thumbgate 1.27.11 → 1.27.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/.well-known/llms.txt +2 -1
- package/.well-known/mcp/server-card.json +1 -1
- package/README.md +2 -4
- package/adapters/claude/.mcp.json +2 -2
- package/adapters/mcp/server-stdio.js +1 -1
- package/adapters/opencode/opencode.json +1 -1
- package/adapters/policy-engine/ethicore-guardian-client.js +68 -0
- package/adapters/policy-engine/thumbgate-policy-engine-adapter.js +260 -0
- package/bin/cli.js +78 -259
- package/config/builtin-lessons.json +23 -0
- package/config/gate-templates.json +0 -228
- package/config/gates/claim-verification.json +0 -18
- package/package.json +35 -25
- package/public/assets/brand/thumbgate-logo-transparent.svg +22 -0
- package/public/assets/brand/thumbgate-mark-inline-v3.svg +19 -0
- package/public/assets/brand/thumbgate-mark.svg +11 -5
- package/public/blog.html +0 -30
- package/public/brand/thumbgate-mark.svg +9 -5
- package/public/chatgpt-app.html +2 -2
- package/public/compare.html +2 -1
- package/public/dashboard.html +1 -1
- package/public/federal.html +1 -1
- package/public/index.html +95 -216
- package/public/learn.html +59 -35
- package/public/lessons.html +1 -1
- package/public/numbers.html +2 -2
- package/public/pro.html +7 -7
- package/scripts/aws-blocks-guardrails.js +228 -0
- package/scripts/cli-schema.js +22 -10
- package/scripts/dashboard-chat.js +2 -1
- package/scripts/document-intake.js +1 -49
- package/scripts/durability/step.js +3 -3
- package/scripts/gate-stats.js +5 -11
- package/scripts/gemini-embedding-policy.js +2 -1
- package/scripts/hook-stop-anti-claim.js +116 -184
- package/scripts/hosted-config.js +0 -12
- package/scripts/llm-client.js +187 -5
- package/scripts/plausible-domain-config.js +3 -1
- package/scripts/seo-gsd.js +240 -1
- package/scripts/tool-registry.js +2 -2
- package/scripts/vector-store.js +44 -0
- package/scripts/workspace-evolver.js +62 -2
- package/src/api/server.js +340 -131
- package/public/assets/brand/thumbgate-mark-inline.svg +0 -15
- package/public/compare/adopt-ai.html +0 -219
- package/public/compare/agentix-labs.html +0 -197
- package/public/compare/ai-experience-orchestration.html +0 -216
- package/public/compare/anthropic-claude-for-legal.html +0 -260
- package/public/compare/anthropic-containment.html +0 -280
- package/public/compare/arcade.html +0 -175
- package/public/compare/arcjet.html +0 -239
- package/public/compare/bumblebee.html +0 -307
- package/public/compare/claude-code-hooks.html +0 -294
- package/public/compare/databricks-unity-ai-gateway.html +0 -215
- package/public/compare/fallow.html +0 -351
- package/public/compare/heidi.html +0 -233
- package/public/compare/mem0.html +0 -342
- package/public/compare/oak-and-sparrow-gatekeeper.html +0 -289
- package/public/compare/rein.html +0 -236
- package/public/compare/sigmashake.html +0 -256
- package/public/compare/speclock.html +0 -342
- package/public/guides/agent-harness-optimization.html +0 -342
- package/public/guides/agentic-web-governance.html +0 -406
- package/public/guides/ai-agent-governance-sprint.html +0 -415
- package/public/guides/ai-agent-pre-action-approval-gates.html +0 -401
- package/public/guides/ai-agent-workflow-migration-checklist.html +0 -392
- package/public/guides/ai-deployment-readiness.html +0 -415
- package/public/guides/ai-mode-ads-agent-governance.html +0 -401
- package/public/guides/ai-search-topical-presence.html +0 -342
- package/public/guides/autoresearch-agent-safety.html +0 -342
- package/public/guides/background-agent-governance.html +0 -358
- package/public/guides/best-tools-stop-ai-agents-breaking-production.html +0 -363
- package/public/guides/browser-automation-safety.html +0 -342
- package/public/guides/chatgpt-ads-trust.html +0 -353
- package/public/guides/claude-code-feedback.html +0 -339
- package/public/guides/claude-code-prevent-repeated-mistakes.html +0 -161
- package/public/guides/claude-code-skills-guardrails.html +0 -343
- package/public/guides/claude-desktop.html +0 -356
- package/public/guides/code-knowledge-graph-guardrails.html +0 -365
- package/public/guides/codex-cli-guardrails.html +0 -339
- package/public/guides/cursor-agent-guardrails.html +0 -339
- package/public/guides/cursor-prevent-repeated-mistakes.html +0 -161
- package/public/guides/database-agent-safety.html +0 -406
- package/public/guides/deepseek-v4-runtime-guardrails.html +0 -346
- package/public/guides/developer-machine-supply-chain-guardrails.html +0 -358
- package/public/guides/gcp-mcp-guardrails.html +0 -147
- package/public/guides/gemini-cli-feedback-memory.html +0 -339
- package/public/guides/gpt-5-5-model-evaluation.html +0 -358
- package/public/guides/internal-ai-engineering-stack-guardrails.html +0 -348
- package/public/guides/long-running-agent-context-management.html +0 -346
- package/public/guides/mcp-tool-governance.html +0 -401
- package/public/guides/multica-thumbgate-setup.html +0 -134
- package/public/guides/native-messaging-host-security.html +0 -342
- package/public/guides/policy-engine-pre-action-gates.html +0 -346
- package/public/guides/pre-action-checks.html +0 -342
- package/public/guides/pretooluse-hooks-vs-advisory-prompt-rules.html +0 -342
- package/public/guides/prompt-tricks-to-workflow-rules.html +0 -365
- package/public/guides/proxy-pointer-rag-guardrails.html +0 -352
- package/public/guides/rag-precision-tuning-guardrails.html +0 -352
- package/public/guides/reasoning-compression-guardrails.html +0 -346
- package/public/guides/relational-knowledge-ai-recommendations.html +0 -342
- package/public/guides/roo-code-alternative-cline.html +0 -339
- package/public/guides/semantic-programmatic-seo-guardrails.html +0 -352
- package/public/guides/seo-agent-skills-guardrails.html +0 -344
- package/public/guides/stop-repeated-ai-agent-mistakes.html +0 -342
- package/public/learn/ac-dc-runtime-enforcement.html +0 -277
- package/public/learn/agent-harness-pattern.html +0 -181
- package/public/learn/agent-identity-connector-governance.html +0 -146
- package/public/learn/agent-swarms-shared-gates.html +0 -173
- package/public/learn/agentic-enterprise-context-brain.html +0 -117
- package/public/learn/agentic-os-team-governance.html +0 -146
- package/public/learn/ai-agent-governance.html +0 -158
- package/public/learn/ai-agent-persistent-memory.html +0 -211
- package/public/learn/anthropomorphic-claim-gates.html +0 -180
- package/public/learn/background-agent-control-layer.html +0 -184
- package/public/learn/claude-code-goal-with-rubrics.html +0 -205
- package/public/learn/codex-role-plugins-need-governance.html +0 -125
- package/public/learn/cost-aware-agent-gate-routing.html +0 -173
- package/public/learn/databricks-unity-ai-gateway-runtime-governance.html +0 -157
- package/public/learn/deterministic-agent-workflows.html +0 -185
- package/public/learn/feedback-loop-vs-decision-layer.html +0 -283
- package/public/learn/from-prototype-to-production.html +0 -223
- package/public/learn/learn.css +0 -51
- package/public/learn/mcp-pre-action-checks-explained.html +0 -172
- package/public/learn/pretix-stripe-connect-marketplaces.html +0 -161
- package/public/learn/regulated-agent-execution-boundary.html +0 -196
- package/public/learn/spec-driven-development.html +0 -168
- package/public/learn/stop-ai-agent-force-push.html +0 -134
- package/public/learn/vibe-coding-safety-net.html +0 -142
- package/scripts/reddit-browser-notification-watch.js +0 -230
|
@@ -37,18 +37,6 @@
|
|
|
37
37
|
"roi": "Raises trust in autonomous runs and reduces manual re-checking.",
|
|
38
38
|
"rollout": "Use for every workflow where proof matters more than speed."
