thumbgate 1.14.0 → 1.15.0

package/.claude-plugin/README.md

@@ -1,170 +0,0 @@
-# ThumbGate for Claude Desktop
-
-**Give thumbs up 👍 or thumbs down 👎 on any agent action. ThumbGate captures it, runs History-aware lesson distillation across up to 8 prior recorded entries, and blocks the pattern from repeating. Just type "thumbs up" or "thumbs down" in the chat.**
-
-## Try it now
-
-1. Install ThumbGate
-2. Start a Claude Desktop session
-3. When the agent does something wrong, type: **thumbs down**
-4. ThumbGate captures the mistake, distills a lesson, and creates a prevention rule
-5. Next session: the agent physically cannot repeat that mistake
-
-That's it. One thumbs-down, never again.
-
-## What it does
-
-- **👎 Thumbs down** → captures the mistake → distills a lesson → auto-promotes to a prevention rule → PreToolUse hook blocks the pattern before execution
-- **👍 Thumbs up** → reinforces good patterns → agent starts preferring your approved flows without re-explaining them each session
-- **33 pre-action gates** → block destructive actions (force-push, mass delete, destructive SQL) before they execute
-- **Budget enforcement** → action count + time limits prevent runaway sessions
-- **Self-protection** → agent cannot disable its own governance
-- **Compliance tags** → NIST, SOC2, OWASP, CWE on gate rules for enterprise teams
-- **Shared team enforcement** → one engineer's thumbs-down protects the whole team
-- **60-second follow-up** → feedback can link to a prior mistake with `relatedFeedbackId` so delayed corrections still become useful gates
-
-## Installation
-
-### Local install today
-
-Use the portable npm launcher:
-
-```bash
-claude mcp add thumbgate -- npx --yes --package thumbgate thumbgate serve
-```
-
-Or use the project bootstrap:
-
-```bash
-npx thumbgate init
-```
-
-### Direct bundle download
-
-Download the latest packaged Claude Desktop bundle from GitHub Releases:
-
-https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-claude-desktop.mcpb
-
-That bundle is built from the same `.claude-plugin` metadata in this repo and is meant for people who want a ready-to-install artifact instead of building locally.
-
-### Review packet zip
-
-Anthropic's submission flow may ask for a GitHub link or a zip that preserves the plugin folder structure. The review-ready source zip lives on GitHub Releases:
-
-https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-claude-plugin-review.zip
-
-### Anthropic directory path
-
-If Anthropic approves the listing, install from Claude Desktop via `Settings -> Extensions`.
-
-Directory inclusion is an external review process. Do not claim listing or approval before it is real.
-
-Submission forms:
-
-- https://claude.ai/settings/plugins/submit
-- https://platform.claude.com/plugins/submit
-
-### Repo marketplace while review is pending
-
-Claude Code users do not need to wait for the official directory. Anthropic's plugin docs allow adding a repository marketplace directly when the repo contains `.claude-plugin/marketplace.json`.
-
-Inside Claude Code, run:
-
-```text
-/plugin marketplace add IgorGanapolsky/ThumbGate
-/plugin install thumbgate@thumbgate-marketplace
-```
-
-That uses the marketplace metadata already published in this repository while Anthropic reviews the official directory submission.
-
-### MCPB bundle build
-
-Maintainers can build the local Claude Desktop bundle directly from this repo:
-
-```bash
-npm run build:claude-mcpb
-```
-
-That command stages a clean bundle, installs production dependencies, packs a `.mcpb`, and validates it with Anthropic's official MCPB CLI.
-
-## Configuration
-
-The local OSS path needs no API key.
-
-Optional hosted path:
-
-```json
-{
-  "mcpServers": {
-    "thumbgate": {
-      "command": "npx",
-      "args": ["--yes", "--package", "thumbgate", "thumbgate", "serve"],
-      "env": {
-        "THUMBGATE_BASE_URL": "https://thumbgate-production.up.railway.app",
-        "THUMBGATE_API_KEY": "tg_YOUR_KEY_HERE"
-      }
-    }
-  }
-}
-```
-
-## Examples
-
-### Example 1: Block force-push
-
-```
-You: "Push my changes to main"
-Claude: [tries git push --force]
-ThumbGate: ⛔ Blocked — "no-force-push" (confidence: 0.94)
-You: Never had to correct it again.
-```
-
-### Example 2: Thumbs-down on bad action
-
-```
-You: "thumbs down"
-ThumbGate: 👎 Captured. History-aware lesson distillation from up to 8 prior recorded entries...
-           Lesson: "Agent edited production config without approval"
-           Follow-up window: 60-second follow-up can attach relatedFeedbackId
-           Rule auto-promoted. Will block matching actions in future sessions.
-```
-
-### Example 3: Thumbs-up reinforces good patterns
-
-```
-You: "thumbs up"
-ThumbGate: 👍 Recorded. Reinforcing: "Agent used feature branch + PR workflow"
-           Agent will prefer this pattern in future sessions.
-```
-
-### Example 4: Budget enforcement
-
-```
-[Agent hits 500 actions in strict mode]
-ThumbGate: ⛔ Budget exceeded: 501/500 actions used. Session budget exhausted.
-```
-
-## Privacy Policy
-
-For complete privacy information, see: https://thumbgate-production.up.railway.app/privacy
-
-### Data Collection
-
-- Local installs store workflow memory, feedback entries, and proof artifacts in local project files.
-- Optional hosted mode sends feedback and memory data to the configured `THUMBGATE_BASE_URL`.
-- Optional CLI telemetry is best-effort and can be disabled with `THUMBGATE_NO_TELEMETRY=1`.
-- We do not sell customer data; retention and deletion details live in the public privacy policy.
-
-## Support
-
-- GitHub Issues: https://github.com/IgorGanapolsky/ThumbGate/issues
-- Security Advisories: https://github.com/IgorGanapolsky/ThumbGate/security
-- Verification evidence: https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/VERIFICATION_EVIDENCE.md
-- Product Hunt: https://www.producthunt.com/products/thumbgate
-
-## Notes For Submission
-
-- Local Claude metadata lives in `.claude-plugin/plugin.json` and `.claude-plugin/marketplace.json`.
-- The MCPB bundle is built with `npm run build:claude-mcpb`.
-- The review packet zip is built with `npm run build:claude-review-zip`.
-- Anthropic directory requirements and the internal publish checklist live in `docs/CLAUDE_DESKTOP_EXTENSION.md`.

