thumbgate 1.14.1 → 1.16.0

package/scripts/llm-client.js

@@ -10,6 +10,7 @@ const MODELS = {
 
 const DEFAULT_MODEL = MODELS.FAST;
 const DEFAULT_MAX_TOKENS = 1024;
+const DEFAULT_CACHE_TTL = '5m';
 
 let _client = null;
 
@@ -35,40 +36,170 @@ function stripCodeFences(text) {
   return fenced ? fenced[1].trim() : text.trim();
 }
 
-// Anthropic SDK throws errors with a `.status` field for HTTP failures.
-// Our defaultClassify already reads `.status`, so 429/5xx retry and 4xx
-// (bad request / unauthorized / not-found) bail immediately — which is
-// what we want: there is no point retrying a malformed prompt or a
-// revoked API key.
-async function callClaude({ systemPrompt, userPrompt, model, maxTokens } = {}) {
+function normalizeCacheOptions(cache) {
+  if (!cache) return null;
+
+  if (cache === true) {
+    return {
+      mode: 'system',
+      control: { type: 'ephemeral', ttl: DEFAULT_CACHE_TTL },
+    };
+  }
+
+  if (typeof cache === 'string') {
+    return {
+      mode: 'system',
+      control: { type: 'ephemeral', ttl: cache },
+    };
+  }
+
+  if (typeof cache !== 'object') return null;
+
+  const ttl = typeof cache.ttl === 'string' && cache.ttl ? cache.ttl : DEFAULT_CACHE_TTL;
+  const type = typeof cache.type === 'string' && cache.type ? cache.type : 'ephemeral';
+  const mode = typeof cache.mode === 'string' && cache.mode ? cache.mode : 'system';
+
+  return {
+    mode,
+    control: { type, ttl },
+  };
+}
+
+function applyCacheToSystem(systemPrompt, cacheOptions) {
+  if (!systemPrompt) return undefined;
+  if (!cacheOptions || (cacheOptions.mode !== 'system' && cacheOptions.mode !== 'tools+system')) {
+    return systemPrompt;
+  }
+  return [{ type: 'text', text: systemPrompt, cache_control: cacheOptions.control }];
+}
+
+function applyCacheToTools(tools, cacheOptions) {
+  if (!Array.isArray(tools) || tools.length === 0) return undefined;
+  if (!cacheOptions || (cacheOptions.mode !== 'tools' && cacheOptions.mode !== 'tools+system')) {
+    return tools;
+  }
+  return tools.map((tool) => {
+    if (!tool || typeof tool !== 'object' || tool.cache_control) return tool;
+    return { ...tool, cache_control: cacheOptions.control };
+  });
+}
+
+function buildClaudeRequest({
+  systemPrompt,
+  userPrompt,
+  messages,
+  model,
+  maxTokens,
+  cache,
+  tools,
+  toolChoice,
+  metadata,
+  temperature,
+} = {}) {
+  const cacheOptions = normalizeCacheOptions(cache);
+  const request = {
+    model: model || DEFAULT_MODEL,
+    max_tokens: maxTokens || DEFAULT_MAX_TOKENS,
+    messages: Array.isArray(messages) && messages.length > 0
+      ? messages
+      : [{ role: 'user', content: userPrompt }],
+  };
+
+  const normalizedSystem = applyCacheToSystem(systemPrompt, cacheOptions);
+  if (normalizedSystem) request.system = normalizedSystem;
+
+  const normalizedTools = applyCacheToTools(tools, cacheOptions);
+  if (normalizedTools) request.tools = normalizedTools;
+
+  if (toolChoice) request.tool_choice = toolChoice;
+  if (metadata && typeof metadata === 'object') request.metadata = metadata;
+  if (Number.isFinite(temperature)) request.temperature = temperature;
+
+  if (cacheOptions && cacheOptions.mode === 'request') {
+    request.cache_control = cacheOptions.control;
+  }
+
+  return request;
+}
+
+function extractTextContent(response) {
+  return (response?.content || [])
+    .filter((block) => block.type === 'text')
+    .map((block) => block.text)
+    .join('');
+}
+
+function parseClaudeJson(text) {
+  if (typeof text !== 'string') return null;
+  try {
+    return JSON.parse(stripCodeFences(text));
+  } catch {
+    return null;
+  }
+}
+
+async function callClaudeInternal(options = {}) {
   const client = getClient();
   if (!client) return null;
 
