thumbgate 1.2.0 → 1.4.0

package/scripts/claude-feedback-sync.js

@@ -0,0 +1,320 @@
+'use strict';
+
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+const {
+  captureFeedback,
+  getFeedbackPaths,
+  readJSONL,
+  analyzeFeedback,
+} = require('./feedback-loop');
+const { normalizeFeedbackText } = require('./feedback-quality');
+const {
+  resolveFeedbackDir,
+  resolveProjectDir,
+} = require('./feedback-paths');
+const { refreshStatuslineCache } = require('./hook-thumbgate-cache-updater');
+
+const SYNC_STATE_FILE = 'claude-feedback-sync-state.json';
+const DEFAULT_RECENT_FEEDBACK_LIMIT = 250;
+const DEFAULT_PROCESSED_ID_LIMIT = 512;
+const DUPLICATE_WINDOW_MS = 30 * 1000;
+
+function getClaudeHistoryPath(options = {}) {
+  if (options.historyPath) return options.historyPath;
+  if (process.env.THUMBGATE_CLAUDE_HISTORY_PATH) return process.env.THUMBGATE_CLAUDE_HISTORY_PATH;
+  const homeDir = options.homeDir || process.env.HOME || process.env.USERPROFILE || '';
+  return path.join(homeDir, '.claude', 'history.jsonl');
+}
+
+function getSyncStatePath(options = {}) {
+  const feedbackDir = resolveFeedbackDir({ feedbackDir: options.feedbackDir });
+  return path.join(feedbackDir, SYNC_STATE_FILE);
+}
+
+function readSyncState(options = {}) {
+  const statePath = getSyncStatePath(options);
+  try {
+    const parsed = JSON.parse(fs.readFileSync(statePath, 'utf8'));
+    return {
+      historyOffset: Number(parsed.historyOffset || 0),
+      historySize: Number(parsed.historySize || 0),
+      processedIds: Array.isArray(parsed.processedIds) ? parsed.processedIds : [],
+      statePath,
+    };
+  } catch {
+    return {
+      historyOffset: 0,
+      historySize: 0,
+      processedIds: [],
+      statePath,
+    };
+  }
+}
+
+function writeSyncState(state, options = {}) {
+  const statePath = getSyncStatePath(options);
+  const payload = {
+    historyOffset: Number(state.historyOffset || 0),
+    historySize: Number(state.historySize || 0),
+    processedIds: Array.isArray(state.processedIds) ? state.processedIds.slice(-DEFAULT_PROCESSED_ID_LIMIT) : [],
+    updatedAt: new Date().toISOString(),
+  };
+  fs.mkdirSync(path.dirname(statePath), { recursive: true });
+  fs.writeFileSync(statePath, JSON.stringify(payload, null, 2));
+  return payload;
+}
+
+function readHistoryEntriesSince(filePath, state) {
+  if (!filePath || !fs.existsSync(filePath)) {
+    return {
+      entries: [],
+      nextOffset: 0,
+      size: 0,
+    };
+  }
+
+  const stat = fs.statSync(filePath);
+  const safeOffset = state && state.historyOffset > 0 && state.historyOffset <= stat.size
+    ? state.historyOffset
+    : 0;
+
+  const fileBuffer = fs.readFileSync(filePath);
+  const contents = fileBuffer.slice(safeOffset).toString('utf8');
+
+  const entries = contents
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean)
+    .map((line) => {
+      try {
+        return JSON.parse(line);
+      } catch {
+        return null;
+      }
+    })
+    .filter(Boolean);
+
+  return {
+    entries,
+    nextOffset: stat.size,
+    size: stat.size,
+  };
+}
+
+function normalizeProjectPath(value) {
+  try {
+    return value ? path.resolve(String(value)) : null;
+  } catch {
+    return null;
+  }
+}
+
+function parseHistoryTimestamp(value) {
+  if (typeof value === 'number' && Number.isFinite(value)) {
+    return value > 1e12 ? value : value * 1000;
+  }
+  const text = String(value || '').trim();
