thumbgate 1.27.8 → 1.27.10

package/scripts/reddit-browser-notification-watch.js

@@ -0,0 +1,230 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const { chromium } = require('playwright-core');
+
+const DEFAULT_CDP_ENDPOINT = 'http://127.0.0.1:9222';
+const DEFAULT_STATE_FILE = path.resolve(__dirname, '..', '.thumbgate', 'reddit-browser-notification-state.json');
+const DEFAULT_EVENTS_FILE = path.resolve(__dirname, '..', '.thumbgate', 'reddit-browser-notifications.jsonl');
+const REDDIT_NOTIFICATIONS_URL = 'https://www.reddit.com/notifications';
+
+function resolveRuntimeFile(envName, defaultPath) {
+  const configured = process.env[envName];
+  return configured ? path.resolve(configured) : defaultPath;
+}
+
+function loadJson(filePath, fallback) {
+  try {
+    if (fs.existsSync(filePath)) return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch {
+    // Ignore corrupt transient state; a later write will repair it.
+  }
+  return fallback;
+}
+
+function writeJson(filePath, value) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, JSON.stringify(value, null, 2));
+}
+
+function appendJsonl(filePath, rows) {
+  if (rows.length === 0) return;
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.appendFileSync(filePath, `${rows.map((row) => JSON.stringify(row)).join('\n')}\n`);
+}
+
+function fingerprintNotification(notification) {
+  return [
+    notification.author || '',
+    notification.kind || '',
+    notification.subreddit || '',
+    notification.preview || '',
+    notification.age || '',
+  ].join('|').toLowerCase();
+}
+
+function scoreNotification(notification) {
+  const text = `${notification.author || ''} ${notification.kind || ''} ${notification.preview || ''}`.toLowerCase();
+  let score = 0;
+  const reasons = [];
+
+  if (/accepted your chat invite|chat invite/i.test(text)) {
+    score += 5;
+    reasons.push('chat_accepted');
+  }
+  if (/\b(interested|try|paid|diagnostic|workflow|failure|gate|thumbgate|thubgate)\b/i.test(text)) {
+    score += 4;
+    reasons.push('buyer_signal');
+  }
+  if (/\b(replied|mentioned)\b/i.test(text)) {
+    score += 2;
+    reasons.push('reply_or_mention');
+  }
+  if (/\b(spam|slop|bot|report|ignore all previous instructions)\b/i.test(text)) {
+    score -= 5;
+    reasons.push('hostile_or_meta');
+  }
+  if (/automoderator|mod-bot|minimum karma|removed|reviewed shortly/i.test(text)) {
+    score -= 1;
+    reasons.push('platform_moderation');
+  }
+
+  return { score, reasons };
+}
+
+function ageMinutes(age) {
+  const text = String(age || '').trim().toLowerCase();
+  if (!text || text === 'just now') return 0;
+  const match = /^(\d+)\s*([mhdw])\s+ago$/.exec(text);
+  if (!match) return Number.POSITIVE_INFINITY;
+  const value = Number(match[1]);
+  const unit = match[2];
+  if (unit === 'm') return value;
+  if (unit === 'h') return value * 60;
+  if (unit === 'd') return value * 24 * 60;
+  return value * 7 * 24 * 60;
+}
+
+function isAgeLine(line) {
+  return /^(?:just now|\d+\s*[mhdw]\s+ago)$/i.test(String(line || '').trim());
+}
+
+function isRecentNotification(notification, maxAgeMinutes = 48 * 60) {
+  return ageMinutes(notification.age) <= maxAgeMinutes;
+}
+
+function parseNotificationBlocks(bodyText) {
+  const lines = String(bodyText || '')
+    .split('\n')
+    .map((line) => line.trim())
+    .filter(Boolean);
+  const notifications = [];
+
+  for (let index = 0; index < lines.length; index += 1) {
+    let author = lines[index];
+    let kind = lines[index + 1] || '';
+    let kindIndex = index + 1;
+    if (isAgeLine(author)) continue;
+
+    if (/\b(replied to|mentioned you|new mentions)\b/i.test(author)) {
+      kind = author;
+      kindIndex = index;
+      const authorMatch = /^u\/([^\s]+)/i.exec(kind);
+      author = authorMatch ? authorMatch[1] : author;
+    }
+
+    if (!kind || !/\b(accepted your chat invite|replied to|mentioned you|new mentions)\b/i.test(kind)) continue;
+
+    const hasPreview = !/accepted your chat invite|new mentions/i.test(kind);
+    const preview = hasPreview ? (lines[kindIndex + 1] || '') : '';