|
|
39
39
|
},
|
|
40
|
-
{
|
|
41
|
-
"id": "block-empty-positive-feedback-closeout",
|
|
42
|
-
"name": "Block empty closeouts after positive feedback",
|
|
43
|
-
"category": "Agent Honesty",
|
|
44
|
-
"signal": "👍",
|
|
45
|
-
"defaultAction": "block",
|
|
46
|
-
"severity": "medium",
|
|
47
|
-
"pattern": "positive_feedback_followed_by_low_value_social_closeout",
|
|
48
|
-
"problem": "Prevents agents from treating thumbs-up or thanks as permission to send filler instead of staying quiet, showing a compact evidence checkpoint, or naming the next state.",
|
|
49
|
-
"roi": "Turns positive feedback into better operational discipline instead of extra conversational noise.",
|
|
50
|
-
"rollout": "Enable on conversational Stop hooks for autonomous operators, CEO loops, release closeouts, and evidence-sensitive client work."
|
|
51
|
-
},
|
|
52
40
|
{
|
|
53
41
|
"id": "protect-production-sql",
|
|
54
42
|
"name": "Protect production SQL",
|
|
@@ -589,198 +577,6 @@
|
|
|
589
577
|
"roi": "Critical for compliance, forensics, and feedback loops. Enables proper capture of agent-specific lessons and prevention rules. Matches industry push (Okta, etc.).",
|
|
590
578
|
"rollout": "Block any claw or autonomous agent action that authenticates as a human user. Require dedicated agent service accounts / identities with scoped permissions."
|
|
591
579
|
},
|
|
592
|
-
{
|
|
593
|
-
"id": "require-agent-identity-inventory",
|
|
594
|
-
"name": "Require agent identity inventory before privileged action",
|
|
595
|
-
"category": "Agent Identity Governance",
|
|
596
|
-
"signal": "👎",
|
|
597
|
-
"defaultAction": "block",
|
|
598
|
-
"severity": "critical",
|
|
599
|
-
"pattern": "(agent|assistant|ai).*(credential|service account|identity|permission|access|owner|invoker).*(unknown|missing|unmapped|unreviewed|not inventoried|broad|admin)",
|
|
600
|
-
"problem": "Agents become privileged identities when they connect to Salesforce, Snowflake, GitHub, Jira, production databases, cloud environments, and MCP connectors. Broad or unknown identity scope turns them into invisible attack paths.",
|
|
601
|
-
"roi": "High: one inventory gate creates the evidence buyers need for owner, invoker, credentials, connected systems, and read/write/delete/execute permissions before the agent acts.",
|
|
602
|
-
"rollout": "Require an identity inventory receipt before privileged agent actions. Start with GitHub, Jira, Slack, Salesforce, Snowflake, cloud, database, and payment connectors."
|
|
603
|
-
},
|
|
604
|
-
{
|
|
605
|
-
"id": "enforce-agent-purpose-permission-match",
|
|
606
|
-
"name": "Enforce agent purpose-permission match",
|
|
607
|
-
"category": "Agent Identity Governance",
|
|
608
|
-
"signal": "👎",
|
|
609
|
-
"defaultAction": "block",
|
|
610
|
-
"severity": "critical",
|
|
611
|
-
"pattern": "(agent|assistant|ai).*(purpose|intended use|job|scope).*(permission|access|write|delete|execute|admin).*(mismatch|exceeds|too broad|outside|unneeded)",
|
|
612
|
-
"problem": "Permission-only governance is not enough for agents. A sales-prep agent may need read-only CRM access; it should not delete records, create privileged users, or mutate production systems.",
|
|
613
|
-
"roi": "High: maps agent purpose to allowed verbs so scope creep is caught before a connector or service account becomes a lateral movement path.",
|
|
614
|
-
"rollout": "Define one purpose statement per agent and map it to read/write/delete/execute permissions. Warn first for read actions, block write/delete/execute outside purpose."
|
|
615
|
-
},
|
|
616
|
-
{
|
|
617
|
-
"id": "block-connector-toolpack-scope-drift",
|
|
618
|
-
"name": "Block connector Tool Pack scope drift",
|
|
619
|
-
"category": "Agent Identity Governance",
|
|
620
|
-
"signal": "👎",
|
|
621
|
-
"defaultAction": "block",
|
|
622
|
-
"severity": "high",
|
|
623
|
-
"pattern": "(mcp|connector|tool pack|toolpack|remote mcp|agent handler|mcp gateway).*(add|enable|import|authenticate|connect).*(tool|connector|system|scope|permission).*(without|unreviewed|missing|no).*(owner|purpose|dlp|audit|approval|inventory)",
|
|
624
|
-
"problem": "Production MCP connector platforms make it easy to add hundreds of tools. The risk is scope drift: agents see tools they do not need, or connectors become authenticated without owner, DLP, audit, and purpose receipts.",
|
|
625
|
-
"roi": "High: keeps Merge Agent Handler, Glean MCP Gateway, and raw MCP tool packs in the same governance lane as local tools.",
|
|
626
|
-
"rollout": "Require owner, purpose, allowed tools, auth identity, DLP/logging mode, and audit receipt before adding or importing connector tool packs."
|
|
627
|
-
},
|
|
628
|
-
{
|
|
629
|
-
"id": "require-agent-access-review-freshness",
|
|
630
|
-
"name": "Require continuous agent access review freshness",
|
|
631
|
-
"category": "Agent Identity Governance",
|
|
632
|
-
"signal": "👎",
|
|
633
|
-
"defaultAction": "warn",
|
|
634
|
-
"severity": "high",
|
|
635
|
-
"pattern": "(agent|assistant|ai).*(access review|permission review|identity review|connector review).*(stale|expired|older than|not current|point-in-time)",
|
|
636
|
-
"problem": "Agent instructions, users, credentials, integrations, and tool scopes drift over time. A one-time access review becomes false confidence.",
|
|
637
|
-
"roi": "Medium-high: protects buyers from slow permission creep without forcing every low-risk action through a hard block.",
|
|
638
|
-
"rollout": "Set review freshness windows by connector risk tier. Promote stale high-risk write/delete/execute surfaces from warn to block."
|
|
639
|
-
},
|
|
640
|
-
{
|
|
641
|
-
"id": "block-shadow-agent-without-registration",
|
|
642
|
-
"name": "Block shadow agent without registration",
|
|
643
|
-
"category": "Agent Identity Governance",
|
|
644
|
-
"signal": "👎",
|
|
645
|
-
"defaultAction": "block",
|
|
646
|
-
"severity": "critical",
|
|
647
|
-
"pattern": "(agent|assistant|ai|mcp server|remote mcp).*(unregistered|shadow ai|unknown owner|not in control plane|not inventoried|unapproved).*(connect|authenticate|tool|credential|system|app)",
|
|
648
|
-
"problem": "Shadow AI agents and unregistered MCP servers bypass identity teams, control planes, and lifecycle reviews while still reaching real business systems.",
|
|
649
|
-
"roi": "High: catches the exact compliance failure Okta highlights — agents acting before registration, owner, and lifecycle controls exist.",
|
|
650
|
-
"rollout": "Block privileged tool calls from unregistered agents. Require registration, owner, purpose, credential source, and lifecycle policy before allowing write/delete/execute tools."
