE_PRO_MODE = '1';
+  env.THUMBGATE_API_KEY = normalizedKey;
+
+  const desiredPort = Number(port ?? env.PORT ?? 3456);
+  env.PORT = String(desiredPort);
+
+  const startServer = startServerImpl || require(path.join(__dirname, '..', 'src', 'api', 'server')).startServer;
+  const handle = await startServer({ port: desiredPort });
+  return {
+    server: handle.server,
+    port: handle.port,
+    url: `http://localhost:${handle.port}/dashboard`,
+  };
+}
+
+module.exports = {
+  CREATOR_BYPASS_ENV,
+  CREATOR_BYPASS_VALUE,
+  CREATOR_SYNTHETIC_KEY,
+  DEFAULT_PRO_API,
+  getLicenseDir,
+  getLicensePath,
+  hasDevOverride,
+  isCreatorDev,
+  readLicense,
+  saveLicense,
+  resolveProKey,
+  validateProKey,
+  startLocalProDashboard,
+};

package/scripts/problem-detail.js

@@ -0,0 +1,53 @@
+'use strict';
+
+/**
+ * RFC 9457 Problem Detail helper for AI-agent-friendly error responses.
+ * @see https://www.rfc-editor.org/rfc/rfc9457
+ */
+
+const PROBLEM_TYPES = {
+  RATE_LIMIT: 'urn:thumbgate:error:rate-limit-exceeded',
+  UNAUTHORIZED: 'urn:thumbgate:error:unauthorized',
+  FORBIDDEN: 'urn:thumbgate:error:forbidden',
+  NOT_FOUND: 'urn:thumbgate:error:not-found',
+  BAD_REQUEST: 'urn:thumbgate:error:bad-request',
+  INVALID_JSON: 'urn:thumbgate:error:invalid-json',
+  PAYMENT_REQUIRED: 'urn:thumbgate:error:payment-required',
+  INTERNAL: 'urn:thumbgate:error:internal-server-error',
+  WEBHOOK_INVALID: 'urn:thumbgate:error:webhook-invalid-signature',
+  SERVICE_UNAVAILABLE: 'urn:thumbgate:error:service-unavailable',
+};
+
+/**
+ * Build an RFC 9457 problem detail object.
+ * @param {object} opts
+ * @param {string} opts.type - URN from PROBLEM_TYPES
+ * @param {string} opts.title - Short human-readable summary
+ * @param {number} opts.status - HTTP status code
+ * @param {string} [opts.detail] - Longer explanation
+ * @param {string} [opts.instance] - URI reference for this specific occurrence
+ * @param {object} [opts.extensions] - Additional fields
+ * @returns {object}
+ */
+function problemDetail({ type, title, status, detail, instance, ...extensions }) {
+  const obj = { type, title, status };
+  if (detail) obj.detail = detail;
+  if (instance) obj.instance = instance;
+  return { ...obj, ...extensions };
+}
+
+/**
+ * Send an RFC 9457 problem detail response via Node http.ServerResponse.