+  if (!text) return null;
+  if (/^\d+$/.test(text)) {
+    const numeric = Number(text);
+    return numeric > 1e12 ? numeric : numeric * 1000;
+  }
+  const parsed = Date.parse(text);
+  return Number.isFinite(parsed) ? parsed : null;
+}
+
+function detectSignal(text) {
+  const normalized = String(text || '').toLowerCase();
+  if (/(thumbs?\s*down|that failed|that was wrong|fix this)/i.test(normalized)) return 'down';
+  if (/(thumbs?\s*up|that worked|looks good|nice work|perfect|good job)/i.test(normalized)) return 'up';
+  return null;
+}
+
+function extractPromptText(entry) {
+  const candidates = [
+    entry && entry.display,
+    entry && entry.message && entry.message.content,
+    entry && entry.attachment && entry.attachment.prompt,
+    entry && entry.content,
+  ];
+
+  for (const candidate of candidates) {
+    if (typeof candidate === 'string' && candidate.trim()) {
+      return candidate.trim();
+    }
+  }
+  return '';
+}
+
+function buildExternalId(entry, promptText) {
+  const hash = crypto.createHash('sha256');
+  hash.update(String(entry.sessionId || ''));
+  hash.update('|');
+  hash.update(String(entry.timestamp || ''));
+  hash.update('|');
+  hash.update(String(entry.project || entry.cwd || ''));
+  hash.update('|');
+  hash.update(String(promptText || ''));
+  return `claude-history:${hash.digest('hex')}`;
+}
+
+function toHistoryCandidate(entry, options = {}) {
+  const promptText = extractPromptText(entry);
+  const signal = detectSignal(promptText);
+  if (!signal) return null;
+
+  const projectDir = normalizeProjectPath(options.projectDir);
+  const entryProject = normalizeProjectPath(entry.project || entry.cwd || '');
+  if (projectDir && entryProject && entryProject !== projectDir && !entryProject.startsWith(`${projectDir}${path.sep}`)) {
+    return null;
+  }
+  if (projectDir && !entryProject) {
+    return null;
+  }
+
+  return {
+    externalId: buildExternalId(entry, promptText),
+    promptText,
+    signal,
+    timestampMs: parseHistoryTimestamp(entry.timestamp),
+  };
+}
+
+function normalizeCandidateText(value) {
+  return normalizeFeedbackText(String(value || '').replace(/\s+/g, ' '));
+}
+
+function hasMatchingFeedbackEntry(candidate, feedbackEntries) {
+  const candidateText = normalizeCandidateText(candidate.promptText);
+  if (!candidateText) return false;
+
+  return feedbackEntries.some((entry) => {
+    const signal = entry && entry.signal === 'negative' ? 'down' : 'up';
+    if (signal !== candidate.signal) return false;
+
+    const feedbackText = normalizeCandidateText(
+      entry.submittedContext
+      || entry.context
+      || entry.whatWentWrong
+      || entry.whatWorked
+      || ''
+    );
+    if (feedbackText !== candidateText) return false;
+
+    const feedbackTimestamp = Date.parse(entry.timestamp || '');
+    if (!Number.isFinite(feedbackTimestamp) || !Number.isFinite(candidate.timestampMs)) {
+      return true;
+    }
+    return Math.abs(feedbackTimestamp - candidate.timestampMs) <= DUPLICATE_WINDOW_MS;
+  });
+}
+
+function syncClaudeHistoryFeedback(options = {}) {
+  if (options.disabled || process.env.THUMBGATE_DISABLE_CLAUDE_HISTORY_SYNC === '1') {
+    return {
+      importedCount: 0,
+      skippedCount: 0,
+      reason: 'disabled',
+    };
+  }
+
+  const originalEnv = {
+    THUMBGATE_FEEDBACK_DIR: process.env.THUMBGATE_FEEDBACK_DIR,
+    THUMBGATE_PROJECT_DIR: process.env.THUMBGATE_PROJECT_DIR,