package/adapters/README.md

@@ -1,12 +0,0 @@
-# Adapter Bundles
-
-- `chatgpt/openapi.yaml`: import into GPT Actions.
-- `gemini/function-declarations.json`: Gemini function-calling definitions.
-- `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.14.0 thumbgate serve`.
-- `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
-- `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
-- `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.
-- `perplexity/.mcp.json`: Claude Code config with ThumbGate + Perplexity MCP servers side-by-side.
-- `perplexity/config.toml`: Codex config with ThumbGate + Perplexity MCP servers.
-- `perplexity/opencode.json`: OpenCode config with ThumbGate + Perplexity MCP servers.

package/skills/agent-memory/SKILL.md

@@ -1,97 +0,0 @@
----
-name: Agent Memory
-description: Recall past mistakes and capture feedback so your agent stops repeating errors. Works locally via MCP server — no API key needed.
----
-
-# Agent Memory
-
-Give your agent persistent memory across sessions. Before starting any task, recall what went wrong last time. After completing work, capture whether it succeeded or failed. Prevention rules are auto-generated from repeated mistakes.
-
-## Setup
-
-Add the MCP server (one-time):
-
-```bash
-claude mcp add thumbgate -- npx -y thumbgate serve
-```
-
-No API key needed. All data stays local.
-
-## When to Use
-
-- Starting a new task or session — recall past context first
-- After completing work that succeeded or failed — capture feedback
-- When the agent keeps making the same mistake — check prevention rules
-
-## Workflow
-
-### Step 1: Recall past context (do this FIRST on every task)
-
-Call the `recall` MCP tool with a description of your current task. The tool returns:
-
-- Past feedback relevant to this task (vector similarity search)
-- Active prevention rules (auto-generated from repeated failures)
-- Recent feedback summary with approval rate
-
-Read the prevention rules carefully. These are patterns that failed before — follow them.
-
-### Step 2: Do your work
-
-Complete the task as normal. Keep track of what you did and whether it worked.
-
-### Step 3: Capture feedback
-
-Call the `capture_feedback` MCP tool:
-
-**If succeeded:**
-- signal: `up`
-- context: What worked and why
-- tags: Category labels
-
-**If failed:**
-- signal: `down`
-- context: What you were trying to do
-- whatWentWrong: Specific failure description
-- whatToChange: How to avoid this next time
-- tags: Category labels
-
-Vague feedback like "it failed" will be rejected. Be specific.
-
-### Step 4: Check improvement (optional)
-
-Call the `feedback_stats` MCP tool to see approval rate, top failure domains, and whether the agent is trending better or worse.
-
-## Available MCP Tools
-
-| Tool | What it does |
-|------|-------------|
-| `recall` | Search past feedback and prevention rules for current task |
-| `capture_feedback` | Record what worked or failed with structured context |
-| `prevention_rules` | View auto-generated rules from repeated mistakes |
-| `feedback_stats` | Approval rate, trend analysis, top failure domains |
-| `feedback_summary` | Human-readable summary of recent signals |
-
-## MCP Profiles
-
-| Profile | Tools | Use case |
-|---------|-------|----------|
-| `essential` | 5 core tools | Default — start here |
-| `commerce` | 6 tools + commerce_recall | Agentic commerce agents |
-| `default` | 12 tools | Full pipeline including DPO export |
-
-Set profile: `THUMBGATE_MCP_PROFILE=essential npx thumbgate serve`
-
-## How Prevention Rules Work
-
-1. Agent makes mistake A → you capture `down` feedback
-2. Agent makes mistake A again → you capture `down` feedback again
-3. System detects pattern → auto-generates prevention rule: "NEVER do A"
-4. Next session → `recall` returns the rule → agent follows it
-
-This is the core value. The agent doesn't learn — but it reads the rules and follows them.
-
-## Links
-
-- [GitHub](https://github.com/IgorGanapolsky/thumbgate)
-- [npm](https://www.npmjs.com/package/thumbgate)
-- [MCP Registry](https://registry.modelcontextprotocol.io)

