npm - thumbgate - Versions diffs - 1.21.1 → 1.21.2 - Mend

thumbgate 1.21.1 → 1.21.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/.claude-plugin/marketplace.json +2 -2
package/.claude-plugin/plugin.json +1 -1
package/.well-known/mcp/server-card.json +1 -1
package/adapters/claude/.mcp.json +2 -2
package/adapters/mcp/server-stdio.js +1 -1
package/adapters/opencode/opencode.json +1 -1
package/bin/cli.js +42 -81
package/package.json +2 -6
package/public/dashboard.html +3 -3
package/public/index.html +2 -2
package/public/lessons.html +0 -22
package/public/numbers.html +2 -2
package/scripts/audit.js +65 -0
package/scripts/cli-schema.js +8 -0
package/scripts/hook-runtime.js +12 -12
package/scripts/statusline.sh +41 -30
package/scripts/workflow-sentinel.js +1 -6

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.21.1",
+  "version": "1.21.2",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.21.1",
+      "version": "1.21.2",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.21.1",
+  "version": "1.21.2",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.21.1",
+  "version": "1.21.2",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",

package/adapters/claude/.mcp.json CHANGED Viewed

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.21.1", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.21.2", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.21.1", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.21.2", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js CHANGED Viewed

@@ -216,7 +216,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.21.1' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.21.2' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',

package/adapters/opencode/opencode.json CHANGED Viewed

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.21.1",
+        "thumbgate@1.21.2",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js CHANGED Viewed

