thumbgate 1.26.8 → 1.27.2

package/scripts/plausible-domain-config.js

@@ -0,0 +1,86 @@
+'use strict';
+
+const PRIMARY_PLAUSIBLE_DOMAIN = 'thumbgate.ai';
+const FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN = 'thumbgate-production.up.railway.app';
+
+function splitDomains(value) {
+  return String(value || '')
+    .split(/[\s,]+/)
+    .map((domain) => domain.trim().toLowerCase())
+    .filter(Boolean);
+}
+
+function normalizeDomain(value) {
+  const input = String(value || '').trim();
+  if (!input) return '';
+  try {
+    return new URL(input.includes('://') ? input : `https://${input}`).host.toLowerCase();
+  } catch {
+    return input.replace(/^https?:\/\//i, '').replace(/\/.*$/, '').toLowerCase();
+  }
+}
+
+function getConfiguredRegisteredDomains(env = process.env) {
+  const configured = [
+    ...splitDomains(env.PLAUSIBLE_SITE_ID),
+    ...splitDomains(env.PLAUSIBLE_SITE_IDS),
+    ...splitDomains(env.THUMBGATE_PLAUSIBLE_REGISTERED_DOMAINS),
+    ...splitDomains(env.PLAUSIBLE_REGISTERED_DOMAINS),
+  ].map(normalizeDomain).filter(Boolean);
+
+  return [...new Set([
+    FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN,
+    ...configured,
+  ])];
+}
+
+function isPlausibleDomainRegistered(domain, env = process.env) {
+  const normalized = normalizeDomain(domain);
+  if (!normalized) return false;
+  return getConfiguredRegisteredDomains(env).includes(normalized);
+}
+
+function resolvePlausibleDataDomain({ host = '', env = process.env } = {}) {
+  const explicit = normalizeDomain(env.THUMBGATE_PLAUSIBLE_DOMAIN);
+  if (explicit) return explicit;
+
+  const normalizedHost = normalizeDomain(host);
+  if (isPlausibleDomainRegistered(normalizedHost, env)) {
+    return normalizedHost;
+  }
+
+  return FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN;
+}
+
+function analyzePlausibleDomainCoverage({
+  emittedDomains = [],
+  registeredDomains = [],
+  primaryDomain = PRIMARY_PLAUSIBLE_DOMAIN,
+} = {}) {
+  const emitted = [...new Set(emittedDomains.map(normalizeDomain).filter(Boolean))];
+  const registered = [...new Set(registeredDomains.map(normalizeDomain).filter(Boolean))];
+  const registeredSet = new Set(registered);
+  const missingEmittedDomains = emitted.filter((domain) => !registeredSet.has(domain));
+  const primaryRegistered = registeredSet.has(normalizeDomain(primaryDomain));
+
+  return {
+    ok: missingEmittedDomains.length === 0 && primaryRegistered,
+    emittedDomains: emitted,
+    registeredDomains: registered,
+    missingEmittedDomains,
+    primaryDomain: normalizeDomain(primaryDomain),
+    primaryRegistered,
+    severity: missingEmittedDomains.length > 0 || !primaryRegistered ? 'critical' : 'ok',
+  };
+}
+
+module.exports = {
+  PRIMARY_PLAUSIBLE_DOMAIN,
+  FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN,
+  splitDomains,
+  normalizeDomain,
+  getConfiguredRegisteredDomains,
+  isPlausibleDomainRegistered,
+  resolvePlausibleDataDomain,
+  analyzePlausibleDomainCoverage,
+};

package/scripts/plausible-server-events.js

@@ -24,8 +24,10 @@
  */
 
 const https = require('node:https');
+const {
+  resolvePlausibleDataDomain,
+} = require('./plausible-domain-config');
 
-const DEFAULT_PLAUSIBLE_DOMAIN = 'thumbgate.ai';
 const PLAUSIBLE_ENDPOINT = 'https://plausible.io/api/event';
 const REQUEST_TIMEOUT_MS = 2_000;
 
@@ -40,7 +42,7 @@ function isPlausibleDisabled() {
 }
 
 function getPlausibleDomain() {
-  return process.env.THUMBGATE_PLAUSIBLE_DOMAIN || DEFAULT_PLAUSIBLE_DOMAIN;
+  return resolvePlausibleDataDomain();
 }
 