+    const age = hasPreview ? (lines[kindIndex + 2] || '') : (lines[kindIndex + 1] || '');
+    const subredditMatch = /\bin\s+r\/([A-Za-z0-9_]+)/.exec(kind);
+    const notification = {
+      author,
+      kind,
+      subreddit: subredditMatch ? subredditMatch[1] : null,
+      preview,
+      age,
+    };
+    const scored = scoreNotification(notification);
+    notifications.push({
+      ...notification,
+      ...scored,
+      ageMinutes: ageMinutes(notification.age),
+      fingerprint: fingerprintNotification(notification),
+    });
+  }
+
+  return notifications;
+}
+
+async function readRedditNotifications({
+  cdpEndpoint = process.env.THUMBGATE_CHROME_CDP_ENDPOINT || DEFAULT_CDP_ENDPOINT,
+  timeoutMs = Number(process.env.THUMBGATE_REDDIT_BROWSER_TIMEOUT_MS || 15000),
+} = {}) {
+  const browser = await chromium.connectOverCDP(cdpEndpoint);
+  const context = browser.contexts()[0] || await browser.newContext();
+  const page = await context.newPage();
+  try {
+    await page.goto(REDDIT_NOTIFICATIONS_URL, { waitUntil: 'domcontentloaded', timeout: timeoutMs });
+    await page.waitForTimeout(3000);
+    const bodyText = await page.locator('body').innerText({ timeout: timeoutMs });
+    return parseNotificationBlocks(bodyText);
+  } finally {
+    await page.close().catch(() => {});
+    await browser.close().catch(() => {});
+  }
+}
+
+async function run({ dryRun = false, now = new Date().toISOString() } = {}) {
+  const stateFile = resolveRuntimeFile('THUMBGATE_REDDIT_BROWSER_STATE_FILE', DEFAULT_STATE_FILE);
+  const eventsFile = resolveRuntimeFile('THUMBGATE_REDDIT_BROWSER_EVENTS_FILE', DEFAULT_EVENTS_FILE);
+  const state = loadJson(stateFile, { seen: {} });
+  const notifications = await readRedditNotifications();
+  const fresh = notifications.filter((notification) => !state.seen[notification.fingerprint]);
+  const actionable = fresh.filter((notification) => notification.score > 0 && isRecentNotification(notification));
+  const rows = actionable.map((notification) => ({
+    checkedAt: now,
+    platform: 'reddit',
+    source: 'browser_notifications',
+    status: 'pending_review',
+    ...notification,
+  }));
+
+  for (const notification of fresh) {
+    state.seen[notification.fingerprint] = { seenAt: now, score: notification.score };
+  }
+  state.lastCheck = now;
+
+  if (!dryRun) {
+    writeJson(stateFile, state);
+    appendJsonl(eventsFile, rows);
+  }
+
+  return {
+    notifications: notifications.length,
+    fresh: fresh.length,
+    actionable: actionable.length,
+    eventsFile,
+    actionableItems: actionable,
+    dryRun,
+  };
+}
+
+function parseArgs(argv = process.argv.slice(2)) {
+  return {
+    dryRun: argv.includes('--dry-run'),
+    json: argv.includes('--json'),
+  };
+}
+
+if (require.main === module) {
+  const args = parseArgs();
+  run({ dryRun: args.dryRun })
+    .then((result) => {
+      if (args.json) {
+        console.log(JSON.stringify(result, null, 2));
+      } else {
+        console.log(`[reddit-browser-watch] notifications=${result.notifications} fresh=${result.fresh} actionable=${result.actionable} dryRun=${result.dryRun}`);
+        for (const item of result.actionableItems) {
+          console.log(`- score=${item.score} author=${item.author} kind=${item.kind} preview=${item.preview.slice(0, 120)}`);
+        }
+      }
+    })
+    .catch((err) => {
+      console.error(`[reddit-browser-watch] ${err.message}`);
+      process.exitCode = 1;
+    });
+}
+
+module.exports = {
+  fingerprintNotification,
+  ageMinutes,
+  isRecentNotification,
+  parseNotificationBlocks,
+  readRedditNotifications,
+  run,
+  scoreNotification,
+};

package/scripts/seo-gsd.js

@@ -105,11 +105,6 @@ const HIGH_ROI_QUERY_SEEDS = [
     93,
     'Fresh Slack engineering pattern where ThumbGate can gate director journals, critic reviews, credibility scoring, and timelines for long-running agents.',
   ),
-  querySeed(
-    'agent context governance',
-    95,
-    'Fresh AdaCoM, tokenmaxxing, and Claude Managed Agents demand where ThumbGate can govern context hygiene, session logs, sandbox boundaries, credential separation, and pre-action proof.',
