thumbgate 1.21.2 → 1.23.0

package/scripts/gates-engine.js

@@ -7,7 +7,7 @@ const crypto = require('crypto');
 const { execSync, execFileSync } = require('child_process');
 const { loadOptionalModule } = require('./private-core-boundary');
 
-const { isProTier, FREE_TIER_MAX_GATES } = require('./rate-limiter');
+const { isProTier, isInTrialPeriod, FREE_TIER_MAX_GATES, FREE_TIER_DAILY_BLOCKS, todayKey } = require('./rate-limiter');
 const {
   DEFAULT_BASE_BRANCH,
   evaluateOperationalIntegrity,
@@ -439,6 +439,20 @@ function recordStat(gateId, action, gate) {
   else if (action === 'warn') stats.byGate[gateId].warned += 1;
   else if (action === 'approve') stats.byGate[gateId].pendingApproval = (stats.byGate[gateId].pendingApproval || 0) + 1;
   else if (action === 'log') stats.byGate[gateId].logged = (stats.byGate[gateId].logged || 0) + 1;
+
+  // Track per-gate recurrence within a session for first-time fix rate
+  if (action === 'block' || action === 'warn') {
+    if (!stats.sessionFiredGates) stats.sessionFiredGates = {};
+    const sessionKey = `session_${Math.floor(Date.now() / SESSION_ACTION_TTL_MS)}`;
+    if (!stats.sessionFiredGates[sessionKey]) stats.sessionFiredGates[sessionKey] = {};
+    if (stats.sessionFiredGates[sessionKey][gateId]) {
+      // Same gate fired again in this session — it's a recurring block
+      stats.recurringBlocks = (stats.recurringBlocks || 0) + 1;
+    } else {
+      stats.sessionFiredGates[sessionKey][gateId] = true;
+    }
+  }
+
   saveStats(stats);
   // Track lesson freshness when an auto-promoted gate fires
   if (gate && gate.sourceLessonId) {
@@ -452,6 +466,69 @@ function recordStat(gateId, action, gate) {
   }
 }
 
+// ---------------------------------------------------------------------------
+// Free-tier daily block cap
+// ---------------------------------------------------------------------------
+
+/**
+ * Count today's gate blocks from stats. Free tier gets FREE_TIER_DAILY_BLOCKS
+ * blocks/day. After the limit, deny → warn + upgrade CTA so the action proceeds
+ * but the user sees they lost protection.
+ */
+function getTodayBlockCount() {
+  const stats = loadStats();
+  const today = todayKey();
+  if (!stats.dailyBlocks || !stats.dailyBlocks[today]) return 0;
+  return stats.dailyBlocks[today];
+}
+
+function incrementTodayBlockCount() {
+  const stats = loadStats();
+  const today = todayKey();
+  if (!stats.dailyBlocks) stats.dailyBlocks = {};
+  // Clean old dates (keep only last 7 days to prevent unbounded growth)
+  const keys = Object.keys(stats.dailyBlocks);
+  if (keys.length > 7) {
+    keys.sort();
+    for (const k of keys.slice(0, keys.length - 7)) {
+      delete stats.dailyBlocks[k];
+    }
+  }
+  stats.dailyBlocks[today] = (stats.dailyBlocks[today] || 0) + 1;
+  saveStats(stats);
+  return stats.dailyBlocks[today];
+}
+
+/**
+ * If the user is free-tier and has exceeded daily block limit, downgrade
+ * a deny result to a warn with an upgrade CTA. Returns null if no cap applies.
+ */
+function applyDailyBlockCap(denyResult) {
+  // Pro, trial, CI, and THUMBGATE_NO_RATE_LIMIT users are uncapped
+  if (isProTier()) return null;
+  if (process.env.CI || process.env.GITHUB_ACTIONS) return null;
+
+  const todayCount = getTodayBlockCount();
+  if (todayCount < FREE_TIER_DAILY_BLOCKS) {
+    // Under limit: allow the block, increment counter
+    incrementTodayBlockCount();
+    return null;
+  }
+
+  // Over limit: downgrade deny → warn with upgrade CTA
+  const remaining = 0;
+  return {
+    decision: 'warn',
+    gate: denyResult.gate,
+    message: `⚠️ ${denyResult.message}\n\n🔓 Daily protection limit reached (${FREE_TIER_DAILY_BLOCKS}/${FREE_TIER_DAILY_BLOCKS} blocks used). This action was allowed through. Upgrade for unlimited protection: https://thumbgate.ai/go/pro`,
+    severity: denyResult.severity,
+    reasoning: (denyResult.reasoning || []).concat([
+      `Free-tier daily block limit (${FREE_TIER_DAILY_BLOCKS}) exceeded — deny downgraded to warn`,
+    ]),
+    dailyBlockCapApplied: true,
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Reasoning chain builder
 // ---------------------------------------------------------------------------
@@ -1477,11 +1554,19 @@ async function evaluateGatesAsync(toolName, toolInput, configPath) {
     });
 