 /**

package/scripts/proxy-pointer-rag-guardrails.js

@@ -39,9 +39,23 @@ function normalizeOptions(options = {}) {
     ...splitCsv(options.documents),
     ...splitCsv(options['document-ids']),
   ]);
+  const sourcePointers = unique([
+    ...splitCsv(options['source-pointers']),
+    ...splitCsv(options.pointers),
+    ...splitCsv(options.sources),
+  ]);
   const candidateImages = Number.isFinite(Number(options['candidate-images']))
     ? Number(options['candidate-images'])
     : null;
+  const extractedEntities = Number.isFinite(Number(options['extracted-entities']))
+    ? Number(options['extracted-entities'])
+    : 0;
+  const extractedRelations = Number.isFinite(Number(options['extracted-relations']))
+    ? Number(options['extracted-relations'])
+    : 0;
+  const promotionThreshold = Number.isFinite(Number(options['promotion-threshold']))
+    ? Number(options['promotion-threshold'])
+    : 3;
 
   return {
     ragTool: String(options['rag-tool'] || options.tool || 'proxy-pointer-rag').trim() || 'proxy-pointer-rag',
@@ -49,10 +63,15 @@ function normalizeOptions(options = {}) {
     sectionIds,
     imagePointers,
     documentIds,
+    sourcePointers,
     candidateImages,
+    extractedEntities,
+    extractedRelations,
+    promotionThreshold,
     crossDocumentPolicy: String(options['cross-doc-policy'] || options['cross-document-policy'] || '').trim().toLowerCase(),
     visionFilter: normalizeBoolean(options['vision-filter']),
     visualClaims: normalizeBoolean(options['visual-claims']),
+    pointerFirst: normalizeBoolean(options['pointer-first']) || normalizeBoolean(options['proxy-pointer']),
   };
 }
 
@@ -72,6 +91,14 @@ function gateApplicability(template, options) {
   return false;
 }
 
+function hasExtractionSprawl(options) {
+  const extractedFacts = options.extractedEntities + options.extractedRelations;
+  if (extractedFacts === 0) return false;
+  if (options.pointerFirst) return true;
+  if (options.sourcePointers.length === 0) return true;
+  return extractedFacts > options.sourcePointers.length * Math.max(2, options.promotionThreshold);
+}
+
 function buildSignalSummary(options) {
   const signals = [];
   if (options.treePath || options.sectionIds.length > 0) {
@@ -110,6 +137,19 @@ function buildSignalSummary(options) {
       risk: 'answers that describe image content may need a vision-model sanity check',
     });
   }
+  if (hasExtractionSprawl(options)) {
+    signals.push({
+      id: 'entity_relation_sprawl',
+      label: 'Entity/relation extraction sprawl',
+      values: unique([
+        `${options.extractedEntities} extracted entities`,
+        `${options.extractedRelations} extracted relations`,
+        `${options.sourcePointers.length} source pointers`,
+        `promotion threshold ${options.promotionThreshold}`,
+      ]),
+      risk: 'eager graph extraction can create stale aliases, weak edges, and unauditable memory; keep source pointers first and promote relations only after repeated retrieval value',
+    });
+  }
   return signals;
 }
 
@@ -139,11 +179,12 @@ function buildProxyPointerRagGuardrailsPlan(rawOptions = {}, templatesPath) {
     templates: recommendedTemplates,
     nextActions: [
       'Preserve document hierarchy, section IDs, and image file paths during ingestion.',
+      'Store source pointers before extracting entities or relations; promote a relation only after repeated retrieval value and source verification.',
       'Pass section-tree and image-pointer metadata into the agent before it answers with visuals.',
       'Enable the recommended Document RAG Safety templates as pre-action gates.',
       'Use a vision filter only for high-impact answers that make claims about visual content.',
     ],
-    exampleCommand: 'npx thumbgate proxy-pointer-rag-guardrails --tree-path=.rag/tree.json --image-pointers=paper-1/figures/fig2.png --documents=paper-1 --visual-claims --json',
+    exampleCommand: 'npx thumbgate proxy-pointer-rag-guardrails --tree-path=.rag/tree.json --source-pointers=lesson/fb_123,tool/run_456 --extracted-entities=120 --extracted-relations=80 --pointer-first --json',
   };
 }
 