@@ -23,6 +23,7 @@
  *   npx thumbgate background-governance  # background-agent run report + risk check
  *   npx thumbgate cfo           # local operational billing summary
  *   npx thumbgate pro           # solo dashboard + exports side lane
+ *   npx thumbgate audit <file>  # audit an agent transcript for repeat-mistake token waste
  */
 'use strict';
@@ -40,13 +41,6 @@ const {
   resolveMcpEntry,
 } = require(path.join(__dirname, '..', 'scripts', 'mcp-config'));
 const { trackEvent } = require(path.join(__dirname, '..', 'scripts', 'cli-telemetry'));
-const {
-  cacheUpdateHookCommand,
-  preToolHookCommand,
-  sessionStartHookCommand,
-  statuslineCommand,
-  userPromptHookCommand,
-} = require(path.join(__dirname, '..', 'scripts', 'hook-runtime'));
 const {
   PRO_MONTHLY_PAYMENT_LINK,
   PRO_PRICE_LABEL,
@@ -395,84 +389,24 @@ function whichExists(cmd) {
 function setupClaude() {
   const mcpChanged = mergeMcpJson(path.join(CWD, '.mcp.json'), 'Claude Code', 'project');
+  const { wireHooks } = require(path.join(PKG_ROOT, 'scripts', 'auto-wire-hooks'));
+  const hookResult = wireHooks({ agent: 'claude-code' });
-  // Wire the canonical ThumbGate gate hooks (PreToolUse pre-action check,
-  // UserPromptSubmit, PostToolUse, SessionStart) through the shared wiring
-  // path so `init`, `init --agent claude-code`, and `install` all produce the
-  // same hook set. Before this, `install` shipped a Claude config with no
-  // PreToolUse gate — the core ThumbGate feature was silently missing.
-  let wireChanged = false;
-  try {
-    const { wireHooks } = require(path.join(PKG_ROOT, 'scripts', 'auto-wire-hooks'));
-    const wireResult = wireHooks({ agent: 'claude-code' });
-    if (wireResult.error) {
-      console.log(`  Claude Code: ${wireResult.error}`);
-    } else if (wireResult.changed) {
-      wireChanged = true;
-      const lifecycles = [...new Set(wireResult.added.map((h) => h.lifecycle))].join(', ');
-      console.log(`  Claude Code: wired gate hooks (${lifecycles})`);
-    }
-  } catch (err) {
-    console.log(`  Claude Code: hook wiring skipped (${err.message})`);
-  }
-  // Upsert Stop hook into .claude/settings.json for autonomous self-scoring
-  const settingsPath = path.join(CWD, '.claude', 'settings.json');
-  const stopHookCommand = 'bash scripts/hook-stop-self-score.sh';
-  let settings = { hooks: {} };
-  if (fs.existsSync(settingsPath)) {
-    try { settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8')); } catch (_) { /* fresh */ }
-  }
-  settings.hooks = settings.hooks || {};
-  const stopAlreadyPresent = (settings.hooks.Stop || [])
-    .some(entry => (entry.hooks || []).some(h => h.command === stopHookCommand));
-  let hooksChanged = false;
-  if (!stopAlreadyPresent) {
-    settings.hooks.Stop = settings.hooks.Stop || [];
-    settings.hooks.Stop.push({ hooks: [{ type: 'command', command: stopHookCommand }] });
-    hooksChanged = true;
-    console.log('  Claude Code: installed Stop hook');
+  if (hookResult.error) {
+    console.log(`  Claude Code hooks: ${hookResult.error}`);
+    return mcpChanged;
   }
-  // Upsert PostToolUse hook for ThumbGate statusline cache updates
-  const cacheHookCommand = cacheUpdateHookCommand();
-  const originalPostToolUseCount = (settings.hooks.PostToolUse || []).length;
-  settings.hooks.PostToolUse = (settings.hooks.PostToolUse || []).filter(
-    (entry) => !(entry.hooks || []).some((h) => h.command && h.command !== cacheHookCommand && /(hook-thumbgate-cache-updater|cache-update\b)/.test(h.command))
-  );
-  if (settings.hooks.PostToolUse.length !== originalPostToolUseCount) {
-    hooksChanged = true;
-  }
-  const cacheAlreadyPresent = (settings.hooks.PostToolUse || [])
-    .some(entry => (entry.hooks || []).some(h => h.command === cacheHookCommand || (h.command && h.command.includes('cache-update'))));
-  if (!cacheAlreadyPresent) {
-    settings.hooks.PostToolUse = settings.hooks.PostToolUse || [];
-    settings.hooks.PostToolUse.push({
-      matcher: 'mcp__thumbgate__feedback_stats|mcp__thumbgate__dashboard',
-      hooks: [{ type: 'command', command: cacheHookCommand }]
-    });
-    hooksChanged = true;
-    console.log('  Claude Code: installed ThumbGate cache updater hook');
