thumbgate 1.4.0 → 1.4.1

package/scripts/distribution-surfaces.js

@@ -7,6 +7,8 @@ const ROOT = path.join(__dirname, '..');
 const PRODUCTHUNT_URL = 'https://www.producthunt.com/products/thumbgate';
 const CLAUDE_PLUGIN_LATEST_ASSET_NAME = 'thumbgate-claude-desktop.mcpb';
 const CLAUDE_PLUGIN_NEXT_ASSET_NAME = 'thumbgate-claude-desktop-next.mcpb';
+const CLAUDE_PLUGIN_REVIEW_LATEST_ASSET_NAME = 'thumbgate-claude-plugin-review.zip';
+const CLAUDE_PLUGIN_REVIEW_NEXT_ASSET_NAME = 'thumbgate-claude-plugin-review-next.zip';
 const CODEX_PLUGIN_LATEST_ASSET_NAME = 'thumbgate-codex-plugin.zip';
 const CODEX_PLUGIN_NEXT_ASSET_NAME = 'thumbgate-codex-plugin-next.zip';
 
@@ -27,6 +29,11 @@ function getClaudePluginVersionedAssetName(version = getPackageVersion(ROOT)) {
   return `thumbgate-claude-desktop-v${normalized}.mcpb`;
 }
 
+function getClaudePluginReviewVersionedAssetName(version = getPackageVersion(ROOT)) {
+  const normalized = String(version || '').replace(/^v/, '');
+  return `thumbgate-claude-plugin-review-v${normalized}.zip`;
+}
+
 function isPrereleaseVersion(version = getPackageVersion(ROOT)) {
   return /^\d+\.\d+\.\d+-[0-9A-Za-z.-]+$/.test(String(version || '').trim());
 }
@@ -35,6 +42,12 @@ function getClaudePluginChannelAssetName(version = getPackageVersion(ROOT)) {
   return isPrereleaseVersion(version) ? CLAUDE_PLUGIN_NEXT_ASSET_NAME : CLAUDE_PLUGIN_LATEST_ASSET_NAME;
 }
 
+function getClaudePluginReviewChannelAssetName(version = getPackageVersion(ROOT)) {
+  return isPrereleaseVersion(version)
+    ? CLAUDE_PLUGIN_REVIEW_NEXT_ASSET_NAME
+    : CLAUDE_PLUGIN_REVIEW_LATEST_ASSET_NAME;
+}
+
 function getClaudePluginLatestDownloadUrl(root = ROOT) {
   return `${getRepositoryUrl(root)}/releases/latest/download/${CLAUDE_PLUGIN_LATEST_ASSET_NAME}`;
 }
@@ -44,6 +57,15 @@ function getClaudePluginVersionedDownloadUrl(root = ROOT, version = getPackageVe
   return `${getRepositoryUrl(root)}/releases/download/v${normalized}/${getClaudePluginVersionedAssetName(normalized)}`;
 }
 
+function getClaudePluginReviewLatestDownloadUrl(root = ROOT) {
+  return `${getRepositoryUrl(root)}/releases/latest/download/${CLAUDE_PLUGIN_REVIEW_LATEST_ASSET_NAME}`;
+}
+
+function getClaudePluginReviewVersionedDownloadUrl(root = ROOT, version = getPackageVersion(root)) {
+  const normalized = String(version || '').replace(/^v/, '');
+  return `${getRepositoryUrl(root)}/releases/download/v${normalized}/${getClaudePluginReviewVersionedAssetName(normalized)}`;
+}
+
 function getCodexPluginVersionedAssetName(version = getPackageVersion(ROOT)) {
   const normalized = String(version || '').replace(/^v/, '');
   return `thumbgate-codex-plugin-v${normalized}.zip`;
@@ -65,11 +87,17 @@ function getCodexPluginVersionedDownloadUrl(root = ROOT, version = getPackageVer
 module.exports = {
   CLAUDE_PLUGIN_LATEST_ASSET_NAME,
   CLAUDE_PLUGIN_NEXT_ASSET_NAME,
+  CLAUDE_PLUGIN_REVIEW_LATEST_ASSET_NAME,
+  CLAUDE_PLUGIN_REVIEW_NEXT_ASSET_NAME,
   CODEX_PLUGIN_LATEST_ASSET_NAME,
   CODEX_PLUGIN_NEXT_ASSET_NAME,
   PRODUCTHUNT_URL,
   getClaudePluginChannelAssetName,
   getClaudePluginLatestDownloadUrl,
+  getClaudePluginReviewChannelAssetName,
+  getClaudePluginReviewLatestDownloadUrl,
+  getClaudePluginReviewVersionedAssetName,
+  getClaudePluginReviewVersionedDownloadUrl,
   getClaudePluginVersionedAssetName,
   getClaudePluginVersionedDownloadUrl,
   getCodexPluginChannelAssetName,