package/scripts/qa-scenario-planner.js

@@ -0,0 +1,136 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+
+const RUNTIME_PATTERNS = [
+  { pattern: /^public\/.*\.(html|css|js)$/i, surface: 'browser', reason: 'public UI asset changed' },
+  { pattern: /^src\/api\//i, surface: 'api', reason: 'API route or server behavior changed' },
+  { pattern: /^bin\//i, surface: 'cli', reason: 'CLI entrypoint changed' },
+  { pattern: /^scripts\/(dashboard|pro-local-dashboard|.*gate|.*scanner|.*reward|.*routing).*\.js$/i, surface: 'agent-runtime', reason: 'agent runtime or gate behavior changed' },
+  { pattern: /^adapters\//i, surface: 'agent-adapter', reason: 'agent adapter changed' },
+  { pattern: /^plugins\//i, surface: 'plugin', reason: 'plugin install path changed' },
+  { pattern: /^package\.json$/i, surface: 'package', reason: 'package manifest changed' },
+];
+
+const SKIP_PATTERNS = [
+  /^README\.md$/i,
+  /^docs\//i,
+  /^reports\//i,
+  /^proof\//i,
+  /^tests\/.*\.test\.js$/i,
+  /^\.claude\/implementation-notes\//i,
+];
+
+function normalizeFiles(files = []) {
+  return Array.from(new Set(files
+    .map((file) => String(file || '').trim().replace(/^\.?\//, ''))
+    .filter(Boolean)));
+}
+
+function classifyFile(file) {
+  for (const entry of RUNTIME_PATTERNS) {
+    if (entry.pattern.test(file)) return { ...entry, file };
+  }
+  for (const pattern of SKIP_PATTERNS) {
+    if (pattern.test(file)) return { surface: 'skip', reason: 'no runtime impact', file };
+  }
+  return { surface: 'focused', reason: 'unknown runtime impact; run focused checks', file };
+}
+
+function parseChangedFilesFromDiff(diff = '') {
+  const files = [];
+  for (const line of String(diff || '').split('\n')) {
+    const match = line.match(/^diff --git a\/(.+?) b\/(.+)$/);
+    if (match) files.push(match[2]);
+  }
+  return normalizeFiles(files);
+}
+
+function planQaScenario(input = {}) {
+  const files = normalizeFiles(input.files || parseChangedFilesFromDiff(input.diff || ''));
+  const classifications = files.map(classifyFile);
+  const surfaces = Array.from(new Set(classifications.map((entry) => entry.surface)));
+  const runtimeChanges = classifications.filter((entry) => entry.surface !== 'skip');
+  const skipOnly = files.length > 0 && runtimeChanges.length === 0;
+
+  const recommendedRunner = chooseRunner(surfaces, input);
+  const userScenario = buildUserScenario(runtimeChanges, input);
+  return {
+    name: 'thumbgate-user-impact-qa-scenario',
+    status: skipOnly ? 'skip' : 'actionable',
+    files,
+    classifications,
+    recommendedRunner,
+    userScenario,
+    commands: buildCommands(recommendedRunner, runtimeChanges),
+    regressionPolicy: skipOnly
+      ? 'skip durable QA; no runtime-impact files changed'
+      : 'if the QA agent finds a deterministic failure, convert it into a focused regression test before opening a fix PR',
+    transientFailurePolicy: 'doctor the browser/computer-use runner once, retry once, then label as infrastructure-flaky instead of product-regression',
+  };
+}
+
+function chooseRunner(surfaces, input = {}) {
+  if (input.forceComputerUse || surfaces.includes('plugin') || surfaces.includes('agent-adapter')) return 'computer-use-qa';
+  if (surfaces.includes('browser') || surfaces.includes('api')) return 'browser-qa';
+  if (surfaces.includes('cli') || surfaces.includes('agent-runtime') || surfaces.includes('package')) return 'focused-node-qa';
+  if (surfaces.every((surface) => surface === 'skip')) return 'skip';
+  return 'focused-node-qa';
+}
+
+function buildUserScenario(runtimeChanges, input = {}) {
+  if (runtimeChanges.length === 0) return 'No user-impact scenario required; changed files are docs, tests, reports, or proof artifacts only.';
+  const surfaces = Array.from(new Set(runtimeChanges.map((entry) => entry.surface)));
+  if (surfaces.includes('browser') || surfaces.includes('api')) {
+    return 'Open the affected page as a user, perform the primary CTA or dashboard action, verify visible state changes, then check the related API response.';
+  }
+  if (surfaces.includes('plugin') || surfaces.includes('agent-adapter')) {
+    return 'Install or reload the affected agent integration, run one thumbs-up and one thumbs-down capture, then verify the next risky action is gated.';
+  }
+  if (surfaces.includes('cli')) {
+    return 'Run the changed CLI command with --help and one realistic command path, then verify exit code, JSON output, and no stale command copy.';
+  }
+  return input.scenario || 'Run the focused test for the changed runtime surface, then verify the behavior with one realistic operator workflow.';
+}
+
+function buildCommands(runner, runtimeChanges) {
+  if (runner === 'skip') return [];
+  const commands = ['npm test -- --test-concurrency=1'];
+  if (runner === 'browser-qa') commands.push('npx playwright test tests/e2e --project=chromium');
+  if (runner === 'computer-use-qa') commands.push('node scripts/qa-scenario-planner.js --doctor-runner');
+  if (runtimeChanges.some((entry) => entry.surface === 'package')) commands.push('npm pack --dry-run');
+  return commands;
+}
+
+function parseArgs(argv = process.argv.slice(2)) {
+  const args = {};
+  for (const arg of argv) {
+    if (arg === '--json') args.json = true;
+    else if (arg === '--doctor-runner') args.doctorRunner = true;
+    else if (arg.startsWith('--files=')) args.files = arg.slice('--files='.length).split(',');
+    else if (arg.startsWith('--diff-file=')) args.diff = fs.readFileSync(arg.slice('--diff-file='.length), 'utf8');
+    else if (arg.startsWith('--scenario=')) args.scenario = arg.slice('--scenario='.length);
+  }
+  return args;
+}
+
+if (require.main === module) {
+  const args = parseArgs();
+  if (args.doctorRunner) {
+    console.log('QA runner doctor: verify browser/computer-use target, screenshot capture, and network reachability before blaming product code.');
+    process.exit(0);
+  }
+  const report = planQaScenario(args);
+  if (args.json) console.log(JSON.stringify(report, null, 2));
+  else {
+    console.log(`${report.status.toUpperCase()}: ${report.userScenario}`);
+    for (const command of report.commands) console.log(`- ${command}`);
+  }
+}
+
+module.exports = {
+  classifyFile,
+  parseChangedFilesFromDiff,
+  planQaScenario,
+};

