thumbgate 1.27.7 → 1.27.9

package/adapters/policy-engine/ethicore-guardian-client.js

@@ -1,68 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-const DEFAULT_ENDPOINT = 'https://api.oraclestechnologies.com/v1/guardian/analyze';
-
-function requireApiKey(env = process.env) {
-  const key = env.ETHICORE_API_KEY || env.GUARDIAN_API_KEY || env.ORACLES_GUARDIAN_API_KEY;
-  if (!key) {
-    throw new Error('ETHICORE_API_KEY env var is required');
-  }
-  return key;
-}
-
-async function analyzeText(text, options = {}) {
-  if (!String(text || '').trim()) {
-    throw new Error('analyzeText requires text');
-  }
-
-  const env = options.env || process.env;
-  const endpoint = options.endpoint || env.ETHICORE_GUARDIAN_ENDPOINT || DEFAULT_ENDPOINT;
-  const apiKey = options.apiKey || requireApiKey(env);
-  const fetchImpl = options.fetch || fetch;
-
-  const response = await fetchImpl(endpoint, {
-    method: 'POST',
-    headers: {
-      Authorization: `Bearer ${apiKey}`,
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({ text }),
-  });
-
-  const bodyText = await response.text();
-  let body = bodyText;
-  try {
-    body = bodyText ? JSON.parse(bodyText) : {};
-  } catch {
-    // Keep non-JSON body for diagnostics.
-  }
-
-  if (!response.ok) {
-    throw new Error(`Ethicore Guardian API ${response.status}: ${typeof body === 'string' ? body : JSON.stringify(body)}`);
-  }
-
-  return body;
-}
-
-function createEthicorePolicyCheck(options = {}) {
-  return async function ethicorePolicyCheck(action = {}) {
-    const toolText = [
-      action.toolName,
-      action.actionType,
-      action.command,
-      action.path,
-      action.url,
-      action.input ? JSON.stringify(action.input) : '',
-    ].filter(Boolean).join('\n');
-
-    return analyzeText(toolText || JSON.stringify(action), options);
-  };
-}
-
-module.exports = {
-  DEFAULT_ENDPOINT,
-  analyzeText,
-  createEthicorePolicyCheck,
-  requireApiKey,
-};

package/adapters/policy-engine/thumbgate-policy-engine-adapter.js

@@ -1,260 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-const { normalizeProviderAction } = require('../../scripts/provider-action-normalizer');
-
-const BLOCK_DECISIONS = new Set([
-  'block',
-  'blocked',
-  'deny',
-  'denied',
-  'disallow',
-  'disallowed',
-  'fail',
-  'failed',
-  'forbid',
-  'forbidden',
-  'reject',
-  'rejected',
-  'unsafe',
-  'violation',
-]);
-
-const REVIEW_DECISIONS = new Set([
-  'approval',
-  'approval-required',
-  'approval_required',
-  'approve',
-  'human-review',
-  'human_review',
-  'manual-review',
-  'manual_review',
-  'review',
-  'requires-approval',
-  'requires_approval',
-  'requires-review',
-  'requires_review',
-]);
-
-const ALLOW_DECISIONS = new Set([
-  'accept',
-  'accepted',
-  'allow',
-  'allowed',
-  'ok',
-  'pass',
-  'passed',
-  'permit',
-  'permitted',
-  'safe',
-]);
-
-function asObject(value) {
-  return value && typeof value === 'object' && !Array.isArray(value) ? value : {};
-}
-
-function asArray(value) {
-  return Array.isArray(value) ? value : [];
-}
-
-function firstString(...values) {
-  for (const value of values) {
-    const text = String(value || '').trim();
-    if (text) return text;
-  }
-  return '';
-}
-
-function normalizeDecisionToken(value) {
-  return String(value || '')
-    .trim()
-    .toLowerCase()
-    .replace(/\s+/g, '-');
-}
-
-function normalizeEvidence(value) {
-  const direct = asArray(value.evidence);
-  const citations = asArray(value.citations);
-  const violations = asArray(value.violations);
-  const reasons = asArray(value.reasons);
-  const reasoning = asArray(value.reasoning);
-  const threatTypes = asArray(value.threat_types || value.threatTypes)
-    .map((threatType) => ({