-  }
-  // Upsert statusLine for ThumbGate feedback display
-  const statuslineScript = statuslineCommand();
-  if (!settings.statusLine || settings.statusLine.command !== statuslineScript) {
-    settings.statusLine = { type: 'command', command: statuslineScript };
-    hooksChanged = true;
-    console.log('  Claude Code: installed ThumbGate status line');
-  }
-  if (hooksChanged) {
-    fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+  if (!hookResult.changed) {
+    console.log(`  Claude Code hooks: already configured at ${hookResult.settingsPath}`);
+  } else {
+    for (const h of hookResult.added) {
+      console.log(`  Claude Code: wired ${h.lifecycle} hook`);
+    }
+    console.log(`  Claude Code settings: ${hookResult.settingsPath}`);
   }
-  return mcpChanged || hooksChanged || wireChanged;
+  return mcpChanged || hookResult.changed;
 }
 function setupCodex() {
@@ -744,7 +678,11 @@ function init(cliArgs = parseArgs(process.argv.slice(3))) {
   let configured = 0;
   const platforms = [
-    { name: 'Claude Code', detect: [() => whichExists('claude'), () => fs.existsSync(path.join(HOME, '.claude'))], setup: setupClaude },
+    { name: 'Claude Code', detect: [
+      () => whichExists('claude'),
+      () => fs.existsSync(path.join(HOME, '.claude')),
+      () => fs.existsSync(path.join(CWD, '.claude')),
+    ], setup: setupClaude },
     { name: 'Codex', detect: [() => whichExists('codex'), () => fs.existsSync(path.join(HOME, '.codex'))], setup: setupCodex },
     { name: 'Gemini', detect: [() => whichExists('gemini'), () => fs.existsSync(path.join(HOME, '.gemini'))], setup: setupGemini },
     { name: 'Amp', detect: [() => whichExists('amp'), () => fs.existsSync(path.join(HOME, '.amp'))], setup: setupAmp },
@@ -2884,6 +2822,29 @@ switch (COMMAND) {
     }
     break;
   }
+  case 'audit': {
+    const auditFile = process.argv[3];
+    if (!auditFile) {
+      console.error('Usage: npx thumbgate audit <path-to-transcript.txt>');
+      process.exit(1);
+    }
+    const { runAudit } = require(path.join(PKG_ROOT, 'scripts', 'audit'));
+    const { results, totalWaste, error } = runAudit(auditFile);
+    if (error) {
+      console.error(error);
+      process.exit(1);
+    }
+    console.log('\n🔍 AI Bill Audit Results\n');
+    if (results.length === 0) {
+      console.log('✅ No repeat-offender patterns found. Your sessions are efficient!');
+    } else {
+      console.table(results);
+      console.log('\n💰 Total estimated monthly waste: $' + totalWaste);
+      console.log('\nBlock these mistakes permanently with ThumbGate Pro:');
+      console.log(PRO_CHECKOUT_URL);
+    }
+    break;
+  }
   case 'dashboard':
     dashboard();
     break;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.21.1",
+  "version": "1.21.2",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 33 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -31,6 +31,7 @@
     "scripts/analytics-window.js",
     "scripts/async-job-runner.js",
     "scripts/audit-trail.js",
+    "scripts/audit.js",
     "scripts/auto-promote-gates.js",
     "scripts/auto-wire-hooks.js",
     "scripts/autoresearch-runner.js",
@@ -639,10 +640,6 @@
     "test:competitive-positioning-marketing": "node --test tests/competitive-positioning-marketing.test.js tests/knowledge-graph-guardrails.test.js tests/supply-chain-guardrails.test.js",
     "test:medium-weekly": "node --test tests/medium-weekly.test.js",
     "test:dashboard-deeplink-e2e": "node --test tests/dashboard-deeplink-e2e.test.js",
-    "test:e2e:playwright": "playwright test",
-    "test:e2e:playwright:headed": "playwright test --headed",
-    "test:e2e:playwright:ui": "playwright test --ui",
-    "test:e2e:playwright:report": "playwright show-report",
     "test:public-package-parity": "node --test tests/public-package-parity.test.js",
     "prepare": "bash bin/install-hooks.sh >/dev/null 2>&1 || true",
     "install:hooks": "bash bin/install-hooks.sh",
@@ -734,7 +731,6 @@
   "devDependencies": {
     "@changesets/changelog-github": "^0.7.0",
     "@changesets/cli": "^2.31.0",
-    "@playwright/test": "^1.60.0",
     "c8": "^11.0.0",
     "undici": "^8.2.0"
   }