+    THUMBGATE_CLAUDE_HISTORY_PATH: process.env.THUMBGATE_CLAUDE_HISTORY_PATH,
+  };
+
+  if (options.feedbackDir) process.env.THUMBGATE_FEEDBACK_DIR = options.feedbackDir;
+  if (options.projectDir && !options.feedbackDir) process.env.THUMBGATE_PROJECT_DIR = options.projectDir;
+  if (options.historyPath) process.env.THUMBGATE_CLAUDE_HISTORY_PATH = options.historyPath;
+
+  try {
+    const feedbackDir = resolveFeedbackDir({ feedbackDir: options.feedbackDir });
+    const projectDir = normalizeProjectPath(options.projectDir) || resolveProjectDir({
+      cwd: process.cwd(),
+      env: process.env,
+    });
+    const historyPath = getClaudeHistoryPath(options);
+    const state = readSyncState({ feedbackDir });
+    const history = readHistoryEntriesSince(historyPath, state);
+    const existingEntries = readJSONL(path.join(feedbackDir, 'feedback-log.jsonl'), {
+      maxLines: DEFAULT_RECENT_FEEDBACK_LIMIT,
+    });
+
+    let importedCount = 0;
+    let skippedCount = 0;
+    const processedIds = new Set(state.processedIds || []);
+
+    for (const entry of history.entries) {
+      const candidate = toHistoryCandidate(entry, { projectDir });
+      if (!candidate) continue;
+      if (processedIds.has(candidate.externalId)) {
+        skippedCount += 1;
+        continue;
+      }
+
+      if (hasMatchingFeedbackEntry(candidate, existingEntries)) {
+        processedIds.add(candidate.externalId);
+        skippedCount += 1;
+        continue;
+      }
+
+      const captureResult = captureFeedback({
+        signal: candidate.signal,
+        context: candidate.promptText,
+        whatWentWrong: candidate.signal === 'down' ? candidate.promptText : undefined,
+        whatWorked: candidate.signal === 'up' ? candidate.promptText : undefined,
+        tags: ['claude-history-sync', 'auto-capture-fallback'],
+      });
+
+      if (captureResult && captureResult.feedbackEvent) {
+        existingEntries.push(captureResult.feedbackEvent);
+      }
+      processedIds.add(candidate.externalId);
+      importedCount += 1;
+    }
+
+    writeSyncState({
+      historyOffset: history.nextOffset,
+      historySize: history.size,
+      processedIds: Array.from(processedIds),
+    }, { feedbackDir });
+
+    if (importedCount > 0) {
+      refreshStatuslineCache(analyzeFeedback(path.join(feedbackDir, 'feedback-log.jsonl')), path.join(feedbackDir, 'statusline_cache.json'));
+    }
+
+    return {
+      importedCount,
+      skippedCount,
+      historyPath,
+      feedbackDir,
+      projectDir,
+    };
+  } finally {
+    if (originalEnv.THUMBGATE_FEEDBACK_DIR == null) delete process.env.THUMBGATE_FEEDBACK_DIR;
+    else process.env.THUMBGATE_FEEDBACK_DIR = originalEnv.THUMBGATE_FEEDBACK_DIR;
+
+    if (originalEnv.THUMBGATE_PROJECT_DIR == null) delete process.env.THUMBGATE_PROJECT_DIR;
+    else process.env.THUMBGATE_PROJECT_DIR = originalEnv.THUMBGATE_PROJECT_DIR;
+
+    if (originalEnv.THUMBGATE_CLAUDE_HISTORY_PATH == null) delete process.env.THUMBGATE_CLAUDE_HISTORY_PATH;
+    else process.env.THUMBGATE_CLAUDE_HISTORY_PATH = originalEnv.THUMBGATE_CLAUDE_HISTORY_PATH;
+  }
+}
+
+module.exports = {
+  SYNC_STATE_FILE,
+  detectSignal,
+  extractPromptText,
+  getClaudeHistoryPath,
+  hasMatchingFeedbackEntry,
+  parseHistoryTimestamp,
+  readHistoryEntriesSince,
+  readSyncState,
+  syncClaudeHistoryFeedback,
+  toHistoryCandidate,
+  writeSyncState,
+};