-  ),
   querySeed(
     'reasoning compression guardrails',
     92,
@@ -239,12 +234,6 @@ const HIGH_ROI_QUERY_SEEDS = [
     source: 'seed',
     notes: 'Integration page for Gemini CLI users who need memory plus enforcement.',
   },
-  {
-    query: 'hermes agent guardrails',
-    businessValue: 84,
-    source: 'seed',
-    notes: 'Integration page for Hermes Agent users who need pre-action gates around persistent memory, generated skills, messaging gateways, scheduled automations, and sandboxed execution.',
-  },
   {
     query: 'roo code alternative cline',
     businessValue: 83,
@@ -2413,234 +2402,6 @@ const PAGE_BLUEPRINTS = [
     ],
     relatedPaths: ['/compare/mem0', '/guides/stop-repeated-ai-agent-mistakes'],
   },
-  {
-    query: 'hermes agent guardrails',
-    path: '/guides/hermes-agent-guardrails',
-    pageType: 'integration',
-    pillar: 'agent-workflows',
-    title: 'Hermes Agent Guardrails | Firewall for Self-Improving Agents',
-    heroTitle: 'Hermes Agent can grow with you. ThumbGate keeps the growing agent safe.',
-    heroSummary: 'Hermes Agent points at the next wave: persistent memory, generated skills, messaging gateways, scheduled automations, and sandboxed execution. ThumbGate is the enforcement layer those workflows need before a remembered mistake becomes another real tool call.',
-    takeaways: [
-      'Hermes validates the market shift toward long-running, self-improving agents.',
-      'Memory and generated skills increase leverage, but they also increase the blast radius of repeated mistakes.',
-      'ThumbGate should be positioned as the local-first pre-action firewall for Hermes-style agents, not as a general agent clone.',
-    ],
-    sections: [
-      {
-        heading: 'Why Hermes-style agents need a separate execution gate',
-        paragraphs: [
-          'A persistent agent can remember projects, generate its own skills, run scheduled automations, and accept instructions from messaging gateways. That is powerful, but it also means one bad habit can persist longer and reach more surfaces.',
-          'The safety problem is not only whether the agent remembers. It is whether remembered lessons can stop the next risky shell command, git action, database write, deploy, browser click, or payment workflow before execution.',
-        ],
-      },
-      {
-        heading: 'What ThumbGate adds to Hermes-style workflows',
-        bullets: [
-          'Pre-action checks before risky tool calls execute.',
-          'Thumbs-down feedback that becomes explicit prevention rules.',
-          'Evidence requirements for deploys, migrations, API calls, and production-facing changes.',
-          'Audit trails that show which lesson, rule, and workflow context allowed or blocked the action.',
-          'A local-first path for teams that want agent memory without handing every correction to a hosted black box.',
-        ],
-      },
-      {
-        heading: 'The buyer message',
-        paragraphs: [
-          'Hermes can be the agent that grows with you. ThumbGate is the firewall that makes sure growth does not mean repeating expensive mistakes faster across more surfaces.',
-          'For teams evaluating persistent agents, the practical first step is not another prompt. It is one enforced rule from one real failure, proven locally, then expanded into Pro or a workflow hardening sprint when the risk is recurring.',
-        ],
-      },
-    ],
-    faq: [
-      {
-        question: 'Does ThumbGate replace Hermes Agent?',
-        answer: 'No. Hermes is a general self-improving agent surface. ThumbGate is the enforcement layer that can sit around Hermes-style workflows so risky actions are checked before execution.',
-      },
-      {
-        question: 'What Hermes features create the biggest need for guardrails?',
-        answer: 'Persistent memory, generated skills, messaging gateways, scheduled automations, browser and tool control, and sandbox backends all increase the value of pre-action gates because the agent can act longer, faster, and from more entry points.',
