thumbgate 1.27.2 → 1.27.3

package/scripts/oss-pr-opportunity-scout.js

@@ -8,6 +8,7 @@ const DEFAULT_PACKAGE_PATH = path.join(__dirname, '..', 'package.json');
 const DEFAULT_OUTPUT_DIR = path.join(__dirname, '..', 'docs', 'marketing');
 const KNOWN_REPOS = Object.freeze({
   '@anthropic-ai/sdk': 'anthropics/anthropic-sdk-typescript',
+  '@modelcontextprotocol/sdk': 'modelcontextprotocol/typescript-sdk',
   '@google/genai': 'googleapis/js-genai',
   '@huggingface/transformers': 'huggingface/transformers.js',
   '@lancedb/lancedb': 'lancedb/lancedb',
@@ -23,6 +24,24 @@ const KNOWN_REPOS = Object.freeze({
   undici: 'nodejs/undici',
 });
 
+// Communities where ThumbGate's buyers live even though they are not npm
+// dependencies. ThumbGate ships an MCP server, so the Model Context Protocol
+// repos are the single highest-ROI ecosystem to contribute to — but the
+// dependency-scan above would never surface them. These are always scouted on
+// the default (no explicit --dependencies) path, de-duped against package.json.
+const STRATEGIC_DEPENDENCIES = Object.freeze([
+  '@modelcontextprotocol/sdk', // MCP TypeScript SDK — the protocol ThumbGate implements
+  'modelcontextprotocol/servers', // MCP servers ecosystem — where MCP authors (our buyers) collaborate
+]);
+
+// Honest, repo-accurate framing for the outreach draft. ThumbGate does not
+// `import` these — it implements the protocol — so the generic "while using X"
+// line would be a false claim. Keep drafts truthful (CEO honesty rule).
+const RELATIONSHIP_OVERRIDES = Object.freeze({
+  '@modelcontextprotocol/sdk': 'building ThumbGate as an MCP server against the Model Context Protocol spec',
+  'modelcontextprotocol/servers': 'building and testing ThumbGate as an MCP server alongside the reference MCP servers',
+});
+
 const BOUNTY_KEYWORDS = [
   'bug bounty',
   'bounty',
@@ -70,7 +89,10 @@ function dependencyNames(pkg = {}) {
 }
 
 function repoFromDependency(name) {
-  return KNOWN_REPOS[name] || '';
+  if (KNOWN_REPOS[name]) return KNOWN_REPOS[name];
+  // A strategic identifier may itself be an "owner/repo" slug (not an npm name).
+  if (!name.startsWith('@') && /^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/.test(name)) return name;
+  return '';
 }
 
