thumbgate 1.26.8 → 1.27.3

package/scripts/parallel-workflow-orchestrator.js

@@ -0,0 +1,293 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { getFeedbackPaths } = require('./feedback-loop');
+const { ensureDir } = require('./fs-utils');
+const { loadOptionalModule } = require('./private-core-boundary');
+
+const launcher = loadOptionalModule(path.join(__dirname, 'hosted-job-launcher'), () => ({
+  launchManagedJob: () => {
+    throw new Error('Managed jobs require ThumbGate-Core.');
+  },
+  resumeHostedJob: () => {
+    throw new Error('Resuming hosted jobs requires ThumbGate-Core.');
+  },
+}));
+
+const runner = loadOptionalModule(path.join(__dirname, 'async-job-runner'), () => ({
+  readJobState: () => null,
+  listJobStates: () => [],
+}));
+
+const { launchManagedJob, resumeHostedJob } = launcher;
+const { readJobState, listJobStates } = runner;
+
+const DEFAULT_CONCURRENCY = 3;
+const POLL_INTERVAL_MS = 200;
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+/**
+ * Dynamically decompose a high-level objective into parallel, specialized subtasks.
+ * Supports rule-based fallback and can be extended to use LLM planning.
+ */
+function planWorkflow(objective) {
+  const obj = (objective || '').toLowerCase().trim();
+  const subtasks = [];
+
+  if (obj.includes('security') || obj.includes('audit') || obj.includes('leak') || obj.includes('secret')) {
+    subtasks.push({
+      name: 'scan_secrets',
+      tags: ['security', 'secret-scanner'],
+      stages: [
+        {
+          name: 'secret_scan',
+          command: 'node scripts/secret-scanner.js --json || true',
+        }
+      ]
+    });
+    subtasks.push({
+      name: 'audit_dependencies',
+      tags: ['security', 'dependencies'],
+      stages: [
+        {
+          name: 'npm_audit',
+          command: 'npm audit --json || true',
+        }
+      ]
+    });
+    subtasks.push({
+      name: 'check_permissions',
+      tags: ['security', 'credentials'],
+      stages: [
+        {
+          name: 'credential_gate_check',
+          command: 'node scripts/single-use-credential-gate.js plan || true',
+        }
+      ]
+    });
+  } else if (obj.includes('performance') || obj.includes('benchmark') || obj.includes('bench')) {
+    subtasks.push({
+      name: 'benchmark_candidates',
+      tags: ['performance', 'bench'],
+      stages: [
+        {
+          name: 'run_bench',
+          command: 'npx thumbgate bench --json --min-score=90 || true',
+        }
+      ]
+    });
+    subtasks.push({
+      name: 'check_budget',
+      tags: ['performance', 'budget'],
+      stages: [
+        {
+          name: 'budget_status',
+          command: 'node scripts/budget-guard.js --status || true',
+        }
+      ]
+    });
+  } else {
+    // Default general-purpose fallback workflow: code search and check integrity
+    subtasks.push({
+      name: 'code_search',
+      tags: ['exploration'],
+      stages: [
+        {
+          name: 'search_fs',
+          command: 'node scripts/filesystem-search.js --query="pretool" --limit=5 || true',
+        }
+      ]
+    });
+    subtasks.push({
+      name: 'check_integrity',
+      tags: ['integrity'],
+      stages: [
+        {
+          name: 'ops_integrity',
+          command: 'node scripts/operational-integrity.js --ci || true',
+        }
+      ]
+    });
+  }
+
+  return {
+    objective,
+    plannedAt: nowIso(),
+    subtasks: subtasks.map((task, idx) => ({
+      ...task,
+      id: `subtask_${Date.now()}_${idx}_${Math.random().toString(36).slice(2, 6)}`,
+      autoImprove: false,
+      verificationMode: 'none',
+      recordFeedback: false,
+    })),
+  };
+}
+
+/**
+ * Execute a list of planned subtasks in parallel, respecting a concurrency limit.
+ * Polls active jobs until all complete, then consolidates the results.
+ */
+async function executeWorkflow(objective, options = {}) {
+  const plan = planWorkflow(objective);
+  const concurrency = Number(options.concurrency) || DEFAULT_CONCURRENCY;
+  const timeoutMs = Number(options.timeoutMs) || 60000; // 60s timeout safety
+
+  const { FEEDBACK_DIR } = getFeedbackPaths();
+  const workflowId = `wf_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+  const workflowDir = path.join(FEEDBACK_DIR, 'workflows', workflowId);
+  ensureDir(workflowDir);
+
+  const activeJobs = new Map();
+  const queue = [...plan.subtasks];
+  const results = [];
+  const start = Date.now();
+
+  const runNext = () => {
+    while (activeJobs.size < concurrency && queue.length > 0) {
+      const task = queue.shift();