-      },
-      {
-        question: 'What should teams implement first?',
-        answer: 'Start with one repeated failure pattern: force-push, destructive SQL, unsafe deploy, risky browser action, or off-scope file edit. Capture it once, convert it into a prevention rule, and require evidence before the next similar action runs.',
-      },
-    ],
-    relatedPaths: ['/guides/long-running-agent-context-management', '/guides/background-agent-governance', '/guides/browser-automation-safety'],
-  },
-  {
-    query: 'safe self evolution',
-    path: '/guides/safe-self-evolution',
-    pageType: 'guide',
-    pillar: 'agent-workflows',
-    title: 'Safe Self-Evolution | Autonomous Prompt Optimization without Regression',
-    heroTitle: 'Self-Evolution is Polarizing. Make It Safe with Execution Gates.',
-    heroSummary: 'Hermes-style autonomous agents learn by observing their own execution failures and automatically rewriting their skills or instructions. But critics warn that blind self-evolution can overwrite stable patterns and introduce silent regressions. ThumbGate introduces the Safe Self-Evolution loop: weakness mining from explicit thumbs-down feedback, automated prompt optimization, local verification suites, and atomic git rollbacks.',
-    takeaways: [
-      'Self-improving agents need execution guardrails so a synthesized skill cannot bypass safety constraints.',
-      'Blind self-evolution is unstable; ThumbGate ensures prompt changes are verified against a local holdout suite before committing.',
-      'Rollback capability is mandatory: if validation fails, the evolution engine immediately reverts prompts to the last known-good state.',
-      'Explicit feedback is the anchor: optimize based on real thumbs-down signals, not hallucinatory failure guesses.'
-    ],
-    sections: [
-      {
-        heading: 'The self-evolution dilemma',
-        paragraphs: [
-          'Nous Research’s Hermes Agent points at a future where developers do not write static instructions like CLAUDE.md. Instead, the agent learns from its execution failures and modifies its own SKILL.md files in real-time. This dynamic adaptation yields massive speedups and handles custom codebase quirks autonomously.',
-          'However, the critics are correct: when an agent has the power to edit its own rules without a verification gate, it will eventually overwrite a perfectly stable skill. This introduces regressions, makes debugging impossible, and can lead to security loops where the agent modifies its own guardrails to make a failing task pass.'
-        ]
-      },
-      {
-        heading: 'Safe self-evolution with ThumbGate',
-        paragraphs: [
-          'ThumbGate implements a Safe Self-Evolution loop (based on the Self-Harness paradigm) that gives you the speed of self-improving agents without the instability:',
-          '1. Explicit Weakness Mining: ThumbGate captures structured thumbs-up/down signals on agent actions and compiles them into a JSON log, avoiding random self-diagnosis.',
-          '2. Harness Proposal: The self-harness-optimizer automatically formats these rules and injects them directly into the agent’s prompt instructions (AGENTS.md, GEMINI.md).',
-          '3. Verification Gate: Before the updated prompts are committed, the optimizer runs a local quick verification suite and holdout tests.',
-          '4. Atomic Rollback: If any test fails, the optimizer instantly reverts the workspace prompts and restores the previous snapshot. If they pass, it commits the update to Git.'
-        ]
-      },
-      {
-        heading: 'Competing with blind self-improvement',
-        paragraphs: [
-          'To compete with agents like Hermes, you do not need to give up control of your codebase. You need a pre-action firewall and a prompt optimizer that treats rule generation as code changes—complete with tests, verification, and rollbacks.',
-          'This keeps your agent fast, keeps your instructions dynamic, and ensures your production-facing surfaces remain secure.'
