thumbgate 1.3.0 → 1.4.0

package/scripts/content-engine/output/linkedin-posts-2026-04-09.md

@@ -0,0 +1,175 @@
+# LinkedIn Content: ThumbGate Gates (2026-04-09)
+
+Generated from: `config/gates/default.json`
+Gate count in config: 25
+Posts generated: 7
+
+---
+
+## Post 1: Local Only Git Writes
+
+🚨 Your AI agents are running without guardrails.
+
+Blocks git writes when local-only mode is active, preventing accidental remote pushes during development.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `local-only-git-writes`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+
+
+## Post 2: Gh Pr Create Restricted
+
+⚠️ One missing gate. One catastrophic mistake.
+
+Restricts PR creation to explicitly approved workflows, preventing unvetted code changes.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `gh-pr-create-restricted`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+
+
+## Post 3: Env File Edit
+
+🛡️ Even the best engineers miss edge cases.
+
+Warns when editing .env files—catches accidental token deletion.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `env-file-edit`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+
+
+## Post 4: Style Violation Log
+
+💥 Your deployment pipeline has a blind spot.
+
+Protects your workflow by style audit mode active. action recorded for review but allowed to proceed.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `style-violation-log`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+
+
+## Post 5: Loop Abuse Prevention
+
+🔓 Git operations—unguarded by default.
+
+Protects your workflow by high-risk command detected inside a loop. scheduled tasks must not perform egress or destructive writes without explicit approval.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `loop-abuse-prevention`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+
+
+## Post 6: Release Readiness Required
+
+🎯 Prevention beats firefighting.
+
+Ensures releases only happen from releasable mainline commits with version alignment.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `release-readiness-required`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+
+
+## Post 7: Protected Branch Push
+
+⏱️ How fast can your agent destroy a month of work?
+
+Prevents direct pushes to main/develop. All changes flow through PR review.
+
+The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
+
+The solution? **Gate `protected-branch-push`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
+
+This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
+
+🔒 Install ThumbGate today:
+```bash
+npx thumbgate@latest init
+```
+
+Then add this gate to your config and sleep better.
+
+#AIGovernance #DevTools #AgentSafety #EngineeringTeams
+
+---
+

