thumbgate 1.4.1 → 1.4.3

package/scripts/perplexity-marketing.js

@@ -21,10 +21,14 @@
 
 const fs = require('fs');
 const path = require('path');
+const {
+  PerplexityClient,
+  extractChatText,
+  extractCitations,
+} = require('./perplexity-client');
 
-const API_KEY = process.env.PERPLEXITY_API_KEY;
 const OUTPUT_DIR = path.join(__dirname, '..', '.amp', 'in', 'artifacts', 'marketing');
-const SONAR_URL = 'https://api.perplexity.ai/chat/completions';
+const perplexity = new PerplexityClient();
 
 const PRODUCT = {
   name: 'ThumbGate',
@@ -39,31 +43,15 @@ const PRODUCT = {
 };
 
 async function sonarRequest(model, messages, options = {}) {
-  if (!API_KEY) {
+  if (!perplexity.hasApiKey()) {
     throw new Error('PERPLEXITY_API_KEY not set. Get yours at https://www.perplexity.ai/settings/api');
   }
 
-  const body = {
+  return perplexity.chatCompletion({
     model,
     messages,
-    ...options,
-  };
-
-  const resp = await fetch(SONAR_URL, {
-    method: 'POST',
-    headers: {
-      'Authorization': `Bearer ${API_KEY}`,
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify(body),
+    options,
   });
-
-  if (!resp.ok) {
-    const text = await resp.text();
-    throw new Error(`Perplexity API ${resp.status}: ${text}`);
-  }
-
-  return resp.json();
 }
 
 function ensureOutputDir() {
@@ -107,8 +95,8 @@ Be specific with URLs, community names, and actionable steps.`,
     },
   ]);
 
-  const content = result.choices[0].message.content;
-  const citations = result.citations || [];
+  const content = extractChatText(result);
+  const citations = extractCitations(result);
 
   let output = `# Market Research Report — ThumbGate\n\nGenerated: ${new Date().toISOString()}\n\n`;
   output += content;
@@ -149,8 +137,8 @@ async function findThreads() {
         web_search_options: { search_context_size: 'high' },
       });
 
-      const content = result.choices[0].message.content;
-      const citations = result.citations || [];
+      const content = extractChatText(result);
+      const citations = extractCitations(result);
       results.push({ query: q, content, citations });
     } catch (err) {
       console.log(`  ⚠ Query failed: ${q} — ${err.message}`);
@@ -314,7 +302,7 @@ Requirements:
         web_search_options: { search_context_size: 'low' },
       });
 
-      const content = result.choices[0].message.content;
+      const content = extractChatText(result);
       saveOutput(platform.file, `# ${platform.name.toUpperCase()} — Launch Post\n\nGenerated: ${new Date().toISOString()}\n\n${content}`);
       posts.push({ platform: platform.name, content });
     } catch (err) {
@@ -358,7 +346,7 @@ Make all content factually accurate and technically specific.`,
     web_search_options: { search_context_size: 'medium' },
   });
 
-  const content = result.choices[0].message.content;
+  const content = extractChatText(result);
   saveOutput('04-seo-geo-content.md', `# SEO/GEO Optimization Content\n\nGenerated: ${new Date().toISOString()}\n\n${content}`);
   console.log('  ✓ SEO content generated\n');
   return content;
@@ -389,7 +377,7 @@ Include [PERSONALIZATION] placeholders.`,
     },
   ]);
 
-  const content = result.choices[0].message.content;
+  const content = extractChatText(result);
   saveOutput('05-outreach-templates.md', `# Outreach Templates\n\nGenerated: ${new Date().toISOString()}\n\n${content}`);
   console.log('  ✓ Outreach templates generated\n');
   return content;
@@ -405,7 +393,7 @@ async function main() {
   console.log('║  ThumbGate — First Dollar Campaign         ║');
   console.log('╚══════════════════════════════════════════════════════╝');
 