   try {
-    const text = await runStep('llm.callClaude', {
+    const response = await runStep('llm.callClaude', {
       retries: 2,
       logger: (msg) => console.warn(msg),
-    }, async () => {
-      const response = await client.messages.create({
-        model: model || DEFAULT_MODEL,
-        max_tokens: maxTokens || DEFAULT_MAX_TOKENS,
-        system: systemPrompt || undefined,
-        messages: [{ role: 'user', content: userPrompt }],
-      });
-
-      return response.content
-        .filter((b) => b.type === 'text')
-        .map((b) => b.text)
-        .join('');
-    });
-
-    return stripCodeFences(text);
+    }, async () => client.messages.create(buildClaudeRequest(options)));
+
+    const text = stripCodeFences(extractTextContent(response));
+    return {
+      text,
+      usage: response?.usage || null,
+      stopReason: response?.stop_reason || null,
+      id: response?.id || null,
+      model: response?.model || options.model || DEFAULT_MODEL,
+    };
   } catch {
-    // Preserve the original callClaude contract — callers expect `null` on
-    // failure, not an exception. runStep already logged retry attempts,
-    // so the permanent failure is visible in logs.
     return null;
   }
 }
 
-module.exports = { isAvailable, callClaude, stripCodeFences, MODELS };
+// Anthropic SDK throws errors with a `.status` field for HTTP failures.
+// Our defaultClassify already reads `.status`, so 429/5xx retry and 4xx
+// (bad request / unauthorized / not-found) bail immediately — which is
+// what we want: there is no point retrying a malformed prompt or a
+// revoked API key.
+async function callClaude(options = {}) {
+  const result = await callClaudeInternal(options);
+  if (!result) return null;
+  return options.returnMetadata ? result : result.text;
+}
+
+async function callClaudeJson(options = {}) {
+  const result = await callClaudeInternal(options);
+  if (!result) return null;
+
+  const parsed = parseClaudeJson(result.text);
+  if (parsed === null) return null;
+
+  if (options.returnMetadata) {
+    return {
+      parsed,
+      text: result.text,
+      usage: result.usage,
+      stopReason: result.stopReason,
+      id: result.id,
+      model: result.model,
+    };
+  }
+
+  return parsed;
+}
+
+module.exports = {
+  isAvailable,
+  callClaude,
+  callClaudeJson,
+  stripCodeFences,
+  parseClaudeJson,
+  normalizeCacheOptions,
+  buildClaudeRequest,
+  MODELS,
+};

package/scripts/mailer/resend-mailer.js

@@ -339,7 +339,7 @@ function renderTrialWelcomeBodies({ licenseKey, customerId, customerName, trialE
   const headline = 'Your ThumbGate Pro trial is live.';
   const subhead = `You have 7 days of Pro access. Trial ends ${trialEndLabel}.`;
   const description =
-    'ThumbGate turns thumbs up/down feedback into Pre-Action Gates that stop repeated AI coding mistakes ' +
+    'ThumbGate turns thumbs up/down feedback into Pre-Action Checks that stop repeated AI coding mistakes ' +
     'before the next tool call. Lessons stay on your machine. Repeated failures become Reliability Gateway blocks.';
   const exampleFeedback =
     'thumbs down: the answer skipped exact files and tests; next time include paths, commands, and verification evidence.';
@@ -503,10 +503,121 @@ async function sendTrialWelcomeEmail({ to, licenseKey, customerId, customerName,
   return sendEmail({ to, subject, html, text, replyTo: getReplyTo(), fetchImpl, dnsResolver });
 }
 
