thumbgate 1.4.3 → 1.4.5

package/scripts/computer-use-firewall.js

@@ -1,280 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-const { buildDockerSandboxPlan } = require('./docker-sandbox-planner');
-
-/**
- * Computer-Use Action Firewall — normalizes OpenAI Responses API
- * computer-environment actions into ThumbGate's gate schema and
- * evaluates them against policy presets.
- */
-
-const CONFIG_PATH = path.join(__dirname, '..', 'config', 'gates', 'computer-use.json');
-
-// Action types from Responses API computer environment
-const ACTION_TYPES = {
-  'browser.open': { category: 'browser', riskLevel: 'low' },
-  'browser.click': { category: 'browser', riskLevel: 'low' },
-  'browser.type': { category: 'browser', riskLevel: 'medium' },
-  'shell.exec': { category: 'shell', riskLevel: 'high' },
-  'file.read': { category: 'file', riskLevel: 'low' },
-  'file.write': { category: 'file', riskLevel: 'medium' },
-  'file.delete': { category: 'file', riskLevel: 'high' },
-  'clipboard.read': { category: 'system', riskLevel: 'medium' },
-  'clipboard.write': { category: 'system', riskLevel: 'medium' },
-  'download': { category: 'network', riskLevel: 'medium' },
-  'upload': { category: 'network', riskLevel: 'high' },
-  'message.send': { category: 'communication', riskLevel: 'high' },
-};
-
-// Policy presets
-const PRESETS = {
-  'safe-readonly': {
-    allow: ['browser.open', 'browser.click', 'file.read', 'clipboard.read'],
-    deny: ['shell.exec', 'file.write', 'file.delete', 'upload', 'message.send'],
-    requireApproval: ['browser.type', 'download', 'clipboard.write'],
-  },
-  'dev-sandbox': {
-    allow: ['browser.open', 'browser.click', 'browser.type', 'file.read', 'file.write', 'clipboard.read', 'clipboard.write', 'download'],
-    deny: ['upload', 'message.send'],
-    requireApproval: ['shell.exec', 'file.delete'],
-  },
-  'human-approval-for-write': {
-    allow: ['browser.open', 'browser.click', 'file.read', 'clipboard.read'],
-    deny: [],
-    requireApproval: ['browser.type', 'shell.exec', 'file.write', 'file.delete', 'clipboard.write', 'download', 'upload', 'message.send'],
-  },
-};
-
-function loadConfig() {
-  if (!fs.existsSync(CONFIG_PATH)) return null;
-  try {
-    return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
-  } catch {
-    return null;
-  }
-}
-
-function normalizeAction(rawAction) {
-  if (!rawAction || typeof rawAction !== 'object') {
-    return {
-      type: 'unknown',
-      category: 'unknown',
-      riskLevel: 'high',
-      target: '',
-      args: {},
-      timestamp: new Date().toISOString(),
-    };
-  }
-
-  const type = rawAction.type || rawAction.action || 'unknown';
-  const meta = ACTION_TYPES[type] || { category: 'unknown', riskLevel: 'high' };
-
-  return {
-    type,
-    category: meta.category,
-    riskLevel: meta.riskLevel,
-    target: rawAction.target || rawAction.url || rawAction.path || rawAction.command || '',
-    args: rawAction.args || rawAction.params || {},
-    timestamp: rawAction.timestamp || new Date().toISOString(),
-  };
-}
-
-function buildRegex(pattern) {
-  // Handle (?i) inline flag by converting to JS 'i' flag
-  if (pattern.startsWith('(?i)')) {
-    return new RegExp(pattern.slice(4), 'i');
-  }
-  return new RegExp(pattern);
-}
-
-function matchesDangerousPattern(action) {
-  const config = loadConfig();
-  if (!config || !Array.isArray(config.dangerousShellPatterns)) return null;
-  if (action.type !== 'shell.exec') return null;
-
-  const command = action.target || '';
-  for (const pattern of config.dangerousShellPatterns) {
-    try {
-      if (buildRegex(pattern).test(command)) {
-        return pattern;
-      }
-    } catch {
-      // skip invalid regex
-    }
-  }
-  return null;
-}
-
-function matchesSecretPattern(action) {
-  const config = loadConfig();
-  if (!config || !Array.isArray(config.secretPatterns)) return null;
-  if (action.type !== 'file.write' && action.type !== 'browser.type') return null;