-  if (!API_KEY) {
+  if (!perplexity.hasApiKey()) {
     console.error('\n❌ PERPLEXITY_API_KEY not set.');
     console.error('   Add it to .env: PERPLEXITY_API_KEY=pplx-...');
     console.error('   Get your key: https://www.perplexity.ai/settings/api\n');

package/scripts/prove-packaged-runtime.js

@@ -71,14 +71,14 @@ function isTransientRegistryMiss(error) {
   ]
     .filter(Boolean)
     .join('\n');
-  return /ETARGET|No matching version found|npm error code E404|404 Not Found/i.test(text);
+  return /ETARGET|No matching version found|npm error code E404|404 Not Found|ETIMEDOUT|ENETUNREACH|ECONNRESET|EAI_AGAIN|ECONNREFUSED|network timeout/i.test(text);
 }
 
 async function installPackageWithRetry(prefixDir, packageSpec, options = {}) {
   const installImpl = options.installImpl || installPackage;
   const sleepImpl = options.sleepImpl || sleep;
   const remotePackage = options.remotePackage !== undefined ? options.remotePackage : isRemotePackageSpec(packageSpec);
-  const attempts = remotePackage ? Number(options.attempts || DEFAULT_PUBLISH_INSTALL_RETRIES) : 1;
+  const attempts = Number(options.attempts || (remotePackage ? DEFAULT_PUBLISH_INSTALL_RETRIES : 3));
   let delayMs = Number(options.delayMs || DEFAULT_PUBLISH_INSTALL_DELAY_MS);
   let lastError = null;
 
@@ -90,12 +90,13 @@ async function installPackageWithRetry(prefixDir, packageSpec, options = {}) {
       return installImpl(prefixDir, packageSpec);
     } catch (error) {
       lastError = error;
-      const retryable = remotePackage && isTransientRegistryMiss(error) && attempt < attempts;
+      const transient = isTransientRegistryMiss(error);
+      const retryable = transient && attempt < attempts;
       if (!retryable) {
         throw error;
       }
       process.stderr.write(
-        `Retrying published package install for ${packageSpec} after transient registry miss (${attempt}/${attempts - 1})\n`
+        `Retrying package install for ${packageSpec} after transient npm failure (${attempt}/${attempts - 1})\n`
       );
       await sleepImpl(delayMs);
       delayMs = Math.min(Math.round(delayMs * 1.5), MAX_PUBLISH_INSTALL_DELAY_MS);

package/scripts/ralph-mode-ci.js

@@ -10,12 +10,12 @@
 const crypto = require('crypto');
 const https = require('https');
 
-// ── Env ─────────────────────────────────────────────────────────────────
-const X_API_KEY = process.env.X_API_KEY;
-const X_API_SECRET = process.env.X_API_SECRET;
-const X_ACCESS_TOKEN = process.env.X_ACCESS_TOKEN;
-const X_ACCESS_TOKEN_SECRET = process.env.X_ACCESS_TOKEN_SECRET;
-const X_BEARER_TOKEN = process.env.X_BEARER_TOKEN;
+// ── Env (trim to handle GitHub Actions trailing whitespace) ─────────────
+const X_API_KEY = (process.env.X_API_KEY || '').trim();
+const X_API_SECRET = (process.env.X_API_SECRET || '').trim();
+const X_ACCESS_TOKEN = (process.env.X_ACCESS_TOKEN || '').trim();
+const X_ACCESS_TOKEN_SECRET = (process.env.X_ACCESS_TOKEN_SECRET || '').trim();
+const X_BEARER_TOKEN = (process.env.X_BEARER_TOKEN || '').trim();
 const LINKEDIN_ACCESS_TOKEN = process.env.LINKEDIN_ACCESS_TOKEN;
 const LINKEDIN_PERSON_URN = process.env.LINKEDIN_PERSON_URN;
 const DEVTO_API_KEY = process.env.DEVTO_API_KEY;
@@ -44,13 +44,21 @@ function xAuthHeader(method, url) {
 // ── Helpers ─────────────────────────────────────────────────────────────
 async function postTweet(text) {
   const url = 'https://api.twitter.com/2/tweets';
+  console.log('  X auth debug: credentials ' + (X_API_KEY && X_ACCESS_TOKEN ? 'present' : 'missing'));
   const r = await fetch(url, {
     method: 'POST',
     headers: { Authorization: xAuthHeader('POST', url), 'Content-Type': 'application/json' },
     body: JSON.stringify({ text }),
   });
-  const j = await r.json();
-  return { id: j.data?.id, error: j.detail };
+  const j = await parseJsonResponse(r);
+  if (!j.data?.id) console.log('  X error detail:', JSON.stringify(j).slice(0, 200));
+  const id = j.data?.id || '';
+  return {
+    id,
+    ok: r.ok && Boolean(id),
+    status: r.status,
+    error: id ? '' : extractApiError(j, r.status),
+  };
 }
 