+      const launched = launchManagedJob(task, { cwd: options.cwd });
+      activeJobs.set(task.id, {
+        jobId: launched.jobId,
+        taskName: task.name,
+        launchedAt: Date.now(),
+      });
+    }
+  };
+
+  runNext();
+
+  // Polling loop
+  await new Promise((resolve) => {
+    const interval = setInterval(() => {
+      let allDone = true;
+
+      for (const [taskId, info] of activeJobs.entries()) {
+        const jobState = readJobState(info.jobId);
+        if (!jobState) {
+          allDone = false;
+          continue;
+        }
+
+        const isTerminal = ['completed', 'failed', 'cancelled'].includes(jobState.status);
+        if (isTerminal) {
+          results.push({
+            taskId,
+            taskName: info.taskName,
+            jobId: info.jobId,
+            status: jobState.status,
+            context: jobState.currentContext,
+            stageHistory: jobState.stageHistory,
+            lastError: jobState.lastError,
+          });
+          activeJobs.delete(taskId);
+          runNext();
+        } else {
+          allDone = false;
+        }
+      }
+
+      const elapsed = Date.now() - start;
+      if (allDone && queue.length === 0) {
+        clearInterval(interval);
+        resolve();
+      } else if (elapsed >= timeoutMs) {
+        clearInterval(interval);
+        // Timeout remaining active tasks
+        for (const [taskId, info] of activeJobs.entries()) {
+          results.push({
+            taskId,
+            taskName: info.taskName,
+            jobId: info.jobId,
+            status: 'timeout',
+            lastError: { message: `Subtask timed out after ${timeoutMs}ms`, code: 'TIMEOUT' },
+          });
+        }
+        resolve();
+      }
+    }, POLL_INTERVAL_MS);
+  });
+
+  const durationMs = Date.now() - start;
+
+  // Compile final markdown report
+  const reportPath = path.join(workflowDir, 'report.md');
+  const reportContent = compileWorkflowReport(plan, results, durationMs, workflowId);
+  fs.writeFileSync(reportPath, reportContent, 'utf8');
+
+  // Also save the raw execution results JSON
+  const resultsJsonPath = path.join(workflowDir, 'results.json');
+  fs.writeFileSync(resultsJsonPath, JSON.stringify({
+    workflowId,
+    objective,
+    durationMs,
+    plan,
+    results,
+  }, null, 2) + '\n', 'utf8');
+
+  return {
+    workflowId,
+    objective,
+    durationMs,
+    reportPath,
+    results,
+  };
+}
+
+function compileWorkflowReport(plan, results, durationMs, workflowId) {
+  const timestamp = nowIso();
+  const totalSubtasks = plan.subtasks.length;
+  const completed = results.filter((r) => r.status === 'completed').length;
+  const failed = results.filter((r) => r.status === 'failed' || r.status === 'timeout').length;
+
+  let report = `# Dynamic Workflow Execution Report: ${workflowId}\n\n`;
+  report += `**Objective:** ${plan.objective}\n`;
+  report += `**Executed At:** ${timestamp}\n`;
+  report += `**Duration:** ${(durationMs / 1000).toFixed(2)}s\n`;
+  report += `**Status:** ${completed === totalSubtasks ? '✅ SUCCESS' : '⚠️ COMPLETED WITH FAILURES'}\n\n`;
+
+  report += `## Summary\n`;
+  report += `- Total planned subtasks: ${totalSubtasks}\n`;
+  report += `- Completed successfully: ${completed}\n`;
+  report += `- Failed/Timed out: ${failed}\n\n`;
+
+  report += `## Subtask Breakdown\n\n`;
+
+  for (const res of results) {
+    const taskPlan = plan.subtasks.find((t) => t.id === res.taskId) || {};
+    const commandUsed = taskPlan.stages && taskPlan.stages[0] ? taskPlan.stages[0].command : 'N/A';
+    
+    report += `### ✦ Subtask: \`${res.taskName}\`\n`;
+    report += `- **Job ID:** \`${res.jobId}\`\n`;
+    report += `- **Status:** ${res.status === 'completed' ? '✅ COMPLETED' : '❌ ' + res.status.toUpperCase()}\n`;
+    report += `- **Command Run:** \`${commandUsed}\`\n`;
+    
+    if (res.lastError) {
+      report += `- **Error:** \`${res.lastError.message}\` (Code: \`${res.lastError.code}\`)\n`;
+    }
+    
+    if (res.context) {
+      report += `\n**Output Context Preview:**\n\`\`\`json\n`;
+      try {
+        // Try parsing output context as JSON for clean formatting
+        const parsed = JSON.parse(res.context);
+        report += JSON.stringify(parsed, null, 2);
+      } catch {
+        report += res.context.slice(0, 1000) + (res.context.length > 1000 ? '\n... (truncated)' : '');
+      }
+      report += `\n\`\`\`\n`;
+    }
+    report += `\n---\n\n`;
+  }
+
+  return report;
+}
+
+module.exports = {
+  planWorkflow,
+  executeWorkflow,
+  compileWorkflowReport,
+};

