thumbgate 1.22.0 → 1.23.0

package/scripts/meta-agent-loop.js

@@ -282,6 +282,8 @@ function buildPromotedGate(candidate, metrics, runId) {
     occurrences: metrics.hits,
     promotedAt: new Date().toISOString(),
     source: 'meta-agent',
+    // origin distinguishes silent-failure-clustered candidates from feedback-derived ones
+    origin: candidate.origin || 'user-feedback',
     runId,
     score: parseFloat(metrics.score.toFixed(3)),
     hitRate: parseFloat(metrics.hitRate.toFixed(3)),
@@ -371,6 +373,34 @@ async function runMetaAgentLoop({ dryRun = false, verbose = false } = {}) {
     candidates = generateCandidatesHeuristic(failures, blockPatterns);
   }
 
+  // Tag existing-pipeline candidates with their origin so downstream precision
+  // measurement (silentFailureDerivedGates vs user-feedback-derived) is possible.
+  candidates = candidates.map((c) => (c.origin ? c : { ...c, origin: 'user-feedback' }));
+
+  // Step 3b: Silent-failure clustering — behind THUMBGATE_SILENT_FAILURE_CLUSTERING=1.
+  // Candidates flow through the SAME scoring / fp-rate eval below; we do not
+  // bypass any guardrail. Off by default to preserve existing behavior.
+  let silentFailureStats = null;
+  if (process.env.THUMBGATE_SILENT_FAILURE_CLUSTERING === '1') {
+    try {
+      const { generateSilentFailureCandidates } = require('./silent-failure-cluster');
+      const sfResult = generateSilentFailureCandidates({ feedbackLogPath });
+      silentFailureStats = sfResult.stats;
+      if (sfResult.candidates && sfResult.candidates.length > 0) {
+        candidates = candidates.concat(sfResult.candidates);
+      }
+      if (verbose) {
+        process.stdout.write(
+          `[meta-agent] silent-failure-cluster: candidates=${sfResult.candidates.length} `
+          + `failed=${sfResult.stats.failedCalls} clusters=${sfResult.stats.clusters} `
+          + `skipped=${sfResult.stats.skippedReason || 'none'}\n`
+        );
+      }
+    } catch (err) {
+      if (verbose) process.stdout.write(`[meta-agent] silent-failure-cluster failed (non-fatal): ${err.message}\n`);
+    }
+  }
+
   if (verbose) {
     process.stdout.write(`[meta-agent] candidates generated: ${candidates.length} (mode=${analysisMode})\n`);
   }
@@ -507,6 +537,8 @@ async function runMetaAgentLoop({ dryRun = false, verbose = false } = {}) {
         skipped: evolutionResult.skipped || false,
       }
       : null,
+    silentFailureCluster: silentFailureStats,
+    silentFailureDerivedGates: promotedGates.filter((g) => g.origin === 'silent-failure-cluster').length,
   };
 
   if (!dryRun) {

package/scripts/pro-local-dashboard.js

@@ -16,7 +16,7 @@ const CREATOR_SYNTHETIC_KEY = process.env.THUMBGATE_DEV_KEY || '';
  *   2. Env var: THUMBGATE_DEV_BYPASS=[set via THUMBGATE_DEV_SECRET env var]
  * Requires a specific non-obvious value (not boolean) to prevent accidental activation.
  */
-function isCreatorDev({ env = process.env, homeDir = os.homedir() } = {}) {
+function isCreatorDev({ env = process.env, homeDir = env.HOME || env.USERPROFILE || os.homedir() } = {}) {
   // Layer 1: env var with specific value
   if (CREATOR_BYPASS_VALUE && String(env[CREATOR_BYPASS_ENV] || '') === CREATOR_BYPASS_VALUE) {
     return true;
@@ -37,7 +37,7 @@ function isCreatorDev({ env = process.env, homeDir = os.homedir() } = {}) {
  * with any non-empty bypass value. No env var needed — just the config file.
  * Used by the server to skip auth on localhost during local development.
  */
-function hasDevOverride(homeDir = os.homedir()) {
+function hasDevOverride(homeDir = process.env.HOME || process.env.USERPROFILE || os.homedir()) {
   // Disabled during test runs to avoid interfering with auth assertions
   if (process.env.NODE_TEST_CONTEXT || process.env.THUMBGATE_TESTING) return false;
   try {
@@ -47,11 +47,11 @@ function hasDevOverride(homeDir = os.homedir()) {
   } catch { return false; }
 }
 
-function getLicenseDir(homeDir = os.homedir()) {
+function getLicenseDir(homeDir = process.env.HOME || process.env.USERPROFILE || os.homedir()) {
   return path.join(homeDir, '.thumbgate');
 }
 
