thumbgate 1.15.0 → 1.16.1

package/scripts/feedback-loop.js

@@ -9,6 +9,7 @@
 
 const fs = require('fs');
 const path = require('path');
+const { loadOptionalModule } = require('./private-core-boundary');
 const {
   resolveFeedbackAction,
   prepareForStorage,
@@ -25,7 +26,13 @@ const {
 const { recordAction, attributeFeedback } = require('./feedback-attribution');
 const {
   distillFeedbackHistory,
-} = require('./feedback-history-distiller');
+} = loadOptionalModule('./feedback-history-distiller', () => ({
+  distillFeedbackHistory: () => ({
+    inferredFields: {},
+    conversationWindow: [],
+    source: 'public-shell-fallback',
+  }),
+}));
 const {
   extractFilePaths: extractConversationPaths,
   extractErrors: extractConversationErrors,
@@ -41,6 +48,11 @@ const {
   buildFeedbackPathsFromDir,
   getFeedbackPaths: resolveFeedbackPaths,
 } = require('./feedback-paths');
+const {
+  reflect,
+} = loadOptionalModule('./reflector-agent', () => ({
+  reflect: () => null,
+}));
 
 const AUDIT_TRAIL_TAG = 'audit-trail';
 
@@ -106,6 +118,12 @@ const DOMAIN_CATEGORIES = [
 const HOME = process.env.HOME || process.env.USERPROFILE || '';
 const pendingBackgroundSideEffects = new Set();
 
+function loadReflectorAgentModule() {
+  const modulePath = path.resolve(__dirname, 'reflector-agent.js');
+  if (!fs.existsSync(modulePath)) return null;
+  return require(modulePath);
+}
+
 /**
  * Update the statusline cache with latest lesson info after feedback capture.
  * The statusline.sh script reads this cache to display lesson context in Claude Code's status bar.
@@ -197,7 +215,9 @@ function getSelfAuditModule() {
 
 function getDelegationRuntimeModule() {
   try {
-    return require('./delegation-runtime');
+    const modulePath = path.resolve(__dirname, 'delegation-runtime.js');
+    if (!fs.existsSync(modulePath)) return null;
+    return require(modulePath);
   } catch {
     return null;
   }
@@ -261,6 +281,7 @@ function normalizeAnalysisShape(analysis = {}) {
     delegation: analysis.delegation || null,
     boostedRisk: analysis.boostedRisk || null,
     recommendations: Array.isArray(analysis.recommendations) ? analysis.recommendations : [],
+    actionableRemediations: Array.isArray(analysis.actionableRemediations) ? analysis.actionableRemediations : [],
     source: analysis.source,
     byDomain: Array.isArray(analysis.byDomain) ? analysis.byDomain : [],
     byImportance: Array.isArray(analysis.byImportance) ? analysis.byImportance : [],
@@ -564,7 +585,7 @@ function saveSummary(summary) {
 
 // ============================================================
 // ML Side-Effect Helpers — Sequence Tracking (ML-03) and
-// Diversity Tracking (ML-04). Inline per Subway architecture.
+// Diversity Tracking (ML-04). Inline feedback-loop implementation.
 // ============================================================
 
 function inferDomain(tags, context) {
@@ -943,7 +964,6 @@ function captureFeedback(params) {
   let reflection = null;
   if (signal === 'negative' && Array.isArray(params.conversationWindow) && params.conversationWindow.length >= 2) {
     try {
-      const { reflect } = require('./reflector-agent');
       reflection = reflect({
         conversationWindow: params.conversationWindow,
         context: inferredContext,
@@ -1513,11 +1533,22 @@ function analyzeFeedback(logPath) {
   };
 
   const recommendations = [];
+  // Structured counterpart to `recommendations` — machine-actionable shape so
+  // hooks/agents can act on each item without regex-parsing prose strings.
+  // Each entry: { type, target, evidence, action, rationale }.
+  const actionableRemediations = [];
 
   for (const [skill, stat] of Object.entries(skills)) {
     const negRate = stat.total > 0 ? stat.negative / stat.total : 0;
     if (stat.total >= 3 && negRate >= 0.5) {
       recommendations.push(`IMPROVE skill '${skill}' (${stat.negative}/${stat.total} negative)`);
+      actionableRemediations.push({
+        type: 'skill-improve',
+        target: skill,
+        evidence: { positive: stat.positive, negative: stat.negative, total: stat.total, negativeRate: Math.round(negRate * 1000) / 1000 },
+        action: 'review-and-update-skill',
+        rationale: `Skill '${skill}' has ${stat.negative}/${stat.total} negative feedback events (${Math.round(negRate * 100)}% negative rate).`,
+      });
     }
   }
 