package/scripts/plausible-domain-config.js

@@ -0,0 +1,86 @@
+'use strict';
+
+const PRIMARY_PLAUSIBLE_DOMAIN = 'thumbgate.ai';
+const FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN = 'thumbgate-production.up.railway.app';
+
+function splitDomains(value) {
+  return String(value || '')
+    .split(/[\s,]+/)
+    .map((domain) => domain.trim().toLowerCase())
+    .filter(Boolean);
+}
+
+function normalizeDomain(value) {
+  const input = String(value || '').trim();
+  if (!input) return '';
+  try {
+    return new URL(input.includes('://') ? input : `https://${input}`).host.toLowerCase();
+  } catch {
+    return input.replace(/^https?:\/\//i, '').replace(/\/.*$/, '').toLowerCase();
+  }
+}
+
+function getConfiguredRegisteredDomains(env = process.env) {
+  const configured = [
+    ...splitDomains(env.PLAUSIBLE_SITE_ID),
+    ...splitDomains(env.PLAUSIBLE_SITE_IDS),
+    ...splitDomains(env.THUMBGATE_PLAUSIBLE_REGISTERED_DOMAINS),
+    ...splitDomains(env.PLAUSIBLE_REGISTERED_DOMAINS),
+  ].map(normalizeDomain).filter(Boolean);
+
+  return [...new Set([
+    FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN,
+    ...configured,
+  ])];
+}
+
+function isPlausibleDomainRegistered(domain, env = process.env) {
+  const normalized = normalizeDomain(domain);
+  if (!normalized) return false;
+  return getConfiguredRegisteredDomains(env).includes(normalized);
+}
+
+function resolvePlausibleDataDomain({ host = '', env = process.env } = {}) {
+  const explicit = normalizeDomain(env.THUMBGATE_PLAUSIBLE_DOMAIN);
+  if (explicit) return explicit;
+
+  const normalizedHost = normalizeDomain(host);
+  if (isPlausibleDomainRegistered(normalizedHost, env)) {
+    return normalizedHost;
+  }
+
+  return FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN;
+}
+
+function analyzePlausibleDomainCoverage({
+  emittedDomains = [],
+  registeredDomains = [],
+  primaryDomain = PRIMARY_PLAUSIBLE_DOMAIN,
+} = {}) {
+  const emitted = [...new Set(emittedDomains.map(normalizeDomain).filter(Boolean))];
+  const registered = [...new Set(registeredDomains.map(normalizeDomain).filter(Boolean))];
+  const registeredSet = new Set(registered);
+  const missingEmittedDomains = emitted.filter((domain) => !registeredSet.has(domain));
+  const primaryRegistered = registeredSet.has(normalizeDomain(primaryDomain));
+
+  return {
+    ok: missingEmittedDomains.length === 0 && primaryRegistered,
+    emittedDomains: emitted,
+    registeredDomains: registered,
+    missingEmittedDomains,
+    primaryDomain: normalizeDomain(primaryDomain),
+    primaryRegistered,
+    severity: missingEmittedDomains.length > 0 || !primaryRegistered ? 'critical' : 'ok',
+  };
+}
+
+module.exports = {
+  PRIMARY_PLAUSIBLE_DOMAIN,
+  FALLBACK_REGISTERED_PLAUSIBLE_DOMAIN,
+  splitDomains,
+  normalizeDomain,
+  getConfiguredRegisteredDomains,
+  isPlausibleDomainRegistered,
+  resolvePlausibleDataDomain,
+  analyzePlausibleDomainCoverage,
+};

package/scripts/plausible-server-events.js

@@ -24,8 +24,10 @@
  */
 
 const https = require('node:https');
+const {
+  resolvePlausibleDataDomain,
+} = require('./plausible-domain-config');
 