     if (gate.action === 'block') {
+      const denyResult = { decision: 'deny', gate: gate.id, message, severity: gate.severity, reasoning };
+      // Free-tier daily block cap: after N blocks/day, deny → warn + upgrade CTA
+      const cappedResult = applyDailyBlockCap(denyResult);
+      if (cappedResult) {
+        recordStat(gate.id, 'warn', gate);
+        const auditRecord = recordAuditEvent({ toolName, toolInput, decision: 'warn', gateId: gate.id, message: cappedResult.message, severity: gate.severity, source: 'gates-engine', dailyBlockCapApplied: true });
+        auditToFeedback(auditRecord);
+        return cappedResult;
+      }
       recordStat(gate.id, 'block', gate);
-      const result = { decision: 'deny', gate: gate.id, message, severity: gate.severity, reasoning };
       const auditRecord = recordAuditEvent({ toolName, toolInput, decision: 'deny', gateId: gate.id, message, severity: gate.severity, source: 'gates-engine' });
       auditToFeedback(auditRecord);
-      return result;
+      return denyResult;
     }
 
     if (gate.action === 'approve') {
@@ -1639,11 +1724,19 @@ function evaluateGates(toolName, toolInput, configPath) {
     const reasoning = buildReasoning(gate, toolName, toolInput, matchDetails);
 
     if (gate.action === 'block') {
+      const denyResult = { decision: 'deny', gate: gate.id, message, severity: gate.severity, reasoning };
+      // Free-tier daily block cap: after N blocks/day, deny → warn + upgrade CTA
+      const cappedResult = applyDailyBlockCap(denyResult);
+      if (cappedResult) {
+        recordStat(gate.id, 'warn', gate);
+        const auditRecord = recordAuditEvent({ toolName, toolInput, decision: 'warn', gateId: gate.id, message: cappedResult.message, severity: gate.severity, source: 'gates-engine', dailyBlockCapApplied: true });
+        auditToFeedback(auditRecord);
+        return cappedResult;
+      }
       recordStat(gate.id, 'block', gate);
-      const result = { decision: 'deny', gate: gate.id, message, severity: gate.severity, reasoning };
       const auditRecord = recordAuditEvent({ toolName, toolInput, decision: 'deny', gateId: gate.id, message, severity: gate.severity, source: 'gates-engine' });
       auditToFeedback(auditRecord);
-      return result;
+      return denyResult;
     }
 
     if (gate.action === 'approve') {
@@ -1842,6 +1935,35 @@ function buildReminderOutput(context) {
   };
 }
 