package/public/dashboard.html CHANGED Viewed

@@ -247,9 +247,9 @@
   <!-- STATS -->
   <div class="stats-grid" id="statsGrid">
-    <a class="stat-card" data-card-action="all" onclick="selectCard(this,'all')" href="/lessons?signal=all" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view all feedback → Lessons page"><div class="stat-label">Total Feedback</div><div class="stat-value cyan" id="statTotal">—</div></a>
-    <a class="stat-card" data-card-action="up" onclick="selectCard(this,'up')" href="/lessons?signal=up" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view positive feedback → Lessons page"><div class="stat-label">👍 Positive</div><div class="stat-value green" id="statPositive">—</div></a>
-    <a class="stat-card" data-card-action="down" onclick="selectCard(this,'down')" href="/lessons?signal=down" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view negative feedback → Lessons page"><div class="stat-label">👎 Negative</div><div class="stat-value red" id="statNegative">—</div></a>
+    <a class="stat-card" data-card-action="all" onclick="selectCard(this,'all')" href="/lessons" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view all feedback → Lessons page"><div class="stat-label">Total Feedback</div><div class="stat-value cyan" id="statTotal">—</div></a>
+    <a class="stat-card" data-card-action="up" onclick="selectCard(this,'up')" href="/lessons?signal=positive" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view positive feedback → Lessons page"><div class="stat-label">👍 Positive</div><div class="stat-value green" id="statPositive">—</div></a>
+    <a class="stat-card" data-card-action="down" onclick="selectCard(this,'down')" href="/lessons?signal=negative" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view negative feedback → Lessons page"><div class="stat-label">👎 Negative</div><div class="stat-value red" id="statNegative">—</div></a>
     <a class="stat-card" data-card-action="gates" onclick="selectCard(this,'gates');return false;" href="#" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view active checks"><div class="stat-label">Active Gates</div><div class="stat-value cyan" id="statGates">—</div></a>
   </div>