 function buildIssueSearchQueries(repo) {
@@ -89,14 +111,18 @@ function scoreOpportunity(depName, repo, options = {}) {
     score += 20;
     reasons.push('known upstream repository');
   }
-  if (/sdk|genai|stripe|playwright|lancedb|transformers|sqlite|undici/i.test(depName)) {
+  if (/sdk|genai|stripe|playwright|lancedb|transformers|sqlite|undici|mcp|modelcontext/i.test(depName)) {
     score += 20;
     reasons.push('high product adjacency for agent tooling');
   }
-  if (/anthropic|google|huggingface|stripe|microsoft|nodejs/i.test(repo)) {
+  if (/anthropic|google|huggingface|stripe|microsoft|nodejs|modelcontextprotocol/i.test(repo)) {
     score += 15;
     reasons.push('large ecosystem visibility');
   }
+  if (/modelcontext|mcp/i.test(depName) || /modelcontextprotocol/i.test(repo)) {
+    score += 12;
+    reasons.push("ThumbGate's own protocol surface — buyers are MCP authors");
+  }
   if (options.includeBounties) {
     score += 10;
     reasons.push('bounty search enabled');
@@ -138,7 +164,7 @@ function buildOpportunity(depName, options = {}) {
       'no bounty, security, or maintainer-policy claim without source link',
     ],
     outreachDraft: repo
-      ? `I found this while using ${depName} in ThumbGate. I reproduced the issue, added a minimal fix with tests, and kept the PR scoped to the maintainer's issue.`
+      ? `I found this while ${RELATIONSHIP_OVERRIDES[depName] || `using ${depName} in ThumbGate`}. I reproduced the issue, added a minimal fix with tests, and kept the PR scoped to the maintainer's issue.`
       : '',
   };
 }
@@ -149,7 +175,9 @@ function buildOssPrOpportunityScoutPlan(rawOptions = {}) {
   const explicitDeps = splitList(rawOptions.dependencies || rawOptions.deps);
   const includeBounties = rawOptions.includeBounties !== false && rawOptions['include-bounties'] !== false;
   const maxRepos = Math.max(1, Number.parseInt(String(rawOptions.maxRepos || rawOptions['max-repos'] || 12), 10) || 12);
-  const deps = explicitDeps.length ? explicitDeps : dependencyNames(pkg);
+  const deps = explicitDeps.length
+    ? explicitDeps
+    : [...new Set([...dependencyNames(pkg), ...STRATEGIC_DEPENDENCIES])];
   const opportunities = deps
     .map((dep) => buildOpportunity(dep, { includeBounties }))
     .filter((opportunity) => opportunity.repo)
@@ -223,6 +251,8 @@ function writeOssPrOpportunityScoutPack(outputDir = DEFAULT_OUTPUT_DIR, options
 
 module.exports = {
   KNOWN_REPOS,
+  STRATEGIC_DEPENDENCIES,
+  RELATIONSHIP_OVERRIDES,
   buildIssueSearchQueries,
   buildOpportunity,
   buildOssPrOpportunityScoutPlan,

package/scripts/rate-limiter.js

@@ -6,7 +6,7 @@ const path = require('path');
 const {
   PRO_MONTHLY_PAYMENT_LINK,
   PRO_PRICE_LABEL,
-  TEAM_PRICE_LABEL,
+  ENTERPRISE_PRICE_LABEL,
 } = require('./commercial-offer');
 
 const USAGE_FILE = path.join(process.env.HOME || '/tmp', '.thumbgate', 'usage-limits.json');
@@ -31,7 +31,7 @@ const FREE_TIER_LIMITS = {
 const FREE_TIER_MAX_GATES = 3; // 3 active prevention rules on free; Pro is unlimited
 const FREE_TIER_DAILY_BLOCKS = 3; // 3 gate blocks/day on free; after limit, deny → warn + upgrade CTA
 
-const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
+const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Enterprise: ${ENTERPRISE_PRICE_LABEL} after workflow qualification.`;
 
 const PAYWALL_MESSAGES = {
   capture_feedback: 'Free tier: 5 captures/day (25 total). Your feedback is stored locally — upgrade to capture unlimited.',