-function getLicensePath(homeDir = os.homedir()) {
+function getLicensePath(homeDir = process.env.HOME || process.env.USERPROFILE || os.homedir()) {
   return path.join(getLicenseDir(homeDir), 'license.json');
 }
 

package/scripts/rate-limiter.js

@@ -29,6 +29,7 @@ const FREE_TIER_LIMITS = {
 };
 
 const FREE_TIER_MAX_GATES = 5; // 5 active prevention rules on free; Pro is unlimited
+const FREE_TIER_DAILY_BLOCKS = 10; // 10 gate blocks/day on free; after limit, deny → warn + upgrade CTA
 
 const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
 
@@ -45,7 +46,10 @@ function getInstallAgeDays() {
   try {
     const { INSTALL_ID_PATH } = require('./cli-telemetry');
     if (!fs.existsSync(INSTALL_ID_PATH)) return null;
-    const created = fs.statSync(INSTALL_ID_PATH).birthtimeMs || fs.statSync(INSTALL_ID_PATH).mtimeMs;
+    // Use mtimeMs — birthtimeMs is unreliable on Linux (ext4 doesn't backdate creation time).
+    // The install-id file is written once at install, so mtime == creation time in practice.
+    const stat = fs.statSync(INSTALL_ID_PATH);
+    const created = stat.mtimeMs || stat.birthtimeMs;
     if (!Number.isFinite(created) || created <= 0) return null;
     return (Date.now() - created) / (1000 * 60 * 60 * 24);
   } catch (_) {
@@ -211,6 +215,7 @@ function getUsage(action, authContext) {
 module.exports = {
   checkLimit,
   getUsage,
+  getInstallAgeDays,
   isProTier,
   isInTrialPeriod,
   trialDaysRemaining,
@@ -219,6 +224,7 @@ module.exports = {
   todayKey,
   FREE_TIER_LIMITS,
   FREE_TIER_MAX_GATES,
+  FREE_TIER_DAILY_BLOCKS,
   TRIAL_DAYS,
   UPGRADE_MESSAGE,
   PAYWALL_MESSAGES,