+// ---------------------------------------------------------------------------
+// Upgrade nudge: surfaces Pro value at usage milestones and trial expiry.
+// Block-action Pro CTA: brief upgrade mention after a deny/warn decision.
+// Highest-intent moment — user just saw ThumbGate save them from a mistake.
+// ---------------------------------------------------------------------------
+
+function buildBlockActionProCta() {
+  try {
+    if (process.env.THUMBGATE_NO_NUDGE === '1') return null;
+    if (process.env.CI || process.env.GITHUB_ACTIONS) return null;
+    if (isProTier()) return null;
+    if (isInTrialPeriod()) return null; // Already have full access
+
+    const stats = loadStats();
+    const totalBlocks = stats.blocked || 0;
+    if (totalBlocks < 5) return null; // Too early — let them experience the product
+
+    if (totalBlocks < 25) {
+      return '\n\n💡 Pro: sync rules across machines + dashboard analytics → thumbgate.ai/go/pro';
+    }
+    if (totalBlocks < 100) {
+      return `\n\n💡 ${totalBlocks} actions blocked. Pro keeps rules in sync everywhere → thumbgate.ai/go/pro ($19/mo)`;
+    }
+    return `\n\n💡 ${totalBlocks} mistakes caught. Your team could use this → thumbgate.ai/go/pro`;
+  } catch (_) {
+    return null;
+  }
+}
+
 function formatOutput(result, behavioralContext) {
   if (!result) {
     // No gate matched — inject behavioral context if available
@@ -1860,11 +1982,12 @@ function formatOutput(result, behavioralContext) {
   if (result.decision === 'deny') {
     const reminder = behavioralContext ? buildReminderOutput(behavioralContext) : {};
     const reminderSuffix = behavioralContext ? `\n\nSystem reminder:\n${behavioralContext}` : '';
+    const proCta = buildBlockActionProCta() || '';
     return JSON.stringify({
       hookSpecificOutput: {
         ...reminder,
         permissionDecision: 'deny',
-        permissionDecisionReason: `[GATE:${result.gate}] ${result.message}${reasoningSuffix}${reminderSuffix}`,
+        permissionDecisionReason: `[GATE:${result.gate}] ${result.message}${reasoningSuffix}${reminderSuffix}${proCta}`,
       },
     });
   }
@@ -2454,6 +2577,10 @@ module.exports = {
   isRemoteSideEffectCommand,
   evaluateLocalOnlyRemoteSideEffectGate,
   PR_THREAD_RESOLUTION_ACTION,
+  buildBlockActionProCta,
+  applyDailyBlockCap,
+  getTodayBlockCount,
+  incrementTodayBlockCount,
 };
 
 // ---------------------------------------------------------------------------

package/scripts/hook-runtime.js

@@ -7,6 +7,7 @@ const {
   publishedCliAvailable,
 } = require('./mcp-config');
 const { publishedCliShellCommand } = require('./published-cli');
+const { shimInstalled, shimPath } = require('./install-shim');
 
 const PKG_ROOT = path.join(__dirname, '..');
 const featureSupportCache = new Map();
@@ -34,13 +35,18 @@ function publishedHookCommandsAvailable(version) {
 }
 
 function resolveCliCommand(subcommand) {
+  // Source checkout: always use direct node command for development
+  if (isSourceCheckout(PKG_ROOT)) {
+    return `node ${shellQuote(path.join(PKG_ROOT, 'bin', 'cli.js'))} ${subcommand}`;
+  }
+  // Prefer stable shim — always resolves @latest, survives version bumps
+  if (shimInstalled()) {
+    return `${shellQuote(shimPath())} ${subcommand}`;
+  }
   const version = packageVersion();
   if (publishedHookCommandsAvailable(version)) {
     return publishedCliShellCommand(version, [subcommand]);
   }
-  if (isSourceCheckout(PKG_ROOT)) {
-    return `node ${shellQuote(path.join(PKG_ROOT, 'bin', 'cli.js'))} ${subcommand}`;
-  }
   return publishedCliShellCommand(version, [subcommand]);
 }
 

package/scripts/meta-agent-loop.js

@@ -282,6 +282,8 @@ function buildPromotedGate(candidate, metrics, runId) {
     occurrences: metrics.hits,
     promotedAt: new Date().toISOString(),
     source: 'meta-agent',
+    // origin distinguishes silent-failure-clustered candidates from feedback-derived ones
+    origin: candidate.origin || 'user-feedback',
     runId,
     score: parseFloat(metrics.score.toFixed(3)),
     hitRate: parseFloat(metrics.hitRate.toFixed(3)),
@@ -371,6 +373,34 @@ async function runMetaAgentLoop({ dryRun = false, verbose = false } = {}) {
     candidates = generateCandidatesHeuristic(failures, blockPatterns);
   }
 
