thumbgate 1.4.2 → 1.4.4

package/public/vercel.json

@@ -1,8 +0,0 @@
-{
-  "version": 2,
-  "public": true,
-  "name": "thumbgate",
-  "rewrites": [
-    { "source": "/(.*)", "destination": "/index.html" }
-  ]
-}

package/scripts/a2ui-engine.js

@@ -1,73 +0,0 @@
-/**
- * A2UI (Agent-to-User Interface) Component Definitions
- * 
- * Standardized schema for dynamic UI components generated by the agent.
- * These are intended to be rendered in the Feedback Studio or as MCP Artifacts.
- */
-
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-
-const COMPONENT_TYPES = {
-  REASONING_TRACE: 'reasoning-trace',   // Graph/List showing how dots were connected
-  RULE_PROPOSAL: 'rule-proposal',       // Interactive card to approve/refine a rule
-  CONFLICT_VETO: 'conflict-veto',       // UI to resolve contradicting memories
-  METRIC_DYNAMIC: 'metric-dynamic'      // Real-time custom metrics based on current task
-};
-
-/**
- * Generate a Reasoning Trace component (A2UI)
- * @param {string} summary - High-level synthesis
- * @param {Array} sources - List of source logs/memories
- * @param {Array} connections - Semantic links found
- */
-function createReasoningTrace(summary, sources, connections) {
-  return {
-    type: COMPONENT_TYPES.REASONING_TRACE,
-    version: '1.0.0',
-    data: {
-      summary,
-      sources: sources.map(s => ({
-        id: s.id,
-        text: s.context || s.content,
-        signal: s.signal || 'neutral'
-      })),
-      graph: connections.map(c => ({
-        from: c.sourceId,
-        to: c.targetId,
-        label: c.relation
-      }))
-    },
-    actions: [
-      { id: 'view-logs', label: 'View Raw Logs', type: 'primary' }
-    ]
-  };
-}
-
-/**
- * Generate a Rule Proposal component (A2UI)
- */
-function createRuleProposal(pattern, suggestedRule, severity) {
-  return {
-    type: COMPONENT_TYPES.RULE_PROPOSAL,
-    version: '1.0.0',
-    data: {
-      pattern,
-      suggestedRule,
-      severity
-    },
-    actions: [
-      { id: 'approve', label: 'Approve ALWAYS/NEVER', type: 'success' },
-      { id: 'refine', label: 'Tweak Wording', type: 'secondary' },
-      { id: 'veto', label: 'Veto Rule', type: 'danger' }
-    ]
-  };
-}
-
-module.exports = {
-  COMPONENT_TYPES,
-  createReasoningTrace,
-  createRuleProposal
-};

package/scripts/adk-consolidator.js

@@ -1,274 +0,0 @@
-#!/usr/bin/env node
-/**
- * Agent Development Kit (ADK) Memory Consolidator
- * 
- * 'Always-On' background service that reads disparate feedback logs and uses 
- * Gemini (Flash-Lite/Flash) to actively consolidate, compress, and dream up 
- * generalized prevention rules. This moves the system from 'passive logging' 
- * to 'active semantic memory consolidation'.