+function renderNewsletterWelcomeBodies() {
+  const supportEmail = getSupportEmail();
+  const unsubscribeEmail = getUnsubscribeEmail();
+  const businessName = getBusinessName();
+  const businessAddress = getBusinessAddress();
+  const unsubscribeMailto = `mailto:${unsubscribeEmail}?subject=unsubscribe&body=Please%20remove%20me%20from%20ThumbGate%20emails.`;
+  const headline = 'Welcome to ThumbGate.';
+  const subhead =
+    'One concrete AI coding failure prevented per email. No theory, no fluff.';
+  const firstLesson =
+    'First lesson: the most expensive AI mistake is the one it repeats. ' +
+    'ThumbGate turns thumbs up/down signals into Pre-Action Checks that stop ' +
+    'the next recurrence before the tool call runs.';
+  const ctaLink = 'https://thumbgate.ai/pro';
+
+  const text = [
+    'Welcome to ThumbGate.',
+    '',
+    subhead,
+    '',
+    firstLesson,
+    '',
+    `Want the full stop-repeating-mistakes loop locally? ${ctaLink}`,
+    '',
+    `Questions? Reply to this email or write ${supportEmail}.`,
+    '',
+    '— Igor, founder of ThumbGate',
+    '',
+    '---',
+    `You're getting this because you signed up on thumbgate.ai. Unsubscribe: ${unsubscribeEmail}`,
+    `${businessName} · ${businessAddress}`,
+  ].join('\n');
+
+  const safeHeadline = escapeHtml(headline);
+  const safeSubhead = escapeHtml(subhead);
+  const safeFirstLesson = escapeHtml(firstLesson);
+  const safeSupportEmail = escapeHtml(supportEmail);
+  const safeBusinessName = escapeHtml(businessName);
+  const safeBusinessAddress = escapeHtml(businessAddress);
+  const safeUnsubscribeEmail = escapeHtml(unsubscribeEmail);
+  const safeUnsubscribeMailto = escapeHtml(unsubscribeMailto);
+
+  const html = `<!doctype html>
+<html>
+  <body style="margin:0;background:#f5f7fb;padding:28px 12px;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Arial,sans-serif;color:#17212b;">
+    <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="border-collapse:collapse;">
+      <tr>
+        <td align="center">
+          <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="border-collapse:collapse;max-width:640px;background:#ffffff;border:1px solid #d8e2ea;border-radius:10px;overflow:hidden;">
+            <tr>
+              <td style="background:#071115;padding:24px 28px;color:#e7fbff;">
+                <div style="font-size:13px;font-weight:700;letter-spacing:0.02em;text-transform:uppercase;color:#73d4e9;">ThumbGate</div>
+                <h1 style="margin:10px 0 6px;font-size:24px;line-height:1.25;color:#ffffff;">${safeHeadline}</h1>
+                <p style="margin:0;font-size:14px;line-height:1.5;color:#9cbac4;">${safeSubhead}</p>
+              </td>
+            </tr>
+            <tr>
+              <td style="padding:24px 28px 10px;">
+                <p style="margin:0 0 18px;font-size:15px;line-height:1.6;color:#344451;">${safeFirstLesson}</p>
+                <p style="margin:0 0 22px;">
+                  <a href="${ctaLink}" style="display:inline-block;background:#45bfd8;color:#061015;text-decoration:none;font-weight:700;padding:12px 22px;border-radius:6px;font-size:15px;">See the full Pro loop</a>
+                </p>
+              </td>
+            </tr>
+            <tr>
+              <td style="padding:0 28px 22px;">
+                <p style="margin:0 0 4px;font-size:14px;line-height:1.6;color:#17212b;">— Igor, founder of ThumbGate</p>
+                <p style="margin:0;font-size:13px;line-height:1.55;color:#526273;">
+                  Questions? Reply or write
+                  <a href="mailto:${safeSupportEmail}" style="color:#087a91;">${safeSupportEmail}</a>.
+                </p>
+              </td>
+            </tr>
+            <tr>
+              <td style="padding:16px 28px 22px;border-top:1px solid #e2e8ec;background:#fafbfc;">
+                <p style="margin:0 0 6px;font-size:12px;line-height:1.5;color:#7a8790;">
+                  You signed up on thumbgate.ai.
+                  <a href="${safeUnsubscribeMailto}" style="color:#7a8790;text-decoration:underline;">Unsubscribe</a>
+                  (${safeUnsubscribeEmail}).
+                </p>
+                <p style="margin:0;font-size:12px;line-height:1.5;color:#7a8790;">
+                  ${safeBusinessName} &middot; ${safeBusinessAddress}
+                </p>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </body>
+</html>`;
+
+  return { html, text };
+}
+
+async function sendNewsletterWelcomeEmail({ to, fetchImpl, dnsResolver } = {}) {
+  if (!isNonEmptyString(to)) throw new Error('sendNewsletterWelcomeEmail: `to` is required');
+  const { html, text } = renderNewsletterWelcomeBodies();
+  return sendEmail({
+    to,
+    subject: 'Welcome to ThumbGate — one AI mistake prevented per email',
+    html,
+    text,
+    replyTo: getReplyTo(),
+    fetchImpl,
+    dnsResolver,
+  });
+}
+
 module.exports = {
   sendEmail,
   sendTrialWelcomeEmail,
+  sendNewsletterWelcomeEmail,
   renderTrialWelcomeBodies,
+  renderNewsletterWelcomeBodies,
   _resolveSenderAddress: resolveSenderAddress,
   _hasResendSenderDns: hasResendSenderDns,
   _recordsHaveResendDns: recordsHaveResendDns,