package/scripts/seo-gsd.js

@@ -446,6 +446,65 @@ function buildZeroTrustGuide() {
   });
 }
 
+const GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC = Object.freeze({
+  slug: 'govern-claude-for-legal-agents',
+  meta: {
+    query: 'govern claude for legal agents',
+    title: 'Govern Claude for Legal Agents | A Gate Before They Act',
+    heroTitle: 'Govern Claude for Legal’s 90+ Agents at the Tool Call',
+    heroSummary: 'Claude for Legal ships 90+ named agents that review contracts, answer DSARs, and run continuously on document and email streams. Anthropic’s own guidance is that there must be a gate before anything is filed, sent, or relied on. ThumbGate is that gate — it checks each agent action at the tool-call boundary, in your tenant, and logs every decision for the record.',
+  },
+  takeaways: [
+    'Claude for Legal’s agents take real side effects — sending a DSAR response, filing a document, writing to a system of record. ThumbGate gates the action before the side effect runs, not after, on a dashboard.',
+    'Intent-agnostic: whether an agent is wrong, prompt-injected, or off-playbook, ThumbGate blocks the same way and records the rule that fired. The risk is not a “rogue” agent — it is an ordinary one acting at volume.',
+    'Every gated decision is logged with its source rule — a SIEM-exportable audit trail your ethics, risk, and conflicts owners can query.',
+  ],
+  sections: [
+    ['paragraphs', 'Why 90+ legal agents need a gate before the side effect', [
+      'A firm running Claude for Legal now has dozens of agents acting on ongoing document and email streams — vendor-agreement review, termination review, DSAR responses, claim charts. No one can review every action by hand. The risk is not malice; it is an ordinary agent that sends the wrong response, files against the wrong playbook, or surfaces a privileged document.',
+      'Anthropic’s own framing names the control: an explicit gate before anything is filed, sent, or relied on. ThumbGate implements that gate at the tool-call boundary — the moment before the action executes — instead of trusting the agent’s stated intent.',
+    ]],
+    ['bullets', 'What ThumbGate gates for legal agents', [
+      'The send/file/write action itself — e.g. a DSAR or client response before it leaves, a filing before it goes out, a write to a conflicted matter — held or blocked at the boundary.',
+      'Playbook deviations — an action that departs from the firm’s approved workflow is stopped for review rather than executed.',
+      'Privileged-document exposure — flagged before an agent surfaces or forwards it.',
+      'Continuous runs — one rule set covers every agent and every scheduled run, so coverage scales with agent count, not headcount.',
+    ]],
+    ['paragraphs', 'Enforcement in your tenant, with an audit trail', [
+      'ThumbGate runs as a pre-action gate in front of agent fulfillment, including a Dialogflow CX webhook gate deployed in your own GCP tenant, so matter content does not leave your boundary. Risk and planning scoring can run on Gemini via Vertex, in-tenant. This is a white-glove design-partner pilot, not a turnkey product purchase.',
+      'Every gated detection is logged with the rule that fired and the feedback event that generated it. That decision trail is the evidence a firm needs for malpractice defense and bar-compliance review — queryable, exportable, and tied to a named owner.',
+    ]],
+    ['paragraphs', 'ThumbGate complements Claude for Legal — it does not replace it', [
+      'Claude for Legal decides what the work is. ThumbGate decides what is allowed to execute. Use both: keep the 90+ agents doing the legal work, and put a gate between each agent and its next side effect. A thumbs-down on a bad action becomes a prevention rule, so the same mistake is blocked across every agent and matter next time.',
+    ]],
+  ],
+  faq: [
+    [
+      'Does ThumbGate replace Claude for Legal?',
+      'No. Claude for Legal’s agents do the legal work; ThumbGate governs what they are allowed to execute — a gate before anything is filed, sent, or relied on. You run both.',
+    ],
+    [
+      'Where does the gate run?',
+      'In your tenant. ThumbGate gates agent fulfillment locally or via a Dialogflow CX webhook gate in your own GCP project; matter content does not leave your boundary, and Vertex/Gemini scoring runs in-tenant. It is a white-glove design-partner pilot, not a turnkey purchase.',
+    ],
+    [
+      'What proof does a firm get?',
+      'Every gated decision is logged with the rule that fired and the feedback that generated it — a SIEM-exportable audit trail for ethics, risk, and conflicts owners.',
+    ],
+  ],
+  relatedPaths: ['/guides/ai-coding-agent-zero-trust', '/guides/pre-action-checks'],
+});
+
+function buildGovernClaudeForLegalGuide() {
+  return preActionGuide(GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC.slug, {
+    ...GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC.meta,
+    takeaways: GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC.takeaways,
+    sections: GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC.sections.map(([kind, heading, entries]) => buildSectionFromSpec(kind, heading, entries)),
+    faq: GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC.faq.map(([question, text]) => answer(question, text)),
+    relatedPaths: GOVERN_CLAUDE_FOR_LEGAL_GUIDE_SPEC.relatedPaths,
+  });
+}
+
 const PROXY_POINTER_RAG_GUARDRAILS_SPEC = Object.freeze({
   slug: 'proxy-pointer-rag-guardrails',
   meta: {
@@ -1589,6 +1648,7 @@ const PAGE_BLUEPRINTS = [
   },
   buildSemanticPseoGuide(),
   buildZeroTrustGuide(),
+  buildGovernClaudeForLegalGuide(),
   buildProxyPointerRagGuide(),
   buildRagPrecisionTuningGuide(),
   buildAiEngineeringStackGuide(),