- */
-
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-
-const PROJECT_ROOT = path.join(__dirname, '..');
-const { getFeedbackPaths, readJSONL } = require('./feedback-loop');
-const { compactContext } = require('./context-engine');
-const { resolveModelRole } = require('./local-model-profile');
-const { trackEvent, shouldInjectReminder, injectReminder } = require('./reminder-engine');
-const { validateApiKey } = require('./billing');
-
-// Keep track of the last processed ID to avoid re-consolidating the exact same logs
-const STATE_FILE = process.env.ADK_STATE_FILE || path.join(PROJECT_ROOT, '.thumbgate', 'adk-state.json');
-
-
-function loadState() {
-  if (fs.existsSync(STATE_FILE)) {
-    try {
-      return JSON.parse(fs.readFileSync(STATE_FILE, 'utf-8'));
-    } catch {
-      return { lastProcessedFeedbackId: null };
-    }
-  }
-  return { lastProcessedFeedbackId: null };
-}
-
-function saveState(state) {
-  ensureDir(path.dirname(STATE_FILE));
-  fs.writeFileSync(STATE_FILE, JSON.stringify(state, null, 2));
-}
-
-const { createRuleProposal, createReasoningTrace } = require('./a2ui-engine');
-const { ensureDir } = require('./fs-utils');
-
-function buildFakeConsolidation(anchorLogs, newLogs) {
-  const combined = [...anchorLogs, ...newLogs].filter(Boolean);
-  const connectedLogIds = combined.slice(0, 3).map((log) => log.id).filter(Boolean);
-  const issueHints = combined
-    .map((log) => log.whatWentWrong || log.context || '')
-    .map((text) => String(text).trim())
-    .filter(Boolean);
-
-  const primaryHint = issueHints[0] || 'Environment and rollout checks were skipped';
-  return {
-    consolidatedInsights: [
-      {
-        pattern: primaryHint,
-        rule: 'ALWAYS verify environment, approvals, and rollout prerequisites before executing workflow changes',
-        severity: 'high',
-        connectedLogIds,
-      },
-    ],
-    a2uiPayload: {
-      reasoningGraph: {
-        summary: 'Synthetic consolidation used for hermetic test mode.',
-        connections: connectedLogIds.slice(1).map((id) => ({
-          from: connectedLogIds[0],
-          to: id,
-          label: 'Shared failure pattern',
-        })),
-      },
-    },
-  };
-}
-
-async function consolidateMemory() {
-  const requestedFakeConsolidation = process.env.ADK_FAKE_CONSOLIDATION === 'true';
-  const useFakeConsolidation = requestedFakeConsolidation && process.env.NODE_ENV === 'test';
-  const apiKey = process.env.GEMINI_API_KEY;
-  if (requestedFakeConsolidation && !useFakeConsolidation) {
-    console.warn('[ADK Consolidator] Ignoring ADK_FAKE_CONSOLIDATION outside test mode.');
-  }
-  if (!useFakeConsolidation && !apiKey) {
-    console.warn('[ADK Consolidator] GEMINI_API_KEY is not set. Skipping active consolidation.');
-    return;
-  }
-
-  let ai = null;
-  if (!useFakeConsolidation) {
-    let GoogleGenAI;
-    try {
-      ({ GoogleGenAI } = require('@google/genai'));
-    } catch (error) {
-      if (error && error.code === 'MODULE_NOT_FOUND') {
-        console.warn('[ADK Consolidator] @google/genai is not installed. Skipping active consolidation.');
-        return;
-      }
-      throw error;
-    }
-    ai = new GoogleGenAI({ apiKey });
-  }
-  const paths = getFeedbackPaths();
-  const state = loadState();
-
-  const allLogs = readJSONL(paths.FEEDBACK_LOG_PATH);
-  
-  if (allLogs.length === 0) {
-    console.log('[ADK Consolidator] No logs to consolidate.');
-    return;
-  }
-
-  // 1. Anchor-Memories: Always include the first 5 "foundational" logs of the session.
-  // These act as 'attention sinks' that provide global context and numerical anchors
-  // for the model's reasoning stability.
-  const anchorLogs = allLogs.slice(0, 5);
-
-  // 2. Incremental Window: Find where we left off
-  const hasPriorState = Boolean(state.lastProcessedFeedbackId);
-  let newLogs = [];
-  if (hasPriorState) {
-    const lastIdx = allLogs.findIndex(l => l.id === state.lastProcessedFeedbackId);
-    if (lastIdx !== -1) {
-      newLogs = allLogs.slice(lastIdx + 1);
-    } else {
-      newLogs = allLogs.slice(-50);
-    }
-  } else {
-    newLogs = allLogs.slice(-50);
-  }
-
-  // Filter anchors out of newLogs if they overlap to save tokens
-  const rawNewLogs = newLogs.filter(nl => !anchorLogs.some(al => al.id === nl.id));
-
-  if (rawNewLogs.length === 0 && anchorLogs.length > 0 && hasPriorState) {
-    console.log('[ADK Consolidator] No new logs since last consolidation cycle.');
-    return;
-  }
-
-  // Adaptive context compaction: reduce prompt size before sending to Gemini
-  const compactionResult = compactContext(rawNewLogs, anchorLogs, { windowSize: 30, perEntryMaxChars: 512 });
-  const filteredNewLogs = compactionResult.entries.filter(e => !anchorLogs.some(a => a.id === e.id));
-  if (compactionResult.compacted) {
-    console.log(`[ADK Consolidator] Context compacted: removed ${compactionResult.removedCount} entries (stage ${compactionResult.stage}).`);
-  }
-
-  // Resolve model via role router instead of hardcoding
-  const modelConfig = resolveModelRole('normal');
-  const activationLabel = useFakeConsolidation ? `Gemini test stub (${modelConfig.model})` : `Gemini (${modelConfig.model})`;
-  console.log(`[ADK Consolidator] Activating ${activationLabel} with ${anchorLogs.length} anchors and ${filteredNewLogs.length} new events...`);
-
-  const prompt = `
-You are the Agent Development Kit (ADK) 'Always-On' Memory Consolidator.
