thumbgate 1.27.7 → 1.27.9

package/public/learn.html

@@ -145,54 +145,42 @@
       {
         "@type": "ListItem",
         "position": 10,
-        "url": "https://thumbgate.ai/guides/hermes-agent-guardrails",
-        "name": "Hermes Agent Guardrails for Self-Improving Agents"
-      },
-      {
-        "@type": "ListItem",
-        "position": 11,
-        "url": "https://thumbgate.ai/guides/agent-context-governance",
-        "name": "Agent Context Governance for Long-Running Agents"
-      },
-      {
-        "@type": "ListItem",
-        "position": 12,
         "url": "https://thumbgate.ai/guides/roo-code-alternative-cline",
         "name": "Roo Code Alternative: Migrating to Cline with Portable Lesson Memory"
       },
       {
         "@type": "ListItem",
-        "position": 13,
+        "position": 11,
         "url": "https://thumbgate.ai/guides/browser-automation-safety",
         "name": "Browser Automation Safety for AI Agents"
       },
       {
         "@type": "ListItem",
-        "position": 14,
+        "position": 12,
         "url": "https://thumbgate.ai/guides/native-messaging-host-security",
         "name": "Native Messaging Host Security"
       },
       {
         "@type": "ListItem",
-        "position": 15,
+        "position": 13,
         "url": "https://thumbgate.ai/guides/ai-search-topical-presence",
         "name": "AI Search Topical Presence"
       },
       {
         "@type": "ListItem",
-        "position": 16,
+        "position": 14,
         "url": "https://thumbgate.ai/guides/relational-knowledge-ai-recommendations",
         "name": "Relational Knowledge in AI Recommendations"
       },
       {
         "@type": "ListItem",
-        "position": 17,
+        "position": 15,
         "url": "https://thumbgate.ai/guides/ai-deployment-readiness",
         "name": "AI Deployment Readiness Before Production Rollout"
       },
       {
         "@type": "ListItem",
-        "position": 18,
+        "position": 16,
         "url": "https://thumbgate.ai/guides/database-agent-safety",
         "name": "Database Safety for AI Agents"
       }
@@ -473,14 +461,6 @@
       <span class="article-tag">Governance</span>
     </a>
 
-    <a href="/guides/vllm-serving-guardrails" class="article-card">
-      <h3>vLLM Serving Guardrails</h3>
-      <p>Gate self-hosted inference changes before agents route production work through PagedAttention, batching, prefix-cache, or model-swap optimizations.</p>
-      <span class="article-tag">vLLM</span>
-      <span class="article-tag">LLM Serving</span>
-      <span class="article-tag">Runtime Safety</span>
-    </a>
-
     <a href="/guides/relational-knowledge-ai-recommendations" class="article-card">
       <h3>Relational Knowledge in AI Recommendations</h3>
       <p>How stored brand-to-problem associations shape AI answers, and why ThumbGate should own the pre-action-checks category in those retrieval paths.</p>
@@ -521,30 +501,6 @@
       <span class="article-tag">Enforcement</span>
     </a>
 
-    <a href="/guides/hermes-agent-guardrails" class="article-card">
-      <h3>Hermes Agent Guardrails for Self-Improving Agents</h3>
-      <p>Hermes-style agents bring persistent memory, generated skills, gateways, automations, and sandboxes. ThumbGate adds the pre-action firewall before those agents touch real systems.</p>
-      <span class="article-tag">Hermes Agent</span>
-      <span class="article-tag">Persistent Agents</span>
-      <span class="article-tag">Execution Firewall</span>
-    </a>
-
-    <a href="/guides/safe-self-evolution" class="article-card">
-      <h3>Safe Self-Evolution: Prompt Optimization without Regression</h3>
-      <p>Hermes-style autonomous agents learn by observing failures and rewriting skills. ThumbGate introduces Safe Self-Evolution: weakness mining, automated prompt optimization, verification suites, and atomic git rollbacks.</p>
-      <span class="article-tag">Self-Evolution</span>
-      <span class="article-tag">Harness Optimizer</span>
-      <span class="article-tag">Verification Gate</span>
-    </a>
-
-    <a href="/guides/agent-context-governance" class="article-card">
-      <h3>Agent Context Governance for Long-Running Agents</h3>
-      <p>AdaCoM, tokenmaxxing backlash, Managed Agents, lockdown modes, and model-provenance scares all point to one need: clean context and tool gates before agents act.</p>
-      <span class="article-tag">Context Governance</span>
-      <span class="article-tag">Tool Lockdown</span>
-      <span class="article-tag">Model Provenance</span>
-    </a>
-
     <a href="/guides/roo-code-alternative-cline" class="article-card">
       <h3>Roo Code Alternative: Migrate to Cline Without Losing Agent Memory</h3>
       <p>Use the Roo shutdown window to pitch portable lesson memory and local-first enforcement instead of making operators re-teach the same failures after they switch.</p>