+ */
+function sendProblem(res, opts, extraHeaders = {}) {
+  const problem = problemDetail(opts);
+  const body = JSON.stringify(problem);
+  res.writeHead(problem.status, {
+    'Content-Type': 'application/problem+json; charset=utf-8',
+    'Content-Length': Buffer.byteLength(body),
+    ...extraHeaders,
+  });
+  res.end(body);
+}
+
+module.exports = { problemDetail, sendProblem, PROBLEM_TYPES };

package/scripts/product-feedback.js

@@ -0,0 +1,134 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('fs');
+const https = require('https');
+const path = require('path');
+
+const { getFeedbackPaths } = require('./feedback-loop');
+
+function buildProductIssueTitle(body, category = 'bug') {
+  const prefix = category === 'feature'
+    ? '[Feature] '
+    : category === 'question'
+      ? '[Question] '
+      : '[Bug] ';
+  const trimmed = String(body || '').trim();
+  return prefix + trimmed.slice(0, 80) + (trimmed.length > 80 ? '...' : '');
+}
+
+function buildProductIssueBody(body, category = 'bug', source = 'dashboard feedback widget') {
+  return [
+    '## User Feedback',
+    '',
+    String(body || '').trim(),
+    '',
+    '---',
+    `*Submitted via ${source}*`,
+    `*Category: ${category || 'bug'}*`,
+  ].join('\n');
+}
+
+function appendProductFeedbackLog(entry) {
+  const feedbackLogPath = path.join(getFeedbackPaths().FEEDBACK_DIR, 'user-feedback.jsonl');
+  const feedbackDir = path.dirname(feedbackLogPath);
+  if (!fs.existsSync(feedbackDir)) fs.mkdirSync(feedbackDir, { recursive: true });
+  fs.appendFileSync(feedbackLogPath, `${JSON.stringify(entry)}\n`);
+  return feedbackLogPath;
+}
+
+function createGithubIssue({ owner, repo, token, title, body, labels }) {
+  return new Promise((resolve, reject) => {
+    const requestBody = JSON.stringify({ title, body, labels });
+    const req = https.request({
+      hostname: 'api.github.com',
+      path: `/repos/${owner}/${repo}/issues`,
+      method: 'POST',
+      headers: {
+        Authorization: `token ${token}`,
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(requestBody),
+        'User-Agent': 'ThumbGate-Product-Feedback',
+      },
+    }, (res) => {
+      let responseBody = '';
+      res.on('data', (chunk) => {
+        responseBody += chunk;
+      });
+      res.on('end', () => {
+        try {
+          resolve(JSON.parse(responseBody));
+        } catch (error) {
+          reject(error);
+        }
+      });
+    });
+    req.on('error', reject);
+    req.write(requestBody);
+    req.end();
+  });
+}
+
+async function submitProductIssue({
+  title,
+  body,
+  category = 'bug',
+  source = 'dashboard feedback widget',
+  githubToken = process.env.GITHUB_TOKEN || process.env.GH_TOKEN,
+  repoFullName = 'IgorGanapolsky/ThumbGate',
+} = {}) {
+  const trimmedTitle = String(title || '').trim();
+  const trimmedBody = String(body || '').trim();
+  if (!trimmedTitle) throw new Error('title required');
+  if (trimmedBody.length < 5) throw new Error('body too short');
+
+  const feedbackEntry = {
+    title: trimmedTitle,
+    body: trimmedBody,
+    category,
+    source,
+    timestamp: new Date().toISOString(),
+  };
+  appendProductFeedbackLog(feedbackEntry);
+
+  if (!githubToken) {
+    return {
+      success: true,
+      issueNumber: null,
+      issueUrl: null,
+      note: 'logged locally (no GitHub token)',
+    };
+  }
+
+  const [owner, repo] = String(repoFullName).split('/');
+  try {
+    const issue = await createGithubIssue({
+      owner,
+      repo,
+      token: githubToken,
+      title: trimmedTitle,
+      body: buildProductIssueBody(trimmedBody, category, source),
+      labels: ['user-feedback', category || 'bug'].filter(Boolean),
+    });
+    return {
+      success: true,
+      issueNumber: issue.number || null,
+      issueUrl: issue.html_url || null,
+      note: issue.number ? 'filed in GitHub' : 'logged locally',
+    };
+  } catch {
+    return {
+      success: true,
+      issueNumber: null,
+      issueUrl: null,
+      note: 'logged locally',
+    };
+  }
+}
+
+module.exports = {
+  appendProductFeedbackLog,
+  buildProductIssueBody,
+  buildProductIssueTitle,
+  submitProductIssue,
+};

package/scripts/profile-router.js

@@ -0,0 +1,245 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Profile Router — OpenShell-inspired auto MCP profile selection
+ *
+ * Instead of manually setting THUMBGATE_MCP_PROFILE, this module analyzes the
+ * current context (tool name, input, session state) and automatically selects
+ * the most restrictive profile that still permits the required operation.