-Synthesize the latest feedback into generalized prevention rules AND dynamic A2UI components.
-
-Foundational Anchors (Numerical Sinks):
-${JSON.stringify(anchorLogs.map(l => ({ id: l.id, signal: l.signal, context: l.context, whatWentWrong: l.whatWentWrong })), null, 2)}
-
-Latest Feedback Events (Spikes):
-${JSON.stringify(filteredNewLogs.map(l => ({ id: l.id, signal: l.signal, context: l.context, whatWentWrong: l.whatWentWrong })), null, 2)}
-
-Output ONLY valid JSON:
-{
-  "consolidatedInsights": [
-    {
-      "pattern": "Underlying flaw",
-      "rule": "ALWAYS/NEVER directive",
-      "severity": "critical|high|medium|low",
-      "connectedLogIds": ["fb_1", "fb_2"]
-    }
-  ],
-  "a2uiPayload": {
-    "reasoningGraph": {
-      "summary": "Synthesis summary",
-      "connections": [{"from": "fb_1", "to": "fb_2", "label": "Same environment issue"}]
-    }
-  }
-}
-`;
-
-  try {
-    const result = useFakeConsolidation
-      ? buildFakeConsolidation(anchorLogs, filteredNewLogs)
-      : JSON.parse((await ai.models.generateContent({
-        model: modelConfig.model,
-        contents: prompt,
-        config: { responseMimeType: 'application/json' }
-      })).text);
-    console.log('[ADK Consolidator] Consolidation complete.');
-
-    if (result.consolidatedInsights) {
-      // Append to markdown (legacy fallback)
-      appendRules(result.consolidatedInsights, paths.PREVENTION_RULES_PATH);
-
-      // Track guardrail spikes and emit reminders when threshold is met
-      const criticalInsights = result.consolidatedInsights.filter(
-        i => i.severity === 'critical' || i.severity === 'high',
-      );
-      if (criticalInsights.length > 0) {
-        trackEvent('guardrail_spike');
-        if (shouldInjectReminder('guardrail_spike')) {
-          const topRule = criticalInsights[0].rule;
-          const reminderTurns = injectReminder([], 'guardrail_spike', { rule: topRule });
-          const reminderPath = path.join(PROJECT_ROOT, '.thumbgate', `reminder_${Date.now()}.json`);
-          fs.writeFileSync(reminderPath, JSON.stringify(reminderTurns[0], null, 2));
-          console.log(`[ADK Consolidator] Emitted system reminder: ${reminderPath}`);
-        }
-      }
-
-      // Emit A2UI components (New Model)
-      result.consolidatedInsights.forEach(insight => {
-        const proposal = createRuleProposal(insight.pattern, insight.rule, insight.severity);
-        const a2uiPath = path.join(PROJECT_ROOT, '.thumbgate', `a2ui_proposal_${Date.now()}.json`);
-        fs.writeFileSync(a2uiPath, JSON.stringify(proposal, null, 2));
-        console.log(`[ADK Consolidator] Emitted A2UI Proposal: ${a2uiPath}`);
-      });
-    }
-
-    state.lastProcessedFeedbackId = newLogs[newLogs.length - 1].id;
-    saveState(state);
-
-    // Hosted consolidation can run with a valid cloud key, but it is not metered usage billing.