@@ -1525,14 +1556,35 @@ function analyzeFeedback(logPath) {
     const posRate = stat.total > 0 ? stat.positive / stat.total : 0;
     if (stat.total >= 3 && posRate >= 0.8) {
       recommendations.push(`REUSE pattern '${tag}' (${stat.positive}/${stat.total} positive)`);
+      actionableRemediations.push({
+        type: 'pattern-reuse',
+        target: tag,
+        evidence: { positive: stat.positive, negative: stat.negative, total: stat.total, positiveRate: Math.round(posRate * 1000) / 1000 },
+        action: 'replicate-pattern',
+        rationale: `Pattern '${tag}' has ${stat.positive}/${stat.total} positive feedback events (${Math.round(posRate * 100)}% positive rate).`,
+      });
     }
   }
 
   if (recent.length >= 10 && recentRate < approvalRate - 0.1) {
     recommendations.push('DECLINING trend in last 20 signals; tighten verification before response.');
+    actionableRemediations.push({
+      type: 'trend-declining',
+      target: 'recent-signals',
+      evidence: { recentRate, approvalRate, sampleSize: recent.length },
+      action: 'tighten-verification-before-response',
+      rationale: `Recent approval rate (${Math.round(recentRate * 100)}%) has dropped ≥10pp below lifetime (${Math.round(approvalRate * 100)}%).`,
+    });
   }
   if (trend === 'degrading') {
     recommendations.push(`DEGRADING 7d trend (${rate7d}) vs 30d (${rate30d}); increase prevention rule injection.`);
+    actionableRemediations.push({
+      type: 'trend-degrading',
+      target: '7d-window',
+      evidence: { rate7d, rate30d, delta: Math.round((rate7d - rate30d) * 1000) / 1000 },
+      action: 'increase-prevention-rule-injection',
+      rationale: `7d rate (${rate7d}) is below 30d rate (${rate30d}) by more than threshold.`,
+    });
   }
 