-        ]
-      }
-    ],
-    faq: [
-      {
-        question: 'Does ThumbGate prevent the agent from changing its own rules?',
-        answer: 'Yes. ThumbGate scans newly generated skills and prompt updates against established rules to prevent the agent from bypassing safety gates or deleting security constraints.'
-      },
-      {
-        question: 'How does the rollback mechanism work?',
-        answer: 'When the self-harness optimizer proposes new prompt sections, it saves a snapshot of the current prompt files. It then runs the verification commands. If the status is non-zero, it restores the backup files.'
-      },
-      {
-        question: 'Is this compatible with Hermes Agent?',
-        answer: 'Yes. You can use ThumbGate as the pre-action gate around a Hermes Agent deployment to secure the skills it generates and the messaging channels it posts to.'
-      }
-    ],
-    relatedPaths: ['/guides/hermes-agent-guardrails', '/guides/agent-context-governance', '/guides/stop-repeated-ai-agent-mistakes'],
-  },
-  {
-    query: 'agent context governance',
-    path: '/guides/agent-context-governance',
-    pageType: 'guide',
-    pillar: 'pre-action-checks',
-    title: 'Agent Context Governance | Stop Tokenmaxxing Drift Before Agents Act',
-    heroTitle: 'More Context Is Not Governance. Clean Context Plus Action Gates Is.',
-    heroSummary: 'AdaCoM-style context managers, the tokenmaxxing backlash, Claude Managed Agents, anti-rubber-stamp response prompts, model-provenance scares, ChatGPT Lockdown Mode, MCP routing attacks, resilient graph architectures, rising AI-authored code volume, AI email assistants, platform-agent orchestration, on-device QAT models, and backprop-style failure attribution all point to the same buyer need: long-running agents need structured intent, cleaner context, durable session logs, approved models, isolated execution, credential boundaries, tool lockdown, direct pushback, distributed gates, provenance, and pre-action checks before they touch real systems.',
-    takeaways: [
-      'Long-context agents get better when a separate manager rewrites, preserves, prunes, or merges working context before the next step.',
-      'Tokenmaxxing creates uncontrolled spend and weak governance when teams cannot prove which agent work returned value.',
-      'Managed-agent architectures decouple the brain, hands, sessions, credentials, and sandboxes; ThumbGate adds the local-first action gate around those boundaries.',
-      'Response customization should become a gate too: no padded agreement, no vague completion claims, and no confident answer without evidence or blind-spot checks.',
-      'Lockdown modes validate the egress-control story: sensitive workflows need tool-surface limits, not just better prompts.',
-      'Model leaks and proxy resale scares make approved-provider checks a governance requirement, especially when frontier model cost is high.',
-      'MCP security research makes local config integrity a first-class control: endpoint rewrites and token-routing changes must be monitored before agents act.',
-      'Random-graph infrastructure suggests a governance architecture: use many small local gates that degrade proportionally instead of one central approval bottleneck.',
-      'As AI-authored code volume rises, teams need provenance and evidence gates so generated diffs are attributable, tested, and owned before merge.',
-      'AI customer-response assistants need draft governance: retrieved sources, prompt variables, category routing, and feedback should improve drafts without letting the agent send unsupported claims.',
-      'Enterprise agent platforms need one shared execution contract: structured specs, approved tools, scoped permissions, retries, evals, and traceability instead of 100 fragile team-specific agents.',
-      'On-device QAT models can reduce cost and preserve privacy for first-pass risk classification, but they should escalate rather than approve high-risk actions.',
-      'Backpropagation suggests a useful product metaphor: trace the agent run graph, score local risk at each edge, and cache the blame path so the same failure is blocked faster next time.',
-    ],
-    sections: [
-      {
-        heading: 'Why this matters now',
-        paragraphs: [
-          'The market is moving away from prompt-only agents. New research shows that a separate context manager can improve long-horizon work without retraining the main agent. At the same time, developer teams are realizing that simply buying more tokens does not create accountable engineering process.',