+  // Tag existing-pipeline candidates with their origin so downstream precision
+  // measurement (silentFailureDerivedGates vs user-feedback-derived) is possible.
+  candidates = candidates.map((c) => (c.origin ? c : { ...c, origin: 'user-feedback' }));
+
+  // Step 3b: Silent-failure clustering — behind THUMBGATE_SILENT_FAILURE_CLUSTERING=1.
+  // Candidates flow through the SAME scoring / fp-rate eval below; we do not
+  // bypass any guardrail. Off by default to preserve existing behavior.
+  let silentFailureStats = null;
+  if (process.env.THUMBGATE_SILENT_FAILURE_CLUSTERING === '1') {
+    try {
+      const { generateSilentFailureCandidates } = require('./silent-failure-cluster');
+      const sfResult = generateSilentFailureCandidates({ feedbackLogPath });
+      silentFailureStats = sfResult.stats;
+      if (sfResult.candidates && sfResult.candidates.length > 0) {
+        candidates = candidates.concat(sfResult.candidates);
+      }
+      if (verbose) {
+        process.stdout.write(
+          `[meta-agent] silent-failure-cluster: candidates=${sfResult.candidates.length} `
+          + `failed=${sfResult.stats.failedCalls} clusters=${sfResult.stats.clusters} `
+          + `skipped=${sfResult.stats.skippedReason || 'none'}\n`
+        );
+      }
+    } catch (err) {
+      if (verbose) process.stdout.write(`[meta-agent] silent-failure-cluster failed (non-fatal): ${err.message}\n`);
+    }
+  }
+
   if (verbose) {
     process.stdout.write(`[meta-agent] candidates generated: ${candidates.length} (mode=${analysisMode})\n`);
   }
@@ -507,6 +537,8 @@ async function runMetaAgentLoop({ dryRun = false, verbose = false } = {}) {
         skipped: evolutionResult.skipped || false,
       }
       : null,
+    silentFailureCluster: silentFailureStats,
+    silentFailureDerivedGates: promotedGates.filter((g) => g.origin === 'silent-failure-cluster').length,
   };
 
   if (!dryRun) {

package/scripts/pro-local-dashboard.js

@@ -16,7 +16,7 @@ const CREATOR_SYNTHETIC_KEY = process.env.THUMBGATE_DEV_KEY || '';
  *   2. Env var: THUMBGATE_DEV_BYPASS=[set via THUMBGATE_DEV_SECRET env var]
  * Requires a specific non-obvious value (not boolean) to prevent accidental activation.
  */
-function isCreatorDev({ env = process.env, homeDir = os.homedir() } = {}) {
+function isCreatorDev({ env = process.env, homeDir = env.HOME || env.USERPROFILE || os.homedir() } = {}) {
   // Layer 1: env var with specific value
   if (CREATOR_BYPASS_VALUE && String(env[CREATOR_BYPASS_ENV] || '') === CREATOR_BYPASS_VALUE) {
     return true;
@@ -37,7 +37,7 @@ function isCreatorDev({ env = process.env, homeDir = os.homedir() } = {}) {
  * with any non-empty bypass value. No env var needed — just the config file.
  * Used by the server to skip auth on localhost during local development.
  */
-function hasDevOverride(homeDir = os.homedir()) {
+function hasDevOverride(homeDir = process.env.HOME || process.env.USERPROFILE || os.homedir()) {
   // Disabled during test runs to avoid interfering with auth assertions
   if (process.env.NODE_TEST_CONTEXT || process.env.THUMBGATE_TESTING) return false;
   try {
@@ -47,11 +47,11 @@ function hasDevOverride(homeDir = os.homedir()) {
   } catch { return false; }
 }
 
-function getLicenseDir(homeDir = os.homedir()) {
+function getLicenseDir(homeDir = process.env.HOME || process.env.USERPROFILE || os.homedir()) {
   return path.join(homeDir, '.thumbgate');
 }
 