   let boostedRisk = null;
@@ -1543,9 +1595,23 @@ function analyzeFeedback(logPath) {
       if (boostedRisk) {
         boostedRisk.highRiskDomains.slice(0, 2).forEach((bucket) => {
           recommendations.push(`CHECK high-risk domain '${bucket.key}' (${bucket.highRisk}/${bucket.total} high-risk)`);
+          actionableRemediations.push({
+            type: 'high-risk-domain',
+            target: bucket.key,
+            evidence: { highRisk: bucket.highRisk, total: bucket.total, riskRate: bucket.riskRate },
+            action: 'audit-domain-failures',
+            rationale: `Domain '${bucket.key}' has ${bucket.highRisk}/${bucket.total} high-risk events (${Math.round((bucket.riskRate || 0) * 100)}% risk rate).`,
+          });
         });
         boostedRisk.highRiskTags.slice(0, 2).forEach((bucket) => {
           recommendations.push(`CHECK high-risk tag '${bucket.key}' (${bucket.highRisk}/${bucket.total} high-risk)`);
+          actionableRemediations.push({
+            type: 'high-risk-tag',
+            target: bucket.key,
+            evidence: { highRisk: bucket.highRisk, total: bucket.total, riskRate: bucket.riskRate },
+            action: 'audit-tag-failures',
+            rationale: `Tag '${bucket.key}' has ${bucket.highRisk}/${bucket.total} high-risk events (${Math.round((bucket.riskRate || 0) * 100)}% risk rate).`,
+          });
         });
       }
     }
@@ -1560,9 +1626,23 @@ function analyzeFeedback(logPath) {
       delegation = delegationRuntime.summarizeDelegation(paths.FEEDBACK_DIR);
       if (delegation.attemptCount >= 3 && delegation.verificationFailureRate >= 0.5) {
         recommendations.push(`REDUCE delegation: verification failure rate is ${Math.round(delegation.verificationFailureRate * 100)}%`);
+        actionableRemediations.push({
+          type: 'delegation-reduce',
+          target: 'verification-failure-rate',
+          evidence: { verificationFailureRate: delegation.verificationFailureRate, attemptCount: delegation.attemptCount },
+          action: 'reduce-delegation-use',
+          rationale: `Delegation verification failure rate is ${Math.round(delegation.verificationFailureRate * 100)}% across ${delegation.attemptCount} attempts.`,
+        });
       }
       if (delegation.avoidedDelegationCount >= 3) {
         recommendations.push(`REVIEW delegation policy: ${delegation.avoidedDelegationCount} handoff starts were blocked before execution`);
+        actionableRemediations.push({
+          type: 'delegation-policy-review',
+          target: 'handoff-blocks',
+          evidence: { avoidedDelegationCount: delegation.avoidedDelegationCount },
+          action: 'review-delegation-policy',
+          rationale: `${delegation.avoidedDelegationCount} handoff starts were blocked before execution.`,
+        });
       }
     }
   } catch {
@@ -1570,6 +1650,13 @@ function analyzeFeedback(logPath) {
   }
   diagnostics.categories.slice(0, 2).forEach((bucket) => {
     recommendations.push(`DIAGNOSE '${bucket.key}' failures (${bucket.count})`);
+    actionableRemediations.push({
+      type: 'diagnose-failure-category',
+      target: bucket.key,
+      evidence: { count: bucket.count },
+      action: 'investigate-failure-category',
+      rationale: `Failure category '${bucket.key}' has ${bucket.count} diagnosed events.`,
+    });
   });
 
   return normalizeAnalysisShape({
@@ -1591,6 +1678,7 @@ function analyzeFeedback(logPath) {
     delegation,
     boostedRisk,
     recommendations,
+    actionableRemediations,
   });
 }
 

package/scripts/feedback-to-rules.js

@@ -253,7 +253,7 @@ Constraints:
 - Return ONLY the JSON array — no markdown, no explanation outside the array.`;
 
 async function analyzeWithLLM(entries) {
-  const { isAvailable, callClaude, MODELS } = require('./llm-client');
+  const { isAvailable, callClaudeJson, MODELS } = require('./llm-client');
   if (!isAvailable()) return null;
 
   const negativeEntries = entries
@@ -276,34 +276,28 @@ async function analyzeWithLLM(entries) {
     return entry;
   }).join('\n\n');
 
-  const raw = await callClaude({
+  const parsed = await callClaudeJson({
     systemPrompt: LLM_RULES_SYSTEM_PROMPT,
     userPrompt: `Analyze these ${negativeEntries.length} negative feedback entries and generate prevention rules:\n\n${batch}`,
     model: MODELS.SMART,
     maxTokens: 2048,
+    cache: true,
   });
 
-  if (!raw) return null;
-
-  try {
-    const parsed = JSON.parse(raw);
-    if (!Array.isArray(parsed)) return null;
-
-    return parsed
-      .filter((r) => r.pattern && r.action && r.message && r.severity)
-      .slice(0, 10)
-      .map((r) => ({
-        pattern: r.pattern,
-        count: negativeEntries.length,
-        severity: ['critical', 'high', 'medium'].includes(r.severity) ? r.severity : 'medium',
-        hasHighRisk: r.severity === 'critical',
-        suggestedRule: r.message,
-        reasoning: r.reasoning || '',
-        source: 'llm-analysis',
-      }));
-  } catch {
-    return null;
-  }
+  if (!Array.isArray(parsed)) return null;
+
+  return parsed
+    .filter((r) => r.pattern && r.action && r.message && r.severity)
+    .slice(0, 10)
+    .map((r) => ({
+      pattern: r.pattern,
+      count: negativeEntries.length,
+      severity: ['critical', 'high', 'medium'].includes(r.severity) ? r.severity : 'medium',
+      hasHighRisk: r.severity === 'critical',
+      suggestedRule: r.message,
+      reasoning: r.reasoning || '',
+      source: 'llm-analysis',
+    }));
 }
 