-const DEFAULT_PLAUSIBLE_DOMAIN = 'thumbgate.ai';
 const PLAUSIBLE_ENDPOINT = 'https://plausible.io/api/event';
 const REQUEST_TIMEOUT_MS = 2_000;
 
@@ -40,7 +42,7 @@ function isPlausibleDisabled() {
 }
 
 function getPlausibleDomain() {
-  return process.env.THUMBGATE_PLAUSIBLE_DOMAIN || DEFAULT_PLAUSIBLE_DOMAIN;
+  return resolvePlausibleDataDomain();
 }
 
 /**

package/scripts/proxy-pointer-rag-guardrails.js

@@ -39,9 +39,23 @@ function normalizeOptions(options = {}) {
     ...splitCsv(options.documents),
     ...splitCsv(options['document-ids']),
   ]);
+  const sourcePointers = unique([
+    ...splitCsv(options['source-pointers']),
+    ...splitCsv(options.pointers),
+    ...splitCsv(options.sources),
+  ]);
   const candidateImages = Number.isFinite(Number(options['candidate-images']))
     ? Number(options['candidate-images'])
     : null;
+  const extractedEntities = Number.isFinite(Number(options['extracted-entities']))
+    ? Number(options['extracted-entities'])
+    : 0;
+  const extractedRelations = Number.isFinite(Number(options['extracted-relations']))
+    ? Number(options['extracted-relations'])
+    : 0;
+  const promotionThreshold = Number.isFinite(Number(options['promotion-threshold']))
+    ? Number(options['promotion-threshold'])
+    : 3;
 
   return {
     ragTool: String(options['rag-tool'] || options.tool || 'proxy-pointer-rag').trim() || 'proxy-pointer-rag',
@@ -49,10 +63,15 @@ function normalizeOptions(options = {}) {
     sectionIds,
     imagePointers,
     documentIds,
+    sourcePointers,
     candidateImages,
+    extractedEntities,
+    extractedRelations,
+    promotionThreshold,
     crossDocumentPolicy: String(options['cross-doc-policy'] || options['cross-document-policy'] || '').trim().toLowerCase(),
     visionFilter: normalizeBoolean(options['vision-filter']),
     visualClaims: normalizeBoolean(options['visual-claims']),
+    pointerFirst: normalizeBoolean(options['pointer-first']) || normalizeBoolean(options['proxy-pointer']),
   };
 }
 
@@ -72,6 +91,14 @@ function gateApplicability(template, options) {
   return false;
 }
 
+function hasExtractionSprawl(options) {
+  const extractedFacts = options.extractedEntities + options.extractedRelations;
+  if (extractedFacts === 0) return false;
+  if (options.pointerFirst) return true;
+  if (options.sourcePointers.length === 0) return true;
+  return extractedFacts > options.sourcePointers.length * Math.max(2, options.promotionThreshold);
+}
+
 function buildSignalSummary(options) {
   const signals = [];
   if (options.treePath || options.sectionIds.length > 0) {
@@ -110,6 +137,19 @@ function buildSignalSummary(options) {
       risk: 'answers that describe image content may need a vision-model sanity check',
     });
   }
+  if (hasExtractionSprawl(options)) {
+    signals.push({
+      id: 'entity_relation_sprawl',
+      label: 'Entity/relation extraction sprawl',
+      values: unique([
+        `${options.extractedEntities} extracted entities`,
+        `${options.extractedRelations} extracted relations`,
+        `${options.sourcePointers.length} source pointers`,
+        `promotion threshold ${options.promotionThreshold}`,
+      ]),
+      risk: 'eager graph extraction can create stale aliases, weak edges, and unauditable memory; keep source pointers first and promote relations only after repeated retrieval value',
+    });
+  }
   return signals;
 }
 