package/scripts/content-engine/reddit-thread-finder.js

@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+/**
+ * Reddit Thread Finder for ThumbGate Engagement
+ *
+ * Add to package.json:
+ *   "content:reddit": "node scripts/content-engine/reddit-thread-finder.js"
+ *   "content:reddit:dry": "node scripts/content-engine/reddit-thread-finder.js --dry-run"
+ *   "content:reddit:limit": "node scripts/content-engine/reddit-thread-finder.js --limit 20"
+ */
+
+const https = require('https');
+const fs = require('fs');
+const path = require('path');
+
+const SUBREDDITS = [
+  'ChatGPTCoding', 'ClaudeAI', 'cursor', 'devops',
+  'SoftwareEngineering', 'ExperiencedDevs', 'MachineLearning', 'LocalLLaMA'
+];
+
+const KEYWORDS = [
+  'agent broke', 'agent deleted', 'force push', 'prevent AI from',
+  'guardrails', 'agent governance', 'coding agent mistakes'
+];
+
+const USER_AGENT = 'script:thumbgate-content:v1.0';
+const DELAY = 2000; // ms between requests
+const DEFAULT_LIMIT = 10;
+
+let dryRun = false;
+let outputLimit = DEFAULT_LIMIT;
+
+process.argv.slice(2).forEach(arg => {
+  if (arg === '--dry-run') dryRun = true;
+  if (arg.startsWith('--limit')) outputLimit = parseInt(arg.split('=')[1] || arg.split(' ')[1], 10);
+});
+
+function fetchReddit(url) {
+  return new Promise((resolve, reject) => {
+    const req = https.get(url, { headers: { 'User-Agent': USER_AGENT } }, res => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          resolve(JSON.parse(data));
+        } catch (e) {
+          reject(e);
+        }
+      });
+    });
+    req.on('error', reject);
+  });
+}
+
+async function searchSubreddit(sub, keyword) {
+  const url = `https://www.reddit.com/r/${sub}/search.json?q=${encodeURIComponent(keyword)}&sort=new&t=week&limit=5`;
+  try {
+    const data = await fetchReddit(url);
+    return (data.data?.children || []).map(post => ({
+      id: post.data.id,
+      title: post.data.title,
+      url: `https://reddit.com${post.data.permalink}`,
+      subreddit: post.data.subreddit,
+      score: post.data.score,
+      numComments: post.data.num_comments,
+      created: post.data.created_utc,
+      selftext: post.data.selftext
+    }));
+  } catch (err) {
+    console.error(`Error searching ${sub} for "${keyword}": ${err.message}`);
+    return [];
+  }
+}
+
+function scoreThread(thread) {
+  const now = Math.floor(Date.now() / 1000);
+  const ageHours = (now - thread.created) / 3600;
+  const recencyScore = Math.max(0, 1 - ageHours / 168); // 0-1 over a week
+  const upvoteScore = Math.log(Math.max(1, thread.score)) / Math.log(100);
+  const commentScore = Math.log(Math.max(1, thread.numComments)) / Math.log(100);
+
+  return (recencyScore * 0.5) + (upvoteScore * 0.3) + (commentScore * 0.2);
+}
+
+function generateReply(thread) {
+  const context = thread.selftext.substring(0, 200);
+  return `
+**ThumbGate can help prevent this.** Our pre-action gates catch agent mistakes before they happen:
+- Stop force pushes on protected branches
+- Prevent deletions of critical files
+- Verify AI actions before execution
+- Capture lessons from failures to block similar mistakes
+
+Learn more: https://thumbgate-production.up.railway.app/dashboard
+`;
+}
+
+async function main() {
+  console.log(`[${new Date().toISOString()}] Starting Reddit thread finder...`);
+
+  const threads = {};
+  let requestCount = 0;
+
+  for (const sub of SUBREDDITS) {
+    for (const keyword of KEYWORDS) {
+      if (requestCount > 0) await new Promise(r => setTimeout(r, DELAY));
+
+      console.log(`  Searching r/${sub} for "${keyword}"...`);
+      const results = await searchSubreddit(sub, keyword);
+
+      results.forEach(thread => {
+        if (!threads[thread.id]) {
+          threads[thread.id] = thread;
+        }
+      });
+      requestCount++;
+    }
+  }
+
+  const sorted = Object.values(threads)
+    .sort((a, b) => scoreThread(b) - scoreThread(a))
+    .slice(0, outputLimit);
+
+  const date = new Date().toISOString().split('T')[0];
+  const outputDir = path.join(__dirname, 'output');
+
+  if (!fs.existsSync(outputDir)) {
+    fs.mkdirSync(outputDir, { recursive: true });
+  }
+
+  let markdown = `# Reddit Threads - ${date}\n\nFound ${sorted.length} high-relevance threads.\n\n`;
+
+  sorted.forEach((thread, idx) => {
+    const score = scoreThread(thread);
+    markdown += `## ${idx + 1}. ${thread.title}\n`;
+    markdown += `**r/${thread.subreddit}** | [Link](${thread.url}) | Score: ${thread.score} | Comments: ${thread.numComments}\n`;
+    markdown += `**Relevance Score:** ${score.toFixed(2)}\n\n`;
+
+    if (!dryRun) {
+      markdown += `**Suggested Reply:**\n${generateReply(thread)}\n\n`;
+    }
+    markdown += '---\n\n';
+  });
+
+  const outputFile = path.join(outputDir, `reddit-threads-${date}.md`);
+  fs.writeFileSync(outputFile, markdown);
+
+  console.log(`\n✅ Generated ${sorted.length} threads to ${outputFile}`);
+  if (dryRun) console.log('   (--dry-run: no reply suggestions included)');
+}
+
+main().catch(err => {
+  console.error('❌ Fatal error:', err.message);
+  process.exit(1);
+});

package/scripts/context-engine.js

@@ -20,6 +20,7 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { constructContextPack } = require('./contextfs');
+const { ensureDir } = require('./fs-utils');
 
 // ---------------------------------------------------------------------------
 // Default paths
@@ -75,11 +76,6 @@ const TOOL_CONSOLIDATION = {
 // Utility: ensure directory exists
 // ---------------------------------------------------------------------------
 
-function ensureDir(dirPath) {
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-}
 
 // ---------------------------------------------------------------------------
 // Knowledge Bundle Builder
@@ -649,10 +645,29 @@ function compactContext(entries, anchors, opts) {
     return true;
   });
 
+  // Stage 6: Global token budget — drop entries (oldest first) until total chars fit
+  let finalStage = 5;
+  const totalMaxChars = typeof options.totalMaxChars === 'number' ? options.totalMaxChars : null;
+  if (totalMaxChars !== null) {
+    let budget = totalMaxChars;
+    const budgeted = [];
+    // Iterate newest-first so most recent entries are preserved
+    for (let i = working.length - 1; i >= 0; i--) {
+      const entrySize = JSON.stringify(working[i]).length;
+      if (budget - entrySize < 0) break;
+      budget -= entrySize;
+      budgeted.unshift(working[i]);
+    }
+    if (budgeted.length < working.length) {
+      working = budgeted;
+      finalStage = 6;
+    }
+  }
+
   const removedCount = initial - working.length;
   return {
     entries: [...anchorEntries, ...working],
-    stage: 5,
+    stage: finalStage,
     removedCount,
     compacted: removedCount > 0,
   };

package/scripts/contextfs.js

@@ -12,6 +12,7 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { resolveFeedbackDir } = require('./feedback-paths');
+const { ensureDir, readJsonl } = require('./fs-utils');
 const {
   retrieveHierarchicalDocuments,
   shouldUseHierarchicalRetrieval,
@@ -99,11 +100,6 @@ const PACK_TEMPLATES = {
   },
 };
 