 if (require.main === module) {

package/scripts/gates-engine.js

@@ -5,6 +5,7 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { execSync, execFileSync } = require('child_process');
+const { loadOptionalModule } = require('./private-core-boundary');
 
 const { isProTier, FREE_TIER_MAX_GATES } = require('./rate-limiter');
 const {
@@ -1976,12 +1977,9 @@ function buildRecentCorrectiveActionsContext(options = {}) {
 function buildRelevantLessonContext(toolName, toolInput) {
   if (!toolName) return null;
 
-  let retrieveRelevantLessons;
-  try {
-    ({ retrieveRelevantLessons } = require('./lesson-retrieval'));
-  } catch {
-    return null;
-  }
+  const { retrieveRelevantLessons } = loadOptionalModule('./lesson-retrieval', () => ({
+    retrieveRelevantLessons: () => [],
+  }));
 
   // Extract a searchable action context from the tool input
   const actionContext = extractActionContext(toolName, toolInput);

package/scripts/growth-campaigns.js

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+'use strict';
+
+function buildCreatorGrowthCampaign(input = {}) {
+  const appUrl = input.appUrl || 'https://thumbgate-production.up.railway.app';
+  const webinarTitle = input.webinarTitle || 'Stop AI Agents From Repeating Expensive Mistakes';
+  const offerCode = input.offerCode || 'AGENTGATES';
+  return {
+    campaignId: 'creator_webinar_agent_governance',
+    channelFit: ['beehiiv', 'linkedin', 'newsletter', 'webinar', 'youtube'],
+    audience: 'founders, engineering managers, AI automators, and creator-operators shipping with coding agents',
+    webinar: {
+      title: webinarTitle,
+      promise: 'In 30 minutes, see how a thumbs-down turns into a pre-action gate that blocks the same agent mistake next time.',
+      demoFlow: [
+        'Show a risky agent action before ThumbGate.',
+        'Capture corrective feedback with context.',
+        'Regenerate the prevention rule.',
+        'Replay the action and show the gate blocking it.',
+        'Export the decision journal and proof report.',
+      ],
+      cta: `${appUrl}/#workflow-sprint-intake?utm_source=beehiiv&utm_campaign=creator_webinar_agent_governance&offer=${offerCode}`,
+    },
+    paywall: {
+      freeMeter: 2,
+      paidTrial: '$1 for 14 days',
+      paidContent: [
+        'Routine-ready security audit prompt',
+        'CRE prompt review checklist',
+        'Data Table Agent schema planner template',
+        'Workspace Agent approval-policy checklist',
+      ],
+    },
+    posts: [
+      {
+        platform: 'linkedin',
+        text: 'AI agents are becoming scheduled coworkers. The missing layer is enforcement: approvals, evidence, rollback, and memory that blocks repeat mistakes. ThumbGate turns feedback into pre-action gates.',
+      },
+      {
+        platform: 'newsletter',
+        text: 'This week: how to stop prompting and hoping. Treat prompts as runtime programs, require evidence before tool actions, and use ThumbGate to block known-bad agent patterns.',
+      },
+    ],
+  };
+}
+
+module.exports = {
+  buildCreatorGrowthCampaign,
+};

package/scripts/harness-selector.js

@@ -9,7 +9,7 @@
  * Detection priority (first match wins):
  *   1. THUMBGATE_HARNESS env var — explicit override
  *   2. Tool-name heuristic (Edit/Write/MultiEdit → code-edit)
- *   3. Command-text heuristic (deploy keywords → deploy, SQL keywords → db-write)
+ *   3. Command-text heuristic (deploy keywords → deploy, SQL keywords → db-write, routines → routine)
  *   4. null → load only default.json + auto-promoted gates
  *
  * Each harness is ADDITIVE — default.json gates always load first.
@@ -25,6 +25,7 @@ const HARNESSES = Object.freeze({
   deploy: path.join(HARNESS_DIR, 'deploy.json'),
   'code-edit': path.join(HARNESS_DIR, 'code-edit.json'),
   'db-write': path.join(HARNESS_DIR, 'db-write.json'),
+  routine: path.join(HARNESS_DIR, 'routine.json'),
 });
 