-      code: String(threatType || '').trim(),
-      message: `Threat type: ${String(threatType || '').trim()}`,
-      source: 'guardian',
-      severity: firstString(value.threat_level, value.threatLevel),
-    }));
-  return [...direct, ...citations, ...violations, ...reasons, ...reasoning, ...threatTypes]
-    .map((entry) => {
-      if (typeof entry === 'string') return { text: entry };
-      const object = asObject(entry);
-      if (!Object.keys(object).length) return null;
-      return {
-        id: firstString(object.id, object.ruleId, object.rule_id, object.code),
-        text: firstString(object.text, object.reason, object.message, object.description, object.title),
-        source: firstString(object.source, object.provider, object.policy),
-        severity: firstString(object.severity, object.level),
-        raw: object,
-      };
-    })
-    .filter(Boolean);
-}
-
-function extractPolicyDecision(input = {}) {
-  const event = asObject(input);
-  for (const candidate of [
-    event.policyDecision,
-    event.policy_decision,
-    event.guardrailResult,
-    event.guardrail_result,
-    event.result,
-  ]) {
-    const object = asObject(candidate);
-    if (Object.keys(object).length) return object;
-  }
-  return event;
-}
-
-function classifyPolicyDecision(input = {}) {
-  const value = extractPolicyDecision(input);
-  const token = normalizeDecisionToken(firstString(
-    value.decision,
-    value.action,
-    value.status,
-    value.result,
-    value.verdict,
-    value.outcome,
-    value.effect,
-    value.recommended_action,
-    value.recommendedAction,
-  ));
-
-  if (
-    value.allowed === false
-    || value.is_safe === false
-    || value.isSafe === false
-    || value.accepted === false
-    || value.blocked === true
-    || value.denied === true
-    || BLOCK_DECISIONS.has(token)
-  ) {
-    return 'block';
-  }
-  if (
-    value.requiresApproval === true
-    || value.requires_approval === true
-    || value.reviewRequired === true
-    || value.review_required === true
-    || REVIEW_DECISIONS.has(token)
-  ) {
-    return 'approval_required';
-  }
-  if (
-    value.allowed === true
-    || value.is_safe === true
-    || value.isSafe === true
-    || value.accepted === true
-    || ALLOW_DECISIONS.has(token)
-  ) {
-    return 'allow';
-  }
-  return 'unknown';
-}
-
-function normalizePolicyDecision(input = {}, options = {}) {
-  const value = extractPolicyDecision(input);
-  const decision = classifyPolicyDecision(value);
-  const source = firstString(
-    options.source,
-    value.source,
-    value.provider,
-    value.engine,
-    value.policyEngine,
-    value.policy_engine,
-    'policy-engine'
-  );
-  const reason = firstString(
-    value.reason,
-    value.message,
-    value.explanation,
-    value.summary,
-    asArray(value.reasoning).join('; '),
-    asArray(value.reasons).join('; '),
-    decision === 'unknown' ? 'Policy engine returned an unknown decision; approval required before execution.' : ''
-  );
-
-  return {
-    allowed: decision === 'allow',
-    blocked: decision === 'block',
-    approvalRequired: decision === 'approval_required' || decision === 'unknown',
-    decision,
-    reason,
-    source,
-    confidence: Number.isFinite(Number(value.confidence)) ? Number(value.confidence) : null,
-    policyId: firstString(value.policyId, value.policy_id, value.ruleId, value.rule_id, value.id),
-    severity: firstString(value.severity, value.level, value.threat_level, value.threatLevel),
-    score: Number.isFinite(Number(value.score))
-      ? Number(value.score)
-      : (Number.isFinite(Number(value.threat_score)) ? Number(value.threat_score) : null),
-    evidence: normalizeEvidence(value),
-    raw: value,
-  };
-}
-
-function normalizePolicyAction(input = {}) {