-    const cloudKey = process.env.THUMBGATE_API_KEY;
-    if (cloudKey) {
-      const validation = validateApiKey(cloudKey);
-      if (validation.valid) {
-        console.log(`[ADK Consolidator] Hosted key validated for customer: ${validation.customerId}`);
-      }
-    }
-
-  } catch (err) {
-    console.error('[ADK Consolidator] Consolidation failed:', err.message);
-  }
-}
-
-function appendRules(insights, rulesPath) {
-  let existingContent = '';
-  if (fs.existsSync(rulesPath)) {
-    existingContent = fs.readFileSync(rulesPath, 'utf-8');
-  } else {
-    existingContent = '# Prevention Rules\n\nGenerated from active semantic memory consolidation.\n\n';
-  }
-
-  let newRulesBlock = '\n## ADK Semantic Consolidations\n';
-  const timestamp = new Date().toISOString();
-  insights.forEach(insight => {
-    newRulesBlock += `- [${insight.severity.toUpperCase()}] **${insight.pattern}**\n  - Rule: ${insight.rule} *(Consolidated at ${timestamp})*\n`;
-  });
-
-  const updatedContent = existingContent + newRulesBlock;
-  ensureDir(path.dirname(rulesPath));
-  fs.writeFileSync(rulesPath, updatedContent);
-  console.log(`[ADK Consolidator] Appended ${insights.length} new consolidated rules to ${rulesPath}`);
-}
-
-if (require.main === module) {
-  const args = process.argv.slice(2);
-  const isWatchMode = args.includes('--watch');
-
-  if (isWatchMode) {
-    console.log('[ADK Consolidator] Started in Always-On Watch Mode (interval: 5 minutes)');
-    consolidateMemory(); // Run once immediately
-    setInterval(() => {
-      consolidateMemory();
-    }, 5 * 60 * 1000); // Check every 5 minutes
-  } else {
-    consolidateMemory().then(() => {
-      console.log('[ADK Consolidator] Cycle finished.');
-      process.exit(0);
-    });
-  }
-}
-
-module.exports = { consolidateMemory };

package/scripts/agent-security-hardening.js

@@ -1,225 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-/**
- * Agent Security Hardening — credential tracking, privilege escalation detection,
- * dependency attestation gate.
- *
- * Closes the gaps from the agentic security video:
- * 1. Session-scoped credential attestation — track what creds each agent uses
- * 2. Privilege escalation detection — flag agents invoking tools outside their MCP profile
- * 3. Dependency attestation gate — block agents from installing unvetted packages
- */
-
-const fs = require('fs');
-const path = require('path');
-const { resolveFeedbackDir } = require('./feedback-paths');
-const { ensureParentDir, readJsonl } = require('./fs-utils');
-
-function getFeedbackDir() { return resolveFeedbackDir(); }
-const CRED_LOG = 'credential-attestations.jsonl';
-const ESCALATION_LOG = 'escalation-events.jsonl';
-const DEP_LOG = 'dependency-attestations.jsonl';
-
-function getCredLogPath() { return path.join(getFeedbackDir(), CRED_LOG); }
-function getEscalationLogPath() { return path.join(getFeedbackDir(), ESCALATION_LOG); }
-function getDepLogPath() { return path.join(getFeedbackDir(), DEP_LOG); }
-
-// ---------------------------------------------------------------------------
-// 1. Session-Scoped Credential Attestation
-// ---------------------------------------------------------------------------
-
-/**
- * Record what credential an agent used for a tool call.
- * Creates an audit trail: agent → credential → tool → timestamp.
- */
-function attestCredential({ agentId, credentialType, credentialId, toolName, scope, sessionId } = {}) {
-  const entry = {
-    id: `cred_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-    timestamp: new Date().toISOString(),
-    agentId: agentId || 'unknown',
-    credentialType: credentialType || 'unknown', // 'api_key', 'oauth_token', 'session_token', 'mcp_auth'
-    credentialId: credentialId ? credentialId.slice(0, 8) + '***' : 'unknown', // truncated for safety
-    toolName: toolName || 'unknown',
-    scope: scope || 'default',
-    sessionId: sessionId || null,
-  };
-  const logPath = getCredLogPath();
-  ensureParentDir(logPath);
-  fs.appendFileSync(logPath, JSON.stringify(entry) + '\n');
-  return entry;
-}
-
-/**
- * Get credential usage summary for audit.