-
-  const content = action.args.content || action.args.text || action.target || '';
-  for (const pattern of config.secretPatterns) {
-    try {
-      if (buildRegex(pattern).test(content)) {
-        return pattern;
-      }
-    } catch {
-      // skip invalid regex
-    }
-  }
-  return null;
-}
-
-function evaluateAction(action, preset = 'dev-sandbox', customRules = []) {
-  const normalized = action.type ? action : normalizeAction(action);
-  const presetConfig = PRESETS[preset];
-  if (!presetConfig) {
-    return attachExecutionSurface({
-      decision: 'deny',
-      reason: `Unknown preset: ${preset}`,
-      preset,
-      riskLevel: normalized.riskLevel,
-      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Unknown preset: ${preset}`, preset }),
-    }, normalized);
-  }
-
-  // Custom rules override preset defaults
-  for (const rule of customRules) {
-    if (rule.action === normalized.type) {
-      const decision = rule.decision || 'deny';
-      const reason = rule.reason || `Custom rule override for ${normalized.type}`;
-      return attachExecutionSurface({
-        decision,
-        reason,
-        preset,
-        riskLevel: normalized.riskLevel,
-        auditEntry: createAuditEntry(normalized, { decision, reason, preset }),
-      }, normalized);
-    }
-  }
-
-  // Check dangerous shell patterns (always deny)
-  const dangerousMatch = matchesDangerousPattern(normalized);
-  if (dangerousMatch) {
-    return attachExecutionSurface({
-      decision: 'deny',
-      reason: `Dangerous shell pattern detected: ${dangerousMatch}`,
-      preset,
-      riskLevel: 'critical',
-      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Dangerous shell pattern: ${dangerousMatch}`, preset }),
-    }, normalized);
-  }
-
-  // Check secret patterns (always deny)
-  const secretMatch = matchesSecretPattern(normalized);
-  if (secretMatch) {
-    return attachExecutionSurface({
-      decision: 'deny',
-      reason: `Secret pattern detected in content: ${secretMatch}`,
-      preset,
-      riskLevel: 'critical',
-      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Secret pattern: ${secretMatch}`, preset }),
-    }, normalized);
-  }
-
-  // Evaluate against preset
-  if (presetConfig.deny.includes(normalized.type)) {
-    return attachExecutionSurface({
-      decision: 'deny',
-      reason: `Action ${normalized.type} denied by ${preset} preset`,
-      preset,
-      riskLevel: normalized.riskLevel,
-      auditEntry: createAuditEntry(normalized, { decision: 'deny', reason: `Denied by preset`, preset }),
-    }, normalized);
-  }
-
-  if (presetConfig.requireApproval.includes(normalized.type)) {
-    return attachExecutionSurface({
-      decision: 'require-approval',
-      reason: `Action ${normalized.type} requires approval in ${preset} preset`,
-      preset,
-      riskLevel: normalized.riskLevel,
-      auditEntry: createAuditEntry(normalized, { decision: 'require-approval', reason: `Requires approval`, preset }),
-    }, normalized);
-  }
-
-  if (presetConfig.allow.includes(normalized.type)) {
-    return attachExecutionSurface({
-      decision: 'allow',
-      reason: `Action ${normalized.type} allowed by ${preset} preset`,
-      preset,
-      riskLevel: normalized.riskLevel,
-      auditEntry: createAuditEntry(normalized, { decision: 'allow', reason: `Allowed by preset`, preset }),
-    }, normalized);
-  }
-
-  // Default: unknown actions require approval
-  return attachExecutionSurface({
-    decision: 'require-approval',
-    reason: `Action ${normalized.type} not in preset; defaulting to require-approval`,
-    preset,
-    riskLevel: normalized.riskLevel,
-    auditEntry: createAuditEntry(normalized, { decision: 'require-approval', reason: `Not in preset`, preset }),
-  }, normalized);
-}
-
-function attachExecutionSurface(result, action) {
-  const executionSurface = buildDockerSandboxPlan({
-    toolName: action.type === 'shell.exec' ? 'Bash' : 'Write',