|
|
651
|
-
},
|
|
652
|
-
{
|
|
653
|
-
"id": "require-vaulted-agent-token",
|
|
654
|
-
"name": "Require vaulted agent token before connector use",
|
|
655
|
-
"category": "Agent Identity Governance",
|
|
656
|
-
"signal": "👎",
|
|
657
|
-
"defaultAction": "block",
|
|
658
|
-
"severity": "critical",
|
|
659
|
-
"pattern": "(agent|assistant|ai|connector|mcp).*(token|api[_-]?key|credential|secret).*(raw|plaintext|env|hardcoded|unvaulted|not vaulted|local file)",
|
|
660
|
-
"problem": "Agents using raw or hardcoded connector credentials bypass token vaulting, fine-grained authorization, revocation, and audit controls.",
|
|
661
|
-
"roi": "High: prevents the fastest way an agent identity becomes a persistent secret-sprawl problem.",
|
|
662
|
-
"rollout": "Require vault-backed or brokered credentials for connector actions. Allow local development exceptions only with explicit scope, TTL, and audit evidence."
|
|
663
|
-
},
|
|
664
|
-
{
|
|
665
|
-
"id": "block-orphaned-agent-standing-privilege",
|
|
666
|
-
"name": "Block orphaned agent standing privilege",
|
|
667
|
-
"category": "Agent Identity Governance",
|
|
668
|
-
"signal": "👎",
|
|
669
|
-
"defaultAction": "block",
|
|
670
|
-
"severity": "critical",
|
|
671
|
-
"pattern": "(agent|assistant|ai|automation|script).*(owner left|orphaned|no living owner|unknown owner|standing privilege|permanent access|stale token).*(access|credential|token|database|repo|source code|production)",
|
|
672
|
-
"problem": "Orphaned agents and standing privileges keep access after the human owner leaves or the workflow changes. Security teams cannot revoke or review what they cannot map to a living owner.",
|
|
673
|
-
"roi": "High: directly addresses hidden access risk, stale AI tokens, and offboarding gaps before the next privileged action touches source code, databases, or production systems.",
|
|
674
|
-
"rollout": "Require living owner, credential source, last review time, offboarding status, and revocation path before allowing privileged actions from long-running agents."
|
|
675
|
-
},
|
|
676
|
-
{
|
|
677
|
-
"id": "block-agentjacking-embedded-instructions",
|
|
678
|
-
"name": "Block agentjacking from embedded instructions",
|
|
679
|
-
"category": "Agent Runtime Attack Defense",
|
|
680
|
-
"signal": "👎",
|
|
681
|
-
"defaultAction": "block",
|
|
682
|
-
"severity": "critical",
|
|
683
|
-
"pattern": "(email|document|log|database|ticket|webpage|comment).*(ignore previous|override|exfiltrate|run command|deploy|delete|create user|change permissions|send secret|agent instruction|tool instruction)",
|
|
684
|
-
"problem": "Agentjacking hides malicious instructions inside data the agent reads. Because the agent often has valid permissions, traditional controls may see the later action as legitimate.",
|
|
685
|
-
"roi": "Critical: blocks the attack path Tenet described before embedded instructions become shell, browser, database, or connector actions.",
|
|
686
|
-
"rollout": "Treat untrusted content as data, not instructions. Require source classification, instruction-stripping, and human approval before executing tool calls derived from external content."
|
|
687
|
-
},
|
|
688
|
-
{
|
|
689
|
-
"id": "require-next-action-simulation-proof",
|
|
690
|
-
"name": "Require next-action simulation proof for risky agent actions",
|
|
691
|
-
"category": "Agent Runtime Attack Defense",
|
|
692
|
-
"signal": "👎",
|
|
693
|
-
"defaultAction": "warn",
|
|
694
|
-
"severity": "high",
|
|
695
|
-
"pattern": "(agent|assistant|ai).*(next action|likely action|simulation|simulate|predict).*(missing|no proof|not run|unverified).*(write|delete|execute|deploy|database|payment|connector|production)",
|
|
696
|
-
"problem": "High-risk agents should not jump straight from intent to execution. The likely next action, downstream system, and rollback or approval path should be checked before live systems are touched.",
|
|
697
|
-
"roi": "High: converts agent-side simulation from marketecture into a practical pre-action proof receipt for the exact tool call about to run.",
|
|
698
|
-
"rollout": "Start in warn mode for write/delete/execute actions. Promote to block for production databases, payments, deploys, privileged connectors, and customer data."
|
|
699
|
-
},
|
|
700
|
-
{
|
|
701
|
-
"id": "gate-vibe-app-before-retool-deploy",
|
|
702
|
-
"name": "Gate vibe-coded app before Retool deployment",
|
|
703
|
-
"category": "AI-Built App Deployment Governance",
|
|
704
|
-
"signal": "👎",
|
|
705
|
-
"defaultAction": "block",
|
|
706
|
-
"severity": "high",
|
|
707
|
-
"pattern": "(retool|app builder|mcp|claude code|cursor|codex|chatgpt|kiro|react import|zip import).*(deploy|ship|sync|production data|go live).*(without|missing|no).*(auth|rbac|audit|permission|data source|owner|test)",
|
|
708
|
-
"problem": "Retool and similar platforms make AI-built internal apps easy to import and deploy into governed environments. The gap is proving the generated app's data writes, owners, tests, and permission model before it reaches production data.",
|
|
709
|
-
"roi": "High: positions ThumbGate as the pre-deploy enforcement layer for AI-built apps that later inherit Retool auth, RBAC, audit logs, and resource permissions.",
|
|
710
|
-
"rollout": "Require owner, data sources, write actions, auth/RBAC mapping, audit logging, smoke test, and rollback receipt before AI-generated apps are deployed or imported."
|
|
711
|
-
},
|
|
712
|
-
{
|
|
713
|
-
"id": "require-implicit-rule-capture",
|
|
714
|
-
"name": "Require implicit organizational rule capture",
|
|
715
|
-
"category": "Organizational Rule Governance",
|
|
716
|
-
"signal": "👎",
|
|
717
|
-
"defaultAction": "warn",
|
|
718
|
-
"severity": "high",
|
|
719
|
-
"pattern": "(agent|assistant|ai).*(workflow|process|approval|routing|handoff|client|customer|beneficiary|finance|legal).*(implicit rule|tribal knowledge|unwritten rule|exception|relationship context|special handling|not documented|outside formal system)",
|
|
720
|
-
"problem": "Agentic systems fail when formal workflow steps are correct but unwritten organizational judgment is missing. Important exceptions, relationship context, and escalation norms often live outside process docs.",
|
|
721
|
-
"roi": "High: turns HBR's implicit-rule warning into a capture gate so hidden operating knowledge becomes explicit, reviewable, and enforceable before automation scales it.",
|
|
722
|
-
"rollout": "Start with warn mode on client, finance, legal, healthcare, HR, and beneficiary workflows. Promote repeated implicit-rule misses into named pre-action checks."
