thumbgate 1.1.0 → 1.3.0

package/scripts/statusline.sh

@@ -6,13 +6,23 @@
 # Resolve script directory safely (CodeQL: no uncontrolled paths)
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 case "$SCRIPT_DIR" in *[!a-zA-Z0-9/_.-]*) echo "ThumbGate: invalid script path"; exit 1;; esac
+LOCAL_API_ORIGIN="${THUMBGATE_LOCAL_API_ORIGIN:-http://localhost:3456}"
 
 # ── Parse Claude Code session JSON from stdin ─────────────────────
 eval "$(cat | jq -r '
   def n(f): f // 0;
-  @sh "CTX_PCT=\(n(.context_window.used_percentage) | floor)"
+  @sh "CTX_PCT=\(n(.context_window.used_percentage) | floor)",
+  @sh "PROJECT_CWD=\(.cwd // .working_directory // "")"
 ' 2>/dev/null)"
 CTX_PCT="${CTX_PCT:-0}"
+PROJECT_CWD="${PROJECT_CWD:-}"
+
+if [ -n "$PROJECT_CWD" ] && [ -d "$PROJECT_CWD" ]; then
+  export THUMBGATE_PROJECT_DIR="$PROJECT_CWD"
+  if [ -z "${THUMBGATE_FEEDBACK_DIR:-}" ]; then
+    export THUMBGATE_FEEDBACK_DIR="${PROJECT_CWD}/.claude/memory/feedback"
+  fi
+fi
 
 # ── ThumbGate stats from cache ────────────────────────────────────────
 THUMBGATE_CACHE=""
@@ -63,7 +73,7 @@ fi
 # Background refresh from REST API when cache is stale (>120s)
 if [ $(( _NOW - ${CACHE_TS:-0} )) -gt 120 ]; then
   (
-    _R=$(curl -s --max-time 3 "http://localhost:3456/v1/feedback/stats" -H "Authorization: Bearer ${THUMBGATE_API_KEY:-tg_creator_dev_enterprise}" 2>/dev/null)
+    _R=$(curl -s --max-time 3 "${LOCAL_API_ORIGIN}/v1/feedback/stats" -H "Authorization: Bearer ${THUMBGATE_API_KEY:-tg_creator_dev_enterprise}" 2>/dev/null)
     [ -z "$_R" ] && exit 0
     echo "$_R" | python3 -c "
 import json,sys,time,os
@@ -78,6 +88,23 @@ except:pass
   disown 2>/dev/null
 fi
 
+# ── Clickable statusline affordances ─────────────────────────────
+LINK_STATE="offline"
+UP_URL=""; DOWN_URL=""; DASHBOARD_URL=""; LESSONS_URL=""
+DASHBOARD_LABEL="Dashboard"; LESSONS_LABEL="Lessons"
+_LINKS_JSON=$(node "${SCRIPT_DIR}/statusline-links.js" 2>/dev/null)
+if [ -n "$_LINKS_JSON" ]; then
+  eval "$(echo "$_LINKS_JSON" | jq -r '
+    @sh "LINK_STATE=\(.state // "offline")",
+    @sh "UP_URL=\(.upUrl // "")",
+    @sh "DOWN_URL=\(.downUrl // "")",
+    @sh "DASHBOARD_URL=\(.dashboardUrl // "")",
+    @sh "LESSONS_URL=\(.lessonsUrl // "")",
+    @sh "DASHBOARD_LABEL=\(.dashboardLabel // "Dashboard")",
+    @sh "LESSONS_LABEL=\(.lessonsLabel // "Lessons")"
+  ' 2>/dev/null)"
+fi
+
 # ── ThumbGate package metadata ────────────────────────────────────────
 TG_VERSION="unknown"; TG_TIER="Free"
 _META_JSON=$(node "${SCRIPT_DIR}/statusline-meta.js" 2>/dev/null)
@@ -99,6 +126,16 @@ if [ -n "$_TOWER_JSON" ]; then
   ' 2>/dev/null)"
 fi
 