package/scripts/repeat-metric.js

@@ -7,10 +7,10 @@
 // does NOT write to disk; it is a pure function over gates-engine.loadStats().
 //
 // The headline number is stats.recurringBlocks — incremented by recordStat()
-// in gates-engine.js every time the SAME gateId fires twice within one session
-// bucket. That is exactly "a pre-action gate fire that stopped a tool call the
-// agent had already been blocked on", i.e. a repeat attempt prevented before it
-// could round-trip and execute.
+// in gates-engine.js every time the same gate blocks/warns the same sanitized
+// action fingerprint within one session bucket. That is "a pre-action gate fire
+// that stopped a tool call the agent had already been blocked on", rather than
+// merely "the same noisy gate fired again."
 // ---------------------------------------------------------------------------
 
 const gatesEngine = require('./gates-engine');
@@ -18,12 +18,12 @@ const gatesEngine = require('./gates-engine');
 /**
  * Derive a per-gate { firstBlocks, repeatBlocks } split from the raw stats.
  *
- * recordStat() records, per session bucket, which gates have fired
- * (stats.sessionFiredGates[sessionKey][gateId] === true). The FIRST fire of a
- * gate in a bucket marks the flag; every subsequent fire in that same bucket
- * increments stats.recurringBlocks. So for each gate:
- *   firstBlocks  = number of distinct session buckets the gate fired in
- *   repeatBlocks = (total block+warn events for the gate) - firstBlocks
+ * Modern stats record, per session bucket, which sanitized action fingerprints
+ * each gate fired on:
+ *   stats.sessionFiredActions[sessionKey][gateId][fingerprint] === true
+ *
+ * firstBlocks is the count of distinct first action fingerprints. Legacy stats
+ * without fingerprints fall back to the old per-session-gate split.
  *
  * total block+warn events come from stats.byGate[id] (blocked + warned), which
  * recordStat() also maintains. repeatBlocks is clamped to >= 0 to stay robust
@@ -34,15 +34,30 @@ const gatesEngine = require('./gates-engine');
  */
 function computeByGateSplit(stats) {
   const byGate = {};
+  const sessionFiredActions = (stats && stats.sessionFiredActions) || {};
   const sessionFiredGates = (stats && stats.sessionFiredGates) || {};
   const rawByGate = (stats && stats.byGate) || {};
 