package/public/pro.html

@@ -37,7 +37,7 @@ __GA_BOOTSTRAP__
 <script type="application/ld+json">
 {
   "@context": "https://schema.org",
-  "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "How is Pro different from the free install?", "acceptedAnswer": { "@type": "Answer", "text": "Free keeps local recall, checks, and MCP. Pro adds the personal dashboard, DPO export, auto-connect, and founder support." } }, { "@type": "Question", "name": "Does Pro require a cloud account?", "acceptedAnswer": { "@type": "Answer", "text": "No. Pro stays local-first; Enterprise is the hosted rollout lane for shared lessons, org visibility, and reviews." } }, { "@type": "Question", "name": "What happens after checkout?", "acceptedAnswer": { "@type": "Answer", "text": "You activate Pro, connect the local dashboard, and inspect blocked actions, lessons, and exports." } }, { "@type": "Question", "name": "When should I choose Enterprise instead of Pro?", "acceptedAnswer": { "@type": "Answer", "text": "Choose Enterprise when one correction needs to protect multiple developers or agents across shared repositories." } }]
+  "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "How is Pro different from the free install?", "acceptedAnswer": { "@type": "Answer", "text": "Free keeps local recall, checks, and MCP. Pro adds the personal dashboard, DPO export, auto-connect, and founder support." } }, { "@type": "Question", "name": "Does Pro require a cloud account?", "acceptedAnswer": { "@type": "Answer", "text": "No. Pro stays local-first; Team is the hosted rollout lane for shared lessons, org visibility, and reviews." } }, { "@type": "Question", "name": "What happens after checkout?", "acceptedAnswer": { "@type": "Answer", "text": "You activate Pro, connect the local dashboard, and inspect blocked actions, lessons, and exports." } }, { "@type": "Question", "name": "When should I choose Team instead of Pro?", "acceptedAnswer": { "@type": "Answer", "text": "Choose Team when one correction needs to protect multiple developers or agents across shared repositories." } }]
 }
 </script>
 
@@ -731,7 +731,7 @@ __GA_BOOTSTRAP__
       <h1>Buy the operator loop that proves your AI agent stopped repeating the mistake.</h1>
       <p style="font-size:13px;opacity:0.8;margin-bottom:0.5rem;">Updated: <time datetime="2026-04-20">2026-04-20</time> · by <a href="https://github.com/IgorGanapolsky" style="color:inherit;">Igor Ganapolsky</a></p>
       <p>ThumbGate Pro is for one operator who already hit a repeated AI-agent failure and now needs proof: what was blocked, why it was blocked, and what changed before the next risky run.</p>
-      <p>Start Pro when you want the local dashboard, DPO export, and a single proof lane for the repeated mistake you need to stop. Enterprise diagnostics and custom services are handled through intake, not this buyer path.</p>
+      <p>Start Pro when you want the local dashboard, DPO export, and a single proof lane for the repeated mistake you need to stop. Team diagnostics and custom services are handled through intake, not this buyer path.</p>
       <div class="hero-proof">
         <div class="proof-pill">Personal local dashboard</div>
         <div class="proof-pill">DPO export from real corrections</div>
@@ -951,15 +951,15 @@ __GA_BOOTSTRAP__
       </div>
       <div class="faq-item">
         <button class="faq-q" type="button" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)" aria-expanded="false">Does Pro require a cloud account?</button>
-        <div class="faq-a">No. Pro is still local-first for the individual operator lane. Enterprise is the hosted rollout lane for shared lessons, org visibility, and hosted review views.</div>
+        <div class="faq-a">No. Pro is still local-first for the individual operator lane. Team is the hosted rollout lane for shared lessons, org visibility, and hosted review views.</div>
       </div>
       <div class="faq-item">
         <button class="faq-q" type="button" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)" aria-expanded="false">What happens after checkout?</button>
         <div class="faq-a">You activate Pro, connect the personal local dashboard, and your running agents can appear automatically so you can inspect blocked actions, active lessons, and exportable DPO pairs without adding a separate cloud dashboard dependency.</div>
       </div>
       <div class="faq-item">
-        <button class="faq-q" type="button" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)" aria-expanded="false">When should I choose Enterprise instead of Pro?</button>
-        <div class="faq-a">Choose Enterprise when one thumbs-down should protect multiple people or agents across shared repositories, or when you need shared hosted lessons, org dashboard visibility, and a workflow hardening pilot with rollout review views.</div>
+        <button class="faq-q" type="button" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)" aria-expanded="false">When should I choose Team instead of Pro?</button>
+        <div class="faq-a">Choose Team when one thumbs-down should protect multiple people or agents across shared repositories, or when you need shared hosted lessons, org dashboard visibility, and a workflow hardening pilot with rollout review views.</div>
       </div>
     </div>
   </div>
@@ -987,7 +987,7 @@ __GA_BOOTSTRAP__
       <a href="__VERIFICATION_URL__" target="_blank" rel="noopener">Verification Evidence</a>
       <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
     </div>
-    <div class="footer-copy">ThumbGate Pro for individual operators. Enterprise stays intake-first.</div>
+    <div class="footer-copy">ThumbGate Pro for individual operators. Team stays intake-first.</div>
   </div>
 </footer>
 