-    actionType: action.type,
-    command: action.type === 'shell.exec' ? action.target : '',
-    repoPath: action.args.repoPath || action.args.cwd || '',
-    affectedFiles: action.type.startsWith('file.') && action.target ? [action.target] : [],
-    riskBand: toSandboxRiskBand(action.riskLevel),
-    requiresNetwork: ['upload', 'download', 'message.send'].includes(action.type),
-  });
-
-  if (!executionSurface.shouldSandbox) {
-    return result;
-  }
-
-  return {
-    ...result,
-    executionSurface,
-  };
-}
-
-function toSandboxRiskBand(riskLevel) {
-  if (riskLevel === 'high') return 'high';
-  if (riskLevel === 'medium') return 'medium';
-  return 'low';
-}
-
-function createAuditEntry(action, decision) {
-  return {
-    timestamp: action.timestamp || new Date().toISOString(),
-    actionType: action.type,
-    target: action.target || '',
-    decision: decision.decision,
-    reason: decision.reason,
-    preset: decision.preset || 'unknown',
-  };
-}
-
-function evaluateBatch(actions, preset = 'dev-sandbox') {
-  return actions.map((rawAction) => {
-    const normalized = normalizeAction(rawAction);
-    return evaluateAction(normalized, preset);
-  });
-}
-
-module.exports = {
-  ACTION_TYPES,
-  PRESETS,
-  CONFIG_PATH,
-  normalizeAction,
-  evaluateAction,
-  createAuditEntry,
-  evaluateBatch,
-  loadConfig,
-  matchesDangerousPattern,
-  matchesSecretPattern,
-  attachExecutionSurface,
-  toSandboxRiskBand,
-};

package/scripts/content-engine/linkedin-content-generator.js

@@ -1,154 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * LinkedIn Content Generator for ThumbGate Gates
- *
- * Usage:
- *   node scripts/content-engine/linkedin-content-generator.js
- *   node scripts/content-engine/linkedin-content-generator.js --preview
- *
- * Suggested package.json scripts:
- *   "content:linkedin": "node scripts/content-engine/linkedin-content-generator.js"
- *   "content:linkedin:preview": "node scripts/content-engine/linkedin-content-generator.js --preview"
- */
-
-const crypto = require('crypto');
-const fs = require('fs');
-const path = require('path');
-
-// Read gate config
-const configPath = path.join(__dirname, '../../config/gates/default.json');
-let config;
-try {
-  config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
-} catch (err) {
-  process.stderr.write(`Failed to load gate config from ${configPath}: ${err.message}\n`);
-  process.exit(1);
-}
-
-// Select 7 diverse gates across severity levels
-const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
-const gatesBySeverity = {
-  critical: [],
-  high: [],
-  medium: [],
-  low: []
-};
-
-config.gates.forEach(gate => {
-  const severity = gate.severity || 'low';
-  if (gatesBySeverity[severity]) {
-    gatesBySeverity[severity].push(gate);
-  }
-});
-
-// Select one from each severity, then fill remaining from largest buckets
-const selected = [];
-['critical', 'high', 'medium', 'low'].forEach(severity => {
-  if (gatesBySeverity[severity].length > 0) {
-    selected.push(gatesBySeverity[severity][0]);
-  }
-});
-
-// Fill remaining slots (7 total) — shuffle with crypto-secure randomness (Fisher-Yates)
-const remaining = config.gates.filter(g => !selected.includes(g));
-for (let i = remaining.length - 1; i > 0; i--) {
-  const j = crypto.randomInt(i + 1);
-  [remaining[i], remaining[j]] = [remaining[j], remaining[i]];
-}
-while (selected.length < 7 && remaining.length > 0) {
-  selected.push(remaining.pop());
-}
-
-// Generate LinkedIn post content
-const posts = selected.map((gate, index) => {
-  const hookLines = [
-    '🚨 Your AI agents are running without guardrails.',
-    '⚠️ One missing gate. One catastrophic mistake.',
-    '🛡️ Even the best engineers miss edge cases.',
-    '💥 Your deployment pipeline has a blind spot.',
-    '🔓 Git operations—unguarded by default.',
-    '🎯 Prevention beats firefighting.',
-    '⏱️ How fast can your agent destroy a month of work?'