-  // Count distinct session buckets each gate fired in => firstBlocks.
+  // Count distinct action fingerprints each gate fired on => firstBlocks.
   const firstBlocksByGate = {};
+  const gatesWithActionStats = new Set();
+  for (const sessionKey of Object.keys(sessionFiredActions)) {
+    const fired = sessionFiredActions[sessionKey] || {};
+    for (const gateId of Object.keys(fired)) {
+      const fingerprints = fired[gateId] || {};
+      const count = Object.values(fingerprints).filter(Boolean).length;
+      if (count > 0) {
+        gatesWithActionStats.add(gateId);
+        firstBlocksByGate[gateId] = (firstBlocksByGate[gateId] || 0) + count;
+      }
+    }
+  }
+
+  // Legacy fallback: old stats only tracked gate fired per session bucket.
   for (const sessionKey of Object.keys(sessionFiredGates)) {
     const fired = sessionFiredGates[sessionKey] || {};
     for (const gateId of Object.keys(fired)) {
-      if (fired[gateId]) {
+      if (fired[gateId] && !gatesWithActionStats.has(gateId)) {
         firstBlocksByGate[gateId] = (firstBlocksByGate[gateId] || 0) + 1;
       }
     }
@@ -52,6 +67,7 @@ function computeByGateSplit(stats) {
   const gateIds = new Set([
     ...Object.keys(rawByGate),
     ...Object.keys(firstBlocksByGate),
+    ...Object.keys(sessionFiredActions).flatMap((sessionKey) => Object.keys(sessionFiredActions[sessionKey] || {})),
   ]);
 
   for (const gateId of gateIds) {

package/scripts/secret-fixture-tokens.js

@@ -0,0 +1,61 @@
+'use strict';
+
+const FIXTURE_TOKENS = {
+  awsAccessKeyId: '__TG_FIXTURE_AWS_ACCESS_KEY_ID__',
+  githubPat: '__TG_FIXTURE_GITHUB_PAT__',
+  openAiLegacyKey: '__TG_FIXTURE_OPENAI_LEGACY_KEY__',
+  openAiProjectKey: '__TG_FIXTURE_OPENAI_PROJECT_KEY__',
+  rsaPrivateKeyHeader: '__TG_FIXTURE_RSA_PRIVATE_KEY_HEADER__',
+  ecPrivateKeyHeader: '__TG_FIXTURE_EC_PRIVATE_KEY_HEADER__',
+  privateKeyHeader: '__TG_FIXTURE_PRIVATE_KEY_HEADER__',
+};
+
+function buildAwsAccessKeyId() {
+  return ['AKIA', 'IOSFODNN7EXAMPLE'].join('');
+}
+
+function buildGitHubPat() {
+  return ['gh', 'p_', 'x'.repeat(36)].join('');
+}
+
+function buildOpenAiLegacyKey() {
+  return ['sk', '-', 'abcdefghijklmnopqrstuvwxyz01234567890'].join('');
+}
+
+function buildOpenAiProjectKey() {
+  return ['sk', '-proj-', 'abcdefghijklmnopqrstuvwxyz01234567890'].join('');
+}
+
+function buildPemHeader(prefix = '') {
+  return ['-----BEGIN ', prefix, 'PRIVATE KEY-----'].join('');
+}
+
+function fixtureReplacements() {
+  return [
+    [FIXTURE_TOKENS.awsAccessKeyId, buildAwsAccessKeyId()],
+    [FIXTURE_TOKENS.githubPat, buildGitHubPat()],
+    [FIXTURE_TOKENS.openAiLegacyKey, buildOpenAiLegacyKey()],
+    [FIXTURE_TOKENS.openAiProjectKey, buildOpenAiProjectKey()],
+    [FIXTURE_TOKENS.rsaPrivateKeyHeader, buildPemHeader('RSA ')],
+    [FIXTURE_TOKENS.ecPrivateKeyHeader, buildPemHeader('EC ')],
+    [FIXTURE_TOKENS.privateKeyHeader, buildPemHeader('')],
+  ];
+}
+
+function expandFixturePlaceholders(value) {
+  let expanded = String(value || '');
+  for (const [token, replacement] of fixtureReplacements()) {
+    expanded = expanded.split(token).join(replacement);
+  }
+  return expanded;
+}
+
+module.exports = {
+  FIXTURE_TOKENS,
+  buildAwsAccessKeyId,
+  buildGitHubPat,
+  buildOpenAiLegacyKey,
+  buildOpenAiProjectKey,
+  buildPemHeader,
+  expandFixturePlaceholders,
+};