 // ---------------------------------------------------------------------------
@@ -50,6 +51,14 @@ const DB_WRITE_PATTERNS = [
   /\.db\.exec\(|\.db\.prepare\(/i,
 ];
 
+const ROUTINE_PATTERNS = [
+  /\b(routine|scheduled agent|workspace agent|webhook trigger|post[-\s]?merge|nightly|daily audit)\b/i,
+  /\b(reasoning_effort|system prompt|developer message|verbosity|length limits)\b/i,
+  /\b(gpt-5\.5|gpt-5\.5-pro|xhigh|ultrathink)\b/i,
+  /\b(slack|salesforce|gmail|google drive|notion|jira|linear|atlassian)\b.*\b(send|post|write|update|delete|create)\b/i,
+  /\b(context|role|expectations|few[-\s]?shot|zero[-\s]?shot|prompt template|prompt library)\b/i,
+];
+
 const CODE_EDIT_TOOL_NAMES = new Set(['Edit', 'Write', 'MultiEdit', 'NotebookEdit']);
 
 // ---------------------------------------------------------------------------
@@ -84,6 +93,9 @@ function selectHarness(toolName, toolInput) {
     if (DB_WRITE_PATTERNS.some((p) => p.test(commandText))) {
       return HARNESSES['db-write'];
     }
+    if (ROUTINE_PATTERNS.some((p) => p.test(commandText))) {
+      return HARNESSES.routine;
+    }
     if (DEPLOY_PATTERNS.some((p) => p.test(commandText))) {
       return HARNESSES['deploy'];
     }
@@ -168,7 +180,7 @@ function scoreHarnessAudit(inputs = {}, options = {}) {
   const mcpToolCount = Number(inputs.mcpToolCount || 0);
   const progressiveToolIndexPresent = Boolean(inputs.progressiveToolIndexPresent);
   const specializedHarnesses = Array.isArray(inputs.specializedHarnesses) ? inputs.specializedHarnesses : [];
-  const hasSpecializedHarnesses = specializedHarnesses.length >= 3;
+  const hasSpecializedHarnesses = specializedHarnesses.length >= 4;
   const missingDocs = globalDocs.filter((doc) => doc.exists === false).map((doc) => doc.name);
   const observations = [];
   const recommendations = [];
@@ -193,8 +205,8 @@ function scoreHarnessAudit(inputs = {}, options = {}) {
 
   if (!hasSpecializedHarnesses) {
     score -= 18;
-    observations.push('Fewer than three specialized gate harnesses are available for risky workflows.');
-    recommendations.push('Add workflow-specific harnesses for deploy, code-edit, and database-write actions so default gates stay lean.');
+    observations.push('Fewer than four specialized gate harnesses are available for risky workflows.');
+    recommendations.push('Add workflow-specific harnesses for deploy, code-edit, database-write, and unattended routine actions so default gates stay lean.');
   } else {
     observations.push(`Specialized harnesses are available: ${specializedHarnesses.join(', ')}.`);
   }