package/scripts/workflow-sentinel.js

@@ -64,12 +64,12 @@ function loadJson(filePath) {
 function loadGovernanceState() {
   const raw = loadJson(GOVERNANCE_STATE_PATH);
   return {
-    taskScope: raw && raw.taskScope && typeof raw.taskScope === 'object' ? raw.taskScope : null,
-    protectedApprovals: Array.isArray(raw && raw.protectedApprovals) ? raw.protectedApprovals : [],
-    branchGovernance: raw && raw.branchGovernance && typeof raw.branchGovernance === 'object'
+    taskScope: raw?.taskScope && typeof raw.taskScope === 'object' ? raw.taskScope : null,
+    protectedApprovals: Array.isArray(raw?.protectedApprovals) ? raw.protectedApprovals : [],
+    branchGovernance: raw?.branchGovernance && typeof raw.branchGovernance === 'object'
       ? raw.branchGovernance
       : null,
-    workflowContract: raw && raw.workflowContract && typeof raw.workflowContract === 'object'
+    workflowContract: raw?.workflowContract && typeof raw.workflowContract === 'object'
       ? raw.workflowContract
       : null,
   };
@@ -391,9 +391,18 @@ function commandMatchesPattern(command, pattern) {
   }
 }
 
+const COMPLETION_ACTION_PATTERNS = [
+  /\bgit\s+(?:commit|push)\b/i,
+  /\bgh\s+pr\s+(?:create|merge)\b/i,
+  /\bgh\s+release\s+create\b/i,
+  /\bnpm\s+publish\b/i,
+  /\byarn\s+publish\b/i,
+  /\bpnpm\s+publish\b/i,
+];
+
 function isCompletionLikeAction(command) {
-  return /\b(?:git\s+(?:commit|push)|gh\s+pr\s+(?:create|merge)|gh\s+release\s+create|npm\s+publish|yarn\s+publish|pnpm\s+publish)\b/i
-    .test(String(command || ''));
+  const text = String(command || '');
+  return COMPLETION_ACTION_PATTERNS.some((pattern) => pattern.test(text));
 }
 
 function collectEvidenceLabels(toolInput = {}, options = {}) {
@@ -466,11 +475,17 @@ function evaluateWorkflowContract(contractInput, context = {}) {
   }
 
   const hasBlock = violations.some((violation) => violation.severity === 'block');
+  let mode = 'allow';
+  if (hasBlock) {
+    mode = 'block';
+  } else if (violations.length > 0) {
+    mode = 'warn';
+  }
   return {
     active: true,
     contract,
     violations,
-    mode: hasBlock ? 'block' : violations.length > 0 ? 'warn' : 'allow',
+    mode,
   };
 }
 