|
|
723
|
-
},
|
|
724
|
-
{
|
|
725
|
-
"id": "require-self-improvement-regression-proof",
|
|
726
|
-
"name": "Require regression proof before self-improving harness changes",
|
|
727
|
-
"category": "Self-Improving Agent Release Governance",
|
|
728
|
-
"signal": "👎",
|
|
729
|
-
"defaultAction": "block",
|
|
730
|
-
"severity": "high",
|
|
731
|
-
"pattern": "(self[- ]?improv|auto[- ]?improv|harness|model|agent runtime|agent product).*(ship|release|update|change|optimize|promote).*(without|missing|no).*(regression|eval|rollback|proof|baseline|canary)",
|
|
732
|
-
"problem": "If AI products, harnesses, and models start shipping faster because limited self-improvement works, unverified harness updates can regress safety faster too.",
|
|
733
|
-
"roi": "High: protects the exact cadence shift Mollick highlighted by requiring eval baselines, canaries, rollback, and proof receipts before self-improving agent changes ship.",
|
|
734
|
-
"rollout": "Require baseline evals and canary receipts before agent harness, routing, model, or auto-promotion changes are released. Block production promotion without rollback proof."
|
|
735
|
-
},
|
|
736
|
-
{
|
|
737
|
-
"id": "require-public-llm-prompt-sanitization",
|
|
738
|
-
"name": "Require prompt sanitization before public LLM use",
|
|
739
|
-
"category": "AI Data Privacy Governance",
|
|
740
|
-
"signal": "👎",
|
|
741
|
-
"defaultAction": "block",
|
|
742
|
-
"severity": "critical",
|
|
743
|
-
"pattern": "(chatgpt|claude|perplexity|copilot|public llm|hosted model|external ai).*(pii|email|phone|api[_-]?key|secret|token|customer|client|contract|repo url|database schema|financial).*(paste|send|upload|prompt|share)",
|
|
744
|
-
"problem": "Public LLM prompts can become durable third-party records. Raw PII, secrets, repo identifiers, customer records, contracts, schemas, and financials must be stripped, generalized, or routed to a private endpoint first.",
|
|
745
|
-
"roi": "Critical: prevents the cheapest and most common AI data-leak path while producing a simple policy a founder or contractor can actually follow.",
|
|
746
|
-
"rollout": "Block red-data prompts to public tools. Require redaction, tokenization, or a private endpoint receipt before external model use."
|
|
747
|
-
},
|
|
748
|
-
{
|
|
749
|
-
"id": "require-ai-data-classification",
|
|
750
|
-
"name": "Require green/yellow/red AI data classification",
|
|
751
|
-
"category": "AI Data Privacy Governance",
|
|
752
|
-
"signal": "👎",
|
|
753
|
-
"defaultAction": "warn",
|
|
754
|
-
"severity": "high",
|
|
755
|
-
"pattern": "(ai|llm|agent|embedding|rag).*(ingest|upload|prompt|index|log|store).*(without|missing|no).*(green|yellow|red|classification|data class|privacy tier)",
|
|
756
|
-
"problem": "Teams make bad AI privacy decisions when every prompt is judged ad hoc. A green/yellow/red policy makes tool choice, retention, and routing explicit before ingestion.",
|
|
757
|
-
"roi": "High: converts privacy advice into repeatable enforcement and keeps contractors from guessing under deadline pressure.",
|
|
758
|
-
"rollout": "Define green public data, yellow internal/anonymized data, and red sensitive data. Require the classification on prompts, embeddings, logs, and agent inputs."
|
|
759
|
-
},
|
|
760
|
-
{
|
|
761
|
-
"id": "require-ai-log-retention-policy",
|
|
762
|
-
"name": "Require AI log retention and deletion policy",
|
|
763
|
-
"category": "AI Data Privacy Governance",
|
|
764
|
-
"signal": "👎",
|
|
765
|
-
"defaultAction": "warn",
|
|
766
|
-
"severity": "medium",
|
|
767
|
-
"pattern": "(prompt|completion|embedding|agent log|llm log|trace|conversation).*(retain|retention|delete|bucket|database|archive).*(missing|none|forever|unknown|not set)",
|
|
768
|
-
"problem": "Prompt, completion, embedding, and trace logs silently accumulate sensitive data unless raw retention windows and deletion jobs are explicit.",
|
|
769
|
-
"roi": "Medium-high: reduces long-tail breach risk and turns privacy cleanup into an auditable operational habit.",
|
|
770
|
-
"rollout": "Set default retention windows, separate aggregates from raw logs, and require scheduled deletion or anonymization receipts."
|
|
771
|
-
},
|
|
772
|
-
{
|
|
773
|
-
"id": "require-evidence-pass-through-receipt",
|
|
774
|
-
"name": "Require evidence pass-through receipt",
|
|
775
|
-
"category": "AI Trust Layer Evidence",
|
|
776
|
-
"signal": "👎",
|
|
777
|
-
"defaultAction": "block",
|
|
778
|
-
"severity": "high",
|
|
779
|
-
"pattern": "(trust layer|appia|conformity|assurance|safety claim|compliance claim|evidence pass[- ]?through).*(without|missing|no).*(who|what|criteria|when|receipt|attestation|provenance)",
|
|
780
|
-
"problem": "AI assurance falls apart when each downstream party has to trust or recreate upstream work. Evidence must state who demonstrated what, against which criteria, and when.",
|
|
781
|
-
"roi": "High: maps the Appia Foundation trust-layer signal into ThumbGate's strongest asset: portable proof receipts tied to exact actions and criteria.",
|
|
782
|
-
"rollout": "Require self-describing receipts for safety claims, model-routing claims, connector claims, and workflow-hardening claims before buyer-facing assertions or downstream handoff."
|
|
783
|
-
},
|
|
784
580
|
{
|
|
785
581
|
"id": "gate-claw-file-system-access",
|
|
786
582
|
"name": "Gate claw-style agent file system access",
|
|
@@ -829,30 +625,6 @@
|
|
|
829
625
|
"roi": "Preserves security invariants by ensuring that synthesized skills never write code patterns blocked by active ThumbGate rules.",
|
|
830
626
|
"rollout": "Scan synthesized skill markdown content for pattern overlap with active prevention rules before writing to the skills directory."
|
|
831
627
|
},
|
|
832
|
-
{
|
|
833
|
-
"id": "require-hermes-okf-skill-receipt",
|
|
834
|
-
"name": "Require OKF-style receipt before Hermes skill promotion",
|
|
835
|
-
"category": "Nous Research Hermes Agent Governance",
|
|
836
|
-
"signal": "👎",
|
|
837
|
-
"defaultAction": "warn",
|
|
838
|
-
"severity": "high",
|
|
839
|
-
"pattern": "(hermes|skill|knowledge bundle|open knowledge format|okf).*(promote|share|publish|load|reuse).*(without|missing|no).*(type|source|owner|timestamp|citation|constraint|receipt)",
|
|
840
|
-
"problem": "Hermes can synthesize reusable skills, but portable agent knowledge becomes dangerous when it lacks source, owner, freshness, constraints, and a receipt tying the skill to evidence.",
|
|
841
|
-
"roi": "High: turns Google's Open Knowledge Format signal into a practical Hermes upgrade — skills become portable markdown concepts, but ThumbGate blocks or warns when provenance and constraints are missing.",
|
|
842
|
-
"rollout": "Start in warn mode for synthesized skills. Require an OKF-style markdown concept with YAML frontmatter, type, source or citation, owner, timestamp, constraints, and gate receipt before team-wide promotion."