+# ── Latest lesson ──────────────────────────────────────────────────
+LESSON_TEXT=""; LESSON_ID=""
+_LESSON_JSON=$(node "${SCRIPT_DIR}/statusline-lesson.js" 2>/dev/null)
+if [ -n "$_LESSON_JSON" ]; then
+  eval "$(echo "$_LESSON_JSON" | jq -r '
+    @sh "LESSON_TEXT=\(.text // "")",
+    @sh "LESSON_ID=\(.lessonId // "")"
+  ' 2>/dev/null)"
+fi
+
 # ── Colors ────────────────────────────────────────────────────────
 G='\033[32m'; R='\033[31m'; M='\033[35m'; C='\033[36m'; D='\033[90m'; BD='\033[1m'; RST='\033[0m'
 
@@ -107,17 +144,170 @@ case "${TREND}" in
   improving) ARROW="↗" ;; degrading) ARROW="↘" ;; stable) ARROW="→" ;; *) ARROW="?" ;;
 esac
 
+osc8_link() {
+  local url="$1"
+  local label="$2"
+  if [ -n "$url" ]; then
+    printf '\033]8;;%s\a%s\033]8;;\a' "$url" "$label"
+  else
+    printf '%s' "$label"
+  fi
+}
+
+UP_ICON="$(osc8_link "$UP_URL" "👍")"
+DOWN_ICON="$(osc8_link "$DOWN_URL" "👎")"
+DASHBOARD_LINK="$(osc8_link "$DASHBOARD_URL" "$DASHBOARD_LABEL")"
+LESSONS_LINK="$(osc8_link "$LESSONS_URL" "$LESSONS_LABEL")"
+
+is_numeric() {
+  case "$1" in
+    ''|*[!0-9]*) return 1 ;;
+    *) return 0 ;;
+  esac
+}
+
+# Keep ThumbGate within a conservative left-side budget so Claude's own
+# right-side notices do not visually collide with our line.
+STATUSLINE_DEFAULT_MAX_CHARS="${THUMBGATE_STATUSLINE_DEFAULT_MAX_CHARS:-96}"
+STATUSLINE_RIGHT_RESERVE="${THUMBGATE_STATUSLINE_RIGHT_RESERVE:-28}"
+if ! is_numeric "$STATUSLINE_DEFAULT_MAX_CHARS"; then STATUSLINE_DEFAULT_MAX_CHARS=96; fi
+if ! is_numeric "$STATUSLINE_RIGHT_RESERVE"; then STATUSLINE_RIGHT_RESERVE=28; fi
+
+if is_numeric "${THUMBGATE_STATUSLINE_MAX_CHARS:-}"; then
+  STATUSLINE_MAX_CHARS="$THUMBGATE_STATUSLINE_MAX_CHARS"
+else
+  STATUSLINE_MAX_CHARS="$STATUSLINE_DEFAULT_MAX_CHARS"
+  if is_numeric "${COLUMNS:-}"; then
+    _AVAILABLE_CHARS=$(( COLUMNS - STATUSLINE_RIGHT_RESERVE ))
+    if [ "$_AVAILABLE_CHARS" -gt 0 ] && [ "$_AVAILABLE_CHARS" -lt "$STATUSLINE_MAX_CHARS" ]; then
+      STATUSLINE_MAX_CHARS="$_AVAILABLE_CHARS"
+    fi
+  fi
+fi
+if [ "$STATUSLINE_MAX_CHARS" -lt 48 ]; then STATUSLINE_MAX_CHARS=48; fi
+
+PLAIN_SEGMENTS=()
+RENDERED_SEGMENTS=()
+
+current_plain_length() {
+  local total=0
+  local i
+  for ((i = 0; i < ${#PLAIN_SEGMENTS[@]}; i++)); do
+    if [ "$i" -gt 0 ]; then
+      total=$((total + 3))
+    fi
+    total=$((total + ${#PLAIN_SEGMENTS[$i]}))
+  done
+  printf '%s' "$total"
+}
+
+push_segment() {
+  PLAIN_SEGMENTS+=("$1")
+  RENDERED_SEGMENTS+=("$2")
+}
+
+add_segment_if_fit() {
+  local plain="$1"
+  local rendered="$2"
+  local current extra
+  current=$(current_plain_length)
+  extra=${#plain}
+  if [ "${#PLAIN_SEGMENTS[@]}" -gt 0 ]; then