-function getLicensePath(homeDir = os.homedir()) {
+function getLicensePath(homeDir = process.env.HOME || process.env.USERPROFILE || os.homedir()) {
   return path.join(getLicenseDir(homeDir), 'license.json');
 }
 

package/scripts/rate-limiter.js

@@ -29,6 +29,7 @@ const FREE_TIER_LIMITS = {
 };
 
 const FREE_TIER_MAX_GATES = 5; // 5 active prevention rules on free; Pro is unlimited
+const FREE_TIER_DAILY_BLOCKS = 10; // 10 gate blocks/day on free; after limit, deny → warn + upgrade CTA
 
 const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
 
@@ -45,7 +46,10 @@ function getInstallAgeDays() {
   try {
     const { INSTALL_ID_PATH } = require('./cli-telemetry');
     if (!fs.existsSync(INSTALL_ID_PATH)) return null;
-    const created = fs.statSync(INSTALL_ID_PATH).birthtimeMs || fs.statSync(INSTALL_ID_PATH).mtimeMs;
+    // Use mtimeMs — birthtimeMs is unreliable on Linux (ext4 doesn't backdate creation time).
+    // The install-id file is written once at install, so mtime == creation time in practice.
+    const stat = fs.statSync(INSTALL_ID_PATH);
+    const created = stat.mtimeMs || stat.birthtimeMs;
     if (!Number.isFinite(created) || created <= 0) return null;
     return (Date.now() - created) / (1000 * 60 * 60 * 24);
   } catch (_) {
@@ -211,6 +215,7 @@ function getUsage(action, authContext) {
 module.exports = {
   checkLimit,
   getUsage,
+  getInstallAgeDays,
   isProTier,
   isInTrialPeriod,
   trialDaysRemaining,
@@ -219,6 +224,7 @@ module.exports = {
   todayKey,
   FREE_TIER_LIMITS,
   FREE_TIER_MAX_GATES,
+  FREE_TIER_DAILY_BLOCKS,
   TRIAL_DAYS,
   UPGRADE_MESSAGE,
   PAYWALL_MESSAGES,