|
|
843
|
-
},
|
|
844
|
-
{
|
|
845
|
-
"id": "block-stale-hermes-knowledge-promotion",
|
|
846
|
-
"name": "Block stale Hermes knowledge promotion",
|
|
847
|
-
"category": "Nous Research Hermes Agent Governance",
|
|
848
|
-
"signal": "👎",
|
|
849
|
-
"defaultAction": "block",
|
|
850
|
-
"severity": "high",
|
|
851
|
-
"pattern": "(hermes|skill|knowledge|okf|open knowledge format).*(stale|expired|conflicting|contradicts|unknown timestamp|unverified source).*(promote|share|publish|reuse|load)",
|
|
852
|
-
"problem": "A self-improving Hermes agent can keep reusing obsolete internal knowledge after the underlying workflow, API, metric, or policy has changed.",
|
|
853
|
-
"roi": "High: prevents portable knowledge from becoming portable drift. This makes Hermes safer for long-running local agents and team-shared skill libraries.",
|
|
854
|
-
"rollout": "Block promotion when a skill has no freshness window, conflicts with active ThumbGate rules, or cites stale source material. Require log.md or equivalent change-history evidence for refreshed bundles."
|
|
855
|
-
},
|
|
856
628
|
{
|
|
857
629
|
"id": "require-human-in-the-loop-pause",
|
|
858
630
|
"name": "Enforce Human-in-the-Loop pause for critical decisions",
|
|
@@ -36,24 +36,6 @@
|
|
|
36
36
|
"requiredActions": ["commercial_truth_verified"],
|
|
37
37
|
"message": "You claimed a commercial-data fact (money, tax, inventory, permissions, or customer-facing state) without external source-of-truth evidence. Read the authoritative system first, then call track_action('commercial_truth_verified').",
|
|
38
38
|
"createdAt": 1781640000000
|
|
39
|
-
},
|
|
40
|
-
{
|
|
41
|
-
"pattern": "\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b.{0,80}\\b(?:understands?|knows?|wants?|intends?|decides?|believes?|feels?|thinks?|is\\s+(?:moral|ethical|sentient|conscious|empathetic|human-like)|has\\s+(?:morality|empathy|intent|intentions|understanding|beliefs?|feelings?|consciousness))\\b|\\b(?:human-like|anthropomorphic|anthropomorphi[sz]e[sd]?)\\b.{0,80}\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b|\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b.{0,80}\\b(?:human-like|anthropomorphic|anthropomorphi[sz]e[sd]?)\\b",
|
|
42
|
-
"requiredActions": ["anthropomorphic_claim_verified"],
|
|
43
|
-
"message": "You made a human-like or cognitive claim about an AI system without explicit measurement criteria. Define the tested attribute, interface/substrate, observer/evaluator, and evidence first, then call track_action('anthropomorphic_claim_verified').",
|
|
44
|
-
"createdAt": 1781913600000
|
|
45
|
-
},
|
|
46
|
-
{
|
|
47
|
-
"pattern": "\\b(?:agent|assistant|ai|mcp|connector|tool)\\b.{0,100}\\b(?:identity|owner|invoker|service account|credential|permission|access|scope|least privilege)\\b.{0,100}\\b(?:verified|inventoried|mapped|known|governed|scoped|ready|configured|complete)\\b|\\b(?:verified|inventoried|mapped|known|governed|scoped|ready|configured|complete)\\b.{0,100}\\b(?:agent|assistant|ai|mcp|connector|tool)\\b.{0,100}\\b(?:identity|owner|invoker|service account|credential|permission|access|scope|least privilege)\\b",
|
|
48
|
-
"requiredActions": ["agent_identity_inventory_verified"],
|
|
49
|
-
"message": "You claimed agent identity, ownership, credentials, permissions, or least-privilege scope is verified without an inventory receipt. Record owner, invoker, systems, credentials, read/write/delete/execute permissions, and purpose first, then call track_action('agent_identity_inventory_verified').",
|
|
50
|
-
"createdAt": 1781913600000
|
|
51
|
-
},
|
|
52
|
-
{
|
|
53
|
-
"pattern": "\\b(?:mcp|connector|connectors|tool pack|toolpack|tool-pack|merge agent handler|agent handler|glean|mcp gateway|remote mcp)\\b.{0,100}\\b(?:safe|secure|scoped|governed|authenticated|dlp|audit|observable|permissioned|ready|configured|production-ready)\\b|\\b(?:safe|secure|scoped|governed|authenticated|dlp|audit|observable|permissioned|ready|configured|production-ready)\\b.{0,100}\\b(?:mcp|connector|connectors|tool pack|toolpack|tool-pack|merge agent handler|agent handler|glean|mcp gateway|remote mcp)\\b",
|
|
54
|
-
"requiredActions": ["connector_scope_verified"],
|
|
55
|
-
"message": "You claimed a connector, Tool Pack, MCP gateway, or remote MCP surface is safely scoped without connector evidence. Verify authentication, allowed tools, DLP/logging behavior, downstream systems, and audit receipts first, then call track_action('connector_scope_verified').",
|
|
56
|
-
"createdAt": 1781913600000
|
|
57
39
|
}
|
|
58
40
|
]
|
|
59
41
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "thumbgate",
|
|
3
|
-
"version": "1.27.
|
|
3
|
+
"version": "1.27.13",
|
|
4
4
|
"description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
|
|
5
5
|
"homepage": "https://thumbgate.ai",
|
|
6
6
|
"repository": {
|
|
@@ -29,6 +29,7 @@
|
|
|
29
29
|
"scripts/agent-reasoning-traces.js",
|
|
30
30
|
"scripts/agent-reward-model.js",
|
|
31
31
|
"scripts/agent-stack-survival-audit.js",
|
|
32
|
+
"scripts/aws-blocks-guardrails.js",
|
|
32
33
|
"scripts/agentic-data-pipeline.js",
|
|
33
34
|
"scripts/ai-component-inventory.js",
|
|
34
35
|
"scripts/ai-engineering-stack-guardrails.js",
|
|
@@ -105,8 +106,8 @@
|
|
|
105
106
|
"scripts/growth-campaigns.js",
|
|
106
107
|
"scripts/harness-selector.js",
|
|
107
108
|
"scripts/hf-papers.js",
|
|
108
|
-
"scripts/hook-stop-anti-claim.js",
|
|
109
109
|
"scripts/hook-runtime.js",
|
|
110
|
+
"scripts/hook-stop-anti-claim.js",
|
|
110
111
|
"scripts/hook-thumbgate-cache-updater.js",
|
|
111
112
|
"scripts/hosted-config.js",
|
|
112
113
|
"scripts/hybrid-feedback-context.js",
|
|
@@ -171,7 +172,6 @@
|
|
|
171
172
|
"scripts/rag-precision-guardrails.js",
|
|
172
173
|
"scripts/rate-limiter.js",
|
|
173
174
|
"scripts/reasoning-efficiency-guardrails.js",
|
|
174
|
-
"scripts/reddit-browser-notification-watch.js",
|
|
175
175
|
"scripts/repeat-metric.js",
|
|
176
176
|
"scripts/reward-hacking-guardrails.js",
|
|
177
177
|
"scripts/risk-scorer.js",
|
|
@@ -245,6 +245,9 @@
|
|
|
245
245
|
"adapters/letta/README.md",
|
|
246
246
|
"adapters/letta/thumbgate-letta-adapter.js",
|
|
247
247
|
"adapters/gcp/dfcx-webhook-gate.js",
|
|
248
|
+
"adapters/policy-engine/README.md",
|
|
249
|
+
"adapters/policy-engine/ethicore-guardian-client.js",
|
|