+    extra=$((extra + 3))
+  fi
+  if [ $((current + extra)) -le "$STATUSLINE_MAX_CHARS" ]; then
+    push_segment "$plain" "$rendered"
+    return 0
+  fi
+  return 1
+}
+
+truncate_plain_text() {
+  local text="$1"
+  local max_chars="$2"
+  if [ "$max_chars" -le 0 ]; then
+    printf ''
+  elif [ "${#text}" -le "$max_chars" ]; then
+    printf '%s' "$text"
+  elif [ "$max_chars" -le 3 ]; then
+    printf '%.*s' "$max_chars" "$text"
+  else
+    printf '%s...' "${text:0:$((max_chars - 3))}"
+  fi
+}
+
+add_truncated_segment_if_fit() {
+  local plain="$1"
+  local color="$2"
+  local min_chars="${3:-14}"
+  local current sep remaining truncated
+  current=$(current_plain_length)
+  sep=0
+  if [ "${#PLAIN_SEGMENTS[@]}" -gt 0 ]; then
+    sep=3
+  fi
+  remaining=$((STATUSLINE_MAX_CHARS - current - sep))
+  if [ "$remaining" -lt "$min_chars" ]; then
+    return 1
+  fi
+  truncated=$(truncate_plain_text "$plain" "$remaining")
+  push_segment "$truncated" "${color}${truncated}${RST}"
+  return 0
+}
+
+render_segments() {
+  local line=''
+  local i
+  for ((i = 0; i < ${#RENDERED_SEGMENTS[@]}; i++)); do
+    if [ "$i" -gt 0 ]; then
+      line="${line} · "
+    fi
+    line="${line}${RENDERED_SEGMENTS[$i]}"
+  done
+  printf '%b\n' "$line"
+}
+
 # ── Output (single line) ─────────────────────────────────────────
-LINE="ThumbGate v${TG_VERSION} · ${TG_TIER}"
 if [ "$UP" = "0" ] && [ "$DOWN" = "0" ]; then
-  echo -e "${D}${LINE} · no feedback yet${RST}"
+  push_segment "ThumbGate v${TG_VERSION}" "${D}ThumbGate v${TG_VERSION}${RST}"
+  push_segment "${TG_TIER}" "${D}${TG_TIER}${RST}"
+  push_segment "no feedback yet" "${D}no feedback yet${RST}"
+  add_segment_if_fit "${DASHBOARD_LABEL}" "${C}${DASHBOARD_LINK}${RST}"
+  add_segment_if_fit "${LESSONS_LABEL}" "${M}${LESSONS_LINK}${RST}"
+  render_segments
 else
-  LINE="${LINE} · ${G}${BD}${UP}${RST}👍 ${R}${BD}${DOWN}${RST}👎 ${ARROW}"
+  STATS_PLAIN="${UP}👍 ${DOWN}👎 ${ARROW}"
+  STATS_RENDERED="${G}${BD}${UP}${RST}${UP_ICON} ${R}${BD}${DOWN}${RST}${DOWN_ICON} ${ARROW}"
+  ALERTS_PLAIN=''
+  ALERTS_RENDERED=''
+
+  if [ "${SLO_V:-0}" -gt 0 ]; then
+    ALERTS_PLAIN="${ALERTS_PLAIN}${ALERTS_PLAIN:+ }${SLO_V} SLO"
+    ALERTS_RENDERED="${ALERTS_RENDERED}${ALERTS_RENDERED:+ }${R}${SLO_V} SLO${RST}"
+  fi
+  if [ "${AT_RISK:-0}" -gt 0 ]; then
+    ALERTS_PLAIN="${ALERTS_PLAIN}${ALERTS_PLAIN:+ }${AT_RISK}⚠"
+    ALERTS_RENDERED="${ALERTS_RENDERED}${ALERTS_RENDERED:+ }${R}${AT_RISK}⚠${RST}"
+  fi
+  if [ "${ANOMALIES:-0}" -gt 0 ]; then
+    ALERTS_PLAIN="${ALERTS_PLAIN}${ALERTS_PLAIN:+ }${ANOMALIES}☠"
+    ALERTS_RENDERED="${ALERTS_RENDERED}${ALERTS_RENDERED:+ }${R}${ANOMALIES}☠${RST}"
+  fi
 