package/scripts/mcp-transport-strategy.js

@@ -0,0 +1,66 @@
+'use strict';
+
+function scoreTransportNeed(service = {}) {
+  let score = 0;
+  if ((service.callsPerMinute || 0) >= 120) score += 30;
+  if ((service.concurrentAgents || 0) >= 10) score += 20;
+  if (service.streaming) score += 20;
+  if (service.existingGrpc) score += 15;
+  if (service.doubleStackedJsonShim) score += 15;
+  if (service.inferenceDominated) score -= 25;
+  return Math.max(0, Math.min(100, score));
+}
+
+function recommendMcpTransport(service = {}) {
+  const score = scoreTransportNeed(service);
+  const reasons = [];
+
+  if ((service.callsPerMinute || 0) >= 120) reasons.push('high_frequency_tool_calls');
+  if ((service.concurrentAgents || 0) >= 10) reasons.push('many_concurrent_agents');
+  if (service.streaming) reasons.push('streaming_or_long_running_flow');
+  if (service.existingGrpc) reasons.push('backend_already_grpc');
+  if (service.doubleStackedJsonShim) reasons.push('json_shim_exists_only_for_agents');
+  if (service.inferenceDominated) reasons.push('llm_latency_dominates_transport');
+
+  const transport = score >= 50 ? 'grpc' : 'json_rpc_http';
+  return {
+    service: service.name || 'unnamed-service',
+    score,
+    transport,
+    reasons,
+    rollout: transport === 'grpc'
+      ? [
+        'pilot pluggable transport behind config',
+        'reuse protobuf contracts where present',
+        'add contract tests and stream retry policy',
+        'compare latency throughput and error rate against JSON-RPC baseline',
+        'deprecate redundant JSON shim only after soak evidence',
+      ]
+      : [
+        'keep JSON-RPC over HTTP',
+        'avoid transport churn until tool-call volume or streaming pressure changes',
+        'continue validating payloads at MCP boundary',
+      ],
+  };
+}
+
+function buildMcpTransportMigrationPlan(services = []) {
+  const recommendations = services.map(recommendMcpTransport);
+  return {
+    recommendations,
+    pilots: recommendations.filter((item) => item.transport === 'grpc').slice(0, 1),
+    guardrails: [
+      'tool definitions remain transport agnostic',
+      'wire protocol lives behind adapters',
+      'semantic tool descriptions stay available to the LLM',
+      'no JSON shim removal before contract tests and soak metrics pass',
+    ],
+    metrics: ['p95_tool_latency_ms', 'tool_error_rate', 'stream_reconnects', 'payload_validation_failures'],
+  };
+}
+
+module.exports = {
+  buildMcpTransportMigrationPlan,
+  recommendMcpTransport,
+  scoreTransportNeed,
+};