package/public/index.html CHANGED Viewed

@@ -19,7 +19,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate-production.up.railway.app/og.png">
-<meta name="thumbgate-version" content="1.21.1">
+<meta name="thumbgate-version" content="1.21.2">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="apple-touch-icon" href="/apple-touch-icon.png">
@@ -1492,7 +1492,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.21.1</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.21.2</span>
   </div>
 </footer>

package/public/lessons.html CHANGED Viewed

@@ -922,28 +922,6 @@ async function loadLive() {
 }
 loadLive().then(function() {
-  // Handle ?signal= query param from dashboard stat-card navigation.
-  // Vocabulary: 'up' | 'down' | 'all' (canonical). Also accepts the legacy
-  // 'positive' | 'negative' aliases the dashboard once emitted.
-  var qsSignal = new URLSearchParams(window.location.search).get('signal');
-  if (qsSignal) {
-    var signalMap = { positive: 'up', negative: 'down', up: 'up', down: 'down', all: 'all' };
-    var mapped = signalMap[qsSignal];
-    if (mapped) {
-      switchTab('timeline');
-      filterTimeline(mapped, null);
-      var filterBtns = document.querySelectorAll('#tab-timeline .filter-btn');
-      filterBtns.forEach(function(b) {
-        var label = b.textContent.trim().toLowerCase();
-        var match = (mapped === 'all' && label === 'all') ||
-                    (mapped === 'up' && (label.indexOf('👍') !== -1 || label.indexOf('positive') !== -1 || label === 'up')) ||
-                    (mapped === 'down' && (label.indexOf('👎') !== -1 || label.indexOf('negative') !== -1 || label === 'down'));
-        b.classList.toggle('active', match);
-      });
-      return;
-    }
-  }
   // Default: highlight Active Rules card on page load
   highlightCard(0);

package/public/numbers.html CHANGED Viewed

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.21.1",
+  "softwareVersion": "1.21.2",
   "url": "https://thumbgate-production.up.railway.app/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.21.1</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.21.2</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
   <h2>Gate enforcement</h2>

package/scripts/audit.js ADDED Viewed

@@ -0,0 +1,65 @@
+'use strict';
+/**
+ * scripts/audit.js
+ *
+ * Heuristic-based AI bill auditor. Finds repeated mistakes in agent transcripts.
+ */
+const fs = require('fs');
+const PATTERNS = [
+  {
+    id: 'force-push-retry',
+    name: 'git push --force after correction',
+    regex: /git\s+push.*--force/gi,
+    tokenEstimate: 6000,
+    costPerRepeat: 0.44,
+    why: 'Full diff context reload on error.'
+  },
+  {
+    id: 'import-loop',
+    name: 'Hallucinated import retry',
+    regex: /(Cannot find module|Module not found|import .* from .*error)/gi,
+    tokenEstimate: 4000,
+    costPerRepeat: 0.12,
+    why: 'Re-indexing and path searching.'
+  },
+  {
+    id: 'apology-loop',
+    name: '"I apologize" retry cycle',
+    regex: /(I apologize|Let me try a different approach|I will now attempt)/gi,
+    tokenEstimate: 5000,
+    costPerRepeat: 0.15,
+    why: 'Reasoning chain reset.'
+  }
+];
+function runAudit(filePath) {
+  if (!fs.existsSync(filePath)) {
+    return { error: 'File not found: ' + filePath };
+  }
+  const content = fs.readFileSync(filePath, 'utf8');
+  const results = [];
+  let totalWaste = 0;
+  PATTERNS.forEach(p => {
+    const matches = (content.match(p.regex) || []).length;
+    if (matches > 1) { // It's only a "repeat" if it happens more than once
+      const repeats = matches - 1;
+      const waste = repeats * p.costPerRepeat;
+      totalWaste += waste;
+      results.push({
+        pattern: p.name,
+        occurrences: repeats,
+        waste: waste.toFixed(2),
+        why: p.why
+      });
+    }
+  });
+  return { results, totalWaste: totalWaste.toFixed(2) };
+}
+module.exports = { runAudit, PATTERNS };