package/scripts/hybrid-supervisor-agent.js

@@ -0,0 +1,64 @@
+'use strict';
+
+function buildHybridSupervisorPlan(options = {}) {
+  const sources = options.sources || [
+    { id: 'feedback_log', type: 'jsonl', description: 'User thumbs-up/down and correction events.' },
+    { id: 'gate_metrics', type: 'sql', description: 'Gate blocks, warnings, pass rates, and timestamps.' },
+    { id: 'docs', type: 'vector', description: 'Public docs and operational guides.' },
+  ];
+
+  return {
+    pattern: 'multi_step_hybrid_supervisor',
+    sources,
+    sourceCount: sources.length,
+    steps: [
+      'classify query into structured, unstructured, graph, or mixed',
+      'decompose mixed queries into native-source subqueries',
+      'run complementary SQL, graph, and vector searches in parallel',
+      'join or reconcile result sets',
+      'self-correct with a different query path when overlap is empty',
+      'verify final answer against source-specific evidence',
+    ],
+    gates: [
+      'prefer native source queries over flattening everything into embeddings',
+      'limit initial deployments to 5-10 curated complementary sources',
+      'require plain-language source descriptions at ingestion',
+      'block final answers when structured and unstructured evidence conflict',
+    ],
+  };
+}
+
+function classifyHybridQuery(query = '') {
+  const text = String(query).toLowerCase();
+  const needsStructured = /\b(count|sum|trend|declin|increase|revenue|sales|rate|over time|sql|table)\b/.test(text);
+  const needsUnstructured = /\b(reviews?|feedback|reason|complaints?|docs?|semantic|why|quote|citation)\b/.test(text);
+  const needsGraph = /\b(similar|related|path|relationship|because|profile|like you)\b/.test(text);
+  if ([needsStructured, needsUnstructured, needsGraph].filter(Boolean).length >= 2) return 'hybrid';
+  if (needsStructured) return 'structured';
+  if (needsGraph) return 'graph';
+  if (needsUnstructured) return 'unstructured';
+  return 'general';
+}
+
+function evaluateHybridSupervisorRun(run = {}) {
+  const issues = [];
+  const queryType = classifyHybridQuery(run.query || '');
+  if (queryType === 'hybrid' && !run.decomposed) issues.push('hybrid_query_not_decomposed');
+  if (queryType === 'hybrid' && !run.parallelNativeQueries) issues.push('parallel_native_queries_required');
+  if (!run.sourceDescriptionsPresent) issues.push('missing_source_descriptions');
+  if ((run.sourceCount || 0) > 10 && !run.incrementalRollout) issues.push('too_many_sources_without_incremental_rollout');
+  if (run.emptyOverlap && !run.selfCorrected) issues.push('self_correction_required');
+  if (run.evidenceConflict && !run.escalated) issues.push('conflicting_evidence_requires_escalation');
+
+  return {
+    decision: issues.length ? 'warn' : 'allow',
+    issues,
+    queryType,
+  };
+}
+
+module.exports = {
+  buildHybridSupervisorPlan,
+  classifyHybridQuery,
+  evaluateHybridSupervisorRun,
+};

package/scripts/inference-cache-policy.js

@@ -0,0 +1,72 @@
+'use strict';
+
+function buildInferenceCachePolicy(options = {}) {
+  return {
+    policyId: 'llm_inference_cache',
+    layers: [
+      {
+        id: 'kv_cache',
+        owner: 'model_runtime',
+        enabled: true,
+        action: 'no app changes; rely on inference runtime',
+      },
+      {
+        id: 'prefix_cache',
+        owner: 'agent_harness',
+        enabled: options.prefixCache !== false,
+        action: 'place stable system prompt, docs, and examples before dynamic fields',
+      },
+      {
+        id: 'semantic_cache',
+        owner: 'application',
+        enabled: Boolean(options.semanticCache),
+        action: 'cache complete input/output pairs when paraphrased repeat volume is high',
+      },
+    ],
+    promptRules: [
+      'static content first',
+      'dynamic user/session/date fields last',
+      'deterministic JSON key order',
+      'no generated timestamps inside cached prefix',
+      'version cache keys with prompt and policy versions',
+    ],
+    invalidation: {
+      prefix: ['system_prompt_version', 'doc_version', 'tool_policy_version'],
+      semantic: ['answer_ttl', 'source_doc_version', 'safety_policy_version'],
+    },
+  };
+}
+
+function evaluateCacheCandidate(candidate = {}) {
+  const issues = [];
+  const repeatedPrefixTokens = Number(candidate.repeatedPrefixTokens || 0);
+  const requestsPerDay = Number(candidate.requestsPerDay || 0);
+  const semanticRepeatRate = Number(candidate.semanticRepeatRate || 0);
+
+  if (candidate.dynamicFieldsBeforeStatic) issues.push('dynamic_fields_break_prefix_cache');
+  if (!candidate.deterministicSerialization) issues.push('deterministic_serialization_required');
+  if (repeatedPrefixTokens >= 1024 && requestsPerDay >= 10 && !candidate.prefixCacheEnabled) {
+    issues.push('prefix_cache_high_roi_not_enabled');
+  }
+  if (candidate.semanticCacheEnabled && semanticRepeatRate < 0.15) {
+    issues.push('semantic_cache_overhead_not_justified');
+  }
+  if (candidate.semanticCacheEnabled && !candidate.ttl) {
+    issues.push('semantic_cache_ttl_required');
+  }
+
+  return {
+    decision: issues.length ? 'warn' : 'allow',
+    issues,
+    recommendedLayers: [
+      'kv_cache',
+      repeatedPrefixTokens >= 1024 && requestsPerDay >= 10 ? 'prefix_cache' : null,
+      semanticRepeatRate >= 0.15 ? 'semantic_cache' : null,
+    ].filter(Boolean),
+  };
+}
+
+module.exports = {
+  buildInferenceCachePolicy,
+  evaluateCacheCandidate,
+};