package/scripts/cli-schema.js

@@ -123,6 +123,16 @@ const CLI_COMMANDS = [
       { name: 'remote', type: 'boolean', description: 'Fetch from hosted Railway instance' },
     ],
   },
+  {
+    name: 'community',
+    aliases: ['registry'],
+    description: 'Query or share verified prevention rules with the community knowledge registry',
+    group: 'discovery',
+    flags: [
+      { name: 'json',   type: 'boolean', description: 'Output as JSON' },
+      { name: 'remote', type: 'boolean', description: 'Fetch from community remote API' },
+    ],
+  },
   {
     name: 'gate-stats',
     description: 'Check engine statistics — active checks, blocks, warns, time saved',
@@ -505,12 +515,6 @@ const CLI_COMMANDS = [
     group: 'gates',
     flags: [],
   },
-  {
-    name: 'hermes-gate',
-    description: 'Hermes Agent pre_tool_call hook: gate runtime tool calls (incl. skill_manage) before they run',
-    group: 'gates',
-    flags: [],
-  },
   {
     name: 'force-gate',
     description: 'Immediately create a blocking gate from a pattern string',
@@ -656,22 +660,6 @@ const CLI_COMMANDS = [
       { name: 'json',        type: 'boolean', description: 'Output results as JSON' },
     ],
   },
-  {
-    name: 'check-update',
-    aliases: ['upgrade-check'],
-    description: 'Check for newer versions of ThumbGate from npm or GitHub',
-    group: 'ops',
-    flags: [
-      { name: 'json', type: 'boolean', description: 'Output results as JSON' },
-    ],
-  },
-  {
-    name: 'self-update',
-    aliases: ['upgrade-cli'],
-    description: 'Automatically install the latest version of ThumbGate globally',
-    group: 'ops',
-    flags: [],
-  },
 ];
 
 /**

package/scripts/dashboard-chat.js

@@ -317,8 +317,7 @@ async function answerDataQuestion(question, opts = {}) {
     if (isPerplexity) return await callPerplexityEndpoint({ apiKey, prompt, fetchImpl, sources });
     return await callGeminiEndpoint({ apiKey, model, prompt, fetchImpl, sources });
   } catch (err) {
-    const safeMessage = (err && err.message) ? String(err.message).split('\n')[0].slice(0, 100) : 'An unexpected error occurred.';
-    return { ok: false, error: 'network', message: safeMessage, sources };
+    return { ok: false, error: 'network', message: err?.message || String(err), sources };
   }
 }
 