package/scripts/memory-store-governance.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function classifyMemoryFile(filePath) {
+  const normalized = normalizeText(filePath).toLowerCase();
+  if (/preference|style|tone|format/.test(normalized)) return 'preference';
+  if (/credential|token|secret|password|key/.test(normalized)) return 'blocked_secret';
+  if (/task|completed|todo|draft/.test(normalized)) return 'workflow_state';
+  if (/account|customer|user|contact/.test(normalized)) return 'sensitive_context';
+  return 'general';
+}
+
+function actionForClassification(classification) {
+  if (classification === 'blocked_secret') return 'block';
+  if (classification === 'sensitive_context') return 'redact_before_export';
+  return 'allow_reviewed_promotion';
+}
+
+function buildMemoryStoreGovernance(input = {}) {
+  const files = Array.isArray(input.files) ? input.files : [];
+  const records = files.map((file) => {
+    const path = typeof file === 'string' ? file : file.path;
+    const classification = classifyMemoryFile(path);
+    return {
+      path: normalizeText(path),
+      classification,
+      promotable: !['blocked_secret', 'sensitive_context'].includes(classification),
+      action: actionForClassification(classification),
+    };
+  }).filter((record) => record.path);
+
+  return {
+    generatedAt: normalizeText(input.generatedAt) || new Date().toISOString(),
+    storeKind: 'file_backed_agent_memory',
+    records,
+    policy: {
+      export: 'allowed_after_redaction',
+      import: 'requires_schema_validation',
+      promotion: 'requires_review_and_actionable_context',
+      deletion: 'append_decision_journal_entry',
+    },
+    summary: {
+      totalFiles: records.length,
+      blocked: records.filter((record) => record.action === 'block').length,
+      redactBeforeExport: records.filter((record) => record.action === 'redact_before_export').length,
+      promotable: records.filter((record) => record.promotable).length,
+    },
+  };
+}
+
+module.exports = {
+  actionForClassification,
+  buildMemoryStoreGovernance,
+  classifyMemoryFile,
+};

package/scripts/meta-agent-loop.js

@@ -36,7 +36,7 @@ const { resolveFeedbackDir } = require('./feedback-paths');
 const { parseFeedbackFile, classifySignal, promoteToGates } = require('./feedback-to-rules');
 const { loadAutoGates, saveAutoGates, getAutoGatesPath, patternToGateId } = require('./auto-promote-gates');
 const { readEvolutionState, writeEvolutionState, captureEvolutionSnapshot, applyAcceptedMutation } = require('./evolution-state');
-const { isAvailable, callClaude, MODELS } = require('./llm-client');
+const { isAvailable, callClaudeJson, MODELS } = require('./llm-client');
 const { ensureParentDir } = require('./fs-utils');
 
 // ---------------------------------------------------------------------------
@@ -165,24 +165,18 @@ async function generateCandidatesViaLLM(failures, successDef, blockPatterns) {
     `Generate ${CANDIDATES_PER_RUN} candidate prevention rules that would catch these failures.`,
   ].join('\n\n');
 
-  const raw = await callClaude({
+  const parsed = await callClaudeJson({
     systemPrompt: CANDIDATE_SYSTEM_PROMPT,
     userPrompt,
     model: MODELS.FAST,
     maxTokens: 1200,
+    cache: true,
   });
 