package/scripts/cli-schema.js CHANGED Viewed

@@ -525,6 +525,14 @@ const CLI_COMMANDS = [
       { name: 'json', type: 'boolean', description: 'Output as JSON' },
     ],
   },
+  {
+    name: 'audit',
+    description: 'Audit an agent transcript for repeat-mistake patterns and estimated token waste',
+    group: 'ops',
+    flags: [
+      { name: 'file', type: 'string', description: 'Path to the agent transcript to audit' },
+    ],
+  },
   {
     name: 'init',
     description: 'Scaffold .thumbgate/ config and wire agent hooks',

package/scripts/hook-runtime.js CHANGED Viewed

@@ -33,34 +33,34 @@ function publishedHookCommandsAvailable(version) {
   return available;
 }
-function resolveCliBaseCommand() {
+function resolveCliCommand(subcommand) {
   const version = packageVersion();
   if (publishedHookCommandsAvailable(version)) {
-    return publishedCliShellCommand(version);
+    return publishedCliShellCommand(version, [subcommand]);
   }
   if (isSourceCheckout(PKG_ROOT)) {
-    return `node ${shellQuote(path.join(PKG_ROOT, 'bin', 'cli.js'))}`;
+    return `node ${shellQuote(path.join(PKG_ROOT, 'bin', 'cli.js'))} ${subcommand}`;
   }
-  return publishedCliShellCommand(version);
+  return publishedCliShellCommand(version, [subcommand]);
 }
-function resolveCodexCliBaseCommand() {
+function resolveCodexCliCommand(subcommand) {
   const version = packageVersion();
   if (publishedHookCommandsAvailable(version)) {
-    return publishedCliShellCommand('latest', [], { preferInstalled: false });
+    return publishedCliShellCommand('latest', [subcommand], { preferInstalled: false });
   }
   if (isSourceCheckout(PKG_ROOT)) {
-    return `node ${shellQuote(path.join(PKG_ROOT, 'bin', 'cli.js'))}`;
+    return `node ${shellQuote(path.join(PKG_ROOT, 'bin', 'cli.js'))} ${subcommand}`;
   }
-  return publishedCliShellCommand('latest', [], { preferInstalled: false });
+  return publishedCliShellCommand('latest', [subcommand], { preferInstalled: false });
 }
 function buildPortableHookCommand(subcommand) {
-  return `${resolveCliBaseCommand()} ${subcommand}`;
+  return resolveCliCommand(subcommand);
 }
 function buildCodexPortableHookCommand(subcommand) {
-  return `${resolveCodexCliBaseCommand()} ${subcommand}`;
+  return resolveCodexCliCommand(subcommand);
 }
 function preToolHookCommand() {
@@ -115,8 +115,8 @@ module.exports = {
   packageVersion,
   publishedHookCommandsAvailable,
   preToolHookCommand,
-  resolveCodexCliBaseCommand,
-  resolveCliBaseCommand,
+  resolveCodexCliCommand,
+  resolveCliCommand,
   sessionStartHookCommand,
   statuslineCommand,
   userPromptHookCommand,