package/scripts/document-intake.js

@@ -708,6 +708,7 @@ function buildDocumentSummary(document) {
     sourcePath: document.sourcePath || null,
     sourceName: document.sourceName || null,
     sourceFormat: document.sourceFormat,
+    sourceUrl: document.sourceUrl || null,
     importedAt: document.importedAt,
     tags: normalizeTags(document.tags),
     excerpt: document.excerpt,
@@ -768,7 +769,11 @@ function persistDocument(document, options = {}) {
   const summaries = listImportedDocuments({
     ...options,
     limit: MAX_SEARCH_SCAN,
-  }).documents.filter((entry) => entry.documentId !== document.documentId);
+  }).documents.filter((entry) => {
+    if (entry.documentId === document.documentId) return false;
+    if (document.sourceUrl && entry.sourceUrl === document.sourceUrl) return false;
+    return true;
+  });
   const nextSummaries = [
     buildDocumentSummary(document),
     ...summaries,
@@ -882,6 +887,48 @@ function importDocument(options = {}) {
     sourceFormat,
   });
   const fingerprint = sha256(`${title}\n${normalizedContent}`);
+  
+  // -- deduplication and RAG drift tracking ----------------------------------
+  const paths = getDocumentStorePaths(options);
+  let duplicate = null;
+  if (fs.existsSync(paths.catalogPath)) {
+    try {
+      const catalog = readJsonl(paths.catalogPath);
+      const urlMatch = options.sourceUrl ? String(options.sourceUrl).trim() : null;
+      const matchedSummary = catalog.find((summary) =>
+        (urlMatch && summary.sourceUrl === urlMatch) ||
+        (summary.fingerprint === fingerprint)
+      );
+      if (matchedSummary) {
+        const fullDoc = readImportedDocument(matchedSummary.documentId, options);
+        if (fullDoc) {
+          if (fullDoc.fingerprint === fingerprint) {
+            // Case A: Content is identical
+            const dedupReason = urlMatch && fullDoc.sourceUrl === urlMatch
+              ? 'url-and-content-unchanged'
+              : 'content-identical';
+            return {
+              ...fullDoc,
+              duplicate: true,
+              updated: false,
+              dedupReason,
+            };
+          } else {
+            // Case B: URL matches but content changed (RAG Drift!)
+            duplicate = {
+              previousDocumentId: fullDoc.documentId,
+              previousFingerprint: fullDoc.fingerprint,
+              updated: true,
+              dedupReason: 'url-content-updated',
+            };
+          }
+        }
+      }
+    } catch (err) {
+      // best-effort
+    }
+  }
+
   const importedAt = nowIso();
   const sourceName = sourcePath ? path.basename(sourcePath) : null;
   const documentId = `doc_${slugify(title || sourceName || 'document').slice(0, 24) || 'document'}_${fingerprint.slice(0, 12)}`;
@@ -901,6 +948,7 @@ function importDocument(options = {}) {
     contentBytes: Buffer.byteLength(normalizedContent, 'utf8'),
     lineCount: normalizedContent.split('\n').filter(Boolean).length,
     headings: extractHeadings(normalizedContent),
+    ...(duplicate || {}),
   };
   document.proposals = options.proposeGates === false
     ? []

package/scripts/gemini-embedding-policy.js

@@ -122,7 +122,7 @@ function resolveGeminiEmbeddingConfig(env = process.env) {
 
   return {
     enabled,
-    provider: provider === 'coreai' ? 'coreai' : (enabled ? 'gemini' : 'local'),
+    provider: enabled ? 'gemini' : 'local',
     model: String(env.THUMBGATE_GEMINI_EMBED_MODEL || GEMINI_EMBEDDING_2_MODEL).trim() || GEMINI_EMBEDDING_2_MODEL,
     apiKey,
     apiBaseUrl: trimTrailingSlashes(env.THUMBGATE_GEMINI_API_BASE_URL || 'https://generativelanguage.googleapis.com/v1beta'),
@@ -171,7 +171,6 @@ function buildGeminiEmbeddingRolloutPlan(args = {}) {
     },
     rolloutSteps: [
       'Keep local embeddings as the default offline path.',
-      'For Apple Silicon developers, route local queries through Core AI (AOT compiled models) to bypass CPU overhead.',
       'Enable Gemini Embedding 2 only when a Gemini API key is present.',
       'Use task-specific query/document prefixes at index and retrieval time.',
       'Start at 768 dimensions, then benchmark 1536 only if recall misses show up.',