250
|
+
"adapters/policy-engine/thumbgate-policy-engine-adapter.js",
|
|
248
251
|
"adapters/mcp/server-stdio.js",
|
|
249
252
|
"adapters/opencode/opencode.json",
|
|
250
253
|
"bench/programbench-smoke.json",
|
|
@@ -265,14 +268,11 @@
|
|
|
265
268
|
"public/chatgpt-app.html",
|
|
266
269
|
"public/codex-plugin.html",
|
|
267
270
|
"public/compare.html",
|
|
268
|
-
"public/compare/",
|
|
269
271
|
"public/dashboard.html",
|
|
270
272
|
"public/federal.html",
|
|
271
273
|
"public/guide.html",
|
|
272
|
-
"public/guides/",
|
|
273
274
|
"public/index.html",
|
|
274
275
|
"public/learn.html",
|
|
275
|
-
"public/learn/",
|
|
276
276
|
"public/lessons.html",
|
|
277
277
|
"public/numbers.html",
|
|
278
278
|
"public/pricing.html",
|
|
@@ -312,11 +312,14 @@
|
|
|
312
312
|
"stripe:live": "node scripts/stripe-live-status.js",
|
|
313
313
|
"stripe:webhook:audit": "node scripts/rotate-stripe-webhook-secret.js --audit",
|
|
314
314
|
"stripe:webhook:disable-legacy": "node scripts/rotate-stripe-webhook-secret.js --disable-legacy",
|
|
315
|
+
"zai:smoke": "node scripts/zai-smoke.js",
|
|
315
316
|
"gtm:revenue-loop": "node scripts/autonomous-sales-agent.js",
|
|
316
317
|
"gtm:aiventyx": "node scripts/aiventyx-marketplace-plan.js",
|
|
317
318
|
"gtm:chatgpt": "node scripts/chatgpt-gpt-revenue-pack.js",
|
|
318
319
|
"gtm:codex": "node scripts/codex-marketplace-revenue-pack.js",
|
|
319
320
|
"gtm:linkedin": "node scripts/linkedin-workflow-hardening-pack.js",
|
|
321
|
+
"gtm:okara-automation": "node scripts/okara-money-promo-automation.js",
|
|
322
|
+
"gtm:okara-automation:write": "node scripts/okara-money-promo-automation.js --write",
|
|
320
323
|
"gtm:roo-sunset": "node scripts/roo-sunset-demand-pack.js",
|
|
321
324
|
"gtm:reddit": "node scripts/reddit-dm-workflow-hardening-pack.js",
|
|
322
325
|
"medium:weekly:draft": "node scripts/medium-weekly.js --write",
|
|
@@ -367,8 +370,6 @@
|
|
|
367
370
|
"trace:eval": "node scripts/decision-trace.js eval",
|
|
368
371
|
"social:reply-monitor": "node scripts/social-reply-monitor.js",
|
|
369
372
|
"social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
|
|
370
|
-
"social:reply-monitor:reddit-browser": "node scripts/reddit-browser-notification-watch.js",
|
|
371
|
-
"social:reply-monitor:reddit-browser:dry": "node scripts/reddit-browser-notification-watch.js --dry-run",
|
|
372
373
|
"social:reply-monitor:install-reddit": "node scripts/reddit-monitor-launchd.js install",
|
|
373
374
|
"social:reply-monitor:bluesky": "node scripts/social-reply-monitor-bluesky.js",
|
|
374
375
|
"social:reply-monitor:bluesky:dry": "node scripts/social-reply-monitor-bluesky.js --dry-run",
|
|
@@ -377,9 +378,9 @@
|
|
|
377
378
|
"social:prospect:bluesky": "node scripts/social-bluesky-prospecting.js",
|
|
378
379
|
"social:prospect:bluesky:dry": "node scripts/social-bluesky-prospecting.js --dry-run",
|
|
379
380
|
"social:reply-publish:bluesky:dry": "node scripts/social-reply-monitor-bluesky.js --publish-approved --dry-run",
|
|
380
|
-
"test": "npm run test:
|
|
381
|
-
"test:brain": "node --test tests/brain.test.js",
|
|
381
|
+
"test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:repeat-metric && npm run test:noop-detect && npm run test:action-receipts && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:mcp-tool-annotations && npm run test:mcp-oauth && npm run test:mcp-oauth-flow && npm run test:plan-gate && npm run test:ai-component-inventory && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:statusline-cache-aggregate && npm run test:public-repo-hygiene && npm run test:no-internal-orchestration-leaks && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:lesson-semantic-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:predictive-credible-range && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:pricing-page-telemetry && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:activation-onboarding && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster && npm run test:proof:truth && node --test tests/adaptive-reliability.test.js && npm run test:mcp-oauth-reviewer && npm run test:dfcx-gate && npm run test:dfcx-gate-server && npm run test:vertex-scorer && npm run test:dashboard-chat && npm run test:gitar-integration && npm run test:secret-redaction && npm run test:discoverable-skills && npm run test:discoverable-skill-skills && npm run test:sync-telemetry && npm run test:leak-scanner && npm run test:team-sync && npm run test:eval-rag && npm run test:async-eval-observability && npm run test:letta-adapter && npm run test:policy-engine-adapter && npm run test:tool-contract-validator && npm run test:check-update && npm run test:hermes-gate && npm run test:memory-provider-enforcement-bridge && npm run test:publisher-credential-guards && npm run test:reddit-browser-notification-watch && npm run test:payment-rails",
|
|
382
382
|
"test:python": "python3 -m pytest tests/*.py",
|
|
383
|
+
"test:check-update": "node --test tests/check-update.test.js",
|
|
383
384
|
"test:hook-stop-verify-deploy": "node --test tests/hook-stop-verify-deploy.test.js",
|
|
384
385
|
"test:hook-stop-anti-claim": "node --test tests/hook-stop-anti-claim.test.js",
|
|
385
386
|
"test:plausible-server-events": "node --test tests/plausible-server-events.test.js tests/plausible-poller.test.js tests/plausible-domain-config.test.js",
|
|
@@ -455,10 +456,10 @@
|
|
|
455
456
|
"test:memory-scope-readiness": "node --test tests/memory-scope-readiness.test.js",
|
|
456
457
|
"test:belief-update": "node --test tests/belief-update.test.js",
|
|
457
458
|
"test:hosted-config": "node --test tests/hosted-config.test.js",
|
|
458
|
-
"test:policy-engine-adapter": "node --test tests/policy-engine-adapter.test.js",
|
|
459
459
|
"test:operational-summary": "node --test tests/operational-summary.test.js",
|
|
460
460
|
"test:operational-dashboard": "node --test tests/operational-dashboard.test.js",
|
|
461
461
|
"test:operator-artifacts": "node --test tests/operator-artifacts.test.js tests/revenue-pack-utils.test.js",
|
|
462
|
+
"test:okara-money-promo-automation": "node --test tests/okara-money-promo-automation.test.js",
|
|
462
463
|
"test:operator-key-auth": "node --test tests/api-operator-key-auth.test.js",
|
|
463
464
|
"test:cloudflare-sandbox": "node --test tests/cloudflare-dynamic-sandbox.test.js tests/cloudflare-sandbox-api.test.js",