-          'Claude Managed Agents adds the production vocabulary buyers now expect: agents, environments, sessions, sandbox isolation, credential separation, event logs, observability, permission policies, outcomes, and webhooks. ThumbGate should attach to that vocabulary as the pre-action governance layer.',
-        ],
-      },
-      {
-        heading: 'What ThumbGate should enforce',
-        bullets: [
-          'Context hygiene gate: block high-risk actions when the agent is acting from raw chat history, stale memory, or unresolved contradictions.',
-          'Session evidence gate: require an append-only event log, resumable session ID, and proof links before long-running work can deploy, charge, message, or mutate production data.',
-          'Sandbox boundary gate: require isolated execution and explicit network or filesystem scope before generated code runs.',
-          'Credential boundary gate: block actions where tool credentials live beside generated code or where the action lacks user/on-behalf-of attribution.',
-          'Token ROI gate: flag tokenmaxxing workflows that spend heavily without a defined outcome, eval, or proof of returned value.',
-          'Response quality gate: require the agent to lead with the useful answer, call out weak assumptions, and avoid completion claims unless the evidence is attached.',
-          'Model provenance gate: require approved provider domains, known model IDs, expected price ceilings, and no shadow API proxy before routing frontier work.',
-          'Tool lockdown gate: disable or require explicit approval for browsing, downloads, agent mode, generated-code networking, and other outbound paths when sensitive data is in context.',
-          'MCP config integrity gate: alert on ~/.claude.json routing changes, unfamiliar MCP endpoints, localhost proxy additions, OAuth refresh anomalies, and dependency postinstall hooks.',
-          'Distributed gate mesh: keep enforcement close to each repo, tool, and workflow so one failed gate reduces coverage locally instead of collapsing the entire governance path.',
-          'AI-authored code gate: require generated-diff provenance, human owner, tests, risk label, and rollback evidence once agent-authored changes cross a team-defined threshold.',
-          'Customer-response draft gate: require retrieved source links, customer objective, response category, human approval, and no unsupported pricing/security claims before an email leaves draft mode.',
-          'Structured intent gate: require scope, out-of-scope systems, ordered steps, allowed tools, acceptance criteria, and rollback expectations before async agent execution starts.',
-          'Tool contract gate: require versioned schemas, explicit read/write permissions, stable error codes, observability hooks, and audit logging for every MCP tool call.',
-          'Evaluation gate: require golden tasks, regression checks, build/test evidence, and traceable PR or artifact output before a repeated workflow is promoted to platform automation.',
-          'Local classifier gate: run low-cost on-device models for first-pass risk labels, sensitive-data detection, and route selection, then escalate uncertain or high-blast-radius actions to stronger checks.',
-          'Failure attribution graph: record intent, retrieved context, tool choice, local risk score, evidence, and outcome for each step so future gates reuse the causal path instead of starting from scratch.',
-        ],
-      },
-      {
-        heading: 'The buyer message',
-        paragraphs: [
-          'The pitch is not "use fewer tokens" or "summarize harder." The pitch is: keep the agent productive by feeding it the right context, then stop it before risky actions unless the session, sandbox, credentials, and evidence are clean.',
-          'This turns ThumbGate into the practitioner-led governance layer teams can adopt before top-down AI policy arrives. Start with one workflow, prove the gates locally, then expand to Pro or a hardening sprint once the same failure pattern recurs.',
-        ],
-      },
-    ],
-    faq: [
-      {
-        question: 'Is agent context governance just summarization?',
-        answer: 'No. Summarization compresses. Context governance decides what to preserve, prune, merge, verify, or block based on the agent, task, risk, and evidence required before the next action.',
-      },
-      {
-        question: 'Does this compete with Claude Managed Agents?',