@@ -704,18 +719,18 @@ function scoreRisk({
       );
     }
   }
-  if (workflowContract && workflowContract.active && workflowContract.violations.length > 0) {
+  if (workflowContract?.active && workflowContract.violations.length > 0) {
     for (const violation of workflowContract.violations) {
       addDriver(
         drivers,
         `workflow_contract_${violation.code}`,
         violation.severity === 'block' ? 0.38 : 0.18,
         violation.message,
-        { workflowId: workflowContract.contract && workflowContract.contract.workflowId }
+        { workflowId: workflowContract.contract?.workflowId }
       );
     }
   }
-  if (memoryGuard && memoryGuard.mode && memoryGuard.mode !== 'allow') {
+  if (memoryGuard?.mode && memoryGuard.mode !== 'allow') {
     addDriver(
       drivers,
       'memory_recurrence',
@@ -724,7 +739,7 @@ function scoreRisk({
       { mode: memoryGuard.mode }
     );
   }
-  if (learnedPolicy && learnedPolicy.enabled && learnedPolicy.prediction) {
+  if (learnedPolicy?.enabled && learnedPolicy.prediction) {
     const confidence = learnedPolicy.prediction.confidence || 0;
     const label = learnedPolicy.prediction.label;
     if (label === 'deny' && confidence >= 0.6) {
@@ -809,19 +824,17 @@ function buildEvidence({
       evidence.push(`Workflow control ${workflowControl.mode}: ${workflowControl.reasons.join(' ')}`);
     }
   }
-  if (workflowContract && workflowContract.active) {
-    const workflowId = workflowContract.contract && workflowContract.contract.workflowId
-      ? workflowContract.contract.workflowId
-      : 'unnamed';
+  if (workflowContract?.active) {
+    const workflowId = workflowContract.contract?.workflowId || 'unnamed';
     evidence.push(`Workflow contract active: ${workflowId}.`);
     for (const violation of workflowContract.violations.slice(0, 3)) {
       evidence.push(`Workflow contract ${violation.severity}: ${violation.message}`);
     }
   }
-  if (actionProfile && actionProfile.backgroundAgent) {
+  if (actionProfile?.backgroundAgent) {
     evidence.push('Background or scheduled agent context detected for this action.');
   }
-  if (actionProfile && actionProfile.economicAction) {
+  if (actionProfile?.economicAction) {
     evidence.push('Economic action keywords detected (billing, refunds, payouts, invoices, or subscriptions).');
   }
   if (actionProfile && actionProfile.customerSystemAction) {
@@ -1031,7 +1044,7 @@ function buildRemediations({
       'Isolated execution limits host damage when a high-risk local action goes wrong.'
     );
   }
-  if (costControl && costControl.mode && costControl.mode !== 'allow') {
+  if (costControl?.mode && costControl.mode !== 'allow') {
     push(
       'reduce_model_budget',
       'Reduce model budget before execution',
@@ -1039,7 +1052,7 @@ function buildRemediations({
       'High token or cost estimates should be reviewed before the model/tool loop continues.'
     );
   }
-  if (workflowContract && workflowContract.active && workflowContract.violations.length > 0) {
+  if (workflowContract?.active && workflowContract.violations.length > 0) {
     const codes = new Set(workflowContract.violations.map((violation) => violation.code));
     if (codes.has('missing_required_evidence')) {
       push(
@@ -1241,13 +1254,13 @@ function buildDecisionControl({
     protectedSurface,
     actionProfile,
   });
-  const hasOperationalBlockers = Boolean(integrity && Array.isArray(integrity.blockers) && integrity.blockers.length > 0);
-  const hasCostWarning = Boolean(costControl && costControl.mode === 'warn');
-  const hasCostBlock = Boolean(costControl && costControl.mode === 'block');
-  const hasWorkflowWarning = Boolean(workflowControl && workflowControl.mode === 'warn');
-  const hasWorkflowBlock = Boolean(workflowControl && workflowControl.mode === 'block');
-  const hasContractWarning = Boolean(workflowContract && workflowContract.mode === 'warn');
-  const hasContractBlock = Boolean(workflowContract && workflowContract.mode === 'block');
+  const hasOperationalBlockers = Boolean(integrity?.blockers?.length);
+  const hasCostWarning = costControl?.mode === 'warn';
+  const hasCostBlock = costControl?.mode === 'block';
+  const hasWorkflowWarning = workflowControl?.mode === 'warn';
+  const hasWorkflowBlock = workflowControl?.mode === 'block';
+  const hasContractWarning = workflowContract?.mode === 'warn';
+  const hasContractBlock = workflowContract?.mode === 'block';
   const requiresCheckpoint = decision === 'warn'
     || (decision === 'allow' && (reversibility !== 'two_way_door' || hasOperationalBlockers || hasCostWarning || hasWorkflowWarning || hasContractWarning));
   const executionMode = decision === 'deny'
@@ -1291,49 +1304,51 @@ function buildDecisionControl({
   };
 }
 