package/skills/solve-architecture-autonomy/SKILL.md

@@ -1,17 +0,0 @@
----
-name: solve-architecture-autonomy
-description: Automated skill to handle architecture, autonomy, crisis, debug, deployment, error, execution, external-assessment, feedback, inefficiency, negative, railway, revenue, roi, simplification, user-frustration patterns efficiently.
-diagnosis: Repeated execution failure in this domain.
-status: materialized
----
-
-# SOLVE-ARCHITECTURE-AUTONOMY Capability
-
-## Problem
-I provided a plan and research instead of immediately deploy
-
-## Automated Diagnosis
-Repeated execution failure in this domain.
-
-## Usage
-The agent should call the `handle_architecture` tool when tasks involve `architecture, autonomy, crisis, debug, deployment, error, execution, external-assessment, feedback, inefficiency, negative, railway, revenue, roi, simplification, user-frustration`.

package/skills/solve-architecture-autonomy/tool.js

@@ -1,33 +0,0 @@
-/**
- * Automated Skill: solve-architecture-autonomy
- * Generated: 2026-03-13T15:50:58.840Z
- * 
- * This tool was materialized by the EvoSkill loop to address:
- * "I provided a plan and research instead of immediately deploy"
- */
-
-const { execSync } = require('child_process');
-
-/**
- * Fixes I provided a plan and research instead of immediately deploy
- */
-async function handle_architecture(args) {
-  const { context } = args;
-  
-  // LOGIC: Materialized code should implement the fix derived from the diagnosis.
-  // For now, we provide a structured wrapper that logs intent and applies
-  // the suggested corrective action.
-  
-  console.log(`[EVOSKILL] Executing handle_architecture to resolve: I provided a plan and research instead of immediately deploy`);
-  
-  // Corrective action placeholder - in a full loop, this would be LLM-generated code
-  // derived from the 'how-to-avoid' fields in memory-log.jsonl.
-  
-  return {
-    status: 'success',
-    appliedFix: `Automated handling of I provided a plan and research instead of immediately deploy pattern.`,
-    context: context
-  };
-}
-
-module.exports = { handle_architecture };

package/skills/thumbgate-feedback/SKILL.md

@@ -1,49 +0,0 @@
----
-name: thumbgate-feedback
-description: >
-  Capture thumbs up/down feedback into structured memories and prevention rules.
-  Require one sentence of why before claiming memory promotion.
-  Use when user gives explicit quality signals about agent work (e.g. "that worked",
-  "that failed", "thumbs up/down"). Do NOT use for general questions, code generation,
-  file operations, or any task that is not explicit feedback on prior agent output.
-triggers:
-  - thumbs up
-  - thumbs down
-  - that worked
-  - that failed
-negative_triggers:
-  - generate code
-  - search files
-  - explain this
-  - run tests
----
-
-# ThumbGate Feedback Skill
-
-When user provides feedback, execute:
-
-```bash
-# negative
-node .claude/scripts/feedback/capture-feedback.js \
-  --feedback=down \
-  --context="<what failed>" \
-  --what-went-wrong="<specific failure>" \
-  --what-to-change="<prevention action>" \
-  --tags="<domain>,regression"
-
-# positive
-node .claude/scripts/feedback/capture-feedback.js \
-  --feedback=up \
-  --context="<what succeeded>" \
-  --what-worked="<repeatable pattern>" \
-  --tags="<domain>,fix"
-```
-
-If the user only says `thumbs up`, `thumbs down`, `that worked`, or `that failed`, log the signal and ask one follow-up question before claiming it became reusable memory.
-
-At session start, run:
-
-```bash
-npm run feedback:summary
-npm run feedback:rules
-```