package/scripts/feedback-to-rules.js

@@ -107,35 +107,54 @@ function analyze(entries) {
 
 function promoteToGates(recurringIssues) {
   const autoGatePath = getAutoGatesPath();
-  const autoGates = { version: 1, gates: [] };
-  
+
+  // Load existing auto-gates to MERGE, not overwrite
+  let autoGates = { version: 1, gates: [], promotionLog: [] };
+  if (fs.existsSync(autoGatePath)) {
+    try {
+      autoGates = JSON.parse(fs.readFileSync(autoGatePath, 'utf-8'));
+      if (!Array.isArray(autoGates.gates)) autoGates.gates = [];
+      if (!Array.isArray(autoGates.promotionLog)) autoGates.promotionLog = [];
+    } catch { /* start fresh if corrupt */ }
+  }
+
+  const existingIds = new Set(autoGates.gates.map(g => g.id));
+  let added = 0;
+
   for (const issue of recurringIssues) {
     if (issue.severity === 'critical') {
-      // Extract key nouns/verbs for pattern matching
       const keywords = issue.pattern
         .toLowerCase()
         .replace(/[^a-z0-9\s]/g, '')
         .split(/\s+/)
         .filter(w => w.length > 4)
         .slice(0, 3);
-      
+
       if (keywords.length >= 2) {
         const pattern = keywords.join('.*');
+        const id = `auto-${issue.hasHighRisk ? 'hardened' : 'promoted'}-${Date.now().toString(36)}-${added}`;
+
+        // Skip if a gate with the same pattern already exists
+        const patternExists = autoGates.gates.some(g => g.pattern === pattern);
+        if (patternExists || existingIds.has(id)) continue;
+
         autoGates.gates.push({
-          id: `auto-${issue.hasHighRisk ? 'hardened' : 'promoted'}-${Date.now().toString(36)}`,
+          id,
           pattern,
           action: 'block',
           message: `Automatically blocked due to repeated failures: ${issue.suggestedRule}`,
           severity: 'critical',
-          source: 'feedback-auto-promotion'
+          source: 'feedback-to-rules',
+          promotedAt: new Date().toISOString(),
         });
+        added++;
       }
     }
   }
 
-  if (autoGates.gates.length > 0) {
+  if (added > 0) {
     fs.mkdirSync(path.dirname(autoGatePath), { recursive: true });
-    fs.writeFileSync(autoGatePath, JSON.stringify(autoGates, null, 2));
+    fs.writeFileSync(autoGatePath, JSON.stringify(autoGates, null, 2) + '\n');
   }
 }
 

package/scripts/gates-engine.js

@@ -595,10 +595,18 @@ function extractAffectedFiles(toolName, toolInput = {}) {
 }
 