|
|
464
465
|
"test:mcp-config": "node --test tests/mcp-config.test.js",
|
|
@@ -479,6 +480,7 @@
|
|
|
479
480
|
"test:hf-papers": "node --test tests/hf-papers.test.js",
|
|
480
481
|
"test:marketing-experiment": "node --test tests/marketing-experiment.test.js",
|
|
481
482
|
"test:seo-gsd": "node --test tests/seo-gsd.test.js",
|
|
483
|
+
"test:hermes-gate": "node --test tests/hermes-gate.test.js",
|
|
482
484
|
"test:verify-run": "node --test tests/verify-run.test.js",
|
|
483
485
|
"test:export-dpo-pairs": "node --test tests/export-dpo-pairs.test.js",
|
|
484
486
|
"test:secret-redaction": "node --test tests/secret-redaction.test.js",
|
|
@@ -505,7 +507,7 @@
|
|
|
505
507
|
"test:operational-integrity": "node --test tests/operational-integrity.test.js tests/sync-branch-protection.test.js",
|
|
506
508
|
"test:workflow": "node --test tests/parallel-workflow.test.js tests/workflow-contract.test.js tests/positioning-contract.test.js tests/docs-claim-hygiene.test.js tests/thumbgate-scope.test.js tests/workflow-runs.test.js tests/workflow-sprint-intake.test.js tests/revenue-pack-utils.test.js tests/sales-pipeline.test.js tests/github-outreach.test.js tests/enterprise-story.test.js tests/guide-conversion-path.test.js tests/buyer-intent-revenue-assist.test.js",
|
|
507
509
|
"test:sales-pipeline": "node --test tests/sales-pipeline.test.js",
|
|
508
|
-
"test:billing": "node --test tests/billing.test.js tests/stripe-sync-product-images.test.js
|
|
510
|
+
"test:billing": "node --test tests/billing.test.js tests/stripe-sync-product-images.test.js",
|
|
509
511
|
"test:cli": "node --test tests/analytics-report.test.js tests/agent-design-governance.test.js tests/codex-self-heal.test.js tests/creator-campaigns.test.js tests/cli.test.js tests/codex-bridge-script.test.js tests/dependabot-changeset.test.js tests/dispatch-brief.test.js tests/feedback-normalize.test.js tests/install-mcp.test.js tests/install-scope-docs.test.js tests/pr-manager.test.js tests/pro-local-dashboard.test.js tests/published-cli.test.js tests/revenue-status.test.js tests/stripe-live-status.test.js tests/creator-dev-and-prune.test.js",
|
|
510
512
|
"test:evolution": "node --test tests/workspace-evolver.test.js",
|
|
511
513
|
"test:watcher": "node --test tests/jsonl-watcher.test.js",
|
|
@@ -564,18 +566,11 @@
|
|
|
564
566
|
"prove:xmemory": "node scripts/prove-xmemory.js",
|
|
565
567
|
"audit:stats": "node scripts/audit-trail.js --stats",
|
|
566
568
|
"profile:route": "node scripts/profile-router.js",
|
|
567
|
-
"social:poll:zernio": "node scripts/social-analytics/pollers/zernio.js",
|
|
568
|
-
"social:publish:zernio": "node scripts/social-analytics/publishers/zernio.js",
|
|
569
|
-
"social:zernio:status": "node scripts/social-analytics/zernio-status.js",
|
|
570
|
-
"test:zernio": "node --test tests/zernio-integration.test.js",
|
|
571
569
|
"test:platform-limits": "node --test tests/platform-limits.test.js",
|
|
572
570
|
"test:durability-step": "node --test tests/durability-step.test.js",
|
|
573
571
|
"test:post-video": "node --test tests/post-video.test.js",
|
|
574
572
|
"test:post-everywhere-instagram": "node --test tests/post-everywhere-instagram.test.js",
|
|
575
573
|
"test:post-everywhere-channels": "node --test tests/post-everywhere-channels.test.js",
|
|
576
|
-
"test:post-everywhere-zernio-default": "node --test tests/post-everywhere-zernio-default.test.js",
|
|
577
|
-
"test:zernio-canonical-pollers": "node --test tests/zernio-canonical-pollers.test.js",
|
|
578
|
-
"test:zernio-status": "node --test tests/zernio-status.test.js",
|
|
579
574
|
"test:license": "node --test tests/license.test.js",
|
|
580
575
|
"test:bot-detector": "node --test tests/bot-detector.test.js",
|
|
581
576
|
"test:audit-pr-bot-contamination": "node --test tests/audit-pr-bot-contamination.test.js",
|
|
@@ -640,13 +635,11 @@
|
|
|
640
635
|
"social:reconcile:campaign": "node scripts/social-analytics/reconcile-thumbgate-campaign.js",
|
|
641
636
|
"social:sync:launch-assets": "node scripts/social-analytics/sync-launch-assets.js",
|
|
642
637
|
"social:engagement:audit": "node scripts/social-analytics/engagement-audit.js",
|
|
643
|
-
"social:dedupe:cleanup": "node scripts/social-analytics/cleanup-zernio-duplicates.js",
|
|
644
638
|
"test:install-growth-automation": "node --test tests/install-growth-automation.test.js",
|
|
645
639
|
"test:publish-thumbgate-launch": "node --test tests/publish-thumbgate-launch.test.js",
|
|
646
640
|
"test:reconcile-thumbgate-campaign": "node --test tests/reconcile-thumbgate-campaign.test.js",
|
|
647
641
|
"test:schedule-thumbgate-campaign": "node --test tests/schedule-thumbgate-campaign.test.js",
|
|
648
642
|
"test:social-reply-monitor": "node --test tests/social-reply-monitor.test.js tests/reddit-monitor-launchd.test.js",
|
|
649
|
-
"test:social-dedupe-cleanup": "node --test tests/cleanup-zernio-duplicates.test.js",
|
|
650
643
|
"test:bluesky-atproto": "node --test tests/bluesky-atproto.test.js",
|
|
651
644
|
"test:social-reply-monitor-bluesky": "node --test tests/social-reply-monitor-bluesky.test.js tests/bluesky-monitor-launchd.test.js tests/social-bluesky-prospecting.test.js",
|
|
652
645
|
"test:bluesky-delete-replies": "node --test tests/bluesky-delete-replies.test.js",
|
|
@@ -699,7 +692,9 @@
|
|
|
699
692
|
"test:ai-engineering-stack-guardrails": "node --test tests/ai-engineering-stack-guardrails.test.js",
|
|
700
693
|
"test:ai-component-inventory": "node --test tests/ai-component-inventory.test.js",
|
|
701
694
|
"test:interaction-model": "node --test tests/interaction-model.test.js tests/interaction-model-e2e.test.js",
|
|
702
|
-
"
|
|
695
|
+
"aws-blocks:guardrails": "node scripts/aws-blocks-guardrails.js",
|
|
696
|
+
"test:aws-blocks-guardrails": "node --test tests/aws-blocks-guardrails.test.js",
|
|
697
|
+