+ *
+ * Principle: deny-by-default, least-privilege, context-aware routing.
+ */
+
+const path = require('path');
+const {
+  getSetting,
+  getSettingOrigin,
+} = require('./settings-hierarchy');
+const { recommendInferenceBackend } = require('./local-model-profile');
+
+// ---------------------------------------------------------------------------
+// Context classifiers
+// ---------------------------------------------------------------------------
+
+/**
+ * Classifies the current operation context to determine the appropriate
+ * MCP profile. Returns the most restrictive profile that still allows
+ * the needed tools.
+ *
+ * @param {object} params
+ * @param {string} params.toolName     — MCP tool being requested
+ * @param {object} [params.toolInput]  — tool input payload
+ * @param {string} [params.sessionType] — 'review' | 'execute' | 'debug' | null
+ * @param {boolean} [params.hasWriteIntent] — whether the session involves writes
+ * @returns {{ profile: string, reason: string }}
+ */
+function routeProfile(params = {}) {
+  const { toolName, sessionType, hasWriteIntent, settingsOptions } = params;
+  const explicitProfile = process.env.THUMBGATE_MCP_PROFILE;
+  const defaultProfile = getSetting('mcp.defaultProfile', settingsOptions) || 'essential';
+  const readonlyProfile = getSetting('mcp.readonlySessionProfile', settingsOptions) || 'readonly';
+  const defaultOrigin = getSettingOrigin('mcp.defaultProfile', settingsOptions);
+  const readonlyOrigin = getSettingOrigin('mcp.readonlySessionProfile', settingsOptions);
+
+  // Explicit override always wins — but we still audit the decision
+  if (explicitProfile) {
+    return {
+      profile: explicitProfile,
+      reason: `explicit override via THUMBGATE_MCP_PROFILE=${explicitProfile}`,
+      wasAutoRouted: false,
+      settingsOrigin: null,
+    };
+  }
+
+  // Session-type routing
+  if (sessionType === 'review' || isReadOnlySession()) {
+    return {
+      profile: readonlyProfile,
+      reason: `read-only session detected — routing to ${readonlyProfile} profile`,
+      wasAutoRouted: true,
+      settingsOrigin: readonlyOrigin,
+    };
+  }
+
+  // Tool-level routing: if the tool is only available in certain profiles,
+  // select the most restrictive one that includes it
+  if (toolName) {
+    const profile = findMostRestrictiveProfile(toolName);
+    if (profile) {
+      return {
+        profile,
+        reason: `auto-routed to "${profile}" — most restrictive profile containing "${toolName}"`,
+        wasAutoRouted: true,
+      };
+    }
+  }
+
+  // Write-intent routing
+  if (hasWriteIntent === false) {
+    return {
+      profile: readonlyProfile,
+      reason: `no write intent — routing to ${readonlyProfile} profile`,
+      wasAutoRouted: true,
+      settingsOrigin: readonlyOrigin,
+    };
+  }
+
+  // Default: use 'essential' instead of 'default' for least-privilege
+  return {
+    profile: defaultProfile,
+    reason: `default auto-routing — ${defaultProfile} profile from settings hierarchy`,
+    wasAutoRouted: true,
+    settingsOrigin: defaultOrigin,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Profile analysis helpers
+// ---------------------------------------------------------------------------
+
+function loadProfilesLazy() {
+  try {
+    const mcpPolicy = require('./mcp-policy');
+    return mcpPolicy.loadMcpPolicy();
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Find the most restrictive (smallest) profile that includes the given tool.
+ * Profile restrictiveness = fewer tools allowed = more restricted.