@@ -139,11 +179,12 @@ function buildProxyPointerRagGuardrailsPlan(rawOptions = {}, templatesPath) {
     templates: recommendedTemplates,
     nextActions: [
       'Preserve document hierarchy, section IDs, and image file paths during ingestion.',
+      'Store source pointers before extracting entities or relations; promote a relation only after repeated retrieval value and source verification.',
       'Pass section-tree and image-pointer metadata into the agent before it answers with visuals.',
       'Enable the recommended Document RAG Safety templates as pre-action gates.',
       'Use a vision filter only for high-impact answers that make claims about visual content.',
     ],
-    exampleCommand: 'npx thumbgate proxy-pointer-rag-guardrails --tree-path=.rag/tree.json --image-pointers=paper-1/figures/fig2.png --documents=paper-1 --visual-claims --json',
+    exampleCommand: 'npx thumbgate proxy-pointer-rag-guardrails --tree-path=.rag/tree.json --source-pointers=lesson/fb_123,tool/run_456 --extracted-entities=120 --extracted-relations=80 --pointer-first --json',
   };
 }
 

package/scripts/qa-scenario-planner.js

@@ -0,0 +1,136 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+
+const RUNTIME_PATTERNS = [
+  { pattern: /^public\/.*\.(html|css|js)$/i, surface: 'browser', reason: 'public UI asset changed' },
+  { pattern: /^src\/api\//i, surface: 'api', reason: 'API route or server behavior changed' },
+  { pattern: /^bin\//i, surface: 'cli', reason: 'CLI entrypoint changed' },
+  { pattern: /^scripts\/(dashboard|pro-local-dashboard|.*gate|.*scanner|.*reward|.*routing).*\.js$/i, surface: 'agent-runtime', reason: 'agent runtime or gate behavior changed' },
+  { pattern: /^adapters\//i, surface: 'agent-adapter', reason: 'agent adapter changed' },
+  { pattern: /^plugins\//i, surface: 'plugin', reason: 'plugin install path changed' },
+  { pattern: /^package\.json$/i, surface: 'package', reason: 'package manifest changed' },
+];
+
+const SKIP_PATTERNS = [
+  /^README\.md$/i,
+  /^docs\//i,
+  /^reports\//i,
+  /^proof\//i,
+  /^tests\/.*\.test\.js$/i,
+  /^\.claude\/implementation-notes\//i,
+];
+
+function normalizeFiles(files = []) {
+  return Array.from(new Set(files
+    .map((file) => String(file || '').trim().replace(/^\.?\//, ''))
+    .filter(Boolean)));
+}
+
+function classifyFile(file) {
+  for (const entry of RUNTIME_PATTERNS) {
+    if (entry.pattern.test(file)) return { ...entry, file };
+  }
+  for (const pattern of SKIP_PATTERNS) {
+    if (pattern.test(file)) return { surface: 'skip', reason: 'no runtime impact', file };
+  }
+  return { surface: 'focused', reason: 'unknown runtime impact; run focused checks', file };
+}
+
+function parseChangedFilesFromDiff(diff = '') {
+  const files = [];
+  for (const line of String(diff || '').split('\n')) {
+    const match = line.match(/^diff --git a\/(.+?) b\/(.+)$/);
+    if (match) files.push(match[2]);
+  }
+  return normalizeFiles(files);
+}
+
+function planQaScenario(input = {}) {
+  const files = normalizeFiles(input.files || parseChangedFilesFromDiff(input.diff || ''));
+  const classifications = files.map(classifyFile);
+  const surfaces = Array.from(new Set(classifications.map((entry) => entry.surface)));
+  const runtimeChanges = classifications.filter((entry) => entry.surface !== 'skip');
+  const skipOnly = files.length > 0 && runtimeChanges.length === 0;
+
+  const recommendedRunner = chooseRunner(surfaces, input);
+  const userScenario = buildUserScenario(runtimeChanges, input);
+  return {
+    name: 'thumbgate-user-impact-qa-scenario',
+    status: skipOnly ? 'skip' : 'actionable',
+    files,
+    classifications,
+    recommendedRunner,
+    userScenario,
+    commands: buildCommands(recommendedRunner, runtimeChanges),
+    regressionPolicy: skipOnly
+      ? 'skip durable QA; no runtime-impact files changed'
+      : 'if the QA agent finds a deterministic failure, convert it into a focused regression test before opening a fix PR',
+    transientFailurePolicy: 'doctor the browser/computer-use runner once, retry once, then label as infrastructure-flaky instead of product-regression',
+  };
+}
+