package/scripts/statusline.sh CHANGED Viewed

@@ -7,6 +7,7 @@
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
 case "$SCRIPT_DIR" in *[!a-zA-Z0-9/_.-]*) echo "ThumbGate: invalid script path"; exit 1;; esac
 LOCAL_API_ORIGIN="${THUMBGATE_LOCAL_API_ORIGIN:-http://localhost:3456}"
+STATUSLINE_VERBOSE="${THUMBGATE_STATUSLINE_VERBOSE:-0}"
 # ── Parse Claude Code session JSON from stdin ─────────────────────
 eval "$(cat | jq -r '
@@ -92,17 +93,19 @@ fi
 LINK_STATE="offline"
 UP_URL=""; DOWN_URL=""; DASHBOARD_URL=""; LESSONS_URL=""
 DASHBOARD_LABEL="Dashboard"; LESSONS_LABEL="Lessons"
-_LINKS_JSON=$(node "${SCRIPT_DIR}/statusline-links.js" 2>/dev/null)
-if [ -n "$_LINKS_JSON" ]; then
-  eval "$(echo "$_LINKS_JSON" | jq -r '
-    @sh "LINK_STATE=\(.state // "offline")",
-    @sh "UP_URL=\(.upUrl // "")",
-    @sh "DOWN_URL=\(.downUrl // "")",
-    @sh "DASHBOARD_URL=\(.dashboardUrl // "")",
-    @sh "LESSONS_URL=\(.lessonsUrl // "")",
-    @sh "DASHBOARD_LABEL=\(.dashboardLabel // "Dashboard")",
-    @sh "LESSONS_LABEL=\(.lessonsLabel // "Lessons")"
-  ' 2>/dev/null)"
+if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
+  _LINKS_JSON=$(node "${SCRIPT_DIR}/statusline-links.js" 2>/dev/null)
+  if [ -n "$_LINKS_JSON" ]; then
+    eval "$(echo "$_LINKS_JSON" | jq -r '
+      @sh "LINK_STATE=\(.state // "offline")",
+      @sh "UP_URL=\(.upUrl // "")",
+      @sh "DOWN_URL=\(.downUrl // "")",
+      @sh "DASHBOARD_URL=\(.dashboardUrl // "")",
+      @sh "LESSONS_URL=\(.lessonsUrl // "")",
+      @sh "DASHBOARD_LABEL=\(.dashboardLabel // "Dashboard")",
+      @sh "LESSONS_LABEL=\(.lessonsLabel // "Lessons")"
+    ' 2>/dev/null)"
+  fi
 fi
 # ── ThumbGate package metadata ────────────────────────────────────────
@@ -117,13 +120,15 @@ fi
 # ── Repo context (branch / work item / PR) ───────────────────────────
 BRANCH_NAME=""; WORK_ITEM_LABEL=""; PR_LABEL=""
-_CONTEXT_JSON=$(node "${SCRIPT_DIR}/statusline-context.js" 2>/dev/null)
-if [[ -n "$_CONTEXT_JSON" ]]; then
-  eval "$(echo "$_CONTEXT_JSON" | jq -r '
-    @sh "BRANCH_NAME=\(.branchName // "")",
-    @sh "WORK_ITEM_LABEL=\(.workItemLabel // "")",
-    @sh "PR_LABEL=\(.prLabel // "")"
-  ' 2>/dev/null)"
+if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
+  _CONTEXT_JSON=$(node "${SCRIPT_DIR}/statusline-context.js" 2>/dev/null)
+  if [[ -n "$_CONTEXT_JSON" ]]; then
+    eval "$(echo "$_CONTEXT_JSON" | jq -r '
+      @sh "BRANCH_NAME=\(.branchName // "")",
+      @sh "WORK_ITEM_LABEL=\(.workItemLabel // "")",
+      @sh "PR_LABEL=\(.prLabel // "")"
+    ' 2>/dev/null)"
+  fi
 fi
 # ── Control Tower stats ──────────────────────────────────────────
@@ -139,14 +144,16 @@ fi
 # ── Latest lesson (data available for extensions; not rendered in statusbar) ──
 LESSON_TEXT=""; LESSON_ID=""; LESSON_LABEL=""; LESSON_LINK=""
-_LESSON_JSON=$(node "${SCRIPT_DIR}/statusline-lesson.js" 2>/dev/null)
-if [[ -n "$_LESSON_JSON" ]]; then
-  eval "$(echo "$_LESSON_JSON" | jq -r '
-    @sh "LESSON_TEXT=\(.text // "")",
-    @sh "LESSON_ID=\(.lessonId // "")",
-    @sh "LESSON_LABEL=\(.label // "")",
-    @sh "LESSON_LINK=\(.link // "")"
-  ' 2>/dev/null)"
+if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
+  _LESSON_JSON=$(node "${SCRIPT_DIR}/statusline-lesson.js" 2>/dev/null)
+  if [[ -n "$_LESSON_JSON" ]]; then
+    eval "$(echo "$_LESSON_JSON" | jq -r '
+      @sh "LESSON_TEXT=\(.text // "")",
+      @sh "LESSON_ID=\(.lessonId // "")",
+      @sh "LESSON_LABEL=\(.label // "")",
+      @sh "LESSON_LINK=\(.link // "")"
+    ' 2>/dev/null)"
+  fi
 fi
 # ── Colors ────────────────────────────────────────────────────────
@@ -199,8 +206,10 @@ LINE="${LINE:+${LINE} · }ThumbGate v${TG_VERSION} · ${TG_TIER}"
 if [[ "$UP" = "0" && "$DOWN" = "0" ]]; then
   LINE="${D}${LINE}${RST} · no feedback yet"
   [[ -n "$PR_LABEL" ]] && LINE="${LINE} · ${D}${PR_LABEL}${RST}"
-  LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST} · ${M}${LESSONS_LINK}${RST}"
-  [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
+  if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
+    LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST} · ${M}${LESSONS_LINK}${RST}"
+    [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
+  fi
   printf '%b\n' "$LINE"
 else
   LINE="${LINE} · ${G}${BD}${UP}${RST}${UP_LINK} ${R}${BD}${DOWN}${RST}${DOWN_LINK} ${ARROW}"
@@ -210,8 +219,10 @@ else
   [[ "${AT_RISK:-0}" -gt 0 ]] && LINE="${LINE} ${R}${AT_RISK}⚠${RST}"
   [[ "${ANOMALIES:-0}" -gt 0 ]] && LINE="${LINE} ${R}${ANOMALIES}☠${RST}"
   [[ -n "$PR_LABEL" ]] && LINE="${LINE} · ${D}${PR_LABEL}${RST}"
-  LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST} · ${M}${LESSONS_LINK}${RST}"
-  [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
+  if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
+    LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST} · ${M}${LESSONS_LINK}${RST}"
+    [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
+  fi
   printf '%b\n' "$LINE"
 fi

package/scripts/workflow-sentinel.js CHANGED Viewed

@@ -1178,15 +1178,10 @@ function chooseDecision({ riskScore, integrity, memoryGuard, learnedPolicy, blas
   if (lowRiskHandoff) {
     return 'allow';
   }
-  // Background customer-system actions checkpoint (warn), never hard-deny.
-  // The checkpoint IS the mitigation — blocking outright prevents legitimate work.
-  if (backgroundAgent && customerSystemAction) {
-    return 'warn';
-  }
   if (destructiveBypass || learnedHardStop || repeatedHighBlast || (hasOperationalBlockers && riskScore >= 0.72) || riskScore >= 0.86) {
     return 'deny';
   }
-  if (economicAction || (backgroundAgent && riskScore >= 0.3)) {
+  if (economicAction || (backgroundAgent && customerSystemAction) || (backgroundAgent && riskScore >= 0.3)) {
     return 'warn';
   }
   if ((workflowControl && workflowControl.mode === 'warn') || (costControl && costControl.mode === 'warn') || riskScore >= 0.45 || (learnedWarning && riskScore >= 0.3) || (learnedRecall && riskScore >= 0.34)) {