+ */
+function findMostRestrictiveProfile(toolName) {
+  const policy = loadProfilesLazy();
+  if (!policy || !policy.profiles) return null;
+
+  // Sort profiles by number of tools (most restrictive first)
+  const candidates = Object.entries(policy.profiles)
+    .filter(([, tools]) => tools.includes(toolName))
+    .sort((a, b) => a[1].length - b[1].length);
+
+  if (candidates.length === 0) return null;
+  return candidates[0][0]; // most restrictive profile that has this tool
+}
+
+/**
+ * Detect read-only session from environment signals.
+ */
+function isReadOnlySession() {
+  // CI review context
+  if (process.env.CI && process.env.GITHUB_EVENT_NAME === 'pull_request') return true;
+  // Explicit read-only marker
+  if (process.env.THUMBGATE_SESSION_TYPE === 'review') return true;
+  // Subagent review profile
+  if (process.env.THUMBGATE_SUBAGENT_PROFILE === 'review_workflow') return true;
+  return false;
+}
+
+// ---------------------------------------------------------------------------
+// Sensitive data routing (privacy router)
+// ---------------------------------------------------------------------------
+
+/**
+ * Determines whether a tool input should be routed to a local model
+ * (privacy-sensitive) or can go to a frontier model.
+ *
+ * @param {object} params
+ * @param {string} params.toolName
+ * @param {object} params.toolInput
+ * @returns {{ route: 'local' | 'frontier', reason: string }}
+ */
+function routePrivacy(params = {}) {
+  const { toolName, toolInput } = params;
+  const inputStr = JSON.stringify(toolInput || {});
+
+  // Patterns that should stay local
+  const sensitivePatterns = [
+    /\.env\b/i,
+    /credentials?\b/i,
+    /secret[_-]?key/i,
+    /api[_-]?key/i,
+    /password/i,
+    /token/i,
+    /private[_-]?key/i,
+    /\.pem\b/i,
+    /\.p12\b/i,
+    /auth[_-]?config/i,
+  ];
+
+  // Check if input references sensitive material
+  for (const pattern of sensitivePatterns) {
+    if (pattern.test(inputStr) || pattern.test(toolName || '')) {
+      return {
+        route: 'local',
+        reason: `sensitive pattern detected: ${pattern.source}`,
+      };
+    }
+  }
+
+  // Sensitive tools that should always route locally
+  const localOnlyTools = [
+    'capture_feedback',
+    'export_dpo_pairs',
+    'export_databricks_bundle',
+    'track_action',
+    'verify_claim',
+    'register_claim_gate',
+  ];
+  if (localOnlyTools.includes(toolName)) {
+    return {
+      route: 'local',
+      reason: `tool "${toolName}" contains training data — routing locally`,
+    };
+  }
+
+  return {
+    route: 'frontier',
+    reason: 'no sensitive content detected — frontier routing allowed',
+  };
+}
+
+function routeInference(params = {}) {
+  const privacy = routePrivacy(params);
+  const inference = recommendInferenceBackend({
+    type: params.taskType,
+    contextTokens: params.contextTokens,
+    tags: params.tags,
+    privacyRoute: privacy.route,
+  }, params.env || process.env);
+
+  return {
+    route: privacy.route === 'local' ? 'local' : inference.route,
+    reason: inference.reason,
+    workloadClass: inference.workloadClass,
+    recommendationClass: inference.recommendationClass,
+    privacy,
+    backend: inference.backend,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Exports
+// ---------------------------------------------------------------------------
+
+module.exports = {
+  routeProfile,
+  routePrivacy,
+  routeInference,
+  findMostRestrictiveProfile,
+  isReadOnlySession,
+};
+
+// ---------------------------------------------------------------------------
+// CLI
+// ---------------------------------------------------------------------------
+
+if (require.main === module) {
+  const toolName = process.argv[2] || null;
+  const result = routeProfile({ toolName });
+  const privacy = toolName ? routePrivacy({ toolName, toolInput: {} }) : null;
+  const inference = routeInference({ toolName, toolInput: {}, taskType: 'large-context', contextTokens: 200000, tags: ['xmemory'] });
+
+  console.log(JSON.stringify({ routing: result, privacy, inference }, null, 2));
+}