-  # Control Tower alerts (if any)
-  [ "${SLO_V:-0}" -gt 0 ] && LINE="${LINE} ${R}${SLO_V} SLO${RST}"
-  [ "${AT_RISK:-0}" -gt 0 ] && LINE="${LINE} ${R}${AT_RISK}⚠${RST}"
-  [ "${ANOMALIES:-0}" -gt 0 ] && LINE="${LINE} ${R}${ANOMALIES}☠${RST}"
+  push_segment "ThumbGate v${TG_VERSION}" "ThumbGate v${TG_VERSION}"
+  push_segment "${TG_TIER}" "${TG_TIER}"
+  push_segment "${STATS_PLAIN}" "${STATS_RENDERED}"
+  add_segment_if_fit "${DASHBOARD_LABEL}" "${C}${DASHBOARD_LINK}${RST}"
+  add_segment_if_fit "${LESSONS_LABEL}" "${M}${LESSONS_LINK}${RST}"
+  if [ "${LESSONS:-0}" -gt 0 ]; then
+    add_segment_if_fit "${LESSONS} lessons" "${M}${BD}${LESSONS}${RST} lessons"
+  fi
+  if [ -n "${ALERTS_PLAIN}" ]; then
+    add_segment_if_fit "${ALERTS_PLAIN}" "${ALERTS_RENDERED}"
+  fi
+  if [ -n "${LESSON_TEXT}" ]; then
+    add_truncated_segment_if_fit "${LESSON_TEXT}" "${D}" 14
+  fi
 
-  echo -e "$LINE"
+  render_segments
 fi

package/scripts/sync-github-about.js

@@ -6,6 +6,7 @@ const {
   fetchLiveGitHubAbout,
   loadGitHubAboutConfig,
   updateLiveGitHubAbout,
+  verifyLiveGitHubAbout,
 } = require('./github-about');
 
 async function main() {
@@ -32,11 +33,13 @@ async function main() {
   console.log(`Syncing GitHub About for ${about.repo}...`);
   await updateLiveGitHubAbout({ repo: about.repo });
 
-  const after = await fetchLiveGitHubAbout({ repo: about.repo });
-  const remaining = compareGitHubAbout(about, after, `Live GitHub About (${about.repo})`);
-  if (remaining.length > 0) {
+  const verification = await verifyLiveGitHubAbout({
+    expected: about,
+    repo: about.repo,
+  });
+  if (verification.errors.length > 0) {
     console.error(`\n❌ GitHub About sync incomplete for ${about.repo}:\n`);
-    for (const error of remaining) {
+    for (const error of verification.errors) {
       console.error(`  • ${error}`);
     }
     console.error('');

package/scripts/tool-registry.js

@@ -36,7 +36,7 @@ const TOOLS = [
         whatWorked: { type: 'string' },
         chatHistory: {
           type: 'array',
-          description: 'Optional recent conversation window used for history-aware lesson distillation.',
+          description: 'Optional caller-supplied recent conversation window used for history-aware lesson distillation. The current Claude auto-capture path sends up to 8 prior recorded entries for vague negative inline signals.',
           items: {
             type: 'object',
             properties: {
@@ -59,7 +59,7 @@ const TOOLS = [
               timestamp: { type: 'string' },
             },
           },
-          description: 'Last 5-10 conversation turns before the feedback signal. Raw messages, not summaries.',
+          description: 'Recent conversation turns before the feedback signal. Raw messages, not summaries.',
         },
         rubricScores: {
           type: 'array',

package/scripts/workflow-sentinel.js

@@ -14,7 +14,9 @@ const {
   normalizePosix,
   resolveRepoRoot,
 } = require('./operational-integrity');
+const { buildDockerSandboxPlan } = require('./docker-sandbox-planner');
 const { evaluatePretool } = require('./hybrid-feedback-context');
+const { getInterventionRecommendation } = require('./intervention-policy');
 