"test:high-roi": "node --test tests/high-roi.test.js tests/model-candidates.test.js tests/autonomous-workflow.test.js tests/high-roi-agent-workflows.test.js tests/interaction-model.test.js tests/interaction-model-e2e.test.js tests/code-graph-guardrails.test.js tests/proxy-pointer-rag-guardrails.test.js tests/rag-precision-guardrails.test.js tests/ai-engineering-stack-guardrails.test.js tests/long-running-agent-context-guardrails.test.js tests/reasoning-efficiency-guardrails.test.js tests/deepseek-v4-runtime-guardrails.test.js tests/upstream-contribution-engine.test.js tests/proactive-agent-eval-guardrails.test.js tests/reward-hacking-guardrails.test.js tests/chatgpt-ads-readiness-pack.test.js tests/oss-pr-opportunity-scout.test.js tests/agent-design-governance.test.js tests/gemini-embedding-policy.test.js tests/openclaw-agent-governance-kit.test.js tests/agent-operations-planner.test.js tests/aws-blocks-guardrails.test.js",
|
|
703
698
|
"test:public-static-assets": "node --test tests/public-static-assets.test.js",
|
|
704
699
|
"test:token-savings": "node --test tests/token-savings.test.js",
|
|
705
700
|
"test:cost-cli": "node --test tests/cost-cli.test.js tests/conversion-receipt.test.js",
|
|
@@ -756,7 +751,15 @@
|
|
|
756
751
|
"test:leak-scanner": "node --test tests/leak-scanner.test.js",
|
|
757
752
|
"test:tool-contract-validator": "node --test tests/tool-contract-validator.test.js",
|
|
758
753
|
"test:letta-adapter": "node --test tests/letta-adapter.test.js",
|
|
759
|
-
"
|
|
754
|
+
"test:policy-engine-adapter": "node --test tests/policy-engine-adapter.test.js",
|
|
755
|
+
"eval:observability": "node scripts/async-eval-observability.js",
|
|
756
|
+
"test:memory-provider-enforcement-bridge": "node --test tests/memory-provider-enforcement-bridge.test.js",
|
|
757
|
+
"test:payment-rails": "node --test tests/payment-rails.test.js",
|
|
758
|
+
"test:publisher-credential-guards": "node --test tests/publisher-credential-guards.test.js",
|
|
759
|
+
"test:reddit-browser-notification-watch": "node --test tests/reddit-browser-notification-watch.test.js",
|
|
760
|
+
"cursor:marketplace:doctor": "node scripts/cursor-marketplace-doctor.js",
|
|
761
|
+
"cursor:marketplace:doctor:json": "node scripts/cursor-marketplace-doctor.js --json",
|
|
762
|
+
"test:cursor-marketplace-doctor": "node --test tests/cursor-marketplace-doctor.test.js"
|
|
760
763
|
},
|
|
761
764
|
"keywords": [
|
|
762
765
|
"mcp",
|
|
@@ -823,9 +826,16 @@
|
|
|
823
826
|
"stripe": "^22.2.0"
|
|
824
827
|
},
|
|
825
828
|
"overrides": {
|
|
829
|
+
"@google/genai": {
|
|
830
|
+
"protobufjs": "7.6.4"
|
|
831
|
+
},
|
|
832
|
+
"onnxruntime-web": {
|
|
833
|
+
"protobufjs": "7.6.4"
|
|
834
|
+
},
|
|
826
835
|
"express@4.22.1": {
|
|
827
836
|
"path-to-regexp": "0.1.13"
|
|
828
|
-
}
|
|
837
|
+
},
|
|
838
|
+
"js-yaml": "4.2.0"
|
|
829
839
|
},
|
|
830
840
|
"mcpName": "io.github.IgorGanapolsky/thumbgate",
|
|
831
841
|
"devDependencies": {
|
|
@@ -833,7 +843,7 @@
|
|
|
833
843
|
"@changesets/cli": "^2.31.0",
|
|
834
844
|
"@playwright/test": "^1.60.0",
|
|
835
845
|
"c8": "^11.0.0",
|
|
836
|
-
"undici": "^8.
|
|
846
|
+
"undici": "^8.5.0"
|
|
837
847
|
},
|
|
838
848
|
"hotfix": "gate-check-bypass-2026-06-03"
|
|
839
849
|
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 360" role="img" aria-labelledby="tg-logo-transparent-title tg-logo-transparent-desc">
|
|
2
|
+
<title id="tg-logo-transparent-title">ThumbGate</title>
|
|
3
|
+
<desc id="tg-logo-transparent-desc">Transparent ThumbGate sponsor logo with TG gate monogram and wordmark for dark or colored event backgrounds.</desc>
|
|
4
|
+
<defs>
|
|
5
|
+
<linearGradient id="tg-logo-transparent-frame" x1="66" y1="66" x2="294" y2="294" gradientUnits="userSpaceOnUse">
|
|
6
|
+
<stop offset="0" stop-color="#8cf5d1"/>
|
|
7
|
+
<stop offset="1" stop-color="#22d3ee"/>
|
|
8
|
+
</linearGradient>
|
|
9
|
+
<filter id="tg-logo-transparent-glow" x="-30%" y="-30%" width="160%" height="160%" color-interpolation-filters="sRGB">
|
|
10
|
+
<feDropShadow dx="0" dy="0" stdDeviation="8" flood-color="#22d3ee" flood-opacity="0.30"/>
|
|
11
|
+
</filter>
|
|
12
|
+
</defs>
|
|
13
|
+
<g filter="url(#tg-logo-transparent-glow)">
|
|
14
|
+
<rect x="66" y="66" width="228" height="228" rx="54" fill="#061015" fill-opacity="0.78"/>
|
|
15
|
+
<rect x="103" y="103" width="154" height="154" rx="36" fill="#0b1820" stroke="url(#tg-logo-transparent-frame)" stroke-width="9"/>
|
|
16
|
+
<path d="M132 216V147c0-16 12-28 28-28h40c16 0 28 12 28 28v69" fill="none" stroke="#8cf5d1" stroke-width="13" stroke-linecap="round" stroke-linejoin="round"/>
|
|
17
|
+
<text x="180" y="196" text-anchor="middle" fill="#e7fbff" font-family="Inter, -apple-system, BlinkMacSystemFont, Segoe UI, Arial, sans-serif" font-size="58" font-weight="900" letter-spacing="-3.5">TG</text>
|
|
18
|
+
<rect x="129" y="211" width="102" height="13" rx="6.5" fill="#22d3ee"/>
|
|
19
|
+
</g>
|
|
20
|
+
<text x="340" y="178" fill="#f4fdff" font-family="Inter, -apple-system, BlinkMacSystemFont, Segoe UI, Arial, sans-serif" font-size="82" font-weight="900">ThumbGate</text>
|
|
21
|
+
<text x="344" y="235" fill="#9ca3af" font-family="Inter, -apple-system, BlinkMacSystemFont, Segoe UI, Arial, sans-serif" font-size="30" font-weight="600">Pre-Action Checks for AI coding agents</text>
|
|
22
|
+
</svg>
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" role="img" aria-labelledby="tg-inline-title tg-inline-desc">
|
|
2
|
+
<title id="tg-inline-title">ThumbGate</title>
|
|
3
|
+
<desc id="tg-inline-desc">ThumbGate simplified gate mark for inline site headers.</desc>
|
|
4
|
+
<defs>
|
|
5
|
+
<linearGradient id="tg-inline-frame" x1="8" y1="8" x2="56" y2="56" gradientUnits="userSpaceOnUse">
|
|
6
|
+
<stop offset="0" stop-color="#8cf5d1"/>
|
|
7
|
+
<stop offset="1" stop-color="#22d3ee"/>
|
|
8
|
+
</linearGradient>
|
|
9
|
+
<linearGradient id="tg-inline-fill" x1="20" y1="18" x2="44" y2="48" gradientUnits="userSpaceOnUse">
|
|
10
|
+
<stop offset="0" stop-color="#123142"/>
|
|
11
|
+
<stop offset="1" stop-color="#071116"/>
|
|
12
|
+
</linearGradient>
|
|
13
|
+
</defs>
|
|
14
|
+
<rect x="5" y="5" width="54" height="54" rx="15" fill="#061015"/>
|
|
15
|
+
<path d="M32 10.5c12.2 3.9 19 11.4 19 22.1 0 11.9-9.4 19.2-19 22.1-9.6-2.9-19-10.2-19-22.1 0-10.7 6.8-18.2 19-22.1Z" fill="url(#tg-inline-fill)" stroke="url(#tg-inline-frame)" stroke-width="4" stroke-linejoin="round"/>
|
|
16
|
+
<path d="M22 43V29.4c0-6 4.4-10.4 10-10.4s10 4.4 10 10.4V43" fill="none" stroke="#8cf5d1" stroke-width="5" stroke-linecap="round" stroke-linejoin="round"/>
|
|
17
|
+
<path d="M25 43h14" stroke="#22d3ee" stroke-width="5" stroke-linecap="round"/>
|
|
18
|
+
<circle cx="32" cy="31" r="3.2" fill="#e7fbff"/>
|
|
19
|
+
</svg>
|