-  const event = asObject(input);
-  return {
-    ...normalizeProviderAction({
-      ...event,
-      provider: firstString(event.provider, event.agentRuntime, event.runtime, 'policy-engine'),
-      toolName: firstString(event.toolName, event.tool_name, event.name),
-      input: asObject(event.toolInput || event.input || event.arguments || event.args),
-    }),
-    policyContext: asObject(event.policyContext || event.policy_context),
-  };
-}
-
-function createPolicyEngineGuard({
-  policyCheck,
-  executeTool,
-  gateCheck,
-  onDecision,
-  source = 'policy-engine',
-} = {}) {
-  if (typeof policyCheck !== 'function') {
-    throw new TypeError('createPolicyEngineGuard requires a policyCheck function');
-  }
-  if (typeof executeTool !== 'function') {
-    throw new TypeError('createPolicyEngineGuard requires an executeTool function');
-  }
-
-  return async function guardedPolicyTool(input = {}) {
-    const normalizedAction = normalizePolicyAction(input);
-    const policyDecision = normalizePolicyDecision(await policyCheck(normalizedAction), { source });
-    const gateDecision = typeof gateCheck === 'function'
-      ? normalizePolicyDecision(await gateCheck({ normalizedAction, policyDecision }), { source: 'thumbgate' })
-      : null;
-    const effectiveDecision = gateDecision && !gateDecision.allowed ? gateDecision : policyDecision;
-
-    if (typeof onDecision === 'function') {
-      await onDecision({ normalizedAction, policyDecision, gateDecision, effectiveDecision });
-    }
-
-    if (!effectiveDecision.allowed) {
-      const error = new Error(effectiveDecision.reason || 'ThumbGate blocked this action before execution.');
-      error.code = effectiveDecision.approvalRequired ? 'THUMBGATE_APPROVAL_REQUIRED' : 'THUMBGATE_BLOCKED';
-      error.thumbgate = { normalizedAction, policyDecision, gateDecision, effectiveDecision };
-      throw error;
-    }
-
-    return executeTool(input, { normalizedAction, policyDecision, gateDecision, effectiveDecision });
-  };
-}
-
-module.exports = {
-  createPolicyEngineGuard,
-  extractPolicyDecision,
-  normalizePolicyAction,
-  normalizePolicyDecision,
-};

package/scripts/hook-stop-anti-claim.js

@@ -1,227 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-/**
- * Stop hook: anti-claim enforcement.
- *
- * Scans the assistant's most recent turn (assistant text + same-turn tool_use
- * blocks) and blocks the "deployed / live / done / fixed / ready" claim
- * unless that same turn included a proof tool call (curl / grep / test).
- *
- * Why: CLAUDE.md anti-lying directive ("Never claim fix done until
- * committed+pushed. Never claim 'ready' without running e2e.") was
- * aspirational, not enforced. Per CEO 2026-05-13 feedback after a session in
- * which 5+ unverified claims slipped through, this is the harness-level
- * enforcement that ends the recurring trust-burn pattern. ThumbGate-on-
- * ThumbGate dogfood — we are the prevention-rule generator and a perfect
- * customer for our own gate.
- *
- * Wires through .claude/settings.json Stop hooks list. Always exits 0
- * (informational): the goal is to surface a system reminder in the next
- * turn so the agent corrects mid-conversation rather than to hard-block
- * the turn that already happened.
- *
- * Stdin: Claude Code passes the hook payload as JSON on stdin. We read
- * `transcript_path` to locate the JSONL session log and scan the last
- * assistant message.
- *
- * Stdout: any text printed is shown to the agent on the next turn.
- */
-
-const fs = require('node:fs');
-
-// Lie-phrase patterns. These match common "claim of completion" wording
-// the agent emits without verification. Word-boundary anchored to avoid
-// false positives ("ready-made", "live-streaming", etc).