package/scripts/hosted-config.js

@@ -13,6 +13,7 @@ const DEFAULT_PRO_PRICE_DOLLARS = PRO_MONTHLY_PRICE_DOLLARS;
 const DEFAULT_PRO_PRICE_LABEL = PRO_PRICE_LABEL;
 const DEFAULT_SPRINT_DIAGNOSTIC_PRICE_DOLLARS = 499;
 const DEFAULT_WORKFLOW_SPRINT_PRICE_DOLLARS = 1500;
+const DEFAULT_SNAPSHOT_PRICE_DOLLARS = 97;
 const GA_MEASUREMENT_ID_PATTERN = /^G-[A-Z0-9]+$/i;
 
 function normalizeOrigin(value) {
@@ -129,6 +130,10 @@ function resolveHostedBillingConfig({ requestOrigin } = {}, env = process.env) {
   const googleSiteVerification = normalizeTrackingId(env.THUMBGATE_GOOGLE_SITE_VERIFICATION);
   const sprintDiagnosticCheckoutUrl = normalizeAbsoluteUrl(env.THUMBGATE_SPRINT_DIAGNOSTIC_CHECKOUT_URL);
   const workflowSprintCheckoutUrl = normalizeAbsoluteUrl(env.THUMBGATE_WORKFLOW_SPRINT_CHECKOUT_URL);
+  const paypalDiagnosticCheckoutUrl = normalizeAbsoluteUrl(env.THUMBGATE_PAYPAL_DIAGNOSTIC_CHECKOUT_URL);
+  const paypalWorkflowSprintCheckoutUrl = normalizeAbsoluteUrl(env.THUMBGATE_PAYPAL_WORKFLOW_SPRINT_CHECKOUT_URL);
+  const morSnapshotCheckoutUrl = normalizeAbsoluteUrl(env.THUMBGATE_MOR_SNAPSHOT_CHECKOUT_URL);
+  const morProvider = String(env.THUMBGATE_MOR_PROVIDER || '').trim();
 
   return {
     appOrigin,
@@ -142,10 +147,16 @@ function resolveHostedBillingConfig({ requestOrigin } = {}, env = process.env) {
     proPriceLabel,
     sprintDiagnosticCheckoutUrl,
     workflowSprintCheckoutUrl,
+    paypalDiagnosticCheckoutUrl,
+    paypalWorkflowSprintCheckoutUrl,
+    morSnapshotCheckoutUrl,
+    morProvider,
     sprintDiagnosticPriceDollars: normalizePriceDollars(env.THUMBGATE_SPRINT_DIAGNOSTIC_PRICE_DOLLARS)
       || DEFAULT_SPRINT_DIAGNOSTIC_PRICE_DOLLARS,
     workflowSprintPriceDollars: normalizePriceDollars(env.THUMBGATE_WORKFLOW_SPRINT_PRICE_DOLLARS)
       || DEFAULT_WORKFLOW_SPRINT_PRICE_DOLLARS,
+    snapshotPriceDollars: normalizePriceDollars(env.THUMBGATE_SNAPSHOT_PRICE_DOLLARS)
+      || DEFAULT_SNAPSHOT_PRICE_DOLLARS,
     gaMeasurementId,
     googleSiteVerification,
     posthogApiKey,
@@ -159,6 +170,7 @@ module.exports = {
   DEFAULT_PRO_PRICE_LABEL,
   DEFAULT_SPRINT_DIAGNOSTIC_PRICE_DOLLARS,
   DEFAULT_WORKFLOW_SPRINT_PRICE_DOLLARS,
+  DEFAULT_SNAPSHOT_PRICE_DOLLARS,
   GA_MEASUREMENT_ID_PATTERN,
   normalizeAbsoluteUrl,
   normalizeOrigin,

package/scripts/plausible-domain-config.js

@@ -16,9 +16,7 @@ function normalizeDomain(value) {
   try {
     return new URL(input.includes('://') ? input : `https://${input}`).hostname.toLowerCase();
   } catch {
-    const withoutProtocol = input.replace(/^https?:\/\//i, '');
-    const hostnameAndPort = withoutProtocol.split('/')[0];
-    return hostnameAndPort.toLowerCase().split(':')[0];
+    return input.replace(/^https?:\/\//i, '').replace(/\/.*$/, '').toLowerCase().split(':')[0];
   }
 }
 