 const GOVERNANCE_STATE_PATH = path.join(process.env.HOME || '/tmp', '.thumbgate', 'governance-state.json');
 const DEFAULT_PROTECTED_FILE_GLOBS = [
@@ -386,6 +388,7 @@ function scoreRisk({
   affectedFiles,
   integrity,
   memoryGuard,
+  learnedPolicy,
   blastRadius,
   taskScopeViolation,
   protectedSurface,
@@ -471,6 +474,43 @@ function scoreRisk({
       { mode: memoryGuard.mode }
     );
   }
+  if (learnedPolicy && learnedPolicy.enabled && learnedPolicy.prediction) {
+    const confidence = learnedPolicy.prediction.confidence || 0;
+    const label = learnedPolicy.prediction.label;
+    if (label === 'deny' && confidence >= 0.6) {
+      addDriver(
+        drivers,
+        'learned_policy_deny',
+        Math.min(0.26, 0.16 + (confidence * 0.12)),
+        'Learned intervention policy predicts a deny-worthy failure pattern.',
+        { confidence, label }
+      );
+    } else if (label === 'warn' && confidence >= 0.3) {
+      addDriver(
+        drivers,
+        'learned_policy_warn',
+        Math.min(0.18, 0.1 + (confidence * 0.08)),
+        'Learned intervention policy predicts elevated execution risk.',
+        { confidence, label }
+      );
+    } else if (label === 'verify' && confidence >= 0.3) {
+      addDriver(
+        drivers,
+        'learned_policy_verify',
+        Math.min(0.16, 0.08 + (confidence * 0.06)),
+        'Learned intervention policy predicts a verification gap before close-out.',
+        { confidence, label }
+      );
+    } else if (label === 'recall' && confidence >= 0.3) {
+      addDriver(
+        drivers,
+        'learned_policy_recall',
+        Math.min(0.14, 0.06 + (confidence * 0.05)),
+        'Learned intervention policy predicts prior lessons are needed before execution.',
+        { confidence, label }
+      );
+    }
+  }
 
   const score = Math.min(1, drivers.reduce((sum, driver) => sum + driver.weight, 0));
   return {
@@ -491,6 +531,7 @@ function scoreRisk({
 function buildEvidence({
   integrity,
   memoryGuard,
+  learnedPolicy,
   blastRadius,
   taskScopeViolation,
   protectedSurface,
@@ -499,6 +540,16 @@ function buildEvidence({
   if (memoryGuard && memoryGuard.mode && memoryGuard.mode !== 'allow') {
     evidence.push(`Memory guard predicted ${memoryGuard.mode}: ${memoryGuard.reason}`);
   }
+  if (learnedPolicy && learnedPolicy.enabled && learnedPolicy.prediction) {
+    const topTokens = Array.isArray(learnedPolicy.topTokens)
+      ? learnedPolicy.topTokens.map((entry) => entry.token).slice(0, 3)
+      : [];
+    evidence.push(
+      `Learned policy predicted ${learnedPolicy.prediction.label} (${Math.round((learnedPolicy.prediction.confidence || 0) * 100)}% confidence)`
+      + (topTokens.length ? ` from ${topTokens.join(', ')}` : '')
+      + '.'
+    );
+  }
   if (taskScopeViolation) {
     evidence.push(
       taskScopeViolation.reasonCode === 'missing_task_scope'
@@ -523,12 +574,59 @@ function buildEvidence({
   return evidence;
 }
 