package/scripts/self-healing-check.js

@@ -0,0 +1,193 @@
+#!/usr/bin/env node
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+const { spawnSync } = require('node:child_process');
+const { diagnoseFailure } = require('./failure-diagnostics');
+const { appendDiagnosticRecord } = require('./feedback-loop');
+
+const PROJECT_ROOT = path.join(__dirname, '..');
+const DEFAULT_MAX_BUFFER_BYTES = 64 * 1024 * 1024;
+const DEFAULT_TESTS_TIMEOUT_MS = Number.parseInt(
+  process.env.THUMBGATE_SELF_HEAL_TEST_TIMEOUT_MS || '',
+  10,
+) || 60 * 60_000;
+
+const DEFAULT_CHECKS = [
+  { name: 'budget_status', command: ['npm', 'run', 'budget:status'], timeoutMs: 60_000 },
+  { name: 'tests', command: ['npm', 'test'], timeoutMs: DEFAULT_TESTS_TIMEOUT_MS },
+  { name: 'prove_adapters', command: ['npm', 'run', 'prove:adapters'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+  { name: 'prove_automation', command: ['npm', 'run', 'prove:automation'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+  { name: 'prove_data_pipeline', command: ['npm', 'run', 'prove:data-pipeline'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+  { name: 'prove_tessl', command: ['npm', 'run', 'prove:tessl'], timeoutMs: 10 * 60_000, useTempProofDir: true },
+];
+
+function runCommand(command, {
+  cwd = PROJECT_ROOT,
+  timeoutMs = 5 * 60_000,
+  env = process.env,
+  maxBufferBytes = DEFAULT_MAX_BUFFER_BYTES,
+} = {}) {
+  const [cmd, ...args] = command;
+  const started = Date.now();
+  const result = spawnSync(cmd, args, {
+    cwd,
+    env,
+    encoding: 'utf-8',
+    timeout: timeoutMs,
+    maxBuffer: maxBufferBytes,
+    shell: false,
+  });
+
+  const durationMs = Date.now() - started;
+  const status = Number.isInteger(result.status) ? result.status : 1;
+  return {
+    exitCode: status,
+    durationMs,
+    stdout: result.stdout || '',
+    stderr: result.stderr || '',
+    error: result.error ? result.error.message : null,
+  };
+}
+
+function createCheckEnvironment(check) {
+  const environment = { ...process.env };
+  let cleanup = null;
+
+  if (check.useTempProofDir) {
+    const proofDir = fs.mkdtempSync(path.join(os.tmpdir(), `thumbgate-${check.name}-`));
+    environment.THUMBGATE_PROOF_DIR = proofDir;
+    if (check.name === 'prove_automation') {
+      environment.THUMBGATE_AUTOMATION_PROOF_DIR = proofDir;
+    }
+    cleanup = () => {
+      fs.rmSync(proofDir, { recursive: true, force: true });
+    };
+  }
+
+  return { env: environment, cleanup };
+}
+
+function collectHealthReport({
+  checks = DEFAULT_CHECKS,
+  runner = runCommand,
+  cwd = PROJECT_ROOT,
+  persistDiagnostics = false,
+} = {}) {
+  const startedAt = new Date();
+  const results = checks.map((check) => {
+    const { env, cleanup } = createCheckEnvironment(check);
+    let run;
+    try {
+      run = runner(check.command, { cwd, timeoutMs: check.timeoutMs, env });
+    } finally {
+      if (cleanup) {
+        cleanup();
+      }
+    }
+    const diagnosis = run.exitCode === 0
+      ? null
+      : diagnoseFailure({
+        step: check.name,
+        context: check.command.join(' '),
+        healthCheck: {
+          name: check.name,
+          exitCode: run.exitCode,
+          status: 'unhealthy',
+          outputTail: `${run.stdout}\n${run.stderr}`.trim().slice(-2000),
+        },
+        exitCode: run.exitCode,
+        error: run.error,
+        output: `${run.stdout}\n${run.stderr}`.trim(),
+      });
+    const persistedDiagnosis = persistDiagnostics && diagnosis
+      ? appendDiagnosticRecord({
+        source: 'self_heal_check',
+        step: check.name,
+        context: check.command.join(' '),
+        diagnosis,
+        metadata: {
+          command: check.command.join(' '),
+        },
+      })
+      : null;
+    return {
+      name: check.name,
+      command: check.command.join(' '),
+      status: run.exitCode === 0 ? 'healthy' : 'unhealthy',
+      exitCode: run.exitCode,
+      durationMs: run.durationMs,
+      error: run.error,
+      outputTail: `${run.stdout}\n${run.stderr}`.trim().slice(-2000),
+      diagnosis,
+      persistedDiagnosis,
+    };
+  });
+
+  const healthyCount = results.filter((x) => x.status === 'healthy').length;
+  const unhealthyCount = results.length - healthyCount;
+
+  return {
+    generatedAt: startedAt.toISOString(),
+    durationMs: Date.now() - startedAt.getTime(),
+    overall_status: unhealthyCount === 0 ? 'healthy' : 'unhealthy',
+    summary: {
+      total: results.length,
+      healthy: healthyCount,
+      unhealthy: unhealthyCount,
+    },
+    checks: results,
+  };
+}
+
+function reportToText(report) {
+  const lines = [];
+  lines.push(`Self-Healing Health Check @ ${report.generatedAt}`);
+  lines.push(`Overall: ${report.overall_status.toUpperCase()}`);
+  lines.push(`Checks: ${report.summary.healthy}/${report.summary.total} healthy`);
+  lines.push('');
+
+  report.checks.forEach((check) => {
+    const icon = check.status === 'healthy' ? '✅' : '❌';
+    lines.push(`${icon} ${check.name} (${check.durationMs}ms)`);
+    if (check.status !== 'healthy') {
+      lines.push(`   command: ${check.command}`);
+      if (check.error) lines.push(`   error: ${check.error}`);
+      if (check.diagnosis && check.diagnosis.rootCauseCategory) {
+        lines.push(`   diagnosis: ${check.diagnosis.rootCauseCategory}`);
+      }
+    }
+  });
+
+  return `${lines.join('\n')}\n`;
+}
+
+function runCli() {
+  const args = new Set(process.argv.slice(2));
+  const emitJson = args.has('--json');
+  const noFail = args.has('--no-fail');
+  const report = collectHealthReport({ persistDiagnostics: true });
+
+  if (emitJson) {
+    console.log(JSON.stringify(report, null, 2));
+  } else {
+    process.stdout.write(reportToText(report));
+  }
+
+  if (!noFail && report.overall_status !== 'healthy') {
+    process.exit(1);
+  }
+}
+
+module.exports = {
+  DEFAULT_CHECKS,
+  DEFAULT_TESTS_TIMEOUT_MS,
+  DEFAULT_MAX_BUFFER_BYTES,
+  runCommand,
+  collectHealthReport,
+  reportToText,
+};
+
+if (require.main === module) {
+  runCli();
+}