package/scripts/reddit-browser-notification-watch.js

@@ -0,0 +1,230 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const { chromium } = require('playwright-core');
+
+const DEFAULT_CDP_ENDPOINT = 'http://127.0.0.1:9222';
+const DEFAULT_STATE_FILE = path.resolve(__dirname, '..', '.thumbgate', 'reddit-browser-notification-state.json');
+const DEFAULT_EVENTS_FILE = path.resolve(__dirname, '..', '.thumbgate', 'reddit-browser-notifications.jsonl');
+const REDDIT_NOTIFICATIONS_URL = 'https://www.reddit.com/notifications';
+
+function resolveRuntimeFile(envName, defaultPath) {
+  const configured = process.env[envName];
+  return configured ? path.resolve(configured) : defaultPath;
+}
+
+function loadJson(filePath, fallback) {
+  try {
+    if (fs.existsSync(filePath)) return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch {
+    // Ignore corrupt transient state; a later write will repair it.
+  }
+  return fallback;
+}
+
+function writeJson(filePath, value) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, JSON.stringify(value, null, 2));
+}
+
+function appendJsonl(filePath, rows) {
+  if (rows.length === 0) return;
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.appendFileSync(filePath, `${rows.map((row) => JSON.stringify(row)).join('\n')}\n`);
+}
+
+function fingerprintNotification(notification) {
+  return [
+    notification.author || '',
+    notification.kind || '',
+    notification.subreddit || '',
+    notification.preview || '',
+    notification.age || '',
+  ].join('|').toLowerCase();
+}
+
+function scoreNotification(notification) {
+  const text = `${notification.author || ''} ${notification.kind || ''} ${notification.preview || ''}`.toLowerCase();
+  let score = 0;
+  const reasons = [];
+
+  if (/accepted your chat invite|chat invite/i.test(text)) {
+    score += 5;
+    reasons.push('chat_accepted');
+  }
+  if (/\b(interested|try|paid|diagnostic|workflow|failure|gate|thumbgate|thubgate)\b/i.test(text)) {
+    score += 4;
+    reasons.push('buyer_signal');
+  }
+  if (/\b(replied|mentioned)\b/i.test(text)) {
+    score += 2;
+    reasons.push('reply_or_mention');
+  }
+  if (/\b(spam|slop|bot|report|ignore all previous instructions)\b/i.test(text)) {
+    score -= 5;
+    reasons.push('hostile_or_meta');
+  }
+  if (/automoderator|mod-bot|minimum karma|removed|reviewed shortly/i.test(text)) {
+    score -= 1;
+    reasons.push('platform_moderation');
+  }
+
+  return { score, reasons };
+}
+
+function ageMinutes(age) {
+  const text = String(age || '').trim().toLowerCase();
+  if (!text || text === 'just now') return 0;
+  const match = /^(\d+)\s*([mhdw])\s+ago$/.exec(text);
+  if (!match) return Number.POSITIVE_INFINITY;
+  const value = Number(match[1]);
+  const unit = match[2];
+  if (unit === 'm') return value;
+  if (unit === 'h') return value * 60;
+  if (unit === 'd') return value * 24 * 60;
+  return value * 7 * 24 * 60;
+}
+
+function isAgeLine(line) {
+  return /^(?:just now|\d+\s*[mhdw]\s+ago)$/i.test(String(line || '').trim());
+}
+
+function isRecentNotification(notification, maxAgeMinutes = 48 * 60) {
+  return ageMinutes(notification.age) <= maxAgeMinutes;
+}
+
+function parseNotificationBlocks(bodyText) {
+  const lines = String(bodyText || '')
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean);
+  const notifications = [];
+
+  for (let index = 0; index < lines.length; index += 1) {
+    let author = lines[index];
+    let kind = lines[index + 1] || '';
+    let kindIndex = index + 1;
+    if (isAgeLine(author)) continue;
+
+    if (/\b(replied to|mentioned you|new mentions)\b/i.test(author)) {
+      kind = author;
+      kindIndex = index;
+      const authorMatch = /^u\/([^\s]+)/i.exec(kind);
+      author = authorMatch ? authorMatch[1] : author;
+    }
+
+    if (!kind || !/\b(accepted your chat invite|replied to|mentioned you|new mentions)\b/i.test(kind)) continue;