 function isHighRiskAction(toolName, toolInput = {}, affectedFiles = []) {
-  if (EDIT_LIKE_TOOLS.has(toolName) && affectedFiles.length > 0) return true;
+  if (EDIT_LIKE_TOOLS.has(toolName)) return true;
   if (toolName !== 'Bash') return false;
   const command = String(toolInput.command || '');
-  return HIGH_RISK_BASH_PATTERN.test(command);
+  // Original high-risk pattern (git writes, publishes, destructive ops)
+  if (HIGH_RISK_BASH_PATTERN.test(command)) return true;
+  // Broadened: any Bash command that modifies files or has side effects.
+  // Excludes pure read/analysis commands (node --test, cat, ls, echo, etc.)
+  // to avoid false positives on benign operations.
+  if (/\b(sed|awk|mv|cp|chmod|chown|truncate|tee|patch)\b/.test(command)) return true;
+  if (/\b(npm\s+(?:run|exec|install)|yarn|pnpm)\b/.test(command)) return true;
+  if (/\b(curl|wget)\b/.test(command)) return true;
+  return false;
 }
 
 function isScopeEnforcedAction(toolName, toolInput = {}, affectedFiles = []) {
@@ -1448,9 +1456,16 @@ function evaluateSecretGuard(input = {}) {
 // PreToolUse hook interface (stdin/stdout JSON)
 // ---------------------------------------------------------------------------
 
-function formatOutput(result) {
+function formatOutput(result, behavioralContext) {
   if (!result) {
-    // No gate matched — pass through
+    // No gate matched — inject behavioral context if available
+    if (behavioralContext) {
+      return JSON.stringify({
+        hookSpecificOutput: {
+          additionalContext: behavioralContext,
+        },
+      });
+    }
     return JSON.stringify({});
   }
 
@@ -1468,9 +1483,10 @@ function formatOutput(result) {
   }
 
   if (result.decision === 'warn') {
+    const extra = behavioralContext ? `\n${behavioralContext}` : '';
     return JSON.stringify({
       hookSpecificOutput: {
-        additionalContext: `[GATE:${result.gate}] WARNING: ${result.message}${reasoningSuffix}`,
+        additionalContext: `[GATE:${result.gate}] WARNING: ${result.message}${reasoningSuffix}${extra}`,
       },
     });
   }
@@ -1478,6 +1494,30 @@ function formatOutput(result) {
   return JSON.stringify({});
 }
 
+/**
+ * Build behavioral context string from recurring feedback patterns.
+ * Injected as additionalContext on EVERY tool call so the AI constantly
+ * sees its failure patterns — even when no gate blocks.
+ */
+function buildBehavioralContext() {
+  const hybrid = getHybridFeedbackModule();
+  if (!hybrid || typeof hybrid.buildHybridState !== 'function') return null;
+
+  try {
+    const state = hybrid.buildHybridState({});
+    if (!state || !state.recurringNegativePatterns || state.recurringNegativePatterns.length === 0) {
+      return null;
+    }
+
+    const constraints = hybrid.deriveConstraints(state, 3);
+    if (constraints.length === 0) return null;
+
+    return `[ThumbGate] Recurring failure patterns (enforce these):\n${constraints.map(c => `  - ${c}`).join('\n')}`;
+  } catch {
+    return null;
+  }
+}
+
 async function runAsync(input) {
   const secretGuard = evaluateSecretGuard(input);
   if (secretGuard) {
@@ -1504,7 +1544,8 @@ async function runAsync(input) {
     }
   }
 
-  return formatOutput(result);
+  const behavioralContext = buildBehavioralContext();
+  return formatOutput(result, behavioralContext);
 }
 
 function run(input) {
@@ -1533,7 +1574,8 @@ function run(input) {
     }
   }
 
-  return formatOutput(result);
+  const behavioralContext = buildBehavioralContext();
+  return formatOutput(result, behavioralContext);
 }
 
 // ---------------------------------------------------------------------------
@@ -1753,6 +1795,8 @@ module.exports = {
   SESSION_ACTION_TTL_MS,
   PROTECTED_APPROVAL_TTL_MS,
   DEFAULT_PROTECTED_FILE_GLOBS,
+  buildBehavioralContext,
+  isHighRiskAction,
 };
 