-  ];
-
-  const gateDescriptions = {
-    'local-only-git-writes': 'Blocks git writes when local-only mode is active, preventing accidental remote pushes during development.',
-    'task-scope-required': 'Enforces explicit task scoping before any git, PR, or publish operations can proceed.',
-    'protected-file-approval-required': 'Requires human approval before modifying sensitive files like CLAUDE.md, configs, and skills.',
-    'gh-pr-create-restricted': 'Restricts PR creation to explicitly approved workflows, preventing unvetted code changes.',
-    'gh-pr-merge-restricted': 'Blocks PR merges without explicit permission, enforcing code review discipline.',
-    'branch-governance-required': 'Demands branch governance context before release, deploy, or publish actions.',
-    'force-push': 'Blocks destructive force-push operations—no exceptions.',
-    'protected-branch-push': 'Prevents direct pushes to main/develop. All changes flow through PR review.',
-    'release-readiness-required': 'Ensures releases only happen from releasable mainline commits with version alignment.',
-    'admin-merge-bypass-blocked': 'Blocks admin merge bypass. Code review gates apply equally to everyone.',
-    'push-without-thread-check': 'Forces thread review before pushing—prevents shipping unresolved feedback.',
-    'env-file-edit': 'Warns when editing .env files—catches accidental token deletion.',
-    'unverified-skill-use': 'Validates skill provenance before delegating to subagents in restricted modes.',
-    'production-deploy-approval': 'Requires human sign-off on production deployments.',
-    'schema-migration-approval': 'Demands approval for database schema migrations—no surprise breaking changes.',
-    'supply-chain-dep-add': 'Audits package.json mutations for typosquatting and suspicious installs.',
-    'deny-network-egress': 'Warns on unauthorized egress—catches exfiltration attempts early.'
-  };
-
-  const post = `
-## Post ${index + 1}: ${gate.id.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ')}
-
-${hookLines[index % hookLines.length]}
-
-${gateDescriptions[gate.id] || `Protects your workflow by ${gate.message.toLowerCase()}`}
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate \`${gate.id}\`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-\`\`\`bash
-npx thumbgate@latest init
-\`\`\`
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-`;
-  return post;
-});
-
-// Generate output filename with today's date
-const today = new Date();
-const dateStr = today.toISOString().split('T')[0]; // YYYY-MM-DD
-const outputDir = path.join(__dirname, 'output');
-const outputFile = path.join(outputDir, `linkedin-posts-${dateStr}.md`);
-
-// Create output directory if it doesn't exist
-if (!fs.existsSync(outputDir)) {
-  fs.mkdirSync(outputDir, { recursive: true });
-}
-
-// Generate markdown content
-const markdown = `# LinkedIn Content: ThumbGate Gates (${dateStr})
-
-Generated from: \`config/gates/default.json\`
-Gate count in config: ${config.gates.length}
-Posts generated: ${selected.length}
-
----
-${posts.join('\n')}
-`;
-
-// Output or write file
-const preview = process.argv.includes('--preview');
-if (preview) {
-  console.log(markdown);
-  console.log(`\n✅ Preview mode (${selected.length} posts)`);
-} else {
-  fs.writeFileSync(outputFile, markdown, 'utf8');
-  console.log(`✅ Generated ${selected.length} LinkedIn posts to: ${outputFile}`);
-  console.log(`   Severities: ${selected.map(g => g.severity).sort().join(', ')}`);
-  console.log(`   Gates: ${selected.map(g => g.id).join(', ')}`);
-}

package/scripts/content-engine/output/linkedin-memento-validation.md

@@ -1,17 +0,0 @@
-# ThumbGate: Validated in Production
-
-Academic research just proved what we've been running in production for 18 months.