 async function replyTweet(text, replyTo) {
@@ -60,8 +68,50 @@ async function replyTweet(text, replyTo) {
     headers: { Authorization: xAuthHeader('POST', url), 'Content-Type': 'application/json' },
     body: JSON.stringify({ text, reply: { in_reply_to_tweet_id: replyTo } }),
   });
-  const j = await r.json();
-  return { id: j.data?.id, error: j.detail };
+  const j = await parseJsonResponse(r);
+  const id = j.data?.id || '';
+  return {
+    id,
+    ok: r.ok && Boolean(id),
+    status: r.status,
+    error: id ? '' : extractApiError(j, r.status),
+  };
+}
+
+async function parseJsonResponse(response) {
+  try {
+    return await response.json();
+  } catch {
+    return {};
+  }
+}
+
+function extractApiError(payload = {}, status = 0) {
+  const firstError = Array.isArray(payload.errors) && payload.errors[0]
+    ? payload.errors[0].message || payload.errors[0].detail || payload.errors[0].title
+    : '';
+  return payload.detail || payload.title || firstError || `HTTP ${status || 'unknown'}`;
+}
+
+function recordTweetPost(report, result, log = console.log) {
+  if (result && result.ok && result.id) {
+    log('Tweet posted: ' + result.id);
+    report.tweets++;
+    return true;
+  }
+  log('Tweet skipped: ' + (result?.error || `HTTP ${result?.status || 'unknown'}`));
+  return false;
+}
+
+function recordTweetReply(report, username, result, log = console.log) {
+  const handle = username ? '@' + username : 'unknown user';
+  if (result && result.ok && result.id) {
+    log('  Replied to ' + handle + ': ' + result.id);
+    report.replies++;
+    return true;
+  }
+  log('  Reply skipped for ' + handle + ': ' + (result?.error || `HTTP ${result?.status || 'unknown'}`));
+  return false;
 }
 
 async function postLinkedIn(text) {
@@ -128,7 +178,7 @@ const TWEET_ANGLES = [
   'Thompson Sampling for AI agent gates:\n\nEach gate: Beta(alpha, beta)\nCorrect block → alpha++ → tighter\nFalse positive → beta++ → relaxes\n\nNo thresholds. Gates converge on their own.\n\nhttps://github.com/IgorGanapolsky/ThumbGate',
   'Google DeepMind: hidden prompt injections commandeer AI agents 86% of the time.\n\nThumbGate gates the action, not the prompt. PreToolUse hooks are the last defense.\n\nhttps://github.com/IgorGanapolsky/ThumbGate',
   'Every AI agent framework ships memory. None ship enforcement.\n\nMemory: "Don\'t force-push to main"\nEnforcement: *physically blocked*\n\nThumbGate is the enforcement layer.\n\nhttps://github.com/IgorGanapolsky/ThumbGate',
-  'Founding Member: $49 once. ThumbGate Pro forever.\n\n50 spots. No subscription.\n\nSelf-distillation, SQL MCP gates, Thompson Sampling, context-stuffing, 68 tools on Smithery.\n\nhttps://buy.stripe.com/aFa4gz1M84r419v7mb3sI05',
+  'ThumbGate Pro is $19/mo or $149/yr for solo AI agent operators.\n\nLocal dashboard, DPO export, self-distillation, SQL MCP gates, Thompson Sampling, and pre-action enforcement.\n\nTeam rollout starts with intake: $99/seat/mo.\n\nhttps://buy.stripe.com/5kQ4gzbmI9Lo6tPayn3sI06',
   'Context-stuffing: skip RAG entirely.\n\nDump ALL prevention rules into agent context at session start. 20-200 rules = 1K-10K tokens.\n\nInspired by Karpathy. Simpler. Faster.\n\nhttps://github.com/IgorGanapolsky/ThumbGate',
   'The AI agent safety stack:\n\nGovernance: Paperclip\nOrchestration: iloom\nContext: RepoWise\nEnforcement: ThumbGate\n\nAll open source. All necessary.\n\nhttps://github.com/IgorGanapolsky/ThumbGate',
 ];
@@ -170,8 +220,7 @@ async function main() {
         const u = mu[t.author_id] || {};
         const replyText = '@' + u.username + ' ThumbGate: PreToolUse enforcement for AI agents. Thompson Sampling adapts confidence. 68 tools on Smithery.\n\nhttps://github.com/IgorGanapolsky/ThumbGate';
         const r = await replyTweet(replyText, t.id);
-        console.log('  Replied to @' + u.username + ': ' + (r.id || r.error));
-        report.replies++;
+        recordTweetReply(report, u.username, r);
       }
 