+function chooseRunner(surfaces, input = {}) {
+  if (input.forceComputerUse || surfaces.includes('plugin') || surfaces.includes('agent-adapter')) return 'computer-use-qa';
+  if (surfaces.includes('browser') || surfaces.includes('api')) return 'browser-qa';
+  if (surfaces.includes('cli') || surfaces.includes('agent-runtime') || surfaces.includes('package')) return 'focused-node-qa';
+  if (surfaces.every((surface) => surface === 'skip')) return 'skip';
+  return 'focused-node-qa';
+}
+
+function buildUserScenario(runtimeChanges, input = {}) {
+  if (runtimeChanges.length === 0) return 'No user-impact scenario required; changed files are docs, tests, reports, or proof artifacts only.';
+  const surfaces = Array.from(new Set(runtimeChanges.map((entry) => entry.surface)));
+  if (surfaces.includes('browser') || surfaces.includes('api')) {
+    return 'Open the affected page as a user, perform the primary CTA or dashboard action, verify visible state changes, then check the related API response.';
+  }
+  if (surfaces.includes('plugin') || surfaces.includes('agent-adapter')) {
+    return 'Install or reload the affected agent integration, run one thumbs-up and one thumbs-down capture, then verify the next risky action is gated.';
+  }
+  if (surfaces.includes('cli')) {
+    return 'Run the changed CLI command with --help and one realistic command path, then verify exit code, JSON output, and no stale command copy.';
+  }
+  return input.scenario || 'Run the focused test for the changed runtime surface, then verify the behavior with one realistic operator workflow.';
+}
+
+function buildCommands(runner, runtimeChanges) {
+  if (runner === 'skip') return [];
+  const commands = ['npm test -- --test-concurrency=1'];
+  if (runner === 'browser-qa') commands.push('npx playwright test tests/e2e --project=chromium');
+  if (runner === 'computer-use-qa') commands.push('node scripts/qa-scenario-planner.js --doctor-runner');
+  if (runtimeChanges.some((entry) => entry.surface === 'package')) commands.push('npm pack --dry-run');
+  return commands;
+}
+
+function parseArgs(argv = process.argv.slice(2)) {
+  const args = {};
+  for (const arg of argv) {
+    if (arg === '--json') args.json = true;
+    else if (arg === '--doctor-runner') args.doctorRunner = true;
+    else if (arg.startsWith('--files=')) args.files = arg.slice('--files='.length).split(',');
+    else if (arg.startsWith('--diff-file=')) args.diff = fs.readFileSync(arg.slice('--diff-file='.length), 'utf8');
+    else if (arg.startsWith('--scenario=')) args.scenario = arg.slice('--scenario='.length);
+  }
+  return args;
+}
+
+if (require.main === module) {
+  const args = parseArgs();
+  if (args.doctorRunner) {
+    console.log('QA runner doctor: verify browser/computer-use target, screenshot capture, and network reachability before blaming product code.');
+    process.exit(0);
+  }
+  const report = planQaScenario(args);
+  if (args.json) console.log(JSON.stringify(report, null, 2));
+  else {
+    console.log(`${report.status.toUpperCase()}: ${report.userScenario}`);
+    for (const command of report.commands) console.log(`- ${command}`);
+  }
+}
+
+module.exports = {
+  classifyFile,
+  parseChangedFilesFromDiff,
+  planQaScenario,
+};

package/scripts/rate-limiter.js

@@ -6,7 +6,7 @@ const path = require('path');
 const {
   PRO_MONTHLY_PAYMENT_LINK,
   PRO_PRICE_LABEL,
-  TEAM_PRICE_LABEL,
+  ENTERPRISE_PRICE_LABEL,
 } = require('./commercial-offer');
 
 const USAGE_FILE = path.join(process.env.HOME || '/tmp', '.thumbgate', 'usage-limits.json');
@@ -31,7 +31,7 @@ const FREE_TIER_LIMITS = {
 const FREE_TIER_MAX_GATES = 3; // 3 active prevention rules on free; Pro is unlimited
 const FREE_TIER_DAILY_BLOCKS = 3; // 3 gate blocks/day on free; after limit, deny → warn + upgrade CTA
 
-const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
+const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Enterprise: ${ENTERPRISE_PRICE_LABEL} after workflow qualification.`;
 
 const PAYWALL_MESSAGES = {
   capture_feedback: 'Free tier: 5 captures/day (25 total). Your feedback is stored locally — upgrade to capture unlimited.',