+function addIntegrityRemediations(push, integrity) {
+  if (!integrity || !Array.isArray(integrity.blockers)) {
+    return;
+  }
+
+  const blockerCodes = new Set(integrity.blockers.map((blocker) => blocker.code));
+  const remediationSpecs = [
+    {
+      codes: ['missing_branch_governance'],
+      id: 'set_branch_governance',
+      title: 'Declare branch governance',
+      action: 'Call set_branch_governance with branchName, baseBranch, and PR/release expectations.',
+      why: 'Release, merge, and PR workflows need explicit branch state.',
+    },
+    {
+      codes: ['merge_requires_pr_context'],
+      id: 'attach_pr_context',
+      title: 'Attach PR context',
+      action: 'Update branch governance with prNumber or prUrl before merging.',
+      why: 'Merge actions should be tied to one explicit review surface.',
+    },
+    {
+      codes: ['missing_release_version', 'release_version_mismatch'],
+      id: 'align_release_version',
+      title: 'Align release version',
+      action: 'Set branch governance releaseVersion and verify it matches package.json before publish.',
+      why: 'Release metadata should match the artifact being published.',
+    },
+    {
+      codes: ['publish_requires_base_branch', 'publish_requires_mainline_head'],
+      id: 'switch_to_mainline',
+      title: 'Run publish from mainline',
+      action: `Move the action onto ${integrity.baseBranch || DEFAULT_BASE_BRANCH} after the merge commit exists.`,
+      why: 'Publish and tag flows should execute from the protected mainline branch.',
+    },
+  ];
+
+  for (const remediation of remediationSpecs) {
+    if (!remediation.codes.some((code) => blockerCodes.has(code))) {
+      continue;
+    }
+    push(remediation.id, remediation.title, remediation.action, remediation.why);
+  }
+}
+
 function buildRemediations({
   integrity,
   taskScopeViolation,
   protectedSurface,
   blastRadius,
   memoryGuard,
+  learnedPolicy,
+  executionSurface,
 }) {
   const remediations = [];
   const seen = new Set();
@@ -555,41 +653,7 @@ function buildRemediations({
       'Protected policy files need an explicit time-bounded approval.'
     );
   }
-  if (integrity && Array.isArray(integrity.blockers)) {
-    const blockerCodes = new Set(integrity.blockers.map((blocker) => blocker.code));
-    if (blockerCodes.has('missing_branch_governance')) {
-      push(
-        'set_branch_governance',
-        'Declare branch governance',
-        'Call set_branch_governance with branchName, baseBranch, and PR/release expectations.',
-        'Release, merge, and PR workflows need explicit branch state.'
-      );
-    }
-    if (blockerCodes.has('merge_requires_pr_context')) {
-      push(
-        'attach_pr_context',
-        'Attach PR context',
-        'Update branch governance with prNumber or prUrl before merging.',
-        'Merge actions should be tied to one explicit review surface.'
-      );
-    }
-    if (blockerCodes.has('missing_release_version') || blockerCodes.has('release_version_mismatch')) {
-      push(
-        'align_release_version',
-        'Align release version',
-        'Set branch governance releaseVersion and verify it matches package.json before publish.',
-        'Release metadata should match the artifact being published.'
-      );
-    }
-    if (blockerCodes.has('publish_requires_base_branch') || blockerCodes.has('publish_requires_mainline_head')) {
-      push(
-        'switch_to_mainline',
-        'Run publish from mainline',
-        `Move the action onto ${integrity.baseBranch || DEFAULT_BASE_BRANCH} after the merge commit exists.`,
-        'Publish and tag flows should execute from the protected mainline branch.'
-      );
-    }
-  }
+  addIntegrityRemediations(push, integrity);
   if (memoryGuard && memoryGuard.mode && memoryGuard.mode !== 'allow') {
     push(
       'retrieve_lessons',
@@ -598,6 +662,24 @@ function buildRemediations({
       'The system already has evidence that this action pattern failed before.'
     );
   }
+  if (learnedPolicy && learnedPolicy.enabled && learnedPolicy.prediction) {
+    if (learnedPolicy.prediction.label === 'verify' && learnedPolicy.prediction.confidence >= 0.3) {
+      push(
+        'verify_before_closeout',
+        'Raise verification before claiming success',
+        'Run the relevant proof or test command and confirm the exact output before retrying or closing out.',
+        'The learned policy predicts this path tends to fail at verification time.'
+      );
+    }
+    if (learnedPolicy.prediction.label === 'recall' && learnedPolicy.prediction.confidence >= 0.3) {
+      push(
+        'retrieve_lessons',
+        'Inspect prior lessons',
+        'Call retrieve_lessons or search_lessons for this tool context before retrying.',
+        'The learned policy predicts this action needs prior lessons and corrective context.'
+      );
+    }
+  }
   if (blastRadius.fileCount >= 4 || blastRadius.surfaceCount >= 3) {
     push(
       'split_blast_radius',
@@ -606,6 +688,14 @@ function buildRemediations({
       'Smaller blast radii are easier to verify and recover.'
     );
   }
+  if (executionSurface?.shouldSandbox) {
+    push(
+      'route_to_docker_sandbox',
+      'Route through Docker Sandboxes',
+      `Launch the repo in Docker Sandboxes before retrying. Standalone: ${executionSurface.launchers.standalone}. Docker Desktop: ${executionSurface.launchers.dockerDesktop}.`,
+      'Isolated execution limits host damage when a high-risk local action goes wrong.'
+    );
+  }
 