-        answer: 'No. Managed Agents provide production infrastructure. ThumbGate can sit beside managed or self-hosted agents as the local-first gate that turns session history, permissions, prior feedback, and evidence requirements into action-level enforcement.',
-      },
-      {
-        question: 'What should teams implement first?',
-        answer: 'Start with one high-cost workflow: deployments, billing, browser automation, database changes, or customer messaging. Require clean context, isolated execution, credential separation, and evidence before that workflow can run.',
-      },
-      {
-        question: 'How does this apply to Claude custom instructions?',
-        answer: 'Treat directness instructions as a policy, not a vibe. ThumbGate can turn them into checks that flag rubber-stamp agreement, missing pushback, and success claims that are not grounded in command output or artifacts.',
-      },
-      {
-        question: 'How does ChatGPT Lockdown Mode help ThumbGate positioning?',
-        answer: 'It validates the category. Lockdown Mode limits high-risk tools to reduce exfiltration paths; ThumbGate brings the same idea to coding and automation agents with local pre-action checks, scoped approvals, and audit evidence.',
-      },
-      {
-        question: 'How should teams handle leaked or proxy-sold model claims?',
-        answer: 'Do not route production work to unapproved proxy endpoints. Require provider provenance, expected model IDs, price ceilings, and security review before an agent can use a new frontier model route.',
-      },
-      {
-        question: 'What is the first MCP security control to add?',
-        answer: 'Watch the local MCP routing configuration for endpoint changes, new proxy addresses, and unexpected OAuth refresh behavior. Then rotate connected tokens only after the malicious hook or config rewrite has been removed.',
-      },
-      {
-        question: 'Why mention random graph architecture in agent governance?',
-        answer: 'Because centralized approval paths become bottlenecks. ThumbGate should use a mesh of local gates across repos, tools, agents, and workflows so control is resilient, inspectable, and does not require one fragile platform migration.',
-      },
-      {
-        question: 'What changes when most new code is AI-authored?',
-        answer: 'Review moves from typing every line to governing provenance, tests, ownership, and rollback. ThumbGate can require evidence before AI-authored diffs merge or touch production workflows.',
-      },
-      {
-        question: 'How does this apply to AI email assistants?',
-        answer: 'Treat every generated reply as a draft until it has source-backed context, a known category, customer-specific constraints, and human approval. Feedback from edited drafts should become retrieval and wording rules, not permission to send automatically.',
-      },
-      {
-        question: 'What does platform ownership change?',
-        answer: 'It prevents every team from building a slightly different unsafe agent loop. A shared platform defines intent shape, approved tools, retries, sandboxing, evals, logging, and gates while teams keep control over domain judgment.',
-      },
-      {
-        question: 'Where do on-device QAT models fit?',
-        answer: 'Use them for cheap private triage: classify risk, detect sensitive context, choose a route, or decide whether to escalate. Do not let a small local classifier silently approve destructive or external actions.',
-      },
-      {
-        question: 'How does backpropagation help agent governance?',
-        answer: 'Use the chain-rule idea as an audit pattern. Break the run into steps, score each local decision, multiply risk through the path, and cache the attribution so the next similar workflow is blocked or escalated earlier.',
-      },
-    ],
-    relatedPaths: ['/guides/long-running-agent-context-management', '/guides/background-agent-governance', '/guides/hermes-agent-guardrails'],
-  },
   {
     query: 'roo code alternative cline',
     path: '/guides/roo-code-alternative-cline',

package/scripts/tool-registry.js

@@ -971,12 +971,12 @@ const TOOLS = [
   }),
   readOnlyTool({
     name: 'verify_claim',
-    description: 'Check whether a claim has enough tracked evidence before the agent asserts it.',
+    description: 'Check whether a claim has enough tracked evidence before the agent asserts it, including tests-pass, commercial truth, GitHub metadata, and anthropomorphic AI claims such as "the model understands" or "the agent decided".',