       state.lastMentionCheck = new Date().toISOString();
@@ -183,8 +232,7 @@ async function main() {
     try {
       const angleIndex = Math.floor(Date.now() / 7200000) % TWEET_ANGLES.length;
       const r = await postTweet(TWEET_ANGLES[angleIndex]);
-      console.log('Tweet posted: ' + (r.id || r.error));
-      report.tweets++;
+      recordTweetPost(report, r);
     } catch (e) {
       console.log('Tweet error: ' + e.message);
     }
@@ -311,6 +359,9 @@ async function main() {
     console.log('GitHub: skipped (no token)');
   }
 
+  // ── 8. Perplexity visibility ──
+  await checkPerplexityVisibility();
+
   // ── Save state ──
   state.lastRun = new Date().toISOString();
   saveState(state);
@@ -325,7 +376,59 @@ async function main() {
   console.log('=== DONE ===');
 }
 
-main().catch(e => {
-  console.error('Ralph Mode CI fatal error:', e.message);
-  process.exit(1);
-});
+function isDirectInvocation(mainModule = require.main) {
+  return Boolean(mainModule && mainModule.filename === __filename);
+}
+
+if (isDirectInvocation()) {
+  main().catch(e => {
+    console.error('Ralph Mode CI fatal error:', e.message);
+    process.exit(1);
+  });
+}
+
+// ── Perplexity AI Search Visibility (appended) ──────────────────────────
+async function checkPerplexityVisibility() {
+  const PPLX_KEY = (process.env.PERPLEXITY_API_KEY || '').trim();
+  if (!PPLX_KEY) { console.log('Perplexity: skipped (no key)'); return; }
+
+  const prompts = [
+    'best pre-action gate tools for AI coding agents',
+    'how to prevent AI coding agent from making mistakes',
+    'Claude Code safety tools',
+    'alternatives to thumbgate',
+  ];
+
+  console.log('Perplexity visibility check (' + prompts.length + ' queries):');
+  let found = 0;
+  for (const prompt of prompts) {
+    try {
+      const r = await fetch('https://api.perplexity.ai/chat/completions', {
+        method: 'POST',
+        headers: { Authorization: 'Bearer ' + PPLX_KEY, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ model: 'sonar', messages: [{ role: 'user', content: prompt }] }),
+      });
+      const j = await r.json();
+      const text = j.choices?.[0]?.message?.content || '';
+      const mentioned = /thumbgate/i.test(text);
+      console.log('  "' + prompt.slice(0, 50) + '": ' + (mentioned ? 'FOUND' : 'MISSING'));
+      if (mentioned) found++;
+    } catch (e) {
+      console.log('  "' + prompt.slice(0, 50) + '": ERROR ' + e.message.slice(0, 30));
+    }
+  }
+  console.log('Perplexity: ThumbGate mentioned in ' + found + '/' + prompts.length + ' queries');
+}
+
+module.exports = {
+  TWEET_ANGLES,
+  extractApiError,
+  main,
+  parseJsonResponse,
+  postTweet,
+  isDirectInvocation,
+  recordTweetPost,
+  recordTweetReply,
+  replyTweet,
+  xAuthHeader,
+};

package/scripts/reflector-agent.js

@@ -12,7 +12,7 @@
 
 'use strict';
 
-const { retrieveRelevantLessons } = require('./lesson-retrieval');
+const { retrieveWithRerankingSync } = require('./cross-encoder-reranker');
 const {
   extractFilePaths,
   extractToolCalls,
@@ -99,7 +99,7 @@ function checkRecurrence(analysis, feedbackEvent) {
   try {
     const context = `${analysis.userIntent} ${analysis.assistantAction} ${analysis.corrections.join(' ')}`;
     const toolName = analysis.toolsUsed[0] || 'unknown';
-    previousLessons = retrieveRelevantLessons(toolName, context, { maxResults: 5 });
+    previousLessons = retrieveWithRerankingSync(toolName, context, { candidateCount: 20, maxResults: 5 });
     // Filter to only negative lessons
     previousLessons = previousLessons.filter(l => l.signal === 'negative');
   } catch (_err) {