   return remediations;
 }
@@ -615,6 +705,14 @@ function buildReasoning(report) {
     `Workflow sentinel risk ${report.band} (${report.riskScore}) for ${report.toolName}.`,
     `Blast radius: ${report.blastRadius.summary}.`,
   ];
+  if (report.learnedPolicy && report.learnedPolicy.enabled && report.learnedPolicy.prediction) {
+    lines.push(
+      `Learned policy predicted ${report.learnedPolicy.prediction.label} (${report.learnedPolicy.prediction.confidence}).`
+    );
+  }
+  if (report.executionSurface?.shouldSandbox) {
+    lines.push(`Execution surface: ${report.executionSurface.summary}`);
+  }
   for (const driver of report.drivers.slice(0, 4)) {
     lines.push(`Driver ${driver.key} (+${driver.weight}): ${driver.reason}`);
   }
@@ -624,15 +722,42 @@ function buildReasoning(report) {
   return lines;
 }
 
-function chooseDecision({ riskScore, integrity, memoryGuard, blastRadius, command }) {
+function getSentinelActionType(toolName) {
+  if (toolName === 'Bash') {
+    return 'shell.exec';
+  }
+  if (EDIT_LIKE_TOOLS.has(toolName)) {
+    return 'file.write';
+  }
+  return '';
+}
+
+function chooseDecision({ riskScore, integrity, memoryGuard, learnedPolicy, blastRadius, command }) {
   const hasOperationalBlockers = Boolean(integrity && Array.isArray(integrity.blockers) && integrity.blockers.length > 0);
   const destructiveBypass = /\bgit\s+push\b.*(?:--force|-f)\b/i.test(command) || /\bgh\s+pr\s+merge\b.*--admin\b/i.test(command);
+  const learnedPrediction = learnedPolicy && learnedPolicy.enabled ? learnedPolicy.prediction : null;
+  const learnedHardStop = Boolean(
+    learnedPrediction
+      && learnedPrediction.label === 'deny'
+      && learnedPrediction.confidence >= 0.7
+  );
+  const learnedWarning = Boolean(
+    learnedPrediction
+      && ['warn', 'verify', 'deny'].includes(learnedPrediction.label)
+      && learnedPrediction.confidence >= 0.3
+  );
+  const learnedRecall = Boolean(
+    learnedPrediction
+      && learnedPrediction.label === 'recall'
+      && learnedPrediction.confidence >= 0.3
+  );
   const lowBlastRadius = blastRadius.fileCount <= 1
     && blastRadius.surfaceCount <= 1
     && blastRadius.releaseSensitiveFiles.length === 0
     && blastRadius.unapprovedProtectedFiles === 0;
   const lowRiskHandoff = /\bgit\s+push\b|\bgh\s+pr\s+(?:create|merge)\b/i.test(command)
     && !destructiveBypass
+    && !learnedHardStop
     && lowBlastRadius
     && !hasOperationalBlockers
     && memoryGuard
@@ -652,10 +777,10 @@ function chooseDecision({ riskScore, integrity, memoryGuard, blastRadius, comman
   if (lowRiskHandoff) {
     return 'allow';
   }
-  if (destructiveBypass || repeatedHighBlast || (hasOperationalBlockers && riskScore >= 0.72) || riskScore >= 0.86) {
+  if (destructiveBypass || learnedHardStop || repeatedHighBlast || (hasOperationalBlockers && riskScore >= 0.72) || riskScore >= 0.86) {
     return 'deny';
   }
-  if (riskScore >= 0.45) {
+  if (riskScore >= 0.45 || (learnedWarning && riskScore >= 0.3) || (learnedRecall && riskScore >= 0.34)) {
     return 'warn';
   }
   return 'allow';
@@ -698,6 +823,20 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