-const CLAIM_PATTERNS = [
-  /\bis\s+live\b/i,
-  /\bnow\s+live\b/i,
-  /\bgoing\s+live\b/i,
-  /\bdeployed\b(?!\s*(yet|to\s+staging|on\s+a\s+branch))/i,
-  /\b(?:is|are|it'?s)\s+(?:now\s+)?(?:fully\s+)?(?:fixed|resolved|merged|shipped)\b/i,
-  /\bproduction[-\s]ready\b/i,
-  /\beverything\s+(?:is\s+)?(?:done|working|ready)\b/i,
-  /\b(?:github|repo|repository)\s+(?:about|metadata|description|topics?)\b.*\b(?:updated|verified|fixed|match(?:es|ed)?)\b/i,
-  /\b(?:about|metadata|description|topics?)\b.*\b(?:updated|verified|fixed|match(?:es|ed)?)\b.*\b(?:github|repo|repository)\b/i,
-  /\b(?:money|payment|charge|checkout|revenue|price|pricing|invoice|billing|tax|sales tax|inventory|stock|permission|access|customer[-\s]facing)\b.*\b(?:correct|accurate|verified|valid|matches|working|fixed|resolved|calculated|configured)\b/i,
-  /\b(?:correct|accurate|verified|valid|matches|working|fixed|resolved|calculated|configured)\b.*\b(?:money|payment|charge|checkout|revenue|price|pricing|invoice|billing|tax|sales tax|inventory|stock|permission|access|customer[-\s]facing)\b/i,
-  // Added 2026-06-11 after a cross-project failure analysis: these completion
-  // claims ("all green / stable / verified / race over / tests pass") were
-  // asserted without proof and slipped past the original set. The proof-gate
-  // below suppresses them whenever the SAME turn ran a verification tool, so a
-  // "verified" claim backed by a test/curl/Read stays silent.
-  /\ball\s+(?:the\s+)?(?:tests?\s+|checks?\s+)?(?:are\s+)?green\b/i,
-  /\b(?:all\s+)?(?:tests?|checks?|ci)\s+(?:are\s+)?(?:now\s+)?passing\b/i,
-  /\ball\s+(?:tests?|checks?)\s+pass(?:ed)?\b/i,
-  /\bverified\b/i,
-  /\bconfirmed\b/i,
-  /\b(?:is|are|it'?s|now)\s+stable\b/i,
-  /\ball\s+clear\b/i,
-  /\bgood\s+to\s+go\b/i,
-  /\brace\s+(?:is\s+)?over\b/i,
-  /\bno\s+longer\s+racing\b/i,
-];
-
-// Proof-of-verification patterns. If the SAME turn included one of these
-// tool calls or shell command tokens, the claim is considered backed and
-// the hook stays silent.
-const PROOF_PATTERNS = [
-  /\bcurl\b/,
-  /\bgh\s+pr\s+(?:view|checks|status)\b/,
-  /\bgh\s+run\s+view\b/,
-  /\bgh\s+api\b/,
-  /\bnode\s+--test\b/,
-  /\bnpm\s+(?:run\s+)?test\b/,
-  /\bnpm\s+pack\b/,
-  /\bjest\b/,
-  /\bmocha\b/,
-  /\bpytest\b/,
-  /\bplaywright\b/,
-  /\bgrep\b/,
-  /\bstripe\b/,
-  /\bplaid\b/,
-  /\bshopify\b/,
-  /\bsquare\b/,
-  /\bquickbooks\b/,
-  /Read\s*\(/, // Claude Code Read tool call
-  /Bash\s*\(/, // Claude Code Bash tool call
-];
-
-function readLastAssistantTurn(transcriptPath) {
-  if (!transcriptPath || !fs.existsSync(transcriptPath)) return null;
-  let content;
-  try {
-    content = fs.readFileSync(transcriptPath, 'utf8');
-  } catch {
-    return null;
-  }
-  const lines = content.trim().split('\n');
-  // Walk backwards to find the last assistant message
-  for (let i = lines.length - 1; i >= 0; i--) {
-    const raw = lines[i].trim();
-    if (!raw) continue;
-    let entry;
-    try {
-      entry = JSON.parse(raw);
-    } catch {
-      continue;
-    }
-    if (entry.type === 'assistant' && entry.message) {
-      return entry.message;
-    }
-  }
-  return null;
-}
-
-function extractText(message) {
-  if (!message || !Array.isArray(message.content)) return '';
-  return message.content
-    .filter((b) => b && typeof b.text === 'string')
-    .map((b) => b.text)
-    .join('\n');
-}
-
-function extractToolUseSummary(message) {
-  if (!message || !Array.isArray(message.content)) return '';
-  return message.content
-    .filter((b) => b?.type === 'tool_use')
-    .map((b) => {
-      const name = b.name || 'tool';
-      let summary = '';