-  if (!raw) return null;
-
-  try {
-    const parsed = JSON.parse(raw);
-    if (!Array.isArray(parsed)) return null;
-    return parsed
-      .filter((r) => r.pattern && r.action && r.message && r.severity)
-      .slice(0, CANDIDATES_PER_RUN);
-  } catch {
-    return null;
-  }
+  if (!Array.isArray(parsed)) return null;
+  return parsed
+    .filter((r) => r.pattern && r.action && r.message && r.severity)
+    .slice(0, CANDIDATES_PER_RUN);
 }
 
 function generateCandidatesHeuristic(failures, blockPatterns) {

package/scripts/model-access-eligibility.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function evaluateModelAccessEligibility(input = {}) {
+  const model = normalizeText(input.model) || 'unknown';
+  const accessType = normalizeText(input.accessType) || 'public';
+  const approved = input.approved === true || input.invited === true || input.allowListed === true;
+  const maintainerPath = input.openSourceMaintainer === true;
+  const gated = /mythos|preview|research|private|invite|glasswing/i.test(`${model} ${accessType}`);
+  const issues = [];
+
+  if (gated && !approved) {
+    issues.push('approval_required_before_platform_setup');
+  }
+  if (gated && !approved && maintainerPath) {
+    issues.push('maintainer_path_is_possible_not_guaranteed');
+  }
+  if (gated && /aws|bedrock|vertex|foundry|azure|gcp/i.test(normalizeText(input.platform)) && !approved) {
+    issues.push('platform_docs_do_not_create_model_access');
+  }
+
+  return {
+    model,
+    accessType,
+    decision: issues.length === 0 ? 'allow' : 'warn',
+    issues,
+    fallback: gated && !approved ? 'Use a public model route until approval exists.' : null,
+  };
+}
+
+module.exports = {
+  evaluateModelAccessEligibility,
+};

package/scripts/model-migration-readiness.js

@@ -0,0 +1,55 @@
+'use strict';
+
+function buildModelMigrationPlan(options = {}) {
+  const targetModel = options.targetModel || 'gpt-5.5';
+  const currentModel = options.currentModel || 'current-codex-default';
+
+  return {
+    targetModel,
+    currentModel,
+    migrationReason: options.migrationReason || 'better agentic coding, lower token use, and longer research loops',
+    benchmarkSuites: [
+      'npm run test:high-roi',
+      'npm run prove:adapters',
+      'npm run prove:automation',
+      'npm run self-heal:check',
+    ],
+    evalDimensions: [
+      'unsupported_completion_claim_rate',
+      'tool_call_accuracy',
+      'token_cost_per_verified_task',
+      'regression_rate',
+      'computer_use_error_rate',
+      'research_loop_persistence',
+    ],
+    routingPolicy: {
+      lowRisk: 'allow_after_smoke_pass',
+      highRisk: 'allow_after_holdout_and_proof_pass',
+      destructiveActions: 'human_review_plus_evidence_gate',
+    },
+  };
+}
+
+function evaluateModelMigrationResult(result = {}) {
+  const issues = [];
+  if (!result.targetModel) issues.push('missing_target_model');
+  if (!result.baselineModel) issues.push('missing_baseline_model');
+  if (!result.highRoiTestsPass) issues.push('high_roi_tests_must_pass');
+  if (!result.adapterProofPass) issues.push('adapter_proof_must_pass');
+  if (!result.automationProofPass) issues.push('automation_proof_must_pass');
+  if (!result.selfHealPass) issues.push('self_heal_must_pass');
+  if (!Number.isFinite(result.tokenDeltaPercent)) issues.push('missing_token_delta');
+  if (Number(result.regressionCount || 0) > 0) issues.push('model_regressions_present');
+  if (result.routeHighRisk && !result.holdoutEvalPass) issues.push('holdout_required_for_high_risk_routing');
+
+  return {
+    decision: issues.length ? 'warn' : 'allow',
+    issues,
+    canRouteHighRisk: issues.length === 0 && Boolean(result.routeHighRisk),
+  };
+}
+
+module.exports = {
+  buildModelMigrationPlan,
+  evaluateModelMigrationResult,
+};