 // ---------------------------------------------------------------------------

package/scripts/hosted-config.js

@@ -123,6 +123,7 @@ function resolveHostedBillingConfig({ requestOrigin } = {}, env = process.env) {
   const proPriceDollars = normalizePriceDollars(env.THUMBGATE_PRO_PRICE_DOLLARS) || DEFAULT_PRO_PRICE_DOLLARS;
   const proPriceLabel = env.THUMBGATE_PRO_PRICE_LABEL || DEFAULT_PRO_PRICE_LABEL;
   const gaMeasurementId = normalizeTrackingId(env.THUMBGATE_GA_MEASUREMENT_ID, GA_MEASUREMENT_ID_PATTERN);
+  const posthogApiKey = env.POSTHOG_API_KEY || '';
   const googleSiteVerification = normalizeTrackingId(env.THUMBGATE_GOOGLE_SITE_VERIFICATION);
 
   return {
@@ -137,6 +138,7 @@ function resolveHostedBillingConfig({ requestOrigin } = {}, env = process.env) {
     proPriceLabel,
     gaMeasurementId,
     googleSiteVerification,
+    posthogApiKey,
   };
 }
 

package/scripts/hybrid-feedback-context.js

@@ -508,25 +508,21 @@ function evaluateCompiledGuards(artifact, toolName, toolInput) {
   const normTool = (toolName || '').toLowerCase();
 
   for (const guard of artifact.guards) {
-    // Check if tool context is relevant
     const guardText = normalize(guard.text || '');
     const toolMentioned = guardText.includes(normTool) || normTool === 'unknown';
 
-    if (hasTwoKeywordHits(normInput, guard.words || [])) {
-      return {
-        mode: guard.mode || 'warn',
-        reason: `Matched guard pattern (count: ${guard.count}): "${(guard.text || '').slice(0, 80)}"`,
-        source: 'compiled',
-        guardHash: guard.hash,
-        attributed: guard.attributed,
-      };
-    }
+    const keywordMatch = hasTwoKeywordHits(normInput, guard.words || []);
 
-    // Also check tool-level match when input is empty or short
-    if (normInput.length < 10 && toolMentioned && guard.count >= (artifact.blockThreshold || 3)) {
+    // Match if: keyword hits in input, OR tool mentioned + high count.
+    // Previously tool-name matching only worked for short inputs — this was
+    // a false-negative gap that let tool-specific patterns slip through.
+    if (keywordMatch || (toolMentioned && guard.count >= (artifact.blockThreshold || 3))) {
+      const reason = keywordMatch
+        ? `Matched guard pattern (count: ${guard.count}): "${(guard.text || '').slice(0, 80)}"`
+        : `Tool "${toolName}" has recurring negative patterns (count: ${guard.count})`;
       return {
         mode: guard.mode || 'warn',
-        reason: `Tool "${toolName}" has recurring negative patterns (count: ${guard.count})`,
+        reason,
         source: 'compiled',
         guardHash: guard.hash,
         attributed: guard.attributed,
@@ -596,6 +592,12 @@ function evaluatePretoolFromState(state, toolName, toolInput) {
  * @param {string} [opts.attributedFeedbackPath]
  * @returns {{ mode: 'block'|'warn'|'allow', reason: string, source: string }}
  */
+/**
+ * Max age (ms) before compiled guards are considered stale and live state
+ * is also consulted. Default: 1 hour.
+ */
+const GUARD_STALENESS_MS = 60 * 60 * 1000;
+
 function evaluatePretool(toolName, toolInput, opts) {
   const o = opts || {};
 
@@ -605,11 +607,18 @@ function evaluatePretool(toolName, toolInput, opts) {
   if (artifact) {
     const result = evaluateCompiledGuards(artifact, toolName, toolInput);
     if (result.mode !== 'allow') return result;
-    // Even if compiled says allow, we're done (trust compiled)
-    return result;
+
+    // Check staleness: if compiled artifact is fresh enough, trust it
+    const compiledAt = artifact.compiledAt ? Date.parse(artifact.compiledAt) : 0;
+    const age = Date.now() - compiledAt;
+    if (age < GUARD_STALENESS_MS) {
+      return result; // Fresh compiled artifact says allow — trust it
+    }
+    // Stale artifact said allow — fall through to live evaluation
+    // in case new feedback was captured since compilation
   }
 