-
-The Memento-Skills paper (arXiv 2603.18743) demonstrates that external skill memory systems — ones that rewrite themselves from failure feedback — achieve 26-116% accuracy improvements without touching the model. No retraining. No fine-tuning. Just structured context engineering.
-
-That's exactly what ThumbGate does. We capture agent failures, infer prevention rules, and inject them as PreToolUse gates. The paper's Read → Execute → Reflect → Write loop maps directly to our capture → infer → enforce → block cycle. The academic validation confirms what we've observed: you don't need to retrain your model to make it safer and more reliable. You need better context.
-
-ThumbGate processes real-world AI agent failures — git operations, code edits, file writes, API calls — and learns from them. Every "thumbs down" on a failed action becomes a lesson. Every lesson becomes a rule. Every rule becomes a gate that stops the same mistake from happening again. The feedback loop is tight. The enforcement is immediate.
-
-The paper validates the core insight: agents fail in predictable ways, and those patterns can be captured, learned, and blocked without model modification. That's not theoretical. We're doing it now, across 48+ tool adapters and 4,500+ prevention gates, with zero retraining.
-
-Context engineering works. The research proves it. The production metrics show it.
-
-Try it: `npx thumbgate@latest init`
-
-#AIGovernance #AgentSafety #MementoSkills #ContextEngineering

package/scripts/content-engine/output/linkedin-posts-2026-04-09.md

@@ -1,175 +0,0 @@
-# LinkedIn Content: ThumbGate Gates (2026-04-09)
-
-Generated from: `config/gates/default.json`
-Gate count in config: 25
-Posts generated: 7
-
----
-
-## Post 1: Local Only Git Writes
-
-🚨 Your AI agents are running without guardrails.
-
-Blocks git writes when local-only mode is active, preventing accidental remote pushes during development.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `local-only-git-writes`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-
-
-## Post 2: Gh Pr Create Restricted
-
-⚠️ One missing gate. One catastrophic mistake.
-
-Restricts PR creation to explicitly approved workflows, preventing unvetted code changes.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `gh-pr-create-restricted`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-
-
-## Post 3: Env File Edit
-
-🛡️ Even the best engineers miss edge cases.
-
-Warns when editing .env files—catches accidental token deletion.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `env-file-edit`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-
-
-## Post 4: Style Violation Log
-
-💥 Your deployment pipeline has a blind spot.
-
-Protects your workflow by style audit mode active. action recorded for review but allowed to proceed.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `style-violation-log`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-
-
-## Post 5: Loop Abuse Prevention
-
-🔓 Git operations—unguarded by default.
-
-Protects your workflow by high-risk command detected inside a loop. scheduled tasks must not perform egress or destructive writes without explicit approval.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `loop-abuse-prevention`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-
-
-## Post 6: Release Readiness Required
-
-🎯 Prevention beats firefighting.
-
-Ensures releases only happen from releasable mainline commits with version alignment.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `release-readiness-required`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-
-
-## Post 7: Protected Branch Push
-
-⏱️ How fast can your agent destroy a month of work?
-
-Prevents direct pushes to main/develop. All changes flow through PR review.
-
-The problem? AI agents run autonomously. A single unchecked operation—a force-push, an unapproved deploy, a dependency injection—can unwind days of work in seconds. Traditional CI won't catch it. Your human reviewer might miss it.
-
-The solution? **Gate `protected-branch-push`** in ThumbGate stops high-risk operations *before* they execute. No second chances. Just prevention.
-
-This isn't about slowing down. It's about building trust in autonomous systems. Every gate is a rule learned from real failures.
-
-🔒 Install ThumbGate today:
-```bash
-npx thumbgate@latest init
-```
-
-Then add this gate to your config and sleep better.
-
-#AIGovernance #DevTools #AgentSafety #EngineeringTeams
-
----
-