-function chooseDecision({ riskScore, integrity, memoryGuard, learnedPolicy, blastRadius, command, costControl, workflowControl, workflowContract, actionProfile }) {
-  const hasOperationalBlockers = Boolean(integrity && Array.isArray(integrity.blockers) && integrity.blockers.length > 0);
-  if (costControl && costControl.mode === 'block') {
-    return 'deny';
-  }
-  if (workflowControl && workflowControl.mode === 'block') {
-    return 'deny';
-  }
-  if (workflowContract && workflowContract.mode === 'block') {
-    return 'deny';
-  }
-  const destructiveBypass = /\bgit\s+push\b.*(?:--force|-f)\b/i.test(command) || /\bgh\s+pr\s+merge\b.*--admin\b/i.test(command);
-  const learnedPrediction = learnedPolicy && learnedPolicy.enabled ? learnedPolicy.prediction : null;
-  const learnedHardStop = Boolean(
-    learnedPrediction
-      && learnedPrediction.label === 'deny'
-      && learnedPrediction.confidence >= 0.7
-  );
-  const learnedWarning = Boolean(
-    learnedPrediction
-      && ['warn', 'verify', 'deny'].includes(learnedPrediction.label)
-      && learnedPrediction.confidence >= 0.3
-  );
-  const learnedRecall = Boolean(
-    learnedPrediction
-      && learnedPrediction.label === 'recall'
-      && learnedPrediction.confidence >= 0.3
+function isDestructiveBypass(command) {
+  return /\bgit\s+push\b.*(?:--force|-f)\b/i.test(command)
+    || /\bgh\s+pr\s+merge\b.*--admin\b/i.test(command);
+}
+
+function getLearnedPrediction(learnedPolicy) {
+  return learnedPolicy?.enabled ? learnedPolicy.prediction : null;
+}
+
+function learnedPredictionMatches(prediction, labels, minConfidence) {
+  return Boolean(
+    prediction
+      && labels.includes(prediction.label)
+      && prediction.confidence >= minConfidence
   );
-  const lowBlastRadius = blastRadius.fileCount <= 1
+}
+
+function isLowBlastRadius(blastRadius) {
+  return blastRadius.fileCount <= 1
     && blastRadius.surfaceCount <= 1
     && blastRadius.releaseSensitiveFiles.length === 0
     && blastRadius.unapprovedProtectedFiles === 0;
-  const lowRiskHandoff = /\bgit\s+push\b|\bgh\s+pr\s+(?:create|merge)\b/i.test(command)
+}
+
+function isLowRiskHandoff({
+  command,
+  destructiveBypass,
+  learnedHardStop,
+  blastRadius,
+  hasOperationalBlockers,
+  memoryGuard,
+  riskScore,
+}) {
+  return /\bgit\s+push\b|\bgh\s+pr\s+(?:create|merge)\b/i.test(command)
     && !destructiveBypass
     && !learnedHardStop
-    && lowBlastRadius
+    && isLowBlastRadius(blastRadius)
     && !hasOperationalBlockers
-    && memoryGuard
-    && memoryGuard.mode !== 'allow'
+    && memoryGuard?.mode !== 'allow'
     && riskScore <= 0.62;
-  const repeatedHighBlast = Boolean(
-    memoryGuard
-      && memoryGuard.mode === 'block'
+}
+
+function isRepeatedHighBlast(memoryGuard, blastRadius) {
+  return Boolean(
+    memoryGuard?.mode === 'block'
       && (
         blastRadius.severity === 'high'
         || blastRadius.severity === 'critical'
@@ -1341,25 +1356,49 @@ function chooseDecision({ riskScore, integrity, memoryGuard, learnedPolicy, blas
         || blastRadius.unapprovedProtectedFiles > 0
       )
   );
-  const economicAction = Boolean(actionProfile && actionProfile.economicAction);
-  const backgroundAgent = Boolean(actionProfile && actionProfile.backgroundAgent);
-  const customerSystemAction = Boolean(actionProfile && actionProfile.customerSystemAction);
+}
+
+function hasSoftControlWarning({ workflowContract, workflowControl, costControl, riskScore, learnedWarning, learnedRecall }) {
+  return workflowContract?.mode === 'warn'
+    || workflowControl?.mode === 'warn'
+    || costControl?.mode === 'warn'
+    || riskScore >= 0.45
+    || (learnedWarning && riskScore >= 0.3)
+    || (learnedRecall && riskScore >= 0.34);
+}
+
+function chooseDecision({ riskScore, integrity, memoryGuard, learnedPolicy, blastRadius, command, costControl, workflowControl, workflowContract, actionProfile }) {
+  if (costControl?.mode === 'block' || workflowControl?.mode === 'block' || workflowContract?.mode === 'block') {
+    return 'deny';
+  }
+
+  const hasOperationalBlockers = Boolean(integrity?.blockers?.length);
+  const destructiveBypass = isDestructiveBypass(command);
+  const learnedPrediction = getLearnedPrediction(learnedPolicy);
+  const learnedHardStop = learnedPredictionMatches(learnedPrediction, ['deny'], 0.7);
+  const learnedWarning = learnedPredictionMatches(learnedPrediction, ['warn', 'verify', 'deny'], 0.3);
+  const learnedRecall = learnedPredictionMatches(learnedPrediction, ['recall'], 0.3);
 