- */
-function getCredentialAudit({ periodHours = 24 } = {}) {
-  const entries = readJsonl(getCredLogPath());
-  const cutoff = Date.now() - periodHours * 60 * 60 * 1000;
-  const recent = entries.filter((e) => new Date(e.timestamp).getTime() > cutoff);
-
-  const byAgent = {};
-  const byCredType = {};
-  for (const e of recent) {
-    if (!byAgent[e.agentId]) byAgent[e.agentId] = { tools: new Set(), credTypes: new Set(), count: 0 };
-    byAgent[e.agentId].tools.add(e.toolName);
-    byAgent[e.agentId].credTypes.add(e.credentialType);
-    byAgent[e.agentId].count++;
-    byCredType[e.credentialType] = (byCredType[e.credentialType] || 0) + 1;
-  }
-
-  // Serialize Sets
-  const agents = Object.entries(byAgent).map(([id, data]) => ({
-    agentId: id, tools: [...data.tools], credTypes: [...data.credTypes], callCount: data.count,
-  }));
-
-  return { periodHours, total: recent.length, agents, byCredType };
-}
-
-// ---------------------------------------------------------------------------
-// 2. Privilege Escalation Detection
-// ---------------------------------------------------------------------------
-
-// MCP profile tool allowlists (loaded from config or defaults)
-const PROFILE_ALLOWLISTS = {
-  essential: new Set(['capture_feedback', 'recall', 'search_lessons', 'search_thumbgate', 'prevention_rules', 'enforcement_matrix', 'feedback_stats', 'estimate_uncertainty', 'org_dashboard', 'set_task_scope', 'get_scope_state', 'set_branch_governance', 'get_branch_governance', 'approve_protected_action', 'check_operational_integrity', 'workflow_sentinel']),
-  readonly: new Set(['recall', 'feedback_summary', 'search_lessons', 'verify_claim', 'gate_stats', 'search_thumbgate', 'feedback_stats', 'estimate_uncertainty', 'org_dashboard', 'get_scope_state', 'get_branch_governance', 'check_operational_integrity', 'workflow_sentinel']),
-  locked: new Set(['feedback_summary', 'search_lessons', 'diagnose_failure', 'list_intents', 'plan_intent', 'list_harnesses', 'verify_claim', 'get_scope_state', 'get_branch_governance', 'check_operational_integrity', 'workflow_sentinel']),
-  commerce: new Set(['capture_feedback', 'recall', 'search_thumbgate', 'commerce_recall', 'track_action', 'verify_claim', 'feedback_stats', 'set_task_scope', 'get_scope_state', 'set_branch_governance', 'get_branch_governance', 'approve_protected_action', 'check_operational_integrity', 'workflow_sentinel']),
-};
-
-/**
- * Check if a tool call is within the agent's MCP profile scope.
- * Detects privilege escalation when agent tries to use tools outside its profile.
- */
-function detectPrivilegeEscalation({ agentId, toolName, mcpProfile } = {}) {
-  const profile = mcpProfile || 'essential';
-  const allowlist = PROFILE_ALLOWLISTS[profile];
-
-  // If profile unknown or no allowlist, can't detect escalation
-  if (!allowlist) return { escalation: false, reason: 'unknown profile' };
-
-  const isAllowed = allowlist.has(toolName);
-
-  if (!isAllowed) {
-    const event = {
-      id: `esc_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-      timestamp: new Date().toISOString(),
-      agentId: agentId || 'unknown',
-      toolName: toolName || 'unknown',
-      mcpProfile: profile,
-      severity: 'warning',
-      message: `Agent "${agentId}" attempted to use "${toolName}" which is outside "${profile}" profile scope`,
-    };
-    const logPath = getEscalationLogPath();
-    ensureParentDir(logPath);
-    fs.appendFileSync(logPath, JSON.stringify(event) + '\n');
-    return { escalation: true, event };
-  }
-
-  return { escalation: false };
-}
-
-/**
- * Get escalation event stats.