package/scripts/secret-scanner.js

@@ -55,6 +55,11 @@ const BASH_SECRET_READ_PREFIXES = [
 ];
 
 const EDIT_LIKE_TOOLS = new Set(['Edit', 'Write', 'MultiEdit']);
+const SAFE_SECRET_STORAGE_DIRS = [
+  '.resume_secrets',
+  '.thumbgate/secrets',
+  '.config/thumbgate',
+];
 
 function redactText(text) {
   if (!text) return '';
@@ -172,6 +177,13 @@ function heuristicScanText(text, source = 'text') {
     pattern.regex.lastIndex = 0;
     let match = pattern.regex.exec(input);
     while (match) {
+      // Safe test key bypass
+      const matchedString = match[0].toLowerCase();
+      if (pattern.id === 'generic_assignment' && (matchedString.includes('sk_test_') || matchedString.includes('test_token'))) {
+        match = pattern.regex.exec(input);
+        continue;
+      }
+      
       findings.push({
         id: pattern.id,
         label: pattern.label,
@@ -295,6 +307,26 @@ function resolvePathToken(token, cwd) {
   return path.join(cwd || process.cwd(), normalized);
 }
 
+function normalizePathForPolicy(filePath) {
+  return path.resolve(String(filePath || '').replace(/^~(?=\/|$)/, os.homedir()));
+}
+
+function isSafeSecretStoragePath(filePath) {
+  if (!filePath) return false;
+  const normalized = normalizePathForPolicy(filePath);
+  const home = normalizePathForPolicy(os.homedir());
+  return SAFE_SECRET_STORAGE_DIRS.some((dir) => {
+    const allowedRoot = path.join(home, dir);
+    return normalized === allowedRoot || normalized.startsWith(`${allowedRoot}${path.sep}`);
+  });
+}
+
+function isSafeSecretStorageWrite(toolName, toolInput = {}, cwd = process.cwd()) {
+  if (!EDIT_LIKE_TOOLS.has(toolName)) return false;
+  const paths = getToolInputPaths(toolInput, cwd);
+  return paths.length > 0 && paths.every((filePath) => isSafeSecretStoragePath(filePath));
+}
+
 function scanBashCommand(command, options = {}) {
   const cwd = options.cwd || process.cwd();
   const findings = [];
@@ -347,6 +379,7 @@ function scanHookInput(input = {}, options = {}) {
   let provider = resolveProvider(options.provider);
   let commandHash = null;
   let fileHashes = [];
+  const safeSecretStorageWrite = isSafeSecretStorageWrite(toolName, toolInput, cwd);
 
   const contentFields = [
     toolInput.content,
@@ -376,11 +409,13 @@ function scanHookInput(input = {}, options = {}) {
     }
   }
 
-  for (const content of contentFields) {
-    const result = scanText(content, { provider, source: 'tool_input' });
-    if (result.detected) {
-      provider = result.provider;
-      findings.push(...result.findings);
+  if (!safeSecretStorageWrite) {
+    for (const content of contentFields) {
+      const result = scanText(content, { provider, source: 'tool_input' });
+      if (result.detected) {
+        provider = result.provider;
+        findings.push(...result.findings);
+      }
     }
   }
 
@@ -402,6 +437,8 @@ function buildSafeSummary(findings, prefix) {
 module.exports = {
   SECRET_PATTERNS,
   SECRET_FILE_PATTERNS,
+  SAFE_SECRET_STORAGE_DIRS,
+  EDIT_LIKE_TOOLS,
   redactText,
   resolveProvider,
   scanText,
@@ -409,6 +446,8 @@ module.exports = {
   scanBashCommand,
   scanHookInput,
   classifySecretPath,
+  isSafeSecretStoragePath,
+  isSafeSecretStorageWrite,
   buildSafeSummary,
   tokenizeCommand,
 };

package/scripts/security-scanner.js

@@ -146,6 +146,14 @@ const VULN_PATTERNS = [
     regex: /(?:unserialize|yaml\.load\s*\((?!.*Loader\s*=\s*yaml\.SafeLoader)|pickle\.loads?|Marshal\.load)/g,
     fileTypes: ['.js', '.ts', '.py', '.rb'],
   },
+  {
+    id: 'badhost-url-confusion',
+    category: 'host-header',
+    severity: 'high',
+    label: 'Potential BadHost-style host or URL confusion in AI service',
+    regex: /\b(?:request\.url(?:\.path)?|url_for\s*\([^)]*_external\s*=\s*True|headers\s*\[\s*['"](?:host|x-forwarded-host)['"]\s*\])/gi,
+    fileTypes: ['.py'],
+  },
 ];
 