-  if (lowRiskHandoff) {
+  if (isLowRiskHandoff({ command, destructiveBypass, learnedHardStop, blastRadius, hasOperationalBlockers, memoryGuard, riskScore })) {
     return 'allow';
   }
+
   // Background customer-system actions checkpoint (warn), never hard-deny.
   // The checkpoint IS the mitigation — blocking outright prevents legitimate work.
-  if (backgroundAgent && customerSystemAction) {
+  if (actionProfile?.backgroundAgent && actionProfile?.customerSystemAction) {
     return 'warn';
   }
+
+  const repeatedHighBlast = isRepeatedHighBlast(memoryGuard, blastRadius);
   if (destructiveBypass || learnedHardStop || repeatedHighBlast || (hasOperationalBlockers && riskScore >= 0.72) || riskScore >= 0.86) {
     return 'deny';
   }
-  if (economicAction || (backgroundAgent && riskScore >= 0.3)) {
+
+  if (actionProfile?.economicAction || (actionProfile?.backgroundAgent && riskScore >= 0.3)) {
     return 'warn';
   }
-  if ((workflowContract && workflowContract.mode === 'warn') || (workflowControl && workflowControl.mode === 'warn') || (costControl && costControl.mode === 'warn') || riskScore >= 0.45 || (learnedWarning && riskScore >= 0.3) || (learnedRecall && riskScore >= 0.34)) {
+
+  if (hasSoftControlWarning({ workflowContract, workflowControl, costControl, riskScore, learnedWarning, learnedRecall })) {
     return 'warn';
   }
   return 'allow';
@@ -1408,6 +1447,10 @@ function evaluateWorkflowSentinel(toolName, toolInput = {}, options = {}) {
     baseBranch,
     command: normalizedToolInput.command,
     changedFiles: affectedFiles,
+    currentBranch: options.currentBranch
+      || normalizedToolInput.currentBranch
+      || normalizedToolInput.branchName
+      || normalizedToolInput.branch,
     headSha: options.headSha || toolInput.headSha,
     requirePrForReleaseSensitive: options.requirePrForReleaseSensitive === true,
     requireVersionNotBehindBase: options.requireVersionNotBehindBase === true,