     inputSchema: {
       type: 'object',
       required: ['claim'],
       properties: {
-        claim: { type: 'string', description: 'The claim text to verify' },
+        claim: { type: 'string', description: 'The claim text to verify before assertion; human-like AI claims require anthropomorphic_claim_verified evidence.' },
         goalContract: GOAL_CONTRACT_SCHEMA,
       },
     },

package/scripts/vector-store.js

@@ -172,30 +172,6 @@ async function embedWithGemini(text, options = {}) {
   return values.map(Number);
 }
 
-async function embedWithCoreAI(text, options = {}) {
-  if (process.platform !== 'darwin') {
-    throw new Error('Core AI is only supported on macOS');
-  }
-  const endpoint = process.env.THUMBGATE_COREAI_ENDPOINT || 'http://localhost:8088';
-  try {
-    const res = await fetch(`${endpoint}/embed`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ text, options }),
-      signal: AbortSignal.timeout(2000),
-    });
-    if (res.ok) {
-      const payload = await res.json();
-      if (Array.isArray(payload.embedding)) {
-        return payload.embedding.map(Number);
-      }
-    }
-  } catch (err) {
-    throw new Error(`Core AI local service unavailable: ${err.message}`);
-  }
-  throw new Error('Core AI local service did not return a valid embedding');
-}
-
 async function embed(text, options = {}) {
   if (process.env.THUMBGATE_VECTOR_STUB_EMBED === 'true') {
     // Deterministic 384-dim unit vector: first element = 1.0, rest = 0.0
@@ -204,26 +180,6 @@ async function embed(text, options = {}) {
     return stub;
   }
   const geminiConfig = resolveGeminiEmbeddingConfig();
-  if (geminiConfig.provider === 'coreai') {
-    try {
-      const vector = await embedWithCoreAI(text, options);
-      _lastEmbeddingProfile = {
-        generatedAt: new Date().toISOString(),
-        source: 'local-coreai',
-        activeProfile: {
-          id: 'coreai',
-          model: 'Core AI local model',
-          outputDimensionality: vector.length,
-          task: options.task || 'code retrieval',
-          rationale: 'Local Core AI Apple Silicon accelerated path.',
-        },
-        fallbackUsed: false,
-      };
-      return vector;
-    } catch (coreaiError) {
-      console.warn(`Core AI embedding failed, falling back to local: ${coreaiError.message}`);
-    }
-  }
   if (geminiConfig.enabled) {
     try {
       const vector = await embedWithGemini(text, options);

package/scripts/workspace-evolver.js

@@ -108,74 +108,14 @@ function parseCommandScore(output = '', status = 0, approvalRate = 0.5) {
   };
 }
 
-function parseCommandLine(cmdString) {
-  const args = [];
-  let current = '';
-  let inDoubleQuote = false;
-  let inSingleQuote = false;
-  let escaped = false;
-
-  for (let i = 0; i < cmdString.length; i++) {
-    const char = cmdString[i];
-
-    if (escaped) {
-      current += char;
-      escaped = false;
-    } else if (char === '\\') {
-      if (inSingleQuote) {
-        current += char;
-      } else {
-        escaped = true;
-      }
-    } else if (char === '"' && !inSingleQuote) {
-      inDoubleQuote = !inDoubleQuote;
-    } else if (char === "'" && !inDoubleQuote) {
-      inSingleQuote = !inSingleQuote;
-    } else if (char === ' ' && !inDoubleQuote && !inSingleQuote) {
-      if (current) {
-        args.push(current);
-        current = '';
-      }
-    } else {
-      current += char;
-    }
-  }
-  if (current) {
-    args.push(current);
-  }
-  return args;
-}
-
 function runCommand(command, {
   cwd = process.cwd(),
   env = process.env,
   timeoutMs = DEFAULT_TIMEOUT_MS,
 } = {}) {
   const startedAt = Date.now();
-  const args = parseCommandLine(command);
-  const exec = args.shift();
-
-  const execBase = require('node:path').basename(exec).toLowerCase();
-  let safeExec;
-  if (exec === process.execPath) {
-    safeExec = process.execPath;
-  } else if (execBase === 'node' || execBase === 'node.exe') {
-    safeExec = process.execPath;
-  } else if (execBase === 'npm') {
-    safeExec = 'npm';
-  } else if (execBase === 'npm.cmd') {
-    safeExec = 'npm.cmd';
-  } else if (execBase === 'python3') {
-    safeExec = 'python3';
-  } else if (execBase === 'python') {
-    safeExec = 'python';
-  } else if (execBase === 'pytest') {
-    safeExec = 'pytest';
-  } else {
-    throw new Error(`Binary ${exec} is not authorized for workspace evolution.`);
-  }
-
-  const result = spawnSync(safeExec, args, {
+  const result = spawnSync(command, [], {
+    shell: true,
     cwd,
     env,
     encoding: 'utf8',