thumbgate 1.15.0 → 1.16.0

package/scripts/scaling-law-claims.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function classifyScalingClaim(claim) {
+  const text = normalizeText(claim).toLowerCase();
+  if (/\b(pretrain|pretraining|parameters|training tokens|flops|cross entropy|test loss)\b/.test(text)) {
+    return 'pretraining_scaling';
+  }
+  if (/\b(rl|reinforcement|feedback|dpo|kto|reward|policy|thumbs[-\s]?(up|down)|gate|prevention rule)\b/.test(text)) {
+    return 'feedback_policy_scaling';
+  }
+  return 'general_scaling';
+}
+
+function evaluateScalingClaim(input = {}) {
+  const claim = normalizeText(input.claim);
+  const claimType = classifyScalingClaim(claim);
+  const evidence = Array.isArray(input.evidence) ? input.evidence.filter(Boolean) : [];
+  const heldout = evidence.some((entry) => /held[-\s]?out|validation|eval|ablation|backtest/i.test(String(entry)));
+  const production = evidence.some((entry) => /production|real user|workflow run|decision journal|blocked action/i.test(String(entry)));
+  const rlCompute = evidence.some((entry) => /sampling compute|rollout|trajectory|policy update|reward model|rl compute/i.test(String(entry)));
+  const sampling = evidence.some((entry) => /pass@|best-of-n|majority vote|sample budget|sampling/i.test(String(entry)));
+  const issues = [];
+
+  if (!claim) issues.push('missing_claim');
+  if (claimType === 'feedback_policy_scaling' && !heldout) {
+    issues.push('missing_heldout_feedback_eval');
+  }
+  if (claimType === 'feedback_policy_scaling' && /rl|reinforcement|sampling/i.test(claim) && !rlCompute) {
+    issues.push('missing_rl_compute_evidence');
+  }
+  if (claimType === 'feedback_policy_scaling' && /sampling|best-of|vote|pass@/i.test(claim) && !sampling) {
+    issues.push('missing_sampling_budget_evidence');
+  }
+  if (claimType === 'pretraining_scaling' && evidence.length === 0) {
+    issues.push('missing_model_scaling_evidence');
+  }
+  if (/guarantee|always|never|100%|proves?/i.test(claim) && !production) {
+    issues.push('absolute_claim_without_production_evidence');
+  }
+
+  return {
+    claimType,
+    decision: issues.length === 0 ? 'allow' : 'warn',
+    issues,
+    requiredEvidence: claimType === 'feedback_policy_scaling'
+      ? ['held-out eval', 'ablation or backtest', 'RL/sampling compute budget when claimed', 'decision-journal production sample']
+      : ['source data', 'validation metric', 'scope limits'],
+  };
+}
+
+module.exports = {
+  classifyScalingClaim,
+  evaluateScalingClaim,
+};

package/scripts/security-scanner.js

@@ -2,7 +2,7 @@
 'use strict';
 
 /**
- * Security Scanner — OWASP-aware static analysis for PreToolUse gates.
+ * Security Scanner — OWASP-aware static analysis for PreToolUse checks.
  *
  * Scans code being written/edited by AI agents for common vulnerability
  * patterns (injection, XSS, path traversal, etc.) and suspicious dependency

package/scripts/self-distill-agent.js

@@ -349,39 +349,14 @@ Return JSON only, no markdown fences:
 Focus on actionable, specific lessons. Ignore trivial interactions.`;
 
 async function callAnthropicApi(conversationText, model) {
-  const apiKey = process.env.ANTHROPIC_API_KEY;
-  if (!apiKey) return null;
-
-  const body = JSON.stringify({
-    model: model || 'claude-sonnet-4-20250514',
-    max_tokens: 2048,
-    system: LLM_SYSTEM_PROMPT,
-    messages: [
-      { role: 'user', content: `Analyze this conversation window and extract lessons:\n\n${conversationText}` },
-    ],
+  const { callClaudeJson, MODELS } = require('./llm-client');
+  return callClaudeJson({
+    model: model || MODELS.SMART,
+    maxTokens: 2048,
+    systemPrompt: LLM_SYSTEM_PROMPT,
+    userPrompt: `Analyze this conversation window and extract lessons:\n\n${conversationText}`,
+    cache: true,
   });
-
-  try {
-    const resp = await fetch('https://api.anthropic.com/v1/messages', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'x-api-key': apiKey,
-        'anthropic-version': '2023-06-01',
-      },
-      body,
-    });
-
-    if (!resp.ok) return null;
-
-    const data = await resp.json();
-    const text = (data.content && data.content[0] && data.content[0].text) || '';
-    // Strip markdown fences if present
-    const cleaned = text.replace(/^```(?:json)?\s*/m, '').replace(/```\s*$/m, '').trim();
-    return JSON.parse(cleaned);
-  } catch {
-    return null;
-  }
 }
 
 async function generateLlmLessons(conversationWindow, model) {