-      if (b.input && typeof b.input === 'object') {
-        if (typeof b.input.command === 'string') summary = b.input.command;
-        else if (typeof b.input.file_path === 'string') summary = b.input.file_path;
-        else if (typeof b.input.query === 'string') summary = b.input.query;
-        else summary = JSON.stringify(b.input).slice(0, 200);
-      }
-      return `${name}: ${summary}`;
-    })
-    .join('\n');
-}
-
-function findClaim(text) {
-  for (const p of CLAIM_PATTERNS) {
-    const m = text.match(p);
-    if (m) return m[0];
-  }
-  return null;
-}
-
-function hasProof(combined) {
-  return PROOF_PATTERNS.some((p) => p.test(combined));
-}
-
-function readStdinSync() {
-  try {
-    return fs.readFileSync(0, 'utf8');
-  } catch {
-    return '';
-  }
-}
-
-function main() {
-  const raw = readStdinSync();
-  let payload = {};
-  try {
-    payload = raw ? JSON.parse(raw) : {};
-  } catch {
-    payload = {};
-  }
-
-  const transcriptPath = payload.transcript_path || process.env.CLAUDE_TRANSCRIPT_PATH;
-  const message = readLastAssistantTurn(transcriptPath);
-  if (!message) return; // no transcript visible; nothing to check
-
-  const text = extractText(message);
-  const toolUseSummary = extractToolUseSummary(message);
-  const claim = findClaim(text);
-  if (!claim) return; // no completion claim made; silent
-
-  const proofText = `${text}\n${toolUseSummary}`;
-  if (hasProof(proofText)) return; // claim backed by proof in same turn
-
-  // Strict mode (THUMBGATE_STRICT_ENFORCEMENT=1): hard-block the stop. Emit a
-  // Stop-hook block decision so Claude Code does NOT end the turn — the agent
-  // must run the verification (or retract) before it can stop. Default mode
-  // stays soft (a reminder for the next turn) so we don't break existing wiring.
-  if (process.env.THUMBGATE_STRICT_ENFORCEMENT === '1') {
-    const reason = `ThumbGate anti-claim gate (strict): you claimed completion ("${claim}") without a proof tool call in the same message. Run the verification (curl / grep / test / Read) and restate with the proof, or retract — do not end the turn on an unverified claim.`;
-    process.stdout.write(JSON.stringify({ decision: 'block', reason }) + '\n');
-    return;
-  }
-
-  // Default (soft): surface a system reminder for the NEXT turn. Do not hard-block.
-  const reminder = [
-    '⚠️ ThumbGate anti-claim gate: previous turn claimed completion',
-    `   ("${claim}") without a proof tool call in the same message.`,
-    '   Per CLAUDE.md anti-lying: never claim "done / live / deployed / fixed /',
-    '   verified / all green / stable" or commercial truth (money / tax / inventory /',
-    '   permissions / customer-facing state) without curl / grep / test / source-of-truth output in the SAME turn.',
-    '   If the work really is verified, re-state the claim with the proof.',
-    '   If not, retract and run the verification before re-asserting.',
-  ].join('\n');
-  process.stdout.write(reminder + '\n');
-}
-
-// Path-resolve check instead of `require.main === module`. SonarCloud's
-// strict type inference (rule S3403) flags the === form as always-false
-// in CommonJS, and CLAUDE.md "Hard-Won Lessons" pins the path-based form
-// as the portable fix (incident 2026-04-21 / PR #1115). Resolve BOTH sides
-// so the comparison is between two normalized absolute paths.
-const path = require('node:path');
-if (path.resolve(process.argv[1] || '') === path.resolve(__filename)) {
-  try {
-    main();
-  } catch {
-    // never crash the agent
-  }
-}
-
-module.exports = {
-  CLAIM_PATTERNS,
-  PROOF_PATTERNS,
-  findClaim,
-  hasProof,
-  extractText,
-  extractToolUseSummary,
-};