- */
-function getEscalationStats({ periodHours = 24 } = {}) {
-  const entries = readJsonl(getEscalationLogPath());
-  const cutoff = Date.now() - periodHours * 60 * 60 * 1000;
-  const recent = entries.filter((e) => new Date(e.timestamp).getTime() > cutoff);
-
-  const byAgent = {};
-  const byTool = {};
-  for (const e of recent) {
-    byAgent[e.agentId] = (byAgent[e.agentId] || 0) + 1;
-    byTool[e.toolName] = (byTool[e.toolName] || 0) + 1;
-  }
-
-  return { total: recent.length, byAgent, byTool, periodHours };
-}
-
-// ---------------------------------------------------------------------------
-// 3. Dependency Attestation Gate
-// ---------------------------------------------------------------------------
-
-const BLOCKED_PACKAGES = new Set([
-  'event-stream', // known supply chain attack
-  'ua-parser-js', // compromised in 2021
-  'coa', // compromised in 2021
-  'rc', // compromised in 2021
-]);
-
-const TRUSTED_SCOPES = new Set(['@anthropic-ai', '@types', '@babel', '@eslint']);
-
-/**
- * Check if a dependency install should be allowed.
- * Blocks known-compromised packages and unscoped packages without attestation.
- */
-function attestDependency({ packageName, version, agentId, action } = {}) {
-  const pkg = packageName || '';
-  const act = action || 'install'; // 'install', 'update', 'remove'
-
-  const findings = [];
-  let allowed = true;
-
-  // Check blocked list
-  if (BLOCKED_PACKAGES.has(pkg)) {
-    findings.push({ rule: 'blocked_package', message: `"${pkg}" is a known-compromised package`, severity: 'critical' });
-    allowed = false;
-  }
-
-  // Check for suspicious patterns
-  if (pkg.includes('..') || pkg.includes('/') && !pkg.startsWith('@')) {
-    findings.push({ rule: 'suspicious_path', message: `"${pkg}" has suspicious path characters`, severity: 'warning' });
-    allowed = false;
-  }
-
-  // Check version pinning
-  if (version && /^[>~^]/.test(version)) {
-    findings.push({ rule: 'unpinned_version', message: `Version "${version}" is not pinned — use exact version`, severity: 'warning' });
-  }
-
-  // Trusted scope bonus
-  const isTrustedScope = TRUSTED_SCOPES.has(pkg.split('/')[0]);
-
-  const event = {
-    id: `dep_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
-    timestamp: new Date().toISOString(),
-    packageName: pkg,
-    version: version || 'latest',
-    agentId: agentId || 'unknown',
-    action: act,
-    allowed,
-    isTrustedScope,
-    findings,
-  };
-
-  const logPath = getDepLogPath();
-  ensureParentDir(logPath);
-  fs.appendFileSync(logPath, JSON.stringify(event) + '\n');
-
-  return { allowed, findings, isTrustedScope, event };
-}
-
-/**
- * Get dependency attestation stats.
- */
-function getDepAttestationStats({ periodHours = 24 } = {}) {
-  const entries = readJsonl(getDepLogPath());
-  const cutoff = Date.now() - periodHours * 60 * 60 * 1000;
-  const recent = entries.filter((e) => new Date(e.timestamp).getTime() > cutoff);
-
-  return {
-    total: recent.length,
-    allowed: recent.filter((e) => e.allowed).length,
-    blocked: recent.filter((e) => !e.allowed).length,
-    findings: recent.reduce((sum, e) => sum + (e.findings || []).length, 0),
-    periodHours,
-  };
-}
-
-module.exports = {
-  attestCredential, getCredentialAudit, getCredLogPath,
-  detectPrivilegeEscalation, getEscalationStats, getEscalationLogPath, PROFILE_ALLOWLISTS,
-  attestDependency, getDepAttestationStats, getDepLogPath, BLOCKED_PACKAGES, TRUSTED_SCOPES,
-};