-function ensureDir(dirPath) {
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-}
 
 function ensureContextFs() {
   Object.values(NAMESPACES).forEach((subPath) => {
@@ -140,22 +136,6 @@ function appendJsonl(filePath, payload) {
   fs.appendFileSync(filePath, `${JSON.stringify(payload)}\n`);
 }
 
-function readJsonl(filePath) {
-  if (!fs.existsSync(filePath)) return [];
-  const raw = fs.readFileSync(filePath, 'utf-8').trim();
-  if (!raw) return [];
-  return raw
-    .split('\n')
-    .map((line) => {
-      try {
-        return JSON.parse(line);
-      } catch {
-        return null;
-      }
-    })
-    .filter(Boolean);
-}
-
 function listJsonFiles(dirPath) {
   if (!fs.existsSync(dirPath)) return [];
   const files = fs.readdirSync(dirPath, { withFileTypes: true });

package/scripts/dashboard.js

@@ -21,6 +21,7 @@ const { getSettingsStatus } = require('./settings-hierarchy');
 const { summarizeWorkflowRuns } = require('./workflow-runs');
 const { searchLessons } = require('./lesson-search');
 const { getInterventionPolicySummary } = require('./intervention-policy');
+const { computeDecisionMetrics } = require('./decision-journal');
 
 const PROJECT_ROOT = path.join(__dirname, '..');
 const DEFAULT_GATES_PATH = path.join(PROJECT_ROOT, 'config', 'gates', 'default.json');
@@ -787,6 +788,7 @@ function generateDashboard(feedbackDir, options = {}) {
   const readiness = generateAgentReadinessReport({ projectRoot: PROJECT_ROOT });
   const harness = computeHarnessOverview(feedbackDir, entries);
   const interventionPolicy = getInterventionPolicySummary(feedbackDir);
+  const decisions = computeDecisionMetrics(feedbackDir);
   const settingsStatus = getSettingsStatus({ projectRoot: PROJECT_ROOT });
   settingsStatus.routingPreview = {
     dashboardTool: routeProfile({
@@ -820,6 +822,13 @@ function generateDashboard(feedbackDir, options = {}) {
     lessonEffectiveness: { rate: totalNeg > 0 ? Math.round((autoGates / totalNeg) * 10000) / 100 : 0, totalNegative: totalNeg, autoGatesCreated: autoGates },
     errorTrend: { direction: lastWeekNeg > 0 ? (negRecent.length < lastWeekNeg ? 'improving' : negRecent.length > lastWeekNeg ? 'worsening' : 'stable') : (negRecent.length > 0 ? 'new-errors' : 'clean'), thisWeek: negRecent.length, lastWeek: lastWeekNeg },
     weeklyActivity: { positive: posRecent.length, negative: negRecent.length, total: recentEntries.length },
+    decisionLoop: {
+      fastPathRate: decisions.fastPathRate,
+      overrideRate: decisions.overrideRate,
+      rollbackRate: decisions.rollbackRate,
+      medianLatencyMs: decisions.medianLatencyMs,
+      resolvedCount: decisions.resolvedCount,
+    },
   };
 
   const team = generateOrgDashboard({
@@ -857,6 +866,7 @@ function generateDashboard(feedbackDir, options = {}) {
     instrumentation,
     readiness,
     interventionPolicy,
+    decisions,
     settingsStatus,
     team,
     templateLibrary,
@@ -886,6 +896,7 @@ function printDashboard(data) {
     instrumentation,
     readiness,
     interventionPolicy,
+    decisions,
     settingsStatus,
     team,
     templateLibrary,
@@ -945,6 +956,14 @@ function printDashboard(data) {
     console.log(`  Top Deny Signal  : ${interventionPolicy.topTokens.deny[0].token}`);
   }
 
+  console.log('');
+  console.log('🧭 Decision Loop');
+  console.log(`  Evaluations      : ${decisions.evaluationCount}`);
+  console.log(`  Fast Path        : ${Math.round((decisions.fastPathRate || 0) * 100)}%`);
+  console.log(`  Override Rate    : ${Math.round((decisions.overrideRate || 0) * 100)}%`);
+  console.log(`  Rollback Rate    : ${Math.round((decisions.rollbackRate || 0) * 100)}%`);
+  console.log(`  Median Latency   : ${Math.round((decisions.medianLatencyMs || 0) / 1000)}s`);
+
   console.log('');
   console.log('🎯 North Star');
   console.log(`  Weekly Proof Runs: ${analytics.northStar.weeklyActiveProofBackedWorkflowRuns}`);
@@ -1120,6 +1139,7 @@ module.exports = {
   generateDashboard,
   printDashboard,
   computeApprovalStats,
+  computeDecisionMetrics,
   computeGateStats,
   computePreventionImpact,
   computeSessionTrend,