package/scripts/cli-telemetry.js

@@ -5,7 +5,9 @@ const crypto = require('crypto');
 const fs = require('fs');
 const path = require('path');
 
-const TELEMETRY_ENDPOINT = 'https://thumbgate-production.up.railway.app/v1/telemetry/ping';
+const _DEFAULT_TELEMETRY_HOST = 'https://thumbgate-production.up.railway.app';
+// Respect THUMBGATE_API_URL so test environments can point to a local stub
+const TELEMETRY_ENDPOINT = `${process.env.THUMBGATE_API_URL || _DEFAULT_TELEMETRY_HOST}/v1/telemetry/ping`;
 const INSTALL_ID_PATH = path.join(process.env.HOME || process.env.USERPROFILE || '.', '.thumbgate', 'install-id');
 
 /**
@@ -80,6 +82,7 @@ function trackEvent(eventType, metadata = {}) {
     });
     req.on('error', () => {}); // silently ignore
     req.on('timeout', () => req.destroy());
+    req.on('socket', (s) => s.unref()); // fire-and-forget: never block process exit
     req.end(payload);
   } catch (_) {} // never crash the CLI
 }

package/scripts/commercial-offer.js

@@ -2,20 +2,19 @@
 
 const PRO_MONTHLY_PAYMENT_LINK = 'https://buy.stripe.com/5kQ4gzbmI9Lo6tPayn3sI06';
 const PRO_ANNUAL_PAYMENT_LINK = 'https://buy.stripe.com/3cI8wPfCYaPs2dzdKz3sI07';
-const PRO_FOUNDER_PAYMENT_LINK = 'https://buy.stripe.com/aFa4gz1M84r419v7mb3sI05';
 
 const PRO_MONTHLY_PRICE_ID = 'price_1THQY7GGBpd520QYHoS7RG0J';
 const PRO_ANNUAL_PRICE_ID = 'price_1THQZ7GGBpd520QYxzDRnxhB';
-const TEAM_MONTHLY_PRICE_ID = 'price_1THQa5GGBpd520QYoqdq1R1S';
+const TEAM_MONTHLY_PRICE_ID = 'price_1TKLUhGGBpd520QYr5pgEZit';
 
 const PRO_MONTHLY_PRICE_DOLLARS = 19;
 const PRO_ANNUAL_PRICE_DOLLARS = 149;
-const TEAM_MONTHLY_PRICE_DOLLARS = 12;
-const TEAM_ANNUAL_PRICE_DOLLARS = 99;
+const TEAM_MONTHLY_PRICE_DOLLARS = 99;
+const TEAM_ANNUAL_PRICE_DOLLARS = 1188;
 const TEAM_MIN_SEATS = 3;
 
-const PRO_PRICE_LABEL = '$19/mo or $149/yr';
-const TEAM_PRICE_LABEL = 'Starts at $36/mo for 3 seats, then $12/seat/mo';
+const PRO_PRICE_LABEL = '$19/mo or $149/yr (individual)';
+const TEAM_PRICE_LABEL = '$99/seat/mo — Agent governance for engineering teams';
 
 function normalizePlanId(value) {
   const text = String(value || '').trim().toLowerCase();
@@ -39,7 +38,6 @@ function normalizeSeatCount(value, fallback = TEAM_MIN_SEATS) {
 module.exports = {
   PRO_MONTHLY_PAYMENT_LINK,
   PRO_ANNUAL_PAYMENT_LINK,
-  PRO_FOUNDER_PAYMENT_LINK,
   PRO_MONTHLY_PRICE_ID,
   PRO_ANNUAL_PRICE_ID,
   TEAM_MONTHLY_PRICE_ID,