package/scripts/self-healing-check.js

@@ -0,0 +1,193 @@
+#!/usr/bin/env node
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+const { spawnSync } = require('node:child_process');
+const { diagnoseFailure } = require('./failure-diagnostics');
+const { appendDiagnosticRecord } = require('./feedback-loop');
+
+const PROJECT_ROOT = path.join(__dirname, '..');
+const DEFAULT_MAX_BUFFER_BYTES = 64 * 1024 * 1024;
+const DEFAULT_TESTS_TIMEOUT_MS = Number.parseInt(
+  process.env.THUMBGATE_SELF_HEAL_TEST_TIMEOUT_MS || '',
+  10,
+) || 60 * 60_000;
+
+const DEFAULT_CHECKS = [
+  { name: 'budget_status', command: ['npm', 'run', 'budget:status'], timeoutMs: 60_000 },
+  { name: 'tests', command: ['npm', 'test'], timeoutMs: DEFAULT_TESTS_TIMEOUT_MS },
+  { name: 'prove_adapters', command: ['npm', 'run', 'prove:adapters'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+  { name: 'prove_automation', command: ['npm', 'run', 'prove:automation'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+  { name: 'prove_data_pipeline', command: ['npm', 'run', 'prove:data-pipeline'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+  { name: 'prove_tessl', command: ['npm', 'run', 'prove:tessl'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+];
+
+function runCommand(command, {
+  cwd = PROJECT_ROOT,
+  timeoutMs = 5 * 60_000,
+  env = process.env,
+  maxBufferBytes = DEFAULT_MAX_BUFFER_BYTES,
+} = {}) {
+  const [cmd, ...args] = command;
+  const started = Date.now();
+  const result = spawnSync(cmd, args, {
+    cwd,
+    env,
+    encoding: 'utf-8',
+    timeout: timeoutMs,
+    maxBuffer: maxBufferBytes,
+    shell: false,
+  });
+
+  const durationMs = Date.now() - started;
+  const status = Number.isInteger(result.status) ? result.status : 1;
+  return {
+    exitCode: status,
+    durationMs,
+    stdout: result.stdout || '',
+    stderr: result.stderr || '',
+    error: result.error ? result.error.message : null,
+  };
+}
+
+function createCheckEnvironment(check) {
+  const environment = { ...process.env };
+  let cleanup = null;
+
+  if (check.useTempProofDir) {
+    const proofDir = fs.mkdtempSync(path.join(os.tmpdir(), `thumbgate-${check.name}-`));
+    environment.THUMBGATE_PROOF_DIR = proofDir;
+    if (check.name === 'prove_automation') {
+      environment.THUMBGATE_AUTOMATION_PROOF_DIR = proofDir;
+    }
+    cleanup = () => {
+      fs.rmSync(proofDir, { recursive: true, force: true });
+    };
+  }
+
+  return { env: environment, cleanup };
+}
+
+function collectHealthReport({
+  checks = DEFAULT_CHECKS,
+  runner = runCommand,
+  cwd = PROJECT_ROOT,
+  persistDiagnostics = false,
+} = {}) {
+  const startedAt = new Date();
+  const results = checks.map((check) => {
+    const { env, cleanup } = createCheckEnvironment(check);
+    let run;
+    try {
+      run = runner(check.command, { cwd, timeoutMs: check.timeoutMs, env });
+    } finally {
+      if (cleanup) {
+        cleanup();
+      }
+    }
+    const diagnosis = run.exitCode === 0
+      ? null
+      : diagnoseFailure({
+        step: check.name,
+        context: check.command.join(' '),
+        healthCheck: {
+          name: check.name,
+          exitCode: run.exitCode,
+          status: 'unhealthy',
+          outputTail: `${run.stdout}\n${run.stderr}`.trim().slice(-2000),
+        },
+        exitCode: run.exitCode,
+        error: run.error,
+        output: `${run.stdout}\n${run.stderr}`.trim(),
+      });
+    const persistedDiagnosis = persistDiagnostics && diagnosis
+      ? appendDiagnosticRecord({
+        source: 'self_heal_check',
+        step: check.name,
+        context: check.command.join(' '),
+        diagnosis,
+        metadata: {
+          command: check.command.join(' '),
+        },
+      })
+      : null;
+    return {
+      name: check.name,
+      command: check.command.join(' '),
+      status: run.exitCode === 0 ? 'healthy' : 'unhealthy',
+      exitCode: run.exitCode,
+      durationMs: run.durationMs,
+      error: run.error,
+      outputTail: `${run.stdout}\n${run.stderr}`.trim().slice(-2000),
+      diagnosis,
+      persistedDiagnosis,
+    };
+  });
+
+  const healthyCount = results.filter((x) => x.status === 'healthy').length;
+  const unhealthyCount = results.length - healthyCount;
+
+  return {
+    generatedAt: startedAt.toISOString(),
+    durationMs: Date.now() - startedAt.getTime(),
+    overall_status: unhealthyCount === 0 ? 'healthy' : 'unhealthy',
+    summary: {
+      total: results.length,
+      healthy: healthyCount,
+      unhealthy: unhealthyCount,
+    },
+    checks: results,
+  };
+}
+
+function reportToText(report) {
+  const lines = [];
+  lines.push(`Self-Healing Health Check @ ${report.generatedAt}`);
+  lines.push(`Overall: ${report.overall_status.toUpperCase()}`);
+  lines.push(`Checks: ${report.summary.healthy}/${report.summary.total} healthy`);
+  lines.push('');
+
+  report.checks.forEach((check) => {
+    const icon = check.status === 'healthy' ? '✅' : '❌';
+    lines.push(`${icon} ${check.name} (${check.durationMs}ms)`);
+    if (check.status !== 'healthy') {
+      lines.push(`   command: ${check.command}`);
+      if (check.error) lines.push(`   error: ${check.error}`);
+      if (check.diagnosis && check.diagnosis.rootCauseCategory) {
+        lines.push(`   diagnosis: ${check.diagnosis.rootCauseCategory}`);
+      }
+    }
+  });
+
+  return `${lines.join('\n')}\n`;
+}
+
+function runCli() {
+  const args = new Set(process.argv.slice(2));
+  const emitJson = args.has('--json');
+  const noFail = args.has('--no-fail');
+  const report = collectHealthReport({ persistDiagnostics: true });
+
+  if (emitJson) {
+    console.log(JSON.stringify(report, null, 2));
+  } else {
+    process.stdout.write(reportToText(report));
+  }
+
+  if (!noFail && report.overall_status !== 'healthy') {
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  DEFAULT_CHECKS,
+  DEFAULT_TESTS_TIMEOUT_MS,
+  DEFAULT_MAX_BUFFER_BYTES,
+  runCommand,
+  collectHealthReport,
+  reportToText,
+};
+
+if (require.main === module) {
+  runCli();
+}