package/scripts/inference-economics.js

@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+'use strict';
+
+function estimateDifficulty(input = {}) {
+  let score = 0;
+  const text = String(input.task || input.prompt || '');
+  if (text.length > 1200) score += 20;
+  if (/ambiguous|research|architecture|security|production|migration|legal|financial/i.test(text)) score += 25;
+  if (Number(input.dollarImpact || 0) >= 1000) score += 25;
+  if (Array.isArray(input.files) && input.files.length > 5) score += 15;
+  if (input.requiresHumanApproval === true) score += 15;
+  return Math.max(0, Math.min(100, score));
+}
+
+function planInferenceBudget(input = {}) {
+  const difficulty = Number.isFinite(input.difficulty) ? input.difficulty : estimateDifficulty(input);
+  const maxCostCents = Number.isFinite(Number(input.maxCostCents)) ? Number(input.maxCostCents) : 50;
+  let depth = 'shallow';
+  let reasoningEffort = 'low';
+  let expertCount = 1;
+  let humanHandoff = false;
+
+  if (difficulty >= 70) {
+    depth = 'deep';
+    reasoningEffort = 'high';
+    expertCount = 4;
+    humanHandoff = true;
+  } else if (difficulty >= 35) {
+    depth = 'standard';
+    reasoningEffort = 'medium';
+    expertCount = 2;
+  }
+
+  if (maxCostCents < 20 && depth === 'deep') {
+    depth = 'standard';
+    reasoningEffort = 'medium';
+  }
+
+  return {
+    difficulty,
+    maxCostCents,
+    depth,
+    reasoningEffort,
+    activeExperts: expertCount,
+    humanHandoff,
+    telemetry: ['difficulty', 'depth', 'reasoningEffort', 'activeExperts', 'latencyMs', 'costCents', 'outcome'],
+  };
+}
+
+module.exports = {
+  estimateDifficulty,
+  planInferenceBudget,
+};

package/scripts/internal-agent-bootstrap.js

@@ -12,13 +12,18 @@ const {
   constructContextPack,
   recordProvenance,
 } = require('./contextfs');
-const { planIntent } = require('./intent-router');
 const { formatCodeGraphRecallSection } = require('./codegraph-context');
 
 const KNOWN_SOURCES = new Set(['github', 'slack', 'linear', 'api', 'cli']);
 const DEFAULT_SOURCE = 'api';
 const DEFAULT_SANDBOX_ROOT = path.join(os.tmpdir(), 'thumbgate-internal-agent-sandboxes');
 
+function loadIntentRouterModule() {
+  const modulePath = path.resolve(__dirname, 'intent-router.js');
+  if (!fs.existsSync(modulePath)) return null;
+  return require(modulePath);
+}
+
 function normalizeText(value) {
   if (value === undefined || value === null) return '';
   return String(value).trim();
@@ -422,7 +427,12 @@ function bootstrapInternalAgent(options = {}) {
       baseRef: null,
     };
 
-  const plan = planIntent({
+  const intentRouter = loadIntentRouterModule();
+  if (!intentRouter) {
+    throw new Error('Internal agent bootstrap requires the ThumbGate private intent router runtime.');
+  }
+
+  const plan = intentRouter.planIntent({
     intentId: invocation.intentId,
     context: startupContext.text,
     mcpProfile: invocation.mcpProfile,