package/scripts/content-engine/linkedin-content-generator.js

@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+
+/**
+ * LinkedIn Content Generator for ThumbGate Gates
+ *
+ * Usage:
+ *   node scripts/content-engine/linkedin-content-generator.js
+ *   node scripts/content-engine/linkedin-content-generator.js --preview
+ *
+ * Suggested package.json scripts:
+ *   "content:linkedin": "node scripts/content-engine/linkedin-content-generator.js"
+ *   "content:linkedin:preview": "node scripts/content-engine/linkedin-content-generator.js --preview"
+ */
+
+const crypto = require('crypto');
+const fs = require('fs');
+const path = require('path');
+
+// Read gate config
+const configPath = path.join(__dirname, '../../config/gates/default.json');
+let config;
+try {
+  config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+} catch (err) {
+  process.stderr.write(`Failed to load gate config from ${configPath}: ${err.message}\n`);
+  process.exit(1);
+}
+
+// Select 7 diverse gates across severity levels
+const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+const gatesBySeverity = {
+  critical: [],
+  high: [],
+  medium: [],
+  low: []
+};
+
+config.gates.forEach(gate => {
+  const severity = gate.severity || 'low';
+  if (gatesBySeverity[severity]) {
+    gatesBySeverity[severity].push(gate);
+  }
+});
+
+// Select one from each severity, then fill remaining from largest buckets
+const selected = [];
+['critical', 'high', 'medium', 'low'].forEach(severity => {
+  if (gatesBySeverity[severity].length > 0) {
+    selected.push(gatesBySeverity[severity][0]);
+  }
+});
+
+// Fill remaining slots (7 total) — shuffle with crypto-secure randomness (Fisher-Yates)
+const remaining = config.gates.filter(g => !selected.includes(g));
+for (let i = remaining.length - 1; i > 0; i--) {
+  const j = crypto.randomInt(i + 1);
+  [remaining[i], remaining[j]] = [remaining[j], remaining[i]];
+}
+while (selected.length < 7 && remaining.length > 0) {
+  selected.push(remaining.pop());
+}
+
+// Generate LinkedIn post content
+const posts = selected.map((gate, index) => {
+  const hookLines = [
+    '🚨 Your AI agents are running without guardrails.',
+    '⚠️ One missing gate. One catastrophic mistake.',
+    '🛡️ Even the best engineers miss edge cases.',
+    '💥 Your deployment pipeline has a blind spot.',
+    '🔓 Git operations—unguarded by default.',
+    '🎯 Prevention beats firefighting.',
+    '⏱️ How fast can your agent destroy a month of work?'
+  ];
+
+  const gateDescriptions = {
+    'local-only-git-writes': 'Blocks git writes when local-only mode is active, preventing accidental remote pushes during development.',
+    'task-scope-required': 'Enforces explicit task scoping before any git, PR, or publish operations can proceed.',
+    'protected-file-approval-required': 'Requires human approval before modifying sensitive files like CLAUDE.md, configs, and skills.',
+    'gh-pr-create-restricted': 'Restricts PR creation to explicitly approved workflows, preventing unvetted code changes.',
+    'gh-pr-merge-restricted': 'Blocks PR merges without explicit permission, enforcing code review discipline.',
+    'branch-governance-required': 'Demands branch governance context before release, deploy, or publish actions.',
+    'force-push': 'Blocks destructive force-push operations—no exceptions.',
+    'protected-branch-push': 'Prevents direct pushes to main/develop. All changes flow through PR review.',
+    'release-readiness-required': 'Ensures releases only happen from releasable mainline commits with version alignment.',
+    'admin-merge-bypass-blocked': 'Blocks admin merge bypass. Code review gates apply equally to everyone.',
+    'push-without-thread-check': 'Forces thread review before pushing—prevents shipping unresolved feedback.',
+    'env-file-edit': 'Warns when editing .env files—catches accidental token deletion.',
+    'unverified-skill-use': 'Validates skill provenance before delegating to subagents in restricted modes.',
+    'production-deploy-approval': 'Requires human sign-off on production deployments.',
+    'schema-migration-approval': 'Demands approval for database schema migrations—no surprise breaking changes.',
+    'supply-chain-dep-add': 'Audits package.json mutations for typosquatting and suspicious installs.',
+    'deny-network-egress': 'Warns on unauthorized egress—catches exfiltration attempts early.'
+  };
+
+  const post = `
+## Post ${index + 1}: ${gate.id.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ')}
+
+${hookLines[index % hookLines.length]}
+
+${gateDescriptions[gate.id] || `Protects your workflow by ${gate.message.toLowerCase()}`}
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate \`${gate.id}\`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+\`\`\`bash
+npx thumbgate@latest init
+\`\`\`
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+`;
+  return post;
+});
+
+// Generate output filename with today's date
+const today = new Date();
+const dateStr = today.toISOString().split('T')[0]; // YYYY-MM-DD
+const outputDir = path.join(__dirname, 'output');
+const outputFile = path.join(outputDir, `linkedin-posts-${dateStr}.md`);
+
+// Create output directory if it doesn't exist
+if (!fs.existsSync(outputDir)) {
+  fs.mkdirSync(outputDir, { recursive: true });
+}
+
+// Generate markdown content
+const markdown = `# LinkedIn Content: ThumbGate Gates (${dateStr})
+
+Generated from: \`config/gates/default.json\`
+Gate count in config: ${config.gates.length}
+Posts generated: ${selected.length}
+
+---
+${posts.join('\n')}
+`;
+
+// Output or write file
+const preview = process.argv.includes('--preview');
+if (preview) {
+  console.log(markdown);
+  console.log(`\n✅ Preview mode (${selected.length} posts)`);
+} else {
+  fs.writeFileSync(outputFile, markdown, 'utf8');
+  console.log(`✅ Generated ${selected.length} LinkedIn posts to: ${outputFile}`);
+  console.log(`   Severities: ${selected.map(g => g.severity).sort().join(', ')}`);
+  console.log(`   Gates: ${selected.map(g => g.id).join(', ')}`);
+}