+
+    const hasPreview = !/accepted your chat invite|new mentions/i.test(kind);
+    const preview = hasPreview ? (lines[kindIndex + 1] || '') : '';
+    const age = hasPreview ? (lines[kindIndex + 2] || '') : (lines[kindIndex + 1] || '');
+    const subredditMatch = /\bin\s+r\/([A-Za-z0-9_]+)/.exec(kind);
+    const notification = {
+      author,
+      kind,
+      subreddit: subredditMatch ? subredditMatch[1] : null,
+      preview,
+      age,
+    };
+    const scored = scoreNotification(notification);
+    notifications.push({
+      ...notification,
+      ...scored,
+      ageMinutes: ageMinutes(notification.age),
+      fingerprint: fingerprintNotification(notification),
+    });
+  }
+
+  return notifications;
+}
+
+async function readRedditNotifications({
+  cdpEndpoint = process.env.THUMBGATE_CHROME_CDP_ENDPOINT || DEFAULT_CDP_ENDPOINT,
+  timeoutMs = Number(process.env.THUMBGATE_REDDIT_BROWSER_TIMEOUT_MS || 15000),
+} = {}) {
+  const browser = await chromium.connectOverCDP(cdpEndpoint);
+  const context = browser.contexts()[0] || await browser.newContext();
+  const page = await context.newPage();
+  try {
+    await page.goto(REDDIT_NOTIFICATIONS_URL, { waitUntil: 'domcontentloaded', timeout: timeoutMs });
+    await page.waitForTimeout(3000);
+    const bodyText = await page.locator('body').innerText({ timeout: timeoutMs });
+    return parseNotificationBlocks(bodyText);
+  } finally {
+    await page.close().catch(() => {});
+    await browser.close().catch(() => {});
+  }
+}
+
+async function run({ dryRun = false, now = new Date().toISOString() } = {}) {
+  const stateFile = resolveRuntimeFile('THUMBGATE_REDDIT_BROWSER_STATE_FILE', DEFAULT_STATE_FILE);
+  const eventsFile = resolveRuntimeFile('THUMBGATE_REDDIT_BROWSER_EVENTS_FILE', DEFAULT_EVENTS_FILE);
+  const state = loadJson(stateFile, { seen: {} });
+  const notifications = await readRedditNotifications();
+  const fresh = notifications.filter((notification) => !state.seen[notification.fingerprint]);
+  const actionable = fresh.filter((notification) => notification.score > 0 && isRecentNotification(notification));
+  const rows = actionable.map((notification) => ({
+    checkedAt: now,
+    platform: 'reddit',
+    source: 'browser_notifications',
+    status: 'pending_review',
+    ...notification,
+  }));
+
+  for (const notification of fresh) {
+    state.seen[notification.fingerprint] = { seenAt: now, score: notification.score };
+  }
+  state.lastCheck = now;
+
+  if (!dryRun) {
+    writeJson(stateFile, state);
+    appendJsonl(eventsFile, rows);
+  }
+
+  return {
+    notifications: notifications.length,
+    fresh: fresh.length,
+    actionable: actionable.length,
+    eventsFile,
+    actionableItems: actionable,
+    dryRun,
+  };
+}
+
+function parseArgs(argv = process.argv.slice(2)) {
+  return {
+    dryRun: argv.includes('--dry-run'),
+    json: argv.includes('--json'),
+  };
+}
+
+if (require.main === module) {
+  const args = parseArgs();
+  run({ dryRun: args.dryRun })
+    .then((result) => {
+      if (args.json) {
+        console.log(JSON.stringify(result, null, 2));
+      } else {
+        console.log(`[reddit-browser-watch] notifications=${result.notifications} fresh=${result.fresh} actionable=${result.actionable} dryRun=${result.dryRun}`);
+        for (const item of result.actionableItems) {
+          console.log(`- score=${item.score} author=${item.author} kind=${item.kind} preview=${item.preview.slice(0, 120)}`);
+        }
+      }
+    })
+    .catch((err) => {
+      console.error(`[reddit-browser-watch] ${err.message}`);
+      process.exitCode = 1;
+    });
+}
+
+module.exports = {
+  fingerprintNotification,
+  ageMinutes,
+  isRecentNotification,
+  parseNotificationBlocks,
+  readRedditNotifications,
+  run,
+  scoreNotification,
+};