 // ---------------------------------------------------------------------------
@@ -231,6 +239,22 @@ function scanCode(content, filePath = '') {
   };
 }
 
+/**
+ * Scan Python / AI-service code for BadHost-style URL and host-header confusion.
+ * This is deliberately narrow and evidence-oriented: it does not claim a CVE,
+ * it flags code that should prove canonical host handling before deployment.
+ * @param {string} content
+ * @param {string} filePath
+ * @returns {{ detected: boolean, findings: Array<Object> }}
+ */
+function scanBadHostExposure(content, filePath = '') {
+  const result = scanCode(content, filePath);
+  return {
+    detected: result.findings.some((finding) => finding.id === 'badhost-url-confusion'),
+    findings: result.findings.filter((finding) => finding.id === 'badhost-url-confusion'),
+  };
+}
+
 /**
  * Scan dependency changes in package.json mutations.
  * @param {string} oldContent - Previous package.json content (empty string if new file)
@@ -503,6 +527,60 @@ function scanGitDiff(diffContent) {
   };
 }
 
+function buildThreatDefensePlaybook(scanResult = {}, options = {}) {
+  const findings = Array.isArray(scanResult.findings)
+    ? scanResult.findings
+    : (scanResult.securityScan && Array.isArray(scanResult.securityScan.findings) ? scanResult.securityScan.findings : []);
+  const critical = findings.filter((finding) => finding.severity === 'critical');
+  const high = findings.filter((finding) => finding.severity === 'high');
+  const categories = Array.from(new Set(findings.map((finding) => finding.category).filter(Boolean)));
+  const hasFindings = findings.length > 0;
+  const hasPatchEvidence = Boolean(options.patchEvidence || options.testEvidence || options.ciEvidence);
+
+  return {
+    name: 'thumbgate-ai-threat-defense-playbook',
+    status: critical.length > 0 ? 'block' : high.length > 0 ? 'remediate' : 'monitor',
+    phases: [
+      {
+        id: 'prepare',
+        action: 'harden-foundation',
+        evidence: ['gate templates enabled', 'protected files configured', 'rollback path documented'],
+        required: true,
+      },
+      {
+        id: 'scan-prioritize',
+        action: hasFindings ? 'prioritize detected security findings by severity and exploit surface' : 'keep posture scan active',
+        evidence: categories.length ? categories : ['clean scan'],
+        required: true,
+      },
+      {
+        id: 'remediate',
+        action: hasFindings ? 'patch, run focused tests, and re-scan before allowing risky agent actions' : 'no remediation required from current scan',
+        evidence: hasPatchEvidence ? ['patch evidence present'] : ['patch diff', 'focused test output', 'repeat scan'],
+        required: hasFindings,
+      },
+      {
+        id: 'monitor',
+        action: 'record audit event and keep continuous detection enabled for future tool calls',
+        evidence: ['audit trail event', 'gate stats', 'review checkpoint'],
+        required: true,
+      },
+    ],
+    priority: {
+      critical: critical.length,
+      high: high.length,
+      total: findings.length,
+      categories,
+    },
+    gateDecision: critical.length > 0 ? 'deny' : high.length > 0 ? 'warn' : 'allow',
+    nextActions: critical.length > 0
+      ? ['Block the action', 'Patch the critical finding', 'Run focused tests', 'Re-scan the diff before retry']
+      : high.length > 0
+        ? ['Warn the operator', 'Create a remediation task', 'Run focused tests', 'Monitor for repeat findings']
+        : ['Keep continuous scan enabled', 'Review checkpoint metrics after the next session'],
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Exports
 // ---------------------------------------------------------------------------
@@ -512,7 +590,9 @@ module.exports = {
   VULN_PATTERNS,
   SUPPLY_CHAIN_PATTERNS,
   scanCode,
+  scanBadHostExposure,
   scanDependencyChange,
   evaluateSecurityScan,
   scanGitDiff,
+  buildThreatDefensePlaybook,
 };