package/scripts/content-engine/output/linkedin-memento-validation.md

@@ -0,0 +1,17 @@
+# ThumbGate: Validated in Production
+
+Academic research just proved what we've been running in production for 18 months.
+
+The Memento-Skills paper (arXiv 2603.18743) demonstrates that external skill memory systems — ones that rewrite themselves from failure feedback — achieve 26-116% accuracy improvements without touching the model. No retraining. No fine-tuning. Just structured context engineering.
+
+That's exactly what ThumbGate does. We capture agent failures, infer prevention rules, and inject them as PreToolUse gates. The paper's Read → Execute → Reflect → Write loop maps directly to our capture → infer → enforce → block cycle. The academic validation confirms what we've observed: you don't need to retrain your model to make it safer and more reliable. You need better context.
+
+ThumbGate processes real-world AI agent failures — git operations, code edits, file writes, API calls — and learns from them. Every "thumbs down" on a failed action becomes a lesson. Every lesson becomes a rule. Every rule becomes a gate that stops the same mistake from happening again. The feedback loop is tight. The enforcement is immediate.
+
+The paper validates the core insight: agents fail in predictable ways, and those patterns can be captured, learned, and blocked without model modification. That's not theoretical. We're doing it now, across 48+ tool adapters and 4,500+ prevention gates, with zero retraining.
+
+Context engineering works. The research proves it. The production metrics show it.
+
+Try it: `npx thumbgate@latest init`
+
+#AIGovernance #AgentSafety #MementoSkills #ContextEngineering