     affectedFiles,
   }), options.feedbackOptions || {});
   const memoryGuard = normalizeMemoryGuardForSentinel(rawMemoryGuard, highRiskAction);
+  const learnedPolicy = getInterventionRecommendation({
+    toolName,
+    command: toolInput.command || '',
+    affectedFiles,
+    integrity,
+    memoryGuard,
+    riskBand: highRiskAction ? 'high' : 'low',
+    taskScopeViolation,
+    protectedSurface: protectedSurfaceForRisk,
+  }, {
+    feedbackDir: options.feedbackDir
+      || process.env.THUMBGATE_FEEDBACK_DIR
+      || (repoRoot ? path.join(repoRoot, '.thumbgate') : null),
+  });
   const blastRadius = buildBlastRadius({
     affectedFiles,
     integrity,
@@ -709,14 +848,28 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
     affectedFiles,
     integrity,
     memoryGuard,
+    learnedPolicy,
     blastRadius,
     taskScopeViolation,
     protectedSurface: protectedSurfaceForRisk,
   });
+  const executionSurface = buildDockerSandboxPlan({
+    toolName,
+    actionType: getSentinelActionType(toolName),
+    command: toolInput.command,
+    repoPath,
+    affectedFiles,
+    riskBand: risk.band,
+    riskScore: risk.score,
+    requiresNetwork: Boolean(
+      /\b(?:curl|wget|gh\s+pr|git\s+push|npm\s+publish|yarn\s+publish|pnpm\s+publish)\b/i.test(toolInput.command || '')
+    ),
+  });
   const decision = chooseDecision({
     riskScore: risk.score,
     integrity,
     memoryGuard,
+    learnedPolicy,
     blastRadius: {
       ...blastRadius,
       unapprovedProtectedFiles: protectedSurfaceForRisk.unapprovedProtectedFiles.length,
@@ -726,6 +879,7 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
   const evidence = buildEvidence({
     integrity,
     memoryGuard,
+    learnedPolicy,
     blastRadius,
     taskScopeViolation,
     protectedSurface: protectedSurfaceForRisk,
@@ -736,6 +890,8 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
     protectedSurface: protectedSurfaceForRisk,
     blastRadius,
     memoryGuard,
+    learnedPolicy,
+    executionSurface,
   });
   const summary = decision === 'allow'
     ? 'No predictive workflow blockers detected.'
@@ -743,7 +899,7 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
       ? 'Predicted workflow risk is elevated before execution.'
       : 'Predicted workflow failure before execution.';
   const report = {
-    sentinelVersion: 'workflow-sentinel-v1',
+    sentinelVersion: 'workflow-sentinel-v2',
     toolName,
     decision,
     riskScore: risk.score,
@@ -753,7 +909,9 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
     blastRadius,
     evidence,
     remediations,
+    executionSurface,
     memoryGuard,
+    learnedPolicy,
     taskScopeViolation,
     operationalIntegrity: {
       ok: integrity.ok,

package/skills/thumbgate/SKILL.md

@@ -86,7 +86,7 @@ Bounded retrieval of relevant feedback history for the current task. The agent g
 
 | | Free | Pro | Team |
 |---|---|---|---|
-| Feedback capture | Unlimited | Unlimited | Unlimited |
+| Feedback capture | 3/day | Unlimited | Unlimited |
 | Lesson search | 5/day | Unlimited | Unlimited |
 | Active gates | 5 | Unlimited | Unlimited |
 | Dashboard | - | Yes | Yes |