-  // Slow path: build live state
+  // Slow path: build live state (also used when compiled guards are stale)
   const state = buildHybridState({
     feedbackLogPath: o.feedbackLogPath,
     attributedFeedbackPath: o.attributedFeedbackPath,
@@ -683,6 +692,7 @@ module.exports = {
   readJsonl,
   getHybridPaths,
   PATHS,
+  GUARD_STALENESS_MS,
 };
 
 if (require.main === module) {

package/scripts/operational-summary.js

@@ -1,23 +1,60 @@
 'use strict';
 
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
 const { getBillingSummaryLive } = require('./billing');
 const { resolveAnalyticsWindow } = require('./analytics-window');
 const { resolveHostedBillingConfig } = require('./hosted-config');
 
+// Configure fetch proxy when running behind a corporate/sandbox proxy
+(function configureProxy() {
+  const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy
+    || process.env.HTTP_PROXY || process.env.http_proxy;
+  if (!proxyUrl) return;
+  try {
+    const { ProxyAgent, setGlobalDispatcher } = require('undici');
+    setGlobalDispatcher(new ProxyAgent(proxyUrl));
+  } catch {
+    // undici not available — fetch will use default dispatcher
+  }
+}());
+
+const OPERATOR_CONFIG_PATH = path.join(os.homedir(), '.config', 'thumbgate', 'operator.json');
+
 function normalizeText(value) {
   if (value === undefined || value === null) return null;
   const text = String(value).trim();
   return text || null;
 }
 
+function loadOperatorConfig(configPath = OPERATOR_CONFIG_PATH) {
+  try {
+    const raw = fs.readFileSync(configPath, 'utf8');
+    const parsed = JSON.parse(raw);
+    return {
+      operatorKey: normalizeText(parsed.operatorKey),
+      baseUrl: normalizeText(parsed.baseUrl),
+    };
+  } catch {
+    return { operatorKey: null, baseUrl: null };
+  }
+}
+
 function shouldPreferHostedSummary() {
   return String(process.env.THUMBGATE_METRICS_SOURCE || '').trim().toLowerCase() !== 'local';
 }
 
 function resolveHostedSummaryConfig() {
   const runtimeConfig = resolveHostedBillingConfig();
-  const apiBaseUrl = normalizeText(process.env.THUMBGATE_BILLING_API_BASE_URL) || runtimeConfig.billingApiBaseUrl;
-  const apiKey = normalizeText(process.env.THUMBGATE_API_KEY);
+  const operatorConfig = loadOperatorConfig();
+  // Priority: env THUMBGATE_OPERATOR_KEY > local config file > env THUMBGATE_API_KEY
+  const apiKey = normalizeText(process.env.THUMBGATE_OPERATOR_KEY)
+    || operatorConfig.operatorKey
+    || normalizeText(process.env.THUMBGATE_API_KEY);
+  const apiBaseUrl = normalizeText(process.env.THUMBGATE_BILLING_API_BASE_URL)
+    || operatorConfig.baseUrl
+    || runtimeConfig.billingApiBaseUrl;
   return {
     apiBaseUrl,
     apiKey,
@@ -74,9 +111,7 @@ async function getOperationalBillingSummary(options = {}) {
     };
   } catch (err) {
     const reason = err && err.message ? err.message : 'hosted_summary_unavailable';
-    // TODO: Configure hosted billing via THUMBGATE_BILLING_API_BASE_URL and THUMBGATE_API_KEY
-    // to avoid falling back to local state. See docs/PRICING_RESEARCH_2026-03-10.md
-    console.warn(`[operational-summary] Hosted billing not configured — falling back to local state. Reason: ${reason}`);
+    console.warn(`[operational-summary] Hosted billing unavailable — falling back to local state. Reason: ${reason}`);
     return {
       source: 'local',
       summary: await getBillingSummaryLive(analyticsWindow),
@@ -90,4 +125,5 @@ module.exports = {
   getOperationalBillingSummary,
   resolveHostedSummaryConfig,
   shouldPreferHostedSummary,
+  loadOperatorConfig,
 };